Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\..
Decoded Output download
?><?php
if($_SERVER['SERVER_NAME'] != "localhost"){
echo "<center><span style='color:red'><b>Mischievous Activity Detected, You cant run this script on this site Please contact admins at www.ethicalhavoc.net</b></span></center>";
mail('[email protected]', "[Urgent] Amulyam Script Usage", $_SERVER['SERVER_NAME']);
exit();
}
error_reporting(0);
/**
* @author DarK_ShaDow
* @copyright 2013 Ethical Havoc
* @website http://www.ethicalhavoc.net
*/
$url1 = "http://www.amulyam.in/playTrivia.do";
$url2 = "http://www.amulyam.in/checkTrivia.do";
$url3 = "http://www.amulyam.in/showTriviaAnswer.do";
$url4 = "http://www.amulyam.in/showTriviaClaim50Paise.do";
$url5 = "http://www.amulyam.in/triviaCaptcha.jsp";
$url6 = "http://www.amulyam.in/triviaLinkCaptcha.do";
$useragent = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 GTB5";
$matches[1] = $_GET['jsessionid'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIE, "JSESSIONID=".$matches[1]);
curl_setopt($ch, CURLOPT_URL, $url1);
$html = curl_exec($ch);
curl_close($ch);
$dom = new DOMDocument('1.0', 'UTF-8');
@$dom -> loadHTML($html);
$forms = $dom -> getElementsByTagName('form');
foreach ($forms as $form){
$inputs = $form -> getElementsByTagName('input');
foreach ($inputs as $input){
if(($input -> getAttribute('name')) == "cp"){
$questionnum = $input -> getAttribute('value');
}
}
}
if($questionnum != null){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "cp=".$questionnum."&answer=TRUE");
curl_setopt($ch, CURLOPT_COOKIE, "JSESSIONID=".$matches[1]);
$html = curl_exec($ch);
curl_setopt($ch, CURLOPT_URL, $url6);
curl_setopt($ch, CURLOPT_COOKIE, "JSESSIONID=".$matches[1]);
$html1 = curl_exec($ch);
curl_close($ch);
$name = "Capatch/".rand(1,99999).".png";
$fh = fopen($name, 'w') or die("can't open file");
$stringData = $html1;
fwrite($fh, $stringData);
fclose($fh);
$answer = returnanswer($name);
preg_match_all("/answer=TRUE\"\>(.*)\<\/a>/i", $html, $matches1);
if($answer == $matches1[1][0]){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "http://www.amulyam.in/checkTriviaLinkCaptcha.do?val=".$matches1[1][0]."&cp=".$questionnum."&answer=TRUE");
curl_setopt($ch, CURLOPT_COOKIE, "JSESSIONID=".$matches[1]);
