HEX
Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips
System: Linux f17.eelserver.com 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64
User: zulfiqar (1155)
PHP: 8.2.0
Disabled: mail, exec, system, popen, proc_open, shell_exec, passthru, show_source
$ pwd: /usr/local/maldetect/clean/
Upload Files
File: //usr/local/maldetect/clean/php_malware_hexinject
#!/usr/bin/env bash
export PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
# $1 file path, $2 signature name, $3 file owner, $4 file mode, $5 file size (b), $6 file md5sum
if [ -f "$1" ]; then
        sed -i -e 's/^$pw=\".*.=\"\\x.*.*\";$.*))));//' -e '/^\$.*=\".*=\"\\.*=\"\\x.*))));\r$/d' -e '/^foreach ($_GET.*insert.*base64_decode.*admin_user.*base64_decode.*substr_count(strtolower.*die(.*}.*\r/d' "$1"
fi
@ Telegram