php – what dose this code do to my website is it harmful seems like shell

what dose this code do to my website is it harmful

<?php
namespace wapmorganUnifiedArchive;

class LzwStreamWrapper
{
    private static $registered = false;
    private static $installed = 0;

    public static function registerWrapper()
    {
        if (!self::$registered)
            stream_wrapper_register('compress.lzw', __CLASS__);
        self::$registered = true;
    }

    public static $TMP_FILE_THRESHOLD = 0.5;
    private static $AVERAGE_COMPRESSION_RATIO = 2;
    public static $forceTmpFile = false;
    /** High limit. unit: MBytes.
    */
    public static $highLimit = 512;

    private $mode;
    private $path;
    private $tmp;
    private $tmp2;
    private $data;
    private $dataSize;
    private $pointer;
    private $writtenBytes = 0;

    /**
     * @param $path
     * @param $mode
     * @param $options
     * @return bool
     * @throws Exception
     */
    public function stream_open($path, $mode, $options)
    {
        // check for compress & uncompress utility
        if (self::$installed === 0) {
            $this->exec('command -v compress', $output);
            if (empty($output))
                throw new Exception(__FILE__.', line '.__LINE__.
                    ': compress command is required');
            $this->exec('command -v uncompress', $output);
            if (empty($output))
                throw new Exception(__FILE__.', line '.__LINE__.
                    ': uncompress command is required');
            self::$installed = true;
        }

        $schema = 'compress.lzw://';
        if (strncasecmp($schema, $path, strlen($schema)) == 0)
            $path = substr($path, strlen($schema));

        if (file_exists($path)) {
            $this->path = realpath($path);
            $expected_data_size = filesize($path)
             * self::$AVERAGE_COMPRESSION_RATIO;
            $available_memory = $this->getAvailableMemory();
            if ($expected_data_size <=
                (self::$TMP_FILE_THRESHOLD * $available_memory)
                && !self::$forceTmpFile
                && $expected_data_size < (self::$highLimit * 1024 * 1024)) {
                $this->read();
            } else {
                $prefix = basename(__FILE__, '.php');
                if (($tmp = tempnam(sys_get_temp_dir(), $prefix)) === false)
                    throw new Exception(__CLASS__.', line '.__LINE__.
                        ': Could not create temporary file in '.
                        sys_get_temp_dir());
                if (($tmp2 = tempnam(sys_get_temp_dir(), $prefix)) === false)
                    throw new Exception(__CLASS__.', line '.__LINE__.
                        ': Could not create temporary file in '.
                        sys_get_temp_dir());
                $this->tmp = $tmp;
                $this->tmp2 = $tmp2;
                $this->read();
            }
        } else {
            $this->path = $path;
            if (self::$forceTmpFile) {
                $prefix = basename(__FILE__, '.php');
                if (($tmp = tempnam(sys_get_temp_dir(), $prefix)) === false)
                    throw new Exception(__CLASS__.', line '.__LINE__.
                        ': Could not create temporary file in '.
                        sys_get_temp_dir());
                if (($tmp2 = tempnam(sys_get_temp_dir(), $prefix)) === false)
                    throw new Exception(__CLASS__.', line '.__LINE__.
                        ': Could not create temporary file in '.
                        sys_get_temp_dir());
                $this->tmp = $tmp;
                $this->tmp2 = $tmp2;
                $this->pointer = 0;
            } else {
                $this->pointer = 0;
            }
        }
        $this->mode = $mode;

        return true;
    }

    /**
     * @return float|int|string
     * @throws Exception
     */
    public function getAvailableMemory()
    {
        $limit = strtoupper(ini_get('memory_limit'));
        $s = array('K', 'M', 'G');
        if (($multipleer = array_search(substr($limit, -1), $s)) !== false) {
            $limit = substr($limit, 0, -1) * pow(1024, $multipleer + 1);
            $limit -= memory_get_usage();
        } elseif ($limit == -1) {
            $limit = $this->getSystemMemory();
        }
        // var_dump(('multipleer' => $multipleer));
        // var_dump(('memory_limit' => $memory_limit));
        return $limit;
    }

