#acupoftea - mail.ontime-ae.com

System	:	Linux server1.ontime-gulf.com 4.18.0-553.5.1.el8_10.x86_64 #1 SMP Wed Jun 5 09:12:13 EDT 2024 x86_64
Software	:	Apache
Server	:	162.0.230.206
Domains	:	40 Domain
Permission	:	[ drwxr-xr-x ]
	:	/ var / softaculous / clientexec /

216.73.216.50

Home

File update_pass.php

<?php
/*
 * Password Hashing With PBKDF2 (http://crackstation.net/hashing-security.htm).
 * Copyright (c) 2013, Taylor Hornby
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

// These constants may be changed without breaking existing hashes.
define("PBKDF2_HASH_ALGORITHM", "sha256");
define("PBKDF2_ITERATIONS", 1000);
define("PBKDF2_SALT_BYTE_SIZE", 24);
define("PBKDF2_HASH_BYTE_SIZE", 24);

define("HASH_SECTIONS", 4);
define("HASH_ALGORITHM_INDEX", 0);
define("HASH_ITERATION_INDEX", 1);
define("HASH_SALT_INDEX", 2);
define("HASH_PBKDF2_INDEX", 3);

class PasswordHash
{
    public static function create_hash($password)
    {
        // format: algorithm:iterations:salt:hash
        $salt = base64_encode(random_bytes(PBKDF2_SALT_BYTE_SIZE));
        return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" .  $salt . ":" .
            base64_encode(self::pbkdf2(
                PBKDF2_HASH_ALGORITHM,
                $password,
                $salt,
                PBKDF2_ITERATIONS,
                PBKDF2_HASH_BYTE_SIZE,
                true
            ));
    }

/*
     * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
     * $algorithm - The hash algorithm to use. Recommended: SHA256
     * $password - The password.
     * $salt - A salt that is unique to the password.
     * $count - Iteration count. Higher is better, but slower. Recommended: At least 1000.
     * $key_length - The length of the derived key in bytes.
     * $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise.
     * Returns: A $key_length-byte key derived from the password and salt.
     *
     * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
     *
     * This implementation of PBKDF2 was originally created by https://defuse.ca
     * With improvements by http://www.variations-of-shadow.com
     */
    private static function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
    {
        $algorithm = strtolower($algorithm);
        if(!in_array($algorithm, hash_algos(), true))
            $error[] = 'PBKDF2 ERROR: Invalid hash algorithm.';
        if($count <= 0 || $key_length <= 0)
            $error[] = 'PBKDF2 ERROR: Invalid parameters.';

if (function_exists("hash_pbkdf2")) {
            // The output length is in NIBBLES (4-bits) if $raw_output is false!
            if (!$raw_output) {
                $key_length = $key_length * 2;
            }
            return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
        }

$hash_length = strlen(hash($algorithm, "", true));
        $block_count = ceil($key_length / $hash_length);

$output = "";
        for($i = 1; $i <= $block_count; $i++) {
            // $i encoded as 4 bytes, big endian.
            $last = $salt . pack("N", $i);
            // first iteration
            $last = $xorsum = hash_hmac($algorithm, $last, $password, true);
            // perform the other $count - 1 iterations
            for ($j = 1; $j < $count; $j++) {
                $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
            }
            $output .= $xorsum;
        }

if($raw_output)
            return substr($output, 0, $key_length);
        else
            return bin2hex(substr($output, 0, $key_length));
    }
}

$resp = PasswordHash::create_hash('[[admin_pass]]');
echo '<update_pass>'.$resp.'</update_pass>';

// We do not need this file any more
@unlink('update_pass.php');
?>

Name	Type	Size	Permission	Last Modified	Actions
.	DIR	-	drwxr-xr-x	2025-08-15 09:39:01
..	DIR	-	drwxr-xr-x	2025-10-25 09:38:52
images	DIR	-	drwxr-xr-x	2025-08-15 09:39:01
php53	DIR	-	drwxr-xr-x	2025-08-15 09:39:01
php56	DIR	-	drwxr-xr-x	2025-08-15 09:39:01
php71	DIR	-	drwxr-xr-x	2025-08-15 09:39:01
php81	DIR	-	drwxr-xr-x	2025-08-15 09:39:01
php82	DIR	-	drwxr-xr-x	2025-08-15 09:39:01
changelog.txt	text/plain	12.82 KB	-rw-r--r--	2025-08-14 03:09:04
clone.php	text/x-php	3.15 KB	-rw-r--r--	2025-08-14 07:15:52
config.php	text/x-php	2.14 KB	-rw-r--r--	2024-02-07 06:43:58
edit.php	text/x-php	4.89 KB	-rw-r--r--	2025-08-14 07:15:52
edit.xml	text/html	447 B	-rw-r--r--	2024-05-30 06:33:06
fileindex.php	text/plain	228 B	-rw-r--r--	2021-12-23 06:54:36
import.php	text/x-php	3.17 KB	-rw-r--r--	2025-08-14 07:15:52
info.xml	text/plain	3.66 KB	-rw-r--r--	2025-08-14 03:09:04
install.js	text/plain	924 B	-rw-r--r--	2021-12-23 06:54:36
install.php	text/x-php	6.41 KB	-rw-r--r--	2025-08-14 07:15:52
install.xml	text/html	627 B	-rw-r--r--	2021-12-23 06:54:36
ioncube.php	text/x-php	246 B	-rw-r--r--	2021-12-23 06:54:36
md5	text/plain	2.63 KB	-rw-r--r--	2025-08-14 07:15:52
notes.txt	text/plain	680 B	-rw-r--r--	2025-08-14 03:09:04
update_pass.php	text/x-php	4.74 KB	-rw-r--r--	2024-02-07 06:43:58
upgrade.php	text/x-php	7.4 KB	-rw-r--r--	2025-08-14 07:15:52
upgrade.xml	text/plain	322 B	-rw-r--r--	2021-12-23 06:54:36

~ ACUPOFTEA - mail.ontime-ae.com