$html = curl_exec($ch);
curl_close($ch);
}
if($answer == $matches1[1][1]){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "http://www.amulyam.in/checkTriviaLinkCaptcha.do?val=".$matches1[1][1]."&cp=".$questionnum."&answer=TRUE");
curl_setopt($ch, CURLOPT_COOKIE, "JSESSIONID=".$matches[1]);
$html = curl_exec($ch);
curl_close($ch);
}
if($answer == $matches1[1][2]){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "http://www.amulyam.in/checkTriviaLinkCaptcha.do?val=".$matches1[1][2]."&cp=".$questionnum."&answer=TRUE");
curl_setopt($ch, CURLOPT_COOKIE, "JSESSIONID=".$matches[1]);
$html = curl_exec($ch);
curl_close($ch);
}
if($answer == $matches1[1][3]){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "http://www.amulyam.in/checkTriviaLinkCaptcha.do?val=".$matches1[1][3]."&cp=".$questionnum."&answer=TRUE");
curl_setopt($ch, CURLOPT_COOKIE, "JSESSIONID=".$matches[1]);
$html = curl_exec($ch);
curl_close($ch);
}
if($answer == $matches1[1][4]){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "http://www.amulyam.in/checkTriviaLinkCaptcha.do?val=".$matches1[1][4]."&cp=".$questionnum."&answer=TRUE");
curl_setopt($ch, CURLOPT_COOKIE, "JSESSIONID=".$matches[1]);
$html = curl_exec($ch);
curl_close($ch);
}
}
if($questionnum < 25 && isset($questionnum)){
echo "<center><span style='color:green'><b>Trivia : Completed answering $questionnum</b></span></center><br/><br/><br/>";
echo "<META http-equiv='refresh' content='1;URL=trivia.php?jsessionid=$matches[1]'>";
echo "<center>Visit <a href='http://www.ethicalhavoc.net'><span style='color:red'><b>ethicalhavoc.net</b></span></a> For more Tricks</center>";
exit();
}
if($questionnum == 25 || !isset($questionnum)){
echo "<META http-equiv='refresh' content='1;URL=vocabulary.php?jsessionid=$matches[1]'>";
echo "<center><span style='color:green'><b>Trivia Completed</b></span></center><br/><br/>";
echo "<center><span style='color:red'><b>Please Wait You will be re-directed to Vocabulary....</b></span></center><br/><br/>";
echo "<center>Visit <a href='http://www.ethicalhavoc.net'><span style='color:red'><b>ethicalhavoc.net</b></span></a> For more Tricks</center>";
exit();
}
function returnanswer($image){
$url = "http://www.i2ocr.com/process_form";
$filepath = str_replace('\', '/', dirname(__FILE__).'/'.$image);