    /**
     * @return string
     * @throws Exception
     */
    public function getSystemMemory()
    {
        $this->exec('free --bytes | head -n3 | tail -n1 | awk '{print $4}'',
            $output, $resultCode);

        return trim($output);
    }

    /**
     * @param $command
     * @param $output
     * @param null $resultCode
     * @throws Exception
     */
    private function exec($command, &$output, &$resultCode = null)
    {
        if (function_exists('system')) {
            ob_start();
            system($command, $resultCode);
            $output = ob_get_contents();
            ob_end_clean();

            return;
        } elseif (function_exists('exec')) {
            $execOutput = array();
            exec($command, $execOutput, $resultCode);
            $output = implode(PHP_EOL, $execOutput);

            return;
        } elseif (function_exists('proc_open')) {
            $process = proc_open($command, array(1 =>
                fopen('php://memory', 'w')), $pipes);
            $output = stream_get_contents($pipes(1));
            fclose($pipes(1));
            $resultCode = proc_close($process);

            return;
        } elseif (function_exists('shell_exec')) {
            $output = shell_exec($command);

            return;
        } else {
            throw new Exception(__FILE__.', line '.__LINE__
                .': Execution functions is required! Make sure one of exec'.
                ' function is allowed (system, exec, proc_open, shell_exec)');
        }
    }

    /**
     * @throws Exception
     */
    private function read()
    {
        if ($this->tmp !== null) {
            $this->exec('uncompress --stdout '.escapeshellarg($this->path).
                ' > '.$this->tmp, $output, $resultCode);
            // var_dump(('command' => 'uncompress --stdout '.
            // escapeshellarg($this->path).' > '.$this->tmp, 'output' =>
            // $output, 'resultCode' => $resultCode));
            if ($resultCode == 0 || $resultCode == 2 || is_null($resultCode)) {
                $this->dataSize = filesize($this->tmp);
                // rewind pointer
                $this->pointer = 0;
            } else {
                throw new Exception(__FILE__.', line '.__LINE__.
                    ': Could not read file '.$this->path);
            }
        } else {
            $this->exec('uncompress --stdout '.escapeshellarg($this->path),
                $output, $resultCode);
            $this->data = &$output;
            if ($resultCode == 0 || $resultCode == 2 || is_null($resultCode)) {
                $this->dataSize = strlen($this->data);
                // rewind pointer
                $this->pointer = 0;
            } else {
                throw new Exception(__FILE__.', line '.__LINE__.
                    ': Could not read file '.$this->path);
            }
        }
    }

    /**
     * @return array
     */
    public function stream_stat()
    {
        return array(
            'size' => $this->dataSize,
        );
    }

