[ Avaa Bypassed ]

Upload:

Command:

www-data@18.119.128.99: ~ $ 
#!/usr/bin/perl

#
# Authentic Theme (https://github.com/authentic-theme/authentic-theme)
# Copyright Ilia Rostovtsev <ilia@virtualmin.com>
# Licensed under MIT (https://github.com/authentic-theme/authentic-theme/blob/master/LICENSE)
#
use strict;

our (%in, %text, %config, $cwd, $path);

do($ENV{'THEME_ROOT'} . "/extensions/file-manager/file-manager-lib.pl");

my @entries_list = get_entries_list();
my %errors;
my $status;
my $action     = $in{'action'};
my $key        = quotemeta($in{'key'});
my $delete     = $in{'delete'};
my $passphrase = $in{'passphrase'};
my $keyuser    = $in{'keyuser'};
my $homeuser   = $in{'homeuser'};
my $safe_mode = $in{'overwrite_efiles'} ne 'true';

my $gpgpath = get_gpg_path();
my $no_command;

# Get user level
my ($user_level) = get_user_level();

# In case this is a master admin login,
# and the key to encrypt data belonging
# to /root, do not switch to the current
# home directory user and use that instead
my $forceuser;
if (!$user_level && $keyuser) {
    $forceuser = $keyuser;
}

# Set user env and switch to remote user first
switch_to_given_unix_user($forceuser);

foreach my $name (@entries_list) {
    my ($iname);
    my $gpg;

    $iname = $name;
    $iname .= ($key ? ("_" . substr($key, 0, 6)) : '');

    # Clean extension name when decrypting
    if ($action eq "decrypt") {
        $iname =~ s/(_[a-h0-9]+\.gpg|pgp)$//i;
    }

    my $ffext;
    $ffext = ".gpg" if ($action eq "encrypt");

    # Check if file exist
    if ($safe_mode && -e "$cwd/$iname$ffext") {
        my $__ = 0;
        for (;;) {
            $__++;
            my $niname = "$iname(" . $__ . ")";
            if ($action eq 'decrypt') {
                my ($fname, $fext) = file_name_extension_splitter($iname);
                $niname = "$fname(" . $__ . ")" . ($fext ? ".$fext" : '');
            }
            if (!-e "$cwd/$niname$ffext") {
                $iname = "$niname$ffext";
                last;
            }
        }
    } else {
        $iname = "$iname$ffext";
        unlink_file("$cwd/$iname$ffext") if (-e "$cwd/$iname$ffext");
    }
    $status = 0;

    if ($action eq "encrypt") {
        my $fpath = "$cwd/$name";
        $gpg =
"cd @{[quotemeta($cwd)]} && $gpgpath --encrypt --always-trust --output @{[quotemeta($iname)]} --recipient $key @{[quotemeta($fpath)]}";
        $status = system($gpg);

        # Set file owner in case was encrypted usign master admin keys
        system("chown --reference=" . quotemeta($cwd) . " " . quotemeta("$cwd/$iname"))
          if (!$status && $homeuser && !$user_level);

    } elsif ($action eq "decrypt") {
        my $extra;
        if ($passphrase) {
            my $gpg_ver = get_gpg_version($gpgpath);
            if ($gpg_ver ge '2.1') {
                $extra = " --pinentry-mode loopback ";
            } else {
                $extra = " --yes --batch  ";
            }
            $extra .= "  --passphrase-fd 0 ";
        }
        my $fpath = "$cwd/$name";
        $gpg = "cd @{[quotemeta($cwd)]} && $gpgpath $extra --output @{[quotemeta($iname)]} --decrypt @{[quotemeta($fpath)]}";
        open my $fh => "| $gpg" or $no_command = 1;
        print $fh $passphrase;
        close $fh;
        $status = $?;

        # Set file owner in case was decrypted usign master admin keys
        system("chown --reference=" . quotemeta($cwd) . " " . quotemeta("$cwd/$iname"))
          if (!$status && $homeuser && !$user_level);
    }

    if ($delete && $status == 0) {
        unlink_file("$cwd/$name");
    }

    if (!has_command($gpgpath) || $no_command) {
        $errors{ $text{'theme_xhred_global_error'} } = text('theme_xhred_global_no_such_command', $gpgpath);
    }
    if ($status != 0) {
        if ($status == 512) {
            $errors{$name} = $text{'filemanager_archive_gpg_private_error'};
        }
    }
}

redirect_local(
           'list.cgi?path=' . urlize($path) . '&module=filemin' . '&error=' . get_errors(\%errors) . extra_query());

Filemanager

DIR : / usr/ share/ webmin/ authentic-theme/ extensions/ file-manager/
Name Type Size Permission Actions
acls.cgi File 2.29 KB 0755
bookmark.cgi File 948 B 0755
chattr.cgi File 1.14 KB 0755
chcon.cgi File 1.05 KB 0755
chmod.cgi File 3.22 KB 0755
chown.cgi File 1.5 KB 0755
compress.cgi File 3.86 KB 0755
copy.cgi File 613 B 0755
create_file.cgi File 1.4 KB 0755
create_folder.cgi File 1.39 KB 0755
create_symlink.cgi File 1.25 KB 0755
cut.cgi File 612 B 0755
delete.cgi File 3.13 KB 0755
download.cgi File 3.52 KB 0755
extract.cgi File 6.88 KB 0755
fetcher.cgi File 1.28 KB 0755
file-manager-lib.pl File 46.28 KB 0644
file-manager-reinit.min.js File 1.61 KB 0644
file-manager-reinit.min.js.gz File 807 B 0644
file-manager.min.js File 232.28 KB 0644
file-manager.min.js.gz File 49.29 KB 0644
gpg.cgi File 3.87 KB 0755
http_download.cgi File 1.54 KB 0755
list-images.cgi File 7.5 KB 0755
list.cgi File 340 B 0755
paste.cgi File 1.9 KB 0755
purge_trash.cgi File 1.45 KB 0755
rename.cgi File 1.44 KB 0755
search.cgi File 340 B 0755
tree.cgi File 605 B 0755

© 2025 Coded By Avaa Code.