Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
Apache
: 172.26.7.228 | : 18.222.91.173
Cant Read [ /etc/named.conf ]
5.6.40-24+ubuntu18.04.1+deb.sury.org+1
www-data
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
var /
www /
html /
kus /
parikshamitra /
admin /
Paytm /
lib /
[ HOME SHELL ]
Name
Size
Permission
Action
config_paytm.php
1.35
KB
-rwxr-xr-x
config_paytm_test.php
1.35
KB
-rwxr-xr-x
encdec_paytm.php
7.8
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : encdec_paytm.php
<?php function encrypt_e($input, $ky) { $key = $ky; //echo phpinfo(); $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, 'cbc'); $input = pkcs5_pad_e($input, $size); $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', ''); $iv = "@@@@&&&&####$$$$"; mcrypt_generic_init($td, $key, $iv); $data = mcrypt_generic($td, $input); mcrypt_generic_deinit($td); mcrypt_module_close($td); $data = base64_encode($data); return $data; } function decrypt_e($crypt, $ky) { $crypt = base64_decode($crypt); $key = $ky; $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', 'cbc', ''); $iv = "@@@@&&&&####$$$$"; mcrypt_generic_init($td, $key, $iv); $decrypted_data = mdecrypt_generic($td, $crypt); mcrypt_generic_deinit($td); mcrypt_module_close($td); $decrypted_data = pkcs5_unpad_e($decrypted_data); $decrypted_data = rtrim($decrypted_data); return $decrypted_data; } function pkcs5_pad_e($text, $blocksize) { $pad = $blocksize - (strlen($text) % $blocksize); return $text . str_repeat(chr($pad), $pad); } function pkcs5_unpad_e($text) { $pad = ord($text{strlen($text) - 1}); if ($pad > strlen($text)) return false; return substr($text, 0, -1 * $pad); } function generateSalt_e($length) { $random = ""; srand((double) microtime() * 1000000); $data = "AbcDE123IJKLMN67QRSTUVWXYZ"; $data .= "aBCdefghijklmn123opq45rs67tuv89wxyz"; $data .= "0FGH45OP89"; for ($i = 0; $i < $length; $i++) { $random .= substr($data, (rand() % (strlen($data))), 1); } return $random; } function checkString_e($value) { if ($value == 'null') $value = ''; return $value; } function getChecksumFromArray($arrayList, $key, $sort=1) { if ($sort != 0) { ksort($arrayList); } $str = getArray2Str($arrayList); $salt = generateSalt_e(4); $finalString = $str . "|" . $salt; $hash = hash("sha256", $finalString); $hashString = $hash . $salt; $checksum = encrypt_e($hashString, $key); return $checksum; } function getChecksumFromString($str, $key) { $salt = generateSalt_e(4); $finalString = $str . "|" . $salt; $hash = hash("sha256", $finalString); $hashString = $hash . $salt; $checksum = encrypt_e($hashString, $key); return $checksum; } function verifychecksum_e($arrayList, $key, $checksumvalue) { $arrayList = removeCheckSumParam($arrayList); ksort($arrayList); $str = getArray2StrForVerify($arrayList); $paytm_hash = decrypt_e($checksumvalue, $key); $salt = substr($paytm_hash, -4); $finalString = $str . "|" . $salt; $website_hash = hash("sha256", $finalString); $website_hash .= $salt; $validFlag = "FALSE"; if ($website_hash == $paytm_hash) { $validFlag = "TRUE"; } else { $validFlag = "FALSE"; } return $validFlag; } function verifychecksum_eFromStr($str, $key, $checksumvalue) { $paytm_hash = decrypt_e($checksumvalue, $key); $salt = substr($paytm_hash, -4); $finalString = $str . "|" . $salt; $website_hash = hash("sha256", $finalString); $website_hash .= $salt; $validFlag = "FALSE"; if ($website_hash == $paytm_hash) { $validFlag = "TRUE"; } else { $validFlag = "FALSE"; } return $validFlag; } function getArray2Str($arrayList) { $findme = 'REFUND'; $findmepipe = '|'; $paramStr = ""; $flag = 1; foreach ($arrayList as $key => $value) { $pos = strpos($value, $findme); $pospipe = strpos($value, $findmepipe); if ($pos !== false || $pospipe !== false) { continue; } if ($flag) { $paramStr .= checkString_e($value); $flag = 0; } else { $paramStr .= "|" . checkString_e($value); } } return $paramStr; } function getArray2StrForVerify($arrayList) { $paramStr = ""; $flag = 1; foreach ($arrayList as $key => $value) { if ($flag) { $paramStr .= checkString_e($value); $flag = 0; } else { $paramStr .= "|" . checkString_e($value); } } return $paramStr; } function redirect2PG($paramList, $key) { $hashString = getchecksumFromArray($paramList); $checksum = encrypt_e($hashString, $key); } function removeCheckSumParam($arrayList) { if (isset($arrayList["CHECKSUMHASH"])) { unset($arrayList["CHECKSUMHASH"]); } return $arrayList; } function getTxnStatus($requestParamList) { return callAPI(PAYTM_STATUS_QUERY_URL, $requestParamList); } function getTxnStatusNew($requestParamList) { return callNewAPI(PAYTM_STATUS_QUERY_NEW_URL, $requestParamList); } function initiateTxnRefund($requestParamList) { $CHECKSUM = getRefundChecksumFromArray($requestParamList,PAYTM_MERCHANT_KEY,0); $requestParamList["CHECKSUM"] = $CHECKSUM; return callAPI(PAYTM_REFUND_URL, $requestParamList); } function callAPI($apiURL, $requestParamList) { $jsonResponse = ""; $responseParamList = array(); $JsonData =json_encode($requestParamList); $postData = 'JsonData='.urlencode($JsonData); $ch = curl_init($apiURL); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'Content-Length: ' . strlen($postData)) ); $jsonResponse = curl_exec($ch); $responseParamList = json_decode($jsonResponse,true); return $responseParamList; } function callNewAPI($apiURL, $requestParamList) { $jsonResponse = ""; $responseParamList = array(); $JsonData =json_encode($requestParamList); $postData = 'JsonData='.urlencode($JsonData); $ch = curl_init($apiURL); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', 'Content-Length: ' . strlen($postData)) ); $jsonResponse = curl_exec($ch); $responseParamList = json_decode($jsonResponse,true); return $responseParamList; } function getRefundChecksumFromArray($arrayList, $key, $sort=1) { if ($sort != 0) { ksort($arrayList); } $str = getRefundArray2Str($arrayList); $salt = generateSalt_e(4); $finalString = $str . "|" . $salt; $hash = hash("sha256", $finalString); $hashString = $hash . $salt; $checksum = encrypt_e($hashString, $key); return $checksum; } function getRefundArray2Str($arrayList) { $findmepipe = '|'; $paramStr = ""; $flag = 1; foreach ($arrayList as $key => $value) { $pospipe = strpos($value, $findmepipe); if ($pospipe !== false) { continue; } if ($flag) { $paramStr .= checkString_e($value); $flag = 0; } else { $paramStr .= "|" . checkString_e($value); } } return $paramStr; } function callRefundAPI($refundApiURL, $requestParamList) { $jsonResponse = ""; $responseParamList = array(); $JsonData =json_encode($requestParamList); $postData = 'JsonData='.urlencode($JsonData); $ch = curl_init($apiURL); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_URL, $refundApiURL); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $postData); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $headers = array(); $headers[] = 'Content-Type: application/json'; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $jsonResponse = curl_exec($ch); $responseParamList = json_decode($jsonResponse,true); return $responseParamList; }
Close