ROOTPLOIT
Server: Apache
System: Linux node6122.myfcloud.com 6.14.3-x86_64-linode168 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 19:47:55 EDT 2025 x86_64
User: bashacomputer (1004)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /proc/self/root/lib64/nagios/plugins/
Upload Files
File: //proc/self/root/lib64/nagios/plugins/check_webserver_status
#!/usr/local/bin/php
    
<?php

$shell = shell_exec("sudo netstat -punta | grep 0.0.0.0:80 | awk '{print $7}'");

$webserver = substr(strstr(trim($shell), '/'), strlen('/'));

switch ($webserver) {
    case 'httpd':

        $url = ('http://localhost/whm-server-status?auto');

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $status = curl_exec($ch);
        curl_close($ch);

        $values = preg_match_all('/(?s).*ReqPerSec:\s([0-9\.]+).*BytesPerSec:\s([0-9\.]+).*BusyWorkers:\s([0-9]+).*IdleWorkers:\s([0-9]+).*/', $status, $output_array);

        $apache_array = [
            'req_per_sec' => +$output_array[1][0],
            'bytes_per_sec' => +$output_array[2][0],
            'busy_workers' => +$output_array[3][0],
            'idle_workers' => +$output_array[4][0],
            'total_workers' => $output_array[3][0] + $output_array[4][0]
        ];

        $getPercentage = round(($apache_array['busy_workers'] / $apache_array['total_workers']) * 100);

        if ($getPercentage <= 75) {
            print_r(yaml_emit($apache_array));
	    exit(0);
        } else {
            echo "Current workers filled more than 75% ! " . $apache_array['busy_workers'] . " out of " . $apache_array['total_workers'];
	    exit(2);
        }
        break;
    case 'litespeed':
        $url = ('https://localhost:7080/status?rpt=summary');

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_USERPWD, "admin:changeme6592682");
        curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

        $status = curl_exec($ch);
        curl_close($ch);

        $connection_pools = array_values(preg_grep('/(^MAXCONN).*/', explode("\n", $status)));
        $connections = array_map('trim', explode(',', $connection_pools['0']));
        array_walk($connections, function (&$item) {
            $item = preg_replace('/\D/', '', $item);
        });

        $request_pools = array_values(preg_grep('/(^REQ_RATE \[\]).*/', explode("\n", $status)));
        $requests = array_map('trim', explode(',', $request_pools['0']));
        array_walk($requests, function (&$item) {
            $item = preg_replace('/\D/', '', $item);
        });

        $final_array = [
            "POOL" => sizeof($connection_pools),
            "MAXCONN" => $connections[0],
            "MAXSSLCONN" => $connections[1],
            "AVAILABLECONN" => $connections[3],
            "REQPROCESSING" => $requests[0]
        ];

        if ($final_array['AVAILABLECONN'] <= '5000' || $final_array['REQPROCESSING'] >=200) {
            echo "Status critical! Check Litespeed connections!";
            exit(2);
        } else {
            print_r(yaml_emit($final_array));
	    exit(0);
        }
        break;
}
@ Telegram