$postdata = array(
'i2ocr_options' => "file",
'i2ocr_uploadedfile' => "@$filepath;type=image/png",
'i2ocr_url' => "http://",
'i2ocr_languages' => "gb,eng"
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//curl_setopt($ch, CURLOPT_COOKIEJAR, str_replace('\', '/', dirname(__FILE__)).'/i2ocr_cookies.txt');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_HEADER, 1);
$matter = curl_exec($ch);
curl_close($ch);
$endpoint = strpos($matter, '
');
$startpoint = strpos($matter, ".val");
return substr($matter, $startpoint+6, (($endpoint-6) - $startpoint));
}
?>Did this file decode correctly?
Original Code
<?php
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'lZtLqyPJFYT3Bv+HpumFvRlU+ZRo/E9qoyd4mIUZhqGZX29l5Bcn616bgVmIe6UqVWaeR0Sck6lvP86//fz7f758+elfX77uP/rp/Ur7j1bfr77/qK/1flxr9/dre7/y/Cyd36/39fS+Lz3fr+v8X9fG5/f5t77/9ve9ub1f9fC+z88+XN8+vi/58P79rHz+dH//+Lzy6fv58ul59dP19ifjfZ7PmG/5k/X8v/l9Xv/n530e7/i8/Gl++dP473vLZ/v92fza/473l77P+tJ73v3t6/q+3sYz3p+V9/f6ePb7nvK2eXv/7V7/+3qvM3bGc/r73tJ5X2c8jXHL+5nlHUd9+Gw87309n+ZzC98Z/m2vOa/h2za+c5tjpBuf1Tm/Pu6/zzmMccc9il3mPGK8jbHyjHPdn4mBNNcw5lQvc07Dd+Oz2mecD/+1x7SDrtc5z/HZ+L+RG8NmmjfxOuYoX9purGN8plx6TXtk1tSYWz2xxvOc81inbP3Eb4nrZd6beT9iXs+5zXtl3+u8Puztax1/F3/vMu2UmaNyO89na50vxh5zKODGtjBAtsZWzbhyxv7POd7w8xijbtjkMscevhrjyI8n7HKb99W07DTmMb5TDjE6xhjXRmxVntdPa51+P56vNWzEJOsrh/sKmKAY7NPXtu/ws8ccY+lV5pwTzxXetBnLI8Zkq428uMz5j+uy55UY8f9nXpUxy4wjxRr52Q9xNGxaDvaqzFd2fxBHZebUsOPwXbE/84yJYQPl6MbYmZgx9pAr477hr8Jzx9iKnSfPOzOfNO9T7OGrEcsjD8YzFYvG3QvfJc+FCY85X9m6zvUN24z5i686c93mPYqDTNxu2PvGs8/Tn+Pz8T3nRmVeY/2d/FaOtvndnA7zbnNOWlubnw0MGT437jRwcdivkKuKxz7tViv+yWDj6WP+G9ecB7q3rDzS+JfD3ImPXFfMJa/5MvOsHNbr8RQffd6jvLnM3NL3tjlX4eELv1Zy4zltrtjayNMLdijTvoV4Ed9sUzuMONU6yTfFOOOIO8Bd+bPP7wx7ml/GuJpfmusYn8umifi/YXPsIl4grpTD27x3xLRw8jTX1cA5YU4FB+Az3ZPw+3M+d8xt+L6xPvn0it+IZcXHGU4zLzE3c1ghbgq5UbaFW8InfKd5w2edtWTrAcf/nZwgrzS+fXSIlzGH3tZ1rQ+7FPxf4D3FxJOYu895FudRx3Z34ok8U86mxfdaL76X9oHnnZfyawLz0ASKH2sFc5q5Fo0g3H4QE9jFuqA53k5cR+f1beGi4jfDeeRDJ/aCcy8LfyrxqDiz1jmjB44xeQErGriMrQLz+b6uoZMKvGY/ZfIo+G2D907TlpV8VuwYZzrcc2bO2LrDzfm8+F452sjFhP8a+HeF7wsYhp2zebHhW/Aj1mRuLvAE9ykeyfsGnuk9a2/krH3SWavsYh66zZgXpnXstqFNweDxd/hz+CCjPQp40dBTje9pndajxhU0SCVGijWrNS14JT1u3XCZMWM8Ec7AzYr5SsxYX2R8ZO3B2hRnT+y9wam3xfGZuizDa2PczDOMx83PyODrdekk4ccBq