Gecko [ www.garmin.alinaous.com ]

Name	Size	Permission
.pkexec	[ DIR ]	drwxr-xr-x
GCONV_PATH=.	[ DIR ]	drwxr-xr-x
emailing	[ DIR ]	drwx---r-x
wp-admin	[ DIR ]	drwx---r-x
wp-content	[ DIR ]	drwxr-xr-x
wp-includes	[ DIR ]	drwx---r-x
.htaccess	1.32 KB	-rw----r--
.mad-root	0 B	-rw-r--r--
adminer.php	465.43 KB	-rw-r--r--
check-header.php	1.78 KB	-rw----r--
find-admin-creator.php	3.07 KB	-rw----r--
find-spam-pages.php	3.84 KB	-rw----r--
google37b81338d00feddf.html	53 B	-rw-r--r--
index.php	405 B	-rw-r--r--
pwnkit	10.99 KB	-rwxr-xr-x
remove-backdoor.php	3.8 KB	-rw----r--
robots.txt	547 B	-rw----r--
wordfence-waf.php	325 B	-rw-r--r--
wp-activate.php	7.21 KB	-rw-r--r--
wp-blog-header.php	351 B	-rw-r--r--
wp-comments-post.php	2.27 KB	-rw-r--r--
wp-config-sample.php	3.26 KB	-rw-r--r--
wp-config.php	3.68 KB	-rw----r--
wp-cron.php	5.49 KB	-rw-r--r--
wp-links-opml.php	2.44 KB	-rw-r--r--
wp-load.php	3.84 KB	-rw-r--r--
wp-login.php	50.21 KB	-rw-r--r--
wp-mail.php	8.52 KB	-rw-r--r--
wp-settings.php	29.38 KB	-rw-r--r--
wp-signup.php	33.71 KB	-rw-r--r--
wp-trackback.php	4.98 KB	-rw-r--r--
xmlrpc.php	3.13 KB	-rw-r--r--

Code Editor : find-admin-creator.php

<?php
/**
 * Trouver le code qui crée des comptes admin
 * SUPPRIMEZ APRÈS UTILISATION !
 */

set_time_limit(600);

echo "<h1>🔍 Recherche du Code Créateur d'Admin</h1>";
echo "<style>
    body { font-family: monospace; background: #1e1e1e; color: #fff; padding: 20px; }
    .critical { background: #ff0000; color: #fff; padding: 10px; margin: 10px 0; }
    .warning { background: #ff9800; color: #000; padding: 10px; margin: 10px 0; }
    pre { background: #2d2d2d; padding: 15px; overflow-x: auto; }
</style>";

$wordpress_root = dirname(__FILE__);

// Patterns à chercher
$patterns = [
    'wp_create_user',
    'authenticate.*filter',
    'adminbackup',
    'set_role.*administrator',
    'YWRtaW5pc3RyYXRvcg==', // base64 de "administrator"
    'YXV0aGVudGljYXRl', // base64 de "authenticate"
    'add_filter.*authenticate',
];

$critical_files = [];

// Scanner tous les fichiers PHP
function scanForAdminCreator($dir, $patterns, &$results) {
    $iterator = new RecursiveIteratorIterator(
        new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS)
    );
    
    foreach ($iterator as $file) {
        if (!$file->isFile() || $file->getExtension() !== 'php') continue;
        
        $filepath = $file->getPathname();
        
        // Ignorer wp-admin et wp-includes
        if (strpos($filepath, '/wp-admin/') !== false || 
            strpos($filepath, '/wp-includes/') !== false) {
            continue;
        }
        
        $content = @file_get_contents($filepath);
        if ($content === false) continue;
        
        foreach ($patterns as $pattern) {
            if (preg_match('/' . preg_quote($pattern, '/') . '/i', $content)) {
                $results[] = [
                    'file' => $filepath,
                    'pattern' => $pattern,
                    'modified' => date('Y-m-d H:i:s', filemtime($filepath))
                ];
                break;
            }
        }
    }
}

echo "<h2>📋 Scan en cours...</h2>";

scanForAdminCreator($wordpress_root . '/wp-content', $patterns, $critical_files);

echo "<h2>⚠️ Fichiers Suspects : " . count($critical_files) . "</h2>";

foreach ($critical_files as $file) {
    echo "<div class='critical'>";
    echo "<strong>📁 " . htmlspecialchars($file['file']) . "</strong><br>";
    echo "🔍 Pattern trouvé : " . htmlspecialchars($file['pattern']) . "<br>";
    echo "📅 Modifié : " . $file['modified'];
    echo "</div>";
    
    // Afficher les lignes suspectes
    $content = file_get_contents($file['file']);
    $lines = explode("\n", $content);
    $line_num = 0;
    
    echo "<pre>";
    foreach ($lines as $line) {
        $line_num++;
        if (preg_match('/' . preg_quote($file['pattern'], '/') . '/i', $line)) {
            echo "<span style='color:#ff0000'>Ligne $line_num: " . htmlspecialchars($line) . "</span>\n";
        }
    }
    echo "</pre>";
}

echo "<h2>✅ Actions à Faire</h2>";
echo "<ol>";
echo "<li>Examinez les fichiers listés ci-dessus</li>";
echo "<li>Supprimez le code malveillant trouvé</li>";
echo "<li>Supprimez ce fichier find-admin-creator.php</li>";
echo "</ol>";
?>

${this.title}

Code Editor : find-admin-creator.php