    /**
     * @throws Exception
     */
    public function stream_close()
    {
        // rewrite file
        if ($this->writtenBytes > 0) {
            // stored in temp file
            if ($this->tmp !== null) {
                // compress in tmp2
                $this->exec('compress -c '.escapeshellarg($this->tmp).' > '.
                    escapeshellarg($this->tmp2), $output, $code);
                // var_dump(('command' => 'compress -c '.
                // escapeshellarg($this->tmp).' > '.escapeshellarg($this->tmp2),
                // 'output' => $output, 'code' => $code));
                if ($code == 0 || $code == 2 || is_null($code)) {
                    // rewrite original file
                    if (rename($this->tmp2, $this->path) === true) {
                        // ok
                    } else {
                        throw new Exception(__FILE__.', line '.__LINE__.
                            ': Could not replace original file '.$this->path);
                    }
                } else {
                    throw new Exception(__FILE__.', line '.__LINE__.
                        ': Could not compress changed data in '.$this->tmp2);
                }
            } else { // stored in local var
                // compress in original path
                // $this->exec('compress '.escapeshellarg($this->tmp).' > '.
                // escapeshellarg($this->tmp2), $output, $resultCode);
                if (!function_exists('proc_open')) {
                    throw new Exception('proc_open is necessary for writing '.
                        'changed data in the file');
                }
                //var_dump(('command' => 'compress > '.
                // escapeshellarg($this->path), 'path' => $this->path));
                $process = proc_open('compress > '.escapeshellarg($this->path),
                    array(0 => array('pipe', 'r')), $pipes);
                // write data to process' input
                fwrite($pipes(0), $this->data);
                fclose($pipes(0));
                $resultCode = proc_close($process);
                if ($resultCode == 0 || $resultCode == 2) {
                    // ok
                } else {
                    throw new Exception(__FILE__.', line '.__LINE__.
                        ': Could not compress changed data in '.$this->path);
                }
            }
        }
        if ($this->tmp !== null) {
            unlink($this->tmp);
            if (file_exists($this->tmp2)) unlink($this->tmp2);
        } else {
            $this->data = null;
        }
    }

    /**
     * @param $count
     * @return bool|string
     */
    public function stream_read($count)
    {
        if ($this->tmp !== null) {
            $fp = fopen($this->tmp, 'r'.(strpos($this->mode, 'b') !== 0 ? 'b'
                : null));
            fseek($fp, $this->pointer);
            $data = fread($fp, $count);
            $this->pointer = ftell($fp);
            fclose($fp);

            return $data;
        } else {
            $data = substr($this->data, $this->pointer,
                ($this->pointer + $count));
            $this->pointer = $this->pointer + $count;

            return $data;
        }
    }

    /**
     * @return bool
     */
    public function stream_eof()
    {
        return $this->pointer >= $this->dataSize;
    }

    /**
     * @return mixed
     */
    public function stream_tell()
    {
        return $this->pointer;
    }

    /**
     * @param $data
     * @return bool|int
     */
    public function stream_write($data)
    {
        $this->writtenBytes += strlen($data);
        if ($this->tmp !== null) {
            $fp = fopen($this->tmp, 'w'.(strpos($this->mode, 'b') !== 0 ? 'b'
                : null));
            fseek($fp, $this->pointer);
            $count = fwrite($fp, $data);
            $this->pointer += $count;
            fclose($fp);

            return $count;
        } else {
            $count = strlen($data);
            $prefix = substr($this->data, 0, $this->pointer);
            $postfix = substr($this->data, ($this->pointer + $count));
            $this->data = $prefix.$data.$postfix;
            $this->pointer += $count;

            return $count;
        }
    }

    /**
     * @param $offset
     * @param int $whence
     * @return bool
     */
    public function stream_seek($offset, $whence = SEEK_SET)
    {
        switch ($whence) {
            case SEEK_SET:
                $this->pointer = $offset;
                break;
            case SEEK_CUR:
                $this->pointer += $offset;
                break;
            case SEEK_END:
                $actual_data_size = (is_null($this->tmp)) ? strlen($this->data)
                    : filesize($this->tmp);
                $this->pointer = $actual_data_size - $offset;
                break;
            default:
                return false;
        }

        return true;
    }

    /**
     * @param $operation
     * @return bool
     */
    public function stream_lock($operation)
    {
        if ($this->tmp !== null) {
            return false;
        } else {
            return true;
        }
    }

    /**
     * @param $new_size
     */
    public function stream_truncate($new_size)
    {
        $actual_data_size = (is_null($this->tmp)) ? strlen($this->data)
            : filesize($this->tmp);
        if ($new_size > $actual_data_size) {
            $this->stream_write(str_repeat("0", $new_size
                - $actual_data_size));
        } elseif ($new_size < $actual_data_size) {
            if ($this->tmp === null) {
                $this->data = substr($this->data, 0, $new_size);
            } else {
                $fp = fopen($this->tmp, 'w'.(strpos($this->mode, 'b') !== 0
                    ? 'b' : null));
                ftruncate($fp, $new_size);
                fclose($fp);
            }
        }
    }
}

what dose this code do to my website is it harmful? in what way is it harmful it seems like shell
can it be used to gain accesses to my server

what dose this code do to my website is it harmful? in what way is it harmful it seems like shell
can it be used to gain accesses to my server

malware – Is it possible to achieve persistence in Windows through using WinLogon without touching userinit, notify, or shell keys?