+UrbFDA+wafVzSC7Hhe+kG8i7bW/Q/s1cC4Bz5+ff3+9799+3H7+ZL/cGFZ0yIhCQcEzwBbPbzP5M8m/zufe/IkgQOxkyQSwZC+Eg1yVeBZZJ5I0A5xFsAWASmgAHyqyfsGsGXAEdAWsB8JxEnPdRnGhHkIBAmpJ+M9l5Atr4NoOSRfO5C6vgvIGvhFQgDKeN+xQ6ZoqQSmAqtPm1SKCNk171EcKQDToSDJCGfs3QwEELeANEGUd9YJYev9E7tjO80bQNI88Wcn6UVgiKhmwn3uIWKSydGBVxYJZCd3OoiKO0CQiA8XGCSnErCzFoCsXdccM4JYotmE/lr3KuEe+AsBbpLR/zyrU0hmg+1t2lVNCv8F0DqCwkKnQA4uPiyGO8K6O1b7HgVYRtzKlvi3AnbKCRMA65Tv/dfCvOBDg4BteCDQBnBUivRGDiRyr53XepsJIK8Yap4/cWaRlplDc5HU5vpEcnmOZYEom1k0IxQqxUKnOKhgxIiPakAEgNPtIFBMcC4UEnH/WvavFJjFPqTQKc4nF7+XBbwdPJIgQli5ONaYV3AiLZEjYWXRSq4V55xJk8aPiBbSVL6lPYo6x32l8CvGAwSRRY4EHX7LFAMWozUvm4Zw9f0uBi9LeBmzJNrAHa0R/PN6FAMP5uPCq61nNgox5Thxbqy1KBAZufjsxNpGPGFvk2RnDS4co2lm7ITcEuKm1vV5PRI3eSSivS2Ct+hzsySE33PaulDEm7MaQkJYdZtjO1a6CbYjLBLvEacNXHQeuiCr+DUjgMQNbmZVbIStMryRyE9hNzFUIHy9LgiyE+s2Dj/xH3MsYJ9yCI7tzFlzIqbE9zTz3Gg1TlZz93na2YXfGDuD5Y4T8aL5B7FbEDJuiLjhIZ+bd+7zfeX/TsHVsbew2gKeXC0I1wpv9YMYkr0owCoaoyCGGk0n8Xo/4DqNAeUGuFmZQzfGEafiZLgwW7ghohu51Q8cIhu3PQpKxYmx9AnOwCnV/FuxK76xBhOXneA8hKiKnQd56qbQocDvcJbylqJA2so6xVjWybNtabLsWIPThM+Z+Kcgrfb5wdeaw3lpRMVMnnPvbuxuiwczzStrhuI8c5F1XePKjtvEmUSDIgo7YsgNperiIO1RjFUKs+bGCPYMDHZzqRzwG947NouiyECrduLU+SBdCk7WA19aY7mhno1r8Jx1lRuT0Uwi37054maim3zWsIWYs3bL5p4z/iKPCwWTMNy4i+Z3bAgnGrqkojcq8YDeVhyz/u7C282fy4oB86LwqCxuLvhf8en5FnIRrCh9rVfzRHeqadjBp7RH0zXTVHFdUayfHVfwmta+oQEavoMzxJHEkJtP8j/FW+gpfBTcDCZo3Q/wAVur0XYjZqiFzMEdXhT3oDu79bE3Fh4T71yYF3BczWBemfjyWJlc6eSIYsL+ue/RhKvGwrrHBoKbvhozEdNPeBQNVbdZWPb+y68PF5YqxgCoTIFT6YQo4Vl4pkOVAX0XpCYnFwHa4XzMRSSItVAgSkzQETfR6YXAbCbjjpMg++5qOR2e2w4EiriXMEAcylhpEXiQsAGZjovueS2SUtJYxN/2KH6j2ENQmDgbBVwUJHdAsCzh2m0D29EdGESZBAHBWl1UkUgqcg/CK3ZpKe68I+iOThARSaBxEQsCUBclDULrByCk8JSIt7B3EXbi+4dCoZLYAn8DPomtoOR6sfC6AgJl+cOAYDJwcaQuGeAsO3ms6yLJbKBAyHmnKgSGgQXSbiSgits7ifhY9ojupAszdxL5jojttWI20wjwfRYD7tiWQ6Oh9AUQGWLyLpnEj23oHZK6r+4yAiR2am57FLiNhoGL1uZioe1R3FdsHjuMNEOyi+bXHicJ3KWLjmBaMau51gMQngDSK4DFujrE5+I1U7BmF90uAL27g8BTwZlXvmlt5KM7ah0xK2Iw9hj4HFsU08Xxc19EIvFAQVrxn4Qngs/NM+HUa+FiIyZt8yjQHdsUAdWxhEBxrGfvBJIDIWgukAd4KvI5YUfs0iBxdy8L93p30KKtIpS8Y2oMVdxdl6ATfhZyFHGn2EJ8u8uqvKCzXbyb5JhHYFb7x51U1lLd+Sc/xCHE+HEXLVMsyE5pzTmKXgrSIF3mVOCn6t2YB75DZPiaBIALShfQLkgzmETROsb07oa79M5jC2wJC3ZihHeIiThRQIy4mVDPi6iV36xTwm1bMSL8cFPGhRM28m6UfaXYcPHlznZDiLZpp4Q4aQhX52V1Y+y6xKG4flvcH7j62Sb3