403Webshell
Server IP : 66.29.132.124  /  Your IP : 18.227.140.251
Web Server : LiteSpeed
System : Linux business141.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : wavevlvu ( 1524)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /proc/thread-self/root/var/softaculous/moodle/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /proc/thread-self/root/var/softaculous/moodle//update_pass.php
<?php
function __password_hash($password, $algo, array $options = array()) {

global $error;
	if (!function_exists('crypt')) {
		$error[] = "Crypt must be loaded for password_hash to function";
		return null;
	}
	if (!is_string($password)) {
		$error[] = "password_hash(): Password must be a string";
		return null;
	}
	if (!is_int($algo)) {
		$error[] = "password_hash() expects parameter 2 to be long, " . gettype($algo) . " given";
		return null;
	}
	switch ($algo) {
		case 1:
			// Note that this is a C constant, but not exposed to PHP, so we don't define it here.
			$cost = 10;
			if (isset($options['cost'])) {
				$cost = $options['cost'];
				if ($cost < 4 || $cost > 31) {
					$error[] = "password_hash(): Invalid bcrypt cost parameter specified: ".$cost;
					return null;
				}
			}
			$required_salt_len = 22;
			$hash_format = sprintf("$2y$%02d$", $cost);
			break;
		default:
			$error[] = "password_hash(): Unknown password hashing algorithm: ".$algo;
			return null;
	}
	if (isset($options['salt'])) {
		switch (gettype($options['salt'])) {
			case 'NULL':
			case 'boolean':
			case 'integer':
			case 'double':
			case 'string':
				$salt = (string) $options['salt'];
				break;
			case 'object':
				if (method_exists($options['salt'], '__tostring')) {
					$salt = (string) $options['salt'];
					break;
				}
			case 'array':
			case 'resource':
			default:
				$error[] = 'password_hash(): Non-string salt parameter supplied';
				return null;
		}
		if (strlen($salt) < $required_salt_len) {
			$error[] = "password_hash(): Provided salt is too short: ".strlen($salt)." expecting ".$required_salt_len;
			return null;
		} elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
			$salt = str_replace('+', '.', base64_encode($salt));
		}
	} else {
		$buffer = '';
		$raw_length = (int) ($required_salt_len * 3 / 4 + 1);
		$buffer_valid = false;
		if (function_exists('mcrypt_create_iv')) {
			$buffer = mcrypt_create_iv($raw_length, MCRYPT_DEV_URANDOM);
			if ($buffer) {
				$buffer_valid = true;
			}
		}
		if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
			$buffer = openssl_random_pseudo_bytes($raw_length);
			if ($buffer) {
				$buffer_valid = true;
			}
		}
		if (!$buffer_valid && file_exists('/dev/urandom')) {
			$f = @fopen('/dev/urandom', 'r');
			if ($f) {
				$read = strlen($buffer);
				while ($read < $raw_length) {
					$buffer .= fread($f, $raw_length - $read);
					$read = strlen($buffer);
				}
				fclose($f);
				if ($read >= $raw_length) {
					$buffer_valid = true;
				}
			}
		}
		if (!$buffer_valid || strlen($buffer) < $raw_length) {
			$bl = strlen($buffer);
			for ($i = 0; $i < $raw_length; $i++) {
				if ($i < $bl) {
					$buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
				} else {
					$buffer .= chr(mt_rand(0, 255));
				}
			}
		}
		$salt = str_replace('+', '.', base64_encode($buffer));

	}
	$salt = substr($salt, 0, $required_salt_len);

	$hash = $hash_format . $salt;

	$ret = crypt($password, $hash);

	if (!is_string($ret) || strlen($ret) <= 13) {
		return false;
	}

	return $ret;
}

$resp = __password_hash('[[admin_pass]]', 1, array());
echo '<update_pass>'.$resp.'</update_pass>';
// We do not need this file any more
unlink('update_pass.php');
?>

Youez - 2016 - github.com/yon3zu
LinuXploit