I am interested in finding out if it is possible to achieve persistence through winlogon without using one of those 3 mentioned keys. I am trying to determine if it’s safe to ignore registry key entries made into Winlogon parent directory. I’ve never seen an instance of malware achieving persistence through winlogon without using any of those keys, does anyone know of any techniques?

What is the Oracle Cloud shell password for default user

I searched for some similar question like
What is the default password in Google Developers Console?

But most of answer is not suitable for Oracle Cloud Shell since sudo command is not installed here.

It is also not documented in Oracle docs. Then come to the title, What is the Oracle Cloud shell password for default user?

terminal – Python 3 Not Updating in Shell on Mac Mini M1

My Mac Mini M1 shipped with Python 3.8.5.

I first installed Anaconda, then downloaded Python 3.9.1 (macOS 64-bit universal2 installer), installed that and ran Update Shell Profile.command.

IDLE runs the correct version (3.9.1) however typing python3 –version at command line yields: Python 3.8.5

where python3 results in the following:

/Users/fa/opt/anaconda3/bin/python3
/Library/Frameworks/Python.framework/Versions/3.9/bin/python3
/usr/local/bin/python3
/usr/bin/python3

How do I get the shell to point to the most recent version (3.9.1)?

mysql connection from bash shell with special characters in password errors out

#!/bin/bash
set -x
MYSQLTEMPPWD=`grep 'temporary password' /var/log/mysqld.log | awk 'NF{ print 
$NF }'`;
MYSQLPWD=`echo "'$MYSQLTEMPPWD'"`;
echo $MYSQLPWD;
CONNINFO="mysql --host=localhost --user=root --password=$MYSQLPWD"
$CONNINFO <<EOF
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Welcome!23';
show databases;
status;
EOF
set +x
exit
>  ./test.sh
++ grep 'temporary password' /var/log/mysqld.log
++ awk 'NF{ print $NF }'
+ MYSQLTEMPPWD='>fjkIyu#K7T?'
++ echo ''''>fjkIyu#K7T?''''
+ MYSQLPWD=''''>fjkIyu#K7T?''''
+ echo ''''>fjkIyu#K7T?''''
'>fjkIyu#K7T?'
+ CONNINFO='mysql --host=localhost --user=root --password='''>fjkIyu#K7T?''''
+ mysql --host=localhost --user=root '--password='''>fjkIyu#K7T?''''
mysql: (Warning) Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
+ set +x

Problem i face is for some reasons during the execution step single quote is getting added before password parameter
(‘–password=”’>fjkIyu#K7T?””).

Tried almost all possible ways based on the blogs, nothing helped sofar.

Anyone please suggest. Thanks…

powershell – Metasploit shell non-responsive

Try to troubleshoot the exploit keeping attention to some payload details, for example:

If you run show options:

1- default TARGETURI value is /struts2-rest-showcase/orders/3. Try to manually check if this uri exist in the target web application or properly change it.

2 – exploit target default value is Unix (In-Memory). This suppose that you are attacking an unix system. Check if the target is windows or unix and change the value accordingly (Powershell (In-Memory) or Windows (In-Memory)). If you run show targets you can list the possible values:

   0   Unix (In-Memory)
   1   Windows (In-Memory)
   2   Python (In-Memory)
   3   PowerShell (In-Memory)
   4   Linux (Dropper)
   5   Windows (Dropper)

Metasploit shell broken

Metasploit successfully executes the exploit, but after that, I get a non-responsive shell:
enter image description here

Do you know what could be the problem here? Thank you.

