📌 Main Features
▶️Credential Harvesting (Extracts WHM access hashes (/home/*/.accesshash) and Steals MySQL credentials from .my.cnf files)
▶️Symlink Attacks (Creates symbolic links to sensitive files (wp-config.php, configuration.php, etc.) and (Exposes database credentials via web-accessible symlinks)
▶️Brute Force & Auto-Login (Tests stolen credentials against cPanel (2082) and Logs successful logins for attacker access)
▶️CMS Backdoor Injection (WordPress: Adds hidden admin user (GhostCrack / Karma@Syndicate#GhostCrack) and Joomla: Overrides admin password to Karma@Syndicate#GhostCrack)
▶️Automated Logging (Stores all stolen data in /ghost_results/ (access hashes, cPanel logins, CMS backdoors))
▶️Self-Destruct (Can delete itself via ?action=delete to evade detection)