PXYZmnO+rtjviKzK2go85102F11uTvl0gAue4mLluYSRYn6b/lLxeVr+z8Z+58O2ioA4XXCFpx97nPIQJtLYUHFj7s5LMHlXo9EEbK8l8jO4pvwh9wqFcybWGo0oxSOFbbsfNBUYVuAiNx5cdASfXok/x8F9j2Z0Y955W7qo0ERwAao5bHs00gs860KquxByc5OmghszbgZ0x2cnFynAu79TVlwpl57LBgl9lckPNyfcsHazuvU1TxcJLoBidzktHKsUY+aGaDY/V8xVcK9QdFt0+xSI8tzFJ7q3PFYsdmLYMWcNpfHJ17wtPBQeb/N/55MbNy54Ij8fcK53ylhr9lpclFzxJT5QQ4sCRBwMDgU3UMQV25DcisILe3T4zicgOhgQHIgOEbfic6/djRvZ+3bgm0Me+BSkd39rXTEinnfO4gM3kn0SInbyKIjczHIOW/fJV9aeaPxsvnRR1hY+Ka+NiTzbu+hxQuCxcsLN+0rOFDdMrzRaGKtSvBXqF2uOaB4+mSf5IZs7lx/TBm70WHvp1An542ahcS9O8JVp83RbGOiTfw2ul7bu2I28c+MiGr227fXAx9Qm1qPdNRx6VmOcZ2H52/PXf5c4CgtJxtbtbQ/B60k2xIMCsuyxW5EQ2d4taxaNFF39vEDThBMdBwu1x74KVJPPQexaLDsJmkHKovqyyNHVvInK2+Pe8jahiJxZi4rHsuwgkGgLTHyMrZMg3QXHtpyvYD3vcSShIRwqhXh0kUgujeN1krgWSg3bu/vk4PNRyzieWRFPJlgHzm2PnT3Z3t1BxKI7xx3id2B6J0kB2PZ1zPO2r2MsBjxAMLbirwv0fTwjdhAzttn26AKrOHsSSwh0d+Hl90PyGsQ0LuLXu7XlUPD5CEXFtoXmQLOouLMmA6oLRRcdZxLLHc0Xcet15QUmBnIlnf3SIO3DfQZtEfp1+SJ2jC77h45tdLIgm+gSlZUDFsiFZHdHvtYFgC4sDabZ4shxAsh5xymOwqR9HWWDgJzD0UVLcy0hvOnudTcJKJiq4+cgoEJgIZJdLBcKgYJfNCfWb9EXxz1MfNcZJ+4qxy7+c86lg2kuJBr3BxG95jMKQqQfi7G2iFvASZPIXVTdS5EeII4Qc967cx9FEwVDBzOqiRWSa8ZKk9ADPHBnkALEu8UN0Z3bOg5eaRD5mIyPdlaERhSU15WfUdi/WJ+LSAoVEStxYxzVPLd9HQt0h5i8NIZVixV/94ofMwWac4C48HHbY4c6+OTJGGCWG2CZos251mh0NAoO/xRApIsAbnRmZZe0r50jFwz41uSaaQgUcNJH0Xy8vyKI3dTwCYi4FxyMo9sIdOXRc9rIO1cV+4WwpSljUaOmyW2PEyxxJBmSt2CUTe577DYKV9L+4fhk7BCbi2jUumGiXKaAiJ3syv1HzIZbfDqn9yXAKg2sdl+7S82xQhwU8LrBZXqe54GmaEddct2jwPLx8mbfPsh/xpCNubdgg0pxqOe4KPac+keuyV4r4rjDCZ5D7Jw28t55QTNT2OjC5EGsPcDHRjyAYxaKbrRX8wTFajSemFPsNlCw+hhpx34VHrAW8ukUN8590qKQRxmu9dFXn37pzMUnwEKDUSTGTyvqwk5d2/Y4bSV8zvuHwswFs3eTlPvnpe0CS7z2hE0erNkxegWr4DsfW/X3pMfQZD6hoCboc4+mpv3ZKOJqW3nT3ShyfsOtbpIpThy7jOWj3ul20M51j4KgMk6C8xMY72aCC04fY40daLDAp8O8voKt3aCv+KmDt7JXP+DxYa6O8+6CBg3skzK5LM0URQZNXR/vL9ZAfca58t/3XhfHxMmntq+TXWCD9a2LWJ9w8iZQcyEFlvv0iK7hu5ZWvsTO6H1e9zHVBneE/qNgT7cVoy62hB/mir5HsyJOaqQZ5z5p5Z8b+ScywbfGEOckDad62CjyibcMllVr99OKTf9kKpoiaG997zFf42drH37KdvkL72mOHH/WqNewx+3r9+fv11/+8Y2fU/70xedfx39zw3L8pwrzn9//Cw=='\x29\x29\x29\x3B","");
?>Function Calls
| gzinflate | 9 |
| danecd55322 | 1 |
| dpownu55321 | 1 |
| preg_replace | 7 |
| base64_decode | 9 |
Stats
| MD5 | 2328f059d03e9fcab7d2443c8903b23a |
| Eval Count | 17 |
| Decode Time | 158 ms |