How do I stabilize a reverse shell in when the attack box is using powershell?

So I’ve managed to get a version of netcat onto my windows machine and I can run the standard:

nc -lvnp 1234

and this properly connects to the victim’s machine, but it’s a very fragile connection. Ctrl + C will just drop the connection, tab doesn’t auto complete, and the up and down arrows don’t give me history. On linux, the common way to stabilize the shell looks like this:

python -c "import pty; pty.spawn('/bin/bash')"      //run on victim's machine
CTRL + Z                                            //switches over to your machine
stty raw -echo                                      //run on your machine
fg                                                  //switches back to victim machine
export TERM=xtrm                                    //run on victim machine

The problem is that ctrl + z just locks up Powershell so that’s about as far as I get. Even if I use a Kali linux docker container, I am still running that container through Powershell or CMD and I just just can’t get past that ctrl + Z issue.

How do I stabilize a reverse shell through Powershell or CMD?

ubuntu 16.04 – Show output init-d script on shell

I’m trying to finish a very basic script to start|stop|restart unbound 1.13.0 using unbound-control (no advanced commands or chroot involved) instead of unbound -c <config-file>

It’s running very well, unbound is starting/stopping/restarting when script is executed:

#!/bin/sh

BIN="/usr/local/sbin"

case "$1" in
    start)
        start-stop-daemon -S -x $BIN/unbound-anchor -v
        start-stop-daemon -S -x $BIN/unbound-control start
        ;;

    stop)
        start-stop-daemon -S -x $BIN/unbound-control stop
        ;;

    restart)
        stop && sleep 3 && start
        ;;

    *)
        echo "Usage: service unbound {start|stop|restart|status}" >&2
        exit 1
        ;;
esac

exit 0

# END

But I’m not getting to output the start-stop-daemon logs to shell

I would like to see the output of unbound-anchor when script calls it, for example, to check if unbound-anchor process created/skipped root.key file, something like this when unbound-anchor -v is run from shell

root@dns# unbound-anchor -v
/usr/local/etc/unbound/root.key has content
success: the anchor is ok
root@:~#

Even with -v option in start-stop-daemon -S -x $BIN/unbound-anchor -v the script run correctly but nothing appears on shell (neither success, neither failure)

The only way to see if service was started successfully is running service unbound status

root@dns:~# service unbound status
● unbound.service
   Loaded: loaded (/etc/init.d/unbound; bad; vendor preset: enabled)
  Drop-In: /run/systemd/generator/unbound.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since Sun 2021-01-03 19:11:30 -04; 18min ago
     Docs: man:systemd-sysv-generator(8)
   CGroup: /system.slice/unbound.service
           └─13782 unbound -c /usr/local/etc/unbound/unbound.conf

Jan 03 19:11:30 dns systemd(1): Starting unbound.service...
Jan 03 19:11:30 dns systemd(1): Started unbound.service.
Jan 03 19:11:30 dns unbound(13782): (13782:0) notice: init module 0: validator
Jan 03 19:11:30 dns unbound(13782): (13782:0) notice: init module 1: iterator
Jan 03 19:11:30 dns unbound(13782): (13782:0) info: start of service (unbound 1.13.0).

Any help to improve the very basic script? The Linux is Ubuntu 16.04.7 LTS

shell – Is there a workaround to use of bash via adb on LineageOS17?

I try to login in my device directly vith

adb shell bash -i

It kind of partially works, because I’m logged with bash, but the terminal loose completion.

The error I get:

$ adb shell bash -i 
bash: cannot set terminal process group (-1): Not a typewriter
bash: no job control in this shell
mydevice / #

Is there something possible to do it properly without errors ? I don’t have su installed.