ROOTPLOIT
Server: Apache
System: Linux node6122.myfcloud.com 6.14.3-x86_64-linode168 #1 SMP PREEMPT_DYNAMIC Mon Apr 21 19:47:55 EDT 2025 x86_64
User: bashacomputer (1004)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /usr/local/bin/
Upload Files
File: //usr/local/bin/restrict
#!/bin/bash

#1.CONSTANTS FOR COLORS:

RED_COLOR=$'\033[31;1m'
GREEN_COLOR=$'\033[32;1m'
YELLOW_COLOR=$'\033[33;1m'
DEFAULT_COLOR=$'\033[0m'

#2.INPUT DOMAIN NAME:

printf "%sTYPE THE DOMAIN NAME THAT YOU WISH TO BE RESTICTED.%s\\n" "$GREEN_COLOR" "$DEFAULT_COLOR"

#2.1.CHECK IF INPUT DOMAIN EXISTS AND ASK FOR INPUT UNTIL EXISTING DOMAIN IS PROVIDED:

current_user=$(whoami)
counter=0

while [ -z "$doc_root" ]; do

 if [ "$counter" != 0 ]; then

  printf "%sINVALID DOMAIN! TYPE THE DOMAIN AGAIN:%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"

 fi

 read -e -r -p $'\e[36mDomain/Subdomain:\e[0m ' input_domain;

 #2.1.1.CONVERT INPUT TO LOWERCASE:

 input_domain="${input_domain,,}"

 #2.1.2.REMOVE ANY '/' AT THE END OF THE INPUT:

 last_char="${input_domain: -1}"

 while [ "$last_char" = '/' ]; do

  input_domain=${input_domain%?};
  last_char="${input_domain: -1}"

 done

 sub_folder=$( echo "${input_domain}" | cut -d '/' -s -f 2- )
 domain_name=$( echo "$input_domain" | cut -d '/' -f 1 )

 if [ "$current_user" = 'root' ]; then

  cpanel_user=$( /scripts/whoowns "$domain_name" )

  if [ -n "$cpanel_user" ]; then

   doc_root=$( uapi --user="$cpanel_user"  DomainInfo single_domain_data domain="$domain_name" | grep 'documentroot:' | cut -d ' ' -f 6 )

  fi

 else

  doc_root=$( uapi DomainInfo single_domain_data domain="$domain_name" | grep 'documentroot:' | cut -d ' ' -f 6 )

 fi

 if [ -n "$doc_root" ]; then
  if [ -n "$sub_folder" ]; then

   doc_root=${doc_root}/${sub_folder}

  fi
 fi

 ((counter++))

done

#3.NAVIGATE TO DOCUMENT ROOT OF THE DOMAIN AND DENY ACCESS

cd "$doc_root" 2> /dev/null || ( printf "%sDOCUMENT ROOT DOES NOT EXIST! EXITING ...%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"; exit; )

if [[ -f .htaccess && -s .htaccess ]]; then
 if [[ "$current_user" = 'root' && -n $(lsattr .htaccess | grep 'a\|i' | awk '{print$1}') ]]; then
  
  chattr -ai .htaccess

 fi

 sed -i '1s/^/ErrorDocument 403 default\nDeny from All\n/' .htaccess

else 
 
 printf 'ErrorDocument 403 default\nDeny from All' > .htaccess

 if [ "$current_user" = 'root' ]; then

  chown "$cpanel_user": .htaccess

 fi
fi

counter=0

#4.CHECK RECURSIVLY FOR .HTACCESS FILES WITH ALLOW FROM ALL RULES

read -r -a files <<< "$(find "$doc_root" -type f -name '.htaccess' -exec grep -w -l -i 'allow from all' {} \; | grep -v 'akismet' | tr '\n' ' ')"

number_of_files=${#files[@]}

if [ "$number_of_files" -gt 0 ]; then

 printf "%sAllow From All FOUND IN THE FOLLOWING FILES:%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"
 printf "%s\\n" "${files[@]}"

#5.REMOVE ALL ENTRIES OF ALLOW FROM ALL

 read -e -r -p $'\e[36mWould you like to remove the rule from all files?(y/n):\e[0m ' remove;

 if [ "$remove" = 'y' ]; then

  for file in "${files[@]}"; do

   sed -i '/Allow From All/Id' "$file"

   line_removed=$(grep -w -l -i 'allow from all' "$file")

   if [ -z "$line_removed" ]; then

    printf "%sRule removed from "$file"%s\\n" "$GREEN_COLOR" "$DEFAULT_COLOR"

   else

    printf "%sRule NOT removed from "$file"%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"

   fi
  done

 else

 printf "%sRule NOT removed from the files.%s\\n" "$RED_COLOR" "$DEFAULT_COLOR"

 fi
fi

#6.CHATTR .HTACCESS IF POSSIBLE

if [ "$current_user" = 'root' ]; then

 chattr +ai .htaccess

 if [ -n $(lsattr .htaccess | grep 'ia' | awk '{print$1}') ]; then
 
  printf "%sChattr added to "$doc_root"/.htaccess.%s\\n" "$GREEN_COLOR" "$DEFAULT_COLOR"
 
 fi
fi
@ Telegram