Intrusion Exploit
Server: LiteSpeed
System: Linux cisadane.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: lenf4658 (1805)
PHP: 8.4.19
Disabled: NONE
$ pwd: /proc/thread-self/root/etc/profile.d/
Upload Files
File: //proc/thread-self/root/etc/profile.d/locallib.sh
#cPanel Added local::lib -- BEGIN
LOCALLIBUSER=$USER
if [ -e "/usr/bin/whoami" ]; then
    LOCALLIBUSER="$(/usr/bin/whoami)"
fi
if [ "$LOCALLIBUSER" != "root" -a -e "/var/cpanel/users/$LOCALLIBUSER" ]; then
    eval $(perl -Mlocal::lib >/dev/null 2>&1)
fi
#cPanel Added local::lib -- END
@ Telegram